From c9a4e6fe8ad629c5599052b9a86a14e7db9e6b18 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 24 Aug 2019 08:26:37 +0200 Subject: [PATCH 001/714] rule: process creations in env var folders --- .../win_susp_process_creations_env_var_root.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_process_creations_env_var_root.yml diff --git a/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml b/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml new file mode 100644 index 00000000..fe401183 --- /dev/null +++ b/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml @@ -0,0 +1,17 @@ +title: Process Creation in ENV Variable Root +description: Detects suspicious process creations in the root folder of an environment variable like %ProgramData% or %AppData% +status: experimental +author: Florian Roth +date: 2018/08/24 +tags: + - car.2013-07-001 +logsource: + category: process_creation + product: windows +detection: + selection: + Image|re: '^.*\\(ProgramData|AppData\\Local|AppData\\Roaming)\\[^\]+\.(exe|vbs|bat|ps1|js)$' + condition: selection +falsepositives: + - False positives depend on scripts and administrative tools used in the monitored environment but should be very rare +level: high From a137a1380bff9fe44b48f5f7e5924a09f13b9a75 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 24 Aug 2019 12:38:51 +0200 Subject: [PATCH 002/714] rules: encoded FromBase64String keyword --- .../win_encoded_frombase64string.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/windows/process_creation/win_encoded_frombase64string.yml diff --git a/rules/windows/process_creation/win_encoded_frombase64string.yml b/rules/windows/process_creation/win_encoded_frombase64string.yml new file mode 100644 index 00000000..c66b16a5 --- /dev/null +++ b/rules/windows/process_creation/win_encoded_frombase64string.yml @@ -0,0 +1,22 @@ +title: Encoded FromBase64String +status: experimental +description: Detects a base64 encoded FromBase64String keyword in a process command line +author: Florian Roth +date: 2019/08/24 +tags: + - attack.t1086 + - attack.t1140 + - attack.execution +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|base64offset|contains: '::FromBase64String' + condition: selection +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - unknown +level: critical From 1dfd5602995458e739f282937221316d436b46b3 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 24 Aug 2019 13:49:40 +0200 Subject: [PATCH 003/714] rule: csc.exe suspicious source folder --- .../process_creation/win_susp_csc_folder.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_csc_folder.yml diff --git a/rules/windows/process_creation/win_susp_csc_folder.yml b/rules/windows/process_creation/win_susp_csc_folder.yml new file mode 100644 index 00000000..332229af --- /dev/null +++ b/rules/windows/process_creation/win_susp_csc_folder.yml @@ -0,0 +1,22 @@ +title: Suspicious Csc.exe Source File Folder +description: Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData) +status: experimental +references: + - https://securityboulevard.com/2019/08/agent-tesla-evading-edr-by-removing-api-hooks/ + - https://app.any.run/tasks/c6993447-d1d8-414e-b856-675325e5aa09/ +author: Florian Roth +date: 2019/08/24 +tags: + - attack.defense_evasion + - attack.t1500 +logsource: + category: process_creation + product: windows +detection: + selection: + Image: '*\csc.exe' + CommandLine: '*\AppData\*' + condition: selection +falsepositives: + - Unkown +level: high From 8b6bd45b0bb421bce8317581b0950539ecddc351 Mon Sep 17 00:00:00 2001 From: Lep Date: Wed, 28 Aug 2019 10:12:01 +0700 Subject: [PATCH 004/714] rules for APT32 --- .../sysmon_detect_Compressed_Process.yml | 24 ++++++++++++ .../sysmon/sysmon_office_persistence.yml | 39 +++++++++++++++++++ .../sysmon/sysmon_permissions_modifiation.yml | 32 +++++++++++++++ .../sysmon/sysmon_service_creation.yml | 18 +++++++++ .../windows/sysmon/sysmon_susp_Timestomp.yml | 26 +++++++++++++ .../sysmon/sysmon_susp_discovery_activity.yml | 26 +++++++++++++ .../sysmon/sysmon_susp_file_deletion.yml | 29 ++++++++++++++ .../sysmon/sysmon_susp_service_modify.yml | 29 ++++++++++++++ .../sysmon_susp_signed_script_triggered.yml | 21 ++++++++++ .../sysmon/sysmon_web_folder_intergration.yml | 30 ++++++++++++++ .../windows/sysmon/win_susp_Compiled_HTML.yml | 21 ++++++++++ 11 files changed, 295 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_detect_Compressed_Process.yml create mode 100644 rules/windows/sysmon/sysmon_office_persistence.yml create mode 100644 rules/windows/sysmon/sysmon_permissions_modifiation.yml create mode 100644 rules/windows/sysmon/sysmon_service_creation.yml create mode 100644 rules/windows/sysmon/sysmon_susp_Timestomp.yml create mode 100644 rules/windows/sysmon/sysmon_susp_discovery_activity.yml create mode 100644 rules/windows/sysmon/sysmon_susp_file_deletion.yml create mode 100644 rules/windows/sysmon/sysmon_susp_service_modify.yml create mode 100644 rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml create mode 100644 rules/windows/sysmon/sysmon_web_folder_intergration.yml create mode 100644 rules/windows/sysmon/win_susp_Compiled_HTML.yml diff --git a/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml b/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml new file mode 100644 index 00000000..7e8ca2f9 --- /dev/null +++ b/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml @@ -0,0 +1,24 @@ +title: Detect compress process using for data exfiltration +description: Detects data compressing behaviour +author: Lep - VuNX +date: 2019/7/10 +tags: + + - attack.exfiltration + - attack.t1002 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine: + - '*Compress-Archive*' + - 'rar*' + - 'zip*' + - 'gzip*' + selection2: + Image: C:\Users\Public\7za.exe + condition: selection1 or selection2 +falsepositives: + - Real compressed +level: critical diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml new file mode 100644 index 00000000..62a704dd --- /dev/null +++ b/rules/windows/sysmon/sysmon_office_persistence.yml @@ -0,0 +1,39 @@ +title: Microsoft Office Persistence +status: experimental +description: Detect some kinds of persistence techniques using Office Startup +author: Lep +references: + - https://attack.mitre.org/techniques/T1137/ + - https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/ +date: 2019/08/20 +tags: + - attack.persistence + - attack.t1137 + - attack.g0050 +logsource: + service: sysmon + product: windows +detection: + template_macro: + EventID: 11 + TargetFilename: + - '*\AppData\Roaming\Microsoft\Templates\Normal.dotm' + - '*\AppData\Roaming\Microsoft\Excel*' + office_test: + EventID: 13 + TargetObject: 'HKCU\Software\Microsoft\Office test\Special\Perf*' + enable_macros: + EventID: 13 + TargetObject: + - 'HKCU\Software\Microsoft\Office\*\Outlook*' + - 'HKCU\Software\Microsoft\Office\*\Excel\Options*' + addins: + EventID: 13 + TargetObject: + - 'HKCU\Software\Microsoft\VBA\VBE\6.0\Addins\*' + - 'HKCU\Software\Microsoft\Office\*\PowerPoint\AddIns' + - 'HKCU\Software\Microsoft\Office\*\Addins\' + condition: template_macro or office_test or addins or enable_macros +falsepositives: + - Office usage +level: low diff --git a/rules/windows/sysmon/sysmon_permissions_modifiation.yml b/rules/windows/sysmon/sysmon_permissions_modifiation.yml new file mode 100644 index 00000000..2f34b559 --- /dev/null +++ b/rules/windows/sysmon/sysmon_permissions_modifiation.yml @@ -0,0 +1,32 @@ +title: File Permissions Modification +status: experimental +description: Detect File Permissions modification +author: Lep +references: + - https://attack.mitre.org/techniques/T1222/ +date: 2019/08/21 +tags: + - attack.defense_evasion + - attack.t1222 + - attack.g0050 +logsource: + service: sysmon + product: windows +detection: + window: + - Image_lc: + - '*cacls.exe' + - '*takeown.exe' + - '*icacls.exe' + - '*attrib.exe' + - CommandLine_lc: '*Set-Acl*' +# Use for unix, change log sources + unix: + CommandLine_lc: + - '*chmod*' + - '*chowm*' + - '*chattr*' + condition: window or unix +falsepositives: + - Uninstall programs,.. +level: low \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_service_creation.yml b/rules/windows/sysmon/sysmon_service_creation.yml new file mode 100644 index 00000000..c3543be5 --- /dev/null +++ b/rules/windows/sysmon/sysmon_service_creation.yml @@ -0,0 +1,18 @@ +title: Service Creation in Registry Detection +description: Detect Service Creation in Registry +author: Lep +date: 2019/08/16 +tags: + - attack.execution + - attack.t1035 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 13 + Image_lc: '*\services.exe' + condition: selection +falsepositives: + - n/a +level: low diff --git a/rules/windows/sysmon/sysmon_susp_Timestomp.yml b/rules/windows/sysmon/sysmon_susp_Timestomp.yml new file mode 100644 index 00000000..f83129cb --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_Timestomp.yml @@ -0,0 +1,26 @@ +title: Suspicious Timestomp +description: Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData) +status: experimental +references: + - https://securityboulevard.com/2019/08/agent-tesla-evading-edr-by-removing-api-hooks/ + - https://app.any.run/tasks/c6993447-d1d8-414e-b856-675325e5aa09/ +author: Florian Roth +date: 2019/08/24 +tags: + - attack.defense_evasion + - attack.t1099 +logsource: + product: windows +detection: + windows: + CommandLine_lc: + - '*Get-ChildItem*' + - '*$_.LastAccessTime*' + - '*$_.LastWriteTime*' + - '*$_.CreationTime*' + linux: + CommandLine_lc: '*touch*' + condition: linux or windows +falsepositives: + - Unkown +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_discovery_activity.yml b/rules/windows/sysmon/sysmon_susp_discovery_activity.yml new file mode 100644 index 00000000..426235b7 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_discovery_activity.yml @@ -0,0 +1,26 @@ +title: Discovery Activity with Command +status: experimental +description: Detects discovery activity command +author: Lep +date: 2019/09/26 +tags: + - attack.discovery + - attack.t1018 + - attack.t1012 + - attack.t1083 +logsource: + product: windows +detection: + selection: + CommandLine_lc: + - 'dir *' + - 'tree *' + - 'reg query*' + - '*arp.exe*' + - 'ipconfig /all' + - 'new-psdrive*' + timeframe: 15s + condition: selection | count() by CommandLine_lc > 4 +falsepositives: + - Admin activities +level: medium diff --git a/rules/windows/sysmon/sysmon_susp_file_deletion.yml b/rules/windows/sysmon/sysmon_susp_file_deletion.yml new file mode 100644 index 00000000..7ead61c5 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_file_deletion.yml @@ -0,0 +1,29 @@ +title: Microsoft Office Persistence +status: experimental +description: Detect File Deletion Technique +author: Lep +references: + - https://attack.mitre.org/techniques/T1107/ + - https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/ +date: 2019/08/20 +tags: + - attack.defense_evasion + - attack.t1107 + - attack.g0050 +logsource: + service: sysmon + product: windows +detection: + sdelete: + Image: '*sdelete.exe' + CommandLine_lc: '*remove-item*' + fsulti: + Image: '*fsutil.exe' + CommandLine_lc: '*deletejournal*' + wbadmin: + Image: '*wbadmin.exe' + CommandLine_lc: '*delete*' + condition: sdelete or fsulti or addins or wbadmin +falsepositives: + - Uninstall programs,.. +level: low diff --git a/rules/windows/sysmon/sysmon_susp_service_modify.yml b/rules/windows/sysmon/sysmon_susp_service_modify.yml new file mode 100644 index 00000000..348234fd --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_service_modify.yml @@ -0,0 +1,29 @@ +title: Modify Existing Service +description: Detect persistence technique by modifying existing services +author: Lep +date: 2019/08/17 +tags: + - attack.persistence + - attack.t1031 + - attack.g0050 +logsource: + product: windows + service: sysmon +detection: + process_creation: + EventID: 1 + sc: + Image_lc: + -'*\sc.exe' + CommandLine_lc: '*config*' + reg: + Image_lc: + -'*\reg.exe' + CommandLine_lc: '*hklm\system\currentcontrolset\services*' + registry_edit: + EventID: 13 + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Services*' + condition: (process_creation and sc) or (process_creation and reg) or registry_edit +falsepositives: + - Real service edit +level: low diff --git a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml new file mode 100644 index 00000000..35ca95d7 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml @@ -0,0 +1,21 @@ +title: Signed Script Proxy Execution +description: Detect suspicious signed script like PubPrn triggered for validation bypassing +author: Lep +date: 2019/08/16 +tags: + - attack.execution + - attack.t1216 + - attack.g0050 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + ParentImage_lc: '*cscript.exe*' + selection2: + CommandLine_lc: '*pubprn.vbs*' + condition: selection or selection2 +falsepositives: + - Real PubPrn usage +level: low diff --git a/rules/windows/sysmon/sysmon_web_folder_intergration.yml b/rules/windows/sysmon/sysmon_web_folder_intergration.yml new file mode 100644 index 00000000..b9b9a7ad --- /dev/null +++ b/rules/windows/sysmon/sysmon_web_folder_intergration.yml @@ -0,0 +1,30 @@ +title: File Creation Webserver Root Folder +status: experimental +description: Detects a suspicious file creation in a web service root folder +author: Lep - VuNX +tags: + - attack.persistence + - attack.t1100 +logsource: + category: process_creation + product: windows +detection: + selection: + TargetFileName_lc: + - '*\wwwroot\\*' + - '*\wmpub\\*' + - '*\htdocs\\*' + - '*inetpub*' + EventID: + 11 + filter: + Image_lc: + - '*explorer.exe' + blank: + Image: null + condition: selection and not filter and not blank +fields: + - TargetFileName +falsepositives: + - Deploy new codes +level: medium diff --git a/rules/windows/sysmon/win_susp_Compiled_HTML.yml b/rules/windows/sysmon/win_susp_Compiled_HTML.yml new file mode 100644 index 00000000..c360ee49 --- /dev/null +++ b/rules/windows/sysmon/win_susp_Compiled_HTML.yml @@ -0,0 +1,21 @@ +title: Trigger Compiled HTML +status: experimental +description: This detects compiled HTML triggered by HH +references: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ +date: 2019/08/14 +author: Lep +logsource: + product: windows + service: sysmon +detection: + selection1: + EventID: 1 + Image_lc: '*\hh.exe' + condition: selection1 +falsepositives: + - Normal HTML Help File +tags: + - attack.execution + - attack.T1223 + - attack.G0050 +level: high \ No newline at end of file From 406b40af1116ebcfdb429449201b15e97752ce65 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 28 Aug 2019 09:00:35 +0200 Subject: [PATCH 005/714] rule: suspicious msbuild folder --- .../win_susp_msbuild_folder.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_msbuild_folder.yml diff --git a/rules/windows/process_creation/win_susp_msbuild_folder.yml b/rules/windows/process_creation/win_susp_msbuild_folder.yml new file mode 100644 index 00000000..5208616c --- /dev/null +++ b/rules/windows/process_creation/win_susp_msbuild_folder.yml @@ -0,0 +1,23 @@ +title: Suspicious Csc.exe Source File Folder +description: Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData) +status: experimental +references: + - https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html +author: Florian Roth +date: 2019/08/24 +tags: + - attack.defense_evasion + - attack.t1500 +logsource: + category: process_creation + product: windows +detection: + selection: + Image: '*\MSBuild.exe' + CommandLine: + - '*\AppData\*' + - '*\Windows\Temp\*' + condition: selection +falsepositives: + - Unkown +level: high From f71dc4153199ae63a4d94b3fbbfe62962fcb2156 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 28 Aug 2019 09:00:43 +0200 Subject: [PATCH 006/714] rule: extended csc rule --- rules/windows/process_creation/win_susp_csc_folder.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_csc_folder.yml b/rules/windows/process_creation/win_susp_csc_folder.yml index 332229af..e783d518 100644 --- a/rules/windows/process_creation/win_susp_csc_folder.yml +++ b/rules/windows/process_creation/win_susp_csc_folder.yml @@ -15,7 +15,9 @@ logsource: detection: selection: Image: '*\csc.exe' - CommandLine: '*\AppData\*' + CommandLine: + - '*\AppData\*' + - '*\Windows\Temp\*' condition: selection falsepositives: - Unkown From ba30b4929c82e118b9ca29506d1a42affdd6a158 Mon Sep 17 00:00:00 2001 From: Lep Date: Wed, 28 Aug 2019 17:13:54 +0700 Subject: [PATCH 007/714] process_creation update --- .../sysmon_detect_Compressed_Process.yml | 9 ++++----- .../sysmon/sysmon_service_creation.yml | 2 +- .../windows/sysmon/sysmon_susp_Timestomp.yml | 7 ++----- .../sysmon/sysmon_susp_service_modify.yml | 20 ++++++++++--------- .../sysmon_susp_signed_script_triggered.yml | 13 +++++++++--- .../windows/sysmon/win_susp_Compiled_HTML.yml | 7 +++---- 6 files changed, 31 insertions(+), 27 deletions(-) diff --git a/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml b/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml index 7e8ca2f9..fc813e3b 100644 --- a/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml +++ b/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml @@ -3,12 +3,11 @@ description: Detects data compressing behaviour author: Lep - VuNX date: 2019/7/10 tags: - - - attack.exfiltration - - attack.t1002 + - attack.exfiltration + - attack.t1002 logsource: - category: process_creation - product: windows + category: process_creation + product: windows detection: selection1: CommandLine: diff --git a/rules/windows/sysmon/sysmon_service_creation.yml b/rules/windows/sysmon/sysmon_service_creation.yml index c3543be5..101728ff 100644 --- a/rules/windows/sysmon/sysmon_service_creation.yml +++ b/rules/windows/sysmon/sysmon_service_creation.yml @@ -10,7 +10,7 @@ logsource: service: sysmon detection: selection: - EventID: 13 + EventID: 12 Image_lc: '*\services.exe' condition: selection falsepositives: diff --git a/rules/windows/sysmon/sysmon_susp_Timestomp.yml b/rules/windows/sysmon/sysmon_susp_Timestomp.yml index f83129cb..a67f9555 100644 --- a/rules/windows/sysmon/sysmon_susp_Timestomp.yml +++ b/rules/windows/sysmon/sysmon_susp_Timestomp.yml @@ -1,10 +1,7 @@ title: Suspicious Timestomp -description: Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData) +description: Detects a massive change timestamp status: experimental -references: - - https://securityboulevard.com/2019/08/agent-tesla-evading-edr-by-removing-api-hooks/ - - https://app.any.run/tasks/c6993447-d1d8-414e-b856-675325e5aa09/ -author: Florian Roth +author: lep date: 2019/08/24 tags: - attack.defense_evasion diff --git a/rules/windows/sysmon/sysmon_susp_service_modify.yml b/rules/windows/sysmon/sysmon_susp_service_modify.yml index 348234fd..52bef37a 100644 --- a/rules/windows/sysmon/sysmon_susp_service_modify.yml +++ b/rules/windows/sysmon/sysmon_susp_service_modify.yml @@ -1,17 +1,17 @@ +--- +action: global title: Modify Existing Service description: Detect persistence technique by modifying existing services author: Lep date: 2019/08/17 tags: - - attack.persistence - - attack.t1031 - - attack.g0050 + - attack.persistence + - attack.t1031 + - attack.g0050 logsource: - product: windows - service: sysmon + category: process_creation + product: windows detection: - process_creation: - EventID: 1 sc: Image_lc: -'*\sc.exe' @@ -20,10 +20,12 @@ detection: Image_lc: -'*\reg.exe' CommandLine_lc: '*hklm\system\currentcontrolset\services*' + condition: 1 of them +--- +detection: registry_edit: - EventID: 13 + EventID: 12 TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Services*' - condition: (process_creation and sc) or (process_creation and reg) or registry_edit falsepositives: - Real service edit level: low diff --git a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml index 35ca95d7..fa572105 100644 --- a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml +++ b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml @@ -1,3 +1,5 @@ +--- +action: global title: Signed Script Proxy Execution description: Detect suspicious signed script like PubPrn triggered for validation bypassing author: Lep @@ -8,14 +10,19 @@ tags: - attack.g0050 logsource: product: windows - service: sysmon + category: process_creation detection: selection: EventID: 1 ParentImage_lc: '*cscript.exe*' - selection2: - CommandLine_lc: '*pubprn.vbs*' condition: selection or selection2 falsepositives: - Real PubPrn usage level: low +--- +logsource: + product: windows + service: sysmon +detection: + selection2: + CommandLine_lc: '*pubprn.vbs*' \ No newline at end of file diff --git a/rules/windows/sysmon/win_susp_Compiled_HTML.yml b/rules/windows/sysmon/win_susp_Compiled_HTML.yml index c360ee49..10e34b9f 100644 --- a/rules/windows/sysmon/win_susp_Compiled_HTML.yml +++ b/rules/windows/sysmon/win_susp_Compiled_HTML.yml @@ -5,17 +5,16 @@ references: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds- date: 2019/08/14 author: Lep logsource: + category: process_creation product: windows - service: sysmon detection: selection1: - EventID: 1 Image_lc: '*\hh.exe' condition: selection1 falsepositives: - Normal HTML Help File tags: - attack.execution - - attack.T1223 - - attack.G0050 + - attack.t1223 + - attack.g0050 level: high \ No newline at end of file From c95a17b0615106e6ef3f866066674ca6b9e861f2 Mon Sep 17 00:00:00 2001 From: Lep Date: Wed, 28 Aug 2019 17:30:13 +0700 Subject: [PATCH 008/714] process_creation --- rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml index fa572105..1f4ac635 100644 --- a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml +++ b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml @@ -13,7 +13,6 @@ logsource: category: process_creation detection: selection: - EventID: 1 ParentImage_lc: '*cscript.exe*' condition: selection or selection2 falsepositives: From af264c049bb670a50773b8f0b821063827e330b8 Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 29 Aug 2019 15:43:36 +0700 Subject: [PATCH 009/714] end space --- rules/windows/sysmon/sysmon_permissions_modifiation.yml | 2 +- rules/windows/sysmon/sysmon_susp_Timestomp.yml | 2 +- rules/windows/sysmon/win_susp_Compiled_HTML.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_permissions_modifiation.yml b/rules/windows/sysmon/sysmon_permissions_modifiation.yml index 2f34b559..ad334ce0 100644 --- a/rules/windows/sysmon/sysmon_permissions_modifiation.yml +++ b/rules/windows/sysmon/sysmon_permissions_modifiation.yml @@ -29,4 +29,4 @@ detection: condition: window or unix falsepositives: - Uninstall programs,.. -level: low \ No newline at end of file +level: low diff --git a/rules/windows/sysmon/sysmon_susp_Timestomp.yml b/rules/windows/sysmon/sysmon_susp_Timestomp.yml index a67f9555..69c1e158 100644 --- a/rules/windows/sysmon/sysmon_susp_Timestomp.yml +++ b/rules/windows/sysmon/sysmon_susp_Timestomp.yml @@ -20,4 +20,4 @@ detection: condition: linux or windows falsepositives: - Unkown -level: high \ No newline at end of file +level: high diff --git a/rules/windows/sysmon/win_susp_Compiled_HTML.yml b/rules/windows/sysmon/win_susp_Compiled_HTML.yml index 10e34b9f..2ff232fc 100644 --- a/rules/windows/sysmon/win_susp_Compiled_HTML.yml +++ b/rules/windows/sysmon/win_susp_Compiled_HTML.yml @@ -17,4 +17,4 @@ tags: - attack.execution - attack.t1223 - attack.g0050 -level: high \ No newline at end of file +level: high From dfe6b968c0c9026d40c4b854a8aff41c3e68593a Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 29 Aug 2019 15:48:42 +0700 Subject: [PATCH 010/714] addins --- rules/windows/sysmon/sysmon_susp_file_deletion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_file_deletion.yml b/rules/windows/sysmon/sysmon_susp_file_deletion.yml index 7ead61c5..9494234b 100644 --- a/rules/windows/sysmon/sysmon_susp_file_deletion.yml +++ b/rules/windows/sysmon/sysmon_susp_file_deletion.yml @@ -23,7 +23,7 @@ detection: wbadmin: Image: '*wbadmin.exe' CommandLine_lc: '*delete*' - condition: sdelete or fsulti or addins or wbadmin + condition: sdelete or fsulti or wbadmin falsepositives: - Uninstall programs,.. level: low From 8a078b6c864031f5df3ad68a76d5e9a5a72d4c27 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 30 Aug 2019 11:48:38 +0200 Subject: [PATCH 011/714] rule: APT28 UA --- rules/proxy/proxy_ua_suspicious.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/proxy/proxy_ua_suspicious.yml b/rules/proxy/proxy_ua_suspicious.yml index 6f98e681..5eb184af 100644 --- a/rules/proxy/proxy_ua_suspicious.yml +++ b/rules/proxy/proxy_ua_suspicious.yml @@ -22,6 +22,7 @@ detection: - '_' - 'CertUtil URL Agent' # https://twitter.com/stvemillertime/status/985150675527974912 - 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0)' # CobaltStrike Beacon https://unit42.paloaltonetworks.com/tracking-oceanlotus-new-downloader-kerrdown/ + - 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0' # used by APT28 malware https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html falsepositives: UserAgent: - 'Mozilla/3.0 * Acrobat *' # Acrobat with linked content From a3349823e50996290cd080f9204df53980fc09ad Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 30 Aug 2019 11:48:51 +0200 Subject: [PATCH 012/714] rule: implant teardown --- rules/proxy/proxy_implant_teardown.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 rules/proxy/proxy_implant_teardown.yml diff --git a/rules/proxy/proxy_implant_teardown.yml b/rules/proxy/proxy_implant_teardown.yml new file mode 100644 index 00000000..dd7d3630 --- /dev/null +++ b/rules/proxy/proxy_implant_teardown.yml @@ -0,0 +1,20 @@ +title: Teardown Implant URL Pattern +status: experimental +description: Detects URL pattern used by Teardown Implant +references: + - https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html +author: Florian Roth +date: 2019/08/30 +logsource: + category: proxy +detection: + selection: + c-uri-query: '*/list/suc?name=*' + condition: selection +fields: + - ClientIP + - URL + - UserAgent +falsepositives: + - Unknown +level: critical From d9606067a6217cc8f3a25a8816aba37935d08521 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 31 Aug 2019 08:50:59 +0200 Subject: [PATCH 013/714] rule: MuddyWater script execution --- rules/apt/apt_muddywater.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/apt/apt_muddywater.yml diff --git a/rules/apt/apt_muddywater.yml b/rules/apt/apt_muddywater.yml new file mode 100644 index 00000000..24eedb69 --- /dev/null +++ b/rules/apt/apt_muddywater.yml @@ -0,0 +1,26 @@ +title: MuddyWater Code Execution +description: Detects a suspicious execution of wscript and cscript poiting to *.vbe and *.jpg files in Windows temp folder +status: experimental +references: + - https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf + - https://attack.mitre.org/techniques/T1500/ +author: Florian Roth +date: 2019/08/31 +tags: + - attack.defense_evasion + - attack.t1500 +logsource: + category: process_creation + product: windows +detection: + selection: + Image: + - '*\wscript.exe' + - '*\cscript.exe' + CommandLine: + - '*\Windows\Temp\*.vbe' + - '*\Windows\Temp\*.jpg' + condition: selection +falsepositives: + - Unkown +level: high From c81d3bf56c9e730fc0eb5bfe84e87dd3caec0fb2 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 3 Sep 2019 15:31:25 +0200 Subject: [PATCH 014/714] rule: emissary panda activity --- rules/apt/apt_emissarypanda_sep19.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 rules/apt/apt_emissarypanda_sep19.yml diff --git a/rules/apt/apt_emissarypanda_sep19.yml b/rules/apt/apt_emissarypanda_sep19.yml new file mode 100644 index 00000000..3422f68b --- /dev/null +++ b/rules/apt/apt_emissarypanda_sep19.yml @@ -0,0 +1,19 @@ +title: Emissary Panda Malware SLLauncher +status: experimental +description: Detects the execution of DLL side-loading malware used by threat group Emissary Panda aka APT27 +references: + - https://app.any.run/tasks/579e7587-f09d-4aae-8b07-472833262965 + - https://twitter.com/cyb3rops/status/1168863899531132929 +author: Florian Roth +date: 2018/09/03 +logsource: + category: process_creation + product: windows +detection: + selection: + ParentImage: '*\sllauncher.exe' + Image: '*\svchost.exe' + condition: selection +falsepositives: + - Unknown +level: critical From 27f875755f0dbf994b0fce0559f4f16207d285de Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 6 Sep 2019 10:08:09 +0200 Subject: [PATCH 015/714] rule: debugger registration --- .../sysmon/sysmon_reg_debugger_backdoor.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml diff --git a/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml b/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml new file mode 100644 index 00000000..74180406 --- /dev/null +++ b/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml @@ -0,0 +1,40 @@ +title: Suspicious Debugger Registration +status: experimental +description: Detects the registration of a debugger for a program that is available in the logon screen (sticky key backdoor) +references: + - https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/ +tags: + - attack.persistence + - attack.privilege_escalation + - attack.t1015 +author: Florian Roth +date: 2019/09/06 +logsource: + product: windows + service: sysmon +detection: + selection_proc: + EventID: 1 + CommandLine: + - '*\CurrentVersion\Image File Execution Options\sethc.exe*' + - '*\CurrentVersion\Image File Execution Options\utilman.exe*' + - '*\CurrentVersion\Image File Execution Options\osk.exe*' + - '*\CurrentVersion\Image File Execution Options\magnify.exe*' + - '*\CurrentVersion\Image File Execution Options\narrator.exe*' + - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' + selection_reg: + EventID: + - 12 + - 13 + TargetObject: + - '*\CurrentVersion\Image File Execution Options\sethc.exe*' + - '*\CurrentVersion\Image File Execution Options\utilman.exe*' + - '*\CurrentVersion\Image File Execution Options\osk.exe*' + - '*\CurrentVersion\Image File Execution Options\magnify.exe*' + - '*\CurrentVersion\Image File Execution Options\narrator.exe*' + - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' + condition: selection_proc or selection_reg +falsepositives: + - Penetration Tests +level: high + From e9fc8d3d09f48ce9975b03ada2929407e606c486 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 6 Sep 2019 10:13:21 +0200 Subject: [PATCH 016/714] rule: split up registry debugger registration rule into two --- .../win_install_reg_debugger_backdoor.yml | 29 +++++++++++++++++++ .../sysmon/sysmon_reg_debugger_backdoor.yml | 15 ++-------- 2 files changed, 32 insertions(+), 12 deletions(-) create mode 100644 rules/windows/process_creation/win_install_reg_debugger_backdoor.yml diff --git a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml new file mode 100644 index 00000000..033c0789 --- /dev/null +++ b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml @@ -0,0 +1,29 @@ +title: Suspicious Debugger Registration Cmdline +status: experimental +description: Detects the registration of a debugger for a program that is available in the logon screen (sticky key backdoor). +references: + - https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/ +tags: + - attack.persistence + - attack.privilege_escalation + - attack.t1015 +author: Florian Roth +date: 2019/09/06 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + CommandLine: + - '*\CurrentVersion\Image File Execution Options\sethc.exe*' + - '*\CurrentVersion\Image File Execution Options\utilman.exe*' + - '*\CurrentVersion\Image File Execution Options\osk.exe*' + - '*\CurrentVersion\Image File Execution Options\magnify.exe*' + - '*\CurrentVersion\Image File Execution Options\narrator.exe*' + - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' + condition: selection +falsepositives: + - Penetration Tests +level: high + diff --git a/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml b/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml index 74180406..9210e83f 100644 --- a/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml +++ b/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml @@ -1,4 +1,4 @@ -title: Suspicious Debugger Registration +title: Suspicious Debugger Registration Registry status: experimental description: Detects the registration of a debugger for a program that is available in the logon screen (sticky key backdoor) references: @@ -13,16 +13,7 @@ logsource: product: windows service: sysmon detection: - selection_proc: - EventID: 1 - CommandLine: - - '*\CurrentVersion\Image File Execution Options\sethc.exe*' - - '*\CurrentVersion\Image File Execution Options\utilman.exe*' - - '*\CurrentVersion\Image File Execution Options\osk.exe*' - - '*\CurrentVersion\Image File Execution Options\magnify.exe*' - - '*\CurrentVersion\Image File Execution Options\narrator.exe*' - - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' - selection_reg: + selection: EventID: - 12 - 13 @@ -33,7 +24,7 @@ detection: - '*\CurrentVersion\Image File Execution Options\magnify.exe*' - '*\CurrentVersion\Image File Execution Options\narrator.exe*' - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' - condition: selection_proc or selection_reg + condition: selection falsepositives: - Penetration Tests level: high From 01d5e3882f2da7ef71b9d9823555e9a1621fe7eb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 6 Sep 2019 10:17:32 +0200 Subject: [PATCH 017/714] fix: log source category --- .../process_creation/win_install_reg_debugger_backdoor.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml index 033c0789..b26caf71 100644 --- a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml +++ b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml @@ -10,8 +10,8 @@ tags: author: Florian Roth date: 2019/09/06 logsource: + category: process_creation product: windows - service: sysmon detection: selection: EventID: 1 From e85c204404ccdbbd801b3d69f1afe1abe9a4ad4b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 6 Sep 2019 10:20:36 +0200 Subject: [PATCH 018/714] fix: removed event id --- .../process_creation/win_install_reg_debugger_backdoor.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml index b26caf71..5e0fcedb 100644 --- a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml +++ b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml @@ -14,7 +14,6 @@ logsource: product: windows detection: selection: - EventID: 1 CommandLine: - '*\CurrentVersion\Image File Execution Options\sethc.exe*' - '*\CurrentVersion\Image File Execution Options\utilman.exe*' From afcbf4226d11847c77a8703fc4f8067665893d22 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 6 Sep 2019 10:22:27 +0200 Subject: [PATCH 019/714] fix: duplicate rule - issue #441 --- .../win_powershell_renamed_ps.yml | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 rules/windows/process_creation/win_powershell_renamed_ps.yml diff --git a/rules/windows/process_creation/win_powershell_renamed_ps.yml b/rules/windows/process_creation/win_powershell_renamed_ps.yml deleted file mode 100644 index d6e9ef86..00000000 --- a/rules/windows/process_creation/win_powershell_renamed_ps.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Renamed Powershell.exe -status: experimental -description: Detects copying and renaming of powershell.exe before execution (RETEFE malware DOC/macro starting Sept 2018) -references: - - https://attack.mitre.org/techniques/T1086/ - - https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/ -tags: - - attack.t1086 - - attack.execution - - car.2013-05-009 -author: Tom Ueltschi (@c_APT_ure) -logsource: - category: process_creation - product: windows -detection: - selection: - Description: Windows PowerShell - exclusion_1: - Image: - - '*\powershell.exe' - - '*\powershell_ise.exe' - exclusion_2: - Description: Windows PowerShell ISE - condition: all of selection and not (1 of exclusion_*) -falsepositives: - - penetration tests, red teaming -level: high From 7219e0b0f1fa5f39246b8eb9bbccb7f75d2853d8 Mon Sep 17 00:00:00 2001 From: lep Date: Fri, 18 Oct 2019 14:04:38 +0700 Subject: [PATCH 020/714] module carbonblack --- tools/config/carbonblack.yml | 11 ++ tools/config/helk.yml | 30 +++-- tools/config/logpoint-windows.yml | 1 + tools/config/qradar.yml | 11 ++ tools/config/sumologic.yml | 43 +++++++ tools/config/winlogbeat-modules-enabled.yml | 125 ++++++++++++++++++++ tools/config/winlogbeat-old.yml | 1 + tools/config/winlogbeat.yml | 1 + tools/sigma/backends/base.py | 23 +++- tools/sigma/backends/carbonblack.py | 108 +++++++++++++++++ tools/sigma/backends/elasticsearch.py | 19 +-- tools/sigma/backends/qradar.py | 28 ++++- tools/sigma/backends/splunk.py | 2 +- tools/sigma/backends/sumologic.py | 21 +--- tools/sigma/config/mapping.py | 29 +++-- tools/sigma/configuration.py | 1 + tools/sigma/eventdict.py | 16 +++ tools/sigma/parser/condition.py | 2 +- 18 files changed, 425 insertions(+), 47 deletions(-) create mode 100644 tools/config/carbonblack.yml create mode 100644 tools/config/winlogbeat-modules-enabled.yml create mode 100644 tools/sigma/backends/carbonblack.py create mode 100644 tools/sigma/eventdict.py diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml new file mode 100644 index 00000000..276fed22 --- /dev/null +++ b/tools/config/carbonblack.yml @@ -0,0 +1,11 @@ +title: Splunk Windows log source conditions +order: 20 +backends: + - splunk + - carbonblack + +fieldmappings: + Image: process_name + SourceIp: ipaddr + ImageLoaded: modload + CommandLine: cmdline \ No newline at end of file diff --git a/tools/config/helk.yml b/tools/config/helk.yml index 409ecaaf..fb33c189 100644 --- a/tools/config/helk.yml +++ b/tools/config/helk.yml @@ -36,7 +36,6 @@ logsources: product: windows service: powershell-classic index: logs-endpoint-winevent-powershell-* - defaultindex: logs-* fieldmappings: AccessMask: object_access_mask_requested @@ -47,18 +46,22 @@ fieldmappings: AuthenticationPackageName: logon_authentication_package CallingProcessName: process_path CallTrace: process_call_trace + ClientAddress: src_ip_addr + ClientIPAddress: src_ip_addr + ClientIP: src_ip_addr CommandLine: process_command_line Company: file_company ComputerName: host_name Configuration: EventID=16: sysmon_configuration + ConnectedViaIPAddress: dst_nat_ip_addr CurrentDirectory: process_current_directory Description: file_description + DestAddress: dst_ip_addr Destination: EventID=20: wmi_consumer_destination DestinationHostname: dst_host_name DestinationIp: dst_ip_addr - DestinationIsIpv6: dst_is_ipv6 DestinationPort: dst_port DestinationPortName: dst_port_name Details: @@ -76,6 +79,7 @@ fieldmappings: FileVersion: file_version GrantedAccess: process_granted_access GroupName: group_name + GroupSid: group_sid HiveName: hive_name HostVersion: powershell.host.version Image: process_path @@ -87,8 +91,13 @@ fieldmappings: EventID=3: network_initiated" IntegrityLevel: EventID=1: process_integrity_level + ipAddress: dst_ip_addr + IpAddress: src_ip_addr + IPString: src_ip_addr + LaunchedViaIPAddress: dst_ip_addr LogonProcessName: logon_process_name LogonType: logon_type + MachineIpAddress: dst_ip_addr MachineName: host_name Name: EventID=19: wmi_name @@ -105,13 +114,15 @@ fieldmappings: EventID=20: wmi_operation EventID=21: wmi_operation OperationType: object_operation_type + OriginalFileName: file_name_original ParentImage: process_parent_path + ParentProcessName: process_parent_path PasswordLastSet: user_attribute_password_lastset Path: process_path ParentCommandLine: process_parent_command_line PipeName: pipe_name ProcessName: process_path - ProcesssCommandLine: process_command_line + ProcessCommandLine: process_command_line Product: file_product Properties: object_properties Protocol: @@ -119,6 +130,7 @@ fieldmappings: Query: EventID=19: wmi_query RelativeTargetName: share_relative_target_name + SourceAddress: src_ip_addr SchemaVersion: EventID=4: sysmon_schema_version ServiceFileName: service_image_path @@ -130,6 +142,7 @@ fieldmappings: Source: source_name SourceHostname: src_host_name SourceImage: process_path + SourceIp: src_ip_addr SourcePort: src_port SourcePortName: src_port_name StartAddress: thread_start_address @@ -143,18 +156,21 @@ fieldmappings: EventID=4624: user_reporter_name EventId=4648: user_name EventID=5140: user_name + TargetServer: dst_ip_addr + TaskName: task_name + TicketEncryptionType: ticket_encryption_type + TicketOptions: ticket_options TargetFilename: file_name TargetImage: target_process_path TargetProcessAddress: thread_start_address TargetObject: registry_key_path - TaskName: task_name - TicketEncryptionType: ticket_encryption_type - TicketOptions: ticket_options Type: EventID=20: wmi_consumer_type User: user_account UserName: user_name + Value: + EventID=1102: dst_ip_addr Version: EventID=4: sysmon_version Workstation: src_host_name - WorkstationName: src_host_name + WorkstationName: src_host_name \ No newline at end of file diff --git a/tools/config/logpoint-windows.yml b/tools/config/logpoint-windows.yml index f777dea1..ad7b425f 100644 --- a/tools/config/logpoint-windows.yml +++ b/tools/config/logpoint-windows.yml @@ -33,6 +33,7 @@ fieldmappings: EventID: event_id FailureCode: result_code GroupName: group_name + GroupSid: group_sid KeyLength: key_length LogonProcessName: logon_process LogonType: logon_type diff --git a/tools/config/qradar.yml b/tools/config/qradar.yml index 2637be75..4a12b9ab 100644 --- a/tools/config/qradar.yml +++ b/tools/config/qradar.yml @@ -40,4 +40,15 @@ fieldmappings: - sourceIP src_ip: - sourceIP + c-ip: sourceIP + cs-ip: sourceIP + cs-uri: url + c-uri: sourceIP + c-uri-extension: file_extension + UserAgent: user_agent + c-uri-query: uri_query + HttpMethod: Method + URL: URL + r-dns: FQDN + ClientIP: sourceIP ServiceFileName: Service Name diff --git a/tools/config/sumologic.yml b/tools/config/sumologic.yml index 954c7b0e..dbb7b9dc 100644 --- a/tools/config/sumologic.yml +++ b/tools/config/sumologic.yml @@ -6,6 +6,9 @@ backends: # typically rule on _sourceCategory, _index or Field Extraction Rules (FER) # supposing existing FER for service, EventChannel, EventID logsources: + unix: + product: unix + index: UNIX linux: product: linux index: LINUX @@ -58,7 +61,47 @@ logsources: product: apache service: apache index: WEBSERVER + apache2: + product: apache + index: WEBSERVER + webserver: + category: webserver + index: WEBSERVER firewall: + category: firewall + index: FIREWALL + firewall2: product: firewall index: FIREWALL + network-dns: + category: dns + index: DNS + network-dns2: + product: dns + index: DNS + proxy: + category: proxy + index: PROXY + antivirus: + product: antivirus + index: ANTIVIRUS + application-sql: + product: sql + index: DATABASE + application-python: + product: python + index: APPLICATIONS + application-django: + product: django + index: DJANGO + application-rails: + product: rails + index: RAILS + application-rails: + category: application + product: ruby_on_rails + index: RAILS + application-spring: + product: spring + index: SPRING # if no index, search in all indexes diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml new file mode 100644 index 00000000..a59ce36f --- /dev/null +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -0,0 +1,125 @@ +title: Elastic Winlogbeat (from 7.x) index pattern and field mapping following Elastic enabled Modules +order: 20 +backends: + - es-qs + - es-dsl + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + windows: + product: windows + index: winlogbeat-* + windows-application: + product: windows + service: application + conditions: + winlog.channel: Application + windows-security: + product: windows + service: security + conditions: + winlog.channel: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + winlog.channel: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + winlog.channel: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + winlog.provider_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' +defaultindex: winlogbeat-* +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: + EventID: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + CommandLine: process.args + ComputerName: winlog.ComputerName + CurrentDirectory: process.working_directory + Description: winlog.event_data.Description + DestinationHostname: destination.domain + DestinationIp: destination.ip + #DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + DestinationPort: destination.port + DestinationPortName: network.protocol + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: file.path + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: process.executable + ImageLoaded: file.path + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: source.ip + IpPort: source.port + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: process.parent.args + ParentProcessName: process.parent.name + ParentImage: process.parent.executable + Path: winlog.event_data.Path + PipeName: file.name + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: process.executable + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceHostname: source.domain + SourceImage: process.executable + SourceIp: source.ip + SourcePort: source.port + #SourceIsIpv6: winlog.event_data.SourceIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectDomainName: user.domain + SubjectUserName: user.name + SubjectUserSid: user.id + TargetFilename: file.path + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + TargetDomainName: user.domain + TargetUserName: user.name + TargetUserSid: user.id + User: user.name + WorkstationName: source.domain \ No newline at end of file diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index 0fadfec8..3e7f35ac 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -70,6 +70,7 @@ fieldmappings: FileName: event_data.FileName GrantedAccess: event_data.GrantedAccess GroupName: event_data.GroupName + GroupSid: event_data.GroupSid Hashes: event_data.Hashes HiveName: event_data.HiveName HostVersion: event_data.HostVersion diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 4c5a30e0..a63adc53 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -70,6 +70,7 @@ fieldmappings: FileName: winlog.event_data.FileName GrantedAccess: winlog.event_data.GrantedAccess GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid Hashes: winlog.event_data.Hashes HiveName: winlog.event_data.HiveName HostVersion: winlog.event_data.HostVersion diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index f1c1b5b5..b7e5aec4 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -15,12 +15,14 @@ # along with this program. If not, see . import sys +sys.path.append("....") import sigma import yaml from .mixins import RulenameCommentMixin, QuoteCharMixin from sigma.parser.modifiers.base import SigmaTypeModifier +from .. eventdict import event class BackendOptions(dict): """ @@ -145,7 +147,10 @@ class BaseBackend: elif type(node) == sigma.parser.condition.NodeSubexpression: return self.generateSubexpressionNode(node) elif type(node) == tuple: - return self.generateMapItemNode(node) + if(self.identifier == 'carbonblack'): + return self.generateMapItemNode_CarbonBlack(node) + else: + return self.generateMapItemNode(node) elif type(node) in (str, int): return self.generateValueNode(node) elif type(node) == list: @@ -271,6 +276,22 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: raise TypeError("Backend does not support map values of type " + str(type(value))) + def generateMapItemNode_CarbonBlack(self, node): + fieldname, value = node + if(fieldname == "EventID" and event[value][0] not null): + fieldname = event[value][0] + value = event[value][1] + transformed_fieldname = self.fieldNameMapping(fieldname, value) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(transformed_fieldname, value) + elif value is None: + return self.nullExpression % (transformed_fieldname, ) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) def generateMapItemListNode(self, fieldname, value): return self.mapListValueExpression % (fieldname, self.generateNode(value)) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py new file mode 100644 index 00000000..93e812de --- /dev/null +++ b/tools/sigma/backends/carbonblack.py @@ -0,0 +1,108 @@ +# Output backends for sigmac +# Copyright 2016-2018 Thomas Patzke, Florian Roth, Roey + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import re +import sigma +from .base import SingleTextQueryBackend +from .mixins import MultiRuleOutputMixin + +class SplunkBackend(SingleTextQueryBackend): + """Converts Sigma rule into Splunk Search Processing Language (SPL).""" + identifier = "carbonblack" + active = True + index_field = "index" + + # \ -> \\ + # \* -> \* + # \\* -> \\* + reEscape = re.compile('("|(? mapping inside script - if not self.indices and self.product == 'windows' and self.service: - return "_index=WINDOWS %s " % (self.service) - if not self.indices and self.product == 'windows': - return "_index=WINDOWS " - if not self.indices and self.product == 'linux' and self.service == 'auditd': - return "_index=AUDITD " - if not self.indices and self.product == 'linux' and self.service == 'osqueryd': - return "_index=OSQUERY " - if not self.indices and self.product == 'linux': - return "_index=LINUX " - if self.product == 'antivirus': - return "_index=ANTIVIRUS " - if self.category == 'firewall': - return "_index=FIREWALL " - if self.indices: - return "_index=%s " % self.indices return "" def generate(self, sigmaparser): @@ -147,7 +130,7 @@ class SumoLogicBackend(SingleTextQueryBackend): super().__init__(*args, **kwargs) # TODO/FIXME! depending on deployment configuration, existing FER must be populate here (or backend config?) # aFL = ["EventID"] - aFL = ["EventID", "sourcename", "CommandLine", "NewProcessName", "Image", "ParentImage", "ParentCommandLine", "ParentProcessName"] + aFL = ["_index", "_sourceCategory", "_view", "EventID", "sourcename", "CommandLine", "NewProcessName", "Image", "ParentImage", "ParentCommandLine", "ParentProcessName"] for item in self.sigmaconfig.fieldmappings.values(): if item.target_type is list: aFL.extend(item.target) @@ -248,7 +231,7 @@ class SumoLogicBackend(SingleTextQueryBackend): val = re.sub(r'\\"\*$', '\\\\\\"*', val) # if not key and not (val.startswith('"') and val.endswith('"')) and not (val.startswith('(') and val.endswith(')')) and not ('|' in val) and val: # apt_babyshark.yml - if not (val.startswith('"') and val.endswith('"')) and not (val.startswith('(') and val.endswith(')')) and not ('|' in val) and not ('*' in val) and val: + if not (val.startswith('"') and val.endswith('"')) and not (val.startswith('(') and val.endswith(')')) and not ('|' in val) and not ('*' in val) and val and not '_index' in key and not '_sourceCategory' in key and not '_view' in key: val = '"%s"' % val return val diff --git a/tools/sigma/config/mapping.py b/tools/sigma/config/mapping.py index 0fea600e..7d337416 100644 --- a/tools/sigma/config/mapping.py +++ b/tools/sigma/config/mapping.py @@ -44,7 +44,7 @@ class SimpleFieldMapping: """Return mapped field name""" return (self.target, value) - def resolve_fieldname(self, fieldname): + def resolve_fieldname(self, fieldname, sigmaparser=None): return self.target def __str__(self): # pragma: no cover @@ -106,7 +106,7 @@ class ConditionalFieldMapping(SimpleFieldMapping): elif type(target) == list: self.conditions[field][value].extend(target) - def resolve(self, key, value, sigmaparser): + def _targets(self, sigmaparser): # build list of matching target mappings targets = set() for condfield in self.conditions: @@ -115,6 +115,10 @@ class ConditionalFieldMapping(SimpleFieldMapping): for condvalue in self.conditions[condfield]: if condvalue in rulefieldvalues: targets.update(self.conditions[condfield][condvalue]) + return targets + + def resolve(self, key, value, sigmaparser): + targets = self._targets(sigmaparser) if len(targets) == 0: # no matching condition, try with default mapping if self.default != None: targets = self.default @@ -138,11 +142,18 @@ class ConditionalFieldMapping(SimpleFieldMapping): else: return (key, value) - def resolve_fieldname(self, fieldname): - if self.default != None: - return self.default + def resolve_fieldname(self, fieldname, sigmaparser=None): + if sigmaparser is None: + if self.default != None: + return self.default + else: + return fieldname else: - return fieldname + targets = self._targets(sigmaparser) + if len(targets) == 0: + return self.default + else: + return targets.pop() # TODO: this case should be documented def __str__(self): # pragma: no cover return "ConditionalFieldMapping: {} -> {}".format(self.source, self.target) @@ -207,18 +218,18 @@ class FieldMappingChain(object): cond.add(mapping.resolve(key, value, sigmaparser)) return NodeSubexpression(cond) - def resolve_fieldname(self, fieldname): + def resolve_fieldname(self, fieldname, sigmaparser=None): if type(self.fieldmappings) == str: # one field mapping return self.fieldmappings elif isinstance(self.fieldmappings, SimpleFieldMapping): - return self.fieldmappings.resolve_fieldname(fieldname) + return self.fieldmappings.resolve_fieldname(fieldname, sigmaparser) elif type(self.fieldmappings) == set: mappings = set() for mapping in self.fieldmappings: if type(mapping) == str: mappings.add(mapping) elif isinstance(mapping, SimpleFieldMapping): - resolved_mapping = mapping.resolve_fieldname(fieldname) + resolved_mapping = mapping.resolve_fieldname(fieldname, sigmaparser) if type(resolved_mapping) is list: mappings.update(resolved_mapping) else: diff --git a/tools/sigma/configuration.py b/tools/sigma/configuration.py index 05e11133..fd510919 100644 --- a/tools/sigma/configuration.py +++ b/tools/sigma/configuration.py @@ -133,6 +133,7 @@ class SigmaConfiguration: if type(logsources) != dict: raise SigmaConfigParseError("Logsources must be a map") for name, logsource in logsources.items(): + print(name, logsource) self.logsources.append(SigmaLogsourceConfiguration(logsource, self.defaultindex)) def get_indexfield(self): diff --git a/tools/sigma/eventdict.py b/tools/sigma/eventdict.py new file mode 100644 index 00000000..3162f0b6 --- /dev/null +++ b/tools/sigma/eventdict.py @@ -0,0 +1,16 @@ +event = { + 1: ('childproc_count',"[1-*]"), + # 2: Change time, + 3: ('netconn_count',"[1-*]]"), + # 4: sysmon state change + # 5: Process termincated + 6: ('modload',"*\System32\Drivers*]"), + 7: ('modload_count',"[1-*]]"), + 8: ('crossproc_type', 'remote_thread') + # 9: Raw Access Read + 10: ('crossproc_type', 'process_open') + 11: ('filemod_count','[1-*]') + 12: ('regmod_count','[1-*]') + 14: ('regmod_count','[1-*]') + # 15 File create stream hash +} \ No newline at end of file diff --git a/tools/sigma/parser/condition.py b/tools/sigma/parser/condition.py index 5d9e2c7a..626b6093 100644 --- a/tools/sigma/parser/condition.py +++ b/tools/sigma/parser/condition.py @@ -633,7 +633,7 @@ class SigmaAggregationParser(SimpleParser): def trans_fieldname(self, fieldname): """Translate field name into configured mapped name""" - mapped = self.config.get_fieldmapping(fieldname).resolve_fieldname(fieldname) + mapped = self.config.get_fieldmapping(fieldname).resolve_fieldname(fieldname, self.parser) if type(mapped) == str: return mapped else: From 1c5816b2148db1526a9de7e48a4cc82e64b12479 Mon Sep 17 00:00:00 2001 From: lep Date: Fri, 18 Oct 2019 17:51:31 +0700 Subject: [PATCH 021/714] update carbonblack module --- tools/config/carbonblack.yml | 5 +++-- tools/sigma/backends/base.py | 2 +- tools/sigma/backends/carbonblack.py | 20 ++------------------ tools/sigma/eventdict.py | 16 ++++++++-------- 4 files changed, 14 insertions(+), 29 deletions(-) diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 276fed22..21e53587 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -5,7 +5,8 @@ backends: - carbonblack fieldmappings: - Image: process_name + Image: path SourceIp: ipaddr ImageLoaded: modload - CommandLine: cmdline \ No newline at end of file + CommandLine: cmdline + DestinationIp: ipaddr \ No newline at end of file diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index b7e5aec4..9a6d00fd 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -278,7 +278,7 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): def generateMapItemNode_CarbonBlack(self, node): fieldname, value = node - if(fieldname == "EventID" and event[value][0] not null): + if(fieldname == "EventID" and event[value] is not ''): fieldname = event[value][0] value = event[value][1] transformed_fieldname = self.fieldNameMapping(fieldname, value) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 93e812de..a263baa5 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -36,10 +36,10 @@ class SplunkBackend(SingleTextQueryBackend): subExpression = "%s" listExpression = "%s" listSeparator = " " - valueExpression = "\"%s\"" + valueExpression = "%s" nullExpression = "NOT %s=\"*\"" notNullExpression = "%s=\"*\"" - mapExpression = "%s=%s" + mapExpression = "%s:%s" mapListsSpecialHandling = True mapListValueExpression = "%s IN %s" @@ -72,22 +72,6 @@ class SplunkBackend(SingleTextQueryBackend): def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" columns = list() - try: - for field in sigmaparser.parsedyaml["fields"]: - mapped = sigmaparser.config.get_fieldmapping(field).resolve_fieldname(field, sigmaparser) - if type(mapped) == str: - columns.append(mapped) - elif type(mapped) == list: - columns.extend(mapped) - else: - raise TypeError("Field mapping must return string or list") - - fields = ",".join(str(x) for x in columns) - fields = " | table " + fields - - except KeyError: # no 'fields' attribute - mapped = None - pass for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) diff --git a/tools/sigma/eventdict.py b/tools/sigma/eventdict.py index 3162f0b6..13482648 100644 --- a/tools/sigma/eventdict.py +++ b/tools/sigma/eventdict.py @@ -1,16 +1,16 @@ event = { - 1: ('childproc_count',"[1-*]"), + 1: ('childproc_count','[1 to *]'), # 2: Change time, - 3: ('netconn_count',"[1-*]]"), + 3: ('netconn_count','[1 to *]'), # 4: sysmon state change # 5: Process termincated 6: ('modload',"*\System32\Drivers*]"), - 7: ('modload_count',"[1-*]]"), - 8: ('crossproc_type', 'remote_thread') + 7: ('modload_count','[1 to *]'), + 8: ('crossproc_type', 'remote_thread'), # 9: Raw Access Read - 10: ('crossproc_type', 'process_open') - 11: ('filemod_count','[1-*]') - 12: ('regmod_count','[1-*]') - 14: ('regmod_count','[1-*]') + 10: ('crossproc_type', 'process_open'), + 11: ('filemod_count','[1 to *]'), + 12: ('regmod_count','[1 to *]'), + 14: ('regmod_count','[1 to *]') # 15 File create stream hash } \ No newline at end of file From 150afd816d96f33ff3dd90e3dea2686889b0c990 Mon Sep 17 00:00:00 2001 From: gsanm Date: Tue, 22 Oct 2019 17:49:50 +0700 Subject: [PATCH 022/714] IP Clean --- .vscode/launch.json | 17 ++++++ rules/windows/sysmon/sysmon_cactustorch.yml | 1 + tools/config/carbonblack.yml | 4 +- tools/sigma/backends/base.py | 21 +------ tools/sigma/backends/carbonblack.py | 61 ++++++++++++++++++++- 5 files changed, 80 insertions(+), 24 deletions(-) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 00000000..76ebf882 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,17 @@ +{ + // Use IntelliSense to learn about possible attributes. + // Hover to view descriptions of existing attributes. + // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 + "version": "0.2.0", + "configurations": [ + { + "name": "Python: Current File", + "type": "python", + "request": "launch", + "program": "${file}", + "console": "integratedTerminal", + "args": ["-t", "carbonblack", "/home/gsanm/Downloads/demo/sigma/rules/windows/builtin/win_rdp_reverse_tunnel.yml", "-c", "carbonblack"] + // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] + } + ] +} diff --git a/rules/windows/sysmon/sysmon_cactustorch.yml b/rules/windows/sysmon/sysmon_cactustorch.yml index b972de84..824fdd81 100644 --- a/rules/windows/sysmon/sysmon_cactustorch.yml +++ b/rules/windows/sysmon/sysmon_cactustorch.yml @@ -12,6 +12,7 @@ detection: selection: EventID: 8 SourceImage: + - '*\SysWOW64\\*' - '*\System32\cscript.exe' - '*\System32\wscript.exe' - '*\System32\mshta.exe' diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 21e53587..3519eeed 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -3,10 +3,12 @@ order: 20 backends: - splunk - carbonblack + - sumologic fieldmappings: Image: path SourceIp: ipaddr ImageLoaded: modload CommandLine: cmdline - DestinationIp: ipaddr \ No newline at end of file + DestinationIp: ipaddr + DestinationAddress: ipaddr \ No newline at end of file diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 9a6d00fd..95fbab6d 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -147,10 +147,7 @@ class BaseBackend: elif type(node) == sigma.parser.condition.NodeSubexpression: return self.generateSubexpressionNode(node) elif type(node) == tuple: - if(self.identifier == 'carbonblack'): - return self.generateMapItemNode_CarbonBlack(node) - else: - return self.generateMapItemNode(node) + return self.generateMapItemNode(node) elif type(node) in (str, int): return self.generateValueNode(node) elif type(node) == list: @@ -276,22 +273,6 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - def generateMapItemNode_CarbonBlack(self, node): - fieldname, value = node - if(fieldname == "EventID" and event[value] is not ''): - fieldname = event[value][0] - value = event[value][1] - transformed_fieldname = self.fieldNameMapping(fieldname, value) - if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): - return self.mapExpression % (transformed_fieldname, self.generateNode(value)) - elif type(value) == list: - return self.generateMapItemListNode(transformed_fieldname, value) - elif isinstance(value, SigmaTypeModifier): - return self.generateMapItemTypedNode(transformed_fieldname, value) - elif value is None: - return self.nullExpression % (transformed_fieldname, ) - else: - raise TypeError("Backend does not support map values of type " + str(type(value))) def generateMapItemListNode(self, fieldname, value): return self.mapListValueExpression % (fieldname, self.generateNode(value)) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index a263baa5..40a8c81c 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -15,9 +15,13 @@ # along with this program. If not, see . import re +# from netaddr import * import sigma from .base import SingleTextQueryBackend from .mixins import MultiRuleOutputMixin +from sigma.parser.modifiers.base import SigmaTypeModifier + +from .. eventdict import event class SplunkBackend(SingleTextQueryBackend): """Converts Sigma rule into Splunk Search Processing Language (SPL).""" @@ -48,6 +52,27 @@ class SplunkBackend(SingleTextQueryBackend): raise TypeError("List values must be strings or numbers") return "(" + (" OR ".join(['%s=%s' % (key, self.generateValueNode(item)) for item in value])) + ")" + def generateMapItemNode(self, node): + fieldname, value = node + value = self.cleanValue(value) + if(fieldname == "EventID" and value in event): + fieldname = event[value][0] + value = event[value][1] + transformed_fieldname = self.fieldNameMapping(fieldname, value) + if(transformed_fieldname == "ipaddr"): + value = self.cleanIPRange(value) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(transformed_fieldname, value) + elif value is None: + return self.nullExpression % (transformed_fieldname, ) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + + def generateAggregation(self, agg): if agg == None: return "" @@ -68,7 +93,37 @@ class SplunkBackend(SingleTextQueryBackend): agg.aggfunc_notrans = 'dc' return " | eventstats %s(%s) as val by %s | search val %s %s" % (agg.aggfunc_notrans, agg.aggfield or "", agg.groupfield or "", agg.cond_op, agg.condition) - + def cleanValue(self, value): + new_value = value + if type(value) is str: + while re.search(r'\\[\/\\\"]',str(new_value)): + new_value = re.sub(r'\\\\', r'\\' , new_value) + new_value = re.sub(r'\\\/', r'\/' , new_value) + new_value = re.sub(r'\\\"', r'\"' , new_value) + new_value = re.sub(r"\\\'", r"\'" , new_value) + print (new_value) + if type(value) is list: + for vl in value: + vl = self.cleanValue(vl) + return new_value + + def cleanIPRange(self,value): + new_value = value + if type(value) is str and value.find('*') : + sub = value.count('.') + if(value[-2:] == '.*'): + value = value[:-2] + min_ip = value + '.0' * (4 - sub) + max_ip = value + '.255' * (4 - sub) + new_value = '['+ min_ip + ' TO ' + max_ip + ']' + # ip = IPNetwork(value + '/' + str(sub)) + # min_ip = str(ip[0]) + # max_ip = str(ip[-1]) + if type(value) is list: + for vl in value: + vl = self.cleanIPRange(vl) + return new_value + def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" columns = list() @@ -85,8 +140,8 @@ class SplunkBackend(SingleTextQueryBackend): result += query if after is not None: result += after - if mapped is not None: - result += fields + # if mapped is not None: + # result += fields return result From d759896e0750acf2a9e7db7736b82afd64cddd87 Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Wed, 23 Oct 2019 15:34:40 +0200 Subject: [PATCH 023/714] Make coverage binary overridable This makes it possible to pass a different coverage program to make test, e.g.: make test COVERAGE=python3-coverage --- Makefile | 137 ++++++++++++++++++++++---------------------- tests/test-merge.sh | 4 +- 2 files changed, 72 insertions(+), 69 deletions(-) diff --git a/Makefile b/Makefile index b22e5d28..49e4fc14 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,14 @@ .PHONY: test test-rules test-sigmac TMPOUT = $(shell tempfile||mktemp) COVSCOPE = tools/sigma/*.py,tools/sigma/backends/*.py,tools/sigmac,tools/merge_sigma +export COVERAGE = coverage test: clearcov test-rules test-sigmac test-merge build finish clearcov: rm -f .coverage finish: - coverage report --fail-under=90 + $(COVERAGE) report --fail-under=90 rm -f $(TMPOUT) test-rules: @@ -15,76 +16,76 @@ test-rules: tests/test_rules.py test-sigmac: - coverage run -a --include=$(COVSCOPE) tools/sigmac - coverage run -a --include=$(COVSCOPE) tools/sigmac -h - coverage run -a --include=$(COVSCOPE) tools/sigmac -l - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvd -t es-qs rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs --shoot-yourself-in-the-foot rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c winlogbeat tests/test-modifiers.yml > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -O rulecomment -rvdI -c tools/config/winlogbeat.yml -t es-qs rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/winlogbeat.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t graylog rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -O email,index,webhook -c tools/config/winlogbeat.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logpoint -c tools/config/logpoint-windows.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t wdatp rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala --backend-config tests/backend_config.yml rules/windows/process_creation/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-dsl -c tools/config/winlogbeat.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t powershell -c tools/config/powershell.yml -Ocsv rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight -c tools/config/arcsight.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qradar -c tools/config/qradar.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=xcritical,status=stable,logsource=windows' rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level=critical' rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level=xcritical' rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'foo=bar' rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t es-qs rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c sysmon -c logstash-windows -t es-qs rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c sysmon -c logstash-windows -t splunk rules/ > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -c tools/config/generic/sysmon.yml -t es-qs rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t es-qs rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t kibana rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -Ooutput=curl -t kibana rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t kibana rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -Ooutput=curl -t kibana rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t xpack-watcher rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t xpack-watcher rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/filebeat-defaultindex.yml -t xpack-watcher rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/splunk-windows.yml -t splunk rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/generic/sysmon.yml -c tools/config/splunk-windows.yml -t splunk rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t grep rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t fieldlist rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=plain -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -t kibana -c tests/config-multiple_mapping.yml -c tests/config-multiple_mapping-2.yml tests/mapping-conditional-multi.yml > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=json -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml -o $(TMPOUT) - < tests/collection_repeat.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=foobar -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/not_existing.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_yaml.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-no_identifiers.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-no_condition.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-invalid_identifier_reference.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-invalid_aggregation.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-wrong_identifier_definition.yml > /dev/null - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml rules/windows/builtin/win_susp_failed_logons_single_source.yml - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml -o /not_possible rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c not_existing rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tests/invalid_yaml.yml rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml - ! coverage run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tests/invalid_config.yml rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -h + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -l + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvd -t es-qs rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs --shoot-yourself-in-the-foot rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c winlogbeat tests/test-modifiers.yml > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -O rulecomment -rvdI -c tools/config/winlogbeat.yml -t es-qs rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/winlogbeat.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t graylog rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -O email,index,webhook -c tools/config/winlogbeat.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logpoint -c tools/config/logpoint-windows.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t wdatp rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala --backend-config tests/backend_config.yml rules/windows/process_creation/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-dsl -c tools/config/winlogbeat.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t powershell -c tools/config/powershell.yml -Ocsv rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight -c tools/config/arcsight.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qradar -c tools/config/qradar.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=xcritical,status=stable,logsource=windows' rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level=critical' rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level=xcritical' rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'foo=bar' rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t es-qs rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c sysmon -c logstash-windows -t es-qs rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c sysmon -c logstash-windows -t splunk rules/ > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -c tools/config/generic/sysmon.yml -t es-qs rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t es-qs rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t kibana rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -Ooutput=curl -t kibana rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t kibana rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -Ooutput=curl -t kibana rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-windows.yml -t xpack-watcher rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/logstash-linux.yml -t xpack-watcher rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/filebeat-defaultindex.yml -t xpack-watcher rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/splunk-windows.yml -t splunk rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -c tools/config/generic/sysmon.yml -c tools/config/splunk-windows.yml -t splunk rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t grep rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t fieldlist rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=plain -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t kibana -c tests/config-multiple_mapping.yml -c tests/config-multiple_mapping-2.yml tests/mapping-conditional-multi.yml > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=json -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml -o $(TMPOUT) - < tests/collection_repeat.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t xpack-watcher -c tools/config/winlogbeat.yml -O output=foobar -O es=es -O foobar rules/windows/builtin/win_susp_failed_logons_single_source.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/not_existing.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_yaml.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-no_identifiers.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-no_condition.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-invalid_identifier_reference.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-invalid_aggregation.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml tests/invalid_sigma-wrong_identifier_definition.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml rules/windows/builtin/win_susp_failed_logons_single_source.yml + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tools/config/winlogbeat.yml -o /not_possible rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c not_existing rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tests/invalid_yaml.yml rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -t es-qs -c tests/invalid_config.yml rules/windows/sysmon/sysmon_mimikatz_detection_lsass.yml test-merge: tests/test-merge.sh - ! coverage run -a --include=$(COVSCOPE) tools/merge_sigma tests/not_existing.yml > /dev/null + ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/merge_sigma tests/not_existing.yml > /dev/null test-backend-es-qs: tests/test-backend-es-qs.py diff --git a/tests/test-merge.sh b/tests/test-merge.sh index 2fa51896..0e5075eb 100755 --- a/tests/test-merge.sh +++ b/tests/test-merge.sh @@ -1,9 +1,11 @@ #!/bin/bash +COVERAGE=${COVERAGE:-coverage} + for f in $(find rules/ -type f -name '*.yml') do echo -n . - if ! coverage run -a --include=tools/* tools/merge_sigma $f > /dev/null + if ! $COVERAGE run -a --include=tools/* tools/merge_sigma $f > /dev/null then exit 1 fi From fdbdca003b9db506e20d926c26bf07f68a55639c Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Thu, 24 Oct 2019 11:57:37 +1100 Subject: [PATCH 024/714] Create win_powershell_web_request.yml Broader rule for detecting web requests via various methods using Windows PowerShell, slightly crosses over the below rules but caters for different methods: https://github.com/Neo23x0/sigma/blob/99b15edf8add183543ca5738ec93f87416c34bd9/rules/windows/process_creation/win_powershell_download.yml https://github.com/Neo23x0/sigma/blob/0fa914139ca85966b49f0a8eda40a3f26608e86b/rules/windows/powershell/powershell_suspicious_download.yml --- .../powershell/win_powershell_web_request.yml | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 rules/windows/powershell/win_powershell_web_request.yml diff --git a/rules/windows/powershell/win_powershell_web_request.yml b/rules/windows/powershell/win_powershell_web_request.yml new file mode 100644 index 00000000..949fde62 --- /dev/null +++ b/rules/windows/powershell/win_powershell_web_request.yml @@ -0,0 +1,42 @@ +title: Windows PowerShell Web Request +status: experimental +description: Detects the use of various web request methods (including aliases) via Windows PowerShell +references: + - https://4sysops.com/archives/use-powershell-to-download-a-file-with-http-https-and-ftp/ + - https://blog.jourdant.me/post/3-ways-to-download-files-with-powershell +author: James Pemberton / @4A616D6573 +date: 2019/10/24 +tags: + - attack.execution + - attack.t1059 + - attack.t1086 +logsource: + category: powershell/sysmon + product: windows + definition: 'Recommended: Turn on PowerShell Script Block Logging = Enabled - see https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-6#enabling-script-block-logging' +detection: + eventcode: + EventCode: + - '1' + - '4688' + - '4104' + powershell: + ScriptBlockText: + - '*Invoke-WebRequest*' + - '*iwr *' + - '*wget *' + - '*curl *' + - '*Net.WebClient*' + - '*Start-BitsTransfer*' + cmdsysmon: + CommandLine: + - '*Invoke-WebRequest*' + - '*iwr *' + - '*wget *' + - '*curl *' + - '*Net.WebClient*' + - '*Start-BitsTransfer*' + condition: eventcode and (powershell or cmdsysmon) +falsepositives: + - Use of Get-Command and Get-Help modules to reference Invoke-WebRequest and Start-BitsTransfer. +level: medium From 0e4cd397efe2561e537fb2434532a3a4e4101f54 Mon Sep 17 00:00:00 2001 From: hieuttmmo <46371125+hieuttmmo@users.noreply.github.com> Date: Fri, 25 Oct 2019 00:14:21 +0700 Subject: [PATCH 025/714] Create new rules for T1502 --- .../powershell_susp_profile_create.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/powershell/powershell_susp_profile_create.yml diff --git a/rules/windows/powershell/powershell_susp_profile_create.yml b/rules/windows/powershell/powershell_susp_profile_create.yml new file mode 100644 index 00000000..0bf95f4f --- /dev/null +++ b/rules/windows/powershell/powershell_susp_profile_create.yml @@ -0,0 +1,24 @@ +title: Powershell profile modify +status: experimental +description: 'Detects a change in profile.ps1 of Powershell profile' +references: + - 'https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/' +tags: + - attack.persistence + - attack.privellege_escalation + - attack.t1502 +author: HieuTT35 +date: 2019/10/24 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 11 + TargetFilename|re: + - '.*\\My Documents\\PowerShell\\(Microsoft\.)?.*(Profile|profile)\.ps1' + - 'C\:\\Windows\\System32\\WindowsPowerShell\\v1\.0\\(Microsoft\.)?.*(Profile|profile)\.ps1' + condition: selection +falsepositives: + - unknown +level: high From 73b10807d81b14401e6cc3a77b185d796b2c28fa Mon Sep 17 00:00:00 2001 From: hieuttmmo <46371125+hieuttmmo@users.noreply.github.com> Date: Fri, 25 Oct 2019 00:14:39 +0700 Subject: [PATCH 026/714] Rename powershell_susp_profile_create.yml to powershell_suspicious_profile_create.yml --- ...rofile_create.yml => powershell_suspicious_profile_create.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/windows/powershell/{powershell_susp_profile_create.yml => powershell_suspicious_profile_create.yml} (100%) diff --git a/rules/windows/powershell/powershell_susp_profile_create.yml b/rules/windows/powershell/powershell_suspicious_profile_create.yml similarity index 100% rename from rules/windows/powershell/powershell_susp_profile_create.yml rename to rules/windows/powershell/powershell_suspicious_profile_create.yml From edb698c7f739cd71882c09c1e75e1e7e2d405da9 Mon Sep 17 00:00:00 2001 From: hieuttmmo <46371125+hieuttmmo@users.noreply.github.com> Date: Fri, 25 Oct 2019 00:28:11 +0700 Subject: [PATCH 027/714] Update powershell_suspicious_profile_create.yml --- .../windows/powershell/powershell_suspicious_profile_create.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/rules/windows/powershell/powershell_suspicious_profile_create.yml b/rules/windows/powershell/powershell_suspicious_profile_create.yml index 0bf95f4f..2ea39108 100644 --- a/rules/windows/powershell/powershell_suspicious_profile_create.yml +++ b/rules/windows/powershell/powershell_suspicious_profile_create.yml @@ -5,8 +5,6 @@ references: - 'https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/' tags: - attack.persistence - - attack.privellege_escalation - - attack.t1502 author: HieuTT35 date: 2019/10/24 logsource: From e86ab608f246ce5bf964ffd6f8fd11882eecc61f Mon Sep 17 00:00:00 2001 From: hieuttmmo <46371125+hieuttmmo@users.noreply.github.com> Date: Fri, 25 Oct 2019 10:53:21 +0700 Subject: [PATCH 028/714] Update powershell_suspicious_profile_create.yml --- .../powershell_suspicious_profile_create.yml | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/rules/windows/powershell/powershell_suspicious_profile_create.yml b/rules/windows/powershell/powershell_suspicious_profile_create.yml index 2ea39108..7b112b02 100644 --- a/rules/windows/powershell/powershell_suspicious_profile_create.yml +++ b/rules/windows/powershell/powershell_suspicious_profile_create.yml @@ -1,22 +1,24 @@ -title: Powershell profile modify +title: 'Powershell profile modify' status: experimental description: 'Detects a change in profile.ps1 of Powershell profile' references: - 'https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/' -tags: - - attack.persistence author: HieuTT35 date: 2019/10/24 logsource: product: windows service: sysmon detection: - selection: - EventID: 11 - TargetFilename|re: - - '.*\\My Documents\\PowerShell\\(Microsoft\.)?.*(Profile|profile)\.ps1' - - 'C\:\\Windows\\System32\\WindowsPowerShell\\v1\.0\\(Microsoft\.)?.*(Profile|profile)\.ps1' - condition: selection + event: + EventID: 11 + target1: + TargetFilename|re: '.*\\My Documents\\PowerShell\\(Microsoft\.)?.*(Profile|profile)\.ps1' + target2: + TargetFilename|re: 'C\:\\Windows\\System32\\WindowsPowerShell\\v1\.0\\(Microsoft\.)?.*(Profile|profile)\.ps1' + condition: event and (target1 or target2) falsepositives: - - unknown + - 'System administrator create Powershell profile manually' level: high +tags: + - attack.persistence + - attack.privilege_escalation From 0c07c5ea1665142478a36d1a58e30d7386dc3b79 Mon Sep 17 00:00:00 2001 From: hieuttmmo <46371125+hieuttmmo@users.noreply.github.com> Date: Fri, 25 Oct 2019 11:00:05 +0700 Subject: [PATCH 029/714] convention --- .../powershell/powershell_suspicious_profile_create.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/powershell/powershell_suspicious_profile_create.yml b/rules/windows/powershell/powershell_suspicious_profile_create.yml index 7b112b02..5266c23e 100644 --- a/rules/windows/powershell/powershell_suspicious_profile_create.yml +++ b/rules/windows/powershell/powershell_suspicious_profile_create.yml @@ -1,8 +1,8 @@ -title: 'Powershell profile modify' +title: Powershell profile modify status: experimental -description: 'Detects a change in profile.ps1 of Powershell profile' +description: Detects a change in profile.ps1 of Powershell profile references: - - 'https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/' + - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ author: HieuTT35 date: 2019/10/24 logsource: @@ -17,7 +17,7 @@ detection: TargetFilename|re: 'C\:\\Windows\\System32\\WindowsPowerShell\\v1\.0\\(Microsoft\.)?.*(Profile|profile)\.ps1' condition: event and (target1 or target2) falsepositives: - - 'System administrator create Powershell profile manually' + - System administrator create Powershell profile manually level: high tags: - attack.persistence From d174e172b0ed163ee897f6f9eb40bf4be9a0e2ef Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Thu, 31 Oct 2019 21:44:47 +1100 Subject: [PATCH 030/714] Create win_susp_local_anon_logon_created.yml --- .../win_susp_local_anon_logon_created.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rules/windows/builtin/win_susp_local_anon_logon_created.yml diff --git a/rules/windows/builtin/win_susp_local_anon_logon_created.yml b/rules/windows/builtin/win_susp_local_anon_logon_created.yml new file mode 100644 index 00000000..d05c5fdd --- /dev/null +++ b/rules/windows/builtin/win_susp_local_anon_logon_created.yml @@ -0,0 +1,23 @@ +title: Suspicious Windows ANONYMOUS LOGON Local Account Created +status: experimental +description: Detects the creation of suspicious accounts simliar to ANONYMOUS LOGON, such as using additional spaces. Created as an covering detection for exclusion of Logon Type 3 from ANONYMOUS LOGON accounts. +references: + - https://twitter.com/SBousseaden/status/1189469425482829824 +author: James Pemberton / @4A616D6573 +date: 2019/10/31 +tags: + - attack.persistence + - attack.t1136 +logsource: + product: windows + service: security +detection: + selection: + EventID: + - '4720' + user: + - '*ANONYMOUS*LOGON*' + condition: selection +falsepositives: + - Unknown +level: high From c8e5fc4e6d70d41a9ae6917f3a4f30b3829db2ab Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Thu, 31 Oct 2019 21:49:57 +1100 Subject: [PATCH 031/714] Revert "Create win_susp_local_anon_logon_created.yml" This reverts commit d174e172b0ed163ee897f6f9eb40bf4be9a0e2ef. --- .../win_susp_local_anon_logon_created.yml | 23 ------------------- 1 file changed, 23 deletions(-) delete mode 100644 rules/windows/builtin/win_susp_local_anon_logon_created.yml diff --git a/rules/windows/builtin/win_susp_local_anon_logon_created.yml b/rules/windows/builtin/win_susp_local_anon_logon_created.yml deleted file mode 100644 index d05c5fdd..00000000 --- a/rules/windows/builtin/win_susp_local_anon_logon_created.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: Suspicious Windows ANONYMOUS LOGON Local Account Created -status: experimental -description: Detects the creation of suspicious accounts simliar to ANONYMOUS LOGON, such as using additional spaces. Created as an covering detection for exclusion of Logon Type 3 from ANONYMOUS LOGON accounts. -references: - - https://twitter.com/SBousseaden/status/1189469425482829824 -author: James Pemberton / @4A616D6573 -date: 2019/10/31 -tags: - - attack.persistence - - attack.t1136 -logsource: - product: windows - service: security -detection: - selection: - EventID: - - '4720' - user: - - '*ANONYMOUS*LOGON*' - condition: selection -falsepositives: - - Unknown -level: high From d08ff35222c191598e784dc656b2b91ef979bd92 Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 28 Nov 2019 11:45:49 +0700 Subject: [PATCH 032/714] postAPI --- .vscode/launch.json | 4 ++-- tools/sigma/backends/carbonblack.py | 33 +++++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 76ebf882..8740ef8a 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -8,9 +8,9 @@ "name": "Python: Current File", "type": "python", "request": "launch", - "program": "${file}", + "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/home/gsanm/Downloads/demo/sigma/rules/windows/builtin/win_rdp_reverse_tunnel.yml", "-c", "carbonblack"] + "args": ["-t", "carbonblack", "/home/lep/Desktop/xxx.yaml", "-c", "carbonblack"] // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] } ] diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 40a8c81c..47c1abff 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -20,9 +20,21 @@ import sigma from .base import SingleTextQueryBackend from .mixins import MultiRuleOutputMixin from sigma.parser.modifiers.base import SigmaTypeModifier +import requests +import argparse from .. eventdict import event - +# parser = argparse.ArgumentParser() +# parser.add_argument("--eshost", help="Elasticsearch host", type=str, required=True) +# parser.add_argument("--esport", help="Elasticsearch port", type=str, required=True) +# parser.add_argument("--ruledir", help="sigma rule directory path to convert", type=str, required=True) +# parser.add_argument("--index", help="Elasticsearch index name egs: \"winlogbeat-*\"", type=str, required=True) +# parser.add_argument("--email", help="email address to send mail alert", type=str, required=True) +# parser.add_argument("--outdir", help="output directory to create elastalert rules", type=str, required=True) +# parser.add_argument("--sigmac", help="Sigmac location", default="../tools/sigmac", type=str) +# parser.add_argument("--realerttime", help="Realert time (optional value, default 5 minutes)", type=str, default=5) +# parser.add_argument("--debug", help="Show debug output", type=bool, default=False) +# args = parser.parse_args() class SplunkBackend(SingleTextQueryBackend): """Converts Sigma rule into Splunk Search Processing Language (SPL).""" identifier = "carbonblack" @@ -101,7 +113,6 @@ class SplunkBackend(SingleTextQueryBackend): new_value = re.sub(r'\\\/', r'\/' , new_value) new_value = re.sub(r'\\\"', r'\"' , new_value) new_value = re.sub(r"\\\'", r"\'" , new_value) - print (new_value) if type(value) is list: for vl in value: vl = self.cleanValue(vl) @@ -124,10 +135,24 @@ class SplunkBackend(SingleTextQueryBackend): vl = self.cleanIPRange(vl) return new_value + def postAPI(self,result,title,desc): + url = '/api/v1/watchlist' + body = { + "name":title, + "search_query":"q="+sult, + "description":desc, + "index_type":"events" + } + + x = requests.post(url, data = body) + + print(x.text) + def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" columns = list() - + title = sigmaparser.parsedyaml["title"] + desc = sigmaparser.parsedyaml["description"] for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) before = self.generateBefore(parsed) @@ -142,6 +167,6 @@ class SplunkBackend(SingleTextQueryBackend): result += after # if mapped is not None: # result += fields - + postAPI(result,title,desc) return result From 37257170dd78d48a7f219cf6a2c7c20dc3e67468 Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 28 Nov 2019 16:01:24 +0700 Subject: [PATCH 033/714] postAPI --- tools/sigma/backends/carbonblack.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 47c1abff..c5aaac72 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -22,8 +22,15 @@ from .mixins import MultiRuleOutputMixin from sigma.parser.modifiers.base import SigmaTypeModifier import requests import argparse - +import urllib3 +import json from .. eventdict import event +urllib3.disable_warnings() +import os, ssl +if (not os.environ.get('PYTHONHTTPSVERIFY', '') and + getattr(ssl, '_create_unverified_context', None)): + ssl._create_default_https_context = ssl._create_unverified_context +ssl._create_default_https_context = ssl._create_unverified_context # parser = argparse.ArgumentParser() # parser.add_argument("--eshost", help="Elasticsearch host", type=str, required=True) # parser.add_argument("--esport", help="Elasticsearch port", type=str, required=True) @@ -136,15 +143,17 @@ class SplunkBackend(SingleTextQueryBackend): return new_value def postAPI(self,result,title,desc): - url = '/api/v1/watchlist' + url = 'https://10.14.132.6/api/v1/watchlist' body = { "name":title, - "search_query":"q="+sult, + "search_query":"q="+result, "description":desc, "index_type":"events" } - - x = requests.post(url, data = body) + header = { + "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" + } + x = requests.post(url, data =json.dumps(body), headers = header, verify=False) print(x.text) @@ -167,6 +176,5 @@ class SplunkBackend(SingleTextQueryBackend): result += after # if mapped is not None: # result += fields - postAPI(result,title,desc) - return result - + self.postAPI(result,title,desc) + return result \ No newline at end of file From 2da7f36e4858e9c973bb3e16ffaed5f21140da12 Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:31:04 -0500 Subject: [PATCH 034/714] Update README.md --- README.md | 328 ++---------------------------------------------------- 1 file changed, 10 insertions(+), 318 deletions(-) diff --git a/README.md b/README.md index 9aea85cf..d456155f 100644 --- a/README.md +++ b/README.md @@ -1,318 +1,10 @@ -[![Build Status](https://travis-ci.org/Neo23x0/sigma.svg?branch=master)](https://travis-ci.org/Neo23x0/sigma) - -![sigma_logo](./images/Sigma_0.3.png) - -# Sigma - -Generic Signature Format for SIEM Systems - -# What is Sigma - -Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. - -Sigma is for log files what [Snort](https://www.snort.org/) is for network traffic and [YARA](https://github.com/VirusTotal/yara) is for files. - -This repository contains: - -* Sigma rule specification in the [Wiki](https://github.com/Neo23x0/sigma/wiki/Specification) -* Open repository for sigma signatures in the `./rules`subfolder -* A converter that generate searches/queries for different SIEM systems [work in progress] - -![sigma_description](./images/Sigma-description.png) - -## Hack.lu 2017 Talk - -[![Sigma - Generic Signatures for Log Events](https://preview.ibb.co/cMCigR/Screen_Shot_2017_10_18_at_15_47_15.png)](https://www.youtube.com/watch?v=OheVuE9Ifhs "Sigma - Generic Signatures for Log Events") - -## SANS Webcast on MITRE ATT&CK and Sigma - -The SANS webcast on Sigma contains a very good 20 min introduction to the project by John Hubbart from minute 39 onward. (SANS account required; registration is free) - -[MITRE ATT&CK and Sigma Alerting Webcast Recording](https://www.sans.org/webcasts/mitre-att-ck-sigma-alerting-110010 "MITRE ATT&CK and Sigma Alerting") - -# Use Cases - -* Describe your detection method in Sigma to make it sharable -* Write and your SIEM searches in Sigma to avoid a vendor lock-in -* Share the signature in the appendix of your analysis along with IOCs and YARA rules -* Share the signature in threat intel communities - e.g. via MISP -* Provide Sigma signatures for malicious behaviour in your own application - -# Why Sigma - -Today, everyone collects log data for analysis. People start working on their own, processing numerous white papers, blog posts and log analysis guidelines, extracting the necessary information and build their own searches and dashboard. Some of their searches and correlations are great and very useful but they lack a standardized format in which they can share their work with others. - -Others provide excellent analyses, include IOCs and YARA rules to detect the malicious files and network connections, but have no way to describe a specific or generic detection method in log events. Sigma is meant to be an open standard in which such detection mechanisms can be defined, shared and collected in order to improve the detection capabilities for everyone. - -## Slides - -See the first slide deck that I prepared for a private conference in mid January 2017. - -[Sigma - Make Security Monitoring Great Again](https://www.slideshare.net/secret/gvgxeXoKblXRcA) - -# Specification - -The specifications can be found in the [Wiki](https://github.com/Neo23x0/sigma/wiki/Specification). - -The current specification is a proposal. Feedback is requested. - -# Getting Started - -## Rule Creation - -Florian wrote a short [rule creation tutorial](https://www.nextron-systems.com/2018/02/10/write-sigma-rules/) that can help you getting started. - -## Rule Usage - -1. Download or clone the respository -2. Check the `./rules` sub directory for an overview on the rule base -3. Run `python sigmac --help` in folder `./tools` to get a help on the rule converter -4. Convert a rule of your choice with `sigmac` like `./sigmac -t splunk -c tools/config/generic/sysmon.yml ./rules/windows/process_creation/win_susp_whoami.yml` -5. Convert a whole rule directory with `python sigmac -t splunk -r ../rules/proxy/` -6. Check the `./tools/config` folder and the [wiki](https://github.com/Neo23x0/sigma/wiki/Converter-Tool-Sigmac) if you need custom field or log source mappings in your environment - -# Examples - -Windows 'Security' Eventlog: Access to LSASS Process with Certain Access Mask / Object Type (experimental) -![sigma_rule example2](./images/Sigma_rule_example2.png) - -Sysmon: Remote Thread Creation in LSASS Process -![sigma_rule example1](./images/Sigma_rule_example1.png) - -Web Server Access Logs: Web Shell Detection -![sigma_rule example3](./images/Sigma_rule_example3.png) - -Sysmon: Web Shell Detection -![sigma_rule example4](./images/Sigma_rule_example4.png) - -Windows 'Security' Eventlog: Suspicious Number of Failed Logons from a Single Source Workstation -![sigma_rule example5](./images/Sigma_rule_example5.png) - -# Sigma Tools - -## Sigmac - -Sigmac converts sigma rules into queries or inputs of the supported targets listed below. It acts as a frontend to the -Sigma library that may be used to integrate Sigma support in other projects. Further, there's `merge_sigma.py` which -merges multiple YAML documents of a Sigma rule collection into simple Sigma rules. - -### Usage - -``` -usage: sigmac [-h] [--recurse] [--filter FILTER] - [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}] - [--target-list] [--config CONFIG] [--output OUTPUT] - [--backend-option BACKEND_OPTION] [--defer-abort] - [--ignore-backend-errors] [--verbose] [--debug] - [inputs [inputs ...]] - -Convert Sigma rules into SIEM signatures. - -positional arguments: - inputs Sigma input files ('-' for stdin) - -optional arguments: - -h, --help show this help message and exit - --recurse, -r Use directory as input (recurse into subdirectories is - not implemented yet) - --filter FILTER, -f FILTER - Define comma-separated filters that must match (AND- - linked) to rule to be processed. Valid filters: - level<=x, level>=x, level=x, status=y, logsource=z, - tag=t. x is one of: low, medium, high, critical. y is - one of: experimental, testing, stable. z is a word - appearing in an arbitrary log source attribute. t is a - tag that must appear in the rules tag list, case- - insensitive matching. Multiple log source - specifications are AND linked. - --target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}, -t {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp} - Output target format - --target-list, -l List available output target formats - --config CONFIG, -c CONFIG - Configurations with field name and index mapping for - target environment. Multiple configurations are merged - into one. Last config is authorative in case of - conflicts. - --output OUTPUT, -o OUTPUT - Output file or filename prefix if multiple files are - generated - --backend-option BACKEND_OPTION, -O BACKEND_OPTION - Options and switches that are passed to the backend - --defer-abort, -d Don't abort on parse or conversion errors, proceed - with next rule. The exit code from the last error is - returned - --ignore-backend-errors, -I - Only return error codes for parse errors and ignore - errors for rules that cause backend errors. Useful, - when you want to get as much queries as possible. - --verbose, -v Be verbose - --debug, -D Debugging output -``` - -### Examples - -#### Single Rule Translation -Translate a single rule -``` -tools/sigmac -t splunk rules/windows/sysmon/sysmon_susp_image_load.yml -``` -#### Rule Set Translation -Translate a whole rule directory and ignore backend errors (`-I`) in rule conversion for the selected backend (`-t splunk`) -``` -tools/sigmac -I -t splunk -r rules/windows/sysmon/ -``` -#### Rule Set Translation with Custom Config -Apply your own config file (`-c ~/my-elk-winlogbeat.yml`) during conversion, which can contain you custom field and source mappings -``` -tools/sigmac -t es-qs -c ~/my-elk-winlogbeat.yml -r rules/windows/sysmon -``` -#### Generic Rule Set Translation -Use a config file for `process_creation` rules (`-r rules/windows/process_creation`) that instructs sigmac to create queries for a Sysmon log source (`-c tools/config/generic/sysmon.yml`) and the ElasticSearch target backend (`-t es-qs`) -``` -tools/sigmac -t es-qs -c tools/config/generic/sysmon.yml -r rules/windows/process_creation -``` -#### Generic Rule Set Translation with Custom Config -Use a config file for a single `process_creation` rule (`./rules/windows/process_creation/win_susp_outlook.yml`) that instructs sigmac to create queries for process creation events generated in the Windows Security Eventlog (`-c tools/config/generic/windows-audit.yml`) and a Splunk target backend (`-t splunk`) -``` -tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/windows-audit.yml ./rules/windows/process_creation/win_susp_outlook.yml -``` -(See @blubbfiction's [blog post](https://patzke.org/a-guide-to-generic-log-sources-in-sigma.html) for more information) - -### Supported Targets - -* [Splunk](https://www.splunk.com/) (plainqueries and dashboards) -* [ElasticSearch Query Strings](https://www.elastic.co/) -* [ElasticSearch Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html) -* [Kibana](https://www.elastic.co/de/products/kibana) -* [Elastic X-Pack Watcher](https://www.elastic.co/guide/en/x-pack/current/xpack-alerting.html) -* [Logpoint](https://www.logpoint.com) -* [Windows Defender Advanced Threat Protection (WDATP)](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp) -* [Azure Sentinel / Azure Log Analytics](https://azure.microsoft.com/en-us/services/azure-sentinel/) -* [ArcSight](https://software.microfocus.com/en-us/products/siem-security-information-event-management/overview) -* [QRadar](https://www.ibm.com/de-de/marketplace/ibm-qradar-siem) -* [Qualys](https://www.qualys.com/apps/threat-protection/) -* [RSA NetWitness](https://www.rsa.com/en-us/products/threat-detection-response) -* [PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/getting-started/getting-started-with-windows-powershell?view=powershell-6) -* [Grep](https://www.gnu.org/software/grep/manual/grep.html) with Perl-compatible regular expression support - -Current work-in-progress -* [Splunk Data Models](https://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Aboutdatamodels) - -New targets are continuously developed. You can get a list of supported targets with `sigmac --target-list` or `sigmac -l`. - -### Requirements - -The usage of Sigmac (the Sigma Rule Converter) or the underlying library requires Python >= 3.5 and PyYAML. - -### Installation - -It's available on PyPI. Install with: - -```bash -pip3 install sigmatools -``` - -Alternatively, if used from the Sigma Github repository, the Python dependencies can be installed with: - -```bash -pip3 install -r tools/requirements.txt -``` - -For development (e.g. execution of integration tests with `make` and packaging), further dependencies are required and can be installed with: - -```bash -pip3 install -r tools/requirements-devel.txt -``` - -## Sigma2MISP - -Import Sigma rules to MISP events. Depends on PyMISP. - -Parameters that aren't changed frequently (`--url`, `--key`) can be put without the prefixing dashes `--` into a file -and included with `@filename` as parameter on the command line. - -Example: -*misp.conf*: -``` -url https://host -key foobarfoobarfoobarfoobarfoobarfoobarfoo -``` - -Load Sigma rule into MISP event 1234: -``` -sigma2misp @misp.conf --event 1234 sigma_rule.py -``` - -Load Sigma rules in directory sigma_rules/ into one newly created MISP event with info set to *Test Event*: -``` -sigma2misp @misp.conf --same-event --info "Test Event" -r sigma_rules/ -``` - -## Evt2Sigma - -[Evt2Sigma](https://github.com/Neo23x0/evt2sigma) helps you with the rule creation. It generates a Sigma rule from a log entry. - -## Contributed Scripts - -The directory `contrib` contains scripts that were contributed by the community: - -* `sigma2elastalert.py`i by David Routin: A script that converts Sigma rules to Elastalert configurations. This tool - uses *sigmac* and expects it in its path. - -These tools are not part of the main toolchain and maintained separately by their authors. - -# Next Steps - -* Integration of MITRE ATT&CK framework identifier to the rule set -* Integration into Threat Intel Exchanges -* Attempts to convince others to use the rule format in their reports, threat feeds, blog posts, threat sharing platforms - -# Projects or Products that use Sigma - -* [MISP](http://www.misp-project.org/2017/03/26/MISP.2.4.70.released.html) (since version 2.4.70, March 2017) -* [TA-Sigma-Searches](https://github.com/dstaulcu/TA-Sigma-Searches) (Splunk App) -* [SOC Prime - Sigma Rule Editor](https://tdm.socprime.com/sigma/) -* [ypsilon](https://github.com/P4T12ICK/ypsilon) - Automated Use Case Testing -* [uncoder.io](https://uncoder.io/) - Online Translator for SIEM Searches -* [SPARK](https://www.nextron-systems.com/2018/06/28/spark-applies-sigma-rules-in-eventlog-scan/) - Scan with Sigma rules on endpoints -* [RANK VASA](https://globenewswire.com/news-release/2019/03/04/1745907/0/en/RANK-Software-to-Help-MSSPs-Scale-Cybersecurity-Offerings.html) - -# Contribution - -If you want to contribute, you are more then welcome. There are numerous ways to help this project. - -## Use it and provide feedback - -If you use it, let us know what works and what does not work. - -E.g. -- Tell us about false positives (issues section) -- Try to provide an improved rule (new filter) via [pull request](https://help.github.com/en/articles/editing-files-in-another-users-repository) on that rule - -## Work on open issues - -The github issue tracker is a good place to start tackling some issues others raised to the project. It could be as easy as a review of the documentation. - -## Provide Backends / Backend Features / Bugfixes - -Various requests for sigmac (sigma converter) backends exist. Some backends are very limited and need features. We are working on a documentation on how to write new backends but our time for this project is currently mostly spent for issue resolutions. - -## Spread the word - -Last but not least, the more people use Sigma, the better, so help promote it by sharing it via social media. If you are using it, consider giving a talk about your journey and tell us about it. - -# Licenses - -The content of this repository is released under the following licenses: - -* The toolchain (everything under `tools/`) is licensed under the [GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl-3.0.en.html). -* The [Sigma specification](https://github.com/Neo23x0/sigma/wiki) is public domain. -* Everything else, especially the rules contained in the `rules/` directory is released under the [GNU General Public License](https://www.gnu.org/licenses/gpl-3.0.en.html). - -# Credits - -This is a private project mainly developed by Florian Roth and Thomas Patzke with feedback from many fellow analysts and friends. Rules are our own or have been drived from blog posts, tweets or other public sources that are referenced in the rules. - -# Info Graphic - -![sigmac_info_graphic](./images/sigma_infographic_lq.png) +1. Sửa host và API Token trong code: + Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. + Sửa url = host CarbonBlack + X-Auth-Token = API Token từ profile admin + +2. Chạy lệnh gọi chuyển rules lên watchlist qua API: + cd /sigma/tools: + `python3 sigmac -t carbonblack -c carbonblack -r ` + Example + `python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation` \ No newline at end of file From 31cf40e0e876c5e3a0e09342230eca3a533bc228 Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:31:52 -0500 Subject: [PATCH 035/714] Update README.md --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index d456155f..f60cac35 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ -1. Sửa host và API Token trong code: - Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. - Sửa url = host CarbonBlack - X-Auth-Token = API Token từ profile admin +1. Sửa host và API Token trong code: +2. Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. +3. Sửa url = host CarbonBlack +4. X-Auth-Token = API Token từ profile admin 2. Chạy lệnh gọi chuyển rules lên watchlist qua API: cd /sigma/tools: From 6fa6cba16d6cc17051c32c03ffcf10e27176e208 Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:32:34 -0500 Subject: [PATCH 036/714] Update README.md --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f60cac35..b363778f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ 1. Sửa host và API Token trong code: -2. Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. -3. Sửa url = host CarbonBlack -4. X-Auth-Token = API Token từ profile admin + +* Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. +url = host CarbonBlack +X-Auth-Token = API Token từ profile admin 2. Chạy lệnh gọi chuyển rules lên watchlist qua API: cd /sigma/tools: From cd1866b30fbb9b84bd483b1bf42e62691487eb1c Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:38:03 -0500 Subject: [PATCH 037/714] Update README.md --- README.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index b363778f..63d951bf 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,15 @@ 1. Sửa host và API Token trong code: -* Đường dẫn "sigma/tools/sigma/backends/carbonblack.py" line 145. -url = host CarbonBlack -X-Auth-Token = API Token từ profile admin +* Đường dẫn: *sigma/tools/sigma/backends/carbonblack.py* - line 145. + +> url = host CarbonBlack + + +> X-Auth-Token = API Token từ profile admin + 2. Chạy lệnh gọi chuyển rules lên watchlist qua API: - cd /sigma/tools: - `python3 sigmac -t carbonblack -c carbonblack -r ` - Example - `python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation` \ No newline at end of file +> cd /sigma/tools: +> **python3 sigmac -t carbonblack -c carbonblack -r ** +> Example: +> **python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation** From 1fcdf6e5d046b0e4746b3ced6b4d409f2f4575a2 Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:40:52 -0500 Subject: [PATCH 038/714] Update README.md --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 63d951bf..0fb12315 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,9 @@ 2. Chạy lệnh gọi chuyển rules lên watchlist qua API: -> cd /sigma/tools: -> **python3 sigmac -t carbonblack -c carbonblack -r ** -> Example: -> **python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation** + cd /sigma/tools: + **python3 sigmac -t carbonblack -c carbonblack -r ** + + Example: + + **python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation** From 6ce5a2554f25e0f3fbf1c5548fb68c7380fb2a49 Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:41:58 -0500 Subject: [PATCH 039/714] Update README.md --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0fb12315..3ed482a3 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,13 @@ 2. Chạy lệnh gọi chuyển rules lên watchlist qua API: - cd /sigma/tools: - **python3 sigmac -t carbonblack -c carbonblack -r ** + - Example: + **cd /sigma/tools** + + + **python3 sigmac -t carbonblack -c carbonblack -r ** + +Example: **python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation** From f1ae6fa1ed08eb3ac4adf6729189a7687afd360a Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 04:56:05 -0500 Subject: [PATCH 040/714] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3ed482a3..3095f15e 100644 --- a/README.md +++ b/README.md @@ -18,4 +18,4 @@ Example: - **python3 sigmac -t carbonblack -c carbonblack -r ../rules/windows/process_creation** + python3 sigmac -t carbonblack -c carbonblack -r /sigmaRules_tuned From 158ffd2f0cd080bef4e37808aa23f249b769e910 Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 28 Nov 2019 17:23:05 +0700 Subject: [PATCH 041/714] requiment --- tools/sigma/backends/carbonblack.py | 5 +++-- tools/sigmac | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index c5aaac72..f423744c 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -153,9 +153,10 @@ class SplunkBackend(SingleTextQueryBackend): header = { "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" } - x = requests.post(url, data =json.dumps(body), headers = header, verify=False) + print(title) + # x = requests.post(url, data =json.dumps(body), headers = header, verify=False) - print(x.text) + # print(x.text) def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" diff --git a/tools/sigmac b/tools/sigmac index 9bf90aed..3bec0416 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -224,7 +224,11 @@ for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): else: f = sigmafile.open(encoding='utf-8') parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) - results = parser.generate(backend) + try: + results = parser.generate(backend) + except: + print("An exception occurred") + for result in results: print(result, file=out) except OSError as e: From 042d078ee1b7672975e2fc0131c7b237409d33fc Mon Sep 17 00:00:00 2001 From: Nguyen Xuan Vu Date: Thu, 28 Nov 2019 05:26:09 -0500 Subject: [PATCH 042/714] Update requirements.txt --- tools/requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/requirements.txt b/tools/requirements.txt index c3c4fc71..8aa01bcd 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1 +1,3 @@ PyYAML>=3.11 +requests>=2 +urllib3>=1 \ No newline at end of file From 738008b52bf3aadfc4055fb2afcadff2196a1b9c Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 28 Nov 2019 17:38:05 +0700 Subject: [PATCH 043/714] requiment --- tools/sigma/backends/carbonblack.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index f423744c..6f67143e 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -21,7 +21,7 @@ from .base import SingleTextQueryBackend from .mixins import MultiRuleOutputMixin from sigma.parser.modifiers.base import SigmaTypeModifier import requests -import argparse +# import argparse import urllib3 import json from .. eventdict import event @@ -154,9 +154,9 @@ class SplunkBackend(SingleTextQueryBackend): "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" } print(title) - # x = requests.post(url, data =json.dumps(body), headers = header, verify=False) + x = requests.post(url, data =json.dumps(body), headers = header, verify=False) - # print(x.text) + print(x.text) def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" From 60997b47b275b1b934c9041d6048176f3b2194e3 Mon Sep 17 00:00:00 2001 From: Lep Date: Thu, 28 Nov 2019 21:34:52 +0700 Subject: [PATCH 044/714] moreEventID --- tools/config/carbonblack.yml | 1 + tools/sigma/backends/carbonblack.py | 4 ++-- tools/sigma/eventdict.py | 10 +++++++++- tools/sigmac | 7 +++---- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 3519eeed..06ac7aea 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -7,6 +7,7 @@ backends: fieldmappings: Image: path + CurrentDirectory: path SourceIp: ipaddr ImageLoaded: modload CommandLine: cmdline diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 6f67143e..0fcd8b9a 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -154,9 +154,9 @@ class SplunkBackend(SingleTextQueryBackend): "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" } print(title) - x = requests.post(url, data =json.dumps(body), headers = header, verify=False) + # x = requests.post(url, data =json.dumps(body), headers = header, verify=False) - print(x.text) + # print(x.text) def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" diff --git a/tools/sigma/eventdict.py b/tools/sigma/eventdict.py index 13482648..3ef3b736 100644 --- a/tools/sigma/eventdict.py +++ b/tools/sigma/eventdict.py @@ -11,6 +11,14 @@ event = { 10: ('crossproc_type', 'process_open'), 11: ('filemod_count','[1 to *]'), 12: ('regmod_count','[1 to *]'), - 14: ('regmod_count','[1 to *]') + 13: ('regmod_count','[1 to *]'), + 14: ('',''), + 15: ('',''), + 16: ('',''), + 17: ('',''), + 18: ('',''), + 19: ('',''), + 20: ('',''), + 21: ('',''), # 15 File create stream hash } \ No newline at end of file diff --git a/tools/sigmac b/tools/sigmac index 3bec0416..4940ae0a 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -224,10 +224,9 @@ for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): else: f = sigmafile.open(encoding='utf-8') parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) - try: - results = parser.generate(backend) - except: - print("An exception occurred") + + results = parser.generate(backend) + for result in results: print(result, file=out) From 2930df17d63af84c389a76cb2845fd176afde202 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Mon, 3 Feb 2020 09:47:06 +0700 Subject: [PATCH 045/714] update sigma --- .../sysmon/sysmon_permissions_modifiation.yml | 6 +++--- rules/windows/sysmon/sysmon_service_creation.yml | 2 +- rules/windows/sysmon/sysmon_susp_Timestomp.yml | 4 ++-- .../sysmon/sysmon_susp_discovery_activity.yml | 4 ++-- .../windows/sysmon/sysmon_susp_file_deletion.yml | 6 +++--- .../windows/sysmon/sysmon_susp_service_modify.yml | 8 ++++---- .../sysmon_susp_signed_script_triggered.yml | 4 ++-- .../sysmon/sysmon_web_folder_intergration.yml | 4 ++-- rules/windows/sysmon/win_susp_Compiled_HTML.yml | 2 +- tools/config/carbonblack.yml | 15 ++++++++++++++- tools/sigma/backends/carbonblack.py | 14 +++++++------- tools/sigma/eventdict.py | 2 +- 12 files changed, 42 insertions(+), 29 deletions(-) diff --git a/rules/windows/sysmon/sysmon_permissions_modifiation.yml b/rules/windows/sysmon/sysmon_permissions_modifiation.yml index ad334ce0..9f2a8eb6 100644 --- a/rules/windows/sysmon/sysmon_permissions_modifiation.yml +++ b/rules/windows/sysmon/sysmon_permissions_modifiation.yml @@ -14,15 +14,15 @@ logsource: product: windows detection: window: - - Image_lc: + - Image: - '*cacls.exe' - '*takeown.exe' - '*icacls.exe' - '*attrib.exe' - - CommandLine_lc: '*Set-Acl*' + - CommandLine: '*Set-Acl*' # Use for unix, change log sources unix: - CommandLine_lc: + CommandLine: - '*chmod*' - '*chowm*' - '*chattr*' diff --git a/rules/windows/sysmon/sysmon_service_creation.yml b/rules/windows/sysmon/sysmon_service_creation.yml index 101728ff..1a203859 100644 --- a/rules/windows/sysmon/sysmon_service_creation.yml +++ b/rules/windows/sysmon/sysmon_service_creation.yml @@ -11,7 +11,7 @@ logsource: detection: selection: EventID: 12 - Image_lc: '*\services.exe' + Image: '*\services.exe' condition: selection falsepositives: - n/a diff --git a/rules/windows/sysmon/sysmon_susp_Timestomp.yml b/rules/windows/sysmon/sysmon_susp_Timestomp.yml index 69c1e158..11be1613 100644 --- a/rules/windows/sysmon/sysmon_susp_Timestomp.yml +++ b/rules/windows/sysmon/sysmon_susp_Timestomp.yml @@ -10,13 +10,13 @@ logsource: product: windows detection: windows: - CommandLine_lc: + CommandLine: - '*Get-ChildItem*' - '*$_.LastAccessTime*' - '*$_.LastWriteTime*' - '*$_.CreationTime*' linux: - CommandLine_lc: '*touch*' + CommandLine: '*touch*' condition: linux or windows falsepositives: - Unkown diff --git a/rules/windows/sysmon/sysmon_susp_discovery_activity.yml b/rules/windows/sysmon/sysmon_susp_discovery_activity.yml index 426235b7..4b96f37e 100644 --- a/rules/windows/sysmon/sysmon_susp_discovery_activity.yml +++ b/rules/windows/sysmon/sysmon_susp_discovery_activity.yml @@ -12,7 +12,7 @@ logsource: product: windows detection: selection: - CommandLine_lc: + CommandLine: - 'dir *' - 'tree *' - 'reg query*' @@ -20,7 +20,7 @@ detection: - 'ipconfig /all' - 'new-psdrive*' timeframe: 15s - condition: selection | count() by CommandLine_lc > 4 + condition: selection | count() by CommandLine > 4 falsepositives: - Admin activities level: medium diff --git a/rules/windows/sysmon/sysmon_susp_file_deletion.yml b/rules/windows/sysmon/sysmon_susp_file_deletion.yml index 9494234b..60680a6a 100644 --- a/rules/windows/sysmon/sysmon_susp_file_deletion.yml +++ b/rules/windows/sysmon/sysmon_susp_file_deletion.yml @@ -16,13 +16,13 @@ logsource: detection: sdelete: Image: '*sdelete.exe' - CommandLine_lc: '*remove-item*' + CommandLine: '*remove-item*' fsulti: Image: '*fsutil.exe' - CommandLine_lc: '*deletejournal*' + CommandLine: '*deletejournal*' wbadmin: Image: '*wbadmin.exe' - CommandLine_lc: '*delete*' + CommandLine: '*delete*' condition: sdelete or fsulti or wbadmin falsepositives: - Uninstall programs,.. diff --git a/rules/windows/sysmon/sysmon_susp_service_modify.yml b/rules/windows/sysmon/sysmon_susp_service_modify.yml index 52bef37a..dc67081f 100644 --- a/rules/windows/sysmon/sysmon_susp_service_modify.yml +++ b/rules/windows/sysmon/sysmon_susp_service_modify.yml @@ -13,13 +13,13 @@ logsource: product: windows detection: sc: - Image_lc: + Image: -'*\sc.exe' - CommandLine_lc: '*config*' + CommandLine: '*config*' reg: - Image_lc: + Image: -'*\reg.exe' - CommandLine_lc: '*hklm\system\currentcontrolset\services*' + CommandLine: '*hklm\system\currentcontrolset\services*' condition: 1 of them --- detection: diff --git a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml index 1f4ac635..94ba3931 100644 --- a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml +++ b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml @@ -13,7 +13,7 @@ logsource: category: process_creation detection: selection: - ParentImage_lc: '*cscript.exe*' + ParentImage: '*cscript.exe*' condition: selection or selection2 falsepositives: - Real PubPrn usage @@ -24,4 +24,4 @@ logsource: service: sysmon detection: selection2: - CommandLine_lc: '*pubprn.vbs*' \ No newline at end of file + CommandLine: '*pubprn.vbs*' \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_web_folder_intergration.yml b/rules/windows/sysmon/sysmon_web_folder_intergration.yml index b9b9a7ad..43932982 100644 --- a/rules/windows/sysmon/sysmon_web_folder_intergration.yml +++ b/rules/windows/sysmon/sysmon_web_folder_intergration.yml @@ -10,7 +10,7 @@ logsource: product: windows detection: selection: - TargetFileName_lc: + TargetFileName: - '*\wwwroot\\*' - '*\wmpub\\*' - '*\htdocs\\*' @@ -18,7 +18,7 @@ detection: EventID: 11 filter: - Image_lc: + Image: - '*explorer.exe' blank: Image: null diff --git a/rules/windows/sysmon/win_susp_Compiled_HTML.yml b/rules/windows/sysmon/win_susp_Compiled_HTML.yml index 2ff232fc..2063f97b 100644 --- a/rules/windows/sysmon/win_susp_Compiled_HTML.yml +++ b/rules/windows/sysmon/win_susp_Compiled_HTML.yml @@ -9,7 +9,7 @@ logsource: product: windows detection: selection1: - Image_lc: '*\hh.exe' + Image: '*\hh.exe' condition: selection1 falsepositives: - Normal HTML Help File diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 06ac7aea..59fbea6f 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -12,4 +12,17 @@ fieldmappings: ImageLoaded: modload CommandLine: cmdline DestinationIp: ipaddr - DestinationAddress: ipaddr \ No newline at end of file + DestinationAddress: ipaddr + DestinationPort: ipport + DestPort: ipport + TargetObject: regmod + TargetFilename: filemod + ParentImage: parent_name + SourceImage: parent_name + TargetImage: childproc_name + Description: file_desc + Product: product_name + Signature: digsig_publisher + CallTrace: modload + DestinationHostname: domain + \ No newline at end of file diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 0fcd8b9a..5838b2e4 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -55,12 +55,12 @@ class SplunkBackend(SingleTextQueryBackend): reClear = None andToken = " and " orToken = " OR " - notToken = "NOT " - subExpression = "%s" + notToken = "-" + subExpression = "(%s)" listExpression = "%s" listSeparator = " " valueExpression = "%s" - nullExpression = "NOT %s=\"*\"" + nullExpression = "- %s=\"*\"" notNullExpression = "%s=\"*\"" mapExpression = "%s:%s" mapListsSpecialHandling = True @@ -143,7 +143,7 @@ class SplunkBackend(SingleTextQueryBackend): return new_value def postAPI(self,result,title,desc): - url = 'https://10.14.132.6/api/v1/watchlist' + url = 'https://10.1.8.204//api/v1/watchlist' body = { "name":title, "search_query":"q="+result, @@ -151,12 +151,12 @@ class SplunkBackend(SingleTextQueryBackend): "index_type":"events" } header = { - "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" + "X-Auth-Token": "36822f6cf6fca5a598060b518f2c197b16f6b226" } print(title) - # x = requests.post(url, data =json.dumps(body), headers = header, verify=False) + x = requests.post(url, data =json.dumps(body), headers = header, verify=False) - # print(x.text) + print(x.text) def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" diff --git a/tools/sigma/eventdict.py b/tools/sigma/eventdict.py index 3ef3b736..d55404fd 100644 --- a/tools/sigma/eventdict.py +++ b/tools/sigma/eventdict.py @@ -4,7 +4,7 @@ event = { 3: ('netconn_count','[1 to *]'), # 4: sysmon state change # 5: Process termincated - 6: ('modload',"*\System32\Drivers*]"), + 6: ('modload_count','[1 to *]'), 7: ('modload_count','[1 to *]'), 8: ('crossproc_type', 'remote_thread'), # 9: Raw Access Read From 98471bc53c19081ae240711f0ffe9a0442b88fc0 Mon Sep 17 00:00:00 2001 From: Kevin Dienst Date: Mon, 3 Feb 2020 07:29:42 -0600 Subject: [PATCH 046/714] Update proxy_raw_paste_service_access.yml Add another paste provider website, ghostbin.co to the list. Note that saved pastes generate pseudo random 5 character strings before being suffixed with `/raw` at the end of the URL. e.g. `https://ghostbin.co/paste/y4e9a/raw` Thus, I've added a regex match between /paste and /raw. I'm unsure if this is supported, I skimmed the Sigma specification wiki but didn't see anything other than that contains adds '*' to end and beginning of each selection. If this regex isn't going to work then I'd imagine we just have to remove the `.+/raw/` from the URI. --- rules/proxy/proxy_raw_paste_service_access.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/proxy/proxy_raw_paste_service_access.yml b/rules/proxy/proxy_raw_paste_service_access.yml index d5d21d3b..a752099c 100644 --- a/rules/proxy/proxy_raw_paste_service_access.yml +++ b/rules/proxy/proxy_raw_paste_service_access.yml @@ -17,6 +17,7 @@ detection: - '.paste.ee/r/' - '.pastebin.com/raw/' - '.hastebin.com/raw/' + - '.ghostbin.co/paste/.+/raw/' condition: selection fields: - ClientIP From 579e7481c7472d264998c76eb0b8c5e025a67326 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Tue, 4 Feb 2020 18:14:40 +0700 Subject: [PATCH 047/714] cleanValue + eventID list --- .vscode/launch.json | 2 +- .../compliance/group_modification_logging.yml | 8 +-- rules/compliance/workstation_was_locked.yml | 3 +- tools/sigma/backends/carbonblack.py | 59 ++++++++++++++----- tools/sigmac | 5 +- 5 files changed, 51 insertions(+), 26 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 8740ef8a..25c78a92 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -10,7 +10,7 @@ "request": "launch", "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/home/lep/Desktop/xxx.yaml", "-c", "carbonblack"] + "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules/win_bypass_squiblytwo.yml", "-c", "carbonblack"] // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] } ] diff --git a/rules/compliance/group_modification_logging.yml b/rules/compliance/group_modification_logging.yml index bb0feb63..198da989 100644 --- a/rules/compliance/group_modification_logging.yml +++ b/rules/compliance/group_modification_logging.yml @@ -18,13 +18,7 @@ logsource: service: security detection: selection: - EventID: - - 4728 - - 4729 - - 4730 - - 633 - - 632 - - 634 + EventID: 178 condition: selection falsepositives: - unknown diff --git a/rules/compliance/workstation_was_locked.yml b/rules/compliance/workstation_was_locked.yml index 93f2c166..074224fa 100644 --- a/rules/compliance/workstation_was_locked.yml +++ b/rules/compliance/workstation_was_locked.yml @@ -13,8 +13,7 @@ logsource: service: security detection: selection: - EventID: - - 4800 + EventID: 4800 condition: selection falsepositives: - unknown diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 5838b2e4..bf620764 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -42,8 +42,8 @@ ssl._create_default_https_context = ssl._create_unverified_context # parser.add_argument("--realerttime", help="Realert time (optional value, default 5 minutes)", type=str, default=5) # parser.add_argument("--debug", help="Show debug output", type=bool, default=False) # args = parser.parse_args() -class SplunkBackend(SingleTextQueryBackend): - """Converts Sigma rule into Splunk Search Processing Language (SPL).""" +class CarbonBlackBackend(SingleTextQueryBackend): + """Converts Sigma rule into Carbon Black Query Language (SPL).""" identifier = "carbonblack" active = True index_field = "index" @@ -67,19 +67,24 @@ class SplunkBackend(SingleTextQueryBackend): mapListValueExpression = "%s IN %s" def generateMapItemListNode(self, key, value): - if not set([type(val) for val in value]).issubset({str, int}): + if(key == "EventID"): + return ("( OR ".join(['%s:%s )' % (self.generateEventKey(item), self.generateEventValue(item)) for item in value if self.generateEventKey(item)!= ''])) + + elif not set([type(val) for val in value]).issubset({str, int}): raise TypeError("List values must be strings or numbers") - return "(" + (" OR ".join(['%s=%s' % (key, self.generateValueNode(item)) for item in value])) + ")" + return "(" + (" OR ".join(['%s:%s' % (key, self.generateValueNode(item)) for item in value])) + ")" def generateMapItemNode(self, node): fieldname, value = node value = self.cleanValue(value) - if(fieldname == "EventID" and value in event): - fieldname = event[value][0] - value = event[value][1] + if(fieldname == "EventID" and (type(value) is str or type(value) is int )): + fieldname = self.generateEventKey(value) + value = self.generateEventValue(value) transformed_fieldname = self.fieldNameMapping(fieldname, value) if(transformed_fieldname == "ipaddr"): value = self.cleanIPRange(value) + if(transformed_fieldname == ''): + return '' if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif type(value) == list: @@ -115,16 +120,40 @@ class SplunkBackend(SingleTextQueryBackend): def cleanValue(self, value): new_value = value if type(value) is str: - while re.search(r'\\[\/\\\"]',str(new_value)): - new_value = re.sub(r'\\\\', r'\\' , new_value) - new_value = re.sub(r'\\\/', r'\/' , new_value) - new_value = re.sub(r'\\\"', r'\"' , new_value) - new_value = re.sub(r"\\\'", r"\'" , new_value) + if (new_value[:2] in ("*\/","*\\")): + new_value = new_value[2:] + if (new_value[:1] == '*'): + new_value = new_value.replace("*", "", 1) + if ( "1 to" not in new_value): + new_value = new_value.replace("* ", "*") + new_value = new_value.replace(" *", "*") + if ( "(" in new_value or " " in new_value and "1 to" not in new_value): + new_value = '"' + new_value +'"' + + # while re.search(r'\\[\/\\\"]',str(new_value)): + # new_value = re.sub(r'\\\\', r'\\' , new_value) + # new_value = re.sub(r'\\\/', r'\/' , new_value) + # new_value = re.sub(r'\\\"', r'\"' , new_value) + # new_value = re.sub(r"\\\'", r"\'" , new_value) + + new_value = new_value.strip() if type(value) is list: for vl in value: vl = self.cleanValue(vl) return new_value + def generateEventKey(self, value): + if (value in event): + return event[value][0] + else: + return '' + + def generateEventValue(self, value): + if (value in event): + return event[value][1] + else: + return '' + def cleanIPRange(self,value): new_value = value if type(value) is str and value.find('*') : @@ -143,7 +172,7 @@ class SplunkBackend(SingleTextQueryBackend): return new_value def postAPI(self,result,title,desc): - url = 'https://10.1.8.204//api/v1/watchlist' + url = 'https://10.14.132.6//api/v1/watchlist' body = { "name":title, "search_query":"q="+result, @@ -151,7 +180,7 @@ class SplunkBackend(SingleTextQueryBackend): "index_type":"events" } header = { - "X-Auth-Token": "36822f6cf6fca5a598060b518f2c197b16f6b226" + "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" } print(title) x = requests.post(url, data =json.dumps(body), headers = header, verify=False) @@ -178,4 +207,6 @@ class SplunkBackend(SingleTextQueryBackend): # if mapped is not None: # result += fields self.postAPI(result,title,desc) + # print (title) + # print (result) return result \ No newline at end of file diff --git a/tools/sigmac b/tools/sigmac index 4940ae0a..057f0e87 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -219,6 +219,7 @@ error = 0 for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): logger.debug("* Processing Sigma input %s" % (sigmafile)) try: + print (sigmafile) if cmdargs.inputs == ['-']: f = sigmafile else: @@ -228,8 +229,8 @@ for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): results = parser.generate(backend) - for result in results: - print(result, file=out) + # for result in results: + # print(result, file=out) except OSError as e: print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)), file=sys.stderr) error = ERR_OPEN_SIGMA_RULE From 19d9e4856ee05dae03dcf5958757eed9a1577c23 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Wed, 5 Feb 2020 17:47:35 +0700 Subject: [PATCH 048/714] clean Value + config --- tools/config/carbonblack.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 59fbea6f..6a6c8d12 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -11,6 +11,7 @@ fieldmappings: SourceIp: ipaddr ImageLoaded: modload CommandLine: cmdline + ProcessCommandLine: cmdline DestinationIp: ipaddr DestinationAddress: ipaddr DestinationPort: ipport @@ -25,4 +26,5 @@ fieldmappings: Signature: digsig_publisher CallTrace: modload DestinationHostname: domain + User: username \ No newline at end of file From bc4c6ce8dbbbb479bbdc838d925ad52af67645a5 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 6 Feb 2020 11:02:22 +0700 Subject: [PATCH 049/714] cleanValue --- tools/sigma/backends/carbonblack.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index bf620764..9c2eb224 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -127,14 +127,13 @@ class CarbonBlackBackend(SingleTextQueryBackend): if ( "1 to" not in new_value): new_value = new_value.replace("* ", "*") new_value = new_value.replace(" *", "*") - if ( "(" in new_value or " " in new_value and "1 to" not in new_value): + new_value = new_value.replace('"', '\"') + # need tuning + if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and "1 to" not in new_value): new_value = '"' + new_value +'"' - - # while re.search(r'\\[\/\\\"]',str(new_value)): - # new_value = re.sub(r'\\\\', r'\\' , new_value) - # new_value = re.sub(r'\\\/', r'\/' , new_value) - # new_value = re.sub(r'\\\"', r'\"' , new_value) - # new_value = re.sub(r"\\\'", r"\'" , new_value) + new_value = new_value.replace("(", "\(") + new_value = new_value.replace(")", "\)") + new_value = new_value.replace(" ", "\ ") new_value = new_value.strip() if type(value) is list: From 627f46abc27495676fe316394d5ffe355e060e50 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 6 Feb 2020 16:28:27 +0700 Subject: [PATCH 050/714] backslash fix --- .vscode/launch.json | 2 +- tools/config/carbonblack.yml | 3 +++ tools/sigma/backends/carbonblack.py | 11 +++++++---- tools/sigmac | 4 ++-- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 25c78a92..646fdfe4 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -10,7 +10,7 @@ "request": "launch", "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules/win_bypass_squiblytwo.yml", "-c", "carbonblack"] + "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules_CBR/win_powershell_download.yml", "-c", "carbonblack"] // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] } ] diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml index 6a6c8d12..01a4f7a7 100644 --- a/tools/config/carbonblack.yml +++ b/tools/config/carbonblack.yml @@ -18,9 +18,12 @@ fieldmappings: DestPort: ipport TargetObject: regmod TargetFilename: filemod + TargetFileName: filemod + Targetfilename: filemod ParentImage: parent_name SourceImage: parent_name TargetImage: childproc_name + NewProcessName: childproc_name Description: file_desc Product: product_name Signature: digsig_publisher diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index 9c2eb224..ac341c47 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -77,6 +77,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): def generateMapItemNode(self, node): fieldname, value = node value = self.cleanValue(value) + print(str(value)) if(fieldname == "EventID" and (type(value) is str or type(value) is int )): fieldname = self.generateEventKey(value) value = self.generateEventValue(value) @@ -130,7 +131,8 @@ class CarbonBlackBackend(SingleTextQueryBackend): new_value = new_value.replace('"', '\"') # need tuning if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and "1 to" not in new_value): - new_value = '"' + new_value +'"' + if (new_value[0] != '"' and new_value[-1] != '"'): + new_value = '"' + new_value +'"' new_value = new_value.replace("(", "\(") new_value = new_value.replace(")", "\)") new_value = new_value.replace(" ", "\ ") @@ -174,7 +176,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): url = 'https://10.14.132.6//api/v1/watchlist' body = { "name":title, - "search_query":"q="+result, + "search_query":"q="+str(result), "description":desc, "index_type":"events" } @@ -197,6 +199,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): after = self.generateAfter(parsed) result = "" + # print(query.replace("\\\\","\\")) if before is not None: result = before if query is not None: @@ -205,7 +208,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): result += after # if mapped is not None: # result += fields - self.postAPI(result,title,desc) + # self.postAPI(result,title,desc) # print (title) - # print (result) + # print (str(result)) return result \ No newline at end of file diff --git a/tools/sigmac b/tools/sigmac index 057f0e87..f33dedd2 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -229,8 +229,8 @@ for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): results = parser.generate(backend) - # for result in results: - # print(result, file=out) + for result in results: + print(result, file=out) except OSError as e: print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)), file=sys.stderr) error = ERR_OPEN_SIGMA_RULE From d0e9af171f02dba99eee0a47ce22def5a584d9a6 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 6 Feb 2020 17:20:52 +0700 Subject: [PATCH 051/714] cleanIPRange --- .vscode/launch.json | 2 +- tools/sigma/backends/carbonblack.py | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 646fdfe4..944b35d3 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -10,7 +10,7 @@ "request": "launch", "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules_CBR/win_powershell_download.yml", "-c", "carbonblack"] + "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules_CBR/sysmon_powershell_network_connection.yml", "-c", "carbonblack"] // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] } ] diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index ac341c47..690cb740 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -120,17 +120,17 @@ class CarbonBlackBackend(SingleTextQueryBackend): def cleanValue(self, value): new_value = value - if type(value) is str: + if type(new_value) is str: if (new_value[:2] in ("*\/","*\\")): new_value = new_value[2:] if (new_value[:1] == '*'): new_value = new_value.replace("*", "", 1) - if ( "1 to" not in new_value): + if ( " to " not in new_value): new_value = new_value.replace("* ", "*") new_value = new_value.replace(" *", "*") new_value = new_value.replace('"', '\"') # need tuning - if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and "1 to" not in new_value): + if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and " to " not in new_value): if (new_value[0] != '"' and new_value[-1] != '"'): new_value = '"' + new_value +'"' new_value = new_value.replace("(", "\(") @@ -138,9 +138,9 @@ class CarbonBlackBackend(SingleTextQueryBackend): new_value = new_value.replace(" ", "\ ") new_value = new_value.strip() - if type(value) is list: - for vl in value: - vl = self.cleanValue(vl) + if type(new_value) is list: + for index, vl in enumerate(new_value): + new_value[index] = self.cleanValue(vl) return new_value def generateEventKey(self, value): @@ -157,19 +157,19 @@ class CarbonBlackBackend(SingleTextQueryBackend): def cleanIPRange(self,value): new_value = value - if type(value) is str and value.find('*') : + if type(new_value) is str and value.find('*') : sub = value.count('.') if(value[-2:] == '.*'): value = value[:-2] min_ip = value + '.0' * (4 - sub) max_ip = value + '.255' * (4 - sub) - new_value = '['+ min_ip + ' TO ' + max_ip + ']' + new_value = '['+ min_ip + ' to ' + max_ip + ']' # ip = IPNetwork(value + '/' + str(sub)) # min_ip = str(ip[0]) # max_ip = str(ip[-1]) - if type(value) is list: - for vl in value: - vl = self.cleanIPRange(vl) + if type(new_value) is list: + for index, vl in enumerate(new_value): + new_value[index] = self.cleanIPRange(vl) return new_value def postAPI(self,result,title,desc): @@ -208,7 +208,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): result += after # if mapped is not None: # result += fields - # self.postAPI(result,title,desc) + self.postAPI(result,title,desc) # print (title) # print (str(result)) return result \ No newline at end of file From b9c745a1b271fbc7295e66d440283bc4a7ceb849 Mon Sep 17 00:00:00 2001 From: Wagga Date: Sun, 16 Feb 2020 16:48:49 +0100 Subject: [PATCH 052/714] New Koadic detection rule --- .../process_creation/win_hack_koadic.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/windows/process_creation/win_hack_koadic.yml diff --git a/rules/windows/process_creation/win_hack_koadic.yml b/rules/windows/process_creation/win_hack_koadic.yml new file mode 100644 index 00000000..0b926c92 --- /dev/null +++ b/rules/windows/process_creation/win_hack_koadic.yml @@ -0,0 +1,27 @@ +title: Koadic Execution +id: 5cddf373-ef00-4112-ad72-960ac29bac34 +status: experimental +description: Detects command line parameters used by Koadic hack tool +references: + - https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/ + - https://github.com/zerosum0x0/koadic/blob/master/data/stager/js/stdlib.js#L955 + - https://blog.f-secure.com/hunting-for-koadic-a-com-based-rootkit/ +tags: + - attack.execution + - attack.t1170 +date: 2020/01/12 +author: wagga +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine: + - '*cmd.exe* /q /c chcp *' + condition: selection1 +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Pentest +level: medium From f8be92dae040c7427c750ba7910e001fa0ca1e7d Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 10:13:44 -0500 Subject: [PATCH 053/714] Add files via upload --- ...mon_registry_trust_record_modification.yml | 24 +++++++++++++++ .../sysmon_susp_winword_vbadll_load.yml | 30 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_registry_trust_record_modification.yml create mode 100644 rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml new file mode 100644 index 00000000..e01ed0d8 --- /dev/null +++ b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml @@ -0,0 +1,24 @@ +title: Windows Registry Trust Record Modification +id: 295a59c1-7b79-4b47-a930-df12c15fc9c2 +status: experimental +description: Alerts on trust record modification within the registry, indicating usage of macros +references: + - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ + - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html +author: Antonlovesdnb +date: 2020/2/19 +modified: 2020/2/19 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 12 + TargetObject|contains: 'TrustRecords' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: medium \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml new file mode 100644 index 00000000..8aa179f7 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -0,0 +1,30 @@ +title: VBA DLL Loaded Via Microsoft Word +id: e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 +status: experimental +description: Detects DLL's Loaded Via Word Containing VBA Macros +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2019/12/26 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\VBE7.DLL' + - '*\VBEUI.DLL' + - '*\VBE7INTL.DLL' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file From 397cdecb94e29c087610640dc0e195bd33e2ddc6 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:43:13 -0500 Subject: [PATCH 054/714] 5 Rules covering various macro techniques - Rule to look for GAC DLL loaded by an Office Product - Rule to look for any DLL in C:\Windows\assembly loaded by an Office Product - Rule to look for clr.dll loaded by an Office Product - Rule to look for directory services parsing dll loaded by an Office Product - Rule to look for kerberos dll loaded by an Office Product --- ...n_susp_office_dotnet_assembly_dll_load.yml | 28 +++++++++++++++++++ ...sysmon_susp_office_dotnet_clr_dll_load.yml | 28 +++++++++++++++++++ ...sysmon_susp_office_dotnet_gac_dll_load.yml | 28 +++++++++++++++++++ .../sysmon_susp_office_dsparse_dll_load.yml | 28 +++++++++++++++++++ .../sysmon_susp_office_kerberos_dll_load.yml | 28 +++++++++++++++++++ 5 files changed, 140 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml create mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml create mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml create mode 100644 rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml create mode 100644 rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml new file mode 100644 index 00000000..8a3b448c --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -0,0 +1,28 @@ +title: dotNET DLL Loaded Via Office Applications +id: ff0f2b05-09db-4095-b96d-1b75ca24894a +status: experimental +description: Detects any assembly DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*C:\Windows\assembly\' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml new file mode 100644 index 00000000..48a82e71 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -0,0 +1,28 @@ +title: CLR DLL Loaded Via Office Applications +id: d13c43f0-f66b-4279-8b2c-5912077c1780 +status: experimental +description: Detects CLR DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*clr.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml new file mode 100644 index 00000000..46f1ce1a --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -0,0 +1,28 @@ +title: GAC DLL Loaded Via Office Applications +id: 90217a70-13fc-48e4-b3db-0d836c5824ac +status: experimental +description: Detects any GAC DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml new file mode 100644 index 00000000..d4df28cb --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml @@ -0,0 +1,28 @@ +title: Active Directory Parsing DLL Loaded Via Office Applications +id: a2a3b925-7bb0-433b-b508-db9003263cc4 +status: experimental +description: Detects DSParse DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*dsparse.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml new file mode 100644 index 00000000..4b6e01db --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -0,0 +1,28 @@ +title: Active Directory Kerberos DLL Loaded Via Office Applications +id: 7417e29e-c2e7-4cf6-a2e8-767228c64837 +status: experimental +description: Detects Kerberos DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2019/12/26 +tags: + - attack.initial.access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*kerberos.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high \ No newline at end of file From 56ffa9ec0edb454d43dacfdee535e1efad2e2e2b Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:50:09 -0500 Subject: [PATCH 055/714] Update sysmon_registry_trust_record_modification.yml --- .../sysmon/sysmon_registry_trust_record_modification.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml index e01ed0d8..1d9dd690 100644 --- a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml +++ b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml @@ -6,10 +6,10 @@ references: - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html author: Antonlovesdnb -date: 2020/2/19 -modified: 2020/2/19 +date: 2020/02/19 +modified: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -21,4 +21,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: medium \ No newline at end of file +level: medium From 1e461cb2d1ee1b9f6b8989e23d61bd9896ed6530 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:50:31 -0500 Subject: [PATCH 056/714] Update sysmon_susp_office_dotnet_gac_dll_load.yml --- .../windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index 46f1ce1a..3bcbed79 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -7,7 +7,7 @@ references: author: Antonlovesdnb date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From 6d0805ac13a765d087b7351c9899cbb7c9db056a Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:51:00 -0500 Subject: [PATCH 057/714] Update sysmon_susp_winword_vbadll_load.yml --- rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index 8aa179f7..6d08ee6f 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -5,9 +5,9 @@ description: Detects DLL's Loaded Via Word Containing VBA Macros references: - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 author: Antonlovesdnb -date: 2019/12/26 +date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -27,4 +27,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From 1f01fe446fe2af1d5374644a3be6bb8a9243f834 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:51:22 -0500 Subject: [PATCH 058/714] Update sysmon_susp_office_dsparse_dll_load.yml --- rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml index d4df28cb..1c37a971 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml @@ -7,7 +7,7 @@ references: author: Antonlovesdnb date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From 328858279f59ced3830267c44941da10ed47c528 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:51:50 -0500 Subject: [PATCH 059/714] Update sysmon_susp_office_kerberos_dll_load.yml --- .../windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index 4b6e01db..e9a29a9b 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -5,9 +5,9 @@ description: Detects Kerberos DLL being loaded by an Office Product references: - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 author: Antonlovesdnb -date: 2019/12/26 +date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From 6234f72a6cecfeadb276ddb91792488dbedd4e86 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:52:09 -0500 Subject: [PATCH 060/714] Update sysmon_susp_office_dotnet_clr_dll_load.yml --- .../windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml index 48a82e71..11950a5a 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -7,7 +7,7 @@ references: author: Antonlovesdnb date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From 9625a94d0bea34bb777d60e472b60fb2151e59dc Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Wed, 19 Feb 2020 14:52:31 -0500 Subject: [PATCH 061/714] Update sysmon_susp_office_dotnet_assembly_dll_load.yml --- .../sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 8a3b448c..4d3ffdca 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -7,7 +7,7 @@ references: author: Antonlovesdnb date: 2020/02/19 tags: - - attack.initial.access + - attack.initial_access - attack.t1193 logsource: product: windows @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high \ No newline at end of file +level: high From ab1dda76852e74924de150f348b07ded83c68bd7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 21 Feb 2020 16:21:39 +0100 Subject: [PATCH 062/714] fix: non-ascii rule --- rules/windows/process_creation/win_susp_squirrel_lolbin.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_squirrel_lolbin.yml b/rules/windows/process_creation/win_susp_squirrel_lolbin.yml index 05353f26..c11ba8ad 100644 --- a/rules/windows/process_creation/win_susp_squirrel_lolbin.yml +++ b/rules/windows/process_creation/win_susp_squirrel_lolbin.yml @@ -53,5 +53,5 @@ detection: CommandLine: - '*--processStart*.exe*' - '*--processStartAndWait*.exe*' - - '*–createShortcut*.exe*' + - '*-createShortcut*.exe*' condition: selection From 612df1666b4bc0dd4d4b6d48cfa17dca8d0d79bc Mon Sep 17 00:00:00 2001 From: Abhijit Khinvasara Date: Sat, 22 Feb 2020 20:50:30 -0800 Subject: [PATCH 063/714] add LOGIQ backend. --- tools/sigma/backends/logiq.py | 98 +++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 tools/sigma/backends/logiq.py diff --git a/tools/sigma/backends/logiq.py b/tools/sigma/backends/logiq.py new file mode 100644 index 00000000..142be330 --- /dev/null +++ b/tools/sigma/backends/logiq.py @@ -0,0 +1,98 @@ +import re +from .base import BaseBackend +from .mixins import QuoteCharMixin +import json + +class LogiqBackend(BaseBackend, QuoteCharMixin): + """Generates Perl compatible regular expressions and puts 'grep -P' around it""" + identifier = "logiq" + active = True + config_required = False + + reEscape = re.compile("([\\|()\[\]{}.^$+])") + + def generate(self, sigmaparser): + """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" + print ("XXXXXX LogiqBackend definitions",sigmaparser.definitions) + print ("XXXXXX LogiqBackend values",sigmaparser.values) + print ("XXXXXX LogiqBackend config",sigmaparser.config) + + eventRule = dict() + eventRule["name"] = sigmaparser.parsedyaml["title"] + eventRule["groupName"] = sigmaparser.parsedyaml["logsource"]["product"] + eventRule["description"] = sigmaparser.parsedyaml["description"] + eventRule["condition"] = sigmaparser.parsedyaml["detection"] + eventRule["level"] = sigmaparser.parsedyaml["level"] + + + for key,value in eventRule.items(): + print(key, ":", value) + print ("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + + for parsed in sigmaparser.condparsed: + query = self.generateQuery(parsed) + before = self.generateBefore(parsed) + after = self.generateAfter(parsed) + + eventRule["condition"] = "" + if before is not None: + eventRule["condition"] = before + if query is not None: + eventRule["condition"] += query + if after is not None: + eventRule["condition"] += after + + result = json.dumps(eventRule) + + return result + + def generateQuery(self, parsed): + # print("generateQuery: ", parsed) + return "%s" % self.generateNode(parsed.parsedSearch) + + def cleanValue(self, val): + # val = super().cleanValue(val) + if val[0] == '*': + val = val.replace("*","/*") + + print("cleanValue: ", val) + return val + + def generateORNode(self, node): + print("generateORNode: ", node) + return "%s" % " || ".join([self.generateNode(val) for val in node]) + + def generateANDNode(self, node): + print("generateORNode: ", node) + return "%s" % " && ".join([self.generateNode(val) for val in node]) + + def generateNOTNode(self, node): + print("generateNOTNode: ", node) + return "%s" % self.generateNode(node.item) + + def generateSubexpressionNode(self, node): + # print("generateSubexpressionNode: ", node) + return "%s" % self.generateNode(node.items) + + def generateListNode(self, node): + # print("generateListNode: ", node) + if not set([type(value) for value in node]).issubset({str, int}): + raise TypeError("List values must be strings or numbers") + return self.generateORNode(node) + + def generateMapItemNode(self, node): + print("generateMapItemNode: ", node) + key, value = node + if value is None: + return self.generateNULLValueNode(node) + else: + return self.generateNode(value) + + def generateValueNode(self, node): + print("generateValueNode: ", node) + return "message =~ '" + self.cleanValue(str(node)).strip() + "'" + + def generateNULLValueNode(self, node): + print("generateNULLValueNode: ", node) + key, value = node + return "%s" % key From 8ad346362cb7cf495e58709a4f44b64b622d43fe Mon Sep 17 00:00:00 2001 From: Abhijit Khinvasara Date: Sat, 22 Feb 2020 20:59:56 -0800 Subject: [PATCH 064/714] remove print statements. --- tools/sigma/backends/logiq.py | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/tools/sigma/backends/logiq.py b/tools/sigma/backends/logiq.py index 142be330..28aebfcb 100644 --- a/tools/sigma/backends/logiq.py +++ b/tools/sigma/backends/logiq.py @@ -13,9 +13,6 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" - print ("XXXXXX LogiqBackend definitions",sigmaparser.definitions) - print ("XXXXXX LogiqBackend values",sigmaparser.values) - print ("XXXXXX LogiqBackend config",sigmaparser.config) eventRule = dict() eventRule["name"] = sigmaparser.parsedyaml["title"] @@ -24,10 +21,8 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): eventRule["condition"] = sigmaparser.parsedyaml["detection"] eventRule["level"] = sigmaparser.parsedyaml["level"] - - for key,value in eventRule.items(): - print(key, ":", value) - print ("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + # for key,value in eventRule.items(): + # print(key, ":", value) for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) @@ -42,32 +37,29 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): if after is not None: eventRule["condition"] += after - result = json.dumps(eventRule) - - return result + return json.dumps(eventRule) def generateQuery(self, parsed): # print("generateQuery: ", parsed) return "%s" % self.generateNode(parsed.parsedSearch) def cleanValue(self, val): - # val = super().cleanValue(val) if val[0] == '*': val = val.replace("*","/*") - - print("cleanValue: ", val) + + # print("cleanValue: ", val) return val def generateORNode(self, node): - print("generateORNode: ", node) + # print("generateORNode: ", node) return "%s" % " || ".join([self.generateNode(val) for val in node]) def generateANDNode(self, node): - print("generateORNode: ", node) + # print("generateORNode: ", node) return "%s" % " && ".join([self.generateNode(val) for val in node]) def generateNOTNode(self, node): - print("generateNOTNode: ", node) + # print("generateNOTNode: ", node) return "%s" % self.generateNode(node.item) def generateSubexpressionNode(self, node): @@ -81,7 +73,7 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): return self.generateORNode(node) def generateMapItemNode(self, node): - print("generateMapItemNode: ", node) + # print("generateMapItemNode: ", node) key, value = node if value is None: return self.generateNULLValueNode(node) @@ -89,10 +81,10 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): return self.generateNode(value) def generateValueNode(self, node): - print("generateValueNode: ", node) + # print("generateValueNode: ", node) return "message =~ '" + self.cleanValue(str(node)).strip() + "'" def generateNULLValueNode(self, node): - print("generateNULLValueNode: ", node) + # print("generateNULLValueNode: ", node) key, value = node return "%s" % key From df7356e829e3a5761a0d2cdae0e66ffbb3645502 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 24 Feb 2020 08:00:06 -0500 Subject: [PATCH 065/714] Rule: restore initial behaviour matching single word with spaces on each side --- .../process_creation/win_susp_eventlog_clear.yml | 16 ++++++++-------- .../process_creation/win_susp_fsutil_usage.yml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/rules/windows/process_creation/win_susp_eventlog_clear.yml b/rules/windows/process_creation/win_susp_eventlog_clear.yml index 8a26e744..5d8a7494 100644 --- a/rules/windows/process_creation/win_susp_eventlog_clear.yml +++ b/rules/windows/process_creation/win_susp_eventlog_clear.yml @@ -20,19 +20,19 @@ detection: Image|endswith: '\wevtutil.exe' selection_wevtutil_command: CommandLine|contains: - - 'clear-log' # clears specified log - - 'cl' # short version of 'clear-log' - - 'set-log' # modifies config of specified log. could be uset to set it to a tiny size - - 'sl' # short version of 'set-log' + - ' clear-log ' # clears specified log + - ' cl ' # short version of 'clear-log' + - ' set-log ' # modifies config of specified log. could be uset to set it to a tiny size + - ' sl ' # short version of 'set-log' selection_other_ps: Image|endswith: '\powershell.exe' CommandLine|contains: - - 'Clear-EventLog' - - 'Remove-EventLog' - - 'Limit-EventLog' + - ' Clear-EventLog ' + - ' Remove-EventLog ' + - ' Limit-EventLog ' selection_other_wmic: Image|endswith: '\wmic.exe' - CommandLine|contains: 'ClearEventLog' + CommandLine|contains: ' ClearEventLog ' condition: 1 of selection_other_* or (selection_wevtutil_binary and selection_wevtutil_command) falsepositives: - Admin activity diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index e204a9d7..b5825dc0 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -22,8 +22,8 @@ detection: OriginalFileName: 'fsutil.exe' selection: CommandLine|contains: - - 'deletejournal' # usn deletejournal ==> generally ransomware or attacker - - 'createjournal' # usn createjournal ==> can modify config to set it to a tiny size + - ' deletejournal ' # usn deletejournal ==> generally ransomware or attacker + - ' createjournal ' # usn createjournal ==> can modify config to set it to a tiny size condition: (1 of binary_*) and selection falsepositives: - Admin activity From 3247d5692a87cf57099eda9bcd26e0ec3bee45e7 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 24 Feb 2020 09:25:20 -0500 Subject: [PATCH 066/714] wmiprvse subprocess: add fallback check on username instead of only logonid --- .../windows/process_creation/win_wmiprvse_spawning_process.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_wmiprvse_spawning_process.yml b/rules/windows/process_creation/win_wmiprvse_spawning_process.yml index a292011c..13251884 100644 --- a/rules/windows/process_creation/win_wmiprvse_spawning_process.yml +++ b/rules/windows/process_creation/win_wmiprvse_spawning_process.yml @@ -17,7 +17,8 @@ detection: selection: ParentImage|endswith: '\WmiPrvSe.exe' filter: - LogonId: '0x3e7' + - LogonId: '0x3e7' # LUID 999 for SYSTEM + - Username: 'NT AUTHORITY\SYSTEM' # if we don't have LogonId data, fallback on username detection condition: selection and not filter falsepositives: - Unknown From fa717233a9051df973009ec7a66275bd2ac35375 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 22:30:36 +0100 Subject: [PATCH 067/714] Updated changelog --- CHANGELOG.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6f8b0e8..0914cc5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,11 +13,22 @@ from version 0.14.0. * Proxy field names to ECS mapping (ecs-proxy) configuration * False positives metadata to LimaCharlie backend * Additional aggregation capabilitied for es-dsl backend. +* Azure log analytics rule backend (ala-rule) +* SQL backend +* Splunk Zeek sourcetype mapping config +* sigma2attack script ### Changed * Kibana object id is now Sigma rule id if available. Else the old naming scheme is used. +* sigma2misp: replacement of deprecated method usage. +* Various configuration updates + +### Fixed + +* Fixed aggregation queries for Elastalert backend +* Fixed aggregation queries for es-dsl backend ## 0.15.0 - 2019-12-06 @@ -122,4 +133,4 @@ from version 0.14.0. * Conditions in es-dsl backend * Sumologic handling of null values -* Ignore timeframe detection keyword in all/any of conditions \ No newline at end of file +* Ignore timeframe detection keyword in all/any of conditions From 4ee2c2762e558a1c2f835872eb8f596a40705a3c Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 22:59:59 +0100 Subject: [PATCH 068/714] Sorting of backend and configuration lists --- CHANGELOG.md | 3 ++- tools/sigmac | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6f8b0e8..39e748b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ from version 0.14.0. * Kibana object id is now Sigma rule id if available. Else the old naming scheme is used. +* Backend and configuration lists are sorted. ## 0.15.0 - 2019-12-06 @@ -122,4 +123,4 @@ from version 0.14.0. * Conditions in es-dsl backend * Sumologic handling of null values -* Ignore timeframe detection keyword in all/any of conditions \ No newline at end of file +* Ignore timeframe detection keyword in all/any of conditions diff --git a/tools/sigmac b/tools/sigmac index a8e54dbd..89129e7b 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -125,14 +125,14 @@ if cmdargs.debug: # pragma: no cover logger.setLevel(logging.DEBUG) def list_backends(): - for backend in backends.getBackendList(): + for backend in sorted(backends.getBackendList(), key=lambda backend: backend.identifier): if cmdargs.debug: print("{:>15} : {} ({})".format(backend.identifier, backend.__doc__, backend.__name__)) else: print("{:>15} : {}".format(backend.identifier, backend.__doc__)) def list_configurations(backend=None): - for conf_id, title, backends in scm.list(): + for conf_id, title, backends in sorted(scm.list(), key=lambda config: config[0]): if backend is not None and backend in backends or backend is None or len(backends) == 0: print("{:>30} : {}".format(conf_id, title)) From d9b48ea747ee4f7903f5d1a1f4b137d26553b75d Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 23:20:19 +0100 Subject: [PATCH 069/714] Fixes in es-rule backend --- tools/sigma/backends/elasticsearch.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index f1b55ef3..4450f77f 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -18,6 +18,8 @@ import json import re from fnmatch import fnmatch import sys +import os +from random import randrange import sigma import yaml @@ -992,9 +994,8 @@ class ElastalertBackendQs(ElastalertBackend, ElasticsearchQuerystringBackend): #Generate ES QS Query return [{ 'query' : { 'query_string' : { 'query' : super().generateQuery(parsed) } } }] - class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): - identifier = "elasticsearch-rule" + identifier = "es-rule" active = True def __init__(self, *args, **kwargs): @@ -1002,7 +1003,6 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): self.tactics = self._load_mitre_file("tactics") self.techniques = self._load_mitre_file("techniques") - def _load_mitre_file(self, mitre_type): try: backend_dir = os.path.normpath(os.path.join(os.path.dirname(os.path.abspath(__file__)), "..", "..", "config", "mitre")) @@ -1013,7 +1013,7 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): except (IOError, OSError) as e: print("Failed to open {} configuration file '%s': %s".format(path, str(e)), file=sys.stderr) return [] - except json.JSONDecoder as e: + except json.JSONDecodeError as e: print("Failed to parse {} configuration file '%s' as valid YAML: %s" % (path, str(e)), file=sys.stderr) return [] @@ -1025,7 +1025,6 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): rule = self.create_rule(configs) return rule - def create_threat_description(self, tactics_list, techniques_list): threat_list = list() for tactic in tactics_list: @@ -1134,4 +1133,4 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): "threat": threat, "version": 1 } - return json.dumps(rule) \ No newline at end of file + return json.dumps(rule) From 5b421359353310efe043599e4a39c11c6d79bfd2 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 23:20:48 +0100 Subject: [PATCH 070/714] Added es-rule backend to all ES configurations --- tools/config/ecs-proxy.yml | 1 + tools/config/filebeat-defaultindex.yml | 1 + tools/config/helk.yml | 3 ++- tools/config/logstash-defaultindex.yml | 1 + tools/config/logstash-linux.yml | 1 + tools/config/logstash-windows.yml | 1 + tools/config/winlogbeat-modules-enabled.yml | 1 + tools/config/winlogbeat-old.yml | 1 + tools/config/winlogbeat.yml | 1 + 9 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml index 9e75578c..f569ab47 100644 --- a/tools/config/ecs-proxy.yml +++ b/tools/config/ecs-proxy.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/filebeat-defaultindex.yml b/tools/config/filebeat-defaultindex.yml index 16e1ff0e..75f5451c 100644 --- a/tools/config/filebeat-defaultindex.yml +++ b/tools/config/filebeat-defaultindex.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/helk.yml b/tools/config/helk.yml index c0a65036..7042b25f 100644 --- a/tools/config/helk.yml +++ b/tools/config/helk.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert @@ -173,4 +174,4 @@ fieldmappings: Version: EventID=4: sysmon_version Workstation: src_host_name - WorkstationName: src_host_name \ No newline at end of file + WorkstationName: src_host_name diff --git a/tools/config/logstash-defaultindex.yml b/tools/config/logstash-defaultindex.yml index 49613971..b9287b51 100644 --- a/tools/config/logstash-defaultindex.yml +++ b/tools/config/logstash-defaultindex.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/logstash-linux.yml b/tools/config/logstash-linux.yml index 9eace7fe..645739d6 100644 --- a/tools/config/logstash-linux.yml +++ b/tools/config/logstash-linux.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml index ed94fc3d..20d39104 100644 --- a/tools/config/logstash-windows.yml +++ b/tools/config/logstash-windows.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 1bb9e200..7780562b 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index d9d17a6b..2cb46605 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index a5707d2a..52dfd658 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -3,6 +3,7 @@ order: 20 backends: - es-qs - es-dsl + - es-rule - kibana - xpack-watcher - elastalert From 6236429f3df50ca917abfcd0a3622f63214ae135 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 23:21:11 +0100 Subject: [PATCH 071/714] Added/changed CI tests --- Makefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d2998e79..a27d1580 100644 --- a/Makefile +++ b/Makefile @@ -38,14 +38,16 @@ test-sigmac: coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala-rule rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala --backend-config tests/backend_config.yml rules/windows/process_creation/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-dsl -c tools/config/winlogbeat.yml rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/winlogbeat.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t powershell -c tools/config/powershell.yml -Ocsv rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight -c tools/config/arcsight.yml rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight-esm -c tools/config/arcsight.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qradar -c tools/config/qradar.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t limacharlie -c tools/config/limacharlie.yml rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t carbonblack -c tools/config/carbon-black.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -O rulecomment -c sysmon rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=xcritical,status=stable,logsource=windows' rules/ > /dev/null From 5a2ccbd04099135b310b2551a17d512dec7fbe91 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Mon, 24 Feb 2020 23:27:22 +0100 Subject: [PATCH 072/714] Fixed ArcSight backend visibility --- Makefile | 1 + tools/sigma/backends/arcsight.py | 9 ++------- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index a27d1580..389d7973 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,7 @@ test-sigmac: coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-dsl -c tools/config/winlogbeat.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/winlogbeat.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t powershell -c tools/config/powershell.yml -Ocsv rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight -c tools/config/arcsight.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight-esm -c tools/config/arcsight.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qradar -c tools/config/qradar.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t limacharlie -c tools/config/limacharlie.yml rules/ > /dev/null diff --git a/tools/sigma/backends/arcsight.py b/tools/sigma/backends/arcsight.py index 10a06273..2d92d59e 100644 --- a/tools/sigma/backends/arcsight.py +++ b/tools/sigma/backends/arcsight.py @@ -151,9 +151,8 @@ class ArcSightBackend(SingleTextQueryBackend): return "(" + self.orToken.join([self.generateNode(val) for val in new_value]) + ")" return "(" + self.orToken.join([self.generateNode(val) for val in node]) + ")" - -class ArcSightBackend(SingleTextQueryBackend): - """Converts Sigma rule into ArcSight saved search. Contributed by SOC Prime. https://socprime.com""" +class ArcSightESMBackend(SingleTextQueryBackend): + """Converts Sigma rule into ArcSight ESM saved search. Contributed by SOC Prime. https://socprime.com""" reEscape = re.compile('(["\\\()])') identifier = "arcsight-esm" active = True @@ -188,13 +187,11 @@ class ArcSightBackend(SingleTextQueryBackend): def generateCleanValueNodeLogsource(self, value): return self.valueExpression % (self.cleanValue(str(value))) - def CleanNode(self, node): if isinstance(node, str) and "*" in node and not node.startswith("*") and not node.endswith("*"): node = ["*{}*".format(x) for x in node.split('*') if x] return node - #Clearing values from special characters. def generateMapItemNode(self, node): key, value = node @@ -245,8 +242,6 @@ class ArcSightBackend(SingleTextQueryBackend): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - - # for keywords values with space def generateValueNode(self, node): if type(node) is int: From 8f7ee21d5c9703d28f27990649eda8655fe612b5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 25 Feb 2020 11:09:10 +0100 Subject: [PATCH 073/714] docs: detection rule license --- LICENSE.Detection.Rules.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 LICENSE.Detection.Rules.md diff --git a/LICENSE.Detection.Rules.md b/LICENSE.Detection.Rules.md new file mode 100644 index 00000000..9e98b776 --- /dev/null +++ b/LICENSE.Detection.Rules.md @@ -0,0 +1,13 @@ +# Detection Rule License (DRL) 1.0 + +Permission is hereby granted, free of charge, to any person obtaining a copy of this rule set and associated documentation files (the "Rules"), to deal in the Rules without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Rules, and to permit persons to whom the Rules are furnished to do so, subject to the following conditions: + +If you share the Rules (including in modified form), you must retain the following if it is supplied within the Rules: + +1. identification of the authors(s) ("author" field) of the Rule and any others designated to receive attribution, in any reasonable manner requested by the Rule author (including by pseudonym if designated). + +2. a URI or hyperlink to the Rule set or explicit Rule to the extent reasonably practicable + +3. indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License + +THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER DEALINGS IN THE RULES. \ No newline at end of file From 5d96f81a8485ce6667959b4099869fbc2ff25b8a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 25 Feb 2020 11:12:11 +0100 Subject: [PATCH 074/714] fix: lowered level due to false positives --- .../powershell/powershell_alternate_powershell_hosts.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml index 7cad1809..0feb2c68 100644 --- a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml +++ b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml @@ -3,6 +3,7 @@ id: 64e8e417-c19a-475a-8d19-98ea705394cc description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe status: experimental date: 2019/08/11 +modified: 2020/02/25 author: Roberto Rodriguez @Cyb3rWard0g references: - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/alternate_signed_powershell_hosts.md @@ -25,5 +26,6 @@ detection: # can't be referred directly as event field. condition: selection and not filter falsepositives: - - Programs using PowerShell directly without invocation of a dedicated interpreter. -level: high + - Programs using PowerShell directly without invocation of a dedicated interpreter + - MSP Detection Searcher +level: medium From 950fa18418b104471a0644ee2ebbd6b06dcff8d5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 25 Feb 2020 11:12:47 +0100 Subject: [PATCH 075/714] fix: changed titles to avoid duplicates --- .../sysmon/sysmon_alternate_powershell_hosts_moduleload.yml | 2 +- rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml index a9b4243f..5a1abf5e 100644 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml +++ b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml @@ -1,4 +1,4 @@ -title: Alternate PowerShell Hosts +title: Alternate PowerShell Hosts Module Load id: f67f6c57-257d-4919-a416-69cd31f9aac3 description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe status: experimental diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml index b96fcf27..fb702e8a 100644 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml +++ b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml @@ -1,4 +1,4 @@ -title: Alternate PowerShell Hosts +title: Alternate PowerShell Hosts Pipe id: 58cb02d5-78ce-4692-b3e1-dce850aae41a description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe status: experimental From dd1a0e764ce4e5c1d77c80e4a4835d6f0ca97080 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 25 Feb 2020 11:13:58 +0100 Subject: [PATCH 076/714] docs: more false positive conditions --- .../windows/powershell/powershell_alternate_powershell_hosts.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml index 0feb2c68..37f10827 100644 --- a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml +++ b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml @@ -28,4 +28,5 @@ detection: falsepositives: - Programs using PowerShell directly without invocation of a dedicated interpreter - MSP Detection Searcher + - Citrix ConfigSync.ps1 level: medium From bb1eecfe147700812004c1c031df5852062e36fc Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:17:33 -0500 Subject: [PATCH 077/714] Update sysmon_susp_office_dotnet_assembly_dll_load.yml --- .../sysmon_susp_office_dotnet_assembly_dll_load.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 4d3ffdca..575e76fa 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' + - '*winword.exe*' + - '*powerpnt.exe*' + - '*excel.exe*' + - '*outlook.exe*' ImageLoaded: - - '*C:\Windows\assembly\' + - '*C:\Windows\assembly\*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From c5b42aeaedaf9de9cc322603214c1f38b1380c6d Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:19:03 -0500 Subject: [PATCH 078/714] Update sysmon_susp_office_dotnet_clr_dll_load.yml --- rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml index 11950a5a..42b6858b 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -21,7 +21,7 @@ detection: - '*\excel.exe' - '*\outlook.exe' ImageLoaded: - - '*clr.dll*' + - '*\clr.dll*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From 45e4a585bfd059935bb273e7e3c5e8fcf9f61481 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:22:37 -0500 Subject: [PATCH 079/714] Update sysmon_susp_office_dotnet_gac_dll_load.yml --- .../sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index 3bcbed79..9806cf08 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' ImageLoaded: - - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL' + - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From 8141b1ae904bbf7cedad47404bcf860906615b9e Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:22:56 -0500 Subject: [PATCH 080/714] Update sysmon_susp_office_dsparse_dll_load.yml --- rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml index 1c37a971..232f7190 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml @@ -21,7 +21,7 @@ detection: - '*\excel.exe' - '*\outlook.exe' ImageLoaded: - - '*dsparse.dll*' + - '*\dsparse.dll*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From f92e2f2b18db977db65bf3d048e6b3876d49b894 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:23:22 -0500 Subject: [PATCH 081/714] Update sysmon_susp_office_dotnet_assembly_dll_load.yml --- .../sysmon_susp_office_dotnet_assembly_dll_load.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 575e76fa..1690d51b 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -16,10 +16,10 @@ detection: selection: EventID: 7 Image: - - '*winword.exe*' - - '*powerpnt.exe*' - - '*excel.exe*' - - '*outlook.exe*' + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' ImageLoaded: - '*C:\Windows\assembly\*' condition: selection From 4c5d48942801f95b347a4060fab94ba416d66d98 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:23:52 -0500 Subject: [PATCH 082/714] Update sysmon_susp_office_kerberos_dll_load.yml --- .../sysmon/sysmon_susp_office_kerberos_dll_load.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index e9a29a9b..1cd4628b 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' ImageLoaded: - - '*kerberos.dll*' + - '*\kerberos.dll*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From e8b861bff45dbaa49347b189a03c5387d13b8386 Mon Sep 17 00:00:00 2001 From: Antonlovesdnb Date: Tue, 25 Feb 2020 09:24:29 -0500 Subject: [PATCH 083/714] Update sysmon_susp_winword_vbadll_load.yml --- .../sysmon/sysmon_susp_winword_vbadll_load.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index 6d08ee6f..e2d29894 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -16,14 +16,14 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' ImageLoaded: - - '*\VBE7.DLL' - - '*\VBEUI.DLL' - - '*\VBE7INTL.DLL' + - '*\VBE7.DLL*' + - '*\VBEUI.DLL*' + - '*\VBE7INTL.DLL*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate From 65444f7a7764a163ed2c759a1d52383bfcdb116c Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 25 Feb 2020 22:19:52 +0100 Subject: [PATCH 084/714] Release 0.16.0 --- CHANGELOG.md | 2 +- tools/setup.py | 46 +++++++++++++++++++++++++--------------------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1e6e255a..692b1532 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) from version 0.14.0. -## Unreleased +## 0.16.0 - 2020-02-25 ### Added diff --git a/tools/setup.py b/tools/setup.py index b9d37db1..11d0add3 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -13,7 +13,7 @@ with open(path.join(here, 'README.md'), encoding='utf-8') as f: setup( name='sigmatools', - version='0.15.0', + version='0.16.0', description='Tools for the Generic Signature Format for SIEM Systems', long_description=long_description, long_description_content_type="text/markdown", @@ -48,26 +48,30 @@ setup( }, data_files=[ ('etc/sigma', [ - 'config/sumologic.yml', - 'config/logstash-defaultindex.yml', - 'config/powershell.yml', - 'config/logstash-windows.yml', - 'config/splunk-windows.yml', - 'config/splunk-windows-index.yml', - 'config/netwitness.yml', - 'config/arcsight.yml', - 'config/qualys.yml', - 'config/logstash-linux.yml', - 'config/thor.yml', - 'config/filebeat-defaultindex.yml', - 'config/logpoint-windows.yml', - 'config/helk.yml', - 'config/qradar.yml', - 'config/winlogbeat-modules-enabled.yml', - 'config/winlogbeat.yml', - 'config/winlogbeat-old.yml', - 'config/ecs-proxy.yml', - 'config/limacharlie.yml', + "config/arcsight.yml", + "config/carbon-black.yml", + "config/ecs-proxy.yml", + "config/filebeat-defaultindex.yml", + "config/helk.yml", + "config/limacharlie.yml", + "config/logpoint-windows.yml", + "config/logstash-defaultindex.yml", + "config/logstash-linux.yml", + "config/logstash-windows.yml", + "config/mitre/tactics.json", + "config/mitre/techniques.json", + "config/netwitness.yml", + "config/powershell.yml", + "config/qradar.yml", + "config/qualys.yml", + "config/splunk-windows-index.yml", + "config/splunk-windows.yml", + "config/splunk-zeek.yml", + "config/sumologic.yml", + "config/thor.yml", + "config/winlogbeat-modules-enabled.yml", + "config/winlogbeat-old.yml", + "config/winlogbeat.yml", ]), ('etc/sigma/generic', [ 'config/generic/sysmon.yml', From 74f3fe70ccc40dff72bb5f710285e28c32266e08 Mon Sep 17 00:00:00 2001 From: Tom Georgen Date: Tue, 25 Feb 2020 16:30:41 -0500 Subject: [PATCH 085/714] fix missing status & description in status field --- rules/windows/process_creation/win_rdp_hijack_shadowing.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_rdp_hijack_shadowing.yml b/rules/windows/process_creation/win_rdp_hijack_shadowing.yml index f08c5f3f..9285babd 100644 --- a/rules/windows/process_creation/win_rdp_hijack_shadowing.yml +++ b/rules/windows/process_creation/win_rdp_hijack_shadowing.yml @@ -1,7 +1,7 @@ title: MSTSC Shadowing id: 6ba5a05f-b095-4f0a-8654-b825f4f16334 -status: Detects RDP session hijacking by using MSTSC shadowing -description: +description: Detects RDP session hijacking by using MSTSC shadowing +status: experimental author: Florian Roth date: 2020/01/24 references: From e7aff17e72167fd0a449330ab798e89d62b9fa2f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 26 Feb 2020 09:26:19 +0100 Subject: [PATCH 086/714] FP: OneDrive setup --- .../sysmon/sysmon_susp_run_key_img_folder.yml | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index 5d5dbd17..c0fb30f8 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -9,7 +9,7 @@ tags: - attack.persistence - attack.t1060 date: 2018/25/08 -modified: 2019/10/01 +modified: 2020/02/26 logsource: product: windows service: sysmon @@ -17,23 +17,26 @@ detection: selection: EventID: 13 TargetObject: - - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' - - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' + - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' + - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' Details: - - '*C:\Windows\Temp\\*' - - '*\AppData\\*' - - '%AppData%\\*' - - '*C:\$Recycle.bin\\*' - - '*C:\Temp\\*' - - '*C:\Users\Public\\*' - - '%Public%\\*' - - '*C:\Users\Default\\*' - - '*C:\Users\Desktop\\*' - - 'wscript*' - - 'cscript*' - condition: selection + - '*C:\Windows\Temp\\*' + - '*\AppData\\*' + - '%AppData%\\*' + - '*C:\$Recycle.bin\\*' + - '*C:\Temp\\*' + - '*C:\Users\Public\\*' + - '%Public%\\*' + - '*C:\Users\Default\\*' + - '*C:\Users\Desktop\\*' + - 'wscript*' + - 'cscript*' + filter: + Details|contains: + - '\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe' # OneDrive False Positives + condition: selection and not filter fields: - Image falsepositives: - - Software with rare behaviour + - Software using the AppData folders for updates level: high From 4f3e3166d38a0cff3fea26ab108fa71bb0ca2a29 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 26 Feb 2020 09:33:55 +0100 Subject: [PATCH 087/714] fixing false positives --- .../win_copying_sensitive_files_with_credential_data.yml | 6 +++--- rules/windows/sysmon/sysmon_suspicious_remote_thread.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml index 4b3adbbb..f7b43d2d 100644 --- a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml +++ b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml @@ -21,13 +21,13 @@ detection: - Image|endswith: '\esentutl.exe' CommandLine|contains: - 'vss' - - '/m' - - '/y' + - ' /m ' + - ' /y ' - CommandLine|contains: - '\windows\ntds\ntds.dit' - '\config\sam' - '\config\security' - - '\config\system' + - '\config\system ' # space needed to avoid false positives with \config\systemprofile\ - '\repair\sam' - '\repair\system' - '\repair\security' diff --git a/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml b/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml index c940f99f..8d1519e4 100644 --- a/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml +++ b/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml @@ -59,7 +59,7 @@ detection: - '\schtasks.exe' - '\smartscreen.exe' - '\spoolsv.exe' - - '\taskhost.exe' + # - '\taskhost.exe' # disabled due to false positives - '\tstheme.exe' - '\userinit.exe' - '\vssadmin.exe' From 1c90d6badd65d59b861ad3e4da196761373ad60d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 26 Feb 2020 09:42:31 +0100 Subject: [PATCH 088/714] level increased --- rules/windows/process_creation/win_hack_koadic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_hack_koadic.yml b/rules/windows/process_creation/win_hack_koadic.yml index 0b926c92..9e8b46fa 100644 --- a/rules/windows/process_creation/win_hack_koadic.yml +++ b/rules/windows/process_creation/win_hack_koadic.yml @@ -24,4 +24,4 @@ fields: - ParentCommandLine falsepositives: - Pentest -level: medium +level: high From ca2cc87f0c8e8e05886f4c250a73efa6736b2197 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 26 Feb 2020 09:43:29 +0100 Subject: [PATCH 089/714] fixed regex syntax to wildcard syntax --- rules/proxy/proxy_raw_paste_service_access.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/proxy/proxy_raw_paste_service_access.yml b/rules/proxy/proxy_raw_paste_service_access.yml index a752099c..eba8c9a1 100644 --- a/rules/proxy/proxy_raw_paste_service_access.yml +++ b/rules/proxy/proxy_raw_paste_service_access.yml @@ -17,7 +17,7 @@ detection: - '.paste.ee/r/' - '.pastebin.com/raw/' - '.hastebin.com/raw/' - - '.ghostbin.co/paste/.+/raw/' + - '.ghostbin.co/paste/*/raw/' condition: selection fields: - ClientIP From 6bbd80a8eec02a4a06021c0549a60d5cc45c796c Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 26 Feb 2020 18:31:58 +0100 Subject: [PATCH 090/714] fix: broader exclusion for rule - OneDrive false positives --- rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index c0fb30f8..bf8515aa 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -33,7 +33,7 @@ detection: - 'cscript*' filter: Details|contains: - - '\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe' # OneDrive False Positives + - '\AppData\Local\Microsoft\OneDrive\' # OneDrive False Positives condition: selection and not filter fields: - Image From 72e34d2aa51b89a77e75607217a1f97e71618b5c Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Thu, 27 Feb 2020 12:51:10 +0100 Subject: [PATCH 091/714] CVE 2020-0688 Exploit attempt rule --- .../web_exchange_cve_2020_0688_exploit.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/web/web_exchange_cve_2020_0688_exploit.yml diff --git a/rules/web/web_exchange_cve_2020_0688_exploit.yml b/rules/web/web_exchange_cve_2020_0688_exploit.yml new file mode 100644 index 00000000..1f69968a --- /dev/null +++ b/rules/web/web_exchange_cve_2020_0688_exploit.yml @@ -0,0 +1,22 @@ +title: CVE-2020-0688 Exploitation attempt +id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a +status: experimental +description: Detects CVE-2020-0688 Exploitation attempts +references: + - https://github.com/Ridter/cve-2020-0688 +author: NVISO +date: 2020/02/27 +tags: + - attack.t1210 +logsource: + category: webserver +detection: + selection: + c-uri-path|contains|all: + - "/ecp/default.aspx" + - "__VIEWSTATEGENERATOR=" + - "__VIEWSTATE=" + condition: selection +falsepositives: + - Unknown +level: high From ff35eb00528ad07d7c698e39359b314dc26798b6 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Thu, 27 Feb 2020 12:56:56 +0100 Subject: [PATCH 092/714] Title capitalization --- rules/web/web_exchange_cve_2020_0688_exploit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_exchange_cve_2020_0688_exploit.yml b/rules/web/web_exchange_cve_2020_0688_exploit.yml index 1f69968a..4c5ff1c4 100644 --- a/rules/web/web_exchange_cve_2020_0688_exploit.yml +++ b/rules/web/web_exchange_cve_2020_0688_exploit.yml @@ -1,4 +1,4 @@ -title: CVE-2020-0688 Exploitation attempt +title: CVE-2020-0688 Exploitation Attempt id: 7c64e577-d72e-4c3d-9d75-8de6d1f9146a status: experimental description: Detects CVE-2020-0688 Exploitation attempts From 4f45e14a56c4e2471b91b8b6e5576af0420b7857 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Thu, 27 Feb 2020 13:23:25 +0100 Subject: [PATCH 093/714] Match on c-uri instead of c-uri-path --- rules/web/web_exchange_cve_2020_0688_exploit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_exchange_cve_2020_0688_exploit.yml b/rules/web/web_exchange_cve_2020_0688_exploit.yml index 4c5ff1c4..2f0cc29c 100644 --- a/rules/web/web_exchange_cve_2020_0688_exploit.yml +++ b/rules/web/web_exchange_cve_2020_0688_exploit.yml @@ -12,7 +12,7 @@ logsource: category: webserver detection: selection: - c-uri-path|contains|all: + c-uri|contains|all: - "/ecp/default.aspx" - "__VIEWSTATEGENERATOR=" - "__VIEWSTATE=" From 58f5fa1b8ea0ab80d3d23158ee847b6bc227e52f Mon Sep 17 00:00:00 2001 From: vunx2 Date: Fri, 28 Feb 2020 16:56:48 +0700 Subject: [PATCH 094/714] change to github --- tools/config/arcsight.yml | 352 ++ tools/config/carbon-black.yml | 74 + tools/config/carbonblack.yml | 36 + tools/config/ecs-proxy.yml | 25 + tools/config/filebeat-defaultindex.yml | 12 + tools/config/generic/sysmon.yml | 11 + tools/config/generic/windows-audit.yml | 14 + tools/config/helk.yml | 177 + tools/config/limacharlie.yml | 11 + tools/config/logpoint-windows.yml | 149 + tools/config/logstash-defaultindex.yml | 12 + tools/config/logstash-linux.yml | 25 + tools/config/logstash-windows.yml | 45 + tools/config/mitre/tactics.json | 202 + tools/config/mitre/techniques.json | 4353 +++++++++++++++++++ tools/config/netwitness.yml | 92 + tools/config/powershell.yml | 71 + tools/config/qradar.yml | 77 + tools/config/qualys.yml | 20 + tools/config/splunk-windows-index.yml | 11 + tools/config/splunk-windows.yml | 74 + tools/config/splunk-zeek.yml | 46 + tools/config/sumologic.yml | 110 + tools/config/thor.yml | 90 + tools/config/winlogbeat-modules-enabled.yml | 215 + tools/config/winlogbeat-old.yml | 188 + tools/config/winlogbeat.yml | 188 + tools/sigma/backends/carbonblack.py | 178 +- tools/sigma/eventdict.py | 4 +- 29 files changed, 6711 insertions(+), 151 deletions(-) create mode 100644 tools/config/arcsight.yml create mode 100644 tools/config/carbon-black.yml create mode 100644 tools/config/carbonblack.yml create mode 100644 tools/config/ecs-proxy.yml create mode 100644 tools/config/filebeat-defaultindex.yml create mode 100644 tools/config/generic/sysmon.yml create mode 100644 tools/config/generic/windows-audit.yml create mode 100644 tools/config/helk.yml create mode 100644 tools/config/limacharlie.yml create mode 100644 tools/config/logpoint-windows.yml create mode 100644 tools/config/logstash-defaultindex.yml create mode 100644 tools/config/logstash-linux.yml create mode 100644 tools/config/logstash-windows.yml create mode 100644 tools/config/mitre/tactics.json create mode 100644 tools/config/mitre/techniques.json create mode 100644 tools/config/netwitness.yml create mode 100644 tools/config/powershell.yml create mode 100644 tools/config/qradar.yml create mode 100644 tools/config/qualys.yml create mode 100644 tools/config/splunk-windows-index.yml create mode 100644 tools/config/splunk-windows.yml create mode 100644 tools/config/splunk-zeek.yml create mode 100644 tools/config/sumologic.yml create mode 100644 tools/config/thor.yml create mode 100644 tools/config/winlogbeat-modules-enabled.yml create mode 100644 tools/config/winlogbeat-old.yml create mode 100644 tools/config/winlogbeat.yml diff --git a/tools/config/arcsight.yml b/tools/config/arcsight.yml new file mode 100644 index 00000000..f6a9bc53 --- /dev/null +++ b/tools/config/arcsight.yml @@ -0,0 +1,352 @@ +title: ArcSight +order: 20 +backends: + - arcsight + - arcsight-esm +logsources: + linux: + product: linux + conditions: + deviceVendor: Unix + linux-sshd: + product: linux + service: sshd + conditions: + deviceVendor: Unix + linux-vsftpd: + product: linux + service: vsftpd + conditions: + deviceVendor: Unix + linux-auth: + product: linux + service: auth + conditions: + deviceVendor: Unix + linux-clamav: + product: linux + service: clamav + conditions: + deviceVendor: Unix + antivirus: + product: antivirus + conditions: + categoryDeviceGroup: /IDS/Host/AntiVirus + windows-dns: + product: windows + service: dns-server + conditions: + deviceVendor: Microsoft + deviceProduct: DNS-Server + windows-pc: + product: windows + service: powershell-classic + conditions: + deviceVendor: Microsoft + windows-sys: + product: windows + service: sysmon + conditions: + deviceVendor: Microsoft + deviceProduct: Sysmon + windows-sec: + product: windows + service: security + conditions: + deviceVendor: Microsoft + deviceProduct: Microsoft Windows + windows-power: + product: windows + service: powershell + conditions: + deviceVendor: Microsoft + windows-dhcp: + product: windows + service: dhcp + conditions: + deviceVendor: Microsoft + windows-system: + product: windows + service: system + conditions: + deviceVendor: Microsoft + windows-wmi: + product: windows + service: wmi + conditions: + deviceVendor: Microsoft + windows-driver-framework: + product: windows + service: driver-framework + conditions: + deviceVendor: Microsoft + windows-defender: + product: windows_defender + conditions: + deviceVendor: Microsoft + windows-driver: + product: windows + service: driver-framework + conditions: + deviceVendor: Microsoft + windows-app: + product: windows + service: application + conditions: + deviceVendor: Microsoft + proxy: + category: proxy + conditions: + categoryDeviceGroup: /Proxy + python: + product: python + conditions: + deviceProduct: Python + categoryDeviceGroup: /Application + ruby_on_rails: + product: ruby_on_rails + conditions: + deviceProduct: Ruby on Rails + categoryDeviceGroup: /Application + spring: + product: spring + conditions: + deviceProduct: Spring + categoryDeviceGroup: /Application + apache: + product: apache + conditions: + deviceProduct: Apache + categoryDeviceGroup: /Application + firewall: + product: firewall + conditions: + categoryDeviceGroup: /Firewall +fieldmappings: + EventID: externalId + Event-ID: externalId + Event_ID: externalId + eventId: externalId + event_id: externalId + event-id: externalId + eventid: externalId + dst: + - destinationAddress + dst_ip: + - destinationAddress + dst-ip: + - destinationAddress + src: + - sourceAddress + src_ip: + - sourceAddress + src-ip: + - sourceAddress + TargetImage: + - destinationProcessName + - filePath + ImageLoaded: + - destinationProcessName + - deviceCustomString1 + - filePath + - destinationProcessName + Image: + - deviceProcessName + - destinationProcessName + - sourceProcessName + ParentImage: + - sourceProcessName + LogonProcessName: + - destinationProcessName + - sourceProcessName + TargetProcessId: + - destinationProcessId + User: + - sourceUserName + TargetUserName: + - destinationUserName + LogonId: + - sourceUserId + SourceIp: + - sourceAddress + SourceNetworkAddress: + - sourceAddress + SourcePort: + - sourcePort + SourceHostname: + - sourceHostName + ParentProcessId: + - sourceProcessId + SourceProcessId: + - sourceProcessId + ProcessId: + - deviceProcessId + - destinationProcessId + DestinationPort: + - destinationPort + DestinationIp: + - destinationAddress + DestinationHostname: + - destinationHostName + DestinationIsIpv6: + - destinationIsIpv6 + SourcePortName: + - sourcePortName + DestinationPortName: + - destinationPortName + SourceIsIpv6: + - sourceIsIpv6 + FileVersion: + - fileId + Protocol: + - transportProtocol + TargetFilename: + - filePath + TargetFileName: + - filePath + Hashes: + - fileHash + Hash: + - fileHash + file_hash: + - fileHash + State: + - deviceAction + EventType: + - deviceAction + RuleName: + - deviceFacility + - reason + SourceImage: + - sourceProcessName + TerminalSessionId: + - deviceCustomNumber2 + SequenceNumber: + - deviceCustomNumber3 + Initiated: + - deviceCustomString4 + IntegrityLevel: + - deviceCustomString1 + - deviceCustomString5 + ProcessGuid: + - fileId + - deviceCustomString6 + SourceProcessGUID: + - flexString1 + TargetProcessGUID: + - fileId + - flexString2 + ParentProcessGuid: + - oldFileId + - deviceCustomString4 + Product: + - destinationServiceName + OriginalFileName: + - oldFilePath + Version: + - deviceCustomString1 + SchemaVersion: + - deviceCustomString2 + Signed: + - fileType + - deviceCustomString1 + Signature: + - deviceCustomString2 + SignatureStatus: + - filePermission + - deviceCustomString3 + NewThreadId: + - deviceCustomString1 + StartAddress: + - deviceCustomString2 + StartModule: + - deviceCustomString3 + StartFunction: + - deviceCustomString4 + Device: + - deviceCustomString5 + - deviceCustomString1 + GrantedAccess: + - deviceCustomString1 + - deviceCustomString2 + CallTrace: + - oldFilePath + - deviceCustomString3 + TargetObject: + - filePath + Details: + - deviceCustomString4 + - deviceCustomString1 + NewName: + - filePath + Configuration: + - filePath + PipeName: + - deviceCustomString6 + - fileName + Name: + - deviceCustomString1 + Operation: + - deviceCustomString2 + EventNamespace: + - deviceCustomString3 + Query: + - deviceCustomString4 + Type: + - deviceCustomString3 + Destination: + - fileName + Consumer: + - deviceCustomString1 + Filter: + - deviceCustomString3 + QueryName: + - destinationHostName + - requestUrl + QueryResults: + - deviceCustomString4 + - deviceCustomString1 + ID: + - deviceCustomString1 + Description: + - message + CommandLine: + - destinationServiceName + - deviceCustomString1 + ParentCommandLine: + - deviceCustomString2 + - sourceServiceName + CurrentDirectory: + - oldFilePath + LogonGuid: + - deviceCustomString6 + UserAgent: + - requestClientApplication + URL: + - requestUrl + - requestUrlQuery + FileName: + - fileName + - filePath + cs-uri-extension: + - fileType + c-uri-extension: + - fileType + s-dns: + - destinationDnsDomain + - destinationHost + r-dns: + - destinationDnsDomain + - destinationHost + event.name: + - name + http.request.body.content: + - requestUrl + url.query: + - requestUrl + cs-uri-path: + - filePath + keywords: + - deviceCustomString1 + ScriptBlockText: + - deviceCustomString1 \ No newline at end of file diff --git a/tools/config/carbon-black.yml b/tools/config/carbon-black.yml new file mode 100644 index 00000000..6b034c6e --- /dev/null +++ b/tools/config/carbon-black.yml @@ -0,0 +1,74 @@ +title: CarbonBlack field mapping +order: 20 +backends: + - carbonblack +fieldmappings: + AccountName: username + CommandLine: cmdline + ComputerName: hostname + CurrentDirectory: path + Description: product_name + DestinationHostname: winlog.event_data.DestinationHostname + DestinationIp: ipaddr + DestinationIsIpv6: ipaddr + DestinationPort: ipport + Image: process_name + ImageLoaded: modload + ImagePath: path + NewProcessName: process_name + #ParentCommandLine: NONE?? + ParentProcessName: parent_name + ParentImage: parent_name + Path: path + ProcessCommandLine: cmdline + ProcessName: process_name + Signature: digsig_result + + + +# DestinationHostname: hostname +# DestinationIp: ipaddr +# DestinationPort: ipport +# +# SourceIp: ipaddr +# SourcePort: ipport +# +# IpAddress: ipaddr +# IpPort: ipport +# +# ProcessName: process_name +# ParentProcessName: parent_name +# +# TargetDomainName: domain +# +# Image: path +# ImagePath: path +# ImageLoaded: path +# Path: path +# TargetFilename: path +# +# Hashes: md5 +# Imphash: md5 +# +# +# User: username +# SubjectDomainName: domain +# SubjectUserName: username +# +# WorkstationName: domain +# +# CommandLine: cmdline +# ComputerName: hostname +# +# FileVersion: product_version +# Description: product_desc +# Product: product_name +# Company: company_name +# +# Keywords: process_name +# Computer: host_type + + +excludedfields: + - EventID + - Robot2 diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml new file mode 100644 index 00000000..e9f808ec --- /dev/null +++ b/tools/config/carbonblack.yml @@ -0,0 +1,36 @@ +title: Splunk Windows log source conditions +order: 20 +backends: + - splunk + - carbonblack + - sumologic + +fieldmappings: + Image: path + CurrentDirectory: path + SourceIp: ipaddr + ImageLoaded: modload + CommandLine: cmdline + ProcessCommandLine: cmdline + DestinationIp: ipaddr + DestinationAddress: ipaddr + DestinationPort: ipport + DestPort: ipport + TargetObject: regmod + TargetFilename: filemod + TargetFileName: filemod + Targetfilename: filemod + ParentImage: parent_name + SourceImage: parent_name + TargetImage: childproc_name + NewProcessName: childproc_name + Description: file_desc + Product: product_name + Signature: digsig_publisher + CallTrace: modload + DestinationHostname: domain + User: username + StartModule: modload + Company: company_name + Description: file_desc + FileVersion: file_version \ No newline at end of file diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml new file mode 100644 index 00000000..f569ab47 --- /dev/null +++ b/tools/config/ecs-proxy.yml @@ -0,0 +1,25 @@ +title: Elastic Common Schema mapping for proxy logs +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + proxy: + category: proxy + index: filebeat-* +fieldmappings: + c-uri: url.original + c-uri-extension: url.extension + c-uri-query: url.query + c-uri-stem: url.original + c-useragent: user_agent.original + cs-cookie: http.cookie + cs-host: url.domain + cs-method: http.request.method + r-dns: url.domain + sc-status: http.response.status_code diff --git a/tools/config/filebeat-defaultindex.yml b/tools/config/filebeat-defaultindex.yml new file mode 100644 index 00000000..75f5451c --- /dev/null +++ b/tools/config/filebeat-defaultindex.yml @@ -0,0 +1,12 @@ +title: Elastic Filebeat default index name +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +defaultindex: + - filebeat-* diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml new file mode 100644 index 00000000..63097f0d --- /dev/null +++ b/tools/config/generic/sysmon.yml @@ -0,0 +1,11 @@ +title: Conversion of generic rules into Sysmon +order: 10 +logsources: + process_creation: + category: process_creation + product: windows + conditions: + EventID: 1 + rewrite: + product: windows + service: sysmon diff --git a/tools/config/generic/windows-audit.yml b/tools/config/generic/windows-audit.yml new file mode 100644 index 00000000..83b143c9 --- /dev/null +++ b/tools/config/generic/windows-audit.yml @@ -0,0 +1,14 @@ +title: Conversion of generic process_creation rules into Security/4688 +order: 10 +logsources: + process_creation: + category: process_creation + product: windows + conditions: + EventID: 4688 + rewrite: + product: windows + service: security +fieldmappings: + Image: NewProcessName + ParentImage: ParentProcessName diff --git a/tools/config/helk.yml b/tools/config/helk.yml new file mode 100644 index 00000000..944e1410 --- /dev/null +++ b/tools/config/helk.yml @@ -0,0 +1,177 @@ +title: HELK index patterns and OSSEM field mappings +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + windows-application: + product: windows + service: application + index: logs-endpoint-winevent-application-* + windows-security: + product: windows + service: security + index: logs-endpoint-winevent-security-* + windows-sysmon: + product: windows + service: sysmon + index: logs-endpoint-winevent-sysmon-* + windows-system: + product: windows + service: system + index: logs-endpoint-winevent-system-* + windows-wmi: + product: windows + service: wmi + index: logs-endpoint-winevent-wmiactivity-* + windows-powershell: + product: windows + service: powershell + index: logs-endpoint-winevent-powershell-* + windows-powershell-classic: + product: windows + service: powershell-classic + index: logs-endpoint-winevent-powershell-* +defaultindex: logs-* +fieldmappings: + AccessMask: object_access_mask_requested + AccountName: user_name + AllowedToDelegateTo: user_attribute_allowed_todelegate + AttributeLDAPDisplayName: dsobject_attribute_name + AuditPolicyChanges: policy_changes + AuthenticationPackageName: logon_authentication_package + CallingProcessName: process_path + CallTrace: process_call_trace + ClientAddress: src_ip_addr + ClientIPAddress: src_ip_addr + ClientIP: src_ip_addr + CommandLine: process_command_line + Company: file_company + ComputerName: host_name + Configuration: + EventID=16: sysmon_configuration + ConnectedViaIPAddress: dst_nat_ip_addr + CurrentDirectory: process_current_directory + Description: file_description + DestAddress: dst_ip_addr + Destination: + EventID=20: wmi_consumer_destination + DestinationHostname: dst_host_name + DestinationIp: dst_ip_addr + DestinationPort: dst_port + DestinationPortName: dst_port_name + Details: + EventID=13: registry_key_value + Device: device_name + EngineVersion: powershell.engine.version + EventID: event_id + EventType: event_type + EventNamespace: + EventID=19: wmi_namespace + Filter: + EventID=21: wmi_filter_path + FailureCode: ticket_failure_code + FileName: file_name + FileVersion: file_version + GrantedAccess: process_granted_access + GroupName: group_name + GroupSid: group_sid + HiveName: hive_name + HostVersion: powershell.host.version + Image: process_path + ImageLoaded: + EventID=6: driver_loaded + EventID=7: module_loaded + Imphash: hash_imphash + Initiated: + EventID=3: network_initiated + IntegrityLevel: + EventID=1: process_integrity_level + ipAddress: dst_ip_addr + IpAddress: src_ip_addr + IPString: src_ip_addr + LaunchedViaIPAddress: dst_ip_addr + LogonProcessName: logon_process_name + LogonType: logon_type + MachineIpAddress: dst_ip_addr + MachineName: host_name + Name: + EventID=19: wmi_name + EventID=20: wmi_name + NewProcessName: process_path + NewName: + EventID=14: registry_key_new_name + ObjectClass: dsobject_class + ObjectName: object_name + ObjectType: object_type + ObjectValueName: object_value_name + Operation: + EventID=19: wmi_operation + EventID=20: wmi_operation + EventID=21: wmi_operation + OperationType: object_operation_type + OriginalFileName: file_name_original + ParentImage: process_parent_path + ParentProcessName: process_parent_path + PasswordLastSet: user_attribute_password_lastset + Path: process_path + ParentCommandLine: process_parent_command_line + PipeName: pipe_name + ProcessName: process_path + ProcessCommandLine: process_command_line + Product: file_product + Properties: object_properties + Protocol: + EventID=3: network_protocol + Query: + EventID=19: wmi_query + RelativeTargetName: share_relative_target_name + SourceAddress: src_ip_addr + SchemaVersion: + EventID=4: sysmon_schema_version + ServiceFileName: service_image_path + ServiceName: service_name + ShareName: share_name + Signature: signature + SignatureStatus: signature_status + Signed: signed + Source: source_name + SourceHostname: src_host_name + SourceImage: process_path + SourceIp: src_ip_addr + SourcePort: src_port + SourcePortName: src_port_name + StartAddress: thread_start_address + StartFunction: thread_start_function + StartModule: thread_start_module + Status: event_status + State: + EventID=4: service_state + EventID=16: sysmon_configuration_state + SubjectUserName: + EventID=4624: user_reporter_name + EventId=4648: user_name + EventID=5140: user_name + TargetServer: dst_ip_addr + TaskName: task_name + TicketEncryptionType: ticket_encryption_type + TicketOptions: ticket_options + TargetFilename: file_name + TargetImage: target_process_path + TargetProcessAddress: thread_start_address + TargetObject: registry_key_path + Type: + EventID=20: wmi_consumer_type + User: user_account + UserName: user_name + Value: + EventID=1102: dst_ip_addr + Version: + EventID=4: sysmon_version + Workstation: src_host_name + WorkstationName: src_host_name \ No newline at end of file diff --git a/tools/config/limacharlie.yml b/tools/config/limacharlie.yml new file mode 100644 index 00000000..693ca214 --- /dev/null +++ b/tools/config/limacharlie.yml @@ -0,0 +1,11 @@ +title: LimaCharlie +backends: + - limacharlie +order: 20 +logsources: + windows: + product: windows + linux: + product: linux + netflow: + product: netflow \ No newline at end of file diff --git a/tools/config/logpoint-windows.yml b/tools/config/logpoint-windows.yml new file mode 100644 index 00000000..ad7b425f --- /dev/null +++ b/tools/config/logpoint-windows.yml @@ -0,0 +1,149 @@ +title: Logpoint +order: 20 +backends: + - logpoint +logsources: + windows-security: + product: windows + service: security + conditions: + event_source: 'Microsoft-Windows-Security-Auditing' + windows-system: + product: windows + service: system + conditions: + event_source: 'Microsoft-Windows-Security-Auditing' + windows-dns-server: + product: windows + service: dns-server + conditions: + event_source: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + source: 'Microsoft-Windows-DHCP-Server/Operational' + +fieldmappings: + EventID: event_id + FailureCode: result_code + GroupName: group_name + GroupSid: group_sid + KeyLength: key_length + LogonProcessName: logon_process + LogonType: logon_type + ServiceName: service + SubjectAccountName: + EventID=4611: + - user + EventID=4624: + - target_user + - caller_user + EventID=4625: + - target_user + - caller_user + EventID=4634: + - user + EventID=4648: + - target_user + - caller_user + EventID=4662: + - user + EventID=4672: + - user + EventID=4688: + - user + EventID=4719: + - user + EventID=4720: + - target_user + - caller_user + EventID=4722: + - target_user + - caller_user + EventID=4723: + - target_user + - caller_user + EventID=4724: + - target_user + - caller_user + EventID=4728: + - user + - member + EventID=4729: + - user + - member + EventID=4731: + - user + EventID=4732: + - user + - member + EventID=4735: + - user + EventID=4737: + - user + EventID=4738: + - target_user + - caller_user + EventID=4740: + - target_user + - caller_user + EventID=4742: + - target_user + - caller_user + EventID=4755: + - user + EventID=4756: + - user + - member + EventID=4757: + - user + - member + EventID=4767: + - target_user + - caller_user + EventID=4768: + - user + EventID=4769: + - user + EventID=4770: + - user + EventID=4771: + - user + EventID=4774: + - user + EventID=4776: + - user + EventID=4781: + - target_user + - caller_user + EventID=4904: + - user + EventID=4905: + - user + EventID=5061: + - user + EventID=5136: + - user + EventID=5137: + - user + default: + - caller_user + - target_user + - user + - member + TicketOptions: ticket_options + TicketEnctyption: ticket_encryption + Type: event_type + UserName: + default: + - caller_user + - target_user + - user + - member + SourceWorkstation: workstation diff --git a/tools/config/logstash-defaultindex.yml b/tools/config/logstash-defaultindex.yml new file mode 100644 index 00000000..b9287b51 --- /dev/null +++ b/tools/config/logstash-defaultindex.yml @@ -0,0 +1,12 @@ +title: Generic Logstash index prefix +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +defaultindex: + - logstash-* diff --git a/tools/config/logstash-linux.yml b/tools/config/logstash-linux.yml new file mode 100644 index 00000000..645739d6 --- /dev/null +++ b/tools/config/logstash-linux.yml @@ -0,0 +1,25 @@ +title: Logstash Linux project (https://github.com/thomaspatzke/logstash-linux) +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + apache: + category: webserver + index: logstash-apache-* + webapp-error: + category: application + index: logstash-apache_error-* + linux-auth: + product: linux + service: auth + index: logstash-auth-* +fieldmappings: + client_ip: clientip + url: request +defaultindex: logstash-* diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml new file mode 100644 index 00000000..20d39104 --- /dev/null +++ b/tools/config/logstash-windows.yml @@ -0,0 +1,45 @@ +title: Logstash Windows common log sources +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + windows: + product: windows + index: logstash-windows-* + windows-application: + product: windows + service: application + conditions: + Channel: Application + windows-security: + product: windows + service: security + conditions: + Channel: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + Channel: Microsoft-Windows-Sysmon + windows-dns-server: + product: windows + service: dns-server + conditions: + Channel: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + Channel: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + Channel: 'Microsoft-Windows-DHCP-Server/Operational' +defaultindex: logstash-* diff --git a/tools/config/mitre/tactics.json b/tools/config/mitre/tactics.json new file mode 100644 index 00000000..e5549d8f --- /dev/null +++ b/tools/config/mitre/tactics.json @@ -0,0 +1,202 @@ +[ + { + "external_id": "TA0040", + "url": "https://attack.mitre.org/tactics/TA0040", + "tactic": "Impact" + }, + { + "external_id": "TA0009", + "url": "https://attack.mitre.org/tactics/TA0009", + "tactic": "Collection" + }, + { + "external_id": "TA0011", + "url": "https://attack.mitre.org/tactics/TA0011", + "tactic": "Command and Control" + }, + { + "external_id": "TA0006", + "url": "https://attack.mitre.org/tactics/TA0006", + "tactic": "Credential Access" + }, + { + "external_id": "TA0007", + "url": "https://attack.mitre.org/tactics/TA0007", + "tactic": "Discovery" + }, + { + "external_id": "TA0005", + "url": "https://attack.mitre.org/tactics/TA0005", + "tactic": "Defense Evasion" + }, + { + "external_id": "TA0010", + "url": "https://attack.mitre.org/tactics/TA0010", + "tactic": "Exfiltration" + }, + { + "external_id": "TA0002", + "url": "https://attack.mitre.org/tactics/TA0002", + "tactic": "Execution" + }, + { + "external_id": "TA0008", + "url": "https://attack.mitre.org/tactics/TA0008", + "tactic": "Lateral Movement" + }, + { + "external_id": "TA0003", + "url": "https://attack.mitre.org/tactics/TA0003", + "tactic": "Persistence" + }, + { + "external_id": "TA0004", + "url": "https://attack.mitre.org/tactics/TA0004", + "tactic": "Privilege Escalation" + }, + { + "external_id": "TA0001", + "url": "https://attack.mitre.org/tactics/TA0001", + "tactic": "Initial Access" + }, + { + "external_id": "TA0020", + "url": "https://attack.mitre.org/tactics/TA0020", + "tactic": "Organizational Weakness Identification" + }, + { + "external_id": "TA0012", + "url": "https://attack.mitre.org/tactics/TA0012", + "tactic": "Priority Definition Planning" + }, + { + "external_id": "TA0025", + "url": "https://attack.mitre.org/tactics/TA0025", + "tactic": "Test Capabilities" + }, + { + "external_id": "TA0017", + "url": "https://attack.mitre.org/tactics/TA0017", + "tactic": "Organizational Information Gathering" + }, + { + "external_id": "TA0013", + "url": "https://attack.mitre.org/tactics/TA0013", + "tactic": "Priority Definition Direction" + }, + { + "external_id": "TA0018", + "url": "https://attack.mitre.org/tactics/TA0018", + "tactic": "Technical Weakness Identification" + }, + { + "external_id": "TA0022", + "url": "https://attack.mitre.org/tactics/TA0022", + "tactic": "Establish & Maintain Infrastructure" + }, + { + "external_id": "TA0023", + "url": "https://attack.mitre.org/tactics/TA0023", + "tactic": "Persona Development" + }, + { + "external_id": "TA0015", + "url": "https://attack.mitre.org/tactics/TA0015", + "tactic": "Technical Information Gathering" + }, + { + "external_id": "TA0021", + "url": "https://attack.mitre.org/tactics/TA0021", + "tactic": "Adversary OPSEC" + }, + { + "external_id": "TA0016", + "url": "https://attack.mitre.org/tactics/TA0016", + "tactic": "People Information Gathering" + }, + { + "external_id": "TA0026", + "url": "https://attack.mitre.org/tactics/TA0026", + "tactic": "Stage Capabilities" + }, + { + "external_id": "TA0024", + "url": "https://attack.mitre.org/tactics/TA0024", + "tactic": "Build Capabilities" + }, + { + "external_id": "TA0019", + "url": "https://attack.mitre.org/tactics/TA0019", + "tactic": "People Weakness Identification" + }, + { + "external_id": "TA0014", + "url": "https://attack.mitre.org/tactics/TA0014", + "tactic": "Target Selection" + }, + { + "external_id": "TA0035", + "url": "https://attack.mitre.org/tactics/TA0035", + "tactic": "Collection" + }, + { + "external_id": "TA0036", + "url": "https://attack.mitre.org/tactics/TA0036", + "tactic": "Exfiltration" + }, + { + "external_id": "TA0028", + "url": "https://attack.mitre.org/tactics/TA0028", + "tactic": "Persistence" + }, + { + "external_id": "TA0032", + "url": "https://attack.mitre.org/tactics/TA0032", + "tactic": "Discovery" + }, + { + "external_id": "TA0038", + "url": "https://attack.mitre.org/tactics/TA0038", + "tactic": "Network Effects" + }, + { + "external_id": "TA0030", + "url": "https://attack.mitre.org/tactics/TA0030", + "tactic": "Defense Evasion" + }, + { + "external_id": "TA0033", + "url": "https://attack.mitre.org/tactics/TA0033", + "tactic": "Lateral Movement" + }, + { + "external_id": "TA0031", + "url": "https://attack.mitre.org/tactics/TA0031", + "tactic": "Credential Access" + }, + { + "external_id": "TA0027", + "url": "https://attack.mitre.org/tactics/TA0027", + "tactic": "Initial Access" + }, + { + "external_id": "TA0039", + "url": "https://attack.mitre.org/tactics/TA0039", + "tactic": "Remote Service Effects" + }, + { + "external_id": "TA0037", + "url": "https://attack.mitre.org/tactics/TA0037", + "tactic": "Command and Control" + }, + { + "external_id": "TA0034", + "url": "https://attack.mitre.org/tactics/TA0034", + "tactic": "Impact" + }, + { + "external_id": "TA0029", + "url": "https://attack.mitre.org/tactics/TA0029", + "tactic": "Privilege Escalation" + } +] \ No newline at end of file diff --git a/tools/config/mitre/techniques.json b/tools/config/mitre/techniques.json new file mode 100644 index 00000000..22541bb2 --- /dev/null +++ b/tools/config/mitre/techniques.json @@ -0,0 +1,4353 @@ +[ + { + "technique_id": "T1531", + "technique": "Account Access Removal", + "url": "https://attack.mitre.org/techniques/T1531", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1506", + "technique": "Web Session Cookie", + "url": "https://attack.mitre.org/techniques/T1506", + "tactic": [ + "Defense Evasion", + "Lateral Movement" + ] + }, + { + "technique_id": "T1539", + "technique": "Steal Web Session Cookie", + "url": "https://attack.mitre.org/techniques/T1539", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1529", + "technique": "System Shutdown/Reboot", + "url": "https://attack.mitre.org/techniques/T1529", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1519", + "technique": "Emond", + "url": "https://attack.mitre.org/techniques/T1519", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1518", + "technique": "Software Discovery", + "url": "https://attack.mitre.org/techniques/T1518", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1534", + "technique": "Internal Spearphishing", + "url": "https://attack.mitre.org/techniques/T1534", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1528", + "technique": "Steal Application Access Token", + "url": "https://attack.mitre.org/techniques/T1528", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1522", + "technique": "Cloud Instance Metadata API", + "url": "https://attack.mitre.org/techniques/T1522", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1536", + "technique": "Revert Cloud Instance", + "url": "https://attack.mitre.org/techniques/T1536", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1535", + "technique": "Unused/Unsupported Cloud Regions", + "url": "https://attack.mitre.org/techniques/T1535", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1525", + "technique": "Implant Container Image", + "url": "https://attack.mitre.org/techniques/T1525", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1538", + "technique": "Cloud Service Dashboard", + "url": "https://attack.mitre.org/techniques/T1538", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1530", + "technique": "Data from Cloud Storage Object", + "url": "https://attack.mitre.org/techniques/T1530", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1537", + "technique": "Transfer Data to Cloud Account", + "url": "https://attack.mitre.org/techniques/T1537", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1526", + "technique": "Cloud Service Discovery", + "url": "https://attack.mitre.org/techniques/T1526", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1527", + "technique": "Application Access Token", + "url": "https://attack.mitre.org/techniques/T1527", + "tactic": [ + "Defense Evasion", + "Lateral Movement" + ] + }, + { + "technique_id": "T1514", + "technique": "Elevated Execution with Prompt", + "url": "https://attack.mitre.org/techniques/T1514", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1505", + "technique": "Server Software Component", + "url": "https://attack.mitre.org/techniques/T1505", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1503", + "technique": "Credentials from Web Browsers", + "url": "https://attack.mitre.org/techniques/T1503", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1504", + "technique": "PowerShell Profile", + "url": "https://attack.mitre.org/techniques/T1504", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1502", + "technique": "Parent PID Spoofing", + "url": "https://attack.mitre.org/techniques/T1502", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1500", + "technique": "Compile After Delivery", + "url": "https://attack.mitre.org/techniques/T1500", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1501", + "technique": "Systemd Service", + "url": "https://attack.mitre.org/techniques/T1501", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1499", + "technique": "Endpoint Denial of Service", + "url": "https://attack.mitre.org/techniques/T1499", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1497", + "technique": "Virtualization/Sandbox Evasion", + "url": "https://attack.mitre.org/techniques/T1497", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1498", + "technique": "Network Denial of Service", + "url": "https://attack.mitre.org/techniques/T1498", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1496", + "technique": "Resource Hijacking", + "url": "https://attack.mitre.org/techniques/T1496", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1495", + "technique": "Firmware Corruption", + "url": "https://attack.mitre.org/techniques/T1495", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1494", + "technique": "Runtime Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1494", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1493", + "technique": "Transmitted Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1493", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1492", + "technique": "Stored Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1492", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1491", + "technique": "Defacement", + "url": "https://attack.mitre.org/techniques/T1491", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1490", + "technique": "Inhibit System Recovery", + "url": "https://attack.mitre.org/techniques/T1490", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1489", + "technique": "Service Stop", + "url": "https://attack.mitre.org/techniques/T1489", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1488", + "technique": "Disk Content Wipe", + "url": "https://attack.mitre.org/techniques/T1488", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1487", + "technique": "Disk Structure Wipe", + "url": "https://attack.mitre.org/techniques/T1487", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1486", + "technique": "Data Encrypted for Impact", + "url": "https://attack.mitre.org/techniques/T1486", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1485", + "technique": "Data Destruction", + "url": "https://attack.mitre.org/techniques/T1485", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1484", + "technique": "Group Policy Modification", + "url": "https://attack.mitre.org/techniques/T1484", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1483", + "technique": "Domain Generation Algorithms", + "url": "https://attack.mitre.org/techniques/T1483", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1482", + "technique": "Domain Trust Discovery", + "url": "https://attack.mitre.org/techniques/T1482", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1480", + "technique": "Execution Guardrails", + "url": "https://attack.mitre.org/techniques/T1480", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1222", + "technique": "File and Directory Permissions Modification", + "url": "https://attack.mitre.org/techniques/T1222", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1223", + "technique": "Compiled HTML File", + "url": "https://attack.mitre.org/techniques/T1223", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1221", + "technique": "Template Injection", + "url": "https://attack.mitre.org/techniques/T1221", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1220", + "technique": "XSL Script Processing", + "url": "https://attack.mitre.org/techniques/T1220", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1217", + "technique": "Browser Bookmark Discovery", + "url": "https://attack.mitre.org/techniques/T1217", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1213", + "technique": "Data from Information Repositories", + "url": "https://attack.mitre.org/techniques/T1213", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1190", + "technique": "Exploit Public-Facing Application", + "url": "https://attack.mitre.org/techniques/T1190", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1210", + "technique": "Exploitation of Remote Services", + "url": "https://attack.mitre.org/techniques/T1210", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1200", + "technique": "Hardware Additions", + "url": "https://attack.mitre.org/techniques/T1200", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1202", + "technique": "Indirect Command Execution", + "url": "https://attack.mitre.org/techniques/T1202", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1194", + "technique": "Spearphishing via Service", + "url": "https://attack.mitre.org/techniques/T1194", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1209", + "technique": "Time Providers", + "url": "https://attack.mitre.org/techniques/T1209", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1199", + "technique": "Trusted Relationship", + "url": "https://attack.mitre.org/techniques/T1199", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1191", + "technique": "CMSTP", + "url": "https://attack.mitre.org/techniques/T1191", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1207", + "technique": "DCShadow", + "url": "https://attack.mitre.org/techniques/T1207", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1189", + "technique": "Drive-by Compromise", + "url": "https://attack.mitre.org/techniques/T1189", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1211", + "technique": "Exploitation for Defense Evasion", + "url": "https://attack.mitre.org/techniques/T1211", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1218", + "technique": "Signed Binary Proxy Execution", + "url": "https://attack.mitre.org/techniques/T1218", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1193", + "technique": "Spearphishing Attachment", + "url": "https://attack.mitre.org/techniques/T1193", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1195", + "technique": "Supply Chain Compromise", + "url": "https://attack.mitre.org/techniques/T1195", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1204", + "technique": "User Execution", + "url": "https://attack.mitre.org/techniques/T1204", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1196", + "technique": "Control Panel Items", + "url": "https://attack.mitre.org/techniques/T1196", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1212", + "technique": "Exploitation for Credential Access", + "url": "https://attack.mitre.org/techniques/T1212", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1215", + "technique": "Kernel Modules and Extensions", + "url": "https://attack.mitre.org/techniques/T1215", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1197", + "technique": "BITS Jobs", + "url": "https://attack.mitre.org/techniques/T1197", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1214", + "technique": "Credentials in Registry", + "url": "https://attack.mitre.org/techniques/T1214", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1216", + "technique": "Signed Script Proxy Execution", + "url": "https://attack.mitre.org/techniques/T1216", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1192", + "technique": "Spearphishing Link", + "url": "https://attack.mitre.org/techniques/T1192", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1198", + "technique": "SIP and Trust Provider Hijacking", + "url": "https://attack.mitre.org/techniques/T1198", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1206", + "technique": "Sudo Caching", + "url": "https://attack.mitre.org/techniques/T1206", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1203", + "technique": "Exploitation for Client Execution", + "url": "https://attack.mitre.org/techniques/T1203", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1208", + "technique": "Kerberoasting", + "url": "https://attack.mitre.org/techniques/T1208", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1201", + "technique": "Password Policy Discovery", + "url": "https://attack.mitre.org/techniques/T1201", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1205", + "technique": "Port Knocking", + "url": "https://attack.mitre.org/techniques/T1205", + "tactic": [ + "Defense Evasion", + "Persistence", + "Command And Control" + ] + }, + { + "technique_id": "T1219", + "technique": "Remote Access Tools", + "url": "https://attack.mitre.org/techniques/T1219", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1172", + "technique": "Domain Fronting", + "url": "https://attack.mitre.org/techniques/T1172", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1173", + "technique": "Dynamic Data Exchange", + "url": "https://attack.mitre.org/techniques/T1173", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1187", + "technique": "Forced Authentication", + "url": "https://attack.mitre.org/techniques/T1187", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1188", + "technique": "Multi-hop Proxy", + "url": "https://attack.mitre.org/techniques/T1188", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1174", + "technique": "Password Filter DLL", + "url": "https://attack.mitre.org/techniques/T1174", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1175", + "technique": "Component Object Model and Distributed COM", + "url": "https://attack.mitre.org/techniques/T1175", + "tactic": [ + "Lateral Movement", + "Execution" + ] + }, + { + "technique_id": "T1170", + "technique": "Mshta", + "url": "https://attack.mitre.org/techniques/T1170", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1179", + "technique": "Hooking", + "url": "https://attack.mitre.org/techniques/T1179", + "tactic": [ + "Persistence", + "Privilege Escalation", + "Credential Access" + ] + }, + { + "technique_id": "T1184", + "technique": "SSH Hijacking", + "url": "https://attack.mitre.org/techniques/T1184", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1181", + "technique": "Extra Window Memory Injection", + "url": "https://attack.mitre.org/techniques/T1181", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1177", + "technique": "LSASS Driver", + "url": "https://attack.mitre.org/techniques/T1177", + "tactic": [ + "Execution", + "Persistence" + ] + }, + { + "technique_id": "T1182", + "technique": "AppCert DLLs", + "url": "https://attack.mitre.org/techniques/T1182", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1176", + "technique": "Browser Extensions", + "url": "https://attack.mitre.org/techniques/T1176", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1185", + "technique": "Man in the Browser", + "url": "https://attack.mitre.org/techniques/T1185", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1180", + "technique": "Screensaver", + "url": "https://attack.mitre.org/techniques/T1180", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1183", + "technique": "Image File Execution Options Injection", + "url": "https://attack.mitre.org/techniques/T1183", + "tactic": [ + "Privilege Escalation", + "Persistence", + "Defense Evasion" + ] + }, + { + "technique_id": "T1171", + "technique": "LLMNR/NBT-NS Poisoning and Relay", + "url": "https://attack.mitre.org/techniques/T1171", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1186", + "technique": "Process Doppelg\\u00e4nging", + "url": "https://attack.mitre.org/techniques/T1186", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1178", + "technique": "SID-History Injection", + "url": "https://attack.mitre.org/techniques/T1178", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1138", + "technique": "Application Shimming", + "url": "https://attack.mitre.org/techniques/T1138", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1140", + "technique": "Deobfuscate/Decode Files or Information", + "url": "https://attack.mitre.org/techniques/T1140", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1149", + "technique": "LC_MAIN Hijacking", + "url": "https://attack.mitre.org/techniques/T1149", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1152", + "technique": "Launchctl", + "url": "https://attack.mitre.org/techniques/T1152", + "tactic": [ + "Defense Evasion", + "Execution", + "Persistence" + ] + }, + { + "technique_id": "T1150", + "technique": "Plist Modification", + "url": "https://attack.mitre.org/techniques/T1150", + "tactic": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1163", + "technique": "Rc.common", + "url": "https://attack.mitre.org/techniques/T1163", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1166", + "technique": "Setuid and Setgid", + "url": "https://attack.mitre.org/techniques/T1166", + "tactic": [ + "Privilege Escalation", + "Persistence" + ] + }, + { + "technique_id": "T1157", + "technique": "Dylib Hijacking", + "url": "https://attack.mitre.org/techniques/T1157", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1155", + "technique": "AppleScript", + "url": "https://attack.mitre.org/techniques/T1155", + "tactic": [ + "Execution", + "Lateral Movement" + ] + }, + { + "technique_id": "T1136", + "technique": "Create Account", + "url": "https://attack.mitre.org/techniques/T1136", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1143", + "technique": "Hidden Window", + "url": "https://attack.mitre.org/techniques/T1143", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1141", + "technique": "Input Prompt", + "url": "https://attack.mitre.org/techniques/T1141", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1142", + "technique": "Keychain", + "url": "https://attack.mitre.org/techniques/T1142", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1159", + "technique": "Launch Agent", + "url": "https://attack.mitre.org/techniques/T1159", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1135", + "technique": "Network Share Discovery", + "url": "https://attack.mitre.org/techniques/T1135", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1148", + "technique": "HISTCONTROL", + "url": "https://attack.mitre.org/techniques/T1148", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1161", + "technique": "LC_LOAD_DYLIB Addition", + "url": "https://attack.mitre.org/techniques/T1161", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1154", + "technique": "Trap", + "url": "https://attack.mitre.org/techniques/T1154", + "tactic": [ + "Execution", + "Persistence" + ] + }, + { + "technique_id": "T1134", + "technique": "Access Token Manipulation", + "url": "https://attack.mitre.org/techniques/T1134", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1139", + "technique": "Bash History", + "url": "https://attack.mitre.org/techniques/T1139", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1147", + "technique": "Hidden Users", + "url": "https://attack.mitre.org/techniques/T1147", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1156", + "technique": ".bash_profile and .bashrc", + "url": "https://attack.mitre.org/techniques/T1156", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1146", + "technique": "Clear Command History", + "url": "https://attack.mitre.org/techniques/T1146", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1160", + "technique": "Launch Daemon", + "url": "https://attack.mitre.org/techniques/T1160", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1145", + "technique": "Private Keys", + "url": "https://attack.mitre.org/techniques/T1145", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1165", + "technique": "Startup Items", + "url": "https://attack.mitre.org/techniques/T1165", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1162", + "technique": "Login Item", + "url": "https://attack.mitre.org/techniques/T1162", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1137", + "technique": "Office Application Startup", + "url": "https://attack.mitre.org/techniques/T1137", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1151", + "technique": "Space after Filename", + "url": "https://attack.mitre.org/techniques/T1151", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1144", + "technique": "Gatekeeper Bypass", + "url": "https://attack.mitre.org/techniques/T1144", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1158", + "technique": "Hidden Files and Directories", + "url": "https://attack.mitre.org/techniques/T1158", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1168", + "technique": "Local Job Scheduling", + "url": "https://attack.mitre.org/techniques/T1168", + "tactic": [ + "Persistence", + "Execution" + ] + }, + { + "technique_id": "T1164", + "technique": "Re-opened Applications", + "url": "https://attack.mitre.org/techniques/T1164", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1167", + "technique": "Securityd Memory", + "url": "https://attack.mitre.org/techniques/T1167", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1153", + "technique": "Source", + "url": "https://attack.mitre.org/techniques/T1153", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1169", + "technique": "Sudo", + "url": "https://attack.mitre.org/techniques/T1169", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1133", + "technique": "External Remote Services", + "url": "https://attack.mitre.org/techniques/T1133", + "tactic": [ + "Persistence", + "Initial Access" + ] + }, + { + "technique_id": "T1132", + "technique": "Data Encoding", + "url": "https://attack.mitre.org/techniques/T1132", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1131", + "technique": "Authentication Package", + "url": "https://attack.mitre.org/techniques/T1131", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1130", + "technique": "Install Root Certificate", + "url": "https://attack.mitre.org/techniques/T1130", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1129", + "technique": "Execution through Module Load", + "url": "https://attack.mitre.org/techniques/T1129", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1128", + "technique": "Netsh Helper DLL", + "url": "https://attack.mitre.org/techniques/T1128", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1127", + "technique": "Trusted Developer Utilities", + "url": "https://attack.mitre.org/techniques/T1127", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1126", + "technique": "Network Share Connection Removal", + "url": "https://attack.mitre.org/techniques/T1126", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1125", + "technique": "Video Capture", + "url": "https://attack.mitre.org/techniques/T1125", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1124", + "technique": "System Time Discovery", + "url": "https://attack.mitre.org/techniques/T1124", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1123", + "technique": "Audio Capture", + "url": "https://attack.mitre.org/techniques/T1123", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1122", + "technique": "Component Object Model Hijacking", + "url": "https://attack.mitre.org/techniques/T1122", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1121", + "technique": "Regsvcs/Regasm", + "url": "https://attack.mitre.org/techniques/T1121", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1120", + "technique": "Peripheral Device Discovery", + "url": "https://attack.mitre.org/techniques/T1120", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1119", + "technique": "Automated Collection", + "url": "https://attack.mitre.org/techniques/T1119", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1118", + "technique": "InstallUtil", + "url": "https://attack.mitre.org/techniques/T1118", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1117", + "technique": "Regsvr32", + "url": "https://attack.mitre.org/techniques/T1117", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1116", + "technique": "Code Signing", + "url": "https://attack.mitre.org/techniques/T1116", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1115", + "technique": "Clipboard Data", + "url": "https://attack.mitre.org/techniques/T1115", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1114", + "technique": "Email Collection", + "url": "https://attack.mitre.org/techniques/T1114", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1113", + "technique": "Screen Capture", + "url": "https://attack.mitre.org/techniques/T1113", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1112", + "technique": "Modify Registry", + "url": "https://attack.mitre.org/techniques/T1112", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1111", + "technique": "Two-Factor Authentication Interception", + "url": "https://attack.mitre.org/techniques/T1111", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1110", + "technique": "Brute Force", + "url": "https://attack.mitre.org/techniques/T1110", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1109", + "technique": "Component Firmware", + "url": "https://attack.mitre.org/techniques/T1109", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1108", + "technique": "Redundant Access", + "url": "https://attack.mitre.org/techniques/T1108", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1107", + "technique": "File Deletion", + "url": "https://attack.mitre.org/techniques/T1107", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1106", + "technique": "Execution through API", + "url": "https://attack.mitre.org/techniques/T1106", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1105", + "technique": "Remote File Copy", + "url": "https://attack.mitre.org/techniques/T1105", + "tactic": [ + "Command And Control", + "Lateral Movement" + ] + }, + { + "technique_id": "T1104", + "technique": "Multi-Stage Channels", + "url": "https://attack.mitre.org/techniques/T1104", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1103", + "technique": "AppInit DLLs", + "url": "https://attack.mitre.org/techniques/T1103", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1102", + "technique": "Web Service", + "url": "https://attack.mitre.org/techniques/T1102", + "tactic": [ + "Command And Control", + "Defense Evasion" + ] + }, + { + "technique_id": "T1101", + "technique": "Security Support Provider", + "url": "https://attack.mitre.org/techniques/T1101", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1100", + "technique": "Web Shell", + "url": "https://attack.mitre.org/techniques/T1100", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1099", + "technique": "Timestomp", + "url": "https://attack.mitre.org/techniques/T1099", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1098", + "technique": "Account Manipulation", + "url": "https://attack.mitre.org/techniques/T1098", + "tactic": [ + "Credential Access", + "Persistence" + ] + }, + { + "technique_id": "T1097", + "technique": "Pass the Ticket", + "url": "https://attack.mitre.org/techniques/T1097", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1096", + "technique": "NTFS File Attributes", + "url": "https://attack.mitre.org/techniques/T1096", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1095", + "technique": "Standard Non-Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1095", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1094", + "technique": "Custom Command and Control Protocol", + "url": "https://attack.mitre.org/techniques/T1094", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1093", + "technique": "Process Hollowing", + "url": "https://attack.mitre.org/techniques/T1093", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1092", + "technique": "Communication Through Removable Media", + "url": "https://attack.mitre.org/techniques/T1092", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1091", + "technique": "Replication Through Removable Media", + "url": "https://attack.mitre.org/techniques/T1091", + "tactic": [ + "Lateral Movement", + "Initial Access" + ] + }, + { + "technique_id": "T1090", + "technique": "Connection Proxy", + "url": "https://attack.mitre.org/techniques/T1090", + "tactic": [ + "Command And Control", + "Defense Evasion" + ] + }, + { + "technique_id": "T1089", + "technique": "Disabling Security Tools", + "url": "https://attack.mitre.org/techniques/T1089", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1088", + "technique": "Bypass User Account Control", + "url": "https://attack.mitre.org/techniques/T1088", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1087", + "technique": "Account Discovery", + "url": "https://attack.mitre.org/techniques/T1087", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1086", + "technique": "PowerShell", + "url": "https://attack.mitre.org/techniques/T1086", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1085", + "technique": "Rundll32", + "url": "https://attack.mitre.org/techniques/T1085", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1084", + "technique": "Windows Management Instrumentation Event Subscription", + "url": "https://attack.mitre.org/techniques/T1084", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1083", + "technique": "File and Directory Discovery", + "url": "https://attack.mitre.org/techniques/T1083", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1082", + "technique": "System Information Discovery", + "url": "https://attack.mitre.org/techniques/T1082", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1081", + "technique": "Credentials in Files", + "url": "https://attack.mitre.org/techniques/T1081", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1080", + "technique": "Taint Shared Content", + "url": "https://attack.mitre.org/techniques/T1080", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1079", + "technique": "Multilayer Encryption", + "url": "https://attack.mitre.org/techniques/T1079", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1078", + "technique": "Valid Accounts", + "url": "https://attack.mitre.org/techniques/T1078", + "tactic": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation", + "Initial Access" + ] + }, + { + "technique_id": "T1077", + "technique": "Windows Admin Shares", + "url": "https://attack.mitre.org/techniques/T1077", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1076", + "technique": "Remote Desktop Protocol", + "url": "https://attack.mitre.org/techniques/T1076", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1075", + "technique": "Pass the Hash", + "url": "https://attack.mitre.org/techniques/T1075", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1074", + "technique": "Data Staged", + "url": "https://attack.mitre.org/techniques/T1074", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1073", + "technique": "DLL Side-Loading", + "url": "https://attack.mitre.org/techniques/T1073", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1072", + "technique": "Third-party Software", + "url": "https://attack.mitre.org/techniques/T1072", + "tactic": [ + "Execution", + "Lateral Movement" + ] + }, + { + "technique_id": "T1071", + "technique": "Standard Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1071", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1070", + "technique": "Indicator Removal on Host", + "url": "https://attack.mitre.org/techniques/T1070", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1069", + "technique": "Permission Groups Discovery", + "url": "https://attack.mitre.org/techniques/T1069", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1068", + "technique": "Exploitation for Privilege Escalation", + "url": "https://attack.mitre.org/techniques/T1068", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1067", + "technique": "Bootkit", + "url": "https://attack.mitre.org/techniques/T1067", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1066", + "technique": "Indicator Removal from Tools", + "url": "https://attack.mitre.org/techniques/T1066", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1065", + "technique": "Uncommonly Used Port", + "url": "https://attack.mitre.org/techniques/T1065", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1064", + "technique": "Scripting", + "url": "https://attack.mitre.org/techniques/T1064", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1063", + "technique": "Security Software Discovery", + "url": "https://attack.mitre.org/techniques/T1063", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1062", + "technique": "Hypervisor", + "url": "https://attack.mitre.org/techniques/T1062", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1061", + "technique": "Graphical User Interface", + "url": "https://attack.mitre.org/techniques/T1061", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1060", + "technique": "Registry Run Keys / Startup Folder", + "url": "https://attack.mitre.org/techniques/T1060", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1059", + "technique": "Command-Line Interface", + "url": "https://attack.mitre.org/techniques/T1059", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1058", + "technique": "Service Registry Permissions Weakness", + "url": "https://attack.mitre.org/techniques/T1058", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1057", + "technique": "Process Discovery", + "url": "https://attack.mitre.org/techniques/T1057", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1056", + "technique": "Input Capture", + "url": "https://attack.mitre.org/techniques/T1056", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1055", + "technique": "Process Injection", + "url": "https://attack.mitre.org/techniques/T1055", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1054", + "technique": "Indicator Blocking", + "url": "https://attack.mitre.org/techniques/T1054", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1053", + "technique": "Scheduled Task", + "url": "https://attack.mitre.org/techniques/T1053", + "tactic": [ + "Execution", + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1052", + "technique": "Exfiltration Over Physical Medium", + "url": "https://attack.mitre.org/techniques/T1052", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1051", + "technique": "Shared Webroot", + "url": "https://attack.mitre.org/techniques/T1051", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1050", + "technique": "New Service", + "url": "https://attack.mitre.org/techniques/T1050", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1049", + "technique": "System Network Connections Discovery", + "url": "https://attack.mitre.org/techniques/T1049", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1048", + "technique": "Exfiltration Over Alternative Protocol", + "url": "https://attack.mitre.org/techniques/T1048", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1047", + "technique": "Windows Management Instrumentation", + "url": "https://attack.mitre.org/techniques/T1047", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1046", + "technique": "Network Service Scanning", + "url": "https://attack.mitre.org/techniques/T1046", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1045", + "technique": "Software Packing", + "url": "https://attack.mitre.org/techniques/T1045", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1044", + "technique": "File System Permissions Weakness", + "url": "https://attack.mitre.org/techniques/T1044", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1043", + "technique": "Commonly Used Port", + "url": "https://attack.mitre.org/techniques/T1043", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1042", + "technique": "Change Default File Association", + "url": "https://attack.mitre.org/techniques/T1042", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1041", + "technique": "Exfiltration Over Command and Control Channel", + "url": "https://attack.mitre.org/techniques/T1041", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1040", + "technique": "Network Sniffing", + "url": "https://attack.mitre.org/techniques/T1040", + "tactic": [ + "Credential Access", + "Discovery" + ] + }, + { + "technique_id": "T1039", + "technique": "Data from Network Shared Drive", + "url": "https://attack.mitre.org/techniques/T1039", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1038", + "technique": "DLL Search Order Hijacking", + "url": "https://attack.mitre.org/techniques/T1038", + "tactic": [ + "Persistence", + "Privilege Escalation", + "Defense Evasion" + ] + }, + { + "technique_id": "T1037", + "technique": "Logon Scripts", + "url": "https://attack.mitre.org/techniques/T1037", + "tactic": [ + "Lateral Movement", + "Persistence" + ] + }, + { + "technique_id": "T1036", + "technique": "Masquerading", + "url": "https://attack.mitre.org/techniques/T1036", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1035", + "technique": "Service Execution", + "url": "https://attack.mitre.org/techniques/T1035", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1034", + "technique": "Path Interception", + "url": "https://attack.mitre.org/techniques/T1034", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1033", + "technique": "System Owner/User Discovery", + "url": "https://attack.mitre.org/techniques/T1033", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1032", + "technique": "Standard Cryptographic Protocol", + "url": "https://attack.mitre.org/techniques/T1032", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1031", + "technique": "Modify Existing Service", + "url": "https://attack.mitre.org/techniques/T1031", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1030", + "technique": "Data Transfer Size Limits", + "url": "https://attack.mitre.org/techniques/T1030", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1029", + "technique": "Scheduled Transfer", + "url": "https://attack.mitre.org/techniques/T1029", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1028", + "technique": "Windows Remote Management", + "url": "https://attack.mitre.org/techniques/T1028", + "tactic": [ + "Execution", + "Lateral Movement" + ] + }, + { + "technique_id": "T1027", + "technique": "Obfuscated Files or Information", + "url": "https://attack.mitre.org/techniques/T1027", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1026", + "technique": "Multiband Communication", + "url": "https://attack.mitre.org/techniques/T1026", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1025", + "technique": "Data from Removable Media", + "url": "https://attack.mitre.org/techniques/T1025", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1024", + "technique": "Custom Cryptographic Protocol", + "url": "https://attack.mitre.org/techniques/T1024", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1023", + "technique": "Shortcut Modification", + "url": "https://attack.mitre.org/techniques/T1023", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1022", + "technique": "Data Encrypted", + "url": "https://attack.mitre.org/techniques/T1022", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1021", + "technique": "Remote Services", + "url": "https://attack.mitre.org/techniques/T1021", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1020", + "technique": "Automated Exfiltration", + "url": "https://attack.mitre.org/techniques/T1020", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1019", + "technique": "System Firmware", + "url": "https://attack.mitre.org/techniques/T1019", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1018", + "technique": "Remote System Discovery", + "url": "https://attack.mitre.org/techniques/T1018", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1017", + "technique": "Application Deployment Software", + "url": "https://attack.mitre.org/techniques/T1017", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1016", + "technique": "System Network Configuration Discovery", + "url": "https://attack.mitre.org/techniques/T1016", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1015", + "technique": "Accessibility Features", + "url": "https://attack.mitre.org/techniques/T1015", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1014", + "technique": "Rootkit", + "url": "https://attack.mitre.org/techniques/T1014", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1013", + "technique": "Port Monitors", + "url": "https://attack.mitre.org/techniques/T1013", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1012", + "technique": "Query Registry", + "url": "https://attack.mitre.org/techniques/T1012", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1011", + "technique": "Exfiltration Over Other Network Medium", + "url": "https://attack.mitre.org/techniques/T1011", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1010", + "technique": "Application Window Discovery", + "url": "https://attack.mitre.org/techniques/T1010", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1009", + "technique": "Binary Padding", + "url": "https://attack.mitre.org/techniques/T1009", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1008", + "technique": "Fallback Channels", + "url": "https://attack.mitre.org/techniques/T1008", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1007", + "technique": "System Service Discovery", + "url": "https://attack.mitre.org/techniques/T1007", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1006", + "technique": "File System Logical Offsets", + "url": "https://attack.mitre.org/techniques/T1006", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1005", + "technique": "Data from Local System", + "url": "https://attack.mitre.org/techniques/T1005", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1004", + "technique": "Winlogon Helper DLL", + "url": "https://attack.mitre.org/techniques/T1004", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1003", + "technique": "Credential Dumping", + "url": "https://attack.mitre.org/techniques/T1003", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1002", + "technique": "Data Compressed", + "url": "https://attack.mitre.org/techniques/T1002", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1001", + "technique": "Data Obfuscation", + "url": "https://attack.mitre.org/techniques/T1001", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1397", + "technique": "Spearphishing for Information", + "url": "https://attack.mitre.org/techniques/T1397", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1307", + "technique": "Acquire and/or use 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1307", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1275", + "technique": "Aggregate individual's digital footprint", + "url": "https://attack.mitre.org/techniques/T1275", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1294", + "technique": "Analyze hardware/software security defensive capabilities", + "url": "https://attack.mitre.org/techniques/T1294", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1295", + "technique": "Analyze social and business relationships, interests, and affiliations", + "url": "https://attack.mitre.org/techniques/T1295", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1299", + "technique": "Assess opportunities created by business deals", + "url": "https://attack.mitre.org/techniques/T1299", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1228", + "technique": "Assign KITs/KIQs into categories", + "url": "https://attack.mitre.org/techniques/T1228", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1349", + "technique": "Build or acquire exploits", + "url": "https://attack.mitre.org/techniques/T1349", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1343", + "technique": "Choose pre-compromised persona and affiliated accounts", + "url": "https://attack.mitre.org/techniques/T1343", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1388", + "technique": "Compromise of externally facing system", + "url": "https://attack.mitre.org/techniques/T1388", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1268", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1268", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1345", + "technique": "Create custom payloads", + "url": "https://attack.mitre.org/techniques/T1345", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1382", + "technique": "DNS poisoning", + "url": "https://attack.mitre.org/techniques/T1382", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1284", + "technique": "Determine 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1284", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1259", + "technique": "Determine external network trust dependencies", + "url": "https://attack.mitre.org/techniques/T1259", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1244", + "technique": "Determine secondary level tactical element", + "url": "https://attack.mitre.org/techniques/T1244", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1255", + "technique": "Discover target logon/email address format", + "url": "https://attack.mitre.org/techniques/T1255", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1286", + "technique": "Dumpster dive", + "url": "https://attack.mitre.org/techniques/T1286", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1377", + "technique": "Exploit public-facing application", + "url": "https://attack.mitre.org/techniques/T1377", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1365", + "technique": "Hardware or software supply chain implant", + "url": "https://attack.mitre.org/techniques/T1365", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1272", + "technique": "Identify business relationships", + "url": "https://attack.mitre.org/techniques/T1272", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1278", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1278", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1263", + "technique": "Identify security defensive capabilities", + "url": "https://attack.mitre.org/techniques/T1263", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1264", + "technique": "Identify technology usage patterns", + "url": "https://attack.mitre.org/techniques/T1264", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1252", + "technique": "Map network topology", + "url": "https://attack.mitre.org/techniques/T1252", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1316", + "technique": "Non-traditional or less attributable payment options", + "url": "https://attack.mitre.org/techniques/T1316", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1319", + "technique": "Obfuscate or encrypt code", + "url": "https://attack.mitre.org/techniques/T1319", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1281", + "technique": "Obtain templates/branding materials", + "url": "https://attack.mitre.org/techniques/T1281", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1335", + "technique": "Procure required equipment and software", + "url": "https://attack.mitre.org/techniques/T1335", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1351", + "technique": "Remote access tool development", + "url": "https://attack.mitre.org/techniques/T1351", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1395", + "technique": "Runtime code download and execution", + "url": "https://attack.mitre.org/techniques/T1395", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1367", + "technique": "Spear phishing messages with malicious attachments", + "url": "https://attack.mitre.org/techniques/T1367", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1371", + "technique": "Targeted client-side exploitation", + "url": "https://attack.mitre.org/techniques/T1371", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1357", + "technique": "Test malware in various execution environments", + "url": "https://attack.mitre.org/techniques/T1357", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1387", + "technique": "Unauthorized user introduces compromise delivery mechanism", + "url": "https://attack.mitre.org/techniques/T1387", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1329", + "technique": "Acquire and/or use 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1329", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1332", + "technique": "Acquire or compromise 3rd party signing certificates", + "url": "https://attack.mitre.org/techniques/T1332", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1287", + "technique": "Analyze data collected", + "url": "https://attack.mitre.org/techniques/T1287", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1303", + "technique": "Analyze presence of outsourced capabilities", + "url": "https://attack.mitre.org/techniques/T1303", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1224", + "technique": "Assess leadership areas of interest", + "url": "https://attack.mitre.org/techniques/T1224", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1238", + "technique": "Assign KITs, KIQs, and/or intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1238", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1347", + "technique": "Build and configure delivery systems", + "url": "https://attack.mitre.org/techniques/T1347", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1391", + "technique": "Choose pre-compromised mobile app developer account credentials or signing keys", + "url": "https://attack.mitre.org/techniques/T1391", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1354", + "technique": "Compromise 3rd party or closed-source vulnerability/exploit information", + "url": "https://attack.mitre.org/techniques/T1354", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1279", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1279", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1339", + "technique": "Create backup infrastructure", + "url": "https://attack.mitre.org/techniques/T1339", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1374", + "technique": "Credential pharming", + "url": "https://attack.mitre.org/techniques/T1374", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1230", + "technique": "Derive intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1230", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1250", + "technique": "Determine domain and IP address space", + "url": "https://attack.mitre.org/techniques/T1250", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1282", + "technique": "Determine physical locations", + "url": "https://attack.mitre.org/techniques/T1282", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1350", + "technique": "Discover new exploits and monitor exploit-provider forums", + "url": "https://attack.mitre.org/techniques/T1350", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1326", + "technique": "Domain registration hijacking", + "url": "https://attack.mitre.org/techniques/T1326", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1261", + "technique": "Enumerate externally facing software applications technologies, languages, and dependencies", + "url": "https://attack.mitre.org/techniques/T1261", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1234", + "technique": "Generate analyst intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1234", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1280", + "technique": "Identify business processes/tempo", + "url": "https://attack.mitre.org/techniques/T1280", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1248", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1248", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1348", + "technique": "Identify resources required to build capabilities", + "url": "https://attack.mitre.org/techniques/T1348", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1265", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1265", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1375", + "technique": "Leverage compromised 3rd party resources", + "url": "https://attack.mitre.org/techniques/T1375", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1315", + "technique": "Network-based hiding techniques", + "url": "https://attack.mitre.org/techniques/T1315", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1318", + "technique": "Obfuscate operational infrastructure", + "url": "https://attack.mitre.org/techniques/T1318", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1251", + "technique": "Obtain domain/IP registration information", + "url": "https://attack.mitre.org/techniques/T1251", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1305", + "technique": "Private whois services", + "url": "https://attack.mitre.org/techniques/T1305", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1235", + "technique": "Receive operator KITs/KIQs tasking", + "url": "https://attack.mitre.org/techniques/T1235", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1358", + "technique": "Review logs and residual traces", + "url": "https://attack.mitre.org/techniques/T1358", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1340", + "technique": "Shadow DNS", + "url": "https://attack.mitre.org/techniques/T1340", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1237", + "technique": "Submit KITs, KIQs, and intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1237", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1356", + "technique": "Test callback functionality", + "url": "https://attack.mitre.org/techniques/T1356", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1361", + "technique": "Test signature detection for file upload/email filters", + "url": "https://attack.mitre.org/techniques/T1361", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1327", + "technique": "Use multiple DNS infrastructures", + "url": "https://attack.mitre.org/techniques/T1327", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1277", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1277", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1310", + "technique": "Acquire or compromise 3rd party signing certificates", + "url": "https://attack.mitre.org/techniques/T1310", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1301", + "technique": "Analyze business processes", + "url": "https://attack.mitre.org/techniques/T1301", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1297", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1297", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1236", + "technique": "Assess current holdings, needs, and wants", + "url": "https://attack.mitre.org/techniques/T1236", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1298", + "technique": "Assess vulnerability of 3rd party vendors", + "url": "https://attack.mitre.org/techniques/T1298", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1384", + "technique": "Automated system performs requested action", + "url": "https://attack.mitre.org/techniques/T1384", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1352", + "technique": "C2 protocol development", + "url": "https://attack.mitre.org/techniques/T1352", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1334", + "technique": "Compromise 3rd party infrastructure to support delivery", + "url": "https://attack.mitre.org/techniques/T1334", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1253", + "technique": "Conduct passive scanning", + "url": "https://attack.mitre.org/techniques/T1253", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1383", + "technique": "Confirmation of launched compromise achieved", + "url": "https://attack.mitre.org/techniques/T1383", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1231", + "technique": "Create strategic plan", + "url": "https://attack.mitre.org/techniques/T1231", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1380", + "technique": "Deploy exploit using advertising", + "url": "https://attack.mitre.org/techniques/T1380", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1285", + "technique": "Determine centralization of IT management", + "url": "https://attack.mitre.org/techniques/T1285", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1242", + "technique": "Determine operational element", + "url": "https://attack.mitre.org/techniques/T1242", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1342", + "technique": "Develop social network persona digital footprint", + "url": "https://attack.mitre.org/techniques/T1342", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1323", + "technique": "Domain Generation Algorithms (DGA)", + "url": "https://attack.mitre.org/techniques/T1323", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1262", + "technique": "Enumerate client configurations", + "url": "https://attack.mitre.org/techniques/T1262", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1364", + "technique": "Friend/Follow/Connect to targets of interest", + "url": "https://attack.mitre.org/techniques/T1364", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1233", + "technique": "Identify analyst level gaps", + "url": "https://attack.mitre.org/techniques/T1233", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1270", + "technique": "Identify groups/roles", + "url": "https://attack.mitre.org/techniques/T1270", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1271", + "technique": "Identify personnel with an authority/privilege", + "url": "https://attack.mitre.org/techniques/T1271", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1246", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1246", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1336", + "technique": "Install and configure hardware, network, and systems", + "url": "https://attack.mitre.org/techniques/T1336", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1322", + "technique": "Misattributable credentials", + "url": "https://attack.mitre.org/techniques/T1322", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1331", + "technique": "Obfuscate infrastructure", + "url": "https://attack.mitre.org/techniques/T1331", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1396", + "technique": "Obtain booter/stressor subscription", + "url": "https://attack.mitre.org/techniques/T1396", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1353", + "technique": "Post compromise tool development", + "url": "https://attack.mitre.org/techniques/T1353", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1239", + "technique": "Receive KITs/KIQs and determine requirements", + "url": "https://attack.mitre.org/techniques/T1239", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1290", + "technique": "Research visibility gap of security vendors", + "url": "https://attack.mitre.org/techniques/T1290", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1317", + "technique": "Secure and protect infrastructure", + "url": "https://attack.mitre.org/techniques/T1317", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1393", + "technique": "Test ability to evade automated mobile application security analysis performed by app stores", + "url": "https://attack.mitre.org/techniques/T1393", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1292", + "technique": "Test signature detection", + "url": "https://attack.mitre.org/techniques/T1292", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1362", + "technique": "Upload, install, and configure software/tools", + "url": "https://attack.mitre.org/techniques/T1362", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1266", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1266", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1308", + "technique": "Acquire and/or use 3rd party software services", + "url": "https://attack.mitre.org/techniques/T1308", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1293", + "technique": "Analyze application security posture", + "url": "https://attack.mitre.org/techniques/T1293", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1300", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1300", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1306", + "technique": "Anonymity services", + "url": "https://attack.mitre.org/techniques/T1306", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1302", + "technique": "Assess security posture of physical locations", + "url": "https://attack.mitre.org/techniques/T1302", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1381", + "technique": "Authentication attempt", + "url": "https://attack.mitre.org/techniques/T1381", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1341", + "technique": "Build social network persona", + "url": "https://attack.mitre.org/techniques/T1341", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1321", + "technique": "Common, high volume protocols and software", + "url": "https://attack.mitre.org/techniques/T1321", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1254", + "technique": "Conduct active scanning", + "url": "https://attack.mitre.org/techniques/T1254", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1249", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1249", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1232", + "technique": "Create implementation plan", + "url": "https://attack.mitre.org/techniques/T1232", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1324", + "technique": "DNSCalc", + "url": "https://attack.mitre.org/techniques/T1324", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1260", + "technique": "Determine 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1260", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1258", + "technique": "Determine firmware version", + "url": "https://attack.mitre.org/techniques/T1258", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1241", + "technique": "Determine strategic target", + "url": "https://attack.mitre.org/techniques/T1241", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1379", + "technique": "Disseminate removable media", + "url": "https://attack.mitre.org/techniques/T1379", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1311", + "technique": "Dynamic DNS", + "url": "https://attack.mitre.org/techniques/T1311", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1325", + "technique": "Fast Flux DNS", + "url": "https://attack.mitre.org/techniques/T1325", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1314", + "technique": "Host-based hiding techniques", + "url": "https://attack.mitre.org/techniques/T1314", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1283", + "technique": "Identify business relationships", + "url": "https://attack.mitre.org/techniques/T1283", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1267", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1267", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1274", + "technique": "Identify sensitive personnel information", + "url": "https://attack.mitre.org/techniques/T1274", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1389", + "technique": "Identify vulnerabilities in third-party software libraries", + "url": "https://attack.mitre.org/techniques/T1389", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1273", + "technique": "Mine social media", + "url": "https://attack.mitre.org/techniques/T1273", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1390", + "technique": "OS-vendor provided communication channels", + "url": "https://attack.mitre.org/techniques/T1390", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1313", + "technique": "Obfuscation or cryptography", + "url": "https://attack.mitre.org/techniques/T1313", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1247", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1247", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1346", + "technique": "Obtain/re-use payloads", + "url": "https://attack.mitre.org/techniques/T1346", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1330", + "technique": "Acquire and/or use 3rd party software services", + "url": "https://attack.mitre.org/techniques/T1330", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1288", + "technique": "Analyze architecture and configuration posture", + "url": "https://attack.mitre.org/techniques/T1288", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1304", + "technique": "Proxy/protocol relays", + "url": "https://attack.mitre.org/techniques/T1304", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1289", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1289", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1378", + "technique": "Replace legitimate binary with malware", + "url": "https://attack.mitre.org/techniques/T1378", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1229", + "technique": "Assess KITs/KIQs benefits", + "url": "https://attack.mitre.org/techniques/T1229", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1337", + "technique": "SSL certificate acquisition for domain", + "url": "https://attack.mitre.org/techniques/T1337", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1296", + "technique": "Assess targeting options", + "url": "https://attack.mitre.org/techniques/T1296", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1386", + "technique": "Authorized user performs requested cyber action", + "url": "https://attack.mitre.org/techniques/T1386", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1369", + "technique": "Spear phishing messages with malicious links", + "url": "https://attack.mitre.org/techniques/T1369", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1328", + "technique": "Buy domain name", + "url": "https://attack.mitre.org/techniques/T1328", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1366", + "technique": "Targeted social media phishing", + "url": "https://attack.mitre.org/techniques/T1366", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1312", + "technique": "Compromise 3rd party infrastructure to support delivery", + "url": "https://attack.mitre.org/techniques/T1312", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1359", + "technique": "Test malware to evade detection", + "url": "https://attack.mitre.org/techniques/T1359", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1226", + "technique": "Conduct cost/benefit analysis", + "url": "https://attack.mitre.org/techniques/T1226", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1376", + "technique": "Conduct social engineering or HUMINT operation", + "url": "https://attack.mitre.org/techniques/T1376", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1355", + "technique": "Create infected removable media", + "url": "https://attack.mitre.org/techniques/T1355", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1320", + "technique": "Data Hiding", + "url": "https://attack.mitre.org/techniques/T1320", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1245", + "technique": "Determine approach/attack vector", + "url": "https://attack.mitre.org/techniques/T1245", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1243", + "technique": "Determine highest level tactical element", + "url": "https://attack.mitre.org/techniques/T1243", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1227", + "technique": "Develop KITs/KIQs", + "url": "https://attack.mitre.org/techniques/T1227", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1394", + "technique": "Distribute malicious software development tools", + "url": "https://attack.mitre.org/techniques/T1394", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1333", + "technique": "Dynamic DNS", + "url": "https://attack.mitre.org/techniques/T1333", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1344", + "technique": "Friend/Follow/Connect to targets of interest", + "url": "https://attack.mitre.org/techniques/T1344", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1385", + "technique": "Human performs requested action of physical nature", + "url": "https://attack.mitre.org/techniques/T1385", + "tactic": [ + "Compromise" + ] + }, + { + "technique_id": "T1225", + "technique": "Identify gap areas", + "url": "https://attack.mitre.org/techniques/T1225", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1269", + "technique": "Identify people of interest", + "url": "https://attack.mitre.org/techniques/T1269", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1276", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1276", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1256", + "technique": "Identify web defensive services", + "url": "https://attack.mitre.org/techniques/T1256", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1257", + "technique": "Mine technical blogs/forums", + "url": "https://attack.mitre.org/techniques/T1257", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1309", + "technique": "Obfuscate infrastructure", + "url": "https://attack.mitre.org/techniques/T1309", + "tactic": [ + "Adversary Opsec" + ] + }, + { + "technique_id": "T1392", + "technique": "Obtain Apple iOS enterprise distribution key pair and certificate", + "url": "https://attack.mitre.org/techniques/T1392", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1363", + "technique": "Port redirector", + "url": "https://attack.mitre.org/techniques/T1363", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1373", + "technique": "Push-notification client-side exploit", + "url": "https://attack.mitre.org/techniques/T1373", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1291", + "technique": "Research relevant vulnerabilities/CVEs", + "url": "https://attack.mitre.org/techniques/T1291", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1338", + "technique": "SSL certificate acquisition for trust breaking", + "url": "https://attack.mitre.org/techniques/T1338", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1368", + "technique": "Spear phishing messages with text only", + "url": "https://attack.mitre.org/techniques/T1368", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1240", + "technique": "Task requirements", + "url": "https://attack.mitre.org/techniques/T1240", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1360", + "technique": "Test physical access", + "url": "https://attack.mitre.org/techniques/T1360", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1370", + "technique": "Untargeted client-side exploitation", + "url": "https://attack.mitre.org/techniques/T1370", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1372", + "technique": "Unconditional client-side exploitation/Injected Website/Driveby", + "url": "https://attack.mitre.org/techniques/T1372", + "tactic": [ + "Launch" + ] + }, + { + "technique_id": "T1533", + "technique": "Data from Local System", + "url": "https://attack.mitre.org/techniques/T1533", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1532", + "technique": "Data Encrypted", + "url": "https://attack.mitre.org/techniques/T1532", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1523", + "technique": "Evade Analysis Environment", + "url": "https://attack.mitre.org/techniques/T1523", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1521", + "technique": "Standard Cryptographic Protocol", + "url": "https://attack.mitre.org/techniques/T1521", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1520", + "technique": "Domain Generation Algorithms", + "url": "https://attack.mitre.org/techniques/T1520", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1516", + "technique": "Input Injection", + "url": "https://attack.mitre.org/techniques/T1516", + "tactic": [ + "Defense Evasion", + "Impact" + ] + }, + { + "technique_id": "T1517", + "technique": "Access Notifications", + "url": "https://attack.mitre.org/techniques/T1517", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1512", + "technique": "Capture Camera", + "url": "https://attack.mitre.org/techniques/T1512", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1513", + "technique": "Screen Capture", + "url": "https://attack.mitre.org/techniques/T1513", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1509", + "technique": "Uncommonly Used Port", + "url": "https://attack.mitre.org/techniques/T1509", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1510", + "technique": "Clipboard Modification", + "url": "https://attack.mitre.org/techniques/T1510", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1508", + "technique": "Suppress Application Icon", + "url": "https://attack.mitre.org/techniques/T1508", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1507", + "technique": "Network Information Discovery", + "url": "https://attack.mitre.org/techniques/T1507", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1481", + "technique": "Web Service", + "url": "https://attack.mitre.org/techniques/T1481", + "tactic": [ + "Command And Control" + ] + }, + { + "technique_id": "T1476", + "technique": "Deliver Malicious App via Other Means", + "url": "https://attack.mitre.org/techniques/T1476", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1475", + "technique": "Deliver Malicious App via Authorized App Store", + "url": "https://attack.mitre.org/techniques/T1475", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1474", + "technique": "Supply Chain Compromise", + "url": "https://attack.mitre.org/techniques/T1474", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1477", + "technique": "Exploit via Radio Interfaces", + "url": "https://attack.mitre.org/techniques/T1477", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1478", + "technique": "Install Insecure or Malicious Configuration", + "url": "https://attack.mitre.org/techniques/T1478", + "tactic": [ + "Defense Evasion", + "Initial Access" + ] + }, + { + "technique_id": "T1444", + "technique": "Masquerade as Legitimate Application", + "url": "https://attack.mitre.org/techniques/T1444", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1443", + "technique": "Remotely Install Application", + "url": "https://attack.mitre.org/techniques/T1443", + "tactic": [] + }, + { + "technique_id": "T1411", + "technique": "Input Prompt", + "url": "https://attack.mitre.org/techniques/T1411", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1424", + "technique": "Process Discovery", + "url": "https://attack.mitre.org/techniques/T1424", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1421", + "technique": "System Network Connections Discovery", + "url": "https://attack.mitre.org/techniques/T1421", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1437", + "technique": "Standard Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1437", + "tactic": [ + "Command And Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1422", + "technique": "System Network Configuration Discovery", + "url": "https://attack.mitre.org/techniques/T1422", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1406", + "technique": "Obfuscated Files or Information", + "url": "https://attack.mitre.org/techniques/T1406", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1416", + "technique": "Android Intent Hijacking", + "url": "https://attack.mitre.org/techniques/T1416", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1447", + "technique": "Delete Device Data", + "url": "https://attack.mitre.org/techniques/T1447", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1398", + "technique": "Modify OS Kernel or Boot Partition", + "url": "https://attack.mitre.org/techniques/T1398", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1400", + "technique": "Modify System Partition", + "url": "https://attack.mitre.org/techniques/T1400", + "tactic": [ + "Defense Evasion", + "Persistence", + "Impact" + ] + }, + { + "technique_id": "T1425", + "technique": "Insecure Third-Party Libraries", + "url": "https://attack.mitre.org/techniques/T1425", + "tactic": [] + }, + { + "technique_id": "T1402", + "technique": "App Auto-Start at Device Boot", + "url": "https://attack.mitre.org/techniques/T1402", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1401", + "technique": "Abuse Device Administrator Access to Prevent Removal", + "url": "https://attack.mitre.org/techniques/T1401", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1404", + "technique": "Exploit OS Vulnerability", + "url": "https://attack.mitre.org/techniques/T1404", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1403", + "technique": "Modify Cached Executable Code", + "url": "https://attack.mitre.org/techniques/T1403", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1442", + "technique": "Fake Developer Accounts", + "url": "https://attack.mitre.org/techniques/T1442", + "tactic": [] + }, + { + "technique_id": "T1419", + "technique": "Device Type Discovery", + "url": "https://attack.mitre.org/techniques/T1419", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1418", + "technique": "Application Discovery", + "url": "https://attack.mitre.org/techniques/T1418", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1417", + "technique": "Input Capture", + "url": "https://attack.mitre.org/techniques/T1417", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1438", + "technique": "Alternate Network Mediums", + "url": "https://attack.mitre.org/techniques/T1438", + "tactic": [ + "Command And Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1423", + "technique": "Network Service Scanning", + "url": "https://attack.mitre.org/techniques/T1423", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1440", + "technique": "Detect App Analysis Environment", + "url": "https://attack.mitre.org/techniques/T1440", + "tactic": [] + }, + { + "technique_id": "T1439", + "technique": "Eavesdrop on Insecure Network Communication", + "url": "https://attack.mitre.org/techniques/T1439", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1464", + "technique": "Jamming or Denial of Service", + "url": "https://attack.mitre.org/techniques/T1464", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1463", + "technique": "Manipulate Device Communication", + "url": "https://attack.mitre.org/techniques/T1463", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1462", + "technique": "Malicious Software Development Tools", + "url": "https://attack.mitre.org/techniques/T1462", + "tactic": [] + }, + { + "technique_id": "T1461", + "technique": "Lockscreen Bypass", + "url": "https://attack.mitre.org/techniques/T1461", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1460", + "technique": "Biometric Spoofing", + "url": "https://attack.mitre.org/techniques/T1460", + "tactic": [] + }, + { + "technique_id": "T1459", + "technique": "Device Unlock Code Guessing or Brute Force", + "url": "https://attack.mitre.org/techniques/T1459", + "tactic": [] + }, + { + "technique_id": "T1458", + "technique": "Exploit via Charging Station or PC", + "url": "https://attack.mitre.org/techniques/T1458", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1405", + "technique": "Exploit TEE Vulnerability", + "url": "https://attack.mitre.org/techniques/T1405", + "tactic": [ + "Credential Access", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1467", + "technique": "Rogue Cellular Base Station", + "url": "https://attack.mitre.org/techniques/T1467", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1420", + "technique": "File and Directory Discovery", + "url": "https://attack.mitre.org/techniques/T1420", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1466", + "technique": "Downgrade to Insecure Protocols", + "url": "https://attack.mitre.org/techniques/T1466", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1465", + "technique": "Rogue Wi-Fi Access Points", + "url": "https://attack.mitre.org/techniques/T1465", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1468", + "technique": "Remotely Track Device Without Authorization", + "url": "https://attack.mitre.org/techniques/T1468", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1435", + "technique": "Access Calendar Entries", + "url": "https://attack.mitre.org/techniques/T1435", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1451", + "technique": "SIM Card Swap", + "url": "https://attack.mitre.org/techniques/T1451", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1414", + "technique": "Capture Clipboard Data", + "url": "https://attack.mitre.org/techniques/T1414", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1457", + "technique": "Malicious Media Content", + "url": "https://attack.mitre.org/techniques/T1457", + "tactic": [] + }, + { + "technique_id": "T1426", + "technique": "System Information Discovery", + "url": "https://attack.mitre.org/techniques/T1426", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1472", + "technique": "Generate Fraudulent Advertising Revenue", + "url": "https://attack.mitre.org/techniques/T1472", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1399", + "technique": "Modify Trusted Execution Environment", + "url": "https://attack.mitre.org/techniques/T1399", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1470", + "technique": "Obtain Device Cloud Backups", + "url": "https://attack.mitre.org/techniques/T1470", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1446", + "technique": "Device Lockout", + "url": "https://attack.mitre.org/techniques/T1446", + "tactic": [ + "Impact", + "Defense Evasion" + ] + }, + { + "technique_id": "T1415", + "technique": "URL Scheme Hijacking", + "url": "https://attack.mitre.org/techniques/T1415", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1413", + "technique": "Access Sensitive Data in Device Logs", + "url": "https://attack.mitre.org/techniques/T1413", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1436", + "technique": "Commonly Used Port", + "url": "https://attack.mitre.org/techniques/T1436", + "tactic": [ + "Command And Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1445", + "technique": "Abuse of iOS Enterprise App Signing Key", + "url": "https://attack.mitre.org/techniques/T1445", + "tactic": [] + }, + { + "technique_id": "T1412", + "technique": "Capture SMS Messages", + "url": "https://attack.mitre.org/techniques/T1412", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1409", + "technique": "Access Stored Application Data", + "url": "https://attack.mitre.org/techniques/T1409", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1410", + "technique": "Network Traffic Capture or Redirection", + "url": "https://attack.mitre.org/techniques/T1410", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1407", + "technique": "Download New Code at Runtime", + "url": "https://attack.mitre.org/techniques/T1407", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1408", + "technique": "Disguise Root/Jailbreak Indicators", + "url": "https://attack.mitre.org/techniques/T1408", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1427", + "technique": "Attack PC via USB Connection", + "url": "https://attack.mitre.org/techniques/T1427", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1428", + "technique": "Exploit Enterprise Resources", + "url": "https://attack.mitre.org/techniques/T1428", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1429", + "technique": "Capture Audio", + "url": "https://attack.mitre.org/techniques/T1429", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1430", + "technique": "Location Tracking", + "url": "https://attack.mitre.org/techniques/T1430", + "tactic": [ + "Collection", + "Discovery" + ] + }, + { + "technique_id": "T1431", + "technique": "App Delivered via Web Download", + "url": "https://attack.mitre.org/techniques/T1431", + "tactic": [] + }, + { + "technique_id": "T1432", + "technique": "Access Contact List", + "url": "https://attack.mitre.org/techniques/T1432", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1433", + "technique": "Access Call Log", + "url": "https://attack.mitre.org/techniques/T1433", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1434", + "technique": "App Delivered via Email Attachment", + "url": "https://attack.mitre.org/techniques/T1434", + "tactic": [] + }, + { + "technique_id": "T1471", + "technique": "Data Encrypted for Impact", + "url": "https://attack.mitre.org/techniques/T1471", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1450", + "technique": "Exploit SS7 to Track Device Location", + "url": "https://attack.mitre.org/techniques/T1450", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1473", + "technique": "Malicious or Vulnerable Built-in Device Functionality", + "url": "https://attack.mitre.org/techniques/T1473", + "tactic": [] + }, + { + "technique_id": "T1448", + "technique": "Premium SMS Toll Fraud", + "url": "https://attack.mitre.org/techniques/T1448", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1453", + "technique": "Abuse Accessibility Features", + "url": "https://attack.mitre.org/techniques/T1453", + "tactic": [ + "Collection", + "Credential Access", + "Impact", + "Defense Evasion" + ] + }, + { + "technique_id": "T1454", + "technique": "Malicious SMS Message", + "url": "https://attack.mitre.org/techniques/T1454", + "tactic": [] + }, + { + "technique_id": "T1469", + "technique": "Remotely Wipe Data Without Authorization", + "url": "https://attack.mitre.org/techniques/T1469", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1452", + "technique": "Manipulate App Store Rankings or Ratings", + "url": "https://attack.mitre.org/techniques/T1452", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1455", + "technique": "Exploit Baseband Vulnerability", + "url": "https://attack.mitre.org/techniques/T1455", + "tactic": [] + }, + { + "technique_id": "T1456", + "technique": "Drive-by Compromise", + "url": "https://attack.mitre.org/techniques/T1456", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1449", + "technique": "Exploit SS7 to Redirect Phone Calls/SMS", + "url": "https://attack.mitre.org/techniques/T1449", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1441", + "technique": "Stolen Developer Credentials or Signing Keys", + "url": "https://attack.mitre.org/techniques/T1441", + "tactic": [] + } +] \ No newline at end of file diff --git a/tools/config/netwitness.yml b/tools/config/netwitness.yml new file mode 100644 index 00000000..e4123d54 --- /dev/null +++ b/tools/config/netwitness.yml @@ -0,0 +1,92 @@ +title: NetWitness +order: 20 +backends: + - netwitness +logsources: + linux: + product: linux + conditions: + device.class: rhlinux + linux-sshd: + product: linux + service: sshd + conditions: + device.class: rhlinux + client: sshd + linux-auth: + product: linux + service: auth + conditions: + device.class: rhlinux + linux-clamav: + product: linux + service: clamav + conditions: + device.class: rhlinux + windows-sys: + product: windows + service: sysmon + conditions: + device.type: winevent_nic + event.source: microsoft-windows-security-auditing + windows-power: + product: windows + service: powershell + conditions: + device.type: winevent_nic + windows-dhcp: + product: windows + service: dhcp + conditions: + device.type: winevent_nic + event.source: microsoft-windows-dhcp-server + windows-sec: + product: windows + service: security + conditions: + device.type: winevent_nic + event.source: microsoft-windows-security-auditing + windows-system: + product: windows + service: system + conditions: + device.type: winevent_nic +fieldmappings: + dst: + - ip.dst + dst_ip: + - ip.dst + src: + - ip.src + src_ip: + - ip.src + DestinationPort: + - ip.dstport + EventID: + - reference.id + NewProcessName: + - process + LogonType: + - logon.type + AccountName: + - user.dst + c-uri-extension: + - extension + c-useragent: + - user.agent + r-dns: + - alias.host + DestinationHostname: + - alias.host + cs-host: + - alias.host + c-uri-query: + - web.page + c-uri: + - web.page + cs-method: + - action + cs-cookie: + - web.cookie + SubjectUserName: + - user.dst diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml new file mode 100644 index 00000000..5cb0ea75 --- /dev/null +++ b/tools/config/powershell.yml @@ -0,0 +1,71 @@ +title: Logsource to LogName mappings for PowerShell backend +order: 20 +backends: + - powershell +logsources: + windows-application: + product: windows + service: application + conditions: + LogName: 'Application' + windows-security: + product: windows + service: security + conditions: + LogName: 'Security' + windows-system: + product: windows + service: system + conditions: + LogName: 'System' + windows-sysmon: + product: windows + service: sysmon + conditions: + LogName: 'Microsoft-Windows-Sysmon/Operational' + windows-powershell: + product: windows + service: powershell + conditions: + LogName: 'Microsoft-Windows-PowerShell/Operational' + windows-classicpowershell: + product: windows + service: powershell-classic + conditions: + LogName: 'Windows PowerShell' + windows-taskscheduler: + product: windows + service: taskscheduler + conditions: + LogName: 'Microsoft-Windows-TaskScheduler/Operational' + windows-wmi: + product: windows + service: wmi + conditions: + LogName: 'Microsoft-Windows-WMI-Activity/Operational' + windows-dns-server: + product: windows + service: dns-server + category: dns + conditions: + LogName: 'DNS Server' + windows-dns-server-audit: + product: windows + service: dns-server-audit + conditions: + LogName: 'Microsoft-Windows-DNS-Server/Audit' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + LogName: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + LogName: 'Microsoft-Windows-NTLM/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + LogName: 'Microsoft-Windows-DHCP-Server/Operational' diff --git a/tools/config/qradar.yml b/tools/config/qradar.yml new file mode 100644 index 00000000..df9d7bf5 --- /dev/null +++ b/tools/config/qradar.yml @@ -0,0 +1,77 @@ +title: QRadar +backends: + - qradar +order: 20 +logsources: + apache: + product: apache + conditions: + LOGSOURCETYPENAME(devicetype): ilike '%apache%' + + windows: + product: windows + conditions: + LOGSOURCETYPENAME(devicetype): 'Microsoft Windows Security Event Log' + + qflow: + product: qflow + index: flows + + netflow: + product: netflow + index: flows + + ipfix: + product: ipfix + index: flows + + flow: + category: flow + index: flows + +fieldmappings: +<<<<<<< HEAD + EventID: + - Event ID Code + dst: + - destinationIP + dst_ip: + - destinationIP + src: + - sourceIP + src_ip: + - sourceIP + c-ip: sourceIP + cs-ip: sourceIP + cs-uri: url + c-uri: sourceIP + c-uri-extension: file_extension + UserAgent: user_agent + c-uri-query: uri_query + HttpMethod: Method + URL: URL + r-dns: FQDN + ClientIP: sourceIP + ServiceFileName: Service Name +======= + EventID: + - Event ID Code + dst: + - destinationIP + dst_ip: + - destinationIP + src: + - sourceIP + src_ip: + - sourceIP + c-ip: sourceIP + cs-ip: sourceIP + c-uri: url + c-uri-extension: file_extension + c-useragent: user_agent + c-uri-query: uri_query + cs-method: Method + r-dns: FQDN + ClientIP: sourceIP + ServiceFileName: Service Name +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/qualys.yml b/tools/config/qualys.yml new file mode 100644 index 00000000..a5cf1d92 --- /dev/null +++ b/tools/config/qualys.yml @@ -0,0 +1,20 @@ +title: Qualys +order: 20 +backends: + - qualys +fieldmappings: + dst: + - network.remote.address.ip + dst_ip: + - network.remote.address.ip + src: + - network.local.address.ip + src_ip: + - network.local.address.ip + file_hash: + - file.hash.md5 + - file.hash.sha256 + NewProcessName: process.name + ServiceName: process.name + ServiceFileName: process.name + TargetObject: registry.path diff --git a/tools/config/splunk-windows-index.yml b/tools/config/splunk-windows-index.yml new file mode 100644 index 00000000..cf1959ab --- /dev/null +++ b/tools/config/splunk-windows-index.yml @@ -0,0 +1,11 @@ +title: Splunk Windows index and EventID field mapping +order: 20 +backends: + - splunk + - splunkxml +logsources: + windows: + product: windows + index: windows +fieldmappings: + EventID: EventCode diff --git a/tools/config/splunk-windows.yml b/tools/config/splunk-windows.yml new file mode 100644 index 00000000..f1373489 --- /dev/null +++ b/tools/config/splunk-windows.yml @@ -0,0 +1,74 @@ +title: Splunk Windows log source conditions +order: 20 +backends: + - splunk + - splunkxml +logsources: + windows-application: + product: windows + service: application + conditions: + source: 'WinEventLog:Application' + windows-security: + product: windows + service: security + conditions: + source: 'WinEventLog:Security' + windows-system: + product: windows + service: system + conditions: + source: 'WinEventLog:System' + windows-sysmon: + product: windows + service: sysmon + conditions: + source: 'WinEventLog:Microsoft-Windows-Sysmon/Operational' + windows-powershell: + product: windows + service: powershell + conditions: + source: 'WinEventLog:Microsoft-Windows-PowerShell/Operational' + windows-classicpowershell: + product: windows + service: powershell-classic + conditions: + source: 'Windows PowerShell' + windows-taskscheduler: + product: windows + service: taskscheduler + conditions: + source: 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational' + windows-wmi: + product: windows + service: wmi + conditions: + source: 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational' + windows-dns-server: + product: windows + service: dns-server + category: dns + conditions: + source: 'DNS Server' + windows-dns-server-audit: + product: windows + service: dns-server-audit + conditions: + source: 'Microsoft-Windows-DNS-Server/Audit' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + source: 'Microsoft-Windows-NTLM/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + source: 'Microsoft-Windows-DHCP-Server/Operational' +fieldmappings: + EventID: EventCode diff --git a/tools/config/splunk-zeek.yml b/tools/config/splunk-zeek.yml new file mode 100644 index 00000000..1653f329 --- /dev/null +++ b/tools/config/splunk-zeek.yml @@ -0,0 +1,46 @@ +title: Splunk Zeek sourcetype mappings +order: 20 +backends: + - splunk + - splunkxml +logsources: + zeek-conn: + product: zeek + service: conn + conditions: + sourcetype: 'bro:conn:json' + zeek-dns: + product: zeek + service: dns + conditions: + sourcetype: 'bro:dns:json' + zeek-files: + product: zeek + service: files + conditions: + sourcetype: 'bro:files:json' + zeek-kerberos: + product: zeek + service: kerberos + conditions: + sourcetype: 'bro:kerberos:json' + zeek-http: + product: zeek + service: http + conditions: + sourcetype: 'bro:http:json' + zeek-rdp: + product: zeek + service: rdp + conditions: + sourcetype: 'bro:rdp:json' + zeek-ssl: + product: zeek + service: ssl + conditions: + sourcetype: 'bro:ssl:json' + zeek-x509: + product: zeek + service: x509 + conditions: + sourcetype: 'bro:x509:json' diff --git a/tools/config/sumologic.yml b/tools/config/sumologic.yml new file mode 100644 index 00000000..297fb9ed --- /dev/null +++ b/tools/config/sumologic.yml @@ -0,0 +1,110 @@ +title: SumoLogic +order: 20 +backends: + - sumologic +# Sumulogic mapping depends on customer configuration. Adapt to your context! +# typically rule on _sourceCategory, _index or Field Extraction Rules (FER) +# supposing existing FER for service, EventChannel, EventID +logsources: + unix: + product: unix + index: UNIX + linux: + product: linux + index: LINUX + linux-sshd: + product: linux + service: sshd + index: LINUX + linux-auth: + product: linux + service: auth + index: LINUX + linux-clamav: + product: linux + service: clamav + index: LINUX + windows: + product: windows + index: WINDOWS + windows-sysmon: + product: windows + service: sysmon + conditions: + EventChannel: Microsoft-Windows-Sysmon + index: WINDOWS + windows-security: + product: windows + service: security + conditions: + EventChannel: Security + index: WINDOWS + windows-powershell: + product: windows + service: powershell + conditions: + EventChannel: Microsoft-Windows-Powershell + index: WINDOWS + windows-system: + product: windows + service: system + conditions: + EventChannel: System + index: WINDOWS + windows-dhcp: + product: windows + service: dhcp + conditions: + EventChannel: Microsoft-Windows-DHCP-Server + index: WINDOWS + apache: + product: apache + service: apache + index: WEBSERVER + apache2: + product: apache + index: WEBSERVER + webserver: + category: webserver + index: WEBSERVER + firewall: + category: firewall + index: FIREWALL + firewall2: + product: firewall + index: FIREWALL + network-dns: + category: dns + index: DNS + network-dns2: + product: dns + index: DNS + proxy: + category: proxy + index: PROXY + antivirus: + product: antivirus + index: ANTIVIRUS + application-sql: + product: sql + index: DATABASE + application-python: + product: python + index: APPLICATIONS + application-django: + product: django + index: DJANGO + application-rails: + product: rails + index: RAILS +<<<<<<< HEAD + application-rails: + category: application + product: ruby_on_rails + index: RAILS +======= +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c + application-spring: + product: spring + index: SPRING +# if no index, search in all indexes diff --git a/tools/config/thor.yml b/tools/config/thor.yml new file mode 100644 index 00000000..7cfe5299 --- /dev/null +++ b/tools/config/thor.yml @@ -0,0 +1,90 @@ +title: THOR +order: 20 +backends: + - thor +# this configuration differs from other configurations and can not be used +# with the sigmac tool. This configuration is used by the ioc scanners THOR and SPARK. +logsources: + # log source configurations for generic sigma rules + process_creation_1: + category: process_creation + product: windows + conditions: + EventID: 1 + rewrite: + product: windows + service: sysmon + process_creation_2: + category: process_creation + product: windows + conditions: + EventID: 4688 + rewrite: + product: windows + service: security + fieldmappings: + Image: NewProcessName + ParentImage: ParentProcessName + # target system configurations + windows-application: + product: windows + service: application + sources: + - 'WinEventLog:Application' + windows-security: + product: windows + service: security + sources: + - 'WinEventLog:Security' + windows-system: + product: windows + service: system + sources: + - 'WinEventLog:System' + windows-sysmon: + product: windows + service: sysmon + sources: + - 'WinEventLog:Microsoft-Windows-Sysmon/Operational' + windows-powershell: + product: windows + service: powershell + sources: + - 'WinEventLog:Microsoft-Windows-PowerShell/Operational' + windows-taskscheduler: + product: windows + service: taskscheduler + sources: + - 'WinEventLog:Microsoft-Windows-TaskScheduler/Operational' + windows-wmi: + product: windows + service: wmi + sources: + - 'WinEventLog:Microsoft-Windows-WMI-Activity/Operational' + windows-dhcp: + product: windows + service: dhcp + sources: + - 'WinEventLog:Microsoft-Windows-DHCP-Server/Operational' + apache: + category: webserver + sources: + - 'File:/var/log/apache/*.log' + - 'File:/var/log/apache2/*.log' + - 'File:/var/log/httpd/*.log' + linux-auth: + product: linux + service: auth + sources: + - 'File:/var/log/auth.log' + - 'File:/var/log/auth.log.?' + linux-syslog: + product: linux + service: syslog + sources: + - 'File:/var/log/syslog' + - 'File:/var/log/syslog.?' + logfiles: + category: logfile + sources: + - 'File:*.log' diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml new file mode 100644 index 00000000..a51d409f --- /dev/null +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -0,0 +1,215 @@ +title: Elastic Winlogbeat (from 7.x) index pattern and field mapping following Elastic enabled Modules +order: 20 +backends: + - es-qs + - es-dsl +<<<<<<< HEAD +======= + - es-rule +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +<<<<<<< HEAD +======= + - elasticsearch-rule +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c +logsources: + windows: + product: windows + index: winlogbeat-* + windows-application: + product: windows + service: application + conditions: + winlog.channel: Application + windows-security: + product: windows + service: security + conditions: + winlog.channel: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + winlog.channel: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + winlog.channel: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + winlog.provider_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' +defaultindex: winlogbeat-* +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: +<<<<<<< HEAD + EventID: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + CommandLine: process.args + ComputerName: winlog.ComputerName + CurrentDirectory: process.working_directory + Description: winlog.event_data.Description + DestinationHostname: destination.domain + DestinationIp: destination.ip + #DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + DestinationPort: destination.port + DestinationPortName: network.protocol + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: file.path + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: process.executable + ImageLoaded: file.path + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: source.ip + IpPort: source.port + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: process.parent.args + ParentProcessName: process.parent.name + ParentImage: process.parent.executable + Path: winlog.event_data.Path + PipeName: file.name + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: process.executable + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceHostname: source.domain + SourceImage: process.executable + SourceIp: source.ip + SourcePort: source.port + #SourceIsIpv6: winlog.event_data.SourceIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectDomainName: user.domain + SubjectUserName: user.name + SubjectUserSid: user.id + TargetFilename: file.path + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + TargetDomainName: user.domain + TargetUserName: user.name + TargetUserSid: user.id + User: user.name + WorkstationName: source.domain +======= + EventID: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + CommandLine: process.args + ComputerName: winlog.computer_name + ContextInfo: winlog.event_data.ContextInfo + CurrentDirectory: process.working_directory + Description: winlog.event_data.Description + DestinationHostname: destination.domain + DestinationIp: destination.ip + #DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + DestinationPort: destination.port + DestinationPortName: network.protocol + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: file.path + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: process.executable + ImageLoaded: file.path + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: source.ip + IpPort: source.port + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + Message: winlog.event_data.Message + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: process.parent.args + ParentProcessName: process.parent.name + ParentImage: process.parent.executable + Path: winlog.event_data.Path + PipeName: file.name + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: process.executable + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceHostname: source.domain + SourceImage: process.executable + SourceIp: source.ip + SourcePort: source.port + #SourceIsIpv6: winlog.event_data.SourceIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectDomainName: user.domain + SubjectUserName: user.name + SubjectUserSid: user.id + TargetFilename: file.path + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + TargetDomainName: user.domain + TargetUserName: user.name + TargetUserSid: user.id + User: user.name + WorkstationName: source.domain +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml new file mode 100644 index 00000000..c89adad6 --- /dev/null +++ b/tools/config/winlogbeat-old.yml @@ -0,0 +1,188 @@ +title: Elastic Winlogbeat (<=6.x) index pattern and field mapping +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + windows: + product: windows + index: winlogbeat-* + windows-application: + product: windows + service: application + conditions: + log_name: Application + windows-security: + product: windows + service: security + conditions: + log_name: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + log_name: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + log_name: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + source: 'Microsoft-Windows-DHCP-Server/Operational' +defaultindex: winlogbeat-* +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: +<<<<<<< HEAD + EventID: event_id + AccessMask: event_data.AccessMask + AccountName: event_data.AccountName + AllowedToDelegateTo: event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: event_data.AttributeLDAPDisplayName + AuditPolicyChanges: event_data.AuditPolicyChanges + AuthenticationPackageName: event_data.AuthenticationPackageName + CallingProcessName: event_data.CallingProcessName + CallTrace: event_data.CallTrace + CommandLine: event_data.CommandLine + ComputerName: event_data.ComputerName + CurrentDirectory: event_data.CurrentDirectory + Description: event_data.Description + DestinationHostname: event_data.DestinationHostname + DestinationIp: event_data.DestinationIp + DestinationIsIpv6: event_data.DestinationIsIpv6 + DestinationPort: event_data.DestinationPort + Details: event_data.Details + EngineVersion: event_data.EngineVersion + EventType: event_data.EventType + FailureCode: event_data.FailureCode + FileName: event_data.FileName + GrantedAccess: event_data.GrantedAccess + GroupName: event_data.GroupName + GroupSid: event_data.GroupSid + Hashes: event_data.Hashes + HiveName: event_data.HiveName + HostVersion: event_data.HostVersion + Image: event_data.Image + ImageLoaded: event_data.ImageLoaded + ImagePath: event_data.ImagePath + Imphash: event_data.Imphash + IpAddress: event_data.IpAddress + KeyLength: event_data.KeyLength + LogonProcessName: event_data.LogonProcessName + LogonType: event_data.LogonType + NewProcessName: event_data.NewProcessName + ObjectClass: event_data.ObjectClass + ObjectName: event_data.ObjectName + ObjectType: event_data.ObjectType + ObjectValueName: event_data.ObjectValueName + ParentCommandLine: event_data.ParentCommandLine + ParentProcessName: event_data.ParentProcessName + ParentImage: event_data.ParentImage + Path: event_data.Path + PipeName: event_data.PipeName + ProcessCommandLine: event_data.ProcessCommandLine + ProcessName: event_data.ProcessName + Properties: event_data.Properties + SecurityID: event_data.SecurityID + ServiceFileName: event_data.ServiceFileName + ServiceName: event_data.ServiceName + ShareName: event_data.ShareName + Signature: event_data.Signature + Source: event_data.Source + SourceImage: event_data.SourceImage + StartModule: event_data.StartModule + Status: event_data.Status + SubjectUserName: event_data.SubjectUserName + SubjectUserSid: event_data.SubjectUserSid + TargetFilename: event_data.TargetFilename + TargetImage: event_data.TargetImage + TargetObject: event_data.TargetObject + TicketEncryptionType: event_data.TicketEncryptionType + TicketOptions: event_data.TicketOptions + User: event_data.User + WorkstationName: event_data.WorkstationName +======= + EventID: event_id + AccessMask: event_data.AccessMask + AccountName: event_data.AccountName + AllowedToDelegateTo: event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: event_data.AttributeLDAPDisplayName + AuditPolicyChanges: event_data.AuditPolicyChanges + AuthenticationPackageName: event_data.AuthenticationPackageName + CallingProcessName: event_data.CallingProcessName + CallTrace: event_data.CallTrace + CommandLine: event_data.CommandLine + ComputerName: computer_name + ContextInfo: event_data.ContextInfo + CurrentDirectory: event_data.CurrentDirectory + Description: event_data.Description + DestinationHostname: event_data.DestinationHostname + DestinationIp: event_data.DestinationIp + DestinationIsIpv6: event_data.DestinationIsIpv6 + DestinationPort: event_data.DestinationPort + Details: event_data.Details + EngineVersion: event_data.EngineVersion + EventType: event_data.EventType + FailureCode: event_data.FailureCode + FileName: event_data.FileName + GrantedAccess: event_data.GrantedAccess + GroupName: event_data.GroupName + GroupSid: event_data.GroupSid + Hashes: event_data.Hashes + HiveName: event_data.HiveName + HostVersion: event_data.HostVersion + Image: event_data.Image + ImageLoaded: event_data.ImageLoaded + ImagePath: event_data.ImagePath + Imphash: event_data.Imphash + IpAddress: event_data.IpAddress + KeyLength: event_data.KeyLength + LogonProcessName: event_data.LogonProcessName + LogonType: event_data.LogonType + Message: event_data.Message + NewProcessName: event_data.NewProcessName + ObjectClass: event_data.ObjectClass + ObjectName: event_data.ObjectName + ObjectType: event_data.ObjectType + ObjectValueName: event_data.ObjectValueName + ParentCommandLine: event_data.ParentCommandLine + ParentProcessName: event_data.ParentProcessName + ParentImage: event_data.ParentImage + Path: event_data.Path + PipeName: event_data.PipeName + ProcessCommandLine: event_data.ProcessCommandLine + ProcessName: event_data.ProcessName + Properties: event_data.Properties + SecurityID: event_data.SecurityID + ServiceFileName: event_data.ServiceFileName + ServiceName: event_data.ServiceName + ShareName: event_data.ShareName + Signature: event_data.Signature + Source: event_data.Source + SourceImage: event_data.SourceImage + StartModule: event_data.StartModule + Status: event_data.Status + SubjectUserName: event_data.SubjectUserName + SubjectUserSid: event_data.SubjectUserSid + TargetFilename: event_data.TargetFilename + TargetImage: event_data.TargetImage + TargetObject: event_data.TargetObject + TicketEncryptionType: event_data.TicketEncryptionType + TicketOptions: event_data.TicketOptions + User: event_data.User + WorkstationName: event_data.WorkstationName +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml new file mode 100644 index 00000000..2f74612a --- /dev/null +++ b/tools/config/winlogbeat.yml @@ -0,0 +1,188 @@ +title: Elastic Winlogbeat (from 7.x) index pattern and field mapping +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + windows: + product: windows + index: winlogbeat-* + windows-application: + product: windows + service: application + conditions: + winlog.channel: Application + windows-security: + product: windows + service: security + conditions: + winlog.channel: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + winlog.channel: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + winlog.channel: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + winlog.provider_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-dhcp: + product: windows + service: dhcp + conditions: + winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' +defaultindex: winlogbeat-* +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: +<<<<<<< HEAD + EventID: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + CommandLine: winlog.event_data.CommandLine + ComputerName: winlog.ComputerName + CurrentDirectory: winlog.event_data.CurrentDirectory + Description: winlog.event_data.Description + DestinationHostname: winlog.event_data.DestinationHostname + DestinationIp: winlog.event_data.DestinationIp + DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 + DestinationPort: winlog.event_data.DestinationPort + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: winlog.event_data.FileName + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: winlog.event_data.Image + ImageLoaded: winlog.event_data.ImageLoaded + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: winlog.event_data.IpAddress + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: winlog.event_data.ParentCommandLine + ParentProcessName: winlog.event_data.ParentProcessName + ParentImage: winlog.event_data.ParentImage + Path: winlog.event_data.Path + PipeName: winlog.event_data.PipeName + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: winlog.event_data.ProcessName + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceImage: winlog.event_data.SourceImage + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectUserName: winlog.event_data.SubjectUserName + SubjectUserSid: winlog.event_data.SubjectUserSid + TargetFilename: winlog.event_data.TargetFilename + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + User: winlog.event_data.User + WorkstationName: winlog.event_data.WorkstationName +======= + EventID: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + CommandLine: winlog.event_data.CommandLine + ComputerName: winlog.computer_name + ContextInfo: winlog.event_data.ContextInfo + CurrentDirectory: winlog.event_data.CurrentDirectory + Description: winlog.event_data.Description + DestinationHostname: winlog.event_data.DestinationHostname + DestinationIp: winlog.event_data.DestinationIp + DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 + DestinationPort: winlog.event_data.DestinationPort + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: winlog.event_data.FileName + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: winlog.event_data.Image + ImageLoaded: winlog.event_data.ImageLoaded + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: winlog.event_data.IpAddress + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + Message: winlog.event_data.Message + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: winlog.event_data.ParentCommandLine + ParentProcessName: winlog.event_data.ParentProcessName + ParentImage: winlog.event_data.ParentImage + Path: winlog.event_data.Path + PipeName: winlog.event_data.PipeName + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: winlog.event_data.ProcessName + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceImage: winlog.event_data.SourceImage + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectUserName: winlog.event_data.SubjectUserName + SubjectUserSid: winlog.event_data.SubjectUserSid + TargetFilename: winlog.event_data.TargetFilename + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + User: winlog.event_data.User + WorkstationName: winlog.event_data.WorkstationName +>>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index e30dca2a..a0a27e4c 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -1,4 +1,3 @@ -<<<<<<< HEAD # Output backends for sigmac # Copyright 2016-2018 Thomas Patzke, Florian Roth, Roey @@ -77,7 +76,10 @@ class CarbonBlackBackend(SingleTextQueryBackend): def generateMapItemNode(self, node): fieldname, value = node - value = self.cleanValue(value) + if(fieldname == "path"): + value = self.cleanValuePath(value) + else: + value = self.cleanValue(value) print(str(value)) if(fieldname == "EventID" and (type(value) is str or type(value) is int )): fieldname = self.generateEventKey(value) @@ -136,8 +138,25 @@ class CarbonBlackBackend(SingleTextQueryBackend): new_value = '"' + new_value +'"' new_value = new_value.replace("(", "\(") new_value = new_value.replace(")", "\)") - new_value = new_value.replace(" ", "\ ") + if ('"' not in new_value): + new_value = new_value.replace(" ", "\ ") + new_value = new_value.strip() + if type(new_value) is list: + for index, vl in enumerate(new_value): + new_value[index] = self.cleanValue(vl) + return new_value + def cleanValuePath(self, value): + new_value = value + if type(new_value) is str: + # double backslash convention + if (new_value[:2] in ("*\/","*\\")): + new_value = new_value[2:] + if (new_value[:1] == '*'): + new_value = new_value.replace("*", "", 1) + # need tuning + if("*" in new_value and " " in new_value): + new_value=re.escape(new_value) new_value = new_value.strip() if type(new_value) is list: for index, vl in enumerate(new_value): @@ -157,6 +176,8 @@ class CarbonBlackBackend(SingleTextQueryBackend): return '' def cleanIPRange(self,value): + if('*' not in value): + return value new_value = value if type(new_value) is str and value.find('*') : sub = value.count('.') @@ -174,7 +195,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): return new_value def postAPI(self,result,title,desc): - url = 'https://10.14.132.6//api/v1/watchlist' + url = 'https://10.14.132.35//api/v1/watchlist' body = { "name":title, "search_query":"q="+str(result), @@ -182,7 +203,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): "index_type":"events" } header = { - "X-Auth-Token": "6ff62a0dd9cf895b806fbd3190f3c0b18d98a9ae" + "X-Auth-Token": "099c366b1e56c0bca3ae61ce1fb7435af7a5926c" } print(title) x = requests.post(url, data =json.dumps(body), headers = header, verify=False) @@ -209,148 +230,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): result += after # if mapped is not None: # result += fields - self.postAPI(result,title,desc) + # self.postAPI(result,title,desc) # print (title) - # print (str(result)) - return result -======= -import re - -from fnmatch import fnmatch - -from sigma.backends.base import SingleTextQueryBackend -from sigma.backends.exceptions import NotSupportedError -from sigma.parser.modifiers.type import SigmaRegularExpressionModifier -from sigma.parser.condition import ConditionOR, ConditionAND, NodeSubexpression - -from sigma.parser.modifiers.base import SigmaTypeModifier - - -class CarbonBlackWildcardHandlingMixin: - """ - Determine field mapping to keyword subfields depending on existence of wildcards in search values. Further, - provide configurability with backend parameters. - """ - # options = SingleTextQueryBackend.options + ( - # ("keyword_field", None, "Keyword sub-field name", None), - # ("keyword_blacklist", None, "Fields that don't have a keyword subfield (wildcards * and ? allowed)", None) - # ) - reContainsWildcard = re.compile("(?:(?]") - andToken = " AND " - orToken = " OR " - notToken = " -" - subExpression = "(%s)" - listExpression = "%s" - listSeparator = " OR " - valueExpression = '%s' - typedValueExpression = { - SigmaRegularExpressionModifier: "/%s/" - } - nullExpression = "NOT _exists_:%s" - notNullExpression = "_exists_:%s" - mapExpression = "%s:%s" - mapListsSpecialHandling = False - - def __init__(self, *args, **kwargs): - """Initialize field mappings.""" - super().__init__(*args, **kwargs) - self.category = None - self.excluded_fields = None - - - def cleanValue(self, val): - val = super().cleanValue(val) - if isinstance(val, str): - if val.startswith("*\\"): - val = val.replace("*\\", "*") - if val.startswith("*/"): - val = val.replace("*/", "*") - if val.endswith("\\*"): - val = val.replace("\\*", "*") - if val.endswith("/*"): - val = val.replace("/*", "*") - return val - - def generateValueNode(self, node): - result = super().generateValueNode(node) - if result == "" or result.isspace(): - return '""' - else: - if self.matchKeyword: # don't quote search value on keyword field - return result - else: - return "%s" % result - - def generateMapItemNode(self, node): - fieldname, value = node - if fieldname.lower() in self.excluded_fields: - return - else: - transformed_fieldname = self.fieldNameMapping(fieldname, value) - if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): - #return self.mapExpression % (transformed_fieldname, self.generateNode(value)) - if isinstance(value, list): - return self.generateNode([self.mapExpression % (transformed_fieldname, self.cleanValue(item)) for item in value]) - elif isinstance(value, str) or isinstance(value, int): - return self.mapExpression % (transformed_fieldname, self.generateNode(value)) - elif type(value) == list: - return self.generateMapItemListNode(transformed_fieldname, value) - elif isinstance(value, SigmaTypeModifier): - return self.generateMapItemTypedNode(transformed_fieldname, value) - elif value is None: - return self.nullExpression % (transformed_fieldname,) - else: - raise TypeError("Backend does not support map values of type " + str(type(value))) - - def generateNOTNode(self, node): - expression = super().generateNode(node.item) - if expression: - return "(%s%s)" % (self.notToken, expression) - - - def generate(self, sigmaparser): - """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" - try: - self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) - self.counted = sigmaparser.parsedyaml.get('counted', None) - self.excluded_fields = [item.lower() for item in sigmaparser.config.config.get("excludedfields", [])] - except KeyError: - self.category = None - if self.category == "process_creation": - for parsed in sigmaparser.condparsed: - query = self.generateQuery(parsed) - result = "" - - if query is not None: - result += query - return result - else: - raise NotSupportedError("Not supported logsource category.") ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c + print (str(result)) + return result \ No newline at end of file diff --git a/tools/sigma/eventdict.py b/tools/sigma/eventdict.py index d55404fd..c6f52286 100644 --- a/tools/sigma/eventdict.py +++ b/tools/sigma/eventdict.py @@ -6,9 +6,9 @@ event = { # 5: Process termincated 6: ('modload_count','[1 to *]'), 7: ('modload_count','[1 to *]'), - 8: ('crossproc_type', 'remote_thread'), + 8: ('crossproc_count', '[1 to *]'), # 9: Raw Access Read - 10: ('crossproc_type', 'process_open'), + 10: ('crossproc_count', '[1 to *]'), 11: ('filemod_count','[1 to *]'), 12: ('regmod_count','[1 to *]'), 13: ('regmod_count','[1 to *]'), From 0d932810b5bfaeea5e40d3b6365114371493ab77 Mon Sep 17 00:00:00 2001 From: grumo35 Date: Fri, 28 Feb 2020 15:16:18 +0100 Subject: [PATCH 095/714] Update sysmon_cred_dump_tools_dropped_files.yml Adding sysinternal's procdump utility more about this on : https://en.hackndo.com/remote-lsass-dump-passwords/ --- rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml b/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml index 0295398f..4ea0955c 100644 --- a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml +++ b/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml @@ -40,6 +40,7 @@ detection: - '\servpw.exe' - '\servpw64.exe' - '\pwdump.exe' + - '\procdump64.exe' condition: selection falsepositives: - Legitimate Administrator using tool for password recovery From fdcba84fc8e71c31cb0a4c0bf6b9364d24805434 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 29 Feb 2020 10:12:59 +0100 Subject: [PATCH 096/714] fix: escaped backslash --- rules/windows/sysmon/sysmon_renamed_jusched.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_renamed_jusched.yml b/rules/windows/sysmon/sysmon_renamed_jusched.yml index a43d93bf..ea237097 100644 --- a/rules/windows/sysmon/sysmon_renamed_jusched.yml +++ b/rules/windows/sysmon/sysmon_renamed_jusched.yml @@ -18,8 +18,8 @@ detection: selection2: Description: Java(TM) Update Scheduler filter: - Image: - - '*\\jusched.exe' + Image|endswith: + - '\jusched.exe' condition: (selection1 or selection2) and not filter falsepositives: - penetration tests, red teaming From fa6458b70f5253d56af7e7a3cd867ab93a3378fd Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 29 Feb 2020 15:45:45 +0100 Subject: [PATCH 097/714] rule: two rules to detect CVE-2020-0688 exploitation --- rules/web/web_cve_2020_0688_msexchange.yml | 28 +++++++++++++++++++ .../windows/builtin/win_vul_cve_2020_0688.yml | 25 +++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 rules/web/web_cve_2020_0688_msexchange.yml create mode 100644 rules/windows/builtin/win_vul_cve_2020_0688.yml diff --git a/rules/web/web_cve_2020_0688_msexchange.yml b/rules/web/web_cve_2020_0688_msexchange.yml new file mode 100644 index 00000000..2a8c9799 --- /dev/null +++ b/rules/web/web_cve_2020_0688_msexchange.yml @@ -0,0 +1,28 @@ +title: CVE-2020-0688 Exchange Exploitation via Web Log +id: fce2c2e2-0fb5-41ab-a14c-5391e1fd70a5 +status: experimental +description: Detects the exploitation of Microsoft Exchange vulnerability as described in CVE-2020-0688 +references: + - https://www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/ +author: Florian Roth +date: 2020/02/29 +logsource: + category: webserver +detection: + selection: + cs-method: 'GET' + c-uri|contains: + - '/ecp/' + - '/owa/' + c-uri|contains: '__VIEWSTATE=' + condition: selection +fields: + - c-ip + - c-dns +falsepositives: + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical + diff --git a/rules/windows/builtin/win_vul_cve_2020_0688.yml b/rules/windows/builtin/win_vul_cve_2020_0688.yml new file mode 100644 index 00000000..20495c30 --- /dev/null +++ b/rules/windows/builtin/win_vul_cve_2020_0688.yml @@ -0,0 +1,25 @@ +title: CVE-2020-0688 Exploitation via Eventlog +id: d6266bf5-935e-4661-b477-78772735a7cb +status: experimental +description: Detects the exploitation of Microsoft Exchange vulnerability as described in CVE-2020-0688 +references: + - https://www.trustedsec.com/blog/detecting-cve-20200688-remote-code-execution-vulnerability-on-microsoft-exchange-server/ +author: Florian Roth +date: 2020/02/29 +tags: + - attack.initial_access + - attack.t1190 +logsource: + product: windows + service: application +detection: + selection1: + EventID: 4 + Source: MSExchange Control Panel + Level: Error + selection2|contains: + - '&__VIEWSTATE=' + condition: selection1 and selection2 +falsepositives: + - Unknown +level: high From 15a400ac519dc2cf828c927352104d9e8269a72a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 29 Feb 2020 15:51:00 +0100 Subject: [PATCH 098/714] fix: fixing bug in rule --- rules/web/web_cve_2020_0688_msexchange.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/web/web_cve_2020_0688_msexchange.yml b/rules/web/web_cve_2020_0688_msexchange.yml index 2a8c9799..6f934302 100644 --- a/rules/web/web_cve_2020_0688_msexchange.yml +++ b/rules/web/web_cve_2020_0688_msexchange.yml @@ -9,13 +9,14 @@ date: 2020/02/29 logsource: category: webserver detection: - selection: + selection1: cs-method: 'GET' c-uri|contains: - '/ecp/' - '/owa/' + selection2: c-uri|contains: '__VIEWSTATE=' - condition: selection + condition: selection1 and selection2 fields: - c-ip - c-dns From 19d383989ce50ccaa0473951d4df36bcb283f3ed Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 29 Feb 2020 16:03:31 +0100 Subject: [PATCH 099/714] fix: keyword expression in rule --- rules/windows/builtin/win_vul_cve_2020_0688.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_vul_cve_2020_0688.yml b/rules/windows/builtin/win_vul_cve_2020_0688.yml index 20495c30..38b8e95e 100644 --- a/rules/windows/builtin/win_vul_cve_2020_0688.yml +++ b/rules/windows/builtin/win_vul_cve_2020_0688.yml @@ -17,8 +17,8 @@ detection: EventID: 4 Source: MSExchange Control Panel Level: Error - selection2|contains: - - '&__VIEWSTATE=' + selection2: + - '*&__VIEWSTATE=*' condition: selection1 and selection2 falsepositives: - Unknown From a0f7da8c03e54fb9db9d293e2f557525203e8d36 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 1 Mar 2020 22:21:30 +0100 Subject: [PATCH 100/714] Splunk XML backend rule title Fixes #645 --- CHANGELOG.md | 6 ++++++ tools/sigma/backends/splunk.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 692b1532..d55e3d3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) from version 0.14.0. +## Unreleased + +### Fixed + +* Splunx XML rule name is now set to rule title + ## 0.16.0 - 2020-02-25 ### Added diff --git a/tools/sigma/backends/splunk.py b/tools/sigma/backends/splunk.py index 9d95d9ee..63cb8810 100644 --- a/tools/sigma/backends/splunk.py +++ b/tools/sigma/backends/splunk.py @@ -160,7 +160,7 @@ class SplunkXMLBackend(SingleTextQueryBackend, MultiRuleOutputMixin): query = self.generateQuery(parsed) if query is not None: self.queries += self.panel_pre - self.queries += self.getRuleName(sigmaparser) + self.queries += sigmaparser.parsedyaml.get("title") or "" self.queries += self.panel_inf query = query.replace("<", "<") query = query.replace(">", ">") From b63889af75c0bacfc825be9d8a00c04938952998 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 1 Mar 2020 23:14:53 +0100 Subject: [PATCH 101/714] Fixed rules that likely will cause false negatives by fix --- .../win_local_system_owner_account_discovery.yml | 2 +- .../process_creation/win_susp_eventlog_clear.yml | 10 +++++----- .../windows/process_creation/win_susp_fsutil_usage.yml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/rules/windows/process_creation/win_local_system_owner_account_discovery.yml b/rules/windows/process_creation/win_local_system_owner_account_discovery.yml index 68b4618d..a46f9b19 100644 --- a/rules/windows/process_creation/win_local_system_owner_account_discovery.yml +++ b/rules/windows/process_creation/win_local_system_owner_account_discovery.yml @@ -25,7 +25,7 @@ detection: - Image|endswith: '\cmd.exe' CommandLine|contains|all: - '/c' - - 'dir' + - 'dir ' - '\Users\' filter_1: CommandLine|contains: diff --git a/rules/windows/process_creation/win_susp_eventlog_clear.yml b/rules/windows/process_creation/win_susp_eventlog_clear.yml index 5d8a7494..8100a2e4 100644 --- a/rules/windows/process_creation/win_susp_eventlog_clear.yml +++ b/rules/windows/process_creation/win_susp_eventlog_clear.yml @@ -20,16 +20,16 @@ detection: Image|endswith: '\wevtutil.exe' selection_wevtutil_command: CommandLine|contains: - - ' clear-log ' # clears specified log + - 'clear-log' # clears specified log - ' cl ' # short version of 'clear-log' - - ' set-log ' # modifies config of specified log. could be uset to set it to a tiny size + - 'set-log' # modifies config of specified log. could be uset to set it to a tiny size - ' sl ' # short version of 'set-log' selection_other_ps: Image|endswith: '\powershell.exe' CommandLine|contains: - - ' Clear-EventLog ' - - ' Remove-EventLog ' - - ' Limit-EventLog ' + - 'Clear-EventLog' + - 'Remove-EventLog' + - 'Limit-EventLog' selection_other_wmic: Image|endswith: '\wmic.exe' CommandLine|contains: ' ClearEventLog ' diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index b5825dc0..e204a9d7 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -22,8 +22,8 @@ detection: OriginalFileName: 'fsutil.exe' selection: CommandLine|contains: - - ' deletejournal ' # usn deletejournal ==> generally ransomware or attacker - - ' createjournal ' # usn createjournal ==> can modify config to set it to a tiny size + - 'deletejournal' # usn deletejournal ==> generally ransomware or attacker + - 'createjournal' # usn createjournal ==> can modify config to set it to a tiny size condition: (1 of binary_*) and selection falsepositives: - Admin activity From d4b5dd5749bfc108d93c8e24dc6d0a552c02a554 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Mon, 2 Mar 2020 16:43:20 +0100 Subject: [PATCH 102/714] Exclude Azure AD sync accounts from AD Replication rule --- .../builtin/win_ad_replication_non_machine_account.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_ad_replication_non_machine_account.yml b/rules/windows/builtin/win_ad_replication_non_machine_account.yml index 93580c59..60eab938 100644 --- a/rules/windows/builtin/win_ad_replication_non_machine_account.yml +++ b/rules/windows/builtin/win_ad_replication_non_machine_account.yml @@ -3,7 +3,7 @@ id: 17d619c1-e020-4347-957e-1d1207455c93 description: Detects potential abuse of Active Directory Replication Service (ADRS) from a non machine account to request credentials. status: experimental date: 2019/07/26 -modified: 2019/11/10 +modified: 2020/03/02 author: Roberto Rodriguez @Cyb3rWard0g references: - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/06_credential_access/T1003_credential_dumping/ad_replication_non_machine_account.md @@ -22,7 +22,8 @@ detection: - '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2' - '89e95b76-444d-4c62-991a-0facbeda640c' filter: - SubjectUserName|endswith: '$' + - SubjectUserName|endswith: '$' + - SubjectUserName|startswith: 'MSOL_' #https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#ad-ds-connector-account condition: selection and not filter fields: - ComputerName From 7139bfb0cb0d4a3347aa5c814321f78fe61fa0ad Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 3 Mar 2020 11:01:42 +0100 Subject: [PATCH 103/714] fix: avoiding FPs with Citrix software writing C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\__PSScriptPolicyTest_r23phtye.jsp.ps1 --- rules/windows/sysmon/sysmon_webshell_creation_detect.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 6973e019..5ccb9660 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -32,8 +32,7 @@ detection: selection_5: TargetFilename|contains: '.ph' selection_6: - - TargetFilename|contains|all: - - '\' + - TargetFilename|endswith: - '.jsp' - TargetFilename|contains|all: - '\cgi-bin\' From be4242aca8036fa738d84053d32d91de857a6c0f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 3 Mar 2020 11:16:59 +0100 Subject: [PATCH 104/714] fix avoiding FPs with MpCmdRun ParentImage: C:\Windows\System32\services.exe CommandLine: C:\Program Files\Microsoft Security Client\\MpCmdRun.exe --- ...in_meterpreter_or_cobaltstrike_getsystem_service_start.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml index 4907ea2d..1c4c5452 100644 --- a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml +++ b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml @@ -37,7 +37,9 @@ detection: - 'rundll32' - '.dll,a' - '/p:' - condition: selection_1 and selection_2 + filter: + CommandLine|contains: 'MpCmdRun' + condition: selection_1 and selection_2 and not filter1 fields: - ComputerName - User From f98ad7a8df698376f239305f69d1609181479f99 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 3 Mar 2020 11:25:02 +0100 Subject: [PATCH 105/714] fix: wrong identifier --- ...win_meterpreter_or_cobaltstrike_getsystem_service_start.yml | 2 +- rules/windows/sysmon/sysmon_webshell_creation_detect.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml index 1c4c5452..2b5f5040 100644 --- a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml +++ b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml @@ -37,7 +37,7 @@ detection: - 'rundll32' - '.dll,a' - '/p:' - filter: + filter1: CommandLine|contains: 'MpCmdRun' condition: selection_1 and selection_2 and not filter1 fields: diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 5ccb9660..6ea8143f 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -32,8 +32,7 @@ detection: selection_5: TargetFilename|contains: '.ph' selection_6: - - TargetFilename|endswith: - - '.jsp' + - TargetFilename|endswith: '.jsp' - TargetFilename|contains|all: - '\cgi-bin\' - '.pl' From 6bbb166f3d7f00809535a11c429db5ab088bc1fb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 4 Mar 2020 14:25:57 +0100 Subject: [PATCH 106/714] rule: extended webshell rule with tomcat.exe --- rules/windows/process_creation/win_webshell_spawn.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/process_creation/win_webshell_spawn.yml b/rules/windows/process_creation/win_webshell_spawn.yml index b287f94a..a6a147ee 100644 --- a/rules/windows/process_creation/win_webshell_spawn.yml +++ b/rules/windows/process_creation/win_webshell_spawn.yml @@ -4,6 +4,7 @@ status: experimental description: Web servers that spawn shell processes could be the result of a successfully placed web shell or an other attack author: Thomas Patzke date: 2019/01/16 +modified: 2020/03/03 logsource: category: process_creation product: windows @@ -14,6 +15,7 @@ detection: - '*\httpd.exe' - '*\nginx.exe' - '*\php-cgi.exe' + - '*\tomcat.exe' Image: - '*\cmd.exe' - '*\sh.exe' From b9e4734087eb599c4ec55c548f06b003c3d4f120 Mon Sep 17 00:00:00 2001 From: ecco Date: Wed, 4 Mar 2020 12:47:42 -0500 Subject: [PATCH 107/714] fix sysmon registry rules with HKLM/HKU format as used since 02/2017 in sysmon --- rules/windows/process_creation/win_mal_adwind.yml | 2 +- rules/windows/sysmon/sysmon_apt_pandemic.yml | 4 +--- rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml | 2 +- rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/rules/windows/process_creation/win_mal_adwind.yml b/rules/windows/process_creation/win_mal_adwind.yml index d007e070..68cea191 100644 --- a/rules/windows/process_creation/win_mal_adwind.yml +++ b/rules/windows/process_creation/win_mal_adwind.yml @@ -41,5 +41,5 @@ logsource: detection: selection: EventID: 13 - TargetObject: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run* + TargetObject: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run* Details: '%AppData%\Roaming\Oracle\bin\\*' diff --git a/rules/windows/sysmon/sysmon_apt_pandemic.yml b/rules/windows/sysmon/sysmon_apt_pandemic.yml index 69e393e8..7360e5e2 100755 --- a/rules/windows/sysmon/sysmon_apt_pandemic.yml +++ b/rules/windows/sysmon/sysmon_apt_pandemic.yml @@ -31,9 +31,7 @@ detection: selection1: EventID: 13 TargetObject: - - '\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\services\null\Instance*' - - '\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\null\Instance*' - - '\REGISTRY\MACHINE\SYSTEM\ControlSet002\services\null\Instance*' + - 'HKLM\SYSTEM\CurrentControlSet\services\null\Instance*' --- logsource: category: process_creation diff --git a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml index 02b5ffab..c91f0abd 100644 --- a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml +++ b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml @@ -13,7 +13,7 @@ logsource: detection: methregistry: EventID: 13 - TargetObject: 'HKEY_USERS\\*\mscfile\shell\open\command' + TargetObject: 'HKU\\*\mscfile\shell\open\command' methprocess: EventID: 1 # Migration to process_creation requires multipart YAML ParentImage: '*\eventvwr.exe' diff --git a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml index 12b73f3a..180f7b5d 100644 --- a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml +++ b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml @@ -12,7 +12,7 @@ logsource: detection: selection: EventID: 13 - TargetObject: 'HKEY_USERS\\*\Classes\exefile\shell\runas\command\isolatedCommand' + TargetObject: 'HKU\\*\Classes\exefile\shell\runas\command\isolatedCommand' condition: selection tags: - attack.defense_evasion From ae56db97ffdf6b188123488e322d30851be1050d Mon Sep 17 00:00:00 2001 From: "2XXE (SRA)" <40869774+2XXE-SRA@users.noreply.github.com> Date: Wed, 4 Mar 2020 14:57:41 -0500 Subject: [PATCH 108/714] mmc lateral movement detection 1 see https://github.com/Neo23x0/sigma/issues/576 --- .../builtin/win_mmc20_lateral_movement.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/builtin/win_mmc20_lateral_movement.yml diff --git a/rules/windows/builtin/win_mmc20_lateral_movement.yml b/rules/windows/builtin/win_mmc20_lateral_movement.yml new file mode 100644 index 00000000..f15df478 --- /dev/null +++ b/rules/windows/builtin/win_mmc20_lateral_movement.yml @@ -0,0 +1,24 @@ +title: MMC20 Lateral Movement +id: f1f3bf22-deb2-418d-8cce-e1a45e46a5bd +description: Detects MMC20.Application Lateral Movement; specifically looks for the spawning of the parent MMC.exe with a command line of "-Embedding" as a child of svchost.exe +author: @2xxeformyshirt (Security Risk Advisors) +date: 2020/03/04 +references: + - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ + - https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view?usp=sharing +tags: + - attack.execution + - attack.t1175 +logsource: + category: process_creation + product: windows +detection: + selection: + EventID: 4688 + ParentImage: '*\svchost.exe' + Image: '*\mmc.exe' + CommandLine: '*-Embedding*' + condition: selection +falsepositives: + - Unlikely +level: high From 9cb395823cdc7f0467752f4caa7b2e3e07de09ef Mon Sep 17 00:00:00 2001 From: Abhijit Khinvasara Date: Sat, 22 Feb 2020 20:59:56 -0800 Subject: [PATCH 109/714] Rework according to review comments. --- tools/sigma/backends/logiq.py | 72 ++++++++++++----------------------- 1 file changed, 24 insertions(+), 48 deletions(-) diff --git a/tools/sigma/backends/logiq.py b/tools/sigma/backends/logiq.py index 142be330..3970bbaa 100644 --- a/tools/sigma/backends/logiq.py +++ b/tools/sigma/backends/logiq.py @@ -1,21 +1,31 @@ import re -from .base import BaseBackend -from .mixins import QuoteCharMixin +from .base import SingleTextQueryBackend import json -class LogiqBackend(BaseBackend, QuoteCharMixin): - """Generates Perl compatible regular expressions and puts 'grep -P' around it""" +class LogiqBackend(SingleTextQueryBackend): + """Converts Sigma rule into LOGIQ event rule api payload """ identifier = "logiq" - active = True config_required = False + active = True + reEscape = re.compile('(")') + reClear = None + andToken = " && " + orToken = " || " + notToken = " !~ " + subExpression = "%s" + listExpression = "%s" + listSeparator = ", " + valueExpression = "message =~ \'%s\'" + keyExpression = "%s" + nullExpression = "%s" + notNullExpression = "!%s" + mapExpression = "(%s=%s)" + mapListsSpecialHandling = True reEscape = re.compile("([\\|()\[\]{}.^$+])") def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" - print ("XXXXXX LogiqBackend definitions",sigmaparser.definitions) - print ("XXXXXX LogiqBackend values",sigmaparser.values) - print ("XXXXXX LogiqBackend config",sigmaparser.config) eventRule = dict() eventRule["name"] = sigmaparser.parsedyaml["title"] @@ -24,10 +34,8 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): eventRule["condition"] = sigmaparser.parsedyaml["detection"] eventRule["level"] = sigmaparser.parsedyaml["level"] - - for key,value in eventRule.items(): - print(key, ":", value) - print ("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") + # for key,value in eventRule.items(): + # print(key, ":", value) for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) @@ -42,38 +50,15 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): if after is not None: eventRule["condition"] += after - result = json.dumps(eventRule) - - return result - - def generateQuery(self, parsed): - # print("generateQuery: ", parsed) - return "%s" % self.generateNode(parsed.parsedSearch) + return json.dumps(eventRule) def cleanValue(self, val): - # val = super().cleanValue(val) if val[0] == '*': val = val.replace("*","/*") - - print("cleanValue: ", val) + + # print("cleanValue: ", val) return val - def generateORNode(self, node): - print("generateORNode: ", node) - return "%s" % " || ".join([self.generateNode(val) for val in node]) - - def generateANDNode(self, node): - print("generateORNode: ", node) - return "%s" % " && ".join([self.generateNode(val) for val in node]) - - def generateNOTNode(self, node): - print("generateNOTNode: ", node) - return "%s" % self.generateNode(node.item) - - def generateSubexpressionNode(self, node): - # print("generateSubexpressionNode: ", node) - return "%s" % self.generateNode(node.items) - def generateListNode(self, node): # print("generateListNode: ", node) if not set([type(value) for value in node]).issubset({str, int}): @@ -81,18 +66,9 @@ class LogiqBackend(BaseBackend, QuoteCharMixin): return self.generateORNode(node) def generateMapItemNode(self, node): - print("generateMapItemNode: ", node) + # print("generateMapItemNode: ", node) key, value = node if value is None: return self.generateNULLValueNode(node) else: return self.generateNode(value) - - def generateValueNode(self, node): - print("generateValueNode: ", node) - return "message =~ '" + self.cleanValue(str(node)).strip() + "'" - - def generateNULLValueNode(self, node): - print("generateNULLValueNode: ", node) - key, value = node - return "%s" % key From b040c129be191f620d187a76e5a33b5747d8abd7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 7 Mar 2020 10:38:02 +0100 Subject: [PATCH 110/714] fix: author field starting with an '@' symbol --- rules/windows/builtin/win_mmc20_lateral_movement.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_mmc20_lateral_movement.yml b/rules/windows/builtin/win_mmc20_lateral_movement.yml index f15df478..4bf638ae 100644 --- a/rules/windows/builtin/win_mmc20_lateral_movement.yml +++ b/rules/windows/builtin/win_mmc20_lateral_movement.yml @@ -1,7 +1,7 @@ title: MMC20 Lateral Movement id: f1f3bf22-deb2-418d-8cce-e1a45e46a5bd description: Detects MMC20.Application Lateral Movement; specifically looks for the spawning of the parent MMC.exe with a command line of "-Embedding" as a child of svchost.exe -author: @2xxeformyshirt (Security Risk Advisors) +author: '@2xxeformyshirt (Security Risk Advisors)' date: 2020/03/04 references: - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ From 2e184382f5390cc4b161b6216334adc3d6e86e78 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 7 Mar 2020 10:43:47 +0100 Subject: [PATCH 111/714] fix: eventid in process_creation rules --- rules/windows/builtin/win_mmc20_lateral_movement.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/builtin/win_mmc20_lateral_movement.yml b/rules/windows/builtin/win_mmc20_lateral_movement.yml index 4bf638ae..baaaca7f 100644 --- a/rules/windows/builtin/win_mmc20_lateral_movement.yml +++ b/rules/windows/builtin/win_mmc20_lateral_movement.yml @@ -14,7 +14,6 @@ logsource: product: windows detection: selection: - EventID: 4688 ParentImage: '*\svchost.exe' Image: '*\mmc.exe' CommandLine: '*-Embedding*' From 54d3706a7f2689a083f5fe053a3b67ea69305738 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 7 Mar 2020 11:05:53 +0100 Subject: [PATCH 112/714] docs: removed outdated section from info graphic --- images/sigma_infographic_hq.png | Bin 1916573 -> 1232486 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/images/sigma_infographic_hq.png b/images/sigma_infographic_hq.png index c61bdbcbb0c778bef3155226f4f1bf5c52fa7465..cf0d2a60f3f845c9298a427aa4a24d1d2ed6065e 100644 GIT binary patch literal 1232486 zcmbrl1yEeg);78acX#*T?(Po3-QC@FaDoJv5S-v{AtZQkcS#5k+=4@J?j-Ly=a=vM zZ(X5ks%G|Dz4}?&-K#fm)KukAk%*8006R&y&?3u{(CXEz8P0EET-+{`T5-TZvHV@~E(@ zxJg;t*~I9q#}Q}{VMxp)ftiBSEOD+u}i=P?@< z#a|XLM-eJL6*USeR}X6n9#$S!b}CUM3Skc`8$k_e*?$d&{1TzE^YU^NWMlL7^=0+t zVs-VfW#bSK5MX2HWaH#yfpD;R`n!0U`?0uqQvVV0j|^#RPfHJbH!piv7m7bJ%`IHL zy+o*}Aasg<3AeKRk8C$@52wG9tt{EBovfX$UA#QmI9NH@{%3w`Kl}fI#>Mkr=7JcG z?GFXQ&i=o!yV<#Vxq8~Uy8UOC|7Fa7$p2-am%YvZVV*yf|H2M2_kTZwpSjzA$E>3A zf6wmh{J*H-=_TU>G2FkL@V}_=?+HA${N1eCG^{;cy*(_gWqcskqyB3+D@#EeR}W`% z$as5ab6aaRHy7K#gg*uolyY@)_0WXGn6(HM$NzY&X76Y1q$h0;ae^nrdk`8gJNy4e z*8iW#T>Lzof64!`=s%KGT&*C2x&Akjf|Qh+hpUaf6NKieAtyRc!p_IS!KcL` zAjrWk$i>UT&MWvYi~Wb&)kDkG)k%a(;!lcGsQo)MDWs$*AQE^e=vB-u?Op!FE5ly| ze+H^RvenAm%lzLHak8_pb3x|P;@}Wu=Mm)KWnzbX`3Lb|epf4d8~^`@+$t)9(yo@? ze=-^Rkq+?<8oil2jp+k(e}#oR`KkA+Wwn^S<-M!-sd-}2u8 zAtDr9JiW|aEUo`7!v6og2#C`l)y>@L|1+9DC5J*7q5uSsyuGKFtB3#JNB`6zO>6gm ze*N>)$^LHv`cs1b@S9uy6D*d0J!J8MWZ|DVH*?Y~v;Z`JsZdTt)BR^FD@|IzOs>i>?+#>O6!9{&GCCk4H%wFLzy zFC;uU+5d@22&8`o{u|Q&DIos^Nto?V;s3V-gxUU!i~eEwpH>QpD*rr#tU!>ZjO{;b z8RW-*RzqtS$P(xQS?lP6FQbbebnT2yTyXfc}_n3hMKC)(= zEzcJNL#j$9GkZ)jO|4pbVOrs411*&`yb}%1#>lhEGcX-KP8ZL$Uxul&s_xyG6$@5A z;26`uWIS{(sKaTXs%P?6D2s)m`!|Q_ru^>S9?ebM??P-kc>sS-nKP__Qr7xrt9Pid z#xD8vX{4Z(qCIY$(b29ZnNBJNq^_hP!oWcrpdp*d)BF0ll7wYu@98c5pPmwe-iBG(z9Z%5`WrrN9QG0!NGDvz0zM>iPMoU z9*84YU*ui+t$988?I~pwtEo5am%wSZy}Yq?+;Q7pB96d$$fgC+O zE&%{g01DC)T7J35o&F6hBgT7K`g^&7r{C9qE!96tZdjZ zP@tn568pH&0&V*8&-(dMmd)i7NG-ATP$Kl z6EW-@5$K6DUqXb;GEHd`<08z*jbf9Kt;B^+zk;cjBkxA$cNdd)Paux!g*-|=4V%dX zK*7Q>1He8@U-OvU?&a<{^SM#>>oWF^UueB*&xM4^1uh&cFZlw%olNtY`tDt)8~|nq zgOCA$s?UyK@SPZX7Vk0os@Yh?@RQbBy_ZNu-_dFe+ecU;;lz2P1TBjId4&*h_G#)@fp*++^kfx0laQ;apRR5DC8+m;T`_lO728x@*7%DVC zi4$+x0G%x?u%#VS2|V?;!3zRC`0QpNKpaJlI96S0D*Vt2H#}A|4nY-56FQN>q6CSN zT&}t9DqbGp=NI9J!LmoN&(9oQhU_|FGpgI*I^qwX%4I{2rmsK_^1sl%+3*$LJQw#F=SdK$`u7r?iUXOpUk8rm27) z2z7%X*m3>>Ls%=!GOiq%Rk$8mcOzF75Kry_!va8KA@@{EP8`opFNY0%CtNcv5FnNJ zk*xx{?h@5Z_4?qm(YYu9V8B6~EiP}CqBCG|R_Vjxz(R|xB?tD_itzq2qg5ce27&1H z;`%ddGqW_XIMg>56>R-@FaQkNAJs9S7m(Mg^zff;2o6iHREH+J&?caHn0K11pyI062k2b@@Fd4# zfwqHI8A_o~o(AJjYbS|8yjPudl2#n70UunvC)=X<@Bpj7&O%uh(}OidRn?}T!9_p- z-N8^;vA>in)S395^EsdZ7*LR)*oZ$&0c>onwTfhrU3;TTVJu&xs>%P*(0slViMBg{ zAiC#bW;{~j9SvVJ4y>-9a*kxe1NtG+e1(+%FhYR+19eEN1jZ{Zq0!>pOxjx9Tfc}# zqHSNE;sXwlQ|KH{riOPZGtaI~0|$tIhnW2yj;-rvom9KP+~`xqX)v{|6KN!+ZCf~^ zQc{(LBxZPBWtN0I1E3{wlt4PqZn>kO_so*5M=}??tf!)P+ggMo!DZG163sGF#l||n&|*`CeRrBbK)hz(kt?sF z2f`*8)vp&!2F;X(m3smo0Bd0enihn)7fq!&!Tk#f$S`9B1)vBwh<9(~)#;8Gn1nFC zxz0sXOBbur1Hk-XUT6T=fbJ4~+wgq_6=3<3+s4zcBQhd`*y1JsQL8ZLjVLPo5oQ!F z&f?X-5~v}(UZAGHIe2VXa;k&EqK?WVz)5qqO$Xf@EUM ztr|P)iGoBsH1HWdf&%D+U95KL)k6ZNNrY68pHLPd^X8OPYvM`36@>$5@a;D;tP-vL zUd%i;xnMdNTCTTrr|)`@8P2u?!^|{c!uklY$7BbUCY*znsSK#>kWln`5Z_nHFHmOU z=J-zYMUY9Tta8YMfJh1Wt+XD5PQQxlBtTkjO;kIMKLMk^2N!|~ojDxQ z1dgQvi-~i-B!YOlTH56-nD)0%zAUnb4#%}umvk*R2hVh_^`%s-I`OcS}e!Ky-np1Z6j_0!|8 z_E+g*&8b#ls9n0ibkQvQ=tZQ}S4vE7D7!a4a7P$+7}%&+{zY=)UjQ&h(6!~c?@=?? zt+@;wL`e=(bYgY~NIZ!{t&?I6ZvL5J|IhjtIB$8WVkl(k#4*pia_z*&>$+Zt4xmD1 zPY62Y+U=cVgQb@?SN8a?s1B@ z-V#KF01z~Y8!j_oQJ2CR!``FS&IlM->A9_B=BmmdVQH!C@646D*^{t=s7hRUNIr)E zGc(dO4~sz(v=A`ePM@XjPG0Yo8_q+CAoP`L1dIq!6xW9F;LR$i6dqs%jEM69za!Te zjlvdTKT9=C4i(42f#vmPAhtV`lJGNXJ?AmBEXsPx*+JDVsnQ2KWpN6T$1whr^v_H0)nPpp z=`eB&1HK*RW0w~?Q&lJt$`IVTGZO{yJL)W8;FvcucJHBx-~nfTojkytBEJw&wTFR} ziL+W)m6NH3cmfI}v!1wjc!MrcmZrO*tii$=?-7C{C>`n39g%`n@*mw5Khr`Vw3Xgf zTH#rr3Mod8q*^LXR+@}qd&T&Bdz*K9FlmK+XCnd{Yz6rFGN@4cz|?}eX1N@c1bY@d zad_?SZ-=L}@poC*6=aV*5FiByGiq^Ci47+d8c^O3qL{|cDNwShIO@=?afN<&r#npy zUc|WCUI!+##REa8;A^B7M2@?k7Nmsw%)hkm_>fo)R#(3{<`%9xCLF$pg4RK|(=4UO zr+IV0gFzEKf18>aF}RJ_P8f0*);N7#7Qk$Q)kwy(>BC9X(c;fUM;5fQd_X=GX;Se- z$!ESK;q-WdjA5s%#xzn)b2;#$j4(*sb+9Hf{jk{Z2o0?>PO*j%izd%~24X(_Q^M!O z_CvSIT(6aCgF$UhFzqQ8zIxfD!H%XOVW4VwGflQa#5T+cvNwkN`lvO{toXkBxMopu zNd#QdC*@)tOC0ZTe@u(?9dA=^^D49aIzxzmH;tT{V-{XF(`bTQ=R%Eu=LQdPK0LxI zz%Aj6$)^TMH4OOqD}h0D0PHYt;Ml36!0u##gi6prRo=?w;U{pP@$QcJ3O6G`(t|4O zTQ2-CrNL_};cR&^nS$vt>~cLHI3CoZGlY^%cQof zW9TAP+;5>6yC~OpCYolrgUTP93-nG&fnWcXqAZK7mg*37t*B)J1?+Rd#^c(0CdGfW zncnGC{57>&0)k_n2240jJY~ICAzM1gp9QU$Sic?)kSxbONU%4J3aK_a%iFc>sq|X; z`hHfsWMjzPz_j>Gig;{-L{<$nY42e4Sv34{focD*-^k!PR7^6kzQ?G6dbR1LI*E1ZsjDpnXdX z6CCuW;?%cz?+Vbi?=XuptL;BW{Z4Jk#*8+&9WQ%C?Uv=*#rLl&CD}p5qc6_yfgu;T zG{}PKy?8W2$aI8cdd>wy7yxeQMd%>Kv(@s-jf-tCII!!rt&qDF4IHW9mN|I^@y0Y| z$lh3X;ui>xGrg&5zn`s0FC5YVgm>XEzi>X+J#OpXwsxhNf{vD?HKHY~KQq)!qYp5a zq)|J>+^Vxq8SpcaNmaXd){^InNuGZ8nmaX~9Ve$q5Z*v}ZA=q)nyueoShgOZo9`xH z-K#})?|E$J<)kA&IbbOef5UH#cNrXCe1_8KWz0&0YzKnYabsR3A8=UB!uJ`eB>L3? z+w!TdaJPselTrU@kq;tdVsD5z$xEfVibBpJiD##uvl=qH5XzTE# zBdl2@7-9L1>L{foHWXFtWXN>U-of(01#?~QEEnbGi+}+n;(B7eA1iZjFE??WfxPbw zWV$Fd-PAP5gt7ZYRI|f6G{V`;*XF{lX4_$o`;hpN%N9?uy4eBil~T=XV5EN9I3^-4|jVX)E~HWk5^lI4L0OykgW`iCP( zid*#6yzVLfjb%{=*}Ux&s`dU!iQtVeTzGb<{xEHkfcl`X1WZN``wbzi3QYEaH&(ij zgBjDsF@;vYwCLF?qBfisJ(J;p0F>VyjIR4XaRY?-M7?JYLCYlzv7d&th%#yy=%X&s zzn($?xql2=!D}I*G6-rtC*W!CyT#VCz;}CP7gn+uaDeG`4K;L|8C_V4dNMnM*&@8S zDP>TZI0f2gV~3Qo-YJ<25CX}T$Yp*Ozsg+N(I#=JvVa!2&{q-K-wxZJQ=}kA4tbpS zh<)u;IoWL|jp+HcJxWJiq#0gq;gd}Sg`NQnYa&nj>Saw+bwW&OUgYu^A$ao7u2>xJ z>ZymL6RXn1`Xg+GN|<_gp|uW`TrCTr_8|hg7657?$ZyS1km-x4lP=R{(r4h^7){X( zVw8#2VhwiO2l?MM9^bE0V_(&m>D2@Kce!F?)qg4fh>_srRr+vZPCbp;r20e1pJp9)5NGdd5XwJ8QrT2)Y1bK?Dtb5lk-??Rd#h-X&zh zPMIo9$Tn+@*D?+M0}sCT;iW*m@1ahtAVG_Fs&2d`OXy;4J*bBWI{IQ z04+=>k8bxBQyZNhc@<8g%JujJ%SD5xMxuG)+dV*$S;OFK;GL=oxVF7!Bda1By z+}MqWTCK$T7o19pZ^`@~w`96JqVq(mqjb>Q9v?p?jN7r1$*&-OP;(N8ghfFi>Qm4ywOB;D8;VJrVpOv%$wz82+cB1LoQYTp*(FC$kV849n&p_{6V*Y7*kQ&h=?n0HoevRm1}Yh?~xE zz5a-wUHc%~h{$fn^U4VkpwnCM4uz5C5oXH}7ya0FsFd2QyUlk*@Fei&>q@+N4O0(+ z$jJF?Vl0b8N*Tve_h1xU%N&(a!y+Q$dV1V#B!lZQybMO^hcCoC7)+#|;Zx$m>A`$C zvHTNp8Qa6Al8BKMv$F+~cSCd?LAZ!K%Swl}x@X;7khq8zpT384SVg`&M|aE>J+K+-u!jX~KzRru@vyHH24X^C zx1fmZy$iU`l9NeXY<mNTeUvWYivonVOCsZGVy0M*PYKL zvf<|g87F61q)OtUK}rlj0%g34Q|E^&{?b$Ug=lIgBHM@p{+?RUZV}et1Mc!DY!LL3 zwk9O^BknYibUI^aZR?p3FIJUw;!u7RjGZ@ZM(l+&%{nH(a*$Bl{9e-kB?jO0DS2Hx zKqPsi-O6royLelDfs5bP?ya!}-jF;qckK*AHOQ;lg;tH1bs~{(gqV=V(z34-mUEa- zpz2Sy0zWi)jl&G4FJq#!U8N5N3473EM_|En;|99D0Xu>WB0z{<4 z3;bq6=U&8UC%$S4IF4)Zsxm7d3T;)Ck$TH4D0IJm#{Ndr_8aw^sOz|ii2dx~72=(= z4lrpMM|+Kh)55Aqy|H?^XrWG-))j)t=nPD?q1?J+lgn%I5p<>(UJm8Q24#Z=`n6cA zHE23r=K*&F=5hnbwizz|E&SnEk!j3{Fe6^tMJ(wfB-D8VyYQk%H}i``y#*_FwK+5l zgkbhpA8GsN5ViSD*nvVRvmVY8M?QKxY$h$m?{)l`A7nK0udUUBL*l~7@d(#ZJ*!l; zHTM`-AHy56*1d_?__gG`QTYg2pxsJww4&Yy>M`7a79v$zn5G@l|?LDn>DL zVOUy+G-ljJhMX>`$hmJWFEE*O{9iL#V4>0`4KLaX_FjY8&BDkc%$RQqH;#Ld2nvzp zR$-?Zb3HF5JbztRBU61(Lj^NjKfuUL?9mL%A=Dbcp^zAucxcVez+;50!$D5erfT_# zdlL2)PJ5%h0rX77sRW=z4uOlPEG!8y+)g1vv)TQ8hf&mV(V!l3`NnmeLnto5a7Z+C z&uIGINGmpU<^`W~19{(5mpOjuS^7foDC549RnNx#$uT43py7u`2;j?uavZ!0c3J}8SqofI>0D2Jf`273NW@U`EUC>X?qwF1EwrctUT0hCwxRCYUE5Q=` zJ92D)5w&@PrFdkd+Y_*ZjylIlDnWsWqIbi8L|NU9;V1nbjlO^pOC0kX?F^$|Do0mb z{ccyT9B)V#^W9QxnahF)QDZMkqO;4aqaXQ}V5}kx2uR>)YJ@`mHr_0|*Cbl$7S@u0 zvK2^Fe6iisY5XjE({>&sQOr%Fv)w1fVw#eEIXK+O=-91BcwTkFptH!7s!=YJ8!iPi zu(oVr_uVHIi}ml`X5R{!mYp@iDS;swfd}@<3JfZ2Zm0E8js~@kxu_$T(4uv80^^Kn zd!FFH0cJh3)|mFzmp?WO!iZO?d)*RCxkwO@emwFB=%nm_^ZU>rpqMU9gf@pil*|da zj{x&Nh+2kXrM$?zTYWTj>UwSK^|M5*G))Kz=UALH);aC-umW2nBa6XOPQq1~(lLzi zzF-8X8YHnKOaZczM;o<%qpzS9<@@L8T7yYdF)2{^!2#1S#0WcUi91+~S+8Dri*MWD ztOu+;@a=KJGrX~pNiY;HvxF`|JDmH8!c2nMIif8y4;%JPC0SpmJXC^g4PKGg4S~XZ zmmsG++>XAlGNlHITCCB~g_s?7Qg4d8%THr?;1{cV^iT>8lro738d@;M6sA2`>@GhL zpkd=z$QILCsW0povCXB%LPHt}r)k~hLITd7QSHzA-g|yi!95;J@99kJ(yR3DM~K!S zjRk}9jiuLdg25&|{7=Pw(u*IM_cLGpYKfBh3AEh>sdx$W_?+*n)#&!XmjzPebtk%X z^Y;oXKS4uh^2|^1fv&)jIO6VCKw=1{2gKe_(QK0Z9<4i$TfzAch&@QXix!yoybRN} z%292mqmcax91hC!o#|6*(c2;?c`ZLTY8uyrABl{%)-tNr`Zpzq)Dz{2-34>4jTxpcZ)5&7e9rkfxuJ#G3JjTM_nl9rLxD1oR;!;JRv9t1 zRf7VvWs2Sf$ctmahOVji-7cO}QxCXwz=pP(@kblGxO+z7>a$m$C(Al!hAu2RTc?@# zCW$$NotlYlSu2@_yzw<6I6V~=jO@Xo-7@0>AOGVcf(JBMG)}MOuIr5sxdBbOSM=EI z;oL{ah0S<)2RWWwV#amVYmR2Ko+{fA*0?@hLN#;3R*uzdp%h=mi=G-fd^zz?vm*q# zRlr$I4$61D94bJDid^m>f@+vUEGxO0z>99ioM0#{sn8fAgK7zcBZ4}ujDIT%HC*YSsu~iW_KDryc3aIxmYJh zl^#aGZUSw1?_Aj}|4{~#?C@+;2nq{kd$*a+KX&QcRhzn(*6q6e*CMi*@*nj5-`t;0 zC$BU(Tx@fUx!15knZ>^=%Ki2WKWVyKt0v@LT>L#)4N=BJ9hlKtNQm{0PgVOj_Vn)^~cd(g$HnQPn+4^ z$<)|swOx4;Zhl|s>5;pRDUrjzX5V@KoAafmQKbsv76lQ1lY3{{TkS{XgR=rUN z8AOqSbU2#v*0&P0y>4^MntjPp^$Ph~<~HoSNNeXLKOQiQbBfdk0~KLq2mr9CM(i$8 zx+F2f1_$=pF9F5pWQh1hUZA7@UMgFtOLFa?Vlm%|HO{beLh({z7ft$nFt4wv9b^!| zwPA?_uv71SLj!>GB9H!5LFp?6LI>%Ni;HEQ{LS!Ga-HX2swprfnyQIGON?QgKnO%U zGCyrSDSJJf3z&vukhf&I0u5x8bgAYUXE>~H z;H3m>?-BLoMfC>29{;)BDEh$1gTsKBXwha;RO_U$-5B}7BWD29Gk>Dt-X!?AQxsW- z8E2;6f`wN+4^Q}m-QjFVLtLT+4F6Qb?XX<2e)HSW?MXrPSZ*S9%cceO@Y-74+{&?- z?7%rV+B=Fgqc`L_C&8MVDY_d7kgb$!qoHrnQfTYjC6%cC(!~m+I)Ea=HVPrwFwymh zl5$6io&j=Zw$0UwPXJ%veAI(8{25>gGW&Cj0-fmmi;SV#%aYc#m8-xgq?+S*qXCPS zz}YGq-C_pQ{6H-uvV$lFux)3ZMZRq+lT@SYIZTTH6yOZPB3s6<5Joiy7`I#39U+xB zwF@CP$uM>{=BzipC)QhgRg(ja2ibuKAn10$!G2g|O4sGm!mJr>grGz1$7w;a@CbW` z`pslo6Q99GohBo3$tswc3UEL{8m@}$UAo&EOHe*?-_nC4g3^sUo~$@*Q=6FNK4O{I zJ%?@dR)&Jv%bqLL3MoWk(pWqY>BL$wN)UoG9pBtpUdGi+LM<|32(X)JL+QpYi${Ii z`f^Qp3c4^@IcjA;0CFM+MEWfhi<=a#pXVj<$Em*zZO6ch=Rz_Q7N?su za#Up&*7-)+Ck6wq1G$k?&w7T~&QrcVOY_G?tXB|4n!wiq;hG#MhB7h@iPJk=;_hqq zDc4W5R*K68rBOM!={hVk$Y89}uU%Q(0<8@NWa|rCch)@|pE3KjDk)2PfHP#s?FQ{< zp)Kh9RkF)MWSdeIN9hfiSmHCt4aUWLl9|?PMT8X2OvFr%d_+o^F#@6CeoMKPg!4VR zgB=FT1X7#hckUmvtQUNR_(+6X2HBYCGqT7e;;Im%;-U8YIHvT1BRJJkAC}|vj70*ZC=DV^90@83NtqG`%uqws6gM4@81qzdyKqCxO*b?)F0`z zxl7Us-)Tc%?)cL0W#fxgaNw&=rYCu0^L;qzC%@sCf89KTO zk+=!50~*xi7-B(!iSBLvM?{$kEMgdBes{3w~W2i6>kl@n48c?`ZBx2I%jFK_;O+b ze~~K^qk`B3HWf9groWy2=X=NKiQ%E*vv>r^yAG)D+QJwsU3_sAs)7&tJjJd#M0iFH z8Qy1o&!~4mBYNH!ek8ds}l0(fX(ywYWLDg31IR>s2o`nb69s5x0qw zX3_Z-S_w@U(kfN12@g0cZgb{iUbNg_)Lnyiv@9K?`r&hQ;GFrEzSAzQetB@Q=ZKL8 z%L7Z=z|=b)Lz0MFkyOT|PKS2KKe?$}RFPajo?Ha$_3I|v!OcUh@xI?KE2_(P<`+G9 zq0c@Ssd?KwLuvS@G_P8i^#!x9*%|BO6bsOXLt#Tyl*8ZTNWqKOC*N}21*O;Bv(y&V zUB5JiG27M|mA(Ev%O+X#Jjl8dnTIO}WpBWDU221y6_a;?>1!Q_C^qRto zS@KKkzRf_#p~Y82D+TKcVxO`^c`*6Pjt6Vly66xsZKFpzsc$-*pA*aB);%2D))%8m z#{#gGe=MXDnR`okQ@r5zKqFtlzIiFL5H`K)VR4=RPNM7DVV4*bNy!=*dU>yb=;fG{ zCL)q`BR>DJ-w$(Mc;;1apjj`N79NgS#H^<&W-q+VwPTtl1X`yKw+^u+03>j`NzMR5 zk~Q^~$hb&$5ht|W{Q7Wkx~?qdp1hXRSdvis^Ax+qvS+0+vVfq$RY)Xg;$ZvzYjgt3 z=nESiuc}lRf{!&retc$>D0mc-kT+(=I_0wyR0H%E;Ka4f62(#U#?YbFzq6ZFLb`Dp zkke)a*vZL3Uox&T06uUHJm6TTz1A%Sow-}$$fhaXqED~NEvg1GeVXpd&laCiQqNw^ zdn5KqBzP=iCC&0vhWu^uukF)(@}Sd`{eE%LA?T|!=N`_^K-0wDLSv6K+lgm)o~g_N z|LG#~%s7uDO`?X2%ZpXwF7+ve@awPPplSd`FQti{^=yDVuPlla#!4!kT&c9n0adTv zMSI7kCNMOZgs34G#dZgdx$D@yLW{02wp|WaBCI&8SbP}fJ%W#Y>hlBffvai3ajEgE zSmC|sk>3TxAxkG`KUuo+Fr1Jnl1u|<0>X;}MIb90YG#Q9EAd)217W~u!Q70WwOCCd z#3J}!NG(_d4OWnL7ikn2)t?J5nSz&Ficg`iDnVz$X0GRBGKacyTO+8NNsD!waa2N0 zYfqb{-WKGYSSU4aX#hLjwMo6cRxL$k&xw6}!yLFR-?6oO_1dM}cN1yin^@ZGHuS(;Lsx2(Kbrvk%`GKqfyI` zN;SSI(`7V-FxExEkSk9#f(B(UXe_$)RJ#s(I9Ohct*lEI(qtfaV?t-X|HUKiwSY?EB6)lP9^FU$+fa&zJH@yS!q=KGlBHjlIF*7=&Z)4kQ8%Q|?+m zD2B!NfLlXI^Fi?}be!{XtuQEhod23JImgT(=oV^rRG!z|@XjP7&}i1*{v=TQ(|ap} zFW(H3+&xfkbqaTDqr4vCGAxwZx~H(Wj_2T4zPL`Uh4Kl3moktiQBqHrRl2U{H=oSL4Y%(Q7==%zHdwQS@Z~WeK|<;MU49Xf-KoXgoGllFPV--;v#j_ghMxiIPq4 zdw(-hjazEn4N`G@m?h`ty__?wyxlT9DEOfw)>vTtPEz2O>gVwqX&EFBWI7Yvd(#npkPx>J`VFx{dD!)TmNbJqN7GDY1kvT1*t*HChx7s!DkNHRQ;M$*nU$ zO@fse?P6?)R$PsgUXE1*+*4IH=Tf!aA)a4l8^4A8ugMIy=&e= zPwnw@@o7$YJ#L}~vbjIFHeY^3lq?lox6HmP_!P#;5*f)k>l%XHyw(J%6^*1iJ>>0v zdS$I99OU-3zV&t^#P%5N_|k0{I>9c4TTP@5Q4R8Eh6oSVJypMdZpXjGxkkUY)YYPA zE#PRtSwt6t&YWcRYV+Noh1O}Oc3c8me+p^6ov?Q0^>ZnbhFmkib)Db}i%Dml(fRFQ zR!&|2oQ&z-8DF3|I8lCNn^Im2@!Vxm=t%(Cx-OGGe}#|PlY?&ay%7-_TVMZ>GINkz zalp5py`$R`y&wfs@Vef*fKbWf7rs#|Dk=1$4N!Aky-G-*@!GzdHh!WTiqmX|GS@CC z-KK!uOkH*etesPwa=7uO*um`Q3YfN2#2Z>C#Jb(8r>ec&7CQ3)n0fQaR`7*6ZUPTZ zu&=?#pJ_LUkqo3{L^Qu^8L^tzZVRo0jJ+|Mbj|sS;END;Xuzwdf&#+RaKubj5C$kv8v1HP9C-%Yv&hVl9QMX+>q)(^+!$sEe-V z%e>_?YxfVAjzz5tae|cUur@rjPl@mq399g(}WQ>khJVa zXbJP;z3h%&{b-wWmvxMU(a9w^JLTuP{k|8?CYDJ;>{STE%sXF`L^hY9p>aPk36^>F z)WtzM6+3QfAdX+-9X?!7#59BG*4Xvw$H#O&Gh8}D3lT(J)d2;+QTlI|OCtvA4M5HM zVa8<5D+*}5@K4Yi1p9qZ^k~5LRi`t;V4dl@AUkHpPWq;JSY z#U3FQ;e?{7o1j;q98V6;3!$7B8oF*n(xxC5CT!N;L)&Y6yS5gThhc;8@EILtu8Ox+(p#cd%rl-nrg`nn?;^Tnt#vXLFP0c&m zPaU)Q+jV@++tY_@fSr$E67B9cq$MBddyD&uL~g(%KI0%R$0Gt>2NsWP$0V$_h1g?_ z3id85(u}*3%H*!xQ;SS5{`J7O(1rjugi`0|c3wGg76zZ6SBkca(CExS4n`F(BIOTl zdzxR*$VL%W*I@giOk3^Fip;NCkD+aI>+QUO+w7!YFB$1wCi=TOc^}5jZzA?&*F$_h z<$2{%WK9zl{+1?gkwq?5Pyq+P?71k3g>tn>8PXGpijzPN?oMts6SSifx}in0Webi( zIc*c2g)6^DG&j5Ers{)cMuM{mZoAErr#U8Sbuan8IB~H^SAOBb?)LG%f#%M z8DX{@GYYXDp_ZX?cC($Z;Ez}@d-@9Gnk$iah-n@C} zb=5Y7D(6*3-y2a3(-WyeJ+*5%gYk_U*Ar%gjG$q$zjDvWQcZCpX_Q^dcXCrzTU6KQ zn;AjCid0SYz)?ue@9>b~?=Bbd+RsFh-#;$)jW%OAv0;may5E1{vw>gcC7=#(jNdwb z33Bmxh5K^Q{&S@W|9~&!@zGxK@^to~yz09#N1h!gFt6#d>IvI$Z*pV*g zh2;3f~#t2h(*{W}rEaY`>zS?(YU<8iAgrs#S^`29b1Y3LFcat_N4l{lS z9Zhc~>$kYDfq190og@|L#YgDIlU=;J@}IlQxW#&YL|M%XJ4P2iCzdfdsd{@#*3xSM zt!Mi5IZy3PK?oyLHcGs&_TFs<(i6O5`cV?vY0g0${8f?)VWc@Ur!8CMc=LAohs4X5 z`@O7#^-D-`3wgLdwhU}AxlY$5A%DcjmtFT`Tv5C);izJF9@7z}n4VhD4P+tjeRsC< z5RH*J$We`H8&Q+B>t2Su?GT;y{ZeRdlAv5A=kkp_od-*%l+_akep`w}j1 z{oxLbQIA*RNg@qkQ>qyR>!E6_Ba_IG{6?cWfn7L;Xt6@=>EHjwJ1Vb@*YN>Uu1gK=Sx?>N&ClRYtP8SCAba0TG)|mXSgX1w9h88)+^u6zN zgI6a?H75=qMv=#os=69)GDhL|HSg<;nemGrs};2Bu1Rx}O1{aMKy~@5@O&_Zs~LDE z?M3M#(SAQi}UTyYCmjk{kpr!KVQFVzq#di{P&|yeFZ3qjpN+t2S~2^BhW{ql`oSE3X9BxL|3c z9pX8WCr&d+YyBFJ?FmKWSxW~_=-nJEXy@0CZv*qnXuhmz=-Dcz$jN;M@Ii)su6Zyn z#0zBA$n_~PhB^=G+Og9hj+j9V;U^oa=*jAKz6=OzXL$7-(}J$@2X zhD+9Ux4mSef=l%VM~S*`c~-P0t^BThG;E2w&S|*D%_W~1nq%N<^eQn}soS|6@2{kZ z^tjON^iJQPfO#>>yUx&#NnkiRdm(+Tmxt!9t%zT)f*B~E+bkd#dzZn2=E~0kPlfH= z+>O^Du6u7JO3Q@CyY@-_wQ!-f73?##hQXp{w|0!HNo|JX5iiYDSf(#}-K#-`_c?vE zsv-?u4b>TREcrj5Hjq?piek8P{;~;Xl z9_PnC?aX^3DgGFtc(T4J_H?#bt%}|@4Wm%ZQQT0`eqVpZY48p<`iTu&ZAcq|jx@>t zT6wz^pQVXX%!pZ}LHgkHs`gRaev5JjJYK~qa2 zRWZL;zXU0Ji1uxPu*xJ(ajT_7?rKD)MqayG|LMV92H_Il^wN_2UjMy)EL81U&j>{xbr11 z^R(W_nGqk>HXgPssAW)3JKkQaW`_}UWE2}~#xsAUH1qCcZ>m7Dq8V#IV9DrlDiA3W z+ZxQuoBuvRL}X+w$o~HMOM?lBOVm62X?0*lEF`wu4&Je1Tg@JtJim4za1!3J>~+{j z-BjPkm8(H0>t6kK0%v8W4nMk7b5T$%Ltx(LINYZt-fKfWjI2kpw`3lfGiUwwZ}m>@ ziY<3&8waUdO>i|ovbNo5Dwls;G^;9rw*Cp?N{RW!fa6lS^5X4&pAziBhzipS|9jT7 zgS#_a4L)0YJyiPa5iNtXG>nfku` zcp$D_%tqw$D2el?8Q(TENJxc)9a<-W>wHb<;Kc2s47ucoIl8V!<^KgILD;_IYSrCv z4PT(Yc7;^83-zSOxW=pZMufs?tV`g*=GTm8I`eB9}%&epoE` z7rinImi`*Bf`l`Arrc0kV>jhSt+tAUx6njqZKcQ17HZ(1U%fnj$4ywTKqC%P@y?ss z!`tZ(oa5UG^f~}t!gD`05sKI0(}t~qzC9!4ZKn!nht8m1+u;EN7GvS8$rqLc=rl}) z@0Axys{zWS1cmQC#>F!$1KvW*8S{5)q%FOQ*|9NXt&W|aQGURU76=6samLsx z&9LmwN3NFk{HN{sG}%2xvJa;5J^e#$l1wZ)IuMV3H3tSP5Cax#M|~w=>lI0QWxZlC z4O4+Bg0WBRr~m45dJ&`j4f2Ww%h$0GP z^MuUrqpr=hZ+7kyIyI~BT~fZLNiM3Re0Gb$q)j%_Vr|T`sQP==LPhXn1Fq~br^NI$ZV&{x1c@4hvA=Z)DOWD5Y7bTgj8*a-Lm zC;EXk@W9FwtbLanjx>zvZMyQbqN7lYv94l+uYR=f94)Aovsrq|ONq_Rn>1G!?WkUB zZJtv)5n*bddytBE-%Q_rbGi=`1Mt8&WB>Z^4=$WuX0vj*`__g2J_T3Nq>UIx@Q1h3 zw_cfboeBVedx9VGwYWMJ%s3v*D~qGP+NQ@ISm9FHN@7|?tmrF(?+D%b$`w~Bt9Qs! zBbbDCglC^;9Un$w{zPq}%DXEat6#Pq*21R`(qFzjJ%srRw8BiVU%xti>2dz*(-@rs zm)L4is6JP4#uyLQS!Ef5ue7znFhj=I=bughIw=7?2Od};RJ@#?0st+9;XeRe^0ODG zH)mPbsQ^9V+DyFp()9WiQU^Lmr?mWiw>2g4@Ti_f;FyC=~$t7 zYoj_*G0TI6c2tJlQrN{`@mJd#!{jFS)Z|Tj;)BH@X zsymqS^A{%{+e7Fp&?=b_j~t}Gbb0nq9^UFYEp5}}WKue(ns$Zjm|4cp_k91b;l*~0f)$*D5!)mM0MDB^4sYfHN9rQ;XMdsVBwH^TvEMQGHc6rrP z+ewXUj~7$_ns|J0%p;O&D2R-Y-A&(oanf}vKpz=r?9Xn`KD3vHIKc%yBcyQ` z9l~^4(-?sl9P-@AMt6Q#>n8_TSs-%YffXKeed4e;xo$#Ibw2?RVGV$nPBl$@M`|w`& z_Uq{n-IwgNXTmbl&mzVi3fKYb6;R>E?$nj_Dlgl-x3d>Ok6s$EavC7+RVknNDmO{Q zt7RQkxUhz^2YbD%oOnXr!b>mAzuG%EXPVh}tH)e-cR3t zV|I{5K1{u5$WILU?vQOWzB^2|2V!@SY;(3dB(`!n_Qh{@47R4<;mnLPY#@<$^*tWtZF}tjn)kZhYIX8;k-!a-)(XS;0hkMLBz_* ztlGb+J3p-X(>I@wei3v+KMhzQLb_X>FeT>BT8h=?`4DOnfTobs2Dhf!zrQhiZjwbd zO&f6byzS)Nknaxo{agIhfZe~9oJ{z=BfgWcb3?w9uybwiR*RPR-kv$R&!dOgd+($# z*h$U|+vyQ#&89i;Y!fj6EwF0UJ&hIrAovedS|K%g%mCqSgQG2 zJ}YPophIB50!C0AOSP#rX|2x!0Kz7(QL9x;8@l(&qwL+crkAGyE4h;c{$5&hhKny900U1UCWmDEPe9Bazi_Q zSk+GnDgr-<5E!t4DP2wj^7=Fsy_t`>&>t504W*Juq9Zdtyr^Q8RsZ=COzn{&^A1@2 zW{Y~19bwdB3z`Y`mv_^T?1?nMX8VHe7U+C-+0bw$ZD2` z?pz$)3=e$7qiLdJeV=Aa(^J^I7EEi3Vy>IR<$p!#ie+t>mK264-Kwz0?>Wxt#=S)4 zpQ>+JpmS%*_{_t`OD~>rc0s1yKDPkT2`oVamTwOmUMUcC`UZ;P;&tb>R25b~Nn)R> z{8R^*<<3|4qgk6x;gVqoofb65Xas4Ieo_27=sBUvz;hGvp4+oARqrd#*zo~BJz!sP zV(`7YgIAv(Z6hEORUSLaeAq#M{p#fPyMrCSvD~||CWNXtKr=$OUYVxH?0UZ3sx~JE zpRA?nT@ISg~i?M_t!*PdmTHWSiO{Xu!&|45U*!ox$Gf$tx_- z#QFwmo8@!_%qol{FIf(B>`>L#tF9^$BXIfxsu zToX~(7!3rSc7P5s)|y40XsemOQ-!|c|$tr zoOb3g0EEijRQ&d}S=XspaAwHA<;>ulP7hypEcv4CWB`pC8jl``L!V0YcdpI8^X%{e zUm?&SaDXy>wqAib^|Kb~XRS@GWATy$)FEiVVqJSdQiM`jRPD$1yC>e{Zmtxl_L(xv zk0@1@KLW|6oyU+O?ttmDvHsjTVU;H8lP($JNGp{uh63DZ#5(KKLznBlpf zo#U({B$A(2h&pUpL_;G0G<+*5cya+T+C%2*MBMf)OcNpg z@b>Kc?j4>ULR0{Vn@t-<**+37#Z2%G6HoDNM^4JWj>qY>0;O8z*yAt<@w)sDLaQjR1EDzE_M!uDr4Gy2||-07Va}`s=Gt6@-tKX?t-IN6hA1>eWbYeNR0ClaLSJO`n;x z9sPgLx4)n^4>^v6Hx0dm7E@YTg`(e$Ap*VQySGkr|EsmO0Eb1sXb5JGC zhmUhU4eHzJT;v|?V9e7{ZehRzKH<6Ff^n13gW-&5Vm^G3h{3S|0tcH0g;x(aNWz+# zVE^I9Y?8G)l-eC8FFnTp@k3iLJ04z`c2oK`E#FVYm8lrFB2mvy#QW}~uRM`#C;cj9 z*BI$r=ubchUVJTLunWYtwQTNDMsJP;J5mf#G+^~@*hds0eYrrthSn}h+~!-IP-hPo zamr{Z({t-p;CWpgEU52Q=l;sRV&(~zZ+3R4wxLG!`TSA(r+3m>TSK^G3ICE~$s6w( ze9!La)X=9FTt_lc?T6S0f0K)o>_%Jibd-rt?5CeS9K7O0{FYEps63A6u7~RHnfW#A zEUx#Vb-0C^$4&ci$zOpNM=3~>PAyZGfqaI1oa=3ycUZ5efKv#8KirHYq8g9zl|dvz zqN=F{h-noTUMnj`0k`E(?qvIIxnJEoN?vnj@B`pTlHaV=r(135g6ssQb7n z_dM;?x~<)JE}3rALW`I(R~^%8dCg`-59l8q^vXwNJ)D)oy^ii#Tn@X4L4yr4SZtNf>Zh3YhuD0gU$JmXT_~b$M z?bGza7M!qbD2u}~p3eMJUAN`Bn1gb^iJ(v0Yyq9t9n6_@mgIBM8|zic56i(VmrdHq z-He~U_}$bh*MqtTW>7R>ff(TO@JZD=2=h(=;sPFU6#2wn_LTqdS0{%2Z=M-`-?`zJ z9!rjed0<>KW2m%%gDi(yjxup&k{z@gQtht}vd53ag{?N93G_kCtZs>*@XJ<@-dM7t ziihPUFa4=|paTq8bRf_w>q0+izrUWfx*h(TTErILvRvzv1%-+iMdnE4+4MX?6><3H z_*-ACE+6wXVfm<~F2>5{Ew!(#Et$DTfNAN)ATxQUf_-#9yD{_ol=GwHNADZG{_Nm^ z?WBq46$LK?+lVt}*4w5=^ zsqnOF^lZC+x%ny5v7*+Q%)>;ZN={T>e$AexltUhR7_1eA@KM&4w)no7?;Xj#rFtM` zmhs?o?^O27RC7vaClUdcLMe)GXaWNkDJbY(S1qSJkF~jb*@xKf8e0Toi-|=XgCeP0 zT1k7|~2af>87<+1*J#v_O-9Pw(?c}GvX#3^Ik`rM%Ub&+$*}py& zS6U2!HD@N+NB6{coDmOh_obYvg7T+{X_Iudx+7$-HHM$M_m{uVi)M}}28+u%h`kMK zwH>i=l9r!&lW#qcx5R~}b2wWJK{eJ{$>GiUt;sE6z#@j+?9*W)WPdMFX+W75M%8^B zB63fcK2Gl>i{(3uYeh6`dVI0DQ}J2;s_qe$f9ir$1zllYK8jJMvtqUo3D~gM=MK{+ zk1~Jvf9;v!KYRZ6eIuKCZoduE)DKOb)ky@LOEdBG#G_ED_}G4WZ8m&xyZt9ef{CQL z(dYV4j3t&66{-u~Pib#hvW#TK)OuC$_|`EMP=_}ma5KL(ZbFs&- zjsCH0NU8CUCb#WStma^nZAygFnZtJsHQPFZ0Sg2`2Q$tXC%FOUiKaRS;SyjYaLPCn zj~s~SygAGKg9o>M^!%vzj#s_o`czzyw--#n)%d#N;| z9d*_(Y1!Zl0=u`u<>&lW6ND;arj|bHSVSLD(w6>BbRrHzVJ~p zP)lt=%YZdUDEBxuCQiYkm@6NVw95F4WgU&mCmzvCMkFN^9C@4 zP{`w>D0(k$Eke=h@+qKvmF}+fdLi$-5c5 z+{OOEIk#ux6Z_(2#~B6j>kxCvr#{ze-+!n2S#j$Yz4)+h?(Bo|aF~8@A#*hL1B!A< z=-RE?pGCHVa(d*LoWENf1((CF1$iw7dTUnE)jIHj@YEr3kN5V2(mch<1Y-vPP~h5( zJ$mSJqt__mUw3lwj~*Dk?#!U)=7TW000dUj7txvi)AD% z3jetNRE6tI2t?^0WvJFE)pR+5Sk7p9U@aHai4{_tSm}(ymvZi+?Hhu9ue7L&r`dB? zXAVZ@(h*h=ul}xlw$HLWH_JRf2Xq^;2vFeKOgIdHHQ?-3CkOxF!L2VpF;HDov4-DR zkg8UT^?e7zm1iPnv`sT{agyDbbrb=MF~-=Z53`$7acn!(sst6_)WWXNiC{>{&>d7VW!qJ`Rr_JhS2<$nJ$UI?xprdmx+=3_9n!8U~^+DU;VwjZG$8Qv|ts=&RpONZ*i|;6RM!1U!h%h3yQrj>}C98dv4Aj{L%YI zZ@N%#y_&;wIC(lC#Ze}nbhj_nnm@Yj_-su8Kv?LEdxIJt*MgBVWAW5xe9VKjEu%}j zo@>+fz>@f0Net@*@=K2-SfM>DDDa&-X{ z-3CbInX|QqiA~^vCVOf2$bo}N{x_T&{_y$j-H}!!Eo*6YY&Fw_RIRzHbV%GQ($&~y zy|%>mX5zCh5GmTY-j~h(j;b<-Ppr&{7Ig2z9`33(kb`lByv7NCYAwH z3NvEC{CFVJr^(JxS0&Ycyy-5mDXqLZ%W_2%F_uct5R>_KvYX6=2`{k%u`A;d4-(DeDv3F_WvqO%O9~RJ|7?`vC zmNvQXijt&7Nb~IRc^EneX$i!DwMjqx^*{^yn1{U*Q@5EPZKQ96EziIcQ_dc3u+MA2 z*_WRj{`iHhmmS~maB=HV)dqsGqfFeMWd|wW%fwi)M-IeTh%X#vw`bXNlZ-L;>{#4Q z&Dzn|oErSs4{m?eiNSW#Qr@pmv$x+&-*IF1#5kK~X!Y#V``I`Xt(89rkiJD;?mNr5 zViOZZC}3Vpfw*Oi7J(SB+-@Qyhk6OL@=IRPoR?TA%W5s#JX^AO1i_1l6wVm07ajZl ztb9sc@nJf54yokbMzT=H`f)SDDBoxK#(W)>=@q^*G3EPL$1qagr|NO#dtvGLqx9v+ zhxxNFn?ytc%`hv^%HmhXb~Jg4UG%+rpT6>0tI8BK@DOj}iKdUcI7)QZHdJ!LgAaqX zB9}$CxuR2x`nG3dD|M6NQhit7oEVnj(Sc~?#*h`CX%K_~t2#%aRJ)9|munN}#g5TP z#CqbQ(^UQRD5blGY1`ttpY;w{jUF;5zl%ibgsJ3UHXdaNZcpb=-U zIyHD`EBWG`YYER!x@`*PSw4#gNH2Gh=F1{UQ{9c zjrLsKxvO)9nmud%T@0sV#qNB)PwrcqHck!sPh8mg&fQVjdgZ@e*sJJiCLSASAG(`; zYJc|BID6tKyEAJ;;lKY*`pcIl|Kszv&-nMkT6tVPyu*L|{;d}u8~pQUjxJC7Yr{$z z`|M%15=(OrL7SEZ++k79HDeN4mD)5+t+Tcxk`q(iZsM8So;{?_dZk=X7c$8StA30A z_`0LnjXYLlxC^(T%BL9yv}>Mn+2pux!YsQ(I8xQndbJAHJh!vv@@-oX^bJ@bDlo0K z#*?=d0NnzqZh^-RE$tfLe{S@>_Y6-Af~lp6V1Ip(zWv7Z6MN}%6LEc-wQ13r3Gv=r zvls91pL}4u#mBPKL;kw61HpEF<*qUwkb2sTUkO>(mzD zk7vi}fA!emfBVGIdv4C29d~BEnsa9+{^=LS?LT)b;oo>>_&+><`@XF(YRx$l!M-p- zrxPyR@E-`BZbylbB>+MN9#{ludWcF(G*|Ftj}?Cz+B|HWY9)K>YGasGY`MHVlw@wV$KYiZL`B9g3t=S^>Q}L^pCvSeP1A|co zj~!-jxitCF3tKHecZ;*vo*7&kkN(B8;~rXaCPIASFn#5TK?~1&&_kj9Tdt)^@ zc`&9@D$>3mmRZE2FcHi+Jd}Z-Aa;a0BUSAOJ~3K~yi)C&va;`Yq1>=I-dVXNEh3m$xRFcxEhq``Y+z*Jrm{IbP6$t5fl= z+vyLT@1Pvdj*=fdKe{v(e|~#rzIilYrb0Y7?Ks1IJFyPTsq?T_ealN?IwTa&#A0en z2ceY`%gd*yQKno8qVP+7UBHl@_$f*{w6h2aL3oG?V#k*?n#ZszK*h^W8GE9<`Vw$y z0}vyN_V~n+fd|%0j}Ly}{OF!eHxE{Gn2HbHo&AevkKTG^O4fSC7~7wTKe;{I>&Srg zvg3pA*&W^&NC-1m%mlkM5tFR8%+Y@VA3&}`LRDMQMqCR#OVvpZGf%)Ccwlu8{q|N) zVG~~xozC3y{_C(>qKS7{=Wxd6D|TJyLG}DN&(LWeZ-Ravi-eWhkZ>yrn-TqrR4!}_ z#`xpfo2o8sC4cAM(Myjf2~|nHn~HbcoWAACtygodPQ_o|optr} z;{*P~_iaDCL)IGUg|T4QyWT|z`ifCYgOqMS!CS3r;W$ROEDB}rl6j>hF;oqx0UlUj zle{wXr~DN*I=EOTHAJbsa3^6BfM!W@uh5`jC24pjktqF8*O2ud|55bXkx<~hCnWA~1d zH{LV)(qlx21Q*BYPdz#QcUMEQUNOc5V^?O`=es)>Z^+pX-8*_Oh57=3I`F^(YfPh4LBTsm+HH2V8l_JhURV0Ls9f3+s#;opNwK~c zMHv>TaxgNxsAbx!3tr0pT6k14R(`uWLRRHue!+IazW(&^jrR<MjB2wvr#af9q$SJnAk9t#Ty94apY5P2WZtsurgbJNGe+s!@6V z0t%=!bIu(^OBm?LTRYJ6>oIdoD)-`jpnY8w-#O->Aw61`1FmSeHUY(BfnZ#qxgJT{=HVJ=S6pLuHhfxBsl)+@%?jal}@QO8OD{(DEKh7>E; z2ZAw!LpPf~3V_z=o4j?dvg$oF;kpSxR}l2Tf+{FNt{$s#R-d(^1SPWyEE}?SEe7{OD7q%j!+jN*o~RE zG0pC&3ohnwg?Yr;-#fqc^B2bs?@5-sGx7Lgl?kh^9ZBBP6m^}xquio5>bh3#cjkvh zx%2RV+Y(mmf628D<;^Ya_!usqwfJ5A4Z|ns3vqpYEj_h3V~htMqf9V17rj+JvY~qd_nxm=NvkQRhtWDHQh1+rSx1a{stGHix^q zZ&FsFmUFx;szWUQ8GHw|NDeO%d1iI>{NiKDkDMPld6rvlPP1RVGX1@4(}Of@Q9VdS z=cgvV;hw<>k{)(}pz4}EJgJC}M*wZgF)rKbKiiYHaBx-r>pPg2vivGu8q9}w3SO>M zxqaET-%hIOx(e)CF2?4%(DJ}qR5JQ(32m2&`gz)0`IWcUt>D~*yzZG{iVTf0u1>|n+g+yNf$iiQP7nX^rba}x@X0uz2xe=PE%m>KjlDyP>V6-`zSf{9LmQkT=MDSnlPGNAzLdyET-=V zq~i(Ld~j+klS=_Ay`OvSsD@-IGkeU^n-3U3%mWL6Jo7b@NZWMx0|YH7tfPQ>`09to zl~~X14>zV&&Ofg?Gkon?TI*Phv8iD1yPN*T)yZ>p`yYegFk|~&Z-E?f_L|ccyF`QJ z&NRC=X)6#G002Zr13#=Xm_Gm?kQ=!IP{PeR6+I|qz`k2)bB#{tSrpa`+l5PB>3@eF z{%TMaAF6p8f|j}qTggveDEp~&Jk%6IJb5I3{mSI=!x*erjIq5`9B7zRyvov$^H-c0 zJh+v_VH2!oCYax+>y~a{ z-ksETDgayHfdveqHDQBg-;})nO?7++lq~>ZGtR0uU;nLphA-M7HwG9B_Ul(BAGr$; z8poU)v9CSV7bh$LT%d}Q1P^8klt-#MV_MXpCY;!G4}b#jzyfBJ_w}kYoWGsxo8c1! zq@z^3+58=}*GWL2ob71tucz{T2&+ao=g&=qDumQS+sXHy+uBZ&d@P-oQdY_DUY)-E z#w`5ES8Hy~vRgAzD>}Y&d~(2Fd2;Z!>%9nr#nx+WA+^~urY9Tfqw=x|%%8#=dZijt zSyjst=Un;`o!D6Jq|`1KA=Pyg7UjH{;MvFNlU!eZmeKc{fjCo?)9A0!xr%}W+Q-isk(>UBvWMvCHaha793?()n}74!!4A(T zrIzid;%A9W6Q3=j@t9t;YV1B(Q^6)NxDmCT1(nY!e6rMp=haai z4UMKRUOCM)B(r)?LwTG}ra%oa^O~YjFB*_fAgCq&wYb0`%CC3p43jhGT6Mo<{cufJizyqrr zOte_{8n18)2@_1M#;Vnu?FnDGyLMj~Hmtm^a(~J$0S!>C(Ul2cbqJL3ZEYz=`p~_y z2(SGv1zxz5eBAP{@FmAnD5+ zO|KkEkXQN=G&VJpiFl=R4K>Lur(P_4vWO*Ag)9TPUvB)cOpBtqM26=x2^7G91+>uD z8h-RbsM;pLB^LmI9aTsE5n;gD*PR-?fd_nmFd0ofjR?uV89B4d^>Ns4fE0qo0~LW$q7?+@m%Dt z;Gnj{Xb#O(0egy(B7E0wUVKDhMRD`_qU3BEf$TlJoqX-7!7i~#-tWFSeczpQq7msF ztl^4SiYm7p&KYC(4wDDA_+y7C>Nu#dVHzu|(0yKj9;)b{xhn#!*e)c~>?up%pJ07} zG!jltC#dveJ}WM5a-csrRA2%xzQ(u$08ixGS2;dZ-~q3q0~HWA@W5&j zT83#oRBODz0d&h%wS(QQ2TC#OknWxBz7-P5tG zrEYhae9g(hg)Ks1yi>vc2rUX`%9YsRa*K$*1$X*+fL>BDm+P3zp6_RkHMit?!AJR{}lV5$!JzMc`!VS5-p5qOI8T=8IX>WDeKL984z2xzpE*cB zxgUA#s}X0TjpdK4+=0!b1_LZZqOe*etuLNWBY}6bXF)#W27)<0YH<;~} zgOXM}b(KQ4I`*+^;WS>3c2!f=zGz(+O9NUqU@13>EQFhGNm3gF`9iM-Hun{-_J2Df z)Y2~PdhdK2e7Vo2+r~hdxNA!?AL}3$)r7rt_q?5CHIY9(NWS{y`cDcxH%UKmH@!ZK z+5L(d1I`JpTl!(d_zn%1w?^j&L?{-Zr6jw9j zWRlNUzQ$FFZ6bAb->tuM@g%0;Ct};lVmiqgdti&bhS=t@&m4&N+)5+&zhdnCh~Gyb zZu%+(=SJ-8h~JvVUhctDTGlnLv7ElG6hOD<4;E|yR?#hiKV&sxR{L|ps;|2ASB;RR z_cOd^(|RSfEQC>@g>0?-u$Z}l-SGNmam_fFly6(TvhD=lZF-c?^KDOPi^x66K|8o? zb)i@nN)StTE6X_mfDkx2;IH2u4k>BZ+cWXeyXp0)qhHNQ7)uBhJUf;oJCq~=002P1 zN}20VHv-NjAO)@USfIp%EuvtAZQ^R+^rXU&bsOEZcjaT{0>M_xJOQLOBv77ypk+9o zJ7Jw3Ca)#tesy`0eR!`IXW<I}2>d?QcZ<@F}yV|^xRuM@cA(VCjk%WjQyk{^5gKhB7KV$I2f%LFV za{L*LF&LixvrTx8fDHzNK^E8#3n6V#&S{lbVdL!1&g{(GxuM=4H+Al+?h2=>&-b$$ z&D`7Fb?Q{?Q>RWPOQmzaRqsv8rUnpbvvlwpndzPB&L%d*BfU*x6b7s{Rk{XL>@n9_Qza)i0M+)~(8xaofrQ&tlKKAWpx4GdyBj;W zlSge10=hrqEk+~W8Ve#K#Umop(KQ4x7 zj1>ro%L8%gw0Hj9D`qOD1?kh%>4{GFn&YLgUJ*hjD|8an9zw(h;MJI@zg6HbBJMxM z>g0oN8lYhGJted%Up%<;aFVGHy~OO0tx`J2wm_vOs%C7fyn~_^j zbdHuFd^;gz!o&T8T4_}1NvLoG^m^~er-euF+@lYone@nL(8`PdR89R1{Dv&_9|9~g z%zB9A1`Sw#dNg+gDGC~}fRWJP^NkGPk9rsg2vWEdhF({`KjSV@ zjw;_PIB^PkiQ|%qe)5%j^ez=^@(4fAo~%qL+E7IUF*-s;pHhDoy6o0+gl{K=j917^ z71oZnLoGJzuKU{k;Xo0Sh3dY2g-T6yA9j)(ve4g6LyoU7@GFY+41#+_}>a8frUyZJwZOIh|GLsc@ zQjPMcN>AUr;c4>^)i`C!9XmVSbM^x5ws zraYl!zta_cjz1EXEhiH4px+NGaEc^)Zn^>*u#hmJt|h&d<2-QyYC;A6xejXBJ+Mse zgGPQ4qD#mvC!F2C7Gah~YPV)Tt6vTj`> zMB})`>&H$%EQn_jq92w^paClnmhI#9HQCIy4_a)rDYtD~cdhWRX!+};4Zc@-u&mty zL$&sTURUY!HY`WD@RUuFx^%}vd%g|5tC7V_m7X&WtF|vQw%B!6|CEv`kF2hY+(2;D zkVUd4Q>s&p4J&!35q9eoos*=OHT)Tlon+bsEK_{+EoSh0uYMMKcIvlj)~kUZ)v&$IBAFoe(nS(M^!t zuLvP?ZF1P%9h@~vwl>gWWhppt*h?82o#FaPeg8at8ZSf1B31&!1B-@Eb%R5Ehoxje zL0#V%d2*5;mU{cN-4m4LYAUPl=Fkr%gbf!S;jA_%wUMBNqMp&5k=$&CMg9n6H&5Qv z{USx{Ox*P;#V0JVN(#$M`KutLa& zI;E64bm*1pSre~{lKrMeGsnSLLsAE8-iVgPJ*q5o{xM20MinpIyDkESnSS}O{f3^L zR3BiT9w-+Y|CjRm&EtF3zcNvlksD@__Lx}u{%caDm8&b!-Jyv>D6g;yCII`+X8y2H^~)Fu@XwO*x19%7N}`LLI9mzmXK1!kBZ*FgY$6D7U{%PR^NdoW zT0h5H-FufxWWbvC$XURSAUxI~2V2het__c#J6@r~_iEGfIEKi}S9)K9J+XVpEK`ut zNOELQ^cKO@L_&IvQkj|xKUlF_MBMByZN_K1KIwncF<>y$1^^GNzL~@wofad%9-^@W zinkU1C#0`?Q0nW(>?vv*Z(fC!0o5nUsUtO}1}r68go*m#kH3~bMPRellA^R9cwo7^ z?5y`smuf>cJrmzj|2w7wIaL zrC@%Kp5R^F9%rQ(j}nVh>?y*2+}YQ_(SP1PLACX&@8sx)A(Jpc??h;2aZDHY&I6GxD8gAJJz4T^ebsoMebTB4eUM^788n3f{I ze49PuvU<0I3;ff>7|b= z+g#*|c*UbzclDoI>$FK>A(ZI$eSUD6bzB-EQmK3NS(C<$DY0{ag)Vt)#n}R=PvzSvH% zdWbS2$D3*3jx6g{ z^b=C3**f#+a%Z7D{#S&osgg6s4R0azmw2<&eWKYtvf{1*i;}a(M;613x;~h<`27$w zYiEpCyL0_;5@pC|Qu&&Qn4=rM*_wXv6c#5)aC6mpmT0>5O1LLa5DV+8Hqe0O6v5UK zwhknpf}H(H`V$f_x3l@ucn#>!46YU+2$F~XYz)#{)`1ptcl%ll+oxg8ua>&x!6j#{ zSA>w7N6(umk;KjU{I@po0fxoJ$x@Fp{c_hB!(A(%OFpL$52}pK+Hc$A!38 zJ)+Y3wlw*(nKJLRDZi>oIuR+T=d`!2X!S{ok%ueEpa?lq+1o0fXm*<}+fM?VGf~;p z02IN!!^r(how>Hl1@OGpwIa7C`P2+QWwwpNNR;%m1x3p@{RwW3q(CBCXlj6Qy@8&T z9VPUZMKauzdV4ey9|W05C}Z@)QUn^Xj3c2|4{cbQ(#v2N`pSX^o8WR~5F8|tBA~~B zI{@pN3bEK>hufspElcHm#Tr`Bj<-!qp^%10FPT)kXEWL!%Tk*W1OMB@TD zMrsd=9WIgztT|R$Dby!&m|%SV8j(-qe6o1uNk4zk3aChaO<~KbZ@Qc|R}+))m%iLn zM-d3v()Kes(q_#v9YF}qfYoNq?EqNkO?Wdk$&DpzL}R#I01BSDsJ}?lJJ;efmdyH7 zGyww`idzK09}3>FD3+62m12xnHfkP-+oGeunqwiNa117CO{a+UDiP|&q|TA|Mg&1D z!qt9fw$)v-at4}*QyP_Rg3-iPbL&FqV9VwGgWIQdE4=qoP2(&PWvS@qiLS}=Uys1Y zjkgKJ7O;P?2{d5YLPG5Il>NgQm&AR|JyN8vEV<$}03{d6F^??8fh?%S@7owH{iHe& zi7)0xZ7C7MS7P@#(kA5zfOW;1N)=esyLz_ewgcSDW{k~dL)~o8Gb@VI>Nh~HXj3sU zHhAfP$XVNM4S5Af3Ct4(7NHXc9p>p3 zwpfl;>#dE-ITNsqDR(b)o?3C)e0cflY86Z~O7@U-qyDSPMLzWidKo9p_atPBQkq%B zd{Mew@bO8WH}c$_bWymZ{7(ydpr`ru6!T1HkzYa*8o*xTxOhEJGhAw#1c%e4;SWR~ zK+5;3BLfH?SS(m_rixKk^H&$Nt@q?%+=bBR`Jd>A$9k0j^W6crEmGf4t_b*Qajfgg zza}<3Qow(|GkVE~jHx*Sh%%Q@tIJAq0^y5SS8BkFlHWMIVp;@+c$8eesvwO_3TPr}pI9)rbfIVa6W)y@xUDRWxnpV6VamB_sgyKn=fse|GQd9;0{g6g#LC z=)me;K-KCj2JWN9fW=cl5DL*J1H8GAKQ@Y-W&0%SRjvnF)ck0~YGu5%S=3bFM)V>f z-!7jG%Z0r2z*EXu*T{F`aovN!41@It*XlNBjt;chqT4~32qA>jDS7EkwMGGLZ#mXx z*ExOu;HH}Q%n7dozGY#*s*WQ4s)~xkSj?o3h?KSd*g)`z&Wh8o_xo58qW0W6C}ol8 zZQyrEgWffY&>LG5)t_xjkfw~mgNBNZ-;~?wn%lNs42YuXLj2>$*2q(Qv|1 z^~h}($)%t(nlqR63T;@3tDpf3;R1U=*`P+_!Pz(B7+9r`x4Vlj`vCP>U#AyOSEeeS zX+cKZzu39!M91O1o2QLc&K~m`9yT%rL53LF#BJ&+E?Fvp0qeq`HV6m+03ZNK zL_t)k>ZuJ6lr3fF@%Fsa!SgSks;svnemfs!jsosp$H^1NO4Osue*!q<8j@U-(~DVV zj*_$_%VROCwI=07Zbgr`UIp{TVy>_a{~j9K^MXjhr~%8l;YtuY^3T^(pqnZW&a23d zDvco0an)`mg)Vdd2*SEYc1%^aHUPO_&9%GN&b3dpomKs0guoa3qc%Y5Oljt z4ONfzD*EL3bTL{u;vQx_uz0^~=PE^JU`(N>EJJbK-=K0R!%YdCU3Ul5>|Z zIWjU@Da+yRgGj(%re$lVWy`M=w$!}~rz(?>!nfafqI3I+PSf4cW2cN&E=bk6J^m?# zWX?kd{v9coLC>M*+(gX6Wh$cET$iot{=zLaOd+c1_K@c&f6#F2|T6 z#fM`5O6T?y-DB>CZ=bHvi>E86jqw@{?efM-BE8LWgfQurfEUCJ^j_$CW1@@LX*V#O5o1h;p_ zo)2GsqxK6n_%{FZ(<5FbU89SrC5!w0+CmdwM%_l!LOH-CETkkD?4Ge7MPkXU7*@?G z5W7)3jjdAZQPOp*FQk;5Hs-y2re<1@0FSS*J@eg;yDzS5tKQ4kRvTPfHZ6QPQ%t~q zXHX6VLFAC`hm{7JdJucjXTXY^N3hsmb)hjy?xa#ZhLwjT%s4Y6;Y1Hj0`X-%9Hc$+ zWiiro?b<9kxV%IYUIs>=4=P1;oho#_aKWlLL52r@KQ&1dObXaM#9tp^xaSRHU6lt2 z{+@)8O$|Ek(GwkDRkRp&O8(nPwRJVh7z3i`qpj|)!6LbTL)CC^tM(iP+L1IjS1#(DQdpOYpb^9y82-Oi9wAQv=Yni*f^ z)z$5+9!7MRXpwRZ=Y43sqA99{)6fI-W|ay0V59H!?7|h@vKUh}RWG&J(E*5|-hf31 zZ6v5Z#uz2TFj%Inz&cYbTrnx3rfpa;mn-hwa@34WiHeCV+ReMvZ6xI}DI`|fUAQvt zeD2xshtaI|lJ3v=&4~dXwM8`T(Yi-YxOFVvCDYaazRslk)v(Nl75m8*_RT{rccZtH zhDYAEp+3gDBh~Rfwg|%w)QrWy=^-l7Q8R6vWyv$7@XS}ulFz#0v$b(uAG#*8z&!ZL zV_ky*=L$GgZ@mh5y$ze2xZcncE)Ny+^p(1-Z-tVw6vN~3Xw`L~ZU?lk#`i(FVz$)1NzXe< zoU&lOb5mnH*^*McqD+WD;NAiLJ(>lk=^yLi5ZUC2fIO#XS7-1#2=HL{?g|EFI?2&HNE%xJtkptU6Y z&Ytvsp`jo~)~lZG`o9aeFSRxhtws*Ls5f9SH|C;qp2 z8|8-$div-9dr>`@nSMdqKaV7lwi>Ca04=K~9ING06(_oH-%z`wkzd3kO%{;c)V+v7 z?G2pLl%=#R)uLL&(L?sswlskIZ=xP4n)kQw# z)4aNJLF<)1+~_NTV}AV*0S14&D`!8Lq@QwXBOUC+5#3;&gUR~3cT&~!NXG&D%9uy~ z-_4DU4Oj-bxpw!f2b-p)P{??N{*NsU(^8ZOeBVV(k!u_W8m&SEp4L`8j}EnLO5Ml@ zk^?kgfy7vYTNdb?{Q<^bw7T}HwKXHvEG5ye9Be(fm_5-x~?#ZcUW55f0hmkUY2*lmgKK^Zm0F2eJSbD6>7J zY*1$_pCkR%#gmokiuF^DvnMJ)x2dtJ3ahT|U2K18zsv4d>+1C9H=+BL0jTdEf*`Jt z(WbGzBfvoqEVuyfKJ0#v(hM|zkaT(cQ2>0QggBo}hIi>lG$L3OzBpq2)P&>_O$Fg3 zq)Hogn=G?y-R!d_s~c)7Pp%M4)^}rATl3z!vGJ@44_X}YuN`h5x8Jobg)3)jXO7!p z{j|}SA&Ed<2(h^7mYXE6pJ)Uq_{f#kRNjl9f?Y8EUYhaW^>pIg3`7N}BZJs6AwUSI z6)<3P_bdQu&JtMU7X&d6jr?;R>%Ff0tg6yWrmIzJ%dJYuYu46YJyV^o!kRe!c&_z- zjW*r5v*WwV)1*;?yk7D$oN97O@>k%qecBv27j$ zeXn#r?;(*=(0?ki$r@6`8!P?t;3^r7eZDO#nJ`H&E!%n?B)}`zRR8f{v(+&zM=qYb zs`i!*wUg@E)~h0``l9|j%`W--11kqtoQ;0f@aP-X)y|u&*l52>>aXk_Bkc0lDFgg< zYGicU$H58zZ%3MUEVLcoK6v3|<+;<nTt4u42#RJi{0pf+|Md zrq0c<-OEu9s+9cXy6W|FmhE?2SM%PnsqyNQ>YUe$_C-l`BXdpu(dEv+9BLhDIol&m zRp_hN*3KIDoM=9Nzu^A=i4EQ^Q3AzbV+JgwND~MaSN7BF@x~I1)9NSbG)A*sjY>bP z@a}=&@7caqFzbOSzd8Q&lJt%g1Xr~X5y05eki0OCf4Jh34(dk^<%?-0ii5g&{Ymw6 zCn~0;5Ma7WU%#&YrVYH-D{VBp?7K(W_bu7EA(I1-kQc75Ua_WHvvK!eJdT_w8p6ST z$|;8P-kMVHcK{Na_Py#$k-K-zw+5xI74w}B z$a78fvys%%0*O8oX#EEa#T=3Uh)uoIm z!l(yUB=&K+hZqpp+ji}hTqU}-f^8T<_z-O??yQbJe|7D(C)Fz8b5o_{#WS_v-Zn9` zUd8wfGD1!Cdiz(p-#)T(?+It!ucj*WRcmTj&Q#s??s0sybgsN?gm)8|<8=`UkiWED z?1vFs(c*y>YAJO1lg53a7wvs^G{MYl50|t=6%?>N)3C-}8m>llN_Q=iuSHp_0l_F6 zB!{RxYZv`h4$()8N-|7N{9bqqDlWCWJh;8ar6zYOo|(e~Lk<{_0!+h}tMV1T% z-I#g1ppl^Rb)Y#Mrc&W35-*wVqZ0}O{Uk|sAxoW;5 zWXhv&SXVz|yiz!a;4D-|Q`ZU|ESg3w9nMxIsgp?v)9G1P~r=Zq=6|32y`POg9j<;y(LSfqJOMo2J zt)Oh7#+`ZPC|zq-0x2E2m!;HhPfR;vqTWI1cR^2=Mtu9&IKR3X;iR+oMENbCEvO&cQM=j7RwmG^9} zPsxdq2C)#4SbF9bdrTn+f`Eb2a=xCr<4+|H8nEK@Un5&$me%NDNMtpu6?ZaK0#|o9o`sZmb_}k^ghF)i(X&TBY=&>FTd+9lKVi`oU8uA>^84t)@9YtcePJ!}|I=H;-+qdmhwoX1>in_UQ5vkWs^A@vB=K7fr`l zuMp?yd0>TNX1QF~h0)M43A`~RhW|kjBoFE4s5G-yIr~X8U~vOrtFQQNH2=M$2NV=S z8Nht6TqoMMs*6PxUS~$r6$CO%Av@#-U~H&k`T8Hw`J$9;8>@WkjPXzGBmZ`!HLpD$ zR*jOajmrB@8T*No>cyX?V%4`-Gh1EuM~^SvKHrl5d>~LlUNlpC>xKsC`U(I$V-E>1 z%%GFG8v=X8;gYQv%#0372~y3J>6)Uaq(o-CW!^XD1ThuUS7VdovxOf~?uvj0EFsES zP2kQUOq2&)ZD^sKO#sOTYlar|oLZ%u@e2Lj(QBde<3>rbk` zXY1G$$cR@%+KhbTQ1d&7o2CU($eH8S_nq7rmlOI5afEVjkk48^$O2~jHHEscW9WNjSE<14-;@xyYzLnTB`=w&T{KnQ zeY|zcLg(%ioyV5Dhg#ht2Ar*9m2C}r=6L1&$;xx4s;7-rwCz;muWzya_CrgZFYj;e zT{M13qbkNL^o6UduUJ!ERrO5E;wCVBVT$5LF6^SG?TpA)sRiO{R4f%_&H1tZXJd<& zvgQN{-^VyzL9f+HK?4?OYsye;swa zLeHJ3oI6oj?pBYs*zpcK-ewD3w%B2ZTI@t8e4|Im+8SM7_r@rhuF}a0U0wA~s_Mvr z^w@$&THSv-v~tyK>$vul8MX0@$;vx7*Uz7<*szt;Zq&uLQ%%4J+n)mfE5Z+hhvQe0%*Vjik`ZjwGx57c@$i|K}rgB*?QH(&P{j845jz20$9nI zM>jX<=E0vG#+qFcjq*+jZB*!({pOIR4*T)3)>jX$%<4Ij(F7;ey`SGuzi_H*e{msZ zz}c8=q8fE=Obn9gqwG>`J8_-K477b#y;@> z5^uPM(j+L+EDMy3`|+Q|$5`=+MN+-f9Ro--C#qd5@~vxG=$w>|TGu|LPpH1dDO}on zM9;lS%A*RA?zL2WZMpapk|fmQ+jU@t{pKT!4qLB0N?x?O`k_Zg@8$4OqI48UE9zThqR=>p)mXKSZVbL=nQGDLtIXk-Jh^h_ zoSsPS2z~WuAPyboS#qJk*-xv~x4;%O7_b6PZ;{4hsuc1#_Uj}`FQN@UtyfF>hQe~Q z;1ETwv~c>UBsA`kQT_Z9%r_wet!A48uqFySi{oOtQFyCXmy!DyJHNK~#DS)>=BtKB zpSP;|nKLI$3t|dWI)Et)$UTP06_!UjL7cplTPr@^yf zn7FgC?AqYBHZa0CGb^SOc&iZQ?ep|`VEIeh?@?k3@tQ|tf6e=}gftXb@wt3#dZWvz z3t~W`-f;K0N~M*ojr6njlGEaKi%EWhSc}tH14Q(IY9Bmhe7fcl@$waq5vd9p zZ{u(+S+>N+iji_qE*YLPZW6U#&QQd_&xkC^;!PW#A zRfQw8D2kY(XTAF4$Cn>mY@3!v6%|S@Use6}lgBsKJ=3xn2d?!BafaTaG^kqU-%E&S z2T)bON`Mpx4On)Q*b7+hRWU$MF4Fo^+x=6rFf)$0u2tQn`}7f?^PU@ecd`EH$dNj4 zDHZ5hnKxdSPITC=O4=^60l9+^X5CT3MqR=z zBc%Y$Q~`;Cg;RDGJM5|>D}S?p<>95atLCc;C6`TC-?Me>S(DWYR(Zr6<(%Cj^6D@zB&t zz@5jq^*7!qVEGW&Ke)+oy!#cj^|xHOk&8IwaTdDuA-9KR5a0IY1bcXa?&Is~m(`LVrTmJ>8!AyDX@77;iI z)s!S?2T(?DZ4j!4VU1$^Q5F2(Le;GpZsbBI(UxUb#4Ayt$scY_TqL{~hlS-0PG%?+6E2L1I9qAc!q6LJl^&fB4waRkJIm zWl>0tlIPCUK7Z!qR2BOtmvCVJS0d5;*kqYQ5JJ#;g_H+0U_qpWeGiTNQYr?EG^)oQ zlQF;I&YB5d8N8;PbwPkptFdGaGm5>Emj`HN1Wg`(R=Vu|#m+|`UAk+bZCVzEjC=H_ z*EimK%9uLqm0Uk8e(dr#(gVyhbQW}8jcG9=sQ&rE;f)-9!j)qLF?faKc^opP(F*Zy}e8jic+oCv` zdAC$KmWmCQ;`&Tq#Z6z`)mfV9=eLTlLTid-)MezM<<7Sbt$gE9bGGH|YmZ0BnG@A_ zZmGX=OK1((+m^TIv{4+>G;SXY8#l*uhi+PQiMboLH)Snol z6*OSMBGZPYwqs-ro*9`(pd!{QIBRS!?_KZb4UV!choTt>K_npB9|A9Y zHm{p&Ep(ji{>CfxS(BBY+fct^O?{$*U6ZSnsAPv(O`l&n+oY91g(kZ2=EQ!9lH`I= zBj9Py2+YjE0~)XZQE(?+z86|kOGm9Tw-n z?a%T({Na;nkYtkE8v0^qqo}7E2JnDpUgpm)%-(}Ba0!b~+%1l)`kC zUb&|J=5@6TrmABAtXG3UhB1O&i$ug$6aDA11+K8IA&fE*=Vcaa=dugEO~ipl$OdCm zbnXf(&a76LZwdjjkX1)K^ji(>?F}pf4OmD3{l*-S9UUSK=5xR5uZCdPUJOT@46Yd( zAlx2N{b`74=a%`_m-nySvd})X;&RZd)m8eojrBLJZ)~Z1aKc^%jztOoiYTR|9SXDs z03iU5zC(QuS64uZ7l*y&FAX@YfKsg+PXV?d=h1AyGF`Z$#|9+T{sOHcX>8|L4NKT& z%@e64;hMpRnigNezE`@cg}%-#?!-OSxlGSpyx~ZlO#S*6T#p&8$oiIPeZM45e3|e6 zraO@^+G-UgP=YH6Vdqvy#qVIg$&SCTP@$`gXBM8~+20Ddn&wLB-y7#p~;NT6p3 z)4fTUGry7_*~j`8TM+$gqoW$mqUINx`e%T0mRy-nVq;LdW5VS3RCHUH$lJ<7bao#^88f5kiKJ z8!)Dvei`Idh@>Y$%W;XIgP`yJw_jVjfT+hJ5P(&t4AYe+DR{|OocwPIp>M-GwmI%q zU*Uo_tm4lLMnOw^U|`waw;4qZqWW~L`n>1lEb>g>Pv7t+? z@Jv0;_ljvN7e0d>5w!Y?qA$O(3{uxWST`O}R_YefCyzf)4`;MD%oP)dlnB+0aW4#K#*hFG7^2@;WJ@2DUy?;svV_;c^6~iF{97u2Q zyx1sn5z3Zd^@y%GsVxEQ##JD$)%@k)Us-K-*{&8&gJ7fE6;zS)wSC2Ti7s9O)gB?T*K!r+RMvwzI@F;f>0F!bUFv@0(8~8_ zTPK`$yrPt>uF&VNuDxqZ7i1C0>q9r%2SMK>_xfJcoEP8b)bJuTBatNKK zDoqZ1CI8Y++NHqgm6XEyNu1Xq|H(e1zE}yBs{-nl>R#*8Puk5pul!<8RV7VZO9?HXPEboL))MMg!_DYFTW*QoVs;CHAvVFw7P2+e+cl+1vIAaJqj-4Bt0 zWiR~pffE5F4W8z=+-29ywXU0M-#p)We7Un!0@Kx0g}!cG{S|BK7fpFnRVfj#V%s40 zewxAl5DHild<->YX)F^rGOzj;T8W&7eW~!d}QG-IR#4M%rv&-*BbS7pZcToDnBG^?c`~)ic zptgi+zfJim7sGuLIVqFlT}(eiLta?gClrwTz8K#tgby@erGQnb5EM0tAc%ReA1Vt{ zN_x4=ZdvGj^Kk2jM_Wr>)+~X`6(PhUiV4*n_>TdAV5ElXDN*@0-Q+@<|=@yp_LS0RY z5gY#8UsY{!?~sKp{wzU1O{2?aiSR^>mM^W&5`@>QhsYtGTJ7b2daKJGTJHYak=A#P zw4N-9)oQ@zhWF0RjW@1qOjHK?ld$)N(;JH?dQ|AKfZ9cIN%VRZ1&foVeTgU~TJDhj zM4+KOB4qD>bTnBl&^VGj?P3euwMN*Bgf%>o(6~32AG7by78)C1fd;HtbW|k})m8gJ zgmL*+aWW3h0T4tMV5S=};JI4HN$G5Lmj!=%T|$;Sq{+x~w|n=A&hGinHOJZyFO}k8 z!5);5$qLQ9@Ym z|Q9A6@juLW+Y1tR$e@u*^o$%6=^GmpV?}mZd9rabe8Mkgf+FB^8Y>U;{B{ z=opbBi=do5@0>96kp_Ru?X~y*+PKvAJ~)fYmllAzT&_H3ZV(HkApU$2`Y{(1Q)zbD ze4EX8*?gPrU+LVx)VX86bNgcF&`P=dttynvRK3&3E3aBpef`?{x;WDn(P6zR@LUCF zY>C$Yeu@d*VLl0qdt(XYBI@;H)nJ^IQ#jsv{G^vVyqPC3l)0{jtW83yk1JFAY9>GF zYl$Ikpp|w6Ht4*d0Sl22M!za6Vx!V<`i!*&D$&xk+j<2J%lC|k3a)h_eW}ZqJ8Z7a znv5Oqu;U$eWQFWqY(Kc%-Mif0-|Tj*)q8HLlx(b5&KdW1tg60ZP3@G1=V^K$mQ~XM z^*OzbF+*&xO_ujXPJyrY5#q-V=Krpct5mM!g`eR#LbF4yl^l;CbP@dqEIpMdS1Ji} zk$l}&@qEhG)Nm(vpx;pAd&M99N-lPHQKBofW(mefij^uu)ImkGw$zeCdC|xx1k}4% z1UU7IkDPVJ_s(f%nLgy>ra^{iuOh9ibGpw8Z8>Bqe}(8WcKeC${uS2jvblEmXot+V z*%Qsq@eX;q)jiPclq|4SfUydF#(3p|32(=$>LpW^&5g?7n>3vYzhjJidP0vGB{Zyl z;+=oGw{N^JxjKIw(f(bDg(&zqN&^|@Y3a%Gq)VFM{ls}4k^-fK5E?AUP&HQRlchHb zo6w!UHXhYUp+_gB*zeN%ft$jP(`ommf0fZt(#u!1N1p2E_sfxR`(a5~Hf4S1>|p$@ zBBMhNcU9W=wGZATx4~KEMOzRf9$0{FSip*1z71=bKdNLlmCN@Emd;IM=?rk#DT_&K zMc#yPD@TxX!!=MRRZ0j(QwTB?B)VTOD^o&S4r5bHyS>$AcbsV7IN!PZM61l^DnIM% z-uCIrCDXO@$GvAvR901a8+Cfyi7hHF8x9-&!P0hoLWjjHQe@vVcqNu5M)1Wq`caB3 znHI{NCTc_qp&eKbj2CjDv>#%f##jYpJb&;D>!l{`c?4<;Dk_!e{lgbVjt!Q@-&lLa z7>d@QwIGIWV9MHZx%_AiZ6ORSLMu*%g%jkvO}-5M4+?jKNl)O82*6avZWr~vQeoX! z^4J{63cUp(I~?_v4X(+SHn0Y7BdJS&kiD5iWP_WFAmT5PDuG=3vQeP<&?RwGg``xg zlwLet-B|awPj~NFsO(zk+`Z5~QNoRagb+d|D)g-J%J%8%#naVuCMu^iDmBU^RsOy+ zLgZQL^+89w(0ig^&xX}cQU3dL?if!(Q-=H=4f$_Y3e;1%c^TBFh;A8UHs?zgAwR6% z?~1HfEbvB?U-MkPkQz%i&a12cP4BNf&lJ8sYfX4}{?DVWhe~t2phw8&hWFx``ioXqPapF()GMp2vQ4UqZbVF32pSjQ@OaAmSlz(2 zUbziguk=$os{l~21duTF_+qo&>8`Ze?Jf&8RXQ|>hN@1UQHu^7V<-u1WFx~-UG7-O zMyc?7VEH5|ZWB$~3Fcp~OMi0GYH7~1a(p^b=OfUoG^tOQUe=~ikvdWe=nrckMwVGnFwqv7_EOZ zzAZGKKfhfD zUkP1q|8&lz(gRfA!l-!vSKZ!=Jgt~7Qf6&YI+v4!OBNs2V=x^wElzH7&xdJ}f2HbD z9>~FR)p+^+L%tYQS#h*dD+_fbEhlMnXXj{snL<$O0}O% z^vOh|gCY2%f&uQ4u5qLBN5P z+$_xZa|reQR0vJ@y*L?Lo_vXI8S`F0)_DE;1|ekciT150I`^IE+`HJBZFf&}*iwfz z8CfzN0KQJiWQ8^=bj+jUlss#ya?w=n+{wzh6V)+~_aQ~{AXGY(;6Z5)gY$U93}3Bb zSZWZrQSHBL8cJ~zYCC$i5E^O&Mr$XWc0U;Qu(9f3Wo^G722R=qDmVc9jA1vN;cNK^Cl~&HoR?P-dPh> zpQjb~s%^nACb5r9^MJDe4)22)lCFW*_QS|Hl@EFzi=g@B%HmK;na}&f0*SR_<4Ke} zGwP(-IKt1MZkUz>DU7ZdSlHZrpfV5yK@j!8nx-jq@uGZw^QlxR*)mqyGFExn;FG78 zJBQos$!2%9#SXW-hg;p_Eq0>II*c4{F+xa(k>efKX5HTP9Y%T^68+RXI^~h7&u40V zy+R175js_2b&pO}Xx$^HjCs=)y0z}DtJC$>%7%tl4_K_?BMJy+G52m$1VJEzPWuRg zln@;TtU=5tGphwKtwk`ULh>Th+m;RD#YuajYz8YuhJ!xpWE2koqb_T z3Q^+HVv%2r5|N^B!^)+lfUiVGI;lc2UM+1I^R^K3?5WD|lcjF=Setbjd7{Y(A#FyE zv^s6p7i^`=X4~CRc=)yW%isX-MV;BMhVaNU}~%{8yUs*an%Ztu75Z^c0LA~ z3)|dv*1cf=AbNLUFHzrPSl}ZBi2)5*WdaW(L=@uATDP5fu(xT`gx`@U8RzWzex_fq zC=ONnqqzp4Buj(6^;;QKb$b!AUU7XNyi`}2+TxdrK*O3@O>g0JXy>p%VlFaA09P{F z$M#W9w5LtXFTSiInVMcu6$W*{Icd@DQ$l(bwwF1#*K%Q&AfHzb7R<)87?n|6ep}5*dy)=?8(wuOS32 zgn@0;;cpc$%_)6)41VtjRauMGxo_!XxZKrSEeT9?Shz6ah`xiEugE#(Yoj8FizFgN zs6r&gH;E#7T}zSyL0l@cO3!j3NR}?$FICoQTq(&HeE#4u0Gcr&;x;Un@>k?mI`mc> ze3`!D%0Zs(q+!qI;Fqc2+OdwE1WO+KQj}dFzr$Pk%zlaXYk#mFDygO9+bk>CKgUHL z96dsQqZcVFC4Ek$BbS{@{yolc*KN#^;dA8w#8|%Eb}&li@cC^3F6gKr35EgkrvCHVrF8I^hZsQ!cluos35n`v=! z%~1-A##MrH%PzEnO+#O%&SrW}n1Umti2O>eS3&$MuD(zGy*=|;xz$LNygrg-)rx$~ zAe|>D9})YoL~HEGfhzTitoPD%D^2G5cMNe8z=RYcH5|}P-@o3gtoHKsX5qIheSV<%cy#9Ys6>#O4wl{YA#wb7-YnIuL9m@L?IHRGjEc6-!1H z6r>Hy-jW{HUBA%EJ{f3=coma?;N@Uy#Q@!&w#nY6qi;=7WbA`ivT0D?Pd`BoXvk4ch1;cVJw#6I zDl&}5PC{tx_c8k{I9At&zJ5`shS6Ta<66Eec~e7Ak~)6q|ByAVVGSZ&f0&;!eAGDA=}-19k{HAEpe zPKbkTtt?QngL%ZfG-*uGp`^!hKN1lmUAO7qMzx(}=S+KI5g)MVCsDs0QPA552DoED z6X@H*C&b+j7CvSXO^*bT+~7a({*gk+$k-)ziF z76$~41u+y$qTj!n*M_Y4CJ^!xLnK4A_m8FphY0DR|MEX*RVg|e7{*dmkwe4L_*Ujr zZI#(A=I~pA8lL9O8hB2O3*YcZ>a)_m^|eZ0RPpSvTqy~t3$#+e;{!s!p)1Cd3)U;h z@vwTx^*@4-p8b+^`2XSV7Xd$IJIVq=UxXkbggvm_4UFSxww%I_zP{YRTHeD}T?{}) ziAbk#>*z;X%<$Xk?StTYpxyP2N1rz5P>!#X<~^vK*jz3y0jEZ|j0^TcK48ZDLaaf^ zB^}WVZXxtj*y}`!6nvoHyS+eL%}9^j!7uILLP)uTrt2WEr9<+-cV3d7mGJBc*}@Jh zQHxbpemOEJrU!7XCe`IA=0cEzcal~U&pwW1!0$VmShpkF|I(F_?j0PHRzBS-E{lA= zIdFVYd#Lv?f|Ap`#Lt?b8Bm6OcuCx`{Jn&p?8WmLiKJJ=&sSTjVq~vxTD{*|Fh9rxj^i)r<{* zozGD+Mq-&pj6~qnhZwkhul(0Q_QQ&j>`Rj7hsF2k(UXerD~!=?Y+9y)?3=@n8@bQ} zOiz}2yDK(UkzArh;3i8kY#1Ja=3@hd%Vj8>qL#)k6Dt1?I#4%KRVA)dL70O9v zKb_ffGeH~!@Mas!$cRR*PY_9PpBtE?!q}$`L=EAZprSugZ!zRa zA?X_IZxM)~H7-teCTk5JVEDd~mFH{qeQRU{*}|xVen0+T+hx(kfO# z&GZ(?{ErJgS?~IGdRjJ(fx=O)gfkb~B!)Y(Eymx7N8VVmUQqmnoZvvkvm%}3;i59` znEyeUjUnZN@M(k4JaqUeo(nhhkPgtOSP{(&)o+0K&+m(#kqu4%NkBV|6hVN19#{xc zA}k3Uj36Tdd!~c&o`F^6SZVB-CHD}ORaE`VDs3R5sE9vRU_S+o{sFK4;h0=fDAjkG z2ZA7oW2iD;(+&TrVacZr3Z$0nF0(Kin$!1J zsAz2U=b2sMx{y7{sj+(I+<|(pXEYpLun|i}9zAGUO3HDc)FV zo`e$S)zL)6o3a-Q>Bv)I(o;U5n{!DAoDWuv5lAa)Hy|O#93g7t7`zR85T2wWbDXYIC zk~!TUW=l++;wC=kPb;Kzf9)OoR-|}wfa1bm3e371UV7~A!EFL^f5PH^&k++KZT>)m zJJJpH6+K@ZMpzE(mH)Ho=QREztypZmBB~8oL!+_MR1(uQ0nN5>7nY94LZ)DkeLr7p zIEj}ynNLrbXe-jBvMV06#}v_;5Y1y!?%=G2LiY25EL#@6?rK;=lw?FyKQY(S_&*Hz zg2jDb;9Fsa?|wYbWj>2kVlHTC3L_#gEgIv-I_PNeX7IN>qH|<5k(-n;v|jnz=;#X) z`Y?DK_w!>&tcIai9v1K`@o8Izo>df&Dld|JZBVqoO-v=Q4y$vH0nRHYq#`&oEo^3H+ieXOAZt4?30N{4B zayxfcf(9%(K&#qtRuWvqCf%w#!9<%m3|ix|7JZ7e*Hj8za!p>Z`LU^Qgb!4!N*ZzN z(h#i%emQN>b8j5){a(}yRd!4qL4qE&)XaPpoHrJU^L2tubT1+B(bHidXdZwFN*L}v zBGAW((t!pntDw0394Qfw4u}Zi3_LqEurytTTU6cGMQKn8rMsj{KpG^aySt=Aq;ml2 z?hfg0=@`1ZrMtUpX1@DA&-a@@;68WmIcM*+*4}4rl9V){JY~t+6W)y~ZWA&7M`+KF zl^P`=6=+Q`NhNvsSs*{y$AHlH#lJBJjDo3=oY$2&@@eXCT=l-#Xb|7-9eSptWNK1t z6o2HdWn_}f9ziyewlsO1GpT}SP%bQ0zo-sjl)^L>nO-}X(u^a=O!bu zcy>J(7nRo5|Bc|{^+yZG5X%lxKsK0h9QP}<-<9Uu(2)oqF1NlkS9MhhcKK~Y`eQ*u zaQU~kBwHbaXxyFT&~oUAInQ+j9h!jO+nBjLIP_cMe$Y(pfLX!<4Biy1o{_`Z-+N6@ zr`L-NvdB8#ixK?9)9iCAthM|hwYI|cM=<(%qu~E~0Ya_h*++iQjBS4J@6it|3MDqc z``wD)j52nw#h}MwM1c|?NfOb78yZS}95;Ebi@6luF^>k`u8I+wEy8Yj*L&S7S&A<3xdeo!xiWSD z#crU$$Nt+DEO56j`6H{d+!#N&62>k21%)tQic?M>%4G==i_HYQ626X+h~u{rmbxbg zo(~toPock6v6kzs8Ii&9QdG7*0@?arysY9JCVkTyWJ`lKl5BJ>{!4`Z zJ-#;;E}Ox!Yz^ruR)mYbL4K|@+3jq9PVuI@>9mo4{L zF0VPO{4DJWdD;#S|ACtRTEioCT`9$zGc7Z?pcwFkBkXJU;Ts<>u7 z5#@_yi$M{x%lIUjDTaH>cp_?SeYJiJ7pnusEfGwFxZug}WOZ9}j+^}_BC(idUdYQE z_kw2I>EcCr>hR+P%pQEN>tR~b)iyWStRk6! z`{rft@9!VTwC!1{IWxx1>(}fTts6W$gxGm`IqJ>F)44L5Y}Z;{POOS^e3y?b)XM39 z+ln%gDnFUzB&mV>NU0WtQ?2_WA|hght}p!|$RCK8K$~6u@Glr+lVlEGGZ@GBudjdA z19LB{4XR_JqUMk9j!KVQP8KV5n|#-vU4X|6o>bH?R2puiY=quwn^m|JgV$wBpw|Su zB@deWFD*)0k?Yb{mT-~Yn_j;n(?h0(t=dPUwS%sgf@VHf#}7tq!HZhWJpNKpWY@D6 z&yaon#()cjn~t^&JD@9r8WG4zZwP!|`rmyM;+~b#7p+SbsZ>Q7e(!p;qc`*6 za*AvD4X;1`w;0y1D_Q3<y5I8xFU~Sormu2PO z8LKx@y^SK54tSJi%KO$KeV!_OzqQf2bHAceNb2}}WZ}Jk1Im8&aTXnWGD01jm{|9C zIeS?1y6AXVzd59e`BXbuWzg|lQ9tQ>U!T(fsUxAy`4tXhM1jn7`n;?|s@(S57H`_Y zu)%5tMa2i`?YPg_4rA@NYW(d7&_O=;hO=rX_4@68Q~TM0uh8D~}* z?kMQWx1~tRh>W~QJ+9HVPV<=QZHnCCiu$Z2yUTFiFFv*?9PTu`(mGLo3=YbynG<=@ zzJidnkVDba*jy$tT>t$mMHv5Rn>m|qX;p~xJLAtwJ)|ZjfsV2-SOoNaTb*u?W>I7B|BB1 zGgT7@STGf9BP`I^IHJz$;4V}1ycOEY1Fxa%ZnB4R2a`@2@SQN#iEpD$h{MASrpV^C ze&sTMuZy{lnpe2N@8Epd7I+&WOnG+1nHjzztsL{Y=vFQHxlOD1f{S$UWpDiu~f(zmVEW4C7nX|K$D) zM-&=<;k4(4Xo_m>Fa%OO$sa|rN@kC7Q(0!9-^S*9$B^*fH&nm&g1lkJ_T0w-6bZnp zKwN}7p{-;W?&mkY_h$~mce|=xO~yCshyKXtu!Cyfy8$BmskB48rZvwMyQXa40fGzn zK~}wA!-aea$)lA`t24G=2MOQL2K0SAkQb;kJKJwODj~mmH4zOx4R*Zj^8Zfi8wz_~ z&{K${}z610!QQdxn2Zmi}mNptZ{j2v{bZ9>Sz0NLnmd)iz zAu(Mmk~uj!y@O}z+zkh zBO_zeY9_~XlFR9;N7mHc>$y&-$=GdFsO+XKMmHKcV8`p88wY|+mdXfYr`Y^WQ_gv! zyC&ufR1!2*6y~C3OTu&Kle0#g&JIqw6_`QU{?aSK`Te_v1?a*}=(!&Z9W5-RaZ#a} zK6387j)7hJKY%Z$zmw5l6Q4OKR4ks9lDwd_oG;se?$$0^@6&BQ6?G2+AN=_Qe4kxj z^$eI;{i^eNm}p-M`@F5g(sq`dk&=>vQ<%DL&EthFQ$XPUaJo$64EgOv#^Zgc)cJSD zNz>ca46WlSz`phi|H#Uhw%9vKrNB+wn5GQ#iU-z69c?U$l5B+*ppTsT8|n@}ujp-y z-$BN&8ppknCs7ejQ%#6lNZWb)4!7@}rhVHUZoP@X?bPoJuL}q79U?>4Ys|r8rTTxb zbF{)&rHZ~L_VyEhnS9d6_YGg4V9y;JkgSii3aQBwsTuaoxoh?r$)YHdC@USZNeRlo zys#pa6i@*L_Uk(yK7KEl&qMfngAJa;l$-eb=)1O17o$6|5p=>DG!Y;0r@z*Zi;Te$ zpXah&-tm;^y3Opk#RhVeGo~jUlr>>(fB)-U4VmTwztqMM3;XJ2NxlAEIRn3}fS+Cu zglStt*e{_4{eP=+NyaB8d>_TgT7i$8R1_aWWWRLNjnN5HGML0u{VxdluGke74h0?+pj&dT`2H1-gU00qYfhgqYXUJExcm z!NmwZ1Kv~*>m6QXY|K)WF~avt$m_6m;J7UPB{wO#F<0r+cU$Kb7Ov(*J(^zo^R<3U2a$Oh1&s7I|<`VmA0cpZ*&4U)a=^JOibmrD0Q)kf6@sn2ZM1s9X;mf^C z8{dIME(tX`7tV$_#W<12u~vFRy2T<&qrG6k!w_WBORx@hBW2fj7eZm#g&l-7f?{0f zUG3+bfRgvA;s6Dq3Rrv)Bn4!w6V7=KhCvm5uVdn)KRYk|-oD)GC4 zdFZ%y0x)X~=ruo2SLl76SMd_B8&V4l`eGhK%+4&4a~Nr|L@4^6G6y_dmGxv=yWuiO zBK;wQmu;nYRG32NyFq}Dqk}%tGm2Q~dR;KL6S>*XaI#77F++~6UBu;AvY2Vc=nV&U zb3c&)HFG1r*cf22MRaJt_KJ$Ak}dl&LWkXSUki z?2n%;I;3W%S8x+1$rQGV|*0Kg&QzF2dR`yYRV4Oi=V0w=vYcX4UL9l zlCPtvbjE%<<2wvrAD{$O$M!eaBNQh3p4Wps4>!A4W0rt-zF`Gz6{hIlM>$^7?V{D`;BIlv@x`u1-rVr9$1uxrKkXpPjTAMg?N@Yp=ffJ2Lv!w?*aXkbm@Mmx zFBB0k(`(%$N-`ftk6z9D{^Z6V9{IfEAUlh{8vL}M5$>+6?{fz>biV3OF@y%JDozdL z{zfKSZF>N)?^kB2ujZl?s-mgqIKdeXt+n&kI37Lc`uq^23aH-Ot|jHn+v)Evq=*AT zxQ`o$ns{wCv|+eh1+Ix3(bEaw3tU3qLZ!FV9si=hbHF_$pg2v*qeUShU6)4b;a{qp zxjqtbEq7W4yK3NGtD!Y~YXRVxjP=*#(Z-8QfpwCHjIR#se?4xJSV8^M`QO1WSq?yq zaKppHlbAhoZG*vpSZ^WpVv!^h6xmqareTr2)N}y?v4i9wlKEF7ny|hkR&;1iY z#4PtSlE&mrxv|-&_w)(QKNg&LZe~|h1($j!Ur)Z!Pis^1!wBNILa@c#m&8rcMlmoj ziMahukC-+Ow!K7MsY!6ePvi_oA|Yq(bwN8#L16mylcgz~-j3DR$y$O5cR47&=YUy& z;_YpDv+FXIeuA@=)zPTov*-tc&!0d0-Ysstlq!N;0qpBBx1(gJHEXjl_PV;V0X+cS z1>u2r!-?MtJReeRK<~l#_3W<{-?rj0$ik=y29_*@AxB9`NyHDH*$?T9o#(9J$3nx` zLPH>CUWE#=vtI>sw_jC*FAJO6_bkfh1!O(Z(a}LLH&DioB;<6xg(II2?vQD$+3+s6 zL*}Cz+sjhR9Hu@?6gekN~{*oj|^ONvsca%vvD}V`J?X5VFTjWMR(b<$-Zc@O2C_25DZP z%J#ItQSWh%nBGk<+4nbhSU%>%8>49D@N@ZVjC>@g#>a!lbSXzYNAXiBqXNbD>Z zRn<}uBGQQ4p?|x_Ohh;bUd@h?+{8lu2IH?Yj%(JV-lH=-`NPg7aOY|7aU0vff@fE0 zB{;vmJ)^z>i7t6J$p;G%e(fW3SgMH&T_gg%TyMPe;B_2+%z528Ie@6Q^|L%=c;3 z5W8a(rOoXuP%rJn=>|sEr^6h~{)N0#1LL2FMEZCh1aW&d$v9GsPMw79%Sy0nliTS; zJei>>$jGBJ6)WeA3xhN~em5=&OXKZxep8{DX2q^{=EQNyIhS=}gpvO+C--IIK3zw1 zGWM(ZKYpoQV@IpdLi}dFeT<)3>FLaYI{x4ye@n_mI+f&+{M?IafsF=qJ4oUQ&a&ZP z-Ay_bbgt2^7;^tz7&v}d&jN<1&ns(b7TI@RU>Nc=ZE?NRflG|QGm2A{ozDaRhLHDR z?4drZ=di5r2^AR$8JQ*pHig-InL7C41w>A$9D(`kq_PRFrroTbaTGj!8fmS$m8!%R z77fl)pmj6q#6*nwB93XdBozIRML2-x_Z||{AM@@n3H!>`l!B_|L9V&2xryqqOqUGn zlhU`H29Bu9E7~7)c|j5V?t?3=3|EpPlfMSFSZJoeg zxhRX_gX-32ZNI|yP7LunY+j;CE_`6fp2}zQ?1F-j+8AKLtBEOg0kVpRb3OFqVjcOz z`?Fx_49D?Wo8oTBZxaO5>>{l4IsS`gQ(s?$WVY~kpda}E>>_u6P(d|}j@ku(U|Z-L zaAK31lcxyX!{Zvayg{c7BBE~poD~k67g+QBA%OyifJJFl?LJcVUi_omhRfn<9F=I( zYY!`Qrf57vjBMnrvC(1UDna-ODOcCk0HnXpah(U@K&g7#!ob7D4YcRon^WC*@yEE% zLDUX>PxQ6@!RG?6<7Al(au{ml!y)Q$pyLTLE2#QURRV2vEGIAr_{EE|pSoVeTm5Qv zoIF=3rn>SErGD#5lnIYHC)xtXdGd`opA(6RIZA5b+%Yxzh-c)|yo$jMsuJ8z`R0um zXM)*Zl@*nllNjboPOCFUw-YxRX=h|bq*7`A>-`zO!E1a9%G%74b5+YexIp?( zWEQ_0(y=%&H{(7WV6_T<_DQkI~qCY*h6uZN`)K*>k+ijsK6UCzA?kSiUOV zCn3%{4L)Dko#wMTx*KhoFqs$Pxi(y%dXVY8zt|xy#+L zXCYc0!E3H7K zSuhi!?aAPxLHRe#;Z>)}H2_R^Y>2qL^^(gL#*bNjV3x7G=&E?R=r}k$WtwEJ_P$g6 zDWq2=i${s0bjF0Z_Dd)CQvn-LjoDRw3$Jm7`FS;LH}cvh%1zp1YKt|0dl)I#Y%?HK zO7zIyTPC!^Nq0`Upilt%XgU}}b^!JT)L@cH9|JazEqg!E;^AHj*yv;-;i;eBebdjb ztsJ}M83;dz&w#cIyVYI)^1Q-5#n50p4rGXPmukG$y>8?OA;|4)9b%kZ)5==C1ve`F z`0Z$aPft&l+p4ij0G$vb&Q&j(U?g^3#7ZNe>~vZI*i}ID{9lLcw0rj~Mm>VskSWnm zLF3L=$t{&pTf1 zb5B^ouR-(H>Tzt!0+U{qe;m!4{)iFC=~OO6dG&oT^a9iowGM*^P+sNa(=c~??X)Gz zTHS20)2*ne=wYwJ(tGak1m_)6V8-0pEeD`hgZ};CcV`g-C^VqheM&$VaW-u~pl2*` z@3WUN>7p$2ss6QoqMJ)--#n;5gLud2rS;b2HYG7>e!cs*?5Tfd`dvGt{?v)b6;AsL z0wjrLZQ?E&U$F{bj@8{ib@;SV*B%S^9jV)@@5{^#HtddrgM*a}>2t)RL8-Z?=d%Q> zZ|xNG=4$BnWy)Jj;R?aF?lZE}k5|1Wy*CCsLzlgIx49vt0`8Y^iX$lojai}2@@;Mm ze;vP@O0^tY_>-FXPGOWIgM4Zj4Fy;2r$ZAG2mNUL3kaO(H_F!Fz3esFP}{ z{3&MsUiWqSykcAnT(nyVsV32(R_HVw_n_zWf*@2e0^X-f>{re}dGPyvxMs)lg>NC4 zx&2tZ8n+di?R9?c+7=!dCs97%dNe>JMn-sQ0i-Nu?hRWyM+1`&Y7=*LgBu7eE5N*) z>x!F63}VCB>)kaL9xKWpz1c@m9HS-oCB#gYM;z}7Yx<^yd&MG}y*@pBHnF{({M5P} zKr|clS~Befe)gMVCVGv8a8rvhBHyD2QZBdNnN4Sz_yh=vh$_jjct`uaiNLITfW9Dn z^hY$6bB1l=u=-dXCKTZ2T2=@EiE^>pa1sRB-rnxT5Tw?BN6MpEapDM>IC&-HI0D{)nBDM~DnH_ESwF2{dGb)I03HYd_+97Iirgj4!*JQj zMY`3VusXZ{pe68oEw%sG%GJ~-!4wH7@j;@C7XXY}FZgzODTYBJ=$Qz6wg57GTwYv% zG|41RE7U-2>mCSn9NCT^4*LI7;VZ_6LdkGp&~BYdSAYxA;YiXe3e;YN(Kcs_v9{dS zZI%D&ViB!PAci3EW>jd}!>u$Cj*=+9S)ddDVA-`Tx{copp7`CVnWy!KT?U0_jGF_c zIdSR~q&yalR2Us&{Gl4joEVcEv3T z`WYOLhi;4N6T_9TsVXm8^R$;&OeqO0JbbMJe8dcD8Yxv`oBs@>7|)II_>Jd=5Zy3K z4JlhVd1xO#&vTSJ6{xh|GR_|l)8_PmAhU`>+Dsz7tDu}E+@S+K=UPhXK%NVM+DFS5 z@$G79Z#UCO!3z(9&%(m=UjLl$ZJRb+SHeEh^00QkBC^^x>B#JD1@Gg7c;SrzOKkKU zr|HYdqoX6ICx)$$il-}07mgyio|{VMNbdD0x=d_8*?D-s$HvDF`t?6NGcWQ|qzKnv z#8b}fX6RoR58<0SE;6jq%7rENTzO#MiG3MP)KG&*R9WN#p?KP1io(+pqYnHw*j? zATK$%gt~vu-n3j8_;WVq$M@ZvNPG0&~85K>Wishss`)n?1=-f-sCCopxz-iN0)c5OJ`+(F(x+$E8wG`^!P8(ggD`vF~8io&0VBi>d^a66-T)yZIYfIpT|*OS3t(c972 z6C83b^@JCvC3As9(B*Wv)hw+(g7oD?AhcSxc;1^rLd}MYLRm9?Ts-YnkDp2Xplj&bXvZ&q_?%x~FBu63 zuxM8IH`V_|^PA^RX&Q|tLh;Ur?6w$3%_F?_ONqc(+(hO;vA3#aJo5Jq%@Hfy$8~2b zV%EY>yQ*Iu_OBPbceg?Sw!@kX?{9zyT=z}JpGUvP>Aemg8woGUrc;E$rql?9Z#bFN zmBS+!Q5R{KYt-(uJhF-7a%j9+{BK<~%{o7M&cJ?LwC_;SPqZ6yg_pPUe(#a&IhScW zt#Y+vYn)u-0V91R=E;Ho>c;bC;0+NlvNDSO15Y<^_T+(6v|sNVMyrn*s6@t2AL2C_ ztqP7FVo;CMKB&&G%|p~CFJ1@&UDfpOoP&zXvOUX2IMFPE@)2_!(Tj4@z(kSte^!R3 z*y=BJTiyf(Cm^%`L`vq6lp7VuRyu)-FooGEVscnp2TKQCoZ|`x(3TL!x@=m^&(Eu1 z+-IJlQbJIcSY4lVqMarLHRGsBQ+Y(rzx1gVQ?uxDZY}b~%6%S;B%tbysL9V?JD4!Z z!FK!Wh7t@gOIw4#q3p?Wp6jCcG_(qt?jon}noCuSqe%D{o_!*kKPK0dr)Zi8ZKECB z9sYYuMYM%EiVO$mV$}7vo4joXhxm2?&Q&}`n4GRet9n~4;!}t09UCwF!j>3vKRo|D z{0RZ(zC$MGw?fF3ZuC29rJ$UE&$o4MVNNCp^i-HKhhl=kJ)f=Zw66y{e+U<}U>lH(CN8vkzX}HB zxNj=we_x!NEBPpyteh`Ni;a!$tDjYTR+(9p!_Zm|H4`?q{a3dD&=jwLn7@^JyiWTS zdEKignN6+DrZ28nrhxZSlcWskw*4;5WZb3x6fFevj3lp!k5;jq*XdwkVIh2V>9OZ# zGE2bGqwFY zNIvJQU8^@!p2>762lD*|9)^JHDNohJ7}ezAbUx_eMff?A8lf`oUV)Iqd~7VO-oRVg zvRB8;YsJgqQS*V#LuXQl#bDG@J>(GDT~=1Mf6CpPSLo(emGa8@Z&SzlodYJSc3rckZvDO*hdpaa2n((Q zL+aoz-@pZ#4M<0BY4dv|;$U$Lwt>P7fmNXNe&zcC%f%Hf>|0z>1s4_t0tQ}5$3@gX zNO2=FaPG^qG;vaLnVj0kSjFX2)RUutdm6v0)Xd_d+jbx7)g_>ts?y4-A?T%?4iVV( zUr++M%&!^Qq$WOs%sP8Tc*vV%yGqZLKPpe7+5iye#Z4^j?H#Y~K5j@XNmpka0(cA6{$8QfT6q*=dO(F{QPkXf6}P z+bVE<89nvt`U~3V?C`orK{BxRBpGH7j0`FgmM2h)6|`f_!HUdpDWt(eY$E>CXe3g< zsj<$;r0URI`4_kx_piot|C!P)XBEl1GHwKv#8f|QAsHAfia|CI4I!otS~a?0x@ zktb8AVxtjuK6M*dHLI+@$3md=ZA&Fx4Ev8@**mS4^3+e6WZRl;d(t?KR1(sdiIsw+ zj5^WTfOP`AKb|E4fn~Kh-k|ig?YL&fB%Ypo+$ojt(=-Up{wB^3qoa74sK9bDVYYbp zotAu*d^okT%x)Rm>u4jZI`77<{ENmP4Mkm#at93*7+Kk)$oU*8_y^x_5m#}Xh4CWm_cqIES zq9~CFsStq9^jvi~Ofs2oWU93WZ*qY0#8Z^~FUeRt*3QcVVJL+Z#jgd%iFX;b9;knd znX-!a-f01@5#iKf+~#7#bw4V%F&c-7_+Q7q#*hlO`n-JY?y4Ns-1WUUIk`zUC#(9&$As(%_JcNjn zG~>CVM7PBpi13Np_V2dYjrGv?f#YtowNVm+s&jS1ls1zlb{SrHS&d6A0rJ#V@BK_x zTYGv^mK-vn``;uzH^(N}HFDhfkDIPCl>>1Kz^=Qydq1~6x+bhDu2anR#?$wnHe@0s zennzQW0j2In=n%;kepbwqmLL~rziwP3qGq~PL26EmRR}n?>ZwwxX~=Whn}~g!O_bs z`5~I1SeUK-T9yThsjQDm&xbrMUcHc7ij=KX9bjon%@WG6W4wcq6EqH@{c%uojW z5WN_rKKjZ})t?(Pfxfx3vBT6TuIN5gh>|gEB4hgwzKVD7x?5iSU5Xbtk!JH$3 zVa6FPd5Lr1RA$bBAw-o@@!#0+vfS4`bf2|#iAa0n1P~RqD14JQR%*Bl=n|GqV2U!_)>VR)NW>Wp;NZ zxij(RVtY(_o3Z@hfY!42luFhJjY@C7MZRM3Nm}`TESr#~#;yimN0E{WcKuhoecv@9zA#NCkELsk%jf7nJ`!CR@-edb6Ig4J9kqGk>0h zBmlWqQ&ThJ0i$kHuqJgTn1_d_+5C>7yKCE5-Dw}NHz@yz`fqWu$+%+*F%*rC{(Uj7 zCj^l>f>1tIr10%&yfV2}S6v0XnIijerqCx#-MiXD^6S_&Nn9tATejag$xB9KMytdi zd>w@iTyvd<8mP&OVo{Ky*N0yGXDPwr`;O}$JDIarCFzz9ac3;58q~wb$EPEula-J_#Igfis!v+FD!1sY|P?bGU4hzx_fomCTD|)mmc0W*%+v3lb!+<3AY( z?0(;2W#3BemPz=*3Dg7|%of!>RtR?x7y+pza zJEhH_5-_xTVxkIS=rKNsOBnmRP{PBggZkIMcr-u_TIN4g!ghZ78Y3F~p2+o%Yth5Y z_2sOj=HceC5QwXWwVcrsNj44~>4+6htOFW~8m+WY|II9Mz=2zl z$o!g|?LR3|R5`9E;teC~$9fnYU0CM& zRmNH;UtjKEpV#84{r*^8h*_QeQL4#Ay2-reaK#6p?DDnlV8S@t_Ba!+;SO0y*E22IX?GAF{_U&8?Vd#Aw!(F z^ivHVa^&#A)e0gzs9)%I{F9_&1y;#bEnD&x>cBe3wU1*nRo`#a87qQ&04OPaO8Mz) z^O7}o+Bq+0#pSMNUsO2XOeK#JmC^$~rDVQ~EmFN_Fr2H2i6zr#4`VI(7R@xW z77-m6?P~&u#f0s8^Yp7cCf}ku*kk4_{ZS0($XLB^n8srJ*lXcZa&4})>Gh$Z`t0dB z7SDZ3`LN;axH9TB{720?660;A*cl5`#H!IKC$p-w@2!;`u3BqaQ-iA-8exm%jY@p4 zI2;@S<%P|gOEJp0$F30j+mF5f>Mh88Zjrftc6;sY7_*ABo}a{nA`+2t>3fKW3ui|j zQj@8y4*pOBdtj}#p*!ozF6L2MmpKAY*XQa}raw)PI3wsP=s+=C|5QsuqtU2a^eUCt z^v=b_>0tchyN&7Tfj{}%!MILxU`yj!1h_zqcUo{Il$kgTK~gMo@NTP$n12iv`!t72 z=U=t!58BUQ`g;$Qw1R|}*?v-(GFte8BPGaJ_Uii`F?Y>E40?}8v3W=T~Iu2&$yg{QZ zA)n``gT^9I2o_XAvj%xnWfq zG{_u}NaB6CrhW=X9XuG`n?;kz3y1abU z9kiRXY_bcjEGdl4FG*-bW+5+eLib8Pa4?#5t=30(y*KWwtleJ%<~)|K$cZWD&nm*> zjFJC-%T+&Dr~Fkmwo7xo#id3NsDXov{xkZP-Sm2w-fhiC(bUv*ll|f0K^P!a534>0 z?}3g--HpfRdplO7>_8T!Ow%MJmJc$cnoF5s_OjoC;;8b@(wrvY0HcN;ZaTyOmXW2!P7oRv|R3i|0nSEQ=XpHpKI zRfe@N!z$}rN!21bk4^t-g^aKA%CGwR`Z2J*NdQQUlXV>Rf}Uo{I_#L|=!8RR9u1BZ z{uXXh+`X|tF8nd7gJ{a{ay)l4DNLJW|G~yExh1!YjgM~`k;-vdcqmhUETG?_rKzd% z(>rZLLt(G;)qs~b{gctM)Y#~F%WY-aN0`Yn1VIi(g(0O#;!e*-JT#%6*f^HOexKNk z5Z|S9vB67Vz=;e*l6Y;TkZIMKmCmTSUaa2@HFY}nwpBsa-8z|l^XeD+dhH8YS?;s2 zs3c3)B@TNU?N~{LUFE3FfF(PF{I-gh1|yG!_%&DmdqqV57&gYUx{{R-z%CNtqD5hf zD>{+}lEMaBh}NEy_c{U`CZ-5sjZq3>p(5)Rj|D|V=I8Am0sbqRlFboQdTr7T?Wz9lh;V&m_`s$ulud;?I$rlj%(jhX^4^?a zfOg8tt5{fBF(_J+CIx(EqsSij7s0OEePNjK5xA-}6#9x|PC~^xS-hjtkkg-1*dA_Q z-7qSEg&NCZv^_o$hEUiX_=Tg;?Uh6`0nX-Q!x--R9>K(COCfR6LZ-MEbaoa(Ub zdSs2yipdR)Xp#+InmNELfg~VYR_*ONP%KXUl*Ghv0<9sY5UjI*{*rqAiNzXA5GjIv zVVd+w`P{06sDZ1`XzViY%^SFH+=SWnX@( z#(&}2%QUPVZ;2z#)CQw6Ky5RH@_`wMF#Nm*vZNk3x+NO^;w8)FHxdOj9R*g&nb(i{p^2HNy5+Dy?!KXM_v&Zx8kv5DpDpz&1UY+U& z%nIbwSw&%-BDh6ESXKFkN7SU$yIIBQ@9#{FjJo<$egcx$h3^4YoNI^MWVX-Cy?i>S z^k*L;o`W-?3o=erSyS}fox@-1UK!03wysRo+|~uXCW!Y~yOt(MRvey|#=$S+4m0pN9XbY8)x-BZak69^5RM)m z9^*oez!-e?FT47IAs>P_SfE_4dAU+dB!F&*lM zq9;k$pN&Z|*k35(ns{zH+4^^Gg!BLCje*x_lKrzG1z=O`z8$l7rGly(35I! zQy{jF6f6bbO|D;G#hkCSX<9Lm-#4ebzZ-Z5ym^zuhU@L2a?bVNrZ7I5e-~tCk!d=f zUwAiFNnI+m=h=C9=Y2G?E^E#hbkN0)QjXOIHXfWLnXo{YZF1@WLB|9px8r z!9!R0>I#tYN@d^nW#^G<0e}c^L*j5&_h5H8fwldzU23ScwKak@+rfd2t>Kos1*nd! z@b~$QTie(ipx}voNWoI0j01#AtjL3wN?pYqA?6IvRLo;H?=~h(&lIgcroLtCm3h&& z_94tZ3X@jp4&(^`p|D+l=-a;EMkGZ5T{pa026=3Dhmd+dW;l4?=mPQeZ8%R1uzdgZ zDxD;cGf*NI`h|vBJcZ)~)IP0BEU|c(JZ;M+tMTLr=1}o|+ro4s^7QihD$u6Db_rz8 z(UFk=oIete_)NWQ8Vw=f2+Wet!EJ$Xa9z0gHQy5ZCTST-t3UqM49#@k&HaZV`inYbU3)@q%%}bgVo5^Urhq2<($fHmjOkBsfBoN}!@+%% zlZx5+*!lfRg4PYlx6Bc^8`q_Z!q53RzMEoX*+M?SV1%2)v$Kwas{rg7)^+B5Un;!|*)@3dZqrpBF3j zsqo$JGh2WMld8~Ls~gTydg5(uZf>T}mkSPI3OODl_j;y0G9K~Fqow0ZKIacIy-Or# zGkOCDH$@7|cUi2I?N8&ixd(%8O*eq+-WvccIX*sq9qz$51=<)rPhU13$N-We@G+bu z0I8x-HiZUTl&b4J(Za*+t$S=i$J!#~cVk0z5%NOt-3dUJ81a{OAiv*6{fxV0*ODu8 zhJ(wV>R1UpLYqQFVuJhTZnQQ=V!iIIE$zMRs%CP9@$22;Pn&|M#iZ}Q-&;fiA^W=3 zt>d6A26~x(vc5My*)x^{yB(y%aK@X^{f69~kP2|1&k4gWHj5+S(~FA_6-&AMz@NW4 zm}H%DSMb%^K9CEN4!MMi3}}r~Dhrnqo9|^j^`8e+v6~JmqVjKX<*$CWS z26bj(qe7Ge*E2de7~ zKuB1p|Iy~9x2SHr=;BZAYmJyi$mQ%pWYIcCHde0}m-%;EA5D&{p`qcTWy=QxbP@-2 z%Pcuj12U)kb=V+$q6}_vWL#M-3oaVtdgQ0T4g@h8-q=q}DgR-AfJ!E{n6O4YerVVm z)hqzjF3>$MFb*v3%Vz+=4FTS3RXFuG9zz?2&p3X9^TqL>wuqVV!X)*iZGSNtLB_z zj5*3W-sLvY;JeSA1t84x+DJZMYBz~KtsjcU1L}qM`!t^?Omu(oEjO^%wl)p!n$3Bq z?^sXxZUC8ggRSr4(maVJ@J(AmnD$5ISaJkb4VEE*%?u!@0UB&}hy6&gVKT{N3AY3J zK6-dN-XdU22Z+Z{qE^pq%crQy? z>Hv69fRYB{>g?>zJ)3T+623aX`Z6=<#ahqa@}x5!fThfl7?~NuaFT(*gI}@LK090B zB*`M`>|QXI{#|t{^i1VT^`AS}`m(1TCTfZO@MBZsS-%~b(1C^YTXLb?HaBElnluECDL4A;B;n3^<^tGDEbM43BwFDH0x~l3!E1l=o>y62% zNQ2i)6VPW0MXvT&%uSDB5E2Q!&g`iuu0NFoibKyz5+N$e-{lKX@>zXh>L^kuRW=Ao zV`FC4a@`U>XEfXVlGueW^qGAgR7KF`0nf{_Tm<4n)W z^6Y71nfWWgDJ$FKt7WDNdWJV!JHSq;`PT*}Ez_W}8+OpkCRZch`I&3BDv$z{0AWp&Z&4BJ9jf_*)!jx63_6i~-xYXXeq0l1K5#ed_GI@ zm;YRx$P7Wk3)lGE?by&bU60N|wR=e#Lln4`mcV`ghivpziLq_C14jN%FMYt8n&Ib2 zb}V+$MQ6Fm(eg>UW#uFSl0XU5yQGt;4jpanMUqUZXpLVR5G=F_mjb|ZP>CZXvOIP} zHA=kl{?O9GVSG;rH+`tm2GqVt0tK*G9QFlDu00lWSWgTXl=df+`(%fMgM)D2TjX}H z42OPMZFE(d);Kd17Yq)HT)n`U5nGq#N9JgwfN~I}2thI6Kn#5qaC(Dz6nJ|Q{=Rs-E7@&36s354(Q(eHuAjBhrhNZ}c=&70FF*-|5}95mG&i5jxqoMp zv@zE&t3cNlVSDfkF9eAIBg}jxuFyYA7dui8cge`q26b6cJOgNV1-1b=c}XH^b{!l? ziXc0&(pX)O=`g>U-s1IOFly$U6bYCFC-#&VkK4B^(QKlusVm5XY~GuWn~CIbm!V&H zI>O;80KP66#0#jIUG==EpyiWj&>P9n@2XH7yA2pkY^HyHba{C^oQ7$H>zU5JlF|`M zWr#}Gx?>~5$dRD~f@-X(^d5HD znSUUWan#PG2@Tk`RxhcplmG?R76_UD0t`}G&kBl=##6UmK5kdVt=?r+$W^rsS&QxC zYmf46Sp2v7F|A49$sOtG;U};c9!a279DpGB;n`ALEJ{!Bwei_p%|Xf&Q$M{PY-~>! z3aIHW4`WHVoGqg@!U>N|Z6@c#bJKG950GW&Ui5{T%oQGVm__}rFC_PPD&BolR=^b! zL}`KeVIX#!MEEr$m_$P*oW(-LMy-3D%(v${Qctz>MuYMt_H)r>O0C(BNYC$J{R}`J zGiTa*QxHmTwcLP!vnnwZsgDJGCg$oQ^lN+W3LmE+MO%c9^j6i#;=j6uMuD?E%~~buDT>9yra5XRs~rBJ)`@?eFgE7}7FX+)u9#n)yk@uFL(nhZKHRQNQtzNpL{EyqkXL&_{?E z&u9tX+$-JEKB?GCJmn1K@OsFFn06tQ<9|cZXys?N`F-^-| zB$b&aMygPnp!W#$D#F7fCM6~^v~w5Er7`z(Bw3I0WH}+30>$&HFz}d9W^=pMZ7O*K zJuyJF`_SYQGa+tL&bd5*hdROY&>>0ZqkLuScIDWl?48i&CQLSJ9w%` zM|bh}=K4}F)fnobN*=U1iXML$hcO5jNYy_S&20iTH>FMeBwngpOm!kT5hq0tT#0LF(AA0SX5NW8@?tjXwUEgrRp_!z? zd9t@HcYZPZ^nlwzEKFo_WyrAQN3H4zfIzUH`g|1>0@wRs%{PBR$9(%pVw=(H5u#j3 z*UB3l%ZiBEJ2+ylC$In&OV$FRmnd;+nnaWv&TLTjefUSpz1U1b1YMUJ)oUAz#Z33^ zAGyj_D=a|*xkzwH@j;zlj-AyTfbRgv`7Won3xd=0^Ysq1c-P1MeGI4GUHxJVasYqQ z-xj)Jw}0U~y3@)#q+p_umQw}0gaVP|enWTlr> zF+3sVKmr;|N@RQW3Z<~MvaDhtPa!qa4l68Rz1&dS-p=(fdGDP27C<5rnZo6gCAwu= z)0S^&Yb!^83FwT50uQHtmUC!g(4s`=TJ14S#2Pk$9Kr9D8HV+c$>!kIf+WRyCK|2{ z9730CJe4HTVL5~i$h+D6L;F~DP$%>|XiCcCT3pkTYpgOWxy!L}SS-Dw1Ta0(YMjibknQolf$?>fTZ|TIsQ@Ov2_9 z1Na}$g^DF*WfaYCNO;^WMq@>}^;0!Ecoa=hMJwJ`&gzoZC(=Ur0VRuHBRyWMtRA3@akfSF(bPKazjeysKK-%hq^BPHYo*KaLP zLM?JO5I0}YHD3{eBzk#P5=@E}ul>lRY)QWuNu$^5qzYn$ zFb$&P`zGT5CBH7tRkwR1$E{qrjI$Q1J1$o4%w#|#+EQD(r9Xf|YWB=S6Q;)^c>b6& z8J#oRHapvBt}ZW^RNzZy$j0Qc1puwm%Xvna`C^ZdRr2dLZ5Q_E!MTN`CE*t5KWRT1DX&A%Utl~uJQjJWf0jwkuFlZlvV!i?@$UA#j3-kyRaMEq z2IxCBw6A_MyF49INBwF^A@z93HC7n5-UQ)}7h(vZ%6b3!`~Ib9*t>;Z0R+KTe_@5{ zYPF;#yPE+mS4i`%QWM~8?8k!qU>Z)kP2!a0;|e0sC{*p45@&EGhEW&o<3a67FH2xYFe2 z=%Zh#Qa{sPSgH>W~<(%HQYl!G-{H?;dGraYi5e= zDBl%JT#|fzazfYT+9eh^`J?^2S0SHf`&91!zm?2nQY9uepmpq+ue}G8>tyk zY59gu*=K(Fsp@Pz`6ZK~NPT{5+Zq|V-T531NelQn&ZYR{3&)bg&xobI#dp8%eU!w* zsC~JO2fmMHv$Yjts#ZFW#YQGjeLHRN{$2lO_p$jJ1Q*s}Gqx?+4*|5Mi?7o)B5U(F z199aL6gGhlLdAOW9i~tDAvs>v?_@RmtmF3VUk~@aP3<_Vi=~`1W73nMSgs@)d}IsI zC#J~uejjbIvoD^DC-!O*1}HCs)FWoY(@CG_9Y9!&CJt5cFDLbnqKEg$jFE!>>y}Hm-CssU z`grE?gE=v>t$rq1URw0^KahHVWXmQhfOH&}#32sT@RZKyeRhFX6Ky0PO}a5Wr+F@w z$>jYh+9xzntEqzJ)pK)vs|`w4?2I6T#X|;Au|4$r7pV{8S@uDTDrVjh5a3!in<9Vv9OU4JJWt5tIGxY{FZd+h&HOrXRlNQ@`Qo=&fR;rey61wZP zDS&|A2r^))OU4IEmIZBH`vD!P5A30sV%PJFRG;2W{|qM_in(ag5P)1KH;!gD-Tb3P zTPv**e^A-qb$dT6mRhLdb$uj3yRu34(xtP~aF=SVyr&ff<6bX7^C&6!OT zp8$#yO@FRLzCP$;2M!~Bf79%1m(k7s#DvV%r2;gGW^ffELf$?g4L0lT58K{aQNeIw z8(Tv-X0n;rbLu1^#Z|0EJ&f`}%lc*(;jEENvz38rf`2hx-sy`Az?J4X-C%_KB~3LQ zSF|>XpR*+jyYA;CAz9*R9IJcEp6jof2t_^z3umcz;K@Se*~LY2IPYiLT}NGR zr<24VkeX!_P#`{f;OERE^;U826Z6@=*V&HIytBvaN-LbV$e{M9g86jq6_nCZou`K_ zo&Cd5-ytHw6tMq$-_FbiG^EszI>J@X&d%Nd;X3kT{`vFRH=2lx#P7C%ydszy2M5Q9 z;Pu?4o5a=J)wkpIdaT*!SY@fWf<-g{!(0H!?d3yPc@LM6#^@t|-4h?ArC&LIuYxPYR6vLjY^$t_Pyed+PLpK6_+_nTxti5RK{#ApU_-EK;b9> zYrmE+!EU%Z<)DP4`-&N|`S)qrrBl*$;d2sU0~su@2S-99>XIe}O@r-=GZ zCWFHv>CVIJ#93PU4+2|zYX!eR|$}6X05c{CCPegHFX&90bBCx6Wr?% zllfeUdcE;WG&$c-%|8)9E~gBZhAGedzof7Xx2LE_dx#RO1!m@ak<#LPseNS`O*_n*bOi{22(w+X2efOzybsCTXSu&R@9aAH%er)i5R3qPB zqRMi6znnEYxwuI3s-OO1(lrPYCd^W-tQ^aC*IiNKX-K|j{iG6SicX4EL0@5*h$3z@_ep~$JNo|>?AK+Kzmf(aa#9#?^Cva zE6Ks@AP#Sam{_zReBa}Aw72Wf!4D6B90mAcYxIUv~(+KmK`v0quU57=l(-XW{78uyO@r^zivj zO$!I#dja2-6>Bd9gpUJ=^X1l?sh)uCt+x%{l3!48>4m2Q0A339hI@0((f>=h!q&tjBoy%?e<)X zEg3>vpylu`LKHPzUQRsiowUALz4?tpXAbY z^L0`s4uFh3FFZEhrT}BBmyNfk;^HAqQjTBvJkJpy?@!(9ms$Uu@3Oqw*$jUJzhlU|h~tTlM>Ze)R>brMjh$R*l8(lQmj!6W8JunztP^I`z7OSDd{p zuhpdL8m&xm=$-|VMjznVLTo_Od`}aH7kt87i0(0#H=x;Ui2?6gFvzwfzx#jeM#kX}e`R z%HA5s>rlq9h*G9+zUI4XCS>v*4agCTtgX-r+!qJ3-=ozl6@PpO74xSQ^R=)3FminY z?vfG4H!A{prka7v^>FTDN0B`Rs!mMNQ#Q4J{Pi(Wrx_wz&2Zl-&?HkB2G!hz2dtWX z?(YGQsenUsD(iff7hZSsiG27{EHYxVShw;c?sE z1uEZv!Y=@mg5cmf`bRAR*qO^SwQTtmg+{ zZaVWSm|Lwou>sKqL)-V=RU7A*4371ZqwtmSjEdo=vy26wkco?~5UR6Bt z->SU;X8h~^O0dgZb>VL%y~nZEQQ%+ahBZFabNlsG!(OjAIZn{?O@32lYz-f%#Nv@5 z`fOVJ%zxIo{NUSG(&L|uX2OysLnk}@9`>SpR8eKpkh`6T9CY;(_V*Y(FN`3gI8hCy z+BlAzgxe&NL2$gudeLRYiwF$?(BxjBl6!8Qd;IV^AqN!Tq=u9~_4M?Hew_gj)dO}k zERX|sJg4>E(@!-u3V0^u}cVvo`GP5dV1aOWVN~ zA}(VU7L7DUqvL}v+r=9FKC}S>c0hCa_?O(~%2tqor5`T?ldfwQb-C+$Tk?DBUeXFP z`g$grWKvSHhx%zjhmTy$eIm*W43LdX^7<5U>R(?~Q5F75XctVT(BA~o)!2!TwOjkabBl^Z zgm-%wjZgo!ce%;}iS(Zh_#y*^ZLq$;yXw}mRBFlZgf~Epc#KZxmFSSrRQDVqYu8=WTYI!XN|Yn1LN0 z;r_H&{l1Eqz1TaEvJdFt-cL;~kU5rhbv2SDZJ-O9e5N3*fCj5{^m777k>wN~lk*Nh zMs#&q_d)@;8A*mEX?d!$aad$9VXi*M6%&@szp{Qk8@dQ5LT zh1u=;P1mbNeKV^?EQMhwdt?~AA z9nf0(4*p3V>2$-!BceQo0E5lT^oUxHQ*NP3CdJ5^fD%m3ADAlN_;kfA^zXpWI4VG5 zSIqm;T3+3nv>YZZnN0g~{e~2Y&$CP>6~=r3)Q;YFJt4&QW?u~U$5WBK&ra~Q;vEZ` znwXH#U|D{?xWzlve)pe90#o`0^I=$RgJMHpiyv*r- z3(E;4YG^D(A=*V`Dwa>uNSlv>HM;*p#e+b|pjHc*&L}H5Yw6EhDc6*WMc!BIFF)?X zWPbsCgPnr4mhDy$lF!Y`zkZ%blY4r*c3HFQGF9#OVVACEg8}M1j6jA#l(7E7WS#r9 zi?_{D>J70!Ua~BJvP0-Kqk3=buG>fM9#oMu>_R3<5%%BwVFU1{?ty^W6$YqYkUx1= z@;=C`COfYPvo25D99ed)?Nr2^sOo3ftb%f_3&Udb)W&jx>+;*E_Fv*k5}~Wv*5`0Z zIxF>#$L8+$I|A>A6+lFE8E0a-e0#L0|kH(KCAWyDS6 zT|n6j5*OlEsth~?0M8b?eAh?2ogvvYZuLy=^MaGG)13TPqiLW^a-h$}v7z&>(x(2~ zb}ppbtxE~UQ0d(fd)wFoawaL;LAOrai|EibBgu@j*qt?>C_r^XGL#@%fPq*cXS6sD z$dL8fuczz0 zouT_Uz?|g1ab!$|Ctm~786D@P@+!|A;9IBlipSFY4{tBDT0KLXX*sXk={~=?nd9m@ z8q&xyU1xfQMDXJ0`q-36y>Y$JjP7|<2{|i!#K{H2nICk829iVjC$nAex#i-7ALAvt zQ*(SPpVcr}r?SYoZZXufu>hv~&%*mk+Gf4Z?S}W`>OuMJ3=nMh6mi+_4jWaD>Ao#5 z%E;S#D*SC}@)AzdUv4nVe%z&H^L``&CVk8M{{HYMosCkX2p@=M7AM!hk~W@*e5AMM z48Gn2;)BB1nr_c!0@urB6S zQBhVg(hV9&)@MLHrmrFwjm&^KLqn40x(BBiPq8|mbwWd=i3gyXV8C)zhrO^lM#FOF&>Sqwe zDNKJerpyR>N3F`nD*P+)tWOpY0OQW(8vVtpOa**wW8mjE&TyC*07PS!)~R+A9K;4~ z3B;MtHtHV~q>@~>hcD=h)e~`iJun*L=#nR~*fxdpZ zFLMJl-5!6!Fp51{?G2^Mu&(osm(V_YWNf=gu)nYAvEK1BERbdA{T;qoM^QfE;f1F0 zauSn^!|@wTihk4jy&_M#pDLVEh>`G0tp8Ipyu+KiK^v_h7#u;5o`j4nhBR0TQ=!3x zS@NPW80&l?>=rw_w3kVM^k&0(J1&Zxq*dSb1f=)d03NzRAdf*$ebO#;)R)YCuJ)2cX60Z)+1I;u)6^lgo^C}e}S~BP8I+*w!2&`cRDNr-lG6|Zu|Ne zHd`#4d31h$aUuIHKI3L|bQIV@!$(JfEd@|-13}Pz?ob{m?KuIPo_{@-s^ZMddJMC4 z^5TDi;&SGE?ca4A52pa@P9y@3Rfl~ko1~wN>hkjPKn4peSiqh`TYK&AUuNTRAh!ib zJ|<@%QpXodm6n%B$a%XQ%KoT~N4@c#c{Le@reR_gVe8!%G5T#Uty~g_Fvcv%WrUeJk4LG0vF@T3?D4h!^d>dcZm4g*@{$-jV*N;*2XwG zJPP)<#Q38|S(x2vtzq#l3aN&TSbxqix;hIe(D&s;R_f%392fpjWZhM#Fxu0v&})+^ ze1!Y+W5VY%dbm|LAL)RoGGrn|>(`73xqNxA5kbp2@~EA_MU>!Af#ZRfm&?MlIoXM| z^m+{Y`MR}@q0cr*>g^$HgC1Dqd>`@cX<9ns)Yat4AK6uTQi;@(9Z~Dy^*S8uf)q zOsritWA+{E3{!ccX>DR}U{p86!k57Ugv_mn)cr;cGlH{Ak-4>DR&k^Hng~bplMy1W zJH59#QY)FPHH|6c9LIR2mpGa$ar_#DONW9gREs{aX*~A*p4(`ziGz=dRWy2!JiyL~ za*+@M7)WAL6-;-vtgsaoMqZu1S-Y7r`72C`Q0P7sR7?pFf83I7)Gi6rVmIqpEe5k= z13>^3Bj7>ugM#lxUKXQMO0_o7V)OGCq!LYic9M0~7z{)ZNCE)}7FfMr67j6IhRcEo z+7hHKeeZs#UnhbZQI;$_w|nCa%&SB1g~76FHLxfmf7{&~=9!MnjD0)b9a4(Z2=d_e z#s-02!2nDgRL?_2R8;w^Mz)Z}%Y zg3GfJH>2=T*f1sj=M;~PQ}RY;i#x@kg1OrQhJm8%o>Sj*5u&*G>Y&B1U^VZ-Pr7I2 z!});`v~LTwvq_)?*neMzO$-r(kJ7)E2$VCIv&&ZS}e9eMu4MY+yt)ow5lI3$4N0z+>A7a5905o~xO4=triuM@}(QGl&$ zHMG1N9W?E~07+rkgvmayOxYZWYaZBdsG9M9w<wyv^bsG##b1|1&fQL?o|)ueK16wz?S8SxxUSI7j!oJZO#f zn$1vEp@}fYOWgr@t=gcy+I}Z@(9ny_6%grH^esaQg{j=fP39oz=&ruCW1G8Ppp-Qe zPbKS~o8jd!jO6NoW~nY`hO(kpB`cYaqMu%iF6Db)4SL|r3?cJm$krkSBjLJEL1NUX2B#&I(m1ED`4;VN}1$sSE`0?A_1GmNn9O#WIWi z;6a=GM8W=#!>acP0It3%Xs9r;mRX1UVXR}{l*T9s)+P)IZgMUuFt5_jg8Ls97KJ4l+geUA%DdU z81D%^|M++RYD@zKw~^5paz$>)VqS!U5XYZIBw-}#dp)UN8XH9T4HxyG)Lf@YjyoDd zn2hNs@R&bIZ%|V+->_0Ko3d2xCL3=_cr>&uHjJN=%6bNj0B66t%1`u_qOWojJ58|G zM~lQ_Mb(@kdN+oDcqYwTZZ$l3%8F+i_c9x?OcGb>2tRF1-PJZq;AoA@@Mug_(3Xk!F|DxRZ#rFXPZiLTJQG=il2Y-4E(-| zMA8kzd=4~O$?1RQrlf$gI50D!quXmk#8dlRU{TZqpZPi6zFt3a>BUYCbJbSVMpaWp7m=w4K-X^EY(p`H=oRo0bjffq`&=)&gIm znm8o?Ajc>L=AUqz$Bs9yGi|=wuG|>t^pL;MW~`z>SC=r9u5c@gGnA{>Mag$m<86M* zu+NX>NDFPU4`obg8q-vW3}9fP`2UK593gpIa)0Q07ALu{>3t#K36L6Evx)0(B}ipI zgYL?1b1XXZqGX=^;Y;+$0GZiuF14%gczLuIHl_LA;e=VD`;8J0v(EHNBK)Hrpevy`Qt z;@c;}Hp@(*9AQOMW-N7w)ErQ^cL*c;9?y*CK?J=IeRb~)BBrY?89DTE(SGMBq%TGC zWBg$X6fXZ$1rb7Sx0n!HbZ*~^>OOg@Ya#5y{KTX9v|Xq`iE1m89DGOh>&+Xt#}oq8 z2}te#l6Wfw&ofcux9`=*5D6w=nNCe3HyuGLFf(e|085x|xI! zp)7_rr8*I~R6cmdW$`H4hYd;IqlA}T7K$5U_ z2txBsA|S~TkbwHbQ`4cML}^8qCFXoL93w4|v>l82MMD{mP7Q-T^|x15Ipz4otJ8aK zLxm*n5uH-{UFIvI{f0vXGTHhIbmPo+LrLMEGP5k*NJXrTuw6!>+ZIwg7n)}dT(fOf zmZ>s$sV%%N2^bf17PQgdr35``Wt@)F_A=K-iE;AC3GWl?#~j~9L&@uLjI(L4ewxjL zFJXv^!OW;)#0C0zhqJ)Z?pfd)3G3YcT3+14o@jMuAuCAROpEl4#c8EjYpgNMF3C$m z7azw=!>Pf#iCOBntnI~W+0$j@sJvhP600mw8<-f)bjqoLWU?JtR)-K^XZ`)hu{ql{ zA_BXjUZ>IfL?DXPjNX7bt;?e};l1O^=F?UC3jg6G!JaK(>AN9kQ0SlTJzYo&`)2|4 zDSQ#e`nY4DLH4%O^A-h`=r0z}$?NTQXukL;E71yM1_`WUcE75N5oUG2j(o9ajw5u< ziWu!86G}b8(t&OZD^2&^A5L3UXqUF%E9qbSkZ27&h9S`%bjaJ)=|$qOuxe6Vzwdff zwk$`I8M5kcxU2Jp2Qv+>Rj#e?ux1#;odZYjrNg{wo#!t98E(>o53s|@C#(FyUTvbt zIuv1kPoc0;vPFnqxE1q>;4TENmCzVQm673KmohTwtFWb-{-P{SdC4%R*}AE)%0BW& ztg%Nl^_L7!QoqoV7@`Z5L#OLyGE)*EOer5 zD?ZQ%;D4n#e{4ZQU~5-!u$Y*1u-cBWQmQ#ZQ+*p;@bG=GeEdYbV4>g*9GjnH?+vkP zdVTA(ad&0o^XMpTylp|D@UMMWYYyL@@5vDKV=Kuh97Ukqq*2JVMax|%8Q96XiO9Qg z)+%U~NauNYovt!#{UV#=zLP(IfikX2>h*tr#$_zS1A(N3>>gu7p13%6pg8=r?0Ee| zs$IZ-BjG|Y?ghG{`O+rLbi=4E80dI9#BP zHFw6HZb|P7-@dzZjs-ku zYEs$msrPox7E$T3-Lh5D*SpeIVAv#(p=c6Ud?(%=%dp{Xc)YG>Ij(1p`zNjX@T6_d zYSAn5;sZEg5-=xUE}-IT;Hz%U(0QzGp}+(p<(A;ABqE5=*RKgq2}m(P)&i9#ubXbjtJB8m%O`wqD=b`PNC?l)v$8xGe{CA?9mb<<{q3vf4 zAdS5`z4GzgLfFgFWr$>f#Qs$jga+&(^|CR)AIg|(EeRk&X#PdHalQ_03k&6H-5C>` zSTvx+e;+(RnW^kwvaU3VTf{XyQf~yiTluugnN9&NJX!ZWa9Q*38tb9EA`wH$UNQUn z?t;rhL)SYZ$B4Kxi`Na4^gE?lkBHT?_M;L_Ve8Fo>sW;*~5N}$pyUITLS90CUQ zh#j{NYJ9DoW<+^=tBWiMexh{+n(v68?KqzV4xG=D>2JE3ztlo1miV=8++%^xjd5>E z)xb>-33t*c}}DsJ}O zeY&MmDOVxRcm`Vrn1!5?Ns9Nrm(klg3Mm?155$Er#9sld25%)z{Z&=h*RC*qA%?7) z1-{~uVwT9bRm2(zArsVszbA?bBLpaS(NkbpGI=q`G6JEI15`JG4(gCLaKAq1z6l|A zhXh3gC14-bdy{Pw#h!tth7NEQzI-PZ?$$$r7fc&PZi!(xA!bQo!%^|(M*Qg!9%B(0 zyNM zSK8A?>h)u7>~6`V@*^_NKc%4OrGc+G~*hyHlR9|W1x53=)IHP-8-rnmfb8on<+ z*T}0O+?xsYRG^Z1q?Ke9zT&#*ZN;N2QR5w*vA34;pcsj!wtg z97wtGC|*228w*(yY##w40`Lx4R4Ev4|H!d5tB4A{B`Lye^a7sV;RAdSA@^rAfBh%C zuK{1ZD^ykT>LK!sfz1REuetFLCGMK$#u&;ls&yBejTOg)#C{nqw}|P(=+5;_T|2g7 zchbo@_@1XCFqrMB$-6b>=4T za*jygXmc|%vcgS-c(c(Q5T|-al?5NhWvd9ptr~cuT+PvsL7$)x3$6%y-p!+fV1c>7 zf*s1`!1=p)8yD;c|L|0zG?ts;!_0Hf-h$ZcrfhUz#^Y)x4@rp$QMh@a_1H#1W=mo*hN8m zTuX1jVIPMf^c;Yt$OSckQC}1J>Z@NlYbwiaEZGr^>}Ct2$M8**G7MJa6&Vc|ohQVX z1uC{4m)FGELofc&Ra>cW3ZmB}aJ`pOPX$0i!9uD!WM9e^j4CZDP(|1y&BuppZj9jQLU|uVbinKLV8cng-sR^^bs@6|@}zoT4UU7+4pL3PMd|Y!>^?Nb z(($khY~C_9i!(Cq<=C`ifcP-d`P3!Z-DR`w04UzJc(a@@iefh;FnxOnn z?vunVQgWz~2tkq%;c0P|gCx3Zv`k}c1%xXHS&KnUPm17MH#N({=%&Erp@Hj|D&;=X zR?!Ric%-z*%nd!(S)s+^qrKceSUOO|v~w%2>=~$a{t{$d^*b~%hpUS6U+TA4S^vDW ztUXA{A8*|fLNT3hF8VU1CO7Ic=pc7083^KGPF7Svrr*qoe2HuUo=EAA%34rA!gaj` zgvJ21N;k(CF9<|B(xj-ZoLy!A65t^7w~ic&lGhICUBSVskqD~j`RauaiagpOSLiok zPs8!Kj+-STS4REoUi~d+)ro(DlIstru}%cyv2Uy|gA^RxoHoaq^piEx<5UB)MFIif z5Ps#M2+H`qmP{u0A1v@*?-q>o(@iLO-z~6x#RarHlkf%-X8H8KKt$^6HfhH(2r&CBv*R4KiTck_X^)Uf@tE?-P=0*O(i?c#a}s5 z@&ktqgd1qDyTu0C8#o>VgVDK?Z~qesQ{p2cgAJ#dM=~Xl!MEDm({yTh` z|04|f@5`D0r2GGU_5bD%6JWlk>py40;AEa{WX#n6!187Oo@bjl4Rr1Q?-qAU==Ig7Nj^*@|0IV5uH)(;jdq!kp18LCE_A+Vw_Y{^Vdjn9Pzpx#9}oCT5#Iu z0+{}>5C0v2W7z+5$3O-DvCjDK|HVN650d;pulc_IgRA~;m{F|%f8ADO)rtosf8YQw zKymcHgHQ`T-xW*mUqkBujsKr(@Sf^h|5pp}AM3LJKPNJpkHH5^61qYLpvKsO-T%*3 zgu+_}1bZ1#e7}$-up3SF`JzKYk6~5$*X!8fdx8Dm`}nxnAN1tud3&%;)Nw@Bn!+gF z{3L)AAzHdK_A}}|$0%M~{_hJAN+PR}dz>V?OA7yNLeB65ki-9u|5xi{is-yhki%rQ zY_v!@nI-9JnNg=l-6lK}n;DS|=HagJ{;oI=1Nl&t!%(qotVoqCZ4~uL!im)=19-!2 z@%?=vBAH;NQalxEd>P6P)u{QXnv*}dVg;9xBhpvV_)@&ifVBYmb%asubhXqJd2QA_ zZh6hYa?}dmfr+9>l94&T_c=+g0Em`WG|*in)xiNGHI8;{3H1)kr>t|xXruz?JH&HQ za#%-*I}T}Sf9Z0nbU9_#ybL7COZ$ll_^)dLA_qBF3LBg2U1*$Y3Xv2Cie;nURK6XL zxjOkX4Yt8VohR6t6E@bnT$;wY+vRp0LG3Mp!2;Ckc3(qTe_>Q2^;c@+#f0_*i-Vln zqw(L0nIk?K=e(5ksov6xdpwF35D7PpnzDG!1utXjQL|;&uV64(?Pey6Y3E?2!`%+n zZ@n7n%^$xfs+^qVh3}ld7hrLv8<;>xK>#NLzbN2L!dINj;3MPb{-QbX$z1vQQoJ8U z4n;D;P(^H~t~d}LJQ`s>MxAky#{NUE;zH*A%<=kY;$4Tu@aXeI5}Q(ovFm*A^7Yo9 z^`Z{0L{ZZ{{QJhydofqM_QaZU4K_k9!p&7QXeAO`i4r5xQ(`&-<8=>)RevboMdkCu{*PM0G_sV+rN$ z@Ga#^1oQ(0>iSY0b$3Ne(TmNr^IcwArThu<(R%N=zD->YbS)-Fc}?$G0@);RqY0|p~ZU{*NeKiJo7 z@b^^g?jzKrP|vcw+L)fE*VgK;|8}uEc)NVu(K0Isr(r*yf=t2S)$H`_w4d$_gS8dt zl+qB4IvR8H8gsXk!dQTre@w@&<8@lEc`79^IbSrixmcahl+Fte0%i%zkmb^s4Cs59 zi*?kZN{oZ7S=f)+J6=9KO9W|ynH&|T+JFO)()lVo^C83wY=*XvU4XDq$!BV-D@&0AYs+SL5ffC1mpiATyNvxb?D{n976hs_b4?d`=I8qyl?B<&p`_k}Op;=Fimg<-KK#vm zM}JT2!ReYjHcfn*L$hS<95BI(mGM}+oxa=qt+%tv!eN#^X<<@I+s?pzFKXK1?5)}x zsWZ*K(C<9GnFPZbRv060f@fFl=6AjyW1kK`m4+f z(y&^svtn{0ShD+L>Rro#e+jCf#+kRh&dhWpgmfPEnGD)Bx-7hoo^4J}xzk|fHi;Xu z^F2@68PPfE6KN9&bM)950XQNZfeHHkR zZxw@6Z0sNy_TQH4=``5)c{xiTLh8N#=m#NIkTt!w;Q~0Fp!wrl);!&Hp&`<%@*-Zwa zO!Av-u%Aw5zEi3eqyn6+Yecm?F7FciE}Od*Ol@L*o%i-Z5qE2gpDKpz zn30O3u0n-wX4$-9+tk%^)yLYvJJZzirrkp>!5qKKlVrmYC+~OiR!boEcn|Lzz+}`P zV_n)0()4NKJjcHEb$AXt>MFY~{*8|yqo<_!93e#)$B#ZD6hJ*aXw31FmF_$rcBG^j z`F$QwOcn(?5Guj*2scxPPc3M^-JnCeNK^<`aLL8@J{U{2VHpKha03fG2*c1TdX;{w46S$ z`Nz0c7k!EbYB1=`-j7LJ`c4HeJKBVfMl{FC1hykDzeiHsU^ejj-Sr-z=VsHxPOC5y z5-js~cT$C3<|oHl6TEn1`e!VLrc0;A#I#l*_^YQy%un1LEG_4Soza12{?zNLh4l?<@H!) z{m(s{uW#ayIPO?wPCrW>yv@d<&2o^e6Z}Z5`_L6z4B4?3hS$cm_v{p!<9CX+MsM7# zKz4@N$gNAYARed*Q4)U+cS8S@JJ*4`Sz4~>vQVetK1KYhzp*nD$hU7MJNjfsixsRt z?y2)tA*3b+Y-%YV`gtBEN0K61Cdhy5g)_xx;-WMx{p9N4Zb z&m^2ai{bbhkL5s7zodI7=v7ap7H3;9d!|FUYIqqWIKE0ytI^gXzG{QyH98PCyyVwy z@Nwd@9XF+Lz960)`Vjwq66u2$c}pXAkmcZ$XXDw0CEv5McCUVxB>((s3;KFc^40!N zWno(ZN9`(D;~8(;pV#=Y!J)uy^lFlM=~Ak-eyX6eZS_f`MT~cgTT)%7nmh2E)wCE@ zL5_m5OLV%nx0GwQ%JyVrBoq8iW$4BI?WQG8G6#j|hn9>WKkFB(<=3cEdaYEchSPb| z5+%$`Whfj|d|T5X1uX8%;t7`>3AVw|-*x1;VaBRdB(voRV{f?3fh?@ zF<#KMZ6v1Ha#|Z{(LLw8DH6l+DPY`_WZFqszol@j@&H@T37xSxSRt*; zh$qn%jIxxhvYa#PDs)Zt_p0H z^$w=Jklcz=#d;RF0pv++oxG}I2D_vc-+7z1`SR&lI#^gAS9h*`o4l%ci2wKx;eL5j zbhP>DHfdf|V#}5x(ye{;Dk^FcTRLM{c?!ylw9eo&@EYnXvy5>*a!Bwy=-7tT3|;C5 zwJoJnjanoW_mmN+tpokl6eVnrPy*zBMX>!V)pb*zEB5czO>3y2^Cf#pK<{&(OA=ZirlUv)c)a?Ea zRrPbIcknpH18wzs%wQ@CcW$`Y{rJj=Mm7vmc;a)()ys7f0j4imG`35aQ|jdA6Loxf zUK+ZfS8*wCKs^=}ITf5RTI6yyv2@HTLrNy$D2S`gho2~JwAI~Cl}UW`s0O&SsHdU) zSGBS^>d^~}`=*@(z@kdfo9x@u0PF ztsQWYGy4_{B169 zj2zxg{wTf7(AQJjX*~5H4QHA=-3}IMSc=ctap<>a71u#vvIVjHB+STWK2Z}7 z=e~6MXqe$}$IY>TY_QlQ`Dl;k-kE(jD9kA*P3?Ist!?C%t{@p7YDt&@TC)p|qQMQV zq+G`@RO{%Qp~o2WMV-NhVh4v#6R=?c$ujGspZgM#_wu9?3}Bp~5)pOpeU~+aF5{4p zQJOVM%Kw;lN$nM~AbqHOnhxYUYj+eZ=_m;6^P1`&|J$-Gd~{rVlJ4*5D0#9Yz`oq4 z=2-J{XPvK9B6vYlZ-WwZ#&<-#6Vbhc^J@8vu9tQ5%mJ=BIZJD=%2&R$?SFufEU7K~ zLAY|Ssxw|7AUeTvHg!4z>Nj;ZG21wme~(TwdY&mX$fQ2+hIo|Ww`;w5nRoZ6levJ& zs>=ZgC^D_V$AP`Q2t|Tk6raB6e7{DRm4GfGCPnr^TdX;G#Py%iU0${BG$kDV$VHQT zgAyhZY&REged7rNGdaH;m5nyQ3Z2F(ew-3PE~E(cal(SOBxqPINX?f)_AL&(3ujqd z@!DZqSM626o?6y))ZiKUE8s&GN*p-Q$*N3sm5_Z;B@6Yuq{(dl>sfF7WChtEtLwo| zmcyx`-HFh0!(pA@*R9DvQB@Z?&_0SK&<@iscl9>cJVqW7vNal0I43~B-nKjbLkgr% zzfg72CWe%(w%5>(p?=b&Y^)LH=rfNVV@1cwm%Q@beSczUfV{#FX_h!L$ zsc(jgLA~Dz?++nly03U+MV5Jfh{7n`-~R5BJp-n;0#vpz`c!S#$X)l~BZYx^j*2ndx z?HxU!P6=Yi5w1H=#?eKHJW+RX4qrvLqE0CQ^SOS=A8djCLIeHBx=gRa=oIvW0;feP zx@WdP`?r_6d*tj}bZzcugQU?ybD#r+`0g--e%T0H!Soe2>vZIBz)D_${4k|KJ3KNk zqZu%dbdrZ^zO4MWR`1@zLx`klRx|d3g=+Ua*5K$LwPoaz>34?SJxFeG&%8|7C#u&hBJ)|$8XAP66w0f{ z>czc3Od2V|wv@8Y-K4-EhjJSIg zcnBh*ds*DDyN}bMNT$`+Aj0j|J7}w-nqWt%!FCxln$4S^Q>aLdp@v6nSIAH?&>P*x z!m+EK5?Qn96IY2sVy30ehC755wD(Ohi~8Gl+!9e-4Qh%_KnEjf$HJCrrfoyZeNi7U zRtnf?6yxT9eT?CT#C`iA^4RUrcOJg^hJtIG4;y7(=w+=mv#NDUIf~m@T@dMzTaH`% z`hYJz=~BB9ii5}n?}0({$JXU{zSy?dQ{O`xYDf-cE1~0Bau4nX16GxF7mhd|*oHe_ zPtzCd7uVnrTh%v!t}x@?NT<|Rl@exmqG?sT)P<_^ay0NZ+m;+@MCCrV^0VZV6{{HHUCKX!80Oi@HyJ+F;>pS7$7mf5|t z?z_fc4ya<@?N{6F?l!k^IO#0VC?~g7T00S+Let`gUBGgd|L=bElBfAh&@LY#^GF4^wT0n)!oD2s!Sx+7nyqvC82c* zx!2dSM*${sm0hS-38?pq1~*H)U+)fYqWxGMN(R`)(IM!f+PoMe482IQm=V%YmDd$} zMJQCWi<)`8Vr3innepE2khVYHpYGukx-9#&ETGAao@j7>%c@c*?U!arh6$ftJ(KO-*@Wr<{x!3!+<| zhDA@#@khWl-KdX&PCsOixWu{-qW8#+=oa%&2@cdh0g(F#tCky8Z|rmn+%^Y1u)rN0 z5H*i;a_c{AIv!J|%%{P&k9P0)537=1clDusvQvalAZ zB%vHs^VPQm+quPCGG8H)Ph=d#-yi#))#PmYYkYDnFYYT-b4pI&@=X;lHy|~UUSK9k zd{e-lm-^BueQo-nTx|JhhFbe6#f0 zM5SECeIA;Q&}Oc_>ZHC>WQk05pmmDsrLIA|`7X09Et*1l;d->J{&g^u(&=mB!eJz3 z@9|UW1>7jDNb2?F?k|o%7eP)8Ar_U^8xoTe@d*yxnY?lcJ#M9<5Ta#FcNl_ zzr_q0aOA+y6QkPJ_HQ!pZuBLmCkviKQC*=K;%=8YtjZFevS#aWc}Ao922O{6Ak?JR zHGEw&fZpktgSl|yXH$MogJp_`=TEJ@2hW**$#-?-#}MB2-?m&84NMn~#ho!GHsCH5 zQ`1j_vyG)T3JL6aVjuSXn+2Qk^=r>7g$jB$coQV_i6b4U3CX6xmrsf1{R05*8qFoc z{I$Uh?y~%X%s(w2D5EHP4sGq@RdoYbouz&}5z6Uu%-Q^!uJFc^%sn{KR+3C~VZA1v zx;!w)xZG~Rv8rcOvMEa=82G2FQC0 zjUmRWmqb%hCZ$X5$8i9R2By-bEI z){t)S97PzmS0d)fmG2%0Rjo;h>PvC=GDJ^+$92XZ*I|);;68(ILhz=Qn9|VRll> zVi2pAt90*`;f#iQueKRy0^a3SBCh6lXG&Y=S_UmVLi7w7Q`t$Gc>|kbVFP>MN-&QA zOw;bhwRJfA+~^ElMNrsQedM{@1@kTPKiF9n)kxaohxV6mG_Fl9EhyRbzu7-{8+z~y zloo#%U%Xq9%)+!YXip){!Q+?31$w2R{f;!C4&bcbx8Y3I%18@RnnjwuEkq(GvaA@$ z55N*}VUztt};p%~+4! zz+t)wgKy=4c=WWNS&5-fI7K6?E?{9#&!;H(VEM4Xj&GOt3T}LV+34-d!~RCvahT@x zsIC*okV@U3jV`WKxTsDWp&-%P3os0xU07~18}q-1yU@i{$GE*Oi3W6D+#dS*ue_^7 ze6mD)J2mUsSgT`-BKnqtxMX?>w^;%~m2?5dbVtUi5|I}@bTNa;P3+yqtUh`d8EEZI zne)R|``xDspW+q)-(znh@Z2%w1}klaka9#j?sf-8>kybMm^_hdwyM~}?^b(|ckkcw z;djT$RSGS)fs=C=Y2Rx7_(Ddb8S}Wy3`N4rCqtT59B;7jr#mxaPE#^7NkW=0dDUP# z3S1}%J}Wl{H-=kp-R_l8$Wb}J1HHr4Un*ho2dW5Im3i?53G4V^z~h&RO6rmL^wJYs ze6pdjs-D<<}=| z)6@5({gS~cH&*ka9YDL#+*fRCjRLamKl^bFk)^s@tBTKZ?;Wg5JAkn;D(XLM119(&EU<2*%)sJB&M;>@4#&!On=Z55zr z;rP)+4l6m)0-Mi)t1Czm<}~0wRAo+*hq@kwn3q#V(e;aWe#%MSkq87 z=CeH18Re9I`YcS;j1$tfv&x}E;W<5TBBqO(T1iPARg53cL&xz*nDt?cD`faNdN-YF z-a}8gViIg80L^_jy64G5!XgUFUhapI#%BP=g`Tu0%;G!?qV0t%LzW;Wwt4H?0S`yJ zh147sZIt~~()~6&Y*$`x$heIgHqq_5if|`C&9RevunVAe#Eij_5R=!0#X+n=uB7K` zW!{s}@VW2xE16#_P&qO4`UJq-(~6N>Nc>ThJ?X#%>0)W;&^s^4@`4EZXtjW&Qg; zti`YU>)zeXZO-e7&~bFFzj6exeyp_`ytl=At>Y|@3tDM0rLB588SoC25l0LOQK$!1DfvF8NJazQxpt)?OO% zcq7lnFQ1dLb%*3u>`ff)0W6K*WnA*P<5SLCOD-qA<~6%D12K8*62t*cdgPfUchUvS zUrMJwNVewW@OAB<5Fkl0X4HGRtsaX@>~`nhG`RWR^i?c46VNTSP78Fla~k%zhP4fI zi-;_P``jM;BJ1gP;3iB#1CnQ66J4V^sukpCI=+6HJtY$sHcyedOwoC#7-GerC@DM)Yl0WPO(P z>A5canU`7Aee!0%5XGn@lQC;h;v>ZmI5k)}nR!&1#QN6orvFFY>zAWY^2EJ^=H(5Z zTO0?AUm290hJ#MExUvxR1%80o0Ywk;xH!aJa!dQn$2tn9o{@9@?gtC<)vb6WZ4e zgL!~AvQ*m5{|2kA|I>NnhHEGp^S{GNRy|XB3%N9rQvf|W%-=|9}>NnqRQ1uhpZ;UQ2C#Eh-t>&2s)HT&5rYBJCFMfF+lI5;r?pF6G z+odM|=#TeBtofq0?SsSyNr)(}6aSqF^T~>OHij_@A%5q)O1dic`z%t)>KZzjl2st= z!vsZ+0iK)6IroK^A(++R-bHk59j}}KBXm5F9EYltv));@)I)FOFRbMqt0ndJ>$vTB z4Sg>gJ~)Y88(C4;=zPc~LVnBdFLtbpVDNrkS^r}{hl&geLVB$MN!3cP_jM}$u2i$D znlf&cY$egi63PZw6Xt_l!oy7HVTiiG`MvsZP>F<0`hK!Aq?2pDBk*H6p z+%*rU{47kFe;T}&Ii9OPrS~-z$4^cD6I=D5t+=DTZOu#mypyQ3J`sxu3d$x^?IZSS zM2z>?>N6|)>qW*YWD(~~BBdl?mbWz{EUO8)V1Raj2$wtjyq7nxI5@AU@{*m;2jJRI z^KVG4j`KuRyF6TZuXQQ*Tjp{(09#BxxTz}RNCBy7Fw=)ZcmlcjV;b-~g@vq+9mg3y zlhMF*9p)0Bzsv&U=41R9Snt8{QRkjHGr#ogvigT46n(KtHFOjcQBxuHVTurVRbP1< zahDo}Ur{GG#eU(<^iPS?-@OZk)6X(q=?4Xcbn%}ahAuezg9$Cj1iH3tEAFmb;}{BE zeYzvZ64jFR*nIl7!AJRtO2;Rxe5V>FPs&0cO29UfQ0G*B!c(j6s%^=8LJ^jW%R`RO zNtYi7{U~?)-78fKIf7Bdlzti#ASjq`V#0SSehBvrPVqI#Zc;t%!6f$+HG?lQnu}gE z!Yf0tzafL&_wrzKAVPmp!-|&U(~Y~(DmaIa_u&qPOep_WcoJuQ{AZ_k@#jnQuUZ+* z{#lj+6*o|hJMh_W-Em8h@a&wyK@BykOV`%&TtR`FoEXXKLf`#-e(7K@y@XkcD+f}e zM*C48YRISp?adfJO9 zMuAy~JnZBA(gJ^hWsrv_p2j;o4ne1M`wVQx?pU5+=L|m`6FF>Y}y*r&-E%$IAK51?uv2`9OXW}ub&l);) zB<{W-ji*%oe)k}y%P1dmb&Nj=KtmQ5k&Wt)jHV>$So1Sb$dZW|^l}EE)XNEzp0BSz zNuDQ9X|u$})gI|$h_2ZcbJr2B^=_V*$6Tw*cM73}T*$h4c}3-#pE8Gcf-NeMJfh|oQ)pQ-bjs!rPRb!fEo^mIDJsyHiVGpt491?NKEdk@6)l{aepMkTAk{ZX51xPR5i z2jx>m!dY8g)6)`S|1p@cHy}NaMv3JGntdv==RVf{Tpvc#2n|OJ`PNySAAVIEt7aBC zCmrXad`Y!G`y+ivJ=Ubr!1t2K>r7}c9+=xdD$8Z$xP|7GnwbtwOL;A!e-ROmWIGRb znt;^t(@LRpWvAq;gGX9KPrvAXH+#JTGIEm0dT}4QuyIHCS^GoIricN3$5pjY&&+Ig zP3V3{z+<2onx}riQ#FEKd~T9+Al_XpfA}h0GOrI&!&wXuU2A%AG*0F7+S6Ll1CKrEp}yDJ>(Vm^al<63j4 zp%NSYOyg4SzD{7vC8K?|x?)j3_Vf9VuSrR3npsz z2*1Q>FaL@q|Im4a&hQqk4CmeC_}(8HQkHq&8Cl_I@~9V}TW}!0mOn0+0{|9|mhe{k zWw1$uA=5SAss6Yo-@PM^y9RtOftXqP<#MN0i_w1dcbwG<)k~kgjOMAq%hm8XAppB~ z!a4}(oDy+w{o22uS%FZ46m0AiSk~f`nF32Nbf37IJ4RY|gVLzkQXl=*??SQ$aV*uU z!{Rsfo!9KQYA8XJH9cc;yJ|4-^0wESky}lvEb<5I*({LZ*o8{m#5D#TZ8h)ThuhM{ zV9t5y$R+%BQ-=ZC)oXEb;tJ_UHk*8dJ|jie4$(+JL_IGPZ1toYU16QOTe@BrfRlC^ zZv#(bygEG6GzPW1IsY7O{wV3_oIi+|;YhOnGhQp9u=rJEz+pK0Tnh+9-%JHq2a>jk z{xHIvzcL~ly(2Uz;1q4Lfzx&JI}dqrn!hdS=N$>a@NGo8=!s2KUa7-RO6ST={JB(i zhDzn}gGZ-F6s=pp4dj^*Kr6AMQtMm~_>WI~#J1g2*}i)+wRbl3mxGXib2XhNdL5%} z&dBq^K#SmA)^U7*HtFWD&Vdp^K?_B(nwIHl^kA%_m2i3e!Iy$Pfx`TU*Eb5|U_GD& zR$wvU$$*W7u(PqbV*L+!`T@Kk&gDC@vcxg}WF4 zKpGZqNi(~uHK@}Xl_+fS!dexcu)(p&2Na*J=jbQ!NcctqkD~84tbMm3foq{J>KnS^ zSR7njVl8TBawpmh0YM+-?cLIe0fB!+tf-KkE&^$x13 z~_9N5Jlmc0>p^UgF- z{;RQ2t)bavrur@H7)bR=i+>EW&soaq2`CbSjGh~WL^SjbV&mDmw`x4#<4fO{>g(sd+O-U9G1i$e0xwsO)cTcOHgs;{pH;gzRQw-A z8m2=&94Gz-+v&@AaZ@!!)*14T5C!XmV-7#;=hj_i^r_evc^fgDZ1pZ^CXfxKJWtkW8+6phRKWCv+%$Z-7-5fE|KQxxpICx4%nv}e3yFsmnwk+C8e9qEmp9N z?HGnL{sam--sJ0Pf`XcX>1$0EBmhkL&H;yR*pQnTNEKB-3hx96)eL{oy$~3vITKmo8P#%jTyH(QA^SDXdj)6ikiZyJ0(CT6RZJj zjqa@oM9yAu6iTaL8DvR&-Jd%gMxnT2hL!J^Pjtc;SDmidh4f|U=e4n`0lC3wM}sP$ zqCu)nIk^KOZT){_X=+rH*gKFpt}g#aohjxbbt+=n*lwwLrnYHfLC03_dWmy1;S=zp zONb7I<=LU1##r!EJvr=^?t{krf0})+Q!w#0MKnNt$@yUWa#lytr=?w#O+7KJ7r;bj zvqC7USwyp|mJ?DM?78fPvwOA}NbCN^rmcZ=k}Th%PS_L9z=c9e04l`H@eMYLeLe(W zuauOqzKKas<2%0bTThDnt(QtYZiwx>Q)RkS8pk%*s033j?U2S2j^fw6CiYf1tFp^o zN1}r7qw8)femMv@A0ymywx;LY$+HQQFR>9ONSHpHQDL`7adKurp(V*%iuaE*6N#28t<~2;0sLR;Y96(RBb6VI%h*WZcjk+|;y`usIlF+??y>qHCXbP*8(A z`?9keNs5}jdcWC3!y3Y(=qNe8ZcbIr*$wB35VPNh`Mt$l_y6br=5B5Q7*8BnRmS^@qflq`);^o>Z9`*j<|26!-v*JtT_8M2siO-4SYabZ)oD*-A0 zT<2v9_^4)~!CB_aAx274M+%U2aq@o(e{B_BaLEBPaq>rfaNLqj3Uh?ioY&zd{*U+= zL3Nfi^&F}CXYyv*UyDLSr(5nix{6NiL`v&~7X)Vv3N7#m?`nUEZYg`2uiJS%M^NyO zHMjB3U$u#aEeT3j>kJz+gk*5{m$&HaY#|2J9mmUb8hUMCwkIIv8cEM`@X1j9;42CQ zdeiu$L2j8R!DGJ0_moN?`rrOXf3`YHAu@%o4w?)V?0LdImT}oCSoA*g_M4|=XMlH> z5lSb`n*|g1SG+W2s^NZvTfxS>MoqJi+iTfB&j!)X7jn^49J>b&nACeYzlk@aAxb_A z9O$_#)65Aw8xA%}NP)pjY}X}d81DcRmN@Xy5aBt)3zemm1iw-sO5fhMtC+N8GbU3nUGrPjZ-0SQwRl>M(#wbi%(IFP6>3<%HRNMdt?OCfHs8$svTdifXTr znD{Uc?x_ih+!

+K2E9+IVO|@%cU{GY`ROyI3b_Zb@HRm|%V*a=X^Mg6Ws_&fV`1li7eIr$|~NgQ^HGtd>*nl(W~` z+|gfqMy6h@+_kpnu*d+#ZZF`n$9oRrG#1N0ODj5Jzoe~FapH#EmN15kjDs~7G}T;& zrP&jg88PRBz>HBc12d+n7SG@+k{v+0XmzJ4fQ7?5@X6CN6PB@PO> zQwpTTMQYY~O#sBl;(1^_oPRD=QdB?p5|BjdJEd|JCAa^y8|#ksM#%5-G}&`s6k5mw zo2H>3>5v9GBbR3S=Q~1HpT47IQO5Mo-atUVGv+PYNN6m zPJ<@5o*i*$%KCPKL&{1tFkemWtM})WbjX^TmndZb8&>bRA{NtDTb4cLzb|p}An%a$ zYV6Any^Ou^I;Ee*i573fHrvNA$9hxw?SKaIfB`d&wbS8i4n)1Y>59X3mkQ?acYgIBS7G($V4ua?yLwp!GI+&;`)*h%d{)F~fg(bqe>cPz$f?G!`om%^$-| z8XIna_zuji=-`Z9!|sGfO5G2e23Zz<_KNTZARy}ukUTRQK>t_3!iQmjT^y)%PhF5? zZKt47b>2;R@rls$;%iE`{h}(wf{8cqpFr3r&P|nJmc<9<7shC!%8&(Ns)+~yI3Ec!9BF5IgS{O#I) z-*fL()6KypiZ1^WYE@S}=QHh>4$A-KI)N&z0ssCj78kXzs^6~Pb?#{< zlBK_ig^hSkF%$rEC&gXu#3A7CThuJ%(vR^4f|OnF(Pr!kdT+Wnp#4#)ee~ee*X}Q+ z>1V~y=AfJIhWs@;`amX-%l=Xy&=imefeQ(Rw`(4?t6=9lH&wcKq*4(aaGKxar9i+X zl>f3@ZG&DS9?*}%53A;yCIaZ`^7rp^Ff{;O1>#u4dmK{k)y`86D;lvP+imVL#Ht1y z#mjNjLW7fMO$%lqyAz^no|}0#{zoVM&-hPokG6e$_F^~-Fr=7@x-LztV59jC089$b=cntGGM2}R2xrZLD&;oFQ2}D=IR5F2Z9@sKuQ9B|s;CCoQGedR z3^bI0tO9H-1f-Fv%TF?b7?jm&Oyg=Rt^Fh>Gg(?(VHE-R4!AL+LR`!HnVPD9iBrdbKNOYGmm!h{8_+sf|1>2M?+T2t@Z(xn zw)>*OpwrJL*?#-}@Xp0sHl3UORaS*Y;5Vs`OZHr8K^^tOe``0YL=1MfI^>}mADd4b zBpYN@J91ij)2auGnb(zI`-u_mHG7qTnVLP+n2p5+jwJ+Ta)qai_#r#r+{XbYx_(vU zj75+o)#TipX*(%(Fsi8LoSEC^ENb+W_uay#SgCpaYvQ^NWFWw+SMBV24&e3$4F8NRQ|);x&avy7x78= z{&T$a&)fT^Xa18AJR%5CbM1eg&!dn3--D{z4F5{D{m&!EZ$?)a$gltX3sGFZ;OBQB(sm3QY86>bJ= z+n)dT5V7f-JO3F5-XEL$|DXO3r2O}A>Uj?Qr!Ha*9uv0IEFxdpm(9t0aaXoe*|G5<<9Qg5;bCw0e8Crf6`ZmR97WafIhVz3U*?HMnxbOo5Hs^k}r z`46Nt`uiSYqCoD?vW(bUck|@6=aza)E181N!nd&VqS2Yf@WzU);I88nY=#^sto5$M zhm0cMmAD0;UvR1EkQ6ryf5PH7s)zZO_)hbLGiR!NN8a=|JHjJ1HnlTBRrn|iHbp8W|5^ew9R)W6C=RAc{=JJqs*x^~VL zT%V_ldOJ^E|CB#dQsq@ZxJVUpvqHI~H6;O-OVlA#&e--u`4hkA`JWc47DN zPZB`dLU`q546Uc)6bJS+gn*S#;`Z9=efmHtglRv_-^EAgmT54a&duq|t?&-S-mPy8 zt9c3uQD+qG5AqfQM1+rMOp=qOEv)ianVkf-+zx(9{LaNL$;IvG#3XyJO(jq*FA%^@ zy2>`p-0NUx{mGHEnn|a4ryUM(Cr>*Ay)b!Q z6#hhLTt}3j|2Wm*Lnp!gN4Gdb3XOdwk|}PBOHh8{8l0v2U7|ktl%?|R_140-k9B6Q zB2|f;aYjOQL2I%m+{LD0DLiv5QH07#x2#8;adSKjs$9&K^hbZT7e$9C7WvIO(+@1P zq6T&o@eF%qjPTSso?xKx6})c&E0|d?NW*de;rke%?##Wb>Gi)d@D=CVZ`ohqb1dCk zzKAG&LEX8Ruhgix8%8DHfqU*uxsuFAbwbfmv;N>)?QSc@x+?3eo}jQnEN;J{Z~L`~ zh9dvT3GD!nnc^8qNNI-Bk;vV5GsAB1>&HZZ>Ug{Jp=7xB)}vb$7{5~+LIPkDjy-(G zu1*}wCT)0^#8h@U(I>fc#8{u@#*XP*AW|B)kNsIS9%^?tTI<{gf4HmxXNHe^^Zlek z3_%0&m0ZJaN3?{8E}_D)abND*?a>R|kkJQH=><8n?mqJbr*HRLtiZqFv-IbiD-~{I zGm_j+omL46ZZEMu2g+$t{$R*jt=Lxzd6FC_zlk{Evv_m&mfkSmY$%5qfwXx8j z{!l!jpb0DLCSw*oC)&0)WpJCsd(e)%cuwrI%m#rwT6Xkub;DP=P5gLseJ@o#K1)^A zkh^oy%*{TDz4s5_%1j-rQ^#n`V~9! zt!iV|V_=L>4AD%Xc)xRn@u|Cy%=_IZ&r^i^E+6bPGi7ebggjMWZYVzMt<>{ghhd6)~%?BkrM)rxW#M|1ks?8`Gf^Ku=!V#swpUs4YwwfRj0Q zKYN~ny(MX@B4{G^=<2hY?W>-$GRz-9ud>+c8u%A~+R=VuYw7&w zl=GD>VtA-N7T?>z|GO6QmmDrF>A`|NxWmYN z_q~wWe;2w=_dzIpQP}UxXD9(O4-?u;cXGf&zlD1>&W`(mZT3nL%b=dWWd|(w-|n}+mKTCyw-=E+M*}9N#&R!N)D&~0u7xC(f2V(OA9=|c z93sNc$#iEI_e9AK>b*Pfz1gA^a_%wCCOFFBB$9bYL7pM8D;YVx+cw~+mi4b;eW2l= za-2>sB1;}>Zx$?XcgW%%b}BQO3d`|^nDdVJQ+jMunnz0-%fdFl@mh@$b>i^`;E}&I zb-8autRZk6FQsw!x{ZochP*FMInA2I6LR#yzbi?@gtKj`{?(GZK$vMDo9-ng7niQ7 za)5`dbeFEfN58LQk|aua<=z1n1l`}x-d-nUf$m9lZ4Yu!UxFx;6E%!7Pd8dK@+bH>(M_Wr4A=~Wv2?f*VKFf z9J-MX3en%3&bwruczL0Ef~6n3EFSRYCe}G#%VJ1;2g!=F_14X;^41gi1hvT_qk;_W%9}>!vDsy+u2`GiWA7o;}5^l>&<`AD1jBj4|D4enF!+c=S9-uVTowo76TQAOm3q@bN4-XM0a(wYEOcL)~x7s~&##L#F zc;ut8HJ%>-1+@Dp=^x64uE>K6^HS24HKz1;c*BPnqOz{5V1?t*YKoJ6DeK`Uls1pb ziIwQNiTxyYy4Fxdi4)q+Xdj3ZR};O7zS59cNucW2U@x(B#eCAM*mv#3Ux_h^GRuP4 zQK!lc$jP=%puz@EHq(ctEL7M-`kOF!X|%s_wS4B;Z_b?){St^DQ;bIhHki5bnmp4j zfid`~;;;wpucvd*UO=g2Q_mGeka;&6USLt!?;#AA| z@vD@(%JTRwlMv!WlUm85eA=I|bbQ@#ACxwa01-^2$CzVWt#AjUT8iKOhR#Q*?g3>n zH8(lItK*?C$WVf6j>afQ|M|=xipH~zr8@Sc4eQgX!s%Q~InDK$79Na&aL`xEwj0Dq zd=CR(&kPuE48z)_Z@pKlf=a;1#a>%y z&_-2pkro^RO^K`UAD*B6Tw_A?P0S$&#A;?p)Yx5GnPciLSnoeDY|Gd3O|*8_7F7&m zn>IbHSk-E`>o2%u;d+c*`-Ce=5K9~3=)oLKf}Y1(qqmJOMFDwk9^&G$`ex#k=uOU| zv$Zw%z}PPMR-8MW@gPG?eoB@>E2F3A_k9;9n-PsVFNw}uuiuS4ENb;s!FPIy_f$!KDki8d#E?+}@)!kMM_ zj92%f?_(b@ye-H?sy?0{Afc4G-Bb1rG4=@WF-sm5lcuE&ni~&~1MrEyww(}={!W$u ziBndqR><2fGY#z)aeEQDngrdDySQGnBd6cb`9KtFO}`rg@(4{;m+pXeFb68@PYZl? zr#q&sFsR7aU0zVf=>^*ZoSC=6wOT<%$8e8_Wg{mnW}Cc z5AWbEu_>{ntbE@6zw+f38mIedk$L$;YLhX3zuKN8ioU6Uv&8paKS<_H-@-R^)hA$k zj6cn!RP+Ckbd_OMd`)}_=?>}cl9KL}5(FicZjc7)M!LJZyE`ro0+%jnkdhVz>38|R z`$Zr2?wp!)X683DXZ)voj&_%+k2MFUD?W*uaoUu`O~3=E4$wHzXyGijnG4*)1N;!{ zMtc3RQgMkKirE;;1Je~wCfV>)j1zGVgkgkLaUs8lpxV!vfLs<>_?z$_nzJBh(5h~r zg;-#%tscq}W@R)Uf#OJSBP$NsHvfw9m*^4ks~@RDc)k4L*ozdC@uur-8?*e`sI~*9 zJ=$b~tg?UJhz7mEg3wx=VfU%edGSjC;)qwzxeAqkY7>b(P)5S)=H_7l!hYk| z)Ou9#_G5Ry^6uXvpJ{r>rp^r(NwXdX+Z7#rhe`0nBvXQV z6OL3jUZ2Y*FF?l+lCEi>U!OxqFStTR&FREf-A==}^~C&zzKXpH^a0I46C|gDs0&cg z>mwxsfOFX>@S-jGk1qi-rSn?2Vr&eyovEo+N-edX^QY2g`JKho{@SRXCSnbWFI@Iz(B?3VH;p14c1`gVqq)aE6q>B|44wqjp{btiRQq!sy!bjDy2 z`tw4fv4-AQd<{na_klNkXW5&{!Yvz}jq`J;#a!Uh(mL!sa~kt|wllW%AB zjjcA`ja;tezH(UU+HK4^$G6kS%8leTmb&$|dhHg$ZbsejQ&RSf7FR!>?rES(ixd`~ z+j;klF-n=y^d7t0qnH%J`iVZaxql9fe4nr$F8k8Npl#RrBXNgU%@|#bDaE#Kj5bp` zQT(1GE-}Q)0?RXW^`6yqhyJCbX+~Cx^quOLtzla|*Uim|RbL&w1-aW+5k$vuj2521 z{miftC+mD*eKVhzxa>5wG$glHK;dnfO0Q#zC;P=&w`KHSbnIwVh1E3jg={!j6c8u2HX1PP9t z%8w^KPbD0Pm)JSnW$-Yay0v{sm1tH7mT)-;7%iGt<#L%&@OnV6RxTraz07|KrBTc{ zRE{kwK4rUQ`r(#sjZd3-IjB^+#V=hGx(a35t9Z>eAyTQ$qice_oyhGsYD_D~2A*zaRja)>oMh^qQ0`1enl{nLTYs*1_Am!{D?Dsy>${G{YE%>jlIZM>a{o zPZVtK0g|hc0A*y-bM1q$`hvH!wT@Owz8!cA9j?6GW{*zS2*rVo3<6&Ju_M)41QI6S zdQ2L#>DPIYJxHwidurwMz3Fz>d(yi9%*~*4YRb)4rDJU-kT=HpSeZi_Behi0te)W% zo%#Vmz4AVQ)5^#s9~4Z$0RGVdo!HAlW+SUFG)wx-CjQ#Hyzlv))jWvsR^8-o1vAh{(%fFo$KQ!Dp8s$p9Uux6sai+aIPeZVN+P! zx(~CR{~a9vh6>&GoNE`sG{)QS0wh8G^`P+hbor3zO)AnmG$50*6$R@fzdM!oRK76+ zk(R>@DlYqAjHfuLDhk-&Y!0Bo-6OlUm%6jEB z&ToqEaXH&x$a&t)>OtMegnR`&>XU>rC$U!&7%?Y*OS-p{uhl|~{|!&^F0dzeQukLH zRk9aEXCMeZaPNI;tDGnLD2`>&C13tEM8#{h^O~&{^*FRL$Jqg>Ou_S{Fd?{FH1uC!T|g?XVK$MBe<~L}M?4bxinlPS`z?x7f@ZPTs@i!`#@Q^(V_Ll_^n5 z?t?2ewlo-4)3J08UHAGmO}huY*`PVy$9?Xzo~&PcB~mB)jozt;T_ylV2d@Y1&-?7Y zyRc(4NA6QzJ9YYATsz)&*SB98#F7bK&_kIC;ef2pbq``8QZeW6N3#p@zo4UX4|r+Z8b z_$#$Cgf}(QgZ5xp)z@omsWcrnvT6K2-HI6^yY^h(o0M)fZBpW9PGKm-S1Rs_XIT{V zymiW5+>~r|rJ^-vIWfqYd#i9XRr^^=Q6Q~HO2my~x~??fpS1LXD=) zz4wRJjlPfbcAJtme~_l&6hF+ieHU_76@*61y{WyxFp%JCMb?EWg%o(tP)uInojvss zwDwto*m~Yh>k}Z(%xT10?20W&>Gw)i@_<<$P1Fib*T-bnInE%LYhLMlp7pNUsXDwV zc7y2q-_Tc^sSU`Ew!f|TFEJoFzf6@zQfoCi50KmbZN)p#@om`)f>-;0JtLqNIWyVs zezd}v=Ax--xWAP)nc@FbV>{vMD#+$3@^akTZmAKQ%PQGyj*lCK8NFcP;Y2>(b=^$H zdaCa+t6+fA06+tWvNk{CCvo)7g=52?+_Kg-IH434JDF&<$3;C!?)_EHj`vmtZY7VE zdR75$iE0e}^uHZUIS8br62&cxTA9+2c_<2wc@2}o$wg!u*soc#EFYD8zcEvD@j+iF z6E;0i?WL?f;2>b9I4J*kvE1cNyRfX5EvmR z?O@>>=&p5P;Bybp;r~b)Hg=#X0G^er3YH8o9s@-JX}7_Y;Qg;L9WDV5GO%*oWHbk@ zkw5&AKm-?ahIk(%utTEac_PE<*eJS+B58$K>j6cD9ODepa z)P96_ln1q)Y5=jr*fTiE+rfs7SS-_|tZ(Do`Wyo3Mj+uWCSqX<>*O$m6TIw7`>3ar z(!Hy6RM~^jhTpWcV#p35f`8K>g77roZ$ITwVU7_p3E}-r^QsieXU@AN(lRiWlr^kB zYc)nB0$GX!a0lf&-s&4a8tYU1KOlq=&zgx=30QYpbVN9=+n-rBRI4Des88x46zn|t zDBf9Hpb|S<>wReXdWhEa7GpmxT@tg6-#52#FlaV*HRmIo&3gQ|K`(XlPloKm=(y)T zTV!`kPTA{Y3VsFI2wmR@T?EA0mHW*F3$VLBw7_9`&yH|*W{lGFcoiC7|CrL$9d{mm z^;}E$wr#nNqnbV7%Q1AZ$;ay9Z+X0t**y(Xx-p#X48J> zLZ5>Bwig?*U*@h8R&w+7Zk>#ZgLjphIuuh|Z1jBwS_?XA0cIbG<9!REfI4G~Z=G0> zeT#mau03f)$XG6Z%L9@6M9}iA)5?Y^gJNdBW}jMnsfMq&y4*C&3^~NH?!KEG4H3^Y z<0#k+HYdIwOC?qb9=DzlFUkLi|A$0#X^m~5-Lm^0Q)D^Ox?BaptvEa;P(?L(oh0AuJL>lX<*k;+aAo;k z&I#9EqV-P{KkBoSIO_J1el1qT+iukT+6I(^ehh*1F}c zw2c7((s7u~pvO`cdk@ARRf@p<6D2SJo>{TqM%d4XBRzHu#h`dekX^ndi0|7(>FET{ zU~vsDIr4lsU?8PS#W*rlYe0Z~_2hHV^aP$f-f}0XaK0d?0Oz0#QAOT*t+A~o$o!N9 zDNm(4ve()^UQR?caKH!9VH287)FzDeZuL3^OF((cRx;z8Xv6BH43R^8M$qVE@U}L| zyiz8=$<;B=UTurG(-;aC#n8keO-9zp#8-CJvxt=g^>Lw^^(0A6k%}%HnRR9yOdhm2 z&>v|Kl#0m<6mB=hgLoJ%QMC+}crFZJ1UAW`$&ha+spp4m$`K+k{5>?8+$voy8$SFS zgd~NABt{KK##{I?LIpig@6WQ=T(wM*iE(x6)Ua%pRGuR`zn?{#gL0WkUpH9C^irhg zKOhkt8vs!Ii~HrF@pB;H!5Cn1)dr)Bc7=(qlV;l38<+>nv)V zXP^yaR8ctmJgrc2=a9)YjkLEP2`cKBc^Jm@56&MJWyDzmkf=bA^#$DW@ zu(@j6n^@@W_#CLj`Qd({rc@(!RR;U(Pqn`UBTKv|*@|L-1frd!TlIzs18h?w%%4UN&Y9S1G(%`@u zFD8b6L`Z(jOMl>8u@5AFkl!D6N>>TSnrt$doHFUj7)N~;AMd`;vACJDc^r$bzh}Vo z&uPMVZ2#qCQ$n`$b@M`=>vQrbAvRynLVul{zZOv^JSMN>uNL%txX`yehYKL*(=*~rf={Ug^TPia&1 z1$~6G?f3OjBp-L<3JbzCn|Gz2@teLD7gQ!k72kfzb$eC2x|M%gmtibkP@vfrbubY8 zbadPDamM7aDx|8~hd<^{?~UvY^f6yBDHhqs=+N!r^k4jiKl;y>xcKXht;5jIzDuTT zL@W6K;Po4NOya@`p`GRn$zy3;tf+Y+BjnusmBoH#o3XpA@4>;_Dig`~a3rR!qP>() z(P)%h6Qlumeg6UU`S5t~tTr#tR7L&%!(k?F{<`bet6CFb1Y4JyN4!nr2O0JJ=)s`8 zmI&sXxBr^eK3tNw&*-65;C|F==eLS(wLqm`EGeXaNM2sCqXn3DpIp z4ZUQ=Cn4-DU|7{fDzz?*B&?Pmo`~<2PP9q$sLeYTH z*Q1RuhRwxy&~%l?JacBD*6V?FpalPftF`xDuD103uHlR|u1$dpP=i(&;HP31 z6(KYJQq;yzbVNED3*=pKP*Ira1I5PVN-sqdo4LUR!S@yPl+pe8QPYSB+FiZ8{g5jM zJ$Yu}FRBtc$4NS2%6Lj^;;fRMwVjEHJ(EY$HYN2>T0h6MQZNo;Q;m686#R$m4I!X# zk>}frHp-D13FP8&)y9usHsC>#RStVUS)@t~>~=;g3aC%Vd(Mxc%WJB`YRM<0&nb@@ zuW^Z6Y3X!d5*1zJNs!|LSfKhS*?IxzrzORJ0Ei!;xhPyz_ybr(V7HOdG;DKyDvz7| zTkhT)i{LC2(D8p8U=y=b5K>toD)Hu285+qfK*bU;QGE3}<*2(U^8k*gPv8}x3VDhC zK;H6EMzIrn3EyC%Mth_pM*^m$Kx-K^A1!v7>E9{&?(TS{tZ>ve zDz~)8MGZQvjjskVRr1#&JQ!ij;&vURlY5xj^nyI61E%lX#ih_oGkAwXYRXmPbjk8< zWiUi8AT7t{7PWV1_f~1qN}SJCN{+BHX0^iYs5|)`DFzA|j_i?nj=m@Ndktp&x>FMJ z2+5cH+;imq*v9cHCW_CyUAu#6Ck$_slWzqosbaq4<>13ef1~0wc@7(?tanBZ)Oc(d z-ECAzR<@<=UnTEC=^$!##~xS=J0?ka(0x#6H|4H%p#x6!U;woFv)p%oq0^msR$6m< zt@q>Cu0w>H=Y3SIvGplQYqK6V%;bx0x5729@AOb`oqa{57gB#RW)g?%Q6-wG9jqBH z5C813WsBnXn15~=8k2$WQ|R!pVBM-=V7BXRzXMw?@g0+RC0} za*tt5tl~|2CX=As%>OaJqB3U#&&uJ8$bmL<#*T*4$Ygjqh1|b?n2PCvW*1gpewz2x ztNm<~z9wDbQI+LwrK=LT#O(Y>uDHMBI~uxpw7BNAX!01JL8vT8bTeI1^hG6!VlvF+ zQ1DF)hu0-VDZezHN5%liP*_B^3ZKeZqKyNB-kE@`@QK5+6^3TZ9}Nh7Q3!s@^)c7q zW>D`5E7dEnn2!7XAnr1%M)Vw-_X>^gIP0IhOtXx_7cW!Q&NQqPW=!RzO^U%YikqkY z`X*ngv510jlWU7-mG&xpCPP+;$h1yit#UscY3fn znf0QUk*c29y0#I2Tv&qrFlerb!JS)VD9Spp6Hsfelctdq@U`0lW#-;lMcbvTlIM%5 ziBVh;5*C3ant{A|&k?&a5+FWs3L6b7Jb=8k#3yOh7)qD`aUAgMi4>ToW^q!01q_Ov zL5VZoIh!FuYpIE4eZ0{gQ!IkUu}63JueJ~)eZv+#>+y$jJ!9*uSz4kMhuLduOZO6yl)rRn2%13-U z(BIzS4+tk)_-uv%yi68EdSs46BDY}Etkh^vf|vj1hhAA0&bF6)NbXt3`6(%#l|sSB zj4;o5s}twwxL3`OuHMc_{?lFyvpubFjVo?du@rL)S?qB&ll>;;;|Anm`ZG~H3u8b5 zw5S0cH{Xr^Cz2WDqeiaVXog!?GeCrJC(zD9coX4G0g548<&-oxKLQ5=tQHpf(Pc<) z$+xvox8=${6Lu*!tFLhDHw@vhA-r2g-&w9qL{I6pnmpDGuS zD#9J9ZiwC&{A`;;GBR%dhtoQz_^6t9`wb?`dhpMN^Y_MnNPn;^SxU8tcg1JqQ+GMz zEtjdUk9Hs^YwU9 z+uzm5RMYs+Ds<8}?8UZE3Mr@|Lf?7{e5I=n&Iputn&8gW0;_#_D~-30@Fn+{B01-> z4tKHo9kILAaxlkaeVyUq-lR-d9MBrCpK?^UcHSW8X{P;y>mo2N^$q3!zR|c}zQFq{ zpWA=rP*fDfEcavQVC_IrCSbtaqEdGY>9N?f#&&SOFYOt~s`{pHOfjy|@PKtTX;*vY za`Z3UlaWe~lptbzVig-P!1c6HD#}oXu}_7-t5M{YxcpW4&5WFI;+w?u3qnXeURWE- z&C=ZrkaaY2hvas-{HQy43p-x=*@zF@!`tb#me|_5Po+%6?>MdVuh_2p-vxVr933&n z{F9UDUI^7eZy6%xOyCMOS)>~GG-d9(w-!59&nTw}+my@$@HY7*1{JV6brC}KT^4Kq*oDj)T8lTd8%myQ^R5;Yi@!v`? zYD!$#h~O?SrHN|Xlte4;<0hBmt^^C5VA*YqExc)yUs;$4UBd0BE4? zrZnyTX3<@iU|2YsR#p8unEc%sBhUCBrqU?rvf-^{>SR5-NP2kT;hVvDLxUePf&fkA zj}7F4E!p`S*}q|egy|u4t<8={Vt$b#-+)+A5c1#JR%*3YOlu`QZB4`l=Sv(jGB~&` zbB=;C4hy2dHLHQ{^f4P6BmF@O?l+>~+vfRD$C?Muo*)hSD~?{7%vd}t;?zfD{xHpN z5l3-RRvvX0bS^c!mK1r%MYM*hmxz*ygc@n^#@~B>G5g7bF)Fj0x~@}5HmKqVS?r*< z6LjVSeqc+mz+WZkPmUH7>g)8kHqG=2F)plhJm2Z1uRWD#p~Pe}b&G~)QQq$bk)T1# ziJ4*<*fiA2og14RhLowJjV(5SB&a$AjQyP=wFBQ@!fcHU=K8;Xk`dzcf%6-o^uxyt zEtBGhZF;+K3umJqwVsC+llGBI76CX9Vwo@;pyig|CN-?D;bI!WYhc?>Z^l-sQO;+D z(~yLhYg3v7>yeUg2O1Jr9yiVlU$%~|{sC(=0ioFs<;Q=SF*k8-^(dRrppZX~J$u_| zrhIaaBXB?8%5}0DpN6};xC?Ssb5zut0KtZ zwsLU7jL8uBQ@_})<|SbKnDOL>o}rYLG`|VFjvFgC>K79vWio_&6iC1rYCC}Hpn7II zS_HAFK6~DG8AISjNF&Z4rfv-pvJNmBVig!gssDUrIbO||ThzuqF6$8B0rKOZt|pMT zT^*>Mc^Gj-#P7m%j0SGbq*`9cF&y_4E-30+E$#zas6^s`NQmHR@)cG0i!(rS)?M`H50ptNaY z$?I5WdJMQ9d%@*iA{=3x3O{{g$y5GG2rHE7#Dg)8%$LHF4I-1IOZ6-IJa&-m5A>CC z2a(IcV_Wa8MRd*Y`7%#^-@Q9=qBhFBv8p7PBUb*A(i6tSrfY}V&o=DMCh(m6*dh3{ zq@JyzSLrF&E7`mh*vnZIM2<#C;B`6ge|X_jzvzbkQcvL_YC=R1DMAsH<3QCZ)GXx$ zK7c^4AMFnLM%zN%j#>JF+Efs?^i?;BnJVD5RrjMmfFEZ9SNhi#dHYWl%q^*0mf~fi zgD2s`E<`LB0f18C0lwDgu@C8J!v9q)v&FSpxPv)}@&LhyN<=U~>?fu%h*6eU@+pz= z-2)<|!JdY0fy32gKlOs4yS)_3N;ae%Pj8G<8@jsTYe8wDL1c zD~(FOf0<9iiT^HQ_1jfyl+;7Y2}eaIWI}G>9_+XR+c9XSjZAKYti30+CqZTk0v6)W zYeW`Y-ew+-IMmv5qjOUnCPc2{zVe*btr%DNJg*sYA2U?{b zS}L|6H#@>_wyW@?SEuf@IT-YEDhrXL@o}##y>U{5znO~Z7@j(5u?;1Mm_D1K4YH5b zF?7@M$#n|pASL}}mFlniZ3@WfVgLfmT6k&Jb;UGrsOWtZb0h$kV+}aC?EtDoGyp3< zmq@GYifq+3jnQTq3ve(I<4cH*Nb1(E>svhB6v8LfAlKkZ%bCTyS%*MFlMtm6J82H| zR=LUG!%C9dLgJV8sGjUGk&ugN!60Kz`i8t=|0QGP2|_kfuno#OEU+H!_ga)ZZG@d& z?AP$(WW&js+53{$tTDab!wEoWyofwCPYJ#Bn}K38uXh=dXkP%oQvRAr!kf$wl%Uxg zV)$h)q@!Vq!wA{t+dB0J#UmbmZwin!_yo(~K^(i^quS&0{eJqec!n^G%=}kOpgus$ z{1Y;PQ`h2;)AIuDtLZ^%z3a5V<4Ke`GdA~}ijih=qNC^OM?U?#==Q0k;V`Q{;r4}j zVZ5xCVO8vWCOC~RD6#*qDOe1so?J< zM|$e5JB4G(ikK}Tb7#*;a+Ypqg!tKR!LFJ#|3)G88&w!4^{t}*&g*0DF?urn=?Jvd zt&}$i0rL}rN9qnGHKo)nZIz!2eAK+L;hJhq)*Jr5qq4oJp7mOSG&n0(a^(lfzV0od z@z|xcao19H*f9PX1ApT=V-H1K_!T~?8vTwbVen3AeFIJ^#=Q@?1LO6_W%}e(y$jw( z=!m z!r$O@%(zDM!a7SZP#B{I%)c23lQ5PB8BPwp*K;{|(57-$$|9A`dElC~95#>-IEN?F zI;8e|o6n4hNcpK5f#iu}P(*DGtqvupJgXXR^J#$GamH9r@_(b+kHtT4EW1j``S~H<)6aAUR56YV# z3bi_EhD-|w-(e_WI1pbKVpMMoAvrU?9p40LzdXSpW?YEv2%}W$zbO;yLjjD_XKE4} zF)(@Ss$IY2A5nw(HuG8LHJ212hP4$*e5Ag8jZH!T5V>%|*|kPxHEE37sfLXY4QtKl zI!S7~XU{SX=Ui`7VyVjZhj_T+ZC=AUCo*6u|0?>M+s3ruZikOw9@%2(-f~NFUdmb} zOvb*@R;9Q+{o^W_0U=Tapf=99?%kafu=#K=@cjjZemm=tW|*93_;n~WnX7>iUkK(a zA5P?8=hKev9W4Yq^!0Cw@$Vz};z}>*L#)mhryuV=?+=ZB-b#xpYUk{Xf`&@l`Nd87 zjZ*O!~pM_rgl zlRBGsvytrt+~pihCe~tDFnovxhf4A*EMJM;+n%Tc;Qou*1_nYGFW81mqPO)#tj1!H zCq%fO3*NFYNE@HNz|uL=`R(VT&)SD?P_N6TSDX{O`eo*BWz z5!Nct9Y7*~V^r*QfW_~VnKt~x8{Yx?UW=4hK6nK)D55P=p31q%KP5P44=#4k8!?pg zMa`Dw_z7@GB2B*@B8-m*LyaLaq1arTMpP5;7$@#AusN;N)Y#(9>#h5 z!=2<~F?NDebpCwn6m)7GY0l{^Naz#^Coq994TZ_lzNa=SUHsrFYXc{4^kVS?OpsVC zEP0m)ckq@sC@mx_1)`ZRcdA`wR!x z&GPju6wv6rxAB&NJ&?l8O})4HWQQ$G3Ok6PNpNhYhxq`%a0u_GB?*R2QZf~8rF~GW z8xZ9mB2y^evPGukk^OrOw+7>MNwS%B`MX`|j|%_< zaex%0wU8-+_0fB|vVcK#T6dvh~}3?1i9#ZW_e z!{b9(W+ok)-y3()R8VK2KleG3V0ed)*feiZ_lJhQP78LK77z@c4Qk)DpJ=Jc*X)&e z6(FYZp$HX-G|ZTpM<_hV(~h&S(+V)-K~A`8koED7hTu^%Bfzf~9HV7F!t>K}gX=y_ zeB$mSB&X#rGu!D5H(57%_X@%P6`l+>Cn>SS~ zWb^%Np*a$W>>y9PzLAxEs~^;h)gp;BMqaTNq>H3_w1EJ2_0#tT?nC>auyIer>y6BR z<8Px%qjm?C^hmC$+`uG>LhT@eDN)z4BD{uBCSrvcFeVFp#D9R?YFS`5r$5nzvUr?n ze0i&ZcESAe>H}Oxm$~GE)36A><46~*KKR43{5_YC95hNgT7~MIYJc58LlqFWBJ?c( zW{Zr}E*68qRrmsYhs&$YIZ9jS;+gw5lSdrp8haF+0O|6lM2cd?U8=&=ak zo`x?{k^AxKD7>iTE=fF`Wf@LfZMi3XxeNsq8gXj*HS1;mrdqh;r-)?%#9Bb!$IUJk z`BKmSa#IbErI6(~O$;R3Yvsgh4m#U!)sy}SGr-0_#xTAHXyK~O000Y~SB%WCv4F%c z7Gx5v@6HI7@R4WrOH4152`mV@Vnd&iV#$#VBy>_6GV_0U8a1#}j8;^j-@^lmzpR1` zp22#3@Ag^;V1WU$jCMH4nNV`PzxzLG_WqN~3ZdjYg|A?> zHnUwK*SyGF2oi35M0mYlV^7;yv#zE@z#OCdmfe;SL_2;dUG|y7`C^@|>-gav71O)L z!^Y@dHi~UJCUZY--k;nk0s{-jdB)P2gdYo|CO_Tt{4%_4(zD3sK!jmEAF1I_dffe- z&?%VkP&u?q4q+(gvAE*fmT9_9;9YuN@cNDUuh}a!r7=t2Vsg}scuCq5LYAp_isJgp z`!NIzYep3|E@p|Fons|BBcSN7^c`=_b`qmzLBWyD+N=DsFVTh{&^>1f^{-KYjA>e^ z;KbcGa2_-eY9d>gH_?O`b>Cs+QZbO?J`obF^U&p|ru>!m47Now@Q(>-h5V~i!hdrL zV2L;f0Nbe36&88yuYmQoj+yN{v`Y|KI6Kz+XcmsPjRTKGx(j9B)hMl@eXkgW%}^@e zo17N;QPhBQL!MLrQJm3@SyG9UTGTV1bM}x|>^(J9`Wyuuz06sW+;y-;ckU~Uvx!*h zavoP_HGqMRBbGmcbAW5y_e=lll>C?tpyXYYEqq`7jqfhX1)PnDU^ z@2u}wlyRS|_lq$iwiacxMPr@RKTbjuKCNT`SZ_1`s-{i;w7-VOUB)5p0f40;wCAl( zS5~vqsCgn1$L+kV@I7s8Dj0AyF`wG0ImTY1DZxkFB6bs{8$2Y1x%J~y|1D-Im2UPa z1Yj=3dcMlV7$ap&;ieTj#@Px7sE|t>=!irOUJzW{^k)p_=!elW7 z3FpYH+KAVHoSukvMS^p;4U&(215UB$pKf=%%B)bc_Mgh99^V%EFvY4dbAt&Z&Af#L z9I_eo(R7^kVfIOfy$NJoh=r})9J7W3UEw*%CS(a#=k(!%ya!j)c#PKpUQd&D~h^g|vA(>Sa?<+h(8h*S3 z!gh+}i%+gzDS|tv)?+p=z(?$4+;*CvIuJ`gxk|GQUOLm7V^ZemQLg0f=5fG*eRwB3vjEHoWEM`aT?1#`w$@+fLSu#)*@oO6-^nomKV(dgr9fpGMz|AGyWaw9Ro0GEZjTwlghrBrM;#Kdf_&u<%g=RDG$0=;eXu!h1DblRtQC1V87?N zOA?IFAOW#x68d&otU04%1Afxt0L!T4L5Iux`D;A%~45Uf-QQiCw@Pp**uKWLanVN`_lyE)ev&cjU#9RyNQT0zA z%zJ(ZG*E)v<>P!P%a&ZwjhLb|y?WCE6Grv7IUbHFNcr05NXZF!!Wd;39Qa9y?-yP# z*&5Yt@SRqR!9?6EzsKzNTfvZ?tbPw7#e7;N@6Ye9=~kNWl*sV(r&Q*o;rs#_k)izS8?rK; z{-Dxju+Wl-U?jEHCIx&gB@*K*z`J!qy=)J<$mI~`tM?DY06(5vb?YZyI^|YNCR?z@ z)~US_!@b{{(7ugWje6ej77C)goK$IBmLDI2D7@zNGnYwdD&E}3gkTd zlr2K#bp|HMH$}fH{_fFAjkMo#iGCLa+nKIJ65ogci{rQY(*V7$vDnNqpQMI zl2hPyB1M8vPS4^4Xy`;X$Pf8u>~se~I4)4ilzaV&ezQP9&u&G?J@{8f@S;d6|k2}A#fW^p9C$9eqb~U2mkb?+V zKWqkSBeca}c#uceBd5Pe;FtSNn3xdjCA&N#LJ&qtkcs1r-4vUpvVxPKco+ge0s+N zfw+EoB;+{1V$wePQf|q2Y}g-^VBb)YZ$%~=ap!@~QabqBc-BNAj}CnlG6efq=)?Y^ z47}GxMXjzn#vMa=KM_J3}$j zqtWZLg7y+bsWLe%H2&KP2E`NrB^v)O(24TIiqfoj{MG~C8IepLblu{9d5el)2$SPo zBMJ9nKEx{tE9Rcn^qJ|SK?L5CA}Vpy`*|y0r-b8bm(`O~{T|1_J69ZV=@HbmQ-0u4 z;e*x22iFm4>_($R#4q9cM1}v76^v4_b0D)Do){;^$F7kHXuT_>3CaXH3j~(Y;cK_e zeZCB~`y?ZG2g@_qXC?CDjMt$dQ1HgXyjHAuQ{9DUB$~Y19p?;SW(M z&uC%)tFmwBgxDYHQ8+uuq2J;k-&HhUsuw5-ozoM2e%Ve2xUgEB10FuIn6Kjz3(l54 zo?!jV{z54%Tzi1Ol&4{B|K{`vR9AsbJXkG<0T184T6%d>Oa)l-LHJrX%Tx7~AYSWX z9w;7-HjBQM@~iP>jHvn3l<=eV7f%7K5@n7?Lt z`N04xNY;!~uvc8d^fgc5ClZHXR`e5%G#j+`D$e1Cf42!#_$^M1r>g&{tA4Sd+eBqt z`7cYPlTq-5*GKw3Z1lzzx65x2nLIxGHANanj(VzkRe%3$90?rSMStP*!KKy*l;|k0 z^Ysq9*1?VKew#OHBYa!#eP|nN6P(zqte&T4kEl2dNelEu$pLpDBJ%%OfYcLK4bP;1 ztLz(0u17EWe=IYou9pT0Wu>s5&NMYCJIgk}oaUSweDuw-k7zwkY+V+#oseij_$Bl* zv%mlWIJVi#3wF_Zbsc8Rm@J6mVl=kcTlahD+G~OEJpRnTF+!E9GGBOCC~+V3=4lA8 zbi>Ox4IBBv(B|P^&bPg$Utb6nf+0oZ--WD>$msLUD@E1cUGy4cj-2uq{M9+?@y!g* zS?vnHe;1-!@Wb*gv+jPuCE;tR0{ESu3HSBQ_9CAwFxGLd0~u%8!d-JaBz+_LY;1%W z_AR|9YLx}1UsMV4vuCjT#F^aZE9Uk1>4yon1;G-g@pKK|+@bO=!TKdK9M`6gni=Xg-7Arc!ULXAUvhs)E78iCF-IXOz&Y#J2p`%>)ka(Sx zaM&jI36sS=bxSDC2cbZk556q-vK)5u+{kHTKoMV*9KP24Wfa~oR70}`oL_ktaR=j@ zXNDG}y-@WN0yAb1W@=zJ-5;#A#1$}OI&>}4)j4Jkdn8RAs2M5+h4K|Ib_$iVW?gAT zal5FgtD&UnS(mC+ZP+ip6^DhXbW0_=DxcX`!HN9bDb;bsT;_>ouDQAy`tshd9Sh<} z|NCueVYCw*JxOBQN*3b`^-|8`jsGq7>QzIPFsrE}UuHwP`ulG6i#5Ga0%be{r;oQ% zggff5K&%4*a#=S*BDH0wpdX;_QV| zr}&{2gW2IP4+IUqb}qOs#MptThr~Th2)?T;jz@yt=e9KmN10|OI+}ey?v&z4@bLn- z#EtUh3-Lcxe!JOrA6K-+sP^z}s14eQ*fBb$`h!CKG3x?(I2vj*3&ORiVrvZ6 zoZz()@e68%`|2ZR+`zvs{U5?2Nqh`1-LENf3{IKrg(gZJ`HphFT8h^8OlPuM>l7VN zytsq_oSG7rQ!k8?R^QbqK*QI|mfi)ete4M1Nm?42W%g8v;Edg2JqO%i2(rzhLFv93 zF}Euq&<`#lBKO)pziT))r2hLPMu3^v+WwkvCJFVR`#F+7&KG)V_4zsDp7*X2!k=ofV()A+LC0O0cs`FC+(49@r?c43w{<0sMYblRG*zbhN! zDsnq1F~_u)6=M5SUt8HaLmZyCL|<)F{V)irPOaYiOx~CMUhEP`JYiqzECtV1+2AOV^V>wUZw_d2-5v`;ezBnX>K4ky3 zvJCj?iz-q{*j~PthH$_OMe;xqClE^i{1CyIdV$FISZV?cjX|-zr1SMTFnb;x6dJ*M4{7-0KdF>RRq)pE-C4mYG zGjeQZ7kC;1=aptpK@@U^)*imr_3j&+81D|F;Im}RxMv|-Y0gT~6}(M)?moBIGvnI1 zUz!FdJA)oW{ZpjqM3ek}zUG%EZO9D-jusV_ z29dLLx8t`(ZX>ur;y(mVkjJChmyVr^RI!WA>RpN9v|@?3GVPhj#DZ#hUbt@Z*HyxUmZe|9KXp}vv~%Kn z(tU__EKz_=2X2suz=u{7B)-YAa{#+zb&jZmgN=Q0nxRTJJ$>s&@r{J`9TI-Y%g-qF zK!L=rG|fV?#Y#6sd#W(G5{=1N7eyZsxKkCKdX|wk2SnaiPM$8S(9PGxx37r1P?^Y; zxwE|-CVq0DFeuwSwH1pj3Fs=r>P>a8PhB!MBA+dFo*j?*T>?SYl$2DG*%FlCn%hw zlT$K;U42h~WHow!d^ti9x3nk*-vU@%AOfOUH`=9Udm;%|kgsbX7;lr1IPUnhPQTb? z8sKeS{dMqUTnA}WX#DPlbpU25U<^l%DjorGt}FLO*QkKU!WrwkxHWi-0r&)gIVLOz zcO3;&KDh8Qgtwf?hLLBIjg@HYS?B|vq0Le1C;xL*y4;^$RkMjTV!MmNlp-aqWs~-M*IhuZRM;oP<+4Y81EH#0!ukg0?YWw7b)cg0U7jKWo z*1Qah&*iadX724>?=^W5qI_8yo<7IYhvV}M3;QSYbAJ3+t{*DfltuIvUE-y8Eok@- zW`dMoMJ2wIP!zldSGAyx7b=&u-ZHP_rY&_p*>pLQtunTTUUff!F~M%tDZcE{y4!PK z*Sgo%NqP;XDg$_kMgGUsRYyhDMSBnx1r(760VPDbJCzdYWNEg6UMgRPADC|eOKyra+*$-@-DG< z3acBP^gHL@8>Zb?W=K2I8=3Y@uRI0YLooq3;T=dT`oqt|t=CTi`JX?^*TH!4TJD5H zdE@5agT3JShcMQ)h-Q~KB-y`~WX1nge9pkj4bN^yOjORnMqYiB9~XP907o#UC14Xyu>1?tm*x)`b~$HL zL+KP^6P1b;=`62q&^Sbi6@@D|*h&t}J`Tg))C*;}`G>!;2&d~qet^bI%AONLa?R_+ z%4!_{4bk~8Ji0|crOwTCe;8xpf6r#8wo-|H=u7wJ-=FD?S|8|c$JV*j{}E#3zmTAg zyUQ6Dq;&m@c-m4;N43y(NMlf}U_3a3;p+X$3VmRYD=i1z5r41fL8A~IuJ)wm)yi0Z z$)yp^#Q=f1r{X43uGz(~N#M?(_P~pGQve8(lSb5*4&~CxCL_L(rNxSsvD!+^h}rbYPL@qmgA@R1j)1OHll1H@$Yd} z!%*nrNC19$TysnHBsREFRi{-?lVj0?t=+xJqqM6WC?%1}6zpR$s+&w!p-8{QK=c9k@ zeHHunn0Zeg)=0j0p<05%O&>1EK-WBPPb9;$a>!o=3dfcmn9&`!Yy86^Ob^a3_|C|>QoK16iXDN z;34UviW3kzvOQl`3M?5p5N-&Mq+sFFOR%uJ;7y4za{u)nfo+SB8TPx3q~(bIZcoS2 zekgW$GY`tLIKbvsa9valP3F~}E1lfN*1w(g_0y5Uzn$shwns@?`WRA9>N0ifW$g<~ z%ujpqT^?O|isd+AGsMI)n`@JB|$9Ceh`yyF~p8U#S97-bg6pV#pT9K#un0A;(U3TZW&0$3Y!^cW0}x!1Y)g z%k2!d-u6z8=D2vn(r;n7!GwgLgKX9QFZz@hwg zwd7zeAdFk3qovnQ~0w);g(iS*JJkqH)(*@9$3;ro*agu@o1J|@+c zP;6>*j29-6Wt++??8kW#Mwec=oXsg>x3nOS7=)>hMugLd3`$m@H)jLc5*$^*N!sNButr6SSkFdgupLl-V>s>VL z>^R+GVxK6o#WF7p=~qYYqi>Qzkc4ri)mM zo-mfm>Z5YFzN4?t)oKNs^$AE#*l&6^(?u;m@l!hRQAj1Z=DWHV;zYr*_Zu+IbHQS> z3a*Fy4c#Y8+zXoCmrpR{`KIvC#uJ|gJLMWNJiPcBa=gcI7VwELo4S#w|1B-pL8(*W zeC5hG26k_}ofG+&Sm61e)o}@-5t`hT<604BUm=M5Ie8J*$TK5xq>NI~^>MFKVk1~b ztW0=W+wp#&sy8OFBi#sHY4=*+;fRzEl`WEa&tt;kYf)bcHfn6U`9d!XFz=i@caMNZ z?E<$sTUeg76tWC4EA0i&8!q`y`g-oDV3?7((4Q8b>a`)L?KFQ7b73)zFM!?m&a6SvQ z$qp2pY4E_5jiV`fPcv1BU>6Gh0jY#2!)9R&}U>-4S4-IVmdA4x`U4c<}wW;h2 z2lyKu{Cq9m@m+e29~ylq*7IzeCFq(+@;r(6c4_fv9F0)(xQSqQNy&r-%j3>QlRxX7 z5^rL5$8?fAA&%Y+O{Y_P-7QY9M9vf9(R?@`F5+hjhjgBMD}JROtg$KzXiMc>G+W*X z`F^RN6YadTif&AxG#WD|7-5iGZ%`vJuE$5<euC~zP|pm-RsF@fd= zfA$h6F9(H#rhAt-Nv`odmy8@>1C%W~FEJM1MN~f;cu}}d(JXJOo8_22jqGK7-neU( z;DBf4PS*9YUgomrE8BsfLF@#WwXz?g76WomHRPKwPHIzS%$F{WjtR59ox7E(#`$+3 z)dqI-bvv|bs9UkUR-QB?qa*R>{9_aS_9hzp*Hg#a-)K9TM9RW(Q1(Os$Hsjj ztjL}GusLF6dz3R+imkKmCylks?@iWa5{re@IBM}$ICsQ5h0BEosp4nXaYmXRi?C@g z{>#!pnqF(^9k%em$B9}#M`A3GD`+&*mrGn>WiN)FVIOo>sMq)Dy_LEw%?}lQ3&+Hu zSBaEDF3((%n~ATW>ID`0i0c`puQK_yU}FbfUhNgmGg%S*V*Hi4(@r=!Na-fI7>ix$ z`)#17-K=5N{v}kSu?wdu3C7VB-Ipy^0#Xrb^3l7`dH1bWxNn757=FRYLEBB1dOySA zrL!nPKQXKpV<4I!6!4{T)UKC(@|XlJT6y0%dQ!SiSSO|@>%LM`jE{BX2Z9F}&N-zM z9bVA69xCBhXhYn#dENE07$&4+>)(uxQqC&VOv+l-;W4@gs>s}LuQjr6Ue!gS7bkuo zqBVZ&n0rzDi1a_i!g%em+<7}2cyXM5#JL=rVsTmM(JeP9qVP<)iNOB|K?$*yWB z#mxOsa(gTP2A7n$_s@)~4R1HFEdDBGGWN1rRUrEb3a7#ZJOsTay1H;5KSB*72S-?%lw{CMe+q{pA$!p|WlhjpXlLotlG852JUo`VKTCHo zM>t8$j#px?Wqx7&gyTAf?uzuLwvjW#Bv)U=eedM0S}h@lv9d3gF4&7wVkZHnYpSA% z8yFO%bYB;kFA3UCng~c1$E=`ILMuwS-y1U#YWvp+9Cz zG+FB=tZ}-6J$yXf;iWV(m=#weNK&17gxE+i!s~ei_KquzB zk%#CCzI#S^bfR3p!%g89&2Es^VO?;Im{*JGuoQIjWxCk$%Roy1{AKWFbd)~LdTLZ7 z#8-9`D_y!aQQSl z*r;@nJFn)`Ogle}QVKly*;^S#QT*IO!uL;Jtut~taRlEfH?n>IL&`*p*}4*P&3nU4 z1-B8nN5s4mWnLLD^?UD4j%Cp-?+%&WOhxosPu}nPeSZS zi{|;2FG|PBzoqiO@2cPgu2fO%zx%8BGoJ%@3)>Ao2OXLW{R~cT@dg#d{NkJv@!{=ZUe5#VQ>(*9Ivm$O0 zYfYx*aeJP#h-^%;nEKXkPVcpn*8FPbi!2GxILaG*BbUkeZGt5~SEXU4-N%&u{a)-@ zZ&;%YO$RO544b=4dDlDh9>s%djI{o=BS4dZM)fg@H|C$Cq=3$Az&X#KEtcRncP=hq z@BpJAY`->o6}XvjUFdZ!{Sg1h1XX@eZw~7=4eug+TLlryFC3qg&SCQC(j+EZ)18+- z6HYMsI}83hQz;oy2M(M)kmWP+xWl&dom28up6xUJHfZU{>S2`sM~3`oPFPHnyx^L- zTD}?Xu<4DM(HNU;UklX9-IHrSW-HZvAuPpG0?LhCD_kJOy97a>B}lhFpu^{RF7zur z&7`q+zPDz&G=0lm>9%@bajmwB<9a4)y4smn#LD!AI>0`bnT4}3nAd@P2UU7k^4%?;1rd~dh(*)?H*|Doc(O-y8hAuEIw+( zuzgphR_;0U;ECN5ed|vrm(XnPybep%CG6%NPpae5_cNBz3Z0eKM>Q=Zd`OGfw}MpT z*P;-1ashsiGB<%UtUl7bQA|rW0cfe`BRX2)s=REIjo$93@|2+cH~tp(3IWh>Z1nrq zNmEy9jJ`8#C%5m=fzJXz&_DSW%Vas4q$qQp7_lwjAjd0Aon>p#*7WvnYQG&(_NXI5 z2qYUsFaHEMjqY!4tcWZ0q;>2wZ|8Xs;-t^M|CJR16UdX7N&>5h%0xQIYjfNepJ5F+ zh3Lf$EpO&N7P5Sik?!dJFpJ8Lk2CwYkmsus<&;QIKXgp<>g6&;gN?Y+!hECPz*O_- zI}qOcY`4GkB7TUo&`uDMuZYvfp%)JCYOcVd8EwoCW(}@u<-^fhS^hs9YIC-ClUYM8 z8su){8HgJq9MkHNKKq|dBaXUfW|*ThNoA!OI3==Qp45^ii$1D($Rsk!F~eOJVvxAt zu38B3_Rgi-eE&j-+c3oj^|@H?&+H}bRZ2Dc|T^l|an zaaptO>fH5=7w;bf$OY-8_SZ$htVFGc_gz(GQJ+?(K3B%e$t3V!wf{aGkTOZ#ib3d# z@a0YH%sr2hCD_CIlBDjjo7#n;?VVy(xYaEn|3L9N+*X2Zpe9Q8p`5KwqQo+1Z{>E| zqpmihFkVDExEiwp0}K&}u=TTw7^TX%S=zgM^BY?gIO7(SyCUN!@CbX^BX%=4DphE# z9cq0zg4wdd38$o#FmQ%A?C$v0rc6VN9$~85?momA?-R;j&+ByvE6#0D%bl)}xs0(o z=#t3h&N_OklTF8zayeWdI42!W82fOWT;4y7Ai!q%^j@EZC|zTZmvnF@fZog;9neZuUw=6h=f+?0x0DUDBDT8N%56qGd`14epTOipjD({+qdp z-vl(C{a-DB0_I+I^8`6}%{Lr`!660Sid^%b^ZVl(L>Tcc?)|j}kgkA>i{;RN zxn3y0AOKaf+FN*})LGo4 zG^sI`^yN?8g%k&*#V;1=4?36_pUiY$*cqC;kG^gzTxyHiaJaRRk?{IhnO1Rz(RL8f zX(`xNYCDsCFM=;_;vZ+PUy5s&w|N#>fa??$EfLUqvOA z{TX&~2BZZSUekOE9IJISiJXAwnBal#Z@qL2xvhCmHRkgGV$^k;nMzle77K(&D|eJ^ zJjdp;GswyAT#T)Q@JS{m2N2=2V?0@XB;#o*-_|F)7xlInu6zK^E^<<-kBZI_$;;NB&BT%W_21H@7gFWUC;kC@c})yWJW5rA}-kZ=Zs|qsbq6 zG=BGyFVdk@*`M!;<&9_m>>CrEf+uV3HBu=Fb(Jd!GVuj9>j%JJ&XEBh7PVjHKs zkngyxjbJ(=UaZhhkn)&Np2LdxB@mquI9Q4;@WlLrkuU~1sI=zSssWUeo#JT4t#JQs z=?T~H-R^P){evU9vH=@F+JyjabZO>!+;FrJ;?=Fhr-7kBRFKx@<7_66oc(4kq=oVb z#Q|aKUp8B_ualBy7jJ$$kke@03;jq7*1^ASoYWFR+|l~YCuv@|C*DJfp#8iz`KKiP z%6L)V$tpRQ%65jgqFk|IBYnkGL^ow_zIkO5sx$ZLdX(5aL7W*vdW#^%!;9}TM(y`;;%4WOiSAhH`<~^7gX=L;wuF)IUU_>B{o9!G zN`)rfEYIZ)JE{^tTs-mBp4mg`56xB4fOZSYdb(KKj7`u$jp>>RceTES=2X&LlJrF) zbgyStFLz*r_YEeRx^`nt29-c_KV6N3z;fw?adrW4rgg^L4~N!F2lY904!y}37gErZ88?4_vQ%>F;*dG7hZs_`KuM9e&K?Yqxa<>$mHOQ5=eDL2} z$P834b!CoI0eO-P9@$F7ZqVJ19d^0NC-*U!RR<==w1Q;eZ?lrV@^?4~5A2np)?0O~lIM-s zhDc;|I?a!x!iDV4nW3NulIt@JKe2DjnLP(WH29>(OEU3T#84C3GN^K6)ePL

z%L}B!E^^l>U8|$xo-)$(p84A-W{i%z>>F<@u;3aQrU!LfBR=kEC`qW#Rf`L1NV;3X z>3P3hO)&+ezN<$2U@eBFY`a}(uzCjch)FRMiN!1)NC$66Q+oMGh7czss2pEo;qU7wz^>@gfm_8=LkwCpYh~N-WWMiM8^vE==^|%HHJFwgLl``F#ovuWn$Ekng4sIGEZKtxz~nQ zyX~IthJMJ9!<7_tc^Ue^25sFD&~Nw_T~rpRqLuqB`h5Pooqgd3gIY!qAB5y2*?D?asoKwcCK-(rxfzHA}GOp`+`WT}sx{ z$y-0?ZrP;IjIGcm;6qzRE%HMMD6G#_5k6mqGP&BWD_K$A?Q67uiH~YMH;t}mXGwT= zq9X^xUl=sH8Y?XCFi~J)XaX#O+Ua%Wt7NNkH~V5Hh61Ha$z-T&_|qMl&xuxYo}??5 z(v;W@l#ISKcQE1HaU0Eir1S+o30XF+{PMn?q8UfSuC)7L9%ZX|R(KY6%{L94m%uf# z%VL>nmMfgH^?JPBW{FdkTL=a-E_>M0g0$KY_hI|muur#i((=?gwDiJg=E`XHl4%HE z3@Wi8T$e-_X#pXq)A70|R}%$ViL`vwulsES6$(WLP@kX|Z1u_LqOjAdTa~N3Ki;d& ze-??SqSG*tG8$NvEmJ@BE%2VA^8UbGsUJLX5e9*#xsrdN7_Hf$pBf-PkkoQtoEg`N zviuALic}S&d~ur|C;CabKz|ZFeu{qyb3@DQ%4fSE6lgM>AJ1HwdN7+m%WvYx45NyV zY_CtU}OWhf2L(nsjCfFmU}zYP5QM?o2E>) z_4ac^3|b@o5PLNj38UBcb4TS)9tkm!mRaIr!SQv!j9Z)uCG%>-A6`_`-ZQ#}f6-HK zed|S7uRazw2y>Juq04ITphuODT+Wu^n{rW(??u2r-qT5#PaDv3vW$j0^T?&}x_x7>HU4~TB2<+!n( zho1a5Sl~}9@12D(Gaaz?>J8K#>iZ7cjkCh>t^HdHkRVlBzHTo5Yqrz52%F2YldLZW zMqr^mQ6;920~v**@EhbID;&waT$^*J8Tjg}Nb|)`YIX||vccqa7wfl1F_0ZxpM+7k z!=Cqgn_+ajUBu@dvUmvlTM)2@gUoUA>IDPbpx%QmTS7-Cb9h3+(b2nvc8{xdwIJTZ zSQakP02(<;MYtJ~p3ReD^m^ZZT4-S3lS<$Rxd*jJLNar8TZgx-U&V6Ek@JQ`ZnE;H zCm5^m?QfNV#NaG_V2+;8@T-Vrm;M8bZ)#<+X1Mi#ws%aWtsV>up8>Ve8 zF;k&+M!GDmVsYW&RSPVm0k^a0Tay95YXv#iTsy$00cPk@TL z?IKyMAy?@(h=&QIAhTendQ(txc~^Fo4EKg`K>3DQBu-S;6}px+RVl8Vnabc>`*-T~ zeG6IMT}2rUp1FE9dEE3>F$E81#TQfEuCorP)P3Y=5bum5VSpDTV6UndO6B-e1K~Sc z@_R1|8`jmiq2^O$-=QLV(Wh|9m-@}(YG(b=3Bg}2G`+MqP6<%NsG_Q%yM^AMSB^Jg zy`I9pIu3YFJWGSm`hLme#2TCp!f@DmhKwBR%9mLCddsDqV|72Pu8)tuexNeF2>(&= zo(s&Pom?esYaOwb)rdu5&}h0!Gxuz$=u4*+#3z%Up}1_SnErZ@V1lLhe9no?2W^}i z_tTIwtphzjks3F;v;aWWcZ{uR%h@M=uHpU~VHg4&;^Mq8qtd8L*&Y%VOx`V3AMru_BX z6PJOBN2B-3o(|vlm#-fv7wKP9agoUg6HsXsAextdbR;BmlqO0!Qq!{C6_Mkx2QAwZ zP}+xpo)~c@oz`59Bvyt=Cu#-RwR@aPZWox3K>_qsG(8{Iq>|qDxQWWPJz(!wJot9^AS(TY zS^_bGx&pT8Xo5tu$aJ09EqHUmyS9c^o#a`p1l!wGvcW8x_&IhXq0<~;7DONaEZ5nFrz~u(O*D(r_5Ch+XH!53&0K|H%>2dq3vGjhCb5cO&Ibd%FsH+)r z!~@*`NB&Ls55a81<39rxgn5!~u$O%bMw@sa5~MuHzX-MBhnpVxq214%w-vA-VOHFi z*WY`yQaV3jkz`Yb6MA6gW^Jn|H(8y;7ZAiG^V$+9HMX#tLCs7;4aKrf$#0KS;HkG$ zpG34VD~$8=J=L8|!gS=ne*G+TcyP(}gzv=fajsf5gjJN~X#7Bd?3K&=+r`gNUVC9w$;{ZD>s&!M7*V7LL`M4UR$BN!@DvWVa-}j z%%-pLb*k7)`+Ja{{`fF4{32SJa&*+eK5EK4bI#q+*xm$c;0wUCPbcKG5i)@l%L`NE z)${yU)pGc-Dy9b*KVEQA3^Dw!ebiV0FJ=JPuTF+4vWYzuv#pJEaZ6h5TUG)2$!bIK zH1dX2K1)SA|AoA_itnA`1u=+7y>ws!Cy-5PLSgvSI#NFXtOGPq>H&dL{7hfX7W%FI zXp*nUU#%|!>h`~@s!>os1s^}??WbsKwG^uOxs>^E>sPjC*A8s3mYedPy~v}jT-fd} zJllHOVt^eBh{D>H_KJ>bdy22vPz9SS=Jk%BIL~Snon!QskVgE8K8EgX9Z_+B}UrwHg_L5 z)U?+P&?HTdv>WRlh|mh?C=T%W#%zu@!|<9`eKy(kR`ZJDO2vohJR}&^{pY}kQTeep zp{ncs;K`*)-2n9gpBFQcQu>G=9qFKaid z%}zk!cyB7)(7d&2qQNyY$oU}Y?D;1SU_n$ZyOyk>N-+QP8JWPW(=ockM{82wxS0mW zfL3rw?oeNk?OK=BNxTG=$;V@BSW|4y%BsmnpXBOI+}vyXA4omSJ)3O!J49*)Z{V~G z$U7pNm^We{F%*1xaIx&@=hySYJt&)ptPRFUj3WsM*py_7hnkd7%dvyaVGmbql$pFOc(&>$%Pwq*jhCldrA#Cph;oHRjJd` zjI`OiY?+Ku4`V$|$*y#^D@3k6lZ5&ePmef&oh|}1>V(A%NMJt3>*8CR?R^6`s)~n; z|IB0CzuwcddQ}Ztk+I&PmP&2y;&(LFO%#SIyi{wQ*UX7XM-NB~DMeeGgl4nJ8@BmC zsMIAsj5@|jdfBG;?slmim6u+eGdN;JcM2_G_hVbx^78KXyRw6uC zoDueFdHdP8ZhhgA)1m!)s4phc)su-G>pDdVMt+Liq=s`7Iy|X3uN^vrO3qsQ7^{|b zBo1qG)C`JGUZn-12np{ytB+fWCQ)0nlsRe5zB(SM7o4-zER{g?7Vv|Yoti8!r!zi8RMb9<@xgbp0L5@0CU46ax4o1rc;XBSzK{j4TY%0o*&$f@-|D|`r z6LL*Dw=4I6mzk`#((y>9pqp2=zP4bQS^mB7lzh_K@XNLiR`k@`#M*UP)JAyvP~ghXOge1Y*XJJHcsBEmMV*H&^>XB@&1S4h@9VY@HX>`i4Uzrf|$Ws!bxJ`x?$Ff?Jva@FK zC5W`X3pkjL$f;-u5}x>r{@E+eI8lPd7C5r9$meIrh-VI@${p74yi7|~f=46x?`Jd* z07g%Rks@Fyz!#vOJWW3Bq&l(P?}QSV@aY2A{+T4s>}l&e@#?c>k9o$6%)uANzWX@Q zN*-3nW*_bQAKV^hjybh~^#>xn|Je01ZK8O*qFD|3vRrc7lE^eDGf}@`k<^Y;qeX#v zN`wv>+n;xm7%0ZA)k4{ZYUx}n;2mi{GlXETXs9g4q`g8um7NRt3<@tWc1Gwi+ozss zSOEKvHRMHar4V<`FPv%^#YB`D-zTsflDAU8@u7Gyhqba9|cV#zKzx zfYR6w@B#r=L7;FfZU6paX|0Qf3NP+ZbZGBXabT(}cRJ=B)%U8_oJZU%SnS(hl>NVI z82)XWL6KPQMDjtyZ&c#feM;@X zUHYz1&F%WBy8i?DY|+&Et;S({r_aw55)SLrUqea~7PY^^t47;{J&l%~o!oZ>akTN> z@c+|Q4g)66B)TE_)s&z|d~2ic|BZ-&Tm$!htxianW*XIpUc&dGq|yW0IaS8R$X zbUp{FXIXK%jH81cN~kbY8D{U8>bAj=&CyGPx^5Bb?g`9^En!>mFVoaqP&tNl97+g0 z`8{*$+9trN>=t!crumut-@lNQnXD=SW9dG^(tU3=&p9+vD;&>8oEgRHyA_r5ebI;E zz5n2Owdda!_`=fpv}lH5`nJEO^R2RoU*Itp`)sb41eN-8hkqkstbbVXIvVaGwim+{ zNDd|fpwJPLNv^}@(dr6D>88&GJ;eu+F=Co+piyP4x;oquA&#Q{;K~~uB!}RG<;o~R zrnw6LKYz|vy&as#49eIa=#J(bUuSt8r>0En=~%wEFQpmMT#NkAY_&&!JTmI;s+Ij% zKg#z}S8@iXe)PMvdMr=+vyztiBKqThK1x7~Z0th%hTDUuCc5_R#GO(pxqxpO!zPRT z!8$*+nPo*F@zMlQMeJU~VJ_MF!WSH=ye9_mRr%KmwgrXstsJwjiYUuXF9Gd9B(i3!M(jub5Fgu$IXWgO;fS64&WJ?q46e4|_7dwUN9$4xP|ar_!e4 z#rZ->GxEm3*L9-R&ul7^OxTn?vT5x1+bC`kzHPDm4>0ohAJ*h?u9IR@|6jf8 zq|b4&RC~ubhnEp_ANA>Ata12NDrOA&L*hMB zweW5zGH(P6LmKD-GgC^y;oL;h(IF*UwrL0&W84+Ij+~w^`!#G~K#nHIS|(RV(Kv~f zzjm$2%Har{CUCo8^;yAj>rnKYT=}s6arTo)Wxw+CBpH!wZya3-svD4W(i>mYdRO7l zV-kIUXl5O=8Io&olXYVQD+fSb0}lmdNaGc8UP7s6v_4x2V>uE zq!z=)35#%mi`UH2A|}Q|8Ni}rh9?HyB@ewYl)Z6N!|%21Jd|K53xArLh7=K6NSWuP zvYfriSf2Int!Z9sV^i$9jTf(U=+c#Wy2JjYi{)!}2eX9Kn-24xYShJI^&B611x<0= zARf`wnRc_!MaPKuq)RyVmF=TUUSAFNyCr4awH;WJTu;Kcf zdY&$Oxl{hh2qe(HsQ-8Ga&1W!NcCK=;@M#iEwdeL9~9(6uSYl_vWlG5{5i5oWln=eCEeBr=ZqP zct7#F<508$JV655;ik;XzqcA=Txd1K)gh02Xhz5TfW!Jag> zp1+k89KJbquFy|6Gn+VSXCUIC&g6FXAvHd!;nC4Eg@UnX7kQm_H(zRG6G9-;xdtM@ z^1m0MDHlF+*cYL^Om3S-m_8 zqg0vJd)9qSGgOoKxNeNeVvKx7hVCGnFsh>VKib&v*s9*85dyp4)@W56{Vbh53M-~bvpwR{EHO$j zD}KJiuBYoAY@G_%aWrgk80;w$aKGK1B0lKzH@2{mSFVA5#~!kFtCW!zpw8;lbuYFJ z{l{dVEYao^LpG9r9t!1$1YG5x^-6&k_yPI`@XrYo?Gou$ha6Uiz{leBP)BHynD7zN zA@wF)5jkOl%Dvi^H z-`mVH|P z%KcCCN8HjhFPGtZGDn^mPxN*|dUlZVvA6G-S3abfGHYs|A3Wwhb4}YyP0tp4xoLPn z#KUO%r=Fh3(MmdF(+=^X=2#9y!zI!;ZiLt&RMh(pF+VGm5pr;{#(x1ht^P4^{XkxE zr!|1j1lZin8W8ZKk~{PUVeXQe%{Om(XT6b*U%Ob~h_z^cClxku=5yuyg%npA^+m%G zVO2MPG%smipO0hA2&(t_K-R&1d!ubdg1P6BZ4u8H;{=7nKJqY zi9@Z&>0-r}vk`q_j(o+0QG`Jwb5HjdB-DCpeAiXkIouKDzvvqbqm8oW76_VN6#F~a z>?W~P8b#r35L+CqHm?agj)h)-RvA)hp7C)Z+YNS|LVxh&zZ7A7CAuO~JhQ}Mz+bZj z86{Oy%`I`LYN%djVK1+*O51DGCh*-@2OpC318*&;Hek@Q9|E4*(jUqk9HDvTc(*l` z{A;M-W^Jggyvz0&a6e=ZJ>**?wOA05(OPLzIe@E+3_Qo^B6L3vg&nuIo=9Q1(LUK_ zIO{$qb9~`i`pbw*^eM(KNnPiR@KBzz+-1gOZqkJzW4-h_b`Zr@MUVhZ#n5?DEQ?S- z9j->o1dY7s;z|*EPDP~Lc!svs6gJ(L6Tby!vH~^~nU|ja7YXYW8bvcmos`Gl8(>}t z1vM;;@C-f7iW?VZH~(T)@G%nv3NBsX+y0_HUcQu^OcZ3low*L9b&Q>L^C)Da`K{m? z+7>`On}fF#LaZfgLb2dvpbSf!;%D_sLFqh{(WEaNhj$JSQ27$H*jo%J=N)}5|Kw@e zj$3u3?e6=DTVg|9i>HSF`A#oA5`o)RrnM7XVpHV}ZJv9ET?F(IYhcZ1(ebdj7jxqD zLqB-WdeyfPgRR;|g^^Uej(mZCEGCqmtwk!}^GICp!VWY$^prU?IZsW=3fmSe= zUx4#Tk{9Q-L5@wh6ak>>g*KXO4iikcI}Yw@x-|t315S=Qxr(L1hFL3%N zSxo<)$V4qm>FCVPkQJrbv9r!0i=k_l#@|Auiikh{x)(n#aj!UO_eTvQ`#eD(p34YM z!@G-2y&9!EX65r2SF{}hetF>!*coJV{+GfBLVD{C)cE;vBV9(4iGar|26E5w+@^Z%Hl%O0uZd*KEEm`PrsSfkf2O=~OXy zh_)JQFV~mN&Md*}3%rv`KTnuvp5O>L{t1s|4X4xHU?Zl}{Yp_e8YRao;ibMTfr)le zX<%&~@sv?+b6@zS8``0--iD$qS$>Ye9T~$ogJV2`*D`e{Us}E@KbMI2KI)W?>phLg z0*MbYI)GnSG}SNp$1nVRK??&=gZ8HCUpq%5gg?1UM7TD&=>T}kTRgu~{3x+ug}z~D z(;;4Ii~qh)tkKckR2l%(B|d-tJFF%pA#QV6-iHTuuu&t~e$wxOeCW|&F|$N!wICw> z`+LxeM&^s}^dWvCq89I1${DZPS|bzxDX-{~^lkT;_uYZJl(qv0CfDKALV~o5TDi-h z_$3}33`yzOlkJz+lhGUM_yc;jk7|HBf@0GizDzcA8SdB*-w+<6x6xl`X(SZ;a{eGz zIzOPO=l)e18WC(Gr!w$DtSPC(zUS9SUz}l6;NL<-q@s@(s_v>193EGbfka9Zc8eL> z!M(>9dVMv`-CIgzUlJt4K5H+D=|KiRdt{sP#N`D!3UZ;C*@yd8v=s{jUODARom=YWU+(+zEK$uLiBia zQ%0^Mv4cccRCz|Z^5h@rGWE;zPHoLBjQ|#;KvH1Yd`U{of%)H$sOGiR5rL22s1j&ZFrdgJqXCWHp5p> z-rZRgdK{R%H*hfH^OAKhe7CokA~hAKT}ZAHn636mR>AFXIDSb^JJnG%@Nn~u3*RNl z#8p{}eA(XmHN;epLj+n?ANbnV!x9h?9J%>C$HeF#CfZ4F=^i+#ZTxHS=}}#_LHBG% z;F_mV$$6lqV(IDmTgoHEJb4OPT;fziGL_lJf#-=ltoj!#35||DBC|<*Z7ba8dvF!@ zx~NPBw2Qv-_gCm)Rsdp5^+HQ8<>T&Mfz_5-y z1Xaxpjiq}|;=Or-Ns34J?>&dc4OSM{#WtNM`$b5* zr5BOhzRFB~0IT>h^y%DME`0-x?hIy&975Rc$eF50wHD9fmmt*w@}4*Sg&q^=xaD4? z8~ocfJiViv+!Jd22@{7}^NeflNNQ7s zdBzCnjds_-sQ>4{w5;te-5gw!py&fMCSZ}if6jw`NHaK~XKxjC=%k%dS2bC*v<)n! zlPv3(6Tn_&{0_PPbBUa;B{}8#sbO=?>6X}x?=N{_z{=3+tcGqWTrs@1U{PSi=Nr*L zi)q`zi5!nSaRJUX)qzcbSUizg_{es*i|MTj)hMbJY`InSD`4l>rA!n~-$&*QlsVWZ zNT|^7F~+Nlm2C5@@Eh*&Xqm?;{m(lzsvNQ;K|wmA&1pQo+)89&wTwV>kyV`MCpjSvHW7^#%Xib_@q-|;+cpTc2~Wt5kpYt`R5_CT`V}*omQ-7celm)Wtep7JHFKZLK!_!6j}iF`Q)5uNdfR_uqdx-hwXRyAk<1HS`~ zvZ0_nvv>j9Du^3ai5mlUH=M_;e*NZn>iekDwe~e1=iefj_<1vm zawTmQt+K*Sh&pTiK;3=6sdR%i4&h^WRrYqrPDe*K2*0kZ!xj57o7&akmOoutMIIi( z*KSskM7|0iSEA=zHgc8<@4T_WU+FEu52^$^J~fVKikNj90sld z7vFzxpB`{JR5d2p91S_lS$cFB;=SH-w#|CB2`<{=#;$A&7FU2o^opj(Mc8`UTDyns zGn~ZPJx6;1f%a%R_dIu(fv!swd#h4rvqjER+xN&%SYf&@+Kdis&s)Ly8V&fF-r1{6 zDvY}6M)U;Z+Le{IVUz^!=W6YRRlue;^ZqLa;Lr--SW5WHk0|UTkAeqKSW~&2EpD&7 zdF{YcoTP)jByjFX#)8_B50A1;6MQpM(p`N?)@$r_Dz_gK;oGH!Mp6G$YKe!Hyr3nn zP(=eBZK_WbS4EkQlIvNH&_R|W7om+^q$x*F>8DzU9E%4@6Y|gFcN6myy1#W*(>wC6 zY{Ng|ikv-4GniAk2cB+yOr+V&*R2mm9u+6KFS+qJs<2%+x19&_icf%uJYxfKMcb&T!o=@>m4mtj zx3Y`dU%Ec^bW-l{O5uma8QODQ9jyf#&dIQtUi5Mjv@)ue^eaVI{Do6t>GjK^+*6_F z*jb_nz+J9TgPjV2aZ%zS8JH&x7D$9gw0y6t83l+w!%|Cc)(ny%v z)xU~5*LOcA|FmS~*gJ3Jc1t|{kv<_*mo*-!0#5~$c2U#yyniflpIlOuS43x}tf?n8 z!hn-Da>F48DugK(3Y?XFVwIdyC{%>U&@h)v($%&@5EMcWMkXr9RhOvdx_M`8i5t>z zW^Wm?Zp;b}Hes?q7*1(%=x{i1BB(0R+3=H*T|(#=yPhLPJj?ntFb7RezT)+3s^%D$ z7H*`xC@UOe?MuInhdEBHdtTvI$h11dS7cbooHYS(%$%Ofgl_b~ca_iBCm)D;4&?&T z0;`a6Q6>c3-AK)NkllMsr}qd1K8pI_i(1Rc z`O_5)2C zTRt)Y<nc<2HBR5X%7!e0v{Ek@Yx&Ou>c$N1{ZwE_o?9usUk^bS3M@C?3|){$sT;n4EQd z+%IR?jq_o67iHy7$d7O>f7%& zwp6<|^eE4YL;om^q5hS=o)(zTbfF&ag`j#>&BbvSYc>KgHsh8Rw*Z=z=h`Iufdx)* zKLOy4kl<5P;+;Z`(zpX$V1$2*NwUdBbL7durqj=Ar7=`^z~mLR15Ub8!tgob^*8RM7 zF<{gAk916MbjL3Zi2sez&o;;hPAxIvY|^8Z_Dq{R>Ozb&;%diyx}1$+ET<|Isc(;c2;qKSTZ?~IhPgr7mRcl{o?x3g0A7&~y*iJn|l!S;kp1-`xI zQ%;*;yV5`X2l~p_-2q7hnFD1kTQPq0h(^?tIBCsk$WRPNW|2J8!h(HVH`XxRb?$QqlTm~4dR19Kp z`0*AOg{p&!*Rt5A*UO*<>Z1SK#(#9eHDsU!qMjDi znyUl>2V;Q%J-vwiZvZm34c{NAH;n%~YS<4*IJL8=Giq~>76!MdkrJ5az<&>M`sRtzY(srN_YNO6k~VGnk@JewQBm#dDf-)W%F8p%;7^P5ZX$>lpI zxBmbSXk{6URPTxNof)(G9@qYz?(~h_XxAg~U++FTu>f_y`JY6$@JRKXKA*Q1IJY+Y z)jekZ@Y{JXKDe04EWhlNtlOdPLBp<~p3l0M5v&E%JhA_2Gl=#T`KrzYZ-pv-W4P)~ zjdO#D3s=SJL_5uqopm<)AE*Op1}6xP+5K%b8D=Z)1?D)d86t@qSSe50lRN92l~y8R zc5mF6=xm??&#kPX$Z2YW-m#{op{&=Y$asS$nReehWQ-=FVhoI zwmjFGEpMs@QSM(Sh=e`EMVDO#o0n6DMjH=X&lBzXX5Rtccnl zaect`9x41@o`1Te>=&{!9CbpS{tR(iUjyfS(3ZxL^<-4Hk^b!ft&gi=4vH&kIUlVd z)#{SpI4-A9M$_`Y^UMAXfCr-GFD%&tjqtR89aX}wm?bvqQ{QO(L*@@lW#RvaBft8i zA!+#E1&+t`BR)#w&Pa_Kn3lR*y7rtl(%nQMt!E1p)oA%ly?PH=7Ro+J?@l0P54hgn zHhL&$&ufZ3Ri|XVVXB*1nD76@Ym`}1pP1d(kbP`U$w=tLjK+$kM=`CXw-9 zcY=dHD#qCMDx^mq!F=h(6llArI3^0q+>P#~0Epzgt~LKg71@FN%L}iRbMZZ}s!TJi zP9K-4&l}O}Y-H2@nO4@)q8z+Wr02}?*{f-h_B>ooq)dCoeVBHELO8Xe!~eBR3uX@e zKVr=ARq>g`hlg&TM_c~Xn#=5a_}TSlj6)BG)H~6pnE6)re^B$EA0XckH@&ZTo8fm& zi*OBnbDbsB7|$u6cQN179-^+RuA$M@43MCNtRdi(vf9Dm2KXTTLGOeA)h=*9Q<8u4 z`cK=pT!`}E|M%xEXgD=*IFB)o6MUV13vV?*^`#BUB#U1w(Il{aeq-hmnq4ABD2!Fu;N{gvmkI(!H0I;Q`rVK)S@Y!1~5eHBX=A0sc64-#E} z2VwkfERuiJ182_h7bpw)FU0v>LWy@?Gvh_f@Zus>qTP(31b*}PPT?eH&`~YrKg-y5 z@Z9t0yDvRb(}jE9r-M=W?usz6ymn8u@>9;j8I|EPo(uZm!2ii@%jvi8Uhpc*#T%HK z91NW*J}fE(GOX}`uM*Y&4bcM-hH90UY{ABwwysfym5T*6-S|Y6$FBy-Mf=+CP4Qp( zAs{-zNoTAc+OB!a)<4z!gc&2gC0n1y$II)vPy7C^l7ag9x91%Exr*$|ecS(J2L=a# z{k&S6Beze1CZV2j8E!Tz`GuX(ZEleZkRo_J!sp?(+4)bpB;8IPO}|K)I!a{{a4Jw z+`cZ3(8wVI1%^8YPc6s02-ZPN&SY{P|Ao(g6290WBv4D9E4F_3e~U?$^;Gs`Kdg~h ziXp@tQ7&n#MwR1WQ?ywshq?0ylN%lI`M3hNy^W|H{aSNo(4`%*i#aIA=2NS+GUiX3 z@gmY}!F)gNGVN(?vbeTB=k`vS*1=VG_XzoMr2Gn_I|~<<@*iq|?DpXJ4Fb<{#;mj~ zMu6x*3R}yRUW>udFVW$Q<`G^>zrgXkJzRWLsq?Q%z`g4kRB0cQ@Yqfy`*rE?Izp5& zVJuuJcn4Tv{}dDDaWU#I*Mw#!p{rhsQS7*4fmP3qyPi)+UdLFyHij)P)PZg^tr&#m zo*;|`;X8D{0{5-D$pqeiNikRVMp%PixQHCdrQ;;TTJmkr3uLLhb)~x`n~XcTs(Y6Xh};; zOTcC@>mSY2wP)Xz(Zmpyv;OG$p7x^aHL<_%`Set<+@H_+33J{3g+_OGSaH&KoHxCp zJ)y(5OK-9L>@B@?G{AZ-%lkfXvXX)DfKK3&VmpC)o%sDiew$LJ45rYzGn4>nKNBv(dfFs{XZi>(Ia4sAk2vbJ|^Kf;Le4DI* zR&+hHHG?RHm>i_%q~Fu-?j>eIzUjsz`REe^4qB8iTGN@Domvuf{X(i&M<^W`DTYWe zI5bQ{Pi-}68X)vXiB9%-$zt;NpYLK3y;YdhLhl#BHWhmZV4YX9B)lFEDI8CjS^Eez z_6(Nv6k*S|JrBxM7$DD&yCnZ$gz&H^vkjU@+|wx~69NxBuF8+yD;7|r=h1fbhR@9` z^Ms3I6!PTkY^~45dBm+^U!Mqc8y^Sh?K=!14x_oF*ukeQD6Rq-|Hc$oP8}ZZ02t5# zPGt0M34)Bz*KZv6Zm}#9ot$}Wd|ujTuL~@(ogLz_)6aw7pN?0dbFpg9CPoqVWRbSP zI*}P4icGhfbAqDAQNRHsFNOp;0|^)}n);Ul7w_vT(Oms|Qx=>^QAHh%RQE?YQ?M(>s#lT&J#9+}#zoTj~Lebj}W(#f2)VwJOI+y$R(zD!EqZ^u4&b z%lDb{^4yuD`}1eniUnFNPu1X`ohNK^+RAsw)E3m#RB9en7-8lY>wR$NNrS5JHbx?S zRkI}e`det^vUVpz8Nkklg%0^pQ z>CV++AZXhZ=G!iXT_qeNwR zFD5Ed;WM@dOL?zKV9B?St(o`N${c|@Zyptg$8mA*}cHx|uoL3~d-%e*S8FrtvIpk2eiI5UfZ}1A7P77mPlxGLdR_|6nPR zl;Fsdt3ZMs(kKkC!kpICSCa$tMj4fK=WMju-0+_K)&c-!153$;vFjWWA`6c zB$!~|T0^fwRZ zlUfZ>qt!ef^&LFOz`!u6Lc?QgwW;@Srd3n;-dOFOYyY@1RYltt^nOY8#-q*@WODuv zpHemsJjkP1n|$*+FZ{MYBBf^Wcy3HWM8u6-_mG%?hc?1DP{0v9s(2J!g$7A>b0_MT zn`}JVX~T**_yzrTx(&+`FQ>ZXB!nph6nTcb(^v2iSAz9t30Qtm9bnYiV$E7Srq?ua z-u4&9qn{X}gP^d3?g%-=iO}8Hk_TwuIFWTzWota*+XxNcZqUPGv>9mhjMEH3*m}u% zxA*4RR(0D{=qFjyh-!~~m7le_%IImJjIp3z#6hs(^&NnH1yL|nx04KjJyM_gmSu&+~q1nC~`y`YW$zy*e zaMyQTplY2a`HDm%Y$Bxpmret(2zzS?9*7!Ieg$Pu3wSH%<+;ctu3%L%_%bFsMp4DQ zD3gDU?R@gS%m{ov`7s~3{OQn7~PN3dGiMf}lnsG})$0~EXQU`@Zg?d?x z1lNB-C-YrkTaD}xnhA(me-x;&eqMWNT(t^Bm#%eU^ZgKB)kum z`>CHHEQd)pYj|9IqQzc4Pa!p;f3mXjYmew?GAlO)$6~_sQiI1r19u0=S3HUYblM|~M(~!Ua%k3Gv_w??%*Gp3@2gtN;Ic`9qriMu>3_juRPU}}l zXefRLlk@PcCfu)VuZrY2pZBX5exDCk78=VNkCjJHZ+}sT!_Id_@@Q2RmE?&2%aB3f z2vM6BuP8ZE`>S)1fV`55=yOrr05C`u$^>8iF2Sz0mwPFhFB?9aL@PJaWHZy;SO(bj zyX`Q>qv=qfg$nHz0Ob=#uq-Uh1BB!a6sF_NW`YqNu(dTy<_LHl8Fp@qs;5!wG-y#n zTS!SG2;z9Ww}1Ys^xpZ{h~D^kTA>F7d(r-ZqP^=6bDzQ0MRlFLyJDS1YyW4kR#RBn zXm5S(BZD`tq_CVR<%eKbm)G-s7KfW8VH%mo0$gL&SgG%|!y~{TNo` z!owc>@P0gx-tdl*G`jG)4Hc)cHaCCXS;&&j6fY?&LJ1Rodq#4#ev(p=*wb!GcfY+1 zbTBzFw~&ba42OWvVR~7sX%l`i-6!v6#xyP4b~BHA%Db|@QGNDCJDN2?>tp6ec6dJJNEQJmiT>7BPf&C^t4X;s z;obd7#XJSNa-u9E7Ja%diw&ED<81OSmP%=@NBGCv)oN}8&6uLC-Tt8+-e^6zFqzPWv>p>D=KNc@^z%UDk=O2)mYnmBh+<7v!kmfN7-~;$Jo~ z3(48l2Ld6^N&LOtCp6m zLZAC}vcgBWkgARS;~%Mjo>Sy^Va^KbEVSM}9Pwf`6Rv!w*ZfIJO&zCfA7pKa8T#1; z>@!jhwb2a1VM3byAQV>;32iH;H|5+F#SQmL2Bcy{h-8A%v@fGlsP=n!rR(B*EZE+q z^BES7PG*C&Yozi#={kz2prFvE6#vwhCx6KvDJYy0sctw+Ygm4D(cWtg1;l(7c@Zwf z)Zt5$NSVFHAgj==t?-`5+&p2H=$SWp7)V6Nm_gR(}R zbY_QmJR+t85+wpPJPQa}V)Ika&?5VF5F>kh zcpL~GB4tKzRk2`Xa?uP6QQ$dS4_?nhWM*8F78DU{dl89#k7dV+t#mx(B8e+g6iHAU zk3pxx!NF#qFNvk4a7=MXzr9NM6_02i-u5(T{#IFe1|__3tVhon*2kEEUa%8oQ>|#+ zQO)eJT%+Vl(285gw-FC0FrLpki{-Rfn{OA{~#m28s7IY7Vz( zM7qE2?%B)9UF^Jo;FjMjApNMTHAaE>S7#rGiUlb%Yd>LeovNj~9#&bPSLjIwE-odE zCh~9=PH*_m4qm6^UH*5;9v5Zl$iWjfhJRcN7afuvjLh%#Ae~eWXIF+msTr74NZ1Y> z2=d@_nz3hO1U$irr-q*p&4vLg>|4S6-jEB)iamWhk~#>H|>JY67v6vWoZP z`o6`J+i3;{#vbqh$cfEiI*2xs88@_BkEMX_bhI4^kn{bH%LZUA+o-%JEUBje58!in z?Ou^viMcc_sb^Vl^haob3FIkc@_X#RE-`<+-yK{lTNs?t-l+kCiBB?PNsZ>KRNbA; zwa|3~8ZVu@2GFH-XXfmbtfaiSxST8AeRr~uaVVPasuqG@*dhv__qwlO#fb~Qrl7ul ze>QZdKn5>KJTJmU!%}NCXko)(eCp)RO_gqBPmr*+;h)KI%7eGs!A^TO7+x}ePslKN ztmEWV$Ibu3vU5v$KfaurYA6={H;+Ku{lmXuZJkC`Ypf;KhZV^)TBEGEv=kQM(@Lea zlbHlun_{j?jV8=L|H)*9Us8&oC}3NMl6<{_%Y~ z?hK0drLcN>x_X))kzldGU@o=&?V0(-p}IzVI?g4fwRMC*O#~qE`LVRcH!COQIX^Ft zXh4$F$4(H?%h={tX9ro<{2A-rau(+3MPi7A-0r)8znschvLts?UK{s^82M~eK5y%a z;wuOlJ0ccU%yKn9Un9K?k?Ib;bIbh=U*8jyjMLk)`m+ssNo|CucSJg0G7SUvA{?0q z_1jO65MdNoC1e{7WO`{MHN`?R+p->P(*5=+WjqNMS@)2gf6!JV^hg-b$^`^Tf;(b} zj;Jl2Bla9B+l6Fw|JX_d*m}kE*FS=O6Mvg`LJ77@yTR}6`X#&yMtt6e0)*sn9%h@+ zOEMuUnPgb#<0nqH>?%=E&tc&n=Jj;Yjw~ln1?K|otEAy#1-JM8Bslz}KW(p}_P&&M z&-LxZ8U<)VqWkit?#e>6$0Xr zd>gzohv7YJ5$LgMJHWm5@fbR#w#||Q;-LkG0YCa~vFzB$#n}?r-b*K;9IDFJ{+>!6 ze%-u9wlxmABp6XmT2}PtDX}6al?rvb+P2MU>inu@86Utc*{zL3=lUMBEH5Cy))tTs zFw$uhMS5p9oI!d-Bfrq)HiER>NVV(aM}U2mvfXy*H74N*37n@fgN-PIjg;ArEIj_= zWN{sX>wHsWye+$PLS=;{x-F1W{nFJccB8Be&9e9HQUHL=FI=9ayooCF3pQ#s_S^AA zGuCNGofsoBgq&P-d;|kmvD-N_1v0UuMN=$3)v$1+XYV@ux_WwNAnN$e zJut_8#UqWq^$HP97^bJPbmnMf-DAL%1zg~#((P}3l3(A2j!(=dc7G-%B(kuvwSJ7} zvp2LJjpG5WK-4qJ|02DJwTEr8w2q706~La~KtC7a#?Fcs-nT z_`C_)kl!7zHGF_##FdoQQ@pnuMRVyWsg~>S){@xUja^)Q^fod9rouWTC*1Dy286TsZR0}-Ky2S;OLprMI@DQhVuC&ZM` z9F1oVxfzW~;jSiEX~X)eCrL0ac_Bc`RGFzqd5+}hfTjEv-5QV)b;2W<}if%y98 zj|)wExR=E95E`N7+7DF?1BD512hg3kbc$H`+X+2_T>mG5-nWALIiYVL_x{~8#b1(s#mGg z(h;zG#QiL!YRv0`aha3?zyd{mT##E5scB;oLp>lQ8|U%Io&|0 zkt+ib>;1Aaef#^oaZ66JXztMX@Xr#}#O+?qGtLa}Yaqxeht8_Mz57U~eUjh=0BuS9 zup)U>mN>UF?Z@#Sh!?;&9BzcOv$MOqy8}!C3k!?S&^^JL8(t6oR)7BJm;RM$Yj8tb z6Pvn6#zEE4R85OZP}fkHUYx9aI%D7P`uN`eauJ9@jR7yBZZ@>O)^aFiiY1;}cxWm% z=eocv1!$E>>JMF?Cja%D&hOC-Vo&#_IRK6B%~1nQ<>cfBN8@3j;^oLG72r!LQzmd_ zSdZ*C@GsV9ltBZ^TA^7N%cc}6%*4eR$Tlm5MW4yJ_B4&2 zbmC2Yg60X)D37q_LkX6Fh)duVSSPHlmQmxZsU>NVICvJtLErUd6_bIK%hAr$v5Ht^ zTVOg;i2d6u%7Lk@^Yx zFuJ5iAn#OC3Ra&sFAwwT=cKz*ceO(1c8lZ7A4@rs`gI8~va5@V+ge(sb7)%?I&_&B zepkIJOI*}9!HM{SliM#Wa&;MMZ&2$0l*U4!lo86~gYB!{77MY+iY)hB&BK7>9Bby2f~&Q z=PNc!_QQZtN*t3>T&Ly?Y=8b?)4#R``?w5Q!~!Yg_-*`zpw(BrO%k4o|n~ zJfV?Jn-sN38P&wTI`}jG`);)fl+agvV@kKx#s=LrJ*E`XyJDM;_lb_i)GNzoqh~AJ z`Lfv~NA_}E?zA-KNhU6E-^E8)I>ABzU+1j{?I^i%cIk;jMS(7BHC7|soa!k!k?s>d zAFEBfIupld7aKmgdB2-JVbQ92lGkLB4k-@I#NXYG&ryR8r^|3br1z(FyM8bpq-2aQ z2Q+Gpc4t%~PEPB4QYQ8eL7%@Edz^K>dGvJm5c(W*-uE^X%@|vHx?xDfCei6MI$r%c zOXpxCm9X}>(01?S*W27I$n^3nQ<$SbPuuV=tK1Y75qUbu0z%K>B{X8GeHq=qegO{< zP-=TT|2Dc?B;vAm1Go;aHw%QI%Ll>^>2#KFJjB2Flz^x=MmRW#pXu>xhs>-G$m3PXd%erJ0d5XF$?d9w^BmhEurX`Z9Qe45zs&P%g=#}8i` z#*v66pN;~^6yj{`y=L#lragbIUBj+Kx$$V9d<{a^1*W`-H`srYLS&s6=LAX_?IIvt`vVfe8ya z`iI~9WzUD-69&}rdJ93K_l@lC$B*Npg_AE}C-W=TE_reUmlwJ|y9awt(ud9f2&2Wh zqw?tJcOldhu0Cvdij>HF4?^^KZo=v{V01Xl%zJ2i8P`mr(|UYc$PyzbXXc8hgF2SX{B4q{JFZfM9(LTI>r?kn^lne&gg%ek!>si# zMI|LGK$cO9&SgH`ZHHVYDkMUQ>V$e^q{ouy3jp6(_-HluW6y`l*zOZ&H3#LMTTRc; z&HO$ud9}5q92`G;PHaR)1}3$)TcLnMVr!}!3k$2N>;NrWbGY#Op>TDj4f_ig9$v?O z<1IH%k;V&s6_6}#+WPSD=w#vC$J^UO?8|wW`#uSX2l+>~RM-om_6})Jt z`Ca#MF%=;6OGDWo8S|EfH&}EUciW%l=9F>j+$YYp!_O_fLxjHf{Ipj$H0)`Ga#`i` zKwOdYdD%N4?D)V0c|UJ?h;~X!9;d|5Dpo8ogU?&hFe3WFnkpyY^b~=xCyeWQL99kr)2+zR#Vk+Ka=lESkNA;Z3o`r{%BUNHa}lFh9;Wo_u?W zwp4=N+&O9zsFN_9`x>&AHeKk6-jGAG%D$RnO-$Oqb0t&|b*Ig#Yd`*IosK~c$yG@~ zU}{X_k$f{%|2r)3ewyt^HVmiHHm!JR|7Ra01-GWMUds{D!J`rY#)C`3HKSL1GShph z_t%##cY?Yut2(`JJ*eNTt5uHfT;wjST{|Vyvs9pGd@d?1eKB7}M0__XsW4+{yZbrG1Y>;ggohRbi@u9oaQW@BV%A?wsm|~_ma z*%F2lXIV;}wM6Uv<=e<~_X_EcA_Z}D2SL|8G-Xe#2&^L~g=Uq>+$y4{g_h+K6VF+a z5b7qR-#AQ6lxL9UG!kzik%VD0BQOm>(ITNTMQ7sP<7H6GlTCM6cEbp}&D}v-^Q+Uk z7|rytfAM_(7@Q+BE;uh!c28VcA-fFkXIUK7^Vf6UQIOx$?R|ozFVz~$v=fyFt}s66 zcz&HRA@JF~Ia`qo3)kxCX{zC@{oYlpX`&%=5E>qx#p}Wc`c1mDIH^~n116wQu|5K< z;Y_y$AmbtUJqWz>?zMy?ivPNosa;M$J!~q^qWdr9%po)2uT+I2f5CX$BIjoJxg09o zt>TDc>?4ES9?vtLqGIMPn^A31Or(Y`A!Je><_M z1{eVFu2NWS+Bt&@&JGx;sN8!jY&4Hpc|Gn3;tUXt;}e!7r(`mCymvV9_ZR-J7Qmek z6c8B9-(gUf5UmUZr>~RdC(FO26v%3iOc<7}FTT=o+jQYeoqPD=H^TQ+wj{1fouG*3 zGTse--Ji_r_*kA@garW~PqGQATrb)+jHOCrHMO>ux_#ju`8i!!c!*HJO>J-7Z{~5b z!HVmpvu*?;f;D*W7CBAm1}@p<_U;~4cjyFjq@#eR@C96gfr7vAu6D$^FGn}bgZ~&+9$%Q7rp@x}x@c<3-sz2X_f9dM(H86ZJ2Lu|; z4yHF41rkB1ih{V?xK&+2ZGhkZfNbvf~jGYTDyInFqM&}kg4fn*qp_Yhtc1x=2Vxy zc^N9|VIY;1$otT(EtS~c--imxPD4|=;R{yJn=eeI{W9Etm~6T)CoVoXx>N&}oxK?Z zgzg^vU~+SEQ>1!PhqhbB=!}=tX>r)O$oAv#b-gOzW&pPr8xR2OFE#rOh}-+4+c>LI zyot>#*OK|NEVeflyn&QG$UQ;9PnanPtkgR!FP^`M*4JC_!YkUf8%?Vc{)}gI_|}Kr zvnWMZwM6BhadCCP`jE~Mvx%U(=4AKnk{Q2s`6tGFg|qFoZ=cf$7-Fh%R5Hpg?Kb57 zLJK|;QdOD93=4N@ZMO3yiUy(yHN9e3wwGe42=;{l%|Rar;+j*7B}hrr_;L(pcB;=<|QcaD0y3|;r1+9tlEy|$Q9AQAwYZ3_DzvTDmdbzlPMJBi#4Oz z+pexONV=MZPmMW6a$-1?g-miOh@<_qtvXwP!$1wMG0HVMiG8GJ^(KNx()pYNeLq#A zF>}GXFX^xwd8lH=z10Ql2RQ(o&|_wp8ku|8?*8_mtN}`o5cV}oY2mFMV(eu;$e(vxcU!M{++Of^-lzNdj|FKQ zX8s|YT!CV@Ud;3raAc}x6^;A`Li4z#=+>_VE_4ZuF+ftqX0(u$0<$Qc^|UH3?yEEj zNlxn=0NV^$*28s5-tXYT2LbU|_B0AwOXJ{V?$L{qI%f#uCFu2>6pJsb-bX}}FK{D2 zQqZL+IY14;$)6h6_Oj)jztHSEZ|#7xS>*XCPffCyb;fy1npeJ$l3eUi^#qD?tFr!{ zJY?BTZ264haMZGZLn#_sX&`2VX7!ztsk=N055k&Lymln}xB@3byN0uvWioD1nB#Ne z;?vfO8D$JcheoPvVZaE5Zba*~Rf38IaKO^%S>3w*;7jTvLK&`Jdn|7(Wz)TX#a4?RYSw&d1swWblhf_=@n2}k$#rX0-95Lw+Gqx!c{aZ+N~ zZaoG$^tr`F)4hoO5FoLf56EZIbT;!&-db>hvc>$Y-crpp872tF;Aqm*ywF)tMj_;W z0M=H)sPS6}3}}dHn|cJ(OIh#^H7V^b9h9B7eR8DUTovE_M5c*V{%ZJQ;+P!-duR?g(_I6F2> zcoTLf1Kbwr_1hElj45SObQjE89z7OoJh#@wSc4o0V2E4P;I=?(NI$B{m^(765dSSu zsL(jTriOl-dQLK_xstrRagL1;M*+OlW8t;3feV^HHp;csELbk$?N?t=YRjz1$&rxL zM9R$}nkKs-`f6U`$(L{Z4LLUS(uqhwdR|ypfGKM^pdDcHCR;*5Ge=Q#;0GmB))$_E z3t`9>b?tv?^84`6DgA904U&<|==3nYYB@hYZeRweIBaOGjpwVidGHxB1RT(qL!LXG zw$b6f82=Y?nUwxaEz#KBEeK<=OaT71Cm5NVpa;$zdq(9C_zXxTfTE1yk>OMv+&T>_ z!`!8~rJvV&Wxzq39_K!KZ^cQsTx$tZSV{bEz1e?yL<=JDnH-blb{V#d96m#T7g1Mt zQcjRrQL<4V9y7JCAS9(J$^ZSg#$H(^eg^zo)`SajTc69Bqz#Z<#r+KJY{3<*j-pU7 z!^&d%S3zB*$xW~UNGDV{d!N7BJLBD|=-cnL4uWhi-jK?*n}iBx{)LcJ$O(ZqT>)G4 zdk_Lv)BMj`WSlP;80dHkx~d**>@7L1Jk3VCrw|?wlenRw)@mG}O^)#`TT@)NFBz=v z+S*p?W<`>DvutKkQej6Kq6JBhum?G`H31tNKJV-13g&goPGBQpVfIN8O`i-$_wFN` zXmMDAd#aWze;wtgv(QPz0(k`^qr6B21dX!#sxCa@0G21u%B|-Sloh!QO`riQGqX_1 zylFPp1hvm|O;$jGX;3aEm_>Fnbr<9E*YK3Du9bNjKfyVQSw<1Jz&hiJ*0B;aKtN(` znk0t|RmMW&^HhtP@%E2cv^b44ZPZ=YN1TZPGeK!7p(<{}Qws2cHquAz(#lYC%fQuG zKZ3+9i_95c>GDp~AF6fd-}cn!7#l_w>J^dZGn#T|nuixs52sp4=y6kBq;T7hD6zH~ zgh$_MqIsl^7F7%Q^QYPCTYf9&FoPk3kk9jN6hfmuquPOpeszNVxbj4_@{=azhzU*} z%Dm!9@9cDDWG9r6I#b+=n8;dNDjAhQnnfyEcD6U>nXq&X1&=z>_S5!OGA)3)0kTTs z;2$*d?o~szB`PlBMGe~i6E*Jxbbqu;(|pl-y8`e^)AqjFD;dg^{?lpy_3g^&+Y$j_ zo0Cr8o{0bvx=gD3Nbiv1$Me|&zxNwq+l}z@lnPX7a^s^uiKvm$Uo0$)_9nZv?micn zqtwo>tJs_zAg1#)ycZ6dtWnJZ=-1Wc-q7Ok?m2Eik$GBHr`cBLVlIWl?n+yw?R6L^ z+)P5ph#^ghONog~={mRxj>hqNS#<+G*7_l)uIqDq*;P7I@TpwaK|eF!MNSi)c!e_p z)LEE*%3*{PnR@kLhQXI5+hPV1P&ABFqOveGwdM5yYOKb*(aJdGDtTx$;3UwnHjKue zBeQ(28PBj16Wq9{Z&

2szzHPu)IkXRv*Vql?<9*&lzoAHfIm5Ou2a>rNAGK+#x& zq)`IK9?bpOT89feDCAr0RUBEJj*QFT*f^KntD3cQy=304^{|RwX&%o?Y}EH?aa`D6 z$WmJNlGWkMsMa&*8Y!O%aBC`ntolH7UVavj-PUW9a~iE_cmq#Dbq!N=0shF)xB{h@ zMWKv$@4@p5OV@OkPtqz)VJ5UXmoVGDm_lVo^RPZpM%Ce`>|JB z9-sKiL72BO856CmSQd#z4$pz-3&&*eD`GNs+h6icH9?v^ov!deJ2^DbfPL*(Dc#TE zlhs6}()(BkhJ%t#HsYl+|PS^o5SZfP#t=-7qxScofj2>fjMBwL70m{2xYd z-8|l|uy4twg z;Z*_PnN}R=j!m>&&zGE(ML`D#@Z8TbuTPZlE>uU{#%-Lwj-D&gSNvYASva|{jy}!Oi9~waxkI+}4{@BG%{aex$?aU2vkzLbeqAYLOR8BML&Z z;}?`fYy`I0%il{kMb2A{Vqk4qFe`@fmynC(# zF)KlKV--p(mG_HJI06-`h!hBhMm+B2V_)+!E*_6?fJ}x2r&_Ep+C)$I9Vv+(zOs79 zSB9MpqXky-(=z&f;?d37wa1+w(Btf>=N;xIeRK!4Z68)1V^F8n{SX5oK z_kc(vC>;U<3esHygCO1A-5}kKq_i|hmvnb`mvn=4clWp7d%t_0`G;p<=5XfB-fR78 zSqo zi-;C|^BK(oh3#_cp!O2V3zq@_z?M{LF6f{kvA}W5n8cX~2LZ z5x;cfZEdA#f=!*=wMG&7-g}4lW^n84id$!DcLmf#cQqm1I;y>amt<0z(wV-GL0W*I5dWd&#YYmp$F; z;a_)!BBY%WKnOp8FG6B>hL@IBfGoET6CsaZ`=+Edl znZEbVD~@}ecg%#C`-^2S6AvWS>fTj!SWES-UL)cQOq2lD1*$=9&-?D~?m&P4^V`QV zXD?fumzCPp9$aD?`GVLqWOW@CLVWDy{X5J0sQEMTY`HI=5#6;5B|r5sqWbKs%A~$} zxb~`jB6s`pA#?HPcy^52b;!@3sK{>sz}2%8&-G%=48qCnDZR5yN!sV)V)hS!2qv3Yut~Z4i|h|lX~6q#G%(NWa2J01Dh1lvAAZ} zDRz^N5sn{T)6YhxZ0T%V8Ifu9kboPo*nANwOh!NP1_!Zz$*@s#p}wHn7J!w|SSWd7 z5R7Czrpz~#RT>Llb_XBcfRy*a%=c=g%(4h^_e9~Dq9V%pqI6;{7&Pkt7CJ*~T`KGa z9o}#&wl~hN290d(sQdQR?<(4DP4q~WwZTFFG}(uHT0~9lljZ9t_|E+rEA(TD))BkY z7nN|~r>EI35TBtfzVpq>@y`a9S|QCSk$r@5Da>|~=Qn^VzG?G@`L~JQu^+;)5X5+}Va_vPcLE40?##stMigR2} z)!h5cnZZgVOOO`%cKQ7%f)7`whp-Hj8c*!vpNNGZvwII`W=Y+@ajWZ{?@|Z&VSfBT z45ET9v%%O)D`}b*rsr9Lxwv0AzU^cf1W2Om)8Ddh0 z*1B{WNgZlrmd~k0MV9PSxi`FjNB5P0O8}9eX=bZ*V3{IzUrboJ{);9*dP)SZBVNfRItLt9F#`)mFRnh5SvX-2)9X|kx~t# z)rFKIP6z9Plx?|^FXtRY;`MfYmApnsScX=?;3Y-NdRm09efTz3?;z1ayUUP$Y{3~y zO}|yZ17R(o}AaeJ+O z1d1ZR2(Qjm^l{kq#)Sp8q4bxt#WIaj%4wb~xq{e&AP}}6)P>Jy7fWNNtfUOv-h;C9 z=4eqtNp59o&h&;gz0gmx-zHPm)V;c~P`t$Mi@9Iu6t(#-TES9Mm%2iB6_NH$OY+2K z!Q@`}%k%T36-Fs|8$pB{4e8b%D>BC#C;gi#DlDK=&8VZ4{5^b_&OPD*gh)>dau{TO z9eDmEptnj!#H{J?m`{FRpQJ9foF!i%y&KCC16WyOtxlB0wq7cLl zef#&UBd?-h8`ov>(MpifoPw)G6>Ex-JUM6!52y-KktrDK+48Xm+Q*Uo(1nopqCEff znmT{wXu@5GpsT6xr!Q=$2d`QTFG`TXIS~eEIeO2y+&)a0OEd&5BcD($69Orz3erNx=fWxoP}qq%uM9qL`CMCGAgC#hV;ENzjj?vFjp>3AMD z%~0XT>e_1p)Y7&``;W~uhpC{&$~$SztV2MF_@xbSI?UPhY7K?dt-91?HK(-X31_(7`-X>%Cexzo2{P0D@xNp&drc`|G@ zhuIS{X{s&y4N9N!48IyD)zs(9s_DpZSb04wl_(F@x6VC@*fi+(QjezPI{y#SG_;@^ z|4X(i69;RFs(!pv7R74G#r0~CCV^qT<=4>Q#9ftfT-AbE{I5K8G9ONJBpo62a-~ny z3P;0d{z#ERk^SPAhClpX5Ao4+JdpBYeO7%(U+#uV!FeqjYvcX$ujZ_T_Vm8Vh=@~7 zTGdPymPmV#ER9fKr=;JCabjHs5%(cKh;_7A!=ya%!7=)~bK5^SuZzqw>YD2GPEjOh z$CQ3?XMoH+PiQjA685Ohs?edbOgCri6^2dXnzPP_ApBK%2uWP>YLxa*Y^hic3o(!pSx3R*Lu_?+HO}^@R|> zfkTXymbWvFJL`x@-&o^oc;E}Hf3Yzn$}I|ipAA2*#^g71aKAMNVfq`h+o;2^d< z9`+o;#YXl)m~-ySxnx8TP*roT?yhx@DQgVUTPeASto=uAQ3jMQ@WZs*Al=lI>e~+e zUV{uHZa+;@?jEEu9|VmlMGKI6YBY-FyK5}fq7^aN z(H*hM4$F&_bLE}DT_RErp4E3aIMUXdV`JV%SA*SYz%af?88hI>t)-{ek#s1@%_kk% zofdjx>$p`PMB-VgEN4l$|C3_izOfNJ0D}H<*T=w6ta^0Z%{sfcT$ir+Nu?+jfFwl; z&@bFZ#j0dLHN%@6qoAz}@WACN=k(!A1>!t!(Eb>Rym{3g$X4WbwYLZ~znQZ6`K5zA zsoEL}uOM>cOdFI^w$YvWOrKw#?+_p<+-b_$vZw?+{#{$ju?ahd#`%haAG!infRZvU z-X*0=dCi7X2HNDYF;t{Py_K|dxRdUsf7>55K3;((+an~Dgue&MZG7yj-58lK;yF3> zyScb&`0VG?ak>`Lh)FeF)q+3q47FQo_&+UxyVE?ee36oQO<{hy?kv=M6%CXflb zVZHezeBf;Z(%oLEM69=O3zUn_OEm%H3Y$Kb?sQ=3R0RWhx<~8h^hAd6&7Dhw`kOoT z`LY0WoT~yb=RL@dR6!9I4&QZkFk8ti9YZlduWT&rCw#FGnBWfN)nzY`0>zoRIh(EXEqfDtGm++$L&@5_Gz1&Y6cZiQ3a=ya zIQgXHn3}@@5s@&W_n3qda*DQcdcyagOXd@^Np42oma=nvDJrgJrRHu_N$1OxNj20FXnW%rd_opCFhw0Fou~0Majw@TqO2IdV`wyz z==$)&`1@=WzcS@}IqL~E?gBT72!W= zb8_0WWpOQ<0-yP%WEcj53%f8UG&cPYvm${gtRKY(6W=fq^q4^L`cXfPR7=+5(n(<1 zhiU)KIUc6FVpj82L;#GBCFqW^E!VMdnDldT>dCkgLeu#;pzrD;1GAH`at`-g?r#EM#&NF?!W z0M>(PKk8`yL3XT{+d3l}fH~)aUxq>gT{WGEp0WupGKfD=S7-@FUe^^MYL$+DuYkXP z>rxqen=Vk-FjcJaUY@{9e)kx4Dez}Oyg9I_R%q+t@$W?90tHfob4Vj1WqzG?BB4Skh@?4w zbnU4B?5f0z!V3!5>P8nrj-s!9L+@IX>UiB6c;T#(HrUTbyiOhfx0rGI~3O0X;nVCb-Oa!YsO zn>KGmjwddQRdV@P%35oGNt}D0$7!~vyQl4h7O@pZTc|K>X?5E!nKFX1CXh|XV|x2@ z$U`4>`k43aSzfE^1=3fHni{qyr|;QN0=zG`XC~=mgQC`vKGW9x!@fc{maC5m1BTT7 zV>JC^23`a>Z_heu${Grp28}XI6sNRUjGvqA5g=IDn$(pI6QqdDjtiIWIMCCpUdL2w zT^N2*)43)Rugd2tC14(zF`W`YC#n3R+ur_ljNWrx>Kr(!Tp#mJ+PLDJ))g0!wx0p@ ziyKdejtr(fE|ozL^+j}$7Npj}%amut~?CDaa$CSp`S0or!HfK*7 zFVB;P%vytEO;gPSo#bw`?pJ6s++1HV+MXY~fLQnG@de*FpZWFCMq!eMLpop`plP(UMSm?qzl|kY)3P&d1DS z5<=O`uik20(nt+w%N2>9h(20D=YQ3^+!@JUGpRKm4=6!D|&N|zj=3Zg!k)EEKEg6J^}S@tU8wkz!B=fqxb<&K_1n0g z*;Tch3z^tRW@v^S^*p4*e)++M#pxMXjucYr8Z{heWW9#5&}gYh|Ft+4YJeLf1bLJ< zP}SL+(D`nV>m}zyDmEj1`f${ulQ#e=#9cY`^EBFW^7J8nnpr8aY zME$ElZ1Bw{#$efvn_b=Jbl)f_EqpwEsw3Dx0KS?1gM&w2L=^@rCAv6N?ndgS^g{cmnNqx#31Zi9^B$B}GQ>=rd>v1FK=utV`_*G_r)@2sGDVP8Rrc%e z-?h)=pg7wUM-4e%HW_IQFX)RfOyPAuTEMOm4>)sKS^3Yd7AYec5-MXVB8l;SIgoYL z%;w;O){HgA!pd>2gaenpVRqYn&H#KvjB;Y)ITcrWrPrcAXVL|no; zNILJqarF z$~-NH4?>1x+9##AE*Co9Sek-Laa<^DT2COZ!0JPR_Av6_Zg*u3pmz3#fXtb1^NeoC54dJ ziD)v-=^Yl)`B`C&2~fRyQkMX*Iad+lv$U9})ArmY5|$zOsR><7FwpCEpzuheZgWR# z>cGLS!Fen{f83z=4L&;&T3V4HU9umWwN<-<_yq1 z69YE644vN;%LSANQ6T6K;Wt2@jSgarFN@5Dq! zcTZzu&oDp9y=SX5k!ji$xcPKWdf?snN)86)?p%2Vj>KS(maUw@>bh}5hwH4`q7Dc3 zaE4RN9MK94;vhf%?4F>QEl209-xA}NNia3>1reX?fiwEJv z;w;cvyk`s6(Q9mQhO)%e0&n92X#XaoQ%SlLNJY#Sv*Daa=}+@OpRu^0^6g(?sHNf+ zfeK($wB#nCtnSi2wW4WUl20}N_d#F!;YjGFy$h9mC?-CEhehi6)8SLrC=Z8@tGADC zP8e=jCXPmf_bk4-7A={oG1)PVVmKICvek_DVKyi<8ggY!reU!%Ys#H_>?6vHt`Q<; zLGu{+H*mqJ>vgKp=*KNq>t{UtnZD425uq>&wa}P(g2zN;D45l^`I(K6M#r{}!MiwY zR-!%19)tI*HjDa%;%z+lj#f*}SUNIhMLz$XO~x!D{`Qzq+%w+!Ef+Q0_{SsMoePh931(^jcDeQ}K2jJ_;Qz6Yh42JFzcfp)1Jgt-@Hu`x7};{Y4uc=uy$w zpP_0)fjWHkl0WXvLXGehu3F2=oCk8H!W^NzX_0+an-WGWhLU;+w0rHHopypQ%>AL_ zcQ0BsYen%Bc1(Bd>H@hWZu^z@-;?7N49|#aYtRAO&z`u zuJ$_Q`i{6Z@=dVCk&PpD#;CoaM?cep+t7|H^+)Jd;OJoE2x7olD($7zbM!>S zN)cmq^xop-|Nn65E#VY9@<6BU-mW*M?EOUn>p(zjysNJ=k*hFytwWk6(tR2ml{X=e z9Ugwtd?tRv=L{^gDxVT!C<+v*3X7;2wEJ`8^Fu>rQn)SM2$9WsLvd=x z3{`6D8}~~thix1qN6C?w)3>Hp{kqm@>z&6rl3OVd*Ne~&YOSBX80&uL=O+yslB148 zb9CIXw~rNn4S|Dy&3nB$8IjOZP~Vda7yUej)}mygNu!V3GpgT5w?fFX0nwWnTO1X7@&`;LGDn>D8G{wgom z@s~J9peWsxBoap3Bb(jJT&%9BUocvDOSsyJ{A4T2ULras6o2uqnJDePEcUrO(Z_2+wkpmnakE53WKl1 z_0RgAUP6@cWMX!&_07z#Xqg;hpyO%OR?ku{upz=l7J~T!<9vApH6NZ!YsqRHm5oov zytW9+wd6$Nb#82P|I1sVulK*l9z~-rwm|pqgrDEJ>-G}F{NEbPVJS|rDWFgA!A9um z_2F*Kd$NVrnJF7wDq-YI?gxqM8CJCmzC;~=l+CJrv%?>BNyDMnO&oyXRD1(>adQ{Z zQkjhq-*?T4^r5-pnBnN`pQ%jA%1=YVL&F*5Bi6Z8Vrif!Q*+E#e!5r^tfE=$pJo~C zawkz}FBRzj-wzf{)1da3{GJ8dg#2NsM2zNYU@>Cx!>p2sZPQqbS|f4oSjGR{+2u=x z<*>?i{{DF+YFX3yFuKbss{<`9dora7@vW`jKSSVx{7dh@3yR<#o>?!)ewmZvQoCdw zs%Kd!)pl&56ta{Wv6tb6hcG93OgclIZ1-v(j{Y^RGn>iAV9pHVF+JtEFVzLDcYuwnlI}*&2L;i*WWl z!nebM&Q~!o{4Gf-9&)zXBNZmCBrkEYA0XdLIJ`9fG>vbUFCi0!MGbKwLL^)B^EsS* zB(@m=P|Fzg)6YYtw0Sz-6|~^Vd+plOX*cxl<3Aq4!;f2} zYdn`vh-cyKL0ihbC;>gsz9;Sy5pQDC2{v1*(!YnHHjN8cEa~$7#0WZ<ZVmFEk-93A z-4Vp9x=aq8S%U^M#O+KSA+b(8WFabaw06~wbsWmC!%`RqJFK@{xGSl{#Z!mmKevp3 zc-k$qI*`2hCet~TADADvKeuQ+-*4QGcWEhT=6&Vf&0ALKDiVl->w+SQB<+%GH~ZE_K5m)7ORspV5s{hyzkn+VhyvQU0rcTteVoOcMFCG_Mm-#azOpgTl>voTIqlHcz06< zB9sRyyD#JVkEAF=QsT~U%MULGm+XE~BqiChvuu2q>-ZQaZ&s1$`Sgg;M=71kF8C?I z`Ma75J#IRu7wgITUEsYN5r_i_+Klt`DCY$YDz zu`_vKfOUHAx!`MUJt@;9j}!0cm^6A?m^P6~h4YD=Ek!{=&vOFU4ar>7j)1h2r6rwS zMSpY4!xagm`C)zQ6GA=H1IS=my*aUh;ITO^Wy|nx>@(&HoXwmk5E2sPFwZwit=cqb zLM#x>i@{gv>~|%j=?KV&{i@3VG6hwCL&O zsj=`Paj~$l(tokq4k{)MyQb6jk3q{{+5qYl(ko0Kcz1sfB0i*kdzk3TVsH}nuuV?` zjX?kCU~y5&^nv5M;A)YvG{K;ckwm<`3t-Uj>Gi=73JN`1$ot3p#S<8QKy%KFc!Ma} z0|)g2Np{zLEf$lp+z8Dk^Q|NWN|=8QxH{7KOoK_`h+DP4;#`kGN|OqMjxrU&$9HBR zsPNOOt4iDR)BBA`n=*=0Or!xGgk1PjBwj$4v^KeDG>`rM=0Nq-kdP3v5P9#$>({R-DbSL5 zwxkOrw+my3dW0zDBejM{N{Y%@cCWyG#6R5L^k-~$z9?Zi3MbSE_%tBp|5k+Tx9LE8 zdw7`or4|PlN1YZ2KpsKFo;*%ADa&+3Tn>!nPm)4v4eBN5?~wg`eK#;MDW%e=qZ$vB z2x{)Z`j$5_VP057izC6W`>%ZMv$ItC2P|aXF|*vsy*G!8?)!%7N=mr{rk7_|;h{2# zOcu52=`Re>r*iuT_9V^c<;b?beJ6L$v%vk11_3Ya`dEE`w7| zo#bS@je5j7T3S!5$IJ8cYJj503GG>2G~t&Vu1CUrK>um0(J?|rPtEOgd3v{$0=}a$ z0~9d>?!rQ7@7X=3cA19D;D661FwoS;LTR~-=Fev#8Ch8#Cu!b5C30|J-k@pqEwUd_ zKVk1VR?JpgKYrbPQT>of9xF81S6JnFX~j#@-a&T!UFTW%?JT-r4Nm2p?!21yQW4{w zLBEc3e-6>+2J`Za8@cCW2VO&pAEbRVG{mhc#>t&SfORAp0pdhC0jIYsspA!bg|eL~ zfMv#r*`R)L3_mGW6SG>{8Xk{|V=GfMGNvi_ik}nRleXU?A1=n`7d*?EbLttT#!8V4 zS8IYLG=Fcn5UIL|I zex`_(-MUZJ*DN9z9T{V)W{nA2@&lQpuNLE;b+d)KpMo}#LlA=BU?YKnB;I38X2-zAM3rC+J#%P9ZFauG}5i5*jXVE!JeguS1tPfnr~pIKj|wqTvs=$L9LJe zIYvSP3RWJY_lYSUicrG zex15h>}QSo!h(B1>Spccoec$1&KpYUqB9Z;RBU~bPIk}u2dD6*QWx0B8~3Gtc+$Hm1|WyMrr-}!ejq}y`P9Wao~NZyUUwn62e7RI5Vg_iN*vV8kD<6A^C{ESL-FpvA9i3e zGF$mro(}PXwyLqh!(-h54ha&-C?noKtsO{xQkaxb)sm7jmy+5aCl?H)gx+sX!ZI-A z0WT>}z`ODY5-uLk>y-8k-MpapT=i`gnJ^IH$mDjcuh)kQ4M!)?@ZLW+kN|;9S*r63 z`sXTx#s8QQyGuL{rCDOTN@k=iZ1kDsm&3X9SrU3F&)qe->^?V_0-ON*&?PZZUzujB2jH}qo1FNbmL_sObS3u1P~82; zvOJvVY@Zo5PE;P`y1y**nmqFYVmxTuz-8yU1QeovdvSmd|2sGLE7jF%=bBDJ$L(XK z2}?(Aem({S8HL{S^7#wA-_=M>W~+AIw3{j+mRpP0WFUidy0}5SJ2Tytq56KaJI<&^ z`QNkH;$iz__G0VUqZ_^d(*k_|o^b<&4Padb-T3o-h2`CWbx>eKEQ498cEjVI2n~S8 ze=l1L3mOaGM_6j;xNX(^`-QQ6rWA*rUZ&=_WyjQl(02xipfXMRl@|L4ma(=()@n6O zS=`5KZ=Kw9u8}1*9UW%?W=w5}oOqwEH65oNPt}4g5OTWO*5rMAZQ*8O6!7%>RniVK zyQONGEbD|jpySnZsi|q_Y78E_B6-&wFt&_MtRL6yjgLU*((+#-|KslBN!jVmg|m6| z`-JlgK8=3M7pHIYeobG@^W zjJi?oF{6cwEwr*)cW@*eqagg7W?ZAy;cE%%6N>I$qF{0k;jp&O78~5Vy;glk>O$Ke zI#zFk5ePrv3Kn=w>c{YR;R=>i!rd@Fcpr9#s0#l6xrEoxpEE#-`8cPsM&@0-=R!iy ztT_B0u;@DsE@y@J>K6fB6hxa_!eoc;$21FkG&6>YD?FN@1_ev~Y7XaevotM(V7Frk?6>J2-kRKeKLJBR( zPl?NZk=Oq&c5ctS^Vz|Ioadyx(fzR{w+t7&rx=Do9ueG9@Kk!^;6R+dxRi)RH-I~Isb94nci-)%f)Bh!#KRHhy>f_QXH-2lcJeWg# z(&?T@(305sGMOd;1pz%4BgQQMA#>;vGMCp^O02A#h9=7K340C;R~CFvHq$$H*47E^ z3)H=yuh%$R?Rvfl1-yp%WSJiRyVaH($BR@^(TIui5+0vZRZ^>1Z{bL2dzMcBat{kZ z!bs=bT=*}6BPNxLihkwT7k|%W_h=ZE5>`3FQW-xz_M0W3>hHIQ&|-g2R;efsXQ(n{ zme>CI^o1q6B6IDqAjY6q1`qGcT*1@Vjt{R45ENo^$q~?(s&2g~mA*!U1^ADZ%~H46 z<@2id{aTy1v)rQGcniXt5bWR{>Re{ZFICk!--@O^YS!#alv%b$o0gRI2uWdd_auf6 z4lDo@g?{*e4)OK%&0FFM=kq<6&br&`I{^ZozSM$)Su-|*edJ?rmNvTvm#vT+suB?j z97;5N9ALCgmISIVuK6UW#{+cn$4{;8KOmv;X2nA=R~{B{U%HweS>8U-h-3y_Y~!>c z#@#Cms8+*ccwJH}*Oxl$-07lQ|L*+V6$&w+Ff%dEAw&(-`cfB}&Zhev~!*^*>qiEdF#7MhAQxoLXUa1g5@2lsvy`a zIFk6D|1E=^3U~_u3+DQ8n;$z^Wg@NgpN@MQ`f`enh{xi@a}hg9ImxF}6|!I5^036D z`;W9hv2fgUbjJ`E8wW%Rw_a=)rI%{$Y-}9-(JWDZI72v*n}{qcTLq1vr-vtijd4eJ z;x(JxTBsawGx z#)|`Le-NEUor@XVy{^|4<0mM9>L%#*+!MMp26oBGo7KR8phZ_jIaAi(!}j=+SA)uR zQk_en7n>=)_b)`SwocE<6nq5>JAz{`_w}ptHdm_j4Y(u-J#T6+@J2=ko=y7LtLB%y z`6WS9=P#f)P-8(kDL-Ot574i`F{rzBkBCzM_x1izPY=yXRbjk-g$wX+fy74P?27z+ zQc4<&t2~mXg1cHdIqm1|gQ0?ZbX3$38A((`#BN()Zt*F6QKEsmJ(W1GuVWI8O`A@& zJ)L8gXv@LD!O2S(BlxxubX3?|G@%r77MitEi+8iCX8ELF1hCJG;gF-lwfd+7Nl4 zlyD#;)5AbQvd)l#$6MSDc(ehYnKYS4KuADMJ-F(%FI`)8G_62mafeuVw^&3nGdr?51vwHlP0IPg;73iWC(s- z`XOKiNAkq2?q>a?G9puzVzW)%Pw+9(bL)6-J<< zCTdL|P1fUv0^;4zz5GQ7ziPVjjGS$Zovs-m8k&zJ5mfaGTwepj_5~wcr|WJA@p@m# zG~L3fbLyJ3H8Di;*TqciLCXCD_=Wtb1u#_&ZOsnk7$s*>C|dj$6IEJsU|=m#>ta> ziIQrxAKWaiie}U-@9<##zAYJk{v;g5(e=$_ij!`-rV72EtG}qFn>SfPP6h3nT%-4^ zJjGn4?8EZ_PbHe)EE>3qycoJIW#3D<1Px|X`x*JTM z-NDu%{<<#7l}*%=Xnqbd%=8XHkz?kW2S11sJ_*0Hb%Ln_~n z|8WaRuAYIvyk>M)k+w<7wiqc=o5bp^b!O>xJK0gt~*z6H8MDT(CjY&`6)xtXnB$T-|i+Rl_)AaHYy2y1>xaa zHDuk^>IWV>514c{eJdxNny6o_{tLGzi^}F%Z1%^Gz%rZ}379g61*BYoHSw0LL`Ea( zkGi?UTs$BRtWW2PVRL(GW(vap-NQG%4QgcCJI@m97N9qWIY#?FEk%H&&E_oH^X2IQ zESHdWYv{}0oru%*h<$6r^?gxTSz#Ncg>y7&{4y&x~P2(!p+0i3V8SI|Vt`e{& zT7CNlM!YPvF>taflEsa;u(FV+%9mllx&B)dp_H*K48KFc-P$%hS+06WbI1L%GBvAX z`PZxlV0<#^Y+q=3U^$XXwOa%ZO43*pm z{bXcUjL7NTOq!;KLY3Kun=dINs=Muc(OIzAWiAe_ro;KS{rj<5uo<4Tu2dgRb1cQW zo4)Xgw-8_v-V7dCGdEd1_n@e$CB+621oY^u)j6@{rVS_6>8|jiBuUvE?N3KSUCJsd z){3rlidQe$-Y*_(9MHsxJ8~ZlbJ?FXx(D+A-9&2z#E|#%H4WtP>cLw2b#ZTRAQ(tR zk}%Zb-dikZ&2X+QshA3M;M~Y`&yGHP_$d(&3qyJpX;=w8unICIX*xH`iz=sUk#3 zC;)ixK1{Y0J*m>hkIj~5?Ry_TzP>nVm@R#Vdb})y^8ti)#hLdiXRor(;MiD`%U9|c zI&}~4@0ux^$69J~U!T5>ll|AG=J>P6X#a zEwaBz)eM2C$t3Q#UoilbNrM%BJWW$53%)!z=q_M)By+ojK+MHv9>9>l$=-0#Te0Dx zrkAK+&EKO5WcHsSyE~oiLrJ$AaJ4UQ&@-+R`+?k!`0GHyQ2Id1x? zn`-BQ;OV3WetY<-1JW_sp^ey%`L%P>JZ_^w4pthgebup-f!YCn5%I23ysa_MB^K+I zj|glFGpiH<2JXKW#J9QHMyA63B8GK7EGo_%R_uK` zh>c`0^zG(r$N=!2))^S`Ko~Jd`SpInZIJ7Jx6%!ny6@TNL!KZJTtTYi#ymD>^pyX@ z##o9uDoBEUF0RB@pmKEb>gKfz8kQZ(Wjy#_QMg&8f3>vKPuD+1dEqtEN}7IJOCacK z3-7hVT=7Wm} zscO{Mno>)tZ6cKQi6rZZb#qj=^vceeKSk}nv~UkOIbHvDI$qZ)#PFplw1Rn>Vr~da^ZU z$taUYDv{-dKd`&_J-obvUiRtloY%W^>o8!RRjVNufwl}L`K(;D|oTnhnv;>qaF!jpcKq< zbtj9-lTPMwBrrOSZ+qUInsGu0Q5VnG5-|mz$$xE2rn%wfUd>55_7%iX4wfds0x8}@ zu8MZmPzpBo`=>{VvcE5e@pkuy1k;sW(F$NG?q0J=Oc%aByaI|LSZpWfbxub&*LlYh z;a89+_-@828VE4!xZDh@Rr?}A5ZiUyUc@cOK=@;Uwj3&;dIl}5g)e_PG#4zT91bX) zxarNGgFecGPlq-NJWY#%m_OijL8LKq5HbEc5_&Zpre?qU0L#x9b_3qe&HVx5BVNGc ze$Tp$P-{64h7Cae0nN9xD1rVg*=KNZlKC(p6Jsf*h1KZw2J*7MWGsi1+I;#pm>4FY z#{aS&;$2)_<w{mlEi3<@cSTT;mlKSGR8r7-T0&s}6C!m?Rq+D#yu5&;=S>d!t;qvBwPKaG zWzg(^w=>db4XG6<^Ea%-)uxSKFVvRRQc#Tm@aVT zX7(B4;{MQlzCh@dRO@zge6e1sk|8JtkgnHbpYp=$cUF2Lu3mCVo}}gBAp|v_p4&x<4txARnyxu4&o^v8wTxvf zFJl?Yty;FZY%bf&wrkn8Th_8|W7+jRzwbM~|LS<(rykw+eck7E0zsl++IUnq&%*m& zfamZPIvIRDd#hWnahR%tat}dnW#L2$v`tA_MFE0{!cD{1jm8o+RgiODCzX5`76$3t z+PVxXCAmAqw_|cH+PnN!tEj;vuuxIq0MI()VjDW2Vs&Lnq25e1y@J%w=tUuLt(Xzx zz%lsg0+I-&RSHdZz`tR-ZJr3O}OG91>7-mY4eZOP7VOES5()ieQ?OppsW8>F#rIDM(Qc_Gcx7$ z_CGB<{7OKF*Ot(STFDKAp}5pv&j`vGj2zy&*45WMk1Yf8ffxWP*)G#gOGpB$ z;W{D2Kes@3ALaHGIs;xCD);MLFoLtVe>l0a6m;Fbx=mV;$$#RV8Y0xvUq`CkZ@S3!MAK`HeYqe?BopAx>wzXE`7 zK?5)AP8Dm#EjFa2d4i&XE+^%Qo=igb zM`=Ow0#m$vK)m!t4+oOY{i#~YfQ~$`a=u9^X!mJK=~Hd~&5-XTn}|hlJa4%Mol3_U zH*1dbvPY#M3!IzCdY?SFB=XEjwpvDyt^Z!bbEFO1T6=ru8OsQuiXw0-AG#C{SRHJZ zP;4e^3R_6kOnhm=YLYsi!$%vpD)kQ^q6rpF??Lx4UY9$h|3I>tEN$pVH>^F-^EPp0KrUnZrk3?! zEbq(MIQK%gcU}8bZT9-&R_>nl53yExT-391|yn) zTaVuIPP+)UZ=hf4kFVqQXYO7c8-sD|(|AbvcLoO9{OJxi_`n&{zjh9YQDE5K#`|Wk zEXe)*3~@>FZD2z{@AM%w>iN<0t(bX!%wS35pcpxRIKllC?mz1&(Aj~zW7ABlT|esY z#w1PtHLd-)z81z<+D%wWHgL|+}t1oOQ^i*}JW1Hs24F(dMZANFTyGnP?AJW)rN zgM9`y1a-z@tp_^KP}1iTvY(FFn(g(hzBDLkDsI0a1Y4Khfc6RqnRiA42YfAm3HZeq z-g&``>8IkX@JWLua_?ivOQixE)G>IH@kQ%LH?jpRpY}ea3{y9m-!vTMfD~_t<1&2^ zdU2$x@dHSxM^bqvXd?+7KkKczEwBw%F?|fiFr4}J~wrM;O5evsQc2RB3_h+9X*i}5|H=R@h`+E zdRF(Ld90XsbAGglPG^zrE1>QAb6VTlSvIdUvyDl!KU-tzlQ(S6yYNXXM7zE_uR75y zlG37aBR+Z{^i(c&FZCHKayf88B1>lI@JyP=3~R>IH6hWbP5ip5I>y|BAnjR;unrz! zc-o|O821wj1k(pkt%{;bj?$KD7WJ`$zD(tUHkf@tx{gBWdBiD&TqgJig0&l;0xu8t z=?d%`f5tgCw8n3z-)^N+-^*HO5H(&&u|6s8n#IjPIA`ZYiRoKycS`rB5HJtI@v?*=oa`rXLj07q$#o=z!Y3xk-n3x;k}AF4HbIy`CJgpW5@PeTEL9wqADWvN<4WNChd{=y zl30YjP3e*q!xb>s0>+OapAL`32?h}vHPT507#Rg7+%WXO zgpSJO#@}y~@+TV*zM^Nm5`$pOW5ziwm@8H#Z)2vIT5c;a7>Kt5c~-GALWEGaBz@}) zh~u%;3x_$QMD5heDS^P~%S*T{O5Sl7C{j2Nz6k>P8Q_j_c~W5FU|$g*OcDb3QTFZ; zngx(Rq9RD&E%yDp4xZcac#qvn@BN0?c_0o=Q4t4bS~pxYG_YSBDJPxViAPIE2Qrm- z)sT*;+C^vVEpWxSog-Xesq)6Fb9h$O?mtf@Z5$^c*!JS-Sd$EMbdXE@#L5tt>&AtZE94P~nwARSGR)3d)6vP!mCN^goRU-g zhpS#o?(}zgZ*G>AP;Fm94!Z+&sn8hBUp9sD7RhPid8zHc*+H{kG+z)0S`eYM6{D4@ zXtN}PZ^MgF{<1=#%g=g@D(pKFS6Lkcn^D1e#O0_pq`8D0HQ8`5DDuO}-U3>Vm|^>` zNO4Sup(F;DW;*Gg6axY*0asZ=8>V{=VG{C_`TJ?H&I96i`!4RDfHH+Y<<^@DK}w1cBV#4UIq523f82a#2Bb(a(pOYf zd0bR1c!-EZO)8E}(t2V5#^k z(%3nyEocf+*X&&jlEa|$s9>9NshU2Sy!yP$XdQ1XOiU!Io)fipDF|6eiIh=8ocswU z)_A)LpDp!~6L>T8G?)&F%|l0z&v^RDB_tq9O6uOs4eIm3sp?p2_vuz~0{Tm9BA+zG zK+m+SSxIp*eXhJ#NHz2WD7m8-JsircpjX$o2rt>I^_@X0hjc(1>?;_y1qa}{I$^@H}{JLXsqiLmw7vo zl*H!f4;PpP86^;epkObL9POW9JspIh(KN1$R&;ic@hwsEz(?$+H9IKkQ(2KCoh$T~2 z>My4Ux4?ye$?cT?Ik6Ow$>7(!1wv$C@h90`T2?{d=1mB|AcYybFM%Sk_Pe{bjn|8^+G$09 zl3JGOI+p22Pw(wX{TY+-T8ss4X8jRm$!jeCOLMKZI8j3}J;_=$IGTAHRYm@mZ@6sn-Kl_;<4wCUCJ@t?>s2|ILoeAXpRz<; zJ|dP>pG_3zS1HRphS*~;@9T&(6vlTS0YXasaF<0#8UJfkrOPw^77l^ zOqom12Crpp$kQR0;6U~83xjPI5a^1QJi_-?D9jFx#Cl!DoOV?j631_fWgR+`2rMiU z6r;wA?e0@IcQfX1W6oz_mw8>a`hvry@3*33FP{(yz4^}N4@c~DA8CUwSw2pedf4r5 zh+;rivnf*_kdR`UJYJbTUY(5Xp2O@+u%D~aHp{d)q1QHnlw}Jn>r={4rn0YBJ56CG zQaw&gM4ew}S}Icq2Pr;ENP%(%&?7X#H!;;48*mr7zq`AHAPFSZ?}A{)v3IB)FPPA+ z#|7-IG=356EaX0~UT&2(fDuz5S?cdNuPF;2$TwNOG%S+MAJ6L23kuI?mCnuexIe{m zx*ai&6wUO0Qob5e=oa7L_qJEcrR%%Kw@v#{e+|EQH=|`)n%-;9h|j$_E__Ha2OgzS zW1sjOaE3(0Zlb*%qYp}mz$qF>dxQ#3D97x@bg;1(7KQiv1u*ykK29BIKAdt0_~lB&I6O(c##06 z@)CIdCr78UFlu_5rHB3lWypu|-+VIjjjSuH@heEt3h#7k6*>1Vf-Za4kIF;G7e2Pu zDvoD_UeA?}o?iPc5qV-CjZKVjBSrJ3TtPZ1xEz7-lUefWTGYIN^P-tKmIw_g3`qP5zvqVL0zAhO>hj{pwO-g%MruF zy3tE>Dy+A-`9(m{Y?1&>q)k)td(dW4G%_H+1|ZQ0Q-H(79;2#CLenw=Pde&%a&#pP@p?Su=J8k|Q(AonO&lIhqFyF~L5Dili;j0e z@P}Gf2okWhrUenhWHc1Gno)bQU|CuU>F;mP!dha#gPxhcDx|>1@R^z6^OO+_=;D0w zZY#G{0Op%CzC4P#Mi03@D}Rv%TVTgub!`A&kl#TbO;9jrHZ7M8=?f~Fa`QY`wfvl~ z?XoR`o#{}+R}QgvVfy~e{G|bN&pn7?BmYwMN5aM@C(lu7R5?7(4P}H(uhb)hl>z_eCn%eOk1qt7Zy1BoulE;~po$xG(|k;mTc~`GliZhSvoBUYH#pA_D&RQDr>Rfd zDi>q_#D~BwuYHb%wMIw#lp{v`U$f+}yK~l13}O=`wfnr>UB|%^!vH1ak%2mG?t2vr zNlImW4-XGuy>q@&Y^%u-{fsdxZnYW6DTNN=i$zrAmJ?op@{WxCb{g{v>Y?XH7)0 zeDOh?a=(H}Ld3rmW<}yP!1!zHWD^mB#;vh;Whxwv-4)4~rItV6dE32?{e&!)cz$J` z3JMFixj%AAJ+7wi#WmWmY&$ANVr;15cUEwK@b@SFmlkhGGz106@uJx6{=oCBYp-_B z4H2mhdB7JhgEybe*!-U&nL+>tjK3$1GUuR1<37h^jf}+Lp#;}?sg#XFq=Iv&RZ?Nk zsLXe2l(Ro#82zhAk#2>ISZwfGybfLHx&ORuX%bVk#kv&=XoLfBj_Bt&bLwL9jN4H> zLb&^s15@*PZ9JLl+u64=sOFkuq4*(b6xU6$+{YTpxAlWKos`Y-D7Qr6IdgdHSHDNZ z7=WCr{MI2~S>flmp|wVuorm*j*kvx)Ot4uWGLj_Re6-y`IB++8z)T0`Fywde? z6T|wxrEknqXXB*obqu#SrMEhzm*5ZsGNc3F{6XdM0q76iUw4gl=6KZ_SX}_u`s1~F zQ3Z|%2Yg$e6A0Ek`WHt(Gt5|@H{Dw&b9at?jXy^ zx?R6w#b2a}p5-izJ4{q3pe0N@(p(sbxPj(;b|Vh@J-amG*MXzL!o9^xBib9BKteM6 z9$68GSu{#rOE{)is~PRnG}cYgXMO$3sLRU+UxS(tSX$y0Ewszps4Y%dN+Y6Hr62YmotSW z{^uOW_#c)NPRqVk*3iO{txkNOQiK<$!=R+W&a|>k35W_01T~`gaiA{Eq#2Zh7Ttew zwk}DCl#yQqia;D4b-G(Vn9CF@Yn&j^59;lpXM813KTZ^6o>Jd!*(kSBv^oMo?=8h}XI z?}hb6z=+-FrsIeY{?I{vdmJ&q%O`i~TymEUqtv-Rtw)J$B-W~f+1OC`2~J#X2S6Pb z3vfG>hZkkvLlgCWGNiQ}{6x{q1cly@3+!6_4NJO-LJw#Nc5NOrxIg+p$nI($M}b?Q zqq5bP3pvNCHVYE)>l*fHGbS;5#tX%GF)Nk~S^8$^~OnsWQkp+?x+$k?QroAN79 zJi;P898#^+jMRw|&cuOc}=M48Hs8#}}UI-GNYi&UtqQrsG-rEaQs8lf3 zuL0Elp8Oizi6j!pTIRRAF$2pBFbFv`xF8~b74lHPy`^dO^ox6k8;>$AMTZGUxSih# zBt2nN1Jy&7vZv~rY>DI&1&V^{+p&@cMEqszH0()Q>~BwG(nquByvNEd^#hawGoFY7MGrYw@C0tYT?nV=*nq$MvO7trQVPtka^v}2Joh44jF z)X4~u8qO2bvhRZQ z8G;X}OB#AXQ{yc&_=lM!q4B?UC(Z#-&6#s_deG(LqNY-~r+a&Q59U9tBMS>s2vMH* zi)(gD0>R+lECz==DIP&oo+j(U#=)p`vwL$-1N2)+uUknw8)r&@oN2YHe2|<1;@eii z3)rwK=7VS0RwXbmE-T_7XK^9Yk{*!BkWO{H>bs=t7Xd)E9H*b~b_%GNlNU-CnsVKp z^e#$%GJVFjaL4B1%u+qywYRl^w5n0RV$}J`O9!$;RRneF1>h(&xTisLC%yEN;2)ea zFLhq&bFV673rDh*_>{)4K)tWss)N$H@I=+e2&36YBzZaB*5WJ zldZToHE`(E3bHtP_@wewn{Vj&?9=!iHC~JSCB! z4T`J!J7G_VLS9M12iEBc9nS2NW2PoV8Mcx@r^aB=)jhz3)?kJhlF9o8>bPuc>_|zL z2ejeR;&>OamP=tPIcpm1nSRVr*7DgWCfWVYb6s~xu^Hjayp~JI5X7Z*$pq9b_`H0{8d~8rZ@w~(nv9rghqmdV`t!F;qvg*`a~*^5{TXhD z<4v*(t@bLB!w8N#?Ozo91dCU>u9ydG`{-m4U;%4X7+%JQOZ^)%OSbgVqMgpWQCV~7 zHIfq8{QOTl1P4eFUp%sVaxUc(2QusS4;fFZ8y6SMW>Lw3hy(*!F^IrLjp_rtM3wSm zs$EJcW`J{>M3zt~70{~=;ZX+HA$1e=v3<##dRQw&Rz5c+*4?JKyfnedh^O;dL}ucURsB_`Ier zM@5ETZ`uF=B;*HBa_RRucJeYnS{@S&!$oU&y++vp)rrO~|2g%aF1?~S?XH4k9pe5a zlku+ir}#g5zwhJ8L0_E8hHUTI?d5-Cy5r_zaiB1zo=I6-Ie+0KUAn`Cxp#KvW8s@v zI=Ahc&`%hDb&Q#aY`sj2EIx3HuSumFG>4*j39!=ct#?y?2*@%W6N-d*{)+_VEDISk@1o1A)8AB4VGR zf_pQsNwzYm0G;>o^r{xC2{m>3>bt)S8b3@x9pM(*ZH{l@I$P%2(Zy=&3~{B_Nv_7? z+1;zh{TJ8MtvyEG6RqCmPNz{;Ilda(37h0eLwuh%;x=T0m4h$CG#$@1!oTM_??y(? zg@1w(EXGn<9xpj983N`Zntw-7p&!+*s@VSh9h>O7y1FXhTEf9Q!PgzjaKbOE%H;EU z3YYuZ98$f6GtQ{P>GOysa+FDQ+e5!50(*P4nt`lj( z`=5GUHfrIYiay>@>Oqj8ZJ{X@u0jE9GF@-Sbf7Na1)UyyG$@*XX!I{M(7^3DosiBu zzuGn>U)KJ5?RCb=Zyx#dAbfpR>Yt?XCT~y>ePj*z0_CzX)cBRfGx-li5-h37DUz^` zQDD@pzLB;tSvecco0A%tK%R$=f~db3)8R5?2Sw!=N-&n;XxGN^;O!9OhURY8*zQ3r3eK!CI&(V zskPZhR%Unk^o4+G2v5~{7Q2R5{XC_i5K?(yQN!|fBdK&&@&f?Lq%!xLSef(6qTNU~ zrR!KHZ+7aROiL>L$=UZKy|2i0n!c41F{cs=>$@hoDu#yRc-8=uB!gZRiHluWLlY@l zFvgy7-D{~&Y-1<=*E&)4fc%GA^_uXAX*GY_f$C<*Q;D3&lv}9*5s$&_I3?n1WYjwVG+iot4nPLNXlHGglQf@8DV8TggRXJmfb3oMNvxNPdQaINI*DuqVIBq@p^L_#j4Kp+KqHzfZ7{(eq zJG5AZJ>!CM?wB-=#R5p2@l4}}3biE0vvts-D`A~9wz#yGbmyTa?breci3lTNcW!^D zPh&E+n3ouI4yN&Xa!2&wbv>*eRw}Z7wq+GjIGOKU0)yXo6Zp|fl#AxFM!1JX3|bF5 zTO@w8Udpw*4U~hXMvGRBbjc3cJ|=IITVz-WiG_u6_w0WhYOORx}ZrXe58L4>90*c@zZ7$tmv7g%O5oYo|fvYVH#f2Bi$Y=i%>~%JJ7# zs%*`AFj<9;juzpniueA;9~{*@6cn-K8d_ysiK)Z=Vcb4`#@7PL*Y=DDdqh0; zoYs>uvJw)2yr!b(?xdjV{3mu3t1pa><6x3yEsGq%VpDSA5hMQ^DE4mjepM=9NtG@8 zD=sh|WIj6FsmF%bZ%}nnm?jE7jJrpNaBSWz4l{9StMWCQu8d?b3zXAx0hjuXwi`hTnt4_Q64X`i1HKofeMV3BCBz98Rps3SU5)mi z-rz0fp`w77$PvxsN_4C3=7KsH&kBtMohxF+X9b+PLn9p9*50nJa6s%FpNJ@D;e>JD zC|kfKiF|li$#(f}BZ=}}%Sd^)J(&3QW+xiZJGisfppq*@CL+MbwrNb6$ma35yDgoTS!rp>?<0d>J}Fc?R+7pY8FXQ@MMB4ORjh$VH( zY;3sm=aVuv-Jgsxabi|y0w9CO!vsuW2dYm458Ur0&)15;9L&=4Vov8>aVIA%;Jesh zMEa(M!ss9Vc|NB5KT<6?j6d4d6%^i1XAoiYktHQ1Num71uC8_lqiVmJ#*t^cox6qR z2dZrf`qy)wNJa=a#v`I0QucYDlq@P(c39*X<4)^_6-oZnsy*tEa{ZwOTUp=+vFGyZO`m_Q{l;dLi zFiO-z+8)tS=+h@Im9TIHrp64F;Pvq@bWENJSH3>T4t6uaT4wX zyGPBL0FJct+pkq+EZ>}wC{4>Sbtpi}px<2arF~eIbW-IPN-_pH`}fxZvkJ_DsFiCo#=MR0VXM#kMS5D4ay~n*f}w@6fhEY0MpE5sN>js z6f11n&&wx0(+Ve>W>kQZ1{w{@{kz;!#$)kMqpqkhGG-3#G{lT_qgveO!m`thsdZg{ z7aaYG1N>FwJ?-ib|2>o?k;OMBEs@Ky9JLUgI!0Yy7HXbo~@0A%kCkX&Q{x>nkXHOlai>1}&I@{CvAX2CT!> z4EuwQ``4PI_i|Os@xW^?WU}SHfkA;fBlB-lh0ix96OtwX)1RY<{a9EcPjxKxtCay= z>af<7_`hIkFKB0Z&-ZUK#STMzJS;NYXZI31+xj7<@CdZT@o{^z;fw!|==yT8;nNBx z8@hP)Fr7xVUA!J&%l$9KzfDO7j8!F&nJIrn0>-=!(Kb{%e9i;TRrWU1aY0|Oc=wJs z<$a091jK`hn(RDk_Z32yzpbz1;apsSSx{dBg&vRbZGGy`*BneIz;)_oM{EXPRtQ{` zE?ynPB8YmiInI(&jSDDX?=R|B&cr~bnforPz$Iv0PV9XukxZJUUM)_JZoAP64OD86 z8&>s1fe&5c zFgE`+7z@PPC4x|J1rkIb_12ahOvnGb07J1KU#=1)=Q3dTqqg06#yuXUR;7~bmo?*u z`xZ(`^K!B2y=6&bImEgleeEzPN#U+;ak4?LLNKZ0o#TD;pB={;|_QS1;EH1r4q$80hjYb<{i!Y98lvDS1{W3 zc6Dw2Zmo|?N%ia>encRM`cEQm`dwP~obTYR1>fg!*rMU8$}Z{Q*DsvpsvCDD zr+QqpnB8NwjR)7)U|5t>@EM&)Mn*)q@3&C=Xmy4@AT0Dk_F0~ap(S}aEck}My@cJs z-)5O_s+q`J=Oxj(6$w=W2MryxI#9Pd%)X*K_H`^0)eW<{9EsPbzxuO8VGkNJ!pqu? zWcf{)KQ~sCD`qvY87x`1KF*6lmh>A{F8BUdOPGd*ec=Cd0XRLJX486Fv6ZXTSx&5? z4~})DVrrj%{)MyaSaguSV;6B+g>;osSWAO455rZ`8!8Xtka6~vla%pUVB2nOXk1MB zl2m5*-M{CIx1w}Xh>?*AiV9ytc8eLB&#gC0-lni?0? zMW&*^hlxWyN&ZakmVilfYg&AeGvu4xwkl;Q>XQOU28|B35gvO7Xs>ahr*!=d0gMEH z`0>bnB(`hKSiA56ZV`$QvmCE;T;GFA+^k5n4Q$C=;FY{Nydg8tPnY&Dv4|@Rn`ev{@9WVa;Dc{|4tr$PQPp z80%UGcZx0rw(jV}{b)&P#z86WSfVT_hSakai;DO}NZ^ouz=J0fc_#mR9wat^seb5| z45E{g9$}!8gp%OvVp5a5ZzD17UpsQ=cu8L}CP6`IGgrFxk^&vZQr+=?Kj1Njl5Q+J z!M1xEG2TNOCAD4ycgY9X3hnECFh(-VVXJ+~D1j~^G&4RZn&9vGGqbS5q(~e_N9REi$LBSe#f7}*-UcHYz@&=;ihd|TBtqs9 z!!$5E&}O4{$)t`(g_fhR4ROYFo!e@+n2*OLgWD~)Hn+!!C5$4jPc{=41)m@M;2W77 zE0ST+8SwifvJ7F$KF=jRt10-A`$Xkgk({wgLh`3b(3gpgg|<}pxEmaqZY%V5yN4j} zDD?g9b+Dz*6v;hPnNm(%oPgc=1)P7-ppK^M7CWVrXUfVEGrSj2LN<=|2ISlE?)W$CLDY()BDL+N=;{$`*t9SY%Mm&^UQ zzrSZ$KYFfe(akxJ`G~S}UdL|2dInb_qGW-^9-U>aY!;{EPaoMkXb$uk?VQ8a7O9Qd z*)1~BSn^?LSsa8wL~Qyj?z4R_59e$?uhPQ8Wt%3tgpta%)@VY38o3Sc^T#~ur%kfx zNIX_&uv7%^bwx?#06gh;tmzKZD$wh%u80Y>7*>(21iZHSjzO@p-o`+Gf4jbSFqK`H zw;)G17cwY9%M**n9XC+;#65+pnFFYCW4`X!7~ajr}>p~OVOmQWa9DOT$OPaubtWZ z+v(}`t#Hh2fzPoo7~36-Ox77F_PxF1{B`52HE(LHf|3$_;z+KcK@bu?zfI5gIC5}# zls-+^XwM`b1fA?a^W=*3ucn#23JMA~O)FRk#zp!0^@0In5qOb1oHN|~hU5|qT8~$t zeUr<@a%#3uzX3zhF^Yf6tLg2$Gkg_=TMa$EE?kebJ zI*lF7O5xor1QFG2{zMfO4f6&~V|zDgX)DmBYcPVa3ITqrD4YGHaVl@{bg}d7yQsT} zNXwL2f_OnD4;3;#vpwkc^tP(}2~ecgep!t>Y8qQ?^Eg;yHMOuPr3s50-uv%scq~R^ ziG;~f8KSFp9CL91qq!z8t*!PZvEs!ll|@FOu1q3E@$}KHn7bjIzmzRdS`XE z3b!TRLZaxKW?ncXWLwqnqF~KDg(~>looDCo`oRR=s7{5GDm9n3XkUB^lJJdlVM6ZA z?d+Xq8A?~XiT%7;c4kFpCFvk_hz+TBAQ^U0Nq)+g4-Il+gjUVjYbtbn_i;86{wd{{ z`Qks>qn1BW=N&roHPnn`*qUqW(bY`f@0$^ap+?H1>T{Mhum)m3M`@nu&PBQI;{3g{ zp~rzA?dk3r4Jx7i6M{}f&fs%WR1;i;8SMgqJ!5GXd+4D-j(!Ju{_pV zbT*^d)R2*72J70k_@LEbEDFaZ9wde!k1l9oE#2Agtt@9TR$d@P=I{A1L`nsCa{qu`4W#;^a|yQ;DJX+fWmUFYagWquUeNp0-T{Ie0J-~7~= zM&4Pph156EpZ7mzBh^rM68$lmiTv}BzBNRSm)2R&sB>j^?i&_v74)=b)BSDw6=Tjq zn(>Vp%EIdAhLFOfT9AAN4tHG$@{N)MCq&W;*iI(qb&g3B$d zXMQ_bSQr8v^qGHB3kZ)oA?{u0+7tHU?W%}QJMEBYro+f9+nU4&O%?2bj8?a9GP4Eh zzvb#iTN@FP$M|S|Bmk^w%4~hi*!ZMKIKK1WHCuJGpx6YuAN|xR{l>0a&mYiD>2ji> z_c-1{7Gg%f>`bgQDm?5R#n6=u+4>$mZj-8JOqii^8Fxer0kqrAJ!n}5VShyLBlbRG zxFGFAVq@LYu6PvHv4n-6&Rxw%FON#*O}71~8{KB}K&8{Y0Q=(Ryvg^e{y4s3FfMZh zowL2OdrzZ3U`CCs-Va(efXKmPaXW2xpx#&Cr);}Ix7}Q4{a@+NN9s@J6s+OCOIH&c zfUo}I;w1)Ne5EGpediHs$Dh2jX9-t-Vv9iI@`}hz8W#M#H|z zADMW}m9MrZOd(u!crDeleMv4+lSp;mcsW#*bzUzB2blhYDir6`uT(3n5$}U8?hn>S zuk^8ZOh5Ylu(Rg+0C^NlBGYFWtaI|ZihgT5K?K*0&h_(zd_cb!U)~GS@x*%S(P6FM z!y>W7sY16-(0`S44Bi1M_^Dy!l*c%RMDXQ6m3>Lhzv@dlB1!4$t*D-+1W=*mfl+6vwVhgUc2dK>@Kt9yok^;GVBU6KWIGok&;?}U@k#-k<@L4UT9jGu#@ z9_jx3Y9L%dFo*dn(sI;xwQ20MgN|9vP2Jf(l<{!wxlArMeCP9Tt@V*ONS_HQ-RU{g zT2b%$E0=i8{HD8Brmh+kEY<&BgPf3^QLQ2Xm`2{=GYvV$kW>UCZ=U>icQTxTX+!1U zjc#e<-S`tgvhfw)w_A@|Hq~LEh|)f(|~i|2v9&=vGR;+rp_58;il`%^U~` zi*mc}h+b~vhLG1#sBwMU0Z7!S`QNV6=NUfw!8EE(B31b37RxPk`CJ)^7RhEFFnX#I z;^C>w_;Y_N`$K!qz?YHeb~QS|ks@8F(X_^Vw*To&nf=hr!Xz)Yg4f%_Yi#`_56e3A zInl{lq#Yq4N;UhAWb&0ls{~JQIpi~or+N8z|IfOK>E4y~^)62SPy-mTxxu8rfPX42 zkMS%@9%@wLumw94@kgKiRqW7#MIFl@s`3l#bMW>7|2<@auUEn*QVm{UZ7BAU7|Qn) z@xbTt=oze2o8$)sHHm`s`QP+1Ws9JFK}|fZ(>G0J$NJ>@ziA|(=J4J6?Lc{dcq9xV zNIy3>H`~KbX1tWiJ*-YchWvlzKR>WPH7JspiV%~UtADY{^!S;e?2>m zft5QPm%QXJG-?=mF>B3OLM&F_Qw&4^7r&66}_wg)EG8Zs} z?TmDOndN7|k;!Lf4l~JbsHHeaI};a3%cIh5Qz&9SR?pseiIfeBqvtSb(GwJrb0adN z3(``%{|IHqz4#&?!$Cr==k&dD2kYpKuMM<+6N~zUk4-fGPGHAl_R(_&E3FfT=qlr4 zfQxENHJ9(6;07~x(5@TsX+N!)LP@1!o$t6#TGD?1rX(L@Tcf@5d@--fzEE!0-=KAk z9~{LYN?5@UjwIyOJ~3c&Q)Kc_2-?=7g~9n5BkeTf(n zYhn3rglXrLhyg~9a#&xYj<`oi)o`(Rd>(H_5J*W)r9wwXzi2&p!~V-7ju=2P^b#oN zbNg6C8E?K{z5+(6X|;!dX(X~82=EFhgv_MMgp^4k9qH~rK0qxn{x_cNcmCN6t|8VK zFb8>R*)UXVf3V%Rp|(MxIQRuGH@j3Rr7slrS=S}j2^;M8nCNxQyH6PvL4b2!4T2wB zU=GW6S>+WhgT)D+tTfbSBGfQu0RWi!?zn5I5*i!+4#p*>pn`&vRz}E$UW|9+ehcM< zw55_%;p_pdsv30Imhzwu*|2DYw)R|y-SW;#(;q)ab)Ud1q9NenUn~0MH1I$H>#_;8 z$BC&y6%8Q5XlhjFcFQN{4`t5k52*^Hsz73YDfoOnM z!#=X#x5*dY6<^U6@5r=V?Yz13>iXGr|8?hAM92Hy`CcuJ&XbGGLXCVFQ`?xkt(dIV zJ^#iIOSC>#JMwwgT+1YIw5oQDl-AMHGbtx&wa{hM;>-lWL!)qd*L~uDm)C#;K z%$@Azs$CRc%~$N-X&C8{U&#BS1%mDue!cL(Su^*X1?E|w&4Sy4Y(tdu&ihVFk&Y{5 z^aMZf?n0yh@7#EAFZ@^U;EOU%+Xr8{a;psDrlNwtx0*y9M~w-!D&Y6>0Ix&;XLA`9 z_=i_iS(51QAz(W1PX+K35SwVVnq2w>q~v1eOPtWt1`WXhL+mR}SD=%{mz(T4Yyg+m za&rI<=r!tF(mn zF52KZbhmjt>C>)jOsGM2NL@e8m%*+B8FXZZvG|_Uc)XVP0YkaUAL@v@PrECLeMXp| z>b0|qX~AvU;>LOZfR+{b4eTV|Uci}_fgx9bo>&F@s8aPEI8DrdDz}hrj(O&d`v$QY zr`3LE6^{&%;#+*PAaJA5@du33Pl=OSHBB1OX~*ouIxKFnl-Dy)T>tONpvy^+%~X(! zdg2lF{|!Gq1#PA3GJ{_J+9WNb%7!Z)ZI+J&L>Qn9L4W@iQ=!F|trd8{UNRUfftcGLQNRO_c5M`@Jr?PIbJy zPH1xJ&%W=ywUELm&mXxrofZCJHm=hx-1CC<8@>4suKJl5*d{XbTo_u3Ecw(V9z9iF zxw}WiU47rP#LCXjj%l1YiWQp4jY7a?v>2j*yWhHNqRY+-d^!S!w~NWi9tu@6`kX|B zgfq6^miuTx*KU@3d#~^C%%4u2FIKa>PsK$vQu_^51B;*UE(ELxDk2*TT1$^NJNb(0 zYC#4kl6!|Z`FTPDn{!W}UqJA`ctRdevxCM8km?EAnVnMEwqKzO{L#ATB*w|!jJtmG z@{lz(PU3Mm&zLm^0S)tjU=B^XB(a0P%(yqezsrM-V&%_3_ucD2_WS+8Mfz+`j^)OC z3i&X1fc`zWe4-H3GBVb!Sm|$}1q6R=Gk>Bts9BuwCumq}dsbF85phdhS6Imh@s@(i zryK=g_`0Qb+xyC!ok0XdgyUl*gV21XqH$p`&4|y0Ajr+ju$O5JR7Hb0a7wa=gqD^R z98_#CJ+F<48%Ps^bbhNMA}< zCo>~XXy)epY{l7T1?)m5l7tKuA5x4al_^^Q54P7`8=j9`fOHDmW9(q|F723p(NP{~ zFwSEiVoe#f^Vz~F+xwMDI)eZo=b)l-!~3>B$>)8`=W3S>$anhNqXQC z?6DD#40ryXu>dnbN|pIMD57z>T3t3e&mXhLM>MZTq;P{O)El_D3ckwBfWpp|KbD(_ zqiWR-7s>Ch56@NjAggx1V&hxfZhyvU*W1IZfpg=WMQCVbI+x|$@6S=8)(x8Xpiz3bTEju%H1VBJ=%t}ccvrqm*Lm#lgV3RC$T zM#{~cQ0xcT<8*(^VMdx{FDyy+i~q;9b_(Zr89r4fTO@UQOgfyPDNY!AK9s)}1_y zh<};gtR9GPEqRx+W#1S<_OgfyuI7^}^)(}iQNvu(-@R&{43xsGZ3hS{dJ4yljddHg zv^t1-K>6{bG7x;G5`wGmGuX(jc~dvv$K%%)9s5Y(5%QBFYIgB3&;1zehUMI++>k?l z4UWmf{EqXvvImXqZ-UZ|0^zMoB*n&zhLy1u5^rjefQG3sU{W%yVNn~8TE`+C8|b}X z+gZBB^d0?Bnw<-T6yW8V!@xf}o=wqLl3Ns4yqf9AxJ@NaryO^!wxbwBFG+d`8iFr=h`nO zS`pd$Tk)H`UUX^~4#UpJvv7}L>e4`yWupf;=>O||<>p52|CCrwm^%9p8-d?FC^)t0 z06Qso!T6z`#-$f$)4g?`2Q9fX}@USW(8zglZ> zKC7-P>=EO4ta-+QpwH%%X1tCIzJp{}y1JX)y6s)or22$GeMtKCEdx7)`)=b){Z{qf zkBjC2-gMxnp{uK^tLp+VGW7l4xczomvbiZ7?+vgFKqv4oNZVc%uWy4;Elm`#Nl06Q__*~+EmbGGqUsvtV^AjvtGMYGYiVL zKQ52Xwb_+b-m|r8m$RpVQ0HVWla;HH9Ic?em{nCZt%P%U;XjmUqP8!+xvjR(%VbB& z0K{*ajmK>>_)VT~;NWcVlgTL!8*tG{PEPrQ4NvITB&V!A;N#O=c4eiwlmGszR^_RR zk8`4K>-TI~8Ms9$f*u z-6G~tK}|KSmz|DgfQj*Z-=3A~#>HTNyY0ui=`#cYAZSr^= zSuMm8$_n`2U2r|lw7Imrh6C@|yT!0uOnFNl!;Zx7lcIzU}*->*>j)f4jnnp#RuFDi!scOypo;YhEe?V+0Eknio^AIk+GF~YvPCqzHApuZn@0bIGR zCQn%tlcLY5_OHi+0!X0Qwcd-WW93kX^;2jU3nFk^*ga!w7<+SfhWh7N&ZyLJ_u5?- zR(CLF4xJ~9B8k3Je@1W^lCT|SBfGYLL*N5LAs^z-{Xwzf5kXyq5ej%PL)R)W{2V%M zEh}xJdtohr7Ea9||C>ZpEhHf^Nmn^mIV!Je07M_mk3hb;kg>32N7NoVN$42(l-hM5%XIyrzL0YH#Dq* zzB)VMvmA#VhU7yeX&C~{8%}V(K@GKRTiF1UgoSch|L>ckX_3^Af^AoG5-8jBr9s~v?U>^(=VOS1Ps}89vl_rfT zX?bFa2rOxoNZ=5HyU`)zsv){2E$NG2yheDLb<@09!BXpl;tIj)ve1w!wG-vBSLYK! ze5M*Pd8DJw=2-iWRPc{#SQG5DEhnP{^$yu^4{gw{lmLxH5a>ri4x?PEp5b*A#G;_O z>ZKQXWsZ9|ix|rctKCKRTamE78_qEm)j)|_7}5;EgvK9Z_Ty8zN$GF2o-G;P+>#?{{EffidNHhTHKx z0A*eFy!9J5TW0v~C8shRm_PtgVDDey&ytdY3M>qLKdwnaEi?E%pAnA4+1VhE^uv>-tOpHDtYsWkwf_UhF8 zZZschTYKVV*X4MLj;uIVhQ5{sOAhGmy4~vml0h>1#Fn?4u0+^cci{=VOYhqgM5$hV zP;h8sk-t8T`8F%oEKnGerS)g6tik+A$G|KDfxgudo`IGYph(rN+I$?<3V0S5!DIas zD(-f9IOp@cqo$*KJ}4!0(V_!wFgs)Dr=mrOoC#Sy!(LW0Tw(5+ep$ZoDBSZQ6hYF1NI>*{?t=UDDp{&183 zgnr}SUZb-<_tD9OUD#UOiB96srnWEi_z{xr)W6M<@@VPIN^9>)KJck8p3!wax-eJ3 zWf+s&uhaM*7gNzP=LC;WP60fY?x?yb6z!h{)5b52X)r2y|BnkG_R7Rp+{i+WhfPn> z0n5Y{0_^ffnS!)+-gS*VsHGr59HG!%FdD68_`>kG8X2Zp0q%Tr`Cqe{*5>coqqEfv z{uy9zX-ADD{yWm$f84j=8%L0W_o#17Qm)mgNrMPSk}Wvpo&ZWmb@r;NHC@xJ5q@T~W%}uxWRcMDyVfB*x#b4d zgI&zqjS>dL?*D`PBw)_0C>V$iK*Em`Ec8Lp?p@kx2wK zZM*w~30d6Pb~~AbbdcVC2;fw}j_aE0;SA%x+Pocmsdd95Ab33lA9!fK687_`1}4z;AVT?zTOl z4mm8J@%B=YiWRcj@|>G#*BcV5MJ4=K069Enmmyy5YP z=VF2NxELgK0jg^%(%KB&{lmLh+lm-1&>;?yHFcZBVcN#Q6^a-$~P!x!8_E`iAhG5^@sZkiA4bwn^@)}t>n`6j)l0ZIGdI1m`*c$V* zMgJC<(~8gll|<0rQMh{4*dE5m;7HHNYrI4spYr3XIk7nzbre0hFMsb7Ne2@^>}s0) zv`iV9LenKvo(5L5J&R-BvKE z_iB#+%cKy2sqwFr;WRRf+)_X-&F`!RdMF->Bq*FzO_C{g|AaHJxt3;9-zA<5hKVX- z1DjfB2De!P+=pumMecYV_O`T`d<&_fJr~liw^1d6cn^J0H-DcYN0|0L@$Y+)dvx@3 z+aGro`^u7koTy~(@>0g=kd=Dq+Q-4E_g{EXb^=isSeSM@e~f{lz9BL^Hv$z2#Hb=x z*Dvx#)c!6fjZ8EuS?O*(fZJE+R=<)~-!<6~RF2x!3pumzGqi@9!@jmf$DYHoG!x1& zA+!B6Q5?kr*bq-fLONt-z?ad+;w>oa24jJM-Svjzso?}4S;)pIT3BN=`%x$&RZ9oc zapU-*L|?k2B79ezy+$snveBq4uNN^K1Pv^Fu^J92WmwASOBq6*A`O>4t8I)f>ncOW znGY!^4Z7*#Dh|G*MWROoqt>L_aa@j8j=uTdba`JDBhS)AR@DFjETWC#X1%+DhWbI+ z*&!yx`;!r=TXC}ca*m|*l5$9z?Ce8fE>UZnCbXfR8pd}O%R}qS+y3C&LJ{b`z4+Zi zPkfLD)>G$j|5mzrZ~}q(rA+ex^G)kX-m@yQdQE8D@UMlO9jkVPUse?ruD06%dn1Bg zuVIo58ci}Gc1k~OrJM!uj#WS3YRB)Zcho%$|H(eZ_c&#Zbp#D?%oaNB1weq=hFbX| zKVZWO^hFAeiYOpT)r!(wzxZ0f920n6;c`5d*4u9he9jVUd%fPuMd^KA`8>&x2)N-v zRcfcllas^T0}x1jFHcAMpI7_JGgm8`VQzl01KeU zhUsiR64Xc_8*m9om;=^?4tTMVvF1lD_RKMa#_z{K{9;3LWj{bC07;N0a3M`*-}Y^Y z-Cj=t++ zuprOJ^K}6i5NKboBdp*b0G&mO65Fje%Vl!|I?Qz0bdOyT7VWi)re(XF=((m&ADYX} z!xW#9(^gL`23EROH5)3_r(AKYT)*jpyyBzKR$WZoq}^hE4z$}syvLc^@u`d7`LVb* zk+oP(9%6*RUq;qHMnv;$_Ak8YCm(!P&;s@wR~khmM>x373esTypkGwf%N&9rMoGzr z^-9}04X(%>sDWT5G($Kix3G0R>v#QNY|t=en8vSA^Gjfe&6@l8OSXx^SKP{C_H`P| z_QT!%`Z;g#&egFSpa!${y^_WFbCoOU^wW4GZOk=2N=G##h<1FkE|GY`0tE49?pcLACbPVMzEk_2O*MU~xDggq)GJuXAX)QH+Om z1HV?3vSI#~{zS+1fXBGWF-Nly*VDkZwmF7R`}Hpw-+#9fHSVo!yRo4_%MO(+{RBy` z8rN=BX;?kFBdXBARt!qsX`)G%7s-)1wM)k3HNGNWKNUXeR-sMHn6G@y!?Kk$w&*%m zSqqak+tMrj$-^-v$Ut`<^mjpNLDSeEKbtc{U_>j~f0#Z&(B65?m2QFq3+JJIX_~g( zh;hyzwDE0e)H?^4$fWxL@n6}av`%x)6wWE8o=uw#{6=bFrn}s&OZ)1O)7>j93vN5D zXp|#CJn#-LXh;rfu3y1G5N%vRkRTQa*#{&9CwymPSdCc}f_KETP1DwOFayE0zfVCT zkC4D4k>p=CZ_ ze(e%7wa>0v?kH)*U3P;1I@*Zlqoiy@b+4%*;Wv2-LoPif&P6kCyXfx+_q(}QTPN*( z{e{qvj*Wg!z@_&cxlU-DW*pb%Z=3lt;)4MI4f7tZw)#=i*qNDns`1%%JYzf}6&f1} z5A*}fpEQ61c^0ZxnH)Vwo;*e_ld;RxI%hmm4^=Afp+-lT_NV}m2}WwY`?PYw`kFG$ z-J=8+iO+tfF#8P4#AeuASgZh#Zno;$1zAh)y9QsS#__#d1j`!UC@W6jdw0dpFupTRt)AdC>>Jwr8h6mOuu)z)+9)9VZQSXo zBKeRtQd=0(?_PyI9OXaWA0|D37Qa{{eZjn-uACmW9MS0ltpA!;%Ui;5zuMO3rE%2a zl;$oYa#g2$*SLxr;^T(!s`>XI(}4N^3_RyC*Jza^^-Pp`=^^=nk)~K$p{R8YQ6HuR^^w&-WcFk5X#k zr-!B`5QZyN{S}lxS)Z_M#Y&H%0qXM<2J`RS!y?R_O7UU}o8?x zH6MURVzN$}&N>C3;Htyb*U)HdOd9?H@g!J&*GdRTuz-BSf7LLcwKXl!_pq0_BFYGa zE>UEWhu~WPx%T2kp>P2G{YiOcKOPz!+&EwQd-Y8k)458GX1(A)IX-V>1Gle2WCZNy z6wRM}LlW^=m+-emN> zXJxhd^RHgE2BLJT{KtYFh!}*(x^rryovPeJ%B`tW0iqR;F9jQW@E5agqbYS1_~zw0zEHsEJ5S#G&n0ld1oGlG*yj&5cn?Mt+Mn^F_|u+Qj;MIECcu|K$kVo)>Q z4tHZx!EKkg!dj_ITMI(cj<&UKaXoXy)-K-~D+d$S*NZD=J>9Gftpw;^BTEI-nuMY%ZL>2BZek1{atinZclPfnxla6_0?Mtlj$kdSn-aUJ6G8Q<9 zh_j#{#eVLeSGeO+OH+bT!#g%o@6I80?;36;ZB-t-vaGM}R-aAe`nlmZ25%lj#tG@u zn17V^RxWX;3AnO-0Wr6KM!rsd^WtQ0fwKtE{9n@zw49pH|dUsp$%qFe<-juI7UFph>>V(C$1*>d~~toidn4#lyv}J z#fEp#XgYH*&97de@SvG-3aN}(4%2C(Jb8w>KXy)+$M_QdFF>lK|PXG$lfUd!CN z7OHHj0?-*cFzAE0>CkiKWYw zNMkl~yuXoHbFvuTsQ9vyxpBVYgsZIWV;%-SKSMp7k4=tJGTb6RQzAd18-Vh@e~tqR z0ALxA%Eocj^4}jny1l?_s|SdW53yTI2zjhp*9AWJ_ih>*hz7*Ue*6Ha85GPhpB>kj z?8ix&CC;T^Ou`Fq_Q|o4T|z)DZaY=`8Aue}lBDy8qd%gPciXCTjQZO9+|byt?x8Gz-6gBUr| zq$VTIFE&nZljZy+OzhgrGYMxAPSinq^wGcIfnHm^e8?(#5ThdY{IV+8+7## z`_F^ToW`LTGzrYlmJCwG{Ua&o{2_Xwcz#rGp`^6)j_Bzpaoh0R!YZIaqpI`IMKEWRzI|U57@bK{{6T5>-XdX;zZ*h-&80!Wx&14@l z=5Tw9BY4c$5Ar_2)TmrHj@%@D&2d-+N9{Gy7YuoPp*Zfh@5%7I$-$ zfc0o6gMa{lK75Bb{pfO>t$~UHNZlGqLNip?i|BO;e2hLYbM5LhXaRYf z){oAg=N*SrZoHvS>ihmM*nNAfR1^p&;)zvMD%tpnHu+i0U#8$ z`fnrsa7qcnB6kxpTUE3^7|E#Tj27>yWb{*6b9bnT@sAHNuf^g&qgCD;{h4ggq22ZZ zbRaYW;L**TzSCB*g@+Vbs;m7IUt@XlT=0;AjYtrZNLUd5nTL>nUuL)xJL1c_dh{X! zaB8@gD;u{+>jX&iN9PMW>?gZZfji9EeC7>8gRuH!sZl}fs+zt(#r%K?2>p8o2B^5Q~z6 z59|Zf)D&gb-6p5%W|no_4%-Y1EcbEew&d>|I6`0(aCCPL`*fZ_a0_a95?f#e3)c63 zYs9Q_v~6M1dgY^I7PI%ecMkgSVx`r=@&&sbuJzVu^nmZg^+9~>*bu(lOxV%2fW(uV zJwbTKze%WD$#aB^v}`e7IR2l=%e6ee#t~)MYwR{xtyX)|ga^=M0OBb?yhU`P5HFDx z?|Zg~w1v>rQqz=W0=NO_>+O_P$5q>2ZaH3upC~j-kWO>@+Pp(uwxeI{ob!W#1BLl^ zAI43Hk(v5ry7LGgpFiM}s8u#+_{U0B%4hrmxt^`BDs z=2zG^GPMisx${atub@cU)Ph@L3iQ~vA1cl*d)U-?W{dJ4a84`I)zoGGv3&iN^7gBP ze`k{H?e1iEe!>Sw!NC=Z{t(MgO?$qG6SRRR+yIVoB=Dpz8z^y}^;_7&_< z9d@B{u11ebi|5w4_<8*%<%$Fr&kl|EMazkjb0WJBg8ypQ&*e_q&ZR48(=qldXH6^q zAI(PD2WFb;<^?7A=i1bUZt4f`sI+8iS4*nLCxwk^5P-zmoA#8h)EjVJc6>8{0H|zb zj)O7-4c-u)T;}FPZzT;KBfO(zafN}=yY==7rkP}3clEA|23@I+!cUp0aq@C_Y1ELQW@ zrHbZAbS!2ixw?c^N-i+aGsc>!*DK!98jq$o9iRF(Cb2 zPo_-~$Z%;ORN1)`1e4pA5v>BbmQr+BS5YOvK%|k^yJkTF6+c6?Vz0d}6=O{60dnt4 zPk&ebP8&|AUe&q^(55PYA#YEG*&0xBe^rkF$2Rs^Dus_32|+>5-l z4hrC*cNKFbyCg(!;1QsdBO;gz{5f^$wSR*F0mf>0xhv(L{!NbGC;;2_8m}3>4~FXG z3gmQU2gBB;+uX$C0VYNnzA*ac~Bq85(0CYZ-*zKrg*z98)sC|@wA`ml!8CrQ^}UY z!lBKl`U*HjfPusf0+bjP$qZ5_->%MSpD{9`ZIUGlz&vJ~NMPYThyl2?S54Dt>LHN( z1P}%G;#jNcdI7084kgpW7wTAaf;{nh%T!fq&|QiTxj&Dn_Rs=iYy#QVunj&6Q4?e1 z_HAV-P<1g*9roP2%W9Sqd$A$vRxPm(Z1v?pZEQg%wdDY>y*)Ks*ek5=S&-)L5ccg>tm_IvU zhnec!y>{$y-BN`%q%HJEpc41g8KXV6|6n7sXKlg1#r>(G(z)yB%?gso*6Z)!n;Yhb zzn{Jz`oLh#oxNmcJ!s>%yI+3x8z7g}EG~J<3^2lXM(W?DGkU;!T>-h4_bqWHlogh@ zvrxvvG3H1uZ?7EN;jw`wmf33SlS)8b&mh6u?J}X7ynPKI19iJxxkz{tD=@B5r?st) zg>)?3Y@&7pe_OTN58ZO}db6E?DG3!-Y6~y%o(q6R1uTc4cjSrKib6CzkS8U zg`_|eH}iBd0Q2`i5q5>~(U5Ov$mgoIO3T8c!vy(9m+PnBK2KrWKUs3b@*?7aH4KcB z8A4JEfBRMX^8@=aU2+pUq-ab+g!CaY2AJ zhhESTF-S1##YH_odq&hmx;Hg}i?98J_k4Dl{?Jz#ZA&Vtp@sd^s_ONpUUD{oj8tvT zlNRUI4*pOjf&OV1v`77s-|x)(4F$HALIMU7a0jp!MaZ#?%r4R38$ux6lK@xUg9bgx zFD69(KQ6$EU?aj|8c#Kce2XRR89@xm!JuIIvL=!3BopJda3et&B>2J)-VH`k$_@0B zo#9ijf&>W?_PWe0jv3K8Vl{;=G}d0&-NZcqgJ`woy8izD5&10e|E$7Zm#pb=QihD4 zcNgx}>5sq!!?gH(cTFxT%l@q(H{*cDC#1IZUxy1Q2t1#9crH7Q58vIkUS_j+Fc{p= zHaYY+TfItG|42Ag*6-mKXNV~(E^TWjrW8Xx5PHVA;FDMfQSB(U(KSG!1L96 z_2gIu#mS(NfiX|W_ z@?1fCea*I2*J@K+h`kNV?u!W&G;#y|*!xG@K4*fCgfJ?q_f~D!U0df-`z6bT(+tJ- z(W{B6Ua6Hvxe9YI0r!#gHD-Emyt=BS!1n$1+(0O8Y8ZmJM<?JxTI_`l735C}t4^1k)=G~QHPxnx@@oo{-ACaM|$yPq_&DsLVtCQnd-SQk$Mtj9hK@Fa z)z9RmIa^R(Q<2HYCx6`HAGi=zJ^E*d3A17)7?97)L*Zt#4Ft=UMUgnN5OVI>3cKHQ z;^}givL1as4HC?d35=J=RpZ#XjKh{3XHOKDnPiSGJaA3mlIsnvx7K$@&DW_MEF4KZ`HGEcw9aJt1{Y z2psAXx2Ie97r>vlWSJD6YD6T5Msxqp=;N53%`fSWZdzFEUP>iBh*obY7v+jQdBfE{ z6Ajz$1{yO2dE}np)YT-H{jQ>hf6vdx4At|fZsaJvR#mrf5KhgyRrKaM+t#OSRJOF}#3cQh&~7^% zO%%ofp>J(NOVh`(C~a2p<}QKJUdw9;loIR(;V&azvaIEl=_EwR((mzJqz1K}N(mqW zD;Vc2eIf&}M|+vtk<%{sxf^kjOTAymJ`Pg0vQL(!r1?KoqiQvg7Ep!7oAtdIPS!1BUohZ^Aup&|3IG-M|>o@cf?yX=KEIHF?(`fZFHlG>fr!T&G~ej^J+C>ut2Tm7-C80$KQcPLDET;T5_&x zDyK`XsWAgPUDr$F2&Zc5>Z-c!S@mbhsV{&_Gy#fGf{Cx5o|O}7v0gJYoY(WBsjL1_ z{UESor{YHhIW;sse15D?)OH6PFg>=7e4k9rx0*FRfYC;v;47Y~LysD?p>D!I zV4KcOcaJJ@rmjXAv)oM`c|oT z-NLQp>ID6N$5`Z6HfN}$muOYO?e7K-dLqGrR#Yix5;AiOT=Ik$MJbCQF4Cq6i^}E_ ztes3d*TcIR)Bep6QXcA-5j&}B;lsp(dj~NH1cie6BZV#uMQsFF4yV{%#{9k#PzYu*}Mnf*`*ukf-s6)e)ie3!UwfJvxl8ca%i1!CB z-<-hy9w`+cw5ihnGZy2l%?0)KD4EKmxTP`7qz3wI$$1y6CDJcQG;=dSUDEGAV4m*% zLbyM`uWs6xeXve<(u&JNCw%-}f4TmelUU)5rbY0zerqGXhZirGKbCNwN>Px{!$bga|c+_ zvH8r`RK}TcoO`=94TJON_IkdT*gsxKcA=FnS}iCgF2LuzQVMGa(do8y>B`Wuw7x!G zT&zCF%c!w9O+Eok-Q?6{Dl}M-0yVm-((xuw>%~^j7ZBNyD3D>hkWhRVw;l&&Tzqk) z=dG!x>~lVD3Tlhbb|K-3T#Ma%np~Ba^)q@n*XEG7?4@&?G+M|$@lb3Ce zPpn=zPDn)kH!8j*ymQOY!)!BH7W5RUGELid7tR4>RWv1;bT@~?jD^En>uYg)50*(I zXjC5cw>Jv-ej>z8kB+Jx9H0uz#tDvFTThIS+nJavvZdstI9-$^qHmv=&-@J7`!|{ zf^6o5a&Fk@=#+M=&&%8c;1V-xWi_4tMBsY9^?uKxK1&}2Zyn8kX8G1|(*CaIql2+KLv4$iG(R?NABfx2If@s2-Xz1Now;PUu27Jk=x0)< z7!t~|1$&~5xUb6h&se^M$8f2|8wa8TGDVqxsMZ>~5cJDddL7E$#m(}NgpWrC3*gb& z_;%DynYY%PLcm}Yvz1jn$NzzMw(YbCQ{M3f3Dc1gguJVPjC4u8uOKW)!~dbx=3tzY zF1RUo@DrV=m%@uf3T<*o>-xI%$4PX0GssU$C70E1aY1e!H*FbH{iB$pZf&+C(eqyMn?k8K4DKU!5K2rskcMX)!Wk`3Lm z6=X6i5(||Tl2gmeDNU68T!Pn9k>vhemLUs=5$#_iY0QxBn>8e;xY z4u&A0dsvJo21z7ZQa%zZBdS+)hPO2aKvsWwx}`hu9DSzV@cw-~&puM-}J$N`>spkDx zk7n#<9Az*#kSp3~C$vvsTN-pI1-6!Ij#MkVx>_L_9kd4MO1<4ms0^m;>d%^{ua@aoKKI$`+mX4XQ_4s}OGVM&j8@?NwBz8o<`=c9x z*z_VgHI#G)_ild(3wu2tbC_)e_2n4=M)7Wa$B83n6_z6dd)G@{uUqk-C)(?++bfRW z%D8fTUhV~a`epbSC1oXFb{n%nb#{BN!2iy2-pY;N{`sh1?ryTGsoCWJ1@!R&cDlXp zO-Ayr^fr{q;Z#wi1iHGvwO(g05x?B}5rT*bP3xn*B4zW6NO-yS&22}=O3LZt{dI9s z6}UD=#yaEDX`k2o%f-@MdM{G9F zs+HyCn1(derG|s0b3j2)PD)0;(c_W`TYW%?JX@}u3KZIhlg*KFZ=G96Y$mI_gQz>2 zRF(oQ@tGW!Wy@v9qgtWLo-(GC#EqR1KDWC3_%u0Rn=%CiIWC*4h#1bHm(%pI4V#ZD ze(jbcdvp2=?^Ta+3@$jny z6S`yy%04=_V}6E1t_M>-?^z|5J_@3jbduN9R5qkPkOvolvd?5r$@87E%;GEKo1(Tc0R#_`kbo##h^XH zDoR_**6Tq+P@6ZTx(43-6y1{?+w<|=xO5+{=GBtwW8?~>SG$YY}dmpJ)F?nR@c^w-OpGt5pXaJtj?)>Nir_E!|9+Y3VVg{CMQCww+r3rH{(THh-#a7FAhm3P zPpPx4h{2z$JbU*w`QRM#osYv~kv9BJAgc#^Tf(a*W-4X9a^E?S{oe2H&Xk{-vAJ@u zgbW1wMYoa!B}Fdn^029En#e*TI|5yax^R&U|*+&^ev;;(oDdFHUY z7ltY-|4NI}r_TzhXy}S}&6^`FFNqtGAB08!rc7AVMVZ-eb_v-I4t5v@8l{k6kswe1 zuAmq9u|1LDC!ophz%2T<+tkRXP~|nq`AW5q6-#aYx9mlnmpJHz0UR2r&$bw&Tpik45IiN(@lM+GXJ*TvVZc4U=pNIw&^;~p@w$bM zI~#GJPExs)>t-#MSFLu^6vB3`2?8Xkxr(&yTdkHE{yRP=<>kHA3+(&%?+zX$ zQpFVsYKKP$Ta#lY-X3N%+E*)gnhHln;`3zATkcgJ@Uk2~g=doSb0c2*5$PGy2UBoAkP!?R_>RHs^FLS(o+3H1lsh`)X29 z(Oz1n{;VDw9n)Iof1>U^);NOW#`Fg)rQNNJlAp#xE|#VNmd9 z5Lhc9GAE{%b78F4IKFS|49i%;$r6doy6;^%d-X1Xz3O8VeNiy)Tb;ocVLImBzX0z+c1ZYs2QRklSLLEq#352#NFc80Z~ckxd2HjtS-w<#b+(Im;pmb!SlX0b59Bcf2>GNn8seF%RFi&C4b@TcuW+TfcJx z739C4;1zBY?qhbxW7_Q03H9pPZZB1Z_9~BbKZxrpJ8nUon43#;Pd|3!2&SVCpwIMr z;V`_V768GYeJ1zNYw0W?o~)j^Nk5X5?rrI*qvaHXwfEl)H)V7)CE$g-#8>0k=O>cH zr0Wbgb^bxp)jSHeI?>j+1b-OdHl6Xgc=7Z#mtCXSjNs?r;OFo9i5*YBz}igrzrR!m z3bl@atgggGL73G(BX&E@Jmt5uy={~!u3^N18vA0T4h~OwKC-%+4_N&(vZvjrD-L~R z-$_gt3jNvs)GC}mB<+76|91kaIR68sC_Q%D=&W7-UYJf?+7AU;&|=9{b8#7BrM_B| z=IfU>bGWtUEu96!=oKSoaQhoo9;zc6tHAmU3*&~SIe)QL`|iWNG~(lGHl1+|EX-UQPz66ix#x zgs;CBB?Ck^*g2t$2wWI4@U>bJBhi+28M3`wXCBmpmwcw_@<|HJ*L5Mc zdBj3YZrEQGtrkvK6Q}mdF?W+>sj@b@Og~{~MYxM*!$d6=Jqkj!q{j$l^pLDG;nvl_ z$XHL}zY*o3Ao7U-$ST{3#05(byQKm{UWD1jbiM zrKkrr7Q80z9(3FX849)sn;O5_UB$S`jsxg8gJI70g9A>pf#sV8hP^ETP{#*=OF}qsm z#vM}tc1L`(%j9A8u9zuvWas)ab5_)5`9@bM8;-myp*5Pt$M^qk5M***>iQqHXmxi?q-D9f=arZg zy^7prJ9su^AxwG$=^tO%O$}P6%kxAg@&6E@N=!~FiU(@GEN+?>LcOZVw|>)B`#(&* zbyQW|_dR@(k`5J+MnI)OTDqmXTe?fSrMtUCO1irn>F)0C&UgEKe%~?PJMLeoc=kE_ ztUcFUYt6X}#I!>XdNm9mHIPNx8njGL`SdPejgxJ%nMXc1j~?`B;e?M$;6-Rsnq^5= z7QhlLI0#2A(P#Ofxc1H84;hC%Nhy}@>wSrco*!_Vk3o)GV8<$d;qJ&aO*%8O&$@yk zh@iPId&nx83Cr_(&zao~rgb&0TmxcNX%nWd1{#4i5|_Q|a-lQT6! zFAjGJ#qYXF!M#YX*dmqd1HK`gbJ*EVE#|5go09M@t>T*pu{e~E=Ixz%Fz4_gAk_#b zf-jtknzJ3^*($hDgmE7}w_a;Phl1c2$XNB48VpcIhCD4U)5QkFne|bq%GG#X(}5sm zxuz(wYq+J5|Lt^52k?U%Pj?t@sUf!Is=ry&&LCYW{!&x6N``hcsrj$9R zSvZAXBJ*hyy~qU8fXFTn4eRdiM8cU0EyMpW_23y$yooKcx6&^5zc|bL2@Bob6z_%# z4~>vH5NU#{_=k4pH_ppzn01VHH4NXOjW!=%zC|wlX+Kzo&ToTR4|%R@b>8Sb_W`cI z9Gh$f2Jpq~=rZ)m?X@ThG)Hpx=FzV3eVrfcZh6a5tcqVDE7f93BCIktD&U}@ZLE>H zJBO$_l@7%%$;{?|ze2a+F{UwXFT8*a+1voB41k1(l(CgL>)%gp6K@vL>2f8X@y*K; zSycu(NEEI5rl@E=#bWIQU~t;>ydO`*-l9!ySLY=00TWI*2>gH|iWoD1nPP2c8{boY zyZupk%b=BtLpPiac@A+b5JzC73mfrwX-40sY1=n=w>?61G7?exaeBMoRI=!zL&t(@ zEE~dYXJiJotVW#pj{3Gm@J^__(sfCm2TI*9K?kKeqp2D*V>rcV@)`5t zgbN#-4wouqxsoKs+HOE~HRbPZ%Q z5?xtRe}I{cHpkDkB_YF2LWmQm3@2&Wci{Mx=VY-+~GVXfryDH z50=CpsdZ8kKEfs1tEyW;8d8X8n8@(| z$UyOamOcrNBcDkgexI#^MVmcY_<{eXhigu=ClzSLpEDN=#z5clq&LVK?DOhF z(YCqDeh@PfjWJQ;ic~Z?_-gUVYPi>;i-eOgO&;D_B>#wHov>KJQ;W>#{_7LD>`@rT z2IPXj*@ISI$xIY7ODBthc>(eT-gfM6#IV0<3^Ic#I~x#mZOON9l;YNci1{!w)icyx z{TOPG>4NrCR2blY)dntzcNs`E;%)V2O%}eYww!BD)=*qhbikrq4n-eE!Men-F@i_( zFk=#eH=+G`2>wt9mT0SeGmNpmQq! z57#7pz3`_#b!>8_V4wd^($yoDU}VrrfhAO=jV3$rfU89(>+%WKe@C|AV@!<$U6VCD z@N!K|`G36tE6g}^Ua}tVakf!wlGZJ+nWmbBxmM`0G)#iBN)9||kRVq?f5;#RI9E_H zDZb5wmzprplu@Gbp&~4BWcIja?uQi6xvUA#OiS(-nWsJW-qv3M=kk}h*=#)J3XBNK zM3*s?#wT;)^mH1*IVX+y`Po1{I%wfTK9ly<9?#I*V?p|4jg@!$XUCsUGTnaU{t(bA z9+POMs!o=dV}>~C(yI(+IrJ#M@iQfWz*v{ddbmw2=HgMm$d6mE(geFzTaFd)Q(ch? zXeO9RDHP-%VR&$EXDX{9Lh(v=ETHL2fa$v*5TbW|j9Y4uL?Sii0A0?Ax4+nTgkX*;wE zkZQo;!qo8`+rMG9b$jds8+BVE3zkfb$@E)E`(^ubaa-j>3akw(m!HPqhW9I4IEZyi zaGf5lRvqeU3TE>%1L-#%v+cuF5_NK{v`o{gZ4T!e4J)G})-72WvbGifAn!_v z(90bi5R`vqm>U?wX84BA!DJ;p!>0G!&-8U{&*i=H*ARi6K{+jS_nY@jW|b z@y{X2gFDZsz7`*xiBJ&NDj)ixkzoOC83xvbjDFhPyLIh6kJhS&7<^!*Gr%KXe;xAm%CwXHh6Ilui*3Po!C{#W7{| z-WL>zH3}^c#5yyW*^VO;2L_kN9|{}|Aaq|a>>hN6VXitO6aC4Di#oQ77ma0+)qjn7 zGEnzbGmH$O(r0MEjo}`_ZFD%rRXfKp7jb*tJpYj$2LfYT4xv@bC&801Osbyu{$2v{ z(X{A3*`C5G7i<&(cu}wt3PFW1n>99H$ui%*T3Q+Uv5N^mIGNzlF3ahxKOC$smONL)y?d6rj zvb!g7M;lz~Xo|bli>K&mnn@A+5f&or<_^n^H-EY)!Grq0wGh3VJT^Po2@{~hxZ(ZO zdTY9_pYydujYfq3zo;os=nOS*M;AT(o<9p)hbw&Q^DI{c?n4&)xEwyLI+u$WifeG1 zB=fXG#y!JTq-m>rE_NHTFVb9VL}Xg<$AaU-UZef&pL30?xl%4#5~m4#4Ldn zQ`8q%p9`42qOU?$d&?c}lX#Rp4dbRgyvce(7?~q^788ibjc*&kSs&}g%q(;29Q89e zO-TBfLovTbqo;?MWhc}S3zPTv*j%!h(EcX{mRzNi!XI=i#ac6BZ#TNvAfcyQVW(RZ z_P;?;BNBUiqxh{C5EFsh{xPuBBTnpg4RPVEUPcP$7o9bVwdknuQy%hOrc1Jsp`PuT zgtA3!^p18}n3C+dD%OSb=Sgq|$cOS_UHInq+19B%D=tWtoAc&= zHI=Nr89rfW8$<~O?W-QJHNIB0&}xsW4$|>DucHlwD91y5pxQ>w;=~S2^P{ShDQ1Qn zRk>ypSea!2^Lx?Ljub!v^@srV*xVg_A|`|H2=XgqCAJ0V0r_RiG~>KZf!gmSI9GM= zwpWZ(Uk2Rtda;l9zP4#u4W2jT>_Jwy3EvaKsiXC()DVd3%}3D`4{)YPln&0aREG^w z<{_zO2{qtMl(}s@eJyd5W7w&G|l%_lFe=Lg*P)tThU**L3tA z?;w%IqlT3uQRbX-KJtq6BmNy?%-KZn&|buZS~^Q^Z9S8eeyGGP$$_OGZ*h=swuTVS z_9@nFq2m3WSCou53W^n1{w4Nn&%cB?&aX2sMZr{)YbsHU zoB44K;JnAQWbJ{=%=X;5x_+{Mk$Mr|2mxfABq9jDF~$YUe!7zUfN5&HtY*R7h}bPf5a012GDpb5@lVVCnobb;hTJE z_Wv@OzN*iQ-( zASoL{yi^e(CM4lB;SA%2c=55f=SQeFh9nWJ)n{dz&#G1DzDn4NFq(qvuo!#)HOfm! zkzJ+aw_t44^JC3+Y8ky(x9;-fb?a75@w$kJPjdVEd}W>A-PFyW(Q`5{4Wn(^U21)M zENHLR{wt{bk8r1ruh}8ifB183&xc|Q$7SVoAlT}Y9VtglBw8nPj=$x|C!!#rKr%BE zFoiIX_iWDBXciZS1$Wbch!VUJ{@(?I+f63QBFPpl9BP5fNc~;hU`Sf&m;>MJb?9@i z>Z}q~Ho|o39NPl5=OW5@Ur5KQyy0ZvJ&)wU#67NX9Z~pR#`I-y&rR5Ux(1H08S%#v zyom#~>rUI`C)(4;ilLRi6?{d_-a{+>1*y0l0689v^^N0vx`{2tVD*Y8yT6}wKDg91 zChzt=whBUo)Il<;&P?Pz%Xy&S0Q^jAW{1dpXPa<&W=Q3kk1)!vaat>55M$yRZGw@{ zo`!jmY~R&%BW?(4UEc^KR)9cCVZ39@-t z?d8}VP15!#Dl-MNF3QEIEp)Q4AaG?g^G04l{_lo+S!=P<4)%GH)_xl}7F&j5y5o@^ zt7$)jBu2F^a$ZUYrp@K!Jizmn36(-ktNEs=Jem|Q_kqI9=)*e4OUAX94pdV;G z3^moM!Ov}8nFJEQ^a({ry`~y@hvF$IEDn zm&!Jcz;}$ zbvZQ-O@F80(zJV+-x-^vwlMNdd#~rgDz>(yJ{6NGf$zmxl*i-0G)|15Xs9?Y=^~(_ z4YbFo%xXsDEuFBrTj!a6Ivp87S4+xslK7}_YWc(Qza#k({lK+eDTZ=l()4eK3wbu!5zgXQhtX6z9Fl+3wU(0p-ka!I<@uebe*d4!Uk^M(3$HFxFJjhrigLHg|2s&Q9Ie-zFIeh%vN*7UPhZYu8Q z-HlG9HC?xV_0JTmDh|>t6ka?uGN7jmV^!sSrg#a-bL<}gRUwgT zSwYM}%|el7mzF~lBw8R`%f1R169EO_5XG*Qt^R*~r$~xjZ`zB*x7Xn2auP?o72lZW zvHL*3102$RQu|Mm?^>~5q}w{oY88Q_In(H$a`saY89)5O(oqNei0xDrFP|p^YiI-# zy+i>C(Vr?&=B_BjI6=L|Qm|h^kCk3rK@y*qfE%DSG<@~IIg-n7Csx3%mT#yp;kP`NsOF;)9u^(#P7uYC*K{(r^S7lXfL>$oPIRO7%=M}nxKio8_&Q0sr|H(cEH?hqlJaZmgbc?fit=lg z)noYXrT9S`=}6Omlp(w>`b)`gUl-nF4Ddyj5n43h@w=xL%PA*HwEQc|z^spfGy>2` zN4%X(Fdfdn)=HV{M&w@$b?^_eQp?=t!PIO2qnp;Fa_bRPhFv%G)mP@=pFd_rj(t zOy{Em$8WyH3k?0OP)WfHJYN{v_r7+q@aUZe16M7|graZmv>0@+$6dI6LhbgQ z^)jd3U}m+5SG0(&OsW2XLvL#&P;@Y1TH^P;bge+@bugal7C~hKa~1HC6liSw1-pAD zRO#oBdWblwo3B3bJTzOUq9G~$a)Eeg|> z2+#bpu7}of8=sH1>NQ-#!XIqtkp?pf-OA;wtqMxYfB71??_F6im}RNqpz`do##tEv zZda`g4i*;ZYnFKN_F3qzaV)o(ULDhms?3un*9wOB!egIneL0_?Ds7$XLl%u*1X{lT zY=0jwI~{>bo7sE9V~BvJuR3e4I^GUKD!22xoEtu5Q{U*R;-q&bq14zkgfm=3;mz$? zz=`Ej6VyMUiM`33gIk0*Df1t|fB)~IU^fYaeP6GoacxB=`K4z$~4%vqIZz?bkzrfW*LJ zyJKgc|N8pxI;0(+p8~=W?-vw4%KlL($P#&$FPxMfVx|k6IY=U#(=qtE_5S;p_F01Y zSOm@egP9W0(s(jntzLV)lrl{gpl8|(a^?ovH0fyN{Z`Xx8#Iou#p!Th~G zCXAl#m9)&^P^56x97uVm8#gP<&2|s@_0p_7P)O#JW$Bu?8ufzF83`OZtG^iZdgojv z-&O!6;eU7d)tW}?XPx@fJaIhjWL2e!O3JvLFHtH2oz*Q*@IQ{nhc5Ri{sw6uKl>8D zHZj;LeQ0sL8j8D;$|tI8zPr~N+p4f5)>mV62qHn;JCpTv{gT04`x2hQKV?wj zw{FksR;}_0vhJU#vAI|mrMk*wGGJ+0x?wJu4R#p2Bxt9%C%rI}2yocQ+0H3h`hIIl&a2j2uIbv)!)fDoUs*Og2(*dv4hv0$MDsG;$6% zc=X2GhxL=`my`O=78Xl z9v718XNOeK5;uMI_QJiOuC6aLo(%<_M*}Y+>1%00LG*xRLQb!S6<3ebvYOL=MRws0 z$sU^jT%s)YjToI8Wm5;$jhP5X0 zxPkI9S+j!b&jIN4CvdXw{{sQ-ucFF#*QZyecsV}*ah$e7#R7Ahd zC^-zy>)B2+3e(09tS1*%R(}zVChzW+G)TcfanYFz@FQGay)%T$ifEKMkz(HQFt|oo z)u6A$X36J&%F{JVd(>f3hha50E!0&=I=j)F;7*WWFiU~wT>0NEt)l|6Gj#{z{*|!Q zzSS@=aO0%|)h=k%zUo;w&cA9?X7NWlpUjGyH2Bed1uCm@^AdUT>iPsgvt`0pl)^p> z%893wSH2<};jO9v@5Px#LR_~b4Q1u)Mdge|geBPgK>s;#{&uVPL>iw98PX{drd4sN zSW^X>sqYo3D5)sjo*o@M?wAu6cq^CthQB)APadVPX2-?7@>VX~od(i21f1qhKEl8+ zJ)Ot(zJDte=!C?H?H%mQw7B;I>6@Fwsoujo#QMj<{5K}~qOfR01qxzB?tdQqXxPm5jm_=?&BY3$Iry}!^z?sRBhvMH!Xg6Ag))k#Om}#gksyX6 zNvs<|a}evN{Wt;m7x3!EOBJFZBWl$-i2@f3C`e}+ITCiCJ~O0j=iubkt5>QAWnwP( zn?c}LkB?)@MqL7` z(&s8&KS7WQzaECw?j~AVAN9u#oiq=uSx;LmPFAZsrb#*8ca_V33diPj>)SX}t3mcO zI=c7boi_X(Ik1%{g)c2pr=X#cEl26|^QY_8F{8z{#6Ug-h$m-v`GQdtupIH6I5%#d zB7=dJr+aCzoSBgb=k4jC6td_F@RavQ4vPj=CvwL{;86)HY^O}K2F1n2hf}}Wvy&EQ zXA9;i+~3_f?#=?sSO#!NzSX)z#eJZ3G1cPq?3Y!ZU~se=sI%doJJ1JoEe%;CDE=6C+0N)32EL6w%w;4MxsQ zn3Az*I^a;=-``%o=g*8R9yTe_Xn9<2G`n+q-YzEUsW~C0pnBLj;hC6_%ZZDlQS%MM z=ejR9VRYgow6}Fp+ds<^IbLd1m)AVnIa$dvDt%v>9vG;j$;g+lkj~{!Nx_i$YgHG> zQhg%}wwy3LjnvKR30*tePY<}eb6)XiR+dv!Qp&ZOod9x&dTcbOnb&oZGdqf@Z_64j!d2F1&fs)?jC9_7A#kP zwRehyuUoUVeNgP*I^XDxAlC?{qokChj05eG?)R5T>=y_j)kq*R1)vc%*s^C;RS6bO z!NI^e9L-w{)}4VS4ZpUnF^=3?Q*J zQwrQ$Hm8eI#{0!GWoFCmc6#$959W*C3%B2VlOVPK9{Tj(VL*(Yj)qyb=m*BDCWWoP zebX=eZ0b6AixBH&f3`T+Ycy<%F+FZRZDAl5dBOcpaE5q+i5aYb3%bD;5=`1-lIk;q~}PF73m zBuYt1L#nhcHQi;mZN;j{DbHZQx@S+{#%AnT+F`NPvD7j{O_MkQn{$xI=CE%wKVl^9 zC3H;X3=FpYQjTrOb)3hj`be$JcCi&H}&OV7o z&m|>g^@hK!r8EO9m3#9>P|;LO&Qxq1%*jclFbsTtqbfPnyYP~b7AJZ#X3TVRyj&0b zjN3h*F<&?BK8b6)HcPiY3;%V0dW1v9#q>OLE0(xkX@@RtE?+Fl2ZLRGp75g4Z(qZJ z2b+7N-5h<^eXRNJojnbCVSd!qB&U=0%V{QbOfGlL>YNak@Sel3DN~}w#+iEYnKYu4 zZ-Eh64wx`DC(D{q5fNKethN|qf3AFj5n?(XlG8=N<;i`A#qzkB<@KLZ(H zZ3W7A%_3^56vah@{ezD;Cp;Oh&wgOCB~kJ-1r-$~b>v_D438!sXOW$)t?jKXEly9% ziTL7n5|ZiJUrL2m%T2QCR3IcOB}oV$4UUXF?DZ0X8(evw#tin*09QsDxARZuE5e$#9HOj9D7#WII*j(^pW8VuFgdY3aXgcxE!)iPt`9GTU0BS z*l+Y)G7k?A2^M%_zu_!3{@LwY>ok(e(5gFSXSo0Ikio z`iZ>lLC+p08qsL%ku+Ecey>Obp4A<{_VIGk4~q2p@T1XkyBSOV%rXtR`1E93a?&OK z4)+yL*T-GmeM*2aO%`aU2L=j%YeXkUD=4YCu#;N!2Bgeb&Pu4$mKHCyT)F30VM1Q{ z{JclQ!NW}^L9LEd~i9-D^b6cTIxh_Jw?ead?qL~T4z=fwFH3|*_4Tl;Y9KLN^ z4_+%#NvZL@A35aYFAI;$FWmQ&KfDkj3M!Zr%|b$c3$>QRO&&uc)P(fb)+#FEe*EdF zvETey9*%b0kG_9T;zlA9^{BEilXAd(pqx`6wCQ>O=^M#$3my(OTCVPWgBy$N8?#1?bX#hzgufN=-cd8;(X%{*kOo2$)#= z{N#_N+!{(vHB+Vo=!P@^Rjj{1zEoptHjutTZLXB(>06=l+ssUwTelWJ1;>-cxyNO= ze{QD;NS+7;x~)Sp#q4HfMb-$AO3F{Xj5cjTxH3g2Rb zJrx(TP^OIe!wS6F%F=9M?Q(+kR>2fzQ1-9YHE>ixei;m${*^z#pYBkbj)`u4Fg%HR zL4|^ZZ!|w#hXe(kou3y@#EJc1F92=AH!#2k&hl~K0ByN^xx9^*_<@)YJ!M(baYGpO z$_U^r4*TQ7BO2<2Zp%3?Qqx8#r$<}zqhflphQi zy9qWs(A66XZ5@AJ@f`X)ylz_$EG{f2YH0j*XG%4jUA7P***Uq7AU4!Xj~Jy(qj&k+ zn^`XRK^2H!?%^%8a7B#JQPD_>N&G4L^O>4jrPgK2UowTmalcE#X=nH-3~zd3$rT*! zz|76G`X0cp_wV<#J?eYS-M2UOPv-9!6rsTucD>#we;X_&7Ca#*53KCotZ(#$W$-$h zQ_*MnzJ2%Ba_(}ux=^|M``IrNfsW43EnA`Q9XXFpoRHa@PPB5c?31z1eQ_q(kC>=R zCp;s$S}Emsy8pDdd12y++2$?A5+hAb)L$#L=vSg*tn{459DplDlUVJW5 zu$>T{L*JlSuXm2ehedhY$&?gHGbM6w(p)Z&_2v*hkZ^~~m4c~d@quL=HmBF_#=}32 zJYV*DV|v4rB@?4#zvU~FWM&pl7okNM3$mHw_Mt%huGxqL|(YiPR#Z%?vL0 zXt~k``;+?hG<%6kyNb#ZEvXFd1JUil_7O)9{(NPN`5N_>a{@!Ybj_;UHXctXuPC5N zEN8L><`0IpZ1Xs|-Dd-%!24EESP&e780KFWFDfl=La?+w^sX?mpsP5Am3y`dAUG@l z!8|rk^(KsP!kO?pcXd6MJ0F|Q-hASD8st~gc3RJ`=iq)MCZ%}?d44kEk#7?dm&~0k z>{F6Gv7A3VP-jh`IqtX{addwL!N7}r4PffJGJoPjm_jd;q zs(*+3FRw0KU7i`aT&~V<&^}XAPlC!$v@uiih=V&n%1NWc!Si&#;&*NB``t8-TAsy< z`ihDUrc9;6r^}5a&@|L_$SysU);k#u;7zOZgnxf<@Cb-N7gMaUKZTw30MjA+N{Ls8 zSibFhbgXrdTq(bRdeKrDLo~z8Rg%!i)9Dhc$TLT5TAcG?pROV7^Yw*vtjiWDR%@l9 zWZtmmp2yYT?;WW$HV<%=&DjA35c7xY@}q^qDO0t!@0DGzz;tb_3z*7_Z@!z3%$l~RqoW2^O;d3sXA-GQ&PNBelm7dRGeC-Yjra^ zQY*OK_$UG6b$)Iu))s8BlGz@f7LzuWV^%w};uhl2lX|r&|ML8_(?Zk&@AZQE%;COG zof|UIa?%Rgy}%l(Pb|%sz9w^D9{%pucB?t)xU&N|FYAct_}M(7Z#6k@%$WO0aHSat z9<`WGnQ9B)w75T9#}B1YQV#w&;kkL?Tk4P=N@8{NSSo$>HI4Ro9oEDkhh{&{`LlAP zsC+K9n`JpK@vo}GdTE}g_J z5}CU=KFc%y8TrZ1sI78&*~3hQ_Smdltb~HYq<;}W6p==cuzTeXq4xsQi*i}H`}_Ns zlW!+DM>57n|8KV^PnvTCmcbI4|<>Y_F_CZc}<@0-DBarbsJ)p_!Ij?rbQ_a3$-U90T0o}BJW_ecER9iGa-FBBY9G3UO&L!>RJRc`U+ z!5A=@33E7^LxLb8A-#frMdSKOGLgw|p3Qx~Zg1@Iu?ZXp5U__)L5#_AAiRB`>yPFW z@aG2cAnPtKt?`E@P<@!Z=J7l-lHxMs1Uu3h$uFhW5|7c+&D#2P!hprQcT>4EW|y>( zf6$zh8}Jed;^hrg$S-1KsbOzFu_p*!T)+n*Q~9k>b!YMV(QwxQ25pU_0lbq5u7U-A)k@Z{Z+hpU7DZQF?(`v$>mR$e6-wX zSG6CyN3q|3hrs*Oi%#XbM;*v>$N*}_Ayf(n+mV5e4jb|c8hWNg^F+PXwYR6I#O;BA zwDS+U2dgFU*ox?NwH?;jmIZ(|6rb5bxU+n%Xl+htr1|z-j*gD*zCL*478r`idm3uB z4!h;nV~5gj6IQYnzDxAzouYb+xcskq0n|d+!5q&+JA|J2$gcGZf8i7WrMYCEfNsWn zf({$ENtLIrHoH729D?GK5;18}I4>++n#QYLlQm3My9)8(5J+3E2&d(^e&x<+`$p1Y z-{0K$)RX1P1XXva&N8sSUh&oop40P0%!~G-eZbLGon>Y1q||DHnUMBLaVM4t$GtOH2?s$@4)>DqgO!SdbM3 z(TiI9$LXl<H0JNmFs?WnXKM}(+*n;L|3a79~GIDB+xY&Em(*dUZExgJ+H3foi zJc==T7RE-$PP)%3&7g6rluPu8n%c z)}!tBdu(5d7AqnBOAms>EjuOn_mJ@MGq}_}8`Ici^O!SOd_Si4V7}$)(zyAUgr*K( zny4Dln^d95AC^NZev~xXLs^gXLIPxZCiqm9&$bb6+6#FDes^GUv(^;B7hG($( z?d=J?>f1W+2tX^`G(+zL)TP=zt>-@`I&$pN?d+ zGc4Cx3 zq)l1-Q0;!+wo?2=cK1g^3hULe+7mo-74ztLsH*h*kCv;~Lcjk^kAXA@$_prC_*a|H z-SY8$`}Uc6B}NS=>gP2XsN~$=-^()dMvUjkQB=2EeV&ivCB|WQ8C>&$hpb-y-5C4| z1SD**N91R4nFLR~>>j2iDfjKZeKQ97G3ImEM?A!=H&Bp&!dJ0k55M|_SgowB`vRk~ zib`d|gzYBK8Tuz@{EuuQyy!4-k-ZyR`bJwgmN2AF8ibHd245kwI*%h<_xh}W7e-g9 zbiUgDfdR93Q@D@{#;fynFK-_W`tj_r!-+gPb$SmT&lhm;Z|fUD^D1p$t&xhTCb829 z{WaAOV~B1+>S}4pz0mjLCyD4Kef^V6v|d9>$hy&9e#IO5)vE{sc5@bW=1lC-Jtb@6 zO#g}*`hKYy2hAqum};|!>!W~;I;lJ=O3K)8WbN(kxMADE;VrIcI65t^G1LnH1~=KV z`w$1-u(mw(oWG0JP8@iRf;e8*sO3P+3rE}wb7bfa%#)OXczogsulK}U*_Tjg- zig(fbU#_oG{;S}~VSn^zdMuQq^n6}hK-!U-neKORzg+XDArh|5zt}##y27J(`UZ@X zAlAp1`OYKM*=U+jnKIc+Blzmj@YWFnB8AV!}q zm3qM)!cQ5!8-4*IoNkF|kUM8*@Id|iV1L|{v~m_YC%&4t8)+@Gy*r?cqvW8v$RQuO z+MDqN1IIuRf%Twg%NlxV>c9GJRBEfW@IHIhhaKNcBen zIy!gs4}Kj%YnuM3M506P9CrKvO5F{fCnfxufBt-y7Hhg(zGqhGluTrs`+@n!kY8oM zno@_64;>J~nIoKb_hk0ZbqMy1eY+&hTf+iG)ryM@H8nOjNbdGTMCFo}F4Yxk2hym> z$W?y}=GE}NpuK+mi;y(5;&%22yLzSz?9ylp)``2zmYAw!*xZ|<2&x@iQwwJ%SQwZF z-XUU9xsMa-20zr_UwJmv6q*$PeY*KmH!Ss;=J!#lztw7&s|=`^r!40 z1EZtDT7rp?U5u!A6~yAG*W`t0M=QE!@VSkuAi;TAcrGV3&-ZEJm~Lq-cg$!(Nwee( z|1oqs*YB^#RK-|qgYVYjk-K)8R0&elz$d{3VVH{M8d1oo3EtJ8z0vZCPmMg%(&Ai> z*AgzK!D2ab`3gHDY0XY+kEzZVMl)!~;ZE7S9{(G|B~E_R2R(pEw$a%ox)A0 zZVpx+bo%IB+AFf3TA%nWCZs+Clg@DA!_SGYpsM|Ud64rR{A%v(T8G15#1&m|V3;r* z{<3sJip6s_xj1#edhWzY^#lvB!W+!_SCC-DtA;660qb3xHwUl{B^Py3NjG(wzn1)V z({&hG6u%-Z``^jf`m?6yqp3X!l0o(k3h4|D{J02azf?)f=g>I9cjgb(ZO;vS=c$Tf zp2EVLU;RUVZE)={sNbpi>!_%xsLbiN&%wlb91a>&q3MG1AyVjZF@0@(1~V!XTlmcZ z&+3um^yB5ib6la4ytw-Qj|NZ)N=Q!Cm#0W(7_Mtwe6Ppzzp+^K*J$tvDyZ4z4e|cv z{;?)F8{Pu`avRHdbEc~Vx^J|l1B*T|rj&`T!2rlkxPvyu~vrEDhX zC78Ln>0PE7U@r0cdHm2Vesk?$l%AB9ws3dIIAW~4Ru%b)f8Cj%c!r#e zQaQ=nvrgYG$QHs+mk^e#a?CArw14qo?!;>AWeBEtQQDd)n8lW78506gheL(zAMAU{_|#1KQsCng+`WRT(TvP68msqK8`#(= zwJ%om?)2Bi6AeN@^jnl6*q{9L3L*gg>a?<9nvkGO13Cbum)lT3JAcyD2V3;>+x5a# zSU8~mS2zeY<#YQ^>5G*Wkt;kr#Od_cx|VEIR4h6t^8)ghychwf(Kcd>fTZXmcBnB6 z1QQdA*;o}vM>K3~Y>4%bA8(CQ9JRF4Tgu~~b3eTP@-pW)>maX}WzQ4Syd;_LsBT4b z--?~>BElB7#*Uf=KCpvV5*Qy(tDolyWK}f!IbGBl7F}1M!bmRD0QaO@t}!M zRL7L5y?DrI>UT8;)~?yz?`%L%vw}8{Qw4zl6U|NkK^u`TeJ5 zN4zmBiQn>+nvTv&V#W*uF@liYT%y)A=9^44?wIdbmY`&6XmP$H2Nfghrv;ts9=ni^<>X%Tf5q61WGN&KH-Za1UDZo7kJ7n&h8xQr~AZv+K@$J22?seJk^Dd7H8Q%qFy+?sH9wI`{^*^i*h`=>q` z0ue!day<~{G$gJO$&q`qU%jcCd<*$Cv1gaTf}U1T$cx@JF|aW97XbpuFJFKk&$JRfqf z;}v5a6R*k9XZ7$5a&qc^|EMjCbfUqc)AU~=2ta#wUB6`@c&|*2MfA9Hf*ntDXL(XP zUxHy{Z=dpo8J9z+_j=?63ky@dNP+U{u9rwl<@zyhAmQ}OxG~e>0nI~=FjG-s;S?Q` zv0eK}j?Cwf1lrCT&%3jLY+v=SBA`!bdopNaHfn^cbu+3L;me3RBCJ=UY9#?a0TeMv z)k+=RD59z`tnA{%2pq5Wspwixhv%8U^2fDl*>P;@uk=(1$TB@#Tllc6Dj-=NTTbYG zhwv6Fc{W^;HqCS#v(;-{AEhq|2?;?~4-Yv>4L@31R5|#K`ueJ4)25PQ2~x%#-2|(r+ILjyVAZS9Y$z-w%3T@s%f>&UR8fk(iwr82wZsi8WaU=6UY+MeE)qm zZQ#b9vRUUV%nzs5jG>8KQvI)Riuh+!w5anwezM0WA+^A?QB^fDbSco_Xi>ZBf6-W4 z49lT6xDOq?WHRTlp0#FmM7yxlZhG`XV=Yns{MLY+{G_S=E7OOLp(V|6$`<)Z?Z||I zjk8Y@$)Vli(6oN(f@G!C>^Y-bXtyGyd4ULd}e(bMmer!TqY<6Cbj!);$rbU(@ z-=Vdt>gp%ZCox`AbJDV8f7sV9tGjl6joPujoq9-Zo=oP`p7?V3fzzEb?*2Z-tj63! znKEvfs^Q^!e?~aK-}T}4*Jm{)HNg3c=PSJ8_0US+Q&E`a%Hn9OJDjV&SWKD#htFAE zQ%`PBRqW<|0p;OB4wcgN*=5xS)r-uDy_1&Kt*oJx%PelHx4{kb^WYnLS@otj-285n z5guN|Zv66sXq88Yn6QT0#U-@8z{cLr^{SfH;bajMCnBC4+17yPRF*&*e%gGtg&!?AF@{jw&vA-StLJJ{qt@b!W0?nn%9O zPN$J)vTsVXL!iA*Zroj;)HFuRbdf(+HWW~xh0@Q#&u0gv3Bwsg>@HO?m6dXtpDAd8=3mcoc+(<& zxnRedvEZLAD(%66q2fQEtuPQ*mdaSz^f!OC3nWSy+S^ZoN|c%}|G$2P3{G-f){n%- zI4r%_2LubGy&``ND!P2t-8s2h7wc1YGYldb^hos#hqztuWBD^@pXc&G5fTBHC3Rp6 z!Eb2K#Du*2rdp{Om)<&ZOL<$?``oFi`e0@5e(k}wp7Z&>dNA~I^pqhzJ>82KEatCh zP-1JIAT=!=)fEvvIuGMF4#|pL%e9^>Gk9d2#FP|yIXBPF#*?rh9AGL{Iiyx@`~NZZ zmQhu8VY~3Ak&?*8WUp7WmZt+D?A1K4A& zx$nB-o?hInZYh&|tF34;X3Fs&&ER>g#vo<$}KxkqcU6ENoYz`+7X95ANiQ+Bi<ZQ*;*zFpMoYw$_Dvr-RTt>R1D&Cutb{^DWdSN}A#fa>@3 z-~__Ce4HnLdaKDj^7ujzX>;`BZJ6unQ&p`hr-jVboWmy3!67RGsfD(-latf<@&`sy zcNf)Z5kHc8&&&RzBi zB~Z(#(D#@@&rHvNF})!NteAocIe$=@=e??wRDQtg6G%Qt7nkQh)bWYY%(lZ>6fy`= zg-Fs9@X_(F&g(|o9xlQcQV3(D|A@3q)$6~`u4sH#DX&P6+3a2Y(S`;IazjEoHK%|v zUHvzKSAjTwJzVv(!@&FRadpe8HR1i6VYd6rpds>=d_*=iw9s~z78|(3I@K< zX}ZuMZ!>5D}4AuiJ>A znL13G*!vX(ZICjWF}(_F{%Fv|^6~K@ppptxnkFc$wnET3t=->~cN1ZFA%sK=&jT-J z&&`M0?@!*0buFR>tE;ObR3;`{cXRopy|z_J-H@ z?~ws*I;_Q+oP)9@uSts$chRBI=fORSn9CB}Yj^Z>y*?mOX?wQyTZ$h7tz=Knt#;rC z_<;4jJx(ezGEPSCt%7lQt`nYBz1{6&pW}n+g#|*i5Dp+|08c#x3%X@pgZ!*QqokII zdpLvR_8@-lXmMU6O#nRjwl;lt_q*;-v8c>UgC^`EPxe+iOVe|6;UE=N?g)8z{{Xe# z5o^S>Vp!9p@7%w(n91co>nu7&fU7H)X>qQ@)S0}FMcvKvD%*EO+LLl5Eg{%~(S0CIMD>gV7gXpHcBx~+?B}UtQ%=9y>1V+f{PmDiL8e4_9{KMBDbxF04cxcJunD%eenz+;^qHt5RcXbWX z*YU>xW)cJ}hg2#nerW1uuk(_$xFvYVt-w}(b{e&S!8I_?>a{)aBYFD;JF=gnLK5l! zWW7%;8!GznH`r72SZ^0z7_HzJs0+^D>Rv=diuhToV%ThHrbjRh77~4LxYhC0fn{gl z^*W$}d?}oI6FX2r6AcrIn&SQhPuprZH9f=0#SLlqhiY<)iik;$QPWd{hbUsvT1*$) z=FhI`Dqsq+Q5lbRA+0j}*~}#1!yice%bjj$s2cmf597)+0|Hgth5o0R#5vSTUMuWg zG3{jKeS=#)Iz%!g2pLetM#H-0n%p$R|86`#SkWXNKf2ccy9mbzH%#C95m1>a5wo#A zEyLz3n19feP{_2XZZZAFr*|`$JLE}E7q+nDY>Z^xQb!_u=GR@EuepLs7W`tJudV&z zG~n!`tfj`z$A`TCdo~2&1B|YLm@8-2LnB%#ZzD|{iXSrh{P{CrP{MgM&ds@uU&bJQ5#5^}2`ekRj#L(GGn%?)r%l*&P1I#^4E&>rX#(Wh1a!XKmeE;qIgV2<- zW#QnUW{V1Pc6CD{$k`rj?Zqa}6L{j0`BWh#Y0drE6+2q_ydExi#x?;|)-)|Q!1SDK*kl0L&@YMnfLGS z=r|83&D`1DS!(jg*|RmYv56FC1p8zJTYu}nzEFObl8lOG7l~3;R^E)fvx0!?eQmGe z?1b})e3DBzss(Wb8eL0T@nbZ}6n+Vp#I4{3eQF+pt|J%*{Ll3(z6+PLWshMTx^VN6}`CGk2Y?wqWh7>=qa1uz8=#DzO7uwbgUE-k+nVao@jA_%KrM`zC{%k=%s zM9QhK{=c$LgKsbV_G|rF;Adc}Hp3K`i-g)^xaWBYJE!k-j2UYF*Jmq74wio9w*;J#Ei>iX@y zFk2=P?y5@n`bVzhh#Pr?ihFD&BMj1Bv$O;M)k}Y)FPnt88^Iql+0z$l-(G4$S>t3- z>tqnKXiQP18WX-7BTe+}d5#()~X{(d^f4=5F$v*E3f(Gn7S4w_sCn-+g@*E z*VCaP4W8Q62rW&mTxMafNqq@oc7@rBPN6l zI~thO(MR(PT7QZR+zRcCmhkBcK!teIS51cy#m+tzFj0_`?=Ndm8YJ^PooMaC7H1qp zbc@tY5q1~x{oc`z$fhF;&bD&NFAtRWHn$>o$ILqRYC0(8t%Q%TIV81HJwb%fVTYyb z`(`9(1fSYiUIUrpFjmMo4Y=l7dM-B8GW|F@ zP!F~}dFrHvhY$UEuUz}+85R6>5GC-eT+;&M@Y@_bqdD5c4H@LOT76sOk;Y=m@la*r zfu$Ag=ZvF+9aCRZp`RJ6n@OwoUcQ>rKfWL?Dl93Gh9<=5EJ!m8m8!;=hQ7ska~_rT zv;OUy&|{6Oq$l3s(tWhIjOpfvx~hgVs20}!@38QPfB2XlL1YZ1DF?gJDiQ* zdp|rdd!O7-(kg(I9M95Xw1mlU^$GRAhpApJ8HIGbyW6*W`TT^S@wL40sYcVa!}yGH zKZ?XNPbhzK+GZU$P_l-c!)aD(FDMNRezwkyp}vX1LLtj_@B89&y9DP>#8;}6SPH_g z^f2mIR%Nxe{w)FJ$M6=~G$N!xoMOKE&r-|<7Wrg8Wfiz6!@f-H@9LT2*_Lj62#x+bdK5I_#W<9CE09In)g&OHU zbZ!?B$a@1#@felb`XZY`hGK~zTZYr|NysN@5&@FYT_j{U#!KDh=A0%(3$2SURzonX z-|;UZtC(FjGw>1+R_jT+tln>|F8r)o4_^*?p-~X3UMn=ibyl?;8|N-m@!ap^v-TQ! zaO>=(Y~oHt6Xp%{l;r$pzw>}7>~ZSrW&bS(?Nuo5uP4^dowus08YWn8LG@wI9k%v& zGx!|HL^o1^YS_EcDY4S7xM;zuVb05{oP79ubDPU_vZ|5EN1q@V1BO1CS=tA3R$`jLq#<=PXpLrqj-?>y5_ zVM0lSwuO3)ClkJ4mlmG*T!bn15w=L1^%`Zm=n}Da^_A9t3T#P1^9dXXzvK=61Kw)d zx#>+Fj@Bn>X=xJUCY5%I%pPeHuuw-#rIf&i3~@g}+9)L>+vM7n@ZgZGzK<4_sB=pD zuaPd-djlaPIR#RxX$H(+dI)@eKf%22Psms;iAIZ^&TOp}b;=;3#H8{suvZ2N`9fPO zkUn=}V4m82tAL<-2kGc|L}B-(CA+vX5y{ahm5^x4vbH+hO7zRv6akx$V2fNDb-YYD zkm97IX(#X<_`pAMbCVy6)J_p@~8yDD*oE zIkjQ@tBlU+-JN$^4-o}JlJSoSc4l8?sEk@g(S?Le|0!QqAT3=_-)wcmLfkh?Ye6HA zvaRg|IwDg^Paj=f?NlHjyFH#|VH7mdnSv!8u~){cuPf7f5p+;kil1v>sJ!dj+h^lv z+aw}9DA$V`8I~?CEsK%v)?psaQOI2TsTi9lw|(LMp!xK8o7opdym5ZteEVWxW=0z$ z9rcbc&i+u+_#;ee*Be9>t!6{Y@BX0Mv3;3D{LZL$;#)mWivBVXK*)N zQm`yqe*;<24J;C{@iIlc_*r+x>X*B@e|es8TU}iRSsO}k2275w+aZ&xVs)cQB_*)x3m`y@+>7(`9(O<1KE>vH zdJ>o?2(;cY0$c;~x7O8XtKs|sL8pbd*=^Jof=|SEa(sQ7r1=vtI}aVy0hc^A6$pEB zTUxr-$UlM>ix7i2+t1#|M;CNQ1pE73T+`VJxZEL|ry>THS2Y!E@TSqWo@USK-=6?} zbhzq)2PrJ^wtqR=kGQ%De((hBqRCmejji`sw4d|74Er>Vj1D#11IHviJ!NG|Ak1`h zeS`KUnS^6j zSr)z>)Q&cE~8r-+mU zS(FljUtY$hVArM=~``z4c$5feki-HHs!&84<$y#Y3S zo*u`~F9=6tspscrqiJQu#l_{tT{nN*_LtETj+SS^^*d(1-Y!$XYe!y8%t<*mJ$?CS z)R(fDfg{23=nduT$yo3C^99O-OkEd){-wkwc26Sg z)>!c^+6IhhsGLxnXu)OaJGdRbN*ctyXAKo@I19CGIGaJ_k&E!pjxcPyk?1}73N>aZ zn`6ZLh^S&k+Xr{J_usTEa;n0K{>wUflun$9J2LsKbkea(x?_1^RtcF_zp#v#o5$aq z1tURzOBZRW%~9}}^xXRXRn*an{P6sgo?sgPjZ*k_TOMN!YHePC={7fI>yecXIX!t@ zun8eRM&h?#mOR)3Y#sOYhd^`$36Z&-f&|1s%ho9%D`kGem}lr46eLqs`sEPccC~3} zYv@nOWsQ^BmnDLf%)7*84VLE0GnhJ&pL@kGU%LBjF0)~Y$K*c$u28AhY_Im%ko=32!U z>A%ztOHeCwj&A|`KSASODW+dM7km*kH~z&x|1t>2kqhFzK9tV*8>T%^>Ac6Z@#TF6 z${@7aj)rhoq`Vl^;Mbx#(|Zw@^pFuFMT0U*r|hZML58Jk=* zu#?u?iTm>38YsWBz=jJ;kecARD#O(17V=j*`@()fTGJY#u2``w@;rVG6j*~47~?z`V@N8^ zZ;BBa&W|N``SPZ$SL6d&^6CoYQ{8pcnUnlqRNQy#Gh2a}hy0|Z$oq@xJ=uxlkv7rF zJ3(jj{LtTY54(14I)Yx3A~9fxrz5ZH-M=@n`HVVM*sn?PF)x#DUa6@mXF^O&oj~sb zUL3U1<%+7n%x3yVr-aX9gg@0NKyQl)M)brVu$1`IvRPzx~AQ5<2 zUH1!(!U6N$q@s_@oghYf?n4j{w0vtBx z#$VA~`s)h|D+>$RIE0S7D=F;i+w#Y52&5EU`rskvtQ6$Ef(iU?*d~CaO zw(`&_7 zbTXG07_IIw2+WYj4%{5i`%u2{JD36Nz{Y0e+RB0Q`^Ob;uXmZFeK!E1@_Tu>Jlc=# z&ZDrj7?4&Nl2#xh;ty$s-5s!*WoE5zk zmF3Z#%vbh#w^d&!fSx#*eccWi97F)bKMzyTP0A*uWb7toB!ux8Tn-HP-7F0zZ_*@Qw%&iJDZcmiEw{$fD7`SPC$%RPIm6!>d2R8%xnjM|kO$#A1uDZeGIJ`@hJ zlRQG-Fn?&QDfMamS93G8F`E5QUBE$%UyfZnl_F&Nt~>AKsLv&*{&l!<33Jx^ zKaMU}UGTHm;hMhpTjjuFlte{)tk}7;$*`+QHxdqMd~KcP(~tqKnm!FwB<8gn7z#AGl4UOrkhaVjx8aPihB1Mw zkGPtt%xVdPQ$ERY>#jBSB+m(YvF(VJIUr0z$Vyc;4Kvg(BCwnyX+!4d;j0S+=8qcX zhmk+SPcf$_7YVUN52!QI2@yf=+_Y9P!7h*x;6fdTIc$q%6Lo152v>!r%Oe(xk z9UJMZibg|XJx|bwLOKRnc{w0lC@rOUl18AV^%me;pIOlrsQi|&>i-S&j^4uhOA9GJ z0>xld1;DqNx7>a=+wurfQqRQ3EE#RCTxx|XXat0SW(`R-R#($Xb3Y7LDl920Td3bX zycKy+*^LwNeZGI1pG=DBAg6qMysw@+3VwKq+v@%ww0ep~f{B_CsTT+tObdcGG z_8;QY)oKT20A}_dp`pLBYl6Ks=g(e{v(@zgUl{lZ!grSPk?UXR;tD78UwzizLK>Xc z|FS_H4(7`KH(2C2WAiiWECrK`Z?(+o>h++${P&Mpsqji(%va4c7%+l-F2sFwmlsfp zn2;Au20D;}j1Cb}k&!Mcqq~Bm@!6f}Qb#Nb$`u-1s#{x`IVhj!V!DRZ%b+2(TF>h{ zpWToypul^MB7S#pda981MJ6m9Y^efxzun3YH>X>7-+lJyh;F0vQIQw>o2&PPk=!&! z)<8gw0XqN`aIR`JkUx1;uWol^+5cd>H>IN24yHkJc!7b>rh8ZuldyFBr9v;{aMT7+ zeON70(zHcQ0@|qOd=+{aXqXUqSdeh3se5=f%NgPai;4!9^-u5I7xB6`V==K>7hd>g zcHP~t2yh4wwzih$=D-uvQdDHd4X^jR87LEaL|M6JV#+3MT?{E!$Jbj~xvSG*eqC#E zLq5fZ_@}4q0?weFot@}U1RR_cuQZgaCWxG;dDd% zr2RHp_#q!;24WFU@j?~gzk!O1xHab>6Sl};IQ#EiruR%1rgdd?NsaT+<0;U{!-oXI z!on7*6s7Xmf{?AIuKMh;cB_~p>Gya{0>KyJ=L8vpCYG9(dbwF077_wPhX(EbV`Hqw zfZoRLIA!iLbpDq{ zA$@S$K@l6=OAVXPsF2|lp}wx_7Nd7>M6h_ZMV?qiSQ7g-B_blP_BP35YN(f*Lf`NE zJ>4t<6-O{CX_;R_DY|b2>D$mg4Y!c&y-mgTK7UpcpJaycDA6X3{VGX&K<9#XG`?SYxA zf(lAXSg5X`sH?9^H;p2x+Ix z(YttS-ufI>th?)_(rf-fFB}s_8RQl2ijR`R7>iyU$CS`LwJ{v}Iv7tU@;;H3jx}Sn zo$602MbAjW&4M(oIh2};V?N6I*bW~Xs5jkmi?o@-Xs8c*f6HO8>g*w+e*3(VCeuhi z|C7W}L4x~c_vVoIvQlHA?3ae&@qpw!5s5V<>A0Vj#$d!@g7<>dj`eW)Optb`SuX`| z5y#Ob?TcQ%D4dE3N~Un&XP=n0qr5IED4$doJfc2R*|_%-4rr(x=hCEgZK}aw1UFv`RVDbd?z8%Zu!YJRUDjX zZr_TY#e5dwm{LH9%Rjv>oVMgof9YMg?x2(+_cySjV$!I&n;E(DSv|6}zyM|5OZ}|f z)acbk?&Uvb=GWVY6!MQSXX(n>X4cPZy0u!7d>JU@cTr&VrNKdbc=4e?>dNhvCFzxL zn|05(RbM{88)sna*K=u>-#0ulYWsTYMQ!9@ewW0jAhfxCT>5h;JpA-6F=xXhp}c}@ z&lCf!m|BUa#X>~#o%*Qo?bC6|FmQKb(XyUm>IB@B2q&r{Nj9jVp6Th|9>DP}$x|YK z^0oe1P94zYMEq{9>_lD>A$~6}hXAR4z6wr<*dN@DHwU>r0M`}Ufhs5%_z8lD zUmK7An49#h0e;VjdzgMJ+>TJ7AX06x*r)AiYo;6B{3|i_bJmv`8}GMxMLQzRdyC5g zY@5*}!X|~lQ!N&ZE}u?Ckb<&7GW~S! zRszGDy@t5N)XV#PQdz2BfQMwJkV!F!r8@)|DeY4X%+d7@lcq-6x;LGJvUvZ@%vODG z8hhqQkb)*=XKz6^nF}6bV?xy81sdHK2&?GbMV?Ql*dYi+%}7uDtJx{^3MKjXBVBxhvT6_X=#8 zXwcT!+c;=?D6JK*FSM96=5A{iD^=Uw+1lFKLT|gcIR_LqkhF)?ONasS^VBIrzv*dc zv_3bFDqK8UnKqh5yHZJ{e6ueKd*%Jv@vPr|6%GtMsu3%G&+RFnK)w1DY1_;9!Vlz> zQY|en?*y7%S4Y1xsM)?AO)jM!fyf_;FEI0alu}aT4j)zwL|gEP#|H{0aUJW=qQId_ zwVDAje_bGd^oNHXrP`bMM!xy(^5ObweLs;sX;oF~@E*_8fVUr|LX2Q4;E*$xtF{9c zH8s`Cbp{6hWqqMbU0Eb1EIR+DRkPPv?&gbw=Y|78Bjx{bO8Z@i9vlV?a`I1a-q3}a zn*NdcoFpzt!$GM_A5Ve!A!i)OZ9$%l@>f+;(^A()2AYO%@TqiB)zz0^A_KLy5MP|+ zk3)ii!C4Y(;Sc&8HV(5=jasBknWv@8QM*TXD;Y<22=T*hrY%MV3EpzpA3TiyEVcJj zr-@;q%qXDU7C~K8g!*t~-r>sW1X}3r?rxJ9@fgR?l|R;0$GAJAa0l{VbtXek+kFaU zqCNyDwKP{T)iwHLudEc+9k(tycsB{*XdZPg7%RbXgaF7UNkuXDOPfnuJnyx&TdqlL zy>0|dz{hW+-p9DOh&`4Nf2$8Y#V6K~A8Q2m%o$_`5Pua^Mx?-tJvmsDcT(NP_bAqs z@&$_gYE2etpL|PVUPRA|?x3m0(NJg!a|NatDvsITE4J70sW%SSPr=Zgjn2-?a;jM5@Q)Y$ zV*2EbYW;|_!QWG3Gy6XW9lyQTjHO_H=2T?;xrP^0dTJ%iJ|@t9T;QAd>Gt<%=J0d! zR93}jI7mJ9U^$6&#e53Bh-&>a|Ibsg{D_Ji3H)2$L+nGj+FY|Fy5F*jb86&#GGpj| zg%*#-WUB%4mH8Bx>B%C~&g?>y36{yH-8BUPy2l;8Q^i_vO%JUFKgO`r&HK$-m(aUP z{kH~koAYjd<1e!&kKL#a3upwPzceAZMGLQb-(Ds*w;_lBpz4C*hc!Mw71m6dc#DK(1J(sH!)%JnDLVLU|NcTZq^A)y zz@M)`!lTg(Oquow*sNw+Hg``)P1qX+^$f;X;R6hd^dOM6wN*bOqRSl-0UODPfAye7 zojW@*&1`K=&ohR`mUw->gw(Y-_sC>>2C)g5;?j5(suXo0ypHn`JifZBG5M~f_y z5VQXp+N{(V?)Vsto(q-6GiyuMq&{X|1NvXZT{a>S~qAiP2qdIk^m)1SoUNthH?&e^hafkY(nW+vMUcK*;(zh zo#CPsP!jn4%9G&a;YuI(Tq#|wP|Pn?qKmWOFq*NMlg5tMyKkHIeZ0(^wwgH@<|QIT z$7kclglsu_NO~4^97zTR`!rl*>9lkvaok#{tMfq2!QS|h0d7MZ2@ek|D+UPgj@%dD z0TyuzBVMM?QtL2oo1iMaoW~Pzrg=ssVW)ER#;!~Ml_vdEq(C~F=_^oi8j{%?MN~ey z%jhLWsYOjqh0n>(K-uNj-agv)L~k-h2c)JZ>CoSrZ*g8wIQa#&F;|oSiFfr%dkl_E+VcoKSk4?_|Y#-fx-_kdcvty1mdXSZHtTG~9V_K6_fG$meN9 zhyXo{T!VtV+!P-fm*(Vla8NXxd0k|QM&m{N>vJ?dV)TcszZC}(NBlrmoGOyP$cXs) zw}4+DDM{~w;3tI~oig973JEi4`8x5?QS~rPXLeFzn9Q>a<h}u;*K>E!4D+z*j*6z1Y_Z_dMG%vFHZ2zc)%SX?DL}ze=`K9#%ZFCkMF1FTI!XccIR%erGoEX{w^JMl}o?0?OZx;NaVJ zL9H_J+6!CR@6zN-SxVSd)H2=&2`)3-^y5Sy;2^B%Nhb!sH6<50=0VR={n;_VVbWP+ zy|>d8t+$@eRrNr=RB)2&b-e$oGQNzF84k)n{VkRFC&Wzv>z8Z2hsdFiwcw|txUg^! z(e7}T|7D;U5wiV!^;M7{T0=U|CrZ z;F7PL;Rx;yp@GjQ1h9pPFm5m9k;2gI#fVCQaJeN9etr!C(Xg)TDBuSmn+7P%0aZ7d zWSxi0qOvf@xJtM7UDm&{W*pI^D83+pEUQ)Twu@bIJqFjM8|kL zXY6mo6od8c+}yi=-=F>#4I)5Tt;H)^rC=ari0sUk6cEm-S@pQYebTj)lS=Cz`T*CI z-+L#^z{?V1;Kb{ckzuyKZ>sb&^L9-P4sv$?{r&hPD#_*56I_zU&*Y4mu`lI*kf0Bm zEvD}r?9EZ08#bSxpB%R7bXdlC^~ug=B>yn;sMM#kGf7fDEjRdNKjJ05!mMUD8#F#(20u(>r+e5N77QJ+wuW2P0yJl8DhyF7U8@h_pw$B z#0pplh~~i&#Bh+?)77qz6~=!oXz_!CgNQg6C3gg`YhL6PfOCgBuv1r@az?KI-uJPd zV&6r_`WI1}M%(0zs1Wn|`{i5l zM|YR;X0NmH80JQ~bR!q)R2r!g&b=hHa`AF2-L&2d)ICHQ|63XDuadonYTDtWIO)gc zzY(k7aSisr;n;c0j-F&%{%H$=@`Gw*r+-7gs6j9#79^1VsvsufALjrR1PYO7OQay6 zm4QGq!}VkfQWsAmT9;($GWvx~F^|ZR?DGUS)oYYPZ3GbbX-swebDY|9<Z&jq3M!kZEtL>Dc!fEjmZb#pdX=N5Dd@b zfjo$^PXSW%F@y+%Z)Ld)W?{%k%uO!q%h6H8$jE2Nnn}OKkX~~_t_CBwh-Mo2rR&?v zHox+M($ZtoCl@2^3NHyaS=lfsGLtPjbsjfsGr-d+acOL5c(~$fI#}8pW0lh$7#ScT z<;qg#V06*zpA0TM!3@DhI9~7u{D0h@?ylfl$QV8QcHznP@rY^l;=%&pZ{LE!+J0C( z%??pYVtML}0dh76FE4Lhtq{atEk?R+lz>NgFemyOx(fb$Jr~ahW#dT#8$sT8;@P+m zbfh3~H*el0YEbK}Fni&$Y20%!Sb*<#Zab!?q(DUdc32>D0_K<&IQ7s5HV7TuKXSJ( z?>`2kjf@OnAO+oqod7q(z~eUMpV2O->&6rfIx7GXfb);r`a{6M#gRgd`AN)|1afsa zyE;9BTK@6Rqu;QOu5M*LB}FXL5`To|>ZDGxT)C!oRP7uaUD4tl>4IfHRk~7cB;QDW zvdeqN?m;@?cM##LO0PB*Yx^;C1v;t{qe)@Vkl5~SVn zBt-AY%v-VKhQVLcW7b*CELg$Q@zz|)Mqg`$U?A|7sDgs}mcLSeWZBl%g2_oO(o}pD z%2#E8ab_Rl;;z1fTr8-#p@tgqqim0{x|Q<7S^64yK@h8Q41Kj-kgmPWx<1kd*D2ia zsPLI8mB)|5?zkX6IL8*wT%&Ly)gt*LiAwoPKo!4xTUv%2@a{;uEbqM@mKNWq*sV8P zZ*VI}Ff41E003Q7RrQ%7Verpg1WNp%%BqlkKe{#L$wh9cavmn0fO7G)x-l129pD;m zJX#geS4JXiZzK5L57elZQXs>(JM*KC60T~h<|YRwrKC;mM@YwH9XXqtCV!G>q*-uY zZEb~^^9a3eHoAN4AJ~cmVv`ZH8UUttT*Zh})+lWb+k-ghr~SVN`xSG~|CD33ksJnq z3k;+Zj|Cl$arhYtl5N)QU+3!}!gAW0NB?J;Wf(JP%6qUz*dJa9YebA920%SrT--IE zay=Re`Q%EKG^Y~I9u*7OuQi4ZSk+pd4(glR;QcRm|LKJ{6Y??BQ?RqMnkT*4pGosp zrB{w72X~>aF7KiPCRAgI#s*846Ek1N=6B&*c9Ix91E~Q~Uo^@7lweFj&rjAs!udMP z57aey`3y&#qK`t-Z1yd5h`Gy{-752)oqYzfuz9(88_>8rx#o6uA^)+WF zeD5*vD%d9{E7*f0_Y>{|XjnA{6v%X|Cc-;hQkpGL2{2`2thOaM`o6wS$>#I1K544( z@PBO+VJZLYQm5!DLC52V@$ntHzc7l7K25x=1TS`=tVGStTupm@=FIv=hC{OGw-1eS zkrLVG#)^m7G7xDyRV38{|FDRSiG4(ao(-j#7*|e6!vZ6MKW~;%kx*A?Fsx$%pB4hr zFs*c0-J=e$y?NX1hk{-49^G0>Kv>*9N5Y}<6Uiz?qI31n>FvY;GBx$8X%+L?QYW^p z2{j8P(wYS=uJ%I7d3qjP2!LpgimY$bQgW^b*g3ofP7s{cEj5MQISSm7hy+o2HL)tLC|W8uf=R_|h(4TO+&w%aU!bV`JoZf2XPF1=S=M zw3>pK@&ZiE&~_-#rt&XL5G%J5`d}`uE=ULn6B5!?^t766h7d0Cm~PIGWyR=lw!ikF zkv7FuP6pHY#9IIR3ZnXoB|2$W1VVx*z)$W+~+29 z4))kz8ygJ_iOR~qifj1GnNy&0PvR+VTplv8)7c#+Okme;_5ExuEG(?7nw`&|a>I9z z-x1Tur#wylz0d1%)DF{Oj&37KbU##+zd0@o6Qi-^y5-KF+}9Cc#y?B<#@8@3Qx8~s z-NPazyctpuffkkYeCPzaZFTS&`cF4cgN%wSqUJ#L=$ar-(P1jKafu-1Hu}_&A!_H5 zKz8tXXVJQHm+4cqR8cU`N%+cnRcd=aO#2sZmjc>d8wGip;)`;v!h6Nc${!zMVIvfE z_=}11X3uN7mT_aVOaf)NSl>g)##(8WVV2Alhn)>7=+KR%WGz*pMX567KSHKG)t9Xm z=@fsHqf;AfNiRU!)8#v^VyI$1$n;le2av!ybKR6G;7zl&=B2x$gr~sG?*{or3`y+Rm=|J zkKi&_S>y#!N#+-$8}Uy3=i7(pJz$lSzkx+Q*huXiN@Q2 zxIcj~Z7*|6Qzo($EYGV}Bax9Hx8UNe+jzZ~W#;ZLm>-^6d-?_H-6e&H)<<~{$I;spmHgx;;gh3r+W7Mx;NCF)VBpqv(KZW3 zw!VYPNTqglMW8ly_OTfK(grJ3T*SBS6zC=8F=0iU`xuM>HObJJ!nRvKybU)oGcjMS z7%&i`p53T!HiCfU124ON?z;=sQq%q9%PAnjHB)gB0~Xfjch9%|Y);vY`-ZVt-|pwE z&G7v3-8vm_&(6;GwZUM?Jztax^W6O}aEC7%lp&J~MnxudI%=Z?0x=FDCJIO5u3i)w4T$7fUTUYgGyU z=FB6Z!4cb&<@IzBvhNCg3un2ejmgN26EzC936gsW z7V*uiR=IU7W1*10d%apGy{0Z*Oy=Q*Z?nu;#p>0N+3=RK(x=L$hxc~Z8N zS?zLjnmEZ*3kPE2e&`f)ep|)9SX_zc_k1p3y_jEq+COG5@(RUVR(69H<;?%wa&1*q zQ>`m!+_%l_VYpq#L`sMKP7hbHaO#J{CLXgU4LahFM+bd!9p1wkX5hhPRb^H8DWBs9 zxyOfUgj)z^?cUuTz7_0@3XC5Aq!ZJ5Va(mR>Gy1d_|D0mbRTe3z)VF-@yhh+8mM_4 z=Z@yWccJ{{^MU7okULI;V72#1Nf|oFx}%3uA$EkE%(N6m%-?#4u7EH{h(V>=ay?!$3l9#b#;4sO=9>+FxgXI2LJ|jK_7O3!BPmY8Gmh z{u`8wCgu@7p8-XzJ#Sadw|fLsl8v>sv8k!Jv^abWzLS*}3b`m0WYWvIeq5o|#X(UC z<5NErA&xz7PHqMCw{Rio3pm+M5iy*fJQ?9^ioPTKI(|zmIOEpi0xER&weD< z8^jDg8IC5lH#2gK^l?RHoI_4jgEEaxVp$1UXQyP}SgMhqn6*?2gm9oB!Z>W_-S5Z# zp;*$$$+l4|^?xy-U`-gkYpRNj5`~RMgQz2JsHA-%`ImEFSpaY>m`46z3J4G`(Z5;0 zxs%jqBXQwizMXqNP~goV3J{{M`JEg!+Z4ICd|hZlFJ_75n^PK?`8LXnr6qh-KfbVu zS~U(h4j?-kLE{Shor&i(lB||$t%n(BArPDtZ7$&qL0Ml{rmnX`z`v-H_Q;XY8_O$7 zC=R0MN(@UQvQ!KF#>{iQeuYA_H)Gi$2DLEdAM~L*heA}cgZ*tf(aKzPNc`yAmUV(^ zWWfqKOLcBx&v~Vw1g~)CCCL)c(J)uR)>_r8*;5f12q694`xSTfMNN_feGeM%J>A;% zIX{x{=uh0XaFq2hcTmN5K%e9jg5~J3A^pEkn-CN+_rM2n0^~B+i~- z*f*buO0#aB-P`vkCVriGP2FBybaK6OGe^hSXK|@tKw$!rSF$@lVruw1&qh7(QfKhNIR>|;?B_0TU0BI2tx6~#Ap?1g6V@AZ13leij~=F zb1}~};z^Is2ZG24uigu2%;tt37(Ggxn)se@QWG%!*bE#!gT){2UGtU9I zBpr5hG8wGzkJ}(4nT~&D$NHZ*%e98WOleL?RN6ujhpb8rg+tJnZw#35pdpemIgqP1 z-kP;A{^rHbIB9fJV^M{;Hpd?kxi-$0oTrtg=hUW3dn4Fq8rjdUOsX|%5OGq5OHqsD zq7QZ`Kd{o>GTIGLDbUQ+bfAseFT8EiA`3oNa7SDp9gKB}WlK-$wHL3hiw&AT*olpe z4;?Wf;4z#?>OWtIur7l8xH!3ZJv|4q0jhqMjs z-a=I4--ewoOF{N|{l*?Fr=f}~{eK(I^~L?63L5DQ^nF+;o@hm=_S+jHvo-@v3LWOt zywE`R{VI0$A6bW?H8qHUMqnQG7KPm+mC7VBxvbz8xI2Jsa!5j$|EGkhH@G-#6zr+d4-f7GiibzF?Dv8%X1&Yf0qqeq8fEiSRwM8W0hLt1 zJNoQVZepmBUS%n<2;wg#fl}rajqxwXc+yFpYp}^BB4we7Ktk$bzc(s$4KRpg0Q4Q1 z-Q^^oHWNc1C)?#5=B1>{M=t4}4m}cE03rJ|idZ+v$b@HhlVa31W!_CG$XmlEt_3%= z{9&Mr%v6ttqq6c>DVfag0lJ*&jeJ|8Qq|w~WuMR>oUnOw9C`e#6_g_=t5M&=1$-Hc z(y3>w#q)ae${*O@2iRzspd-38L=H)Z=WvsqjNq20F z^$e;r=>uRz`MTJ&pw$v;C)uIKHaa@c>V5A0*+n%~d}9ASaHJgg&!wZc*8o7Tve1HF zo}PdS0_&fEyB=!%N+2Ld5rdEAUt+wr2DZ1jLyM-0fA6uI$XBJRVw(iGHLH60&Q2af zB_1k?)6*V?b!ZugZ{ViancN~0U=VK{?7%|+L&acy@$nX{-Ln7r&kz)fPl2IxH!&Yy z3FYXi`3nCu;6oY&_3#Z%PPR8AZI=EGPKn570mmZW5jm?I8u?BNz14q%!vI5YkEm!Q z0M$?;2#1^h%LO1bAZQ{DM?xMMt{*BaFYn_%I=0bWg+%NBGbPeE&8y4H%at&9+1Sjc zF@Wj;O$l&xAQC8<{)>NrUCKg|*Wf}fE>LZkT2)=_`=|5_77-O0!5=VFhAJx|qWO~n z0+OP@peL!v2ujpa<^s@Hfeoc|K`yeIt3I^|x!^D@A0tcH4AfYJ_sHy^Gzt9=S3}-P zLX%z=3=(PW5^npS2mu>o66<#Ioc$GS8?auIehJ@%VWBj(%kDJ=^YX=X?8bkne&nq| z1d*ofAXIr)YYV~(K+0YYLdX!ltrl02;`~6)g3qxAf0~)7t3$rBqyrN^OsYpR>zS;H z+(A|4ugG=L9DK$JSSTMzI1&VtONYC;sCi6Fr#NhFGUpBj@+I58_wU&;J~jI_Od}y= z4{_L$6TS4;=Wi1K7z1`+)XU!_-l&o0$Ucsv=injtT?v^thu~>^J@|M?5OI!P1h<># ziW7v7K-2Z5(v+8VsoAKEZeSC3o~#Ma3{Tyfl8IV#VWvZbkNUmCP@WsVc3D}v|8Ft~ zSe(-K+~BuNRNnH}dtd_YGJ!d%-h2ItM^CTTVDxSLA^&}S+WDA}o_Bca zeD=6dTPSZN!Jtux(GAO8Muu``Uu=`R(Rdhc|5yEKbPm$ z*SkI~*`GX~M}P(U=eeb2aZ_uIlj}q8uVSqAgM$#;50n&ju1C&jb}P$Oc2Oy3-Iv0O z31emxX)kowjt}Np2l~apjwyq;fl<4S>Es|$-pA_bm|fn%G@pD-E91;=gOISc+`k7T zJwh5U;ztqrc}q*(eVcvu|A>LnKC@X)Uxzx@>R$F@AIwAsz~g#?f);GPb4X!8@~17| z=ZZshZOdR+KhOe>Z4DoMA~1bISORE3aIkx1mhcpkqL@hJSFxhiEP7ANbJ6E47><*mJ_o(h#b-o^WvDPj|G+Gc zcFBTIyMO~IuL_@=dEy(ye@`|%3VQDnV)sq1ayt(BEM^Gb*+X*Ed#&c9TttR-c#DRSz!wJujX zJ`a_vVNUC-;D)yE*J135I8YGKGTz(qvBELnb$!6zIa?j?yu#oh3R=F!XFDWvfx+^s z>O8j(77Hh2s$V%lY_JHmVs@$)*Dj@mbOi;JowMI`d#z?%RTIZ}VJIaFdmh%)|9tNQ zBSM){*U(nxGF#J_8-lob?#Yfel%Z`2q~@7=x?Zq1^38D;3ThGh-nr6rzR4F|HiFIJ znsTmJK@XY|$V49YeI+3L!NCX+_$x{-B zYEDdXutV%ILlE(O56uqhf75bBzuZ2JgVc&^Vy0L|6iI7q)(!>m zL|wS41xgkvq-Qd?cbPmsA^Tx^db)ss=y+^J2eDbbyt=Yh_kMlT&vZ1|lb*2kfnXp? z;@I$KPSUBV2?jQ%w6(Q*xdw-Ufk)-K0Y!wWo*I@Pzq}S8#WYSS4MY;cL6}8D;}qL{ zfk{%UyB!?NYeOwtVCbtQ%@ShBnwjc)`8T^IQv1cx^Za%)l$#sb*$M4WC31K;5+9=*c(c*x4aSnap#nOG$$saU+DDg&wH5T%y z#r8Nx$NHWe`_BcBkdBeo)yYY|C9dcbmD|a)@Ybp(q1Y1f!Es7A8q!;PPiIf6vWrdn z>n)w)*>Kk;T0+7P2C-y*>`;PiEoFMC1o3O6l&KECX4yEK4RLdJ(<5gEHNA%akU zd#tr$L7B$dmfH6n&6JpdKSAcgFvsu4DLmfjMumqSX;s!G4}Cf)0OF4qItwx-*|Q>k zYn3r3$y3nw{iTa2l8TwRhkkc5AhNOtuaPFm6)TZ-&<*3SAM}M2v&E!YKAW9V$sAdT^rkrj=?Xd7j4Z+#q zg(R6yozlcTcz0M9oxw}v?0xBWJj&E<9jUWk(W{V#;69`F$KgY5PTO8bfav|Xjk|Al zHGI17Jl|R3RQ`61T9r4osH@E(IO>T)FlByUwg6Nx6p3gs0haYnDRhF2oQHa_A%=MM z_XE01oVH6+ULsIJ4w6~yS)UthFA9dk-!|*GZBL2Srnla?zpRy3HtMvKrf_Uh6UE#- z*n7{=0Dq4C{rG_~w2vQ=?$@mC>vFur&cU9*O>hE4HxQDW$)05iWVx8@H}AYRkKMKP z_PUc^cK;lBt!H&IBaVy@504MC@DFb|>FeB{?^SR9NSrIN=4NZzfQvTN045(9&{+B; zUvYUNk7z)QDYI)P3z^yACyums>xYH|D=AIO{jd-sS*mb=Gqc~z9fD7Wd}yG43e*PGYP;YQW?KrF8Oxq z5BZiL(CeorBqw_^z8X0Da(npZY<}oThv8_qi`Z!6-30b zUx(`fRy|RY1OND?#b|7HWk*Ndc0RD(0f{r-o7jhr1eH{bf-dX&n}7}v*YR{xlaPl` zk6QH!L$}&$Y(nq^*ur55qkz2w+y!rN5c>h6Xopebw}~1Xp6y8+cIR3%Aq2!mDP%A$ zGfYjN{^7D~3*)xg4K1C2e%w3(0eWaKafzOcv=^Dd8Poco9Rq@1Ctq8I@*rf4e6T9fGkm8~2)^9(c)@DSdsSyjtO&6O-DC`@FQ43CUvwcF zBCJj!4TrNkN}%4@q8pWYTP74&@Jkc33bI}xa$^;Jd13dNnBqWI)T}Ah`}d0a{ya7f zo?<10L?-{GT%^4VEcPc47h@a>g7p~bs|K{$0pGS0x{LHQ8D}}$3Em*p#X_w}f;bDl zlszK_4(Rm(5$t50(>|@ETIjw~U9JRwF~hgB_>1WQs6hf+ooBsqK{u?Y#VXQ3PWW;H zB`Oj56$h|7K-}Wzjvr@XU$~~h2 z3#6fh3_eZRbJ%xcd6To>iRQdlLWPa3Sxt?-_rjH6jTF0_d4eX zET`^NZ)ez2j}@<>{{1fv;Ky5SJAWdBJpo)hvA1?dOq8%9$erAg50~smf1edZAg6Zk zUI;$?837UOeY#Qf3=G|l%PT!(d`7=|hvJ8D9RP#YM8nz}g@@bcx-aR?{APt-luxXW zzLxgLh7&(Of6x6jF}GDhu>yL~&s&d``%MXC{it>z69k@EEBt(zra9hC{RcT*g|IuZ((I$HqX}}Y zUyEeND9i)#Of(*U|LoYge`aG?9QxY?egsBq&0a z=iQU#4pmKabM>qWkUxUM?iE>DYAtha-z?3~#S?;21uG$e5G*nR1Cq&sSM+Bcf@E24 z8!WK5MMUX8-94-VL@Y&i=je!Fu5t|sjzC7Fmc{3IK0~JobT@8{a*;qpZ<<=ORDA0M z^jf&I9a&KouDHTU{Ujr}-qim2b+TrfJ}griY)>cH^L;*y;;9Wy>8CKOcl$pRDCTGP z-t4NSGUW9e%5@m&=X;gV(xy*1n3KrD6i=ewsJ777FUF(Ul9di@TmR*IcQPST50l=2 zy1OS^?-u=aOh~AVtgM6xoVtaj?6u3kMZX{tQw)ou7H2k9PGwY1W|qt?Qup$GI?Ng> z(cK#&qA>AdR%DmQu=?xFp4y{|hl!Mls8T=)^Uk{L-!9?UL8@M!^=J5?TL_aYu40C; zVk-GAwLb4#c@E`zt%#USx!ZSq+AlKLzhdzSU7M=wn$9Z00>Zu9Yuf6~0;e$OnE-^d=vq+6Vop~^cO%sv%1 z887OdO@RBK4q#z$72(`*{Kw#YWUBTG&-e7NVFJy{Z^eDT78 z`egY~^mj=n6%i|<$r7$iawZzA11_etFbDJVWItXT62M=$-haKHN)xCrc9J{h9BV$& zf`|Fq@;czCel7DB``y8S0L#hhlheuo@OP-$Mr{~iYHhTSiU4U=X$_~On+`$mvC1?J z&D2fITx%C2AQl%W3egO5rlr)2b2?L6%E)vw5A-)|nX4Rb?euMTi)b7XPggtTZe}!b zD(%%K)q0i4hx7Kwlv(VLx^)7CKKs=LRcpR7oox+G*A1l#-j8p2U98diTU#*kUQ|=b z**`!=mZU~9-Q6^1-xReXmAX#iRu*k6WJ#$$J^t%EA19SLsdkaqyQ6OFP z!FG<(o5blt*5a<&ziW;=<#@O1aHQ^W@FTFv z9r{BEx7?LAo>tEMA@TMW1lTpQVlI5?9?Z}Ni8#aJQH16%)aLS;9}4L}z(?~%6gxH5 zB9YZ`V}Eu|jPj@dU3IS${AU~3nvs(DZ{1IY?FfF~B$=YP1Joz4wc)e6k`4?czChkS zae))VHlY03KlxX9AK*4;`8{@&R-QJ!K|kgbD_6@BbccoL=&p2=!Lb{$iphAKTU`yc zlF}wK&@A?o$`zI=XvFH5WjP*`Vqu>=y~yRF3xgkwS;`0p7=3=hI4HGE3}t z%^hTDUp6p;%}BN71i@kTZJV{Q#=v+nr5Y&h&)&j%`@bu^A(#C%o$+On+Gu>>mR}{~ z_L&E;)$MWQqkQm{zxJtx0o7TGz(uinR_<~o5%%}VO4%DhEK)d$K14#Z7qob;=qx^8 zjDKeSzt7MYr`W zHaiS%&d(iFgz2He+Ek9m!GInTnyvP}Zgj#?8LzJd4y;0E%Zm-fsq0Mmn0dzBfTSo< z1|-6<$~+&n_eU1$w%B7j!Bszt=jI7)P|n{B^0sc?l(vK_nU`s!bwA!s##Q#Y=n^n3 zRGB(!TPJ+)WYj)<%Y76nRxTnb{O_7v0N<9!S49K|e?^{{by!8FGWynVP;iTjN^Fg|Cg^ZO=?D!ieol z5YQnU7}UsWmPC!*usj8-7#Ip%Sm6@rrv^yk*2h2AZVBLTZDV+Gjn3zv>*{p!^zJQN zSd*XF<0=V@wcst;v;;kWolne3Nv^<`#FbXx0O=`VU&D9@v==2uMvl*Wc%u>bHI;-U z;8Vjd_@tqvw7g6Ja--4Rk4v=5JCfp_2Uhiu1yP}(tDW%e{)V#MS`)#L^b1vfncI;bm@<+Omj4Y)_pPS_U_|IkWX3Wpn@rb;3vxB=X z7)~v%565b@E~>EVEB>ranFr2-vIDKZhKoX)SifEeRYe(&fKy~^C>(^XHVuuCiwDgx z(tOHlP9yh>apU`SQc|K`D;_Ocn0PeNQb9;P%CrU(=#=J-jKxSNiY4YprYL62 zHkdKux=HT8|8t@Q|Esn9ww2d(;n&#j2)k^A=BaH8_68FY1u_|CJU`n~y~}Ce|3DZN z2%T;TPn^$VqrEYb*DDMjHC!H++~CQbnvv0anZiXQ3x2?ID;z$MiqZSg)egD8bnhdF zJ6mRC$BG9Z9j_xvS!+--gN&p&mlIu%W-0C^jA8Q+{h$|DIz0OuB+HthPre!odK?e|k2z6mw&vBzApZDZTL$<@sU;*@ z*5h%;d3$XAkeV(;fDtJzES)|0VyzB@AD?n_j6-4wY%L!_x}E3Nx^I9`ljj3N&>7qf5PbVPjg(SOp0E<|iTHF|!!`l}%-Jx|AuN8`l1rnVr0uNl>4r+|-%N z&Mv3p=^=)Ie{P_#)b!r(`F`{7&nM^rhmq*hX1+|NVm>DaKatPrc_raJ+y5{Upe!uM zsyn-I1y0XmrmycNym9v@1lY$sTpV0RA4c9m`CmU>4Q#x6dHbcCp4aWdgD+pn)8a)C zz!c=FMm6v(roz6@HSXV`{TpK@c8*)iuY!OHD{8#kPr2fd5F5~dr7tO>>IBwTV>2`7;Z9Ln z$3TKl%jMBqH2JEBY*Y#FiOhi@rqzx8`aJ*fkuODs2IZ}&$h~YP2R~O+<7|W#0l@(J zpGwMJeZSjvVL3T=;H>59dRiBuf5^}qc(9$ZGPP$xO zrCnXJDo!$+NSCX5Z%_4&Br$-0uoW8~VZEuA*n6#%s-5YxnaXQry@e-|S8{V*?hy`-b4=ezOP4A80YbC!DW zM?WGUSoWUTn|wt^3cFyS(*P_RG3j!8Hff@GaTlmsOcv>SR zT4WoZ6dlzVu@yJBOvF=3<>xeC4LwAc0(|SQv6I1JPKqCMdQPcaC_gNEq>RNd*kDjJ zSB1R61x#yN!ajIXg{Z9ZNdgpWChNpd=ty@nc^AX$ov93quLP9mv-cX*ZlB83X6Tdd zB@_&qLPJoiswF)?=2WY?B=|qexkKRxjMV>z^E{`h9M1}7xY+PyR;+B{wv*vo0Czu( zJ|^u8W*YW(F)_k-^^fw#OT|a5YLP+yX z0~us5J?tqVMN_EgELNk@*PD~(t=0Dzd!(=>6nGpTy6BiQ@24ok;)eieN8V4d9k zSVjevix4j^Dipb4>9oQewo{Pf`)e=bVRm0Wx|%nPjz^ zUoqB0u1J1e`yV?$A|Ex~c525z0n&bT(#{11`>trmoK7fN9jrn>$kwkyYuJL3ppv)y zQ@8sM#tSUpOf5J~ayH#m>D7gQ*a_lbeKI*FmJ z(@HMJU#PaWLbti?G^TxOQEQV3v4?1f&m;MQ-XL53fG!_{_Mq>(yD7?hMBNfdU~d$NnY+R z&KC5`l$1tVIuY|f-j7U>t6q7Rl#Zn5mAQZa!9XJTk_i?TUL!e?l;Y$nHEj-lCNqtoyb2?r?WG< zPmPYn3Q%3PM_n(FY3UvbgPkicG_TnVIcC1ARfeDXghq|JSj-I;1^<K%V)vNplS-b4;Us6hbCv(2wo z8rn^8SLnWr`T7~0J52-?#S~|MH+mQaUSxF&Ctvx0B#o2&_ANdhiHNJpX_f|vI7gJU zj4$nFa4kQa%99khK%-MX8`J$YU_ASi+%n<8{E5+g$HUw#9YZ^VQC)+tqo9Rp?Q*AO z@^HfNy(Co<*6{YYgDJg_g@6u#R!&6_RiJ1P?{FYLU8kN(g4R$ zZ)n(k6H8$;3*(GY7S^CD7epvB*3fS|#L2SsvnT(;I|}^!+E0EU?ooZNwfS6|Vk)`# z%$F_|oltXk;KpDE|D#$r7&+5&PrXH0Nr3%psD7esM{y-CN_uxGDd3ZXpd7sPIf2XU z17Uyx!|`{K#twY@HrDA+q=A=ze&yZY*AO&>gJvy<{s&CiH5v2!6JY;sl}J;j|3VZX zOn_8aR7FDlUaxc(uq5mS^k24j=tZ*QnV$p!$>YzSp%ZVBx`U(zPSOZi6`iPlx(rE} zm>4!McGIb@hvmMq-$(MjeHU#p{3SoP+(UPPL|{)oB4HFjMkjx=2B4x93xtABth#0j ztb&S(ChyP*Y{c;JYoJjpR*~XFi->p&Ww4gj2?qlk9CF3Zzb!8EICt9d9y1nKx9}@ zt`WdBN~}NNx}SpdZY-=V{brZ5JM10KMGOZrX5W#5N~sIrO$*jSYjfBPo~xVM4oGu! zAP{tY)KJa8%`hD)SF4nzc(@xljTkGP4=0j1e?Ct%ax|54JOjp0P+edpNGTt*r<9c- z19#J1;ttLdbyqPBM+7S@Fba3KU6a=H0CRRgWp?%iR(32vs-|Vhk`l20CrElB98^|i3e7stXN$8Y*g2CH8*xD(N8W->OVQA9DykP)g_LUk+gxhyd$vIy52VYe z8ocP8`>A~HG{VIND3w61oGXD8{3QghFSqyhFs)-%axN$|)O>6GryXgWIG{<7w)q@V zL~jD65vsZxgLd_l6`Z8(SHHhYK7l0S(Rjy8<=VEcV~Mm$dG+=GFz*3f@8pa1?z>t# zEbHHY<8*y|fC*@2zh0b*sv%B;=k&aG!>JQ`7~RFA@u|IKF*TTk_eexKVK!r8Vd%6w zX%1m^Zjgy{w{l@)WA^EFq($aL?9gI|Vt}M66lLNz% z7LScK`NBhVJgh0ogptji?H#>NH`T)F#P8p2p0Crc@HseAh7c~WKO%)sZQg^{Tk=G+ zZA*1i5o=`Cbj0u3@Fr|i0tzBF`S5qlq33Et zwN{FR?8)E%8k5&n-J0n1!66G9Fxuc8bi++)T&2_hn*1QkNCpjVQS6y5@=t4S7UgDR zOYCtG#3%4T{+dsRAf)JE?08ophqJR&poP7%wUW|jcrq3wqTX0m z-j6p)mQ?^XlA%Ze+$-F}Uasz3%3&ACU&GAhpa3`X$xPI0;O7wWqN~YRglTm!g8Sa& z^Zo?o>mm_)BJI-h-hVS`mBCB%Y-qf5IrnF0&3aWV26+gRc5mv&un|dY!LR%wS0|8( zlO5%5#)9(KH0QAOEQ#&N3G&yHbG4V}{eFW;65agJ)fa4Z!u?(x8n&#aUo_%xE%)$s zxx}x+!EDc3Zi>eY^Iyk`FZ@R1c;KuDZe@jE&G)gmxNtUdLBS6!v(y8t6j`tJ(@uS_ zd|&_F`F36i%=Hnw{iF==p(`jX)2>z0(M-um^xT~r13qh7-(5l30=BD_$EU0`UO}cR z?4Y61i4j+4=T{JQ&dJ*_WeCZM6&@X zzE@??+i^pt^Z9%l6i26~d0E`9Q!3C8#;28eUfTyd4Li9Ct#=Rj$Y4>f`CiO|Sr{+l z+krFsHDA#ZbugX-7Iau)2Tws*^mZ$6i#4moYu zyr9Ru?iXf>85rpXL5g0XJW*DsL7ZtO*yR8jXZ6A0b!gA~8$@E}gZTQ=OE3Onz2K|k zR;RIn{@nON*{8ojH|%(0J?U_q;P7JI*9xmOmv8mD1UZ%9leRW z@6I}Pdd6%0Mo~Y*v|)Bp2wft zYT!i;T>E9qM;@0KSo6GQ{kr_?tpzz&N#O%QvYdjPjL-GL?x^%#4B`Xfy419Hrpq$| z-W(MrY_SW5^;sj)(79Y)2t9d;yHC?ZgvJKneJ$ynKs>J70u4W8S@D1ala@8%Dq2!7 z5txf%xEcO<^1Q@Bzbobp<@neI@qZhsaVew~J)88W=c9R3jl3#8%RGvMY);DVIIO=W z>33Bq>w>hOm3sz>x+m(8A7uXNv3oz6nv6`TuD(0NO0Aynd^=F34(Ys*eEy{C7oaVj z07|BK-DDjMj@ygOk&^m>nBw4HP*@&SP(pBj$H{PuapV4e>Z9Xy%M`aS(c_*g_};c< z=^%7pt<&BrYr5Qtny{&xZ09m#F_fr<2+4VksMJ-`<)H2QAXz?-_9?%oF`M(C~7Yn61tXFm$^v~iG8(K zgWSbGRli?CHpfny&8px`quiVA^Zq&VLe{vsSz*O?rSNO-y{P-s`O-j^J(DUB9rVq* zE-Kd!9s`bt+DMD{t{W&c6z2RE{Dgr01khoDDNJivYUY)3MDqm}gVtks@ia_$jmhUOU{iLR#&j_n=`DNE_prsD3Ygkz*7xn$g*%(niASX}hnzbqyA{oObUZ zD5jvHg9MiT&ieBp01h5j{SPl&%j z8FZkKb2MHO8pL4qIR!5av0p658JEGuhrIH3bh9yO0Wvjqp3 zkfx@V3Z08MA(E=;kS+W$P~1Lw;5I`LTTd9dz_S72W}sYk|a5>kW>eAzE`rsujON=>AmS z!$@Vvn|BE8nDroin~38xOmoKPp8JeK*Z1&$CfYlpKsK~SwNt&O0Skth{{7lZpw~5w zKbZs)zPGK~_YJJGW#@^s6;kk|9k+j=Inv}%zIb+#a+199jyL-@#-7-`*lsPglCPZ0Ykitvrk(4 z#G9U(B~U^AAS{VkGDf;?8>iyc;OzPWMXem+e_Noae=U&lZ4t8?zXhx~l9QVw6eLQ^ zNAMzZ|9wXk^XD5PSj;je#tAFn50%t$k@*zwl4|meUE%}iOj$6Hgi(TnUvJ5mtKqu? z3mae!Q@u&4F=l%^sJQhn4xTOsSds25oi4Gg;v^5Tg~vZx)Gu0BCk-7hOeFIf#UkPn z9M6vtLjag@9`&<K;gVMy+hsjW)2Tw0%xXo9RMNT*{Fda!JfoB_ZT*3JoJH9*OrF z0-6BBfb4jkW|z1G_wR#GTQ^`d*p+!*_-&Wwstk!Q9^N9Y?^=`GoRw$&)$iQQLxcfrfwJwkH0u zFn$&f^4I9c3Vy{J<+S!G;mv{B>}$sZK{Fh}PswgY0b*Kw!XZ$QcLpJ)cgo($=%ODb zAnP{ubKl?58@A9!L>{{4V~r?k7o!ub7di#~FvjaII{q;`uQwg0Jyl?aqa8I_5`>S5 zq=uRL`JH@A?Ok+0QsoDbr^zvb}>bgz~?Is zZJr$sP2*rFn8-c2xw%nrZaD?>H`f!mBP)o8)fA{tT5-Fd&fHXhVo6g*1jn@$Kn!*( zk5E6%EA^zLI3Wgyb7Q9+jdXOQJ1PVB0e$gDRa2=hSo1{Pc~ZO)V`F_Pa1yf5)?Y)f zzEsHIP&19ghnU;S>bxzBFedEE-nB|qtL}5{v8Rl`J=uR7^o?aANH<_3w3IC>X7UBo z+6V>_lDyx4pRZ$^>S30VSHEWRr~sF2+Vc!UZ6+gE6<#f0A!Vy~c^|w>QC;l zN@1uFrn!`T>BjRzkD|H4hS5R_^>X#~F41hkm}da0d`HV4zJ6VAlvY4{sR+%35Kzt! zLySo!ou(WW{l4FU2;nv4{mQ4(YXde}3#Av61U86dtkIlGWdlnMm{O`Pl}$C&{sUUN z4XL0?Mb|ehaj?|V%I-`7{S|~eCt_|})h{;TW$4*Ik@u`bvv+H~7GJrfZD0M%#{e<| z{;fjar|p4$g`}a;R~pd%MT)AXQwf&ymAdpabg?R`9rs9baizp<_>%m6Vt|odh=tZG&<69={K(jX%U5w)0r`zomXx;PHuYY zSE6It+6B}-_}f~GRoMg?(T^@OP1A#f`6o>udB+lmL<~&TPe>K6--KNoMO_E5V^cz! z82Y5^nmEy~jD9eSi0iCia3jN_(VIYoT9oWt;7MKuZwt&3x0bquckg(_z|Ms6BHJ>u zd`10K^i%34AHq?NHVxGUjqGM0ok%(IlSU5YKG8$zV^RxTZ9;WT+m%T%lsV6)Ua&8! zG>=d9&RHo#eyf!IUYZUI>V^y*f?5O9n-WM{^cpSnCVe zwrk*vE)}WlpkjgPq7kFMteo_)_a%z`5%p$K_O+3{3>C(h1FWN)n`H%|4TtykV$99s zt*G?*JBY_6(=HG^w0rx44V~BX;PUy^Q0z5_bvISY+1;bK^u{bY@JC&1p;hrbx?hE zYm`D~w+B?vG0phPTA}oLd=?1j(A^M69aDoN(VqJa60UHB)_fMCpcEw^^;=oy*F}sryP(96SW1t%6JN=~i^D9^T`C0g z)rEd3nMfF+%L(!vp+0Pl8#c$v(XIL~>DXsAH8(*^Ukzw$B2l&XkY1h(bqaMJmX$<6 zgu@-pXTQ6D5Q`JZ>CtyEpGE~|O$7e}xVf#Kz_90ib-xXp0)(Jws%|ek6wM7V?%5nM;3;ng-L>! znd}zPZD}UUIU`nUdXJq$L>p(p>ECIyh^`$IKzZa-)PtaL{8g$*D`(?mF0hK+YVSZm zI^|w-oy+%f{TW>XX$kkJI1$m-gxsT5FHlo92=2BHS79up^M`As)z`E%i-piqBL2~4 zr+p(OBM~qY6-IGCUG4zQ!q$3GzJ2F_iB^oNrC|Tha?#4?FGJ#?t;Ux}n2)oK+I9u` zfFa_-$}W~W36?xa!P>0o6X4ywTbLNPRI`%}$u3bZfBH@Jjtx{p;?#5BYrpxRP`ub~ zhl$W1LKI+Q4!aNS+53sl7h?o1t42u`InCcfol~04U6aOHfJhA>lwn90%!)^QYJIEbYM`n^dGmtH6{@2SbxWgIpH(+;R1 z{98hUXK8i&C@q?sdd-uxy&tR|fPibWQkT5;7=5mBt;^x%WJTn_wORFZ1Z9y+dOJ!tyZsq z2pNey5`$1jAdzre{G}y87qcQfL4?9unJ;fp^X6;tlLFiI4OMT5pPG5^9xQ2%#!;o? z+}#;PGZPd9PV(FSpS(r7#17er`2$CRcie=3Yz}*!5MPRQo|KyxV}ij{h@al*;uE~V zbjSJbgf$gp_8<)G=*0}OcwMrbb0;jb22d+$VbEQUVd6_>??`6Rw*Y|nj=CXZbZAdH z*IrN^j~odIc*xMASl^}Wb$?#XIPUqFVL6!e{HU42ZsPA8x-^5uC6ta45pN_56M}&2 zyu9$_>B7@>sFw~$)4l-xRgPskvA%zvX@OO{yi+AtPW?c-&I2>V8vghE$WZ5G)A@C7 zQT*4YDEW9Bb24osfJ*im=k{H^r8E78^t%47VQ3dlQekPOA=3PDnkB%#DA3AZtfs^3 zi51dW*tzmz23Io1HgJsBT!bE5@pJI_M?HTb^}UCm;?0|wYFzWa3BugU1gt2IZ>t(T z{RSFp#mI@Xv#Xk}$J|2fJPh>?%)%7$xcnx2g<1B=EMrx}TYW8jn1Zypp-};F&R3jyPeDDzxXPJc$TSA|HHtE2(*6_UoVAs@2v|@E>Cs83NquEz=@FZ9E`5Qn@ ztB&>dZvs9(1l~W$DC%jBBWby1{UdnG?@TCv%MsWUOYK7ZO)pyw>yF+PiYpwUTkot^ zwio|`f?x+bGQh%V4=m0Q)xqc#^?>>^ zd`zhj3ZiweSoyJo=^F9IgEj3YWUWA)$L2pE@{;gM43QwfVu3z$%MFMWw#2QJ(3;PV z5I{EO6LExL^v3jTQlyQllG5Xzp?qs1FBeS+Mq$F+*ZV8Ri9a&i2Zd$;&KumoUY1}Y z`V{(QQKx%U@?k)brNWT1xWtNuMJpbdm|9=6Zn?R#KJ9dO-^byDs_S=U0j}zJ+32Vl zrumx;`BO{+SvyLKUe1&b^Gbu7S0FzK-*`y-Te=CnAK%T463-y4 z>bS{=dlgT|$!99g%Y1w@kE<9l@$KgSxd7OBpS8nEf~$)z*lvSchWz{YPQ_1(FL9;$ zAs$SzljEZsBCwDTgH<^VI!KK94D0uwvd7@}n4w|08_Ogkl8ncg`fto!esTDc?Al*f>n@*HuF-j58z$5;?Qm`^i^4hGfIPQOd8a(}H&H~Wr z=V}@0;&FKy2o?)po=gukU8hT1!Ux+$p4tuP&N&BD=iy>-?vCP?hu z9FaiNn%XlMyQ)~=f5N6ev^p{^(tV737FGsbh_F&-GwyXm|frkOjzFf-W#@@l9jNNjx&-A$kpkb}>HZG0fD7#PY zJa4tSUA=pU@XCL2aWUxOX6d}0N@D9(mqKn=+J6G{M zFew(xR9lUfY_bS?Hb8W)sM@ie)fph3;Gvca{DRm}uqnp55SpvcKmx;#; z0?kN2SIJrCbZ}Tpo!)4%2d?<{$xs=Dy18in-*u>SY{MMvQ-=R-#*w7EtONls#pQet zl~s6md0%-~K8v)`T;M6)v2$?che@A)6uVrE;cq}3Y_z*?*}jI)KollsnL3Td2mC=p zc~*+R1*7gfY7qYb`PXJYe79GX&fiyT*Yi6*NNm*8uW{RUf@3QKISrjJbNGPXz)>z0 zNOFDpAoD)ymC)MrE4+z~;)RLW8iVeuCLh1&ih0gkqO^>}dg}o-(P7Pr-*|heUT$p5 z_N-JfzZO1i1i!umQ`jvxAQv3Tr#ybo$MXqk8{QbPw;y>U+?UWaB0w=Tx(Ev4n8@JF!l1r>sXYb3I%Z0NBH6d@Yx<0g z$v02q$Neqg(YT~2@DL#-)vKNg!h!-c7{|xGxMS@O>k{Y#i8A12N=6AgoCgG34|!Ts zLe1#vYQ8mYSEUiym|MGX-e!UibPG@*hWUQ?v=f&XvXFXHTjOT4B72f@HCn623kmd} zojWD@B7t|`4`^o6(s;6^ZO#vKCCGv(>S}m5byupt_FZy&ekgL4mK9OaQ&;a^V()ZH zURMA~x6kF@_kkp`)_U2W9-rp3E_TOOI(*X35~d5~+n*OplNfZ_TE!l(c8N{4TA^O` z&<|T;j=Iq1#I^q13}t!|^vaXVF}I{eVPVzAj#o3<1X6trNC)4gJKQ+`-k%?yD6KqIbF_Z8&=oL?N> zB#-wpMvPYLlq9ZTP2F$s;iV&^H|C zWw}3o+*VFa1~my9K3?pe&R6Q~b22S2EQrx0u6Cqo#U@D*rEvu z#R=i|9H%bmVOrlNarCAU3c@|@B4ch4974yKC$=OYt1#+oS{F8 zd(1i0J&VI!;jdo{B{Vj>%)6%mUWU`w8`HK^0ASb`zl_t3^A*_z3G!Mk?@On{wfY{F z-=9iK(%;a>%H|M9SWbSi0MzPriyYo@H9Ezl`gcc6gM)Tg>J@;cFuCm#MYhp+zCi+p z`}qY0wPg#VpW`qxF#VPBP0Kv6~X2XqpZ_d z1kf_eNE3R?>~^&%=r(}_>^qh{9cFj15&(Y#b#~UF`L6G8{yQ**13G!bgNmP9l+ewI zh=}|E2-iA3zI)2Me0Pvi0-j#&{qjX^?Pt-zg#`)5xE(*OjeR}dUQBF$KASms(x6>J zWNYaP71rIg15n9RE6_h1(gW-a_}MmNLjS>1ov#Q}c&|BTsQ>m1~bC=gp`z6 zm%u#(;G}B~1LU8UyQ^@p3T_r_?)T;iNJ;nq?dXE$>NTMHyl7`J9l|)7+tU?{c_i_a zfnI>hJ+^+Irm&`opT1Ra>Bn39UwjN&ktNN0w zNEF0qe4pU^HKg6M|Mfx>72#06F8K-eT_p)qqIgt{4L6^Q*-x_{iI0e#3_^k(x7$LV zcby#k!p39?5+~X1XnfgO9xL!DgCv}1X?8?_uCOXfVZ-Txboyj%G_Rf=;qNrXiefP9 z+hX;tFjfVZSe*8lkB{CoqlnO2XDkb;?b^bFxSpfe#<@FfoV zM%zs-&=wbY!8z*h#h?0nbZQ3;3x$}<{Gwt+jK!}(i+8SI@+PX8N%d|?y+K+LAMp+Bo3O2jLCa}_ z1K7c9PP1|H1Ov}q06U>Yd-+|w7c%q$b94V(c&5qO+qEkDS0()7dwZ_*rO%%+_a*KS zYlon%#LO2w-HF2mtKABqcO&5UZ|xGp$i`q87r4(^9W;`+EI)<-aBHQMN^!m{uiWj} zSoiVL_x8rn(|5agU(fLcK{!(sDZlw^+~>qsQw=b3L8lpo)*T$;v$k*ykTd8NO|K%R6!_ui_b0p$tlAesJ|iCVjFvsS^2>AQ)8uYwIw2^> zu%*@UQRkiDpa z57vC0+d5t+x1X<;1Txv+0t8$}Ugf-@@Nl1X;(V@^GM4EbIV%^LnvQ8Ok89Toi?c~e z^Oz3p7ykn)cvoKX*GAt>cQJ6Ka;W~BfLHt?ck2Q7d);2dhIuHRb~~jj=J6$5<0r72LXN7-*|w z?K`xurH+ZD5ai`si?DKReLR8Uh6|FE0EZM0F7ubliya?+qV%FVu=2f}tpQ{R0hi=p zr>CqMNPtgjsa|$mlO|@;?s3+lUFiF^vX>QT5}2hDnvoDYXX0OHshDWVInPf-zY4au zEwBkA2#sik$b6xaKMrB1EkH(ghbn9l$2*s@*#^-ImM;%MU|gLS|dq{B?I1n z+tWf|wF0?9gaH7Izuo|rQ|KG|o2`?l1jDI{V0cqk?W=Xw5Nk1IX6Das<*jGNlHEyM zFv)u|1cIR-L;b!;NGp5)<^*5404)dee}LdbTQd;)seQfJ;JowB*B=~y-}^1Z=r)Bj zO~68`u=$FJgmSu2Y0+IZ)6XC)>**O~uEr49>*DD6^nmm^841$UDS#Uf9K5 zUk*kuV1c4zSa33g51ySJ5wWwIE(ARm%TynKJF$MUcxIr@Y9J#o%gRg-=35o;<*A*p z_UGNLa#+dB(ZPcs@?l)U2ZJ&IIBc>*&9ePTinRP3Fc>lKd*-t6JRq_LW2^VxX z=PY$ia(CdD5Z#IN4h+m(Pa=HNK zC)B@@2Ik+u!}=lM$INw-roiax=C=Kekk9@m=;I0iFP@KW0;4m_GhQ)cm655`<#a*k zD=AYk6O)f}1-JtImlrOigk(Svi7!*-UA&*MM@J;gztLsI2jm5xKKUeR^qH1P9FX~5 zpOOgL`;fQ>xV5)-R(tY6j!C02qy~=?5Md~Ma z)f|b{IT?b{`0!?u|Y$Kw8VodYk@s2%%8}H z9gLLnzZ?ZJKts>VLeK~SuQ?#32QI-7Lf2pF%&pts>pL%}nZ$VO{8EbzlN33>^-zP~ zEnhCCU<~n1BQDA6!kbpcv40rkGJugt%f}_|>B1{eNSE=XJ;q|D#nd$|w=Bb3ie=L@ zqPm`2tMHo7=zGzWvZIBoNe2248SNcRZR_F*p2Vkl|FQ)pFV^Vy|!}L#~u#c4f$mEhnw0I%LbN%565iOGD9! z$ew6q(jC9Lig~^tW)l$!;bA)c`1^CC6YOXr;v2iCC1Df;QhcZ0y&5X#w-r?_pPoY!70%SHgfBMl_ZF>maJ31b zzg!eAD>ys%OoR+Beuh2ClWhw<-gK&C9lbsb>?&6?|m{Aee=!oC;i~3 zG12V6)}eDVx6s+Xv((@d;gBa4>IVx+q-SYD&LwX$gYgkQn%NPJqX%HykIL@7(5hUQ zo(xbynF{+EI-Dke0I3_MaGXTc9g{}B&c~ru(~5JkXY%>AbJwMpZ^V!^9pf^jDO+up zC!h5JRXo`nKkWQ&vd8e1^4V=4=gf~|>C6MKZ+^I+yc5Wp#%?a38|!|m zdAR+IACZ&IJYE$-D~L-H=9ulnhRSzRIJ|()A*o)}XGVT%=pA~0)4=U|aekZq~B z1z_T75|ovA;nhip?Jp|(dI&MeMe558502g#B>Kl6-IcIXuS$e_Dsz-508=#;!RPO0 zM{^MYOls6v7&A322reK9Hwb|_XpZeHSo<4FDgTfdc6r1ir4VoEp!7_07?E<0CN-@I zB`L>pH4fDHo)#-^!nT1K{FusoN3|-NY*|ZRnL)u%Y&mjZJFfp@W))8--tX;(WppxX zi|HEk=jN<;Se*Zck^O&uA%DUZB_6-u!|~7ux5xXC-2Y$gWwnTtIuUm~vJLZ`f4qbSjdj*O*{`9tHm%SG2gV02lgfz(gg z$e|TFghtfmsd~a9`qw4wjs^QfJM`~w+TXmdBFv4$3?u4Kks;aW_Ho8a19b2R(HL@0 zRna8TzKYTF$)ih3Q{s|{|FsLcG$~|>5X&D#38=OFagnEK&XSWjyjDnEokzG4T(Gcd zyU){wyL~Sq@0+`2_$6TIlp{OIs&Wh6#Px;Psg4U}j}ETb*1gY;h@+Y?N$El1s2rhM z;Z%{#78`4SU(~~^&Q?T%k;qC;qo~|VYmM&9zx&CgfsKz+itF8z5jWU#UC2qNtq>AP zEE0%uj!UIu&J&q=){6>@jgN&|r$`%8e>9Aouo*OdFkUu-*!{BZ=V8qyIz*akVqtm- zT8PvqnmjHcZa~Lw1X!&8ts<(}7)Vhbo;D9uStml*m`cPab)xYhjTOZR@L4O^S1 ztXJzjrCF<(oE9_mLKuF2bRYSsbzl}G>vbx@oj8BK>KCmG`EUIdz0v`CI~1^;wzu-k z0+XB+=464D&WG-&AmHXH2wFF z_)XW>^$&bv{UUzwcb!)0D&zOpwk4^lLMM~i9YN&NC2@|^;-PiE4VI+0yUW)PAqgE4 zaCe)lbWJHME8AimbJ!8NujJ>UO{VTW5c0C0uhZ)?rFd#AIzm_wfFh#zaOr52q=Dcn zD}QCzzFRzB1_cfK25v%pyqr-{ekr>E<5*Xh+d%D+4Qqy4nn?d*y~TLNg1(oMnVFe^ zfq|o=s*nC&W+1BNKpL0DjtdY7QjBL55n+RO9PtvcK2K&7I%izJYf2eawP8stlw-KV9IAK{&qc*Gla5xw^WVKI&8A zS01JMDIjC2edhV_qc_aY){ckp3YOVT+lXfM{qZ*W?dVRpNm_o--%{D|P?y&9SrX#>e8UDCzyD zMZs#-(W2JB-z3AAdDz)Aj0%7KdhL1B0_JG>_}v|y9cXmvWQ{+3Zf;tyzDdJDWrDN%}z(UdNCTBakRixm@dfS4W^3K-=iXb zDW(s3=Zk)$oKTsgPiJX__22c$$P%`S$)u18%jD615~J-W17vrxE~?PISf_hKElXMm zzCRD!cVEJ>iA_#QYN|3XSl%kjwag{<^ZSPHc{{gOFy7z_TiS^R!zTA+SJJmMY7K3V z@C|r^4l5N9FY(whMZL{1tMkFv@86p5caa%|NbTr$0v{G?&^Nw0Yu=X=XWyu0{RfrU zWsHi-%cGOOF?mTwo2!~+nyybg0fU*;bn4?&QjyUbSWRB%_&Yxhf)lMIKIg>YRkebZ zYCbzL$&_$%oQ4>XR9ClyK7+3IXxmn{Zbv5CTyi1ieHg~GuisH6D^eturA;wKyS`(@ zQRQgi4Q0KQRpUOAa6B#et}9v|z3zbU-wU(BdsuS08yl83V#+0P(kqF5eR3ouB$Mhd z;}{rNGHJg`bP-L|f9q8jaM^;OnwS_h^#ggM+RV(A7XK)f@o}S+%(J!v#kUN4tR%ry z%sI)zK~w!Y-%5iI&g(rA+h7o${G;>wB1$##pkOx-iJz$98>E9|0n z=D3`bib}~}ds;cZ1Xq_vkc(=gD*`?ddwfhlonUKiu`l3pco9Ic$!gGX@QJ!NJLn>D ziv);rYR1J~frxXk_iCVhT;yGJL0Ccdr|;BBKM2!f3DYkRMI|jHoz-KiB7UcYTJ@}1 z68>b`2Ms5e8zFC z;aAphuJHYz)`72~F8=en6s%^wQ&X(;9%BGcMfm&oqpzOdk|;Kkv*-q%=gPwDF##Kt zAwO+z))jf}eQ#KIc26O+uQt<(iZ#}6)X2`xURqX0y0Jk<_~PH+Eg2SUe_FvJY*fk?7WBqf-OE)JqAh_%6+f)}U z+2VKG9hpMm=JBzlS?B0bRG=w!E1v{}*M8rt4nT;gkx%!;z(3m>#eo8X!2PtfvvqZM z;^X6Q?e4noPWdhX-KJYaI2@iWQc~l$I5##nW_m}Notvwa`eMupt(i(Y?8T#;!onSJ z+cSwVfk@)FgK?V)3^Uc0_u}p_4lSZK6Mups9cU98EY0>z$aoOH}dUEQ|xw>ASg+8Rt zl-Vzy7+V8>Y#?I%Juc!j1lBw_?5zYmX^OLmyDCFMLVW#i*mwlK@K=;lw3JfZ1F?{p zycS`zArdk2@S>tZx0}XwQC&u%yn=%5qn|&zqnw6P1+3rAgr(gtg{Ief9(H;4_xaSq zN|w`wJqH#vME#b6D?F!5q?qqbUBNb#h{~#~yX;++zP-Y_u-L4wP2rdr=<4bMQ<6j^ zDI?)=2`w{auJV>$;$A~w?}5K|-v^zMls#_r#Y7w>_vgNWIWdmF2w$fU>s~r{oqp+~A zFf=X+i#$z;^y*J{{{mrzknET6FK+hp$*FM+8hdS@KJ98#g*{6Y0m^ z9>`p%ZlylN#*F@dE%}c+{Dggv8l7ePcsd z$p2tqk9PwMq@h3_UY_%FvvIftn;XIrVf7q-SuHca0XCyHTI6?o?GF1BPO9JHc6x5) z-r{xo#qd{cetvEK*3~2vm5;Pv|s$%qUeT@{pgbtOEFUiERko z++@-Y6S`(NhjH`p99&%H>D&z>K+!SJVapBIs~hQF4e;K+ftgZ2MM+8I+nqqvZ7j0v z<*yN!8!0eBw^!JUmi=yPuaWvdbKTwkKFKp>aL_l|du=FKGT6crVLutMeFN#85`g|t64b>7d9@<7LLrgT(k z!6TV2l3ehm2bsLw!&lbNEFkis<@ZN03e2JbCU$3MXPt7o)M72isL>4`INZb}ORmnz zGZf(erPgSaoyL&7b74^t=H6vYq@n7MAF12h+9if|`q#cnTC~uIuMvwvO#*`aI7q61 z%>IF?7#xf5w;n@@mtFc^c+u1kawzOVPob}TFVa`2_V!3^ZEc;(D}a$bcv;)I;U7PK z45nc#VPsgDD&802=H^C#;yTQ&Ez}JS-Ok;d{FYAUl9TsE>=qjB@^W%Mkl{lb+S)*@ zLHWhckLXafn;WU1TXwE(VUfSi38`x$I2YR&guKr7a`H;j&u=`{OmD)>r1A3WZyFo9 zmwkZ#F9PItc4mK&R$c8Dp%^inlvERgv%9lXZ8uwKbLuW0Qa4)kLx@yPx@6(?YwuGx zN?A@3*yVn92l!-XD<#E4tc;UtzuBtP|1w<6bJE$m3TH*d(^YBy0)}(&E|h}F@*e37 zI1B~1eMY{#TrRmQ%=$<3@Sud68U+RU5nC%3^1_a4h>3|07MpGdwV8O|&&dTBU!9Vd zTFej80oSacPzwu7C?KyUYB%E#9Az6V_}jXX&s$yHWN=GrGm_AU4=zuD%u|aT-6{KG zi~ITB_DF7SE&`&#H5TE!_wR4kdRIZz27d%Lu)%!IgZ1~jIA8C(>^4>}FE9H8vL>$v zLLwqC-3$!bH1+je1R1Qs5oSB(@NMa`J}=?Ccl90tO6Xr~cI_Wb+$tD1+MOJ`9WiDE|394ed>08XpUl}>$6k*>hH#1|K!zu_g#tSk(J{oeR)D~}*P z0XNK~*Ga`>(%nM?r2DrgQDEK*3P?*!YY4S+AV^S>lCq%5sj=?_ia9iNGhn zP}jAwF*SV+Ei^e_rw5|OH#PxHe80=d=^UDz;gd9jY|Kn&D?dLRgy+RK4ekfv@njVg zSZC~Jd_**eh=?E;@x#R-ot&5e8mTR}o9R67=i2n|KsJ&|=kce{4``y2aR#-o;NszT zNl0sIY6|%tujMJG@Yv6aHJy7mz%LJ1l?}O@<-SJcy?lE>Mm7L{r7eZ>*ns2Rv^s92IbVne}+>=a?(|(*5ro513)E!MZqg zbL8OUWMp9o3lC>uWRz1-(5Z17j3VLP{_hJJIrPTYSOf|RHi*S-t#@Jgk&N~@iQ4U> zmdw*TkmoRsYI9&=Jd{x~2!yR;KQOG6Hq9;E_LqF87A_waoXcL~^;%h6)zhX{|4>X2 zekt1*gmun{x&cYr`s{|+-R^eV#A|ML1jkUgz2S6AbP!muXJly)8Pxk#Sf(Z=@h_%3 zC`?2wyThP>A*CT8`aQPv=er+!M}hn_NKQBK@tv1_`sb~X7O_)ryHW)GmVD^=%j)YH z_uA^}P6$4eNp7@*ByN0QU|@3~MZ}|r-5DbsK>dvPQkUn4qKpsV!0Gx9tln)`sYS!^ z&h-2&ojg0QSKkT=dd15NTRP&xYx1(|`bAW+Y+U^V9PEwTp|0!eY{~O> zpycG_p)^cnNJywjv#5oH(}l3f$IfnlvOfVt$x#qo_I@?g#2~cx^?BWPu}tx>SY_vz z9$rm;RyFIAW1|6^uIko`(Tf|H*((d{iAomahsc4(*T&Ob@c-%Ss2pB9G-&(vdh_Lb zN2M)#!v}mWzM&hR?$3+Jgjiwh#cy4$`AW-sb;z4=OfuzKp^X1Apqb~;tAJrm-3Sg z&a`q)E;5n6OmeJjusKvz&A6OTR+^~_lIS9Dr6o%&2a~S58ZTWOmh@S91sHeM`;UPv zQa=BZurTyNkRc4+`0ZQ0;K~=j-k1rpp3&kpl~>f zE7p0eEM)hpOGaI}IgJ5a0DQ8%f#tYS`Xy{dygQQ2^NiWOKbIVA`Mee$v(c%POQKCln=!ggt0@~Xnt(I-6R5{_{`ia7>P!| zvX*;J!Opj~tI1TSZ?9`3r)z_LA}U`vcYU^de`04CC(Dn4 zpFXwdo+2moD=I3=Dk_?U4467BWoK!hot@cE6~o#*ZhVfSYt8{XYPP~kOc#&qo>QWV&l;MJD5lavGektlk%&@x8q9Q+Sv$xXZ#Pc%6>Z&*07Pi z)G}S64TJg3@R=v3gcTHIW@ds3G?&_J@XGsgK0p9Cxj7skP8wx`0H}8Darq@OBm~0t z%Ulo3o|k<*(Qy;(@c0ywd(2@VgR&jUpb#1En@gVk9rn{~)98Mt#rK>X5J${W0-rp2 z0x-eP$x2^ZXwK-z)YQN7{op3yi6j*no$JaK55)ulVr*Ls*qlrkOF)n)cE7e?=T}37 zfSjDkJ~r(XnS*$FG*L+O&B9OUAy9}d>6Ta4$df}Lk=H0{xI2tdPO`Ru4w-q+m)k>yJvR4GZJXtl;O;XP|s6L&=)uopZrekdGU97f=Ao8Dw(J$i>JY3TM$HtN3BWfnWi;@ zu2;Ji%Zc3sZ<07{t3kpFnOj)$3A(>6J!IK91|kjKnl6o;;-!V5pQK{#`7fJ z4$%OWBdWsa9^vOjR5&f#(z?`T#NFnySxSxl&&cnVc6LH$_^_~5J;$;_mh7)D1l^Y! zPd7h)dTRjcr^8ipd7sAChKs)HqsBSxmbIP9aUC8g-HxoOU!`WTs7cB~0`{Oi}R`KmKPE^bZ- z=H^Hc81Q}i^r>lhz454N8CD(iMq`b8r}wjo{Xvs{$E%A7z8^|bsS=y=j<+^Q+#HH+ z&rX#Pl@NnjsqV)6_L(r+5@uC_g%ur?hoiHO+e^JCl4ref`H zA;|f9NNQnW!6M*~)?#$Ikf*$z1P;05lViwui=B6r`3V@YGKJ5SK`KBbjG0&asyO27 z*Jh*h_68V$*C}p-ra|%H4{D(HdTx+s9KVS8@|1i<-t}AykoL}9B|YzMW`X@p0Kp7i zOawjYtkbi;S7Z9@A~CFt$6f{osUt<8ItK&0*mnq`@PT-FZOOn{aCB^}3!w&pTNUy? z#Wx6`_{?F}jqt`=R@VMNeH1wa(-|k(%-DD&#h>YrOjt}g+f(E-`9ItS(E?o}ABQ!1 zk@|i{+N-y#V0;9v$=rrfxN#|kyx9ksZpGn?9TG&PZ(t7V8!JB!PS(HbuQ5|P1Eh- zt|gdnw)NVk%xA-lm1S8@e0`+n!e6agZx=Kg&KNZ_w=f@Ie1P(c3y}f}`})3oLEixh z@9vI;XWf>J&xE)gL}8)9pbF5rU{_a2Mcsg`w+FG;)MXx5+9cCFSbsnnZ+kes_7jz)PTJ@D?L; z2scg{3ECV^t1ho56XAH{HLWDJ_54vlLn!YF%|_hcgKbi`mDf;q&QgN!s*Q!Mm9(M; zmzYceL*u_^NRHpX?{>rY7)sJWS?snwr+H-vLd^|gAT7#+m%B<}gQlj|Sjm!-(v``+ zyU6>6EFGop2c*5vJ)^tf{i#sHyQ48pCSk+?469)z4hA zqO;}Go6irHtU;|}vVYz$tY>fKK<9aaw3;WuaIQBb3?@ae1qNcT;nvf|i`fp?0Z7jk z6g~OFs(EW%bY*VfeRy+~;PLjJn2P|Kh( zE|y*K`}zgiMw!NV1&nKGmH+YPcg&@AVc)smdc4rqe2o!oiFJ1NEqLy{FR2g%b&Fep zn-RcZ5CZb@5}KM4&mY})guMvanvVepgbU**$>rW0bM4*~k6gCuQxnvI7R9byd)ZMr?Uo+#45 zC~LftbP{_F5t5|HJpS=ebFnb6veNey{r>&Cq^M|BL}qeffw{i4swyJ(0+Up1XUaf9 zDv_RH5Mjq39C#XTvY0>qYp zjFFMiyWhgT*Ow7Q1bCjm%gP*K=`ElXj!Dh!XSWsxyZ<9Oxri+`k9D| znwkAP9{$@SUzxkj`N~;O$wgEcCZO=SC5~c+LrqsxGY5{Wd!~e49Ej3@Nj$Lb1Qd{c z4+gAl-UvZGLw!J4Yhl8=M0WWR!vP^!H4@72`WdMoOYFjQ5`=xFt|B7C>PJULJ^+9a zOXMvIlte^yRPzsN?dXsw%j6Pt+pC2yp1beQpg=1GY`{p;E_-?FS@Tbnr)10p1E2}i zvNs1F8e1?IqK-D}iNG-C6HF7<`>A<(ZI=6AnVFPAET^~b@nGEn|C5tLxQ%Ooj4b-` zNq*Rcp5w%d{GTTha*{i{CkKRAS6*40fz9c!xJNzBpSP$`tT*qkRMw*KcI>R~rC{rZjwd1$QDTwYtQyxANF)+^^C-E4n`S;Jhv&xB#i3s-Z z+c#N3VD}Ypc*t%E?W*y?(4SyFex|SIg{|aK?31MXzg?XQBr}d*;f4s;k968bnJ#VR zceX^H8&TlSB`{7-P4v`e1CXSQqol}eS@q{|DkcjPOB0wYP**p5GeV6j-F;Pm1(5A~ z(#yR1dUOcv?oMHri=D}$nZ*2#i&}UkuBepVub^QiEqf*&Z}a4a7-B z$Pn}IUt4OCWP+Fw=513;VPSc3@xfeN|8%i_b!jP_gv+h3a#{h29M|i5@f@^`*wRGi z7Z&ujbcwzG>1>6Wf!s^!3EB@rY-$<_F>IvNW^)@GS`GODhv_6dH3I_+YipWoM~0{b zKdN@wU&RIXu0+Wrsy*etHageD3SpXfh_-Nua$C{cUX)ii?W_d-qvF8x?D?o{nxLDX+=Z zE|&za;Ftq^`TAT-Q*+(i3Vf?J*-uVRN=h$65P-44sWh-z2IN4m6TTR<>#*<{2|`6hb$7>lobsJ=LrR4%NbXN`Q@~!<9BXl+Ui*9Ihg7>a;QUBbG5tlXEbZ8n zYUI+nl1S301zk63;`e=b9qG?PPcHjPs&8tGv$9@-vsh!zH4_=77Bl(mig^?d$G($n z=6t&Um_QCcC5&3OzKM=ziz*?KR8S44$w1$41|Cx@NzFqi6-Bzay^rJ0B|y6)1#n^D zumWnTiahZWgRqNtvsU6nWf15Zfqnuqit?96KW-jc0oWxM=pyczw@f>0Zp5+*aCnK|8=Un zzxAf3_fP}X5Ckfv;2xghAJl+v2Qq?};9@2sdQi8m!Sz^pUINIsL?81WeiCO-_K5ra zyLWu{pYD^?=@0;JG=oZB2el3+(ie(n1!NeHb~!Km-2z0ychl|ov`8C(u_OR(BPO;7 z&cwb{PD2ZxTvjcV+Sc1O^PmdFVN7|XONJTmOk=m=R0rz5r$UbU@y#bQUxlMU&2;kZ z(%K$kfA#7I->AqdI5ogOjBaKuh#(2+qvF<#zu3raynFYAz_&e>^uH5fmpz~ppEfsF z<4R4^vo19-aF59iHtT#`IgNRQBc;pp&XgFG)H`sZtZi+OzyXYk*QQ?YoQ%v+xXIuO zJO({o9XEFN3#U%bE7_NITie^9m9EySe|p;H3o(U|jg~Yv>VKT%e=&3shOkP9qM@bL zA+dT%=)eaAH$ofwxiG(vk*LR8SDszuq@_n%LJQ?0h!K^bCv=f|efm zbz-3IWJ%-BL>V)5m7H*moKQnm^_lDH)n$bhXdZx-?l*U{TGDcFK{LbUZme=RJDy1` zE4BPtzw*KkGZe>>;ROUrx-CbD-o;th$Os7N_qUJlP8Mm0Jw75BO3is`A&q%E-XyKO zp%eO>lWQ~e)@d@hdfg6QB%(l3hIN!WU%mLbQ7O)(XC(6=Ev?Dx6l^VC4({It1#in$ z4kB+R#X?lR5&6#hP@XsN(etfM6sSZ~J4i^ezAcY!UkM5gMF{x#@lQwC-6Q1h#GeV! zX4Rc%5`$QAo*4X>8I~bMiuK?x*1PA?f@!IB-J_eN@zA>^*k7Olo@d9@tlzYjdcJ&p z7z3NKyEz@c1z0E*aZ_P&@zrK48MHN$*)E-4JaaJ~2_8NX=frPkD>^Dn>D~u>1k(Y+fSjfG!btp#hF>bcg={*v#z_NsmVQk0~+VePXrEk z{!9!gH2iO|2dXhtNS`%9u4QMmB4IhPjBz0tltXI_~-QP!n$aVAlIzB0h za{5d3mP)?}KLg->%+Ac&FIRc*W03&YNS+bbZ@*JhzkmNeRid1$C4IL$T0zJC{SUd3 zm|J9Ipw`x_ zfzKF~v;We*f)t{Vm8&<%?&RcjMzkWYDBpX}`RY|RYGXsp4{GbO>>v*t(~Mn;S&Uzv zfhbQiY5%RR<_~R8ZgPk)&(s+CR~?{j`7LDg{Jcecl$zQw(!#0(j~DpI_5w51k6HEo zCxyf8-ieN?qG#Wyi`B+Iin63y$-`nIDLzkI4Q|*O4ZW%t6~C|&Vb#*KGV*GQp?(~V z<4L_C#~?Fz_T2s`gjuI{i$wtH;6XAIlY3%&XuRb4RekGqh{C@`>JkYF{Z*rnlsAHT zmH#-<@EV@FEVG&!efza2{6K|JAqhZWt|mMX?EBn~5YW&oyIoKajbHR^&*D<@EzzWK zo!6zBn%GTvIp_9b8R8q3mIQmM$nRT4G@YHCSgf>NBPR9}5-u9qGk)e-KVQnr%dO3A zbU;hSI#x=-S{jYG4NqjFt8V__d*YRe;20%LXZm1=Fks(?+G@; zSc3+qq?Xc_tw+aW)2pr=xyM6Zpl4Kot!E+G31T=6irKea%q$W{pzCfA`wKl}i5lno zps+j`uPND^XIphJ+Nz%%cUUiXbUXMb@D3Z&(9rnt+D~EZOi$>Vks8-|%wZpUZNV@+ zS=X?8Q|e#WhuG+EGIUl|UNF3@nX;beD_dhZ{TZTx2pL&fKbEMf&xW6(x2;B)UP$4aojbX+_wdZs}DxXF5gHZS=p z)A-4u=k}d`=cjVpzWlPA>s+6R?MrSt!<+o?hF&kq24-B1qr~(F8xs= z6Vua(p!BpN*Q`VwWcK(NW>u%Wji&0Rl{@k{r}uR6ZsF2F&F*;ho>U09&#B^2ojf1kg z?!k1QtIP6XZTdRkgq@6+&N6>CZkhSn4yYy<#L(qiXR0DI0FVYj^v}erDtlvgn0BVu zQkB`fw$ZO1>;boj48g;g+?Q`4f%zgq5oCC5mkEkmmMACXN#`44JA34UUTg4zm@KRN zt?%vO8!bmEYrLE#u(K((Jeg?R`LO4`7t`gEccLkJI+b2%$5}R$Ly^2H;%le21KNOM zr2OLA;UtQL`nUa1$>hZKc>z#T<6OVH)jF3ixqxrS94D|9h!15%NoHd{evYO#rICw_ z;kkLV>>m{r@`XQ28k0Pk*L?_>@k&llj*nxYZ&=*K#l}K!WIpU}Ypcoh4UFL>GuIVQ z<2@|5Z@MOQ2h7hoU3Im(+68-Mxw$7(rb}G6=S%M2XsfG_0}%b!*HCMQ#;MV!`Ci~W znyJMB(8a2&hSOzVDq>e4oWu;uN(R(Q|>bm$7}12-2JkU^wpW(N5N z9l%>TIXGBAR(r1GB}QqKb~rNKuV^o>FRlPw<}bg~u$fQ8D;G{jS!Iz9@^3ZEP(4)MgWJS7I}YUv6-w zJKx5!DT7bo?mR06a`Hlby?(JVq~rv<+w0@t-$C>}!{H4?;*te`gz0)P7N@%lMDf82 z∨?0o0NI^$4JgG-$@%*ym~+Epzr2zg_+DV=WuW<|F^fQtT39Bp|5d^|xI3ohATc zC(x@gJR9{+GZaou{ZXrbP_eL(9i*oL?_2t_avK%j>-sm^WqWLLV&GR{c{yN*0h}HT zae_e-*n$!!dJ=qU9!6hx1VG$jZ|4;ee;A$YF=*6*y0Z=-8Z$FIJUqg_$9xPN9}C+- zS7mNaH?r0R?*aDC@q)AYAN>Q}JwdW7tHcISH#~*bHrHurJJd;YQj(K?-yGWp3lakU zqNp5K6t%3LpkSRB2P%M|i=pB#aiQBcv*Y};Z^3sNuUVsS$obA933PmXY%e9PipOWU zZ~=xS!VKKoIs$%%VyTAl0}9E{o378SG09H%fWrVCuJ^4YqSRv&zwY>KrlF?cv#Z4% z$3Ih75u;LXlu*0~dSQ%AOdvnj`h5XtXho$Ne*w{`C!4{c<(jNYq2&&7Nxyarc6%)o zedE2n)Nf)!mS#9r&7&9*p-d*Cr0^M}XBtOVMoDy?GEjL{TmvWOO89!ZmxmV~9zHD{ zO^8BTIVj=r7P+7RSkL!Nx=6$~3K|;LvIQv(dZC!4$3R4Ub(M*c@pV%pIy(AR+FoM5 zJ{<%c4sJ{@kA;1&vU75T0Rwk(x(M)t`aGDK;{AbutdC>eFY*E}2Qu^l zYoYYRsNVJYK8>u?@{-Vs2?1!qy?<{9HY;eg#$pc(Mp-`}`q|>&x*~o*qWyP^!)$Fq z8St8mT>^0^;tR4UczX=q#986Un_WTiZ(jS=)y8I8; zPHpZQfU{*_zyhfPXyxeG!c9xc4R9iG@$qlm*V500^-&-IrpPZ}f4H7f)Mu^9uD#gX zj)701U=f|&b*C>W$*J%Gvg#`B1z4lOWcN{XFyKPGmC)!D(sF$#4N4Icq|%N}Yn4m^ z0Ui^3`!c`Pjm7yIz+HL8%?(x%-El)~mX40jkY4FKT#;g4>%PjiPdADAB%n^O`DefM zr2(ALR<*EsnBSZGD=>6-Tkfpqre*1>IXQ{;QK{q<4!0am6>+;k+74BSHn*b7J0+>v zTR0p4`D1UVun<%XLGg~HuP$PSwG(B1aaG+OI1n2{d5?lY+5qqvm6LIGbxqD6%M;rr zL?k5lP5usmmTV&W2l%T7;~&D0{qEbNXe5EmtW}UhLa_lB*-UzDA_O5LUm|aw1jlcK z@+*%?Yb=Qk9oWc_j}Z_G3=Hzk5edoaapX%HvN~O(Yrr4ZuDg+MBOFZbmk^?%qxEF1zl{ zeCJm;GV(vTLDtyOcT^n(WW4;#f&zwte#<#quCEb_XRzC%;^N{Aiu;Axaj}N8N?!R=;6p$;dw;%bpD7L|$yC?+=ydHlK|!6{A{;0e>3uMf|OZ(syV z+qG}fBV%z{6N=cJn2)gp|{ zKS5duwFW)L0d0mHn7rDHx6|XFEA{+rV80uU{$uUV;ebRX90bF*nq{I*a*x%yxXRdT zi=3Q@62qj#WB~#Gr^K&aCKAi=<5`4wm*df4L{Q?sm!3Qi`&=85s~3P9K7d-vgu%4g>U);7uSt$#+3x>-cJyE_3V z($d00g-8lNJ|6UuUK|Lj?X{csB@$xytb71e{tke$_1+$Z+4*}D1?qXq2_-+k$bVIl_Q7(Ko|e`e;D-XjY>h+95e{Mq zrfp6j%hgjc5hZ#XfNkAMMK$>_yyj=f1az3{>Zy*7Z0Qn1D(Nc#>oU0!h5`U2vg`=7 z;y_vT!1mmpvjaX%pfw|wFxV0BhAn+1p`8sN{;WO2V7>EjaFmr*k-YNgp%;0$_I@Ms z-!U9oZ%Es=M`GZV7ZGHu+D8(|Z@erqVq;|lh7-P5XQ_nPd_EnYway6%ao-Pc2$K?D!MAaIeQ&|J z6+z4;@Mg`0o|%Gu#OmU(v^2a|R`&Ad*<&dw))DaEIM zEmN4VW%ra!a1xi0e~(PM$g!)7k@1RRj|$JO&R%MGde4T@U;Gk5O|X7Up%?H3@LQ?? zjoEW+#6;x%h3X#XBXSH0LkriZ{Q-9C+OlNv%7qt{+z)r2&BW@mN@GWVH5(91mYUHl zv5qccN_oBc^6|V?hm8jfoowe^Gw8}=GWn}YDNamG$mr&RC3n+_0c|ZdM1_0_o(VFD zV5d&O*c?{9Wc&D=x&`gjBQlD(3Vj)yli&Y<*%cWjRHosP#n!L?*B*=e1I1(Rc99dq zqL$qf5)#5$4{zQcObv>BsMG&M@rh1(^8NN&7rDD^l6{7z-gAot6J)X93@kFI0Ki}i zH9~@zY;D;b$W!aaVkv|$v*w83VVxEL1DPxEnjvGrh+)wqa2nvsXW~}iWZ&GCyZo=P znxou9ln(_K&ham{zJeF^<}3L`nTiR(fY^_P2lwo$F4xKvR3!)$fieBehdN}n8qcB z;HRgzh@W2RmQTsj*Ci5V$$v?aWv|Dj?yw7+E9#)T={%6^E3(OL#q1<4b1N|eto{u+ z12i%{jr9b#`BCSKm#5lFZDqEnJ~GtFPBgFni1EFoe8^oAJN*9I$H9daJ}Q#WP+Q|5 zFhexLCo%uDwC>b-TXs3Q{mH6JEA?-0>p`@xF?F!CvWUken4X#fw35W+Bv;s|ZI22s zxF12+9qM6PZvWBpn!$|mQeD^4-?cMYSz-`c+N&h~wR|L9!Co+vAAQG(&Z=}MJ}oEt zH2WTJ%EkU$qxbXrd7AY=~Al&D6qz2Fw#yo~55_VWv=NJrvDiSwX^j zOcRt0&VPkX_OOhr!c@_ceCNW8rR0_|3+QM|LX95&r0~Mc4syU+V~&db@TIH!MQo-L5<%V<1@`};=_b%(~v5PfUW?wE&Y~SBVvfKaV(LA#JxA560~#L(rc3{3Zsq5 zr#pp7v*Hr+@P39Hx8FZ&D=lCg99g-SXliVdaR2-Nk1zFdrdKbg#IW!xk=PS*wDlcW zi$4sl{X>fjW-}trpn4D4(l93O6>wYI_9XR0fcb)8b4bpbi-FJaX7l(m%`JO>H~gHg9QfpA6{H&GoImEkMr z{jewzs{N%N{mSTQ^=9vpq~+bkx-sWV=mev$^D#UW##cJX37 zultY;P!rJUJX{tRu6l`r(k^=S(aEW_qQv#?JtYrYK}*Yy)s{FY5CRMwZ`vz4BM}jT zZ)k`rYfD)~56i!{$s65?t*NT%{_*SsWYEp9L(AB#>{Uf{<6nbMFgIWX_?mt7j$3edJ(K{zv<{?SJLmmp zAD{Qep*gmO36bo6WOCAK?nD_RNf0!r)$$+07{biOpX+jO$JFqY??v-(4AH3>*}2#v z5_}s6-iL1S$jqu`!+tNt!V{nBlOdsugoXBrals?Td7QO(5IAJM zanoC9$PwSao_)GlCXp^YBI0##k@OJJ@3ZOemHOSn5dCh>ilyen=#$f2&P(O*WUd|| zA$YMf-?Zo#&{qu!nP~z;Zr8PdkNG;IJk4nW|9wUBbrm=9k+->J z32kML#U6@YgFR?#0m3x)k0)+VM1#%;Zf9zTwXK>bhOW~geamNlekistz*0x0NlROq z+#Q0vjbznGoG3SCEEER`_>3m8Y+c{j^2))dK+;yyZ*)7ss_g|hJOvOMTyeS#s+yKv zM+O(U@9vs6Ha2R<$5|+&vp8KBOC*zzAAJ8&+&GWgaymD#O)=X{banX{T9s#>G)mjS zH#9)ft>?#8Sl*Ip%jPb<6n}du9qNW2CLVhh1b10*^@=rmC=ff@oV=sWs$=??@Hu>( zl+lBPw?DB72Xz^l7(aYGnXgD^0;E3}zU4a87ncu?`*v5GWhx5`3yP9XduE`9P6L_s z-cl3ojv|{vXOJT}>0d$xgGD7cHuzrPv-OzupDUN=4UW*D`|`#h>=@z>-GW!;&WYf#mKx86MoyLJ4iKOu0B>5Yl!NnNhc z28&l|L47%IkyV)f@8Ek!n$UwJ{O4o+Hyn(b#mwAXYMNNPx9-_g+~2OwSfCw4GdV-@i2LYd6jRE(kIRcofIvP)6D} ze5ai1cUjj8^Y^#Ao%b!}^-2yEqMUOypB|2Wj(G#%D&_QWso9f*6A>~6v#d^lDh`9% z#JR$^qLI&lz7Z630|-Y;;u86A1^JS1ZE=0DGL8QXW)>@Bt!dFP^<1m=a!D8oT|2ktFSsgQ>i7~ekJs`HB zf!g-)BHS51ee%o?V)3|vbtG(`>xRa&da8}GNsU~42lURh*;kV&d#&U1H;IBr4--;- z`+HoSEkb9o;-%8s&AY4TKHz*Ho_w|K-EgBxFV1dXVg`STnUhZ$2fL}T|HcoZ?46xp zuj$vm9#&4)rKF@p5%T6(HXZQAp`e@tZ3e;1mwN>G?V=HCH>;wc zFfSyD==wM_F@d+SvAVrK@x3b>u$^ma(8b0F7u!s2laDc>SMHB684gzmF+MsSd_88= zjvh_tG+kzVu#a+RF36G=uL>JZHjc7V@{T-iq&cl&l>EWoc9}ijSWZ`am|=~gL7hay z8hsp(oxeDyQ6j4|8kX(-tMkQnfZ%&8u1Q%jI$kQrE|PHQ*rx&4jZi zvR~R8!=J~iV6aKf5nf@JsATPtn}M^JWX0*HO+jsAPD$!*X-!F}B$C&4KdN4=z_Gtw(R5s=8FC%u>C-0pSykt{iuO; z=Pom1zCKLuLjGPs2UqNdE0<*k=GLVs!Lk+M>9AFhP~#BXsA`jO!rn7!IWLCeO(0Rd zRb6CHMaL_xCo56Y#3dpYDpua}&V(nHjvqb5epH6YU1azla;eupxC&fszWA?(XTU;$ zsz){76}$Vdb&rcURUO6-TTCX5RejA>U0+~K_q+ToU#Nz>p(B#l$Vx54m>4^o;F9j6 zWIxxtRP|^B!ZqtorNmfbo;-;c@S|A2!ei?r#<|SJ$77kq$P=!q|HYN(PeF&ZLJQl% zN34?%V*F~4Gp37-KXZn)uXMm=?jm|4eilrp!?@qe=qb+uveF)hbqgi@)kHhK}VCSL8&q(30E~WSLS>Px3F?U_k z3hvW~lDr`rDx1Qzcj9;mdcJ!N?@}5_8aQY;n+D%)oRu;9`$J-uixM$ZVX3^GH|VM) z4ys`J7}hVU+*g#8$}Cc)iZ! z)+`(#ZNqLfCl4yv-c7Ords~kNAz}{4fDnLac4w&b( zcJRvQyUlR?jy#PmM!nr0wLM+)?)j|$34CglbAu(uZJ6Y^#*$93W~JQV$;(EdPrutk zBS&j3hH?{{l4RzB;Zi6@x0*Fke^biNt4i*En#cfn&;Cy zziL|?Kl~R!Aby9uRzTSZ@tTxr+4qepvGYcqYUJNx+$5x*8RG#x!qIn5^gwetpB#PF3Q2U^2&8bMPM4od@$rZEe{1 zmYams$|Ss}zXbUkaL33uhV}jZsWhNjbwB>sKmY%p*+2z+DT*Ci(%-yeuqG(6nPznV z#|>Tc5_czQ&Nd@Ox;Vim(^B7x3+YQ9iUdJPjPa~WR;^Uk&2ba};eAEnLS#95ZQ zkE}``6Fo}kZJWtGyQ^S*BV$PX(M!3UeU?eF%T;ze>iyOpvtKDmcw$5ZvdS}u3fa;J ztR=HXW_v??zR@H#rF>(0f#~;6)1;J?O=w|cv)@iIHpgeaA1AKh>aO;;+u`H^`9kLZ zj)(+NW-p{cj0}d_5Rp&8OuUa}Cc)G$0diAW{8P7~8aEvC{e+0(7Nj2JZg3J79%1x( zN%JbJpr@9;ELtZ3uy*1kQ|J5zk!2xI_4zdjC$(la_MOCI z5W``J#WX0k$5pm zaSB)IJTd#moAwpaE^$4oPPW&6LFJRhwV)o2NNYuAY(zE7H z3-*rsg`U@%H41#S+`<@p$Ev8+L{cScLv-`Ra-^jfgg61nN@?~f{l%BWT zB-nD)1*E9I-Yxk>%1=^M-!K2#;COps_Kem9pn;t)xHv0|KqVP}%{)KEVqltt$tBrC zYF8JlqgJt@WA45sCN8uqhgT4joA|Jyu2C_*Wsu4ySQzUxrSt6OM6A*cc`bmjO%{86 z!U&^evlm_X2Uqy{qlWlF(dO$+&g|#EV*eqgOQ5yOtC@?(Km9m&8+A#on0P-Vqu&2@jhM?f|dtyi9i~|sQWnUXQis0;8qCRhA z;-?@vY_!KVt|1(SjiTgb?&(~rdr#2E$+waCEw3i4#g=3AQVX=3(wYm68KS4fhT09b z+4!Ilj2CL^zFH$pGd%4*G~_4Gn*fI(=4RFM2ugEbn;r@WvV~Xwy+s4~atbIW(-ZU2G*S*v-;(DWd2>wJd2w$h<&twl-Y>9glJ!NaJD!7!e} zY$K^xDnsKni<$rBGNBYs;(Hz$1bIdua-!{f^6kl)!Tk^$&&O!B=xksMcacaT!67l% zf%ug)cJ%e*D~eAoJsZSG$IIc*$C}a;zEwlO4#gHS1+xhv4x|6)0{DixcmAM}r1`1Z zYL!etWsLma`!raWztS_m4>wj=!?QK#e6wS#h$gWoQq4e(jV*Sv4B@LUR>Hk9a(4)I2gSE#I0w~1>s0Uf6H~W39z4s@psrY`d5yMQU;#6nRd7` z7&R-tewPzOId?1=AG!Qff*kpMaceENu)|maTg(dc&EP7OAIEUkq&er~jE{PV(nsEu z2&;N2)MISDZJM=AaXo&^17s@UawyaUGtYA0zaX$#zXwC5eo7@?iE@7DRLt`{d#Md^?y^#ilRTqpdYBY6 zL;KOJdZs0CC(xFRu*&w+M#R{~8M~L$;E*SM^nz`K5}yn^L?mHD zkOMdUKTI;N`XdZ-3EHFN7b_xS*laFWl5xqBf@3te7ef=VX-XXHBYrkhq?yjz-%D+! zpEq{G6N;&Zq!}zGlO{E5pc@_a--PF|qrj*Yw~zLCKxxymjB|hA%{NZNN|l3SLhY!D z6~krA3ZTBfmjs9ESKinLwb@%AHJ46|Y_(uzBx@av3tg7y$Jl|(80zHc)VM& zZ2`?9GH8 zr|hO-0q9A9`3EG)Y3b?GLxZ4G#EX^|!0sO&9?ong6OU_kvI2(s5FeP^i*N33P6vDW z1qzm+SG2x@!H@m5{J*)m$qWO4pdKkLH8?cr-u&$)AdZ*iYu`#4*%!xdy^Zmgf_h3JIjmMpg#QhQo`XSHmlaDuZqs8qV5# zHpKN6e{aS8JD_y~i6p;Zfslr>rsnO!K?Z~o*qyQX^ppl!0iN6Zp$ceu4dVln$D(BC zOG2Krv-9xqFi<0Ie@_Fx*G#1j6BCp6Hy6YPBz`m^hFhx`#dMKIMI>xNj z4RyJDU-TrN{N9=Decg~xt_WN!oHyCo+VzeX0RL|1Jt_-T&`o0&XE3L3O$D(lp#6k+ z`%0g??yZn2oq=LE6pgB{u~xwT@` zE4P;!uXy;SThF$E@+=Oh(*u*t&CC!`TaQ*^yMfRHpyHNzcsJyYQ{iM5JpR|$uKl(` z1nUDMBdXWz1<~BUyjm1YrV}y#KMW3pqCFp}_RZ6=^0d3f=q#=S%=(mjis+{&o(BItFKMt5Y}^&^+rTtJ4*kF5 z&MV28{N|>%j|aCzA2~V8N+DzfNruA4G&1D4YSf}}`8Uu*cb0LJIbZQF+N#uj_3q-2 za=96vW54^X_R}a!67zpo@nU|^IeFt;AxOon@;@tQ-FdJFrY_sKMwWSa+&LHK&d-LU z+VgzQmSc4al3}6A0x-mud6Q@*kpiNePw%gq(+7tSxLLSbjl5hpa07&5e5MF!wQEXk zJG~$==^6XCW0G5DY{92j-#ux0oWGO&y(wovJ4ItV9wW}|y*0{j<{+0VzQ4%%Weg(i0`EWr8)#p? zcWzePSZM1b28ZShOs}FbsR~~0C zkx}S>4VczYudl72qrAiy<%}fY^%cmex3c)G*LCY`yL}d?01q=T2mH-yx=QN2ceZ!K zGk^U%zVm4FY~$TnGg7txKuujb-5oTdU9AVy^l>|-B_-Ee>*%jB;#Km^Koe7MdQ)cLXx$i98DDn_S|Ar} z6H&x(@2`gzYz}LVHreX_HYRTyPkSLED=B$;d=VBNPD5urIWV3PR?4U&EFOwV_JI2BImC^hpAT<7HgZG>B<@a_j zG7NJ-ORKb;_S?dSf@GH`)R=dVNKq)}c|VqM*kIV|f;H3!$erluJw3v}AxWaY-=CJ2 zLh7rLp(V}yH|zALw|j;6$>Z_6V2Ug1!Af}OlL|*cK_!#Pe#1{V{BXI0025odD48); zYOkD=rSP9>_L!OT0WX$Y=*;A#i<<`mB2xdzKv{Wt0vKXORtLMcEc$=RN`Gm$dfpN> z1*2kNV^`_4=45Agt$qfLrijq~jOa10t*rr*5$C-{xW6B&A2~ky1K)}W&xq(pR{LJo zyREG;nOsU{oR`t42SEQJEF1{5<*aX|H8uODhi&?m-T;I3Hgs(~bfPglvvv497q$QG zT9^u0mDn@mf)`#~w!uDAgKn{NR;CC0Q}f9!>@(x^bsCG5VF7cqH!~xk&HIhl88tO+ zae1-J`QG;5Diyu!vp9@Pj;iXjFgDA;pV{DI)SRh=y}ChTk;IKqfG1_>-|_$y`WSMo^aUE7y%-yCAE_jGLMy;G8NS-hB4a)9e~ z#Qd0-+_z!PMGKEgjBma-3(RFF6O72o3jn9TpdkNG@HRQQ4&fopok!!|EYGBZ)K&GX zF3M#U-NWb^dfl$+e#BDx3p%Qc^NY8f7H6ot-rF;akMBQHpY#WwN}1qhDyqvLQ?Xwt zTI~&N$~NsU=2c9LL)ZBE-2tP$Mh(zZ#^L7Y@!1(GcTs-+>_7k3tg6ckZFeBy6qXGQ zi}-d{RGsmqh6%hFGI^G2+@qZ=Z(;t9>jU#S-I=ON^-JkKXPjSyV!U70J_BRE%x;4k z#xfh7P7x2Jhc=H$k-SwR-ku)d4pZm-^(E5FF5rFkl9o`7wjPC^#sH+ik7U{PZ;@rs8+;EB9bn z$QLFiNd63i?w#i;{6q2d^fU#ay;A%PhJ9hZP=h@2k3u^0AN1 zE9}eFb}kA^>94G*SDD@?zxE%NT7Nb{`OBbYPr%&Wff5JMzEOzEZGKTuRDitW11t9m)UK^oGNAF zaaYtAz1VSmaT|(B$J}t0|(X#d5$#QfTA+y zx6$q@X@s;?2^MvR3@R!zm1z=)&Oke%N`ltQba8?+f^cXucHMERCfob-i*rfZio7xo zkATS9Fr@UMsK}_n!C&vGsoT8Pf8-bzRYRk%=9tQ60Ie8cr^B#`&d!&Vlq50@7?6;j zo}PYCR`$jRRN^yr>@Ndk@faA(ZEo`YdM_s@>uc&%mE{c?w|pPG02Ln?l$gp8KK{Fd z6Ba&ZN|~P|5lHP7lCT>u;2kkwQ6@FSq}kQCJ2?T#fjs)Ev2g)0zb|M7QA5ZM%|L{K z<+3q}Sl(8WdMzhO1AHOb(+S?-#V4gHD5-t3y^Q+j{Z(E$vDh;rol#y#$9H72)9V^v zGmpc%chEOY45l$a7Y2?Vt{(JnM|Ru`bT zTpkIj!}%GA3NCLz3?7cQ@)NqpQ!}g?|Se7`qd@9${fH+O)4}xNc8@$0RBN&+>^{SY&7~ zhRKG%k+HF+wO3s@`m)UV`C_}f69pwD3?x+wn6e%>M{e{pfpGez?f@XH};t2-9Fc1D7p-QZBuzh3dW z)r95 z@NaHYX8xH%D9(Mu+ArZr88|M7(q|yq1qE!D7x;I@g@qI~N0Ga#S-jps1y3XpRH910 zJkYRIR7AvMxZj{|uITZDx^hn@-M1gf*djZUHH~Ez2_1Oze^jQ7z0~O33rU~j(5ot9 zVgt(hdIh0kA=%sLOA)Bum9X<8^lodbJW|qcT9pg!T)Z~3DVa%cF|ZI)+8W#<<*r{i zKYX90aYTs(OafrOhTMy4e%(JcQ>BG)c3DwT!s)&7^H_27HuThO>w|pkYKj|Zful9! z#p0+j(URFCnd}`F`NjLz?e__`OJP(LeV~B6g35zML7D%*_sppg((Xz0x~?~CHN_#H z+0)Mt&Ii_Mw1sz(P?2*KN_4$1yFqkx{Cj*64%yjyVK94Q&T9I_r8Dvy25V6iI`3D#iJ8(d3zXLj!`wmAkzW)OHygS7^Gb(?Yj&j_ds8_JSv3QXg& z<=zi;Xt?h8lkXXti1ZRsMu8YP;_dz#t4aBFHv3`9^;!*Hp$>>?SNpQOz9(<9v9fBl zdmQ`UazQ>5a@lO3U<2ztG;J9iY}^{7Io0rF`tCFq+wVVKTpoPm`IeQOZvS^y|5Y%H z^Mjvq8J=n{Xq4Ucul=?Fc@wJZeknarG700p`DJ7Tq{}0wr^U7d?5V!fH*`8Jp1Txo z;^Lr%wu8|c!WWuh^-@of~I`decFb<%~|d zM=aXo_Ry}XP~wZt5qs0J(o&H~LLToi5+0s=5a|p?MDV|U4bd|(u`w~xQPm7aR;x1^ z>Xjvf522=_e>mO4wNkQOXdd{!OsKl1TCTOex$AxcT71IhFU^X;OOLBP!?Kc5Wm zEpBs5B|8U^P=Nvq3(Mpb+s{QD2;{Q^J{$xceKo}gI1h`kMu>g>j8>>4|2`oyojn@& zUxemCi^=}3Dg#jGz(P1Gb?d6D8LemJ`2RoOd-#|A?qI23wQNRj;(Ro_t8MWsrQhs6 zJ&P$S&g@>_odSIKZaWva7S|#doOgEEkb}u+Xl}c2P=Z8yBguJ|n+EVPqVh3N50`o{ zPG8egl&az+O?QJpu43lH1UzJPa=gW5zlz0M#}0pA=)`Acmd!zOlTV&|pnVoZ zZz|1E=p4!L3}-X7ZWEf%#Y}7y-mFNWr1j!~-FTm|(rbDSOAo|4L!KFl}y3g#{`_&aWgmYbLV_~KWc=+D!j_`JPU#hgA%|zB&9Twy&Dk{@I461{I zgrFoPt~?%iy;pvW>w2H=r!Wl<<<`dQZS2jln1Yra0B-{ZpAOX@pK%9p?EmdV#Hemb zgo0tyHW`G5fbjHac>n5~+S7og^LYEpiSybr&{ju9w)^Xx&e6iBN@a3+qbEIV&3%F@ z!+!eCwY)HVyqwK*_M4KfD!}ersJjKmr!nePBetQuJTa5V%P8NR*xAq9Dk|O8uqINf zU2g)K&6Pt+%F0eJ&!Hf2Z>>+1-qaWad6W++-SZ$hoqt(-{Rney?z(}I~?{P_;6_@wEb5^YMl^KJCObT z8R|QXjffch@O|lVYn$r*LU9Z5-w8p4-1rX_Ud5CKAO{m`wg_hWfrKMqV= zTPqJ~fQX0C{->gXLK+35l$q&waEa=tc?k)95Uh5Dc|wz(FY_3}`he=z)OJ06pDfh6 za#{*%i~;qQab<_i+Midw2rJ#zWc0dk*?%NSQJlK8fqvMv3PGi5Zmkt0y>GfVAH_o> z+0{_-=+_fuS*383{IwN?)eEXy-a<-et+qE~N-ZqZSOEBLX zXt|QCuS-F)6-vfagxV;Q+jsUq)4$fY7FIf%CZ?n_N%)5!F2rTQI%Km^3tc%9#$76TI#^6t~agp2Rs((ScE zuCC`XnxRy-kMe)`0@`0bXcgy)Cfk()8Wru2&hWP%%#P6d09es;0_W@K;BZc+9VU8CT`(0N_*QxEwmBUMk{$6-MBe+OeFVG(d6{8St9>EufX`DD9F&_I=Vf%dNmFST zV^nCjMLMIrfpF4J4~`XVTr@NVRWjiC?V+B*F4L-GW?5--L;rIa++0zkUarYec{tnN zG)1HKk`M#y&xk<{^qoh>*FFr?9wA}%1vF=*+Wj+}zy?sYqmpn<5m ztgMWQqeev*3L-2_ZlaD0QBsj`Z0!ky;^gF16DV&bhYu70y71wF0XT3mSh1DB(Q@~z z@vI(?jZG04F@4~qs%dNEre=<-#*aRvQse#L+K<)d!O#CG2?6odE5uhe&Ak#yDd>T= zrgJt(CwSJseh+szUE6V4;k;8%KR}Rfl9g3!?C!E@@%4qG&@&D{mHYqP_Z=FYKWsUn z-XzXu`b_2IlL_aQc)T$3(e+(vX|JRB2@(>WmIVLjdYXESMm_jqK1FhV@5Kvw{SB)O5 z^z~PPa2SLvKrhzaEqI&)oT5TQp_hdjQwO6ni39`%n8znv{Ce`o^9l+Q?>UhnwagQm zbW#|UddJrujd}zm73-VY)qi4p3>-aL8-6Pm0g*JcPjb-7|KwA> zk`OnSlQ$m;AtC973S42wQ{uAnKT|>?(-Zz(C4r&eZgDBLKu~mftK(SY+1|mTv5L$= z^uL1&f~dv=_lfCU=pIM(_hcJH{t4JTnq>U??QnNBv7-t+RRBdKr%sTkq@sR&=xg38 z7Spw@+WHj&;4&ay=hZ!gc&`XcCNrSHIu|M6seT#;*Hhr`&TvBxCMAy2Tratc{l<{) zc1z(dMeh9k$Mi;<6%cJey8ay_AtPyESA%r!vFTw`^35<%8ZCFa-##oY2*ACj)nK-| zI-+MzL5S{iKLgayzUU)I(|x_-0_@jJAb|#sLw^rstaB?yS`*ead(9(GBg<4j;L8Z9 z;Z$;b$i{nclgG7+G9f8}#eyLgONsyJQbI#F}C*zc#-vUA`T16M)`T={5%x z0OWgbPc$th&HN<}@C1oNmY@GI9KG_C_c00yiiK$_|&?BxEGkj$J_92*BO? zhPoGisKTzQ?;SEYu!|76`TJ7`D>GL?%v(}s$%x|s%yyD3xIl}`n%G!$ey9h5>$EhD z0o6*oxBnLP^Fp9~e{N)PdG^or;X%L$ovPLc?<6A9dw+{6mpukh7Tqd!a%t&q5mxxb zs)`Dfqf-I~1QL24G7ND*#dl9qx4Pi_V%^o1C6s1B$$bcdADQ7{qQxa}t=xNffLip@ z=;)u_eG~|=z{%^2Abzc)WEDXgRFS-gA%-!2*ZWcn&p0XZyv;%w!Xf3dWN@mfHs^3V z->gp#T~zi0lBI?$PF7U5+hZa0k@CN5QOF*Yb|lB9r=-OtV14e|v`D|Wdp$WB_HbBE zjG1d~1oc5I%;=nC%l?c-)fFr}L=PF<+n>Tie*OA&cUYv0P}459^pAW@-5Nx_QF$4l zNALaR(5|g+J1oR@1U1FSSkEjVQCwDbKcz-HJf~|IG!3ySe&x)iprByUz?e0{`{nGj zkV{H?_b=?qGW*)PIa(EPJ)NPvJUd7EXj@#*yb=)>()FB9Yr9{pI=_a|T%|$L(3mH+ zvI58p+9(frIsE?$73SZWDq=VMaALt4AqS&?eCC?5ST)u&C>Z#^=ow#{s6g^7 z%Qr5p@gZyh4Y;L9zc2eXi(^GK4ealJiWDANU>!9kCxj4^H^_^S#)_T3q3s>N3KJs$ zzI(>lPnCy}K{K8WdD)!2va)i&xzyy?4HP6&WMX{Uyurgr$VJEn2STe+ zs|4}7yA0Qtwh>9JhYWsUOGB%ZqD!P6by`)W;x|!V^O#XJGTqjgn2+kLJHtGw6@0N zIK{vE3Wq{a$Y!t`^v-?}Sm5I>O(^{raECCw02^E3YoBaaqhT}x%I|?8bUJVtW%9TN z6!ghj*@cY0evhD@ifcd`b?b4KFb>ah$`2L*L~dxc&Ffgo3YR@Ru&=!rCirr9Mz)>| z-0-z@txF9s))~ExrY0sK+HTkKXe*);5|X%Tep_m+b3Jg9ix0PjWc$$r>k_!_gqLs2 z{x$Nxj8_AuS3%?t&F8A3dmcBl))PTlg!aar@9OA0~K7ZIp2#Ds#=Z*_nuQ#8l`8m{S<8ZefA6FQxBv4+TBS;6L7AT+J zMjhUV^o8|%lJ zE(s%>?(VLYprAVNW|(cB_6R8y0lCbk1Db}F% zUKF(_)8%+Em4~abu#gOs#nRI9@Xj7t5*1J1e^WO76Xt>u-ReY!5BPu8flC6& zd3HN*O=cR0#s_n;;l|Z|6n&tT2Oc^U=Rz10Cam+gk5mVPC78Lu?84>oXuoA&lf6;T z)JEpwzSa4Ysqy}N$NKNQU;*-Lj|Wf-C2Hk?K-AUeKPmnrO?AD_k^ z=EVi_^VoZ5@?^wj!b2=}cIYQe>wh;UeIev{r3tljyvpO`O(~1*)cHegdnat^Tkz!} zkN1s`STU#-ws>D2l&%lZf90L|Bxz)1w6?xpbaic!>7;-TaFY%WtyP z;q|`2qG>kh=^th;r+J6IWv=Olg#ken%gp8K%aJ3aaqGL8ou4|<6QVO`|7Q7{8#;uW_nWD) z$x9-A$s7e_xEAJ9Ray8MI{2?K{9N_SEzBdcKHxG`@#WpunxC%1bOOUtxSQLaUZDkG z@n>!s@1vxpg@yjQ*C+`J60De*oNj1kfJDda@=LB<7C?V0T1xrF`S|Fs`&X4R+CPhH zw+jyZG-I8wN^inn>;yZ8zH5bnf?|GIKR>CFJyZy^6$6NGPwp4{(o#EnJ1Hsh`MJ(V zACR;Hk-odLO{d54;`FqPrf9H0P7*VYynO5|4#?Gc?@uhfeaR-7;e$l**lj*}?gSJI z^{jpdVVaj$W>s`kMte7?N#=jqwjj#O_{zw{(X|r&UGF6klYodwVRrUA654w39@E1e zpu;5tgKB>nK=?dgyvpSAr0xQ|BmqG`K|w#jU8AFgFDouRy7pjir6wh%qaubn{YxAx zMx)vclvS&$0DII14OqZG;0VUR`)FipYHMX6kfRVD9u6KbAc2>4DXrP~8#D7VN-%Fs zQ7)yv80X->}zEh1*zIwt@k++G|!fiI`0 zkx@}^x3@qcNsuHq3<+6KP_VzhACe7}oRpNBlhNh-F+fPQ!Y40Z1A?>0MyH8h6ep(( zP|E_)C%{u50BNV%PDaMiWH{~qW=aw`0bGspBZq$nH4P+I4PjSTBO@Ub6ABfprIxCp z!J*hg?Ei-+#$I*2gep_Kh&b%^4EXqhIa7wOfRt(jQ}0&*k*GWly9M!i2b z0ELqdpfty%kOtkUuC}fTAs}sGM)+<(A)C=?cRmjeR52<&sIJRh?*p2dk?wnfCmVn8 zLW_PyXmR~d7O(m@=zO`y!FzXj7HY^%7_Fmla-u#VKwYNa?S1DeXyl@14^?(*3p?#J zf_ez`j)#sd<4-@U zDzJ1}y1dO{DUunLl$fPWYDzvTmGXq?KJ?bIHL~(U)gH{?HzSJ&(AC$oho$t~AHb^s z1+f>oh>Ws~%aL_>4Akc?iMZ{61zB920ed)ki{E(H=ut3{w+(;$_|yci)6QA&1+}FS&MiMUl?LefNnFNyl-%x`hdm59ftyFYLD|&r9$2P zVUVZ-LG34eoR2{49OxA5pZ9OS(-t%*gW-Gb3KF*Env|ph);QpAVz!1z6cBPdtc{#* z-racs9;1MOpCIf%D8uZ+jY7Hw(2Y&g3LrFM=ONOWAE#DE-bivq5lY9m6>PV`A+N7v zKeTvNfFv1MdaZ|V3c%ruMBN>4>dqJGKy}3#50H|QeABX#mPUE4O$drxM4mGVvr;;qUR&X5YIye6?ufhAM z>W1Yh8nz5e=0x%w4!;`@I)v9gX3H(=O!L5nRxusLL2qCY#>6Nov(;Pa@bq4+9y9Kh z@+LY2`94KmdFFs}Hq~34w{!EH5x87BdtRnw7~6n_#bI@Y5Pf+Fy2w~qS|%ha1Fvvy z^Dt!gTLJ^~jQi`l1a@#=H0XMBIPJm8Mqi4D9s@TdW-L&q*a20}S5Z+(Dnmxdnq0Rq z!O`t57i64FH7#j*`Q=t-Mtj^&ZTDiL5FA#Q5I<X>Rt3Q6#;>4)CC0COI$B;n8T!$a7C(C2D11WyhEvJx$Plk-ZV*d2d&hbz}~@a!64R zmLek%OzYGnB>Dv_%1s8pTGQ(9{%$ldvGF?iYYa#y`Z>hv>Zys?DH#^8{a=84WOjDG z;iILpoSfR_knYO)uVCr z4M|ovKq1`uG^wJ_WaRp4>{M~FsJ2#tK3P&xiItiC3(ocjuOC8G7aU~sBtxVk(0?>F z)KMlUe=1E9MjELQJSQN|41oi z7CY@JshDC1)?eX#7#&{Lzxdj0QCj-bU}M9dUc2MwI8Rkf?6ZoAiLfwSqJ*-dA|AI< zh<~>jXp}TOZg8Z_T_~MS%s}}F%pUjlMm%rMfPWkjm(ADk0an2D*gF;ue;tj-buYilk|u4MCx^uw{xNs|8+420ax9wM_~{cMw#$m!45F4YvsiyAw8 zRr@NcHjmRew9uS=Wkc9#45-;<(FR{%1u)$0TVfOWFifR-K;9iAHpB$H5~!Pw@sYLp zO4an8-5^0*9`!A4UYRYC6CUh1a9p*dlKHIqxJ>Wn`KePq+9?(#u9B*mdfVD;fh*_Q z4E@k|>JD*7%FUlQuowkIuF_Isqa2Lf_7}1cH0)}~ld78R@?f;rBX_n0G`&Jq=EX&TM596{J3y!+tJnYiT>K=buopSz{ zY`9?_o*9#S{g3#gLf%FY0_?I7HAOI%u z_@p~t4{%LH$&`j#t;)@9^EdO}ygaultX0~6C$j`W|6eskL#Rh4h8{BxIoO<{-Q;a< zP5|B%kkM`OnJVqxAF0Ubgs;N_S5@Ve9h1etQ?@(!Bp~pOFby{edNxlxOcX*!8uZ%bc zL{>CL$pEaPbXFM7P_bS@__SrnNpOVIxxzk>bye>{B!P*vg9 z_CahKDM3VOkP?takS^&Gq`Re4Km{oQ>F$#5ZYdGz?vn0q_?P$I?`QTf&M?Qb&pvy< z?^^3AErkE4;n-KFM{=lnY@cE5h6BmszRffrhl10m3~4bc_m@Am2^ZWzx>$IT0Pc>G3-O~_=EaVE8$fd z?#YviEiQFew!6wyeR!p^sBrS|NgC|nUw=P&^B)puwM$i&KGxT<-u}7N_dR*HuMgI} zl9B-+ox`&XtwKy}TrlAl>(BN`scU%^cJ|*B#8u_>c8OE;ha*&<8N=7}|F`Hv)qi97 z-P3!Ob|UxM0XOudXhYoP3tB<|D}884h_#K4gN+SdElP^M%c!rZ$UzeMM2gOX9hoyN z;q%Os9HV=-)LSMmu9fWUtsJhl)`LFc#64O1-}Smieujk7pO9=d?kjRz^6vy!%tjEW z&c$lgoz=b7k7D*RF7CU}|2K%iyg_Ohvgh)hK^FH)toWf)WYkg7c3{Yu$j;3`nHiUR zeQR4FN+=V10xJlI`0>&7sF@1A*8YB5sdQnU-}0MV>c)6Uh`k}hjj;z&91eeXr(y=d z5qWuMWs)MY@(z@65FAQ@vb-}^6Y(bNB>Zvx7Vn?}w?8oL^hAT{qWK_`xBHN71|8e) za5ZFdK^Ub$vyzg5ts;PKbND+#j9$cVW3wil-kh#Knb7tAq1b>fEmM^jig`+0$+` znkpnSwf9cXkoa{4E&<=1sB)H+Q6FOYe*b3c%}i}0)U$Uyy-rUXt){2y404TQ78Vww z7`23iMR4%(56=E2+iBFEKoRbKeR($0-H7n)HcaBM-aJllownfp|Ai?7j0oS7w|7uc zQG%dEf447%*FqA%J;-_Ucy6!d;hf@^BpVZGr#s3A^^ zs>(RT_Lb{(;?ay68Qz}0J85fk&-mp2T20R-oXE}EpsXbPHmeDxk~QenLEzmBO@_QG!z|kN-C??|1ljhCEeQj>?AZb;6P^ zUp$9}g}l5M)+0iS_hfT*a%gkbuP#pVlr&mhPbv$wcu08kjSI1hFgalVU(sUMsCO%l zZHZ|#E)EK^lu;-D6ZI-Efq9tX<@4vvJX1}5#t|Fq(sld!MC_nPh-A3QF+j=0Txx1+{<$h}!g}!?rayAKI=f)1@lP`{Pdhp+lf;wRZ@e*j zGle|zUw#ohL0h*Ts7?#X$?2S^Ncffw{?SSfI9_z6@MVQ^``hqF!`kVc$$KL;%UfHQ zYW@!&a^0l*O5duzfWfj#!R)4qx|+~{UI*1>Wogd(7>hJ887yb}-?d}XQ2*NT@4Bu9 zQqZL1X1E=M%d`o6yJT*2YjYUc}!xr4JdVPOm2 zjBH(;Y=6%~Ij7sxBQ8%)w!du-?$_g#d(D1C=AZC9(YRA=^MIa#yh=-aJv`A>liWd@ z(Zln_3)&*D%uMB8HB$d{tZ@a6iN`X&tFP`$P?I1$h1Q*f-TGt2-rE0nWjU4UJ3LB# z%zN=MnfG{i@3X~a=;57*stAi3!CNWW3M)3`h&f3sVf8ljy3ig1ziHMBGh^c>Y$zs7 zinZDKG<2<8L@lW44L(#)1-(b==HwD7T;-Er#7<$WQ#~ceMu^8gIz?QfmzSvIQJM~? zWfvu5GL8$fEA4AdwX07SU-Uhi)0ytnx9L^eClN|Te-S!3(;@#*hu}ZgvbB*=zVPC8 zAA>8CcV-}0H$JU4(#x9LB4J;tPWiDJX0q)i-?(dTC&YO~FcV~;az!3&_O}=XKV7(^ z4CvRlDyoUwPlNGs=15j|q9S6N4NHNC{;Isp+2;0EIRu+TGnq)_9@Oi> zP|tu#VwGa71Bl(Q(JYD*KM}Q^8nGD(=9jdW~ioJc?Eh-b-_k9lPQ6=+=y1KfQkm5mt z73)Wo70+JnpIv@WZfZi@9F~>s+fYVG5dX+FF*Dj>w)mPF8Y(*viNT->l+7MO_6drO zjoEYJ@z5e+lnI`idLpe90o_s2e9H>`dsgix{!5$`U-RgY=gn_GfdzsYPG@IiahGL8(`F|f6mC*3$g)TH%y#Wt>4-(TSF@^o2b#lS3d8~jT$Y~ zyz5EBFz9}|N7Zi#t3z^==UkKL;bEB#r2?3azkU00Y!@p`0pWVsvZ1B_9 zvWkjzHb-2BUng7cA$>xMehh81s&DFOp_WFi%N<0fwEfw9#}R_u*u6v2KcG>gk`Ms| z7OQEj%{g)G6Fw|hUt#(OI0RrgCA2T#HyUc72xnjnQ*rUE82M$dfS&6W$hSV$u?!5p zql<)#8Cen3B6bgmi+@{ruLbf{YrNWYk(#B<;K#7r)TM-J zU_hSF#ksA$4aRN&GQxk>-cA`5l-3?dG8=0-b33@>;Na+JZ%+S6(O^G<>k1FOHz6LHhz=~-5$NErq+U(mz7239!qHTBCF*8>y*MU&PS zJ-nL^@2hRjV6xE4oU5UN%{SvQ_f_fRYTwQ$BqT(U#YGSp4Eeb=i^n06#)6B23Q9S6np;5UA+2x%HjgNwN z)ZW3F(@oDTF7A>OdQ?}pm<$|8N5>NlW=Z}zv8xdv2ub~Ui!H!@{_-)fArgVw85R}y zXmzL3Y!=BL4Q+wO9B<=qaSKhSxD$GSQl~_=)LU`)qlIw{zAK)e?dXUJ)+Fbvg|jrD z6PPsY#qZk~I&-qnyqs@4peitHaCpkDx#>rzY+!920_z$~M4*@=q}MO~9i1USvB=kE zT|LFudyR#Sz@+R?VnXV=;~L z;hN4`N?BP^TcpA1+^!?BUY8vcN-#PGT1AD?vHFi@nwktVHOxQl)iPm3^>;5V=JDI^ zJP5t}U<2?X*j{m(_0%clj+W6HD=RDG;o|1xnr)6Xf;ohPanvnB5?^uZeB;cClj=~jfBpFMh9(W)w?g#$(=k|+~uCDh|8k6Bd|D)qN zpY6A;ubcAlQE+lnaE`YOF3vT#uwpIMCnwL16_c%*nEbm}--5n|ifRRzdA2LvTBU{-D0=eQVd)v*pUh%(4d{@QG*I{9$Hrzq ztRvX{{mtO%-XpFIQlZ+_wT$NfHIuyefS`yes25f~d)2gLlScOQB}JFZ>HXY!vfW#F zUwrN-$al{(tsXw|!B|+w{R+&($SRMO9TmnzT@wILVRm~I7RE@!@bJMy?b3JEoZ~Cf zNn@^azN+>u2VZJ?MGGNN4`yI@-=Ri^MfILta&l1rbL9Q;V|U?<#TDZTX=LMvZPZN7 z&fmWwL>f%~HI&+Ve*Y2ky=gTpP2_X__COVO+r;?j?=Z6iJrCj;8CmJiauan&!h93y zquzWXAPBS$P-Yr};^E=LGJpU5=+z(b|2DqkwgaP_oUuW}KiHE=!1Zr0@2Ya~PD!KB zvxF5RD~LEK$RDP-r9^9EzykA#jH3^ax;zk*jgbDkvO=!2^{jyADq4Ugya#=@zvxr$e-Z~`}<3nv%P@iw^tMy zMMc^tK^7kIoP{}*B4PP?`Wn@CSW$sYUW!EGICwalV-?k@bx!~;(U%&q9 z8{NBi7iQ}~1JwVKk&&;l5sRK1YX9!r!~w~6?~r};v56@)l*9{ZIE^l>u!ohr2rW?$9AV zcwCGOE((IhI8y__+UfUazAl6mA{9>qA>mlsKtUXX=kn zOh9ziLR85UQ@<=gV+#_vL&L)U(U&JDCSqb^QI=rr}c|mykjc4XTb`(7I^!nh0o;HHZ^3sWy z_v75bBW!F^GBN}}BU^LL$fChdsTyn!_V+6+$01M+34weM{of$AuaOTH1fW8rpn!Df zwcYN?)jjvh;$n&kWm(xGgM)UP=4iVQ1R&<6CL;?=NFc_X(^614IPBDehWL*_F`Z_K z-R}42XJ==XH)lk-ALoAxwYEE^(85q%_U%U$Y+Gr~)>xw_=eaKgyVxk(IelM8I%in&FrI z*ju8z=eN8PKA8pVzzk|7=FJNkW7s*I2g|j*RVS@mI+~i>Bpt!l9Pz-|UZkDetUlo7 ztJ12sLqhOO&C;t@32jPjQQ~o%@;Y@zhzX-xAaY}(k_20c2Vg!)(HA*gXudnWDcO^p*Voy95JVYSq z(I_$J?4Mq=RUTI$_uQUSmP`VWvj8;P;&yyQb+*xPwp~0ai1;p2f6Ftg z7xW_O1cZe7YD=bumN1(Dy$Imq8Jv|L!*TF$oVQU&tkfMhOUS4RyHxT3;pP0eF9daE zL>Iop_RNZueb9>Zmt_GCs@6n@x6_E z{jp;tpXVv#^J@ixOR7ywZ-E%*Vei|r%4+@(R3Z60)$Hy|%WHdNg~Icbokpu!_m9ZP zmwglVS|AY{>6omAtgF-FG|)v^>d@<}shI+K909cK1Ri^}FMSWZy}h53%mgPfVf8-$ zjeK+Yv1`I*EHZzRY4|SDWOMTy9}Hq35$+|uh9`9aWe>h3=_h>tYod}-^f&9dxUD|a zpl_I+0ncj#Bk3FK#X|K{!Pdn+X;`GQRVXtvYaMqeVo$alXZhSt5ePNe!hcH_RNQd< zqh7EynS3jaiFt>Tb-!7gNjmAZceY9x<=boPE16be&i#V}$nCY*nd|dg$4#wI&gcK{ zVDu9I4VI=WF;v-M8ktvhCIKPEeo(^Q3S=AlO_(J7jgWVFUCZ&9giBhn5Wz33WYJUS zt;$78C$t%H4}ECLWB14R$*7pKXC3`|MRxj51c^zJ6IBn*_i^ycmrM7MknaJ|BA~7= zdM>hec6rayQg1CHcN80Re$ZvT9M6TBSAWaJ&lO|@|9kUq#eQp_S~|W47J-WbY%bk* z(Xd~r{sC>)e5gSy3G}9_>0u~x7Xd=Evb?iaB1pJI0|u-S zLOU|z?BdLSL@Yzzac7cm*nqHjB_ccmA4qf=WIqM{mXfNfft!R-t=}e+EC1E$ya`JO z;u$M>)sG_Cq4MW!TobKBo2z~bWabtotg!&O14t>*rQL>&NBCLXi zM)T}7N|jGpUq7#U+9*En>leiK>J_j1LV92mDhdh;8qFVL_TcHK+E*3Fkk=YZL+FOM zCRiy3ChtAZzPY)dpKopQ+sH2pXh*FLdQU(_W1Eqi8=h!JpO&3rzxkKu-(~qicQ^Pk zH=d-=S1&e)grRLR=raGwCiyADPPVTCe`x+k>xPoF|miAu^0RMt#wzn5w9ht-M+rjUMT(76FJ*H`~ zT|NY6zrpL*GfwUR$eBtkM)Q1_OaA&R`hBg#^hEiFnlbTRKcRKsM}3Q;max1x3YJ);3}D z7-tlGov`}oAHN3VzZxSk$6OBHo#%{D&HIXm|2svNy1hN{N^fV5nk$V!cbsFRr@Pza z=-lF`!MRkb`)vfd=Rdv6E3lww$8dIa*5Tb@e(Uz$LYN{0@LmKaG48lcy($4E=(PGb zWV03N#H#zQqcxwB6t!M@2efJ0p57;-^K}LK=&GC`ncnlgTP+hcdk&bQh9G+>>=i|T z*Movare8k#iLaku5H_y_Wf;5V3~jd)=B)#Wc7JEPT!AUAj$?lBP0Bb~jMU5&1IvUc zyf(Npd6vA&HYjOq%&PyhyO~S;2G_iGq}L#U(JSi!ULUlUd;ECfMf1twEFUm}F~-od zU`7G=y)X&@>=d`W59=?u`)_eLQGM80SEHuPA*EBRQ(eVskAA+}aCu0B9=vfff92Zz zPO?>Vw!IyX$Ua&ozG=VxC8y(d9a~_hbb3lk^WY$|WT9GlP26$e|0c@(&(iPGKi{PF(Igx1fj{H=Oy%Iv91qk1{jxsiu|YYsi6*<8YP`U1oW3t1@$*jV<&u<_j8{ zxY!syxyn!&M#OhK#3fi_6*2!#L(_~*pPS?NZYCprXjKyo04yDG2Lwow5Zhs3g~z>p z)21I;|M5U#b9`(>F9JZ6r6q}5g_!-df(nZIkr5G(NMAl`#(N=mzY9_Qo?+w+=iwc7 z8QNnZf7ClbvTpt5Mjm>K$pm~nFaYRS93CA7%MIy!S%6NQ85ueDNZqqzk%EdscP%7MMABZmbh;IB%1>%eyZrC#c`IRqJwi`Qn*;1~ zOZTFFK~#KWo7e2ean;qFk)VO|i>;YZj55h@&)N|>$G}9j$0M3p<-x|Etit%3@E11$ z2uEXx7u3|?pA$M_wUDq2nLMxT?W6FxJ_(%`>Q_=iRZJMzu3LQS=B{kG{0s#JNKxV8 z_YpV`0nvb%Y|TTuO=`?=v!}s69T6n2)W*2WCxOr1#B&iI9{v>-E2wwu-DMo9<}2l~ zg2r#D+_)8Mn+~JC|0VhD34_=}dG%T~TfnSa?Q7Q(9^T(UNq>+%?Oy#_Ct9CWBx^v? z6cil1b^*D1e8=0}gR@^tHa9g6XKke&J$fCJ!A~g4yhJ7TZHNTlL(N?-D$Gi(S^XZKhir39t9Is*(kZg(T6ZUZ4i$RbprdtF$Uh@^4kHEN zLz-59$e3e8DAq$3b%;YbJy zinkd3OI`WX#LYi4AGN0kNfSjHIxzk)TWVOQltow^L4ji#CJ8YD2M4F< zcHH!lrEER++EpVp&O^KoiGiIP+huwfOId>3n$xwpoX)33V=8<5K!AyTi$^#-%uUSHG7 z${L>y_dA6vjfdW>ogeYNctOMGah;cv@<}?2&*{TW^Op;k^K+2JMvH9T&bCr-YzUlW z)PATKw~gK~g{@M8lm0jid-c?xZwgf{Kx3LHBy}xS*kyywJz67ShhbQKGT?vg)w|z4 zkGz}z5znn%k1oYE0(9PU-GS=ZEn{QIgvG7C{_`#5|FBFM*+Ctan@BQMX+Asb;aSGO zX52=@+1{y8n|zuKPp-|$K6iCB{|OXASpmo+~u?mIB7s$|rgVXZ>U769#Ly0z2V_dDbd){X~;tUgn; zyp4)lIA13ul#Ha;DlvC<*GvS1rfsWPMHLk=_#@%AISnpd;c9M>_7)J1Qn0=NPO$xP!TyPqLsK0S%Nvy>=%ZTaBs)1if5&rR>y zxUDK5EKW*1u2rYK26G%+c8RcdsCX8BZTn;~5kzE~>l$C+i35FJ|OyRU{ z-zuIJNos0Jx?V0la6k-=^lv4XYf*pwDxyk|2e1+PLsg&>{4FNKn%9BJl}esX_t|Ak zx8cdwC_H-nGFn=8>lvvzIq7-t|NhCCFLEJyXN6J(9N^##OXp?z3&_8_=)ZS{0$ z+R;SI&D{`?R=wYPGtRwJMH$K#)JsXu|Lkyv4hNTJAYe?kS+i%Rb|t}RXX}v1^+dYY zJ#njNRI`{Yc_84BR*cH)>HSaNH!nIu2?oTTeeyiG`Y@xKi--1r`h|D>@BGR+)dXdVP$pO8S~XTCuMn zHg^5nVcGJf!?FB0y>DI}w!UPp@;E0e`;gCEvcm}OBVt@)+y@9KyE9{Asw;b+HOi&k z!+1QAW+WrWHf9}r)#5W}_@z3s%VpQl(lR9@9}Phb5x}7lG=n8=De37$m0Ems#81z~ zXNI%G;#z7VBIWhvldHYG*+wky+<6!8U}kH@&ceRJwczLIy+QYcLq$km(d!3Kf4`in zlarpF-p8KUoQ3&>eiK8T*B@kU$rKfp5q^^_w6xf{qkVnf)eFCTA&b0^?!xFtfq=~_ z!~M#{|n${4sv65&F8hYc)jluBDX3I-~xV2{7>1 z^Omxx=Z8!$RyMY>tauj}+h_|Y|C_B!xh3xWpnlPUO&EX1oIlW8(OB&F;2#5(0L5*~By3w>(!i^MBt079I_HWCzAfvXWy+lcFq5NzqUV zd7tglXVeJl0iJDE7OP{^v(N~N!@PgB<;4D#XmA_$=yk)u zwZn@SX}S;I`Y{?k{+Yl)^?L$~?5c=ICnd$XS^$sApmhAE_9Kzx#aS@6^4AYX5h_H~ zX>7BDWvt$G8}9&7Nu9Zg4Se!4wD#kl=;cz|lkEiB9^qE4@+M(cU47dJ!6ba4qDkQZ zsxjHEGSPiJShi2mfJPfY_J)Fn|D!|sQrCogQmjOU{Afzbn|sKcEiOLx10mcWo=)DG z|Fdt9y$L%>;Iq>Kh+aD|b`rSURoRwrArQZ=L(AQVdmXKAy4Z^@pAbDFdW44P8yJZE zaQzH{@M-Ce=EaxPy11~>7b4L5I?9NAEAe%+jda}0Tnn~%c7ff-%J?ZT0AykN`ALoK4@h!%S3Q|7xU$0l4 zq7r_4%bJ^=J$^E2nfO7N8e#mn+^)A^i;v-5bX?pQ-_5(TglHC6`e-KC!Gj%ibS~Ov z#C>ar5Zt{N3xUBN$H5AY9HhQXvWcygT>pF;%GH5`<)`Pfv9VV7Sd~s0X0!Wk0c`nN z9raEy_EM%(ciCu1Yv|&n@b#zrLP=hJ7MeOZ`REaNz7_wu^ET@P%d#JJ|ZKFlz$ zG4o@q#;qQUY#lJTiGTeO`#@+A0!(;aP=900U7|2E4@A+c+Z?ppe-iQa_y2}SC7Qpi zZd_QpdMYXY2qB z8bV+0VXXD1Rm*J8)aRxe+=n4|jow9tFv^O@)j94YDb>k<$)J(8wCY|GU((qD#_Lb7 zIXRu%g1biYHM+Hb?Yo#0iIuj53Z=|?+BNPZ>|A-3VQRF!BVDh2c!zqH#BTZXzw#>m zVt)$@fmNgQlPXTyMH4grh~g^)KC)y(*iSVK#cq5|F=q3NNgcmU#&?ZdV}>RM5s|T> zCr2CWXmL|K^=jolW_~`SOST)g{g zQ+F+=tKe^!yVuj~g_b_Gl^0o$%7kU3xd7Crx)dD zE_L`_r$P7k+Ia40>=BU+F(0iHck9pC4`ti%z6 z5%N)QzoDjR1F3R!nNVSFS8rE&Nk!!FW0*W{uvt!2IFo&8{`E&pt6De4C(1GSDX%Qf zRczR!^EI;NoXFVlsjgHojyrut*DSj=DbK|%}#OUaL zVW3?7tDP3sBNHPhVkI>KSj7G_r8u7~yVFM(it;ri+k8ATeeiFD^cfSDF3>Qw$Ac4;#rB4Lh z@@A{`YQKC*OQ`1+SBj8VBZOyORz7(2C=8eH%I$ne9MKejj|982rsfO?Lc!+j<;&;S2Sx}_F#FKdObiU< z*&gs0rV{nNhxoPd7~8uB_dj%t=_fOeYxi#`X}%8+`h?p{ywiz#RODGE6A{loET8ls zyp}P^!+VGl5s(NO>-Th#92@iv-R6a~q{St0NVT8S&lVgI%uEiLPPKOSKIOZO&`-~@ zCKGvnpV@HA>zyrrBA=@of0Jo3N6eh-MPxBgLq=4gs`K)pALF~2^71lAD>bR}miZ5Z zM%|CsxdlS?Rt#Xo3q#$Ln-h|-&Oc(3U1E}pSIQAWv5g-(i{|C=U)&#H_9K3DLX9O< z6M=pkIxrTa-g>)hNaJ-?{68)L0#ROeXwYP9?kXW4dMeyXzQ)1v#PXnm7<{~4j+kM4 zJA~BmGQ}Cx+qZQ7RP90kin-&x_j-34u=WSHf96#m{OP9u-SwN0h)516V{k)4Qc@u- z?B%^&a85`*`P2|^I65@I<@9$9HjOasN5F8Xy4&?hLVHY%KHB;l|-ox5hHEpKRe zO}$IJQweUd&7Xxqx*w9qW>Gf#~U(xI@vvr`-f=uSVCyZ3|B0-8qcs&k_IFS#~|V^v_=>zRH155#^%Gx9q8&2L~^A7TFJ^V*k{=Va5I4sED{9P*AlsC-$ zh+Z>8IET45)pMBQ%zBvc5lgAe^XCRb@=8jfASdaYCwtG!lRQqF(QO#zRF# zlnlAtLHP;wJNFxBB1aIONYV@;^C|gwqz^>e+Z#!Eu!$dIov#Th8;U>?iS9EvJh)?J zwZmsB6{qqbp2^w2vUl#pN{g!9BQrd_Z_VD+bRAwN%}~%HdTwHDCxDY!@p8Ze$4|)R z{8SDqq^H5`ER_V{VsoF*Bc`f&ZtpaMuV9zx)%o<~sNaJ<14UCkJ+hcQ9aF<)jwX{; zCatXzW%dA63~t+Va)fs8&czm|T!ym_6qeI9XLA4-@=M64G6q}z$jHB%Y(NHf1lR@* z$}8kT79|3R1NHfN@d+AkcQKkNA9p?k*bG7;pRZok{@UG*kKcqknKa}_TG}L(-ElrX zxp8sv?cbG0*o=BK+>V$*{YeMp1?em^W7Ak@O{%KUNnXk;2ns6WKEJF{rk)B(Y%fhiNI%|FXhs{0BpA5)2A@!E=x_0oh_5p;C_AWmh;`;|MzmYI+b+%;r7;KYpd5j&?UpNQ&MzHOqSNx zmbl$G9Lq&tLTcO-Zg)~19y)Sz4l>^Qk`ip6md6AH9DryLvp4wsT0;5sHtF>WhLQiUTw(uP^*agZ`1fOZ0cS`u}>l7 zY$6MLHVX~p=99@`9y63TQK^z5&h$c!6x9{ayD0)*eA=Or>65uP`K(dpkHAbp+WUaX zz8vcBE8O}fACV?z`EHx79HfStT2sHl$YZz}{pYZ(kUaTWVW<5@G(c-V=X(?qHr^Bl&=bW=%3 zCnftkGB}>f7{&~;VMuhkZng(*D1dP<0^AFMDP}3CVUf1P7{qb&u1#o0nT;>{S56sT zlF${Y9r{m~D!Zqustn;_yJFvWxDfwsZ~ngJ$1o7`wQRog2I;d+BB>A!dFmVWVJ?og zXY`dRJmq36nu2nk5+{nY8K0{JpXsjABG;iO*X5xi_zTkls)^HWGe4+RvYk96jSbqg znVQX!4q`(4#9u?`dzr5P-wD@ubmWJsm}2bdQ5h5nPYL>Zo3&fB^11|I${58MkBl(h zSVbjdE<;liTiP6X5zF_0>2h#?p>rFwiqSDfU?3fsTe^VIb z3ky4&N=WFud5!QCBQMZslpC9{`0nsrX8Nmo#m_)-+@5Dhr;FPE--_vb0WwaJnh*O3 z_LCcaoKMOc$S%k0bJE_(e-*&o-ixYB}_9KVf^QGD;gOxfyQXT4Ux1Gd@{P zkq~FAsy`q_0<#(tY)jX&aOsSF0X%+3-oGeMEu4*!2XiE$+|d z7s8nt_NW6R6!wLf&UmqnDpN}Ly~hW)BktWXl`V?sS8F=xdiI<0?A@eVFV-){4>xkj zkvMPgi;7TGo^9(Yl||xjZqf5e>gT%(WaMqawzQuX^>8NImxXlh+kIb};&){ORMaCx z9lt5Vf9vacP)M=HHUHLT#bxE!LAe#e{Q*~C_0t`AnMFDZhiK>HHo~P!knZ7g2YPk-<@-IXpa^loh*2LUv1gu5x6xDRMsXs@K{Y>=F@(!!0A%)3M^9QhoxB3^OsamCi>U zAoN8>s8;Vs!G3OC85JJ>gwuwak$rU1bq*|@BEtXfv*gS(Q#}Nil zo6TxcM_>QjN0iwEN7`B8Nfl+~>k1=BWo1gl+(O0+N=nLw1D2RSbIHjVB!c@kwqOz7 zsb7+v9g~%{;v3=)E%biH@%pR^G;;_9;N#_6vmQe~`ae5^7kMI|M`V0F08nqpu_39T z*6Idn1{LSwQfF8PY{Gym3jZ@IA?EgY#l{v{xreD)QzLTUst2B^FUU=5xI5|6A4umD zh9YYG9V7Di5lkxWaW57>zKW|YNW^1ya5}Su+|_Guj?|bq~uj z@bh)uXLTHm`Qw&Jw%Y^Mn3#P@>0W-y=%y0uHuno>?E4i3zM5eBnA}1rnyDJUr)S9w z!d2+{lV?QpTkqxVTXIgxo_9X|A~wHdaZC4515Y6-yWqrn!``^raSEBA~Le(q>>lNmDtO@zr<#XKdOKH z$cx|?747KinuJvNoEk13p1dDLML?+QYeptwGbiLSkKVnC>%iKI#rv0PQ?g%DH}#&8 zaVLcA>a+n317k5qMH!4XqgKlUBb) z1j5zTNBIsNY&2{B-#_@K#fF9vx_c5fOQXps$_}d+_cf6Tvib?KA|Y~E@y@FYXfg|E zDk^9KXKuH_i%9Q!V-=;leWYftmGX&5m|Gl_@cyhtrrQ|7Ubo2Kj5}C#gvGV3@`PJ! z%T=8rj_vR9lY*D`5x<2N&flu*%e$-3^VLAVq>XF>)k*yY29}?Y4tFv_{hQ)Q;{DV@ z#s*xu>M{dd>CTYzvGkcYmq!d`Wk zi$x|{pt@HIH_q|!=Q}8%hH$+)e}y9~lgKku>u445lvgNbN?J-vN;;8;etq)dWJkwu z?-3=uCQSRQr{~I;u#w*23e@6b!X2*exQFj6BT`APd+6>uUw^eXBB8jA#3PB;T;vUp zc}kiWQK~pWiumrcM_iMU1!#|hQ3syEfk3Q}8%tRzm}@B5StvZL&n|uYg&zm28LLW& z+jqJWg_oWBnIey@!qgK%;WF_a>apjQtIt6xplS-Nz0d2o ztEg`kqp|&WFDEMoPT%mm3g5bIVi7n#vV~Rc+FALs@w0tW7+deJ8Q2Qd1#_M+K*`}Mo>$pz79@EO&fx#M#s zT%RAk_~V(;6}k9f?8hfpJs||5bmb2ks+$UMQsU#oLqaU|21Qq~#4HM0`;1woLI?Z% z=UsgEiN$#4QE{6nt z%*-`E>Wi3Gj*roKg`_Y5fI2!NzTTZjMl``BSoprG4XB889suo-7UM*Wlkh#eXg^O8 zj5~#B^OW{lSns!#`$p1|T5V!Fr{#M|4Jjr5$dximBQcBqH2g>A)gKp!Q72v4#!5g| zNQ@NMjec|Z@=#Dr`Z%g)LJeEI`&Vo0_^?G)QX{P&xn0zsZ-*GoZ#u>OU`RzBm!F?z zw!@^IenZV-Yb#eC9u)y5HVZE4sbce!*hpaXQucS8E^NDbrYET zAP|s5gRy-HR7sWu&8(E{HFncKU>bjl{v4u=NO@Q~-hj$2?veR#GAlRfD!pB$&u*a#lLjVNsd*d{0np_u_KuJz>6xpkS#L-=v&g z$I;p(BQ5DA=x~6_-%8>ERBWBI0~=fRf~z|SZCz8B^*_!j1_kdMyd>!FAmT3%o;ZqX zf|-rL=NT#rN-&)-8aD?+yn7u;?rH7O>boRB6_0&o&y3J+-{e%t>_#BS-L5ZB`>*o8 zp+fhRoAqySf*c=T{0C*F8;V^7BI>#!Ge3 zVtW`01Teg$vl`uxNNIWMlAk3tYkz;mN=Ki67oBjE#keSXes4C45!|-I9lHQT*mJLQ zS%iiC?Y1b6a2gm|@qLt%k<2Y95Wo}yHCILBbnyx&D1t>#4Yu3Byoq>E+v*A8?0nyXYv@h=A@w%WN5WoJ}tM#WCjI+S00|Hi}AOwhw z&D6x?Xxjq%-G7bboBmI2x^ELPiQt=~ zl_uEX;NkooG&KdbKQszV= zQ-amS!J8NjY3bu-dUe=>$fsVgvE7w)a(Y;uqLYkpa&p$Wg~!f^FZbC-UU#7@icwxZ z^aU-gqN1Y9(fZcP4xf2+;SaS2_p6%y6|fv-VJU?kU5`lRYTwqufsI|p+Iny7Wm*-9 z>*4A=N7EXN0_&FO-ZKTCEH>U;fv#s`vN(AaPzXVoOE3>WdFUsU>gVV8-?@Nu;aj)~ zU%7)FepB5UieYyw8p1aqu-jFU^3m zt&jFPwEBh=SPJy~Ix@SNYPd>jXt-{ZQ~}{5NXWJ7?%#j#fPsO*($o~FtowV94_h!4 z#CZ6OoJQt4KH4*Z6m7zASZOszgO_kwOzD}3E;wgz-&oc^bZQ54 zZZp5&fWY8@Bf`~#gPd{+34tDaWy8COXDnn_O*7L|uckpx3{Za8M8FM)Gac1MSLNHl zKyN!2oj2EAo-2BwoaJ>yLhsc7bTL} zkzZ1~B*$4`V?6Vtb)A6Q-&xLVqE4b-4GXG3w`UR zzOL>Y)XJ%(HKfcC{xpA83l6&MFR>a5VxR>6t1L%NK^08g`RCW%wCel!VEYDxs0}3P z9MIfx7PIEf~tOM+7`ept^ z-j6OJC;Si3Fvuyn*8h-XflFSMIf?N;hW`ZgR5TEU`-FDU^r^4!S|KBGDt zWQ{ee$>O|~5ZgT$9<~wH6cTAEeIO&kzRP9Vi z_>&QdA$H)s9ZU#-asTVjpTDo@09<8ZIcUCeC1STc-ap2x(GwBjLd-$iwbFalHmyqC zC$}?oHk%*E?qu~!kv2jC4e|~gY#nDy42Z;YbxZ4)br%!bQWO zL=C(1$qgUI9NY0X2dtTzG%sGbI$^M~z04RLUefmv7njJ(&){|bkfhQCg*4CZWMOoH zki3Gey)B5oL^0EU{9q#GDNB_0IGlTm&_2)OoYDX=_V`>ad)@VKb^k0qOuDgehT2q$#o423mMFz z;X~P;FtMFi>^&C>|1%{iX* zjJFLB{8m#^D$n~y`1q-&nuK3q(CaFz9jgoU4<7@d1wX!N$jX8GIypCYWo-*muhf;~ zVxkFdUQtmova|1QO;#Uxci^7utd})hnFj>;U)S3|3i!ohvX29XwU&1aNF)0C zl-q2e{AKd#|kEhNxM~(IJ{%J#z6`;gwaNr%a3w%zohz89DzsnSXD{s zAFa}JYIN>oXLGC|iPg{yhJOTiv6|yoUxZJMjCipo*Ren?nVFN5Lif)|bFa5{E;EyEuGCcp zKJK4?J6A@2K2}KtG2W9mu%Gt#zh9d7DI#D#=nMkq`4qP;K#33t_+9RoXV5br9^(M% zGaf#k;=>yI{p5;@&*7}M<$%HUtlO3e2z?gb0kc@bxai@b^&~NoWk`5H0bT1NptKOIadR(fUuB|5KPbDMuYmp3((D15U~{SWZDV62 z3}yARHzTr!jy`KU-o1M_jyu2YfRKo&qRJfvitI7nFac{12!H{UCx9Pks`@16BQX$} zX#>EGcm4O`j16F{_6d1ip&>ptElf|(Q;m|Fk z9W@oR%sW&mQ1_Ey^7c+0xvGoJ9kiFFKJ`aV9m0n|8-GX|_n; zD%I`IeobBjPg`qnQs!$~42=)_SL$xs2~`3ET1QcMEUub6e7|6EuyW?+=O;gm0y=n^hV4JQ zs16KzcFvrz3qJCCFZ}hssfEL~IfU4OAMT%&$J+bwf+k&u59|G8>7g3Z!W3RF^alR0 zv8iPA;k+fq`chN`ciQE{!5JH^o-5|jpTBli4gN2zxGzD{6z#SQbGmJR`D$fpqMvSh zbF&3}6Hsu0ZsHHv>>2{$`k1wOAp(-q?jYhWoUC8 zf-1d^pTqY^Lbx?uQU$!1Y09}|3EAGna}K&SA>RgG2;5FGy}^4Z$?%+kMT@rpuEYEQ zdk!mgY04);nGW24Eha@UFNd7W>1meV0&{vZag-my9=O}Nl z-u|B!;1tLr2*i!cWvL%hWHFQ~dQgHZJa#5u`~^o$U!JZyI`LfgRE_k$%AgdQ+qO!ED|=v!fFUCi3mduRJ8&CSj5705kY2_V4Po35|d zTWsw)IXRgQhL1i~Y>ph)^RH_rC)ZpH&?yoTFC+v7>mDgQaqifT5BE@^ZScMKa{$8I zdO54I`G%F#UF{y~N7R^kQQG0?FdbEH!7RP>5gw;fC1^)5dk}~k3H<0ja%5zi?n_eB zKtd1_63HhCwKX5by-|`(tMxoaLO^DAwZ-;5yihmzzrwjjt;WB76=g{jS-7_7I7ni? z@jP68Yk8i%W;!)D zI#FQz2rt_@`&r--7CQ+kS1a9`bj3@2U>Vjqq25*20v*TBmBcu!01e+)+hi(on0e1n zjUf;yqNBF6fmv#3pY*CMEjO)ZOI0$Tj+tZ*52~?%UJ=IXmfTj#i3h!0CzP^It|m-&><{Qn)eG-I>+b;Q2MFno|)Gpo)JYeLnu>&I(%&(MSbt}#npZ6!^{S~hvis4Dgx?p zl>P4B6=ev;g+M6R!_m7K1Tg^3MMD8-&kiR{YYMch&=Jr{gYUs&b`Te)^GvsP65vWe zARt_F(Pq_J7=%*z&t6ZIRp){IAB%|nq3oA0Wzn&d=mCP$1&WCxiP;~%yZ(e}34_6_ zW@}a@&k0@2GQRuSYBTpR1=+O~meVoMoymh2G+y%de|}L(zE>H^LTB2L)hd~O7LWLd zE$TCVm4bVd;&;ylWY16Lw~!D4p+Sq6uOcFvg3-dGF5jBngR}BEMpOVh{oXbSBb&+e znW}H~9-IFnLvs+seRE4oDiu?(D0J_DQ)&Du+A{(*x!MJBXdX#O1gcBt;XORVvh==H zGW2`>dboeMdBwf8Wxwr9D( zA*#cQ`ciYuA|jV8%k^-BCKB*e>;*U-5(>KBXVM~!*C)pezdk=85pHzEGiPB-Kg+(jZMsjoZAB>5{HJSEO<6jRZNJeLjLsF5^GKkj%8vQy9@hgI#23) z3;3?w^}!dV{yrrpCI&)-5TMc0!aa>~9_%0gNaJ@RE?n-qL3Esa@bnpte$L{L4kJ-D z`Uf?UZk}y>fer)mNo*=+_XyO~t120w|x+B8A_wHW{}2q#uP8KNb2e3+#Fz*mhG@Tio0gR|vr%Ql#AMB=1e{jRrhmCdd1wE6`a^MseO2ymCCcH= zYnvnhIJ|=>DdA+BQ05)T)qbjzk(=<;K@1B9kTCO?Gb1C;y9d7$=KXKeI*N=4@0Fr2 z@H}-NNs5TB?+8H=^nT8%;AK-Z4$VDNn*n5mo}nQ=DG}65mu>4@n>7=tIa@BWKJGNTBK@9Rux&dxuGv9$ay$|2v4`gFhAfxkf6W=9HYo(T{iKOsfd`n0!3q|O3K2L7sU zETbS33wZtg@_qiQy87UtP}jw(sJM`reR!;CNVaiLIZs(x%a2JJDx+@F1oS~)2WMb) zN6V%E_gGJl&R$oaBG2NTR?XYYy}yeL3ut#aHa3B8^(XkR3$CC0 zta0sgx_d6dTyysLVhbw^ad*4B)I#K_hp7vS=$M#VnE8P$Mi`I~N{ma|q39^J%q&It zn3(u6@nq@2XR2MSf8^Y4{g1JOoZ7~^OjHZ*4~r>ZkcM`1D8}R!9OPH-)0R+v#%eMY zrO+mXyOJQ$rDkSkQR{IM(PHp3>ZcIIUIPC)ePyNTTJk*PXpz*(ILU zI`)wA%oBnfWMuxxF}76)BM>06GkDUrbSE%b>y|OUEx0->2Y)A(7R~2{q6z^!x1`cT z_eG`=fm@BQn|BdrmOMF;P?}Xa@76f(d%OYA!@R8OD5x-V)R-p(ctO3`F(J{8Zmg`N z(q!(f--ThnkWi%|n_|AXR$QbL<#C@zT3vjavpRE4}7QS zGHE%-Be=2SYi5i(<)4}`r=i;qR<@HLr%(1vp|L>|+221r?-6vcB!vj&Px(bZ(`}|s zg%c_hk(8_G_j(yW^i3Htsr9*5*ZU(n>RN?9cC?oow42ZSMpbsws64XoEL9A%y(2ga^{L0(;XyMsmL!mJ(`AUSovj)@l&D}!eA)9pg74+> z%1NEwW&YD&&PJ*%zg+46Y*#sBJc9J)HxPUc>0#$I3=DfSaeKe}vpZislz^m+XU*Ox zdj~pIUMcfb#$nV8)A%}5OWfLNHP;H0h7AXYQa+C{%gW>u*_|4we&8-Y^aIHP&{2Ip zukJqoF8vf4*%wBsh!>Dak!S5~CE)z&!=;qCIC3NyQgT|9e=!}{&xiY8%DRKootf1QS{n=Q2srdfN8JnkxX<4ig!x8p-byq8fjk^>FO&WeXXcIC=w5lU zPlLbMW0b+4U_(Ovm6O3^zHua@l0iW5=pJgV`{~7_l-gPfk=s6eDS(JQ=t_A_YiJ_{ zx_f^~NxVocg^b;al9J5d2*iK6$$vLi2IhKalOd>ETN_V?iJ$#%_d33Hk-B!x#OANk z(#ReYmsI@6SYK3BRa*@vSi#p9$z;S%gmF#%_Ogr|;(M|?JGr-P%#DrBjY}NQ1HrEZ zz6F02)H?{OMzPx(JI{r%wC&%44ks=5N){4up3SP|6urQCsjW?l(IcKR63F*wF21+i z#yGikpDDq+992hMX@E>%s=8pw$oss|X-IObb8uwjm~3sRz}s5|b}k_yI97HMFjwQ1 zqNPyj85;-FtH4oB>yGSq7TrSDYjC)L$5Q1@T-cj9HS^4^^-!cpu|{^pjLQ3hA$>G*_-wz+)gz#jsJIQ>FmsG+E73iZ^o!wYxGKIz6sTZ^|-TlcK>MNkU_10bVH!J zEDaPJr66{9Ph5oUm~9M?He6ln&G?G_q?SM=U7BL*Dbg3CQ#Is31 zQ@M7Xu8rW!8krQ==%9##tt9W?i8<1GJhI-!c2bKNQQzPG4(2Y1dOgYGMVAH$F3X zvw&{eM_5?M{g^7eV|#xroIap`J@$3H(@tYkWAj$`^{B)aqlWhDZ$)_Ywk-A%Qc_Z~ zvKWXLY0AsL^p7`Yrj>?<290#esSs}&*y>w-9Ni;u_I&dXQfgxbx}_CsK1m0p;}y=n zJl5CkvE%RjJ@kS?8;PFfZN%!Xz$b_9apeCP$&lscdIYPh|8Vjc1m$@iirFU#`=ON~ z-~D8(Y?w^-r&*yccj4lo9fgL526n$cz;Ou@r8c?0TEKS{ZZ&ssvNnMs`+lr(F^hCr zG7is=qyq3?-vqFgIOq6_6Kar4*A1oLlK_}-&k<)pG+aZ^b~k{AimLH9PVaUD6oKhu z{~|S*Cukqh1p=Fyq;~?KPIx2p)0v0P&R7Q(9MY~ezmV=Dw)jlBpYtDRN&?)EjcwrF zl{q!Fp%A_Aew^kzy+0igJXl!RoY|M)ft;6_+1@UViinPmW!9>W{_mxkK5mkdSeZ-2 z0@E%NU0|~BJg6_$a z*xh^32Qan?OIbuP;u2qEU6&EJe7t=?jr601BA(l)2Wh>Oj#4i>@nF#_cB)6Z6&_;g zP+Z)yws^;?&{n;kUae?Cq#uEg`^u28s}62Q2tIV~WKzDa+BujTGNeMsi8w5i7QZi$mW+m(E!j?|5w)88P1b8l1$d-cnE}d`fRF%kchO#&g&YxPcHOWR_pRIkgn%bhY>d?>(hbX@1L-U z{py)DDL+NuLE)bjhtSRTo}T3%7IUc|Y>g7nxVTDwc-hC`;cI41x*p`!k`BIB)PP*;{Um%5U_EC9L`T7%iUMKp|2u#_#fRX z+o5hL2L}gtR8+(ZCnv75CJd^DJV~*=gZ1uD9wMQD*Y+b2vHt5@8>=ZVPW}aMBUIZ=?aqO#&LCXOi@!`wv3VubiYy5FbwzD6e{FonPhY7<+e2mRl^> zOx^CEHv-(#E9C3Ff2qXB^JhqzVbYMj(=Z5QJ{h^QZZ!>a`ej)1y9j!2ah~{5^!yn) zK8mZ65ca%UDf>(TWZ&b7p=Zd6LO(`LbgJ)NM8{~ttu2miy7XQh@&ro?*49kTMaJ^E zYXud$nE;v2>^q!%NY-E===<}Iah7nZFG*O~WrcH&d79hK&YUb^w)zI!w_)Dog%aod z#1KUA@NnIa(T0u|t$a*iS|}-B^q%^E*YpuX&qA1Dc?8Zp|5J>^?M7NJ2mrpBK6)24 z+`JCfDCgGx0L{?*_PXlBO}vBY?UIehF_qqNXVRxx)PqhMy1?0+)5oQe6NqP~qR45L zd6-8;!$oQ=2*hV)`=xm=jV`@+a12I0*=~s)8|kT0n5!+snLU4Cc`5(B>e(j>*eb#3 z0yNo)t+~^i$g#pIfKgnXx2@;qG9o_aC(dTFE!LME(uviJeSoI|@r_jEj;0PPSe%*% znmjI$f?Cks$jd!Cl6yAC4rkGE$UYoensWtBLafufPYrr{y(-(HY6{q!CjWS!Pe$$u zq=JC~0^c&y()YFpU2RCNNbld(17`2|gDMb5a(E}&7;#gzm(BeLL)F;EjZpnA;-oJlu=X4hVC*|GgKd?dt zu!sXw4^q@tdt+$c1X};Ri}6_BbAHa-cBal-VNcazb0t`vBLmtM*_fX(?g|(qKA!pY zy*uO}{C4ChBTy7=S{UN?a+B6WO2Oj$?mf-0K_|?;U~;4xnn>dv8H6F;}ms zsVP9ME&VY1ez=#kf;>RBvtb~4I#u9#0Z1%U1z>hNy18js7>GGswzafEUB}SmyFFAk z2Q5b%t*XG}wPWuauj`G^K{;`WiNat-yN(5`{nsqAtd0)g!M>ydyw6;@Gnln*Ks35@ zy;}-hk;qbKSaJ*+O|6{xsDAJoj>bD{fSYg3db-;3ax`{hqkKI2tq7CL=^i^9mxK~0 z3kwgs-~*L{Z{NOwGwbmqEu8#A(Q^KFXu`8|fO3QVl`OsGSgx~!Ls@b0Q@pP*PNJfE z;_&5-s_N`-I}R80>^A^l3XUtgIoa%mxfwQP1I#0Z1Z(8vdT>za>FGnhp|wr_U2}3e zcXb8j>0jARTiehUd$*%`;k49uDk==@RMqfW7hn(^A01EWk@>^oACzPH#^`BK3s^pf zSmzc%JHScI1X2omdXP`Jc8}YEtf!>Hqa&-J;P&WGOLmr)HVfxbcx3uxbVbC+u&_bJ z-e4@me~{Z~y_zpnSj#Z3;1J@|WKn%}-aPgJqw= zOKW9i$Hv$=FF9FRT?rQ-KcVSsO!RjgTm1pI-`v8$o*-b>xH|pWMHi@3;ju1J@8IHs zE#&D5f`RY^Qe51Sga9CEZ>bL5H2o=aLBqtni>i|w^; z9JD3(R=)sE!(4tXSy3?_u}Vs0F0@%cf%{!<%bgD|Em?2!m$`)w;1+tH=acG!ux| znqPi~g$dTefW7{Jy%lqo?5Bf+k3_J^*tdq-zN7a#ws7~Sm=+|spCkx6XIAHaQ_{Vq zESE5P{1(rAH2!?L!lcmnO!_wP;Na5b78OB9&kRfWol^!Eg@Pn6^&;~bi(dk<;OaO# z%yuw+T{N*($o_mcq}2H&XUzJ;!J3ca9gHtc*3*^ONeodsbsj#+W^NkKby1iBCE&Jo zHgUMpwSwjv&3ldtyR@ZR!SL8v)I$Oh@6KKR)s=D15pocx zc&@BRa{f6i)ylGU?jR(;9btSp$%QOd1kPjPPQE8knYczWJPmJ*Me^Ib+yBL478I6ER{wzsq58^xoOU?FaM&yizb{XNZQ_o1VetiY6_7$K=iGL zKaTneILJN*@BMwEr(ZFJ+)t)!4Of5pq5{_ut|jQ>YPGKQY+>H--~S0Asm6JRgXi&e zyrAdVUIV19q^GC~qX4;VXfe%UTYNC8_|@qs^yrg84XdxC zI1WP65?{&!mpp=lS&8tcJo-T@hL6WCGyrM|iHUZF-_y|oTl?SGB4*_6TQsbUj0{^# zQyzn1GZhYp2JO8MSIKEz;1ET5|WV)VjxkTfKd;dC_62$Cobs)h1FCE z&-}!q0{JI;nido)s0-&NMm(FPy{#xk2zVe$MW=L?4w&H~Ny3-l!N?5QgL3M^trAw4 zuURoE;fIQI3r2;K?&t)4AP^&kyi629c?J2j0Siv95;slt^N>A<$5qXQ2)%aJIWi%4 zA`gkcx3)RgQS7U z1`J-?S#_NjC8>Q{r7J&2x_^UoIHg*1yH4uM19>gH4aRio$Z9& zZR?fnT~&<7TO68q3lPEHO20jcTN z7pLTF90BfBiv5gaPCL|T(UWiAyy3Q)7WBGmKK0qf!^dZM-Wem84)fjJ*~rAi#3qj~ zi$5bK&#erGpnY%{HH%scKF+S*8)X%3`KNeL;96T>R=IwttgMj9GzX*-MA%JN+6nQq zhe@WGn}g?(KO~7&32$Fk5RO*QZUr4qPqv|03Oul9kFm0_;O=iTO--r;A%0+TjoWc= zM~7-RpL(>6r_}`{2TuHVx+~&&5q-&(0lF2CdJK1WPj$IBON+oPwgbb_<&@Xu=C3d6 zsbO*oWEMbrc}&ImZ~a^psi>)b_ipj()u+mY=S|JTP~x<^+$Fm+bo3^YDAVjY{XF)=)Tv~@kLzyF z7ab$|9&+qNvi%ou*T<1x8nfot*A_V1adCZVz8f#Y6K@`#8Boq0pod^QnyMYd@>aCs zNo=|CTQz5n8KcXK5%G=!yH2BB_Lkt$FvumP1E#@_bwKoYL_w zYpza1H+!rJL+;v75$2Y^Y&j)XoNMCjf6&W%TJn&=5*7JtUi(HK5YEMk$_d z#mr}Re#@pG82FCM--V@?@@1U3?k~C*nt#Hv36Fnw-AU?wMEb#>|1&dQm-+za7P>Wb zLctt;mz`|FShCVU!hhpY>d+q=`kBIkcgDHd-+cRC;YerP$-r@@;Vp>NtTQ)wzH)lV ztTCY4v_)2{rj5uiqdO6~f5o#Ka1$Wz>rGpP-LH*e#{H@EPgBORpl; z|B2gK=Z>ad^x{%+Q2ny_Fo4QHt~sIXjknUohw1>GyS`QM6<}QHuerUS<)*gkSIqi9 zEx?Np-SlXw)N4j_sEHO+>H1FJW{{MSst5zu#Z#kIotP>$FaoQb^}Ij6sKiG>VPt=! zZT6p-pBneeKSX)*PclV$-@ds`P5xD6?en6RTJJ$_zU&yu191xW)N9cKMIVv>b%Z8- z{)v90OA@^74^0_IOwPUbf|XQRRU-_-6ilRby7}jROo3{9Z_)UI?!WJ8{%YpkYjaSj zN~ub@WQ8keo=}ZWNfi{S_9O{uKc`NnRwKS!l(!6hfGbcXO>u`b%{Z&@SRU8=vokwV z4$eU`nvmk2Z~>aC%qOZTdY3LEjXQm@yi8>b?=ct{!5bJrH6zM#&~izWYuhcF7I$2|>w zbZ$zWsUuqX{3XhjS*CrLWRn~bRz4-pIg+8Cll6y@&K>?l+rzkjH2$$cGsH&>Z(XoF z|Hx8GUVogS-!QHIZb-Yf-~O(YFOD`IZ$A*6PJ~U(P9jkx4UsgT8=E^=(6gEaBktdfunoKFLLC{c9D%N8o`Z zQLNwK-B>?5wVi8jc?ndP;gM00jdF5w zJmzLAZxrf_p5dtqIrLV44bONlvNK*tdD%sPB04QpGio!=xa|WNA8kz@f=7>#5R$<} zWqSL{=CU7O_}O14)q&R>POv_^R@RrHN8~gafiKP8?X6cJzd#wxV+h=9hWWPisd&`K z%bED4*R+nM;Hd0YY@w{`k(o70n>$>0P>cDnqArO=%9tAIfN}W`0O4X9TPBL+I;1Jz)G zwO*$GR`wy#-&hibezG2(-VLNe7d-nuJeH;sQ}^Bu0C8SA`B1Cv2K+#p!?;gOM?~tN zk!m>uU>QiLi05+;=|*8}cpo^pw2Pyd=v_feG5wS~oxmRTp>n`DXO?;LI~0v-c^iZ6X6V0) zn`qT3OLZm!?^`p&9(Qq20Y;A}SY<~UKYjhN7OzV)f6uqhsfFSFg~_8Nt)&-9$G#di zVm@~yfTCKxxVS_rm}tsG;LyI#>%o0u!C|$=D@cabXKkJis2W)wpl^SRvWW3yB%8q3 zueH7NS>r!6!hZPQ=Xlc6h`JR9%jPE~yb3aW6>P75y(!(Z+F(SH+W(Yq_jl(@pm-Lr1zU2eALACUU&+YK$BmKd;h|8W)1$f{kdc(`@4#?dK4Zw(@|9Y8Pp#8G3;a6! zgVCp3MT*o7AGW{m-dA8>cugL>U2(LgVPZOkD;871>$*$-GpxUqLcap3R< zc>!3Q*+ihrMZ9oTpU5HTqv`NoJz;trbQjUz-ycz6jE>zXZaPIpN*CyCa~6H_u{hd( zRKo=2Ql;794PzOdJzYVjf8eEff3J(dUm?DLh*h=O{{-Ro&LE+DT#+p-Vlv0CR#UiK zaMwh4Crq7!&j7imR+B;dz6>>cr@ELA2GtLW zzQnov=#R@z3Bl5&M6O!Rg~4usGShIHH12vr8q@EZQ!Dwn(@>eh@XBx_H?O%qFV^(# z_^cS$gZS0y<>elc+au&dy~bvlJk7FwL+7+Knkr{25xXlhB~duw$vZmA#igbKOf*y> zhL9A0@#02T^`_iwdn0;$99!g^5rD^~rOwx}y0;T`1-ZqX${Cw88N1xw}aU0h_^`AU}Qv20Kz)8$E(b7wJ8 zM@NTnPfcyD*X~YT$P?j+pE2r6O8Fxe;ghtX#6l(jtkTFk{65IweWky>p^JyF>2b6k zxVN_lI`Uy_&6C|J&3B5Bx}#BQ!R67M8B=64yzXeTDlv5QOB@x8RPg=HbOpqZgm*-Y zCoemVVOA`(PVC>mpTFx8Y$JHS+oD#Wg@uV(v)k~6_I2!E^It&yKN%${AbQ~ctI1#F zvN7mnwJ$BrdZuvQLqo&WHAXc@Ue1b5Z~i~}q4YAF#oyG%CMH*x17Ge_T2Im5+P18| z#xKarlb#=-o zxT*X5`^fhmR9}aDwzC^O>c~+mfKD*EX>UCISEK8WLT*R#Yz`|3Y{OsaX$dpM=8F}@ z#q3kbn8dthlSf3>lV=XkDW;KX$>ylz+&v}y@;)~nCNtQ2bkt8u{b;>|VN@iJjHajO zxORXwaQ~ORNb;SR{b~f2g_>K2YB@u!{FEQ-aO&~2f+F*tcXr*UWT?9>)&3H)Jy{l2 zDS>69`C-hGrA8WUqSSb3DQifx*lPX6+O#iT*y%4X$b8nqS6!N!a1l&!UDocWPYF)N?R~t__<-JdjqvD>R>UVeb^mO&e&s0hfJTmrX zH~yPC1zLRe(>mv!vxQ4r@c(V~5eBy&$r22)XiryAJFUwWa9hq!AFI&Nv_L~}WaI){ z5E=qc;Awcqjk&JZ;;=W#tU7>0Mr0qP-R<1bj`!o|)#v8%ctDCx8EqCz*1 zFL-pkX_&TiuVbL3%+4-8Tpb)O(5`{_zycEX2po2&)@}vii-Ha#jq9#Hdi*$@?yTIF ztG`8$;%*$Zy1Tn`ySqiaZ?{1&xH7|^grlsT2MZ8y)Uq)c(>xCLrK()E4MaM&?BjT> z;{|pjr*_JlxctS2j$(!~pf)|3WMDBhHfC3VkTjc#!tm~2U zL7!bq3JVV)(gzirto(TNyln1Izqv(H-dUZ9dR2|*fY=R7)XyA zZ7{PPWeu9cWqz!2-_;`^c;z`lV`8q_bAs+WY<)-ZDavmYp0!HKDCYQQeqd>>zPjQV z%aDr~wD$K<{^NGM!*Nzg3BG!E;^4ZQt0C%Jx9ROEubX}Mm4|JrlZ4=e$bR zL+4`Jv@4xAr*7+C?0bW8JL7fI`pKeO%}q|9+IWiEx6+Pn z4{QG!mpPA${nNRv?R6LH+qJbdDDUyxLV%<9?&@Pu3a#q%E(jn<>oAQTEWP)3php%z^|I!ryl5PE|LL)nj6I zYl^Opjk{)OU94sb%~wy}gm(<*xFqS+T&^WM#;6tC)Y!tE?docc_i{f6?}Z)7s~~l z-*21kRQjPUKG8&wjaQ#^%F0pjva#8n?cw&|<9Bs+zE0qGI^OsRiP+m&Ss1%oOGot1 zs!f->HBB!IpiK!v+9B==ZJ6jSA04SYQ&>B`fOn-4<#+41nwzSEI-|#jkRs!IPj}UX z?eI_`iC+dy#$xJZ@@BL}tIQ-=$jxa6XVYM1Y3YgZhu^SkT~C%kj%rX)(B@#t6m=*Q zHzDR1Y%(J%b>Dl~WW42e#wRebxf$1Etv&6O3v zu6oRpgGO1#;uyfg23FhKB1ai7o!NRHWcSk@L+-fK?WrhuW0R6@n@;C2$vkFmg>M4j zp%(TeAtuHm6MWAnlz>xcG18}917nYp&m5*Hoi+S+B9FZNKIPy#_!j?A({D!H0kkG`$+k>_pc{nkmDk%|#DQWGR zq{+1*{T>?g#(FM@_t&-fq>!dws0q+|AWV4htHkh}Wrn*^Usu%lZcYXIOo!9QVb(gp769dFqel&lKzH6R8!H zrxV**_cb8P9lgpKft9E2OHttFT|@~N)eAsr&F@v?JPQ$TkC5LG3gH< z&KPVNH-{^Nu2m*@<_eF_O(Cj;i?~O&pmw%ayp6C=2{y8<&*dQm zwP+q}ar|?F^rexCI1gKYH=By=VbUnpx;n$(D$WA+5tHYQdQeN4^NHN#1jklX*i_k= zMalmDeHZ3R_p^W>5t2>Q3{2&Q3sqfFq#(eKyE&jryP%C`Oi+W!4kJ+!drz<87sRaWQLe zZ|@*SGJAfVX*uYQ;b;pXi*f17vk_^ZCd$yQ{BX3UFD6~I(lh6^>f0O{?EYHR>*i!Q zZ!9!UPq%xY9^ZTJcOp)qQ`3##zSb7G6Cz3K$P!j^4*UfxV)g&kXo z2E2YMXq0I*X>y1h%d(w(&wE63p4VLXHN>1B_TVr`(!#Gc?K(DNTeIIf!I7bMTWHbT z{v(0k#reX@OGoGB%VzJJ!viOAf7ZTf!QIFxT@AN`rH%vv7og;7qzo{s7dp20|LUgd z20&rW>Fl}X7_(SA3-Gm(!KP=v9XryUTyxc#gN(}0IJwdj2PtuUk_FIAl3wE+t|CqG zZ{{5nMaMn&sWM(Cu1%+HT6WEnvA$Py zl#~1L;lnAJ5I+9(eZ2wBnuE68=r)YqO4IVL{_kKfh~}S}Ow{$(G55Y{{%R;kHZ;7> zF)_d(CS7&1ZQ2(jiw1H6fZxofsQGrZ0h8Rs%r|-!4-?;vJ`gT(OTJWK)x-% zwt}VDmf5>4Ye+YgOz59`Kv39YkK!^dHMLaNC1*^7O8m5ic)*E(uFIbHi+$-b)9sy1uL z6bzi3%dg+rUO30s@Iw0>fDDU(T3ttWg|6E^su0!DNhEk+E?&nJub6<}XUP0dL3 zWbR}eBqbra+`?e-`|<@}434J0Q}lw@-3}*fk0_r)PKJy!gbeoe_QrCWvsb-+C;=NM zGPvvgz60F^#fEsL41v*~{O z@u6gX6fu$EN+$paKc^P zsz|}(vjUN8GZsneukeI?9bQMH%uq;#$U~ING;IN8knuv95Iz+g$2u@ZpCl3$85bvx z_BA+Ic3<%dMpSVzCq?Am78H@_WY^xt%o?uOnoChEo(M8Co%0 z>v&Q#Y4#v9sm_yMZkfJLq&JPoIxH;uiX9d?i!S;i0sA$IqG-cb_8=KP?!Gmt!|BOC zLO)}+hS!H?Mpr_Ef=E1Oocz8UN`;gsd{Utc#u-eLRdYYH^^;xW2JftRTS&K|`*JQ~ zOc2aMKXoemf6f>P_d$O^ypU(0E2~~Vg#tNT`0ixhB^7wy_vw5ub*B9P;Uau`WN~5+DYo0lK z2KT$^HYHBEaojyOM)p-FKYsjxqta?$!sXVjuzLBL4Xx2ij?GLJxv=ARoPzanGqIQ$`(8{D|?rrro7W#h%XnJ2^|HdNcvp8#4 zI(Bk``&(tanB-b9+PI|2bIoVbJ>DDQIaD5?ARR5}RC(=vU0V^$ZY{Yn+S4K-5ksW* z@1OyPOTX`MdN4YW{|7%QB~uKyFD!~d?dX{G*R`7aMU7wIS(@hc+m)DP0DEF$6f3S{ zySgj`8Na^JWp8Vsh~QAqbfYvvCVYZ)Vw^|@&S&Q<%Vf!dY(Ir79uu8BEx)8xwgXlzh>U zv17v@-+%*cRiOI2cjGmuB4_(w$Z^CDsAh$5c!6*Cs5l{2~$rN=brSA0^$`_H5|3Do7Iv+YfUw zFV7Of5q7NbZBBAyBOnA)q_Czg`PgOU(cn1k4!>x-CJAiTJKlT0pxR8rDRdobt#jUf zBILZ)t|ZJts|j4&!;e|{%L%pFfwG7o90TlD^J%W`n`}=ObPNply@oF$XY)d0?dkF) zF58oQCR^i5DUzp~F4ihRt?>akUl9m2bnN25@`94zb?*_GZ~go)cDV+U9u9kI1{Cff z7iuDblok=Vb*wtY4tNbfubEJ_Y-HO~f6ck#r$uFo^{o1|cH z4~HY6!;Mb@kI#A3Yia{sakfj?-#9vQ9@ZybP~y~B=hjER+ui>9r=;!TX32RwpM-yF zuK_tGhNys1+kW%Ylz`(_=71SYSI4d@H?$_z#iRj2$M3RGc^5DyE<591Yx6!(0e{|k zVZlmxvOVEBUw;EdiQPKW+E>Yx7(u5=>^V>Ie?5jGp^qhom)s_}>AwxK9;7P{LxBbw zBcL=yRXWLTj50xoX|Xk?bJRy3idtaY`So#d^3>~MKPnl2Y7?7G33@$MU33A@t; zl#}vk6P5pSB|=Vdd75(%GS)*CWGMYS4o9N84Q!?gji(}+?!$G^rcQH4Z5kBXiQp7# zSVwH{;Wqk3JQQnJ)Aej%oE&A+gv8r_=W%_p&iD$R%RgqdVo&8fqaQMi>1vKwsENj| z-}~B(pNn~Yk|f$}@`rPAN3Hi;4-D$ma4Qd`DYjkD23l+* zex|`ub-(dkP1kK;ow_HM%X@1s)FGz4#X$XVlZ9k74>u#f-{;!f`~2K=dD*yH&Kg>o zIjT3{%?KqG0>e%Gc=Bh!d2PhDH8+1N9tkrg;h{8M+r#ySqzThg-POTf4aP_i;2c}3 z+0KK(OeIPY-inW&FSjsydFC00B>Rk1|jxk(Tgg|{=tNQT)^evtxix>UF|UwJCdbYCU`SEl&{3S3)N}N%;K2Srfb&C z$1E?UX+@BN}2`!rD^lU;jnPu4ec zV8QIny7v2?xwa;8I=#t>PDc6k>C>ePJN#MK+qygryKLSQSk|s8Ez%nF{-fKNyg}Zn zT&-1`dw1fk>v7!FSLbyy!lRX5uMKa?E~9Si%L0BKhaRRf<`4U6YQh(eE!ZNrl@>i0 zsihsScWv#hO2)_ErAx=O7)&Hq{=~6AXx>k56ccMdi}?Cl>8U`%Yaa8?;W5Z*y|_%; zsolMa%+tUXJ94`g=$d0>U~&?97KI!|l`0#Rk1c$*S2lOOw^Fz~rYjQSdXwaR0^(Vh zEo?5YdOIcPu$3F%dWlpR1YKq*ua`mRQ#lw9fE-mr#kZ<%m&7P7$_Rv*X-Pg%?2G=%cWjL{i^~LAh%Y}B3olm0M67x$2(Q{y1Pjt}t*Y4KPj$Kpc3zXHPa_9y zPA}JvQoQ?YnR)9Zc7*;>!8cj_wm_x$weKdTS=ix-&*sRd=PuMq$nWHi0_~-DPi?zx zbPIZ}i14RRV(Rm+{i+Rrq1`XK`_jO0vASCRJKKP^o#~nIT>7Ot( zRE=;?5K}=n9wM-xXqsn3>**?yfS{vveJV)b)l8u@Pbio&(ZSqQSH02?=iq8EO2_NE z=L?zk)jV~mP~A})OWpOtkCxlOMOD8wICZ$Y+)ALy$XV_8UXn9=o{y|^*shIKDF7l7 z5+1l7CL#N79A6aFUBye%D8&As761p2nE2u>ys!GSq3zH{n-$vHrPkq2{0Wv%L#W+F zMAKzwoHex%WmMAL&L85p1Ox>oxHjct3tyD0?aumr|6d-+hYPf#K1(a_lRM~ifg3{^ zefSE($6F449DQ5kiIcq4SZ%ITOH0u2T}?O@`4$vJ?Wa{6@3q`%JepzNxbZBy(wf2j zWn+iR*4qssvLAMKc0Apc`%Sl=gE=nbn+7|_<nyrQk&t) zqxDSREf3aF@-ssTHkPK`t1`Y#R?7`#$EFwK5+W*KasTlDX!;7Ms=DXxLzi@Sm()v1 zNM2Hq?hXM31ZimyX+^rbySr2AE@_aI?hugw_V=xi#adhzmwom}YeP_f3qSx##{f?oauGa@tB0d z97%nn`MbEJU>tx2P@Yi`94R8@^rB$%U;~i-ZNF`WS!bV@FCfe5Pqu#tY|B?N-hwcM zf!<|S;+2+w}5pZA*Ju*Y|0y zS8G3b5tl-7>6aQmsGt@X7dsXmeLu=lvY)r_E1GPu5_GN3Yjv|V9C`FRdFc)8rp0L}htBIt`Lls0G|St7ECgI+4#Zv zJ_F#f|K$SSAyZReha{}#UA#PRsvF*-iB16qg13(y-mqoeglVB5OkFz=-EF=e5#P}#Y{ z_SgtCOS=m<{JTP|xlpcBU8shD-!1kHc zca}K0jp!aItcaneJtER`%fzHxRqtMSK~z43FIF4*lFw_;?>{)#)Vz2)yFXA&G;B^g zzO=D^HP|}5YViZ`>o_`r3}ODeT=K?|&La~Qk;gvXag|0!y<4T+$>o|Zeb@oOYDHX5 zsS5?(FV$F2Q+M*7wB04#!Hs=W^x9c#i1K(i(lMbBUSG}tykT|^j{-aC7du?0oimMV z^?^|!v&AKT-w6y&)n0?a?r4YE>LIy(vh(KSM=t&IW!{7Nit4plFY~n_FSiqO@eh1t z^W}F}E8D~Hx`L4x!Y-#0pmpy)AL0JV_xLySl`%%F2e;EDNkNJ(pbX*7l^lz2L!-?D zC8)od|6cuV{QxR)Yv~U_oB|fMq{1c*r+1Ee!Z_C!4(QYMPy` z#P3I@uLo$z&y@nZPX1i7k%9oZIM1$h8C_$@hNDPDJ!z-4g8Qfkw;dkGurM^LvZap? zW4pEs)qjfiN=KJNUzZ*=ahj|Ba+%kt#r0&N^y7O&Ln$dAE7>1mxpH4+>1p#6=j}0$ zo2EPUG~*IKth7Z}Jx6TbUu^d(95ZTC(a4>AM$SFedEG?z!h0*unz!No9}u5*JY5^C zcwX*J7n*>eK+AF)jm(R0UUFKM3C1-QC@>xTwi%zrT!#_)=O@HZnf$Wqy`R zF9+J|!Z^9uUbMjUAZjKsFW@l#~Z$97n>Rnx& zZuH^oK`89)sbh_0T6kjze3#jGEb~i0#C?~dGJIJ@AE*BM+y`Sea#WS(tAKF>G-;OJ>eIoGV{isC`>u+;482#bE?JUY#m0=s)^LlN_9S38Ps*&9Ff29c269elUZt= zZ+W+=_vIR7q`htqX#>+ly{xu}sHwdUP2lU%EduBW%vm5wM%LFCu8B#~9QK89(o?h| zTd5V?*v50a=HJ{bdoEFmAyv6I?q%HLrSKbE43Ep^p8dMJ0K=}{c9IoOa~QgeH=(iS z)bCb!QOm!Z^S&yH2k+>)bG{DOc?OWu-IW{RdO&%1o{PPz*y&QOb0Su|yJ`s7BDAz* zrt2o(70n&+Ru}_PY492(xt=aJBmXx3a@LmUlLU|3YP92br?gM-x`9!}(*;irz8p%^ zV9+2wld{`=hFog0$ z;8*y$)&{IM*3$xI2L0?-Lkv51bs8yy5dx!wfU3RSHgVzoU$3=}&Kn{2odLC6D&I?P zfF(~CPZx2&0l~KvYP0)BTRZad?^xy|IQ9tHi=LQ#6W_lJ0CBKR5d&hh+{||^U8jFE zLToZL702hPCS18f3u9*YD3r~Vqu-!g@L4=M@!VV=bAH8!C3#?5}sZGS7QCm>*PF{P+z4?y0}Nch}A zgla5nN-zLEHzi=C9-EnoW&TD?L^LxuBP}D>XdTOEI*}C@7W-zCV)0G2?yC1uJis9C zFAo~G#47^>`K-n?8Vt@J9@-L34Au4Z)ipJB)zz14EZJ0QJ2uB!g?(CFq0(o(MV|1whPEiTP}|2U55 z#)^8~eESwwd|gUUtHJaYhsS)Y$Q_&hKUrz%hx@QXtC6&NXSsdw6ciN|N35K^VK5NC zGQUon@#})V-Gl*{>1JWqFOclkKa#QOW_ zMojQ_{BOILn@O8{c21jN?quD&g_;kYwuMTW3l%>1UBnk*g&7$_wsT`MN6cW{2}d=D zRU{QYv(mA+ssECS=-(}kqs97rz(527z;xyLa<3auBKnM)JK!-RDk=(v+S7f%&U&fA z?xn{sX-CKCZqv|+2qk4@DiBEAqOk%*;iBOeJP|JL*^I{cNQ&#`^~?-@gN&lQ{N8GN zf8VQE6fBAX--}x`{BKmEPM3Sp-zY2fs@C1im*{N1*!g!>F+(gmFqSKs#3XGXH}cu} z+80XmN%vEwyyPS5jYtyanp$?B2j6p(C^3BzE$?!h?tXwNztqvs3N6oRzo^{fI|%-M zAO9S<{TT-M^YwKXd@IYvEw3Yro1{ES3Cz+9ZuIe9!-6FeSIGp7p3>$rG!9tia)j-P z;dsalnFo&TA(X*GX9WnzRrzs4ac4mqJViJvWK2tl6P5NTljHs;H`(XnG zR8lYmdY>;4m+RN>2s&aN5q#dQKl*z&uH)U}v6&ed1yV=TwK^ZB1P8KiSlt&hjV2;0 z7Yf$f#;3sp!AA*op?EMMNq}k{C%5<5A}fA zhh1345kZU6GVx;Mdzzud-x#A__mXlYvlC5ezrG&aA z({PXCANVaZq(&u5`a^_PjX7^WAbDq?A|Ax z?rTX}LZhX8X$(FnSH>=AQl;^lq@8)24!n~n<670xaAj^sl0=*Ua&b8J`~L!2CZH0R zQT`DeSBqH{@fIRS=D@wu5;5tYDt|6z zMl}|j@2a_`cKJe7l1b@bC+u=42ykv6FE>CF)P6dmvC?w0Hmu<1;lUuw_5tp7U&^Xc*onh7cd4G|V(i?uMd z6k;Jc!&&5cSq#Xf=TNtl3H;KbRYeha)8_U0gaJ~f@^qZhw8Z&8-Y6r{S-B?h@AqcMh7@A_faF3hXIdIxq%8KzhDb8X()boaXni$F@F>P& z#a5_ZT>w$yJxLHwE{^ACHB`#g(G=3}i%$q9PC^#mx5DVz%t{ej{o^cw5pUk}b)U3| zMO?(ZKVb1DfIY3Ua@;k>R$dEH1Rj2}Y4V<1$>KNO=`t=o*Xslec718pmlc_koqA>q zt*;;S{87Q!&$CAgRdCJ4;dz=u%*BBZmCCpg0%8dH%7<}UoHnSlhMbIaQo3fiY8{3CnMQfvSR8H%pFs2Qpht>{->^b4H3CY5uDnDFNA9s zu~{WGEI(0jKi51eYEaQ@ycT1xH6l0p@H{{M{_MzFm`A9i%);&C&~IrAKS`ff9*00B z>?~Ev9x1VX0?L3lBoaa_u+?|eTDI9YI;8pb7@-jjvu<<|)r8pmX74`^pSR4OVN@ES zvL<#it&;7PiHwRwk*X7HtJlb>R@jazGDlc85Tr42 z^fp~T9W8eCisH)P&aJR*|MBqK-O5#- zr0j|AfXgx++(>DBDZSxEqKOSxRWyVD!X7 zRr(9wpD(!Y9kopat+eDePM1wenlm>1Xq1aL+x_$9+@-;d}AmcVeMNjnL1Z zJBXl80_r4Dtw5zv=Cp_*5MW6BpD>GYz6P&RQQ_F3sPG3E4^OY3k!Q!C zU>h<7Ded8s{(;pf|9f+$v0bH<!+ac+G>e``!uit#2OMYFqng6qBCMgoXQO7nn_bl^i4R8r zJar{`*#oVV+=n#&!r56bi%2>ep@*C@3j~>LRN7Fp!BpF0yzLE-b*y_4hh3E*aVX)t z9UY2nuER@z8_cjtu~4wGELa)x&vaON24x9uZuZ!Jz@>F%gCuls>cU9~|EE$!q##Ai zs4J)g&pZ>iA|}oO2_!Wfc3b|HG4%6?^}OuBwPsO#o7KY@Q_h=M4!^^?laVNBoG+(6EGm!b64X_m($Q8!um7f#OG5f2FENRcP(n*86 z?C<_(A9i9L#Mzrgg=)%*6`(QITb_cmMR5fodm_V=W9dSc$t2V-O7)Uv$|0zFWnQ@E z0|Bxf6t8Lr4d3;oTyP{Nk-i>k`%`F0bvy1nL~^raadNb=YrIsSJ`~{g9 z*@yX{8v9_-wHzIXEt>QC*PC0pf|n#A0Se}_O;H|0)SNF_?nUE7vz6Ljc{wt$b&}BCtwp;CDr^Pf)=eNkUC5ny4?fMqHy#^Xmmq zXQt(yf`=wJ(}+h)zhJsRK?`Ig3YRx3-L5u0k8{Vx+kYG6qU_|(=KUrdg`am6T-Llx zi{wcZ6^G^)1{v)7wBEckc!B9MAY$>@YaH}#N&STqbKrox0sf~sO$dMcuNrCPOcv8+ zJqF9nN;zGNY!0{ys;SX94V6Pp?L9QEQZzIKG9LSGT^)SRJ|VWt{vkiylM=ILl0P90 z^)R|1b)o1l{tV~wL&z>ikXPk9dzlJ`VK7Yb^K5m`MXNW0X#lIlz`vDH)Kfx!;ffY3h%Wkky5MY9%UEweecm?;6ImcIqjhSbGO*sizR z4GG)rD(JzxGlIL^k1PtL`ISvuF~#I_(0_}8)>N=vNyy>S^k9H0dWbU+v-=s?fGS&a zp&{<_TX@Ld)Yz6f|9c|_1pMLwa!QwML7^fTj=d~mm4tEI+dt5)d<9`NMQz0vRd0+J zi7K~VQQR=~cy zshcrgjBmj}1G|!kB`)eAJ)L9cN(&c6I0%KSar!r(pcPzKt^;O0gB~-u!QR2(67t`2 zLM5stg^WAcm=nx`IOQP-orjBChlt9iQHI@fZ&!`i!t2DD zlxmci>kd3~>b>DIF8s)CtA({qAX*O@Q2N_x*Pbfl(t>mAu3?)!KASQ=mohe!JU*9% z9`PVo)-=Gc>x3Dc9zXYVM1ae~F8h)}*u~U^MYcsV!dERD*x&p15uh_990(GJUB~95 z>iVDXPq%1b5Zfu^#>YE7pV#i`oTn`QOKOr%a;J~%I5*pctc7o;HR6VrtZRhg#BUaNavYGG8WCBkRKAS_r#7k04)UC~Rgt-y9^1<)dY*te8oyoJrLo zip2@PoDRYY!=fb1J<7$9VORW3r80F?!nZ%#B(9C!h{70xd1&J6?>_5-gk|ce>)q)~ zf)y24sB8ObRnDuya;ma?K-u zhyWgENW^Vx)xop&x|o=LwVk03U)H53W%2${H1!gL%)LA zu8MZBYQT9%e7Qw@D@Sz@v6GR;Xow-$AtCf2=bvz@SsDtXQKV$K7l*Q(BAI1^H{R*Q z;qw>p=VQKn{!A7rq`SmR$1n%fg;Po=fz)bipk;E zG2wNgEY-T!uUcwcv8o1S5R^B|!DHd%{m^6q;dBbEgbAvUWKYzBuo1E$8&;+dAwt%pM~wzdVB{a zC*|>igQEySnF8(=ivubf(#&Jiu}^;pDur46bK0WHVq4HA>M&e)>hm#EhcR7=ntjsI z*=oDn*bA>?A6kUMa4%9q>L+sEW-p7*2%oR%LE;jzAYR!k_VC zA0SnxrZIV~L@l(1G?0yXPMdiIL$#);Q{_BTqqX*9*B(mHl4V1S_VoIrB4kSF1i>zMezN?%=H4l_rrUt3Mmiv zWKtsha0d1$4(}tOT-`i-4DolsV8TP^`EeH+>WhQKDUEroHyY>-S7=#S`r+(0q`(vH zTBuOy9o;Q89;=YKEO~W@Jbdrr$~*O3Cy@_P&+JgxpN9%l$ zTAyhpo-7mpt5zm{r(t5x&J6z{Bg-HYvcZK#w}SP^iT6it3J$0{)P1tCvf0FqiUrnU zEBwT23viNcYtH1!8O%OW(E1~-V;&z#sKaDHt+qsS0b^jj?4vDd5%=_motag)>V3qT z5YQ03wgWI48t9d@q^7=El26C}aE~y;P{x3SiP2sa30UcHeHgooEu3yZHHvL367fgE zs*IUHB6WV=4>sHzSP*HeAnMdu!?6#UzHGsM#~myUa(&0Q6ZVvX&$zxAIs{ROk@ z7r_d@MFi>{f<3|bXZz>mT$v*l{{E; zt8i5cm{W;_Opr_UZU&;N9p!uAN!3iCVSMV73B-K~ zx(J~15Ims<4aBL+KC6O3zZ#p&(XwI*QKsKpp)FHJq1y3Sa2UkhwrupowXYGs~ znlJ|UIqLv2P_ZfA6P@2;XkTqxHwQ9! zxlN!|IS|Du|Agov0b%&#B+H%EUst-EDz;YAg9`N+tS1p1r(7a$=|k&Hy~v3FI5&mv86M0JhZ&fvVrO5Arr^bh$2=6AdS+w8b}no zQ*EdbdQdxkGaIbc8loFp#Am)y_}xz?@n7mJy9i=PCCfhhCB9CnIG2Q5B>a0e0TFjS z6T2Vf5hQf{Gc$;Rlaijm_3~F=|3wKw0a!8v{)Y9?e@43LYGV!45S!W2%nX(PC6}r6-0A%!ZpouPC5;J%E-9cyH^5%)+K}2?M6-3HbhjxLM5)SML3YN z7r_kKvs%JUiCLQn>u!)ki%}ckT#!-2x_jSUXAd`%r&nb4It?g+BE#y*n!OmYQn*Pr zzosU+XNxJnX|uz$=yxKNdTb+^xP zDWy{~iKeL^yV0|PSSmrXZ0Yw8uNJ3s{M-*=Bnr*?K zL~JxgOpe>G9{-%z=gHCql~6S?G-|a)6`X)>wo@*dL|>M=;moGCmA1*iiNJ!eet1>* zwYxh(4{jaH%}Z;xaa**2NZS>@CEg0Jumj(NHu73G?t{z_QN!hn&`4)|US$gdjfk@G zR=(t%q-SZSgVr&z1>--JsK{5bQfWT(LlUUTpU;m1n$?SuN7UOG9yRpA#qDdw-c$_^pI_~{Vt{;kqc;$BDS`~9sW z=QM$sEX}=I^{tJ8>9k{nG5_()Pp^}Ijr1ZeAJZO3vQ{Sjo~YyaIy+Oi?Suwfuz7~m z#^lpuc2=Gr*)}U)Bcq)c8Lr?;rRuSamCXwgCgT)pUEC=MBd3VC)swkaYI2o!Ke)@* zBbj`GN6j7Ji*rg;@HctZmS7&g)k5~T4=2InbWl*zx8xTuX93RP?5*H3HTtjbWhr&~ zvB2}=rYL>Uo}t0!$~NU7LI+qE}(K}|m+wpU*ya|9O6 zv>ryZa+QjuD%T0bG9-!|+e1L7Lcow;nGe4$C0a?O4Cv;xUSGHJ##sCO+C@ z*$PBRM&e0wHGek6c%&q{g^&gggI2|I#;{yKaRsNIl(;ay1r6tG0Jr~ka|d_D30&8w z6rKT^pX+Rx64@?fHmHBF&r1g0>3P>L`cIozmDEl|8WvY{HO02sWY4-ppn?@~Tmsnq zEg!enY>#~E|EiCUd75(3D-E+b^dEGgc7IBzW=LHoQb{6uPO~)0eV~BL&7S|>r`Q1Z z*;Z#GyuSecuX-|yz6Z%u_)w0}1%EX(4}RoVx->28=%)Ni+SL?YqDeZyf|t*@Zt4Ft z$_aK4BmsV;yg5AB*?xJNz6&)1OkThIck>9@^5NM#7j|WBnil}z_;%>(8&yF|t3sG4 zxDjK)IF1vocpUFN!RhzR;sp{4_GeG0r?!!EyHwaxN?D#P0-|zZcJL3H;!grkdlBTr z03+2sD(9(SwFYR-{-hi+9(A~)Dh}a4tA+F9rVyc2>+-fP1v>C>m2GVTfw_iBBXV!t$}(Xd`|g3b)r(F5scm zmvJ^F&fwXwS^HqQ<2t2^q+I`?gNoz(mf+Oaa?f1`UgV+K-8(rXhKCk$7NLQUy%&GD z=oHrhFIP|WXEaT?*dUuKR}C4X4;btL98P|3diy};iDZwCacRvTDwpOtz@29#%!Et^XwM_1 z6v%1gQja*twMwfVHICnzoL9w-TKj3=O~K>vFcCEdJg{)p0Y4$j?Q3PA$PVH7h<8GnK_gjuo1#ug_78dr!&z`mG>j-q}OC4f$M z&g{Q^(fFx1vd>$))FFjv`%bIk0{`%Oxi^rpbbUiee)qJkeNX<)6|Q8HiQ6@WH8!G+ zYFFS&!6){%gT;$Fd(rX0-s3}^X^KKR%ng`};kCiFLDJ;>a++9sgND73kkeRujHywW z@6g9|a<3=#Arim1VFXBPO5K9*7~!s}C2!*$zi_A|{);&Nv=Z)DE9m?rkwZS}7gzAp zi5SnvP6!Wr7Av2z4;AJB{YV zLiUGEFaOVJg!pOGI~wX_{;ol`g?eNpAL1b`Z0HAhLv|D zUFQ5@ODFrBI!kbdz5;iX&oQulMC${qxCL1cK6S) z7K$71m}3TLNdJnh#Q2C}yeUvzC=SUeN)jPZgXhn$ixUee^N^325Ya6Uey$eu3HyFD zi*=(xRj9}mA~47q97Lwu6@20aC94{SKLc%T7J}%sD2JL6)}2)8DBUP)gtI0UKq;Yr zm%4e2^DjV$hM1JI6w&H;!E~P_c==+fCMHe-kHAl!FNqiU*2#I5K#2GK#>BrxF1T)j zt_m{m@&(R-oYVdo(te2TN67l>3p&tl;f?h@4jowh&E0QzZIpo2t2e^Ve$b&|NPhy3 zNE5RiCVltrvHDm_j3j*cn|uxdp8-p%8N5z)-F1f5Lv=#U#O_rr=>0sMKOqUel9=R? z+v$9GfG}?d5dtq0792Yc0@y1~9)ZqZJ=_QYe~Mp5_OzQwXeYkdB4r2ARa{Az>0NG{ z@&-(eBp8zsJj3nO~;P0)c`=Rf~6zbvEEDXf~zRG?Gmm*D*E$x6E z8V|Zcv%2(4&4IuFLz(~O6o@+m00KR_^}>cE@p^(U zx}cgMC})9(*7RE>P?Kq_WnQ_@d1@JyZy-hy}V@<>uR$iJ3yJU=5b|Fe zwsaNtfrTHKRMkk}+mqp7U+FZ4MyVR&1$6z3~Ako0Yq*o@eLuAzKZ)CHM^?v{D*eJs1FRwi4B5g;2u#B z&fYk-gFv`mPjAXJx&?D6$T*OO52!>`cusRC!-ejK9iOAl&|}~~JpX7Hr@ha_G7Hzv zI`6NFa9Y;)Zb8EmXi|k)av&HDf4@rN-}pPW zvQ)770*^@i#xmbL+2_Hfbxegpqw+cW({`m6qkJd4WSJBf%&BR(5-fRqU?9_aA(xoVl; zif=d_pQXX$YD0j#8iO0gcdV4=CH$bsRS-#rkR%k{^ujosznYs@;N}*bdjH5lvwU(+ zj+PnG$jy6eDqve*OsI5Mdj+}Eb$%g&>R+Kx_hs)@n>b-6bVf5F^xVpQVCSZ59;cp{ z4h*z)P}V>L?Tu*zBK|UMYt2G!RvaXo+~Xl032w{CQk}N!%=pd5jx2*|G!au8x>SLb$)jWJ{^VN_x80oyQOoScySkSO|>JVl??^( zg!+7dr-}u}5<-DLM_c?!qp}&36A*vTeYx{jA+5bt{L>_RnTor z-fY&-YHEP-MU(w=Uayw^E%gd(S~_HX1{sD{10{Tn(Q-zKqSXub_73#?0RSX}!Hp)Y zoBj#~`WEZ})OWBK@$~cK)IJkma1cLpjmiF6TU!jav=!ckg;Jng^Bpw9`d zERCNKsJ%}4%r00aFsYNq@irjA;+O{IxjeN7+>*BHwG7@%G&YiJw)t{U^Yx{^ziNm6 z2>v3xon=TLb-RJWuwDx3<68C;O=uXC#fNxD8(7i|W;B27f|CgEZeRRYMZJY)Jw3wa z1x#6d5AWugBY0OlIzffalp!wN50FG0RWF#o_${V4>eDvwB{gC+5D00LHHTY;x!-K0 ziM+Mw&b6gZwWHsW;ug#dks@TJ-jNOB(gaE%=r&wZE;|mYRar_wEYSzm#leQ`OLr)5 zsW$#&cDF+M5+9PUd_Hci{$~Lakwi|YBxAo6_XJl^JDMlw;6q!4lfrm@6~g&8ZFrz1 zC0Q>m)+jwuDv?;@+s)sKgWww7qJ0HnCgVCc*y%bW0)~!uPj;239CJMUjOhj#S* z7Nr!|b=uv$e{-)>@6=O^1Izf>FO-cNT zrv^eB^V7gm6Chg_)oDXRFCF<0%w=VjwY5F$8>(p%ZHhK+|IiXL?pzz)rjYrkFJj5O zL&q~F+caNsj6+Q0LcM=e&#V-H52pMwr;mk zO>h-kN$8hfZ8L2v8;ZPp^dXXMhHNO4oW-~gRvdT6r302CJVSpYubzJY(7DAhy3;L^ z9Vs8C8lBF@G@dUh9V~V| zTp9ipgH*Re*!asOThwd)bn7y05YjHU>Kl4)Iqfum9RXb6G0TUGZR{mO%?|OmeA}p| zgG6l85}zIhyPVn$Tn8*RydT-N+S5)Z*{rLk{g*47B#tqczuN!!sw3m&70i{Pe_X7k z)E@i9gj^R=e33Cqg}Bq=GIA_cO{a}jtq_Js#)`J{Z7*J+J0XOT@c8ZPc@D{YuZao1 z(f4|mc9xcPc$%2}Ro+2=KhtE_=}-UE{f(e&l_C}!>-XTa^Zo0{;bB>LTUzh~MM*{Q zBUQ3@caUZdMmDSp4{_P>)sTgsxg;h#v>si>EOc1_7lnUkGy}27Ig#*Gc{`(%>e8gw z>DS)!mh+~3Ga421;HMYmW#eKiea^L{nIxA?5zG^HBv4(@rn}GN5BSrNa1P&-;(wA2 zc^^i6_@3REf2BCODusrd(}P7}P;28$4UbD)Xr-ran(FI<+KcLM<RzBv^Y?_dg@}2e| zCwz6aaERy>3$BcYK;+|4mTwa;s8RafjT6|>qRT9aLMT1 zY5JoHo`;z=b1G`c8BWVto~qt>W(hqMN8jgaC@tw98Q}EckkZ9+aa#^ZK1oKQD8h1P zlvMEwr>>wj31S$k@Lubdqy%B{%$Sd>O{V-35*h?;A&}~d4RU7%yc`H%q=I8NA=%Hj zhbzJXpzfEj&7y5$$J0zZm9B~|=0?KGB&`u?^x}2$^wIf!Q-waMJdJnP?W($mqywHl zkUTsbd*;7&5aD&jvL}LY5d9(Ts_qCxe-)O*{!diW*W;VlNWgiL$q5eOiu#1a^NBN1 zOp+Le1Fr%ov2y4#m<}I*sN_*6rT%JwtDE*i%g(bdUgvck+B>6f?{OUAp-PdqsM2v@ zuo8>2Gq&H|JAQ?&PH9+B7FE0@b*E=V* z0Z*=N>tiK>{-^R+gZ%fwilxhGKUiR>*}s2?upfgVDEza%G5px#m=1a;zH4%z#xam7 z!b5jxbqH2xykLtcIE{lB95I?4&9oV!)wW7`|0yM+)N9cYtpANU8+^){^Br_z=u>FJ6OaC_Fo3FDKs~u?W2bCi$#M z25uIO5Bp2{@DD#_Vh9?D=R_oy5i62HfkhD_R(XFqPUw1RVfv{Gr$rsDPse>*6*2Nk zoQG7BFd*oL7QN3J{=ACjHY=c21xQwnxuguUNfrhzP)$JpGprBWVbK#K3IHx5C;$$K zXEFcg5Zo36yWu_&3mQ+A|3_3)BrfbXQyYm6$uXV}(lGchywGRhL-LV~rUpu0) zCh`-#2i)O%MPKe8i48~t(7`gmA0I%Ec*br5w1|5MaA5r{3{Q5fmpVyKaUqF#I<-%8 z!~n}{%R&ZomFeMi|4}{6jNg+O_l!m-WBBUmuwB2fj6h?S(IEIfI=O4DDq#B};bJlW z^ZC1;fzSKDI3oZ1*-+0hACvue8wnPQ1&no(41{5UWQ6K71;XOfuO%gR|0Q!E=MGwA zQ&zIFF4+;<`m=|>LO1=pdCQA)Z}2qWZm{8dkmGHPg} zcesI#eMY)8i>8En^td1B8nNYtf_Ly;_02EESn!N#=*8j%@Gj=Yrqh;}XY@WuBH4YT z^C%Mr)s&p2i8Zbqh+4m#CW>qizNAx*RCX;6k-5bw8Ik`3h5b#yLs{Rtz!$y^t&v-9 ze-C3^aeR*HwepJvUKM}-ln=ZI`u99T;kenq30j$k)rzrd59Tvjg^sdOB>KR+ZqL*q zZ@nmBh=peyDbaEhnNw2tf#TXZ|NSFFfTQZapZ~rj<_I!BeODZ3>gV=%pSa9JyzMp; z3;M7!%iVo4n&z;~C1PjWIdq|s(GOqS`MR~^`}B+me|G}^X8tE7N7DFlTSbcj4=raK zp`)E_bs}BWeP9q(jtR**exjw?eiHx4n=t;-aQ$!>-jWL#UWg^(%BF9nJ@~$G%W?Lg z7+K=~*8=3+LPQ%Bz31+!tGaB-g^tI9ZOrb7-l-cNt#^WiGEsZ>b4&Xh-g7qR5?dQA z8dhk|g-rKV(JR;b>g#0CsnUOlA7|QKz!hlT5@f%t__%l-Gf*M*TBu#_Sva<-2O7zw z@l)g3MH@0^3I%fNa0B6=M$3(Y6JbuK%g7j4tJVb&JS} zd-X5TRmLexOdC@;2z6*UlJKtzu;~9bSHvQQfB|Sdnl9BE|Gv(NqTr)Ne9M%g>7hG! z7tZ%4MNn(AW=vGKf#=`51;Ock_(v5jpr}Xn_o<~({PD7fm11308Yk3W9)DA$NZJ1FFJ|DvkZu?y|*~cIAgV8xl_DBr1m9m zYi(<7t%lgiyhnG#+v|)LXA|d9SA8s~KMjxn(9DgiKSnj?ttoMzP z5ySs#Y+%8V_UTU}yPcuha#XHlhYy551iyKR^+t!iiB{1`qjyd*VkIxVj>zJI6Pzq} zM0REA(<6&!G-WFVeya!H zoD24}(>o=;NQ8|gjFRM&EW)s)VZjr(O>Kye67jPyVbUR)&KTuO3`euO&hh_-tha5A59o9T5rjz*tEQ+Bfrt4 z%Ywr8Yt0*dDOaNPUMRuIx8`Un*~X4*G6GHbNusEMnO;h+8Y3SxX*_D~W9UuhQ{`5O zWahrcUR+sB4L6?k{^&5n*BlmPWwg0ylOrLBQwnZKbWYrJlk|GAn`%!k5pEPeEaBF$KrbO_Vc&MpQ^Q1?6O-qSXH`PeO5CM=8Im8E57_K*n-RC*71gL z!Q1R!&vcbVpsLxw<3)Skl_8V9t@F{9n7==d#iE;&?b&?>c={8x&Xc7LDifnO$B6Kt zDz8h&C3VHm8AsH#Q}N%Oe$O)7XJkve+53zga!_(PewcApgtN95#b$eb#>K2iW5Zv& zY^iMh78giDQ;t&#*}_W(;J~An)5ujWKZx$b2!;PG<3I?6gx0d@KeKNZNcni$248E9 zjIsDVbgy>B%XD1ns;@Cya0ai6sI-rCQicVk-*O1x&HW!yUmX_Z7qq>I{!l3q0TBU3 z32Es@C8d>Edg%`7E|D(jZt3n0>F%zT?rvCi-^2TT-}UjAm;1zd&Y3f3=AL_In!tt^ zehdcnOTB?T>t}EIb0s#SM-)HJNq~?o^t3)`d-o$#-0|;cGNo;AwBZTn8W;)6aH#!x zk#ME9(?b_zq8Mm=Uayw<*2EM%>P-h2*irC~PK5C9UG1u&*SsU^DB5DUF@ZjnA z(*DEQS_tHqnx4mYp4X!^p?Wy9vH+ccePdltAu^ueFD1J0Ll;g6L>s?%S5Z$3ZFy~2 z-Me@)sXQN@(%rwzPIFS@S9U6QP`y?*w2h&!j&`ZgbpP8}tca5SW;2L;K$hNlK6@D?H=7~;FtJ|EEx*4V zPIU^pzwp;9We5dbpJHmTVp*l4GvEM1AXkB##LDNlqG*TQb$0tpO+25Q`7ND9X;aB2h;Kg2QBz%!#E}9y#qhsN}6pja?Ss-cEl>`lc*5?R^ggXY**2QC^TiC ztMBUvn&D1=a^8GDrdS$-yn*WBF;V_Ec1~3FYcRoY$(O$5iYWYhppt(ElXKPHqB9i#1P2r|_B2^HJNMF`_fxnKS*|`Ecd1 zyXz|I`TT=ebis4e!d)8Bq4Ol>R7*8nLnnS}kBpwEM+KW81JdF_5Hc-j;h#>BNdoH>9IL9Xz@I>g~8bA@W0 z#5)OpF^}}q7u=?y7pyFjeOkKknT+sDSP@w2H$Q-187r>m1aaSZ zgIjR+_h>&yvHjUpbEa!7%cjro5-UMw3u981)@+SAguz|Q<*~CN;xh#D>;sTiPoLa% z?L1M9C2st`>lGAB+Vr;x~qT?~)d`vM$LG~N`^7u9QMN23DKZ0m+B|EGF zs@`{qio;JYtaW)cWAc$iF3ob@iGH0jz(u71@oI=dfHRp=RiCy0#vVA(AV*KY?abXe zkDGsQXtRfZ{Uf{)6F`Wkulk>&E_?k5k4KrB(&wRt&kR#k;Gh`(`1CD=>v@&clR;&m zupp57P8hNB+(v*te<%lIL`)8}apYB3K~dLnK-3s}$xFKv9UJrNz-n@iyjA#O+l&0- zE*B_%S7X#d-{aCgiZZo#=gr@OXueI(E1%CxOBM1Vk}d7q{}XcA&L7T|DJ~h3ms$Nb zDW*%Afz1@{$EZ+MQajS7#cX)+(5c`E%@U_(^0r)o+^4?bzgj1R+i$GbMVGX@J@`18uD`?gk8K*3PrsJ% zvh-a1{O|Igs=p?^1#*UVi3$v(~qkB z2-mh0>G~HAQVO&f@AoF;^F5bKRp)+VHRI1DvG5X((j`(pYj$#A>^oh;OU8`iA@iBR z9TalP6MP{hmf0A%|csr z8h{w#i2%E-)|38E0_C>oxU?YJfZ4*WP=-b5$WjOMGWzN0xYhsCctGV81k+l#}Xt zQ59(Yl1|;UQHd!3%E5Ky*WA}z%ZIH$EbdQT9K6;Co`mt<96(Q$600g$8SD<_hqh%v zJaOVCPxcfnR&BMppgqR%v2v&QW$Sq}+Wf}{OZ?%JC-cV(8}SI?&%?60&`Txq&k<50`^Ts}n#Xz{^r`nw1I1Bsl&MPJ?abjf*_ zf8p;fDN4AVWs>tFuU2q}Mw4J^Ueoo0!D4dc+2ammX7^tpS+Zx z*Rh%^&2yj0+~XrvX*D$uIm62Ik@iJ)Sqh;!m4uvqgHfAhcOTf1gdYvdZPT1(&e`Z- zYEIvxB`rx{WvQy$nZCxV?ztBsJa%RZWnP~@5b8DPC+=tyz*uwE9_BE9Zz7#7PHD2j zixR+(yS9T>tUh;csk#z8QLYkKReS0C!KhoF#=ME6TkmvtkgUmW635%9*W`LPWOcl# zE1}p)|DC*IVoMIWLK=9TMJbi#Zi%2gB+g!$*6Gn^^<$ zSKG*07qN|#im5-k0D=r-`vevka*B3$CRg9-0H3k9qDYIrb4~Np7DyBHyy#xi<=RBYqqXWD^I8 zkN^C|6xsEz(6s=U9aglh34XTtaAA;a_sA zKpDse66A8T+bwO_>hYCTH!0M~c{ABT32a5{eukRHbp}h7a=ov|+sEDHmN;4r>a|Dj z$gjoMjRjI$HWEzBXPs;Q%bcemYI+_f`nGbnxSE4BR_1u2DRfZ=i;nA>Xh@})7Iz56 z+nu=;eOXyN`yl$Qvtq1qxRE@E_i~;+VIKAb;mV&foKW{cgLPX;yTb7eR^M*+S!Ejx zAI||x-Zp**q&70ks(c}ldql~66vv}|j?Q&zPy3Pf(Ypc{koG9;y8aKDezmZpnHW%# z7<)7Lb0UkR%P_yDe2~?L*UxY;{KF~3FLW!r^_{t~p>y-NUJ|;#RDn3QW)dQ9<2To< zZdodh24fk;h|QW{lEctOE#nRG0@sgk$_I#*S65f3H5@eL@l~3fK?%rWK8+UlrsKsg z=|@NHxT#JX@trw-WX`!xPgActsBdm>>0~XN&Zmep9nD-=6lU3~%EX)hkRBUvA<1~s!`0mmT{v#IVb4~cA-*~E~g(t*Rzn`1%Mx+F#-c__CXZZv0|;*K1)zHTiy_5mvXz^MhwNy`sMk z6RsIXsGQ=Th%PHC|A@HesSCe=@l&mM*3yI)pC2OU{NA#O&Fd;c&u5~Vxbb5#^F7IAx0&by3!_-Opq3b3u>@;CoAw}SJuc8L- z?gFlMyeIR&bCxG1T0g=DC>AqI=q2>{pQHT@t+3+R=^bm#A-^GBE6Zf7i2%Ckw=YF( zzd)IBhpv}|^K9~tJ#s5MGsrQwuOx;~VQ>Kl;KcPt7uCY{)k9j&dJTdU}Mg-gyBUJ_SQpNZ|clvZImxQ87s+k zISBoFDT?(m%+*w?`|-YgfpB0uOjOT(_v!BQBWs1t6$-4;HlfPbQ}|&)6AB6Ov^~*@ z)Ws^}mW=l2YkJ5VbNQIa{5le=#xz4|uVOWOS$MgNs_=7(8{K@);+Xfke&-!wTVIm| zqAL4`c}zdwknl>tZpLhp!y%(daoV^6)%yzr9DJoF< zXS2hrV+E-Ae&21xu%Dp?oK?4;sZ_6!$Fqt_?NEU^N1v<2@6>tTY*@Oyny_2_x;M&mtpjKG&_@JU>)P;_x8z zRL+7CQ%3fJ>TBQ+*odTVXQLDm{p)0|M}P0dEs?`K|N2PQ{UowtSfIgLXyq$)vhCPc z>iC@Nei*VmuE1`|X|riZu_V6{*?}*M*b);ov9b4*0SJq5Y$~h3mpDc3J&B3Ic3L++ z;cM@WErNlz%C4XR(?*-qsq1&X=YK-rYU&O$eX4fpCj>E(8@JlH{=7dGI$YEoZ-~ObFBq;Ak+niWb=GjkwrPe`| z+(65AP(e=MxC7s^ZawDE?a-yGrmL%~xNakX$#oes;FmeMM}G_h=fV$f|3Xmg2c7)t z)A~7(71NTY>MO^;KOb4T%+JekE&qz9gHk;YSYBQ>OmW(XZ9%L95lS?n9eJX6`rs(% z*+tDBZ2~%kVze#ZW^1X2$fj_Cd`1thZMHoSABocPw}V17j$o*a~6^A zh2Bw3#ha<*JH9rB-z2)Q^rNA#|(bOy-+EPvSTzy{Q4ud<>MN~3$M_4ZHY zK^MD)LK%rm!R&|Hd0N=WI`7tAHzgKBd*Lh7dec!Jmj1NR5sTCGEIPmXmD80T@2tzp zDOEb}6Y3B@$bV@*>einQw+Hp!#+&K}h-ciK-v|*;T`n$;UxrRl`6Pq+7%lK+R9&*M zwbY?0el9^sJxTIkB$RySvZyL+W=fhjCnd3u1htmrV~lq_i=34;f1O%wJSwzWhY5R` zoMy&Gkyiy#8g&9D%tAYao?Y1om+u7bWuKWAxw$|sF zw$dKAZ3BUk3RlB%%w*d8SIN-T#>8E15$z`sPZg=P1ok`5{iJ%QP21*CziD8UYEIc) zXU{cYVib&L#{AJS94slqVxUmft554bxrv@_qpPU?oVlwR&u4CwoBc}3L(1*P*9~vU zLf)ETsddXGZga#DLBWl%o>=vd!Kwc)zgWb5P`~Z#h%UI<@xXeV3iKGNJF7z*Y=+mhCA?d?#5!96*gHvi24JUY9OtinaX?@*T5Q+CIGBGHUf%+saF~^xHtC`5k zplsm-(!AN((nP`bdYCOF!=&)T${gl`^@_x^j$UZhME~w#IMvl7bCSp`q zc6D2B^p+TCTB{w|&TKxbbDR$O@I!;6Kh9x+hCm;pY61W|-Z;~;` zfd^M-D{|OE%5ilH9d<#jNQw4FMiQ=1;If2}&5UIHy7?C|FpWc8is*+c`}FQDl)9O; z52(lOV0-uKAfcLT2g|d4yE)iYf)(WsDl9Qd);n4!_1+sh+eYEAy;K4S)$QeB3s^u# zaAdhIQHY&ZmADn1eogj3UITg7THi*;<@<5D=x~2B@!p+{)0KdwN8ap~z?)ngI1=5q z()|Q3>xLDV0y}jKldMEBZP04l42hMqmlCU;S5i~L@+gbeWNjVS@!K&e7C*M_#n|w!Th}v-WkruFBr3+8keY2SMENPY4mP@byF<+s$&}6qj87&1royM# zY}7@H@{_wJeGHd83P4{!%L&3wmXt#Iz`RFOjkT(rQRcQ@xijY$md0;kTN%jaDf-$|0qP#zyCF)=7Hxf>J)EmGAl>^hH3MRZ*G z4f9_v0F2}Zm=D6#=9|e9i|S)fwS3mnsN(4|g=Vf0r7V8lH>|m zii08&8NDwkwkK5SWT8-pn;kRi#U=NJY;07LE7gKpNu9ghi;Y*>>#i*qO2RnQqbI<& z>Fu4P502~kiY^`HRbrK^crle*5ssFFX}!MjWL1m_Hrr6D{@c{yeDSy6`Gn{!&Tjne zj)n?{LRt#2MB`w#Tr65V$<2G^{W@iJ2PkOE&19dW52#8cI1kS$eKB5P>osWn#H5A3Wm^FzgHwl&}9DBomb&OQ{FX_#A9 z3XK->HMu0T3sg1GoUY$VKPF*7&YelL4x1*MMV#YybjCI$JlRseBb+PJ2%?v^?0bba zG@BY~^ubV>IBfZ|p#5K2YYJ4Y`55A6Tc|hPaksno_-Cim+@{&jY0K0Flb%WE)5eK< zC!5YyF>6KngP=*7@hgT^CsB%rJ0GWV^W%~#xv1ha9G87CUjO*CzU>A?7j<_DO~Jvz znM&R0=va`$iW&6m4m5m)CsmydkiyoMjLQZr$kbDcX^Ui6GXU#Nxe!h-IbDu89sq05 z#X1Bxqe6Ay5;w3SLlrk<6PQ!-PW8;`NE3aF^hP>ODG z?MmPyOhPt<9!oqMT#$w$k<-%tgyH^(rS4>iqqVSZ|ga%UUuMv7`!b2DU@R670 zKUag_Ox+vpn^TP|*q)NHjO;Dv;3%9x1%h7gl1xn#ajy{3C9e8rW&>C8E1!N5V3521 z7!(dJ*;{IAKytRBhw}@bso*)Jq1VgvfIx9;d?QNE}}^ki8Sqo1-+bA+aEs;HJYuO|j~9m#i_4syDsaYVNRd3&?cF$BZzc zA*1u(OJd;T3BMb5V{ItPFu*We>5luU!wx$A{rSjdKlO8B+q=rH7N@UclX?PaJ&w{H z9@xdMs!vH85Hx+PMLIw2Ow9DgU-Pnln$&46oMH?PM;!qFEeyF8228Pd>J-P7y3LgN z77x&>)QFx?4V-P?#7NJlYMQIEr4&cAr4v(tHE;tzS;qBn?2Vv|&T#+-0t$JEnsPM& z#vibp01gD2Ecai6pGE z>W(^&{@J68&)x5WyRY8Zn1jS{=TEpRajS^Vk&G;pl(u5S3kWJqjLly#a0JiTDT*Yb z9~_YEAR`;rtkP%nk_>3HbMNDO^rmA-5aqf$u1tTi18u3#`-rrt-_E`v2WBe%(#=$j zQp&+n(=9-N**ps6Xb|8U9^hIA$;yK6TS1KVTT^P5Kv{BM%;+-Jtvz3*K5V+w++=vT z0Ju_~rj=X1{KD*)+}5jdK1FDs*qWG=TU;Egk2mu>MT(Ud9TGllZyzkHthzZdI3BK? zudtGwubyAO&$7bvti&(ALz&?hQd z0gYifUtJWU)UL>5efPngdW2D5%RTl){+qmq`7riEZ|i}@$bX9#k_}PIsmWtWqF1HQ zL)nWP>>wi)bMwpI3u)A|d-1)qPnd#GB#D+Z3G#r#Y@0fsFkfl~9jIQ3|Lrb;~SMzx&Hh>A(fI{95 zgJ6cd3^!%GSq5YQVC>DuA(nBw%9C6G6@_1QalS(B06n5~Cs?;z+>o7}&DgM4E|qPs zC6DKHHY!$9zmuPrmyLel8T42yT|V%MikA%j8smNYe#_9gjo)Mv zVigcSEzf20p8HQ$91CgmHFjCCV&@Lm@MeIJiI%?3iKQPl(tzG&^Jwqx-RyGXe!Z)m zB_cR|VxH&^(fe0sS_R`}ErO+%jU%@O;d}h=DrBWMc7iSAl&sY~Rtm4T?M}akP|@F7 z-vmwi6cnp3POrYXILl67GYyTqJaow>f7x%5(7RblFVz9Sm(;p9cfO);S>F_bZ@%bc zaxbf?x%?9;!?PYGk0XdU;z7q78W`ZaUW>fP0!rM^3w-m`goK2MV6ImGAMvL@SSmUO zVG|&_srMj_?EmoxyH=0y{lQeXi-U$kO#l|2s-W`-hsX@Ao%qa}F~UZoEwTu~#O%E^ zV(4^cmk2Cj8`q}U+$DkK+NkDaQ8g?Tw`WJu1ex&Wt83*T1Cojd)Dv~q8SCq?hX$%9 ziY%0!vbO7p6z+a}Zh)IkTMPLMLt7RmPOSW_ZJxM{GJJFo;(k2iPO{e)X^jOSw;3BN>xX zQ5JPE;roevTf~SIA8|^1fPc?%*#4nC{xfDw!Se$P&U8I3t$+W#aWzY|K6`k0SX!2R zH*t1$Mj`J&we0y)Z6U_#4mqs1rI!h6ATkfHTTR>H?Z!UF@9)5)%rMD(r}#0_U`*Qf z`j8$TN#zo1h!h;6<(qy6#mw4vxQwPlu6tm?%DJ+w;*l+Ul zG6F<=Aww^Ry%YBwOy!x1l5Lnl_ca7Tt96FLYiEncUlQLQ^^sS{2ior{RP`>^#3H6M ziaEZHx19ex=E}_)rQM9Fy-5hvB)E3RuW8^I1!~s4*vmqD6IeNgsw65Zl1`ugX3vU# zYvhF=sX+Q)*ylT^BRUjr{@6RQ`)k&TL9IWzPF-K9q-9UMO0A-;+}S+fP7-bK$TEr0 zrO)tVAEl$rlJ00;uR1Pfo`jVDL0b+jEnzPoeXVEe zJqO97fXqjZ#56E>4&zg+PgODBGq$yK03}&i>Z8>29jr&XguanURGgv= z!py&z)dnkP2?64x0snM#-a_S}o600=F#ow%V}I$&Lgp{Jd#(}qzARyO9>K8;5saD| zbjb1spEH4g-9}X7ePsL1!(6XNl@v6ybX|mVigi0m=LILzJj0<@Gcx)~Z{Z~rmvNhH zEGi_}(DInE|29!>Qw*QEMY%_-$`u5}A(@qc^6^Q8+cV2iu{I4hi9y0o$)CPh}JpDWJQ;b(%%H&_5J#$^G z*TC6&D*Y1o{$?7kBCquz)2s9Yzbbs?TBsioJR(Q;cF|db;{V?xGEa<=0^5G zI}7SY;R&B9qOR{&4$N=Ur{)Pqos~s=Pq<^$yvyfgdJdl83nF-G3ovI_iWX}Zko!Xy zE{urPtL_Vjh9?m9|En9)xWoB{a-V1sH}KX^%oijfZ%kjbaU`a{jH7)6O2?L;@TdQ2 zL{=_SDpu`nEa2PT2o@54&DA<8#b>md`Vs zkSKZ?+pKbTrNufbbV}_8|F+Kz@6c=*C|FOUMSUFe<&4U&z%?mA*Q;PC330o6t6Pi- zgxTO&%;v-OB{ZG>HF4(X#NNvSMW;*)PC&C1{?%`YhvfPYz>a(j`Q??GiC-#2zyw|n zq4+$|`rz46O16*6D!ZgR|igI^8shFVuRp0;*xwfyzuqZh`crn&#$ z(ZSZ0y=VT}Mnp7$} zeW2=QNVpvW{slbPH-n&+WjPqVhJGC=HsK#)YophlK>9(mrI42BhRf^?aR zK~ct`l($ZzL}Juf-()PfHYlFH&KW?5c;?DW5DY`#x!knU{DOE!_y> zOX%J+cVrSWzt1G?npuqK?uEtJJ02cf1{(1fQnU}+#hCK2^$QUgj<7{$@fGIpv$C-+ zdXk6ge*UvdmbBOP^@wVhHiNnvkO`;Nb4s#Ooy;BoB&G=84ZGM9`C*{Zuku~(oAp(# ztLVJ0fwE?%KtBS%ag)#-7t_PkywrP&bZNI4AJ40+~NPJ)hGDU74RO8%c`XT}Cz< zXqqYV#($nny;M7^NX+jV$1+1BIK`W8^iiPJ=V(Z-Idx(PAN*PtuTkU;rR@94TW~?H zc<#(>FsArdwFSJ>D5f)aK{|!S0S`z_YXl5u9EmqY`K25b0EYbY06e|JALfF}2&Jz@ zYRWhU+NxC5#LZc%THp9gfY^n5pIx_R4*)G|OHQnOB>v;j7X6v@>k4o$1O>7{4pw*g zUq8|E#hkBJ$&CqEto`-2k1ObvVDR+vdXG1_=&k5IVQEVg9Z#a{5PGA|)^F1OZo|BQ zt=LTbj{>?pu2s}te-SVkiEY! z&PUJi-L3NdCD;e81fVMV2>VcjT`>Otl3Txt{zu5ukDA`kjFcS}Fz=%`lKfbc#b=K9 zt@HMgv=e#tYR6xjjVig~L;RvU8k1Ag7YhUQ4MjEY;OhsY_e`jVrO&KhD4Kj1`zh|8 zTaHEDxQDt|xSn_*+)4UvsK+SPsj!Bzs!eJV_377CgLynnJEqs*U|ALed7v=8BT@SP zf?_i7pYU)nItqWV1MGhl3YqQ^Bp42UevI+$sh{1)+z65O9_&++MM0 zf#W#^xJhvPt2BSJqz_5Ad*U^T-r}b&kOG;*+%c;&6?mSEU$vFwE)0&NJFZsa z##O?(zdTZdNdZXMW=_spnn&OT6#r2ZQx17*&z-aFMRT}W`b|3#`G||H+#cUz7Ycgh!>x+YaXjq4o!(hUs>f4*8Y&x1D$O1lN(}PWfv4 zPlntydAS5=vk*0r!bYc0kcHLmja7vnO8B*kj3U-(!hOU-y>v?F*qxg=uY|1FUqCUk z|rjxbf-ZJp5aHa*ZVy10^vA(xFqC{c0=b=cY!w>D51~zY#TCMW{7G>$j$$VtiUw}9KP+Dr^R9a6HN&g}jw>jv($ep)T zB7$)v{veHRYEaVcxV3pDef4@9VJTYSV&k(E$CJ%uHTLOy0KIHiv#lHo#No z7_aW7>_vLB9=nJcc$CMU(WR|Emtcg=-iAKfUXf=w8Bjo$1uQI?X)EnM3YY($IzCg*O@jKTh1OMy(~Wtis6KVHYO4mml)Il%W z$it$lFeXl$g_D-h;&*V1c!;Zs`xiHR#nk7$L9Xtn9m5w;ee=Sv-HaNe4r8BIa&8T1 zN9pipdDO1{VP>Xq68h&xMU;@T9J#nX!5gJ$d709reLGP-J9jjZ@vHua$}l(PxP;!S zt=AU8$Xj-d z#g(`f6v=`7v(#=tf9<&`Lo7u|j%dr4q^Cgf%A7sjO5hxpOlB8UbVWGbZYg$JcH6Y* zr#|B8%|W9NXj3%%g;)24bh<7=o$<+(QMyqGD8{M~m}Za8V1b^U5$a_)G=g<7MdnlX zcv-ezKI`Wmz7I1gndfgg3P6#NcXb6sKGG1-7KZO1954(fetefCIntDN4U_{#tgY8G zyG)(&=M9oCLU4OKEO}k!ggJ&@47u5NTun)vVubEXBCOxvLP@$s))-E|dsNaiRZ|P7 z{m!Abfz1n?uh=$U_4+)qJIELy@r$7Qe%!bPTt>lp!P`_9!vPLG;Cy9*R_$-m$5jQ+R<`6LuXQ4UGIBGb`pA?H28A2CZZQk`(%EA2R=%Dj5d>6) zE9BaW9zA0@tD55vdY9X!_*iUt5EvSu#5e+g6DbBZf<3L{X1Jr9ivSF6-0kfD_LdV z3Yv41Ph<6vt}3!~rTq+&T`_}_P5PQU)0wlwX0KAy9&^<1pZy&h^bV6*)3mU>wi7}EQ%?>plF3I>;u9ahgtPscSgMp+2DZ66KtN52MDs0W7{%*o}mJTN=Pc3u0upWKMA!)BgQZHRNkaiN^@BAN~ z?mnH&`{8IFwQcz;V(tExLUdK37kn>+2kVm)4^u`p8f%)EQ#G>?G#EJzmxxt(ROCa0 z?xB7?zSz)SVxhcu&MOqw%VPubk#)CX4BubDCKDZ}+s^*RUtx}4V~AGV+Bh52R$I_i zapgUi5NOJGm^VXyHnd6pZoN9^mFa>XT{q7h$z-Gw8BmlMyAzftsF8pdu7f2Rq+aKQ zaPh;8yMI1Orh;UoJWL=Lb(C_oW4jlq=oV}7np0NWj)z0#w7YL5(?G;?|q?>%8rsuJ)(D%1Wn0 z=BZm;M_P~X0^)jdlrAP0(#@>XM&fpKF7p%N z*e(fcT#!;ujo(2qviX$cpno00p@*`r2KtA?F#bbJ=s7Smr>{?Wnj2hhvUei*QI?wu zWeWq}nvStqeM*$ziKoEU8b6UyZyy#kW~pyQ`ZTN1Fz!EuWf^0z~X2 zIfEzHl=lG(zFFHW{|$w8m)uDY*{%k1JQ0MgDI)N%Z!W&#ZHM#%Sr5A$nh?$dp)5Ts zS^j)Z0VWHp&?Nji+f`+0m7Ct5h{5b*V+M+HDpKC!607X~^80ho7;lzE?dq)SIHB}b zT+_p({Yv3;RF4bM@c!t1^ejHF(Z6u8gU;m!1kr2=vqjd{w-KC02d)nT0V`*xa_X=2 z`A=I`=PYd0j-0CGI*g55{kyhSTyO4x^}D&Wd2?eK2WaZ`{A|(}<5j6;{^3w}!)aUT z8V>x(8U}GU)X`s^lrI(Tx_xy$#!k-pQKLV?6jLTFyCpqzh}ds0hCcMuN1k zg@>9uW@!h*FHe8}DV{Bd<}{MpmYlLJ`gi^L`^zc%kbM%StrGLpn~l&sPMoYI9znaY zPvzg|_^3|)QpVd#xotS@ZZXyPYAGhd{3P<)jNf!E;@GM zS2kbj@C&LCqZGT%&RO5j-|`1wv&vu?K3vepQax9p{Ky@yaFSq67P(&JDsmYz(CqR} zRXCK~=rt=Xt$*;wdB(5j^ZfO1p2zNpC*gyGa*2hBlEQEPk2kU6#g<4w+#;EV6q?#^ zkfD+v(RRIJi$v`w-5iyt1V{8kFOU{|H9VyF;fH(ll!j>bkF|V2U?sd2)u*OfGrvr9 zP9*%EiQ31RM!-h&n-z?v$;_4S@&QD-$E422@nUFsHYKjnPV>f1k|i3E>A)lbFSE?P zlhIh;AnP}a=nD$iz*ST;e0u7Tov7(Z`%Xfkh1s>zDxx-0!ZH@kkdREXuv?uV}f zIcG}u3njYcC4}|z-^}lK8|Las7D;qQNW9)42VapixrteHFsjzidBG^d5vpGz6a7 zZlhT6+OGLPCbw>BVZYUU-@(FR8s*UC7BPeFWZ7v_4-tp#3v!}y8Pst!NB;Ud7S}kh ztRQIKAhd{~SeFQ$&HRr?R5z0iHSBAHtyk0dwfs4{+IorI=Dgh`&lpS1STLgU==}e2 z0Zgkd7K?LTo75zmy>~}TX9i5i5rJjcGHnTqgNx%75>akT5{nnHaQdO2xS9WTb&_`s zR9z4mA9ESkkp9PSS-Im6U6Qri7GxJ|`N2{=`(xk(x9wJp<$jVtBehkR+;`!rtAF_9lV%O$=gLr}Vg3Vj`DNc_*C zj%fd+n=AMJr?7KUI4s)ty4YtMqx*?Ad$-Rog7Jry*8zjsh32VtN5Od;n{p(#9@!X6 zNx>Z7E~m1Z7L$8tWV1}!v)v}0fnyST+M*kVQ?$(u*-h-Y_J$6wAW>O`JT88l3)in%6p(NCTnPGU}H=b zQr{TOqaGB|obv9I@KkJp5-B`YIoyQOU!6EfyVSzC?yV5nxH!q9RgGm=2g2~>6GK9t zT6k$!zQUeRzl*TmyqUIG^&5)ajVu`lIc_rZUE$3vcidKK8BTV~TSGLyK`4bp<-X2I zy+=XRQ<<~;o@EKB9ja=gx_k=R*k4~$LW9n^!j=E>UFt0~)NrtA{_4sK^t$-DU6C*CV>q)G0(zOIRFXcv6gu zZv(uj>U9J?6|fsqR#sE@5<#MvG^>waw+#i0U^*iWDqY1gm@eta#{(q8t?6kBNA*ma z-oWPJZ+z{5sflt}1KwI)#-ZSX+8onT%lpXkxk4h!30}e&QRA!Qr7qrZx(#Zb7@PYO zdqhfIms6O|Ek&`Z)$e4_B>#%8y$%;rn%dC3|)&04loWM_Or zyRL`S-F10NLudkuv*2dIm~+H8sV9dsg$P01S>1FauUh|ER;Nx9S8dblfKW+8eo>4Tt zaVhW~>%O2YR@az2Y;G_$>HGW5Fyjs9VGH_G#iLj9~C9bcYX!`FTld4?YBkMxcUbYXoV&GAp3`x)4P*dCY>u$ zbD?l2jU7?)$5}FA1(**fLal4|bC<3ha7kQUSuT4VEnvmJ1M=Eko&(BbQ12^Qsf}Vd z$LyeQ%z5XUsUOyTdfcM01w~10j!uhUlxl_&67`3@8ARzLvY z6b}Q_&VxT;F`nUl^y@i%k9I9ueDK*#NMTDUss{2}p$YRu2G=8>Q7~(;!~p8(q?Y%m zDV^~c-Q~bzzTA9joJIIvxBHATbnC;UG5O$bLA8{^)3i;I`*f@9D(_SLoi(quFim#b zLvj0YDFG^LaVn&5y28gmKomK;9>muinyyb@vnok&0AT4<{1+Z7@Gwn5xxiQa0`Uz_ zvE$!}P=J&VP%j{G-d5-5LjRE^_uSd@aV9Zgb?BCCODA#treTbc$B1+QRL^h+dU2vv z_4}`EX`tP4>o4AB-OR!1?Eq9_BF6oD-cZnK&94g;9zs24ZFs%UnJVhb6$a#yaMs09+Jbr$@FMp^O!JRH>^~Elt z)A2K`O8;ajoXWx)ad5C*)`+|cTxyOhl<8h-;LB&ya*dY~9A_ z4Z+67i6WySz^FG8l$^p-4-)S-LVGnPqh~k=Uobjqp9O)vI*CsnSWv^1%RqDv5@1;q zyGVUKHI6~f#`<;}Ab1REC^uZ*8PMNOlTg17{-m67@0%cd37R$;CAx(Hz%;P{;mTZ} zS{w&?E0h#LkvkCt{1hw&>!*p-Ce81utg#%pT;8lvgf|;*RQ_Gd^X?U5 zIriyQ_K*r$KmVa=nb2E8K8SQ?Gj*sroSOX~p1wLD%H|6fL~ zx}+qQ25F?^qg%SWyF+RvmtN`K1r}IfS-3C$?!AA%F=uAZoO9-!XP)WB&Z767RykEf zsL7qbB7bSBXYN>e3}9m^P*(oD+ir1f?Md8UQ=1)u7V)O#E?zxew-qb`(mQB#=$P2} z!#o9bl9uhn-@wr^PgLMp1XhGaiH=^$TE?niys<Ht?^ph0_7n#P)~pyi&fG-OQ4dy| zjv&3Pn0SI8Q=u;2nw~A!WJD1QO+%_|2F#2F=-$K_(C2;)r7;t9{NjZ>JK>l12ylmu z@KH&kgpDtrNuI^JWRY@9$EHXvU4u!H)0->HC6yZ=yBuZ64y0PSL1neo7Ct?QZHS+w z1CI3X_2>H2I6BYewROF^Bhc!#RCnEhQ{hyudp9P9C$|F;tAV23Up#Qo6Hyr}x&+Q0 z6U3lEZ=^AvWzJ_eul>X%@^obctwovvRSP}mp)}V%F1^0ppt;sBB!+Q|5VuShFMIUR zxQ731>w^5jO!p72GT1|HG|v$KJDT~7&Qg_TZbWsjHs|mKtC?3HOzvI1>xsm8=w8rk znk9D@`F$COQJ`pKoj4HC%$!&^7Le`Gi=6NN%O@LxsQC3*PM^3W6~G%{EJ{BnZ?%DO z&D!>ipM1Ydb^LVkqYthzI4+^4O;|s>h`aXSPXmFJU~F-uF;GSed1Ss3>XslnCXp z|EZ|lzVV}sv3XB$oNKDozUoZA102StUh+1t^tySnqtqVe0-q;VTGJT?P%~1CqMEE( z5veRwbLJglzPO%`lirG*4=v=-+qPfsly*tXeM=sGqYWo z<)wb_6*N`H6nH$)T`_hb>|NGM@X|N8p6AJR@h9|c4Mz1`gTGdOTh|GTyLy4F-PZ@t z8Ht-k%P;h)_oW&U*?c>Z3_6ecZ+>P1g*ZaC!36)B*d{?CiL%ab2a}YBW9e0xUoX4j zAJI?Ju71hrhqv}OJquDjfYc{sa|84l7#QMzp#a6msuMdw@8~}NWO=^SpuEn)is$?x z6@h6={5{*q|Hup8S(7*Yt+5y{iK}l&aMERm18bkJ`PM-G&dV|59w1ooqvhIJm5E7xF)n z|1JJuboDlzIHaA-g-&Z+gn_)}>e=K4O%4VSK?P_7vhHTYfYyOyM3Y=q#)xVFprrIe z?_JSwIw!z;^RJ{C@M&lS?~0+T+lKmqGerSg^-RRFn1oCfqbOI74eUWpNUK!DJOm+7 z`1sn4-9DKX#KxtK(ZahX5g&EYG+|C>KZ8<+R4e?>N-uchhWnlnwMD&NiY;x~P2|R_6(Zh5 ztL9JW6ae4uiUOc84%TTyg<~--?Eq32nud2jq*8eg0;xOh5k!kT6y2rJb7y2!%U+3F zrLoqbI4h*H`;A%>v6Z&nQBn|(RM9@-dq<#s7Sl%gPYGho#D*p5iwLQ?*&Ks(wWIWb zl|Nxbc^{AD8kk7Z=H#4WlVr3e%UV*jZ48seOP^+g{O?Y)BzReUn}NGE0>aggvU5{z zSDUQjXDM}B9mvQy^(6JkKC(AyMe@(E)z-T~+$3xFK9^q~kBhY{H85^?7yu?Ai=cq`cN+bJNlFilwzZOiQb7)|Juw z4Co4*z0Nm=D0!q;yHc)?Q87vCk;<$& zw^>htE5nXvlb+tqwqr^A^vGs;XHH3S!`w)RD1O;jd2T#gk*nNdNZ%8!?+C5+xWx+< zd;HB12|s|rhLBGyC(>Ohz}^maeO@jMkeGRlSFt|`K)Hr_pSUBht^*vYAFo6x+%LBG zyQ=-P;kimP$tTY5ibl=E-6JK+a6H+94_3NFbmfAbo&n-ts%esU8IP(Gb`!^~XYvyr zkYl)MzLr73iywsv7GCKd*bOak{f+@3WC7I-0nELr;``y2JUJ@h%2Cfxne11y?+)}X zRF{H}xF|x{=qn0GG!-iZXkoO^0Rdg2pI`bu-Y@`{El&FV1-a-N`p8#&!u8Z5PngMPvh4aFe(gP}G*19oe?}pz zfj|Db7p^cjg0J-_wP`%#Y>NR|Hk5~JZRAgl#YkVNC(BnKns;v6FB^>jf$$L)0s|$i zj{(m6_sMY9!(9l9FaK{BxtrQcpg;(WtT`}TsiP^owgq%ji=j2o*2=Jm`^$DSt?T@g zg8cQSoC~|vST4B#{|XHhe-XqZ)NtF1H&hjBINHYpT4ibj7{!8rnQ~y3Kat2-y2^Q0 zOm^nSo!j4BGFOGMT_gx_lwn}J1Gr}bKqCuAD-L0af30$7V~uA0UI7e#3gQ!u&<+H_`ppz4EK_WQ9WeOm<}paWJsA8Cih= zTO3Y#>4cWlIpYFh->$TQa_wiSTAt-&v(3WecVxm3D6%W9tro8RJL(HVq~v(jOMUC! z4O_BLhbhQwr`l>uI=R5cK;LC69DI-KUI9~>Hfag!-3C`Ma-VmWL}sS#1D6g{dHBE# zxs^$1Wva&L?JxIQ4?eVbbUHpi9Gfw&MN@6ep2awj4LX+KrrPxRx6QH_pN-y3ah|BE z|Dj12{xc!5_`U;OZyTr=$y#859}gMe*Jm#msompQNn z_@`Cj0L%m zdg^RO4Mb%bUFm)c{%i(Suv;hanF>Gv-Z{GxM~I08))X?Rc+*5?EoHrl2e?@j1EUE5 z{m`&mhB=3HF}rIv-6Zi$wmf88+SN?PdK&k;@9kJIe}@6-*`k#@6S3?IL0#fAJ{&;h zg#kCD#KYmc>*?>Eo!yJ)XRE-nAX5eW5aW^(lj9fa<|krZYdbK$)l%Fdo>8-uapt?5 z1{u%3BwdowepD)Vu3>X{HZ04fW(&gRS9P%1?*bI zB=a8lCryIM;i|6kjV5qPsY%-2&ptI!D6_bF`Y1eZK+w$v9^$RAdyxw-zCPgCv?B*T zFd;o~#|r5FOa3$%0D88j+3Ux3{&Tw8!`+fd9tYAu)^;HdqR~F$xawsEYy4VjNSe?` zN(a?>2VhkG5r4fee?XPfIWX~pW|Ezyy<`snCStfgz$}NoMLw-)BU>3&{kAA6Q9UB= zgkqP@zvPsU$WE3~Ss0LS?aJrWpVO$TZ_N5Ut5wR*{ko0&C@OT4-D3W@Z{SVdHci2` zkm9XXTuAi4pz^LHQnM0vG3tTc+nr?~M&5N3%r7v$YV1cD2ORO5CHaa<75?T5F&C1AjaUmxrTVR3kNV%)DG$zQGMbMLw z|ES(m*X~FbU%|%i?Og}VBRFSaHxU{W4{%jtCf#H-%p7*^S*L{#eOP{Q)7~jO?!Uti zm=8|*5_dnSl#}H>e((?D%9=6eb#^gu&<_~50PEDz?seDa0VEC(rNRZrqg_E6z zsPe`3xR4wSz~|v~>|;Y)VA$lqoyx{N$)dPs<@W-O4PIBpK;eLx zC-X$I>9;LnS9&9Iab=9zd_$V5?D%B=wm$Fws$k*W5|?v?eragb9iK&(7=K_%pjrM4 z`5K*nO@Vvk6A!{cR6mW>PdCCRGeo@!MpzSeZtzo3U}C(NPQcR96M*@bs$?Gbfa~XO zq4SK-Yf7X(g(cyP&Nt=O+V;|RywxVafr^Z*b(pm){l8)N8*gn{Gbv#OZOq<)+ zr$M(t%c9Vaj1F498dHvkcqdY0x^e_}^TPXj{iCB!$Iz-VZ-fGSlZz|8^b;RkpwF*G zkDD0fSe>qh4ZD8lVCpBD&{#B4Sb2!#Hoh&CPD4a}^sf}TSBUUm!Yml)D1}D<`B{=5 zO}X{;_qGgj8;s`e3oC4z?m@@qk`FLmtai0dwOKQH_6{M@17=hYdTR5 zu^qec2WKyBcd&9tvx2?r^k~$l5i+B~&)zUI=AIicmrsr6=%;_Z-ztb}`{FSq>*mFf zfHc;AV*FxV2HlgscHaRWm8epvjUiYYu2{FeB^v7Fx%lv5CO9YWhQj|DWmyz2?TDLR zpK&CVY;oO0dXV`{d5}_S7x?AJ4h*d=14XvS3|RY20yzlD+5kKJLfAy&4)fwc*;t07 z-i%34l+kP(!ECdPo9py_;(-ca%k(1+u|xF?EZU@2QkK_7cgJ{gYRFXikjkIvYE-y9 z<=ywu`RHG5Bu8GQ1vVqJtg!JD>5TIRzE&YB^RlEFF8wyq|C^*Wm<06e(Rj?q-H5rz z3Qu3!UsB+2&yuI<0yFkLV9er6O9FYoi`OzgZd}GGSzlX8xwg?}&M4Jtyg#ijg)yJ$ zhenP{BGqk^!^q~ImNRZ>?ceeE+0dLnzkr`GFBJKt_}=cB3*w)Eh0b^X4g{eOc-VAZ|rStiypl{}%l|0HJHNan6P8wHUb&W4gRqGQ5vyZRg ze%bSCa(F&bJwUTo+P(>8bg5OY$7JF)2gZoR;AG{QFl?nN*W){6h>w}P&PjT}ZHhfzTwi%*1 zN9k=IJ+{3`B$UKq2o@w$M&n$-9zs2%I_3Ri0%oP?M$t!@1hX%`*;|asd-H2w{)FuE zYEo$!dQ+nmcWIMNgKd1jPEmFTLGpnr( z=E+A4w9wDH3k|3$aEB7FYFb~mA`;5`Ng}_cd9&}E4*Aqh@1WFUF%2tT;c?=or zTl5A#l*Ea9fvF&hF%Y_L^HsCT>*H#~3nj_@|BViz90R7pGTxo1IM&f(N>z5OS!^?t zI-8uePIG$D(D2p%Eabq|bxu21db_Z+ zZZ>{*dS-c%iD@2TYLeXdnGg$j8g3@&y)!&4qQ2Vn47`oYC#%O zu(5(^YVI{tc1lE~FDBm}JNFS9pm&9NukR+aT@;sr3| z;mE5dEPzLF*;Kh2nZ$B4a${kqzQZp2^Q<^hz^XkRw+ijxOTX+4j}<{ys2dCo&u=x+ z!-^2&Tdfx$Vi5Gan(arP5F5DnQ~I0nbf(KFGDz0`l?)l(UEyf!jn(!AUkLqttKbYi zw*Sg^-s??7MGysB2m(qo}j&&BsGPa)1>4U?X{^KW;?Bgxi! z#~VDZXQ5X4mV5Bw$&UIY1WUen{N#UsSMe?duK7joG;A4H%{d$y%J=GYZA&c9c2F~F zgOAF|MLtZUl=P-=7-jeCX{&qFsz?}D_Q>07O~ zGA~-u8I7`P9VgzGQA@G}j*S#cs2wtUs>Df1o-j-mxJwlMlD%xJElM%2u7;NO*}+rU zU487XmD6_xaAQpUw_v_E7Y$yC^F4Wq z4|!gmv$w9WQuxw?H@G!$oW+Q%`&}-*HyZuox&nqIX!lIX!RhQwm0#ht+@H#A43Q2! zKK|DJcRscsH)ak}$$SNskFtp_-weZ5s)7mE2LaolY}#I}kHg>)`#`t`8%-D4cI>*c z|4F%#P|`;P`1|himi%8nZ>f5MkSnF^j2irk<_PEE5E!!lT*_AOs>%^6;+bq*Ur{f{ zQQ-x0G~5{vqOaM|dwi6A88A3-dw}GdJl|hv^7NnN*gWy7*o$V$v%Z^L-<3)S*~4eIW-VPN z7HHj;%RI9QMtS4VO=mb+^r`&cIH#G!azyRq1XDXy0SBamKD%nHin^j%4+b-?wFGlTsOH zzt}&&VH&MhsAiYS6=hvtNxaVgm8KHeJnICo7n@?N>=Q%$$EWXSO%<3m$#6%OE|`~Q zc}q#~-bHLm-hSoWU8ftLC~DHSIeCq`(h+hT+jja)xjl{26|UJpPQw@Ty8Z}Ms=WdJ z2mxnoprmn3e%|{kQ`W2s#~ZWh6`ok46 z!abVj6*TwA3*R-z4Ynxt)HWyzs>et0l zmHf5qC@70x^A62&H@=#7hqjvNda6&t%HeSJ2d#U|2AKO6BSh+&wkM)89;}W8~xyHc{cLuyV-8q+1urSbgcPH z6o5{Y_NMgOcXc4SLnrzh?sfJ5?sHqrI1#41-NcVXuh=}9OrhABV5Zd*gLzam4C+gC z4oP6L8;9MZFYpan>~sB4Lp~~UbMj~`l#zP(2x`*E(8YN5_-eS(G95cnN}^vx%&9`6 zd|Pz!mpHLb`q^FOIdN1H7P_TNd-)svTt(E1+{_D~9JcE<*cCG!0&*Scp@wx9H6jgR&1+ydEbJ0%QeSf{Y}=}z~#Ysxd*q-N^YDQ&Xg__elw#H5XCuET+x4Yzmx_4yNOOht%5vBkBug^&f@)todxDpQPri0 z#gvO32Ilt23zKNvSYLpZC9-eEedDjF6eRlhjNZmZ$TYou({wJ%Df=(hNit6|OgIet zb1dgVxLQ(I#c08@m1U52%k2C{0g>tVha7-;;;@4McX_6-8rFQv;hvYc7yT!1qW`-A z@5QWH2;sUXU@VZ2FJ_{~?VtMMPo8&ctNSSEXI#Pz<`04k49IxR_Y(n8lxO&}SBluQ zep+*^Vj_JFRKv|r<2`yq%Xrn7Ve+IAqu(kuu0#_j zlX_JaWGL%o^U!QbrtFk=cTrBojz>AEb4|zF{f=^X9sS$8YJa`NtB8!LmC}WKYHYYM zbDTokP!t=my*MXMT$*CGsYbR7EFP!Nl)!*Ddme2yL4j9DWb1jcTrgCRdxBFxM#O$^ zDt(y1OX>0I!ca-#Z892H4aAY zE>72fL*f}Ow+&_1jX1J@TXdmOfp%_IL`?T_aA)8XeUDC$IDhY~3ZwDe5`v(=vV=y{ z%T+C%OoF}Ic0SkFy*3(`+Q5Ee15gH-5+@XC)N<0Ipf76fI3XLO`5tyU(HvHPo=2|} zOIEsvwM0i98Qa&dPkDl1^6^LfeqpsBtxU~h*`%sfWpd08 z=TBWB6C1EJe^&_$rTlEX7@%Bo!Sosk#T^lj*jk;l)@PJX=|BSJ(glCp+Ii&pUcc0P1#5+6^|cH$ zJS&%OrW>tUV~;HN^OJe#oHgVyMI570wI`#>=JPx@qb6%X4SJ~hbI0&8jMpiEZYRZQ z((9`yo{6IND-UdRvqJxGUaQ#{yGbnJq5Vt@f}6bG<|;_ztuT#P(4W$yQpLr4E4ltfR@WrLZ36x5wvp^V!Js11u5Ir>E@S96&qU^Cc{n}XdHwAD8r1>$f&brd>Vw)fV+>phG7s-pF8!W?)t?i); z1Z$u2Wk*HKl(E}vn5tvQqN*KUgi3JtmN&IJ^?M^vo1(;=;hOzodQRKvi(9{scd08Z z8YD@$?u9T-WVs8>qCkrxg!Uyx6THP3Ed&TEHlEE$0ZU`u_vM#}o#Sy~G%d0)`YU3p zk%&|D>Abmn`F~`k+Mq?Q7mptp4{6?Y8tbg=KIHF|u^to3@Z5P8X&O@DNJjsyYG`X=RXm(n^g9q?2+f$11_}}3m1ILuEFA=46^G> z2F8&Psy5Q25mM^=UGMDfCo)r=%7wMlJzt$+vmw(ZqN^DyTSl><5QU-Vxp1dDD%aEB zIfTi+`KYc!wyq3n<^BC!NrTXb9L|oN*0GbNG)x}#I9 z$?WPdttFuM?1&~+TXn|I$P)cMGv^U0*XJA6et3IZS9`avMXPe=JP`S#p^D{!TtWLw zhv0`CCl75a1oZXsctoWh%Cfwj46~|Sg_Rq9IucFp65;yrxJ93U$d<<$1iPVjV|j&6 z`7s2fL&DiT26=O`6#cMoIgu|mT{);uxGJ!{e*JA2Qlq=Mx#QP&HSaZd2Db`bPKz{F*MGDgr?a4b|4B@>uAoKsH!U0zLh`w z`as#AmJSm%A5~hSi^K5nTVnuO$BLz~_yt6`-K7->EHhv2WE>SFkpLyltI*=S${1N~ zu+g;`9inU2YKrFkMV+uHo8)^Hr z0(V1aF^^`*mB2+f_TLO;6(qR$eKMX{a*-Hf5r){t`5PuKHNtNbv&5rr&)#-!z-#J!V%1Q;fz!|CsMgS$fKq$?2p( zC4qNgBVvZV*}rP0BsxNUCD9z_$2aGAl|DBXdC&t~uJL+TCrFacPP1*@rbi%mE@TAp z+*sohnd8$~G2wD__D5@ajN~Na@m-+J&dbkHo+p2FL|L$6l+UhC8#8Mu;yfIFoF~~g zLh~q$zu~Rr?g`j(iLDGOxX^$9BETZP_%JJC_1o=(*juL3JwJ)q_9}+$7=HS`q>I)e z1Na|xIUjD5ifLyNv7?)Fz{`XHOXuVEo{T2;jZ~Y@v;I@5UdcIe2 z8tWp(7S5@g(dlsnJaRZhrr4?5M@&B{LM}^}#>pu61`uWF6*5W=gxq3k=-mLSmlGbW^%Tjb^&eDRncchQw${#9O@S6i9|2`D7y z|Mu~KwE@2kz*XLaMNVlvu+p0Zo11@r*cvp`H%Ner0~_9(jIds9_9N&n|H#HM_R@To$vw z&>%J8O@C?HNGogYsWBQD8RmSfU+pzZLAu(p+99Z&B|^@}guK|*yI$XI-iFe(@NY*` zsJI>ydd_f9hFBxV$9$o9p55wNj{2bc^eGO5G{sJdcE-+gyJ((r!8EI4ZOIp4nzD5z zXiGO$_)J%`=?px<5>W{VNNn zGdcEAH3SF0vCfQu?Cn_54t5QFLnh&R9xF~84{^2hVEJbRbCNG)d1Avzd+|y%w8y(TkwC_u)bEIiA3|?QEajM?P8}B6|WD+6?*cpB}PQ-{(|-I zgh)kj7zj(Av|RzgD=4Sb8<(NcWl3irXTQTpW2Ny0+c^LS2@j&fPURKE{f7VqK3Z zkCgg$R-lto{{GL8QtgHp&*LM~KyEnEnmtM}cppoBo%=_Q=eH|6Ts%bV;(Dw*P84tU z{(Ig!HyXp6sJ8aU72HEcIQDCDy6SPEi^gh!u*hXM^VEPec>(U-d;&TU_teWNl8f?= z_)-hN@JyZ?bg4z_eOHLhniGBnmng8Sa3@*L(^gP+MRP}I`_boQy1gEq9hDb%#{4u= zHYZiIjJUs&ip8bXZmhP?5z*^-Dnyn1x~W~hj{_p1&ITW&n<2X zejv1%KhGH~YI?WK4eSUV{?GD@j*~}>`sv7~pZ=JgyGPVvF*R?kzPH!t=K?9zeuJU} z>fz0jL}6x_b7ni@gO=rZWVy9QnV|huB2q0zbd*N9QT%S=d@8bT-|rfQy#{6PSv^&v zt@46RwSgXFN>Rre89<3X8=FGw>qu+;f1P(vj+Outuj|FApY;Fd-65gc{sD}0T{-JZ z(32|}<0X1M;7JipNR%@PWVhC1?oD6#y9DnJ=I`*#&JeV5v5Bv?eG|_vZ5936I=Wz8 z=x=3*@Lk;zCG!TdbzqhKIvRD+vVrgO)uPsFsg;n?r+cZXVlCtnNDu=5dwUIkcc{!A zT-}VE6LSz0tCTc-KGSr;2o|HqZI6AABwKlot7DqkgXC&yzcBG##Ah%%>*#>_nH{Oc z_!H(kHKP!h8AU~I*$pT81nUw6GS^7M=MEMPJKx{H&F{WALGA=*^}~6FvnejFwagIr z8CsxFgT>!5u6no)+b27X()+sgiIcT*^H3adMyYS61Z)c5KS-MY?w1cX>6CZcZRGJ| zOd$lBe?H&;zF~LLU+j+!8y=DJD?Wl5L5XC8o0*$MQaYE#x*iccSxjEIq(Ou>6SyEh zsU)a5tY8ty_<6hmQlYQtj_ddx$g(cO$r<`NRbRNs)$4UhWK+7ZB$ncPQWVxUJ223N z=F^0kOOb z^^mB@{Kyh)3i+zYyK2?c%Y(^}lSzTWYKdQIC9lMX1`m~5cG~)A3wns`riHBw-j`*9 z1@Wlg`wu>;iEk^`HZ9DH*86XABV+Q&`w109@~fnJJRv=hXz;-Id6Y%}`dt3hu=Vy5 z!ZX;Ua`-DPGu^QqB|a(D>6a>Rk8EGcxKjEg`mKtt`XZxw?_A>AQipDC>6WOY6W!aP zT{uH=Lfs}E+H~9goAqEDC>yRjR^5vHwyA7;cCP@YpU>2R`rYRgAl6q@=KUI{Bnl3BGU1`UUMDvyF5pFt&gvC z!>iVJrXK@Myw9Rxnc2ZE7O?bk-@$8k%Ptpaf^K>8?Z0YmPywD3`nQ;4YhAne%qJ>y zS#%P&9ngJ8)ZcVzTi*I*$+Jz@AIa~HHeM~)Cm3pv<=R0MlA}&Li*^j%T2NvNc^!`| zGY$szIpCg7Gpy$$Yx2sjH_@+34Y4fawhg*IbnKUPd)I5QxLqmt8`>J)t;p+CV`;|k z(`Q#fR)yRXXvKI98=4RJ-(vgRT8?N^&FL$@eA?N)6Ac6V5qkN1VtW;BGSEo$52i^V zRok$S`P!%RWDlaPCsZ5lV@TyoF2+mhQ`+)Rps$$(uXNh5e;+--JTR-%bQzf;dscb6 zzYw!ppQ@Kpb6WLlRa6|MP%Y=(e&7hv^l4Wec=NX|iJo*2osOpR-r3PBQnM}bX9|9I zG@7oDb~lrN{~AKM37tb1KOEIi(2~G^fhgUnU5lVebPU&7u8qAioDCf*PL(l!#SRmB zex8uMvgJx-3cj$vgXtm6SB`+d;wZuHQL>Wr9!X0s_uT6G+c#}SoGy(4ZZh!CBgJ7Q z+Wga4Z-w5r9V~48t~*$88NYkA^ZO_`WIxpcOvXaP9zT`aPJ33~O zPfy>qx~A3a*3~}iz?SXq8oCRw*-cMsMTlJ(@Y*I7n5&JjcH+^iwZ1U6CXk@7$O~)6 zW9UzbLb!N(Z^{!nwX++GF>y4QhyhaJvFo|I$a~L%yAs0ksLu*%QyO-BGGo|x zH&^PyFM0dTo248S@+&J^+%AeOuSzL1bsLsHcdY~0K3KY=%-_YFBCOAFe(7iLoIVBn zU|Hdu04)&viQ5MN5vF6&BLs!S;l(vE$mwrnfu|X%8td3<#m3>p<~6>`FmG6~w!sg~ zNBu8rBuxQ^(KQ7NG^BQD zH_T;cXG^B377@-p`O!$)BGRs88XrjR+jdT*r8n+8_LB9TaG`n*oc#tjCKlWX@bIG?7_%-c6f5JmJB>TXa*zlzYXiRDj zFI?;9FN;gvQYloWBkga`v7^=w>pW-6dbLgZd?9vCowgN-8P(X>s+#^GSn#JJwNTe) zm@EKm0Nf7nOK`jd%kFshmu}QU33h>(tMk{-%c;6t-n`x#Ut#o7HvML*JdL=h(aqSe z=`!wntuR@dxW4!|Nl=eoJjlmvF<$i8&oJvKyKdonrv3Jv?W21b$Ujx&VtfM8*YIzi znu*s3XXV8)k*t24eWQ6$?;ju90I%#jb=L}g!x~JubDzy;=qLLnow)lU+Ys%ae`d|ytvXo$`BZ;1cik%sTHiMz z4O)_C{E*g){HP~lTfZ3SL$Cq6fqvq}*SB*;Qon>d+|}*Tiy^Ef7hhZUp{hWE z>Z|9$*iX>lIXsa>(uXE1?xh(}XS+|<1KyrXRYPKiI6HcwqS}=_S@g+>s4gza4%qv( zf(dhphOT&MdjW`yGB1*O>S>{Lh_$hFa`BHA3dfkFXTCGF`2jzPPrTPN^;b)*V!P!_ki|WPX>xZvsgF z36S2=*4g_1VF4s@CP&k!f);f8Q=^;^q|{ezw%66w#1gA*cXL7sr2c+>z?~&79?Jvi z`D58-1Lud{-;@^&le2ue;xsG01|*l}at+0cYhZ=YZKA=y*265Q`FC;d+m`eBC_KQ) z{%`zurW|b3CB}~FQV%wcXGLam9SPV3SWY4UIvMtamkYV3vk%MX-WiewEPqpES#S!I z0g>+%f|^`S1W<^bSZ`x<=^`=Jfjq&+=s@XiL$~45z*qg0#)+o6#<57R~b}{a9aB@ zK2N4wsNOd!M{NN2ADd!_8MB#))sO|_0yd5&=AWi^&@`}i8THwwM1MI#)O;U0Z~A$t zQuU-*^tbqnrkc}^FRIS46X{$mTzs9e~FE3ymZ*l)ix%ai}w$SVm#b6dkg{ATe+_FZ5!Vhqqx4 z+T~xhn$VByL=fi;+!u46)l7Hi)WjCn3bK=`GaVR|{*M*f-0FsNyeAuPf2->zo(>{i zTw-ply>2h{U17`q9p7S?NVlaY^&W=-|9=`BsnhZMAc{D??3$IQ`NISyb&2ps!Gygc z9IhcL#=6*L_OEqw`>}vTsLA>_FOFxa9_TpP$RJsRZryLFCpiZ%06Yaz_qL<5n>E zeNdXM2^K}N?xpexv>^6VL?DSytymUVk^k4Chz~hTe+k)2Yw%NhVq^$L(zHl7MN}lU zjXZ2_$@x)#Zd6@dsKe?w`VGYR+Mn&#yac2gvwWK_^U9ZCMS|GI0B zTP~6Kk&^6z&};qp?VX*X2ySLV%qG|n&)>!uB#9N<26ma895syUziMeRUp@I!jF1=)ETW#cK zmpxt(Ie1vvDED;w<#^msYxE8U#0d{WS>?0G7l^l`8? zy{X^GK1YqW3TO^grVL}Rd&1Bk{SRo7OX^s&T1QjWBa$vYpz7T(eEwF+=L^kzKgCR< z0X}ZVGWEJwY5XCJyhE+Ro7n}!w%tZ?4(l>aRV|T^8cK~mZlI_1(EX-Zg4N(S`?mjl z{pLIP_`ntMAo;@#Fz61$#6b)sa`8FpzZzhhs_}2r^gR4lN9=cw?4>i3UAigDk5NsBMcxspj`w5# z4pTlm`tGf<(%D)?aem0^QxuQfY!uc;<^%0Hlm2Uudd(`>975SqWiwm;nl#X-!#%{{pbIBGs$qPZ(ENG;wTP=7B326KMjuI zq|U-v6UFBwo?O3$gae5+yHrxn#-tkIE#PvtHd8l{R6MGJeT;cK@dbvFJu=ID@GG*6 z67Ar^o;|(7&_brMyrh(>A1P z_lEjcRC#sVa+Z(RW{OWxN*hzj>~JyXl~xtq>p%Dt$`I2>wr*Cb>~SenG9OM~Mf?Es zsX-WWrL6KImrf?$i^tY^FKRtP9Nxl>a{oAyNQPtmi^4Ctt{r_Y|66&Mt`SO`?y%Z3 z-e^^&ekbOV%cf-r+|x% zJ6_u+Mi)R$|4dMJT!d04Q`n`GSky^%N zlHpSSLmY(+RkiE?Y!vAQG38DyHv@O=lit8Is3G@HbdJupr+yU_PWS7Q!8(rRwg~0CF*}I zek^v#&xEiNY)iBu_dCxHU8%#ee08q=3_8kH?tSh&a00**{EA)&a~%e|fE#*fvu$ook2B@Ls-TR`#KI?N8Gs_U4wuF=TfHcjr*e9b$px@6Mo8 z@RBu`&gUGY-iAf5-c%tuJR{pf&Ds%wn)b%=3^kmV9OY-ZSd% zbsRe>h#X(#L*7RO58xolRn4&r_S?qkQ^g3+KJB}tf?^42AhChILJW=P&@ZQ3UU-@` z^}i7*T|}iDPpsxJi4UykyF-n5$&3CIjV@l~#dM!gC9VSu8sYtD_jl|q+)md`V}chM zYTH|Citk)IvC3REN+kw&W8)T|u^A9X61Ak&>8b4WP$rFyMe}-iEhTKiIOWHTG^?~? zznVh#!my*`_LH;!(+Q-DskN{ezZu2)j(Ts3RV00M=u2N)xI8UZxopPw0QGX?qtqw& zO4`|9u$~pv@G?_om%-K3R0R!-1u*F8v1Vrx0kETfbU!iS*#B`X7%t;niGH5(RTICO zOP}qxT#BTYN8jB1)n>IxMZayB1AOz%6~bzIf{BFWn}JpSck3!lYI>RWluoNY$^KH- zI=1-P;r6MvE5YbdTTw@{vT-Q(ha{vSkLFVw?v?#H$VUP@W&YZk+LG{?Wg+E zkCNkx>tNi<_fX&hUuCdp8HI9pbf{E5g>to+I$%uxX-zl_p<$pAne*xbr7M4&#{Z$| zD*T%4-o7G=fPm7ibm!<)B&4Mq>1K3?0wUcZ+Xw~80n%)AHya%?knRvhm+yRjpZ6bF z-1j-x`POwE%TxuLxFJE)P9$v<+w33p+|8~w=XE5K2;UIBC7x^KN|FAKpUbaNuI)n+ z9TMPC5sTG;c#mdJ5F8B9vs`%!xA(%^ionVgZ~HEjI|@5{gkSb^)I<6>063@5gg$M) z_(h9laP>?TmEBkdxEWFxM3QYuX|6RoG|f4={xvv^9yY0BBS{k*7X%>9!zQAKDOc%UoczSJRcPMN&^eB*-yv3oHg=2zkT zucUlx7G+k6*SgE%axt(mS_}&x3~WeFmuUx?@l!T3SC7)(3K8Jz)fyq498op-f#2VS zISo6#0^@id9gV#Kn9|vQC~+ZW5j7D#W?jVdvfgU8W21lfnR%Ae01D28Y{E#Fbk>Sc z>u5xeq|oU4g6S)FaL)&Fqy^H3tk(*XPU^{%y zf_vw<0m4cZAyw^O2xADe`{FBg6^0RBs%id#9giT!!Eg3!eUhtPH_Q(ofa|EURyrL% zsD&&h>q*>3Y#}ZlS#2JOyk?TC|5UZ3gYkNv6E!J&We6AHaKg^LRLu@y{_ z>kNg*zNEht%mx2?Qr;#8PJyhV;e!kTZ>BSFmg4smy(YgOb) zwWND?OS=o@U2gEkg4kX1YKUH5t@H<)ZjRHy49ZT#(X}sLgGX54z9TV3^^cVF zNe8kx#E(|NN+R(^@E7ZKSKocit(%yvAjyC0!R`Fu@c`3OML-*z{D_o;@iD`%>DA4S zt~a6iG!w9g^sLSt5Rv}J!W)EtUGfqFd-JFWV;Sd5id#(|d7{KbhzZ0m)$%tsr5m3z z{ej;xA}dz`but(H2hP$wAX&1?Ku>30bZ`W-dXjZOQj`I7BsWWj#pZO8lp7MsU*XJ-!JKo(UnGS2($Eczi#T zv7S$xn!u3L;FB1s;@52%bKqZjznoVAuH`&_>c43~mxsU>`$l-+mN|~Zf$NJRxG+F&N^ATC=_sX`5FP=Q2uF>(4>4lH zGc92KJT24xnTsK@$?6V){sm{txq!hoY&$m=vid&E_)NqA z8y&xDGW%|gMHCv!lFxSOXHsjAwNidkG+#lIGZdijv)K|<0;bjP{VJ*~zm?gM^RUWb zos)A<-BoTme^F~$|E1;;NPM&>H%=dzm-Lx4?eeaOLN5BJ!oS^yqBqBR*(|v9!^@SE z`s>*pTV6C7n4MfdqVJ75ZWPUwD&aA%j^zr&(X4FiZ@|c)4 zy$Nulph|C|2)WmM%@gb3@>W}7>t(5d@=J$%zu{GK%i}n+^}tZ5%ygc=a2nlRdx#9v zvM6=GEf_0t%%QyET*yEqu-`fbM;{$?%A_AQ?e2<1;(q6INZ| z;$3k_Yitklzu2cXsh{QRWS6vS6YiJQNMbpRe#b15s~S+LD&aKzIqH0-(qZ54FG`+< z;;?Q;7NdrKw)hXhRxt-j1K-qL^{T@;XVxJ`YATty*9YF3G3)W{5?!^741J5(oz4EK zV*>M3q%k4c-9qXZiLmyQp81mVcusR=fJxkE5hHueZ^v#j4zivrl?zH611pKX3{z8e;c-fhfbt08T6s?vh#CkzT-muv@b zs-5ik)lj`^+}6dMT@?TQ#sQeiMgmrkQ*bXt|5r>(;KrfHyTr9dMTd@`YF5v7Ml*a- zR>^KqkBdtS?(}zTk5^fI6_S3DO$@f(@2X0fR%edOwkU$pm| zhK4*LyE^BQ&*lEt6es_#jcvod!F*MOt;Q}rJyrD`%aZ+P1|!BGg^37pgu*&;uCun0 z3h_QRFX^<WJN` z=aL~lzTcKOZb5FytoiFZs%l|dA;>|cnV=iY`!G{QMF8%4z!RX(^p}!g?~XS%5crp0 zv=8%M4gcFK(eVW{7rZUdjSiHUMMtagCYJ$bF7L7kRZDE{Ha^h%>k-9(tEvb$rRZju zgQ_)m52jU>#UOpeD1}jfg&-nW0uoh7NhRPW$vb(@Dy%O8jMitaMY=a8lI2>sg?0FKHz>`^h1BlWH}ddUR`$z0Yln2+hTpkNB7)gCwRGrE!$Qf-et~F(Rml7__{AyPC0eHAw3jceqTIs z5E>&jD~QtF8wg`1(D#ip{FG9$_c`+~b`ro#T4w-P`PH?CJLO>bCg97l8>f1SIoxTp zto{!6FxbW>^$KluR8Ut%C7OrMo|!KPl+Y>tyo~qs!eJs((=Qq^=({XQpI)(82V~1G zN{wbysYjUfM}sOC^PV6~sWElb`#(slh&>CtqY*{a?*zl}{GIi>31t63bG1|P&mLo? z4j^6eUr$N+qZ|yS*HscybQ2RANzzd2BsW9C_Mpw}`PY_+*i#vDMUqsHS?~gTab+nm z$_Bv5!H-)UR6crh&Z-tiJAEiEzJBgSLRt8UG2JsBN-l1pD??pgzqsd9w zwldZ4w^n+T0mr(Zx}&0kwL7O-`I#ij?wyK9`>l2Pbc8VwT>RfTYvrAx~G*XUwu<_eAe;m;y9pFb0k^U%IQT)l2R)Vj0i&t)O zNUxqhYGBGYSfA@x=X$v8OVRUmn5qjSQJImn@@>cbrYA8ziz17Vgqb#q71vEqX?c4p zD}BA4i8g1lv2DCmxqd>l(9hD%EdeRsIBi)EMrtv>NE`~m%vDbOeL}lrgwmI8s*Mhz zRzcoACy3RU4ys4Vx2~=!+KLo4DG?LNlUPiAO_72Thv96#>j$ovY# zbOM2DpFP}|@3M5_@wx?#>@7ybf2zF8e&yudz&W0(R#UP{Tc{LX6J(=T6CbDrwO%sM zvFdRGGmD;gwD|}5b+ps?^}V)!7BH+Rf2Q)~kJHe-r^l&6Yn^PP+*iDK!!M7DG0i$3 zkt5c`7t8~_MgXD$f*YY#JyjS9>!LP>oOAxSrk|z?dz*O4x>XO?Fa02_V}g--8Wg`qG3~IiiF^>t9}|Om4^#r*n=;sP#HrnnIBo&R&Rgz%C&1I6&ynrM1U*37i9}ni`^mVrxOWAO+HhpTdkMS z^?Y@R@>?g!CTg`*0v4RxsH)dM$@xZ*J||0?;Slp3_Rb(g8B8 ze4!h~66dS7Qx~VC?%&+f90ThC4bN6I5D>%$6Zg)!4e>_90%b%>o_?G&AYS=->G}o? z5kJ!~63``ZzO3t|zJ)o-oBwN(`m)?1TnB*|N%##(Q(l-iv>+}B_w7E|^rpy$W@Y-N zXZ0xRN5{Hn#BCnPcY98rmZXh0ni@5FKbs&H9+I}bN9A7k+;Nui*=HFfpgZ4XK>A#N zhsZe*1H3$n;8*Fn9{tmx*IYua=>#G#6IVkVEz+_)IU$^$-&niEAw>2zhg}o5481Ii z5TB9?7*?I6wcAh{4pBgcW90)|5&}+bR@q4XP|3c7KbY6rPVSkpL7s$kILSX{(D)DanHCRc$KLP)Y|LTE+0R={tlsu3-zJ84 z63@tRh*<~~Qayt*?_=sHLTGk$4jWlt>MM&uW0qd`TYZk%1FKA!Qj}(*A-(zRLgNx< z?pxu|OACZn49`oMM430m^%@HrBlR)j(rp=nTGISZt{-bsfZu^UBL*?-pCT36z&}mh zL=DLwLGEj({#=IEhjy|Xu7Ha z5Zq#VQN9UXC7^2b<$mt|qL(I6I?H@zbBrml$!FdYSyrF(Td`uEkNKcM+^KW*jJ=_X zTXKs~9C`MZ1$Tk&>5UWJ*$SQP>zIqn%ks-+M7)Ma8t5u{p_l9<$pXe${$INE3Ubc1 z-{ka%<@eQxHXy3alj8T0q43em&Q~bYL|zXIyE1<3R5y|=o`fBkwRe-vWX7gM-$^Uurn!`LA z+_CUVL}8{JqO`6bCkf&|cdD7$ikG0GPg@lv%6Jg(Ot;Y|tlrXd=6bsSNMXS=NP=et zdpx@NnV-W~+txtNi2&3H0O-N;UR52(D{gHt3aKs_6G-990MN0tx@9TL75cKs3fj(( z%~E5XLq<>HBaQ94l+u2^>(9UH@5-4RF*1FD0eAn_?J9)IGQoddyS`0`n?&fuIQwnR z`3kj8f~8%B+bJOlm6cczgSuw6i}q%}xc^$!Sc0C)zUH%JV`{<<*w*PqAv5Ab0w#R6 ztv2(Wv30P1CLv6HAnF7=bGR@IiDDV5p|E`2RuDyF0PDZ9(4`%gfbw(+i2FSgK?d8( z$cGwcFsIhy)jN8|n&=DW6I^A_V21gqsUTS(bQ096oGFGFc2tw^EAacg#DG8tpMIbZ z5hDHh&gEo%C6AJ-QEX=Me5K5sM<3JFB>S)5T^4@d#<` z_G7|rg3HED>0BN+hKR#_dch?{KuC>L&-A+6xQLEA!XA&l*S4voG%+TPglQ|?>j>QH zq=-#Ej_`?kdwl)qD`kizPodr{gBT_J{p^ETALSP>l&?*{EW9b^oW&jX4FFUN^lLbv zzDg9fZZ9ByN86n9^3TMIo=Yxt!6e43;;C>}XP{%zzC8W1qjOsx2F^M5Rp$i})16c@ zj-A1H8 zy3(-SZqg6=exn^Q2|O3$xMi-n>TmM20!o3L8=LdtP$~X3gk84F?jD$QhYzTbUvxC} zRPF6)|3T$vQkDU9sdHC8grP{(JON==VK&ibfJiGwj7a`!)IqDXxuQF6QsreH81Srn z(BY=sbx#IwAexl*QxLY?NiH32qdKd*%+K#$le+!=<+SBdJo@9kP_x%E=Cu9a_@0-q z;Kqma^C?%SzuYFw*A`dp3(Vn!q>yIej5m#TMP-`zAi61t2T71>0|KdIXq zUe@Q(arRE!$varFrF>NTF|DwQT~C>MvRJuQQ9Xm($yZ#Ph2yt0-3Y{sLvU zJ}tpebwXTVHz-)Yxl$k_!P_L0O_7^Lyt-J?6yMriwRTtYqOl--q6iDY4<4P1w+Z#q z{6P25<=pspI!fh@&x9Xghe4@W879|PByiStMGqXQSa%j{7zH9D2oSQd?wki=hOYP; zj=En4!p2kBv2&J1MBC!3TGQ!RzGJQA;c^%u_%mTELafm?DRLTK()ms*u5ia8ma`3ZOtcvAL7x1+AO-zGlmR&5h!|!NcXrFqry;WHr zGnekqT%A;#Ec;Y4P44j)-!|Cd=>%CM>bNsy` zj9iA$-je2ms?ER8tx;AdLh9rj{J)wMo-#an^G{v8EdWpk0Y2WlU^9uvBhhNB=U-wZ z^0QuQ3gBKB5EA-JMAD0@=jY1D6l5E93uej-h;VXnhxwdSHDK<}`)8SKJgORUzMySO zz<(JNdDAtvpPM5|2DFdM@6>~L9@J5`)ZeP>>u{2t;h?vXnUEd+O|H6%wp?$WrXcPj zwa*LyPPPv9_nCy;d~Zmc?Kz!yQzc{3eCExyvT3_VuVfqhx7?_!RFc>XoKtAGZqtm{ zCt7((S?GpQIVhBW6CflB?Z>rYY_)4;+T&%Xt7Oed^ZUL>rwS%zKSF>Md;;k_ zL{wKcVqnkdKcaL@=3QCAR~7c?iRk*0jW#I=CYV4|=x#+W`HT3YUb&->ke`7<7xv5k zpJTF==UZXw$Ba~!8gi?_OySh^qn(@D)wrQ*~`y+wi=q*BTN*deHsfB%PB>iHF+T4C_AIT+?da}jlPg& zc(^c@sJ+1({^Q^zSFOMX24pdy)np7Jiw6xj;rGC?IKA0G{5jm3j(|?mg{KBisTC_g t4^seifSqzTf;WvWHH1)!3h?p|U zH=%-%J?-rRk={E4g@+EtK&91hi|nkUZ2OiZhgQ_+`~FN>BKA7ao&(-!#I$_vvZ7{9 zf|GsC>gl+ULpj)jMsGvQR@rzsSb*tE&EiJ+X6lEG5!WJuh35x12`y0SI zLZa#3%CNiSz=jxsN~1=@NUVDc?qzxW>_A?_d+=nj?11DGqf55jxEq_aU<}}({73QI z;zYlG0lvN@wCC0fAUos~K4Zz>u<8NQ=x2nlbJaP8VolxJ7jtXB8+vnA*8c;co$rY+ z&kbbPQ*qp##vtk7zZSW!VUl*iCp<6c9ETzo?tZ&i%YI-_8mpR?zeRoGajQ#mvj@U9LGh^~3SIqS5M_(%N=lNSb{7+2tj8@L-1!8!Q@tLr* zCjVZv|IH}8?fDf}O1iagmniJH7a15fILfS%{~mQ_UAd&`j$U>Oo-WTRNXv~;sM3Q9 zcoElR76ujM4i2Jf<`5+XU}K1snP`(fh;diDPY`EO#lwE>wjkfjH*b5>y6HF2+Wncn zCKvbcCcpYlVsnc%`gHpokAC(jdBmb9O1>T6!QAX#s$M9ifFJr}%0*8}o6y^7985OA|$O(IHmnf(bG;Ibw;Z`_<8u0vOy@rXxF!?FhzO7A*ih9?h zK)@%>G62Qwlr&SnJow!di&}@9ies_66w11R=Hq6)^Ps7EF_!I)O*x(YA-!qEyQPJK z+MycNQ|E_=$;!dG-WCQK4y^Drr=+&$a7OAiWe)g!N~zS2!j=4_^+Z~LzNl9UM@oP1 zjMi^iKvoK{NTsn`sn$cciApIYvSLU}*x+OCNwxt9iv=;dJNMES<8eOtr>lJEaT+n2 z!BQ|iZXUK3)$|JsC9T8~EClOHK9)^?_0FMqzoDuZxAwB@#xJ!*5LvbJDp-{+R-d-S z-Fx?oz$TP^*#q(*L5R*`Z;7ktl3&XURzsNqBBDen9RDz}BE+Yvm^Rf}+?s66MWqW{ zcVK7fRIOIViD~4n-n>-hSCxO1ZJSb~OMlgK9VnkO-)^_Nw@C{}ET1c@$)=Q1lBL9h zbKmsae_xo7|1rZR&|3GzZ;H)+Wd~ZkF8h2iDQ-_&2T%0PM-MG7Kke2y0z*7s;(M1s zPnxIPpUFJsru3>5i);;o3{>-Ak$cg3)douKtikX93A_K%2u)U8kQ(@0{KGsN>zWy= z@5O)p?)&s@9qRD&)+#aWTX4&DC6!kE;z)Ejmw~gp*S5g7yFr1sSW%-|0U z!dhS1rxr-s>qU9wWxVf_ZQ^D&*QE3CI7@?|8Pz>WA$?Sk&Jn4QQ-r_l2S>t^%B#>UVZczaq?cL;E@x5Q1qxAX)Zojl5dw zO#N1fqJpN7n;aiZPC$zIznnl4{h)Q)*ra~79aSsDSE8-^Dajw5rqp0}y1!^N`sU*3 zd}|kuF|PhzAwLc|E8%{P4)gl~UtV-F?I-@MnEhaFX+0qdlI=!peIO>YZsVFnW8KA{wH-3pCsfTJ_6CQs8!w6n=BUeY>{ zpk5}3qb=57*qhqN^1Inq{Om`6H_eTw)+yce&3%}^E2=sYGY5A0m?VvXagqPQIMAcn zk9N}68iYDcca~5A$o}A46@yp&3d}Eb&17Uyh8cgUs3NLWjGo8^d~2h|EpU3CL7y{h zNwe9#;{78KCVpCHN7~l3=@D0!|7X@P2vJ`v?MuWF zY-H3oVplGdtCR>%18W`s!EJ8feXx!@bYPtlFxdIylpO~kTTW>Bhzm<&5%^Lr9Fa%1a{FN4(4c49gs67 zsgOSI9Opmb?d(xlUq|ufAJ=~A{n-cji&!QpH@$m|Z?|VzG@P+d1)lxXLnz4`NL1rSe2SLm)AK3Y3{R z1&T9zbCC($!-=~S0s6@O6rvTs&?K=aeJd|~zm^{n8Q*wNiLM$+p$#LQ>_}gJ4lEN? zeft^qt%5n-Q?VtFd{yul`;#9twmZ}8VOI%WAMLBd;gOg%F#2Cq?IUdX(6?X5Oa{{> zGUTIkYM#k3);8@#`Xph+>`aL44(HL&FP$Rrd_Als#J=Xi>(eZ}wmy4iK&iomJ z;&-0_qLk9F&flFsaYPeos1gjXW5PX^$3;)mZ%20e9;F}!8mFVFb2>tYHSMG7ENwj# z?`^Ezbp=ZV*X!dnwun+9P2&*o%HrZPN>F+|c*O~a_f-)kTh(9n0vNzta0PP>rsN~$ za*Z3Y!e&{$qH?@H1{iNt6f4BajwtP8*u%IGv7OzRhdcyCv;ZE;cAr4Z#KSfMOx=iH zK;LWg;aLx9vkqt~1*N9DO1nWF2N;Bc_zJWW`n;`LjWtGGopysfk(*! z$m&ySX<4X7CQZ^{9a^i5n3GDL?Db<9Pu6E#YPUTk$lwBN~-uS0!0u zpcGIeYpN zK+puQ7xKBfp|m~x)qS+E5x`f|X_HZmQFDL(3prVNpF9mCX|F}ZX&}+%-h)l{kCP&; zSfw9|zZ4pG{66=I45v2Hk4bx^;edIS1%~VPtHKp7%a)u*Ty0VRMtsUcx}&dLZ3J0jEUpzLlD#1MggH6D;J*7(On8~qHQn)_U;-h@0X=;xCN~-|1UH&HaGiW@;*0Dm!m-!7d zBRgHwON1AxM&j{B)vX#h27IjTe|M;%CaYo7yt9FFNskJStt|LhLL!P2OS~G~{GRQi zi0+)fh#ClEHVUSt88Zl09%_OxXolv`_N(0Kj4U|B{2~^@|X>)M%`2`ng)9Y__e6YB7AX zzD?I*Rgi4uJKcES;x2-F#te>dX=wF*2v@A3CS*EI$b@3iF?{`m5#?b|ySn z<#6ldQ|7X>P>;>c;@J5EN|F3MAySG<(RX!6O2VI5gb$Zzn7m)d{cjN{%)^v)H&0Bo z0pl=#A`_J!b*;gA8!ss<;%pY)ZxYusABKq={c8%t%*teE^-eqc5$`F&<%p=|;SK82 z;vMF8SHHE^?}HvE(WIJwiW7kHwl$ zBNz2c#e1Qgnf3RXBu{6#z?{ci2q}-Xwmy*MBGW=&M zX{yqT7DmxxB`$=D=4WAnPcdu(T5ZOXrm(LD-exVZ!ZA(|SE8ljf@#KPi(QZ@+{ zMzxX7xtZWxoW_H)AkxAt@)c~`9f4E(Da$HZ*ti?iKPcJ|y5_VUmjLNkh2p}BqO8A6 z%imD*6I_qpQE0jledxDeS6Tten;$dV2q!qp1s+~W)#R5mGK~%h;*RW7^lo9=zy*mG z({L*$yMgyoM<7g|Rl!b^F8~a|m9{9Fq`z5AoXzXTP>>>taYPOz}p6*ZkI{O-O_LIgKnSt#d4q0Wd#; zhQ6Q_ec(3vD=lO+g*^}?%pFSGM)NImgFqNn?o%qRm|#-UulSHM3AP=L8?mR|<$NeS zozyiz{uV4H5Op0G^v&eW*B|8BeLuXt)+!@GRdM+v30!l9tS@zFZ)WJIb0&=+J5oaD zlNM@<+O*87x=$&32!`&x;}#Mi879AT^{w&K%2BKSMaC7}iDPnYg1D&Lf=w@|MJkId zuU(ZF7z@y{C*b|nxlf)LkW{~Zs*#_6#U-+ws&OS7{h-jav#6f<=$ml%nBoI^( zpqqdTtcJSdbVO7jVP>SzJ~JRAE|SiV6E8&Fx+0~BrKnpwuQGQBe(eh9o%OzX%m>;U&b4VBb>JFUp*Q$hS+_HhEX89$uG_phEk2gLaJ4r6KfN?LyRaEe6` zRH}kT)EXR29vk79SxQh6k#lo_RMP_CA3Xyf-H@Q?$GuKG=s*cLSC|eeDbMOcHO(xk z7g4o2uTMFa@qo5c_;E^y2J$E-y zGu~nzsZv;&TbUD3GjRJ2_JaG&MfDN;X>d(3+8M9iTVI>AEHY5bKW?&(n3UhNL<#|l zRhPo5(^Y=ON?KEP$IgP46;9mJGB;>bSE%M)nyhTJL$jMRO`gv@RgI^v^EVSH^D(07 zO)C!nUb>m+V;y{BvA<;=C9JY3n)bkJp!pbkmIlQeYn?2e7VnLTJQ)8&2Tyv<=$g0& zwo%i!;-B5u+%HPs0^Q?Ym_7Pnhtyl91~HAhh5*&ob;ZZkpR;NUzv<%smZc|5p7Ob# zCHYG2y5xFW^ckmnGp#|kbN@Lkk#ksoxBx4@N&Ov(ZDK!qu5EsP#G%?~FF$KZxT7MP zMp+{_`Liumakc8=12McMF}t{6tLq95#-mIMi{LI9m){MXe?kSy%}Afs;+W=n!7JzI zu8M7iEMymwDvJQ=J&p9WW06 zkQ{uFRXZKU3NV|^7W|#Fbzd&e*5vhdfuQPV11ewX1KDmh@WM-pD%bEs`xo1JwQ*Fm z9b0!cj}U;STlS%(L@|br;a6)5^`pcfuQi-JP1VsZ`3jeq8$q|(F1W;j^m||+Nt4AmYs;HW{f;KU zq-wV(pq~hs+{eo~buq_TX=n6=`7oyMkq^h-NPqQPPgxfpX9-GhPEz`ez(@p=?c2u7 zUPoZ>VtU_J#t*7B-g39^nO&4e$(IDs77oqXFOJIJe@z#8H;Pnh2g5 zjpkwavt0Z8vjxUBo=Ag7%+@V5j@B`>Ltq`0%i`S`^ppYgCivzV=E+3jHO}XXl_<7 zEBI<~OifUkNE8k)$kG8%s7vjWFHZKLB4OVK493@=3+oII-O^Ci24<(h7i9*Mw>l8v zczU({2g(H(a~8qVBOM&$a}7>a{fOHu;E~AF6@DGvrE+PBs_kC>ua$g zuKDeTCJpcEw@q(IpEuEA_2slvh)2gJJ^NT2rf&b+abF51>W8kniyoWC-HN~T!!`NP zY%$_V6$j+{6;qk5`7_}iNwiE>Xr{$4xYq05LiA0q@rXsftygQ)q$>OCx`{>F_qHAV zqxoL^$-M4o3l)xBC8=|wN2%S7J0QbfJ$45onnFwRRX|<0uF�nhY|&eGhz|;U(Kt zvY#Mus8cK;LpViq$`Lb{&s;rPhHol3a<#6nZ>3qIxwrsh%7$Uqgbj;T??jD(3bp2MJh#$?O$)pWYDL<(^`P zwsQN5>l9F{-S3k(DoWj`zcxaE_60`zTV8hm=xL0;zrUlovo_y#8UoL(Yn8u1(m-{n z^cgfc{@)IPxjz_jmiK#el$srl0UQ~JAeb}15#cZ&J+u? zCKi<_`^Hr-$K@z+0HcvxJ|_1pzwVjaKgZ@Bz;4tUvD=Lnp+SB#QR`is|$Np)xg)<0xIrn#gZZQFLr&&Zig^U6QcQy zsDO@9W{;qW=`_NfL?Cb10mFD+Wu(~S>WxY5TOa2huXmEOdc=#$f)W!~JihmIIwj)7 z39w9=rfIr*<@(7r= z;S(vTZoJ9*PNd%J&I0QhuS4L0yCaWn*C*7Y%7T1F(F97p{vKv8;H0NLcCKw(?5erQ zE8MQd$?;q{b?bdUq^&AUar{zn#Y(sTb7>GD+>x68S7h1I=6-|1cf#lMjJT--rCiX2>=gnDMb6!_1zKbj9@NRc_4sz^q^*)tN9Gb3=+7yXU+v)6QYCE|h-}$9|I-2vwt^N(u2iu|u_*o-v3ut0 z)$wLXZ#f`>?V--LX(e1+JAAw+V`IUw8g<6Z<`;6zaFl<9M=Ubr%}!f5in6FvtACw?DOiPcB1_M00W8E5NhB4HtX7#R(BikV zipfke!fAA1^NZ$)D`4^qkp6u!mCK#Go_X2s?-5-crdiIs~d^&uh^NG%<+rL;&93)&6+D$onzjo=oJ24&WO zO$Yk(1Gx%ho+<$jl4b@!pok1tac_qfVc&zvJAVlkZbyLfIvRIr*sjl-tE8vG zEjQNen?a*2T+vI$KYt;OP5WDFr!db4m{DfV{3W)m_4RakK1cN5_0HbzY_`|*lG#ZD z8A=al*=v3;=h|)(9Fk2Ei=;x67C*I45uU{NAIaG^E*IIY(VoldS9GDL@|8QDNm$Fa zBML2-f`;MM&0_=l$B5h=)_0gYm!kXsiGh=iYjkEAPGZx(z-dyk`7=F;%mj7CSHf|m_=AuT6 zz8vvd6}K(45O#X6wjAhE51|?^2#=2h+ItOG3^xlF7k&w+uOvNZ6K}j=E(0H9HBFzGjZaQ8-RofMDU* zZ_}_-_Lmgd0hfN?dony1M4bpH+e`xmCrk(p-=u|}gti-hzv9wCb($-;s@%SBX~X2J z^8cfaZ$8FXC(%oH&2{e$)R320gg4CF$b>gnZhqWyJ0_PafMK z>wSVx9jFrvvs%oD~$S8Q!qsE3Lc@b z0T!~Q0?9Lw*v;(={mkGt*DM)U%B^>M;cIQ>8?f`95&|Emn4ID|^s$9^hpXEEbr*|u z)GsD2=O!v-SL=Q4U5~c@kdrgha0yChT~!Fm|2aZyE9in-hGPKgr!GTQ%t$>+_^bY? z9!^L?Gn|&W>g(YQ&VyL&BIxGm_5*VJ7=T}jUMvdD8D@Ef_T*UpS#a>KTMEC*3LtAw zcoMWOATqIz3gti%?$|llJ;@%suwt(q+d$s<;B^8?AKQ!pnKY{x;@PRn?bnZR9kk6 zI;xw5RN29oXZQzSOr^G)zS0rb8}E4**@LqKGBuW$OfnZ2M)9KfgD^0LR_KcK4?rVu z<7}5GmuuvGY}psv>96vu`cB3wb$$K~JSTtTlhV2?y8ur@ommrnQKOt?9J5W_QMKY$ zf?Krt*^3ccCTlO&l6|cp2XHv3CF-X}1?EU4__rKsM|OV+!j`bY5OPNO)DM3bgh=)3YR?RUM=p)duvf~0!da5-PBmaElw~sK5U9Mbs z^#yj&jLM%wz@#?tBAVN=|EjYCwooGdrNwsm#)CL0e>soD8oX&8`Dmpmq7C{PyBRtiylcJ(J{-UGyJZ?>-lW zg1N>RpgNy}uB8M{9(*`Ro4(%}=d^!>fh1TrzL6KUMg28*?X4Qap`Kbt32c(&@%zuc*Zy z8i#*z1!biHVTRw45Ho9)sIuq{5a<`rc0-B^E5j~0&!cEr4b9X)bo{-1#(@!JbL3?D znGAoTewB=6#-sVxgD2DN-dEKJkmdwU5SSKlezRm{6)ip$trkF@>T%DWViNj%UQH(W z=!Yb=QD!(zIS>0`;=Ln|Jkr#YP80;%yoiy|BEJ=wv+c&+?~&V0ll$yt4N0KAucoEW zVq3}x8)~di%hZ&Mo%+qVN7`E>4L{bmX25u80$>7%r?OvKs*cmjK9qdFKPAd&ElU#a0s@VI}>$qGex#@ER|)BeB*N#u&i zK5)`n&}rZoTw`Y$=HoIdBWNf840Vi};I#dMn!!3T)0zof%BA}0zPOb3$R8w^U>?v{ zP{Z4rIx|tv!N(=(MS1RJWb3eQG4}$Ldu8VL!@PxT7g}Hup-!BB^VR*aT=)0Fo{DT5DDHs^}%pQuAYrD>jz6ow*O$apm71c4|>7trOeh+D*Ga zs7PUI_LrY6`%vICvclIm$E^;A-$VZKuu8ds)n0-#f^9-9%sMSO53EyP3eE|K;gOpK zugdulV+MIa%>d1gO2^y$1EXz})P1Gnb&1soO2!>U{W=$?v9PNsE zhmrkECdVO4OU}v-QjD+|&)T)m>u~Qxv7yi> z{|=3h>xV|QPva4)0;DYXrD?+L-uDDaB-7}3q8z1E~%t&^TulOK1ND8AUqYw&;lNyLL@T`Xxl zHmYWNo|`Pqo{Jm9G39nx(-x6~E+B!Q@@PZCT}Q`gD4Le~+kR<+ODmH8cMCU^dGP2s z&T*E*;Ozr~0FnToOQ&-@9-5%bWTOQr(Qb6jADehdP;`0CN>LytqCTszEv^_3n1`&G zUzY95|BJ4(`c|kl)q|BH#)t8@xPv@Tgn1R`0?)9CQhN^*!)8OIO5gx9PtvAZ2D*E* zho^8x>xU$CSet}#B#h-&{mA>#I<*^}dcY7EC#2{%{!|vTc)-y`K4p9)NPn%v!#+hs z;b7{4(gooC;0j~^9IJIC48JtvOP(1fSgLOV9Yv%g1ar0tft^lu{ofr?{PZwCR3drZV>RNp)4+asgYztQSZ+f3o;KJhzNOgTHrfiNB@#{G7ha%{mLXRi4JC6) zC0=!70CO~L&&wDr)39b(dw&7N zji8-!67xFkX&n3-!sN^Vxz%p6dbw0*bQampFs-Ox#_w59sogHBw_V80x~}MbN`vv@ z-Ui4KFF%OE{J}?aJXJ=%On?|?)LJ$o=ni){Qm^vikhAs=pLh`T;+%ETt{8t>u7O#5 zT972Qg8i&}Hg(iu|CwUSY9_aaByMI`pyDZULa4V4#JQ$*%8H zSr`WB!=4rCeI3{!bx|eoT;w{Q?+GlihR?nM-%+Kv)*sEd)OJ48bQYu6Vjv9ZI)K6Y zDIsgnr`RucPl0lRVs3Gpk@6;M%l^z`ASX!0UtTc&F7uA zLAJF0z0Gq=ejrkBK*}?^PYrzMh~xPkp4Zd{jxL9g+}jT1SiRck2GSJc z)n_kMnJEj zZ)Df+o{&FdZxCT-G{9Hj=*~Pp2!dlWoEjq5GF8-b@;(QGm|z6)Knq|!&c*<4)~wW0 z#~-e?PtPar1L8tr9}N=-{{%VI`tR0}lPwFbDGRK`DqkPZrt)z+X_Ri#bfk0OdPiO2 zE5V8vUYmsacqG)!!w27qk9P9J)OhJeTQPrLpFrQIrhUc<0%$ zoCmq*m>e;`}7o=|g}F{n@`Imze8o!G8vuCd0z7q`Py zpWX$Pcx2T&u)CGRy!>M9-jJ+F=X>&9`0in zk-me?d>+^TkhS-Y|JOEiuV9^0u(iqW(jgW8+==Zw+s~0KSJoyvO70|yLG#@ayAd<$ zX)d-L_?Ke^zrJ*NM#p~i#SP!SPmbiJK+T9e<9HrKy^|@tV$jIdf+#~Y<;D|Or^UPs zYTLGF#RPXaTLH4yUw6^m)mba-eXSEPgriMJ9}eUe#l0-E>0T|v(oJQB{Pd$|5_1E zt?|zC1Pc7i;WTlCvWB9y4(}+F03mPr>C9a-SD`#3ou}NI=b~|~fwbqopj?czGS6Yt zGI&HW=p`C96E-e?!Rlo@o_)`Run2&_KF&IbU-L0e`9J@XhfnrD(;0_(`CXuj-iC8^ z-gccC5$oE(wg+S2ifOBz$sz;vuPq0RB2EZ6Lvn#<{3fskdne3WdPi+VeUe~6KM2C> zIa&e-Lv_a)Q&mwo%-7b=n8jp^gFtlJx?0V4Ug6Qm3`y9#(i1Jlr;Ble!0SgMP5a5$ zWKZB+25TsTvkKUKpZP33f7#9@N02TWhN!i$@ieqdq?O-A$8PrJ>_g~65WGbq2}pm) zMc!t%w23R&=$R;T2}&}xG3Y{Bzhb;#rKTv)KHjT$F?#-!ub190!fnOiu_es7N8Som zh|wl(@rcp)^J|7U!IarJw5?(Kl5eC0HU6p^5yr~!{>o{c!q1WxH0(Gmw%7JjM*=BV z5wo*(o*mQQXM8%#gl(fufhmWnz73zR_usbSISVd0Hassr4qJ|pY9U3tU$`Tt)K+#o zl?%n)=MQB4E5_&JPOsoUc2SYvlea(g@rB$J3{ZA5MX3MkE*Cs|dn%7J#WLjT=k!QN zjcE4$WxD8^i@ZRGVA^ahG9?{pE8HF9`lMy+Vym}x<$m5TdZRUaDeH<1If5IrDTOnk z{AKPAI)u;d{ow?UsikH=nt)MypJDE@7BUgKNAnA0D|Q<==op9wdXdxmY>(nVDK z)Hal;0X@4rj?u1%9e%GyAI9miAH`)!7B&4=ERU#MO75BLPO(0Nm#kgZ5i3L;j~T~e zF^m8(z*S$ni;F=zpUKr#Cm(}@(dV)wcPk-Zk`csr@EvP4mG>|~yB)L{Exsdf`N>*d zECdwJ;_HzHkEE*uwm)%rb7iV$#wEqN>Vm(UUK>W_oBs8cTt?N?LFcYd+>f9-u$B5X z;BHf}ud%9)q^{#{_j!I8-ra|J5`;OLxu_F_g_@j>GknCJN^;L6O^%EYEUJndXtup>7}HW_OCmnf|e$69Xn{CY5fj)ydFo_ZWNj zGE>6%B{Y<5Z#1mmN)#Af#13m}f(r%#^dLoFL4C%=>l`9-?`nGDN^{`hF}+BkHn1cS zdYdq*V^KBfC)V9@ME3N{oypD@NCjBrIlBpwLiKtbFey_z-H%nIUbvMbH(*iIydsZ% z$>x)c>USv(#fH6zi@`9B7MJ#r{yqYZRhs09dcK({(%Nd}CuT259*gk7d%o-{?4?q3 zPDjjCw6?dXXtPfNNMCMq&};74>yB|QY600LNVDq$qcpQ_wyBHX5t*8&2j&P?A-{gC zSOdl^@xis6bFx5YFk8h@=C}mwy~0e0)!>703CA#`#Oq|lOt`U1j$;A5`}NQtT3qRf zMs`p|7Jgjvo{48%P^Tq*$utj~t2p!)E=O(brXRJjY%*;V@&PtI&m8Qv;$UPFuC7|- zqOGfBgHIL#r9}I*FXIr{ntSY!?Ov!-x>veBA6C-hbaV}>GubGu?5ou0CVR?eX{oTB z9L3=5?52G5N<@`YQYy9(!4z%+og$Y~9d=fva86CAEWs|^W< zmfYreEEAe557v&S$9g2p*7BIH4e=;brw%{ESG$-0&_Y)aW3?SVp|Mca2rvO_(4R|sBaf_kH;fT(2u-|)V7 zv>-oZTB`MFvRZ^AwK&;8?p#YkJ+rOZW4-J*-}MPL9tEeG{GTseq(O*F%eM zJ9r27I?&-_ztOu6lfVP}UZZ;8;V_du<#IDv_OZBbI`Q{To5I;aIkI|#_&&EJmILKZ zpX3T_f+EUxorS9aa@$qWzb?%-p}N;|>;W@R=Du&Vma;k(K8yCU+Mo2 z1hG1dFzgRlIi#z-d{==5Sb5#~EQXg;x`B1A|4~5#Z`tlr3c6}SD0dh(s zdFM`7E2{0#dQHR;4y1!SM9CPrLaptT&AdXx?c`&qnw?m*QYh5K8R;Hz?M;a-St6-gxUSqh{P!eS3>`3_11EAz&*w31oj z$Ceg_S;98M)O@T=`bn`AOiWYco7*10Bo`NM4V?fOyVF$mzwnLZ<#S`iwM;5sK*J2z^hOSk@-2^Ti>NI$lPeQt`3PQFMRd?ZxK zPHeZ`w3LKDD|aA6&g8>w8oytNk(Qy}ftMK?dBDbkxdw?r$^XhOZDlCfckA3xF8>i; z^jx2aX0}ii&#EJS?r`S4O%#^#64kV?f zN!M+%(pB+$z849-a*Ccl2YQ8<7&Hg+C?ZrPGK}4c6=mg)io=_LHvDNtyi-GCsd9m$0{z&9Ig+RzmrdG^}0JeSd9V2av85d+Xho5lfHF#vWxtSS{75Y z{3m5L8+=6=n~}FTyARNU*#FsSLAO~!9xSUCj7s?by#P@TM_j9Q{JT~7we@sK*>WXj zWcKsT)v6y2NptwYw=XE-(uBDFv&d9;a~ix zB;|LZp=o1PI^jdMjTW(qSznx#oGdcT@>Xd=1sTp*?IpxdK`JvipoDlj@%7i#T{cXE z3D1`=>xveawQMv*m=WA~b>$d2Y8n)&^>*4bA0B}UnN+gVZQ;DAW5k-i}IlR@PLwtCSMTh;|pj2ZJ#XX>@ANhAXj3 zMOi9dL|5ogiD%8H)<;}ax+wgw07;HSPNQcFKbkrayx_lz*gdTmiuDNo*yARp; zI}%rL70*?_jx{hRTN+o{W{ZaknW8UtC|2FcA>3g?Zz+ex z4PVy)fsD~pKD|#&40NJrR z=C&U*y}MX}*4uP&t4N!)WX3Oi!;U4gmEO{`PA7WgfG;K%VL7mXWEhL4qsN_?nK~WaTYL^ve62`8Y2oBMSiCB88(MW#WU_Z&`S*9g?$0dRq z7HA4h^?EHeU-mjrl8fy6Ncx4Cs^8FzaAQo&_8v1&PzwGbN>n+Dmd9c7mpBt{k~$|{ zbLot1l|}eUDl#H8ti;T(>5t4Nm{-VT+%i4D0jK`BkUk<hNijPZ<<|*7P+jd%m6vwgU8JzCWjCx}`10Ugd5n+^?P9~NQi`M}qb4{; z^eYuGlW2lyv%D<(NoFW!|8$*UY_fmScSueM^D1TF6Us53UD3x;^~9IZ>$CZY!qA}* z49GEWGS(7m)2A|&I5_f;bEfb9{%%b+=2@Qr7iH%apDnrj2E9Lt=0!ewu1mbrWf=tO;Nf0p5MQGcBVkpX{f2*mzHwc@4vVfp zf4ewany;buv>nGNn_JAuB}2CtZWbl4iUfMna5!He=>AoO;zsAd#^SGtg%)?^!d0!O zJFkjgKx`iaLE43zYLgigtkYS`AN$`pv8&JZ!QDM%HdOE>yr4F7QgAl&bE2}$s+z7M zF@#HCS^iPe^shmqVY&ObUJEaMK5d(oPK&TLSzqHit;nD$c>w=81j3)Y;rP!~h(?KR zoxJ%(uQ9QfATE;IZqB_8p50q?L!#>2{!Q8vOwg_`LD%k2p0N6Vufqt{LCpnWj{nvdcGTCyQd) z@4evw@l3}ED{v1OO;SXgZ(ej03f`~Br~ z?fHh(d?In@T6*64b}c|{hQmR2;V%1cRw#%gUOxgzZj_HMhhr5B%`Q=>m4jcwSuOix z`Y58z3Z+bzePUq?&>Op>R$fKMo=ar-6K`QZC}(^8PM;uX+nKdX_IHK)4~jjq1FN$h zS~?KDH2n#86BL1^IhO7ZZSr52*F1GGNWDElSEZw^-P6*VLP1EEraB>N&E9YYL>aZmi=EwR8jW4m4;&S(ai{Wa~s~#Mb}6{f2hPI)ccgY=5x0Vdw1oR>6)d# z=C2gR9Ue33eIN(yeAsF1`VUxU4fzE!aNshh|{{JiWT1kj?q6cNJtxRtg9FaKiEhDQ;P% zaEk_?lL5=g{j*_}bg~J(1!aK>YM0uMSIY6=agV}noxcL}0y>phiTUREfRZQ@{ot2g zoX+v=iN<*%=w+Cxy-dxCZMH5SCLfB?hL?E0gz1>#V=cAcAXD<=jT9w^GF)=x1jxUE zDS#{>=3B)gevh6^5-My+G3`83Y@hSsk8;5q&t+1M`!r1ro$ES=EAB!wt%d4i11W#h z)T|ji4;m1L`FyjU8xcP!$!IY6yc7QKZrfXHW1vJts@Z)##HuCN!R3zzer6Oj-9m0| z;;&npn9)ZIMOT#3~AWa67NQEsDJRHbQ0jaW6sy1TG1$6hw9lyMTl3U|GPY(fWF z^2pvFyZ#Tb!_FuE_w$&bBuKQn^qmG5@6Sn!6PDIcNQ+Q2a-b29MEa|iV)$gm`?+?R+l~^pqah%6EQU;^dYr8#<7?k{vK!GA^w7gvN(0-~>0E$UkcGb`#B7 z%zZW=aocsPdZOLkHD@LO5kh~*4wv~R6FT!DC{8SFG>4d432f9_xzEy73LxFmL1nRXC-&xHN+r5RZM^_U@QC)ETe9am&etE_KkZ3w7; z{e-M@VK4r{ng2o#yJFahyv>$Ch69HudDfB6irq!3^@bXHAOjpBf?{N&W!xw z)IMWlUW&;|9WVEKpn*-TXLv!-0i{kkZcCS9rBT+y(EMm@y`1 zD13V2g6oWni5!%UBCE!*UNbuz_q%x>hiC33m+;4NlV!*UPv09&@@o7GyWSnL@)79D z%bsp{97x4QHE!7NXBSEQ$@ibh6E>3xrjM>_ecar)I-A_GVp)=vwYlvR<4z7}P*MDS z9owHq%eqdIJOg&6_TwPRZOZ5RF-F^r*a?%!8L<2cHik?$?dwbrH=^x5wxguh&t^t$ z8%>DpzsaC(vWR#UT9IE;!fSp8gw7usLsfM*7YIwU6z#DunYnIwd8|6~Y?{yz8%dgB z2>zKHxovh968a^5-WkJPGs&wyuL&b-sAb2#7BKO2;z}!8pJC~M4sl1vF zUTqwPL<_yk#z|^rq}qV&mu847E0nBaf2@F!I0aYN;`#3k2Kvn%p#+P~ELFfZG)f>x zZNM%!b82!cEtZRoF4j3BY`6|4VtN#^7C0h{oy_I0sJd}Us`bjhgkLk_gYXY5!r(3m z^VvFO3JSvSIjFHJI)B)t&%prM>!x6&xR*uVlXaT(H<6IfLl0IMx_+umxY#Z%tLsldn7xTAHWyv1fUdH<5>877 zQ`mM@z;$ck1`Bz4!vsXGeNUUEa4#8Cz=gr%BgKK^wc^d8N62`aY#;t5kQhR6lO_We@XF|p5^)1r6U&Z_rexdO>t2Frp~;; zsiI788}F5;@V4stojP=C!cV+)x7(X4#EEK_y-KCcbR@Z=ZY}%tH;`q=Gx47YT>Y2Z zE2H;`Z=EIxQTI5OHRi3|BZe|WxxzkUI=D%QX1D-99E@j4)iggNB&Suc24%29+qbZ^-)&Pl)JnUdBoKZQK0BWYzNdT=`w)WwL`~Knt6i zlPn$qt}Q1qmY%oI-Lg6|{^GZ#2SEt9$o?;NO~e6TG}~UfL}^ZGdgd3TMNDNw#42#8 zbblvaAzi5!fxjZS{>$$;5dP(NKv8QpAG5wE95mKDMq8l z>-4w6FM%@RU9`Y9Z`D%8Uhtx&o1v=o3@uNpz5JN;*B+&?D(_PjC4u{JN|0_oIh&&$ zn;brRp#96&O3cc~%2D9_sp&7k{#^MN%qd2>HAWI25R1DCf66FLxci|)Ytx~Bp3psk z$bsTYy~A;`qjLVWoYw=H8J}b`m44MRc}*NT(5Ln~iL zbM0J}Fu>*SLyE;~$J^tfqTj8Z?lbL@9_yDj9e$oAfd~?euXT|Xyl>`D12hkpG8O)| zxDJ$@J&+c~vwzN8-X918etH0-elXeyHbmYDv^8z@=W%Q@Ce$!bz3*;!xq7-##3u*v z&45FGd%zsI?T2b#9XS?ORGkEQtcQI(U-SE3d)6l{9h%R-)yhW;;P&h4LagFP8H_H%Q(;v$Uqh1e+Pc zuc~#bfR4fJBtanDznXH(1RTm3`wCQ*r?yx%-U@l>2{fNuSQ_=uNF-sxUWz$YCBYHa zf6D^^J)!JK8TD$^1~zB5|APK(u@BI1auTLlmTeQox@0I^2we9=H+J@kF(~#V8zB}uC8%?QKMTW^LShe1Yi zXzlO1*M?rq+!pJ@pMpt{HU(e;fBA(}atzpfeSTFP0DP{^ME&iMQQ$);bkEy<+b0(^l*3F+EX>|Lofev?H9u}&GIgubC{azdlgM*8j^d?FDIf7ExH@) z5yfPiR)8s~i+XND_CRq^ID%Y4#w=DHpmtpmCK7C{mE| zAhS@Aqd6)n%@fmrmfW2SGeLEf-SRwE{Y!5`QFl#+vN5Yfp|?>KHLQ9@X)2CiK-_pF zQq#krJ`Y_wCxfjltBZ}Y`-87s6F&Lz{c~9so~*!bEiHva)1ed^K3*~T7m+fr>^o8| zu+(toDju>o$i?*}G6?R+-z=g!cFDfx7)L zADZqV&DCQXEJ309X03gc`(U&-=VoN*DMvWpFjI~a{5<+U-`bqEb8nB~>N3<s{5% z@c$>{&xie!)ze`xm>yZ3#V#V2S_f{|B$@DV^E^`ud`1SpM2K?1O31p(CZGw2n|dpB zmUAX|;OfRlDM<)snt1{vw`3{+ya}I2xt1Cl#%&Vm@d2?Pc28_1$HAtKUpDza$dXVaK*oC#N_ z9(Fsu*uNWrg^XN-H`!<~1>RoE?%z@B0tTii_P%AdKTq%+zzi#7Tp}7t>&_JHej{U7~%h%?Miq>yS(IF}Mo2 z@tCXfZ1J8hJKB!z3Fg$TD-fFy#Fyy<$r!P&#P@Y zLsP%D>p2(FpF?Ib$t9P%i7PhBzSGX&=bvm{UUqzQAB z1ko#>Gg8MuNXXO;@C2%_?c}kUY3LXk5#*+T>(h-%NmuO@IK0cJOaiLGTQwZC{?;H; zEn1B0bcSnmw(ANb8OGu|+c3aUlbGER2K-hgp=?uT8oRa`eVd6)_I4N@X!L5Kpwvf1 zH*+{jARJGA1gbO6vm+x&`VKvu;>ZoV_srn23BWESbwZpmE@#-4ip`>w)u6|4J z(ToQU+iKdgm)_1Lk{SU}3v?t14`wWHA5j`C}o$cc3wq9Me;^G0|9aM}t47^^&)7m+LvV7Vh+cnSUD5ga|Vk zjKpM=A*u9SW7R64bGq0Fp?*QD!r~uX(&+`R2sx{#H{YpcuTyrj8Fs{uj_kR6Z0fHE zWbi7m#%?nzGtvG@n!kk?bYOcXZy1X_(6o7iwqBf%mD7G(QT!HO+&&+H-Qd`^q_Q)k#B?9XNFE zbN2NhP*0=9mLm$!fErT>j4aWO>B)qvi9aQGodk}2NTTFG7CorP4Uyf+3^NYrMdvLO-A}5hA{ox7(trWUrxEQyVwoyNG{qS@STMXOZ zxt$?`1k>bGf>c`Rs*f0G+h^^3ATnOB_JAS)+W?x{?Y5mo;PjHZyF)ieg*fZJ1BmGP`CevHt zIb%IMYw>Gxet!hDTccVV2?ot9mwZ;>!}g*Pv9b4r*lqvP7i1Ax?(NK#-Svl-y=828Sw^e#%QBV@ahr`#~=-?b&SG58f*rdw1lIl`Zk$B<1k1o`f7dtT3_ zS1t>0`2>EwKKtI#;!g|O`)L$`jL`!8Dy646mzj2#l}F#LJgER($r8rT7UPq@_Fhqn zElJdC1cN-*Y<~?(8I^*IjjHkIriW< za#N+?LB*XHr`^%Q4YbKPkOE!gO0b#HH9=xR{x%9Hstkv9{(Kx&b9nDooQrm*I(c&v zY*;yDg^;vcr5$d^1r?H>-9u}p`{sclNL3Nv&W!gjNmqfgLj1!D4*mzQ(r?M_HDFL|Fk{IkIlR3Tb^@2g z^%^ro?&YGWma{-mJJ233{}rE%!o;8SmB%+N^J8#evOJ{PRndzU{z8Fl+UO~KA0y<^ zy>;@@`Tj=1@#nk(N;vK_LgP z_l>!L+vf%Ci*F@Ee4S50SN+ciK8H&F$Afu;31{6`N*jlS3%yV5kK+liU6YRyVgXmX zj#fA+p9lcAYuWq9d;G=VGuRH;UQ;S3$-RI+$WkaSrsZIOG3NyMT z?Qv2TTCs5+@d9*1YKC`bS4P63A^uccY0`YSNasCT=N%SLFDzHdrDmfAvqF2IuF0nT zfjVsEG>$p$%PJrLm!#e3n9}w~+0UkE_(=Afrus2B2 z`sD=bhH`~#XY8(}6Vc(vh_U{4cRn~7_!UD%P&iyqSYw06#*62utg)t6p&LR4crk&$S849DR`63 zMUwqe`e||KpLgrCI1vkbvb39Z;Wj@^uvhvup%*MQD|OQWX%TqIa&i4u^}#|TMuOG$s|z^rc-*G2_MQcbnF-QebifIf zR|=~>ousb=&!8yyZfi_?LrhJ%Yf=)r^&C3nJ@PZ9>;Z+yC)}?mMk+==kI7rFh{OaL zaVO=%4-qaW-#1})Fy}fqaJp-j-6M=|a%y)a;v45{dAru1KeeA=Q+ycnvF|b5@v+uS zjAJCsmB0N;OwJ}TtPk(-H+UB?O8@KE^czLQZImZ)V?@M8y02^3*dt-AYxBf|#X7XM0xt7dwutQViK9BhYFxkox7#`Q@9e zioufgQ_UUf_9PfiOL@xWYiD0!7y-4!3x5!(93n7zAYk-5{>I5_q9&K|fB|H)wp$gb zTrpIFSlJHb9(Th3-wQB}@r{!XVzY}%?Ne!)9)~P&W8Q!B3y^lC;y(^K@(-~6CJP6( zi1hFYM%xWZ1{}S3^Ga9y2bU{ec_f|m8wG(9?u%39@`nDnMht|rtQ@Z!!XvG5uy*vZ zB$>Z5W*6=+VKol!;pU;C-7(&L4^qnr6aARW=C)I!2sl)_KYuDIkm%0#YN09k*Uzw| zM?7a#zCp0=N||;wat5*Od3PoQX8%|OA0dk`3zxD`n5T5pCOus~q#l&JWTG{pfV1*g z00a0K#b{;8E^6sirG|s^L=2tX#Ugp5M>0I?MOD^u4iVVl=D>5{*z6qRwrG;p~Y0aE3n@ zWt(gON6p$p`b~uy#0vTAcJlR^)%#@%4t|`_6V%1{Fs^)>UkWw|f;;A7ix` zx3!>FOCx(`PsGXzexpd(k1%*^&NrK!#qZ-aY)f?=koEQ3OcN(F&@H%( z+076TDra=CzRD+4A*v}WRf$1mw!7a0l1^C2@tVK!UZ0Y3cUk=YYqco_q63_6(THeT zj_m_Up*e{$hHPO?l~Kbep2#k0;m?sT-#XO8P&XUm3MlgFh66|GlUP7WPN-oXl0`St zxf=StH>2An;9<2!7JEkWMt_6##x*9xOXNrDhxF9RfPGsK3$@1!mYoW9-qmgO%sqd@*^_D*T zaaco8KhxuF2dnJk=XKH|buA?eSW=Hx4wzZy=w~Rn`IN^wWldiBt&)u;THZeVin0`p z^289tUh7PU)vwEsx`5NcWi3p(jqls9U7f32Onz^m>w?eYMxWC*iPXAPW&3lpSPN~> zR*Sz<&23jvdAv`q%9f``cT$B4GDb@i;D{+x@J*~tP;Q4=P)l-W{l^SsJ5`!K#Hz=C z^?Tic6hHr}u%BPpb!2*CA|8>mjT|^0u75;`%?S>p8jc!hhxG}>umM30$Wuq*1st6;qtB+v^&WujO1o1O2X zPRT}c4BEY=FJBe}3*s#p>CiQbD>prvcDfn&Aq! zNDzz+c9E-}w=w+n6O|p`wzYJ9BBVvv2@2qA&Em=jpzR3VpAh=jkQgw(VyoDblXvWV zzPbqM5xb|dOx=r#)zWbFo{$hh&@lsFwQg$nJY|@#5moXXA!(F}I)>(EIV>aDVgQ&c z{=|MF&>-!Xa{e?@1N$bK9=gg>?j!%=X zbB7&cAU%`8ImMbi69Z22vhh|3rdN;F=pI{H7>(8A7Hf3nAXIqgBpz`bVDIkwBABTc z{W)%nMXUU>ksA4KBP2x?&zKr#h9^kJ! z@nPg;!QW(?gnlE>F}W68DwFZ-;>kbB>DKsh&gQ7jSty`mhU~ z#8oHWtV6kBmH0SLPUv`}ViJ!&4HUX5`gFbg#R<=RuWlQbAH!<3m8;P%p}+7ENM{i& ziZcx4;k5B7Y`1&UOANLGf#bt?)z{qVSFN->udT++jy)aUyu_D#d|t*k_Ed=113bJA zJPyJcCe|Fc-#FRB9?1Z`wEJq`B+8~Gid)Q+c?c12OMS?+h=$)HhLW?^=Z(G>%{!Ld z2{2YHX0s9BKmlk_xR~T6ql+V3jnHPojPle>b+B;?80x%Yi2TN9&!g&ch3}gxzh`9~ zy>;$KjSfO33vw&hdH%?~^X_ZcYKwh zza>bmQrl0reW<_*eel}Cx)FF65qgW%zZL2^zq$ffd+m9Pm{@;X4y4Dfh%F>cq_oXX9Z?d|x6l3oJ{1kx?kF_#vfc|fGI~$*P9WGFT2)#RG>8;1Pb1pn zsC*Na(@9^LtWU*FgKezYbMM@M?4hb^wsxMVpmv*wq#TAFs6Ww|BC?U%WAaJZ8;7d=i|$2`FC0J;^!ei-Ej-@g!911IrmVr2 z8%mNnGE$%ecV*k-={vnO1p8h1?ux`IZ6zR&H>T+>fh$`ni%QYolkqWCDm7#Vl3Wmc z?4y?thgs=>z1Wp}F2@Io+&BXT51%GP2S_2+VKcxaL z$h8UIqT@$tQKMjGrZuj0rt_;Pby(l7nvJ9ew46@ilMrTO0Svu4hgMu0QvVYH-YCDe zY;y1~&gCxAE6+rFK>phz--aYab?|TEXZO41j1R5e!dw1>wmHpd9VltvJNATUANEe) zN#|}45A9mKdn`oGf4vwI@Gr9SkN!1@F8yVc)@oqnuo}qslh_sks~m^|8v-f3 zo36`aY5aJ%fs=d8GRd@bk?@x)?-nP(;P(UHd0ZBtd(MdG@pcMts)jNOF5_T3xX#V! z)|KwaS#3Ic(0X`BoRVO1=8R{WX=zMJds3(s=Qm%dICfI1*CpE2U*9W%r^D%TPWJYs ztvmYQkhO&`2Ns8uI*vP+QgY1cj$2;icsI!$lA-6ldJf%R9Xj(J+QWHj%fYAD(HDlP z+5WKo9wik{*7%z0^gB6Fyz<{0DvV-k-HIXh3XY>&oPKz`Iv7d#uDq;AxJwR>tVDx= zi&EAOf%G{A4@1XV@J7kQGjTPEGB?Hgqq5&-2MoQq@XpM<(3Bu`xOKn6peeczIo5iz zdFQZ&Vu7@^ek)cdy}BddehvCx^udjA^k*p9EuGfh+xQiD3xv_X<;ao-F9HT=L%TT606dAeKgk5pVag_-4Jb+yIAg zlO2kb5Ie4c_O=jwRlcZL;~q2F>Q#>bM|leHMurOeR$EMhf>Y!B%Yn$rq`IW!)+77E zS9WMQvucuuDhE&ZQ?Gya zwI_{L-!8a2!0J6$$-6tB>FDct_#q*nqZe(mMbjqMeqHK%=I!MD>6nYQd8O|KtEFGY zl|G|01d&KoX(}C~J4@Q>7}RtjM{jrnsuawyoUYH5R~svgR+Q^8l&CbY+|x>q+bW9j zkzil_NiGW`Rg)iBqm0RafVK@V%XVe5H0IzbG)mWSPCY*VXz}bO@V;o}R-L;-`FtCu zSPI1L_oV+j@gF_l6vfHAl)84+u!lIwf}@^5t=m7dPVF>_XOq9@>lZJYh#+zuX1(#I zuFtGy4kypjxSt_-PNycpMN3mbIg|{KdRsVd)3Fs@1%4$`q!i!DDdZy=mhXTyN#>NB zuLn*;;%U+{|FC6|qrmPWE;|XQ?0rFMVXk|fKZScPo=AL4?1wbeqOP2k^S-IKh_0*` zK&ZFsiNtX{P+DD{RdvRLPnaEc<0+#hPkDcMGkwkzU_i-%`j`yS{ljQp;7RJL`fqN} z%fJ!KYs9)wM4z>i*1;bX6HMCZVnvY&0_D48`+<|IKlnj&a?l6iS@FP+OtE+SqL};W zYS-mDo7F#^@N>tOS>p5T-}|F3*XTbM*L#*-)=#t7m5*Xk;RNf=Meju(cW*ZoU3Q&C zvzet%EAB4?8FPq6%mj<$Qil^f!c(>+MBUHePo1vrKz;p}mVO7H355W_$J`sD)pz5M zhwmigbL*CB?t9p7_T-g;`nmY~0XWI#@5OkU{OxCE1l`X&04eG1tf04}C73zG_hHj? zO9&hmiR7$=Hi5L0QJRG)&pn%$Dm9`88MQyjx?Fwtd34Afs>jha#TWZUVNE`BT{^DL z;Z^T!qf*Yly(@POSQK517wL-ocB+>pn#b~F(D|oQ>n3YV|I>~jJ^$|4?fcD7cmDg$ z*%@6I0m9+SyF;ZISM9p*>4BgqB*lju@%Vt>W~9J(nZNm0TqdkSsh;jrXWhgp@P@zs z9AQYQbiqR_xmg_(ts+60BGr}pfAr0TbL&8y50T+`KUJjWq;UmDF3uS{ncDp{w{nVI zf7F*cw%nt|Fc$=dr2=|4ppFio{Mg<=6abmPP4=0toiW13>7Z%is#7?uAWAwJ>Y&S` zP;;* zI^P@9^T+oN-uoM!x4)bBvE7FPFJ8*0y^c>foj&`I^xbcedp1Bsv~asmX{(;f!X{BdLE-?_^FT+c^d6zCa~K>h)2J zMAZBir1yUM9xfb+z(()>?Y9dm83;2+z z)C*I;-}lbbPjkJF&A8s`rF-A1yG2n{uip}p3O_nql$#!YR^DY!$R$A^hn>CVJa)fa~REE^?R)Z9b&30yEaa z4ocZ5WHZM#L6{`Ay$r=U%DC77qf*I2h#xu43nxRZk=W2^EG1qY+6&Ee@gZ-DHh&Rg zZi?PVo1x0bwV7VpzzCe2*r};O0$m_^cm-b}k9QFR*4pq0l8#;g3^jg~Gh)ETh*tA7 z(>NRy>t$YvNIyqg3=~2OG{)~~@M==&nR;cYO6=ve;CV?&*o ziBJn>(hX|Ri(Z?)Z^eJ_^w;}wWiS|A@D)W>P2nn&pZw;3hop|5@n$oGpL)fbhv@yk zMQ8s#J@S*eNVjHW@lt-vAJA)mb-~r=!PqnYS)BI;e($f-Ro|8QefH!z&yzpfK*7CTGZ2YQu>v3FmAK3H^`u)%MyqWCTrAV0F;$+;sJxBqR)7TxjH>BoPE$ zt1{)k*GWXxb**seS1D2cenhVY^nqr$P_qPUtJjWErC}}Q(=xYEQ%EyK%TUN~rh#vX zBeu{&3(s)K`;9FG>e)6weh6J(y94W~2e=Au4hUplBMy`rn&-adCo|&E6}tMN^lyp4 zI>oz>enteG$#d;Xn-_?TGM2%wDnKERf(Ii%#Efb}JSijeY8|R>KLlRM#DCQlPq`06 zhw85CUKB<3gc*lcgi1pSk3N~F$nP7D6el(--8mQRUczBXBnHXD6asamykI_KP-z>L zgC;O3e!WJ>$yu8F5wtI6L}4$yj<>;nplZIS#-kcs^}XpUzuVb&Meq2NyGOsMv*&&(MndQwdi0Xtecy%;{t!w^zlxZie;Fv`3RLloUnLJ@WYCS^M~L%d5X9 zYgP}Mm4(VyCoepA(a-;8;m$nvjyZAD&btp*KcFLGbzs&E27}H8U#5${CI>y2p7-MN zu$8oY`w_)EgWsCVF9{_(xVKmLVmw2oIS-?4%p(evq(TvG`!bB{#~e{sWLz0wCO5OptT%KTF{QTNd=Cm7c9!CuJl;2cz>61EW5gb2CPw=dDNb7&r5NGhzZvlK;}E`Oe#ISe zEKOrXM5d=htCg_{a&wlNVkz`9g^L!)L-wbsX|9MzVQ}}YgS&5~&wQMB+O>Q5vE9Q~ zb`LqS*nX!xI~8S0dJBvGNH)K zc+KjNl48&OJDpCr*~H8#uItpyT$ZIK;b!_H4IaubPA8})5n%XpV z(YX_D-xhZ|W2e7<)4%_%G>deBctxn+ryH)|8?Wpz(_YV(gO8LIN67vM(?r5T%vi7e z)xq~K;K$d{Fi%B9a?kDZ_0LglhbApo?zGxc$jk=~QNp2@<3}In^S;nI{~TGobg<$G zI_SCO0f+MLdymAzj=RX2zsP6*y{A9rSQ<< z-1OLHJyO8p6naH-u+CK23pn!6!_G$|S|e(K;*`>ZJDYIBm-4Ps3We-v6aMfM-_L!O zq1j+%gut%yNcDPWLIRE=UUsWn%3x4mcuQsLnH>d;DA=WZEws?WGZ5zI0p{vDLWhjE z(3^QL>OHFIV%oO_tfv^HLaX_q@@O$+A+V<~N}JO_qtNMB-^`!X3_TYROnjMXmT8cQ zKjz^SPz!k}5om4bC?RblvY&_06QOmf^YZyahR!fP%hQ0Acq2EmHSQIan29)3)P|t@ z3or*T*ssEiX7e&FlJgalaQJuq9c8)l<~i*(A8@qp?RkH-=|=~a`T|7Y5;9vPRW zT zk#g8d+9Ce9wq(UCho(=xFeu_WhJJ)T&Ok zJvPIR#^Iz0@PLYLp@kM&$U`HHB%-ag&d?UHp2EPFyIBK4oE27uBQ`&BoH5?S*&_U5tS#jkggF%sdnS0@z#lui;NEIj& zDIlE&bI66Uu1qg-^BP4#iCLqhVoL__crw@w{YGM5gN9nfY&@zlavVs1H*h}s6N=87 z6}#>s%>!%HG~z2gni&8hD*7SDO!;0ymwP8|U|%ml(I>yPe{(^u%$#5rejKCL0-Cm!RgzT3I> zGX5Nw&wkF})YnQ>B_tvqUqt&KOgCTcMdZy%FPeX)S(ns9f5tJYF_^tY)U=<_$n}a& z3Z$xZ-^9cj5qe86WOE?SSNucO=(q*E%N*N;<5t+JvJ}Dm)lmk6K~>|feq;4YNAz4P zBL$qeM>-87xPK~CbjXEj+)Q&riQ!jOpAv{yO(-~mo0YKRO4 zf`)4LJ|N_!eCU4fC_D?H5cDpWgYvR(Z@S`=iMRiG=h&C{#@y@ij=Rc_eyBup;w5Ov z0)eP;P;%2yFPhX8r$&|E`rK7kKOpzs!FxU1Q&OD%2KoNCnOVPv#*o#kb+OZeh;*A@ z%EQT6Y`;_Y1*fFgpEr!1{<^7iKg;gDY$yu-kQ~)7%&x>zeUxpc@um&sd0!}3T_At- zH@xef!AQIAX*_2Nn7Qb5Pz54Vy_uV!h~_O&ZD6*<#!U6*7e9*k=fxd2cJ92Xf6|$Q zvwkI{O?G}3-Ei@d1JbrYicQkA*RDcp%ha3~%f5%OC>wJT8Sm=nukI-=nh*8-$R zD_=$eMg6TqabLY)Sm{u$Iw%?^?rc>Js!X`K4x+$O0;ndOo5l|PR$>p>-sldmx6nch zEhvocAB@+^uk~Ty%viF}b%ypUg!2cJEo>&LQN}XMm4X16mL9_>WT&hOgJa)595g>r zo(4n4oUnPB_`5@;k-s&fFh{2|?_c~~ZxvzKgzZzv*=1!Jl1Aj+M5X4IS8j@tJg@^C z-Hhm&!i!~D_G{1+7UDkfrUMntgxupt7DA!vpXjNjnNay?-b)OJ^8ztYBwoIYqC-Yf z)6k&B>4tSxWe`h*G#3a>#SEIUF}#H$O35(1g@0lj6jw+*N1i9Vh0MwiZ;!DZek^r+ zY9yHAT3$Nc;_zcbB!jzd39lo~2EqnKQ51uI|DQh~(^D~?CEL)jXJ`o85{tPw2XR)4 zJI87WHilqpb{(`n4iy&glQ01t~XbMNJ^&79GjHxxVU zGIrd_1R1rTddh`iM`!CSJpM@e>5s$%E!iftgb?xscuisH2ZhE>heoibWXA1%=SzIY zjWK15mrAqZtTtvYhC>*a!p+aBA`O)dRJKv^QvI%qh8|V*Cmx_PHFqz0JJ*?P43lcwQYXw9vxV2@5!FhvG3_f}_~Af|NhuCgg_;oiq0J1el9$ z0c&nBx^70qHrHmO56uoTgZhgYudsW^O&Dr;Jh=3R3veF7uqH#Z8Fv9;e)Okc6b+gY zGX&(Nlo}dU$&mJFAZ3OaN^l0kDdTDO%|^6#)7M+6u|q?H0%kI)*xF17q)_0Qxd|wd zHlu>-VYsF)NDS2vne{P#MiB`KlyDk&7qcUb-4R<+ zf4>|{qGkQfcz--3LrKUcMHXd*<0~MD*<q_m#*+Uz2rfV`_f(SLlF46`LOd3s^J1 zR~$C+*Pr1%_tTWV%A#lJ8DG>p`OFmWn+d&FzR^s^8AILs09m?>z$SHK8sT8QM((>S z9%gFNOzP0;DnJXFE$}t{o)Irv^6V|5!9hnNW@E8vpGaHrz&$B0)E8BD<%?N3PZg*4 z21-E1rV2-Gqu1-H>(=Wk7J`jPDgpEO#7HvbSh!h8!or#Nz>3^Ea9sEhzY?a?M}=c5 zW!lB8CWcfL01{)<7tQJ~mVQT}k&}=@oxi%YpXm*ep)L-<$RWX-3LtDU_KcrTa zEdkz2MqiWWJqOSh!{vDtFvvym(GWq|Gzpi3z)hgoW)rN4|mo(}aLXZHi@akDb-Snupuk#Xrn9l$h__SD=+0 zlTCT5jBv<7r~;&%p#r7EV4Zl_{*~TQ>Hd9)SK8xxHs1My}zV`kEFB{V@#@_b9C<=AL3n}RlMVGX`chV{d7+_z1U`XhWE{Z&VC1V zo^w=C!}^8arN8(Dz4$b0QftZ<6{y&G@8DP^5y`_pHU*IkN$LdD=U_EKZz-wX<5fQf zhaEHc?Z4>1?aw9scJ`2@!5;g@t=Bw={FbmU&;P5WhVwL>K`Ps-e5pILq<%_-6(2*h zB&z%c7CHi(;y6DHXr9u{3bkN7y0GU5-eTX#ZQTFNj76u*L}ylWKu-V3Bu5AXo!h4 zq^{3NtqW)XDVce^32-9zQVjSc(`Pu;G({XY99>7Ggj+PmAId?S`Hm@6C|G1! z5}RL)SWF&eTAI@tzoKyN(I}|3@DTG8%m`%hVY8FMIxefA*X-Q)* zM$=JLqvM|iY@kr$Rp|(rU@)Y4C<>!Q!_Lqk-m5Yt8EmN{HOU?~r=c0zbjP9qB`j0v z=g5s4+Gb3vEQ_OF5O6xNsB^^gr!K!pHm>(mkC|n=9jkguD5$}Iev}`65QQ-F@6v6$ zzxHQ5KG9uqc=zNpdE4#fClB)aC%EYin7P~Ss_~bdZtvIrw1{3NRo;7N|J=`_1bETn ziC6ucZz=uh=`Vg7MHIReGr4F4J2BQ+)-Su6VgHA>$>GQHwmSqu?u`}4pF+K{!JRjA zf7;lFDq1EM)0w~6`Gw!%v2h~e@d;XaLV4?Tv}W~e(M@FHH{V@svjqb!Ub2iYzYyyJ za?o?>^f%DhI6wDzKJH{58Lhi|xopw_^9 z>|3lnA)w}=`)Sp8*ezrQy!-+$hW0;0($D`k?XWZLx`&*2hU~t#Jn=ZMd5D_RWQM%j zLlRN{x?G*t_;`kzt~gvljI_zE<0^BUFWhuc%=Yb9Xp@FJG<$YS6{iYmn*zACz4XlLOa7nm!ieq|MvJbwi|`K5JLH2#E=@=%PJIjYJP@DQln%hD#QMZ zh4oDt8^&9x&9I9JScf97z-ZQt#mz5IWf)JzTPdcDS?cehq?#Yn+;XpO6!8dDWQ?mN zc+0p+eoXl59kl)!Iy*1|mc+^P(7?Rd*+D3!jO0-!{+1Uql3~(UN@yANXp|-C(uNr; zq{Or|s%Ka0Eb1?N;^-+^RT#{IZRn?j>82zmm!4O?;*G^_!5g)Uz4l-7kF%g0{v#<5qt zvApx9!A;kcw_H=+bqlS1l=M4dM6&%(#i1+5PJ3M^vD;<(qOWYY@&S3*$9Q~EL{(?(%>UIr>1X;Eey#t5i^{uiqp3|5 zk^vXA?+QBl#l?$GE0#4XQ@nU-=MO$O{da#R*R84ysdMy;I=k=f@t5nL*z_B(rpb*s zN7S+4kvgThd)!IO{^)}qRdLh{%3b#?9(ib%*_XX`_U^8G&>MceIO~_`)@$ju8|aQ3 z=>EHk$xXAxi%zH9Z7(|FxZ;%8aAK#};Je@C!2pe15=RJS`S#_?69ilwx(J;Jvkp*% zMG6sl{L$(Yfiq^X??H6Hp)*LkU0QhptvsPz{Q%u^E#H1U-+2=~wuVc1Q{j?r%;YCU6C1^Brol%&Ihotv(E83lS;so0w4-zoHrMAJ-9*bKKuHl|oj4<4l~;d`Sqx~s2LjeQY~YQxUU zO&Leb86k&P@VYMCW_7@cpns<5p{9<)D%eoSH_P1h%VG;HwD9CW=y*qjg_^J<`WbG5 zxiu$}Qq95z$ggXDT=QGoJaY?JbAl1qnE62_^413AVtS+d3?35<4Ye)5;+l1Ri%J8* z1Ysr#84*KjJ}BVy&O{+2&Pm_VG#;w!`H45|Wr9C;Id<3uqbsEf8{}1x@q-2f66sqS zr6UW*Dj2>xgcuBwrdKAKFWn1tE5N6|3WLGG^fh_7*}g$d!$xU)YQua<<$w>Uz4S2V zM*JoXQ%bPLB+;i2LZz5Ok2iQ~IulH~43AuY>B;kpZM;v=mMOG`5|o(N2-Tn2G9-CN zVWgz0^b-W_)(D3py%P})`h!pZ9skkagp;UPv}EG7zcTUKUy;d8vi31z=53bq_=Imc zJKXeC=j@MDw~N~!W(Mu{_|(?~qwIf3vHu}-#+#@rSgc!Hu784iV?)OptXVyM-WO@u z9G|({8(Z|-@5^Azz$2G@Gt>fsed=WK@-H5|kN*CB*@T-e)tshR zT`*YvKxgOO?TE~sm%o<&>thvDvfEyA=+Q>j+#91qSJI&?E0y&7eOmW8O-<6+7;Up1 zcRHC>r+>vIgFA0F^CFXhEcgRd3ph$8f*PiK}_?>bNsxTOd!O_3X@{6^7y4U^w) zW*oBG02;7A(pMEekY6uA<9?A-?Q5=MV{H&# zB=|<5p#lHIwal+6sJ;@uEokJ)?$jr43PV%|XDB^t+L#|MB+|&%$b=jivEwND5nE`X zg`X~@)}{r4%-W|7=&4p`cqSIGc!V^b(&GE6yM7Z#`e>#Cv(#~-l;Z;qTxHFA?7L^A zv4Da?`c2d_%AE8qQ`3y2Le*xvm7%fDC`dwny)PJw#E_9O^1S`$$>zi+d1GUyOXg2X zO8|q#3`b^MY3{Ni5J&;XYIH7`69g4DeRiEv1Vi=8WG{yD(CW~|OPzj%r!z3RRkE>0 zW5RC3osmpxvLodLMv{rGjT_O%88zWFr>3DYfbV6rhS-n{lSzgMxh^GO@`IDYxFCa2 z;4r4S?nR_DOTE89vnjdp%E1>u)qV9ZresA#JU+oY1+Sp;(EZ#$bRN8~gcl*t-aGas zyxmUu?pzeKY}?MV;YZ;_Wb&UsAe%OzV40b=KztTDaIa0hXsQE5#5Y}8{L}m8SKmov z^8Pmlk67$f-HCE3at0IyS~7M#&KO zEXp(Mb;|W}sn?65sOo?sGCe&V5@`rPQFwR6bIC!ZxrB)e=1oh~pi#uo5nE`Xg$02* z&2bMu^{Hx{k8G87hG$#>Yj|MiU;!=3FLEQ2WMUU{%U>U5+L%Qy70`IHy&Z44$!4Yp zB{KhzfG{+{>xQGDG|ZJv6TXbneIE8XN=L&&h7xnD61BIkR0x#`+NkM|@GL-RVEWtJ zfFaMM3Y2hshANG24Lh1Y;C?P;3Ln+#-YX20QDWFje@p#>4};v3iX}6%5kM(dVQMqH zZWaa;cH?d`FMQ94N0o||6&oI}@E#_dkJ5ZG4Js5(3s*a-lRbv`UWenl3P2RRP0!GP zyrWE{S-nC6DzW1Wo6Xx>Li`4m{>ja~8*KLU;aAU3=om-IiKiWdY;q*>A-g_ zMT8G}?&jb(V{QDmznQ-ByGB_Hh2MiQJU_=(Q&_u{dQVnS6nxF4#ozql;MdV|r zK>vzMHhug(v|)Ww6ywo5zlf+@bpb#6FcwMm2i66Q!zqfQf8kflH~jBn@luO%d_rFQ z3O@Jjl9^TeloW%jtu8CG3TeDRa)Hb7O! z*}UsBbJn<1Jq^drnh~-57Ft+9z)3eEEZ~$3gRW6X(vH3{Z=?7qHn}A)~fT7oT+bHl_itUZz(@bpGNfc4l(0Ee9rV936%l$%3m}wV>mU zNV5^XCwr&?WRQCrJe_8g&KeZyQXmGPmF#K+N@&#Y!avIxsWVep)K60N!wx(>X8F2XMyN)>Ka%9D*wNgE^OTDMYy zO+baGR@t2mH*zpTU>&eRf}c1g@TOM!*r`^Y1Zb9!4=Kp{nT6+!{I{O$YrD^02<2Xyrr7S zB|Xte-w?zu__3sLIAl{t_xKG*`nhqeUg>+C&0!72<`0`ll(V6A zRm17A4wJEP(*6nMrCG= zNvJ}NbL4v!8xfUv-8}gI1-!$~yxU$OrysAe}`kpLW!n^Iob2%a>8`e#o`}vI@d6(RLbx|W6JL{J^2M1f*rf<4>>I?slCPd(f zQZrEr9z1aG*vnrVkTg?|o7x zmZ<4$(GQyfmT~M@y$TId`Ra5!RDVmi>MJ5eQH+g^RU6!p9f3uvl7POV3l(9a3)B~~ zro$OgaI{a&IDceB8>no}U5cisk))Z+IJDP3yOY95IVIKzPpZFbhQ==r8!}pGp@k6q z?3*8w1!=QT;Fk=Ar*56$sdt1h^we|hp0XQ*^T~1a#xlHKJ++}mb*1F!gJs%YS^f1~U zJ8GMO&)(lZoRJmgNvpwzqs7E9xaW=7j<6x zs<7A8SN^MnH_DsY*HAi+r57K5uz$tHy<=bEF%M2Uvv=8fRpauJ)!i?BTE6t@a_ za#_4o4m(B;el8zynC!G$W^^e_`q2;h`pb(|-zgrv4`b!Zg_`IYwNN%+yRH}e{k~F# zpm-SSBh{6`U{Dl=YS}m(svr3vTJ-Q`^Hizn%gtriEM8b^!;@}GGZxqUvZ52g)ZL6% zl=>K*{)^P=D24l~FUn1ep&~LhHRU}vvZ(}^y;nvN*s{7_)bC$cGtjq5`h~zR6UtXO zXTu4rgsBY}7sPJOQs>VuKF{y=!j`DS&^%gbp@mVv%=GznPpwl1=aVx%y^qpcDQb<^ z!p5?7)ERi6efF7~7@kD%0`+k~>dzE5j8-X;EBaJ-)j44wjA{;bqkdmrbP^M)#*+Qp-EYDS;-V8Dp=sS+mQrlw`f;1xre?3%R2q_wj zU-P%LLE)Z(hnA*|@i`$znLhY4;jc%C!KHb=O<5^ODnKpFY*A@GSFi3? z`=QJ?-HZhEy1{_OFJ<4PSeQ+TNWb65m*b?S{LKD{^eZs*0l416V-d&;J_*;o2IkdZ zde^utuL2`IT1N2aGxRt$N*X9O+Bn2HjH`y4|G4L1Kk zPw^NT7DdtRb}M608gy1xwq4D#Sqz=7?79c5Pqy^?JRDi3w(&nwskO`_-$a_07{W7>a^+ z+_l_sH`;awS+cb3^n^$zH_C?f<(h}&p&#*2eq2C%-EYNpQATg+>1KvcvkeA=YIG&c zQ%m43aL)^xiV>9YndR67?Y0;1xJ$9^4l+JLoh}XfGP#M@JzlI?%@5tj8#kyTP_vbe zDg!{Krl+SXB{DN^daZ6vPEJ-HufnD$<4`+lT@@DsTXm@R{K{IPXD~Y*5t*Kz?$_Wq z78x(Z^;ZS4P4xp`rmnoG-$Q3r8UOV3w0Qu74$8mL4~MHr!l_i%_;3o0kB>8R#g{Q` zRqNQ;ScRl4%gM>fN)b}OZ3+uj-ZSIuE?{eOuh-M17Tc(7b(&WKS7BnrB5>3ZEtZ<= z8fqEoRQf5gk6veG37e^n7H}-%G>|XT()eC{*CFEf>S&>bXD0YX%EuC^KU3IrKI%o| zzKmnvJPzgtCa$0+zdn>Qe#Wmpe(g55wp^WIE8T&WihK0;h$>H+Q3kEiWjK&GyO7|~ z=}e8D88Ky5*b%QAUd&jYW@&!-FHbq5!kUF5@v=$@)=)LN0Cg&I^R=L(bCF^yWdD%4%o-ONF9^OVxQ%QveC&{r}m zg(YlwL5@U(`qSmTcgj6?Xm`?A9rb!riyi$*IFHb5jLV|Pz2ICn-K&y;Hr85$R*|Zb z0m@;Ps)rvee)8k8EX%rZgHr8uIsz*=R+p%`n+Er!gtnwcg3_p3R`S=5I9c?E*Xis; z-MF6ax|#02g}YtGgrAv;f|!*WtXXI?BN-!Ya&AG%Mr`Pm6tHk<Y{;;55&u!yA%$q(o^WBsjdOc*^GIlBwy?aHigBm(4x!BSL1jBeki} zfgz5>_H!CN>>G|dl!cUsLKte6;awBTkTZK@!@d_1V9Y7yRv1zg0v}`?Tq@+!TWTTL zG6WMi`WYIIVz|}-k(&t;qV@8W`onOcRisuIzlP~t@Ikh=GF$OCK0_G_%1e?H=le2VEA;IsJrxc|dkj6OR1K#L zMO7nS69gDKGZWwcX>8jN>^+9Db9Uth(_Xnl%z9TdI`7!I-cX}9DK0UVW(J7XYv!6M zols*8s(p+?6wjtKK-q*L1<9y14ha_(Is=As$Z`+2G!0C!br(Mm+B zx|I^9RcV6?HE8yjm~l-_rN-FTRWk?-upWQ~j5lF431l&;Y^_OE|@*JN_8TH{Lc>1?FkCHp3TA`R+KKeRngL zRYBS}q^fKl!Na~HGCe)58`jGDm?1US)9MR`9rvjLQvk)SZH5eNfYycbm*%WTAs}Y# zj>ydq6dgC8%1Amh^nVI?7_S#>#x5sBQL~G63;5nHwlv(e&_W9yypy4}&ak!C8J>cEo{bw3#(UGBk{G*GH(7Fgz5mK%#CY6uBwmInwr~q-8b>7`<2f7mVmaQjyN;N>w(} zgAxpT6^#%y97mw$UJVZ4LjV9E07*naRISt!uA?i4P~c(kol;qz!Hk46bKi^6hb+>p zxe&||GY}>W*dDcMkYLNu-Ff3NCZYR@4Dys=7zH6t?=VxkLyPiq@Z6!6L#Jde`aOmQ zxo1;tDZiXavlwkq3G8`9_8Hb+M1_@iwE?P++DX0hqHt$#Q6_$ldzwAJC@!sG>7RPH z;?x%ikmZy{q%MI`^SBoFtqKr+YVc@LleqT~AvR->zF=ClMDC27scG=Yqp@K#f4x`a zx=5jojjXW5lbRq%j~b8J1XsZO#nJExqIM%O0Y{3{NBz8)r|E7)M4)RFGEz%mY<>te zNafcsr6sNEXeTq{NkcSCmA~1*OHFgtfAOx`t)2%|YhkF^8nJsRp;(Mrs%@Yx8DD`H zL!8>!H&Y3Fs+4Oqax|3^na7^!^08HYS}4&dAvnIn(kX zZyv(QZgOUZpw^2HX_Le*n9!Q~!Rq#%O1&&@~N zG}<&Y{wH)|)t`RflRXfZUHL-!7~y!y8+!Dv@x7TL@JHzV2y~I(h>G(L(W3dO2L0-w z!{MLU(d>%#>PvC@|JXabHOWyW*+NwIy#Mp=$_mZ}M>Y#HhfrqK-qSr3T;vxif#W~s z4!A(-*lQ_42!jj=YQ=wT7lukQ)2|&^CW7hKT)17yn%pV5b2n{oRJh}YN7e7^Rx;|J z2k2-%nnMY!-n;DqQQ_tw^+-Gs!>g&aG;yxw8VRF-tO4m*8h# zmZ>q#Na0L@&GUMX>%EPc-8*YoH3xEweA*#+WRujS_33NUt#aOCf#RKKD65e%i?09a1Xejw$Wjj2U!rfMUiOs(6$$b%e5>qNcKs4n zIZ?jD_6|weuc`5||2|ZbvYBF5F!y5}&X1F;zE05lRT^wTo_7qlN=wFb$-o~hV!JfN z&F;>6-Zg0<-J$oi-5ti-8bMkWt#+N3z3&uthiBHYJrsB1yJ5`AZrytbptJDQn03ug zRXNWO+HcOwTLoISdf+=&ZIi=d^SNQCU$19wt^N4%W4?6RO!L6YeID1_NoZU-ptF%@&qTR_P0gmJ$1~wEU)`4$k{{ zJU%`?#+tCupq9s)%sY1Y5i{HoGuw*zxDFMPnRaCga_j5Z>?xyk1pKV|TwjAdZ`oVA zm`zADn!LIqNHf0a2XhuiL7T9o?KC1s5W~E|SVHP_ECSCSdDzw< zlzo}zlMNE@7#7vnaZ9i6#ZJQg}1TGmCH6xxPy!3X{WGa@d_N#D7(^gd*GdA!ihXduz_Rc_>qh#}4 z^m%FPn;~`AmPj7ggK?vLC}Ul^=cJ95pYd)BL!ezO{j{STgy z`P;$;lLDo3cG4LSeVxm;IAzJcY@0xG$YdW6sTBvv1#=YFB7zyW8GN9)28NtEaH&cCk>fxjm#~4(-74nVi2)qj51dHwa1Dz zsqpM;U?y)BSd-M`DO2_b-h(y}((RR$at+3C#@H6Ys>hsP(CX{dC~FceRK8rpZkc+= zIwyRWcloE3`?$SRlYVL!v!+#h=NU2%TNimZiKhtJua(*4PbRQR%iUq69a8|5|0SKV zt~{-aL#rJ>CGyIPB~2p!+v5a@Xx4J5MpUKCsg8lE?IC+8Y{E{hPHDvXJ2zdwoM9Yj zzGPL@Ue-_5waPPh_N7)cM3zy>Omjfaj{lck?8+g0mqt0qHBKn4xdpzLUYRI8Ghh00 z39y5H^457l&YEUB>-~YlT*(PNw__T;lbXIW508)~+Csds7<)#!txv@%4hK$aUS2f) zm@nTkgbmvi(>Ol_=eZQ2Dn?A=Gl-qNujHXr2YLhl}k}X=%6wUfJCAW6kx~yiZX`p@zYSX-ajJTN-sru4KdJodc^}8Ny`I5_iN9 z++!A0s)AZFYg$7lVzjPiCMZqNfY@(@@VjD8GIL;|&HMM9as zvk(ua7Q^|E>m#1+3iV9(LAVu&Iyc?6 zO))wYr&ZwWo23!C9f9YDX!BgZYiTw$or`Qa+*t1^7g0J^?9t`{P6^V!sE|zstM)J&U;~uit6A!@Py5bCK(nT^w5N__49TexE~hi!k+) z{~akCvUh={3|VEUDMu>?-kZf@wL1M{39J#@O za0{sx`jf-#+K|SE?6gFm)fO#UGI4R zj@FQK#}=3Iii(f*+z|C_T1}T}f%YjE7rJdN>Erw>6BtW7C(WqN=Gy4g!r!HQyLdo; zNuFkXvaG6xt3(Wd}^nJQElZ*{~BZP)T()q znV!y~%HoFtn(}3C$w-$UYfAcw(@6|jJC~nb>-|>h+IEzT>kyyxIbTa881M*T`WG3X zH&JRsveZHm=J(*3I%oE3T*vXO3w0!Zl*5|UrYuZ->Uc8Kc8X>nA0NzN9k%~Sx-yX@ zluqrHJ8P(%w)&TfX~3YUTXG))qv0Kb;*ben)s#mNDnfN~LghbjNNv8^O5(6DI}@tE z^SVWeo#uDpl&(i2ZQV7H=rzjHtzkow&K<$rUG%Oq`}Z3*pztsGvC6xeHf(>d{0^%6T8vs^ ziwi~lr32d!HMHMJzZ?!Zu2Y|fkYVDmPU$wJSz0Z9qs1VdBX?<(thSTlTr5HvotJnR z>pEoDh5ab+md(@k4lHG$F$yW{PW-la|6M6@(yHXbR|huMdE(X4*#)l-fl?)X}E6` zre?GpH4L}aeAeUH-HbQcJuhZWQaCvK&c(RCGJY7A*){RZg|ybIkL&CVr&j4-WzZ;L zz$;818Qb!&x%RfaTdPb~swjsrj)|Gi%CRPOSi*Rxc1c0aGbQn|-*&_UHIShonaNxR z+bXSQl;?IW;?|OG*5hN{Pi?;QSa*z?b&Q&&_@~d#-u0qx;^(m*S}c_y(=(x<$7UAL z$e5|lOu%Bc>+9nO-ZhWw>)b{Gq{WvOMVu6r*K5Gi89X$NsVlYjvelg)4G*NIK}5IG z-4qiJq}m#PN-rZGh)J1@ah2}O?&wE(%L38;lJt4YIw~7d%;bUUZScDTs;nIAgD^SWj7O{zq}F(`2Tt_OhpKUkXOMyQb$BPbpR5CZu=M zyS%##vIlPObhJ}T*`3+qV9L_;ZB?Bbaz8@$%Q<3?B+j8&&9ka^&07o@WH@CnA)Qf` zmFci^>w)dc$t9fesVlkrjInF}&@!)G=+*moX^7|Z`LBQdi(4U#=Xq;j$D9UW3z*tj zCZ%;GN>anr3B#1x#cI+YOL&-9mV;l0$AM3(vnH4ECHQxqlD+T3V7tJU%l%!+z4%t*MLeieBRBr6v>P49Z<*^34(ZbW*D=LXGvvnk7hfB^zc`Y#Xmped#$-@e(;wY4&^G*C34b^|J%o zxhChOlO`wh=9S2(LD@W6$lTwhqQiO6)FEvmG0=uGrOZQ7shh9?H9TAi0Ai}QZp`0DNZ2-qW zIKOto=xkXDHWQEtZUq z#cp}79Umj*Jkz0nl_YBT7Pu)^o1|ELmICw}#q&*s(curhz1mJ$@M1Dd1M2aVEc%qkrIwY-Ugc zo(V`>F!yKGq{hB}M3TlD>r_~z^3hacfMykFEw{_QsJFguyQ4Vde2nq=`N^7w{_a@U0PPt4BD$tXLKC%Y^&2X z7|SBVP9YYcavX0PwF}IthvbSE6%*3^5A@&VUH+aW$3DB&fPA}tMmQ;dH3lB)>_VAU zIK<~K6;sHWriG&(rTs(l3`GL#5bSo9SyF(8pr3WVs%te#K6fUhNsLu%$f4*ys$Oc$ z7`Wpb1XFp!zhshF;gu3YJQEMk;-^ z>~S~MupcGm)FE%}RAK#!!pr%G^^#m2lzF~Y;)ncnJoKJ*YBE@q8Bi zT*`xZExtCweKF+U0to9)p5luc44ulW223+ zovBq~#=MnB1?P2rfYn}3FZOl-=niBEV?~~5t+`O27NBF+fPWz6C16J9Z6Lr}In=mU%3dT}j=M_E1qp_Z&-1S@P z&3;%lUZGL=KD(VZQX=6wm6pocHE)&9)0$Q%4cAuPzRSD(XUfh~4wYHT;nE_{c;^}Z zx91r?c-ww_Nx3HWZUk!U7|`w^ID>nslx(G%r2~}2+h$Pz{c;$t>^jFt&Cz#Uy;SB7 zTgjUpozN{);7*@%8{&_2sB?yfd?ufMSeo0|IC!k-$E4%Ma`JJ$xU;5(zjQw%WmBbg z!?=g*H_Od1%2`fdOWBqYO7?xm$I*7ENYT=EZ8PeSTdT}|*`t+Ge35#_cLsKR^5_S* zE$n(}a0l|N1)lAFpfWo`KZhba!IX+3_8yPN=jZ1nlBb`td8@oeLFNpq9c3eXaBAbE zt?s<5M)lH&WXYV=?(P^SuG;G0E&Q}}Z39M%Mzyf=4z$LJuA99|=6NMWn0I%g>3aGg zw`x-VJy!3}^_}P}meu7g@vIaKcYcj^3EJ0#X|_x8pxab}9dOIdGPCfZPQMa8BxNS! z;7F%S%7)T3I{ECFTCj5IL1y1HJyoh7Q|&sD*Vov~?$Xfx+SX);<2p`z&E(@iQf%hm zjg#G(zP`?t#g%Nw-LJFo!GJbTNvo=vrq|zry+0ZaTUF?N5}8>KVvKU>#{;i)WHtUU z-xNQYUNH=i&%8*LS}(god6U(W4MSb&4l1-xNtrId3Z)W7wDh;O!q;^&s z)n#E}r-2r_z2Dutyvy$wbC&kbGraQ*zn5qDXfX`1eHrVGT&bfpTMiiQE7;0b*_Q-k zeNHU?tucBhsSSs_wxw^E@{$^#dA1cFW1XqDDuqO@a!h4+Dm&$uFksiJZxLa4YezG! z{IZE@U?*cquf7JaI@r5 z6uMqUm7UZk6d6v@%H|n(2Zns%M9h@FKnog6l!);mbz&k|vE6?}SHE`orLKg`1JBlJ z8C_ZQa-tdB<|p$qhKQhigwE2dclmYXKCE)PUVKj1Yb#tOl(Kbv7gAqyYQ}9_7r?2X zQde!={mOl3tVz2Vq-n>tVnDy81eV#6vQbnQl{v5m5R&Iz0cQTokHpDp^ElqDsW3S3 zFo5nxtr~s^7}hM)hz)Ky)`(3!3`A6ZWp9=TKF=z|8gJU8BvsJaS&huhqP>CTu{A=a zulv#N=dccCw~z8r%3gL|6T@vEH#$D-ODAfZIR^1&#QP@iX;&Cq(n-ymh?(8t$5Q`{ z6-mF;m?|9ZzRSD(@xt(E*WY=D`(-Dojmx{XHsbSQYFO0%wt0qn2bTDF#5aJ-UK5mz z%Vch+sh6dkIjWGU5b>vBc3d z*=Q>|ciKyrFy^ghiDNUdY2a)=(?3;83ib@V{h^YwunYQ8;_yDq_-|hqV=tRz@M5*J z5w9dRsMxkbC{NH>F9*hwX6{JZal%6!M*rY?CV0XuWh^yj9kH4@mzHzc-KY)$?Ktn( zGPvVBl(A}W!j_^)mhbA;d7KvJNQI~`vYHy`2)|?f1XwoQS?b^;JAU$R>7-^Lit~)u z{j>_h>4xSzW#zLJhl|u|!!jm0*~Pbx#eb3&Wz&hlxP`?_o@H@0v12~;6gA;RCUi=1 z#uauBIvm%0CatL+x$Dq;+@j6ndiBzd`Gzn^ce6M!ugv7yxN>|<_ZUB9RsV{yffN{< z*tUEYQ&Eev@#H`{6})9n3;qkof# zohfTTep|hjmZAl72UZKfH#nozB{6Lu?qLRR_#tJsC34b38?f4N3Ub#SrQ-4a?$NWK87?XF2JTo+9ImbFFSY$CGH^&>Avqy@rk zDP@jouA*Y7Gs@)TP)5AGv&Uz}p7SIoKC5t$t80<4S-*}PRg zuGOOrD5dFBQZd|PZZy$ORLsM$CZN=!RxNBTTjZ1Bjx9xWH};!*e-a)vkXp@KkH_P$ zzy9jI%X7u;;Y)4QYRBk!)19o- zR$r4uG{oc8*DyL>>eO)dw#NiJn_I~+MU~#6U~TE?=eyLQtn=~lF@36CS=7hl@$=`; z2A?YNpGIj2iR>|Fu$20N4BhVVfDVJlpHzQs;QUg{6?qN*MZ2`FU7Orz~s2J%FFJ)%HeK+JYVc2@cCNFND1)#4*b&c}li{ai zLrUf}tF5k=-PtrtKLoiEXB$avbWkVW>8lXaQk5UR{w*(S%ALFfbvGm7XWN25iKudjVOYQB% zw2LMSwZtEWSR-qKOd|SVU&EA3yH^+@X2Wu_-Zz7F$-v7(4$o_8Gl8j;8=#bqkvKbl z9M}fM9F`cEIUViNGR6jqaXYa$_Yh_Nj;+R8>@EqK#@Yt|M3F&Vs?+Bed+(HyDt%)6 zAw@O=F>Pluwskk(bMx{nNzJk85xbI0;F;8uzC991b(PIuik98&$oBOCj#+m&|{Z>_?-`Ho?-uV4FWdu{Jl(L3Dg2M^bj4ofSaXLan+ zf)cA~pM`BuqAL--)uri~lcSC}Dm&kU4!?psY;Y#bDA(6%4SE6^S!j|h9X3ZVwKI+0Q z8VHROYsg#WH{(nRNk82uV-auBG`dcg$Rp39>a^6Kj`r)FWgGi8nM6TH<8Bri$1wO={OzTit|C z#Qjagxr##HBfe}%TuJtfV8jM_lSB$!+TA0h32&1PQe(V*#1>;-=Uy|WM;nHWnd$yC;OH}N_lv(gxXbb9m#GzgC za0pGMyfneUpq8;n<|ywP^0Svwt@`q!)hxxKdLP%Rt`=}I%8WwhFI@g9xaqpy6rMQg z$ORjKOD8ptZgEsloiZu2vsZa#tR;2$j01GzN;%PpqL79VV_H%3iuNTL&&jzZZiwxf zx_Yk1qLpMM<;>2MeKnxEW8y>r(4h0TUW-l`3?v1f>oGBEUV3BfGR>z2i6TDy5TB!Z z@%$|I06<-2%7bHy1nk!{12(h-Vy`~+NCu{&CJg$O1frkP);iOfn+-dv{ws!pdPC4M)xUxA7Cjo}7T}K03&~t{ABWrSaV4h6o zpgW5uIvmI~e(yTclx1LcwW~>?%=Glk7TW%Oo0cg0Dg|TvCC#&S(#3Ys`KHgdNI*!d zdiZ=`#vFK32*8UY7c({;B*WrluDhr-^A7$n=1KE` z*Q}K4r8v6Cr_iQPb3h%3(G@d&|rjEGdrmcIy%=ZVv zW@a2%Oh0CEGXx{5eo#dgE>x$-*A-PwYjSNPVwB*nmibp3rgB4&QeBUDuOCC4^ut8h zbA9hvTT^C+c3l*xELxJ397J!n(scuB87Qc<@-Yni8rQDLv?D89D)xE3K$njk#uziN zXE=PW@9>hmYQ-s;(jN`4Z6chEpef(rXAL>BJk~vEszyCDIB#M#{fOO-E3il+ePLi+ zI~>a=H2h6e5A3`vWmMsS+kjq%2s3oY+#r*K6xO_66qtZ+E5|9D+XV`78RLS3Vcf@*w<5~8eNukG2NxA6fvP*+GG9r}BunUqZ{qd%9`ZcwE#36`Txa>&*ca$xnC6nr_t@G>>28sWd z0XJ*X3hMgcziqWX8Bkm10+J028tidglhlC(mXR8<4AV=I`?Va^f`m`A+m#)#<&fyV z)Sfy$x^{ql0g`yGmWa;d%i6Y`Q$(D#JC1M40(nA@WfyP8O`Yn)Ypnd6dyfu(l zvikjcQ8!g&CL>Ek5&gw}uuk8M;0-XKA1Sb;_a$!{zqBCi*dU`+m;Qa=pdbBi-kL|B zB$u)?3V<`oH6s5-&fA*8vts6>y9rdL*tRAYOqtBq@mqB)%n3f${e#*kWsor57%0rL zRK-}oooCh`*TJ{>uQ<10MGR;Y7PX|_Elo+&Q^{pv+*2e>yqP)5&)5-ogaNrS(=e*f zE0Rd6X0rH+?=60Od{EVG^-u|Ae2S+0z06ECq%74?9Gb{G^-=>FOz0yWL()KMMxVB1 zk5a|JWPsGf|2zyUYD!>{`O=O(M%c0%f2X|~67iIJY{KBY_1M33pIVZP#!nfp)v3J3 zS{)qZUEbw)3L`+m?;CXN;;7a&yH*)VjM{FNQuc1+LV0&bnb&vxl*K}m-P*;pfthNl ze~zd9Z=Yu*4D2jkcA@46jg{~dZrd?pl%b|{@a%$>+qEQUG5;?6EvXssOfJ0{ z#Fl(12;J6}6YPcIjvyK99D3H*Tc|}u8zNN4l4WH87ajF-udCir7|n zNHy-%YyH~4ibaX%9p^i0I}_)>v+UA*S#~k7uY*^{H^S9MJ@H@}%+#&)qjk7ImBWqo zORk>Sp>_^F<63+QQ4hRE`WY|5AuN><=+|&Ize3oqB{!q1aQN3>e;LoDY^=%+Q);GE zOo0u!)ixsO*7_asGU?sMBIX&b$ANcsX)P^_muhTRI;mreO$)~#$nQ*r>!s|RlV}qb zCl!zN)R=l#1-U#ESZrchLK)gv?U;6Vj2dm-du0g%OXMY=rA-^oJQ^K~jePSOUo`f- zPDFlwehR}4(>$eF)%z2>&-xnkAJ@(-&gFWw)UlL@gnD3SmPIPX0a9+qB2c9-w1Bj6 z*jC5MYBaGl|MTZhp;XCbIi22U$p|J=54?r#vFgznZe6oZK;aCCvZGlZIJ3a6HU6n>=@kQ$c=;Ro**Vw_6{*s6 z@*ZogQYXfzn)GU_eg18nliRHGZ!Kn{FSR;cF{orY#Kinvnrz3$E{>ebuFj#Y!hKs& zVPnIA>`Qp;RH5>W7dpN)O(|ObmftQRhuRqHC}uh=aUu?-bE>N&@58=ku^Fd%H1*lB@^4pO zhUpJVO6w;Q#`<+OYE_xCXSK)8WY?yobZ6q$#G#cb(ax=?F4c{hX z$rtZ3hhnmjN%I;pVC#hRU$d;qYk5oqttsJTw5m>g`ab*rJRtBLZ1^Z1&ridb1yrXy;}x9lKS&O~~!WW>!dZyqsWJ{ri>w z9b|<-o9?t@6tlJsCd*ceEd5%^oRvmB_jNjG+_H-Up9h?@3P|cjb5IJEnAuUVQOERS zO$Jt^Y?6H)WHAP;Ym>TFZZa^RF6A{g`dUn)S-8ha{5&2H9*41!SapoCwtgOqa=i>V zsZ#5!L}pv9$qL3^i!i&3%)1a_ut}4h{W?LIJjnT(V`<{DOeIl7SEG4DpO_o-DXOK;({Eod9@)7NVX~-8S6*W@{zkdDFJHoYz zsjc5}qXo%u&SjaSp}EiMrIWHgiy4tzQ4f#xM4M6Ij}{4zwt64wn?7}g_M)~+Ob&d2 zl8h-RrG3XbaU#!DkwTMcl8$3C%3kV)NHZy@!;Uua{(4vfWwqQygE6z&_v}s$BNd)c~nCWRLO8O^1 znp!j0Y~tqwEpl#tL7NWjAWP9CpaCXprtLT*qHm`+KUH?IpsYr> z$}(d5sFFdsg_x9`A=u2phm$W|d)Ca&1v^1V_F#n+b62xf>tWu?@u0^P&5Au9C)@1k z`F!##R~&l=7B)OGQ!2zLh>q5@J;qw=D5;e?Ay+#S45Sk1FJoQo8O)3m{vhf~QyPH7 z8eV!ei6Kk7E=Y<5G>PG{C#wJ2evP}Aa{qBt5v*p379 zK`O9?gQT#W5=f{-j_gH$*{PAXQ(>Zf#ITYydyGCNNWWfqzq8c4yvrXf=?;Gid*jA3 z*@%V2@02pUX73Htg>Mko zXv7FkKiRRwi?&a}*xn8NGHntxAlgt}f`H8jW@F@yPg%9=K8e`mi3#I$6-p<0OE<8+ z0EU)Ha5ARHvz#2Xb?`Rgr9#MCK1@68+DPoBIg*WYIm~0u)pqzXhG{Z3vHkEyfuzb% zA_uW^8KxrRL1_`{$^cw$oFOE}<|}?FLXTxnUng*FMXwPtcjH|?-!^fkVzs7~>gWZO zw_|lTuzqM8JV=xMdXb?$=_RZBt<^I7vQAm_1UQvu-q$g4Hvo`_*-CmNCdazi)5XX2 z!t93hO4=g3v*2K4O*5ssOhsi!CHB5lUJBA;7Q!tRy56e&YlJSHT}WuF7pU^U+KH`N z4CNhP6|kpmnXR4`^xC7g!4HS*j)kJF6-C@alkiO4vJQ6~s5{dJT`c{#U%P?y{&f}8 z!xQJi%(6^x*`UmPO2=D}*o1-$=lNFY$Mv3gYH~I=kFz2j>Ns#;U-`s{rzWlPrZR}N zHEJn)Wkh6UhVc>a3o~Y@aHZH74G5mT&h!QbM+!w4l=?Sjj6wr)8sIe6*)lOkZ8HX1 zr?d|5_G@$~&HdxYkB^U!$NEv)G7*_pGmpz6@R*9|DXKYQy-=2vH~AE0(|L>44(*uX zVitY*x9m$tHD5Zyz{dw0&}&KmwnjpoL^i$ca>^EdcZFP;LuHJ*Ln@Kn*8$=sop*Vc zZlxHY*U>z{@_X%e^PIe<@TLDr2Yg3t*12cUu|NUy= zY~auxm!>wEXjp!mUrDYKz6NeO;f^Jn+_V*c2GDlpH6H6$`L;r{bju6}_bp=Fma=>) zXzn0!CQ?qJb_7k{G#Td{hp1#dp2JqFFmFaI!P8c|@4C*x>45X(O_G|2mi2cvO9OFX zPj1QQEJS9hRr6mu(ZM=neXec}Mfb6d2`@n_er#xAO2`s<88Ik+Qf7!dgYXZQgKk-NEM=T;0b2c-mF*F_U~ELJxm~ejblIH}ns#f#OfOMR zF-tI*q@}-`D(LSW#mKg*47}i3ZrImMnK+^L_^H16{-szAO6hK(bjL6Xpr@%mZ@%305(Tn4K$?#=RuufnnN zbA3I0i@Cco->R`jT*<^zg7K`vb;XE)U)qjbl{QU_WSu0qD+$HCShljfr>>jpy^JJf z^dJv(4eKSlCek{lyJS^aMKWXbiMQnNtko2`#Ky}qB4oX^=DWPhA1Mc<{e3{VIf*<@zsku|a%*m80;bZenmvdfShUa&bKtZJZT0g~ z8x0C9g&OOwABu2u@Gh0mDq9~|E!&>wD+k9ep=-{v(?(n0hf;=ABYrcKb3?ldca4@d zYMA$vdF~+S*P^;)qh!+LBIM{AJr*|eNqf18gAMcF7VbGIkd(2iwI~(-TwkTEzb(FV zUyc@pw}hg_Z7&ro&@X=c_@Rf@vXK#QtM{4CGd*nw>{ePYZf11?^M|E0dpzwDQ=Lj5}Y)V@^#zZ6-viZLkvq z+>d7XVMml`V4q8=A{HH0o9zAi_3P))pOYE2wOC}PQNoL;Rt`%82E@(d%I?~C32_@)4xpIF^qQP9Q!)O>Z^mxgUFZwX%01z6L~xy6S2Mb`T0Vt zNlc2d(t_Et7jE0GVStJbHB^Ge51%I-g$=d?pY$mJqsG`e|w(6 z6IeSl-z+7&cUrZLsVGCn-z;fJt6xqdjJ`oi*Iy2SR5z_?9C9>GYPKKPDBMvmMKCr- zwO}(h{y56j(oJm zt~BTaNBnY2e@beRA>*DHw$z3=?D!}|8p1HyuLZoYR3d=_@`;ENSmaF%r=Cl)5{HSu zwmv^dqZ^%Z&FLxK^LndSzm{ioOl@D?y|78CjafwV^YgQMgr$MOt3iA*U_@Ax+As()*<>Eg_>im`laxBcqv?l=QWv{m zwNqV-Kx(2HwQn2xUEbwf?jZKu{2So3$dkiaTfO)|D*ZHly!_Xq1PO9*G@2!Gic^kj zIiui@{~dXTj~q@)M!!n^WyfWJE-Py)aIRk(KB-A-sc{0g1X+89@6v3Bp@ed~hn`u# zT*KR7EDh5wO-vC?ais9nQp#J(*jA5a*Jh&}=FjSVd26RSL!E`5T|>6D?ktE9TJ4BN z)77EtQ9Z;ibxvl^2&5ipDVs^XvoPGY^zW`t~mbd z*DrqO+puAabKWAWY-oyYD+bE?WPrCyTco$DFK&pCfY#~x85fx};s%~44iD;?d0)4B zwHqK$&6i=}93)FzSrnSoUJeuIl4k0g=@hkhv&VGRwgSoM417~E$ELof7|7N9Eo?J0 z)u5={UB$aB=7Xd>FcO*9SUfRFO?wug)Tywiud|ifo*i)$km@{QUmWg2BZ zA(-WfQ;H41FwHB0GS|;PfBu|XY-C^EYHLC>DcgQMl?S%kjdeC6FsC*cG1$s>ov`^B z~j=_ZX(B@ENz6za!wE>)E=Uy$n&7CKjls+HI?sQG2d$M@o%ZSY!5z z8dgVr6If)COtP38rshXA)JlAN6rsM%4ZjyTTiAmC?sBHaZR)>QMG367rrk+L&NZbL z1CMq0C9TOHbj%jUrIn3Ui^)dQ0&S_g%%H+x@u#Xrd3YtnJb3OgvKWu-CGd^$L9CC@vF)T1^>WDF%&gsVlKG_L-&=lSO_B|~S% z!O9bbKK{5~`P{BUQl?T-$WTy*7omtd2*iV(qT(Vay|RoXcDGka5Gnknr|jtO08`ed z?B{Cc`(=eP>RL=NrIn`Vbt7oK_n543Io&aCYN1Y_O{g0K?9?nf);GT}x!JG1TB^BI z_3S7$qY7eM!S;#6w)|kI6>(@AcE&YVyvQv9GMw>*|QK_Q5%Z!i30sU*cQQBqSCtjLqMx0ley)w)g zV-}rww;}CrPN9^d5~FE53Z0o_ zgLrCQUN_!$x3ZKNXjQB}JiVht`mOSKJZAEg`kzHsHstUD3_B$-Xrs1QwV~8FWQN*= z8VJJWlY<5$w$-u+{r74GYr%v(?C8A9yZp}LHWHM5-A*tkwMl8oK>YPv)22@Q8a&Gr%YvPHz>M{I1 zaS-o`ZHz=Io6mKi-m4`xOr<-IZmne=VO)Ei+PWKvI^pk3?2c=wq6w%pL7nv}S2;#V z3H%~tT8BjDs=KebIhr+rp^OQyBujedmwr>L%$QF}XB^IbD8_J)F`}=lecm!S>0hdv zic-4M##1532(nPy#zR&%p;%LY6^hBK;9+sb)XO^b3poxMvyH$~W_vYVY->n7RMU?q z_VJk>vi_(Ra;dlM^uUI7F_EdUsa@)NtZ!PO6?C0aJgx(?4P)y-8cs2Uxoi@rT)8id zVPRAucdUxgh&+vPB zhL7a9#n^wd{66w17{`^QOkLCb#yqjuD$TN{b#cc5cK?!@azc>wcL*ybIKrYJX;n3`8gYm9%>gNu9vU;eWaQa3W>lA0F`L;pn?n-i1%3|8vMHwSo zK9Fa8>8~~lWlS#z3EpjhSzlA12A=ezvjRDy7@xL5Ac+u)J7KNR@m0q98CnzHa#-mv za~{vs)!7+Kz)&>8o7YDSx;Z*fW5)K5hx~mQEb^9l3V$0I&i0~8O&eL$=)Wx1uW8lT zwm5KBcoJ;avaM8t>JKCcWLC!H46v4(3dx zPDfkJE4$rW>MMh%MG4cnIH$JNqq>`K2BgWDFiMXzcPRa+Rbj*~N|QD~WcIVI#vM3J z&AW7m@;beyg?o!qSB>XrmchIeIZ^1qJ|(n9y~K^8gSeFI^$2_N4njx(N`%4}|A zV-j2Cld-lMW5;%?`#cZWNteTC+hcv_+Z@qLz?lXT9N!BfrvII~DCVp)=b))HV|W)M z%AnA~a3wRWOe|$gNy;4NSz+uKSG!T)jNb9322vphcH zlnD<;fW)D3Ys%cIrQ=1>r3Gz?MTM7w^CFK0J#hepu;k{Zk~kG;l4_C0CA9QxPmgo| zLc_GUobnDlsh08&U|_K(WB(49GTJ2ZfoI*jYE-_#z|>2Cl@#)KiL|6(70BV4?UzoM zUGLf&@w8f6;fY<4rLb+?!8dEBO;hT20f`?UEV*UGvmf~XTAIgo zKR-WpvW!ex5D-gqzmi=yeu!b)S7Q8|i|Hht=*V75pRq5cGP$3qj7Z7|5Te>lstq#I z!*e~ICo}Qnmo&gA_qe{_+Th>{*GWNjh}98q;xDzw5S`{Qn^MWdL&qECrETuY$(*3! zGZ`}zYgT3isWAy#f_ZmK44-)@N%6bGB1MxWZ?nvQ`MJpvGppxyg1BQU$aBZ02T>j< zN(!bu!Mm-PvGOJJz0142EPXQ}f7zRK4P7p0|TvCTC}gvC9FagyM7ik zO=wL@NfYP?#IvCZn5_hh9h6z8-9!0VA#`a1tc+iMoj6j8?D3$Dmu|DexrInW#V+io z243=Jo_TO=3TwUZdO7fB6^OJfy2bhiC&jpf)HxWuWX}Xtl+1v>)1f*o(PCOng`|cL z{LfxAXxVC95s60Ugjm5dosQx#7m!?;(n@ovyF6y7yILNb>Ux}{NG96~>=uY+Uw2|! z8a<=g?$+6-($Hm0Aar;14id8xtXY9-X@T~nKs%D>j&xpMBlf_yM_z0zqEfvqi8|%!OfK`I+`gB6k#Z_LIXPD& zDI@-fqxS|#x|^(-L`dI;W>qT%C%XC?6G~H>dfPRyCSxhJC^Hep2V)tvdgVmrGVN@m zcX^jTQc6$R)wDRTzwbOlvYm9;q?9zn5#!RKuibEO-IW&1I(F+D3i)6S+ZeK=Wuroa zQFj~E&ukskeV}F|E;&(KyH)Bm@nmC6@~jFk?Vaqs)Q>qisih<3t#cPIZ_&OtdH#Ji zN_h{F?ofZK>L*<4!1}P{#M1zNE+{iZVcS6kUJBD|Puu zJY`H5n?EuevJ1f`ENw(;$$Vbd#rb1?hFmh5E%dJ#E1$q{V*>k?6U_?q5JB%{Ltf09HPa1 z@Jj)0_xqqmR^C2`s~ zzAzV1Iw|Y(g>l?8*AcZ+>Hn+B?CYeet=7?%ovwC5l_I2H+~>3HXIi^f79zw$_N9T!=-e^7DZI3l{q8Xd zPFCCMzkOW>q{|zrsb93Kr%z8mx(t6Qppm@ zT6YKb4k6`!p;sE`rh#3UEwRx8Cne7>o0F3qf4?eh+v8s{K2h2#yWC-yDq^{bt6eok z!UW#H8n4Ch!EDrFLTnzICQjYXu5+!J!0wyjOv>R`1;-dOX|6RkYZ?*i_N(Q7!^EDL zvCMnFQWy={^UP@6XRK^!(MAbYnV8#8S{S$OgM%b32P_(wz&07jx?`~c8#`Ipqp?kA z+_8}f!4$mjx30g$C$*iN_w{%kHIwp|vY)G&TxFbZRfwQ|N`pSHSK6umV|`Dsjl~3* zX(mlq<_-sN4sROlu-hFVD| zTEM@9%$FhB2wHuHGIP>VEwnpkmHnM(`1j`-{yTwXBSeF;%!(=YR~hXnqLBLz%2vjY z-D>NGc|(7@P&Mo4c3idX>q|z(QpdY^l5(q-pkLAt)l%x;n4vk@YUdT|f*@e!+{|1~ zEUXJdRo1uP)-|t}-fnE{1Wa(2%(H8%;w6QhZ)f03(X7=@V|^_ob&$*YH7QIw%4<_( zivyC*(9$8?7YjTpki3m(q6X2H9eGaJ+5!V zr}j!x#y{CGn^K&h9_k?_s)W^qv4+mO0Qnz^)Xg$}I6;jodj-0eGR{C%H zei^0?9qrU>m91FFvfjzVfs=zoyH+pROAQlCq};DG#IIk!_?9J#Fqf=KxXeu`UJl;jSGhUGgGnpyBj6bx6Qg2qxdTI9xS&}9j zj6x2d_*8|OOYNVZpB4lxdJxPS-SS;#BgPSHqKo=^BXQW)=~=0bj0Sy83F#sk&~Om$H|e4Rv=~d17^@t*y`mso{Qw))w!5(-&9UacG#LF{Rblu~?Cxm>HO8iHCB! z@-FZ4jbfo&V6zzB-g$<1p5b1eVfhMSGL&?8Mg1AOH=Ca;ALO*Lq#Vrd^ggRS)^Eo& z*srb0j?yZ+Qks@!*Sz%Yopsx)aE?;xS33sE>vXpC5O#5}Z(rv+X=1x#hC7#o{$DmR z23Wyt_a%NTQ11E~C_8EvzROTvMlMDr-m>c!G}935!p4=7+w@8;9kp_JiJ5*a^D>yE z7wkfoneTu=x(Ne%yT&=Cw9G4$feaC9Wr27~H~$(xIVU#dkhcs7eVvS!rxI*=#(aTk zply!cm;yCO^CV7b3$oFUa5C$ccIWT1TG@O4y9?Aiuw~7*I@gyXMuO7_rdz!fO7PqD zIL7$(>(^Y;>$nZ=sIIwffs9SpHU~@ulIL>k3K@H@2MiA}hb$S`5}%TepyJELjUT(t z9E$vx-C4Fy`sv7F=><|_jQLJ0t-9MQAK~0rJTSSOIO*$GP0bK(Eh76sp%g7FONQz1 z2k&6z5})cr{ca?!zpD?GD>zIag+o zw>tfuXZTy@89vIZISLwe<9Ngq43#rtXt1&Z=}_0AY~wMvogcU*&m1aJUnY2JIfXT; z(*V1M;jwQR5ulmQNY(#K5kmT})f= z!a|9qG**c^+M*;*n&uY`fGpiA3n|!dvbPI9JH||wL)QuTgR^Hx1L@Zmde&|f<3Z~# zM!8;1FQ|=_j%`c)q&I1MODPNY5vUxT(ZD&2wn5Ep5!^Ud286QoYj1@DRPS9c`DW2V zm+6V=hT0Lv7w%|#mqe3|D2`ZFk0p~*z8Qke#gbU%mMamlT#53G=_6*5^pu^A`t`yu zPU~$ij3_*+w>yosSYJeYiLoaRc`*-?9dR!YMN73LGtzduzK2NIr~=VNZL}4f=Y0f( z2QB!(CfObnzbtwE>>yt)cbqPpOpl{11KIY{7V}5uiR2f=YDP{r(Ji^Br0Ce6HP#0J z2|qE(V3HAo`>>L$5#L`XoXp?JLyxIWDKc3-80B5wllUeuCBcE3=Ls~QfDmP zH7p0ggO(0q(5~+qGR9`)NhR!}Q@@z&Kd?QORT}2stMdbK9V8reHj28x0%%S!bq5e*OA2_duz6 z+A+zh8gV`Y6pvV{j*>yfh8m7B<}pm|gzf8&rx)KIWyVPp)-+=hQRikF zyE3lCO-6%*XuS165vuK}5($cJ{wO>8Mk(#vt9ftMmt4&CjB9MN!znEy!;UONL8^tM z#Dnd?Qm5rG%}z;^&^6Arhn+mn`s^z$)mE#KPxB+zH*O6N@A59cU(5l=JI@fpmT@Bm zFUOSoV(#LtMdpLTjq?)NdQl4gk#8`>LIo;zv;cVe3MEm3v2vZHn`i3j~#1|S=K4Mn?1NB`j@ z;J{B?5w(j2d3RT*RYvU9Ci8RIMWWP3wmOT~uvD(!^5rj@qurtT5?l%h!Im~HTba~Ee!Dz<;%9C}>=;mNpBmvRMfEDQ zQV%!Fh#32bEzDU`;T&5T>skf%gb*FyuFw230l-<4Jqgft9Z&96(!T}T)8e}FxVCXo zT?!Gp)vu}71WCtqi&jg8P-@cvt?(tYzRSDp3gcmW=NZ1z(XQ(p2+lM!B-%xp=AV*h z_}E481N8$>nJU?w9^x(~yS+H#@Jnv?Bmah{=2 z>Pi_sD($h^6KYz`@JqAij|S^!^y9`o6V|kCmDTS+?yRkNCg&~SmxA!RF50sbd0q_uq4-CJI-Z|_hg&lpXUq;23e2(AFGyMM@Slok9QrwM{E#m%JjAYB= za=95hM+;HlfRSN0hcvbAc)YAur5O&mC$$p3tbd@BGm?V|4Ct!Kr+LQtOP5HI2VSRb zqz;%aucsiyn;{{4JVU$;b_|!h!8oxhM5Slm5sjpHN@Z7nXMzkR=`1BRKEvd#-6XGs zTvj-EXj|b&QUe>Z#uz+;Mi=&M+LWzS)AVUWtJ*^=ZQB!O*)DUVqOm(k=R5_P(k=s5VkI&CflZ9$D z)kzhzZQI8&vRWFb#c-c!OfN`gthv4xnp!n;w^%QYSU3#4TC3#B8t(X)Pg&Q8Rz#GU zo8NpeO_n{9EJag8`&aBySH@~-)^~ZA`=!704Dib2zZA#9g2|qAO061&w#J9l*g4ev zt?~@@OWgl#xrw$MduUDuH~@4^Rns3Cc2h;h5;ZBZ64;V? z_M4#nYDv@V5M@_NPcIqPt+BqbxIv`{LDDOYK1o@3*^np8`t_lJo%r-S^_8|`LwSlx zk;Lt;F>e%@y*hVcCNr`+Vrl-agrGGf2pO07*QV5u>y7VEywOPwnR)E%cAgnbX2!v6 zY9go3xvz>EF#D!*(jsy_<=_khREQmT+!?5ZB4g=T(^8~UQe#NWR?=RAWMIs)-)2@- zFuPl){nZ%sQX9NZS$NBoW9ZGh(&q!;wak*@*e&)VLB_h{*aSa&y7AfK40|>loA8+F zY1`Fk{Mf}rb=$vly%fYOJ5Wp^PrTfa!04DuuvL;uy_tS^g`R$R-taE(@^>ibh+);r zP+*15^3F3Hcsoc(Rai{ZzrT}b_~1~Tl@9E({C=3@2v-t6&@AO2c;;EgRWJ5e^Jc_QRYe-7l{k9Q&(4FMB!Q zs)YT4lTsn6`E#fe68ie2q7-chX);3w`udcT)BTi=A|!`8eO9_^kHwfsnc&if;VOZr z9!;X;)0|o|O7_S4dKc@Ztv2GDCKM-0Jne3=l=~yviiEyyM&Kb4J9NW=vtt23LE4G| zQ_EPtv{mlZOYgpk>Rq8J`#NMealy}?hsB*KI$Yq5?TQ%(Kie-|T z>4~vEykft^PlJG>z&f9wpSGuu)o3j9Yl|c$V1)CT964yCJh^rU2}BXE$ctO}Lh^52 zi-MgalOghypT$^RWT+vlkM$ilBl1Lir#{)RBYPhoA01mG$Mw!WRWo=GL`%j)X)iO~ zmeuOmBATc$r)Fd;9ZhDk4NzrpP}lm`;-39DxOQ5^WJx?zpVUSoP&ElQGMsug$`aX> zPv1)mVc(BMjj|eWp{iz>hFiW**O4C00%RcX^j@6hS(#w|Ac5ooD!Np5dc? z3kNL5@%K<=zYQXXwrK_(isMegNum|1@NC$B`W@%??#Kz00mzXi<{w!FySrN-=i>W}q{ ztMz8$?TWgrrbXQW8WG&z%dxi>1 zTISzHq}&(0!?X1H5&)%Bo1bRvGSQ4k+OCA+K?(3B9fj5SX zYD&E`iK>+|&fT!pga7?E?-GnZrlJ#@jcLu_85T}o$Z*Y~*wUVT+UE@5`Z zZ5wb!mJSkGeYtQcxW(uMSbB=>svuYPKxVA#Rr@=aC5$cQLwjR`|7Ij%!*qu{0F@?? zM=-MSM~O6x8>Ytj!?IVc+OJ1~=B*|6`hIC~&{E3#XG?1S+!0kOw2XCCrr&){GD=Z; zb+<)^RJ-mz@qIMCt1iuFXp}ex9`if8$%xcvU*D=`a<$c(M58TkJKi8}?kpr5&nc!6 z?D5K{9z%~=Q`?AWqde56>*9?DGMAhcbS$y={_*j_7hq9WzkdDt{QUg<{N#?UU9rRp z63V%I(fOure~X6>Tqj zx(Tl`Zf4tEr@H&HyPSC($fn5rK||X7rtCNG-ZYzeulYmLq?7Mx9tNr%{|CL5aiOID zjd+pQlZO&@)H#jy63OYJDVp8VG~#|dy`z7dowUsY%(%6%*edZ$&6NIbB`rJFQcCfN zm;bd2*eo_+v~a^iDGiaR$h#dg*WHkF-^9DNCSd7VEV|hCm~5+Sm#r8adbQ7j42a=@ zci5MDFvgx&F|s#(|Eqq~!YJtx1Z}cW3i74!n9a*u`Mcyl8EdeJ{j25oT>j;@?VZ|H zhp*+{ZRg3T+t(vM##LYEdC7w)oW(R-lz~?%9x}5t->zSAXkJ+glK$0^mg>hjE={vL z4Pgoqw?BUT`1ttv`1r_F%k%mC{QUg+^QRJ6JB#o58CL>So3IprL```XGmwt8QoW39 z8Gnoi9_A7h)rE<}<`(W|$^AP!Tjb7MBW0YIu|*9HGi~Dwvq;s}ugS~nq$c9*cPH$K zSp*SC0kc)99Exv)ySbIQ3~|!2jWiuFJ3UB8+R$!2V1XKzy z`!Y`&&_4hYFWVIpTW(&Q4cq_2w^ z?&deVkWjsf-JHOkt5$1tcyk*EOg&naj%{@(RKN(U(?Zjz&b)RAY03ZNKL_t)m z$ws{RIdy39%~&FzLVFsz<5fPr`ceUTQy0c|1|qUy0ty~{I%?oI1)9z+KBR`3B;xtv znWvjOu*@Q3jDP*>Uo(NFbY!c*Y?`N}Y%*icTws%7$!J?n+LgmnuI;gYfa3h(k`cu! zm*8wGush~syS+$dp*gaCuLksI^#b_Rb22dSUa;Q#{AA=#AxX;M-NKrE{cNSEnfuJ& z=j>G}OIsC^E}31E2el%GcU@RwsvR(2UL;E?QPxR< z(68I-5&E~UqYPD%`+CR{@lQTUZ5|n$*JmO_=?ptkCz|S1 zl2YNbyLou<=g*%%fBvK)EJW~MJMl+V^eYu;uia5iW~iwyZr!pb2NyVabmB*9$!|&? zDDO&o5bd7M(gM16eHR{8hb}fZ%}piqL}$sieCjODOI48ne8v8*42-J6xmX?5>~Y5f zeW6tWA>+@ECOdt`OYu`12mO>C$s**(0C}hEAk967=B<*8O4AWPZMkI^Wx%nRS>lac&lSNJxps zI(y#9$Xlgy?w4^r!<3?O_AJVG=#Og>%zxQRS8N1ruV9qpuCALCHaLu38Jk%PjayoO z2cexp%#AHNyj0`M2|-)Uy$dKNYaOwL8d}Q>FQ#D<&oqA-PLP&23&~ z{FvsIF-cBDP&t z2M6`c81-DgNR|5_#yTon5Fj-ReFtrj+Q3mDv!;IEaXNFiY?3Z;Cj$ICN_t!w?%FXR z>}c|b!5~c|Kp>m#;dnt%qj zoon;1IHxc3h~*e#zPO4nrco9tbJo<%+*CzjS@h~FdtF!g`k_)@O2n?IeD0;9s+Bqv zhdtt|KBQ>+90)#Kz^gBbObpl@rcBn~FJm2U(s^~g)L}}LYHWZ8v5Ey)mW~u{ z#^KTh4)WUXbL1g=cB-_m!wR9Ue-8xn+q>KmX1n}Kov;_$ao6veAlvS+WR8DU^$sxO zI<=jk(v`8sJ+o|DU&?1?Bc4&qervwe0>B5Iyvw_MwYzkhC?;iIi8Ry|fKi84^`hWzYXB?D{O>VWdp zNZB@-w=sh#H^fl0!d9t`Z%6hVBubvo4a;Haj+>QUy8BUT^4v<%=cNc`g_3MJSNn$3 z>Ib9JnN9{HBX|IRPE%5rWN$~xJoH=$;6pD5Go6u>jwVZ)qRMz;=v9dCn2?pdkiyw3 z88OZGQ;Mv!8%6R;qN0rW)Q{?L{Z{hX*Vn}G2P0U!Ry%gaXT*e7 zzHMqVscE=hzkbaGmhF5rL$u1xU;08>ZN!%=X{p}3l5}k~G@+iH(9z7$2QL`a^8;h} z;6X{myvZ2b@!Z0!WZrl%`rO}2O`0GCj9pLOUKXREPRoADPgXDw8rK5G?4IJAe@R_d zZVEEiJX+b~9nB=qhMzlh2#M6{{K0&Ex=D*2ltzJ8GqSo~TDh$@ZEIvGUGGb(dzW{~ zk^md8ra-Eb6?T9;NB&)_LwwkIkhM+ba}={ECz>2&6%|Wud?SvrVLOJkmkkdwr);8P zbu!TLN2$qO<&TbMWi}pLdqWS09~$6h;n4N6Vad-|d$h5nt!(dheC#?h$18{GGkfI> z&${5qXOoO_ywMdgX0|i7&3tzPMAj^wDrr(zY0#ZtW&BFWnPy({U-D^P?;-_JWB@Mb z7AXiRoSDq6q`bbv02w2A%IMQ7Z!-PQV-6-7yEgU`sFXB+ryj<-#_m|%jd=dwR$!#M zl4jdLh37aLu%QrpH=P)e0z-10asMCDAJ#k4q<4M`%%v)Kf#O;Aj86-){WZ%VyjDhqr zlUGg5O~$(NpBU!*q|{5tDK?_6wKn$==x|fV9*X(GrhXmuN}Z55y_9NTUxvM=DwR2V zoNqMO9-o2jmizw61)Fe#hK*3Na?noxMvZ{dzsQzIdBm?~1haQi{AQH#dx(TkVJwMVX*aQWjtn z=d3n0!}z0zcI=I(v`~JV@-cp zM;ZP~et5UsTxwG^vmn>EZG&NUl!1?3SY_QZ2j`Ge4j3Kp8%q7`Ml5w#o_8qSnF<_u z0Zqpm&$OYtEEKTB0K1sY%V~$1iEYn^anfsc__z95(#;QnNSzwBo3Vxb?3iKAGc{9M zjsgktY(h=S(AiO`UbDjd*A~yFIy!qsJljgp@CtBMXaO_oD*e&+Ly=pdw3M`rKmA&1 z>yX{#@Nt!?0VQoq6C6C9-l6Wy!TYsL{rvo-dQIE5b;T&R)@BN0a@((y-OQJnD$2mP z3mR5UW5;uS!H}sU0mI&B%^yF0h>oQLD5lbREl^RKUKO}$w`9x=(btW8J9kT6r3)nS zB$8puti!t*3TRxTU`{k{Z<(=Be6DGxCsgG4j1n!pAeB?vu?4!mT9Omeyd!mjp^OPx z2<+Lr9#i#r1+w^IK&I>(ArZ({FL5~b z3oasgH(@B5+zkyjvg|x7SxQoOe6wtLsBmXcI7bz;T}qnfE7{232WHq&NpSlTcXE^3 z?6G)AAxjzT7MV*%OHN3E{~9!Nq_n|atr+5sKDl}v-%Hx#sn<&!n3!cNX$@dyr`e-+K$uRbMlR!7GxxY99x~1}=wFUcHz8C^Qadt}8D3E) zDN@MHh(3+iugx`#9@=grvXAu@_~JkJgGk1-X2;I2vF<||$oDJGME^LZDSw`$j>X6dZ0CRWd@(=7bbfPFpxc~))7JtVAQahBr^@x zq@{K+AR0^6z013Nqa@BP$gpPV@)@yreOWI9YYOxC9;2}C@?XY{7OpWcnr6dk(xc0bCiT^3ev(cvT}BpL=FPd)}o(MTX#7l+1cel zumtTL{J_p!=kk6Q!IvX?>9^gvZ4DlBg3)-&F~)mHE0 zO3d6RW$dwe%1WssW0lvH1IqB;QIh9@1eP-R?Mf02WCktqXMSy7taRQy%y~|^Bq`(RK{GpVw{<> zMoe213Z`_syHm9NyXz?9xbbE?;n_R`z1`)%r3MVyXZ)qrQ__x=K)F;Xe{0B3CG_|L zLc4+Zoyn40qmVot{BTz|tTtHR+U}5+9d%4qOP@DQmc&UxMV0$H{Y?Ous@TDASIy{i z^1=5hl%nZh?wKl!&UB<&_^+L{7EMk}rAC1;_cfR-BDgyOxl<9_a@)~}(k{Q~cpddF zN|e9zV#X7S`M_(2bX}*JOax+Y{?zKq-AWJ;MCX7HsP1xxQ?LuXgHdX{*0jHT@uv zI@X!Cf5&L1_{JwIWCSh?@z8O?cf_2MFSnX+JCZ&vz5ZN3C_(z;+E2vSmd~PuPFvqv z*stX@Yg)!pz=xy`?elbAIL|j zyKExj>8E#`r8KCqE#f;Fb$9Mgl0%t_xHE|R9}QRPUGP?qdPARH{Z?utWh4*%Iwnl0 z&mTPOJgR9)sf4uVbA4~=xSk>y+bO1*Y`4c;|BiLvI`?vtxbfCj2Pdm-1w+Ct>%7am z+$=<+1r~G0_Rcfl-%4<&vQgh_TMU`D-CoU#i8UJe7+wbfy4RUJM&&%SoLdWpt? za^O(E^Dt4X@Nc8bOQe~D+p!np;UF>t9WU~Sgtg_I{#uqzZKWb{O95@FEp^Sx&+9eM zr5>n+9rGF3sbq5dG92xYY}d!SN>4hwl3|~`+4XGl)lzC~+*>`Cg(__UkDI->)wzTR zg%>urNrq`gOTOpzm9(t3<40@=iY5-bP9UXPNS0T01~6ef>nK5AM$3U+PS%&j#!_S& zi@)W|*}Da_3{7JUeONGWF<)jmO6Iq?ipr(gseBeTr4R~y2>=CQX zn$cw9C-K(T1WNh>70!S_)RkasD<;iP4Rxhs=G_ueeU0|%GS-oKbV{09x>-!d6eqjx z)x!p2uXNA8&Z$y+14G_Sm0INz32g;{Vcu+Q&f5Yc2ZdxYw9{*JT}i8QewA9v-*lGb z--Md6qFmWA2$=7X;8+(p-^SIuyvr=_JOeu|he%eoUd-ix(;v@6#x62^iN4r2sjX&d zz5~x6Z3T+v4fc?>6qQQk*jdI|s7ZFH50zdNv+P`W8KR<|r91IoUPgEqj1Tj3s@mmY%!oj!#hYoMS#G zF9ozKrK;Qdl}Xd#4w)(bSYIy2>*Cq`mn&Oa<+c^KWw;>27T!k;b*0Ogib~j*`utL{ znD&k4cNn068E}k3a$=IED#rjoqZd#dt zHNohZ%Jel^Mx7+gOdF5KfbS^AomGVrw3 z^eQE2>4S+AljtB$tGqk!rr_k6$>>8z@A58XF&FOdJi}&KB$Fkp7D@gu=NbGZ?mIIO z3ON$A%BVZ}?~DOErc=Um{f2o7b$S@Tvw|5(g6xPS{&IXRN5`FCiH(xgvyBf$%}W>^ ziuG7JUXpsr=T4=xok3KU4fN?$soS0DQzDXTm=%?#G)_bztC5Ek!K7oL%r5#mn`xV% zmKf&0+yRuO)EIAN!`&6hvU8k_ePcb2T55i*E0By=8NPCv#|qp-F*eIxk)k22M>TA) zJAahA;@w>U(FQBlOsRQS&uqt8zeHTX%_M_Vz7%W=3m*CHFuF=*Xkv2)+Ajo zS=|xend#1e#fCW+SQqB(Wd;7284V^(Wf5jSwaDaYR{E4aBzMQ?OwCw*xgP&zgqQd{ zUN9Kz{h6RCVc1?OJSeBYMNrDTO}x; z>t`#?^|BZn<*_dVDjk-t(bj=-tRqFbTY|Rau&w@1l(HA2sZKM2Wjp@LUP{jzSJcV? zVtOb=V12rVNz~wXB{=Dc>i67rDzL>Hsi;O))(;|+ZqioY*A{@E&c9g{r1i??2DS`0DW#~J=&N!|NY?qf{xAJN*$H4 zGND#JO)>-@2$sdD*)5`{q?5*O(C^rs%Gouc-i-cP3MN6$4rwD+S(9ovhD+k+IR`#l zl_e=TY#XE8EH90okD+!_nA;z0appF4UK%>-*!aDyC#5aO)mW$FcCoCmQzor%lD>>WrbFeSs0tNZ`zbgudqr8s zy4ZfMXXZ;6E^pZ;7hC9>`2Bj0%E~5w8A*(X65ezNifN>t>svzF9(W~VhM&I97=FKu z%}k;!U+tHmrJ35Q4byFgGGeTZOU9LDH>~C?{Yr=s&pi$A5ydVDf;3S< z5Gf*x{q+^SiUKMsARq!FpwdDS2+{+gNPs|kAS5|S_V17No%OA=X7)Y@z3;uxy*KNR z^X#+t%$n6_X6>2TfEoADA;C%-m^^ioLB^1!k-?no!c3$xomf{{k!p~>aAp}pAp~p~ zq&};W4-{G)PmB_dNhnIZPEyh+D|%D8ZiNY!abY2V>2g6vFVtK$O|x39)bWKu?7|jl zbM*8pMg}6Ja-ix%4Dxaw&2dEx%8-q68833+(i{QhWAp-?qCz_HtR+pg9FhXn4z*JH zSGF`ExxYrjCSGF|=G~g(qDzWFb_z`u{a69omI-Z20U9mFREmo=N*$JkIJrEQq|%UE z0nDgw6B=YWps6z(quwf1qDJpF@go!$EucH=!kB81PI*NkGHcFq12ljMFq;<*d4`5O zgM^$#ZzY9-D21PaMMISw${Aj{fU@&Y@=uvzw&*&;G8oC%NUT_ka?QwAl1lMV_T|=P zxFt4a$-5#JMv}=;gPEP~ID>ViAy>*UoaX8fB-qJSTx8#z7*{;R6|}DSCp89nJV#5) zAwcFDusI#gPz=m?SSzf6k`ZOxq<88aPbtQvkER-A%OuG(D;Y88&Lnio7nE8W-&m5A zwL;?qnyBWuoP*o*)AQIeZC6 zx01sJErzzI+@zx{ET! zByc8YrQBFBRBC}bzRZOnYj}}JApz3@69@{K=Gl#^%Yh3d%%UGO!4|>EgvokjqM&ld zxrc1_GG+kfB0juBwM@(Cq@$svGMO-?D2q{n%ht|7HVpcyhg${R-tREelI3hf2DNz; zvP}qJJK(5rm`6}MSDK$wxiM8zEen#)Ho`+aLN*&jZgJc#D|5k&N69jk3EZ(beuI^= z#;oEmD53!xKuAMY`6esO3NZ7NU5R-dyJl9c?5E5@*@w!gWU5%iGYZ#AJS=z$72`&& zJ7rUryend1Bq?J8DBxSV!p)ST6H5${fEjCVH1yIjr@4y)& zblaVYh|rbT(j+0tS&omg3+vL*UyeTvEd`1Mmm4tAQI2GF$Xw7yS` z3ylm+B5IJO@Kmbk!&QrOnYt2-I3I zhR|s;wEd(^o!`OkI+PYJwl;)+Zr8{=R zy5po#iPn{yOh?KNj};b<5}@SKl1A1kM=_Zs>fz?}<0AkQM{+R=V7ts|g=4fb!lpUS zH{>!VT9Av$a+VRwyTjlw8+ytj!eTN`T1J)zVl!f&-4w(;m_I6Gi%cY=5L=hqm9<72 zqTv`zDji%`Z5w3jpxZ9ww&*+!k;`sEsS+xXNu_leNiu7)NSU~lQ5rB{!h*I%S8`FB z<+hLp*%D-C&4nN&%QSD4l{D#Yj3S1THD!xRdW?Xn&&U9b@UW7)W2Zpfin#;Ztg7Uc zh6uU8V@AcOb;^h`Ffs?k0(1eqk@;c1gF2VdIz;N@y5j^4C4=)=MyF0zXv&ncd`f+N zJ>xiDsONElKA zs$nhSUwM@l{fp)&E0Ic%3Q7<^VyLJ#shl03ZNKL_t)k15(n%3{O`@QQ4ju z*Ni0D5|lvAj}oJdMW{_MRCD>uMAG}r2vJt}%j7S+JhEx@NEU?=DAg*<#Dpn^N_pQ1 zxv;w-C4&VABa(E-u3xi{wdBO2a1;eDgQYQzMGO59iu2I zV8(=Zlvap;sYdC*R2b;hmB30#qJ>c|NFjUOCzoWcYvk)fI5I4(^s6Bi3eDJ{s z^d!;05TumqQ%XQ13%MB*Ik4g#lMn!-4Hq{%Fv93xIy{Pqh?q2KQgn3mo;`csfB$_P z(duLjs-%swjIovSi%4iKdLS`rlEqFgB zCT8Kng+ho+mo7c`+;a@AY^8G8WNZp&FnRLi?%lf!AwKxvgKgWkIV~>(jYzJvDBC|Z zDu8zF+P(PVi$aK#Cr{3vJzL3PG zEUQ+nf;;!zbC0g;_~}4sh%I%YVZmmzF+*i*5TH8TFwsC`TO!(b6iI>JoO(qUSn6U8~iKNin7lHY}lilP;~L62$Q6`(9RFcTDr? zj>}Q00aNjUY(Wc*N5u2thaW~nL(IUwMd4e+ZAlrYMRQ5?WBIyssht6*>tWF(J5V{t|f0wzIB25O?3rgiAh zVaALZAkyj6rwd2lG)E<*NJ|5kkOCCDgJsZcXg-(q0*p}m^^uMbaZrfb~X$(ovNb&{*QptXdChj zSfwG)APkJe9NYhY1{MuQvQ?R|O(QHTFB=(c!h}OwOIA6h*@!kxHCvPEG^$9gidB~x z$EQ>c%=ak4e*v7Doovvuv9i`(H)Xk%zs88HFJ=!YNgp4d%*@Q>S z0UfEx#bia(7Inw*@xu>493LMqgy`G1@6n@2H*el7>^%oPAX#>KrV(oVa*U=l7?DTY zk{ybAtGsMg79b0hawMhA$yH1Ok?uIKqqASlzU`5U0zXQnk==RNanks}L`3Zen(NxN zYmXj1nm2FmV0)yd2a z$zZQ`X^SRORT`>Nr}U{T^IP&$THW;s#+WiG_U{YPtS}QeUMLCBj7JHww2f?A*Y&u# zxU8(Kwr$&ngoM=8)SNnXYWD2ev;Y81S*_Op?}P!!p|C^`!z_q(F)LysqQ=7>Vb(*g z&Wx5$o0ayUOW*xu($EO#2FojG{*HPyD+a>B0RtN}Qww@GtWQ&ynJ7&cN1cmSqeuUnPgT*oKQ^~>+L{^>CvM{ zdU|?nY%FyBn>KCw_Sy=&1B&yKvjFqRxiLD4#S7n4*M#X40qK(ocj}6Ql)f@5*&RTKGh*f6W zsE!dGs4b_BDLYO|D>FoSjPe({E4gVCzNi7=nFXvCwHQp7*4Og`0AGH5R|iW!bn>Q}(W5&~^E6GfTCHQpj_uT` z6Sf!-5D*y|Sx>&&29r#sr72wruHjS~K}?;#JEc;k>prMD*if7KFJ(<5gL^h5V09VX zQploQ%f@LQVE;lxe*t8AnEQBodJY^o(8I%H)v8rgwt~nI@1WZXlGH%7%*ch~cjBlj zhYufq-+lLCTUM*JWy_Z6#aJHSoYMt3Y^{M(t-50Zf|fx$$5t2yi+#HpJ+KK$#g$o1 zuqXu0e%2LTd`cxoSB7FOnlCe2Tt*!V+ofbcUJn+FS*=zK1+)O2vf_8>s7PsYkT!u& zF%HnTwYuY?DmszIR)plR)Fd#1xx2e-npRU&Q(IdLYo-K=7&L~n2t%`qNDmVltBw_! zoUs-aAdTB-6|_ZJQ#whv3E~LMFqHWnN+h*XYLK$WDLECYIKaG;8VRUOlcofk;~a_l z8bwY60+yjhCAUcbvM9vR>h?%0d#-#(BfYTZIDGv(;a7KD2`E(NO$|>Lk&IB-7Z)>x zN)-dtOB;d+~nq|H8A!8wg)oPtQd2;8@o$*d!U|@7~wCqYKOkoc@!ZD^XzBK7w zpi%PHQE1|w39I$VlM@fAY+mFY8~Snkzm6;_dvrEHYySd&J~ zCNwaKP&}?6(Fh<~T}maeA%%=zR}J)U36vd%Ft9DT?_sE1Y|-e#2%(XwF!oIb1gvh) zo;@c{oCr71o;`c$(4o@OQZFyBHf`D@CMIf{77-Eg{PWL0{`lkN<>gT2^UpsI2?>E+ zaH}pbM-fs9$WzUF$IXoFsjMTVYN#BP6?YWN1+car*S>oSdAJl9FrJ zu2F)i0YDN~INA)_hB+}xmvlw2a;`y;&9-v8Xo1u>S##)#SQ4EM6Ii%O%E&dSd?>$I z7!p`CP%wEi$EQ+d6IvlT1;wCr6IwvGXQ(yRh?bFoQHW;8ERLTclV!qU7qt_NibyR= zSa-}Xu)ruBcha$#=`<8jAECTc*~;pZ*U1V;GiDNCEy{msG3Lci8KLsoym@n*Hf_3e z>2mh$*`-UDqA->2Ci|%n!e+Bs9KXH5+EUU$6-4!}k(W%Yt`ZgPuxNO>c=6)LAAc;< z92XbYr%xXtL{(MQ7hilKBxf%#FE@8gq0$J&Kn>?Vth7?s!~Hn6~Atgvjr z2=uif9Zue0QxG)NvtfaEDxc&Cq;o^rMe)#m$PZ=tPRwt7ms!d7^Wt{bN z)Z}Dray*pVr8du)(i}&1^bxy{TcqhSMtQkD<$`g<9^p+EBA^M#Vd=UKtC=Wy7>$tz zK!uCl&?RXZ`UrWX?_gmS1|XpdV$_-hBI@!wiR2c8qc@Nww(v@qx(Os3CgB#caZ>3N zY(13h;EW6QSGHtoOG>|>v5s1WPP#T~21c$Y+XMcUUziz%3)+yb>o%Kh(V|5%gPLlD zsq{X~Ua`K3m8U|Z+$mkyq+N!M;zX(Hx?Wsdym8}3iU**ostOWVH8nLq{`jMiveIn4 zBsZtLW5h2jrWC2tYmgp!X`4}bicOZAr>EzD0R!OrjW^!N&d#Q0$;iMl5}wn?a$%GO zdXwHU5sq9@5F1e1KfQV7$`zBL<}G!34e-AVbjQJ`Xvi}-dQ(H5L0QFV8NLEb7*Azc z_!H!fnGxx775Ye7(ZuYq^N@?7bd)@sTQ;pltxE24WV170(PQp!%EBf(mOCU?Q7&v$ z#VHMct)#9R*~_)$VyM2sg9m$idkZ1ftXV^|S5P27KYz}gIh{InI&tEJ%&d#UDdB>r zvFc9iQu|S|&m78Vz$7=SWDxJuy+t%JPBxP4owtewVZDi9_Ci^XEI*@UzWj~Y|$Kn z@`X$1P@75_G7-_>CRDu)z0jqxgb^Mkpk`$evF4~L8cBwdAq)g=R7*I1L|CZ2kCAP{ z4l`yGY6alYRM!c}7MMDHN zj8?5$LDzrc#EHFo_hMaSoDDE&UFLMmzgVDS0-*y%rUIr}_E$#B9N!3v!Akq!eBAwD9 zB`qP{h=4Q*NJ=Xup@c|Cmq;4ly6^Y>?|9>l@g8vRIs2@=)?9PWwQm-2ISG}XL?fN- znM0%nMi@Hs{=(Y`gQDKU$s&2xa>M(jOFCV9XbJmzB7t^o{BJ#(2;Yj?*?v`i!}(>3 z`cvN9WL~YQ7B-GWi%K{wE-ELuM$!M};{Zb<^cu0d1ApaxsRKu-*W8mo9^?hQcCi;& zS1#J}8pVhYKA7zjZUKghx|T z9^91-PX^O@RE)!LO5~wVaSZxrwbjXVmKuG=UwYZ(Xg?{+xNMS+SCJEtSZ&*8Ds`CP zyVI%F$JZ+w7| zj*uvZxjdg^fPTw(fCp9vQ4zh_zYNYt>1TqD zlNlBsXN9;UE2Gx&NT9tUBJftM&<4vX{0VQG!uG=ou0v{w@%%lgHo z+5Qq`iPaG-^`_6Q`xctgd&ci)BAJARUo1X;ug&VggY&vyD5IGXo$|Ny+k%O4_fhF$ z|Ba$<`c=`os5k>E%)EnPuQ@e~dmdP-jiMZ^32*u`IxuFnPm-RCk0|^VPDAaP>O2(V zNHx-{&T^b%>nudJsg9j!i`+mNy$R>z`O1));+ZFR>Z{1G(o6l8x}kEY=w|qc*{H3b z?CAk%xroCGx`*NH7jMUJ%FX@BjajV2YolcGQT9HS)b)-z{i&#uxHRd^uNL(58%W;@ zZA2O(v~jP9)L+xvFF)l|yps`5Q-*s6^TPd%b~jxcCg3rH9pPB>2v>G#Xsq*C}fKJhrbtlkeDAF;oP0@?VpZOqyfbk-qEpDZ&T zu(xu@xHzHJl#2fty%*sWuNjdjBEU9f{f_HwEV}O+=l1xlZHau8+@oCbx-`lT+ln+J076mhXx`dL)R$pLDH0=1Gb&Fj&pknqiak%zAf0 zbApPFm+&0E&g;#@#KfP|FYj_R8OOv*6Ri%7WS=xDjHwSH*F?@{xIT<=r> z>bJgjT5PZb)IlP0-5Z+6brsSgLnCNx&GqI7h|9C zM8)zH;FbYCGT2op0jCyl*7M$^)$PyqUY)SUI{=sH__U@vI{cnnby28lZ_i4d(c!%}$D)>rq4bYP4j2fyTuE{9c9k^NzkmNiVrz3> z>s#pxM0`_~NXBQOH^DdOfMs9T*5(5-2(8~61Lupw<(cVeSe;$q^^A=JHilE+J$sG5 zosJvKG(pV4#PQ(J5IQ>gqlXXkWI~>OZE*#%$&#j#FY#wx*SRr}-pGFKbKzg1B` zqf9QnwHd0?tAMq%fBcx&w2dIXeL8{>4GqoK-rnbE1xVi|>$j%eLE@5{>HfmqTxTv}QJ zj(qZsi73MW^dav9FWmf`7=}cC9WLKtZg-yNamTI9O-|->oG#tn-G$5ivAGF1j87@R z47bI{cf9-g^?L{he3{>&c)986>Dk%Pqy7vH4F#ToK#V87FqpGxwA{psWio z56?ZX?MVm{P7aPjW(nnYJ_qHRdB$dDe|BHjGi;I&lgdC@BdqR<)KYw0SRMgzu9P;<-2T*kl zjg2}L9l>{nt4k1}A9xOX{N&;Snq|bmGeSeTK67+h6APQi{HDj(2idv*GH$pSRaI3F4-bPn^I*^=c3Iif&E`$u z(m-5*PmYd`1`BI?M#i6$Av(AzY2U+FQrfcB0q6VKIXP5!?%W|E(Kj(M(brE;OKXH1 zhqPF%(m2=xX%4XH;YFc)Io!6CHg!Q0#H|ge^1G0#NesOWgW?_+| zG3+wP*EZJHLBYYjI{=< zGCW>>CF9uIp;>H+EXkM*OIPt62iemn#!B1x4W|^NbcfS=1mRM(D?2vlyP%3@2Qwp8 zMfz5`JzdpTx(|Nw+}!z1MnV!98HvH5m`LRfk4xs??-}+e&5>stDN4~elyXN3iinrJ zo!xTVQ`9GJE1i`0LQn~4Y2g9Ql$Msp&<0?v_BFdL2YhLAgt%R)x01KC{1(sKjd6Dj z3DyZ-P=f*?oN7=bbk?`0N=%v@WRFl;C@Cp_ZcRu&`z?lD)5lMR0_kB7lsKsSa?HT8 zzArON_pNME0v)hpSTM_&62Q_IW2eUX?#-l?x%EkU+_Y4Pj|)Qz`q-$H%C z#=#k=!2Iu3RaFJ=AMsq8J{8jga+3Q67tK_4a-X8JYL6 zQL$_+(*yndq)rBicXoEpp85Uv0%&m5ww?ruUWS+V)9`LO5cc9e`-UQGbW(oqum@Iy zerhbd8=X_Yp^-Q{e0LOW!@lVS155Y4%^o82oSq7@7!)QTEh2G3V>Ud zC`ywH?8LE5cy6GmVr}fOwY__nduJ{1s0&>YW7lCB0SMk~`b;ozak(tDJ%tD2cNbE% zpkN~)GHfy~v4AtSCEKT{JfowdrcWy2i9pK2#>OtexxTppKG_;>6~S0fm#I1C5Cuy6 z`d$ENgWBN)??$1xw7d+F^YqWPx5lXIaEFhtFP)%0PID&gS;&I$+8lc+Kds@p#KfwM z)GIc!L9ZWy4j2`>ZD3Qz%_!>`#yl#GD9}P#=}D^1K;HxBxO)K zD($fm>n_!KRTM+pr&l2B29pYqG5|)J{ujfq3rS76ANXQA=GZqILvG8@$k;qQOj3rr zK}3vrfr|g9F60lkW{DC~d-Idkm5B*gs9+b%zI3?0@K6x{cz6it+q#ibP>8uLiG5L% zJFEeuy87&fo4ZQ#Ft&6qoIF22|LN1G@Y#Ch>L)*cM#KT!z?VMLc5&J7i^5)BTFMXD ztr{O!=NJdhSN>C5$iHVo_@UpveS<}yPAy9ByBB;72s7k-@iD-a#|l^sRHANDj?>J$ zFW{{q!NU7NUNncI4?J`4+yEv+Uw{8yjU0vL_c|qtsJC&HwX{MGn&;se;(tNALqGDD z2sSb$<<8NO4C11{_R%wQbGw3W4iMR+LL9jr?ecI)?4<%6OI!4J##Rk$KZNdW;*HWwqMREZ%4r1Tnp*T&dv_-P2ftW zKdf=)p3mXZRrcfjA|l8Mz@q>zq5t(#iy#plomRxx5K7p`)*x4?zM~OwSqQ&{?VxCaG1c~TeI)I!-o@GR zap+%!EF1D8&leDl5wR9zE7#WL=n&ZKKxF3%JB!#3CqL=Ff>`dpx^O?2Ax-ym-&{}^ z+MuN7bOJIVLMq}rfiH(%Hk}UxK1<&8sLO*YqU%_)WYT`Q3W0i#D8|;Phv|d18De&_ zb8*u(c_^M7(b?@h2btH7qA?Gn&Xnd>%w*w#wwyl+_c*x)1 zfD&)6ueUZg50>AxmY0{qW;J`~Ln_D2!jeeA{~eyYyv_0XdA^7%Rl+WSTWCbgOiih& zsh1$JLzW$a0=YBuV~qEGx|#g^FTuwjgU+UuVBT)7ssCwhr6U#300APgQwrMm z^i;OAoI_cF$b};JJT`V491_aP%C@!}PzXWIglbD^grVvQiSs0ZQV?PtnuDisr||Kt z8aZeCi!+}-eFA7Tn$8Zc0I54?QfHI$u(xkhB~goefQJZB(6?`vhITWs!kEOY;{`Hw zD|_Eh(V0u2WtiyIASV9Hi zF7k#IHF*8-KN*fmDJlKsOIR@<_@7WQAiHKm;!)%6(l<7)CPb2Q{nA7!_+(@BnWoBiuMS_-a&-c*O)zuZM z1AH2^P*lQBXVYrD8rcF-9}n!9q=K)TChSWT#hmAAAh;lQh%o*_=X`PS^>MSYQX+7NAM!S7Gz~5g39tfZqz^sK_uL!JP zo_)CU1kv*tHQM9fyDUT~f5DK59rWQh7PO&Lu29cL+0xP0u7|~j9s;z|p`oF>tgOaw z=0bk2(?RoJ_x^8(_JhEB^&B*EIYf7rv@|^|DY1OwMG*>N1F#3u-Ts&6z0=Jx$mXzX zAfd~}5;7@*(`6TcSx#^w^W5~o4;6-+`xM+IOEX_!L%lod{%Za9H{2(LKL!?-s+JZ$ z4vxBp#&Y9he6FY99Qp!_F&Iw{1PL@Wlw@REYis<_Q9;;{kdx~*W=r`C44iX5s{IWq zp5QC&8z4P)_x2?1$Ftyudj*8%*jrt{p0|8;12FK;Yllc5p5oqOV?~W=EUkPDUeta@ z?H-U21WSlQT&6}2LN{z3x5b92axQPBNuh%%a`XG~(tgL5=H}+`0Acg$>ghqjgMR~@ z{3dzfGQ0NU2O`;kzvs)BFZ=uZ(3#E6&G~FkBAc?ZvpY@}$^yX^9esZb>L=jH_=E(s zeo6OlJlt4%vw*R25CX~RiD!CW142>DIWbuOy5W~O)0ZDPOGlNdj1kYyf zjmcwsIMMQ5?PwS!!pbLO}kX5?ZlO$owo&qw_ zI|Kp=U^Z&p%KMNI9UUD2ug1ny909*CPrwAAxK3?nNzG?@Ur{movy(JDpp*3>_*RLP z8ly&tO2BfWu3x-B{ow67BjP?fJp2odd-ys0M)%`Sw1#hqNJ&3;1^R+n3`mBZjwBT_ zhRC|QBiOfSGyzst3|`wnZ9q`=o%UZ=~Q5P>@d zV;7HE$Nj!Nz(LU92&(QZwR^G^pwk5rC0OLAy};X5MqUL zivTG!#z5V59rs~pbrq+}UqP+-^h%s~MH^ZtYB6`DkKbLOQPI^+ZEd|MRY}|WRDhp! zKP+h_@%j+p^1))`kW=%$^939CA0;pD^;IbD<@{s4yuJp7Fzt&gJSS~!g66NV)2y$c zZ~X|F_SH35AYftM1^lW8H5ovrheyMU7oWhzArpA+Vpxd9=d!?;WwhPV4as0>$y8$o z3S)=Q0hVl!E%1f0(NgmA`D-#vp9=4xs`-vT8`-iOVD2i>$IsN^kQbZDT;gfuAP(Ez zC`+!v3Fyrqoibu~o(~)SVX!ytlUSXrW^R>6nU zkov3JJ6GsZp<`c$y$=cb*pll@BxV#u!12i?qy$Je-|}yn&BMO22s{vm2Lg;KqEUl& zhknSC8pQA;UP=yR}kk=vLrQTxX8w!kRm8R2p>)W0={IAl51^D?>Ca zbTWS-uOT%~(P+h`90)@E7Z-nTo;QcAgw)b(Js1b2VsKyp*hNSHMD|BW(11nke+K9U zz0I5AVn(s=G_(BB)d7zPT^>-NeZIX_SVA}ZU8SWPKsfMulgN>flDaN;Jfu(>1`2=R z!-sshkIm5xzN>_!Bp!BlWCl)YY-KEb{E*X;yKf9$PuK_E9JJ!oO2wwQ!>^CA{ zqU&G<7+#>3$Hbts*2Bt_E_(8e3YJ2vTK)R9)e-Y_ClC)1cu_GiH#ax<6nvI&t8!TN z$0kNb2!|>BF*siU1-j^9ww!{9&^PM_2>@sc;nH0s6*;*+2s$8`a&zG8%v@X7R*0#% zzanb8MlLX42xLB-!USlPkdTneCO#EitCVvG0P9?x#lNc`1z%l6*xKRgLa@_%Y=TrE z1NKVWx`nVAhYwz>)H4nH8h|iC)R=~3#-LQ=_~n0JB2Gt59W+Ga3v>-AEFh@dK$X`% zfiTPk7EfJ00rCfeWLm$Q{Pg7eAQVBkmb&h1CtwHI(jb~)7mKj7j{p0a z9;}DV@8kZ7Tu~-x*ac7v@i=_pRzqhdCU8v)Yikeld{@F~M(ejn=I2G3m=LY|e4WK3 z+D<_8hQ-9AKW!6RetRrLEx$=D^oy62zrjJ zUQW4H%(LxD20vn^{S~yaL(A;v9s`xc+DV_;El5zYsq`}#_0-Qc! z?+n`wihL%5(9-Dy&O2NOJxN8o6Rta4xE&;b`V%rDLtx7Kqx!vmIs#eY*9FM}aw*(c z6u&FnLd0#{fZr!W!Wszp4Nx5F9}~0RZdC;wFbbV4G{ZMgn~5Kdq0j;w1$@D5|3GvkH}_+JCKI|Cz)+~D$;iLhWJW=uo0#}@eB6UZb_ef|WMRm^zm}~aV!e{| zj5(5bYtY(EHw0&kn1bYp~Bw-g)2EZ8J^#HRYiVyLM|M{;uqlRdH}UR z^*!gU8;Hfuh2$;)Wbm#{CO^LXG%R?mC7HYZussx4@xlHXaX>HLu*lVvU-HS~hc0?NlL7Gw;Fa-8*iz&fydE>;5Z8z1GALzvS>SIEUeAEei1 z3I@X|m`DNL@r0VKUh%S8I=$!)rQxOG6rhwJun;-Yfg+uS#6IX;TwJDI0m3BF>;==s zLN}`VTcH4K&DuR!$mWDxVTbU=I6@+TmQT7$X{L$Wq-A4s6O#e@Gl-YSjWy#FQci>W z=U65(FmD4@*~rXHBQf(f`eK%_hNq`z1dY6*`TQ?<0+8jg89-|>2biF|%YX~92`DL? z!Ozgp5QqfJJ=|h}h6Q+H-<=h?^b8EnVf!Gf!0Wh!*5wj93UavxmllMc>yu!8*|6wh z5&VlZ77DcN?EX_CJPEnfNiRn+(&@llV7WUxLB!gk0q6{UH+&N4%Yckem-3503mwq? zyNr49;st^A&U6_>kS(DNbX|Nk&@genV(azN0VxZbpnqVib+0DZHZ(AZ{$T`Jcu)=r zpZ5lSa+1!7WQZ0SUuv3Q2G<*%3i1ga9-cjw7u>JoeQ)nyP}fXl+4@0l+njjc-rg>@ zFeq);Q46g@2_cVRJyHTeQF-|mj8UMWVt_>>weOpTaAK>#!_S{TgS3cNK8X!X1-&E7 z{$CzuJ$|{$NPsEWA~Og*2lkf>@gk61$H~oW{W0K1Gl6pbS#@3>=)`Vl9RS0;|9kBW z1fiMPGJs7U)3(rChFU`yh7GnOKmg**pzh~pav7nZ_QH<6y1b0vE*97WxOR&UFU$fmQqnMNp(iUq%Km|B7g}-u3aSMEZPvSYu~VaY*w_#o8>j{} z=RNopcrlR1X3jJ_Kceza?u5rJ?zz=7^=vY8(7OHU`t1%<{YZ}be6@vnL0x>P6Cfh= zLx(5i(LsFRP6$^e0KFo#nEgf1#IPhlF}P%p^eWo~@NEg46QAQyA(mQc6hXZqzLHzL z2o@WH*#9Q>fVr)y=?oB42{zJONj*Gq0wD4pLrr+p2PLx3?41DyWHoG{nE_AU*CqM} zz#hPe(%_V`iJqRI-Dvs{ZQwrCil}GQ1%1f2a&YuqTXHgiP%4;;7wQen&F=vN13*jl zD`fI+n4p4n)m_tjAWtCA#?5U8Qw@x3>>~8iZV5d)zwMG{WbxurZH5 zVcg5XLe96wPdX{>=zzX^5g->aw}FmMnE(A2L4*o%`{L@wzsncEt?ni1O@iJDP*4^l zB{dbrV!@J`g_U({YpWZY8i;j-1ye&~0vJY+wnLjIC$&j^K+HjZC8a{J*ja#Hn}gvjhcO=G*%Wjdh=K==ZZf zx_@qx{StDqCQuTP2fe&FBacr{cjxO?O`dcK1Nw|h7M6Yb{cQ@+Q=h5v@#lna^^9R+ zM)wq@t}R)+6O^eBdRd~KTmjqQ1z56G~|!G`F}k;i9e>D&sQuS~NE zo|lf!F(Rh1csE#pqq+b@sax0U&-D=rdQ0c0Xhu}-T~Ai;Nj2rC`kwC_CBGT8R#8`v ztN;QoEI3G9Ts*n6rziXmnL2Y{UmqhAQ+5RQckBe_flxDnKOR1iM!?^*Xc|5}j)uqd z41A{xU%dg$DM!`QGes_R2TLvur43i6yn@IBZb_NqG#;G~_+6$JgyiHnjg|wLI8C?R zi}wX5^b({L>>cgxR*ab02h(NP8)Uxw3q__1^W?TkN% zEedR=zNx9YO-k(^#aHm0Kxr6DF04{|@L)>J{;i>lh)Hm;^yK};PLEBj&VLTmrI@yV zwvo-{Vmmvf_6681O@M0im~AkA<8rJ~FzR8?G!L#O94@hkbKcUTqU3y#N~t3-A0o;> z+AHgloN~zd4A?;PbOgHt66U49fw_sv&jJ!pmfCvpsFbcx9<}uU{vEWiuZ7wF5u-&^ zAaa`>ejTTA!v1wl%>b)56*wO(59DG21T&muJqOi>rl!7-q`_HL-rSsaHyy=otPdHL z6vdpAI|MjYuRr7>iAT4=*btpLS!W@mTn$QlSgq}l+v}z#k``%J7M3ESspIYEjtP8J zLAJ@xMVrHUFUM;XuT{x}0Lsa~_}7okasv?y#2A?zFpWJ8ZVWpZfjyt$ZP4tUq`kHY_6H&-`u;H?9c1RuJx1G}J^RT@0ti>z*q9@-rvzVHO!d73 z5_wohs6cYVdyqWHW$}1P7;vjGnmWbx6pi&p(f>(sv&)d`a;5g}<8Uoo?sL9=b=r?% zEu@1vy=AJC%8E?P;@UUBlej-p<@smgJ23mn3sT=^-3~rW^;9jtu0RZEPbeOMQ2HOAWefcM-0UncsD@l*fV3CFSg3!V zh7S-}zK7kQS%8Uw!N$w`c-`d#p`ui^DVYBN(_CL)Bhb0;BvAb@jM^S_SN$;Fxh29?_K(Po~lE#DTeRmBcR788mMn!hm z8_vo^$bRxon8&Rz<#|B?oycsFJbD`?2??6ysvQonrrPv;d;}k+s%?J$pBI1uI8ap; z6+*d$JEDhgT35pH@&?(c7}1{crx9WtT-&wUwTzA%QVOxzbLbw^n9cJKkdl+nEbl2t zK-+X4daN3%)9m>}GxoPY6_x)UF%gk~?J$9Of^*JoXCDxsWIIQ-p9sy0du?lXtx7Dh(3 z7wi9Sh57)E^QrsSoXO}*G$gR5f18D&k$P-%BOGR=b{7V;PVe)R6X=!wpv!s5Wh5t~ zI)hXjx|00Z{Wk0HW~yRedVe#f+@BEReA$#9-RT&O(J76QT$LBK%-Fb5J`YsK7qZ_T zCa)2G*nRmLwP2isBfGOpou!Y> z0Niq1U|Rx`Vyy&nTAxtRo-HemmX$~N;fFK1#VKV){HnybxB%b=CaMM#O0_95iRmYA zi&!=rTb;*Zb-1sgG#dUa*SJ6b3-mW&&4rw1*`UMZ=RW~TDwL0z8I8yULNGk5=bDS@ zRjq=&_cvH-N6x6F(Bb?k83=|x!8H%s&*x%`DFtiIgBR^t62 zoLk6i=h;!aE+=T{5JCK`%?JvRmS#)!-PeB{D;1vEX{AeIYs|O{GI6;l-_T@AO;f*w zymgz@JGGJEoSifCagvH>NfUO@E)+0eq_e&kpj(oxzNdVy{Fh)|@ zW=YP>MvhuDVSfW-SOxxDlne^sdIQo89KY@0wOmrTJ!t4-;z`|z`R zqr2kNY%Q1U_9e9+?|fEYNgGZS$gz2$<%%=!?WFrbL-}u?hf}!MJC{99&f6q8UZTjz z$Y4x?e}k~)XNasUk3mRFiznSYVILu#urMOvr1MP`-PR{5PVtJZOCD35$({H!G8x`{ zJ+lD@^5cuFi1+VhnCn50dI=U+2n67`fUpPP{}-&wi;IiLn(;(clrJJF=QVFg+8KQg zxl-8zJvnrTF?G*@kUt0VG^gMPNZNnfEs)38Y0BpqiE7=bb5#rgF zEX_IVflq>}gDR?<{6Rbb8#T=PwL!-&7Yj~%cp=9BfI$Y2j!e)ce2<4}vR`qEXq*6f zg5UT>Z@jN~eIIWvq)a9TwDCtf`UYe)?_Si+gNj67Pmil9+sf;TgmPTs2xL1!WOd!NM8ek zAEaIwoco_CA57FR_zU#BHz*`PPouZq`cg@Ii$4_#HVB3Q)j%AqKgwpr?f8?o2FZV+F zd;$0xpw{Al6wd4_+Ay#Z?f$|O_1i% zJ^D_T5Qo1w=7>1WR`&GV7i*K|`~LyArEmksmy#@@$4RDt17C9pI;!o+jfyHmwS4AF2 z-d3updE1em1;=mPEeImQV{c=r^!>f@8$h(%`#(OL)X!76@#_+2HBc+3NJwNA)nXJ_ zSXhoae`*4m56U2{DbyF+w}vpJjPQIxGx7||67)hje}2YtiH-WEo4uU6R2Tb#f9q#0QJhC;NbR_fIpGt?pIE#QL%Bp%@B2ksvj_ULmIbB|N<_rC%d zI`LXE(O9wcI|qg7;D`iOd)!`dn@3H)Gsf9;i60v|zLkdNqh-{^E6b#HM~;-7_q<=+|G$?E2v2i(FLCGDvh_8R-A6N^EH+6Wf#@#4uI0 zDX6cgb<(YOP|pD~jRXM2`0U$&d_F;XqDsn=aP6p~G6G*8W@BRmd1Agq312Lc0a{^x z{-@AEKk53F*||H>>03gSmQibqoEQFdG(1b^49Jqeo`HGo^W0p_J0a zUf~3!&IZ{2E8X74Bh9*Estt)XgO!rW>+Pm_Si~{>K&c?aKuQq~&vrH4Xa^?qzk6_s zjURXd!LbCet6};3Q+u{BIOztcs$ZEo3lK06n=pm~zOrS&qZoq-Lpm5O5C+j4R%ayQ z%NzT3F9omHFKpk>P@Upz9KER?FXjGF#bxf<)LM@+#?He;l<3xQqxtxws?>1(p1@}e zjGGMu1F33N&v9Yh=VQC2W`*uTb_|IH+epLKLE5jblw;q1%Hiv)8Yq7)u&NrSeYmjD zr%dR+2#ET{Zn^*tStq1Ptin?VtJXo{YJ7YHKUx~}CF*RPon=!M zUBo&$L!kl8ax&njYzqM@5F91Ybb+5GGb7{k++6p`hdX}eM0jr^*F~s%5K~WmMy0=g z{Q{RH%xq`_v;cn{JROiwWv;iGRFUXYLPI=?OZ)Ut5_hYdaJBSiL9sOCDZ#|j)O3l~|&HNW6T8UE6YI-tYI;-H48aPK}rj8C^J^RiXmna-y z^4u+c8gm@N(i0>$=mlU9MN3WX4*1Cx6e8ch{|C@R6qJ+i->sMPQx&fwj=MTLK}fe- zp!NlG4G>-+VhDjV5g2KBV*pC^GK5UxW2YrI5p8^(!vQsQb#>L%C>Ix}r_;kXPM(>R zo1@l{1>1h$?G!2G#J1*BuYU$NH}LtWDd5HhEJ&XSG#|7uKzifgsmVDO9)bEjqY+Xg z?{&*7qB$-$@t5j2_Vz93M~j3Q3_ztbAf(lPBh4B!W1SZN?MbjKEy0){C_3PT0#OKZ zI80Iiw?2%VXr1|$NWr)7{=5J!3y1#=-%py$_zrAb+_ELd+dp+L$3D=q5|R$yp`eJR zo65W)G{UPvYUz`3>*&LN5SBjkIqB3ZTDNv_Ub2T~X@r7=MB&ZH;X2BRnsJLm_kY3e z;CcevB$s)o7)vYl~_}q^bXE-;!#6uL_D<7599M#i)6hj!lxP3g&@_dQLf`eYg#gQ1QS6 z8(|L)2`;{!-&xO>rj?b?(d{29a{ab@#;(Mgz-eM@ez$bvtzKY1>ipZihaxc!Ky?a2 zp);EYT=~e%43~}&Oi%Zoen+cGdxVu-r2D*gE#*0%u*T0{zk>JQ4uxKVp!FEo%p5dD z4efPxRn_qQ&v5Dxh-A=bf1KL&(kj-O^~CDw?i`d?mgg+1nt4uk24eUtF>pHpT)nH6 zU*l*DMup=DF+SvS)*_Oqpt~|MbX(KVPPjj#jD9A>4TrO!%b0cg>G;Q1r3Ty0_$d=S zD<}Ab8kd;3{MH6N@lDg~wAG%;3U{S@mkConEp@v|Kd$v8jFJcRsdT?K*r}~Kv)hJu0upG2b61Ip>_GTAUtMb04-Fs1;^KY9O0L{N};6b9ss$imfg z_Zadd2=iC4(66^Uk`yUuXf!SaX8sO>uON{?>*Ntp56N9>4IR84b%XI^HrgTqj_XG= zO$d5Ln07`j_kLYP1(lWA)c{Mi@NNc`kqpbvZ4$4W6$y=*$-Jtg;bMaGAoQ>4clVzY zv0>`O;_ma6MHOq~f!ZIuCV2t-fG+rK3TiSTw;u75ty`IXS#pyW|709^lR&=c2cZtk z8u0z;CSWy$@&KvDoIQkLfW~(TdGR%PGTy@!5g0Sc;%{kn>Z;}*zEcQHzHl9x1zD`u zBs(@X7N}WrVNIr79V;><%1w_8=EmFPV3mp1^n`&;5TffBT}FRBWjhD;Xm}J(NK%5v z8{It-M_xr_S~0^~p>z7St$9}Oon9CrlcfP2yiY4?I!XTJmK+yrKVtL)CfIWF@}z-E z*O(Cy6a=P&@nY%rgDA=-^DtVBO3}u#VMjcR67AUF-*?7(9^_ zlRH5Wgb`zo{PCYO~Qg!`Ty)k4@Hx(W<7eT5Z;g@wSJ zKGJBi-I;n%!DzWDz9i*;%G?xA=cc8pS*}Db7?2S8q8HtlbYxnQ*^3ebTUM2wU#g=P zA-jJ3g-{ll*VCKcE;wu$v5w&uB7G$L_F6H7GQ9;#j^nT~VqoHEg{C_I5;7b|q#Z(R z+~hz=M#dUhSzX15`MfY;#?rAUE!yGL1D8wF{pDOyZOw$rQYwgg$RJqN=K zkSP~bkS#I^QipnZKhSkN&J^a*&u1C(^!%wug!2~;=x`CalRt$T(Caf*QAs{OH~0O6 z*48p?EEt$5FIU`&4#&Zz>@~ax4ve{T7$TIGl+1nm!5W)5U6-VR;FW4KNYee$xbA{{ ze94(LcMJCc4P6D%C zIjemW6%8F--fQ&JCyN#rO2b%}%JeFjai;LbU;s#`_~<6*SZ*Y9s0=5;kSyt(Nlm_z zE3ywdtu;nz>E+4?6%u`YQ1g-p&wu{3asJBQ%qm?t9`!rjxO=KTGN(0JcUR0{>bR8x0k)cpB@!gC)R6Z7frRBhPy*I`3 zehOwrgL#I5ovnETkK=Y}^FpkK3TmG8bgIW*L%1DEdSA*Ds<-xxj7BJmWR}+c`d&gu zg)VA7v=tilyIZfQMktSCz}pI=z9ou@sjV8wh+%14TMPylk+0A_RJv>$AX(m00KpId z=4#th8?h#$vak~Oal-A?#{vTBTI_P!yi1`zKeymWgdR#-T1_nqyJxc4pq*xUn>~T- z!{y49Yx{ytB+a;QiaGt3m!lIh5@!?4E5EL;PQZcFlHK|?3bKm{tf2{YKU9R_BKPiz zNEra8Ts5`^%Jxk7VuiK_24pqO>}+geP%>ZHf=NvH@`D}JZWw|{QT`xoLZ*a_-s@3n zO_)`NZP#ye8HLtS3u7s`wMXxc?lE1x0~f8IpSD`E{42~V44486w+7HP@Mwqxv_$?R zrnFw;^w&?mG-2{6CQu+R_Cw(sJ>|zw5J0FjUNoB`+W_zJ;&HW^|ccx)pL!=LatDaw!V9F*CG2|zCjNM=lG;MAPGZV_%4ex8; zXN{rHka>}Pwd7k^TMbWxTT<|mcrQLmqKeF3 zoVth1OzikIR*wdi4HFST;6`#@-o)S?I=WSGqc~`KVOi+)M#?@nG&eLHZawUH_YS~o z%y#&{VK^Q&Vi+3Uqowu|n?S>5iZpb{;|!FiIB zRdtKtfo+!|29bRgc_mXbDW~j|Az>KBTU51XEezJ2@YUN9R^aXjFFqCc1%dbf1F1D_ z3;H~m5RoYG1weBF<5cQQWPHq8f4@(ytRRfWhTTC|;C@CR8#vn%;o<;a0~r0N?gh2A zwu+ue^r47jum*EDo-fIu(So)w8n^ zh@9ls7%5s5cjo;KMT&vx(2D6~++SA*8Ie*S7GQ>Zq|T9zjSVSxBg6`wdT4cN2?sSq zK>&8=| zmrOdiy+2{}>iE$ls4X!1keZiAb2x7+P*zqJ48##Ez;|)3*rw3LSN~G+L@X@ZbsoD@(kZu6SdYM|^L8x}1~PHryDvWw?~7yw2lz-#yJfz623C3`lN0?n{Wh(a}U zEiJkfMpm!~HsDAxNl8iC$xB=#H~|4-sm0-k@n6kX@yaR>AEKkjKzld-N*qpYAr{jm z8T|V7&gn03{Gb;yp2$9YsQIRt4aSVB#if_0r@wD(ob_Sz!WNH>HKsZ^xo3KsEvFvh z=EfuH0W$?KE_D2&R<0SQOEe1ZnT^qrQhwusOT9X*CrexpH10-X0k57E@-kRQVT?0W zm*fF(z+)gATq(t2{)UmrAoQ5{_%SeWVjW3|X##SGejCA?0F0Y$;G{v)EVE~~ZX}ZV z@fybGfW`avX6s`fHXe#Hv;|-bYlb5R&d$8p_E+Ek1C!(cFHa92Fe((2MSKzx*Wk=B zgW3e9<$9^-di_F}bx38%ac$g&!fQ!FFAsaH6TrY5zp4U;dSU4FQeW_8tHTU=LD1<) zDvKHfFKK#Uc#@da^l|*)4Y*K03=H%{Cbxp706NPYob9m;E{}+-TCJxa7p?s_scmrX zb(}7FegdBsQ9oGFdq75{u+h-afMIi7!a_Drxt3x!=n&T}p1FH_=ZQYa2S32`wBFuc zunPW$a|KXQQB^D%ip<9-DQ&f3~l)aY~Ke9$Uhj;@;luuW{{8WgfX^D zT!J1@<6r>W=GkYY+w~?v{nub~zIqQj0Ss>wsK68eV9*`Jh($?fTG|Xa;Stj)`FN=C zrr-n{x_YutU~MCIWGpH2=4nrcI+o_e9-k(BvCSU&KNV0>xr%R*xUgga0lv678M=v}V21s&D$>L~b;uLGz^@*tDXeqAy>3cI-&Uzy%C*G;mO=ZQXO_dS@!%mw=nnv z(VT{Y$NZVsD0m{G=f_95tNGngUwewy0!5v0wk@R{b-sW zJ$(2ubb`RW!q~~-@L>`WXb@rCQv;Xxct0+4tt@Q$>Va6&02J`?rDdsI7(k z33MR*%kXcZoIVYl%$TXtg8tAeE+eP*@Gy)&PW$?TgxKskkcHY7u=nnP0U3;l<>eP~ zU4a`i<+>wOWa`@3BSnwyt5;B?xSZM{k>Jy$SNY4E>Wuz>UvQIv%k~59o&|=z@xt4nJw7>7~ z@82(i2%aXi&)LRi_R}YB$hRynN03N{#_4O5XmXb z^L8D%Bfn=)zNcgTQZl$*pFeVI+JKjD=CSg4tN#Jr9SHJ0MV?%N!*m@c9FTc3>op`$T z7&aXK@8MckfW0yF1?mcgKk&xp92Ny9C~)CZu96z^2;Ev2f5~s(w=^-K`ye;i3lV40 zns-F2jtaawzzDtrsgHWP7-UxUdjxvXh-vET>bOSGqyi=SW?kKnwKa5u)_(qc81nsukrB1Un8xIrH*n&6kF~=& z0||2u4Jqh8Vd&8KE*u20)&Y`Gh~iPOd`ZMcPys*^cWn!9di3c1yLbDfq-bIUczFkw zlLa(`q+@3AcNlNi)bbGs1vml*t7sv+U-9R6>qx6py>k3?NZcLmXs!^N>>o{z={ePT zdpHw_?552$K?$AjGIf~_)faW%Wf*g!=FAHD75#K)r3cfggK^t7y0UvR*)7=Vh0C9* zn&04Jc4+oaA>Urd`DI{a1mtn({Bk@=U?PtF4{F=(S0}ITR##tR-u0*ZI`Rl4h2ZFi zVquVDX=-WRJ@qo}*>F)YQ2k2++}tMs0`>FTCeg#Ms2}|DZOT?*{@Bj9E%vtr)_uIZ zNcz0UDSG|5;~msen$Vh+cYUOdZV0=hGfPA57pw~8p}MZb|L^nNSV2L7q||~V1{q?J zOI5pbGyhAEziw^banZFZCO`%om^3DU3<2dqKxOGlY5n|C(!Ryn&D>jk^vWY-wr&z89aKckht6&Zh70v(Y?Jqor-X+J$FC zS1$lj0%22%T?4W+xaez2KPvh?0E8K#9pl(BY>Q{l(j!_J03m%3P`ec{$RQFcJS`oE z3nX(?JteGQW^~wHE3p%zn{nNOFv^F@3VNw31SYVhLh}VY>TvgB-)#Q-{ULzDT#i5yY0TlX!6Lq8 zq@UGstEp+4Col}F03Q-$he*2{Ig*rrfqX#{d_cjR(P8ars>$`_dKEc$$$!wT`tYG0 ztAg{0xQ!3t(0~6eK}5|cTn`-ErPnPt&;~}x+|8E?bbaW)0RjZTjy}Bb6KQ&0R#w;k z=W!LRGy$d!yM2`UAdIoRu&@`3idGk{&p}n>iKxu$9w?Lw24wcUwp33p~s z?ndNOhXqe;gl5FqxEc;SI<|u90b23O?T4F`B7~&m>m}3E?6i9di1!S@rjcA3@J_L7PI7v zZHvQi)|l$qn4))Y-&J^~Tf+Wu<%86Tdx|Y_dy4fweo!3e?M^sWxbcnoRZ#p9Q{K_b z*`@;=Y%}_kDY|Mu{LG)3!K_v(mcfk6oL@gNS4vVRYfVm)Yn$sv=A@q5MI?C$QbEh_ z5uK&v<%e+!1_o*#J=#Kb3TWQz_K0n;K1>(&jLR^9#IDDKj%zKqRXBf=U-tvSn^eN! zrhzEM(9l-^nqq{cz8{byH-{MZHl(_zJnAbdJkaYz$Uht$9FQ-}%~5$7QR}r^92S_<0d~R~G`z(P z{4G)-gbYNM#s(W<^ykAs>AU;>LUM$!mWW7)ms(zaJ`X1+as%2&Z>pRhJwjo01Pvl2 zEhzPy*f2Pd+`s?o8QE`3kSaiVNZ1?biJ~Mmm3cokNni5cvMxF6baww+pMGn39uG1M zB#ZE}pcx1`A2eX`Pavj2X9G0#3~n8O2<{ZLcSy1f8fqNY8!{>A^Os^iI4q#pA%csR zN5NSQW?EnpL_|bHclx6pjm_Gzu!j3??a9HoMJMHkrd2)B(bpU9?$H}`d$nT?@6^_! z4HJRx3vdokJ^o^&fk%M*I}D90M0WI*NL^B%o#k)+S8`}*UEYt3G$QFlJpH-we5b7J zAa=8x(h30uOBrwkiJhra-abCgxL|NgqaH+#kNgH=i-7b((X00v&*#sdlW$y*@p9s^ zzh7GmO4K_rs!+QSpq2-HQJodAEaR`f0{3kgmG(3%Yro6x2yym7)0eGUQjC0m+%vWx zB7X%=vm|&X5em7WrePotD21?2=sK?E&F~@+)XppWJ?fBs0RIPcdXTzY&B-Cj*nR&d{a zxPR6>lrieMaFXxfAo*K?GYVYA^SgQ$dsTme9SrCS=84Ja>1d|jPEIyAFfa%S*}H8Y zcZ)oAv6-!~E6LstOH_~j zi+R_=`-cwzbigGgeCXc9`e(yL*2?G>Lik2I0P{GIi&z8Xu8xj`c7`vgBk@b{R478x zN9kcEPn0zmPx>RPs8~X(ZszyhJzNv{uIU&fLnu|~rnB`FC9wC3i`M}Z&B zFpSv#pYa#e1`Ju)Ap^Hrm49py=iJP!>)e(6d~n|X^Sw)k-{9A_dI0ikC<`Dw@$?W$ z#}@zro8$bHI)a>#7TwK8Tqze!DQc`#(5yQeJ@=kgU zsnS($wX=W43UVuYi#~lo84yD&e_YTh`_qgC&jry3A$#LJlf-8-t*Z>!@9OuD zYNbD7mYRL*J+p}DlE?*tC5Q1e&Qhsm!6lIxJGtp%rDW464~jMldOkxNLryo*5vp(w zO7S0r;r!KXU2?LE^SW`G!lgY0O&=51B+AH|X}DH)nlx4i_){*p$5`BXL48q^ZI?Y2 zi`lRW3+o&1UXw2!et|nArMRSRWBgNlB@a-xHD!)O*NCZ*kWm}qcR{GEsIE4teE@hT zm~r1wSGUaqpM~jS1g!~`t@j_&x_D7vLy=PX{+JA ze3K(d?K6*m(&Y=(0iFiuSL?MG=oLh?W^N)4q>6Usfx- zMJ86pt(4JEuQ_(lCv`xdHLpH_nM39lnIwVIz*0~1#cR&Q^B+wH`c4OEO9(pcaPt`U zEp!v5+Hc@)R>?3#Zf^QjCM}S#*WX>qRo1MFu}|v$jzoIdKNbv${2GVd@;PIpz56cd z8<~?WRH-`ikF40p(`rATl`u7C)umqcWBL?U=PYd1J44}{^pUPNW~!S?gi3WTrP7$J zrsl35zZWlI3rR{TI)HWkss;WYf{Plz+@E+macwz#xKpXFXF~BWGeO?Id!NrhKc9%~ z&U7Xk%9344$zoxL6;xT)&);CC-{;KkVWPF-FnHO%eTNx;=P%t8Zp`|EVue%Tm}I}y zU9V5Al`lJ?L|8xaCn<@c^_HH*F*5=O&BYfg1Jqd#v2#2e0!fDCM(PzW#CG_xHmX#c z?mTdqoQ{<(iQ;j0w9m#b_E}D@n2S8`QVAuGBv-=knd@&E@zL7lJdBz)8yDwo>XB#9 zyHgu*hL=9qnx;(4g(E*Bjx6--POgfHb*g_e)c0&lShJNgiD8+RMr6b{l{^!dPw-~R zM&7=yx_>(uoW}Y^E)NKyha(c;E^-)25IK9mA|-G62*=K|jw9aYO38YZL-xspdW{NI z-Kn^hTUKwM#Q)xR$+A$MGr`5ci~UJK;m(?J=GnoXQRlGFWd*AJBaFgz0ZGipWQ$uP z+$WyNnl-M~aGg^Q)~jvcv$)diVqW5?Q^_c1t=z`yt?MfxbCF#+NVP$ z@R;l-+KClAU)%M~vWd#Yvd=q9*G_oOu0Zz4Rg+U@XAix#5J)N&7B;0_NiJN1|#Kfs$3CJ_1wZvcX7i;?h6dQJX@ zRdv2Rr{I@bEGO}6*H<+e&nUGaOQGa8o{EM7WTccS*mu$cyzM(;mP`z$WW+q@BcR)H@_#{%VsPqyXtCk{5wqeJ6ntEBHh1qu;$Nvm=y>q`!rD&L$ z<<*hV=`j=^e$OD$Pb#EroR&AxJvi1Rc<#lz7;C=yvXl7!j{BTLO8PNzUlBR?sH;=F zGW@Sqp{{5zbEpR!kCBZH$E!PW;u5rvJ~9}~YIkQYJ;|iFL-nF9lGe44o2VpgO!0z$ zB;1aUZvDkgV#rk zwcOqRuv(mhi-~QY0YjSh6x-yMvZX?8Wf761tBE3%b;~T*@>pYH-w9n|bMIUsUq43? z&)Y)kZp3Gk3zeH)esydL7yB;U9n*PJ%B<1MC!y@XrU94B>u=hXUxPV zp6Tp=<2i-Qsn)$hO+ES+jq^J-`zl{N*zKWR6J7tx%vh|{nPQ28hvNFww@tGO5GXNm zAj$awk_oxJ>bg2x&R&#aP}dO?i`o?p!SnDx3p*9gI__nsw2L`-N=nSS{kY2MEX{J8 zNC68e4i6^oqt-qFvW9GtqO+Y{Y;vm8x#HdwRLQkFpT=f#_!Qp!NEXO$G2m(bg>mdy zLa@>K=Se5ZTlnSMi8K$-6d6)jU!z-gW_MG0MLf%D#X4y8tFSNFG>AENCQbdHo>d)L zaT1ftnWacqa?~4Fii;KMKP@b5pl5s%{noj;dGVg&r1k&<_Rye4y|7XCAKoHI4d}Q2 z>Sh{7ymdeEF)B8J#*{){&1&?TP*mZb_!RoZZ!>58yQpdXvoglqZG4WFo6CB=mX!+a z-IqJkZWAxfL|w(}0d&WNA0DG9Dz zc|NTw>!r4?3=~}&^tY`gdSa(#LJSOMYE5K4M+)4|5=Gd>*&zzhA)=FT>vXib7nd{h ztn<%aH?iItT!(4|(I=*%Zns1l9HS;5aEB0=|4?$*h?}}4h9-?BX`gP{sat;hNbq{+ z>4A3Vho@3`oz-Sn4^%qkDqI*yKFB62BxO`YTrM~-Xjyh^_m<2#i5A)6gyy|VN9Eq# z@OkEuu&vt3)XYb;nko~_HnX5+O_EE3{1UjVKfbcY|kxys8teqw<~_Oc-R zpOzRIuF_`L4tYgJdUc{u@MpHV-<8u`!dYDpQm1OdC&^zosx|tq=CB!FcV0TzY5mb$ zqh>BZE#op3O+b1I!O`$q0(YcVTglx1eo>oSQ=AWT350;t3K!@wJAo3RY9A)Nwhj*0 z={Q*W9RD9csxj>ExnT`u*?E0$1)_N>FMs6xvPE~7vdQ1vThSLKdgkd4#AC2)S-0<6ygey@_KWHqpYBfK8Tb5$1rON|Qna75R`@U@Ep1vaZs$^d z`Ljg159tOe&`d-Ic|E6J_%l(pzoJ{ubZ7xr+(Yx( z^a-!084ngx=vr;66rPDhPH;xu&06jl^A;iIPsIF@=y0d6%`=`DaFm=lnMb2H@vTx^ znc=P`KdW-av|&?GB>VAX1Fiq0*=r<~rEXu8=aAxfpmDUZuhzMWoU!Z$xdp9Ki1R;U z4N*Oja_SR7Ved%iXE})Oyg;86RWTHyDJdv$jdB^GT!MrgsoK3nNsCgyBd_wgeSKs? zufBxTEg4M;gNDaOkERrwALVp}`G*;43`jn0judj^wUJI;Yh{5D{Hi*w{_SxS!%GRb zdOP)eZ!l!*%e<;x?BP(C-J%p;8BKa;eR(yjq^P3vXVs|g(7s-&vFna36KWEjdMV|@ zV?lO7JMM}_`snN_`zWZ{X_m|*IK?Ft_QR?V;%z^{Vyk>ndG8)cW^}e%qmcD+Zm(XF?{X$<38?95HVq;@xn`X{+n{-ned7xIO%-r2~E6O~fD&C#` z71j0mehstcf@K>AE1{%dwR4Bqzh4Say4Xi}Ov9;v-jK6^M$F&Em`a4EjmG@YI1i1T zT}b$07k&@g9vwy(4^?pnyWwtz><}uY1l2?;{-#6hHHP0KFJlCySe-|FPR_QMO)z3` z)uX$wzVQGZjf|G_`%3CRXX_$lb7>|j!Viyii74cYjq4|W?2d5T7CYUNF#cOmAtsrYG6>kkD*JB#LSwZl!eqeJN4OKk%^bWK?w}aVsYHY+fUi_*;?|RM#}kG z80tD_iP=y|Q5{sUuc|irXdf?dV())4pI$ujp|>#jXWd-SUK6b+?`QX9#PCL$*Q4_8 z$oZZtGC@T#DQ9{VtM1(Vcw;PpGt$LN-)j~m2y;M?v{b&cic{RNJ4JI;@D0aNtHB0) zmu?|)+eCihg5zqJ6xY|76!S&LiDsN?iH~>pR>qlJC$iicRyi1H%qaET`NoXo<*uB0 zjeO$X$$7#~+Sa?&K1qILJ)Mc7*(X%A;^UGetLM|0;sSkQY?SGxAKs$DOO}?h6_0GcKGi@TQn`yQ(S*{TVO&CJ zr&!JbQT>wfPj>EY;->@BTU`S}JEe>@*cl7mvWLf#DpfM`k|o$|TSc3!xtIkuWh$8n z_p@m3_BxB-Df>8{ap2NdKPBUJLQ6ThqmYzL zG^TlO9J9SieDrt6`y&Z`ku@r%=1YnC1I+d_a@?a*iPo(v13LB!z1~gHFXA6aStxh5 zwcL5(cKMQoZ}_nF`C3->fI$N`eOiP6s=X|FT4Gjob^TS$4{-`78YXciFq&j0^msUV zpEb6lt*ZGyEWpYXxsh{xPV(7irP+7CiHL~K&9+3EFS)Nez z*1O8tGN7<(^{%YN7?o1?%ew^xqUco7tsifimXTQy<7`M5pPb z4g{mEvA$e#GGk|>e@-(^rZLR03%S&^q*RXKARn^-jaPOw1l{)FJOj@;kO_##&_8Aj<_ zG$dm(BU)rxm+0CpPFyS}vwL;lvXa%Wl9+cV$>VOn)T>7l#SsZ*u+{gOrG=&MlxNyDNJ8ab*j#C@u>N_m}PONWln*bP}XR?ZDU|) zXGk9R(8aF>#~F0_LJV(n{-d6M{M9Z>FG!R9vTbTuLu7`ppxrR7pEC1s;AwiQ=!;p; z6SPIC&mSd^q+MO)s^jWyBW$soFlu_3j6b2e@;HsGJs_}f-injQpn_jnRIHmjh{z}2 zW6WkZeVj~B`hdgGnrPkuzNBFPutwGuPN{y{ zg50qDg*EpA1t?kD&v#iiOm3^p%Jn9vE)kLfaT{ zkFX|=W>4jbv9UD_I!WVVwuwGbv6A5o#TW|A z90^aLBqnpcOA^qT*^e(~+|@RMCMc;X2n;5`Otl|NWZqII(mM){-DvGOYFi-gMbYKk z)VA+(5DY#@dNU`T}KyuQ-uH68pp4srTqqyE7*-WF~Dz zHep1!PTzMZ5kt%AIkdZ(9U>b=xagz^zf~^$n1>v=Qr{zt=YZ~DjS-V=JCnVB5m6cS zp0Z^}UoqPZm%3$&E0f_SsXdC`dN|nnfMQ(LI-llmrc%4!$WJRIJ1urjBWzB4UPq# z5T0TOS&p}?-)~U%s0aD5(<^yqw_<$v9G&8B!jTpqF5y|{Zw~R6V*A$R;zR;Ix6Z%z z6zG&RJWf2q0)#U-(8LrwdwY^9nr2S&Cb2<+xKpfmbA~SNiq~1gU#_Z0X+^2rRI^_< zCY4KzkUwe+Nj6;52l5J1ywKUx*|X<7z*y@eH}i%QmlM)omonFp6TSZ*enID>2H|qE zqgeGo0x`9=REoYP>7%`}z_G+*tNNLguP!!79!!bPsO5SbaJ*)OE2ymEQ9>1Ez2)`R z^MY^KCDWBXy8M?X_%jk{Ij)HxSnRVl5KFI|{Xvq1hVFTvBgRMI*8F-cZ1MyBIuzB> z%V)cYJ;nOzo>eg|;(vAv(Il{z>afHbhB1Z2^sDR|K#Sbe)I9~ly6L>CpD?>3s_f4? zAi*+oj6RdPZxYZ4m!n5{Jur;h2ha^hv%JponX^g-CIXL26Fc27G$(4r#ZW&*O2kpM z(hhtjhFB?009oOA!y!?u%as?GaCkh~zERSioXXsz#;2FI%eGmBv+#wO1ufUK)evpf zlK|HVwb6L{?qWh;qOsDe*GvxCLhrJC3f)G^^9JTpJX&{aTq5fym+4|pE38P(v)n6A zypU|${rSJff6aa$!ZE{6QAV|!f9!%cphMPq0mHUWjCnR(+me%<_%OiZIOLZ3FrLPo ztc*?Ab~H9XVqQ<4{pI(=9J_RS#jS{;vu8_fUbOj{yxowrBe%%ma?-TmTdl0_-w~Q; zR#)TvRAQCf;ue3}De}9$R*Z_D*-arU=L#ivk2(x@khcB+d@kU~Vw{NM=wZ8|=N~mA zTXr3H$;q`8w2&PiPfXREv>h7N6E+bX)?mAwLlC2?BOcRpEhsoXbKdQS#fj`c)A|0Q zN3{|R__x@gK>;H{F0PMQOW+-q2$1{*H{%&lE{GtQ|3rQDPR@I+eTQR)(;{J@HiY~7 z>=iV*I|9;KOC=REx*-b=E=}dQ9F>@L1cp=LwC{obJ%uU(SBW{eNeG zl3hIQOJq+^OzA*O<4q%8bw-(b**~(Zi9x~FB$xVouStE(AjrA%FY}1x_R?3A7i&ls z$#(JYw~{IdU$CiXJybibIY-M{`rLkK(RN7H&_Zc_ zP!=-Su@53M)fkbQ&9V5J+Py$Q2^>I{`4(JJ?wwy2TI~QVYmL;OMFfN(C^Wn~Z4-?p zA_WvZHBe1S{Nno(! z$yp+UW9;~zLe@Q%>h#Q}67Eqi%~S1va9VIpbDA~(;$@p-xO_8{nrohdR&C8*xQp6% zCi0cSuE%l*PS|IsrXGYSe|`NojLl7l$!C;pn2fl@+$E2iMeu_7a zpETkI%z$QxknhQp@MJ+TkfD}&zmfPpmdf-@uS&ep7msK*T274dLE42*F+e~`4?S#X zU8Nq8DGtbgU!F`~AJs1{bUoI6uy~}d{1EeuBh~MBk?nGyUQwsh(7ZC9FI7l8N@nQP zN}uyR)ptxhhUQ1H(}_a$C~q!hGCMnP%VBOdG&BV5@cyr4?8?R>OPgY9s^;d;RU}4b z3#vu~tH2e=X!Pt!L zoOx*F3$r;kO=}@f2f>A*!9NANWq2#o2x^VAdSzZ#&TLn_Qp*xGncfCJtC(~dVoCgB zY7nr^IcWgc1qt;Re)lzCfe>qwmi7XE6qtVik_H9`$L@x{(3Z?*IB4)z;HuBAyw;t*7`>TZQ={^?`ys{(E1&#$mw zsC0fzAzB?|Xtpwc$}mSeN43!Bhw{8v#>g%^+7nK)p>=|pS;!dxZd&^QqBQ`Z;xl4D zpxc#pJqe;DJs)`3G$FMRzl{Onu4yCA-8Y5dg#+P*8X6<=wGZH~o(~KZ<7!r;i!Fa; za>HFLkvv;-j5>WhY=u46E8|CXuS&MU*`U|@_tGSFrvb!+>h;oxc2`Ho^(T8ic$JCy z5~G{q2z`^lRs-2;cl78(;O2q6RVpNx`*evx!)}CF;t**e=1SB3A4}V=X!=!IF)<>j z)&MsFzzx75m(Z^=Z1+X}d+K(t*laG%D`q@La~XQk)#^w{ zfR6%z*JV!sw8EcEeZiI_x)!RcbiGCW8#Z!Qrgl>7QVQNJjBgq8Ayc;xY!H$u#QWVM zy;63{*T|0~&;REvb;(?V8H*(h!zaK+=vo+@A7!PX<$oU+8tR zY(*asOHkqF*N+Cc2=`w}=$a{DA5nT&1!a`$8RjCW5){1cvT01O9n@ZZMLVPK`V)KQ zY`=7LD(~G~9rg!OZKqbn&hF8_UR!&hA^@{;fH9_C$=TUKzj_^{g?iWaEkM%VLTLa3 zap~&7sRMUaxW`Y3X+kWVPGv?QaYRItW{`flT)*jWvL7c6003BZpkcgu$3O^z`7KV~ zKN8*)poJu*8FQ}M*;$L1&abETGyjO!7Cam)vP*$Y!F92?1?|oM-)(Ef$?=~Emo&$m z;za&f>Q&i1tzdegCYPZprY<9zbvCDUHYE`e{pL7z{X|R0ldqeO$a;>knv-1^RSsKJ zHT<;c+9n*&ntp!9ZLms_{IpR!QJP-iQ&!baqjQK=So#$ZoZd`Mrob`*!Hp}nd;5T~ z@#DU}wGY6RNX;qtr5u>W48Ds17|V_7>XqNW(-RV)*Gf{0dH(Y>6A-sLP}x7mSM%D> zaG$m|)*#^u|FA3h$taq_s`A3cXcvu5O*o%SW}r#qu;f6 z^_r+lT1(=06)~IgF}tBy<^t*Wr!P5uqSZB=I=iAH)z#qhRBVCj_&N!^fB106@K?J{ zDe~W4(S*=uA@wrW(baF1hElZ~0vy~dCxruBf`wAHPkVVe0%l{<=cy8qx0*Vd^zo}x zhUoj6OLEz5WCV2@VocJ;S?-#YkjKnM{4}SgZx}=KREW$-E2&n$dh_nZOOGlgdzcHW zUYcBS`z5&Tet+Od=h9?8+WU0DfWJe?01j&%oi`CzCr024EE~e8;ru{C^v@ z9|P2_x{@}?L>lh>k0gDkQzC2Nm$17r&C6)1;B1PMv|IX?v>E>Di9NPK`P#u$Y*N?A z({Hz4;|#i{T&Zxtgs%HN?N1VlGM#&9U;AV@ol+rV#^LU|Gm>760c0__g-#-Co}Zrt z^mk+=vSF$-rt@o%+hMi(zP>&{hutUq1rxMAgC;}?Csh+ystlcFXv4^CCA>^lyXQ?m zH93#e4%!a!vV2O8k$D@l*(d4v-`t)cs;vZXGTN7!^;_cJ#;wK{>9|sn6oX(95{uzG z3Yxc%!mgB_J%2s|28(#f)zVNsOtf80`nZ#VkR^MKcG)J{Etb0a^0KOAKmDol;Z?t- zbq2mpWmzLDIA4;SLS*NkkY|{k8`EnZy{tc<@tWpz>2Zl+nB9Dr>Wn7~uWkOwJ6!*x z*fQwkuLzjW{nTny;$HCbNww4aV0g?$ktG?#g9SDb;0|)wmgb7$5 z;kyoUk}1Lx8+~J4m3S|^u1ICZK#JK17UsM+UCOhvgL=)5?-ifP3&K>&mHuOSpR)1r z*rd{lE}e~3C-u_PcPpjXSdK||#WdI{B&V2rs~7li=km2%DmH6?QAgN7R! zx;|=ryPNV!CtmAB_eq1z4% zrFXR7^#3&2&yhR4cy=t2Q1I~w&7ZD)DyfH#Se9rPo@_u72AQk?5CGU)f-&M-Lz1ty zbLURDl;WjI^>Db?=9%xdVj0`yVbgKf%aNEUuGU-CrQFJwe`&hgsP%NT=Ot(R7W8BgqaujaX^Uc~r+~1S{(>T+A9-U|18Kre7pTEBCTj_PB|<^_nWgmx(ZX ztrqWQG7?jElgWELC1NFqD&pi<-s z^9-rm8dJtIeAa_$35K=1Toj!vSlmQSBpWJNWJ1IOPb_4`SbCF>=%#u0pZ?6)s*lFh#-E+Wk zSd}8|)lvGZ70-9dhcUm*Q6J@#?q!X+%FaaGo4EaDdrdpKmtWh8yHY@Wj6I&k$*@N= zw?Tr+&r6*m3B`X`5G%iMtk&d2&MR656N2P^4% z7t&1jH&ax(O|vd3*#H*#`Kk!iR!PXYfb%rbo#3Mk7bv%Vf>W=nm6hn=#G5x-va(6a z_DH?pEf0$hzr#p-wtO*`sgeJ00+aMG|pK zn<{i~4krF%?auz<&}<>YXnnfNqS$v?;({$_?4iNEQ*;!tM4Tb+;Ao)p<}CUk8k)$S zF{r0^%3-WRuXUN`HWPDIo5w^W^IgYlg@##?=N*TqKC&A3`$@$uinasJxQ!U!U>71N5}1y{j!MCN_R?AXNbQB zBUKg(+_gtqvAd!t0$GL+9luq)okfz)ThwB^>hn?qgw$Sfm05$=Q3#M zU1+8i6<(-B%g?Z#onBa=r`S_)h&!2WM|7HN^3!t16a0npksigwbBJMIzkVfodO<=U zuwPKKOMjNmbfhn(*=y0KbFap36f489>!Ut>UXPOgqIewMwVWd%?`gJ9+H?Zqc$m37t<+o{O8bzxF%^Od9@I7ob)$r5SR`MK1#V9E1fN76C!QWt4u-&Lj)L|2Zc*hYnI+rlqC5UR4FD;0wXQ z(n;3vibsPHWK1+t>U%fq_w|O-&EwtzP#3=gMi+LRlCrWs5EKBbl_q)`7;@6M7)-w4 zq7BfbHmpWK*Z~%sBjRKV5W28I#DC$z{rg~3BE1KQ9$yT`giKz8bkoSX3$qz8&(C&L z!IHe*>2_Sg`19wtVd%BVvOBsH$mI|)wx9v}4a9JTPmm#LlRa!l63s%B6W;@?pvJp* z8*bi&*XLU>387q<5z#KA9_+0u3R?A9*awJKY81Irq7l5BVn1SQtL4b6F%IJCgIGAkgep=(J=?}U#U?6v_3z#Yv_0Pk&!!@M2WYrt@0kNuIVmYA z=pVq+vJBiNII%$Cv(Gfd$Vw<=E)%PQ{@eZ5R)5#`z}fBJ!@RaroX5Y1Kr&?x3Tn>J z&xcUct`87&XvQ2vF}+z#LsJu_sgk5*FC><{)S#XB9W-UkQ)Vf8q8Sajgw$ZR3anJ> zfmw7fkwrn>$==DSrr=D)fr`~!hhrccfy+1}2$sjnArAj_pw{6*7r`h0n|i8aH{j&p zj`vL_amm4f(4w4Vs0-tJFR$t=SB^koWrrcjC`z~2JN2u9jzX=&KaP^!e@Ud0ZJqV@8R z5Ej0Qg@)DjlQ(bP0QOWJh-CwUePs~*TO1>g6cQ&3v``?|r@{m@grYl@KpI8|M!63T z552B0s=Z1oqz6g%RaB2a)XbO!YJdOw6s5p6uLn4TIG_00h$SCafw7SQ0v-H5QX}+s z(b=gxxICXf{|-$K_mqF6Uj={n_vI9e-><|0w*jWo8SsKiEPCF8+)bhbrZhnr!1dvU z7hY;8i=6CUklIlVEhxJ8BO-w%_;ySOjA(E)R?`WYlYT4-Q{iqbXL+4A48cGcr+RkdHhXo5@8OB`U3hn4z3ltV{m00ooQ-o1Eh z(0Din_CbNokt1)wE!Zh3iLuWk#1+g}z!caUy6zA3ex-QR!8LnCJ4im`^(k5H1y>5~ zul~~nM%Ip3ukN9tg24q^F^C-6V}V3ExAs2CN`W@WWnKEfUR^7@ZFwVsqe3!vGk(C6 zLhc_J#;y7|`%SqeFdg=2ynXvCx_b#X@7&2tUP4y}nlwgC-`CZ1G2ILC-`I zjz+%n8i|*MJq2YB-&uI6MPDZ|9m9UGc?^50-SPXdg;Q{n#Kp9@sw1fAuEduL8U8Q~ ziX2?STIS2-ZT=4n01mR9ow%47+AXZ?>@!PC$51-j+BRcr<2ABt>Zu^YVhX^(z%V1e zjy1&j27jDI=s+DUv^cO@XvqB8*a*-A1Hv026x_uy5$)3}?QAQCIXQCZmQrcv%tlVg z8Z*Uetg>xNQVMgo{E0YM(kUTn;+eZ5F4%UKs@CJonC2w6Q8%!oe-GF924300A-}`n zj`hDkDb;-U=)aOPy2|eiWR>Y;ZprXEYv$~|w|$a_UeelE)4qplgJTfBG9)=ds2}gy za~E!&t*wKPAAbhd`Xh;Isqpa4n48j%rFU1huYl6SxI<7A2D}>l{8zxnad3Ev`s9w| zu}z6Jkh>#r>tUb;l0TgP!Z3Vt*1!0v5P$|y&Oun6Hnuj%9n9$O5%GOZjPgx%t*!+< zM>Al?u;d^mTzcT3Ofp@IW9ElZy$qK|WT%^dVBqDwXHNM0D{;OCleM)qCN7SJS7i=u zyeC6L-Q~A$-zKR8U=-BH!AkmMWM(!27I#x8f#1zs+v5dDdZZ$ZkA{YZ!p8bd+)XI> zNm&$(z(VeALp$jcapA%rjE~UNORqAN0KfNcwMuniQIR&DGW0ui(#th;%KC`p4AeOQSD@V4k zKUCg1g*YUv=Ea(W`VFBUPR%4`PlWq7uom)wH*(@~a&z4AK1VzexI1VhmG(?bs6$Z* zpMCqnAiDy+nDQggJAmH?`mTqHHMzKNq%>h)g6gcid-qQ`T_8q0Hgm8;AcJHT-ckGx9p>GvuW+@fKyLz zuk8E=VB|0SV$21flVZ$Ww~WSt5wg!;zy3vhBbg^fVqJbAgph==5%2B;BL3)@^>B@% zkrfIbxKQ#43#WU3$Cf;F2>2_IWEBjLzR&M;GdXy$7iB;4g_ruV}1a^A+U`; z8Y0RA@Ujr%g3am94Zt(3EAzp3c^(mCxB!|`ej^ZY|vBX zA$~E&2l4E9-?(v+e1F4RyCg#6)75>IJdA}}gMpsj$_}?y5XkoM{A(M*q-$V+{)oAS z#W1|-0~*hsIr9};2Vqb6;$jn;c=3KG9#4Jx^a}z45HO$CFDWxQbZ8q5M(j<|%K^c` z>mXl>?ieC`|NUE7#nS{eE}k&?6#GRFK64svhMwNuRbga}_?Ou?Z#7?gZecPTC?}}q zHGqU^t5Qfd8S-ZXO=pk1KYT1XHBf zf|I!a++qQ@vQ)M=3UKH;M$0fPYl2;hkCxV7*X=*~t=wMG+s`AJS~Q=&_#c^V>bfQr z9eg%!S(?R93Xe8fae^TuLidcyA=h9%*O5`XxA_-vM_QZt3l>?OVyp>cJ~hc$U>L z0i+k7YG44V9sJI0~4*BDa;kx_xHIXXp-TTT@1=P=zh%rQ4u^a+Z9QYL^ zJv1~>VV{OMl)Q|L=yT3KM_*t0tGpi`oKKJ7XPoVMAiY{f6RJxy9LH()f~qp=--^O& zit_){pIY1f8E+lT+dwFt;Hp5jk2?d&8(uT2flQuA-JOp=jE$*)TBq}`wxI#y>>r@k z0qF^$3-e`o6=1BRaZM7lPYSu4nVR|p26MgNMX-|)#t8Y=IMLugqZmPX00uD3)q2je zx-|iR1oas1rCHimxQJ``x`}&|imQi6dO`#Hej7tm9Oav#u`w+b70LpV+Cb^f9^mBX zA5wJ!Q<-X)ylgRfs|sa#l|;Aq#F+N zKoA9p%PS~6dG@RU6Dky%2p4W{rMGW?ht7fugtq>R>8UI(Dk=&8*a_7Cs5%jQLOee`#LL2@0Z(*huM09~>_J?qC}9vSFkU`? z?p*k{mX|0$Fa>@h{sxs3{9l3o{`2eG5a9u4tAK<@#)49-GQ?)6S>%3VWBLDH2xz$2 zjVVo#)+#6<;9#ICK-p?%YirWmOAmRvEBhmKKCp!#*+vzSlb_F@+D961_w>NKtZi*j z4)R!^L~~|WA()Nd(E1XmaT$HTT?z^xt@eOA>;}=z#oO9n^j)ztvZW5rSbaoCfK;tx zTS4c^#ii)_^^>S6po{UW!Vp=zLl9ytQY?2>J{S7RTG@P24-!i{n8O^uJFj1O)O zOhv+XdwP2>Ad6^xF`f7X^|>mvO1I`QXo4a^_05~-&YVe3O@)hLGTvPZuPU(cRWdZJ z3lRJYKBuFonD+hY@uxC#{PP+psIy1L$Hv$>IJy(37xYzp5Y>Sb%nZ5!h0{!SIu?|i zbu~592fEUINzCcyW=Vbm(~TukvlPwF++5tNeUBfXX)izxg|X1|Q*tIK#XwG`;O^b?rl$1grO~qh z4+)enycLIIA;+;}L!)=nMt80tpD@sdDi;KcJx`ym#~)z*8aoOX_c3ShB}os!V;t}r z`d4x!F_+j6sBuWK;gPGYZ4kZ%Z%7mRUnnKficnJW#}!Qaam!4t{)im7Z<#o9an8ra ztU+bR3BXm05JK`nccJkDGo8Y0{l~S+${0CGb@g9hTz9=~nt1;wBe2gAciXPLVSm*0 zdSiHZ7Y-6Br}nqz&IriGq!rt>*c z(&-{*WPa^5)04rTn&Q{6Y8e_4+t=VHCic!Aqz>7p0~VFLjGrWw8MFKqR30#I*Qp&NwIxB54pa*yN-y0Fn%^D=q)s(kibrk zjFA0yL6(;G|Iu_E;8?fq+m^leOo)=5C@U)@Srv+qJxU5?WJgAkne0tugoHA(LS-dH zR*FcJN(2A%dB5ZDIKJ=rzIxw!p5O1juW_E|bza;D^^KDt>}&T5wYYKP{vHN&mU2%3 z>=3rHqrLq{!qJt6s|=g_8Jz&bH$V)o{VdDLnIUXYrW%`=xHwU}1m7Wg8XAAt6XLA) z`cm4AqEqO)BLKTm1Vc3e_j|AU`N1~>3QZK71@f^3;hFT^`y)CNg-h>gpCG#rAnwD~45n#e=L6s1 zKm#MivB$9nGDTRurOeW1!3nnzmXpf4V!hZfkJTD47p~(*0P}$kO4kMpK(epA^td^h z|C%^^-x*dBRn@Hjm_oJR9}*GFI|Ina@WBzlk)xa+`rcs4=y5>?LTA_F^Tl%0vkjmH zVJQddh9eqHNbI`~?X4AXAR|;s{$|V>|)@*dkoQ@yWJa9B}m41P6ud zIov9foI_v4&`K-fUA9kg6p#SZ<%@=d%M=-f;SL-emr+4Dw z&)$GP2iLGT8YWq~39H9YDLgyDgPvNHIhd~ypzB$KeLU4)%n=rPo* zK|6n^XJ0CeGaid-1~ddX64E!pkUE$$C|lZweQMFv&_HOZb03#|COCTsaPfCIr(Gci z*!S)Goo1>YTXeiwsuOYThSwe1GX~~$PQhz- z#~33OPMreu2yc)EzU}YXJ0E;{#IO4JtiE~h7PZdruCvPd!8yIJNe%BS#1$XFNdYe9 zsOa4P{U(YFND{JTv2a@4bf$}7X$dJN4hyzbxFEQAo`SU>}DPq|^99dpH%!Gl=#+<=>2np%FN! z^^+I|OFvhq9+Z71=y6!g;Vbfd*@Flt61U=t96D5iXInqdDu=9$ln(P;YQ}q)!E*sY zu+CCC#LuQZd&BtDsXDB*x-pvk9N3l$R&c}ZZ5BJrZHFYG4bk%z16XXva}K7LeybQvZ`vX2r_ zx~|>og{Tu3!utGqhW9FV9Z>||&u9qkoikcx?-_tiz{3aG0E3EJP#$Ac)YR$FV!!X! zQm4Jc*wny?PQc~@$Ll-lCzx)9)<;TPDB8thVZ_M{MW(Z*z*pchINekx7M+?(aH@Q= z_}>4kNGyinOl*-H$kDo7(IYV2>b(3dn3wvf|{uMohnn0KMlTxJhV4altNte<>+hS z`nDa(f#`d72M0UL+azAGR&Y=%n!h4f9LYx~apHmUtVer4ieg0H}a9A0Py?7iO^hvwf zc+d2WmEyPBKD-6MfcWG>X~Ua!(2ZSKya2|}A|lo85al8i8R=tR?;Oya))^9;oWcEj z60OX`F+g7~y&o&Ve00G%438ymyd7j&vGT! zTsC2g1!@%E~v3#9hjA_ zrl_U2_rZb{+hsf*Nb@Mp4}1%Jjtckp-|3xg;D~`Zsn9)h1Ek<_w7s3{P@C8Qb%fNgOU2zpZ=&V-B33L$%j?#UkRoB0NgxkyP!^1OdAC+%L zM0hU^bt;}GAy~kmAJH#G67iURHl;~V@vy86UQV_!Aj&SfWkT3ff`32-GZTzYO;i)a zBqh5lsL{3M%F&D-z%v1RakGTz3n+@ymDY48%~jiBY8Is&{xn5b4>}iuhnPbjyUt!u z!Y;elLEGQq{?zS?sfiiNS(MW;0g{@B{jsaw!s0hx5e!Wc;7sup2|~kG6M~BS6=2zhwIcDOooe-T;De)~sZx`1Le&MyFn1DvcMVwBawAS^_J~Rf1ZK#k=+KejV?I8m)w#3xg z7G-_j)hJ28@bnlvf^GYd#$XJV%K?1S*p6I-asx*Vpxh^wUz3T+$qot5E;znfwLSHN zyUk9W!mnOIsL##Zci=#$T&&=(D56=7Lc)T=(3|u*MMWP`92P!#xT1fed0f3lQbfc7 zFd)3-hkzGg%LSe?ygp4VEU3zPj`+Ak%8+D2kO08>d_D+`XNE~S40L&TVt6TzIe_;< zJ%B2#i1r^acANLa$!(t?g${j0g1P|8U9X=j7I(VC&b%ZPAFnRuJ>O^H`df8kaKGv- zTSgiM(bDmhN4{}(n#oagff#KDJzR{i;x;M~KZG>nG1bT>@}-OC5}E&xHcA2a$p$9Z zT&{DE9OFeUTCk3jz`cg0-I5~TIZ-qQb&^+XClLC>!eIJErZ zRhkUxXHb?0ePNnfzO~)|*6zwHi3|dPiY+> zUtsu0^Tb78T=^|K@n>|~ZN4Kop&xaL;o;~CS#Ua zl;T41ZA_}dsX|vD!0o~nUI}hu`EM=t_3S3mNhX-nYYuqADiGe&4MJNYMSOi`Y-Ovd$T^mIgw95S2{bz3vpVd4@A7_oRrt6_y+@$@K)kwPj-`@k2-d$%9b?i^NH)HjE!fnaz9o3zKhSzLIV3;8XC-L z`eH+rt9IAsqWDy-;BpHI=T*DGyNIn+Z12MzyY!88CTp2zsPL zDcCu;|>X$u#KQya(#qsBE@wc{f@P?NXJ?#UbF&N%de z=)M>eAO<6cnPEYqtR{k*f@C_atss|9Jido<-#)W%yJ;ysK@=&FH}x=hBbWp!OoYqX$H1a6UVf*%o6V#l%8C8zW|`} z_>W9+(*kH^FBrS5X0EvpX0kuWbr!su5J35@;n$gEiui(ym^Lu zl!l^jJ2PCbYN3hw{@q+{X2E2l3BEra5tbkLS;W1!ZH*_yg_Bi%D@C@Hwf$bYht&MF zPYN;NDw&bp-E~v=Wz-3(`v=jtV~Ihn^B_sfCoH32QRtQlCu#_i2A#)7$^&D*2JAOT zHbH@kSrgTF>)j0@(~a1~=R59@+LkbeUx&;}{XLo{o1arHL25U?+mp_UoV7W3l~dm@ zAac*ZCAYgfW@!n(H7Qa7osEQ2(lRh@&P_+B8w%aO{;8*e|r0v`5%qz z$_vDjELv2>6`BtzO^NsR<NucKI*p+tS>rq zS5R3wgZi$}J*gCjqYcvV+Q&k6?5w}9;;*1``c_=dWrNI>WY!y-A(R2Z&JpJIN&l|} zP^!~zq6)g4XpHhqpZlA%loW%M-<3nfW)#BXW2NY6o|o02n!0+Qmh}iWHXUawykz_c zI+@r(S6@%5E`xB1)@!$w+h|0fCrB&u5A?sc+dcg4_v_01W?fiE%XOy0InE{#sRO4ApgOu}jsH&)ud8W@-oHoxiWV6{Tm z@|VR8x?Kbid7cmgz_?NtP_A;0W0N3g2PFJ+a-T(bzFdCj^l4!a7ZSY#@0E1Ls$!i3 zMZNSvrJTZ|q8bk~$ac*_KS5vYE+TAdI9!`H3Y`?^oG5x>c`ZX3vD_c=6*573i+;o#%m3@P8m zz(A=FWs8kblFRYZ`k*1xXKay!mL}ODBy{TYA?NSP^8PuS@#{mouIXOFt7YG|Cea5;AYTD;w!E{o)&EvBF-}48_YrfX#jf@DLd=0(}#= zx5<@k)x380(x2ob(vQoCZ&c3+8yj$YYi8u`er4m7<3Q=~_(jNFS*q<_*|jSh=lA}* zN}o^qLhPAt{I@n|ofn$iWBYX;sfAasiv8{F7NTj7`I@g)*tsuet4}xigSgkI;+)zv zv0bRM#B=-LAye?UaGRmzzec35@v3TtL_UN{9A#}<@`)$LaFE9HhV}{2F95szGbdv7 zYLSQGYOFLVdIjYm7J!x3*DIi!p{Fv@SIQJvYUk}W=+de0wcEA+Br>DM#XicU3`7kw zi3^`4H2!_QK7p;R^jvB9&01fzhUg1q#QiXDx5pU z%J5KtK#co$@Tf_+)#fFna2@|rdAnvFkEB>F%^2&-U(lt6m?olAQiTaHz_jN|$I`SH zIv5L~6qGMugl4QSKb1?J$Sff-EXiab+QGup)eCr|jg8>PKgL{}m<}s8xW~-R4PN*y zj6wH++}OY04L4i*G4~=R@0lN`Q%HnLq6x?RRr{K*gjUW(UHv>@ z=iT%Bls-YSWo_zA)^&LFu&x=ploGAnx`c~VnxPwyNEGD_-3ttgSoX6MJk~+JlqGTF zOrc&rzEFndnz2(A+bo{yww(;7xs8oR?Ck6}r?VwjYC0)4Plm=Q+J^XLA8~nl;D zuh#a*$&n4+qe3+{g5DLx@h)J%FuB{Hn**lKhb!Udj95R*Cg+_$)YzPo&w)m`L;P# z1B2@&G3Ohu#PK7Kl+@c3YH=pj%7=@r%30=5n4d7hJicT!1Wz$BJm_?>rb*`xKOM~y z0M+({{j^~#+=+)K-`kPh8S^}*&E&-^ymwX)C?E88rY0tyrBX4oPN(!^O?v0o1Atp1 z&ft%O`VDOwHvw*`zJLRZ#WF+qAaf5@3Rw>u{LldWv9jy=3T-d-_)(FO-uWZZF+Rd# zVkHP2*t`LBqR@9pu1JQaYphdMe?UqYLHGA3wH>94lMNt=0ed&pKf!6*yVnUVCivcC z-bH7nF|Ij?6}4FA)dh3 zW_|j>==z^buHNTLtSwt#E)m3;?Cc6?_knq)CMA_)V*{ZV%0E@=dSskSKlbPKM)b-{ zP_=@2S^i;^X?F5k+;-OjwF=wV3m=)eTmw(fHMqCW^iMzu#6fMfqO2JclLGYo@QHE` zDlZ)y`GM(_o>OK&bCO37W84~^->AC`18lyN@X=RMF-Eq3xse|5Q0s>i+mh-iL}8%k zfd9%MRLaY5KqZ5A`uI`$7J$Qk^fdPa>PD|J7(XSfGwFNmrAae@31{C2F;6TBh9pqo ztpfH0q(e?dR)7~%ScnS9(aDKWcWp!;3WkzSj&{;`}dF7_rxQgKu|l@ z`mXq-z?d=3_$drS1JVMJOIV>>Q3J^r<5Mi$kfSiT$7R3c_l4s!XL6^PRotFUwS4iv zuk7-BTU(?dVEh4vP*W2o^Z!~f@8$Lxi{D8rU8~}h$-J``Ihsy!`ZKv-6{}%4V2vfH z4P0IKeVniIAuf>#7Z}mn-1B9HZ9*o)1HvQllt-@|xw;sC|Nj1_eompitREj$zcx;a z`y}F+b~%jZjHn^ALk69QQ@nqd_}HyD^W!OP<5w^S4fl<>=;+3|=>4H#VH^_X zL~kGYK&O^+_9F4E&hK>pLLdnMc8iBP>r0TalhjHNWzDpl{x7G`C?^j;v#I_gS7qeP z$-${votDt2v!gd|VX%}!`g-7x5~oh_ICJUMbTZbY%trqcQsTBJKSVu}rDeM!lRUMmIGdZ-**kMBcVphWrDhQ2VcQwL!VwX?xfdd-J@sO( z+cXWSFUQC~ceQ=mf=K6_xc8LzTP);L4<_v6K=Qaer`G9WFKcRZeA3eS-b&q1?R2!+ z7OynWvw;e{Ls@+!#7w9067;k_po6gUuMvlhlAd?hc`c|CcQ(7#tbN8Eq@HaGU6g!K zS{hO{2*d}L>DqT3J*%(AzKDhN_MX-tQ?p<^5NmHn<3M2iwd|>Ew>f`pbjDi zXevH|RD;lr3xXYHW?AQf9CVuvzWv`0kUzD)gb%aYxcm?zbYDMbqQ1_m)|{RTAM2L# zDW}@BXsQfUiZAD8B#@B~1pcLcjx8V<%pV#ahDpl+A~J3ZHdbQ~lpp3S2;2PZO*p;J zadY)?+yv&d0t@%J%X&Av9bA1$K9F{G#$PbtH;+jPR9JaiiLI{llMzPrwM=S!ezf0) zJX<4PGU=Ss$k>p|zn36{~t{&Sn8?(Ln^28S|ht(mMb&T)3bbA=H{34*srNvpUV7I}vBYO2xyN}l_0MJ;YJcTOc zD`Fq&xXiB-(?l&|o{zo$cQtKXQ*-TDQs$jJEMJZhePQ13V|`QSF#8YLiJ;Ov)|xl6 z_uCg{k0#N+pqrppWK1KQ)ygt!j!D`V-4XGLSxtpLj7_fh9=n?(*@;mGFKVaTq7Nck z?lHQN+|@W-G`0>sSk~K5CkjU#QmuXhSybQOwbfWV1swrwe175Vqa*(H-d`%9`aFi( zKh*MsMDu>vkRA-a&6jv6{Y>eu?91Ab|3cbP0l!xMPAi>TQX+;dhi8QpD86rBSxLzz zb_zumAJAn;rdDHBgmxCpBpxJia*|%-lsJ3LGr(@1ZCGHFF|e zo(t*#jJM=tw}Ft*_Mf*cs+%)mo~I)Q>#JG>qk+H+xT~Y|hpJ*6l_nY*$eT|=?8?sm z6KwVc?|Tmx8FC6{jTcd5E0juX5^7uD>A*w(z%~Hr-Fg=I7kewLf$4#f_!_js^Nj86 z&s$wl_hgCFs5T%xca8L@+Ws}7_aUCjeKJ#&rVpeK7$25PahQGQ_qF16UmrFnLc5DaSzC+wcUo`kD_rw*tN4MmjB;-R zg*NmlI42rJeak;Se)wR+RZL|`y>I>z&9$f2&CMiE#2<)g7^P{%&&%`?X-b3X1-bV; z5u_aokFY@OK?OyB{r5s@o2uZ;RqjtD&K>4LxisTRW}8QS7yI51wy&jri)ND^3XYGD zUxPL!zn5T5gmMd5tLJWbl*~VD{-%H7>)O?QI?b0&5;u6h9MHfUC#$-fmfRzK0ipy47YOp zz9-pdA-goy>NLIbG5Y7zSaH6N5x#BQxSnVn%a-pBXHmY+~ zPhywJYx6R=dQ+Tgo_sHCTckeU`oUOAk*>KZNB6>Pc*hc3pzf2sN-h#olTDjY#pg$jUb@1f(A5!*E0_}`dlSXsX|6SV-``49Pv z2(>Q5>z(5vtNM~(6vy;8GH`w<4QCHc2au+ExK%)`*=p+Km^8HK6KUBtl&cV4EFsxI zC^?Rn3f57=!opZp*Hcse?_WR^3uv8=NjiHC$W&;wK6ruejfY;0&fUQR6*>4mS=Gu|1kaF13>u! z>zy1MS51nE!Y|k51WsRwtI={f;qAmDYw;)+ z1+RdAgjvV}R!@zg-9YxltQ)Ak#$V(S12yF%BW6+7*ed)Dd!B9Ha#m-Q$7F=9v6`z@ zYHFlo%}v|E%8H7>`M5(f1_C((Z@X3nJ?OpaN=kO=9Ds)SXOh(i`B}Tv*w@P*^tT|8 zYxz?DF3AMT2? zA`YOSe|NFzOS;=bV|^Oa|)B_;wUF-n*r^$hx_*gax0kL1$1^irg% zBKAZyag2B7_lM8Dg95K_chL?ay~lV>A&NC%Ik%#tU4f5v2-ZA$ln@Ch7)&6ZDh9it z!n^sshoCaPBjUC0YQEfMmlDR(XI_wW7;3}lqrhfb6%}(GhGm|kin_4b0Z!;U{9(CX zuXcRqSkk^=con2N56PE|idJXOT(Z6AS=st(u>NY-rP*NZ1$TMQe3X2WM)yEl6O0-? z1LgL+tnj%TJ3X#E{BmA$!-nhdZSZLg3n^!3Y9a_X5@eQHxPMAur}NcMA2j#Y&l@{H ziL7;FX!n3nQe_gB^d7sFuHeCK&1-+vUyN=@cka^C7qKSxCwkCz&5w)00>*pula=aA8?AfM6*RJh%&fU@W z%jy7!6FbuHHP)@-`8rTJ5MI&RvlO>HCN4k zGr!Kt&OYb#9on|G?|7uGi73w9N%YzU6OLaMmnQr$zO8jn#@K0IZAVT) zpY%fFu#1rX?aR$#`HO}^?&O!uFAWt?8L=@j4Z;Sa&^OhMf_zgq#fh}|Z!HkZMjt?y!bqV>`j9pd# z!j?}R^0c$l7PXQK>t-=ItD#Hu)RX8sWqyX02dAES6ws<|y`5hVu6blto#OCjbQEs! z_>uOHm?QH#{@U)0*7>U4%~u$?tc{J=@ra+FRd(%OZW?F2HE4-T!uMW7=q5|0b21tb z4MD1MNq$EOrLL^}qpdHr-L{|>-JLmdQT-S}-+KwgD)p>YA?wpA21b+J9Zd2Q>b>S- z%}`EUdyoCs6?MjI>GCe2XWEfglC5j?2ZeHUH&(`3HV&()3EY|cc}*Ggndc9Pt@ce; z<^}v>Fp-gFt|ZqzzFcrbUM21>os+kC;Y^f_elSz)t>XiH12M6&v{46*>h}?f!C3SM(57O5<4`g z1kc)Y);>4ezm!{4+1U6866cUJXU<*LhFrepxGaz2?{^O7Y%&fh4t%NsoEC4N1^UM* zz8Ue=ctLg;rGrr(LEn%ma$u5&rK;JhT?V3gF?FEgsDhJ z$B)R+X_;3kJqMFbF!t*fWxdtg8pNaR9sW5};)=D$n|BwVmIzbiCpc;4y(n~Sd(kW? z-@#@7mG@F{O6_4TeZ7u|TjZVBpXHECyN@~fcGG9~WQu!5w|^Qs-yAIY??WraHVNnP z@kOCihRh#@8+5u3GkrB=s15xk1061=KnE-h{OZ2C@ia%kgva^HqEPUqLr$-F#|{~r znGq<*nukyB90`n3ETyqavh6h~dbhZY@~8h{B{o$&+hS^H+(l2{6%$=BCGTZDE@I)v z$Hqq9vi@!p!jl=Jf8fH+-x&R(kqM8CJnoU_K4^cSyI%Dk&@M;$?hM|=ks#2+%S{dzy2AEk<~~ukZxsuGBKU(B==R4&?wv;Z?`ow&L(##B!UxkuKCEAe%yX=%Hb&KSiERr2=N zt>h2BG8HoZJR@;ECe4qak3SlMtn*%vwsvbI$URBni@m_ip+^jcnO;)CRhQ>=S|?GX z1F{$mEHn!UP|i?wbnomrbW4j{=EEBtmsK+ujm2~GI=&lk#jfq+d&;9!nt?3EZcM{0 zz>tjdZ{Es#K4lC*zQ?nkeKWoN^N?<>Q{7?Q7&(lm5$Vo$47FPkd_P^Q3~~?9&<5T*VOf)+*zjNS{b=>TKMpkFJxTRY?sftKfw0z73-OflI#MP zU(X(SCZCJfO|hh}cKy@gGFiR5A(5OP5!r;!sl>A|j<_7+zRs?$eZxJjHL~3&R}s-r zkOwSRJjOOXGh^eU-BWu1Vxw~c_fijj{oVD|rRDd_OOBYUL#cvN)I3F7>V9M``Q|Uw z+-p`3prM>Gw)F*|lohmn{ohr+rCb^%v1tGUAfSK1fZ78>o46}K5Jgi2@OMF!zQ;@n zlsUL$8buJ|+xR@Tu~ZFwJUsr`SqPPTAUa~hySL^eCXGJS-Vohar2{)&GUXNA2Cdui zmoU(F10vwX^l>re&0ewio)4h9Ef~BY+Hw6R)rr{MiF=1It z;in$sj<_9|UF!>WWwy zlA?Cm(AFfg!~)Vg-7Nh4^k>T2zVXoD)bRe)Bu;g<`gePx;_M-QDI?3c(~13 z>&nOIjtNL#OrAc?^P9|iZ!G6Wt4c~r{8yhuT1_eeYsa2*fg_TnQSNEAqfqc&vtyF% zM{Hrj_!zC|X{XkqBG2DsTYyY_hnCZ)Rd$1E6(!!45{ty*x1^hNhUr%6~}(g%|lXBcj!$azH_|gT7e06 z;^O9GIy%_9omdhaRR%>Z6v+^M`r33qbg(G-0sT5wEq32h7f+6lm&UM8x^!p;7uFO` z!=40^IFmveTH0`rLG``yTI5~JKkS~d1spf8vA^|?wT;4<>G!dlk3HV8Ck|phnM{*Rb&x`fEc^ep08lb7G%af0ONzOLSsEwcr};^raZ=*rh$YHN zKGng?CF~jYS3(zQq-2n(-(S$*)3?`5G=VCuj+>b|^!`ke3F38_r=Gn%VbVR$F4*UY zxVQ_%@DLJE${6{u#8u=6E<)$XvV^V%+XszIHSfo_#IeV=<9)7&h7t&060QCO=Feph;&)qn-Q^24!9L_wFkzwm z2hsOo*5?_N&}gQ(@+JDfDrG~ZdnxGeJN5&X$}q+7)G0{t*P*aXIT*AZ(0h1SjOjP* zM&5ub4vJ55HMiWtFPMFR`lBuqyvPm!pT$A%TBWkhYsXv>@riCFIPU2YH+bb7MMr_gTb5BXg1GG?;2zK-;F)F1y9`0g@>!*UeM8snWkv{kSb#0(a2;+i0}@oX z*=8X3ePRD7)-_7*Uu74UyOYge=|+Iw`ZWDvra+lDOt)Ch8u!MnhK7ItOg~p^KuPuF z%x~?ZPoJjv3H^4FXVK}m_Sa8HB>kkd+YB?~l%H1c88B*fOf8F9J;AL4%7;cYP5;SF z2&^sCq)NOJDFuO)hHUKYq5fa&C`GF7VtAwbcz}Hf&>q5owSFlup?8;Brsmf{-NMjz z6*f3;KlmT$40~W(z$`DvfSkR!=#kf%Pdi=u%qKi)! zQXm+O<2&**djCUnc-%||Od=d&o>H?Kt55rn)2pE^J&M8skTYRwsGHy49XfXmDoE|$ z9}^X|IQc|QODxF*^ZP)!bXZP~FYZ2;=Fey7RxjZO*4J~%8_LR^^*cfKPEK&DK^#(6 zQhIXg!D%pZ(~mC+IKGrd87h=$xr}m7qv$yhvPb9`fIeer1jWMhPg;d$(9~t+82na) zlmJS;EJ!EtBO_A{-50tOw4Pm+-4oB`2n7x(A7lNgE3Z|+{nOCXBW(S`7y;5ncsH%w zX~6~btOU{mW0A0t-D{9m1&{|V4CW8O1;eI+Z+P`1zU@pa@rvw%QYN$TA>k&@VFKTe zF)9ovJVPUlG69SSAVmmOZ~|xUKeVj-38ye2A3w<*%*6>B4LlbL za&i%2VFS1zAYS3AxSm{dmG?`kS>U9m#tjDgPBEt|N zJbg6b-f?b;$ZM=6C@B6prh0%~tBb|UPHNsJCrq+#!;uKHIHJPBgeh0S*HEZHzI#GX z@2JP;iMsu~9QcI@OQ6)RE6uAzEvyDk=zHRk%{Fu)FcL^-91$RKnCAc(7iLh6uD4ys z+lIqx6auM@o$aqXg4~c0k7JBFf6e?ugOGOlOK`rn1u)?_e{D7bs`^^6382woBzz43 zPY(9XyAh_~-5x#>g|6k+-YkLy09qEp`vCR~aA{KfCob#rXKLF0Ovx&Z4`HTGkg0C0 zLck4W2>;(xYy=b^@+t^F!`}#Ib&C2a@eQySevnfaGNyrf1`7`lVSRN<$|&w5Zuf;? z8%&HM58GjQ3m7O$nKu~RgMu52tq(!{j}x9YH-e;J>rPucibEVZUyD;$WSH6L_v15o zXTpRPz6GjyNeKzUtGsxp-PTSr{@eq_HlSr`85z8+tk|3U7bu_{)T&sDpsd`C6abDJ zQ^Zy^_Efz8UN0s|coEl2ib+ZB{A$@z!Cl3x1{p1nN(we!P~qcM{#+|3?vcSl+jh(ffN{?Sab#b?mI6Dej5rPEIoVd z`o6NCc*+00~k6L2Jq z(h_ijnHfZVz-y=&gQpZhv7u{qnPk~pyn9~>T0Qvme%3T0S)OE8xzmMy9ya8A&gllkJChc7YUhM~xQ+C8rX{F?y6-;y)SYqtK15qhVW z>E5W}Y>1A(GTnH>GVl$Ekst6#fon4%K(!%pYdpSy*G0fa5KAbk7(Kv1!Gz%lL|$Qx z*1l8T=5F{+IGE`po@5hC?2)jj5#G1&bJ6{aLzWolOK)64__z)wNYJmQXGrvnR?t@PROQ zh)O??lhl!`|1fgm{2et_+xBqCc=DBT)Q|-Ua*R!~ii;2yrM<~SNP!iDOfY!{?05dc zSwOH8)z3qTX@Z*@ko}Ufvb(A`9V`$Ut?FFa`h7trA{CfzE=jEHe)m4%IGUB5Bl@Mt z$FPaxUeo-x=SKgvovmL`9$#!+DniVFki`cJ@3cE91p;6$6+%xmeDOfNHYNp$6Z;h0 z#{~ELDQ6*a_IxpUwiUK0+z{YdAO1auH-kFhZbHIkoVTvdPL~Q}73djotk=v|5Q_)` zBZ9jG;h=?vf=}zdJBYozXhi2x_?X-)(9B6fElt3m2|NMV)v+=2vKGj2@FF2*k-N#` zeC*tNSw-YeOvpk9%_MCn@BRnR>lt(!xD$>nhabgXWpv?6lKDJk`y1(2!X!WZ?SLLhTxM`OyQhi(IOCNN zHk)F+*u7u&xq$oo+LhakKHt%H-%#@W0Ki&ymIEMZL zF<7e_rH7zM$oA{mTMRp9&aAgB>b2JBUp$`uoF|Kf?p%U7g!r|J3Yk zLbZpe{R4>u`ohC#=;7~&!S6ucTj1&qI#6Dq`vkZ2C4{#fEeqY z2lHxbyfDH-c+mW6tedcGW#Cox#9c>`>Rf@=;VC3zFzttNR%=Z;ES8o^&#SjE!a_~} z7Dj}!@!-KaK#BOacx5nNJXdX}4WBe*k?Yr$c)N~PV z$d4Dm6wVno9(^!puYlwL&7J?tgKw|mPzwo>+-};&n2$}&FxnVG#8>W(yxc0p_SmF=ise{$uetGFeVp>{HlCe0! zD8NWZ{$`4lPDVlkrp>)O+0N8noSInvfpQL6jlW&f+1vO$(c(utc`eM1AwWRAa~@15 zhX29ELlnZ#$Y^9@LhvVo#o(lf{*lEWU#_0kx&cKXj&eqN`eBH_AkiPYj39Fl8Ucvq zU2u%#uZ-4|qcK+d*0To>Rr>+l^V0s4h2W&SSg@O0?Tdy4{A{&dCt5RfApq@YPA`A} z$M56GhP%@rPEz!@Od5Z3`9A_g3UeiAuH zoZ{L)q2!aJTj)NNaUt;4$^RNzS~jA+LqOGx=9-`^?-T9*PH0aiA!E7F6&o^@ju?Oo zZS^eRI=mY^JUr0jam&15CmPUKN)j{MOf@t>CDH`d5sHWjw7EDXfXz;yIRl8(4{bFd zi{dP{5qL6okTNKH4xczgh~s?8co0(mjpJLooj662+t}!bS{rcxla-o2{5b-=yyswi zi4%_q%dh06C0^&feA?i)rUIchLj`gMmWP-hyD`^6r7*}7NSikD3;+jV_6YtOxGz=T zAHp&cpB^^=Y6F}X>>xUF{aZmyx5?K4dy7#(6=)aKkal4Wj3!xnG-RuwEGaSZJ0@ER zHO|#83viDe0fS!>>?N$5A#({J0L1U=wL8x@Uz0f^AJ2SUCXZl!`XX`fA=eRSAVWB5 zwk0{8SnL9ep~3le8;PM^U_uG5TaX7v(sH59M_%&AcZJ4Y3XU4U-}OsZR^0zAUJ5xA=`_P4$A+JV8$AcYQH(n`*K@LT#sr6~!XO;$Y`H#wjKP7V> zud*$(Iq!&M9e9y6<;im=EVtiSwa!+6YWdBJZ1zRRLj~j6KKG744wL+o!|BXVaQWzdX?D4Vd6?XT5X1 z-OhTt^wZr-!OAe121xh))9WC_xEXG#){k`pik)J)U-Uif$XThr=-nnBXI674(w1~6 zW*c9(9y``o<9wi?`&;Js2#10!*NTuh&u0fGOOGvNQ_&Xn7*8yY&F*i=W$;~9mr9a^)W_9wY)oQD)8&9+6ZcZtN+OYN*x zIvi3p(cB^~oziJ9=rx^6mA&Po!*t6oEiS-jC?Yt8x_~_0#>sNf_S>I}{T;JJ+yf*; z*K0Z1G?W5#`C}8hDJOpE1>dYSI&rQ%yM{q#p_n=UFjSQO0}L#c-GYm1*|x1~IE9V4q(74?!28c3e$_GMKF(fT2-RGbkH%pat`Ef+opeYwQHW{1B0)7P>?l%I z+@IwYp>TLZ>Cr^_0V$=yTfL-B^mn(7H14Mn@o?nT63y3FA2F;Pc%Bj6rTxY1_x>HHIyCA&M=B+c&f%CeVbGD)}x6=pvWj`ufDEF=A za_=AdtUe1?pN_--fOYfO{Cd?4$#QCHhS{!woYU6KO;p5D&! zBI#8x7SFe)zUNo-*hC{OH^*N0fu!4$t04*p1oEuzS{eDUc`_a6xGNzbrgk;blH!Ci zW3$mg065LflVeTjVZ|s?mE~J^b}23;WWTyI_`$j=p_Y4&cH8)2Q0e8H>VJ}|-@Mqm zdti(A+!Yc9D=YQk)i95YNOR)(uRGEMY@(_gPBr%AlM9-sZ4*V3d27ifhF0iL)}2Dmj1Md?~9xx`FXBmUUsBM0P_x7$W7H8sK)XfBBhjn(e%?+?upHgWq`Z!;bu z8(F&h#FU9oRfp5{(h9R1Nm9F`Ua1>6WYn7X7T36mC96}FKdLom%uP?{9wpm4N`CVm z`G{bVIMI+G=NpS}C&nY_VqS>r2st^|Ep0d`Epd8qc)Zg6&>6;J>6}hSO-)fG(#y#% z*Qs+sGGbaN*Ykw>cwx+~459nmoa^OxhSCJNYS~0}<@X6+Xwc~_ATJ4YOiQ+UE0$;> z$#D1BrEFR{x(L#nD1lLvDi>8)_ZA-+<0$J(G1oCEi+w%L;=p{t!Rz^$5w`pe66w#ZPVYM^kV-FhJCp0(KJ%9!f=vF>|S#RmCGM|A9B z3mP|c6>L`ozcBIb`SX0t!c|Yq(Uq>`+tBTSAS>aF^rI7!Tb?B=(J#2|rV_52xW-YW zFl#0bOufsSI%d*laY}y*f>Z+emoaE419!gXum`E+xL9*Bc!ym2m4pso!ncq1UO}Rs zH6OOaE2rI|dt#r`ucrhlkE2jB_Vc9U$F! zQlK^d$$!)$Cj9uh8nNnsnhYwS?yKQkxodhzJ#Davhb!V-yKdsb6?1Xs`~RdP(<~l%zd0_G`AEe#p9eucvscb#5lvhgkP{BAF8f!p4{LNZgtB7_9ef z)1#w#RbpN5&ZSetNaetnKTwhzE4(+Wha^SiCuvChPrl!C(=(}e{pj?d8cuSZ2QcJ(CB=4hnJ5;H4*!j z&wJ$TBr7=+<2<--6}-0kv+!`mlI(}G%=l3SJ-rOW-iQ`CSy^;@Z$NdRa)wo#3i@@_ z+^FC{69S(1003)Z!W{Jr9V2S~3htR8qBNo-Tb^ecX@dQnJW?AW!Jkd#bMjQ~m@+T6 z?(=?TR9V0sap!hMV$eK;;t7h_N9CNW+BN4+n*F9a7$4H@+eqgTBl9`*Y;lP>OYc!4 z=PUjD^WFs%oR>VvNTV1hD(6%CHpNAzRsG%T3!%|ohZ40_&+ngh@YxU(;P@3~_*>`H zspR3c(# zmqWRBy=0B;k3WXnB+5o_9nRj+=t&?~N0zGhSL ziAG%!A?X=X&z*~&AGPq9w29i7IqR{b(3cnQzB1OLXkebXPwJogMNU$^UVhcq+lu1k z^`XaQSDwWv&Yta}JKZPSsbbt^uXV~Nyk4ZO(^|&3Sk#dDMUOg_?WQ>A((lsXbn$|L zo*<&eiq|#%-iR3D4ad#Co%?-}C|uwgcRF*3@dPy{w0G^0FprRT*>{GQJH`GNPlPF5{4b7f##LI7vpV)VXxu7=R_VQ)90uvsd&c|Irb(b`X|3N8mgT!bT z3-R2c)py=ytKTYFt{Wz@R)}?;96y+v{CH)X?bLI>$T2TP+r;D~YKPjj*nJ!9^7l#; z7`E--@Yc^=lHTD->kG>~6S~Gp4Q@5QyX3Dkb z|Fr-^k{AAuruUAg`hWk&jqDM!$==%`*<@v96SDU#De9N?|c4w-EObq^n5}Z1 zkQ943=#52hY&+OAjJVz~(|m03qGh5}$$rA#o|!5`EtYY4R8}lR3!9EMX=t|Jh($ID zdFvfpiD?o6Zd1Iw)>cc~okMP->sRBQnT}tMtF%`*h81s=8R=&Yw8@%^4t<@=X?^^= zFrUT~ZzVtt`=8gYj5~gk20ahwv*+SO`&6JCX&)ON8Z!waRn))RIFQUB7;B^yUt1|k?Y+R&}w(2yFUtS+A0@+B@MTI}+(UPrMG zVFc&5R-o*O87Q(~)Wg8wZbtp-&9Jm%z6C-n&~GI5g&Linv>?TUaz16_Y;(Q|8Wx-6 z3ii5vEM;cI%BO_eKGQqa=XxtV>>>lEG#2=kZEoUrMkKbTLNi;n^!gZx8AkZ8)xAjJpKXEx>|-lnvyZ*W*CVZ zcdd&#S^37tI>SdTH5*ahjxSWnvdy$PZaDP>q16JpWhLS1UMIh+~a z4Q{01^JZwDaBLS#dQ_f zMW+iS_|gW{73w`K{qU^EaNu#HcyHluQroXAbL^Uj zYWe*-8XXU6>Ql@J5eK zULTcCnOg*CzC>qv6gQj95DdQA!09%e`{i33$Cp-=xKtH$Z$`gY-R5Y##%(b=OINK` zDkxHiv@|R3u0F3QwR)}St&D$-(ef<=$0Ks~%$8PTJu|Zlq+@l*1Vm)&`XAV$tM>OD zu?BN;$IniwFzBr-FEg~Wgpe5=AzHs;tIQk}92yk9at9BbR%%>MXmvc*?4ZRX=dJC| zY9Z1wSIjV!LVneeaYr)O3-43y34eZ}ff=Bu$*&@#^ET#pZhNCPc5QS8okn%j3rap( zuIo~jBt*1tV~$eBxec9{#n;6tESjaeBPIex>6flIgsMHU@H!`mFI9U}Ez852qJuT) z!@c}l)G?QB(GjWU#_WRB94DxlGk<}Rle)rw^D#0k#JZtC!fb&T8}3E%S^Hk}*xn%&lZ zA+ToC9dMWY%y!z$QaZ+U9YaqcdhITKU1&}0fO=Zhy?;(9Iue=6AnZY-C4lV|B*Ij@T87&;mXq+H;kx!f|!-$udeF(@CQd^ zcPA-o66fW^gkb4QynC5;+(r#UE zwbNF9X=&jwhs-trzz#jh&ho4gSSbZ#D28w{D5mtTcDo2W&c&maXA;}-HGLKIvfo? zF3*CLc+UMakN6b!i(G?;1bbE28nfj>qAUj&>uauz6dCO1suSwP3vjBUw|Hg+AFt5( z4;j%X-l;L175e&+eq3%MtQ#xI2L^TE(g+`*AflwS(|Is6-zPI+IAztVNw!k@^6Ncx z9mfs3ig36ci&uRP!eex&Ix#+8qg&boPR0VU+zV=9?(r~9kU3nME}h5P#cU+OK-bK0jm-yO8v7vC;0ad30l zk1t*AH6FTONA4%BrwIxJ#J`p)%@-po1I#N$bpy;uDWv_#q9wk~xlo3>a_#6$nWRR$ z@$U<@9bfLhO6&L7gSSTISwBmqy5QTQFw&MpvX@G(S&6==63fYV|B2(XzZRnD04XPOhD8F<08X`q*q|o1@7qwF{H#diq8r1zDnKT1* zAK-VeiU28~Nbze>M1hNYwgE_>Kf-JXKp{$fon`AWel^^$uWodXQk^(0@w8C4(%zHP zQz8C#y3X(PL_kJSRN5ftr!3b>DBY0g?~Hm{W8=P9r_>dhg7tF7A%Y8@3H1ckw&hVo z`qv~6+Xq?SdbExUY-}24DylKwY5p@jkvY7*lQ>I(qWR+Mw4#z<)`0blZ(_?U-gbB9a(S}BB;_s)ii2`kO(VX-) z!g@-1ug!Aa!^{olZ~>5-f(NhlxiNm-et^ReF8>;j|$C z4)PhZ(bTJ@r0+Z*@fJ7OWE0eJQfZ4Z_FESb(=#GZF7}MDW?pEVI=+1i|K9_OTz@m= zZT?4Uh^q37e2z0VZ-ZZse|Oi3Be!L8uaqL_o{YO}N{7-r<4+v_J=n&eWRZAFTTS>E zTl%&b!JtT__S1-7zk)vt0hk>ML;T$j#zqG-wMjTA>VcOF{5%*5L1KBIIUu)SS^)-E z5TgV9(jmY^rbjqoSPU3 z+ZDs!wv{6;%A1*H+(tBI$#28(#eYT6y&Fkw!BqN>elzR$a2xi=Ii5zb`kIPil~j_V z4D5J9vq%c{8{saN3x*P2nL1oWM$yT}v`MRX)zwGq^ee#`2*zGt7t$Tg!1xH%+uTtGG0ny<|e#7nkOP%@co$K$rNl19_^g|L+=(qAX7)iEx!CwaFCF2JZ59maj)5?uk-zL9B3k)AN-5@Az}MAj?|5r21?o3}W3<8Tf3 z1Wn(7?!82hkeqAk3=j8-kh%FMCy4ZuQC$&wA#OUGqwpTjTYb&AMO#VMl6o)iqUSF` z0BLRt=q~&n;HJ?wd81-&O2wU7b>r)EC8RrzVqSOFM)b_6)vm^jZKa=i&o_*BzODO2 zk2cbXm_G$O2-JUf&gH3iKWFLds`ZgZReb}P3d|t~cTWER$N@AA=o%nI0|ZK-ww^VI z{1-H#8Tf9HFBioJaaJ%Q#_?da0G!6Xc&f8yFeZc5Q90A|7?;+m(thKI_Dl^Y$%3%0 z|J$+h@{5Pba!NPYWuAYRGBcf^z2Qd_*cC)Fp%pwJtwqzt^o6tSnQFY1t&)6C1w|c! z-sL1>y@#p!uU_~{g^}E4`IyFYtBX7L#kq;Jo(?AZ8LZhVuh!HEEO zT_%^RUVhR2s#UOKOsiuGU&7ydIj!Rst{p9=z`GeXAuMA$r+U*rF!R4Uh=X`tNGcSo zq{dE$j2;+-0X+dU^>jD6KHYw+P4~5gGFVvZdy=_+W%1$Lhu!L_)M1J+fE9fLo? zms`NHMh~#t8d+}&tBH9QM`mDWMyeB6&$m4T22?vtP0<#-Kb*xiS#DZuatxBTV{*v034H1+~ z4PSqBOnmNa4L7UIEY+cop!&6Ki+#!0@A|CTrn^&A;ReZxi8tFAMGq>8ymFIHNrAu@ zp`zn3Z=U>SvP#5Vk$cG6r>OssEI{IRqjgo2cU!`wEh4q6biUz=^Y2FXg27iZ>38wk znl84n=}e_}BHus8JiA$v5bZ-2Y92u`CZgvZ9S8YhXfEad$udAIi%z<89RuGag}*zx zz?lO+6mWnZt%Ao7fT(pIMg>e9ePbU)+eRe~P{KMz8BH%byxy_jH|bPy(45HAp0+Dv z9^<8uPF?wfIm0gGcl-BKOmlIy*f!=pjNIjU!QenD7Q-7D7P$6l4!G2}oPjfh`l@D^ zt{yL}PX3-Fm#}k#>b{BL3@OW4#1G}>WqWUnLKcmW zEIuk=s|&fd1<`d~qK!&`hLb$zXO{F{(5|y?h3)S+N6~TiLTE$UjL@hQtYcQBQcRPG zYNfUlhXxzqOiw*S*zS;4KU3Fu3`82#_vFBE@%!@56~kV9Yh9=F-pjXm`*cuJhi^k) z3lZ1#dk=6miMDeaV3`Rv$Ozq=L7X!1`c0RlPnLHnH&MG#`$tN|2^#!KHfP$5b2vBD zrdO0M7`dL0YVj8G#S54Gf^p@}GQ2~>L!g%Fwbc&I>DARR-KU4FRg|Vv?mJKRO73U> z!r`9O?zpTU=#$LorZG{-5UlxBbDAnd&G`_=2pfF){p&ViA^U9yN7DcfirQG77V`4{(yE3i6!+Mi zzde~8epGgNGfChwFHkZ5n#9Z+{aCTiGP~mk(jv|h^=Key=l z=1|1^TdZXoPpSN`@zxesoaX<2b-jy`lCvT)S)FFS>KQlQ0KN!S9a_V})5@-u-gxCG=JKhUe9Dy>G&u}?IK zg6DuieR>Gul>sYRHIZyO_P=e(szQae9IfTV`1mep2TTx&`-26Fd7whhqexFi{E0A^ zn@)}hQgx~viAA0@9jyBO3-R{pXiZ<0BwoY}@r((7w}DUmwo!nDk1A!ngTJ^`)-WRY!N zvBMHi&=m$Z0Y6GoWt&PQT-f5J(6pnCg?U z!<0ladiI7Wc4#Ra&F-oN<>=OB+c>>-jmXO$?9CZ8P<_?bib)?4Nm=`={n57ZW=KE5 zi_QJX3ytLY{VfAixKKlSKOpBmTYr(3njRJ3RYCx7`Lapm84I71k&S`+*B^@3n7mKo&hnfU#= z5aek%b+O{&t0;BB^61j@EW)nx`lhMP16uys-;T8JwIw$BOTWf{S+6rx<;{39wT}n{zO~ZM#cIN&a{PgUa?nHp}rwzl%h~G|JxZxFCMFMT%i@ z_I<`cXkH5FCY^mrY-@bYwUtyc&}&4wW39qTS9k9NmZWW6t`S$DS`kdk!*UmeN7T+9 zt)t>?^&c9pctyB~N*sz#xvYnZPSK8u)wHw@xR6mwB^Y01(tP_{g<`$FjC{8cEq`}Y z)s2&nyUZz$o{T2;D~FwhpNQ{xLHeMI#))+a!|I1?U93|;Whdh}V|Et7YcbvCb)!lD z+1AUP7CLpry&F`;|1v~=hiWf-UXx~?e9&;8lCv?z zxT<+|h-`xC^}$^lQ%efgPusjh6BNOQD)WJ5M%iF3K&O=&}Uo#tJ8Rb;$kHi!Rj^m25 zGAu&Ai4}bdDjM<=_vQEPcJ~*p{HZL7Sf~~CRPI1M7@?>{#A)ypsfeYa{$~2(?dyOr zU+1Y`p9&+oe>~hu3n`JEmh!DB_1!9YIxQe6^7bX6#T9zb$T9_)W> z;@D5ZsQ(s%3ONT($RKY=jCK2y`)m!UzALQJ^z|eXbwgW|<3}$!m%D_8crH?2oPd`5%sW!H> z-~P$o7xK6hGl{5+ax+t261N!h=gT~rc73YKaGbz?e$kvX3Y6O`$P(bGhQ#y`pzW)x zLFl0@2(VyW1%N@^p!X%HEk1UjV?98RAVHvb16@6!>n~vGLaq;x<^fx1eBQ+eOf()I zv_1;>Ti~U_jsglLSQxaRjlChtQbgq7f6k1ciFpoQ110CG`5?Z7&tUr@M0Y{--srn` z=y(z^K+J9;!H#t<4efw@Dk$djfemd-3&d%(O%#lBp^Jom6PRNM10v1VTAFNDIP9fX&>lD{VwbO3DP0uRv-9M_5qB0_z`uxem~21ECl6Vx6P5 z2YO+kn)3R)2|5!qD=VS5?Z61{T760c(GuX@1PL5fNxVnDcrTL%zktT(I{Y$_7DD9+ z^3eZ4H2~arw7UgWAvr5N5wJsB`JdO;|Ids>#|DGSP#@nT#s=abp$&Y|)&?F}3`|T` zmX>IJI0W^8Xf~BGf{_{eIBy28oa`5pM%^6!;sB#~81I*IHCo z8j!osfVK}x3ba)raMIy9!^|8oRcNxC>gq7C07Vn--bb|L{7*%Q&dGq5Op`{n{|kg6 z7C}%3m=M#`n}cW2{~RfDkVqbcYcGJ8@DC}{aW*odw1IF#Av+lmuXw)vT!RD>a$H4a zWw8$T>z}igc!C{31cqS47+mo|ks_UKAnihQDw?u>7r@|lc*HQ#*QdieM5_<(-TMq! z9w?MXA= zA)}3xi_7i-JR^9^{o&V{WKa9Buj`#%!^5-o>c;_1A}nfPZG!;z9MZCH!*+ph9~+BX zP5G=7ytvoXS(WMO>Cw({;7dKDT3|B`%1&?(EQQoU1!#MXm@}OVoIr*JRCv&0V-Xq; z`1J=kO_zN4c?J2XmC$X%&hr9JIgN$a9S@Iv;Q4}t2K~$Ko0wp20v>?==L5(BM$EL| zA#SS|n6Qh7bg_qk!h@-*HSY=7AvIa|TD^K{R9jn%)_g#h1OU2wONt)>>NV76vE_-C%wCE91j`Od!Oe0d&y~s(c zWG(#G^lG!LG25#X?`x~sCe7+oIM4R`8d~PYl#<@{bX{AV9$N!!;&JnEJ!e#^)cysC zk&c{=&m&?i*Y^pW+{OiYx{CW_amEo2w_E>3JJeX0V8~9V_63~Z&^V(btDaYb1a%K+NaDc1Mz0M7 z;s}DUcR-hFht>pZ{}&pL|NpoE+KiAz4d$KUm#5xp8gTx>5q%1NH>o|>G{N2B9}HdA z`>nL|JkE&IF~i}|@|Hws^HRa?hJ~0VZE{o9whQl@M?iV@6+*SJMhX;cASJ-ft>CGK zQxQI(U@+Cw6M?S+@(Owm{TRL)5)xXGRSe`51Qi5HZLaA=!@y_79%0mzb* z+t4%ZyjCV7Sw+P22g7KuH&6ucUosgvxi@$PK=zzHTs14`j4$A=i!&&B&w1WmX(9yB z7Q&hCg3yv@3T@g#D`JBV|J$C<_3j1!I$D29r4E{Rm@k-{ub}-i;ZE&)h#=B^+d$5)wkl2Emj$L*B_%z;3I~HpBI+LAX;W4+FG)s#D*1VMI^ms&G?Ozj%ECzi z$F~AVAV4k*R$qs}#Q*#E>gtO*8#`Jy02-&CpcM@Tw>fd#f*O!^1by^;sh`hN4F{!g z=jv0y@zJ&qpek2d=HliyOc7Bm{Q16-rsFvd^12Znc;vu!T%Cr##QvvU0`tV2H_ARf zZML*v!>~{fD!KzjHU?VwlYkfiWj^^43=`l31{$K^W(^ig=mFffY`BnqC#KJhJXHq4 zm;1+G1~?z6t4l@F10*=U;(DwGL$zDA%~50(#PLnXPn+%odJv2ZWL zgMewy<(~BwT+G2dH{iiR?E)bY=(7(kp$Ek_%q7@T{K4xG%mDK>e1@zxnJFoenVAOq z`rc6SRMphjMM6Rq+MjxWNH_$nr$Ofs>pe+WtFicMlu1lL;2EfpO@`DPKp1&-T&rLS zBI{#*KWA|B-$6%&fH{Im02Dr8I>$|N0VflD&~FU(BD(Sbs;1%XCePiO)KvZuI*aA_ zm~4kf8w33O?JF-V4t+G3vG336w3**$hgIHgs>|9$d9T>BXM{yrR7}gJ%A9=g^yqwSH`LIx66arG zpUapSYJ(0xXzOfL?9~12rSn)r-u++a*=#i5U)H%4IKRVvl@V88v@?e5fa!)u8TH0^ zSxZ+9bMx#)@}01!CJuXKFK8|D1`C`7HLH}v9MfZCvYN?Ale`NWlBXIaiL~I8DUqc#@kdUDLSwZO!;uJqWKk(Tr z)^UbK3@S$O3^rD;;B6%%P{F)mv($rvBLnRZasR$d@f6scz(E3`^8sf^n?Th!DT#&b z$&*p`G|=1QR&V=BL&5+h>{?i{@a4e&q^zNVP$xH{7a+ga!0<0G2QYYZd%ILN2my5} zRH*Pjj$vHm!4bcOLQ8bF07g;xOw3fiOq zgu!q#fHfjo$s<AQLi9WCuC+L&HS>I}edFpq!}6(Vl-!G9zqJ>Z_)j}Jb;hDJtypwfVNXV_={aLvH=f{x;ZRJ+Jj78#~Mw4R*xXVmLX zi{~I;hmqp>*%|s+hu?xmw+qPj2J$(wGBcT=tb>gQ8aCLR^N^Yjl43BygWUteGB625 z*Y6JtoWjEXfpG<-oxm@})|dq0D>_VNQ5@3;7J=uA_-FvU>*w%8a;?Lln%V(t3DBuB zlD-9_#SoC;LqVc=1{yRN^PXN@pi?*F&!DzRpNBHb6#o~D|Iu|hoKrTJuz=1$&?|E5 z41z$*+~8-x;h_}j0IwZt9-AfbWI$UdLElmOWS939H>bGx!j7M2t$g4?Sz8SFM_9p$ zckmicCHSSF*QtT|0<;=1G$8)pTolY@Ac>XO4vlw~`~O zz*vbX{jPWf80do^L!G!lGR8M!Af~qPiu)doGrB=Yjno(5r z38+0VK8r%4^=LHs==J{q93%$w%>Gx|LVOxMeE|UMu+6}q7E);c!Ul-hbAgfxxEjEB z0&O=qDEeu7#e6gOd}CZ7hMf0gJu|X6h(48MrH8?QU#t^3G|L^XV^moPUOQ&i}lVjf<-W zSdrY^cokou&;@Nb+CTt8B*FdNvaiiQ-gTZGn>Mx;#;0($zWws07ygT-5lZ%Q-~5_a z@Jj`l$;i$6Z*>dFvT)gbfsBgPGv##8wSTjk0c ziji>!Hlj+8ZJlIclmG5op5mKC+fMV77{5}DX6HOM@vlgvkfU)gCX75M4Rx(VWL3!n zkve&OqZ4b)-NU0wL6@FmFA+OXt!nXYJK_7D1*Xghi?WT);CWvGyq||2!se#@Wc(LZ zj#JH#+xs5jRgvf&=>J4ncl00dn~{%jzRz?%eYZjPx+wBJNBW@r*zaac@fLddOQnGb zsvMu%jN)4xM4l!wp^Rd#M5C!HK6kDRTJ@+YMQMWLqILHN3b-^BkCa|T^nyj$XV4z5 zwQK;l1YUz36pwHsf^HR5xg;{Q6FvHaBCsZH-R^@M1oSZ9!P7Dh2U-QVF3~*_#JxZZ zXk}o4)fmQ;0Zj}X9x$wV0*Q+Y<{%BWPm`mD_X3@c9~7iuPYOF1lleAx5PfrgF;h;;i>>_k@H=tjj-~{InAv#hNw%vK`R+B@7$Y*DQlkXpCoVK7Wg!^F| z4w2Zq(`b8MG=c&4N+48)wz&&Zq>m|g?_oe&9$h~S*2Fg1WE?y4AlZd22&Y^{1=~`j zdV-&HF`NPDq!|!YdY}D={vl8SOBYW;fl0zF&)9Nj7$m|V&L*cn2Lo?~t4m)--h!HC z=+)tPXMr*T&Nuia7GTrW_WSPEO(S`611(l;>l#-pXnfM&!1^te50!ps@%WVmY*Vz? zH-~3E(o~^egufcz2OJ*I^1XoG=(f1H;u+fGV@l>H+^%H?yTJYd*rc(k3C9Bv3n(oc zdwat}L;r&HU+N3LxWPlT-Ut3DFp}Yc-u~n@2><8dlYf%h?6&Ya;UU7&(go)r)Rcgj zeBFuxaikn*SV`l)LjCmsB#D-4&V%~k`47rb{^r+hU=ODVPFR<{mz%;6U``9>L7@4C zp9TN(=`{#3zXEYRJpuxkcHxKx|A@PU(EJ6#;RG%a=+PeB@%2qj!yV}27`RJQBE+M@ zif3?AKrE&(B;MUHZ7C*ni`>hv$!~H-pm#d|QY= z7hwb6v~6I$yqlVO_`cyiY%W{FEG}Z(Q z!GAlt;aI+C-)5*5qVHP)lHv@Q3YawM0%`=`=MuaC@@veXr~nypaq)LAN$_EZjcT86 z-!eZx4?*awDzAYr0k6O&Vc+V-gGlIs9H0D$$C5`Gx}#!fjb|al~miVv#V(Rt)?)l3_cRGI?CpT z++&xoCHI-klIA$R5oA77y;PY#Qnq$l>HmWw;371M>G?y?jEr$C=sFYW&^_e%vCH2_#04Lbj`wY+&mLjA%sA}6MQq!7Cer2zBWx3M zA8u9F-Wp@2`+&p^(GAvICbUoa>z*0>_FK@HNc+Kfyb0yFp$a@q0HP{ut)&=Kp)LeH zFWP(t?$u#I2CIJYcVKXPiWv^cf}nM--0yQW(d1Q7=xu2cVSH+M1dR*YRi;!fnEDG` z&I6L&Pzpj>imv6>&V%Ysp+W!pBO89kxCcnI0iA+`*|vwDrO9YQni?A~zzDyLm@x_~ z!VU4MF%VgM@AvL|clcfC(*s1xd%L@UJwX9P_&}t}quPsyuR~Rz6tRjnvuH#%G&cjf zCH>h27gq%KB{&T5R;wk`_M7&7Q7w0XZVzbys~aj8o61)3b^-`Mzr?;8+0fL4j$#Ga z%>}6dqGc%M$}m1zyLP=?O`#RVGHKh`*a-P|wk=7Evjm$>;osr)xE@0fZ3)LywMa;{Z>b=ZkXV0a4$cqLCg&m40h{{68!~+P6 zcA&#YCK$MZlp6Rhn)QIYLMB{7&>?u1uvTLcu|31W@;U^X>L)N;M0=l$N88#$A?76u z!Kiv_YPd&FweWd`DYv1*B5JJYQvwXr=1Sko%gfGg9Uxg4erUV@pU?MWOZaPWBF`4? z?(JP&ZYzB8etQ#mCD?C=%!z1(WWCp;4fvq8=HpA`E1+P%U1F+g6N{N{0h4#l`t$Si z4?u2(b3(lBmBn+2IiQ`A=>}I-RNK4JQB&|dgKiY%Jk8{{+tnp4h#9d4ctZ3xI3U`< zg*s^jo`L9mO5SRyiVtMj>#_LlEBOGkgb!HFe}gB1b_E4$qXB`U6+sCgzlu8;lYjR< zEAAQmiO#)m`Isti4{m!GH|%&bbk+6y1HcL3*`n@ohtH4~GAt5AZ+QLQnZJv6<}Qa* zPEqg)Uy*A86tjA_pSZW;ZCu@8Wk4|}c>g7D zu?EJ%;-dVoNii@8wAi$sX%`t;732Cv0Cr zf^pwGhbIGPoVbxEdUN4B_xXE}&JJaN1v=K*iMFSnB`dTMTVlR*V-0M-)0|Jvv}Y?vS_HDASvb)K$%hz+oz%X${vA>*9GKkhFR7skWVe|XC6U~ zyY^7>GLic=IKIAo{kkYc!mCsjZuq=)KzhG5|KLG^bp%{0fWJ~ud^=;wWJ+v7p^i(h zE^FuhURFmx&nMAC;Yw{3-nw&=Sx``ro?eDrX>%khiWbahe(+M~|4=^g6vKN!8`a|4 z#fBu;n7$d83p6t*BwLj5IKO&H>a9YLaF-hH0UN4J1Glw-nB=>GPzS`_SOl9ya0|QV zI8{!9;?sVHhw0nD;as zP9g$HY%DBA7C;feGNa0tY!A#{=n0{`pWp1cPD<1=;PIHsAcmNWlT*KZR<>pXU#Fu+ z-w|dTd0%13CA^ zOADJhl1h!|wg*wnzMu3RdE!(?sUt8gDUipzgzlx!P+z~*VT@uqji(w2jQsd^uu0(L z5*@8E5~zP1zPYSXesA%^hi=(N{mSe8$q+{cerW*Ti$=!u%s?M9GsAMjRC@qq!(O@r zaR0-t`ds}_wC!4LY1q@-FoK#P=_i!0HiFX$)%dBm;As>%C-(if0TuMDZ@c#V5J~JY zAr?I*N^Os&49UmKd#49tEaHC?Q#^nE98&Q_LclslF4H+nU@-j8_m6mQi{|@WXh)z; zF7Nvp_D80koPWGs(f(#O@t}RdmMV?qH3cHjh0{I}!Ube6cEJh)sc*5KCT?TTndH4t z*YvPL^y&4faar-7lg5&o#>F_aJf8{JpiKKKQRZ3Im7QL~xOERv372jj&%z9s!f z9_9;?KHOj5{1)ONH&3z~Y>s`jw_ZTVBkX~q^DOV&{7Ed}_0gt`bc;oI=*9NbJLvT;=n|+32=^i4-nH4_@$lv{1OhfvjC$XV_g6N z1_u`x!qb%*w!Vd6r16j3qQO1WC+(Q#sfOEtm#;~U_>U%!cH`Q+03-P&I~SL_omWFE zn>`1q>v+U)kv-kSg`rOcHyPc=s`R{X1NKDjw_V((gVu^P%na(NB~0Z$7_O~qou1vy zB99H;C+*%q8UQW=xjGd}ywHwu%gM>XKs6GNsn1weyd7^?aRtdP8_4u`Wz7q)FL4Qp z0UT#gwt9u=0&d@LqXV;~jZtzkc`8YxY1o1|p@27oao`(PrxOze78mQb=9-Jt2B`o0 z8BEnwmZSMr)bhjWe%v$_nl8SZsWdMRcGFV+`=-@K&`n|L`uHF=)S%&rBVka}FULJp z`3+V$#N>fZRcsQmiq(YHcM3J@p@K2Ddd2;mm;s~Eldl@)SkU3HVunJhyOG?Y>Rlot zBIRN}I|X&tb(IxxE^_=yx-k2!LXK~A?Y~RiPzP|_%)B=!;)UsIU@!+qAng?7TEF;6 z#W5oYHNGj@Mqa3KU}d%N!^e4a4F}E%_+I5%JxNP1^!-ME?ugSgXwJUVB1~E z7((T1M9^u?UCUv7+@IY%?)e-=5Hez+P~Z+0F7RmKTm%3g-VHcwVmCmq>k4r#1`yL& z+tzjz%kWT7^8`!~0qu(5W_%PVt{r&wdrfG|hzdf%_AFU7cRL7Eac??iUEXfNBF^i2A z069lT)jM&$0p6cUQvixC^hweJaaGq=qskdP`E>2)4b&CJTs#H~ekva3l?=)nGCoL( z@x0dfK6UVyA2%~*RL6UfSn@&H;&Ym>A7}!~Hk;(l@+*v}aYpbBMHyIIT4L#Ku`x85 zk|LA&Vi!vcm&v}1ucbsWW-2PM8j}90&z)S&Cw852D&=`+VrI0+LtXaWtzEg%uqSWv zTQCQoB`NYTWT~#dpATWxt(fa76;=|Hi({!7jvs1pwo|X-T>dp6 zFqCK`P0;FG+tU*U)6Bac=jkddm10Rs*`|h8Xq=lyGMD2#a6X{#^2hup~ z+ui*=6pm{f7%do)K7!3N5~D~a!b)+*lHg-T(z{?n3bbCQ~wq$1C(LTvqbfX0{m1Xof_PUb>RpY0|Q`~E`aaTIaK55Sa_&{ zek<_lZV!YiCUUfF9M5g~M508uWBx2d{n8f6ev{q~7c+N4C+=cR1)yDe zI>xrf*Xl44#ac6+`Ov%qaS7SMLUVa1hb5e~QwpX&N0g7qJ(!*&V9$fAmW018RWJch zhJJNv9(yIO{wS1N!-AG35lSX19e~n1-s~{8#=f$Xjc$)NF%J88<~&+q7v%ZP#y0MR zUXyonzz{u$hvx-@9C%(1YuS$9Vy;aDDU&2<~a)&nVgg0g80x2FiHlmY`KIa<(Da2Q|X;o;R* zSHFQ07>sG583I0DmV2l6G-Hn6jpm^X1cgk%Oe_vP<3Tyy@lxFwzo^7JQ4}g%R2Glv zp4%Hb6+YccyHbm;U$rRNxm*FQO_qzro!~|3zq$EEIp!vPR))WsnqC`(6ve zT)(Z$NM4)XB$Pneo$A;%sB2(gyaT13|AUuDRVzHL{bxmic-T?(+jgZNNt~c)2J1i| zyKti02mnj*XaUJeBoJ_NmAsUL2^fG9=P+%7LlcUKCx90~Wd_v^)Ha=41@5aG`v6I| zsL(R}7`=I0U8?AXeV229`5XRBahSgSglJOe`oK}{Tk#*0qkcN%B1<{#&0W@vc+8`R zlXH1H6$;}wt!VK?hPSA+=OL4-3MDE&3KnQ+m;o{gf}xLv;}<9y@Nsu{|8;Z(7V6h{ zxh-52ho`g)nOp9!m>H~{goujIe&xBT#;f=q}h*Pd? z8mC^9lM{M3{zr6U{pat%B*voejs-P8cMZ|Z9`}00*f`g`I7}08fm;H7%MEiiQ)Ojr z4>oMM3fk&A)=1TlZG_|oqzjpcuV9P^N)2HD1Z2Jv;~j1`kA~h5!}{Z}kAUIUJ7wnS&RPE<*j^*Z6KjqsY z@1Gp^PV_$j_UyNNlO9!gW3~xyV`819bUp&pGX}&c5y7j{Lg#}IcIA;D_h#mMC4R^{;Q&?PEKytFa>K zXO!%D9TJSu(1|FdGH*{PB~bY_;1v3(!*!ku+V5MpPJkNiGz%hbr|nlHz^ zI0HSs7kTW5VQ;8aGn14a}kTJ9nc8Cv7jHV02_I%X2hI=82yI39n zC+NFoT~H+ljgUpW^C1790in+2^bt9h=`}A#SiivQgV`K7C6bbmG(CHU#u=l=z(yKF z1Dq^jvIh+f+&`;Rn35QKKr8@rg1(0Z)n-jbuBII9UW9SI;iILB$j3IV33q*~NP^KNv`p{;7eHw+ z9ESI8GeEv)9)rJ<^Tx7RMh`n{P8sX;|$HuLPbGILh;d^$Y+;eJ1sVxosDG69i zjvN+NOyiAJm5DFfm%==!JtM!+tN#&wa6~K^6ze+y6ZIy|jBd+p=hGLi3GEFx5B`1} zq$cSRn3*q0%f4S?!b#3&`A;dQ{K|YRhrZMz(vDqGqkK^^!o6eT4)wwC0Lt7+w(Yh_ z$~iu))AYW9&;AmXWP>6Njg8Ked54o?)2qDZ7$+wuFqb(y{h9`@gDDoHF?(}3rVr|5 zBq}2mqjnj9-oSiydN)vrmvvnaypLM z!4bJqeH!9X4c;(>HjR58Nd-dT4jl#zkEX2~466WOJuy^!b!am0|ZjdnYRiQbnl zXz%pDaGe}@*%68(5ZSFJOJ-t7k);*fX%9~%vPG-trV~}acAFyhco`C=iMBm>;bxt= zM**)aI@_jEJ=6F&Y=iezRIVN2T<;`hgOdFp&%LyS_XetOXiH#zgJutjd;p{YU_^io zm|-LYzaGFZetvh*X+>oH6BwkZL1>Td$fd-s+~ho^y7K=vgXv$(R}Is=#b#@3XnTNs z15?lY_X9wEj*fedx7b4nm$nW0@N_Nd|w)nk7;uNLBeV4mpaVcEsXpVsu% z4aezwP4MNTu3CGfhbDpXbB@f=x!+GTmvBvx{VB#D%w;ZeZC~6@^A&wfefsXHaqpK* z=d#W0$IO~HXBxUQ`Xdbn946L@m0kXC;X6m}S<3(;E|i~FLM|?O#qOELCU19mitRFS zd4WnVg+QR-pt*iY4&OZ$tyjtaCjae6{=SXMt+uXbeDoW4=TNlh%1o5FU zx-d8N`WULLJP1t9H;^*f+(@yMuD&ynqv4c?)RC5m8I}~#rY$+cl2*6luoaZ;1yZdJ zx(5lWp9sBwbH0)iKbCLaclMf%DRc?&QXjoO9LZq6%U2D|6}0Q{c%JGql0kwhK@8&6 z54c!aG5;&8(c`UgU1#fo5{a$&xQKoy8DZ_z8P~gl(S!sqV2;UMU~~YltnNQfA|8Y9 zKh&w!4!oWW5riMsv3H(Kir)i>7uX;`k`8R3Or*?uG9IdUJt>C=1*0~Kw)?iN zV5?Em)z8Y8^tX)4ttwGS+2EXqb;z!-sWL3V?Kb^S0Sy1}{ynRP39EThQRKas@q0Uf zr2@BjEfhckAY7HJ@R22W2YsZ`4vpr`O~k)#h1QJ{a!8=?o_M_8pr55LnHLkdK~0S- z(+M{r47}ce!w#pnRP#mC{(wh!|E(JaHH?VPD}nN6PfNsa5)))qQjTeBWaOKq{x zzV62=9WcPR1QIq_Db(phpRHmxK6_c1b}3#1hNu&P0KcnxU1Q?|7(4@4<^Q7Iy@#nZ>w$3B zaxEu&=vl;*l%MS(cjB)MFvmMWJU;X+y}BVhC@{Q}Y8Ml`P+Z4omf||L=KPWPfwDL4~JRJT`sW=2@f`=Gv%!M zy#o(vOMy?sS>Kjg*=6@v+KEJ4mgP@MVSbVZB`P>Gqq$0891VCpFv#D+L{ItmI7^`n zYDgr^ReAEdV|@P+VENJSZ=;#)Ew)icgjjON1zhf{0Y0+L1?@=>-eV9C_E7#@Ud6H*G@I)Sb7xs?qg^GMzQPAn>l){4 zRb3cvP!1fX6PcI6+z?Pm;OqSEkSx|2HOMbf7#vVGF`+gR5D*am{8f-ky8d3{(!e+I zPXt8TOq|@@^Rl_wQ9vC6cFs~^f{)_J&L)P@6D}zcen{&WhhiGr3LLx17H8mig&5zG zT_Pjp+xhgdYd>+N2XMbZZWSf0%Rk=|nfy~&s!3k*&sD{~`@!w1(K$L&+_76KEB((kR;({pw?u@Ob8n3o(8G`w#c$1$f-6-2Iag$;5kC8;cT3CUt^7 zY8a%Hsro-pG$0(VK!^2pi%WT|Xd+HOK|D>oz1L-jht_xtOiBgvRdtpb|2_f8P4Y~J zl@%^d(!^ts@9-L{cEK-+L% zluc^RJ5p=ex0}c;{DUnA=ptQVX29jp@f2AB2fOZYyijZ^-HjWA8y>qgKVrLcz2oP7 zt9)9~1W=*{DGU~f*%P`XdU<=US)%<}&x(vkmP=NJP5Ad6)YXDVCaU+-5(bIm>DH&Q zN-nqNj4f7$fTC0E!u`C}J0s!CJi&wG4^CJTm(r3qj;t4{yUJ}_L+=DhcT?!A>ntOk z-4Zlo=d=&SQaxlR4z6+0H4E`lg@)a%#R(&_anzSI0{$US66yVqY&oa^>7Bxn@cSiq ze8t-x63nvG_Vau0VHe<8*%xJdj@fB<$39H1Xs6g*<{zat%e8rQXtHt3*zZ~5omjg% z^2J|c&$Zmw)yr9*_~!G*<-7{5qvu04@USj+Gj^pMd6R)&n=q z%4dudj265mf`3)*wpmIzR)@}um+My>0Z%2>{NRy?hro|ByS3P1Dh^yP^pHcYCSv1 z&#;z*;)UP}3;vr`IB30t(D4G4qDH7o$mvm!Es^rYoqj7yjBO&w>+?X?xNClAA1s@V zPz$L$OkC^!qrkwxyLL_e2EC*g%amBXvVO2HSw!alN7GpbMAd~`m~N2nF6ov=q`P70 z8oEQIL0YeoA2H`Kl~#MGv}PW_Z!c87pNGrxX4j7qrr=T(6yvNKYGdjugW`3E+h^+ba3YU4Sa93+bximZnpAX7;KbtTOp1^1 z1*YO;@M~V6^fLiD@wkcl%kf2@RS)DqU&)DxUIgB_%Y8}$PSREsuzflYmP^i zMQA~F2l@PfA7DZNk=ksce3X4{R8toS?eGeo@{BYu`6Vh4x`065Fl^TATO}X|Kt%6I zDsO7K4cZY}OI(@2#Ag>kTFTWR`U7kh%O8Bs;~?z~2y~vf^uZ=|fReaqqjH+{qBL^L zw^omr3B@|`*GB;QrutScW@ltXJvvtQC|CFQzp@XT@3NgH2M-1aocT!UcVX$*xWK9K z*?SdJya7ikPi%|EI_6NRk`h4;N4ca7xBzc^-rUq{>Kf!lf;M5MU>f6;$a?36z6QP0 z>D^8xB%SdluO@6u$i=YGO+SYMJC_YFQ3Q^3#~4B+KCelJki?x1dm7JJ|IVl`qx4F5 zdW`eA_;DNZgUrCyDSLLk(Fi*yek;@LPsu#Ho41oA*ruNt>L<)B1x1CE=6cb-!;m?R zu2booCmwPNKE!dClpecL`%K9K2jQHMRJtBL<)*v<1H1~(x(HMM_IIH248q?%5aI{! zMUr%TpG^n=A;l$V_774XfpPG{-ltjI(9kO>;N}RBfG0Bmz;=NH0St-v0}$rO(-sL* z3}8X>#3%~7+NPSfne2;`z}2JfS3Wh|CczCzPR7mY0a@qclhYo7WS!!r$;CU572Nz> zDaRuKZbVH}f#w-li4t79p2C#iVFl&yC(|oDL^Xpk+;FugAqdYh4WROf^iAMn7;jF# zeIuc!ei?j!13LC^0gPnC<*w`vz;y}0YXdD63u?Kpg$3=Yy0$X#nG@Y|Vj^vgM#a=j z(0pssWC1^=1yDrbg6RA1?mbHgpa`DE0%$sc@6=?1$rAdd6ZT|1@MHzP>}`f_FVw?C&4bPhqro1dTW-1eqm7X;>_N@>jNJ>st|eaWb)gTWP%J|@@}WMw@9 z-0?f+C*1&;|1J;@@^L`nYO}(?(0_*oMsL5o!otsBz{ZoK6)<~b18T?&^ZCX6lvMEb z`-i~)RR01~>URKU*F+JGaI8o{@oW9+be8dMNvQnYe+didg`{hPJO}V?5-(u?=ga1P z!cvMI5zY?baXRu61${yXO9O(kbU;-hynCV63L5B5Ea(rwS6%RC3^dU}Qf@C8fR2s* z0W8C>eEiqqb5``H#&pf_$_lk*$wy&0Lkx@x*A zzcZe)wnhkLoAAAIz$)V0T-JFSz^a|`CwZW~jin9P($Y_Cr&Xt6&O*T2c8CC+=?}LV^A8^Vbm)gPU?qr@hh{b17I_R%ny#jnDXgwduf%D%CrcPLbHO5X-+fiS1cYVX0M-MG2v{Bfn*Zv2 zn<6+?60Bc0bc`rfsrMt<0nvp*9zFF$^5UQ9%w>6g02q$;6OJXfa3M__1i$;s+Y0CV4taD zYAWHh!ZCIN5J3)*FM*CBAVz_SpqN+>;4lEJ0Mxdj?O2*4KgEL(H%s_f+1bHRBCsGc z0W<^bI!@h%0eGDbgCPSa!m$)^J>~?S>^PpZBa)AQXTkLVT2o-~pa4jC@Gp>RCL{n% zD5SJ*XmAj0`_HIEWxGn>0y8#?>}6m!2An(lfQcOdvH`wmXKM?znp_4=79eysqR~3g z6((Z`)p6{4h}H;CJgB%lr3vZ2w?~!wV8a6_FxdA1P7VB7>cL_Lq!_q*8Mq8A@QN6980C;9Afo z0=^hLeb<1p0&r7>l0fEpgOd3zWKjT2J$kB`Je`v)EcQSm0Ft69ARO^LPy`}UkWPa* z-(r9{>jeA-)U_w`XPuBeie4%J614B3vx zTpAp8#ZnfG;cUqKsicBm2>0iecsqj};zerlWH9?Q;_69V6cq&sryvmSgOCf9B!H$9 z9DaZk1eL%d);tOst~!uK_@DuG#UX$XK;yv;^rt}p3XX0$gWq-OPvj;rroX*D1A5*E zU@3CG)?8Xu_2l;fJ}7uE@Q$zifNTL+^;D;Wsal@^*HM=K1ki!$?ftUgYocP2!d16{ zy%R_kur?Bsl0Jg6IZPXT8el~{U{0QHM_ZCoR&B-D*pI87J{&(;|fS#z&6BP6VuQIZ9=0Ao zZ1H8m-~r(0+W@2mODGr^%dwV&hZ4NVQh|ZZlWnbCr;pQ-fEqtN{XQstsHv-Sv9UdM zgTX4?4J-#N{ZqsM+CiM0oIE@{pl1K%E(XYEMkg;XdPLMaeMbz<<<-?$u(yDc=EK7S zNRFGTv7ZJ!0{-~vU=zWsKU9R*7Ihd!+Ia*uUtkv%_5uw&{i7dDX@>wC^b)9Vllx0< zTVkbnNS^fOK&}ivF6h((X*Z@_nhv0wK-l3^TU$$ogPNB!bj0m_9c(L4q&l!KOD~W9kyX%%yTG3-wF|;5ARyw$VxXf7 z<$60gKK}QUE}cw67~SaHVjOji=$N5H59J_d9&Xh=y}tZaeB;nQ9Y=!M$_AAUER+)6-}g1c#@ zh#{7*j?3H+@*iOB{Sj=}3rNHe>micd-(_&LQ$S$%L?D4)2;yrhL1$9-4nSu=#m-=D zJAdEz>;e@ZKKnV^a$T^bU0u0u85%mqfRw7S5fv4p$`8(_Bra7T~81;tL?&(AfJ7`nmvYy#eZR zU_1eMfKm!lm^L^d0gcXaeYC`Ikn&a)XGzDIUX?$@I}l6KCG&c9O1IZPk6T7;B7NFk zCnJ+PSD^peNHtNuZm^}JNsS${&`OfI3g22y5j^P)le>ArDc^BzVt|LG_TKAVr*;5J z)2(3&JX2EhD>+B=ZITsxB@vP)c#02`W9tZyup;bLKL0!wg6rj6LX=#s)rr(;0IW3h zcA&@Wr`nE|ew3guZ$)X8N`N(M=O%6UcF=JKQ&8QMP?-BO3pS?7sM2i9q)rH5cx3HQ zj)h#uy}T{B;KW!9PsndlCogzjDUfn31e-W~`h!8Qe+a?k<)=Gg@haUiQ8>rTPV;olOHnP-t-m$hu^hX=^o<3He> z_QVo{DmFNoK|2D(BfxlS1e|OX6cnI0Jr5l0*^v!jH2*i~VG9&Zt!-_A1tj1&!Ks%o z>`_uxWe-9;ka#JGw5CXK{NPi24Zs8N$UpVc!TSJNB;cb#h`v=^keiD+a-bF{oN9G! zkuJ97b1W4K_)idq0wV|x5D)tEk(g0fd}jqx%PfT@cu)tEd3=TTNY^ zIFOZsxX}WgViOLH5fFCYo)~LTL<7>LMeq?p01W)rK+p)nKLB?+0Q=A;u^9X!@gXfB zc>yhdaWI1fl<>io1H*BjtiXYzCkQY?B+S8?E^JwW;y_f5>)egVY{~wF(DeWl0I)ec z1;s=};6m#Gt2E%`_Y|Z90ieL#bh5vg67zIc>DtVa@<#P zGBQJB;{b5{f$Iov)7-7lvHkG$#m*TfrM9EcA`~Zo8If@C2=Qe4dx1^lk{EPS@8h{yLJ$z?;YAkXu`6=hLel|6?Sey zV_n4JQj~Lluu-wN&B>eI36@SzKXzT+g0>$W6H*ih($;k>@31F0ttm_z#S_CxPs?VGhXy*Cb+_mv^~X_rO@6rbvN=J@)i3~Xc|wr(TQNkbxyZt-BRdu9&P zmIo!bwfoO(Xhyt?jQAhCkNc`*|5~Jb^`66wqPBK~zppaOxrB$@J4&KuTnNa@w~}!w zzd2?Qv>uo+JKAvIT#v0vx+oEMQ5Bo8(``=7@B}8=K)fVSz69LuJ3YS0v!8%l9kAE= z4_vvSzb|!Zb@`aHdHHChvUfSc;D=&nb(QNFVbA4xI~;KIYjV$N7MKKq-UZa`{LwQf z4;}68dDPO(4itWzfH`Hbv^|kKm~A|2OaF4j)Zs5hG~w7u&~!*%U0sza^|gqg&-89C z-T&3k(S|*WoMRIdBoQdhz&orp9Gk^O#OkU(>`is9LXACCRH-$GXrG0wO(P|TNP2KZ zd^6nQsXFMJi1JfTs7aBN6dbwASh)K(?iB$+s7&FpDm@i_jAC|Y~mFm+gDpJRXGW=+b^6PAC1D( zUr~|48pgWyD}v;%#l8epqr~i8_4`)frAO^$H`<-5L_&4#!c7e_9Z6B-RfhOu7Zed( z#)rwiq`&0(kr6qINn1JfiA(}Q9L#k_UJ#V+97ojTmcJsc(&2Wy6&Z6rG?q4aWg3F> zj)9gI?)T1jP@0WYevV7twytb&$f}AC@wIPDufH24l!+8~JWEKCl^_hzdlmifW!x;G zh*M$?2(69h_n|g?t6iS*UUdvYlKf zu2FND+*waY&ajJ)+DhLD^ZdH*ff};Qv(N-(Fq-A##k#H=iluF9299H>o`ThKiH*A4 zV|%6fD6?TE-KW=%M?a>pz}d4)Tm#O&J-m@B98tCsH)pTC3-QBuUlCMiMQW5#ZY#v% zq{xO*MaD`Wp=1@vIb+GAwy80w^&`;2J&}o}C=qK){qwPAa@B@(vG2S7xI>qLK4f26 z$bf5j!7Jl3Yee-epV6$6)5)9Yh~}4Y5wE`4DpKEN3Jwq3B+rC!ZkI@fkPDWSh{2Mb zbI6NIiq80y$QiRsuo1=>h|{*=mC_?VvSpsz|={wWb zGgW*No#)b~_dzO?)vWU2s%R674R!I#C~pn7mrozt?DNc=rTLqF+?Krk zX(+P4;M7QS&XGuhCGj}!?Rj=ZKuHOw)yRA9Au1QsjWa)&$e{LPh#K#Jj%*EJ7Q=;v zc6`5pLmc4b*?|B^f8nqI1{g4wFM&YKTVqTe2^(B&mqalRYrdVYmX zfJ{ZrD}H77md)EJbwQ(5osSct9b``R=?Ie;O?0d>|7{_GKr;I2>-Ssc^wj%-&$I-B zaFkpO5-5hP{r0c=cA2J@Sp}E){xzphVE<+!L75nnA+uvHV^TfZ`c&NGma;+jhUGr) zwb7v;ANi1~pY=vM!JBTbB(2G^VNHj6xei6Y6r@GcD$|hB)Q^13ipw`RsV`z=$=U8O zkaw#%9FHN`<8SMYcqQ)8ZZpwWe1gd|O|#DZNSNf&TLrfNl5B8g6jKkJW_%4|bkRlt zF_w$SmNC?U%mte0AzK?V;eJ$(B{s!cR+$SGWZ%x#9%PIsPgmOwxJ9WI9^+HR<-QyK zu3Nx73_&J`;<8SMAa_sTE_2uV>$=6PFC9ncljSk&H zHST`rtSHS1k~0!Uh87Xdq>I`N>RJuXpP%6&womPL;*nExBP|vM9FCf-$8kUKXh|D? ztnO!7^rlX&unqCP`gs!Sz$@j*)`X+v{cb|yq2u^l84r^su(mX>-#atgUyB z9mTvp9(MR^K9tpou*PIwcjv7AU2yF7B^Wm_GPhoRsjOgIgnhR`+$_#Mek$wafQ9}VLzyi| zhDyrMKcOsiL?ZCjJHFvmmh@seZAL<(`^iB(|JuE-i?N?b%91d2ej`>?op_rwB3VO0 ziB&M;WgZ&u!)kE*8tn@*=42r+X*kXwCF3bQmvr_72*n}GfZA_iXT=923nMJ?8L^xF zAL%u=x(@O@&8W7`ed%qfWtJ&HMbw;~Ik$?HdP?k>e~^<_ILcRbxuIkvH%vSAPw339Xi0TnB|L zbslx0CS+WRnk|Lxb#*JKL+hjXTH=>+S0-BKG1d{t`WZdmt)w9RAN>vqIm38mYzcUhK&br>}0bp2o+x;(AMGDPD;%j*8y zq;EmG7U1w~fxVhV6Q&y8CYPqF<$etHpD|XA!?pGwB{oXMmuY{69gm-c$#x`4HD#M~ zKFmvmR+@2)4F6&>+FH8Ec_E@=#dc2Go(l#08I+{mk16n7Or)~vxopP8Fv7x5dotDb zMMY^|o+PVj-f{}YcXH*=UBVmo)2-mby#!95quv_hu#X#LGz^&CqAd|>C8hR!Cf5v} zC5c?h{IG9r8SC=0y;^Q_;iaO_&>wrowFZfNKC^MYK9yPJjXI*QF%#V%JN9+=Ekg%u zVg)0I2Qje+oy9An7qhLA!l*4Tjnna)BT)$Cpa}Gz%wWeU_~ZMC;=d5 zIhpvXE2DpFQ$!JITo6(mI-Id!oc$#Cl&=VYs#28K)?&>v%@bh6Hz>w?Q{gX@PQLap8LoVLg#jdx?eN ze*8-v;<8s+`_`pcEIL^)tYS>XPd|GV;<@H98zkb-M54&}Sx+0nzYxq-v#Udo$4JABlgLH z#g2Hpksk!}UMTd(tqoP0{-s5Q{pH2h-fF8hxmNCc>|e~SeJer}o+6)LBb7Mv-^qEY$BzPbK_^`fm~b6duWZ-S;u zU62=$c#vcTU$5Jtz;6ib1Xfb98jYJPQxqO)6EeT03>-samr#7klCQ^ONOn$RL3RFR zAv?m<8WB?mK8-WbhQyXvZBL3VU57EeA^?l;MCRZ$v_qvll#=ZHw=f~yN*Fr7@tR!Z zS5G(RCD&=I+czn>r`7HT+EcVD`fC{6bxZ`-0)%siD2l04%&}uH=7u~`>%Pq2a=;k1 zN3OVBVB?<-y8?8bYOyLIA&|b=;J2glzu0L9+TXM}u$fh8vSHM`toDNJNcGP}LINv{ zml-`P4D(_&XG@GqNvpKW_E?L9VzDWf<=GtEKy7TUyNZNegTktcMcV%ZEx$;GnBzCT zqz77`JAKD-5)DU`L{v>#=z=9){g+B+i$km8u%oK<1=0Pshfd z1b6@Q3pT~-JWJUbA0u@+1vQVLAt%j<95Pg=zrr8$o+SLoKLqlox3>L374Vzf(IOQBt9@DK^ zcoXD9T5EJoR4>o(iK9W2W$tjalsI3HX8WUA90#HIy1IpEV_HYNj`3g6)Rk%rZP88& zic)+ANj=M&rV{J&+#DPOg{-qJU-qs`NJYT6l<>SJb$0Dn zjww7cs)hDs2AwwVNo+{ZIU~4QKu$w>z-&qVTAYB$B9VE{ z?0KK5K3U%PGa)>0-;D`FHcUz8-CdwZ$644!1pb$n9a{NHGA}CJq5kONT%qRPBN5dU zYx@^tecF49c2c(0J4|<}$l^mYdwv~ZEAws8GBz2CQJ0Z)eDVQ8bOjvG=Q#&>oz#oO z)%}O5qQ{2H-|81mVKXRg92DI|X38x3{>?}0A9<>w>NMj+Smc3x;(%+*T&~iD`YyKq*x2F zNU*e>X`F!}D#iLcLLIR|+mg2dvmsCz+dqzMz_>IFJJ?={K(CzEE6op~+M`AID_oH> z#=lHMj3OS1I~_yK(Vg2Itmq)kVcAuB?`Hf3Tr6o~?tk}BEY2d+UHWt0ImgRN`SaFB zk60W0+>WewT-T4#crXjVYxMY3@nbcy!Mf}kc)r)R@T|N>VlOWcGvfSrkv8qN+D05O zwAJta9NC(PUCPj7TGY3;IWb8>Le8mF*u2d_^46Mo4EI)8Qyy!oyj;ATeLp}jBJ9{} zuuFTAv&mNyFj3KO89J58Oa#I~ zx?#~l3OPkuCH;^>hiZ5Z{9)oTUIKPudrfh3v?D44a$ObQ7OK&F>=gS^tVrf0@*YC9 zjcLu~YXzPSqBkrPrPUN1yeb{^&p1sgTvM=WDTxU<O0 z%wi;y+Qwp4*)<<;;Fifr*D5aO`7{kCaXfAyt%U?FYR9L4{hGpw7{`6!V3mSDq(UQg z8+~!5GoH_wOH|}!YItA9tJY#Ahc%K^xC`%Z_tlUiUbDHVn*9%p9Q9ZTd_+5YVK$3B zPr5Fvr8op(sl(nMr@%1uZNg(m|3}Q;<5efd<|F^MpoG)7Ak^BvnC|PpEz8Vu^UTG| z3*3_b6uyz&yO1Ya5aHTvLPpuh(ykm1nT&raU;k}yy+jj?ZT9eNgdB>kc`;5bmO2|X zlZ6O|GddIr9_*@fL#SgU}6DiPyxUU16x+wi$aOixtIlSG|$>yoqnf zTKPs;QQNhV<6n#>;&)&qEVK~{PGrom^39LLMw9U?ypNSVF%;N_d$xw5w#lj?R{2k8 zL_QmOazkm&Ub}LTMUc%%Bb8e;dlT>iM%sZhtDCxjkd1+*QDj~%VI`d`IMFusKJCKJ zvuH!VfOu?6w!5ZH##Vd-Y82c)G4i&WMhQ_+T;GT9m$qQ_BbyTuJMW=!LPQ;rZ2XlMkynx?7tnB2hcR7F_l@O_j$cOgvhEeRd806r*To2C6q*XcobUl z-p@IHo~SqA3^22f({8=4*A#Ri|4mi3ANcNT`zBW8#If0lwnD`ZwU*L#YNbo-!T!;H zgR54B!5RZ1duqQH$iWH-m$xE*;W%b_zn zy-s05n*VYlqqg$VR!|pmu-IJLOU%Od`F`3zl{zFTZbVt#8To*H>5gJ{YN=J zlpg-3HljN6e%tTif&!aXi~E_O%U6^bkK`+_xpFRJla*0u*0?1n{!LbTlb4tc{%N<}reA1D(Oh_r9b6x4~)XoV@CS~nAI_u6fogUW6ZujG51fYYPgpJJm|QsdpgZ$MU=b)C%j1d&F*TQ&0(`!rCU5mCk9`gf~M?II*Jm?S*5jo z`K~+no!)uSigSPedn;ZAc1wzNWmtY3W@rCf__cS0E0azi`uyhOMRCrwf#j{N`vdpg z3?aob3!ZkH>bS-OgekE2mHgYG*S1Vuu$2{EOnwg6B*>2Jt{6{C?skvLPn$sIJ5rJ^ zH%0lkcf{43?3RgU15SSR?gwl6coxSMhkbLU5gGvJh?I`IGE%IwiQ02|B_I?Y!bsrQ^~fJVGgc8=<=RwT8C`?%9A=GyV%7LasnUzhNs6%XF6_8oAJ4D=;j9 z+t~W+9qudqs;Y29r#4QNnploC-HxB7u5m~myjAa~T{n}Mx<3=jHH}iepWMCW`X4&o=!Ef}Y4l^GfEreMPso%YN&)irLhE5`dXu$S_C)=22bqJ@TE=}PG3 z-3#!!&%Z+aY05-{jND&$m%8Onx&(e(lD;n7k+nRm#GDdiBarf#!mI2CVpkn2S%JuaI3(8Awk%aM4%!40k>oQ@QPRPBd&OOhpW09m{)O?Y?YA zu8-~tL;ZPw+#LR{f0~vigA3nB_}$M0itUbM-wirM^k`)0@16{U-&c!t`IWgYt+8GG z!_(yT-Nhz5%=|_3^!&ED4sE?ysXW0-6h7`t(o<&qJRd(iy-dF!{2tR~K;)g~fHy?B ze9uGFw9D{t``c-b0Pn|-ANpZM=JhtMF}OUw13k9AvKo5KDYC*J=Jq}pQPx-@MA&4b z44$VG z4zjCmi8n-G^K_ENT|&cT2(~F51mE|0=@-?QkeR zlmE;4w`yoWunWIF^n>+5?DY8yi)^PYf`8^x(N2QJUYiV^>Grcaj#Kk8`_FWi?QOBx z+muZ3&A;NMph6!x-lA2dw#sTnm~&0@M|QHEH0J)o?8DjeBH`4KxFQ@U7smK2aLZ5; z1&^=C=vKY)r_j*O7ZY>9vze76MQ%dL01kE+Cv}(NKdP@j8z<|nLtD9no7NRAzpMp5Tbwp4+lkA=VecN>}6+i>;aqda&07<~o>1x% zBo~(m7j@i`u}$&ZME?!rMD`U5@6ZtD)8jOa7GvJWnf3m* zy&~`Fribp@@x4!^z$NqE!zb!v3TykmYkuXS6Qf#x^l<^7TEK+JH4C3RFdLxbzXe& zf^MlZ86?QGFJqEn;=ToqVQW=RE0SA^{`Deh5Tjyg$Ve5})kX_H*V^>oLYDt$0elfQ zV&K#d5-H7o63{JQR0P}#P!Yaj^Z7}~_*ED2!!eea?|om@@^k1c*@o4ds5Jg2!Pev# zsR9|>c$MN#@gnJxS%HBWN2mQ81A;w2aC_y~S{7QSWD<`B{x+~&MSqDQY2dyJ)7}t{ zqu$MIW~{U5{4hHIVqx3Y2LMHc7aLvaG0QiILjh|W{w{( zkHCnjNE!1YBc;kUdK0RzB8FiQ{#gs+RG)B}CFM9JSLjVx-xOCyQ)!Z*Wq?`29gQYU zAk|Fljx-BP#Iam1n*es-_J7q4+~Ec+-nEb4g+Q-qPYvUokAUV(EMIVg=a+WwZVhFf zTnB??&u3h*mjvUduMG)&4s4HcI5GtInkcO`(R4V>$ph{LKh>(M;FxtHkv-3W*ZUEa zCmSU;lljU<3o2fBl@+ue7r$!tj!Gyaht{ZN8m*GPAKnZuVTf^egXl|xn){y}ShzN;qvE-1E*D&iCrCHt-)?eqRKwhkvCfnwm`0)}`z%Tx%& zx!B5@Ce`qxjZt)JM!PzFe*W)#u)2w|)qN#s-M8WQ%sDp#dYS6lOMILSnEV6su3!g4 zd7BzhUs#=Jy+rv9(@WG5-r~?tFfLVNB8-OX*k-THadr-zvLSe)FTIpBveX|lETuD> zjsit6E1}LEs>sv9&GNs)XfT|nT}RslPCxUumT3w6F1^FLsQCFnt6T7%J9dr1H=!xW zFkcGOpkOu#vgBSLplgKMH&IhUJh#o^?A;~yD;A1F{JbtTw+E*EM!a3OFhiCq=*Ox` zq1PA1x(`yV7iXQ*mUoEg11S#P#q9z%p`t6}@Ng#@UR@jW&mEu#hJ?vHf?l73vFY4S zKkSFMg%O*ILnbioM=)Y5pHUNz zRA(_nAz>FxZE_v)weUyhw~=t+6gO(A^M=^H_d_LqZuY0SGg=dB4Rg`+f@nzczEFBz-vdjq zR=3Suod3gVF+cV0%Mor{IohJY(%X)U@o`fR%cA=$iqy&6D+4l@shvG0MloeP z(H2BaEJa1|_vadwOq3tlQWxgzf3ZsbQc@p%LnfHIbH|M!H1A!fZ&TDv50@vy!o)Kc!| zM0?|&!S*_ZnAo%z7w@~Ql;GEdaxTB-SntzF!fdaNf2bIrM230AGB=-pb~6lAm)bA8 zN)SP`;#w0g>)8C7{%Vcn42`V!6E@6-+uOWR|KX+loN=>Bp^d1YNrrJUmGsOBUo6@> zr#FGg%L}jKo~3$Wlg8fFG1NcR&MolIy-k^i654)d{8cYoC zjtEUcH|>t`s+qWyg}i#IE%naEOVk3Z@FZ^8Av@7DU8!P zM;r)TEW7hPN5*|Lya|a5^7xRPHD$L`P7{aSQ83YgH9d$9^>5FsJEA6$iQp14 z$dsd3*(7UtD(}w=1KXe(NphkX`Co@ng%3#CI${tpl7LN?sYt`5y#4q^g1{&^ztU-6 z0WNoEaW_p=-Y;RF-S?7LzjZp06Qu?kCOVzo zeud7=`6#kUr%)As`&Sm?Wv=XWxDKxKKAFI&1uOK^%bE0OrU1nGbmQPgjrs0p2CGhO zmEqD&(_w*2-oNvIMsJC)@eRsR?tJs#Ziz)dHMzI13h7+&r`#=u=R>mkQk9q(7fsi2 zEW<(ikuu;L1Hr@1A81cUe)|=U!tWT@o3Q7hRR6f{Sw%W z{w4I*;h~LG)YhSrEVt)70?}+v9(7RcW|@!gO9Cb3)~nA7yE?ik21v5A5wzbRZyB6J zdMEJOu20&yQRcoO!^!{AS41j0JPAxhNlGPuHcM9O&!qQEfHbmROPEy1!wkkz_UUtT z1$iVXr2tNS0{^zhPabajTJ-qONr?YU(vB~?HxP5|i5WcAnNdP8NUR4>0?)z3v?NQj z&-Sorg;hk9i)KkVRWt-UkvkOn(|9ZIHQoEZMx)3$x(JU{avkJB#-d_kR)z^PqGnYH zMs3u1h>#L3G|px}5`W#6X#If!;#wMVT0y=3_e8pP*P7xd=^$j@<<{wvRhLw5M|ywS zFd=i~E4N+(DAc`_cKnO&nT0OxJ6_9H-X?1ZfsdSGe$2 z@25Uj?@Ae>O-m2K z5FENTu=^;Qg5X;2kn5Ok7xL21NiSD}Mu;d*cqF`Eu}|TGGHvzCHI#P{eolwnb(U9l zP-`j;Pvh6i5uPaFi)?{djDMERDq*=1FR82Y>shrgcvuuf97gd*ZCa=gksp=a+3UZW zp!})E5GPYK-BeOmlE~K#xrSi;{bBnFgArOO?irp{K7BSY;-HF)eLdU2&xl+{MP_LM z*)bA=9hOURW^}w!HWSqxk=|g+H`V?SOr?9_rNnjcg~Q9p48j?Xzi&*Z#vUXb6X36J0o=V++oSVs^fE{hzX30%Dgzn6t*Kg?^{hEUO86K7U{39+d^=wb7uz0(64b zbQ!*4)`CBnZdcPnOPVfhSOeh7OquGaz&oHTw0Q zcDuQ~(iUA};*E6&=T-D|KHe{K!7N&zjCo@`7T>yb!O^22Ih{JML~(7s;eVJxN;<@f zya8&JLS}Lto}8(8L;@E$ecyGT8Bre2s0-9cn$Yyl^(0q2(ucqN5gotI9cB_Tu-d@8 zS)+*mr>p$CDY@ACzInA?^ngBxdw@_`Y-81ntd^!%xuPS?WuC@ub^Y6ZsOq2Uad!kJ zN`9&NLT9Jo&Jijvs>3$b4nzc-OM2=fQ*LCNtZLsI%+da$n>k=kM@y2%GG_gfgsr8r zOZ4Z@o;Pl+OBwHTMTEGu9_kZhNfPh$O;8GGe5YK%H69t57x}>XCaNA(0|u&dBw{Ry z8eWG@dlgSCoTFs-tAB#^`J@fRmnnL0=}oc2inG2*SH|tJ{k#^tB^pxfc{@*eO=KU5 z7hH|4^PXe3HWH)6o3cHosD*?aiF2r_;Y$!%eyq8AS)OZ1rB(SS<2 zizB*#X&sLDH%M>hqun82Yw!Kne5tc4Gs`#~Czrryxh~K2Bp>U2cPXLw|L%k+o@0KT zy;CmY%OX1n7YuBj4rt%XFhJl9k5Fi?Dv}BGr9k5k%c$dC$uU6^A<;pbCCSadHS5EW(?AMUW&TFTFm~IK+{1IU>}pyC z0x{KmoK(~r_7B$iu`FZ4axa}5j-K&vY4>XUwTWXO_r>i&*k+Gh zHH)+c`oA|*4Lo|k@W+)e@IsA(V>q&s>Xmg|DRe$db<#zcE0bv>0#l*))rQaAwr{Iblc~w>U;-_ABpBD(rtODPtKJ6(0$1 zYBtNKcj!{h?=a;(bZMRY!QeyGUnZ4l{`)LjWp@0<6U@%BD1UKRw1&DVQBBRcNXA0% zx-G0a^n465#GNz|+7)wQ_=H8n!O1I?Pz_$xqqtmNr|&R%X?>FyUdK^V&;zl2zUR^U z))bRMWk$Sz%7-Uw17|YfGR^O_RA3}1UFEBXL4hyM{0 zyD>7YEB1Dq+w7;|uI;Ht?b{ETWd!(vjFD)sYkil=f_?M%I610Bju1|U(S#O}FLQDh zD|asNE&);}W*U*IW`O3MuiLEGC8cX$>mWmF&bWBDmH(CU{ZHq9D{OaH{GY3rAD6zu zSFgHj6J4@3%wxLVk8?&GEfNj(DShE~d)+VHx$aq|mB4J@nJJSi^uqV_e7$n|_Sd*1 zmsWxahJeX;CfSFQmG{Z!ICOcF_Zf$9f2Z>lkc@ss3UV9LwaLFL0;R)*f3$(#v%6uD ze%X?U!=>-K*jh!J67qf4l8HX~-JcnBza9u1f4I2`@kNd74T8&EvT)|e8{7X#@!HYK za#=&m%ccY&xd0cX__rT7X%sP+_}8(ypTlpgI&skwga)I7xRT*yVAj!*aV=TFSKSL; zD)9Qd+YbUzVMIYZJLRD!aOK{ktbTBv;RdKt)9Gbmc+UpWr;H# z>sf=p-nX%=AtClY{#b{wYL%tMJK0bH(eO?V|HSfKe&f?#l7ul&0C#bQOYpow*6-0l z2S*+uDW-;rE;h#REx4FHSwgj%F)Wr%52mUVR1RqaM^mC3l%sITLA(oBy5+mDe)C&s?SG0`Gn0C0{od)R!Y~8CSu; z;O$p~1DzDDZ4drvnG#v(y98Q-3S0B|BWf>?pyvBuN35#nJz$&NuEWo)ujD zKD=?KQ|18^`opyPQ$uBOZrI(jo6`-LN!24Vy5&n92?h0vyCXbolyEOe4qw4~VtAte zxmH=We~EU*@+h|&{Pkc_$*}Y31hGzd33<+JDrw|AHHB-6Aro)&*I-yJes3icCkf`G z8jK#h$cvOyG8J?FeNrEs2mPK_R%H5y3CGFTu6UYYJYx2+K!_rAYRWqs^lh7D~AkH&R+Mc8FL8niq!avw-rlA;5JaES`OvK_^2D&$q5*cyMFnEeYo;X-y*MB#pSRu1Eh! zFhQgPZcq59PXj~IGB${b3JtY4*~$gEXQbEF!5`MEeN4XVDl2jRR7v_D0MtM$zpzRZ`pFm8#kI_;)ugMi6Cc_`y+Z+8?xLg(zu#Jn^%k7)>&0hdclta zQEL@f(I8%Rh9#b=WfUD^28$)aI#g|mXErg z*Q@Exo28S`Iz)aJh_|F{^1u5DlT5L4KQ*ScVWmEtrb=s63oiB{Wy%Tg>Hl=-J}=4s zIv@by-^kX_(j_%%W(wC}mbXRpW2rgtR0~c9S#gQK3t_w&Cnz9{vlyIxY>oigQV_wX zvUu|pKoY@rY_r0umFc`5r($`SYDZCt5w`5z!!Q@~>Xpxn5-P_|BJ99ww2q-9b+!W9p9lQ5+1hCAKxnFFP3&X(GLS%=9BoCQ&!pd z&}vY@ovVjITOeDOZJ!!sKVps;q#J`cIJm}jkm|45yQ^%^k?jbR$a534>}^WEcEfJj zdZR*~Vy?h##LEl(v}Mfgo% zJpv(I4_=Qb;W2Pb!MqzCco;cCG}cW%#q(e0cl~~StIytI0z|wVkTHFabGVRe@lOu$ z>ojzq3bxIePt<j90>8Ha@!|kLUJ|+93Tj^Qcbla*@fi=N$XAuZ?(5BHL zMScp;Go^XlNh638ENPr?L0?}Fw?Y9+BDm)eJW9|Oq163(MEqO5HN%ijPHip(aJi(i zqR{|LM_|DHZtF>&9r5UWpK z4dAC2JFraNFG#Jo9r-0UW=@$BWWAE|LK;B?uY?9uY=|w3Q5GXMdZW{0 zreFg-6@C{{Wni1#KONYX*7Te{U3eD8I>qw{aEx7OWCw$Hsr*8Qlk0uT?|vGE@5dbZ z*)iqO2s?`nN<0v680Y-Q}oTXXv!yCHWanJ$QeW=Ti>(dtr!{S)frklpJ*#i^QRz}a9m}ROv5@S z6AYDj*8@p+p0p|&*0h}tQDxFRm#17T81y@UTZ#OO00w#4jLaZ1Z}d3cX%kA!H4c~! zmaKg~pP0RjU(ZRG=t29c`mx%_jtsaz?&Voi>hup|ZNsSa{LrVGOhvVRzW=#(Sp0DMKR zAK5$)#D>in_%GanM_+`LpiMO3#T^8V*#Vh5wlUoIiiX3`PFipEa-@jS0Y?7&_iwyR zmoB1Q_(9el*`f06O8jr9l1kJwS7eqTEXVv=E_ci}$4nTiSX9ur&suB4;CX*vEENYc z8#@lLQ7h)S#HHu7^6o5f8*I;vIToeDY*gF59-krOeU2{q)OdvDZZGlih+wVIXHq+E zS)M8y7uWE{)o?7vlv+2NQ&cJPo4T)~0V|zJO-GmeZ1dGdwl4w_p~#2jwsv0@DvYfN(&Isrg_vk6lA$bxui@gx3sY?@B}B8`M>As%z!ZmH*rSxNz& zgJ(Z-NcjLx?;V-pqI%^j$pktjp&X31fObIKx9eH^#K1JtD#cZxnjaXx&jGy_E zK*Tk{ek9Y}hTnfoi%m?STTaZz27#afs(vC#ZrO`dIoxesbZJaT>14EC%n~gFE_Cb~ z?(jQtA{kZ_SDf7o92kkjhnCf|oLaY42^1{4iX^f8PF~-s4i$%a!?yeU@~QYK18)rM z^xFUr3SO%4C}z*4Iu=oe=!&*7d40$o;kFE(qI6z`QRG2kK-WqKUVBJd~4x0n| zUOnRU>C?t3R;?$mX_puDL5iuUOQjQ&s04q8f8hduw-`l)%0m&S%I@kvI6e^jkB&uBI4@F~#nk06( zxX?%X#>!kybP~xh3oK9Jg~=9nAP@}7C6zd~T)n@)x7P5Dwlv7{ph)idFt0x6wWA{D zLUsn3wV0tDA4PI$_;l5ZeQ;twJlvJe#c0RNYn=`$tUkRgXn%r3*E&^sqY*G8xj~1&@2Emt37+9tAbHp?X<&vCWGMum!FK zEAm8P~vML1s=Cmku%d)`A!PL z7vJymtJ6Ggqx3lCg+EBLkg)J_DwaYqzFZ>y|wERhCg@V0XmvuW(>Dm~^1(exK_do4M@M zLL+d?=~k9naOxi0XfXz%;rB64_+&nadFzU#CZJZj3+3HvaE;c4p4r5a?MZ;<7{Y^w zrD(j3VgUA)r2E)CmBc9Ns}M{8OBDsIAvb(4j|Yl~x3{-`?0;sK8Juy@!*Xs^uj$7c zX_U!CFR5o$F-qD?v;?!2(R$2*Bx5!+-sBSG#jRM>2_>>UO6*FykNc_xlfku;E4@*LA=sV4K5L}HAG67&EqgIdvq*#7XQ3%ZDF328mmt$| znd>lfO=+muM|)huK4Cnmpg4T7^w<};SI{R8yap;%r9zVi%oGeM=zw{!!)j&GG4Cu- zm$^vTuNU;ET=1YlYkujnC}%V(AXZXJf#u+&vPd@(3RUaj7Nm+dIp%czw)X2SqVIx* zZVjQmyfpBBUlMYn2)d*t#>YR8J8b@aKjnZdWfZD-KMoTnxtA=xcy5;M zLbAz-k$?>R%XOTg4y*t<0`p7*Eil*D>-GKp9W}o3YwEZjW`pCdSXqJr4Pv(EHox80 zTI0=kVj-dk9#quCOkIz+y`=0oE^rfve7Ws)TKNm0;K;TV$IdvM{|yQ+^o2xcWY`R+ z`%=jT_>L-WGbmw>(#A1cBkW;Z;848kqntsu0FWL+|<8>tN&cM_I`qy1Hrp!a4PgQ=JkD<7^2qw=R!46r69BBBZGcXy1F$j?8t`IAs4?Dz0WJxXgbTT5ewG?ZP09SB%H3APg;C zM4neVeY_u;Hy@?X`V}OiU#^!8$&B)7Y6-vtw`%h{nBGPN%e)KzZsh~;g1^iNaIzbw z+tys>6<>>|6^wzTw!(&&jtj#;X=Y6u`;-I7Xk&LJTdY!Zo;u-s^1cDPE5#g< z@HFLdLC=EbbgY|WV>A`!Y8cAGNMgs+!wNZQdr4`O@kC*EF|EAdnZfntzE(BpuR23E%ilNX z7d8GY*oh1S-WGF}=+Z+Wt|bEI@$S)&a4 zxg&lXu<dj6}xX^*kSi@hBcg-X4h$M9fr3O;6io`Rmp3bq7BS=eGj!57TUFVKZ~j5g53})@4#wSymNXWK(xFb$E=DH z*%CT^?@t8Yj=C6A$R<&b2JrDpQ3L5^Rr;d}5_{s?G>I zVzCl=e6I1(lukV`fG7gXKm}`rNnoRmyaUzfXKkO7SW5n4DJ+B?ilrU%KA=YBIcAN` ziJ6tnL8nUG1UJ0Jq~JbYy+kHIs%WJe~$=ly>~E=7KdqgJPDO2ATSccZb)Dt4c>$ zQL`K@C20sjJl8w2gY!TxgqY_Y&@B6>_$#g;Bb`$i_}#;bsY-e&!c%bM?yz6sGB5ZF zsC+G6b%s}+;epxb&C!jEHN%n`w&KXuYMwrAw`$p^wRv3M z(7_wlL<^||m>qe+fzb+&&?z3F#0g!G@*itfl#X#-DQxPE&T$`rfB9Vu$b|d)aBjCu zhN#;Ul!|zaC3xI`ne6NQUJ`48@yI@!0qGkEVtuU>ap^_x77nX)* z9*$V!>`;sQ%u!rTc_CETcQP1fSV$Rq@yth%4`u!S{ri9a z`yU^ucb&g%h}Tz{M^R#*&ro-=od$^^!lQSL;wP4iebYm_OTCp%jxCv8FQt43n4|0b zP03atzQ)jIh-_{`%LSf&YJGd%4zw)%?gQIuFY5l{@;4#Bm9{=_dt_Iw>}rRGHc$Qg zy_~$wmeNZ?qKlOAaCp4h!I6xC?bC5WfKDFYVXudro8@?6@xif;2L5WW`^efhHZ{e_ z@mE6MgTDEKzXH`9Cm>$aUUi07onZzoU*o|A`=sJYu!3 zhEogs6r0`wna?~?fE+5Ne2NNqR*rclejNETfUwr>t7?(yB29PXzN8@h6aB>wqUNVT zMUCD&pNPck^EAPg#03=knxWCoqc(q;&T(?i+Kxqgqk3FqF$DI>cleldkz1P~O`%wB zEX>h>U%E`aTV_6H3a1*$YVb;Ldx>C~!jyg9LN(Tt0~L$zN=G1ZwefnrzQ4Z*EtS!x zA0H6xw8^4T^^NrfI??R+@89FIcPNZ9W(Xv*{W$LUJ3&CS7IPU_G{wXS9&U;CIqw^(ECQPx|HmvtgQI#i3Rsu<6hbjJQ31y>i1B*7 zwj5?NE-r2W`avY~D8n%$oz~|s zMo9ydpoIhSTm0@*-~zs%Qp=Htf8646T|@{YVU{ejgTzMJeca|1Uz~}3UpuKWxWK*5 z3w{u=J-q4+``~_bItSes5AOgTsG2SjI&O{jDd-2b2Jpb?NF1O~mErS!iZE^e4ImQO zx2;ELW&z$bXbL`mq-uqirXhoUI0}wZI@gqM&T9X@sR-`V<`O{6;Ye-KS z3D+9LH+ezJy9N+Ss(nU_qyfL9B6+&dQMH`kFu_$q)@?z%X*T||zl5gr8u)opC-Y@H zDr>&T6r2Nz?ABTAFF2i3g~ymZcfhC_u^v5zWg-+5 zd&-@NVm(=;2;00X$^oS`)@)etX~iBl>FbzLy^@a3AU|@~4pN`I*U7y&jNrXjkb1pd zKR!OB9LY%9ydD-}QkRd+Lm7m;IHG}=QzrJ<))6a75Muie->Biq|>AM4I zG~k==cWZ2HeigX!><}zg-S?JKUkx6~Puq`+s_|NMRRhPipoiV6YP06W17MiJvuAD6 z3`wS;zH$M-vv9pl;1CzH!!8C*sR~;K$SBwO@O5W%F{qo9d-SF#7WBX1Ibq>eJX3qG zoe03#c(}@Kz5O?UPwSfmJVLWfaQlO%;Q2|aR!+3Oy3X*nz{T;7Qv^;#n5&zjPesro zvVZmTe^d6ef4_1|mfpAd62H(SYu(c<_SQ$0okWpspTb{^KAV)RlQXgHHvc;6?Y&p; z{o~__=G`sEOLOw0*!qm5wgSh!*{NT=0r?_IV{#T-~9 zHI%;HHc(vVBU;dsS8H5WyB??WKxlk?J1_Il64w&JAsHOyE;}+lK0ff#v6vkn@=V`b z;jl2e^y9oL{L5i^klp8R^ReXd{XuAiZK>Kc!K8w6Z2m%(WNhn`T|Y1q4B>TB;X>GN zG%*3K2$S!)7%OOYk=+2M3EG#Fd$ z{`u!0aaHCTcF3v;a=JCJ(1H}f2hssQ>#ol`&Ri_r>ILKewfJfkZ~XD@eU7)>s~Wn^ zu}*X(c;HqNP9;7Mm%LuD<9mYqrM5=JU$N>S?_kEcZ_n1xA|UX<$3g~G1HKmO(RI9Au$;(Jx->WFUMzsM=3d$VqxMdrliYGl!JKX z#DF`HEXdo$vxZbbr)_ZmJ{lHX;DcfYVh=FIb%YPog#?z!QgR5P~vtqigchB!W?%{UOWv@;F_}* zk;9^+fa@`qL6VUSlkiU;2%TOU7Rm*4I{Jl9Ws2E1E1AcvM`#L)9>n8JC9jVFn~>yp zK!%4|s2ldil*AnUM2S^^a`_0VJ|`7Im9Qq2Zhnd_TGB;oTh6bGtIvzNumTpUguX4V z(Hb%e%W-4ixa5SnoPFvQT`b;48l)j> z5y}>BwSd#WxF)*-mhjq!H?i$^biZ~aRY(yGn*>XnN=hkO(Hck5Y6y;a^5fis9(Zx; z?A*o!HUC>hyamCcKA+#=<53&r+TDbGj!`LjF-x99oJ-P?Gr=$TDR4SlrE`Y|AD<lxY&Tj<0J8Nbu|D_}k%Px;s+GIrCnd8Nl%@b`%-TkQm?9_3YPp`wblHlgM9cgymzjcG z3ER6ETS^b)$?e4+*tEuCdo;$L5f&zf8&6>vZGM4^`AUD+Ozrr0btiV~e!xKf+Xw-y5qgLW*R-rwIx0TH_h8F|{5(N=NE zTQcSB1zw;OQM0|Tr*W=r5} zF30n3KIb>gPMAoJR9-n1|H7kT8xis6&mWwD$V3WX!;t!M#NL9`AbarO$trt)e`kGp z*sMUzSayuACFw{~1LFwk=EQpjQ={d^jp`aZ+-1vnTH3S+w8rS-JKY_!Yov zV!bRHxA`0fiCXB3uN9|`<`Wjf!uHlIU{;Mek{}d>#Yxa077HFnaOQw1!7xa_V9KXX z&`^0qs&Ss0o$JM9B;38=C&I!o1YUK9l%D>oGaT@L1+0CYt!DxuVu91CZ1Y-WG2$um zo8S|5{GbeXz*|Dp6bF^a2zElunsbsRDBRJMMzQ85ms3LxR?m5dcj$EmE8y@R#ZsWjk#BmDpT`7>5l z>|zUpXW6=I?AUy2v~InkqnMQ|W2FY^FLR~z1eI^vvDm}69otdr<=3eO06%n{?ucZj zVpd#5kHj%p4v>gUTn_DQT9jt%$hL#L&CrkXT*bcdvaptZte+c2OAi7SxKj&$zOD@3 z8wbt5@)V?c{E^{=l7+!6I88m`)4|!iwPSk!ZkiEBDh#JCkakJ$EL4CL1w|t9T){Sg zKgM?o?CEKMWf$h48dO{p>xwLNEJl~mCw(I`4>xZi8%WyOKI=|1nmpqBix{$a`huSV zx4KMA$fTSJU6gM@M-z3^&Kc)lQdZBy3bd2D(GM z*r68WFHBz0wn||Z0|mvs%2Sv&k@>*St1sR|Bs)rgL6+-_Xs`zHFB#=ZA1duuhV$J7 zye%l^;0Zjwk;)4qj0gN;3z92hy!{G8^#*KU;}M&>8ZVqaNLfny$ICD4(+i}bT$@WqgHB*Zy;o;7^i%gh!I2wW&kLdPL z-Px3+)ANEK0h}0AZK~-n%$;vFfcC00Sev_%KiDQ7t~0#x6n-i)&(Bh%p19mZpAR7^ znol05m_HXjWkgA;B%}RAdhW*W;(buyi&Q%`tw)CVYPi*h+YFfF8@&hyXOsnAidix$ zPWw95AeeyIkh3H%93KRgJjI}Cx+Y7q)EcWSP}+}wW!%erc#U^QN-C)0_(Zf1?SYQ( zFfl+ohQ=oXz3#- z)pfV^)!HOd!$=#mBzZekDglv3AB%L{J!r>#a`w!fZNy zd{dOz$zj7Z!qz3dc%Vymh*j#v%xtqlDtF`+J4}~b!e3;wiQsqW+0L3&FW329gHvF! zfPjUsouU$B8_=j$F3<94#YR%uX0llB5Mqe=ZkoJLL-qZ$_3J?hBfZ+ zPhmmThnO|OF#<@?al8e?PF<15Nem~@Na7dWQ?)WqrgnU>&Ji*JPKo2^E}jBbX*BPE z5DKyTNm9~Ai{X@Ck>LPf>)9_n{DY)plU-L_X@cDFs;NlhdYq7z$}+R*H z|7ARVuJt%VAMP?A=F*O0IuyE~kfQ|Ol*V!g+r&_Mi&-7Q5dc;G3w>4(9>=QWUi@#& zCV_2PZ9eW@c-0Mkot=7E7Nu-SlD`R4-y{yaHTAfV+{$ zUSwm%-732KsAb+cEDH_JLS%DF>Y+ZB%b-yh_KrgdCE{PQueMuVOfGyN#v^K~q~V6d z4DwSapv?(J#h}ocno7mgHD-&kf;z4oKSCfcfdvlZY?sGb?pCy;f=eai)rbc5)W!kX}W(H-CSY?MID<+0xjuY9lrA41lk{0Xg$2zJXAadI@ zLe2=8LT}S)m6#%lV}&X6ebAxNoIQIS#*!7%W4)wOVhm1Ow-h-geth#zh>2ODJROJ` zRD+75*%$`!8-I;ffZVrdD=ro+>+X7-Duol2@UD<(WHF1meO4XQnUslN=u30~J6sdS zIK^{OUF!2|GCpq1CM~=;cRVgzny~LXPg#kh<%PZoF+L!G7bizEIqpr6FsGp8LPuY5 zDVeEaS#3rJ?!`l-P88-Eh+1tv!dZ|&9qHSzLGN_S(`L(ik=QAxqC|PL=!o*=sU*ch zn6N4qEl`Q|N-S+u@`KBZ4RiZ_GuUTyALkB27Ey)SBhTaGrvG{zuA<)>=K>fr%zMGO zOcrik3z`>1vTs%bNnNipX^DZ0Ng?L&E*)cjahpl1*mQn5Kve>f$Z+bFLW#6ze#P%j z_40xz0rs`ZJKC$x@Tt)L?RADXYpioX%oc;-E{G6TB)V;arzx>l%==rm^~kuckFVq6 zKFn1_@cXBh+Uqs*=g}72=YxR^Vm%Ol?9*EFr0p`gBPb3%m_|*7fRB8j_ zl9KI#lFNMR(0JvlO267%vSIcYd5lP@XUFKIgEo4J42<)}lN7&$D3J$^LQ`OnHNpiH zJmqaBopuK>KyGLmhfe+NMdw8#wp=iSs0gqOJ*TV^h&F>uIBcP~c(JJ4Hm*i>D-6Nd znEsTccI=~J#z%1kk67l+azB3E;-Og}B2sZfad{D@=tYFgyr)A{XxaE(5&SPV?p7}J zX7VpH+bPhkci*@tvU#%*#`Vw+wo^Gy+>t^gnxQ;|VkMu9!)SR|+CYLkvO$uofsNME z*puZ_0unA)G5a8!?G_z5Zh)86z__EAw>quf84p`RYU*wVsX|AykB<*Ap$fRKk0q>e zd&e)%g7$6x(PezAvCm6uW;|?%+N~hSG1Uq}a?uCMiyv`=maXylbQsUifFzYa=7X50mIYJD za;|m?&xMY;VXk}qyGqO{OP{L-3mPP};bOhO5Ke=RF1}u`IF>$U-|?xG^Rt~;nsOmC zaXZRtOqd{qF{DRkT;}s=gJdfdvK+)*Po>AOm>qk)H>7G0Y^f>YsnlP52=@hHIn3(t z_cDL=iG>e4N$0^n?>CG>TzugKr26IdxJVsJsFhv}RgRdpbO~391*76?Y(!$o?D#3i zJ+5zF=hvkjmAqgWW+%;#MRS%HcGao+&}cIk!l2ME2>TooD>wphp+XT@a-*H`> zdbeCW4(_CVuJon75R*ARxPhg3+|)U=3Y&Z6Equ)tvNKU?j^9+C) zx>}7it4ajT_Y3#&^-rVYjgiBlv9GlGUru`b7f3vkLHn@~>b;LIc}aUl7;{1Lov?xzBs4_-4B0 zhfhrB-%&-&BB<0pJ7wyNAEg-xru%g}_J-g?a!hljCOjRZ<9ITBjE{GGFdq4GBFmXy z({ul7wh$8evkJui!I!*NCZ>)z2geJZf|)sD+vfd=@>#vAz;vphcI?Iqvp2~6LT940 z3>*2Zh$viPG^$koB3_A~d`2_* zk_n=tGh6@wAOJ~3K~w{~n9K;N%L|3_$h)v_O4`72hQ-c2!eM3SBah;EBnHN8>J^66 zHrVW$c=3IYiY_+^=6%jfqXw6=(;zJu_V$9m4*gYU_yXAB&ZnnM@Cfi1p_+x?B1>gD z?IGvZsVv+|PN#gQ><(t098TlugIqk){ZqVpr!VIR)x=*>D8WnS%XQZEB+zNqfjiQM z<&)~A(E`SwqRjwal3|{Zl2DbhT(eVeIJ=UxNl>vyc$EkWWz$MJ7ATRTn_E#Tw>0ud zM-EVpUJJS&UxXZwKrK&`jF5R;$kqYc#7j?Mp*5AE2*g{0FIhaZ5~VUIRu`tnYM+sd zmkm`&U1TcG(JAz~<|2<|gO6J&TQBFn=suFCQOyk6!V`0G*r{EHtj$gdi5{fDXG1#^~i7lyrJf8@B=IpS!Luh;`R674CtJVqeZYt27 zXplAQ1p7`;=Ov|_X>j8?1=f@><%~G+BQ%!6cRK=_5S9k*CxknQOeIz+_p3p|ojk4F zFvuTMR55eZspuoarGxr)x2i4=!5e0s1|}69CDXug>(}s^3y#<>2d3PW>v-JY1&;_J z#o#6+!A<1A!K&hy*^I(^U+_F2GfTYc3||cY1^Fb0xJS)-HJRNisddEpcf_OTq~GVB zZ;*D+R&KYBTg{`-50V?X9QxVnJw@dRISJrwzRwj0JmTF4jyz55)>%blb5FI>NPBro z=Q8Q@&zM3j4;O{)Rq0fx5+UCA@#B_#zZGx7O67yba~|LndJDIATsrQrg9dVV1GQUEXC2@-NniV-`d8 zYvDKb3vQX>x!Ms?%mtIptnr&K{4x%UeIYvMSCsC}c*HcX?KALwwj4I9wTOff2uJ>n zSyOzxdXNQj!HcCW_8&);eC*3Z;jGWc!v|S4$Df$J4-I?=R+vHVfQ*v5b1K-%?Fq{ zWKmdjbz2025>VJ^*`EqZc<;7yh$Bz+ldYMsHrI3{xAQp013{SM(}d$-tU(p<^A4$Y zEI#?SR>9^VS_@hmxA}#j0oYZ++VPY(D25M`IHv?ENPvlP0|5B>U!F8q_Q^xw(S<&F z*^U#Mq%ytR;BIQGnenY#K8kib zbCQIoPnm$fM<0*OxI6I7RwWs5-0KN9B0Fh9UpP^Afwr1fa&l=NdEAunN7I^txAhfbv-4S@4PU*AhvSlnSbbUF*k z+3a@iIH!8fW2#3`D2b`$pn_R2q@kP9N?PfHO-1c2qy+fWO1v#w7KSD6qHDfxR62Aa zbNEV`6?R;7?I>!nmOH&di1v+2jh>3hC~l3+&Sw1V#|x@qiM#XI=2egknldhC<}_Em zV)h!3ByCw(bUCza4odH^!9Wq|%YZQ-o5eWsvLxb$Ye&pArN==yMR#!l{L61pLUf~g zH40eO>&d++Go_+)3?irsNjkI}|2k--%B@DPM9tC@Q}ttSO-8bukW-{AmK#XUF0HbdI1 zTiy=xcpzsdEQ<1o(x4KH&koW)b@_$Rgl2i<;_^XvMts5dL+UbaqLuE%z`iK%eFfYa z(r<-lwswzo9t%yfG|@R%q-zHuNWJhVdNXxm}~5sNs}SwLP}lEi%hP~wg;kFn~zcVLHm4wj`LMf zk^*}%>lES@dlp8me2dJMq|Ei2Yd=LiT;3KdmI5I`s}L41UqxwU%D*Ap9(F zs_w>*||&aq?|U}-s?wC zIODij>@V{!U`==zu2Ws7o^q4#yx^OG?UVBsZ?lF^iL`$Oe1`pxfKQ{iztdepiu8ID zT(^pNkp!%J`Av_H^5_)9<23w4SjcS$Wag{zoLXKhe)GABFvqZ&tfWGyCcj&$dK}~= znl{%;`f;AL92v_~vggytU(=L=|4q{`CWfB^1drzjeFlD8P!KkPFk9mM504hx3YZ2F zS6i;zA+AP;YV*@(hn}QWFlNdL6ZK(Gtk2~oK75PN2L-gb^wW={m-@W^^h$>?7`3PK zzmg!b6;&pex?YM?N(N})uTZh&@L0Yp$_a?sNSrnnI15=M$u!96B&{skG>cnCS9p6m7_WQ4uh+KzAsGiHLBcQ=EuH-?0m$P_9F`|-;2 zXo`Zg$qH&Vn@IUg zETM84_xDAeUA%tXAV_^{3<5s1*t{46LPxh6fj6#5joQq1U>&bgb~Y81V(>PnG^Y_} z2MG&*E!)KqX-L_md>_P^t1y1*CaDVCw0M-%MAKeAXK_G|OlaPPCC|aC5~fTaE&E|W z29-Mtqm>y`#G7`MaLSyfKIlR31y2Q)ukCbPM7-1C7#7j{j(~X|4L=d?p7jQ>gD*Vv zbc&Q%@&CUvFrt32W?*A+!Pul1}&!f2Purg81~KMdkkrj5TxEH9>{AF zdD|}LG^JJk3++GM{HpiJ=&?)yC2S1IE>;3ujXB?K4jwo50Svjss~&r`$J#-)@fWl@;6#siSYzj7&fW$ZF#pBGUKX|Jck6_oezh^7l!X=T~XTOO8gb9pO%7lk{l_PVKGg!r4riNqAZu zbAr<5^?#dBT&`$a+~=(dp78`N#&|h8xM1n=DKn!0gd!2D9X!HQA=nO?i$se=IpgGiL7Vf-?DY9X43_Nx zE{Dmkx)iNY(y4$2U@bH6jbahVb_sJAk!mHbFmFxmf#m?p9M!A0w>PeS3cuW!3#PDy z)cu*kx3@R$B4z;0yg9DhI+MjHRUv*Iug^7T=2|Ye0lITvRKd`Zt6D(?YZqP2Ht$-f zbO$y?S>T-|(~qSiXyb4+if*7mFay6+?#+TKIH0QXzUq!}AuP+&AQP%cO4;!?(m)7f z3#@SBj+{2=!=;LIw~~&hWJlqZ&Is#z2U|*f^~jm}BB)qMJ$j92^JX=c#EpejJAMx@ z)j;k7K$VK3l0zEpE8;P38mVwCCe1fRII_blC3`J=anDAXK-zZ^%ojs*_*w_&7d#JC zQ`k3vxXE9k;d@{mslE-qr_S)^x1`%0gFOyUqJtj+H%W)%cRI^?k&3a3S=XD>yd*#a175emeZIigvIg1s{#|4$OVcK12Qq;W zu+{}VlsQ}AO41nziL-?6Kqoo{01mtdP-YmVzCf$#>Wz&ujEL(*roh8W?%1xd`pt=*%D#!in2|2_&I z?Yl`Zg`6Zm2rx}b68_zNKr|U6#SL4-0V3N00VFC=ARQ74@P0~c<3tA zllUMKtK{kJPeBM{2GO8rKltqr@q*`p`y$@saCdC^55i4SlH|dWEMopmRQ+E8YbORV zeRmADfHgmlWCmXfH|0RjM!bNK_lSyjdYy`{%2S^l(zM1ORee1lLYmUEf|N|{r=H?z z6Gp5OKIxdoBfQ`??u?D-Rm#OQ3%2ztNY*4lfimW#ryX0af|kcvV_%PVHXAK~c>@a% z-DyLaER9&^vYZo+PT^XgZ4t!*K$1WH!K!`65l1 zCD-?m!oDM#?eywa&uW)kQ(jC@{aDp^t7i!%u2~qWO!l0e2N}7eMN2NmrBk`E0Lt4@ zo*p;<`RAWT+b6{^_-4%NV?nti#9`r5cx6!p)u4TJu(=c2T-4$hL8nJmG`IQ318{n! zW4zi7ELD-Vm&n^u<_2G^bl)RZvCPAXov@JoFKe(-BwU2Ag~#=y&>6FTIUd335hgWY ze(KUl?>GkjEhI%Avn59sdG?1}KowVa?(Bg3dk`;et_$3Of0G6Yo}IQ{R^+9R1U`jw z?=DsfSCR-2vj9^Ikp{ScN3g*-X6LaoFpfNohqszyP^tKwI$9;D1u#?0_}bt(YV8ci zVoYiHI;(!cBd|6(flm)m6)K_X*^K8Vdww?J1%$juRNQ+ncVML!_HCk(H0zn+$HhvS z=TeYFXCLzdo8-QyLwlE>B4=6BL?M|pgOSCLUt=xT<^#(aZIH~B7yhJI1>+TBglOf+XPr ztR1d^umL~=g7ppwyLY5=cDEIYEu6a1&LFO-33B#X5IoLEg5A13$cD|BEp}|2 z{NMlnH|h?f3dSNGPR*jjMj;V9m`cg;ns1v=wi<(C^fm*wn2AVRvDuBwC>TNviM8(* z%Q9!5t+WFV;+xmwT(EvrzJyLtA~=O3VVOSMilOSh;t#|TmB|7r^VPa{^x&D-+p4EEVjX6)+*lA`Hx(WXs;G_3t zRrK#dw~{pO#~Gb0TL$*oHW#qGy$7NwJh9L9M>lErERHkGozv`L!5;~7N5#Qe`brRU z=tXr^SY{-A@jMpwf;FTz@NMe5BVzw8_;FT!I?2Xo)ETsZ#d(ZmOY2nrKBy4>ELHs= z*b(gK<~IwQSzGOCHvhEH<_!z-C@c}@tU_jG$w)X8ietsw?AzXwCwY=2%I(=N&ahV};84e_Ze` z4~#2#B(cu6Aa5%+|}$s36ttLze4^=e&qOr2Uo7`GzgYmacBqKw+UB z6{72WUOq>gev~BKTw}Hz7i>F9Ig$C!z&W_M&gYSVHWZ}bn-VTM?d-rlpzCpJyJ&}{ zJ)Wlf%Y=+Jf22~R#3XUak6+d7$Hzkfz#|nI=8I*;lrv%Ii`}M!fRB$4IU!ztT@b5w z$6>FR_}~Gd9lsxp`>;#~_Fv!;Tix*#Zom?7KSi5P!Io#tN(h3%!^P)S%NR zkcKIilBn-i@?tNhZQfkt@s_a9%`P`Vv*NW3l*YiG)#fUL6i@8)e9br=q2FX8B{rgg zv|;TFB~C3z46(6P3mg+TTvR5<)cWXY7kR|Yew|^w;8TE&P^Pd~o#9^qJA(C@=nlwt zV0Bt1VV>Yfbl+eCZdL1v?bFTrarlW2aGDjtusUVurwC8A^T?#~6Xm>~k0V>XcUrDU zX2XS&Am^85fQ*&m=VpF~=@*qTHpzQ<3F;dPIvr}>30z{FHOf=jOM-F7(+hzN6h{Kb zD@hPGP+^@ph?h+Sp3+Iag*bURzWc+wnLr7IBahrjMEJa?3^%L&Bb+AU#Yw@;#B-ZI zSNG%>ROUBki;X#hl&5KMNZSj)m*Z@;ew^{dme8_q1+d@#61Ac%h>k)JTKZXg{N{3>t23Pn zVKF38ivTF03n9}$0aQbDjgY(;>G_mtX;9YS{>RO5aM@=r(g%;1s7=OzZe*=fij)m(qJ6W*o znOsG`jLsZY1uRD57RbRAg+eZ5#QX*&kO)(0bV35knJCMony`6@X0;?X`rZxT>Kkz^hkxqME-TteZeW5n#5m$2aV@6{{M8S=A--YRI_~A zMeeV@LUBIxRd}+m|QFf0Div1ZBn#gtsQT{ zjLi;X`-b%L-yuCaywZ`?RVrL%oVbaVr__MtT>!_BN-zDvpRL97VAj&oAk| z$i>heYMMp7c;Z69S5U=1SXsN!P^n4m*6ou!`VQ;LC3pPD=a*B;Q&bYWxB&?EVCCEi zRWd}FpN7qn!utYMKPwHt;MpL}7CslhPoSq`eVY}zU;h`tW6OQ8Dqw}BdXa^ys^iY^ z9x-=%Jr1YjeH$g82=~#v?>~3j8Ap)QxbQFVWS)H`9g)O{dvWH3c^w!0Dw8N0ixZy- zBn`sQ=_UxFL^?7t3x2P~SqxIU5hUE5J9@e%XeGIkal7p&5^Rzuja4hwpID9xQ~Wk! z)E3LS7RhkmwZZdyk-R>1UfNMq^5l=VZ}=9lp#5C3(JbbwftV$a+n297uqmPeSQ{nI z@rED><|=@jQ@2-vA~R-}GfPR<^CA<;r(?FRY98bf`B91okJw7x`@(FjQ8<-dJdoR| zSu$bFxHoRcR;J7RBC}jCESVqieuPwv;+tZYRaju0T*tvT7KPuKH?VL>WHS@lj&f>{ z*7$nV&W1fVI??=cyjjdb<2Ma?M3$R)4L==qc7G`^s5A!RSq|1*S#c`0Mj4A;UaZa;tYqab-?B=O6SnXd_s6R7g4s>79hImc zOm3%Cp_j<^l*s1+@wj!AbHf%?_|*^=!n02mei?u2CNfHT9kWj@Ix@@d8bZ%yKAIr1 z7*f&04J6pEs65E!IE>N^R#r7%N4A@1)W2L#vq9gxeiASg_^?E_*Dqvy;aIX35*DsvA#G8YJ z(^SYjs4yryP||SMsE+gd_wR@p+rc0K7qTRRZ9YRP%(?(5t_c~k9Ch1>S@q8TxV|2z z2=%#GBjkzD_|$M*IJhMUZ83YC*tv5gcv9Nb3gkiY= z03ZNKL_t*Y+VLV`%pVXKzBwW@)WNSD#!)$vFD>$j%nma?C=Bu=bm28{r|K0NphoQb zCEe!b>F9W+Z&R|U7updsi`oU)Vm%5~5mjzN;NG|s$kS$D{78LGINc$sV%FO)Kt@mf zR6^oS_<59+NMYGS(;5cx_?$v2lYJuZ=(UE$Y?U_SJCzv&2}{h8kH%MeMZIbhg)QBB zN6@ZWPVWmD5)ERWPaQ*>e}0oLskr!&fOHf(D`$DZlY@luFCC~dId1a^{=57BAh?^& z_IY)Ntpe5peu}Er`If`JBi)Mm>);U@s(Ip(wBx@F*X+dQ0muS*CBRSRQ9qVaV=WOy z#cGj=gA5)b=CqiR$g;|bl<2?q6eQvmRX&}Z=9DafRDg^bIM-Sjcdqk!&n)Bt{==h7 zCPAhobFlf z``*Q;o_z*+j+TJ44{7_#2)_<%OjY-4j!SQiia{m@55FB>!z9hL3joY z4R{_(UhuQP^TL>&2*Jn~KZ{f~XbmGS={ZW3X`y337GSt9Nw8%9K{f2aS=$R|I zSmcpQMg|hJ;tr`}rnCv=ZlCEWDNa1aZXF*E9a+~Blvv1Y53;ifXx%|lrg#Wo#s))> z2c-kmqO{br?*p)%pz6dTMevcE67iUku}^Ru%66Ggt3jXu7wv%b1=wM?oep$!K`~+A zk==h>vm?t+9MS1$_Rl~6u!V=&o5&>0mV{btH%oQx2JA}2U*@r8Q%}rZ#_|cXx{r^K zUe7^mlBA1x!RG=CL55>8dXW`GR(NI1aSPeiCaL=vm)Ru9%BuGc~!O5|zZ*w3o0fjh(f$uM^459`<3s{~M@^w1TeFHqFrXQy&oj<+}svPkVO1>=&JwGgF zeQ|H2XLR@<7~FBRvNgIrkJu$;5XMKsah{KP|$loaxFs-Qe_7L z6T>&J*X#J^9p0VcWs;Dzb`xG$dV5JpnL%v#=v3ly;iT0f4(TRAO zSx$LHwrLVC`zabhr$xe89{>6CN6w-W-^Gvty<^sN-6DI=~Na5G8X<~r_we1d>GbaX`Mw-b^FC{kTl&FFbB4{OabwKX#7DE--e_>v1NR_^dGa@$n(K zU?&K(%rwHc?9f(e;PMo66;X8hN}4}q#kmdmh>=-unj*(6#?7GQ>kzpff5(wtP+ZL7 zl|e;u;vkFk-4$0E;UnoE~O+f1gFytl{JC07rwmUZ!ZV&ft#}`G# z+AGguN=98Z=I?Du9Alck_YCG*FV?8e1*-`O(omH2VW-$O!ZlBliV1MBkl}r|H z*yh!m?{?gAVHXalbzU6j=@6+e%g{cSc+C!^1~4Gqv3M)MTGIV%3(fMltw>AOg!LnJ zS@?w`mvG0|*ksBdLJ2d5)V3?~{3fUsl6VxRS;WH3dIP7kx<2(OLA&7g(!+iQl{!f%lIdWoxMGOh?s7DW}~o=fq$HtE7r+B@2IoXIK+ zyo!{&|gmsu*w85j39axJ<8Z?)9V7&=`kb!;? zJP+ghl)NSehiZzIwG)F|yqjO)R&W>5+laj~1 zobfAt<-Iyk#upWwMYVYcejFbcIcC zC%6m0jhMc{loE->HouM4=d+3cELE8-`wY@jf6kh=Ct38&RkYVA8I60Ubt@1nXifE*p$3=4M-5_QTldkPn@*f__2E5_i&!~I!( zjE#L6bt3HdapKvQ`ds;CIdCzTS!N%J>KI{e02@7A2SDoSW;CUF| zr(_+^@Ba!R(jC}Vx+8ZJ)q|$_>2Nwv{L98&gHJ6yVLuzSe+y32+$t?-w(R7aoOwuJ zPVpJ}X#%&Vuv*@vyhN52Rm`TT3Ez}NkXh#Z5-gA0k-yK#si7yPk`eMvSyHAKTfAh}#FgX}OHsOBT6fOmItgP0X9rLoEpP$;jw+wI?9RP;?}VMfJ*;{A!xsf4)n z2M>u|qB|j&pW@;&A5K>pc1pQh1s0RQgL)Zc#nNV>rP}G)YF6Ya6mH(cxKYOq+!s0j zMW_PK7g6ZKU(<66&|S|mkeHRrrkKWolm=;;2CfB#se||Wu6-ZJE`$MiyZq^+a&@Bp&*LTcN$`4F95W*Wf`$ z@;dKwPXS8;bYwZl9oU{tnlBLGiRW+A@}zJY7y4Xp>IXzNbMs$xuf|PN5T}hDR;c0> zL`HPl77WUWoN$N`kOlVnrM9pT#-n>?^XJc>QN!Z3WtsqiaefD9>?i89WkVV}kCI7u z0%!cxUs9Q~Iz;TaBQG?iQ#)j`Xj2i%TIhD>F=NIWmA6{p2z&?%`3IBjDTVC!aY3as zT+lki=M;V&j5~VfEn@Kz(`%+&q!+arbLoLMX1XpMr<2VRV>t|^3_E{+e|P+BtJUaC z7*y$I?@kw)F#{Wy>Rf9nDhwn#MFSiJ!$L?olEbP*$nsurRVP9(;ew4E?fG*A=?*EE z1ODaM#kzodLe9L)EX?eAS8VENj@&I%;v2K?lHqNY;!uoG++=ahjXA!hdUTq1pfVfQ za-&y49sfZ2N8xt~ zJuXQvEKQLU^CHCK7-wuO5T03)MB=_XxL}JySw1=}0k7`~k35_wyT{6Ib&ju~6=Kq4 zU6x6B)3DQN+#)L<*X^XwHLq6uxEk3!C%WdAqOVF0j$ssl;;6~TD?`*`Bh>bH1(-8*zSwh8@IXM9ko5A*!Vsx zy4#W{&bxV(X6} z@-M%y{psl(ja@N1JxhFpW2B)@14Kt_VMw-?=guaE0cDayB;Nd zZ*xhA&o*)wTR5*^PT6$gePZp)N_Wi0z#WIUhCTEdQt~Q*@j$=WtC$82u_BDcdw+On zZZE=j+B|>=Hk5U^jl>fMFX)4>D;=|y%EZ|TGMjM$$HD%@(dEydKX^M5l(VMd_=+f; zh|PE{7J0;K;!}ITrZ}nFIZHA!UvN{0csV#U+PlZRRQode5nHNptDER6q3lz@{c#^Z zTl?oy^=*(k?|r;%YDZ+{5%QDySfqJ&NgKJof%~_MgtJ_cdA}B$%h*zmb8ZF3UPSJ!mxx?+T z{KLUCGCCHA?N}eOmZeS5POg~K1*gQ5NM=x$_m#}$!W*DM)aIk6MIela8RYj$*tS`l zVZ{sQOGXhQA`z?ks@Xrr|&Amxz z6U-9*_-U$Es8ZC#QgsFyKmPK8CjN4hj3{JO!mQ$Om;t9Odjom8zs010jt}4^^(nCR;cpJ6z5Ge z{4Chv?x#rL`RPRJz-yR&vcD%5Z~~F0ILLt{d^b85Kps^KD%?TxAvaS3)(aBnMfj3M z4(|r9b~!l)mlCddeTenyxH+~CZRB8)2#|~{2N0}{93TtH=8xpn3S@bW zB@5XrAt7u)CPO3+As~l@fXInK0tW<6HrUMUAMU(!-*(VG&p!P;)qT$U&dj|t_jU!N zGv{7!i$zrlPHm#*KNPvMr%< zIz^?c?O<&mm6uVVOLup7yh1Q&9a;1hF4jgdTb@3imj(^t=g*(9T@DrJ%jMF9P`9;L zpb!|?f|%3G_HhPTro^*}lg{dPCLOjYvf41^t^?>>`aP#3#W?lH4*DbTE<)x(Az^n} z+<+$twvZz9fn209upJQ;I|sKcT%Y;_?+?O+lD7;;{NAY7$X~e=9!(zxIxe&n)yYnJ z+U?FN;dyoK%VDV}7gdMRxq}tMWSkRHE1dvXdtf9?0B8_Vq_!zez?UR%ngtoy}#EzJ(!bJtTr@ihD1oBH>PTLxDiK@1zXra*G_gvo682( zz%euBUOJgjRcxzE+CYjL9L4f9$#kHa1Ij(+J7ve%r$ZN7%*7bMyF5DeNAslmCWIZF zS<#bHN;{Ij(a@?_yk3m)m%b<_Q_uitMQJBogoWUBOHNQqkU>R6G6k3&Ad!|b?-RmU zVscYN%51u}%e+ji7#HbSECd-5GbnxMj!T~Ua4xh76e^Xr;tp5GYVQoo_8|h^$|p3} z-t(YX7F5`c?Q|-*o!B-5LWO)CrRb!4%gDTh&_9xrXiKFt>CwQ=B&ZbSv*0QU8H!&L z7MwiB;5eNr#_xVchM1#r`g!VEI3pxZ^Bla_L02iHrr3@knUg)oaNM!KHrz%4+b`5L zU4#{5ZG@6Iaf(0)KlQ7~cJ^W%y%kjr340Vz? zVn}1?c}Q`wBXT`(@jOi$>^>4kJT-MB98gNw#25I>g%z3Tx-F8r^hao6S%eHB!+~QtpI2A&nD#@KO9# zTczb^QAK905z&gRl?qa9r>&mOtB|~WDQe(8kVPS7Y79 z^Sr=Q=0ccd35-lhhQPHfi%Xl0B$i@MM^6P3rlrS0tW2<71#?-wEVw%r$F{El`)Gn+>3U+ATOBLh`B z*G^bEu6W(_Y3YLsah^Ar(t@`PWz`uL^zZ@&tWl)9U_lDciP8>sykz^l-V~%S;F$iV zgzP9~&C?!vnucrA%k!la;V3FfLzXi5%CbirlE!#E#B^S=Q-_13gr8Mg4#{UuGpY&w ze4Y+RlM{h(kcah6J{^pW(WV+(=)4%77mUSPF~Y#1r)RLy&$UFiqm0hU;HbLTqAe)} zI=0K@;>T}0c|lVHYI&NNUucUfp@@rB$gxQm(Gw8@5b_E1>Ab}Fz3C>vy_m3zZ47kN zaBQP4GHcRU3@xRN(IV?(`H239DYg&^mZP_qAbkk3luGFqbTYQBro6RKSZI3HYFM~A z5-*gTWeZJib*t!?Oh$IxehhTLXJ5376+k5E%O|nHuw=eVG@qrxEC?AeF2=^`z5AIF zxIYmc#)Ztj7?HQ1k1Gh>y7_*JlbyqSEC-j*$XCqaIW(m7Jiphje2&7;>%ko+g?_|&8hImN(k(`imc zn!aWDsY^pT9@oPKZyDUhJ=51M_y*u*R$u{^N-dbf7ki!DtcsI>>BXV;KVjh}E+n?T z(DCH*+7`ib0@fP4IUq z^k=kP=sX=^2aD!{s?UzU6$|(zqv(~b6)tfWnE$x#Vr1bkckO1YKt;dsEqXOT)uWWs z$`<@vJ*#fbR?yVGIw_A>=D6QR#2Pne3ZtCpaI}kUJ{7%cT%h`Z6^pJysQ{T@%thLm zMIB`FVlsl9|5hrJ`gv7CDzA`g_j!qyi~=~>iC1-82W+Rd@mTGME8!X>$x&9WRE1pM zNQRZlaNdS37uwPe;SxcKxMHil;?swXJ1DTPI^lJfvPBxm#gjO}e5dwR!gdq2LRp0C z!jX>Lm=(!~PS;mTcSka!;W*SjpFe_7^zdM>XM)VpbGlE!mGel;Vll}CkGv7w_qul) zwU1ued=$|Wwlb&3@%Yn z@NK{saC8ga1-w83Yve~3Tnk?&1i1nHh4kg&%Z&ad-+3GX_#;l$aNi49X=KnKowZR= z;xX1JRGkNEGMtBoDNgP?k2_O9=*H3WFIhmWsC&)Yq2@olJ>ykqQLuIlLCtated=gomqC#BAwz+45?s&$dT=WHk%3 z*2;CIIsMggREgZ<7*}s=*fn_dh;sLYSxxH)FIZ!qjJu%x4ZG-D83$W;J4`_N5=( z5wn%o1arM>BNKa=B0K{G7g)RBXDA$@GkyzGK8p*FDhAVxQ#K)RQAZWonlf+4g z6BZ=8T^ZuY8(Fu~hHzd`BJq%s<$%>6QnN@yJ#Nr8@^~8NkukFjYRk5EhNlAvAv&bB ze4c%)paic}tfM z>I|k?2kT@ZNZALoyt1tJM|X?lOP@|eZ=^zDwSA+tPpU;@D}guWUakY_WVx%U{hB-B zk#(36x=X3s>aCPQzV=0Skc{K!LbD)*n(+!Uk+vWN$o9S3uW*ckra}JjNNt<56yq3# zHZ~<^nL!LzYNNjPljoxJtLmVlt&R+`!HZagOlx`#f<<9m+LaE=A5oi%PC$Irq*=)d zTW&iONL}bb@{Yrt@f#3Mp!O9&AHpedCETU+h-`0zRKe0Yg;aeDE#BbK3qM6N8XDMO zRzesHnFYvy#pjDH$Xg)A5Ste|olf{nst>_Z5()XZnNAMTY###MX`GHEDEh?B&fZ*Yn2F_$${do4-ri2*D zYPcE8T-uazi9vL1qC6}avC7(4i<|)9IoUTl3ze<_E+|w*aVHf^r7uN*RF*@rOci+8 zFS#w8=)^Zsj7kn+qF|HFajDtL1hLppr_;m3!~OkzDWz41TVt$_Y>lxORp?~(6H)M3 z{M2WhDNOCfdExe>rz!grNR^hK2FZDj=O9T(fL)51Lu;^0&m2;jPbk?P)IE|nzIM3u z{$ynP3C6X3>v(zmC|$u*-i0>_Kqpa-gj|&p&US~ZSEuc4b^lpaM)#9eJY^l7UFDO- z(IF>t+=iJ=Q@hC2AdNU#A6T7$1c7z?F`4)1)&7(jkB^1Nv?Mp0aVI#{Hwb~VVi7{6 z3d_M1QH*P3N2QbteFuPTN>l=O+S(9Q1JfiS`l)0%Wgol5@BC?o!^-X|Trw5PJA*9}mX@0IO9dY{CmIZYr^nv7%68eix;kCn=%A3l6| zczA$2EnA*{e}8}4z5|OlLL-vZpkyAhZi{3~Uqpyr!<`G@9KC}?4MbK41tRTB?-Ely zwa@uSz$OscdgNU|ojr&(*S8l3_D=5A+l5b--~0l=n_;7OKGAChDCBuTh$0vqY9B}l z9uW)sSkY2ZcvlHtn2ho_TJmzpu-OrUFPF>H)05Qqh1rS8xM00a-6EfZ`Z*Er=)Ooe zdeJRdupr)QMt>VstAMrO7We|O(arF+BBUEY0w&zAmaK#;&Zaza zopf{-=50I?opf)&Ym3UZ#sN`&8rk6H#XjnnhGn(iUlx5pJQ3q=vozP`n?jxdbLYV^ zV*_7^EE)4CoRzW4pkyF-JhDs?f(*JZz~DSOVcs$2F|smQ zs>~xYMr}qrzhp{W|{LqBij6as^@b%;_k3(#<0sm>X`)zXmeK?V?PgJrY6H& zSBeiu1f$$MX(LRPEaXf1^}a#cm8!~U&~y}`Ar4RLf&~lSGVEIM)dj30@5Ke*Fsv8D zi+~4n2pz=4(s#T>BocNoa*mBErGhftRWwh+bk2+X->}$17PrSZ)|`{XHznZ1@(SEZ z&q6|yR<|Q~WUShQ(2)K+nG}(L2$N%3S?+<8o@5e%bF>qaWrCZ$VT$Jh7pw? z%4h`y#$r_*&1}QQ>s(}9hH5M692=i#77?hD6sx(2$;9@Hv8?7}Db>D+dFs!u0z%oC zhQ25JPG2E7_2*#=wYbUJ0%}>)E_7m=OOiPivVlrGmG4;-?P3QdRv^^!`XF9K;;JH! zD|+v7=|6D6OUzu7EMA-hU;AaGtPDJN_xJZ$?IjBp@9yqu4|jKWt(p_Pz3{Hs_T@*M zrYH4KUUc^9)2BjyjB&a?pn(*{@DyH!PqUKAZET*;XEcE1FPBRz{N3N**IIGX95VEO>*kX6-wN(R)zfx&qcgqzk?uc!MtH4U#0_ z;Y*BP(jFZ$NMGEP_!2icwveYOogS1ROH2tH-51t)P);y}!c-s#LgwJ@%5J9J_22BSx>9l5CKmp6?)CiF>3zJwpdgm{k zvTlqNX%b)7zP17>Nde2_c#!R^;ZdQ}yLnLF6*Xd$)pevQT*B~b6t_=BG!hp}LpX}w z1cGKzkf#l#yVxM_^Wt&20*IRjJ*|tBCC0^B%mwDXNf-x9iP`eJ<9@Y`z0F>vI>y%` zis;=-kmaK0RcPf7?*ZhQ0y`)mqFF0i@pb$6>FEhy8)(Df^9xu2#q0~6>7=lf3T4z- zOC^2-UIkUB*1naoz+IyUjk&7s2{xOO8v;84H#BF;Eq&x1q*>~J=6-wR(+(>C5g7TI zl-gYag#FZ4q{w&4OKF(Mhn17%Jm>K>VB{zw)66-f?2C}4!4W)>sWB_R;1Oei=?Pll zaRR>fGsy29$HN}gfh9H(j+^{^XvQPgEWH=B*#)l$U&bdactnLH55s) zm<5n}$&R;cn0NCV8?-QC^a-{0Tg<9s(>4TSa| zHYl|8G9sGrv0?(#S}d1N`DLb9B}9{Bt8k&92Kj&f{Q2qW>3lw8eb)JW#`#}7xv0mv zT|{sAsknF&N8n_Oo(l%PKQGy*-TkIppL3VeIj8>!$PkQY#Px_;#^(Akfyo@f3izjp z`GVOw%$;_s>fD82f~hTx9I3FA;+F<gtff-VhsitRyQSniglok<4~!%x z;4n*~E{VKHWTauP#82~RG7a%PpqUWh0SD8MMM-#6D8U92S>ln7#k8>`IWClBFXf$w zs02b!JL?+2*BPGltaa*|%WQ zPyKOhY=%rE8h{2a%(b)6@9*zFe*AcMch|NeVhUPK3bnIV;lfE$pFe+Y=ca%7@S)X@ z+L`y&3aOD9piG~D>ofGcP*JsU(F$0PkB_a{)}tUJcx)X3>`*yjDrV zgy|SkvVG|2-!jiPmIbd0Yl5B+HyGV}q+}i9{w`sX54<+uE%g>`<7Rjx#Ltt82J@$A zGvVk$=W}1^d>o;~V=^W(`p7j67LU-GUJGW4@SHoxd;fJ;c6LmUPS1jOa)hn#CYsIe*1lYLO zq~tr1SxW4Mm~t^*ZZDe8Y<~Xy`FuXNT296rw*wsZjD< z`q~X6kx5L;bE&8~gmr#X_D3^S`@G#FY!ML$xDC?zmC!j&@10XmtI(!y>5~v3&BET7 zZZ9$-|0_ZeF2ZyvB_0%Vae-^B;DuR}LFK;t5El4ENqj%2k!Os^i;ND7Q_h87AAiwMa|{xgR&yY{4!zbO~!C=#N!~+ z8#NmdaMeIBf`m!B7Wv58?v5yB=(t|;u+yv5H3pM1@qv?O>77x>(YS@)GJL^)X^x!1 zXRT&sBX_)lL@u1{)VDY>VcwE4+`ynE z>%GEq!6T5DbQ;&b7Z|bbN?a=|7o=B{}$27Qo?Pn38kO zFpBv&q^tdLFr_c0@m#o+pctYdOo;^O+@0m$+FbfiK%ygt6D~@&t`MkvXt~3)>3W-L z8sFqeaS^ecnPv{7NBpuVQ1ry7;+Wb(8Ih2hniVTHCXOqiyqXV+%8$_U)Sve>0=E62 z9fF0Ho`G@vi^_-)?6SggMfMWV4gNR!^&r52Bh}qTczd0zF}k!n{4uX~v;EuFUj6i^ zKmGB?A3uKl2x-@?P6turRIIj!OKRM0;T4v5l|C63BKcE*!Y}_TwhuwE$ zrvn`v-RJH$f+f;m^$^VLF_={01rDcGW2?QwSQ~d)kV&uOQ>!8~SP;Yd6J~vEp3!?n zG{eyZuI=KlCLE={0!U=LB4dtTF?<$A0vtV>D~!uTh7+w=HLL{-4#FEZlU2Za$MD8= z>uW*n6CQc_y=9>tdAoaKhDnG#!nqsAOrTi7g3&rL9uIjS<-|;o#5h#){e#G1WayD3 zqt6rOq%tw{m{nNgH749x)`ox=e3i`OY#(&eM#Ae!M9yt^b5^_NBX5{frh!vdw@2=R z_9fe#BC{}wT%nn~t|tXymdD~po`Onp;<*a*%i9Be6keVHs(k0~NC}#gO;)QTievDya*p6JITohs>j6s&W%0#DbEv9N*vq-}k-0eP6HiwZvk(;cL zqS!BGL<<&t!|;~PWEHU9CA?*odLtn3s(8;rOM`>R3L@Snra{A`nFJpaE_hfl3THiD z+75~iai|4xoGdPG(e8D8jHW=Ow1BIjgY1j4A8+Cl}6bV4V- zLed*_PYn%W!{}Om{O|GrC&UiPHUSN@aShq z2~PPp)mTvjH0EVQ@~Cxe=F>XL>Y;`opZp6l7KjB)BU74Tq)=esDW$Z}4u1Ujk-t3H zp5kMUtR9!`aIU(2SW*%UpN8W#qo!!Q<%~U*&}~=5K@!58QWI}o+ft`tU|HJsWc99s=Iv|*oTZDUmE*CCKWR>1@7NUqzyPm+vU8F4` ztE;$prgbk^@IAoWw~gi5Jn8mwFelNYw<8)bUZ*ohUmKFczt zk)lFX;=n2Z&l6Jc?U@sIls1Dt6g!Ykv{494D>Bu#yfK|YLSt>`?l@U2+4T82OV4xMOq;*&Qxbn5$?wGD>=X(s86?Y&+il2rnbd zBVFbDqhI5qe?>B$`D-G*KWZb6R34=hA%6HYeS?2oUH5Ne+nQiv+eu@iv2EK)fhlRMA*``q&voH={;-fMlemi)7x@;`tW!)W@-O}i;dppQE}NNdROq94E( zQ!6{pC>NBqt+|DPZl(3sv1VtyuR0;hTjsw&Ih_oD+#!j5^xl?|`qL5njm$|7KM;$y zwS-OcT{#rSI=Aj_vEz!1@OUBRXR>=ji#|OzseT9$jJi@O8>@&fFO)p1hSJzn05jGX zh8o`mteoh%|CGJnoHb$QCY+P1XYN%jy@HpTo3&Eb|7RE1Hyh(#xlLakY#d67K0Ff> zVdpWu40c1({K|o-I+Mo!Vdb~8Ds-bqF zE_=31oP0~twh{_z&B)KN^xyD9LM}VgDI}yL?vne8)Bvi+XiXLWGMHwT!Z{UoWO}Qh zw2+()%c$ONEfYVY^Ocb=*=3hFh(iwzO}t9rvwq8yt{orsMEI*bG^LSg1E}Vk%5^YPrS4eD5$e3TN0P_YEPr z5j))@5|P8$!jcM6!)FAFDtaB)Q(Cn-8QaG=kh;_MpjMhG8wB-Wz z(6~X@sP8k>9VShX=QQHCAB9qz;ZLd^the*HwwQcp1ZNJ^bm|?Szz7`Y9W#B%K{e)k z+>}UeN#0ngZahlJsdbCa!?MCZ7}=daqgle+S(t$$aIJS`a*3AUU-=C-x)nl0Oyi3Q zJgc8rH;@SE`y#h49uAFsH%#T`2-x&5k+;*>b(Bn5P`mumh4p{$pAT>zoa7Y_f6a@V zen;`9XN3zTvcOM-X965~wTx6K;AK0qlfkX=V;`YyN}~#AWVQCIS4S9n>Gsf|RhFsM z+fgJPW($b96r|KZb1fh>G3n@UYxZ<@R=Hjx|4N_AmqThzkn7{}UAAo&hfk+LK2vEI zCU&GuCjS=g=z1OJ@~8d@4RyZcu8EugU{@xw|3c)uLaVlN(l@G9KMd#9h5TDsM_JXz z&)Yk3BijM}$m)1KkTAqdgV}HoDnNleJnbH@Rxj}w*Ae_jqWW*^_-kcTcjXG~4Xd^5 zCc9t|5(0W+e*WfaPQ*s2BRxeY%^QP|5cK~9tqTj3tKRho-g5eJEH} z-qYf1(4$S=hauG7rpTNGMIQm;j)_q?vDz;>FwoR2wKs8Swn&+{yQP>tDh-vY@5>mr zhnO9KpD6l@(+>mwbkC)mPZ9x}FmRs0v_CD-p(OyT_SIVV_L%wzJq(<@DCiyYN|o=<()|13k9r8gp)Z( zCP^$w&X_UG1ql!fpZnXfVS?xtJ4}@-U%Xh!zb8MIXigR#l6H7qhy`{09tLh zg0UqwY`kL~)+G5=@w( zv5WzKr7Etm6V$RD9g!rIOhBXZ2?QcP{K&EN(Ey=?O{F@K#3X2t^UKSccHu9IP*N>W z6sC&zUgGZdwjLc}T8;OzZI{yqCzeDlX%|Hcsc>_*{c@H2wVH~*8!k4fBvEP2XVzsI)aubbuf|P>K}KjLA6* zl4Won?4ISD@6Zh5>d% z9aHcG(TdI;E^Z;k6#%A;chI!>4|#Xtsy<4;3O4_o;^yH@Xzc#z0>2!Yx>EC-)VlhG zqh520kBosP7*m&Bj7Fc)sQnykSh!&fI1=?mvRxSgtogFBR-lswvB|i1UrS~+TEqg@ z3RNmVGx{aXuJ}hiihlw%C#TL;g|Jxm>?sHjN-QUdfto~B#Sp(h_8?u5@)IFFbt$L~ z>R4Z)@5TBpUh7FRKeCXwJ&4T`xWvDR2BJsjyPT|3cE7b9KJg^-r5||bYXV7JXjfRs zOoF~Y8P103H9O_(M$ z_$irv=?me0Kfjuuoj4B!3ojopepbS$6V74$$CJyL3bjkhzqm>0RpjRupwxw69XFW8 zXgJK~dXW#~i_q8c)NJ*NO@f4`FV>Utr~DIm0Kzbv{JNOD6Ml)O z4jh6M1fmrd!-f;w>LU$li-8UZ9YUt?5qo7-{(i!b$s;g`yMg1 z?}6&{h=uRNu|FXIMubB`mpjmL63!A3s6tIYR_e$fbIuUOZ){;Q{i4?RK>p5~gv~R&?j>EUVSw=0*ji|R zQ#U`u<8cU($)o*OT5A2v#;$y4U#^#!v?<2XXV|V_>-unz1NxQ?Q3%1~s}0!4NNe$} zLr1`qoN#Z27k)SYj_TusozV184qn)z^b@JHv`pbRRmvg9MgrJ!*EU4^4pef4oUV5s zJZe?QyN|iALSTb>^-TO)nk;{jr)(h?KsH=jMHul7!>jiqI9krGc8M zV__|1DcS=hiDK{UDy+a}B`QBiq=@lNEjwwnPnlMY)=NR_RV8XK;z4Q1o$+5FkrCU# z>X@Ul-`@JZyo+3c24wa<`yRFlTB4YqR{C$03KU2ik#k20HWe_d0bs3e|GG2P#aZOw+RdAZxC>aari~jI%|JcP`J$K_e2=7rA;~ zp6O^9KNX;N@Q-)5A{@T3GgyRc=zo5sNC!e%fqL@11x!#MKlx!xzDQ}8v+E3K7L*K~ zglQ)x2u<<`PcjY5aHFQ%b3`<+S_LGAQ}CbRjFgBsd$>*S24^@F&&2NOyMcS0f|**J z$|vDaWa-CcLCrKRb;5lH3K%&sh=S{oIhL({Oh_ND zFHScn0_{L01oS0qf8Fkz{_t|u73Cg_s#kYRrpK+DjIOU|UJNI;=8xO(!h~Z{kuW7W z2^tlb0eT;Bi@RkI8ODo&%Q^(XgB6__L?*IE@W+uQiCAEbtE`5|y!ZOXu9fTIho)|T zMO<>2*s>C_MzVj?PA84hn^T{x4N&PQ9vBkgxd~m?ccWvzTU;p1k?X~@5u@0cR)4U= z>h8G0w!NsSvz56o`QPms9&1lozZ|=naOLaRIhIF3@{2@e790nzlhE@g3ysJ((*sjO z-r~FPmoa+PM}{XVVF|FF;+Vw@bkuJ3GNidF1SA6lN=7sAA{tL&{k7mbM@h;9C}DnI z)7-iC9g1i*vn6h~=r-WbOKv3N#s_^{4=14)5yW@M^MOZ2Px?{tjU|!o~NH`m#H1C)Yi3Gxw6odYJ_t5MGSS(Fnw znd7p>Vc#uD@)oj^7ZxyCOKz2B;e(<(Q?0_&czJ1d48-@C%{o zdD{&t*4PseYk9yq(I~522iFyttQ$livwtli7H&HGjk|lm^KDHAM*Rq#K>E$^iy?Ze zcz1>1ZB()|=^n1k7Nf2VM|&mSdr+}93a_b_o_oeIeM}-Z?nvXY6#zGas*oky{8ZW8 zlA>PiT>ag1i4*SU+ari0Ry=*k&^TfdKpK4YJ?StKWACMrXKB)I#?))Be zsL)&;7oiT66qm4o@ZYAdqy({YXJ&jn$P9RFioD)%&M<%=JQU~o<(({HnSsHW zOIT*>TO$b10N`2=`6W8r{opX?kMBu{>6NqF2tkJ-DEkFPOlIm)5(}--hfGcM$;)kz zf$(wHjA;(=cw5zT9!hkfND1q1@p)(y860Km{1CDy#sq)#D1mP9F32=$$mf0|mu&hq z5+_nG;!`)t$-h8y0JP|(mzwS@eRy>+oBmZu|6P8J&8~j?57*#?UXp*{ZgteW6p2~V zkg4d|J?}+0^9g@DAWL)Cm^lGCoiEtv$i+e6!Xv-N21`PGCEU^P7GTRGYuE%f9UB3|h)t=%&1oTV6qjY=4_Nz`PZ>!F%iJ!sy21rpL_11zwKP@t!a zlqd&|lyp1Wha9AJ%R=K3Vsn+0vT)S?h5eF`IK{DnIp+B6hX07=v4{h|H$Oc?8Wf{(SX*ut+26eDb)1)sK*OUGTbZ^pjvuN%jLd}#dZ`oxTjWVHE0D%L(ltLYS(`LvxmWrY4I3;#uLIL%w)tM|L6!0N^V@}VG#TWDK1UuID(Ks zA|coaeYDI#XPMpd&&iDrBlz1c6E@n*oPG_~GGUtNW9mTMi)=V5Y-YU{3&k1Z2_^hE z`U%1{ZWj6hVfmQ=dJ9quUybWBa#fI&lQrNgbfzgq9aJoH!vWOl+=n!SNy?ngJ&Zf} z^+a_8Vp=#Q8z`_5RP~ChTglX%v_Sl%c@u{V&`g$3MPKYo>(ibR!xEx?CaT#uUoYDc z`33vR_iQydLR2VtUY7jH6K3Djq!u~3`uaRsXnMf?y#aqVP*3d9or{zNYGv?jIWF&@ z$AuIj6=Xi$wRa{}A6zviI%gepO<}h*snnDa0dy1_dze5DY~Zw1rVNM=eAaR^CZHgI z5%vo^u}nVI>1F@^E@0Om1Z6;^Ulow@)(?VD;4gnsa+y59o(z-vS$ro}Mj#4pM2`;@ zci6Gv>O`Ht>rM2PdCZ8_e|r=aA(l2ExII84%@tKd;mT2=toY~ir?=)8b<2 ztoslgfb0=*@T<&l?u5bT)3a_?xnBt|hDHmSkVUp{0v*FR1loawB!amzbr) z`!wLJd5*o%`N+p!zzp0@b)tB6{rd4PqS@@1%&$u;)Q+L!JjT6FxG^IrH{k_wh86j% z9L6ZqGkNkj$jpyh93hJxulPq)!S+_0>?1red;1#3YExm&vvt*Aox^<8I~mtJ2ERO0 zU$ag}ISiNMin1D^(wJzccNA#;Z=M8moCA`Wzz2sx?&H82zS&Mky<}+<9eM(KlE*0wNBIZa}#4jkQ{&sT0Xj2PjZ2zgc16wUyc8OV* z7KFKZRJz70szd&Ady9&unKXvGkl{Qow+6CuMhxdevpdtY#qr&nEDLA6*o49zx~Y-z zj`aE75#23YVw|Wcj}8!G!JkT8<$&BwkI5HH4*BxqWYX*k@;%RH^y-bZW&)u>83~wKiC}yZH~-05ZA4Ti}uczTCBEK9B`+6fa-J7~Ja*gtRIt zT!dsiC?}LE2B645i&Zx_c??8L2`QstRyl9pB^=f-;wz~IlNQsr&C!6E;WSH;r*(lF z@MNDw-K=UP|2kwLgq5PIPLcP%qES4Z3gkJ#(N>z_lDC2gY7LbSPldMIcGMB_BI2ZmL|OC6+t{gEgX~ePTSZO zuhg|*m+^VQ`<&!17Q@UUGb7GwyC=LLkQ&68y$qs!U$P^n_U8@$2e&I-Q}m3?MwH;E zYR$nso_N#r~B#K?{XBY zw_^Yj`gXOf>fMeQ)%0oC?MVpHV`+FRD;x!JrcC)br3Lq&k*gkXT0y3gNoSFY?Qx^j z^XL-3^eFK>tD$$Zyvq zEvn(&AK^!P`73g2TK1wvUs8+Q2HA#FjxKJN=_fXJ)j)LLP4FW&F@Ax`fk} zO)fAzsFtn<4qYBY{Jy-~ycw4`jSn8oF139MEW2T}#(WpOrfDqUv`QX~IAq9k4($n( zQhzFASpU8Da-Xm~;d2sL5B#AsULu8Kdu!`+w-KRd_op5QCHf(<_iS}B0vdZ$B%IO8 z=NjtVi$Efr&y9{MWrycoXn9BY_wOP=Srj5_6YWJ=R z){krmao)T+*EcuBpoIhg>d;YDrf{NrAL--*^N33MWlB!j8x>;%S=nxaiXRPzYupu7 zh{VJsDPfzMNqq~dn8yk+hyf>ZAx@(skj%lCL1LhUQeI`*Jnm88O3XgvKlN|sx5F{s zpv$cm=0C0PW*CkyLkZZr+6x*C$#<(>=Uq7nL#~%x;1CB)5sXPQn&U_RKBXj2Nv(%m z?7hI#s2*@y6ryxG*jy}RCr!FrU58&G<)!w=39~e=a?m20P3pOHFM83P}s?{A{!;PFw1E*3t`

kZ&F9-5=PKBSUX1Se#D?tJzwm?JYCWSs4VR*JLdbCqAbbW8De?xIG}I+RGgf= z_d|Z=gO_F}W2jF8Q_7SAHkLTE>rxU{5{aBW z4<^Cc1rz$J=kWOUoE>&EMwdcC+@x6NBN#wM5Ua968308LZh4CKomohx?eM+Qbb7et zJI624aj)VrNW(z%F++FF7ORY@2bPSqgT_^L%!iBKBkNka zjzNta)f-vA72j#r>@EBTf>ujS?1Psp*<$;ld1y9)!!Y`=;fFDJih4O5><$0qPk5bl zhy>B0Q~hHS{<0fL3!)_`WiS9(eW>1Ps&U`b7+fEkFEdt(p{kyB9%jxOfAoT0*yzY=O`;fReNvB2+)Hovv&JE zHV+D6JIPB6w3eG;|Iy0bAiJJPirrtr2_(X5!qG#Pp)NCg3t3i5y^{njIsdby^y;;n zu%C+w(bzV{HWo4lP7ux!N8Fc(jxEaie&>q+Fvl@zwM()ZeXGw-(*`FtPLBo@CIrim z#iAxf4Y#VS$c$o7%!p!OCC|{Xj8lFK1dJ((Cx!+SaxY7yUO~bw_H`D9m=&nhu>de_ zG+)l?eY}u^OU-|79qHNYUmlvvWlj0ii)*Ia5aLh})iZ~sH5x6*8l<@{%amxpH(9L4 zwWG#LNmJsC1Vz$%?pt9YxRt)duGY=v_$OJ;DGYba{n`}?bx?O^ENxUSD6$m>SF7If zB{dEd!f$HaRHEX|n=MzX_v}|9fZZ6N%3*01>>x3PFmm71D=-o4o$^U{l0IB2iiA5f zc>YPIPr4aawWzU4X#EWDLnBo`9fm6)kHlbiqml|QFUD|HU~<*<@qa)IeyV1FNJ8+v zsc4iwou-l4Iwkx`G#|5qM?t4&i1z3HkM#S%wMVh~VdhX=r#(5xbJ-D&D6G&ro?seG zgom}fkZI39bh;-@HXfjQ!&Bft5)|QC_#nc|QgEP;KnK3YE+O5J3)3V!3GFl?Om}h) zl;2zbbNUZcG!j@~7(SpaA4tVuvPfF;v{U#x_~<^)u;A z^t_)ZNAb>{WcioPs47T7+iLsZEBIYNU|A3gCjv?y$yt?2h?$v!-tlAe#kUr|$VXsvqC(4J^< z)6hs^H=Q2xm5o%DeQqksHZ1#%H)PZ~W=9T?ENOs9t}UaOS<^1+C405#rxU3&8_C;8 z+HSkkcH^67y3-t;)1|)g0)a?8;G-2CcwP{A2eb|C$79YOq<##gW1B-9F80L4LsWwE zo(&|jpAGoM6BykJv7a-6eoNuPEtWV4VM6!0_w5)>)#B#_lHOiEOAW_@Q3-IUs2YO| zD)k_D=@h5W+-?W1ha0+>b42#J0caZ%{I?D3_TbxIw}0gy{c1EkVOf0GZ3BqNj~v5V zVNQn~XUCFKWC7vuW-y=u;p2Vz&hy$W$Iu|<*AUejE<+IKI_6;?4fLDfAN={%y+#DD|yhG}Y>-wCiNm5$6pwNO{*mjS3B5gIwtO4!+byK{BiS~XM}f2m`MPRlt_Jz8FN3^b zw?jA`f>+9G(EmoDI z)zVzIIw!nK!ObFROJCHEk<;rwv`O;hcAjJ7bnr&2>eAQ^28nf8`_BPA?Mjrmvq-Tz zB8AFL9{hJCO~2%ugu1c2#q~|{<1mBW7L9mqd8esKxQhF4sJMev*xC4o?`R2p82!Lp z(r$l-m*}!bCJ-cIHvob}G#z1c@o30W2JWlaal2^|?A-&&HOc8WeqNi)ZC2y1dfROkpDB z8c0mXqU2Qm4_Q*3Tm!JTKb`C7J)>8m_7fOt;fAiiMol8IC5@E`MfNzkc!tp9^i3l6 zxVeB(VOynMY=o~B?F%$U#?LH={xj#R1+zP_PMtfUFzGr-(?Rk+p*0=j5Hi|y7!rc2 zE93_sUbsBH)UrxvDi1i)!G-elXxl-i@>D1M$wp#iELGI0_FL(mOH81c8a4=9PBp@+ z19fZ2$k1NMR;+!(eP~moyS2kIw9);e9T`j#lM!0$))nrSS&b_IXe__&zr&#pz^K5EO z*Fk9Sirn*%c&!vajc!t8;IDi$9ck@zOSV)}*z|Os^kGirJY5av+^9)+K|j+-Fypo{ zYEv;{$(6X0A;jbK$8}Z7`7; zukuAMx37Pu^EPd<@Xk56N>b`?=L9UjAo$&nUv87=18bYioK&`jshv})!ZB_$=Fw5y zvHpe6K{12tcQ-5y1Xdpk`*%6)xA}m zNNn`dM7-a474v;eK@fw~xf)%_R6G0g?9|jg6-eCQJ@hvh0NVs*z;DAMIFP617#JrZ z{a{_azJHz?fspxcUb9g4Q)*~fhCA*)m@;-85X0RMobD?%OlntPU>_M7Qz0&{nv(61 zWjroXMyi_oLyAX60T3MGdGuNoYDgeyJ5=Nu8MCC5+qq0#0|=^7>E$4 z96P%#A}?U{(uBYruMUi@4Mtxe^o>~+>l@=>$@JN8C&)MPGx*fv>Z5zc(~|U>5|n4W zw0jrH>r`Jwg`RGeeCCZu^*j!io7R)JNj>dmy@GNdb-`|>LIo~MNFL*M=&vJdGr76s zPD9(*+e?7c+hyTbxv4_Uo!gvVc}Dp zcaI=zSL31}O#f&I%Q`R#vMClc#CpQ|dQM_Z?ByWG)1{*|!LE`_0-)N_7>qvP>6-fw z_?+d;5|l9MZHJq&?8M3ptY&x!jQuVGkr9rACP*;A2yhsD<1ZT}(tDFg?;`O`mi@Ym zA;}?hB0n-J%y~h}`ryT_r@6uG_jR1`ZCg4R!lkkW;I%FYN3vf3&pcTTz5;4)kv+3k zuBiT=8T7&Irloz_s0a?hri`)|t=R+qNi_!d=M^K(Yp`<@N73u-1*-e7Y?k`_z08h0yZf*#`6i6l6!!{CiX8`h-U{R_%7^c+Tih&8Fe0e{H}Q)9Gc>&r<#I-4Gl=q< zJa!h$17QgpIB+G1RMCidpI`tenB-c^a)8c*z1wMmUj9( zwC^v=nEmljq$xdP*&hmOLD_5RDqqZ_UJzOH2(Kj2cRQ=Gu;kMcxF|NURo7^VFEvV| z!@4arTo0-**LuM__;o;iu2G`(>X)GT25L>2K1au&l2_|a?OSW(a@M7*12(wxptaJ+ z`j62H(twE|XZ+Wm-gz@4-A9C-Eia;o0$YfJyfETY$=#QDo&8iIOciDcu@c(N8Mw5_p(DVl6$<0BcXVjNX&Q13v zUKFJYc$MP%y8?20uq~C;{An1i`a$Ee8<6)k> zjABjST^=hbR()BV?HQ*Mo+GiCr>k+v)WYqHePSPY>i8zqrU_$p3@+75#d2K|7shi? zc^ck=8=1?tHalmc+tPQt=4c>0S)FF-xovK2p|Z|scZx4f@Z#9$JhnXNW#zJnf>5)S zxw&?lCJBG5MG&wXiOo)zwi@;a)xv^+Aj5uAPX+p@G+w5k2}=jBkc4nc5*fi=dwTQOUebhMfR%*48AfwXceKQ9Aiw3>!7g#SzY;9b|5XBPKjIVi$DZWEi^_=D`v} zC0YPNaY*6pHoP{k=-gPJFtq9k7trojHOjHTdj<>L4_Mfv#PjW&rRb*~1-$v~(|@@j z=i!56s8?f7s-LWo7dbYniaAS`9|%V+D-xW5%3<|F>)@8=@AFlVvzYFCD_6HTpiu>Q zAjAIilPlv=sm_`wdeQC)bl(DxIqC_VTJNKQ10<4Qs$-^1?OZO?huuZpHK*lg1`b!~ zIn^%Yy5p}GuK)q^S%=E!=w6Vg|W-tV!$2p9gb*wxo0Tk8$o*v9GlI z&>?3C_iJbvtjw^$#3OZ`eY;unK@J8`84GSU^t{{`UbC`Q{1tFtI`oYvcC!DCV+tQI zF2s6cbvbGG;y|&-h;(&!woZa1DeGFTg~Y;&Cqq3;UzZ|Zt#;H`^pG<~(v1@6Vihba zu28eNeHIJRNP_`$aGGfV3zFp=)0Bla829&G!kmAzW^CTY(rkUW%;t+8d&*omEk9qv zq|J_i4(gYHSlzu)cSloIrbbaQM2n)AF$?Rv8ZJ~JFx61E#Q773Laa?eN8dcyTP_EN zg|Q-|Q6sOtgz?}MT%*p3b^XG`Bq2&rAru-WM;bm?Eee!$wz2yRlcg}uUQV$Ii&#}7~-7?*}JUN)0tj+&!A9El@Q+Ey{Nwv>0Zn?~+2&mMeH{06Ll;zU zyjfKB*&+|96+`^E@W-My@80l!@6uvJ-M8h>aQ=^X*#>dS#_XVY2}_)-(fu`L zr{r(xzoakE7O94Wj4K*gm_fpYVcGpTy%|Xieg%N6L`OJ3QI^TKib4g!Gcn5)894rI z8*pmdzh?4*vp8`BOF>ep)<2d@wHK6I7vyM;KR*S@9Dm>}jts^eov1*+)vLpLm_n&v z{Szu+CFb=8i#o+2@(Lv7ZQ;{oSjHx9e#)Ji4DIn8wgzITo;Qh|u(aS$kD1iX75kja zN3h&BwcxL8Zxd}HC=8=3&d|Mh4#`Z`b|GoslgX4Ccp5bj!QJYfCAp;2to)`F$Q~aq z>J(z$=4ZDV9^#ih;h~D>3ww(@tVebxqx!n)0&c@P;@!V&u3E)fnmW4tPRSlkGb9WjP&!mh( zY46AyoN!*}gCa>+RHjc+;txW|9sZ}d2y%cY_d!b+V{p^`EkjJIC?$#)i}HcvX*K%_ zp{@VcZAD{HlvOed%9WivIaXgxgo~!ce{6YXd_!GUl&q@a81Pxyjqtxg5#19;(FS<8MwuA1q zxOyEB+;KWAe|?7=aob$AW;`Zxx}jMKvoipiWeSl;nxix(4|3q zT>?oTQo`ETMfUG^$&Nbf=B&a8mtD_g&5Bw<)`>AY2?vtc(|n<$;h`c-c#Xm@=>P|b zS^|3x$p8f9ic{0tGs}$hgkdc2o3ciF^^?dnR<{&Zz7|}aW2bXaMZL%HzsmZS((tik z+m0WUqEFd>KwauOWhHSW>X>`@l)PY(!V-?W$O+^b!rm&TYLRLRQB}ERSN6J+$kgPu zqmeVNU2rJoMV=}`AeJkE>5*DsRJLo94y}5gT=CWG`!7!?RO1`ea5#Ea>d%@;m^&JS zAW~NOcykg0=ab!R0U<@8gFU?p365O4CSJN*Ai_=Vpxn1^F>xL$8ZET`)?B!o0S%j} zsG96=>?TdlNvjs^YP`1{BBhN_0`nTL=?c`epbOj$5C z2GT}}nipGc%z&TT6&qNlzy=Q#*Lxg9ErRVevqJ_*ip@f;Fe)r!{o&LJclP;9G9l&W z&=MEKiiC#G2js=)M_1mQ*;Dt9?@{8gNj4rhGy)IMl6x(!gHGH*JUKRKmue;@pbU-c zJ8BIjABM5$#&#Buw!S!Gpl!2%Z|5;D-zBs7>^k~n8wiOQc(ifin~LfLCk|quxT22f z)}rk`C6MK%o?Mai6`0fpwVr8#|7$&K29Kcl;WJ<`8L%y-uh zB_#fshM>6~n)YW_o(x!9pa*W7(%PCGshKx0J1>Wx2vcFNgiKULIkuT-u%MQa! zqwZPpx$w3W%1y%6*9Imy%6vzX4}uSvE|l`cpLPP_W{6am$K zuv`-fhA-2LU%#>Xn172wI_a0}xd6cklW4+ap6*u4_1mtr-+3HCaG5o7T}|JBx;n8j_;sX1fF9IOsedfnhCc1Dy}{>UX**XN^UYlK^TvFu?6gE&fxX;PyC!O+JJ`fv$R}(cmt2NS?&kvECy6 zhy8`JM7|iQM82euAE{W5&|_aRazH(6|CM`crD`9TWJ1$ZSVx>4v-9;&@>eSa#UOO? zox35a>?rrVRrN9Ch6Pc=SSUS)Qzv))&9T$tMB z!fZQEJ~uVzwzf&4S$0X7jZDY<4eDf(NWql=LtUV zZ}}ZDK&3x1brIOOP;L+vu(To~9keJckJ2roy1MxS$V_!(R+>lNqJ?|TD z=4m}wuRIUz;6R|#5T4e{Bz=I*Iz-Czuz?_~7V?mAO<<9cy3*?;5uKVNiOVWjyJ2Zv zz_HZaR147Pjht5zZ(p+TCo8)O)U_`V_Xx36Srr)M#TaDHpEGwhZ8}st*Y~REotY?$ zGBrVS$$!qsyCRo8uU`?gD1&0A13jh-Gu;47{M8}B0&V~8tzWi8&9Hh32YenC#+9k5 zfu8I~pYwj*;QqRkA0wpYrNt>v=!evVQOee;)P8@cq4}cu4piBhFJ3a-%LWak!jdK^ zL+aI+v1Ds|J4G3^7zJ#+bd({jh!|JsxYKQpe`5bO3%eRFETkA+I|u9bLyp6e?j{E+ zCmG!kb*q&Ywf*4*S|)K~XIYbkn!5w97bUm?eGjO`1g};7KmuV^R@PKhmpUiYNTrcw zI@qwy|KQ`8K@CPj2E}^Aen?81IeSP))OJH|^x7eku9w@<&zHg4k5`o5+bFK2rago~ znghlI6EQ#Uj*k@w!GGId{}y*&H_OTz*+rjy3K|Es(PA(ZW?Mo26=@+F9UQQ10!Qtr z9>Va|o`7&HBlMom+%ng~C{#!O-zkv6H72f)xYQ^z{4)Njc!x%aiJaf|sYR<)OA@0? zl;;Bp!XJHO7Xmc{K;S0BtPxp1W-Y=)r27@ugE6Tx9ZKMsd*H+N0?pw$Hn!=T5cH`D zwbb1fM^AipVfBiuP7mqW&{B`-VA9U-ddl#G&RnsZK{{d4u`-Vs%$*x9Hk|rsZx#=E z*E7acoz})bUg#ylRa;^{lHi4UTSku%O*kd@j%H?p!?47FAjdorjWrn&i8wX5n0I6MPz0KR)`hRyAgj% zR#56L0*zV_VIEjuJ#3uF=9su5bT`skPV7hupTQ(Hb{BoM*N6K5Nk8oRog5|$ygGwl zgbKr?4a01_>~JQMBq48$!oELQ5dS=$B`)^u*9ms^_`8qtF%b6sj*j?qtoOOI_w!W7 z|H!Lz&l>!5;_hmmYC*R$T;8b8{e&3BuUhazI=o3y7Tt=lwo3;9j&NXSoUpEx85z9* zoox!a@5ty>ANMxyCKGomE;3@z+NYHo9pybleWsZ7n_VxtFqrDgj)VzG>Ni%gtP~&5 zm#eX{BG|$RKl=&Yo3`3Hf@b|WXQiH8x<;rb=GM+J5M0_!(2Ly&1G9rMrkEX_BxG-s z8BEs#5^O9F4?^+x-kmQWMWTS_;cq(vUteEaDEem+AV2b+JtIYZPx}oo>ow#;{Yg`| zL<~vEgi%_T9%A&Ld}a?V?9jWiqC%e9F z;^wb~Ps` zWP4^6mAv;d+>~BEg>|`_xHBws*DyCGHm(hW+7u=V_lz;pWKFA>G)#u^8U)KEbt8^lg`!ZEux|KgM zK3MM*Dlwzx^X&;f4m1-T`t!h#ZrG1L$SUy<=;Zs(@MWI?|C>4 z?aZb;LLQ~{BnO~^gh>PS@M0!J^BUj*)*C9ly z&=AN#4B^+DGg(_Uu;+1xlP23ZM$4dtgm-mE;mGHp)W z@qGsMCah?E$5HWnI86cQg{9&aIf-q=HthzNdvq^`S9mBYL>)IIFvzhp6Vnn&BN?P5 zx?jxC4UqVa@i4V0ttp=Y>#7}j5pta;kY#a0h3gYTAyn6)R&=Y$*0iuR)#QF&XX;z~ zw9&A_soc$FHEE-7^f2al;QaF*v=p_dEZDqp^exJ0srKz>+>4f%P4^hrTtQxDTA6we z9KQ${_#*Xn7Ai0)j-q6mvDRfZ8Hlh3tt!`6qUxc7=xX zRfR|KNh!i|xwEj4d|FD&Et)NOVW=A_`qQnl?XsFvx+^}cV7~tPA~KR`JROyt@2T6* zM#lUiM`~Bw{(%1Y%p#^FkVKl zs~8G}r^_tmLD2LYz9M#}O9JB|?Y|qmm$YG4@Smbr*2(WW85g{Q5=9$yhO5&5{c(~0 zN3Pxq3V|o5OZ)^dN{w7>tJrqY&{(}Te*ZgI`!#)kN2S5iuoolR-W%6l-mRQ40Ca1o zfx=m3k86}{a>9+I=9yx2WFxA2?wyNm2+B8U%&A=REuI^MGz{J}gP7$F5iW>)0COOA z{pR&U1_X(<7|nR2lhQNPN>99 zvmCk<15Fjdg{)t%V@SGqiSb9@fM4A>eCiBn?{Ww-4^J!m3oiVge+OT!i1ADli8@y{ z{?p=xtwU1uoh0r(QqL2f7W003$(#WFw~_ew_O@Kh1Xtof?vRbshdz?uvsTy}?vkeF zr&o*mtw?^TCnkEKl0zJs$Qp>8?(W`3v@A};=R!M5xvXP+V>g{GQSVr`*Hc>kTc*nV z=R!qV7*HqmFCxrssRPO{$+FcNF;VVbbfs3w|Hsr@Mb*_c!J1c%`6 z?rs|=cyM=j4esu4`;zZJXPo=A-h0f|v%0EgSKS+Y=_)(T6T`V}JYkc0uoR*2&*a69DP61tk@Hm{EXL8Y=cxb>yOA72pFi`#oocibYrI}z z72Q+YA}haRuzlrNZF6Zt@sIXmB&8xY+=J(JA&SO^+lsd);p;xl=QM_#19P5%Jmtfb z)&;-D1HNI4IuKuQsg#fYQB3tt{T99v7pvHeu(PPVYBa9v>1ybC2pi=tmbQ&pHwLdV zlWA-9fBlIDJ->p2y7w~TEk@p9aDqHZ4YBe{Rsgb+R#c&4Mqeq6AuRB&Zy#kj) zK}9-7cOOp_JLfocbF_X`5ar%=BaVR$Mg20nZHz5)4plt{EJpU-K0+8?LT>3w8X+sNa z5M9~F@SnNdpnYE=(M^ygY1QBjD7SOrVpM6Rgn1Sv4>hfD14B95Ml+4f-TNIai3uQI zuku!7^yKI(Gwj?NZWPbCQCCNV1ebpRE1+1!;_*pG`}k3}WA>RbCA2#OpunA%GlnE1 zR{KMkZAwQUfk#YCDkWp;N@*wQ$H6l`7~FmsnAr|$`zz4FbMmXm6uxXncY)<4pw2gY zT3G&zb7&TNACfz5cJQ6$odo+~>UwpxrU{0fp!gN1-a}TI4BRhCSu^3NV8S|0V(WnA zC8YYZRld3vG$akA|DTl71no{&(z7p&X!`eHOM&=fFW2LV3p9UwtaH`bjR2WN8*4Pj z-Y+?(q)k2Y7m^(E@b&HVg}foVWQb^p7`%8h6zc(8ul`E71<1bD*&Z2$0w=%nQ?e(? zVFlvcgRh8rr*xJ??Ar`6#^S{ou9wvKiF&ul`Ei4AIcF7u{YL-$XMEGG|BhFK6XKns z{Oe9jv&m50&upnX_;%TG|Hfgo;%E=_K0h^Bip;&XNZF&3)V4_*}Nl5FHgM5Zt(i>aKOQb*B*4RH_13I0i5FAZtQ^+ zrNH!1??k)-_9qA~{vQbT^;)pe%@pdLyhM# zAbhN%5JKy0TKu7~C^ib?BvmouazMbg{|z}FQLSJdn!=|^4w8AIu$frp+h5MHKlY5Q zKL%&yZSj+2n5qB{yh9DO&0gpf>2NRaf~@N}BanoJ`bgXN->?kU20 zxDONHG6n+l4Pm$nQ)#(~aPy1}mb0BL5Kc#q zqQ}ihb3zxmE6FE1Nwa_YG|FX#Ai}uuqlGn>sd|1gfo8{f|1_ep|NZeYQh}DS-Lnrv zqH1v50&hFS&m;P8Om<<;*zHVPszFOPQObl~rO4}ZX7S>`6Jk7rJjsh~q-LG^RoHk6 z`j!Uk^te$wzl-Oh;wC`=NBrs)UpHsR{>;cq#P0=-SR>5_mXb!^(0vWp#(q}Ji=(wn z*gb5Ie0tDRRKG1yzGrXf^xdvN8#!hD?ICd$bpv!b1=_B;`0koTd*-7y_d_p)iA|`hs zzi@)=ily#n_7UKkE;FJ^M<(p>JYx;(5}+B{&U^R=ttS2ltvb4GtKT*itbIRF-kwrH zW-V>L91z&;U*qCi_CpN2gg9tLTjtq21f?7KC4Q@3?;Q4R;KAMGQ zWo_m+Bw@(bmgaOD4xRESk1-ytDtz!7dW|CDUT+3@9cZn+3Q|ct;S4oL$xTwvZ#BL2 zT`#soBxDDAlWJbXa}^tDtgWjv9CxzF)LWDRzgGXS+(`5qx%eJfIBTMt=ijvO%Wr>| z#*%(<=A+GpYN7#c6#TWMKz%bjgd9m?;ftwPd>-eq!g0t;D@}I>7g^DRw{TigAN*vF zDgQ2iuZmwPJE8p7+}NyLWm_-Ja^In_<{YrQDkg-0cMX_y`7omi)3+9!JS zzKdDWpOI=B_FGDMxQT(enScKs?V<=~%b?VKpUa|C@gwyUm*ly?OxSbnUrz9qiN=omAM;9SU_!UDg*{=34XH8u}(Mf4|Cv0kMW zEbzvcNc#2&0dv&Pz@@k9t)%%eb4m0XqvQ;AoZbKd%;A%*%8q46m(DLQ2zWR6 zQ!ja1O^OgS2Dh01uNUB!+mg9!F62{c5}jkW!OI34b1EVi0Nkl;*(#59!0S|JMVTY_ z7%v!0f51vGK?py|2I%r1uq&(yoSvH?&Gd(^F@|EfZ8~_e?mEkO zEmrQ0r4U#%i3!S99Z}iogB<3jf>nV~F6&JC`A;L^_^)?96>mMWSj@g(e3bY;cL}`L zgWlR-_qjmA&n>x3#J+7n1-8c#Pa~ z;U7Uzt52n62;S(CY!s*}HZ-3h!7kFjd+QZnp!gb@l)kRAX<84!eBe2zH?I;`B~xnO z0^}N%HD0Ja)zZn+YxsnI1P5VEi}@-Ci3FZ<<`gfg(yT)v3Cpm0qi1tcg@_Mv4x3y- z9mtT=GX$&5WHIYz_$l%wOigS>usf1X!5D%}aXkczIFnCY%T>v;9E$WFQ)}(=T;+3c zjI&dI2bpn!yY;%f*nM5R!hY&tvC%pr@DSPNdQX*>%Z>4j7Sb+8=U)ErXkz`Jqe(Ez z=U&cs*^JNjK3@GE-R66&pWWo~;`_02`Q8Y+x`=(h&V4)4&u!AV(lbbsASDet$g@bu zfnr>jOfwC`F$pX~E(8*kFr3GV%{Jo<)ae+Z+9-R&0?rB*QiL2b-aSK@Jc7+>z7r7D z;s_Hl1;{*-s%g8Z)o&iE@C>n=iZB^!Nx=iA#18c2t$=aPWvXfT^ndaESBW#B8n&?c zEVT7EyoLaJZ~6W&1aU&fic4%aET;{IOxPhVIvWe=lPg zb!Y4?G;eVPlCiWtNEGv6aO&o?^_SHA)xZEX+kmbVl;l($%sJA_5|N}>Jd6#3 zE;Y(`$y*qu_93y*eeT<1W?{7C#EY^0PBHi+W*9j!`PH@=xrr5x{*iD6bJMMh-BbVU zC4FWtJ~9)Q#C9ac)9vp6u>qZA+~`u$->>^}KM)?f?#6BzQ#W5GHeaLlqi>Dh*EfAA zgAq0$q6)6C+;)Gw}v%!2sl1Hn|v8!Dr4j1I+0fN~^WZjFI?f8NL zSX+K)e+)t|rO@{ytC&6EeY&w628)|&y&Gy34V8kr3srehh=Sn81hC`45=rJ$Y*$ok zt3$%~#Km+hzI3%8FiL?NR0RM!uZMKkRDr<6p*O&DUo__I7DJXDX4z!3P&Xws0Ikl^ z5j-qYnkC*A_3ZLO!3#|asPre`tkLcqmfh9{-QCj@uWaITE2Uh{^x+uuLc}a~phQyt zpiQH)Zlh63Y{Cw)Zkq<8@+#|ZJt*(^M5IJXaOjy?=3B$AiS_lLJQJ2|ELJ}!pDIIN z`Sa(zhY7s2=k&^8jMLi13LZoM-TZw2yZJS)n$M-Y1R)0faE`V&pPGDcF5h0ASQ)$C zQG5@p--qs-K-&bMfJdmD`RJX?RZ&IQF+!e*{co>f+9AO$w(;V;kaOKjGcYg54xg~5 zVq29&oCCg4i&c-&@TOTNqjRycn|()SmWT<)eW+Cp{Eb?lrh`S&lX;;Zck)Aj-;X<+41Z2$?dQ)IN8`4AAz?KSY$$W%{+RQ=uG#)pCp52J5f607|RTwin zXGppCwpaX4WafWyrbtdc{Hh}vCg+!UZ{(HOc133B$|~8oxy7@i;l7tR*UGZh1T!aeT~v)oFI<9wGA-g(eSf(3s zf2}N1Ur(@uOv<0)e&uA$V)OHBF~F1;$djl{q9>*ln*6{KOvs3sGL)#XkZKkkz@4i#d~i_QL%la6hivBbd~SmNLSIsVH*2chz!*JS+z$5{ZhYs ziH(;}cF?|?MJ2-pA#Z=3>1}7~4G1c~d-WvnxwL;@7~2F19$v3~7CXU*%r51|KeQLI zuuqGYkU1&lXsb-Tk!&OwJ$ARHM@)(8IEWd&Lnv!S*GX#0aD+O`-{FNJvA1JdTsa=? zvalb_h2R6;kT-?x6jYZgRZrM+{EWDS3DB>E>}sAmtdoWaAFT3Q0N5j;q4X;MlxuuMb`Fs9L}{)Tpi!1VG~nit3V&LYPUE*zG2cm z?fAt9Os-;gt%>__ZuV-Ge(Y0rtM_4(ZMS1Sy#WHP^hXFtR_+DKECOs7fPv-)x=<5G z1zcSADWfZm+VploLGR&fkR@$Nh13Kcg!#e~@LXkM>!xg;U%xgvRH3(0f!nst!-vc_ zwGE|2kGIiJNfKYzAvn2ay`wqiE`B;xa*pq?+WFk?A+TN>O+lZY6b5PY8ljVpjo ze1G`7rF+zaK$malC7@kjZ<5x3VkW(A0vAdiMfBddLxPAqX9DzG0&pyE0G^lVlnwV7 zfQ3>A1<61)l{G7sdRJMYL_LLW@C<9)TN%l3Q5(DF1~)|rQ9^1p+XrtH{GXPRi(py;-G_z(b$dBHpv_v z^`22fvpK;i61FBQ`#?jrKX!d55c22nH1~-sA9f!il=^Vyoe+FG{5F}AZ8GX}g0E5~ z|5dix?`sKDA*Oa_ENHRo_3jb0aR_<@x%STb&OrymyRvYWCN-js?d-qNx7SF^HYTk* z#;s{OlV!U6KBOemxt#3%ZAp+ml-gJg#e{GMz9{Q0So4__p?P)QZ5PG^4``J{5q!I= ze&hN_3G$Q=fzExO?*!jbhQ3^U>IU3*1OxA2D1_}}-%~@NV?=DbKHpE%j0Q#rL%FOq;y*Jg8pR7wL416$18~UgNmQi%!h?NAy}vVQjdW<3FCk6IHr?mXRzdr zI+o&-{9Z@JhJzn(wk3AuXEp2*6O>;WRNMQUx%tV`nfW)yj_=GA#eI2+odX;;KDfj1 z6+$!b*6&M|&zk*j=E%Y0Tw9*eJyCo&_({w2QpTgU?y?~&3 z+-CUC=Rowis`zP{gE!mfCHFm*_#;^GyX5_y?u zzd!D_*uQ@?pRPHTyPmH$R>+@ks;E)zO+mzI5lGQ+ga=wN-A;}OH%aMPQX3;vQ1_e( z2GJ9j#_UJJTgt>e5C(k^10tJ_aXJ`%0HOV<_i~3JV0|d z_cXCWH{k9KeA_FlL}6Hv_r(*5^|u(DH(z5$x>sM1|0y(=U`;Tnph6Q=7X{dKuqq|s z#An1=g|7?=i40WM@xK~+=~(g_J9_{PGVLFM-W8U*ZvD9(uYLO#dz_P%lVoa573b8W zEE5YD95`d=j1U7SEJ`pD(>QwNq?`MYfx#lnfwaf;lv&(!^K1{kvWxlJNBI4!emiuC zj#;IR^LedxBLxPfdK8MK)iQ_^jy;&6235skJ%YczRt(WS(|9igrd291y7usgwtnH^P3YIdISY- zG|^ge^^E!U=LtC+LR_4ZHOgGoG_~v|h5=vaAJ+9mAMfU=6kzI8KcY{#c;MqioJ8H6^&>fmZpw^78n2U1hN`R!7Dw%o2$HSZais!#D?NHwx1$lLR5vkX5 z+s@}rGUWR(w6yv0a`j}~8WZpQpgke8QMTv(NzGS6K?14+Ryp*u4p_QY;b>IoC$ z+k~)$)D^?P8*Hpm6_tXMwj_DKKq$pvzDk8k6E^GE zP(j&?$q1etbM$heh=r{$!$iBnCxJAHs>+w3Z^*hH-*_1hQATW;C`8k%6Bv>aNrjj~ zjVq&Xb<38J>|mMpRL=(XVwxTuc|%iM*cB+8JZwB6+46Ew=D{K5&09QQSNbJdeo}wj zR9zj#j{6L<0W^7G`V`}ob$Ql#aY@wvelJWIT|I<^N3P;8Oh+T_!ev_!IoR&eVO~Q( zuUYa(=|Ne4Ftas=*Sk!)=iYD#ZpoiW<6n{Cqr0svnk}d&{IXYEqkeus>9@X)T6gX_ zJM7lFZRCFJp=2wXiv#f|F)TdgFedT>YG=i|Fkgy46!xXh$3$Un59@#>W+rq!v=Z}5 z*EFq|2~qe*cYFBK7^9`uVkF+we=+7V<2eslQQih&O;9l%4Z4}Y@hK^-Vy%plDS7Sp)r3g)_%tq)+JK`#fMwPKh75kkEj2!MJ44%6z z_ml~&V~C2Y$iZKd%V<~Q=*?mTIh1~LlY0of|45J(&$|tcKsk91jEe0s)Dm2v9M~iR z=#$(@`cx?^VzDj2V(n|I#7)xWF`1d1`QCHM3Oq0B)tP&5-0|pp+}#RVTj9UhNd(eb z0xKxd3kIN4zYqBnHHaGSvCL(b&;ID6S+~cmuQW(+AnFuQs*n!CL?AM*301JLd29*M4#3hP+LyDh_FHcW6EwsEV{DaLpjIl8> zCQHg2;?%*jO4kPC={d=ckz zdHi6Q0vaUGqdp89=)brEbu?UUdGHPNDxwej=?q9%B!1 zkno#lNW`?I!CuWbNz9^eV}H$AgI>c} zb_#GtE22dgmTp{B^KKW%dnY1ZyOm{+tVW42WDEa7(BZr+#QK4eBd@!ar}%vzt%yKJ zRVXMSPq9sIZjEqeBP*Q;5g0}($#2OEO&19)B>OoQsQr?Tr*Gy!ANx8GM^4M3Me}Wm zh1R7nBSr!$|0+QMw_!4DFR@fuqhCbMn^_owcUD$k3ssvb<=O81$_FQ_@;++y7KRSL zJ3e4Rj{2wN+EwHgaXK_h{g8muUXt1|VrK#cN$cg48uJ46vFrYaq>*G9*$$AdO&_#n zy!m>rS^A93@fxf`O34`t75`1N;5gkAjKzDzBRid!JGS2i=Dmj=;eIB%bS||uR>ea4 zHY6mZUWBX$504S{?O4O|H&*rc1P#k=PlV@M30meNfn=wov zySRt2DTRjT?TFz4QV^Uv@sqmJSz5{t4ZbTz?4w_ic|w7U=eN!&p}{>NN1ZxCtYTrV zaf4Tg_S_n5Cb1U?L2eAKZ6%hGmba;(az?|JRD;j9b|p;38A{(qy;+LP>#GhhgchUq zhs^TUdCH*6mdv#uh>s^@`kS^A*BaD0Af~EA;mFs^YL&2M%hOP#i~G6EP!?dJ1y9I_ zP5{s?gdDu0GNKk2kCP~vM2^~l1um>;$}a%p5WRe?7v1ES$vjr_Q5rmqBa$S?^jrxS z_^(f7PSKF@D!XuSPZ>(Aa#SR>9IS!mb@t#^&h@a`y|^OF&o^ymx%a66R=1DURN{8f z`j|e50@Jj!etPJxIkXju!^WtqxMVfERMAOu5K`D>P;q-in`=DA^5lnuss`(vbrpbu zS5!q*w2!6`O%n+Tn}B`ncs+Nb+UxaE?jus+o`T?G6vqCo|1q8Q*z8xMKH{`0_Z#m{O;&2PPUrv~Xbt0D?BBY-T1P zyX{wa+d~biJA7Dd7Pw;!|KJ%pGV3~kU0giH;a6Gmh$li_?DoVLb~$7+<0dU8my&#h zC9GG>*s{zGTI#dpCttgyXRn-l1saCbF`X=CIdag`lY5I!M3n84jo>kne#w9N_QfnAj3aq*~=0JCbsicRpUzCx$LYhMr@w%bX z^<2Pzqffp3b+lXUE6x2Kb{h3gVj3?)JAIPO_#;nYHk8}qZmg~TUNP3vq`#1}oJLoW z)H6Rfissg=EDTWl**!{P|8?}fHdO?8&t$FT*nFs&;%*@Q^)Hzajd?gyKDOdNE zSLkGN1bvV^(TK;7JXXXGO<{f($zM()r&usH47>F;Q-JbuWM!{xrPwn}h#%%M&t8RC z@?B0J-S$hAOsOrHBoIYi!hK>pPuO_Cin)Fc)o^jFy{nj&PN+gV*E$;#n53jcYX*>2 zWRo&FEXbD-(|u`$+4-Q*|2smp*$QgXf9#L-WdcNY8|Hhu=Z2^NEL~IPsa}AWD%e=l zxB;r~3DOe+QW*xGqcPa3))*9gh$;K9^L=@5kq^XoiJyH&Md-gigGa0X`?cDAeG=QN zEcf6^;bW`z(p{9hd3!iEx}(*BITM|#QJSH%)ESH_n#WsbrJA~K0Kw^@^0eSHHbmrsl?IOZeKfayW&d%eqE8M8G{6y`~sx-_?(Y>3En znF5EMq9KpMctu8=T%h^co`{M?{a>IhFS~q=LiT!*L3>Y3L5xX$6LSu z-GcK9Pp-MIz3 zSZZl>u+QC*J!OLIo6=j;Yv~vr5Eh>lF~n6oC7p&~edIKRlm!uo#gEU}Fm`@@!0F$> zBJdwi>pl)CF2?arQpf$Br#>hlmy5cqf8Mu$`vbV&arQj^kR+J@M0 z^~tgR3tg(-4`TWTO?bI;F(YN2#iW;tE4iQ97SmSjWjZLhLD0r#Qez z69O{wuD})}BTgdT2jol`wT{Rogife5Z9|WN-*{mFMm}p;nEuw0>pds=WJY_DK^}0) zY1kSHd3|%jm(65q$k}itdkdP%yuTCTifMw?G_y?dOPs6T#b_&>(t~+3roC(1U0nzr zkVEp)#+2&zYB4twbM_cwve2Em+~Qsc7MIawyd%&dD|oI}_wYDBepla>8n_godp%Ao zsDRuuge@t4g`hs@f2x5fw=sDQ^h|x29R1*ake0Q5Q+9D6NBmlq@*?B8 z@0J0U4Kc)z=Tth~^Es3_LsSUql>m9NOK;RJ_NpHHK996h!2eov9M|2Qis1W6lXvyA zzj^Lbzu0Y3DOU6_?z&u{4{mt6C89)s21atF!bS6(kqK3y{Q|PR23r{ z3l?LS0%K-wMCO_5GfLqBXkd~6zc4UWm7;dFM!R_}OP2Ea=qEWg;6e7Csm{{h8AfJ^ z(4*CK1erIkuRtl?prt^En3(u*UtWZ5JD}KvFh>3{an%M#WVoUVyCkK`7Z%Nodr4v1;#p5OMz(#qy>_U{m61flHN z7)vNCz<2|tAP{iqE@Y3E9!5)Itv z)FDqI04tey9Ljo7ljpZ2qJOl^jmHg)rz|3O3knc4&f1l{EJg;F)%?~iv#65(Skn0w zZ02T?krcExlPM|Yz5#;`e_nt9g#Wyie?}JjhcQk2HVy=NQxm2#La6xmMbbMbK-P8* z!tV}dNx1IqOV)MBu+Q-A#ziN*BnW8HGq#U9j(Z2-I7Q%02I>G4q%*TRq8EuXvf>0*_I=;uIgB*u z{WwA6z*#%zlO=Y$dG!*I>(wteYIaG}a3HoY1+)_q=ZjfKLw>#?=6|HeoPir?R8)}r zxv1o&3|a816JPM2>=}=WorN0QGXOSxm%!i=DlwgKV)dI3&R zaUE587UIz}UAyxb?>dxDX{ZW^F37H%trcdEUJ@GUsa|ItTgGJ;L}2Sz5J#Hl3H#_F zQ$7P-2KK9QM`s)p(pF;{MpdzCeVv_?nph$d5#EE)?6Jhfx2%|GWANN;`Ym3h1DrY` zsaLMK>NSic4*At01mAV?3oS|GG6OZwUD975JqMR-S{i&DDvbhd3BgHMYGcd#mRHkT z)ebm1T8k7YTysGQE7LI9GHJe(gnarpU&l~7W0Ue9A&|V;SrZ>A(`vRCjqzk^w?#na zUu0=)+T`h{3x6K-i&qyZnm>QlX(Bh=XW!$YkhJ<7z@cpD{P(AFK4}n~#F2gb=ikR{ z0%Hn|Zz!NCW5KJdGV1vn!tQYUm^D%d>3&K@oa0b<)~M5K9m)EhjHiMI<)6idce7KU|VWWxBS0E+fhK8PoBmcHkMpdm8m5 z3M71QglTk8Wym|&yRCS4+O5j1*J28?uC6NV`&dWO0WJ7u5_QG!a(^kiQ0z37B_3uC z9~kTjo#lhBwiljb@e20VFYn)S-{CG7ytZgAwfNr0GxUI_$(~&KMp&7@O*sTy>NNdG z?dn!=x|@mB0mX0y6;iA(T^CKZm93ccdH9VC>~U{KMaOr~ItfhhZIOlUMVw$8t16Tt zeQ$z2Bru}~Oo!Lh{Z zwoPFt06b>Y)s1Pf;m}^e+UC(U=nSm0%Hj!P_I)7a^F1G{XmDonokYL_9qi#vY4{vN=?L?f%a?`c zd)gJ!-_>=N0$}OCBW@u2N#j<5QDAvHi;v$y9`ns=*8WJw+ET1Zu#bZ0 zt9@ps<=pkc;MI(FxcEAXduE*}(s4s48e3~@h-@Lu&`0w;zBO!cfCsE1%94RfH|Eyu z$LX`_^xYIq2BH{Ub~Z6y_*!Zcob1%#&jzb_gUWpB=jNs#VfbSVAx^M8zYPGMt7?Qb z9-|9io71tY2rJ_aRaQB(6dKe8a+d`lWQwh~gUk_;kbb~>ElmpCcD24uT;d@r5xsUc z5xq~^S7}|)$kyS@BjK=R)_cHkZzHSE%Y|o`j%2~`&DqTpgBCVf=2sG5qD;laq<1p*cAnrFepIk8Xkg>LoB zEsqMABH(B)So>@oL#9CocxbY#0?jOO=zEFvVw9#yc-tTJbC&m5y-BnG4ZT445T6RD zea8l{=$C3Oxun7gJ%EJXVbLST5&QC3sb2AJ{4Z-_Arcc_m83$VKpGbi zLvn$4CHq0rs_7Y|5DEeZgFrdA?)9|&enK~1>W24m$J~!x_3E0~5f%Ht?4>dr|dlulbbJY?dV%$&e# zXmIXDuL~(ACC|rh>}>|#bR~>W)?{ipMykOKMlmX4av0H6N=B$>&7CS94nHl@iUebNIB&M8QZgTfSj} z5CaJ~f_I`0&WUL)8vpAQIVUoaNhHt1B|2bX0&S=7h^qf^Hr#T)P;R?y$`~10Y*Hm) zQ$;=TtSjK1h4TUBV=0;AmzK1@Qn5oF;_6!HQ55$4BM@7)JV=46iQo8gpjumtAEV9p zG&!{E$(O))&#e*fWufqwzTMDw#ULM)g;}HYz5?tBv73XfLKxn|GC1YgM-$@C-0H;U zAdZfPZ30q`97FsXZ%B2EkNN4XohdSZIt9;JGC}lDrc&^_=XKNjiVYf(-q!bka8y9r@Q;s)di~yCGqlMf z^)ohVoq7@qsBzN%n;T1>dRJ|vx$^v8aAv^#DC9!FW2ko3=LYJY*EAN0a8UwC-MQ_H z(gfIXe}1Cf2#N@eF}d%R{N0WWSs28Ggr@3BfRUgW*di>h9}#EtE#$Ss^NT68Wa2Up z`B!PHy&mPis43&DdA4I9jOzqP=9#~u%8bgLL9J2%zKDRu($Wa2adO;MD2{T6jT(Zt z4Z>4cg^Ja3h@a|kaIU~wm8YwdvNG!a`jKVF9TG8j416Vi?hmX+^u|bzQYfroPrP{Q zxtWFSW3pDBS?ips*)^Dvx2OFayqVJ~iiAc0beJacEr5Eaxn;&`+{ zQjyKgxG9+35?bl&r<6NNp@5cR3q?`{ z=JjfjoeCNgmmCyD@V~|Qo~?xH3>1^-d*(#tsJYYBm*>4~7&tlNyS4MW7EX8D*Im2L zCZE~tH^Xv*R?NR!Khkv_Z1D?H@TSF-tSg{=fPc^OT^LD8oB1#1fxabv^8w(>V zqSwiD{q(X?xmcQ>b}0C7Qm3VNxCq( zR%8`l1P{bO=N6wPgclCy%PT2G?~RvMaYcl47EAR%M16K)A$wESJc5kIl%IZob8FGr zab=EB6LazkT0~WP*>%=Vr^n*T9kjF0z|{6Fh1B|iUp|joHWfGOO=4lIz{FgYLz%hM~yi# z)q=h%6>)$z5Z?15$$!_7!eUvN$Jgg}lp&CKPz&a@y7}@-RFL@NF1A4+W`7^g zBXKcF9=q*)#DoqM{YU!;$^#mIPAo%j5RV-S<%awHC-CPC{*UisKkM3YY14o65}dfs zeZRhU(?Nhys8mseL>@yt$76)1zA8M{J&`XT%yi7&!n8sUUgF4S5^s6oy<5`B%TiXY zHXNKqH;ZIP{8E&mS?zh$3S*5N?agp!TMAVilbw&z>EiBJ2^q{-W-JRqZ;(%oO|fV4 ziA{-#ecaupUXS}jR8yxt(8SM7aGy1NX%fy-UW#OkgMw5^?J=igM9$NbxU`cb8H1&$ zf5xs+w}h?OV70RCPJ7gq?@T3#_s)2c$e0aNh~e5iqCRE01DGDmz8D#uK`FoQJ6cA} zzU$&o5Ga>o9Z=`H6pv=ij<+|o{bB#$7U#QRF_o)B3h-<#&DRA=$d^-MxyUS-%!uhDw+8 zzWS@xAs9?h!qq~Cqsnx3N&P}e{&unWf5a^2KQ>W@sbfjO$!que^s+hS<1BW`_de&y zrg+;%3Bx4_;xRusZBiXqE?x*ze2ID*aT~zPO_2eF;j6VXJ;Q#1iMF-`MkF32 zK+)tchcX5fe0y#x5~6P4xaQL&9m#*i6iAnttEJ}69|=rLp@K4MLI+@(C;^>0OiyvG zIKabWvuS20(SsmFpA&-B`|_cfb(Wm{(voHiL*ry^yR*hf!l@UQ1xihi%QN5w2X2u=If(sV>DK8Da5JKHX=1N#O-XkA$tT z`W828_haa?l!^2_W%cRK;!+fZb|icl@V4=-E(#4$=(`(P2CV7B4-FO!F>#CI`imGO z778t*a)o_1+MQw(B(zXhxY+{0pwQ|=zGc^CuZFttFqDQ62idwyiHJ!qAlj|4#vPp0 zZ8L=y4VLjI!g#WjI{rqHnde}I++LVF>K$)`MV={Cdk&Bxq)5dPm|nPu#7Q{-;mUd+kSmVYGFA@Cs0{%%G9 zRicsMrryWPPpWOR4sQ?oEVRos?5B$dA>g>g=OwZ8{nh9ZY9F2GHQ$ZV=UmitFi{C! z%0VEg`XpNR6n|3ity{T-1W!DXMp#^oV}IuzX^^&*P3}EVyG_g--|)c`v_#0v)S5nZ zsDUXcz zC|Q|O=eK<&ei|10X#_&+#B>@HltB0^*21I}I>L5SIPfRo6)@_?zVh(i1YJd5C}Jl= zzlf08>_}44^|d|nBpeE3r=umvMzfk1%*6p;UI5-c$5`*H2|)mnVNF1003wYi!a1+d z&~jM!7V=Nv>z@r$%QiC637ug#x4UO~VgL@+iE4~Z(xli$zaeS?OWAD?K z*ha4PFqUym^Xv^PeADTt*4kui((NLwCEuJ%No>3>W~Qf^vHo+Ez=kRKj4nv}Q0uks zQ2qM!THRc|UrsI=m$ub%1DZxcX#@rlx4Ng5bo5vQRHC7rcUw*^p(>-Umif_&{&KSCpAGoKo(KDccm_?8_0m9RE1c;Aa9T$A-$Sh(|m5;7wk zfmRvd5QqDRuv|6boFz#_?uHe(ySqC+$0HZgE{)Zw!#EHxW^iQj%^8drod2##?VxLA za=BTHm{(Y~AD&Nwken;4l);sZF1`WMI_U=DcYBDnxj7Z_BN1-_!+lH6a=e8*yU!Wf zy}$YZpM|s|l}!ws*8mDAAyPS#>K+XY?TGkaBcdohdb|=0x##A!=Q+YQzFSP zozGnNzHmYoo#EeeD**_l9N#Gs&LB9j&_5gn^)W<2JfWRMA%@=B+|Q zJ00G@o2J7{3DpRactc^@mQPsMow<*k>3;@?TJiSiPHaGuy-tjE{ z=5sh#J3BqLd!jZ{_^bLgD8S4ytcGhf$z_~lE=n+W5CjFnM1hxrN856Jo!!U98P3i%ioGC(O} zK1HEmzF2v0QurI15(zI+TtRqI-U%e#_q^^Ofs?Q@-f_K2#j0)d`s=$mk_I6#@=>Al zh#c@Y7QDS$^jK&quu8%-6g-6bVwRiV_^)j$VgG8@=!}y_=G+)n;OsiKWKEc*%S5b? z=xbqUFQqI=7@~PVr4*$iuwrvYr$K2j7A2*O0kd+GDI!0#D6gw}e@&XP>5P0886In{ zV-*=!a*Di_bg9JWL8PtDL=nDbc&~W(j}Q{I+|DN;%KQ@M9;}rOP(=n9Qxw@%<#rLB zBa%dm$0${ouQ<`+hO!kQPQ$t7JQjSSRzYt<%BGD!w`z}TPx?Mms;s3A}*G(5|ElyT^X1FC*0N3Bhw_YJGU;|%cBM;Yt2a6WOQJvKqI>y|5iUq`c z3wfenFH8A&elg^;mhb9^SvlS-oeCtT>R~b~kMRLbR&zjsFhG41gQHLh-p3i%--U!{ zSgz;;y=Y!=Gxd8YYe>GL@L!UiRq%!yT*R^T(_D2WYg8p#*Z_ly^>eJ=sYSA&ZDNwZ)1fO)m!=)7I&_3Xm7B(l2^G~2}K z$CLTPD%sE_t0NJPtc!y_rb(ClLe8g?yrF810CuP@8Lt}BoQpE`GA-|UW1<`3Y)f#BaoA77M>N~Tg0X09w!@bml$ zQi~<#trWX({x%nSy3xE_iF2{D+d%$nyvs&s>(AvKhh6;&i9}r=M}Pl6qTa#3&hP0O zZfvJ%bYk0V>=WB|(#CFV+s28lwy~`fqp{hvQRBR){eAD}-T%QgpFR6pvu4d2BhTmG zB4-Ohuz$KBt(HBWl~;Y%XnB4@(u3F87%D zm8yB+C%%}fw4dI`(yW`F=gh}g&>gZJ(2pyPX&JcGr)H6h$oL^NV%+n}e{R9KY?ZWP zNlmgYQdg|WSidsf1TUbsjMXf3yX^%m!Jb_3qKDPPZ)+|KMuO9GrzTjYVCrht^ z|NQ9t`EWE>qc!lFS+h)it8x{Te1s9bI0lrB{#E5Hk|%wpQl-(Qb9B1^sk6lYJ*Z#J zj!+7|oGd!x%eEK@Ki2UA0&YZdFc6N=aOX0W^I*~Rqx;}X>6UYIfIw6O`Tjgz_Xe|u zZ2Efoai}X4fvz^efe+P3>l(;oNvykYF)>I>-U?7!^|HOB8v7=vg_jcu_drcb6cxkc zd!t5ttsu!+N>gvAo=w>9T)JEFmoRIph@_Mu6;}!sD#h1xbAL(eAk(5EeR%3@>(OZD zb#xlRr;6_4cRvl|US=eLf=cD{LuN@P%B5cN-HB)kP{M6=#v+gfNG?FXvHo`F#-D2r z$0Xl}(Oi@2(LDmV=<`phf6z*NV^EYAtu5BW7FVL6E?&0v6K{LUbb>ZNQWcUll_6tb z4Ny0YtkeE`9b3Q!iS51`IA5^sTKu8iVd#P6K7=QKl+QzIaq{WZ- z;bd;2L~8&fKGZSEY5|rw=@j~cjdsne3Qd%Mf)M1T_?m=gK=Gw1fVBwL?@|z@!Tygs20>@YYH6%GEVrZ zIIFJLD45hZ)5ujvPCIg`H!8Bbebo!=!X8G?70rtnIWn;?oQmnSoD1YWm9X0aVuL{@`}O8T}atJL>+nChoO;-%tWSMlV#G zv|U0Kpkg&v@B(}G=Qjk*`uuxopV+!CPPDfkVVrsXqzJvvy#4M&*c7Bwlu2+gM(9ng z-YG8TIG3}7n9NbnePWF*xaN;SC~@fF+vmWpA+6lE2TEl?NBIWT1bv*FcZfzNKK5GF zpzoVGZx7BMB|~#Bvf{vv-$B!onHvSvRDuOS-VXG;ZoYeaSy~S^9#r`pH>MYK1TmOl z>>WJueAw(9vL<6eXW#u5d3jF*J!FxK^eaDwyO6ArSw zW+v4_+A?Kp7Lyg&~v{@`}!bqH;<}>*CmmE&iH|O?`JQUn0Ln=M~#Zk?6V=UI>W0yaQ*ot@sgRLxb2aA+7P84-$s6jC$ zUPN($f2gUyLWhxpJdO)=f36s3#&=qy-OAiiL9v64sBPD_oM!R#@W&uVqj`j9W=*mJ9Sd~5uj=chz!=bI zp3MZqi7pHv#T=`H1)MKe+6grRSv-W_lUD^@;g$pU%0VXB4Bl}6BA z%6U8XiZhNjHackkepd{Whmb4!GGFc=4Iu}KdVF4>As(K}jcjBavPRyz!KYBNw#jNO-?X52bS85Oyt7}ON;mN0%z zHVOCr^!oixu8)ZTLvmz_&kZEN5F)9mfvJCh%^5`fp|XcrRZoj3h*-`cTiITmd&5Xi z&z7qF+obL`@{ zq45v*?Non=$aeR}S4u9!==xCRZG&})NV#xgY!q+!c|p<-&$JsF2;<&FXWmX}3DKM0 z+5xu;k77?DX3@>Jo8jR(ct`d&4mLKwF!vUFuJitC4$B1|k0GL@Wuk%EIpxEWt~5uh z{iTtu(-(-{z>XyYQ%A2H=PQ5+%B;8k&91RDq(BlOTCbI^CeLWdCypP2Bguxelz?L^js5I+D3E~eMP~$h80fY94={b!%={aS(%gjDo&{c#bg4OE3(QLn z=QuLc{I;53XpQFB8}f&Aa)eOG4s$T`APV_D=Z3lrkEI??tr!W#zH0bK>YoyX+DrO7 zNC#?gEvBb7O#2OBjs>T(V9HDB$isiD)EA3=gs$kO?GBs9FTa7J~IG(h}M4i-hlM>6*(c@%Tk$cim2X$I%t$?tmX>yOh zD7G2?P_H~;ETy37t%{fA_1Lpm8!^Z-9>yg?8YY;8MLb{~Y)*z2a@7JFDIq3 ztx`c!TT!jCLT!^3-U2sB{jbj2o~z#aehp`QS}vF1e?I%oPu=UeQ8n2e(^A;(@+1eL zy*6*PoPX#BZv0bbe)_(R9gOwN{W29_E`ihON_%I=sZQQuDc%8H7WWnk|#%$r}U0C8a$$#UkVgySW$3Uj9);dqYVrm#pqRqX?Xsi{^@W5gG(Pvh7)SF_3w!Loo)ui9eL`QkLubpQRmxH3b9?z) zH43iO)X6dr@W2h8=FB}fWzM+tH_6p258GhvxIX@{>G~|#L+=UZ&$G)$zvPOR1B1D} zJNzwCyCvDa$Z;6fY^N~xGD&SMZ2AkFLUgkG|H9~D@@L|5t>@bQh3jN{xa9J?$8$uF zF{_r0&&9tOeA}PT4OR`+)Z{wq+sx8dT80es)0;4asuPy&aC?T7KTr zT?Xq@EFK{^Mx|bQLAzp@_m8~wjuebY^^$+MCs&3mH4f7(D2)yqk|~mdhi);a#16*i zKn5=*B_#(gSt3{!Q)y!~dMng~#g(?-C5A5`omk-lc@Ad`i>dukdR=PC+A;|~diga! z;eyNabBjA*Y>Ga!{P2)*qyAnxV=}Aw*25Hfn4vUw3QAIcg#}BVukxobyrs0EMhZHa zp}|u3B)Yi3ISS&w^aTd-E01PG1|=f40TJHu1y{dRH@w|e|7YAnc|NIo^W(gSh_GqgHT<&?&&**u{@oy3%KeKTBZUSym4RyyW z3aDt_`^fzp8_!}|J;_J3(aPD1SRXkmEUmEZyKb~Dou-Nm;(eq|DmVc-*UQKYD*J_2 zCmvTrKhg;xp1B@D#Y2gioU3SEC&i$fuNTB1H7IsIT~Hk7UUZo&8)njk>b52qvG7|x zW=LG^FytAAm`QVQrQHtqP%iH9`oULt3*yWhtR@pz)IV}s5~q9Ac`=Ln%T2IM_)L-^ z$}IlOtj^+hxmX*EmhO)cje#9?S$(F|Qx=aB^n;eXnW{qKErb@IvvfsGB_=L~1 zlx`L|E^#qFlB3ZSttSDp_Wk`GHxPlWtS<{A(mG$m!{JH){i>kPdww~Nynd+RB6%y{ za=o7*#b<2mvLWKi^=1w)#6tfy%n5Q|up1{PGD4mgBM6Ja)G}+}qwvFicYUhXqG(6K z+f1R?!*On|S_3<2^Mt-A=dEKwFG^=$S@+mR&M#_a^Sa$UiL>>l#skl7@}psy{*NM^PUcGC^N`&S|6 zZx~8;TPf%XA=!`SKtq(;Dywu zcbC>d{{2B#-^7PWTU!K5hH~T^3Jw*v6IM#i1vWbR2Umb+0V}QxtQ^{v>&I)so3>{B zJ%}p)TvM7x|F^*%tbDGd&^qQRKHijg`kU@>h!)+!~E_y zIQ&FD0KF)X>I~rQuKlbC=te5!+JO5xNX219wPHp`MD%mjpyB~{#2Gg?!Qg-JG$o~n ze(>be<*j4KYkGb8Q<=4vM|5MN|B)L4;k>VEX7x?Ie{1b(8gZt?pb4JP^WP{E|L+zK zD*IFwm|Ugmv-aFEkC492&(DrX$9@UetDaU13ZH_4;c*pb(r*lY-71HpbE+5;a5Y?0;{Mqle^Ud!GKr8h_^@M^lYZe0$3paQ+LU-dR(<+VgD3C*wQM~ zHw`T`Yp(H9TMdFqr9EXoF$nF)Son8fMn5oHcW86V_k`YN&Z)WY&6^X7PQD^%EUR0Q zI6ak{4l@f2WEhGdw{b^@6j*5x;h_sfjnq$R!ZEVorrxYQ$_i_L1qj3y^?|cxt$8wG zlAJ|!RuF?DvP#t?sI#%Wk~(ZSW^<=!p+pg@3uVIV5Q_5h3J9-Zm&_{j6PLjldR;xz ziD6O{7LM!yB&~}LIWZbXo%j0icfsf*$DpJO+N!4z8`^B{RD3Z|$q!6^kzKj5V-_Q9 z2R(0-X)&1nvZai$g$h8!VSv)4i9=VR>R+!*K+BfQX{vJ`+|#`l5t{N(lJ!GWKEdzHO|b ziOb<+C8o&$SfTpG-{k};IdhTG$#AT?{Vr{|KH~T2fU)J3!5Q(Ss@LgkbY1SxNsnN= zV;$<=M>4D!Yb(o#7O*rSFI{!9kZbxRlqsGf3#PL~dJ#<3ei?2MX&O$W>>bt?7P9^7 zen%)4&pVb3d0h(Jb}1c*+l@f4 z`E(k0#^B&d;Y(CKyDh!$W+_ezLi(rb95N4-CJ#@~=2{D9f~8d7GMbx3$^#8WSoW~m7 za}AE;vy=}yZ=|^S>qBNr+J+IFKnaloSWiR-q)&jhq8;3SR0iaa0VD1`+9RnvT7`Gr zfIs%$1W&gAcfSVNt+q+lCnXhC%XI!cB~JUqN5mI!b}9&|BHyl_$2{IHEHd3n>8!N^ z_RP42tM<7tPcE{1So}pacx`l_39QN1xET-Jm)BrKskj|u>hIqUlvvJi6}#V$xHUnhxi|TI0R0Lh^94n)|%w*F@R3ISl^e(S*_FppgSB)va5StAp4L z`;oO3;+fp3yvTZMATq}(6dg^Y&Zn2AQOeYwAQ@A~T&c&<-&rtRqreZhkTYF*InIZa zMG5TjnKMzyUs=%{JrOJ4vp1>Rt+lM~2oui;5w#_4~&E=v}XG;0AWIK$^ z9qR|%P#&l>E$*0F?sk>RrA3o)1El6a*QLjW&OG07iPkzzX9>r|iwR>gOoiE&BjtZ& z=#%EhWywxVj(4W(A|{V0Upv`k=Ajxeqt#==Yt%nW+Wy4)nY78*DM*tIftU-L8vjSe z)bD6Qp&R-qAC(SSXCi{nDvK)11VpeIKfRq?9!_=b8!7ILuMZFE1NhdxDBk4JrOzbn zVY4Mx1$t)(l5D%<-5=*~KD+i3C~QI4#<{R>ydLY+xD08fOULV;f*f_JAc4|{4_FIll--t1MzXVr6hij3s zFS-bLz}|t$UbN*azH1W>hm^G5T>-;Dw%B)h49CXz^L#@8I>9>riy2?9Q-aNtP5J z-3lBh=xmGai&lf)xtb~P<15*dTS)9{ImPK8&-CM9x;~)SIf?C5;AcU%&h5nM0+3Nv zNT(2Ecj4S38Q(Lt!X*POR$vQOa4e4{K^A~8mUx*?T0%5?hA25X4n!>m+F?yY=ryTG zsTgewRasfMgW_cP&(!P;t?0ATl7M1px}bIZnW}^h0hxK|Qj~c#SfA>WpSW~XcTpO( z;qNXS@e~VzL;l|YaJA(pr+pW|`1~^q5%OH++E?i2hctVPf>!J^v!e%A-RJ%<>2JSz z_m#%pWV~PD#UA;P*h>BFL)+^-vESn=o{q%f%z=uEivIr1{^nNbd1Aot%E=k6n1hN! zmB<6S;8NM-;EQ(?MxlYCyMd=_1oAR`@c_BRY(4utiGZf~$FssNP-eHpAVOB;+}V8= z?)>;!WMq8B2n}0vVKNk<(A|R!z?eS?MpK2AkReJcB&M1e02r&(5v#qRICz0a){3!k zLsa*|f33?e%sw1tLrg(c3A(NR%gbX$rEFzN{FJ*u z(%XM1N}cW))cEHyg7nM$#6aVVU|itva9Z5Qr3W}4i{XITKBw&=u8rrYpHeGSt-Uw`NL%#N`b*|NEd@f3cyz;;>XUMKSFOh?&@5c7+;4e;U#mnit`C5Lt z?*3;-`Ax^^N&GmW#p_~%*O>A4bdhSfvHBJ5i}0*XeRw#|KiLi>(|iisXokD8aR@-n zxoQ^IxGuatTA!O>nq*;-3g0~ysd>VGWn-cev&UcTM~-db)@SFFqu!O{L4v>EC7KnW zMuv~!K~rPsT2N?Di+U=&H?}}dV$YchP5m7wnj52${`Fq2ZFG5iOeNcqf+19Id>M9V zT*{#Yzl3QQXKxz;L8TDvBqmXsy$!$?Gl}xPT7Jko`m| zV8Z*-9i`=Jjh}QvjH-5j6y-Jxr)gDRZk-=qBld1~2gN!(H@fb(pXOvlu#qnj{pP(h zb|{J4Ll*Us+6U~8jly44%R$Awh^Yw-X{WNo3k>`cVi3Wjw39RZPsno>9v)Z1^`3J; zV{A7OkxtA*)|4Kb#NGvJe(>jWO<}(~7R!YGBuoPx+wdbcTGAtmH3Kaem;4CjF}lFk zsF+qIm49)`bMhXl^aN2%9z1^oR(+Rso2gVjGBOe~)IUqL)#vA30iXYn_9GIVL&lgx zUzZb0gH=N=GUuEhQgG|3dyGY`Ao*e>A@@s*<--{gZt#`1=rBRxXceftsgms|d&&x8 zeF~Wk*8MhQMh-0Akkq6{kE5|r4-B)#WkLRumcw!5MOKNKgrzbyLutt7iMF}c4vlXE;DRiAK0>Gtyrv)$+&kJrs?bF`#yu)6=ve_T!dRH zR*+~8|6}AKmGR%efDDSTY`yeCP=oiR@RRG&Ovm-Fw`b#!)>CBT?}$@9 z$Fn3j=FlVLGT!nhnypy(Rq;dH)!vk)kf)6AKjs^+3BPNGjV*ibulPD3;_a&7SG zIDHOzH0&cbI%4z0tbF@pQ?o+73?+a<6t8nMyTn(IfcZ1dDb>@v{E-CsNn8cttB-wI z>uW?qX5M|XzQQy1BMs7$^P%GRAISVsHa?)1dbkMdEs<)A$oZI+M84>DXQ9{96XfTaOuyrZ;G2iOm5Nmx)~G3h|9>#dnd1B3&id;W zLVrm>xDb~JLs!z&la+Gp%dM_}_(%Fc zq%|g)*KDzzFTWI0SVOKgaxHSWV3i`xzuia+Gt&5ms*t!BL z3u>;b=iCCI^0@g3jSZK}_L;;1I{;zJqJAwR$E%%p$aCsHI5~xtz9&C|$Ed!Ped4gk zF?Umv#<9hc<+U&Zqbn(k1z=`T6HokL>>JT_ei1jr>SuuZp^6 z(Q4;_w??jP9Pxkft7m;)Y`v%DEt^;5H^$c02hVYPTckruH+kPLbz2^cf-qf9d7Y2% zwNmEj8`UHxy+|GnB?jOm{sUq@qw;!JtvD8Q35_L(t+-XDy~?z&DlE@tdcq^Lz5RH) zb-M)`Qq2zwwE1pvT=3;XHgT|2Ng_K-t~OJF`%g_4!iKh9eGu!-kLANM1_O2o2X60fhWj-6{7?SwrMghYeQzAZ5J zk*j166c22a6w3@bh9I|t3UfvATF1ihF^L%Iw8zGrsPmXW6hFqtxgT`Og;RyxAca6% zs!;6O*L{&pfMWEWoM;pHQFy*2n2-Vtm3zKBDT|}7T}xUId@D=XA5X(M3Vo7 z3ZI5Ph5R?UDnk*m-I9V(Gu?V?C>8WLd6g8$A;8*eIId1rW!~PxF0zL%E38T)6&4N# z_ge}YLRf@wIoYZ_Y!%$ z4_MUuCb)_9#zmdEdi&klV^I}b3CCKqZkWG_i0jVSjJ`DcHGns5Y zCo9K8Dz$Qulz`PNJ{2wBnckhgEqX9=+N~w7Y{oIsIz3HnphZH1QKckr>Q9wYSu1)p zmj|F<}gOhr{SXQnepr z>~AS!77&vE;^N}xPbHd^fq{X}hSA?UD_de&Ir-h~Qek#m!;e;3ql`PrEH}mG@7DS( zvcU)qyU0DdSL+E54jT*DuC zmf)8BJn8v~pvn)!ugV9bbj+&o|G0iI7~G4W>o^N)K0H$7j3Y?RUdNGYtJJS+GGMXf zjm`8yt$8JHI zOXSg&Y+)=mD}|rrY5KX^RX%|`*XS-YbEd4kBnej~$qve1d3aq&iXwowQXNUO>iSeV zo_GStl?y%Ke2tfPMhxyrD5kCOU(TE#e&khzoR~k-05Yts!~{5Seao68Z!|x9;0VCh z61?-v^4Bd7Z;n3Yo(@6R{uw}}?f2^&^UG$y!i%;jplv~VK`e5(%F~wF z6i`pswKqJz;0KZp=H#zTg?xPjheNt^C!_!>D#FHXng8VO_fTrfsP?`u8`tbE6*9Ms zx&g$y?)1pxtyrxB6Z?drup<^L$Fc_uPxIGJRCeT>mL&P9dR0M+YV0e{Q!gSU!gU#4 zM>Q6AwnK)Ns1fwY<->^aNMu>toF0l~%V36r-C0O%r4(bM=Vgu)c%$IY=AQg6LKP~K?zj>Sca_ScPEq@c-;QUwr0XacIoub`)Gkoq&^7w)wl6pa* zC>PiruHD>Uq&h>;+h8U^Nmov(BRy7#wXRvp2%q2MQj$%XE@8ohV;=;OcM01tRdTAd z6pi+0r;(ju?Wt5%5)ke{{GUb{L+>$9q4+DoNtA8fF+;n*{vOPk#pIM^$r`T@$&w(a zSD$xS)S03n(`?v?jMATs5vlL=<9wik=P+NY^l_q?Z5`G==3E~(|M(CiCEP7UH?s`S zPLy<7hocU>q8JzdGse^xJT{e8Tlx9e?ej=hUbz)10ZKrx^9@0ceKX&WInMuwnVi=$ z{UIJ;>km}}0k_J(X}VY^O$&wtUIY*iu=F#;sgqkQUf?lPf7q~c$mFQ%)QX%|eFnNf z*cR%)Z3)O>i|s=)Lz82#`VM~U)_<+$CD<`4_Zbwf4%@LjFTgmE?4eTBR!7L?;^sX% zZpXbw-&`0(uq9bYrcf7GJF|Q~RTp~%Q`Z*dzwC{f>A4y_Nhko1E3zJZNz7AAHA6ee ze?tD>!;p>FnF;a|S#E?~>j^K8D`9nFNl3sK^&{1?M9Jd!wYo744AJNg${Sg_{UfEX z91=C%TP0!&A@vjG_K+32NISzs{iG}7Co@$#r*Zd|BsB|S6-^>jh}z~DHXYg zD0=}@A2DVXqJ%$wuj);3N$pzQ|}NmhhE?DQ0tts9JECCdtzhL60P(9EYC15D-~6iM6lhD$OyX;^0UY=N+=|Dvnt#6=Y^;H53$jZH zT`Zf{A0%HOB6T-tN7G8FEc3**1mPm`^71zRoz5X_TVarv`Zw9n5J3h^zobcMS0WT* zCGk!1ta#s6F5i+H4@Y*3)YyQ$zomeVN~EY@vhQb2gtRf1{V&!FD_NaPAusm7Y9+@iZcO4({jrqj`v^ZF zSZ3ERLzo7||51NGV6BacDbrVsA4$TCyTjc@Q?^&~@Fd*^3PV*fv%XJN`5$JR0FWPH zt`G$}IJwKCUJHdo8jYJO2smwM^Q0Q*6uP8^QqY~YaS6wT7S`J>;ol)?vB}YonwtUS z;+@zl%Bcnx)o$X%vFP-FiEp8qeN%@l>M)9)SFmDu6UvMh*C>|JS7T82rAQndF|GFu3Ejs36*l+VEzxNV}R)cjM;oDGi%{rzW=CA)fURz2O1GGwG@Juejm% zT_(=G%urY`r)13A`-M*7T{OL#4Qd?AVzy}u7tSG zgxC!DK!U^5hpIkh;g%G{Zf7g7nW#!Z#^q#nq6{lfN;811*cehpL9dc+_IQB(<^94O zWK)Te7e_@}9pXlxCTFRaAa1Pjz>~&w{*;PE!;pL`P^A-FGsq3^C%k%gzaqCv_AhR+ zB=s^n@6?`F>+zB6d{8_V9ou7S5phG>BdS%XyRsGBZ3Yf?$30Tk2lesOT5!2)lQ4wG z61L2IN5|$!g3CGl`c+I#pDN=K(SI(9N~NuAHE+8axAKwlJx^|;&EYbGHoV%qSIlos zPHn<@y*kM6d-RINriuUYPr85krz1pdqc<>Q7h>{vgKfoT>mBt|O|pt zQTnM2z2g7|5bR@R;U@EPE>!w(sp{n}B)|R*;{A=#!^3pY+k{aF43#ImdOA(;;ksLh zQ*gDaxNHDw+ks;o;6^buR^4OQ6Q~O`%bNpGn5dX20@S}9BQ3uk;hf4!j6)els37=;!5>Ne`NSB;@aG;Vk=;5X_ zjU4LBOv48W4UxFiZ@N7EL{KuUca8h&yZ0yh3Elts%YhQpuZ1EJ4S0OcsXwW!u#aW@ z0o4SUHyuq}o!ad-C!edE&w`4Rv-(+@tq>rC9Ay7{hbJ%>m4n3;!*ASz%ouCDa4+o3o$$$l9b4IC1}QS1vbm8GGWEF{N(q``k>4QL6_4 z)B~fJ?~~D^uYje#~`=4{ivIED6Wo|GXEV=Z0h@DM7{Yqs}*YB)VC}F{&|B*FAkd3=Z9J z&JmErsgmiu?SI;;`Q?jT^Gn7atKTSZPqP7!7!O-&&AYO6H$JB+x<$|JZWiJ3Mx=|n zznIOhY}#>+3G(1*)2)V8H5S@VSs^By7=Ps$HY>u%HqmC{t`x;@XrJ>NvEh#*vxR#b zv_{^_h^>?LDtD0MVs?rj+)^w0VjsH+@J9^-D4Xxb2O<8+MO(`^)AXPSE;$eq9CpkO ztcz%=i4o`oWfe6N`nu;v%DdSEmz7$yJH$6pt8$@G!15H4^&Ft1qCw=OU_tH;r`4^) zgje)~H4EnT#4Ve9##(mW+uj# zdRcpgROoqbh89eIJO9x9cJ>$L+_Vb3K}rmtfghxP^Ai$pO#Ovg<)@pqIFX@jSK2s2 zxF$tqC6B_f%2QeS7{EP@EorHn~M)&LfQ z&g6v_-=b!_g7{JVl5W~#Kh?u&S55_PZiE-HR@voiP=C&rD*y!+T%&}sg`4#xLk%5z z<$qwto7dvjmxQcYW678(DWOb~=H||U|BRo?3%@v|7BG}<0lFhxl$jiKoAf;)<7|=} z>o`6{HpH(L;K>)^&Xq{hf_Y5)?ZwmMd-1uvcK*)f?q+7a<64vVbul3WJMweXSh85* z&5rg)h#So8Hx8Bf0i(F!{JPBSOkKow3huno+z+#Yek!t%Htv7Ok3cJbcRLj6k_)rA zbrg;^jBn#cDs5L9xnJHTS+BQA44yVMFUY`Bqlku*O^aP!BI)v}NByUc`6F7K3s*@| z+xuO`$UQKUTf|i1z}oL5OlpA)6@CE^ajU6R6*F(3W!9|Wxofvh`Z~X`@GxhsEEE@$ zhXn1ffeVqWUSzvJT<*#;5-n|+!P&8&g1`1-FQclYf9l6qzRaS4A}_7Gg5uEkTXVZ-;Z8y)AhLHC`z+4hq)9j`L0ZhQ(>Zr|lib z!sattZ55UNanAl(XO(TvKsL!n4>%FKL2x9_b1-P;$`54-8l#-LGSO|ik)H0B!;4H8 zxAn#`(DIWel&3~$7Oyl@pDx551k?_6iP$73|A55=0SC^7#43f5Awz- zs56PJH1!(z%qn_z5+HA6s)rAt#C@DynGUN@7^R zWvU8u&0Dx)1pSKCl3)q{`YEFr{H#q1B`t84Lv3Q#JO*9UC&ryCtY&Pcav78TD-GJ8 zKwpW)NGL@X|Hb>)O=BFcwvPp#-(RhIOBl~UrpQx#9;@FD#1`eV9^dV<{#YIePaF9r zFmO)1CuIA$-G#Q+cOSP%u3asg@Sa{~5n^lCCqr}qxhr2WZc(Ab!ahT*Mm1{8BLB6^ z$P&A=)9_+K4t-5{Fr}NUi!zsik_!bF$d#wUE8h{|Iv5dG?|tD;^x|j}0r3Yn;s4gM zF{QG90p`x3@8YW`bUHqH%QV@uyL_{N_K7T_S^BVFW1(&kFsdx*>=wrl_R85m$2x_RK0o z1f%3TFJ7R_O^FFN9(AvpjZ0^xU73T#Y9WycY7ade9hqdI1I-gAgVmx{iEI>fw9&pm z<&a{dXw!Z6=)Ae;DPqZ(Me?6PxQULIiiL~46h-ecxz@B%9}P-58lG7MsiG?z&2jOd zE)AKdfa7c!eHq3m_vO2yY1uY2nJlEI^vnGjtW(Zf%&S!2-WGDb?zwxyQVT9zn|m|u zkUB4Vg0d)f$Y|N>C!Uo zm!pS3*-rzm!we&+n-;27VxyZ@{@3Ggrj_5-E^@`9jItkRD}q%9a0qJ%2_1M^-v1RX zd?2v3x&1DgQ(mGH(A5%jwkn8K5IB;pyAtoiwxWgz0v~VUm-9Yh+0+yY2 zq?A&WjpxFEbqgZv$P*N4i9d@lzDVhC&{)mRX1BoAnUy@AQkxge)Z3Pr#_Yp-YZ89# zNR=P4jd8|inw>)fp#UaAa?u^tuEtgx-4_6%UE|D|y8Y_lYfw`A{Jh0GER3Z3;PBh< z5!I5$;nFW8xdz?sE+@RS9zFYxB(MEn;$Ju36#u+@3*>ZLz>PLX1V-9SkUw1zJj6d2_8eb!_ZXJJnIx1K3Ex&8{gwlGo7Ecj+Wn8xcR5%~D0&_#mY@&|s%s zv*4ka)=w_F3h)&%q$q;iUc9{kkbFQWPk|V8Exr&{giOQzlw^m1&+{ z7UH(j|DxQHBqn1uk59R=Nh}3g3fr@FWZ7!~FUZs8fUA_4I%dA7TK;1Cgng%C(m(CX z^~Ah%#%TT<7OYXfQH=R(A#&W>vAfHr<5KmbI6fcO_@@h#h2^7re69E%!~aNpT+-%CoXgj1&@Yu9Iz7lRP7;HSUoadp>=60<8ps@R4aI;JeeA$ObiE0A1f8Z{3*J>Y}wSg{Ret* z6Dqn)cW$F&5MqvwTvn&7ih*C=fp+!DSNc?-a&K02{h zNs4l}`=x#N$#%gDhRcYl#dF{4j+@O2>Puf}V4Fp1MNRwzMGARpc-gxFjxqM?K;*ON z%<L+gqzZoHIlBb?~F<1)GC2pElLnS0ku}M(EPNiINPk+>t(T7?<#zxH`7KBQo zvf{;2e^yS>8!rxvBwUj-E3iOvC&FYa&F?>DlB*4HjwZ_iQ!->on&RPxp-8X^4W+9& zFr{FX+P33rXBUnLACO0%U~_91bA$BuuX9E--0%R1kij(Na&@~wREy7$MlPqM+`*8f zSSx^Dv^MZPE$gBuRhKZ~$9^?3GpgSd{lQGlNOUNR+8L3`@JGlj+$YAKoxU8poXKBQx3dN)#D%sL?U z5#;s4yc%<(AkR$z%RZHp988O7{h|{}R7*g#)8V{U1I~^tr_X5!aK;@WE&Z8Ykw0nm zxi^n0$$w^!(+fe~ql@mMxwUXl)6Cy1Y z56o@2SgM)cwUkcNXC}4;?8FiLTd@tfmpS{*gy;d6Q!^j9MJa8?5wFtr?ZIp>1lMpw zB<7FC+iHjaJ#&vOz6HVOdt>TH>@5@ZZTeGDu2qJ~{F+Zsw3!poIQtd;MPPs#;-_K|}7 z5CR3>rN|W0CFSn|1j5Qq{iyg7M_a1onno!*3j%{DxkfBF#;i%QNOK0Trf(8-tJE*Kj_5%)*_&Pi+w_;?$E3%$uilB`Qdd;S3 zY+DEpE!5JGJY_|YKV4wv=aHwf4nI3SmPJL8#U9>8T9m=UilMgZ9#Q#;~Y zjx6^AeTu=+&aWa{N#+a3#g+Sh?(P~ju2-OZ#VF%%hk_3)qucSWa%om8d~%Lq;Oktd zU==rOJ0hy{ZKqZUO@_Zu?qCjKI&lq^@vF3GAOXxz2Qop3SGw>$>r}WZTC9YMehLtb zH&CVOD}LtIu#1In!I|HOos=y4Wba9lL53j89Vt#hi83qkSpK?32Z-KQpERS1VaOb5 zswlJiaiW(4FSlVQyhbjoiGwz~W`lec&}?&K`a-8ui`Q-`*jOTRrAVPr38z}<+fE)U zf-IzqGIf(F5eC0FaeA=4zlL{A^5H3B38Apz-@IdKLeSC=i_}|q>Kt@AWz~MI765vK zSHv7REN~N$DdmZ$E{@NE+pRlkaL6bpEzaCYMSDZ(l$VDpB~iS()d~PgJ#A|4$xoa7 z06Ph+cx>7Kb?$DHI3RvJ3>7INP%s99Yr1II;<>GhQ}NYz&$Xzv zop-Mb55IeHR#dj>%E%=K4se)N*Q&43~+jNV?Z&o9R7a*|3Co0q5ur5AW=QZ zp%%$|uVQz2yiTCo6kB9)tfQ7CCGne{x^W$UGkt(sS;FjG)@(MzuZYTNYoXw}8F{Oz zETM7;i_#;~C-fs;s!{zr7u|^pS{YmP#+N3O0ZLjY_eAO4;e>1CxP%Ek0P23dQ3W@Q z!MA|!!su6cJem3GDZR*a0>hK93*4p8w`+TLm!Vlf??QJP>)3rf=te|C6tV$dcO%c1MisZ}J?<)rQR_Z&6@h_nQLjDYEHWc(~x8&Q*=hEb;(>#{7)4$t51PwC^Qh+hsLE+RFDap z$z+mOXGB<+G`O0E*bVYS(PuiH>Rn4%<t&kvD3-l=a`D_le=bD3< z9-7ST30Pf8qwQm=5tOO58B6b=(%7h>hXp4wWh@;TQ5x{g#11N5#ngEtqenx-O^Zfg zH8eC_1klvkPe#)$9md?`Z~|<+uP4fKZE{Z--edZxI1xF~>7=K3PV1-cY_Fh#1WI30 zl5XYzkL)HUim(JpvL}luLE*UA$80GbEr?aIY0Q8m0#H?wZ;}!C7nulMs8|n!4Ku(9 z;B|vA?Mw+0EELk&F^WTd#1pjT>4bji1zL_iXkWLr9;UD?Y!_{}5W-@yki4Y@Q0CEc zs2K7`kkn-6TzN}F!-Yp9uo@c99(uOd-ixDPPB?;V zMhqA0qvD$c+8U+Vyf&TAE0a+(WhwZ<6(ys(fZvp+Ca5QBI~XZBRY0P_*Iz>Vq<#$d zOLS)BIMLV90);WA1d&4#zAiMXUy?B;+7q|2ka2XBrK^mFGOeToAzf?IIrK+>!Im0) zN?{&36{XiV%_hS~_%9xCu0;tM6kr!#?3Tib0>Z0m>&bnxm01h&4cR;>r(Zc$lj1}s zD(`d$2MPE@l5Zv+D}S>%Q5p-oaAjiMv&_ElH_Zy8cO`t8rS2n+y1lP^J=mJ;l0WmI zk&5JpA+iiRvL5+SPOwHTt+u=%O0_nJpwf7b_su$Dag%1C+m1$H zH8h-SwD+8Y%4sOhe&o(52{#-3z@tQ$g#LUqlqadFu+u7Zi$n%Xtk>2=D)35r?u(v7 zdY1T+QustA(ji~8Bqyh#qp~P&8H{1_efo~uV6*C=lz4>L|Fj~lwo4uVD4#0B`(|i_ zic#IkCJ9!8(8{mWZBHwCizpw}SNXzF_!O)`Lj+=_N^YRzF4M>&5Lf?Uni@YxQ0ETvFE=W-_()>oSpA;ldH?_*07*naRQPq8m=P_+fzSR{Yk%-dnB>J1pWLm%v1%t9M`MFtiP<~Ph8l3^HvZW|* zf)!Y}Ce92ab)O~EnH@i$6Q60U08CjfQO@s2;h0^I*k)Vn>O0A_!kDst{5Ko={Ggr= z!>*BrxEndS%#Yj6q5IS@_7#A+1}$*5z;}n~z>MOvbSrTvCQ+qnBa@TTb8GWoGm8|2 zU*$^x(u8K=#5$RE5B=3Nsav2S*IKN$0Pz>djOa923$2Mr*5Q*5)Xh+;6rv1{5;|ik zyr)M_BVsF43!)mh6Huxj`W;Gc%2q*K>!;;tRY^zy?=pL_{7W{;i@);U403YQ<|lzz zrT_-vborH)(OPW~^*vgYp_B>uXuLD1?Z$1T;d2V6Bbj5nBjo%5`<>aKa$VA2+LuPr z8f%z~Ta)`E0cNK(_>M3~d;PA|F9NKoB%lvgXq8IcABQ`~8aks1{d#pweL{V|q2U6f z5m=`Ib579E(6BN#_`Wxz)|(uqxmQrrFWm}Bt=ka04<`@M9XltFzjFVG=OCl~ts}zCf z3Sdvng5-W?$_S!>RkRW++>R@ItoF1n}^ z!|vpKtkB?^mC}|_UZom{RScI@$`9?Yc8`X0nXTJXw@yw@>~Dt%6>@h#=d5mRKN#Z@&*X!~%B}+=X?9rGRxw;ZTv*0#^mxU}6CU zt%gto_xU7+2#ct5(BvF{;}cG|QlJrG5?fP8r6ie3m-0cM=@vV*bW)}F^E4RPDqL{O`z)1&J2JT>=hDO_sxy83^-ZWis*R>11rl`bd4oZD;{bc1E; zUG3t?=(c;bNj#$gz^q4giL}v?y9E}wJaBnj`hKt!ur31jQ;tirf}VGva7V&^Q8KoS z(uM`foZB6D${1KIqDC0E`u#jZp1Wd@I*4C`PIrhAY*YnskEE?Z8H*YaW~zWRIMJy= zS;u1N249FHBv`A87-`cJqsB#{g%~A(*r()*`gXuvJt135QAiJ_8F;0LIk#yE4~0gl zO9|!+t3_7l>L&r&SSkccBZX;ZzMIKWYV4-*r4|5 zL#tl(?N``~2v)5oA?L!`$sHx`QZGRE@ zdcDT|bhhEBO^ZQpGMS`On61%w>ohY&B+6i!PB%@xYri(MSp+H=$rH26e#%wpGT8^Oz-ZY#l0`}QKq*kYZ&d<(?L~NAIL{T`2 zWi}<&L`6rpmdRb0Hv2rHI|Ly=Iy$nq1?lZk+J0r)Rkrhjbt{r^Ucv7_qc-Ah%#L}>-au!*Fh z1Aq0qTtQtPa1&0uMZuOEDHbm(O@_-UDQSd9!7CxO*^eesW9Zpfmg4)J>^HIZUTVSN z@`<49T@O3-@URN8u!Sku`90Gs+oE4s}|@bTM}i(^{h~ zND0BkE0N~|MeN{@XwY0Nk(`w(q+HRu$tP-Kp4^sc1yEUVyU@jU=>0NAc|ND-2m5)9 z^M>4?yH`5oe$riz6T8r00EeC}2e@2Bu+!{clF4e*{YQ4)tq@_oCV~-oqG<~(a3x?VVBKbjB7^hpyTAp&u2VBxWVyPK zM7nzv0(uxhF$5t=;t4k^b6XY&dXn@QGf#K)D>s7?U$cOjJYLLGog&H~Ni2#QHLo^G za32b0u!Nz&T=(;*k?TRKwER@SiU-qX?1e906;bjc0>l_y>DMmN^)hEiMdq5?lf?_wEZ~0?pLe#%t=RyOs340l?(WUq-CxKi70LtAW60x6eX$V*1Re(dYBRyrd_!q zLiBaC?x5!{Q!k{vsF@SNxUdonNEMQyEJT#(h~~u5TD6ON7ga7-A-#U7lx=}K2F~Kj zE}yK1gSl9?W~*~i)ogbNz_xYE;>*xr8Q=gEkMC>&IT zm@ek5T{ggoHfk`7Vb>8ytivFg1s4gjlhfAK?BwKRyQHP{@&K^? zU?fE;5{L{gT1*bVcz{UyB8! zI2C8m)g?XYAOCf`wC#7(up&Uj=Xnt&1{Be{>KbVs(MEY7jfiisQmn6GeKL?+vp||D zsX#MCiS;X14#wAhsc)nedL4Oh+kHj|vrDSV-@4$r<5<3QlNQSTj5|Z)Um#y&=gw^InG{;8OX2^a=JN zycKW{o5Q$_tNprzk`av%=IWLHRTHRQN#*t@b5mDC5-=Ikc3ph>qLz-n!pz(q!u1kW zzKCjnwLOAs(eA2bdPrT!@w)h3cU@v_QS3! za>-R{0Rvs9NBjt`vR7-aqnt2-7Stw^_GK!f!Mh~YoHk7SFdB2aQ()cF+RasgS;{q? zNb>Lk)3IyVH>*yhbvYR$gZ93-%P*&}NUX2KyDFz;2t=N!sD|JeWV`yWIa^Ygh`6Tf zXd^BQZt6(m5>7%jOP=O7N(nWlvJSC>t}v_ruI}yUQg(%lS@%^f3&^>8)hpL9BWm5H zd3FYsD(&J@9>oJRE?MRHl2mIg$G7q}=M9?=yg!nIU1{5s`&`$7BAxxb17R*fs7AKA z(=5Bg>1s|c0>MQa4N5EH?CeJ?l-p(&T>scf6pTyXS=Yr+{dLm6tWs1h#Qx=HhnV@EBeeK!=}V@o2{rQaP0xpVna zmQ56NTuX;!cR-{zlqsp5mg$@l29iIqP(X`l=M=gK>Z1EcXcRYLLj_B`M1$k!HUB|+ ztO3pfPL@js(ctQXc6Zz8nOw!2JMBoCsqPea1}TPJAzveAnblc1Al%-ip#iv*%rc(S zuM5f`9+f#Yz%>_#Q*%QtEmNnV7$&G5et*o_ML>J_x5{)~a~BKr|0V(axQAWo9dY59 zry*Dx+7!y1Ke6%|q9t#JOp!fCr0QB=*HIbN`>DTDUDZJ&=b%e%PWA!|Top*{`nJGQ zz*=B|O9U8*+-_QS2BaC|n53Cqabp*RJcFVTArfN}2fHzcLXS@9q#H%z2A3|vD+GJ2 zUYb7_2sE{XL4A{div+AxIIv!pl0{RXd^IS7B-s?HS@o)ZBnL%h^2ybSGzxp6DkiQY zx;tB&h!O+LSR$YXC?cB|m&b_0XwZmpS3^iAX`*TRRH^Xb_PX7#hsx~w88?k_-42eZ zFGxm!^e812Aes~<4{5Mo>Rmfp%uB~7sEFxl$63WFp5e@DW`r}+_5|D6;rtee5z5;c z>Vt!n=YA={9Qk4Qw>syX@<{WkSQK-H1-F zpbJ8h+*#1+b5~WnqFy4x8Ig+avB37ULC1wiu)%rzjRh9CYhfv1EwI2v0A_CI7ph(o z7|9&mbPF@L!G%AH%ruyD120MulR^N7O?iT(^Xu|>nZW`tnFbpRH_)VnEm1iwVIW|bi#RduCxvklqE4y?YIGje2vj+f%8tuao*3Y~ z;CJhc08}1Q29%QO*wN8Z*-n`aK^O=>wlVfqR@Twwh#Gg~rlOc`8J(-us()3jAKZR& za)P5EvxFHb(a}{Oj7L(2BtJI>O{1bJSd{W1o;p1p$^9lK0aB~pKy?G>G(vTed0@1f zjITvPBD2HcfGLXTOAjn!d+mB$K{CHD?QN%UJ;f0NtZlxba=(Z zi4;Z+X!HdZSl~QhDPY|pusF&~3z|=MSfC5^akGs0Xzu-e#Fo5&X-l1^JRv@6moP^Jo_;O2EvS;UawjxBe( z@uQG6b<}u$KYyzP#FaEx?fH7+go(CpZ z>NMw1LR%e_vMZT)m>PkRH5}q}H0Fy0wX7p`{a3foi zS|EiwDLOh~qXev*lAS+=?PtwLN7tQ|NQqL8I*AyNar@otR{c|zCnqQN!Ah4TVq6=L zi=bC)v6=m~s#%?G9Kaz+Lo{!6C8>gnre1Y8YDs2`^boZQ$tKMlh{su1V`QA&*WE^# z&Aka+h1?I^sZ0!3oq3Tb9OU^UwC=2tzC{o@F7iLeKlNj`tAKU#6F+L?89lm+q0p>c zZfft^TJE%?)sWo6h=n%qQAaXsks9M&XJQlM6D9Z|yLK4I7P3oNj}IG|5k z3Rt%jG@{C5ticHEio$-}U4EI2EUtF|)LKg#lG?uwN(qC=bBoXsseuMA8W6i-2gN#N z8V1#%jy9W;U4C#UD9I4)Uu?6-MCbV1wDLmD@NWYk`jgbXPHR{g__`BaQl)aKP0}z$ zP6WHg6+t92;5HmNaT?h%dBf7_QIY5J&m7a?~EYund^?V?tkU4oG# zyKc})?bR!+xT(a7r+7O}rSd{^mx#sG(v^IaYthu>8T^S}6>mDCQIx6##$%)ib`td^ z1f_r08z&cYh-`dUJmZicN5zXKJradlSz>qU1V}%Rf8_himwnwFE9U~o|KbN|2~dAX z-hjAPc1m0pBq_OKM{H>INiXz}?$ES$sQXoqw})CHTJ_RJBpFfb@<^x_Sm3sU>T0gN z`>n9I1(pKV?T0I*E;)?HqjwVAG1GTOsI`_@6iJ?sZSt6@OanM=rWZA(bW^M{puHMM zl^~4ME_mf2-_km7n4Ji_t6?;Dp)-<79Qf+L?(YsH# zgKqNErsXY)!l}w&8tCd$2Yc%4>WLe0Cw#eJi3ASa%OXe^eLB!ZZqtFBqK#88Ouc#= z+UiB0|BIN7@_CbIf1lK@yQ2_2{R{M`r>91q>TU0M>((t3SKo?NWUdi#FIdDKc_G&T z=^JXsRR6cv)ZFyU)iE5-)orC24NzxRF;w`5W^yRPt# z5pCnVXx`-xLGA4?hVn?EmQf;9);^Lj{?$E&w#5}W7==C?SID|yAE z#V=*h$abaO;%6Aj^?pEHkx`~zm#&v! zx^oqBCnZ@j6sPMDlpdGCh~R{s1s1r3kn8HKCP(4Z#hbuVz&aP$bvpN(cp8OP7dJj$ z;IOcVZ1?Cg7#H4laDyk*!#r7JlonZg+cO zFP%YMI%#ygju%bxBxjm|$mA|)p|6EP%7yrMc!K%;15IqLCVc{UqHk*gv{b+i2kS{b?s*O2w!0LaH?YD3Z^5h=EVdx-@W7=e-14Piem zrBTo=l-r%)ECsA{gp2WOQQV;MXxUxk7l>f*c=1k!os?=e98ZQo9gd=HH|)?rO0SQn zQX|c<{T*O*Zc3AQxg?7w4DMJqFEryOOiIG(uBKZq3wfG4k~ijKxskEraU0}7WVI~u)Qv( z1qxX7oxwUS(jg`IG9X2Sh#W8C?=!AGdg!v60CG*UT&HC+5~Dg;8ip1F5tWwm$X90vO)zHTS9q}w(-i8S1KcO9UTipx;sy2)LHaB}?q zzwoqoXqYB3`EicO>DI+1s6ETbVN3$78Atj|s$m8WCnMV@`%;2SDYyRbzjyM&&p-N@-|mueSU7#pue|@;{u&kct5-$p zfcq243flI&6WB{FrT@imo1&mx3^H_pJYCD3hywaXbSm$WJ3<0Tfc>{E zLlwdpT|``MjL1gF4Qhb}&Ip5gwcp~~A@a9+>$WKQQouS#7*U$@3uxRcm)Vmhrebi} z=+C7(yMVdfN91tjK!Yj-ilJv?l$KVVMg-Wq>k;EF<+Iol0x*&*5>8!ym}MV>KaB$I zU%I7eqf7?l$k`o3iOa=_a6?{=<|D(z+}`cwPH}WyDNM+qbk2UGUXjYV1J!9FN|8Es zbn(!j?x+1wAU2hBOmBm-9qmgZ3=utTTLQE8m>QARk&tmJ@gga((tu)&R9DfW23lFl zUORP-!aP;B0L%UbbX*h+YfOTGA4)Ma~l7{YZ@uS}*pwUB~ zJS@<`%_J=awKhqzgk3a@&c}5D1FRAMOL3%&&4@XD+QLfvzphhyRQU{?- zk8U-nx6)ow#Y0DEA!aPYDy$BTdPSor+RHfK`zycs zman=0o8OiTgaiUB=7ukk^=&zg4#gmj;7wdSmK~iS7M_92eM}PUR8wOuX3&CE=ET#0<3H8`}qJ&hAsC9egDnzKX z%ZLx($-9m;Rz*ro?ChiOgdu@(`HUD;h3Uukr zO@8EhGP-&dYH<3~Klz()`I`IwJFP4Gwrh z=rd?0&`Wzt5Aua4&J@pN>NLkA77U@iV@T@`Du&9(uu;o06?m2M*@%DG3G%fSn;F5$ zY#z$Z9&qo~EVv@w0|~mOUFARyZFa#T&uqOAo9>!at#ePXGB-uezf4WT9lA^v81F_j z<6Ns_r-6?D@E`UYAl% zPfyJ?VVj5-ER-vo?(C!cwdWQiXOPjyF;vLbu};@_R~qzhbix2G6Ur2>fOzpx4rGA^ z&KoXXR};rL-hH;Cx_5%5fOWOuu!_5P%ya<|aXM}ZIUa4FkGK;y7XwD&Ev{i*m31_U zm@$r|1hsftr!naGtj%_DMIBKRf#!Ho0~~Y^`DF%Deie1ZW`&xIMu!wxx})Uy6;uK8 z+$QfET`XQrB+_(gBt z5h|TZ8iFL?esCSNWh8yomQ{-BCJG!8bya;Aeshp0G*P3M%aw{g#aOl(wSBr#wS_3e zABjS`?$J%{5EA!J&1M_SBFX!@|K9e5bJwU~KWd}3)w~C)=xofR&h{*eR5YB6e{djm ztp!TkHe9s4wrSZ{-5S!2W2v)pkstrq5B}yizWH%~^ewCV?jK=i7TO0M{=i@V#?$TI ztGX@!ksRpMyhPvxh6j&hpT(fQ!Wy_oAJV_%U`GfZ*TX@-gp9a>fiAw(Yn&c;&;=H_ zx^P$>KFcaYuoSS)1qSnqGY%20*=NVR_g#b8K=vTut`@rb9?)PS&{$AMPokpe;uTu_ z+*q?ik`$Gx=%V~HiN*2DJCx(OI%(=tG?YzJFS#cG?@S*K7KoFSWr5>Sc5ih%5Z+)zsRwI9P@& zR@4zKo%~Oc?N?Rmxe?{MF3bWgvP!diYk>t03uuCoDuWhcMX;T)_K7NI4?Ko znT>>8aF_Pm2o!nj+Lt=E;L%DB$tpz`qZm&6Vj@H>lYsK_%u50kqaa{ zqE^YXzH~i0Y)G{+pVK6kHMvEkHYv{`r#csET;y9C)UfcFUSbfTm#A86r>Cbq=drz4 zeIHhX!Xi=Lwl5V98ot_BZbwKt$=RJ#>O$fr*+vRUKUDIhQFVI=J+W4|g)`KDv^4}n zPUTA#h}tRrCgKf`Yrl#1D$c}L%pyr3n#9OzZZD{2=53<8xv}g@%=qeAz&b{dyLLCI zEq2A#Lo_GDmpZ%(9&-u)Izxd7Tr#)kYeuB-re({lS z|Ldne@=x5c4A4v_sGd47iVE`aT$lDfOSVf6x5y_Gp>9i`gbutJ&8GPZ-A?WxhtO% zPZoZ_aP|T~*L7sX4L7lI6x6y`?7I7$+0D&LJPSz}G~#oKynMc{M7X2V5lw+Rvx#BS z>kkE*xTB=U(hfdCBNXYTlrT#&$CFcqxznqQ4bbq6vR*Quf{OUb%`hJ)r-p(2B;kF`1e7eDap zKlX#yKj)=4Kkp0IANlN2?*7xizxBO;_v9VlT~d!tOQEhc#E72XS7p(}H9A^EA|cq7 ze(DywFKvc+T+z9Hsd*u^UCg}}4$-%dxvRF4SEhswC=F^kyEMA1@&P4(u7CvR>$=Ls zO~Xd|nr7-=hGf3*77eY$xLi;yo(D#UHJ=LulDWHR>Abk2#uOUETzW~0W{ocDgsLYY zB~18oCr+oy28!ZxBoZ?U#jJXzT;Td`zfrbU{u?14TT;4W^J0TGuf$LRdM04iE2M-< zHkdsYC|Q2{!z$M(Ggle7W;N7?5V=akB+?)v%(To^lltM%PEwj84KP zt#hT3gF8+6nw!|pSzr(1&jS(y_FKn^uRTQ9TI)xByH=L?iU^_^oLvE3wC-vWbxFq6 zD`vS?w&)&750X#T4w5|ie_hkfx^KPXdv3ksdsfeQ*0taDyrYl%o$IH6#Oi}Sq~5ss zSj$_FY~KCLn_qh8=}-UU=BIva^B;a%S&JCQ^(B!5x?iP}P8CF#6)nExQdCgtOk8bo z1y1DAGFqlqfNsA`XWSMk96}vbL{;^wW6C@AjW}IkfjbX!J)gCL*%dHam=ahDSPSd` zXZO^!;L-I9TM5Wc21B>~;z&dih5qfFA5dQa^qA4Y$0+E`V|~3#l6M7Ym??DA?$K{o zA1pd?Ltd8`oz{ri%MTPp&c>q@~X;VNS+?X3FaWk1R z4X-iMZBPu#Y0$pJnjOY8tC=J{lm-r0Vy~s?1nGHCfP1;BZeJu^0U%YqL4P1$rb!f@ zYnJh7IPAvr@kL?N*OF~G0|Cjd1nHA7kHrBVlV~E2c zkCENwj@0N!t8|60HZrmjk^Z}ycHYjA)HV0U3a-iQ4T;U}JxZH9*l`3y-auzR=|#lk zt2xn7r`4b0*<Pv`5gH8=y zF*y?%RZa|`UdWg0D3C$ot8RC&x_Uy`W_4-Sgmo?s?$#Dq;4X)8n_3E3cMIg1!z@s+ zcv$=xzFfe1pb<<7D5nTABF_zmD6BzL^h4v4G7XRR;PJKqE$UG~tN|Zki2fZ(QC!Rv z-4b$(L2)>W&nSc%3EU%Mt`?9?3e0kuW+STb*s|9?D94D<;)tY6WjYtCYy~D%Ss)DV zh;^FzQ!|Zm(Ta;_vl{v**In;aL?PW?#8hr~?qpd$(9;8(wGRF0E2E@BT@o{jer$Ou zr5_1zJB%WMxa{DorZ~lJ&d?+Y?9FH|m=09DnI##LzU4ldu;m#}gM5q@hysd)rWEOt zD-&%)?W2G9Sa)1YRKm2)_&~EQtCV{#*aIJYxE7Qh_d`_zN2<*TlJz=g*`?pr0rIzH z>r&JM5H@mv4M6##%6kH?)ssyPx`NI7ezpDjuOW98D&4M8qeF;zaSe?Ki$*L`{IW87 zbdc7FZj*dmItxs98S`K|dXvc9MTHX1?FbhRB|yiGre=W!?q)dSYDMAGEdHf{b+^M# z%hK85{M`MB<&4Ld$+DVcjDvtynsgiqk}eNWuBF5$NefBamAQ6_rU1VyXL}!t1Y|B3 z8dnvWYgdbuy9>^p4hub;%@vO%Ny>~j-EIi+VoVWnnoFyi%mm$%mhrNxFP7|sl&9loe4Mfe~yoPLrji67*&!sQw*8 zyhZE~!uY6R6Ysu3KC zc6a5qTSS8*RJBnvaXlEh2&4p&=;3{26s}h+fiTt2=(yxJ+(8LR2YXteL*we>LNuF^ zz>@}wlaM3J?H44nzQnGx zVC#jC8T+mf9NorEWB2~Qh zqe7lZ;*UWa z!GFn>DVr|1qA02UYvY{;+9|HsH3&IW(BiHgJFQuVrD{Yg$OMXKXa^w)m7Ff(Vy!EV zUeDL)$V;Qk>K~>+zUWM-BE^(hRjd&E;T5tDb$YW)MznH~+Ms2b2i9muC4-!*AD#tb zoP?l5EB)?5P(Xlqkxt?_40MuanN}Ok(RCP^+(hQlb=AFS?iN_!JRtY^w-H>gUJg`e zSPEF@3$shnod<_9q+RjkEin>G0+Hx$K995vS9o-$x3CvR6%>V(c*(q+aN{MfYQOax zd7CIwuaZiDu-XAAgFU^wb+KdYJ~kM1ULd?*yyIKd?uy z3kFQQ`xOn*Fo-1Ma^pF}qiqNq6b`^r29DJl5B{ zB$i(6u$@ruZk^tpP8loHC-y20I|{mPw-t2VxPJZm(a}-gpLKeAY6Yy`QHxftSX8^( zw)my~5Q}TXON1X?aWaoY2{kUB_UgE(v1AneZsq9- zZc>NzxP1rRpvqkP?!Dw)d~kIht26nxy}QpgbLXOn2dFzntu&{R?UR`l@9e(<>Q}uA zks`z`!}`v$nVW0-L^)M|h@=9NNxX{gVm4mtbnhoQ6Wppyq@o1e#loupICM0p4eECd zHqzp{hGdLex)sp~mC~<%fEc%1^fguNtKM62T9@dw%ABL|1~|(X@0S+13n6z4cO-O{ zmjc$E1Cj2MZ@s<5XtRUh*$MJUdRAPzzS`2Li&pb$SWzYrN#jbmq#M8Yi!NrM)1Ua! z&3oQuF^UQ;5f{xA-da8RsrS6OyG_LE23}HSIC|J9q{>Sw^Nl~MNO+?>~g?WYTz%u%KNvpsN zM*NO|?dsCRvR_a7qV5?Znr|p=xwKKRkpfc#_qAM`R!XbvT_?)@@JBL_J9)(fB5hQ? z%8}%<%7;EXL#ipws zYJ$>Hz!o{=QFz5>K1fdN4CAvf|Y3mW1vx zI)!*(7D}TlTiw2TOfT+PW6cIhwnnW<&$d*c<0?}iXsABFO7}cwEm)Qq=0xyMbVFGeH?u?Dzoh{O1yz_=gJ2?UiCspwDdNuYFS_0 zZ`CExznf8}dtg`a{nH9-G!04`qSP80_?EY8<1WAIyJ&*24H6Ui3L}P87su5}(H&|D z*}DR|!37q$063tsQ5bNpW1SJYl`RFVs{y%B+)1m{#gE|JDVjNB5O(lLZe*-FExL7} zE4wau;}>V++67#QA{#fkqAPWIL>5D$kVzLyJkW4ZffHr68POOw*?wie>EAp&jq=7Q z?V%we2c;S{f{@yb*gIuw#*~{&U{Y7*sWn|hH%J*&ho0jdA0Oi}?R~!$o*`xOM;_I+ zy7>l{en?7Xd)$?Ku2v*EOuFbBThz>QX`{gvX_A#8gP4O=DHcQ>U9C`2kgXL@MXiAv zND({DM^_DT7e}&R*HUbVNLM2uag7Aoq-NT3WT~w|Y%pS~)P|%N0V3aZks5Drx-rr? zH!k<0{dN7!2yJC*iKb4jYl_Z^Q`IHf3Oq#7Be4(<^-^YufF|`ayG5voHTsH3k+KUp zJrgeiNlAt5mK2df*GOH*r3T{4#HbpyeY&Xs*6kTsE>5Ju$VSN|#)1vA;Rez za})$%gB3~8co z-MVGdeR6UV6&Wi$|BrNu%(?GtKrvRY?ne0}d4LA#Zh!63FrXr#sEKQ=luLQh8}Xkp&qf&B2c3sCV+lD&7LB zq9i3qW`}kgM7}X1vUnoeqvb4N5gr_cq}RNpCGjLVkXBU4=TYHxEOkL;>kT3n>a=8| z2wf#?ULDGuAsL;zHT~czVk0L*9)onA@E94W$;t>KZ__ghE9~(^31b^q<}@!IRp0$e zQIj@yF;IK57vf0g&VD1=i9*gg6A~%?&UqQJGS`A!nJlotdBA?|`n*w{_Yg|~>m1>* zdN6`**FbO(?ZtpD+k>>}0v|!Ns6=tq$mrS&BltW@*6Y#IyMO^k3{eDDBra@{Rif}0 zArn|+8Kr7TI)qZ~;W*W>+|XGKK~oo{hmw#weI83eD)rSILwQ6iroL`Af{pW0G-uQF zfV8w1V#>D0(XZMXYIx;u4RjHk-}K$%*AfCJM^FXhdt7&wiglI~m6i;!7*; zthsL1eMPiPb*Ya+C#KVg1$++frJ^>Zbt*bL703v-*ME@a20PL07FIBE2pW3ao3&|* zSUiJr7tO)+EV1rE3L~76wGNJAjj>IXi=L6xoZ0<`L;Z0ZB!-WKxsKE&&z(wjR!V@4 zWkaLzU7vvJje9L=vd}tQemhR9Op)f0>!8O21Fr!R(g?=k5d&JE;b{9c+!T}OQK{X zq|Rf|0|wJ~5+vD6gWNt(CTC;!1rR79DM2)8V39E$M@^qtasyurvR(54NI|#0$-_;h z6T{+Jpd<$`lHWi!m1`Rp<8@>TZ=st)E|SE6wg%9oXh&BFxrjFMy+Tc&@WmE)3j@iD zvKmB)U8(>PsWz)F-L4=bby{(wzinGKN(5_%YW3^5zbx4;Vto-g`l1Fq2kW$MMPgAQ zG=KsYR02@mbF%SA+g2)-Hh07tm%t(#Tp%lRuef{GT(eD}1%;TAjzv^@)=5&AGL>XL zk0T9~7}uJx8R=ePs%^T$Dle#tZM*9;@^}@_Q*YDi6*B9(L~KKbMpukTatnCge1j;0 z@RQ@UTYbZ(Jz!|lk{n5in8JTI!Ix@XFIqqWtmO(m>8N%}yQE!V;$3@P9o0ZJmK>3x zqV_he#A9SNcnIcxR%ukxphSNWEgHwKB<<0Cfd$SR5-+rC`;h?S0$?d%T@7#@;u*bU z6uHvfbMnP5+S!0_k0FwkG9n`)OpTU;09PIjFC2{YKk{YOYbMO1SRGHCqy_+f12tO+fvFYtiIna1=tW zyeKx3Fiv8b+L8X%nT;+gn?w>m9w<{?%3;u^$w0VByIt~#+}dLo%xWU>QphzM!eRqlu<2oY0u(X#NGUs0<0*oTYx~VPnDTMa5dFhYyXm<;zT7UZ2P$&Lq(|$;x}*5zmZ4O zA}Wm6sZIa8Ua##db<{??D2Bv$MQ!LV5<^4lE#k}m#Z$>5A>%F5iniTzWTM9Hb?f!I z%E4Ra&CI{yyqL$szLqj2M3U1+mBZmsO3_(tkpXs?`w- zcm*}el_By~wqLY#@#tKjtW?1w9!D%X>Py#YS|iqU&_tI^LvpfR>(0Rysr^eL-4#gS zxt~FTQ9jxx(Nz>L;dDV+?hc`ETykkH^5(2@ng|N_{MtZvMc-sE+fthSc5B2fJ}SOn zM}KHTxTNBB(>L0KX@lzNhh=Jd1q`q=qLZRRBj={BhO8dx$M(1ms&_>m)yEo!I^8Ab zQiYVO;pgUqGeV6G2`QM1M=2?u+MAyoL9)OCw+m)HcK_jeF!%b%h*1!-D=Y=9^Mbu+ zw+yS4{TsRXJ%-*J5=BoME6^gU?Qt>Qi9B4TC??Z5tOO}U6cpwW9`!}Os>J=&ec6Gf zpwUnMN=uU`jb$3XFA^qj)0iS@zse0GLWd;gac`;Ps7omH2SP!P|%Da zEIAq1gCWf{ZX`_~yvYCnAOJ~3K~zusZRwL$f?UUoWSGyfoCGC?9tn9d`q7B+`+zQa z_P3`Zy$)pv4X{Lla_i8Go^|@RQ6wK?AN{;Fpj-v9HLs{g3xqo<9ijusR5*!{-6342 zP=?xzX10J%Dlyd2bi*|nZEpk7T^%<8vN&Zb8k#s7@ehMAjt4ajZ6xUuIk&v8JAEp# zSuaXtxO1eVpzh(&RpKI@1-wY&!s~SQT!Xp^;wjUo6p3zF`P=mgZCk@a3|921+t-0r zhKcF*>x2{SorI>cB2P;aCcj;RnL_T0K=l?l!>JpT>@FVLhf9W%7nu+007*s}EOR=K zW054IwF$2zHcpa>OvxqB9czIF&J{*fG4DHgH@Afg19F2)0qau0p`2YF0?v+dMlwjZ zW+4g%6k$GM4W2DWu|gytYD1YuZoP^}+q?3ikcfU?uy?qMU=bVDu#$k!&3qP7Bhb2N zg0hbsQ5@+;)vdMD(^EQ&+BI;Di7CI*WCllfL9LZiAncA@;P=-M5MjS!85HfQvG(p) z`H%q3Qix7sq_^y)9~&iN+$g~looM2)m(m%f)KktAf<1skHzOW*ZY z;naCbeeExO)UQlGKkpvFUf^^#R5@1;hQDv+i@pv?(?{Y(3bmQqg8KvK4)>j560X}i zP)Uj?8(yqp<4UvgRb$&MqB&7}Vzx~S0nv!4pOLPPz(|)0Uux40eY1USMxtq*?Hhd| zuEuAm(eG$PyQ{{CYNHq3?qzFtsDb3H$PLnF#>6wzb$t6+MTe%*?cKglY9Bu}CuzuS zehuigXf*la>9e{)B1zlRlp%f;6bTtgB5X)ovQOEizeqtXn!65o20Z?-SIf&(J&G7C zstw}TN0qL`h$NK;O#!kQVa~^ON8iKqEU>^i!J)KKEhw_4^B@B~#!|pKFW7IA+?8YS zt~$-UeboK@APOmV?d7gF5uWBf9f~A_%MW697wK8FN@tyJ0BK$xJ`zkUfIt&OQIQ76 zRUSnyKrm}oZhMrf2BQ=!yWNxFXikevUzM~?vAN+Urd#%-10KptQ9EJQ?Lw4tRH(CS zv~7x-^fO`Yc@uq2AyU~KO*N=1x$Lnlfw1J#WQDD0o3=Bh-PI) zbBa|$0_718fJb6zh~imLoqiY*H^kxkqAVi~$}bTR*@&8FG!Zlq5i{GEsEz)*NDcx! zIlU66@lpHP;bwV>OWhV8_dFtZ04>NE4I=w8SV@MzC6gB|ONZK1s%C z8_i#n98+MdM<7}a%E^flgLV*d*&aSsrY@*W&z~Yu*X?c&?1-d}07<^@PNHMNOcbvE zXpU4N-Rl1y9UawLPfkvVJlwK@A|k$;x8K2?dTWXLiTbaUE*a`I3lD__ieNmXie!u0))BTqg zJJL57Ts_f$$*Yj&N5~Tx>9rqbgAvPehd|RnR3uDwada|NnOb@WEIheHl4C?v=o0Z5 zb=(rw-9lvhrd`oS878ZkZRjMjHeK0W#)&m` zS<%ID81Y4DfM;|93oLN8K-C^Yf(tMQTq%|U)|~*TI=Y~asMOh&?~DQ8$Sn#l2yAKB zHYOQ&dDaHA0mA`ccWm3`!*c~1*!45U{mGz1iB5#6H^ zU76^5K}6cnz5cacuaA$9le)ZXLB=edcT=Y?y{cpsPm@xV-i_Lj=_P;!BpeaWi*e?C z6g?I0j5uf8m}Zi~MDi)qY9k3ha!Ludvi%BY5wj()G8z4YpT2tcFE_9F68VSXeSFa9 zw||e0j%Ys-DYk+8Y`}Jjy22+^M4tV24VD_HMWBbNP?>TO8YTFqGu_P%*(DE$R`$!( zUzvn+^S4_S4ivlgdtP+y1rMIQ<;~g*@z6z8k_h&;!P$+6Fz)paHh;Gj=lKc?O7?5ED4BZy!uv)F! z_KfEqecD4^w>`xi3+xAa*b_BSIoIvWZnKFcSuw4Y+P6;2ks3^6`;mD!Z0q&<+O=!; zRje}oI8^a={8=+4HFCu@cm)R2EoH6B(J(G%6JUiidS)eGK$vd&MD5-5!{lHUz`8A$ zpja?tM8`-xT6;Q1t(078gbqwcLbrPS3b#=Dgc= z*XjrHK?3KGJ&^sJY4Br&?SukM|iq1qrxRLjF&tB-tk{eyqDe8ZboC&%dJR0Fm6 z(rvJBS1jNzh*}k(Sx4_{$JG(bZCdd`-q9{1!EVxT>@=ubX^28Dk$#{g>(-MOPjie} zi#+u+yEy0u4h+?~Mz>6^iIm(`Cw0HAwRYp4n{WKu)f1om$kU#&`K5QFH%6R@!F3n5 zQrN%Boy+wZ!PPO+lLZ#Is~}&0F9wzZ*5!p=BNexA9s(Miha#SZ{sIfLi^Q%gUxOpM z5l_-AF;_|e2pgqIxDe`!XvY;739T0BP-|^tkMD{+J;N|4Nx&9xh1r2Ze6mEmYwu;? z;Uk2qObvu?X&b_zbk5GH8-sSTdsX7-=%}CUYhdr2AO?)}UE18F1&2$BEYk?y+DDE( zaulff=6O_xMf{ceF_(Un0HSSBlPd7;Ns$S{Ovxz3j#@>+EYuiB+4^?;es^ zdKWGK*)}~yW%-yDl@Otc=;Y+2_rgeS` zB}@@2xb5=*#$5$mA&h`}k`mYHP#V$PB|?a>6;EyOR-I<=WVZC1T!(5tHlsGklujsB zX+8%n{>bt+y{1qB34T}G&tk5N*DVgmfF>PB_@4AX^+!bA!&MfJY zp*7pbcefFPniV0@NkqPMxuM6RI0U{&S)k-sM5T=keH<073u^ue7_(H^z4_|jzk1@6 zODWes|8*aD>swF`3aI4Bl>0V%MDSt3$jI>z8v6nZTpoxPg`N85%e2A4ZF4DLEpX`o zBO$xu8cDP~6EZ_w9^K{8V>nCX@Z60CX|NtqM4_Zj z#8M^9fr9LQ(G(cZ7%~MekpEXHSR}@%%_z@Dl8X0CSZfD4VD$f3#02ZcrlV zca@UfMSB_Jb_I8$A#K&m#1IK`)YDqsOBG=tv7m(e#hy<09UoY;Gp>zthh%<2uMO2H>MmTi{LYUk2IOf68izvC{Dqqz{>Q6d z`6VKrB#cy%-r8Mz%wQh7w=}iK6S&N>a4zr%c?M$>t<3mZZFhg;Mf*T1c1Ka;zebhH zs!pRsJS)onB64GV1*e;lIlC^g!RoB)(YEVO&PDOScHllHv1dH%#^=4N|GxH_FS+&Y zZ*9N+tB8bXFlpfA(wm;d5nfMd+XGZ9BK#!A!}_8H7Fa-GDPUbRB=Jzv9{uJ>43~#2 z5l6e#FeQKU=u%s@wFDBd*y6BI9K(M4%uB6&{65 z5o(c4!>|>JhZb-x$n_pH1q5!y*`_rt?cThsFYy?P0UM)kpv@X|i|gr-9e_nSjO9Os znTXMJC~-0xg}Xu~79yFTcro*FW#!@-@w#PdUsbA;1w^gF!IpaZjG?6oRc#^1XtUF{ zM{yaE4N^5Mkl_)+){+EO;gvuoG7?~&p3#nEs~Bl#L4|CSmYxdbNcXkDNbH0Sr%&&e z>GUN=XP~bF(a_Pw5q%@VT+fgL8U7%s21Zo5?4UZiG?Vujm&q(6MmbJ&n-+$UPVH{s zHdE6hCu&a|B_4HG8&{kO4Ml{L=+CZXEU>^~K|S_Jd-U!3N|d+Rb@aVqDPY}E za0j@~d@(D5<+wpV;FR2J4(Yy$q8E#CrP^}TncGWH$9`Ii%_WwHE%1K_Nq|R zA%P$PD#-@LDT6-It+oCMza)XFQoX{1y+~ZB7*;0hpGtJeYtyZxx~8}!k&+vO66yM{SF3PGD@`#SE~K?QggY*F`UiX#kU&Te1r?)nG(?OHu) zb(@|ZrO4ZM-&28|hPBr6!B4NxdBI~Hp7n8?=f7n21OGs2BT7uK66w+VbanfAha&p0 zg3oTY?S7?xt0U>I)f&(aN0J*k!wsC!*QP5DIxDi2X!hGQ+O%eL1eohIkY=0^G1D8j`mjc#B!}#1sE%S&(uTy~HMy@;2IqRlJmg-%hPP4~Z{4QTeIW@3F zG!m~aR74okW_blhP6?^K0dBuaxVX!q)>`7pwZE?N;}6WNE`;za321Ir%6}wSvP#Su zqUbp>jkc}YV6!@XF@#2>3DpSO0(v_+rEHHh>Y!&KkuDJ>)W%I+=nCaCq^MO=@wREJ(XRL&NId<^!g0`CWO%ojJ<(Ya8O}LI2$-39dY883SvJ}6;h|N zJ!uPdwMwdn`#w+tG~?K^pETdLnKmBRg$Z+oH*Q=7&{;qc;pnJxiDj9H-1f>^nQCc7 z4-sQ`k<=>XHf0liONDh`>38{Z>6vYlh)cE6rGF5j>6o1_B4!Y+&TllWs?Rhcxi}ia z-WtZ2;MNblwo>Kmm0z*>@qb=_<9#kKw7!(7!ng#G;V60PHtjK?QQiSPfU6rgsOwLn z_ULR4xr&{pM$1p`3-Ty5Bby#|6q#S^;u4Q^x~xTO0g_Z7_xO9>@JATKefJ-|;P;;V zlkY*Cgn`_D~1s1rRFs`?=3x`3p>gggv7n8mTow`PAgQb9V zzHqL7FbeEOdhG$a&gHrlErGMd;0lC;>NCJ7$WT%-$RJBYY-n#9C6G1RU!&H}N3e_d z{*ghQrb7l4S5>HLB{IC*V6|FpKuWn1+PhRqF8%0SFJ-JLpnjI^sXZvn{OmAI1L!V> z!qnb+nIX7If*Y_>giTiOIuVWEqRyXs z;czGo^esliW_r}Rwx=u65Xf>7pc#pNw`tajBGtd>QL#>hlfKz(dPT|POfAv(qKFEd z+K$T5e;*wk)mrU^K{^u41dArqwqI52eNkLCt*)|lu=g%qp4T|U+ zV#XaDUNgIMq3nsXily z0&0*8S$(g)r%cUICTK*YZ;(MG~iQCOFqtSJ(O>u)3HfL)Y;{j7U|1W|Dd0Z%S#()Dkh9s#3b5 zfIA5S)H4`{L<6JrBWY8>IjC?d>~3h1=PMq(LR_QJ)ZLM3P#PAIjXN)}L2g+jd3`Yx zC7=psw9#upNCP?Ep7G+B=25olC3>FLUoS0Ce(Ejp1xzH8yf>Kuu|v8?5y3PYp$5gHBJ)V3l7`o5m1-v+ORj)e!>QEC!e)uXA)t;fze)_wtlMDl`UrUu zRqpki^6{0;ddVikoi=op13sI zZ=x_^zd=n3?a}p$8}Dm?YL%)gWDfceh+KhQR|<=KGy@%@(t{VtNO5Le?}7BVDp$8l z#?iAr{`zNszT0>8)TbSN^6xqMS3jhJihf5N)#YqFzz?@w(A8JxFj&L zmYs*5k1s|pECsCdh5e@du!@qq@^L(~5dhwz{n+Dljv$YMwhHN%_R^MBzS5frr2V-L# zPwk`F(KW*YCbUCnvq+(GlwT*)(YX z(KjQ|8+i?i1t>se+}+)#t{}OBIf-$t?gfR=q+(8KgK_8D9mf4iSmcNC7VTWqg3)UG z#X#Cq*(tI4t+nELVK}q4%gh)jb?wdUBlLaaRj*#z(7h#Y{UDrW>fW^~*QR;zYWs0X zq_Dz+4b*vjYm$tJM(KZXqnSG?CPN&>2&>ao5*66RjC_%XBoaU|qSoQ>>eV9@OnO8H z^+gOWF{BuXfrfM26JJJ2M0SD!ucL`YJ{EOD-?7Dc#D7uqv5TI|Y2E30Ter$by~KU@ zAHDFU5vQv!`})lve|R4q_i?*P8Ua>{#ck}}Cy*2FKXiu|S`!Y9doXE& z@boJkqD&Ro)Y3$!1F5KqDzX%7*8epJ)lc6mQ(eN6J$(eWh&d21x!x+Nt=4WU2XjFKBSF<;@h8JG3hq?Mrrul@z)a zO--@}-_798W(NyrF~ls>w~7{djsqD;iyv%iOZ*o@Tav#9ujoeHEDL|&5JmhznHo{u zmZ1|rwwa#Dixg6*O#>-;BraqV=_mG+=sEIiMI5Ff=>uVX97iEG2@fp?#2O7@Kwisy zb>y*E@B#Qb%?9z@D}B;HNeIot3cl`#cL^0TWt7kqpwNi;HvPywiVhdSeBH!R^es+g z0dbPTtAr7=yR1ZOjXO;$6YZ#l0?X*lz15B#T7+95p7yr9+@)gtF~z`SS4Iz z`{=sPwOimO6R=)`yeN@m+IF3M1sbeb#Lb6ZSC6iRV?F69_2pmMzT>T=;bkjKsxOm) zui$gBcGn&=prs`4l&pz#hV)jIpPZ!nPih>wQyfwC*2qIJmx!ZB6uRut=&pzo%`w4} zuQ2k~FL~AaBR<;g+hP3)pR#(!vrhlx&ld2aIK@fdXersrY>{^o*B}y<f%uciFQI2Pyi1mOS8f!9 zQG>e8sVE-OwbSKs0R_qxHJF%9lNQ-V;0AN3x3dYYd&|{rO`h%KGEEPxnI(rrIqCpf z*-B1)rv{kM;N9LUIYSNU(NsrMDRdM@Ozr^H1tsmN4JALgXQA(GLK@J6QSMZNSti*M zVRgFy$cZzAOc2ojOcXNU!{%k>p%(3vw9x+e03cz7eqD++K-91Q=d@Nq5!%Jx=Y(j6FkU>D+HY#)hld_B_X7?fDUZ7@Tk+c_r4pS`vsYFN~xdw z1?B(w-twQ{iBn^=*~R|I0fkxN{lNz1C$gsg??%2ZhJ>V=`0UKtrKSqrI+iw#$FBV&AAV~Q?D7<7$CBs4n3e;ULP0d{e6;;AIJH4bMN z(9j&^JS)00y41S_FtEcA9OGaLm+dzRmQsiU9;Qms$33PR8yIKJ=N`~u_BDd zGCi-;Q=f_~4P-AjA9_u_=iZ#zx?0ya{qg!ue@NYka)Cek=VFOw)o?T@>uz2eU(`hc z$gK20E_!p>m7Y66*oCU_N;6KMDJ{~8EVmo?tUvKn*U$R6^)o-FKILhvCqB78@TB(Z zzqWbbdpGa>FQ>ooA5P!-bEiM|@7mA*OaTi;@nUtJ1RfcPF;b+udhHE=q+Y+__CmP+ z{Lj1fZGW}=>bs2>lOEYA-6b;cI?ec5ywCy*+<6dL!T1tJ9&!&Fa2ai9t1~PGth*7C z#YqooidvSbZjB6=K!cRSjU*y^a78z=-C!sgk*@1Sl$aZ5P^^O~kP&Y*+cST>WexDO zg^2jO8T9;A@^|_oAx<;~uNXuwLQa4jLW4uE%k(iXnh#BcMd7`d{xJQwh_+1U(U8#c zh7{VgCX5u=1mXcxQ-_~}v__~9p=(nl zgf{i7io^x<3GOIGG&}+nPMO*`V#qyq(#9;y-BuY9iN;9Ri&QA;wn{R{H93ul9n>P4 z9o>CDzPHz3eYZ}fxf=8>E-%Wv{Wv{6t)K8ItLJ`}D-(rl zFMj2%Z~yD)mURg7PGoMhG$hlZSDKe8>;WjW1r}JK11%f~hpICy1+3c%vr)?#+bd9H zK<-|W?8CN1CXQ;Ri4im*j-57n-q>`y#(4GDq9bwUTxCIp~znvyiH z(xLhm`3)Q~Vainxva+&W2yVXk6|4L1A7QzavU&NJtbgK1%KP4u>t{agwh6S1&*Qu5WE0c)yFeO_zHY zkUaGR`Wvt0Dz_^f7TW>~912F(<+HR`poNd@7hU2k{(SXZ3RqVLT>qXoh#*=L+_lPG zx+u_h;~QIj-B4TOr!u$dxCFb=mA~qHB1(8H!J0(jAla&NL;+%*zUgDv@kJ+luHL*? zLhf=<_iEGBZ_U0H<=#3MTCXg$>3#|lDF)W7?YTvXu@HtP^#vQNYkNOeD4D6ct!@;k z+R*MN7c3jG{Z{Cv+Vo3yXpFcM2M>iYBI)$^=4~ZVVMdDQI!}`lB19I90KB4sLfyVP z*CiHtax@mg-(>e9eytB37vky7`i3c+Zr#CTI)kD{JgSgLiF;BN&WIH#_2tk4`i#P- zGul-duz)-3WURK>WFbbyD_|)`zj11mn9|Zpp})%BV9p)^@>XgDm)3HOcg%CpIoQO#R;YMBvNc|sL)1qj*7Q86D^2%G(4&mks4qF z8=`E_sOq1+>o{+|?DejcT&OqhIeqn49liC>8~&B|rB}P65-93a?|WeL`LA!E`FqF7 zC^v4dKIPMIe9EU^f8*C4|D*4`^DIV7+sJZO{=tHVkL|b5i zD+lgcoHvLdGBjPyi>xx%61}1>(@O#CHh`|a<9%lvyG|VM<``Txibg43xa0P9BQ`fI za2qF-X!}{Rqo7Sk#6VDqnI)`3g^uFj&GakI7|_sLAqQD&?^JN37L^z#S3N#n1?S5w z(4j#Qq)f9f1Z+>Lj>mk|_=M>K^JRe`&8Gc}KQMOe7qRrT`5Bld5&m_M7c@_mCuebI{%^>_8&5E>tJdg$dh7 z3kqfqcHM-phxJDIH`}kLAzDI6YPs4TC}u1~dwFn1+_iwHQhuWuH}UGLaD-M>#hra! z{mHJ?A*i^DsGm!K`!DGOSs(REcqG2u>w4G4;C9?&bQFb3kGxF@L`QdZPcdPr+xL7C z@)NrwThl9Kq5a487r%1#z>{435wzd=X`4^_wDnK^s2O90psQ}T0=ZQ33Q4jH>!%=%6ZxDs=6O z-@JO!%lBgqVg0O+TYuBvI{o4AJNY|rt?z!9>N8SR5}ktC*+B4B~j)`dpFRrC`3c6GF_WXpsyoTVf(0!8w9)LAu0+-@(|PImzGkB&M_D& zaHh$!BF=(|u0g(9WG_HZs&TS#-^YG|%iRWOrxi}Ws@rF_Sgq)~ZH9o)nQgLkDZ=&z ztOlnk=~bqtMA5c&aVNb6)jCrZ+Dk%vO~R5v%R7eO7r-wm}&&_|~V5)qk4_6U{~y)<#iP2&YYo?V)Q^s8FgS zS8p^EFRSS(_{5IU<}zNVd3c-4d`P8H+mU!Yt;SuI3}NzI1jR)LQoY5!PBS-@1|oO$ zjmD*xE^UNRP1r@A^rdklgk)clp(PN_GI_1YDOHIjlo<6e1!9R69Few}e&oSr0aear zmV{8ZWwO<3b?s$u7!V1=>8rnL{WCvVZ+)O_mjL6`B!H%he&*!l7v3xTU>Y=F=}@nX|5Mo;5I@YS0oVm{9Tc|F@vHVK}GE+@yu-J z1#TChQ|^F4bKX+#VjI_MtBa?Lxq}{2)|^5L3zSF<_>!?Ol1{{>VsXi~Hu`RnD@IK1 z6dO_H;+dVS1qdiiLDBW+ggv+JzWAS)WVunyJ(gPC(Z(HtuouEJ#>h{l|YGC!!|9MMUre{9XiXi zP-Q_OW|eps1FEG~MR%nNG0#$>YDpa<wo%xI&AgI;OO_g@!r4uokuTt zki0j|LjO&(V?VBa+6%A$uIKGX!1ae-lQ%$j=Qcp!HE5D9s##AG;UDR^zyg;L)YC?b zOYW0(P1MG2Xfzu>QG5J%*@1Q0VJFYHs~bI|+pXTNX+=(YtczliFPi?qHaaTX?PHNth=U$?39-b8^%rlnn%I*jMuhq^)~n-VV}Fc=h3d9G|(HP9E`SpU>S~%?4yKj zc1$uSCnr{4yLRmwbu_A)x4*zuDjE^Z#MNY4Q;-YnrCktkEUMGdOjX!ffRwxcs@5gT zkV>P#&WIw`Z4K0dlso)QUfT8EW%>f0D>Nm^9lcDI4KJ4I7bi_as(iuF5s0n_df3CpL^@-L!WUT40fnb{GgkE;7?t9$*UgzTmQrHzy5KQ^F$i5R6R=M&3o?s zvOl`_=tm#>Nvn_g*pr|Aw`CedpeHxL{jlZ-`YpAHaq}#JZMs1C$2%^tz~zLUba+>V zKcj)vxX!R7#uo>)Bv4>?9%JbugjddE=p+zy>B084a@S!01%hr>(B)PotavJ%Iptz- zk()Vbkk_CTJsgb!z?sA9(f}s@#g2k&aqP|@a-B$<5vRq-}Z#Ao^ysZt#UQjG9W+elmKKHX$AM#=Q%c7K%*Zjf6%!%O5 zX0y5XzT-E1&FP!pa!%E&N8tqzu3z~kd$xh{FR5Xw71M8GP5%z;~GcH4y=oYbJC=ppav&m?g}|Cd4OK08>!q#G!H8Y+e%JQ zwso#SIm1FmM6!Yp-(XzQwmU2+iFI2h(ue}+s9A%ZESEuHE+OQBBhHuYks+PONPP)( zaxht`Hqu0(%@#133QtxwMmKC^Q+6?O1%{a#M;RLWgnp6sv$WRM>$Rzh)v7k~YB2g4 zQaP79{XzVesfTgB1agNi3;kQ$?gdaDkt($ya>$WqqtTTMl8*~G#mJPsIY=cooI9cx zdB?q7HX|GO#+J3&$l1UZ9`yD0x{r)l9&yezN)h!gG7C8GNoeQ-&2pK}H41zMAMP|A zCXPtRNZ~B+WVWg#Do>>ud)YS3GM#j!3Z+DJ?&RT#Hk9WE4pYM}BQlBBbnQ#56)`B+ zKd9PlWaFf9(IhTXmdjLb#<-TVuf6t6)d+jEB>kKhoV?=8 z%j2JL) zc48+v*42-(c-7TmM{fpVWsw$4Snr0yy(NA@M#EN@B&0#tOX7=`Y6?sry&esD_rdz3o?Wirpo?`oFB4T+ zty-<6*4B%g_=-?#wKa5qtEYd&`O|*IKvmIAw2ByG36eDXfrd%Ht$l+zMFOaSS-PQh zEfiBVG!S@ZUA^aq6(qFhYn2w#naLbnAKZhtHQ?$kVhqK7F@2~X3bk5 zidU#5qtI1GH4v4}G{pWjB~d!b>T|}UyYAvR(h)VMObxkA3pCb}>#}0>r)$|i%NK%1?ffgrPGOY^+c?h^-QPfU&@GqU!f}`MY#akdt z@I=&zDc%C(%W9I268p5|w{6`7hiFiMs8Z}J)9Jv}NasuUg^@gqw;YVb5a?sg zVVZdHT}3>>$`zdrMBCiR4dNPso}YGI;o)59#y6WyKf@m1MWx)nP0OHI%yJ1P+Gw33 z`ti&rttpg1;b~BJ9`$udoYU3xd`YF&)f@uX;@pcWmNK1C>_wUuk%UTKwljWobVNH1 z4L?a$nIavCTo86A9Y~lZN{F=@gkI$l)<}2T% zgzW>@Z?rdlP5G8T*|t?7bJw-jx>}VNeZl7UeQ~{U&tZlehI-Gv>o57*&0qMs{;vtD z#E)uFhVJ{?E?~3kpZSvYGd}tt^zQ-n{wLgg)7M}Byf1v@ZU5uRPyJZG*tX{+c4b>V z|0U~Zf8s%gyYZrzKm32ZwS3_HcyV?O8fjLfx}EomER+ZvX|})ucP(6ijVxzi-3dV1 zi+fjp?>EY9vnT>C-g96=u8e3Jpx527OpnYcUZ9NKHRz;X*cU~bABdpXDA3dq-HQt> za7mzg^^OXl?d><3Ii0LDJ7|#rQ~|rFm6=EhEwgUdt`&&ECdbo6VlhfA3&J$j z<?Um7d*6-Me)XXSsyA-l{M?t9SpOqk zogfL^hEa&Hy*gp}YEfzfoqJb!%OAVBN{kg0o-j$O-_dZQf%~ zy@lJ@L={M1(#aEbH` z#yu$y!LHzDw;nX2YbvE&d(I11PdU%S>34ynPk!FfCqM7x9p8QHJO5_;jraA7*I)Bh z_5MSiL3ZPz*FN(1zpZSIv3YwZ5!7}}bzS>K(1pfu?nnFr3*4R1ZeN{YDPY|m7@6;b z^h%l~F{@o1Tn5JJNrodxRxiEfE@Lj8_^*;-(KekF>wW^sh_N=fp@R|(7+P^v}LPNcqMuDZzLE{jlyZI1Hn&3xe6qL$co9=;YI3B##Myh$cvKZG}z!- zpgz^$RX%cY{bLvF-}Z?|2S1MLfhUz$ys7-}-_lwuAM@MSU-4hpr#|h#L+l0XkNu?j z^k;5<;XiD)-}Xs%ak}6tcA4s4hwCr={Bz;q3~=;0FIzwFb8h{;x1D_N|GEB%k2(76 z15>zq(o?Q|#^;{?(D&IDGI_dK#3=SQTSc|N0#_XpOF3+>q?raVd)Tb&2g*{wy2HRt z1I`Jef!g$8BVO0ONkE^+e-s2q$p(#5W&1#Zkj`QV!eB4s*ogSJ(&|mMR(qqTwYFZb zZCpB^!p7~--i>Che_7@e$zg#7&J}veBWuvBS4T%j-G%mZvXbxx&oygM=*M}F zRL*9K2qu&NYofl0gL^383^`t#;WVr~o($>Wr%ovwDalMp|KL)fLzk zJr@tvgRG{3Uusa^D%(9`H(&8(3EBI@3m$C$>W5aJ`WdU|zvNu-?+e#H^Cgdb+h3)( zq!TqxbQSfP*3f$2{nvl@^Us-;eW2cZ-;LM*;cG8?c{@3tZ@oL*c<8kc|L{8^+bOXt zF0w9k(5ay-kI8%qvlm!k04~y4qJcUMO9AWRAespcm?F?{XVyE9NSxOfmDRiLP2UkKec?%4!&y5YiNJKXN!2Gc}y4_tbJjT^Wq#;vt3ht(}`!GIZ8 z5gjIr&}fqIAYi5xSqk+vdugz>Buf1By4e&_YgaIrP*m8=QaC$6ng${UU73`rcrn%7 zY)_Y077VAAgpgXIM2k~Ofa|(d=HvirP?ZvLWYrU7p%=C)yfvfPh)y@_D4?H+A7`^| z>z?GR(R-tiX$Wg3&<2&A}S=QoFYlqDOW@!@H+Js?hr1X zs6pgXMnHLV^(yb8qob-Po(%=4qmVMRAece4YgZxZ{rB*?aA|=9+8Hx#paEuC@QlC1E}fY(MeAoB#N4Gr?!JXixpMxihKQ zT+qqrmjuI;-|LbvZ{GL6-+a(V9RJ+EUC@YSWnmjlN4KS|JEdLePBghItZ)ay+*-My z2nKNxpEFgq*jRumBM_UVuzp7~r5?HGx4Y6y{mGVvnlEcFBcm(aJjEZRp(eRB>Nujv+b-}~ z8;&@@TeNRxMRU8UGmhG#4l8$i$WtEK9xUyqLVG-=Gz`P`MX%X^6!!+? zCq8L-mvw12J zxwJK9V;J#3hrg`Dsi_HrqnsFSiP276QNFAQID>=NuzHdKm{HQYg~9EkY<--Q_Do8A zx{`>0jz=(RezY7k9Y3k`_p*;AaS}9GdwW<-J_wX8DS0jJ734aV)vORWUI>vmz8pK$ zItZyP7>X_k4PW2+v7D91cn|=Ejxa*+J#D=%agx>XX;z^09ay;tBE?iDQHwxE}{yd#Urf1_n#f;3eDA_lCR_nvqC*39N zv0v0U=)zlOumYtrr2wT@^7kda>&D4r6gCx%|r5>D=U?%UIIld(TnR5(@5m!DrdDC-y`uEzcD3l)3J(1^PZynERbrNCO^;H5}wyB8xylVx#R>!yGc8 z;Y0fKg!{RO|Iu>_$!iDfZBt8Q+Y5)zm9FsGVKz(FN!!;(l#Unh`ui1UF82A7U`CK1 z;~E0P3W}p*V5gcN@99U&YU=9BuUl6E7ByOq%;R75g`Zzy89lq4-13fjn_e(}g#cWa zuv@t^QZEOjyTB4#>IlRHI6#`wX{qL;+)F~`Hx`;JlVYC`th?VUIS~mK&J!B_s-luS zZ!yYC3cjVOV_`K`NS|bNVe*dk)${Q)w6~qqfLUUarrn^iyvjoV_VP9|Sd zhmG&DZb684+{=^Y+2iI2E&%n){8isLgdYPt<=?bu3&9oA|BjX%MHJ)r6dJyy7e6wM zW%B5mL{Z6aQy7RWsksepM`L;cm3Di#IovT7yx8U2Yk)8mug|u`hT- zK>{wJYB@au%g;r|0ETUNp8V-S(^$GR+ag61x3u((N|<_!)pc|FhUyaaEHp*z#BZlf zYn*%(Ls6Cr(h{|%#zeMNTla7Z&Qb08tPRxJDRW44#S~XGO0&i_6QjXoAuOMkWDMLG zsXwWpCGpfD7bm#Hv`?joB`~AQAh@(Og2@Pa3s#D9f{)SW=p~a+gwT0&6+iY)Q&H0c z;RjmXuvi;p&Gcj|B##jYMj>Iyfprrhm0Dw5)OM@7g*Iouhkl3aqB{1@pRho>Ee5Uo8EWWB5lOGyq=&r#;%V&SQ^a*q)%>| z)7y(nCrX=HZJ90xQ0zi-hWhNerQ>5lu$7mqZ(;D_47>GYX8^qSn2$W2>c!CmRft!^ zwY3-Ls7l)>S*wnAcL%Pe7Z1VioE1VWD9+T8(4C4cfTTwvnb<}Q6!IHTeztdMMk9m21bkH(|Q zi`F5b%QF3_!2IZ-x$w5JVN|y`^R6ljr5B^&sJ{l+PTj%GU!37NGUMjRKB+p0Rtzjm zolSY`e!3e|Id+Ox5m0I$f5-awaZ^tj9l^i|Hxa~+DWIBvCh|K88!!m9m|M=2{qs%S zsn#u6>815)>mgf#TlF=%=i0-jjV%F5MQpc^-O; zj%V_N=P%5^b8r3;tUueix0h4IUfIQd=bHm#_caSJ*}h(_LKjAC;~Uzf-(0hwbcNmA z=eb#to3H1DVL7OQm5+F&m3Tf=rkygqSw7i8k#QD1)x1}X?o;nBD&8Uw-M)zxrCxlm z^i%T1#iTET$1u=uUT6^J=yodf>~i!rIJiHH+f7h0v@IUjhZ5|gGJw^|rWI|RIRQqI zOV18(l<0Je;wy-sl2e3SMl_9$hiA;cgtt)B+K4>;AF zhV$!#o$~$O1C5pJK{d|ja6T)<6r(Y3mV?_j`T!La=sD9LRI%3-pYV0WU@;3z|0h?V zo2KZzK`tJ%-f&yI(g|&A;oPVw`*RJ-?#(&0)V>F~VJx;av^js5EtjkqeN9c2t=ax&AET*lP&9HCK{VUNSCrTNkI%C?@pg))~;!A~L zG|7!mT=4qis*?wL0Dx%}O_lA`5S${i*uj|uGfXMh+ZV8y;%}}TxI2_2}WjyVMlpw!hdzQQ>8F3BJXoO7HRD(d2*ls}M8;T6+TBCBPli z{tn@9vgNy!s)xn1tgL%#1qt>rBUygi8?idbmyHBllCW-DFp`_fDA`y}<4XxP zZBwK7fS-hH5?xz*?pmrwf6w2M+_uAQXRfD-rpy7+k~v}F(l`dk>&kX71H8qa3il0W zf1WAxcn(j06S}!S^?#B&&P9~9ymAQbk8;dn*DXW8u@8V9Co2jIuBh(O|BS=Xi&KdR zN`kHt7VG}0{+F!A)E2j<QjlDeg8t9*?e>BaZ-NY8h^0i6ysm-4P#rdH3@P1^hAf)(#NY8%tkx#Yjugyu|Liy zS6+A|Qx(K9!KD_pv2fka4DfC3ECIj8`n+uZV#zcffBiVn`EXsDTCP6_sjQfea?zKg zBYGdmZRfl?r}o@{t@2+^>e30Vv{2WoHkvz8bGLwUD%u0)r_|5Ir{>)OVQDyo4!@vp z+Gitc&M~)CUCw>!RRQcHE0a4Ghbg@JNf_22bJ?l%Zq7B0(8ONuxL}3p z1dKUHyhUzROsqU}Qp;P}+oq$X8>3WHbm2WE8Jnbq8EUp$3T8fwT+^1y1D2Ag0)ww8 zav%4T!qQCRiISz6IM6#95j^x|-o{(bj@pptn)Bi_M!)_w@4>fY@YiIw`x?KOR&n+% z5FLw-Qx<84h{>$!ZSrZC35^uV30rOM`@oby`$A-IR8~|-;uDiwCV{A3qt~3ATkxYF z;y~wx%Va{_qea+^q^-7%pb|n?h1=17fQ9d|!#5>QXldM1_LpUp_XSA6eMj5-3*uoR zqx(OrJ(IKXS2XuP4r!T*+uax_f4kbq+R{9G5a`Y5YUK-4JmTFHSDVB+d^+2^cMa+A z38{3^B!nc5$FJVHwh^1{kj;l5d%$JRaHkswZyHT&^$K4T{ zq5mc>aQxKNa|#<-r3f4iQ(V%#Fz@=zTfC5Zu{E;Bx0%8SrROx?9zQK& z3VpDw&x((|$b$3WmAE^^?qhURMEP=1%yMv%dv>%a0Y-y5ACn!I=!~=RY1ft^nb?FH&*=jYVPiJNthjP6$*{~}oVhk@G#AU35FiPfq z{XlLweQ6-F5l3Ez%b$IKe`fI;gp^jFypTj>X-75l*fl1!_AXL{RER;mD z{}yLf%(YE{l5k#50!=#E*4i zORy83mYL8pu0Qj@LJ!2kGe>f-QY=w1+%}_mHn#2-X;c(3lR7*$j{z(@qaeJ$wPyJ| zniP^fQEKGtzDtqUrX=ge$FH9UgzsLxyd~mAD}|RHXO@mubSBx`Wuk|DZdf|(6pTPg z-*VqJ#0;O4cPlzuCPMkBc#DHPAfops^J-_G^fH5mtJa*(mv2gM9EIGkCG~5A)8J)SSq!?jq85m9*_- z=F%CdZ37QtrIVRveBD~9==l}+0?LrURBn`xA31JJjUMnEEIn2S!zeA7yULtMr^IXC z^W5XI)fKAfEYniQH?(`38%v0W)4Sl;PrG~3m%k0G&N*fxiz-~?y0S`anR!$}Nmr5Y z{`a8)ODmXMd`!zH2EztufNho1Z@s1|D%#TnR%sQEvI4>l>j@hIOk1yAs>B2dJSu|IR zD2nX1^?VUw)+eHACZV^v<;g4QmEL>fR$Z%=Tn!ZrKizVcaDtoxw7h8I3}#z8A$ox+ z9VZrOMg9IDk1NCgtp)HGwO)Z;7A=m3ReKZ^6ujTnwt^-F6N_36%~2k|jd=tF)Cl~` zow7Rai#xP7K{Xx)%9paf%&H&l)4n~@pU!bS;hE93$YyF3m5~%N+9_I_+HKLpSnN+H zd6+gv60)`lel%N9-zu}fW1;j6IbU`e+vZtocIvhGP0qG;9GCP1;pbjV6Yzoib2t?S z457cE9mK}Ljh z6MBdEsZ{+G)97q#C1PmOO-eiqO$NTSDQy&lec{nAH*3mrWSgcqcdR4bo9>;@z*nkw zi(THIPFvNgO;y+7IibI~?mOjj%`aFpGW!e%K7Wt-Rgmd5-KPMUnpyfh{Gpgm!^!#X zR@9YnfZ+Xv#13jzw?_o7E;_z0vb0@B2Yf#&sG!E`1GIIZxZ-qR%8Q8Gj)>piLlv@U z)_uBcI3QDG&JW;9dmDANJ%QdI>&P<;U|lEOdBlj9V~!2hknysLhf{u4Zc(#2Ohs19 zL#_8_gKtk)fgI%S#x~V5rH_N0kB0}>$!OwZD3oXcm07W~Ph6*t&4ortN)@P3Epd3& zSsLcL7{$K7sb!XJw+hKi89H%jp3pWh*m4m;iDydt)IsQBA49S@opSvZL+FG>AGw2! z`&i4}7;E^6xxuf&bodB(Mn$&igE`pC;{ZA0McnPVw3cuUW3+Q{v6X&7nB>cm09Zuw}NC)|b81wq~fxdr~;D*b6prz^nucS$R9tFvNbVag`mU%yLo747XQ3(-^A zLid4fS-R-;R|W7Lul;dT_;i-5_Ai7slJ~$&;mh9NB#+N5?wB4#I|IU-7uqZxk53L{ zRoH)@yxI_}+S}|}=UF2DdsnEDQt08o^>|;=PNMQ8NdnP)c*@Ak2P*PEa z)heWoV|>#OF*Gwo`q0`HCUKbaV51X#j1pP}ZpR-e6BUofN^=^QvtRe*h(L8+4}e}wXBOqq2jLt25en6>M?A|m$@^H+B->WS+CY|DDUN6)OLIGJS0QDc z$k?!F-ZhURvG(&iTpC`g2^e;>%YvnQID%wB!U@(HOzGX$S!OOd2-?ZA z)>}$UelFdixgUFroN?YRZ01wk4;ZqbPTN{JYcZ{5;p~C?6pdO3A{GTE3dn4#B}aeLKWEG=O2fj2ShS?3QH0Q2V&FCM z;CHL258~c-{#MzQO zqaKE#c_|%HmOOE(4h9plQy0M?H}Ae9jo`eaD5f z+vNQ5_uW(?Ov~l_9KYaJ+dhvYy&k}Y4E-Q*Z1O*3f*)qD!PgWe zS^s5nn#&^s2a?OZ6dZ9ZczMtS+x3i!Jx|Y<1aF-7@B5pzV)YNJf+qT`$&sk23TFPM zU z%Xw#?qM)Pg#D2}b@tLqerW%VKD)k;@7Pct#UZR;$l;gci5zw~LjOIfSvPaJ#3ULtF zM5&z?R*(H8GR{X+Gb;mWo5DcrT5lD)%oz+#1yv7M&N}Zvk*(-2BeG_NYR;LhROQD} z=}hDf6oZ7Iu0D(P#b(#mv{Bdyq=u+a8`jgyP`_`gl_ z$5MbC-!IMtt~5?2F^8FTdIpmi0QrZR1*-Fpd=>l^7Q~N?u;Y?6TXw_r(%BHE(svSp zd;j+bqeqrb&zFDz1)IlFP5v#WTy&H+U4$(?Wq9todi|v5M*p$l zMv})%Dd9^o_v|^ABZ+&HBRu3fl#u{;6>IK_0rR?lJqR9{3kc>{0V-C=dxS_n+~nF& z*$#$zIUiC{aCx6o&DiHMzc0^AR1iklnmGf)&@P_3pCazfs_tU7PVR9{Q)S-&b$*RF zWo(TAoe&J{7+mnbtga9L7sbj#L1EN=iol=;lcp)?@%^5=FP)rH+z-z!#%9QIgs+xI z7NTXfh)njET~5F61gm$R8HTXbWQ3i_Eo+IgxsrB7c`4gT2AWa zi)&1^a>V0|Q#sEN(k%IItz9C5IQY;knxdN2j5-S9+HB#O5TTR7z-ev^GZ)#+`Up`8 zNj#1r%U5cpKKXK{gx&8ue**y?eAR!MVQ%3J)spViSTapAg&O2f5ll=NH5^+Rq83($ z3yqr$qcz3xodpvvu~ZU~DX5#^c?#k%R_*50KU0*B@{s9=hF$U4ycLBx*XHvT%1{i} zERf!IiE|zSgZ=_=gD09P3kpZuGU(oOpqluw`cp~q{=M%xbNoGg()wG)s^PmTc!&07 zp_03E*SzRku6@KD1nd>%>+y$Tb#t0N z;Yqkznp4xSdEkiF5Z;2j<*?DOiD8KjdbX^8AY6p!JaziC4Yyz64dTl$BxW|-VsUDv9%&|$aXUN}%|)g}lLej%eCbrV zRckCoMVNOS?t(nq$l;r#@*ls4I<|mmACK|w@B`|DeC6KbaB#n6`}s`*0$>T zPcscTFM+)E_n(popw7do+_b|#nK`bbZ?nTUqTGR!zfi7BG=l-M-#e}eLg9$7yUIH@ zJ`T9ecklfYKHBi;ct67l5Q1bX1mf`-W$9Vb@-pF2l{f zWi!_g?GJMNh5tJe!prYz-Y#|TF=ow=*4qPZ_v1OQV-cL%f~>N)L;$1HWFq6<{mh_Z zZg0}#rG@utrw2q*C`fS`~+E3j1HL!Q$ z2BqyH$hwoX8^i3tP6B*_U?4CFyQb1g9w~a1b_kex_^4rRZ03p$4->SKyY(Ay0C( z+cTFSyLr=HJqLFev#4r`mE=^Eh4see55B8K#vk?!|Nd%?hZfXZAXtkC_GGvQ%F^*_ zg+F!w4p_NZ>-4b~zZZah4Cin2EOgK+6NQMhq(VR2oa}{6op#)dP0~c@NSr9xv(133 zfFb~~=Pi!GFwZ%9^WBT)=^Hq=v~yogm$mo-5g(s~g@cAHEw7*ly*I}Xy5+onMqbTE z>UH>eg+k$wo1@}lgza(*-I1xm7oDT1=JLqGn>C5i3Wgqm`Ho5q*KO>S054NY~lKIQ$`Sim7=i4mb@$dgm{|;Do>W`bhNk54RlkDsHeJ<{ zJQer&GHPC}OpvnN6h{rOcZG@qpoRK3gsY_pjE^AON`?t>$Fk_xDM*>mXAeXf#nIZjoWyOK>^{*ygE?3v>pu4f!_ z-OCH>V4NpFlNCWvuaYzV-=2LY!p>6BEp+iAp6;o&3m9uq`_-%?XLEgnoodD^ebAar zs0I|SH}sLINc_Ix8Tk}Yv2DZ)Z;JI)K>v@XTiy*Xq|oqmSNW)0%j>^5$%jd-#I9m) zk;G+9X6%{dM~oOmcP8yX^`IcF9=Vb<*@aVgZ1igKD3sxEaX)7=zGYCnmcR;?U8;;& zt#GD9*%0N|!hqky4NIJL-_kFL)GY+f*gUrkMBQ_e@h8z}0syvE0Nn}>%UKA!O9yc9 zF3DdNOuio0vSb;dY@b@ju09Vw>U`>)HItF92hc8>6*V{3=hN%j&-@e^^2DHcJ08$W zNENpE)w(i6k_iE$3+hY;HwrOS)I4Gt=W}msm7ssTqWy$N%D0^aa@Wn8OcawHAtq~> zEF6{5B>V^o*;J9+OJ3l&WYQ=}e*pcN(N|1xD8<6vCT9A1vHY)CV-)Dh#bouk9z5^X z%L)|Uxwl_C7b7P)hog0P0TsNT%EhkVFqHbi3{A<&-K}~%f*Ypw69Z`##idJWK__o? zWb<7Ap9O%Rbeslw_iw)~e`>x>e1abC3}mu#YaoI zDj5D&iw3uZur%nqjM3%WEOga%QPYW)wu#H`qz@C}dz2w~G)WFgrp?_{UzvI_R#(JsfQ>9Q&_) zaU-;$+#;FAC?4BD_b|jNV+(g5Y47LtsuUr=1ftjuBT+4rgh}dx)grAv4%?@1wy7;6 zWKI*={6#p&D9g;2FR{1mV6mlu8ntjau1M>mrCRFh{2eRjMQhP~sov5SQ38HwKdyKL^T$>#HPiKd@FHJ5bb|tk1ioq89M!L<27%wUc?1b^WTP` zye`fY`(It72w%tU4G5f}w>V1mG+4GjY&yKO?Sd&*+v2TNGFvn3Ie6yNyk{DSCzW%Z zeWB-{0guXs^RbT}AhtN)*#7j)24tjQv|6Do%1+C~=ZL7p^s}Xq~JSu&F0Wt>!cPci^$$O5G4-e&R()$8z%d zFDA~(Xr?K|2%=ljNL);Q=3^YkKMwY!XQT^H#=mWylBfGD?8Qe~mDAd=@gtRPbLR4{5w+w7HVs(p$CZ?IpG`x<9 z7#eC$WYwiOp&3CkFybh;L9v;&VZ23{y=p{R@x2kgjg=IFI~?g8^~HCLRuFb)rg$1a z&kT)SWZECgp$KLw#B$5j{W*!Gl+R>`=s$wwGA--LJCLf^tXUV`j^HIT2niHbgElfW5Tm!8>Si@DXN0*wfpj86@qBpvt!;>DQHU(R3bGi^W@z8#YiKioU zN#0T3^Nx4^VWro>yJSO0XrY23BixxIF7fk&Ei{xsu>Oeb{wiMJM;>)*;PxEv?LagY zB{*6^Q4ggrbbTPQRhj?Ym@U=&zPisG-(zBCN?WxIL@+{4%iZP&WKWO3k{^1vqS@Vx zpwks|H+&P9ToiRhoh6#jIS?OaiPB|Nb79*^(!LB#s$Lq&l7{t!Dl^+RyNogQLopDA zAt;CWD4hVpM2Jmi0%Q%f(tKGE;P$MHbMz{$1C^IAk+TbBdh4v8TE$Q%bhldo<(20o zSHip)xWl@Upuxu22WBnNgh4&KbS`x3bpF>cRzx>h!Inwue+q&67JT_!$Fj~Mp{e@S zIvk>QLww?ix)kG-D|>RXb`Dn$Muh$u4=r9puWnE3ysg?D*T(}6@2!`6(cU41aw1Sl zOHu4t=I0zp%2v#0yB!}y)0J)y!}X)BKki##&K!FU7;b|f4L?6jlsTJ2gZ zjrpu^ch9GYjped*G(Q8=tFOmUhd*&xR@O5+TgNiTY}SVulmEcglIw{x!VQI36ucyT zbVg@UYp8naXg>}pce1Nq1Uiqo8BX!|4ac?5>%=+{Ho0&#^&q5vz`P3HUZBd7{i|hd z+%!d>7t@2Kk>`fle~^#f13&eWYzr<*jrR| zj;JT{U?Cr+R068GS$|u(^kGXJ>i6?1uA|I;b}DSqf8s?Lj>X>n*h$`$>7`1WG@V4n zvz4X&S_vo~H%&I0{19cYGVnnD2%g6W__>XJ!2&Wi$d9=B8d?7c2_;l_Q`*N6?!I_((< z|2?ZVl3Wi-y&oB-;gu@yahzjCUF##wU5TrGvMKS3M6ZRe4{|+g6X^RX5YtOTvdqcm1{6>t0v@@K{RFx!o-A!1>6L7(g9OlRsdF(r- z>MaKa$L|?kwP~!~rRuG+mtyw9tV%4?t_ue$>NtKyS=Sj|I-5sk4YY<47J%4gXlc(jx?I|{V~YSytzt3RwKc?+ z?xE62w|^Q^`|t&wD$Pf!jJS4FAJ zfMjxQ4{TESA+BMd;vMQ$V&93ZAID?Xg< zIv1Mxu$Q{mh-!WcZfiYWC}vS;olN>p*w%-t&Xeo?2d`L>$J2Gbx2H~h|A*UKr7=@U z0Q(;4RXu9dCI>9~h?V(DQhhiVu0oywob z;{mr2lE-})k5WYUa@#)a4RMOzFQJZ$%uq5z6?pOzj>A&M(pGE9;$wr&Pj8oFtYD;% z)+f{ID5G;`{|-hRAM+|Nbz|GFPB+V}h#mQ-AD@`I)SFNsT$Xb4aUTF38>th2r#Dyu zo?R`R*Q%ZkbFj#`xA5#0Py`*`RGS7jLZR{(JxVPs_IyCC#s{{*{!!5=&r%UKzGRZB zhfSl8cVjpkQ#{mPO_HV5C5w8&*8B$P3AXwYs-FQES`G5G*bg(zNweq!NhgY`mlg`p zcA>fmje{pYWJ~9wD8;L7ND&J_?Nc(ps5{(#*(~yTp$iyC2*f6k+N-Jol?jQ6(6~v7 z>y9D_tR<{ZQNDds1NFo}e^EbcDtrJ^t%|BuYqsVSxb%m8!90FX-8!A_?gyF#_s>n=~kure=4O3z^wfIaLd+S&>VMKjO7>!jCV^)vkKq4V^cOf#R79LS5C`2NQK|vHG6xPVV6-JCLrf;e^vt?76q3*W|^`vXHz$N#e)&& z92CDp&-Vn<;pHr#A;9DLyMd>>y^}oIf2MThSF@4){uR}peE!;rS_VQ8#H!5c2wv4y z>2$pEKE?YS*Y5P(q%P>R#R;@l)~D`k23Frh9cEuR*~8X87=P}ILDx%3 z0=TK4k`EoQ+l62;6C8ANu$ITEq%5pnh|Y327`$`P|B0ZBD1j#pIfw#U4=|!jcei2} zS||Ojxh|agmp@C?ad+8`zq4TbI7K}M@VQX!cL)tLnT0co967)apL|BPyeZ<)-ei`tSnR-6r@~HNZkUB>QtL0S*e;TYJ2d2k;j0C zkLWeWQ`D(#4{qjJWoxo+T(NZ&yzxd8jTcRBd42;Kvb`j;>tFICv&8Fkwj4QC5r5!I z+hBT5p^|*h+R;KtheXx?5p4FmwA}T1ZDZT6dfVUbycaGueBf;p+TcK=!@c+{!(lOX zvhdN29Xxb8Y=dxRtpsxCXNq3CMDf*pN+((Ux7E-~=E@}&P1au;1XMC~* z^jq|C>_52r`U1iJLq2GSh=U3=R_g@)c(#+)~s*4r2rE zDEdJ;MKTz+H2^>Qqte!LigvGS3xz4roxJPY*z_HV$We$O9?KmZ(2T&*-A&{z0}G%b zu7MF&E1X4l#niBu1Q``|&QJfwG3KEHa<5_SEs1F*mTA{zDAo#*eK8R|sgx(6X+e$K zr)rj>G9%bV=vNCOR^cdLo#q3)tI08xMMuOLy;o?(*0FqS9Z@#(x1S$IGwf+72Epi)f0X#4<=W_%^~vUJzv@IJm~d*2k?MG_u1~sF4y?7$rcloOGvv`^YiC zz}8*#L%k&axBgyS8O%Vg+c7G~RTL=crqE;A_odj)X^lYHevRj8E};H7rfNCZT4C^b zksjQJWkv9KC5iOCKYYk)HGh^b-Tx#2hZ{fclBv__#RJ;M2(HuTn%B@5h2+ftp(dC8 zCB}nj{pz^buevXDPHn!(O>`q3&YH#bkf{Td$3hD0OZS5-1fi{8K~h|X zz0+ZZei74+%XX*PaL#VXG4&1jzabXW`uw)9lTc;RVWl~5oKdYL8Ih}6tyTMm<6!o@ zrMcf^$;yi{q!>J$KpHPIUR@BPm?OU5iU;-^_W$=ru@ zhvxV(&L%H195Umy=zU6fC8+BReRxBsa8#Tgl=2wyao^Vk&SxJta-tEzx$mU~o!6;g z!}lt&u~JCI{1>tFuN*MiG;|5S)9<8}ZRpeArz&`}BUI(LvFQj0YF?fL+MZQ&1qI$` zdtD6Ezu#}*m3iS-b{=q{yuNm}PJn@;*AMc;LXBu;GfSM@9Nn}P1TGoI(CZnmo6@ek z8h4ae!UY+7X}=u8u~LUPn+?BTW4@0ja{V*aCl7SCbSxdqRdC8|$Jvi_b<>Mrvcz^0 zboj0An2iBNy(((Dv;^tyW`p%qh5a}CQ`?O*xt)0#Tj_!gtFWRW){1@8?F3;CM&BT7 zcLf^EtP4>w2HRO=)yQARfgghUP}*&#PVu0xNZ(v<(dWe7I$Kc*__P<#uvEq`5D|uL z+GQd3C0EwX?N#lzB-#_-)bHZq;b9Mw$rY$>%RTgYk8wt&Vh2Dj7PmaAbMrG~&LnRI z+Oek7lPZ$QK5AN9w2aYo!>stk2jVQpy@bY>sh_y(pZfD3&|o!IQ9-ZBZ*#C%#%Y zLCJ?z;R=I_hCTOMcUhU}Dv5^5w7_72fz3?~I=>;gOxstT^oqW5)&9HC-Q}{9zkgPS z&xc{%b?2J~Lv8;XLrSw!BYIqbkd-BbiVz?5x#K?;1|4_D9u4X&fnz>*`=UcU<*wD`=$py z+SR+g3hf^k&wA`UuCe|Xcfsn;a>35lZ)^DAqT%@%54)J}$S9}o>o^wOxQ<`t745B& zqs>@L`nK}X$$9fTTz>1XsF5%i=6v6>L2r;68E7X1Xs3-!J2E6?bf z;#L00+|@(+G2bb%#mH&yW80{=n$cl8zNUNl<7|SNZ=XKymzm#F)zeoKvMzdDRF=Qz zT+$jp58{?pY1xS{mjL2t_`c6c1g~I=xh*FK-pY>ho0%CTp=o(0qyH9|XUsE`tf{Pk z?V}sbivNmNDyB=);<>o3vP7Z7&YE4=gU$r;>`pOO6!E}Zom{+-%X}&v7574w0m~5l ztyC@GB7dW`)9D7=BQ>?9{M_KgO9)fO5TP{VQm3|P$C#mklVTnN+SU2Jkqj>TROl2Z zIbY|#*JT>sH-$j?&9V!OV?~nYaSMy^kGN>2#0LLz~s{R#Ua>cXb@HP}>l{X7A zqwpwEN#A^87XoPLQhRm_uW^xP=-m3Uh@T#u$o`a$i3Hq?xFAR!U!o({dClM9O6nm)f!&3oTD) zoBVC-^1`aLb6PQ!pLmdZH#hTg%J|Cb+Bvaz+se0!4=0{JyU6O|ixF*~q8`-&q`Pek zff^L~o}T{%bBcWP)1{8%JDEPzf!$8}#CrP|$5r#0D2yow?PQrLs+yn%*3<-c5W5}y zXxMZx6GemUDD13^2}?9@ISp-j0=D_e=(l}tDPBd1jv|U0gxK}zouzI(OmyOAFkXEY z=5&yFzf-b1glVC`5)l7KneEY>oQ$o=-D;|>M+xuv&c2}fP_fa6lV6ZGh;8ay^x^jfuexvYj@yrDq@nKlOJ#LXuoCPt!S!OnVVYLzCw*0(e` zp;M~(oHl&0;p^`2jxD#g_lvq-)+BDMw0IK6(_sn!Ig*tw`=+UX$;vq@>iW;Px@)q6 zOn)fLSqk*9Yh!9&ChiOOJIGgc;r}L0{U^S}J3O~?5|49*m8I%naab^$hEc~y5cV5E z6WL}5%s*srI?siXnIz*pY;wA6#h9AkI2#GCc5b=Q-mH+IJc(? z?O>bWI4RozSt8&tZ9p5v2+KS~s``Ss*%^A7(bFwVJz_W<3dOK^Y=nnDRfUraIW+z| zOL~I1!Vtp+c~aYqeL`U_ne|=d*l@if)&a6hyYsg^r9Gt$Sd^vyjuRc)lH|Yd;@n^` z`05GjnZ#&2(RKK`Yl%gY_h&@GQBUN6Z{DW;USm=dgo%&+Rm$UJ?74bTEQF3lbuK)O(I0OFu~97^jal^0#uY zzHOI{vkm`J6YnNWdE_i>+=%3HQ&Vd6o+0}YE>2}|X*1T6^IMc=IV~lqCal8^JojID zmn>@@C_`6HKM9T2E?b(@9QM*B>Ph;8QV_{fVp={|;^f3Oxg_#Y_w^_DS-P+Cbf?tH zI8OiA`3nQS?i;Xu-u*M>dhihDms(aru3oDzK*@7E+T2gidy+R7g_)&2N0cpcDrcBw zmNC@I{cL!@fk|0?q{`WOB(YcTerzDrTK@m?OG^s@$ZLvKF##}*)mKOSeXA(Qm4M0Ef zfR0L0THJ(I4XoPt>tY3eE74InHQrPi<$Q5{4eYh-1jf93umE#z6K=%TRs9d&bx}v2 z3jCc!6GjgcNoZ35;6ZiS_;z|89-fUrEZCxjFeon*VR{t18XunoC;(&+^>hAt9qt>D zr#dhQTqKMGK90=L9|3Xpk}m66EvLsqp_CW!l z6*~mEDAmK0<>HOjtnwEalu(~!>sBJ=3Cb0S80Hpe)bYM8{MgzWR)hocmG_or%GP5^ zvrH`}@G?5*tXeaA>sR^azWs%0{iJ3eyk<5vPub_ev(&5M#KXnVqWZAADW15X@10cr z=P!1!S7|cdl7SemChfMawI(5a!b4TTAJ=|Q{ta9T-K8na?7c?Pl6ovbHS+QYIcYbU zdf-_;yCe~g7c9I9a)ceH?>16qdPa5C8HEeZHfoq`yO}SBrhI;C|N{FUk2{_g5;{h>g?=2G!H%41EeA@RoQSKfUH$=ftk+ccoh z)(i(qHnGA&63}8qb*nitnoP{ITqkU{I6VrBZShXriqw9P=ns(a+i5F9kZ#?yPbbGTNH1@j{A&IFg9nTviQekC=qi%G zy!-U*X8CGN@-x4p_IMJaGq9vpP5u_Ym4-pBJHYYMkm^;5YR@)DFvV>;aPzCDH;a*E zs_W9p38ENEj;cmrbdzetocXPDAWBgr-#S=g2$8FHu33uY=3dfe8!l4fLi`j1OSsgk zIYxKMh{+SR?RmWiSs{)awJ_r;&IHJA4aEgvYGFzbCs4IyZ)>s2V+kaAs;nTs0y znFiTo@bt0@+>}mMW7Sb%%ZPbT6)tfieq-~uL3zwRPn_f@9pyvSsh6k}FbA{{6m4aL z;4~5s$rR+m__Y~dcT_X$ zJ@7-y3hmCu)qOZVIVxOQ&5EiN!~!rml{33kM2gL7O?0@hO41%=>$EYA&)NN~CJihB z-;(3G9?ZH-VF1?R;)y@fW&N?w!-E42-E?#d$>Qk~ArQyL9H`*GkNr*rvg})l&KkX{ zT$W(f1LnAc`-WJOHi?R=QiuC2W5=x&t4Jg9^JHvM)Hw-eat1ueY4R;fAtR!Q-skM8|J3pV>kMEI$0cAE zgL5M};{OS1=(7r0=KOQ{`k$5pDe98wK|7|Ujn1fW+}Ftfp3?(ZonOgiF+cyfr4sul zDLhQu{aFI7zBWVqz?K>iU{!jH{;R_5uSHRwu)2oLE8?12WBE@sHpYNU*Wa=TmiJ2v zkVvq!anbnul%t=6Ge|N5ldOM86eviN zm}A@Fc&llUTLXBjfxZz^+Quq6r8Xk4+mY;oC@qH^#N=1Z zHT&4ISx5Q7Wz3N5&9ow!b8;mygqHDIs%mSKVh^y~W-JnYg;y&`S*3qaGY$Y{!2z{_ z(bEfD#&m53*8!OV+LD_(XBv9(caF~>acacn=L8pjj6^Tf@=x|JyxGKy_EP7CgNVt5 z=v;a0D`C^}Ss_d2L7cV3(Gjp&UBxKb5g*5e!aD-WF@L-RqUpg^YQ@&2k>Ps-Jfmx zi9g@|z#SjwKye?RGkQ((cAqg0>%biaTH$@s?GDP>Ei>YJdOr@-fFy7}BA94ekXZ02 zg=N!Luj3u**iG<1clu@~r<2OWTy%>)8E*O5AolnC-fCl1TS?$}r=6NoXY$&=e7SlE zG?jLSIQax%a%8U9GDhjza%%%my5|5#@7dA<0h-u|bF+;19(*fg#`M4k;+XSkvxBQ` zhu<0K9>o>N9TJK3yLUMO}Vq zYQsh2P9kF2<%EBA6e^vdY`&XhY&Bauf2T}Ld|#hPQ}o*B3S#rH6FgoAYC?l;$me1+oig+$;D1W=M8rvi?PEZjxUFYBZ$d8Xe#U<_ zR_d7tvE$!Y#!s((L6q(8D3=04`k+RziK0IDL#N`M>8Y@`h|EtX8rx)@Qq2&7jF_hL zH#46y@>XVe=)uDnJX-9!RV)~BsO^HqfutWb+|=9*LlbjQ2Fo>imBm+X9g>8e#e}XP zxug}6Y**C#8yamLHn0TwuS7N`8x4E>8Wn#tW>5;QI%APN-)S+h%mT+AcrJcgbf2bG zcT$(RKfZ^H!^RrtydP=DHksz9GbVjm^krKwe?d#q^gV;+5U@hgE|#MF0B6x`CXC}& z`Vx&z9CtrmP0_i9fbB7RBtpv4pG)NAs5h@CyLfn-BZj5s{%ZhMR&nAqd@_Gme@E1= z5jAvXD7~*iN+4?teq|MR@OPJ_s$O-Tb^lL_nD#-r8iXXQ@~ML$zxfMnFba5OI&RHT zZdNQCv(N+!a(G7~tBG1g?dwq1#OfQF@AR`TRJq92}Bx z*|#nezDG-Tzf>w(ER73^zu^z|PZ%^6Zgw9H*o0tAA-z?#1aiAuD>4hzui}VpF8w`; z%L#V|S(5~GjC@eaYlVj~SEt;Q)Omt-a|&B-#d>*W)0eJ&<#YXI$UMHg9bOfHfcIpkWW@IkY;s@VmS)}fq> zpfCE>q-rrnTJmR^{v$8C@65O?POzTcxNMJQv@%7M*ecBho)fm8B(3Hz31Lgk2;2-p*~wtQ0_Knb zXlwno$B`~>6IplPXlHYO85^pMOf73V2Iazb=iw;yO%_vbwd}05T84(&^j;ZaW-BC# z07@jR{P7G^tQj75SJ{HS-e)2{P(Rj*hPo*s(Svy^ zdT|AUwfZUBa{0HvtV&3WUU8l~IN?Clt5!{M7b$j??&C52LK#ooa>s zHqge#zZ^cp{3nk{gbhb)P=?jvSFWn{wkS%P%wTp`R|x%?3sEy}i+n?12#xJ%(~6wL z6Ux5q^=~9YDZAE7ZtoO=pmXnTCA%MfmX=dB1mCxt{Y_8R_NBYya0Uq-4pf&74B;$! zYm1XL10jrVjvUA>K3D&nt%?k_Ad1A?Oq-(QDFirJR~yVb;LLStE`&*KY+4~pmMj&x zDnu31eG@yARrb}|bHCd;;+7I9mOs$BhD4?Em|oi`Lf7X;ic6C5NVJ1UQ6Q6I%CmKy zfPmnp((pAHIYWJov0<1Q6z@9>fN)CZXaa>wFd$7JB5&ZSg;gUh0_Wr;c;^76o6QTj znMF0mR=$JoM};7D+BQd{xVpkwf}}RN@2)sh=`Y!>hY=ghQ5@Lt%c-Lst=V^eQgk3U zNiBMO8nTqT)+ALL8yOuwX^X&O?4IGHB}*UQoj49e4pX|BlO_f*RM-9{sY>suvQIZg z)GCeRW;HkRp^ zl1i3B8t`b1(ocyXCcGQR-}tJ_p(|u-agjc)>#NvUD@J{Q_*^0=7`!;F89=stlG`vxL4?epfE9?M*ks+Rv) zPB<0~br`@%LH$Ly)CiMuioIT|x89+KCNiI}_Bj-T*MIHP1D*TPAbYS+0Mn1=KfF8t zlkc_LUeUn&>ab3Qm(dYnZ^Jc4E|Xaa%JILxxm`UXp(Uqz3;0)~q6p^H;Twu zm^%XrLL&KsjH|MT9pW1o(}k*?EWn~LHNZ$=aJLzbAU9<_s26n5v0ik;^lr|c;~=*L zfxYaZdei0SVvaUZKFYNcmb~vf*MU~yfzP^*)YW6iEulEuR?EiTs`9WL!(|n{?THJi zUZ%kx2fvwxPm37@kMSLKWU%+OBuh4hjWYy9|L_smV8WmYTAmGJ#+Efve{-9}(Lzq& zFf&oLGHjG1%XY*-b!r&Npt{88rIx!xtpUnp^|C`*5f!)bVkvu(>cDe%Q2i|mM;&~; z;Tg8p!=9pI!WVb9fFVJrUf8RF*u(E=*EXiHG1kS-K^Vqe&+Aw1*c7*JOf?q? z6g2jT1D3wQ-yVNO+_wv=x=q%@vwN3d<+WFJnOnKz=Ol*P8~C6>}(NdS_rI zm26O?o#zdc^Z$da&0=+Y;@~?X&wE(9etT?^WE+rfdT3gwxXy`;+yg!2un@<`4{w9u z6kXGnS?~V1!XRBbw2 zZjIV-144GIo2h+~?uz=EMzS8}-Zo=P+A?@As5}hbR&HQsH*N_JoTEo;+pCQlbYaMn zr4NBP5=$rsxNHASO(%zfhkO$H)DXSY*l0uXstki>opv-WbtdYNhFr=@o1!HY%{N|< zaPSZ;yf9iYXeqEoG>ZPBIh=j5`xp%vUB5u%WBvJGW7paN z#MdsKp=}28E-DY8eV|U%{!z83PEkjmMVNn5S=5}@j_)>SgnW<}nX*dua%^3%M;tto z%ARcyDOFP$yo;uxOrl!zXDPT1V^UZrPLU$GA#c$BEBu`+u28H}=pyIAbc5Y2g-Z?9 zscfBQ#m=6|fERUmWm3dxM6B;ct!E-BlX^xMn2UKF{}jznG2(Cauq?&0-ycO5q$u4) z7BdHTJ|dyfEb&|o>lzD%CyP&^CX^ekQs_jv^2=qZc5H@{xs6~w$AbIVn(-rBYKR}{ zWmJ(KsoUp$$v-{67{elMWaw1^blRtrg^`A`Z``Np!@!hu(or&i?;vLy#R24J-9MYW zud^Uv_q6A#i+kT+KyJ%RUEJ!&eOxI{YeBD$QV@3*tGl~D*K{K&cukr7#y(vKHH3xa z+}YA5{dZQHb#xZeSjI78#iL6$rA>Xj!6;qPhT=NX&JmHaaRv}=-GhsC$vkc8#B*8Q z%s-fllY(BZhMk2A`pS*grNvTcDuN>wigV?uFWq=U_+hx4abuW}E3QE6k{8b5axiL8 z$+AW5p&1r~9rYjqZksB56wLt^AM#CXDCNzOm@xm`o1r9Nu=+MA_R+P)yriN(fA$aY ztmOrRc0cE>cP8SL;8s#ODb!)Ng=Eqgv7+MtR902**WOq2+1P+oIY|tVOb=*y^tur$ zl9%Ea%^^}{+q~KQJ%$5n*5fdH%6vm8z)e$4;XqylBs*kSP(Zw3$btb!6MH6n#6Kk! zZeJsaRE|xId({CsXCvk@(-cS&NNL=%{J@Xmk>CK`NKxZA?nI9$+h_BuHlC#pOUYJ# z|KueT@d}raG8?5=y?7dWz-=0OCQZpG&)|T2W(zRo@uBzV$!FroSAa-vX6}hGKFrQnFqXk zVd%-#5&fvA^f5}-^~bvJ3TTqTf(dm96UTM9QDpt15S=2`=Z@%*SP4^Fi;uh*c|74ySntT8?17wVitdC0gF>hq-~I^ z<8K0_RO({z)5Hc@SlWCw{=(ArS4DDE%AtgqZH1`oypPo2k9E-1ic$QNYTnTCg7S%o z(>480Yq&b*acMYL8RfS82lqJ8Kn~j*DDBkkvFVlkuM)w!`$8Qn^p~O8#W-qCXQkhz zmJA(af9|Ei>IQwlAKMgbJw83MHhDE5)AG{F!dP@rf^8MrUur3FjcsTf=TbzKA*ZQj z{ns{Ui0!+0P{izWC$ICRT`=2gyGjY+bRv;yagV2sIPtBhx8R#$7IP15!W^$W46$yn65z=P1%74EOo+}T`&lC zK(ZZ9-F-23S#cpB^rC}-OzCQ9gz3ZL9Z%nJmC0|Bt8cYg?i((+E+Yqf?4#>^bt&xp z_Q$ERNd{P!TE0+t)oJYQ4DI|p1OHaCtXVrEIlDdumS>jKs98E+dT8sQ|IHmEL*EWj zDVK!S8|%MBE&{llpzDW63L>;pJNt~O80EwQ-?&jsA95zUAx}qqztX37c#1ielnQJsasYcDe zlUf&jpV3uHLB#lljCS!*)#x`RQ9Ok=$Jv<0(J#I_a~w@!dw7-P*v{~BT_hpgBO}&2 z`U7SuS}k*?1H0`OZ*4Bm?Ff|308GeelL1-^ViFbS0hip5yj^;+j5uAAzxdSKH8>xA z)LH6YC?VzGXiJN%IO|?RG?k!uUEL+L-!uN?6F7X&dC=T^Uf0`}J&?JWYD|sv{QeI$ zN=bW@#2n!UniLFYMV2GeL0BGWfgK1<*7oeA*xQWNb+r5S!6??kSfBJ9>q!&ovX?(yFPHqf;7D4VD!=GKvf|7N;oCjOQc{_oP7RPl$V z=8m)q0Yo7c+f0oyfH=0+ z->ZcLyTzpHIrM8;4EqUnYX&{0e=docrN^HyC;d0Ucekji8`gvv@HJz>|*7mYuBB#p*g+qX_`NBqN?Y<1+_tBnm zz0Y0};qwF|k9ph^6uw_ymtx>`h8c$R1TA(W)tpy zK+slizWPtaRXBI4^n>!i#Zaq?xZ9Q^izP+A1lh7u9yZIXkhfByb-miN$)(%&w+M#b8OSR1 z3MWpbiL=VgH#3Ko$v8RDaS(SlXV!s7MQzDa#)7(-sOU-2kxtqJF8x9<^d8~5Bt60z zZHYbWK&}#QbO@oL`=mOW&BGjB@H;O*Bb|b&`C8skl0S)Gzfd)9g-7vMHNXtQq{#f( zF#Fh}X*7s6*}GNs9P?D|>B~3X@30om{iPZ%NG|qf;!PG^X3>il-6N)IU>OqF6vZrq z;XqBN=A#}~bsmYJ-cW5wqchB|0LX}MFsX_0%-b*%B>iY-xt~&Ph-j27RCNj9!E?=) z8|k7+{X9J=rkZl`?I&3E#Zppbug8i=n7l%&PxW`lHMr*Sw6|$x$j;o zT4Az;>8n=F_f4zc+p9{if;28Z2)J z30+&fg-T?=>NfeEjlYIqTgD7#BLiI z&yuq%y~Dfk-JLhm`Uzj`A>)6!9oc}BGgmyZbWrRz!qUBs9}ntRL603FaLu_Z4bFlr zBMnDS=$z^`ALc5Py;6xlscXY5ZgDg1y2c5<+1wO@zzz{$`hEB^t-8Dt9I<{0aHAT+ z62ciN8htT8wF&Ydf07mQoJR_l9ic9u&Evz@fCMU;tZRmqH8UV-c?petIxCClfP)A+ zXw?bxlA4SNg^1Xa&V<_y3L>989=P*Lp($B?V5vaOWz5jTl}j;o@v(Zx!q7|k9yJ8eIleu6?C^4xfX~^a<1;gixR@ zVK$^U01icNU$#o$VM+Qp>%by|^5cSBFN7=he0S^cFvLnIg;1q;2wQf~9 zGKc+~D|7YwSnhK~)q_^-5kEyOeH~-_piC!6QVn0>X(g8ziS(9J(s3C^q!KSL2Biw& z9b&nJAJM-w7#o_nk9YZV+dodsi!mrXF0i_*Vk!(kIXDTL+S24-#FDS9TD5nIV?%+C36j2)3QYq$M3 z@qn6G$x{(~fz8~u*VI)7=DoeNsuPf31!rrZ|74Go%(@!WPN8syBay6-RJ~f+*231c zL4yJ~do^swrG`jq^oevlNkO5W3}Y2{IqX@S98rtNS@K1jV1_xXftjxSF(O4f&h6Hy zk?6>81XlgT)AV_uA^M> zapa*^gsEz$W}!e&=9&@5366djS>6G3#1P&rWq-p(Tce7V-Mqnmeify>FOR0$=j+yH z&J64qj$70xUYRpPvyxS7b&MtPoL$KzTj@M$mtXxozsfZz_l|>bmewrD z9H?d-kt8iZX=L$KDdV?yP1U5FyZU=IlEpUqlAy$4m5_fx9c3Ju;pWe~NI|Fluh%idirD3`LRF`(kvlMQ5cdG)&d+GhN0Ew{ zUr#&9^>R_4iSKlCdUd=D8maSyUB*CM$B|~ln|F8i6%@rW6>{e%(#Cvl~yt#m?8&JHGNJtIRyYV}L@Q7Va zCqrt2qG1niAAQeKnaW6z0qVj-+l4bDm{8sUbYnQ&brZ!Ru2~EN48x~$Lx|lBK_l}v z$ZE7IFQgPVr=lkM*t6nU>Jke+V@o9^j2~m3e5?)cV+f~N=j1>2 zJ9ro-f2>Oqp?;+~GqziCpI{)6m3jPGC{LCZvSjnn@|5j#I&7+-*2P+!8Jut(Fbh zaF>i3J@Sr$Vz;eDdn|Cs(a0S-$Tr;)Z10Jcl9BTzd&?xCS@MNqzmRg?KDeYU>0a?k zjb+(`o!&7=t923Uq5}1QIHJp8L0T2>y#9ydp0j7@ZrYDC#w^y-RnEmD{880RdKrGv zg%C8nVj_&}r=aZ*;dS#alk55|Nr!(|imRVnz@Hz_NEh?Zs*UlFjbU#)|JC({*m#2* zrFS+8w+A^|zq=7L%%A%FpCgCti}*?clI24>e&E0lRDkexelII;XRy#J|LPq`Mu~OF zY_$hFTydJyCe1{xWXp81f!9yvaOBZ0W6_;LFZl21t%T8xlQKW#haEdT?@GHFDflEF ze-}Aew^(;R z6nl0eEXow=5GTupO{c2Mq*ihb=mP~=A&HYk28LjZ1QmGWcjp@#bHCltx8I= zB3g_8Vv_a>il0tSM!E?tI#o!j+?KVZ%}s)mN`7V&S(4nzGec6Jn~$9LKG3U{)Wx*Y zQO7u&Y{8Y}Xj4<1CsZgc|9bVT#6ltdiO=^>@Usoi|J8Yd2LZ5{vSpen9z*T1$^!_# z6U9;+?SEkOAprV8g4(A&JQQ_uK~7owr5Kmm*rFmwvVJxwp!)|d%;Md$d+ILo6Y>9N z0pRsKWA)N_N&hP-F+j?UP?vUX8!`wD2)B__Y|ZP^;+I;Q!7c0*ae`A_9f&srj7 z0;pyc!$Y3!+A4`BcoKdGmTCHqI@Z_g=wXnSfju1GWZkQ7!lJb4POtspxjJq2XXU?< zPH+YN{qDwZ-&#|nJHk_;$o%Dw5+*Y4apYN|Z`LB?=h}I{MaP_tzHc&}u>g~z|EsR# zEVo}s^-dbQB0KU|dKIHy)7?ffk&TDk4*P6|MN^~)(Z?c4u|!XX`hh?QCWW`2A4t&> z!Qf$aS*^ACqhA%yEK#V>qL6d|%A_hH=BUqaU>NN-F_GjDE}BxLZ;WVC)^3@Ab*IqZ zf)k!5V9``uH<624nUsvlZJFuB4h-AxjsIAn;%Uy=-bSoAwcK`$>8?PzDV+#g#8t=g zu91w6h3qp!#~9-!U-^zf%gPJgHG3f3IN7iuCPk}LRz|8$!tj|JWzTSmTku9YEbo1T z%bK=08FB0QqjlO(>-88Ue-G*${ZWL-numjs_x<>Kl@)l~;op8^;c4eIc>DX)6GT}# ze@^?_7s;}yRjGpqez!WrAq3&y`3pLbuPuu(iHxY+t^POgGGwm?Pqyg}Y>3;<^===9 zYU4Rq9EHYD&m^xU zg6S1>TgcPw62(O?IAAzIzP~5prYt8~ls6kQGpIE_XG$frI;LtDDVO%)?AE%Zy3Oas zET>ac*ZRl)CxKb948Uhj`A$=n5If&@z?#iv>ZwvzXnOsgdj9*a`q{5GkUTy8ZVybelhz;lN{fYlIiIm*hO`h4UBcNH3lva4Yb$tM5YacS@IE6f)me)PE5#P|Uh%Zj_tth7 zT_KYS>kj5LbIKfc+_-e(G1PWPKyMv+h?b;V)`5+@PkvV*kp{%8w;pdiU)jt2yrZ_P z{?gxV*uCuWegExGmZI%|Qk8>t6n z8Fm@Ml}c(lvn=lN6vf|64#n!wd;I*BxX?JdBlO0i$8VX^5=z7MJV{KEWT`t&b$0rj zj2RlDT>0HzQ`(UaNmAT&JS=id^4WyMFL;tkZ?R( zqtUVNBx!t%l{IrmYf4+pV(w`DQ17d7<5ot=ajQt1o8$!<5%m+ zik{176Jji(Y(ftAIjGO5&UQBJW0mFV7;JdjqdIPavk&$c>{?oHtjyQ}s?f5uQ6l?l z_<^XCD*iH%me}=znZXDvF&1kH$^M=|cY)91;}VP`VtxOe9p`S3_bh!gYCkmW#xV41 zNoC>Si>2;?rqqlwvdXxZB7Y8hq-pk}w{M7opBYHLmm0}mkJb;0^Z9Ke+<;wQgTLDU zIi$k6Q5^^n<0M^i2g4joe{|JycXuKbefIhc)Vc6hZduLOY(n?wjfnct`+`i*SM~Hg z$9;s)>uG(Og?%Im(jd@gsP0{$Ly~e}g9<}Dimea0H-A9dyKvq2%*?qLXBEblr50x7 zSw_`xP@9yo#v1d_78z9z-^AB*AODX4?(N_ZzxA35ng;dfBz@l7&SmpI*J=}bFlzoPN((f+l z8nD1DYd5jZ3|=SWsduYFYL1&oTxVSjC{?r5d)m+wv#v`Si9}`5vhsQmvixQ7Sb(d* zSFHBfgS8at!=t=9v8odim?2 z7L`O61MtzV`I|YHz+(_n%xkN1?#+J%KT7=%q@te{h(*ZNeUm2h=2ZVVvjB|$1!S4~ zq?0}Rz7n*MxpuwV_{-;VeyMR?G1Tj1{R-&E_V5eHzh)yK!HSpVRcd^t-W2nn{EV#e z)n?|5;88+*_A)iaT7{vR26HBd7xYfA-ibx(1>^MmIwY6XrMCBi<`^n$I zN`Y)XxuewmlGUz(%vG{<$6=&eY!EAM#UIB)uqQh+?#Y2StZaXM$;)mUcxHhe`fj}4>OEdd(0S4r_VgAX+#mO!vZ7?i*XjMyitqcjT+-UrOa$J? z)cu)HShAE0KW|op-uVInh!<6|RmQnK+KSlmk&&{%i14%6n=_NRJXV=8sy(a} zRvHReH7{wuRYhbCPAU*%{aJ5(0cVwiPFHd&T4H8mgilV^&or`D2imW4?YKrPjz&2? zL^sEE2`g8fK-pg%wf4&_1B%12y1qO*N<`$9QD7ydeXcYc^u$N@A9JZOnhyV8MruPD+WUCd;)g28QO+sP<+CsD-T7FXSVhP-RI|V zZXJ$v{eOkWxDRz@Dp)g}a1lWt4(O~&vyRDr;iYV0S`kbZ=j%;%f z^)c~rqDr}9iKb1+Xw6{cbap$)FYVQ4%rgCl6gPq>EQZ|6qQ0iz(eRLar@WOc_zK3zoL?qUKY$*r z5Pl-Sl03v2JM=bh>tC$k6XZUZ$P$nfx=lfNtX0hGHj=hE#q!~*dUP^wj{xdXHLn7x zG&_v1SVtw{d8dg3L$92L)i6<2PET=p(Jyo2bd1b3uBB%%jE=9hxJ&%ugcCNnE%|n4 zozxgoF9@@_xw2>TKeNkJ>FWCb0=w~H#8-JI-mWDy0)v9`6e`o0jEoseSbFt=Ph0mg zwm*)v$?1+IbON(R{uTAj5DKUu$5FSKVE5k59u5)U<1YZuUcY?m}8r@X#`hzM6%Ur&@ zQWzwCMY}p4E$f$d8-E-@Ts#A7Hp#?*cK);1hx3$Hn4cV|M?ArscJ3}NP3xC*B4*u+ zPU40$QRh5mMgM(BnPvLR@oU!0FLbkBZE{(%Zh z>lz*&M%{@nPASbwX2nCbP3Y@0tk7=2rFtV4AGZbd87o5bv@5BQe^PyehK3Fc3v>Mi z3fH7G@dUA;o32f2tRIZ_RW^*0$t+9a*Jz9up)PK#y$3&nq<<0DkJpC^EXeXQ9=LuN zvE>y^dl{n9fJo=;ZVU^2G)i`=Q*nGf*j0a+-W5Nv7&oVZFap!s^qh&yF{+!LRuo9J zTW(~2s>;ftLSTgoMhhON-A1P;06qah`Ko~e-*m;)z;jC-(pQlKvO|M1Fg5tG<$g|Q z=q%XQdJc;w1SDr-C0s1h(#o0(tE>=FWl*N$4?sZLM*=e)YD~!zV@ccyyL7(0 z{Zx>nXfO#u70+&`8L2LQTBJ{=5?1%z^j$nOUL%5}e=>ab;)Ew`=n(^^nuoH|2!wgd zTK-B(R%!EOO}Pc_xU^eOxZr4Kz}6!7j(hlIY^_<+0m0;1{xHtG4~PAXjz4m-T(hHO zWK%&Q`>`kXjZdtKIdOB?aiG-y_G?|Qo@iUl?C>B)Wa)-m_ER{!{py4~_( z`uOhSV^d)2S@7P|d;TQXwf18G(gC-5@&_AlkKd=92^BZ^n;bh3AH=3wV}7BG&_NvT zww7+lvPI;oDr-83Brp;_trl{WG{ASuuA$dE^4Z{^spmKji$QCfhP?VRSp3n#c}iL)4iC*C z;h=6Ar+u?WJj-qS5&))S()aK&MRsaGn7oMC+A}^6{go6ZCL+-L{E4PZtem;iB5lyB zzN_-{Eps%XQCCDPe#X+Y^<#@pO8>l#now!@?Wbu5!6Q7EkVD^Rp7DIO7;wjBMUs{| zf>vMj>vOU`3X6jTW*RN;suZ7vlp`L;H|wcSa{e&T?4TdYw^+0NSEPj}8frk@i+XK`_I$l^ z+PvFIZXdW;ycA(Cb+!%8IgE0v?0my%!uAN`JOz-Ea&0cOaXfQBXm|d&q3s&p^MF=C1wWt%9ET;hf1DPv5N3%jLCmVMS3hK989XJUZ{w$sdLom zGUXFzVxc`LUx(*!=F<~AyoxL?(4nQvx1%P!>0F+WR750-nC@TBt$Ul8vH~=!M=TPe z?AgI37L|<1+q#IwYnLn+>zf_*7EkT3Q$C=M)cU>eKXqSV(`#>OG)yaV^JdY53~VRW zo_&}B^SjP&=d}_D{5)EBgEy%RH|`t(D1m04)RAsC;nwy)kp2eL`vKzTNGc6b5t& z`dy4Rfgo@XGvuTLEmD4eSvBkebm3R;jitIu*~fS=%F(Qec=3FBy1bM(jtGagV^8f_ zJUsjO&;y@UC~2#?Pj#nad>p7S2%Kv_v7m)|O?$%)SNmL&V7>eDIF90SS}^q)Br}d4 z5Uf1iVt(Bw!E&D|Hm_B?X-gFlJBT>KB~}*^w}9Pg;eM zi-2`7Tm9K$Ze`I?A^kTQ+-p)SEFD#%FD6QQC}%GI&TkbOJ2FE=MwQ{UHy`uug?DK| zE~uY>M?wu3$4wqS#u1EwZ|Mp<;1coMa7lGhQJb6cq6|9{-EZ53)|Uib(sJ?E;QX%9 z1^0HtgUw)XWHmJK(3|>>MPWKje1&qoH_e3>+N0Fp7i&MPYesalssO#=b7ho&A2jT% zwbMKS(f}*|?c1Es2tw^7dVJC7U=~&naRzHU(gupn3uN4vl4G<4hwH1z6dfM{y1e>e z&`6>WK+$+%{?&4=KFBN( zJefB!fFeIVf*piL41ajpO7~j;?F!hdgHh&B03WL+kA(Pf+$$ZdRfJV)iOy>AEUBjq zoR{NCLK$vH3Kz|C7=96B$^VPWPtut}l^DV|=AVc46g%l!Oy#g3;>R?be=OOp6J0?; z1~<#AJmN)-7{ONwy*(Ki!AVrptu}UzzRncD+Vq#v}57ls}CwV%y z;rJW&`j~-f60(2I3sNlX2rC?uL-yq^cEzv~QM6dQ!p^sO5$ z*))-mL=~$Gn+zXPBhnnX;{N1>t+Mp^eKJ+H;V#;a%^*%cQP zqGkySVp(ZVC#W~vg14!%#&+$h7@Jm0lqdR7TF?P0S$p<6I`heQp_Z#$pke1Bh^~7wv@Hh|?gDz)yqOA-LCjl{i~NoW))P zNYD|iOOO;(%KRN@t1?;7YK5v9lX(#@muWMNd4rn&LD90*!9(Dx2u6$S8NwXUSW?2+KFKA?q#rH6dO?NFZI{7_08>|D1iL@^!qDPgv zgq2GIhLx2-y_i~Sp$J{K!PZ=M6mX_WG%lL4u&7Y9l`s%$(te6^J`$MokV}zNY2i$Q zz;YRiEk;jaTBZbHr=?sG>cM}`ed4UA#$hl7d1j+iIWjZbBF^V%KK~mB_)W@%vQQEs z=?yk!%F27mHALWFWedfqGCPkOkXqU#W>8alhpxgBf^8SQZx8G3vcaTHJ7HNf$sXxK zJCee(LAg|>qN*@Qy(kyII68xh5JY!>{D-?nftN#CL@$O1u<(>p8{=c8NS#QWIYLk$ z*8ZKqbJ9-b7$0`SF0OrzpZ2J9oMBOa-CI9Nd8HCfllQJ6bpL46#^cjnHis`;Geywn_g`&Ck9-;tMmOqrP3aS^C3n zcjT8cr={X|4&to$S-yVSfQPqnbCWV>sxzA=$T>*bOx4w54|1KVmK1oI6hAcPH473m z=ju}0*afCl1skshg0upjbFi9V;{ca11CO%^zPQ!MjlaX~+I}Qk`|)oMv0h5yfSha* zsNI1X6>aB1Y@T?QA*FalK63r@KqCjDl+p0y6P)u_YM7g-J>i>u18J~Ci{7#0 zxJJ8sqUF~a_zat=914wS4nYqhUxTWGiMUMM(iImID%AEcaj-0h^hGY0HQaXrst`}# z;?;6Kk0B1dtpTqP33zU)?6OBzqWbp)f)Xzo&Io!mSQV=WsxxLtR*frmMl2G`U?k>J83f!bu+^pL{k?3)wAZH}kB;iuKyJ7!-=aSyjJr zIvQ2gC5yfI;If8EmI=D}A625~lOO^V=Y3W0wyzORZ z`agY3Q$~q91^=87ETI=EG~SJl9dR_mu^?%iw5{K6O5>`aWNie2h<`&fj1GBM-&ttl z&n0H&Px!tMLuet}%almGOF5{GG`W=^5GEZ-+4RDy_ zX@%>k&&-)F0Q`(EbG#Cq`zpbNvE{^lwOT&7dHd+jM1H< z0!@&U<4KOlETJqTn`0le+7CK1h(a-oR#i4NCxl)16vfibG%p^r%UWVP^MxBR{BnBL z`s*LRlf@s9_T)=;QEcTlF+zT-m^o2`rf| zrY@SiZqyE4b;)Kp?7e^0)bGl-C#s-fROHTk5M@XltuM{O@o>_8;foE$5a;R2Il9!kNkeGh=U3gntC1~Au zyjFu+_beSE@tN~q>J8X<`EaE$lN;1T30v|2`ZH5 zcEkkCRzWK-elz81a>@rwEJz%kZGc}IP>n!78mtlGKuPqi3oN1p$E<~m=5M9Qi6-;o zAQm9NohAHnYTm4&A~6o`#&FPsYXGwEE9MV}4YV_LD&6s?e&=x4VfIn~&Rh|X5?i9B2akUU zo}iSVG93TDVocqUMJ)XPXmTb)y zcLL#oJMOkU=Y55A)O+F1XA;C2Nf<0lzv-?3+RPtX6O=_}aU+O~E# z(4s|yySqbhC%C)2yE_zjcZWi7hu{<`?iBap4yCx$%iiaH`2{Ok0=oNWBgvTT9^6kVUSxX@A&gF915 zo&_!AvMTfL&La@y88g+V7BBa9``;P(86-y(YnxdZPc_salKf@M_YGgbF8Q#A&;#|mQ+_?LL^e!hRJWqH&w`COp;lt;}|Jf zhVGw_XB!h>v%*(TRRX~?|9!{C&t z&D9`?A+5B+hW}1(GJOUA?4|Zu&Q=Yh7$1PF++UerD+vdCL&%QI-op5;+4FRnXo8NX=*~lyF#|E0+B1vp|f( zK&T++7$UpX43-Zz=|5^xoVlCTQ(V$%@9>_^-YVFW37i%Ef+d@wsmcCZ#fhAz1=+-e z7Lg#9O4zpIN!{N^fH?4FeQS6v%wi$y?q2frF-&hrWwiISi7d^$5v)TAJRc;ZmMn#o zu~={?wCJx{L@br9YrHH!QccAJwQ^ci6wLA>GB~C)g48djeXp5GXCTv31|7ToDN-#G z=0Ez*H!cQ(-td47pf7$WQJa`!_k9bmG$J&_rL4$LqC{z(q{ zzIGwxE--98~OGX@0THo4hK&@wiu zl4rkC2jiWqSpscbz70zS7y`}6yyB)no6XKDqYOW_f#!$vXLgsoG$!r@q|xheUN)Lv zgkjK>NIs6J=O+4FZqKybk(!AR=?S;ieq9ps&w4~NQ^{~JR(-Ciw(Oq)`TTL0glDf&<+ zL>_upYYx(e-M%09y%^I@yuTkE{~tt1bqrgj(m%6=gUlhf-M{UIYgf>xHS$<~tjPvG zpw{utZFp{P1V<>zUq?ba^&c_vpC)IorWk!1Eo}vC#mk}|e$a0{`LK=&VusJ8s>dNT zuFBe#BLHq%8X^01r$rkts(7Lfj?;ALCv=JhmlvgT&pixF_dT`b|b& zLrj=G>e3MV(-DFj?)oqMOEgGh?(8{eu&Q59b4Ip&4-@hP8?~saq-T7Q4k>O2o4Cvz#8;U4IrKBJ<1B3}jG%b6 z%&CZFd~M*ULkcU3c}|O%kfkPOXYLQEMYo}5f(T)oJxJesi^}^88k4v{9KFOGWYW!FgiPGm@z#^US3H`ZU{f%klEL2 zM=ykLZR8NdCY!eH#FqU0pd*4%6RhB`;-RzrnbN7^nnyIY_*S`Z>td67km=E=tL%2y9_Y#}H+e`L#@; z;85E82CY(m6aLEqDg{c{S-_CQ$-t`Sisz<|eW%aj39`_CBwYv2f+MdP&9J3_lkKo# zNn6g#@_z`Vo?h?kmiCM_why`5pCY1j2PeKxA4T{h$LhZdMc3AIbEvVbFup_4dCpnG zrU9a6)KOWqw5kq85 zba18yo;dvC)L-J=$;)U5c#Pt3;jd3NCey!}Cjy`v{JriZ0vYziiv^SVe~O^^zr{nR z3Zv-T6^l&J%2+=u0JB@7tO?6})yZWBik1~mvpGH0gsQqW(kDLk%m-WF9x;Nc9HkA- z_+}xXq6it6;tKc0GAnu0>w4r??m~ueuU1s4CL`GW5K^xUA%DFuWk zq_1_-M8y~8g>IPdoZ293F{?UL$6+mqt*DuGdA`ydfz-B624%!F#j<$4L-_2e$NHK@ zGv$yo1(E|l&OzWgiQu!_d0R0zoiLrFf?V=>m0v9bvpsx09|l^V)vOL+gxqb~8S?pd4GJ68AP| z_$n`&Do@S|DcSyE3{-T5;^I%(@wgsIuF@37lZ*G&P-@0t(wC@O1c!wHAJF!o#u=s= zvy|YnM6iLEB?OC5Y~hRLQEZm?P;yY2e8~)~z+^|0eZNj~3NWK&Hsx&5{szawUL6Jt zXkrEA&1e=&9HE%a&BEq2G{ZBxi`2^4m#wm(;#*zqN`8*9cr;1-;}R3rDrl#;;5dbPy#=%! z#$%m&uj4f(Z-4N!m*yU);>^A{F{*U_=I!OdT?pgaETDsB{ZMM0+W!D%SuXmcX9Dm| z-(iN0CC2lkc)kQq%ReOk>>q{2;UVwQG zhwUko6S-Oi?-HWtmJ7u!-`RCdlZTZ;L`-W6Vax7V$chhH34M5E`U&;~kZ{GIUd#M8 zy^OHSDK*z=v!ySDHYdE}_tYYN+vxO5Ks#J8{f&KQ7gB#sQCBCwogqtA(NCj~)$+qc zN*FM5gr91RXc835(A;*ry}cP9kvdc+_=BfI|I2BT95&EcabQId0i)|9BkgIH4Q<||}K zSw=BiBwDnL{${jNC{jf)xqEgz)aLIfF@>r&wU4jzf-y>+q`@%Q!-1nEE_)<4o#pm(4UbZ?!)3r)HC~`xO^0O?oZx?Bme5LY{MUCS_xf1LH;7o zm;Kzs9A#^JI8g=o&H>A@w--7)5-ei$Pao~x^Q$XA-#y3d$;{Gqq?_sRtQy9ppu zMx5BX{-9*;dza-_$&%-N19b?;a!6Q-`ad2ZmtC_#aP~v6O}{6PuC0CFI_FN2vY@Az zwQB!r2Jo|w{^XFq(6Uw>m^q@7+Qx!0>a6L2am$n4@G4x^obpuA@g+Y?54jD{MpdC3 zNxH+9Rzv2eK2Tx)y?Cq@H~LE>%vMMP(FkQdng2}tf26bgoIKCPLnJ%z`{wnR`cF%} zATp$vf$H%GB_2NyBm#w=F8q~OlRIGe`uCw?Vj9O+GIm#?V^dg5_E_@bD$Pr+UZ(R* z)E~Te(MlKElXOxbiWbr&ujILhQnO|QDM9B|flFmA-BbN8u6?8X&oXK+?vH6DteptD zj9v->$!oX7qp{I_!@lNvSDcX|YNMZ)bb5oOKkW-LED-_gER76a)urMZ4EM$E{)rHu zPjm~AmS#gmn499>gG$Bzan6;KA`W(<%dJhiIc$mk2Q04nIYlnS#Hx%Buin~19Q-Bf zQ1DXx$2WUtYiQHp(rD1pW=(6gTSk_e80Oz3(=uQ1+8Fp^nIf5{pI3EGHE&p776rL% zHu!d5L>sng4!^!1Mu@QOek(0OJ*H}#G8wqM!Zb9df}7hKYRYn-A&Ak&7SWU2ctLA? z5T~yq(b-n~k8}|`+YfahTN}v&(pCOWcdKdgq2#BSjPV-$PAbN$#GEV6JR3RwD}+<6q#L9jvyzw7X$j#chHnKqTW*8XkNlWp?zw3nHMj~mApQS zUa?13lM`pF*#nb+sw-FKwxkl67z!mS>6Fm!VA#5v=DAt`+K&xy>1VM^HqWh=0ZTDm z!dH6@CuXTkFtMHOsC@GihSn!ebtmafHcUJ}z-cT3R-t`x?&O231$J?C@o0ab)XkHh z)E-x*m3~jKSr&*w7w%=ub$+?}`?zqU{ZY8z{M$~dqx6(e*2O8nqOeCtc;dqY_#s@R zxSAn?ry2BONgVbhHxLVDM1rpL)P4zuGWnhlQDY(bcI~fnW(zlC3V5!@>!{I#zSZZr zDxm=*AF4q4I52i8{eNn@f+ssDk>{U&#?%ouZ73Dh#KR6P3Y!%-s#NQi zqNmx^ndf#b);tsn2d3O1Dz^k$sT)uPcAe3Y$N3`h07p#;_9QqtfOZ=~!=rDBl`g|x z@e)aGB>-7MaD3V*flgY$5-~~a4@#{xG&0f?g{kz`7%5X zb*ZCbq3alh7ga16I!=W%Rx!*wNxjjbaaHjuc3p5_y1jiIBo z&YSf8WV@S8+vsZ^>IlN%*?yAe8Ccr0=2!Yil&Ln)JmuAJAE+L{Y^fd(l>Zv?I4L7F z{tLzfjLGa)N-Uu=Nd_vW=;p8H`3vG))utEV64e<>co==i8a>VS2RcKXUe%z#zyAXx z51G>qwP6N$7Me*`-)I74bAc2C5l~|sJ7;q?rCQq{zxgG647?7;fB=>p%|B%M%PO(d z_NOZ%?t(k{g%>@P_l~xV+pWT-IJ{PR@M58rR1vEg`-p$6>&(^E^=|Z+&&syOkVGLr zp-N+)-rt4n9Dn!u$j|<%@ewqu_=nh`R^IVv(7OAQlF0ZNg&imo;;8p+PvXU5t;jgy zmb*rh-wOb*2y%wr=_Nwmm03D7f@hS4CXKTIZZ_V&wz+8?`)RhxPq9t?OYhnG`*7MnBdbKUsbc6tyz4sY zFf{&^I&oIem1uLa#|~_$($_&9{4Pt>q+zqojJ7#hjV>ahlE{UvX_Tgzo6Hi_VI{4n z8!LiPJH7eTv(4hFWQ49@hEOZI96C$vp{L!ZgZ#En$--BBKZIEV2LSS`-yUi$5lj>U9^;x)?YveAmN(v8b9l$_I7h*!7bTWedmT79{$@ z*q=xEFTQ>d#$M^nD_R&YWQ6$fk8S@Wja7v(a~w|GIzB>3_b>7+0iMkWHg;A{aV){N z0km8L=z%caSXgeui?8FhF=$QwTRdj;)^ zPdb9vdptdXe;pr{F|F3KCGy$V#p)2s`kD5+I`_DsnzRS9fiXQrxhB(Fgx3{nL1RTf zHH!t32Gs{Tn59jaB=o`4py}jh)@B_91yeQqp$Ta413C`{q z7z6Y6Aw?yhF{q0=n^@)g3Dug#wr%ZLCCrPhco|g-n#?okbKWtKqE9e5PBMBxsyC4-qxMlI2+@R6T_rkvWSe zO;sNYPVYkYOfxd}^B0|p648GGbJMImUfl;aLH!1Lr|g2agNu)|HOf6xQ{^!H0JuEb zV$79dYkTsCnP(RVWT{gDXWJK@ddIw}?8ctX1Z8Wh{1=`KhyyC+AxuGZXF}Pv-VSHY zbmG0?TeN8m07pyPvCv<;LIK)Tya(SK2SyavgZ@d1)&GMxnLm(qzmzLngST1`IppYe z9?tXVNnn}&4@jsUGGp}APttHxx5&X9LHu2tH8z+vv<$XLeQsE+MslM^%9KojXv0$R zT%V7$yGBUPZ2xTFeck1%w(lQ}U*7{O+Q4O)fTyfrRi{UhZFz3JRi)&RBo;4uMrm5_~)~o=y8kR#8!c-MyoG7a= zjVj>J$T2)fLfkW{6un>HWciLQ*-{Mb)&Q%YpmvInXR%Z1P%(8C|H1TV(nigO;$2#v zFT8Mc1ykOIylP0{1t+Co2oz)TWKv$2{RYijeD3amk)yGYj#o(pr>vD=5u9SxriMS4 z*-<|YDyMriXGngNazyp-j*XfHd4*E^nzF52h^ZtL%tY7~>Z;94Vmx~OnyoIW<)!BR zYGnGP zME|N*kn>aPcLHhKTtu(C$u{{Dl#k=G3aQR@L2svKKKD~~(YOYo=Z73z-Qm`Z5y;E2 z?w=Z+9g!4xqf9mwlte{_F{`Le4}79xXD6WjV$HH^D%Tx7Mc$)9O+N{vH`8o zHHOxiLg3}~I;W)XPhQRcU;N+TT`Fv}xFuq0=9rL628Ifud4po<`PsD~%bJ{RsCNT- z!k!K(0ZZa~z`yTrA6};u9#@vdXns2O$YO{66Pr~&GK$3-u;^3^A3Y_Fqa=-qOk2fQnzso6 z!R0~M#NX8BJP(QHNRj>w~BEuklZ*2@qk5C57qd1I(y zfd;_8Jq5IWZ44Sh4<8j5APd;K+M50{DI1QcSIJ%R%EGkVi*k2f=Q0*7IGYB^x!?;) z!kJZr((aCOULIM?iRTldtCw&uAX~wlzia4Vpvm-LU<*6{?)>}|pPG-5J{|-txagzf zH}#?xpx>vHNRZsFd3mRW!L%`{qY>2bUD%tmr6uFs;XMwJ4={|FAXhdQSH9r4wrXkXAqB(+AZ|1E#y`NWFD0F8n z4e>LAvvYQ3RVO#0BThyuG}D|Nlm5C%d}}>lPw7WXVluS|<@K_vxSU9DjLFC;AzKrB zG*A3sUIIHOwf+Mj#jZoOs1t?Orc+L&(#|%9!t;A!IA1Mt+5qyLJF#4H=XcFkzVC-`l>A#giB@Dx7I1P3SB_NbEuJv zGu2_DWd6Byli%)i$+-;ql1B}rGt5gN+Ec$e@<1}LF4UhVcW?bR8Jl6vkO ze|~*b&4m5Lc8DCP16PVj^_@cO{BV^e&pOSTG*;ftV_&Vt6$S{ByV!V!tzYaSreS-A zE)bDDO&F-O#9Z%A|EK34e=U2Bre1nAB2Itn zaV_e!xcsVt(=J4JulQm=u06Zt;gIr6F~gm^qmO5aJ-_Fz91%<`I__E{E{SLq{RgCy zV^-&^!ny1Vz6b56oaAwED}8=#jkYUs{fpzJN{JR552o_U(!sr`05^u7HDBX!v@VbA zP37a;A!MFpY10J}`X#XW?OX%rsq{Tc9#}Kf>Ym{|nVqLHh7+pWF{@yXT=uE-t`GW_ zzVA!S@oEw~kP6asf{>XUZ=UpJpvKa(CIFSta;;5YMFMATK1lLqA$&Sx@}#3XSH_Os zL;?05HDg*oC?di$YV=d!+a_bo$L|Djj5S{N7s^e~WdhTW>X5;e?l83Rtkaaz!mO=$ zZ$q;jKDw54woS|h@`+*a(5IX|eHz_y=Kwa&+ALAx#24vUzUK;10plLsE?m$aQiZY` z&Uks&L>%^VSaTOZC}E~Dsz*yH!BG{}tq23w5Sg}9M#9e;(VUdBleJ!>lK>S`jb>lb zQcI(_;jWN8j|XPa{1qG1!|)+m>art8{>9njEbLkFU5ZepES(Bpw@f@jCLj0kDw{fu z;}kUh-!ptKXf@JR2dOG7(q-gMQ{PP1`Aj>D(o_qXo`_eO(*W zc+h{sX+PSE?Qx>v?;ky{HErLjr@3!A?y)lwGc4BGK^5y7kH>`>k=yqC=x8m@9c$`t z#Loor75=I?~4F( zuCona(l+9sSBCJ;+m@6-Z{jCj-7aR3v z*|KKi3dZ(nq#izE6N#8Q6V-^++1%+4_;Ujnm$jb>0v-N4%&JU1TQiw8{9D5B$G&#u zn!5T>B?neaX853s_(np(rD4@PFfZv~3Mey#g>LY`V&HqfkA71$;$Geu?n!H7|0`+O z|B)ZL4t-eNx8~M79tkF5%fOsS__ei_p6s*0G8OOn`h#-|w>%K*fOy5%@TI)O{cI5lt^eN~;6#{w7e3byO#*b}~B|#PkK@pE@9(4A`T<$>n(E&2(b? zOpdOC$6UMkr!5qSfEqQfUw9owU7EJfe19&+ifV5Pe2w>_x!335ro@i3T`4^=6(vDI z$F2a^3S{pCnn;!36u>f{$n6KwO$~gz(52IlY~cj+X0N?qZI?`;Q`MXg8@@nQ#f?fd zHul7|?svsObRFoZl{-JH!n;?wx)Y|wheX&dq&QGz4DQQ%`5Hl<3GyMcl+NoaB+v|K zPXtrlVt)GafWV5Rp~2eJI=c-|(Cf1A$wHRLS2mBHliwdFV4D<25uKbenX^7F@NX}&h;O%EnKjRN5v@GpIbAFtNiGLb zR6Pg|MNP4_NlW*snbmt2qcmC&->mkSc;#kBN1wkS?5|J3_qg-EDdj5hlTAJ}e6Yxg zjFE<#rr3GH<}~nt#r-UPv|4U_p#*6^Jz?brP6$yEsbI07eLFDj>i)j$voYL{BpvcyEY%+2k%L#>s!wR?uO5MrkxlwqY176#&pojzzPlG~JED0R*@GS0l zvt*Z`pjXvl@7kH@a}ueU!z3s1suMVcK4}&Xn`!jSZ}?8YyI$$h){&gX7Xym@xP}3H zvY^4}Vp&Z=k+WHS6CR!|6c6X5JlMUJ4u=huHmbAXmy*8kXbzX;A)bx8%+Yj>!)grT zmZ|^E-`M9rZYyw^9}6PiKd}Yz+Xfeqt~{M zVP&;GFRFVb^KihJULT#ifRxq6MD>~X8(nA9c)Lx~(?-c{O(DmUJH_LYepd+?KLhmZ zcjXscpM)!I3&!4Xy*-#5KSC)-pkRV{rhqvx*KXPu5Rx1s2(dT4j-O}_SM_rms0BxcvQ|9o4Kq40~A`LClAtfE+!=0wAdsA1dODtN8juaxs^jJM4m1DH4b{Vt6_2}z(+kZt%lOv3~>jy13qxc#(F(Z0N9;t z_iT*Qgr&t<&WDSnsE=YCFjl3s?>Oz@^ljTsR8AG-@pDn4%QC@=neV(_<*YOcNj@+r*5W&@$=kE4t zyG$jePERA?31ZWt{)-$zmeNNgv7U*$$z#au#fw2>UB+5Z!7+Gj$+M}E#$dFQC{xQ^ zliw+WO^MA}T2}EWn8V9G)K!PkIXguE)6};PI>D|6epAfa_&c3GZI`{57r$TP3z586 z60IBKX;K-c28OAzF&&wr39+)jCDqlO-WEiuf^BTPww>K;qF!wPjBoLv~TtdY+wr6!>DB^ znPN(HtG%#;In>7s3&wpJ%q&Uhj1?VhM9RGrn3}NmVHh`mx8xIovb8H{^JsMOYSrleXf~LpHmp*fJoNvC%+SGBan{NszEpaJ+UQT zHLNLubIwzpsa|ym5?@O9y|(@B9+o8XXF(>{SK1@hN*ij_J`~e1UbzTFxefuzh5@MX1fzh9s5rEXx9wEd07Df zi4MpCUkDR9+fdtI>H~^zRWKGc?2W05o9%v~%g(7G(-Hv?Yt4s! zNAcCf5XQQ8>|3Sy^yJ+yaM=OAYzxQM5Wj2CgIOv+tm>H#R&}@12%IzLQk%azNx=(j zP*&?)Sp8XyPpjGWBX6p$6iHla?)#7EvtN9N=b4Ng_HDI>A88D&4)k+|^tQk@a^KSO z?wl#d*>l{9B~n1UPC@(s$Us9LhY^WG)n2D6hqJ(ydgvh~Q@Pb9yk@z@8ZR=3gOp#A z3;#$ieyqH*^r~B)Rbvx2UV>4RGRSVL<{ZK8Y}G-}?y!N&*^AT!gm!*QU{CNNvlQ_0+DiixxuK=YGM=^3bT(ZR zyt%P%GPi_R;rK)Ht*0m`i}mcXqCh-D>P?J+h@fcJ%T!W>d4ARH!U$|aHVe)EO&woq zYKLZ;(;C1V3pmS3^wqOoIO73)6-HNb5;Yq`oH{QYt7w%~IP59gc9wC`>eMNnEvMrf zbkkwH!@t~eC;MNDn}3CV;f{^=EFJsPPTgl#$a?s<<(-e0>8tLtGisZm@n~**K^?A= zx%E;b4rn<6<>TbeT*j) zO~Y0q4QQ-!BTrqg#BW%XGGI$VA=Zw_rp-^^D6sKv%4tY(75vkJjM%%qPfT0Dy&%$B zN!YaB{>^sRfU#Q0IDhmvW&gwFR>v4$?E7M7xCBXRMdKk$yg?WA2%k)5UATgYyo5|r zg0FW5Ik#~WBi)9~ppC_nL#UMjOv9{0B~!8-T%ytUF{nf09T&Fc3M3|vKslmMJV{xG3vid4Di$z;mF;#lk%12mJN7M$-vX?UEj=i;->v_LbFZ^2cdN3RKOZXQO4mp! zvgT>E?y^_M`m5c@<}895t9R^)t4L`a<9=7@=3LhkX7)+B!8%HvsiQDZADm{B$1Zz`gPoV8^=CHX0qL5wJ2b`_LU$;~r=Ap^7NYaRt2O z%r{rfU-ga7Ac~9O{yLxU_b&&1uT_v%e>jJ$Tl^#+b^X0q4?9#+v^^T9Xzzt#w9vIF z50c51wns2=AXi)N2a%y&x);K$PhOVLt}*PTeI>NZC4)iG;92Xzh(FWsx~Ih2b@C#~ z9tIN1Lqqb~@f5&ZrV02WIUeLzItul$#rUD(c&uUZ)Ba*1YF}}8+!o42BXZl#ObKzk zw1k(b=9{Vk5shlO`dpKrH}F%c#!(&uNQfB8CO6Z}%l4{pT`1|bD1lh;w4`i!48VF@ zDFdAoF|h(kHMV#O*ch&T`!Q=6ET$}Of9rz^A}A;>#4lMaFAh9kC?^&&qKU;rZ_PiS ztvT=Mooz~DY5=J{*HUUF5fK{3X0+!S$`j4<(F(h2ve6+7bbl>~D4cMLdfzUb(69DJ zQ1eaap>Aq-*zq0HCCaj%EEN3rDURl?jkx4VJ21+`LmEAOtc>J4qZ?pu&O4^}6}3mr z^3yIcs8Afk-PH9!pUHf9Y3DZ(+(d!umo;>@6?Q~pS~yis<-?%(Ag|;!fh5n&T176G zyJ`0%m`nLfgDv%moza6Nuyu12@r&Ep8t&kc-lWsF)%DuGRDSip45KBJ3d;+-xqK;| zzhc{+>&riqN6!!K-5)`Wy#v(BqIBkab|UT=vrZAYIb=V7m;a`YCbM?-yH8K8%*=LG zQ*^9?F^nA#^e95EDHHsy9EyGNah5x(2G+4ViaCI`5?fOy?Z(#AfCYHA9KuO>bHhkv zJO)I**XM^|@EA19t6B@Dj-WbJ9j<9*xEa{6W!mM!moQ|L2<}TV8Mcs8t}X{dY|f+7 zfylA$ozF33j+qQxN8+ygACkvy`Iwq-Td;w;y9O0+aS{FTP7VKwyy=}&e_H*_XmE({ zM}fd55p^Rv%4BjjWv&S9TpAY|6$PmHcY<9B)F$N{%u{^@hp6T;oy4r@u|j*me*HUr zR!JF>UW7^iY2P#Nr7W1468(eq!GqV~i{K6RD0WofCuStyX6 zZqrhT-cy-@pJ>XLuEK|eMVG9(=g|^Lm#%)3XOG4Rw<0Y|NyB)01ZDH9Iq70A2Du|5 zU8qMNjF^(8AU^LSfxDWlyb%Ufx2-)yC07p(Q&m_;c|YR*qu{ZurIr7 z;ySkz1qA;dn`@u!r^NxVqDyj;%Z#liSR3bTYyW-9;5A^*EJQh`imb>%7zm~s}2L>!m6@Y*1 z@1YCmg=SBfu?Z;5>)00`?bH6s2f8R3$`McM%>#1kSM^y|e_8J?BaJw6hkNLxVDTk? zWc?nMudF;$qLpxF>l7e9<*#zq*WGX%1{hOcz3et7HijA>Mjs-(rIt7WCMkbpZsDEn z=Jvo>_+dInb_u(%*^WJ(_Prm2rzWd4!yxf{w<^anyfuBw*mM2e@4vs@%(Q6R=mE0$?8yHUZkn*@@Ta;#h%dN0F00AqwvbXNX}^yTE4{UXhx z89a$Uh3R!@xX6a5HZZN64sq~%1)BwaT-E&9?A*ZVSG}D7QY3F!7Iq;vf+x;K3a9J| zc~TCZ9c@`!5!y(;zF$or5Qzfx3QMGhL=jAobk%PzE-tK(-qpiq`fzF#P)87}NX`Jp z5Qkqo)D%Rp{&i0KbQNdsrLc-pQUbE0-#u;X-dOzmvHJb1)xrS3ElJJDZ2?q*WPO0l z4WtBb`f(Zy?<{f~J2%#W<%=5O(_N-;%{N7!1cUvk6@AC8{A;Se9_b`yJr>rZD1~neUO3%MBNg9` z-+pt*e68pJ8y;dfIA)z$*QOpAi(Jah#O5>5;wap$i1Bv#E*lN1aux``Y zg-3ouh5h^5x#%U35Rr8YP-+tikcL1SIqxW2W^RO@+}pLVs%Ynog;(x9!6SAG)G8a?L=M$b(qQTT^+rzt<4Je$K$o$|^^mk=gpv-pPMzSW=gj z@ptiK&*;ZNZKiXwk)N;m=Jb&Zb0K6`PSf7W2B%U>YBYl673CBe$dj87*V~+IG7Iit zNM(lI{T5Dwou-ot7DfOGXq815M@_^VQW@a@qb4Q8t!UH;`9}h3C(Q33suwCJEO?kI=HTGVlatu|kqa1)uwQsNhNzH05T?MEBs0seAA%JDo=PlM)#aK_(J3tR zTi+|B2%sqKxyH>|J$)Szdzg0?^>)>^vYr!yqL?qmLH;n*zSrYQyzN_@) zMjYK_2dDZ}4EMnJ(1ypVOvRUJx%*E)0@>k&q#m2|Bc=!e1)|dU={H zl!!pHCD_ZzA{0tbv*U4|j$n@}b6tL?K-X49zDcLbw3>3gHp)QgEmRflK3rdL47aLU zBI8K>7D!hCsjTfkY@~i~CNul!XNgF8vJS`0YRD#RqC;^LG0i9)mTV!W)`evAyxBEl z`3jV*k`Y|iP@injIco&B+r-syoxTEfMaZ+&0RUs$2Tu^Juq{SBvJ|AktnDJLTWz_C zOo4lGbw$dCt+b3aNjajHr}{bKNuR$;eM&y&2PXQc=2H1C&x@C-4e%npz^z4G#9S$k zU8~M#Btt2ovy;@m4f9aIRE$_Y}=7Y}TBehPP)XlVN#Y7mMjl<68%*?+nPi*IuIq9lz=XLp}PX+K_h|)>d zMdM46ot!PlKNII%c(cZyS%}vMha{dd<7Tw>$M`jNFl-9nUt4&x!N#oqFNT* zC%A$zukg#P5nyD$uS>o~I{(`u0637eP`AHc6I+2M{CoYMp;K;r31q0lmb=pVnKN}< zi#ub1*fVX{^sUHCaL3JQcH0f#CAWj7-@_NRQD7lhgHB8hL7r>wqYc9-mA9d)My{s$ zkxm)L#~LX+?5_)+Z)T0tNf?D{JPzZD7Y!_GoAq+Tz{W#jyjlm%0Jz+>dkqOGsy|fL0OP{ zXi`j5!&EXD{O}ucSNW=0Ze*Lz>Xw^QoXIx)0rxz%8Y*aZv;N5AGR%&fucxgk$J-`U zMDLzhXG3dRE@QYN7692AKg3Z$e0+El4tnRs??LS8j^E)sn;(gpckIPy7f_nvn7?k8 zHgzUtaS7WJm6|0|1~f0rI9BBRMXd^tZe7VTC-WIr5j55Fod;B+8QZx)xI{uwx?Y(|$QIk1F(~wb~@3-6Ww72{=CUPuIAU z&n8lO&H%|HtfM*^8Q5y-*SMZ^0FCCVzA71M@qRmUVxn(Ak)`weQlqA+>-F4s-c!Lu z$l4Kv*^cc}GFu&|snE3eo6h(cEq2$s*w`5YB*TjozLXLj61KXp)5`%^gok%q%x;l} zbwx_2dY9Id`PPj=H)wq(=tM$bcKrMrG>tgmc+mX(VWt*A4tu*E9uP9BSnRl8Q<^k| zQo#8G#UQH;a~7_Wu6`a><$g$u@;GcOw{DuB)9fC-rrD$N_e!Ow3<)*&PwkIcLi7CT zL%EH(Sw5;0$D9hOrAxDa%~T9>+!5SsR_y-ZlehG#sxTW=e%Y(^|7O*0VyV@!TIZma zut8r(Rq^k-Ax}U8cBI`QgiaUffq?1!^Ic&Lh2J1*H^*ZC|(w(<47);28zt)*0?k@~p^qbYD4PWETXt>jZ3Nm0Nb~rnx z1VVUK%?W$kInh1o%{MJ;v@wv05_p^~L8X3X?$|y(HE!{PC0&yy^kfr1hrG=>X_Ua> z$MkSqB-wpmKGngX8;D#vfXp9M9$+OQFoUh@Y#g7>v0bugU*p6Vs%bf6rY-Qnc@X|bl7-|7ym`RSsGc`kK*tCF# z3Y&+O)p(Jg)3ydW!_4MuvT`EI{M7ji=7csvnrVuDc4*o(OD5bhQ7S#CsTH;hRhG7U&?aaLRanZk9i#agA=PLo3C7PN{o@7iIjgNid4j-f^Vdg8f_(m4X|zA4jHNgMJB`cHfq2vr)!RauYMn8}<0nCPxB#_w5n%cxq3$WXI^hJ*hg zhTUeY*+P5PP_TBCB90mSpBI3IbOMH?kNu4ZXq?3`$zejVNt>~syi1GBG%xA4`XW{YV;P985zu9PqkncahJY8a3c z3Th|R&Y;1AASg@-N!`09kdj$K&MQ;VZf1|+)R5ib6v^X8Ye`Q?UF#av0bB5}jA@ez z>RhvWVfzWEw=@pitc6qTrI4KLpUs~xKRgF2ZxIYQO+R)BD(}9i7FW~v(8K>&{PYxr z#sAG}rtXU2XCZC`9HU!r4;2t-X8x1-;7J2$jTe(L2Nj~&;#xfw6#iTe=Dqh98-^Tm z3EZlWZWbTjegZ2iul1lV)V`Y@mAz_a5vT_w*h%t3dnkHl=nlAv`jfPnFg{NrEFqd-Q@k8C3C zZyv?g-V88}Jsfoxl|M2A#FTAbWJ_G=S57JJNB7?qy?pxON>vcWVu5&U+37mF^6 zLoC_koE=*WWv~cnM~T&YjagC+iO?IXdYUlVXYI$kmnR*{l!<}hco4Uzk9^0Dg{>}XSX6YsJk@F>b1f~F!jK5Q)o z+sB;l%8L}t+fetZ&9S|QvWP1y|b*t-YINdR-O58m$l><% z2^;KS;QAQ){agG42l8GK~);|dnbsG&1f$cKC=H{W)nDL0!f2Z!dc1qR#YD-f8&~4z}15qso9(9 zLVlLkfsB{I!Xfj|9{K%}3}uyZ@tX)>Quc%gA1bUXgLJrNtPG`mZzpm#P_TcIM=xl& zyeb-4QkUy2>aaDc?NFw}#d2&MVNO0$r;8=Rjuj~&RdzUE7I-$<8(H`WE+aEI?I_dD z*ZOUuCmLT4d;9vfOps6wfDUuzk`DQ9@d&+(T-8F4HGcK})-jym0~#)kePe0vIc?cM$%0#$A3BfNwG#B;g^&j11-g;8w`5`=H66$%(pHT zelAqR@_;*9Y>*MC+K+CNxttn7|FU+aIqotGoeW`@56Dvw>BWvNQ@brWSL}YR>-eHo zYU#K5e7=sIGLa4byz}&D)u!S6&+#wuh#c=41(c`&oTps%p?;_r1%KlkUwIwR^ZLsQPhMml`9(FbH4n#n1ZF^tz)U5 zRwJk3-*s^EN^;FL!8V|nYC*P^w3wdpyl1*gMK48qO&yF4+{UAtACyaNcV_@XVb6AB z+t^%=3wT_j`Que@pMYTHqHRWh4)tZBguEpiS&29ZM46Tbvge2Z7YU)RhtU+Ex&!W) zBlMP^hBUg^OMOjXK7~Ts-t(H>R*V(ivvFmoCli;kxXuU@p2?3SD6?GwV~?4rl6EAP zHwpnO7d62Q@>ww#0fZNjF`~?hrd!!*OWatu(?<5yN&4e3dwFuVBAr4ya~hAeACdE3 zA&B`y5`h1gN~_CEDANAKYj^s4!rU%y1>lc*^2jvihQmYPBnKlKQp8YLFE%mAKo-Hs z+F8COh1yPsCtjCm6#2nFb4;1O-HuQz_AJ^$g8wVNSpd1nzu?G?y|=A_&W!twdFk|L z9VHIEJyu=g67FK7c-8lQt>Cr0>c;k=g0==WZ3WF?vB$!*+K8x95b3`|uC*yXWWm{|xaMwxYunSASRE*dAjkyhCm;VQGvbdFx1HWs@0mm3`@m2@^CZ zA-O{MtD(vI1Mvgqi-om`6!W_1lb(dDK&oAT&6i#>=)2U1xkNh#Km=Z@pBJ)Mp3;L# zYnlT0->KV(2j^6^)Tl4Vc3IiqM{%cPPa&=nI()uvRUB3hb2;NYc6$b`S- zQ*q=@2sUEb{GhBP!+D8p*HmA#)DlC}4LlWRDpWaM-}mJyBE zxrvevz3=?{*wLQJk;4f|a1M5svyPZ(&(XJ7m7v}O)adHk3!W!;^~=0vDm(v%H6(2V zpvmmte93{|bIK2d$@BBGIq2mXNwXhk6X3|XmV^gOuVV50Z`;C1DJ+TNkuRh)Zn>@3 zovr-&>k|xy?0$~)m~SMD&dY1)7RJ)X6gNp}--$z_$(Fn=ek47If~GGSJS5 zyi+%?A>;8-Ld)Mwk=qL~iAy0UD3hJBbQZ(2Wl_MlED~n+ zE>yu1Ck*^mwpH7(^vdFJ4gM=PO-$|%rRcl3sCSwXsiQqUk7IbL-@>Uf9$Qzi?IV(nn#=F|&%3h0QjYERx#ifC?SdwMX7b~kWK=I##TV)yJnS(MS zlbhv+rDXoNre$qJp=%{zR&gJ7HN2AqgLdOpKR1qe&$|lEKN7q_Q`6?mo5=qZQT}6( zHj-CwBk=ZP97bvN3dGC$PYrj z4??t7l>gv1dAVM5avp|*rao{bIg&qxTEuvj!0-?qlIp)1SK+_4J>@P%rXb{!ka>l= z$dEp2dzzKb5eHwIyZ~z?aAFaEzq}bz8g^~;T#D*d6@~(N6-@EgZ=@C(iLpsU{ce+M zYVZ~kk#pKO(DItdo3a^2|0*jOmq#Vdm;Z_kZEh=nH z7h5yfkCy|#%=mk{x@~fZY?am~YE(DiNJnl-`fwU33f?a{57Y)+$1d#nIAO8&=c#224%1x40RqE$`M zki`+{_TxqL8F(P5J87r?XIb-UY@YGbJY)0yKj8s5sVG=a72WAE&u$a{lR5IB2z=?2 zHxSg3byPyRthz&bmf{rKU7m!c+0CP27td^96<2ixah(L0C0`G|tb^UBaVgZld(_tx zK7g*v|4_OZB{#&ze+t9IwWW_XL&sNOoU$>3?&gbK?ws5t0N)=x#F8O#Ob9t{`K-o; ztfw(pdI!m!_r8;Qc*ZZXk)3{GKo9Ua#Z!G~bt%&bSZ5@#qi`)0MJX6nR4eUWr5WoE z$5-WYgd|nwLxl$Twq4hwYxqwn&GY&$UK>{&VUVPyx~wf}Ib9=r^+eUg_WnE`W=-}I z_eAh-1UzB}S9FuJgOoGzxWThlg(Odx)*sshvU3{n!@AKG1bmy%=b;zgEm^1xoSQIb zGW}W_*Q-3R#c9LI$fB^XU^;#A2ZU~bR=d@m1N*n`UrZm>UJM6jvv7hz5Ik+~gM>Uh)n>6c}p9~9^ zTc#3Rw3_u7tz6b-nHU;lII~#y-7$2yafZU|$_$CsJey`Fg#}X|k>5WeV;oJI`&@eN zuD`oJ#ywGKF_oQmaKQ|!kRV)|>I{lcE2AS5uAh>mg_kDwcY|r7iex4f31g+jXc|D~ z=^+A}wZ)qXfC*VZMv#1b0cch?Ct7fE<&W#(szVfg@6d5Y2@RHDC?CON#$tAhoOp?^ zAFt(}h?4zgAu^U1&h2T$icrQ(KlnSpm6b~()DPB)^w@fupiLB5&zq>HoIGV2cCq89 z3hB_I9_vjp1snkYAh4sWIMHe566YX|uhne-{}24IG7DBI&K10VG-`)3;lXMFvExB2JB5 zKcUUZn>J+rR1qu|Mm$zYM$9{tqv4uK1}Sq}6+b&SRVxpYMe^CiYt;ySJ!NO0EhxMf zq4|Lz$}G;`uwHgA0m>Iwn`|5Nig8oiuJic|Uj5&aM$E)0l6mBfa1z64Cws!aV>6Hb zDH*)0Xs~lx9KtC5hgrg^CTOMb194s-T=0Bp*PnhhT|`;`f%Y;#>&`BW@l4IliWO84 zBGLaeh^5P~!~Tkr#qi^!zJMWt{YFzx`0dMQ=dR6&oQiUX&R;x!L80JcWtPBIgq$jx zt5Dt;v6GhjD{O{S#f2#Yq|udb1?N;@J1s&&ggGWZv^?7*ouRm}w|W z1BE$JY4_6i6ah~=WwAZ|a+B{NMagsh7fjLY0>|xy;|%W>;Zev7CT2$0%=e~5u*#yf zInQZh^Ef zJM)kHYA*x0xBsbVmME*WXekPd*5pIun?OOtbb@=C0D) z@!?y6g>^k_ezflE^j-_4K0SfMuYR4s^{eGOTT&TWzcRdArZp&jbBI`TS@kcgfLMz! zM6SW|WlB9KS@D)(A#Ge{;5tXTA;dd}-=mDGCJEPGNrtDA9Dm$}n`P`G~*a7z<&-LUYA1!hL+z6<%2xat}%i}-+Ur5*Nw zXYjmzl+woX7$CPFc2u@aT$%|KN|-i#n=DQ0N!v^+th}COdd=fQ-C`O8Ss7Gm%Bbs{ ztf`s?1dBF5P{?E_W7>hv6zHI#D8hWJn`9d4(G)>)q5am^V#G+lq$kZ%?nDXEZRXe% z{W=9{QOz6>8>X1X6cT4b00g&#b~?HSu&lAfod)HLEH-{Y$Hd~8nYzw~Xf9N1YVaq~ z$mVfuO8fx>yOD0eYJ9_+9eq^jDNh$f`%qQl%9sWoDV9aehosOK@?I6J0X>)oRjT8P z;G(@!iTC+e%($l@BsvVB!d89|+HP#zbN!KMTB*N0(L7Qa^0&5zPA9oOljJ{KU4c&e z)N|~AEyjGs^Jffa1lQgXMoAiyAMmF_PYh^VlXCo=>%0Z5RxMo%#tVS_xA}v*vlnz+ zmG*Fw9m7&c={<4xMZ81QKTY^J@eBO1E)h8U-ps=W#-C!&_PRaL$l^x)=_N< z_0z;o=D9abVfFV4i_N?KpIvk557ZOWuOGD_K?o|M{3JRc*BLSSIFL#|`TkC~zE`UH z0h<=^&bTkSv|Eoe>{EnpDT1IxOi8v?r$joG;fQu;3K7%ShI~eM&Z7jCcKfHm)5#ydS(-9mdmXJN(8OR{aD-xuKI>Rz#-mlK<#BKrq;X!F#A&o zs8v;2v(YO3nHr>UP{v(id!uMY*sAZVMq$~NHd*I$0afBAlOutp>-y@>=K`2hV!hqH z{G}-={gq$xDIx2p_1k#s@aqz{Qj;8>jF|CS%v`ke`c;XmJh$s=@O18$*HXPLaT;H^ z$s<$Fx%6*%-u;9G9IeUHrS=4G4#kjXF>QO#esXz}f|94tqRxy@l6i_P+bhfrT09+V ze)C&}k}indW61}hk!1+TpqKS%7jMW2Xs1InCny)v{_9E;*aqtixJfrM`vc>@{Zw+k z2FO$F?-aQUQTozR>+70jHaxy3PSyIolYJEHzMlP8_)ldz@g{Jsm4Bj>F4EkUFDup{**FL9rVomk%ujkg-Zf@++0g3liLPg5A~K)p*W7q)v?Jk)iW-sZxovT<8c?9+@) z|4tQfmDqg1*xB1SWX?w=OFA%(`lc*mZ;wnJViZ+YYqTj6P4aQdr2bEDlmnGQed3?b%_7qchf16#;8SXE z$CVU5l6JyM7$ChqlEUoqA#AnEQmJylajWibz-YfKAw_U&qIqf4Ba;&s-{{|{`&XS4 z&~Mk1F?!z^wEi}QnR@++ISU5o%Ltx2{+z}JVXy+^z*LO#z=#pY(IsAoBkM&K=t8u1(gWEN#`dy@og(-t zNgi{aQ3XVdY3{bBOBnz!d{Cb7xY^f@Hak9e{^eHffubErmc0eu?W(V~(+;^e!Cwe7} zwi=8ZiLe?Pv}7l!1&o1QYC!UGH?Ltq2_L`Jyp?jv7N4qJ<>y(TF?ff}O)1di5yn{0 z;3fCW0#YLOXa>-4dmg0zMWEAs1A!`8HyKxfrI6sIm#7pE-Hcem^AM{_EVR3$3db`MqKjJ1M3FC;qg^qI zT^Hf!C3${27tf|SpLw;=v2hdBF%M^KcXX|%OmBiNrAr4w<0Ki?d@pP$;&KycZ>a@kj?Lh2|hZY#IzfiLLw@GeB zoxhJ3Q;qc4mpfquwRDsxyLcp%~+m!m&xEjY5RKs3aZC6GG%?|VoFRagqeM=FC#VS z5}P(48lu~BS~sd%x|eDZZ6a-tloeZtx7Glk0AOm7g?=T!ChqW+{)bS(B(5 zOm`w_N!)Hh#n4TYG5EP;jbmyV)@>!^sd2qh&w{=Rm0FM@`(XK+4R3LoY%RF?bx1;m zZr54F&S~D&s{KfMQoZf>4VLZRQ&GUt#?e`Jfvhdn=jQi;?xdXqZCbNC5dy7Wr6~hl z>iozN_Dil84FAF--yuD=#U|~_Smt%%3C;;!gGFm!nNU!~TN^C?wiD-YiHwq&=r`IP z#$*?`b}O9$7+|PEmo-i-b(T|cWh5}3`PD$l#TXG#n8<_Cud-ZK%Q%qDt$2~)VBr#> zRt6D#^&9c*oPXAkJMTv=L`bu|dHSTYel?8z{+TIHflR{sP%@$r%%V^L)GKXnjs{-H4O3uO~ zOqV2SUP-7QJu_O1-!o|_bIx~XvhKgwJ$U`liJ(A30qf1OE^hot1!&fw=4#O+tW*8S zGF4&ojHK2v-e#`$vTeRG>k8{rKVn%_{tsYi!s9(`>Ui){^7{jqzRm`McK5vL5`dDA z)EJVxem_e7Aq$oXfb4$8-A7CVnI4nbG^A7N9~6aL4h_*vOa^yc-NZZ^p1hmr7vHZk zrU_|T*;}&&4KMpsY$8F7gX5pzuN|TiRmTrO=N(1{*;*Np5~g;LI6DncL?ueMaJWpP za214Rj7bnC0d9?{U0{S`BtDl5qQI?!qr(+b0>P6qbX_pLO<%`)Tphn`Iv;K83e9@m z=LkM|{M}AxGgruDGau(D645%>2yQK{swXcGil}<&`xJ@SaT-YhAurJIk8~z+Zd%%D z94^;=^u=9^NCvQnF%hs*#SfSwhjlb*GKD<&ubGaG!2w_yG5IjiQ$~EP`Tnx!35I{|F`2qII-m`hkCkkRW6`gPbP{%t1r!U z6QMb3?SPEyPf4rm9D+8#x*;T{x0nYqv$1XyOpwEFtyWNST<dK)FByI(1_asNXp3Dyi-iTzD&Ou=Mk!jz*RR8om>fxSIk}|M$LJd^=DLpFi z3&alT;c!!jdF@1bu+x5!6eY|1Ha{#HJXp6jPVN;HZobpGnlTlw6wtIRi><7)X>lAF&x=7DpU%%iG_$V`E67( z6Ea+ywDR1vgK9(6EbN+SYUZqwv5{Y!UXotBkteWSPcmU1XgCHtgVRG)6qemKqe`DN zCxnj=kQVh(IyyQwQGbF+F*oR8>??2G-!)|~=8WZ+1y-(~jhT{@lJXFmh`5!m;zv%e zFO8@$cidSW+oNmKSFBJE;I(0o^`Lj;oDyH7KX3G=12JakHbyZ4{t?W ziR4wd0@F*c;YC>DQX1&8p$3A=AyBR*{i4Oj4v8$#7Hr^e2&=)&ZQr+qmJMs*RC@gg zYw~T4CLQ8+{JiGM`HJr-v^6@ki zu*(d0HJAk;yCR0d*bs*Jocxmk$VnW$U~&!zq)DEEV#DE%jCLRFhYQHFEJJRfkg32o zRSJQTtW6OY7k|%(5$(=!m6Kh5qhS;V^p;O8hPc4+jlg?i?$)Ho1+*Q&3f)X;PMLgi zhJ}(?Wux`Xp;(F$P4q86^j?oYgpU1_ zbuS=8)9A-{xzp!2!81I5{XraJ)`w)cZ{t$OP$)+*z?1s7s<#@=A*~Ec1w~9rIQ*Ni zwZNBDresO+yqRKUDuoG(kt^hE?V#Q~a4Le%Mk(NauZ7v_4<~!PoNZiXfusau*$JI6 zDt71@UO^Q~QMpC7#rY4jKxu^bRQW|6a0DglB99&eY4@m;9=`t`Q2^>R`&3KGi^V0= z!Z46!+S0}-8HUT_VUIN`y*B%Zj6@15uVz%AlxflXk6i#_4)8gYgM&k04>LZlcEUe9 zZ_u}DL~t;BmYEu=malwwT1)2Kp$>~`Wjw9kV#{1PjqVwZjKL>(xeo)Bke-z?0Y(?I z!Nq#NWoYHypeQ?{EH@b?Qg$ioT%|5L2=s7Aok82OiZpPos?Hv!`YDr=jt9JEzr2pYH=BV!V9$u`zJWa3Y^=O2I~ww z7U3GFNvs(ewYH6taysXS%Pb`pprE=zIKTH_ozeY39tr9^S_13Yep_FJ7PcC<39h{@ zBGYLXhlntN3E4889IN0S^g)7X#Yy20NXZ3!<|ZaUc~UH^e{YYN9Q&07-^P z*i``x8yUEz%RxL-O2%wt!uHH2VHz#g$`UsuMC>i!l>BnBs}TIoU7~o5Zu4|yX2pws zw|d+m216|aV2PH)NbqJBdAY#^K-;C^Tr>mWI&(;34X87T z+bz+uZ<*tVPS5C6G!Iy0@+SP`$$UdKOb(OBCLi5`nVkkt( z2^gDAFb#)_tY-?ZvW5v`?N{f@;H%5_91UGQ)}%^H6j2SZvQJ{rkxA(*-?ukFE;QA3 z9plED$8ZmbFw!wz3xBr}c=-c;g}=fo{Vyf5r#d~h55UP*V3(7kyjn$QI;q)l1J&fg zvG07#Oa&MVav2Ve0kf{IJNVOf&A_0BlK<72y!B4Nd>lM>4Xp;5t=gh{Ndtyiiv2Oy!Wzw>H)K?LupsjJ^xOz(4)1q)cn_r?YB z52Z*b?&#Rw(RVS}0m)g6oP3xSbJ?0P!{I+>7M@l~75H%QN6$tK5*@!+7L(ZLci4)yOgXe{)XHODJ^=^ev>MV`Yia$ue_74O)Rv5LU*|$wOFL zv-s$v%67;O=1>*Hrg8;p`9awDpq^2`i$2{q?Fd=>)_8=7Kv*vX+!Sen0`y|_O;50i zBMjoTYa2ba&I@piI=kXcaEE$6%T+_u(>k^q&xKxvho2=hBDBcLkKMGF1%xxIG`6lL|{K|u; zTMtaI#EkGKZD7~Kkk|0$`N_iaqTI>Pyu;FZ^Oy*TZb;!zUP`q8Amf`xr40sH8sQUO ze8(Mn%hh$NL7yA%ly%$Mlzeg*o^@^fw(^ptxB`Co_#bxQ<*~mJKN*ah6A;b<7IXtMHGO9NTJr zrKnEX!%m#+f=M4U#_?D()dC??m_wW> zJFy}8h zAiGF9FUH8og^XQ-QYCIXGqyg4{_@inX&(6_%9QMQ8cb<&ec4sGFmSC>K)VgT(Mu}T zG?cTC*uo4Ok0jeqrXy8k?ke_VR6%zU(*zItd~TnfA|)9ALG!SJXU|`Wn;Ya}W~T?= z?w8{VSg9P~gtyGVjPde&s$)5jFcBI>NHl!|dO)B?@rTib8O)JB7o642;piskvCB_?=bWM|QSr+6uG zeRpVRg0NMswGt(I#b0`Nx6({BSaAm@`<-asFKF2u;|*!|miT*LIyx!zdDwm}*V0xC zbojUh5m=NLZdQvJ2n8~t z6nBTt1qC@Jh%VN#4t&Pq8TOXBnqo90L5;s@xKS>ao3kzvYGOUDI1c(Y-?hl18?Fpw zv|Q+>Tx}3-aHsPkK2J!s)-boe3xNZPAN-6yGw=V?Y0UxqaGz)HM)P`42yR*BiSEbyD{I~%jA7D zr7;F3C#nCgJh#7YC{E_mw8_gA&5L2f@K4RD*KkdnT{(_2spz6Y@);Ej;Tt7bmH11d zZN){_rl8zKV-d6wbWiEZwLI9%_BjeXxXRvyR*RkkdGU~5izodNbs5tk|IGs-G z2j+7_MPZGW0UMKY+Y|%cSzk5H=P9iDc*Om54^uG-K`lB%4Hk{yyg`No8(I z zbYN0e1TDjV!sXl?=sU;S&QfAP>GV>n4pq!@kMf8rh@$o)Q%decLK!;-%*P?G9^g_B z`eXk=h(lm;tk5Mn<}B*cNp%gu+kG!_QGK4!$`SN9!qz$@)1N}ejCJQ$mgY!^@#n>o-cc-nJCYi zIWX8*Vu@Ub4nc;QKs6*76pw3H(KM(~!|1lC5GHr4=IvjDjtv>r8?6{GPQ@BO) zcIsNdMih?{L+v)@6<&`U7Rn2Bk7~N`DgO<=2T_pR-7SjLl4o$C<++0OctqHVs;4v4 z5wS#?{?yeKyiGEG#H~6)Qu^c#8BO-1-b64lJgwBrxZu-Giv~mUTFya^*LQX0a6&+{ z?Yn2sG%<^=w{*=n$2g2rNj6xmgCA zi5}&q?#l7+{e!f8KEW=cGo=1KyEMsYB7L?PkbVB%z&<$@ySbO#0Em!U^I{|Q&(;DH zuGuc3JB$q1Ba8$>6(1c)1vz<+`y2b9@;8%4l>%UkE78 z(LA>Gd$(Cl;UKehh^9?yxI0xG=IExyyG;lLLaW90W3*Y3W0XMsqr8fdQ3QZ&0$LFl z>@&4JqEiT{n`}rb^;!HDome=QSxXJ@VIQB!vI(p*cuu`#-XTx!UtayP;=xv%M(vi-XcVf#Lkmt&Fc%q|sI%OsCIR{Xea9eUtPc^(lpF zyd8HDg(>}MIf%VPfs--B!=L07kvJThIH($KG4H{rB78>toDVSqn$-&(8OhR?diy;s9s;TWI9dpdugzOAc=%U(b$`p>B4;jz`L7-1I zX=5UD=R!UV_+eR~57EY~EgvYo-Ysuuw&>k-n@&n#@4Ij>in3i5cYuyC@BnG3lp)7< zPIf>8$OSZW;bzO{bcgRDMLnxiepcNns8NlshNU?PhZKi%x^XL#K!|?V(2F@5xG>~e zLN?NoCEaTD>@SD9)0cmg3TQ(=ib+UvD0q8Y_CrN=%!UB0jBY^+ilTJlF z>L?&I{&kPBi9MI^Z;?3a5D7o~sTQ3D>gw5|mt>1Mg20>a&>xvTq2YliI08)5CPGbz zXY~V7XkZx&1-l7!fULo`6{AS&dIquexj5M6SG?fv3?mV=uvv066u6LY0)<<7 z%g~i@67blt2jUtQls`HDg_o(dO$T^H{oov>@ zR!7e);{fFsM=ow>KPo?WlZ^j?X0h|Y2;kRvXuaZJYN!5JzgS^pi67hia0}-BzTG_I zGZbPegfbN1lAB4+Rr_AKkr~R*D24UHiQ~L8QR)E)OTziGV+{~jg#(d@fC~O(-(beY z1#s(AxfXZ#h}enSS|hZJhHc(0ff%Lj4u0`3M;jvBK_~(BVrkKnggybsgv9kqarS$4 z3BN9PoUB6DtoJ7IJ*(N^7-XP60PsR#>EW$>#FOmoFEf>lV4Hn3-StC7CxWapF%1z_ zxkLZ`X4(DqL&L+~g8%rTAkxt8kzI9=A(>=0Sn296iohZjV`_#XT_WyLnWk-40pa5XHmB$s)$ik6kgA5dzfYop0@;{-{^7Sk#Gqsv9Ll%p(*eVq??zPlah1n^?1;h8JYTd!>pLe zHJFEdAkb#8n7zkWfBZ*KG8ZLs&sx)#FOx9>+!#wln#3(bW9u=_bDT=hHs;sw zx5%rS z%t`R9V@0@UA|y@9;t#sq1lO?`D-z6fF=JI3Qg!GOP4_V%_#+4WNO3h46%}RWy+XO$ zU?(!@xQy7Ai(6MSa-m}%;a{4e_b;72?y?V3xHyVZLb#HZe0=T>x6#y-s!$#A?S)W$ zeSN4v?aBgMg5w^(4T|+T>;oZzw#;7Rdu%NN--zuX0dhDxl(wKT!70)TuvdMB4dHOeMuU4Lwm_%uq!-VV6brbZnLzHmM|E7+c1gE9AG38 z5p12^1De+;L4a%u7wI(lGj*aA4e|8kgl-g}bAAi$j80CKOHQKfYu5cJckv+@X-`7Jo@V$Uzd5;+3pYxc_bE7^dNp9!u;OXi}$m6$#_ z)bLl7g(4GgeG@w@b66#Mus|L+8ZPsP4M#y>K&6NYmj>exn53t;nb|&bwb_5#ogQ6*o+QJR5l-Kjh*6CQ=FNqsbUUpoZm zZfS7d#wIRbKPN=c(l^nC->rT(O$C#$M|cSERk^elGc-X&gz57ki9Ft2LiFp=Crs4G zgkLi=@WS7P<%PWi^}IkmGJFG@Zl)a{tRVt8G&iTJ-eagaXq=s(Lwmc1B)vaiVFUWP zy?3}?i1CqvI5aJd-o~a;R#}4$PU0 zwYYL=b%!{lr(Za(N~a&lw4#~{2=o~ywgI8c^}3$}iqwX}Y8F@zKE^Ax>0aZ{2?zhq(OZgUzy+?t3*S)Z}Otr z7w3qYrec{g59@)rqc;em==gzazIR7xDeb!{#mrCr930+t%2x7U^=H^a##VJ z`tyc6VURP--K!*n(gaO6On!U27W+7*BYUx{-Y$F5FH0ymtR=ZXRNZ%?KpKyd??}#C zg<9~Mw;G|Zhxn}e?Z+}Uj)d6{T7|$=o}IS`JK8QSjo*_iAlEdTG|)}z1Pad z;J7D~@rJP5tu%V#wA`Mb<-|s`T((y@vBi!sjYq<{9QEkSQB|q_XF!Dd8BmJ+< zLTc1J{w=lCQub95$(;|Ns{}|Hkz&pfLrC)dIgyX53IG#yJvLY$oXBKKe*;60!Unxt za@#D5p!=Jrg)|S}Tp{e2=B%_J4eTXc`jj}V?j_i{# zYBv+|{ba7S=*!i+m2E*8gHH4D78VX;qYpRf+3`Fj$QD*;&X*lPP>IS zn1}+IaB!X_;1ns&0s}E9&HZQ$_YP{+A+JTau3XGMbK@+eMBWL1?;Gm%m2H^@ z7gSjp^6>X^g2mXrGXi_V_{W*1fQ6jCF-1LNeLjsq9$zubx~JwR=`c?jJM?lKuQfKS zgXK=HB@F(R>RktkmXT+=SfN_kvh7Jv)BPAQfFkI%T%{>Y@%s!$PBI<(l1fQHk)UJM zwNA!)nOHPI+J_++8gtUZ?-IB@ZL_Z!3|DHEkYH530EFH(6d|CXk0q53l!a(1sDvF` z)-oTZY1(UhW>U8xLWW9v$fOYmfHnZ^Vu&<0rq5^(%);IR2XUfyU5{!XUR?%b2~-`I z%>*aq=8Sy~NRN__6#WuFIupZv0x7lw<*!Eo@u)-FV|lV#v4V=o<waj}tf0HY`iaTmavHtz-HWK*wn!ARqf-fDGEFls zURc>grn1oRzl;SurTJv~ES3JRx90tfqyp*&+{ zx+(eb^HimIaow^d-#woCeXuN9MRVCOx+Lf~QQr{kGBih^b;g==-#7uU|P+ z6@NjP8rR&RToOXHn#4%Vl47QD53E;C@Q(L7i4$m9+ywo97GQ@4DpSP6AL%OQ9HC)| zK9ewc*YXb(snSVLv?Np+g72i*D7^(7GdZX?C}y+4h495$A12onuAzTO6XgmgY|*%- zHdE2(LQxhf$g!kX(6HxV!uXo;1_uY{cptHY8s5?qyo#CtG6(V|G$gCKc%wm%5a*9| zV@MIa;*~uZ%NS-)cxr&v>9gcG7oCuaYlmj;>$85tR`p|4>Ip_JQL z^o9>7(=`J!vIm%%zvVYn^tg?{u!LZkmou-rJ8Z#U%{c zRX0(f>En6eKB~>wrAOyItkJOCqHIj-9BDZ^IToZK8;|9SD(>)_Y^&gOV`Mp6bdQjv z>9ChgaQ02$GYr&^tzDFCG!!dBrh!@V5o8w7bVn5E#BHWZ72}wNd-=Gj@irxoh8dML zeq`D_6sz>Bn>n+j#;#mTnu_-wXaozDk zAi>|A>E~R{_VZ2izBi4mo0bhE+SC*30>p1dS#X3r;$!|$%XpL(C~Z(*1oLnRdm7)z zQCqt&ou;x^ZNiK}KLB4+hVo}%SC@yLZ*-sDOY05a4*BoD$HUp`SX|h z&+DPfGF?wfyMq|FSv_AZ%b}G2>`;<>dyC&Jz0U2{i&^*meCODaAi2N;rFyiX*MI7T zI(uxSJm>Gd%!rQ~hoF`Br6YhdWCO8$m zCe&aik&{i)6lfnvMlZF`Zo3gQ&ZQ$jycY6&@3HgCcnis{z`+ZV{gVKZ)AWboj(dZ~&5d?`!t9$%@n7#eph9=$7 zFE+-0eUU7%nLB^oN+ldedB>L|Yza?wnt_#7j<$ECFtxtL2?d>=nG8el_Q<$eGzd9C z#~8f~0dfgJH>Aq-D-uG94W4Zs^N|a?<_~+{*2x?Fy$RQU9I{fN-Qf`zMecUAHlPqq zBkZ`+tw85Z!XDsLQsE^}bwt>rP@h~7&4G+DkW^6`EaN(Jc?XHP`jIfU67^Vzuyo#% zm0mhiP3zlKl|7Y%TO#MKyiKtE%g(%L{yKS0FT#lpxSsy9UV1D`?|o2G9IN(8k>^Q(nj^Ko zPM%S19r;Xlpo$hvz^;xd9#cSh-f;--gALuxsYf1IT@PRK1pG=tD*?da9_>5N;#{r=qhDd7TaBWM)4ir+$qF$!I+GVp^~tW=xrdpap&^#<|E@ zsrnR!`kp?8*sIFnbx)Vzg@dY@iDqQ%&R)=s!eW@jLZ6>^{Yx|-WSZLEnKRw$DcRl~ z(g)!aNRbKr1B}gCtrz_j@)dbKM7QXjwDt|(FlXDo>K7j}a3Gue>?xL&)<$i4a87nb zULfDVBA0n0wo6Luh*A4w_{xsal6jIisqI4bqkyYfqRLT^RUvW1H;YMB#c9_Ue#n=F zcV)+SeJ%cz)+*k!d&Ykqa?eq)Q)AK<&5Abh#hY{N$ocI|_))nya&?1Yz@3N>B`=mi zf=fm=OyahDR;`zpS>Wa(?Yj;C&}8KgEu*Ksyj+40nIhdeW4;h;U;6|m9pre4{Z;wLsr|lR4)6ljj(D0lsvg{;ZzdH* z{$8)DQUiF9oI~$yREd+4=icnczHh}j95*z=56yWz}j{F4|>@8P{}WhE0YCx7@Vt2EXK zA4`N%a!3)iRa QBfqxA`TCEq)>OQxvyWW)_(`uhPhkHuNN{ZCAo_sXbOEmhdt! zUL9`55K;cPpCx)?{v_I_iIL+q3~l%LD(i%$OOtXBUn4ait{xpElF7*{N7{##YZ`rh z{)6$32kx^_f5sfw4^pyIEtJ$H0V(gv7L6r5auSTtbX1&>3;#aF`X}ycI9$Lwm-xVu zmBRx&U7MY;1}Wq{l8&eNr}GutmxID94%sW!x6yKV3dcKra_j15m>IAIFz8qBPFvpY zeTPO+g_$Zwi%&Hi{@9HNFTk*xt(Q$y4>}z(Iv& zEY|^M4DCf*XHL{-yB>Vo0pq^T-GBY5k~Cj_*+ND4`RLD^!``YgQNhP7%J20vBYB43 zRzR90^A^>XDL;*iSw0&%&dU*jg6)}sj~1+qr9NbSrJTBD`?@jTspMKd2q0^x%+9PZ zVx#!IIW7!7GmhIXEA$P(z0DMMIGg_^HAb~7&*xH{yw$*BA6yQrvD}Y|iM)y-GUo=3 zZ!4|F9{o%au$>W{_d;1-)ETVpj3BQ+d!rq4_vz@R^L+BqW2Y%ID&5ncD88FLtmN%Q zTw_6&TF3p0MYkU9vKjO5-zUl^+zLMe%0V^!RF?S6UynZ5D_X|Mu*FcoICe2OWYWM> zxufIDmoEdUg7e0qcc=txC<+}1_$M3w?bSz+u?JwaygqAUpJT}nWHe`fa#$x4sMtJ3 zk#^d$y^?lmvZ$l8H=&O16Z5&QE~VsUS%sl&yvlO9QGhaYQbiM*G+SQ8*tA}x+uJSL z1Jz!t{Jewr0ZG?LEI0g$=i!>!G4~poB4IpN9YSd=X#CGrkUTn^{`dDQ!_~EIl z#;U2gO^+r@={qt|KkrW9xNc)bJ;mKEE$`|1O#hrneT^1Tz89<=9iK)gdP|JXHss@H zv(V!z9&E;F2B5RwS);GXVzP_H?rK=|!RpDqirAug`?h?k+;KLW*#I+`>0TW(GR5Eg zkO`C;`LY%2;NnIM?jgyWhP{Uv567@Hk*=@|_id5$RFjRw7j1(n+)fJ@iV7qrZ_c#`rp3Bk) zV}9*a9cX8-ZtLtAyiNBsj5R@)Ec!5OiRMz?`3XliS>7m8=9^167V{&<&7r?{B)#%) zy64^qRw22e*GPu&(5mBgogE$Hc_EU$=ZLz|;ndra`_YY&*bXh+MHDnNeg)gq+-7IY z(ah(@DLUUbJc>JQ&y#2mn34$PHhAyf);|eVL>{!+O2=ON{EF1R;oy-kfBid_1R?H8 z__DCpKn(lZ)r9OP?ICzW!s}^^?V;tWneQKQ^FB_UN@}^VdOW18-W0u7mfu#7d-m-i zEyXYg1?zX=HmqAknpP89sj-8P$1wKDbu2b1Toz<9nOIO`}SR#rN1=DuP2!hz91aWf??*LiN=C73%dwMK zdD=|t`~h{0GyxmmUCAl+h-^k`g|*y5ys=bFVv$W&T1tLX$x76+;5g^vu{QO>7w86i z*7NHYR$hy|Y4%#mL1t8SZ!X`!pQ11;$<4SSrQzyXY#-H3t@I=bcF9YMtl%aodc)pD zSJ?I{2-ztw=o@Cb9xPmV%I&D&W1?u=JEs{jt_7++L zgE5B9zeI85uotV-4SvpY>3OVNT zPv3(*-(M@mWaL9q0dZOi=bUtL=Vn1uhs5$~kkVCF#^ZQ_Oqb0nqw~ZKiP~4Sb4*(w z@zcl=QXvm)yP}AbZZ0O9B|s4FO6rQD{!_c2F8=m-W46|*+%Q9$h z8ZTbhln)3%f8%6h)2(;ijb&15y1v+kR;!#QbP!7Cb4w{_MNRJZC!5BTiQn~Z^HzDE z>YO)6E3C%gY9!?3B|4R_JHttx)(1ZcJFTts#5G@ESnm)2Np2hb>W_i}{rRWPuWuS` z%C_(!LUAdHMjFfiG#m~7vTxoMUHTL6aDaE`F7EoB%OFP6uf_u@{MHkN+z$j_7kQtI zYa(=*A9TJAaP{m7Xuz(M`feJUnhc%GPMN3L>QvcGXG#Zt z`}U1VDWMb{NBUx>~G&5#2ur|ZKOG2+;JZMw2erD4TWW?RL@WZ@2lzzcU4}(y$86o4Ki7F?5D%Y7Rfu6gcb8 zwtLx1_+A_FcEN4eeDUJ)FtK@OBuAm(Wl_Te$jg;zl`X-7CBZVlJHI(8@nzR4z13KC z931N9)qyL4YIteJ-Ku=>IXZMS>{)Dp(wm0M-`vIB)JrWxMuG>bsKh&1F5Dl6e_ksu zSa?p#jC4NbA^+A;9l4&9HAe)2gBI}<&)4_j8%^6GO+=8MqYhhit zwqBR^@gDvCWiNR=EQ?n4MJe&`_N4t{TQDIpuj@jK|9ZM-aX!zh-gsgau@CLId-{3L zKK%uTnJ(^W2U=1Ql1)D?qhda^`)6sR4l)QW=Tz8^Kx7xP)cNNHo zZ~@+~hlWjF2TPq}c`7$&%P}lZlVFtfL?;$e%eG*#q_up8<#OAe7;t-?;r(|LwiTqx zQw40H_+P^2*VYy`?TYlh+BSp%0}1SnG^W5L*l2$-Y|wfe*6e1 z}5P zp3FG*v8M{!&p{VM!y!AJS67u19%`2w zwf_6ld;=Ht-fzW7Ve#B4Q}|L z!K=F4{u%wElv2fM&>++u1x>=hp_BCb^qJ`HXB-;e%L8~vODs7GG1rHEoPkr=s<)1O z|EC%1Jf?npRvQ*7wh_i9lx>-oU%W2Enky@t`ZVWJPsEE(F(miVr!o}<1rcPo_rm<+ ztPjMVchnf=FN=7o zQ2aZH6&iacYPnZGs^$cITSVMH@L1;_TZ_BAOp$Xj)bzNaWRMo%T>c;p+&Z8Gt z*Xx^s2Udl=2k_vA&uGsBR{IhSJyt))NM6_EYZw^J!5fFG&71C@^H8(s!l1edmAuRX zVaJMQ4$5Xw^5zo6mWKYybdzWd~l?~Nxr8fOPIU0T;EKhh_!7J`qra>uZpyq7%UWVJfr{DL)m(XuCsbocT(^*s z8f{rF67%pW$`hT+&A>aig$hp(q_;CA6Ntnke=wIj))n2g4PX&7p;Gs;G=JZYtSI5J zro>B_zn@rc#q6MO1egdljKZtUHIf=tjV|2LEa|)|hs9i3XH|nYhs;7bbVlcuW>Fe!1^MC;a zUA6LPP!yhpeFO9Cj)2WngU3TW>DF~!;v=^^j)V{p{$@_ym^VHpy9!;-GF-&yhzr+7|eqNV@nX`EllY&R}11v zk)<$(z2+OAPrA1W#z9)(NbHE0oZpFnlzg>Top};=;Xl z==8yQ+0Kz$iQb3`1??(28(%uh{5#9gsS;xjS|&pnarVlp>iJ5SMNCyq4TZ&#ILVJ& zB^x7-#`|ewzEiIs2rX=2=5ekagt5hq5;1kV)x`fh44l|X({1uPhaOuPL$?Rh`|97R z{Zy$j^c-#NWCC{Z!kqiqt2b_&b-$+vAYe6|DQ#u-HAXf(JUoTZiU*uB3_34WixR#a zU^fJSc%VWe)9-bR1_OFOhmD1BhwphZWonifz>qovd=_$fx4Z(T2x8YQM+tJ&ECeig z8AvHA_8=S$pUbnkMo%2up)sbI?1V~Jcrzd>m3JFpSxyvA!|F;nt~~zy(w2vH;D;t1 zE%dPxfb4*962zn3{>&k8B-9Ja3EOUvvdw+KDL<@B8eQi+*5B=X41qQwcCnEI4f!NI z>-p4-QDD4THPJD9z+puzRCF`|O2KF1CqFCBh=;*;RpO{!Ihiyhw<3>AZsh4Y-k$vP zH7}iLy5OP(n1itMhU$k#qTvF~5|AfOx5n8L`=ThgmtZ%LPqQIGAFey-qAsc5tGg?k zxl3-~ZY*AT1vQ<_W!wf^O@HVaDVR*?G)Y(gKfjAo(OgcVWo;}=?@X9WhfdEPG#)RM zvPJRa)7_5Hga{)MPgIwl-`FO_U-(la=(ks5Cl&V_!jePM5><2@wtCf!zKL$^qN-`? zM88|Mp+RfI=z~>)4L(Yw1#iOoQ)_tWvri&`Rp5M;)^Kvy3hWFY0DnaUYe%3Z1>kV( z|CrrE0Wt?Qf3TUCF{u1+UV+x*a}&)2YM@yN+zFfQ=zieaw~x@D$?*^&wWaWw2rUvf zO1?S)u9I6lo-L1)PeWCAdDw?RK-*wILo4Q9s%2&IZu>#rCs!S4sNV0Z?S5Zmh0<>Q zuCI2--#gj+{SOqKX&5M5ibdSHFcc7YRFaZDUzy>oZo9aESG3BYr8Wd`=Jl?<@Al}I zzKeSvi^1eJJgq^R90ptD!p>6+bv@S|ozG25W!!})JO(%xf1FkSb!XlzK51DbF^lgv zkMC+3QtlP|Hpm)M#A~}mrEuos=Kcbs2Tx2*(=q-H zN+#W88%l2`#cL7ATYj)w!%RyFspytAnqZRmIMBm+oEm#qbgDu*_rCCWzRN>Ak5YwU zZt1^2zdk?t@W!sRa7b+B=WM;Z^h3cv8_T%vaK;w8IvzuaS34DV1ihhmVdRMJevRY? z-aZ8=?7P9@7?7WRz@;X$Do3=^$Xm;cW9b;7xFLYukE?#!6g`h(5v>vdJnczLTh+4jLUDMQ{VyyaRIw9dAYzSrE7;g$0lTb>=R+PDKs8 zSpXST29?;Ves@t#8GV=@reM7ESCGUF*ngbO9u@cDh81y?YnvsI?}Hhu+$Yo6{MaZ- zt&s7s=Ho;)t&QZU)B9m#UNwxr)Uv}%Bu`zgoSILOk{>>zuE2ZBZ`&X_+c}wdq4Moq zTu)$5pl!QRidHWQ^-XcFU`pTW6D1{TKFfunuyNjIILKvNt$%ZUb=0H8G1^p}R3_6M zfIuMSL$ANIzGF#u2YMqq^T?tIfq!*;napYcFZ`;s4i$H%_VZuY+0Z9pYU&%*&E97S zQ|=FTM~NS@N=QhU`1x}q98g@#Bd(as%cCKHW4_Hu;v%~hV-1!@zbVt-Hf93O1y>j3 zpYnIrv@JySF53XjN-x%DD4qepjo_%myfOdx#Ylp@6zTWzJF7p09CaJn7llsP?m#Ln z`jcAu0v8{S&73Xc)|9Yk%&PQuDD?Enxu?1I=u4U~K0+GQ;0{}F<+0@0WshJ!BV^=O zNwS)r_|}f!zdMG`bMXH8DCOO=ABzvlDCv7K-~PvH z>)0r_LGg&#v>$=@fD>|7Wcyml4k^*V)>>0oP z+@(JT?G)%WIm>}Jm{wo6WNLa)iVICDWWfIizu?N?e@xC6JI z^}z$83&Xs~EtDU3+-9NaY|8kz0^JR&58c8ts6TcZ7>CglL&0r=GRh6Rc5;8QUDhd&2$H@e@m0ha zM&-2}7l9PahbB-$1pNHIfB)WmxynhMNrA>H<$ZUcJulc|+J`}liQ2am7XyVl&VqH; zzw-R9koc`P!}hY|!AtBhy3+>=IuV7skt`HVPM^E&Yh9EkTa6YR4x-VEdM`DH>fOIa z-Cybcc%H*x-!U!rSixDoSaHt9WQjrE%Ct(cxc&lvY3<>>YP`?m;dUSbO`zg~b_2-Q z4%$rX;yFwtN?vo^Ar3B$e95V^?=hcTXEs;jRPYnDznk>{&v;p=HBxHa4w8yMjrJOF z!GEB=tPN!lF!uxETr<=5X85^G+~fItS5_Yf98(}{IVgI``EX7y&o!xODi^I zV>t|uI50LxhKo;r_)JeivsUhTZM^S#{*g`d-u717_DIeTkM&RF9nEGvv7i?gYn5d; zG&CqBa!6O{c^!2AX*^ADHo$(QwtiLys^{id9;aawLTW_}H^AvG$-o<_?P?Y~h*gen z-cno5RBR4s$&T?9L4E9M8hWpuIKdFYHqV4^yAM-ZC0$H=%0{3SSK!r+%qPETD-Vxa zgYFY9i@~&#=Igg7TjQ{!5vT(`$`}l`2E_DR*E?f%4sVS5vO6JmgESasr(nLo zvLsj?{E|;InKp}M2g~;G`z`U5u)(cr%6RJvt4j9<%r3>&+w`_n36F4>f7r8=$2l+D z{%Gvoy`$kzk9-g9*FpMPq?aOwWd!(O(d{3Ycvw=e^PpnZ`7ES(M zeU31D`LpMpHvTf$I8T;Kl?+1Z&-})QElKLLDut>--Sd58V1MfNi#BDhry$by|YS4bBEd|NQ*<^DK-t45JkO z81a`trGw7DF;SG-oUIGOoO}$eIE*`#1S=AGgd9d`kv39gs~Zp0k7-U^ZyH&q9cIBpkN(+PBbwiyp4OI#Y zPmgy5lDU{BHUI01c6`wa>q(A4T%(W%FeXJzI>Hv*>tIcXB>vg72B5(^0s?OPX8G4` z1)2kB8qJWkVJ4|db*>7NmTM+O#mK;ccmL~EqCT0|$Dwsekp63(*2zdoUG`?D=Rb2~ z=I0~mAP^AU3QILACdqq+a8q((By_%;DFO=z0$B}|Q>NEWzhrA<`@HCkk5#s zyjmSA&E`lnqmrT^^J&GVQ+ZQwh4nCZ`ly$4_oCU0GPHPm5tbd1djqlhst%6o12u*> zLTQ(Tenv`v6P23TYMlg%VU5GG#P!)SozGboa18DOr#+C+MqUhLNZtVF{ws`$`6WAh z3FaTUaar^8P4ElRJ)^h@#E*v&fLCAt3UQ+^whA(QuZ92UISqpHup6tyF>>1#)H7gR z`@539)zwbLKp8>EA`6DU=W#YhUI;->Kv|PKngp3}Ohr;3 z=puz_Q6m%$B9}_8a)0bGnir5&6^Zi|fPie^;8ea|Wp|jZaZnLIi6tW;|_ASSAC)_pU~%jHie<-UdAlvt`kqUVGLje(+OOVH zOxk~!_H$o?k!jtz{V=GmjboFaaMv9qg(1(VmE-#nd3$6GlhLF3d=b9o(z$?nD3lS* zGBE=`V3JVhox6*4WM3cYYD_Z#ODkmOcMm+8(EvcXLf1Hks? zHzigfsFJwU0{t1a0$nRd=P+KS1JRAuf))YRc10~OyphPD12+l~MY&OHfJM5;8jw_Y z>QXf4@;HBZHbb8@%28Ld^V>@a!rEcfQ7;Wsn7>xandmGwKq799I)` zFHQ17VdNrI;&C^zN}K7!>DcTek_NlG>Z6xZtt=VJ@-vJ9@u5R zYtW2f&&?A4$pVJn%@ET73&Ys^Z^t5^Ft^=kIN6%^Nj zw&c;-B?|_o_roxbjorOlbk+Vx@G-!aJ1zm5kz1m30~;6vpQgrUnn!laxabOOpCQpd z4Z3!|JLGxq(ylSD_|_C_)4#Ch`NTj;;3F6sEZ<8TglAXN;=t zOd9%n&sgQL>(~9%*)Gp+Vu)i=fzBBNCNS*>@_z&NKD;I!n4GucJhESpWXprGdI^2u zs*9Fx2uiq}@l+FiaR?YE^c_Es>&tT(crH(VFp3jA`;a75o!^JRL@<_u zt6C9`>jwo|0D(`zbZ!WF^H-tYO26R)_IXK|faW2^!*nO(oXaHD$5+GOzHs@lx@+W_ zSif+mB}u>=peyY4z{*IImi^R1GU3}lx^l2!A``j9;Y1mRb+HgjojcW7-p+mC7)DFi z>5kfSs9Q0Zf^s-~Ka1L`-<7}=N?Kj_|IfUH!r0UJ0-zkWwBKxBCv-6hqGAdu!8?scawRG&;nQBc}*g;nK_7s?|i>IFz<7horK0JRW3=2p~ z3SZ0aJ0`J<5ZWbu#EwxZFQ2Q3Yg7yQUSASF6IztKIVU(R%gsepda{J~1(0EN1A``$ z&Tu#*bO`@byYe;Zp|_QE-%O>oipVCTFAk&o_t)d!Kt`&9} z&?yWr@lw#^!1bx?2gQ1?;po}H8-OW*j%T2pE>B-mM8oR>k)bE}I1&L3Ce39+TY~oQ zJ_v!5-`~liMThfZd|uM99tMy5!|PylxF>KnRsW%^d_paL2$H z_2o>Lgfs;B2UNV~{cwL>@<7ZM1k)a%6|~4Ws~LlgVn946NT-tT5oG9u7g?d8RYqRS z5^q=s4bMo*L-s?OvJd@Z)mZdwiszk2Po+`bvJBq8ySC7u*zDhJ7*X6K+fP4{jCUts z;iKzDV-nH6H|6=+U}5I{wM`BSm2WpYcmFyGr;J)s0Nero!X=KL4txkFGs26o)_WNPSw-v}X~gd zniEhJP(CbNwgEqgn%=L7c6$%vx+{(ZC{+t9}lUT05D`dU~I{& zO_hLl*wg?b=$^KJwqLD>PEGz$tA$v8w)FsXQV8^_Yfd{2iC=xJP$Pk2P%u=fx0(J9 z2&@Tk{kJ&pi5aLr7&--1MStAW_iAy7E}=ukQ1XVjv>yfK{N*b+Kp}0C>P^tq*8bWD z;_7eB#UTmznTDqj^`vl)SrEXTro%H&4Dcc|>(J#?BRYS+XJ2Y9ElE%oet4OtFDPl@ zG`KHMnVDME!zJTP?`g^963pLPU^_|}K9~|O9K(9c=-{9;;`~f0{$h-dIX!sGwUUgI zzm9u=c>+(?LvVsg>0gAhx@}M<_g1Tpw$ey`iEiqpP>Gv#=pfL%sum=3NpJNkl%b?;Bi$%P%(8-_29yNk+(5XIRTpK6w($bscsS5 zB(kCYvRKapP$*9GqOTW>Z4QLqews2K-R`{pV0e)Ax*KV9qp3V)nclmd3yuB0jE5B{{xh+m!_9Rl%Y} zOlbZ3I8PFgfQlF=2S@SxDF#RLrDGAbOB>YLUfnjwRYP6f1vG!Gm$ks+<^T4!1B^Z# z5S-swZ+)m`Yr6}fpK1U;xV2~06dkgbo=DiGUt6!}djC63OFbH5EHzWg_*yuH`Jh=f zw}Le);vJTks*Bd0+FKRjRybs)Qmpo|#EgW6rrR{X%k5$X+LgOLKsqwpVxh;pD^L_Uw~RoG9^WKD zGK2&afYoWE>5jwm%RbKL{?jM!toQF9Jjb!#1y3V)1a|FFUm~a5gOEr5&DSR-bqP1L zRRXRdaDt_&gZyx*@Ks9c;ax`>qkkZ-``d>2f%m@)JWvAG^K{0V^X5x8pTf$`E3~j! zH%%*MoIE^1()eJUs3zu4MeIMV93MVd5-`6p7n3f!`wXwm1HEq}I_Yz5S;R!6k>RJ1 ziH-=Lw#C%<`qs25B-*H?3>mXS5iE88tkP9;UP++hMBu8GDqJY4UPS%~?4CF;#Lh65 zd!SJB(k}YBjb6)0n5l_pPd6Uc@C4(xvpvjTC4q73z{~ zYTVY9uT9@F#vyb~rCYi!$Fwkib6wqhZtcAYees#@@hWiuF0^eEswzN}Dv~xJ6rmHY z8Jku#-a^YKK-CwNoiWP$VRG&7%Uyb1;SthyyX^+Q^nPNJ`>@W(sNT^F+cz)$)(dlW z)>Wq%*RxeQA7;;-$x-~_USuUct}!bXEHdN}M%pJfHN}0VnPn!Yn*lfN$G;wZFCF?+ ztAvS+53l;hqCex}0*0?un?v;``IjVi7HAYLfR7q%psV{2RL>;$$~aAHZ+{4Zgg*dR z-4pbJvASe*2>DdrZPED!HwX5n8{pX;;G5tG0MO9NAov9dAXJix(E$c&zxAa%7}pvc zO-+;e+72m7q=b>y<;HunwU8`XRqO;&i=o%1a{T4v+Y@wE)8^FOA_HCXo`1yCUEELF ze+(8@f&~lPL1ZH{P_7ef2`|X#sgYQ{j^c&}$611YShCxw;kRt@& z+H&chrUJ48Vr&$*zEDA|L`-IH?;IanH32fY7(~S`WFG?@=gqwb8zuvsav<0+{fWK8 zq$(obRY(0vY$a(MO=K;soGZY5;`}4{wEQ(el{?!MGULu^fB|_feb>#O5)vx)2aOqF z9!tLMx3mX_QJ-oMeyt6yXad3X)&0}n+#ds!GxyhGf3rMaTMEFT~QDulaO-G*U&w!g@0 zF&Kn`Bw)>6h0l%1sTYP{yKyw-5WiU6q;iilc}WYIwvKx93Slph_%FKh;RZTIM~aU_ zYj9rh$JnbFdxlV{AjsC+*SCGtV_vwD{FMBMlHHDrx4idYU)+|jdj-&%FC0hU(Y#hc z+b2EIA!$DOjE&}FOFo%D&Msfp=!Lw^VB=jP^bd1I**@eYALPzxeed2&C`~N*`h-QL~ zu{Z3AvL(&<3}Im>L)tTp&-}g8RV{aQNK~F$en=)JlQ=fRrLl5gw2jr_z+6uD!%q>$ z?D`p;BS^Ba%@v8Pw0^tPKdioR(gn$D_I^f#r9k*SJ&u<5N(QWUGLC{>{TY(;85Ii1 z5uS+Sn34aqCvm6*?fOw6vhudY4+#;3^V6c+>wh2EmpMj65$nm(RF;&Z`&35mRJch9)-bj$*!M( zUgYILsOspRM3T&my&X73K9O|CYE{#r&mWq$ z2kVhUk(a+zma{kgzBw(i|+mjrwpQ0->0$u-RC1W%0u$acbjss2$oVl zlzH2AE5z>sSwb@H_b%M$33Slc; zpC>MW>_PP6BX=#M?gxrng3X~TSDbls2fdX=v~7Nc$Q zQbL}n9#jjkw-UPE;}T+y)m%WZB1tR2gKrxpO{3U0tcM)~ACdJMzHO!b zD9f3w(Wz@8y^p(h2g7Vo zxFeqVnc9Ifnx<0H*&}LkL8GR3x^Z3=D;o@|(v%Q_4nzrg%FV!BK5-F4nsQb*Z^Yef zORFYiK8cwgaBOqyO~oV-9Po*@a2U1-#5DH3aD0BEqt&=FZV-I@H$+0m9O2x4A5(Netzy4KJ6#6mP)+j#~i%P4~wWiHkg zwR-r;&-INU2`bfn-J$*sUw?SqLx$DB1NYiB5-1wyZp0ztK7rx$D+6>X@Yv6D#JOnf zf9?}(G_eqomnBaTx?59(zq`*T$iC(yUBc9RB*xpWmKoVYV~CslsLQ?M<;x-Z`;R}q zl>d#EwUQl<>D-aorHEZc)y050hJ!2CyWgc@Ln&||?`fhnqE~s)#K^~v-z2S}h2+jJ z&l(by=w##d>Z^c?QUSBg=N+lx%F$7E$k+$C37_luEOfKPa2-9e5>gj$YFA&t&2hIU z;YA{B5SQ8y>KR+)jIoY(RDX{=&!78Ak~h2^g)9gQ>5_iEgj?j7yK*r9^ZoGO!A^sD z`g}HEcmpT8PLRsQ{ywac&3Z`p20DC!fpCc z8Xm}#sQd~+no3%{1>_1R;*ARvp?Hmu!C`P9i^v$yL(H3}7sB6h6jOZB zU%Y&YUV@GzGo#%gB3-kJcZ*KO=GNJ#ywqYZLVU>5Mg9B>514Gf%TSCHqOpy(XOV_D zaV0>!;cplwDccw@!rP4fh?GVm#f-*E)(MN_>rE%YAP(y7aEYy|q!$y9H_BLBF4(pF z-v^H=24HdFJ{&)EA1bJk#;1N_G(AioZ-eiLD@)wXYVhV6@mudV_xf5M?|ZKHegt_~ zviDoGVK`qGWWRvG+L(UVe6*Q0XV=wvud=A6!-nJ+MvY(3)5{`GP*ZPeKxic6G{F7f zQ337p;PfOd|z;2$?vj?$HeGtd`$f<$-O{A(q!4&nChvc$1RR{-qMDFxY`FH zL^V`O432W!8QIUzS6GDf9Y4xo$~!0P%DJ|5D)93YXtM=H4g-V--Ei1}{ka}q?pJJ? zlz4rf#Mg0&+oH(Dh@&37gF*~bst{X&?3b9=*_$xGZIg%QQzjAY!)VWP%AX2{cGBym zh@)q0M{{A0Z9qT;L=*uD&yTx0$vWZ&Kl2hQ1!|mXA>9p$4-)cii6DR(&`utDgI7j4A@N|Iv9hyw^4Jo-yB@AmeD?_TGOVC9l}f~$_JK@c_Xol z3RB)mn-b<5hgM;fWwKKp8ne2x?Wf}?^c9^A-evoJ{p|k#WdYo{`sIznxztb#A?RWA zWnv~amdKhN@~>_KVM-nRDgj;)?tC*!*ux-O;L*A`vAmL2R+3s)jmG3%(__7s?KdB5 zx>2D1FdmM3Q~~_Zdj-M;_$%>}7#2S{u!aNKg=wyJtl?%X0IbC1K^&n0wG|PKhMazb zmL{CI090nA6Q4suo;sE7OCCE;dKmq15C2bX4qKKLQ!o2aM=TfgphN z_Hc*+GCJcRH_w+_sCeIWBhJMDlp9JH|22wa_Dr)(c0aTF(vL#?B3#1pTf~|x>baqoM@#s{%l1N{l6&<2kzjFKW?QwS(7TTN|5eeDP zp00W;KAE`L_>Ph@B?g(Y5&i@Tq7I!BJsxkH&0cv2!&F-7pn0;3wMIMw)o`*yhT6$@_hs!l|l^%VuEvBX{JDg7}=&=_XQh!A14A#Q)@72|b z%s}O6*q15VMI1#!ArRvN7zyWA99t4{chOi|&}E1BcW+L_WEa_jBo#2b$SxW4 z1@GA@wfC>e-(%Ji()}2fg0g`1qrOHVK~^fmX|Y9o05ka+F}CW%-HEbz2Eq|D5@hDP zQ_@}o7)~zcJWHJwe8f%^^qDc7oxP-!hb@M|c?V@V{P z%Y|yp9}NwXtsXz4XD=4>@#ehrCfsLa`q7zl+&ke+d~vZpAsb zg`gv&v$DKI&a6oDHhN*QGi>R!6*!#G#Xll~lDJMM7GUIu$)gu3_Y}PsGo#($&WlB1 zIyTcPxh;m&Xo;QxGKa!BX8lkyCbwaf{-`0F@GWT@LhQPb-51iY%$1M67VHr4gphD8 zW{A6ol$vAzCVRc$q4Dx1!m}Uu;2ee22!y^F<9j=zHA(g$!*CN_l#|ub)dk$V9s&fA zGoCk$HHzI6w{(tF;1!E9Kd6Eu7TGOe>%WDddoy4zFfTbO-l+%vC8BK6Nf{9(rhdrh z1!p}j$UcLo1d$ab8pfbrQ2l;GkjbikMEiAXjS0{iE|uRn%Iw=xrCuR=-=&T4>qtm2 z|E|IjwZRrc9i5qGU*9V+im1y|8P#84EdPXqZ7%_gFr-~bm6~`L2LTS=3d&TvO)E7y zI$}!5n>g?MztDhGNW(VoY!Ipfc`@9e4__IC~4%%(G-a#99OR;t~HLSlclj!jwwnwOledEEvVl%5w|yxRJd*x^Ow$c;HD8fs&PJrSy;4oGIc8f zemd9#khvGds4-DjgZl_445(+sQG+gmW`I~hxP$1$4g?SBqmr4wstGN3l@18}vivwU z_RWi@$jVA4c9$@efDVy}Ah;s}vFj{&=t(<-uQ2eaK1<%!($RSff0USzaF4w^IT3<9 z8m3Jvu}XjEJnb+0nto{_^c&ESb|r1dcjT$YAQv!EW~z{G?H|jbU#ACtb6qc-g}g$e zo0x%|mhQaK4CF&uaGNHey&cxu1Lr= z9yAi_!Xz`%S;QqA7sOShGMD!C4k2yjBc@V83q`A*))$?5op&W%TK0}UkKs_2neV~o z`aNFcnHm=_KGkiC<=bM5*WnMMiAv61ejR?)`slZzkZwV&UyHe=AK{Xb#ER9bIZ!Q# z1!VTB3QTiuz0lNjGEsVyWMz(HLWdLdkX);-CT%YG85@SQ0!f=bX2N&Q!#ChP@6;?u zBNsI>)xkMQP(k4Y9{th0PQB$w_Co(n7qz|3SZ);Ord!$hNH4|M*XMbNL=|K-JT|{1 zLUf+BHEQQ;r9gIMTR+l`v5A@y9A=vFeLDqCSD;XGoC}drY(n~n_V4i;$Jku1J6igM zpb{dqHuy@wDcny^Q1FO6#Gp18<=GXy+J-RztR@r;e6znipj)$sBjREew!i+~l%KAS z_>jt9|2}0$y+?S+b=UaAr&6?dc?{LtB%$p@2`CJ0G%w_w#dac4IB0yND2xf?l~Dt_ z?=ATSw6k(?5w`gG%OT%>ub)7OtbLdMPh-QcX32}$q4VRsi@8&8EN-NxlOLk;Vh30OII%FCNAL-Ow_{6FuK{J|Jwd3t_<#L&K*5NlL1Mz>3(nWTm zXjb4#y!Gh^tj&wxbE&|wmJ8!44ZHg>IFcxY&w-_CNVw-R86Yg1`5G}q%%YBfb2PU} ze$II^oI;g9wPBTFmCOg^4inc%Y$4d-tM37yL2)oGTNqOmWsA;3D4KI7tpf}iC$wS5@s(#35@(evOllK#EQm@jMfs)I>y#?>S3AK`rrB|*oQ@7}?-^}J`8+@&D&_YutS=>IL`HQIWyfp4tuhnlR6 z66Vfhoe#eWzg>rgh5$bL8`$(FGVAK>20L^O$h5E0l7ZEVKIqE|U@Lgqe`J7B`;38k z;2w-sS+&c7nb^PlJNW{%=6o5G)R#Pl4cov22pLKN5F9!Ivn!~kOD75o3&BnD2rDMQ zDl&h)=_e^ExfEl&I>9cgJ4(*6J`NJz@tQg2SBF1moK}5HvKGWSxvg?hauR0x^ zQa<%4$}fO~V&B+eliM@~xDMS?89s?r<^PjZz!>Cc)|1~h6b#&Do9xq4j;#0B8PaOe zg|M2$nmFRn`Oe1f98+Gx|NiQ$5^J`)$a>^6y3rhQPJ<62)?mt=oNFhv>U}vxGV#Zla0n20Koq`% zIco2B6M^yB(5WIz3T$onuFGN8cAyUby1j*6zv{iIeVp(Qqi|l^WPoGnrok%U7&tHJW}23?j-hFn1CS24y9s z_b45#Bm^JX3CJsun^6ybA7G@G8RH4w!R+qt1~8VrYj=G;PdOR35h;kC0`VHxn?FPE zK>Zm6M05aqLl*T-7O9l;fC~@+;wMK0NCx0C2V9k?^H)~3c3>8VSu0?I8Tc{l>+79h z<-+C}Mt2-ho?s0Bczl!Q!@b3(qr{7wUA~)Vg#4xEpn}f6 z=J}{J)7cw@NoGj^6V@vw*iF`{IHj!A+i$%j%f4!^hg}BLl|Ln*7^;n z1q%yH9qez=1^xp72v60UH*coFBLz#v4}9ampni6A1TM&zr%GH>AVcBp&!BIxZ4TO- zmEsmWuAH?C`{znyz+z|vCh+`xZcTHFup$uV_W~nDz)0TQ+`wWlz|8%^;l<;s41SEF zLvslxwhzJZ9IWXpp!u_nx@sa`=u=(WVvLwhJbt5to@44gCiQrF4M`1APdEdxXy++( z0x+(C^ce&5-Pf;Q-+_+>qM`D^Dj?usi?lv?kK;Bd*fQGio|vts@hORzIBc#6a5ms% z$^3PW19F~$is}LWQE#6fza^HgSVm$WdtU%?C!`OVq)GYU5dqB0v$Ad}!1V=wVm`l} z>bqM2T7*7KSWsusN?wgJ-0lEs$Q}Gx5EC#1h>}9TC7AySgiSnw7?EI=&bb&|q_1Qu zPclgYO^Ak1v}ucB6wLD(g8i%Zr;n=8p+ZEsSYD`ihZ9;pg?tGMo}bg25!p~jkmuSpbGol zFMufq2e{!~=OgX`#Q*ez<%KBtbLhSBiX~$EUZE8*^dZFN2}}u!AAnD~%$o`R*ggri z-tL=t{2uV-!)SG|FpA77!Ljz{S#gsmSeGwA2@x!*NtM~YS%b2(7>O&@=DE`kly3AG za4h9@wgcd8sOb*?Qa73Tv1p`%0lYXhD1HF$r!3G!UF{MWyC#zgQqi$+hrPPgO^$x8 z9KODLEOFB>$@kJU2V$gF0U1dBN{AU!B9z z(Oy8ldL`k$c}Jw?J6mxnlVa|t`wi3Hewbf^lGv@rCH`*fC)g`fRD=Koyoy36=xqWA zYAVf(t@mv(haxauVbiJS@$UiJ8Qi306}@06`)?UQ2!M9Aq1gsCY$qtx8h!5At7|g4 z1@f&xo)RdB{82+BMi5Fv0}xiLs_8w!b2R4Y25dbHO|8|n_-y&OSI`MS^l5OA(}@cB zjna)>j)8U#MtNEMyUJNzPXvZEyViGb;9!T9Xt2wD`ooJa3e&Au;zM|*TL7AI7qw|;eYh98~VMFN`{-^AW7u9 ze~BxBp80cF43zWxLtM;ykM)=PjaV*bhUo)rR1_4?u~AUzyatMwu&zfK;2Ey%j^Ex7 z&;U~Qf%pUm3k!H+#ItoTl4gh z#}80@v0WLdO_Me-CL>vYNhbNm*Hll|!Gxs~{`cb}@U*u9L}X5n<+UfmIT-6ofz9zI zD2N2{40uuBf$<;B}LcsJ--(IBEnlb8;EfE6pfOd zoBDpzhgj!?^%I%Rh!)E&z5EKT^3wXw+z!P5i11s&Mhn7Rk$nC4Z%==}oo)4k4jyLo zJ)9&|@B+o8-4_gR08llyUvJF-Y^U1due0D!xoA*EZU7Z$>pmPyK}&vohhb>pe93b$ z{O%vv94!ZzCzi8_c76+gtr5SL6sPKFN7YQ+>#JTDEbWj7WA)p&x8Nk)1dLsx)@#vNpk*FPzVnZv zdAc8o%wF|fc)5oWCltKWTe&So=@sJ-=fV~-ni)2#$$@q<2(cQzLiyoFWks0-U#PzZ zmE0Yp2=EL@Lo}S`?0x?$fl3oic$|TBvZuK|MO;Axe<DWi<0d#%Mc06#UbN8=BU=TLKU3qzgc1@uhft4+bVRsFsD=GNWO4 zAXrDOGef$f2jkEJK$`-w-QabFq$NmkXgCpWDJOl0lClV&HkmK{6Ik7#q*8b7GvJaB zff*aN%y3JAZkUw2^#FbGEi29OUkr{MMFKna!vr-AGm2!ycFsBNp5~ zunPrtv&tDi!8iz5d@V3!Sm{}6ekXVv*)1W~>kssWSMLQs<;8%q4>aHY*IQpeiHAwT z?OJ$`28$p8l_6|Qz-J}#MNEv+`3pk$(W(|&{25)@ki~vj$ckm?83D)j6%V7u*4ou= zi5r5Tu)38RLSk}bmT|V$hK|yXL60L_xesNz?y<4zO4nmSBD1XnYEvDL#9Z6gaXzwe zZr|?|vqtcI_%^pzIqB_vIusOm_Qm;VoONw&%N;|1vY+lQRDfxs+zRt*Nt_U*o)_&xb5Ix8 zB4NOqPk=T20Y=I5v$M0GKMyDpPjnx_jVlf^)8D`52?`2=VWXgZ`@6^Uw(sR+*RAvz zNUMU$EwEmxcxUwAzkm52J%Qj^bpd1~@pvAu%KTk#j9!|+iJZAvWF}~nV2>Y^EM_dn z)9vBm;rH-;;DkE`zZ8j?Z+iEG2xdq~2uxrB_A07&2kb-!%x$(Us(SMjs++Cvv6VG= zXjZ}8F0$rSff!bZ&^ezu>vU8|2NorGZBDHx$a-r0M)0;t+4;K0xpGt*CrzD+pM$Se zj(nky6XlOY3jZKC75|~~hLo3R{s8ChToejAi`J$doxvoVD_o;%>;5ZFmKTK7{OKFw zM^X&2LPJOKD!Xjvb;+&aHecE2<%j71?sHzCk(GF(G`wD1U0vPW#9k*#s&4#&m%k2D zvd-Q-kKzsebDta6w-L0LWiT!B9V_t|B#CT*>9L`FVred*LP2@+H`yb2VBgIs7eq^e z;M%|{YXhep z;Nb^qEvX5Q?KAB#K^^U?um-clm8d=fp9#z_|Ge`Yh#YeLt1-AJfjE6D;| zh$*;Dw(9m*qVdWMvGv^}(MU$#FN6@Mp-C@wkm(j(PC~Vo_3mNei$Xi^Y|IQ8WbPS(|~?4$B6DO-5j07T^Y^c^Fmd=;+u2{t?hZ z%@m0GfJh?PzXx>T6N!8~1K@jjhy>jj&~_e99bR;TianM5Is1Mqn2J7vuRIV&wt+1S z6dnSzw7S5K^@?(hF7X3EGztM33eeDQpxW95>jP*yzd)&bcY6!FPC!-L12!P@tAdqp z-*96Hk0hy}ren?+a(P>g!<&?(q-{X=0Lca74?iA2fA#O%)8ku<$F*fV2ew20e}ITS z0LNL^b_AvrVCR2=x(HlUMxd+L2Q5HdT^*>QfLihhtFeHl0e%Y1cLB#@!8#q>!V6;j zK(3EH&{1F|9;xV;%cig2YmxF*?9TlvdX!!pc@Fx=FiRH}3TsN64u)a30lybT4 z=}`&QA&0Ip+4s&FYy(#Exv{k;&VWrBnXFD^P!?v8z2G8``5Ri^xnI+}pu!aacO$l%z(_?`h7z~!6 z5QsAZ%ghg~>`lcNHf7wznGt1v^Pm%!arb7xwnl%`1;0_z|VZ}5_ z+(#aQ)l;ws0xk()p#E|XM7ygpn!krYK7%D?g2jCebMb&L`X}gpfitPD>uTJHv2@cf zjVMWm%{HDW-G3TvCl}Zv2fKpp6|#qx?H7g7Wll6JNIPum0>&e-VivY?xxgV0^ms!6 z8|VWO3`kN+!l!`SZ-;FNjiQ3A;hJ7tB17R#O~Vn%H$cwn0e%)3>IH(S4qzVu25zo5 zhjRn5xVUuxnTddSQK|6(#xlS%5)xnA$soc{ut)%p8dzc$?`}aO_^SLbu#(xlyX~ky z7wiR*Uim;D3xPpoz^2~{_!m}QSX~C->N_we+5*4oPd(2D?4JyHZy96@xrJYlNc;DJ!;O$ z%gZ~vyo|csz?uMdCRngTi_e9WnXq=M8{z)IyM7d1+RcP`r3!Z}2TZdWQ&CZQbrStU z9m$}7cLYf{jJf79&3dLc-_3Z@?lnN-5<1xX-bmjde49T#<(Ojq&`e!zyFvex zr`+QHS+=$OzlRS`tIWwT6D%xBR9s99Hm#hS!`}-A$Z6XgIy<_S*R+DsGv-E_ZOvk3 zg<^SJi90=A!Z)p;QVIO|$c{$m*^hj}Igv|bkS;A=Vok|sPKUHF6t!AOcNH-&MsKC{ z=qaF;UPPAkrL(g$QLq*H{lwgH1YDs)r!=O!S`Y3?&PD7m$uxLWWz+S~a>V4!ANLdd zs$z7tFoZSSwp{%#7>9;x$}-*XW6~eSj(MhJyk_zG-={FkxY899f25AnRCzrd&bWop zX8|eTvrRqV-aP8V>+KMON?da7+nrl#5nhJMnaU&Y$u9JU1!i;QmN5k7#?ZT^+bgxQ ziN2StWwQ(#BF8`Abfl+-I_y^SbXfN6-#Al88$SC+e{(d+FHIx-qjjzrmQ%!<05;CB zxG=*)u0bwCaMl))S;{E(3RwUlMD^|4w@ot}&4j_wC>+n3>8?O*j1aXJ)r;1E;zCC+P-9EWyigy25`uo}U{$pLD?Py{X- zFp+@U^uSvN@yEZwuJ}8uB-Q^CD4R)C;`()RvI;_kDIXOyEPf>)txRI?!(GGswDOL4 z^GxvNH5@xX&pjN<<=-N>_!X3y$j8)Ng8fqmk6@g)3cL^6C17IZk2isXql0CLXKy7Q z4OAC-?V3=_21|QRw#u4MAm$X02yjI(FYd^gwc(-HBR z#|sMZYR_;(#*)ty!{43FuS9;f@QwE*4#S5aT>p8Iwoscj)xR|R_iY<23T>5Af2H1Q z^v(5j3lnHBeMUkEJg@fjr+UHV#;xa^<7^E^Tg6Odm~c0xuSOsp-@Rth-gvP? zbf1DGia9rcAH3__4kH3WIt)wijChL=;tv0GRES_*) zSWol@AxyOV5(26o)~@AXEWbcukSXhOG7cw&Bp&N6=fnzSRzIhJd(M0#F~8yD0f{&=#|bp-oC7PVDs2={XLec>i4 z8Esz^t?h}O6p2)!PgLm_R5TLAeDsL?wwUCSS^4?_`6sJhx%rg`|szH*M7D%iZZK)=X>XMMoN;zf->k;FL znfoD=18I$=|Qrsg)0H*E%GL2_xaE zk=Gwl$hF(%3_CqFvC`VC-al4DlzsViY)`kQE>b@pDU~R)20>NDK~{@YzQ~!Y&($j6 zYL_Z*h2#)l?PE2ws@5X^<|+OT$))|CHNk;nA5A@FjPw;Ts}2GV?JB`I#Y5O9+c5V* zRF#4Q$JnIWOe#~2OJ8POSKF2_A;w@)n?pR!OpXpY3~p=-Yf7){?mKFg1@#xH({LeY zgh8@%L0*g0S!mBz4%KtB$ewxMr4Q|2NN`H?YFcx~TyITU z>T#<&R4%B=T*ATzZ=m>*4jKX_O0PlCU=*e zZFaQ?j6~3-6-VcyzG%{ADJ(+Z<}Oq)d?OJqaH5!#*>D;hf8n5hUw^`oCV)K``7YCr z|JSbQA^enxHJk^L;dx4xV`^CuvR*D)=W5)> zPasTRu)oLm?t~EY+}kDZXgfr7U)<-2qFAqd;+lXmblVzWWmB2%3w(%An>%os&f`^j zoK*1hZcrA`himXcBY@M;_m;m1csaz$b!3QLPTmAr#*yghsERf^W2OAQFfnK7n`ggX z>Nd?!*YYg7U}okwA*I4iuhpwTpHFs{yO*Y=Hr!^AVo``4Ks#J{O z1DWik8_H;$B~CRrXR_SPez1#c^D;Xs6CZGDad+Rv=G!pa;$kK63ItA4raN;`XQN{e zadwiYIq+c_&&!_ZwPlIDr#OZ_M5KskcuoWo!_{#J3!@v`iw}NMzr%{;JJqBS<%qJj z%VHP+ZveOIDHUK)>h&!W@%V z#seAaDp@1rKcWN8-;PA6_a-tyFr+hh6jbxTa@u zEV;OPyX;1WiT6vWv^h>^m5alvnmZH&!$;npl#^lFgznC#srox3eTMG)X6T{trjeA= z_P)tm0q`&e{1eZ)kdkX#6lMbB2bJAqJMdDiJ^q||dO!RHeCqx&`=2dU-p!_a(q)E5 zXMe35RK@Ox<jT)iVzC z?Yzo!MNqgaM#huS-Jvnkvf7IAEn&5@WUNK@Bs8_@ZZzFJ&Soe63GEnH?HJf$p{9Dp zE)!mrOX@P0cuH&hCdxwssh>%W=nbRDNwJJdwA0j3o47mgFAwCJUJ(YCQb+8nUb+3G ztYlXc{%}QiA5VDPJYM&vp(1a2td{6YdC5J4etMiiL(xwsWy;LPu@6}txpurvLxBRb z^b-GCmVXak`4jK2wigR>E0s;IjpJ&OD5ATG+Mq{QAQHu)w42UmtN48qjL4kiARLwn z_%Llv*@D=opVr%*al76|a?eGHMu=^t^ld@wM}!PjUGNTH`$S=ZuYRvztCazq1GL%c9__YPV1^8Gp4pDH4VDO* zlb#S{JNUkP53^5Xa>{-n$2J)%<@%gl%IT*6@-!1gY<)IHh!Y!)=KQ~NijdCbj;o1( zN|=+V#)YYeR$LIgw?!bXxb13{pNVP$!}s{*xDRS{4F42ld})t{DO`;x=7YF#+PlSW zgRbAnCbq#&)oJh_isIRhG>d!_M*4N+hdYv336^_LGy1Wj1rKKz7oP)W43T3pQ0ivz zkME~S4yv7f2{(5+_TV=I>BvHce+J1l2@}g`ak7!#m^!aP;ockJTw-ig>tx?2;707w zrLr;RMGKWnu@={4eCLf=5z28F>p+RdR5rOX5gC?s3}lte;P1!KfR`s^txgOrAx93e zolT*|u)#ZXjPWg;$xN%~OO&g15_05nYHe55cSnx&O#QI3Q|0ota_7iW zR*m~PVPCn%TAdxuZfkv=y!?r&v@1Wsm@QmZRIV92y2Kz8@@2GuEFH6^()f_6oeMMP zZv3YzZGI!4_V3|69*3hvZMrJ~f}%CdO)4r7UVWTA_8lS{e?^_#^*a76zTpuenfvVp z70Ox$cOnf_et22jL4NzVk^al2KbDg{l_F)nX&)Fc#+In}6!uPv{V3?~-Q-rS=|7Zi zma;{t>S~vR5k4UEVOj>?A!-2tyFlnK97`u8nq;S`w|=mpp<+t^PPCEPwn1#=ioUu< zUGBuqQH~;;uBj@YKVPu;bM^Ts{c5004Y7?)fh$Um#D8avSpz~km6^ZvnV|iN@ei*q z3VRW+F2-ugOiFPvyZ4{yUi!SsEaTFVYB-)GpV1L%QEw#8RsMjGeSUduwNiTHdw?ur zRQ~YLBPKgU(Qv`y`D)f+RT!{bp!N8Zt*Kktw(J~YCwMSlra@`UK0jk0$*6yn>p~zt zWb~KM0~4N;T0Un>?X1LwPxE)gc|w$Q`DI0Ua-%31_Q-AJHkYnst8q~ za%A0UQW9hq8l?;5>(@WS)59gBYYikIxq9LKqn%(q)_ zUo?ECJR(jCbv>$v-rj8J`zUrfomnU;((fMl-{NVZ#V=dJ5SSWxWgP~y^rWMf^5ehl z*@jhgD_`pb@9Ax~3x^_RqPkDmukFe>a>XD!R`51fm2|BfpGwE!$Gs2|_@j7kj` z-=#hw`Mf-b^>XJp7kQ-(o{MJA&z2YR>)8jAqdN=+A)M*o&azQ|(T`RQces9(G&Tx^ z-m#RkU?;Nkh-~c*w#fRwwhWeSzKg{DQmXW4Ov0crWit~f-=U?`}=!KHgR}PYtLRYRx5x56F6RNlA z@Fw#82=BdyX*D1w_#Rg918q$huOJ#oaE0FEY~a9)Wf-6z+@^oK|5*(?x{xI5%n!zr zMgn`FeXJPcf6JAlK}Xa?t*CMXl>@dw|CaTQucmc9iRsd(>}JQK2~C=F6Y=D5UsYgX zUiS9F1$oRrufh|z@*9d`3Vkcy7V-yZJt}eqg+`1&2NWgNzsc0 z`UfJisyfJGJ$O7W&i@ASNbiy|B?=AlDLwtyr&^z1^kR;c5(=^5rf>Q*-jfkI^Uvfw zYmy4aD&ZTnk0&wnd_KpamS0VVPwL#Kx!iO?vr894J|h~#gw(LptY|1m=rIIcoFhJr zKrg|&jwrlDbc3Ls$o{sC|0yd?%wAW}NTTvM`kCcY*JS7kkE!F%G9iH9&m`mEjhnIhsFb73OWI9YN zugGC8n@Ue*95~Y^{rtQUZ=TJ3i(h4xxZT2kcl%qobP+6Z3zi@XJSbiun!^o z(J&TmMu>HI~smt9=JtE@(WS8K?wt4<=Qfb{8GF+RO@|NIbHP1{*) z%d{_)je|7IlYx6+wS>ZL)=pj87! zgq_jwSN7@l>!#mX9gyEZ-uEox_6`W^3D|Rz$}Esc;vW$XJc~LPc|R*gsw(_Wcnp2fMWi3fJsxlxHtC zN@(0=y}s)BO1!fJ`sglx3G_>2bhy5^w}NV;BKlApCZ&9fU?b_pd;J>(LfN}jq*YH( z86{IQ^2lCWt$DT=tju?Wb9i+rhc8I*B0{oK2&XWs8!HX5#!1>uZi`!x?Fjqbh8(cr z;~Gg8nZgdm^WWd|t`YReVF-|1_>hWy<`ohZiHM=&W+lNwlOylm>@v5H32ZXipWF@wXZF@Zdlq#o6aNqUVlx2 zNN5N)A%x9Tz#DPE&;n$Y{AXDMICVP^pX;IH01ASt0uT&Cv>Z)s8wtDixy_(h_R&ft-BU5h7`!I`LyRe<;i0`0$Ll zW1hd&vg=P2z*s~1EIt>$kA*2* zU`+gU70raPZGT}UN`oZ9FU-1_Qu3KUWSJu*wMuijg*Bq@8GSIGbrc+qAzGs9TD1L+ zycJ)uf?qQE{r2QDK3zJ2oh~&yHjdUwa}a$*^CSXNx>-LU-fW8HIKNbGoeIbJ&e8r% zLi$p=bmMkNS-y)Zx)<+^-Nz`F-|+Ij1go?vGE2}`V1mP-mc6lH$2x@(Z*olWFSHiT z;TX+daRjrYEY`vbV!TZMFH1i_GdJ8+?cJIXou# zRkv`#&g_Am{pt94pQdjSWbmA-)paVM{1(e3`>7#Aw|y0*^rpYwwJ{Em%rn0I0p>Jm z^B*cOx)r~LkKAJZY3gTiK4GuMeEfOHACO~if^P548GpHr7h=T33i%AGKSZkt&1rd` zA^6`S{1ix{ACHd^dHRB}1}lv5oXkOr>E?2f9FZGIj6l%Y@9;poy%w_Zv86XtL8MqDSU@f4w;g+V2#ehcZBqOc|1o+c6xD;vl#NWzw{Mh14ma#p3N1 zVZ%VI-DxbmQKR4AE5__&Mg2VGO#pxYA!bK>AeoM6>ySvvPf)+5&;=RGQ$YfXBlK)_ z25RCmExWcRL{URaokY;*5?K=vEQIZa!vakR71V_>Z=&&%kdNsd*hyJF7tauP3a-CL zHBK_;#IrHf{~?c`%R)MmHtllB<$YosIc2}b9UtFdxfolb{xjINeUBvt3+hOZLFhCt z`l7}~vK$B3rGPM#pBEo*IRXdL;hWp52ktYgbf)+TPoDQ9RX8d>T-gaRt&zJ%u2l>{ zd>5Re89?W1M{xOju@SPpi**LKRHU zI+wV+`C}ZYii%cW$67G`BaUSZK!^8$8!F8wol)U?JNt z5?7q2cczTChY<0D9HsB?1OD*f6U~qo^xo+@!NM#&ZYKjmUP(Xj8b8(tHx-NJ3~O0L z0*?=|H#%_PrPR+l`m0aRzF_s+PVgD5E@VWw$BmE8`jDK;S#mERhO8ci$FqIz%oHUY zx-aQRu4o*4Fw*3Bo&0b!fH28HOy|f=-|qcR&sJKjKbOj>LqLs9$$xClVOuNAqXfaH z0A7*4H~70=X$4+@CZ}SjX3@(k+MJ+0(~8Q~!i5`!>V zMd9n^p-{GC&VO=sxa7%yp6#!eijBIywUfmFFRkS1P@&N$N`lJ}Bt~th?TD)r9883( z`6&2CuRJy)uqGN8GB-Uv4Yue%6if=rl&NshaBE5K*F!yOa%Ypt(gXyg{R`ohf28gO zdgH$YZ>Njm)w}%2sG2^wi4=W5?rXg*+o8ZnkbTikbr^!m@F_QZ_4f&N5g9H48)T8n2&p(eoF}fA zh7C==x*zmyLoulF5s}LA{C~vo+8UABG%=ZJ55K;{c&8Uia4b8|Sl4HOR%SNKAl$&a zP!J#F{Z^(cWTKaDy7c!AX~+INDe(^i2Ni^uFQm*0#pW$0n1=PEN2f8?Xjr;}fviUOCt za+QAV2Jv0a^VSr)@S3z_EHRr8Ct-FUOL~LQ=Iz#B>IXkem0xYElGJ3`?2q1z%+M*f zn5mUinjpBLN`@fUfB8bAXXy|XR>LVX|HIlTsna*S+Oz(lzLFFpiSB?6^*4Q#<){!H zycfRmJ`pdN$qhCT?z?2imX51k`Qn#fuvhJu4nEG$E#~jm_z|cDd3eRPNca(wBtX3_F!#tvueH$~pxkJ1SvdM87^z2~YgMgelz+t2zWto3Wyt)k@_Qu*-(yUgk6uX+(7-}z-57(jjQ_K^AROu2bd{cgZklg%Y`n^B;;kk^>$Z-MmS%a#0{2y1uZlJ=AU$7tg!&YvCqRUB&nNMSqwS)YrY8!~znO{rn)}Cfdid z(!Zz#N4=Dg75s?q;6gr*=&9UiYz!{qFGj4BABwL+%1z7n4yBNzvU`a?C}JaUnFYW1 zLzo_IlaKYbw4@CUP3I}Gw1T^{-i|@vhwN80YvlN(;URq){ALXa$8@YsMdA+JSPg|p z$YC)ejWMTssfOYuKxPu=@Q0NP6Q%b}R)1Pa+8-R*=kFH9WhRvtbcdKsb zG)0WW*`W`~64|q}awO#2NMax1DAHQ~sWDB$h={5nxr>WMPvHDRSTLzhZ5_&5BKUC$ zL0Oh-f^QZtZ}=2>3K}uugtV=ell5^YvC*7*C z-xo59e_05`@@S}BGrbwJNrAHmoE6Z<5l$%8O_qwoBATyL*$oa#AK5vdEPy3tt^Exv zbGK`F4MXHLzWZ!Frk_WmY&}C;tbJFadf$&PtKmiV(P*$o{e_M7Y6J^D*G~#`7CAIN z2Qu96Q*h6qR{o-5aU^QiTk>VBVI4rBN?;*NENy^LGg?H_ogy~G%dui;lgP%ky8UKf zz(A!l`<$8{2JI*(E{ajce=VdqYdhWi!FN&>&1WD}_}OTm=Z}kv?4qodQ)yiE#I9SksM0;Zo#OA2Bj)9Scn|^qu$n=h?oRobaJBV=mUJHRFVbsKMfwM zS5>jlXvENdWNVIH%X!sk@J;OMew*2ck2d!=)f>^A^3VGC_tne06MS8^Zr-sEQV%pG}#kP?D)6kUcoUA%h$HT&-gb zF$yxo$>ugyDQeNSrI5?aKIXA1kbMe=QwSG%qt(Q@6rtm86gxy6dp*wHtQj+pQ+E?# zBbU<84K20A^3yQ1u$6XO*kEvwb|ufbL1}a12-kP4W#>yTC8V#87^x^@BW9R|P|Y&< zRnTYJuJ$VjyQonych+G}V00N788rwh?R%1{d5(YC3Qiv&ixH578d!}?r|%kKAyc6^ zG%`>*9r{tZNu<<}aO&!>C9*4FJ(VUQ`RBdT!uU7EW!&8o#AS_QRU`2-xS^m216phr zfP7eZ_z6qZ$^C|apzjf5ZVJwgUmE%sP8Yn5@%3v4L1G7Nvcj~YiTx?|#5`2pA4*tS zDyRY#2}DFLioIg!t3GDpJwHVan~Bn6@Urz38>)37TQeO@J_xC+wC4sx-h;GPR_v$p%}_M&4c=% zjbSy?FYrOHP#JzDB)x-flb(3l)HzVqyx|NAJOybGk3zb8lN4L>B4XLkw6tQ;1sgwD zb;^owIBNh zt){_SW5yf4`(t*ns>V4GuxSK0_ohvIOT;Nr-Un88mpApfYD8CGT5uB1?XgZmBn}cq zy;ItCwqrtu%m%IyAuY-RjYE61vk6S)Ry>YmLI-w+Mlv;~MlGZB2w&2%cNTck(FeGU zKPnNzSH4szZJU7TqlV;X#D`;vJfqHbsAl`K{2oWGtJeLkNlH68A6^r&3L*s@MBQ2KpML%Nmh$d0LWmDcskQAqBjKz0g>rZ2wX$QU ze8iToj!++ix%uhGROerBh{vDXMk4eM+{HCc?WoO?=>@0A^<3(QOP7%81JLgNVTI~X zc$)&9Or0ijlC`q{3jVcnQ?}N#UcoIyJnGU~O{#>!MXgJ{rn5_nc5_M1KNV%a-&tXK zmylTN8D3zlK`?#Csj=kWhWHstbzuE#v|y~?HYVIJ6&9yoI^{ucxP(C0q+_Z-Vl5$; z2)L*i?$@40SV8=>I7xlD5Ls}IyeQcUb7`IM&2W;3yKr1J@=$Wf$*7T?#J)xytieWl z9<;BbyPoA+_PrsgqR2M;ugK;OQ%a{2muPK_Q)5x~LT%?YUmeqHfTTf4+kI7ie$W_x z7}n-Uz9Pcy@s1m+K+7V);t!|=FVdnZHAv~gGY>Y_U$51@b-Ea+^kVfthscc2(OcEr zGhySz{;Jxx8o@R(5FHemrZvas=_uan8K23RgAer_sJJ55PV3kZ7t+v=X;)gZ^JTP8 zxl#yEuwhCPC{N)pm%T`oSpK`;(^g2uP4EEY(e%5WMAOMZrns{dwn4_wpAWE}R^=rS!-UP4j<){7WKZh=@B zBLs-ZN4)R4Cgr#$bx?P>zYPXvp&-xaI6a0u|rE_ z4S&psxyl%5mY`>I^G3xxL=`ihxANV|H}QVYIg-puLt5!oZt3=Etl=KFos_8IkC6B{ z|C)>;CsRB097TYT_!v*MQa;ygTHeqrYnphUIe}Ah>%MgAW;u_9Z?uNQmA5wDy#akS z1vl%!k@YdkZ?yu-cSv|qB*(Ek7bDbEqF~uMvZV4ctfmk5$L_d~3~Lc?>v>YVN&kP> zP*OOHvG~f;V#AZYgN%&bUoN)oqjQ$@Be5Tz(}pRlZr-0Vdegmsp#63>(TZ7OC9kYBe`VReXr{$4b?9I9(0m0eV-7I8wrvQ>Kc% zsAEFsAL@A@eWQKPrmiNBKj_)!Ff+t)8-6x*RzKyIOq86E)4!#y@Xkk{L?AHL7rx?6 zGF^{YYaXj*V%V^0Amt_ro zlcrKLoXIHx)BYKaN>(05 zSrW)nlw(8>8BQB1x_D1D)4*K%jpMP?ET|7e)5tRMHaak{v z{f>j&HtnoB_3!FxpWa6}<9Iidcq=arn+O4#rSI*jm)AY`96eE@!Fyxd$G#j+ZTKGw zX_oeKABMcT!^7c&nk%x1)3oN9A{)FZh0z5ouMHnJxRjyGqh&v}8!#TJ5eT*&Z^z~d zMo}%fEFrH&_o%da!d?n)8Vl_E(=rrPY%DP5x;3R-mB`WxWGM_uj99eDZsdS9g*_n< zConKm2nkw!Tf3UW5^6L^wgz9bhgRci=fMA{Y05;*SyVbGzN2plJ(D2U_G}u?Y|S3k zEOhbt#N0rMI{tvlBvKsp^T<;f*+|zD-exI;6M!TfM8p2G!u_HjWMdf0(>WWe%A?4Q z8smLv%f>?CjFpPHwxp&%Q<#|#6SMy$u4<6TCUR9a^I^k#;x=wVOKDcCos|BSCFW0t zOe@h3pHvfmaNso@*q;*dg`8n+;Y>G(h3gaz?mSF{Ui4q2lcW$;0*Z4?x8zaRT0^P%lc zQttbh$r-6ace=#TNuYBUAB?qfbgIM(mU7!D?@%g6O0%d}XR`$8NBTIGm~$`%TJfJX zFR|(VA5CW+mDSp`aX`AeyQNE{yBnmt1*Ka>x#)vw9@zW7XRevK_w}=(aT|Ck&6c04n>gxpkH7S>BZcQQQ(@Q+A`Vw)LUhvU z)u_%aj=AhouY}%5Tx~~&QeARotHUkt9+?5Ioq&iE59901JKl+nnl|UQtC;-aE13Vr z@;2wqm3a~^gPdQjEl`~Kj4BlBO%!uS=% z%GYAYMCfOzND&vieUs!b#pH)R^s0?==JP1qE^}gXPY9?~_}+#jW*nX{C@5W0 z&7FwYJ;Am1EU(W!s5;R!v0z3-+ANRHBJ3Byyu#Htd@a9&_>jiGy@_UjXjn8Asa534 zzKF@c7gy*vzaKTNsFy7%go-$awqm7=C3e`WzY-&NZ@Ls$yrckcBZbQQc!qGIpkRac4dF z@MO4Z7jcurq{*7o<1qBJkj;sq~hY^%U}Mn~Ey<)t@UGqebx1*H^hzmF%j~He`_{63Kp1 zSDW9ZsY^`6ourTFIygME(?5L>K0GJa>Gq~fxSe`k2A!dRKj9BDPq$=TTcq68sjLS= z0Y>oml0xl|m>(2Bg?7}{;aOQnydh50BV(szx19yN!TxXn84qy}CmzTcf~42q}hg=2GE^#IS|@Pq7!)cfIcZJ5_jua%M`Q zJ-o!e(3lP{hn1{rXgat%GvRSTQ6QnqszFMXNL)B6 zYqS2`NGblc+?$Nk&|=>}R=HM#P&9R?l{a4tqgrT2D+ux2^Yz^m(Wpm?x zJ0*P_{tEf@PO3`*R-D5#HYC=Rd(O)gudT%tYcDVarS&QBi!e`-<77QJQ+-gEjpeE> z{G8WbC5Swj?Bn&FCNPnXp!~g1zShcQGSEiG{i7q@*gr%HMW^j^@8^fOf6k40#Mm{X z^^ff}2J}SjzCijC;k^9nd`_|6o3Fgr|7Zi7TG5pXuYK0MVVI6Q5{iV<(Q!EK&Zd|!3d&=Fin!lk+iLy1NkuVy;kywXwcQ4rQYTDNh=O~Oi<7jp0&Y7GnK z)~e+Uo7D(O-#|6Sc591?GbnJ_mvnE#fu^)xr0k24LX<^H5do}C)OH8T|E8;q_Fqdo zqib6xs-jvCSjn}k%>6KzrnmdJIFEdbLM((v?YUT%SO$v4t~`cQV+>ID#C`lOCkRN_ zcA}(*Dp~S31;+W8dbW%b;*zM^A5|Pzg_|-UuaXnyZpHIOm_~Gua+qMdG-wh2YVPhZ z6IvV8o4G$N(?uhdNsDVsVO=0jq&2$fqombNet#M>M4j5teoFfU?WG{e3?HfRIECmI zcDi_CG_`2@Hp)o3#~`wICcoaK@pd(BhtCmTf3;?SZ3jb#^d1)}RRVQ>>T|r>M9ZdW zYc+B<^{{cFgbWj#XB&IxuS&W&5K}zLmPlnNCaG-%BtA<$VEZOlZY<#zX*8gbt4&sH z(y-B2UDOwt`G{_TP|4(%*o^-l4lEO9-^E4_YYLKojm2~K`n~34s18*)B_B2Xk;^j1 zn_O(6t{*j1)+jW~)-kS(7UCa$ErGYMkGrk-(?X)5IQ6IVfF3Fjr>V)`7ABU)QSu|A z^#}{t=kD5g6+hmeXQsKvu`)g@ag8ma3pCRq+!Og*!zVg0Ul^Ml&cQ5?GWrvBIq{ro zl$?y&ca+^Dk=C!C&oy%N)y9|c4>|+&_G@H^%v)pONVak33ihOOnjzJ)y-jDMyJu^%lETfor315k3cOGJg6F?-)1ys5@572?xrcO`4CRT@?_H{p9v(VGz| z!_QUL|N4HYyozx@;+%`$dveDpj5?mg+XSx@3{XYD;> z!OX<4ork*58<`%D22#?$VJfR8WL|P>8jr3Y-ESnvOd{4Wy zF0vWIgvIj_x!dD{?XuzR?J%vMq~~`Dr=2F<9Bq$O$KglqZN#opI=z)cpA$t2B?$P` zvt4$nDkIE`GgQi2Nc@~O-CdeOv;Y46E5RH>EVy?x3w7#62BXF|L0{P|tqrOVqTws5&0 zABEmcwBD?xEHKybwC=9gSh@yI)QFxtBQq3ZSd>$ z{ZuH5g6<4OVqv@UTM*Sp?o^m5?1|0zd0!0m4x8>Tahjn;G)#OjBY#X z=zH>QZ*RTH^bHDGMpIne`5=z6(RP&2^ke~%H{p%sFFT7zWYiWfLceG3FQA&Jke4IV zvBZwNW>u;tWcq!NpMX@9^ChFOfJR}4|8kA&c{BP3QZjXHaFMO<=huDHoajyEZ{oZY z-DfeI%|kyO@2MNl+s9u-`t&kUzTn_rKI~4a5iAH0LcQPkmbkIzt$xSBIMM?Wjg!}f z&3CbNhCkmOtQq!py!V)NJM?&A$g4raJ+nZ={{pW^M*6Ivd z1q-ch8#f`&MB=82BHoOVgyd{gx7l<&rQh3h$`VYQ_Cku*Vk zAgx|1?!EUrwbAk>PUAvMXJc;i^5oYlNJ|ds54L6+(47}E?Svezd?i+p{S}z;eY}R` z#g4&aQq=o`XG}E+Me>D#4$U${9vYj2Ipg`ypQpm|+fRvNC(Z#&FxhE<+ygJ3FX|}|3E3wlVNv+d-?|B zlew>|6|*m#-3Q}| zFkSpE!+l)OT_A<3bHp|F`$}RoaUOp{t1?c$YY1ws0DoA0(R?BLm!y->BYmpnlY($^ z>V|+{Z8dKETrd7B$R+v;A6Ud&51>yy*~}EBbwegpJ&Ks{ZAfjvd$LPfDMQ8kH2)NV z%Tc+P)xGtJ|j!czV5i)aQ5?3i4_-@e(X^cx(JBXM4$za!sL zKiZ_>@$Fb7+Obs8er>N}6jG4kx{CkOwSuINE2VX8Q&Vjq8I>#G#Smlfo4|=aGbK`k zEXAXTf;P2Yy_dN@iEgfF`4jY$wR5;#il21&Nv$34S}}}^9QMnb+LQQ+K53O_G7V1< zu5fy`QR&;5%n%;t7S^D_HWa4lWWfl&dKG9Lri0QrWR3rw2MSK(os_TB6 zbeD;PXMDoDVTTFhK}V{}J7e2ik$P*zu1@F%ftu_bW|HJd<+!4m*ylTjDch*nGin*n z*0_jG&MX`zZ0Y4ALWg+N!^!WDAsabIvwfXPX+FX0w-t#xoU!Y|(c}I_^c1uEIUd1Jj3>Cv&&`;^dt(*B+9gr;`@}P^eV4^LX`&8h2SrD*gp^{I{K;U zptx@(?GX>Qsl;wtJQff1SXR5rN@KDb6+jbFS3}wS@gSz~(#K)4WE@@c`NIjd_$q&Y z#z}#{NKY+n8r*o=29smbNsM0Avf$4n)3swNp&=WOJ*L{>DI|I9s!Ka0SzRCdi@$~Z zuI!=n6O4_iS}*yh6hx+NRpPWr7#5=58OZiOaCpZJh?Tq$f1^v=cY@v0rB7s%lIIwe zQgDbA-m!Db@qSDLj?S6U%Ehvy63Sl`InfBL4VzP}yY2d>@2Sz5%@FqM(&d{Ey()X{ z$JPa&_)a;nn<09jy4Z->Wv4cZa0eAd&~4UrZMIgkoD12gsw%M?kmIR4>po8mXUVuU zEFF2eb)3VtNMZ-QCZ)hRrf}2 zF+X^ptbr%qv*nqSxv#i(^4G2pe$jo*H%2AJlZ;CXInUE8{{OQ8mt2buz8+>C@eNzg0qxpmji*=AB=mi6Bp>aEy1Cj&wJ zSO0X{D5-qC!wc@*MB_*rJfUemteCmVJH7PO)}IJCcv)72nyPM>9Qe$*y3ga^E8L{` z#C`Z*$Qdv6EpkRl%I{KCGj|JW3>(nz-Pv3sLwb~d$CGkV{JiZFq21o7 z0bRo{;>Mq81NcrjA8JLv*lg>yMz4C!`UxT(FQPSBBGn;%yUHMu*;((8H;Ue^SMc<~ zixhmezo~BWCC0)aCAxZ@#5ob+M>IhkFXxNKx2PGLZQoi3?64N41S+WeWR9zqLS7k9 zsuGQB^Oqzhv@E*uf8v_k)Hb^r_7nT=Z}+PY?I*EigT9F+hCv@AB9*5#ZoR`ByK2Ey z7jBFb`bCaS`Ks(~a0c4t|rR9R8NOP0uuqKQaPik%pff7Q_-kz!cG#B4UA z=9RibPw2O$dDkbymf<{R%al3R6hwo^qv%{I|U-j&yljQF)!-s>7&xu?I zn&Y#D%+y&8ohc9fu+jV!?e@!J-PR zbD738Y|vHGX-xTqOWy~+x0Jlr-FH+F0avhFesoRC{4F`UuIK8}Tl0s0CSQ#^d4XLy z64;s*iN|Q6*N}+de&(O-z;rJ7CF@&326Y%tU6$_!nU~j5!%z^|>3U6C1Z+ftHR7vk z>q5++%(SXa@6hyOqzvS;(nPjm0vkR~0yF8|EW2B7>(|v=GBLcOH*ersVSOUguJ6<2 zDr+dY(^QW=^yRvNdraeGsFLq~{%hvP)YV#|9}a-w3NA*Tz!CigzDGV_EBoW8_c&rQ zH*0Z8$rda{XE7BEME6@ysD{S}&zMLg0K=d=YND zUY4!3BK8|A7K0$bnXDXsGf5cpE^gdZc&d(&8cTrDbcEVZYSIx7@5I4I7?7tq%xIL}z=|!cw zeHW_rDR{|%|K%Ex0&XGZ;QImO;!Y;S^fLJzgd|&({L1jAoxQhm4o@w#RE)|4kj78w zpHL9ZoDAKXpMu-!s%YB>T=8pgn)!ff75Kfq3gfzX3W|`^f@PVpfLFACvGz|{zN1`Q z432M!2VR_jjob6vgW`{CT7Y)Dwz2|{?A6<^hRp($mK^ox6?bq&tUut~_n8DYPpw-| zBrrpndQMh>HCH)>nJ&15xt>7$k^=|JnH1x6T*6iM1HsohqyU)jhK-)ft;*b3y)i6E zNLE+dj;CNWkyzyoO7}IsQ}ef7Ie~4IFkXx^$CYw?V~!vxlY76a6hRz$JeXE?KTWW< z>3%$N3Pp+s=OE!jdly?|2}K-Ac4BATZ@mfb^vzXjIY4A&81i8IQETd8LPl7@6nm{E#- z1)(j9>#8QNg_Xy%LPX|2ymgZhny$>8d;N;XAX!Bo926iW2e$8*<=%#iWtXN2@W*Q@ zX1_IH0+Ncv-}6tm{y*TyCmH!?$v5RV5B*i-kM&9e%f!E-lL?D0*fsiXII*2I4TF@= zAn1SvCm0yt1FsvfCAhV30^Z8)d%s}S8_AJ!af?;yk0F@ssC)kH@h$BJ%&@3p2zF`& z4Urg|Wk?tv2ltzM9J_qEqxqNJIl3iLzqNSjrt`{kB$c>#bnp-5ZCus7|9MvQ_vKV@ z5PbOUOD~OOZ{TI%IC{f@Zs{%T+WgQKYzFb}j;E@RlpM-6GIDiL=$7ufO$-)!rj1<|xZC-IFDWi?u#7s;~ ztaxQ%W#w?D&Qo#f-kL^4NvmHA(eS&>#kc?j#T*^dJz;b0%%gsBf%ZSAdf4BYHpxyq z=>puT!>gzW_6HKhzhA%xx%DAa@&+&UTc0bXB-+1AQ$c=!j=8m@0tX=is}X^_wa6lT z%xQMVnfbfPV?jutkhQBLKOd(Gj4iIoicq8{BZ|czl$m7&D<2}_x~ux=-DJ#(8sa+I zG}ylo864JgQXI%mXWlxU(<9=F6WL0XOrx|P&g9H~as6|o@oJof$-nd-iUrF9Wdq&M zi+y#apF7DJm6AD?QaAeq^uJ)E#M4_8=VBMgx${W+I0vV(E+JP9pq~--+XM{2i0YPk z(MPQCLRl^A`O@xXmg`B z<(eQBI`QzCDaUwTfLnxMT&pvH%hR@_x1Y{n9Y2Ns#0TFd;T4z1Txtn>9C@chPLV>E zu8Rztkk+$n(vtAdb=ExHmsTy0{i2~uN$W8ZDP9)q-q25(mjh<*AD&0U7ad7@YvrxF zTsFTtWc)0hQ0Te2XzBFdZ%aAPlxCStynp!&+xpfuiPySnO$W}rpKu-~G~i{xyN+(! z$*>FV_fwdQ-+4@dq@J2ysnZmaCXiSr_RFN^0n1t1bEk(U1y-)1?awLq)DdejDME(9 z{Olnx^%|a@-vyU;aCg65js*n;pdum10rn&58w>*P;x*6s?GqMPr#hJb%n!Se*tKlP z9r$doY3)BhH+5K~Hpx5Y1y+v_^L-6E8#ZE-w|Pg@H=MK<=e zg@jr+91e#XW}g5IciA9-JC z#ZP*S8}U0SXvlCgYxm ztod>NP&y%IB}dLJ=L6?1cT98KxXU&UhLOn~ZO^>oD?&QLmx_J4ugQ8VvJ6S(VlE3p zXNv8DIFXF&!IKQfGa$wloh$c6Ni2O);2SyX;cZOfdF;7-CwN26J;72E;0<7?eG1m) zj4ci(YhGjAw?N}|&n;j%uxaJR@Z(hY?gaPpkR~*a{v_hxS`*Ewq?BNx<)xq;bf;@Y zZ}`q8eK|tj4f4AULPs?SVN{e`z=mt<(r)gT>s`~wH9x^ddQw-#2fQ$Eo%GFIR1}N? zoUqhY6EEYsy()B31Var^{>*kQfDL(LCBZnOt;(I=QM0m@h++cnzSNjry+{yqc|J3$ zzV1)FtlZwhVLAKW^2C>2Ev$V=E}3SNo7hDlo2o<5DzrlEk1QtgFfrP29M8@*Rr;p-1F{k zGX=;Acgb^=jtRlJ-h%}r0(_&_GwWFMjXLfpY>c$+K7Daq9De-Y=mjPmazYJ=Zvh+~ zn{k|CUvEDPob%PZZ^=EtczFk@R{~;$LyjTBc8FtiMQM2Sg^gxb`m1D1WTxVsN7z+9 z3PF5BaXw$jxvy3k&Bq&9M0oDGCa5|!h3~NcRijMrIjN){i)a*^pO*cS^|0|yjTz%) zyXl7s6KY3?K9PX98%M!(_a zk{uic4MMLOG7CmXh?vVlz7m(c_?jZKf;v8!npjxOGgfdSiqvYXFs2Y9%F*BbSj8{7 zwkVuk=VK5an{mTc35kYZ!TeluZ87_asDu#lw?}U_t+;Akii_@@;WI^kL8oXs8x0wK zL(ut+(_w0F$nRor2hd*knfXp0{w z^kechYK?4fsHRYN=xo$o`M7&zPVZf8KJo-6TfcevjB2?)4}q#mj5Ggd+&6cA&jev{ znr5fQkc?P+>>{a2oeT%Cmcm}|&Ofdp+E-y8*huF1#c(66vBG6}^w|;R{*`6Xs8Nyu z?7mxoi!`{gzPcQLnCJcKdYkPQszEmQ*RY|ceTUuXb(sE5s}L{MCehL~%IOLH*g-#a zS8#xY$DWZS^zX};nr3R9*n_raNDc8%N;SL-4?ISX1|<82#*8l* z$PFtyunOc*O&&ANVoK^^DUkZirrnD_M3P>ZxZ0VJrwG08OeObff~LA;qBSuQ+f>O( zX`qv!uFCcq@+d`3A>qb`5l;UKsXPh4Y)N%4xl?@Q8v#U?6a|qGMJXfu(d@4Q!-A0^ zW6zhvsA^vR6T>dBH5kUn9tw(Vs(+;Dk)#u~!*CN*5QSWCEF7YMYjKvz9`Ka=)APE37Q<|} zf`PX77W~W7T-R2UuC~We%7G0ohBJqc%OT*Iz&YNqOAafxQzA_QKg&c89o}t_>tV=z zIE9(|-Y=G7I4#1UyuX9(wQP)9VO^cJ<-M$SuD5cOyG<&_!lhY4 zx;lpWH2GqWN2*(eKRx2NbK0ved_;is`DrWpoU{sG>G=W7HAO?k{yjRCIbxO`*TSqF zbgCC^+)ZJ#61H0UpMK_i^O74~;mz-3sz;)NP0Mr>Di{8KN@UL7j*`i~_ti(8!&dJ9 z1+Lud4FeL@56`tyb9WrAFfdH$u_BTq>yi7kLhwoKpEwws50a3WQz!xqeBiIasli8G zS%u_i?qMEvq==&k1QU8>l+@(p=S&?V-CzIcPF0k<{q7*h2RnP-pG;FD9nU+fsw%5) zFD$Iy(4FIB?R-s*bh}00H2sGe?U}=~9~7J%yv|-svxi_%reJz9tIOs1O*`!>(Hs?e z(PYm05<5DRgqCEf;sk97Oy|r>22K)gVn3Bx8ymyAaee&QZdVCU%7d`@ji(YOB7t^b z#>g~bB7L5!@@d+5=0o;5VxZ4pOV4>)^QDx46f@Ao4U=_qIbbbVimiRoht zqN{qd+WuD|#@Ixp1`N+EZ-Khx*Q^i7oSVaET`QeBeu-?8{J5jcC{A1xDfE}@Gg_X< zD03oMNueUlI#k@H`drxmf+j8S3WLS*cN`_wpR22xM;!vI7n{x0MufC)+9nBOKD6eh zY9!0l>becb&#pVN5Ij+rSt0pKQ0rUCuE2cv-QF`znPZZt-dP?6nN@LqCXA>QY;4q0 z#p7m=BIPXw@CLVM$-d^4+t1od2C1;&I(`o;y3iRd;n-a)S~79-@O)%0@Y{;%t`kvV znnzfOIE6FkDz)aH;TKr57#AVWm8U2_GZelxyokam2~Ul|@O-p*SA$(E`c9CF#n%9r zkM^{um}Z`Pi)SY%A-`Q+UDss`8Zjv*?#dA z>Er5$4|h%wv6Q(!AWIg;Ca`N!vzxB5T>mm65#X-4)O+yQH%a?G%HH+dbJus__ws@+ z{!w^%9f#6hc+39YtvdhuTku?@{>G_2-$aMN5bJZ=b~Vp3KGC+Sx7LAU@urKRkKpu` zZkLcz-|SPvaY5~SLPGDKvrAA^P`HiU?CdHTJIl+< z;FL;CO4_G;_szt>fCH3fy1Ke+Yim!tdtSeOU0GRKShzl0@c>-v@&7ppQM$UgK)2`4 zvuA&zqN2d;n#NR_Dzo-Aw7OIB^0>y%;79ox8ID4f&>#Hr^pJbd*uY>8hy`k{I;x)? zUL+;a@!Lkcd-o1VE$Zs(&d&Qljv5;sWmopVq6weYV11yY^AP}WOpJ`?78We3m34K} zP=puBM+4p7Gn(`mug`Dp6P|z{gOE^jWo6u!R4ohhX87LG5%}c>gL5&t9iUTh+dF5J zSiirm_(S2nv9SSdfK+Bc)dD|~1`1zbqOBGyX6&4toPb69vNazNJz;HPs zHrCVAv*XDRM$Upe>_xI=E+TY*bFCro$ zBrFV{?goO920IarenPCO4WJa+!B-k)S1u#w;SkH$$Hph>n3>SUuBeC zTwTGsTH0li4-BQ)*vea5TcNeZ!o;)%J-TF)NUC@6+W?}I^4=qT5084wI`_wq-+FE- zSz4|Egl0nxnFCd56=6Xxp<#V}9sbNd?xSD7eralI0yP`f2`4u<$+ICzkK0mNtDH(Y z=o+}TcaV_G&CQorRvtfojD?8_ofAV{UDd=Iw=_ z_L+Z1;0|Wqtt2x}Erp_!m6a8g=yMoB3?$=jZ(nU!hvjy1bZu zpl$KiPxHYSB_$=Gh};ztnw^_#fvdFC{@=~tfP551a;Cc;Av)>thkj-0PT7;VIb-Bn zzfQ6%{ZHl1zj#%doU(+8JhtZV4;34&c%hi0kYAEjCtSg%!dQX2VR|PG-;~OLc(rSs zM5eEputffjv)n_ONfcFOcEiMns~+PyD*eeZf*c;pShEP|$++67%;CN7H4W09GTNl* zq@g$aCUV8(#`g1U$T}+ew#4jb2q~hg+eV%<(<6|XjHnQkTu01#6{)g%eJD|oOCs^+ zRM(}^(0I{SycRqvRWglU-dYiz)*9AER7@B5@}Z*cI%v5pgg(G% z9vmGBkz@NLSd$fs6A%zU4-EC^%>2BezJ9a+@mg^)BQw)yD!YV^w{MeZC81vm%V1?> zWFJW8((veEAA5UwX~;Ei9n4jsVUs7ndi4(+VzM<@Vf+9#kg(kMeqId@4t78L{e7_^ zJo^Lm6o?23`}+D|r{kc?J2*IKX-)P#|C5uGlSQgih7e0`M@vg||L0oE)dbiJFS{v+f0x)fWFOH6i>TGZK@%6QM7bGbz{tO`Q+}zyM0*zci_wffu zd*Iw^OI?=sTBBoOG`~3580r0T}+1VJ(k=})1G`RoyZCg!^tAT-mpWiQF zA3}6YUiVpDT3&{gF3iKj1IFU8Fq)d0y1K3bDTIbgU1+N@N5k~t)9C0USeJ3dE?|QX zT;GI-tgI|pe&SqQ~(w>|B zV5C08HBOnc{_UG2{40ZeRKT-m;n^1E=7He7-qj^BafXYF3-ojfslWi>a6IsCh5p3ywnkrg>1_RtiUl9C&FjP*YCcuLG&SllJy1ab58^XdJm{S$18(W6e>44Z_O8 z5*Z!+wxgq^wUv~N?0BgOj)MKj5SzOrc`}7ESul;fGj;rM&(r!Zl??xH5kG1981t{J zd`gZ2rg}f*iNjX1Z&)M|Vk!RrEWi(LrYnrLah-ARd@nzVmhfKW2zmVEj@XKdy58Ln z7JG$-^n;5Rr(0hq^W$4KJbjvv%QdpS0HGm2D~YgLO-)N%04oD%D)tTzz0bmXlk@W> z9mmOyj20kfAFXx}ot9%si;KVQ?^iI%aR1zyo}aII-=&Dm>0*ZTmgJY5jDO`goXp@M zl)A)gfBChZ6i-M=n#l=O-;{{lcq&t{d zkSxByN+At8z{_h`yJ1%)SI1T`W0!YOE`^nur z?Ck8KqL=SO@4&>bSe7WRa|QAb6(Qlw?Cd$f6yR6g{0cIIh*d*HMdbqEM37IiE{kd+ zA|k*%YIbrGcMQhtVajzK9TZj&gSr4lOI?}D?C|g*8!M}+nHl_(R@_g+e4T}r^}t7L za1l17|F>nuy9g~W=%i^Qm<0tNJdl>xhH!J6jZckCHLh0&2XE(}6ykndJ&@xmgkg?l z^Fi2s4g2DwVtlC>O%{rG=(D=4w|4#S?|;uWTZl!;x-@^k;UVr#(ejcRX@DV~jV=w5C)o3KeI% zF-fZ1=tgY!9Xwv>-PJ=b$D5D+&OFj*5S50Mr;MGfJnoz?B3~q!*@>meEXov?b#F?c zHn@ls%M#s=v8Y1h=NUV)lQLfksXgWvxh97CU;n&qZ`y~dsUBFB5S_vB@;$Hsi0{R7 z+bb%dk+!8rrY|lpOF^GH?`dq(?e(SE`P28$Z$%d>)6?g`EAwSqTEw({0zXIx*>F@G zN+EWT4nL-(%NKYV`yh>`GQ&21cXd#e^MFGJRxxnc<n8kry`r(ixeUP>g#5 zDf;Sau)lv5dg&^^V95b_#2EtRpWny+etwp%E+)pt zWc02gB5yBE0I>mirLL+Nwqkla73F8zi8ft3mf|ty9xw&z0xxtE=aMKOJ75gTY*%_iklbH){4{P{C9IJgEB!?X)luY$hi<)?54%i6oS zxp{kMN7mydFmTPy^DOILiF%iDjfJq;VNdFAc1X)W>f?}>mX?snJnRD6*@5|MgxX1{LX=Jp+OGKC$SgofP-@)c~jE^MAZm&`3 z%;hgzIPC7~GORWZEfYpK*LumC#}|KRbOyiV7+MlHKwOjMRZ~*~X62XF)#`=Al9G}S zeSM(rZ&BgACXL7m`WGj_jzK*(0Gt;5rPFAqXe*wUpp2^G0 z3*JS7hbt#9&&0%3Q&R(NX)RdVfR(ZGwn446hqXL9I@;CMm6JmWKZkolMn-04wgPJU z77q7bK{Yi&$8%z^Jia_?mRs!85B_+kAoCqQv7LuF<6(yyPvTn~SasS%x?$48x zwNUA3X=y>7uqbPi;VWjLp@E(D`{V>27ng^VQ~ozaGV$3c6hS+?yK!7fB0<+87v8tO z7#$tm;Nn{Mv);3)?_0~^eP=skpb|gM%%rBIz#hSYg$+eWSf(E&&rBYRPLB;FL8B~v zHt!bCuB|Ng!KG=@u&ovaMgfs3xd#^mYA0;Ck`t=Rfp>7Gd&ju2H8e3j42cK#`0oj! z<`Waft`c+eDa9nQ>(U{9BY2U}v@IX4_8v#}oo$3>01C&wg?cZaPJV`P5?n-|R~ugg z`m3qpJk1Al2n1z%3dgvLvNEkck&?#!m93%`l!lQ zA#2wBn3zb_qe@oG|D%KxYS!#qCkMhz&9`_YwoW8&0ygsFVYzsb5mXP@E#T(Do#h*0 zWn=q&{3RH+0Ej`@-KN1H$cy-vv^y^t_Dib*3J$@!{*jjRb^$X%Mzp4m)_pqPoI7O z=61Ji_VGgPhBtiUZ8@Hm06`-qKOZJbu6A}rw6s$8!}xIPZzmjJ%`Wb}i(SsR*VJn* z^6b|U6maBrPzk^XXsW7;`s^j|#>&MpD+i0&XKLp@1VRGHBASQ! zultvtb8KV;t?#0uqMv;Zpp1dvIH3XLH5Kb`;I`?sUlp~Z=w_hIKpR*eYsxOUPq}zFDElFVfkLP0=M&yyMAXXFa z{g=AlR_56;j}actP5Xv1ib$Q-xfBedV|`>n6Vw(AW%x24_$O!H+TC6H>A6#Y6vPRf zCNvLE&+Pl|1=CIv0Vmduj*gm|I2ZKRHID_dVX5>!1DIYc|BQ!|?csb4)Dzj#!9C2X zAV4{|xx2k~;zsO2QOsK42&7vGNE8$lfc}FLUryiCms!clZUXu& zkbWH!e0_YXExRepg4c)HoVEjl4gi`E`XN@q2C9_|kmeY8*a z7(~hk$)QN6BR7VO$!S>aZ3T3ZW(eGbVf ziiGkyCofOJdsjm>b$2p<<++S_TwHYY5S&3md^`Yxs(RoOl~A_1x!Kw(JaK8M`}YAF9&H-4GxQ{_w;UZD@}+|dYV8K5AaB$M z|GRQA?Q`@xL9ul(`Q+Y0Jg!9FMdl^KfLlHcsvlCFq~q zj2!re8k4x9cZUCHj}e_COg*^Y-y6ATdLT7Q>xWNcAaYmm$1ty^Rl15~Gk+m3*gZ>L z(O>=g_BP;j6Z(8`gQ58Xfr5a4_K3-@8va&%LMXrx1KgGx9YA`?N8>sqfJP;n#j@=2 z{I=Wzj}Zv>(CZMsfB!>=%AoP1M+XoDP{OM3U>I2RnocLu>8iyZ; zqS0Q!3D(s7{O6nfv8$`*ITBiF8YyS+jPD%J!LgA>+X2i2WGJ$ZfNeZP4z=?#gg!G9 z6AUTC(c8X;{lkawU4I}ToCw^z_Y)FNQ$vGEqrIxJv9YXdFEH(4?G+BdpVd_(oE7{4p&CAi2GSH26;}C)NH=p>Zte6!6Y#@R#jcS=!b1> zO9ftdOoq-u*VEnIebCs(hT)=|OV+}IW}A;fI!Hp}dvAe=$8faQj*onO z0`loCI2}q4{=wTLGqh-ic-J4TeG9Roo^5tbs##vyhh3?2WeE)-rn|m$H(Q6g+6U=jYSV<-xwWXDa=0ZTgC#3>EzX!~j!YTro5;=p+J?`B6QM z@t@i1Ayz(ebF=Jz>Z_=TQh(?A?umhnObF?DD{HBW+X5Eeg76Mn7_)Zi1`}@{2ICN57kR9tW!wxe-ZXk}Q-Gh_^ zo1)Wm3zaF>T_lbE%?9WZldb?yH8o7y$Ph|+Hb!P<(7MLK0SpS+=}>Arbw0lxs?P?5 zPvAq+)GmeeK~{p)5RC_;m(b{&H!9FahX{yTLXQZthEIERy*E5G7QD})Z5bLGn$VD% znhLW1W6NWx05YwDFkS@&1gsCXw~M4XP~10y;$=ToPnY-v4|**j&RA&No-~}QdM++p z#DkxPa+r&oH}UZsivPJS)^EUQ!o}TPS(HCpgX+E;avThl7FSk2Ip;oDHf9(_<(4TA zoW9Sn$s5GUfu^ZTCVNeKPx=w6lR&}>gO}6ts^CmKbYoZX3&Rj&l`b*x}qAh8SA*qRSt|0g(iJA2cZeqsc9=l zEgP-cKz zfJ(ol4~AdX?y+Z{pUO1h=LVn{NlHOGP<9GKg9$qeDewl+4nS=@iRbNca&b{GRZZ15 zG(ou3yL6Qgw28glpXIfpLWt-=4yj9z%}$K_>H9i0$aR~Sm*I|M^KoyfiK{b(DO zWK_R=a!}PXNpDDw9^@NT(87eK1+Q7_5#0YgkZkesSn2p0X9GB-0Z}zb|E;=#$dl5t zvOd=+XeffLUXLoYi{^(1dj4z0{eeAHo9~B+X=&Hy=6*sU{H4vVH#UYeey?L{Da8OxO^Vg`{vJ>(! zxg9Jtz{HaNwB#SuVEqK^>&fY+;@~1ElvBy?`!JwM_cn*Q8B`wxfx#IFNjEn2Bz?e) zqOe=2wFp=0byi3G;u9Qn;{O3cVpGuHr|18D5>a9g2&wwAr-f)Y+$U9!B64t6*@~aX z_~kpY@4z=9A{jt!K@McGziD4T?Nfb(VaH_YJivVjbgy->4nFNMb)FBqWF%Lu8=|g4Tv*I7a>! z+P~MB1iP!7n1W+hmzS#c>5%w$D_%dQRn+C+;0UP%l`EF7rF(y4`f*eu^XOZMzAvcm zd)ZDk%P?SJk5V=;-$y1U#I=SjGC2Vyi^m54k6uPq!Xr9pCr^r-JN3E=4!kto_TkcL z4n2a}agWZ%z5s@<{mms%nGv31d3=t(54E3if2-??jtEI3<<#gXQiX?~AL=2#1BMhA z^rkpC2+J9Ts$qnf?3snR4V|UUH_;zD68NDrKz)RnP1z7=X-V7OXJ>26Uc#b^RMl2k zh%jgbl3r6A%3OVYVu^7H@-{2xu{9Z&WD{(pOK$Civ^W$$CpWABxfO;(vnCE4>>$Ci*y2uWzzo3fKsc1VgS zd6VDe^S%B2^}flwlh^C{dOok~@wh*(*LtK|4PU_FV^naCSA_16_@IVF?pNrT|s6wJvmgRejY}%0;Tagn^focJD@mmU^4&3@ll9`O%gp6rc9t^agCTpXFlSI4)h zGV=0>Z*M0Slh`rLhC<`^6-c}OB>JMUzKMzN5B`090AZeIAOUT^-}J4ak@FY-or`yj zb+?T-y~O9$2Cs8=*|{H{zYu)!U2TDn4p=yN7LO>kO zc}5U+y{Q{4lO~NMR4-Bw%B@IA5K1>F@T#g7U~h&M8Dm*~_TL{9BO{ptL(try%Y^f> zwYixEG)fY#mEz1Lxk4hj=YfGjwWXzMlGIK83LXAEodbs%H*emA_PHlp zd%-AcgkZ!JHbKziIMb;=U6roA*D*N?ePSEP1z>wGEG&Qqpmv4WOCxs!oE6RLnH#Vv z&KTh|d60=J8DhWh?C7UPEX!EjMk@s2#Ju-R)!h7i^nNvoqh)d%N=Uqn%y1nqENdh- z${^n`nLa366m53$=LhvQh|s->I8%7kw^b*}&rjT2#m&uaT!eC&?KDY!7>m>cZmDls z$KKw4A!Ohzp#48=sBNxCdsUVMQMDUtb&dOrJ5>8JIoa9W6UAIyTw!TAjXkay5DMF# zKZlo}CrHSKY)wMZ-;)3}VSs*feLV%9DnkPgnq91)tF*Rco8R(t>GsZ!52|i?YfGTu z@)!Cu63a+53nOi5_7IkRv#?yPK0~N9e~2ZCa!OCDCT`#Nq zk-5^M=+$wp)n_$SS7)VM*=aLmvj2rR;WlIE$b*e`GUdQ7ziVjTAYEl_ZzHv7Nk=MB zaPLl&Q<1Z&Qb&(a3+Wfr`$FVjXPd;aDXZ~QazE)_5(Qp2O>ei?d}L}`?YAPSRn>V7 z6)k{lC%r+MRoIKIEf&^#7?H-$BEOleiKD6&E8oR@>ssKa3d#5%nep1?nGf|YY-+$G zKpq96gF_=^zZ(7%j(R^py+L3}b}lo0Dl~8kg=wiHbcc}$tipDAOgdXbP3ohfBKHO! zj%DF2f{9XrXqXClMn*~@>tNeW&OaLH|_4}!JU2$Bu~%t_Yatt z*NwBne#0KIAL;Yzp%ZNr^K~x?NwJi;mrt|qm7hAQ#vt{Ssp`*#w>&>|lO|W$ewm1k zl^mL|FPs)`)a;iWU*hxJ?0tVjjAb3A6tYEQJRKs%o&q3>DU+~`=TFRgT9^neZNk97 z>~CHc=+ASW&b!L2-n{RV{N}K%0>IkYg^Hopm@7 zo;(pK*_S#lWMfb_nN`A3Ui{#>0upoj<^0S^PBTZ7V~*TiJT@=GIrH}z7~g#4fLFcp zOsEnrjSl>^X|&H92`EM>8GQloAx@{$TrgR6b8{ddW3bhO<#nOpD&3KcO&x2w@H{ua zeqDQ%gs5?5Vqj2r4>UKQzFu-)JEfzeBg!9$KEmrIA92@t_-mG)<_o2I2Ts6UfA{X) z(9qE5&m4YcVS3x8f4O=u@8<0v9mQSf)(~PV`>!|b9H6#)Kr+xXGjDBg|Ap+g1E|Cx z*=CHM$$p#|ACFarj+3|?pS-OEJR>m15NMD;FEoAll@*#?U0v1q&e1DZKjEaQbZUM9 zTErjMEXr$#aa;A{yY9Q#_H$yqw=>x;O9s*{B1YbpBwA73CMXw%2W2SToiyn}EzB;j z`OB=GE$EQ?y!i%g;BgBM4hC%K&Yh0>O){6AG@<-Rhj7&EIT8vjFRC*p*lJ93{EAl? z9>hUgPTb_>VJmv&O6Q$lRe5<=ot>S*IRUD$M}_Dqqnj`fPt0Dq{<<^M^M4Y$$)F@G zw^9`DCQ>LnsQozj#=&Wyg=(V}>TITt#?{+1DF)4VeFQcJh``d1!o};;cRY0A+62H5 zq+HO2_u!Af&;wW_;`^dZ`P9~r3&A_&Cs8gukGZ+}>)QNA`)d_=4>Wvjb`jTB)ZPQg z27(eOo|q{$?zd%cJs1x;t%Vc}xAC#G=g%uzcze2%em-nlWMyNUVrz$v3Y0=nwPygS znwbH#`oiIU1tk{nP+Zgsb41wXSdBC-G+JG_7^IB_?yt7X@v4?7=KAUK0WrN^(yQ^Z zy9|9VEDz+Xal+B|1euXez;bYeE#pE50u9_>$QyNm3%8_!f*P}({TZwsJbuAm8~IRG zA)#-e0y<+TIh4Wxdosl_rU6Z_kDDLhtHoAtkjh}&16dAxw>zVjN_h5GQ8xFb_7XLx zsPf#t47w6*wA*EKOnFYtPII*YwQg{u(v32<=kHn#85;xsaPu2mxhfypza4%2X(+zQ z%(nfPu~u=NmIMMlRcJLJx{ObB$fXap)>cQU*)>bNl_D_W&_hh!p98cx!|4@af z=+g5vA-(It^^7`lbK|WH6{I(!VRqp}(&cGsM>@Ub#F8-|JE6iveX}!bQ;JZTriV*| z_{wF83CEKv>dmpXj%Jjk#<4XuYSF=qGPV;^kqnCq3#Dx?3fCkf357Aq#AX$LJ$kHvN@@J{MZE$ClK!)+XJ|^ZZI+B)zk{BmDlbbq&Z{2!?3Umz*4~N3@Wne(! z+J0zZmhjfXg9>tz7yd(6lA}M)0jLQ>Cw9P9?77O!dhvBKsY%U%KohDd{;;$iTwl?e9+=bsiQW4$O$$t!Kn{m%Avm6pc=v z{bjL9$N#3vQX?^O<`InyQeGD6< znB%L&dF1uez{oU_E%N7GXkQbqCzoP+aQ5=yt(w3c0&|iioGi{He2vTEvsnxskYrUV0jptr3D7M`((PNdNSsCRKL@b91}8_~n1D(AbV70X7nr1N4PD7D6)daa zaL9>Jqg;NjM#T^4PyZd{bvf%k_`_M7DV8fN+fQlVqs!9Bd`%<3*V(Qc>)dT%s0Bpo zTcd}vW+n+`#ko1dl5|smSi-Y01C`kYx9c-2pj){7<42csPc-=7_m5W+2$mM61jaR?+Ljh`8#ugSXUWiE4mo$QCd2q0_Fs34;WW!8Ak z?#|B1dX~xZE23%+qxFnLq#o3cP|;A5kdT0q7!m?-$nQUY67pN>>xDVt^<=Q+fbQq= z0e@r|dcMCPrW$NgAsW*c6!-ZJRwt$k%ISDzE){btH~+wPsK{l0OF)}j)G|J&{~lfD z(GpTlR6uB3c8%txcda*-y`5?fcjoYMylgd10?BtgbbdtK_n`10r_H$+HI4aZ$1L|SBs6{gf zlQeI*^roRro^QPN^6rt(U_O){@cd|M;=f>tOkI^%_Z0n`FGW5IOzH)kIxvuwlX#2U zem{zgC`V%4?LN>TOpakIvKwEo+B1FYxb+w z*SL1=(?kC^AD%jOK@1MCoau=PqudR^M&S!O?+Y|Zn!1w&VAQVD0|Pj&Y;5uY;=Xa? z`%E=;k!<(wF1$PfB%+q)=A_irxL3~08}*HiZP|@a;AuRUGyT^ZK{UVCeL|h!^r)r= z_px`ckDV-C(u?c;ch`0h)rLM4Q)ha|G-uW{RpgO(6lxX(-3Xj7I4nU?;BK3io<6kYDjwR=O{^ar z<}XZDJ$P!8%)gzo5P~fH$uD&UUAt= zrr#`W9mse``v$z}uA+*0f6OFLr5Pk$NmYkdDXdc8uIyZv{B~DV%g;~$2q?^9>PB&QkS0@ zGB>fyG05yPJ;2WS86C?L#rjO!&QhZWmY+HxFdCbRb-3a*L^t_kZIC$z9q35gdK@;h{Jhr z#HZyc@oW80t4MOZUxZoduowC@OH9ES*Kb-MoToIMQ?Wq$!!JaQ6Ba^SZI$4_LhmbvH5Os*Z4p)m}+sEG@N?0)wk+_F8P|gD501SXjMTIW= zu)WE4yqBA?Kx@xUVq`EsD#wx5&?onPOb=jKIDaW?_DALn8K&U2f=)wari3Vb`0x*K zANT(YEhMEPJpQd1^zbL(Rv0!psuOHUNl9Mb?Y{>b59R#9X;nm_!q1N0v;QkY1ggDE zLirw~75o`CkNbpQ)pl&;pxqu0KRTB8{;AVtT3QJx7-2E#VWlB#3A0mX-uP+&6Xxt( z3J;Q>-!5Qkz1^OLBbwGbss8 zX2}dh7%&6W8F7HAYv-QOqQVOxk~sSV5^j?df|a!pi0T;I_Nm5<4dSD&QkT?_L28d6 zY+~lxA7(QCQ5=iB)yU~&1|b9*_A8_7*Q6&^b}Is(oMjJo&%hDwU-A?7`5^hLgz zJcvJzSR|C|x=o+J!38H^!Ac7D^M`}NIMQVN0t0g-)e_!%oePo6GQz@Fd>f5DMLAI1 zKL-Z^e2OMSzYsb%v}BU|-r;o~_;NjpI*NmA<#GSeetLBkP&ptk?C z1(j=&x;}jOwD)MMUR#V`QYc$DKxU+xBv*gvTu>{TUupo-ILnL z&YQbCv+zk#u1??p<>UBxqWmQp2E{kobBTV(OzbX^YUbv2VNZcZoqy^CkR&FkF{3`5 z{Vj>K5Z)gP;5v6H!=QQV=(rWEn_-S=yQ!BYuHlG85$!@O$|v{hP6w2Jm&2B$;BSCA zKtnL01=vW~00H;R6LT7@t7+WgxWk9p{}=_WXUw0v&dw9?@?%qO)0(uGYZDl0hs02f z=4kBo{k`tt+G|<`oCK&}r+atF$S=O6Bqei2uU*kIcXeHTssQIzOScxgQkeLj@y7bP z>Ensf(LzZNeL!1<$HF3LG+V)ix{I@X)oN6gq-YL#Md0_xGm7LgFF%pr-6gCwBb9>L z$$zPoA~$YJYHufybq;-|V#D=<9Xotxi$y;EgG+bSwq>N- z8C2#Azs}Fk56nPNrF7;C)IqkkrSnF6s0xV4&u?ksjArkgu;0;@9urxpU>B;|{LgR^tww z-a{*WKz9YS!$U$yOsq-SR6o5P0{af9Zu_Xl8%@1&8e&vlUf$YUE=QUqo=gA1MW21) z?=)xwycPf_llfWWdD0}U)!fQZ>yymCN>8VDJU6W7_Cgr-K^$q9e14>s$BJ^ID%)Ip)FUZ!JpRItmBADW$S)}O8ClFyOX`1% zir5G9v$8B8g%A=V?N$%BqM|}eHa)%EAzpa6ko=axm^>|t3-MqsyV0p(Mk~_QScWJ~ zWs&SmkDbTC3PT}^4(Joy?DiIEcB1RBFyY&NEx1@H>b)zd72T~ujK)|~nd=N_@^Kj# zRt)BIvcF11T0CMcBDRpYipljfOxpb>fP7lSjeLhCSY}RbFy$^iK_5k5mb^v5tuD}k zDEr*OlF-8ZQte%g!RCjj?QbkB8OqLIc6L$_LA6n;TvklGXr$m9@baaA2zKXnuS(FO zxx{-eH3c%W;7*WboJ8DKDTHAO`1-f!)7* zf`k20^D|vy=$Zo3%>@b9_Zd67&d+|px}=$yg=;%C_-xMO^DAbQWLN*V%!Mfox)!3?+lN zLH_9)jtbM@0zAqOj!fC)7W}ItjM=0HCx`bB4qVSMRzfYzCgP_&8JU^5Oue8^2CbZP zLuJ<+mp(N$1sn-1enZ`xgm13=Us`2h!Di3~MC8Ux|K^;%|CgM77Q_3IS^cl(DaD04 zOgD+33hdz&HI{x-=6mfe-ZS@a=RS`NWdh`-&=zl+jeV3Yvha-2kdV1{4Mv=yc{y%C zMpJ9S>x!^&Eb_x_8WUu&(#ko`8RO>k68?Sqdj-pUaPU0{tAd_?-Pd<)8*w}eg7^3k zyhb5WD0BQ%^l^OcZ-I)yR1Bs_+8YbUWkZ9=^R9x@5Y(Mz(~X5IqA0;1lchu7hrmki z#Ne_kDJy%s25I%VM;tvAh;64+qjR~fR>bTE##3C%pnPe8WDSL{EP)M7do%gD30(}j zr-=*atuS!uHlE8)6VGWl*rHO%>xVym9fpcZQ6T2Mm!#w#B+RC$J4}XJ-dCkPVc=_4U}R9uhs9 zx#LVyt{clG2Zx76;x5rhJ))QuP^>J|!T12K{E>t#fT};w9?1t2_0HG4h;Ae4-nKes zDB4~LFAqa!s^P)ez^}rWyeOs}5qj zoTNzCy*KKqM$gHP+|A+)hlF_*(dln~#9KK05!9<~bJybH)axOxqq)tn>QCn?E_2;* zooUDjlfhs`Ku4g{Ty@gB7a;vrfHU(0`%ADvTkQ;{(+n+RQ*GZqa?vZQ(KXm~WE%|$ z6izAAW!pGZwRl%Qiv&IctI7*;`f7h{D# zQiq<4TFSKQ5*Zh?!E}~67h54Jfs8(xtBvk)CV}_TzL{iU92pR#aTi?LjZ5uM}3(tl&QJL>V{$Czf=V~4K^VB8e{e(t!`t@J0uwWuJSb&K}C*cC=vFUmvQ;{7+y7@4Xy-Rha14a^H_ zh{!JY1%ZGB@rX)SaN%BPa_eEchrNA$zo`&2;`nWYfjib`1+{bQC0Re_NhyB*Auq0b z@x0v!=j{oN(0Q6rVx7q(T^v0hWS6L8E5N;dAh|4T7Cus7bX;uLSM-SMZE(@2Qt#-L z=(u>EQ(wtH#bpkXJ$!1?NIkrVn3N55-_KeH!_IM#qP%yq4bIE2%?V#Gui>$=@_iM+ zWFV&*r2tB$*L4>sGqY?!fgv|N2hY#jcXBc^J)0Q4Pusm5Q%&ylNkQY|;|@*EQCV48 zz`kD0Z35Oy$Y+!kZ3Zsr=DU*gxLSGG+TH*p2%Nnx_7I+r2L~hk?P3HQK)QN@<_*=l ziR#%QSn1A~RecVluQ0>xHweFwS%Iq$&?`vD`0FmW*4Nity{5R^1veqS4u?qLfg2i| zEtnhxv^S{e3m-nX{3CbQv9PcJ`U{R9AD=7pRo=pdv%jc{#7(J^S;?~Vka}TkA<$F< z{{_>wOrL@swhM8!mBy~e8i`|4150m+r=u_|bFn;z4F7?%09GiprU8#Gz+7fe$k&mR z&Nj;*S|s*Y_?!)0egFk%*~^#rAmIU#s}7ewBGjvR@(L)GfFb(?(7Nw@J#LB!C+9Li zjc`Re+NX2#`46J1u@Bi-}%7BxpO>=F0vQq5DI+RfKZz$MN;&O6%65ykq zo}GzZ>qJJRX)*_HhExd{XTLW@Nz6`M)xBJYBa;_;Scxk0z>4a#&+?HMEa(5_CKLJ^ zQR$C*uJ%CEhxdu~cogXf>AdrX%@mv+~I!tJ_zT+(9xbnI_S^BLh} zZmpaytydblGzPBDXvsvEJ0as{wQ7{wXTEB3qHhdkyG9ZZqPf-daEo~;VhBI`Vpo85+hJ6I;VUh%F%FAKtRJ4?sN@32TiaEfO~#vOO1$@U82^?$xp0xM@uF>!1<`ls7}! z4ZJMOvJ8f_&dCTw{yD;b_P~b<+qP7^dgWk|1&o6dOu++H_3mcDb>OVzZY%=+nb06U z2>d{o`v{!?Odj$q*bNTQq%Hv<$j8SAPA<^J0e{tgD8)!OQG~2ggAc@y zoZo-)R5^ydV}0FyZ~=y2u(-hz>lTZJ3k7K^NT`Bh=bHTS%cA=DFK~Pa6Coi^L_pBJ z{+aSrrFIM2^cVP6O|YEYS{{^?L>;YnpJYY5M+lG6C3^I;Jj#;w8Iu(GNWz;#Z|l=! zp0r-C{6R@NhO~-fVBS3zOjg8S9uoMRd2B1oWS{vvjsLjN0IDs<=pZo&JPZx+g-0}+2`jELK z8L0xo>^qchdwZW@9tPZmMgUfeZnn^rM^Tp%Oy{}cTH4b{e}zx|_U%7F7QvwFtgRjS z^hueIZ}8o_r_i8PR1k3glyC5neD@qlDkMs!7Y-Bl0GmDD1#=yCrnm3}fa(oGAOO4| z?m{{;J~npi=&s(;vFVSxh5Lgx!NI>EXweRkI*_n%Giz#Up!r#X%(lcPMDKyiYj>t? zdDgeLbs+?WhgZQ?4|)9h`ue)MD=_#30Qs#gFSQ7e@GwQ*uA6esZ7*IxK2B6tb{-x+ zm=X!`eXU!!o)Fs(JpC(3|fq$+7wHPp3Z((o%TzELwAWa0f z1kPNTR|0qhXC-_C+`!oT5rO$LBx2=v-{!Sw^T{s*NVxU&E3qSgnhvbT48mO)S#k;& z3$o9=E!eeQD7pc`Il8Ot_r2^axr}=(2<}XHxYExuSPxKhq1cf@&v_$;FFCnlfMLd^ z^8=e=VrU3FWmOy<~4F>I`!3#4W+Q zi{Z<|9&XY2;tH;w?(=~ygR_?~88Sk8!&1RoFy!ZOEJugxHMXMzxi0~MY z+mqvC8+-dNkU@YNK^Y1%IL#=DV&Fh@aA04bkY-ISx&PZ1$oxGev->Hx>}rX1J0_(L z3knUZ;CR#|CmDMn_!fVI}zDm@$u#^k$nR++krivGdD zi+MGWW@v6}gCu91lmBH99lOqcf4mramb(FiW&&UWCj2<@io7LMFZQ?prf=|b<7#uJa zVWFcs&a0l#;X-bfTJa+JeH+5%U}`5&U4k(LFp)tI)wck2fD`G9+70RNCVK@BH*x-{ ztHzWGKpUsZQo8S68(G1SUiw%5`hPyGwIRyg>Z&RYS>mRT$QD#BJm8|DdtbU# zvjGc?n~9#~bunK%6_gB+ef;d%jF)sVDzF#KcEBL8$fLbaY!oVyuq{9?B^;jNB7Abv zqptJ+y1;VqcXcg;+^%csF|b(p#8iGCTH+e3GBzWp;o7C7qP_ZKE|NFtFHz}4{b4*akGo^qGm4pD$B3p-F^A_?l~Hw;n` zwrfqKmyPo)hA3F(S6tn1ddA22D1FBb0w;h{Z31iP@T)2Oyy-|X{2ZWQ7dwcSL>H@ox zNLCR5p(Efh-2Bd=hrLkfmY1F3B-y*`Uq00isT+9WM%Kf~r`eSsLaliXoM=e2?SB6b zK~GG{RcmXQ!JT)J2kb7J!I#@GO{eqIQiVVroD9G!gS*6(Fb8R17|bv}{*~**xpI?2 zyDHfC$`&ofYbewWA)*PN3w#_neE|vONIh7N@IS(Zj?IXIAApna1cZgc1D?!VLBPUm zXyBECN-ZMF!_}bJe)kPnfFAo4K&9|3hM4w_?#lU>iPE-5~OIO#aj)H`^^ z5*hr=*DCE7He`yFa_i{PtFk1>jmaSvl`|8QC*?9J{~WOPZ!Cp#g5*qC_ypna{MsPyq;n84&1_V4dkNG*e?2oYp6WxUzNo<)F2LE(&uXY+T_E!vx`DXlA6VaT?$5J%7Rn=HML|R<+#6D(;MX`LO}|n9r8R1f?mN~DEJ2Ca=PZC2ADrW4P{_37DKJF1v9YVP`znQ z2745&-?*7@Se~Gi?m;#lfO`n4g7BedAS)wtADSL82wy%5P1SY-V!fY~HC20Js}6+3 zqNRPU75`{3ioJJcYhm4Ckz5_lLDgJ-%9Hr#GNq?_|C6FrF9(=c3aYW|ezH3)Vu_6x zwp%Z&C2nI~yfdqPRreJg&sFjjPs!_=!9n9(p59}KuEp2)Zo{k$fUV#%FP}m-$R2EA zh)#pX1Px^#nT>q$vg!Yx-Q{lB!9>Nx@@DUqB3)egT;uFpU}Ox~Vb(+DvV1P+lOV#t_BD#zLHS=ja6dV#prBdjT%PxG+e86?MEDH{p6bHZnT8 zGr;7u3;z%omldcC)Ay7xa=>!De}7Rz!jz}~%cZ$SCbi#PK{l|J7D8a)TV8Yl+vp%)o$ z2qN>iBpDj$JjS`rLkc6TN>o+lL;Pm2RVOAD?n|Ela?5k=j;i=k*TTL+G3VcaWRbpP-qA;hB zd3NjwBD_U-BlBCB+*-6`;b=}xmW=8)k+e`xa}2FeAxUt4irXaJ0XNlbD6Q`r2ATFO zx6|-GO$~9)@A5ZDy9W0+Cf&mB8`aiKSLms%^e9()p8h;QRaK^JvDqemd5q8g)g!HL z!Gl%7om;1))*#L{|2-o3HV02m{46`UY*Atz1g)CWaR)7w?9-6&ys^i zOL8^gCmjW|#2SOlJ%p>IS)B%pl1I{&xKL9GcnK`ivj^w@0GEK-E5J*GZV3-Yj9KQx zhxb6AU3yF_BE3i`B$M^JqEceg(jK+}c$tj^fHzPaiL-%z0;`?k4-t$e;p5{okD^V$ z_h8Y1z%&#iR~sGVq5py)&f$+Qmt9@pTVhUcieO}2Zm#yTOH*mf&qmx&Krf-bq=0}^ z5ma+JI_O(muU~%;kuEc{%)GomFm_Q!PA<4&xvp0f+5iZvFT!947&1bWD@t}z(Y1Jt zx!ZD}0!nL~&y$*<$Az^GIui8l`d9*s9oQxH4GaK1KK)+u(G?^(_<3wrmQFgy_a8r? z?SX;@=9EE&$|?H_$Xm>tb1M|2Pdz>P9R7a&_U+00Z*VWRvMLQRtMx15j=`S9_7dzW7U{{mJv ztWfH#d$4`L69SX_AVw6Sa|5=v2V|2)^e>6u(oLS`7;B!FmZ+N{NZ-3D|GZ3<{qm5P zfpsdo2XFOWW5ms_OsQV?mUrU?i!Fs<7}-p@wMw>e_g>2Ea&ddwwPe=&r(S_2}=Q;a0 zZp9_7kE$<~5}~i13iy1ccW4d3Y>waTlvKBD82)5p_{nu(L2i7thdJgZ9^TR|YAh1C z4H3Ap5*L$UAmqQcntHs0`7L6$6YHf7Tt6q(mWPlz?NzU~N}9_Oa%J-F0(@jsKe6*l1KvT|%0k#B8WIEgee-`; z>Le3xDPGZ@#Th0KF$}mH`Ib=om%X(_OHvE$#UGUR;)yhYJ_|5Ys?ihhb(i^%!BV4= z_FtTQ3LX2XnkMANx;%V(d3K@(O1w@2MtM%Ovk4H$G^bfr-Z9TiU&H*d{M-TqovftY z+Q>K2h&9VDvwE)?aq_hr%%;r3xb3dg2&xvkt#qA-v>B|@E0$$r)J2|AGjcKLu+sgeiO-_H z;aKC^PTqMf#GOd$Rf$dIX*}?{v3?R`_YP+Hy5(jyauS217W2F|gHp&^e`9)$E|)Px zhjP5474fTD44&OVA8z4T%zi6E29=KM?(uv*Ng?56b%>)2WH9sPXmC^*4A^}PPgy-Wy*qs3TLpo;7V=b%d;b_|A{gAI;>2me|BW z8q$IBf#N3x->A}{iM?7HUtZ25qIW4gxeTU!so#-Esngh0YUbfi@g5p*bW2Gj9pc;< z+EJvT?PI9oP4mK=!?7If%#>RcY<%BpF`HkS^Kh1i+7`voI5Pi{K%r)!q@OsvYAMe$ z0m0xudONB9S8Yk6xf*vd-=fSYQ(XOAbHoRwwH%bQd=eIZ#^M^qp{Cv=4@B_XL~~4; zmXoAQKNsF{abH#$KNYd3sAZ9G;8~^RfVDf9yGef!mO3R%FI?}JbFy$&lKo|t*tf0) z?db!>$@s~2UY-#ymw7VlW_|gBa37XZ3D=E#{|USoSsrirHkR8;zKG$LHC+K(Fy7S< z`CjPZu=>4G!9%QecS#W*&cJvR?-0nu_TdXNs7N%W;dv{K*2BEx&t#J zMM5BKYe2H3a{6ZPJah83@$rM**SCup(FdxIQtv!-DVtt$HVG$UgY7cfIin*J6BD+_ ztFNma_Wv^e;bz?*P@HdkcJ~TNadLGj36UBN;Rtw8i6p|_F27Wyx>R>$j_#QpDN#Es zy{`VZ@P1cG`O{nuOw8$2B$7z%ImaulOm=^sOso;}mwmNS(@F5#-J2O5N zSj?d0dNR3V|IgI8Dx)hOzl_~g>8|F^`rR;Pi&LdB`-6d6&Y`AQs?}Y6T&A=W^P43a z+J9ZPdhI^Xl3WVeEiD`g&~sP`aUmLR(5?D&@ooW_uLLO!fiwt5JHpWT@XzxY7Af{~ z!Oi3~n+^{{MDu^T1Rqgf2jU2Ch|(WiCKHWnqyJN9r0DBI!!79WOxWNc&_Q>$tduz+ zeD63baQNl?Xxu4}dv2>}kKjl(y?GOdZN|fx4F*=9`)uFTtF$Z%RGQ?7rDaW8b_|ry~KICF#oKht(|(i&ORD1zx;WnC*CEPC82bAK zF<*l#O$_s?Sj@Hq`o&1ytCs1}#W91}tW>FfJew{mHDZBD22|!dQYG)1+Mt+ChNzN{ zj(91rnDWxPQ#E5Z)XT26WnyED>&6LsKhJHq-Tun@PGGWu8pBG%{vFvUa+8=okLi+i zk2QkS$#qzbgzjMPBjXYRPnUQjG|MT9L1+E-YP6}%spU+yoW0pE;+c2B*KUJp0nO_c zjP3ID+ytx?2qdsa`n|1Tz)^KkkUltx$HoPazI_XGIPP3mcaNnYo|S$O1+S%CJs~rR zRnuX7AVcnUqlUbl`%>*=wd~2SR3U{{l+&U*&LU!QqtShjZw!xP{dptfN)oqL8D*CQ zst1YGsrf%QJ}BN~%`zcEb7$#m5NC(?FdiXpM4vV^Hb#7Xbh{DW?O`eq^8NYyi#Ibt zb9^y;k)0prkXbj_K?MX(41d{0BV2NRT1^oofacyY)Ff_8aw*qkl;D|m;zR9F(dpdE z?G6&VMmeWn>>6h86ey}YL&MyWMv<6NsBw*OY5(xa!RM|=Thgg z1TD4irU;8!3+lAYzA?$}e_15>Wl=JvEFsI|ejXfVRDU&Bo-YgYWPfv#>8WCnu+l`? zC_3Vm{!KDBsi>a5ZPDAT!TUY;K{uMuJcH&S=8$~I!hv6$frT2E<};T{yOl)^*G47z zC{;~+v1J_Ao2(0KVVsXFGnalDRZlW_D$YE^p46 z`X2Gl%aJqPehO)sx-~x5P5x-Chb?HC8&Vzi&wVa{!bZF2KHwTbHEyJ<3mu5pY)z&E zjxxNC2=sLH&QX#kV*2c=IZA}+@6lbk3)tD#H&*}*K^ zPt@+9rIBk%5z7f2SK2sp^Jw_CEbL}~D~U@^4kQ_m)53`(Qq^Te)HS#gW0eDZ zD*jnz$xIC&5U zHCoJV!IV$p#73U_CR4daPc{iyT7B7YVw0^cxJ+cN5r3M&6?MS$m#&hOzE4e!)=JEZ zzRu7&C5k(tv$l|A_U<#;5l{0>z8?K)M@thc%lAjU+);}STZY97%TelhHR-u4gMzqC z%YG`g>>}0Vw3OZmRk{1>TK3Nq*(vVO*yxo`W#Gx;gwFp?bEo^pPp;8;nWR7chYq&!%Uw)9;P4caI#UKyiF6;c4%l6tX8H6kH&)(NqYv{$P!5p27 zS7(liyZ||YPetVotT*6etQ!zaOppN>gO;6qcg&wc>+XhAa$Ga)apx{1>?|gy^sPHX z4J;{-{EE2xZ%6kpU&Td@3yhE)QqO8G54+Wa zYu;g-FSuI{Nzw(ZajC{>mqRxWMW2z^CBZ1A`ylGVG7G+zm)?8p+8+>AK}m*yz;Cb! zUV{6Jlq9^96%~4=>DA$4hyp2IVOT29xw|K2={c*wDZz}T@GhP}vFn+xy-cO0wAORF zsvEFryvQ=iPck1pRdB1&l%JLNpU+#sd8auP$POS7Ddhs|*#6Dg}ZF^>38 zjLFc!&Q}0Ailep86b!dFB^m~g)G|m2to)zMHf+X z5Xo}on60d>A=VcFQ>`yzDB$G(JSD*O;EiC5Bsi@MOj4(C{Yj2ri04r@hr@czSsrP7 zeL0cl5-hO4;?4FX4?H*>$Utd;X;O+PQS`DV;En@=0*e*F03T z((7!un{#)xb3NiT9>Z9QkOxz4o-Z&@SrO;slCmxz9LtgkZxbqT=)PR7S9F|Lc60qG zyXG8~E<~AR@%G358|405-X+gIS>lh12=+&Q+^d?;XYXilMgJ1fRdh@es{TyX8qC7E^m~fflJ`s@GVxY z65j5#bH*!FxwVCr5e1x?Uqq}Wv@99f=r**%9C+$n|5JC@)TqgQQRlCjXq3eL_s8%v zcroh?9b4JepmR>_RRmCRw5nsOXBOuAT1p=1By0!0!BZ0C7i<;ZJ#&8jH1ALv0vC#Z zo&UlFK-+P3Im z8Kg6)Sn8Y>%DeHZK6UeHNm@nX@D$g@tjCoJ^Q6UOh0ZaNM>BCxFMx6pE}ER=FHACI z(?n}i*nKynO|sO+kz3q}dPr++oGEzL6rtJK5l~%Be)~Q)FP?7=j$7Fl;~0yOc?%A& zbripZj;?)k8LIan(fhw=9}Pd5%?{r9ulFV!RqxeR zakPIns*kRq?2(KPpzG0luxdu~w>=+BmH|X!-aG3$aJv^GPX!KjL)xC`-|Loy5&< z5rP`5KK-@ffU69Pj*bs?tA4T?B(o;JMyE~c;Vpiq7p^xfn*1=U*nF>!V>j(Dy?IQx zh4P2Svlmf>H}U^I%KD=AKV6#BL$j*Vxs*#%NgiQ%ph50q1#ikA$eji{%#l z3Ze+^AGAVq7MSCJm)JoML*boekN4h%>b^F<&>M z63wmPRByo`FOgxb?!-i3+ux4ra&`UWMdv;kNK`u@v&bjeX+^|UbC-_`;R&)Q<{0vi zp9p%@bQg&KJu(i9MQD1M37by86{$-q2pM(HVvQJfuKaL`OYCi|l@|6CpTYc{%mFz` z1))^iPkMB~V^TVn>TkL?tYYdWqAhirDWXIQk-hVRBzU#gS z^w+~A8QuJA_=^B5>xQPc*_nr1r3S-k1Eu`ex-n)#@q5T*Z=YuJK$EzpB#uzZA=YPa z)qW*93EE$|BKB@GV3{?>Zn@&x5nd|(^yEQ8Y8dmX99>HDYw{y#Xl55ldsri5b1m)D zZf7=fu7!QWW$)AIMAOOJG~k>cD#ptbzOuY zGRq}8m?hxx9I0K_*J~6|V!utmzp9_Gq7^!(YQIcz52_zGD@;&?iS0%|J{*FpJBq_VB)zDJf$qUQ25atou%;&uKv-e1brgr^Ohr7A_T zin&wy9-xmVz1(=cD(A>zYqz}|9o!Bs>yaY@vzzqJ+QoT(GqUCABkjJ2ZOi6+2sRMd zp+9g49SDZxYI_J0@>uBNCTV7>(v%K5$yj#8zqsPWi$n$-UJKKZ^W?tn>-t{b?|FXC z&j|8>C4kV_2WL9df=;f3RXlu41($z+CWmIx<3ptY{U?wvA^!YR*pD+bgjQPVI^*u& zHVmf;WaS~}>1gd#=9?`GV$y9+WE?IF4I?wHAH4Fmt~pgW;>(>p_WjlVrWbkiXw>V2 zSA~2;<2yQBJT;c1dq$@1%v3FH@@xj)!y4K$UwaR45XP|^VJ34TM_!J)!X=zYZ3CAQ zJtrnvgM)*Rs)H-}4V@@R5g!HbGu zn9d0c5jeBJanKp#E-*cr{>fOoHnqw8Opu|c34F9j@jlj@>GX|A!nETy!x^RtOFw}$ z##@#8Yzg61w2rkGHdgL#8)_nw1TnKZ>%E@T%@@_(&K9E=z{O0DFcVu$FbdMRFgH{H zi9UpAv4A=_kNv_>0MS5v<;*a;7F;|OJf8SYs8_I@neR5KZPmnCMpz2ufj0XYp1zx# zFsJw-k$gW_;YR=R;|>2kiQ73R-SqF-QE*)8Q0!o1E!J8pxK!oUeM(>``)_P|iLbF` zV?@E;^yjLjrca}|Nt-N|sqf6a+%22Vea>_Lb=6v}f&KlrRhL6l8tFLbwYgSMv#VKMx5OlW72P4btflEU&uG#Z8F zei68%^y!qjL%a5gK8{$FRqCx2E9T{)B)|!L!vhO!l{0p@2pyww9 z{$XzC=HDXJo{i&5?VhTOQ^^`N`?6n{eO`z^BB-2OY&630R`uYCU%DMyZL_D2%W0h! zxHWurQ`4-?ayN6Ar4^5?U`h%r6(gg<0_muunDE#A&-NOW>}AgO>=14#DMo_nB$~Mm#I=F~BKi8%+3z`Ts>7vTSJC%p5*fHU@dqgAxpVmm0QT@;)X6jgvClPo(ni}x>#rt^wLBo*rNcNMK$PO)xv^O%P5?PQ(BZUvts&^Y0LyZx4zHF96ec>Av3 zp?tk`)Gq%>e(chsIvlt3dScs6ESBGERz&osW#B6_Q5jC1A(e+0#tRq(?z5DhiyO&x zki6htz(b>35ib%eH0$z!%2&_%Y>J-n;_K%&XCGyIN#nmt1x3pTYvq&}TK z{T!eqJTu^Wi(&mmkYQkj^#HUpYOkN+u*v?1y~=Z-fYJszc@Vq)0euDOZv+A+!N;GU zfBpKI=ZEF*bxTB~4t!=okyE-HA(7O785Ar>)kso5hvdqg)0eH}J2IDU!5&)`?kBLN z(C~ahT52f3IdJ+0X!pEe8DO%EcZTQ)KmUwcZQPMbJ3s%rDDx zleaV=1R{#suj4Xd^htI5MhipnzJbw$VcgrzYZtp+oqLpBy@s6=L>V}|@?Tn&2+2Mc zk4#< zQKq$GDPXI0xmhmppzG(|#ZwpGv>0hKE`Rn8+bPKE$1}}X*gbVx$=V>~>|R583*iSX zT&&)I&8YS>vXe^X^=k9j>k4G0f1Ix+TQ_q&k=fYZS63Sor?_GCx&`|%Nn#Cs| zqd48nmU2p?YylAupOF`?`Sjwq<1~`G&zjwb_L1;E>|H)o+Z9A9N(g2+yAkI?LEuk2 zwJ@ciY|Bh_Jrtjmam$_}r6M_-zy}8jB+S}8^p9ih!)>oD74X|i7l4(0lVj)@|DC`F2^Q5v8 z9D;3Fq-;)dZI6c$=9=F>u=rXva(=SqA@+0PoHSD=GOg;(Yo)b8i%>-NKKB}VU-b-4C0vSr>dGVV(HW?_A1^d1TxbII4WA zJB=~`q*q>~91eo21-=C6HQLs7-2q8$bjJi@?}29<96SK;e5`#! zF~*y~yy-k8wsVYX20ueagRMe9En)8NojY6CR5o+*uWQPK2f_^Ref#IV%Yp|6uF~5K z1%Pta%|-<}llNdTJw0r5kf6z{mi}E=hvI@M%Rpy$vN@yi&`~W4t=2(Sx9fB}zj|w0 z+Szrw-Sqd;^ml(*Abq;>p+zG_>Jy*7ll+e?DeT8;0y3VTwwAuBCrfqXh~EJZ|Ab8` zu@1j1|I4LxpEDPae%CZmPFgZw=|} z(|12{w%vF1JLxw8%Ld+mR3;FR*i080GsbTA zd%n{0jz#CU7n8z`m(;>V%~SW8(#q%;U-D~QG97CXE8je!FU}~e zUOyWV_DIo5dtW$#st7#658NwuQGO2TT^`h)HV=4~);6~pqM z);+Zn+ktyZhPbTKbJp&DIZ&JmXwdv5o{GXX3~0Fi`rwu za|-gA8h`HE=<`tc`*4###JZ^2f;80F>PBYf<+nx(zN_cpwgy`7QqEz2pSIpvKxC3Y z6H&5`z`BDTwaF*E@}LgJ&1eFwy#)57|LQ#Kjp3p6h8R6zZGHbjHlYesNJPdp{Ai~B zpTWQHJ&)oybd8~WoskSQ7RL;Gsc3nRg(s%l$!!_jIqhjoX2jN}59VahR0ln8S5FTI zGMJm-v)_l>$R+_f4@Di=Ie{D8+M-@^LYHi+R92x6Jiyh>{B-{=Gv#9j}wKh z;4z2|P`ZEp4bC^E<(~WO-UZ(fE71^)zy`WKIZK^i6SosdNc%-tPkD?|eU|37zvQKu zV)RA-az4qn*l+$!aqT%Oc7-gl44&}|WX{LcESy_Otcud7c7!wdSy&Vp4>Gw67{+AL zKUBSbkK4dC>#c5czNfc~Oq6N_w;hRCh3XR$`l`JBjPIVthQ;P~=#AU7ALQ)NX_eYA z{keZztA$tQW6QP8{imreGSO)5u@kv0{%V#vi~Cup%^sgJ)*y=dZ~Qbjqikb*XHIi0 z4&Gz?#bqdB%R`#lzxa$nYuSS>{IWr#qj=_ym%b-5wGC%UwFRj5kDCtAb?T~yaGnm1 zitIQ@7A`8zspFf+{q1D3OWf14uA^<|Ep|Q~F1{2VBT3cD`#_I7b2a_<{r99S7FImM z*A>h7GtG@+QnOzCeMeS4%l}q@Y4D-Vl1@t$Px7b#7M{dCZU420hh@#D)LJ<7Ob-25 zRFJD3-YqO(E1p{98f3##VDsbSZ31iJZx+R_vYk{KksI=F!A~PxnAjZ#h~d-35h_<+FgA?fmc3T@vg;LmpX+Y>H!~mA{EP}v$wa3=U`aF zIZ!>(0M_(0Y^_NJWHWC=MkP|`3pIq}i=czfClDt$n6I;U?)GXc9 z@t*roS@`s!=!tn$GO7LRsAa6d_xGFD*Urc8IwR6eaxSJbnCK{3TFNAm{N~2&L7m6z zTcqxKo=a{=Y8=&GYH?aJ(Vfo=G~*FvW>SsM9kh^^Kb<{AMrZZbw$JypqHS&omCVhX z7o#*nP4_d?Mif0z7W`O+@rwl+I~rt;s0uVA1NsbSRXzIRt9(%qvf z9JYP#HRscuQoXkM;K(qi)e{PP?#E{8OkRbDD>7JYLs(Ot0uvsthV7}O3a;LQ7}0~g z+*9$O`JXSBuUw9%l^hOb+hZo;Ku|O=G-6}fZJs-=rs{jx^i$8>;%w;Xgp#)rVCJEjY}?DLiR;%%xkO`ei&1 zzJ6y%kkRlN7n<%1*9`Xr&6p$Vd?wTC8nO-GWnL%+7ym5oAa`% zmPN+Nb|m5dtlScaAbkVn%)L`==jHyj_{P}oSWqCFsb2m^&VJCIF!j%t{+Q?V=geMG z5-RzZIy%myXA0%SXCclAW|!BmaS=Fq5d>odf=%`0zh&u+Owd#n@B9p>qb{@0h{XXo zkUU>ma*TuaW=6(K>}H!D&{AZ}pN&u)1Tz{%R?6y^l2`T=>GK`viS>DBMF@Nt?1#mQM_ui<(c>en-LF_L~yi zOs5O|T2(4f^)+ugUS!jG56_NTsAqWS{j3KbE8aSf+2W=*`abc@Cebb4&+pPzXBu-& z&tS`T5ai(r@B6FJnxsM`_uo^~B#v-H|E|vE$LzfD292uzYu#7LF{fx%6uH_w#d9p9 z)Olzf^`s5j>7YZxqr&J#`ixzt1_Nrhd+R+QLYgM$I)_1@%(d#{t}!! zpG@1h#f_h|)81h=e_^xE)JpHDu=boHtmfA_sGFVJ|T8E0mCpP`c6Ca6F< z<0(&sUQEQ3NHc_fI5|nu>uGj!C^+tm_m!9LjK2J_N}`F(!sHzx-_4{pW?3WVx~zyx z6U70=H#$2loDCDjob0!DT)5Xr;1}MXRbiuL$Vd`R$AkKchi9UtZqu1WS0Gq1#d}v| zfzY}a4S@L1qM6q6ac8fS+<)bH*DZ(VA`02vr5*n4-HJ7Q1Bz44vHbc~Qy*eZ1{t#I zP}OZch%QOqEMgVe-Mnlf+A|xoxt}T;O2Za+dc!w07wYpzYf|Y(V+8l{3JyoB9`AfS z;gk8|A%=GrPi1e1=`dGX!@5A1f#- zQh;eEEQipN@k$IFVKY9^RWPmPDADb@#Y@Jacu`;dFj~^vM*P}1rpj|(hT#f z?tkjPD6e{MZ@kGhoxQFwhKqRwXcJD84nw$zZ?GPNUchza7iOyv^YpN@d)Ln0#|uf< zPn_~X0pD%k#!7Q#Z9d?gl?{DAvaFy(3iO}X8dHkL34DyEm5FT`iLV%ue=*bUV+mWMuoxi?6P-Pd`=QkU-$@)!X<0fqvH!qLla*}u)nJyLEAG7-Y zmk(xR7^KfCnBGWFpqw3uHS8#7@ZyL1O+v(H1Kh2-4YZ&f4B6FwkS z%$1Yth>%2pscB^Czt z$$~ruK8nXsKfrSUl_-`^E!2Mk0`AcAU&4y0=_GMr*-iu`qiz!OE~9iQAa~R<6-w6IwSODnb1kv z+0~#J08GKD9Guwzv+M()sz5&j@2rs(Fy$m|%g5m%qceHxIC(nmOB9wy03>LDC!pnl zYX$HlT*@8b+{A&2lQW1W(7%PCe%hlj+Bl^I0?ZZ6I{?1}SV8Zc$fa^8V!W*Gdl%#v zy}dJ`U<^nEe%D+DK|uRYx%Tz_h{T;o-UcO$WcurI6os zc+(u9bVB)$dK-U0!F8Hxv=@)>fKrgO!mVb5o07zQG6?>5rSRkd*=A*8BCc%gRg0}& zupPrKB!bv13;p@+==fpO3-QrwZz${4#HE8)XTf67KBvVEFC8cy@CV>Fdd9}^(fI*+ z8$^Upa1M$PlSGk#$j?NDtNR4K>+B>YWb&tx8V*@19BJ(Ntuq_dNi($}%R}{M;nq>H2a894@K#gAuC-wv?;-+lEQAp8!5J=lWxlkAVDSrn;wcUWjQ?Sh?gcUn_9{ z_gOY`*^Nc#fswVlU+Y z4||5)4*#WQl?+B8S8}WR3;gQ3vMb=;6Qi=LFMI&pz#?%R8}2m7-P2EUOle?`+m^^V zlBY#2;*47&*Q=P1`WRYBt!-vLqf@Me4&NN)1^vNJDJCpjF1|2;na%dr-;EV8@a76{ zF0T*|lS@lZx5V`SX%6C$f%=p8IO^-WOWzfH5wqTR_$vpmsIc&5G;ZbH11XKM85ChH zMN=hRn8U(@?wv?`-O&dqa_~a_hd^obanMrlhoSvgrF;DHkXeb{rF6qPcx;*%!0d1W zM!39{ZeeUT=Q$-{Xg2k*dditKf@xX8WQhI+6!b9vCeg|R2!(g1x3AB+#%~&+kBMOP zy^l~^*`Ke`67&>jfL?iixMC7NIdEmM!n@($q15+cs|7oHD`b9?Mmz7RaNA)%vdKJR z^)b9sRKSYWa(tvz!aP4kx?T9|BCi3(7Cq?5#YAssuHRp%YsuR6-R+R7Wl@5)6!lD6j}D zURe_hNhc?qQpB8SPDP)_O@8934pZ+?mLPO z<4kEa8Z$gs9Hatrw{!6g1E8Q67PiGWlXw>5bYQH&dE$8SgS+~*mX;PGkdI%1)d24d zn}riXS_)Cv5g7X4y^1iKddEcn+90gpN0c<2YDehT+b{-%69X zL7=lHr0=Cz{~PmWk2iliIs5kR`qwXlqL)5I5NMj7oi9_c%6R9}8)yERp(WcvN}(${ ziaw%cPoQ_;Z$j=X9nIh;nSO!pM{<2mrhAUeG=$GL-4oo`^;@8Nclb6239T=4~TTF_77e}IU-q=L)J|Y|0pCXhr#e#bV8}yKb8>=FOja)7 zhGFgk#%WhHSzRTwAy@2 zivl25+4n45Tzw%oX1hUI?I3||#0xAA+&)VyD@f2*{LY{&@UEH8KoL{n%}Nyw^x3=a z+o3z8L@piNTTtmB1{pI;E0`4nea3oeH*YyJyk&8XUsd&v7YrdMZOi>mJYf#BctbZj z5v^oJu2w6xBoTUq*-uWoTZ58ZTf4*C&tx==uXjp>@NH+{zs4xVS<{69 zgoW@DCf|0t#N8MBB~DrJXRr-q?2WDmWdX;%y`^Q;@wQ~RXyODXUIKcwU`{W6{jTkQ zpSOLb%ZiK7Of*Ns-l7X6afE-N-($zL0+ljKY-+*#(me{OBQGu=D4?qjc;H{Y*^{hRLNF zA#Bvx3s(TL6LspSHNk(yXQEG#!>*4yFZ9pbyWeXU${MQ%-o7OkB*N9i=K+ccD#OuL z_~7F`XXWDhjEg|ujC(l>UImdb4j11k#*r#GKI}}qf>%TW%ns0!%N7pd_5q#DH7&+5 zNVFHjS=l>{qW<+n>cp#SnB`w1jD>DrO%RPsFf)B~mrzzSv;U$o`s15;iO>P!l|Y?| zi+zW&Kk8k;J%Q^fwUsVVsIkW&X!fybkCJ@L{m=LE+ehhxlJhD9Y|+6TP)%BO zn~TAd?9xx2_t>i)s+HWPUuXk$F~Ol zgV>&v&*o1WJmIe$Dv^$(Wuv!_hz&1L)_c?PYl*u&;hDSK2-(+L#k+(*e@W%lmrZK6 zI{&lkgGkHCaT$&ni98LCh>^gKrG8O{&W37Hv5_tZ?|I!e4(2s~tSB5R$8?7t*%S5h zWeZ>CcHvyIVk%FNXqpL*C16>)d0qkhaQVp&#s+jR824h?dc#)U^{+yb@ckt~!Fp+e z#HIebVf*Ur8=l+|%rd@%S2I$z8+R9tA4b-<)KLs1qt+wVC0MavL_XkT#s3NF*J7n7 zo_xed3&X*)-%(AU9D>v8EP_CWYy68=QScrolAy303jJa^CVF1Gy~UF!rp_l0Iv`#F z8m#!FBrZG)*2@czo+~;<9{lkc&NYdnL~;=f8wTE^c|(^HOe7vbe2>_0Fv=At=x5AH z>68=q$wXYuhvs;%^13R8huSYAVWtu+HoQ);#RUa!=%!?kBfjDWsIq5fiRri7Se^*} zJd*h8TDLq*_HbvhSCkF77RYS~J^llRKHhCTW7_E;fRpx@_(i^X{^w_kHM2rfQ?p#oy=i8T1V4M~cmoyMnf79jq zha8Wb$5Q#s%3`bhZYSfCn{!kqTv%96rfcf=i>I+Vq-i|kS4#VNp}tOy-z_q1hLhQj zikr`Jci`+(mr4J7Q<`6*MI_=Pr*0Zr=#nhRELf82aBKV>G_cyW!78^8dvZN`dknHP zD))X0AdbP3Udh1Xh}H1|y%3-Op5VzYpl+~Qd)?fu{?mR8D+GpXAa>N@wFY0nxyqA` zA-Nm$o>CxgShu&q?1Fs@po^8|WlV&{yN{rugwcf4*S5g4iN^qgWYV)s; zWE~4yc!Xwr^z!6&AO%24)({Qt>X%FG-R!H5;d9}RXIfl`gz3t^h}RMGFFx&yIzMk6#{# zJ-dsE<4JiUqF8quz3U6C+o^jdyhPXY$F=h%{=J8bK-mLOur(gJmrz_;xs2lefWrA4 zuMvE6;=YPgtR@)7nWzwB&!AGQ_F73bkeryc0vLk~xO&)7dVVQ=(hKp_BdWbJPcata zj71RRN;c?LrvXzTd+0Dd(T-5bJa+`(Alj=a1_oUPvadP*y|K@4q@>8WwovejN=Y@W z^d5cg`GI#0cIrTMUSi{$@F9+v#;Uxs-A>*Xe{hm6l8btDJ5f<%k?!|rTFul00;lhv zJWZA7hY^I|-QakSzq7)OQ=C3K9ac2GMKr$)rbS1!2UqLjnfW1h)VDM!)nW$tzh9KvdPUrsjA{L9wt3l zS=!v(+#1iyXa-Xe)Rht^m$fzHS*3_!78{4OXU?L&hKovr_h)5Z*w>$ZSHgVrsn=07 zVTdYld$12V<0d;ajZxFDLLwQTKOU4;tLw2y;TNF_dq-r{0wB-q1u%q^CxNO65|KF@ zn6`Y~6y#aN{a!CZ3(KdFq8z>o;}cMtfP=Lw{T`Krt8B;yD*TQEZOOiJ>7z8|!1sI< zIU+m+HjasF@A78Qv|>;$p|Hey_@s~JWV4JW?;or@ z{<3y&C@4SUwT5R`y$22b#TRu(S_h|^cegRdo_!UtyI3w*9Q&j!Iwlnh_aEfb zr^wjO(iPadJhYsYROM@}z`!%rz^fBOV@*|fspCvboEGZV6f#-Z*YxiyYp)bnW^yR| z!aVk%?gD4~gVNHe$X5tiPv^9Fbac$B-p{k1$y8p4T*fEVaVgQIGyLGjd40kkh16)v zp@Ji7vAb+*QhBGIjo#l+BE5$%vEYobCCLnM_9a9v1ByCv8V3;Hl|XD$80qt`5f8^9 z$4l_%nZ)p8zOmv9dW_@;mqS97-wSej4wZevCQIznA34;(H?g3y(ht=q4s&xS7FL!I zs?_&oyNPDOXqno5HA`Mi5Vyk2dSZjFug~BMDE2ap73p96nSaRO%*cpq_$FdlJPgxbBXwgmbZ5Y$qrVFFGiKLj8n5u{h)ztr03^k?>y-Xjn1-3$A93x4Nhe;qhF90>98X&v-STrE_r z631~}YMR9Ju(OjgN3u%@p!F|ekAvdG5J(Qp3L#-z1ZLOadkaAPF%Zk3w!TNPqB>IL zzCDgv!1;~SlPG`PI3Gwka8rM`JEk{6vX?%?8@=XHg(-fvaEz?j9cn!Midbpkn6s_1~5 zxxF6i?sCI4U%5|kMdwnv_pLSim`ey6iOE z6LpPD$c9bnT@~S$iDuMCleZ)Bd{HwrJENY7t536DKkvW`J0Qkdo@MO5CQ55eQVy|U zxj~|_e%w@NH(mtCB&lre``ar;WS}H|9IpCwPi>brHxt#`;)gT>d}#jw!@GBx;?cUG zLw6;BChl*%`b4m-z`vAK>~N)y-QKsfwl3)y@=iIqbiOk$hb+|TAE+#oM{Uzxa87_V z5c(Lodpw)ICz>M2s{4#x0GVvQ0k+(@_pqH)-eoFcdA65WdXZ3z!@9?$OCeu$-@5Af zzTNa_tA)!O_0-Ud04?gv9RDOs5q!AR#>$;xiH3BBgjI^4N>hrX728o9)`o-2#8Ncj%sqkNA zLE$R5OQ~4ZzzHP{1_&K2`_3wG~I(#1lN!84)3(vhT6|o?*OFCYA;Xx;Nd!3cz*u&T; zietaDdPae8WQf}}>qz*7V|s_}QNuMjQKha3r8`K#nos{X8F@hIb@uEWUY?*|i)Zbu z!3`psJHD74ED*lHod+og^tNb^0;?kjqN^or;DcsE>yDWqQPf=djqtS?Cwqi8EPlan zE19zE*YEs+bME1wope(m?eBQ!Wy5Tf;wF+rmH773HaY3b`VAYWjb>`8Qs;)TUx%n44)5+R(0w*}`xD=dkz}Q)*$4XN)XQV_3#Oj= z1N+mpwYD24IK&F>9x&ZUx93TKyEi36y_vq($tTPVnugb6$+N^g<2Qu_WQuE^3tw?@ z{_$bC*@Td4nfLPG^~`BUw-bSf>q-3*D=1li{r27Ybl^~qVvG^Lpx|+zwv0?WV`T=K ze%WECkYuW%<6F5b>;fkAZ}_RW%*dh89VslXZacNx=8UFjRPR7WrnSJ=0lxcpa>k~E z=4?_m?-xXG&Wi_$=D33c_G%(PgxiwY=;q7(V?VwgD*f*ISz?Jn&mxX!ipg4a==^AA z-+|Qcid%Af*c4k-HSuIR_`>n7rM{Kt6`>^)5g%yTd@pOxD$)J1Av6@P0R6jCyR@@@ zXs&(V4-g@?@2s0|0vuzN^q9!0;mv1a9%(fE^em${RUNPcq7mz}>&AP;PE2a20Qr&$ zLLvGWm;%Xekjs(W)YTsjSk9pKX(Ow1a8pGpqfE^yMitUGE0p5s0wNkUo)LtRp8oqa z$db5bjwB1!@mzf}*SsCqob&HpFmJqelQCsdv3_!Zv`Ior$|UhO7+}E|N)d;j-IZmC zrv#HY(Gn0A%kOZ8l!9+k4%I)d@%7N%mJ0Vf&r-)>+f_=+qFdhTsz8O@ z5ZC9F64O0XZ11#>ZO!t#CQr0img3<0(QvL!E9Upvz$fQBpMUvwt!&}IVZW%)Kklb? zb?N8Or!=|C?_BnFcb`V#RQBT6ao+jQ4cly|b1KgC=b?NDpw{m&Y8`gw%KEJ#jq59g%l&P~%M@_?aT(K940~pq{_g>P| z>qJoCT%(mMp~T&;{#FVBbJ<7pmtI(%ae6=`fx{)7Ls3(kA$a{2h7c>-ttj>|T3>Dw zz&sdY!ivMsZ7lQ;Pv3sw<1b2_i)!ZsH^EraO0H1Y)kO1{jye_hCtlDexVvI|wq zbr`0e*4J!NSkDxoAASz^63nT=9`FVSkl1Md8ERPeS_n=*YWz;~vw$s!;t4)Nn`ky4 znW8H9d<>81t-S`uanpCT?8~+8(rAcE0`7;=Zs}z> z!4J#tpnRyQm2R9-Cr!?;ccOZab%bw8fWV;+z9HMk>VmwoWeZ&?O2EF_^araJP#>-c z{LZmaAFF;qnp7`RX095?{Z%mf^{@94({Hu1QTgfsT(m} z-HpFLv$w3oUUuPkY)5zE|~XIPn%|iZ!>jFJi_z9=UiEB zuGbbWN0Eqr60m}zoZL#{(eK znu4`QynDZ*54Q@j>|Wlw_Ww)ER(|s1r&fffJw*0i+dOpG{J;0fD`IYEvNLy2_=lWR z$)D3KdZV&dIwG^yDLaCmO*_(+X|iyZs%{TNi@j=HdoCV-Eh_oaTJFN{@f-I=ywpyo z({T0Y9PMmi*z$2?{eAcA^mONKW!Zl|Nt?o=q5wShaM}L_dj`6# z?wq%4fV;sN%Ige3ZgBN z_=RVf`3f(A6Pr#yXm{*zRb{quXi7MW z@)pI}AlL)Qs#^nl%;81QvxOvHy}DETZu8nQ=M)mGzxbJU)NP~~Wz?_~7+x2yCaq6? zv}|Knf0x#9l3Uih_l?6o&Sd2jd7A>8b5$=^wmPJ<^?M7oVy9}i=APf1S3Q*GQd}@7 zt1bWTYDjVw|7?EHH8r;b?))`Ui;lxO3>PzN|9L>AmQ9Af%OEz!rz)oq^` zy>5g{+3_B3jS^<}efPj`Sd`};N0Rv_`Cf2k$v!e2JgVl7x zBN6QHXZFj8-+xrnRQkH=TUyqvK7)RNWTvT^nJ<|3L=j)kwSfN(p#MYvP}?Z4k4FOB zb1|tnN+V0~DXaB~+B8fdYi;~aIxtG2FkTR}`lKm#@4cx8Vbgm6)=(Z|%8_FDm5bBZ zAq1kujT4tKZK}Prbm!KsPU`DWp52@+4{Mo;>QuMo9I6W0rpgXo)$<% z9;4Mi!RT8Bp9&|Ov^fBlc3q0Q%x4C{Guc_M8)MJb~7N%UlwLUImk9-ZDv;C zJE=WnuYSyLisCe_g2($sfaw{Jqv*S?q*2^7jLIYfPUKvF*%vxCBFzc?H$1-ps}pfS ze6PM^D>QWpT?TDi_X`RfaP!fX6C|}n19W2^pR(c{`RCzZyS`$V5ojW_Li zv$$aDB|cXT#b-ys)g&7MEU%*fm<>gKIT9M0gs7Uq?Rxy;*M2UGBN!b{ck_1lU-&;R zz|EC+$>+$MqXE!MEp4>?o_&L`%(1Jnd3ipK3W`?R8(JSiOwp7EyCcYV|6LZqZ~b9AWGtu z0g0dE0|Nf>92=r`=KVCq*xhYhSs!+j#yqF7<0L70WPwg`lDTT$itwwrOT&-pM$0^C zN8?x{4z*n{t#j;)WxCDlqv5q=Y%($&S4^sUh`+1G=6@{gQL( zCDs9IU74p$1ET7?eKxMkYO-PiPoU?U;`ph1L-QQTw0?6iQ&Tx(N0r@);n3&^JM9n# zF(t2$@?-l=8f6RnOV)(Fe-t5@TjkgANpN81z|+JHgZc|_IC1oN@f!$IEjF*ap7R!V z@a68Uituyqjb^G2NjqRmPR;ear*B8))zb3vAAr$U^sd?iLB@K!W5T{pY5I3tEtxoB z&5&{qsl2P;Ic!?hO;692(75|*)(<)9>C^e_^h6V7Ik_ix7~N+p5CfCnJ;q`&QQqKx zxe;EF2yGBIDJ`iGNqBzJ-xvQ0;=I{RWd}`WOLr@GAB)=7y2O*pCm+mONgRymnjn-4qUL*BPNk!B$t>}0$ z8~q3D9F^4*RAayvKt)6z%8bPGQ9q2wTz@H>HwJvd2?D^Lu=15>8>%XV=Ei6!Q%?NuIZd#K)USt1(hTh!SC4Dobuf-0*Oo)4uS{%5e&}JCRzh zg@(_?6~AaE#ww}JBG?9#;=myx9er+btry= z>VaCrgz7rZzkfplq^%6#q6b;*3;wXGS1z4RO4jMV4Uz%XiNWma!*Ic zxG?h*ZOcrt^s4kmA|D!PDv5ej3Mcaf>)hR1X)SN0^!UjCFR zFB)U;+CM5)-9$d2Y+G|juyu@gX&aiKnjDoNK3u$47_T?ngd1vN3@IK(-!K{~-fPvhXC>DCgNmVrqJKFL}H&Mwa z3AyH(O`N$6yF{L=D`DIavmzXc%#nxaF|y4)zq{5md~?3bCG9_bcs1r;h}Hh)p05-aM5T7*QC0^2IzNQRHIPEuff3W z6vjb#fq;47pvBPgUqv$0Z@wSmMYD8VTtsj3LrLgjyivUXbCax@VyFqfHUS1j@EK32 ze+%kJLYUSM&uMF-vqvMk3}1cW(>*fSB#EHx>^_GI=Cvt z_P_e_dZc1{MrgFP>OT+tT)QxWn-`07YQ>$iO;7E{2=;7bUaLtr>PnNFboT^qu^iA* zAHS(He=jRWt63-PXtd-fj6*`-+nokq;@u;A5K2N(bI-2ax^qMY3E7XJFvY=k|@ z%N3it0zR1v^DFEHG2;yAN9G7?&)Kz+x_Mw_Cf)19)3X-9=5errvc%F|iK**#);I%2 z`{B4I*Daf0%RYMSRrQoNI3|PT=fnq`7k9k0Y?Bz+As(#uPEj(cMKi}`L-<}o$+D<8 z-=COe@8dS5X~()BHy;UCr0!1~;T-B5nFhOHt) z=)2280`5`fmI9&WnX2mL#zWMv8AnHp-mvTv$PHvRq2aIAV|#L(MC^oGa)&$xp?p5x zQgVi5gCX|3?+%8TQ-=J%j9kw8Hk@`*s0iWD5`DGTRgCGe)z!k7Q+zp-mnL1ydx3kz%jF&Znx@7BRlVlVI@Wm z#5o%V4ieqOW*(ACK{CrFH@b;ek2<8%B6tqmU?%g*edXJ&DXXYLnmF<_0&pTmC5n7} zd@!I#_tl~h?Fe#!VKPF+m4CJ{GEn>#Q7wA~naP73uAm5MK$O-3i9^T!EJ36z>}vc3wuA64fi^v%H8<@0>ro&hl~Y|ARYwE%60WPO z^g}tfZk^pwC~&!nqM)mfsLS^Cl{wT>L)oDzd;h!s7}G)uS%!OON=|)|tbQ#WeW#ho ziKX6vbbHoATNJ%BhHcRwQYao3I9~;A^nQv}Vx4VwX{;p#~wT2&KjYn-|_muEm4u*E&%rJ1&$`?uF+1ZxQd~M!<@0S z=nIk8Wv#9oaRL@NNQ^mss?+2?Ipq_`&AQTV5#gYyH*3GaKDxYx%V+OFZRBpwwP<0XRIytwAg#fT> zd6Ir(LIIzH>LEo&+kkf$jvvo*I8})px2+s00scG;z^>w~IOVooJsxCCuTMc%V^3AB zI)1rm-p2W7H@b`!fmj#_dO(LFYvZ=1nY`EX;)+dw3Q(~XiL<~e!B6k9Nq1spVOj2d zfanzEWC}YGKVl%uc@I=2W;9s~&X@n*;-QM=Z9>ns9)9zX2^}~PZF`B0uL)-~Jq^f& zZAHO3-13+sViLrchrv(%>VN^JpqaAnRP-OJu0p$=yCk7tbKv*XG8cu4(5L?hyRk`0 zL?Sz8j389CUlBx!d0^j*JTBFF*n{Zop3a^yczb)D9zJrgv1U(Pcq42|TP9+!UoM_$ zLS9R9pDAxW>!n~XZ+czASi!W4C9|XI#YDszw(Qbwm6p*d72ghCuO>|x^yto9`cOp- zgEKyBY+^!WD;$2JkbEb@T>u^tpw-ql`$MB~(-e%`*yzo3r^v=j z`C#_|GBZ&lz{tQbNaJu|N~}{|1tAYEzc&Q#vd;%i(6C0hCr;+TR7BS)T{xIc?kUQ`YQ6J$T2St)vJ0G-oz=3|(J1IqP z&p*4Mb6vIa{p+tE>gcL`92Jz6ovL2)y3X(Ebs;8;fg8kIf)WFY6F1}d#V6uoA|jp9 zpEPs>H@bsQut_4OvAEcjv}vzI=6k<4Y?IU(tk)RICvvzKWe?Fux5gO}%J+<|6#kBZ74I>>Tv%CW!E*nj6mZG-TOomvUW8=;<*W zYT$2_Mv*Ynfu{&!(|Tdfb4Mp96%J7-`vHLiIv44O9NK@)D?I6e*nTdPYVs=I&?r zLXD$!!s0;3l6f{MtG=W|b@JmI2s`=%;}czM7!ou&5w+4da$=mWjA!{^mIkflhJWuZzZd?ynS%~-JbP7bbm!QuSGV=_^kBEr zcGU}1nyFA?EH3C_%j`S5GlOuWB?|Q5^&Zm7WCBLXUp(omSfpo=$TY3cPN#X&GD41Pxk@^OH#k> zZlz$CJ@4~{GxLFvD4MU02(h>rSf^_$g64FRFh)PK)h$5Ye zfS{zLNU3|~-(6l|hKYMmei100UnH6h9|TN>v$J)~tmuDkA#2sbq|;h2b%eEvm_sby zo3a&)xR+b=@*i@ktNX@^^=&g+W)0cXV5%D_Gl1sm8iM3NC=6gvWNeE0m#+YY)r+PX z6Lmu1nh;INQ=5Y22i?TOZ>y{7iS#~z9WT9tO_(UKlKj;Mm5~bI@Wz*#y1Hl~r)%bI z;h(vCmWmypTpqj&in$HwQuG+`nI;i3u=G3u(B*RuDZwf9GjM+Z>ooS?BQc31$)q;?wNd2M1CP&O?~ih19^Lo z;lvt-WE^QP)gdU4_I8~XY6@9x)QqEJAC7l12RhvK)y>tZa-Vra`@ua1>yz&Ji< z{zPgQan^1}esaqXFx?k$l#%AQf4#f;*9VpaFxf+AqK22>b8Y@?nZsPg1(+|5Be;#P z2$8WWT9sy$odOnYI!$U6u>@ipDtU;)l4`Hnh7iyz*I&Q#9G9er8dkSX)7 ztQZ&H)W^?M$oGiCLY-VB&tQr6JSraVV|m?$`Iw+=1+%QNSXDzGwFXqk%fYKp4ocbn zxWHuRC&1|*bRQLzCd;`&>hIZ80C!sIx70%i0?&n&3;QYIus;v@?-l-g%OFQmXtPAb&nhzLPlz;9`M{ajobWfEYokn#Vl!?{ zM2FqLE|0^EfVsDd<)9o9vw?`~>v8#JCPy0jmg9NZC|e<>TJqocfA)C;`T0EJ6#Uh>} z;9YHaly%Qg38d-iHjlbRYMBV#l%LwF38KR!$|Z@_dKdW8Vs$Fl{@ z*`YTWFn`Me^6I3%eAUe!px$c^<9tw4LnGJG*cs3?YpAM{T}xF3bvxLXcLDZ%wUUyo*eat z{QVJv{vC9uV04dGp;rV`RdCKM29I4h$}np~Mtz2BC)t{J-C2L=FzEN|uhabZ@;uw; z;pBtv={-1+B?cm3TqxsFda*FuJp)v0puL1#o*s~pkihvyH{ul0uz~pi*q_rnuV5i9 z)VE~$d!T-Xe#@`?T=7}orm(Sve}WSUR=wZ`dvd?<;xmN?GY2PpN8N|-g?uWZ<_q}# z;VI04>r4gVSuZvXLKuId_h`^vU4H(dI14c!dT{i}AH7F`mJGbz|3zI5;!vA~xAA2t zy;v&8iwPH6hd`K09+$2Wg0~@1HqnZnkR?cOUhWf#cG$vvZsqwer(e7S?Sx2nC9kRn zL+`fqdg2a=r?F?A<8GW)H)$Tvf7WVrqe$}NKFOr@j20J4D(afJELI4RBbM$@u)IO3 z(#a2H7|Iq|TbDyoO$+D!7Rn}c~?^XMdg^K96FRAxD};mNNW z__*MQC%-A8IK$_bU_8rhTm2y}3UVKu}dK*5jiO~Q2aJAe)I z!8|}mM+bj(59m`sAK!r(m#OWvIuPgQ*bC_PAi&8lj#;v=_JEv10FY&XAzuYLkPvKP z(nRB7!Bvf46$QPKo2 ze+gcowt3n*A+uYlSwz;aoBxh(!U0}{e3H)1aPvtg>(0dI&p`kk_>?DYAW0b4*Q!G= z#m>B?2AJGrn0~R|{~!*b5wQI)_EG^pjD|9_wYG9=p&th0A~q;Cp`>Mo+X5t_Sdp7h z2%tY4IKPJZEVcPW9}!u=+58gN#26Z zjl)I077bYljIgyEp;-8ylrm;tt z!_{}By0O5nH@Pn$N47$@^-QTG(j{$2zHCTt3cIuLd(X{{u31Vk3W6%+G&vrdXoj$5 z;wWKZ8NcDNVC8UGO#F3TXA_w-*4r8`pP#YtSNLjN-91tSZ2&6Xd)v`AG)-HfBiH=O zD(C2(r|jb7JazZ#DNp?#gkJo74YbhqMIih&wex7YLA-<{p~JuIJBq$0kn*8QL4Obk zM+i4u>WO1-(drHNIuG6grC2tx)Fjn^IT-J+ws;79jZh;po;<5@)}Qo)$y{+R6N!eU zIjiL6{VgCRy#!$<(Epl&s-p4Rt;2nwv!VI^a1QJ#FZ!+uyzGO^i!R#I_2sHys%;eV z_x0C5KcQNwt*Sam-7Zt^{QVC&HGuL0r=r%n_64`zPz);q)}pSiKMf&&gr2+?+X^t8 zFPWqK4c2*3?DC)AUvI)%H{`UR4bY*ljH`5khn?a^2)o^Q zV5!^#+~T7jK-hQ&$r-dGA+kbDuU&B&GF61B=l^*!7r>>kwE26O4MerI{7L8F+zMDa zlBH=;plOK^x)kBS!FvH}DZ9usV;2a|Fhz$2WFGf0j4_z|_MonC3@53Q=+3}F3rz1U6zNzZvgG#1*RQGon)zcLp zC+S`{re0l^*Lx-G!_wuM5N*lR!`pa2Rah)aHN>-aeqzG+9k7lb?{%RwQ^O#PLdVC( z_MwSI?-YP>{T3i9aMx2}8t!dZD-Ban-3B(mAv!Vb!6ilST_JVxp9 zu>e?+DhDSgC-6~78^(mc6}8~l==wKV`1knV->?6GYj&|p*HiiY+c)bR)q{Dw&OSr* zy}||RBTNLKbln3X(wlz|Qu+lB!HySR+i%#=xfsRF4u!$9!VKQ8cqNtR~3hlz9zW zbNGi~-Pr?T1LZKChVjY;?4`1=+Wdvu<5PjWbbc2you%S0_`B!(&sc(}#yhAd(D(;* z@ej2mRP=W`yjS3Q{R5f+_t|cj;y)uKyDiTwY1p@iLA7yG6Gn5bd2MPC4I_!-q)M8Zzr%k@4 z&g4vyWnW8-aTYyj)SOXkE1(wFMRAu!4h0vVk^h~;twVZEj1V(_zB}gK3*6;DJI*(W zMjPQX05e5&X28|Vw1UW49r2!Bah`kg7ip~RCv^Rx4P-6nApaU)dM9Vs@ zkRR5MA3sL@n`z;cg=!8hA_1%fNQ{@zBcQ=~pFekc%r{37(V=%YD+;HT{#4X$aoUbh zU%@(Z1->{1=&#^(&E9$J36T(<*lSp*Bn1;ae{CuJUd4i&i8gFen$sPlk3g;o($ zU73bG=|4DC=vs5dBEq)=5EgJ2A&F}xJ#uc7fnp%_@A00#g}<8Rn9LmOcC*dbKE8G3X6 zFg;f91s4%HBZ()e`ac*xOD%e|xE|E^-MvD?@m^*DcUJ$AQ3-OK@6~Pz2TnVM#kZBF z0aP7_&+|}6jPmZ^L?ZosF>2gFow^r<*mk2Y_upJoXy#7TdK0-CI=Aqk(P|O({dds{ z!z)pFW9)1Oxv21V0{o4*m+zlqC;uoirpUk?)mf2=%Hx)2iLcqZd zi)k@5=cfx&CvGM#Zn;gqx;18Y^I=8K5*@#-PimkVse>lnd3BbVAWfNm6UoFt%57Y; zNUpmI%tYl!oYI<;)Iz$p0u5q5aa`Oy zp*i=mFSPg>Mcu6`UPo;GS8u9$rf&>yX&+A(DvoG#8QcLsjcVLJbd9FnYx+s3s#s;+S;|Rd@rsDhY ziR76WtLyBX6s*S6evWw~g)$Y|PX;J7BC$~D9^CtV=D;dm;q)5; zSrF)9K5x%!;niBNB)SoZ%r?!P*&ELps-bL9(N35tj#qxe6!5O2Py6W7VM{!U zm6YoE3hIR==Kv)_#=-!R5g=olb|J{ZPi)3i~C1I~9HSPVlcz znsjw6vSY)ATHNI^F`K~M!8xAcQSosKO+86=ofa&C9rm)-rB0Iehy-z_KQFqLb@pX6 z&s>aX5#rfFXA#%Nk`tNxe=_#jU+S4^>}?NG$KHxwMmT@YqV8zqwjna9x6QfI99A_# z$sbwfYkatVbLbY!)5E;cfw5B)nMuIo;QTVl{H*#BhcnJ&AT2XeqDPi9_sYbHn;vRd zD8~R3hfX4)oQKfWtSVAP>*)EYmRUqJPKsQVXe2pv&<&BD7lc%n#X^T+oO&Ep?e6h< z8v4y5h}P(-d4UGLB99qnX6}oO7YhlA`UtiRa(|@K^!QIhtZ`cWLe3h#wUKg5$LHf& zn2%6>M)DipsGwwA7IXXdZQi@?9I{z1dB1RWq9z3FYYTE|{~>ZVO5Z(_-AX3Wyf0x> zbPw-nIZI+XtMQ&e^KFleMqUvFi#oB-Me#a^8{H%NW7|p&+C}Q>4`X>Wf!xeD!)L#B9^nP^AZ;MGBE9%>#fC>|3QbHG@@#Zb3Ng`9q z;nzg=6``t1_t_T`J`?#Xlf@abTY%f*3TgJ4D-wf#!)iu(03KR~~!xvo0nc1VbTsMO|)`GPq28$l> zW52+^wS_&CWR`%fw%oFA=;>Masrx$eTGZMX&ZOwXB<*?il`K&qMv~^iof^&;&y+xG zN}3dbQprza&M>DJ+)&kA3&c{>Ni$;S6Xz-GIP26B+%|mIDr$U9mGo%=`+Mzj<6E~t zX`_OTV$!Ganz-Mr6{R27sO+EU2Sr~7&D>+Jh}!?+oASQ>)t=UP51YsDj5sRdv*jt$ zfYDe`r7IC3{L!5FEC@w3$zN$2-xF|^qI`r8M-y*A#;sE;y6QZdfm4EWI^YnCG;4i) zb8K#q-j={W((PE$DnE28qdql}*F5y6N@BFm-*2q^*F;E-yGV){^BkkDKl)3Z?BF_^ zm$N}YbEEhkQDKfLdG2@j+dPls?Jx==o~w@CF>PEn;FiasqzD)kuNjS6pk%D^7rN&9 z#Nld_)ug8u%2Y6OSuX#+)tz0v{361ltA&)6pEBoOP#B+Dl@sD$_gSk+^Ja|yd1?`! z_-uhSw8MN#Y1*P!1*Fz=;(p;pU2PbZ zg1IrwS=gzdDjD``K5V1ZuPdC`s_8W7{H+`7R=x^~X8-X+^PQC&&(uw&%-%-5N;(TV6Qh?JuIbtq_tN?R8U7%!vu&HF&LNB(un+~qI7Vcjj#HYZf30=agv zgT?uRAJ(Cs&&k;b93EX{Y}pT^bq>Dhd~+Q?!v?!dl6m`eW6oIpTqWxF7pQ5!*w6{5 z7V`l9W&u-TX6BD-@+Ch~l4)sD>F;WPC?#}^ac#wR%l5wWXt?;+aQN-l!amEz3gm$* zZdzXWQ-9nFsEvzRGL=56M=>0no?OX#?E1H+gX3uZ=%R{-jqK`mYz2bvo2W~H??${e z)v0<2qO^_h=xIOH$hAR^uyR$qxuPRfc0ejMSH3^F$Fgp`T8Q2UCYi#9d}K0*!zTHS zDMEXE1{_Is(nVqV+eO0MxQ@aPCzV&3@RZxx)!t=$7*UjG^fFzP7n&Mpq@^TpzTxwr zx3%eeKWHBqvldIL4Yf_W67O zK^VU9$I)lKW3pi%m8lc_=&>^2AuCr2@^4VA$6eQ9Nh;wNSFWfr>W--Iz`K5SdEquZ>UZB#kni)mUm~ti zxws4&j#eulUSUr6YZE%H*~#wOo@r~?;OS`|t;c7bxme1{uo_of4hUv8O0@Ocv#9Ye z5ayR*IR%~E&>$PRO;KekXjjFie@WmUB)XVUHsaw_WWThqP%W5!7vWfGx}an0lRV9Q zo__lk(W%6Q!Eq$5H@30eQ8X%j52m2;<$OO;!O-i=u2pEz20!`vZ#KLsB`k ztG-7Ou#J%KG9}&)=F(64p7^ckUg;#hSwy$WwHAcGF{#Umc5iCh?uPfo<#**lk{bW9 za;_igwJvl*jp449?^kqqS0hGPZz$7RMMURd8_hU|232S%tT?>Xn-WmfWYS_|j%3Rf z|6M_DpoFLkL>Z=Hx%`dAk~*1Br$+Xv9xkA4Z>W0bM2gH)7)Q#yXm4L-C~&d1pJJ*? zNcNCb5-}1=#S*l~i;0|26^mD&TH*gL6;fR~?yf%~t@DI}aeMKu$**b^8gh^z{aOd( zLTJBXV9kJ*1zqW{Qif#)940ifZ@U2^j2`|>HZH%fpVX5^A374zJkd{vdbYt?VVuPq z2DC1_%3*W?t?^NIS)bfEu~lx7$e2pr{yXUEN2pTT&#(7<%v8TaRfBht--IK|L{m&t z5c66K>U3JYhKGx)ynuKXd&%`%u~B=MZ(MxmjvqoZD>iiX_C@-d!JFR6fKtU8N6}jL z1i`ZQ)_8MNf8U+cbp2{~Sv)UFvC|ow{vPU(A~XJl93=`1h3$9=w;bdAxZc^*R!pNC zv!=Yhl+SzZns_|vP#@-SeC1%fuu1n0NfngE-s}8~G(16QIIF>;Ei9(lghq9$eC&`Q zjlzLC$9?RgHN2d{+ih50Db7`9vo2F0uDMKnG^f|>s;Pp#z@1WOrC`dcC{rk||o);CH3+iUmfQOseswq#Sk|%Ua8CMJ>vU zs8oIq8JTAD-o+w6?Dwp@__1P-1T(t}jI`Jd%0-NL8lPfiC*;r8`lLCJ6>q2oWPf_N zaEIUCi(RG?6&SqKJrN{cg>0l`m;Bi%{!+%&m-5C$f`EUav?oRn2hJVL3#|? z7@7FYKfwBxfH5BVWXfo)QS@Ibr-)uLbB_8?g&29PyrA9`QbRZ7=@j}KM=JnBzX*C+ zPB5NXi5TH*hM7CMvjhT4$i?EYE`~CDnKhfy1txs=TRpC^mHGQlNTiErYw^Zdp00 zzBE^~MRKuG>XTPNPUL?EFJhlZOwn`HS`?E^oC@SuMdoUypLh0iJ3MIg(m%3S3wLVx z(w>Sw853Kc4|%M=L0+kpCA7N+nE&@D;8TC4lFt5k_QT@O)w;Q zruAtMaIY9UEG7(bqlS}fACXg0t7Q71xQjQYW$9|U!n~%`@i^37u|5dO9j!HA3LE39 z$UN$)%qDyhG?x^qC;7x#2EKfmPJsHLhp~$HgsUOboUBZr-8r|O%$tj54anpEFEHd5 zty$hWbmx;aMy6uwC0uc%sm~u&vz6K!%p>q%q@?m1*Dfmaqh-=r(nsy6E!WB=Y^+SsEVcIZdXa_%7#qeg-7Gg)?I#$N3#h?>)sA>zi2&#;tL*TGzU z7C}i_QqEtz$uXPDi9dr5V?j~%LKuy5kQwp_Elk;EXO{1$q89sxfCEeh3!=PWN#2HlPjlOi3MFu%MyD^^? z=}AF==t`w6NYi~Auk{!~f{id4ARmq_@$w0OWGVp4ldpje*@$IiOg5Q?(s? zxKg!6b0JWkpk5}1hNUjnXuSjRu0e$cU4G(dGd~$_m@&$hQ1$8&|8Fd9gDH0wni!q4 zLWTH(`OKME}FX_AVcgW%co$E8~y>)9anMo!+ z-(wfd`u6)G*^jvu1bPuRN*ev3ew7^BiEAaZs%6I(U7ayo^cIuodco-7)4%p&jF}m{ z?wDbsA)*aVTxNl4)5iZ+x2OY|rrFLj7rt2o5xEHW+#;uxx&JCIVGi!yj~Pd=Sj{Yn z_{$s#gflWYqdO<4oULx%3TEZ*Y0%Ih)zD~bZ(m^GxkVfkr*fiw=zhH|Ttcs(!Yad0 zJzg`26MCDx3Rf8$UAiaZ6Rg2qd-*ULHYxt*GduLcyCf?>t9jRygM{v3rMrkRWi1YV z$$-PAh<|+D2-|K$Xkw-?PU7IT1znQ-nJ1O0SxG2qWAI$c=kY4ml$V^b=6;HW`gS-k zwQyEKP~x zR0SB1V`rt-N+Ql;x=k~y{=R?LXEWSsLimG*Q&zx3DA_7(i(rsXu@FhjOlnWEq(0sl z9SZ%Pxe+hFg=J-9NwAiZVpex{j&o`!6Gw1w+JPj2)Qs{}cm92j-8tBK_j2w9gUUS2 zMq$3%hgVwqs;>3ha{ROJggTdXP6&eK&Qq_9;j$(c((Z2Z>3)*v*3&=reZZXP0Tqwg z*;(|K1TE%su5VOjst*H0(9c0D-T>frv)O4x3V-q!)}u9KF(LAFK!tDDG|w~WS#fUf z`Hs@Ci5VN#cpD+cAZ$N2+VqUeYHw9)<5IV@ z9XW=%z#(Lu(Sk%zKYx6gaoYD3)~nJ<-eG$yY5lE=*&aMf=PAaM-BMMNBAK+p)ba7` z%b}L~xeHGn+B3)p@^Ll9SL{)>2HRKTJqj(V^D{dCp!5Y@1&bPuCvcv3|IlDOz+lj; zjKYo_r8&G8VBCg(OSf1qQR|MQBxCKm?C>lqMdZK+C9v{MFC42_^F1Q8eaFF{LGj-k z%Zv(2mozo|IA)%w69%Sgr4eJNS=Xy|7DlYfl~mN&NsLDMS9=B$O&6iE^(SGZzbCkj zFU~SQh+<*Y<}$L-eC^ad&79X;9?2rE-Gr=pQOh1wiLpwKJ7wkSOz6;dV+)Hk!Hg>~ zY0yj0f;h7<>&&csNL{{YZ5MGEU#&WCC$c>jDRNH@v#A98h_bb+0m(Fgm**PaUXT76 zl{K$24G&R&VXYG0mAoYUit3lYS^ohaMw<_gvcT4}0pjZm+vx;1Pv4L+GBF|6V9}HZ zvW_5P@bbKoD)2AatxKw1DU{r`^80H=xVpe zxKpv{bzG77Qc9mU_-gqC?G*=AhvX95hgmkB@QWAelD@uK@>KrSTOu~1)wC`~{zV$D z;aSppkAZ3`aifX>zXp6yaX#;}%X+1}6n3R&>G$TSEwuJ`kJinzXdmmvG!xZ6t)pfR zYSP)Wm{fmFw2mOn%C>vO-5#OkoIDzFEf?f4X_9 z=}Oc3Omo|>k772r>+r1!g?6l44w29=VJ~qaFPbINdWIv3p5cTHy?1YvQ!T^^bp!8A zh)-ZhFb{?qpSh{Y2vjio2cTGP{0-W%Tt2#$SU0{Bp~Qg97-!LlxTsdmg-!YG%eKZUJ`nCI2f1*}&krKPtQsrv>ZdN?cWa>6Lp z_?;Ey)Q8=PPE>d^3@C7F#0nxww%f!*Updwl0n)4&i);s&N#o+WWv{4T1^G3eF(9J^ zO^dN>f0KVRKX^__Re_gZ>-?;kw`{FuzX~_rg`%XPqV!x%yt4Oxa=2+?`Nn}47By0X z8N0M(W0D$=;)sVU0X1mpOg1iC;TzAoCgsZ$BzD)o@d|l*FXeseWD?G}E=r<0eh);X z$cl`9ES*1Jwo{vwI>8n#jldOR9?#QT1JXJ;q==pp`>|j(u1Ax96a2Ko91uE9az!ru z_8f9A5Im+&oRZS$QCDo42-`AmOQjn-eu<5kaf;ktSg^|L?JLh9)n_cXhGO8s3LmUa zqF34tg|xfUd-)h$3G^hYC91|kXRM6Av>5kJA;HYp9?9rRXni=(kV(evglFJHr!zo) z&n&7jTO^dy(92OE*|q0pXv=cWd+cp#;l*K9Tmig6t|U}AnO-GVvrLV!#6_Ix@|0-9 zTGk6k0U5d~+j>& zu~(9ouZ5s;==3+VQh#K`Q>It9G#{ltqP_%53zxqS$xq%uP&Kxcdc9~5#mLcD4pv2alpBv@&j9;cRg0x7 znB#Jj*Q!3#-&slAFEBkts-2gOrt;75dLcW1tpR%{?3rNEZ!mcbvNPcAA^HcT=;vUy zj_z>KI&P(3&?cv_VLk>Ca@Y#?Y*p6)!bVlV$rK$*K2fIr(>Uz_L=j=_r)$_e{P9jB zZ+=i2RNs=jX4Y-Xp3uepFY@TjMAlmP$7*rF6|My(9e(ZKXTM*N_St(W8kX-l_;Y$0 zcN&oz;)Jc&CFP{8N%XL(%~J*sTVpG>^J={EFl53f#ydB(PH>SqvQJlU@hI+)jlXj$ zE$qABT7IhXl-HPNh0tpCZYXKH{3; zzLGBf4)b3{n`>FE!8&T#mO~VFjk8d1OlNg!i$H#3Z8o{yp=4IDs#5VP(j!Q_D+lW{gIiizH zWK{GS5)_J0F!=~56$$b!lZy_gea3_yc`v+oZcXFo8!qzpUL|JjPqCPvD$9(Gkw`M; zJ1a|Mjf+a*c4YA}uy>xYEN_lXC!gFY;|oGM_@{U)wU_Dvpk82sG=M@g&Ml9-Fm&c^ znBxa6il^tyWDoYIL>!YpZTXGuavM&Ua~1tGTCb24EwO6O!K?D#*YpoePfWHAqedPI zhLxr*@R!?Pvf4X2(IE)Ny)84Gn*7gfjd3CwD;fIPt^F`hcna5&rb?3Xn|wFPOAfsIcBzRnJ#MUcEu$<_5+DCD#`{^^kRqG z#Ak@PEL(jaR1BGav4F8diTD<#T)!5hP4hA()_KWBYOEj!TQ&)g*QpPGHr_DXCSpaA zGj(mmZ2+I5%R)A!1moaQR9}a+&l$E^2G;l+*EA|8$vR{15h8Xx1z~Of_57T=ccvCMKtc{v8|I^qI%r|wvPt(ccp z!*n$hpHY5qSbzJxVPv*QOBYM$u5#;e?{LZZs>|Gl%=le?Ne^Alx7U=I2dZzBL{guv za&^V_8wps{PwZqZ4ux$9yA-oNQ?`$cGSiJ0F*J=un#)vV;)@Fkw(WbNzQ!O9wJ}mf zFYK=j3N~%!R7NyQ6OfQS)v%`!pxmruF%(e2i@n`g`nDsdZB|}!?|S+r?g?l72C1OP zW|=+Zul{v~*3n1_v#Qk2Ep?NUfqhPiR8D&V0bHqely=MQCzW1dFCK-5u@Igq@tT#{ z(%u)a_08yN7k|nT$bC5+&ns7iC_P#WQUQ!J#`a=)K0zL#+|(MR2Esgs_*#^;d)&G) zF>OJge};1<3^hz_3%`z&YsBBDnq%!}+^sKXL#2>4hW0rn+!@4kSoe-GYmAgiD*gJW zxPX*(0)xjcX-)OU2)1L96V9Kt5958TS12aKFTKy>*0SfhGd4!F5(~u$`7ZtC!ni54 zv7ajGs&ADX)aX~U-5)SOndq#ie7c6yt|ltz<#r6+ zxCPZZcO2A zG?nC*AnM=hTYNv{RA}lBKd!FIRwaT-x??V^H43S;`S||oWU1|haV@3tD*uWu(?0lY z`bnt@o_$+G9vD95(OKf~8Z5gza7rlYePhew&@#eBd+5gv145bt#l2kAPA5~L6Rsyo z@}S;fap))$wd$T>1*$XtkV<2$%EwXRz>sg6kTgS6;$@Lr1LmMltog>fp!Pts=Bw}0 z*!IuXTR(nhPZ-NAHjeV?(;wb<($&FVAR0C;*V??>N>`5g=@X%6Wi#cC>s!TZk|r<2 zQ7ftb=miW8B)(e9rC}f#Y`_x zw?JZKaIO)bAhm;+TrCu|+;Yec->z)*yy9Yt%j}%4VaCZ&<8X-zMb)IOCi2q_cOO@C z#Ta~*l9q;5TO?U$$rrl^D4A}Ru{;UMr-?Ysooe2dH8Yaqh;i$6tbmGHK5R6C)u)sk zqlOH>P>$EUn6MCo-K)v~Z38a!yJ|D*9M_UnjHXIDo0&vC_@lf0 zMiQ^Pl8XQA#nje5tVs4Oxq2BlZB&Bqx!PD@C9f{4^~%mk!*69OAd_|QWu(zSJt>Zw z=)^i*Kgy<&<4lv0!HDACIBxgy@dM81F1JN&uUaHI&8oNwV_u^yl?`z0Y=|?ukchWm ze}hnyOe)h&4u4o;Jf_AcI;W!X$L;k*UN5bbny#zC;bK9bi`(-hVeN5#&5&4Q#577* z(D{tLXc#3eeJ-Sazoc0ScT3IcS5}TgS#XwwKyKd~)yO9$5<;TUM)$c-&XOxX4^w1f z1=6fl$N0su2nyoUNX#oXMRioGv*g!;tvFZ{Q+< zO8!F=m=M2v#Be`sKzb?h{p>3oA>~5^t3vyCo1u}H7Ao8exJh5uC!L|Z`RwB8%$d(0 zbHLZecqlbRSAhDH$*eitnQQSJ7m?}2pSa(nN_MfpnNVZTdGZ(pm>d}7YtSky%a?R21PDnAwh z3Db|21689S?2@+pQg@O+r+u4zEYN=r#sAB2n5RgAM|HC#O+k1<-$VC^>31xFnM9RrY|@bM#4shI zEjQwHyWw1pB_+7{-IeAcx-y!^iFk7IG3kUrYGj*r;n&FU9hFBc%p%md#6Pgj1!;se ziL05G{@uD9^yq6YnyHr5>!1_%mdQsln-XQOXT|W7zV_|c(vnysnG*8}TFW{AG?q=t zAdyQiIYyL+!4a1pE^9(weJ|<#wx0zmTRM(|TkNvNDaGh7IB}ofQ1EBr{uw*cgAYoPL0PX^iv;aRp4`4~f|5cj*Vk{23IpB-*0NM`V zQ%_c+=s+dm5A5)Q|ChsnR-eTpQxF5M!n%?#fYR^2T)zss@2&83fMi1>n*f=40HrIc znk{fG4Lp`kp{+4cI2Zt?8jwd=e1|xoyltqdc?=k8G%6S%C}Y=bU!#ZifH;Hse;`nI z(2oV`QiEkn^giG@nb2@yinEy)-EE+cq%#DzjpslvGE%GWJbVwj`x<+|w;$JF_KD=2 z92*k@0d8;^K?ADV+fNE$8Uu6{v^P7T!psic0(vpp6oFE1cS8OKhRD{;_sLz1M`7P`5JKliA>VJ3W1z?Z_KtEt9t^w#h7ewkFjdJoEeMetFHi}aN-Ty{Dei2A6Bqm|h z@T`WzK#7>?)rre2ydb%fdjx7(c1?Wq=5M`!GZeFkN|?25GmG05DiOQQ>L4m$mZUqU zR9cz;#?hvz^p`>tMZ~OxUR!)Ix5NuB!w*RSM)^#y#P#=-syTcP5#ld8{FpYsPn97S z$=dnt$ZJ7I$wvMGuUuTSiV4lSn?XEF^;)VZx1qh&^Wedt%Y?Cn>Jk=Oc}fJgVy^k2 z=p7|vi%naTR68ZTkY)TxZ+G{a0ZeUY%KHf1sE?)zsiMXl?q#Q5b99zfrhZJ>w3rWN z-phSV9&FMW`6e8%ZZU7)Tnk_w6TV!TbPxHuwd@9MFVkA15yVWIw31JUMKz`?L1+|H zK#vQtDqR03TISv}`{mz>%VqVj^bE;xVqI8O1STmwmod}i)$@x_&d z61>zXNMPoD&-ma=Ky2Jd$ZAV$A#1a%W`kacMjOR^`79z)rG5cdLZI15iFQFeiqTjI zXAQ>NR=OqisxcF9C2D=6E0q-SzAk?LTq_@Ca(dqK-Uli(=X{^HfUJD}4Xp9X0Zs_A zD0s}?y@?Fh@4edOl~@#ac$@!lH4b2YGxC|*<$#F*35^>YMG|T? zp5x0`=U!5<`&N`DSeVy)=2iXJP0a~j%b1lTSb&#*T@ zoCz$+K&1eUo)xTl09bJV13x#v?LUo{Ee9rVK2Qch^J7vJSh@^gd;$?67%07HRq2@& zPchh`I)mUPya?bgG9L1M=m4zmGf+AM*}gsRe7M0JeN0#}%)Ucu8myM)<}sQl@Q9Qf zCpln4S)P4|QPH|m475n#5qN2PV6X#ZLq*UnW`lbV_|^mTJWPwc2FCD>;^e`{hQi!z z8vk7eYE{!3u~+49mxO&hf0rDHb5HkLIhSoRm(}+fQOm{NF_~APf79(cFfS>W(j2~u z@IrMM^%_1~N++T(Ls^3FiMctQ;$*~2tONqw5RU4j!NMA@ICh;n!;Ks!@nJ?QD|~K@ zVLIDy{Mq|_jyRI+bzCF@6c}GLBwIY1bcKw*Qzs{Hi8&t6kGE7JT1&_^{k0TT%j^-s zV?X7DPY!w0Ig9Sb())AJ+U34=ia9L0=Mo)-5)PnUldUJzHjei*83&o755!83zlfiy z)L)??z#G3C=KaU8O662Kth9EBP=(HUl)(5K;qb>X=?=-)*lhtxGLiB;w^IBirg|w2 z*NmKNnS+;pe3Oh*WwNls|AeAYSc~SKlpDbQq0(rUsHoO9{>FS4TS}UOU?^ycb5XZf z`DG^&&%JLA8H7Gf=hT#~5trfB67%?!C8la$Gsu(PGkDd`38G^5I4q3ZG%lVI$VQ*0 z-eadSJU@Qe#ymrT+9_+{{R@8?^=53~nCUt(NW2hK7-XG(8%qjppGRR{=rz z6u1{?J|?&Z0S(Z)$`qHB`5{`05&nY5igCFj@1C2RTXkLCAGDL;Pirs?K6jr>`N|*z zgatCW4R#7wclSKdVj{ZQ*$7DmUc5n$STPvPf+62ckk1J@X(_A{0pjo_K>P8XY(RbU zF{C$u(J#%-$w2xB%=o>Qk5cfbpMX=;@l3c1ec9qT&Lzt5$fZv5#Q&Q!<8o9ZQ7NW< z!AyhdVJg!ukumpWHElN!KjrNZ;D-C@Cn@bal3aPgv(=Ep%cY>xr$;=+Z{0!>FmC+j zZJ;)ORO73X1k~MKlf=MneERvtHf$stdkvEIxS>2ewN-|yCiqEGyxVu%kFN6Cto*t! zmJeT>l*XPfJgxP~(Ld+Qd zq})D=Js12kb8g{F0?RNp8j|&o-$(|NQp%Uv;v-ktZ-t%K5N`gc&mhbAr!vih$n4~> z^~Lz5{hMqR3+ew!^^Wis0;$DZOI*rW!mM*dV}LoV&CIbSRI65-qN0#V$Vg75`p||! z$GBxHENO7A$c=Yh{kGzHlW}TLKwep*Dc27lRdKCCYrH^_S7Ra5m$&~WhJ3Jhu-UFK zHo;-w8F)uoI>h{8)8bcp=N~t$pr>K@E(;WaPCV{=YF?Z%Cj9DL!R#jY!7J)YBxhrEofa>`1E<}Db?WfrsO?w78 zy^@Q+YK{=Y#neh&B54^1C$fTNHL0 z``f`kXniER5Mua>ImJt00HF0au~?(MX=n5f)H4re?EFWX@PU9Gz-FK z4?*z^wy~*Qpzt+*6{sdK2#-2J(@M}3M4*cPZ0sj}4H+*ShiE5D{^PK5gI z6^*GHa7A9h<^5R{K?<@(Qy7qb0U8o@fhL~~-9bBWWcOS;Rql~C0s|HVRez#+K<6b! zFlD!E2@76bZW)d?9*?084_41^B`c*7Wv$*Pi19@hWf30dl6oy%Ah3)rs0u`fNe{}) zliy~@WW+{ViOAh~f08N8IUtAMMRlj25;Z>7h>zsSFHvU!3V(aM)Q!)P56gopHYYsp zQ`M7{d?3CVXhG>PLanb;e*cE>v+;Z!%FMg+aw3OwZ{If9d4J|o-9?6%ndVgNjAduW zUd4zdEgza&w;4|C_#QV=A4%n6miCZ8a9ed6sl4dZ%4MYS`nK`ImwHqb2n4fIEk82y zOj$f$uai$ygK;7X z)IeaKnPHt_ZQ~rtdUzZGQGi_G4MWYZh7Iu<0}&~R0xdg@&R?u$9HNg2HzKa^*!xe@ zaHm)YVBbOoSD7HGGr6}oOSGe0HcaR_1oXwJGL8!8Hi%G-GRbW=tAGY|WE1Ai49) z)@qq&kY+&c!s5t;vl#@@y?ZAiivX4X34oDS8?FM^@x#;W{lB1~qm_J15{>5ifGyO2 z{~IDUm>-kQ76N-;dfIy38%nr%O?UTgkT;B+7oyObJO)0=AK=FDaiT4gm)O9prsEXY zUg+NjZdE=i&`{;{q0oUnG$1!pV3OwC76|FthU{4a5=M6 zl{W9B<-{(@;3RAFq35o(*!OTPv{71cLE39*Q+;QprN_>?ZYEkutoU!{3mx`X8F`-w z83&pP(R(6_>$Z!}1IMV6sqM&Q)iPBc|HWFN#d~GeN0Uz79M;a|L%(<{qPaEIC3bNl zZF-yKwHgO^0`^MtBSN8CPM_1xr^}R9p3GDR&}csjbG}_%!E;7p&ApL|PZSZ^(6b%- zW=Si9+sBc;oTJt`wtl!&H^Fz9wC1M3bijwo!&32y9a@7mZvR#;q3X!QPdD*n-9F?^ zVY)CPUK8bDRgs7j4nLS@y~P~A7K?uogi5&byhZJ-bMpREtgCW3#)&-YB=L-=;gRg+ zBEkzsNMljaA-Dce1ER!~Z-Up;-aFa@0g95!U6^XUuYsvRI4 zuAD=Fx^HTsr>6(U1{Dh=M+XRc?Qfu4_zQuOavDsC{5o9R-O=nPf@!{I4>_$ve%>!k zuXn~EcomgNYdCYh5HzTEdz4pm_k6BdXuj{)b)`DqW@#Y!Bi9zA&nYS>E40*#a+ z5KdgUn(!rv0@I~I?S=c6&?6_7m+j_tLq|GT9`LbkG^wQIxm+CLwllQ1c6pd;C2VZb z_8CywE;rv{kvxz4oBLME>2$7Yky?M;rmHuz_+*gh5q_|DU}_&Lb62Uu1mVmZUd6r{ zx6X{{omeSJlV{5=VI|~Riwrk9k#C*s#;GHpCmSAbK3Yq;!}UxK2e&OiZg|xpgHAHx z5f!uLVc69rtrkJnRRg~&4<8{swIWR;*UM3|XHFK zEr@8P>#sVE(yvn+nrHuGY-Y^eN<8QPsP!_)rzU3d-SHE{Cp2s*-oOjacQlePPjgAn z4e~MiNsz>OS*D@Hk5y+yd*d5*7|^mK^T6smR+4S&8W4hk2N#Q0yt#k@%G_NHv}O{7 z#`qz~$hA%y19-VkK#p6n2L%MUvB%r6{Jdpl1tTaFx2uawVbY~zXez|tk9bIoP-?!_3F%I#!=b``Bn$q7n|pWz0Ga)Pn= zd#CK%?O-k`645W9jRaJA=H=|tX zL(6H5994>??8IYInBhKE4pxo}Qb$T}p)9sYkg+i~ec(>iRc-}gfk)Jw-H-^>4bUt- z;zly#*?k|{B^N20ZAnm;s~}-Fc^So}x;DTGw~T|7v7bEhR7H;${~$g$-`|ylNyoHN z>)pG8B_T+;dDT&AEEk341+r|pC1vkJ)tRHwWJ+-v5z$P-l^1Ong*wAEbqnRGPBfa= zI&A|cFTb>(Pz>TW^82poG<|~6`9D0l3gfS*hEFp_`TyDm12+Vwz z&6L&0C!%+WHBFx{HSh^BAtjV2S@^9njaBl*rnGHXg2o&$W0B0&8iqd`s)bP_L_*JG z6cUAV)T<~=Bau=^yXmbYZx<)5oo+ITEMs91tEjisG(s=^Q*N+-rja!4-T^LcrBFT& z@ESX0FDNaKLoOKL5-R&sek>&}^~WQ3pfe~tYUX18nNyRnh*e@VbO)+Y<=3;O^5fOL zfEcl@0>?UcU6%5bCbF2}P%Qx~qRIWhyn2<@dIk31s^FJY;M#rHy!VQ^%4AFTTIn?~ z7vQw6b)mLK`v zQrB6L@a~=o>O?URMsG=Ijl3*SDr#_y;T(W$E={3;d6QweJfa@6c-pZYNp(XkHiyxu z9SPCXOHp*Igb}CM6UjZqBWah>2%fia=-A-Ws((z!dQFl>qhsNvV49`{!k1e1;yPtk zeY>F|gs0VejNFLsl1D_4U|oDRiIob9!i)_G?UM>*?ets^7Rc5`mBH0vs?z&Wb|JddVb$979CorBY|s)o>K}AI7CN3 zy-S?PShT3*p%@iQO};-I&WlooPC&LHrRJ&s@aJZZh)T57Vp@a+4h~8G5=N!YveXx? zP3~`r{qhB{8(6*{G{B;1T#Ibk;*3!DtA3g_QR=y9sc1TOSNz;`=UlYj>2@nhHWDVA z-NIRALU%D$sjHkKju_fXS4Z)NYnZnJAISMeFnG#F0u&&AsyOd+p?#-gOzQVV`awGa zsbC^cy`%d!SiZAb*jeFu?XkN2Kj*b5I+E_TQ01+6LlN@OY4fgeAx@Y zzz}}D?;alfIYb!mL2P5vMfM(mZKmfML-BPtBsof#-s%1IO@nBuy} zPuqDpTK7=zQnWYGZniJZ5|Ji4k6Ilu`(89cQ9U~DGjYAyihHaYMi+n%NCb zpYWux)1lf7Egcggvxu3tDN!~sbCrCg5Qwmz+RXukRf0K)l*z};&4GhwcF)-78Jy#T zAUlP3VU{Gp%e@!Be#NMEK6^hSzfqUf_wc4KxuGs1uU3#y8CB9A=LvQK{|j%Z(ssr z10ZRDCRaJtDhr?x05=C2u#yf0ifGBz14EMArZCimQ^p^ZI3g>GM7wId;JWuM0rmUd zAMy(fgJaEJW46SGPX*fsnk1+lyjPzSM5$cDD zT7)nw{IgFml+INsFt`w#mEZojz+}}uWCXz4faxcwxZP`_)<)zL>iF~YeU`u4#%P#t zo~0|#7!~4D^o0~ajfQc@g>ff%b)*+_Zk*#z){t9#?5fi=_?XIrH-q4X+4pwy&-bN-4=Uh*`VNW zTtOYhoL-<5r{~N7?NJOtqlv1VES8J%cg6VYIl_jTXCR+N2sU!J1GbpqEU@-NnjRW* z#d1FlPr)aMlm%RlBxhe$d8!6=?A~8~idq0s?th|2pY{tEyO0HFhi08xGipr5?Y75kpHrUm$1_eV;A zrL`@GhVP}>I)IdV3NbZ_AFaRRI3oB5A#$S}D?SDU+$q4%do(fJAOp#IX7xP`H^%F}X~ z1f0ZRTD#)Q052xOgy1Ij7yLsntvmH}jo4G&CCF)D$t`US4(f9|hi&56zO%JhpkGUmvYP1Np@0PHQx6o zA~u(eJZl9<;$BNy+moeu2=k4i-n=_E8cZQ$0?lO+(ac`){K~|La~YLH^>cU)ZT1Q& z{T}i5%73me9{GZ7=ys+VP`H>ebSsRHDR+VgybA z7;--_!~!N%KyMEasQUiCUW8MExbhxYseqIeItQ7@$5UnzlsJr*DRmgq*NvZ04hML* zh|P!#Rk>~MFaDy zfr8>3s3VlRTnrJWk4%FLM-sbcRcNeG>xh+6rHE7EwvRD`fl(p-N6_Z-Jjf$g+(Kk% zxC5hZFuQSu6LO!Vfqo@yWfhF4doq8TgLlNn@I6}J|5X2igrgg{A|#OOOIa;$4qrsnRJd6rn?JW15;e*PO&wrrFd?X|djT5290pQT=J{lwQ z3l{)4g_O%WJ{k}!_5d(aiS^1a;8Uok(3k5CKL9+6QxKDxD3EpT@(@FxKR|djL7Mwg z9?F1S+z2eKjg84-0*ZH15Z~=G!qgi8V0rud>+8C4H!&R0bxi<4<$?e=<(-5Bn9;lA z8j-X&-o%4uUezv6D-#mrkEkcOJX}oda7A;}|7Nqq&_iw52-{_7bLR5-X@-f#)7@oz zh3qPr?P&l~nW15gAsVP2D>~9sU!GewW)u!*|6mRZCRcR;p=8f3J*Pe7D1dvcd7{D^ zD901L`c6=#?-++TVzqGs=o9G{O*N$C6KSr|7E7$9sS|?v3l+^GqRW{5uvH49n>3C_ zs_ecXHf7^!=ONnGT7g#rcC>4i2pLK z%uU)7D}z~TN>H^>)hAQ9B!0J(^q4GoAkX#ANp<}r7cIRKO@z$lNy=$+B1(MJSe zbbtqknF=Uv2LS{gOWCfHQj?;jwhCH+|JF7%gcOgX4_LZ0=u(XVVoS!BsX-<&Lob)>7 z%2Fc9>TqRn>4t+hSX`qZPP6d!Os(^hGP(C&?^-|O>E+iyBztxQ4H5hjneg~BWZhn< zdg_R!Uv zGV<3NcAuFdCh$Iiz6LOkLC17cVL-_3h{kQ#?_4Ww=M$$64@bVob0}oEDX*0RRYha^ zN&=mpV=F&(Ph%Eo6o2qPBz{899hZ=*`jvEl%e>$%rSm`+3~=-KkJ2@Vegd|fNNq9N zOqpmIC!3Z*Aboat^c_qFV*&*c zIeWU8&~0M2oUmt8*hc?i$~0ggWDWmJ%mB5MjR|8R)J=`iml00!rC=q|Qad5JXkp>V zU227YvYoXs(L(sJ*$MXPJ7)+N`;{jfv9b9Y1bwpu<)0V}9i>j*Op6*XbzTLdgm(HS zrc&5(n_ZRZt5Y074d16~1U}*$Swt-r`Pn;J-jA{w3!gOku?%%dz3_~#zCnDq$i~UT zP3Vi=Ac&y)(^?+xCxb`_DsI)H5I`hZyDmCpopt8G+;xH)w_LQf;@_huReX`nEyv5v zJxH6{l*z2`D^{KP>|W?8o67UIMotIQS%Fq-8PKSbEf1Gn@Zc}_oRZ4Z2M`yg$b~Ny zqma_NYfWa3yjl0M1)VLB>S!BS74FQXj=GGqe(>WhNI@1|tbte?B-bEvVxHpkeSS`! z14|yrd_RpSl`T>uqu3DhHV={ey9-fUvsSwoAdE3yQ3I~^4p8|>eRyN^xxoo;8a;HR zn%aY(&t-4RgIAONfd|@gm?%h1Jf0B~x+Ze+662fBgBoCH##ADK85dkO);eb!j;4bCXE z#<7wK$m6iRy&a$jUlzx)RW~&J0Lq>BtRuj>)yU@pfZlTWT`iu)2P-v7fQN$T=FhvR z2jDyN05ODzhX**8HUM+l@!Xf5fR}rq$VwytSpW=(kYQl94Fso07k8u-x^+-pTm8E4 z2iT+n0523U6aZ{!m$S00_vAuAt&{~ydB9{Q0<8N35(nTb^8xsyUkWh4e}@|Y81nSW z*%VY_uZu}QOsp}$aJE}21tPW%fW>0-D9F9{sCmEx7j$9xLoxNg)hr*l^Jg|BJ>vl%W6*>}t49l??wFpOHHr^xwO9fOAf0Q61ye%H*c@yE339c4v zhH%g}QvwQac7L`d^;wQ6csA8Bi-cHyaB)(87Mft+@J{8uABKRflZ4*JI5<}nw;9Am z{yBPA0xmpKOmSjX!RR$~28BtGs#XSA_x%%QtF zq2&0$Sa3d|DsiLJ7Z&w~vQ_cdT4@&+smlZ+ypYrp3<0RCT@2P(z0QVwi54KeyjEL@ zcKpbls`@Rpj6gV`Gr>yB3K{ChnuN;j%SbUe+^IJ7MGxqJsU}s)m%ED5HPLP8i(ZQc zW&2!nNz>F=MiVDYaBAjzEI64hkik);+9S4dR;ISDRzg1T(`^$Z=^MATG;3!osib1- zJ3C}^FIXmo@zR0)Jx#!*s#~Wl<`G{1PP5XH9@at#{4t zozD!wf6p&2s$PLSEgrt_9?Jmr@R6D1KcHy6vHy|+y;Iw&4m3QPFz`?}1^WB{2Pg*! zu_;725;j|oZjE!&MP+420JT)~*S0$`F){Ekz5|c{oB=k*E&!AYMC&z~Al4>?i~TuM z0~BuuV`JmMz&`+tad;M}4xVm)`~z5~myN#x8)g$wRsxE6J>ZA|lJ)@q3I@;r$AmId z0rt|*I@}k#{G5w$lslo+)XW6LY4IFA?EN_nh{NI;a9(Y1MTo`4#2fLNeMxw5o+&rm-WpP16 z_GtFbx(NJ|n0hg__zZv7zT#8v?uC6kA7q{MBDo~Pjis{0_Ug2iaF1pSQM8uRiV-iE zZzw8Lx*U|v{uV{cHqmqr36FT-;5O(cbzfb19$pX4(~iJ5Qz*b7u(H`?Fl7DfJ_cUzQ!fGISHNfSep>?o@#JG+0A3Afg!@_jk7fVs0S082+1XjZL1YN{c7aE=SRfHgo02;3Hbk<#qj!ISD9B1TQOqY5JI8@jGny?;*XI zzc+9X*EvcEw{~X zLIUqx!@LX<-(QAwc>O5|=g|{p~o-ytdSHxom8%Tzx?qWX};L9RX*~7W)^3hCFdW z#ng%-*8$E}3XnSfX4`KBR2VFQk&D$l&RfhHP>7diLyWga!ZKGQv?EBv-o0Tr&M}si zlsk@(6mMsytPg|cj1@81MMS$Ev2}G?=gCo(2|8=3_^!U<4UP)C59iUT!JHUrO$*Rn z5`45@m28fHJjtj!j!sJA5)47i|oE0Ux zz0k8@$)AT`;X<}4PLg%}bRQ0J@dc zRc)q>Liy4|A3UKz9m(&thsd}YX^-l3lF9Vh^GLXQ1}as8VfM1{duJZ8U1Yz??Jdj5 zgQyJg9u{I0kwz(ZixrS)cxnzy_qc_io@CzQf>bs(1 z);KhB*RT#HMA`Fev|y=2kK|~5|DeQqL4wl+n38~9%EjPRzJL&Emz92X`nz)Lwa392 z`E&kPW)RX%97yUAEAi%DCS_~-JnV=AQZYHGxi+m=8%sx2Xk0F9KT}y6PK5Op2`ot} z(OhPhTTaP`^D{)SAD)ja!xCxLOXsc@XCjeh+!k-!RKZelr*pz9&lg6nO_Gm3v(U;l z&P~BAr*24+UI9npZ%CQFPB_Gr?)^~P_So+cFxB|@Q-gkg1dW>yd1kg-Db=?aH2KWb z0Wy11nq1XbB!pRbkr=vZl1pptNJ~YcJ~_<72rL1MQpVlBNui?QLAXj9nl>uZL@G^b zgdLWORv7uTtH9o61t9<(^?se<<-6aV>N0!`WvPmV%g9_<@z`LGY6wAe3nAVk3vNf2GXIwg5%_U_6S ziY2;G&s0RXe0NA7>*Q2`%HLwDy#@x-p{V1w>W@`V$K1@EY+#PVcKbLLyl)D1ySH>H z6tW`4S{rwWv5`zf6-F1l5WFwJ?^Cg%X=+tTwa<(3slPI+%cKwf`SxvXy}tVO z#YDNMHRHZ$4#h&Oeq*z&q*k%P^h(y${8+J>NU)l~{q<^e6bptMmNsrxd;wyWSJOQ{ z#R5DOl^m{((x*>TQlzj$uQwmYV8>N^jd^P@7oe(zjjAKH5TgDeCn}dZ&)9X0xvyzUBm;)m=OFkR#oD#5@2A8fbv6@$RXz|6)9L15d;}XH^Ca5bZuIoBApVJJmA6N zq^M3^$95wXC6}Z$2Af$})MngUq;`0x78W~wOHNFYu~dRr14z01j*K$u{v%m@Q>djl zAn6gUZ!so$SyLQ$K|Xv7Kx=e+POH^k{9?(THE)iKDHAwZk#d5_Z>CU42-yE#G^B?jZ7)(P&5Z6%Bu|*!cyu6d>ABq} zFRBTSOgt~TwFvcYlJ5AiQ zPrAvXLj34ASmLPd@YwsRD5{MLKn%PY8cPaWq#1BJd~b&98IEKX5-FxoW9zQec<0(7 zEuz$0*<#yix)9V=j50!hwIYcY7)o64(NQQXDYUD~w=CNasiqBlQ%{I!*`*_jvFm59 zk8eu}OveL%o^w&=A(`A8%qpEryBdBrgl_?FMe7fAHY*17lV?5PWrnc{otPV+bUPQrc zPXZSu{SRWmnpqq7O4sp$o3Mc zc#~FjHXivSgM;z$@%LyV0L1^#Q1Jz@|C*Y-e^BlJ{K*5r7|=oX$XwD|-16E?ux(sz z=J#9IL#73w28QLpY^Ea}ojrFvqq@456(kIhV6@-1KofAl zK2d%kREc@wB(_ObEQtB_gDd<3&OyoCx;&{OX&@Jx7|1fX{XL+fb}@jy-B#f_^JX<@ zIU0r$gmhpx;pEfRgso?au800SW&C}a+)jFbID*y32pL_Fa`eC%op0DpBtRGEdl-Fx z_E>*Lu~!buFCL0_t!-OKUU35hvL7r|Dw*c1ORmvQwfxm`r12bq(^ z2D*r6*F-Nj?HMeTeMGU}hc}mmgNJ z1VxJg*0RM`DsM0L@e?KgA`H8P+dgPqvcVn9 ze85+L92pi2guJ0?GoN zj*-c>v%+JP*W3g2io^}A3nD?;Rv{QE-NLo3qhi}{@t$3hh*v`*0xS9gqX%Fi$Dd>z z_%GZA#&ZU(C3i73F3`raxk7!EVb=?@dbt?8`gmd3ofX*&jtRzH!1Gm){e?Xn0>?SN zQ8i_yKiQS4qlGD?rAZZJg`zJNYAFG|ll!PL z7>&IgZpNIxsMAj={brKlY^jm-DW-dAeR#n}2Mf+b=Zi;bBD&y#9wAptMCQ?4&04L~ zoAlH$VO&>B4hyF`m1s&2GVRs$Wrj2dvC@=6d7cUn10*HlvIo^$4=qJr~Y0w%GF56p26#1VYPG$*XDdDUYXG;xGt{Qao5&M*_i?du+<5)t6-RW zoJoF|gg}b!1Yh%nPw2Ih0O6p;zV#&u0WN*BYhUuP5kbUlUJgcSUPD6zkh$Q^2t+EE zkp^eP^7BxU8xW8k8V*?DVLT^EyL@i)L@(14RmXajZ0^*A_vVx zu&VM?!?bu9(b5P_ddzLGZOx4_`x(k+(e^Fbb$87=azw<<;(gZ~VyauN$8LFl@rdzU zve^69|6IeYIV0&xXUj&lbee|@hRGnRusvnCM7cw@gwQA+oW>4c=!YkmkZ8JjkoD1p zs--2cbnkbz$HTJRlW8-!?l1o8CY_>^*q09lxf09TNSxNRT^&<#A5{ zy>Oq3K5h2$R-iupN^($f)MpLZfwmPyP$G(KfX^2cXVPW_H}*4Ol11*Asi1uPbywN) z2GadtGB(vEREiF^eYai<+<3Ilo)s_@(x{&8bL?WE1*=F#PW~-tA(^KF*E+y#YOh%T zTbX6f2+73O?W6wosLpSdH8aWT0?$X?_%x>iZG=f`by(JW=jqJ+XJ(O<5E4|6lB)~{ zV}mhP**Je6ABemBRST~s@E5Jm$C(JPmiyYtW&0~!;AA&a`Nk`>c$q6)r6@vX(W0jr zY78Cb=b;<-`!X>dVz#Y)I2$qLSRQ(YWd7eFrweQoS>J9S@3L0IzOCO$VM|1~IbN!x zbQXHWMOhX-TdQS@pV6D$*HJVK`H@+fDj(uv{M!HY;gLhGdyJ$cWv-j$b|(49H`-{W zvxS*G&N0jX?%R_=+<(VT=gw(18;G?(kVTJtbIwOt^x`!NnChy)dH9IQAxpTbw6~N# z3dv*489JJsLw61f#1n28?soU=>@}t|@!s{VfRAfSP#eDRlwBpB9 z5@d1@qOnn5vErs#O8e6Gmb)gIEBUgNTn4&NC#dHBK0R`O-O2i3cqSJa#}(qQaFj1u7SDm_18UA?{cD%EIcaA$bZ*jgh)EB0MJ=_M_S!2l!A%xy`PwLoA9eir z{aQE%n>P1V5O4A`GmWlcnwQm(5DEfq2}QZw#Ehsc+Ova{JdhqN zTX`HKj(_o?65lX1JZT`bvmEbisrJRyWKv`q^~Mhg$1H}f(FH`z@f_(A#f@k>K8r|A z&zQPAvu(X+JMAG4R`|4YCmZ^x1_4_IQ(TuYYXvCvs2A`p(!ATW+O^!(yOk;IR33&j zsoC+HIGqVBOc&;%^eAqikBpEN;jLM1nANdG!h+Gdg+X6O%e}m>BpN2yQoU+s2vbgbq5y(mLel) z<3-N+OD!C%O+Y$RQarXKw%y@vRQMJ!WinR%7Dd8THB@RvKaVcyE4nt9y8a?W0m~Zs zJAQtCP#29WwclN1+Td0NV!L9LHCjV0gY|3_Gsn%}JZtqv*sRZJbBATW2X(~#4OE+v zkH0IF8u{kT))aFsYw(I5ih(SH7iptg#f?seJJPYT`tab+Y!Vm!^t0O_UDqFCmo%dA@aI`2<5{Y#LX}wIbbaLhx5SbQCUF16aS|%30FRhgO9kx zefMHUB(oC%Dn28Qh4Ch%I{fo(@!dY#agX?r)sIrA_apl6EQk9&*NMIu`+Os|-X|jY zH_RL&*8DrJKrB)qH%YVF>68{S&C;w*^wKClUF%;~N?vOUB@3F;aGPL%sS4#N#RbxF zF5Taxva*GCcAUs-R+xRP=TVfTVGs~~zk**pc| z(Z-KsrEob#5AI`pi>RlidPwsgDl;>B;*@JjbF^fz$d+>j?U@YY(a84fd51EiTZa-T z=qX^sN;-$gE_Em`dh&y!n~20GbTCQ*H4ObEwYlhp^6wB22y)S@>WPc)bYp&% zB=;W?!J~r{e|V$_C8X)>!}MY7dbT||ee5}@GwD8i72O=gn3ItP6Oz)3A++YDE6-v} zxipWJeFD2u@tLJE(JE}#E|7IGkw@5JA4EK#AJ$e1<_e!!BsM+9>(AO6>xpWXw$`sDpz^$yLQYrcG9j>g&xMOth+|LQ^+i3<8Lw4)&e{PSLn)1+VI9%g} z2tU_WcC2_B2>EX_1n{QkKQBx&BUSmuEl#@-1nRCZwB)z_`Y=|j(tU}^ zTTiV)Hhn_XbSZgZY_%4u_0LK8c3*VL0?W&>vO2iM*0c64XT^idN-&lp}(CKTNFb(AZgjSnAkDl7tD* z;WG?^(c2V_wts&|_G9>P`1Y0X|05uu>ZIC>5}u|pkY|+m475e`d*8e7?<8L8+TgM8 z8(;=O$E6lp%fr0zFQJsQb`k@{Wedl9Zt)uF8(4D5aRZ|y=(-SW=H66jk0Q4J@U2;|VSD%2xgvU9 z&wZ=AL_YAYQ(7Oi#gRA;XLNA-cG`DxZU_Yg)SdQ}$jLe)!hs zSyBE4o0Pu)ni!UVdggwIg@P~dbrL%?7P>J!BAW=4Jw9gMq~}`D*>s0qhs$><<$@s= z#RJ>?;jGra@OZLNrCOHsyaPn_?CDTdI>s+081Y3Z>e+4ME+!gB4!Y9wEeL8*`;sxK zp0&p&>~;8-nau?jex34BS>zJr1F2mVG@vYSv#;#gB^XxqVZ`*bK!g1~Rm?QRpyqmd{PF-h|&k`2$#1_?)KM)h+{`B?)M$ zW;k+U6q6lExYg#hfAT0Aa)9cmhDtvkAw%?c(a*+l``s2ZI*8901DsG~^^Xbi(5zU0e)Qx$)P5){m7SV~l% zTeJ6RzCWpr_NU%n;A?RdXzlNE;Qjk^sKn{?RdD6C)@>$nXW-c;T!^!HVV!-KHv-WPs> z_a`t8bDKc9yj>nw?0N3`Z(KpY$A(*#wmsW(m!%LYn;!FR;+%~|uPZCEaX{;D0!WV~ za|9Nv)+sv(?F@YFDm@YRjb}D4`UhjJ2OeT339?1N=E0tGd?tw{4HG0NNQs0bCmKI3 z!!EX9|7Q%hNv)ujLzqy1x^CU(PYR*$gp>%*Xt_%iEuSe5FO;o_#^>da^pX87ak@Qv ztCn~S*C(A*G?*ut4w|-$&5(Nz2wAUX%RQHZ1t?@GpQzZ-#t71uFG%P)l*sTXrYBbV zx2*w8@81LV-@}5(G1&sjywxWLnCe#K-tNDh)ETZ44XemPQ!TgoW|szK=BSGLp3ieW zidzXYc!$I%JEd4j+kdox-N=E>CvUw;&7meiSi^PsXoJJ6l3FPtY!0XTR-8IU4$)69q_(e6&9+%$1W~dBjE4X;8d{60yCfY zSBRH?`$zyE{o>aiyBOF1T$Om{7*a&oF2Xbf_BtbT-x7sYQ4Mch8VxUx9zq>^wX$MM z1vAe}K_Ap{MnC(7?pO)_F-Il{Z!!73>u9Aobr@I${ZIh?BbD@3b6n;up5|*doAHn; zTKxgm2hu<`BC`rOpZ*098L}409pldOd#6v%OjE;w2d&+YwA?!MmlhpiZZ4h3G*~#^ z21IKPrtWPG*D>B9rGAh8l)41XsDaRr*n@VQq3Vv+i8XX7K}97I2Doa5RQV?_fJfwO ze}8eq&00vxkbpQMZ08@zi)4PGvp2d+Oy~|vWu*|x$~jvqAK-pm*C^F#8PzVTQ}8sJ zw1o9fjL_Z2Z#S*9XPG&{`7H=(MRQE;rtI04@bmEzV9a)$oY?Gqob0>VdVG%@}qx7DxhA;CN#OC z@h7W%^sCHljWwA~cMC&b8e$nCTO_L{z)qqenz%u{t#$M?+;u8zVCKw%(PnyG;;R%D z6C)pAJYMSG@Uixn%rTyUKaQ{D?%{FSsYp^BJ~=r7P+WlFc;i7;Oapz@yn(_T_dh*ssm*E@5I; z@Q1})tie6U3246=uP6S|!Z^82TKMl>{EvTP*c)ztQUu`+{&argy)n`a^>4FxbxrWX zgP+g!g>iRZNaskRS+d1SAiPy9pf= z)V7LCAsEgxej3ceqz4d=sFn*}xpT}2DJMcLX3WiV z=d{PqS|LBTc<;#s;vCbY_RdI&$965$_j$?Yqr=O{EJM>wt2a;NJPa=G+ZGLtqpwMsD>nria5<=iQ z9KY(*u^|g4qov#5%={ZaeZjZ-0r-TOhgJMH-(Rawh}(}jRUN%&lFL!ZA6em!_(Q0p z3@%j7{s<&9sT1jzNo3eY^4*32aWo{k(u_Vm9ezV|?hmZScZmdvQ-&U;YaqY5^8mfnk5 zryiL&Iwt#DQ zric|?Z&G(C(z@Q)qxG3WZe!`txpAxU>X<2a%|Dr*o_@EB-TcrX!##vE?!c!hTZ>gt zXs43(hw)Deip8c5k_y#-Zbu zJjfzxP@z!adUjbL8n0m@EI7SSz^C3b+sq#>U?Vo%pLpbW4cdsdSh*#bcc>}(b{NW8 zUk@d+8c@Q#vnY1IaV}LP3?!%jdjQUlwM*bNe|hP0qKVfq)WhR)<*MnM_RX&xIrO%Z zY;E!|zOe*GiKq56%HZ{=O27VbQ4HY|``DnrNR`JI^ftM+pd7 zq5P-$-<2w5hRHoM6usH<1G-J$TVvd3{UIAv3a8%8L%h$FI22|=J#V32-m6YGtrGpM zH06S&I~L^i$n#nHWC>K}>m_q5Z#KTs$cc}_Iom_iskc6f%N{XsTD4%~xYyH*;z03$ zw5-g6QeAdc+Q)v<7 z!hlFAJp0--EqxZ{1x1e;tTW@n>5g}e`Fuo4%Q<9bXz&t8;a-d9GBtk|vejNG-mtR($j_bzdTCwMD)lB`s zR6N}BgO62GQGGo=&h}(~ z5FS=F3-rAWR`>`BR!I#m{4)*D<<4coaf|NjPmWhRGf?7$77+$DBD1|*U)a8H!7waA zMs2fuHq%d>jWrBn;Gj^iPZQQ4;w%p_n?f~-MG%3g{Zrb+6Mpt^!+jIww!-DLH z`3yn2gVffKj*bo;tWeiYIDHbXQMNw;cLo>J)5woT_ZFfTC7=A6U-A6}Tir@h`C zj9*+h2t6U^l6z2no)KxYCG4~AD&noowu!9(PtA0Abt_JrJ~5rmsgF_X+_)p|i*fj? zV3*VR6KnpU3Yz>L;WA$Yo=YU*r??=H zPP@Y-8&3GX_Qde{ind1h)s+Oep6gz*s@}-Of_i&<)AQqpJ>$`&@Par`BIYI9Czl!f z0#Ib!8LL9`y67)I9GRmbfFzmz`EN`b4Q+4;rCK{`{`HcO#m~U7IP@;66kqy6rTX9zlA=yUI) zS9LUPx#A}99q%fUsSbR!hWu_9Y~Z_opm47u}kfNn% zcR#fFolAG1I7^aALz0Ypg0<6rwj86Rvuk~e##eg$D=(k(0k)N*db_3_vxg>)Z2oc9 z2d^{ZUm=o_9yW&9;Z-~eg4uFbLNW)Ei~=~<5oe!=72rEsLP=p37{+w$I-1i(2Q_ZR zuYJ&8?4j2oYMk+T==T<<=kva7*eA$7Cj4_1)vIb~o0Zh>65q1-SKmzRMQyqHy+6qskYe##=Th@uo_=|d zyv}sROc#v=v@>-0#K84Mn`#i&rwLB#)$iOi1`y*Up$n#|T-M1WpAW7{kt>;4TLc~t zOJw;=RduPA;hg0$RXGXCGMmh&1!u#~HfwXVB=X^o> zZpEb(D21DT=iL0yujlN$JF_#ho0#rS^YISpLs(w|(FdoD%W=!p#L)dn&r!{VI;eo{ zDm2#dfpqVU0Pf|rI}SRkk*sBOt1QB$V#V#~NLkt2=>za$xH z*hH%ShYVAzo<32$h6?%uw>0@i=7zkT}#O*P!U+V1DQX`5-GCv*M%{LENpBA9+h zuaFYKlZ&-I9o5UiMgL43VM@lKQ~G`bfMBx>CIx|#h$U5i320~pP6u<#5gmR<8$~f* zgY^MN>Ngt$@-lEwTMcTd(h>i!1qfNT>&0C66pH_k)eZc(Bfa>Xq$Si0||gh@gQ(L3^ z&|{8(g7+z^&&hpxE#!X-&rWm@u@Lis`@1vx%tPYibcJFylN#DpnUkG2NWLr&b#gw=t+gq0I?GL_c8dMV zL8`oXxB&zSgH$4mU1}FOe|DFPKgUF}I-$1l-IMirKyKZ`#kj&AR&RVlc((G{LCdpE zbSxHaxb0tf%9qNh;Ztv11l1*__uzru6+(CAeG?3J(8Jr;tichI|8>|axXUUv){7*F z8P3*CH7&u!$X(eSz`6pGa*b(}q#>538Bc5!pcAWbX~~~Bfz^*OnX&kuD1i*5 zYbav4FR2Vkh1MJ?j33NujvoLi8v{=|khZwSs(rrA_6>+87SLL~j%oi-*rt3h(%d~z{P_N9&=b3W*wx)^@?Zr3H0J2JLT9vCRzD3kku2d zxK#96K=}rknJc%^FfO7*zZ#+q!JGUrT3IP{!oMMvigA4soh|rQr025ZQVN6_pA(yRd0^t}p&9G_#2Nev{k^)Y+7KD__ znm@y#8qj}V_YsH-Y4%BUicy<6plV%V_xfN-!dcX*Pn4-DDC*^f#;_ktqBYcqF!8SH zNj|zWEx=g7?&z+o6R6;sdxYgHVQb%#yUy6oQQ%^DV&#za%k@P8#pria;(+b9bV6P1 z2cVe|&6;FNM1enc&QYevEEc6~E&fiMpGEDVec-zzu&DxNvXut&6iTb;Br8U^B)YRv zmElcl1Xv?=+HElLm1%AC(l$s2)%kCm#-&C0tC$nuDA;&6s zXwzqn*M!hLI-S1?+je@d7J-iiRMR1{=S*-0w}-Q>M8K4#5BM02M?r}BmOrftOWn4 zEJvI5X=@0Pl-?Mul+Avv{L|Iqu4+&39gIPyy{GS`L;R~M8aa!C`5w_4r`+I*6OT(H z*9vOCT62`;&xwC1(PUWhx?&*h;YR-UU+tXjP|qzyJm`aC54v9C8_h%qW_T>Zx!&Jt zu4Wrcg^J9u*4rG#k@_>m5e77q&oT31=@ilp9+D*d-kZ49_79M{!*6y9l}^{9@+cC- zkX7&ELo_+>zS%RK{Kiq<>nwF;imWBH4At^oK@?eQ`u4Z%+I!z!p96<~-ncL55u3gY@Z*3DVMJIEqYU-*ItoNC4D7m(d&VwTsQuF zIm6;5Do_GlQdP65&x1&Yv7i39f5y04d?yC0IEH2Rfd>Tfw*`%J{MD*A`>uvk996V< zBWFI>zcf&zCPh(?;B)mZ{4riG-T5Oi(6oZ)SmdpQ>}G<}Eu+#q4-zLeURYB(db z=cnG-8F`_fd_5xL=LxkjMK`_>kUBHx1~+%$e?OKoC@yNf+V~WqO>gD{4uvXH$I=IE zH<Emj)qPBy-77YE2sdW4Jtkkk;V_9L-Xbl$&vM9gNx_%cXB zMFzqrVL6wEANWBfYJ1K1%MW7kD;#95ym_ur*WcDnRnwk)oXV^sd{dF; zXWtN+2?Rb2rOd+QjiyrbsJtDkfSfoM zYD8LdLM1i6fpf)*ef!**m(4b>G|i`TY`bLUJJx^ZN08 zATd)ygfZeU@NbppK8CCPvt!wBZ8nGb!i&7YN$DXuC)SZa{Wv6%5p^Gm9C-nLJmO7a+g4S-+5OLaX#jGji2)a2{5an9X0gP67@*6gNRrY(O zG=LVzX&0Z(t-}wp{t8M)(O#2HbPKHXw^{hU2Z}`!WJ2P2TvMfsWXq_ zeRBGe5Pa58Fz}n2g`dCw%L9}*blN8Q%(qGw@a?CndnB%SBDQnrkN}HIME=Qko!O8s zDGO*A%dRY<@F|h5K2rRz%>8h6R|!p#S{!Ug4ktWqqU43Nsi;Wh#9p0)BP>;0A+!DY z??n!6lh78X=?nNWbX`(a&V24xT`3^72IHii)*@bocDHiRJlz)vUG{Vp%PUd6`jAYx z){gk3Y<`9pUifSrv1NgGEO9X~Wj(A8N0&Y)uL}dMSZzoN6479JwA>Vr!qNmL*Jc<2 zLX)?G=^cU`?}vG%wD#r3-bz4t<};nKh(unHI|_spZ#pUJ;12GiRmpd zBlHLZ@0wN{kd3k*q1&mK$ZG&Js5yJ1<&|Yf?G}p7r$l-m5P!wKGKGRMy!=EM`B!YTM=E`vR4mq2i-QhXs%G7k}SDrXnfDv!AT#3w} ziOkG26{h)BdC{*EY+P0%;gl3OI;CyaBBaT59Eo!gNJF0FA0_!9FT04hK=TJg2O(c? z??>n}4i67Q^YPrXSEgRUyST; z@r?j5&!#363q2}okb|k|XMI&40=|HW7#nuY&fnMjCxt61D zH;nllbi{g`G!pvGvz2lng)E^pj5KUh4a~Xu69~{#}R_$4)XvvaanSOmys%wk}?F=16L-OC{HR;lfTF;$xU7ny@oqm$77ZVkD z_i_^YGbgqEBoc+@vP2})Nf$3@k;I#YPD(xrP_YG4^FT0Brm|93WK&^!!Q{p*7thHX3Fz{lc-C1r9Z5 zoLMIy6&`ou?M{7aS@>K0iK`30T!u5;)Pk@I$DsEIZP{)B@_*|9%&=d>CoDAN8nsBi zV`0Yhje*kMzn3&%L0La)_fcA9hs&AZYZv4Qbp)re1g-_l$>dG+rINUK^HHSx+-zONJ`uFs=>Z}&)Hv6MoB9+cE4ng4`p0ExtWlX!cI|9h zWxY#a2svm9(oLLl<230>z_320MMH^Ga?2?u#75-%dVL+77dF(?NJUoE{;kCK=Es^iFuy&BrJn9Lb#i$1~v+- zJ~;V0cZa(t^=9vX{V?U5L+rp_-IjoM zD^W+A91jfMpI0YPdK?Vl-anX+qdrX$(j&(M6tCH@TI&Fcu=bmI%EIZPi7@mF12#Jd z3UbiWi)1kppQk0ovquwzH!gFpLlrqKaTYY3?UXsHa1dyB+d;N9) z`i`;v6PL&#p4W(uSRY#XyjYWm6Giu=-tmF7cHG49u(-S@#aPG#l&d&}VR7B!ZjtmJ z_dj|FO(&B%{nRxOl>grCc6WDoEa9V*las%#pFGziON*^uZ+xI*#vj=qq|rVmgvX** zFEObbYT?3Iv_@V4R*?_y5nZLjnbYff4uAb>OI=ht#ffld4?*FJW8$z=l!Z0ZW8Q^s zB^IfuObdsm5F4^(H?$`>OJE?Q9(WOwyshO2Py-bH5tT^3AQhU0ro?v2nJIu8~JdT1Q*IPI;$wO`JS)YxBiQy2;s0%w!LKkoWc5oHP z@!@qJNB8>$s|Ad{SzVa#B3^7Tk|z0FK*TmbGqBzXistm{$gYgp1EaA#*~gjsVL^DN zib{R3P@TDBxTwN#7I8^jsg~OGRitU4Ylv_!?Xu%PEcOxevXb~fb$0DA1izo=AKTbZ zJq_=(2B%5#RgHzKJf5kHY0ed8=Mt8Fg|*z=8;{|_>VeL|zmwaFCYivntc35#LxLML zuzG&jCK~Ix@SCnwyh2xFY#J{s{<2V-0LU zJrd&+#(fk0x%zhzI%HaF$r-sONBz^vSF~$O0OJ5AX0rpqhmsqq1%dJ-NzmenM7i@) zC{Ylj3j`vIwQ<+xUB5df8&yaskNbxqbmq-r=HR77&PVD>ZEUkLoB1(`9sxuDGv56Q z^1F%$)G|&Yeu>;?^DI_ZE@@#$e>%Ed@;Qz2D^xi9M(owx)DSjpW892UWEce#MxCO` zim*Orr*X3oRcp_siW~DoBa>9SY|dQ3G2#zM#axGX?FP_4m5qEhQilEUSB}zt#-K0N zf0O&lZn=0MQnI9A`a@dO@=Vd8P774bi`=>6Bt_Z6(nk_w5ze^7P1q7dn9a;QcQf#- z5gE=K>*wwaCy9nHcOF#?d(v(P5x%lX2pes)`KfLHWx!M>ULvG<%tUmemx4*k&^@Hb z-62J8#^ba&OnwZ<=o*=nSaT3u~yWet3u8hI~}UR$?WtQm2w-7It0&0J-5 zv}FdJ77b8RYgu96w{z(6htvu<5)DunG#6kp4G(0*g2kx1M`zHNVw zUFSF35U~-)t!cx&BR72-Qgvz+^JgvE{mE2Hp;C^dWVc&2rX8}p!V73w{dLH-_prra z{zPR`MNQcH-ZVcGui>Q$p#023eK;4;4nD94s+zrg>xQDj;1q^bGpd_wQ#ozk!f*Ok z^rI^C0w$m{h)+JWtmBj@uyYvA%4=g}Tk9?Q_}(<1=|x3NXrWBi)^#j&tc9-Lm|d2L z*15tpL(BAilQI~>w5Cz?u6_0*w4Xj@?ljtwY2`Mhcws}^EK~gT>FH@9<{Qkl$-J6e z&gh0P@>D+OG~1~0F8zj;)bBXMzuC<)*P!791=0xe2eUn-EvGS}CbqvEZK=jzVkBFb zQUavmiVmp1|JMq)-(3=^Yjt_gj}Uo}jQvM^NDnGF5ftr`BuE=*kzb%O8?nZfX4Oi~ zgR7E9rOG6^tr+TSed=pR7I}IS?^w1Xwa`LGhG)13e?*2|aZDuj!tvEAKV5NE)L=vL zmc!krJuQmVA}2X##O89;l&V@Ef|1A3RPx=(?Y*>2T!Q_{FAuNRd-Uh$X+#@_VCgqiV8m+XwD+Ka|nNbDR#UKUG#Ktu#K-=uRPFsp=cbibdmxntNOhi&_~U>n0We}iTgV0b z_Xeh*t#E#RelAaYgxQvXA>;t|0Qo=+k-pJVR~3L3wmdg9A=6S)AYsVtrwJMRn4oq+ ztYNeEQ#9%%LroXX>~YM$|7srKm&#lv3R?7s~oBwdNK)oAzA}|w(33>Whj=x8o zSypu#^3J@U zhVCA}bfQHJK6X0UCM(tPG4z2-E93{c-FO<j^whV>Cj{ciR@=UPZXIKo8 zF#QP3on_jged$xrl}{ET0l?DceAs2A3wcb>ooO&Pg{#Co{Y5Ux_(DLBoR@?zm}wuv zq<@p;8hrL*l6{Euc4pu&n%S-+{l;nPjS9lIMCGNOQb=i1a|!F^)ChDD4K4{~$V%qU z*QjB-NbVeGFBiUm4lKkxR|wYfbQ`N7>FZKj3|X}F@!}4GMmwRy9CY}!&s9 z+01m5Ni3(|e-D76!~bkd=;-ntH8;(8xSyyOyyB2)^M^^VKu(!j41Q5){GxFY)wPl~ zN3AXI3lI(RrSgQXE*Up3YThM7>zCaG2dzSjf_~~`8YP65_h`{_;eF=V`E{eUe_vJB zwCwB<+wTu3R|rfcR!3DU`8rZc(tHC7#!9Z7PUs}sn%d47g}YRAHs}I1#PMKI$^7Ql z_KzP2O|t@Dq~%?(mt~dImorK46qXc210#?a+a*&YMyF$9x| zLL2F2XIdRKBbm%p-CLrvG;8wt;0}ydE>#;um^DnZ#+kvQkfYJ9RG<#%1txubQ#x#0 zrx{=9hga)Ku^7}tF|?ZTc29DRP0=Dbjec=jA1Py<>Q>_(0l!N zT8fLro|ewS?y|+1%r~3A%NhXC1O&J}%)Lj<>z(O#xi?FOCd>`m0G~qod%ghn^8vr# z^#}<+H*G_UVHRImS~$6Ub+b<|DoC=^Ar;yQ5S*K5TOV?x#1Ma^RWr`TFavurOfyw%{Db2sYvKE5VBIqN& zqp8%2iN5mr+}DjG$^r=J(nF$q061bwYsUZs@%3~`N}p#(JPf!3`LtO(DZQVZVFx&$ z|N4R}OxZWY?xrgX9yG4jh&z>7i1tyqila7vSXs|4XbubDQqD$%-v`=#RH)~8xxH6OOGuZ&aD6IZD@l-aDQ6-7XH?s zy-a7vk*E9<82!Dxj&FRNWJdA%oY@(Z_|?z4tz2aq3WBWG=J=vmIy<1c%@q~1 zVd*Z(xK&qCon&e5`I%YOsg_i7PBL%glp24^&ed@M4ToGS-5-R2!eaV7e_(5Oi`au- zqZxO@fz$6oHkAMgcQ-;OuBscBKi6rRKwG7V5N@Se4EVg9?&JP$(M^=x=0+wPh00>bfanJd z(fhQk^#5xCQeDXZ4*Vj5OIXC!mLXYXPYPc{to4}YV)c-apS6=`QA74ji{#3CqH50m zEPi${!O-1mNeyE4fVCfo%B=R%mW>Qb?~b&E8`l1bsr_xP+4fEU{Ho)!|B6QG^;`P* z-){PGeAweVuYvB4V^fB~3c(6{Ot951^4L;Ou871Xyu9}a$SOwS>5B>plYN@uGk<4K zuxMhp@ppR@>V6;EeIgpv`%G=;9~$qx2+)F(7KMk~$$QtUbJmnhnri}lBIn=as)X+Z zF(z5Nmzj3V3`F@_N_6%iCf4O%c=i#D$m=KmF0`oA>R78!L&G|hOz8sk4^x>z_q*#5 z`8Sf@42d=x$(ke-MnRMK5FB%^P6Ct}rOlY56lV8IMdFOVY01fTtXK4=bfuY?o2RFd zg6f+QjS^Vwa)Kw+0s7)U+bkak<)F6lxl#_=&Sqy(PHAQ`gqC$JVq7(qU^c&uR^TnR z9X*{dX{zHpv0Z%JFeG@~4}VQyB6=p$HR#P0c1%6@1iY;Z+~#n#6%d6tGvjLC8l|%& ztLrndF%RMhDVWjtiR)2&ik*JE(=q#!Nhdv#-Nuf8I9 zbv2U84mOD?>FqCeevNjz(F3aN6v&RvbOG0B09&aPbYC0o`r^~i8wfsL{HK@20O$ur zZ+|27T9Q`t(fUVd@t~_%^XoE9P>H&MLju7!yitmwJ_N=qKtEcU9u*KN1y)8ODq4}L zyo*lp__BBE@a$j3eg2pl|9B2Bn^T9ytnxVit9B{AVT#rpS0;P@Np%_Vb$2SD(Q&@< z1I0>^pO@ttzLB6_O?Z{1HAhnaC@d3-pP)Zy9bIvcZNx=rWQ$!m&a$`!M z$}A7afzP8h7N_rqL^Jbrat?E7xz%jz{e=4dJ#X~!XX`ym{te2KsjDpHTwRDhgX%hi z57f`;@9*#H8ynrx!E0||j(y#K&LC%WK4IGxKY&+0t&o-?DX2a!0Ab*(H83C13a2?H zHv;@shXW_#C-9!!081<5?kFAy@1XSM&T)ozl-@J=HB||6$~cmm%Dy%qn7gl&C~7;m zh9LaSlDOczSijpVYNP2j*T&xEP|U<6ihJ=}L~-_p{)lI$ur!h-HfKoIoHd$G)3m&< zDJWcdJL0RcDp}ru2RUknK4%z^mu!5jSLWSa&_bEEcj9aOZ^q+))nxxDt0DyWhm+qt zucbeY`GCgWfZbxbg!{x87v1`Um?$}F)qLr432*O+IXSWR4yo$>PIShqQ@CVs_*$Ia z&Ct!RZIp@*?0x1>l(#-}xP&cOHoaWA#haC_l$Og;;0N=w3pB8?m$iN;<(=|4I;d!L z$F{Awk4D{<(__1v_++QCrSQ{{B6Z^j0Yqi2%nyJtHQMTQZ)Wl6o~dhBl3RxIhGm{# zjGw!hOp|mi-L8Hk@viOT2MAHARE%AfHi6*76N1nyVchUNvAl&dx(yu|8WeGN zcL!zm|I>Uxa|U=nYDQ9Sv1muDDHE0y#W-gT*AtD#HxWAQf?jN4)Cnd8BGUSLDNf&& zN5x1Kt!~UMib*GBsOU`#&*j@So8+REZ|R`qJ^+$UF(vXd+^uYv5P=kx7@hPhp|x>U zEqhIw<8#$ME(QjTvw!4XLB|mzxKgspD9$|1vz*C`OC>;R=RfBkVUQPdR}J2;ji*;QZkWM}js~e_)dR(WYnuOQGk9KFcF1$!N=;#| zi>b*)Ea)3w0WxM0$|F6HQ%W%~B{U8p^r*FD#KhkvQk3e7sg@zV;V>kZh&cOHG=pn# zPvlEF5~wX4{x4O$oX#=&R6MUp0DMtpves)0mtIG!{e6761=Ha02 z;f|pVP2X#lh`;Pq%NSLcvUGr8^dWe7cn#t@eUtx2k4%KAd)uGii*w*exAKrtWPvNt z!j;B~qdm*iQAJ$3O6fbwxI2`5S-(;xqAZ}Cr-)w?9oP7t&2=NVEC2itMc#6np(uXd zQ1AHd0=g@ixrq4IA%Uy@EK8qv#BC-+f}8l3SV*Hv&>Wv{Wcl$+o;y&NHc1u;R}5Pw*nYV_2pap-1P^{=e->18c-%!i*Jb5 z@ZmZVAaye6?g#U2wiEDxa0&X*hq4#L=imS1FDh+Y1AkJ+O+-p9eCNKsII;Rv0IQM- zyHSzED!LsvR>E`{mxo}MrnybZkOy`yNW3Rx zD&y^o?&Rugn(XC}l7b4i>1H7&CMJ}yC`*Ov%^gqEB26V!hzdPGQu2W!BA0v;K#pLW zR!jEDJWbf@(Cum2c0l_3YrGm99NOcJE`*SK~oub<(h25d!T9Z{T zsR8uN+tl6*m$&C<)FnF<(}vZ1mtC9gh@&k*42oUvG%aP46{n3QYuyHkz?v{?pC^|o+P97q_sfxqbO=n%Fdi2p-VnrT`rCkVTTp)PU!YW@bSJ>$XjeAFOjtc6z zekwHy09U`dBpTRMv2(P!)@(LcFY=;Fe(Oaab8z6{))zdzcNcY)lxprqR3d(_ZdSc% zIlSmaSFRV58x@-V1VH1jhf9X-IEl$`=R+D?q!TEh#6y}nQarra#~*16V! zcBEY^7Q#wNOZLc=Db}G`<}IsDTcfU{{aqN{D(eJ9!u!}v>5b5PzNIc{SAGJgFM$Ko zD;n~wkjh;&tmg<6H0%L*k%|`DvO)Y63m3x9wY`n+8k^j;pICbKif>@8F1l#g+OZ@Nb zYupWJy z=K0ga3M^DCfDfmvj=u~pO+!8f!v|G2Il_X|@wLrIXyN?j`BeP!uzgKz^(hEazZlbi ze#!?|AUePJ0LsXs4dra!Ae}erGR%M7iBt?x*hGV5#LMf-@H7WIQUl-5PEE<5ji+S_ z>O43B2Md?tO%+PJfg{?BQR52b0~G7p5lVl`OLv6lT2_)Kif*Y6msdXV{H|v|x`jGt ziRubNwdIuw1ze4Do><-j%#AiutQ5foGj(6IQ+-ucgb(RNr8&>u*aKl#f8mB^b}=p0#N z=@&&6X+b~!ilchT#*U>`Oi!b(K5p01zlnA3Vf_14iso|%f6ZU`u_I?bq+I!*Jqoq+ zv9Z6yFYAD$x|iih55z;hea+zYd3O;)KD64Wax5|_&h#QVRT#i-At;+2Rli?EuN_;; zc?)XBVQ6>%jlUC0$$9s%T|u^tW4V5o2G=mjf_Vu1e70vv z3@lQt%H5aw!@}3n>2c3lnnv$QQkIqdd^N#wKU8nu52#A8Q)b8$z-oRX!Uun zdJ@ko4KSb889zGbx3lRzdIytx54hKqcABtk%RIHGcyMarZ~hXz(!8KtE52n(W>BVw zv2E+4++#nyrTh)%e|p4f=6K>m9;*jFZK3vv&Zudm&6enZ zM?qGG_1>g}4E1*>MD^yfhTtKdv)ELjV~Y5!^UNU*mi7`mSc$pq&m*oR7;=CM{|^V? z$;V&asba4kaq*#Kj-KYnM{JmSO4aK_LSM zL~xKj8r{UxuGy*0*GA@*_dkVGrhy2bsD$5Yoi_&~prKQ7$kM*?CEoaPDR3UB^isLgW9(n)lQ#w5rVH^HQcX}B$2 zAzjZN`%0yYd2>bkF0B0fc9c3Jj8&y~m)@yIt392Zme9&9kgye`bG=p8t1qkdK4LOk zm$Y6+P8OD@9nEG~V4_kGC3%+Jw;TRbHfhkN&>#n0vhDW3$zqpj@DRat#NGLh0$2>5 z-C|n6<+gVLrG8Rd;TlYtwirE%W2@4hRqEd-=rSQ)S`5@c(trq(;Oe(f)q>1xziCZI zt=>etH_~1RxfKCfo8-O(k4wNg-c7}La{bzv10So#>;3s^VV6cPFr{5H-hb#bQlcSm z19ds6@+CEKQGLk~pmS^Zt-Ay#FMPhksU(5gR?JVd2Eaa&=+O7^IEL)GmybX-se7`2 z@Pa5CW?!SaMl#hAI%V1u{FbtbD8D`8Yx%RvzTs#)2mVJ7PUr6c{EIUx|L^U-)U4ua z$D-k$k_ILMt!3bvbIxFN^7->V)XKPPLaL+2i|ZSSlr9CB2oijbe}E}Rf6&0Se3aXJ z^x+?r5#&>1Up{BMV%q7G`hsv7<9Hih=9z>JvyIb9(YKgnG8^YNs0H?@#nVHI!10+H zC4N+^m^r+;QFTUzY0(^X`M_-97GLmPBFugDRGofCHqG$YD$DJJN`xy_CAcQQfc{Y) zaPbKWtuAECOoL~@D&UeJ;nXK}2V(s{Qtg{wzn9s~lDm=1b7PR+Xh~tId^(JWgWXa^ zez21-k8Xw0`}p~#n6+=w_&l3-6;{g@`4pwIgn+}nx3hl=Ao9dY!3_C_wz|&=w{#YU z(gmpw_P!UmFbp5x+js3+jhLETN9z9D{6h}rJzD(+bWpIo6+O;#X#=LpEr-$4f?e$n zcln^=7oDnUHmNyvX|FM}i8KV~tenb}>8UqGd}R&fLxWfFwd#N-4eH?ZCho`pbvt!C zq}KTejq^Jz0zcM^vn|1CR@CIy%e5+X$SDxI{iu zL22KlKUWN5_(m^wffB0S%#|jOD%1cnpCgL+ssKmhy&1m-VL3OgY1cyI7V5i9-qr6| zYD?sUxg3`l5>kozx<5dt)3Mx_C_hEhgvx9Nd-lQWZX%T_4ZF=A+v-GDV221Zuv(*z z7@Ildu=YWh(o$EU7OXS4G+1jOrT;j*A`qJLbo9gKh<~bc9h%_g?eA|t4PUY)X4bmp zv6tC}S5jUklpexwG@gQ1GnnG}o%NQ%RA=_%iOKzPvij7y2L_>?fX$eZ`D+Mg&TLd> zbVCvJoW%a;1&d_;NI5(|is$)@D0_KArb-QVLUZdYINm1&WO~VO>V{n>gyW>2FT^n@ zY7bdVig?*U50lUUdH?VH1KEw%boV=`PT~5MDHI9pek`72%-^%Uc#~;o9+xK(MggEhron=w9UaD=-buykemNTt3SQh?hW)&Gh^R&Ug z2_EAUi#b_y>W$x>La^~bG;$hE=ZK$u4Bpe$hnV9izL(ntF7nTPwBdy?6%p zw=_)*B*tX|4`$%Xn5PD!Ki%DNqS`|9Wp&|H>1$WtMFh8H18hJ78!&_=90LT`IsLRq z*~6u9y`$P}y&U;>2=Yj6xsx#MV`I{IXS;mPTMqf93y?i)6rfUspJF2Vh=AL}_dGr& zkQ)_6{&BJ`TDd3qxJ|Q$0dKZNf2arR>qyl5GJ3kq4h4VkPgEMJfcw$CZBlq0QR0r% zwEUKubWf2 ztgZOir?0P%{O>SwFvX}8z=%?th~oqsNi!oPOB;iwe9c7K+D$DkztRE>VM_lNcqcyg zH(yz?ejBf5zHvPAQ-P!%(3Qxeax$0CEza!?26u%l;bjQ5pf{q@frQlZ@kIN=nDA@0 z+S~Y{{OA^YXl0ecw~#+%1L33kTo@9(*IIlNOTf<)_+~8oP;Y_2bfxHqO%TJfU( zfJ*@<1ZF1Lb#jKw6_Ic%KFMv=F6)h&aR>O8&iTw}DXHTk1Nh>oA*v(sOa}FE3_cq@ zx~~${dW%!qh9T?qQ+{OSI!9+*AOGGVuvfG1n~)GF{h}XK&}JvZeeDe`h&bE76*;>s z7L3no0HIF&a>px@09Ot!2*Y5H@N(_6+L#w%Tg&KlP&f^*g@VePpi8bG%u;Ms-|vHA z;rAx&excsT9pvLk-~VL;6_7)3WjA1Qp-}~F1oOpETaL{4a43|}#$RLIXY^f^JzPZ> zu{SW~_7JSdn$dAsCnPLWj}U!wO&mjB5P6))O==@fpVUM-j82@|9H`@09+I+%`hU6qs!DQm7sZ`ThqL%!Rd8j zo5)%V3W3A)sfL3{(u@w_w;YxZ>rKYl=f5d3%(kQ^)fqGxBV;204x1U@o7c-b)yeB| zoO5j3Tw!Y|i4Z2wCxqzc*tM$N?et0qxjgMM$^2XkU~O;Mevj_c*f?Vv~X z*rkbR#6fRB(>xou9?Hk3`J@{`1RIFb@OCYp{35#v zX98XpcUNjas712#ef()(e-?+Cd(&21fzH?3uRF!ornk42|4rnzyK)SVDLbYov@RuI zpLKdD=X?kLZKa^hkr0Szas4weyN4q-D&fPubL+7xUH`|20OcN{oy0RDWt$iv`maPX zs0u2W@<*uZSTWdLlF~kDU$O_LLE)vFO#<9VBp6_4e^G8lFJL;V^}jl{HQ2jURFsT&jlI9(KCZp@8IO?@sQX z&wht$liePX81?#ap(oMP*XNon7R#%nmMm9u4;VJB*)9npo^fgRf1<*qk1=+{J%HDi zWh{G>7`c%9gn?0J647^jq8>dh=A)t-Ow>=a13YvwNZnZn;|M{}GSvehsq(@)z-b)9 z*(e9*Y4VV*D3Gd^bMK<#7XtNpB|VcXlRu%VBEKIWA75TRdqxEJ~@HS(w8{!(s1G zSfNwMV>4nQ#dLdbk3CJrBIfSZWIP@!MjrWYgeWhRk6 zYI?HS>u(Uo-uv<&jnOwDnJ0fUz0iV4 z^3BmQyYj-FVv;;&mCfN99EOW0_pdQ#0mh&yI3CXU_^(+!V}Q8`wz zOG@~Tsp+Sx-o|l?!Yu0#YIC?WH=7;)sKQU%6cL1zqc@>h3e0!8*c|j|4#*w{?5G_u zS05F6<7D*lTrGnE4F~Ceq6C6CVq*r)4@ObwXr}?GhR5N?--`c01D)>gHT-l%+ilD5 zcO1(~wd>k0t`+a-W{KGcMn%wIM_x$Zk)HKvyfrDsnp39~irWS(^fGANock3ofG|Gj zwGaAxN`r~LDZI9_RdLM0ooRH2-yLFcYrgRFnT?8B!5>Q|K3u7%K}QB?(7tG5Fyr4D zXRX98ay;cbol=_nX>u-d{Eltt{7^9{z%Vv?ze+`*5cY^rE$OA>bp1@zR(~hhAM_UQ z(nNA!jX^0j3&L)7*vId?PD{Q(BLaMJZ7&rxPr2Kkh9S?xRDij4-||9=#@R2=S7Nz^ z9kvTy{1s!rDfTk6^~lX$FC)#PIm$rh9#ZZD_~3=7Q(8GGC?CzOS4}xRKs-YwT^_Yo z8I{L4YOslkXVL0ma2gX?XiviEHQyAl-=J1qrnBMl!J(JTjP`xKvA$BQ=vZ+O%Iq&( zpri{bp~`@984&uUP1v6Qf_LPLsK^oz+BZ;HpbE5Nr|+hyS=A44;+>_LPxc(9Mvf{L zg0Se;5&UABjCT6FSCX-YMM`5ebUG&M>BN}yIpLAEM)CU!M(on`g5m9@^`yFk3iUeP z@S!eXYz8k90-@@7Op=c>rNbp|*=dqXuX``jY!$SP&>&oN!INeF3Kf4RmG>arZBfS% zVoiG^tFBzhUSxn+QUupdkPdTMmdv2E$-YH*hhT-Hb|3e?T>=h^00L>UwAGnqLnM{Ewz@@UN?J zo^EX0wr_0f#z|w_wr$(CZQFL5q_K@QP15GQ&-eFv|AlkTp52|9o$g$F{Mk3ox?#ciw({me2`^}3@!|Ad@gEXMrZkTc}*U< zZ4*|V&*UOR4BkVy{cbT!pbZ5jyQ)rmThI`K4OE|aDY+?!UkU!jf-c`qGButCN<)uN znKxIJ2~Vxb(j0*-p8s>aTGtMmjc14_imu=+V7cfs24wL#G{N-_dsIC9aYLAh1_g`f zkZf2kjG%kusisdi@JqRm(@0$B*d=x~<%#iV7ldQ&s4K%cJ$cQ^d(ILGdQhs4U)&`%8fD|Y@OVa8mWvJoBxusqnXmBa**`! zTkeCEEaEPsY0R!Y)Z=;IQ-^B9)S{#o`3|OuWkV$r{Bnv@p%s`BBfr!aou!Y-L{eSK zq3^4jmtV}Uy@oDCDB&ISdT9i|=UV@7K*#F(gZnN^VPLHhp!mN(Ar@&dJA~~z-}juu zzAdc|5OLkm-!#O)Xknsi?tf(bvmXI$@kCgX8LiJUPac-t7l?tFe$nPLztw#LiKCeWg$Syc6A=06g5qa$0 z9?MhIuj&CYOS~q_TUw&2FI%o|L*y>+Awv#V321LUlxxH?DR45R#ZuZ(<87~`$3@W^ zbEiG`+Ep)Z^eN_m3kCj-^{ppeefUXEWKG?hT~;0?l}58}uL6fB2#CZurWW0X*P-** zp1h~$E5IF}`~nOwC^e`?H}}D&g3E%~%X<0gLQVlgF21~{2~Tra>7!lOlkul|Mj?;r zb#$t%v?d}?W1^DCyJ|hiSnp^aleH4gC%ix{?+_a%Z;8*dFpKMp^#t2!M%rYw)$S;E zH9Us(q;N`B&SG5q(} zYbEnfm`#7G{vRLZ?j*SXly%u^gch}1u0BMK5Y#p=y2SkCJG-50If;SYE;Ds{Smb6H z6_kl;5^4QyM$|YicNRO?2$+k?GAow-J?0j^t{Qy@8(HSA0$rOU_Y&6?rR85*$?sSl zf7fPiTMgP#&ejlIJlfETPKk@YnA~)*iIn~~rfev@ejTCfm;_^{NHZ`Np=?FJQe}^y z-{2O%(;niJ%+)FzRKGN?se@CF0KYtRiGnqk%kPg)u4+i1vme89*&dD24L=o{y(gR4 z2eSzjb>Bs@t@HVV-T30q`!-Xur)326w*p+zmCu;-jD?dj8fWA!$zAc(b@oGDs#4i+ zn@nFDd;g04p{pSLWOPI2*MT-yv|SWxOMUZSJdo!tSD15Gg*}62|Grs_`o?5I{ZLAs zpah8lJ|h4tOIL`7TAFnwKtAH68i8lQ10WI|c^ZlOd=hy}eL~e?%LRD4fsd^ojWyt| z|G4y&5!_!4%6)56U0AaCMLqPW0Xpvb?kb<7< z=Gmy{B?kIt;Bbg&&zxO`PlIUDB#N!=mARFtAo@3joZsUpulV0C2U~>JvH0$^SPDFpok9SbM`V)2UgTr zb)LwLf@b58zTu{{Cs4Nr4x|$%O569;ncPE6XT$qhHFL|xR3!$?<66)KN+% z!uF*n-5laO8weIAN~SYL1X%H#H>N%P{rH`G@2Cay<{$J1CjX~tbxZ`pE%(()r6&vB zwS2oWi1y+Cq%fAn|DOIQ_Dgl50(9XL8H8OgesCoC!K8>`figFV4QKxh?zU_lxBC6lYQ53*RmvL3MyDo)I6KK?| z_f5WOh;e+5V@#E%TRVvZ55*G)V%R+@-8DSUP(D#w-Zszn>|CvLC}Rq9Va*GAJcWY$ z=X_98Zl@mDMpn2N?I`a?{857((s2v@{z)`LkQe2~XKdZsz&bhheJ*|ugKH%Fot2^X{ir+)Bov6)){IV)Y=bOW79{$F%xunIL;5$@#iv70byaA zPq{cMeeWieVq`1=Z%|!~!Yk2o$`|u13Ao>9K8SvdKs`iR$8GgIt2QYj!_|C$CB?`~ zX2U>jRI(`1+XY4@ad(mmm2Vtdqg0rxmU^N!xV>=6Z)N)jqT*{YB{n(DNPpRA5j}J6 zvJpkCf7{4Zgq(HP>~6|wDROL(m1|Z@3Lc@IqiqSp;faW$Oae`|kiqcz3t=A68gWv? zmE*@p&V-4rLhn1PgR#){w+-E-#2A&{5jSE1 z>m6`pS7$YGC?TiWX918irO9p`69wSQwB&2xl7Qp$@9&@XJcmq+QQh=7hjQDRGAbx) z?k^ZGiT~`kHOwYapcIK*JUyI2mRSG94%1f|TTN+hlo()eII6(uxlq~2tr-Q(#)CMv zwVm0FZjm7|w3TO3wpsrQv^s7syeUt#jN$r2v5)!N#VwozRaSC{JHpczKXEA2*~T$U z$H@D`h&%kPm8FFV(S$)_;(vcXmOa_{Gs6zXAr}LF1x|;wrQt$*q|kv~F4YNh|M;Rz zlGX2P2YW!7xjP>w;jIRl$-rbuwi+J>3otwy9aYwFWC@O#fX*d}y~19EoDhGT4BU0C z^2mQ@mx_P+rWrMsi2d{gAN+%&BY~~tm8O<&|=F=Ir|>bm5;*}4veo= zb7LBv*>E!~8@oQY*=ZBE3@mc5der1o0Kt%V?&1q}7ZYhT1iIoAJ{-`?0e9pTX3DO~ zj6{efFOQqMGRifz0#Z&Ga-f=?<4wOfKNevG;&+K3>~bV1{>Ea|;c|TV^=pIH>}jm> zaO3#c^aphW2S%&n9Iv{y=xn&H|p{ zw8=|qz*DJAZ{j38?phXgV~EdT!}JNLWYqktMgy-?|8G`D8v?g4iIYRKqGFEcEPP6u z+6E%`Ps*2HQf!8zh8pH=eyYdiwf5n;3PIh%svmT?9GIl2h<=#>fw}%RoZa z_}8DUzgl&_Zps3bf`EZ1>4*2w+zQsC5sk1%zkVVm92(4R#>W;O5KGFnYMuR;Y_u53 zphJb?zCo{9=l+0G;q5L!5Y9jvaznXSpmqyY6gL~3lX&+Xj>}Lq-FckZ%glH>o+Tv7 zlL}x;$0PgiUZ2$!={IzvK>jbym}5Utezkf4@wTsj>onF-jLLThu2Rm2J}2|#X4HrA z?{#!CE5ju0HU*%uiFS?kdp{s(YRg9CR* zqS<{QslUdLaUqE+NyATvSG{m__^w!b;@tbsL2ed5C4NXvj5q+x^DBWDq2x9;Xn6<%1Mm})?Ir*jq zY5&CNN=YTBFRIc{ODFS4DxE~XsBmErca<{}3+I}i1b4)&Ye;Xt3xv95tT(%HuDo^) zqe94WB*(NNLq4NI%2M)NSBNn z4C>vfj1Q-eM%1e9nrCFr8^3eGF+O4xsQIoj)Qtb{)C+kS`yKGOpv8DTljTygeQni= zr}tQcM-4EiOFa?Q>cN%KbX(pWz0QZi5k2FHJ=rJPFBfpLBX(^qYwCY#Es?Jy85;GJ zwkBVK*1V|mSi!j7+R5q4Cfw&BKoHLA9|x!bXlW42-YZn8ea>W03_BDS0>KE%hEk72 z*-ZH9i7C4cNB(TwK!!Dy25urI`w)>y)nib$Yxv2r(N6lTh|0C7)@S^qJx(xsz}VBq z-nBim8R@tq-tJzT^it-#%y#1|DHT$BN7a`a&;XXzhb7v4So%sh3_Ls)0@GCDu~$GqLKG-*TMoLuLuLSZ|KI+2 zgv8KF+;54pDplh5dZl0}Do?PnnRUVfwA4$|d9Yrs%&ckP+@@IFbi?-+Qe&tIcWswh zNfuai$~)|$+P*bA9NqWJi=WG>yD*z&57yGS2!>d04iA33m!rEPDX?m(aa(h&-p1Z9 zYI7y``+Sq^-8+!EqlYZ)CI;n|i#mTdfBYZ-W-Ibf2-*E6ap=}WGiFoj(~&rtt!Y`3 zB0)YvZ3V__<`K+PoA{9hlOQqOlZ3G!vJa}-n5Hbjtw8c@@fFaA<2es-%3!-QQk$IA zF^%-_QOm2aO{O)aNH0zkzqBi8VMH0Llmy3)o|04X%GckdjfnuZvumch%~X zjFD6_%7qA}7$M;`zOwagaX7%NNYNTvq&Juy2z$9e7;Ch|BRfw4Hd(f)hJ~bWMnt%n z%!;2uQ*v7)t8gjfN8KK1S!da{I!kAy=%1wCfyCc|OJA#Pe$=1FtJ_V7nj^247m`Wm z6ewu_$PRFzslWWo)3^ z(}iM|7Le$#A7An|CgkC~Hvii6*>JX4OI)7h5CpYIsjBNif&k6|%4!Kfh*k~4lDMU0 z19U7b+mDyT=<}%074|9uz{Z%{zpo&ks6s(>cpK{85}ta_p`-c2!tX=)4aJ_nDCD!_ zA8#}Nhrub6lW8dbus>_l^$#Q87iHD2cgz1&6zFw=S4Wr6!)SlBTOa0d;Hug|rZXTW zu}`?fhWnLA=G^S^NYn|aUaOGgZU+nvQ~t~V*pDuE9GvhW;DvC1?B@0A(X|ar^ROb6 z@@l!YENhPJh9-2Kf%1wEZf_MThHhSi{R})W5iefc&=<|I)hk(7^EPlS-9OMDkCmC_Po`h!(RYM2GOz|u#hqx<-?*hmYV|)4jHqi zobjg#Np^VL^XmMgS?3F(T)I4$uuOA;`mrTfF}I2oh_~`^4-w zd5NcYudEiH?ZP#iPB$vn?Ll^U8GN)&N|KX6u`N6 z2Ry!1RE)rs9A%W4z;+-XJD47COJZS%53}_Rsh)x;5A~I%PlTcri>XbiDqcb@bEoWh zSfI+pI3FVZ&=;V`mimW3ILM$-=zdED_EBiN;$bDTIeoc*?FJ9bH?gjxA!{q9{oJ2y;Y06o z(hicgbl>G`>N370uHNm4$EXT>)U7;F#r%Y05BxwYJXkazoL!!J{lC46)YubVv*2f; z*o2ARM*WmQRRaYUiXTNTPLhlO(Q}ZvRZ=Wrn|jE#yP)E82ve(fd8;DCs#^l#PKek3 zOWQ#Zid%D&A%~jDsw57v=f+lgaCs;+VQe6?AL_YXX^gF7%}I;KV=RIL!j6gKo4@4P zZShyi<6-Xw^A|A1t=Nve_gNZENw0!*+fus~i?7+YL$&9USAW`@{|C9k=)U8bz;bMV zA!}se5-F(y=0sN?qAPzofYf?^({5&oMiZ~{V3EQ z46eg2s^6FdA9=4u+$w(qf9(rSZJgGiT<^2{S}gcq!V5MK%M74v!7f3Nk%_dJ5sktT z{tnG7^Igc^_VqYVJp1_b`)@$4Z=mnuT=w&uMm}Hr`H#KYO`ZOYtM-k%yF`S1#H43p z%$6d(&TicA6PyEf{4M5InI3PWak$pS$_4Y=UngJPy+sOKmEgF|6o;r|zHKK>+^qkW zm`4nlxLxQd=UGP)*>^FPp7IcNkAr8)OWB!O{H%5IjhT)12%IFZ9cYjcLeWt~l7ro% zP8|0#1Te3aPwiDPYt4H}d9|5|BhgY${^etCDw*d2-_%vScwj#P-fGh_MSE52-%96_^HQhzSrh-lNWWtd~Z0 zQsKcEHIQ`O9qT&wHU11qi-0?#pBo+qi_uoBiCb5d@goR08)yPFVJ{^A#v;0YUcjEm za8`e&lVqhoY`8A(Z#)*~t%8GR+FuyZ*LDG`#x~PMOQrms5Xac{Z(e zJ=R7%L{T3jBs|_dR_GUtw3xc{Fp)QplAq5xHuzY|qqk-sR`~+-Jv*0*DL-S*6<26B zI4UMRRn`&X+2uXx=D@v9*!$vWvSS%EcASvre$6<|Y5paZ6=I;rXi~Sj>C#CZS9OW4 zDtu%rMb9g7WM)1{6BHF=4?I;|SNO3fCsR!NyI)g`UXH-4>(^LMCb^R=Jn;rbve{4K zY-gP01Lt(q5lA=$uoiTC=e=KaR%9>0o~`ydShXK$?ZU=iq%U3{$X$pZkWtxox3sG# zRV!YHM(eNf0ptx2yaV=+46A!K6JMTLx3k7QNhJ;WCb;Bmv9XvbFy)-Zu<3s{6oKu({KAo zKZMk4$)IUdN8go;StGVH5i^vJ;WW^=;6%p+p~_WlEx3EJ#FbSrS1H3t__RFNF7+$k zd1&bYLahZVw|~92_rV8xKsnJKkMWFMu5NM%E(elDe7rlNUr_a#^&r6Eb}4uTEzmK3 zf0B#;>uj>gWT88wJkgFaj8UUjj2@a80#3e|)(CYpDRK6VZ5;s|clR7(1y95*_V(}4N5fSUOOa3VqG(A{;Bp({t zeoUwMp06N^uTsG(8aXo_B9|AJQ6b`Gn94&JGP8_9^X-;sZ@K-OOaEon4%rIlywNxF z^Ez8<6to?E7_QuToA!}k6TK&}WL|Es*Vp^%7Zd6tv$6Z!$`K3*9{uX}pqJ705nPII z=&y6jAXAl%f9;5ywjq2DssaRnx~}eBupdJJGN!;r+DUQf24^}+$3VIni;7PkE%^-s zJepYtKDP81Q;YbA8{K*%&zN2N35q}uY?EZ-^Ee0WFqS}TPfV8VMK@_pKxjY%kAA0l z3*Rk2#Zy=P*g#zBx|ydY0@zdVs^%rs$VeK*%7FqNxVx?zG4i&$fCHl)r*~BWEXBpv z_I}EwyU1tsD#I>1L8D0JTJGEXiF`WG0^Bx4(O75?%JXcB<@spbl;!0VPS`V8zXX2D z+%i^8!k=c1O{cYwF?XZETwe$@yT3vC=H-}g4GFK0pnF_Kn8JZ3w*?|RVYR8Nx}K|>s}`A@!4P>)$O9^?#l z?;%kV{~-Xdb%z^#%33E#BQsY}(LkM;c}qn=U9cwMQ~ADC$5P7?*0HOy^{7?Pj*#DF z=%XMTPaU!vP1%9P4PgWEOF|a|{VunZNPNFSDPpP&g?tfNZFjsH=w?SlnMiefGe!Hl zk)qRDb$(`3Mmq%adqqojrU~i%fil;EkG5H0po>vpvxEX14~41DCll_8n;HXtEC1pv*q*<-XrdaE)P~M0OpL6RZmoV zk{%Dl2Vy}S-Chv;q3t|0Wbbs^z}~}SVw1*m43JA#DU2d%j}XNQ#&f^I5?ib$`-Vzr zbBsZqti+x!hOx0t`-u^2(uhayx*&irkyt6J_hsPN7>{Z(+Q%&zs3bKF;i*T`IUp*9 z(8J+$=@N@W#%j{mY1A%Y!$s{?Hm;XLnBRnWVS1`fhtYYt{9unv>4WWRu51pL`55RD zTg9%G{T_mY5^4abze~#tH>|&nboq=Hh}aToWJ3P(mmp+`)5M&K!(p*9`EaO${U=LT1<+Z zW_Y`ygFAeZmG_bxmQB8_xReszUdh-4WmQy}CQZ|wMQ5C2$YhQILbd7<8(Iu;P!i z$p_vY;7D>4>azr~Nf_D;C^!qfsMM|0Tc(c)M(hoh(yIWa@N&r6YKxy zL>8exTFr{!j!!KWlZUKORtPt-_{0Ov8J-WMA-UWEQUY}K`j_!y*Q|XA z_QFBAYVKdKuJq%*5|gJ-O^3CJ1WQ1=q(3IjJbZjJZbd1UOH2rAq!tY9vpJ)#X_J}- z2=jGJbzCEMRy=R1_rc~e1`R%_i&Ovt8SgB-`uBWZpX)!@cf&deOc8WZis${2nx z^A9=`@>G}7@bjauy#C{V$AqoQHL-6Cr!ndSP8NmuW?)kR5#WF2q zVo@lFsKnt1MWFfB*C9Ooezyi#aKa`GVoEzC3U!gCnuUSa@xTn={BM70BIz=n&Q!6? zLeTO=e&XquS6OqXDaNY2Ln8j?lgE)ahZRLEoy9dlTXz*PT_enLFE0UNmiYY z7T%QPl?=TU@n{>!laXRsOqAo9f3XGvVWK5Q=aG$Few0|k=Vu$);uOXzxAQ=mVC_vC zjGRc{6)JL2FrNb`M_)&6+QnuSfq9p}H=j#K{IggL+@@%`3R@q>$Uy#;R3fczq;^Lp zF}6yon&=Z_M@1(3<{}X+lu2}2jZS#Uu~zMga`iT_@VN@VQ%D&InmM?nyJ8M4pw;3z zUopLqt#y@&5rL7_vb7gpdF7Y`r@S9Eg^RVB%MD}X(jA{-ox5F9w8S15Rc=$ZC(HK? zsC;WX(9SnsGnR*Nh{kshD^7b1G$a?q>~|Ls6R^26*HgMgB^{gXdl3xesXu&ut+m=FOLP>8~w^0Z3^6(52+tZo=d_T*<%smYxuo@!E0ED?X`JWpkWEF;rUQ zj8Lz&t-+Ex5dlrsMmzjfkDq;?9CoxG(&*@5(pE3}xUH~{X9*1ZjgDo%eN`MuZnG7u zJifS`rJj@ChXOFH7Bn~ZC2lKEl^Aqr{rpANP}3G)Qxc#TL5n?gV&vs_0Md1F|IrL7OQ@+ej!w_=Z@-Vjq{n zp77(_v5WMH3gL)Ia8tyW#s9o=#4VvZAC@GCZPN zX~Mk7pNhJotQj_tIl7~#8sBm*VPsL#K05HvzNtNB2gvOC(1P`U2}6y*Mwky^bkss* zYea80)5!QJ6z8?~aJ~v;e3+B;JAALEife6UuLR=4sSWQSj#IBu!>3EWbzw6mFo1e@ zgT9g*YFs=5q*wW9IQG>a6R&JipjWz)-QlpNIxu&>B4eV+-Q8+?4e#n(t{)yUYl+Yl zHLV>OL9dzylO~sDs6-Bms&lpWb(rHtWWJ&Ey}6!I3VKu2f~+~>&GhK9 zE+#y^@Xtwmv%0nYV+~}qu&cQX;~J{o1f^SI0I-OvEsqXleT4UHX6alp8w8z@9Asb5 zUERhzN80kbOQWL*Sv0;Gv|HWBq?+Qd5Lw^oK*fP!k1-MdaW+r5e6W z54oGzpBQ_8M@$IC0yGz=U7HS0*@M1taZ4PuK!)tx(o?q* z$w1hAj!S$pvoZ;s8O7*>)YInPmhG8Xc+nEN=QY|n2qM{F9Q z-tQB=@e;{A{^@^#)^%YwFiQjALYrhxAN++&V8(eVven4nnI?X-r56j0Ll#A(M{dHh zZUb;|1tlxSDAz-h5jLn;tom8W<|W$8{0b+jTIs<8+$ogsXeQE)(w@zJnFokBs^WWd zZr$T1wz^AzL15C`Pd}VX5 zP24fn`v#M?-1!J4N#iITuA2EPBHgaQ8fD{z^WMqQ&ghW2{W1rAZZI z#7t^j+VkOtA*w7Zo9sg+gf}w%*m8Fd(eT5JGP6auw-k*=j`e}vNqWQfUMVQlGec3F z-RM|A@VqBjYnZA$_7*Y1o&w?efkEl-J#gE26<%c;gq)z=1y$x?9q#yDW`%>OzegP? zg#vS=74J*t_0&~^I}>XuhKM|)fd>Y)hBOqfB*HsB401C%em&7$M2qv z&SuCNCFQ=RG7J{!4(t)1}-kOr+hloFSA8ds(d zuO-$BoAkr1$4%RUByJ6WGP6B)@Ni*M01a&PfDN6cqw5lhA0(&doO9u1omrA0e_qny!hyGxYir5KH{9xrR;+! z3on!D)$tp67sdA=ahCwALec~3`qUw^>9!p}IzIsNp7#%ANOBCyyQ(-Q=G|MnOqTNU)jgSwyI+!Ts~y0xvUFYbxL(I&z{g zOK)O&ZUz&l_U$dL{NkXjmX^T)kKfN>TFDD@7hHqoCiB*gbTM|889M`U$$=}k$5r7| z*2?@}dK;RlCDvY>BQ<(9J2VLq5|`V{R=vn~9Q(1JY&yd6`bOU8>dfG$t?u+H=$Ilw|iYE*nCZOdX^v(>zHu$=@r=Fa#?wzh_{0Du+s==YaPb@NV`o%CDARQT537ic8%sroN&{^vm(+0m=>cVmQayS+Jtqh zC31@8#$s1H(O8i`(|{SD5cRIJ!-V`giXJ|M;>5k~1TM-1{jrNI56(gU_GC72`(qT2 z=7L3>H_@^fyd(FJ0TvQa2g4fN8q)?0`iVSkmF=97&Y)x)fI%l^MLquHp#+d5(6145 zwS*smOOeR*d~6Cvu+XS?8gu${&3ZIX-QjF1zf2iHx{s(=8MO_-yfbI4h}^5o1ryeZmmpMlHF^riwkJ_NTZ^3M&&ve6Q z?}_C$B9vIgw-n>aU)&u=rz_5(6wlLUUoO)16}|}LEsfVKxrljTDZSeJp=m7P3-XPZ zwoGQm85Br1V~k&y8nBNZDfM1N*GCdKcNAr!TAOGIN2;a}`fwMXOZyS~d2sJD&IxOl z?yXml>Q~Tt(k7wu_VuxF>7e^Jpk3?3M)jr8NRK8ASEq~35vTpL8aeKr#KiXDX`KRVrU5U8!QlfDP z8Z)WJ){>+}Tp?6czYt|;&gT@fnJ0*^{hxyhic`CQgi z^65@wWCB(l?HTb>)&g^AvGlE)gN>w^W*3PD;&B#L3xAhkn-O-NEU}o9f5>MIsbo(TjIsxP>;B`C^KW^ge;{#u7d7VU;)GdO87V;yUApBb`iOx*Ep1(m? zBew&cd}J1O_}>A~Z+GYb3lN=xw*sN}-y*LG#ngR|e-t58oIf^PK9!mNIqUO~t<_R-z6xQ*)A{5&*F ztwW<3mA(mX7ECZh9E*`_H9S&XcN}wKx{|cJk)7edmFea;*~|Cx{=-<3r>MVVGs+&x zL{xFRG|h{4`1i($L0vPF(8UjPP^L}* zz5-yxK7D_}KHm@+z_{dd4m^=LV}%Th=~XO!!||oreZqW3TsN2J0;<>zqUHlj?|&>-FIdO>RX@@On_5ZWL&<8a<^Bdyn!_&#h3FN5h=H}+-*SBrwu-_N``&&k_K$yH&yN>Y(mZhG6 zn}4>E{j^z7bqy0}Au-5Q^JI5M1Jc42t%aW#l{ws?KQd>|#vqAVz^$S1plM(9`zCP- zKzGa)QPNmb#Q>!K1}Xg_fJqI(FMM$c$qveR2-n7& zHHIgant~o#lzhH+T{ghR`IosZpX_9`vyO!Aqgl-mnnmUWJXS_d!flI64)f9j_lNxf z3&uYmn|Qqk0<926h=}iYL@_P?o0e$~=n*~M!S}%L?uH>yIL2>5V>3TeX1O{s*=?n6 zJ~MI39ehJ3;HBY3ZujSk?_!|9fCOz}Wag45?AaT?;f+HSw#>I3M?xR4Np|zG*%(D0 z(g-i@aIp}o*y|*|{6@i`b?UfH$wo@5>mr4{+D!gE!ALl1#_yvxrzqj{9bV+q!oLKI z&4p!|-O4=y(v(kd>BSwxXuPtWB9zawr^NRmqTNXM6DB50vx)Y6!*3Xo82%MbW=avW zkX2Swn&h;94rUAo(bVVzc@<~f=6#GNYx z-DDn2bz^V@d0nlHLt}tP$<~dKrc-Xh{Re6Kk|X-S>VfHo0yFJ;jgl}Bdw9>2Dvujy zr05L;BxkQf0?kyJvs4~f>gHRBn}wV4lJ38;+sIKe6Cl(}`XyhZ$$IUaL_K-5|m?0N64(t=j@Pd{&0JlHw==@rKu7FCKM(8oxM=ys#+bBuD z0U>Pq7zgmc&(RRq*G@QgH2Cv&VncrMkuW zc`+IwcZHcGW4-x5rp?u0_RU z6W-LVGe^E1I%)E^RCD=DYs-6?h4NdW+E4f@STmrTB;IFU4s5+f$hY;JtQ4Ig`cYBI zr9s>w&vy}B8+X|}bz&Q^Y#W1vO-p!(m{{j}-g>iA;P?~fp%X9~9NX!MP6jhVOdKI! ztA&4jSigcuweNQg;yBRAY4fV|p;Pq|_1DLcyWm|fZbQl9_ti!TpWq)%+`8SssXGy? zz37+XLHQ`IjxriUcS4IwTEr=@tm#e5hOFrxDC!xXQeqwt__vz8`qo^Cx5|F^RsB6 z-80w>+kM*c95@@=;{iI6dBm;rM2oT@ZnPlqO{%u z3qj%@F7nbQ)>u*eMNBE{dHq;~LI({lYKX!=G)Ek3*WS7IGUCx!h7QZ0WdT*=f9oR( ztyt9YYpaxk?+e|D3anT#h9{4v%`0@S&biX@nVlo(nwou~{}aF95mrD-;sm<{|E~lH zf-^H%OAmsMV=^90grSu1%o$GWgGa2o!V5$DSQpN|ErhyH=Z{$BQtckfz;0QS^MP+S zHbyxM*Nfnhs~{4c@s{ToC{T9Ap=`8^{a6?aH$cgT<~AKaz?`C*xFJ0~5Y3Op-dwFL z!sxA(ksF019h+V;8c+rDjA&TRVnMhL*CdqM^f|(oP8AE&r3K~deAOr^>sF)KUe+8{ z!%u5YAoT_)Uk5g-O%E`_mZU zd;W@6W|sg>%y4JAsp^$qeqrIUS=Fq>)l`XvOxbckzrk@;=}kO3@2uvX@z~J_Mc7kV zv?s$uH-aD*x2^Xv-Oq~Vq44}AF$Rio!fLJl7j&i5DnCXkEDf!gbx1JdznlHaGL_0$ zGxR5N7tZUv`au`t(&HcU z?OW$Hd`fKhUPub0y3R|JImkz{kj4oa7I(Bc!pn-ki=IV8wI$f+9!NtYWuLHojiOhX z5oX4(5J8|NzLBtClJY zFo`2Mffo@yu`ld=qCY%dX9p{;-H)!sncWY$<~o=rGY{UPo{H^xnUT5vzp_`GV#iij zTG|-W3xb{4!Yx~|$Z6DA=OilxfvZY&Zj?(;%MFfns`r51j)KdAR}&h;Fll3?c_+Qv zf0yf{AUop!uLVHL25+V=yY`lu>q4OMbC(SoQsq|-B&f03BGvB4t6!cdpt7n@88>SY z5)qY?u|>SFI+w_m+`7ZAMYHnra7}?oQF9hyG4-!Wq{oAtMjBJ|)X_wT+^#9aBXkv0 z&mdYd*LY~}yl=ArvVc%HY_=H*U-p0_KT)J5VtO)ibVJCNY(;5i@!nq4-&2&uZx_On zQKw?uL$Gq~RF;mTUVa@>;8gyBIe<(_$rdDUnpk#|)XjOd!DA+|S zk3;ptZiTDWO=V5YL@dhF!bOA_-dB0sI5(^unl{ifkeO zSBbQ2-NKvS$r0m$JAlnrEZa5H_X^~@BAqnn`GT4!Ys>T{!Ze~vfRIpeYBL5#vR~6M} z+iVNP-6<4z_m<$riWYY*uEn)jp+In#(gMMuxVyW%7AI)Y1PgxB?_VctW##U@$n(xT zGkf;lLvRnos9q58Vbdprz0%DU_|A{lGmhY$rvPC#Ji`B@Hyl$s_XC(_9mdD|@dvup zS2oAN^hB`GYS=5mjTq-@x0;J6v~ka3;wVa|YGSn`yf!>?1JTyWOEYQlW@h<|FG?Qm zZ3sU!cOztMS=|)*yemE3cBCm}sR%6A>{4yz7D6i7q*u6BB`4Dc3SAjlQtYFyN*A!E z`Uv#M1?+j(09*mIWol*yG}d%7P6LDd!y!AkKcZdAa`e)Ojtt0m>LW9y-yQ@@U7U&Q z$W>=KEA>h6L)=8um<4c;b57oPj(UgSG-R1@#xqYzC$_TkVj9(*C7*H)+gYzWto$wk z#dG1vok;cft~ZUUi4RLNwe1DX>IF5HmcXWPeE%^EuyC2`NgRMKw9Q6}2H^W9G>(k-Pf;3ueN@mo8*(=)Ki}nlx4m}BarawLH`c& z57yA8N*r$*^@>SjO@Ar=;bK3Y^`=VhroA$B;s@4IXO6eh-Jx%0;1~+9)mXmr{ZzdJ z&0JutjCUadzt?+&AUez)d*mP|MlIqO`-akm%2xN{Gg9eadu}a8TuQ8E3v4r~8j&fv zR2Epl#kJ;TzX~omuQ2i|hwqBmHYn4EirJ1n1J{_LZ;_gsVM zW=_M<3^^<@W!uS>#_b4F``BZ)(}^E31F%%Iab2hRRLk1X;d@JIIftwUnRB5quGHM& z5a8snwSRn)|2M9Y2&s=w+*vufGU*H$1T_=JJ@07an`kj1P2y5M+ zHVqmxHvJz+VfOfQaO^JdC$AXB8ZO}TI=#vEDJC4}Mc0dF4;UaLRbSnk7BDXl55$yKd&acVYq%#OKmBE2#EYw1Kmnxar z+6U$kY0nr;hc>vlk2q{YP%;h7#RK*e`j>bi%I<6|I;2S-cDU3_UAN*|2#XQ9{%zQk>h{YhXNvxvg-!0-u= zl=^T*etm?qg0=4Gf2r=w&DPh=#P{~nZ}wPYQAhH}Am*kDYz!W5P2J#J0io(MX$c05 zx3{b*mK?H!G%pWl%&N$|QT>Nh5LiwLwrj+Q4BxZ(FOiY{+|=052gp$Dk?HC6!u}r6 zx%%IjUxTQ^qY2Y|e^gA(B*hhSjT(CfW`M(qO(S%RBTcvS+e! z5*^D#%ysNHRj3lbm@kH0Yj;QP#BmF$iEbj`ThouXWrC%-?Z&C$kE~VCztFOcmaO5E zT%WHqsF2DEPRb!|6yXi*)T12sO-{)n#+xEh952)5K&Wgv$Q1nbY5iOHYJAj`7Djx^A8(^kJ*n{HI&UH_18iZ{`8}6>hdnB!xHAf zHvulHtCFjCQA^YCs=T3lE=bm47kNfe8T`W#W;n$!SscJV;iC21HTWyDSOQD+&Vd+F zM7-g4QG6}&y}I);dNyh6f?h~Vqh zLXpIyfrtKpQllZ5V$f3P0x5Xjp!+W%YPu^jX_%w>?oyAF89W$$G?)^$$Z4%nl7@j$ z1PR4hDYq^^*wHZR$^0R(s34i$hB8?{(#NVcD2s<5Az^lkm{m?o8!!H8nYIOoyl1bs%sQWH+vV&HQ&Q#`1G%YH_BnP$ z|J~h1x*sQxc6Ak0e5xZi7Sl)%7u=B~^3TUE=|%m$8?`ZdQ2nuwfDpblEUe|LFxDzN z>;{Cq?g9)@E&0BiOQhjDWcB4bXx!7P-GmJlRimqdjAj!0nWlwT(MXXh?mD;M2>30X zy$^?89Bo`Y0dx^ar-B?{gL+K7AwEKvs?YAxWvJBVruAYFQ-$2W&MW0kZpshDUw?$O zcZTw|j}K2sc80BCq*fY*)5WfpAYZ_j%6;CxKpl@BrvW2~agpFngW_cPm+kjWhP$lv zx2FbNbbs=2ts_f6#UvNR<;qqot#tQfp!NSIFtn&QaTGxzvoW-al)v2q^Wdvl5g+(hcT>=}S zqAn%YNQ@c_s>lYQfQ+@K_(`+m4>{4zg9-Tiu;1g7 zcH6KK-}OU4VSn|FeqiD@_u@A@qFO9?{WM?@FVG9%1U*g3uC>=+q%L zPYT#s+xq*WI%sIIg?h-?VQ+Noa$9ifBR1SelQ;PE(u$R%aJ3{H^U8LzM5%dCb}Z0& zX;*T6_rv?V`3%;rgfq38uI_uZr5Hd%VU3o;cu87$#J;$AvK>U3PusmfE2ClejB1{} z7JoD#9`azHV>Fr|p2#Nw@3jHD1lpwE6XuU+XoKT282hmu-iVghH*+Ou6I3@vPfF7Xkyck?b9Hu}0TJ+L7u6#BswxDDh$k1PeM}J5o8n~VYvbo|*Bn?{i;JmlQ_aynNUggL* z<`N;0#@`vT%v)!dnK8eV0l^8eR6u+=I!d#Y%&u{f!#d>;tCvvb&ImV{5ET>qbVDaW zszlC>YeuH^(MCh01*uqJ68|l}__sh>ESp#Elb*MlWH%TsFJ`?t{6-cA)11&8lJ7h3 z!mLVoxCU*2t`c7<6P>T2mPsR@<6u@1k!!5yi@^c_-78uGeKm3izzadQ3||9m4tY;F z8OZ54j{G*HL=X)#mVG9i!xnL@AmMe@$3I=@?3Oz7@eO5EcouDLw4%Dhvy02`roGr^euFuKK>@-r0bW2i=#MHC`kX)Mmgevksn`E+O|6Ps*@ zJnUc>U5{koVdfQzMV)y2L1?KwgOfcx+eIli_Q4uMR_4-J&5*h=6fbJ*9q5!UBcoXv zCT){5O<+9ICy|jY9{N%69|&~ut&ix%m-r0;M`5Oymh;lYGaP=~>`g~*RN{;NP*U$7 zl)Os;%&Jx?qjMP0Ix^#2z8RMO5Z4XZxi!7cnvW!$N9Sq^cR=JUWy1M8RXh|#iV*3+ z?3IZ75c?}!&&W-v0O`k9UB?W{_-~9)Th&y4+AgAU0>#tk+Zj>se&g5njZO#Dt(5Dq z`=U8Y(c<=hbB6Tb);Ic8Q7@a&m{m&7f5qd87+@3*>qq%9RLGuYSes73b-3@7fp~^S zNq`J^^-j7P=Z4kL~04>y_v&TA9PXEd+6ejK>9u* zrYzM{S#VN(P5WmbPZ&@C@$t2AVgy4mu~u$fazE8O9183{-Q^p)xLQ^BFHE=VpKYC4 z?YAtOYB6<_NUZB^6xn=)X??cNF008ZmKU*#5=58`L;Y_F1-ZbKyl*H$E#w22CdZ1A zF@=cM?`I50q{0v|{f&tf9WzaKR=)yxXHJjapm|#t4qG^elTzwv)wV?)k=jegZ?pBZ za@zJCS&XkJ+I6=tOp&rRLfv%;Xm-J&MqWsze`sVFU-GMd*^Ko=)mnEX2c~5dP2%xF zxj>^^=KjR_$9+01I_FA>_zkw;_h%%tdMBcpg2~LaPz+zgEQX(vk-l{a`DrS(BgzO( z`3dy8NtPtcXvnw{Hd&!T$#Dr-V0^zR3;D#G@DmsYF_e9M{Sq??PurACn5NcE8pn>% znQ5ZkPigyq&HjhwDPvQ7$Jq2D%`x_2c;)NvqI;zI_ani#z(bmvd2|2k1(nBefZ-c} z2gx4_PGDm@$UOciVS27BDYr^6uN5QUa=9j1h=EWk7YYPkYjB_eCudg3Xi-iXsndQm z7rM#IGGxhH^Ho^R9+?R#&v#6NmGZdc#trC*Gpg0mz|fUs-j<|xnN*_P#{^vGH^0-H zMKrJd^;wZqIf~|#k~w^BfSw8_2f8I6;gro~pCOXrG)d_%-eRsRwf-_>1gTR-yn43@ zTVY=(fv7X;9){NXC{P86y3a>pL^Bk9*_H9EIm-m}cB?X&1{y)6n1D8kLF08a=rXxF znC5CG>>J;bqO6O3E`)AkWdy>T}csYi6O+Zs`gh@E3*Njp!HC)pmso9n{~HHUW1MRwQV z)aN!e`XU_>pbdF$wA2K7p?Fi?I)(FKA~yFkByLHN_Q|e?olT(U`)~BVuJ^yyWVQMa zkXk@QqIN%)d*q`)`7=%Y5YkUrV2Pn0t}7Rb)Nb|EEmtX%--|^!f(!WM0f^(|#g)wv zn5X&S%5^_qwR@pU?nHJ#=^{V7jC)}xDJlWy_d4tLBWq;VRV=}$mjPa0UJo~?_xkVS z%+TOwuhWHJ%g7r|_qO90(nP&fwz=-=>gxE`V#6-K`&{Q{j=SC2w3=b(=hUYU0rA+Y zmwKt-Ru9NJgN7wJH#=#(*CrhV$m|}%NuF;yXe{q2^V|@OLvntE^UQx9*5d7#fh9__ z8r9D7u_bn4_0Qr&vLczu@njEX2Q!CFl=cDKX^&-VsI{a*-0A(~{E8SDOwi=NXLej= zk{jk`3{4|PCZo%;S)}q7$cN{Wx3TmdjB|%uP%jgdTcD*X25!r%pN6N3uJX;$H4HGd z;cUDeW8&tYG(ipsn{+YinWM9d>W6!0>-j|Rb*72SG!Tzqd80cvH2h0i63eYFMwqal zTu#(ui$wP|IgQV(76!nc(!BMdI` z;@-^}ZWx-)5zAuvZFwj%5UfWfAGD?_(lWAptj~sQxKQJ)(Y$yZ*i`^Y`}gm!9V>cKnL5oYAKfH_y=7f>yaEF|b5?)) z(rZv+LOG=M6Iihbr7}`nW+9nnKy%WN1a%=QUpn*MgIP>Yp|MY3#L%LF_uvb5Tu6>n^x+pY z%1Ax>!Nll*AHTY+#`3c+dt98vvX8D#(LXdAW5RWnd+j3*4XSHh&n@Hb6(Vd2Rk=Ia-K@OFxZ?|t&oO@-U>k=uiHO91HtYoq*b*g0vlq^Uv><_cs}QT2HWERxe~x)@#+2 zv=3%*rI#=~G_~2VI3FZ=1e}XRL`69Y=S_qTehE5fXJw5Xy`4-H<=ho~4Of<>+RJjR z%=3K5WBu!Wvgsq2?J?5l#4YZLc1Oeplr;Ch3*ft@dl;LAG2#YdOg(u;OX4#XY2O3| zLj`myrl|tB3k*11ta`h6U7eO{CB1*Hy4V3Jv#1g(K~zaRs)!|Ys= z{D0mz;?7u=MMPfcD;c)e-+%qS2&zt$*-xeuvx}rNsxDBf^*#E&jOIAK;@$g$dy$u! z6?=mt)@GWKX3Drv)|ub>eN?r$TIi{#z0MZ04A5DJV*u>=(gPbcKh0vxuIfHymzJJd#`!$ z?{Bua-ULoc+~iIGH-k7&;0d||XRoL7KPE7e$+u#GeTiG0QP%0vp9PZ4PH30OmLuPr zGJgp9*#1%;5PNU_bjEXRIsz1b5c$N8yH58RHsOVh8qt)6wM=*p49vWRw~UD=TfxZ9Kpk?*M^&BE>Us6b4~ zr%J4DI*#!`AaHDtK%@drDH2;t4?mT+`%&}k89-r8VL5&BsOGz>QH zqeMyqlIxHuDn(+zMFrM!aij}#?j_}%B+>8$4>y7OUfDo4s!_puL8fd?orSZsNR%{YyT6di-KiM5QvRvh=- zqI{D$JpogLUmk^A8h5wkWlA%ma@WcPO6@9n_{^I_uEbK4e=6r^;=i2GL+9nkDkkf~ zgx>AfED(^R3Av}XzpIB)>k=dYH@o)9gmppqSlUIjD5}Me<&=q>#j> z|L*I9bHCgB-?xq%FG|P78v)PHrix{Cn0VrF{2e0&wRw^U-ofED4g--jc8Y|kwcQHN@hA>_{=N8WJJ&I11$J-GT5u1PAB@@&SoUS=@UCcSVA= zRFnPWq{mm_8}=x0ok{ZxqZ&Noj-}Jmq(kD9GXZ<0Nk3|q5M-WB>?$Y?bJ`~MKPL#L zE2Lk4J#}a;v5mwC%NVVityT4B5%8sB;5BgSWAL;bXxwxjC!E0H%)qJN=hYe`t0ae7 zOo`ry2y&Z3{`94H-EZA-w-VCB|BLpm0aR`u$PDSTim1`kub__mks#Om{1>0gMBFt5 zayWOEDhyM2Bogzf@H1Ds@qZ&PR--H(&yOAzf4_y2SNM!w5(ZAb_+do>;T*MFBY*UvS}O$ zyt@_6m152!@iZS_iTfn8VM0_^-&hVy)DT2SNrM@3#a=a=dk*m&yN4G6f6|a3J3pMTX<>Ik z+b@8FSbLhcGlIPixE)}DDLyjK#jMEHDW9iU@_oy|O_8MG6dSMC%x@sLJ{`~{L~CSw zLrwpM_5`aZZ&@*1VkBj-Ez>uJZ=;FMAz46$snF#Rr-!q)&;saC4PM3V8{Ao5$$JQG zFd{4Ih>$z|z=Zd9$fkdhb^@w)0ehjuRv;0LsA)s5K3wcUzU>9tJ%sPSd;AJ%^2I|5N8S{w{12I*QK2!XsJkPtNzyl-d0w)yklop+$-7 zd>e`D8|ZOY?}}{R$etp?g-fSyY@7qdY#|mZ|HIGfH>UQJEsE>q{RgN6H^(5rdmlG9 zjcD>~c+e?|>=&Nhlsdod7eN?vk*e50FvTt9oG61!YxE0yp~YxBoRM-N=tq!f$}pEC2^2vuU)KG;*>c%G&* zPn%Ik_~I*h&>?pRnl`kzIk4V`|D;*(Q#i*up!w6;5P(Lhjejgp!lVEe$kq(({b__! zl^uSo>v5%dSk9GlYsWM@E?Q|87P1q!eK1hpBp6O)-Ad0P8pWkJ3ys=v4Ug`IYF9}F zj_Fbc^!(aO*<61OjrdH$aZ z@GvGNVzs`~N9^v?9hA0y{Exz*^1*bZ$f29asv}2A>6Yim1ua~>Mp+yR9??si7A;^q zAwU@-=nLz}M8OLOI7eLzi=>~a{g8~8gHUL{Lh4Lc`Uq-_?$*&DoeJDJyza8NyMw=* zf3Mp%EIhq?cedr?H!ce0oME#-4dItU?~1^`a#Mj&)AFEg8yA0NH>#27ztSr5fCZv3 zbp8*om@|ld7pM#RUonMyhs+Dh26SxA%*;R_uIs_bq029b_rch$tt*c9yvSBL%IQU5 z;^553t!47cteuDWZl8hi6!&`uf2*&&c@l8Ty3hf%qI+VbyG@&dz4Yaa9?FuWciBP{ z;P1h{?YS{;>$qw#8XS|?xpz5$6x?UDWL=hjax-|`NNda0h+7i zWyj6-+4h{{BPN;h-H`5ji5I(icv=3t`SiFV@q$|Xa&?}j`uN9_5RPwqV_uQA9f`Y- z=K1PlvOjxBoJ%9AuO+LB`{D~*+xA?cZ`ko}kc*vk3<4wZXs~*GWsuIAUn$N0;DKT$ z%Ht#qou3lCKgO%Qi#UIF(H!YJBN!3%%8DSN&!Vtqmx^Qx&;WQ!*0t&uZd`_>bQ0Q| zV(=7a6_`ud6{JA?3N+!9~=4AZ%T7ObZIn)=|Oo!tc<68x8UsGsDPo07uaEq$AF zgw>Tz2cn^B046;Ud}gZ*@wAE8gHQkO`^k-kL1rX>(doQd7GJ6f_3U zm=VPUdU%9#s@T}ru*moP?E!!=$_1))%HaHA@*F2Yi^`Qj!CwpuD9# zl;f;Q(z*@%a;V6WCed1V5UST7?;6EY6da%of6DS)LdVRrnl2a`f2wY>ot%Sz~QnX*6BUB5yXFv11^RtG3r_o}kAb>rAs3?7tydVQU>0 z){%k0ecK%fHyIVh56q%WY>Za_GmMK)ilEk3X1;dpauv=kc2`?v9JoPhEJ&OFs_6yt z;{I^{H~}x5mplpi`mmN>pLrTqC+Cmd!rSwWV9)p-9nTd%v21g6!*{BA$}=rEQt=)g zN{yzNz8+VpCg!h3@?4rqFb4%5JkPHPih9$+Os1CX7c(NFKY-jOEsF6HKoGkjcp?W2 zc3xl9Nu0YKwU3!WF7n|UPnGU>nkb$kosGMms5kD1f*hWlU%KX5^oxd-KYI*2>My7( z+U^CHOC`OtY86YA)8`;*hD32U5rhQmK>hsf4Gvi@L-6$x^Iq|BLBBv8Ge%9yc`850 zq#3i{Vibo1!Bv?ApEsr`!{Xxhy01R$`MXzYGJ=dbvd+o_Yn#djA_OjO9M^kwP4kVk zd+iW=I7I{!x96^AFU+%w2@YVsHJ_iueJM@57LRE^QXS z0q{&zvb0pY8Bdy4xI zHsd$9c=vv;XHcO1xC0#(RSxtrnBU~T06E^s#G$tBN}&$4yt6WGd#tSz3;MfW{Ics@ z5x7gOyuxPsk03;Y{T5YNn|Nh2w2FYtx=8Gk72paOpqKd?e0wJ)w@B(irbAxb#)1L| z#fm|JUmFa1q}2P8M7Gp(%(RlEid~&Xu$#jNVry1+E-tETk6y!NwgfdY)LEzaH>-;H z$-V?>Lbq;BY6w6i!WJBs*Gx*H3bc5MQYUupZ*jhdn`EtiNaB;MO{pG*fcT2V>8fa2 z)O#;Z)iuge$*#}|MlOh?FEb3ZsP&{ny*HlI2FJ=S#)3kIMiJkb-DKdGNY+G|QN87M zu(L5@<{?A!2#F?C@Bbv6WYyfuEZPnu_Pq#f z9#zvCU?s9{iZb>{!jCdZ9aMTVEz2`}P@Qk+UB*bbc<+UK$i5Kp>aJ!;HE@c$6+#@u zBXI-soO5HW_P;AjgQvqg>cG{B7qH*d^WDp@v*VRav+%5(z2quPI8^nmfiGs_8$yie zbmY!!#9S00S<3Nk|1upG;{8wfqK}JpvP6qLo}Y<4#!~JH{R$k(>Mxu3h91$?Vhjn6 zCI+mbZ~3#``&rf7BwR;DppHF@X@sdZkhKHqu4{+?T_4wLknGfOjK|6B3OSvQTwMiQ~2Gic{6|K zXhk5(m&`8ocwc{|0Q+W5tWji4LFu%X%qwN-ik@gWJI6*}|5#FLIrF>pTrI7^Z*0nX zE$(8jwk^oFpjWr*bge3>(K%0IuQ+8DI zm6_jU+v=F5;^=eXHRGUerHfRbgvbQnsl)LV@mGU(_qQ;Tm0U79R1wi%1EbnmtWNkG ze@Ay0lE?hd79gQ@BU&RTu>P=sp7JXECvqJakKxMv9X9^xWraqT8B+AX$oW$%u=81B zk{Q=nkX084-i`L;zZ?bCJ^ys}zpr}oJ~oAA95cbEH&h(9$Zw$x@6s%M30l9Jp1{2Z z8W7|p3@t`Qq*bHnP$J)p#*|H6!iwP=#d59hg|v3msRasRM_lL(X9@E$P%#Lpa8wy# ztBRcY>vjg0)jdeO4pAII@%`U`327NO3foCpVTPGR%hY+-c2F( z0$dh&d)s;T30UPfH&XR7dbIfxJQsBFdQTJd4LKL5fowy57`dF!C^|bliu3J>`D0W! z&%0EVYeQX?%Jh~%r*Q8_%K!RfDY+@O(gl0Z%l(PDe;-XPc7VE3g-#*ST2ole*~v*v zRe&UAg%sIekCApH=1e%&0=I~7a3Xfvm3#-}Zg5{?P- z!95&=eQXnif9@6ExTduPms8p~eljD@S!TTNUd!v}^_Dj;y$H3TFxZaaNmLQ4V_g&4 z<3u1abh)E_pZv9&A*lA_Udc|{_=BhIXWT&pT6ig4DJmW%YW8!i`XDiS_>t3_)oVQ! z7g%*KScQKHr-T^)|&{&6skW3 z8w+|mVGi7dhmeGm_|?2;GMurqgtgcCA9f~!VEDT8Vq{=jL&rAWR<;aquYgZaaMLi% zZgGK9Azw*cAI3Qb`;;kV6EQTf97#l3(d0aVS*%Al$Qm^h1(psmM4w{(ODh#by|=|L zaWF`IUzESp3E9aP1td@hEsiV&%t4m?!GHhN_gzmxMe%_=g(>bPTernW02XEGymHD6cWAt3=`1$5}5p)c?o+8KkPKAa$axsg!>?Ml2BUxp0I|~ zrZg0FhtqqEUn&XzeT-PLBMMIV@t0xk4KS0 zr&W)a<*KQUuxKO08iIAMYAWHhI%h_-T91K8IFtkY@T|w~6Q#-ELTxKa`VI}DV#RU? zlM^X~fk++`Ziy6h{E=;r!E1>;z`0pQ%kO)2kPtwXsugm*=>hfY)Rn>GAHbo=fs4OFAjGxGgLU=LX24$eVA9Y z6NgyYU98#iauGD&PSRW~iOB$tMm7NP4upJ)EUKyn`sO>QE$s_4mD6LsDC~0+y~>Hw zm%%?A)0qj+0b@QAKULY2cV9$&Bh!QiDH^Y)Vj5%Eb&R@5{>V5*Z+C#SC-fjv3Aug0 zi9X3&XlLLkE0fFB+m+XBB>uiW!fA^T=OM+j2K>r8c+(L`{6~rkG&Rtue|O3jYq~`P z_OfJgkE)UqY8G!w@ZQ&A;>u`56U*Ia_z7@s0Sd1ZPDiEP{s)TGbitP5OfJKf*|%Q9 zNu!_dM!5m^JKRD+w<3aFP`HscJY!cP-3MCWR?(FWBHLXQ2Fo3lznfM5W3lj`Oja}H zLvM66y)p^sT@z<&Y4sa!Kgv?QGQgFjI37-aF1m?f+K_jrkJ2C$gYWpRzpsmgSg%ut zK06TWJ7<$guD*C1!nvfGgGVvR>?=k}N54Mkf+=hmbTLwhn+gP>YdsDfeV;+OZtM_H!`ugvx;cUuIAk%4Yy|&UARly>^FosnaB) zm_J)ZibgzMr4Bn$HNpBOLm}gS2&c-dx>-da<7xxcXOr;lXR)u5`0U?N9Khxvt4JoTUEI1=E}}qEFDqjkc1*$SuP0hkueWP>CN^$!>>3O8Rp-F7xm43 z$(<%)s!}R@xvPP;W1O|;uRmvaFxk?r!M+DU6P@p(?{ek1zSln>kW9hqlbZr3?jAPW zpF3}j1Ucb8%Xd7k+kFQWD%N>jsf>N_uf|sGe~OIK&&&fqYdt)BBNlTE?a)?%uNw@w zPQ0n&wRV}E7A4Thq%lN-*ZWy)x_E4txY`T?spL*GSxoS=c077b$9&JYFmX(uWaItE zyv46jpZj~o23F4J|cm+53`ihdce* zF})th4U@�^-4ts1LWrKGDSBQn>|Sb3)wu{t(ELaicHH<*+iQO!dkbl={4hnA=KI zza+YtLV2q2jhP!GG{LaJHrrC94n;R5a@xXx0J6@S*XkfICqQH1+y=A(TPaFr`i?0eYMB7A)3z0zQ$ru9HY}jE2CSPUd(9*r9nmg^)$-wy*ou0RXi! ztFr&54J7xPA^{57%e90}UjpcG`_T0MC{@kf)cG5>WV6aYn1xG(w`0lt|Y#V&eH zINf{hY6-{-?d{FNY`^Y1v676NZIp>IV#q6XfkiEeLrwjcq+fcd#e60&xgzYtaZ-TP zVo#5PSzU+xP`}NF=UCG+;QD(c);}B2Ujai?cV<5#zOMH}82GR)!_8x^U+$qj@S}r! zJNW`Xuv$s#Y8D=HF?2eXg=8u~Le;#KguZ90eF^ugnkHb#Wg2Mfwmcvrzf4rl;RFj} znWyUzV>YUxKf!Hil=eSrq~N>07XQYITwZNJOGq9!9I9aYGHz+Hq_;k>FVH;b#pkX& z&nKQ8ITa1bGEW%qj~E5{eOu6vxnSN!NxVrnmfJJJgpwrjorGBq+;pUwXn2evN~yOb zyg?`lUd}J`fVGEVs4l;6;m$YTm@$rtuHepyjBL6xiS$z2xr4We`petYP4^u9^c-Bk zuq+KnTCCOj6Rud|*)GpozS9{aTL1UChU-GbFG;!+n9>gsl+evPU?9#^6VZp5e81tNADN zo~F`2It+FcVGOfu2t6xN@;r3nJ}j)N7YLG;3`x;a%qY;%b}6z={qOJn3GwLBHEVy~ zn|qHix-nb<-PcD6iu-ylO|OOpU+#b}`4Ryac2g~A*%()o8eVp3tiK4~<1W@z>}AiC18hvy5PL{#Q*A!; zJCT@_4L;$aVGI9k!2!;<_i=+0H4G~LZuh{$lIsaB-#*u7@k$nCF}oZG^I_ZWQ#1r# z?8IGU4;OxWr&R?r;Ho|vx^FfB&bP)KBbr>P){6|Tq~v|GEKueb1fR9Da{JTm?4euz z%tc3x#6VSfMQ?NC!1>!GB&|rYQTtbBppzt%ZkKWe`&(e1#qURh) zwZl;w3Q9BDdXnTzwg%u<#+zSZ*rB4ia<(oqy6bjv2#$6TaL@ zZ(bA|R9c_}w~Gq*KVYQpyEdW zYi`X&(%}0ru}I$tFPKrIcfS*Nkz$(j4NtC5^2EM*`vPxlDzF&$%d&1Yg%mE{-wHi4 zM}~PiltHF?PvNK(J@VWfxOYK3_S%{;Ej6N)Lf%w+V-AN_ENY@bq37me?hfZxtGm8Fu4}b4VpI44OAo@ z381YOL+ZK01#8bSq7OQ^YR+LB$=pu?zP|NxxA2pOQ#j1;3cI)^pv!k6LGM9TeUzw? zQD`s{xmJcURO=E&TQrza30JjAmBU1d34fPC#pL9qimIwZPp=;%6sw^i?5Eb#H);Rt zp!r<;FK7xy?&+*c6`70l!T!|k-bNfG4P=Mq)SrtvVwJ5L9O0%Nq@W_@UCs`qLGUPp z;xE39{!zk%u*lixJ(??qmJa^;0G}TW{5;yVpSV@Si7EnoPu5^{{Hb}w7_s^j?fD6R zk?ITnQX8B$#qFKm8D{*JBBtx1zno>Jdg1;flK-H*{o;b3j{ii9g?&TJ)n*&-tDN{I zD_qUbu+XIHGol`pV?)P<+h7+FH9Ib;7%fvY@jH!Kr_^FEZRTf^u(`$FBjGhNtzne{ zhJcWB+2MF`@XYz6X`J}&WflAg3EU>-ssb#;#q~SDL;uUQETQby4(PT*FFNT*XRQlk zi9jSEM`#)C5C}ez!^ka^PM?JkBwj+fr=B8%&O!l3quVZOc>c4`2Stpmd^ zwVNMyn9UGO6<$qnV15xT`DGii_8Yn0d~>nM(05##uiAY){c=P%@F{=u-WXN2-K8mx z--vfN6F2af9cS~g4T=gHrGCJ(FSl#oM0l4o;PSUZ$NsMqQ;woVa$-uS)h9b1P*erh z0jlq&4jmz3vgCtQTP8urv5Vw4b+wCLT{}m`ky2flVnHI1gAz2r&!fU6nhO|se}*7K z{-EFpNf3@pIEYgTomxtcZ1T7`TWRFJwpqC&uVcx+zL?U6BP3R2Qf$=607?P^x& zrjQ3zeez3i=V`w|hVgQyYeqP(_A)DGQ&xFj5z%MhI-Bil=TlRmHN>n5{mf%_`a_w} zdCRy9r1m}G4%mbia(6jNoqf>@yg8s0y+yW>xanK^1b5>zLc6)~)D$+MgSx28!*{t* zoXM?W83vO=pOYjQCof$3+387(7b6pGBdMLj({q5aj7r<>TH(tv&fz$k_?G%6d+5@A zmO9(P^gK;F*(CdXYw}rxx6=G|8#CYM=h09N2|0b?L$*_PL;HtBoiR>?<2sPf)zs78 zo=uPm^#axsTC|Or>(!UdfajZ_=I6JYn&Q{!C1=)kk{tvNubml`3#`lib`YcjZj80A zSA|)^@uI=*?jME$dqU@Ntl+n!lDl_zzLR%bTd$DZbG;B(oYQX(W5i>Emm}B_ttH<<7PiHVu8D?B2!bf}==#Rk8{Zq0H;WAEu*v zhgrnE4S`;UnCVnC5o)TL-zE=3K7CBl=W2W!4Wk&1J&^yC0(q;_fmz0=*$c3efh16V zeNOoW9Zo77>I7F&iQgH*L#zI7A^wZ_^Y*3b zlipowyi?$l?pQ_f*hKNz=`T1C%7P7Q_c?)lXEsRyU53Dad@kBasoF0_M3icKA?f~m z@R{YtBI^%#~y;($K@zg}XhaXmluH0{Dp^UTKhmXELz#nP9ohWs}I4z4npT8Kp|1igvnH zvuZ%%T`ME{SI@0g3AZQ1Rv$C$10J)`dba*IC3 zOo=~^Pl@@AjNzDi6q`P{gW0^w4tKa$# zzlGh~-eo>Yb1rmCHE(+!?MRes+mas3JHazlu(6Pg3$Ns(u1Jw6Mwmpv@kyvq6r`7!W z_jJd@-|n{VYT=83%W*fVxI~PV-uz+yf=xo_DrBF)Nz;aXI!#LZrGb#JIfG*>qxUxz z(kBQi$^eXGtkKadLMNu=&2pbn1ILF9g!WV$J7^@8w( z+zqMSE7L!rP&}!-zVcqqJ7v9P-4xK1blHj+YW#EhW`GZBQ>(N1b7CFnk@VQR!{P~3 z!u>h-)_4Z*SA3A=le>iWi;*ZeV{GZU@juSdH7OTWn{@iB=oNF9=OrXQ^Qk|6En^$b zZkye9TmO@KuOPP(CDsch*B86nO-@(d!eT8P8AzOG>14o6?H#N*v|+~RD;Q1$61lmh z=6&PVKiscD&UPW0>GH}Q030w6EBBVMBdN-HP~k@%3Zs|~l1>zDuZN*6{T~1oLF&E$ zAtND!JYS)bge>@xA}5vGvt*?G(HFe=;kSLq;u+8E4?4qL3*{ppIQ{N#JAdlk#SU$J+5#sSg-*k{y>sLGgewR+=jC#Fe0-d9K07<}(sRAvDy6hsF6$*$I5C%~ASJ#f z5AQUD%gV#nr@A)^_gkSOc6I%Gp^@3v-4Ll!z^d5l=AiX@eRg(Mudc7VMJgqnS@D*! znk!=C7}2GjAcePE=JDZH)|@I6egh6>hp%sACGXIg2{2X}M`Lb2E)d6=NM~58 zTsRhkbqp*zY0Oi=+t6IXp?b8|8gIrA#pm=_H@4^&Njyg^&v2J<8AHgj&l!rz%s zZd~JrDdzlRt@MQ44?OLdSG3sn6fo!kod1c7|d;@xfB1Tu>o`<_^rU?C9)#F(MH+` zc^+nk1b2YBnC`riWsh66tJUD)|Kz_q`LeH_KJHxwo2Ngy`QTIMAAD-_k@uHdPj7DB zOt)^9(_880)8+K`=GN2s>~^_*t9;_ubI$qEXXKL`>G(!EzL8IEq~nu(nuddHeyzuxhec$Q-{#RB%^nHy=UV4z(pdTVe;$-m#5^uBB-^UPw(QF-8gRX%g+G~V z%|p#44@WHd7JO!q(>6Za*z%JycMz;+eJJ*&t~Zu8Ebz|I^28SoQ3h$rzO+S{|H;Kc ze8tNU7#9Z9c!G9aP~@vt$kyFh0`tK^cFC_o;^?k%XjHg-E($OzB4d}bYP>BAIg zjq5hzn$sb;HIVq#j+40;;qcX8bO)+et6%t;(;xc5)3^UnI=y|>V{L)WX8p7OYW=hS z>gJ7ykAKJSx$(7sbn%?$UEOH;_~fxa|3ClwpZ&V>YahS5QD&IojzJilOl;X|GcmTA zvUF~xDov|1%sa5I5W=~cu2{*Uu9jwWasvqpr9l`{Z&lM!u@XfRXq@RM?i9s#c<2F~ zAl%BkJj}F*0yx9;EF|8+`RW9A5|j0JlXXJ9WHL$PIc?!|Z2W6;Yd=~@Kj7fG&wu#a zzWeYcpVjYsmq59F>-@v--+b_wHy`}v@{td$Kk(l52Yz|;8^2b+?Wj%a8dS31y%&qc z;`uLLJpV=c$(J3xZvqlR)Os)kc0**^qrsn131Z4C{^fEho0w`B z?43zudO2sN8Q-o4sCQA-LPP7lX^E0&CY#Bqz3`63Q2u#b#p4G2r|ew{Ly$b&8-;7a z@Z2f)KY7x5UPMZ%vGnjvp;^b7Z(Z!L*GzO9GDk1$p-Yt5gLvF%CSvDiB6GH*LTh4+ zckbvDl!v`JwfJ&+dJ5x}Dd6rhF3W*+yR{xMwL-Hn4&&OoHu;S6bo+=QU@Eyg?-=4~ zf@$!<(ps#Bwk$bH${)aOS>M<*vIDW#h?Z`Ms%A{ht) z58VW0rg%2FeHu?C>kOOTL~zy3<6@i`h)9olbnW7ATN<(xwRbJ#XFmIx-}8UvD?3tG zp8nMBANs-DKlFo}54`t^hPXH!z45I#e*Ygoe96nMZius={?SkVg|}TD{uySt3J4{O5oA{O5ma{c}ILdG9Z>^hzno(h1IO_^VJ* z64tYC-F)b&&4-@a{Of=In+P9zc=;Khv;5r8Kltp=`~TT{^LX2iqF%gu?K9nb6QZC& zWl&^#Ov)gNjOs%o2%^GI9-#2hAIS8;A0h%W=>r*6P@G2)e4qj{$P>aSgfU@EKmrmW zfh5eyoz6LXpVhxVnpJ$)x2k*h9?rSv-mLoLeD+zpySl2ns=B&%b+45h-C_@F;OB;w z+ur5i3tm2X;gjR%J`>=YHr=j-%rQFYbdPRv${A_!j-e$~bO}+)I_dT@W~zH)mx4(I zgnoJ=KpqX}+DvT{h#yxAMGHmX__Tz>YypzV}DxE>BH$rX!RukmO>nz z9It-c_Rs3lx6#Y((qHSWsC~}8qk34`B62$^*fRG)KuY8%U3zjuxP;}@j|hu!Tn-i6 zHnW(mvCj(DDy_72Q0q6)7)iWJF!{hTG4_caON@|h_xYqjSrvR9MI=D+>Zu~+a##e_+}{>xsCUj3Ajz~m!%%^>yWj?_g&0vxB(eC?YquFw z+uM+le$U5CXA;=!7<5qmz1@w{q}#BCe7P3xTZqW1d|^u*+R|AV3%eJEHw7@t$ANHz zp`+wvg)MWxa^vi{WE6NoBGZTU`#)miJ`Y)h@m+<uFM+O2QDa+tJteT#*4A)8oG>I7nxD5=UD;%RruFy}hAw2~Tx|(m z^^h%|LN*Bl;zvQzSJ*(=api_HsAJ)sVlLPzvs$4v*xQlp=;}<`woUI$Kr7J3Y6z}i z3zSpYBSt~u-4TYm8jRITXLJdaN4zCdD*<(uu@V-AhDDt?gwjL#eZ`54qx_N6*stBI z0VM`M%^eRt z^a-Qyy7tmBx0}bV_+R&JzkJ!!F%K}n?g2U5LV)D{yA=0W@a?(wNNs{y^9(};)@}jn z2dbC5z80P=3l>pOioNUyihTu4$bBwG6xM`Pzk~V38)J9mE*Bw1*owPys0p%{V&qDv z9oJ61>xOIt3zb?FioZ;LQto-1Q)F9kr*go%^?f1N8eD1sC@Hc2PhTv+B z%X_`tq#t4Dlsv)Cr#{|Zc>egce=i3Qt={rSS8scl(XDUa96G&<$-RN~jg`kgPhR@M z_8o6X4`LrAvoxaE(JfH>kSXNBHOy|ABK&%9Crh&fbpLwnGFBFwE`cq)xlFgLG@(dR z?2=G=*^p*}T*>GtxZG-~7fLK0S0tcggVOh4$QSlPW^*%zPF0^Hg?eC6xwDyB#6tmx zcqV}E&W>waV)>iZ3T#Yvr$dk-6SkPI0kIyydj5hmT&CQPB!{Vf*jj;Ni}|CSM32j? zH9boJ8TAsuqQ%L==dKg5;3|L}H07|=PKh2oC`~@f&Y<-5iXNh-S!T(9rpBcIu}dCN z0uePQXI43Vlgv~G6H^JyQH}g-09Dr|CTIR)Jb*qVCtUV3Ckr&!xaNWX@$jXi-MRGQ zqksCW@y9-}bj*7L@Txeolo?-ND-?m3DE4`|Lt62JPA;zMWc)66!(FLO})gcYGNUI1a z1XR01oVnNqrGyDA{FzrwK!ZPnyE_>Q_}p*H6fOvM$5ONTaY@ZdzJ_2o9t{AJF1>oj zpRU~K7E`h98N{PU#_xOE@qhfwBQO4)t+&2*=b}%^_GZ&TYGVU#jBEAhZjv5p4t*QE z-SW4n%1=asl<#PECha8`jo<(F?bpA2=RZCc+qSvpwU!%!%?%-haLXTU4jhUXoZEIc zg-d^fr0k#_Vch{X(|Qvf!kV^Pw{9bG3bX=CyK6Jr0^ub%)->=OpY&}fb~zfVwj(E_ z*(&A z63@pr{hOrFBIq*?O3zV-xn?LUBnBVa(d}PC>(XgQ)HeDYHNo;2I(-(iize*ZKbC;ym`U7aw{4Z?>0zVYz7c8rq%7`R8rD z`^_sixasISuDL|SqwoB#cisQ;%tgtrjCwaLr?n3m9tAyZWJ2;xzV8=9UIvA$>lm1X5}=eFfNUr zoA;@BMmM%(W_u6Y=bXLu*4Iux@;<4ER>f%S)U6c$TbKoUVt>82A9U-Y z?c2#@`@`?q`p`LHePivmcV7Fkd#>F2_GR|>2+q3i=$hA>yznVwiptwjrmckr&sz0%RzO3nvtOjt-IAYVkV~Yv{UAg6i z8T%zXC^WlFAQ`R$%uO*OCn?ca?r^QS+^rI52sG8Q>qfvXD3)k$VzNY%zNxmTNmBR5 z9MX@F*T#pg#6th~6)W((M08#WFuBCf?DeAjhGx47;0``_Mf9!LG8 zdJW_e8E?AR2sUsh6xQsBF)n?Q`i6cAOkf^yVYB5$dNxqIq&6w>ME7T54#G8%7H(lr z2o;0U5KS_gRF0&lY$D^T7${Gw8ngbvDyJ)09Ub|i?3n5&r5&y91Sr44*eExl7D(A# z10*|2H*?|ZCPSw3%Q8+By3H&GB_n-SY3LIr%k zL}Hzi1v|w#!jL2B>svi$9D-&%0oGAUe>w`-q;I*=oZfZYrw{m+Qku$WvW>By_Qe7& zq!u;P&KhMrak`^9B&g%&IJI+U6+84n`i3T+f#`Ig*DA=Lr0N=%CD`ID%y^+?P6=(t za!U)rGsZoF^^L1N{l!ZR1}2~Vk1K!cq3stgS{B0n1CtBSAAj)Q*KT{~aNy8V5Qeq2 z*tV08e{d<-1{h%XAm^IM$)6}PYI@mK$qg{<=Mch>z}hW10c)NIbCY3%12>4VQ42k> z;gn3XE^XsBb0aDY5NpC3{I*PkGLHMq8nj5*)J?)vdde`>i}jjWercv^x;4{+%m7{A1f6ct<>TBqtNJHQdED0NPTo zBJPa>I79ztW&A4kLCnkMv1P&>yJQn4q3o$5w{Pfj7MiVSyBE@7T@~WdO{tE~^6Vg* z8W5W*N}p4mno8BqQS2u}?QmkWF=4j3KO{TAp4_G(bbjrKmH>MiD?kQH%=X@W-Zah1 z%F4#ZM!K9!Wk?F?Vz9DGfXBE<$gVCSpb8NU0&^;GCNy3BF8$lYkOf+^h%f7@=IF>2r>961Y2-Jv`_(c2@zKYeJ5OgR?;9rYxYYTEoFv7AP>Z z>|0B58MF#1pfi?J!eccV|GI?Pf!qmlSuU`E)|bOm7)6Xqlp9wf*-O~?sr#~&B=Ij3ReGse`WatQwQW23+-Jsb zd)?&xbDOJwXR{0M*{Ou)^fT7(aJTV!=d@RRJw35|Z#pEXe^VYxckk(ieVUoF28Bgi z>GSI9YN}Y#bAOaj5MxBT=S;;`>7t_Xc&s-T*^_#D5xb_VFx#crBHSX`z@0=`<)N<< z%Wa8WA;<1*fI1u|&SEBAjvL+3PYGFvlb+za{8avE5elIzWTPrAEAWE;Yt57%yR(!2 zElumEEYU)>i0R%ZHacD4C20BpVMO-Fw3i89_^3by?VTgSKm{Y|Ss_`^%dVTI9( ztgVkfbk5?a1{h%XU?D%VJeb2z1}}`9HP0|4u=WDVO19`~w``zL7(ZYHgK;Fbrw}te zkLG9d(7!YXk1a8EnlGMjGnLr(}vjiDCi)Mdo&IGz_7HqxeEk}OuNn8K=ig?A>YT8>)>0b)s%M%yiiuVAi7Hm);L%=9>bhH<= zi_lLiAhjaWe)-a^cf4`?gZ~~*KV#|FxK=_qaA@r=caIl-T)z4x+A8DroA%EEas;j% zq`&dTE}Fv%-J1b%&ma3oy6}VxVy6A4{;QNH7m+49bom;)Axz_@N+{%r>QJ!a3};gb z%c)#?-kR&uvA7K7%(GLxKs^|cegzP=x6aM(RB5L4U#q<#gme{s2tlvCx5Sez5E-Z& zD=RB&YipWn%vF#f@|?Ry?RDpcG}g)?nxa3{Wa-kHYT)=Q4w0>Gs970ERa&?t!isl^ zpqejUYRUc^`koL8%b7;OIS0?H*fzmjd!K7;CpY#pR-`lJA6&i)lwFu)!_+3oB`RImuxHAuku zDq8v5Y)EREDq_;9F7iA|8z#Xcytz_GAuohAS(f0~ub#k(R)J7L5HU2~$;!~* z6{}>>AJQBZ_McY6tzX3kRL_N&X=tr46XWy*Jfw??){Yn>>XNEr=vS6CUimF?=bA7H zMA@OgNPps7Ryq*rhO3P^ zs?a*97Y>vhc&h%h@%wWs*#!WxKc`o$YI*z;qxb z9naAyiZ*)~pT+(a$nNMl0&=`eAN^*9 z?T^0y@bjLq`MQ_KE50^g5FCoX&zHk)LXyC4ldR6;w>Wy+-T7_1OMkj?Gm~@NA`-vx z)$O;xq5bTCtbG5C!`1fMU5C+V0&GLMb!;j9tz#}pS5A(*wm=Fd zeN`km&_*3wDm|#@*dEhT=>Vqtt));hNe$_8bK~*2?M{{Ab7CqO$A~QCxF#~BZ-bT| zno~Ykf03Q(e@AFL}Ns$3~qZ-e~COpT;?I#2+T2H`BIlRm_JtIK0B%52BV`E!+L zN>3L~BNj#^vV%D&E#|ckuAaDZAWCwoo>RP>HqsC%H2fQkXUL5rU;@&guc?x>2+4a- zg_&BCR=A=o(7X>}<;J%-c)y1&j%Vu~|9bR~p0PNdlMlw@?Q`F?e&@S~jROl}YOZn3 z&3}ExQivL0fB`I&S2PtC+eQEYAOJ~3K~(nx!jQlkfT0j4S!keEza~;~BR>kc^s^Qw zq#snZu1fl0mLiPZ<;|(81qX6BPBU>j6WD0A3*j=cD{kN^E2>0MWD06G<1U6TAB$>I;iNWH8!sHkFelE{eO#YPqz*4?Dfa``3W zH@zx;{VSvE-(>IKRJd~6yX;*2*`13&t8$12=-jS*9w&Bhnn!u!{$C4rYz_Az(AG?l6_D2f1SEY(bV*prlhDi-qh~;{GZOj{-Bf)e z+V%#lRC5Y*vcSf@9=Q77esDn~BZ4Kt;8bh^O|drP@aO(sb*S_M%UX-~8%!XEM6}O~T4*t#lTK z5W?E+eq!g-7qpjOA{oI_ssj6}+^Cv~tTOg*u%gl}0r}9`z1&1MeQ;m$5WK94dYc#{ zrfd`tgAyz-Uy74t(stL(WAeq-6OyfR8oIhOEk`Qv;vxW{RhHep_AAW>Dni`4BQ}>L zEH#q8{^xQ8h>av4%=PmH8CLohyN4$->_ctojz!k3V$n7ufb)E4Ve%d9EoR+(u|Lq9p5qc#{bq{cbgtZm|R5+G>^ zVa9(+QIR(L9RJPvkX)}_g`B7Z{A_TN!fB6sS~zstA{g4uV~3yd$awU~vPe1^q5ayI z+i!er?T7BPAfC8&eEi|}E`_841{gpA*Cv@a&oCsgPH~tcs>nq-Im{T|QQurtl$z;1 zRsz~-TS|XtD<-1CQD}$Icn5!oO*<$-F8MVTa&fH{Mb31wJ+`s?Jv(lhu=HX59``%+ z;Kx=mvpm>(*P9MM>(|ETy<6HHqH69S*v9B?w5<*7PF4EORKJS-f*RL43h}g#W%oIx zw>CM8EPU(VoypDx=WW09U&9&S-dy(vb4zSyXqvU#|M$uH=f$sHE>I*gRS7X|p&Rwo z3o}rZu8NSb!0nkPhP0LnZ2_k~bj6#P9dJ`N_-};jA?Y$lDS?$~6YhP~>B%^CyYxA`)TNX(J3~)-q9NwN>eGY>@*BBf7 z4hgJN9A*l6wTtuvph7b{kPWSD@Qu|FbO6L1g5p2-iI@<4>JM=g`Q_L|GRg>T$AbJR z*0)qyRFyPLo%HnW+K>J8p+`PtDz+uU&LtNee)g|#zV7Am_%Wi#)t^~`#OSJ1LCxH- zSo)h%qS^McPMP*m>4UNvy3IUM-kQ6#kfV6)$oTzl-?`wtm0SL3IIu@23d3k+?e=$_ zeE2=>*S|u95qF_WPfK5V+Dwa^5(Zmoh5usaD}inov14vOql8h)2F*lgD(!x0bi7pu zy%~8qfrJijfRV721*0JfB!%vPB#Nc&L+sZdAu4MH)PU4g#cNv%juZpd zUgaEk=x1A8vKwybMTlPD+xQFUunq?pd8tjsjE zKYiA+=sDS8^2v`Lxc4tEf+1`i9Dn?S?UyfI7D)pPaO%MvQ5G#X<)zRLl-&D}z&gob zK1H#;rs63t{}^Wklb_O<*p0l?6TB=r!d6x>V2~>P(yHkFdar0}qI`_TLVufA8Df?p z^b2-sVyVJLg4)!K?momRSiQ|1Py3DM)?ix}9DCV|kG$YX?N=_dgy{!Y2-MgOUa`9r zqiuX1`atwpB@wfwL@!K8LO)BDGZ1{Dy@-DO7ikcY_Dh#;zxB1vHLo?g?)7sLTP}pv zwY49;>*U;b$&o9lpaW&1NgoxL?k!Vs1SagZc5LEE_;QQIEhq!j~?=?NL<~<@-BTC`yd&+kpAV=17X(DQ`kpQG zZG(Gn@#aW5s;9)A0{pkR_Vo@u{@In-7KfcLeev+KAGdSSg@rbuB6~$GT|hzANUWgS zc8}*yO<~Gh8eFOnNig+Uh>%Yj9=Y=H^M7;wga3Z$VZRv;E_8QBC4|$@IP}y%I`V{H z3P%r1{`Kn0LhM(QkyLfQ(Do^9k#ZK&-Rzzk;Pp?@qyqJG>Y^?PsnRVyN|@Ne1dTxX zgQ7)*L^i6HJ@JPopHo6atGyy5fO2!B9Z6esMAfALsSP5d?1w3~u(se1oxV*k*|4!r zoc4+X`@4d5@-yXkXv*l@+_FV$B7R1lwC&T3P~Wy~N25{toAkVfU^{NPea1`ePiYO|Jx!6wmZOquQ*qpVW_}5`Jg5Ya@)_nc<16pQYkTEN&@_SUiw=O-H5u~ zbHr`86zmd9I)AB6fF@*9~6L~~g>2p0=Qot}3R4g&Z=8SK@+Oz+< zIem`|fBXG!Km3eG<$e_;VNPY!svJsB`cZ5pg;p`dQ$-@com?VDnX+t#K1etF*h^7O z)wlL@pBbNX_R39e*46s@0Ip)og_XXeN*w~6wK}h(f2lRQxySut=P{nVnWk0?t)7#Ed)(>qoTWg4c>uD z>`v`5aY-#vhSZDrqOS2d384kS@6o z6{1OcBIcS|u+K^D@sMEX-;jkJwMzuZjayLlTy>IUEZu%Gz$8~2%AEGb|s0fgqg8cU(tla448+X0;A{dUm@G0$AzqBlRP7&CdgaZdxZ+7ds z5j3ZtvH6;pERmuC2H5{FtIs6Ay_6AiOSuj)B(P3Cs8lS9VCuCh7l_zs#*Gon*f21P z=DHc$l@&&b-FDH&K*TAO*mu{Mqjw`@0v)WSna-tBP7_SgvPspfiQtb~vj@wpla@tU}*lt{JMKuxXlb z{OHcxUe~N|jBfk`Q`uP@n(zGXaQe6HeE2;!1%P)mN#6u;6P07i@*YA+_ghaU6HHXu z{fXNbb*5<=%o-qJnljMDL4cdQ$m-J*x_CQwH@<6HCw57PL^=5cawfV@R(hzVWc&&8 zXt#yfOkm?`LBPe~+{J$SNhL`q2a$}B@qR9yG)K|Y(-D6Bs-OefSEiY{w$Ue=hzy?1 zQu_euMIwpFCi+Rp`Wa6bVq?^Y94{_wC^7oVs*}awCsr3*9wp@V@vv0?K(gZ6}+GHa`KVBf#lRC zhs~PFe2Ql!e^S8O?S6di)_0h@`{eWgdHiKBULrlG476Xq^uRsuKX>=AzOniCH^|Y$ zOC)K40rojmE|j#^)O+1rNM-}J!oocqAv`sq5JQw>ivrlKQH0-A5ho$1jiQL`?CgZ@ za^mzC!zLT1=b}~1gVLj|z{)NNOdHl{rpQ>zM$);^)cXTspc!ZM(IQuyZB7I1p`3~(u z+Zg>8V{6(Z2o$FXcx_aP0wYN|<)8mbF8r80^oerD)oa*a1Xl0%^W#rn(7xjhlykwe zV~Ojgy9`Sw3q^-Em^N%Agc##^Jl2i9;4d(69g=i*=MF7!0+DXTN?lSj%w7r1NHXUJ z-kPchzAy`~iI2oZy6{VHZO3h1?AKMPK$@np?!r+D+57dw3%DrmO#aB2So|sQPTwa_Q|9n?x9Fg)9Y7M37D`zVw%X- zuT82=}A$r0ux$j;{sX-F*wIek!77+Fk0;V z;MUpyg8%M;6`w57UUtd$1s_^lpa^UAMz`3${0mDYX@CJv0Vw$VIo5&%ah5#8l-INk zun)nF+brmIh=TH6BB}6|0tWZd9Ed3IixAsXVlYZ0B3+r}B$G2s`}1k8J8tL7WV^&y z&UGbh{K7-mZ-3WiVJpD)dFNd5xcgUTuNLQVxmt}=MpKMWtaj1FO{I-=&)vCE!C-Fd zqIr{*m6g$j9~(XEe}zjwKO^7sz`EB5Q=#+>&`xUV){lzr_4wnE)rPE17JPJxY519j!wiT%oNgwE2f^uX0;2Jf} zm)lD`%ff$AlK53wC0xa@^p}U83Mi-mMomNKb>b?URSj5?)=X{=7U_FpVZmP( zx8C_ida|old~(6I5zb7o@_jd479|4=a8f{}Bc<4KSK|ju&rpGN3IgfV)UY6!-I4U8 z3b(xih3qtn8-8IVXCru|AQN5mZ9m|okqbXZ2o3tr)X;&hK7X2jwBWL{F}Y4zgv?he<5IDR@qW@JXhL^tGMe9` z#Hc8$ADsZwi9n}EjtliL4Na9qDp+)pc_(r+hL zh9pd-Ux`Fs?6P8u=IkO;1~Q657t%5Mw(*Xd+GeO%0dA7Awiz=uTuT930du}r|0WvT z+BBM9eMo&R{=#!2PmDUD4DDKwIKn&f+U~UpA#?c@NkEH6^?B1>gy&8NNh$PesgNo$ zN+MuiHi>WX+u1>x*Fe2>;OKJ=Cw6kL$}nE+Zu@Y?w>u9P zzM6J`0Zv{B`ykISRA8NI5Degj3m9+Jpu(29Sku*4j3#YJhjiK@2st6qfDD^8{fm;a8R_mdda*`S$_6JKujs$jHJMNI)Wp_)4o>Dl>rUHi1%f9+tLj1NEeH|n!jlK=hI zYJ%HWx8>5G=$T2+6Gpd?1V}uQ%eLEo={soL72sL3V3M8%lF+UdPh+nb-#WhWC%?V& z;d2%jMH!kiu72P*o*PFa>8B48Jt`|L5L;VYODD4m=1d+8B|r~zGp-XvlY&_l*MxO~ zlzyCU>b}!~?p;%Z@p!DYUAhHLALxXmj;`P8%||-Rs^s`w`l@BM4&|mPPSg!c%SAOehJ6Li0xuCB|Hns{NXe-O?Ijn*V@Kxh z9v~k_VW?FtlL&q*} zMMXWSnSPrRAJ|gm(0Ubx5%QbFNRD?GtVmP$B>C0VRf|d$)u!eVXEb#m1@+F=Ughl9 z8lBDDXyy#CFZzx@`w;RxYX z0#Y=Crz%?S$dzsbBp-#x?kF4vNmIeai2+cJzS6dVFw-uSy3lYGL%S5%`O+7U{Pv^UOFxe)G%HX9KUF0#_?~Y> zDatLvJEz+I!KDVS2G{4gxIf1TB}dx+VK+52t6jR6)1r?6H~z-%uwnXY%$O& zrow4$Rx(t=P4|vMoG*QWL+m!9M1Sr_b1+ux{qSb?K;VVwBUBwjBkPB=$=k#pBeS zHA}744Yj5SFSrn}WolfIe_@T2qFP!gd$U{@9I=7QYx?T~Rys%T$IBB7Vg0}&-P=720onb?(05YTvd*N(LCdtdTBi&&l{KPJ{n?Ee)Q!I>fhBMYiR*lc5xZ%`?PB_n>I+gw zEn526AX4*hqhwJeuxfc6xEu>?EO1xcn6MlW$puQv#DaU(} za1v2yDx%h0&ZXRu90aUDJbepLP@`UPJRU2NDj9NmlJ`IQ+`2FH>c|d~N;69XQA^rq zTF;|EP|Xzj`9w<$QW*Ns zcGuexwdiUhB-Rm$^fiB~m$0-IJQ%htFph1oJhO0G8M|XmV&zK`axizt0)&l)5?FEb z__8QDRUuyajk)`dymvb9h8heoz{v=-eAq>~uw+>O@2-;Cpchvxi-7^=hC--42NWUz zj8qCE79zs3%g*g3ux~Ww^fLwSIbvew9bwj-5Zv7nJ}GllPqy2vp5>4M+l<5xCm_HnWN@aO3Yc*{`0&I0$mo0tI zZimp65S^#{*7Hw%sD0+6HM_JM&>TAb^e4VRFT+CHL1OA(vZg?WtP<1Xla$dT!R*S-?58v zq&h@n4!{P_SLg638PQ}X6%}%X_-#w~gDY?x-O_IxmxW1^Ul6Qs!Oz56?1LByOP>84 zxI(a#BGY_$^uYGQe{(Vea<%9pEqmInK;+nq+YYHvFh2yjQwF`H*GD~gKjF8MQA#&5%LR71&49iU%te@>^=^=%=LM1q z#L%}jK{jEoX1{-uykOmG%QE2lmFIbm&mrr~CS$>;y`@KYZqSAIi)$Q&2? z+3Ms>GAV?`bAWZVr2mu2L;YlWksi3xz@@o0c9o$ zC!Ptv605CVm+0m_10XJ~aE<&QX{$IV|9en$DI0CnOlZ4m(RD2CXt zzDzTY6&5Ox*iS&a>leu%pO6mNB_^2TnE@&#X)0A*76}sUwz2dV+PFfq)j;G`3OI>Q zq6fuA1R$V}xy7^AmJ<=qmp)f<(GX-K zs2*sl+Fk2>5f6DtLYSM)1;Ki`nl4IA11~Mn0@$2hNw)~bY4So~3aEVmu!qhHT;NU&i*e|96b0OFWl)OFN28H+X^zyU zmt?u@k|R%f*lExD%jW85PL;`gaNu4KY(May;b4Rj*Dy-%~lWP3CKV6 zuV7DYH2D=Ex8lwhWe=sB>y#Brl1$L{U&*ILQrQs!ZgJcGg-|%}mRXcTG{+bbEeTLS zLvXm9A?R+9JRbhVmSpMr#635c^QGDn&pGCtZO(X=N1b9yU=b)bij5GzwQH>G!^E`C z0`?_RXYy2HJVvg&Rl=I#NNx0?ooL%DdZ~>vF;?Hu_Av)dT7ggSgB?1@_^e`|wHFy| zp*x8>^iyn>JJMCOHT$CoB8grOi%c~d_Z2gaF@0#@l2D|Rv^2;2Ob|0+s%?V|A{nTt zIXu=!krx$D2?rQpfB{YcsPSp_u8-nXx8u~9q=u?OgAl@SgzzK)TCJzHEW^}5!Nw@` zZCO)OFo7FO8z&LXGerzj5lTNgw1m;P6f#oS=k|3+bS1MCP~=*nL+sn3SAOtz8~42b zZV;1Ta`9)6JmZn!$dwITTZZS?++KFp_8?N6Y7`pZQ;3gG@LZnVBnTu^?0F(Or9~vA zvt78ib7}wpAOJ~3K~(9bb(V4*OZU=tx+B~z6=T#2EJgmU2A6-~$|wCw`?W96D#m&^ z@aU(>#=)GCqD`ed5eW)gs%`4;?KzjCEz=axYs>76VA>1ERY4(nm;@y9^yDTHLle}P z>spjBqO$=8Bw%?&%&z%Z;zR#zp!CgH+sWHuwov+-Wu54Y)($xgV6;N_o zw#awk?AHjb+)T-sIuU4MD8re$yV`;}?9yMD?g0jny6e~m7+`-w*#X*?WvE%NbEpb& z0@4sd7%HifGlcV7hzO{irq)I*iZVbg!>*K%#?#>ct#7?co6F>`b!2V^RUhfG5H zAq1`?{3U+S%E` z$}F5de4^Z;&%rG^vW5y1x_p7o7r7&M_K_EqOf;n#l6Sd?mb6IvKAA)mi=`YiGL-E*|T+rV_k23O2w10}QZBu!t*j;~)E6_9V|RB(U}o)PxZQC^V}N zL#0A#Y=c7ZQ9y+nj9UnOLW-`>bvNiTh!1H~XGcU*i7&g)Dagd~RS2hYfp`umM4q}k zI&l9-jL!V-N@{0?oy#sc{M28SE53%4ZX-yHx#yPTQlLh>6xoyFDTdq~2kBq^OwNnL<|dJ+G>0x7maw&LyRx!^cTpvnOeQD+#Y5Y?7^7QgW@n$iB7I2zCOSu>(fa!O zXf#S?V$$ET5?`p~ZRS2f3uq(sT>2(PZS->k_nKiYucl%PXBoc=aH7`TLTh6xby4L( zK?y7YxYpQNu#&N*G}h8xHtAoKXU@_K9)Q}Q+-yfX_YG=1}5{T%+%ct*}uB0tOf4uCEY| zX!=$5`BxG3Ej{wxx}nF>c=|xU(%{gfchp=hKp8RS>owTl485bwhu&(2w3r4e)Ly<6 zzxI(?ZDwd=FCP7xdvh)Z9HYf3dGwPu?j8oUCTJsHC$nOHER-%ow^g^$d*z701E5Ft z`P61~%Hm|Zt?2!#h&Dcb&^v1wlLQQLJ!_b6iVNIKo8GUuMYT^`^JJ@AEz)k}U#alD8Tg{yST< zxBReKJ~HbSWjgy6g$e(;OqqTV3VmrFqeDeyW4 zsbWpf84!;~=>#afBBtvIR+rJHLcVoe%#d@t`tWVQ++Fg}ij9YPuw0O7$P2oGsv58| zFcf~=*hhAov5&@LJf!{pRW;yzJmvJxIR16OmNQ(E+;K&kMUfbW%70X@6391R9)+3{-N*OH&9sdk<>RdT=bIT zgN?s)nS%6uXJTz}+cx60oqPlGO}~vlRJ}A^a~zFOE5RJz3AH=TBhPPu2%&F$2$_r* z9fZIZ>#{XFzu3yq`OA7UShLXk1T=*WCQOCRIomZ~GRtB*Ob)}MeiPh8GrrV+>4qk5 zZ~k7ru1f>E1H$Wt9clZ?*g7)Ei(I_O%7{Kgp9&0C#IpQeOXw0rb3PaAqNGm(lSC z`E6>i?YOJ0*{YN7hQQ! zR_dY^63gyixmtI3wBduiAueUOnrL80EMqWu3abFIkbS5uATt2)5H2GewkWinBRw*O4omc|`qKJQg*2 z0Mq||cn;WezoLA9`~gcr-3wLg^R_u1@I9e$K&rFFy0~6gAnNrYO-!bN)K}O%SKQ|Cvp3|%x*y1Cas3?K8HYG7T3T}n*)`QQ(g zf9*y^~V3)d(!l#PJRoJZ;T+X)npeyw2=aUM=lkitW05PP-3^d4BR3&xOf2#lH`6;fgys*E#c!^~x=4pQs z6Uv>V>fes(qw}O8A)e@AM7JuwcjiFHhVV?hOiX+aUDB1p9B;Gz>UVxY!q4*t+!GUh zM9D}Tt+x)$MkbqX?(=1w#w&i@Iwv@s#D?fxlz7$%guNeH*B(3k%KS?M7gZyPrg zZyhF z0OL=ecpnDFIv(a;m=>Y0F7sGk)BFw9u-Ka`yD{YQIft2cx%Sja??=LA8yh0CA*Cig*fOZ2Z2Ovq+QfI$jBeREx+1Q?cbi^W_}ktwG7XowyJ+$altfd1 z+)!=Z-_0f)^5$2pU5cac;y(K%n%_=^L&!iFcrg`Qz~EM%z{b!l9&6r4C+&(q?7FJj zbb+6qnnJiG@pE{Kk|eERKqVNcudgkvYFQX$G`R#>IS>kr`w|e4+mUQP+tbs-LUVX$ z@S{5WFqu9`XjgLIW|$`y`XdIIU|9n?}&Vc#Sgjv zMg<^7W5Uqh(n7PR#_d0!T@Z)+3vj;X?a6cQY-UgzDaSBm#03qs>h$(MB~d5Prg$|( z5b4a4u%l5mzrm9M&dX8oJW8iSdnr(rm(SJARm*VwRCQN?VY0q}D4TPy&()zaVL|)p)5uBM9w%0x(rN$R z5uuKopezAx-84j*%!%A~bHS3kUiGr|Dk%r6L%I{R6zO80k-?~lokse0+ngk$w;z_R zeN^AZVOw!g&+scRem1~VhXxA$S8H-bsL<@tUoaogMvaj)42zPCM$bn4f@1XVimmmj z;+4kO0CG^?WkQ^U$Ev2MP4Tk{^tnkugfI`OD*@M;y7;I1uQO6g1LIS6o?E2_J!~`B zTdV^?N7;$#@4Xl5B~7#wLfNVvot-)i0IIUlwy2Kp=djVc&gQfMf?bISXU6~P5Nh?K zYjVNdHvWriCdYp(usC|HA2bTjQNM88H3Xf!h~IKj`8lG>6)a#p#Ux1#`N<8PzG%zL zv)a#4?cOIu)}yE^yreKHlJtDFB;lZ+N`tD!w=~J4DRW@Hh$YvOi!dD8K5epSB!{|W zS0=fkDalb~guDJcQuoIrCt9{kw_9H!4ewui`PfY4yL|OU=a?yd(5!3d7ZOxO)f^Lp z9aKB|MxrOMNBXd3k!{4hvn}byIRmQKQ^u5n5B2zFu@;J1_k@fpwV(A?x;3616PJq` zLghDxrJ0V9MgAe4d>0?O@8b$-UH{bcUtsha;?rPH-VorQH3$g)`!uB@UExTsI&YOL z@?1s*!k11Emm2t?)2{D6-Gd;U;U&*lD4EYHEq3`M8*IwUWd&VYRs&1QDzErw2WrC?ERzgviPt?T;2 zG}xQKP=7e|Rm}SIx)D>c!E;bPOb7q_#YGK8kKB2+FyLe6-^MC^F=Fc;gY?Wwn{)0( zh&DdyKmiUqZ`QvGFNWe-x&u~DStN*s%bt4uA56*k1(&GH_MmB1=w-Rm9bAk}n-p`- zReAz|!uIoLM(jE`xyG*yFpE3m@0c!Y0LRI^FBSkxtXT!ikA}ds+{dT9y1AFVoyFsc znXp;&1V=jAioY77(l63_rs;CZV6eI%hCj@uR~qk9La)L z2xwY>Vb^Wgp_H7&aI|GJi<4%fP|7i){Wx%Ze1OIl(&1;}Uzo=9w$#4nZ-KUwj45yo zDyhsjxE&RLdo*w(5EEe`!D(;p?c)6eau{97kg~_^Vd2ZW$LL^JuqV01`S5EOn<7g8 z{S}3NYZC5?K?WJABRRtjzRe5%8(j$g+SYft3YT+ zrmWPhr!%joG2v~c(t8X$8HW#XdW8y)0QPIaz?T0ss-j@O-h=qQG3%xX5+a84&Ik74 zV333s2&|J)-W#$rgZLL*R$%L_DQA7ll$xKPf9IQ56Q5I|OxUB?)tFE7UJ*>5{%A^^ z?q3e;1EW)|_>iO|ruupP9;urmM~!<;PTjcq*i-h!_>#!VKb$&QtpR@=CoWilWJlJ4 zPCLww0F@+dO#M48oA)ytk)glKqlz12EYr$qPnTxyNYt5gnWPTK{1F_=n5K{QSh^Tk z>cw@Nm4e^6Y#-+bkBi@&mm)BNk$3Xb=Mm1g0)1-Gpt+yGfpsY-6b-l0&YG?TD`w3s==y%EIL8wzHhlv*&RxjcX*nM84sf_Kj(5Tvb4} zSzWj!XIf&HsB-`%@Z!qA;3FGRpt6wLv9bC;b0*D;BG{EaufrLA$0E(4C`~k<FmnJecmnJPekPkY6pt&`+6&%0$U&Y&!f1#fg${FsOf1GPPYy%S$Gug zYQ6fMhHyi+d<5@~UfV8ZODLMt_Hss^CR5od=z&g(COR;E8kO#B|A2a+BTicz>LAm5 z%}bQpnm3fsTsf=r>V}~R%rCV&xcOanG;jcFccYi?v{g1mVT_oF;|VWA4|a92fH`!Bc1M=sv3&JZatx5|T`G_97LvxMtJ1!_ zfe$yX86(+L+i&){V%}F2b?+Al5^Si6(T}2OCq-QtPvdz_bTcF}%;lBi<8`)k25M{z zeUQ&5MWUz8S+tO~Xa+ZfgI89b@#{Ottijy@^cwkv@Qh@2z(;&<~dq10F+>H zg@PKx$VI#E%ZW)K$6IwY(F;&P1+%(IbmtQ30WB-bgI zAsB1Dd&EEg7Sh>PLtoH1drrz6QjUm;Y1FE1+~jLVphPlO0njM!zy9>THlC>OdVCJ% zO&`fKO8Ms@S>DyE|E$iDtR%^tD{n`h!x~d9v+!n|H4w3;FJp*u={2-a4I+uKLF0hd z8Rvi6<{3Vtw_B@2(AUl-CB#-4k0_}zzU$G2hvjWkLzb*( z-P+E5OI_Um5M6b#2z%G;Y%8^zTlLay-|-F~fUun%ss6Y3MrWey;~p$qcI%=n*>+;t zX_+G1TGyGruCWb)17bSxw+`SR=nkxH>SKF?wczLB`H5i|)Q91g>4YI65V zH_K7xS{9m?cb(s+y`#Hrq1QHobdTxoJr4t&6P^7WkErN7pBjYe78`%T=6}d|@6b|% zCC>?dz!{?c{!FhaN`tbBCTRBBl5V^k1jz*4NN7QdyZQQi+R==Jv)`Z}dhd~r%M87b zpE>^uput6&?ozKZx$l{=9Jw+#({a705{<9w{1M3HADzyiIaSqebwy}GC$gOXl9jKq z*+$@Ul`;^o`0$GJzRjoBLnQGfVpP1JaMu!y}9 zSqU~}#kUjJ=3SMt#HW&4d=HooeNOPPym^VVEex^nQ(f1YeanO%rafK=La;Xl_qG{j6+8jbBA8OnpsKWu`H+{*=x?R!)_wCypgg-W{- zE6?}U=>y-SVcNQsxzD*E}M<^)5h4|$dmq=9aR(rQdDP18Xa5hCA6O)sOA zI%XPook}}WfA(6a_!(8Y5Go5-b`X}D+NlZH#w-i0^8PGT`B+IHNE9{v1D(EXq#sXP zB3;k;U71tS1AV1#kS`*=4?x6RJpMyugG`yuIn%uMw776bT2fLMvM zKh0Cp2c%uk+g8I#GdX>tsBm%^R;W^oQq!*0K*$elii20@r^eVrFL;K}2xltbA z?d=VAT$iIGuLgK&fLB?|Gl@{DIP`Uu&EB&bRJ2us+YhE$f?sw#bqcp2=|Yd21$6jI zUi1|Fq8UlcdN-bPnw*9jboL@>fwAaReEhb*gIqX$avg|$1V>fG#EVNo@FcpU*EQ5h zIn`g{tf_RI2hGE~+rLj3=v2FFb%Qc^v6WF{QX(mLj#m#lQybdmuZ5RBofVTei^W_H zB&h@X9=pAni-Sx5eyLpyWa%1CBtq_m#TS~7#>1|$#Dk*=?C!qyV9+cQ`^~OpyvXXa zn3u?cW>m_4)MDa&vi1RO(nN6rhr>GrRVmN~`1a=Td#_w3JA7T+ZTo}4k|K4PRbkOVrOKxun%tj87h8i zz0p~AWDt7S2wwg4$V@KZS%d-2pkr@!hD(tz7gA1(sg}yY2!>O+ViZAb4oX;YwR~=< z(-v#!7~>dBRakfU+6O(eI!ETb?drdJluB8RHHwCnWBVjASSMS0QY5=5_*?m-r1>#D zh_vUmSR0Ju+J}<#H|4!=V|zwPNF_JmR_`TNFoF6#kBeV+M2Cj zfV=$KQqs&x1N_sU@>QKexdpxC%edXSkTmy0g8>ekFbdf?xp+=kqg{wW(^qVngIStp zq)M3v!|vWU{YnZ-u)8_vyu|A-OVq+h-mGSG_V(vy^dvNRhWNY97XRLkYHYiPYG ze`F&WC(+bLaxzd735n#B06`UhkoD+g1;vx@xZZ`6+MOtkM8O#%Y0As|X*TrF60p+s zpx*OhykW<&xqoz3FYr%dB>bMu^lzk8DUL&63a}u7oy8pCJetKv0El&tw zjSo9s-)ogczlfe5?|Ma4Q1dujEMBr}Yj00yTCv;E^9l?DyWtC6%UZ_ev@QbDuoB0M zq`OOuOil5z$4h@8EH@Ws3B5#W3~r&Cb(`=T_de`SHok28ZjOtXlqg=tS;j$vxTqu2 z)A7%7M50maOh-(m9kK`1*m0{QwJNmp300KGl}2<&S8|&?HTyGBTD62km5i^zQPtwR zqw=!LH|iqsDumxJZ*-NxU-%uXx7QaN-!(%wNGsaV?}&QPj2iBBaX~_sT%7mIf{oaN zN+AM62|Af*zxTxvY`zM9#moNc(kvzElt^UNszRf66>u1Exh{Q06Dz;RYe7}0Y$T{B zxw@Xdx~gu7!7c&hT@lg$Dk$$#{DnJ{5vCudM>KYRtHl$)1q?#r5IDbVO^1~}e#F+x z2ol_oQhA=h`fo~xenxQW62(0l3GV{_hYPl^H~FscR~-;4fjvr;q!17owAa|E~pjeV?gIVII8@zv+Av~=#6^X3X)j!j|AOgM^uZHPKE?(1ByR& zp`_W@j+q3xPdngepBk6FXJ`cKaBPH-;WQeJThhOD1n*+q1a{0C`l;NcX4l*tL9N#P7i+c+hhY znsebPku-f-!Z2N&NsS#SCpu6rfpI6DLSFsp3I;yc#^?HHa+y^U$MOhVCI^ewu9454O*$un6Gqc{`oU52XWW|qvn~!jxEm(AKE^Tpi zp)1psrX1bL`-1m<0TpyMHT_nKPk|Iu$L`m02CF1JkAwkHzs5)H6!0s*=nRoDU;GxeN8r^o-so31GU zNb7EjiIhPmQspRnPr<%)%THE+u$1Y|GFxx*fNk?iD*P1Y`kHxa9}J3_aVEca0=+>4 z4VcLn-J=uMnlKBIO6_CY!KI-v;&P-VGTbF1-DqGbZc zN$x{vQvy6Usq=)|SfPQ{CR7S0Gto6In{!^!F6CtthU@4j#9%Q=*{r z&pQE&&O#hAbX|+)5=!?b{pa-x`vKv{mV5rMq~09wPA{q{W*LslngRNGpo!w1AC@)G z3(%=|f2NXYOP82dE0r>BlHP6EWN4&Rldf;bP-s;4E1WP6n$K}U`!F|^=2lQ6-UGV8 zo!hQKs}tYFnuH$$2ypZ%*McqvAmI%1XF;`<*MYxOkkhsvfvM6jt|~W9E-sL@*FS6~ zq6}Nr&$EoTJD69~2ijG_xS<(x%LZ4MX4uAYdpqe-e8V5bOwU2T{eIplsHJTnd%clb z4!ywaykaZzy>3X+=h5Nz!fd4RGa1<9w3A&9iL5E=Zw zIVm{X&vT7-6DFDID^S-pHz^*Qt0R#)8ypU~Z{lcOBee?`mNPm#m_f0zyw1JCbY%alnTWT(PY<*}JDoP+qlNFO@3hRwye@yLr-a=G+6@P zac0YJRejeA)e|;db6UgCrM9Tr?yoIkOg-d$8UkGDmC77IUT)S75pp@ zQ3 z0hxL{kZL#w7fI_(WfVXE67dQvs?fj~?xOy+21>Y4_ zXGfBq__sGC6CzPUOi+Dc1L!kQ(7)dl2QLz<23IRcLGLG3c^*7*_^)t(krNzTB*3VY z(lLi|jZYi6Px^Xh>u&>xIFj&Uh^yW3U5>lt-!)yyKaVxjpoG>#f#p+Sho?P0;0Jba z{OPc$ztc6o1?n3f-O@M8D5!Pht`HrwTjA+|qp#{M@Z7&Eq8YhIxYEnQ&fMWji`-uX z^z_`N_DZF2B%0$dGjSZ0tK1)ZOH0#};ZQt|V2(H2t?13T3mIY=kmcE@M@xY#bboX) zL-yECjolve_NVUjCWI;32)Cz^o=`emEwaX-)wwrdYwO5H8ff{aBH`9An#$#6$hkxHx+q2_M7reV=AHtgyFc%vw}MCG3%h&_ zOmi{oCD)p1CqMo+KJD+=M#K1|qy!mbNUG^t zLgZ{yI4_R!R8&-|!eUtGfu1K(_-8j;b@ZYswZ%PQ#p$=ST5vbnB4*IPn&=Yz+v{jH zbArR-$c4?gYd~Dw^~Y0i*0J(Rg=787h6hjxeo7>nj^C^NoO<`({#o=GXP+n-9c96f~dowY!rIUerTiOZppajZgSRl$hJP)t$+kCFb)Xk zKx(M%)KPdSu&Xj;P|An25T+{Ty#|3yOw@)thIVamM?_`HUl84qJ#q~droNYrY_Cw^ zgHKwHq8J}N4B*wTA2z07dwFq^CrcHrbg^pT8cq}#phi%s+HKMWHJ~j~t$x}w9 zm^|qdU%7dFukZ%K2;AJEJ`~RkHvzTj8nPx5SZd1FWtQB`U#ixaAF zpju{LHT}LV+DejOB2-S*StOg!-`CGx#(gDVbULqT>y`Ae*AZjy^W$x&3_j{VM3rds zZ#DkT%!a9d>z;Tg`F^~%mZ8p6kqT~5==qu?uz0|n9_(MBt#o;LNz>BaUXHI&ZG^&~ z!MC$JRLRs+#j(#W&2f-iHxx|(w?YYkDY!BzQ}3adG%NbTT)z~>fQ zC?$DM+hceVjJ!a9O@@d`%Z9%lKa})@e3LU!mz+eOG6cER8DzE^LIkA3v|se4?x}UB zk{vs$%p=OA(C%uTz_`<|dmH;zv5elezaEC`cD0bWKi&smjA~)wo{jO+NUYQa>(=p0 zjbJ{d*%GTUD1PRn#>G+2nk7O36t4=l*v(d>OzII`*kuxl@^=fXrP+-z;XTX}{M039 z!pbIP^>fG0R%H;bB{p{ujm#2OX3Km;I#jveAT8v9RTUrVKbQCU74l;C}{jP zYz03PLO=9xGMt^|6V@}P3Ey_4+G?ve1JbY?_8#?1ZwJ)X8ddBt&6=NHf`=IK(s1c> zB;1%ytVP@Y=+A&mc_Lh8e9&=COZd{`M)sl~*#%qDg}0Ch5RX+W%+;1wSSm6m-`_D~ z53-2$Z+!LRxckKy8G5ZwuDzl;`zuWSq-{+bQ`(jh#I-BOnC5+} z3BW}gN#tz|JxR0L^htU^U2q|%`_fB?TuMrMRyrwr{? z4l1`UrMW)tO;IX}RbAC9*X6e$ETctL5{yYTUM0oVD4CVoyaZ~N*Iqc6Hl|S`H3p<) z&BeqMHuG2RiRY1r$-;kA7iuouXg{N)_&x_|c#P(@Lo{ODuO|;T=B8I47h&r_dhOgB z_K2Bt$oyN9(Sifb(g9YMx{Tu54Np-XoUXk52~RfCNw-`r?f+oz-)eEz(5~HbPF3d4 z5-4c%R-dIxETG;-oeN&orgt2d1)a5MheO%a8^GEm_F-4Y?6V}IJ`k6pQ2UZD>@cm_ zUwY8V%9HS{PbVYv(5jfJ$Qc+45eT#A2p4a9EvKZFW+07Xqh1q2k6cYa@kdTMac=MN zB)Iso1g&DVeF-JjBBgec)9|Bm-*O26st~yQAA>6>O0^gG=iM&^)31)Sw7#=udYx~_ zvOcsJTy;8cSD-?3;SU55d|{DR5B<+qup4f(xf@1wk?-xtM*4fg{(l&QvDDH7IDq}j zJQLal0wrGmJRYWDo-#Iby6nbI6|3ht%T@!fa@B8=p<|_z`Qn1jW^@?3S+2ct+v6%z zTeNj+KBL~Z;6{5BR8i5%*JB{RCNF<4;*#iBi|Q@jCU6l#^weX9$g0Qv)WMx);f83g z=VAPZ!`e3&XigKT(;#^}o!R>J0jFqWHf+Q0LqlW2f=05R&YEjQT*PH*j0gO!)!P8) z>;jz*43ABjIv_emNX14AT_J)+?cLxh#+)~AMl_t|;Dg)j1qNGENOzW#hz^wLJ zf}kZ<5=VOGz;BEH4`*=-Q(x$*3I224F*d_ryi0$S0ntbC?O@3 z0gu`crxU=w)PNe^bD4mlw#3sx4B=%NbSJbegY>*%&0bg@39zv2Jg_&{*LXkTK)bgTaN z#pV5px1kiT_8#wPM@6r+_5x=l7G%wdu`wz&q~E>1cCLY=!*vr@iPPLn^ChHEHk*Dr zVW8=H+H1*dg>T=3T{)^Hwtly7Mbr?XH%9xs_h&~adhDDo+< zU2Jke{cI+AX$;eD6Q?!n24{=wBg)jU0gY0B&EWzJWpv=q-WWN)v6mC)jgn+NH%a}h z-v*Nj+FXUCi_>PnU`(=vhagyPn$FY6K$K7O?U7_jCC97(4c%&U|cM(I&8IbkMq@Ivi{7x~$xm%)>hd>z>JIo}8feuE-H@G@owk4NVxOcMCEWhn z5N5;sD2JpQ9kI&_u9Yq?dG+ zai?NDUKOT|^W3G+*J0+`>`u4B~=+QkD`M_y5y#Mv$MJM{gThIE4&lepNsXvxYa z9FMoKXdmD)0nt+Kd=Wv_R>ux9mRi%_Rq)jfyW`*TVBHDfomwRzvvfdPYd8)^DSH*V zKkz!Na5q6`GkJg^>5?h7Ar5_#-Lp~?I=?u!M$Dx_4LaRXO(#;c`-kp<4a6R$kY&&B z=>yk-iPqhhu)#hJ$ri@1LS94-tn8?c{=zD2G5s%wFQ})*O);bTFe^@wV zl*X1_BFev`AwBq0iZ z3CoX_0BKZw)93fF#y%mt)J-I&0wpgeg`FgY;WL?`bj5_)BYmCB>o1*QNntHSx{acv z1rMfWlpuYQy5GtBbMR%M}|9N9O*>-xJl(2dv`PdC6gczINzk-H^BT^3p>s zvh;Bl>ox>Lx70CGR=X>1jtK%C60{-Fi9W0Z?$kfRl-_Fq#b%*4pJU>_FeqYEGu!Wz z8Z7%Q{32WZ!4dMfxwy=U;CNt75=P$?K5MRQ}arGUbMFs;@vW^jV4m* zqtq1~JKl@c^NYxt$0iCh0~euWy2sY0HpNat5VAc) z#-h9KT(n&+UNY|g9E#7Pc#m_Y1+1?N+%e>B66Pa96T6XV*gYy5(#kH!%Z&EnnW+9} zl>sQ>Q3CwkCYn*n8RefbDqHViCHr0&xc-H|m%8Bl(govu0yDJ#S5EYtPpwg; zTDkq&>RyqzTSW<3NoTQm%G^=3wOXL-LOrX?OM=8acXe}?lM#Zn0eWvYyRTXyAkS(+2maY?QSzcbEFO zvYm>c8$OFeU#EfuU zP8~Q^|N7L>Yl|mpSG*31Eo3exGrS38k_xCa@zg{5%FpLhXr%<)dpZ-abuz9XnM*MZDuZBx0l?rkdZ`${d^-A3}Y&ztf5V!B1GWK1`uPsL5kFMU5u zsns}Dsh6u|#~*ItB%+IqbbL544*3P@En|xd^Dfc5beWABu*!nfiv*850mA&`~;aF68vZ1i`lWb_~9~L zatVJJX#PaVn<;iII!|HtP4*U!0`{*yzYtEB_92J^pE{gjq+HC%`^uv6PC*@f)DhRM zX03NaimNIPBy~IY-iN?{*)$sV)qK&_W6Zk&^fX3EDH3HWOy!!KkueZMqSelypUjeZ z$(}%67!^K3Z!?rCr$6qcf+Zl$ZxACq&k^Ml2u0=#f)o+;4XbDWYSGvVv|EJ<@#aX zc31Q*`M4Y1uno+J|A~=dGAx^V+*a!9UCba|H>0R#1RrABla<5}5uR1!jCCmKij-GwW6Jq^6ZoM&oCr&GNCQ z9O!&SrjwGPLWZG{#)eT6L*5B^cD%Q`xp=L=DfrY%@w(%2W4fQH^I9jq{J*msV4H!} z5(RAbheK-7O$0^E{Ji2dWJ!ZnATjz@i#Zti4PdU;ILK}C)$r?qR+w%S7x_QEnNRb! zyg~DYLbdo-s<-q2X%rM0CkgXFA4q*I&Y+K&VsL`)P7uZ^D8M$qSi5KAwpG!KDO0rxH43MAd zzAG!}0KAqbYRl$mqM41x>_-A{p0Z-RRDNkT)W&lGiJccoRx6BS>1(oBoe~B@G6u7{ zYm`E#&LV=Lbsd5XlZvUAz8QTP2);6x0($D7Mu=7HduD{OD*;daaP`o&cb#yIWW5n5pxuVzzv5XB+?F8Wk4)H|jd8O(WrMUbtfGX5_RyFopmT~5xy+l3T%OPgA|1^cRu!(^ zCA{Q%Y(BFrH;p|e&>uO3Ad?vm<}#Uk!zcXzYXMp>awz%IvlvQv>;#r)fGPzNdYxq{caa-6~PwGYuAw`oEB=>r84^Bi>TAUBZ8PRe!%wh5k~j7l@pY zc5z2u$fWeU4MDE^Ti-c}Ibb{|bmi;vk)}EL=*lDUb=5yE*-VB-F2ctsT?yG(T1~cK ze2INwwyaHJkA^d9(jj;efy44PPjk^Bk#bCSawhsdY=Eg6v+l057-N?o4wRK}A!k>SvhG~O@bDg4X9Pogt%@MH|e z^|`bPaYSESn&X-3zHb4wciA*s+~bk!Q1PzXvuaXbYutoSmA>&zV>43Bjx&bgDb#(4szF~Wj$P3)_VTd7G%KopYt13En8m7v!U8WqUNBkk=k(FJ0o9MV!2G&VC-zT;xQ zanMnJfaF~V*>FeJz*V|^D}Hr6)SQ^>v|+ve>+7o}-<^p;T=MPo0pqz+W_Kdb$O!{Q zubS6sXE$lWtQ^$MLy3bXcz@F=fj((D<#(GMGVamRLcV8_W-Rgs~Q!i(F~dLsf^0AAht{->^#7v;Lt z9k^A|GwY5lY1D|a3$M=~q=2EJvv}4pN)E&$->%{44?3`CtxukvO25NgB_; zN&mSc>G=beSoJacJ@FS^aB{iw05{Q@BGC6?K61^h+lOgSK{Ff1$yiw-PRMAAeE_+; z5ydo&=rC(YB$H@H@M5Ruu<*DGe5~dit7jBSm8XDd(93K)Wg&7**2AUttn-Ehjq0dv z?H78rm`f_EV$ zW9yERvtUXREfc6dmK+k8e;sSC*ox4?5?yJff1So>DETuV`AtmT_n%zXNzb35z%b{X z<1`r^b+APYOCTU=Vr1DN`sb6sc)mJeEJ)&D(h9F8JmcVua+RM^H(E<9P+_g6LC#PIO31|!`4eILoh^^(^Y45pAjTM#1 zxXBb_`5|m9p`jQ@WKptu(HFl)j!8Y4&f)r^ZUu8G6QQ3Y=n17n>CVs>IMpSt3 zudD20!i7|}>nChP`o^KfA!JIH3Ish}{v6V00c?`adyx`<38N)kXjE)&7Nj%uYmhbr zHK=*QKa_}@kY3d8E<@@$_&p0fhc+ZPYKGMia|rY*OcpF`&uCysi?e)7+n!> z9hzOeB_RilL0;az-|$pZy2&W9olDU4mIH6bMEH7Oljqy)V?Xmn$K2_+K)L9*mI`S+Y0U`V66EZ1G65h|j ztjBJ;kocOR(r7*@V3p!@^8hVf&e#=ym7-p4?iAJc*1xXGnH`Oz6l+;SJrtC$INVm%e@xFo@SJHa zr28B6(NV&DtU+BE-Woxm6Scq2cRQ0ygBpE*B`$RrT!R1=mzyJPrES|vuEQ$41SUn; z8>0Ps0ZmU&uUd9o%2Q|0W9LeCMQrS>?du#Kzs423uoA^Qjf(;c(6uM0Gvpbs6VMCQ zO_T*R3Wg$4RO8_s{8M34ubj}ACK?Vt_uw5rRaf|y6e7);J$Iut7U|xE-`F*wb z>ssyFBl*>a{UWCJsL!ait%KB;VIl+o7m#o$s*$MzM`l>R8_T=NSXJ$jHT(xF2Bqhpd3 zhP3GMtPrHTxrI6ZIR$X@>MaRdbkPxcmNb$kU=T<6+0< z8+67Vdk>5K@OvS2Dt7;zrFw8!^2meD=%&fA-wpA_N00y9$S&xc_zI8Pzi_{|73BA) za{t%Z($7iz9BVh5x~)WO&i^)FnZuQ57$DG9kU0nK`s*y$98h76X4?}0^BgUb508J- zZ4(tg;a>5kzwa}nTSn5yilD*vSwNmiVeseJ%6glP&};9RxFX78&Ad$m`E0 zj;K=Uo39j!HW9PoO7sBF@$Jq>{MDf|E$x0Z>MvX)W0zUD>?osmSuKWSBRe$MpNzNz zb*lp%{J3`Bw$SQ`znAri-Q6rd*<^NXL@?P*>ivRKradz)EJd)0-%Ys9e4=*w=6eer zUXIJ+nU6-WqQut1n;IG#Iy!iAS)&rfkM zqayqV?=U7v95+R4?2vc|S~ZVDzv1@pMnSF8m7a(X;YEO0kS5VGESf}nxka7OsI~e; zo%zFKAg>KN_p(sFZEB7)kz;g03OC2NC05al(ps^UckD3l1W@IqL$xzVKxpP5R<&A0 z%gE<_+EV#H`={%=%8}cXPm#uUK2y2rUsq6l3^LhveWWDbR9Ct9C(G7=hbEZg;;+jj zdR>lw5p~5Ofm6;Ljnk}P?EP)QiuT{Yej!0P3~!b3o)K^vIA8zkuJ{lMM%X0eIoNnc8q<<$PtrA=BP^hBZx} zRz_S2L7otLauS)`*IgIyO#HV&R-X*W=wSe8+G*#ro43q zd}LpLrh^oTtbR`e!vpdhT({bSDQAf&$0<3r5AQ;TlS5P8zGb{9xJr>t8+XpA&|pe3 z`Ttmf_?wO-#LDSUI7&j(@VdaJ4`YrTbj$-MP(jeXU0~v$e$HlfAaOGOx>CWcfHHq! z1gM}ZTIFFVPBdaL#V@9%|4#Fh1Ny8gFtkM~ofo7&l8MxgV@00HP9L2;fa6GtWmD># z+|Ye(;w|vt{OtmlxSmfo@3BwD|LigEMZA;_iXc>K8R&si*6>u10y3G-r$B2%bH1mH*NHBHn?`9=ixRu(lu#k#GN zT$&6!c1#gx^7+L@7>au3qEnl!Z=Sxt3F(1&RhN^!&yC|`98#srehE|o@nMBYwfdOg zj%fpBHr>1pS%qRqm2KmT!BmCEz*%585eb62XP3jq#X1%typi(?SsGwl630Y$+jls= za^$v~Ve4KBq0A+E%u!XitW?w$XGkkivA9vVsUc!IG-8!uKeedhn+G40OZWg+3Bi(a z{mS+>RjVPt;34RAl;!K#4@Z}%J=iHq)ID*JGcq@-Qh~j)R{ItyIdrxKv&`>6HVsB0 zQO=^!c?(WRd(}KIZo(Pc=R@^@0+Uo5v9=If70MVJmz|=bO(al8%jBu?N)3*R|NEFw zlGXlK_b`s%($Asnh+h@B!By)`Y*{_K^215&P)hI`8QH6_q#@{3j~{2->02)qx||XO z!XcZTN!?G=W}N=7Dxat4N118hz11jg_Y*aiAgA5Rh>fRc63Js91?hjIg|YwgrtD-COv`bD6G{`G+wxxt?M;d|9NO2pZf}7fJcr*_3-hMMK$g7 zko5V6ZSi^6cKCAugerj<18-btz29Ljbbt%qA3`KY@xZ^;{o~D(>`S(H@lFS>nE7f2 z#*9II5Kk!%6)A}LiInwZ7H=7(%WQ1Ohx~q6z;dd86=B{o&@EtIveb}R4^<( z`h*Gm?TYA|bq`C43{FjKzABc16lic{Sn{*{{1x0r&AXah~`@2}}pZl4=0ADrR8-ssxpuw5r=Q$WhWs`$QKoe3FJ zQk+)Z=zgIJy{*>LlchsfI&h4~(EoDOP@zSp=q=X7X3RP6fqeg*g;#0cYI#Bi6w|e1f@d8jv16*2z$6W2e8{JEGa9o#vKrxZ#9@IHr^M zn0tpDD9owXZA{`9KbHvQ(;e;#?OPAekOfgMIYkV?XPL=|aB-<^03y4lU}KaJzYwL; zEea_ySnI#XmscE!rkP~U$0<+g*fiHSkb9F_tQFdG$yfHEIY>*B4OfaN;o}fCukX`? z(l941n(ZO&Qo#KbhDt85uO}=#W%--xHEcO?jc9y<(?@%!pLk38)mM zG$MEVWfax7x1lb+Ol&rCMa*bZ7f<3EGi_P+HwuJJ2fArJFf2a8V~)!fRf!?taM1Yx zB$vS+$OfeuSm>I8+6S2RvVahrfH&1tVa+RqI6mq#1v(r@g;$4cYieGZvDn-kwsICN zFbzvZm`cA?Qk4`rybX*ReCC{_cXGd^cODmGe->_g?Ja-uA8bqU8H4xAH?q6&{{Vq) zZ=CH!B0@CpI(L&~k%Hb^%Zv(}2w|^6EM1C29h5d?qh4;LFW@UbqYGIjWr_ zCyXwSuu_9OqX8eNr6CEVXUvPeDdttei%sq(Cj;Jk$yCR2O9-0t!Bda8E_Hhb zK_P)hriY-NwC_e9ldB2VO74)ZvPo#5i!lp4|4kkOgHnbhKNH-4lCXH*1H|#u*=xt6 zS>!r%)_US}`J-_)S=RE-iAmy(8_40dDj9^GXhT1iq5MGResY;^KH_;Y}L&)epC>d$l^jH zoGL=gZZcZ7@P?d$-G*(DsptVI(849NkLIEwKWt!(xO0ZA+!K!>ev{&0xdj~Ecy;Rg zKj#wW-E*Y#AH6*7XtY<4VF#yw1)op+Vd>>DOXMiP6T_Sb?7urI6~!d>GPXQiGAM zj0t@{WyZeN2TEhkD~T?JsOCQYxw>HBfXdcKP=AT&o?{sX7kD6`K!ub`xx3aw6lvt# zXyp5Gtq~BaAg;t-A5v~WhrbKwMHu>L=v#;6MlnWBS_IK4C7f~)XJ8Kor9dwHRSx>X zlcHRpIH3qo-bhVPr#uk0raWY7$j2nt7>B%27Oi<=Jp|$7-aaz{qLJX1;qzgQEy_-? zYn@=&nbnk{qtcO#Wt}I|lScjpr6(R9{ldz@`Fq`cdwZMqr!QY%Z^Y>G)z9PknFs6h z`jhW}|2(Ldszkz`DB&YFD5&93bTwu&9CS@+$l=AS1ZTMy!Qtr?pQy6d}v9DpGe4U+hSsGJ@o*ES(LuJu}WY0vHGshD3JtX2a*sX zf%~Otx%)(}d=5S>OyaOWv1;2YI^l!98wx~VAjA4KJEl0ti6+USQ#5{Mv&IQ+y>Pa11s zgqg}}AVpNwF^8Y#P&Hng-m}bN;hiPJcBS#sO6?}__@m5)suV)(49Ih$6g) zS!w0s-^&`FsOy+AF*dX)s^h23P5)$BRL)S16sYn0VbwjK*W!$M%D~%aAC4>vB2hbGoZCB2Tkd`%IT`^|5!D4z$R{IX5>j{jwB~-`SP5P! zp=ksOZSaz25{bxFfD|AcvHO*>4%qNRzH{T0WQ=DLa0g|yk7TR^8YRPs^N$;4FU3~z zvE!J{GnZTXu{Bc1Xogq(b$7)X+W33M7zv1tV<1oAZO^~E^COlkJpCV`z;knpz_qpg z|E})6tAgM(vQ#DgU_4*6yI!*W|L|4wFTPx-rw_#lf%8|amv!B00>XLRJ=$JrTQ0x+ zXNK49E|JUIS`$p4G9dl+=mc|sdGZNMUSAD65-uj3Xa4DFwP8IKCNigB}LJTY_D-U>8(y@Hq1*~BPu7Ju%^J(!Roj{ zInT=1dFvYVNs3hI8k@h_^3rGwSWzyK%<9jCx-2HH5ly+dO6T~4uv4!A%t9t%LFq|w zYIyQ#!}Q`sB%+eVF+!;q~RJjslztPg7bAy^eh}~JO6C!X1T~0+t!Od^~QZDbg z%E?ZGfMLSGYyFMKpylledWxMKjHa%3=m9Y!S{_B&laZTO3GjTdrgV_ z6Fpf+P!D{Z!;YyDyM~|uY1LtEn)1LFlAIGm-xh3Vi-C26j_#tr6zTfURieb(dsG*R zCZo*#6Ax4Wee(a^A|>wRSI_(qi(lcJ-gBA^oa67fM_aY?TWKQXMiM7&VP~a2X$HTpoOfV zEp~}na-5y{ChcsB6C%32TI{b&dN_Y=cp(Y9Hbdo+0heY1^+8i+@<3fWAmo?8DyKis zAb@<0ms=$*($cm^e8!I!^0oZsZH@{d&R=S1`mRRzA;~|Fu{;`~ZjTyMUg2uLaQ6RA zRHVW#6SYoLFFQ&W^Q5ig2okYzxt&>-p~c#rqw6z8QyU6QqM-*|8#QUmQ6?=~rQGoR zk)YXJ$OY{rvt8zmg}#5?q5>5eH^oFPK=#&7NtPRbvv-il`?d;Ci%%w+pmHq(?9F9B==O(LleZHNA1?zR&!QW2h2L004YufGgEo7TVjaGAH31VK>B{$ zBAyCbAJLbpzj1?a8%r79Ol}Ww6OhK8+~<@rT(c4ycvO(aQmkLIa$R(e0l978s2E*p z8cB!~D9P5g*&TIk*LiI7@TiOcss4Kb#R7&y=kZkf7ary5$Vr#Dks|NugtPduQ`R*@ z44*NSJAJ_-CQnTie;!ne>7vOS1K?xk|9%(>nLg?WSd%j!>m%(y(uUa!h)#Dh=0y3O z`B#D&tK#t&W-J)&xGl0%P{=6e>N@x!xjDCe!M5{p)}nLRkL&$I{MU$H&cTD()X#<( z&c{TR+}rd3>gosHg+2|CF5D6cz^0lSVn|eVV^{v*U+~@!PUD=+EAF!P335x_O|6JXJ zGRlI}&Fy(n@{Lj~n-YlpqqZh2CR(`&he^`I-#YLkl5eTDqi>mJk9l_|^1ZZNR=FGJ zZ@EgTd=58eB`0g*PcyOm#_0rip2HyjZ36&w@@pAYl_D@~h5opx@&B{{W%#G%Qh#*d z+JqDK&Rt8SmRZHFYHfe5LdkVwx@>OvupxRJxyj5}ytPaQSb*#&3;!(3i&`SdQzjia zW!(A4tI4)tR#cvq)!?u3A1w^k_W(6S>EZe)uTtk=dTt6x$qLZ1C%Zo<^+cKX%66Z0 z{H(4&+?7gCnCrJdEZ~{sYl4n)PO*B2j!vk<6&}8AmN^(etqaSCODC5MELuk+!i_7g z#<_;-0w)i&9U(B4NU&>ocn#}y&u|KjrA%c-8%P^6#9otUrL$8=bRVMC4+w3DUSxW6 zm+kbM%`noUGT7a^kK~dnvzQ+GNOMzwg1S(|@+{&GUVq2&V6lwd{*FKR-I-rS6z-B8 zi-nm)&(mU(opM9AUG3L)rTWoe?m~Ze!r4DY(NLgcO%$q0|G>4{_F%@YckkK%O~;|Y z8#x&ve=Q=PBPvN$y?nN4g()oAVo=P*@Dnxzsk@drWk9`To~F0#zJ7Q62fkpE-sUk`g|s@&~m zASfxaZUoUU<9S=$9dl}q0P&5Yahc6Jb20m#eCF$9SPAO_0l-nUZ;;=|YCc3{f_MTI z5SV2&czn03apg=f}%MR&dYwq#0=E10lMIlchT%_H#C(tnXF3McEY|qY41IG zll1>FSD*M)POIPz0{E`!3vzJ8%Xtz`8!5N8sz#c2nzdKdk-2IiM7571NrF$m^W9E3 zttrJyFr!}{*4$Q51v$(XAB6f=RYIzhdnB`0c5&(o`y9F2ue9B(g=Q1L{)hJ5{!Sic z!fX3I{2d3sl=&`cORIC0CJ`QTol*gFkk9T9ccH`ESKXaXSdS|WmKdxY4k;#ogO@Wa z3r#~(0ei(|({7|{8Zwo|L=F$xYZ5JGR5D)X!uH2d&;g-lpLj%P-k*e-7KZwEKRVS~ zEm@b9nd??~T$Yw{-U|gI*3eNxUwG27ua|Yp%Zv4a3~atZo_5sj-6Nze8(NU%u0lQz zB<&{3^IBg@gWD+K@^Pv26)o~~^1n^4+_z+_%PD3NXC#Fc6%N~CALo~UFYXHl>+zne%|kc9Uu#*N!Ny>PKP74?e5pi<;Ptrqf6-R zIflSRu1x5-Nlqf&t^0E4$w9EzMgWO^nwhc=3D1^KfG;)YT?utjQC!c7QI#0EwjTR9 zXCF%dp&|G_%D3^is_v}$C}}A6@o^38UI{Y~$j)ih5VlHlGf+*nl_D>EMy1U#KP4{- z=8c)N)Jc6X8Z-y(XhZAwR|t)PbHi>aMdP^tnZm|0u@>tHQvdVTIWz*v|2Z8Jp9zlNl1u|wk)4b6aqerS;sW9 z+ouSr+mvU8tT>;Azsu@yu;P_Ma{KRy3l?qK* zRl3k}RkSxkru7v&B-$*q-EkC#USfZk&K1SEAq+>sgW5?O7U3;Vdxh}nlnr%#Rk}O3 zV8>w>FcDeSZ^h9wqXeIT4?m4NHRns?bPu}3fcqDa3yaRyy0FrwK`%4a43iD9>rHFU zXB3kesTKH1T={VCmvV>ynpYz|%!Q$itTK|(R~HPhgyJbF>r@YmmKyl0*IpKwQ?bcA zZkM+fN;*(OXzr_UmgwOgfG2n1sq9!lIcXHo8gp`yy?^ zSpo_EZah-Sx$N0F!8_|gA&~Pi&6QQXq)Hogp_y?hFcja?iFn-=>_Ts16Ud>+U?w^8 z<(kEuwMYi5)ef0gV-)xfXf8FLsv@X_^OLs}GveuOg-%*L*htRvPZ}}qrZLGP^AOn%kuVQd!LCtGfw?6F*wg(vC z1U3ZD2dLFpKrByPbI{5Szexi#va-ph6JqR=95kvEU8u_&WmykT+#*vTtcL@o_VRaf z$62g$;`RA=qyHnH~$fm|&q zW6}_?^bAzGOWx#6rTREY^?f297Tro$W}3e$rD57b9Ie)K$p!L#gJq!=1tu<}D#uY+ z4C*Iq@L|A-bB8Sr3}~16avOJ`z|C+XnW4ABs>>Z&gL9S#k?)QRYVO{dCOF&Vx9c!Q zB_xp;xp#rx#6RZ+xu-N(E|Ar@TPy@)7iojg+%iSA{TpOy_slbaW2&sj)GZbEWBbz1 z9gn~L{RuLw)@;+pRl-^Pz>B_#FUEqPq+1U6@=#t5aZ=n5*M ziAU~~@`k63kHdY6qfdC!qCQyfw;PHlrf2u*I7tFMV;h};?6YG+jGx!#RKD(Q)zjD& z%k4@{;S>^W43*^Vq_$ZFw2J#3shVd4@^nEx;=D)18rSWPRmCZv2<5x6DDts+vO3uw zzYX1)VGtakkW0&2t@r4V)(c$a74gY*wSe9!pkqP`YOIam{vFbuAJ_(aQ+gtSrPF^N zr6p<9@rS`o$Hj$RL9>4Cym%erpGW4UM@rEqV$pBF(w9zo3*n|od+SeEI@OjIuV|P% zV2?bRv%wd-;3sUFmL^pS4qcgu1=_lp7zC~o;ifW1hwU5qHq7SAaZW33a=AR4QEG%J zJGM|fY&4p*+>@i@C44>X^V1(W8TyX}XkpGP{@dM!rMWiyLU$VLKH~2J2Ab~u|>f_h^)4&8oYl24@YJL zz^^rAI4&plI!Z`N9~eAiv9KgocVCLxe?N%@g3!>>OJWEk$o$8`fjOb}yBzb=?K-z&`<+ zB#LBG)eaWN=sI$*{9gRfxeE@nxF|=4#%y8l@-=ikl0llVuunvXRa|(2j*_-wB9yzy zhsDvbcxcpkr#qZnaSIXQzC+yc*Si$TDJkh_QuTz-g)pxhOjO>IGxgyheN!(f^&z(ODeIQu{}-IVa~pDKWv}Wwti_IJv2&_kqoJWgeETERl1(UL2Q| zu3D)6C3Zx=w}}NJXhPEvO1_+F@4kB!othjc?TH=#F`@pL%;`k7hL)!kuv>7!*=nB( zza|h0DaR>GoyaUbQio!q5U2~oKk>3#J1y_R3(4KNS7DT4uW5-g{IU z;BCtY*rn6@;KY*eCVic6Rl1?*EDJ3RzUYCQU#+9_j0V{LiM&`J1K<&~SlD95Qf77W zFCK}leFiCjgC9OPAebk6CC-=5TzTK`4BuDzuuko_3u!siN+M?32hz7-an3kDu5#&f z!>HjHNA36i`cGC#lwE4~!N9TSwF!S!_U)38BriGgq422~chAlME!NQe!~2M0wyi>< z%wYM@mq+qLCL32A2CO@!g72YY()rGZQc^#rWal&D z(l=!X+u|ltYQ0L=TVbJk6(oWSE~WHDOxz5E~*q5H25{dU%wt3B|nKD4h~KI4(A17V*>ig zG7H)jOcHN0FkIrLev|oZZT_-87|C>6GQx2S@&8FtFj^;5+umPB#V1Srw9ss>CSd_1 zS2DJdlxd+Fw=!S*(y9WsLH-;&5;AMh>RGt`FyyJ*+X9g7_3#kJo7w?q$&K-2rvaov zqey%rt{+f&MfA#L%GyD#@f^9D`^J6zXM;HNI@$SuW1~8b2GJq#DKdAcGHvP0Ul~^l zU+zDpkUYfrq-B}J&Atc1-x_?sBCA-GWO70_p=3zc*@o`jfh;$C9`WSjm!YuMji_=uyHEYK+Vec#!Or=t!EIHk zxut$#XU- zpXDl?6|fvrpI;uuhjA<$BF|jQw(gd(dAtGq{0QZ6w&WqG&&$k8pc1Y)%XU#NRK=EZ^Z`vC?BZ8Z>O43M=Xt8Z$3n3bPhOAL=yQ(dDPsbwIGs=Z zLimLw`Ild%0l5)i=}f)mz^P`-%2fF#8tp~7B`&vhS5$*fCVISiOd)=W5eCNw8$3CP z`c7%N^Y7DT9U9TF^#G_4-oJCk&%>?@o(i#(rHU~(4z}vt*n4SpHrNO#6tf!UT$tme zTmwuU732R(X4?>fmVTajK`ErT>#Y|m$2!Ssn)Yhs^`}i3b}}E$NUzD_PN_KtrbDvq z;*3>RZK4?Mj=o1v5^_GC6+7v9%J5x_f$duny`W@Li23(t6x3kj3->%>?~ z_HU-u2V|I`P!77H0cqA^?lGCE-&Aqlq@NH=?x@j~;avB^3dU&nj$wY&A0>0kvJK`d z^>!0M5YW5DJ$W(B7R2ko5|BDO9~3E03D<1~IWzuI$0l)O9{I-jZc8!W4Xi*`k2RCh zSsOwEec{wEwk=i7*`XxkRj+zPBU@uBp(0@~_SGraC4vpHe9q}x<0gdlFU*>BlzetE z&U>!hx&&av4oJq}IF8hJdL|d@8h7e^<;!z2H<2|Y#A?KA<{xR=E47@cWrIQmoRTw_ zNYt3%pR*c?maek;(xav*`4vkL!;ojgNW?ole(irGSE7&kcYV2UPQ;Mbc%*0>$h;k4 zHvbr-nO&03#z)-14y@^++U(P)IzJGyXUTKS#^%xC^A)W4M z7UiIoZD$;ahB++m$RNQa$5{${_(vaAn@yhMXq_MjMOgP=nkv0e`edWG^mDAcJ#_=} z&w*Z&9=cOy2r`Xm0Uja3GyhDk?BBbRG_wLcr6v8O zR8=?H38$y&x(|H0HW!Mt|8^%6xx`M`;Mz3=A7NrXsF{`}0jO@*>fR`D#tER^95Kop z{JBCQRaB7qW#Wu7~TgMg~e~g_R_#+Hq5TptT{I^`ZPH9%#aJc`$&sJa*7G+>GD?@pBg3C9<*&$$CygwQ>a2DGoCHwHf55cnp6x;Ij&E<)-=6 z+zDsXneWH0EWEr{$M9(JL9l8FWdTZ|BD&fmZ6MKS5uE>|vE`TzF`+%rxtMcgX~ z#d}hbbcN(rUNOoT2`balQq(zIVru8!k#^!Iv^?xsBP!n3lL_<^=FFd9s2Hl+foQS$^fMSDA=~Cx7kqJ&A>rJW2520vz{;#(t*c)KXYflH=f;B7 zOyBmP^8QY+`&%hs6@$Zyg` zbMYn2@R?H0mZp<5+hNS837t2=nzte$F*w=jfYZ_)crJ-7k(AiqP-=X5*IM8fVwJ+$` zZWX8PccB69 zu@u1o@SlWI=zf=$KaFC8(TeAypOvV2_xtGmErOUxVI(vjbi+5#pi`)Hm?is#2d zikN)4+^%r;0g;QgayW>4c1(Qa#wpoz&ot-6$Mz=gxlDS>7|zDai82@Ue^#9HQy?Si zY>$jR(2^E%bb~T2s6&{+O**IFTZv@i5-elt#qvpo_1XrDSpS^B&f6M`!|cK-i1$ zO5nuCF$Zv|R#+J-=I;V&Y}ebGZ3&3vW3iCdxngk~nP*}Rj4)3D22L398HWF(5q6uM zBB9Q~Z;&%H#xoj+h&vhEey748&`qb(pq_^foafiFmOD z)&*g^L-Y3;g!E8N#l+0yd1>;gYQ4oI7#?dZL6GS{Q=%2? z`1HL7;gUrzk_FKu(eA+N_mJwVgP}ZYc_lr3IWmf*N0@w5QE})h$fI!nXq@~6)}VBe5_Hw%%F`GG@tZsd4lf96;P>_ZLim zypg;E$*qMH=bCY&`NbnfliC;1D6e2%C zSLD%#sMomBns3-|w0g#&9$jqr&fR`UM{klfwQ8{qtnR}^&R$X|(rm?Pwfgrs0HsvH zRsD}S(ZKjQY6i~k9uky9rYedby84~7Dg%^o8Mr82!FClbHI+PQ6?z_AcWp?S)6VCI z$1uRC-pGu9iG{GbTL2;BwNqCE4;~#nV~LJ|5H#y}L)lLT8@u%xljS66zO?IS(793B zvRy1rz1oxYc3^@lg5DI!wJ=)Vo?u(J)s|qNtRm-6;?lUxskYhtUOq0@$rnluC9u;B zi-(h}k@cDWU+m$q3mtpt7YAv$PuUhR(YqCLitIEJT^HEH1<^N3ZKg*Ue8dglb};_Rghke&oNj7I8{TITWmboX#;8I>ClQxD7 zGl%7XyaGOxi=d4K2(!5Z7~G0jlCj{xLgzb}odD+Ou$*x5Oi&gaC=||2K$xMoFZI@{ z7^^3uHTA1i3Psf6FK6>)+Q@&{g-8BE{PkRY6*~~JcWV5b;JXEU9U_KyY4wdFgnuhC zQ4A$ml0Y6Aoc*(p1l*yZue{8XB@e#MbOw5>%xwdE1*JUC0bD=vMoa90KUh7-L#c!O zOCvUHPOClY82Z=lK~^asRhI2 z+}tAGpcRo2WUy3ljfcEOM3{`Mk!${CFqn{ZgZJeMU4ge=mk~^pHDl(tuY|7leBs)> zFEOWUz^mZ1@EFJJwK)j3`5mmjwwb--g|-Xe+YpIVr^du8uh%@E+v^|c9ZMs%f6D0B z;8lx(?V2=e=pQ*$Wwa}LGO*ipHYJAUUNZvKR=Qx46&sN^UedVhQ& zG=7kJ|3;BM=H4sDECVX4!*S39_UF){6UWRxWH*`2qxM&J=Hgp8>*voGUCY(xy*7d% zfUICkr%C+)vEd}b{jyf#Twb#tqt=+1XK&lHXe*r3fo6TccDADASM?9w$9};}bBu>! zwxTvhwi4mSjk^{BGWrnz`F=L_6|H$o8ky#B@i4x6(!Mcl~itoG(G$#nRUIG~>c3_N>`S z7|o4%oFVxy!M?FNoxP{h+9EBp< zeC7;UF7_}Ri>b-!b|&-tI=d~cBUqO(4B6_Emw?kFN^Ts%(nz8UyDN=$b$ZL+gzYvL z-E{W#wr5=B>;!bnk^-Cu@T6uLhmhbHHXmTFZ_Qh%cl@F*KH{t#V4MIB2t4{hZjpK> zfGSthZU#=%0NZx?#)pjk-v_4|F5g5+L(z6#iuI&poN5uoHphc7WMt!ZjuFAv<`)pQ zX|54i!A7{ggxPIbe|1FQco#nwk)+I}%i{b~vJJJ*8(s9t=w&r8xFEYG3lP@!yFjJ# zkviWb0X+zJE8VF3xT}Qb@a?d^7fsV;P_5Os--tfHA5n`!(`RS1()+?jr!r;OQvGO> z$r5zbvcdn^oaRai()@TfPjmN4#+OEEfq0&;06)u82{#GDWQBi#-=`zK2vJoyyG{6C zoZAOMqlW(%1+O+ebzjV&zU^aCubHlg;)YN>Y2f&PNabprjtH{UcX6PgcE$w!UWrUi z|IXQ47(hc?R4brJ;a~$_o3Y$k*e=9ct@4s~*}rG6A|LO*e^PIFa(#5i();Yw)zE-0 ztXZudH3)uPEJg+lsgj)UN+)Z<2&0F{l^{%X{bCz1Qb;Ymdd`L#*QInqF_~QoD!#Gg z%&`A5*sdiEl$Zp^MI3sOsY07+6}`lGP-<+Z(-45ZYH-gs*7o-`r}v*n+sngHz;~(u zhHZ&qRI<-X48W~m(mVif0#$S`n6lz?u=fkz>xMO7OYsOEW6u1kA2aWj(mKMb(4m$=9jiZ%*BCSMT zjRdbf6n6}~c>11=C|D~)A?LGP1LM!28C-r^2Zd1^{RP$UHxoJA@jCX@9 znzX@ss5*C_GRURV-09qp;O)U?WmEY@*PT{W1?0{`r4qCPHV0g0Js+FFA9T65B7YpE zr~+J4SXmvrSljL*tBSOZ?SM7HAGKdw0L4Dbzz}7f?F;B2=4*FORNNC+)c*zO~{kC%i$e- zDSMSJ6pOIG44J_lI_4aS)?JFuvciA4Yo-;#!UW33AKIG7To-&}i$hHH8LH`vUYmoP zlVMR$G6tvf!oj^moizKR2NXFehZtY87k!W;V)BXN%8gyCwsMOF)l=|oTNy+$Ow9St ze4ZO(HZ`X4H_7G<|3JNEzMAML;Q z4;!oGfUAJ`N)KEkvc2vzludc1?vzK27%>nUSK&r`QnIpi;7TvPeW)RwF@d#Rh^Wtj zqg!o9-SO3sv7XALJ!!`^4E3M=wUZjuz5p{aL5E&MFOCoA(A43I7%~y{IiVE64g#~7 zh(>(*Zyp;gfko44y!f*C=r@>+hNcVlUSXt~6HD8uMzh!7-eIa@+i#Xh(SGW+*s+2^ zz77Q)4_?bw=&C5s1hJuL?I9vHWzs{j4~WU) zEhYMhA2`#*edjz>fctKQuIj{Gs5W>~r6;-!992O>oKyG5GwgINZ%;x>*}@3JZaBwqvNb(erAxlTR#;EilB`xMaifCIm~LeV#XEZggSqIK>ro>QxrdEI zDGE%kzV`UvecSHs-{;pdF~8}S`AxSR|FNHa`v3f${rA1ITb?M5nz_5vpK;}geTcL_ z?b~)XwVK5vMvOp|y9bUv={#qhWu^bZD*Ri~+?c>RH^@aM8YRPz<67e7_zz98ei^~4 z2-_O{crg=nM=&zMGz7-j4wIs=c;ZAsCMT4UNu!_|nM47`M<4bJx5E|BjE_9bt!UF@ zvXKLKq)INdgITFOroFq!cCc`GMzWER>7Af%&s?9rOB{x%^MJFSKh|qe7kV$ut>SJN{I?+ja z8Pkl2*10+tOWCXWe4Y|LV)Pr$MXV>weBBTu&JXb}{{-9;#ZLrdBBh0FVD>OcDUDzn z%CrSCR+nn0)F*Gh+SKn^7ZSj>#5}@UX2%(LI2tMB?7Wa(PR==$SSM%r1hh0t7|2oR z2_AG)EIA7%cx&ac1Zy2Bk%P9PCS^gtd=VUEeJS)Y%8{l+P6M^AGgsRI`zVYgvnSfp zLnA)ptT7pD%j(|i-+cV1e>v>#wW=jBx%|qL|KK-vU-!l*fAd%4laF^J67s(V9!})! z$r0+ph!N*8%6*1%52V$q?L0Ke`eg*GVN76c6^%g%7aO)w$89ZCV&OMv_f8jUB#40@ zfpB;}H~~DD+-x@K$dY-UMev5+Tdw06{hFK;_)PfXHd9vmU(tP^nHrH(PsgXf6^=LW zW-mdw=KA=ByBeD=v|{XO6?!VB^5`;{4%qf?sX>ssB!*S%VYa$@lYscPp>;@w2%4eV z9wpdFRm7{`a)Go~TAZqU(lE`1$#Y-mbK3%seRH;6t*f0)^ZA@$r%!~6H5viCW&$Kj$nrlPI+C6)EPQaj0Ko-RY|?6vLxxWX`*kwA`oYdu$Ek&pX1(7 z9V?2?hAP>VvP(F!c;XLvKurj6hgyXFLD(aFGavFfCT+eP zB4lZZrr94Q-bHSKKnF&c=%DiW+Dao2RJSUjzT4DXZHJaggR`XPDV7nIP?Bzwb`&`A z5B|Ho@BN#tsyLXx{FRsd)*pQ9pZ~(@-n&~>^mp$27RGTf5TVZ?=AE%}pLWEE5!--R z!kl8mHY%ok`I3=yEn@pT!;oQah4!|;i?E86T=&J9giKXBjdhMRNMTVZzHiNub{zFei1QfaGquG}ddb&GHLv+&*VPHqwJwOyQim2(0%F`A+Va{WWnET+3SA2z2ZU}O-06Qh7y!bb@i;Are;&J+hK(W_#@D`+W zelXP2K=>i|FSA7T>B9_jVcqKh86~m*OBXZkK!5|4nyXM98)PA%G%$N*4we`xY#ogc zHirzD$}bQUbeW@t#>v|XrdU|nc)mD|CJouy*_qGhNfQc%95ZWftA)TBdfl9hvLEnP(Z2f1FO(3*>8TYY|5@)0ApfrE5)%FTjUjPR?RZ^@s>9a!fE z=6K*hGH_gd&1T5eOBgP}^m#9eu)oRaBWs%DB2#@(v>WPB=IT0TU=I2Ck|SYkjtMpn z@iuI?=zfWs;dD;@oy}$;gcRGeh_p9P88v2|!O=ng65BGF5l?()F_AqRzD{S8XFa#E z*QI#ytD#D-@FuMFdY$e&X9iO4Bgu`+@R>fL45qT-t~XMXl+^W4j5J=DQo+lWIG-gB z?+{#E9bspgFqrAv^cjyJp)v>!Netw2PdPDj>v+yfe=GEdi=lmEu}mhD`FzfU!Ua$! zDRU>bUvYoMsHKC4*t+fomKP>hl;MX=6Gz`k$K=dlPvGb~1k2ZGvjDlK!>?#E6Ef?X zPu8^gPAj@rIZCP&l5HHIoZKAxIPVCiGk+@tCFZhNL-mSG86OEP24~@^S{HEB*5C`J z79$R^v(N~8E;{85O3XVsC;rP{*;)`jTmuZ0_UT!z@{N>bQ*Ox&As$5ho;UDuOGNS_f=a=F1loL#Z~c< zhnTUPN5};@K-DLVO296%S=SLh6~8Vp0Jz0Q=VnMBD-$G;t7BMz`R529<;LZ4{+dBP zwkW0mhA0>^i6}@kCw`L;us=u(d3ybgq5X@BviSN}krUpqgGcRRwG%4cdtX0#~*PcyJGQzzHLeuAfhwFvF9{WOsLWZ*OlhnXFc;#bObv zji{WWU9Z>s`}=&LEY@?@I(`=FO?i{+7#T;yxxc(cj;jcj5J$qfZfBqd=1j5ZOK`(- zI@loAU-(#^_V@Rx#~Wb9K;(uV*VAs{YtB}Oyd@_$LJ+ltsS#!;R(W2{l2DQyw>Y(Z zZes;ud2*`QS)|Av6BmvL+9K==x42RFLq!OROs~vmd;XoT+k5?+`*o)olam*p{D*IU z@}K;Ce^OenO!%(amhQmPJZ#SdmDrHpiaKJ%QGz+${5crTqddcSgmAmSCAM5kv;!oT zYNr*)%MqG^&vRe-J`*W*M70YL^yaGjT@!9iuHC|l+P@L=4ZSOeRb9q>f&s87fHPJ+ z$A4GD?Z6_U*^M^`1yM!}A3>KjK}T&8V*OZ?FI%jIg&iFbJQrd}7st}5d|7+m`J&b% zrJuw)bfcna-|sh@pehAs_Ho!>v)6xlzn)E;?+}I#Pcr62XHI;xB>(HM$CgbT4aVnW z&Ffe{cZu_Y>ee8~ws|Ub$@|-a=2iO}Uaf&R zeN6qtY0`PT9I&$CXsSzVa3=QEql-JT9oV7r^-}*D< ztvXv~)A`9!Lz;pPjXSWm1at5jYc)FPJ(+PdBgdZaGa=Vsd6>vgC$di2EnrkAfi_Qxe9BkY*dJvE(U z%I|mR03B*N#nMqM@l~kybf9;>jmgE}&}9P`oafkPMdfWEi^YO#;qRzo8)K|*P9ddr zsQ}(R#1&H{8Q_Gb$(T8_M7v_WoPFD139PtW#D^bT!?oXH0}e_??`C3_P{^^`v=Zv4 zQ}GvFF+)>iP27;hWYg{v9#dqP&z$1Wivm<>8Xgr) zq>?^}b9_u~Q{6EyI+%D{E|&y*-&j%cd8)#DIhV_2Iy}gumPqlx+D@hqxW7h^9Xdv+ zz<4BzhXz0J0>M|O3GpI7JS(}C>2#_${W&m|0hY(+MV9I_(IGnsqP72DH=SDwg$%oy zU+i73r#|IE`2=@oA8U@N5+GHIgD3`+)e?bQN<~}PoECE9xD*0S1oP=I+@~SEYEZpv z_?4c*Cg&#DVwh!){pbJH`pmO{JmdXeEb8ne_DSv$Ox9B*I2e;^1ym@2wNX9 z;vk_-bcxY+oQ*-4F^QwW&wX3s0*O4sn7}$`5Mw6X9kM(p?M1a!MALylk0E4^Gw9HQ z+}~*l{EwV7p?%YGUz4h!!gpn~R1XHRy5k0$)(qsNdgkBtdh=HgOrQO{L0FpJa5IiF zP9FzAefaR$7l+x6u66<@TiMqaUcR1gVrayq z#xfWbC76~c7cKBXGqK$%k(%FhOPRcy5g)h@b1vL3v`g9~;uF0AO4|XUei*Hp7E*jg zaKKPUWtwt;)Cn%Ynv*1I&Q+ybz-sb|G1ku^qGFgAoQZMAcopZYW1WORLUlR}`<|XG zm&-&mCHVMoW%|pv>~o9UgwTV~fOLRD4z55I14gnmpsGV{iP=x^$o`CYN8i_r@RH|HF4^ew@je8;cT4l0&cQcaA31 zh!G=tLVK9zSK6sA@fLD0y=ZgU%K00jb(4V*!kEC?3dArpdKl(d4#w_$DwAiS+t&etf0nT3P4IyKroXE%eSW9}*8Bx8rro{t zW1#So&GK!vF{lj=-5{n+$lNu<5q=6;Q=G4@@OA?y7&u|0#nuuNB80HWpH&-kQbgDf zf?q}0#-)$fVKINEbGu?k9&;W-m|S`FFQJ&iKao3=z!NgEuTF9CL1g=()83SYctQLpzR<$x?Oj6scw1I_}WQsQqmn_(VJTMt1k)0S-yt4qhY-Ko1{()+ z2iAxYBMuDOl_J-GXfJD6X0T~())L~Nd4@58bwJQQ3IoS7r(39+jcS^skc-FsS`NcG zZ(I0w;@g}MOgBz9hwX;?&yTqvpX#oj$-nPcb?_>*18vS*lVL8ozUNN*?l-h;+Qw`) zz5d44-FKLcYPRuTr#xjep&PX8EE>XxDSMSt1~EpxSH6J@Ej1zbh;jLy7r(-hP+P=%KOX?3i~x5~Byq%W=N8D^bk>oT zqtbk64zIl71D*-#rYbyGnvVO4%?^0}h+rtw6HJ3L{oDw$xCB2a0e_wf3R*sB)6hhu z&*{>uR1DKtoa{3rQmvw=jBo)?XW<4Zb!krfv(d;GEi2*Y-Q|6cj`^&9*de z_&mp(rp$84aVYG32Rn)L)Ew5f1bwt3nBxjb`E!BldMN6mIl=;{uDULliI%scr>CO{ zxiY%fTGdUOP7{rGqlBJ67WlbmTiFgyr@OCvV;{=hFuC-K*{!!PKm8G>OvvxHbH+>9 zB_HD*SR+Q9_t47SxypWrPkvQH+LRNewI%P%<+TC<|r{Caa_72@sg1rwW@!V)~vDFvv zG7EIW?3V9J39QDr#bgY{>qx9m=)w_c1c)+X(D}YI!NA}Vl+A7?5^lU1*JM)vt8ai3 z?NeR(HF3>`-b*6ZDqRujoA`WP*-&Q70?B@DK^|%FX9e>4p63t7#uoq~i z5+`_d7fM*Xm6GavV8wl8_`*u6618Gi7qVfFBl0FRoC~m?aC3Yom!?D3d@+MS@la0( z%tDsfnZ|V!i{-wG?)wKFXgTx;&KgW558FyNuJB*Y*s$w@nDv4IaoeD|oDmFA&f06` z#4!~H#N>opsu1!##F%DXAYBd_;LZvw?eMG%r03I{Zk=3mdFKxF!S3zfuM=4M7C+s` z5?Q5+&9G1I=L2 z2AYkG$kY=Iy6^@>cbHD0FOo{mX0r&;WrTeY;^GKAfk%yb@Q<4bNt&^l=rW2$T+o*5 zrXXcn^1}6KKr{|hZl-IX61G|dODGd8b~;&H$RVR~r6?pKK9|_TT)Uc@U*4Q14kwL` zwh{BOZ}F!R z=JYQ&PjU;7jx^e`S`v^5@6F^#M|4_}NFmpk^p!qTrP=Pe49C@S`Ng}2x+Ht{f}6s{ zm&GR@%{Et{TG~|-RR(o@8xX6TcX$WZ0sB3ub-Cg81(FkZN_p@BNv421)R+f-ps9lw zm|L{4fM{ZN{SA{#E-P=s$L7yJt7lNC5?E&LL&r8~i}0@qoH#kc&qWZ0Y=~AuwO=Vz z*OQwkH;HJyUh_3=ym3swVUR!#a4VK`3k)Lw2xbJSteG~9NPM%|q`hy6ZN5~F3$ubT z|HuQ%FjSex>2#Xt;Ehzi&D6++uVM-yKU`5iF=Z&e)fBOyy8r+n07*naRBMXQVI%xY zvc-}l5ZzQlPKKz8G(;E7b`hPM7;wE16M==$%J=Al2)`)A{9>wCOngIVPF*#ToaSh| zM=+PUjGj>V75>{>f4oe(HnzHq*&|WF^yT>T{KdDnp-hqCQ- zC@g&VcVLMj9?&d|7;)aiH_^f$D1oznHCFVW3p1Wu=7eKRb!R4h9urtw1g=T^Q25;X za|t5+NM%;fJrNq2Qz>0i7jv9Kr>^dTE`WY#p$n*cMEQv!3KaTPLgv(zKQ_I?)T5ll zOeRVv?zuJ%wh)*a~F>TUucw{tpch0 zX49?sF-tmga59<9UOwc{+M6$Zj;dswNXe~ME5Qthi2MY%9g#A>oH|MWiW6<L5Y@NJ zJx8XQL3s|r08O8N;~;c8w*H*wuO5FSXHT^4^3h>B54!_vSbL&%tf%2U=Q!&8k2pdQ zj&6c!KileLJoI^nF@d!en0`D0UHL&QU7^LyIYz#R$3Yia(S=!2yv$ydN%AQPX3S0n z_vcMBAYoFmo}lsPr&(9C?S~&dG3+&1^V?p%_~SonEM{7qTeP|_Y<^Hw`v<9C+ z9gzCg*vFikZW?I(7w=2r&f@#;N?HllyF3cf7+ue9y}bk39OAv74^?(XycRHh#@mk2 zD4nHH5B0H%=ob>f*{vfh7J}%$ma2$D#39EBN3M`U2w^^-^R^~Fb|*F~;V5w56ZlmI zcyT+9T~N6m@tm0vcb{XI@p>#$mv+VKN-yq32m$Zm62hU(G}lWfP8PIFrdDg3rk*%e zxa0xY_5k4NZ`$6@t%rK{vwtsInRK5{s3%^jeI&0T*5y{DhU%Kh3^#!@PJG~hqwASq z?{brf=?KcgfpIuTok2W8F6Ej$-LL2z2lR;d9&B%xmCK`>iSXc*Xv4l>}<7)K8V#_?kn84Z! z3RnH1jCF7mI>HBXbjxo=ct5QgHCqvr!Hga?5z`&iVTKOgoPL=NnI(CSF`um>oLm`4 zP^-^!j!fn|hR_=pFN*MZx3M zsDaoQF(}v~S+k(rwEAOrYM^9tINQqZLE!}e`rcxnr>ZVO=OvREvYl0@{ zIHwRUyR!DL^2w=qn)`jv;RxM_?%4}&GP!Dtu)8<^&ettJ`0r~?6c3`K(qf2Zy9KHu-d5JgOi8hW0f+Hq zX;-MHSwjf3*^G#$(`ky=ls1beTL8rL%O6nt|$S?MjNhT1EVTvRt- z>A5&B8LMqjq1vQCaO+w6%n=|GOjWS^%oX3gg$!e7)BZ2)DQ6J4o0u2FR1{Cx0J~{~ ztb#fa$}|ZQkzy2b5*Fj4$IG+~vC0*)eDrni{8?IH_?Pv^nM$Zdj+qi#su>nDy0gVg za^^Qhb|XUde)UACwhiv??y`F9?(S|jo71OHFPBTc$4xUpO_>Xx2t<_LTk3P7`xTWB z?Nji%GH*b`TH^FE!HA>XLmLuQHd%A-L-$&!85^!f2^50O4)c#X8S6=Kb5fM_$eI4< z5dKY($a$f%QOi#C8ozw9wNTkQwRwmfJZfWv4;$wr&Tse@16L3%-%U&V)YbM)bCpn@ zXBZP$!^4S!$kHdQMg5k9lDf=ZjuW3ktOwPmI_B6gADX@$x@e6nx+6?3AiPW+tLVCB zTqK;WM(0()jF)sIMHB^h?rB2c8Hi+f7)1=1=*8bFnE2;Y3r&t*C-! zsGfk}*BuH{SeO5bKoQHJHAvtK_|3jBDNJJWdm)gTsEh3i6$+3=;sOzpVuEu{hcT-n z&qYd+bePTU@_k#Vv5tM#69J8Cuy*5$5Z4r}=%z_W41s=PP9ibHe!tA_m-w1Ka>}Ne z7tdJ;ee9$oZL%g>Zp9ZaMAD!6e7@OiQuazqQc%dPr1-=yQ;x>E7MEJ$bQq3a<2T&TRE;>~UR+y; zf5eC_A-6=DZkwn@=S!YpOkf=lbQquulth&Y&dOKrF^BfQt!ak-%9mU| zf5~v?2Z>g9d^EzV2H84=Dmfw!{UxLVc<@bkDyS4jsP;F7`j#aWi$jg!goV@Tl=p-t zxkY%Zpcn|g3x@AX=d@acTfkCbb3YoB;!Q>Q8g7? z>$z{|MR!CMeorEo$t?;vOh^X{x3%ZaOcyhSGAh&!rrH!%?DK|JF-$#evJl03yD`xF*@9)ROXPql)JBH6t!}byTO|Rt)TG%{&YB>97E%@Fkqh&-%AuG+6T!BZU~8}# zGRHnpU6HV)IWdWdHk-{;Pfku;)W0Jg@zj(2G1s+nb2OlObbvoJx?~BrA@BVj5}2#) zh!KYh!i<{^OxszR`^xmYawS{M8sVf-#*)Ms#{||^puH~b_~v|Vb>LM>@@4zv&9 zxLlN3dL6BG0s|2Plyo6x?p8M$76qKPLOrH@2~J{3I)aN(RLY?WjIXW&sQ@2Y1nY33sGfQKov7?l<9tltL}>xRZGf zMO0yp&4u^bj;OFdC0{~)LlcG{JFk1gfRfxi^6=&>_lo!`!cAB_d?H1{<@MTz#>DKe z);bh|K5xZ?LiMA9F-G3Rl#V{}Snw&iBs2l8F0LpJu%RhhyP`x6OAMc$(YfPeC{^7r z&S42|aS7w#lfT-itMNsZ09mu#YM9Dw;HrKcEN2bHVq#>4KIjknU#(R7jxe)ssNXpy z45QP8L%eY!YiXd8m<39pxkarj=T@}N=S(-7O-j2jm&;gP?5!)J1~&4Hs#OBBFg|od z*I3LKyH8nYscF#6fpEq}%pfLcUfMwIg=sd6)RJMrjlKA-?y|#!P)>)>%{L!9hY76B zHy5T3)^TC6dP0qy6DSXO_ zh>Oe{_^Gs1WGnPMLI@2EA*6OwRH;({spH4q@Sm2jREX7QKE`B6umE$AygOZh}c*h7u9504RA%!+X0+afD4$6 zaW~D1Cp0=!=}z0VZ2LMOp}tiJr`v**5`cSky6b?@DN0dtBC zhygEg&)FpbpC8_sdxoQ*}&W zZ5KS!g$r%DB{dxypR86L(~s9QyZNam9lwJSejYSq9;$boONtIUvyNb8<#Rfz(ba0j z-m_1^c|sstGXMxy;#vFag7Wf?j}4f>n%{KG^xEs!58S6)6iSlwfWjkBV9B zsDTg>Kg2b%; z2n|KSJMTEHfOWAXN`})qIy)xD5j(4W8lj)s>^CYiDTOzu4_RS9t2YW(lxegfPJx_l zFQkmjI4iQ|TuW7my}w~Bq>x)cQ+h%qd2@AEk@gkx&Gqk=zHGOp7Q|^Pd&AH;6CGdX2sDZTX|3> zwzmVznHR!`(S}GYe+P`Anm&hJ7%_q_;5@^az}h;>wWJkRFF*A` zqF*gxpb+!F_Cu?8{I6vC3g_8UGb& zCQ@C#KTDgeAYO0x`X6aUzY)tjJ~jbW(H20P3+%O!QcmVVXrz`>G&1RPG7F*Fnj}U9 z85Vr5*XvZ5ZC(1ydkV;!XxIg&%ok%(J)tIOn$`w`2l1S#r44tp*$j95u}a|8gj%r3 zkFeF|L+oR2Mj&w%RO1Zd0(>Hp8%p5OG?knz*QymXhrXxi_egWnYM~c}1t&s196Dm^ zX{9ZJ(^F@@=Nbx`^jxEcbmPzzX}7ktzD0ODDqcJ%S`?E)OUCD4>mlBhhh+63bbcLb z4;YyXf*bD0nkiAG&V}8>l8qcJKK}j_Z~c{iz37O=CqIPhihUOkO=qc(MPdxN1M3Vy z^)5own3xY^b^9bc?d$6L%Y#8~7wYEy46>hN7H4v~oXk50i--D$h{##`+N* zfSy6QRyl=x`qm~v^9cusZ5hyN+Q_iEwlzx33_M!3izQR|H=E7O_m`z~fWDZ6>aMna z5&-zEn4-DP3Qjf;eSP(XI~zMyj@|G5A%c5(#J6oDF8_I>{+CadP)F{oR!nxrfaJ`8 zB*vKXASHorfb>WaE5Oa*4GkI}D%&+)ganO>_P9}M# zowj0Yn+eUE$)3Zu-`_@r4BD0tus({ve(MhZjn&&iYf&MBwGgDw=1`i&N*dC35?e16 zh||FmEy5nfjFHEO_&n52BGVLhRdmX<0G%Op(i8=Dlc#FuNtCd8_`&6%9#lE@Kl~s3 z0yv<3`gp)-R6nZsNDpG$2{*^IwJ7LJG;7}}z!WH8uiIa43YzTp~ zRM>i>bCyks-gn1q zR}}Z}KIOKz@X{=xNU=}_1T3f+YobYhiJD>(HKrL8dnAeZMN||EKNBp`7)6aHYV1jD z*cA{^1jQ23NLP^#Z@u?EZGV3(&oF0ZcFvymJkPy%zn}N>ex7^I?(FRB?9A+(J$p)E z_1w>Lh7GeqF1tI@ji2I@iBA?tCTm0R_s&37dC<_nW`<0IsuYZkrM2iJ}CML%V3l0Fh!O4uexU)gcS3h%J+)c8`F z1NWVb4tN%E&mEp1+>(oJkpj>WJ^|xBFL6M81Y^t>3{xR1$BF3GLwAXe@w=s2Dgn*_ zKW2{CDkM5GWC|N(Mv&^Hux@pMbC@RZBi_y{Y=|0*r$3qFKrl4TDq_GtqBp{7hZtV5#g)I7!rJed6FCJ`~DxmFDv2^kd41C81GqH-xp; zE-a27Rp&_}Ze>sZ;&TZP2F(aEDXoNND8<- z8Fc=G*AkUh;kIZ8aVv#tm1xK?r7BuiWT2LTj%<`8rXg+|^j5&+LP=$MlFq_t^8Mqy z36q^ZoHs7d>LT?W%KTA8E4XmTtzeU^m6fl2YBb*JJ25Q(=f9cWYHqQ3Y1;sD=vT=? zs{8Ls8z?t6wv&8$kT6h-dMneswDn6!m^wu5#GP1z$9hp%AAYUOBW{EqBV3%)(NU{^g)|;g?&3e&&F!amN+jthIi2;|Lhr z2Q#)3HoM=-1MgQ7)rlBJ=Nz#TqHII9f{Pk{W9AK#IUJz{`6>UJGnatPzB7nlV}#90 zaKZ?Yv$%2~FHMWDSCi=v9KuEaR6vmizi7hwBO>I`)F7iKzPVW%@f7f^!5bJIf{F8t zHO3Dyz${@_;eY&NHqEI~Hzn0bncs@kOk#d+rJz)H#bLe6Qo_twy!pL?33er5d(OM zRh%F=0l~lgz-s|1oVMTxFp)mq)j@Jr{TPr@B0OM$^F$AC)MYJCXv#a}+VLJMi=qKu zi##*H=_IaxxYw|I%Z*Q*fiGH^fPHo>v&rv{(8)EpB!DXe7IqgH8 zA}Z2uE)h|53dAYE$1cP$ZzZ=PREH!8&u(zd3F$2+C@Nm0G%Q0*FLY|v>++76;)@5d zN0wRXDtuyyV}upVurcC;TRp!3uX-p(JC2Slx_B&q{9lJZzot-?D%kbLmzmWSe5FLM za}h(cxgA)gdqk{UN!}`hw=Sw#Ax-n;r`xZDgh@iT>i8D<5t<{R>)83GGq4&&DDW+f zTIjgIE2a*e(n5@{VY6{yV^2R)fj74_P1fqGDjX`mF@m5jb?&#B! z-yLO-UlCdAUHrAt%AQtzTVT4!J+yuB{f5{4q);t4-n&uA^i0f`PcCRc6QNMkx`tqa z_y^GkJTJs46C!J^?Q}Zx^Yg7%YcLr2T}5Qh0v$ZrhbKPDY}+@cgOM2BcGKwl-!fT^ zf)-&$kWDmpyyr+XQ~rP0a0Ce;yg`ZBIw)zz2UKAq#+boiKvF7Lyk276ZrAUSf;<;? zw9qvyXNUGck-`Rzg$J|_1$-->VPG4||Hq<$KH?2u zc*F@;BX&p%mI}+6g#jT?N;*g?- zXagrG1$iFycmBV>+3OAeZs+EU^`SUcKJ%gB|6HnAA^&4C3OSiGu;M#K9O&d{C4q}L zc_$%Z22r~usfA8xLb+P=3~2{eBbd55#^7osE)4MhVu(Yo;8krRH zP?vGv;Y4=)N*zA)4(^h3rrdb%RcK=3Mv2@ETLh9nMdqOZ*v3w$<2QD3Y2Z(f!?r1+ zGl~jX^*w96%qE-@`4i%b?vdWX4>D?;laP{|toPw1Lk#f3ChMMZD~22dp%#(`k#js^ zd{*u#kc)UYNHJZ8rJ*=eZrn<+fvXg)E^@-Jn^M_2y+>SsxU!L%GRi_3diXQ6y^%0L z8YrJPX=|&L@F28K~y>CR zL|Pn;M*V(&Wo2dMgj4L@4~*wIrc=wG`4CKGo}c2LjPoWg#w>d+&KDpT$@Lcca4O*w z_^}d0^}>wazC%eV#hRXLWE<*Hzd<9P0x7F=|Ak6irirXAMt< zlM#$}A4El!v=nDXAxnPbG7|&8150VqBi^ZT6ym3M;g|M&=pBWs6vFWOYj?f=B_{mI zouZuEY>ZJ9*4pNFU^(=a)l7?Vxi%&FNE7%gdu)ayO(~I!!TdCJsrQS9ZLTiD^Z-3tEnw<77)jz?ibg z4{_B>bG56%@W!t;0ocQ|B@aOZ2o z{)}zD>>(4`IX4^*O}oAH)IToNL@xT@zHoH&4fqPoJK%vY;ITEc;T_1NBq0R}Ae>1z zNRnh7#T_bd#h;_cy8|UTSNN96j-$AcBg;!%9r{RYl%g0`+BxVcfNXi1i4as;;bUjU zD{bCceI*mqir5^dPddW86OtGY%fwoI$gon0)pMJRLC97_(g7w#v6O?Tz5Gfj{0K=k zhBsa9bE}iWBA<$?l;#cJ4Vg8ud?6RmMBt>u+LrG7c-)w+E>E2JdBjUDf9M@%Fj#u} zbMv_`h`}{K+4+j+n4Q}r%jfDgvFatp$XctPW0eC|Hzd`f^VAdxifV*Dd1LHn6H#tL zLQyoQfkkJf9^UY1Rw=C1BJoK|U^N21xS9%-kV{-3nY;kP1M3jcTD;OT*|;PWd*N0J zh4`c*S#c3X$Kjen2Y$pvnM!oqC{{l8!OhRDa}WI7NvE_AJ$!i8k7}g3ae&w4{z^GD z2E^!+LytW}>dF@0-@BjcH07*naR1@%K;wXEfldp@*i>V^gYuuyZ za7gxr@oWg`FHj(#Boph32hWR=gx`dJEJ=qD(qSlodkVM6LG`#H6ET}Y%O_qjW@1`& zQiJF|ob>5W6Yw>;ff^9xb)k$d2R@f$ZsqdUG(y@^B79O5uOj&LG!=4KAV{iK#VOfw*0Yok8Znp^9x>Cq$@e-U2^`O zH=ky9@2Zie33Qh92Tu_vR~gp4Gq6N^ZlVL}N!lOLV%JFAOxv6$Y#g`^pJzy~ z5H7Ku1j!TITDKp>mm`QB%sP`1?0^p ztfC}Jw)2Y%zyBBIS_!s(%Z-EYT-3^b0A6um21(U}&tF`TnK70+>q>rH-B!|b5 zw1NpLGlj@RyiUqkc0MCf08R%kiqvvh;w5vt;}|$uev8u=wO!#k)DeYA!j;L|&rlWK zL7lM}9f${>&Y?1Vmc{diwK_D8xilk7idAxXE};f7?ebe#6~)#?=~W!-)vtW=_UArj zP}8Hkl@Gps`SmX`dv=rSG3uf8MeMaWRk`sIDbxbY0OzfV7E7R<9ph+1_YxASLs7zb z$5b6Lz7P9-9s}U`ir9Q&RdAQn4y^j&)W?A2maX;>FD4eT*{^Qlig1OW;N!AeJp8FB z@Qw^oChRzgb2V9yOB^ly;O-%Q)SOl7weWo_oxSTANrX7H)=j1z81s;+3^-gefG~~yAYN?{U6pCID=_4{{9^vFU*fGhO>2i)|2@-8jXNB ze4)>`2;c8>&Ov&}|A}7%#Kg%W!HfqNs$g3R47+Sn$#;Xb{gc@E~$IK3W6bu>*J}7rBy!X5N z!f!miWFJC|^?SXqe9|{cwzP0?mW=wO7mJ7+98T7aKeGr&p7Y&IA>rdcEz2J%2g8%T z8lB9L6nUUpr z$r!0d4mTHF(GKDkVVaktP_#LI5l`@n3Xf@q?1qT$F(=m2Zs({Ia)oIbB8e+~A#~~z zBX2@vSk&zpg`X*eI#{$LYpd4@>l@8kbuwRgumK2pQeHUMD)Pydc3?FE$1;%^<+LiM zmgrsdiZ1(@$Yvkom~mp2>@pA=#dk>nfmN0$G~Z}o$EjRAJ#@#wV@Jy#?s0~5FN$|b z*LbfnSLGrz7y{BS_;Yyub^XgO>K^y7LS%Kc_P@vCZ$5MRqwlJbX1&15fJF*AECx~y zGK9vL=mQ=&kyWEUr4-dhR6JgtXnrWP#gog9_myyJoBrffTSr<@Zfx7OjV5X1q_J(YjcqpOyU+K%e&-L^>)QLwxo75snSRH_#u;Q6 z>vZ!k#D94U<;QS`h3-)>0(|CZLxAPd=s}@xoK&Nu^tz?$b-+e=*o#$2l=`Lq(n#D9 z2?gUj1NQ=$%Zz|D3_4NLn+V9f-*!`Gmc>?~k~-+roO26Bbk0y6vz=&_Xy#D)QQ8uD zSX|^D?jzcK<_%{X^bo=?5_S|pk`jkp4w6NM*TX@UMylanXKhnyg~~J*6{5!)`s&LEXiH794kiYQE zyAx+m&ipxlLy~vPRaI7H2lB?ZN2-B#J*fvik=Sd+69`95CaIRm=ZaeWW1_ev=F;@) zZgfLP{mTQMJ!0nPOpb85-w!5Ef9N1a+NXw0kraP}>R0b=IS_G>PH&Z1pvc+X@UY53 zGNE)P#>+PH_~7fQ`?;K8;9Zsf**3@OkAVE#vgAuM1Z@Ufrh2)AGJ;jst`d|0SujcY zEkil%x_u?F7f=fAJM(<{XV{J7dzZ+x^wd7_D#>8{>-Obj`E8v+iTKm`fTl6xj zE;K&KE4WJcJkg&*NH{hA8PZ8lOhyk_6^+KFSQKt_6bkt^q>K_qU7VFET#IeZzJDV4 zb-SzzppES<=`6{vc%Y5Y6qy6>MA$&sNoB&j$e(pj5k>$Pli(ledE72M*ZZ=={F_2& zM(VLO0_RK=Z~5<~Dymv5_62s7WK6%gYW%-q!F`RSd4PqvJG zghNVkEg;5yd^JcL{t6Pn&K5b`7!+$Ud$=`u=yWUKrdV~)c>t2;t^D`_I0*O`e!_W` zM1mm}S#r(VU{`uAf42o)d@aDd zCKrhQ*C6c5Ij8U}9FYp1Nx*WWm?(w!`-S^jf?FidQ#SdG;qy0?69EysacBi1y6_dA z!o6D84ujh{aoR3Gq*pHnlr@^{sXA;l-=T-7W3? zd!hpcg4DMmih#kcFGq@Z=#&63VnPsY=ILcXkb9xR>^vu1VQ(t=%n0v>sYUAw8om8D zDv^ekh3Y1!>J>5WCu7RC`x8^%95YwXtgsktq+*xbg@VC1zK8AKJBxN&B3ljw?yHFC<~ zfiKQUPfY!QR4R47POEP@1>jGFli^qDgnh$7cbq<49+?Kv3F?8`?B2X#E*5#jv6VT- zkm^p0$mf^C9Bv`enif(Q?Dt(k^4d*2*D@qrcwFKhY7W^_f@Bfv{`9|_1u=adJ?yQw zx6>xli}LOZ1@DTV0=R7l8)R?+c|CR9Uf&9Y-JC$N^FtxIqoL`X z2pohTik*@b{7y)_3M)-ZP;fJaYIw@EHV`CJqO{Ed(9&-LS16r5qLw>+65KumFBt#Gw!pZ zz(O7AS1x526g&o?M2Op>?)b0>he7M`8DUhh>}!KtB(R>XGUnox&L3nB7$OPOGW-YEWHS%)exaU@w58aO zj>S5-<|u;PbyHY|QtDbNad%=T;~tp^_1@8rSFq(TlWzTzKhqxR`klJ&D8ymQ`>)6Nap^u_ zHkci?k9DENTsQjmM#&l?8>R~pL;PGfwRsV^y!kqm8Y}TyM>*M_Z14wDq{rFL zV)9slQE)-g9H6ES;93!L%t=H`SWgRcW^`^?jr!lcr}^au!SH&2dH%jvW(G;JfvS@% z;a1_nOJLdmycgcQFhtL~$boyOPGKK;0ve7Qtt`?9f(@#3#cU(GxgRrs{&m^w-60Q`H3+=Exo@10)PV1(#L+-!^0;o5h`K*Nuwdt zGkfxV?rFd))5VETg2rG{CQ2R#=)3dy+2GPs;w+0Td6i>C{Bg(d)ncs}vm{lc>$4}U z`)*_l6sco3yecH{fq~!%^OFLPphp_etl!s;9^VvPKX3(n;RxybLdbax6Gba3TnIIb zU{?5c@7{3{P+L<29`YRm!EN8le_juHvXh%(Ir%v(mG6kCfDs2X{quO9-tUFS%n6K$-R@Lnu8x;?vlia3w7;{ zcbW3svL6lMrT+%yhr&!Qk)9piBBJE&lzEK_FvRnqFYdh)98=8n6){%5$nKr3)LdHgJVrPP zR}Qp7(QLt67GX&WJSxu!V$3Fbh&m2pjBT$fC8*@(3%Z(TTYnn@yFTTE?{z^AS;uo& z?e~ku9#!f#6to2{RnlCSft|Xot4D94&s(xA4o5VM{CxH|yfQw7h)gCHO{+yV)4URr z-*;;P80wXD=^{_=>jKWZsPqc$wN%wi0`_3}9pxWc1vn$uc?LxPgyHhWn8|A?_M^AN zlEk3?^;;T8Ndcwy`&YlW@A@o|lP%yWRhVP<0Ax-5u-TXr@bZtW;o)#5M%1q9!pI6`x)!&H-UzLfT zlI64T5f>bE1W^xA_a6|;mxd@DMI+z@E8)znd*-`L3?`nEsJnoR(*?d4iTQSpV>y0@ z>cE7mD_cGT3`@$<*8rqJO?cFlw@@~TuXX`589g&C?0{~MH+TC@Yvf43gm85-hqF}M3o2a}YsJIct9xC{d%UKe&Tc`or>gyWDT&@A- z_B!J!&qp}TZ>m4*3hREGx~|DAgk}uZqx_UvPe1;JG@q^l0i(^>YV-Ba9J&yblmQLa zUj&^%=w7NWHnP&mn;-~Pz74_bdJ>#ywN!UPH3m>gq&Sn@FP56a(^qJ6aFP#EAWCVI zGJQZVacfgSD#L>u!i=)bJ9k%>(PmuT_6i5{=*@vEGW!%_rRKC}bkwsWjMQpcNC~_% zq1}?b(9b^Np7*1CxB_PlDpZ9rVH2g$NwZ%RnF2Tc9n+P@(gWg!VPcX2rB3Zu@qKEks#3KT-fAdu0hCb?vd! z19Q5@Wfk4RWbBhBB>61IaqI~P`>WMyGhqERJaVu5=oT$Is%d6Q6<&(4o+A_yJrSM)dWQfeKdZs0RKW zc0B3u=N>Z#rE4V8PDDTz0iE8-B-5tRWT`lSl|qjNIVBHOlV2WEYvd#IpZLo`LiwCg z)=$I%n_BIUH(H#4XZj}f&AZqmRR6cGzJrViX0 z6_Ly?1gCg&F^7!}wbhYscL%p#q`zUe(r;Z%3E2osh|JJ721`ayuJ*p;rWeW}EONJJ z8S@E=NnC(h$$I0e3N*jRty*Qhv*vV{uaZNG7xAlFbA#?4okAj~V(;?PBeo%4oO_pO0} znROq9(vXAg>F|Vu0Qt#mPf1((*oMeYj^s9|iQfNs!DT8m%y_LL`fPt^YOJ`Od+ctR znn?$lS&axz0F&Kc^}eZ?Xt{?$0K z_g^LY3Z|xX79#rp!#%N`L>s7fehFml{}OhJ0dN%MNoxjK9i}sx?LMsz@q|`N;IKqX zMa4v>k}L<5{1v|yr(J~}1XOsa7c9~U(2p*c15dS3T3OqYk5(v0c;=fuUE{w~1)0a5 zr1BFA4+hjgP+{kg$W_VgGRKbTg<#Nq7s14^K=Wq$mRH6r?OHC*076*r3+sg1fiO}K zs3Qm>aalB{6Q64<9zkfe?{iQ>0Exv2e^t)jK890_=N_ zBIj{y(s_Z^swf`(i9?ED=l1aLwWe9B)qk5jf9Gap65izlm3=#HqC(b)CJYxslCSfa zB9x*iOf4HpBVFlyVAe7QP1D4s=JCD~q4+H<>weCY`ro4(V%%~1;Tth7p3Pb9&$vEL z4x|Kh`XFWou?4$gvS8R;tsa@n$}-6|j70w)g^O_vhKnKe@*8xK#|YKl1qJCz%^%I) zhh_nXG7YN?R|;J$Y1L@5r68$lDnkP@N716Ve*M}|!~)5ylt**%+X^e?#Xf4)kvnGfJF z?~j=jT}sPwtf1|Wm#fqh)W6*X5O4U3W2SbDMKw3ycOw;8~c=p{^f%R`%9k&QO8CgZ+d-w{q60ozrX+OP0;oPBPS$I*U?OX zbEiihzV>M+rLMJA^sDrruRXD5ZnCoW6((P^>5%8@_L2}bhRBdikNT}|m-pDczLJC_ zmgg(l(?ZRS@9f}Ei;o97Md@U4WUK%>SUfVRBfCCF}6w`r@WY8hTx7Z<<-!Tg^^&bcT{fpln^yzaIsJDj`b()f8FNAnv0SVXm22D zAjul;Ix{@tt3OQ@hVgiaEGOLho_J>#)umUj4ht8sxp(e(mdKPJ3Y;g5wfFp0@Z7#L z(Z3_ov^saTGrnwHft-&4*r)=5!SHkbn&mp6;FzXJH#MfTW6Qq9l>Zb?TrebkDeUTR ziWT!EusNV-I!!6BBm$SHIs$Yu@G?#Ei#*NVojj^D%J)V zBBk`hyj{7%YEo|33!r!5@n6TZ)0m8t!%!RD_hXCOp6vvWwQHa2+#n#dgn=o-AWgaR z{uSF||9?1XF(CGg4f8-ms7e~vaI$LA4b_Lx+V%FO`qw$+qv9{467=5&a5eTBLg%V^ zF2TSWK!lCU@i(#t5r2v#R<_mPHPrzb)?1ruF%q#ryad(3=c8|bKIA7u!6#;X6^H2> zhV_{-YnqF_n;Z6cVwcQnZGse~NY2}5NMEnH$R+|4cv+wQo0mi)TYw!}IJV*pAb zJW4bVq)%=bWgA}!5(LtqNK4EKbc{<6())|yG7_2w-dGYE8VA_O_=B8i zDI-vq4T;(@X7IzlGa8uXXpQV$AV`HNI=j; zO1XV&=l^K|BJ&n@IFN$q4DC%+``N3wkvY&BVI}1dL>F%yQja){GhOHz_*J2h7ls+2 z&~KBU0t|(zD3Ww#;+)tGTF%t25?jZuW72%#is+NO7J@g<5|Di4 z=Z#cNA&Ma#|BY5+ZFuQM9*v$hS~p-VR=fcK$U%Bg&RRbS_xjgukN#^RfA+yPlY54u z*f^f+spe)Y!39fVE*mH5T1}DNhTNlWK~kg(F<~FUM)ew#;&ew21p~Zc>mp^0Bmjc~ zx|^)Q#bPc7+V7JQI3({jd9NgYpl=>FP}gryJ?uYUMci7pim@ogqYebe{WEQc$%XZ{ zRVJOxhCHnkC9}0fQ$-5huHTzG-wMvxea&Jd>tF6!k$PSg{Z8@e+n@q;Pkti4(Euk5 z=J@V3#9DWA0;@@Rtzqy#>H9UL*;KQcL)@jgu>cs%6}m*_1x254{ZM>y3LOroSY~ zgLMKuL~=uqnQbJ|6zSa0Lt)e65K1cOacXCktWu@3@Xml0<5GgK5|bQlLR0FwTb;NZ zH9a(=2uhO3=K7ASZCtNPf-uZEo+ruD((Su&h58cCKa$J)wCv?5X%d@5VE-kk3K)&Y zkET?<@Uy0Xf|s_)x_D*Rjna*boLnr(o^ZuGpZuctJA(H);s6>cXH4mxJ8|%+c&XL^ zIZZcRdaPMm1QYuib;YQ81+OHGoU}~VdT(Ua_uY|t!1+tL7WazxYhXxo_o>nOa@T}L zLAxVDAF9p0Wu_as8Z9nRo^`81_7<3o!$Hm*9)~j!qoIPD7#N%$Tf%M2{&m7ah66pNZ0H&C%BCc>9_HXIlo6 zYRm0Q_?B;isI#+#~G;W&lhvF99aNrR`rMwP=O%M~4)<#arMGoFv$a_X%;`^W8! z^3O{7oWolFCl@|aZ5QYO^U5yX|7bJf(rsAaV%e?;k|pMl*P6h-vmQqHU|1}?+m(?$ z@{Lmu-u-M-Z-%!6o22!0)#ZV35^R6c$3>?Pp~at(9zb` z*45S3*Utr`<^q}UYrDRWDSmGMJ!z}ZDNSEzVfqQVaT5oE7d3je9sx|bu_2)S#;9(} zZYr8x8?m!+AZ+TfCnP(g60H&|xX?z%6f(WDqMUnVv9($`ecDgFZVo6gf=BMb{^$?E>Qr zD;u5q9Hah}K4=Nc74;N-FVuNLl=0wqpV?#9NQ3}_d@&(SO$IJybxKSqyFSxmIvz9@ z0WO_B=PXjaknH($LJMlmi>k}r8XR%+eQcwi58$y@aWXjT+auSrjEHnrGwoh zWuswbc_nv4c)QTKYS{SxZRWB2g}y%%;1J5Gpl3Y1!+~R-?I@eXVZSJ|iADM_n4<4F zE8qI5f<0fnMHR-X`x`CnfQ}C~1|B(wW?mNM-`GP+)S_>(SR3q%(W)Uj^3cxei*Kvf8oq=UnxA}g z8vRv=ZW_%Oxfwo=SLPr!?;AGyjm%v!L(M82l)Z{`@bIVvq@lrY;)=p=J5jkse^|FndiT@-S{z!!V_^{Jk>Kys^SNle*Z7=o zdn`KOjqSTGJM-wd*YFMB<@iWXrgoZ6GLR%AYOonIZ^3i?jzUan-cZjq8$>#=;|LC7 zum7I5l{2yV2yMPin}GU-lj{iB+f5 zL|Y9^y(9P=9o7_eTl0-xW&WpS%dYv#KJy5A#=%OTf~Me8zu(JB+h3ThD*yGaDr$qa z%TaB73$?v_9@-;F7Sl?yB=XoK=^)f(mfQ$|3M%^;8b~S5acOBdw{rR9U~5Nct0$xG z4=Wc5s6oA=C%vkP6GjEyX8*l_WX(Gvnq1{+-`D{Dvk$>)3=cV-U88=peB&-ne$EdhvlWM7xpo~_s(Knf4M;baijVnF(v&?Z9= z)?YA^bRqWqz76}-_v}xxDWWO%+wSw}de{&!dVkwt_5Z8SxDY&{H_x+3XXQNS-bW@{ zz1)SmaU0#z^zf$#-Ed^}y_*NM_M`rjnMHLlO(g#>cpAD3L`rrpv1wyYDH|8>ar7!? z$YB$$WPB1vR>W;QvBQ2YArdSsF;mzDEPATA-ejR$!3et!W~kPN=Uy^?fE-c}A^cR* zlse8qv(&M;@td+RLR++SFcPRndhaSP$q`zfu-oVOXPPh!AXi4_Tt=M*WcUIikOJ`Q*I5u7C{=c^|Ay9|a7^27n z$1A232Va`&`^&UHnhNLy(Wy<9{8KrTtMq@`GJrO8z>i!ms!Es?4e^R{aIhoFLJCqu=+ZtM8XQNVPr9Qo%$QP$+-B4`2U2 z3h;mXqPgwgA}N`qgn?rB&6+L}ph#CvQ-{^nZ&Bp(Y1-U*XrO3W>z(22cdt%5sO8Ei zCYMYa{)aQ;JrcXdUe!5bP2B0{7o`o0#?VZYbp)?1D`S&;yeh;`muA0rj?gFxzM=7(Xsn(G9fqXaCG1?j^zhjO!O%!34q~7J&cwMRxm; zy2T(en-{KNLVZ6svuxHFn*ioW|4jHXZxTYABv1U(p>Zlo z?O<6u=vXDtliJ;8XwbqHzMXT|oa;WGifS-$?ZVl6!Y&n$75@;;Yr*W27pFaU z2v!v0m*j8uXY8Fr9lcVy2dCrHD_v%b`zG4Mnaj&|Yn#^&E~q|Lo-4X*_AMP?RmNJ_ zUM1myCFFJ9uOFn^5`c&?=PrOdUTD`nyjJBlk;-v6w<@mY#zJGWhy>!EUFOx_3x zM2w<1rJ2Yr0p(-5)tcoCH*)fuPL%7;FRQaRnzm%4+u>O479$SuyRKj|$!IW3m~GKl zzmAiakUYn>F-oLW#`dQvBO?<&8H(#RJi~N33X2P)d97$^de`LWf%skMnVKq1IU->a zz#s$dl@MQdyT5H`@THf@mCeFAjWD&?2(~KzQk8ZPtI|rj_3HtRQ#yowCChj3k*M1$ z06H}l+TfX;*_g^`hI~Xs-#RbmIC%-P)C3K<`2$qJqVMU5&uJ8e>l;@ya;WG^d&Rt9 zQ^Me{Pb4#AbNha@L+1E(I^a83M*3Az!)L-=@xGmCbbQ==Diszn2fT)ZP0=a(cjDVF z5W+s#e?v9C{VR_L&bg=_yF}yCxEt@_&urZVFA(lt)VOOsocrD*u1{a&D&GnW<29rA zg7C&vGHoHVXFLc!G5>@F$R)@x!C>5Eva6B!qeULorkw6dv7sSS)k$QxaYt7~;Nchp z&~j|4G;npWO=d~>=RQ)P^`rPChyTjx{kxVdX3%twl#nYj#04pfl`Pjr6MkPDSA;bi zrT8J{n)5~{XM$Xm+e!cu#o}eBWM7PB#}w!zp5^0D=~cT6g3rxZv@_-F_$Dx}i20S! z$r;$6EgtKEgP59AwB8?y6p7CD@ztXHAIH8NKU5|9c2Xl#A8KEHv8eCQ-U;J?VZ_8U zoIFY3X><%u7_w@mqwMZLDHL)O1^(<;VSXxfc2i^gl!<*f!ucHdK!ZKS3Or)^Atph%mbtlI$Z^uatuSmMCo92{|It5j`c z3QSB#4VBos5dk_S4SRz=6ilHVp!%ByQl0TlGnXKd;P2fR%-dh3uQbz9gQ5jwOFOgl z&eXqnMzj~UbuAGPiul6_g6>NJB+G+zA#NPDG~eI!)`TAVFioymBI&={3n7qm;?s(_ z7f=3!1N|kdak(I935|;dixCCt%EDz2xgsH>dQUMhTmPNq2Ft)@l2^j3!Pb^xH9L8c z$c6M|7Cjw9MLftw4|dpgT1n z$h4?9nf6Oqe<(v$J~W6rKz;kS-Qb`NTkjZY0zzX$Pfj4i)JG2!&+#5@fj7W;N~C#X zpkPDe_d(=Qd~j)FlgM_@{XTM~{!hJScO-0vmFas3BqHjqF!66m=n1>3{xk}fH_Lsm zuov6tHhKODBXZ87l*J>w5ea>TiZ4B3;x?_B z7}{~73F&g4Rf%5M)oh1iws}>CAZ>(d_EBv1FS`ctZV`+v{?6PwK9M$T^>tZ4o@|p> zy_UDYb^jbR!FN)}S;Nn#ATa*O&*VzXKL+329yu1wfLZ#HKZ$qeJHD&_X;mBG8SrWk zrx2L331g)H{N$sst_S5?BbI418xENv#6ddVn^P`2^+|Sun(VD|$g7vQ*;atqvwM27 z7m`IJ&^Tl9h~#{B+Hk_aZWMB&oodqeI`=lnPR9qc79+8<<|K>~IAwa=$tIlOnIQOQ zHkR`J;9(2emX#dO0lF2xuYGW&l1q4{YV86jErY9|DT3YGI#T!jM+-sF^rUyO&Y>L$ zUMHCz1p2Vojps5;y<;fS+c2eh2QzH6mv~j+uBrbpT>1BPIx!T+fXM>?upbd8Kl8nk zOa-Li>mXVSU0-7TLBQWXqhCv*HAA+C4LZ$lxuK)}mgxBw{|WUkA`&y3Evw*N$Hu2& zOvf;x0RQOjPp4r9P;>F-Qd*v6r{nMU2LPw}(IJn}XIjq3W!1yxYtVathY}e(1Z%Jc z`eKzNdAC55v_;XgP0K~c{nC}T_wYX(Tlv22Q_?Hn1?!?4j4s?Zdq@k2L#Fs}c3<{f zQwsYT^A?GyvOqo9xr$&_$cFt~8l~J-%gqD*Gvv1?(o)t;J;T+)tOHC=v&tlMG(zl= zm{clC8x`ZAXDq~+lspwozPY}U6;%AoZd~}>kqCzvnVS`&@iDlA8 znW@4?o)UHqMOvLLajsLLSzsF-js!qLgRCe3JM>%1vCgrypiGZ(k~j(2s?~Ab(o%P7 z+O?9WSb=ABg&n7VPd$}AeB7Mlk^8Y;CL#xaoc}bcX!$;}K0qQLPU7B?n9(d(5;ZiY zEB08b-rRLig84c)f1FO}(Rtfew)HOnBSBJ%+=Bsq#&Wh>-qx}+{MrmB|70*E{4U7F zs&PalszxgoLq@!pVG~WFre(DwXi&j~U0w#plnjL;4b)=2 z7&}f3Q=*#G*Mc<2orbGjqnrvR;XyNDJt>4nEqt4G(2=j)5Tr?ob(*3S{7&5~6{m9W zBc^QZ3^C9rxG1bwzDPRlsDQR!Mue~ais4&aJ4HjMczkc(=kaM{@dbO>Cx_11gVEGWUOgZ|U*CFiTRye1B@e&QocD8P7RG%T5=dqQf7XomxYI z&h41WDgHOg-)z1gD-fLNV$1IG5x1tQ}~IpvVrGY3hnT!)vKL=l27xR zzg|Tk9#b?X-#(Et2~Hb9-MeLq7RcFc%J zcyQt1wxqHBBUS@)g%sl>Yd3qqQk`##9!vB#xvj{!3%-e3j#sMLBi-rpVavy?f(kH4 zD0H{EEnLg#8?kWw&6%^Q=ep zcN~jf>GqtE|C~D{zE#8hiyH8@%T9Yg?e7O3uMo%nVO6C0Bxs5*_@SKJ02!LiE@-oL~=t&;=2}Nt~*hZLL%? z#&8kFCQ6TdZ%7>3kXU|L&YJ5sBv8*b(l04t) zy@5b@`u`4e3i5YQl}qet1<+npA3xe0$d4{gj?sz>f=i1o8bXpPWex4mMW$2~A?{p# zaTGBwb%cAxE$Dc?u(b8RoS+>UUbg$k>g9J<%v#(1O1eHRK&FUh{r#%A(H-^&X8~V| z)!C-Ja=_->p1&#RS=u!AtooAo-D}{i2J30eIR-A$LqdUhhg9Ecu=9E{$-^NDC)w<~ z%rKmiA_ikLQ&uk)r3COJXO+K!d!V#8BL?gGk}V&EX-X`!<%z%hh%ElAGShq4?~WZ= zg9_>!4DT`o?B#kGKT$Y{gHE{>1JUIJlbbAZ`pXmcP&nOS%6IhCI@ATZ3<+-L2N}+0 zIa{XepSrfzahb(UvA8e^CcF6gTtT!|4z{cRqXgkQSs;-yy9idoXKz^_y^*xSyWla` zsFx{}BLAM3yO>y;HR#IV!1ij8a|1CDVPcAHP5F5#1NW6q`Y6s!5|&s$GB#|s{ww^1 z^oNUH>qeRr_^j_KEm6Cl06av)k1-XR1GY+-C36*9SA?p7qeI-!nFZW}7p9I@>tv?3 z9mgY^&+peISK$cSci+@=V?E{ps6@*0H#A6pCB)aMs6d`&u$CFE=npv%Q%{`K0}4E= z3O3Bb1Mn6PE%Al15m#9r|V*+q_jo0uRZ|gl;9{)C9p9QEO z79?5OZMHv+u;RauJ5+Ej~Kp5DyS`LfLCRe#>qrW{8n0@2dafz8eSK828l(7IkOm3u{*GIC^FG3ujrwZ zA2!#a$wY>1h{@O&PkiCm=XiM;hZZD2m)YkWnak0hDBicYjOLLrqg>4mo$vis2}f9j zMlFHEXctB8YTc!AXkDTbI?S3LA8CPXY%GsdFT?ErJWH3V62MS`Q&97(B`q{`%vk)t zqp3u1jg+=D>m(k}&#v;;d2p7-Hh!UYhVXS0tBLe`d}E9Q)yNFOV%;6U8Hq+y?}4i_ zXW)_x#0MR9y}Hk)%d*u`{Ew~AnA^8B;91}+Q~rbUdrWudZIMT7fdO$z+*dBT6p6>x z2qvMkA#nFD@?2)n({lFtu6U()bO0VQbQA>H6nZE+6|d|U{Iw0a0Z4N;5hW1XiD9eR zpGA=C%<<8Zmb zYt#J${$|*(!SX|1!l+Db95pkSTy~>jD*+?A9MBDIf-#69^|3N&m%}p;I^vR>si)Iz z2MM_s?wj>@=NU@Ex);Ld^?4D3?H(UT=^}4R5lV2%*H&Avvp+;$D%;@l1k;wK8GYRI zKRUs3xV|)%QY8#bvm4B8?^Yby-6zr~@OsIBYeL65{lOu4;@#>EJP-FoyC{m!0R!i4 zo}0VX2C?=CLIqWLa#K2s1%=h<@bmns?)A7wx0HBCl(aB>5-b~L<)jFGRFgEGBF~7# z-619!iRYNj2+qDG4ih1A;qn2Sn;7;*gr*-7Tw!#XRXWoLVgQLV7^9jh$w4zA-~&R= zU3B)|YziPi(zk{UA~f7h7r>N+?_VjESD;CX$qf(uiyiHQckvKRF7w}VPKy6_x`|LloSpqc1B3M);n-G<;iw~Hv!;kc95IUF4V!(^AuY~ zxLa4f{8p0B`B_0*o&Wmh0JY~oTi?@VJN{s?6{+{ruEYDy+gL&l4phm8fJg4b(Lkj? zmQh%#{C13gds5Id;)tr(b}c)9YCXrXKp=OANaQ*5t*gHKD~5gXhW&t>Esu=*uu+io zA3-1U23XpCNEwLE-@VPLDuFR%q}^0swuQ*TC85Z)zbcI-k@q%GAkiUyH5RXLf04l1 z01v{^MLDQ>9IvJroVM52OHD)+mS*@auK+AX&>_C({w1m-p%@O9+a_u-5jlK!ys8^f zjivSYUIbd7P%w-gpNF-_ZkY5QN#j`UI9VzZEh<{!qd)S)z;I5wMFOK%WLVYX$Om5Q zRaM9mTcRI>l}YfMUmr3)@gXlcF2fprL8N1ivuO-+kZ%H0*vLbdTto!^Hu?QmiMSt? z_4odFY>%TxCq~X6x3nT`Pkq$tJ0>`@UcKxwJ^#+zFiC_ZNu*jfI`SpD}F{9pPXpF0b zKsm>6LOGSeA|Vt#6JISa@xUKKeYkqI96?|K-ZU9!yU-*wSsdwwEb}UZk<}^-o3sprqqbDomT}yw|_Z@SfH(N9golxv^9?`w?mbK;MJ?DJ>kmmTP zzggEs4C$xJ|7ihG{TIRL09WfF?ZoH%RadRQH-oJLqDz8je}AoTwa=i_g1ISpA>f+P z2a(4_oFpSqZ7lv#T<5plc$f%HZwk!EBin19obz9PPP0T}vOoB!xnz6Rh;zVO-?-N6 z?LRmX+`&#hk&M7*cw90L@+tJy^BPVj-}Szy*})=3yZ=VqkTt;d$hx$CVVRkML}V95 zFh8AbL_H~ds{1qhX0VpJTE}&aI0}E!lB94~&wHcn>*yv@KST@y zsMz~l6U#;)7X5*XLFK z)9UQR!QrCIs08`sn8>$>nbmjcScg^j{cR*;=DDKdJ)NFofm8Q&-EJqUhwJl+wx#(( zz|L@TJDL<+$hFxYJz%(*0N^0_ORbT>MsSAkiW?BG4@d#O)wg2;=1Q*_mAtV?byZhwS=K(Udb;7t07v1eHxv(vYmBWFm)!kV zY{?GQ$?KTS#j901?q+EYa|ND1GFd}7!dW^l5P1+9s6kY;CO4tzJ6mSeEa`;x!}@=V zakrU)CTcCa5|~^Fo`(qP6>VI3j#*rEbB-=kinyia#npS@1ycNq%$x*ivFbe=`tgNH z4|EzuQlik1%+358^T=6ZMw3MJNOUlAP;VK;Js!1`!}lu_h9!5H81Vm#yX;`AX`qt4 z?9E{25QcCF6RHej+XU)_JCddo>dW6`rrg2)-FYnsr|K&HvY{hzf8X+XL2A!;QN1xh z%KN;`cS!p2^c*4L?>bTqb`Pz*4r_UDb*&=3C~|TFHmq7YMug44!o_K!yE!mm))$Td z0_U1b;a3Iq=MqWYJap4_kT2D@zOpZ|sP!_%)xCd+Dp)MsWu)H>ZVsgLzX#D=yML9D ze@4Rn!yEn@Nq>Egoy44h`fb0sm&~rO&%{0#ZqbxrodUgZ=jb^?9gH;VSVpIO-g8&05(7Vy_ZzW)M&?*Ym-?P2)0uW$73L`XPELDt9Nx?xpmH+D`W}jDU7YXJ0Ri z2Zz$KwxyFcE)4_>U#g}8{0`p+NJX-6T;~2ZU%l-W2!cP;1kH!L9zT=MiQnW z!--Z!w63TzU4Uop>_S8Wckm5qoRnt^?gPPfm)1ODz4h+UwVQA^XuDr>19}vQ_@Er$oi;89JxqU_=rh;%B#dPuM{O9D{;!Rf|K)HlzewHD3~?G(VH7Xdj16QlNc+HI zjaJ_Zyf=E`uG*n80qZn9`}aCc-$|zHwlm}af%fO{p)KFx-}qyNO?8|Bw|j@m{_BUh zxtp(>L*S6!`rPD+STR)1b0*Ik!MY^!w*}iHJ5c%CeD-g!pT48jw6vcw*B<-5BPyaD zwGm>nd4qn?u~5vO9U`IM8JfYQE2QNF2Mpo4Mn`!N=D1FH+>% zjt07)cy3%Kl$Rzv4i`k;o=2m50@5T`_&MfC4sXxXUk(3bro8J_yn&(OId4wmA*=Z8 zX@On1>$~Bqog@uZgN+O)B<%LX0+|x(_#7UYyte2==Ehg3EKz;06p(VesKUu+nA7-u z29w-T7GI<=nC9Rpi2UW5$mVIsG3kSV+b=5eF3||oi}AXlOw;SKkZb%udKbCIH=HWj z9~lk0e0C|lj{;CWa%(2fBu@-^kHQDYbB!xz0n{InvZyx;LOVMLymxpTPBFLl*k2w% zMJ>>RFnI)k*Eab);-)NOB@AvdnN`U9ZaM3-8?Lj14b~j)c0wWb|R1 z^cB_~Bi$lI*El956W&P^JQfRoA;9in!ced;zDPd>q{~ zDM``OAu)X4>(dY+(D!=2wp@v|@9_fLKiFOWA5C8w&<4|VTeJ!8Zo%D(ySr;~hvII9 zLh;}(MT@&jad#^YMT)z-!%d&}yZM)Y$?oj#%sFSym}0@FS`&LYJ$FC5p$N9S4#V(; zk^EhLC)s_-5%`*FSaVHkXrq1C-yf3uh&{@(ayhc)Bv~948DO$gO=uj1Ul$#bitRJ1 zXf*s+_s%K2P19L*w33Q0TwUO6u&7s`#0IkHJ4PO|Im|!Y@E&W%b|I{pde6o(!#@u~x7!fum#eGizwE82)D$5QB8_cGbf=2f zb?R{P_2?Yi>XaF&>QUC0m8DgCCWQWpsGdMhW{GEM_`gnJjwJW^cXal%mnfPLz@m1u z;j%X^NyFiXNabl2zhB|WzjZ}vyHs#jnYhoq4(n6iE+ioi$d=-YbBJv`)&HN6;YaZ8tx2{(l&msH#T|rBC?}ql3imK+Um1s7PF+&fNX=cVBA%zRQc{-mP zBIP~&rkR=lK)!c++OEHLFF@T}uUGaSV$22+qNKiWpN^6G#IhBY4E7h~y_ol((Jc1G z3)iCeg;@=lk268L7o3f#jr**aq~mI!;@hxt&?g{cWV@1&eyzxN z-Des&`XrACb*NRzMb6l@2Do0X!MKQQecHr)!i`?(DlT&4_V!D0w2NYz z{n_^&rSBb%4&IlxWtnBHk_}A`pY(n;qVm}-M=4;Q)gYb&! zU2%TKk)IBhb2N3g%JvgQWG`8TbPqda^EzkC1+C|{I{6=k1&y)Tw&n&? zPj$W2@n^r!<^5p@jC1ZLprxnGUK3)2g-0V~@N%8X!4M;G`GZQ}@>dKe3JpZ|+}?fe z@t*|2;g>VQ2rEN>bnF*D=W1tz5d@MD{Sdtk! zg^x`I;qds2S5%iDaV~QTe9r*%;L_n&v+z)i1yb_-{1Mhq{PE)#NAK+$|5Crt2d2J`b+MPul`030b&((Q zQbFtAwOQJ6_E_2N$mbseB|NXq9q_oQ#OUR}T#s#8k{ON9+*FQ9+t*=vCW`*AS1@O2Kou+Cn@kbj);dlrED z_Tcu=u0MFLd9mO%c@;?a&zM#<<9^`lH*dKtqAVRYKv44qCj3b8y7sO)eLvr z$04~sUZaR1JY99Dyc|-T#F9`KLDFW*SN0WU`m%PKeHwJ$b#t?C?{{Whsi;?mxq2Po zPx89OXPWrRG))x}_pDz4x*mI#7neDsFzM~4|HXEVbcj?TwQ*&r7|Z5y39o7g$9$za z6rscsG!E5)o2NxL9;BNnsbntFjjdZy&Dt(X79%5$x90X5lPc)*22}oYQ-S-Za3Z=X zS%skO{gmlnj>}XahKaLJaUsdh&|-j*GqTglH$%h$TV1Sk)5AZ5RvZ?b7R|EbF60bY{{UC5w4&XLhLD>h(A-l0M^KC(r+m%Bp0jBd!W%NpnQet9rv zJiaPQ8k9v3{!vo=PN}>Xu`zoGp`rI9^yi>zv{=OVpe%IBfYSKA{*8Sg4qAzP?EAZ9NBXzhCY`I+;5wL{&2tKGapmh6d7h?$=Jr~blX{0|MPR5 z-wlx#v|iSyQ~){U;{fFIRrHX0Tm|f*g|3`{*mo|?% znM9tkDax%`Zw>O#s_ z;2t`=c}ZFou+-Ij$&5i{PP?6l>QIt*5MG0_Lr@skxQ{JK^BFp^Au*!U-ih+ZI6Hjm zH?xOp+vSfW0`^iE1k&$U=P1<=pcgu31}~;HEd~{&Hp$<$maB59XMPY<(*HXFA~#!G zA0fRbEqBaGS>dIoX@eJ3`1@K$)A6KRYiKlH_?YPeBGQc1I9y-$;&3)Ai7v}efsMKA z$3`xG=f_50AnERH>;@&4mBVmlxIe?1UQIp0z#s^A?aQdj5#9}--J{5LKKc48FZF9(tpvfjKbJiOKw$mN zFfiv~@8LWzI;A`$tde;{2R`G^K4e8gZ|EyWh}y zZ$0gtL85anbaBag|^zA4Z9Qn*}=EdPeJdmevme$hP!2}CA$Hh3rOyepi;c*pvrUchuk%`L!g4-%?RT$7vvYJ$14TT!Dk#55SG4!; zYYl~kjR^CnYhI-*xuv-c-6fO{qJG>GM(aeu+{}k-zi7=YpmR_(Oc8sd%yOnT0-&n` zLyYSQtD8Rn;YfUwSc~)6XnrYV^HuWB?S6$cX~*uyb`|@~(5*d_@IwBojTD3{t@JzW za*0Im63L|Y?-sz;)2>q83cXn}ygUH{G5ZF`KNV;LG6Iu5&@R~FqsiO1Oa`l4;~HV- zuDYuW!AXk7vKyJ(q?|*M_`ZL6-%h?NREr~0y1<@Z6 zh3px2q?yiAnVhbQlXN_+_|Nd3fUWE6sHfk13dczOl_8~&V*JO17S=!Qz#p-z3h_6{ z_enb&G;dp=cXiJOul;zIk$iiMki@^6y2d17eV~``ZPdnKh@IO{;ZI{LhCIf$JVak9 z1c*>x9pm8Hn$p-w(5I=lp%8A9hWMIU*)q%z%F`&$>MyYIsvFHOF)$X0AwBL^D>|eN zh>^3Fl(}4x=_^gIa9x7Ser;Z_%P}z_f0^i35ZGRm3<*L^IHc&pu8)-GDHNR2; zD)u>?{P*b5U4#UvNi7N+Ms{`gj)A+7)yVwV`n}shIM2P+8v_NOLs_6D(c?=IGhLrD zWv{ZTBc?v`1sFfnmuq)jg!jw~H_2zLd?ezq_gFys3K6S75Vp^62W?W^FLte&-7hnh z`d=bUeiv&DQOD@PXAv|B=bi&2v}DY~``1$nhilDnj(eH7{gP4Z_r?7)2g!*yMMIa+ z_7oY-(i(?E;j1D8!U%KNNXv!|2y-!Gr+a3NR5wU7S zac@JHzB-e}y=4+{_m9x0D~^KQF7n@o-y$;6u_*Kv(~Nq&@m*R`!q8fnGske@Vq9WDNf z>u0?j1)EDN+{GN|_$l0w!@CV@<=zgt8Y51i;6SW;Uk;uuY z`=+t;?m&+Th^}bUi3bmRfeAq`WQZUP*6!sOiWx>GbJi)+4{6JMS@A&5gD)mkJ>r2z>lM{s2KhF=#%}++5L(km#tR%D3;ZkiLi>#aOBQ9^>z`m#chfa3tO=dP|zQZw8D&pe=C-5+k!z!g(X>r+Y9B1h=?tjFU@aUCoB@8`pW$yQ!Nz zDh=13n(@6dm#sjWnj+i0-P;SEBY?YfEVoM}73Ewca<-L>5y%c_$>w@`BDy6!Lc{#K ze!n~}n?L&K;RZuqE-o%t0RjuDE*xDHI<;g6%`r!a-A<+M=x+iyLR|HqTv1X%=YD33 zo?RxmDXpkN7H_G3_Gh9r%6V(}-4OjGqzS71Dp?uX|0>A(nw;XT)S5E0Ar|99B3~$q zMvuEI-2q(9@qiSD5TZ=_0?eN{#P5)vy{VWSoyQ_j0GxOE)E#X?1hj+rUe*Ux*s2V@ zc$MxKu*F6di^|RMr$RPf#HLNrtwZbj#JGSQ=i3;0NdCIyH&m(jeirR9yGJlW%@I94 z!ENV1U=&r=m6FpWiZfUQF5Y(gxpcC$8Mi(JlK5gBvItAmD7N$- zlxYWDe_W)8n;>WpOVF3&Zspv3PAtwLW9UD;hQ-mLa#3^#q;(Fr{KZWaq|83ok?AJe z#-rc%SC9;akeb>2kIt^e0;N9vwTX`3pz-wmbk0|B@0eeoAXxppe9PZ}`h}aVG^7k(oT?bZiOjKCIKh&j`f9$Sr1TiLzoSpXSUwZfd*>;8zTKlcL za_H8&=FqkVp9pEf^XVW_GBbH&`;{hSE#veKMaZBFW5|vLyo|^sd;EaB55kbULR^lI&M17u>Aj80H$g;eg|&5;_Qj+ zWO%<~iMmjJxivOOr-*FeBWNs7U#(yqzQGHqF8ZHbhytwKxx}czl}u6fu|ELfY?0Id zqrYOWN`{S-@G=B?JaodZjlQ3CFMv_sTe@G9)+722!Pm!6DzKeEHTC&7a?zSVv42$0z2J=7!Ug=yv_1EIr>hA>z3{aD8oJU^o~s4EtyY@oTHeFtYvCxT zsUgFRo)wpC4OZ|M3NALhqM*R2SycbF7z?Z5bpz5 ze}#u*_ZBBNsT$Lv*EJeTrHI#ehw?}zcE5=2Uu^Hi@OAo(%Vtr;WI)3Vu(jU~Zepk2 z`$KHSJiB-y-mJie&uk(6)BTThD+`>$vwWG!JNU% zOv-_PZT4cv5p zcSkXhC5DH!Z*}`R5@L0u7Vav70^jUzRk3-wJX`EvJj?EEUVY*BJMF# z-SZ&N=Nmwfj$sb{!R(>IQlU&rI-yNpAq|I5I%lb4J^nO^bV}$3D$9qI&)(y#A0nFn zsBI|JycHJ2;K%bY^8V2Ageld5KR8m6YKLP?g=>%(J}gkKzh#I&@LhA$YoO0A3`$#y~ET z1id@+nn2Vfi%;Ku7)X%jhV8|mrT=$)XbV15w*>&O7_g=o;&cJ1fy&kbkZ=XX#a|Lh5W z;b}j7f&j6x4o?FYgE^?x?d|W0?>cSkXmcj>1)m)*aK&@1th}_~e)S>;nl#107F`f> zFWNM|a4TGL(b_V-p^zf{%n-X2*iYs7P;jm^Su@|3%=Ti0TN>~EX7?=mOq|w|U*%a2{Et`PP`lI{ znAtY|7JIRL|CaMMqhHmkB&qHEJ$DF54(?M+v4)s}fc~f2j9U|F*&T_1T-&OQb%WbU zmw5o2@Hq(wGaPyHu-u4D*Sf*TLl)-2)WBQIRGxj1&?56mgCR^N*+~&oWyihkX-CeQ z&-y~sx6>5+)7P`V%RWYJ_FWLq*QUGWFm2}!%})mzJ;rnAKSW7iNz#(n`Z65x)@~v< zC%XROp9gzJQ4XCZS6S(bJMjK3PlLZL1MzX$B|zn0>ZBCh22naNzWf{R^@c6xl{%FJ zv!$Hddr0Xb#mObK8Wjm-p({dHUiCwz0(>5Qk_iwP=iczl!}A zU#~SYkDc*HA^ySe%KF157m``P6CpGPmnTr+5b^jaItXClME&`PWGGWZe-nWmle2Rr z;rmWu>!g|s5Z3EV;XZCU?IuN3mYMLc+u=K9fz#HYg{O8neDD(T3qr0iDk4f<$f@>U z^LXy(8&?r0*~!?mVr(a!KPO|vpt{_Hez}jC=#wTqGM-|Y$34g-t9u-npIT6m40Nf( zhZ~t}q2oI~M*=I{fh5{t3KRVmDh}eoR zn09j>>sMk_s5F0gbo#gRKKq{3drd=IJFBd!s_eS-$l#NZjQv_WQHTBZt%AN{jO zEk`9i(k(NH37e(Jh6mz%@q0hPiz3n97K8yKdJgzB!xj~?@$IM6*PWM-Zw2D)C$j~3 z`&LL|;GXEAnP-5<+S8zXEcvEbDl=Gp+)`TGh%;;>i}X;4y`5}oZeyA9+_SVIg1;nH z$z|9I1;&Xl!p&j^g*Tln2z+B}MD3Llc>ex4T!ur-WQIpjHV1<-2)NT8n%91nN2{d@ zaEHgJffhZYD_tejB%eX7=2bTl%7{yPbAtYaAwcEVxO#Q0Q7UQ#H-cM>@b^!@tDDIqqGO1y z?8KoP5e(yiE?_l_`_h1`p>WtNO@nB%h=)j&#*e6TSC<|ei=(V{CuSwzVDueLozZr| zk1kCyIjVIXSDulUf8u>a+~=e(2=?CR8~TmHCRotIv%p5Z{&d7^!*&}{NvpbWm>R%? zvNYibxd&4U4lAjub@|(vwRI{#qPsnd!Gl9FTUUiQv>3FX^Drhginj|B zm5Nt;>=0wW9#a6dhysU7DMY>cha9AnWjNr7OEJsCCo52Ocmj07+HbG&G4v-@qa8pj zSn(Helg4r1v5A_R(c424IHn*q!Y1;LqCr(6 zJaX;HSK<<0{q!Th5=FuTKI(31d5j#5}q1VuMfK|@p zS?r?)?GvdccOV(%e>gmsYB34JX}8J*-cC45A@0hH1*3 z&bgLLltT&9Axr7TG)b2l(G8gem=vf}k;9Ukrm$qip037_0eU|;B;%qh&U+L5blr=E zpA*%A(Xp{9Gr>D4r%=lX38T@kDD|rSwAURV>u&Jnt3q&u`2xO7Hv(*yx4;Y;EWX;% z?spR01a^NM|EgQ@Wl{NP^h~~3RguARV4C zkwhOm`h_O65%6R;5YAbsj+L*j`29h|ZP+z*~c+pHwN;m zX}fOV!mybk(ZXZ>snHsZgLS}Y0Nw~yhwqPXI5J9fnOal{m^xM2L2;+< zb7!<*br~x%CB-rk-r`^m$`~lW0uus zD#wvt!QDm(OUC6D(DhZI^Itj`r8nmOjbmWSw@JdH6z*Ip7K$Lt6G>Qg@GT}#!Ks~L z|4CCCcy4Us>xf_iM-eAK-|@*P1qTLQNa>3GiF-Wtd+Mp!K41 zYnRE0=V6&fJ~%|({F;?yGWmivgFdC4LI$SoMif^OFm={1sK_6?SPQfWZ3M|b0LWrN z8BnadW6(t>11_4P8_mq~8Fq;Szqe|WmyEd?8Y8MjL_-scs_W$39V*&I1IaK@%k?me z)`gVlZVlw}&87FJKg@DOMnp_z@mnRmoZ0`Bkn_9e8YiRRxd|`WrZXIGE`cQ{0cG_- z7MW~m!0g(whb6&KGS{B1AXQO?7_>{B!>FeZiMw`W=iaK;r=#t zbA1u|A)ntt028(HhXACOvoelN#;_gwKrm3&eH|DHtFq=~Kv>31>=Ap?NGLTDFwR+I z{dPG->KoWJ*p0cxE3343))EtA|kNE^CG>HCymiQ(T%2z{M zH|w-Cw;w8C(&^6jBSLW!LX-Xt_5_rPA@I6*| zAB>eVRlG7ya>VDwuR++eHEQbWxuyf}W0Bhmzu4vdoRw{AH0(wB%uOuG+|KEzhnlqV zrv^3pqCFoOy&cfVWy#RFn7cc8G+{kQ>iR1K!kHop3JN}hBqb#cmyv{do@VaaE2jD> z=-0!@dO!So1>gYZ1ed6jWDEkKU++)}8FJ!B;e`;B8Exo2fO4*?(ILLgap^aAQ=q+V zDxpJ;>0iCu^OBSxl^PimFF^orgbYZng5IK9MjB)DT)GoC`L3khVL%`8ZBz71wj57T z_;m{5fq?j@Z`e*sWSlU(xTvB8^`pz?m`=c66_&4kSWG%A-U>V;x`8_@CE3mN*NkfV+O7{4)(qAZ8FTP%z zWg8mWdq|>HHg}s4 ztir(sA#U(NBp@V!M`;0j!41~RTRaslk}B90+JHAp00~*g0Vc&432YU{@#F-CZy}9#Qq3I&ByIdBNJ*Cf9^g*&} zyfse=9uQ=4D@4%dq=n*S3w(W-gkbjrN^{}&Er5LGQyamO*l9wM-G3>mWO99pdhQpD zM&rJU{(U8ysDE%dOgoC~{8{SXl97cbgaJV?ZBG$>yC~g)#9-fk)g+n2$$eB!^zl=1 zABh`aFu&{e{MLKi;MPhf#GaGH$#;+$i3H1Nk(PC11fx;J)LXK1pdToM5xf$-w#GM$ zhdY&ZfQ8FRO^oaIqTt!VfYd{C>NEyJ$g&jPyBs^x@e8pCXL1i~idX_|I?N4{h`mTp zN#y!;SN&*E#QUjvxsQ;Y(J9C?;}PV;(u>j22_I#S4*Rm(jfh9=^CD&>PN|_X4;NuH z&u~f-eU15LqNUE;&o;SX+f=;TW{K-0B^RkdJ6?%1Dj}VK@h4OfqD&_%@jPAA;l(?- zd!+P6?2)I|nLy6elRWGuVo#$J?$}0f$lFv9WP;S|f{=dg zpl}vjAanpE6ksc8`w-(U3h8mm_MofFbMXkAC1o!>U{BSPt2sDd2ZzPx#E7#-3zzG1lc|;^{z*X&Ip!YEqM#9cCEPx#1!(y&N0ci!J+5|shf0tXU1%tX54B|Z!+D(RKl0F1`cLal_Z|;Az zlD*h-26HEM{w;89@l)tQRQWSVetpc%*K(nRApDuE70(Fta=5S&$TI^}c1cMG5X|5s zVbu73yi_Yl^m{|@5$pQh8zK*&kU{<)`7*;r)4xANpTZ)KpreQ}$YkBaX&~{J^1P!f z_6R#iX*`TdA|<8>Iae_nfRd$07TO!EK`3^D-U|54%tDnsNx6Y~{*Cy&u)AFYq_sZT zW&V-CF`c@TAa+sjCzB{A6CxPxX-0y5!?7Ikt7MN+ueAwMrRg?Y-3iDbB`yXX`a+`g znQXph3Dvf}MhfTnp49)PN2rokkO3rnGJ{?l=mvjWeMX|%OV{)Sohe>ot^p#*33N+J zAZg^3a%%8;&PBC+W^q6gh{%*jlMujwdPuG~Li>A+08`fR@y>QI9CvkR19?hT{VSMM z)Of3DL~O+v_V7l`B5F@pG7vpf5-xD6X9$H?H+Ar0cE}%Pz~G6^IL#(Y4cq7TS>P0)YlMXtvm+^9vyPl_WjM4-bYT_!194 z#*Jr=!{>}(=dgjz>tq~+R^}#1{mZLrtLh~+CywD9Q0Y+R{R=}C#t=QL6A;ewMURh8 z#OkvJs4K}d8u!LhBoF{DnEw}!_@yi$O)EF*k26JNl#$KM!!`YF%#6XL?w_0IF=fJ!+Ffw?c7;hP5*F7zzOtTAYNe6nf* zH;Qa52PG?2gbDn>sI0vAZ&cq3u7TnUe(jLKNUXUn^-VnG@g2!Ld8};Lifd|B(HcTk!!m#raIBB*L2PfDsri~HJa>QLemwNRp)`hxysDtib&&B&N8 z&9pnZI7b^1qC5B zx^;?izx1W0gWh6|?$JfjrUTBjNW&$_3+0m8k@8DQh6i9ptmwDKZWB;k`Hqnv(9C>V zP4E_m5Gdlo7vu(A;7xWCQCO%$qCbY*BEL3tkUq8nuc{<0iq*Jy#i z7FtOtp)}orK6;5s?S%-7MctYftY|+mN!W*lXxl2V*SP%Wt@)9Gd@42~av=E`WNX>e zU@JZZ*y5_CN_{o37bLYF!{p+VMTe!fhD}4S+d**zQnw-80jLHL@rask&HA5yuvjlp zmP_Jy9r1#HeL4KiSh;F8W6AL;*@pB1c5P_u!d4=*B0up?HPBn33gbzzN0*dJm6CJ* zDY>j3TTR@O7oM+B1Szs5PMVUWp*#?bTVaL1+Nil6hAKdDU_;(gKfue<^rJ{eLxZy7 z=>gEy7W{i|T^|6caqA&9Zp!bpx`~FV6%8f_z~7{KiJv5t=JXtlLejaSBIvNrN)Hkb zdxf*N8AlK_vA0H>Dl`Vi9$8+%)Tg#Lg?}d0WLtXh6X_;D_lnQD#)(W_qarp`>hFsO zrFz%RYab&!v_XQy0)zlJ1n4aX4^cEW(X>U|BG`@|0H+uS>UgA_Ghl*jYl!ju9R%5-~gbGpKX<~mhRSH8W?o<@% z=dxWc7C}?X`y*U3=%=|bLnm3Vr^9jEIPC4zM}&S5ZI|MEPm4??0WHE8BnqvC23Sn+xBk&nX<4&A42Pqe zj5b+JhunZ+MboSLQOAW%u1P>X%YqJISx&^X5<(#^XmeCv0~Mf*82Ab4ju^@U3(nLJ zJ-o(*e?<%AM$j~?qIWC3E>Jujw@WSHsRZ49=(MKgKFDKEYcAMsgNI>xH6t1@uwwvxP%%uqtc#LB0|oz=wTQ&WFrS#} z!F)$shhSPRy!+`jalpzQcFQQK&>#WqD{(0Ecx5$pX`wkZ6D{h{YPfG%zU;K#9UDBW$ z*DfILq{z7J3_NS=r-p(D1R7s#N3zN;7=fk~NPj5Fzd~;s&2nsd4i(fJaUo*Mef(&O z0}8%M8RZ6nd8mH;gXT8uzE?6Tt%~RhkDo+t2)@5TALTL0$2sXHjC&FNCRk)-IwVj$AIVQ zOf&WjQgvxX#Jsc^L_rSv`*Rj5$x}!3nAD^*3x=IB7zHtYhqC=YWM|`(7tdEw&ZO6r z(ZVwG!oFfCcva19%oj|}7$?@IHCoUF79H49!9U<@&2igYK5}3aacqC}uE2spBA!LK zk;YnSLk6Mao~e5m+|*(Y4D&WlgegbI8R{znK|_fH;d@OhkL_A z36wKJZ|bG(@5hSGv$Tw68~MPsIaqYK1f73)hLeUF%zBN6qNt2?`cDoaw{aq}@*^DRBJbpZb*3{{SlDA;OsDfdz(;tq96-7fzzWE(gfg?ll5V%2Z!xzzH zO<=>zINI^+__B8`O4rH^AS&@=XYM~N$!~21`h4v{o}okcMfH%D)?Qr3u-*P;;e)k~ z1`hclVppNO2%kHKg;OkBdhifNU=j6OAgZ<~#f>m{j#-fS&qQ#)RhPRjp(ZXp=X_Rc zm;_EM@q8B_rwBKSD4ML8oLt1bAPzRRtkt2KzFPt_by!(4;VKu{a>r}B20-rjUmqtoVT6*-#va%(U*Ob z#py9{*3_mZmMi4{uHTH%v{K~D$RgzFxlar{B&6~gaC%~eEJbJjAG5wwjhHDTbmvr_ zckNbpZlz*FlKU5O>oTn-0Qop&^1pZ?ODnSehMMqdOSt|NkQsR2bntR3{-A6Vdn-Qg*~7l2r<2tRZi*?aafkj&6u8?PWdI(3i}tQ2bcF$sYsLK+ z>Pr!vF?>c6m2T)dRPkao(l*602<4;bAgx&}Bd~M^sP-0Kkl75wSyZ8_xlBi; z{6M;r2r^3AXnf0eE?Iaby&nF9)jk$iG=Z4Cq>6l}hT-i=`m}0GqIRAs7frh0>}cE! zyXbw2ZJX5G>AreE(G#!SJY&FbI27?-IK>2|1Tug>&~`(HdWOjRByp* zmJDn_z9m{FaxLfgss3tSeLUSP3jN^*{0*$-eC# ze6j=D>L3957t`jWJ%Z8|I%5V@pbw5+{WYKtt3Oua%@F+1S^5qEAAsd2Fk;jMM7K?tAzU`&CVk+E>8i>6ZfB8ELHn zxZ6=K3*5AgC29UFY7c@}gKHLP(Qc?k7_|0{{5gj@aoYetvSI3)%#+ zhxioe`?0NGH4?s}|3wdE?d0ST{6Q1fpWm1H9;+Pk#$E$-2TUrwwYg7PHoqMK6^iP&@C%#vj$}%A@Z89FlKUIHhU$E4A2G0 zyH~kgX<}&hRq%U@9gj8{jls~C#G&5zn@5!&N~j{wCQZeBaeA%K%+5pgXVM>s{X#~O zC+>3e9|S9$w`7wigD`_;-DXk=a(O#eU6|_4v0Z6e%KDJ1?&T=zG@Y`2z{|Pe?X9 zZRX^)kd2#uJb5Zu*cw|Dvk?Qwtmezf;XOOIKLeYzfPW4vq$Gy$AY4Jv@ZC76w;RzYU-FZ6&6r(c@SFX#+2Xk8RY|BeKI+$SaM>QlIZfBuT^v^AgUh#je(EEp>5zMf51>X zs!eK?9yX;D+%=b*jP;F@4=zecQBE57kO#{mPC@et<++lM@ba~cBe0y{M3`e%z_g7-}#E183FIbz|-@d;J5RE-L z9TH$U22C=VEh+XJ+>CchQv(87Tkf-KNaL>^HQ0XV|4277h&!sx?~J00nw!&L5Y>Z2 z2;ca|JoJn%s(|s68!BwzbFNFanFF3E&;PbQZ~*t?%=1MQ(%=)ryPBJuI&nD%#Y3k? z!Ucs^2?DKKweL@(<4jlzN=|%?PaFX&P<8=lIQm9`EhSjYhvDg;?EK4@jc_4^XJF49 ze(bl%u1F529@KDaLh0_EJGvzVzTWgOw?&vt=^iY7y<>tEXLT!CDNQ14(SpBiEF0HQ zny=FJO+a$%|H3fL=*K<`vQB;dt?y?J@%*mPO&NwEAFBtJE*+7=lQQUAM=k;w4B*5m zrD~`p;hU)oVd_?u7BQ!4r?@)yLX)s3rJrPR-I;^Od#FB}5Iv;n_>^Jcz;h&&{9+Guq9xZa(?Xu>Ar&uqe85(34(>w;s`L>>M*JM;4! zEYHgtaq3d=+N3j`y2ta@roJh1ig`;|sG)g7R_y_9Yff@%=rz+4U9~Ha_|G}o+oU=l z{pB{U@Ne$sOQpuXUh6ZN)7qrV{>|wNZT|S+|C11$wHj+8G`-f{xb?@Y5Qns(J~&yM zm-dJO{A0bHTQ64V#^c_lD1lI%E?GiT*1yS+%4c}WKw2MP^jDH?f?4ISo8QrN>me^T z*^G5fs-J>1;w-6~Mt<7l!C(x+Xw3Z#FdR`!*6OM@eTm{&s)pnyjMWHBIZ#9ff~~?< z{8XuA!lUw}vu(mQ`7HKTs(uIY3#<+n0kxv^a>n*F2Onp-%wy6 zn7~g_81|d=Cr*>M^RGMry`1pHpqPoKMi6n@i(1>osyj|xLCV3yU)W6+*{Xlh#G{rf zzO3?qw&Lc-K2OA17zv7DuM^a!tyUUMui|&HT23)&d}Rmp@+L@%lA<$v@*IPLB__>Y zh*#yN=L`*qJ%V5k9}7p~Z?v8K>Mh#}|?==!(a zKRJl+{vTI=9adEvb&JD-f~1s$AT1&df`FtT-4fCuDj+3-bax1n64Kq>of3k8bf+TS z-QV2Ld*1Uq*S9bKcpkyM*Sha{&pGB8W3Ek0<4iQrtFge(+9|TSO;fHkjWoWN77#*Q zsAbk_+{@8SB=$5i0a1^T(r61x$fW~z*>duRc!!!s!~ZcpYx%Ynjo(lBk+8wD&5J zV8vUJM=WwJGPg7*tJ*`GSksa1n!ATk1m0^)Oc&^?d%2A%j1p}ZIdEn=kMs&@$?m$=?i5v*3YXUoA6bA1G9QP#fYj2O}(m5<&$g%0v~I$ zc7tt9ii3fYc zx!6``oB{>aXhqT1uyP5RUXL)}S|rz}aNlj>ULIE=v8tAlz`YaxMu}bySIkRfR_k)< zu$0ORu#ck+>Xav;npdPKc_PI)86}z*723KR9CQ6JieNq-SJ9ehY^-xS61eEn`>R+C zP48de0_*U9{~(DV6a7E`dk4={s)Yve9{>AC6dS%jVYsomC;=mMx~ zgH5g%Fa7U1Dkd`~Bd#V*BBkBQ&CM-c;;T+>Df zX=j&-VjOL7JXoE6iMU-Kvkw~dXf&P-gl0f?JaAkJr1!&mkoKUqrsi}cS0!5^@q9T( zzv=8>JUPGJ-<6e{{a!XtEvZL1;ZkC@tDBSMgB3oAk4HBAog#8`+9mAsg3|t>KN9H} zx|h_O4|j<~d=kHX`?kN_t6r>k6(P%7dwsq^>AYDQDs=u~tUyyfjw`UzM2x1y{pQ;B z;<$B})42a~MffJLNf5Cgc(~Ow)|gn#YI!5Oi|y$jWtIM0bL5w><3A`N5t8%SXf(N; z<-AINYk?V#CYQil3Vi@tf`H@x-k&bt7H*3v7aWK6-0U<%K$CYwYBFHau*tZ;QIHBa ze3Fom__l?9?+Ug9ji!kTf?_EOuJ&T5`DV^}=W8Xk*i5-WyPt?Rs>NKx8LWq|ukUoV zCFOJLzrVh7zOx|SyCDb^3(FQgU#=GW9>(D7IHQGm=C^)Q$G@cpt9Wbl+>*YkOb z5+*JZfgv;X3b4kpnWO^%9KmaWQ5}Y19qNdCJ-s0wKQok4$?JA?bIQe*P zd3b18e#9}cAgG7;YRZodnct4GbmE)ANT-VldJy`jMsX6D0jzI*OzDwgc$*e`M( z=#MZh;>r!z6|m39ZsFbW^e}HO%Yir>FVY<^&?F#tMjT7xFb{ED1B0XWQMRVjwDk`X z5}hRm?c4P`O%)Yfi%Ki~iMP4GQX%_GqjOAtA+-MPF&>+cOr(E9@wK9lbiVvn zCMXMx67H@&uW^7 zYr`vNE6K#j`YwAN*~xBkIJv61L+~GrV)0K6d*H{|?GT@xqw4yJF)`zCBk;lSgNOWf zoA6sxWrnhDZcW39Zw-6CtxZ*$!I_JDX7(Bma&U0)pRQ0!As2_~DhspmqS+d&^z@M# zyg;$33X|bX*_a@>WgCS3i)>yq0dcV8Ss$FHyft4;9O2O86 z7=i2F8T=rUUa`t8lv23qZO0cs1Jzt*l&qONHKs+uZMdwyfdR?j#ayLS(PF*EsVa-< z3KNwbi%z`Kp2hYRu{M{PppU`wf`{tA3LUtR|n$>Zd_*;?X>{e4Scr zKLgk~mz}xBdPt?P8UOm?F)=as9$NU@5)$j$yb7fd)T%VKUGyb>U7#_@)d#BwY0mgh z=U3SnRza6jb~iY#V!sg)y7vR}TB?U3iA1h)X>&}zYVOmIGc}NyF`R$o!6HHahj*X1 z>LQQlv2;6K^oL4d77yQ^I8|6Z=QM3mt(K=6h%?ZScr~r21zqpQG`k#68pEca)RNHE zF8Yye*KHK>*{-84Mlq=u!PWOhv-smsHbJ(G(Q`7nzC7D5(`axgrFvs%Y`n6(Y%x_K zZ7TyGvnbY}m@L$NugMRa3}byX^`$>7WtPP#a z+Ry(^ed%i{+{)eVjyIz}FN7uIDRU7fWS`|;hbwt5^Y}O>kXZqX2g?@?ZJBY$xl2cf zVS0Sn!Nnb$O*fZ}BNy)|<^%;$T0cd`rlYRHYxU8SreqN7pgQIFt^D8{lQ zZCBSFjcIoUKe$bB1}9qRa<{#qK|qL|o<195DgSk08#W1_P0pvU{Rz(x#xj2(LZ{bmQi20oJ@4kc|M#a-BYuur{@DD@ z^$F~&Y#sm4=-GOE_oGpD(KpFLu3;)gjmKIftB2p{WTStKRp;u|?k{x&!3W!2_AbX+ zNcgT-ilL)kBR{4{|9i|t)OTJDXJI1RccnLNPq^(5XS-?Zv^VV^gAP*(BkBM_R#JTP?Rc@iu*>Nu7db90T6+4Gri*Ru>W{jx^t-X=Gq&TpveC?~^r~?GjVnpcS>5 zu5?WQH#Y{F71g4mYAJelM1P#EGwI=h?89mFD@VV%iBa_G{Ak{BB{7J#PKv(LdbtPt z!Bequ84FTw^BM>;fI#cXLvRdX9Y*rhdd2PFlkh}~n$At5?rXql5xzMaU~hN@D@*!J z*$_$l-Y>2molmVOZCUJu@G+2;i`9#h%&Z>yG&MFIU%b>nxiCwc7Gp`&?XdU zv&Qrnk&r4N(<<_@*z{ybM^ZQ}AoVp~LT<{}t}Z%}gEo2w0ZxD1eemD`+*RGlobzHT zY?t8qu|ulM*}h7aTsTF~uU{@(mE&dQ<>}`5ijby^2a>SW%`9@EXaM-^iDub26svi_ z$i$Qn5NW7;T<7yw8``AQIUn0e!x;3QIGbtpSdl5LkPzBz20@=OcL|->b4F&~QI%ai z+#**qx~ib2vH1Y7`S$I;&cXuIk1+-LcX!rg=(E;yddx*aJ?zfYZsUtZgh6@AkS3u1 z)ar#Yc3^*Yb_VAr=#x!%81+zULr%`>SDrasWWcg5p0^zhv;x>|R+XsVUmS1o+i$~Aw^rcX{8e`G@YC|7# z1&jPKL^T$eQY3UDf$oVR4H(oEQmARfDYBswG1~a?5{Z4~_(nfZ|a(=wUm`qP%xB;=s%p!*Rt#Fcl4B$sO0ZtLy^Z3I!#$$^}Kx-R>t<;w2QR`5MtW&hxS((!Njn_pJ#fdupv@SpZ`j{fosJyA?2 z3*I5G10~-5#_f0qnkcBwtRj(h z&>bO;?9PvNf1H(-m6P?+Ae;iI{xPh&6WOw-Nk~ls*RZ9!rEgI#?1wU>hm21ktPlT2 zD()*Xa|4)xzx!lwx7-s2Ws%dM?M`d}3uKFk?PnJN#$gNau2Bq@dt;h6is}~<;P}w= zC{c>x?)5-NveR&&FdfPx`4t)`EK)8gP~w+9JMaU7$8s9A)^x${XUj2|)VJ^6^BLwH z=92tMdNiV}?-n?jAHN8&6by)oi|a}1_BJ7<^JSbN5g8hC_rhVr6U*DL zaZVZx7i5%m7?qQ}b3a4E;k#7(7dDzFZkfe=q!p`cmYQilS*mA{Er_aKBhti9(?t<( zHdG?rdOO3L{bvHk{SRXYQ$)NM)Vh0m)@SRhaSx!YdEf3D&uyVq@c~IC9-z-e={w&O z3s*oruw^kHQz&>pQC$y`F+iGz66U>_>~?N)bA9DIJ`HjF7E1iP&fwIdK&pTVQA9dt zx;YTOIe>Mnz1Y{qZGg@Qz+?nPgqzJ-8z$R*Q7E*?>5b6o=BpP+KXzUpfmAMmUKdIX zbbwO_p*or;CBQ+*?W)<#+Ets0_H%g1a7wqiHXy}7|0jaxWBRSogN_+fRuO&Rz`M9% zALE9R)lI8l(g>O6-&~xHJ`O8ct<*ez3G)%-vuA`^#gPT7q?|G`oL(4@19U=|C9SL7 zb_4IaqWF5X=e@`ij|-47eT3GALdd9E1AFe%0+qyKrsfseH#a@prt{gi04(R-E(&oc z0Qt!kEKiEtTCWL zmSxhdtHAAl3JIZ(7^6*Ze&o?8k7hB!npFH2Ds6&2T47sWbYO+WZo zTGhdh^#>raGWj{gJAA4-bqT=d@87>~&O-)}O}^{09Hky6=MKpXk^*0asx*L=l=`4= zy~s^N&v z=Cg{NM$M;G+%_HiL~a7yw#Qi{Z5yORXkLFaY8@pfNIKr^h@BMPS}Fg1qaKAkGvI|O zNO2^oR#t@^sXE}LozJCGLPuf$V|DuBXY%JhN{PIp=d8!iKmThX^uiIo`~(L?^cQq3 zvdNR7Vl+xWq@|@F@P0}O+tZL$7_z`0yo~8V#|{}rxrYJ{ zzq!p4dE)@@QTs^~5)rle(@h?rKoV^GY>Z`s>WA+7czYn?32h zb;2}*wV+ThBvzXjVr{^k(nLvQ$A8h1a2w24q&yW_gl)coR6KNwNz8hAbu#bUk|gNd zCMGuw6xX9mA{oGo#dYh9e=Z9#^yjZZ#@$zBi)PcO2>H-_eV)G+gqOje!T7o$AQ=U{ zy#ZLyHU{82#U3hYXgENt4+Zt>1I~Z$*DLOCe1N>Ho7ktNYRGNHYwOzAS(pmM$Ua$? zGB$W&oBOUSWb8gcQ;;iUio5q7o&o^ysqS5Y$Xs52;P)z36lF2!3%x>uMzdQZX1iC5 zbNrxW-CfC3?5nedhG*_7M%?_3#BwNcS*GjW>f>d9 z?fT{_I#{Mt87}Xnd+OqwXcH2QV|*ixI~U&6ng>1a*w~t&$AIw7Lm|u9=x7A0j14h~ z8(KL<#i1~teGN-d{)0KGq*0Ku^`Gt?kw@r=TTLj1Mg&^J)=wgNVQz^^4smi+^z>cn z7J6Yq<3O`uPZL0z-j2cU3L!sWVmQ5iOfGc3nx5=_{T)YIQE_LiFrM1k?YEPss+ARo z&fThGi=*vXeioLmIR5i|@Vz$Hp*!`j(uAAs3-t(-B`fE9>~^9QMyb6*7+u+H1Ej3k z^>rHYnHg$rrPIjPW3gpdg1n4YbHAM1p?ZdxG887`e!Q_VR^#o(N2S5gd6eno8ifhB zgXPQ8&W_++6@|{k&^Dnr2Uv#PPV)49KuJhPlHPmZd(wdFl%nS6=NA+t=aJ^yvf}Xk zfA{#Z)xG8`b%V4BA6u(_6ybDC>&|pFju5$Kv7VqAYryX!UH)csk9oqUSbu)fC#woh z1(q205)q@uX4RTcKBX=J5DdA3aIV7*3Yc2{Yt81xro#NqO z*ELD|L-^`YeD13TP7`4ep9TVV_$A_90m3R!ZrFkC+DRjKN)?QybA(_zqahd6xrh_X<&841ieoo1_tx%Cvg> z6tcKPJG*&IQ0ARNy;2>Ud*8o=o}gsEnC!XB$B)-Ao}{_YvY8i*J1AzDw~?nZigUw; zIr1||JPgBt)tpm?=sVBAt*G{Cwo8w2U5&T5(6I(fGSt@lZ_RMeN%ci9G%o+Zm?%;u zB=eHroZaS8o7x1DANcpc&2XAhg8*qkngwsl%x}%7< zBT%rQ^YORG7qG2lq1R>Kg|>Me2sJJ@XxQ|in}DKyVb}t!OBwW5)Fsd)4`<1@ z>*K<9R0C2!ecK+R?{)^1(;l^ni3wz8f;7zmoTn+9M>p5=Hw0Nzzzghc^P|s8S9}=B z39lb{yVRfCAa7si*HgQnsiTDB#TY>qZSQq7OIyxi>30}ou_ZBf(p=SsLZD`+{&vD9}5Sc3&SeWtNnl(-n+stb$~vU zj(m*n3CF%xmBq`s2)q5mbXDP@MYf-T7)`kQ=*x)u&^0{U}4sL$}PY>uEu(OU4zz zA&z~k$hfG58L}YUK@rK*7CL-3QY2aKWdTvv2AvLK5qhg!Eo19}goJ9#*wNAAe)pNO+OVgJET%p zV9((3T@-8V>FKEh6l`!BK_@#m_6IK4CmVC%(NpJt1Iak^?@+3L%2w+?@GFHhvo&4a zz6<^DPHuJ*zMbeZ=!&2_MS$_Wd8Z8)V#_%J*Yk?Q4&)eJyU8^1ARq%Ugi3%yf#`AG zu3f?3|44^M6Y>P1V|kql*V*qBITgNea&m$un3U&ZfzyD~t5<{2+4{6V=(ml(c>n&r zTs-#{P#M5p2sj^`fBg9I;9uXY>(c@Is*pl^ZnOFu*s(B4v1Um5AhS%R8~7RAzkh!d8W@D+hwx_! zz3&b~v^xNufOERpZO3tSK?$T~HlC2YJ0K$;6~3Oc@!pp=dcW+VT&2%;(e=8~_{m0flu)iFS6{HfGy;HO9U!0uVg54a;NqqWEu;^ERHfF`5Y+XB)UjQH(L| zMd<7q4s`)E>Hr3?(HHmw{HS)5OYQpVyHLSn;Bs3{G@z@xINGR&TZaxLGb01om}aX# zokRCSCl>K3^8oLpI-;4n7Jo?=&QD z-)3Ckd&+9T|4iBTwW;a4JkRW%cH_Rd%;bN7hhYy07U?4V3_wp@0t(kVd*D0gUE&fV zW(~l0Ieh03t%7hHyW&WG1~4wqWjXiorbPh`0W`mv@#(e`)t2+$7*ycvu%8HOK|kd| zgb945&dX3>$7c=@@qV@A?!O4z>9Secm1Y@AtdPLV;c~hQj8x}uKhQ<6C1SS|6CB4`uGSf2k_w|I6@gX1$86`&zo zj0wV_5U6oFGQIkN?Yl5qZmf7}YS+%rZ8^u>(C(RCQ{wRbcG-C?tD;j@)jB zSekPl=%@`I*K?LX@}Y$e7VW>n7#}Kp?a<GOw%<_;osshC8=Pu;2kUQ);AhiqQ!UxUJSf>T=tJ2Z83u;`Do?vbzIYFf%Q&d zUmA)$@jriBC)w1b>ogb$v(EXD6Y)yet z%PU`~FJ+!{Tp`ylcxygYvF1niaiZK92cKS0P>_>zSbS-2R<(87%BhYv5&4APcP4Rr zI2_|8-{ZBvUJ3mxh8ye~t16;2Lrx`2Xmhy=nhsVN92%JhwYPqv?fpIL?dke^p6z*5fSJqvF|}12Vg&-5`^`|+cI#Q8!97?Ru#dB~vMRNawgfVL?5?s;1glPs zQsr$e_s_$KYF4+N2L!_9^~H|EFSrAtlbO%DbvB;!@^*a(1H$u=BtdnjvXUFtX>xId z915DJWb-~943zwjalix43L$G|&U$7#(%s#S5X%4u zf)}O~5;kB7A|j$_R$V?`PN)H(M`uBY4sluwodU6*gF&U~C@2@s@E34D6wj^S16BrK z#r0iE7mwZmR!}XiK*#rOfnTRqL9n(rpsd5Y{<{swHHa;`?!Xk7$vG(2hznU8$^@ne zez)(}FM-ehej%_WFaQXmTC=>+zN35~NN z_WjqVch2Oo+iKEXzc!vBV(Dsq7Tvo0P2X!{HW3!~x z-AIe#dIhdrT9${(nYYxQ6Q>!Epp{!JB7H;+-uKQ7VZ|P@uk9wCWP70GooXiqUZE$4 z_YkHnuae2V`!-`kpY+T;$Wj{WQ_P9+DdZ(XT2Gi?418w`PpSH_?cav&x2EA-pMvab zoE>55gP)u5UJ{>BKs~I^1&^GIjStV>p*Gx`b~XCn+Y7anE&Vz%k!mtn=+NJY&j|R7 zoGh155iYf$W+=(%9VE}ArzCi37@w$c$Au}(&GZ+=BXaF<1@>Qm+IhQQe%^dS(en{q!ibHmPF3qLYwn<&m!&a@j><B-^4%oDB|wXahx(HrUw#ztO4opu4IA;O{N=acNnN#9rL&vq2RrSds0F@!Ju zGhdMhZvlF3@Vt z4Ue=E*WL}EW>)LyJuXE%wM&f={K)D7Um^4|q|G}`No(oKCGjxx99b?*e9TgHXoGHM zWO1ApExX1!f|d6Ux$q--);7;g^ijE3M5jk1~#P>Qv$U(xE}i>lHuE;gZ^STm_* zvDy_(^ym$xI>2Hr_wS8hO^7SVD zc-v;zn)tsmj^YTTl=>7KsFf*c5?r^DAypy$fN#MW?{65V9{FY)C&_i9;frJ+Q7ZFN z#IESfRwUE2=p?gZ~dY#`O36_Ez505ds#ma8(%p6NMgBDs~LYIL~?S6!WLp z>=yD=h5K5tDXTNm(fJDhkkx8)djQnae=qVa0elzH)p7J857S~KF1_Ww{XJW5=A05j z!-sTlH@?R&OuMj$+}C#3s|oNEtr;0WtLtiGWf$Wbc~zege)QERkP5GxGnDPk_+M5$ zv3zCeoEqs}9xv6D@d`=f)lw(hmyZ|nKHiPed$?F-jQ@W_DK!g}C}>*EfEEEl8kE@g zasQxbHbEB*NYWC@7*M1Em7WG7m3J(dmK-J@+~;D<6%ELm(s=*PMjak+ha)+*>&xZq z>zW%5mMNu{GB@q(;4RxlI(#99wT~z+%~+US1mRkl))QR1^37Z_j|{baQJlK@;#J=8 zHF(hZ@IMLtW#qPTH#ywV?Q=qidkERT5h;PDjYjUKTR{(f=!U)}=5cQCi{p0@8Vks$ z&Z*A&s+b+&Nbm4oVyr)+5&K75pjDX%dX;F!WBIrQe*69>lkw92w}f<@cnFD!or_Be=}47eTRJ zU7Q&ArV>FVgqOOm?Wo|%48nQS*4Cz>NrJDsgh`2niXkIr?)qwtwDQ`tVWC^RC5a)I zc)feC^0}ahtEk#gxu5C{KYG(GR>7_r<%e+4|pQBL3rQ-^?%4lc5 zC}O{E8Zpm6#if=ujZ)43@@*Qaq<3iTfd=o>7Y^CLM1XV1cM)()mgB1wr9J|&U#&zAVEttWDViO6Y9O+} z19azAF;;u`uV28XZXu`uP+b&(djYL9I4+!MKU5;x{_%TRflnw`p(0#GZ7nmHMMbL(bMSYx=oOb4IhUM9Ffo%|%S?4Wb z-erw8$^&n@oOrVN>XyZbSb4fq2VR|3?9+|3@cTZLkQIEI5t-|!DD-~n;3fpdUD8;b zCL9!;BE7~s@LnK2KwX1=9FXuHFJN!oMyJZ7df*r5Zznme=Ps~dlVASTe&*R3TGw7F z>UnF{THf%ElS~_q2^Y1z4nM9A8#P1k)Y1Wa_7i30%%ySxtrY7{d&}5-|N`^etL|7TdtGb38PLAr)gp6?2@^TH( zjdqWzvP%eTO*>x^OM=^H6;WOvp#UlA_V2qf*deyI4}k$j*h8-4e5iCexUql-BJYi1 zn+MMGJEt-9n4d0B_j119*PrN*2ztKz)9DR&bhlL97MkSl0gF$im4=U$^rAGWWE?S@ zOUuil`vot@UNh%fBUuDJd3~BG6xG8J(Wy!(iRSs{h=!@`u-ahdQGOaVIt_P89I@z| zTDk9xrnAKG+`vzki54umVZODt%=FaU?R#O$ zz7(+k`Z?p%CDeA8OjKD5?%Haz1G}lI^rzCJsGn#^El;EMf*gKS-2{q0@MZqbx(c=$ z*euZskUtRJDdU+m6)o*MNP?mZK$ZOKPc*v<@hHYXyWtZp7c3#uEa$)0(fnU8!0SvN zue``TaT2e0K1f(qeQ3wW?D7csih?K_OW+@j4GzX4aa(Bd^u;800}m_^AkgQ@o$W7! z@pT5;OK{9on2m=dTA%J3WIYu31e3ytEeIP2GK~LTX-3K}2Kn7+9C$~JtI|~_apq@Q z^T~^f#;lQ1_jE*!1KVFb`k{0|rWESI@xA?zls&GF%c zBl83{FPa+i`n*MT7d2&P--yWK)9^QD<)ND7&AYK+4~p4d{IRclRb~^C@HsIkf1aU( zywx_Mxbc|uehD~LXTZk+NpCHK{Y{Gp*n=@W+x#^bY(4X$J&6eHbX?FHI&c$7wY(mx zbyTalg}+CMJiUn7336~$&qhM?3wHvvy@-MjPwi-B00IEGs5hserci>huqNyR=m9dn z@bK_KI8u1D5?mHjhfrY<+;EyfK0Kv?dR7bC$fBGFxZ}J-0Q##o*Bn}L!@+2EDRj#8&&+;(G8my2% z(8IOiXuU-gk}rJOTo9|QtK2>H;>sfRv_#CSHLp!Z9D~|b10C-+^L`OO zWwuwrKTQEdCkrGSU?JaKplZ;OqbnvsM}c7myvGPv)AZE8G%cIIx?|{4&H^IG_(Zo< z1ySA2NEV{u@t*{p%hp18LeCbJUc6%k&P^Gi-aX<4-2)y&VDq;-9QtSKQ0fFBS10g0 zfn5O9Cqxfz`&33=zOT1;1C05gIBksP$3#U%#l<-Rj{#oT?YTy0p!k79--bC0i(v+p zEG(>VP1~lBb3k9=!b*pexcdPRjL%6;v2H!Lu(138@z1w|D+S@7M@X)Q%0@>2KnV2V z39wxsSp(C(7)BZ7a%kTVsCQ{sfyC(V?X3qT093UlXwt!GPzv5{1hok42@qpK7n|i^ z#9K%Y6%w`Pz-s5}yS%&v)9aomFeFV!Kl8vJ1F06Vm%t%GDu5{fgwmsCwgB(81u~kR zo*r=6;QoF3^r_p;)rpsv7s7IUI4B9OO*lJ0zFK*npbHj1q2B+#j$356NE(eKz%!Tq z6svuxa65g#A$&4D<%hC3ta?_hOzW!^@i;U6=?exCTYjnHtPp&p$TqgGW{FRfyvk)b z4X3qj5e~h_^7zPLeg_{T&{#J!VYB7TTCh{8r$^xCr@HNgFvS8t1%MC;)Dj>#U~Fm( z4J^I-;7+mv6pbKQle)|FDoqI=1{TCElSwD@eMqq%gzf3_KSiQeegcEDcwPc@B#MmtwlYui77LJJ^E{4-fB=^P&AI>sg3h z7!OuR0fRHb84NW7?ivJHU6@M($1MT9!b9FqZxHNPyc5;>ZWJGfE z4G{e(78Ecwfykv^D*3NjNKRpB%TxhxBIX)*XlMxGz@)}fQvnGM=1g1FD@^;>a9-KyCe2=$hwM*zZ5wCJ+ zu^=$WVEzWqR+ilNGRt`(0ewjcj4z@0su-hGI5Uj*obE(0FBLpx@yk{1=6>*lJNp6| zE5-YR5u@4$mY}~5?pqD2kHVi-_Ux%8WrPa7b(|U+sw5rpu%|r!-WyiWRX=^rAhzkP ze&>sR$(M|0JF3Y;q2}=c^@SYU{iBM>KkZ&kQ?<{h<~eVHZH*LIRU@OUPurjdf@I)E zUG}M0w%PZo*%)&!2ZR*`lsDK9Rv+~on33_t0JOY4UOW$$TBw>AFs~zH$o!W=QBe^w zR|X2c4tQyV8W7VXjB2JZ3!w2YI^9$xrWKGN}g0~MCJzuBe;?unKJ~3w zj(68b#qIzell*M19C-^eBmsu#k{|I!bubd1~)b{k%Zj0Ok*+Sy_d51es?r0zpZNH_~7w^vHVxG)9te@0@mGBeQ^;TlZl8qUD1}%hg14A zf~pP6)i;a^|Dl0LMOdEJHcSRi!dpSsW4mhLQFL-Thcy^4)aH5LjoWN(-wK^1q(dfZ zrSoref2PceeLWQvH9^l?&g3#3LAcZ%;KbB}33HT53Mx=C2*f~1Qws{taz7n7-TMPc zg|Tt$vA+Qc$hX?y-K-qf3!09Mi<^S#4V?0+1B$$`P+Vt=poIx*c!ZQNa(8m?4kqrk zZ<%jOt<(wL0(AqM&#CUFjgZzIkNY|S9tk-;S{MaHu_<}|sg<2)S7v#rw5MT1`!b<< zWh&&$LBA*?P-XB;0~HfSQQ!Jia@8;aFbEg#R)w21Pv}i_Jl#)6W2)&w5)B@Gu zyqTPwlv;uVm|mOVT!*0cL3V;d$^uiZko&xx zP)tU020?S-biclYa@LyOop=EvGeX`G>TkWIOL?FRSqwx4cL*PmBN-}werHJ1perC| zBpy!aMu5D|s!?()Pd&>7s+%|Dnoo&k_W$2#%?rNg#sK0z0znRQTdz2Ssg}_G!#Zam zH@WkuJ;^th z#w2q&uV@$7ZY9BBibT{J7%R|)%Rk6MWWhG)Q3|uMS^fyXf9-qH>^@1~tF$7ahbmhK0wk)GD+E8poH>0pj<|mN{vZmZNPfUnR}_;R#hq@<4rwpH+`^%+%Jf zc6A;l*DGYPZjK<`QKnHQ3kJ$l28ewD7j>1vIlsfjn$l5 zq{$>RJNpL2$EK~SX>d^5;#Yr|tviA$yCC;sR0pzlfh1bH^b5{91UCg{1%MdmKVinn z0h-=zE+BwR8^MPF_`}bi!u9Y~F3m%EDASK!H&7liF`2C4YB(9At z3+t<7^{4p>KGUu9(rcP?x=qgbc#YA{K^#pH<^ST45IvDkNb=6oH zZA?jIWZP<$E5%K#R1Q>E%G`qnXjO&SDmdbO8{b`K#!TUm-R93QRn7C-c%p;Wv?|hl zL}L>+*U>hJ7zjQu`_d9d{ZjR|3XG$AAl>$9DK{SIkLL-+fd{RE_GUR*mZ?%cJUpB& zAOBc@c8AyvjRBfm_*FoFuv^%#V*ashr0qGj~mR+lva6BiQYvJQVZZ& zRXQ3P18cj$Zp&>D{H7tGR1^hmA&{iT3o_mt8VUmF%)2@Rq3sGvKn$QJI6aa_G~U4V zb(q>8g2-C+ahCB;-pCV}sUQN_6zzAiHLZ@O3Ay9K71aF2WldOum)kcf&u8q;P)TPzIbTV#pjk5PY!RoE1FZI8JQBTMuaH;7V zWRbu#-T}4_fEGb=tZ=Ca8M4{ky`3FQO$etA9BM>A-!01pJPt!5ojGt*Fne+Y1tV=BKYr{x2GH0l#DJI)r``wWLyg5Wx6peatrUf?D*ofEK;b4< zaD+*o!togy2$<5{hx#!70-O&^gKQ;WKlk(DWYxftLhTd8fO6@(yOgm|ZlOaI`oSf? znA!niD$E~jLGcCi&=t&B)&fF+Q+0p`P+HJx=|_H1olJKr7<~XyNzC!!Jcqvn`UNUd zJ-|os(7UzI0&ZO(y#|{E;t2!LR_vAULZ7A($CV2Q(B&7*Q**rQL>!Rw&KC~8ZMy}ZPq|MqHkm++Wrw-sL6qCTdnSyu85Z*rjEM!gi((A*`%>5F*Ln~6<^ z6aKoXa47|SE(tv#opc&pO`vz<=&y2`Pn5v6w;xl@W^n;r6w-n^4t5WebPIU!1VHEc zN;6_iX<1o>nS{b=m3ooxHJFZSkEhItS+p|NUpdMRyMQ=s{43UKeS~2w9}8LyIA=;+ zYha%M(!{3|QLCd^w287V0a*$hPrSSQq6+ORjGQ=v(G?z#^Cl(*pe7h7Jn^9Gxq$R^ zvvYI318khe8|c(1T@ME#^<#tsM3~K2XWLko;j4~1lDLHB)%^2Rj=kqpD81YPN^1t2 zG2&4S(27CC4S=6;w+-3|w9m~DQ0lR#)QG8V=mVjF_4S90&)^ct_YX0&9xh3Nuv2N+ zLf^a%p!Ol3&68lDQ7miz$>9FP+5+>)j}_>Y&*8BUxescgmvcYs)rWVeg-d7#$U8(_ z3|_6*eByHez~M}u)rJ_5AV$FuR5JjW_ESK;Z%O-LEW8@=Xa^{lF+~vw$b20Ez6Y~t zsU8?>^0l4%_3M|y4W;w^gJkj2E8%z15`j(3NU84Uwt zy;7&tnvih!%c^2#kj)*D7i=>0G-9tZc+jbEO+T1ixN{``x)E4O_&&?^B6cUpCFxgx z0=KczNYEvOZa}=vCY4jsHx>R{N@Fl~*J>sDt6mUX;cum`k!hH)` zKSC!VP^+G`i%&M5#Ya2~V7}=JI=9G#1Q)0gLBwo%h@<)#9UVRA8nE#W42=VCkow_0 zh!bF*$kaZAiKHdR$N5NpvltbmG8(`CdZEdA{cgaD*WlQFrmlkAau9!~ySbzmCxe(U zX*7}0yHBab0wt_clN{xAidGhBE%P=P@-oUs&0k$v$s1AzGwm@Z8@J3}j0d-{gPxQ` zr_S_Aq%Y^Ojl>7n_Hiv&HGNlg%PF;Edhy#N^~Hy{2c z34Qol>hqsJf3AxJeJh6tgm6)Uu#yI8FW1?p0LFjLfCqq0-U2o{#|`pS)R++_V%iFD zk(aZa&iEBHAamdj)vASFX}>BB9uy%_rk%=TF*O3F6DT|AL`h()K?FOD4%zmjirYTS z25=1&T8;wzE@T?ep=iH1Dj$KV4+_ONKopg-^^MLX1)yn;frEjD$QcGH%wTFCFdLME zK6wm6-_kS!(HWP6J_xL|Q3)7Wg;~Bf#BM=OgnySP=v;Maj~G3jcRc|Fy*d08`u%t? zmc=*5!38Y~+C(k2`C=lBi7UUp-_~7*Oa^<8fAz}?x9#9ICK1s%sX20Q+frN$eX`3_ zX#7v91_=fS2jLj3La?rxkOl?@0`n#A3*s6$MM^%NT*G;vU~B%}-p_^&-kvM?+!WEc zulsUuei9h>$uC@ZV<4FJ3X@1rYdgDRP#sKa7ymjS25AIg2)~Z_)};DlM5_cdXyr#> z!r=$MX+Z(A1_?fXL~QJ;3I+K?*3fj;=YLPBt5SPi`@%YZ1*p&c74tQ3Lmu;|>`!;m zT#Q-@`?e&G^G-CPMu+GZF82mjz&h2IHJN`s6>TTRtxUpnkz}j3m>p zPZ+%UX6Zk;zSKWm>(a40(VQ`1O>#JOXW;VZrA_UbVn|8!1;Q^;nMpl-x-KXr5 zKfKT$W8>gRj#t za=y;153s$?z_E=^2lRYIS+%Scr!HKbSRRH-j+jG=HiC6UWF#nEaPl?)8*s9PQ7!%X z19Q}}$6=?yZQr95(iw+2i|8FE1E8aXI(9>0-m+aj1a~v97`iSLR&U>qc~WjqLj$Wq zgasPBRo^+@p*qR-2ZOJ>`JkVFHRI8-)o*an|D*sb28?d}ZtFdLANVf{U^@z>3^;{u zkz?2`v>@3iv|{tj+)CykVo=V28!r)ca^ky?>LUpGgK(Nv=(q|dejTL-^4*idT2!eQ zF&-k=BZ08T&2|-CWH`;e7{B5&Xw71@u550nn>K#(kd+`KE-?Pu52Gk znR*h}0s6Z2+2V$^N5dsri&4|V{~uHD0Zw)M$B*0N*n7vZS5ihCl1=vBLbfEckjkFL zu~#-ZBv}bQ^Z-GdKX(q0sN+bWjwG2b_jf4|~IJU%}bLKs43G0)_YnpMENL^{C$ zXSrpeIUn}ccRNss_3}$erEUwT1g<20Y^ZBTp-=_e6Lv7^52qvLiXJI?LITD<2m5hX z=_oUZfCGsVDl;>a0AIRx6J=^@+7Jlnl~)l+h`AL5W6i8s=7h-Aq1USs10nEqn=88R zs1dd+q^6{s#dxx;zgqw`8C*O;!eLTe&Uyynt<{%t0`NMGEHtuz_9u<;0VgKpNEMZP zpm_88@Tv!IyPHcC`EYBG@L$)T9+=HTa-oaXT!jm4RNmz1n`pOa~T-;j6|@XyX7 zcw2N041A&X!4IsLCAwI>2nMygYdB=cq?RZ03JhO^1}k_6IM5#;5_eey38+(@&G}#R zfiBB1Q}AYp@bmMZKOX>c=Uu0x(JuI=%S%h!Z~pq(%(Vr1h8So-FN+(ZfZaa(lqiKo zA}23z4$cQaRC0k#feH)tub65cgArw~%x9T$4CGFze-B>*09)6uM(N+4*&uku1a*QW z8IIXZ{X3JS_iGm}kY-VxSZA2s*K*#7y1`G>>|DR;;py4!YP%-I#V*!Zi5afjL2>L7 z7dewDvdmpI$zHumMqVi>Dwelv^2=?#*;e|+_284Y*hMxTFvEcu&=@p)+V0Id>0?8d~1e^8g8Kt47q zD#*{L)Spud1xW#bHpTWeE1&6SLukm2AgU=p1bGX%nR-Wk%C1xuu)9G` z2c4vs{q)nV&p9hAZsFzf7q(#Y+P&~i+W6DP1%WZ#jIy4Xb2JE7t#2fL6`7!W1oZc= zN|jbAhka6AT^&&Vq+zGokpLYGP(P*x2z^7bN*&(Qxgpei*V16@C;ZMGS%iWPJuxr5 zb0{IOnvd{M1qkJ_bfu!yT=E7yF9y#%sQRl)*8|}lT2!_^xdbp#;Z4`3W#Nrd3JUD6 z-4?Oi@MYHDJOv;X^ZeD=Z}RT$Zam11{~IQkAHZV3SHI@!3NQJqNPAg8bp14#_=0nj z+0IE_=F7g%Z1%e|ILRgH*%E!$T(q@m(wMp?$&Cb4Lz4?yBDLaUWX{){lKFV3ezm=J zC8-^_Fik1hx+0*LRl3jHBvLp&x!NCmf-&zQC~}U@)2BZ-qM=Y5(cRqkud=XSg{q3; zLvL9B-<83xuP9VrTeHfegrC>Wq}{Vy*EX-8qeQ}TYQENsu=@;c4@`VO=1hJ^N}xtR~3 zY8r42R=gUP!UEbL`+DV81d9T^qrUp{0Dvs+ait&X`1|ib%o4(<$UG9}QA}I3pC)sv z0xRo%{W+4HxZdX}5W56)0gONgAW1Da&LWu!Nr?W zvxEDRzo7X5k3!wm*PM6%{e`Y7(`^P3J$%;*Fc3 z_G>*v0x{QLn>fYL0Ot!Q~I*zVHHC@I)y)irFhI?imx9VY>wXW~lb+7Z4q4oT? z#3MCE7bgZ(jYTyw{w_-0*KIEKr7dhPEiwvG8*kcvxxjBJ$j-k_@@BLKoA(Z@YxM7< z7@K3l#)B=A=p3#oS@Rjk!R(<`UX|zQ)~$RZ(mhp=LWNYBfF(`4t6)1(+HUO*cmxM~ zf^ayiltbcY-3wzfZE=VC_Zizz5t&+NzMhx!*)_<2eej1(BLPm$=G!e2eTr0cxi)=3 zr!*&wI9*-Ypr?bFBv$;n_?i^z+HPdZZ(}AJpO`WRtG0TIf3!% z1<8o~l-Q{sUYx}gjFglrOE+W}Too%IfE?%~`12JG1bGk`6 zm?CUA7XkM4t1Mw74r>_-Q^ARHL#gjsXD&W@#~7^of=X^&h{)s|`|y(2o0t8Fy3KQ! zi|Ped#gvEA&;E>wHZ1x>xJx2P{q#qlCf3Ts$D=?+@f2oABWk}i0`Z+|7S&Gi z9T=~aZ$G(z?i%mAQX%r9+*o>it-e7~bt!DOQp8=;smWPPzq=_z6e1FuZbuCzcG-+K zUVi{HR?WlXTrxOrUOPA;ni?8JmH#^!B#HcCqX76~1?U12N$68k@|F0CpHt-Gm(tEf=TVC;x7mEkYXveA16? znK=MqzlBq9s|_*Ox$@#VNe*XK|kqtGNOr0 z??@N3Jhn$Hf4p~Cn)Wr%4`x$P(3L*ZJ7?Fjc6_+E`y1w0+%-{g@mi3|dpY6bx-c9} zOiVS@K)xITKL;3Kh*+jh3lkK2;WYEM@^Yn;&A;jo389%*FYB=7YBJr@xU<(Cp>d|~ zzE1PJM9~hWpmu8@SAKk*$UX9FG&4r<>qn*x8a@3<8`J?(?bF-%qqaa1oB45q37sTe zJw4BenN@1L&|lBm?2u7%DW37^Gi5?%=j^_Wg}Q8VwGJ1^rKs#uA`syKH;4uN%GQ_- z!RNt2(`^B;%}XF>*lIhDE@wSDvFB6u1Mtzqt{Q-}#>U1L2V1U71=pT5KBl0e+WheH zS$)zb7RI6LpW79m^8Kh)`R*Tn@n3xEyGTTDiO>iFM^8D8#9|&By5C|_7_)6!?tKHEjvSYBaSJGh2zv>>utd}FH z2-u|KdkplIP-!Yx;k12joKCF(_4}-5+G+3~I7eY`km{>zXe7{Z#n%q}CTH<_zX_3u zs#G{Yr6yaefV;PdhyHn-&xxY*o>F^hsmcqA^DvZ!K45$J1$wyikUD@y6McBSDf4aV zN{?}!&4RPJ2(u{P{*`>QNv-}<(ywOR$6OJ0x+qjjG{u8=TBDnR8_t}6Hn`oz2fB_> zQt|3V+87*KrL?o1U>?zdeBXXe?mq@h~u`RfRad1V5XJ1wzgaKqk#+w4AbupIle5 zeijx}z%i~ZIze!ZX`8g-(J{uO;g^sGeg>L$gi=)!v3sRR5Ud%2pj!bSnlz{#K=3i1 zwxga1#4(<;{|KftpbF;cczSw!Ujr1QQe$gl<8atODM^*`gcs0$(W~vDAkx6YG;mZm z4qZqD%;qhiMlBI=!tC~e*a&o~ni6;kCV(HJ-x*n04)9J`_@phT;N}JDSm~|LTIap# zDxf=I05JOpI#j#diSl_&Vj{(#AAk>LW@MN!wS1?NV^GIcG{t`H-vcOSybA~tnAu*{ zb(}7eeeGQk4}pnd%L1{Vl?h1{dpZUY&xQ}MAVD%RiH7#U9s z6D+byj=~b@O_+MM25L^57$|6r=4`Zbea21q1bpiE)vw_K=cFkJdLMeE`bt=dC&bu> zY9_d=HCvzyu$uQ9n3YL!S5_l68EdyP-=x-&p!Pp)S@^ciBlo0JBlNcCe_)^ZrWI0h zvN!ezy=9XG@7`M9B`_MlI}+;$+SiBvWv<;w?ka;8*s-^zaWV2t1hI@W&sM z)pRW`R}Xfk9el!1kHh4-CIB>p2^ok}3Pwq*x;daY;IX+2*T)Y4pnwsBeSxP7`_9~< zzI(k2PH(^q+-DhKW;)M3iWOK%PrwN8PyDwE;64xFkaVAb;&Ua2PDK>fn`9kiVFHA) z+d)i6f#mK3vEwp4<OzGvp z8JU@|;_6RNfIWvEPbxgs8#-pN9|Li*jV}n*)ld-*;7jZ16zaFuD_!eJj8I9ty}33D1hdq5yx6wSj?wx_TGP3wS8@eFPk}uuhf z2md!f+fcP21+*RL_UqHNRX$*2D`Jy!2n97I!bF*3_KTW)n^wKo1O-i1y=Lko6FZA} zZuW{nQKeE;%DWY`(ouY8#(zuMswlgsWIA&Ufg8?BCiS_*|l9AfRHtK?j zD&~bWWdjon0V_er+mpgr{T9y3XV~~~F&6d{QBj2zgGOZ&Q8emM$Im>O)XzXG47v>% zBsHDdwRDZ~eo1Uu7gT0wD>SgPtxFu-#G3=suN84L!~+N#jX^R+7XD(e2J z^84&ZoC~y*d6A%*+y}b`aMvKJ8#(o6A4hR$8%lF#V;s7?lIyFf739=NJkLKJ!p)N6p~iJrxCPyjlu{(xS68Gb;}5#?dU*$iO3 z1R));1W5h)kWUcqIJpb;kCV|R*gCfd4=w_kQXXd)8u|y;7o@UaDy;ZQ^RwWrdJRAk zyasOjFCUYjiYWo7uYc~fMTgnf4o})4nUr+$Qpw1+3-1dm5%YC428pF^z* zRBNgajIxOlUyB?e&5|3+61Ez?a;YG1(tReFgV*hrIB{L~<41FK{F0T#2%&Zx9wZM& z@(G`NC!<@lwJwz#`M)rBU?!1xN9` zMDPK8R=k!96k{DTlGgRyf5YFTN-lwIu>@Meyh}6U{QO-(lSj}TL#Q18{qBJ;Y0|+t zL*LpB-!i&(Kx6EtUX8X2hF!S{5{ce3xUULEumS*mb1!X!(gGrvE)DYfX?T@D^ywu0 z1J5E3kd<30IdK5aQT$?2hr^2dYmmX+C1@Y2zXjAoLN~1RFs0iOz{^64<^A1rd0n6x z8!V0`Wng3k2`Aex#=qE-9$-!v_b$ctrm$62uUaM{3b45B<@RKm z|Gwupf>i;G5B9c=W--6e#cwUb{X^*Riq$40^Hq`pb<%sHcO!${vbAR7jp~)s$a))% z7JgbLQn@FGmsoj>P`%bdZ)sXK$LW{Eb|O zx?+x?sN(2bBG%ya1ojZXFW0>!(r$VdF`0oK-2d|#0a8-Z@pIiPorJ-Ln74|lGT&peTg7v1%LaG?O5 z8<(^*!KJ^$bUBi?yNe0D6T6H;dJ*9J4dyMuzYD7Wy1;B#n93lYDa^09sOV%==?8$g zIj^xmzJd;Ewmm~z0hT{Z4`vHWw^Mm9<5e^e|B&|t3eCf_P7nol^o~DzTPq3p_zl_} zIFukV7;O{}SWmC#a07(lXn35xS(-i!T*D{MlYen-G0|L(5VdG;zXUBrWFJCTO5xjf6v zUx{TsX=U8>HC?>EpGj&7p5Gdfmu*fZi^>iQS!XO+CSooBLe?29u6lRmYgOF646C+X zpQ4tjMq7?xqa}03lFviY2R6tam{39tp+4dhd^R2h-)jXg1!xptO8FMH84K16ZWz_! z$0z-{K}2$W4-T~(FbHnVUuA|5B+c!b<_{270-S3g)BOGKw21y1D5HQeXFC#aoEP4z zQg3qcGu4&A;=>j2(e3p!>~M~O&cME2P%RX8;~a}!M8q+)c6$ahU0q9hk%st*Xf+SC zpCI@83E>YXus_>w{Dm_y6hglhMcwO}4S^wx5Yj(L2CBBH?de5~5TH|Nie<00n@b@6yVnc~oO;al_LEz-RhK=Gi<1L3J4d~HF&o_Ft9C9Jl9PXk2*UP%V+ zKJcApt=b7GQ$WQ$_nl{Czzg6`+FS6;2n11}S)-u>sSZG{zBw|NF5QLA0EtBI|Lfj( zz*q#+_n9-r1qDZd?mUG75QI@X{l`R6g?nbih`klPBS78p;t$wUfVSiP?|=UMX>DzV z@)R2%Ukp^AoZJBnVR(Z&j0-T}BdnwmqItNRH(g>PF76zQshLqHCfbsX1?DQbeOfiL z^mNsQ`03$EY2%Yk|7W~M)WViT(KEl9l&;j2o-dPXaU$^~5!w03Kgfm>uT1)5Cbf1k zgpy%ROG@FZ^38FDP3t-{zlHI?btmf-2h6IGDl9$o)PBa9Dw3oS{+*xY$*9 z_Hl|}i>8oaAI{dzKjm+Bei)%8%`!t`K&%2E3D1rujzS9q&rolG|D2W(h=jwyj{z}P zBcM2e1GW`T%8MWUVfrY>7RrvM^eV3&Z71tJA#YRIs{uhM4Ev@oVjEkgd60j0dr=xAl` zgm*8ci>+%2<=3jx2KU5}M9Q?>Wa=%CROE9*yp+ZEf|H}oqTZFn>&8DuYo=ZrVNmf& zkrHz>d8cz?Sx8%oYGKRDrf0Jx7rJf{G`+mfSboKkhy!7lcjh{2(IDDgHM;YjPH=GF zy+(EQ0=;t~4$K!Qs=fy5%$X!;=JH*)G_9$1+sD>j@qyL1Ozwv#eAvJLn zk&tk3ZJ97X?q*1cNn3r4s8e%?hm@omN-#ur+%oHVfSk^c#@)$#o+2Fm>a%Q#3g0<} zxU#qrs$$KzG|W2H|8PB2c;AdgV1`OjCLXu+vIKa(+r|$fr1Y!yP*cqt=OokJLWnz| zZg;77ZFe*^w6X%50o(-4RRL|JZJIkAp$@E}Qa|^!^&+Pg|BB{GeH6o8!0rs|b_Y^s zORI0*$swZoOl`M=A#1;M@+5eS47T;|EyrvXX*`=#5_-@ zmgRHPDwm{AUc+9sPW76|o2eFAQ@r?>xpC>a%>Iw6MtyldpEK^zcpJps{o>7Z;a+huy-!eM;8fbMU_2 zc}x;jOhSXq?2eM7eeh&YEREj_GqyV+WbW0Vw!X>Fox7#5vqfdc2%QN≤^DnXo#js)x1mySAR8G@UtJ3H)?rRBr**f~ zR)p)Cg(A^6LvKlBCA<5uhZF4+>2rig1l~#TT~+;5xmnu&(925hJ*fx3?p+Nzwf)`6 z9ut}gS#&v5ir-Zh&YSyLXqJw#SPz1I&z!7!7M6*HZtMp{utnK;>gt-}&jQlN1Hv+f zGe4=DW$#R1M%&UGPPwBH*6*>su-=ytQTX1+#^(6`AL@6zS4vK`DFx&oT%45c`Hm3X z!1W$CP}VM7-Y6wZ8`Gq-??Yc2x12G3tSBj%B=s&npSgf&Z(YVhewq#N0$K$UJ@xHk zbEN>1Ipzhd)JHb5-e1i@eWcHt*UQz$f{8aW)kDU+&{Eu1wz(}Od|BxMH4=G9+VO7T@cP#>Yuek{P2OjBev z9VI0GMEAQv*=HPcR8BQcNZ96kASuck$4#i8Kf+fU`Z>)Pdt^Z-!&7o#t9{rm7CKSc z9m^Am{mZ7*-Td|v)un1BiafK~5T=QKlc=+?-93AcW439dWh7UlN%r>1Ex!b92NIQ8 zs6G?nviauHVFz#BK>&|s;=xRn82UYam4CRZ*a-On8LwCYr^0Be>+HwP<3xo~7ZM+4 zkYa=4s7V%+d5g8muZe^SGfy!HG2jv?7H_Y9>^RZ!MQD?dG0KL|uCjS)k~8_ETf^<8 zff)WONpE4*8}bPVQ(d&-Puw%6iTkEyQdtw7TXa6NdEX+{nWyfFs_oWF6Rwc>>6EJ} z4d#g!now2vv&}>me&V}}DlHwh(CL}tuHy`3ZJDHT3we(;YkA|xscEL@%#|`q69M0% zJ{I>$S@Cb1d0wVi|5yk!^Kcj6lB8i?UDVrk|DBf0MU*4iJiCpi8uqd>cfu9)qpaeS zH;=zie$0=1pZq8Yx#<5mChJA?zpfYlC3R7$P#@z+qyO6&4)*=uCeSn#dof)$wG);K zg*5>|8D3xAG>hGLhMC!=)M{2JO?I71ycyKY6s7O1>IjxN1V@l2+RT~gQIs`VLuK7P zQIoMH{4AJKYu_-CToB&Fo zIpCF4-t8;DGCdN}E@DoOh$JhG1GpiMe9wYJFQtG>J%C}2F<#c{vo@O0_g-gY`}DrS zFy-sJ$GVt8j^H2xCByZvQm8uWgOGgA7t(aElavMNM#_RXw|OWm3@>ZWDe7IcZ_2u) zLnzleVu>#REB~WQU82fBof!3_r!(Ym)iIv4%QyTAX$Q6?j<#*uf=#D0mQ;_V^eglc z{L&|yLFBq(dig@Ma@P)`4~aBsEaf%J{AcOH!+%8Pl3!Yu5PE75QdS^(@!MBl8}k}o zX5a3)2et9R*7sfHR2?JddgN-8(edSga(*qWF9> z(v2nR>vWj#(|5b&fg9W`-VeQ+Jlv|(B|mn^vWmN9myc?%Z`u^5e~XvoS-BU+N|vgY zJH(RQv90PjkgC+|I=P;HfI!vn5qDF^D{J0%id<@odMRS5<0+~;hzsyAMBYVx=W6F< z)ES%*#&J;prnQ;Gw*f?5{~ZOAu{%8FYdOvF&mV7_Mb#OGqKuS@;P-;v0m&((`uo2?ZAm6;|rb>@?MzuX>gQR-wSxn5z} zGMvXB2;%<@!!`~YI}a4&tV=1ZkGBHzs|KWSR0v8@Ix3!5}*mM5 zscz5?{eMfK-h*9T*h1$-{@K<#5f)v!TN$}40H)!hj_*bdXC0!u(eLV1B;uvsSzTL; zmXM$AFxwG`Jj#7XO@?c*?R!sudGlJRPf))R8`0su&E)|qHJ#T@6Ns;MBp=#n z32G%LgA$88j}0hm+hZ6zB;}tHm@9giv+ue`PTlSAZcW{v)ZT1mNEB&LXdSKBe!p|4I# zV~4DtiY;DnwxOnbt8<&)E-qL;#R(2rJ#J=tl44|D9~uFhsNxCtQsUX4P})FQvEelK0{(``ddr%o!N{3Marczt~L};4YeMF@f%FEl)H23vbo&l z%*&kDaWBPmif*j4Yu@d<8rRgg$8yAWm}DfTmwZIW?L`}UnbYiXOnRz<8>(kR+u+mx z(*h9P&7K}nET(%rL{mW~RyAzoNl|IMf+JyE0aN)9- znYovLC459=N`ws~g$nspC8-&*xI!ZoG6s*I8L_iJN$gPV=f>R8?vlPD0e20yj9h<5WM)!P(m-?u*pPA z`Ps%b$Fd|1G)LUKym%X3axYen>>A=(t7+Jo{eexh*y zzcbfA@>g3{HL~c_w1&&zmOA%?5wm-EBaUl?|4v@St8ZTPB_=viF`c>erkfwZq ztBFb6w(ni92yw;-OPB&#XVoq)bz4?Z)@a#9x_+bAYvjwuJW9=6rRZtO2r4qu$b_B> z2kN1IAthQb9F@B^NxDq4e5@&k>klo%L`pWAh2VTSyiZyx(;1-#n?(kyyj_ivbkbn? zgeheKA1@N0i$Os?^m29d?w{UTuq%j*Ip=iN71b-Alx3oQ7K7^dmc8%A%I@q6uB~?v z37VrBFej$f4Kl?pT`rz>x5%VBg5D>XqwYLWZ+9RFACN4>>Zlf$&J&NbId`b@%C}x_y8Cpn9h(C3Q%LM0C?(%!f@la-j7f9E6hA#tQo(+KALwVBvp zD%!##C%{5&X`ZjL8i+0!b0c9UW94@&ZIM-XO=^u&l*BOa(#vm6kz!?8Lu3!nts%WE zHq>v+M_2g_@{0bgo3eP5Kor_NT*_>ky-0X<%m48ySwjF#|?QiA^QzR4=r+)30J*SSay0tz7ovbgQXB`7NB7>O9I$xOX#m^bU%H zUMz?Q^lT~D5&tRL0;;+pUViY<_SUE z>yY=H_Las?af_$}e#f*{Hz&Fgr_u!z%b+VpvDlZMszX?M_dXwlWxqx>A0i%cdh$^@ zHe?DtvL`Pzv6$A%K2@2|HZzqdS@34fsqD6O&MU&i3J%(Va0z}7gm3j)cxF*2uGM*y zy+`|jjm*(Ljc)7>+W9c-qg|5AWK$2>NPL81ZsKY*zCGITIYah*p7wN>`p{t-Utk>E z|2M0=Wjd~NzgvGB>Clj=o{jmkmL+6ILwaW`ABRroOR*lzvWl#muTm^j^5+&&P_Us$ z&(5y0FiCiC#-FTkY{A_`W_Qwk^ZUS;HPPFS@4IM*=kqlv)NYC5+{i7HpUd2c3rFjf zXL7uVE*#HVvbcBg+rkdaF3;sO=4oasGX#bt8W+`iYe{BedEf7G^Z5#s7JStiVseyCL(EW-V>x<<%Y5Q!2l{=|8CTj6+{VdW9t7_}dT^?SnqQ$#HYQj>L z6g=-yn1F9>%}F7QZoF#k1v$;~Q-q_#xGQVNXitoh=IbO>BCY*e3EA1wHyBPgnsZ@B z*|l%Na|qhl!*L56M3rUfvB6eT1C)i6<7y%<`{^bObIT2sAKxZ78a%3rZ_PQ#|u=>kzp$Pk5;K=L>SX}#K^oaiD`J-9`)A@ zm-@NVvvWKQ(Q?x$x|BZ2kKp$wDhpqKtQVTZcyU-B`=mIR`l5o6_}wxabbt>$8yA=V zZ~<##6LF+9l}c`<`mia9V|v9`EK9Y%QLNT^f@G2P@{i_9t^RC^?~$z2eo~I#s!|{-rLf=({uxv@KkJ+2kz}o^{LYhAh_8di2sDB{m$GC(OsH1@v|F zLF?!9Ux$TK`UPW4VN7OISVDC&TD|POMikeHgf6Jn0wBsybQ2duZFYXWWVW zOLp&ILJAaOmx*7OdOAS1h~^39h^*-S z{u@vCbI1!NyifLdUWXu-T)jSzKE3kaxkmcGGrua*6YW7@_pMW1wG%zn!Th6cOyw6KbVlHW5_I8TVHkMrenqef-ohOys*srm_U~hv+Z-l?IFIyk}41 z9;Xy_R0P$GEDju5sC!=w7gd;IK2u+pLF*eztp(B)#j7HJ%NZT_`Jr`Ch>%xhi8?oh z^9vykO2v+{^tgr)vhxIB8JWpmMTsf9U#)y2^}yo1U^%5&tD+N~8;hF@E_y~y&emt@ zIUj=$KTm)g!pBULys_eidqVt}_Xuf?3+D0thD#~?)9XY$?=B0xFPkcse5D*C)Vr}+ zJ&TDYGm}(8nTLr}>0tO?sI%A{VYgi^Ri~*hvdPYQ^ALK3&RoMe)UnfEIX~Ix;kC_# zn%QS$;kz91-^050-^0=>t5Cg0maF`R_1#%U^|!Y)zqo5yFZ$TT_n~vS@+{1P`E)+j zvOP87*~Mi`oqX!}F*A@mik|aZAhs`BFGWjR6II2HJ+XB`&(%`iSz`RiQ!$5(;d|AX zoJVY@@yOsW#cI1?a5_5+yX{rKqsUVN8BXku0m)HP|6!g0s+NrOCC(B<+@ZcIQ+u`18ok^mhS{I5*4PNOgRxe)gzrw9I zLwJRk&_L}DhrFh1{xpv*!6A!JV!Qs@-MqmVhpgx#MlmWkpS4F{(uE-=4N)4{_ZKO66%u?8nA1bIq*BPXx~!Q-)s&bw@#DUEvo#>4 zGUmnSvOGu4!aCFqV;r+vei~q`;q9OW>+9c-z@5&vi0i`vvbOOH` z)y=h@nBpW4BUTUccn60Jdlye?!Mug=$cu((aw9fd>wzA{lLuu&hHAJ|v18 zC=363%%olD!)pmc(Q2mST${R~2gC!$uW5bU^1hgm>UM6uqYeGsffePBnYs|4?uS1P zNB;N7>P;G+Xxt*LxxRU&B%a=vd$btUL-ta-+&q%Exmw)hp-IyAa}_IdW=qtH5CwBh zIiH%a39gp2NjmnqdgfP+gOCl4SDmFqez_IN=HD^Ob!D2)&+;pX*h4DN+B)1hg|2sm zsu?wUJqER0?phI8G00~Gw`wx3#68e993<<&EweRiv2OG^9`fJrfc0&s>G99XE6@nq*0wXbQFsPPqu7=)QX6T=N+euq8M#dp2)?L zk&&1pquE5BM_I#e^Xn<$JlFJI4I?>(UJRi(%Y}EpEB|^?e!YLxv5rgC$#N=K$BA;O zvF>kU1+{!|&~`k3Lm^;^%patOYht}TDoS5QDl1gu8~16F{~Gt!rAXF~!Iz5c`T2L! zo0MbizjsE#V>XEAOR=ybaP$&UJtb{Yy>8;zL$u!g?0SXJg(_`2mD@x?tfD?u84bL9 z9zt0gm>;T*2c~O8wiP>M>c5Dlin;~{TpD{8>Ev}Qgc*B&V=OET8Q9ScH0h)tJ6cjD z6KJoTm>ft3N{hY-s}${1B`;ATNPZ(_bb+wetgOzMotciq^8W z9FJ5f%8R)26tt%nZo1v?e5gcBD*KJ%F5O1_g90gZz{1D4x@x!hPb4*s8Rm;46?7ZA z&(xbW95LpNS*B&FN{n0~58GHIWWIZeH+L$!@Yb9ZV!fFtBexCFY(wd(UN#Ru%dMer z>yBp8a)?%zQ?6r#*F*`5vL8Jvdb&l`-yffRZr}c3)?bFPC#sBK-=|(!_Lj#B@R_uF z{IAK#B|5YXSw;4{6>7NHn5~^}^4aDf?8>euqP87>i~31Tbysc58pa;xU({&yj&CK6 z;)DsSoXbE{lqgNLsc(l_Oe4bKr^fZoi5qpkD(CVmY@08e+@5Br*363D5R_zIMy4@F z1u$e}K73e)j(>3)wQ_!H+)|@Ln;_w$?rH|LzF%40hS*yp0%A4U0d{3>Q&*kyPm@|J zLi60eSEtlanQEi#*M-R)FN&G10dO%EX!kJW4zU`F{K!o(vEbgY-&*kH3w-us=NGaP z-S)BumFpHLEb|3Kc4{b<<}TgjF7{C$;AtQpGMFa}yDyl*_e-Y|GsgG3^bFOxunj8m zx_Kg^{bzXCJ??*~dw~Byv)-YAHI)L(p*d=cab{$mG$v;V{oHOGwKC9_*~~Bih0(_8 zv9pD}qpDWhZVvHn##0f*s{Mbc|_jgs`$U@*Ux-R4C!UMey2`TM}~i) zG?+{3Ac^9uC*8y?60BZ);AB_M#fDZmt64}QMzzA?=j=gpvboaUWzef_hWy9SVI?(i zzmuawHS?)6nV|l|4l7p|_JFOd-c&hRZIhQ>w&@q5-;gA6DM#JA%8KQl=$|$?osz86 z4*nHHpt*1$Hw3UM{P^+!Ev&q+D-EEqd`OX}{fp*5GIQ;AR^nDd(? z_w>5b%=#S}?xHC9qUKX8xGfF)X{Q5%n%LF%mPC~9)-ViW5$!#wGuLT&sBWEcPGTSS z^ACy9XsRe|a=xVb`@jF5Kt_fSnp$;L zEy0^?U0q${=#3$t2_&ru!*|i-ul9$D=U6KB&wNhqI6&zqXvf4mYkYkg9TVgI3vsGt z;9Z((g~ehj;BqoBkbq4j52EcZeu-EnJM%qC{emM!tXGqDddCGb%V)ct#C|kG*V)>= z%M&a3IP$Ze6Cn9E2e>Jny41V`d(I)#=G` z14%X=pRP6tXqL*D9I}{i$5Oeok=-8+SQ*sfrgD#sx8e(AbyT^^PcpX9u{(-x z!|Gk*Ba8;Rx}gx&BEZiN%A1#7JRX&hqY4@i&ISga7Bo((?og~q-!DeySK?Fcd`NA@~=*L{rV^iMzk zf$W83X0d1lBvyf*`Zj2RK-~d1tayXm7|5(#t@e*g5a&?`0Y~)Z;NJk(h%F=*uI7k3 z?J#xVrmucpLa=Tn=Ugp6Pie>0O)7z?5*z_sAitv)%yO_MmY0|Hv&FNEi{F6d0A43k zl3H6XWOjlv2=w}C46J~QrHQY(q&3`JMbS!Jol zd^4gAYWrpGrMLQ3Os;btwnnA>6muq>L-cxEoMG^~UsWL0z3q*fatdSL#dc%|mW?YY z{i3w4j}TmFZ1$p8-~**% z5{_}SoYGZ{GWu0XSlWSqa{;)fKvGr%i5Orx0C6||L!P;W56XlO{^MhtImxYUCSzq} z^(N@9ASm-E2+g7mOvrHgG?c?;kuh1ds^4f(l(_XN%8y}{wd3QOj)`xKs1C7;=YHpZ z(XGPb<_*Y;vK<21Vj?aLs6Ry-svYaJsew}K9;m3ns#B0Onfj(Zbfc!ayrLqG9>h=| zKqS~1L+)J!I&~1#HGxJC#82Q)0NLJ6h&LG0m-3d1oWVO5E(NaigWe5)GYjMd+5H16 zmDk7CM*1auAQtH5#-|~13i7R{MK&RpM~qb~nfVYFQ!G6Mpnxdcp}|?rkEO=y>3hg| z>mEwck5?wJ_d#nzq3;* ziFIo1w>K%cs4W{$Nk#Pv^zdME0xiFh0B^$31JzPFQG_?H*7}Cw252E6_2_8}1tn#T zMGfQ8DMR)P_#Ci~sc2{{g(mLcZykeo0LeqCTo;YvFLg;2Ta43kO*Nvro=D{`n4o`L zs>$r7nW8=~&1}zxnT+={+BFg>)1YNHGh9(H`|{)hH=SS-IXOAij=O}NImvsbS`Ffx z?Bi-7!_|@;OO^**?&rOxR-&m(x$-`k-5)7SFOzU@qgL8ubyCv_xl*8k{#^am#cgP? z10qY*{hH@?>bO_sQ3zdvm3zUc3%dN@HPU#?o60m}80iiP_@j+_Sv#IgzqJs^{uH^< zu+bc#@+6L!_H+F5ko0#x@3JG5HdZY0luE}Cgzdx7)&rflae5;}7v&0-C~Ce&?@a|~5^x6V z-aArcBi;XGuQ%c=mAj>^q(AXUwZ-tRlK}hf{+_a1Afr|>fNrMQCW3I>}%%XBMK>+;nOB=^x zlajAN<;KxDZ?09_z`5xw>BRg`Axe>%c}L0NO?*||ae}r}E#iS>9pfE(C;fcCQ2Lpu{!=4VH2Y$1o+Ees zM7-g%C=m~%l{T|7p$^F^(Gw0y%5#_YaT*X}lNpCk@CDBmxFPkkMAOk||K*1l5lF~2 z0b|zyxQtCHVbT0ixqGCksW}X>=wO^^VWRn1L-$QDKuITpT_7uc5ErGRtfa} zdRE_O`p;}TKD}O4mDKd^uhXi$g3I~Q@pJeB0U~s~nI1AI9h;?A#F4T*$A|*B+o=*)f z8g1M7?Q2#dR`Z?g9*Yc zQ30fk+GuvNTQr8RFb0IjxpFo7XLcq2l8}=ZmV^r67Wz8arWvBrlce0DNwOcUHD~ZQ z3|T0Cid-g%E*R%~(LbQkIrl(V!3ML%a)4rJ?T!wt{#CXpTDPoNrRwhesE*3qg>Pg1 zShTAA^PO@z(;lkTaYywaW`2x#D>r5^xUO@nd7>ay&F%h_+Jy0%Zgor?>323O^B{X- z^!8NLdg9Kq^)5cK!tK`v+OedpJW;gGrY;!(1;6xEk% z*Y3zy5_6wY(9(VeWj1)sMn^xBu?x58KfvGbdjH?)R@KhV4#aBoe}Svger5kVeGj)Q zR?axW#gXw5->t7fBHr$UaW21B7Z3)ARY3GT?I-Ws_u$UtSKugzxa59g_r8ELp$k#U zdrb|0{^Bu?dJnkRFBq~$A)X3MWzowD(1u1p5T?{i6Kj?=JNcW^=UC^T$kNB{I)H>3 z&rndB{tCi@~i*N_Dv7y&kEesE?K=rgJ=f+CrH*up=?fPwqnO8!Y<+dDBl( zn(mtt`6FdnTzNe%o1$+v3=Q%wsohf5v{9UqWSQO9w5 zn32C+z6t7`%Pd#9!iHkQx!?*LE7d}T?Lf`93Z%CeRalKC*~YmZqMz=)=pT#|K3SZc zhP9kZZq9!UFTX9l+8-BJ7gnPd{Q9v2ZJ2Pm?;D+lteTikQ-dp=NQ0;N0OA4O<#)GZ zo%#Qt7T{s#hu6qBdsW;8<2J^UZU$3F&AFdOE^V%WCs$N zx0t9+a~t-f-iTULImV5$?}!)3S}5x4Rf|pAkhYdhe>WTO*d^j(GjD0V5*<+YJ?{$W*krBRmgt7-IV!;DiOzQYn1KKRS zq3)hI6vAV;{Xx<#2__lMXea?H3xIauwV^goJsuB_r zF-JPig5n+Gx|r<#@bB^4b65?Co~cOg4r~=ln3#PYoje(HXL>V7oHejBUxn=d(Ddek zRJPyuuz8MSp67XYj*>0S5d z`+NOUPfv2rxvy*Qwb$NzE%$P%K);3+lgQ-Ln!e9g=5EeRA9CW5{Ik9^xy#RhcePlPUM6ThOTrXYuP^U&vSH zu1@p;!O#R?rOkxQzPTxG-A(6|JIayP|YLZ2vfw3-s<)X z&xL*%h86i9_9Z2%XVgi`xsFDCzU7yaynjLAN~kR(t$EVRy*+<8{wvv3)H>O|J(=^u z$z)yoi=Qq`Wxm(w>9bw%OrzSNH?ib*lPfT~!$LZyuMgDC3#ew>Yt@0$TX{ zCQ-Gy2f3;d-bmPz?E3)6gL1#W2)d9bHDd^we_8RkYhoL7CRNJG)R)tr>0`C_Lgs2+ zQb#9xpj5YR5gS8}L9c3%7O)8oWG^Bl6blb*XpTC3&CJC@Fm|FHp_U6M$;Ztdfejr% zE!0g55DYLNPbSpxh=}MP>_|b1M?rfCpb+~(uNWg?m+%3)ahR}z>SgZln^+0LVuBMx zZeHFB#J+}PvOf|Y>4*(knVE_Z{z87bkCMl$o$A+>#|&`8JOY>sVFB!L^K)^9!zciN zIRZxwyCc{94x|&>ATS2T8a-A-FvW#6MoS9|hzgb6zO%S`+tJR>4r&PiRS+#1hQbs+ zC}F*5HF^03lv2Yt6>^rb%ShZ9j){;`WJqGisk1X*$#ox3M=}ev{l;O@|B9v;H56G;baH9=U%S=NlLTg(>FChF;$gLut^dGO}=*~M+8-T* z?TV`hWZD<&9$*jK`}H9kuh+8i*qPtNwk40T5@gj8s6O9_xowPr0aWF1v)+e=CgMXi zh>s)IKi|}@6Bu3b3{@*>N@w8ct%pw7yaABvRbIp<@>k$4ycj6=1Ei_r`CwnDw-@^} z&{_;eo`sPt78@Yg@(+2MkXX3VcieSf<(^!S9)#l(EDN%-vj^b&2?Z}gxmd-$xU4K& ztKg=WCsYBRm+B5hjN=jYRTKl6BC+5@QO52V-p!?xzl!>;4Sw`%LUWScI7>j=;$$FK zUcjr%sY2GoiP{lan?-4t&%wntGuLW8H&-ff{^CWLFseZZ z%*iF86D(&A!so<8y0d_%63;8l||H1)~~yIYt=)s=56Z?SXD&H3Z7mG8%$ zzn3{h=$>{njpLF?`?gC3&$$K}Qv0!`1t)V%d#WO)OOQS;%W2Y`47!q+}Gwau@V4FVz%(<{l+> ztgwBKznyXVbl$lc9Nt1D*U(>IT(>I{{>9m6&)Qm82mpS6)WL4mQGiedhwC{-Ma@{B zhj0WzuMCFcprbk_dpx+_t2o+v+E@(QV5cDm$3v4BMRIp`=M2=^WjA( z1Uq)qm!C`_VbuYp)YZinqM*W}z0fm)`~aJS%3Fq4FrWp9>w0M&KI*?XR|@|rPNQDU zOVcCv&JYrEgglqLd+w2X9wxrx zu@A@0tHJ^~8yqqqdF*_L;pSm45iqt4mvN9#QpT>NE4CSln}rgRSSOZ-LPBsUP_`1D&&VOTrg2k(M4bt5S+QBsZ9%0Z38>wGVXL>n z+rh6_HvdB21-EB=)RI!l8dR!hde83)5B~`nC;ZeFup++}M_y>M&o$F%8?vjS3U-T% z+1l*Guw@HkMgXoUD7<~p$w#a@_O{;0Syw`08rJT)k0HfCSov8>SEY7wQ=&7~^k*-& zGgk#?cMCns-4QYT)%9}h`bzr${1s3I;$7MlVDpiX{6@F|AqXpjDWLq>q)lw!;hze? zCxCrYTzUh@Avo0lfFr_VSsZ^i2$4LFOWyVN42r4QO}`8*%x^VCF?EGc~sX7p0QKPa? z1kL(&n^im1k9s*&4a#(Epb^(D#V%rfJVWM>%x4Njfm`VDY zdh@<|{BhkPY=@U1wY+yWRPm}x@2**{?U5WB=UE}Eq2^_XgD@$*5DjT7JPeh;ZNB&e z5%?u6FOwZb1c|Tr_&LP7JiJR#i|*Nxf75Wfp?b@jU`*lEq)#y^q^Ci9dpDC-syLNx zz_tU!hWw{12iy<+un2r}N@3pqmK&pdsM0CcliTJq1G8zoHC5%_OB-$zuj1`Nu5w7xzKX+Wa#?BH@?GuXw##2!gx`st(&J_Bq}pOw#I$#4b+SE~C=!q~ zUzIR~Grrj=mWd~fmDLW_^wg9T2jY3o_Tqg!ivE6Cfmm9G^H6OuFvJcisTpLdV33hD zLl7cBF%QYPLtrc+JxxTIsKGo!{r=xb%JE#kIfxz-Qs zsol4rKzWKy)T1Tb-_i51tRQ|AWJ3ro59G-`)^hPaJ~LRtXB+W8B29gV?Tb=HIz27z zaJ9WG@BvJd5I@hQf-?2T8^VD-#VULp%hbRJyG2iGNlBT0Z-M?ieB95&pM^;}PYT5b zh;*pzY)AUU25!v?8ZY?kNNm`qj{_=@Q54KAD~khuLTKdstmM(!1m&*mk9UK{kAt#m ziDJRcRV;jiQbyD7)`qH41k`aZ2y{c|r?|U0Rd3-pB?IhTh&hNAcN1?9x|O$G=S$f`|uZT z2ZEi2xp_ubRxKhSffMuPLZHRcM#H1ny4V7V_v8*+xb&!~An>*zA?M_f)?XfAP>NElv0UxDH_`K(^W zTirrKgq9W5-4M;@=jRco5NIv^&h4?bei;2-!mXEA(J2u6wMgM(NKMc&QH6s&A{Ty_ zcIp(d><<&XQ3!Df@$(bd0M8E}JGSBxi(DDN8oq?Q2GlZ54kFB69k@ooJwiGTQa^+Q z6M-$DK>;wo_S)XI=Y>2?;+-cEt|j=CwU4|s4BDQ&$K2egf^|#c_3_DPHIr?ou}?ZW zJg~H{8-bD;CN;M3J?kGBcrrg@-UhGfGq;Lss?0n!lw? zRbU93-&=L}reKpcTVe!kDwGO0+FpGt2@{fqM=VqYkG?EVBuVJ&Z$j1P0MaI+K@`Nf z9M4@X&ooFSz0muS)yj=RU@JlZ66A`L3vfk!y;_V~BS~WC&c6_2 zc@+LB8eBiOcm1rsR+jfpaooaePKY+d*{K}`8sRksQuPVSCc^FxPz=gF+A1n_2m@?z zbUXq@4b!;ONp z{sG)5+;GU6eaGj7ewOOp3Q>r}5H>*?ileuEEyX*5IUfD}b-?i;&0osdIM!UoY4{{@i=&_y>u zf@Z$~^4|9${{qYqu5!QZm_AMHi@E)^%e;duHhAIyP!mL{E)^B&!bp!0J^(-jR0LV- zcpwwqa@d7P-Eqe40`ydfHFLmE1>jNF&{%1FAGG+odI)-3ZGGVH# zD7hos9)>nZMUZ1?S8Cm#0Hz=Y5e8@D5mfh4f5{pIJR%<5jz~Pu8rq)#lHx{@U$2KR zj6b;F?}0=>_@(Kg*5Cf&AR5ph%L%JNQ`1f;yMV5j_wNBr0I)rXWT}w|FUWfkN#zP@ ze>+H7!b%t)rKHd_iz(umKyVEo&LcD=fdx>kgEGoQ}lGtOC^S9==(t1_PO* zl!uT|fm|9C^A!8wk0yargMO~M_o>T78Are>oGY~x(oJX7;3I1PsUl9Jr+%8Q-AXlzyUMrZIw;A{ z^5yIFdo+&?C^1GWu@CO2i9CP&m_6f_nZns{!@UwY8Z|6`?ca&ZEiazveL&hVdbBsF zTcMQbKqxTLZ6G zsfLT_4m#M309L@N2Z}|6z$hULji_1wt^3KNgk%Btt0D~JJD|IROyfMXiVpZe4Whw- zrcoer5}J&^(0;1^J-7dU5H2BzpFRXP+7AJ@(6mBZLJOg4oFUZxJ~*Dx14EEC^N5~G z1vXOniWBnwuD_(S#+P!FQFDT-gq$px%a+mm+UTIcBLI@Z6=0Ter!W?N9O-sy7+9+3 zB5qKWAEyi6aVvSM1B@A4p(9Y=$*ELcs15T%h!Cbh>y3ve$e_1y2T`Z>&=6Gz5OB(8 zh{0^rh#|yUaKfsek1}B{q4300BJ2E|-%I^~$~CF?4|#kTAqQz|6S+BbJmQ`0iUs5X z5jY6zGZG@OTf-sRouL%~3oE%Zz!50#fA@)9P3@XJwX<`4T46V^SsXrGrMJzDJNP5MlWh)kcWtB(g>=5S1}jt%j` z^l9<*wT4p1@XqBNAX`ixIc~<8T~}Q*Y5GH&R|XG*Sjah zzaAaEdFR)}76C1YgrSa?HTW}s1ysmG6rtOxCJO2n$)EOua+4|}M01WEQ`Vu2eDK%c z-}>2p+M}Q#%*`3+)t+wP0LgOB;QI=0BEb@JoPb(AH?CCPz?HD**&-@>38D5&{M_v9 zIJkBsmwv#_`lHYwT?ZcR9guG943Q4H84F|{0)&DKKsdz0p|G1j;Lu&l2UY{myF_Ze ziaB|BWF9jX=I8g9>fUK-5xC?M3!DRhv8U?+f-7YhzyHnZYS(%%%BAO1-G*h@QDs-=GDB6-#FOsgt+GgTqlh}3p6v^J|)afjCBOmbT(+p;QS z%5Wy*5#AS*ny`_;=(so<2hztj}Uy@rgBzuSlH3>M68_;iKy(A0`i|GxGP zp3)mU$t9v8*6j|($$6hl$;MadnpmIOzmpvy=?mqKK(h;en!=CV41g&J7U9_aaUK$> zy!3U`fy^J<_pgiZX7~~`zhNrKkg9R{59zOsE#=|UIk5Dm&0GQN&w$|2N9GwbGFK!l*M?T@rW*W9h_#7!Z_gu2H_Ce+F44Imwm z(8*`QQF28K`Y7ge)#o*xJ^$>H0#5)RVTwGk; zq9tu@hHL9?cMhMqs|@KeD%oe$h7OiRBK;L8#Rhl2z3rQ+G3n^&nEG{V0>F2l>Qf*< z$GJU)g@t`I>ai9{><-S(iUzh9F?bg_QEAS}FeOh}Dzv`dClseTlX2q7Uw&6a&=K=m zXk_{9-=eNA%t|lxGMh~?f|a=FOYlZZAClj7-{#8yG>T42w~#k3BCM-G1ww_Ec*I4n-~v6Nf@-=$>vc z<+Q)`w4Ft{y+DmEdEWM(E-a?_^#V??SEr#TEo7@`c<=V@eG|($`S~>0lY$Q1bh`4Y zneMZk!@;GS>}5?RlEKn$>n3jUwR{!@lH6+-e_PyD-`vjp$gR3k$G^>SNytJ>hi~=p zUH#XY2_@PgoLLv_7^#ZG7DzRW^eLx*Y;fO_$?EDo7eupvOY}-Uqaw|@!o%cU?;)RQ)r9%AII|`I}EPZ{i>MiKW%QN!0xYRv-_%LJB zdv)ueQ0pkO7H`&aZBzh*_*%#pLhiE9W97#Wb^Vq)=uT2{^r9;?umcE|;+s7~2zX*N zOnUqnDmRVF7q@>=%s0yZk|(rrAwg6kY>UuCYRfRC`bpeDX;8}D01aWp!Bu?fBO zizw%UW#dr3g4sc3?)Zx3pMo8CB_6JxG`PkJq zHb&xD9CpyHz+YT3Dv}GLf-TjGxSZUPm*qyi+bJn2ZyS4giH${tT_wXOIL77CyQogSs)Y*lMsMwHC+iQ1+K{de-?lyhmDo>e0P|lorEfzZP$pHz-q<`v4`zs zufJj29%0D8u5KXU-d6C)V7&Hy&gKmAdHlJ>!_932d^jB)9Y%VtAmCt*(ykeh9ur{o z@4o`V^onSOkGsHo76P+-_AsoKzLhKdbh6hiTzH)7aQ4>9)t+$OeWH9zpFUk{USiR> z{jnnB@neI=u0$c}qUG^@+a|WsN|OX8kC5yh4Mzw^ex&<9Rccpjv#Zq9)Zp@@Y_Eet z@q~(T>qEkS_7B8JCuvNUk^%y+@Uyvp_r4Z=AolaQJQa>`H7XAEso;!r89$&ca#ym> zzjt%oC{OH3gM@d{iL+8>l6xIFjNR-P9<*pK(w?I|dz9gtp}BB&P1W`o3$eeHssh`z z_J6mMpt7T)f6C8(wVLBr`L=PdvkJ18PHZkw1Se6GEZR8IIL>tyk*$Wbism>;By?@w zJv54>1e;8Hlp!sQn^x9_4N6@{pGWN(6WfuKA+Nd_5?1} z_t0Z^8yUpQGpvlCl~)LNb~y5YuoT`KF>B@UxnLg;*+D`jg`e`7bKk7M#B@-*4Fdy1 zjw$hsMN+iT-T=oTn77n0xqRk&w43`#dmf>w2XOZwU|6AOhy2U%IcBbFg?1@@vorul zDakF-Y%)|DX@H2`|Cs|8pWL1a`%`^Q>`4UGJsul#J0gF*u&K$;wxrG1dy970S_B`A|O-0q)*Qag$ zAK<=c%xnQD21v0J-BWz-gm`!3F+nNXHqzVg$@A2|9$Kr>i}G<=iWm;nKT&dcqsb<{ z9NI>zRNc|3!`Z*6J!Cz$-{w|~v)!4siRhN^VzjSmzHwRZ&Y<4t(o(p3>RtNcxkYAk zYZaL~DYeRIJRQ1yXI+WDWNd9})hAR`Zi} z!`$55utq>*8(dj;#0cSNZQxQTidim{;61jq7W_SFU=sWeA7&E&^ZT0t%CA;a8aldO z?_{{fr58RrZX)i|Zb)xC>g3JKtGTs#8y>~A=dyCpjMGX^kUq1G@q^WfCTE=CbxTJBK zCK5@5@}G{Js_Kj9&%fduNte-$z_cb~YaZn@&<3~MnpZ3y4A=G2%r-$t9d0PQfO+t) zMb*3#UdLp1X+(Z;xzO!QLyRF9Fn>{)1mw334ZU56#RW=gborE`4q+yJe?T`7>Ec86 z9wZmRWZ8t-#K(;2gBrFx7!N8u{{cy8tti)-X64C6!;v0&%15!&<4Fc!%>fUgrjDsf z{BTNfwYLUMAbJ&dU1@C{J2ob-KWAre|8XFqV`5?gr8NjjbXu>hZ|OB#MiGt7363|Y z{$1eI6yc|a9!^T@5PW#Agai z{eFD-N$o4GufXaM7N15O8M(ZRSylBGXi$6s?&9IY35H?cUrO`kvFNu{casX4=ePw! zk{?uA=ueW^W_XNf_oaC&I)q9o9MfuH9H`u8&3$^BQh3(TkRg7qPFp1Niqr=S&%KSq zrRE331ja1PCB+O=j)=Il2bk2)ewo%i)Vt35Z~A3{gQZ9fDR6%-Eu~2QG1|~g^PWULHs6$JkSMXFM7qv$9EwwPaozqZ=#%>nz3u-^^dnv^lc=kKd32m_IWd3_sXhvy;w8gJPvwZ z-XPxnBe!I$o{T`V*r&`%F~_TxT1^a_kL-ARvzFsaUjZZ%=X8hBECUgdi*DA~-P?Cgx^Z+g7Z~ax3@50h%p>BDJ(>UZ?Gnb~Qgk9d zb2S(A)6lQA&JEnRVA0mr4rQKEzCRYqeJM|k)i@pM*eJ9AZHv2oK>lq>>XdHt4s^$i#l{;zg{Di;KfGg~>a&(87-33B6c`hxB^O1`Nbe z*7Ksv`R-G;g(giY@7o^Y9HTt`JUd$e)qM~bqhEhPskQmjhvy⪻=LgoSmKff~}qZ zbS)r9tQ-i!o9Z`w6o5?*)v+cw2Zy^b_`zURDJ;=}`cO=u+r0Ge?P80^{{3(X*#MEb z9iCW-E%;l+rN#hAS@d)UNW0#E+1c5I*1NRQa-1~bJVi-icM<{p51@>v@o0Sv3VR{&~o`De!{HJz|BBEi11{?i|*~U z0HeXCzt)!GZ;|akpKx$|wKA;3XZiwv7gfp)X4%pm>e30*XpSXtcC06iN65X3cvxRg zhKtSClA8!5v7kICF9GAzmT)y?UN^6qhd`?YX~S;N32m*wRgH7$C*-Qj-cFPRD&Gp)kq0u;N!-hpTO%0=? z0Rcd0s}DL$FbmKa{6XbM*I4t>c{ZZ4PB7!4?|m9!(81xJTZ%LPR|g z-Nu5mCnK6)*h*&HTy#T)iuuKh1Sj=Cw2i|UlWyZ4;C zGouS0qvsTg+Q-rfv){fE6YJtBS&p-FbG@NqCZ}7a8>?dvpay>DcL~!LpHYXhGBE{U z)RgG*1--m{S;9XTrPE|sZ@!I22zR&Q)rWhI>%?s|>9IC~uB{g?&{^JEvc+bM__K@$ z*$l z^^_d&%01|hs{%d#hv0KD8QWClk6998X(%IZMVEHSe!m6^#W+N5P!AwG#?hmmohl2e zI}vNnUdPNV+xwUM9$G&u?Hl1EAJ{{~!ieSgsy~3QHE8&1B|9Db;ev zb)8nvo&vIB<5LsEv?e+pw`cCW(6{&Knx|yjuuYu)!-wNbO@UT)p-~D>Wct34oD*}Y zq#aR9Qnx0{Zy<)_TJ-Gj#NC-2*eOrpMRzaw!^B@FKGB$v9!C>o`^tL_n9aJOCY%+k zTz?-{ENHmWt+UWS>)`1FuaxlZnqI;ck0{p1!|s#{UnU+N(C^E~+`I>4tnuIrFs2~1BQnb? z{UI|aTN=Gm_kpV)mD!Tmjfrdr$GdwvMhp4~_V_xu$=9sKn)YOgshp8qYaSh~<9|6z ziM+t<{DMEIvbVRl!{5zJNQ|v1%z9|D_B2T7mj|;9{EdrC=9TOF`uZ}jl}tIAJ$qxw z+0AT!$oOrS<=RUNk~8fEkExpINH90~c19kX)Pd7y zJ9fRubBRt-u%x+gwvU<}V+>>6;(i^(Yn^oH1 zZ}m>xL#3R)gVeUgFHlz~dt)PZ{oUY)4<8QSDXQIS!6S^C3HNnHS53{X`ialskU_0s zxD?PqGU+IRjaUEBPGSR>iJFmy4@5S3}YKiY;0*+ z;nF14J?l;r{c87| zye}}Rs;U+pYI~q9pn~ENG&KXPS3Y5#;s}e6c6Ibv56zPKE<~Y%*_G3_)5BqxX#U+0 z|7RC9UM=hCdeiB~@abJv#W|0S3j|Xa2Ho2$sG?JIr`lwx>RzZ%mGiHi?!4h}Ua?v- z_UY_}0BMbuqb!*zJ@u_>Q_&ADu`9=lQFTQ4P6nqgxXDN_)eAG{{>Wh{BY?5+ zdp`%wkZYBd7^Qz=Td?nu#dEFWnV(dbi|*{z;Z+y!#9(B)otE{JK5bbe2Js%P-ky#{ zir5>NlcA~4pHKKgI)7Au8{>QF$=U62&dq5T@V)>3WNfV1Qq~6!-$oaum5nRtvrOHP zI`fn1hiN1$^P|?K9MzQzT371&WvhEMQY%p1^qS0KQouKB4yPf$^HqZx(*M5o_gE^D zmhHnh(ahYt+PO&Zb}7w_OlWibBwQeaRvnG;6&P4c!rUWgPDcE(gXra>AI5F`dU&|! zPWaAAO15Y!7m;Pdoy(ZlvHT&2S+DFJOJa0J7~Uev>UBM=4R3k}-hYqnYw48bA3x6h zW;3!wC*3pEl*A^SUGslzC*0Od{(`^p zap?`XhY{|A&idHc*r#VjQT|J&z*)5)ATV8?MLT1-PAeYGkZ)*4As)jY@Cn<_pLS%j z+LQ~RFB&Q zuLzpjs+};W)yv8KCd+*Ah5O;dGD{#Hk9OyXliP|6A4xFM>%8nSZLK1&%B7I%Rc~QX zb!|hnTAc91b2=d@OLHGRx;(3rK`mlt1bJD?AuTP9czJ|_sgo1W^&vP#d1A=o!UeuP zq%a*JryJZhL!jXv*y(yFt!vJya30}hbk9v-Upm8)mu4Y#7jGEld!%0vH>Jxb&44k%PZEE zwr1$(&?gyqWmc>0+dp8K#VvOybzCc8(EK4&xoI-lMAOA@IdOJt$ydzhW41JQGLfF( zccGXeaqrjH_qG?*j5c@RM5)S>CZ?UFrKL5PcPJAJFb6(2s?o z^=H_b1x{;T9w}v8)%c8Irj-idh-eR&n{P0SZh-A?yK`3LeMeHbt-|;}-`;-{#NC}( zZeCvc>O~IhvzNup6;)PB$+c^CC+c6Hbak?~m;CnZrPeWA34HlbVngBt+))wxFBTOs zs@D<&beP>i9j!q@|9AvrcO`mr`#endaEUDA8)8t>0#I%B?`gY%bJfGLgq}1itPB0w zid47him7?ekccgkvpawBHT$XQ>x)8XqEu%J89#nYgL9iR)<9s#hS|XU!a`>^w=r-z7(>UXY>!Om5f`)!@FOuhwej~a z#`$!!ViA=%I60+PFmvbu8Hh%9EFBNy2a0zhz=ef{;UZ&HDH6{Xz2>4OvrBP*{K3g# z-v{#=__PSOPwe!8G{Nlj-Md;vl1}dKJH4N>yrma+P~YJ?ZMgew9+T6JdzF=@b5{S? zqw&UTKotiPYUTIuvuDqyg*Sth6*n;W(D{Pbrtk~i01oeQ$R{)n6AC1t*v)qBLZ#=8 zoDb41s>ws0uKWs_PSnywmQzu2zNHMrrB63W+!Ql+aP7s#_!@Zv&;%e=h>x!cQ$&bF zeUoC5uTyWlxDvjjVK+@`aTS_6+qZ3V4$3=;JrWH~O(3S=JMS>wa;~^I;NE_```HG! z$+D0N3fb8wD0kroI|ARc`1pSqcQ}r~0GBLK4?lnWIEqR4jRDmZ3@i6Me?F|Gtgr8J zDuHN+;0A&}yHiu6fVrWaJKf`QR8>?wFfuTgbv|#3X60wfQ7($LhIC5kjweXk76JXm3CQv)zE%(ULc;^o7-&t3ii-9~za!&p ztSru5V#G(5dr2XcgjN_rbI{gKnR$#ApeR#RP%t(zIb&rfz2|}D=+w#*OvjAt9}q7# z5{-h)y6xL;qA#`b+LE)oukXQS>P7`cVreNRVhz<;yyY?t5wHFbcLRX*_e3DJ|RR8;%|ljD^DpcEk)M~BYgqIZ?JiRf1&+GYiny1 zT!t|>Y)@Ao?jFB7>`b_svI^3e5yfM?HG z*b15^Kc5T3HQ$E}JpTV#05EIVk?83_XvfusHJ@OvtF!a(v9K3sgm*w8y6^CvtJkhQ z*~`v>3IIG)$nvC7V(E6tv?86HHGrjI7=LQOpdC*JlL4cFAR4sPzDQx<=0(Z2Zc30dmhBrE`O9GQ``OXaQ38Pg08~^|fFVS{!Y6~@1?f?=zQip`@49ie^u&?HFxvQ@S`-~6 zBXBv3pFN(B)0n9smQ**`i4`JFd-HpY@!fYcW)rWRp?ADYx$}ZuCpEnQlZRYaudw@- z`2ut2;-g$WN2W=^rCH4JX9msF>(f>E%~P@l_DVc&wp+7$z4s^6+8448x}$5OM{liS zm6zxbv9R3Te-nUCql9}BEh6M{!gN_X{NCkIQ%3Z>uzeJ3XxN5TP`HNk2?!|su!uc* za+ZBk*MoswP*8E3Eu%R2L`;Ta@^<-b z{023Z3(v?R15HcGK3#UPBdna(jleyTK<;jJ-`PAPB3ALV-R$fPRR$gF4(HsG^}DQ< zh{^Y34K8Zp95~kK3a?=5usaT|04>bD<5i@dI)#igPJXhbDKsXA$o>czHr?(29sx_k z3HAD2pSHG~1ZDm$l)23DTP2(_sQqtPJt0M8&z$=e=|F1e$Msxi=HJct8L@1i`_aGK0CPsYf_z!sQfrU)$V>%-y zE4!Pn9*Z!(9ER#?p!~o*68&ZXWQ^)y%n-SFKSCe=trQXfxd@uUD-)g%#y8{tef#GQ z0XKv*IAcOc3!xsI2Qf$D;?jhL9z5NV9eWIy090prk+ZVmPr_Y?(!phqC{wwifqn6yznA74nXT!|ns>F+(J(n+E zzJ_6bSjZj&M~;3YYLBg`4)7kW_lJ z>!N;4m8l;uKW8!4l+SpasyX##bLdm~0$1-uzS~rjPI^AxGdC1Np3a0-IcNGUlQi&HH+_$Fr|QNQn5fh% zMa5nw+Pu4?6Kv^*4pE1h}}gB0f7H z6#(z|ehsD(O?#4ifhbZ<`FC!su&n;a*T1fm;!^L`jwpdoP%^j*wa^9%jyHAgiZ8-H zG>2VdQCpbbG;)#78hA@pB|rQHI4-mqx&ncNl^Iq3ID2T95vxI1)Kuc>!-~pm^W~S+ z*Qi!(4-OCthZuE(pDx6`3O@v+-h`wBp6H{OO4*@%aBx9ZjSlnW>@R*jAEcX$2mF}?%1 z0vLgx!X~`^E-2HZ5u~OpJtlDrOUqk7rM6sUYyk)5pS1Mu&hFy!xr_5HSazL;QbPFG zQElK085ug66|~7Jf6n?Bh%95cwRicSXUQ}uiOFD=u{YHt!rTg%5~HNE+%=-<3Wqz@ zd6smg-ahGk+A#R#iHyGLwm-~vw}QoTa%=8>Z2nf$>|uUtoZ`#K6ql5+Z!BNPM@aM> zMI}Xa=weoUT!*HPe=V$A1Y$%9S4KL7T#4U^OeD~WsP2A0t>xLcDap2muAS5t`?S_N zb|i9fhmw@$wWLFf`D7B8FIieQ4e(AdF738YtnFbZ)x9#Cr~fugMYDY1qB27hXXa-< z`SsccDQzXmNsgi{D%uQ+tn3F8_x+eg*4Rb4er)+z?V#3gHq{c8!>&AEzVn^3zIWMm zro9m=Az2h}$n&lNSGr&ggQDY{Y~V^AP!wW3b`?Qv!VBF;Np;G>GWL^< zn*C?$qH8JCG}3hxFYP4kot(}q@kH{b?}4-*qpmIz zhNS2P$(`QE@)K^=4!`|Fr<5AUuq|9`vAOIcZ3>xsBJ`@X)f2sE{huQ8hm6W~<;1Zt z2>C^lF*N8wOz-fJEf@DswM~s4 znq?((ewbI@TJZU5X1Jx2{|^~w8i7#?-+f!&=g(cwD~l0crap80Nvj4wZ^^Zef+wxE z&$S<)%3gq(J1&x}!>8Izzd?TMWPvyxa(ft-|u$tAJ(|bmL!XhbyZe!88rij?jFXLsc0^`i(I1zx7(N zTIUp*yj$Q>#^DaK7>}fv#`6d+rf02#7c_5`I>i>;`2ESO`ixt86YHhNbGOwh3Y{rh zW>_5SE|HJlef;?Gij%guDb!Ew>~cti+M6492w%64a#wthu|?ULmQcTnt*#ri%&Hun zT3ml#l|If8$fRc+?%eyC?M*yA)%E0%r#DjeYBUR^bJV8hQ5R$1e;U|&kd>FIE?GX0jM4v?rEh@OSZ*mD9o?U{ z=pF}MnSUFfuu_UVh4g*rU7#4%bP;nEM}pcM-2}s_afhW*N>Qz!J1>P5koPTEun&|x zpm(cY9tkZHZY$}2oa5>3z!`RmoZ++WNL|7SwH~X^or(oU7%#0%_;4tZ>dIO``OJk- zCbIN1@7!2vea@ck6vbjGITw!BwVNtMWjA_hriz&#d3|v=`_u-ro+9lzftm2hfv=Gd zx(-oli?PsmJ+;=UN!d5`bd27?+~@h!@l{IwAoD2NsVtA4JE!-s=6h+5`ZN!@N98a& zKkTxkw+gdTeGz_6({i2XY~Q6s8oj$5VPkHtl#AC&S7ze4t@8KPR%*EJr5&wfaCcQY zkA`Be47L$sh()8`-ujoRB;W(=7uF630JCEdxostNOwn#nzfb0(zJ2R7dq)LL+Tn6V zjom3XPBVq?F?dCu$}(i9sTY%Cj9!)0ES%9(prt>pEZV)FW~2SS`Lx@v4jO6kj))qj z;a+nG%P{xQbyB6tkI{Ko72b1Epj{wBLr1G0s%bR&TY>_opI$Mf9Y7z2p%Qa8Y z`Y3US0ojHWt%APKRg|Xv8i%G13g)sgMNd0b=1AU>a@zJc;PlaeI&n=m8>=wM-Khp) z9aE~+RykUScz0(+UDk3$zgvv$rl=0t3py+WF$j$2=*UeXk%WZCP)x)G{lN|?vFisM z_xIo@z3OU%m;oj_`6(OHnfnI zIxXdPlDlrN#f*`7LCrt}w`S*_zunYjr&7dMZB)k2GbiP|@ce$i*Y)YbEQ1_<$4Rq*Y~9tAGM=a6~6G5HQY+1%udRXE>!$nl4fFI$x&7Rpv%ENr>AmGCm*Yp=`()# zV^0*_qEYP2ShVN~zU}mBph`lX0Oit2G^jzl1P6a3MwyVDMaU}u!wP_kO;4vOc+Lx` zOdS-K&g;Eu)+EwCz<KVXB4yYXgqeyr~XsPS#UN^NAtqtfR!HF02}v-!ASgiv#onl zGNP?tVzoIwVi(=H!LNIHnC1iyp37%DvqM}oV!WMy%pg%;C+x@mrWUKQ=TH6}N*?S! z(>|xMaJqiif^P_Y){YZ-6F9{fB+UHy>@1`#LJSQl9)+__qP2pQi!B}Y(oa+;6s5{0 z4<6da?VbH0)YfEyjdWdu4p~JlW zQ=iWuqw{#1Rq~oAlS{ z%YUxTb-E)ww>bKV>J&HQw-uYU;~lP@1x6+m&zu=QO{lj9DZX;DG30nCVR>l>GnW;A zI%_x6%1epX($Di>!p;paYU*lqxVRVe)_yT^-NGzhJE`HZei@_kW3uuP60UJU82!Ek_S731Uh4u2Td&a$ z?b%v%Xx;dqkGz<0o>xOxjDNXO;yj0qOL8L?;rZLsLpr8BOP{7TcWPVge$3VD?|X0? zAL)?#fn`%oS3%kmjoyKEszWqpx7RWaeS9ight@$!5{ttB@9uv4-`$N@ZgZ+$N8w9r z@oCDI?>8H*asHfu$n;W*S9YTLeY4Fx#vG;~fh02>(nzNBTxjQ3Mg1iD-f{8MB_%Q` z4A+h+rwzG1No}gg;|a>*5Y0H-6#s7%%fOgJkychF*e(p`>g($ls(R`J)nd#HJ0uuC zq7?PdPG&y+kc%%>@Pmutq&{PTCPl<@`rB(=JHs};k2wU;8eO_ttATXq@uJoT`l3JN+HCCM zoF`k^0fwE+&NQ6o{;&yH^67B%)ip18b?|)IMOviK(%V;*u*4)&Fg}%>`@+lNxsPeN zz)(6n58YF(UuFy@3=j4MuX*QinFWYF`$em8Be$ z8egsDpWm|Kk*8?1)^<@*hjGuFb{}Kmb=9@t`n|OOok-GEo=n?OYA8k9bWrO1R(=W9 zsem_OER?p-R|6#_gPzQ%d|JDiv6#L=viA@ij|Ny!JyQ`9dpZpI$xU^M7v80GTe6PEPrVdzE^LhX8q8 zomlsbKPT17_LydtCHkPXu=MWOKRy&5ZW`@^opTw++s)4z#5>TIS1}823iNzOkA%`o zcF7rHz;fCR;qiK*DDksxiBf4#LP$1P$FBR=Ub?y^NXoGqr2RXC{?yP@#+)|=%woM9 zyGQO)-V><|Z@qWS;F#mx5l=J6jwtiNozt;8w(bx19z;D6i0S^&=ioINA7xX!#BNTPBdD&|vY8M=LRN9Q2=!UUqP#Z@+89&QY*Ks{t zT&W~V(23kopMXQb4o(DQ>xkWFfYZ69*1vC zF_mu~wLP-S)7qUw-@HX*{#l?vykyEeILV>ZS>F3^rN@+qVqHWu{|dR7gN*zvwb{{6 zN-fu!BP!TBL<5D%4i8ZKMe^^dXJ&SeC{d*~?-9S>BEdH-mC8D6Vi zp_T18e`!RC0WSrOn_JJj9j`dUTq9EV1yk`PEAW0v4K^-w*CPEaOU(*w!c4GncqbFk zW@qYAJwBdNicY;ajrGj!7o})ssY%yUDZ50L4faa0i%Ko#nji4cZ`7?JZqmTXMaus; z)zNuCuV7H}_`mTxPJY?)uZ8_fY}?OJi2m})c(&ca{ynI808jQwN`~NK1nA{|&utu4 z4+H}YnsBKOfm4Ll= z{(7ozHi?S-SMOQ39`UJ#bjJ_vQ}wxYGybOb!00(zQbf7|_`j~cL40-6^4zInho(>voUGJj{^nJ)sc7?8oXWNYh ziZc1w35O0Q1zwMY(BJNL8YJXBom00R9;?qCvCMoHR3}cA?o1}1=x7l^-I=qm%=L+T zmP?J*K8bIPD^1RNQ(P^dtZf#hTk9S^bs1!cWw6Q{54$R&M8|smfTO@YR(Fv}!6QwX z@}0?K-!tc!wwYZiUGKZ`Ay!XOZ|Q>Kh1aR(johW0&S6g9MYVNuu2*|L;8MAlu`Q&F zD`zKVUFhM&J~GO`F(cHw7;j`Jz|95O6mWyA!ud>ia+bYGZK-9h;&iCK{=;ihR+x3+ z>f@Ihub$9kySfUYT^RBp}2RncMv9zjiIFfLrNnFyV-1vUQw*1 zyD{{5d*1rHja^{5&hrNAkAT3#-}%Ip=#%nOq8L=gkAy}E_1iTwYzq?$Sdbfax=uDo z$#2Kl@RCYUm7`LqwxBpnl%8^>jnYPSUGnaUC9|XC?OjuWSq9$S@;7N{D#w3VcRvkc z?g&@>vT$$0O=;LTIF8D;cA?%Ojq?kA7gd>228*%f;W9;6lBU7wi?O^vw@olbF$|x4 zAsC*ToZsUZMsm7`WG0aQrp&I$r`si_s~W2rQryq{X<^u4`JOfy^I5P@ZfIv%eU|5( z%>@e23Z5lzt(AMuM-n+%2=WIezl4DT=*!--*=jTK3F@5s83mO=M+Cx7rnjDreW~6j zkbT#kP^A(Ge#A@oa>G#pw|k`{sh48m{nlJ6&Y0noQ-R}L=8Yt6l`d28(?2eFE-`uN z%}-%@!$#fmbpE=xMU+?Ui9mpQu_A17Vqyi8si23_%RsuGG%`0XH|A1?EFY6lxKOr_ z!Skb-_xU2~0}T~-&P2pAGIZGS!J;bj_U+3+i{bW?+N0#9bA{wrl|kw8ZQ0Mr=#&37 z{T1k;`1!T)TzkJzQest@w^w*GtE@w_ipu-zh3?L2~n zdD|1-L)wD5-+bbmZvnTu4?vIt-ve@5Rw@CuIkFeNA49h5E#K!(uB`R4Z8eM#_ddrk z`YDO5T!MYBtVx33U+_WL?X$L{XAf96T=|D#D%@f`r^H034))6xNgmBsm=g0$Ak{l7 zm01yCk-w7sn#aJLI)UEj^ed5>+uI8KX1zo|YqcM2k*ARj70^pr*Znh;E&Ocz7@0z9 zZnI_d7E9TA%Jbpgdh0YjCe5$+uqCS>Y-Egz68IIDK=+w0`tXb}({NI z?ce{xT&toQA6>iF3!2miuoQ5tvljB&J&{(*Ds1wWDo)zAl37~G>PH6=gL zTWFDOtvcnVX6VoL%!|REG|IYf#=h$E@wXAlR~b!5X3t)ie{0DAf7H*=^t{qY0OuO|z}ygg-rbc_Y-(RQcurV8lg46rn8yX&$a8nqq zq;6CnwnqCZI$(D8u=p=fKeUN?&E^ z+#f?``@Ps}7c{AphMUE2YnMx{+uTzcj3~+3&1)(-qj`_lg3G3M>(JzvFGSuHEia0K z)xQ)K3*VH4g^R#Fz}0~{2|<%uRIH{%!Eu2&OK_%m*V53oz-7g5TiWQSeS7_y!pLO? z;av|`&dy+-74vbbmbH?U`QA(XI=iI6MpD zpMH02d^0V%HYv~ek$seL?wushAUF!(%H!D7mwXPz+G$mS-4h&8oW#UG-dMn{6q>Pe zbdyxU!KN|pR~KWW9oY?eM!s{jsw_>}&-8rLF?V35vyfn|B|lzqsjA|!_;Wg${UZ!b zS8LB^>s;YXI-Xd`X+Dc&dBGEiih;>YxlAAQ1b3*QYLHI zGkqxH_zOM_H3qlIi<%V!Chuu}H`@G*DS0*6t+*Aro#AZ%?R9&SeUi=cW+cVSvawPM zlV^DHj67<+Z@&yPw7!$2%1L`?+5c+H?xX;c6vpk0GaviOtu#YfymR+>k(=x-P?}Tk zh(2}V4xPj*)3MSg-kQugoD7FsFGhZ8@s3cUi!P|H{t1d&hYg=W`>#5yH?e1G6^;*- zsQe!nKtii__sx2eYVs_)=G8N*2~R&=tv}i4^`u2o*Vgv7x8bw2oyTq;TVV58M?yL%;E^Wa*UGUgrsA^F7yETzE@yW50u= z$3}miv+9#?T|b&!nCTrDdt0d}Hw_NX9zUR9a6M_~z$~Zp(oWpsrftpvXkwor>Ex+Bg!tF3Y$t<{s;mhEL|Hmw;vuF@{aY)it3i%b9r}1 zrP9~;lXogVMx0CiFus6v?&~_`{QM z?#YnN662ssbMkpEcU5kdcGv#ayjJF3`5uOD`CoBb-jnv@EOv5B z7RHpc`WFlr2W*`7N4Q6@+zo4AyXo$h#yKNpvR5W9HBpB}Ktzqj+r_bKy-V=;B$ZRC z1l7w=%{%q1X~*{JE^V)aGF&25e`8}8v&n?Ij_`TmA=HA~c7j_XNV;u%T) zTl7{b<;PbC9PL6aRmozX#6Xwdzz;M z4$qQtj5mx=IQggqQeE68OlCJ<_rBPKf8A{F+p@b>qL#tuGrflyY&0DinooYuCd~+* z`2EQ?o3?$A^7y_B?<(ed<;k}6i)Z%B(K)1;X(<@wo9n1B_yboWhTm1Xobhy!#>ksca zX$Mt@I`#YB4|eVUvAi5cdQov%o#zyzK*U1NBsq_PBE>5$F1`FSoxWkzH)u0o)`>f; z`Ib)FH>;N^H%jL_-94sCHq^0mU6?Gpyy(zjd4I>v=RLA_E{jl{vw9CC$;ZO!^j0}{P&t_d}C!_Bu>0GNIXG?W=3|s%O!+@^l_v^KXUHgu{Oa-swrmB;> zE`GlDgbc+oxX6&cAr??ZM5Orf<2BH(K;41-RB zcLK&pTpSQkP^0uEbpJETh94hTRCbrXVNwU;E2>CPJHV?0WQ2G?$k96?6nfQ}oeU8* zQ8Pf1EhPmPneX@qQAQAsIpX5t-5emq96(LR+X@-c#VBNYV85 z!1e*ukWKJNfZSKYOM#%Wc#Z!?A_YG4tB7h0D7tf0-nl$FX=bJh9tv83lB%picf#cW zw#RLb>kvGGrbI$^@zSMVAWmS0LwHB**ijF#7_?zzEL4K-otnxtl{Ll_0g8kp9#bR( z{M5|s?DoE|5ng=^-4itGxdLlY5R5OL z3D_ONHJb3+@IrTZE+A!7*T4V}K!t?_SVLeH+Cq8*Eyrm?F2zB)?sxB=;oo@m>J^4- zCsT#8LyPd+=sD%6&VL18ux$$go6mjcU;qyhm1WE|vGU?#b_FjR9i4W39gz$$yZ8e` zqkT3Lq`X=V4wGPfA^W2q1sa?hS(wFN{ajtWec-GWc*mfF2<+DQPyPmD8>I;l$Y4uc zf$s`Rw)1zaAC7=ycyx3Xl)mFR%;R|6DBxS$+pQ#SU@Y2&<%ea(u3{XHFI&!IXbzkZ zLiY~77M?9GLD#*(OB$gr)h$yMRu6smL6pQ1GXw4xmX*Jc zkMx==8EKkeQlKJxy5Vm}{cO4ER8uY?hUk}D(F+;gaZ3&#AJdCrLV7#y>vs;p6=95d~7_U z$N!^~fyztJv*2ToH9_r#FZVK3bdd}ooWRMIH~s+w_^PY~M+Ss0YHE01fG!7GIVfd8 zcruK+WnbWHPZ-N$S%F?#hlB&eLBez&`(fSGA3Yk(9-fqz8k~>Pu!eOp*pC=sMn^=* zq4TP*4+i@T>s=-Iw-nvw_n_qMIp~KZgPl8eq&q?U!q)zJh)wMOqrw9jKM7pHjyea(j$T9J78L&V_5(FI~z|4if;HYD4#XG zkSODsg{-6Z$i%3vt%W(9?PzbVS_76PRA}p-bAe_kwS93i*_y5L^>fqR7k_y5b zg|nS@FWRT42Im^!D1ndMt49kp=3;)9n`@7D7sMpQrPMjL(cFtX7BM|LJBmXQ zM003LONPb1&08gIBm47nZ4JpTXJCQ56az{UUeH52fm*E{_^R);H)AN(zz99 z2p4h#u-w49LsC`pjqUCA2n%2;L7oG6#Z*rA7*ei0tp#hib3occD6Xun?rjx$*Pq75#*odGTyR{QTEMY&!FzCa4h9zzMETIY6}?;poX8GmD%?@DI{`Cm zN*yyYx&qOYR5{KlyqKAoVEL^G&kSUJGTfPzipY)?%AVSsB7VZGTs{9O{6ImlL^g`e zo3Z;}wK&)sBWGyk&lzd%J6e58zR#F~%$2HF{%X{l0<&pSrq+T?)hU($ znaUiuvbS7y9@m)K)1sA^Ivd;W+_4c({h%>IQ|1uSn-Q>Le{zB)qC|*6BQ3mAkvDrk z4-Nle7w#guEy2#K3YStM;0NtbRjgI##@d1q2A|b7UX2nu$lD%0X@Mdwtz7 zLu$L{o;SUimB>}*s!WD9C}!L$7cw*e#`GtbLgAas`%hx(3cAfQ$K8(SzAMKhV()=7 z8Nu%f%YfU5kgJ1~v+J3eqW{|QFx7B4tvU*FpE>X@Uh;*=wP$4|CBzv;6gt+{;sxe7 zw}}fHUM4VWcngD(l`D{XbtG_{Z`r9ZG%`ZCIDyMnS0*eZ1Poh`svm0r!6BzH7JFlv z1y7cZd${SR!Q#f*4KgacrZLb!{XHdIUs$NKe)b5JiLr5Cq2X>`t)oY2wyFh9;{?>V z(cbdJSpLS#m*##4fL z)zlhrDQNyYstIokL&KdujQPz89U$7OH?PFRX zYg2{xWk9{Wv{V8Bvj0N*T|r*nCdbNgSlOWf_)zH-J(Fd@8?p537d&mSxObS`0#)d6 z4O$;OyA#U`cz3AdN{fq$zjE{_aqEM#4zGv55Zb=prodPkyg3~&i6hCm#tK)0*W`}C zR0fOmtmLe$g9s^M=qA#2b5z8iTZ(2OBbAqr&k^SY`>Fd*B=-VE*sL{GuW0XL|H6LF z$6;YfHpz17o5Rx0yN=YK>h!PjP&q^vFfDBp)f9NI5i`)Q!^`B@c>Vg_d6E4>HuN>2 zt#%0sQIF@RzMXNlXG#!1wjLVdKYDdnd)mhEiRe?ILw>u)n05F0k7}{pbFLJc?7KQ+ z@TfV$d+#(;z0Q<}vyEoD`oZu~o%g%Ho1V{kzw=W|0?)v%GM~deWL{EK2Wl`3_2W`} z&rTKGXmP4lZd8BUsdT74h`}&x{Aq|mQU24?(ZMVo`jxLpS;5%}Q7n$)%P_*rOT=C0yIb++2n3DTaOC;sOrQqyhdjW+2YVyxb(1BuA@~PW@a5v7Ahz|BbFi5D zj#Kuj%xhJ`@(IdhNE{H1-dU!KbTW3@t&OR?3g_FOZcTXoT3)^g?~BvvcgxDWps>W! zuYUIpWe_$d93o?rk~Y=0X1D5LG!Km&!xR8=0PAw6l=)@@ip55xs*W ztRPS;a*6atc?1@OGS(gnSIrpAV*jUegXJ31p%72BAxqXN$qnThs_E0OUg0m`{DGly zvty+ke5Al*f)W8e;TCeO2p1=qChZ}A3(+gdfi4to#09wgNv~v>6FW9F6;&aTi-!6O z?v|mFBo-$letd25Ms_mr0*K`CXuqSoK=0ez)ARW48A1<+uL@N(7w!pMm(b|lRttFn zxiAD6KY#py?{5Y~ClI>no*US4!*?7*N~oMmN=iV@t_%3aiIL!q8*9j(Q9)kd#yj2v zcTj>!M!qz3vkbzxXF!Nc#yMu=0FhV(dEeYlRa2( z4`LNz(f~&kl-@m=va?4o9f%Iu_{fcfmXuyXmNN%6815sw8SwE#BqJ-nes1pags&n~NQO)8FClbhAQ8&wSuic< zZfzWKaasTK$0$o~o(KuMqEQEjMT|#~B4EJ5&!8EMX3?e#Q=#dQAMG)3l!A{`p*@vm5`2Uc1rZbR`kiA(;ZAwR}2zStz zd2hf(B~K-(M&ZG{l(~af{51_B7`y6^Ll@Uk7@deV$L`&i&=^8fs2}CvJd6JCG9nmI zAbm2I4{V#lStiq9P*|Rp8>Hli{_t}HgETcgJy9jx`}}KS%W1K@rQ|``=8wx>zK59# z8FZT+GMs5vL}Y35dCVBCJ%{O36@O}5*PN@VDK0lI@+dL0e`s1_7X0u!35^&JA5|Dx zs#Nbw0WvBE7b=eLoBt|vo?Xd(G@>fZ)_UiI%Riso^SyA<|MmV$>GR%dcY<6!|6Kff zFO-^SL_J{CiSahDq@FB!{j{!2r0dOO5{a$dSnSovVk#-?$S z9wrw$mb1|tvYFOt+yr(TrCeF zM1wGCFUKc^ca8hUSPIW?Xkvg2B8G4uokMq~ETwsUR|LutBG^YD3pXx=LLBsgu*&_5 zUtpNeA@8y4iCdNF}lr5P3Ah5!nSl>fmuq9 zjN_(D5)Y+#oVKVLee5W^!|l*W=_ld0mXp=*kfI@H{2gQ6S1Ve(OUBshw~jzgXxp)r z-EXoSo;~tbR3I}m65?Mud{;uib68)ZboY;3C6PLHrc$+)*R?;7#+*F=MnrUyJdF9& zG4lQMS8$MmhWrm69pBzQiWd2U;Uo9upZ$o(TD-h?3CE-g6n)IcludwHI$kEc7q4;W z-nw-QsceW3N1L?eO!DI;NkChrMJZsWUHtG8xrEjcPpA3aUc^dDLt=}mwE4-CD#!>R z;0%0)Iy2IZ<6Bm#Jzk7#Ut+E_+y z&L_?Wsr_!EH!HQ!$kOBYzj*N=Wrdr==ZCkg4r-Q;jG;-+$u|e=gB3T2;y!TWACf|^ z;5MS;kP(oVUxm*J0mK+(E8dAz#cc^7M-|2f_=%r>*z17tR$&|Iknj{&5G+dCA4z_^ zz-D#WqN?BRCwhy!bHiBfgc--t48C#rKmWV+VS^$q*wTbQf;fg%tRBkS2>FEm%~OET?5rUhY%nM2o)l8*b|+z~AHBS~D++b89! z83;51N-W}^>Ul`yl!R>k{cxnfB+ia-P{UC;RfHaYqlJ4DwGR;;CEfIWw4B?02Ffxa zqwLyCzr3#egox(ao*4_u;guMlG z*5y8ZDMUwfRv8^TRy4$v)dWYkTQv2kV%VSK3qq*^M`DF`InR-=koWhrJfuR!qmxL; z=z_)f$;zgsKAQVYe7pYh1LW(O>FHXhB5~A!9rH#bJqT2QRPv}=_5UHx)gjSxC*$Z(YqouO8?-?ST-lJ@jZrb0n=b(HGgY$ ztc1ScU~6~l6QMT8N_5`Yy4FZ)QiEr*>Yga8cldeyVb@(W4*Fd~mShGz`_#~~{~q_* z@AUB%Rq&&{ysP``E-ZduA7n+N!;+};u%`NcXh5IC{ua!`k4-%SPieW*4~`%x<+sYW z{z%3xa4u2Ex^w{|xhh=<7{>2$d|x8S07%t9x{53j91EYV-SKU@(MltY9!o&fi4vCY zl_Nk(fJWQhi4=%clHou0cWLjO-@f~rMDXIJ4+Y<`Q_nN)eEihsqYi5~fFj*5WZHh+ z(R`0AfCq4ry-NYl^e?(m%rs1~E4(BWguw>?kE7-;o>T!7)`NtR~H{au|=#mkao zg_KuL%C6%=t@d*rn7e#Ux)6{WP7|C4ge^*1FvJ4LBr~1>jCj%gKFqc66Dz}?}yUonju)rlPD)P{gvBm?2SR8+vRtInGT(qcw zVu%Dmq#8W{j0(MReSNkadxa~mVO3FKHilrHDc_l!l$K{Gvh`5+BP?>x7S^l7+?z|$ z0BtL&PnemZoF#%JQSr;SBS3B^r2VzQ=78VOD|fB8k>OjOd}|IU%OZF#uav}KgGb&PHOq>rCVBkS)W9y&S`Z0 zy?yNP7N{RrJ@cN@%#xg$nK@3O7-rNEr&GXY>&IwI z6fe@w$~RHtICaoD84%u%Kj#Z-Y&}bPm`h@s>t(2|RA`t#4qM4_`g78L*(+E#*bU4i zZtXtbSpnVwV~*00$aDWfDQ;_g6j(N2NuAvvY#`+bY2als7Zc96&bjUDYGr1?P=vqV*%%$)=z`e{peS1$tzd zzTgyRu3#!GXqvl-Jv0_?`K6<4GN!a%rE1sK8Dt3r{7#ldu4+HvLHN7A5Do zF|Td)Ju5;>G4{>E_lhIiUwXLkd<^e&-#A!E%dqs~T&P`*fWzMyZ)1DS;JWXqI^4*U zI5o>-41(=he7me(zaGMB=5-A`c#4)w2yb}#2{JepLxW4L=HK^mn(`lZipAIe*&FYN%X zbd)7}=WdscG0i1-u}werVltCp{b=q6P+k2teXQ|rDh7KPOP=@#SLMbQ?x*(IpC*;# z-q&$By@$n9(s$k#+@R2t9Qh?G=K3&Ei%&T^2u0J5xeC+F@cPp=NxMz~!xd2_*^KH! zGb`#L`T&p5{gD5Hmaqvc3rqhR)lMzKINQss>3l=m-EC+p!T>f8M4*1 zhA^eb;J-|Q7Q#TeXirt0`t-^yXL0DFkQ>`wSCXlHinGeUt6gZPLipbFjbD-wsuupC z@uTFb1x1Xzpk}h~${mwHb}g#D^%M#jL%AiB5r87EVFBqaTrVAEFG3^{v-b8(ng<~> zY;uQ$Q1Z2V^m+|^7FEvFpU?dI`Zn$OjhB*re>ui@j8B}v;Et!#cZQvE?^VI8*R@vO zK2>JEz*n&v_4(yEFqE=lz7Zodj&QiRXYdtKwtW)0#ql}?Xp^Pex!{EiV}qh3OlH)J z?jZ9E{z;}1v+PrF$jPFB{A(WnS)uIhUZe7w%*p1cMQ#LY<8rgGFi?p!+wBCCh;iTq z2oZyMkQxvISeJH0GEWnjrBLDxhH?2aYFZi^H!E!8CkTcV;*y?f2oyU?)^i}P=|`{b zIcyul<)!ozT>;J61PRP4P``m&-t+P$`tx3FoIn-z*emE2ARLYP{iK1{HJR%@w@JC3 zO8d?fP`){D6nz%289~`NO-#rT`~3Z>YH54)Q=A4?*Mm<@>N{)fjnZ@I|N5aJH%W17 z#L-(q&STG)*zM08c=K5l$$4+w))41vvO5)}D`8eG_BUbCO|8o|W-d0en)B=E+X9oQ zbLrhOW8)?gS9osnFf*R_y;ff7Lswln;IY{BJkUGoI`!J#(kafJ`%>7mC54(p-jwq+ z#dEi`dS2;ms2B|uOS#r!)}k8~6V=aJI+Mz$sj=r&pRkrTIlVlUEaM#YphL~j+HODL ze7XwPQic%8@7xx>P77`aH15~j*fWMX9%iK4m$j$gRl^kpRunlHbH!?*?Y#^rN6wq% zph#R<(6agp*{PYImU2!8K|xA0JdeV@fdv6ZL`q<4L6J^SA>(Rt=StTD{H`$rV+%K) zbiruh^UTQ~W~#GrkdEMH;D1aZ=ZxY-?k_6*`{&oR@7R6MIznbtci;NS{?iMVo=SWY zHkoYn*(s_pNm*I{0&FE`i|WAH)UF6Oxuf$_6iJu0@>0?N7RYia9(n;X$WJS20m;3Y zTt9US{0bY>j_*M!%7vY?pURpfN4vvO`p3ExMUpz4RHjk788C2U%L!QsYA6m~*W_yq z77-Jpxu_5f8xVAF{$JnpuhauY?Au+VHTlI!8yC}4^1rJc93CVVA5;}xx7jO91`lP& zw!1azHJTqWF!&Yz$8pj~v^qU44GvfB?X(e$ps;Rze*uppQzIf2{a zd&Q;;LLSyY09U}!h4#YDes|i9loX8)^F3-;xO$IVSa=063-nkbNFHxPtH9)9Nm@>h zk*GeVX_X_G{epZU!p~oTiX)gr<#SuM>gBA*;+$>P*|*}Tz4#_=(gJg$#~H3A4BW%? zGI6iU*h)R&Ex+6;?l*FOHVA-bf%_l0G9I_I)T^6 z#w;K0UkCjN&%FKRU_mMMw~3W=qix^W&o&9#Xwr%~{z$8kZyqn4EGkkz|K<I)}| z+fA;M4jQFv?&_^ARj)2ra!Kzb|6yz+b&o4c!?GZ+puc!6@aN5*^VP|{{vcoU0v0hP zF;qVCiv6&wle>U>@$z)XENwv0#FGHfgt`Tj4P~aOrH4BiG8flvt9d%F(oQ^b zrRSdNHQ@I$H#0*~eDflrV*Ia+2vHPyRX+FjVq84LD!_klobI|i()Y+Ga9er{vEFss zP!JZ5exHJ%i>WBZ6TF`LggJ?XCC)^%6DPcbk2p)6(l)H!&+${i$02e^)a3WB;XL>S z`t>7D^hfNroyyBXB+Bl}gXc~i;#E;mQBZgSR2Xj$75BmDeaw>{e0SeqCA;0YqVx2` z>0j z51Qz7AFMogjry`t_%1C0~* z^uv4AF9=)lv6|N__4qvSxiQ`FL)np{dlyLH5Qg!zo5` zH%dM>g!xBMvlTFZcsR9P-IWH%BF54W$rQg&Z0Y&hm_{eWS?ZboiMX|Yk11{ zl&Zn5=-FiY3=QVJN7~bslunlgt^&F458>j<7jyi!U|GSdu znV-P}vHMgXnill{2==Bc@FagF&ec;kVyQkYE$Vr;?`BPdDnZ)-0qgJ2`H#WpgXlsd z*#$2D_?h4sByUXmVMj#Q!5%7ax-^F)8n&0jdW=#^v+OCH@T99Fh40?>_`5Un75T#t4}^I#>^#4rg@E~R3e@E=G{u}6 zSg8!+Y~$#BX*8qYycq&usyzdwujAX|nQBo&8Mr%Qu4?hf#SmH7Xi;Rb+dqC#W0$i$ z#?bs3Xl&nI<}D1c(kh<+9MJ!8X;H-q$>?-v4_e^R2TT?gF+Id3eDURW)Wp%IC!cFR z7IPG5eZ_0lVN3X_K56)O7Smrzuq?675O9JQ9j6>1?<*LsO@*svD}Fhmn5h#%ZvEzj zilPaX&x!*nRjTEQ6Mn!(g@lD?KY#8o`ll;LT<&7HBT+4%fVCIi?A$obn3}GCrqa+D zGJ1XiMyqJc!b)?)^WWiZ(bR%)^MKN6uh2A;mw{q z`j<^-dmKwNPl#}q#q2I;_q!r4(>njz_*L8GcGiMSqdtoGRHlo3b*urQo5ECruG{w+ zU(s^a?!RnsZc0}$Xr^J~vm}afH#B|d&;jje^lxIcMT9hL@)WK{TUq=GGx@3jvq?y+ z*1UVaMp9I~39}e+G?zJ@ADba>?l)Fj%N%B%{MXS_`#e>wvae+Igq;EPn>c^}A!#j^ zRgEQkDbshFVR=9F>c5+l?G3_$$e4W6(7;h_`)mz(8*u-h-QN67c0EQfuwq>)H3q}I zmtMT{iOSkG(!fDx_^_u;bfPrFq_Qlg*|pza}O1mGk59c@YNPiHK~09D?wL z$qAMWBX_^-_H1w)m2T(tBOzhb?$SQaL|8VqwEm($o{6a?X0k{;;}aHk#j&{SLf+Sh z43D#GJOtnH7;O({6^2D89wTD?lrWruQ*;#&IsN@lBjWmJ>z*2_)`Yg*{Z~+Q+~wyk z=E|K}l;^dx!-W+2r|zkie+FPq1RS`@je)d*-425=_>r!|6mbH_OIz&H={-haZPtFl zA^O+ksOxhy21m-&CEV_hU}QLVW(=e_zyYNMm`C**Csb@PKte3pRg8GR1|foBW`q3p zwqm#=s=99oY)i_$fmbzq0Ry2^#gJ_bL`rw}dE9LHyBCjEIkCF;vs>&5VqkQzJMH4K zJabgzMe@z7OKsr}oSu6=GtQm9!@BcVez)Zz>yM-2%1@)XV<#+l4}R4MHhbb^lVd+w z$T%aQc;|#rSuRF-2Sc`B(`lZh+J3}jb+1awx3I!*t;rWZ$@=uYWA{Fkpy%r=6XIYJ zuP%GThuP+A0)Mn>);zxUN$uw%bpT&Bp?2!~r; zE#L(`2ZD?iWEZ9W$rC3efK`K<s>uR??@v@cwHZ)qmQgE5J99#pmsk z`Gem2z>A6F4l#@>4;}23X}a#5RIRzqAiIBM*S-qBIU`)zKzc-yg|aoaS5bgV)pTo8&`fy zpA0s;E&HyF!ei2!Or^WeG_Up6KsSx#gCbTTzknv<7Eqw*UFB4==?(MKG!QS@cTRJK zP0L^9@(#)qUcw|JL{`=DpARqufIyYy2u0sh<>Bde3xX3=&G7=vr}V&bUe3hj9|yq# zo7Q0}nBQ6)YNh4^-iRk@0kTdj^D%<#fD+BGuLXz%9#8h#SLcsdVDPL5ZFg~{=g_q^ z3Z`{@6ltGPA~^@c+UtdoEMX=Jga! z(SrvbFhm8GM-*=JJBHxV+JEz}#RnX6+O*@fH8-edzeQ&acb)BBeZaA39r((i0=o-G z2|>As58r_oA@JG^2V6sbIxjHC9ExpBY6*WJKtW~?t*RFs^n9)n`32hLfCyXgQ`5`a z`X6tOD`*|pjTT?NP=!Gj|BVkuK^zUgm>9D^n{tD0;Q&d|5o)eh zk7Vk~AH_ReQrvnJL-#+>6CG&cOQSXN{u zCC|aidt@vc_Lgw(1`6Mv0ah_+OF7CxRaUaUHj?%@Wx<4%R=d3LSneistX zSKET=Xk4TZ&$$J>FtxON#f73&;q0X|n7yG7Tb;4=$aRyG^7dqI{Hv+Zmw!9#z|qk4 z>_N1sxY`HGf=cpTVn~NE80X$ImJEOA>(@^nKhDRl$)+rVh|(vBDH0XEUt62;y&A(` zMUljP+s|J&nxLs1EZ-f-^d7(;*dkY2o>Ml-kJ=m#wu56M{Ec5pX1`Ev>sg&pe73;ggr6Kkf)EFxnX`%OJD5LyTj8e_q|x<*84%7RjaSYgTU2V8e zG%*Qww{0aiGVR`57u~^mE2sVDk?XaU*Ai62M*J8^UI25B{lAd`8U|2-;5pib(i}Ha zumOK~(N*q#<SXj85y`j zVjoJ8^D}DJ@@wgNxBOm(&z~s1LC(ZNn5!3BK6Y%| z-S-}&*n{?)wA|BoBS&{{$YkrAnVAiwY++=FUr-y8{2FGZsf9ye@#oR+;-qpg`HSAb zbFeT`+6B-lZp5UO42z~GJUP}|9Un_;+S=NFCfjE$x6Q?TfBPwY+_!d7LYGcEqYo_m@A%cTR1te0tqI z(^vT%;v%9dj=uSwX$tZIUcpUSExL|HZkz4g%YAW8-*{Z9N-QLFZda9YD$Y}jw(0O~ zt2#)<4_8xz9e$>F6nKzF&9(^~f1HPTQxx zr(xy`@;5N@kBDRn1SEx_PO)z(bztEgwyi+H>BDTG>wL)U#lGcF#k@HoS3kC| zKP&4BnMyIPd{~1SUUozcR1tL_uu`1&$UH{drTllSA*A8)>AUH%ZG%5*)~cu?`lZJ( zqn|FtL`k{b@Ir(lPAQ--gZrEez-;fUGdVwJ+ApLkg5e`pnCY0gjt)gghq11GpJwc* z_6*PiZ8vX`^Us|2Szy%YD#C3GZFWwTwGPBsSubowez9p?Oa zB!S%reKb1vt4X%>_w#dQ=!hDg!vckjhOMe;?HO)ze+F|mhuBR`Oq$An*LrJfw}p|@&duPE;6ErRM>qo` z;n}GRP_X-7fr(k=ERbqfWUieRV~U+L_pj}U@tma^h~MzB;@=EJ0qw3d~!nK zMRIGRPh*d({rxIicg)^>s2Fek5y)lj8F&_VP95x~ln)(M*7V-cjbIP^+ArqK%532M zfPqzAd)bDcWbJ#YxR|frp5~8kB*#OWBod{pZ^UR(*-<|Z6!X+kURAzE%FLCswDBc~ zF^o}pM{1bV$);o7%(N~0F92DyOof6csqBP}?4ubU5#@cp-_M*6?TSG|lJqPnsa z&fWJ9hpXax`)`JK;UtutloNEUljr0Ho5;s$*$(GkBM-dd+s0xJtk=^AIn6Lb=ZdWw zxpDL6;E9e_N=ed#$Jnq=ev+hm`EJs6e<5or=%2%Bm_2m+{2N?WZC;3Au(0FA;oQT^ zxv?fL;;bW1?)mV1mB!TABTpqNmMuAryN`}dfWct6IEfG7{YpeqmEa;Ex`@7jNY z@3N2dF+0CPwT4AMyiGsgRXhAF@r3fS=))cih)^nUr3cXZZpK(O1@A z+YcCDm~7m>u{`lMbT$YjSD{Y{Kw6YCA>gYML@`262Z{!$h9LgjB!a9#3C|eq;@wd_ z0&Ds}OfA|oa7howD~_qfs1v_;&hHM$paVDWoZT3{5aVIekp9Lo0pO@oNG73XQNB%c zXY_5YX?*sW(SUTjv#aZWOo<4|!P;qP<3w(HpmET8(`W3#8lJ4keKKUw@rB#ZFf=1k1@0=*CPRUZjXRdelM#m`FyKgDKpxwJ`; zHu3FAJ&*OI>3j&D3q+=@y}TD-O*<}Xz&kE5oz78#9vXwB>R zOT5_>bM*pV+vOujgZBpV4jtp$xtsd9?Ze9AT*o**4{FP_gRwhI6FS_e`@di-&F*yE)D$r~zYv)79LZ)_QAqq)fM3Z! z5XA{$7`&2jQZdSE{d7DfEK0LWMfTiPK0DZYd<8q=NN>XNq&7#zFk^eUFt=D9=F%E0 zb=a9#N`nCM9|QzCgNZqgQ?G`90oj)=Llkd`^7Z89Q@9&}&%}*bi&2PBA-Z5C(GF;v zl-HV?|UhQAYwzdt^T@P-HK;+0>AE~Y#>^R^1b zZ57ipdp|He{GI+wh9d)D!4aHhf}0!kNlZi}?*P2j!KqOf;5~Hc62g=G_!bmM&%Ia| zYP)>pcMCU>c^(7P?=c+Q69nA~#Ms=Dy-M0iNo`W?Lk~{U+B*y$ZCX*TJWjASK~^g% zDXUv3wWcHS{06;)-Y96avX_rjPgT9%{|xh$L}^qjggUoo=SX7+XH4i!$&-M>Hm1cf zQ-*>2FYXJQr^v?24rPb>ujSojwdYn`ef3~5k9=6=i&5o;-jGu265Bw2*KR=@eGC7M z4(L#g?u&qi>;*0WUYJcH=n1G@T1rYKnllhFV-(YwGqM}D{w@AA%tZzWC?5~N13f^A zMC-mx)%FZ*Sb_#31`f z_=Hrw;GE#u#>t?c6#IWPT?aUp?cdH!_TJgE5TPh!lWZzk84asKWTdjUj8w=bTVzC~ zjI31lN-CowrHD!r-+90P<9m+xIO;9&Joj~7zw0;7AtQ4hgM*z-Svfh0BW6XUYoE}z z2*AV)H8|RQL<)tb1(pON=5tZ7{ps0V6)rE>U6sea+QKuXTWP`=XsKC&=#D6@3hcAh*7FJg;f#L%LXzHD^ zwpLaWoaV=lJqY~i=JXYv1u$irP%Pj8)*;)%hbAWIpI+_=^p#xqHV;HucNV=rzvjPo zI2_=}!8U3P`2(=0;_PvX2umPfrOp!kRN&H}oZ8l6aI`yBN$ZU_fkwu=(X^Bz1%;jlV+KEcj-sm za3%Fn8I8;zrl|I!;cA^{Op<56-o>0CaQOr^(;=7E07l8#>*3k%n=3oro>O#Nk-17cWf3_IE zt|`l%Q@FODj=YzgwR=dj-MTXkXGU%J?jzgRF^rY}?}dyF=DKN+><_~3%jc*Q7TL!h zmj%i{U`n79pue3h>)3|;5;*(gz=hx!5bu|y_>Q#WB)MRqRrDK?(k->JeC-|$pd0rHDzWWqul2r9r@gYbW-5#aNMF-6h+qKb;IfZ`N! zSWY~zj#l2aP%10oJ`A9n$l@YZ7&tO`}4+}OYWwy`^bcgJ&~dUo>P!g1W- zlVBjj>>WEB-z6(Ev&o?~6ogiR?JvhDakkPFTnEu>;*8PmM8%A55GGRS|LPSC5J&X$ zP?Y^8kkcgLCX~+XTU3oYazey^9cTjbdm)-b##Vo&)8@jHdXNOr z*wI0-LP2r)=fcgD6!eK%&%W~!l8$O2)*DB4_q|3TQPI<&@E}h)3AQ;Z160=p%pEoq zyM6&LnbnXns!pdg?XGA=(so3iG-fR!_xUNIET`}9(%XsQeoWhmxViWVKbe<|)gs3H zT&t=2K7#g&7b}yl(k1nYs0o(g@ zxs!+J;j`>;NLO;jUofaFwGe><4@$dW0NZByQ$Q&8oyyN)i<4eWj*kc|EZhu-%a0TN z0vdLy?w+3f9Y%qHf#8QBT)80hx}qFfEe5H}!#`|vLiEV3{$B@X8I0u;vgZ&7J@7Go zqJA;_AT>0Z5BL+(@ebvxfjF`p0+U^O3Iq}T`?H;Jpgwb3BlkUnMm}j!MiibPD`ns_unK)0TSK4I@J*G)p$9aA-qyc^%&zi z5d6jH8#K#=ll9Rd2f*0n7QF0s9B`*Sy%6vYv>?FD?Jz3_$n#q-XDvpp;Pxzoi@@5V z*}$@rLs$5d?gc?lz`h`iI-nm2(F?mE6XR+mr^MBUbGz~2q(3LU9`eR|pgBY3(N64v z#32BvhacqTPQihp>EkUMP3;v>N;yCFMVw^wQ@KX_qU^0_Q~aq<+8a5tE0!{eB`z(r zS>=9Y!p4C0G!*C8jWUdreu-4q{mc94OhdsxvT_ok_)p)pgZZHnlFzkQ(3Y8oM#fb^ zR>@_i{McL4za-yM53BEFq@F6Bx^3!Tlyxy^Nt;jMu*a=ubbM0Z4~t6VP>`9A-%jYt zlZ|&`o6jtu65*FSCPDi0^2}b1fC%pWq@Ps08Q2oH#5$S{dseCcvGSfN8?edWbQcxW zAg5z-Q7iGDloS;ER!}oiY4aOse;1g6fPet{l`S?o1||X7w=*)V(Wt<4hb>^p#t2pp zToDN^1YM8_GqIf1OS^(4t*(5c4i;R?Kj)1MrCWA;Rq zp-PeKzZ`Dut24hD!6k1ak)kd3-b09nqx~+Ch;3}VTF>wHfml~4FW>}eZ;Ru8jTnf+ z>Mvs7BkXzX{E@0t$ExfJe;{;(46XK`JJbX}OIQUXIk?w2LtRmiwhD3iq5zwEY9ILd zE_NqM0U7id+UpU?!O6F8@|UBi&bSt1VJ8Ne8o89@I)mQz=M4V`r)z+X@hnVS!yu=Up>L>00jT=!>Xj&LekefQhY zhCZqp)EXpa>jQ~bQ&Unxce8%`cL6wgzqyjX+-ui^`6ixT|5d-e|Askl)6-h7$gRn3 z$C3nCLM|$9o66-OwQg7%;L2mQG@RtfS5F=fGgp?0yFhPpJ#e^p2qOHf0!EfDenN{(usGSu7scor0iv7EGiX8M2&eBG&_GBbo3U0tO9W_W zKj=50!h*oL-BAe&5}-Z+C)tEei%*MUNQKF++JS_!CqWMR=OdWq>47hVpMx-`Bb1D~ z3EBDwvO6}w7?(1v* zTJxee|D&5DY(kMe5r{(IMY#8$&jjTT^%Iy7NJI&C+Z|=Ir<70aT1tD<+g^`QyNL(M zDsE+aQC6X#iV;}d;>%2Sis%#WW82$%%j;79Ns1M1qitYxy7IUL=4=&MzTL)F-Yt{|Lw}0_F`5 zS#-&)rGHF+J1ljmPU2x&|Mu*YGeZJQ(d@sgjOe<_xh3(no8)P00Zd-r{aFU z_l?^wj84g)Z#N|Kh)>GltGMh-n_SvrP5H8Y<*)g9y0NX%=4_65@7R=(zid8&WkR`~?sY0;f`PH#}gtryf&9I5F)Av9bi7fFBLX+>_Sa=*KDj(3Ee)itWbKk1p7 zw&08&2r&90c;r>E31dd*dr@s2ogrO~f@7W*@jU$YGCn+&DQtaf2^2qDKObJ3Sour0 zsxqHC?){m=H!-cE@28%PL!SR~w8+A~xWTslHV-A$gc44@%5q7|J zFsQBN%6$U0rp3~I4_`~ZjKrPioEHh7aTWh0&QQJcd0Nq}t!`fpqc5FFW!(Q$C#Nl1 zTgbBLKb{b8-;$H+VHo-u8QsmgiB+hmh#wEtk}l(&`CPgxmq*#oUlW0duGXH#KkXGF z)%pgxc0O(fq#U1}B}?vCn6;HIgdA34ytQYY{M?>4{j3nP+20p<*Vs>oyUyR4NnY9k zFplEV&k)WsX33YHy$QpgMc0`6s5cX4Xt!dxtemXb&0hv=+4%i);(NZ%n!o+nlm2H9 zbF1Yn6?q2~>BUlc=90{!n>mBS+6%oHS183(vUg9hz0;}BJ^RL|C`_&hBlQEpI!Res zM&dtB%TjOHtEy6Wk^hNYIdb;7=RXFHd)s%5+Kn|%9$R~lmdQ|h4M3Pk2o%b4(vqX( zN$OQ8Pwb=QWDdz>ogSqy+xT`spOLSkwB5ExG0 zm#HhSggRe$uIv@swB+VVv==11uaU3sVLND8a7X37r`TSH7xpdc&x^BTew1WRhN|m+ z*|m53q8wGbMP>Pf-?R~}ql4Usqas&7SdjnPtvoVxklqxb~6%`D5s!_zk{KSB?DNLxn?ouoNS?Z`-?~oH5)8f|nOBRkhzN zbHj}}iG$ia?>S={Y^`nw@1 z-piG=>@Iw@_Roy`7pW3kd{t$Akk1&j9U=^t3=fnDdl*Pa@A;I>Ykw#@;s8n2Av)fs zP?pmlI7esP%Z>e~|IW}yzFfL19XZD5bf(RsB$ z!ZYEBvhs+2d`5}2(!}dEr@pX1s(y1F1=}b|B{bAXT=lZ8uB}ot2|RGtknT;mr@Uu}#tR+cV9U54-4fsQYdPxes&!VPf&;p( zLps7|TzTep32hgr)C&|W)4U{Q)M{?j*upzYQ<3jOf7?vM{Ao*L@SL9#?{nt-yj>ah z+Zau2tj5+07%1~IC(1dUCB!3`U#lps*)qnNtMi5`#Ynok{I#MjWzluq*d$SmYEX!! z?07!EVL2|voe}dr(piTfpk6hi@PBo*tXEn`H*>@D=7G_GA+E#O}SQ}L-rD@8>; zAlCce`mkiFDnJ%uLr9ulNN!xbTzRU_*30OUhRs{Kp2(N2yGrJyPLA@69dl1^p*|sA z#~l}NPm+4SFJza%86R>@Gfv@p2Bs@@I~Fo0myX%q5eR?>`;6V z$yH(DsWWE?{m?yo63-k#pZ?5DSLeaE#~A4!39+we9#6}5SFL)(6kB+C`lpo=AWZv- z(n0PF8hIF{>GC#8+Bc^!*z)B|-#SNn&bYemuW_I7nRm8NCk*-bnN!cjxXS2>8U}@k zvoBGGU-yYvu}EaJ9t~`(eDfh9+*rAj=56EL`-s?&5eWsUUaE|mSu0G(KX?ZBvyW;e z#53~V5}%UY&NfuI{EyL6y8W%TV=KwAvgj=p=lcPsHg`v5zVvN+9@B7cSeA%izR)|; zQ}rh&dg#(ZwZqfeoyCsacP|^0)p?G~%ahOQX)4$r-+oO?Vz0vstH1%lRE(=pD zb|*R)j`4z_d#cy+6LOC*P)nWM6%)t!K`_wa+i@$pA18T5g)J#!Mm`9LY1X%2(N-rv zL4Ka{=~QoL8E^ECBVFr^Qq9O<)8TfM#!J!jxp8o8rO>5w-XIc-A)#hYA zB%P_*VS>g;yc}Ao<5CTuTK(jeonEL4b%l3Q`?6WRUMmqV>|@S*gz72)92!`?2!Ht< zYn%NxB7wnt)Vg;+tMgq?i}~xa?4O3u?(ut+Gmw57LS#p^nDvpU_6b>4Qq~1I#HAx-lXI z9u1uUci@lE#efol_89kbZK}CPfy)jXljXM#EUtyB)YqOU7S=jFx}FYpSkwT~1O`Zw zZyP(!{Yl2ZnwD89gBOjO*e|{oc-wi)D^`kHI8y10;^xge7QR_Vq9udlaW{g##2TbI zgw-(GGFI-mI#ZBjMy>NnWMBB=DF0_hdpW8bj000TNoPmd6#3iz_nfDmOd^ku=GrRK z4~f4-uX#L~y4*N|B{lySH9eI`7^{f{=Y!lg_m^pn+S}I)>@x1Ib$@mwKdYV2$vYHg zLSgr{v|UVt)gnnM+?x79Zj9@)YdBqIaA(&lXHwCPL$>N7j?><^6^+_&W|EtyW89#k z@V0%{r(5ovQie>c+fx$(?PsFSZpUxGRT!oCe=LB2t@g({Tc>JYjtkzg=|9O*o;Bqk zOsx&$vI@0N;ocX=XaC`F%%l5OUr}u3pd*2Z1i4%IP*^{{bgpj&^)qH$GV4N%sECzB zSsu>)vDjLzZnKLfKQPVip^_JWjmd_gO*fzY2VG+9o;`awit-k-yqvSV7TBzlwkvy8 zP@?&ganSGHt+)tR`CXh*@9JJ1pu5H7ytCy;=XXO>vr6}?GBc;SlkDQNhrCAAaa9Tl zNd5a-_Qf^0_SJ<>mHNaPJ&keds)&f!7BQt1>z>nH+BB55_c*U;7dwS(t{HEyR?rG# z6fxfLNX70ZX|;|IG;%S+?bHmjtqaGSd^&#j`MIVOI z)(x-Fe%0kvxp;DZu%lTxLSK%smE%Nyb-&D_75Q0}w0E8YktvBy z{%t$2h3z3d_*VA9ZEI)UfaP$-BATI6*+0At^A;gon}9i!ubVnbLglaMJ3?fjvz_;TEYhgj+s!)+{tDr4@)&}HtN zZ8#nIYpYV}nV&-NM@s>tfY3!3MQYb$OB1h?vy~}aH@HemEgC`thliN#n7-3kd&~zu zZ>-xzUM+c_Z)xKQleqMnzQau=vVmKkLTO5D8roU)k9Xu*{?=qX-=ML;WWSfGJ#)Rq z*x==j@Y@ppEA2A8_m-yztdBuuUuJYH!!+=e;+n0s~ zz5U*CEX<_}{2;%1^75{xu-%MqDj%c+>oZu4ljqid+&?dU%GNn2M#OWFM&{A z4FiuBrUA-*=7PtJUz_Ui@GEMI5k(Qkp=RP1xNh?J2bUE9r@T;pc_-CQ; zN-vuD7{={A9TqnfS_9^c1nIwAt8bapHB(PYW;&J8n6bR)DLXSS`+kZqv?cc>g4qry z2yaT~SVwSj9ph10Vf1p*nR%M|gldQGl!NI5_hinvjQCq^|7tY3s~-!PVIH}0Rx?^y zRKMRooIzubWw=5%=&WA;Yk_ca85K) z{YmJk$bCXr^)<3rzqjZELd&8E?-uH~n2{QiKJ^?ud^rB%rAzy0mNAB5KRKa!kCM)A znDxT_0gCXU{(^!_YJ&DJKEFx6yg~ie;^D5&G?d_A4<+1#Futx~G)rnAqa_>t2}4ry zY{AH?E$X-IRPKp_tCJSflxEqbET4INT6Z5<9Dm}^o8UWG7IFV))i$%s5tTZ_Pxa5{ z^F9(_nL6_@o`WHK=I|-@Z4DYbF2tO!-suo3&}gi_a5u&?4YRWU1`2~zje3Pzp>D$0q<6)Y-<*3xtJoMr6+b$k|hV{&>{MV zZY(F!%-E>S`S;a*;p5|N{}cNH=KnYJL~{ZcN-=2(dc!%=qD;1U%Frlt`Z4#}H9u+x zCaM(8$Pl+L+=`a-#o5=4?l|a)-A{|C^;314CO3|LAKVJNyH=}>5g%nHmf8IU({=AW z&y!0AGSc^kYCnA|LgpMy49)_~>taJGd-*-gC?@;R26&M;Oj zDylcb^z!s0XmLmX<5VnbFyq&eVT#ha z2&1#zTu*f$%m+)})LtOZNq7-Uv7_^J^8v$89bv4tR!h`mCK{BXYt=s-m@}6zSZa63 z%er&$)=udU1ou=D{~WMTvG8=FFcC zVpBeR_)z1V7^#MKgoG}Y|F(>fAZhz=13D1ZOcK{y848!ohCd-bWUr1Fgi273~(#ONnX z(aQ5`IngQ7m2nj|?fq-Y&!wwf(j*>rGVH1ONfE-qU#)aD zp`ODp@5gUOGeKnvhI8x%Nh&iA*7;t_64ShE8Gd3jR!P7afi5>ZY^hdB`+UbE#{Kn= zM;%6j7;LBp>$I)!kLP6I{@;82h!|3Rn+k7R}8k4jaY=2z5WLJ6YbBwo;%XZh4Z^x_Um;-5RT?}5b z`jR+awW6Hs;@;hNNaOd6gF1WkMaH(y4$+WWO!KMY_t~jno(m0Ccj!Grk%NWO#rUIUn0N@qp$2Qy*`ap zz#g0)%xq`A{sV>$_@9@rUSXCmdHNgq0Gl?`Z6;;bm^Hsul}ADSkM_5RFi+i+8&KS} zkAwa|p;m5GcB}GF1zA_!%VT8ORw;z`8G4fzcx&kT9x*V$aB!{8p>Kt-DJkIp*Uc#p z(9~0|m>grL$}1R&@0FLoqv(#NUk%U>G`cay0e7RcKQkHM;9BPQWdD#ER;NSjZDqgI z1wq8~jd|!4f);$D`RWr!pZbdyi>>6n`i(#JPOY|>aG@8zqQfcOVg!{!Sn+MTv?lb2o$l~4+e`-#iSYp1Z$` zA@273?h?jXXgUExHOgP@@MQ2!Mz}BeX9nRgE;-BFJPpf65z+B6delA(<#gSWS_`Jr zr6NV9%L{gygAoJdl?kEtPoM2d*i6_Xdq&WDN<`|@19qpE*Cv&I$qc83sc~AeUFOrF z8hoyLMyLK(+gqk=&33DlHym!i+iB#SQr)_PIwUNpj%gKgi^|YmyVd3)+*mf2EWzHOPahT{=dB@$@ldtN7pr{ z*i&c(WHqGkFB}aJni`h=lB1Y0b)R~G{i3j3$Pm>YG66Y?mi^bYE)tLP1kgf%g|-6JKn0m;p89`X<%1-QE4%b|^F2Jlk7*e{08CBAyI z7UvaWLuIu!XlF7}?P-{GPU9NX8#TS?@}h>Vfs)o{qkL3*;XQ#&V7MZ2(mg=%lQH*+ zfJ`wdSq3Mwq}>hGo{H6V7ay<>H}12t^!+CH>5vM~UuIWQZY_JWb|<-5Emt*xa`ZT% zjZ6sGp*Icm9^{88*6s!Z-uN1A^>_)+F`G*RQX|{mVCBCQ+SeZ(18n zE*&jDt$Wjk-ib=aNUQ0_oWVbuT~Y^_->JI`?EBct{Z7+I*PrKnIJL9q_J@w@(ytHY zO2_?5K9KbyhKqk9Yr&X~D)jMGg4tw|?0)U%VH&q~2X0DKPSF-flPWZ7b4WT^-PU5J zJx~}r^XvzuuIi}UBvq$dq_@ba_9B(l8=X~myGa!6v*ONfd>^bhR8cgSo`1rtwN7}i zzEVSQ{OR57wh1NA$aM~XF_CI}Thz9VX?}nJB|$~_Hn-1#b8i*Z*tk!pcBv=$u1kcJ zarE79OX>D}dpjb%Ng`PEzTyMcnRDd58nsh{9m%O4+{ylJd*{YzT6d&SaAzO-!g9gs z@G$!+wL6jiBIEA=F1B&&^MX0G1!3VUZ>%=vG-m?u=pW{lYB#boXDyGBcR3{WsNckQ zHiP_a)wVKk8SKdCqM@-nqP3%om|eTpk7wt{C0T2%DJk{^480a}+c=TPGEUWJtr?ql z%=O0XUd?pF>Ym7L$6AebxQZD+TQ>=ejHDmPvpieKnQtXj(_bMk^MW>IkN1c*fERBt zx^;dD)+^97z9)5K#I!GlE-~cEWqx4%y~rB-iI%e3Q&X~xrt5g+Q8#Hiy?3rJCVUrC zjLGJjr)j*UBu_;>xx8t@8+~%N!Iq(DK*O?NvHufO0yBrhdkIs`Po4_fACFc}w@6MV zuM|xsR)5qc7mPe-RCKjWG31s|cPtXr;d^#AtGL^ZPlbAV?j?V5@Nm&d_K;uxkMd2= z@SHU7oLW7vk<7_4FWFVCq}?&maX|7`6*s@F$H9li6yl9h5){jN$LCHuUilg^K9alQ z6)EX!ApAY$V!q&~EcRm$rKmJ$_IOothpH;lc-N3V6e*P4riX*T73?Nx@1E+6tSE!ok1l*BN#+K+sAdnsSu?UUQ` zla4T?=zDl#&QmyW%qQ=bb@R8p=d< zXB-$)rwiJzktY7mr0{%FFU@{7dXKSTVhI?iPm;c^AE9YS|?Wc=UnaBttig6u47xTA4#hmW640O zY1n+4&5mYiMlY7Lxs%-Ppjo{v+0cy?fv7f<2;ciMGx{bb%75+RKaTq|{^<>f^yf~U zj2_(IYW<;t)11=xj&bk4PSi#X)<*r`a;=pt{H8KvDPH{v4dPPEf0)6M6L5LCA-S{J zY50b`+@9fGuQD!d{E7>wxxLG_S>4{`OTwT+MRe8yMcZ7rjfI^t*Vw4uznUrQ3%+Z$ zwU6BT&=*@uvGA=Qw5lHv_bp?axTym9} z#{XEav)b`r_8wIypS6yrR6dZ$wjRWL?&PTTWc@BF{b;@finpvbu}gd}gV^^EMT=ed zC-|B3tFh*7wo^Zb6>~0h*u}*&^Sp2G+9-66v7+;&$$PLzdt2p>Qr!#Bj)uz@es6W0 z=PfwC@99nxpVpmnYP`?#owR8p)t)!ZUtt`+3^9t%YR$oGX$Q^<#MGxY&b_SA_{7gWeO5493bvGXsY1u26birA2sQM=c7lBe^B7`ge>u-yo|5~G^8apZTzZK|1| zq=Py`&vfGtxvRTZxugf|_6d``Tcz%F=_u_};}&Umu7FJ`O{wR$r=7<}E6+udW!P^_ z9+1;@4{EROrKqW`rRXzzWoklhaNvmX_~oRvaMn=rgmCh7M?$@nuI@Jdn7xl;(DG5% zcgi&af&Mvq)OL2JW-MoA&$69W>awBAvVC@k)LA2C?K1mb^_lVxJy!Z%l97wGVO9A@ zv-!2%ts6Y^x|>~EW}s9m)x2$;8=6?h=e*8L}XYcg}`YQp=;%-~16xLLdBttdx7R%f`R z57wJr(CIf?*;Of7*Xq+fU82(* zvKUE1ld|Tn{R=jU=m^++NOzF2;AvfVf-?>8n0)S$>7KBBrmusO9pX!3fewHJGVFZ?vus+-`TUQ?_Ln%P?$}cRS{Qmuikv! zbVGVnarUfXrnP9d25H1GM-mTHh0tq?43*co#rx&2+Ktsk|KU&3>W5??0CI%BF%-)r zB|k%G%7=FiBY^v_G4X^*J3(Ce{r=h(u-fr*K(iADH8ah_eqT z1wY8Tpc#1;C}Yr4e1B*+2y`~3ZF%_jt>94tG&_pwAHOg&0Os%z6g_wWb!|MZD+z+; zGLWIe7(?L~WRhTi1J7}>BbE&cMY`u;ax6rcG2o3*)6f9)P2qmd*ti#qi% z^iVXjT!l3T9!mx&GkCJ5^^Nbh5}$m(URBn^{%%feKbz)ZiM-$8{mdzb5<9Z`*;tug z#9NtVl4R{K2&K=LpC_XU6__oVr7|#M)OO7?PF|1plcO=V-3C5 ze>2Hf?_4;;_a$-TeDCYaizDDFSJlRu@4~kD9~}`HSgCdWF00Q-0v-6}21ha01zuW5 zS6ApTij4snpWMCFZ?+jAIVdU2 zx3A9e9(nBZf@scqgZ)i2%@eI}MOv(qG;@Ov*O`wgjL}|u&CGLpC$*^D>JI10>w6X% z1?nrV7>|T2OBE(j99rF_bzs5FBzojEqe((fI?XPUOBRJM9u>2VE^}>u`DJ(~!ZNl( zw~&i}m*a!RnDf5c#zyYn)w542ZA%4Y&=2C&AiejS%<;bmfy zgYhTmd{PYUN6SB*W(6^8IopUpXR(D64^XP zw!q>$t?HicZu~xyx#cC#lD4icM9zfO)cBn9aJZeM+5=U)FJS>dF23c+ zIWRCl_zGbv10T+@FRGx$V_T{R*ZAJGgs~q&Jz74DurhsZj`~$IRtL@o~#JX#=bPHV>c} z%&=7kh!KvX-~hY>c?%!h!67;TDgpw!nUNJX4fI8Vte<+bc$k>-Qt_Qx>n|Ey1Dy>a z9V{0XK0bRyU|d23Mm9bk{!0fBfH$E8G&_PQEcWn&?-mu|fQid0$NEqGKNdiC362{7 zqnVVBifkSykw3yUxWUrWc;jq!jJbrnwTaHw&Akd26D>UjYT_F&5dfAHO;1{Xt)8nOguc1}{0eW!zm?5R6w= zR_>;5Q{gi~LrY&jx+V(3$?#%nmyHK}e~)z?RZ(fpciglqv36;(@recME0Vj=@=ov-kO0CTy;47?c$YZTak@Y2BMFe)l) zzuPcec{PZwfQRh0$;ikk3t?4sg)JzBg@oY9jaTcLB}$pf7sn19YKh+)vNHODPaaBEx{68?K(dk3QP zxRe_h3=bsnZ2!>pg#R!Uc7)S44jDX^F1fl&njf*Vh3Pl206W)40w2KT6kjVOElroB zt*tEr(F0LYG|ZO}suT}%Yf7>)GJ4_x!u;rcuK^fKG0H>p^Ygex4VgCvO_{9|-91Ied+uwMQyIwa6j z)_8Pu^!tC`{00}%C6lsmYBadHYyR8^ZX3!-8Sh-a3Qf<)ZxLtyBK^y`{7v~3IbWO9 zPBY|IUqiO@^+(zx_60)pq~&<+C9t5rUwWJa?i-TXnP-^ULeqi3jls+gMAsnTMVEpo z?^=R_OyoT{miRAFh41hZ$foHp|C?@H{f7kgDu#FzCbyZ(~9F#YVeWD_bTp`+7Y3_!B!z_eJC$Rcq|KKA|c3nO0WZaz#owILqD`*(bI z(2F((U-7;vE31D8=eQK)P0mR43M?B?R&&dFfU~qBf8Ssk4@3wn2W;F7H)qH&VB7IVmMZjQ(SVckp`qX;>;}f{#DV_Q;pF+KY zAuja658}zgT^0`pO9%67$5r?aHld-5k3d*mfoXxIvb3~Ba1a(2hEF0aVXq+hM4H&Y zi-5Y~Nv4|HSM5J|@GtH?gkLCV0CHT0NDfgRC@;Xb>L~jZJYn6SAi4Axe}XIuaTW3b zP|&p$rm8-Vp=J=yO9{ofMrF*Bzz*lRiX1~|_wMrCT=gUJ$7pG2pkEURr60M=6rKyi zlFwPs1!CVIsCp3l=<2^zb9_Q9H=ElA;-`ekB{h1{$LQ#T4;k5a6CVrdy$Yy#V_(ie zB?JQ?O)V{g;)QAlH2&zn;C7PNUPG&3O?xi?dA;%DP{QaLcAkbBzNq~ zTiAUg@Bgsu4?-6kKmSSWGUOseU4eVy(7)9iJ_q4E4g%ZPq2fe*J$^RG`B&6V+S>Al zr{R$i2MjtYWJlHG1qB6>nnG(ujY<$8b-1}=Phj81#Ka(>yuI!nQ{HcQZN?dI8Q^d1 zd4@w9vQ1!jW`Az(E3c?{S$C$YgifFgrxb*5rif~67-+=S)a>oHCxE?3a|s=7T<3|r z%9^g=T$fowKUt5GmUHT7AVGHCSo0cEAR4~df_E*QoMupAYH|F=DOrFZ17)+<>b%*) zej#CD+(>m;2Go1zZucwkHimSGk<%`^NJ+a~Fk+lm;Ub=!frGDDQr&AA8z! zpRr%@V8p(p`TKvx4u8&z;nWQlDv%b7;Z*f;u5vUw?9x|}r`h7M_byl50K2PnPtD<5 zq-H-~hrG2pu$CcoNIynzq_JDh(>yTp+Tgtn<2yfnL~fqo(0TFePFc8O6jDSx# zFaU)KyNL;$5S)XyXU~vNLjoapW0U__zT{nY+(-y{IGY&ikD301ppBM?Y<8#-Avz+f z3$+$(xt}N(5c>!uKQ=1353sSJERRjwYUP)??GD1D0{el$)sntBcW5@YYeMh}Z;()( z7jiw{VtUu$CY+>*;KG-97BLPK^&(e-aSZ2E$)Dv=`atj~py^6A#|g_(aAgjUhOiAT zTM#l~JbNBL4|zOxsH^KPW-MSGDt{dIM{mC&mjY?lH4af{q46{}(PjM&sr; zEDbj?^1esQwKe0waZ8D{D0iof>(|yEPQM?tzm9rtI9+%hEh(9tN1@iW96=}KGdbY& z^sb7Qz?D~5CsRDR-dMXkcpQHh%C+xcUbnTC`5ThD?vXvWS?b-*-bh?Ao)w87SS%?s zO}q3!)YaKWe2I-EH%sM&esP6e^i1JBN8B*79zl2nN?8^L4{h%enp%bsHEI?GS~6xUq(4>=cZ;Sv z<;2;ED%Mf*1RgUXg>;O8E0V+}Db*bBg4Dy%FZE2fed{AXeQ^>fF<-ZlkX%zQ4-XZ9k=5@&-AATZ z7iOJm=)^8xCMw(>Nl$+K2?8TOCq~H7>!~l`uQI zqE~Q4G8Keb3-?i#YnvN5gi^3n5fM2BZGT*P5|Wa6?DVLTf^l<$iaLdrT0#TuE*|%l zsgUid=1|3e^%>Vy3Z3R9Xl#; z!5~{dk}{vm$HGF$hB>s7CU%i=+d`@VIZoaj(rdzLH#!e~k5~}E)CjwELILGt51T>< z>T}SwAKBi+k-BGfKfkeYT;UbS-mpZz{Q`0!`}G~5nfeiaXgRLY)#~(<@lYnW{A?Mf zkd}Mz&Lf}GzKY`kH$64#RCpfHro6~C64SFMkX&jg6;iCdKLrH{;w#;6poGdz78o0}R zWBNx(+XdP*K)cN=QSMHmRQn(m$bPKD>-`9*r%^4T> z7@-Sk7xH~Ol&ZNJWDRc;jB#~!$gHk+9oi&$Scy|i&ndf2bI&vGFJfY1y&$&%c}uDb zS@FF%EvP!0kqN>5)ZE{H4H8eFziqF_Uk)N1oXrly&ql$WFhQj zZEY>;1v}5CB{yVngtP>>@ZZpRKu{R^Zn&+Q{0s^Re4L;DDzd{eHV?j{Q>V2Bw^|x) z_zdB-or1!VH10fAOMeM!eAC|u6ID$=s1r_M!;L`g0GH6~n4Q{|_V!oN8b^5p@DR@J zbYp2MQCXnxOiz=ANkk`mI|(hf!aSZcwA!2fmxX+8;D{214VwMY<_l;iSi^LTzLA84 z1O-Ug*AetOAU0raX&GK(4O3h=3w3vQ$9_f21I-eY041pl2>AO#Mv$pd`N42mmisGq z@M&6C2w_Z2_M>->^+NL>w;v2z1rxi5AYY{o{;lWyX`(cAJ$U;C#5AxE>J83Rp(#gh zL5U0>p+d=x%mFDpArXlw1>G}Fq+)1=OtZ35;+|>toNhy92XXS{X@nyfX}`jSjpcjb zI;4Bvb)#V$*FEA^X;!HAJYo}R5J^FH$?~X#;jxyr;tyP#-~A1vE}l9Zr^#G+MMjuy zJzPiSCb@{=cgeVX5y~>8=^0qHBb|4xFud7QMq%L>RCP=L zM)1!6qvARyg}NFyaJWx)?92q>Z= zAaVEHyY5+M`Jc6p>xcQ~{ocLzQ=2#0MIld&tjb+=6k>yp-kI6Xn%yiBm6ZGiGse8b zQBV)4q$2j{1|X6TCYXD_zUWpO!{>p@8MQY!`C;QH3P#ea)fHz6#c+&;Dt*^!u%^C3 zZ#)4Z5R(7FF!K*$jh2f#V+^xuHBUA&0jz`aBUD*y*7ymKIYh(n-~Pw29|4)DBDe(* zVI+GJy)b0XjyEP@Le)T44zc@l)j$$70UX@F`_^ib1J(({+l~JS$cz3~*vND44h4i8y=OJxCse=Z&b0 zjEVwa3iqt^e9~vhKFbi^Sfw*_NHB!_r755&&w$v%J_oP8w3#1TK*IBs7*BOSU9nKwW?aXgE) zr=_CBgof;T`V$DXswyD(w@eVr4nHhb-2Iv%=fTe+V^0nUHT*6qB*mY&Gi5pYd^v5aI)NK};Yw$?eF5$|I8G-%iE11E_|4aHo8 z@IW3tI)RP}7Bv%G2l$a#VRowch61d|0xKU4>Jig4}}YI`D-fVdLk+ zPr<)*^ZoTNenejT?O@vDG?oEeoZ(|w*G=67S=7&=Aj~!1i?y$_?xs)GB%+{*_1-za z>>g-}J%@WAbLqim73qHfPJ&^A@U<{7CGjux!yzCAv((!6l6c|INicj!waX`8g$2ah z#3!)N4tg{Z?U1no5WW%nL*QlbN$F>_OrBE=ieb{EFue*0_q@<@zH3-cx8Ysbkz=6+ zghCwR?^%7ZU!QzoiB}&S7_cM1uI%CA0rzT_VUDP6C^RqbM@U3gPR?JbUha2hJ0Mrj zq|z8j%H<3JEJfaIAJgNvcSE2045u;j@bCbAcMP)9$*Cz3NMaTeQt;oV@_7?w;spoQ zKTFo`0x)sdeQK(`=sSJ@DBt`ZT_02m&KF+-y4PC^@vd8=T^iAbK#B}_eZi!tB58h! z;$KhvI3{_$D!>$%A;W1?kVXO#d`bt}xokMoJh`;8oFOBghlbr-=OazAQmed4pv~c}PsrF^2 ze0<#A?sV$`WG-~5QIRmv(!$!wD;K&bR5WJkZOo5sQ0Fz7#xTVidI0f_tbz7%BOKEL z0dOZ+2~)&&nJQg=#Nd@95_Ru`1%W6STB@HyAQa4q21rPq z3mMDcO~z6v!YPC=7f>nZhB%tZ>J}sN`{tHp{^N0RNX*CrL)AjAdk{X$@KCmtaLz=` z*L0{d@k|v9k!375K@v+4u?lMKdmC3<>`uQvCxS7~m&6t2F5^%V5&wRiAIXJ*Od zu?Bt2THD*Ha71p^3UqR`1CWcVE8)*6`mjO=;)`lBRTSakJWAN20SfTAry07BW7czm z54{c2?wjZgk2g5?6Sn!ACt=x-`42JOUvSK+@PH}N}U)DR$8FZTa$6s3M1*X2+186;F7VX|=w^;e! zmxm@WO&t2B+es8W&w&j3aO zSF_39sGnv3m%s)|&n0Z7lg%pu6C|oIp4)9gVBkm{JuXv_!RXkSz3$^4 zo8KjXam$Xz6PynJ#G!)D8n7zZVH7?Ipl6a!b+tAF9i57=`uvTyk5GvxqJIERz=6H# z_afYAmAw6o3-4Gohm4F&YIxhrEGaL~ki>zL*Gkss-CY>=Gim&y-{1Xd54R&g;A^sY zs#v+krx3K<_7!Dv;Z+6Ui;8$8uOAx_k&;IBbOP2nYx z9J5o^?G#F&)E|v?OcR7i4wsboVxQ4HH{w!CMC|*ubJOPn{}K|N zZ11GEPX(dpc)6Et7x$^_r^6E3)xgkg%|rV9R*uV!A*r{}p1gVU1{%>GfKNarP+AgY zE?jb+O2ad@<;SM@kZSRTl=mua9c$`r1P-vGGXZ3*wE&foxf7iQ=M)vC3>GiG^uaZM zRgQ*K$d9nicRQdPz5`oeyP2us6}b{?((%EPM$J98l8d&wMvM5GMGM}M2Etx_>S*#B z6vIU=h)5md_@|qDZ?()2c@li{6*ZrtBI`4ejL=1Afvql5M<_CICGH91 zmtNV4JIG;H8efNw7hWHznZP0@#K(u<{vJS)k3$dxnCQXamfyN6k75UL96cJ>Av~cR zU7+%vJMe_Eu8hl>E5ji!E}WH|@=Be=NmgbiG#I$JxIo=uHbd*{_Z41Ejpwt7@M0t& zDFeb~*&k+3IGa(Ckv0&Qy8K|9i&O-y|I(@CLZ^t6-i{Q14I zZze356Z{xII0=Rhc`gH~CK`mzC4(d!;=hX)TIUl#;mFyKY0f9@pF;@K}F133|Z zE36C*grVWyT=%eQ&|wN<@aBHsWD1=Hd`l?sv8w&ko6fnZ=M=ejpBgM?n-It6BOwm8jQ6rSf~Y z{JOLA@`wv&;rsgw(2|3_`BU()=mr(@zOHoWeUz>#Q)aF3MWnj%e7+B5SJ~L=(U83)QuiPSan+siIATGa zLaLuWLRC;|Rp4Cru@sJRTftY3wbF97!BS!?4uXlsHoXz}u>kqT-<>J#2i&DSMS>FZ zeqz(#Q5l0~08}Yq09hrZq!d943(OmEALVCe;)X^sRTPo8I*fam#lEGDEO*{~akg}1 zFI?ycWPvnf^8q3OaMc2`rmZr7XY1Ok{-Pe|1Kp7JGlIUZY)dunbdir1L58`B=2ZdL z`)FA*Ik#xrIaZt~w@PEDcPK03NRUFj710f3!=EB_tgDm6&QF~Ak@5s)7fIReH>echP5kDtWGz^Q72v#M z-v{Ff-E|z5Bi>7ET9Xv%X}!Z;>j(s?@j%)$G$16B3Uf9%F29&=h_sl~gw7aE^N1ef znUUb(;VGwTBc!3Tag{(D=Jq+DNA;YjE-6g~$4YPeVn-SR-lztS%56{u0lFbj^&ZzNJ zml5Xrh7?2|?>eQ2Nr1!b&80(!Z9hY_9rA_gDAnIW#Ycy*aPcvOgF`7~rJ}-GqR9dF z0H8kTPMa7L$(N_XCklS5-q?Rwg+DK~-kN34Xr8oxbQy+MUD!G>Hg3)V{FwvIIpl| z^@g~3GcazJBFin*;|lwTNkrKv*rjx@2tTys*+9hSE}6t)CQ)6s2WFK>y7*qEM>lux z$;F0IXphAPG^;D-Wyvd_)uM#{+shx%6z1#?%QB>@&*w=R8nNWF=ONZ}&6y%8E~SFI zH}(aKhG56@_@t;#e}zdH3_%xmwwZZb1{gFB4i2D_#l@)`nydgl)#3Z}O_}d4Wkmg9 z=`S@wA+KgQry%lbZ8fwsSmF0Ur_{GJn>_wNa|LHZFW|m5?qgmPM@uuSId(6t@{fcJ z1o=EqZ!LwCDysaDnnxni9Snwyx37xij;>eaAeMgf7aYhP5e;#4DvCKOBg5@p{2?=w zbf=5Xh_H6-icW0MDNj16JUtMdOV$;-oc#P%Ngy$Sg29jZVn6iilQ^Hcr^$?qSXf5Z zlWl1<9lR@TUna;}JWvT&BW|6J2IzTwCCc@`pHM(vW6k-)uMDr99LeGrol0x=x3toL zC)a0iKudWGm*#phO|7G_d0LDRcC(y|P7}`TfvuI!qa}${96Vwct_XD@!!ee{pXdSM z7@IDUESv_`-zTDC>3BvHW-?<|tYw1HK$r$a@>E8P%sVbtj)owPMF*2}$n1KLL5@pG zN=iu1ycy69!jSKP7e0nR0P2A;Ji-W{OuW6UD!v}bvLQ}-!z?W;`B#RE*WZ>c3-`lh z#rXv0V0M%pTxnE#o!~O8B((mhK^CTiS(gYnb1IW$73`OWX6c}Yr6Jbp)x+ka_Z4_# zy+zN+jyn!f=iO1i$-e0ouj>`}$Es>Sv&PmHH1p$SH>L4u%x1efLg1+FS#@o^teIiZ z&Me2IE=@0CB~`0i#VmJ-qmGFh2H?S46E{SQ@ZoX9Jr*CV;Efbn$id&%6iZlCp{5wFwkxV} zW)%2|Nks)s7qDuenF53z=b6lZ)CMqB`}v|<+=I1bTaBwkGQNKJ*fuxwZI$B1Q20}@ z1Zb1Mh<+8a(Sc1fc54f$2k7pfwGN0)J#mr(1ca9)(z3dV#U49bevS4Tq&ORSBwe&O z`+7txYuArgVf>{YkC<56K03YK?atJQC?U15Hk!ISpvHc4YYU_O#^k;L5EdM)c$@+h z9ZW752^mG8ndwG_(jMC94Yea-pASwQnuL-v3{)YYC$K6zVA`Oguc9qSjH?@JJt_J; zbD_UTp-L#d$fVmMi~MJ*uvCd(!LBbe6>)Q+MUAZ{iS_f;WP-iM*hF*IzVjfP$3fv$ z+xGwl(ueV#WPlLrHOqYRW6xP z8@G6*@nSj*m&1GZtI`GgcK@($tn_|ru0>;;rw;XV8LhQj=J@N&MWqdKHU--E}}qn%)6v^2yPvGwyIKryWVb%K~45XAwSVz>k`+d)Cn z5(4{?fQ1?jYG?@nD{~X9&HpNz2PSfh}~?!+ctr4Avod@*IV?p{t@LBpKglvxHhqhx0ZWSs3FFeKD0a1NDpxI$ zTef zjt5d2m~em|W@BUonGxkx*t?{la3_|}vKG}sQd3<`G`{9>043Cj+C4-7C)Bg{toT>S z=Pc6(E8@U;5HZ5Wuh`hwfgtx$Zo0RiwhaIf{4qM)1>~MRu*g!)7 z%W`DvgpdM$x!(<4lXi=i&)4SZ_5<3w~kyO`z zlBiT2U(v0cV)W!zlKr=#tCJ25qgxVq%Aq39sB=2w(Bwn-7xY7}n6u8IK^L zVlOukzpHIvPuQPXe;_Amte~kJ3&PcNZFb(@7}*7`)iPwfB514w7B*v^^Zx0?-hgIJ2bOWF`1hvxz;PCi(cz~g+Az+7T%cEZ|mWRXp+I8}q5tMFabfnx8;Z`yVam z*SvP0nAlsobWM21NfN4bN7-pu+J%p@@kK1FShr`P=Qx~NttaD7WK5ZOnWUn_f9@M+ zs^#c|N1xP6&nq6_-vcqP{QQnq|m)3_Ao z0GcivE_KFc5QA-~xBR|dqc?H)EL$cU1i_-@P;k@zCJ?()wPLd5%d=9D`R-SK-;G(@ z(_KEqTijy1a2^%4eNFav>&3_KKwXw~&xoYs8UsWM%pBZs#h^aOlXUf2ZdwOg2dGof z5-$XpyJqJRmyz|S0e;QHJPp#!HR2wDG%h@)R9D|Z`3H#_)5iM74t_-(0j!D(7@H)n#r2tm4P7N&|7g!%l3a^^-zSMC*g_x{qBzdoJ8=i-j@>mJz}1m9rqb@ zD_4t zGt}*?wrAZOjY-4ta5Lb^yf_=vE%`%$8f1R-K^>41%UtG&PZnctSjNB8ZfaaL z5s}8Kr5?-iH=3ixJ{af%rXbJsuR21iK0!Ex8+B%EB)i?*k}A(|T4x+Xi1QX2lT@;{alT z9t(s|rUt98OfxL|(lEMkhDrN+U_3&V(@M~2RKu9JX<2wFOy3+x0oOI*pSpV(ohfnMn(rdI_Wz+--i-qnL-f{gZTAU-kqG zb@$w7cXZB0f$A1d$!^8id5;k5iTfq680&gjhn(QLyu>h9W{@0e_$!S z;T9_QY+NGEnH8wS>>>q}xYGFEy?gM{>8nEfn>4H+M)-p#U=Qb4Iyr|%WhcU*Aicxe zSY*4*?%D6d!$Zg@8n|m*7*%u}42#fs9!fy>4AhlIc(#gb1Je_ML0A{?lq^r%b7Jt% zd&>esV`L4GueM#j*jCwvcLo0Wlxr;{HDABBC|RFCpb@3h8GS2ZCC9z@TYnpcyRpyp z5a{`+6qBDk>CC(jjh|K3BTxcC?a{xjUL#%i?8uO_G_FiaY-5P+4ZswxvEw8P|6~c9 zgf!^lOiy7=Sksovs(Trms<7W_W5AvxZ~K@&iex#KQ;Fo_ZN(`>y@727CmT9zUb zBuR~`d-N?PBbHNw`4f~#9GMYag+wHe~}KFqRnEF(ZwZRO{b>hDdUJ6)~k1@|5umr%1=m)a2S

dH?W0bVNVhgykD+?jAUJ6zBXr7EmiIfZfgWBdPu zsV~`ie+Y|sM0ywmwG|FaM@Xj+Uq9C-JT$Jn!7~7N#JVO}i{F*D1=oAq&ELH2q&FQo z_*||0*N#gMojm<@&{srGj_J6Z)gYw#rRD4D%@sBEQzB<*5k@#FzrvdXsiP5QX)^`` z-2HdS@_=c_ep9@fFxzH}<7lpOr>e9R>$boki&p4O7!2?vj6enNIa7)q-HqI1H|B|j zweeSOQD3t56-8AO5h`;*EKBu%GO{K5|n&te0ABp+S|ZH?|apQsVeDfi9=I|PTf=W?-6%Q{lDw9y<#2C(q+G&9zwp* zgc1@c2yWHp@@f;zCKuQ0RM|`>tG(&noy=`&E_7w&wR?Vgdinu$rfGk|DvfX5!aFaF zKSXJ3gXS^8@EaI0Kxl|-40KmSSvlxBz{B~32a7{W3Y~ZkdpDaH`4tsEeD5d)HQqA0 zaqZmI=zi$<`ZZz6k4mfq)ak2FG*^pW8d&pE_B-@ZKt8;`w|S5zfzfi9vjZMW@Yh>M zR?8XWnHtAKMUcju)RbET4FAUiNBEIm4MOE3x5vtVRAS?Twl64(CP#z)Ep`ab4YxzF99Zl-TH)L`+5a9^ByyDDd56ug>@+c+OXF+8{}Voo;85PF$< zz^ymT5GMNiSW`3m0iEviu`QI5iBF#7D72cFw6`j|UWb7H$#1X&QO18;e`qWiC)$QW z&%`4I2WkF~Waa|!0FGZUmVkXnKiX|hBu5BNLet6A8y@|2D&_R9k3NfKZrWSN?!i=)Jw8_}Mg}Jb6vi0m#wpZiE8dzh~-24)Av5=HA{OkfG;(=!^H^g92Z? zB03X4uecjmasC3lz*b?pwB)hp8$rTYAxbn(J&|CPN>Up39Kz^Xz_*-O2hAvB0!doo z8*OAyBj&tZ@6;KL;9!vkxBrYY7TV=sZF|o4*7AAAo@W68BfO)qDHNMDDm??tb)Y50 zBf*4UFV@30F*u5L;*vD5(&%sZ=W~issCspvAM<=$qQuT82^c-QgcDJwH|V!O?21{+ z16GZhuNX}@J4R~8idi0h4jw$aBntgU+_GdFp!}v1f{d>TF|v6n*k?!fQ{3Xtl2|g3 z76ZN98p+^?bTwTCJQK5f3k-dAYLookx!3x>@LzukmM#GZJokrgRZ?ZZ2? z{@xFCS$wG6aNC436x>G`O)mW7IYboCuv*1=F={}Ui|_{T3+CSmTYb0?IjXI@9S00b z-M~K7LE~MA1bP@_DgoIU!Bv}={=|_@z+z&YE&kkP?)jjC2T^Nm^e_;ZOZ9i2JrG5c zdEYMk?g_$S-yl^dr%e#9dZc-qf=C*amA4gtMmy!%SAEC9BbBx3zeDs>cOG$M3M#lqA|0REphr^dVZU#D+x38W^m5Prp5v z(g=KE1%m*_9dOnSxqDw)oS5Aybs-D#>BaFK^y9J|==X=d32ml}0KRFj6Xt8D)PlIOj>-N#!U4O&k!-}R4Kfz$!?srr5}(Snwul8Ah;8rJ)O zP7g~^}?X-c!_g#$mkl_T0ekY=~VFg^@s3d0}_N? zmtmgXqetDo9p`Hx(uYEnC0HalL4Rw%2`bMDA?IP5ikL20O9Z#cdc0Psc2~- z9z)>RIxllWcm51emG!?@ZYxIYZcu?4#24}b5S6cNet@^jCu-`FXGWgfBTeawGUg{Hy1(kR>7m+03;Q|5F|R(DV=T*k4~D=&-k zg~re=`J^UIYy|<0WdGD|Sb+7$OY_C*#G2gI5%fP!!p9+_GnKP`2L%mrrVj0~RBgb3gfi0;=g2Ih|*$7U-eyhZ3_mDq!CdoRa{DKx!R~GjwchMQLdmc_0YZmnnqp zAZs8DylI~vZlui2%z$iE5At4t)Ap5DhDa~F^mId5L`)I+0%%XQm%m_Bj~m=op`oGr z`ugzIUZJ6Z6O=7tO(GOh(OXq-M5v2T8U}-DVOrV@d>;6$;NL6<2`>1_V1rpAu<>*n z$eP^TTzD$+Js7h(OaWk_ZGm471YJ{OV<$jGf)N)aqEM68xou$EB)He_e&{M=i{3ly zGETE+1i~NOIl*T?-((pAk>I(~vIQ6h2ANo_TLDZNJfNV$21LE<>8jrFHqDM!*uk30 zF$s7yw&AtG2l$AezXTko5T#)0s{ZE~Yzi{ac!7)-ZfXZrEhIAXl@t76j0sVv3s>J- zt0l`2rVaREMo0`g2&X_16kx|GfJdbr!B`IKW0m9NwO<$t%E~f?wzLn23P0ReSAcIpF_1> zY_R?Z2tKfvU_F5-V4SOw+#kCpUIuB+Rk4wx!nhJvdER}p7R9|KwsK;h9ezr*0pE1iJ=js^8 znY5i`=+wb#6um#xel~9h$_Ukr9b8v3ns{xgpg@$Gh&JxU>eM)yfDenBH-I-82JHSnrz-UO}_lE%$w1lu)6X%%?Xkl*o zu=$pL$ZLn86)-hw3JZ2g7ZfnpN8dl*F@>7t^AVx|p!J8niX@@S>r1Mz=?tzlAp7C} zv#vC@uwV)%o~H?q{S7;jLDEJ^UIXrq0P$dFtY@5H#JB;~2joidk-^al_CVL%Sip)r z;CN@Lv;*>hp;<@MIH9Wmo5V2;=Fq~r6MpRYe=WcrD=RDL5P`G-07Ru3lWXwZuTp9JY|c21;OfSH)7M6xRP+&G?bsuyP-mFnuHdJJqT1cz;PR`j-ISp zF|cXli$Uvi$KFv}1+!JFVb zgWGM>6|=S-BMCkFU~q~NQ5qUzVn^Zr1K16&<0mE`UWX`DFm4Y*L<*+lg1SA{9?Yo^}ufOa_}gQoNaX!x&t z;Ov3=32JjQ#LMj!#Zc^s*ng1xU8WcgjQ^5OZJY8KE`tezA||2 zRpD#`3eTyf3VxLnV25E-ANdxf8^4272V6PavA|;W$$C^Sz&8!2Y7i)R0OwWc2d93_ zOA}2tsc_sZxeFy3s>P3`#u9r*jE@Z(u3>;!F5vFUhOWkcV&ms4xY#gxG9Dg+JRzXA zbcez-JzXd#sieftvvc^_YGiXvQTP|u^==v6`*8cifDchU)&HA~abQ7d2fZdHiveeen->$rWi)txz0m2`2+HUaK_oBt1L_iNK z__%aRCB0yn5%Z0fC|yFUMNC1FnvybH!_WtWC1%g^sPJlvmGTMP^blf-lT-mMWenjE zya4nx=2I2&udE>x9 zkL=2$Plc{sd&=sT^asb1;OESjTq!pO$54Xe8Sf~64i~?JlOHqb4Ns~%mrGH<5Hs|K zsV1oO;rlPF_Ke+c#Sm%>w5UZ?nemj8P1F-MKh+*BE3_mH;krRU5;vC+rJx>Z>B6pL z?hsF{hM$U%`9@y-lW|e&2}LRz;Xz<|BI&?Lpngr0`o2W{tc0ZHp1&I->Kg2A?1yyu z&#*;0XM(rL9FC`k#t68Jv>Ae-B8x~!975)Ww7*XnplEOvy!*Bb)?<*_v%-l}R#t}7 z=4OM*7r~?h!R*AVoZr*Z%vz&D46~jv0`Um=N@z3oR2$)B_XqI`hkh|{TNLX5`fGOE z00AM>cVR@Vg^nsf0<#nxOmL}07Tx1_Gq15F;A8o2eZd&UI`6VWun{wJ;^T3+fUM#B z$HYrPUIcW&nA|47A;$k(hD#An;D({|2%iU`22*?tbTf(1Logl%I4eJTFK+KzdA}*@0u2We8;+{wu8bH>d{#<2Bi-piqT5 z!=ZudDlN4G?g_3*c(N{SPiaUQ6`G|j7S*%*&QSAG-l5VDUa?3NK&NfQy zdjj^~(gRQ?6Bo{9$&3DNQeuuTZy;v7#>?a&Wn<2oL03&yfcqnMyVs%!J&2CnG&7Pf z&FKWywt6#Gc)wf9kU7FiQs^e3OVicTsy2E?5gaoyJ^lIr1k@ZCX;SE%9H==8;CP2o z4;nX0O3Ge%38B1VlBm7k%Zy#u?*dmV+%dog4l+yt3WbSrc=hle5b*G?27_vbQOWe* z&fas(I$wAym>?p^y?L{N5D>Ty#RJB?CK&Pr#f8NT+=!ok)4x#vfvkZO(p)(q71Z$y znc>p7^muDL3$uV67F{jF3U7sG#&rFlT$=U~HPS|yT0nLNZoh~-p?bxN@IztePT7NP zns@MP!Z%n@TwI)yf!WOr*D~B0P+ot4&Io>$rbZHvM?IfFAP@p23S7gG%mer8E6CRY zJQBKwwZ3@xWNS2maTJwxS03}(z$byF;~}8*2gjj16gfDduWatBsPx0A1+nuOEAFB+ z1QtEhE$9e7IRvt0WOx|N>+|~om_U0Nui!1h=y7%gY1wvr>(mU+x)kx=JOL>rJg{y! z?C||Jz%2xgT4?A6e6aOuG}LY=*DO;8<)_Zq-MOa4l7TN#5;^M3#J!=Db2 zO%BEzaI$@Cv3c;MWmvn)9lZ6Q&M-T(p&CJ%2ZtBrCBXCzPXRWzecjxIZh3h3kLmV* zjLRuq82=1_48Y1@k^taM0*C~@OxUmO1+z8$(k_8w?$)elpSshc7m%Hq>a!a zgHqG=?Y77g{^yIu;7$gXg9C9W27*`{Rsdcd2RW zTbKfBo@5k{PstT5KFy)kR+?R4WSd>HwF-{LbM%Qx-)~uYGHARpZ@pue_S9ZHqO$Hy zwvL5CLbGX_U6m1ipPTiKUEO0*>qdTqvh60$4y#n+JWla?Pn&8xL@r+87D`-lH=|y^ z#LHYV+)&>SpMIW#`)Vx=X$-(4?n5gEuQB8ZL`6lx`3rzm+C*A**Bw>wKnxRfLj;gt zJr)UjYoQ7O%f_jo@V>!z@E5=!z_15{ofx+MB*n*Lb-seU4tR{G!LLCS3QK+2WoVEo zT0NdIb@<8{>n%|aOfJsbF@clXO$A)0T6C`*xb;9F{`uml6T0F*pq7G{7qT(n;(*&v z0WLE*a!|_r09q;ea}+p2)Gp;M{#y`P1KxKta6*DVJSipRLHEb6(q|}raiMrV{p?vpiYW&0zv1=7Rf8@XjAb>+oN|NklJ)>rtPGR%$Fwwvch3M9I|3|o z;3<0ZSW$==eu+sjdOp&RpqX61jAs>p)mzg}AUHc7d1pSeb|@dh;5 zq#F!=x83hDVsamC{zL!bq{MQrdE(23_aPaWLGHQaQgluYFL;j`&()KA3J#&_RTAuP zpKz1Cq|n+SaCdH(>+XxE3kcPD*SB1zu|s1vHX5p$u78N~Ga%Iy+*VGy!=qpDo6b;u z`e|i{9zq3Y@0v+M%y|_Zy1~(tRP04N#C*P0uRz1quigG$I{&XDbUM5Y=&HBl+m;(EgVSE zdZKc(lM z8IDm0<^n;)%vDM=kj)_budVNzZo0GuTDOhRgV=6btN6(Wg3*`HI^xDdkue%^!XDLH zWH$zrb_~)PM-DV`ZeGfnQl&J%Ot#x%=PFb5WP8p{)Afk(;WbgwUWlSFzD0i^+{$~b z`!@X4CTKMWo!jy<@Tl=O3xz|@;BzVCfJUnShUi?~c-#!enIG6`2We%)WKBCB%_ih| zEQ$QRNj;A9j;(>U;#tM~)my?JIIbomqY@&AGmSa;EV%et9InH38627>KdfQkDRP;j z7i+J7f;Cwv*9s*OSpx;V7*xwY^^+vdJ#l9Rt8t&%rM)fFs<>vVU0ROy(f!v()w?Bw zW+8ETfptp*WRs6^DMS3?l&=cKXT2?kd(rRZdx*86HFCMIKgVFC4eJjdLZ^dYk{u@nn zkZ~y6HaGuqD5|BxX-6j`f|ReEtd!5i+xsw}gk2b?=pMH^U>Jph{i18_)#ePizUjhd zu@8`U%?u3HBP=8Bi#`ZGmuXh7z4@hvmg(Le&){|S46B!akjQI94)27EF7sBe$UsXlO&0A#Zkpmu;OGEfH^_#4abFGZ%}eBj-8GrQoHiDw$!pL-xcyzva!z z*|Q*~i}2zA)THi)wnt*MP5S(}*dYF0du<}4L{lq@SMz2fAN9iOKiz%bZD^*Pp1atV zI{igT+*w+EXk=9Fj>OnnCDA`EEHzafLwB(&eilor$gy1cQY*#*Nu9r=n`-zmy32Ax z3bTlHEhbO0_ufLM6d$l%tCNT2&3ef_P?f(fQE0h| zX4~)L<0d)XP~x7Za*JQTrL$e{(AZ>OAGJt7qTl!8mFZ6!7Njn+khx)T)L8wf-h`!< z(|x?wZ_zP+gNL!mtE)1bbLCca1{-Y`I%Csp;%Uo~`Kr`>I_sCBVVy9Y%(T;TR`E#p zz?SD)yAsIUD`i!cto7+*NEtR37SfzDFNonPE$y>6z#1I$ulG(LkMKyuH#DR;zF|Rw zdZ2l4{Cl`z`Gb9=AdB$(M;d2Bu1!eScU7OCOo%ot$SiLbzAmqrON4NE58TzmJ=`u8 z2aBU^wJzT9`jqSUig?t{88!1 zSKf^<2tO?2$-2X^YgU%H<7+Bck(%DCON=1%bt5mr`P_N!wV_1L<@&$`={Uf9XXNXqi z_>dk$xkK2qB%^A{=6Qxzfo#5jbm?cyY4n`T1T2j;L%DaJt_TU*dyO{TyH-uz&6Ct} zq$2ppNOpni-<}cPfA${_jufBKyez$3-9qu&k|mVkqU;c!t406yPvKi}W4lG5ZjQU` zEehs%R>EQ`}YPJx-Rw*|`?d1|Qe-=*~-nO-NA=~Y3;q5wO7E4&<^ zD~XHAf*a>~c+FhuT*9ao9tqa)lt)v{4ns4CZcHr=i+r25GN#(n;&ff3_pY|QLhvQ- z*(MYFwq@_nahBBQEE-ljXNMk|nDWks7Wgm`1uFFD_gAl7{zbXv&iRL{a?UN-L@ zm0WP$;8}=izC3rh%(#?ihPB>!kVL-9(VBjn;lfNBnv7n#Wp?Fsl=ySkTTL9pQTn~y z3-c6_Z}y4dFGVh6rRyWzw0Y?8aS9@9{@N9jGklu&C%*BUt){$f_CacfMQ}{&u-@LP zc>cX1=D9?z*Og4{UkDFuJDAl^{_Jwcxk&I1T*>cokQpR${FLz8glB(B9>0oq<+X9G z!Zn$tjmvB{eZyLN$_`UDa)~+K+hoc)S3dDHbi%c=&-(uX<32p16NkY>> z3|l0@!`3NUBDeH?eiNR@npYx z5+OC0)Z5MGx8Q^W*&(lU!PfVZ_EkLt)#Q^ zZ1?)Vjl|t*<1SbvF1yw6PGY~6HkaD;)5p9E4)fK7jw=R}A|I{O_)bEnu#9lql4iBL zTJm|{r5}1m)Qm+S5E|+kZpqvhm4^dT`_KMEcCO{+S7#g7e{&9NcI;L4VEZJ|Yi~Ko zVazl<63ZiOVw|x0GikgqUw##fevnws`g>Vj0>7Y;8d=!Q7V2ruY;i-O%6Ilx<6YS~ zm{1h~H!M#YJM8wl&hEV1_TUh_a(ag^K=)E#-9$Miwn}fp=yjVT9!bR23*L6M^uD_H zO<%rLTUOfJjYQu}=fPf*YS*nqN`C1>9NWL3h@tk17awSvI@%F((K{BUlcu9pc$7x` znFC?W8;&fP7Fx2>ijBwVP%wb>~ZMRbCaW zPH;`7XZmHftr!RuU`-4)Yo82nwG{KB+QX+23?hCwq^b3M+Jj}3WiPxE3lDjhVhlR% zzF9T6pZ^{(-849K>Qz3O-=5NIS|DfU`62obZR$K{S8Y>R@ESL8ExT_)J@EhB2kT$A zm~eQ9k;&&-(Is~up~dAJv?h%gjn9)GdL$wFEi5yn4e}`L{)+Nyuuy581<+S*jpp$z zdbizFwWvofX3z=UHSy=roSYiuoabgqW?MDPk~FKoCqK{qc1NbKE%tgq#+zQq#mkx4 zI((=IVI{t$MuwGJG1}8p6Jl+vl!ptwjC8`Z88@vJv}QUJbMx$VLnJoR&$TFIG7$AA z&GP-{JU*ef)|Z$DEIaeaSMGbDDpK)q96i{$JM}o!G6L zxSVZ?b)Gi5J@7u(N)pf1@IsMRg-P80wHgbq#2~WM#8WEd6H`Rnyn%J!mF{LV)NF#@8zb7Rx3{6)1Pcc!}P5WUAK zG#}>|_Gw>}r_nL}G_Hshami%diw@Rt5-4(^6Bk=8G&PzetIiSADo^vfH7pcU8m(m{a}sMUo7Sb_YwpazCnWgM$JTX2Ox^B2OM@C@7i^Qv zT-_H_T#sz15wLG3}@5p`)`0YfhOoumBHtOPgVtM{#9QNe$o;>tZP zCz?LIFR+EbZ@9ZnN8Lc?-LB}dRk|NH*|hyTi{7{C0Um?gn5qs9n_n)TU{p#%{v7Ug zcQM`F@kIZO@aY{5LA=5PedgugYBcVy5r=fUmJ5k(H`R~i-5=Am@+c>fUk+zUpq%R} zioWaDitLK>W@xRlZbjzF%aF4_Cg0`vXFh7ChaqQ)sP^Ek@~RVJLz_2`Yp4G*#7?9~@C+9^k<=GhF?Dh(O6Y7^Fz!-l#G({cyD zQV0Liex~X;P-I&l5!Q2YaP;j57@0xTNGSu$<{WWUvP7MAV&+PeS88I?5fNVLo2|>^ z=#UllhSXW+3gee(CEh2e;;T>7b&dA2Oe?M!d}3-1T%$NM45#05u8kA=O%Fjqo5hxj~>OGX>{*MQrmf)pZP0j-KBK0uCL7JvQD&`Nz13e zGJG2QryEa*BjQG&%RH?luc`V3LXvHsIZ(cBm=WDRL&S=*c>lmz{OdQGg4>;qDhYbd ziHeGIq>;ApfIfyyI0|Gx}jrkMHKk^Cw_$ zY&B(DW_{b(+e1 zTv8I;j+twCGJ2F(HV*#Vn^>boD`qmjwJSC%Z*X47t)7kN=8IG-AE8P})WKHIBTFRX z%9ObMQTe^D?e~+5>L1_FrapClvk^NnUCime+;=G~#mAlHs@77O?|B?+We9>#gx6iAW@2x=hnoF5ypu z5|-D}C|gaq?u=_Vpq{jyD*Q}1D-A_`U~(!KyK3YhX<_b~9)nB*Tv2^6HX<2-_x|e7@`T4|W6{Xp@<#%ZT@Lq#67Ok9@;YRb zZTNK!vJZ^)@g^BOfq#7H@!kh-}RoRdy`%MzXz z!to2vmdhHCMhBJf7qou1J3T7C__9lu;hjL(U7axw(Hscn3E2;lezo|{ECIVzv>8M6 z3CI7w-n8;E7PB+X+r}+TwV8_u{0_OvmTz(Rat@gh zJa=QXoqA%9-ll&Qor)E_%Q26?s?fgqU$meeswEj)dccIgObAH6=^K9wyZyf8xmIly zY`#lQU_3yG4Ay-KlnY7cdTz7H3;=X{dHDe2eF&A7k(HhJ$;X+x@PG#5ryfCzHj;}$ zNWm`da4-79OZFD#|8)9M=56WS|3lMNM@7ALZAw4|=@O9coS_lv4y9ANOIlEA>5>is zkrW05q$C6>hZaOYN@=7-K%}g1&;8are_ht%%KYM-v-h)~kOf`wh|t?NWo7GNnH&b5 zj>M)3-*lfR?#KQjk{TNHQ20k~&)@igHf95hUBN&*ct^{klaxx9tXX(m)oAvtq_Dl7 z-R3u`qwH3#TYl9o((7F*K_;H}0TRFY9TT_wG(Vrt7iS60WGBR2alQVi*6k2WrD$qP zfFGZPxA;7ipeZ>yWXxOCM2Wm8@PqZSLq$mqF2&DYg{bxyE8gzwJ!h})AeT}~xUs)a zu#m{24+s{vyW5}RJ0xRCS?a+uWiGZ*F8_7*RIkV6v(=EP;4_X_9aYWtxe>#4_W2*c`~@X zrAo`@v}rQc?0GvmP0AIm55)IEfD^X3xFPlBpPrdgV3@2LrOQU5p%zNRcz)- zx3NofF0E8xJEWQ}m^Pd$kCirFV7rg2ZWtO3(;T?*c99!M7eto<{X4en$??^Z8{42bt^^YG7XYzm(H4=T-cZdV% zBlE33rB93~o>TzVqTnsk%uodpmf>moh>anh z&Rmu55Y3?Bc=-d;7yATt)NJ%bld1SkJ#phd&u zM{chy^HH&^Z<%yCWnL~{Q>jOb*qwE|8QLh0vKl@$-I+d@JS(DXpFb4jyWS>Jao=Gs=1Pr&-D0R+luxppRBG8y zcr;pNzzL~($e4&9+{blQ-@(IP_+mEok^)cbPcO^youW$5p|&xG^6`g`KWl5G6e5*J z3KSkzMYCktYB{Ggm7c_(6%%{#s}k5hP2+TO6!N9=&>(q5$aO>)?=z6F*qiy>jVR1! z!yGNP8~L6mzM)>ai9a(|M!j1&&7K>Kc4C+F%nU@82IuX0?G>)OUiG}%sF`0U@_Toe z=pVPuE3)43hFq%hS%Q(uOUy*ROA+&lhkf_*&SD;H{^49Rs_k4%(F*bWovLRSUn{bM zE^T@|O@dOHmb1qni|-89Q(&LCT>oluwB|NH?d46QhFibJ)Yk&U=IQ8VvCI8Xqin8* zD#k=zv)S?EXB1J`0p|q;KIvks?3PZ9Z&Hqic^V=(sBimEI2b?jO(dFNC+YaOCzq%F z?Ebtf%za_3=*&7B^o;dyNY|KQe{SX%$5m(770ci&nnV=hu60e4+0iVSz8uJ=1!@66#8%=iWL{-fRm=lp7JwgRs}9MI>KA55f*t#i1*q@KLwj^Zt|^1w0E*DS)fF!(g;*yp&Oo`qSukfv1%6Uq_mD^%qPfOi#~_wWni7 z@x`skOA-gMEC+NR&|Yn*D|1{kvUI(=6SrY_*>FOE(=iiK)puF=^yK!}snILKXqfWb zILXru-Epa-tKi&G`RlZbGN!0YF8VQuSKQ&BZkfqrAtFyfNkdcQJIn(Q1PA~!399_X zFFw$i=y{CBgN@->i z9~16Q0FgKyi#n@~HGR>pIz=PjsJAWQmYh2c8cW=!2+LgQQ$-AdH2^DySHtN=;cZ`cZG~(6b@~vQWQUEL|AG z02LII-&?E^KQ76T_Tf>q4<-2-PTJ|kza84=SJ4&9jw|%v7g|#j;6(cN=W7#IGF`FS z#P@g*^Ao26d+ou`7@kyo*IZ!V{h>HRYc&zLD7)dlxlqM@}19ZUo#8yRijI9~-hXM3WY-woEtAn{$J&(gmA21))+_O|bPae_` z;Ytyh*}dodlToJhqPOoIo!p-Ej4pR*8bkF=S}6Zi{T5agcfw+xanp{tdD3%o?|m&9 z8y~Za_~fwZOuF9whzU+C-79STiA45q2ug72tN&{FYq*)=b9{9;$NrbREG&dVHR9(A z=6(qt8bHmKwzk4P_iA(+gjXLl{) zPqqb{juXGqzhXhX;B`mkk9i+Ub8{{tqi>;l9&)!7mvAB2EED6dF-RV~`SD%^-MYp( zL3dZ{X#%O#QeR^@Znfrnx5cn3-1QZ?DQ$)Ly|KJs(6J;anH*!~bFfYAyR5|;K(Wqb)@z*VnbM}vn zh-LR7K}`!L4|5x|e&;pMG%7AXb$e}?Hv2hT9;$llry(nguFt6}PvR-P%%QRNnQ*vH zbt~_FsqhV#&(UV@-9BEOipjk83-y<+G`{6^Wy7*8PNcjr@~gl6!t=!z!bQmnPCP0P zC$CE!-0lL5N6GS6E&1=X3YRh31}$In{LcDeP?h`ID@{rxPL1)-qc@Xy}V*|gHi{jf>fFp zKM=DJt&VCJYlTnbhs1cN<_f(l$66DE>+q`pMc)cXY2 zO8GM%8RFY$}0vhbc0qh-rla z?XTD*mwB_ejuk=o1}L8Cj=$7Ju?$y@EU3WUOq&Hy&$IS2rT$Rt|j2z}} zF`@h9lwEcjo|Uxyv(HnY@cAU{%2kv6J!lwZ>+pDLQ1o$o!YZ%;$x%#tR5$!Gcc%FR zH451RM5({9mS&(Ulapx5dRu$L*k+9>9PuN=k!+?mHaitTwoMapQ?x(WDY9K-G@_)P zD{M_lv{zJ}9*4UG@nOqbC2zP+aWy2%87jtNp+a7Yf6w}+Az1TMIqww@W0=&txY1>$ z#435zB|S0{4+3g3qgYq=1j*fjd4&hWbw!gQZ233goWJRm-9}75* zEc#iebW!C-p3!FfOJAyw5Fk%wV_|Z2`dlMvBxI}95s~$RgkJjfv1?P^j!^`ktcPvt zU-^Hi%W=tFqlv+J*VYJ}$+4kvEe&py|MIgL@suoN9cOt&S)aba#MB`;E+_6SVPAVa z4Ygr{ssYl#ad{JpP_%4b>7}*H5^q2JI8s%ukefF#g z-=Hrtb$ZfNcgNgQO*_a%!AG~;Fg^9Y!?RIjF3Ruj0tLDCnU*<nlq*vW?+8bI`TH?h+^ z?z<@6D@H68dx5lC-aZeFC%Ehj4V(CYg`& z!W)}NMGm`91`xJvv$c-z@-(U6d$8Jakh3-5S-oh-s$k~3-HYzn!xlTr(B`a~eQ^}N zN?(ap(t&za8k2vxcUwOshPI+Kx}GlUA%cwMM;Qm(Z@dRBy7J0j3Y<*2i+3vP#)5mO zJy9oi`lVmk8Fss>GNqJ48qbhVYLUyK9=$f3(DvS?R?w0V zx5zT^r=vesf!Hf9Z2v;5J1yoPmI%F`l*GkwRiKrf=xI=i`gork@)8>T$gh4BXnJZG zmwEjq+jMTMOfXq@u**?E%wv{yHUWZ2;oEuSb1Dp{jhnVVymXz_FOWf4kHWbE*bVZG z#o|(pe3@Pw^F`;j5|nzW)E9_6Ep5!k=Ja!r^dP4=RarW_ejre_fF-i?k~@}IM_(lt zt1Vw_QSv$Q(#!DWAc>qsUMZO#2EG4{^{p?dktHhLlSpyAEDo7^eQ6 zeD;7EH6^)xt}nPwKp>^8{wsc6pk$CW#YZJT(22~6hEq&j)x`gGDwA5_x1jU}Hm74! zF^h_|7w#fH>d77n3>EiQE1c!(b&S7qMOQyH{21`uarw%l=z~P%ay%){VZDGpu4~71`+epSHV9Q=V;rmLpNB;mRwOn$Igeu!j0ZqFQl(Vf%jHuwa&zHKs(Q>^A zsaJ$NCynu!)^TLxk0KK>977!1UCC}KN7v^CZ)4#`gj-!?NQn%;$&Jrbiy^6C+)2C| z;ITb>pL!sWyV75U>XxB-ZzETxt5JouX!UQ~?hE9v74$7m{*U7B+Wu^ng?X)VY+qGd zizxBxKB}DTMfoHSdR9Dq=RuY_n1e7Cp&;SQeo$tI8y+%k!TY&pm`IrEopq-8v!Jxs z!lt?=H3(_k^i+kYPp`fVU#XH!?W6GRJ-JvR@rdEkBBs7fPO`>AqqNRK(k3riBzz~M zD!y5-QD;Uw_tE_;kDuN$Jzfd&R1OtpRUqSX!y#He9ds51D`2$#%e6V>^!N< zyKv>-=ZNS>q=rddX_Ikpn5dN+-W@fx(^;fYM`05X<=x*%RSgl4v8u2_(cy$XnKe9p zcY-bBt4c16?dR_nf9D77S2HEW1cn};c_O3k7t_1?q{kAQm(%TL-%UHjZcj?kYFTqU zNlzO($jQno^qFSWCglMevM%h8dnsKem3v$s=wiV01+q8Zg02H&q5zr)khR?c z{<0XZvbVGnr3&CsUkm&&L9W%+)g(9fgaa8#e1H!<4l1AhP{>!^;*vYpc=YI(!0W{$ zuo5wMr>CdCBfVV)R#d?H4FeDH*PriO7#L(AHo?*C@678i$D}+UyMx=2$Ep~=`?p+# zeag-KR@smXNWA6A(gbG?XN({TP%WT*YSD%7?YA2m8G$jR4^UK_o13Ar(b3TXV)H|= zC6c|^V#9Tww69dvGrW6O23+>x=7L1369}H=<&MCigXvSQh;vGCF{YdR=9fD=L*PDQQa4|FEv2+{+XR{b(>-_;F+jv9-PF=DqjwjmtDu*MsF299 z0$q^TS%!rC0dhNVMBS3AUcQ9DE_=wc1%~+c6cR*!pniJgol2H)ogUPDab#>4;D`W^ z#Q_PANz+#;1a>`0KEAnXavlo zZtu@yeEPv2HVESj-nK#gU;Q~Q^|b)}-@r9lLQHI|KJC7u-wX$$WDHR zSSkCyMHZU3o0{EE=Q?mv84?oy123SI^`X#o{^Ise&i$acnFIkY)xCQe`W9HmoxO*a z3EGCbDp89@4IaT9+OM}#gH|KRFBSfH$Nw&hV;htNKYHUHTz_BLKh)II^z}GNR%y^I znlG}kdk}Y{MY5kQgABXXm+wyY~M zYUFM6)!Fr{C^Ifi4;reWyhD=Zp0HG-BD8~9o!^z+PR1D`+P!UkHOpM(H{3~}34?Wk zLqI?Pu#REH0Z9`QVopIGrt0He2_c?-i#`Ly43hQmSU^7rf)p#jOhJ?)0XAauZ84~` z^YJiQNHu{6`q^iI5uMxK-fjR{e2_IjOVH48r;_vXv|TeFgymV#Iemq(vQv zDY-Ub*?`~Ag&}Xig6HcHpybcYqtR#(UO+f%DZF&BIs)PEgOjFSIYbG=mz9AKW2lfI z;|Y^l4cu6eN_T;j1o)szPtwtf&IT_tVr3X`W}#h|wHwCcJ|BqSgn9|@_8-#IFv0aL zPv6uZ*jMtXm-?=?s+1XNhrH2fneL%K6y9`{sU%CErk{u~Bsn>xP8CeJ^VoDsZ({Qq zkFP^aGZznSaoB~8>)I~fQUIEyLGvv}%)Q3+ueH7XX)P>3_(06v=BUW{o3)gi;`bJ5 z<9TlT_#8UsSc-#rQM>P~ZEP}d#lhSQbXaA-u#)4)=iS}i-=21U$Ec>Hcp#D#Xv6mQ zYp`xG5pR&Q@SH#0cJl!BFaLRODYqtPMvm1(S9^OlOMZTS1|&oSu_$3uG-qa1CFd^s z!;!nYyKp0ROYNc-z(C<-`=c{ZXu)nyYBSe2P-~A8wb!e&YX$4r59NSIqGNt_<{>68ia=xVQwq z+AT2kw1lvkHITnqb{yWaJjj<`Urhk-c?ub zeExhHM7y%*>lq-WOk0IF0qo_;3|6ly_dNPe9&}LuR(kS)OXmg zFdGJFPK1h1w00qj?-WEz`*V$4EqlO2hQzTHxK;o{yg&|s7SUG4NkV|h{{`#=28M>p zV<_0AtE({^8AKZ&fHvh1D1(#3FD@RQo;u6@GJ{mmISBPzG~bO%@1#|hVk)9hReXz! z8+$#A{PKvLFH2fDMIv#fD6_haX+IC6R(jVVMM~oY-X{oioBI!t1M|!hqs8ir1jKlWaiKA-!QTCr6O=L z;B1(Z+OJk57XGEVfroF5>OnBcN7vKb2*KC4{BX#&^w>Vg(BrH?y*})}$@nhUW@30^AJo0ky3pDM_ z{|FK;KTP&HyhA#7lJ3@laXw_&{ClXOak&@;{Og(;28e%x%~&d6$IzrD!)gqR?bg8? zOv@7(?v1t?^XPhi@GntXi9FVAj@vzjO?iKS<%JZ(is3qT0qQrI%nt`iAMLCkW!zmv z-Cf75=??S}+9|JtMM!wWkn;FW1+ijDAtBEOtZKUPx2)XmUZRzs!}YsP7kZ@0Tu(Cd z!H5_8t^VgP%^0TeN(}v?QX_=uy!~^sfXQFntM7}s#yAhVA6ts#YCpvtjPfRV&_`m? zyASN~U@H;}6C>XXJOuqDS3B_WUzZG;LTb<7^RE=H1VD+`Dc9e* zDM>qp3A==+<&rc9M>%8xLjsAuvGEN20E$2=Dyk2^eL;@}S9-sIgbulWbLl*#?+r+} zsrZcdK6iW?yUWMR3+_YmQHy_t)T)b%ZDH6kUcx70FIO(=28dVeuw|| z5m;{?WLw;uYj&r(ir`v?C@r07J_3*^zW9_`!#!%|j)^#gChs7?;ta$hWKfC@4yfab{Sw|H-l;cF6{lkKTH3e6`_1?Z zg6`L+4DN9Ffa>w{%#5*-kr*h1VGTgmz4Rr`7rdZys;W94x)Z7hmjK&J6=IVFVwWJ3 z$3j>4AlWOp&oc1Q@!q!Vg^wMRnH_1MFZa*<-=GL^_=7v?98^^;`~od zMMSAZB9dvY8OFZKGbg&KtLn))oi#!fm2Ay=*g&}B|6TPV;`?L zk<8F2bz1p%Qoj0B{DF3e!{g3|9BobkkK`nz^9jdltbVaezXMK62kWB}<|lwYbB6BlpanTD*ddmZ0ePEPLk%0M9nF&tyL2&Hc~LHUL` zs6hI61~-h69yZM5C!xosP{7mMzlReIQslZFwC}>3_x9hfx3v#B0?my~O#W@D$w?m# zvO&hLI4pqI?zcvzI1S#=re^y4Lc!ijt`FS^7)j(q#iq9eN^ML34=S}6;gWL=6Fm?) z^BW9mAOT4adl$4PSz{C0wJnoVQ^ydn7<#z+4$6E`&gAnI;<1aNlWyFaH>v|S0`HGH z5^anY_tGJIwiTXsFYOOl=bs_{3tX36y}SZD--Fh2;G7LIp5R4j%TfY89HhjWYefbg!XB4BQu;P;No1X`07I7J_UGL2e1-W|e z?C?8Bh_R0+e5X0J>hDmI%)C_#+y;r6-!D`SDe4$(=(HH`25(z34(BzV6ZKz|{9rKD zM%0`0B(&?sT@r3=^-Ks^?+6(J{eS-o@N|;zmCuu*;qQ!7^P@WrRG%;mLzb zny8tj%khgZc;2zcXcVd612I|c!>rpc!oXUojjaFYpFiKjzTcRY`8j2<9spHFe6zkprd{U!ag`tYBShn;G^RXxCc8_LWS=^gH;*S;;bHNw$7 zKN!&G!`bL3NL-DEO%9(7p^Qdygzs{@Pde&3z=qUwL#1I`q6rCs+Z|73WwdTSd#T-$rsn_ zZjV#3n2Xo@_*4bEu`b%b*IqaG*OHA86`qb;rDxEko}#_|V8e2b<9YCj*G%#45GK=M z$NrC-%D?-msa<*H99#@*{JkjtWu{YI9u$+^sVrT52c`n8J5;u3(2hL|KGF!5AYOqN z>EGw?paMteBj4r*ub$a*oJM?-R@26Qus|v}7tK=vAk&dx@pp*RE?4DE2Rq=5f z3>Hpzrbqs(D?pV<&pneu1m>ius*1nC6ZXyB8gk}D&@$k{3^WU0%gODgM?9P0 z4OA%Ro{ewUW1{<&h9RoDX)Ev)O!ht z6$FbP_qxveV8wWr%blfp3wECUQ!pqfmDClXj)%?c8KR=I^AAL9mseZaj=+253qdXD zT(Cqh9#547sct@mNWj;JPU*kETPTvC=&Qy0>PNmQ+{JyiYO^L!oq=NbsDUZK)ywsv?gLCIj5n*7A|;n;{;ZamVqB!3WjOct3xg^{-mLVFRE8D@ zigZlb|=P_+jR zZmt^tF7o7j_A(hEd5p6wNOZ`pl7z7csOHfh|#36-;zA+E+G9j%h9_6T=LDA_toz zW0Yy?)g%oKGKfQ+@nR}5Xev=sab1s=0|dti%=H; z99X-t2B-7;o8M=HsQ-*u|6LWg0uNP;UsoAl_IQYKw%fSU4POGOUSP=)?mU0|PZdZ? zzpdS0o*GE%^RkEOx(d>a+eG2el&|2H^+lDrkiVQpcChOp@uQ3^1ri?by&JT(zuNc2 zf%CavlYPn;``-`kucv-9l4)y=8Xubq%j4I7W%g~Kf?B0?U=PrlJ?fa4D1ZnwtQNu8 z3Oost5b?@5cPL9fR#*kCTr%ObPk9YE4y?sOF{kAp3~t@oncO#<8H8=*K{K0#0BvwF z53~E7M-O`M)m#&ot=4;t$&v>Bu559z{D5AY8x6&nr8YZxP%2#^F#OHe^8{z6r^&W^ zdlg?xctX{FPa-c0j@pG{$ns77un64^9rPYXg?Dk@{Q@%G`+IFx{xWLti!asf(7CX# zr(X)Y;;dB6gW@-kxIOUu?d^ByYAkUP|K^sK3Vj~7y=E}p2{g@GP^0!1K7IVg9V`@J zOLin?*nIuv;RvmPfq@@@zgj=R)NLCaqf!&H^n~cTEwod;{}Rb}iyUTOCv+3a?$?%i zlppjB-Mg1iVwFV`ud25`V_y4PVYgN|7WJr7wu;lXpY$YH)zZk4wTmWx>{3WUwQTA8 zp)%%5H&)7?K610LG&d4a`vg{>yTsM?^%F*a2&wX(XsV+~MB)!hhJqsfanZt7WxMN& zLB29SNY|LyYGwuEM(F1f=iU*%PBS!|EUR< z2~}+^yO~fHYs+O_uCJL?O!U@Y)T`25R!voB2g_$O2`J|gB>>xrnaw61rN)L`s%*0y3z|)`O?73_ z=JrMu==ohH*2XdW(7+@+>AR)3jgOYKR#Ux3zYw-2t(2{_$mSzhW7za0-GMc5rjI#3 z24RYrLH)gM!$V%Qr((Eegr-OcN<1vpSG!exBT3e_*^6PBWIAq(Lbhspw+)L&&8TKv z%u#Fa#)LlBTOo;8Opp@ysRv98pdGYNY6JEpSoPmH#a2K+*|CwGh2?8$S%`>9F$HYw z9#aRx33v?pxGCQtNU;D&SLj@r7*yL1-i<5I=l1ij^{QG6zor1*6NnJg;ULky0~-HZ&sq9p(MRt;uK201hv{-8?WcG;9s4l7xP_Be1R`2td3xzRQvZ zrEpg66YSSl*VP3Mbbg<29vO4dv&uQ%mI*Scvc=g48wWTCIJ-joUL2w(2cIHecJ#F+ zA;4w1YfH<0;8d5Y;msSFLMe&sw+0;EcRLl-F9D*xuZ)_U)R%tnndZg1<+lF?6gI{S ztr~5=R<6BP41$V~)?|xzRB1Lq`$DF8gTz%wvvzI@vW6Z!_S5GjRP!8> z64;leK1xO0>DwON4N@*-51_w4+x|(+n|^D4VZoK8@IyhK>kY^=7W~?JM}xVKoo%7O z5vkV5fy{qdS(4y(cu9{vT+F!eV?X0ULTq0{-4&N>bI)AS3g$Pltai+hq&;mmGv+mc z>e1?kqn*k170F>O>GiJ;;*ryQSp|66(ZcuF15~d+cy6`TCp(E$Ih(cjaS*wal!U+> z?OYz$1+J2{vdtzV_B(^(m&`jLO$!b*ZBA%&X24VGx+ooeL+PX2u1Szd;4P!uV<|3f z<4Dv5AkKKc#1mf}M|`!kGi!(-{>btN3_`v`CkRG>HZLJz?f`-uP3dQzv0vE|0JtfV zxsk$8G2p0Mn1QnG?$b-bR-J=RjBZE=50NOnuJ_BX+mB7LwZw8W3(lzzJ#SHrVfixY z+PmUXD7(?VJ7{?bl{xDz|G$`<=muoAz6I}A?_h-R$H?ad_Hs}?yYav@G=}pCP zKkatCV)XKxnO=NsHoM_J+67xqh0*1cq; z+%d&I<9n^wW)IGAzt#=6$?Phg$?gHFpDM4l`^N`-zNEh|_@q=*qOwklN+^g6voq7w z!B&)tu(f&koT1lYAZ(8NF)FpAd|i0Viq1x6`Kqzt`A5?52jo8Fdg+u@`-2}&s-Zg< z#dBLw%zHdqhKg+9yCf?@caK3Spj_muGvcjLXIl6>etI_cAJ^6;IB;`AnAr%w2|j*D z_{s5;!o4Ww;s8*^zMVBxziJ9__0LwzVBax}lT9*vpy{UFzf`AS^!#pZ z4?M5CZ5h(5>k(&xLUKqlbrG1m1TJ|LpH#YKn|g1 z^Et^*nF^-U043LLGa^*I)Lb&IPa#1_xg7VjTnM1A*XVX{j|x z>=54am!?p#X9ZP$f=++SPDLd;Uuy`x6-DHGSO6E@&ID~i{OH%B+}O%op9FNU=|)d@ z7-ti1JQ>S=vfb?B5|jzMNh0qnQK+YqK6ZL~AHd)d#=LjI+RoZK433j_Q02ZkN?1VJ zh$IftfX!yu->+fto`xP}6ph046-Fp9RDrQUzOZfY+2L9;0)F&+5iSLGmZ#e~iZHuH z33AEu&M4|(H5z1^{b`e& zflQI``+4VO8TbK%ekL}QDsTd<%qcNb#ajIRsIX(86IkOYIe_wGrhbzY6|s#&pOhr` zn}cOWmd}Zv09Q+_Wy^7Pa<$LGP>v(p&^+mm-7~67E^RklZ{E?9&t94`?As^*N;}e| zH4-61nt)Poa7upalaC4>DoE)n=`^9%B`jL>) z#f$iyg*fW?f|=WwN>buZY)Wq?Jkdl3ZMUP8c+w0@u}_5$b532~)4ikM$E6SRu>bR8 zwB~v$9b3VJ)LX%y(>-W%M_q zq7_o{*E~0C+>BnaKcZZUQMHU~TBB}`!f80+7Mi|KhpR_P_V3Kd(ap)WkH?SKuktVp zsNjP;TDeN53HE01WAO}XJ(6UF5cPb6NgfP?Me3KF36nU|xnbhhV2ifWpfEu+_o;UA zYik}8pQnpQXxF&ah39A`SB7x>@L-L!dM|@7mMD_+cvXbRH&yq+wLs-MeX@%Ql-|y- zVmIVsV#6I{vMGFC^MKm>gbG@6HE-oBkZ+)bhJk!3;8tK*2!_#^m}J&8T1<0m+Xui@ zVaI;^RgyrG(ko}=YZP^ZqEEGEN2W3oCtV^ruHNDO%I{_4T_sbWSks9;aMeXy(cOI) z1NZ>=AGkBM4PGyR_^p}24DM_h^0(|C*g)3`wpKyl?rCH+4Mc^Z_A>n{n3L7FwdK`L z>_%b0C$N)pS{qnx4a7T$GN(+4f6^CYh%>Zbqib&d5JTVDvfn3*Yfv;yqikfdn)DBd6joWC|LDYiTNUTF=C- zSQW;Ysho7CWUkP^(~?myq>Id>%^DYPMpS+9_IJyAm`i4#M7fnH=6ZFGpWM1uS?g6< z?CA4qt=l+rLZp}Uei!QW4`otQQ%H>2iXza#GW52_4$ls|57zz~Pq9lW_NIy4JTYo}f3R;R2ht)j#Y%FPhQ-uPZ`P^={!#<{-psP&Ak zP>Lh@vP=I&((mPKx~^(Qm$7Zx{*h+K%B){QdIM$ybZ=5QL!FE3TmmwD_G^gU@izpq zMe|f9ad!ioL7csjWBQG>4_eOJmiJba38dNtk?MIr>hb#7?M${q$R_R&t+M zNTcrP@8;cj#oSQep17K*H0`V|~HE%3&8Di(K5vSv1(mfd>B@ zywAWxX!xN30JeaJ9M4zmDh@coOnb<{bxVbphjAazN9fXX{xS-u>z^trE4SKrYyG&~ zpi2`pZvt>h7DO&)GtzPl>At>w&-~$qlFeYHZU933B+(tFebpj z?SXCo3s_0b%-o0ZztlICJjbNN@aAk(1V%m6%OtFW&^nL#;*DEmJe@7uLMI+GEMZvH zlxiWK85L`ohl?1V5)~YXrKJnFz_~h~Zq@_~r#VXxw?naBKBjJXqX2nm@_w!gt zw*8-?rX>Yw)wlIF8=o8_#<*qs9B#hNWm)HB-u!_iwwuxoJhHfd{dMx&gAM=Q`r>D7 zhydGB``}_{-+bC-e(>hw@C#_ahaAE)P?P@gzWH!`Zp->U zB27K@%|4~p_W8ch82xAbu%8 zBelQe_!$MwX?AA?NtQWQSy>$Mn%7ip2j?d@PlA=EV>CGuKB;d#@<@#0dM%O?F(v9CM?f!eShXCc& zynGn~vOyRGO+o|?_=EwpgBj=oH^XMF5)rdw299Yz&tG1=$2l6W*mjdF#kq6yo2W_W z1q7gBBxx|;`h;HksBGv~i;iL*5I|;(6{JRc0x3nPbr~mP?#T&YLT4`L+VN!V_dZJp zzJj9y=3X&|dV)Q)&vU1x{6+-^pFEVXX~ycqU;L6V7w?rq-jiq^r;t!*C2FU+^4BrZ zIp9owfrTpgr%+@sN1+eJtVrFpI}yso55@jgn=d*U&mX53t_i1Mzrg05M{yo(Q+TmR zope1JqvQeZ4=Tqs-_z1IHyLrPAdz#j9msx?qwyKph*Uw8($3-*}6dl*(BRIzNoQXkZB=$c=B9rh60H z$_Dh583Q(5k$`YHhucV$ZzS!3_2yIGGKa^ve)dw1AF!FkFSnH$%lsVPA<))trdd;X zNB!>8v}n1F0PcG38gdO^TWE}idP&0F))VLQyHDu2dJ==Qu}UGGo2;+)kv>)1nv^Qv zK?MT#i(rm74RdAi@&latD|ewo4KSC0esWJx%y)h8?cbkuZjCUr>sZ>?in}Jjm}F#N z(5I-uD<{lYoCqG`K5~maMN?$c?`o^B(LLC4@x4BPFMuSFJOAf${DHZY4?sn+jQ33e(8KU=zyZ5x zPkZP{1y&T_gV=yVgIHSyL%^NrC$K88FAJ~&Vq6u8HUCm~U;x!YR za3jyD<}c+O&g!e?9TQx6u#T6ZL|MoGypL^RU!qIJJ(8eHxQ>&k0jXGoZp<4KGewnt z6OR%nlfx-G%lW0?fYWc$bd@LJyHfn~FR=m6CpqMd&q5uG@2Y$%4RXbuX8rm2q&(Y2 zxycJpBj1eJXho0{>0FT3zG%tCwm+fKooC%jV}yM2)@toF2ia0`a$gYqt zB6Wq0{%ls>?_MMdw0M7S3r2q_uX+0|2<$)KdJJX6L}Q5YSe3E^({ymV;!& z7@eP{4tL!0U5Re0>Ky~?vt4Q&IF9K<><`$|x4^&~CQOUp9Y?bBf|zrICW<9cs1cBY zV3!p&vOgA>PR*fPP)pQ{UrjV_ChlX3zx>3*i&-qqzlKJ&DM_+7yG~@VV=@@;)g2r4 z?p@T=q|IA{b~F1)5m_lr+zjTNji1~ zwz%{r4r)m&A*r2Lj6OG++Lzaojy64t*HG{a_buxz^8|YgevU*#m}u)x){`qD5oPz1 z&KH*cZq^3>thNrI;6#T(V8M1r5WJMvKa{+PJl1g(^+)D0NZc!+WM9VhN9sX42g`!P z;zsD%3fv=y-_^ZOM<1r|Q&UqTB~sneHU}>OfpqU!90;k<2?gvgwpCVw9~$`!vQJY} zwDv&NfGzY5kYvGM*5Xi=z01b&WyrVYPm7-u1=|O&2u3A3Sz$;YaHZQT%&aQD0!tcb0D&3{T7 z47vu5p0C6$;9)2vApk;OIWem`8>P7{e8a4ar2Zs5LtguQt7L@%kG4MbRk`B2ivNuk zg}DGRICbDL ziFJJb{;s41n%}zXH_+=u(3x3TAsc+w8vWx_eqm55-2Ee+rat=Y)j$P{OsO`zU@!M57%FYqwXXw|!yDGDBJ=H0Vuau`Yn_j8nA zxbRP)NhF2~-HH)O0{N0mfqIP5W{6o1f`6!rCgh5qSn99T{&htUU++Lqa&2FU+snEU z#Oo8!#7;FlFUqps=3zk=(wQn2ZtUEtRcG>@K-#a9DuzCB1bkgjs`U-uIdi^vJA32% z@GISE60)o=j(obYINv6F+Oh==xJSL7C1>Q)33aBGCOBQE>q;Yd2y>6h;o=j_fEGBX zyD;y&CKX?@1#FOjST=t1rns8#895ghZ+zf&gWriqQ~+TBrXjaNh0wGHMn*qNnf?rB zkyG=V*1JvfHf%#Y&*$&Jy^s(UWj+F4YyQ3V_>=Dr8$CTR%m_iRH#HMOguC zp8xio<=9RRY}r=&e>OIs!0zC0+82(E%kXn&$8A1ONFWl`Vm_Q*50nd_fzsMTz5Q@Z z?2`=87=Y)R5By6ECl1JEn0P**<9!C|BS?CasudnOJ(_oY@foUQl3T|Uu-QC&xKo9> z%D)hI0{mMH%gZ2o5FzY7!+)B+0ku4aHD>aoAy0XoHwMzY#(`6lG@TK3UmJhy!#1^_ zVc>@$$Cr$d9L~7|6Fo0@_FRSjetu{R#ZT{}UVn`#sli*I?sRQbN##8NQn zL2XSp(nzx3lm?BfWmc&@nh=FoEfbW}j1X>^aMet*gR)>iYv{F2jrbg^dF|hH&2oU8 zw{1B0Ht01|uW0o~_>a*ldBl&Zn#)KHDv}LE=l_bbezfYWMfE=}z@tafKO*T7bnmJ! zCna->pohG~Y<_B@aZr?8mbV|l6w=ev6OdB)r10^&mai=gq|$Mbyb z!V66Htaz`Ln-`GFJn6+~ayxd*_t;aJAjy-9>_>3TV)1sNONwVT;|CpMzts$v%m4oJ zG(0CFO(65oex==2wkeUfUsl9sPOyh3;ehV<M3*mnH`N@HLo7Mb&FKS z3YDA9nxDv~Ywj&mG2`o*4Ban?@j(|JDEA&#Aq;R<3FMOznDQ9-|H0EnCQ<|oZGJBv zc>})>#_0IQeZ0K97!wKL%eyCG;zyu=G~Dq}+=%k^Q83X>h885|1#qNVnWm?wfh(BV zQx<4DYWIxm!P~=RFJPi@lEoU_mU0AQ1UlD{SIizwWR#3D5pG{00*6d>d5K0CQQoEB zlh7(YqUN0bcOb2_N2N#*f7a8f?SyNOLNN}Jwm7ecM9q5TFFZ366}GFlV`JU4%d1MO z99Pt)F6sUK{p#jJ2h$R}FZW%};ypRV+^e1nbvO3&Upj0{h?(5JeEnq} zaB6UfUW6Z^t5|As&1i0ckroUbeWt6yhFlI-756+G%7C5t0j1}SAz zloOA@Onu1V2v&y7e(T!ZM*$)3{i{1LLZlUS(S>FNh>Vyv6;$Kx#V%H68nc$ko zy?X$_o&XNmsHt`Ul!vxcrWe|INC?jZNd-`4!NS=J2=5+q@|9EPMWcgd=kR|)PtOQs zQQR8=-=Bjcb_?cnANUE*KyJPRt$0NRXW%X%J5rFSP=z0rfUyC`KmaFu51=u@tT)Jk zZRnVuob&~KgY~0t7?p?h-=iD|@M`d0>4htP@o^irD5&p1T`@;%0NhWQi-OnpeBA4T zIOpcyTxyXp6=MLP0iFBf{mnWM$pEsf#hG#I;V~_kHUB>{3e0`ONeyYg(Z;etL#~g^ z1`WSnflE0Ua0A$Se|vI+=Iz-#ppBk>TL^^y3W&f>FpdT1Z!7SB?p%C&6;eWWFq}wG zTI8y;3&L0(82#W~4hU~2Sib}173u+g9v%dmh*lWO8dp!DBII-pqjqs|5k}wj8xwoK zgic}X0P^{6ZO82ki+wPJ*uKH97;wR=)+8KII(B<9FXt@R3}RZ#=AwAgr094H&o!TV zY_7%5K4WXjbioej9@Rz_Qm5Y zrBq9A(G_$!D)}dDC@x!bTzojk+bn;;L9vSoe+m5q10sxq3FHr!TPMLMA`Qm`8u-#DXeF z?yQHzxW@DlN>>2q$H(*lY4~;_3tTK1O`+MBf9M->&abBa;U#(ComwZttQQd1k50OR z-lKUkaF9y&hyD{?I_Ez3nXuY?AK}8_N(O?3;0@4LFZcJgmo{$Nv2P#x@?Sn?wb5^s zicJ!XiK=bfh|rXv8AMdl((463)bX&;>rimk|B9z=y5=KPfzZ&3=~UkG+Z}8)*G;1p z4w3(-uWilhR|#+vrVAU&;4(2X0+{Ptwe=s~7T0_Cy5QvjKsHcK@dnm^c1!^EcfQ2WWPZ8^#z9Qt9;V>B4r8n# zX!s0FOdx!bv&ej%&8LWPW*$Q$2NqFnWn~b+zM!~)ufL%g3P~y$g$T?;fI*L_fRzO% z4=WIP>6`>O9p=BIE>pm!CJtH+*i{UTjm_ONh9Er36_joSM6}CY&c{EY^nrZ~@_DK= zT!6O?^0Ea8-EfDX75KiAD|qN}n6SYpZl`5RBhDsLu)HE{dl)hg5y58%z?1}oZ>Y#2 zwP4uN%hmP4YCIQ=ojy%WETf!62OMX;9Y>7Y%H&6jf~sG>^aR!|kT?R6c{Np4K6m^X z`C)zotod)idU_RJel0d>2Gk!-u=W#$x>}*305Zsa+`}l?h-4sNaAhY8kM$T7Gek_X zZ(v(&YVwB|n*G}GrTRxRxng#yNS`!1d?WfQAAblS{QLzi8k{@co6X&_hI{VtYmI^B z4fkUlN0u+MeWr_8j%zlne~Si#%P9-hriDW)`e+TH5(tHGrwIw-c#hbQ#8*79?1+TT z%e*(`Oq1BebA5CFkEpK>it>;4mXL1v(IA~mcS?76_ku`wmvrX>OQ&=r-Q6V;N=SDj zAm#h;-nny`;SU&Q*?IOG=bTTit1C{yEPhy2L=R&SCHrRKE+ay}{Xu@nnv;+ypA)k< z9qob1@$?#9DOrwUp;{`T`LoD3peZ-(iA`waQI7{nf&_zr3eqA^DVOtRL1OX@6wJ`3Z=(h|Vd zaae0h79e~?HVFIuhBX5x!T*S3+!xgWUFD+sn4zNLB!EG@#h$#oIW@gj1<6bTqyzGS zK8Y28$n;lmkf4_9QgSW8T1?lhht{@AOFtu2IjB;gsfCZ7O*|K2#A!8{C>s8XGWnH$ zR9Aj^;902%f|gmp>#EM?F&nTEN;P(;!M!;&uq>v{_%orMfyY{fEmYxn$;OuvyXZ{? z;MH@J3#9cm6c!c&=O3Ua_+)1XG%2${Wqt|pG`acsY|uZBLwuJBn}AIZZ1tJxB7lo0 zmAi;b(yQ2VjkW?s62+NUc4xpAdV8tm-q#-ibI!p0 z2G~!?^|H9`U!-I4je$GpO)~^^>;To!z`y`dJUsw{xE^432=K{PdV~G}P$V$y(`MX- z0Lra5;UOTPSppuPww_)a@P>fp-SvDu39t-wMls76+I4jvYc!<+?B?yN2huPO-Y8-R zd9h{@%0X|_a-grJ!-)p;7Xnjnd%Q$G)$?K_U=W=TI0F@zw-(d0zoyIsh0Tlb#299w4w&N@;mzz2?C7E;u^Zy($5A zXbN~K$L>E%K#S51=&*o;3Xn_!(<>m+DZwwm12|`Z|87pQIY2aG@Rl(FJObd~0QAy% z;|_O5W@bBE+g0GH0WcOnaGrW)^(>nFrfTfAp3Zt>;Q|lD5qK{E%Mg&Gywx*rL_UCO zo?@JN%6Ue@qCOV%qe6o+-q8O z&V1qR+;amvz=SUoIwzlm!jyWZEncjb`M%+p_gWsMOvF(I`80rG7cr>3Qm1&_3ZG<( z_ORCJLkvyG*cHm8EgiXR&*>tbr_u=|7&vBBiAiOz@ZZ?xZ<%JmI0n$m0<8lO zKHAdU{00R9q<>(M830<`@4eWR!G9y+#a+!`4k$5U%;Z(c7?p%QGm9tux2av~O=3#m z9%yee^Eu>7<5H4BtY)GnxMN!h$?=DojG6b-mHufQ2mk*=AOp_5tys`1yY1867u#5gW%Jq(Ev zkw>ur{tgW((=o%CjDl5!hb+!ei+?5cxV%B7fZFU<4i47z5TxRB975o&;0V3t_|T6p z4&?>EE%joYgg@}|x_mcdE27=}V-~mdmHzR$i@e!|&kRClL+8sFQGwTP@!3k)67J`) zS(uRiii_A*Xa{Z1q4dfWL5YmF=nHsj{5PQbcA@`b3J4^D;s~54<_$ zqxS`Rj+F6TfNPKsP@Dy+5wz13O5e1JldPRngf{>g6_~-0L^mo>#YAseo4>}yI%pNo zTO>g<+Y|=9Ca4m{FClj_nZ#OnJ$fdFK5O;l(J2Km$n1nTHVi-z2 zqd2i4Zr^aAeE5Tp?l_cOw``B069~2uQ?kW`Jl5Z&@sae1)ihaQj?uHn1z7CF#D^r% z)Hyix`%-3du^qYuEw?wftst6l7-&I5gY_ImE5lJQ?Q+SNzukw2VCu#?bkAa&}+@g1j164H^Toc-@+3c80hmBKEP^= z`SME&j21bM;E(pJp7dCfp(!pcE5$fL*wA5Ngx$tNZb{5Ueo!9`e`BY8iU&>83p{959mTFOn%ec52k; zw5ef&kMLS`;)T`lgZ3!-uRxAqvy(3x z!n@O$zjUBw<5tyD*{E=GR2pMh*%Rw^cDyiV;*gCo3XRLz7u+pe@|K4@|JLOH-c-ql z*KhM4&7UzmAxynkF*HP3_Cj^5cC-i=IkbvWj2hw&6qlLE(}m;d+7f+rI7;{3)KM+vr;)2e zcIh*?x9v24>$rf*xMtOacAQmo{SEifyC4*NarN?W6QpWIq+z?egGjnEj_OLsUuN0m z8Q}fD?rJ8huA95~x6%~+m9MS;;a@ncH0vp_H$YfqK?XLp#`6@xN*XI8eZ?;14j^2# zK7=;LGZD8)Ii-mwP;t2uQowvjy>5&XQ|$%Ak^JlN6H}C1MCiSdGxqn3^6yAdNSZD= zF2T9<^6>ccmOdCKupLDWz?|DNDiRVvoBsfqV3_LbLsiOv^1lNZFaT4Cw=xT`It7B> z-?E;7x(DF-{=H3Ggd;(mzt*_wj3pUwNNs@MXTnvJ)(5WYqNQS}VB|EMM29oVO!v{(yNQY0iDrZ~QxHsX*i^td0h@8@;rJpL5KdUAM z*@FK|<)DUo{Y$~DUo7)X`w$`>sl_5^QB)XU8_#otOz7PE?w`*XTnO<%GU4`*1W=I! z0AIqG-i8lft*2nU`~uo#IZ>Ra?jP!r*r^1iW^v2GeIrhg>OMlV)+oeVWBD}WQ2|6) zJ9}yQaP?WHG{L^|ZmKJH+ThJdaqz;B2g5&beEcO7u9xqQZd)`x_P3Dm_w3tf45|KX zSeOFVFh!GJmc-ZTIv_ANa21^KA0D0&pv!t2asl*F!1*9qp%iFB0U0eKI`Qrd1%UkD03G(wX*gJD zH}YJ@;uthI6l_X_u4WR4Bw%G>Ni^1TsnygxC}w9{5-!x9WFsHzos?G~6Cj2x<87VE zU`Isg=uag1pK@vW^$wi1Xg=J-WqrE3zgl1YKsn##R%LKWCe^O@Xikhvwl)?IN0F{2 zTy@FA+AKtCrE#qla~@Xe$~dV6DrJ2_w3AvcSGxLehZVW1ExFcjj^L@UV7&V91%Ehh zD1+42bH;)uSwKGKQgdH^5c$5EAdApr=Jqr#RGZ|;b%@Yqpwc*MsV|r|H*AXRGUzBB zVLPf&!mcQzwFmp%R03Y%?Rbma2S5<>q$Aqf8Ve5Yv_^kIYMZRk$C&^tp2>J>h zOU>*t)c8+SZJNmg2P>vfqwXmwTZxd01SIgF7qczdJ3aMnF^h~!$*QH_LdBAZ8bAd# z@AEn5Vb3Guq%Bg+-1L3|c0UW7ROm)<=^gA2PhJ42d=8nWdLv79@4%<4N3D zUYUI5@lGkDfrOV~3^72V3)s1&0}~z~F|e(^-Wlk0-VjAOAW`%N086@n6woj$;D{912IFnLjEcQkMEv1?qkkD#wHK4rEObwRCZh;c1 zLW{9ns;8<1)9cM@0EjxkxU605`U%Pv$okpGe$cTq?u#QZ3{t2hM%BcMP80%@Qa%om zd(h(mSj3ci1N%WznFgbmw20xTb;KX{eIq8XTny#Wgv=fWtV0^&tf{u1%mTgi!9H;j zH3B9NsFIcXR&;r1fHq;?Vy?2HvwckS{q@*Y6qQch!sR!_eM%_;mZ)Qo4i6nOP8{+@ zWRFoC%Fl`ISSISJm@QI;bNBUveQi{QB|OOVT(qeP!yrgERl^lK42eMnY7ay;9u7JU zJEz0>c>JZ(bDS5qKly9%Y6a@K0o4J0X@f9zsu)GIychvE9nwG~6TX53mjyA-XhySo zhx;)Z{m*#0nJgSOUO(wnuv=Ce&p2WxeF3kPk?iY{APrr9 z(BtO6f^Z%HUKlqjKd|!Zf`Cs)eWVT3z%kf(w=lkvgp0t#Lk&N|QdP4=li!nYs9oKO zmvdf3q<2a=82L_rT}80jT}MX5OE+B$LmA7KZ6DKK4#TeiEn6%!6jqxHha^jHWBSmDE{0OHgqWu(?l?6_2g(9v=-KV-(t1+Cnn^Qy=>u=~{LeJn@LNz0Gw z9UmY+vtY}2!ex?|`-yi^1ox2j{@wUqUVjNO(agKqNHMC65v8qLNoC)qkBUh-PYA2k z0x?s^>DA|2Z48={=HcYgk)X-0sOUir^qH0NW6DmhvSD!3F{b)+XTAmrKE<_tUEd>_ z47c5Wnj|hlI#uRaHQiVeA@~uB)WOI_>CYudOgLRLuaHHkDwW5z$!SVL5P2F$K@9#ojX-b4 zQj`I2x*4!k6-+H>apNezc|Vn*!f_>86DM^=ahwv@!ub$#x<0szdUgT+2#vjlGo~`O zi0{$py>UYFh*^IZfe*PK`;@n+X{Xj>o=3NN^k8VP z(id}Nc21Sqh6DRWju8W;*NUyc;YWAT0~MA?_Es`gJwW6I(0T*Vt9y~K)L4-Q0z6L#8BAP|weYDr9{)Q5QWC<$w@ z8>{)b5`I=K|56Ev|k=Nd0?Uss&=~x9%B~_UDY> zno&Cr|HHYt&sj8DR*_$s4SXN+XO4xT*%007}Hk@brX=@k5R!~#+Cz*>zSkRg6FkM9u ztDOjq(O6Tu%MrO$me7$86J}41u6aB&P*PeAW5?l{f(l0FDrls?`a?;uA$9(Ybp=Ri z)Bfh+-k11_aU~)xe)B`?*^Dt2a;0O=3ekF_&EE4XG2`t_wlsJ4l`P=;Ipc-6@e;CA z+P%hY{enuEAI8dSpQ9fVoJJtCqt{7@h@3b9qQ!!h!07}yBtA&r8~#P1e1SZ_=T9#t z_B1CWGGtQcjoY)p^mq^#Zl`E?7siWI3XjMBWsi#U<~>)Zpc!GJ(|AK<;Y4!LMI>h7 ztaj!@2y)0ViD(i=&2}1rgS9Q0SS>6{xdG)=W!ES3&!zjKj~U<8|2;0CGf$VhmhP~v z7u3UaYLX~rA%GHm=nLR0m`OekZg^YhqZD;~cq)tuZUk~K=6kEj>GKOxTvEqr9I`Io z*L5a*WBH+1t_n?CWX((lflkr&pzZNP(Zor9R0~%bM61TQ@TL!3^H!7WyhkH(VY5Cf zkm_ee#~+3u_{Ck&x}-xezByh1lZLSbLbwtgd@YjQwy0!I7*t)7lVEtlAT&BCBzv9~ zb7;kCmjS1O_C48u^@p?-!58`*--btOgTtf09C5`UihkB+{iKf~f%ds}5JCN`gu^!? z7R%5^ES*uDtJx&^-1@cfKneZiHd=Jqt4G+%C^U!WPvFnG{R8DOjm3_of30TtT==Ys z&G7bmSCop-QE_ZJX0R%^=ynzfzi(`upO$OfHiRHZbQ*e(4Lw$tk3}7h>&K6=k6F1K zF8(hUpd%&P4q2ZkOIj`e@G{PUM@h>s*=~!PPs(B^l6BSC422wnqjD!7rXV~?$bYg2*GgvqJeMIg<+?Gey-1>l1> zKZ?S7bfu%i$3HSh6-vkEgqPdne%$KvR4b&~ z(d_u-tw3-%$=Wz2rysp;fs6Wigjf-guJ4FUrHpC?am#O`s#5NUfFMm1g`vaG2b?b* zQvIBWS2D~D0~D>)6@;+5E5`YdBSGTHVC2L9NYbg~#HOIUHwl;|TWY0rO*2+T*sjp& zD8MUW@~(;93{@iiSie$ApNhZwXNF-W$=Eyblct;s3@p&_U(oQmLYYYOsrwj~N}ebi z`coyQJcWb8u0F2lw)rP&z2^d+WFkCL+rsR^Kl8c)&>VxtD6vAluHP)4WFI3VvspR9 zpm<7Dp0TWrcw2I9#5#D=j(oU{va6Zi&gGw)NWy7a`VB$M3l{*u#ZU8zV#I+0+k8wm zX&g7Nm@kU9<%$Vs5We9Ie+${$B}JfKNlgaTneP1)0m~OO%LXxP!U+!`b_vbl5TR!- z_07Z9Lpz@(Zr>v=?1y#c=UeqZG4aaPB24kL@YE9gVj1R=IVIYRmVE-q|8a%P1}!p+ z`sj0Mmoiz>M6LbYw@X|Z@U>jjry$9so)-xC%o68bYJ$ul>&a~f`{Q4LcygpLh1At} z8E{-|hoshVl^ZvTthsFIBJ~+ZMoRxti0N4#<{yMK`VZ(XU8svh6JR&sZ%W*|7G`$3ot8t^ zVQ6^#b(^!#%othFMq;%@8UydW$~NlXy+_KbpSqTboQ)R>N}}!sLye}GKNL@B zlB#v+uzF<(VyR7SRard8g@QJw04bIEsIOzP<<=jq%R*V8|+cyL(K7_OA-EIE>s$@o!j8l z60|j`X&+lHZ1O4p`R=Z5z*>^QS2LCwAVI9=3AGQ}F~_W_qPS*%XsWOh@Xv~gM}v$@81s(NmxfsINY^u?;!7>=?Ut6kSHh0%Bf>&R=P zSV@=FS2O>Ou~*CtFs?h95K;I-bWStf(dfaUkG(MN&r*D;h^l{j;(L?E2ImnI1rvT< z!+p&OI+vJ88vn-SYPq6-U}lDpqN;Q7i+g0Fy?V25nHf`YVLs3(E$DlRzllVDdSh%T z=)2s{BeQfJSG3E>6@|b=J2wRds@Zp8Yx5Qy;~k|ZBK}>&%YRxLebD^X^{t#khsYI- z8wL~W<7dqS|8bOlZ_=DR#6t2w57=Uf0o{aqZODGiLvGU`w&I1K!rokG)H{~?h)kUTi=r7N9) zU$@LGvTHfK5)W7zlBHVXXCOUWZWrGx3{d27;nRKW(Z1m@Y|?h3W3_W^&9$%AetKZ? z2xJphKau-FV#YoD&}n^%k))eUYX4WtY$?lMFQPI_k59Dgi~aK3b8s8&WGi`pd`*;a zLO#(CvQ=n*Hu&m2p6T=1>{J!d6SE3qUghmiU?+ZD-7iehu#R@0kntK@r`HGheu795 zT4lP~%6k@AF<-CNHAjPp8zDT()3F<^rNh_CKWJ4iuxFu>4ZoLXztMd)49sXE%ea~B z@po4Qr=Oqt_}$OJM~ek$Y=l1(?Mg+oC&ujF7g_+>ww*W%8@X4tO)Ne#;e((ZyIj@? zH$x>?+DT1(YSzKge0hbANqn~pZB_^8b(r)*k z1hP>g-(AcY9W#gOh`8E>`{X#3lGsYcG?#tAG{ZH82Vc1h4aFAL$M&!}@rk9Xum6Lu z*qxJT*|$33^k}!TLmJWBHf0Ekrx@mx_S!I7zG3FrsAWFXL6@4K#QCt`H3{tXCgQ;i zv18VmK&tPMj1Q+8A};GOEX&0xcMX_bA~wxUWh~rEvvO9frttw0`7moYS`yfPq?a@rOwMC zB3JmKHH%}2=tW~Ik*|?0Wx?Jzo^j{0w@#S(*U-f|_VYJ12MT(cY4V;51>D_HE?(UN*BJHBeh?k9!^W;dkZwJ-!ID4#V zJOYh~VB7v(`$jo}?2rH5yw8{%@Ac+J)5I-xrbrkAnT`m#oM+S1GG?1RZ(B1F)*3hk zsvdS8t8sozEoHM_QK$zwGemdL|7yn^?H>M^n+G2*o4UqCD_m01fEnlgQVlB9#y@PV z8v5NA`;1JeUnhS#`|_fIgS6o{LeAEeqK+>lXX5RkSs_7Wu~tU?V{*wS!#d4H5vAqM zzBZ+&^$;~5hr}B;*{NlM2Sgrnib*`xe5Q#m!MK6)7H82PGiwM`qB{O;iVoOWUF=l z75~GB57-TlS*#t={sewTxjlLnT-NfIs;4kH{%2*>tBxiaqr$WY<^i%5_S|lf&*E)g z?Q!xnWWtD^*jGYwSy+u+yh?<@XjX}F*wMvZDcv7=SUwO(Q#p2rpn<-TcZde)M%-m@ zqz#1$IAG~*b5(-+jgIB{$MuKFu`fIj(%FhltWNagnS{zPyjJ@|OQUJB1BT9*B^7rK zf3E*ZQ1CHvu^&!I0eRMAY;k5ID^(Q7UKx$1+5GIg726!v(O;o_D#1VLfCw@@0ScCU zIq6=%E)VR7q&%tN#HZzt8yrG?3aDs?{ARpUZDs?sh_2~K$9<>CI8XkN;jpq#TAXaz z#hwlHAv23$43@zbyrU$M6=;k7_BAr!MfUjKWyFW2J`jFD0{Uok#oGChp|w zMd^EsQ88PQ7M{yS8~J7R_@hpht*Xa7%gBaL&l(Yu8%#HP`VW+|p)@LRWd50>PW_Av zp5|0OJBBzZ@|nY#8b$enoT0-#pJ=s(bCy{~Gbxz(G?b^jn`*5J8`WFR4dkG1BdIYd zrHs!8Nfsp!fwZ&2KC}dg8Rtb5r52Djx>kFyAJZ9PUV2RH9r*Plgm!RpwaTFFB7epd zZ*zl=oep8+!CsK5g3$fzd;oo(pmUz`zaJsum%_Ef$*jnJQSA`nhE6J@S%^jCt_yiWM#Jp%rIQ}l zHbEWqDT7&6Fo9l>Q)Tl6jaB;!$LnYFDXIvg>`q|{JaegHNzie@2cgO}tPQw!ap~*% zIQ@0nR;D&x1-;D__#f5Q1ZeY;kp{eHTgDdBC}V0n$aB)CoW4R$o17O}ZWn3d+Lih( zzoHE=-YYobxHr_V6Y zUzruF)`ycClum)S3|-Ych82DkDTqq3srPdhXZ4YO88hE}{{=ogIP!^9QHM-@&k6^@ zkDyO~IzVplWDO8*jOOue6St-rl&pJKHR&-jb)Onk7s8t2@ST}c5=>(vP$m`myrwwULOT!E#9kdtefnt%zHj^2{@EKH}<#84wBgPcq4NYF5WHcL&!xVXw28v{=$(Y7Q z3GoxnnFO?=lQs|#MG99!BbB7(i{g~m3O=P<77f$bgM4NhzFQ64j&TFa2mRjK42@_) zD?&f+Xp!Me(`iNX;pn|#NgTb_PYo^(?5u9;>8h!<%#CE!Occ?30!ta37~}%2a>#@4 ze%B_VwAK>;n{FY+JUHFWDTPSJFw+V&(@uN5JLD&A#NyCI@gI}J*Ccospbtp{vEz zC4}OV-RxY^9uDzE!#YcMs;!70lVSQ~Mg7QVE7FID#H8u)XP`Aa=^VOAHAZAy-K#_RY)3MtfmxskN)%p6w$|S;VL_%ND8)Z;? zC12j#Es_u$QN3lz`4pe-nUL)@b99erDcTQ3(55{kd7(&H{OBRM17}P_|tmQ8LJD>V97Ry>!s>}=q#6Jye|XDBwHDZPVHx3MrEuv<84^3 zRG@W&mwtcMS@7qOs<+X{|LCJDZztsK#vJT&${DJM(9{q8CKb-Hyq7b9KB-mXiYYPi z&K~2K?(STyGAg_D@Yj=!4PT}-^umq{WFTRaDoCO7O*HWex=>rmEM4^e>-k!7BEs1< ziMHQ14KJ}u^Q(G2ClqE=3%J6b})Sw3*V+v|4#{&Fadh&P5+YyhW;%Nc>}`R8m-J?!qBf(esH( z!=JR$=Uoy^mlGV2F^+g(Z~~MYg!XrD2A=YUEPT}Qo%c|{mtpL4>K!mX96lIUmCGlP zx>7eq&lcKW_Hs!S2wOYc6Z=BUWUitaTj$;xh0T4!clwAHeGvlNz~aDFKmP4g$0aAP zuwuJ7&U@ce_x(P7HgVixyHP$6*KSUSRn;Yo{Vt6raC(yyFA4$i=E}JQuc5hsJ&iSf zt)nxctf`80F4x}Xn(21BoKE6)cx6|=YUC|m=eOCc35G(Y#!?g$8Ju(*F(*Y7_wD2#)iS(!Y(UgLfE54zFwRC`S}iF_dSg( z5!0rihNswQ@OUvpxFsdp`7XAa@JWT?bFxj&Uo(n3v?RI-2QVYc_bh5IC*+(7wcHjk z2s{?2;OJv_8%yV?E;=Cy`7QqpmRf(ITV@pex`@`Gc3;VUeDhfT)c z=nv^5={Y~dG3w69IQKz>F(pv^F*&_xzZY)Cvu4!CCb1U(UBA{rMi}X%Yg7u)&somS4wpv==Pn0LLZm21j%EU)#-$5NT!D`G5K^f>wdQ)|T8Rz!)+0lHl+G*W&^C-k=h(=ovj(L)~bNCs(VUVjumA#Z#6NV7lAsUq|pSx3JOmFi!sl3g?v;tj6(bI0v_@T};)vJ$T8 z)RwO-5hT(idar3d?mi9`8J$V=z9z$}6Xm9cuK}?wOq(v`hx@sBYHBDHv2kAedb!TD z-E~(K#mbLPL5D*QQ>QfS={=7Ma+siWXA^l zKZNRydhAoqJji31uw&N-x=u!N+&rzp3pRj%tts7kQw|l&Q@i7X#+`}DDO!RC(?wkV zCwJ#jf#-n%ON-h8PfVH1&SD}|U&M7?+zKZmO(je{&FVp26PN2m7Ul1>a<;nY z)Ef=OKVK!ObkI4e7yIv_^L>q`RSeL~+s$ue(R@(!9AblsY^3pky7gRIJca1X5=Rmy zd0=r+{B=hn7;EoAv`ZU?-#r*0>lgs(xH|V)g*11S$YvDcC63%44+?rDKbx7ey2(MU zPLi1&A^S9J(Jh_OW&)xkDaUy>tC_Q#tiSov?qC0xPci7>%`AyN9X=K2>XJ zzt8(ZHFI-QSKWq8C?&MXusHv@0o6vGy#_mYZ3VG>wRVM_!#0w1)p}TiXGG<7P3`=Yx zTAsCC%x2xgj--Qii|SHLL6{_p?@!&LJ|{<#y9lswb8$>Yb41k<40F1En%hS{b-@Iu733Saz&Lw{(L;RJ z)Sz0Ey-aOTI_}RE4z>MqNmi-@t@O{HPe!Cp+y>Fl?4V&drkCsb^N>6%95%JD*!v;$ z@xJ`CcJj29)e`q$7V!dpgI)6y{sGGmOzl3OwB@Y2M1xJ3(!LhbYvrFlfa54Q- z!G!*Ak8W4iTIJ;S@5ehk)VT9~!IY-oMDMV}3FGm+pOk9XuDW%her~8gbelN1Jd)9F z{{Cf@yEMo#D+@mw6xuRnvRDa9W}#fX9?QEQMyF4WGKy zTk8;dw8ZIWHC}%&$vazhD78`6fa)Th~Y_0=bK@Xb1F8NWG4SZK(r z)ndmYJ3^V^OKC>)V*68$hMdB;vNveBfyVK|Bf{nct?Yd@eFXpakU`vOOtfJ^i{g6y z9IXQ+wycCg`({ZEdWT4+JBG;pnW>k}i;mMd9U_UyjdKdaaRJXKD>o_}L*clp-A#J9 zaQXp7SJ3d`!{kpX-K+G%YST1{ga9=m_5oJyRGMMzo{sm!*$S1a5%bf}zd7;{^*bw)h5PQj7!!E_P!W^<2_cfq!^ zN`FWT_@15f%5UAngXZTtxudf1#ocFs>7r+u$nh7B@_Ls|%jQam$7B_5Lnp&>XJo65 zDCbun2{=6OJdpi&?J%=bd@rwk?A}mM1OS3`61k2m&E@k1zU+x z{b51_B7f{Qqx<3z8U45$32=L9R8dnW{_#rz3fEm z?}gVTurrNrL`Q8i=V&fkoe(z=YV%tOn3yxjOWbs5C21s=V^7A}^}@yP`}G(hC{Q7X z^=6X^hV^z*^>v1k7D+$F7RTCONKG~jz)j6sO z_17pk{ZA^3t4brKeb%t!tE~k`j$VE0E~Q>)fyISNO*fjpNNcp>VfnGvLqpHvVS)E* zk(BZ2qvwL>3oWYEy1N(Spxr-|Jc1hoaI9rMOib9eR}m`~6m32MNu_dMd}fLET=4q1 z%CQ|yoeGLixB}|)$+8NiIS;+uXV_f@E&lXFGKCc)l%l!C6UUr5N?9ppo1CL|^)mkZ z@Id$kn?6Rttl$<@_i-gAD){S zyLOg5&2uJbyPid|OBsM18vZJy#Z|TEnUgRSC_gi%ARR5@cykU2J=qN!=2UEG1YFw|rqtUAJD$wp`@fTESP$GQ62tb7+#fYZVnx5A=)tKE%| zM#CcWfwTDNaP#(S3WnOpB+He5XB{c@DRQuS}|J2{~lOYg-siDnGBQhUe=NR zh-x*ulno^Qfdsbf@*da|)DKZL2nDy6lpWdgIYjM{v;225Vq%~6Wv>@+r1Y^e;koV6 zd<$D_uphV73-iVCHr+pgm%|!GU*-W?#%C~ayCo;Rw#c(pBUj_dH=W@LVzG&u^x3sE z4n2As+*NjTSkXiq@FWwn8>2d<)TnozapP|BV--_uoF(=z&VP^z?d4rIm)yq*mXRno zez6m~Af5>R;qPDk4tUW@hc7nHijGXhjrBz880tahgRr)Px0W_27GLcjjT$Ch;WgeZ zfJ2sFuZc0YU~tGLnH)EK&Rmdoan(J~)2ejQ&br9;Hi#|#{r%Hq@?QRSvNFbZb7f7Z zC>(FwMxuk|qc<1qsN_#K8H=wJy>1@6TH;Evhs1BcNQr!#)N<={E|XwVnT%p=v^u|3 z;Ew4RA}GnVfixfR2%BxT9%_>zco{!f{v^!Y9zG{Vj%jBjMZ4AK4rj-cUwfYyg+UA% z@RKYi&TMB#T+Q^v_zhjT&HazDWG!Z$dT=D3+|Jg#mU%C$O>ssw%Qps#2%m2?k|Z8= z2xFio45nh2G5B83(f})80Ui?HbEIrzVbf46XOYqCl0$@!rX_seIIodX&WS*R9t)eO zVE$xc!+&!t(@lUexgq}nJg8BVn*A>(663$Uj_f*I>VM<~r%$3r5w^vuuMAG>1Lfc6 z2aj5O5pOjH3@e7*<0LU{G0Bgr6dHy@b8#&Zn{813F~hLm`J@SPPkK#>uvq(Sx>A`R znI-KvBF|Ds27{=FxfE^3cl!dcz(nmmwa$N-YPWuO09gZd4;Wwcr&|Svu-&375YxMb zQ@vZTEw3GT!fItxv%@zvnb9+G=*BfyrRZiKqOyu~JAxHMxQVq-s(*&dS4452p@~FA zko`QCVre*_^SF*WInNVtXMD8b^fpUhgb28sgRhgnGG-R&4&8})udLVG4tQYeY6)32 zwyT_mUKShR#ZD0D({0wPtl}&G>f=8!I$@*AJH^Re=H?02#oyV_yZ2uI@BW3L(Nq#d z!Am1K8a?EsJECd&6DsezqWAIFbi@)dexd;8RO|A8f32lC*;sVGP=Xnhcb6u^pafk1 z^=4thx?ky8515O*4*3lY3n62=#EfE`sS$^m9|p+U;zq&`C&fm}p#{qxr^E6~b+>C^ zH%PW`)hbn5sJ76`gVyJd3=JRz#yBxqDH%UBX_BQ{j-sbd&u~U^~&_mamv4w)9O0zPz)(MR`eHi@m>F!GM{_2mt82_+^PKp+yU3bd~qgqIvcBVLn+jf|?Oe1<07{b1UUzDju z)Z0cgWI72cz>r?PA|&C2EWoR-Kw#6P{+kdMy04RM`14B*T!ekd$>))fD$H}IDebn& zoNNzuApP(5E7B;cyo^o>ylzf&Z?*FY7*0wQAxP?>dlb*@U zz^>OrP+}6s=?P#vsF7ly(@!R29R)7?EwkcNyMDvHfuNQtTVo z-D@(0=#B6Uy;XxZypLGgAMncg(v*aFb__C@LZ zgqKne=v)U}XtjwoIa|e>GoV!*5T>tXiwm2?GNr!M`ppv;YZYBO9m$oGu+YVs;m{fc#!R8 zJSe<27XpIVV}IkUaE9%~@|0P-f36AHx(Ra{neCb;!g~A4LCQ>_Uf3>%cWPZG)+MzT z*Fj&#IeB-wXD;)BZ*hEcpEU^bq=hk8X;h>|)3J+jgY*Iy#5Hf+ucvmZ+B#x(U2_B? z)OPaDF`HR4ltS$Ftb}Pbf;MWXR#%u=`*VMU)Z&4;Gi!R0udl)nf9g1A=U7_98P#1K zTN#5vS-220mr;31)?fV;I6NnjyJQ>^1fP`f(%N^_Qo`Ik|J$3o>?@NZ1E*RT%V{v- z|MqSc7Ct=2oT{2#P>|FJXS`SAgY3E2f{v6%0#mfy$2rZ}3zploD8ut*uf)f8jSvP} zAN*uILfwUFtvfrx6c4>NjtwOKKd1UpH?syjRBc}zbo4jKi2GL7?g`|qDI|4BS9k=j zkhUm%9>ams-*-O*Mu+=~^=Az&p#XiR+f1KPn%m?bk^YdTtqN>1sXw!irbHG@@74l}9KLF%Dn3V(U4%Rq$Ilb&TN@4BJ|XOvY&; zSH4m3GVW6t^V3O=b;~D_+T3e@FGw`jJ{WY3C*(dNz`eU2ZDL-Z7U^R{DO54BA0eW5 z9Up>&M@ylolK@}lk(<0dz@;B;XnPq+2LWv@cO%=DH;KJ#z|caN!JX_nQjR4gCJ&BX z!G(c_z|nbn$-EGO~z)p_DtT zf`hU?zb3~a(O2bm+A$Ad7z6bJ@OP^rVHr&Y>E|);8Y0u=;FVf0`{&C{yHEwcg%`d_8#82Jvp;(;2qU zgcJx*;f<yT?^9OZkmj5 z{k-tWUSjPftfYg#O0fy9i6>Bs?FP;5_YjS8{X~$^>b1|ST~NS7vnsATIVA;L`Ob|- zNItzx^zEs#mEUlkX|JfL=<8i;FM751^hx{$kRC~Lqy00fV(RQv)m=oZ;+T19T z-jx8f8M`h8t8RW$qHi}9!0R`VG)l40K zxj)&YDNouv68%2_>Od902_ou6yoH6fSRj9Rpox)b&$&My2#ZSL@5mSH$rU%zxOSGY zMR^ANN09lZ|1v659PgG_2<&*TGd!lQKZ^glb%u{P=H*U4axVq??!^wlVSWuv+Sxs@ zR;frghA72zhP?Rd-%3+5FZCkBhp{bPNES$aS-3RmLrD3pQr}Wk{w@1L(c+wU*aFN#NcmH$BOcM zo|1Rg%xc70$|=_ezDsouo(`XvhxdA={pzb=aF2ww6TWBmH{D_7a_7KIUW zt#{e1mqwL&kG~y40%^K3kcIdo_G~N$5ld3*4xjF_s9+|3A$y>`xfWq5YB73QPQZwKo++lM8k$`2}rfw?3`mYXQUD)!IC zgn8}IqQGAE1@kUX0kh29=gjl!)+aK5DLDmm{QD;TTuLh~DPWcsY02`Tox{f2O13=E zJWlxMKDHD^-t?wL5@pZJ$9tXOM=|TI9FlWq?J@~_-zTifu|Y{?raJc~l%f3!VW*5I zYwzPrD|epG4A^;P=|ej%l4)C*4@!nlI>N3;%zoFqz42h$aPZ2ZhbW1K(>~HPjnjpV z2X-fh>m^P<3mLHd+-E_z)x~9H_xwbjs5TCCPlh>I5d^vX|&k!pFHysE8{|zIETIA zp5~Hb6S?$&Gzqj)?6P9)*+b+MKH^`ehk?M@WW|zmDO<_bf2Vi4{8NTW*Gg`K%C!So z93R-PQMN_fMztMM6i@HVj#SYlZ{=MsB{QQ+IIN2qecU0nZsp?Cxb{`8gMqn6ERml= zGP>DHsxJ>t9Z`gR?8{Hdlkv;=lCa7$`8h?}e_Z)34Lh)4$AAjMSVp&}yJaHBVeEiU zz0zyKN@(3(9ub>}0fk`)m@_edx*{yYp!QkgYC?M2kU)%_zq^Gn8mH`|&mmm0k}MHB$Y1u_#3zyXrZ>fVona5^?E0l5 z^W>AH>bJhtC3%V%`;d~&Idj+awjXi5&Uxv>i*!E@P!+qYowgyBKRc#u=l z0v?kdGq=d`!DUzgGum$hiq>9i{Y?s;csVPJ2c9C&G6`l#mIEUt}_y3k|A+oZaF$l__b(xny5h}dyVo@Wy6R>Jw( zKl{k|?Qk{sMW3(hvnrH1Gg8UW4LI>V6E1eIx8QM!UsR9|g-tM!Z+je1o~6+kcUirR zhyh|rCb!PTZY3d6?F_;<{Wa;(-4KC{EXR`6J%f!MR#dr>vBqNWb%w4v_l|dS)TL|p zyRr$l`yE)ZC(YZ!&vVwWZSV&r563|TRW4@-{j#~S6R%4@El-$5$TQ7qeo~e!eJ^3= zT~St)ezbIDIX2?IodBJ{QsuiNo6I#bsB)uGUunw~DVaEVt*~fZYy#0Y?093xQ>u%_IE?PjZ!Y2z-muSsWpIUMLZW>j zU2qe%i$}Ix6i6`yx>9%aql(fXBCy}`inC8vQj%H=;Q4zXCktmf_uQ^)ovsn9cFtmR zgk@^sCY5Xu06dYO?XG~5Ep>B$tG8Gt5W=}nL3CWj)+CVE*P*`zOet-mYwT%6jK(s* z|NeWvuj;iQT9k%z=DcM1{QOLJe|~$*rJ&!1ft39+#c>dIU} z#7d)7C*9<_&t_O(svz>jl|rR(G$tx7(3O-%DQ%hkI^jFx@D?%S!aFb)ji!6$MRD0m zDa5yU@vc2bp^5<<)sul;2gozvw3n}dz}m~Q1E-e?f+X^lO`1bIsn56YK9 zJI``tFl=l=Pdju<=HkLm0J-AXzidu`NG2tMZ-)h?YOKy4%P&%3kCOwKy4Iic@lu9p zei%qXb0;>zi>WE2-Sf-D947yDJ_jS*DlTe18Hki|8N(bn}zp1a8THY1J4QF&&_M*TM{O7gjFdfF83 zRt9N0uki1;GRe8$iOac(5C^0u#>|=A@JP<9dajt{-mX=K3ocB&vLJO(vqYDN(^R`nmC#_uN9nm9d25yLLwVKO&I3-QZI+JOT}OmuLZ)8zMK1cieM=( zMgo{KFpPl9fl?Z7r$dorRQl&a2pA+9MY`*~&g8Z00r`#q*~R^KII2ku2^It1GS#Q`x9cN|2Y3&KNBHH9(@c zq}h^*gmB*FRx-*-hHNoc(85sXiO4fjR=EXO<_EX!o8ELww`sg9@5!X(Ip6CHjUrNA z@9ED_hjr!OuJx|Z=wxPp<1)``(kl-( zoguqP=jp9e_k*Tc_(^$Dr>FvzWau*rkEOW} z>z%m>CjWZp-KjtKDTf##cH?`*in8TK)@;b1`sPuQh*)Damzg0T2=Ro)T3Ip8J~28J z`8#8l1}xi6&OR*^ZUPVPJj(fAnO=EFio1>S?m6wGY_tY#%OPW$ZtlBXXw@}^D=p7# zP(p&_dt^MZxKiSU)Q`5<>xXP2iDV~Hg zS9VI6k&nb_7S2UC26ZOVxLyy>@DIdA3g(d>`>t3IPw`agI}glqt;gFvV3Iyfv18vA zyY8l0MBkEO2j)y5;u^}Zda&_f=n>fHc&{@Ubwh|%tKNZisNmeol389794$EQJ%#M6ynO6{ka@c_4D5FvE*Dws&gGmBAVeTIX@Lo z*vI}=L7GuaK^es0EaQ~IWYo}l?l023zVhL7V+J5&Hnk?q#G&KrR-%fCRFEr)!cFj* zx`;Pjoh*@u)qDUuKaxkHFx_1tJQ zW^}u`3eN-KO@B>#o_5YCl59V1ME722C`FQx7n?+7_F0X1NnZZk>4*!ujL~WIlOu%A zy7O6TMKFnhI!nnAAuMTjs+O#z@NJh9d%rcV+5X%q8uyoMZ-qQ?@awm3&MI9+hpz`r znvT!OOO2!n29n^i#CjL2Wj~rEFEkO^WSE|FFmjW0HujxF2RdNSL$TDi%WI5?l*%_g z#GXyEi8Vdrw+mx;I-MKWAf6?CQN!gNSCWl=t&qJ%R9?F^Z{~ED{}5bb?`#g>T$Jx^ z$&&sAz&ob^q@%)lRvbG`ydxtnBXheJWuS@5SN71?BDO@_#FX1DGw_b*S@rsJpN)_G zMYi5L2MWnYl16D&p@AOVV@ED_aPk(xJye6>-LW;;$%060Mfxm*SmAa_3poXZsA~{R4=^bUK}cKu<}PNj!ALK zGQR9%?Ht#sL-(<1Q7R1H-L@LaoFWl^vHNaX+T@bQu+$Lg=El|W(!^9&#F zb%y`;b%uHYi&^psmDx5?6+0TD%A{Va>@o!(ZWI@rEjrIbdiBo04?8&9&S+1PxG3%j zAh)x3#NaN5$n0k9>{*J+l5RIQveaci${%9hgUXJpG6C^Og$H4$sR$)|A4Ol6TSM7Y`ZcNuM} zT_VmGJd;oU>pQ$ecR~KEdM~m^hsc}?c9JYnIY%w+Lz4=P{f+Xpk_g!`DPi+4At%(& zneZV!L7lhW8Q*yxIy<*mnGdD+kpd6<7kT|3kr4Y5K$&?QmL4xDKj*8$!Glgx(`@#= zCPUdeIgfiDk&pqtzP9^(bvVYVqp3wA&@qtb_|64&BbN$ zqnj(xy9tEEhF>@_O@=&*IPGD8F!YQRJ9-}mRGA{uP&ttn>`CkkTD+u0SvJS@zT_~Q zrwhqkWN6S{=F$^UH7;(3K zD5dh=+0&QzCI^iUf#6Btz0S~y%95+%X$KZr&+3`RA(tJxin3V1d|j_O?U7(d;t6lX zuZxgbU|d6=ul?oUB3Oy7@8<3^?%C@+*X0mVT|+|WevaIR4V`H~itW9=fGx~xW1oHH z4*^x)?FOL9kgq-JG!i>>_UW!uRN0&|_TimqTISp^pC+w`ft-BiduQlAF}qJ=N^G)euCS!8!ML;OrD3!Y@CziaM%>VxPzw<3Wu1K==u#&?^ zk~4`M?wMi}k`w5T@>N{Ei;8V!l{Dtp{`Tn7N3_+jspBCj9YU!KVabZyZEonU3_ zVuVgY+LH|tha!WZ!t2Ivb}5i)p)?2uW-FOpJ^z%fxN}p4`TF|${QMMfCbt!gnXd>= z^7lj(S7u9|uBoi3GU^wtRGBYgPa)U3)#vA@EMO&o$91Ufg>S-6Ol!liBpFG{NT@O{ zaxE!0d9fA?LbJvL0qCRVJXEYxv`O}olIkZevnD<6S+SmRu zRxxS%v2&km5moS(Hep5TdmzEap``1Zx}4>?ZTBFjSTFy23i6%f9@^v}SHxvrS41kg zo%Ll@irK}aduWucAF$vPki%`^snhp%$#x)ZQSS^*$#ltz;noLDHAq?ftK=kr;TlTSYq<@s%u$wue3 zZ^(Ckl`hDE@~D=>{71)1en`J8CFeepcB?)w@g<+mJk)R06$@3b;9b$80R5Pm?L}@OuLsUp($as%NQfRTWx^$8Y9}0FbBeQxk`3OszVQIaSjIbzW z&0H^t8P}8lfi+hbS87F-i``+vzMsv)J^+2;#HnaH?1`V-gz}enyA&_QSVn%N0EfCA z?B;%kC=6;|J}EVN(iL@GTGIL1qXXBqODs9$7|h8^&Pvd*WB(#}srcDY2dzosMB0RM zI@Dty@z9b~GmpcFp~80DEL!sfIh4Wbhn$keDPuD%Z74T3B+9Se0&KwqZ$OB@`8fEbImpwxb%;d+QlW4^!pbpEME!zNmf9z-7#e z3VG4D_}#iPcKfVlqg*r}`x=&%Ct#*^C>c|w&AB7Y*X}1s4w_{)$Y31T($!jAUcX)D ziBAnO7v=kIGTz5Ex>(uZRegjm>oRvGiL+QGudj`4TYyZ-4t+M66}R*(?o6N8qtJY|)&OkG<33p-X}B zM1&Goou;mr-|A|)j@i(_Xy-WxH_o}R$6y#5C&op>nGuv19Z_Az&QRsW*LBF3(d|m5 z$4h<1^>WMiPZ19ul3|ARaF*usZn@AO)zV(4g{WEDA+VCgusvHQol6%>HzzJ0HWZ;o zW%6+oz3DGSOlx^%{V4ItC>zzJFKNEl8UCv43?HTco{($O=@ylG6e1dJ*Tt88MlF9! zk{vsR`6kOu8{!CV%HB={>!6kw%bvT#R=|L6mRmTAJfcw-{3QngaT#wO@ME7mdtu)i zTFS%B64fO0P*?tCUJJ8>>qVEz^>d?#@HsTsiG9cdw27cS`EXxA))Fn!I6n0%&EhHx ztA}+dPsuF|JYKzPLU?v@*Tq8Yodk18;)fQK>wzbwYi27S&wAnA$%|y)TuPM_ZxNoM zQHG}&Ggr+d*Odwi61;ruuVJE{Qws?k`8`2Wpj4-HlX&?Yo^BIw?l!Ru8$2EG^MsXW zA(4mnkt>oIyB5p5L_S>gE`>a3G%!B%K&Gfn4iuncn?J_2m!7dkec$2F`jk(Z)&$zyBO>qabNrKa9U~A%@}`jf-LX)mRM$w03OmlVqq4G3S9&HTw;$< zl0fAN{tr63l|DW`{{HvB|KlJ3Shui=ywakqq%U zZ2VR>>he#UO?2APJI=NP%)>B$(_fqz>EEIf($Qy__d0{OQGm zlzm=Q?up77ozN5e;z~Y#y+lS-FEZdQZoGHmDFAwXR$tq3*&J$NJ}3o~TDQHUckKcT zX|W5B{FnQ2MELSVgZy>(#N4e>g?+1a_v8?#C1+-)HRN*k^+ z+{YyP&TBJ8nE^|Wq}^WoizKp@mBjL+^|=W}Ot-cVh)w2oj)}$@m^*oR%JctWCnEXA z=wYMbWWtXn<=xkQJaA$nM}aBoxE^OoVOc()69vO^y2|Ze`nq(}Aw?Wg&9_?V+7fI_ z^pzcuK#p~jTbXBEVA+jW<^)RU(kAh`6zFWY+?{)x0$<`2wp3X-FgmhzK3x=<$8`X3 zqNmP&JgWUi18-{2(96)~CWWO={^c6exK^*+)Dvsg84+Sk%HTU*9VAJIVT{xzLlKP8 zC+>4GN_aR(q+Kz{K_jWlV;##%|MWPZ`HLJ=A*cy(IOLG*xo*sAs$KI~&S)qzu_{ z9Bg}5q-=;Siaa8A8LfxVVBMD;{Ua<>wE%P{GJpQ{#j>%_;-re3g_9%SAw>=Yvh zy1d&BAr7Lx=}jF-qRCFNn z^0GH7<#!}G;5r|d-a5dvl!u5pNb91OJUOnFpnBfHu+tI+CCm7gtaYd>GDiag(Y>?4 z;!LbMk`F}rnTg8m(8+KRFAK<^A;p#$c2J#h$Z+uWow1*Z3jRE8 zYo*v}d?_i$;Y2Y9d?i}Eb&=d<&dpQq8t&#;l&{YZTQuaR60x(>u%264W~wFEYh z`o6Bu4lZJE=&jI_;=U3df$3kj{YpHwVkff-Lr+Zlg}1%Zs-ADl?47ihBV&(WLa`*V z1_kJ;-w{yWNaOZ`e$myK?6B)HL5YBKSLGr82IDjnUKQv_n~p9LoG6vW3C#Fn~x& zcs(OfPBKbeA1X`%zov`Cb}3BR+)4;ion`1gf``G*D*`|I zh%GX9vH&-&xOv55K3gESVdI93y8|}7`XNY5t9G2-w%L~dduCqZP%1tVxGd9!l0-4@ zI+9D750Y?2MgZe+M-Yl&6AvT>v9jl-T+k8Z2Ta`&fxUj@qE&)f;^=i9=9O(tROet% ze$X&>JiD~qg}QRuuV25|aj-dAI*|w!%DddMTG~*&8GB4UiLWPjsZrkg`uh6kKmYmL zZ@+at%b_7L`+P9ee(mol5msgFq}YkZ*Xy+&PKXyCQo>TMKe_VV0#U^*#YkbsKAej_ zGl&xpGIW}jt>nc#Nm^DEMd&h7LE=uf6p1dgnrqEtPt>Vj>LrD_BQo|3!;I=;4D2Lj zKpn*3!-m)Oim|wsum{G>B1X1&8&=;9fj9ki=#T+AT#bEbcPJ?&xIMQXh!N@a_^*d^ zmzv_e&ahwkLC^Sbo#7)aJ9k)_`@Glh-iqZN;Q_c(@!-oWAfR!cEKHv4LPXA44TeVb z^(Cq6*9BYNBf5?`n4`ewP;~xc4T;9**y0#YlZY{VVCCQ=!x%5Br22h~UsC_P2*{ZGwHkymk{%{gf>) za)uz|A-6`E2jrq4L4N1lELTg3|4~h$ojI%IYEkTf6qsex3*@=aV$HfgK0acf^RFs= z0kccuh>ga-o#g`ukyza^BkKDh9ojG}a_?1csw$-t0Vd|{rTRji9G+7dN9Xe0#c3-A zCFf4g&hnB!xtFcXGtrF9gyF3`E}koOsLQm#Me6i#nZ6QW0~065bMncO3`3qYq$z00 zy!(X{#7tZhb2+YC1&1#))V6G^p9@oLc)R&2iZem1xX6Ss% z{E(86+uX^$Pa~Hu?vOwy(oJ*D-+ucoBG&4a9CBx)qR#93dK53F!Tk%Bj1KC44ioPJ z@@Uwa`IoLNO;>VuA=eh+(c4|>arE~lJ9i}5t3SngrfTsl8i^CT>cL><`RoJ=Kf_C`Elr| zy0rd8F~I@b64~U@ij*Nr$Sn&q5fi4;!*!BBAG@%{@>c$346{YLQ`)80(zQh8HIcs) z-YpPSis^!F?$e1cJ9cz#E`JYvWVEcvG9@{dJjP@|^V&Z?CAyD&yHm+w>|o+TxB zWOY7~c89tavBw2X#~&2TQ37Y{YV#-?k-I#nJ4i~Wk>Zk~`NdYoiWAAas{+_9f=&`?x>f_@hmykqjuHbkEqZlQSCSHNZ zmtp<(+iwZx{43G73jh7@e_t=a64(!{!R6l1To)^&Rbb5U=NRMn-+xb@wEx&w@pA2$ z09ZMhDJA{R&nk1ywfBnJMH9RwEWP9b7@{&G zLPF-N+Nvf^$VHLu9B7A8$}Lg&s2o&Q;qq}-6lgI&xShp!>qlt;w^e!Fg*+Hg(A8-g zundJPeeD)I*syH3G?z=>0j6Zm=#D+^oXM?8S3czUXJFKtIVaPRymhN{v>T+%&(Xy4 zoBnFlfx&x<_c}u-`5_oxqi9kbbI7!TE=?_W$(98~PWPI~-wE#)U|Y`rqZG(h6@AKF zd@$$%b7h&i59KBDx``P2U4`rxn0J@$!20m^@BvUZ1nn^y*@=TzVp@fr&$6MkTT5MoTLKrejCUHS% zUJG`d5=h0vzvO&KciyyXB)|FHwCLR}lwRvPr1e)G3YEbUyHhAeUcWV$+$!<^L@#Gf znZLz^Rb1XP%`BWsG=9+M!I9l>xLaGxOL73F+=}EyTR=ZNB7i zn9P^GK$t^4Mplx4;a%@v*SA6Gkw9i!)w%i0V>3%~YZ#sA9RZEWp?U7sWYg2K?${Ud z_>sP^eP30V;*pSQShD}}Q#9Ik7SFrBELGsY_!1L_o(u{BVYm%pZzq@GcLx`v% zx}-B!y^MG645%_`%=bFOf6_X`$HcJp)<*86+rGqk4jX`$gQtU%haS4?x(>ziO39YF zzKcNiG~Lr7_l<-~2cT|{5T4G;EeUBTVV(-+MNSd90!52; z$!%gA+S*yR*s>w&#cc(m0_SXW9}y@O$x8N=rS55e`i1UrGzxUH6{(UKhT3WDf47DhUkY#&3QH1xuj@tffzV#tyW~Yz z?oC>3k-Xn$UCjMxvayaruDWbX{3UJW2DBv!*Y7w@<&W3(X~ojBCA7R)u3@o!c2&8Q zDNu=ODf8gXg8;F^+iywrb79t!4wvFhOE0d)pG9Pt*zn1flf+1J6Pt(@hvo9K>6j9` z)Km&d{vwRapC!wONgZH36+A(U0D~OlF&LB5z);GSEhRZ1IjTrJLGIshs#Gcawyyh;CcLL)84m`(D^hh9 zmcGrEx^3>jkTUQtS(Sm^aV}jPFg2xhgb;GvZt4bfWlO8FJfn{*Q(1;1hCE!Gq|wT!F$^J8kzk5`|o+qh=>|j zH?!=Y>x^r0}G5qS387 z=ei}6j?T<83W%$9ORyw_52Ei)|E=^83AZ`6RZsa7POc41mhplU=>*M1?7JWD%qba)Q0AJS| z(AVn~{FMr6WSI&QPVxYszp2{55>+M*L8r8lZIt-OV?8>+KOe;R?}uILT9#zy9XMUF_aDuD2Z6XuwD3k< zo#gKt&1)fP?AcO6exM(u2ea0^cB*#EJsI8ETp*2P#)yc2{_~%iWWKKNdBqhqxpyf6 zOfRg9+yhm5mTFGhuR+~?-MrK*`D7EBK(bxWglw_=aX|7S8EZ-Ti4SFPQNx3a=R4PQKgy7k(Zj8F z(wlZUOQaH~m%qd25^ff^!+F>wz$PD;!EHEp3M5>rHuu@}#MUaexeJ_E@|D1Boh1q2 z5=(4Xj>8B;AJ}!)%NAvP#+j`LAk(f`b?$@Ia=Qnw3m+C3dv8RZvgu=9{User1x z^v!j>VH5k(-Qq`YWnf0}BnG8p7WL(at8@Er%HwQZ{*uas@LaGmwCSv~Y~s+fz@^2y z@O-ZLK`ANI8E0C;XR0avB}kLlj4Ix$2W-m~N;3CXwwJZOK-nA>`S|!) zKlnvgS0{Fm@UG-2uG+g_I44h5`L%o3H!Qkk_u1S(9XqSkJ+a8;F!OfvdYMeTVwvl{ zzP|EZ`11F;0QtjrzA&?~yk|MjflmaOdw((Zkz~i=Hi|_~Hdo4UTZXsF{3bvx;Sqg* zEz&xFVJl!b69cN`Q>y8|Gc)AGDN{}P@WAywNH}Z*yQEnf$L%Am%BD-ppG9I@qZ%SU zk9QAkQLvPO!aQ{MoBq4$Aq+eioxGPU?@Ay@ihi#%oatL(E7|@aSo|653?H{`#GdG% zpo)|m6K=-@s{o%aKJ?Qq(IS%2^RB-Zq#O5$I=pfoIxO;jcQ&steWFw#Dk%SZB(a*HOXLD|a8{MkHE{Qn{(KQSLlS z6TPlass|8~k>z^q!|? zA0HpdWHtTy`6-)sk`-5@{6|Lgs>O4H0n9VfKR!O@oa?iC88UH2RsbZvGt`~Piz2G$ zK&i+yn2#m$E_c<%4&71BHm41R1xS*zh>h5Tj!a}VQ1B+&$p#|fTsAapu;F$t;oVX4 zpV%Mg0iNC=uv36TI7|Nd<54fgWH1vIW{4AUI)9f5q-&R2r>{Ne$W1tuW#lpb1bN|7 z!cu0pj0j0Xjq979E^2A0Qll){+0ex+ISag5K*lzVBR;@8BqFziXM<=ERc4hp{S~N# zw4iak*BRdH47&m6PO;~f50}j83HUs-^WTm?`><&f*FOtbjt`M}VrC)<+Pjm7g3W58 zC8+hz;AiBlMm1B7#+9Xbu|I`o?-h?7BtR_72nJl#G*_p>YC@jAN`WrBIXCHgvp{#q zrBmu~SB3&KqaTqd1>;*bOM`?#o#odIli7rmnOtUK5~TfwKT}oCkohL2JYN%gWF3s- z7oGf;0C-jhaOOTl8~ed1fh$wfz^hLOzHLADPB-n~+ZiMn(_HgfF=XMq5`ao+F^LYb zusG4BO&z;%<|J)gBXyRS_!^e*opWB{br<-cHSH+@C6@8RS)Mp&`B|m?PM%WKb7DN` zQmXb{Zo-E!?hsYRU04Y4y4zpkVlCx}@E*nM9a6IVok3A@CacV5jLpDdy?g`RLCt_4 zMg4hgU&_<9<65-Jzw14Bb04>PAOw&v&3WX;j#c_1_F$n^rMg5n}tf_VG@2}&gvi)%cV8VLow>9Oo~lZd{B zrKnKq=AmKcic65##g^lJw>-bEdv&gUK#< zpX4#B6MwOFhL5hVqR^6wBoRm7BgWBcOzvVAIkrP#p7TFY+5b@*w6;_)t2lqI!Ha*z&ShtuKjevV z{wSZKI|rJvR5Q7i!<|L)pe%MMu00NJmb@Z+WcZAI75KV7bQKtWr448Ek&B7LKD;i= zIut%8JB?CKk*pR!P zu3c;ao=D3d14KvA=?AGgwiJ8Z4f~#uGZDeMRtVj>cUz3p{Jm0BzSv0MC()e?Qj6jG z7y{!lk@mVitmzRU>1e%;j=uA!j?`lAV;gR^BIMQ{E_t=hx+1Mi8=J=dS$c}$B}?+W z!7RZaB~OW({LNm#BUj2(__42IvqPk&k{?_zZ*kb@HY{d^m2WDP_>CRF2efy(dl`|z z&D%NXw#D1)f1JAX=+P97B20I2Im_9Wz)KgbW$Vu1Vn&IkOc9AR$-tfB6Mdg#hR!Tu zSc)B!v|EO!Okv!Ni}JytwCl<`Qmz01AOJ~3K~(v+w33L_fj{OSB~G8GHI*BKsaaSma3Zr1u&uQS~5z)H|~$J`AO zN+#vMG%@9N#~(%v2VwxQxAU`097)r%Wq(kLCvU1glY8-bUE$Ng+9eOT-zAYN?r|w2 ztjN>zPRB=vKBd#Wdf8|xUUxV7%RpoW|JkZ*;FYYpl9aGCvIOwN+cXKkGK|+T8Q-%& zA)|RMt_S1S^)lVkN@9Pu5_@ds@Abp?#HH|5x#KC`DGxrl@hPxm!`vN^iI{fwgccQ4 zmR>UVPR9k_SnvLgYrtB%USeUjk_$$RIQl~TlBxw(48^Lm9~sMnBQ5i~$T2DQPv&K4 zJN)EsdVxD!!k{?!ZZ-N?6WOwGh6Ybhu(~j${quL(km%l(6ugNkMAU;`2O=KWDAjj| zdP24#U8WtzF(xki|xasI>dIWlOwUb?((}ZX^^s& z0REYO4*s2cR&;&6*4g6+jo$QEptI`*pNvh1We0WP?~%fap5nToexh1fq<9_}?{x+% z;~tkX!b+~uFDFHne{*Gr zv)rufD-^M(Do9L;_4L(q$F&bN;z?hM{?-4t%(r? zONjxg(wQ#y3_wqbGjK=^l`=DHN~TvnSoPTM#|XN@(78jlFuQ*Qj9L*N=4YB-*PoQ*yld3 zC^2>xyCV(;IK4TD?Txa7CI_nK2A6+3`*?ZZq5K0%c{<-olzF}_8S>wOL8gar3ZLO4 zd$A9K5ji4b1;_^p4BvW24!>CSH4=Wq6u~Y!9bw z#x+q)%qLITH{>H=`8Vs1YoA4F+b&?|zG5=10}F%Glgu-)RGJGD0^Ke&q7MhJm=a3% z5N=&I>jZdCw*vx~S%h~j<M^N~gH*en98EBn_QSv54W%y;R*=a4PGoS7COO+`_xb zpA$0{``X{)mx1p~{9G3vwqhcR(+iT!%iJ!`6^M$0k~C5P?$!*0hs!zlp50}R9jnxx z-gl=<>r%y4E3M}|neb&f%(F@vhKJ;niqC4qMWh{=lvg_U2^#6>F04wKe?Sz*J#x;& zvAe_XCZr{(z1Xd6WOx?oAfH~)=vRC>s9k?+e{6Wx`;pRp5IF0CG5Xx=CB*py3A=KZ||tH7Dkuxh~)%o3iuv!SO)` z;dWH$+jMq69du}#OgOfFU1#fj5aR)vwFHztS{0l4_1MkjNkK*}r4e{Hf9H>{{iAqu z9|;Yd-JtMtpyOc7IL?b)PTrl@sYbdl1>oH5h41~XZ(wl=i8jx1lIY8(Ga`6vU`0d5 zMk$hWkYcirEHI5ssVI4tNRJ#rfCE(}w2^^J8LYNFH#TEUR+Q)Wi-fz8Q`Dsf90H zWxKgih#&5xY_veO=o<0Npi>t6!V%!He+zXsqgz6YX{Uo_>^NjePf&9o>SZfjVj~jf zo>wVPZYyK*6v3#hhp^ze<8VN@U-w)ZSDNB}Ix*BlFFb5OD8?7p1Y$?{3nU!#uCiNz z*~Tp<61soG@<3@liXBJtL_vcP37vOx9~_$&)%f?jL}3!c2dN(Nr2KjPfN+=RP?A?9 z9OPCREP~{&3Hpv5CC7Df#HY*Sppw?h+$ESSlbdKtgx|WdjI}rYW$Dm+3NeBh-Jb9d zZIyuk0Tj<-Gos78Dam`CAuQE=cb(zGTP>T3CUK8_(0@?uA^pLgO!#=lEPEQ^6ZU4` zgJ9X~oJR@&eiFz3kwBH`IpX;+Ylm&e&%}S@$p!I=kDYl`1)Oc;Q>`U;6>T zl;I3}3OV{y+%8+{<+1%$eH?va7?etJI2*?-*;&4mmd)ktksGYMtrUiKlQF1NS?^|^ z_9;Ws0px5^49m8}be*A?TjsvML(;AcXBkl97e5$9KuSP~vTj({my5G3Kbue$n)}3( zs<~3L2|9;;+OX_goXKr=?X);lJahA8)m?Y9o*u~^&7M(> zQo`IPKs}V~Zj}s6vBlA@lR^%YS;3jd2CMqb~S38jB#ZirX z4oG9h6R}G*CEZDKV68t3MQ{4wNCyBMy2bfkXV`~2QCaE#6?MV>oXR9KL0yZp+ktfu z;%qo^@RPnFn!exJo~cX6<=CZ^S%jCo9}OrE{fC6vzX5HXq5hPnm!__}4;)MIl|xJ! zkyBbv7Ov5}W-Z%h0bhWzAHqPP6*w zSxG~V3VJJP0bghD!iq9Wj?F9~AeSlvOZO35;r>fScmvcKGxTXQJ^GlY`x-pZC2&t4$#XBkoVPl`XrATh-*x$#@#T1&6D~w{6%+Zbn=}x2o zLE>XLSBeW*RDl9?F)os)U!>TusoI%n>aa*Db6Pnzok)Yc9u1hw0Ke_J(opVVF{y(& z8_Jc1=O&_>=UQosTjp*7H-3qt1H-QTLrsM;tH>l!MoUtKO^a*F1t353%e)l!YEtJP z`*J^b5X6pKS-lnfyzstia$c)fIhT{29TLtoxGb|WOuV`%*x6RVFV>JNWX|97`bju1iecbh2rJ0>0KU2f#X z6zsKs={2zQDY{7bWOGuc^oyv|Mb<-ll9b-`UrFP=&H(zBI%Uv3@5}yk=vHg*VcnkV zO8X8h_r$b8|C1i;mO3F%?$`dErq!Ih%V|xz zxc7&{I}vhTCmDG~@LcLXuBj$RIZ}RNIwwnPr7LC1D!T(@8xAcw_w5g|wJl9YXO);7 zIN(_h^j+DK1j+6=*-GYv%Yo@M%{8ynremM6yK3dXrJPYs&Uu70%_3_Aq%I7_@3DhW zj3B^B-%(%TKXLR)PJw-WeSLm@inUW7K`dE$Kjl?KcllA48JPc%eQsG6?pT%dq&%bY zVc~NDmMOs;*bXU99Q*5v#1yN_I^^qZCFSZ;GFhK2q=gBUT#^%0thFktw)Udt^>KZa zkUFm23YiJ>%Gu5o_@EjimnAbI!j`S`qA=&(Wa#ZKt;>o7y-e6sqOuicq^R~zhGnPp znnd@gRwolb(+=PVX5a$R^{@CkRd%sO7q@w-Y*gMCABjdUdzoP8JGWaYr{C(3_A{Eu zQOs;E58=wKa}%li95S5%Vc|nCczM5A=3c&1psdo#IjaxFmWW~%K{ywbC4GgV$U{ch zinNJ;PcQ3kE^vpXAP*3aopLqYcYq4W#a3*6Rq6JRKlIC+{yJ24tn&Gh4lL2evttUJ4o+JRDHkSWosPs;*tq;+ zG+7iA9cf$2R%Wen9gE9Dn(-i%s9o$Rn)^O1IXCLeMgF-jl6Kifnsy|VCo9E1&W(3v z^-99l%}!rCvCP2wh@|2&A-HV3-T|Pj`-EI1@db-L&$^{6I}T6S5?5k`w5?#nam(tA zJGwp>u(DPe@&~b*6%(BDF7{;0Wsa;nuM@izk89#tm=PD1*WwyV9v0nF;4Vd%NK5m| zD!df%ij={H_b~ag4|2zjTdx0>@+W7x>&QPu;=vSIG4Uh5lawV!AOO6f1KPu2DarX^ zz)l--P)>>=JP%g#c)6|hFCzE**Zz{tfXXF+%dq0DQS}j0<(xFWrB41X`vnryuUr>C z?i9&;9(reu&a!nD6BkI+@hmXQP%6VA75A+2oX)b98R<=bH9F)&FVK~V_c}vEe`1KS zEBr3oE(5F|?iV&R_DPBiW{L%@&aa+8lgbQ!V0EU4>9REC!@6aE;M~Fj?3TH3{x{_4 z9|Nl#WRw@<4uWOt2V33t?o#-+FBAdJIVdwonf1z1%e0pSGnPn{lmD{OwMrrb2u3U$ zjcSd?$4??jn0G{-*pVaVVsq>5GtNJm@Tn}@8rA+Ce?XUt=Ui0Oq>!u1nhyQ?^($+Q zYu+ms$aOApD~&&{6}o&?eC${%(^_7noYU42-31*u^x+ObwQfrY}$`H5GkYti_ zHP(aIjUaii{E;mlLVoP)1*|I}lfUITN5Eymc{CqkEEN&)JaO?>X9|bY+;hI;(9?oz zJ#pranCT>ZLZSjUsK##pGGlaCO8IH_pGo@z5)bB*F0XfKeEs%Zm&H0$beXE-bD+|; zY^8&J*Lv5ACp3vZPZSL5QqE41QO%8o8}09cIe!W8%zI^F#(U{&$|=b~5Y^$K#MPVr zQq%>7cR)!JP=~Dhgq{RuG&%WU-LgM*Zeh`J%Un4B8={H5_P3hj`09KyjwwAVW&i&L ztZsDDr8%LpyFgaJG^|)y~CpU;f}`8Ck`XLxQ4mnw06!y_3w#okw92=l1d8QCeorb<5L{ zY0p*tb-hTQwq~B&=!A$MUw!SN5&i> zZtYT??pD6d$L&y}MU0uwiake_sFN}-q(rOS?SyoQ@>bWP;NKBm);d#H<)CsY60dlI zn)}gO;UiUIw`yR5msh^7uTo5$Tgg*qVe{m1tt-h_yo@7v0(;-Q!A zdYTpEbQy0pqfgI@`6IW+WJt=XZP6=p!q|5|d5*e8U1w@1k9P@VUgr{axe9rvGGHa$ zl_Hg_x-zBk()u~lJEGHBIQ<*;;OdXiv{|1Qa6Ef(@!wk=rHt5_zn`$`hz9Jsj9UpM zJmsz; z^@FC*&Mx~QDNz3YHxp-=dGSeSDFx2>@G8<-5;>U*4n2BUSo+Ya?90n5CI9XOe(6wZ zAyX`J@PjJdLt`1T^YmX}_EK(*$?C$EBigjsw2d=ea-?9?QP_H|{IS56-}$0!YqJC2 zx*`mj`_|vwF(ld%JS^XhhjM#bww2oD#{rkvw02ICiPAN}TXomQu6ZqQ1%S^cymGMx8Ht~ zCisJZk+hHzB$2Yn6G9ozZnxOMmc_h_apuByRBvCV!9^V@b{6uFQ^$5SElx>bEa)CpCBE0D6$t1;KD*`003i%pt8JH}<{4AVfk2M-u&OfGj zJYSixkLL9mSu5@HwZDLG+BA|c+l`jR zn8)016pue7d;}YRq89vD;v($3E~T0xc4vn$bv&p`VMSd8s=6PC?&@cB>)=D(C-D0BjCHyW{$HA}Ul$3I zx^DPDhXG17dF1v=*5&v$%rduzDu)`Ny*~fyp}D-zLh`#nO03}(6BPr;m!+} zM06b2`qaQ6a_n2oq;9t5u9w-MLnXC~eRU}tl`&jgb8K1SM&a(@y@^>l8Lv+3Azlj9E-H&t7{eW(J?L*!9 zUT65vUT0`u;$GId&0OE5TcnoYqvyKu%@gW61F@_W%d<$c-+7XWF>jBQOhe-jrlVt!FhE5E@u#Nsat8)7)QDp5JKqHHc&@Dx?-3 z>T}=Pvn1zZf8jjrP*S(QgS)G8Br4__`|R}d^HaE$KKkcB|2g)zrLgca=~^72VJD6* zid(<%&HIR0bq~kN(gF-R=~}oTSej@>O)8R)8TtLPwf$|7D&mis&qPSJR~ZK#6Lh1CM8Bno)UGP$MFTg zadE%j$06Ua!YHW_6~AVUD6P2KH*g*1`N?(-M- zh;t(jQ&TAmvr1qL&BlA@5%C}PB^IJeHaz_Eri<@+)g^t*A6p1$wRA$)l6VnOwfQqd zdp*42zX0w|o_s#yDyPH8W;kX-mT%)?vy>ETWXnK8A z^S;vf3b~Smh@ZYIc49g{rB#xCR%1@c$CZHL_W^c=ZHZe!D3b#Z@_>GFh;57IsN5;p zEA=M9KQ79d!A4{m=82h#?Z;`ClBE>Thw47BE`-YC_~_4SZs)19ltLy4?U?$A)jA4i zPXimof&tQIMw^>4AL8LPpji(>l2oXsoNnVcI+g zWiN3IcFeV|Tv_EvxLW~o&NVN68W zFh*Z3lNenzACC45rl0C$|;~0P2JirOsjkX=XXn?9nZS3*z(ViR$(b-&zsC zC~@Y$-XLSdmG9T0c7ABZDJK3t55y(s*|BsmqGA`%Jnmy1tSa_z}ym6-Np3}8*Y9fKkQj17kPL&earQ?kTg0=(18D!Q{ zdOJ6HGRwHtlAp)pF)B4Y8d=g3Zx^$+>e!%bzRZ1DMWU{}{+N2mol``Zq{a6rcsthW zx8pm5tX|O{^3_+a;Ut=`l-h7ht~zGbR9$u)`gfkG2 ziHlokg?VvW_HFZo%yUs3d#^_IDrQ^c?k!U3bD@9m|NZ-So{AlBqZ|K9K#i!Ba&tNf z^AFv|vm!+hp(NvZQX)lhNV!iuj56PoCA|`@`}P%RI5ioS-4i)+-f&`?a+Q0v*fLY) zZGOkRkS>GwWnk*t<8)70MLJ=l^X%){CL5IP%Rf&!cZ7V(v>E1j8wWTg(H85ms6=*z zn>$XijKLLMF(2`>a!p#?E5woghL0-HrXqMhey6St!(MdoQG2fd&8dxp4H=BXL#2cK2T@a9U=S$ndRdoR=)LYRB*u9 zw|sdzLrHq?LE(@*M7MoFdM+yY)>di_>F{@V`MwXYce*MY-*4L;X zSDH_uN|y2|_YHYklndYLFZz@_qMwHP*8@jET`i>%lXIRyO`{m0`) z9*Mj>vq{Jkl%9nsIPF4tg>F=a3k$T8RZ^ENRKrX+yrV4}ly;%s=${hKPC9Xx44;Pc z1~&E*9^``2SMsyLc@YvntKRMpVcxiM7}+~1$H!v!A`v;gk@?rAluG{e2h9u8S^Pzs{$9eN>;jK*U!pS}o zS0->j@$7M`>NouH@C&T}aT2RR^ZFpg_7_Kxc!~2XF-v}!3ERJ|&Y)i*+>8*O=s%0~ zkM|YMH&X|;d6{~*?{r*;hRq}@Uvk;7cUG!Grtcz=baZE+-8qiRBw*E-%*cF5 znyo^2^_19h=_`Xh*FRK3sp>#oV`XBOQSeYYFC56(F{TOHlrNOYEJI~1WTK@%O(C{W!cnLCbx2bA7Ap7k`7_Vn}!CswyCI& zgH%G@Q_XlPKii5+i(4`Y^m%V1Z#EPh`#Q^&j^u$!(qfUm$Rs7g(yZiMY?{ry3v&X| z(v4lTmw|-DyXbOdT1ZZ~M~Nw-9c9PdN<$33or)soX&P#;&tF%ND(CHX`~Lm=_wV2T z`s=UEIpRoUz*Q~$43M16h*+sK_g19ea?3{k{xQ-*x8yc>;Bihi%QsL^Z&Jt$q{rln zYK+-SFZxw$?S8+4 zAYexc!%~ooa6K#Lql^d+2NCh}=TFg(2Kg_m-W`c2x`1iY zojhz~{@y6>ui`6{WG2ssZ|Ovp0KTH?hC5$Q%A_ z5cei{3hnPY!@JIKR%f{HCkLxs^KsuQ^Wd{~D%tRq`bAmtgE(`-8uNhRQNfYJ=d7HT z$&k!>TbNEzXVhRG23TMx0|VRZUtA zTST3i@-$z=07|s0Od>kpIBJ+h=n}5Oj?sLzO_F`7Hwk1{4pp>?(=sVZic57x( zzjP#$hzrR?Jku4m=jW8qD}o3!kK=?meZvu!jvY2Y&;eG`Ie479Zi5I1 zfOH@kV@j{e`2ojf@vtlt_$G+)FNgWt*$1$%Fdy@@QrOFu5(bXMV=3k|M{*oQeb^QZ zrS(~BpcMp9{<$h!BuK2LlBJ7Wct)UfB}GXw&I2EL17VDuud?}A3Xbs9<%aG~4=gX=DiG%6!Xp@#$jl4C?p|dW=J!rx? zcdW#`h00Y?3L-bje;81fK7$--^zP!-bS-f?G2C8?R7H9qH~z41#;F+2`4s1*3zc0& zMdWSMl1eCd{N3;du9AAMa+>INMf4(^9z#n`=os0C|1xa*oT&ReR+gLZ+~G-`6iXAA z5y3Xe#*ZIAxJNbLa3`AS$1j=X*x_{3tg`bc726DJrjt9=1UGm9Cj2H zHJkaAjO`n&7~b=ljOFhxH@wcNOkAr(M2lQuQw54d7lD~XkgO8arokKjBd{7Teskco zC*F02->=SakF`H>`jvNHX6uyc*Sf4&@=44-gs8O_7~4;hRtQV=awb8ukiOQA@>voB1pRR3awRurg+OcE#EgIXmCv}dvx8v(4WW#;K*)C@Tg1MX+ z?I#n?EqUO)MDosRLc?=6r9_!xT=0fXNlaDc?ts0+^YB`>_k1G4a-qxPJOMWz)vMf) zFKT3C4Hdg$dv!<$^kN-v*sPgb@Z6V~LD&XX4p`{d9H80nI@BpCD2 zVDdJreHSkjWUw^Ju($|yLw7$^%d!hmcu?3f}jWF%9G_~Ja2PX0{%jQ2b@ z*XC3v+H<#m;B8;bqGg`hH}JF0}KjXn=L-@bhlL(o0AA(0C4 zI~^4+@pGOn9YL36XcwOatd+T`!)`;5D>=g|<`djZdgDTNBf6Mjep1?tJd?UWsR37D zGDAK|js|tKw6FBaHXKmgzA+zCSc%EL9vY{@ih3Q$p&(gxBySQLG23o~r}RMaI**+a z$sWp#lt0*%zh{W&mx)D~T)`=aVyUuM={y13MWv-uZ!3eAVHk73y8Aij|=9*PblnGO5^^3#m^_CZP6~;*BA;!7!dmgqB^LpMDgx zM7P`x_rTW-+VTFKp(Sp96j<%g8aIbCk2_htde}?2(j1A(T`ODWO*e5$*N^P#I&anP zQQ;)#f>Prna9Nve(vdiu?DGO%)J6Q=X4?{vG4Bs$#Fb81I#sV`UsSTNgrM(>6hO1M}zu~_I z?oPjPOKWJQRu;;A-yn*$dj)kAN$EfU#19Z7YBA+~nccU^(hj)J#^NBg!zVc}3To~x~VZ;(B zV2OOwtGrLGx@AQP?8R($9ZEy5c=iUuCvWaERhT=;qo`v1RIyiJ-~H5ND~AjVe@Q89 z)8`Tx(3x96M(g$e1ek@Q+e;7zsN1|MTE1*uC`UaIZ*qkO?iBNKW%I8I((+=N@ zV}BpH%4W`_Yeq1ye7N-0XL%M9eg1IgDrKFrw}I>CNFUxbNVmyY*z>SS0x40LPMmJZ zzxc2-FPS7Gdd!Zb0GFQA=8q3JUH_3U=5(>*A=^tzPxe*@k}Q}1_Qg^qwrYIC8wA{) zp3QGhb$J$6nEQJ5dXbsc=(cGb?>fVAz1x8$KgK?Ldee3Bb?#MyO#Yswe!YD;>s@s( zgNb%dKzPDyTX zE%b_;y9@yCm!d5vmaHG@lp9vIU1i6@|TO> zj<3<>UMH_%<-fUcsn4$$9aBcu-9=-8ntEoX(hU;lP@pUWl0E63UMEGd*4p?Y*w8~F z`SIh2=s|u0r85kop8Z7g{Na=pD<;V{AC(fX_7stVlnY2n5fZ{3>k#%$&*Y-FV?R!x zD+K``NDYu8Z*uPyZE-qMFs5WTibM*1&kd1mq`AvIIHF$0T4|9!FTWYrfxxFYk|j3I zLvqB!s24l-=a<<69d#vf(X#z2+mv_c*wV7i5ct%9mr!LZ9})VdDy{& z{2S^Y$x+u+T(cS$wN2jAKx`%hpJ=9G_9dDr*;{RE^&FT#CUtySEb|EiAyZACXM>Vt zm^zpl9MuY#c9=jm3eQ2LTy#h}6%uYHvU=U0-|#0vd)FD>bp~VUdYz#zV2SWVy#d#z z3=A7}{~FkjG%L6m8!OrO2xIN{r-OR8A8$9*SF=oEL%PUt*l_lTXiv?W&E!IKyNM9q zFWspDT;wwNWA<<#PzAs1io<_0CclrxoFj7bA+x1ZS9DdEU3{*vQb?bR7Z)=l`(|UW zC1w4~E#es1mn$x{xK%(<;vI>zijeO_;5mCc<; zl(xF>K1ui9Bg|fczt6MAtg)uZ?8S|c*@i<1tDL2oc;6)z=J{t*X~z&qR&(W_MyFjw zbz+N-8mp*|UQ~vLtJ+;ohFF(KD8>R-_H~Wz+gyRcm?scnSOQj(gF9X+od&-@l9M`_sZw94mHVm|gP7UjCeT!x2JiuU9i^H-tOwz%P&F6jH+viHWwXHBceV zw(FCb(r^#F^qnk;EQwIIONfT$=Y{=P;!yewmEb!BlTgWj$6~lGX3WhNu{qv|?VLA> zth~sbeM~aVb~jMKFst!j-(Hu^L=WVI?73&g!lT>=M1*G9*y&Q+r)s=MdYKnJoZQu+i3su=g+YtRd7nYh*}~dcU!z$7=*#SZ7J};3BWG zr8h3|_@AZKHnH%A{}eoxSW4&Y?>fVOwa##l*(5IQ#TmdUuct^p0xLgQHI7ObCANKc z2N~ylIwkkr_9f1e4bD0CV<%mWd;A1H2bG7tdqP|-4n=W&z7c^UkLpH_z7)hQQrc)A zsHK*qW#0GmQ*4^M71sIiNz<~`)&1@oWb+aAEocT$CIL3nUO$Psf zp!_L0Gp#Ui_Uh>9J~>ciS5CKF$8DRjFe2~tD&LADZS+PDPxFy0D(Z2(5PBtYpKD%y z9{Bn^q6uT<+0mBdN{KRZn~lq~LK!SqXo*)}2_;d>zNOq*RdQWRdl5bu>>Hzp6-`R6 zHXs5zl7Neb#m*J{rNvK;?hUB?vNFp%bd{+5f90ipG51?BR$>lJKLnffDkIT##Z*HK zMDCs-tge_5xlSLg?mz1rZ}^jdVJ>bN*Sw;1vnzi1S#TvU2{ST?udwaAJFN0U`859A zI>Wt`e=pLi*{OSdQRd>fMb*6K&29b)TRG;P3gQju2W_5)Zm{jO=UE_ZYR;daxg=&6 z-jmYSaI_h9 zrSWebd`lCLH?IkP>YueU?pkWtrPX`?`|rP*BEp(RoEc)cu7Qner`XI^6EzJUSaf$}YZD_(zz)_oxmvWz7 zqJmbv2F|0qU6}N2!sN4n5gN0+@@KOmg#?S^Xrg(8KL`t$X6h z&s-!EUao#vjn9Ott^_l7?Yp3N--=-%b%`9;v*b%x)s&Tw}#$WU=b_Y>u&F29b>YNBg-c>et*&9H*_hac2HZ2qOM8i>8IZ2F) zN$y?hc8sgxHQsJYSxu37GSjhBBX?woIb<9n9(O`UO6gtXA*Z}4PR#Bt|8i6y$hIb@ zE862z7M|Qp4A{J%Kc4Ux63HP65BqqzGvl7jttf0TSYUs5 zzwbdo21+kVO=fqG@itF-B*S<@I0e!YmI8h#M)cTW8*xR^ClxNio&af)iA=T*xjI!6Db{#YC{Oan2Gl}v7u zn>V8pn4n_q2A;UemhN5r^DCnD4Zja~AoI`D;QCEql@LUh>w=WCi_PHT-JP+L+dXX3 z?1rce)1J!O*Vh^Dv9Q5j)O~`E^=eQg`796-_T#k6yFw_9IaE9a4|_KUho4vnMm*_T zPJ(DR1I!hjgbkd2b48tk+;AS1r5Z|0F{@PKmPoQ$S-x?K zE|=U-xm;3rAxR3{onGz++AB(Q^}u0fPJPH*E>@GP(*NbeBB!Apt01ozB=t5gX1M#5 zhcpuvRaY+O#M}L5scI<|QEws+Wf>PNBza#tKp<(PAUO|i^C~^&4C7|X`%%`C=VcI4sM1?D{O3jA zP7rxh4t-Dw-B!Qs)o?7AZP;aC8=J7Wc_$WI#~;V5uS9BLNxVAX!%`|DGkM-nbR{}* z-)75FK-Y{2MgPoiFUk%JR&`5v_4JZu#B47L$;PD}iCLO4*Lg4Jq(tlB2}Cp|Z8l~S z_VyIT_pWrj4z!o^CjYLCyGI`8mU}3(4IgcKg*kcI@>GO9l0E*i%|*`TK9k99{`ky> z4UQVTcAvZ+0-iU7RvDPFI3q9Fp7Ne1w{lb}RZ$vxA4I~Z%>77x?*pG3q;L4$z`btc z4;=R$%2@EHpYBc~!iK#JiqpIr?>a+;Q#cRP(tzbx2q|8x=EtSqcrRjOBKwL|<)iou zv{Fs7mS|Ya>=DX{!e5FulT^QRW&GYh?N|!t&GP4N=REJo7@105O);-CW3DDhipdF6>dI23OJCe>92&REv!U(WPUVr9q{q8X@~{%|_v6%_n@rMz zSRpYGp|~qGUp64yOn@;Ph;Pqf1M!n?2T_|9Jw^HHB#e}#=n;qX_P-vOpOp;wSOT@$ zkDTcTB7~X5_INzTSqI1&8>{3khdG0RvWZ&IKsQ&TdQ``0pigax1r;&8Ea zl~hD6;%TeC^fdR$#O$FotoiNRH^z9W^FTBOQi{ZQO6{d{dd}!IoP_nk3}lJ!EKfJQ zm%%fba6;{6-F9UTVv|gj>?jdG?}` z%Ocspb0eR!yJQSWCQg)6c#M2jsJ`J}0pfw1cxM;yMQofTe1$u?>%KrMz(FU>3;HxgDk#>bWM^%R36{Yog3ep!dlGVs0 zNZgb5vWSPQ7+%e)UxU)Qow|6eM1@c21F3L87D{{>mKUP!#L(xBBz>N3aB|bDIc0wE zj)H8&mptOS^63=Yw_`Epp^&v6Z_HSYV6<)wR_FeZ`( ziunov03ZNKL_t)x_0%w*hNXpO^R1ZUOGw1*V>kOiJAI~vj(X)jQZ|`^vFsLSa|TwjZ}i|M-Y80*mem$&ay;4}a$FJen;s+5ULw5= z{C$@`58`wQ5wkDyXI9}?q(!0?WA57xnX}D_mqr|SXc`vTW42DI1QHSuUrPLp3$ho8 z8mHp%BKbjRITB}2OeQwsQ@SX(qY4`yFRqO;&2IPN*5b1u>W>5D@n13$#*b%0; zcy+3CCCXOJY{+>|2w3Ezs$YguV^KL37h`4jl2xfvF)i@EQ0Jc)^FtXaC2XEbqGL*l z%8|TpKYru9B90`|lDB5_oYR4fJK0xEuDbu4IDNx!4s>X(ct)^Ter02Lze&qGDzbt(stb9V+l&bV8tTvI8+x&qr>FzvVgexQN3i$^;!A&qEEvLVtsMRb)JYR}6 z1IDW0$B!TR6JJ@PA`;0{ZHB1q*zGhN8;pNB)e~~eAeiI&~_yndiV4!Ga%xrK-O zBX|T%svb##+jEi!*`L)=x?<5#Tsp7wja`9P@Z^u!32x|8aQ7%~B$1*|$B7tGvTWvh z;8c+qf(a*`ZQN&Nr}SRBJ_mKmW%JBDpFYWR{P`Ak~wIf=Z_kmehEc9NflV`xJ_ zes?l)ri?42P#m%+#_e<6Fy=fk{>;yM#thUjxe`M=MN#{zrKqm_A{OBp!H0MkO4dr*qJ$hb>wF!qTs`5c7W zJR?e32F}0!`s=U1{>o3FQWdQ5%KjZOlPDn_hRfIS^nSnR#>xNrpZ^ggF{d4-ub88+ zS#tJ>D>Zov)Ubz)V_vz?uK^|>xrkY-d9%-}0%|pE{=9*wME1sMFMoQf^A{L+8CJZl zsIOS1p2vw@ZZ!5C3IoJ%NxjdjEQygaYCPOZCNK%R zCIi7<0(DNFWvi^mZyC}5RDi$X7lRCEl0wDzJR3-)uVVRKXUO}`hK%O_-a5m*#KOeA zae~vQe)H>G%15S>rHc%#Ovqs4*wd@mDodD^seHry$^@rV4RV#3<)}-{@gRLmx|^1( z20nEwWqiRaN<5C%r6}V$p!nU&9dz`ZRSw?_y?tI(M?}86I++o> zyQBge6h3bSc?xsJSrt zbQI$<`butziV@_TkLu42pK2z~aZR6>_iA-Z#VZwMa6PIojg}^M4`JYEWzB!Xh&k3u zmRvuKAf_n^+dQ%BvG51p5po+B-I%+?wqoYlD0mj=*dF)+LCQFlW>;X9 zOrCn0zJCbL5luF?*FG46{UugnzDdOXu@rRvQI6hoy52 zsrjY3vcVM(E3GUt%AFO_7ob(MMhSkWE}_LcxnTAwLg~7+oy5y%P@a-oDUB8v#wd%# z5!03^hyTiZQj+J5M5O!k=g&4n$Cj%$Z(B$VjI1!=8!NolBmBhtvLTu*+oX)7D~ydD zMuM3Pb5GeSiMcEt)s}Wt3{wMSlKfDRadTYf&c0r4%#q(WJbiiSjhbU_nsfhLaYa;A zc$h!8#f&*nfS?q4QR+GHg$Jp2k%W*I2B>xt>T`g{9Dw9dq>x^0R<1o_4nwCxZrO#s zN`x`n*S(Z{HcJs6m^3|+IP*@FUHY*fYW&GJ272R_He6(eNt@Gt-WiY^`rM@x8{aV` zKI3*5ZXbC4pSY#mm$JAxl2CM_!nt3NTWWxLBayf=+mT7~?eZO4KEsOmeO`W-&=+&0 zRZGU^rp*;6N$KLVS1%qlVFRukjzD3rz^CsWaJ96>cV+^P_c9L`eIVABdiK6I8(AoK zDSEK4qP5MVi6@+F)8@ge987tq+0fJGU7z&!eoSdH7|Av{p>dr_c_e;YDz;U#3(xl6 zvAjcxoJog|INlq6TX3VNW7CJPc!;2NhkRTWn!;I}--gS=q zJku(h3CWms_iG$$GlhDJ|1c3w+X$7IJ+-W5IOm@I#sBue@rI);pHdGi@26awV3R*L z%4bW?4C1mm99+89C>wM9N40Vmu4JCk=lvkOvro+%W;U5ZrbMJzp6TFGmy#UCr%!SV zy8oW zgxrgGP5uR&7?IkhEG5E{G4T-I&;4|=iJI5UAyi9AQT&P`xMNGlX2XYgqx+i>jd{V= z7lVElfCOjQIxsaOa+Tc1!ul?Vyp5|LyBAYYDP5aE^dNra4(z%b*BMH}ZO86QuAfJI zdCFpU*(fTG%FcZ%s)HE zCZ~0g?!MW_nHO&qoY$>$ozTVh7vVGspE8h{$FpcQ@C;LqBiXpmQx^|;=ZZMlG28PL zVN&7lQBPSEVZaA{UNT-=3`_!|2hXUYmc8-?=WBwz;okzAv12vmSb+>ugwNx*W_6WF zpW;7Egwr-cCFVT;U#m0R-4Z?|?^9bj1<9XbiR#znCQ)C4k9H!v4?Hqy+fXbADxt-e zGA411blr=L6_0-h1LKo_SKP84 z6Ez-T%f3GR#r za_K6id$c*3WZx8o797C+eThx(_;t)78I_N*WolmV3o~s_4)hIImv^Ch#Vy%hEL-Zf zRfBcR-p&SX&h~tlSfIWU0-Aa`~;myhHcSy@zS3 zQQ|2*mev;!XUm3iFsYY*n|V9;I*Ch*Anq`7zoQ~Q^ei`hTQEDlrh z_5#q)S5(Sg8=N0xNqCbxeIBrQe}&|;_=(y2*U@@oO7Sv#w4Ee@kHab#Jq7zMv0+&* zs)0s)K;qOf@K3pu6Axw&23>X;Gd<5vlIVQ+NcPHIE&Xhb+UB{dJZ0|nj-Cd+?+QH0 zd~V>p;dcO^x|9QVyz2~GiXQTk&}6#evDq+zcjOmUw~;6t{F*w0eudDzDj@b1+1S2c zSO&ZXr~G)pl)Xwztjr?@=A5Rqy$=bikwY%X-bTg}JS3d|)d(Ht;+{leono%Dw}FeE zRt~YWNX!QEzWZe1UG}Q$HoK+g=OfNz9`*uGVrT%a0MnrIXfucKwY21v(!+_6FL05~ zCXzrMXFF;-x%zz^Z$4%TMm$!MJCO)cPnzUeW$Nf=Y;rgOvhi5H*W^ z>6IeHZ2b-A3C`6|q04kZ{Cl;qy;pn3)7({&H7st? z61r)rq2!-Ge6GCc0LYSk2 zAWu%jm*Ut2Eh|7Onf!RRbjDWxNoM+XvBpPk*0Q4$6;|Kyp9P7&yjW$76_T77JewOY z!YM!HnCQLAFfVV$yUy@To#D<7POnUS8-vL_bw%}q@LC2;T|70WZpL*khW%-5or(DS zys~;KhBti5kld^H=?D^;rNx=uvzL#fVXD5U4M(zRe-TzAYgFH+aq9dXo_R#VEdLa> z6DM~(rStfvszj0{n}AIv>t%ycCF%2)kg;DWU%MV=hWa*Gk|dRt zt0#%kh7)4u?QTP9K7BkMKYskkeHlFX>4b*2wBt-xo4;X1o=5v^7FD$N<8>sS4SZ%V zp6T(JbjxJYv3kGZ?IB58q;_*$$u_dnP5g=^JVx?nSy^c7_2i04(kdU7t}8t6mB6Yo zWf7m0ZD^}(FB!&VbYDuM4}9U2Z6us2OJy@@$l=wz?A!|F5=0ttw_EM>4Z7l z^m#iTnQ^u^$^12tD87Px)8-R-+nD~@yt*N=>MqIllvdf8SxXG+e(dZXS+37NfR*eq5QwdeZXZ}BpIE1GUt>W5$XpvFlIva2J*THIJFWt5D zb|2!u&Rh1`U$5@UQw3(**{z6ds5n5|Ki39@}InoKUr2Qb?b>HIccrk z@At6-izg!6QER)+r~G(WrrFD7@+sNl8jMRaA3n2L!-6n7#RAENc27I1!SAPE~Cd_UX*!B zJdokWJDZ$FRFW+>7(AD@d2H>AB~!OmjU%C@$XiKhBTk8*7feUu3=%=5$N_UxBB3H6 zDKTcxPbh<~MBectc^0t5!%G##ws1qznPEg%xB1X6OTBR{beYHU{(zA!#||vff3{(Y zV6i@9N8F>-=i@l)p1N|ChK+i{a9{kIx`K<%2n-nt_yVe@cwVj*W1X=i)m2W zye914&&&H4`B~vyiMgUEN)rcL(dvtN^%c4@g6xg8LMRC^b7ua`wh~t2rOoeiWT>wA z=bcqJc=~Gd7(p|&Yr}`fe$3{(5|tbdt`L30p8=;nCi8@gu$j-Cw)`NJnQBAjqR&ed z6Z|Q!%Y4Y}#FlygS+z)dFY{+f)Cu`GxOWdez4L){CW3u1%j~;vMyZRKuVhSbb|swh zT9C+WZ`H9Rl#VFWeSo>B6Hahl##K!*O zMKsP%POY4plnhcPEV<5>rMV?}IR;<4Y?$Q5&0hQ@JfxquW9}}juDH#2--teCPZ`&f zEVPY9-FSyi9E-gh-t(2)n&NmXR&MVay>ivs=jmxmDr{4SqdNmCc@SM~>_UI@M4HIG zAVuZVlZU*c_LuYH?9K=pklXH3A-NGuM573@!)O)hZgjbjr=pgyG$I|70TyJPTj3`k zrD{9$=UZkCy|6zY^!@!mL- zt|Uq~yQrMgW~GL;xK}3m@ z?1>0e>Gk+sH7=9<71-FF%D;&14gW?c)3s-hkC51Re<}^W(0Ap@{at6M+Lt6`t|Fu< z&V7$4DsMPVYSLz9wu{4jNvOoXvB4GFTp5{U>ghkQTnrCqRV2DNO}R2N;JA1(_TpL= z*u%z8WRT|desXhVQb-2&0mEr%iJ!B9{h*t2^|`QJVk?n|?EN^s)v%HmF-ephZf3D! z;&PgJ!)tnkgy@aM1)l7aF{#hz$Z}eC!wbCb_j|rOoTvYirM7qlyU+8oOmix1%psFP z$wF@9in3i+Oe6PYPfAoyo+6WUUh^m-8}naY(0Lk`#2YqP5hF7xg=>DLqOuqJ#vDYh zH&H^VGW>(n%TP|D!rWx5X_sQ~Uv%#gI zoZYHA!T@eobtc_mHfkvwwE0yXo9-V0i5+GJD&$ibpe=-)kSMQ975SYNtEIoaB1VO6 zm4YssFT1li8w=S>Y#;ZN)6^$J)gGI0o&uI8TXkoKFC#r0w|O$qj=4lh?l!;8bH#aB zT&!B2DnA>PxkA`pF?PkoUzaG}@EgLZ%bhmfOkDQ~;WPu3gjR0966A_M??YHfWM(*J zuLNgRB-&#r!+&+3ne%$o@9lDGHGPS@&m;FtKMS9mur{L$=j&Ivk`ZXrQO=`2#chH! z?=G?$hh!nd?(VGD=OPy+q6j5jYR~VNix!`hUj!Lwg|SUuNZ?FGe&|jS5`5&AiD1Jk zf!vqK66ZIojMnF`LGxssXn;!axtB1X;*@(3WL7H0ppM;7?ECG2A3uHwSC9EfW6s6~ zhxhya@pz2t6~C{Sjd^mAOpenx{dg}jkAh14rg1&4^9WDgVbv^AJ@D4~$9y1Blutiw zXXS4d(`;Hor;Qqs)yGGe`qz zS>`v|h+GLca)Ev76GOY1Rvr8NPA*AzbQlsUGe#1<&2JOSoU`HI@rVeI`7@F2c!vw! zWBkh+G+C9Sc6~mE%8eW-+SCP}MSDs#$D>%pktf?tp2^1P?Hg5yJ6&XWLt4UrL-$IX@qN$1^JMqf_WD&4qG-1a?cwKcA(=*0J zF{$~e%7vmd&*9#fg1?X=-tcb$_a8nQ7awte&vl-1oXv~tDMCVZrGWwOIs@~P(;bhr zfOUnTr;^K4nen0%T%`Cy61{43w4`wNW8MCv2aF5MY6Wp0v*1=-kB zA@gP57lz@maWtw)s@&Pw;(@pPG^>blD?y*%FJ2xJ=~!OMBVkqcBQz|SegApR^O}`E z%G}54d&$OVlP@Rsx!U9L7;kd9;p@?q2FmL)Nje4*%InLba6u^Pj+*KAHPUhMu=9O;4vD;3eb&8; ztUhoKH)Diq>5JVNr0zSgBz(&76mzusrHaXOJIYm(2g1JJ>N4_A{`+!#5vU?j2qUG0 zk5hMqE1YE%oNB<+;Ht~!(X-G|Oc911f2sdfdwS8$zN%T`mq*UhiZSPtYGm5?5NOw` z{C-EYvEtC9TXZg5b*n~Y((v*+Jwc?9+%5`n8U22lIyTC0fR(~m7|O`~^q76azXdkg zHQsfGmq0p7&MEUh`QLPZfian}d?eDPd*;2OfF*Mm!SXT(r|^P!KBWs7W*;6`IN8fv zBHt)YE+o;*G&kpJeO|_hM+(C0k=c)hO4(*5_?78S*_XrKDHVCT8dke4@M5;UH@>JJ z8ikIu5AW6NF#qMw0`3SHUGlvr!cVyuAaTk?;>mYH#XQSlOY+aElb1zCFYdY$PI8Zu z>p!o@X9pu9Hy4oG?8seCiJ@V^HXx_V$xlxHTqh~lxH;D9#Fkd(kEPUG+G}-YFsg_a za1+GrB*b=`Uun5e=sWokZT}o$NBi z&pX^5OwCC5{FmVtuq+9YA4zmCfcUE0$Y(4cA@?cJFE8NPB`?aB9=0D8^QrC)lg|yp z^kEOi6-7z=7rEMGgH>je(Z?fb!yE6=u~*qcaxW7d`-(Ls;_|*6Elji?>3g=_e49}~ ze3&Vea&cU6L7ZGEqdzVASv`8gp8+ekiFci0(QJQn#i7p}B&+m!4(WN-=LT2gWrqK{ zI>X&tl>MIt;jA1yoTnF{oIQLU^u+?{S&#wAhr>AL->Y%XmFbMRO;=A>cX*!|G7MI1 zl*nZi-@poq547?$FI+_{+p%%4mg{7x1B^Jd7hd+M&7>{xppY8MFfw!=iNjd8;;{f1jnT4lzoG$$K z?OSeP=vY83F?bFO_kfk7W3KDs{K{^xwX3*(`&d!Rvu6 zP^SHoVz!r-;wPo22@(kkvdTLQgqWkod62v(X|`9V;ZldqN+d)z{*-i-(c0#nM{Nf3 zPo0R@#%0S-pSPqU0z5gdk~Mk(sHHAwx~WZqGk4SozGRvRmfk#Q@W)`Jq2Oo(^w{+ znB&C}W@bw(mkRIISSAtL<_+c@6Vy_)>{8Axgsm-X`MKds(z$ZW z0+y_-vOMwg=TCW?#;A7XF~i(eklVhJ|6H;TCTZwCubJs5zUS+P&l+YIp5RLiS4^M7 zLt^mb17b&7IrYOOE3L*Tqr5|8IZEjokbw278B1Ufdp}O{#sg^7ZITwAS9;4#HE2n# zbNE9X2dsRPNFZbypjYeRQxFVt-~GX(lB!5kiUmorV~LVWmp-ps`XUAOIk&JSnV}Wv zU}QcwRC1qARx|riIHp2`TiPWdEh|il5-27Mnx)UAhp-ltjyG}_eLgI9L@m^qpG0FFE>52VGz>KIlLLRtk(MH|hlbp|2z14?qf7U@ z0pG{grT-V-8+d@SmG1lYtN>axoiDK2I zEFnpHVG@@4SRm*+W*`|6o8O|sato75ASWd9993yYGAa3CT-@xPjB>G3;7Vz4_#kM~!b_K+crzxpSTVIsRzRtN_ch7d`L~!E=^cxv< zR$lcHaG&=3{&a<5&zsE2%5ZXun*d<@E1KD>{Yol&F%XgUfC%@&Xw3}MUT&9tDD zi?Xz8jWHmXpd}{{yw6J*6CWNsp8PE~F?)NeqMTljno&O%#w5z!Rc(HSQ^!7|*4odX zKUqB~XIEL>OEFhl;TpBo0y$v@IagOVT>nL-?>}lMSQhJe_ zH5Ds`GhR~!SBMzSi3(7tteQz-H(&PO@lD3zIbp$-4nrA*+zRMyn?q+pyUxiu0016L zNkl@T$Zx*oQACEmRiX* za>dGX{JzH{6-&3ImQIlm9&UJJ6fc-+V)lx}LmwzDD``qHfCPIx@?Ih@J%LdZux}YD zuFsVRiraWg(V;ux9!?X5$Sb+XHT*KsRh}##wZ)wKWne6CnqA4OC31R2StTs#mdWHg z56lBkdBt_)CE8O$D-k3TH$0z4!Rn^ObtccG$U!ilzGnA^VVXi+#O7AZzD(w?nROLe zZ}^kox_xC}I&}|m#m&u+!`FE!GwKUe`hTp>P`|`|g?iO&Gjedm;-6d+eC|m0S*Wf| z(VhY-N(lKRRov?$a<_5WR|c@vL``P@S9p+XnUt^o6esEPF8#J&TSZ-tPeSi{y8+2NJFygh_ij$AC8OA$sEtwszqiaTDI^@%NsmYK@^EoNs(?_w0k z>|=t82=j}XJb>v63Ak~q-T-*RcMr)bK|C{#*NwS*hYZIP)$~BblwKFrMTKk{Y`VYU4~FaGLOQT_k$~d35LGCB z96k%xD!yKZ{$HvyT-t%PPvs?Nq7hG*oAl>d@(Pn*2j!IUg9ul1!I*t(?-?s4Q>z}j z*8^tNYu|A-oAEU~FC?x?KFc}!ieb5*?Q;@vI;J`m4)eq#E&2OcpNlLBY4_y8nJHx{ zRUuQQi1_*Q=a|_fa?Vh@?L2CDw^X8f9AA8w*`eqpzXsTklSenaVVxZb$!#*$Z281C zW8YRgHf6Nq2;l=q6q8CGGjwhTG+Fv^9xEm%%wU0Zbi+5%T*f?lOo~*vZ>eKsMHQ{?_EGsjDRQfJ zc!e3)qqxuGi)b}#`pI5a(8i-SL(IYDc8|l3BDnkTQx3^y{TM^TBE4)Mvn@91>k6J{ zJ0`diehrk_%NjKYkt)T#tqf@I5b!0Onmo_9EY z30)6)io9w-iG=@Bd_MKfq#|ILx4Uvk<+=h(g#Sobz2S>sW6h0+ta638=xRWh5v^=| zk;$)vRiu9ep+tQtzRZyb9>vlzn|WHe9>S|$`;Oz${d5#L%{!a1znooproIm4_!MARWq@DJbuNzdM7uHE6>IKipW=an@Zv-{ zF-Soa9P|(zW^5%Lfk7xvj_Qh#yw# zIIWiCSXyewd$oL?G`jQcSCsK_91_e4-?)$$W|1hj+pJ7n-puV+{dn&KHAXEtW-)85 zJ+mJ#w#Y8M_pAoGcaczPuVD)qpSEKHE$@m7_y+mxRY`>m&{63OdE}F9`<9J1FD2mu{1dRSioNOXR!|#*+GD-U&++Q_1AVIdtD!K{6w* zD8R^)?qv!pk+6%K=F?$?KSlm(1~#xK?P?^?ud(fkD*{{7Lvy3TOl5O7!}M5n!S zRu|0qEA{16PTBrkKl?=37-kdXr(Sg(HUmk_5w)SRnSj2)k~`>zy}T*v+D~?`47%6( zP7ea@D$OKc-Q`N{J;fkFxAB|a4ksNLxbd)e&qc<@8@?3H(fVOcL_ zvvNrANGdGb#q8%Czln`P$v(atjeZipK{j@IwnfE(RH1CnT zrW1jUgGu(=Batqv2CuQ_-z1G!@$P7F*nd)>P7DOVX9&Bn@@KUD91CDHjc^Ab6i zqljX@O^}{i$C-33eLR-m@cY11V^&_5*`Q%vupfnE_U%1p_uc31YKGbmvo9m6RdPL%sme;-FbZ#Lmd3Rx6*4{2G=NY*q^L0yZeIkck;govd zv}xRtkNx!-GJezVdpk~n{rK^tqrkdKAQVULx1-j;?PGxeabw8_ zG@>o{$|YCHXF{Jh_ci-%Sr`_~D_=?;vgAh|`aIrIkdAeQ?45BcNsD93?fB-Vm@-vY z@?8Fz;X^B=qP(vtoGOYczvanamZg~GI&$)`*9am;bSaCwS(vdHwq+$wBr08z{veyt zm`t)4sigaf!eh=wu0~(qCWhQ?DjFbZ>VaMt6$t(kGI+TqZPjIiCxI3D*MLE>+P}Gi zD;zqMyWXyY$h!&rje32?@)R4J3{y7P2mTfC_zGm0GPQ2lUa>(W;`TYC2psEXP;YWC zA9);Q_f?XS5g}l7^5AT6obuF4xE_HXmb%B6L0d)C9+;_K0Irh@Ar zY`;9ZJ6xHc`55!S_l7+C?422C~+zgU6nJ&q%dQUUaXPBfF`G-^iDm*@JhP>neRNP<~$rD}E*DV&Nt zA}tn1=>z>J3XD@%LTL0AU+ul$a0pb)LD3qvWl2?$iY;}Uanx;*Kp#sJw>fP4u|)Tq zVhCE?fnA2wxA}CcSh+1SgUCqBuDY*Cu$fp>T$h4Sdx4{-3F4V_PIoq{F=kI2`eC_Q zOxZ0zyVMQGnO#>YEGtud>LEbnMCA++3B@d#Boe{A(pdU!Hj}c{s&9$bTjreyK1She z1Qhj{-&y7)A@q7{%4n8oI%uCL9ZfQ^=k&G=!oE#Zjr81$L7da2S9eb$9WPr@?mCQ8j zRD2XGho?9E!Qg?sZ{Oc_hUcN|?y)AR?B7^tsCQrqH>YzEL48Gi*CFR6eO@-ltl3YQ z1AQsTm?u-=ReNc?n&7VH0UTdFcaTKh48*W>k-Wn>gm2vFwuQu}9YRPzJTOp=+nsJF_@Py-+-VKe=I}T$0WMp8Y5n3jbr=8tTe-Z#UbIz=NXs zlpgEVN$O-Y;0v=Tb*Xk&EPXrgxJ?O^l%^5uiw}r3*(TqCC4xArR!#lIta3qZNZggZ z*j_ki#ZVrl>axI{)hoWwF5qCRa3eW+w9+&8PkCcH58We;zS^row~@FIw5*?sK1*d% zY3{mI3mF!nR%#Io`qOboLR+ZNF-kWRi4rHNOOdP1BMSv7^?wl(gC~lQL+PBGHly`jA4Z~$x9N;q?q%-+&{|?0j=~bSv1oxOY`LLS!4aJsNCNW?Z?zJzH)fpOk^)AeR)Ugkrp|U0)c*SGuhHP|zyBWJ-4h)K@&JdohO!;C@$K8U@;+6O_d9k8Nx6io zCN`O<-R6&=?VYgA6GUQD{@NyyQv_c4 zUWw8rQl%uix{kS+OP7u+KeRaml$)^VZ!~dRyrf1v#3jn^UVs+%=wKZMR#NdO?(;^= zK!uSXpb$5^*}Kf>{8Sg+Lv$kdH?o&93Te{qwmOyYiOQ_ypVBfTXoPBpVadG6H9D@k zxW8=>mU?&@7*lPr^j&Ew?JkD?QrPQi#YyI5CaAK_FAzb9^3PN1lIpK;+iceQELW$^ z949fXEY&buPOpA!kL8l0j4zus!oIGGRr(SnGByqBV}djaSVVQhv1J!ruyFvok^!8_ zD|&dtzY$6+UkpzlrUMCN6%I~9a?Xm-yUuV0kKY%w`atY+hW4>K!^u0aF3v*sNXlIH zLZ0$jW6Y`igOiWXa-A!%53q~fuQ0qv*s9X9j6;sYBZYnQiF0j9byOOjxDFAl!1!)bT5K*-L&Q%s;ttY2X>92a!vX(U<_q z0y1BTHI|WC-H@=&T`lb>U=4XkS*^7;-p8D*#$5DiN6{*Gk@Vv&SAz<#EW?3nDKi80AVgD{;`!3p+qXGibu2l!ZV5PNHcM2!_wgpO zyyJ2StUOAbhenS%mc7XMICj{vvD5^!C4ELD6$K9P0%#mAk)gd3+^w0?eLKM06I(w% z;`zW{-7Lu^Z|o(OErHJO43sVNPkJx!%N{gWsbHo=f|)@icU;56*5AK>A0eOlIS{!q zyKz1xA<0O4wFva;C+_RrMN$ztX65Yr(s>^1o!wsql1RzebtFvMD~tRA;68RmOJ$o? z`U-e;S$it+OMVXIG2wx9r3-mmrGkeYF_!K!c!lMGl3b!9&fD=p`}epUkZE6Ud(A_+J9kWDYIx9N3S{LQ|bMKu!_X%s)%b0?-8~yt21Z; z%ja{Sl{MVzo|X2AZ{=07R?y2LT5{9F)?8a*4lqJovpByCQ`ZK#c?A0gb#K>n+iG{eHiTEaWrmR>^>@{AKBzg5($F(qz6OUw63ojsv0oHU!Y%JnKgOV0O} zl69GF7~LD`$OFeF{`8nPANah3L_M)Nd*vY20V|>>I_fsz~aQ~HSsnXN}O!vTPr?SPd{;LQVv=#8#^a+GP;~n zzwQB>W=@X7Ve(cYET^IVvy~4{9*P?W<AimgxQn)9y()ypUJRCFvH}(66`Wo5-p7$N zPP|+XK21!E@M~*)JDBJ^juOf3cyBigZFxbt9`nbrT=}#kQIW&ZCiRep&X%%SAkE>g z79z09Ae`h5sVoJ?u{t9D^e(?o8x3qR2Q@hn>hvoLMNepRtxyok45QEMx*NXh*XEDb zg>4t7=|#h-la3t4{dYu_tY(mg?J6bD{--!Fl}4^ab{`rfkQpgrlyX~8*1@S&N>LUT zUA?KIfq&&5KvGV=tuWq+|DAayZ^Y9CL8FfAW5-@^cB2C#7%9GcZa)_mJ9d zo2LXKzF0@t;2yWEEPJv0@p$n27=cr3VPXPlVFA8wNUl6DpngpM^37Jq4xbe-SX&=*BCLl52M!J}skF1_j!V|9W)zaIhjF z9VJoldW-`6JPXy5ZI}v}MqEXnFg^DQSCSRWM=sqP{v>eYrnjFC!7Fh8EF+@ygKZ(F`kQHN4X0R6vV@#dqIOZWKzLaSEev|zWzYBNYZ2TG!)ALjeZ zWIUkxIzW`u<{x8I)xx>tikKZkT#Nj8+86046ivypsgS0OC1Yeys#n=~@4}Ewg5xtk67l=77+Ptvr zN7+h~7Ne z65%EfUzd8{a+MPpTzoW4z^%2O2S_?WNDv#ddUo7o3<*^yu@U@s?46HF`Qy)$H z$~$~?F`OOMCx+o0eiOK2-%T8q*jA~7gCl1bY;%36eHH}sQ_0zL&dX5dlMPW(*Xnv7 z@=mUOcAep52iA%$YF6%)OkDR5X?aEOE40_g@^t;{9LkLLBd%Z0pEjgp)^<5#^AO#j z;;6~#(Wit>d57bfXi}P$e|`i$#bgPagy=J&)N@;ZBW!>i-52%mwXg z0OR?%8R}uMf3AcE*@3sR-)RH&*Jj}H@t%*y}8$Cs&Gu-CyRFEi@&@2VH4{$?VvJ~d_ z6el9M<1A%lGkzMlTeaN@xj&OD{+ao_Z$Gyp*hr<}7lM}=Vu)itQ)W@&KP-1i za+B0YLhWo#QL>jrndPJzGmPtGPvs4NB)FHZ#$1BO)CznuP=>a%RI++Hpd{L7Ipn_= zJFY-7b}1tp#H?+$Pbp4wf>^MBcAcRpU|rEs5~lI?wpn>znbczITc_-mgjOPyUCPm= zwCmTwN}sODjecB&j^*X5Wne=5ER@qqCr4QE^LvhDKD5gKTxMG~$hD2n(O0AU1MeD7 zhA;kTqW^3 z5rI?5fqd-CkYYq4Vvd@Q6R)Bcxfacc2^yk<7ajGW&8yrQ zM5Fq{`rr*`AxqOl1%2KT8FO3&LV)0F*O+}(G@19=QtU2`oo$J)(ksN_S0b>zJJL$7 zSX;0ZVS}~|ii=R{ZPRiE9?nlY95H-tg~*E5_~b zI>Xn)N}sODjecB&{!8i%?f?5f|M!K?Z+OES-tdMuyy2I@mH!Ds3DcY`Yh&}V;7|1&i6Ux2SD#J}MUZ+OESHc%g~e#0By z@P;?M;g>-!=6}Vu>6z{?ruYJU)}pA`RMr3Y=Kp)tw95-1Dt!vcuXlhj&3sDr%Bcus zRZGZyM0;;|!yDf4hBv(74SzPgcVNBY4R3hE8~%C7Qo=v773()I6C``r>pNE@V(F^o zt(R*^UH)Ife$RqGC5M|ck0pkSY-}*U0FL?M>CWHW4?hTQqd#d+*2g*j_saf;c$@DH fZ+OESeii)x_<`9Vmm}o#00000NkvXXu0mjf0#nB( literal 1916573 zcmeFZby!v1);GL1-60Z^n=}CFu1!cO0)jLGl3P-`*$4tkN=qY%bT$;HPTqEZEjWOn!Yp%I?rSeb?ABPeL004Xid6`E5fB^#l z(s?Wluw|vxvK;({Z6~ko006ioKYt)VLJ|c42(rP|wH&pS9ta!TTHiG?v3+WK*VWn% zMRDf2eNkZfPuJ z!XP1zBkC#)DzG+nG=jQXTiG}WyNWUVp;s8Be>QV4K>uKIv=n2I{Am!XrKAFtwzW5f z^4;ZUH|FFQfC>oR<>C_%;1ytla&vO=ad7f*@Nlwo^9b{D3iEP9|GF5&aX?Dc-o#A! zk&NtL=D`1nF<3Y{+6i-TxVX67b>X>dYj4iMB_t%o!O6|R&CL#SusgWfI2yUK+c+@( zspKDeWK125?csKga9bPbPrXJ@ZJiv&7#MyU`sel6xUB8|X~@RmFYG`RIb4nGIJoX| za{MPD6XSo%*g4r-{n0fOV-8a*Q)^QjM+Z=j>p#lbS=c(-I#}5L7nA?I{a+1(K2cKo zr|tjPUu*0CXxhQ?o-+u+Uy%MsNe6W|J5!EFrVh4F_Qt07oWY?m{-@D9!p;76&cA5- zdFQ|O-P9HSU&Mai`BUtVQ25hBqTpDCrR`0P9Bu8@ZEdZ@|BNz~e?SP8mi{BEptqEa zjNvvvalI|d@$W)^d;D*GrZPs3rs7~k3bJzwuyYBha|sD^aSHSBvvcwbb8=o$@+arN z=}@vYft$JgCmlS(JfO-g7N#uY^G-V{9jxD zal;D!$E;*$Wba`5Gv~w@{*iS5oW}k+OZ}AjBX@<3jDOB&;>JHy!qh~R<6m0;?$$pg z{}O}$|8?M>`mc!pcN;DirZ)duLj9@g53c{N#KG3g(Z$H#RMH%biT|@~|5NY33jVtR zQI4M#zzY7auK2U{Up@4XnEjs~75zD}34_r9_RQ!HFK~%+{ExQ3E&s`{_0y|XPJi$V zaC3qe2iMPk{}R1=``<;i|98==xBp%AZ^_3ta7S_OzpVXR^A)L|v+ti1gBrL{Fcs(L zL*r_J`EJ-};ZD+JB4k@pFRH(chw1Zv7?t zr@O9{^*_A%XDhg90M{!V|6H*AtE2y!4*!pdzsL0dSn*YLzl~f) z8)?uY3(%miDac5wyN<7)yVRSGJsy2kE_pG=_ooVMoHlb;I}hgY*N)om zA5D4miosJI4yTt-hd(eo4SO7=lpVhI*hteH;kOo~>>4q=)l~8-sFS~Pukp@15g#-D zo#oSPa1=28_$VMhRL*XygX1e(F=VtSuzdS8Qj*V7LIjyVlDCYBH~Ko+upSW5ZCsJAfV<%-2SY-oG+{w z4C}L}&se8#L{fU*8Q|LtF0C&xyQ;X zab7;8#DjCa-Kz(E2l+`C>nXk|hvzHU_P)pqDjF;|z-6O4#TDP^*sk>k0OSVzv;x2i zSCi56RqXd4t3m+_)3dMhr}1pzR>$xsC;&{l4*)$B^e%Vuw8+nA!3Z+GKXmWMyr#2% z9;pxE@vHY1_NzSv6Q`2?*eYe00a-K_pYdQvQ+I`lq#N8h{WmvMQplhGaDe~_)ISl? zgOQz|W|hEFsSMLmPys~VS@SjTICc7`V#U#^jAx)p$WKPt&iKp6uAzqTmiY_7?F6Or zcuedYYqy@4?&?jjLum27*YVSka|Q!p#Jjz*E8#sCwUJ_^%8k}WG;KTf01?k0&`9~O zauhS9Ktg(fx3>Ubj&6rAX_e5$1OmX&{}>onNIvc@_V+KWp5ZWfea}MYC$h2h!D_iE zz5QwZwW9UV1pp+3`;4I&l_oMrv}Q}3x|k@1?3&;`Cgyu*zH_GQa4sey1wdK;=rXec zuezS#voYg%3JHW6=Q<&vvxy4fUJdL)Hf9q6z=A)Bx2ygM=e?ozYK!qteP}zAFAzqE zr8b|FYPK^Lfanr9zpaP)$VXj(Gm6T_c|o*{1QUS5K<(uy$x*U8!0>$?`}+(UdB?Z; zQOd&WB`|@_4MGt#MCGXjfHhrzv}wkrXa`_jql5wl-DaXSpZIQfl$IMn_i~>J5>OY2 z4DY95&UrXJTKE8@;hZ)RK+-lY2mw+&gKA;zw8YJs{x5|QoU%?XHwov_*#j}KV3s97 z>YI?NuzG=yd}bk-V7UBoxf0?NAw~@AG1+8~F4krr622b>z4G&_n2Eo&iY)yAh>;I!a)E)`SsoFn-3o7sY~!amHL4C zr~SF?=a96}VsNTRVD36|ALzVxjbgcD=4$|@2_67cU|vKYo1%fS0Ni>6lzk#h3kBl< zfl*>5q&OlG=-!GBW_yQVhGI5o5rV*Z@GJ_co6Q+5EYyMM~)Ti{v{1 zG7TKVlbg2?5r4U9(nzGuNR=G596|~0Te6G8W=EdhlW5#u?$NKAMZS?!+*K_rrgtX{ zphY<$e6C%@pO0x_pp9SriH|5qLZ$B9{uzh*(-x5_!eOYA$JXXhPBL^U?f}IV6`u%- ze8yYDP9@GZ)5a=fE-Dt_19oK2_ykmLZY+ot{6WF-5UF+u}W4`t4_kczYvG3R(T-l_){S>m=8{ z=^6XVZL!9AE0-^W9rXZ)iYA|7oO{;Z@|W*`aco^?h#BZoL);gw@2X1%OGdKjbeAQ- z-mF|`k=HHn8mN_WewsiL{92a~PYob6PKcGdaJLBoA~xY~;W;1nWY*DqYe5A>_DT=z z3BV4R=m@2^|NH|8fCVlu3^5?Gann)qyHyLWtLFQv(s|Uhm(3z>AKrLk!tN^x0{3}a zp=fdzz7i5>?<;v+LbSEf(eWtKp0X;A3#AWN-)TCbw*#Y;_eVvypE-blVb>kEzLeBH zR}lWvTnxZ2RGSGyxlbU6ewXM7SU3I=CPW&9&T@TwXW%(I(Mv2HpnquOvn|j>Cz;2p z$l^N}kN;^0WtIlmLhTE=hptAbqod!Y4^?3YXL)DNvft&+?=!*P4MHdN`Hi+=2H+BGPa2ptQpg?^DDS-s z)=ZsF4pt15K3YuwWYp;JS-vsVAIQ8Pd5WVu5I(S%X({$4OTFlb71h{&fY;n7p3cAU z6W7u(Xp77EyZ7aj%?HaQ3BDLu<+c0$LcQ-qE@MV#`O&b6sh~*t?p=ZIbvYuzTQAycZ*6A5adJnnpag4*jEfJUm}_yI#@>IhXN z^bIQVqf&3%Mv*8t;SQ&|4t|%aAYqG?+E@uEPkAu;JdeNbSr`)H_0^8~9Z%8O zuyF6m%f}XQ53 zl!*IN13GU#D3<(Y=v}O=(n^vd4&-UXoYw|ZVVc_&UYNnG=hj8!A(_a}1Z0Mz@~IFU z?PAgk>n5T!w4Y9WPr=j%qr`{Zzy*EqrrCBEbn4c8yDy`$)nPbb4<@BfqPViiL#5i& z4806Ws1>8k7XA1wz(VQ1K{I({56*7!Vir4%i>TdfZ)&OE%W^b^O7TgK%UCkU*Nj2ZUini^BZv5$lv7bR*YW5f7(jNf*hD_+ z^bFCQ9Ga4_Q0q505^t)t z<%C(xO;LJRYrXXrRqFJGF!b=1#=anGt(Me>6fK@K(EtT%$wa$#j^|~M?qoN_+cvpG zSm=gEu-mckbjsEi{NV1RU;o^2til2l{X5ilSJplHB%a+|v^3K4a4{RwLO*;~y`TP!Cc)%pdRs z4`*MN1~k&OhbT~|l^Vg$A%rj7WU#O2da)$D1*YOxX^YdL-wQ)oirOp;dcyqA)$ zYQtP5zdC(~11ULjNQ}jX-}C~?jjoA#LZ|{q@GH}BU|bXBg{7%tw&CytKtvJ{v?#akis3r%hX{kE9YE>+To7YGa2Le(y%1+iM%iV`s@zbN#@(L$_X%s#6db$z z8k=fangAF1(%S?$(RdL%-Cb*~ix7hj7mhbR+0~QSLx+MCBd3;V0hW)RVn*D!U52^` zufwaDYU({M8D_D=w-H8_<(kuM%NZUZi3$!?q8s1b(c?cQV)5v;w8*OhgH7&pTeIVr z>JJ5aUQ=xWx(wq1`7Zp#)_Xo>?hNRiGBCQdAT&}jEWwMHw3ibFUgO*CZ>oUu&!|Q} zhJ(b@oy%)$A8mv+MmUHLOP}^*i%km+&Nz0K+Zj9oJ(onzeCqP-fp+6b!XS~%s~Y?p z!DWOc3-5`N_%=F@xlzPxeb`U@Qa0DId(QbQQ8PB&Fdu6t?#Z#+R^#W{mWilbUkm<% z3;(=hdbU~$Wzx64s91Zr@u`m~tFG{-lk|)fe$1U0vHfp^={!DsFEN)r4QP3;oiZQ^ zu5n7pi93Xtp4Y7I7=57vfKRFGf2?lCF+^Z#Qt>)3f&H#8p5f>7OXZ_&#r`EMyqzEH zonIB2ixgkeY8oNGY8(^- za|Iz3(0+Ao3fi0>Z!CZ75?KA_+47>DV0#Am{LFU3OW=a4xSZcyy_^sNePDq=)D1Dg znQw6sczzA_(te?Fh%9*OP?n1U6ie)QlieGP4;dG=v7SLzmf6>r z(-p%=Lx6z5L#~X{XU%c$H|6aP1c34z;EEQ25u+eXp(5>gr{s|B?RY3@H;c=QGBF4Xe&E21Lm59Ut#mkZO(?BxMd__F zmbOn;B3**?-PO}-ok~pGI=Yri>x)( zLjKwsad<`3MQ*(`qe+u>$F|&>ezxf+OtD!4`soaXmO&v(3;LD!V|rtjBP9d!*FS6^ zE!hqNO{s5MYgn7nb*;W3Ji&E}pC7`es=K@!@CAv1PXt(Sp)mt=s{*O{22>Xpm9EOx z$Wzq$8MD*RKCL(E_~uXHhQ^=nl4DIsc@1i@VF5pD=#ar1;=NC*Hknorp*Qb6iK$u5 zZ8W$qCRZWCc^#cVCJF$s&cxd#9TY#5i1d-I8+PoUrsS`%fAmG=3md{`=9TzLh&oi; z{4_HM;KaozvLo-dpE{T1MIpz&j>#JEHU&lJG5kPtaL;0PUUCl=2)e1%OlM4}*L0Hc zemZOw^~+(r1qV=00;1G_)&Hdt8xiZOR`)E+KyAM?b9UIA+3s%94@g4rY zMkR?bWo-#=>x-|WK@e_W)FKdh@{H;5174}(*Avxe6$>PzJsceMa>nUyIzLE@(`Te# zA3%Tzua`+J{-+JGKio(-?rRcP6t{)(vx&E(c-h3&2mydoO+0k z`g-RrzU+@Whb|SaxYGB%8{eNbJlmb2N>Fh>Yl=-EB)jfQP4(oJ_Teetc5ppqoX@Ox zSwS1ovsp%qH+3^?RGR9Z)q%y6PZqv3S|b^%i9eplslDrNqG_ z7{;uC(^5hqSzXi75)S57oR$`H$jz6U#qS<9Ka{?sQ&CE6>5M767iD0YNPb*oKVVJ> zmhP?hDdL)97f~X-Qr^1wCTCAWx$o`?I7j>EK*+Ksq@ zd-L#U1uVNXdHw>;pjJ3Wyu-5G$j*z^uAYsUfbnAo^~a(Dd)VufX@HaAJ#6QW=x+t5!R1NEgZqPYE5bNQiLbYrZ*A<^Wo1`dd{DD?d3Prr>LxR|jrnG$hRYI_U zKyH4D-O{XAa2QVp1_5lGT)rR`I@PsjxwiLDjJprGc<86+D8&nqNA^CLBI`k|1&)S% zV)r^|C?t!v2eg%X*a`5}Jf3RDlb_)fruJ@^th4nKX!0EH>haEL|pj^Bd#+vr58xI!emJz6w3R$6QZu zeZQ>e=4f1&h`vV&5HC5DV9K%HW;vr>7)HJJ&;TrW=+9)6#IJ9kYlu6--U#MC{9-eQ zf)T3kO`7=dwM2`!r@YQ*C-K>?&V$+%V~vN4g`rNd0r0MZ#`Gf>mnRMG@JsEDJCihQ zlPDD~h_|ZbQa$ybsA*iuwa@#9q@Lfm@Xl`ezRA1B8J*ONs5FZlM2hb8xqyp6KqhWP z5-X!+1yX(^cSWNsRpbF;okS;}u)3H?Hd+;>eX~0#gdThp+D)u3*|_oAywXDHqiLW} z4}5SF&9}uq1ADH*+iyK2b5)CZlIc+Q>VPc_Kbte-j~y{s3pPKJ_x7FUY{>v8Y3a`|MIHdq zuXxY0kiIanqNfz}h;?t(sBUbvXVhSl6>q+qwe{FdI56(N-W$+m|8jLGn!+Iat;x&! zXFKA3wYBwcMR=`>kR^L~zDqK77r`-SkX-Lqu=OQ^YuyFr9y8$$#BE-sj27yfv4hH- zHenkYJQpupgos*PUTAels$3V5Z8K9q@^#Dnbk9p%Gits?T$Msd#>*oJFBX*ZT$6Q& zSVo{c{0wh098*>7dNBM{ez*#RbW#enxs8bAtD;nrOJ9k0-Z^b~M(&Q60;;j49RK>fEHt!$WPSoIX&SS=BbZ|SfL7K_iq7vwS zEZ&Rf8l}37fx0Tilp)jjdxq0CMeeFKhVODly1i&Y@_XlagWfD3;~>!!3xwcs)fjm~ za-Bn|GjUaV{D&kzTcZ2K`q4w$Q_IX-$ev$_dTAO~E?P|&v^7Y5dG>IZB+PaAYh$M*miEGr)gM_K85>7jq+UK6M5jjX(HQuF zRO`T{cKACbuM*R7G447wQm=cL+q&Itp?+kmo#7_7-kF!7Gwu?nt%K~}?=9BwoLAZJ z9xAPmW-o_ut->yk(lp8 z#^D#WUYM^e0=h=oKl}EHqg&KsSlrbO_t+tI$o`56!1($AdZ*iDxj7;_ah}2+tM6Df z^BK6Zi<&;vcGP*!JsX z-8)U65q$}MzT%4w>avhhdQ}49z7IF<4iSKh?bD#~iPoGTvd}YLia||k>D5!qf)n%4 z<*7qzYnD%LnS23vCE9&!P?_1fZwn_+hLuh`JC1T+)+@m!P7EBA*skHxGJm`7eIhfIYQgPtdGE|a|V zlR4^%ALdAP7sY4D#zWec2!UCjO7i;*mW71vjuC)as2A?Mc8AFModLq-8LA)j=Nfw3 zLXFF_p=76*vMB1jV&$TAhHm-%T@HfJyeUv|cL=kewPK@X>q7zTmc-eb79iN1 z0IUwqNnkN%Zq>wYy3^380OVp0&Ai{Z4$Ojk0G>GLwX?3N=pNAL$RTCbo3Syst7X}< zN^L)^A3u9M*->E2uKl@md;R1~fb0+k0PW%57d72eO1zNh57kmkFOXdBa9Xwz7);uQSUdka2K*NuS5TyrX0eKqit@BFmn4fzq2Tw;L+1@;$$T`04 zvwP`Ac_UHX!h06Rla0Rc0wW0Xu9C||*CRY*+rXf=RPzdDN*Y!X{wLS>uup328@X|f zuIGG9o3>%nb;gt%i$TC=43LV_?4m&A1_5E|18|qJqu3I@^ZfG^{bRYuE^Z10z=}k*?USy+xduALfHBtcaWwOrpF0$9E)wVQT6iN+ zap6cZZb~R^P1#gU%y|qe|F<8vr>+GFW!+@rDM{tk6K*Lxt4YNX`G^yqc+-B*8vSYE za{u~C<3}UolP?*iTQ)*%{VdK;pMsmW5fZjRPnQv~*;3t->&|^I;0MR|j>QXh7zf=8 zPj5fRVuZ)s$M6bpWl!4|Ev7k3;y>}Bgnp*Pj*9IIC?|;EjX-<%^DlQ6J1m55PD(z# z=bUg$0bM3WZq46@=bVs8`~1G-`gKaEk%>Dte-po;r|G9ATlC~wS@9I~DZg&yB&v(s zEmmVu>V~DJ`+hD#76cv|%1IDbX7JU;v8vBBmjKD&OB7{SV8Vdk;OUvvl;p-Lfne6Q zXvv4Eo%mX+W)GJPQr0K?F21nqsJd12=wRpWNOTigR6$_a9d|C89{<3GAN}D}z$Z@&gn#@)Hl5umiwIxgA$oCmp4y&;N3Ou$ zvao@j7JE>%J|x~#Tkr%O$a$W(K)?$iq%K;>n7@o|wpx_YeL+3d#T<{m@W}hHwB%(j z@zCXBA`9)>w_~Y^S03&5KL~ZbYqkC?3FPk zC5;9X!{egE^R-_J@70o^J;fD8Co$h7x{U`0=GRXwxk5?Y3ko(m9s%OoA;FxM%--ZI zEZ=pIyZN~&pD^7cFjP=cfCKdBsAl`FM=+f^eNnz(`$AOMZ3~2J6tGg?Qr;(jkdN=< z)6r{jQgJP%iJ{9=KX{Cq99MWpxdgM+?|s@claZ~g^TBMrAykJ)irNVNrJ_6CQwPQx zHaLd%Q^de0-*S%cVcnyH$+f)*+ck^^CM3(|b&lf;1+@!!2}gqiSr!wqXZYY_4C!++ z-uL7XZT>)_bg)Vfcvh-zpRs1Qdhkv%-#XQOWq!ipAeAi?eOY9u>&-f+xt-wndL_N5}` zgr`@zdi47n*OBL4il676mQT)WEFGE2`fo$}#)s~q+DJtQ2Np)gv>p}{sX;u8a5I$j z%7&>PZ=!K2i)Y~D^Nm|Vv@C!pv)Bl*6C)_>1Aje_7XRTbhmx5w7hLGi{aISYKt zla(L4>MI<=fGUO#h=QBs!0=tJ`U>sqQvjk;61Djr5r2}oo^~|&4xq$DZ9Gi9sT2Q$ zyNGAWhh-fVHl#)?`-PA$)ME|@c19Zn2j7=%zXMY6A1!sYL~^0~uya$UXv)!#`0yKS zQ|?cE-LxusaTuN@nF($+R+`hNWYGcBak45pwXrJKwFBP0>W5$n?WOHYV{Xp@eGh(! zIH4In%8({M7gNnIJjq?9;uCt9Z(TtOCMXBEBeZd2){3+J2CkpO_d*Tfc&Z$^IPS-G z=E3~gw4BUzaUvIv8YjV97lw|&WJ0R@HXh>eWt{xAP~b(c1vy3rs*Cgxr?RL6IsHv5 z^=OXK&pT70a<_L0Ju_qu6~+6=l_s(0j`@lev1q_zRq!z5YyUFrG2@WGzkBBryiPcB z^B4f=&N%>+DtZ=fVBF$t{UWF$Y)rqhWm_Yeoxuo^1ujb?u0_pFAU_W&$K>39@`Gig zSw(polT2Pd%E$SlS_fBC9ipxsd#xAvQYOAh1PNm1c&IaBJkeqEj*y=4us=`P-P{_v z4(TRDP^3c!vJKwb1@`#~HuEZGn#2>slC%63Amu#Nu}CjQbBINy&S-LzyyesNnaqce zXgWu6L?i*|6AJ{Io+vP1R?Pjtl~L2hA=4|YQb~2-88G~Sxqc)whpD0^)4`5nuPcSr zmMCs*@KNK;h-f>t+fygr*Dy4ErL6~F^yOq}f&ODyw+iiBp&H!;nxSDC4yD_c#&vnj z8$UW;19RZx0qoU4cfF6)wr+TS|MM*WPoBWI<(+QvkLW{ZoIE#PwU5fQzT@U6;dxUM zlpm@@J4(@|qMkBJ+41)C;Z}b5J=zKCu8JMOy(7JuwNC5%4Em2%d1|a{7(blS2<0-{LeyB8SpBu1$jMN-NW zXAiI*ZJrb-G(2$-&w8i)z7^Ycu9J?u?ktcLPULu?%S{lF+GA0Mn${gM!ys!`YRceO z(gBmHY`vo?$8uB~;Ut>GW1=@DoV>|rTjNL3O*}esMAGdaww3`dG?rIa)oQ|)2nxWaq zt>0FW+tk`@FYt;Xr`c>j5Q|}?i7}qqXf*hd#&afa>iqnc&38IpX}wQlw9SNC5u=J+lCG z-7QUagLzU{#%fu@l)<6DYK9_Fk0L&aDmRHHUbI#y7L&hiw;9|#NHlhHC+gjA4ZTlO zQ_%QPci{#|7;7)Iddod@xmUR6Vp5~Vn^Mybc=b)OxTKZ4P<9`B0x;cB7|&S8yRJd6 z90|RR$@s>MNwTjB*FT~TEcN(Wv_5G1O1U%pc*;n}#c?ufdg#m-gAb|dOkMGr*y7_} zOie*=vc&X39lz}@D+9PREsZk*cnD)Fi#jMWu{5w#k+ZcCB1wOiBF#!OT%N=C+Lj4e z%-8hucE<@}(GO>NfG|rP>=1X(%h-@@GuCAxv`r8#HQnuN)uNrG=vq{*_ugI~(dw~z z<>~6gbcdm>ZlXKF91L2X<~H zQ}i;SQug4=uc+C<=~YcHaOlWwH=dnmxwAEPHbn;%daWNL<{YW7zv(77q<}G|v=J=P zDY!k|?Ht%B(Je=Dwr1M>5&CAbjz990{{ih3WtVXx%Q6Ow^d?*6Vp#i+CvrC0kK9`A z<-~2@GjfPezF97ET#&DNR(C7TH?u&nr;?lU)RteZ45M-Ckw^Da2OSW+9SM`_U@(&NxZB}g!vM(Z=^pTOqG;TfiascqqYx3^Byc$7- zJHMu#SH4r!TxS{i3ky8p{W+lsjFL!L1SYDOLYDNILS~cPCoqWydeEr(6eo9ZZE8#s zvhk7zs#5V`Iz^*u?6{`E{r>ecD+PIV8ETKvdkqp#dGmGRNfzb*)7B! z%QQrlv+M))#*uo`a2#fd<)OqXr<+(Ju+@@JWLp4OFZ}!92-kJM0`ahF7d5-KFF zO5RR$gl-)&?{Nuk+Ql(%JEo_exg;7#5$1<2xZDj}$gpIr;k`aa5gZ~o-FZWwRA@+5 zXn@r1d?&^8$4;2%*iIqp>1_d7xU^o2827A8R_xY9s0R$lt>pQDAMs1`JcGImhkZ6c?E z`iCSNMLkRUR5Gy98joM)faOwYUv#wNCuyE zS1Z^k!C%ivPYOkywg`z{%cT!*VFYDm3PCXHqpSLIjN^En_N+>_IIMbo<2rDupwCDo z0^1PnPfMbwKBp5eNKjO6g(#VH$)t=^cGy0l=qO5_iL_)~7~uVOB)l6}wAG=Rvf8n6 z|4tW8OG4TbUisImIKda8;N0$ASMqAS;_JQ5gsD(}(a@xFl1v)>h*y`&;Jc^$Nf=o8 z5w-qeVt#^CSiWY|uv_lb+OXp5bfvZ&{L2Mh0x&71Gn~`J=;r5#M-y*cB|UEY1Y%;l zd)(wCJJlw~Q(D-yV>_~mub-cTUF`457uvn8aY@?D^X%9utUr*^6yLIwd*~!G@Ez+8 zR`x~5<-{aCii&7>gdXTQ(I$Ipha1wd!t(`I-l)zyZxk=OK3|*GV^k&&Imx{d{0<_8 znn`9f26N1gK1 z4yH`xHGPvFVF$vyi*4%Dj-@v_^i*q{gf?8+&M^Jo8rcV8!QP5KZM!t*g;GMx+_XF> zp`{Y!;LA9@R`5XJ1z9mt##rO zEP+)k=L?ZjNFIlJQ%BxUe>@{^rMuJdF0Sf|7b4C$_C>-blhHR9$yM!)I&Ki+0B|^pOs2BD<@MG&S&! zD%`;x1M4Cm#TaIM2?-GusKs95d|;jhqIqS*1uU}wWe0vstpAlJ> z$B0~6)#@SG{-}x+B&|vRu!}BNw;M38k1U<15gJ)j7w(VgJ(~3qRovG-#$*0yD|v9x zbO8u(7BnwX(g%liJ_;}EEw3658Pi;GP96td)qAEv9yy>{KS#|ByapTx?T*}d!IWO| zqMRfhg|!(@|mQLW-prvX!cK z_lz_q<>}>u0ll0NH5o!gBCWzRxM<9LTAylMm?QJp0FVP`mL^jrQlYxbur(ax$pl^1 zG)X4*!Y&S_V!Uz(p`)P0ig@y!xdltO z&Fdr@yu}ntMz^k4VVu8)6Jg=J#MZTq~8!xz2pRcD6-jq}3FLy7dR`G8ePE^4@11zM?gJvGhE41@DU(z8ySnxEyJyUo;`H z?2kra%6`yWb!;4Zzi5(%MeiL!N{wH~o$5?`v$u`gw@<&$;V+97Df!5<$r+kP$J?Wk zMVAO}f^ji7pbGy&w|eN)9jre3)Hpr!vj~h$H=APu={3X2==K{JWX|Nz`nssK%FE*M=DXsNqB}8oTfcUhRDbwYCiIO(WcLzgp0rs4;jl|R4tSB*|0o5PsRtQwqqVP3 zZL&X-9B)QeMJ#F_Rt1Oq687UVqRb9GlLT1FDIO-Oamoi7btt&QKp$H>O16tS&-%`+1!u^zNMyv*3;^^O{4tG*A;b*4-)-41cV4=I=l-U;9tgl3!|GXl zSf10G)S85~_@GmgS$#hy+FCsn;1YmUqtO7*{Q6#|L4cdY*59E&6K|`AJK8{4AQE## z?m@I9i-sIaqm$9CBine-y&oxHU7{(xd34)1&TeA%1!5`n-wqqNTFa zVxIEBf~j0>|HstCR=JguKpN=hR%Q4FrR%%Awo;1UKav(ZlvZ|$KnOn z+uhP11KCorw}1#V@Vx@OK#XTtc4h*HWkBcA2&KO8d)n(Pr*TQFH=d4bEjvgfKL$&?`S)N7J~d>ZtLKk(&_#6vm#jWJCtz}&_M?Aa$t|^4 zvppks)sth9wO~h5uS2nGp0uxe=j{%XspRC`P0^IjY5Zd2-BzA z52y`N%X-z+T2rVV_X1lnCP2l%4Sd4N2)FKN(`YO0e50uX3AYMeT<(1}S!J~Q&33&b zn9zk-@%kA3j=(xz=L;`)2GZzZ8vORo4>w2peGtxZufgi9q-IwWD!UfY)|ewAXzydt z5kuhdZOTIAKzwUrvuLHGM8Mp>4U>#=8`|ny8$B`Y3i7YctW$l_tK^fTG8<(Tn*EFc%wo4|G5@I~ph&7UOCr;h%@vPj> zZ)kds#l(-#(Wvm0k*7F$ai?YwpXjJ1MbjOUr2Bv+$h`7hex?6$7dG?j$J>>sa{6yb z0f4uQBZaE7H<_mWEqhq~3wMh6j*pg%Nb~T-B&z+zwW2MBRJW~9Jm3*Y^1GQdH(9HR z5-SuX<2itMaE}9icRoUPq>GDf*)KXoA!a7?%?^@9Q;S;k1B_i1R&b6 z{~{@CQcC}#J&^RZ8N;_$77646>|)|&dj9hTQr=nilu7EYaIq3*O<5M7MbNeDa69Kl z%ig-nx>L9GB?0a8!S&Pc(g3vRQa_qpXX&kPPTZ=8mHGOrR_Q_RwB5nYJ-<3$?Y`CRehIX8yqc@eRV@sd9^CW%%FJXSXePKp| zFX98HF}Q&Csxi)C%n!9lyfps=G3@-XZv8xHLSpvZGw!+&_c3@Z1o1_ZDW|M3v>DA@ z%_#QVnzw1~O=f10$20VW5GK;w?i-}9dxYH_sOX|NyH|pRsH^74SF?T;aj+s1^xp9D zzELg;U0CiRSWvzjZUWQCq%9WWN4|HE)~0#oIT7lGte2+opHrY!sYsn8_+Yk2Yaj(= z5Wae?3R94-iBhm6dxLR$F+3@mc;SY7wQEUDPU$jxNGMG)Ok%Wl6vu9Xs-D zQjyZlDZLXgMx}jREl(*r(8Fq($WI+=YRMV>-PN8noyPGUgGeB*PVVcfyG{eIF5gZ7 zW9Pm!NE)INoGAInVG*R?)DlPRyB9hu=+C>#9GdRQ4=T_|K&=xK(=6vcz|qDRRT?lg zf~Yn>pYA`rf8G%5jbg3h_sZbHErPf4(Keh!1BL8-@?EOHxrcURJYyyr}rmMZssq%#?4ZD(ATFd_t*nM&^FGVW&A=t78`G z>2Pl5Th7MlC70a=19A7%uaC<8%1BFol(OH|F)t!#KS91-PR$YxBSVVM=^ML+X`iHF zg6GPBN4R+L(K4;On+T7gAX6z~g#N5S+VSYTq~{_HdBE;gDrGyk`{ECo-g|ZM=B!zb zK~q)?xvD1igXBrOIATZnY{MQOYGF(IqinguA)nOadbV3yGPoM+`*G)OlP~$hX|D8` zFn_c29hsT@ik17{ZCTTmC%)ZZ5K(%>>V2u_P8Gwm;@vHJb-&9?d!otLKzv7$9EB?34p65Gv3WOwO$Ki*ht+5&4 zN#rSe?6r^SGN4%?08k&ZF*VbvB9xH+o{u>5@{cBd!yQ=SF3!CBub{m ztPp^o`Wg*>ma^nt^5=R`+a~(u`2gkg1BcFDl$i9gWldZ?hVK(HQJ7jUpU4FI1j_68 zhU*757m15SrizKAAt91xA99Pw?;PMtoy!5x#xJzJI@g+gd zvBFGzreDg_;A7y(KDce@PCHd7Wvn;DO*LQMfa_*as>MdTkp-FiI@}{PVPn>+tqY!6 zy!^OiXTB(|$*N8tSLj|Ut-lyupm^qPL$b?O`NIBTUTDWF*^e$rF>1=~34yq;n~BQp ztiA;$%LS(%`aTBw=8Mbc=QFjO(O^F#ZVDdapqN@sC`F_S@kD@Ih62g!is7P7tUg*X zmpvyXh0ee*?epXf>UT)h&8jY1yRVzXao!fKDSW22pGm&grMxKIIO1*L9zYZ2+nPVA zwksI(&{{PRbT593J-YlXUa!yNPn!yQt{CAP4#$s^i~!aN9D12yVR5s=SfVPWf|M- z&D`2iyw+vr^?O>6L`U!;l%upxRukC7iC*k(eOWEi=LiSI@E%3E@l=|19n7ftWnhrebl{>@d zy(A%Fux@IqO7n)>2gVB@avuC>e66$&l(3P?^&qK>hT+q=qYWl9`L(FJcLtkVZhAL6 zVFocb9DO~-EG%L;Ejt2ysW$c{7HMdQ$e+B6tu0L$)to~8MwWDxntxHB>yx%&6>{(5 z80^X}UN>P-6u9Xnv3m^Ltl^fTP?0{rcZQCzfAVtt8j$;fu{g~&LQ(IPu`i~dS?VaY z_{iDq)*m~n9GO;O`^EbXrt2#llf>^z2agSxr4cDsS{he zSBS?*f^4ryKl|Vy?PlkS8lp-~f<@x8 z8X#swbOA#Hcb&3dX36t!;Gh#2BTec-(_t6gmNEuo&&>2v5^d?b(Wt&$5>MdR>97*S8a$mfn^&!!A&O;MSY^2Ds zv5&WyetRuG*C=K)xFhzdqztPMnfPHQ)hO8i?#b|!h((q+u}ca!HS-q6m;o0IM_qGA zCSf%^*+l<#+2vY`#%T7l^vAh_ta|ej6MWo>E+x{+GCy}cl|}g?>WT)=5Qp2Z4oc3B zqok1y6Y42dUnm7{Et#)P(+iz?)wx*3dJ)WdMj=m4$g+n%bYuBUqe*@-9BPzi)55Gh zmoQs#jPyn~q~+h6-3X!L8W$TYBC)KDU4F#>d{Q}^W^j8X&7w1LMNe$%qU~E%=)0Mo zW_ZR4A-!4CVk9?0RF5)raYj@qg0S#Wg4AjC^0>VBYL0KxnA9cx{&*q{Q^~^KI>ye| zN(wAY(H;Za#601KmE=IKfn7N;THsnvJV$hQM z*d}bf>wJp7pw|Xx9QcA$r;KO&qLt3t1V3h9@GoYHK(?xaYt0bKhNHYSdfz2sz^#n)Hzr6;Mc(yacwxD`JMEeQ&)6E+Oqb=18~FT!tus!oPw>8Y)m4r`EXNR5 z;4YgFyeGn0SIX>T27TiCHJ56kabjTO`vy72E)}_Ksq7IdtcS2|*C3U)gZ=&;Tj4Rn zJA{74Ym+}jst2535Eae$Q14wLVs#LvB65<-=7p{mIi;;+r{|@IsbFDKI2vwAmWk;*H-2|UMcM6{PKjFK$V)pj zCT06A$R}Dtn~;U&-q({unr>s?X*J^^Fm_~-o8yB$M}6zCJ80R3I%>)(ay+YKwP>@1 z;Hj<17ivwami_v4!5R(gEHPFCthX=oc_3I6I&eB0yidb8rMVhGrMv1cV)Nd%OM^+A z^C4h&dkO0^>VuthaCQ9N;f~MNNZ90nW>F&43F&1a+u+t1o-7{<4_JF$H&S{hIE7}k zH~;yHen07yg2a{%f%euRZnxss7&kYEm$IH!(SmlmL`0LGm_%Bf-Pg>(H$EjF`e;p} zZoMZbQ{ATng5KgXM$I&EMiLgj<`1BDCZF)e#N zMpEe>2nZ@E-6`Fj8;Xh`jez7pKzekSbax4i5H@P$$dT{!d-(@8p3k29KIb~$>pD}` z`TI53Wm=720%rrWHjQahumAPLx7@7B>81X?uVUlHi-C<2p=MDrE!#HwO=-5_s5Q5V zq^{z@;yWsgva$!q-e_nsrf|Fb`K_c82K#EHqi~aW+$67)pm3Dprp_*G&i)9Adh^uG~Lvn_i+9A-;jls;2*V6 zWONslWLAVJHj=BqERA)%y1yS#t+7V=xuaiIwox?s&eyWPl@UZO4yGD{`a3d>8EXYB zGeb!pWTz5CP#SQ!+~`$?<>JS{LqbDjDY?CRobQ?;4y-=VLuM|^FH33j`l_Ybw$lM# zw7w!%zWlpYS0OTAk%fwe$+g@r>sdBV^wZimxFslUP6s@l z%EIupt*yLAT4~=FN>JB*c*@IX_LV=pIP0!+9H|dmPPm$FJjY|=0S2VVyCBDRx8-*5 zeoy7r+92PLa@4Kd<=|viH{A1iKd+J4hT=cYR#~ZZXFz9VtQUcTuu zlK6C`FXzCHb=qDbX&KC4z%8TzW`Ord9~9i-gi=)`+=2cG-<=J7G@*-ma!*b^iy;lD zkntqIe_}vsBXB{CM&*dlPzNebV zC@&C`2$4;2`z_Y7PVd2dBFZtHklpNCY*kfOCPU74{EQ%E3WjzJk3?_Y3~<&XyXG3s z@v64o}L6+4Dr0wX$c!pn|s$FVFEN_H(mo_H&wxB(u<1y4?8T}e^sW_Vp62JOiuat9Id zC7@OoSdYpsX%;mp7tb`zvHR|=-P+!T##r#)ojp%u1n~#hIPtazx-yL!=}9b|dyJT9 zwdZ-=Slo(hYS2Bu4CwX~3(%aU7d!2FV;6Kt9UT6?rmpmfzB1Ug=R~4>2@B!;wlAGC z(p}(qAa~!MM_8_(k&0I%OHr#p0+)H~D(BSxL#+~5=-B1%dGA$x#PuN1jX6eNJqJy%xgZ?s5vT4k%dZlt0>13UFHQSf;ca{JijoRB(#;A$;+Vqq#d`r4E z{Xw;m;rHuqHBr_n6t=&d%&<`vMJpSOKI`A_I9muU5$XyV~ zGW5%{7~l@z14XXN$+}1#jr^4-hVSFkFR$!;{DAMPk5r^=K94vrk3ohrE|(&!$B23{ z1o~ewk-7BP>)fS&&ynJ5$EG`5UAKlK@4&}?;IY%qR}Hn4tUq&0g~iV3Zq?(KHZ$(> zY)nC}0MSBfKTqNJg3ZS}US;A06#DaKH^0LGa@?s2z#Lv09du3Ho_(Im@Pnd^onk~y zo@XhK=hS=U7+)RNt&&o2MfkzqwHvGiM*(S?5}pLP4FT|lxuke$r+ik69INt9xjNux&3We(=ky-OkwMI^wmTIqgso{PBmdsd7a{q)s{On5kAk zZ`I%)KyCOGv5K82s-Nh@_~@vg>c)7Jmorc^8kWs+%qepmv>!vSU^JO$s=c6^!3yQTz_&_xg2 z>+qHn6=m1m61oFdMs1(GT+g4m#YP>521B2gPpF$THJi_q?ODHP_wp2E{Z=r0@G_{b(qe!=nmcx#IF|f);z~}fAoPKsGjGRGlVg4{D=9# z>~%$I=Ed%VB5MX_v^uF<7FhnuTWk#GMfo7`o+jWJ01^GxOMdy_=~nh=5l&1iE(jLj zZp{V_cHr8?-xI&uVGnP{^z=z$$T^!ZEefXF#cws#0)@Ga$8Kmjd<;8ka|Q%tWPa$= zp$DFG_dos79!d}DEa~&*EH6UK+f1m(g+aSwSU`SpZB3ERS{s!V+gJANZc+zRx@=?2 zd+M*BZ!cECnd%orx_xaFRmKh=!X7WK-98~{5Awc9!}T@wKET@!3f*g2*?*k7><~Zm z^Bi3hs@~mtFm^z!3LMJ4n4FpTZWVo{WJ&J&Q{83vDjql4nUu}4;l-tnd)(iGeM5M= zJVJbf&u8LWt}rTX`2OL+JZA6GvJ~$Xkd-*&OmP<3^DW@hE zpJroDK13jjVs};@YHZCNYYBTV zb1Dq`#dHUeExRiE%f7`t=AJDALngJL=h77~lbeh`w!6E&TlOsG;fY@Ux_^b_!`|yQ zSqX=)ENmUP>A$F}U~%veV{mkeF%p2N@1Sdxx>DPDtIcRvcu=GT&{7(!Y_}_jUPy`JSm>HLxiWNN@ zDwvD#jq{K#++nZ&kj~irX;L`IwYVVeH0T@>vk^Xa>%PLzm!`G$pfpa<@E1r%1y59%4_HV~{OFsVaX2<&JJo!E3r1w2P+x7g_9y9|cCEH0K8@2qWH2#3^ zQsOqcS>U!tw(;=@lC^}j5z30#@AGMmX+f$en}y`@luOLUQ_}4ZKIOmv5YsqP=^T}I zbRTFhP<{fBQHyRyj(^-50yljb@P3@{KbYg>ic`j>wtIws6Ttpp#<#QjX%8`w-&+P7 z^=|L6!Mm%kz6x1YfBpL1A*XQ3)cQD`*pL79IOrvF=quyI(yD^QnM6lwj)&y)>}n#R zb?!bk7$*&qu;4Q?nIr-5L=xDqg;PLsI^K@oFYlen=LAH(ZPl^`)%7VbdD%#mY5dSw zWXc2@e+=~f-GNhYo$57&Vt1)<`!(34fxy$d@?OWh*eUBnTA2(m&e$ z6*OYb$2~xy!S}1!lSg#K3E%%klRC(!_OVgQa3!eh;r?LBq;i7xY7>t9el8?b>&mIKbGQi=-^J1v&~*Mm>u4MM4`L z-k1d!vMM*REIkPRj!s&EL(2b-PK*0ngs`P3kL-UFB*P+p4=|e1445~4#8-Lo;l1tE zTSln8`E3vJ6ER)0_s3mlJ7A}C;fmZ6#@xBh%sK62>p^w;#V_ZxL-L9pKyH;0g^0o} zhyC}BU)lkAO3e7AQs7(UpP+Z`E{3QeH`8P=w1tPq+=Q^MQ9HIKO>l%LNqemeak*K9CPBf2hXcH4re8?KZT0nw_Y(~Q7sJ{2(p*a{0X@@B3AE9Ds zF`syAHL6m#OoB=-_en7l;A3gu&p%ET9HitqoS)`Ia9qRKWK@se<)DwU+P0?K3o^gG zKOS91Ow1i;lGDxVx@E3S$~uICkSDWE>w7ibAB>I)4qu0)YLP7PaU@QrOv(@O_0vq7 zp42&h<-jabeytKYEAJMcK?99UQSge(JIt>xQ~VM+dAuG2`c#0YbPlwljCD%|CL?U+ z;*;?xVryFHHQO!DwDgVpAIDU06e0(ESygS%?%z0W7P|8dz$oY@tO8gxb(fvzZp9C!>9d#@3Ci@mkJNYO;XBF;?n_ zLMhwhUz&>vz*Xu-UVeupEe@pn$#X(F-N0k&qiht9r^rp%z{-=CFSU$bah{pw}oHGkJ_+eUsZOf>%zgC z+_R;V!HK?l)ls4mp&$|L#e%`|3#x&Uce}Vp&8}w7l+7EJWt&DHL$+Q?sScw5TCVz; zrJSlie_<%Dg@b+QlxT!3xQclhhyCi9reOd4Gx2}Zo?rdHf@pZJ`hawSC_A>Kuh`&| z1p|h88ZkIC&`X&6{Nns?&fK!9sZ8v%NI9`2b}u@rh>6xZvD(<$@c7UyBepCW)j^b) zo6&YSO#V{&fHr zwy@?cmv*e`{IHcYW9(BDRF!3%e`e|f`DqIUj`NEV&j8ra^^o9vdXUV-@L9e~JAqC7 z-;5^M4ariH|Cv^#E<*JDrg|g%sGo1T+M=`8&5KR#zdV5FZll~gm%(0_d&$Qxr5p7y ztgUJAOAp$Rs*PFp9&?cJ{>qS^N~uLzg0g6z=fP#+#CmyFEh3&VV56$#LQ^@$n;LzH zsTY?3zmRA~+3nJ&^@qb#TaG>tlnq4*oDpg2-e{h#kr^Kz?8vp(POrFuJ31olxvL1D z7fQN*`rF-Jv^9M(4F>0$^&4{9Ov1NFwq(V6 zi`VWbQVy8cgiwBFZL{Vp$tP#q5LNcCDHDi)6RS zYECu9l&1=aFMgjsLt~Qn=#!wUBA?QgN4B%mBddu|zu-RzRhIuuU_IPIgaNW4OFxcO z0(w7(hH%Z`O|zS6f}7Nm-5i1c0QTcR&EhpB}RGxhFghm_s}+9_BGWY)=)!iv}z9}WnP>~jPn8{KBrh;mBiVV#2s={ zr44D2g0J$yqf7VNX_H>>LV@d-K->O{G}*7;GMV_7kc!7)*s`}n;-~otR%u0zXHs&i zw3E7z*#iF+a>7=Lv+kpN?FFh(@6&nMFQpE z6Ez%wNYA=0K*=3@pQ-V zCF5z&BbR*0>}CfnW$LcDZz<*I4YzqMxt>{Td-_c7z(%;_m2atx8ZnUwSiHS7c{k_H zkuOUfO(<7Jl!%pfbg-8Kv7*q;Jvcrn+bD}65>an9hLydE8FY&E1{V*MAu-u#0Dct;ep*$e8QSnG%3l zSTsn=lCQu`+?X_g&fGUnLFOwrZ7;v0iI60lwa4G zvd$CH){WvXBx+QnLSO8N=UP(EG!(?z6|T36$IcbCyOrrlHJOOCo7HL$>vn zsXA0wG^P5jWhewjF@!=#=V^le)k%bWqQiu)1^(%#Xt1_mAt{eV?&_VAwV3;sa<2Hi z18X0%I%%1-M_WNHuO@=m>n&M;(Q;V8)lgVvaBv7)J--*p15o!KESK6IM z)qE=C4j6-5JZxoqC17psBc80`_ERV1rq8^!QeY*pNuYl7=TF_4Mp0vg8DB0;PT;zb zlOoofUdml`1UXSw@oX(bzZa97xb@^nh&QO*>5CZFrxxplJ(`x=6?ft6-%lX4whHvr zDY(^0$f{V+{VCd%)hwz!>+sPqKs>;s?TL5=*rlGi=rl^}Q8KC& zt`GW@?eQ*Ek-UybS9F-^v@jhJD|L8{+o z-)@6L1P;puC)!ol5Bj{~qmG+hbB|D`*~W;sZBT2-}#{w2}kUAM8D`vt4eO zuil*!I%RW+vrdYxW_4`Q%ybcx$s~0A$yZLJKLxQ}@aT=63{Bhe8@dgILY8>?4}E=T zw_9w-%WzxbmlAuDnfW4@z4tC1BJ4k$?HeD59mPuFJN7i;t$vNJ98lI*e&2I>7V|B5 zqB84xRVW!ntu9~#M?dy(=G#{l%q*)Mz(ddcRi0@%paF7eLIc-hv`$fxT?>Cza6UVU z#elUxY_7#RMqEAh9uc?SnfObf(^T8)UAEw((`xnMZtLBvqn1{N{d6XXWK@%0+)T*k zmvhOKzud6Ef^@Sp3$ zn@;PGfua@Q>$_CH)`d{Fe(Ue;x6zpdGah`)Fx%-*uyeHqMvW&HymP%x{x*rr(41ht zkX7Cly}Oy5fuQoQ0U6T(?u{uEtE!^dVJ*q}Fw#{8H50ufcExHG7t+}sgT@_)#{S(0Y1eJf9Q@g1{d$1@j-UU}`-&Shx29ga87!IbJGSM9(g zBXFVXAS84 z4_%T-?w|r2kpsH#(8k{u8Yt+TobHn7);?bn#^)M~1j&RpZ0B@s1^%9K#Obf>*ZC@W zZRVmPJz&?l);)D1&-uRFx&5CfV#BGo^tq$KSA&$+Id2NjOX|BBj-fZO_PajG91Xoc z4> zvcv+emSKyazAkNJYwYeKN3vd~G;)$l;C(WNm;Cy9o46x_yC@$K4igru&0_ zi0LE&@yR4}39-0yGwQ+GClcD^Cba3nzSeAjXNXK!CVLTnU=;fI;YrPP5w-a# zwz{-7KBv%bB2u4gugb`NI;YClCC?MVW%ol&ZU(;Q+icGA`+#5QErhm>O6AT_T(_dv z>wfaPh9}pv&b>-s|JN41r@IDkC<3m3Uv2ZY>+WA~&c#Kx7TkIN(?-agtOLBguAc5F zivo3LZ`H&f_NNE!fu@=!+g)MFu~=b?fA=QUwXyW2lI@$FxEq1^)EHTF}`4 zen}HQ-K!ZNH7Yk3&6gt{TFJ~G918u5FN4qvPu9k+G++*@s(5!Nl1>?y7sbsHo7OT( z?GWI1jMV{GVkcUl?zCY9Kp_A?qPHd1*zO%ohIzUn1zPJy!4uZm6@aJ)A5SM=kJAr% zc80kyB}#3%nrmTW(vy+c@Ft7^!(yC}v9P>};M4fA(pZweCRlm{*K6X>kwB$6vMo?t z#E9u-Jy~>-7HCtLF5gD)j>Mjz(mB4v|5PP!&B#kolnHGP40+n8Kv9_+WES!v6KPq? zg4b$UW6>*;#r6=@(W?Dr2b(0qhA)1hpbIo^cG^p;4A5cyssKr8bGrBK(A+u7W$qNI zA_j?`7yLhs_}>VB0wDYW&GXuVw@vLI$p|oq0D`W`liEFos{A~q0XOH=0Q_fZ|Cns; zbC?mWHbAZkPo#70{K|JL~!hrX_PsJ-* z-+HXrsOT4GX42y9-iaZKv^;p2hsOuy#;n?YW~oe;XYTQfb0y$7f$qTPS2DU^b-zV0 z!5j>Z(cE~31NBpMmrvbS1;j@WBv^m!}^QVeAqPmAGK$}F9U+|8~6JvQEsJ|Xc&{RDGqOj0_u0<~ATy;##^SUG9O zRt_cQ41li@zw5{9r?mo>BC@W-?0AQw-~CX5{}qfMbBRw6MPD}#gF!Cvi%J5JJ?Ady z`?Q(ll^UH9mi}nN2e%Qed`QsEs)YaGDQ_qJ zB%`}0rlXtnm-|iv(46iLW5^|z=CV<(-)7Ez(Wk#}aY zD+!UoJrQu}+W8dd&BgB*Zsu8hLRiG5ikU|q?dO}ys+4O1n*g?LH?79T+m^Fcw0fMU zAAOAv-8(Y}Eq_jm@Ur`^x2yELZny;U!o%eEX3RvEP6C6;w47S?en)H2O(Z>d1p4QB zKI7SEUgoWHTfeA}d=%T;_Ouq$H~RS710hV5(rwNyD_YnlKwhA9 z+ZuXW{WzZ*a3j`t#9M*JDPEO~{UxmOr{lbxxa^&MdW%y^8`(unDo%R2b2~EF^8R<9 z?-e45{w4~BwnYsi{njEmwZ)@3;)lfG4m=$OmAb0LQ{Y%SW{w-*I|&Df6SQxwE4_#F zb&3wMMEw*6v}`u)RqQgx)`@+hYLLBcHEh|jLZfgLXD^KQ=XD1vK6uIjO0Z`G^wj=M z0vbfB%U%IotnW)Z9}goV}3|u$if}oyk2|W;-Cye1pi!q|eLMindh?lsbnOHJ+u41Qtsh9NK53 zrvQdM*R7#PBz}2h@k?g(sn;DnAFr?H`5N8$Myxd{cOsL)Dh>~#L{ef_EV^2ztRxeTyfv&UrAEU!P#yEKr|ldo&Za)ImX zt52hs?toAfFX=joWEM^f`kmqytc|`Iw2G4_(?1vsyq6l_TK2n@#4vkcSdl^d6A|FE zb>juhae|Mdhdi&|DvM()#M3!EA%9K?m>`Wpo(DPlLyVRGzRH-I((Moyf!~KuWw_Fm8<%RqM!O99UQU*+Q4ejE0 z2tC%4VTk6`FW=pfD5bZzc3+AaoUZl=*v-MS{x5{gd(=toseD7_oUETsC3~P~LD+x0 zHlZ8=zy74Y5<8K?_{^Q6?uWBDLY!le$_&dt?gHWTBeA9jLB8V2W3CtNQ~3ofE8Ys` zu7!Nt|;2C-7D=OLMD|NLzG zl%Gr37;9M<(Ny2P?DcQ-UftQHtXR=Ga42em*$TXYW}d?1oXLJ&@%kyYZTV{eI%pQJ zlIO|HdO9n1LRl0A=TV@pE4>2_56t+6ff?DKYP0s~c(-M!fxcLFFtzaEbNSoWBkm;Jj0LxbeNz3k@(gZK6x za;!m`9@igu#4|}&vIEH@lezjKJmh0Y1diwWd*!xMZw+Ff^+U9VYcvujUG@B+S<=z; zSV0ll2^2ampO4p|*sp+M8?XIrs88{=nG6xg0xXL%Ym;?4qxavPzyqyB0Eh>Faxf?Q z*!WY^vuS2ZdN=Zym8wo;Q2uAs$k@48z}+Z%wp{ z*((}{xNj!9Q4BuJE8b(i+MLHBQjrpB*^2DVJ6O57;jFJ>gw`Omu>alUDCH(CHevm6 zjyvqGoUFSGoAJ7@I#+6h300a2RTQd;?z~aB7PqpT1$ugtaE(k%XS2M2a?^3Dm2)%# zqogzr%MgR9V7?!pywn&zhj6Mm6DrwbVbvEar8mNS2Tgvy?5OgYxk@D>QP}P70quO* z_#$L3Ozmf4{-8+tl0lEr`a1)M>yQlk=T`ULYCH%c_{J@%(>~5VeS3Rmq_;@e$B@xc z^nO)hAwd7*zIe$1RJeh@YI$;%eVUv!KY=MUss0gtPzWYhdLa3JyRtVm&0LX zKP9qM7mGXw-p|VQ*htKjWL5XPJJ?lRF8WT;K1BG=*&r;6k)V1Pxs?p7b;6n$InqFmgN2_F=;4=myx!#H7X+Q z{4G=IK+yeugCNz=lrif)04L|;UEL`xteYPJ4ue#*Vb{K{za4Ur8w#8*yNe=vr01ygYC z8$J~^xI)=%RUjjE*}#p*{gs|+{P%-r{=!T+nCcg)*L|M1c%X50(Z2Z@$aNYz5Yv)$ zI5ne2hW%1)jOi#T4JFA$U$KXS~YcnI+< z6s8WHV$(R4T1?sH#B^8hg%<#rYuxwxmfERb7}B-g6|_QeeE`13mGgM*iRLK;IF$*!#$W6OzAoLLJAGf(oD zglVngqdh8z*wd|)bhDr;C~ue`H%W>zhlYzK9!Rt5weubei}}X=N#CEm@TsEJbZYid z7|4P^<*LOZp6l7i0-f-+;!Al$D!;>o&A(FxqGcDd7UtCYH98^nxSGOqS0Q!Bn{XD5 z!b_Oh*QLr*%m>cqs$c8bH#a-|z`@zVPT6>Ek&}t69NEw>Ob5Ux=^#TCUAmm0(2ICJ zUrK*tgZw>J8#|RLUFT-sPkGx8yizF%%VN^aLxF;?-iNsHrDq7#i?If_t2TU$wAg-% zeBelPl1M3mt(sMDoV|@+j@4HUd;kK?V+Xb0VRkRnmpGwT#VYm>xS(Z=zhZ?qfx_)C0w4LK$ z8~O(aGJ2x!H;iuzUKZERllXo4Y}^qZG4pG#t*`v=t~!}=ke?_MAYG;X-cKG{{=R>& zGSaLo$^RR_CONQ0L8tOlHfg8WrJ!t$5C|069VOms2k0n4r93b{uHAEEpa`3s|7h}W znZ)flR*%Wd;{dQZ@tX&ahr(C}Wc-GC6yo6Pr|@Qsyiq zmo@*uqiWQ2tYAz7=yJ`Uq{Oq$`m%fq3`{S<_s?jdk`RL)asZ?vuT)c6z4ugSRRL;(7ii^HQCYDa>Rd!bD*U|ue zDYPeKHHj=cM4#xEln4{nuC&?t@m(En*mCt1g)r~{H>dnjcq zdhEr)5-wTir9qSe=!-4S%kNI1U;*BKTX;^vMalM@)7NrLn z7E@;pddjobXEfc~6j#fF2clDi0)HjOYH$_aT#&@1>J?Vb*juRkSSl-`7`~JsOfFzY5y-ChU^yW;QDe6Qw?;s!}$)zIGIFH2r=#X}w23 zjW(4M8`J|UC&Ow|$kcA_d^`!B6+{(O@BgN5ypVnA>NEdQo#cI8K=F29&u>WUA$_Us zqcR<@zxDfXUNSB6v<6N%R%Gz5%q?^6TH>+Y1b>$ai*ZD7C83|o2v3L@@Ns`AqvssC zD6ss?>2#h$c=sh^Ey28bPG+fcGJc?Oe0?dV1+&!weiY4F_Zrhy!YTo_Iaj6y{K84H z1R+|6+fT8+2Q_Ia4vysJ8}bj!Y)0jJ=`2i3$fL*B-WZu47C{hr23};EE}OA6$W687 zp*6FIX`5o4>lQEaHRrv4qFo_B7>lR~rQKq^4yVsaoVOmI<(*GtbOeYZ7gP;?UM)W7 zfeFHhR$jq!AN39Be>C_C)|mZSLms47-XL&!<5TuHGGskU^cE*;@Pp%OEsG5QU4YSB z*!j9rP~tdh^!CTk$bPiWJ|xv=%(GR$8i(Y01GT$NRC2?7NHjg+mgxCtP_ID+{qc9KhNV zFM!2N2HcMK={N;Q)MUMV*ftxlSpAqM3B|RkbDw_hw?er@rRyfU5JT5}1dSQBA)DJ2{Y?-$gSMFHAAtnE+3~fTss9k<@0r4~QISqB|+uR*p zG~h|*8oiLp{Q01o?riY63W(*uRvh@V4+XmD$Z!3Rh`)qjvEz#S#*9OK`VOH;l#T{U zC-!X%y)~cbm0*5B|LybLsXJhS9mRv~ztdm{c1*n_q~QMDTDOcnu5aj{wVz^~y7rel zv4g;+6_LC8Hdj=jW|rz1_*lH&Df`^-lV-476MY_btjaE~kENg(kZMo-kcS(IOWD?l z9edt`rdP+g4}kOnWyx+lCNW|e4fQ5g_^x_%i`2Wn)KAmz|4gBvM#sdRoI9NnHwXBA zc3yFOavl>$eN)9U`{Xj32805D*^b}amig4PZ$~C9lw;j9)LyF^;mCQo?z*kq9W|{l zWv{GX%OTZim>RbW`;XxLTE3x*V+oNNTh&*1pu*$Mlyvi##>P@rq8<{G0ng+p08i0q zMdy?aM4jlQBQsiSVTrr#0o&$6#H{PK)LX#)8Vg33>_1hu$%>i zVb$V2)4`m*bEngGOzg>=+xcj$=2+BHh$@9`4PU|RTX4aCQqC&ne>YE8=IducuLm}^ z?I~{BMMbeMQec#8n)*l^fnDqPQ6g3TiYv|}a`Hy_7@PI8q?ivwB~#aSvq@XIZF?Zr9AXJGk*Y*17u|oe9`$8__ckLLrZ~8W=cuyKH zHZ=~|tZ+C2G+0-P_F3kn1RhiMf1=xtG+CKLKn7C$o0N`Og~D}FfRUr-Pp&b3(9*mZ zTvQCKQh(=&A@}`UL!USxwK0jAYZ0PsJE$mhYb#0{gS9?zcfnXRAqC^06KPqQnp05}D zh{rSu?GQ>@e(w3!8z*g6d+23YHZ_zOGn1rLEjYCMrIZhY&~_kN;I8B^q@iJwmHJqh zF)xPN!;}_`KYagGa!l=+0#V*WZ65#Mdwk28j2E11Dw!+L@#O@)PhZ!7JiV>81qNAP z7cTv9%bBpc|Is*Os1?HJ%h1^Os!2d*W%Q-?4B)~Db7tpH>c=l8JNSYc?_C&Gzlu65 z(7y9-p>a7O&L-?!#Hm_zjp?-GC1$EEfAO-tJFbo_53BCcOy;g8qDTa!C0r?S>W6%3 zVtF}YKHR21Pt>V5CEjNwz_vtz5WsCd?@_5>mx`V*^B$;L~fHu}76wDSqbOAFCq)AaU zJHd3|r}vSklzaF2TMcxonzAv9$2ZsclN_~!J6_z8IPc>;R*cUjXGSsohQvE&24 z(J#&#Rap`o%uOvUfy?&0P#?&aGezzFv&8GB;7WWgzPOq$`jy#2&BMx2%+A<*T|cu$ zWF7X^3Vd~xeoxR4U-6y2d2o@m!&k1F?MVyXbNCeK`Cw&C|FK@@G7gZ0k}?WX3@`aRRCn>vEHlz0r)t zim#qVeC<`!llkx^uiRG0*#r~AxegOc_;R|5Pgh*+z!z;intGd7WxJIYR3bWR= zGzsazJtezv0`jG=j~KEa0%xd?x+*0sUVn~#+VJ331#N!-b_+sO;h%c%e(OJnsB(6T zWcByB0P5!2JFd&y#^`tx>nmkT^;5+xFRl#Mir=T6Uc$*hu!|?;JH85yDS5zhj(R1+ zlLZW0CQRdr`~Y3^>-fp z;a&$8=LrAc9fJkeB4CLl5=mb3vu_Uy9-)e}oM@ErK%psSf%X1`{+^q|e?CveMjoeG zTc$7qN(;fP1H>k0MJr&!^1L}joEX?ZX2DRG?oL3>RU0@U_Z_&_Mf`Dxki%87uP2|? z>+$`h5Rv!ZXh#!kXx7T4?ZKs4$qy&-XUh6AZW~Iy#bt?1xB88n zOFiRBL#@vPmOq?&{~ma+JrbTfU~3jG8*!lz{v^ulo>f2Bb;t3*4`LHA7FICwmyX); z_0VU@KDWRxE4vrA=^Jm}-_=O{G_ZW&CG(McSzhtKbX<<(l`sAs|KNxgy8ZiGfcJj* zQiY#HE0j0*C<5Yw9c{^E=GfKwY>N@q_feT0V|N>ps$M-7x-!=PWoub9Im~5?n6xMg zE7KZsF*4h|7ePS73JMfJYXvlEjRc`Vkc~SP~-~gh)-0!3E7zq%tF8L+@#RBLyDh8`2@MO4moQ z-uJ;}6v4MkNklGYFLT+En>Wo$ZEFJPtIGGB>M}DF!uB}O9oEfoj&xQ!C#_d*p^rxz z?pRp`BoXn6H5gcloqemrNve@oozPAarw=_81nF>V0;?{vLC^JnI2EnH`SmlogH3Me z9 z59`sKHv&SNJ;O`%EQV;R2STIlGmqw-{{8YREK1xQxkOC0j}bmlL$3tO{G^Y4;S0}J z_PFTqyd9^fcCF{dVz-*{NxQNOr%|QuG;>bQ>io&BDi~^JcE+qFDQ8 zb>&}cO5+{tBe63n3_@XvYbAP^Y;e;<=TB%BNOSwu(n+w6>&Q*|g8K2P{9~z=qS*{_ zKdHtvEz;)9y|B!Kv&MxJpEjD$^dhym?0Z)xnLW*S630YsyKn1CAH}G2yjw8F5BYg6 zG_~&bJO7v6l5gDY=+^7pm!UZQBZtw^{S_tMhu8<`rgF z>X46{Qige%Wc#Q+DdVuwmYK-Un_|kg@&PEmk9(j>iNU;Eu-B%gg{CqAmIe4kfbKmZw?gMJlanxOHj3UNx7ZgpR*9!`F7MZP$wW zmmkFtkeh8jd_g>V@_?ly_zA18tV8+N@Ag4?rFz&Uy7l`u&L2v8g<}ikRgB4&NlV^R z1(81)nz|MjH!mVG{-{p(`9qTZv$S;~h_D=H=dFE{$Z5;JIlQSL0$=@KbLkJorMfg0 z*9wJmP)`zG8?AM}^kYOOcC}b-Taeug(0hJ&4K^=>ja->LTeQq)yigW9<7V-+wXf=B zCv7x%A73s$pV;;_D6cOc0Gr@ZRKt%Eh=YEBPtT(*T49!bNQa=f_i&KhK*(IGh9dR7XC_|{~^@`HU|#6GB09{TNj(#*HZLkbc@NBXJ$ zdq-Jx2X%{h9vTlop$F8Sbv*S)DA17{9vlA3(qx~-RlsYBJw77By#c<*je!^m{=EU| zii6eNN1z);h8HP-)hAKAwc^8F%p<&cE0kBDWf2SDH3Ni3zB&<^2JPjUNbJtoNqF44 zQ9@SZWFp&*wX(`Y)9g%xaQZy73-#_lk>Ao)p|S#sZ&C?;BWxfKl~MYI=H!DV3Ucj z!Y_MguaQ-Wh>zRsI%pC6QDW`+gBK8z^wrOg-hIC&<=Ge-B%?+~_&G=^MDDEbAM`Yl zu`Rh)bN`yTYhrJExSPDgKKz>cFr8bVRm*!tpBBjHo8b4mKamQtpmuXqt{611}`8;+R8jk7nY70UakDag{Jg&tn>3*n8wUlu4D^I@SGloA-Ylop(H& zUmM1QwmN=BtEjCup<2`?W^Gz~tJ=F}%+RXZd)21Y-kTs*Gh*+p_MQ>Me4oCb5C125 z&U4Ov?)$pF7oua_5RSCv_F4su@-o#hM|)_XHNAH%(|IwP`CKHh*ycOaP@uUzOt-In zJMS0BxPy6%*iY*B^xhrBY!Bqiu2m`ViAf^CO%u=w!vW3k!p9|3a|WmpMIYYo-mN^w znFDa0{4@6w{wZY72bOSvr(KvW^lP5K_rE3R`wH}ryT+FB?dqB19HrZ+2W&6+vk6J= zYq|2B#JBIrw2CtJqD-__1vf*StWACAweF?TN3EpcE4W6tE3a!J7%N0)6UUS$R6}%{ zsxOMl{(V`_5?U0N zYpZ8daws#}yPI>%R7K;_TVC4+^y`iOEbgb4XpfmRPKXVc@Oitrga^7MFJ6wF7WXc?G-Op@2Zsu?N z*iU_iOBeg;AZ9&sC=3z0v@a^n;U3*iF{k^B1=;jH_cb6n<0K-{c;n)bY7^hAX|wNr zChgzeF~NB)>>oxkuY(*>ID~BO4Y)fT+tVo`qZwXedbG*2eg zDPZdxyfTl;;e?iW$)}`EELr=kit;@P({aN@^hj0eJ6$_E9D;sh-v*rlHpl>zd%h#y zal;7NH?o8^x8`Z97X~&~J;EGHG_ey;8Q%<)L}Avr=ZA?@!&w}#$6WDCf&#<`;%Zh+ zj3-&b(ylW5gwnObV)sMb2U>THWhkT z_w|za;KG_kkALZUxKng^K!thl{s{$NY-UFu(lNY$^6xdunYrjX_bm#Gd$ zf*G~Ez^h1BQOgthtF&-Od8QPcUVTUXC}_@Qc!>B-5z&8MBw+uvUEHt{^E1QGI zGXPy|;S3g@{js&dLH#+ z;756AV}Sd*2l_x1dF6UMQ=x4Mm+dYozbtAJeY0!*JWcY$z+{_Jb3F2smK}=cE_+e* zVv(zKKJ?e|s8KHO2nx*NzfY_q?&d_g3z9Kzm`*;a!_4~`;!MN#iF z1mp4O9rO~-SB*BdtTX14d0EB}fc%y>zG&GrRA8>#b8E)j;W2;I0uzkCi#&gO^R#)pa zcwQeflC;SdKmTMkfsNjw4#IcL0X_d7cr+*7_&W`xWHMM6`t5l}owaxR&C(9!b}3bQd~@Alge?)^MjabZ zC%N9uzK3nFd-$6#e`ii~f~PFdIYdTxDu4o3NblW}Wa|Nv0WQ~ZwW|7Py1sg4%=BmTh3iovO1mELN-{5CGAYHl+Qgdl1cEgl=)AQNq5Uh!%yB92$HC^sK^_8JlL;&i5@cqtzfVmn#92l8IxgBMfMHg}2 zg0eI5yTf-LNR^lpb;bK*rhY)Z?e&>IV*32x@b@E& zpr;8V-Yj;%-#Q6R#G44i*#kdZE#8Djov)`k?x8SBfB~gkCq2oi2q8p<4dOL$@d$@Q zMs*JgeQyZ-yhdWnYs>Cp$sqbZRu7@y0;GLXu3Ke=Cz5FN@ee%r`JU#DgnLYV>tBTBk%c%-sdkMAZs9LJ6#U2kd`Sqw zP6r42P6)+KbhO)gIItl;Ok@OU8YWj;Gk@UuqpVE5+BxVJVEHdZgMLqa#=A&KD1L53 z+xths&@agd6D_bGdaiEe2}6Y3bClx^=bC)B)*AQXaQwNk&KNX z7iAZ}PTi!N^uAbr7~|iY+r4Ef&~^k!Q`Ull;bopvfPlSWp_0jez5CbSB>*CQ0^bZi z*~UCoOwW0LJxU@5T+TC3o36|xZ}DXa*evBhIhS{(nZ#1mVj=Oyg^D8k`XF`b_ncv$ zG`uTvBBj|xAT0OoBU=$pu-Av^%{#2UQ+ghm!cxyqEwvlT0gtgv&w?mXxtR=|WAwR` zLDHe$XQRn?$9?&X3?{BdCT*K%q)VMQxGd@VnpV!^QE{Mp+UU@N)9ln#t6&gCfO;2b7i z#oSJUGiI_73W~S?X_nsqo+w#zBYsSp{k^%HYAN$=1(w;s>1q~?U>oM$v z?CvAeavM(@d`y(?1Q^$H$io92<)tIOSN7w`+HIo9S6UU;-jro#5nbS-KD1ZjC8nnx z`_FUW>+Qfq2Pd1#y9A^q2Iae`^My8sU=|V4q}Qr%n>v1qNCHR?|Ig0!{@%{NyEfT@ zg0l-KI00ejS_t~USRBadDT7$uPL7gpr&cm{hKU4VHSkHhI(FWbQTToS^<8$o^~%mN zyzXP>!j{yGP5vgzDY(st9xS-nRZscNLnkDd*7@Lv$^rQ!>||fHfW*MTX>}1|B5Y5V zJVG^aaW3U5)Yt95Z*~joW=ay~YWhfzR2QUZoD&v$u09LsRYPdoWdj zA8%vY?e^GfUX@mFEcHBYu9gM+uNaxum0_D3z>0oTG6g}S5rpIXgJa;ZYmRq2ZC4#< zgPuzhat`v`sUsqNXzZDeFEc$-x79^z@zt7e*&Wc9|EG-ZphBIXtOV9w{*vq!Bx~Ll zP$jP$IO-?uUZGRz$kM%yUi`Q|nc>2o&JuU2feE$NxBy}2z!c^)1tF=}z|wf))FodY z+MLJFs<(fsqtteu{(idSWSfq)42|C1ATy4}I}MARO=M z7}hJ7YVzP;gxxF%9~eEt-&EsW zUSLtnwY*N-RT8t1{&p9?3=Uh4P_dy40qAd8u6F(sb^9$r!!XEnl>PuZe)Oxdp}KvJ z{u6ewqs~x22Eu1EQ92x~{~TWTNrJFy?M*R91E>3%fs=k*0X~DjuQPo|0Lzwl@kyAO z7}lVnthXe}WBs#E-~@X65bkfrbhnHo&|6(ZYXaAN*k6j^^~pp>mq{xOZPpkW_skhw zs`~N?$I*PR`Qq#?ah_et%jKi0LtJw_fwPY9{=+WHD z4){F|X!f0)Y$kj({t#g{2Wi_KmEgyle&o_va)K#HUK4TBiv?8jqoKX6CN!znt3wXJ z{_dqnc01^R0zRtIJsg--cd_dsaeLpKdfM|W$=5_n4?v&J67}HJ;jN^{0|Y?2EJG#Z zZJ&RPcARH_KZ*m8x&#r3%k#VUbYCZi@QKq`&~6#_M5I4desgaNE7Z%Y1NeusT;*>M zh81Z=rDv4oGL=)c7}2HWTXTy-Q$7Mb#=TS zc7rN8h4_@y@$I4S?9u%liVR;PHwSk_Pfgw6~NaQ&YecAEzHp4 zL*q4vQ94-wp45o3uh|>ESQAJCJL2Y)B|r7cChZRLe6fu)xY^U;A!IXK_~o7acq}sh z*91mu;BQ0Q>rsrb`2kJ}T}tiW!!J*)12hX)s+1q^K_|-`@J5bu?S?BzP>*wKNhP#e ztu#(n|FiwPg5a~i3%Yw^FsOA^A-Z~{qsom^B809(01Ln&LO7wIUikq5b_zIm{|PoX zRRK2@u(YhoJH5t7tnE)0QFz!YIRSICh>SdE?;^$}pQ|{4%#l1zCn;*P`{H1|LPRLo zPKbC4kK*o|bJln?o{jAvsokTUoNuISTasT5D>sE}-{^DkA$2!ji7$6N^9OfHN}2-s zi=HoDA31=CUH&`)UA0`utKC*?p052XwuoN+w=O;P{p4b!FbRpx44bc=PqYGp!ARx2 zPZEJwABfM}hOX32Mgzbx6G%Nfxt#Jwfpc}i$-V#=(k{x~;t@U}sQm+sNN(OWJaMs+ zGQ0eJnS`|#kBDUYq-+T2E0j65wD*I}dD!+myK+0Pgq4433TbECj`M6Edz_r^k4!DM z29jgeQOa>G2V#&BDHaV>oME|QO;>#q;%*L1fVC3Xw9JGAUWD&9UCwDYpY&TK0*|gw z38xO_wZwaT#e_?Blw^5^Kx#y*8xl+r)vWR-YzXulJv1% zzv>S+BnkIRpYSfNn_^E3i!Lk8wO@_UJjrZY?72Pe!0731XDQDgNuoR6@&Qm{XFQkh zNePtJoVSmMK~{)`r14uBwRNs3E@X1XYcEeAy$G1R2JSLq_quffPX#JI%}faXHmNKE zce}V32?OA8(6#QiJ}wlHU6vCy-!`6TRqnPHwH`(7h-@WPbBJ0eAF}WBc}2v7swi`l z0St-W|9)8%ZxX;}2I+r@ujPeWkOMtj0NQaV?G;Z~`XzlCmYrLQvy^D+%w*YC9&)x{ zUH1pYhDd_K2dt)@UxH%6LDg3#5_37CGp; z2$rn?%uR{kW%@1Pw$Dw);sk_nW^Kp~{!Hid9+^`s!?UIV(A& zaU)G!FYkL?GgU3lgRN1*!zQ{KxR^?)#&u(qXt4EE$!qB7Giw-V;)x93*EItyZ)NS? zlNrezsi&+@jHU3HI$vldd=>ex#pY{X=F1mIvar7^X%CKDYrJ!Pj+-9!lZfzE;SuqI zb*jm&7Z*ExmU{QPG3j3i?*d9!7BQO&RxlrMH#L|OUhL8c*X?a?~Ch0G&+See;cc>J!CMUPEmWyl;4OSWXaiF|(NQ z{tEqQ{o1$@8mNqFSBE+36T&vNcv*jZCYP7?4&v+^*Q2x(+r|MTnb}>j@2LE7ZMN81 zqSM*WZrmuV=xgb9_^FVZfx8Wibv^I;tXCIw-kl&IjU0B2c_~3o&CUw9-DTj1xFCi; z)m|o0fFZ@`aXpSprOz%(e>*H;ln0iobv2%P;;P3A8GUD!kC)~4ZvXVoWLlAM>`h^E zG%d1^Tda|%x3u`4&_LXE3to09U#hX^o-H$xPI{g-3$E=4o-%?#?!9y*t?mV~c{Qgv zF<8sban=W0jsBN)d3QTZIS~CHQ1zkyVM#KbADWJ9OG>_nrNe=pAUw&tIF773(?x`v z@6Das)r*P1^Khnp(IaSqWUP!TZ}i>XY1D(Ch}7-PRBwpYHdMuQH~Usiv{m)-2Rk~8 zqD_q5lxnZqP}cGS-8z=A3;OnRO(KME6}+odSF5Qa(_tK3YP_RRYE{Ug#*4kt^xl7U z`4s2bs|(?c3o~cgX?fai7QoaWd%bX_v)<3L5Y3k)!tt-E4LO_dc$i!N_>t6^d}p5R zt^#=a+FE$&@tq*^F9xrx zk`o~P;`~xhxCK<)6d{sIeWjlQJ*wxfFUX_qd-3d~@5M<0VsL;3=YM!64ZuV3zi8@L z5j)`USW$m5VG!`6CX3+>eqIKe1ro6fmzt`7&ewoaxu~m2=%Y@*I{#+~=Q)U&MZey; z{PE>?>#NH{cTrngxpx|eGpF|y<AM;w8=q_ zN~JaaRP1`yJe$DlPsAcw|0#OS$(&|+BVOT_lgwY>?$~`WgCl3lr=G>*=!|k}HJ&EG z4%mL!O;XM;IL_OCjCDNX1`%s~cx3(PHxu9lfu=9T-JOmD))4W8m+UAhfF-g6)OQC! zg$XoCM!V*5(&gUI6W5Z5Gi90MXANQGMi*!>LjqFD!=Uz?=eJGO1JTuphVvWBKD}N2 zgCMYqv1pP`JECIg>$PY{b!khS4u?(dh7RnygWHJw;Pztyp36}-XD?6=a(VyVxtYse z+6CC!h)QM%w)4Aa{Ts{CH$iP-EeA3tZM%~e00LHQ+b55~>yXmS>fuFULw!Z|L)Pf| zpYb{uI$(J3%kz8z&eO{IXT0S-WyOQ%TMXY~F%(5Fh{(NGo=g*+laEDO;5 zOokl#)F4&toAtngB6H_B*;L~~-kn8|Hu)7X-VlEHNsuB6s+Yd$f6@Fx?OIqHe`K>S z1eCq=+!WR`cTSAz+wP6~p7BfQIHE-M4XxL{!{uhB#v1X@B^#6x-IlvEAUV1_7$Lx} z*Q8YoC%U%;!v+!GA=+MjwoXV}raJJf&bpnz`Bg$5|4~5Cx z-A;y`r~5%f{*rqP_}}%^YA$H_8|F~p67vFQt(qHhJJ0A+E0-70%$fM#FYCp3O60$-5Z@tqA*7V_F(NjBpLk?4qs)uj znAlC{bK+|MFxxB-><#5M8DnFU%IVF6@oN=KW{VF2ckWPWg=DewkR_&xN@s z1O>_KJ_ousrPvQssxg0ND4}m)WSN1b4Jk(fB+)T4dm(UvEV0 za`#3Ax}8Qg^UJ1D%|C|(#FTt!po&14vUf#&l*iG64 zBy_Qv$w{bgTo)afSo6L!tIpVoFGoDRnfKmGXa1Av-+QK2H^oe?#-27}le$HkX_Gz{ zKjt0-<1fuYZ)d5WdiS{ITDbohkkisud^0{!Yxf z-kDMH8e0EiNcFUERB&9&3mIE}Jpmlxn1ZCW&&e-vUXF9WR&&uS5f;sj&ed%pBS3^@ z!0-kx(EYptdwdXIlRptlk-#H-ZFW??5L@y{bV=vG{ni4~Snte_dz%-UtW%Yzzmp3c z#*k^Mwy7$my*B3*g^ID;1#|;@`0T3J)CFPo?mcQji(_0Ih#!OhK}24lL|)k={Y3;~ zuBP7cFw__P;|P8SoI8;Mr|TASKGn~3(bBB>r2j!_KWrpaz-FNSd&DEM_lLfTCWuZ* zL%(!9s|xjHDa!osYEYSuU|E8YI+T*%4_M=<@CZI2(Ocs0AWzgN=(l_9YoMFulyQGV zbap$)BdJ}!NbBskxeXufjx?~h*QhxlgUbol=gH3f%$I@E61a=UAzZxm9F2D53w2;y zwNzPm6~qqn-Cy99IrRdPd~wG$p^#ziX|dV`qQXn)4waS#d<$zc_~pt?=gDQ+Y>$>) zTth+!4LY-{^ zSF^?4&nlHBzZkJ5xtOFmo;YF})=YxzNAJ=`_b=&us9Uq`GTHauTdAts!|M;FVE^I_ zXpfc#3D%N<3U-tK-5+Z=|6)F+F) za@7asJG1cgS(}?;`80on3l}e~7slKBdVJMc@7h~0%TT)Yq_YF0K78r7Be`44V7&~# zs=m!6b%Q7XAy9+kSqE(jFx{LZC5wp<(xBb0Rcb_l6w?Cm@3i zJsH>UF+d?>7CnBkM|$VQ$Cq$!ZeHl?B8Kx>eDOOOn=HAkp#nkd9gCJ=Hb{_VN~YcU zbS{udjJ!i{HTz!AhQP&Lj_v~`c?Yn6{X={us!qSFY}gU{?NV{O%2W1| zGa`u=@{}nVoPAqYG-nQ8?en(ik^AUDKJtc^YVf+vdBwt3w}FYewbRXw3)z|`GB=kTk_wjA(tPtuqpKlddIbHUMN5Mk z2zPEkiUWniuSha!+`WMF`)gCQedXC7xHD;2hNVpSOud8VH>Ur2xUk2p{OcrB-+5$? zdHzXO0r8h#Lq%^|#V%uv^_U)(Avu`k zydrviYRKUqp4~jrh%QBAhr}q6TWBQtu-RP?;2*Hk;5z0W+ulWWLg$g)prOX4woW}PnXBc{kr&MXK4p&zTu zS{)UDV!Il)5hheAzP9d62!CfFDT6PeN8sJVH;iB!fabf6G5`{Yr;Hnz3S14{2+dPL z=-TfQ_kSmQOH^Ukq$sTJ*Gb`Z{z5a#l}$sso8xrBmxiAixiQsD1GYrBOTR`5{U?&( z;wwICX6d-Tx7A>dy0T=3b!9s(%}IdXP!_$OSt5-c04_|2l#$V*^OfVV+#(~%PL0kA z;&<{omnrpry6j?>L5=qqAntaURBe!}&; z<<(bTBZ4=WaeIYlH_)=#<^T7gwoEFcOTfp~PB1#;n zvQmm|bZ9L#f8wlvsXDl);7zl%IJHERpfC`91L+wQQ?A)o^#WvzpofC3_z!bqzWm51 z0nL)j3Usp^HjBob8`AdS13i)0$k@`ci(bG~+c&jX$>bzn2hdw*V{=?sEk~m~W-MrKjVuOLsR;JD7!-z5qK*kE>2LFx{~pV~(FcKK@B;X)SG%Xz zq^I7UP^l3Ck%5Hfe)iQ!$LM*Wad98$7iBbXqLMTBP{-xM*1pP7ZG-Ia8db(0f5(nq zfC7v*0;it>Ov^8&plkvlfKJ4?mW?8EbFc5`6{M8CD^-NBZC3$}{A7Lh!=q~b8j-~> z#~(IchRA6%QKzKYx!P=%&^0L2aW3z7Jysovibpxo0YqB(o1`TnNX(KrB&KKEGXZcv zM)_`Xp#WZpZc>L)Muo?YK2@nY)emZ6^JW)N5)53(>*^{~s$a)l^ zccq70%N-;0D|SL~gA8<~dfHfo7*qLVwhu;s&c=D>) z80206rJT8nsrxy$yd^zS0N6^p~vezu1BlGJI4Q7!DS8CB|HC%gETvv5yxeS%fNC{{$=4 zFy8w}MM*E2SO$a0vO&WelRqr-{LDPA@D}|8aTP1w9N<`L>G&wA*nw~!wqD{sWJ>)> zBy_#G*r!w`^lJK)t^PQQ1bpmDu-kNSt9I#XAEi=Gs8W7#eW+o;_)nrN?%~cv2b_9M zTpr#DIVB9hs_{C@Dfe9m5ZC+7%uS|6t1{@Y&9@stVv}_pKR@55K5H{<)zK1>dW?E$ z)8()9>@FRn*rGD|;_xZ|5_9|(=jmyW2m8vrFS=aI?9 z>mvi{@Paq|PxD4x*^(R^;8;m6nq1XQtRLdk4_H%gX4~?7$CS$>>hFXQ%r3zEn|AsI z>V`_%%hr{Xk>l^l{RE&)^=E4zVyjpOsY@2*F*OO z{us}2gM|M^V-RX~5rfTku*m!Ma;~1Eg9x*6=uDQMDHh!1s;?qHkQ#HI&RDUtgw0Xy z2{vy(o=Z0TLazLj#}z+NI3;Gf;k8`}?f}b2bRGpZDtdT7R{`Pm`Psms*mJbU*$;9{ z>w&G@n#fd(sNw2AJ3{>N(dAL=02l{gqOLFNzKW6oesDk_j!ca0jSs9!pP_d4YBJMq z=E#B;g1JRn7A`y|M#|@_=Lf_>ezCr^k98bSwNjha#7IV^1}^GTNC zdf7Nu#A@B8F1C-Ko*!-}KL?DKGpP+Uk&2Clo$i@`Kjp60GV`q@3I54_O?wCmEq(N? z(PMJ<-pCA7=^*Rp8Z@5Mc&VlB+F_~cA_flhxi}W|NR&V4HFlHL1l@ABtaReiOiikR z$3+hG%AZ#4sZDA8ljb2+lxVyLs;YeV^mPuJ`Qy}#srooJ4TM%d>#TbLJhfCaF|YM1 zfX@6`=Ro&B(WLCt+>(ibuH#JwE0j>%4gcLXr}Iivt)!QENjQf*G^6})B&&(_%Af*w zu322>!QOv1CB8e82&BK$Ppl~~nn4?RWy!tTk2+R-C9t5Xo$Lg&mJ+pp-xd#txP*a^ z9S85IUoqGA5qP~B_nux@5-{lbi z@IAcd3Iw{`0jYoh36AFNBT-rKCoWm+&dg9FLjvx%$HQw{{FjJ+Ukm1HM5}3aYmjf z$CZ`pj?5WEV6_x&uK-5ineR01w&9sOWn7FavJS8Yt>u85aNQxH!fc26+VwlCPKGsL z$6QIa@%z88hRT>vS#AOzF6qc8`?akgh6rQ4s>3a0{d`66{scb!1ZMK^8M}U$@_yA(S+zS!Xi)gMz1DD6X$B~ z3ZNR&q232BqJ7IziaMKKX|~XSz1cA!V(c@?@30$nw%akxdE-)3jNDLKY4FM@ig?YG z-x(KX2mRSxYVy{-z;MjF@os!_%XwLL{qGK8)E+dd(a%W$CVbP7*7owVS{pmMEoe7* zAw!Fq*-|9w>xv2ijt}53{eT+@j>4=vEdtHVi5wuJvENJ3uqzxey1?L(6^JtJ+Rw@+$DtXjLklqSqH+hIHlTcvTuzfFoa?Q1yPOxd2Og zTu78$zYviarPgT_ks!;kIou~CCL*h?!pkfFmOW1xIYY{)9}3epkp@D;k$GaL@8nw| zsZlT1XPfXkjpi|0gh}n*X_IPcCHb#vc`#7{&z4R*H*^7wF#SJ8Eil(uI~g`NXOQNl zP}p9LZOtv2Q;CcUquwoQS+O=ThW=y)(kXE}$_ThtDeO4`Gab z+$Vf_QZLywkAN8N_Ig$l@1Zh|r=49|##{eM^o!%ZxRaGNM?cErPZ+fn|6#fF#nEWH zcTPKL-Ju{^R%Y#XBFER$ohb{THUpW{O|Pj@JH5bKs>pGYZBKptx;GyrA@LaAB|VDPW^M3D+M)KlucdOY^TO|zMe`Nq z)`2l&MHaj7clR%yLmOgKo#&7{d9_S`b2#;j)ZUqaSm27m_V02N`UNSy%h<%vH}g7n zVnmm}hXFvJMIN6G#GY5^jS4zWbQ6!cO{XqKc2z-E#IBOG2}3fZ3+C3^VT$u?N7 zz0OO&g2H?bXIvbSI^{SD6QA_`ePcwQqmw$YR3{XNqwcjdB(z?&Gw+=}2NT1*5aM@MV0e;^;D%RWU(8yR(F+MMVra}II zMGeSi1n96j4_Hb>B7v;yxm6*aSTJLJPUJbv-@F<+KFJ3lrAMOVooubTw|^a+Ers`u zlq1#UfUqo!B1V@UMSw-2+m!eCLh?UR*EDy(}#pXmEhTN?UJ(?T-bX9)BZ+n%L2&oa-XnfJ4Wn8yX6S=T$ zr7n6T(1UtD_^fnbLa@J-dhnL*{weDf>q7Hrtby#>x*Qz;*4IxoNl7}sDpa(->BdW% zL-s@jtoMV3E|k-Ga3C}|L+?nyWWHR3kpvkkku|)4!YKx>;!1#dad6`&guL<47Y)i zEC~3dVh~!Jj?6XoX_sUh%=A1!|Jq59Wc#Va##(S`UWWSXca%3o@zqzW%TTNO(N&1tp~tfveeZd0UQvjms>}Cf1|7ueI^!!!7A~?9{7f!6t6u0~-&` zAo1;QUrLnAaL16ZeQ zx^=kooZX6!%vzMaS!y<|rRZ%htwhx6g+^vi>oOsQ2FS(Pak^BSA=J>yj?srpLpzQzNaM!%kK?f=@oH4!Q0| z+&lq$&3XlYv;G-hlj7D{?GZy>H|yT+t!8lQN>E{W0?SKNq9TtxZ=ZPHOkPv(?*#km zl;qkUuWf&i>;)=W7~h>9%L!n`;#~5f{0r#c%VdMceXy7ZmN*od2IyUt1uz?Lv_Tj6 z_>bYXPW_`#%zK(dd%Y=_8s{@Vg6G*8^_r|w$2O!fS5QA5=+#pJVQ+d6R~idi>Ozzu!CxjsH} zLO{$VW=WFF=<|m1xRzow%OazmY-Hk0Q;A);^)m&9>X)-F@I_Jb469mLrb?0XrF}-_ zJ+RrrKF2DXs#&bWcT0FT#CJJMHJbqTo%s?mW8BfQ8od{AODgoCH@(H@*zch$)afsi z>m=Q6TC(2Tq&$iwkrX^3=B%^C{m}T0-uWqZ{rJTon*w3XvwVz!y&+Nxp5eYHl5@iC zF;=+fbFyT$ncLrfWh7r*21%|7Up|YCglToP8h{Q^$@x(7Rw6=up z@#c)*P_>uN@wrnqHnu!ztjslIOj(B~6NR(XM1|`qyDz;mFv=^nZzd zqXRBC=|W_67Kv{5Jr8W9j|9!2%>Q@e7>x9~m(dqL>lv+lE27&m zjAyXL5hfB-D#G*!8CaUF{J4*s`R7i*kr=^t%7(8}3HUXQJ#2d1by40=yglnu)xtVwM?;Q` z3CP1ak{jlLl1^A~VHUL0ZvH;)I1AQxNq?J6tLd)s)$-c4gw3{ckdDw6gq81S z?BD9v?^$j~VnC_C4Dr5gee*T7X+J3;arTrO-Skz3NW)rN}9+iL_zY zUWCC)9I}2p{_`rkTGeu9d}3q6R+K6e?a}%*)swW4;We$~j2;!{5B>~IqnQ->wv9H# zx~$p?RG2g>A|co(Ud=&>o52-uc1aGbT^z){_lT@%L^vn<(wEDYp!?!w8MRY+BFua1 zINAE1dCWeA(VkeryuNp==x^hnQJ2z>slSkVU>ARm63qVS?7FzNfd;OH9=98$+q&I; zO%(lG(}u12!?Se1e@9+5X-}R;%(*HnYB1V-{zuG(T`W_A&FT;P;PCseThUw-nIwZn zeHavwyGiUxe(vHF24xGPGxw)#S`ZPGcZd1;AgQ*vepnyCxSr2lS1_tMqszZPBJ6JfmMF;IIC{RUPMxnB1;P@s=eaLZ&EwX2iq@I z)1BGt@w|s1F~18sTMT{&VC)idW**3oquh?WP};6e^fq`csjB9lph$?(w}E+j;0@0L8oMAp#t?|R^F6#dkbRtJ;5|DM{R}p z_DyqJsm!BHs>o(_E@{-O+Wh0P#5@~DZ;j|-lgr3s+WBco-U-*49fIOu#!65NeP?0t z?t_rA!;f>O5ou)9CO@}sovay`{`*_fHBLjC>g2KRhwC7(4yx?s2<`0T1=SLaTIbpFRFvzWGtXnp7!UeKBR= zsBpPuLvn*qeXR0CNzN6eWEYz(V&`=DCUf8r)Gn7ymL*KwNcxtVKuLS<4pp}Qmj(A1 zE8X$Vi%F6n)s|uOWakDY;f=xWgV7}uVg&>2`~&R|^|v?V;A%8elza}cusZbRl-{y# zxztiRHuOY{EzK*_YgNplKszOivE;bIIIV&mB?_eQhtDt7|cHpy?Oo<2=B23FKv>y=nr0?Cnxb?A3eTW zSu&rG3+f28xq}sX!S#TvsQQ=}BV;)_1%xf@ct%++zUZvZWpR*`_l=BkX~_Bp6HwMh zM@sMq09l%*fM}K3wZEEA>cBc z5k$uquGEq9hqBS#DYF6FesL*c{4s(K1bR#3g4+WqWzu)mD1>Sfd6+-8mcfsgHFASA zzlJ=G7e_CyzXi87FhD}v=jtq;$LsKPzY!9-fgML3I>Lk?j_~5N9g&Vj_t~E!J9wv5-GZiT1;ks8x%m`5ysJhQ!{WfyU4baV04HQ|{3#Ad=5R*eyM|xpojTg= zve@~^uH}d~f^MARCZ!z!u+i~J$p2DgCK}GZCLJi0Zrjs6FW+R-0%(u6@33Lq9}^t+W7KTu$hY#EZ?=rL(92-Lc`o)r51x=He9!FE7Q$;eJR! z3st||`QbBLE5Br4D6{(^17uF~R*nYeFBuS?3nJd6#sz&d_{M;{5)imqKWPy2?tH)5 z6|~f%HSau6AazEXYEr97V6F@hZ&SZN2$5qC^V0s4S0VVxn?e4@l37y0Yr-tHErLV@ zveJ!Fte9R)KNW9J|7HB)lllZ92+jP`4u1EVJNV^WNCwPUNxf7)cq|RrK^}Z8H!^@- zrMBk&{Y#}c78LKwsCn`OwDF{R*XTzS+az34@IgtL`wi^6SA%ugzsTn$A<(G@338~K zaqfY#*SkIqWGUN7{a1J*Hd|l<+q;)SL9VqaH*C$f+TZ#t$BS%%g4awrkXrVH5ES4c zf!Eo=mux%W{K+gYJ4RB6(s*Whp)c;YPIIL?eiN3xK!V}@ga|0VKIWnsoxA_2=z(Q0 zuSiXtG4}~vvSsd3T(*_P>Ojl!RAILlG-sd%Zirj0*;63(7Qy&MO6;QP%eHV2=S8fW zA2b63UboS}2@nCE{0!T+pM-ubgEEyr&sU)f2VT(M7G;7zqqQvTpj$-fxf!dxh}(1v zOcDIX(KOP^o-1(X`~!ng?`o0ooWy-lz*aVn)P#`0qmZ2Lu?7F}q33*>Z`8OSnznnU zd*t_$($};xS0p@vCrtiDfFSB!l@}aY^U%QBNeEWVE3^JYP~nbcNgyJ$zeO$O?Or?F>)FQiAf2`EG2Ke3!1?~_N9u4?S%Fx{dzK8?QKq;1F zu7FO95z5oFUvJ^FHEImwoxvIJ9QshxtPh>p_`6v8M|JT!D_%7V-ME9Vgi`l|>+&QE z#5UWb&}%MWgCp0xq;Tf_a%*-DXoJXm`%hh+2XP1Ac;9Ap@ic&4Mz!6P?~Y5S!^NYm zJUSjPwWLC((AEdXlZyN84Wx+Ugx~|wv=roOG=zm{-X9@~S&Mf$+oSNhoYxb&JN25G zo{uRTP??#ZPgwrUb^|j>N=jNgie+>;Sz{M+-$|Hv*>!N4b7(-;WZu|&P1a;Fwi;K| z-i>hl$}ewgR}}TC%7|B~sjp|r^4XFULXT4jxo)rn{}Jh4I}wJh-m?4x0v2|z8vOkH z=B}<9!WmJVTwKV$zOd8eq_yc0GnbBSs`-)k z>mzPe9F~5slr-<5ov67CA-GzbiSC1*TVJ0qv?L{Mz{GW+A>UFU&8KFrtMx-3`KbmO z@lxuOrR@8aeV<2>^3VPvSrOIsHXS3n^$(;eq8tW~b~JHKf0_6XNp5L=9o_n^f4rP7 ze2;HGUVUu(8{IITzk|=qlB1_=3hVvK%Z=#x=G{}4o>IN@0(74JqeEVS)$$JC{Q$8h z_4DdvnGG5^*2Idpt8}~6TIxJ}lv{ih z!LeSX_g`uGF^VlY@RrABg9VWR2qZ~d&KICaImq?Prn|N)a|ee3qz~rG&+7o4$z9<) zQL?6Ga$)N==$h4V)Wo;V#W@#}Pp}j*X=M$&UiCjES~H`&kSmfZT-`6Bpy@roTgFHI!mWSc4IER}hFy@^7Z+`4!Tl$d}UmYn5|f^Kr7 z#X0=Z@V2p;O?P1$Y>>$%sgTE>uKEt$b9}8{o~~T~OGXG2-Suz$bg>Q-Y`0UK6Sib2 zY0J(nhpzg*M=4O!!|$x1&E15+^+l5We=L1~lU{fE(Q(=N`Q^Ak5XOzCUozd0b0^e_I0i9zQ!3edLn}smI5`;`QQ4 zouCOlViWB?b1M>aQhG_OKO*!v$r3CM(tcI)myo6ZCe#`;8G&fLdlBv8YurXe#ul`t z!~Ss&lHl6)e%<~2E-o+b9c&wM*Y@j(s5(Lfyqvcx)=29tE@VFj*U%t!aBk1Uc~$-A z$o{9{x%`hPe$S#So;lBNs;m@^I5(XN!$kR;5U(K!HXg?jFLUa`sUc2Jx;cdcsmKK& z3pZ22Cv=-B22RO>V9dc5@9Hs^RKP}D6z7kJ?<1%8;%6#xSlOwWQk|_aRGacDrV#mE z1GG+)tiff};jbrm6+|&WD1UtCx*3AeYrdE@*s8C@Jn}g+==g;AIYnywc;iGD(YzCI z8ZOcHoEi%G(LV~8sscip4ZW*eI=C(-HL6krJL+dGys^$4P^b7TAeM#vipoUtpZj^W zqhx`mOxo8CzpR&2qj35F_7`W}*Qfuk$J!-EG+o@LXq(XM%l%~%mbTC}s=pl}rCB7Df-m0G3|YTz-&F!28f zG_LwGjXi&(x-rCq#N6w_$D;&5m4Af-wJH_SS9T+AYhr1Jbp2}K=GBU!T*sIW_&Ks3 zq#U$^M53>X3PMiR8 z{ms!u2wZKg+$v%HLI4+$66@c1opiRhr^hox2Y~_aZ}FWjkn3S2ry8Kmh|NOqK79D* zrlk=n#TW+!;vU@=7}J4Fh6Nz9hsru7mX=3z8Al6WZOS4+jklT5Yok+yS3B=h^wof} z93L17{IzX^#o0L@+=NC*8?_+uZnFlJ<<1or=I3oh)3yILdKfo(9yYCd%^Br`a6xEf zQXwp}RJKD)i@TQ^caWs7fy_Y*Vi64aHq`|6kr`Z$)XCn~IA^vGQ{0y}< z2gX3Z5QtR)+W~h9!NE@jao0HhR6!H+OBT>6H`e5uTmI&8O-svS$qBks7B%1^>7d2j zims4my1lHstySADnWUOirM_(T{u}JSJ%via{%S?|R^nYh!E0*Z1@8KbzPzhoO^tfc zVQ!b-gSEqEA}#(@L0TrpRTxdQCkqNB%XVFaj3^=4yL{1LA0HH?Lltz+hWl;U{FSrG zi;X7*F&Tg4!rI&5e8t#ZS07&!M1 zbHxW#W_`Wb^{%qqB%{0};4=)WtuoExwKZla3%qdcN9QTqc>ULO>>AOEaR2U?vh;f0 zDuzV*Eyv|m+f&Dnef@4|>*rkF4)T$m0F1u(MKbR27B4W;pNQSHC>VZ&gmTDVR$^Zt z^Y-A5DL^Jz7;XbHw7qRr3^Qxr=c524+)goYwCqb4S&l06*{p=hw; z%UGnExCgnq>fhR*DUFj;%9OZiS|)Z% z2NaKFo{Is4Hm@8EU%1}<`10~^y!DE-=wwHw1J&o5t~;YcVn=6+2G<4B-z=<@b(C@+ z;vRJSa*mJ}T3sAxBE4I03nABgHk+qd6#TLLRXjGxu+`JCdiCAV4@Tl))_B>QqT4n3 zD|lws7LsNM21#YR?E*iIm&bbZ_MHWIt!VicetwFrKC#kR+=}Gf*l3en`@%i&FW=Cx z;hJjc!LSuC%m38G?;Igl#~u<&@j`9!*#+&VF;A`|O!W@uyUSsxi>eLVuB$YH$4N)W zL$-?zC{*j25W`Vy{(~7M{NB0FJn8q1>zQmL8hE`dd3Sy@{x6F`Zcy?JD}DjnB9KHd zVCl5jH@Rw@qJzG|8uFOB+hd9_A5nc)0h10s+*JfN(Xh#dnWx>%#nBlN1Stue{H&@LIiQtx*#8HIsc_Pm8BdUx7lbb+rfHk2KlpTRm4`@d6zN zU_TRnAM-eI9e!kz`p34~brEDNl9&+DSZ28NwV+xsNL=pvM(W5Q)i^>vE9DFlvJ8e} zPB(Dd{W)=oY?uM%O?hlTE@7q1TU=rz#02VlQF6O0kIlC60;#!ek1$;SWy5AqDi?)y zu6V7|Vx&R9@={24U=e#OG^gtU5Fs#UWoh!N*UH}I`l*Khp?PuZ>EeHLr4^c(Qj+a^ zdQ-bPEZ$xcZ=ZOKfG`k^pn@ZT&px5XI5Y_L?1?w>osl^n6Hpett)+euqEJ8+Bqx&o z(5*A9<&f33vB%k2d8bsTatM06gDb0%mTy_9SU!oh9^!9YepILdf2#bAH8Fq7a?i81 zrn#CUBg5b;_IBzk0w4ZD%+qK30w&8al0E*4LvFNg4$R#{BXRV6DRowbonJ{jBOu8l7Ym zvRA)v`yn?Jrz_wcfByrp#tE{&nj7Svr0kk7!xGz%6v9@Y5e zfUlE~ANuWGMJ)6MvX7WQXqQF~Tn=S|QO?-@XjM+tzDA--)uB9O|gHjUy;861tP6 zB8QfO1pr+}r6!LB0~Uri!vuX3`2+>oT$IipPN*#+(?qN{S2Y4u5N&7er(G1F&g*Y+ zUL9wsP1;KT{5FIKSYYu)*6XrN#s!BtZQGHTU-UY^sX=9$F9sL}A9qo-ncNRi;M{n= zg10anu}}`-)v(n!4m;yf9f0V?;M4wy`FlgxI5pgggf>dMVBMA6&N!}czw47+%h(v% zyD}(V`aLfTraIr39q&9|x9JEyYX@ICU3bbN-7fFJ0#?tqD*ZPk21`xO^!MDOGgW-g z_!|dCfqmlaJ(aPw{wLY>Jozx0NYwRI;yW;kHM4R z*m9h}zaX#O!JGij*~%9TNc$z}`e@O$16|RY;~40V$d1???gxdJ zRWUho&u*@2y{JBX7(f&#Q0x1$wO=OV^^702>NY03lV#xR zo1n(Upd2oHld6=(ZB5-eeqYh0>N};PfApDkAZea@`o+C8 z-w);99(>!*M}0cNr9@!N&sxvZWxHn5X!Ws+&Ngek|B^ot?A2|L_y6el&Q(C+VE0VjWCucjba8#6cw z`pM^}R{eJ>QD{Un;hy^GqVD zGDc5Cup~DZUmmxhfxludDkf?}X98ic(5S>d{otAJqG~h!ZIVo+>2)JsXhIKu1=bdt z&m@%j-h3ncqTxrwbbDN85XaDTP(8+Jt^G~hRzn*o^pico6#nOL2YK9Eod;j-rtO~= zq0N-XuecG@B@|oe_->KUGf3-H{~yeaZhvK?OLeXk$zxUH-M-o!Hy4?o6caLVOz$hK6$vuqH|i!NqU$gW=5|UDuaoz zA;A@CFCAIp^)}&pAuw)3+BE!wF+W7wh^+kgJG{;f*#2n?PL_0zb7!X3-F85x1;8jXzl{qf5U_k2sh(A|J+LOoy6qA(npTRWBeHcGu4Zn0qUn@dw@RZ?g zuno1}%8@fBK+GWP%Ys``%rnlj8=XfBl@QN+hB?2bY0~A=Hy08}pYGK+d%6#2?Kx46 zilqHG{M7);EiGjN;|?I|P~X*pv9XE8FUEWIbN{Kg7*?vZ zj}9ch=Rrt{}=?}z65KXg#{)^)e~$?@YSmu*di z-wO(#fH7wfm)rU0Qz$*mY3jyQBj{mra&pCw+=hmSCbyGE1u(`tfrSvzv+>fGj2>k_ zj#cX>Y^E3SmjPPINvtf3>~hAb)(nSHKrcC;PtP;f%*2bdL%J}^;hR~Am|9fe#UMn35! z+N&+fR^e2TI~inBgQFy%*qMaGg_2ZkPGch-6g}#!2De@~-MYHscBYqcS>?C0vpa4E z64Ut*2i_Hi4MeAlt}*ZTWM;}b|FmQYBNP=EeY6`Zqcri;h-FN~py79W`%2KItDM4X zsAi>q*a6>G!m&x>Dyf5!g5G<@8g^$EdG;+I0exv1j z!uLLBk~MYAsZhCX&MYCQl#TTm!RH?F;bI!=O$0l? ze;~n_{(mw4;>8QK74yaOy{juSiAU5Y;r4Q%TW|kc8i;5B1c%*`mo)nXZX4-rP}cV& z5LESXa}#NB4B&W$fqoq3R2c{oiHf?g&qx^Fntx7{4AR!`YUndFL+`wvaNsW&AA!53M8h9pv5nC57P*Hpe+x3?Wxr+!hxyQT zbI7|d)NFY#44XLZvo;%&1FS&T)GszXJUsDJSp#)%?icv|YlCgN6w9Za5x6_=_e5`VPRW3KbUuG9zB_86)4Whxr_AfmsXcOs|L%f zbkX+#o(Z8t9Rfax5e(ohfc-Rk$7BG!eu26(wUa1w0>|BNz(BxQsk(-S`;T7eF74uu zDt|HVQ&C2qH(oT*Whtw=)gt`bE-&a9eH%1O)rtCfbmjW2dSS90No=A2_1uf(sa(t) zo3l&mOFPeNbK8qcX3HDs5_c=Q;|i5_bwy6f#gSXNIMlDqx1u=f>gyRgIzZD;`Q%YD z1|y{tqYK()x=}ou1&jhy6OWY@>(sx!pulXf6;!ZEJ29_%UT;}q)FqPGFD@>cc5@`s zTKdN_rCoN%vtKrV`M3~b z8t(lLCr8a(UTnxJw*HEbG%Jqk+tq0KX)~=vIKT0XfpOp2W%A1AI^7lj&G=#MeVi~1S+8|v|Xbyv92>SbEY%5b;vz$^i^_u0} z5Wg%-x>>hneFME`@_wCDI0bO+*Q|6fnOrr6zwx#4NYFH_Hi(zA{ebx>Wqu)y8w@uU*j+*8!jIYc%2TVnX0!}_Q zgRJK&G9`V_Be5N3d%~IluQWsa-r3}f2uac`9Gn=vUFWR0=lbfKp8U<>6OLXcp*!o2 z5F^{e5Xy|acuIAIAb%olgYl^hdF4_o27SrkRrQGK*K_AAZhj9(NB%K6G;_}!a-o)q zTO*6K{l7FL;P_e z!XfI*r271=m3+73th>&VOG5ODBB)~Bv7KWf<*?QaLnHg+DWr3ufRHz=s=TWec| z;*H7eFl(abs~zo|&`){PoxvB;IvtY9Qk zJm4FVV$f%*0^{Tk;g#UzwRKKalKT~;&LJ~4R!cSOWgjHJv-P4cBUkx3V&TNqBwR0L zHY4Y;q#+_7n@)Rjg=wZe_fSKYi6YWp$Q#E|C#|ZTvW`6rylLgQ-whCLj5axXrU#dj zVx@_c^gNV2*qmNhAR#tgJZFe}lN*janN$@FYoP#jZF2PPR7#pOvbL7PVjc>Ldti*? zht;@}x}uYL$&8k!rb2)uT~ao4lCzOGYE^Bv@BA+Tox4^z_rGb!tWVbjMyB;|@CWd|=x+NIv5}TX!S%9j zC!R);oA@$bLly6n_Y&=Ibr&v4jzclkiKQv?{hOAX7aGI1q7Qqfi>F9Uz`LD6A5`HD z<=YK-($;?;!IQ6JMMg4hYhk@9g6bV8@g#M`88pmGu}Y^R5a|Cri7>3-_}dcYxp>?OAY(!j6vBV{zSs*^1Y45S_zDTAkn`+WEc*`t~kN`2eoZA5LYGlkS~u zQZJ>`ZKKXBtJJz`eXRV=6gY=kATMwuA|LhAm_KF(DNS5_@u!W{f5k{HjVPGjzX0={ z?c9Xe|6Ou~$#k5WcVbaXH0ae?wj=Q;jbX@*^QE{lTKi3~jf~=v-|TMnV!$Dr#Q5A- z;}d(5Ey|v;o@qJ>X|6^qw%+BcN92`wiGePQPYq^xbY+wke^39c5SaU{yC3aaSj+s> zAkV?4e3_^>p1f^lPa<9_9&-fe#{cr+;o)~NjThrt0le}8y8@0l!tmr3sc3(jhyMlq zSGx6SYttYu&u^6M@Q<1UnR#ge@ylpALW}d=iE!tn_k|NPGq#Gs7-{d><>lC1fZ^&JvQ-rU*5*atmRGGQ;|z@%p2qBk%1r{&2n& zCUFi3j7bh>e)65OsI2VO3&)EGl!fi5a3tYUD|_i1#W`=hLhu^<%epoGGHOL@NN{$b%TRdt?I+_!b+fdtF5?xhYtH}6x^oNE-7@bh&L13329kXCr5vu^F1 zB*<3SddKmto22cB2%QRjvfqMcn||<}kCm&Ed*SMUlC!=64LvfQ#EQEr%CV_>g{ z!+sErBL2$}I?lk}@LfeKy`>{JcPeS}Mcrq%w_HgDh?$ucT9pOKDlnw@Ktt-{Gdv|= zXp;w6xlhd>MUw$v@YAG0)7z_)@Ww9S2&uDNQjk_znx41VZ2_W<6JsE5DZDqn2mS}H z871*;0J`*#Qm-RZ8I1@goBFmG%?#HY(@(+sLuim}eK4hB8zBvQC~4Ct)+|?s|GZ}4 z7aH_Wq$(+T+i%`#r>h1sOZg9o7i%rzH(l-6d5V3!{6+0ilUAlEztwmodhUAMsQ@5t zxj#_igzAkxU^V$$c~&PbO8UY;|6iGY`{MWo_xoR+0E;j4ICI$Vi)CIX!&6NWU{T9T zH@TD3FW}wtO;k*rUgaylQA?eJCgaNe;aw>Kr|UC?Gv^nHEonJ=Snc>S|kY1}djN)pHE1tWBF5KfW& zWbpU7GuHpJmR5GHCVaoETu>%HW!oy2QI;`uo<_-68TU3Y?}OyQi%)jM`N6%vXv+E&{NH}NA$$K<+@T(A%x`g9iH8xQ31f4MWP5s2`6UkZ7Ni1UB0!e zGdlcaqu+e&SMz*>I!;?TE{@E5t`%-{nH$v|QmPOIBiU*g3v?G?j=Wc9HnR)*t!i<%X2=>~?>X?B~h`ZjMYzMVa0A&22h% zF0kLn+pAqNXFVBe5V@7<3mkSXH=Xli{O6J*S($azYn+#AM@SW&`&krCK?OwA^@~k_ z0H+ka0EH8`!UJk{ULA%GSh_Ir{Xex-(Zlwdc&?^6(BV?++<5&C-Aoi<1DRPIt=P-r zeP`XXylewOy_UMQKE=Pc8Lwkf=oh~r7Ob-r3=A>^&*g|f7H~G_zKdQaPp+m7UOQR$ zsxkkmrS4BD#snL6EEb0E-r9N-z2FF?RD4VPj~N0eajB7EQQ*(BZtCzC@9Ygqiw~6J z8G2OCg?b3j`{S5^yYDa|cgUL%!dME^owc-y9vJVlXI1X=|Ln*660ee!A*Cj5Wo2c) zZjWaL75(RnZj(#m7bXfEz&F-nea<}OA46c~m_;r+d%j=zj?BhSe$Wcnpx8sbX?3XC z@kQuB-`3k z`HZZ}jF@Hvo1Q*B~~s zV|-@jH7uEuqTlv8s9Z5|odV*q8^n zLnrt+dMoGC@yrSmuWDK^iaja}bA4-@wFgK=d;K!%>w*yV_`%b?>lMPEq>3P?8gL&5D{@KD!Sa4=(5p@ zmr_Y2T6LMo;A@_%&Q*3ji-UBMz~qto5@W_Q%zq4?>~XTj`^^S3b_tXor2I-zafxG+ zAh-VY95#+&WMY)j6g)^zCuPykQsYu~024?y-|b!L;7A=d!?e_gSBSNIH($LaD5|KK z4KQ+c78IAo{D=1GE^2d#|D)SQQvNa${U#3cab74D@8eHmp*r)%DQOFR88HQ<k6KZzb+4nE( z(0KB!%I1Vx=|ZeY|4))xkkFxq_X^}e1C(1uG!wF+PPJax$|6r35+&-jS?0a0;B%W@ z$DQZfkY?}sz7(r(gzPpy6(kE-YP#SJ$UlC25bHh=qTK70{LFbP41dVsH65oK+-#GD zGn4?yO^AG=QuJ+-#HU}63Zp1_%uwR^G3POrczcklrC{q(jJ^*>mQeXTh9d$UF%v=g zEA5Cx=ci;5t;>1mlJIA3?e$aM%7#M_AZyBl)*_mY8er?Y6S;3*P`>5BqvDys#neEu zkr^|;UF?3Rg+OScLY?_-P8wem!__4%X~Sj5?RY*jPD`|qX$z$GwA9-l6%(>ttgg(2 zjb?~5_^u9Vm8xQ8GDe%&E42sPJW08~rSQFeLOrwcB?nyQ6V-K8D_&+G{j-Sn+eLxm zM#R+|Tg>@2v*OcO&bMsIfBs0&cU;)p=m0l?KKGb5n#Mc`;UYZ$CLFLHqYPE%ON8~$2- zh!u()lN@zIDwy2fCL%SbZLiMx@G-t@6>CwMS^V3uI&ASlq4N1qF4Eb7D@lS-!x$GX z@nySgA!YS!uP_T3YS;V_e6ztOTF&=$@p-dpL0dsrVHa{qGt+FoN6PvO0iY2kWLgvc zDZ;^iLl&TRN(%OIZ6&&%OrlZsd6Rhwpm0e z8d+x2N}E|VJ}?id{iISR=KXE>d;YL01@^x*#5xQw<{`hhg~$tO>64M|QF8K8;t)1& z%mcPGod}GCkzB6OswcwFZ8bXg^~=rA_NL-BxM!L7PmZqMNXh?E+G5@hip`Jk@gfZ!SDdAkjlcX7)ilg@b(_t)p&ghyb&mU{3{5# ztSHL?vbR_XzO>=Vra+n+*N?4BeIZeY_g^O-d`UVou+j>daI6w{T3+kyn%;Wu`*3h_ zYnWC?K+5laBtxvhh@*kY%YS0?LC(a}hy3~uDjoJErOyFjPiamzwT_J=n zJ1i!DxaD1CXUh!?yu%-;K-x`}hV5=c=^jVCMR&A5qn4=8ynC3Ep2)j}Rgr{A8W%^b8kp6(+HcPg&K(5{79{Kj0Cn2jcdS7b+33n3!#q7;&f0DsWYwjWt zvjMQ7Ar&CcG^rW+m=Q#NHxh2K_Tl(<7+DFqejJ(1?;E>g>*)9gIL;+<#ED$TPAM;o z|Nr;g3GtgZn>QQ&Wu|19(*GOz_duF(8Rgl<^e$n%(&0hK#(z<3NfQ1K{uK`|qyW*W zr?KOjtPO31?8IR=`z8H%6UeMH(pt^dwlaO#DD?IGJ{ruJ0_UTL{hZy4oqn~}*n}le zEctrs5>`dkXkiYPveeV|D`!7x&8XFL9S}SF_MM8wh!fr=ahn6gI=sTsu=b6@%iVZt z-m-5w1dr}-{yKRsOQ{%%?ga-nkoLuFDSSVLEr8?x0`;t1euwg4VS;gdR?ud z;W4n~TOOI4fu7y{{V$J&Ha+X#2S+b9KjhUe6Lp6J3a!Ix+u(`u^Z&um`fxWzsz1c-46t037oqy~%iZ|Iy_TrL_z2 zC5>ob=%OvT>Zh?~OW@P5CXY70@!*~E?%ERUAmB#Sc4IQ8geHl{#%!V>nqOC2XM@#M723u zTs#uLi;`GeUt8>dOuRiKoiP!%!;)+wvSjjS?D(#ODlSp|jzB5)&YydL1?weIX&|Z3Z-On6iZ?UwiuCG;Jxa{mRxD~bU`8F_-QvPt;4=25>tg5{VQHz z77^<)_pR%H%GFgic&$&vFh1S{WhQfug6cKA*52LJH`^k-m}mQH`p3^otjtcg`b&QH z&Mz4sYQeVSwyiCG0aW0!3eUv!w9W3S-IB?j{Zh+YK1dvyJ*klnkZDD>VS+-;)Z5=^ zqF+7IZS#)GM%fDMl6#T4n307!5qw#b)^&F3-KK5M@sC)7eL>TF5mXDjTG6d}5DAm^ zQzSZ(-r!d2%rt3b+R60lC`DFV!<_tat?<59IEWVHjYE;Ltuc8*qh&R{CxnaSea~&? z8oMUD0o}r7{mOM^F8>n`5SF?ZeramrRbNfrw?+W^OBF>LHfIIM^nmELIi4Nj4YZfY zmH1?RqIQ_?$hQMXSfq&LcRVw$q=aMP-#8V&r(gT$Boci1~z|q>&ZncqBl#nbphl%6mQC{P)FY9t4*HAcl*QJIoC#Z?#ot*RyYDa zZ)0*ducxpPC0gSe)cjt?kay)ZaMW!^VQLFoP^JB6o0&8bJNuh3EW_`*VTq2_CHgUI_D z0k&W#x;HxDSC6Rp4D04oyj1c({e+qZJ(tq0?NiogxkvIkcxHoAk%;(#8nCa4PGpP? zczTmn%i_O|q=^v1Z)Y1_7c5gBKaBBN&zzOHzE{zDiGMXFfm8ydt+;4~Yx4EQg!OEm zncAisd1Ly?@0_c{Y9zKscZ31ojX<1TUM>bPTno0JKO$$9{Ecq;{4C7vp}_RH5kFxc zx|&Vc7u(-yYZD!UeK~DU9^AMQc;5GZU9M>?7lTdP#!6x4tQ@d=`|=PKcB#W zjP*10vw3iL5wg)?Pq=5x&dzY7XLc=04O>_lQC-mZ2-sO8f5+-x?VaoloHkOCr)uoq z8V%~*>E0Wf+n&|mxL;hKAZsa5u@e;dW^cz+9=z+r>K2gi-gJv~DQCd*R{C}>$Nlsj zZ~GSMvP13qX^~iI)VfBx3`3*;wzdrVu-5x{NB++lz!`i`T3cF49*8>0SPMFIylg<9^iKwT8+T~n+K={;Z^sJ(`!FJ zKO4`X|2W&I3orPZ6zXa{r^qwMhXC3@Dx2HY7gEf`cnHTnI0oI#`|$qvKFZ78eJzbY zgG|=Gc=b$*H2UaM$W9>M%cL$X1wj-&>V zij}&K0e#2yaQ?Z$Dzv(5{#kgq04O8$N96tzO4H_d0#!v2#0&yp!@b|-S$B0nnKb61 zai>DIrxtBUe75d*@Fj_%-%7vBzHMQvHh%;;Yj2^`)sw6ME0VZ-#QeV6fw7EYLqKuP zb7a8T*0yW5TyVDo$Ty5TziO*)iyRVHMy^04W!(BLWF-yR73*#wZ@`2 z8!eApcC&GGBy*72Hjod!P*7Y3IUxuBf}}|_peDLY5%=i0UJ`NicIie?uFJQ3JbLwx zE6ID*-Xx+GiMfx!%z7OcG#bX<-1znnFHKAY39foFW%*q)h|3Xk`VwC1lp8zlN_jc} z1?OW*7WiAt6Ugdu5U-c;Na(kKgLw9NZEdjTH z&xhDxAYC<)0Ory?+IO{#v}>#ec{iN#Rll!9;(|M~`hUGA(IwsA|#>v1&doC5S6_@6W^9e1C>2ufrLm&8nWoKuz|Kdpv^0PEp(Uhh;2 zSn%tyg3W6JQu?Iju9{#&WHFB-gAH^`^#;Nr&!SPU=U?sN@gbN`d`$mf9ga}-#bPjmEzA2NXBHQ z#veC2tcF&My?-X<+N{jwYZnV(6)~YZijk`KFr=hoYsa3glwJo>M{8msvB71b^tWI* zTWupt;<=E}eE=MW%t8OgHK7dPU723+5S@DvYYC;X2Ll(mSQx)xDKPA`zjnDIE zc@3XI%ksF$*JkF~N&{tF9JY+fx!d^X*AW*ba)0lK&p4bq@BITTiu4ZMtF&y|h!?`v z2!^ZOe)%A_+bi(NY@<>5{=VJPz9kH?ay5ugQ6>A%M(8`96z-Nb^3{2SR))B296%vd zS6izmfN-S+MEc3x-(`3U=jT%Z6BBno0%&-d4{_#w`-K|IZ^OhKp}N+`-J~>Zp-umy zl#=?sPLfEJ%tsu^F(Mn)U@i&YqR;D9xid2yeQBZ7Tuw&AhISJ5J*PLsTzah&%42yd z+HQ_gMqdeRvw?9L^5m~2=CeXc`v>$W0fBJeAfT%2TpCb@*LnWWkEVaS!#L5L^~vmM zfn|8Mc0yT{x-AaPdpmTfq7X3Ki#&^a{~+!8o(QQda<5Q4r?8MaFuinCp14$g1n5qH zw0(r&v(1*WHg7~zDV7Bh1G~<(JJF0bp_8(V=JS#9_1}BIZg6hBec+D^f~@hU8rlud z>cVgOBoaogl$Nqm2JVIEm?XSoVwyJrx{tCCW<_OeZ!#qube(NVTijsM6ab`5Fec!* zGwDUHnv`wNt)3NIJXNqT>1?wnA6s$vUE!3s-9~tzo%2f#Z|;9+*!CwLM|N16yZv7^ z@|g#pehn%I^Y(*GPM$w$=wki+ly!M($tfBW)suSy|1PErAu6TKNi1%eAvyRhC%7H`rj$MWa_93U9EGVUzxR;DVZtprJCL( z!~?p>NEVj>_1%8qQYZhJLF_qO%u@fzep10p#}KVW>W45<>tE}+1?Q&yZ?4TS_Z9y{ zYgf_r3)=B66Q4*w|JRj6sW_yZcZa;?u5JOqZZ}98!3^Hu$|H36%6(Dmpq?Ngn=+ z0>sCIiYcJU<-ss1xs7$Lo)V$KzbHPeg+1p2-(jG4^+WTD_{v$2F;CCTWY^bgp#mhF zc2!#l`cqUhAAa{Ivh6Whd@s-i z?|h?Iv}$nCHWN-0^>-9Vt z_E~OM;@f*MseFH+xQil$4nX0%x79V4YNNyEpHwk!^*Li|K0jr5)5WJ1Gp)L74UUiy zq61SZ{tEoJPdP&AqlWx(*zRyCk4bYa5syXDW!Jfte}|#Ppu#qV{CNVBnqB)-Vv&#s zX1vV)qsmv(L8gAPww`EO-V+QmKnL~gd%e2)z|L8C!?>M;5EP?DztC_&ASxlj)Y4E| zO5z+a{JKK`tZA;)NyGlAiu1byUn=uLq3eti{ck!YBG+%GS$EctR}(+|6`3@fI8~=X zW>@JzLfuz_D9tEC6Qr+I{8Uo1q16GzeLm-OPX{L$LWj{t9SDy+`T&Br4(b+#E8MgP8V#V1ePw_^3Rgr4X zV3{>1Pv$?iwBl_ry8e8>eE-{W>yeW0pMLrpwXny<`bWR*4&ttYpA(jeN|` zVS&SqPJg2ej3fnxBZ~5_?~XlrtSPVZY&x;PEP&#^G}02lj2P# zP&sM6TgM4xuX1N|l9T6gzP{^>ojETr<80YPz$l3zP*zWQxH6Xs#y(hCGLgz0tIsfH zxmN)Jba@%nVMq`YW!1TyptT!V^sUk`>L{J|2QwHK}Ib zpdoNqcb9GBPh2*;fQ$|{PVdjuHx zWxU?vBZb`aqX+K1&|68Vd`AC+BX!9@=`I(+F#Dzvst=sXCs-*w$7a7d0iaJq@?3aj zdYm$FI>^_A=^j+a`^ot8Gpr@r94rdi0G*m@-RqMVoU2;o3b{92`IMFJyXD0w55@x) zO@Xp)XGc!XQX5zy9BMKYn4#+rfYapY+ar$9`M=-yT~*7^N!lIfhM-H|^Hr;DPQGYr z%-8x!y#FOhrP9nKVij9_U_hu7C`5Ep?;Mg?>T-Xvu%d$8I?E>o;m0ZuVwU!FnDbE2 z4bmd@@bHjCAG#^7fZot3EA+gbjH6UsX3{Zbp;V0R0Wx|o7h#xRBF&C#K)ls{sgfY6 z5d+!BTX5!9y}i{BA1VHJ{-{MiW7mtB0yrjYCyOM%;-`8bvpi_IstI2$)O+}rw7iW+ zT=@+J{ah{CEFgopZVphbz$B4vXJq9c7@RyqVXbq0;bQ+;;Ej%s&Nq12KgDGJE?f2( zhH>?h1?1DcBI@TJ>Ad&$X}752)A-)vOIk~;dZgbc2E%vLP>sXALRi{F>9Oex0DI^0MFgIWNu*ee*XHC-tT8-%1A9vRfbbI8571toJdCL5S20pE<}RCb zN<~K!Ikmvh&akzShwG7T#UpvA`wT2*wsboo5B);u+C@;3!1Jxw$8Y56f1ReN_`Wsr z^qd(UAqz&V(vIC50LnG$gX7ss5qt^uS=WC(_V@Q)X7#KOIuM;f`19yV)%1=fQx`Pv z|D)}%gQ^U_uVI|-?(UE-X^@oe?k=T~l9UE1=?3ZUl#~+b?gkO*4$1ez&o`cDe*gXE zePJ>^qrHu{6i)eb#0Ud_&HSbe6 z^-5XJS4r*P2je;1xeZgFw?78+NknOaYUP@*B-oQ!mVwpm@y=}lqqbWp5$!aV!LNOzo$G{OxIeUXJ)*1ePt>V+mY303E z2asX%x%@()Q%L=KoAm?kv7BK4;Gou|J1y5C0nWj{P=yV(Wq;rHwKpV55p}Q*G52&C zhWKF^IOxLpQ{HYLMo%cd-(WV>N4#fFgY1~rL;qo|`&T_Cy7Ov`RPZ#V>tXTq1Dj9p z+fKPp3Yo75ouFVKlwRl5@IY>1H)eC&HkBSU+bJ8+yj z7CbqTGoClzT*1CbG^5U9@= zdr#-iWCAu)daK`klRd@e#slt;cr;YoL~X{`+=Rq^#^2s+mMp)(TWmtlBq3_DzlnNW zd5~_-s4jmaQqtHt!ODC$6mB-qq#F3$EMGIH)NS8#9EnoV;d zY;s%Yg?d=}kc2y5zJh{Lm#4l5iw*Z+&p%-;OS}OIrRycj6)UyB?6>Jv&eJDgX zON~!uWc)om);b6K2bJ&*vV?A3La}81&FSk#t2TJHWaG>-&=!1FupM^#4$#tg^LZ-T5%XynQkkSJ~_BC@n+=O}`ajuW5 zfgI>`B$*|&+8Ce-H?0>~q>H~8)Y(4{;q*3>b#|mbKW1;-@&^YCKY^9SWC8`27qj~e z!Wo^|@`WA_8jqd|G9X)UUP*ZydrfL{+gy*t173xmy#QcetIzYkuGq`?Dc+0Y3D?v; zHJr?nF*!M@dRqTO>T%gPnoOAJVwVlUjkv=0y*O(Mm+KK&C+utHls_eALv7DsjEC=*21m z;I)lC*?flb(c2^cZW;FA$@`%a-oK`DFfb6CYk$e1Ykgp-!{$Tf7~xiSRfd8zPj-Dv z(b2WC#5PjukkC8e!;mX0Wc_E$*lD{8hlPEADD<9u0OYoY=4L?*NnLZ}SW-c&{kwt) ziEa3Y;7xLoy${TI{b|cKp9!r-4y>4oO5eNZe- zD+^oR-hp#SXQo+i&lJ5+m0HAlBqJ7-_2xH8Sc=in0&8DSprZj_0bcM8wGp8+Vh%6) zCBpRRtNy25FK)DY`D&l7D`Fo-uEE&cJzoS9U#7u?&{-HfjHo?Po@J!U=J^LAye{iA zvdW;7jU_^4vp$Ezp0~7@Yh+DR_YvAA<^?0zD} zYtwtz^G{FWJKM2U>n*c~_sgf<1utAWhtTNcBzv-P&244yTD8aYe4EH8Yz%nx|`esk)|_L7c{>soH8(Rb)) zWWrvre~)I6?_V#~_z6$#HRRgb0`b62)JM1-nCn|?>O;{@dZK94&Ak3l$MuDRPCYsl zY?b!?=Wjt_9j_S#!|$Ioq*h7B%H8`_rVQxWJ)y zDc>`8ws{CS_KQFARqQ`7^o%95Sh^yS7V(AXr?6@b;-uqHJIFSB=e4x8iL)(9aK?;l zduDia0La_*c;r~(L)raPE(!o^b}KEA|B?92`#yrIOahc(=Ae3EZd;rFO{3}h6Jx^QMky*WigB0g9w!qsT;^J`_2d?9C^jz;ZXV3>FkDL) z-q9*{BtE+@zMer3I~oxXZ{LW;6c5MyuQJ;+h#m(`_N6t*?%X5+2r<3rkG*}wd=jOQ ztilR8{6Rg?8@Sb;g{21o_ddJGd5*#*go*;JHNRB>p|d`JH{*e$>Q4YvenFzl#aw6t zLn84re4stXXaK$H2PmddjMpc=K2CUMgG369kjOvKO9#SwLr{Ob;^fO$r{psB(v(6i zKa{S$kDxrbS^~mXa?K_T25tg6=|e(Cde9gSE^ zC!V0Yz33PULCwVZLNU2DkKOBZ0L;bgN@LX@Z*(Hkj;eoWbD#rAt~05TmQJhMZmA%f zPfZ|*vt(B#LpXz~?&qGL)wTi6+YzpKspsrV;cAj78adcR66=XrzwOY zkvokEp7;P*hY+y^0LDj5%MOk9ps3gBaA2#Oza(kuADP&t_6f|Tos35jbbv)eJD_n`g`O+V9@=c%lM&Z<_hSKyJy}_qcj?0!2d7; z^0qu6fSC~nec~`j|AUOfE~ps5h`HnhK5&`NKZG2c+u{{#Y(~!ii^98kFiL|lG%Sdu zb-&o3SgOwPavaX{R_Nx}3-@pQf)QMr7MAV{D3qhDYks3)xW`l1&OvzrovWV_b;Qhry+*6$(A30F}?jGcHolmNo4ou z2#*diuY;&S*0qB7(ynRZ9SqlBOtSGwhga}`3m^?PK;Qe6aKaBEUWB(be#~xHk8if6 z%@uSF#%hA|tZp)|D}_*yE#+r}6wS20SLoK)dJd|o_w#%GLg;+xAJ1=Yp2xmh2I%276XVi&>C$q0*(x>PR&Vn@E=Y8)h z=ltB?qA7&3A9K%1ClR4Ldu8@9F{vOpBmL`R1eYr+1T%0(QPNKm_2{u+ONpZBXahDW!@tJM6`me@bj@G-p8pm4 z*A+di_4h9G85g-BacDhDDB20Tv=3@@+N4@O76Hp+B+FZh;tn$3Zuu^dLD#U3nE>(2 z#|!+gzqGU^GGrtByV{IwKcr^AJM}7i^2AXq=M!NM^Wop4MJH~9g^q9?*mY)>q(C(>!Lsogx7uhfsU<0&6LVPjQxx(_lLeLx?R`|@QV z?5!UN?q4WhZa-m@oHE!3wX@N$=i6wIZq>)#Hjej~Hq$qY-^>N8o_~hb_^s+muXlBH zkQ%oiebBk+!!A1E1_eg@LsE5t%Gb+@6bz_&qkB_Hs^6=&477g0!Evi;+!qfBsj3od z!P{>99?4cbPUhnVEf)UZneFoE_^mt*y&tjjcbi+ZrUsZ~5o>bl0$e#T@c>lLo|3Q^ zxUuu47&8dOevL4hN1rKc|AJhv)1Aay>_$au^sDw`?#TC z*EVRudAn@<9Ejfj+~EoQg_zqMH8pXys{IIe-pT>#$YLGpT#NJekb~-O|I_NepWjWD z;R`hjM2^gi&9`_gMrMo*%M&#}Cgd70j}ADRdrMZLqt-p)U>-e&Aa`PSDEiPr9|xhf zwcHBCypGG;jQ8Xbm=J(|7Zu6sRd1>6e;)C?)l2Rp(s>nqUjq(vTL~wITFVP7pWnZg zH?P@z*6O&3m4vTew;x}D2SwA5&_m0kel&3IPfA8}@NjqE3KMyNd~?}-v(4uJgx%WO zYF8R(J`l4x|9qnDIo`G&apHF)m|P`Us*vJYw+lBX0PM4R$ z(kHe!<3otXE8E?@1CnRnh^X5x?np5zzMWhrVu5)brg2ywycpZp@9Gkd zaC+Aa7-x`&uDz#1y*>`Ktpx$ZeY-HlsG;Bz)lpdbbeEh zw{g@1GXc>}0Gh@`9R4M@+!8W-)~ROj`t%~;+1pY`Y_{ulY06m4E+6^d$WIGl8w-4U z_i?EZG@`-%X0*({T$o<83{}{s^_*T`qk8zwDTS(2y4@Iiqe!$6dk%#Ou7VAab|wOL zL+?MB+E%kW<>&~-WH|n12GKj(rq)KYAHv)Hh0pJh;QH7X(fj7u%>q1Nw0$e7<*;t}T~p*s8rBmMS>yL8Ab-4Dd{lj@ zpVV;m{ps=LopnWtp>`$tue?$E zQP*fyxH`*XM@Em)S$bd+svFJvW;m>@cnk>KyA6B>3VTxdU(8$82M3SEQ6*!}foh6i^p=7x3)7!uAxmb(JSefFh5ZMLi?y=aFA(5&ykc|mB> z3J9-%>}VU6Dk@tB+;2~t=w%pO(uxjQ2kvG&!@cnxwm#ii?g}cs3w9+7>u0`J1GEd+kIQ&R>2&Da}j5w2(BEul+{)4zbQP38`&qeDzn@^kd3t zyB{o1-9=%CiWj=&qeszG@RmuN>)WQVJL?WO`4X83r%^V9a+XcPe|>f5l~SxJyY>U6 zQ+D4w6rW>cV=(8I8_VyeehuFCMf0W!i1Mm%+HSP&43GDtQdaf?=0RkJLu=Z(dg#TN zAbD*n_r+vj(_<1Q(LBNWQyGAe_^%y-Wm3~`8;qXC3fZ8J`;fYkf^qYM1Zi0ai3Y()xLL@iB(g6_-?&*$144iBDJ z?vgEV^-;-ZfyhSDZTV!c z7T4ePBNxBfL^U;&z>(#^R%D?}{YZ{BinT?W69V`T2>*cQ6^{vtCMwy3kq=F6O?N~O zWSMf&m%{JB3TZhwxG@{7vkZ8buvo7Q=mo1UZXfT_%7WryR1>7@Ee)FN_>VhxjTF*f zGkm!N^`7%EOY;`#iBC!;*ItkndF29}ZU0cxrZd5>8cm(vHy~!dP)1ukYX=S|zdx-{ z#b>h;MVoC>ZCeU?Za^4$?Y$koRExUp?bZ`tP}Wm7s&s~?q%rt6Q0YP3;^Fho0*Eik zUD~)GT8i<6LD}Zf&L6|O$a;Z+y7oDR>qvlqrcR_McHdDR?*bqAQ z$2YIWbjy6Jqk(mb^^6nx{HHK0G23-hbMCx9>t2UpOGnZxbDIR(2m!;@?N~Ry_scKb z%9HeeW--s-;Q_hSQ7kV{{9E9?h&URl8Jl=Xj@1<~guyeu-AXwHmR%}OQMlxQ)pVL` zD-z}1=|^rglDav3eF|lTCC#K=iI!yyAOt&5@H3EqC=Js-(`8tX#LE!ewXio2viIWm zp+z7h6oIA9b{TiLxFr0c8T_T@rGEpe_(N3w!p7WU7>c)hXCHaf-uS|G`V3^<_M!5c z0dah%O%9OwA+O(!-JFI-uE8L1=)~rY0B4+XBR9xS|7Y}CudCq)d{Id%&weJOh=0y& zz$NCd-&MkLruXs3&~XLb#`kW24#p4v;>ai8y(5;`)@lJ9asUlE-rfm&yKhf)2WjZM zEc4qK0>CpbXAptmWw#w*tH+G$ES@@~IUbOGpm|;^k2QNdvk@M`a%6zN=Hhh_k$>Rja7i!1>EjDD z(=E60^7cnJZ{ymr#7Fk9-6Al=L39kp@aL;0DM4XS+q8b8D^}E)$jH?!HIjM}=U1f0 z(EgVNe_PSf4>{ZSH=)qeLRW25EhgZU$8@ZNJyv73!`Ob;Sl#a$HvaCkMC__!HH-fP zokPnRox%NPEHJLm`ECx3sIos=MKS>s8imwPpjleRq3Vn+ z3@(3o^J;<`L@*e9*i3)(;2k@$1ixy{NG2VEr5PEu!wmxNXEYiZmhUHHNc-gH%e^6M zyogi$MC|83`ciZss%dQNLoTw+9}gvI!@E9Yr#c@zHnPdG&O3VEO2UOe*M$w~>abEH zV(_nsIFF7IFHf;&jBfqi&F(EK&iRq7m{H?>!>Z1e8VP`^RNo;6KI=_!pbf>TSLW}J zzefK2G%U`hU7KmdVEp140Mu=}+1_a5!uKd3GScd2bJ;JwenB!a-&mso6fzdHcw9E9 zMR(>IZ^Ygi^9wZ~YqYfzn1|{k8Y0b!S z_Uw*Dgv?|XZ@GUP%_xDoZP?MUeNW?=8n+@~VrE=M=GW@6KdJzp*F)9Tls^4Dmfk=F zywde>tPP@R=i@M{H%i;H$+yA=hj>808p3sGbxDKZD82hl;#^H5ns|M9lGrw0ZKU28sIde~B%DrCv1#J_{{(um8n z3uA^2iXLGlj(<~#lRgX!w#4p>>%rwM}=7_kFDmmFZh83Ak> zz|YoJuPAa6vKIzd@EJC{X%CD-#v9Vv+1Y@a10_`EkA(*PPZ1<|rNf*qY*0o(%fNS- z@^k8XhVl9Bbu721a(Q%n(la)N*LnsbhR0p$S6Wdx?NC|&%jdZi5noxpQIZdsLd!^r5Y=OBK864YB+ZUcg*%PQASnNNR? zBpSnv#nxR^?4>BMDW2@Q)DXXzjs7G)7LGc|(7)<|3GeNUnAy%EkpE;8UDUB%oHSi{ zN+&8Ae%QGDh=WbBW@k(%I&%k2Cz=XTOApz@C8{##KaB&G$nkd!-{gC01O`v$7{vM- zn(<-$baixiIht~k+?>CKOf;wVMUEbF}N$;67?DJ#RamhVdXByR3RTGKU4eo01 z6p5R@kD_QZlzh1>8>;SoU3h8M!h)3E(IkSo@61mgM-b2n{Tm`ipJ&Zn>p*kj^?41 z$qPI&dwx1mJ7)olG{GfHoPwp`_%8y_VqfTcl4%0!4b=7#1cDteCGDk8&UdhA9hvQs zry5!VrV@@Qm{~in-7l@5t1UZqOYV5O*H}j00M`$LyQYez-${3}9%1)b>??W4*OF>C zH(^R^=XqB}!dE%=1Wic%G)MR&!8HYBUO&+BiMsGrq~$*NA{xdr%o*>gK!O?4)KU3i zKIcqt+A(LNQQ<`FUu^yGj#Tp1Q~J8~L`jnV(TyLIh#{l@Q0_sMDIx!SG7KhJ^>c1j z@z-_i_g8t9q+!(!?(1eUb8N+=8OE1Cqj*Vq{y+-Ga<-fx~JRF(b zR5_CzW}^tj;883TYi=ft;-(tGfSd_xPhbN7rRn^S5+-Bnl!oWln>!~KE;u^qkiey8I!}fIrP+d*xksY+(msC zukef|F7xMKvk@@8EtXX&5({^P^u-bGL86CXk0gnJxx^BMK)DGz5m9U6 z1$vrFQ>VDjg>F{AVRhtn%cOj=CgOmZujj!jF^_ByLj1@MHN_ zlyz;Z-$rx|nGitTK?Y;w{Y!kYDhN`)i2e!pmPp_{)uKqfFToZM|MtYx!cesuKD?Y=}s zzgr)anX4p4Jl?Ur^EDRF5KliRde{S9AEVxkcJPpcWiv zB$7qiulfjEHWTwPgLVUq5w|o%jDv>`2z=MSHj>vaKG}2{ZY1NNz9I_wjDaQaZ=$*U zI4JutP&&XRJs06EM0S+XSB;Mb!h7$t8JELBT>ybiK_kSfFsT4P77lZe?-NoZ{ED|C zV9tlgO)it9=$bCb5~JO3jnNDHhqG`f}%VRqx*?zrtQSv*dPSi6b!l zH^I73+sTNIaz@Y$rYZYoNi=W}9gJz85xARfyC`4D{@h6H8)}&q_Dy*lZ)SSH#`y9jJ5C_SOWc%yrV>Ws z)52GjykN>XM)T0bk0ubJp1FrR@~?#BA5N>T&X&C+Mfce$8$^7sbr%XOrY^H0cOQ|P zjKb~G5+z_!4t!kb1j93);+_^3{r$E-eU>FYEca;l&&MpQ5lx3F_yXIECw?%6QL1Yc ziT*Yvd!BX6Pw?kNB9D&jmzq9UBbH+3Ge<6?)>jwmdsRiBP4B21?|6I6y@*-8c}2fs zQS?xsY-lJ5;5^7FH-2)#k`&0Zl?#H>8i%QMJnhz%oij#@RH!;FLUs1V)%*$9_@KA; zy(xj2ApKO8-%@s&aDng>oV6;x8X1{>Bl2^7aO9~P{zViW79xP*d= zc-01tkJwsNj}o#=psRn@5@6z&@y5O;QI_#^o|q>SbkM#}Kk{fd6OpcRLLM+NQIXRX zLMv+6GWj(g)L5rpnt6Qxw(jRXQc%3!gSze|?_L$BY-z1JX10x!=>!(cpujl_0G%P> z;}L3kambHpmUqNu(UYcDuaVoiv7s=7J;s>tnYLgBu_2W&DJ~sf7S$Gd3oIU`r2fRl z6bi8a>34b+<-}%!+cBZ*FUM6THG)z1z#`AqOjf7;!}>Gax5q%U;#r<|+n>?J4{O+< ziB*0&p}c~hF;vM$WPxUE?q)Sz7-xQotuy}>3ddmn)Of8=xk#Vq{n;fEq6^0GIGf+F zn`oX?KVjofRqENVoMNL7{_?dO)OZCGm|H07;(^up4w8aBRRefoj%ucb=_pDn!!}9R z;VnkbraA8n%gBaE396dJCqC>TM=V~Y3w;=Za@O`sdTm_h6YF*Ix#P>7pArHh?|-_5 zrYJ}G~qu*7fLzjL=g)+sKjEmWY|H$6Fg7y z0gg6TsP#H~M#R6Zu%Bz7A^VZC6tFKAvY9C-I&o9@O1g4?nzR`OZ zyXYTJp;qzRD9(GI_>2(~kh}W~3VNn6#BoS2^3b_cF~t9nV&(OF{6mv!k*Ywr@W`_t z3PxYywIe+Ko}9u(W9O^fH8lG3<~OJ3l^oNXxFC#c5oQn1C592}phQ8H6c+{lIcCY; zO!(4sZYVDU$f)JToYYF*xsU{}x8cVB8F3CA6V3-R!jCBBS#`U92;O948|%_{5(tPk zyrK&|P1ksd9ED4H{&IhW!2yA#@afBj>l)mRnU)@9PlrV0u;P4p>b$%^T%zO$7;X$# z?_U!i#`vzAlMz{{!ZuC@l^+%zy0Zv%y=Z@(x~RKEaKC|F<;)lUBYM+~xFlKFid<46cu~JA_!f9O%0RT66PbyJPj}Oj?r-gXX+6+bSdr>`eA4w^X1Ad2i+!ZxPQp0( zTRNi*f@lE&ooM*UCW>sBfvxTzjruiNzC$GVIr(Mikj?kp^&1nfc#jg4e<2{9Q{XPC z$J~ZY#*8dn@$4zrwyXI?u-(bh)*G3@q7-A^igccjjI2L>b0pcCpO4A>rby7H0-srZ zAuJF}dDkJpglgnnOY| zENo+&B@IZ))ZC+phlZ=-ubv1MY#vy2ldc?o4`zXNAJ9ooCsj$UY%(8<^RDD|p?kl1 z|7tXu;I?)-!lyBIEmn%TxpWY&=2Cip z^}teVbrkP-&%{ugk2J;XOH*99Q_Y8VmJlU}%2J@n*4r@E&*f5n_I5A6igo)eNrgag8Rmf|(uyNu)wd*EKgr1I)A(!5U69 zC66>CzQGMT&!e4bGlf|_a)0s7CSVf;xaHs9`29(`9rKgzUB{vGK{jsUN+6|?BujjC z{_0BK-~VrJynS`=7V)=~KarXRXLFcEOUf``6~#kIwB!S?$~ENnmU*=ut2g~px)NY^ z^oP77g3s?ZQj8wY zeA!f*NS;s;50m_J{Si}Z<}_J+e4L;(Olz|R-VA+Jf$F$emTLKBHGEKeXNE;XqZ+C` zuIBX0fe4d6JdbceET@7okaj>U)u4jm?`DSVuismSU02?E>s@vq-9}B3{6vm+UrARB zq5hOOy|c7_kgvQUEwlE%w0ZT$$)oOgf-oe+In?mHAoY^N0F_MMkMC6AC0O-vKy))w zKnBU*%3}P|3Z5|HIun!O^HI8{oK6QO^M76n>Z|1qpG4NfM6K<{*VnHM~GngLP^o?s+|m)Z>JFylI@m`p0G! zGMfQPyl0w?BM`B*u-KBGEMAF-6bP-kfg)bW^UpnUmYlfj0s0l)f>_L$aA1)7>DKub z`fJ2$@&&@G+&?&+BtC7nh6H7z^j|fO_RsB<1ER@hG3Tz4ZQFSlI_-GD$Fck;vWp>I6J*?%Wd+7$*HRBLQ(CmF zp8C4z6dTg4#bY;-Bj!8G{iO?r!3F6i;h)n;t8kPD|3AAG)M(1O^w!xCM3Lz{He3l3 zT+@1{Zv)s%>*J69$VTorrj55EGgibYFXfvIeO%BAL|Iz?!k;dtkEm`yhL$a8p<`j% zfdnoe&|&%rl3l--Ec8#*YZ*~nA`8er!hjA4wKh${h7^Yy#QbIiP#JD^M_NGm&c7&f%pemZXC zglZk=7jhWg*T_+;A1a6>_t4&+Txh_*dlqE1vyC! z&Kg?kw^x|^v*er@Sd!o9uI2E8#6U2Ax;pf&#>rM;B1xN^0cEDw+k%{?K}~5#Uu;U z8)C^_vRgZmmux%WxV^>y_~iTB$1umzJn{R!u@lS zmH0Pd3CCOSEBiCau+Dar>u2rvjv}g_0po(&n-OaxEn52-xqN0)=94ED-6xsZ9!L2{ zH}ONqn4px#mUXkij!D&FytE!XO)>ALibq9kpEU#hCnd*9w!XZz=>{V7|` z+8a4%u$=doETe4DOtIk_ku+Y6mq(L*z>YyNouMOZ?wNO!j^y|qn%w(Bp07ohzPrnd zh=kXESWE8gIR;eib;yvzElgCd2GKo)^d|4gE2vZXo zC%b>*Mm`3Sa+0)SCuY|y7^Gvbn?7Y|2^y$v7Uq4#?0N+wccSZR5oqgI?t7&p@Rw5fcoVTOwDzZe{Hqg{kB#mt3u^IU zUqPviNV%CQAz6|1l|5ylD<`SOeM%iPYjMU)ZvKtK-xb6Nn@lZE$ddj9N_kzbps*C0-bf?dtBQx010!_D zNYpV}%3x{}B2(>02{jZ`gXB?s<{q`HU-vgoiuD;~pQG+6FPD zcGlgxTehC+bL60NCZSx9_i7BjZD!KJL&p;_b$$Sw2m)jku(_luO9>v>g0Msyv{k+~ zV2VGOB?P_?>*a@4y4_a{^R|w6Q+TPi;XqiM+$TaC(?QbxG?+#XnPOY@a9XsLgs%8j zbf2<>Nkmd*Cka_4=$+$h9>KFBk||{-`<(Vxl^&Zm*wKepmaZu?Z{CNf^gss2PTg8+ z*G7GnEy=DW)g}Ke%dS)x*>)t*(sPpe#3FeKA06m+nE3Gdd$JN--Ak>{XKP#7)AcR| z@%7J0!^f7J1g)8ud*1|VR5roe75((1t?&1Yk8fR#w3nt zp;wIplC*VOGaKq(-}L$36EzX0P{XAZPO&{~=D7T*7!DoXN|Go$C&ZAio`3S3HQxA) zB#sgctHw!2(HZ!kQ3}c}(PX8O;J03ibdd#*T3F0i+a5eT2@H3w*sW!f-t5RE@pdsA zSp!p<1Imgoki{CbK`fC)r|i9oLjsYB=wUrGCUE{e@A>oi1g4DqnxXZYVG+xHk>$U= zV|`%B5zFcp;tO9fR^k}(XZ!eDd{P81XS;Hfk!nq{Q76Ktn8VWt+y4O5T*MPeWVp<`PHFyGW!$Wy41Q?teDyF zcqKZ@9B+7Wn%4C3SP1tI7{cD}iQ_bcu&>01LwHF_)YiQ!qv!VCn)TBzMKLwTGi69#F$(;Ii6@$45@RBX3`!N5H(h(RGxaf%nNb9+(`uHFtkXMDhs3 z4-ExfWM$*T3C2BBdn~d}V$-b9+0irGa``MyCS011OVVHr=soO|Av!6TpH4@i6V6_k$id)`ZsGufbmo{<=NcldEq`TS$~3je!{$Ex(B*GpOzxz_a7ZcCbS!O zi;X+{dw?*Jr%Vd#YiHhJSjnsPgs>fHEb1|abc{xl+a?+BURB9ec6J8e%J|Pl%@frb3hFU~FIab86noRxNOOBwAv;YDQXe*lh_HvrE&Z|jf=Q8F zu=)<%N6T(!nXE$=9?9|+9OOL?qY-Q#-={djK6glV;Y)Sp&9oHcCqRTH!=b^dVbGGZ zReCBsiv;%y8o-!VWHE_`!}n_ZW(D!Q#=To&yvd@kgGVh{e2khp7^Z6-)tbCNdy$GC z3u;3yjH)XZM3OTeu&2=Z6R3N^F%UE&nxbqi?D=6Q378*!Gun0^zsxtJlng4&@4T(; zVp$`SfDvU!E+U0-+01@zh*5s8cuoD|L356nvH?1{MBa#=Eo0wlm+o z#Hux#aN#5qc}(r)h+sM>Q>;jgE%g>~oCq*5vr%>?Ipz`s3Sh^;`8bK^+87zul*~Sr zj(*Z=Rh}5vHGkgJcxyY&RZQkMfpV)=1qIjtUhazOfwc?T1vx2u z*!qZ;g;RyBS+M`^^{Hd^b#vx7G9~|rC-SR^V9-i|`X1svRRII;2ZVkL3H-Rv)dCbFFBdw3o)t2x5tnc#0NI;EH z?Sgl-D~y{KbLp6_;1~-8uK)ekwZxm-9$LhX$(^j;%s;odzl6t4{nA6D)n)G>k~p}U zN*}=dzg`~P9ReXIh*lb-y!_x-))klTz`nJt_ko`5(|_z<{&z@doc@a(^FQzZ^8E$w z`rlW8|3UpXy!=1EMf{gx|DP|Taq80nPKN(;8Bl(3SWI?>U{v750>{?>`!9qA7NnjS z{~yl9|L>%R!+vv8lUqJ!xyx2LW&1yF6CBJx{AuWJfCw3 z&!S&zA^)$9ybw$lACnVQsxD^#hy{+DYCu_ur~!oV$FE%U&U^{IPisQg#TOOKSOVrk z!i4=5pAq)W#ZSeVZk*o?YyHGfYPSc;3O5G5V=8EPrz_WEiLL{gtZ1&0H0}a#CSn`(7=_CD;th zwl8G#cCHEinTs=%8h|O%mgJzt6jRioAlwuD(@af28JEJBHfpY|j5fd-e<$Hg2}w>* z@dO%FW`bNyRGx1Qp~?@o_^5HGX$qtxAYELom`MAJ|`l8LRqC$vRWbAD86W zN*(0iXmu*7PbAFR*Xs;fQ5L<;ozGa)!WgQ`k-OL0n( zVg5!wVM5J^M`Qh|+lMtJ!<&jI2<1%vp`^}(&Y)G#Q=M@Wk?ZAeZlBkW#-PiyIgC=Y zW97H*29rK_`Jd{b9}6znXRw?k`3`m@SM+tRk+{3=*3?o56${q06OH?Oy+=xkDXrdCIe$+gxB_ z#w=$z?kJ_LDYNg%mCW1A^WGAdC`NfRHT&<|ywBBkgdATk8&Z$~4H9_ne2N(mW0Fy?#S-_o#_ zDBHNaiVP}1-p6kF`X(U82dPVVEfPNVdZPeZNgU_9{(#noAvPl}yvGm+2U&MtD}s?G zzBHbwxjvl8o2ek{*1D?3{*liJRb)ARA^D77CUgtHL!YWXZyuHrRAuQzM1vjjV1u4* zH=OEM?d%-TW<9&%E4aK7hG;olW^M_;1+me1h3Io{lCoETR-26ksUZowpAS{fNTp*) zJm5`7Gnt&=Swb6~Lw?Xrd99iK736JAwYV*Ic39@FOPd-no*xZK*s3G*ZIMm~usd%1 zYspBQ-&vX}Kya%Dq?f$Jk>PUl79TskqeYh^6xgf=?xhwQ)@}%!4%9mSvO80k} zH$;cz?>>}v`Ar*FUlW55Z*f;c0#}u&rlX_&9;ktXtfty->w_iD`SIbmC)?Bd8JTNX zJMzQNUvdv^-1dC@l_42LS`1BT7-NYa-YSxir)xxfOHy5(pOc17)*h&77YL12uIigR zCh>D`fRD{QjFj-Ebs7&~_3_ne+!EHhiuF&8rhTJX#99w=ys|F)n7gK1<{<_aKz9&` z-@|E%;TvnZv$tam+@bO0g;2kcrDZi}^6V^P}gJ_2j)ey96O z#)tJxJ!YA=hWQ4ymxPDo}8pe*WO#*e=kt(u+PQ~xvK8NwURQY`;0?O58`&1_yha$GQPh4wdHHm-Sg6;{mz zwAA16i?uh2>&sDTMdUb|IX_pAl=L|MohD$o z?=4rMSNx=M618tQ@dHuDX>)?9HW6%(+pA0g5M7t4D)3`Vzq2V<_qPw(Q0yPfSl}3^ zE9DUYWu{aPnp5o~M@r?amrKSOYVP-)4KjrW&iBw7Os;)eoS7pY)YBfS8Yx z-zqMiHzTR1h)MViaWhi(1AINxhW>Koc+8Df*`(XSy~b3G8zY^XR-PE+(aK)4NH}FB zMJeYrMV_lr28I&uSlmibfj(XZJqfHjt_X359N5dXXh_3eU;h?o8%~KTtzqU@QR%`A zIG`)EYtGuqe(q3z@01Jc*M`;Ge9?I?ia%vZcd0Bd=`?yaRts6m3a$E$) zjCs24Yc%#36F`5cjk-~;=p*GSvooG#=f~_uSE}qk|1?7LvR}zlbz~vy(g;2&D=BRr zZD-}6{;gZ$Bjant!?s6LGBzR}xKXYYs|+bG*w2Hy8LMg%vLPQkQMweE!(+1Dz8!qm zn0|A?&GqW+@1CaT4a~*4`{OU1B{OpyHNbSz9u;C*7AP+%Tu5`1AB%d1S z^MrZ!)?+cU>g|i)%v2@p9~TnnE_lOu8okJ!Oe?nL*p2d__W1CT+gW-)h$rRlfd0`f zZ@tCKU}`RDLb<`p>2+`AFDeL!CR5AvdwQ)UBI}Z~enL$?F3X&p$K~x1YvLp2-Lv}q zopC|0n_D>v*-=}1tz_X3o1M^xe}>fkOFZWO{993cmk}7#?cU;8C-eLhDH7`eWA{@Z zNk(Pqv=@XQrvgt7e*-Linuyl2e%a^J#aIx87!>!<+lIRll`vVeM$7;w$YehmU>Hll`vJ zHTi@$U&6fapNFW=C40KIsu0Fmy7t~vKM<}|1CZU&stilbPh&h|K~U)AtWQTPfR6f% z=yQ`uG@|srdCx`X8JJ0rHxprF-_9{`^U>}JKQl6X6139L=S*l9pmKWrm1udAjPaem z$fhl4vAKA(@aay~|LBmnh=!`QDSU6_hP0_oBum;`>Ae8;X*0dotBFStqt5V<6Uso; z^~?y>{OG<|GaoBw(ij7?Gnm;I;7S(8`4=-HSnX0~qnd>pz3XW(?ie$y0RQqM=Ek=A z<&}CdU4Dyeg^QuX;mB5QUQkP^$c!MD7k+^=6c$HroF!xKrOsbslt|o`IU#LdoM|qxjLeJOcVpcAxkSn-pGcf?O_4wC2rkR5Gf8v z=zqZSe|Ox!T}fznG=_)LFaXQWhTF?@u+?JY8nT5HYlOJcQVeY?Si#S1XC@TLTgsS$)yhD0~wVf~0^*i3mswNT*15cc*lBOSjV9-QAs%(%ncmQj+hw zfB)xwpXYpguXD}^F7vwgzSrJs&N0UrbFRtx#WW(h0`OE`C^4ocg>EQagv)32MwgY4x}Ym@cSffRxwAoTlc0dqo089!6TQ)^8Pj-QsY*JIeW5|1R&s zSyH#1{NAiIsRNTqP5p_J!bX@n(B6ErxZY4vay>?&*ye8-QU2QS5ZuHXFK-CdTkL6L z#Pe_VWnX0QhtbA9{*uACoC|vtrdnkoEjm~_J{a7<8*m$+Pw%SAPTG@$6etQa^36EA zTopG9`bL7CIx&4x&i5m}bN6PErpE0Sn#oI8EX7bgwx+375OY^6^ia13>ruVDv+-mc z4JUpw(AvvG>=hVkMf)n7=_3P#n$K(`-V%`?6sf@K@XZIb45wP#e9arfpx%LOD87r+%HvU;$|C}pILCn2^wR-$-wPn58yP=&R_+?1_w zJp2(wrzckMjgl;d(kzTj2`l6PlOTEOxId@Ww zOZ9VS$0^ZCf9uf4Cld=Syh!OxGRpH{xC@+_d0baW2k&Ya$O6I|_(aPYV_V?WJ72 zI0&x#nn`+Z%IZIS`)pFTbYU8TWR;vOzcRM#iA{YTgx&V*?NNEX<1Y6c`qBgg{y8voV3fqUK@c(lz`S@3wjC z@UyxXXUTULa5m^^l3RZn9I5*=I3Pk~*NltU8t670TphzZLtse0*G{%}Nm#r6l(7;+g2Mt2|rKm*8%zfH%+$ zFA{`2`tCYE-=pWk2e;n2z{k!p@;~z8qH34lVXyh-;n`%Qiin#Z^sR|itjznYhk*;y zF~5UnB8;ZKPEW+!gy&PIIqSa-BM`0|4UAc`-wFSMz3mCn_RuxC560*0(=_~>KCcok zQH;<*rNb@~qvVFjt}i zz7kJ`IBestE*|fde$eK+X_4-wMo{zl#LDrW^1i+DT>p9Voxg#R)o-z7=Sl*d)dJq7 z$>OK`X+y;+T#W5TFLCiX+yvug*G0{P3YDw5GA{#ZquQfC@i81B49CaQb#ba9+M7|M zZH<=!${t=iluwf*_`mW#xqq?`7;or{A^J*cW;>RAExGVVgbK~%qVd^=ZS~fJroFiX z<#)-4!_!5bC;rQY!H@JLDy!*=!ah-P93$%c>-GoeS7YI;FN{(<(e47H^12QK(fK3- zqB_jFkM7a6jlPIrbkn5%Nxo{^hdu( zaVl6CwX<_)twa~^FkA%xOVr`^55bU^yh0tycLhm=p}q~5^r!OpiX$+M`+aD&iJH6I zpITNTVYDmk{>{H^b#;L4?R^&-NPcZkbFAj%IhdGxz&pCeJ|8ejVdSPIf@|%zk$bX$ zqb`>+qmF&`R8_3L)cx|_Zr7LoVaT@(3t96=yO!YU*!e@(eWB2dPG{z*Q z1Qk_C%=0+kpE1HAW{XTTupnE~XFWB~Sr`5*s^dLVcpUkzI4#@C2@pC9vFI-fr8~@m z&D0FS{r)V;b_>2Mxd1OSVO-0ir2U_z3$Vcdl$l2)NH!xkES+{v@1b*WNYtN z%KL-M1|#E+K8Pl7Ic#rBA<-f`;}^C`GkQg2vni~`Lm!qPyQd>j^y{M1@irU902I3f zxmVu(8Xw*9BE{EJsXd=&m->~~U&D!g%fU^70)3K4$MQAVzY4$0L-oX145+x8tn9>Z z_;)Gub6=tj)lWGk|IBCzFY266eDrdPfvxJ3;u)0Cp+>$7d0)y?FU~%A3&y5W=mq=b!ycV57V2HZ*vq?!}k{B=k_E;2N#}< z{+r6-X;84i&#IQu`sftinn{@J7nkgn z<};(u;G`-KuZ}7xBwOwmCUzpCruP~CDf^H4nAD-Xf5pP51i9@$dh6jLPrgN!@`gQ8 zjb?YY_skA%DRZIf#lKaDe<5}T2C(R3MLpyO)DCG^hW;RC7&UC-K&+CZsS5*CX8VS( zUjZ?_@!H+RakE|g<~W|M~+`T1vi4|2DQBW5552+ZNXbh}-A zDzCm{EMN+ixIb=K)SIQO#=0RnfY!+tQ(PTU*z9mDedab&1dP3eagQ2v_3roM*>QEY z7VPe^8;31_JBv-!B|8QfqOLZ@<9yt;jb1lMmvrx5I|bIKhdZ$`Qx9>yu;e(5aWISg zwKGQR=E3yswgC{G+*ASLue_cT6Fb2pvKdT#DGF(Evzwp)+1DS5I_qpWaneodVrE%2 z*t_8+ZS$U{s-4VlZYCi^?hX)Z|KXUFF7j{y0*fe@(NOkzqW+n_jctH^%GW8D*8h;LK z#gr4#;^%r5e~Zi;`K3xr$D%(tIhlAW1RZmPSQ8&iuI=YovmP56(45sJ&A2#x;qmfN ze+7uLkRmh$)?&+vt;hP?%~fgcf{h>dGE!2eFV{yd>Z=B;X(j`I3lgszN^j~IDf384 z3!a5Gvj^X}M2KHl;@!K6c$V<+aLmhXnbq5fzdxXAIvmS6VwKsxod6|)C3+oUu-8;9 zb>D}6GRi5{wJa|$kSMO$M()fVJI-UsR@ikriKhi$D9`jmAN0fKr8+lv2XTW`N%z4b zyMAh|Ml@pN$BK`#T#2q0lIv|o^=J<#Syr|2`0#ZlVke4fj#<3`+Co>LW~%sX&eieu zc$w3~!p>;HFgKs~z{YvOP+UuKy?$TG2)$-?I;n5%b2)3ye>5C)aYfmI46h$-7U#Q- zjXUx^7$O?yDy<@opnttMhwh+f%oMs!9Te{AU`OtBZ8$NVo(CzG#fK?Z!SCH0yPfg+rRRkMYs&At!t2nnkRvB#yopvD*CaPv%3 z8&Qdp+0-e+$2dLfmqSi1idIzMI%55`>@6Nqba=`&AAuN!gQh)Kd`)ug!ejOr9kYZp zQX0H|QMFC!!95kn;^8zEUrzfpy&TpMPH#C(Pxv2Ct*?N*;PrP8euoCt%5mGbg5;<> z4p&+^YqSoX%lJy(du5-k`J!{csbLGTU{=32N-{n z6PJ~kd(jW@$FEiPwb(cUyc>+g$9A6f{=6=J-OsACH@4vnN;e9;`rW13v>uZir_EvJ zV#%~3wwm|fleVH8jWx0Er(7QnRMEYhvsIi?$I0&d5!zX6)X%v}hEumQoz6I*VLxy6 zpKGd*KX(4SW`7j&g}+a+pKc#6AGG-Q_|mp%B5m{;gXsqxw5p$9N>Ndotr#op|7_ep z%*0E7HoCyVu4IJ#WKd?BYk4+Et#tk3^n3&BR|~qs22h$Rhk|$tr~};r5xrDnF3GW^ zZ5rl1qEfGr5W&Lt#)+HeJcQ@C*vT<`)C8eT&*6n|oM{DL`kvBqn1_T4?$Yqc9XB(M z0?}vEvGbh?x=qZmTVNJ(R z?XHzANA0_LXo3}yNFIjK7rmh*#3%h#;r?a~**VnzE040>N8q{tb=i$%wW#~1uOOue z-SiJ9;my?=s{s+TK3qen(ap1AbuzSa5(m-AaIzWptEyQe0S$e&)O4jQBuQx2akwjr|( zv^#YAwb@YcGSF(cI$BAg^6|CJ*5_*fSlkRaA#BgwAk1W@&bdAM?2eX5>x^NI=BaTP zx79$s^r*#?zVy)KyLYOwqbLj|yw7TY&ahyrRIKrado{l6>9Y)GWi+u;iqUWTndrV1 z*5lFCP{cxldm$Lt`;F4 zq|U@kO5EivQ`Uu}v80H8Skp|`-}ksJ%VWnB0eIb3XMulTN}z10yE7VJ!>7T9YSwZW zA7TjiM6%q9+ue9aX7;h?CSqRTj&Yd8#`{j3U{qlQQKpwHNvXrzOJlz<&w7Y~9E;n)Asip=OBQ z4D64}B~S<7-yIHkks+=>6P@-!W2l-GDyT>*t66=kC`>Rr3_PIv{lkF^!wVvCu6lE2 zF{`#6?Yr;o_WP@KIYgbmd>1xqcRm2ZOCzRYTkvu^KBndbyfvBSQUs*g($;&xVeWc-oP6X&aGtpk{@e|?{2jrZodBeNL{WIBlm;nz|LvD-Mf*X2CSC25$l3u3{BNkx1Vr@{KDK5+rZ4RpbYV?hW*uOoHwB`=lmc|e_rHU7X&~)2N7u|Eq6t1PuSzeoljptp^!V5C zEdggK9}49WsA&keAM3K$#>LzD@(-4T3sFGaRn^8Gh(34&v{?dmvFC|FDsDHXh%Ne5 z)Bi}&q{EhD4pw3zscUl{O;`tO0hE!SyBcHIf|u@$ zjo=A>(&EnbtrDi-=PqNMtO@c5U?m&%_J9o@L4`o}E^S_G7o6T6m z*LWp_qF3eTVoS^$+U1mFz$mh@sC67aLad~pGIW$)Q=(sp!Eep))_a}W+o8_v7gPk4 zS6t*C&?jPz6hgGgqL{!$FzOJOFZ07)K8zPGX!})4Ro;n*h+&zc) zgHHv~UiTX98~@eWG!(^W{SfOJC9ijF0+3zBfy#+)m>Zx&YsT>mHMr>toqnY=^>EFo zi@}3NHQglqdVq;CStzRnyPh0(eBHxf?P!#J#&_hs{c<~$uL+FrQY-;2eDp2D+riD~ zwM6k2dxN*E#_;BmKZG7Xr57F5iqR0X81LQ<^ReD+N*Q3WOKi|)9a0oj=5qSE1t1gu zcHTV;!d}(E{PDB%E|PZk=Fn0ef>NxnI!Uq%bV{@8Lm;52mMT2EUwGC$oqn``$2p!* zIc|UEI)54Dwwu1{>YCcwBrV&WLCJ>*`jmr7)AvU<>2l%__dvmHtJa1L6zhQf!H>8l zsYY@{S&TD7z#!6S?p?3}BhJ$-7nuvuR?Fz*gLQK`1A>l089w)HG7Q?~XtEoSp_OOj zb*g0X_fwjxSG#>->go$II$t=3RJ#|u{Uk;P)DWVVlN()sY*L`I!9-VqN)c^`jF1n5 zMy!RHkPj$)RhvB%lr!@v-;Px`G; zD63f>j>VU5eNEz~h)X*DcPED|fhen^k@1lL^$&!5Dao-cof+#E;MOIJZn&V9^F=x2 zKF*Hpky#Z!?&UIf))F5d^<;n6IWH^M!8^6KX&vuN0@q9OfO@ChGu>y@ZMLZL&KAlK zawVH=bS04+h(}Kd|AyM>x!DWqb5X$ysa;_Mu_x{%y5|&86;SJEbtB(A{@EEANegw1 zJoc<4CIcJ@u)^>8mosHv@yY{^htD}cJ31NJJYq6{^|m@uO1l&Sgq7=;)7HM?>yLgW~Z| zNn*C6{m#dN*;t}jw&D52PIHzKruyjN0j2eX0k`!!h1~0_9UF0ZwfG&yw=zB>ato1` z-WBe3KjS-pM_#XYzsC5sca>HgpLVy^6gz4)lu#D@Ten}-Jk^^k)jp_rzKa0+-EY9{ zOjd&7gs%>ldB|ddDd+u5re44-c>ysW)awV$Cs6>=dhn0ETmizw37nS8AH%n69C-+X zOuYX_UK%hyV#bMmVrXWkOTYWt_V*B)S~lLO#o0K*u@;@3Gna9MP{g&htTE-oqR1cZ zjZB{pI5#Y{>yz#|{K+!_6!o;Sb82!p^~qovUdOk2hR7@3m?2uh5@p&w(=b5u0&C1= zo(11jT;K6Mr=@4V(N=VFe7(k?zYBbYlM6%^#cVJlVGiGYcZw#*=*D>rcK$@a6AQbu z`5H9_2sC_Hu#L8%EH%$-yrdzf)G@SA6Pv5Ji+b!o2Lk*(7txKvq4{HZOa4xj-cDvgbn zMj|-xML@s(7Q3&#Di5qCdo}IQ(`@Gy53ep=-e-p=M2upbcioOZ=N?#L&%TEKp%if+ zqE`unG};@ptX8#+svv5+hVZnxdhFz(0aFW0cPm=%vN9PESqKWKNo1RW1BT|mS0xn% z_Sq&I@ih5|pjJ}kT~3UGOBPqqC`CPm>W|P(D2V!#j&^iVW$okO>WFGiC;I*v1p8Db ziAMKahder{rwFgPx;<6t;wJvHw3zTY8bLI>7>p)Ues`Rm77K4k5O@9Q$>KHY>L+p6 zA7`zL>_E&YM%=*ts~pFT@{*Z)9lsmQMINqr8)s-&ZaxfBh>zQO*2jjjakx>KLDU z&d3|~tQ<~DRa+rQ{MFbj2=d%Um8ZB+GAU!PBI7Os@E(NXyHX@aEed@J^*u6ITq~~Y z;9YDq&#zZkt*u6z_lKzLu8aY*5Z-UTe7QAVh}oFmS5d z+$dI0jW|u6Y!F%m8(-Hdk7rv0xU!t3i=ajwgJ>}x<)xinUF+4jdZ72Ns<9N`N4dpW zlN|JWFO{z8+(+cl3{gZL{RtoXh^ypk9@!sbnN%GT{KiKkUupk>X{;!8gN_<5{kdLO zwwfbFr8WyaLvqWW!EsYCDdZ*g7AEkg^r0<~wmTPUIBK*<$w+V5`OzQ)YJ3BFt(r^# zA79mwT5>eCoa(a8#vvygK-xdIy%j^${6&_;eKKdmZVr^1cE6#emgJD%(DF=sQitz~ z0Lr7Cjuq0l^XB1r9r$X~4>R;Z^HNb4x@SF25J;qp`g{>g)D%#7f4dEQRG&@ZcAGJF zp&YN(0hEwf?k=|7?wYX7^EFuMS-YeE#MWHi(O&98ERq*Obuzz}*DN$OEePL{s1Vc; zQ8r%p=bLi$lF6&HzXm+*T!jl_ULLuK8qKjit^N?J3^}7iHRQgB&2Lc$@fOeg5o(W(n3B_(#5?E(nVjCo>_n$;50*B!D-fCu6$od4eIjY8!78iF$P__zPY0_ zThZ*yc^+D5pX%QBTL6^P3BsoBRBY@4saN0i=rK+cR%aQ5W8qlqL^R8 zS>Uh}B*(7;Ta-bnVzM@16i{m?N^0QDC&Z^&i;iQyq?p_2At$qn5}9?!oJOfgYyj9c z@ThkskRWW5VjGc3Gj9rPf9DP%L5UO(d#8v4@gT}2rrQ=cuK`PUuAwpURBdQ6n~E<8 zhHvr|J6(FgA!gt;5I`v=q`Sj7F9R`0RC}77!l;+aoOA(vsd7Oj1LTgB*aQ9k2iJx& z&UVkP5x3WOU;|r6dyj;WPfC6+urhsk@&G!2tx;tSWzYtr z;pZ)%YTRRrS1cdXPyFl4Wj1OM7Ks4F=mzRD4;k}Wk z1jaOJ#-BE3OrZdMLCt+42lQd>U-kiOPy%q()UrC=RAqoyaCdse+f=X;ZBz*PRKcYFiGZ5IXKtDj$jCY}H7+^}j@CjaEMQV0*K*bQ&s79Fg2=+bLooWT3gVe0Tgn~yr{ zt?I*OqCMg-UO)+3%Us5 zthOxPK=Gp6LrxxERBi6LqzbN9PckL_-ND_qBXX-y*7L_5fa}6oGZ;R1R)zPf+&FKP zFvmXrY6vgyj6oRNAD2MuRJnHC5Gk06ogPi&;doFtT6)i7iBsE@^^W%L(4j*v)I1c+ z84wVfd`(z$U~ef9sR72I3;c3)G#0TZle3p%a|6n0dXfaivb7G@7W;hh+O_BU&>+kC zlM`9aC`2^pEwUJK>(T3b?6%^VpQ+jqc~YMS+_GMERh*vg;x|^m@({LC3%IK1*HQ== z$5UT-wko1l5X5z+2&=?iy^`7aFk9=&0E2}9pxi=^^A~)|cN?ICPCvP$E|(D~afpi7 z*)M#=&f8Btb@j=sA=1X=;7FG^OyA~0o1^sskV~M|N)QHcJn8q0IW4Vm(D)K)9}%q6 zI_p}g9-4Y{MpcmPb(c-WnuKce*29`FPJT0UHb&?QYja(`)#o}%Q_7)U0?r$-$)J|X z3rO<4V~zk)cnFGAP#PsPY?#|To?KTig?`&UHZt~;mJ`D<_j_C^ zLWg=rSe@u-&P%JfY)7U8o;5Q|+0?L5^a}kEh0v*ml(z~>LL4W8^LaK`*1^&dTsy1- z^XOiBlXCc?9}v8Epd|KIz^ltwnX06W0qlfihXYgKdDh0ePpGff*0-!pf~BDqdfnq zb^Oig?5JKuI=>3+24!NXwabJ{!;(+I3ebmuNu_JT`9<^+F++p#2Y(96L50lK+@M!Z zq8binpS>tnwslM82AsLt0viU;x=z%rT*tHNa3R`lXtj~|3$%mYWap2 z1ibLhXs#7e?cZwc)VivSn; z+I;;1^%Je*s`g@ex#S}9aZctOCcn9hmynha{KUGWdC~K`){vaHy#;P1HB}`VS{(8j z8P6d>z)nBjBVK|E?{|5T)x!!B_&YEwZz>r7F?OD$r;?-X=g~_zdXPIM&LEaD@(#-WXI>(T}LAmpi`_a*dR1N&TO(vSrY6#RK zJ$0Ilct#U<-)bA{?!HNL?HttNNdBgT3|8Upo}j#i` zR=djV2(vh7&a={vUE~JZ2VgrBpPmd-$GWC=N_)Y>(`Zji#|0Iql2f3I=YN7hWa}^+ zx>Ho5DOCMpRjYjb4z&s(NP4dvv6U0+6q%dnCVsrEsGB_n<)@Y;YH{=naSGWE$3m22 z3KMG$%Q$!+8b>Rx#PG{BODO63jc70mlteQ#epdWorSWH4-bG^numKbOs=}cLs4`Gg z9(EoDuJCXW4*N5sROV0y{XRK{;K9W2NVpG^46(CP*c{eUi>&RR&!VojU8ZFO@xDH!H?e#3bMmG?3gJS=3n41nLKQYc%}5k9#WOh|oz!sx4PW zMk2AKTAm%8Zb{#xbB|PHf(5?2ZUt5f#PvX)92I!Gi#1)I&orj~fo4hu9i zL>}Hapn4rG^Tt3$apy7sS+_O&`e?<#hdN4S3=->&spNj}l6WRwpn3 z0Frhi#+{Rvi(#E%)YQY!nagSZbIhl(_Bexv_G#n-txdp}Xx7)^JfFH$(ET10T?gu& z%P>lr>e`0%FZ;DF`p>n8BsTbXc#ZrF4c6*x283wr>4;IO!jha--`@={lL=lwqvVJ zbm=wL38->-xR$E&!h%i@Hj2iMGLJQ<($D{Jwa=#v#4V|x>k!1mKUs;dI_nko_ z#=0{#%oAmSqMli|8ut9pm_`F{JfLR<2Fc{>%^L0fl7M!U(0gU!bnsd|P98uVS@W}j z;N<{GKHR7#0oo^YeQepd*7rf%gc$Ilc)+n0=v|wuCuC6#Lh?Pj^VTMwy6sw*l|!S8 zss?c<9fQ-sq8l89UIqWwt(iFtk5)VBtYnMF$Waf7g@7weuVKbV_HYIFv0~&^Ck#OQ zeNc<-RlTxGJqa~AUxsH<&5=_WXu!I?jeX5Ui1<$eP^+!up(KR+U&6$4W?~S%JX`Us zR~AD_fMEiRGfPXAEkPO;E?r(P_1Y%9i`b&TA(Wj;OG{@1JKDn(KcS^)KOUFORv1xv zKkPJ#e!=PsAalXv5r3DqFn9;&sm>ItGD8X2@5m|YoaAaN;F2@pvWM1NKvrc>G#<)% zt+TuoQWWwLH@6W-jPZu}h%45%xjQSoNOVoI_U7oD-&FZR{RyF!YY{d!y3>}@6>@7S zeI&4XNioyQ7?P(0+*bvfehTQ0f8oQxHEUwysHzbRR3ESdw(}D?=0xoWo~W#aT5s!< zzI5%=y}y76;caQa2JBCO$_zQMuKL;+>x+K-s49G2w+##dz(&zhe{|u^c+~}dch940KJ}&Ing*x5V8onk; zR}8sFb7NpvmimtVqda$NruaQb*b6D(NhNx6l(!SGqzCMboRj;&@91H5y%D52x!7Xuglfa>63T_ zVnOJOe1o zl)cMo=@V!lcF!(?yLQc5DrgmC{MHCG|B<2;Yek^k+*0z3z0_4^3dP5fo9=}#eh(`L zbGhR?t4S;}<$5HwYa5J=j>V)8F{a2#ObXBDrIy9P2?q6o7f};$8W2ryriqK=Fm;uM zUSnfphKGp!2u13B@gt7kSv#AY#`aTMPkOrM0?$AjkhyC^k&G!pbtNQ=gIO4S`AXIK z&xc5(3jj}hR#&;%D?(!R1-QSf4I)wW=M+XDf4IBKrd*@s1APfcCu6=Tuoxw8@bI9% zT|g%&$@vZi^IH?|jYxbpxtO1c>G5?)-wnbPczlHugZ;Dp>ozv#v=AA%jL=EjKi-TJ zQHm(fHjX2cBQfz_W9Dc%NpS#BW}R*9-%qlYPsJpB8x|)V`g1NXLtm+3ui%X|fL#0c zMlGPk1aZJQtUm{_-`6N9&HJvsY}*EYf{&BOfv?Wi((x{Xrq;XVve9M2^K;}d4WB4% zwMSb~7yPf_!2da3^?!HJ4uL7UH`wpE;r=hpz)1gp_G#<4dmL`kb@=xsa5)6VCAAIz z?+*sQbHVWa&S+e=)!8F6fq;stAmMp~P5LeLO`crG(IP#uKxY*#>i?xT7X{PP094v8 zVKF#;e3bpc|1`rjn=&dn*eE_G{Ga!?N#nmqvOqLqeEGO^Da}tUA&~f4F7W?mGcWoV z=!x+E`^IVY&rs0@r`VSRX`pjQ|Brv7(Yxru{(r4C`~S5M>Xp=@3wxqd&B~{dN16qb zVgC0m`@b%_^W*ius91KJs^)X@OPpbQ{hjP4FhB@3M)Uvp&S3hIAjAhgx4lbyfsdX0 zvmz~v<`zP=W*5)bk@$Ketlr%9%BTNxF?yp=QKKY~_XtjLgr2E07Jmew%QuFly`b|V z9a!VXN&lb29sYk;_u9jNcXB7zkzJ|_tnU;0h z6hKQY5rXw{JGlz``09OFI|FSYiU~&Gkh!yGbJ)Vor5i^O?e~w-FlzD$M(0^tFSid{ z)MFJ?gDgTW<62*Ndy<=%4IH@UE%({wTs?ZsS;5qJD_>K2dHfj9sU)>BSxZzZ8jThY z>Q&@C+8OMuFF|cw7Vj&xY|O}<;rlD@nwwl2`f0GBva<6L>wQ^U3*mKx?|Z6-n95d| zl}Y=R-*G(-)tO$o0&81QZg0JGOw_x@J;zs1Iq6J}Vij{cgYxKx` zd+9r$d233RB8JfIJyk*MBu4?Xq}JC`8ZUCF)Q-xvk!(o7}$pKmqG{kt*3M+ zWv{^Q8UwSwVMu1*_Yc9Bs$Bjo4@g5pu;mzk)!YNY#ms~(XS-qh$nh_GDdJ>xDeo)6B3eBcHBZNH#He{{u2iMKNB18` zHAixoOPG~({^bi&qo%4m0)`)Xc0~qqf#*i}7mblblkL>w69%r&7e`3$y-JHtFcbRT zeymdo%!wh!h+5;T7}-oK3Tc7{UVgDO9S=Ks$Ip5Mx|6;1fD`73S$ zkyM+)IOF1eSTXKkIwC;0>5Ee1893>2MOCagtM^ zcP|{P#25p`&#B|K4o631KCeUGgeuQ@dmLeEXBPD@Z<8$AyFhJ;CaK;^H;iIE&U@I+ z!mYx6td7ync&9Zrw_$0u32SkgIWAJN;~&Wj3NQ7sD1RPqfnK1BYAEwh2#HPoy{XI|M7v-mgb@t2KX!7`ZRj5;D@LkqBkzN_EeEUuP6Wv_j zUkw%)2C^Th!uonG8eV8S#eZ(kP{5bGVb1Ft%9Z^hNIAwr>Gf^}jpk5bvyW4h`~VU}@5n8Ztk4J#Z;#>{*ahAYK|D=c6hz zRaZWASJwmu4v;kG^T%P3sC{-7lDHS6lA!ofN|iqC!B+EFt>k22$h{XHP{)OKCBY}h z{iLKyWT(m#7f(=dhhDbj;56u~>}gx#HNB}{vex5a?oz{d9pgQ~49#<@gu-0*b&fFT z=jfBnlV8E#_z%vZw9E-sOq|*xnumaKlc>-WbIdi%Hc`DruRjr`4&rwwHN#$ydQc$v z*%q}OKPW!--EBJ;ogZp9<;p^O7R@HR%;L$@X<&77Y7u+wcjz1ao~wV&?s3M9MX~m) zerc`0NUe+q0|%j<`~pXgJ+R!Blue_Q=c4SxKY}o@L`ky!M-ApAg2V1U`f1d!c$o*^#{|ng0-|I3Pa6r7D(a|h)`!dbY#p#KEI&4t-8EtBD~^v zIEdQ9m8w*CT$X#8K~t&MggM4aIFKZ{VAO#=U6l4AlY&B6DwVqkSKdMKZb%4JuFEW0-qOf?{bb{ko5kDi`x7* z?WP-p-o*kTqPXPOZJ^!Tbsvt8G@QAoe};>0;*(eX_GUJ96;n-A(AaCS1mSzrKh~Mg zn^@h~c`HbI!T&kS`bqQUp;%{QlB^sa1fE0aCvLj@kP!W117?PSzz~eM_2#a`zp=n? znol5D2^u`A=4>|0+aR!l(PA$vedZl>)Xw;3n0Xo#*cd5E(0(sFx>5zMseHfHTFdLd zc;(g6m@3dEeb-8W9C~$qulBBdUq~)sLWWHJkN=>sK%w7>oQSMO#nX$~LV80Qe6J-?~9#z z>HS0m)Xr6c-sc@TGZ}_7;59GGCmyNimC=!+iWXkhMIx=4N7CNYb@2wXQ%A+pZ<0KR z`qG^j|7Q4ndDk6uZ-AW94>R=PK`QZvS?}F<4DuxrTrG0c+G^(Z4hN~w zva<}rixhvKACo<9l%Hq*o_+DQ3fg|*t%cekj25ne$}KM-s<-}Bo%tL~T`zl?5FV{8 zI)YF3uB<6-h;=jRWV`vR1@~#hX+w8NEWnUZN(TNgfs-*r_SJo&$H5zoVL~!Es4`VWq{9Qa(4e`uP=3-UnOitRQ3I!78hLy_3 zq`jf&rS`tNeDm`7drg1vr!W@IsUQuw37tNx!ZN)^4Mi9k_nn>1PXTKxTR5j0?2w`T6`y)ST)6D~`0 z?=GKkj6t4`*$W>m_YWLG#0MvcK#B!@?R{iZ)8u5;qfKEpTc^R;C|iUvi7OeMUryDU zcSgF-&C z{*tggW-prd@sR`h@MyWPYU3E6;wqk;;`C0bTJye6qiYcIEqV(Gh=+qHR@E8<&gUG+ zEoJ}L1@Q&2NKM~ANg zT1e$7nZIgC8S;;=kp`roDUb~#Iedth?3DuPhRDnP7f{_kVysp>e0J#l>b8FQ`Z9Y$ zTiWBMfdtRx?<z?T{_&AoOaU^Y z^ILXU9(&c8i!TL`^qysq9tjQtww;6^Sg_w&B)|x)V_hi+m}S^74E+%*y5y`+>|}u{ z*)<9mlZUdzp5zpL$2heZ2^WPm8Rz+Gde@OIOO@izm$8Y5c;A`+suW)x%FDl^NZMzp29l;djZz4js@@XxG1>x#gzH@x`z4aCE0w@TXKi z=HmrzTAj)tpE6v2G)JBNun^hQYMEr{oZM!Ycr7)uqxNp+4!L72GhW@hMRg zg||SfBy@aT74OIYZ&|H&%SiYUNf_VX|BbXDILM=GhnYXOKLf>}!S=vW$%{_1{iJh* z&UvJ%vSTyVsVa=}ZOG=$CI0}`^qO%dVgDLmAv0p`E2g6!b=gFG`Hu|LC1-)BdLM@p zkvJ|$>)NTJ0by`=x zBV8~pZ3~gHY9&ty^6$#p42?#IUc3{(H2Tu7+iZMfT8rwCnVYw$8OKD3 zC^-(n?X)K-bZkh~e`Nfnn6|vQdx@vd?}%R;W-WM$)^Kj&*xLO}{F^t&<+2}PS$pZU zawj-{?CYwx+2VCnOs>hY*=-Tl^6-?t_qM6)JMWVGvViAGrmU24Fl-Wz&{}Nr;aXwd z>$k)Er^*)vB}E+!KOAyGe#2S_JkU2pH-CjSkb7i-F|#peCoubZS58-E#dUQ~DtG2! z-51e)qgQs;OCX9zOx?vBsrs=87IFdSO+}*xw?(h-kMla&A)rO(8q>bi@zvGpH8=}v zp?rSbJTCnUDNm-GFd}1Hp1_@P;V-P6o~)aihsTvN>jKU96{%FYb!n|!HJ+J&rzc+x zb@B8ok#R@)Teqvp=~n7oivPRQ{u*8>vRpG;aIshQqhY!8XWWZ73nj11f4w?0f|YPM^5 zk|^g72$$#eCBt{dP5%KTBpy!h9#2%-=s0^a<-o0G6~#7OG2{9y_2k+EPgqcPZ`F@jfa9YOo~?#;m65n)miv;EQE zG4q(^wic5y*CXzyTAO$9{7j!9u#jLIg@IjDvXNSA%hLIw#;Wpjelqk4D?w}oNVYP4 zp1YBe{(&Q_>G`H2`Uh3>;`Jp#3Uq24$omMGAEK`pTkjzL<2Fcbw_?}$BvhhbAU^D@ zd>{LKz9_9^tTf@9;*OLbw?BVm37zxIM)gv_cL^0IHx@L{R1)e%>v z#orLoL}#b-EGw8T78^|q#AvtA7h_r_6aGap32mS!(wKCnovKk0(OuqTIX6L{@dykv z6&H>gTX111pU>9)zJ~~}9sz>^5hXWH6)dw&osJcnA%;NUl{$jW+qz{R(a1-T?I1qA z5F`k^#sr!v#lSK+&w4atuKBaSwfWngch52OWIstKnJ}a53hL+dG<&LMXg-Oq6*8D4 z1zzYaPm-sdkBUk4XYm>v;lsl~MD-!?kXO=*VG_elc1Zb>@9<$DJ{)yr+nImgM&xGi zkJ5>WAX}PaR6riU|K#Uq!D!})QO+{NfPbp#P#b@vB$N}&V`UI~>Kj{N\C!1Jec zu79tsdskwudNfpK4T$#gKo=*uTSv*sO=V}=`}G$y#&Tp zVPGMH#Y}a%6XGoJx$hvE`4C8~C*)UGFsHIlrja_KLW!z1-T@6P_+pXM zf^Ph&Q`maG{huJ;5#(O_j^*_Bl6~<(5ci%$|9A?4T+Mxyj2W`5IA(|Gt)@3Y^`nJ& z7(jB<5$xKqOUabkQxyC2E$^m&N9`WK!PSqcp1D7dN|{LiPKdvJJw22^ba<=vW&5%T z#k>89LwX`{0^cvx!msT)WRM}h{#y;^@8769{rMlt8AX(y|1}CXl#yz{j$H*Ud><#3 zO3IJlbx_NDcvLokEiAQSZ+k&~*kd0>bj(sXNH-@X(ewNEQOq2+SxV#QX|#MrwlLUNges1kKsZjxn)PO|ea`89gGZrKIEDtvY zwhS%$N{=k25d(s`SBr1`>hm_N4Y0fG12fn{#1&8!{GV0c{=+LOe*yV9g7-NUvmko@ z*`fM2_HOXtJ1bq|{l1uPHA{oXcT3xO)&CDoR~;6`_w|PcX^^f(x|X~d+;u=Vs!Rv7|~EI#e#`Pec4{x&WS2)j8~?a|BN+G+~B1!+_7mt9pSLyPIr+- zxJ|cqzS#adP&mYPnBLad&%dc6xFl~{k04FE3;c3vBe8b*5P>+G>EEkh#S+Q<02j`v zD2>dheHzqXu(_Q-8!;KEbaj^wSIFo)|8MOX5*kYGho=X2}{7Yg~U@ z^l-CB(d(a>xjb~JuuNS)DoR_ZuK(LT7+&Ff zHu#ZUXBXtlP^}!z6|^^H{~`wswK4|2r`=yPw-dg24ob(q4+{WjSQIMQ>iryd!-E6T z6vlXd5Y%n%fSAct3F8<|OM~ing4MsE?ax7nX*ov?(=?n2Q`^ki`SY@f2ZoBv$UEv$a4_pr~#k7<`?{TocitgsJCcL zOgEIpQFQFKMo5N3=k<)F+QN&U1(HHsP}`zh5lR3B2yN@hlcsj-qy+$AxWbe=}dITuK92kl}H(W zq5s-iVQ^k9`Ifb6+eL7`FAz|d^^XqdTmel8{E;Xu>*&spe**wuk9Sz=rj?7^0a&v^ z+nG#m07&=Z)8CzgY#WF^_-9fssa5s5I{HzilDGp_3lJJ_CxV+7E( z2*M;?Q|>4}6UXxSy^OcsWeAn0B)hXvk%)2@Y54xjrS-5NaXGOeA`(v;I3fXV zb>@|RC_B*%KY;32NkcWo=P9*{)FPeICQPde6+Os2EM`;(>klfV)O|iuVpcU|BYBPf zH!&C1-9e1n6LMp>S%ED!y(($MZn8}7eonY+wq&FyvuRcV_Uw$Pv?>Y zl(oz-umM2V(6%5R9Vmufpd_S~#tdeo0I)@Q3ycW-dOOGb$r_`BlWpz?g9bYvLRNYEP{QQzboQcDZ^3?C1Nm}lE7iu#1)A=1itaCh zYJ4np{vC!-Tq)+S8Pxo?EjNo=w<>z|yjoq@7o!J9)4TD1*G{k5#q^6V*w<6xx5C%+ zQr@Y;#}`U1)?0~j(HF*Nu4TS_O0{S~zat3HioLrYI4tI8jTv2hqjTBKFQJvpx$Y?^ zfpf9)!>APSUnz4^jnSM+=7auI|X>Oiv{980ICRSMJO<=DWW~PB)kK&66S40=< zx=6yCfbOr*C5797^3iH0x)27|%2d3aVdBhoLXJI@IO@(Rbn3fp`^Zs`<^@*c){$1i z>(eJR_o@gbh5UChntp=2u6J21E9W=EUzD}#LKd|6pG0d8&0dQimon?N{z-{TLMwcs zJdwC*uiKIK~IlZrpMwMh7_GOp(XMa&+|m{^w*+tGOZF5HhoXVUm7+ zi_-16H)>SeD7r(=Bq(?_I^$h2Zh&HfcCEJt?c||#bHV-BBZ`wh77(3Om(=*ySh9m*F+fR?ushXmD zK|$!GqyK`5`~!D=+O?zM0VO~r1d1*YY@a0Z&7D8KdBKNz5S$36tKYP5Xd~ddP!MPS z4g;8oKq1P}Bh%E@h9o(NryEMD!D0=b{xdk3@})KOoB3Bz=I1o`(YkQ@*jbY-a9os? z2u3~6QT6-tGUkn+%cIyPOewr=i6Lr-vK^i;b<*DWZB%FwApP|pOrqGIXeR=oKO-N! zHT4Pwz$OQ`r91s&oA~zou!W^1?sk515AOB{D~=5<(yZ7-g=W-v4rl8fo>y11wU?(H z-8LCFPh5WBC(F#r{F3~VAV`KWYqnB>vKyu<|APEkC;8be$c z6Wps=)u4_9{kWX)S-vRUv87o(3H;J=;wC6lL7%q5LQIZ^3kF>J<`SdB#-`to%c6ls ztwEcZC;wJK{8Ht2s~tb6L8WhoPg($VpV2mmJLUp#{jqo+RtSM07;006aY#4e5eR zE>r*0Tl;FI0qT9hDh>LSGsD)HCEUf!ZejKL=*XKyrEjX8 zfKulN7$6Wo#wpXjsHC2`Hnd(|K|EKAZkhg%w#%0*owjh5#hHr}$0LBHDoj_+@ODmH zq5=oox>FaogJ(Db#7JGkG zM4bA3`kR7FK#EC`gjKlOU{x4gZ&Nq8M?j~gnT`yfRLgA8su27jqk#?b4|E~a>ChOI zTu)-R{TD*T74N#qH^>3V?KK)y7zF_GLcl)2f@)8K``uGn@B)yEpm;r3Au@#h98kgp zy&;u1N2wy2Cznckw+0iWdDCs56huFI^f1w(0qJ^b?-yT6{yoetC|4;x=Z;g@C7YT5 zU|pQyCBXog5P)g`?k4Er{S+MbvhC4=TLTqk0s!|i2hhh$w6urZObXdv>$N*+G*#Sw zsny=WA4OZ`dd?-~b%<6{dKIquyxxYh*|wNJIzU381Ui)#l>N!8)bg2q`wCXR$+{3w zmBa|jX}iEaxb9+U06PP5o$1rGfNx0wbWwA`h>X^X#?xpfTYIB5AknukDZ5I(Y+Mn& zlKke?I-23FI)q}&(kK7ktt?qdi|+`rU*D9pEPfS8wN(j|#N?zyN=^ zE?rLAK-^P2IHW0wMB7U)zgq1woO)z0=23$}hGzaEpM>f|VT`wH*87t2Bl~kK?N$^s z;Q1Ht+$+k}w)N0H-YVBwSMnAO$HCL9V&Ei~>vqlR*H0`Rmo@ z_YqgzJl&q3-?2}Qmc5S{9C%aVBja}xlr2<#{`MONL*RIMd{qa_BCV#xt$E_E!_?9j zfuCFcU4@QwZx@n3WNWfxfUkA(Q5KoKmSIe#s!&C&^bOHJ-hEr3YKbLwL$`L+DcH4% z^JG}QO2mY0)Jpk`i}KiUk0m#4M{vcI)2Oq4#D4TFU5DU_D1N{%rQUkPpH0<*K~w`* z4u{tnYA_)>0Ql1ybl2*i-?FUVjJ4?qqE3zf68Y-AZ>$-U_vO)(7*yp3P$$*BXKW5% zaxHP!NvgdaHBou;Uc{0Oj{+WbN{lzY<6_KW!<>@(;Q4y6@VN8{t? zg@Bb@9A-@4#~AoD%nU?ai=LPH1TNLq|1~ST(RWy(GAmqBbG%7~!T`uu2SW-C7KCat zd;qkKu=yPe*c}h$Yhs|51mxqmF3~#8kl{6zk6m@*T(RPO#{r9TteTmQY?x~L>A!P! zpsK2iP-dX_T7LcIE6uwW(F@wgN79Ai%p<}=0_!0k7KY}#x1%Ffw_@%8Dk=?4aB(4k zHYrd$K@(nyMdx4v2E6K6(0CW)BT0#)<&^vS8tB; zw!al-z~b7di@es*>ep{%#HZw&>VzLnZ&BcCcyM$r(|0_j2+K3j2rNdR5xp%(MFE)i zTarVs*$=G%7zrORp|p|H({i@??`NU@AL=Y9)Rwb@>wpy1tf|h%N1sdK<4E>Lk(*BI zGU)bKhlxoJl8pCd*1EtpN0CHLpy)DM;fx8YejLI0s)xS3A_~_N03wVBuYFVogONdf za-ApV`f71hW7pY15e(JC`Z_4uf9w!p3`B5X!rTNQ-p+pj4rhv67pnM&kE zouG}Yl(ZMT6#IeYDca%eg!1Gn-SBhpW`iwZ&~>S8m6SoppP}f2=}ko4n}+Vc4k1UY z`SI`Ph2N$?KDmMWra_Y4G-l)a`+nb{_k>1twwTY>6V!y*LJ6fCz}-cz!r=+Q=S(SY zER^kT0GmkbYl&H5$10T?Zkdj4X8$nWzZt>i;Pk4;=Uy)t2M9mCfW_eq@ZX%&dC*LG z${HQcU0PjklQ9<7AN_HpuCXZ$P(c?|Z&iNb6ZwF5xWoHvAPG_%XtoHiJ~eB6o(X;{ zSPU@Zk|hH8!%H5^H0QB_=**bvGJ9NmA;ouT;fOQ1Ox1@aMz zNWB;z;+}tV9LWGZWmvmjOTG;s(;Xi26mWoO=y){X%6uM^m3a|XJW^Xnb~U24Bs5*9 z{qtf?lxd;l{>_!4k@XKoQ5P&gNl+Uesx=4NBRL=;$O+{CFH3O;Tz8y00hJ^LX$Wp9 z#+NDh0J9o|3r3xVu}9*o{s^CKT_m8v3?@Tu$^+%uRUY_<`{Y6~F z*4{f(Sy3^JP7KSP_dNO6^%wXTX`OCV8`pesQJutal z23HB~8PBo~ZGYJe@7=dF&NC-*d_Yodbs_Sl)Hwfq9V&D{)G&hY}|7_gKTORB9me+PdwjZST=a3(A2zIMrG zu%;VuNQXuA-gNN`7&HHg$^J5r0^}@__`0aU&aS2GyvY|#Z0hc9_xA!Fr{_J+agus+ zt&HaGE8V3iGK|6|?j!dgUrTs4H7@@S!oU$gI=X6z0A@J&^d%K00K~zT z7SuH<&}I5FRAf+Ib18zZ5)q+>Evr!Ap<$caE68sY4UUIQE5ngt^_Y2Aq7>|`<+R-@ z|EM{i26btk?cS1RdDjjqm?#pZhYfNq@nZ)0RM`sx5D)iO@55)^w-VZeEt<<1fE)^_ zrHK?e8CjufGOcR6<44brqn&Bg^ApbKRjalaD~Z+oxX*w*oOq12nR#pB}mjcz=9vPmT2Y!oju}!gRbXtUNr=Ubsw|n20Mo=5tF4PfmGQ zf}ZEcOXuH9#$5Z$3;E06OVdtdv#cts0dOJ^>P^i(nJC440!v@NLV6-&Pn2HROy;8( zkfK4bRX0?kzYnv2JHNLM5U-Byk9Lw{lv429z*5ajEyyo!;ayE2c+z0e{e7u;GJ2%8 z@JBJjwu~_A*L(WULSK4OtBYF*0C(f|YRCrcJGr2=D^E zv;^HzOL9>FK!EBFV9w=Bs-zmVHD)BfsA1B*B6d{?igkBm`AW-3>#ZsDUdQbzTYkXf zlp31y!!waP!)o03M2c@w7}pn450y}J1VIYI3~9pghZ*vNvB2%f1wAxk;hhRh_@DyF zEfu%SxAh4V1^ncLJ}^r4KqW5i4<>3c0Olaa@qy>{9*Qq_TqJjGllm96YjMdD?@GQu z;~EQg4DbHxSNYfiAo>nsQE+KQZC8y>4PKp4APtVJ!7&Jd0hc9og8GCQ6Z5RB%YbcS zIT-~1j3G@_vQK+xNPXzv`|J!|6Z88g*tu(C?(?y&jvwu^=S&Swlx(yE?42YH#6yO( zl%-ikz55jHgyKJq4!o-&OY1Lq9yp$ZU8p6rSX?2LjCgNu)qa70C;{2J?lv4`JRc6C zT-M$L`6+|gIfLk7SeWuR$D+QTvB8<4U``Y!b%@iQ@XXp8BK8t0sV|X8jwq3Mx|eM) zUyS836QQd8qC~)Ohp-o(oTJYKZ9R`q4wDNW2~zz(|`qf~{n@&iCGR*1Y0~?n2rr^;To!hJDk_R8!V{tT7yZJKOncto1ZYE*$CXjbiIcE|SOrO-E} zQqmEge_XrjPkIZ3r>Fc|awc^)dPi>OdPDtU-&Ms&hOc~cHgkW7lC*B>U>2j3)u;%f zYFe83xGF+CeVv84Y)uP`RDQz_e}`8s?s@H+kFvOxJ|(QO zEpv3+KkzotCaaj-et=AdbM(!b?+ zC zlM7|TuObq!u@uUCcs7x-ehJis~#{j&s~5cQUS6$$#grxoU!+qr4-O)4%e zkPcO1xNyXMYHcL22yZXKOt`hoy!zvXM+M>%I_FJ zj*+S!%5x!&>`(OH3rMZd(Uk0%rgO#3CHgu}vfoSD9*cgy&rcXpHWrv(ASJh}mARd6 z?H4L2vnlFzD=Zp-KI%(?U2c%>lS7u$!SC?xm{zO*LOUL)3iHDU2?$8nR@jK5z#KNP zQML5NCse^Nv6kiDAo@PH?{c!y1^c>qJ*NV&e`c*}Wf2R)COPp;TTDpF2d2P7E-81^ zDtB=Gws~48=L%~02ti`@v)40=@|vr^;y&9AVAOp`KF>^vK&mY;^n51g3v^-Lx(XPL z$esDLXHdO+R@JmS(9)An^Q|r{-?2YaUTCF!;jNA`*7PXJyL6GUQZmArY!{O9-V~WW|9nDT=J?2P zEZfd+TDbg{F7HR>C$l&H9US|i?0*q6e$+%C5(NFX`DUXX#BVkS6u#pBy+&}Ut8{$+ zP!hpOEWcJgv-mfW+5z4jQRgv^w@^?d`(96UaJKQ*T1Hh7?y!!;#ov~E%Tg9cc)1-7!CjSU=P_AXf4!0&Kq5n z;J)K@ukpRKbAYIRVyH`WSTmT zK-S0cO6)Q8dBq&{au33&zxq-o!Q`7YhX??955i`{_<*Wy7m~Ma{JBKGox98v18^%7 z038S}uPt&9t5j83`#PS)fGw<7MZ*01c=?*7?fkQHtgR}=F(+@!q-WpZ+}sUI=2s}) zlfLVnyrWN7Bo<5Gz%l;d5kXXwEQ0}675p%M(9Z-L9NQEFJMQ_AA&X(rL4)!v3kP6R z*=%zE%!`2-sS080)HFa9G-fL8q3S-Mq^A&Zey7Qwh63~p-PGF`8*|+Xh)$qJe`vy&)DLn0dqfHuhW$@W@}>G|Z`XtgCB?8DHe=iP%pbcaA1To(Xn`N^1YQXBOpwY zw&DIRhO$TE`1hjEvkgAD8v`B#@;6TA+zEm$d=KV#ZQDKc(zBZnn79bkCq(H~=;d@)qX2HzGF`AC@Cc(D?VhMTIpOrx6%Vu8&Id z>%}JSHCA_y+(UwJYQNtq{KBxw6ab()dkL5c>c(#`A7#GHHQbLG^r8SD05X6e+QhVI z31kqYnY_U?Bz*=zimyMqU%oAUg!2k(W^L2!4i(sG1BsV&UyoaJBxBk_9qUT`cpR(p z;DY|x&C;*oCt@=R1UF6b3zjHs91o?6$e5<2G!p`bR*i+GvUVy03}!uO7Y0$3o`W6= z5W%D$$YbSE6gtw)%{#$dnB54i{@ZscHhy|J$sc(*Whc2SOv z632|(Ui#~g3ZH2{6^=WmMo2+ulW(yg82P>$}=wu=rtAp5a@<%e!DgeLzq+prJ-T|{7r#hJ=Etwa+t z6Q#3}9I5*yQ>Q#)-p?qB*1W@90Iam5X(Iwj+r?ESCUzy-kJ2 zWoZP@NYzcy1sk7B3eEviX4`9@~F@0q8+q#@VmSk#rUbflxjIFq+i z@od~>{I)orj0r?&!DU(0x}X#gg9)pAY zSbm{~mWmSqqXtb2L~h2IuKVy}JlzY-)D2xk^EH=($`RikE4>kxj=Z7vI=q#EpJ3VQ zF|#i1GeRK3Oup@pd$;c+0Dfe&=3*Z^`UT~+%W`s!G+b*1v}42w4Ptc0sYl(ll*mQF zR>yjQ0&*@GytaAQ{Q0EmUrEI1CalFlHV_|xL5*d>dxD_p2KafGXP*HZJdic>-ik<* z>Y*YFG=R9Qf4rNyXeFRpiF?OdXl;|)NW((XiQ^3b^y z_U1~+xTGCw-}4et;lbepI>ku~3dRie^@B7!M?lO`s$c+$kqP9U^mV{OoD@UOZSFnR z#B#G#FN@y1Lbll61@8u12e>a2S|iMur^GmAd)a9?&u)4nH!~g-wGDw<#%-~j6M|~z zFHVa@&g1MY4rW>CwnI4Ll5^xGqu*J>u6p|(Ol`t$aff1*VG9RN!NdRFjNiPY&sus&%=r;Ow5KNj0QE-oeddV=={YZ8pG3IoRgt ze4!jlsaoR<0M!1+st>Vs(>EcUBiL!%qt(^%oQ+l^rFF@sRJCBDy0A~PTy90~>u>%S9iO@s}uY>vatj}#VV+aV=!}~U2YtBdH8~I^3 z6`Zl0rrlWj;6if*hP%m)DPXHqh2y}V4XJ8|)hzgD-3m+q((m9W6jP29tL)8 z{j7HeN9c$Fn%v~T$AD5rV|@eu)(gPwT%T{!5itKd5VRc>k8$p6FvlPyblRt|LQDka zEa09WG;OWe4*+$0`I^#xMxlF0txgt&xlf!Z>elx!VfW6(E0u{1IZK0s6iUX|LLPtg z>Y?XBk!k()J9fmRZ7a58f7HYzUx93Fd6{>^$M?e&;@*PQ&wI~qMUpH*%Q;wY%YiMq zTJ#5l_Hjs6fG_2fCk5|>(EUgT2#us{Aiw#4!V@T-QKfpllr}26i*qRpB%FA&^KnlWqIc0B|5M~IQ0NbFl-P`B;Py4TuE?lC!es5Am_(+2MVeW zO#3Ah#ir7gnp`kGV6@UVpG$ zZ-LGa>b5pSr1S=*Rz6C46#zgO51n^f0ivsmzF;2ny;Wxv0nj>@AS89jzw~VH#r9y9 z26K3~s_N_oc8 z*Fzy$`fb;b66`n$v)e3!t1H#{HL0)oqO#I)(d*`ubdI*hfH{fhCIOdhF@Of!jkNyp z9mp~uB8d?yo*d!R*uUta#e~J}pw{oetCe4$f|&^bSeX+xg#Uv8wLNa$_IUEV>0u~D z=*I5ll*I1h229lQ<($r=!qY)P=(7U1f*8cHUb1CIUL0ytUr^$j3P{7RGd-_s@L8lu zllEv%sF+z1X>ly?I5?7c4!Mki0exM1$_l1*JPa&qP*p!`&3l>l2tLCEymwmdZ0ix; z+xm>bjxhiIS3!wmp6D8Q9R=E!A3Nryi}>zu$GT)49x0i9qM#aOm_2#k0-bXx{yIB! z<;+^RvAIV-d1m%OKVS|t4O7u2!a26%uoEm6>^Y_&kO|K9U+@9^KT*`13JP%+wpPMp zV7KEj*g)~szNM`(WYyNKK0#Jrz7i~*{2tSQooHJ_`i#Rke!?%pX8I~3mwA&WBjS?f z4JKLGF+IA{uJ7o;&Q+{xLIe`P{+{iaQ}&Yz`%UOPswE~3pv6HOZ<6fwN{Jxmff^M_ zQ6))C*jOdTTM?_{Y>AAO+{2(@qk-*Ljiyldr549M&iYl)E!-&G=g=ypJJyYHOBsT| z)rxj&=bU@f$LlY0YFn|^&TpHaf|J3$Kz|Qp}-QJUq5`t^UVFCBHGTh$?72s^rQPo<=a#Q%4j>A`j z?m@gO{&_B8AfLFk3-&lFQ1g&b!Oc=_FLHTI+oYgnNqSQX><>Rf#zAIfRhn*FsP^)= z$bEt0zzs6x$1Njyyor>UP1hkuA?uwV(Tu(gVan@o=W-IHyR=P2o}N{LaCrcN_-x4>#Gv`~%>T&cw$Vh9-prp!aR(+$fZc~nAr$Gr=K*R{{&!uoa+g2O3e{d1tus^t8yUVI!#1DXQ9*>?PqkiOcM1ba<+S#WZ zGKVdSi0NM6Z?{K%%h>E*4x%T<(9y97*B({nGq!rS+|&QOuvKJH3x|RbIT0&q`=YbV z{cUYx7VE};2L;&RgX3{aNl>3r!`cf-J6A*1JLrxHc}asth46nXy6TuvlDt!SjSRX0 z04$=DerDxc?SS73@F%Yq-mAv?*T_&rc$8K%F2{cK_Iq~uAIbk?!Dnk%_{*(0aWC|{ zXDCjRFKv$+^B)J-Z~U?3{7I@!(Tu~rzUm)|v0*{Kg z1L#by4(j_HQOm4+NPH(t7&y5?_iNkOLqf4rz*m0`GkaN%nY`a0c{3mf+EN>py177= zp%7l?L|Dl96wO|k?jyeQbcMj#DXCCX>RZ3vsK$scdW z9jNG$$rj*8_8X&S9sBog@fjdv=6LIr+8z!eNkFLRpvQ16Y>j5XR&isJ*X{$DF4HDJ zaLV^#n=^nUBZKbb>v9sYhFE8Q{qDSiRP(((rK)2Pm5&Hgj3ES|B7vuxZ77})n=8G# zlHDnM_vjf$+87vof{t}5x#1T+a5jt%)mY};>(uLxx|0>#wNvx*PIt$S5WcPDvMZ>r zY43t?5{7QnL0&r^r1&==XF+a3?nI$={P`tV8;eJu^n`U)3G@^*AqZ@-!aJ%8Y1fSi>n#K&>b`lJ(2O!8(rF0^|`_9m3FDh-UmhhMH8=sKt_z<@o`?IHRz&`v*MP5 z+#>m<78RL8>KB$UPe_8iQ)8cQRV~FyFX5q%_PxEl<1g#^_IXCvjEH%nn{=m~Ff_TM z!zjq?_OH271fP#1l2}TVNEx&tDGDMCjg=W%i!vZ#7#h1Eg zNE&?$bIv4_Rbwm!QqS%WyaquXFkWQCggs%GEaTc*isE0$+cLL5CGX9~VNTHxmzr%R zVXi9!Uj-g*weyJ)$hzV!*fS?d_T(CL(GEp+9xu)is(X`^=OYFBfcjPL-n2&k=+f&@ z;$z&V2sv8S-d4uKfu&t)-<)hA;`GnUOr=IC8E)|I34O*;!Ki!fIn z;q4r7o+{3dnwMT&rTw9gDeomR>8qgmPXodqgUS@Pr*+21c8QZe)bsb10olmR8u&>m zj2KCV-xan`yFUIWMKCaGNHDAOkf7|9g3$9(#{c-{*;C^9`dMnRLUzgatZLNfc(8qC zFUC_?h{R4cXi7SJYEeW+58Y78hyJqu#xS7br46blWP=xiVfOu)GO>nW63#d)>#d4I z_0L?BBfo&ji8E_+=&c2N3oYsgvj5$U#B}&prsXHzQKT;8QYuJ4={J=sUROxL5wxBw z5Lf#wIZa8$H&w-cu3NP7yzXnO{@Sn{^Bm?Sfh(c)!n#*&yVRUp*2j1MkoidfA^-|c zoY|QqDt6Q55v3O27Z8>O8?5XZK*Ct#8?SRW$hjOffbJ1G=);!8EMW{6c{<)cwKYkl z?e}%3Mbp)%MsVYgIZdBUbKQR$4dEzV*q9QI5+|I)Kw^O!3|D6hrMRol<@#UjUa&$m zTxbF?%XtLM3zFG3z6j2K%VM` zabfGxCk37NUj6}-I+3YOOtAZrqnudaX8OE2S`w6hFmRU0w4?7$AkWr7BxL)=`c@^D%x&)Y}9(w9{ zg!$BV@^>J(^~BE&B~Z26NB%nT?5Jy{Gfb+{YtGNHH`#_$MQeC-Y19pchul7$tKilM z>)d3F4-cX#_1t`I7Yao@)Ho8!fyd#3 zb-r7!Ve(8BuUZdbGP7cSuMJ{N$gp5klppK>M;MY&^pwCymCkXk43#K#{ZZESQRgFS zQ>o-m|6i2{Ospln*H5`_Q+NyGSF()Ko{3FasC2v!eAX$I8y58u=J6cwGm33_EADnC1UbhMj6B{F;|~I)VtqgvmI|r;A>+%DBFWjZ?&-zT;U4Z9%1Z zxx)9uDLV2~x=aUAq!aH0rc6(0IT8OPn3!pr5fcG8hva7b9QJ`i(z?e^QV zaCyvLGrSRDEgtX;Ts+PboL8f8ggvk4=jOEODjrz}e#zx2gC6;>+|~4iCNw-9s+^N* zb?=`m*|^X7 zH-^Yb%}!wQm*|bFqud1k7d285bdX$tw@KPkU zV5lHb{CmNeY=RC3aC{|P(D<Iy(2XXq#Aq zF8lxo?gexZ#W)uCJ%oz=|N52O^Rr*Ui@UmR4@tRP{pNHcO2VCp47l6Mk?w_sYBp$g%zia6JA16-VwB81Ds?iV>dF2R3?U zOxO`DYHt0XW8m6WEY;wHoM2oq2eK>-3y8>u>0Pir+HoML*iEfvc^o?)(#?hHFm24w z^P&XLV~Ro)H^1s%rS%3@!ke?SumCB(81{>@psO=R#XCNw8=>j9SfQVi_hI)AhXS-%qSsy$0EOymk z&e&bC+i<7^(Mx>R*|ZCj+cGHYBKEUCT}Z+L1z;8dhM(7JiS_%Bas=H%-Y>yC2E@-e ztO-r}V|3&laAA-IN-Sx_ecQtx00NbvH5Pg`FbY!Xer!wXae^&MYbJ)#d`-n&r$7X< znPNMwjMI}dW*43?hv(U4md?eZqiyf8J++YuJqR7=jdZj{nd5{#OGdQlb2JEKa`4(o z&OqMrlh-x%E^7{(=hnT`v43h|PpQr<_1lY3fO@cnb;dJ$#8XKtl78*oqlgDdFVY8C z&OMUzLbV8m$fkF;C1l9mlUeeYLs5w0j;$Z;&E^XPQSP$3F!&^*84W;G1oDge{m0GQNKnb%>F@ne1e+;I ziI=q8&>&^ufS>0RJiyL(^vXzdi(jcjAuL9`^|XVEGZ>r$S*?l+5!|vT6kFM*MP-i~ zo7Y-DbN%1(!WlqJEcqt7W9{nbTu%cjKFpv~1IU=#U8lKuyc%Oc3)Q&?#?`u;S&(zIfrTDQEq$J$EX{$P-mFD2 zinnsyO)XYEqM273jjOClL9s*wMkG`dhGs$y%@tR+c7`~A&aaGSqXr&Pw_dcrK-xb@ z7U<}hwHKV(>Rl1f(~a@szYv7Tun06FWdzs(DNZEt$)D4f4&8;2zA3b@Gq)$LHY)H- z5`&FDJ(#SlK?y}&)ft(OC=i$|*nH_FFnGMjb;1PpjYA@i@fKco6oS*akC|Uips^Un zU4_2~pFs!NUda@MTRE*0hY#A-#=4#?bu64V`iLsOPDv}dZrS;x8gQ)hbE<}Lj)+7r2XiX0@h1Hgu>i?}^Z9lZs{2U=aO++IB9PyeSRi~JXP z1pIA2{883{Bd_S#9SZMR201Vpd*eozo&Mpe(8Q=eV|+Wyeqas!f(I<{b7X2SEDb~u zh@qQu9;Rcj8%_0tv{XWc@_+Ym)`?+hx_0oEa^c_3MCo!M9e}Q%RB7zsIX};& zGWbfY%Eb4(QOy6?*-xVJqq2>FD7KltYhc*iKyg;Kic+iU6^+7`ITLxHAnUPOBho>G z;7EX0&8T@n9xS>}3-c?$;JSVyJGv&gBSfh}OqNt#Hm{<7@vY%IScaO0z~&!}HWXf$ zC2e~%p>-AIomN>Xm~j0*;eC}n<9_A)f~BL1tMW3qBn3Ef&K(U1iUK)(EIBCZO5g?X zG{6dLhy*7qUV5BV>l<>O%gT16hBvJ#aTc?;mqwMnl$l=u@=>qsG}xgyR7!6Yw}TAq z1@i&Lr#A6ViRPt6@)>Z#{DdNECfDtW`+s95Annqt!6pxfEl>4xO-Dq-LfhMn(g$ZI zVtRQl2@Q681Lb+mTIw3@&ojlHy6)D`cSe-#-z(f~#>}hiGnyHs^{I3#6A z#eD7cXoCGAJ4?y@ta1&V9-C(Fn8b1qia{T*=7QnR8)JvA${stCv$d8}pZRtMsL2rg zM)mV=+3im)^kP4y@Mm?1O6w?yR!Wq)@9XglQn_12zqjHf2!E*^!cwNl_QJ<3kM@dF z({KW0XqO&9iT0X9yxG%N+VjVhU-o?FxR~}7!}Ri;&cp*j;uonv%U4D2mODT1?S&|6 z5xRHxI#w}1s~B5Xd}pH*-P^zAt(||e9o@>e-w9l@R~Wcn|5iPC9wS-LN~5&C{7ipF z(J-r9>3XNBdFHR(OF83Zg9)|p7d&b^`&8S#H1pyFA}N1Gm%aqL zcY7~zF)eeM5KO6zHujx?ZoC3*0jm1&h2b!3Oi?Ii=GNDnDRVkycJgMy&C1#6rT8o>>XtWURoQ z_BO5n+Jv^1Q!^g%VApUwnOnVyFn+Ezv77wYENMRG@8}p_>l7`!!QCNDIfWpJUt?`Q zky*m1(x+K{!m^Xa-LjzOM~#oIv36N0zpkDCeA>JB^HIwjajKSZ#XhCEo$#B1>nnBT zHGx;U3wpIpUTr(8LDjDgN45@AtiVTV6kBE&ScbTA!e%w(B?;|WfADolb*MeW6q!%( zE}mP&+}p|jFlx%{tjljr{}%1$5olz6u_@4G)Z}#$`tygY;R0^^XqPi|A}YCIw?fCm z#^1ovvGhwp{*P+WCa$vC@`JHVCV79?oA2KkIGI`L3GGI=vS&TE_wN0Moe`g+-Bfh6 zd)+M0cizy=8?o;`c&Kg#ddAq7tN4^#SuSk_hxnY&$AoY`Q$qzNrdywBw$}IiqF6*M zX@7kpu&*^f`J?(aYPpZRM614T{}5yNiY7r&&8B#^n?36`vp8p1!o_rVKHzb8 z84+;zyYv&xnkZ`~W0Ej-Yj$DQb6WgTV;JYRi2uJ8djI>CEZ8@SdY$sUv5Ty!3hOC8 z@XsAT1!vub5@XsrIkxk4rC5Sb+XFiiG))|!s{Pmwy3?tV6*)YEFBE;a#agRI2)cF^ zn**H-9NaxKB{GGYR9f`1K7ZQlL#HPUDxOI>Y={lKR(SfaQGQxZugT&2o)50Z&Lg27 zm00TVKx>_t#Ir-ONAnAz(+Bd(gVn5wUeAWP)v1s2{aIQ94K!|0@eYrx&vN(We+%|N zuoL=b&Mo&lD&{MQ9lV$Kc!8rbE++q-9D0A72Pd9E41)kSivpo<`%^-Mho^NCNjglo z##SD5nZcSv&x|dSn2KiPi#HuAK#XcP|m?=!D za41qofj?G~{Sk!{7b;w~Ai?QOUsqZb>6tki^qHo|?oi#^ZNlHZe>*b`+j->A)Xkpr zcYDS0oiJ+5|D)->qnh~I@9iiGHbCX0^rDCe2uPQXqM=EX-c?Fyp@$Nhhyo%-Kzftj z0w}#Bq98RSl+ck*5(pp(C6MqNp6~nmk83GmW=-atbDzDheV?KbG0T@?DMBMZ*)JT8 zJ~Lw`h?JXYXHpR;R;#J|zQR2Nr&~f;_P|W0X?qQ3!b9h8gK|OlK0acH4+u>obx3GaXho`Sb-N$~?YiOJzu07pJS&O0KKU;Io zE_Qmo=Gzi5hh{u(*Yx^XGqH$I6g_>U%eBTP}-tO!7{gv7GA z9S7VzmEVgM^UaJQ{%EMxL40xt(r?PdrT7Fzo<8Vw`xOdVR&jFfp@?l!h16u4T%Bs~ z331NleAFn!IMh9)I5h3Y&1ywx!i$kl@@iWph^-b1NBvksee4FCb2OvbW6K1iy#s3# zG(I3p`8s+BTI@z-I}Qfe+k?tFA(;Z&_XiB@M?_LnrWc`LPnP6l*)RMNQ|c_{06K|SslZ$ zMC(wY^KR@SIFmqrp8*ej3x4K_Ipeihovk7KiT#$`_nGEkziz!J?xA*%jSX&Fx3{Q5 zxr|~Wd$h=eVb8h8h9kq#a-qiPJK1KObIGG+in5CJo!Wa9eVO+MTAWHJ>yG0M;KTxD z7h+jBoQR{N`~5u#^tR~@=$=Z?o_mG`Nugk1qvP^=XQvYa5t?`^Qh|3tEY3b!3I(lv zd^f(FBr;Z(tO4M}*5ECEJt58;Sa2rA6w$&3|kl{E8R)3q5;)s6mJrtLTI zWN>Wl0zO+<*`j0S)##^DQifDT=XfqNEP3&U@#C@M<|id;k_(mH7w42_+Zfg{l~`gu z1({59(dt`(oqps|%)4X)t1vbPC1zC@{NnUmi$S&J_~P_^vve79Bc+uzp%$U2e7Z?( zvu+v;v?x)#-%s9Q;%)K%B|8Yz7$M&wFFPkC$_xU%;K-1==PlS;x!L_WeW;JQ>}8x9=tB_E8QMQsUSw zw&u3T&b7MHeR3en$%?(DRZH%VIN1bg>Y(Y2*GWH>w)cWk?2AkS5DKg!Gk>I(v}tT& zDbi)4^HHjxOFxt3YRNN3oH_MqT`23gJU6HBrfZd?d5Tge?1ekrU)`2#sHB9nN}A;( zth@R+6dt&4?4QgE(Ow~E9@AOUDGSaiSdQ5&D1Uop)V+FqpA@GSVe1$17x=YaF0=$8 zGfM9=uN0I~%Ce!wANk%oX#1_w&abGD4#-^+_B$8kV3pJ&mHi(O(=a`I@jLv$?k}r% z`m<1rT(v*kiL&aR6!k5bi^g{xMTnF*IB5oI;}W(`8}D2cs7ulC{Ye-vT}8JX=)ifqFl&$12fX4Ge$TT6X*^ zd|6Ih?(WFe)S8vzIZB?8H+b7Ld9(zxN*p$l&7Q=b<}nj2 z`1-vnNYv!*5U2gY_}?~NIl-UDYHvCWYkHA8Mwx@Y*wYur_aHY)MRlcwPI+>yJBvqa zp9C(Z=m&>Fg0tsk=x?39iwg3yHjNFVq-)Kol^Y}C@tT8D;TPMFQLnWp^n+r*6v-$n z6tYKNA+OGBv>$xGk^F`wmwkGczk62k<=C_A-+>xv(ft>+EsBPgqqgl-AW)n$m0R-n z+}p#(Z2cr)F%8T|VQ|C+E{N-qxPW$_g)vcSLRsvNfXFcGRaU z&T~;p2N~;wq?Cv^KIk-ox0MNWrHweMtP0nSicWEsx9=Y#cq?kjv+}l~@_Hi&zS7dm zrxT0$9WBs75=6Sro(R#ZK(-)RvF-}S7hQ$Ekf^6cwD=t z&iHzYk#5gXj=SZz`;FpBFDRWDT%ttli4Wr97Yt2QK>Z9B7r)@vsUjSw6Up?fBl z0hWF_bX?sD6*lX3AU4ytD9K*a10hkw=TfmEnRRY z3e`wW%9-dL#)hshKy^Bz`n?Na!&YnaUGh#vx^7&TS86-zgDrJmv^2gRwlb$|MoYl= za_CHLngS$0(-iZ&wzWP0D;PsK7P3b*6lKx2G}!Np4aQ(H@rfc1`I76r$`W5`Jm9#z zH%r=6Iw6DO&qd)ahf7Vt9;4GWbHA<6N#%_V#kG!m0Gia;=LgDCtia z(OkT1h+gK(CWFxsM#A{1#Y|apfGQlpt4RCW$^y)-{7r3a@Eph!sN>HERG#0RrX7GD zSCsfd6c{Z!QHyrcyaiUzv0WPL3ySp;O^Q^-M)#&nq%5f0BrVn6=!~lR83- z3qMsfQY)iy+e45|$icxO2K8NO_;a&wVPWW$Tp0$MJ{Gzyj3eyUxTHM> zuR9>G#TNwj43Kx?-r+-fkoY0o59#v{0|e2QWIn_=hA(@}nw|;6y{Ox91 zv`COJ$E?lYKN_F!Q&HZNIlga&7c|r8^%1qs_ONU`j{Y#Pul>&}D`&#Jc^BeIx_^PlR0K10Af`17JTxtj4#h*8x-MpBoqYyd6xy3)A?vW#o`Tp4xKOJ3>+2CWj)pJk>yhc-MT=a<;Q{cy8T(h(0Pfa7Nf+;7>|>)?fH z_JOI`OHZ#py*`-e{5nY_h`_*`Jqq>d(d%HtG zLzxrf>-YK4mw>XS-oo25oB5r|xW)VNFCCJN9N0%_Hfg987!wo0oyK#%)CKlfjxP=n9gwO>x zt)Gk=8JLNd@#9*d_4!teG08r=IhSvWf_Ts@AdRmu*#eq9aD22uytj2!2pK0Y31~v9DT%Tr4IF>_qRTBf*~+_AFJ3*0cHfT_pCO) zLwWVJkb##Ila6w-V$DV+8!faM$tFvvFwaJ!h(97>Cjl>#Rk>%(z6_*QFt|#P!n=oU&jJ}@Vp#f7;iXj`(G1O z5Vw9Q(b6ds$805^g=rK%X|0FO3o%K@-TF8Z(9sp6gX{fHS*F0!r_r?|`WgKNi!1%96h$t#pqvr|=Z9ytN07{?- z@r4jKl-8XmVr_w}wFqa=USo$GAk=I#Hd%(&Av#MR3)%VUxA^^RUJKAv1J!QvZeY6Y zW1ETH%GHfsR|KbpE ztA=oiu)@b6$HmsTFvh|`69z1F<3PFA{>8#n^G;j1QhY7F@2w1P>v@rQ2@bdrp`v$L zsdoT%NFdV)MMN1p=^R?RyB~P3-e-CbJ{GIKWf1d zzYCM8q=Y-c$2%dIJ>!31^2!rM_$m!eShnYRkjltontOR|!`P}p&242SsMS)mY!4}Z1l*9X{j5juH4yF!R>I*zgmhKE!i$7E_nR4_he zb=v=YnYZ8y}@vgzNq#IP6f%=B+vM+ zc!L&k@}G<>m+qkpJGXw_LYJZ>m=M`V<=YDH!Nx&@r&cBF9&!?4694^Nl{vvvn!he% zj$692?3ZCF8nwvB=YEbP?6R0TzP!mT)N0dIn?H}n2IQ{%cIL`{fHz`fz;(QB_zt{D zXLD6ZkX8qpx_ZCv_KVyOzZu zlN_0Bvo20?RGr`W8lBEv(t53C*2MnpYQ&B841+*0+zay0`2{96rG9jkr?a-T2IpJ$ zD0em)btM&M?iVxl+#=g(JHu+y>E?LV%-48+!XI^an}pHM>OuUsx6UiZXufbjiBWs9 zyjt#lCHgt@MWJBVlH+u4-7RtW0xnC=a$fJf*US0bSR=sm#Yz%TyECXlllPdnJ*Lmw zLkIVi0#aqC#LXra6d#oWtMGWkTVp+-`MeKfLJ^KhLhlJY2flN=e?vBiUa8H7a$ZhBDsAS?qMH`;nFS zhLQ_*c7AZFD=OXHRKTT3dC#=VV^_~=Ll5bV-z-s?6_Eqen>7m5!{M0u@8#M7te8-A$9Z11 z^3|njNcC|)fk9#;-2C$2!}o(<-F5n%b~P^=?>uYhK|HSd!Ha#?{aLM-5FO;5(JZ8Z z`<#3rwdtA5nO+tSoFwo`Mk2LU;P_-GvG8s`_#nH@9+jLIC8l59&Jh|}Ld;(Um8bI@2+9>!R$>+)3X3Z^YFq%DO9q4x~0A>N~ z;JW!Wje{2Q6HYVxq92SoN_D*Jo;FvNJ@IxL69pYUju0Kc*g7f*`wrGwTSeQT`;R== z$41vUkm$xHh%3&^FVt5olc+EV+>_JE{c#1&bj*IW z*G6rE57-Z^%vDNlHK2L;GStEO(JzhG1RcUPH{-#?7}O|b?A_L&!Nd87n&+;)wOsOy zg#}fE*Y!Qgpxdx*lN~U9GR!7Z$G!0n!wX1t}wmnmybcN5n;HmI-)={UAd}=-=7`o5Q zWl*iQyuALxV7_{gss_c*jHNM~TS)sCL5zhiW{F=KR&R123;ywSPMx2);&bfbL36d; ztN^GHOdL#d%*0;i;5ZgW)@G$;>t(q6L4O?kG)01^=F$OlPa(vwZq^js5{f81?$snu z#Fbr^jP!GWz0|cXA+3?VaD^s0O~(+Kh2)6iP}?$%_*n8mZ$$m#Hzmcg(Ian(L?thf z#p`n_97AVsGbu7ZG zX_2Wa8oK|@UZn>14zM*!dpb3l4dVy;1*Wz!|7324bH^$xD~3h!vWFr6euyPDok?A8 zufT^C+fVYbezz(cZugtxYwAb#QW`E!FP=cOrY+f#d>RLatbdvU3rp#t&?*dNy5W0D zr@r591cT>PrDNwlqVTB|W_~1R_i)qe6;gk~Q0+9>mM<8x-UP1&uZy~17ODw)xxJcS z4B%d5XVAg*65?c(r%*d7;dL;6M@bkd8wqt!@#6sTm;?3GVpq=I=ya z{=Si{_hNr=lAK@J9_Y`xEmp-^*4r|5D|^I*VQci9NVphX9mF7&i@m;GZ(@dvbprTjBlhuoAe9#*wy7SGb*z=J z^lbfaXl6foMqLht_Sh8m#&a?9y_HpLzE%D}d8`Skan@0_uNYA47e1Xm3K#Ju=azng z4>q!5g@vXSQc;oD=hC#F?8>V!gY22#_E4O+3n7YxEqwS?^t!u=pQCbopGfDlygum| z!+1;bFX{#*g=B@h^3~p2%a0mtO9+1n*Rr%w+(y>j{ z7oUZ0EhTb=??j^Vse2!9T)6{MaeV|r-)vZ_s2|>W%xG)SwYB5Deb1|SfOOTEy!?KT zq`UEmeoK`7c`ALX)QzW+hd_%EVcXR|#bo34cfjrn)i>SU%_5;FAAr-5moRowFb~}l z$l`NbqsX7gYb^hbgl-H><7}wa`ZgWqCz{a8ALceTmDH0zsqzfi(tV=+Q;}+CExP)3 z6G<7)o3#47KTI_+jLp><{@_sS(Ds`4JftizLxx(8V#yMj`~&2ARXTr^=E96Dfqd-p zkCoDUPLV!Y2aJwn+?be|@H-+OSwzgz-67Y4fy&l+FF32VP+Q9iH@s||1IYn46-J?; za3?&ev-0$k3bZNhgEp&S0g{LSPLfj@0Wc@jT&}-C5K8^Vqgk= z*;*%VVsnv%AlUJB$k~dcZ!P8_jlLS--$vwlT4(xh4C%Knp-58TrS{$eV`-33G9?)sI32}xWt@E8WjS!9cO1%kgwYeGL)0!$REoYXf z4J2FpZ(Gn>MAy6f3gx%9XR0lfm1=B6Ehi>lg<+(vGih?_Z>JJjzKFVVj@E}?ymA*5 zB^B=*`n2Ud@QCV!p?774UDvYW%sJP-2Tuf*_>G6y$ZC}MfNO;ctub*a^{p)P60?fd z6RJtxG(4}by=#IcHpo%BO_6dc0!*~X-5RAj+n1;9jinQ?rx|ZMmMr_q z>K$w$Hr@s{PX>QgAHXu>lJC8)yzXRG-zO=>IS!{x6L?!zfBy`^om{-vbvE%~Y+)Y~ zhz%qw@?@BzdHO->p}Yi|9pj7hraLGfE%+TY_v%S1e6WFASc`jZrQLp{Hl+?LA9;X% z?{-@2qO&=SmDj~#B#ze`vgJa}GL?c<8X;;&@qVq5bAX?n%D6Rtg&X?QD4?MF@NkNI z%jJKTxNmX+PuvdrFF2k)u&VAH z=vfQRpYP3yg#xcQ-sRkc_}CLiyQT&2>sG#o^{`s8QV>0O?ir`C%x_!OA<`>cwAGtP zToGkz>WZy>*V0&+#DcQB@P=4wWp;?TDO%q6eP(?(A?0{nFQBVDKCfo{cQ~Jwf+>1& z3)~BMMXqY#$a+>1WawSODSrwD3W&UE85V4lhwIMBf{7Ces~t`J=t8jB9AJ)R-{ zT;1w0R@xLa5B{@mcFBbPKVq$761+?N09wRA_=C$=4TQ~j=%*60M}$?MLxmn9j;sH$ zW&`eKz`!)jOP2&c^-ifPrn;@5%x1^EvTNrH!5b=L^S9dqA*;pMy^%4`s|}I-8P%)>QG>|a0Cu!Pe(@I2EFZ!{cNxI`TK_qQ95p#kXWn-pP0bC{@N}{Z zV7F6O>h2abw>lQ(HcKM7(!Rl8NhEcX6&NGj zWYAYr>+v53rtQyM$k>!hxfm3>t*p#b!L$b6t*Sb0K(r|ivKx&uUX=jW!s8?zTpzX& z+ZCHoBWWsFVOP?S{;!pM=oB1a<*!#gf4HMJo>=_=Ynurs{#J!s8Tguj;X^ovb_ZBw zPi0;8Oi36qGkQ87{_sYb!PzRrEvG&r8%?ys+*4yi@ax4nwtN31H)GB6ftjb|6 zVLB3QTVz<$`_(o3A^uF<9f%|fs@=E@isC7rD*lx;9cw)Ch<7<^|AqECoJFGq<1wKQ zMmt&cX@)41OewpA1Oypxy8E(uWfL%^FnoWXH#36n%}Es$Wi;HWO{DENw)kW$|A|Vc zd=INFBnDR+uN9eRd~6Fnp~G2SYHo(=-DPm4=I+s#t|B<3>4yj!^YxmDfV>FWtj2i(ZM zRKRICcOvnlc0tY}DcUGoie7AOaLhT4GA(Xyq{;y}CBbOhNB8NmV(NZz{{=($XhAA0 z8!cK1qpcJZ{#^6k#TCf72gOz{hTN?gti2&WYxu2Ye7SII4=y1Edo8!cGw)Ei9_ZTY zHz0d4oh)y{c7mXVXz30Zfx~ik&h-jRUb?DnlgDCz>9IduZlRa;C`&vBh3?!Rfnk zFl)gX7D{=-2P?aoo3!CM_(2ScA80} z61ut~6dqeIS$?{!LIJDG`L{N() zWoOR|z35N0_B{RC(dqIuNxS?mltUC?To|wf)Lra%4W(LpLz!#09>jn^2|q#V(H!Fm zC~@xKPXOdq*A~$yBVm=tdNe~@F|k#1zP8j)DecMUu9|Tpu5fx$pU3<^o8FgPI+q- z(-2QL@x8Orku)W23;#_M4uAX}ntxW0>ZK5K)YP1(sX*5-hvn-;75L31@65Bs?rQw_ z6^PVGbD(i5sybpebgk64plE94*+g|jf7Lpexjh4HJ5vNF31I0v6JJrIf#P?H zXa2rJzfW_IDfFv!9`y`=PH}E3?7ctGuM@dzv%l`+1(`jc7WeAjN77L+Z9nK&Hy~G6 z%=8c!W_pQr9c?-D3&o?y|IC+`uf+oJ6yDnf~A@0804g@>F?NDsL3n z^aJaP#PM`pe=lw~|IAx%@%;96;6R(!i}n{&l6^Y`^?GX|=ZuKKmjwrKq8F{ygmf1M z#%YqsM>!f$_g6b_Oi(x>;Mzb5C|52~A#wZi*S^bi9}^vLFNCeD_`C z)Sel8sw)<8y#k9DFQ zenQriKNTBHe^^XUyPgRbVJex4eRYV`6%8SX2wLes8G2ovW3xsHW#aO1*O)eZ;9{b| z_CSMaqTICv{2r*I{vlAfHel=)1jW==q*MKt%ak-$jmNxH3XY02bl1I8Ld{KLe+dT( zZrc*5&_CD&uZz3H&B&fh?^!I;W#kHZE5?svT57@BtOXzcjoq#Zykf5?X^md%^V%5Y z0LU7Ktv}A%7GOoQf~pw(K22Nu3M&Ad(M=(3_zR2(S7Z?#Vga+n8EOI6@@B1v6wmW8 z**p1tM^q-+D?T<5Nyola{zhkUodZ?w z?$Jz}V{-ND<%b=snjM)Wwv*0%eg(gM`vNd|-RPKm55VPjq@?^nzh3^3WUIKw=(KqW+jSyPE>XB{>`prwyM+Tugo+KhRwGTm6>@Xw|*ydC&+ z9XKF}&0dh2`9L}kX`At{ZoJB^&|KPy@m@-n($MxbubF@Uy(#IAdYv=T4;VVX-X+c(5QlRQ?NB-T?TLPW|^WTP5E{kMQzNCj3`{)tQE}$Y9AWfGvYLW`1 za=)$jv*%LY-!E&v&lo509Y9F6TWf z0d(-}4)p@jFHVKV6cfT_d3aKPUCNrf(s}otgM;-n5AX0H;It$r^Si#-?lfC(HD4cK z;qEeV$9=StWQqLzl@V!@C>eJyIR%7hc%5~bl2K`ny-r;B=uuPnSs9Sq`&HuX3Was{ zcoajnll1hjIxdN4a9->OhI@~h`3e~%PwSukx!!X2Lm-fbVY9bd@Xh-3g?e z%-BrX``0G|vp0SR8ulCf``@=SLUn&yA@hSX>n4zQ`6c~8{fV#kZ-Xhh&;@Dv_{8U^ zFF}1@+5Yb)viR&Ss{7MfmLzCQXPd;FPfL5RTM_S2#<5G1x#^Ph+2fDPji8ohBBY`i z=};7SPXSqUuR~+vl7zBsHp(RM=p0%I~p^wsBwy&7`|Hr(>@;xXB^c3iGkvMIs`xdEkXdw^oQa&;~FpLzBH z!$E%Gv6@zkXX)7zfXmxW+(rft1I-dw-n#X6b_N%ghE6|DRRUa|?Kms8X7Rj-SR=-3 zXY6!DH7PwD?qh5-zq@_vx%`>HBJlD$4d^xy0q#g2oBs}Lf-9JWJRW-MM{b_3=Egr` zdZQ^NhIE%&D}OHZ2&WAx7QnL9|F)@IoNtq`Fy9NRZJu~<;S72*M%VW5Nu`j`$;!6F zmvbT2eVPeteVXvTXy0}?ti*W5IeuB{C}x5P@zDvjehy&aw~4V^%j9lH|7^grz?49{IkIJ1E_1AylrWZ^&>{gA+LPs65T+cVr8Urs1$-1oOq0l*e3@7OsBdP1 zbzPekAo-}`XPntx0R;;{odM$cY-cei`*KVMc!cD0pvznMR%fo0(zW-5ETuq?c%@Je zT^`J*=!*SYmM&@lmkp!VG_+Lb%Af(gN|s7dHzN-xn%cto7Z!>CLOW;ltLW(Z()L;qU-n_@vV$8<%f)p$ZnTw*A2j<_htYz4hGOX=fwnd)t&GF@G7Gt_nd znJe~IOW&<#*(ZF<_$_S8sQ^?~wYyUfwVgI96rlrs+z@trdYpBON8Q{{#US%a7E+Iu z$5&1zEq$ARjs>lEA(Is4Sszt*6?6xWWV7=3h)-F~FcG2pA3Q5XrX>)o=;y+04!AKs z(o(bUz9bWi>$Ay`<5-pp*hlDf2EzD&Nu3PI8!irJ<`^qrmi#7uSF_`r{UEHhsYtc} zQ(YGPd^{rvTy4F2637^zN(|3l{_hV6gdtmQig`0#HS!TNIYEUoQ)YED1Wn@c4vJl? zsn~Dn=?U75oz;dK*PWiU?8+x$oYq8FLk*W|C(@^S)Q*-K&JP(2W8P^p&etN%b|Z)@ zc=J7t0@96=WSb|et)T@ZPd+AH&EDwbt~UZN}5f0OodwA z%`l;)CrxU|)s+Ogp-#K!tqfbG(C6b86MkjgMQKOB*7QC9(Sd&8DGWb~#uq2d zpcETg(6>@MyPYdhK|1tpqYE!>HKTx$YyDU3f!;Ut?^b?dMSD_x2pdv2tXd9GD=`Eu}wPM1!R?0LNV=kDe~ z10MiJf^YVQS42O(>cw_S!XnU1GRYpR7$18`J!(YY(fw^@LR*F{p{~xCmU@AkeVPhg zu1TD4&eN)%d%S{g;XhdM(dqOKI)N_~y0JSP(t!Q~O&|_kKldE^LIL;nn|GDbP$-k$ zrlGItn6l6`S`7sn{jmTRpD`*d_-q&CE2ONS9uuji4&RujdGiQ@n($-CF4RRcbChn6Tclzk6RL1K~kFF6xZ z-R_(s8@}9}zhpJmh21fo2)v{*AHtEt1mv+fcJI$KGwzT#&-~&Z zN8*RyjRQy^jydo?fNSV%PgMt^^42leZlCF5x5iMn_%u4p?jTQ=Gju9_%03-x%O?Ye zPe9p#Ne=Jb_V44ItfHSrrpR6s22tqOxr89_V^0DpS;7{3}F_KvznJ%{Ov*OXyoCSeX3H;VI`7n*|> z3g>s#J;J&5y^xL?$}`JKO}nD_mN6`fo%Ao6Q?7K5@^>%$BF+vplIR@x>EfIV&^^Cx zrckVX(Y*DKV5fUb!sS;x1?gRmC2l_Z1JHQf^g&II$?Txgd;5js=T1MCb1y<@4X>V- zGQKlpue(GrGTffWZT4|_O}qOegARP=4!J0me`F+^P^KXtU6kA;L#1;Zpkp-Lyy zBWp_6JqGmh2rlj!5ApqBPgio9Q8Xx<_7($|f9Y)hobb83fVk4pGDP8s441EwQdHw; zbA2AUe*4wg_XubWc(ycl0WJ3se{~>vMI2~Pf^XaM3i34t9iF7_5KtEx-@_yL%&<$y#X>kg@t~dA5L%(grB<7T1}#Fy}^>>&~_a+{Ih>?_40Wky{Y9 zg_sZ8mb2%Z;ud)Sx-3afT;E?duCi2FO)=IOIvh8cZ@Z{g#dI#sX~wZbA}{Euy?Uc) z^qV!0=RywyX{GmTXve(QR}>x;%eMRY+KEwxe6sdNZKtP|$qcC^ z)3H`h%9L3=KI8!Dg+CiJcQut#osQ!Q8;!1>P6h@P!u3IS5kZY57t)p^J;TDSEK>)p5q6ktk$dv z@qbj~joCzD2I1&!jVH`|Gqr-mtMlR)2Bn{@pQM6Q&`I&yX7M88Tr~F&D#N zl5}~x8{0(4!Y|k~xF-rcfdLhre&^2P>%ml9DRZ?WCdu;OI53>+!o!j0z7{2ZOVB-` zQ*p%Hx%lA)e$UX{ff~qY`)C2^pz-Rv4Iz6h4XLvOyqTRq>f$QHCd#PyA&N0)tfaAe z8!ch`h)3Mo*G>Ic_Bv%%NZ#jbw=5lyz%Rwk*k9Kgzg`?WXx|XO z)&56+>kXs4V!#Kj9SQmM*xq5AqbJp;@7`zTK&wwy8T;qbir1!^492UUm%V`(rHwLw zj&@Fn_gTpDLM_Y+R0nBNi!5DI@)F0_8zwq##U`B5#iCZIDqW7r0--pwe0PqCicX91 z#i<*d5uY05xmPw}Jmlysl#8XDPOjn+~wqPyHFdp2oLfoZvG_vKym?sNkJ^4OhY zx$Pr(Qy9)2MeR4@Bp*;($JY}HO3hBso<}=@E`3*hLJyr^o^C1I^ttMfRgajY$=dUA zjP{I+E=6U2k4hzdlMLk@Y603@|k~^MbcosU^A_9}IYuW~=C18EM%Ur?=KooYz6fZD>B6>QLxW0r@+G>Q zV+ChbseSVfP1~6dk!8~Im@_IQ$WI3dOnDQQ2AY3F7~4I@PW;_9UG!4@J5RerX2Xg`Y^W2Ip7+TlmR;cOz2?1#Bi3grMjI&Nb>PzXq^TEbKbknurqZ{>{e!hAEThag09 zeRiHQrXxD+lV-2)st>hBnq(h~r-Y!E|L#3FUUt;TUC2OGMm6Z9C}?e|%6r>wzTFfy z4-UYmZRei;a$r!Rd+T2pigV%~LY#N%u4M#-ja|St}6UF(D?Q>`r%ue7L6H{&)UdyTkJ5D)xu|RBMQX^M~jE z1+9G4@1^;XY8RWc?y(bKhVIQ_F*E#WnkvpO=uXxGYFa6FIw@04ha>;S-oHJ$!cGMf zx4zaCH~jQ6NF)jXPaJgN-V_Z_$V^Sy0;QkUpp`+^68EvnSjo3GF}~in%f$9hBA0E)OU-~=h>uv`u%X-il&yQ6ux?1_U^1y*U5nfr50V|HfKJ!doL z_qa3%qXF&FnbXVj=LasFcx%w#l@|@D7oS~DeYtj8S9VFtK-COIM)&0%+%J^BBA+w# zZaeL>frY)8+xdQ7X|W@wK9Nv%jqyT<&o*yY4uKG&Vu5lsQ%iPcN&D2s%1pH@`)F-y zofB++A?PRIxQaf`3j7Pd1pmYx@KZCCO&EaX^F!KY%p$W}n?p*!h9y?Qe^6o?5!>ik zRT?(vBlVgL^Ep77ZJE*CYrG~6@GL(>1~?L)qK*CrFWxstxzB};jrlKr4IkKkh-yJz z5UZE2Pt2HzRSn9#&QuHwI42oS4@FWOLfz~`qNbiSDpm)SC zoV!`kXQ3FF%Zf^zd8@`Tl)Zmri(!m>5OdHdv@}Sv2#$De_lYidaRi}AEih1tXpijZ zOdNY0bZ5!lL*_<~(W)x%+Cbw7d4Y-xPc88;NXzN3U0*G&HZC>I-#xIae&)5JxZ zmh^-xAeE~-9T&~Vet{pqSlJ#<{0ZFqCdYXC_{TlDu(R}JqO>9)Apr6x46pYD04rb^ zb$$8!1LYhY0CbcM%wJk5ej9bx2M$KTp-js8? z<}5kc>eT)!@cQhv9Qb)A0`0Q7EVEMk;v@p{5>i$h+3_+VHy<8Bx60gZhk9_j(>Pk8 zTz)1RMyzhZQUCU*wgJg{|5l}VhTO>PcHWvXp!vo=m*(iGwY3C_lF=^CtBpI;7IoyM z39*}+AH2x`_N=_H1Iv+nT=xC`X7ql7Hm`Xy(x0JU0}VvBvLzLp#9pS*YS|}mj{VJ9 zAW{H_QADBC#68GA3e5?6d;j&-hmzCR3@v5uIT7?nU%RKg;MMPr%uKJUcs4$ z6qBRB{E(Uxg93u86ZQ5%ehgaZM&Fpgs{Bg^`siM1VWkoBo`ss!*x&M7Ju^?EbcNct zP7iY2Ii90>`hex1 zubpIno*lRf(Dm!%)>997)mKQ&#H>Bj*m~wsuA4!-Ks{h$e~uz@nrlD{63~TYp4SBH>d(8moQ0@YHq=ePZqsI zmG_P9&PEpRlHE}1>!GlPx70TQt=1iY7S7IbsoABl)SbYBfrTT;K*u1Xvo=t%mDMNo zaF$eMpu5pmYYhEu9{^SZP-&o+lq=$|W(xE&Ur5+T3(=jE807QW8#+xp&RkYj{F3Q$pTY!^fM?+pTR^_WlPu?dlJtyOR#>}z>Cvx66lZB5m!B!CPhDo zDr)KC)A!r|eHyhnRuuXrK+RH4J^5ctxl($dFW9ZoLYJCy*^K{3(p5k;*|uR26%_=e z8x$l&x|9wjrKB4KsR1LUHxUsK2?+t|7U_l&la}rw-7#u(Y>fRc-|smb4~Ok}->2@r zu6uWv!x#?_3NFthVfioDH^v3De-Rll<=AhzLLi&JNsMcg3HwFaz7GoJrRXj0`gy7k?|>qDGPC8nXMjoG|dcVL?mS| z;2Gwzw+dYQ(XG*oCp#yX(E&|wv*jrk6mJrGW4sFltla|FqiDGpaERXmT!S*BXJ9@C zhp8yi@b2F9F-7!~WSkp+-SucByTIT8@_!!I?RV06LbH1I8-_-YSpaa3%!jk` z%@7UqsTv{}8>m4zeu#3Dv5%vm%@*{=4*7iZO2((SqtKhhz8KQ;FFA>@VAQgrQmtOT z)axE!dg_-kVc~rpL&t8QJ_Y#q7-(3+T9bhnLGh|NWsUPzR^29s9%GzrKgbOWd>)oICt-B9SuVZdlQizNUw4!H~3MExa8#xC72v9pa{O2 z%(`2+$a8AFqM!m;{^SV2nl~dlZ~)x(Gk5D3c~4wa#6iu>tfB7IF_cszlPSwTcWX4R zIG#bAq>H;9yHrfZUat=KT6xZ`&XZwozH0(d@8!KM-6U)htqYOWOW(l05lBXaN&usd zVp>KQ3xC{f{U3gyyA_+Jgq&&DUHtaqZHhJTLHEn3)fTwq@s zyk+gXbUECdMxqE$HzGjjLX1Qr%9~;!MG3OVqM_dM;qD`zn+R6AOCW>neh!NU)01saWF&R&}-p`rR7THrN`*g#mp#A0m5Vs>=5yL zGWMa%5%9J37v7&K*CzQwOqdoX)Ct%L#ys*BW?Ot@nw!~yx#62rp#fG1b{AIO?cR@? zC=i2e!3jS4FVH1qI0RuG?G7IAhulkJyGiWl5dtrkayqRNt=1vEg#pbF_au~E32^Uq zs`pJ(rL_eksCV1a9+R1&%Y9`{py0lu%<47HS2-DaT9?c_HBM4PwABc2x6gqOZf1Ey zq-UF(QQ#Q&jsowsywu&r!heX{_v9WpzHlxXKCr312YiYQXrhuQKV#xzA&eobzo%hz z4 znQ#jh8|cE*Ky6ufbkA<}z|-QKrCwa(7g3LFTCX(l5)SV`EgAI1!=Su+ELj^q84Am5 z$MA$>?>=L}(Bdxxk$*qfxl?C+g=F9iF;~5FL7#OXk2HH9$aXZbBrpNr$J;2XjoR{= z3ihgh@~-ucfe_p9E9|Godu{tCQr+hSH{Il?mE9R`ADS#L2Y@dqf4uA#&B&o=Mf9Af z>wcRWn5(egM_?`^p@SmG>$pr#U#wqYzd@$^63)LM`$X!zHH(K~kf&UJ=SFb#mV!*+ zG&T$AfH^yo)9tJ#DX@Z__#yruPa&{7x{RNqXKEW{eMdjOAEB_1x_{zfG5lSo*Z=5O z`L4rJ!pg*FEYO5xx)N1QhkxDE7*0RGDgrCquC^&Xq3DbZf*-u`~aiH3nu;2RJ19h@dhka@#09r^yxGF zcc5>E@hcu5gR>{#52ePSygcg#eDAmaCfS{NCdrm!CIqz^f`I{qg-Z&-~gl9h1g&ygzv<_|-WPRR<2)>Iocy5;8tAR9H~XpgF6I7!0I|fU-1mI` zE|XV3<`P*Fw3?MoE-#6WXIHMQ-s!utE`VwJco+U_yfwxNG*!Q6VWvrF9UFOY3;EwV z;j!yq8GIZV;85?(6FMKt`Z3H{Kl6P31 z7SADk<5os9)LotmMq%LOjWq^1&osRTY6uPvN_sN*=KORKJ~eLi7MfT5wew9}N2>6v zo0VhP1OINR_Na^y5ytYz$GxJr5Ef&OatRwb4p0bw`21vC=ck_K@S{+D=F>2o8SXyQ z`yuN;v*gGC_yw;E*Gm~$Ya9XLoWn1Tys^Y96N9a}i_2OrW-&6_Tlz;h- zkJ9qo@bp9ix2_^n?_4o_TG%jGf?^ue`kepG7?@zHTuPU7=^3+d!(#(~vev;MzCJo& z*jF$MNnP;i)m@4d~<%70;p~n+quayR4g7KEDdJ;{E41H6Uzuyjy}9vrbD9G90gC!VFu*~hNUZZYB~ z=_CWOiWx!zCAS3arWqJmT(49>`h5E~0`=NnHZv;=Hi6hC2sr z(G%0dfgc(kzJ0xn=VgyD30gnSoLpMUVn;UNjy2K`5(*s#XS~_F3-Z3)$<~U!aGRt` z+UedYk7u9vL1ms`Q4n?TMN&Pvz{tOU$$Yrea<831abyH1v!S)eTlFN~sp9KvQHjfm z@q4T_B_f1m=D0e`dW#C@-_;lZKyl+6Q3V>b0p$*sk|l;=04x-6QUF)*ug{)~w@hv% z$xiy-1Z1%LF;FSPuCRRofGp6}Pj%gW-}z|X5a6B5$|(H7TXVrvVF&2b_RmbgqvEYs zmh{Zb76;hnW$TBeq@bORLD*Tnq2uM(ME^;UMe(YpZ{Md(o+O$f>R<1v(~bw)k-~B& zUiWGjt7V%rT=pR?9a%?j6PIaeI1GI38QvuIF6~@CBX=+xw{PL#;5gY)hZgnr-fvmU z=Z}E~-nHF~W~1iWO+kas+NWhv&_BTv8yBm!w!LqoqN29j2$@Huedf7UXIemo zG68LzCn@|v8Z9l@YWVRO9Fl*wKV3SQnlTcuCGlD-2raw=lHx;0m!ie%Hg+1Iizsht zXw#RkA%aS{i!b8ark1#$-AX-P3z63fI|y*NWyqqanZ{=n?2uLqW-qlf4MVlcB8Mbh zr>+SZeb9so*qC9uJDkAcx%VVR~v5M*c3(|!~XQ3&fZ5wBQr4bAi}L!*Ur4e1?<0Y_PTEO zD$9T$a&o(45B(VMe%s)&XY;{#4S&+IB(bLlEL`dXxD&^D^r`=B(_*3Q^)ji%NkvBp zn0@Hl(uHsk%{1rWPazWOG6&cPzj)KFIZDQ+BXk?PC<=x?r5rYIX4X3#5VZZPa{;lJ zQz3TTuK_A$-$pw(S3KJwQzgPWfbJ$mrb!n5>#$KG6QDyg29O#a*m-~v=qJ+Pxe-z+ zlSlKTKfv7am`o0a|M7E{m*%e~)D?CYm+8NeG70^w8ANB}HQ?S;oLj9f?;ZZrkHsp` zVsdBm8E!!@@Q%HNm7PovI}|lgB#?%--`CPyrVk7kr`94`1&z+rS1<8Yx^Eo>5{;La zl7E4C7K|HSIY%x%i0$)oDm6b?*X#4QtoOeZJ;tUCGte`pVVgvWAtHsHRbnG;^`*QP z`0t*L6+Ii<{luS{uf%9z^SVfiFlWt&AfCwS5pdA_u7_S8*TI1RjVoTRhiQq^&~EDN z^>*Fzr|y5a2O4!5RIIG?cyjLm`L5mcVLus*14MegUER;gh?h{Zyo|+%^^ucm1+4)w z6vF2BI_uSE7g_HKSpE~<4B>kpqWx@euzAqdp+U4`f4)hNi}GDkbn2yr)t!4}t944F z+gis4E(0uCzY4@bUTVV=!_NE(r;C!^_PG5NtV_oF2=cfLI*3;+J7QLRoH8x!iZ}KU zuam{p>Z#~EPav$YggpnX|DI$X{JJeBeb}&oITKfpLzJ18#{{8|qh&FF6&buw6O(pY z18~1u0zMQ2V9~C=LPgyWMzQzKl;l;xBo4b209z}R9Rn2aNrV>EVsCHH{~#E1 z+Mj7&Lde{p6(1jOQV$6klEl51KqidaK|MV@-cDHtL_vJ^z_s4Tb{d+R4wKuW638{( z(`H#{FsvycEz{rs$Ei#GT%M$Bi!tdOH1jSYq24p<+Q6;{=@$v{r_IL}Sx?oI5RBLG z%gKE7nK)k@yY#B@@aQ6LeCPM|T=d?o_vQPf?Tn`ViJ^2!eZIsAxK~lM)V7249^LT7 zBV{IY!>gE>n4RuL^I}O?xJD{7^bG;#j5}!^C=bk#o{kxzZ)jGQ>e_5ETMyPPGMebqFZSMcwBMSOm9$}7kIDa^wZ!I2XaT3}x~-+P@1VZnHp0|(?8jiLh=@pD zS()n|bSYS3??m{draH4Iu+`rN2ZiIz&97E*<2RdAGz@VUBQ9@V5r-kad=-$w5~pJ} z`LzwBtX~LA`u3ddp-;;pMNKG}E^t(}i}c3g^3}c9baca>vmj%?SYUp`Cl3x{*^%lr zL5k{0e8mfGm7v11i_`ZoOqpb@_YSp&=9^z|XatGu%021TH2a+k3Qe!(o|^$#E=SZ;B54r*$&hp`wi1Mf&|Eh$oChe+YLd8EKhQ4r>A2!eahF9U5G zK0P_v&cR&{?Pl^{t@U^xYly4FEu8$QM}Di$*!Hyq9-H5K)itadrzv|}GVN(#H{NyL znwxojft#3}EgXg%_HS?RBLG_ng3e{x?q(=URVy?%2adkY>5uxB>TP=|H(U_x?C0Wk z44}0F&UbZy301B4d(RzmZoM3qHpJ|~;V6;+tf+Vv%-G{M~2SEZhX;LE9hsm^!4qjX3SAivv%AGpuR&bfc7cr zYT`cE7D;AT6fS{FkVLhoyq1*;P}~f3?2uE+?+k@I4#5@F)rkcy$;$p#B$YI4`mi_g zRQ9rRzX2=uaCf#?zt|8^X|lS*vZ$*&mnYGHrMV6qGG%6nk)mSAHp()`CPvm`6Ta2O zhx*mH*>VcJ-Rz+FPAld*uPqp#D)M!yQR7>!mq^NVpKGGxR(_f5W!%WVc~gzeLg!~$ z>>)FDGSZ@AX;V`gON`x-Tv+!f#bH`d+hvkaI2V(lMR8%h;o=3t$GlvhFUfmP6h0{m zZ&A~dx^CzONXBnY0JJ^Af7!CxR^GzPB&x!FH3YUl1M(VX*+-O_H;KrI6sQX}$ ziY)LT!^GiE8h|%$$9u)6(?9DC*g8B%bO2tK znUMz>2jrxjEnPM%Z$DC28p{OC$76u1x?(5|pc=q@HGs2lZ($@kPr^punIB@1A^tT$ zl)Cn^(Jw~}IfSfRrDF#SDy+P!DYi&l!|wtds_(T>)-Zx(FZP!iS12g=!Xf; zm~id<3|0*a=<%IA;Z&tznklA$dBU8svV7izZ35KU{KlhYg{KXWc2?kDH1?qRdjBsGDGUP87yHpRiP9H5(PZPhNasRmGduwU1p}^ zN5Xx+A-DYqhFp~Vfm&f{C}7_2{{78nQ{$JD2h=B=q^GaayShsSAOVn{R#Fr|m@}Cv z3b1lXzpxmi0_aJPr751xbT8Zi_|?6&l?~EUiiEaWD}l5(_$_=I03Hza;n*ar(bf4b z68Ylg`ao8puz!3OSmy=P14H+tjB=()Be zCA&rXzG?xj+r)VcOMmVeU9|bM=3_};Xfrr%(H7SdU;-A=U-)p7{505k1g~k0cR#hc zcNdu2`yeA|sQRP|4q4x24QIa*zO!{Mqkw-=#1e>-B&vh>`L2ebcMD~*4O`JHC%b?> z00;>4i-?$QKx*^R*G!*ut^!xL_;eqNi8UxKYfbO(CfuJA=SNpDLr)%sVOn1qTKa`9 z91ZzQN|P;bz(8dPaX9+Dh9+Oh$NiZ~Mffc6(}b>=fdz44*>A=e6f^VNk;FD!9Q zppykCjua4^RT~2TDubG2a4AG5Bi)45*!ema(^{8V1M{FsDvA9Iiqm1ReHXmPZ zfueIWj^{j2v8X`xr0W%Xs$toz8=Jvr4w5B2wFrn>I1k2+0NUAU$G2gl9*s6^ zt>JpOH&>}B>0_1;DsNRQ%z%8kMrJNuKL zlGymS`g>t`p(WrXsvPpVe!*ir2R>UJP!I7LoV*dcCw+$4mLcqMC{sJBj2m1`=0c9W zZ!qu;P(gm4kZ?6Oefc!v5C_Jum1LiJ~I@`xe)Z$94T~+C3UEM6 zz|rf&r-PBLu&vAADQbr2ATQfjG>~ly!1l^Ws?QiXZ^g>`Ut~x5@60adzb(ou54wbV zO;W*)jTZK2iWV*WLd%-Y=vz*iP(WYU-!d=If3WAs9Db;3jDeq}^K`SZsTfYr(BhDx zWpy4k33#E^ODHI`XYW~3NKvEg!JnYuyj7;z`ki(nnaV9}qh}9^`C+Q%j?a`?sZZ-B zR^seMSaXAYOzT-9Kk`Q^&1TnplMiyH7+Smt?2^UldHLw^aDe=4BPCA$TMh%F1b12> zgL>E};5>j=i%6n>BLLB?&kU46W}eOl#iRSF_H?1}JdN|HD1GdF^@dBi_o9*NEYW2D z1W>`54N%N9I@~=2KqDZ4<^!l2xXGxZf}D-myea#8d^S(M6ToUE;BFM5569CJHhDo) zn|0sNFa(fVm+`QQiQYDA*shWWc>(Y+W$zE$RK*gfs2EboFGcL>)2UOKa}?t1Tzi;B zoT$lI;&`R`OYGin5}@$n7vHQYrtQ#J705s5)9`{V53qG5qrE@{z+C(|&O6t~obo2{5)EJ?<5UE9f({Os3&0fh9GRn# zJ!7Ci`a3}Yb$XDyc7PIL>GlXv`*8{oN_e4?J(JFQrFFBfuku~|d%n1O^EV`nR*pMf z0vh%d$4u|RC}%SDV^o=B3-ClE4TVtvjQM)c<%S={mGRjYHYTd!g8+l7vX936lx3;I zlq7)yygOq9umPP}x7OdOUX8`jH)Ia#>{9_*b zKKYo*SQ;48qTXEvC}GoxvA6VV6fZwVO_e5IhT=CoxAy`t5rt=KCw+-b{yS`n8JmXs z{%`FKGG%_*k2YDoUvPLYb3=7``Wqmq!?1Pu=cxJK*16^%rfUgMtRLF9lzQw5#ML(W z0WJTd4yX=QJ`FLa2+ljUYYxyv_97JtPoBeuvYCvTX1-6}d?Hhf#7Q}LUS{M45JcMU zOJ+_==nCF zUcl+TW4-A1(9E$829}Aj_x)bo##*{i9J$MUmGKmApB`}koTkds(e3tpBZRU?y?0WV z7;L;Syy81VnU{HAyNbT=0`ZaU&cd`3;GvF-3(~Nib03HP4GnrGrcry@%lknmXeaUn*wjNj~n8#^0zJzkr8@^#Uy00arh z|Js#v<4ZERuZ?c+ZX;G>q;mivtl9NW2T+rf(4cFD7Jy%)h?}_1bv}o*1vgJm`;Sxg z#-~u_%>3=WBlfp%JEDhWe6N0?BqHMee9#o?H2Az#m*wg&=fv#JoMV$`&j;+(rc5pa zxIt6>$MezN!i=&+9z!QDFFiPX^@Ft7yr18xzM;eP(K@<6sWos^)V1~SZqR-^k=^PB z;9&t?5_4f|s|*l2-5~|kb`+^hmdkA2wjv5zF5}-8YO)~|>(vG38=o{BB+-YH}@E>WOQHsK8p6(CHV3;GXc zp|mBS@Gc=Nz~2jSwjK6nyy;n3#)HnURiVwBq*aJ*)5R+o0{jo$ww;i4eadr^5U-^J z__Fml3`6xIbW*nYgLO!2OUu*uCnF=Vt=F~u{IpleF8`eWRj^uWYHDuFUSor9+;#io zzTU#L-=_>`@q$XGV&E|i@rA6)Q621>vTOo-%P!br*^gA2(Jw*f5IMX(s?0LFo`iKe zLvv>O&*aGeA|RFUQPCx23oS1lo>FNpayJJUe{2D(^{^;7De%zGWzRpRdL6I<--u%Wcg)J=tHg~uV(vU zpp-CRAzwP+188uj7LX*mwa!SP|F#!|-*#XwmO@ z+5;~`jrA9n>nC_&t>n+6sYOldOwxw|Cqk?g+`m=Q+AI?U^n!uAtJHe=F#){Ko22{t zQ(l%M0KdlXU{z@`3xfb9z%?iw2Usqq?xLt#ZrVzXW(S#w%`aCwR+RwdO*0b41`8@Z zfa5mN+6)sO;{@;~sm#p3B`{}zuOjooYS=jh0&r$*2dldLOojo*Jpgh~x?wgCVt{!c zYs&|K()O>~2w{Z59LI7ogxyT0+n}9e@z~`$JO!C_1vmFKD$wrUl(5KSj5VHO>_d zIQGY&w=dD(4?Q}N9J>t=;4wFSzcO+r-v@Bk=4vC_#+iow*jl^+no}mOEgM43htK!8 zjLhqN6ac1fAdY0R!e25m-SnudC&eJ4|w+5l5f zX`KlOv{$F=vbO-&1clY^x5)pA;CjXy!1;N14tuTAVD^_)PR<#%!^uM7(HPKkEQ6Xq z4pRC?>0_za)bfLWW18Wc&cWd`Me&T$pWhAam7+pFf9h|uN|}^n;ayvbclDS{$yLZt zg6Z@&1vHkn{6pFwU=Oh&TLa7*|e zVtyG@By4YedOVz6m2-=R-*#2cfPaa*5>B=V_AMu@p+*;p8IK=v1q$9CeOnTpT#A92KkfC4GmgR|L30+6=-j(y_C8B ztM=ybGVr-c)daUWVs{qR`CXB)ayi5&+o1Sh-JWF?nLq5uDpz82u|*M?*5kIq-dyA1 z7ukJqt^pqt5?QT#scB218u!9ui&gKp3B%>6R3L6}O61agF@)6Ss3?jZRqi)IkM6b*n$` z-6Q_|hA+&(G^R+{Zn?m;K#raKC1bVUIR6C_ia61SUtP!&-pVsQXWl}z5Pnn2CBPR# z7MPYrMlT%o*sWPKhYtywyYVs4JU~BX_=XW6JRR5IXx|Vq#(`QcL!3OixFtZlO)*FTs2F zABL*wM^?p=-)@W$kc6HQx3fJt*!`-1FD5(-2kB36^gTlsYMYvdEQ(`4<>V+_U#ua56&~8?|?s@oD&e5j*HpZrRCj^{rFMtO>5(2RZoHq2R=}~ub+^l z$V#>p9LCbsa6cO4-d!^7yPs01qoYHjVa`;Ct){95`%Lf#2g}Fulz`mP1G8@Z2}PP9 z_i=vN)i4zN4&K!T9L01mc7Hw~tErUq&8@WprO#wU)X!as8MRa0ng*AWR=UY#6xx(S zDE3_w=P5)KZIo(L6!2o?YGOlNpYVB{Mq8}lOWkUrwWz}A4`t-#QU%UbSlF^x9;h)L zG0@R3@*|eHQ}Ja~+dFnyv!}Z4nLj4wJQcb8UM6T`oYCFuM!(t9C24M}$=vhC4ZnHD zSd9TL!!y3R`ZitnX%p}SM2|_7Gry9$;CdkMw{IbzE^ixn$BmF4L-iRBm8_*t5~_7B zvIS%r^~5u;l7CT-tc9iAGN7KYvCo}QMbQvwDTO=Ixe;0pj<&nW{=DK6*D>m1~=;*WW9DFc6A3B3J7bV^tfU&&VWTBdDmZ&RFq`RWjIQ7G1Ez4FjOu+8$L9CM-h-&l+zt-#_mFg_^{CxuBpIHdq5O+Mf1%D2IUJK8M{`3s$7(Cn?e4dbrk8DY4^6 zUp}hcN`mtGo>Ry|Gpayh@FC7BA}m2qK9D3Mg1qAm{^F0FL!T)8*Ggjr)eT-EChF@2 zYy+nPFIfnkbqoho;-F5%7Xk)%nel&KsZ1pwPE1OKtwPE~miqTS!e7XNWkDjnI;4)f zCc?uDtY&}Oh(-5)eP0;Z zGm-Wz-DbM0;!Df1xq2*Qp1Oq-qKKduzRw*N$=~OFVHwIC_2R)C#glfMWe6*t6eCA> zrG$6!`rK52R&#PBIYmU`<>_CigrU7DH3FF(J^~uKoX=sm?+?55iBmss?(*jSq}k{v zic4am(xc#K$;`mdR{30*X}+KEBRq%8Hd8XPTn0<4C3D0ogLRO8P)=3TaNl0je$1kh zf@6MH=p3R~sF^I}a@R#_95L1OR2C03(ca#ro;D_P8i5MC7Gvv6oKs(Nd*OR98cK$a zkQ2Q71m;Ps6qEjkRZmkQO5VZf1;XX(7D)DAcpG=epJg%wQ|8xqre3#JXaBQ8AP4ZUArwZHY2Q#TJ zv7LgZu;)#G#G|cJWRArKQlT-rK_s78-Fljv9CItCox6jB0vJ_87a^gVpccVQahyec zt-{+c4|_D~8dYW88J|Aw%HsM83H}b_eg2%0zhz~fwxBTG?FFgu9kbOt(8HBGCSU9Z zem?xf%Gmv>W7+Co`1giOM3F`@`Pai++B!P&%KcubX^K_)?<^lhWpP&ls6tsoeFGS< zsB(bBncg(Cp8Kq-=~tr!^aaE8&87_Zyq0Rr-E%(H!W=dS)_T_5btI`G?>>c zVBy=_ze%bY$Zju_MSMW(QNL^Q?%6h6{PVGsUFE${_^T%;yHuN2yX7S%f1+K^eg%g{ zX1YHCwoszDOFbihs&5f`JXX8U+;`Xui;qg6HNeFQg z-$p|ss%nfpAt~|QvaZ%@w4cvop=acQGNkhI@>}Ee<+FpD&*GOaX$;wsrg3yf7&HV~g#X=W`f{$>gQ&1r3g{dvdJRP6U7YZ#K-c1q6)lsW+ zSHoX%-ud16>Rm*tsEOSZCgKY~L>G#@BKbg!Px$>7NyhNhQpa1SqlfGR3HmhopqU}s z*$mI1-wWUJ{e~QC#zgF3%zywQ68@-v=Tx)De9ZK~G%?8a=hu6nL8*X{0L53a9{2ot znLQ{(8*&lhC>QTkCGLxGa$kG;_XP`>k~f5gDJfOkgGQD)o==_z=Hmt_-3+7YSBEE; zB8BXM``*eul{=wi)*0ET$z5RbY_oMPpo~s+&QoU(SUtqA^u2Er#%xr96;`7rZmuO8 zZ}Hr7V_C|gezbCe?=`4{C>~LTih|3!26YSNpLs{02+$M1sDbilSfVK*m&;9d8(j4k zNycn#qqE6wzFh+0-;b(<3Q;LRTl134fvta*o4!Ej15WZ{BKH;u@a2O^)|3fWXkY%D zeJJZt=F7YA&uWtwf7j9~LWi3C6I)j8 z+Ey&T5=YU|D`CUByZHqPY2T@X-Z~bf5i`9}uq`3FWt%(zX(e#7S5yPMFIv-Af4)n^ z&weU@c+u4TJG0}0Q6esj`_26dl=q_HmNbIY-7qr`f1LJi3x6utPsr!*V(f{6BxXiL z`r=Eu)QF~o&-mmZe_A|kW3DSBWMe56GkOo`NcB`sj)9+~xD@$gE<59PjVwz(k6iLpbzja(Nb$&foPHf8^KpCcNO(?u05s=%yw%8`> zZfIyPC#HLoaK!kRvLO3v)}uu|0GS#!gJGX6>vvtriP^3X6ZTLswlW z;Ks$+|Jdx&5Pgg!HlOW?nR0r0e!5Vd+r1@t`p;d7T}S*;YIFGOol(KOU-ItSE?$9z zJC*_HtB9xM1FfFS1&d;YoLY=Ml^tPjXD8f*A>6NZ{vGvz1?V3pOX6h8C12r@d}n;7 zUuw!`p$MbIBlhT!jDL8nk}{AHDJ3w{Vr`MFJp=x@BWhvRS1Z7sc+FKyWm^JZvgt8D zL;ktWBmImpGd#XqhoK}z$unwX_x}WsR8T*3ZG3fCkT@m^)Z7r#YulcmMs&uInkTPu z&B5)*S~t5rkR}^&H-phW^{8Zz%3l1d11Z(1GTE+%d{>~oT;JK(+@_PM67xWSrAV4O~r?>5TSoapu^166xD zE7li`Br0*Ar=7o8l=~o!7buf!X?_Z4xKz$a4ZiNHcyy156ztJDl>Sl!US3qx2INDf zm@Vy#dvgqmvVQB!XY19KVEJa=3#GVyulx`nmuk_}8*+EtMaJjsTaS&sKP$iKEjzuG zHyl32@UC})7lATwI4HQjeljTbrh7k5nQ(nQGJQrARWM|a3FUW{rPnItY$SR>eAH_~ zY_%&o<;g2%IAjcnI;muQM*UQQ1tp8Tzn2$Zt^d*S(TvCH#+WmS?Nom$@ zB4YfvP2bcDkLC}V9hQ`)J0+O7gY30&WP^V*^d0TyJFIVmlYrP|#aztt;m)%=N%anY zqezUTn+O3jbmY}f4z~BD$+Z0f7N-ZRW6VQ0XI%x!!!ArbsXWP%Y%3!^tbt@% ziRQ%A`hm}nKz=P>r3fNSi0(X1!XuOum*pFB;w9O6;AY7g9)W$vmR`r(c)!DERYYko zI9h0`_FE__V(YiqEF2V0;=nyOSS`NA0~o1P9OTtMM?`OR2U&^BmL+-GbgRs^);u%$ zbYmAEC=g=QaN>lC-(JQaha2?!1?)<{5qRHPbXIM({LqMg?@O4EPi~+L3m{CbRkj7T zyd@Z=1Mkh&yUMHTJPI0!hF&Z6ReawfpB>yOKHqf|=RnQ2P~>)Nx~WOOieo?9uL{`f z`G6W-SrF2VaeHA_Ul6e2zMxbW%O279)gytDMzL^Gp?pfQxHfFh5!X;H~apJZ0#+o!|@_ddvs9I-g(sefa&MYUq(?6?-Fe9h{pD=aq)5&;4FMg z@hpQ5i>5Z6&F(e(+582c(cbzqPqg24Jj{0!?+M*K_C2Z$i;YdbF~PpaCOAh@Ixy2W z{28eb;KCAUo9af58`A+}$u~sa8f>ZqS1*cu*cp9hyyEs^$)oYazc#rge(>i{CrTPB z`BDS<^6}hX2S3eQ2bsjRe${`rSFJSX!(CzP?aXt_%F4QKhw~)-5P|L~2~W93Y}W38 z$dmimVS$Si8Ou?--`OL+9(hpG(8!xwg6H|S_xws#`%lGH$Ye|+7s_&fZaYy@Q7M!f zD3*_B$5vAF+KJio6H(*rcJ0YnvFuVRFK;tZwZ8$?&ff8}3Z6`s?%L3oFyQ`U|K8wM zK77yYZU!)Y)3# zhPnbX^!)-8<`c#y%9e{?zN_OlTy#H6EF1XX_mZX2pUCCPxzDB*A51g3 zn#%m(!o5U?6W+t^rsC2bP0vR1J8I;EHecR|6~0ya@shz8VM=-xt}evkgJn-VqY>4= z`BRC}pABE(3wxVz;u8km;?t$WZ{X`xR89fektG&>^B6z{S{Hs01puh=A9u3&O@7-* zFNdi~bD)VvG&)~%Wrk?MdfhDS+Yn9!XTQF2`LL<9j^Q%M{<4j{?hK7n{}TfWLhUvC zvTg2Fo(ovpzFM!oA|$f>_*Bl-wnqDY_|=tw|D5kPdSMc%Gny(DijBD5|C@~+d?NQG zN8+*Ll2zIp$!O4>OJA2$wSk|WoH>#`AN!ZHDzflW#j)Sgh&J)@r2V_I)u;Z6XO$?k`X>tpR{ey47h`L`kv3K^zyp64s;<`m`M1D#TYT-8IxG2XK z2Jy1Sw^`$Rbu29xS7f-cSSIO+)MfqMt>E1ti;G{HqehiZqB8RrkC}Qsgs`_Y3o<`y zb9H7tRup`Xe&coY_DiziI-oqfXS@P2>ze|!#74&}#|<|7^IMZm;wHCym zvH9CBhUda#&jJiYa~WlP@p@vI+ZwCwCG>vspiUxD-`$0n!bq83*>$V_(*KRS@~yBs zwCu93y>B-g@|5%s869bp9!L0#Kia8<&QU1}UsBU9n?O-~_ha>xPJn1eygEUCNvOf2 z2Xgt1NQ}+XVb==%+Bo1v33-IO65@86#QerlCZ7L4t=mJsKyG}H=E(nd&GwtkM?WitA@OT?hKW*chWuBakiCp;p?s+sNn}$vI z`MN(0^0oXFYLoZ(B6*2l?)NuRoS5DH85@*!TMq9{*xQ=ycCcf$T`sFEDd%{}osvkp zM~@d)u9caUH8e!a)+`kEyBM3VkDevJsSC@k8b|V3JH)<0+lusii}$wIoZr+H3H(db`BsGZ0)*6+0 z(Zbd)ufr-nI|OsSe9%UaEV@ZDkSyBd2gCoPQU6BX-TLtd)LiuMKD81kj%h0OUQAd| zhSBXtv(XJ~i$QD*=~PQhu^}JM{-j2ZD{tzkUiRAGeEgXXuaWN%C<*p>bNOPF?P6tI zOIuer$YvMi5_tXTDzF5%WNy}YwP+mq+^E7WMuI5xc~pvKYQi%btE9fq)*krj(Y7&t zTVkRk?os!>sUHaO1@AxMleqt)!HyjWL1LYz&THRb7TbB~IdgSEZ8a^mbp>M8rS`Sd z&l~bwt2fi4XHY+e9^r%3YVIZ%F$4^1^UhTdJMlIMD@RejWU0S>@B6dWju-;qI1XOl zdUHav6#tf~m22E5x%G(l{8MS-(+r|Uc8L+#;ZxVn#jWbTl1OkH$>W- zmWW#Xo2zx$l5DurjFa3uA&rm8gM;wLi7I)?;y9V+I{*CscLQd8G~69ZOJ|KfirLzA zja4TF%~uQNk_YRBETfsZHt%9Z+yve=`6#P6a3!cg4=w^rjH+m#cD;5%7yyZq&v~}& z>`yx!M4kvsKa{+l{u)VBB_GEQ!5$KNZ8L^+t_549qgGE@mj1R8AX4Q&$z`@;1z5T7 z3!1~8aBX*eCs}gAIb4~&x&eLblRSn8SDxxjh!r3W(0RIVV;&hC zO!gr3;;34y(zB;-N5aRslaPpdFO0y6P2;1;tDtW-c@poaCBekPcW%Pn)o|$tYnk+H z=||zW-TrC}654qwkij255u`(i0}bb-E;yp5XV~)Y4Y*xwcm)#cq*KE)WmxUoB2_im9$3wgC)CBBO1NSK3 zRl)IYe-wNm!~F2PBcMwn6QwVG)o{_AnuZ8l=XlVhuVm}=hD#upOZ@vtJY_~SrHx(I zNEoba@0^+X`3$-EUHo<#cpWn9i1zZI=}K2RVAX+JkDlNyA?*znxX5#wYbdk0fb>O{ zX$*6$O5Wa#q}FVnk}i-bxSpHwVJ0P&sUrid&o=WK`2cxVGAlQ=XLlcJw4GZ*Ble)C zM1-it>RFy!YkGEfH6XX|-myNcS`Uwos5}p=8iL6~gIZoGD0KW;J+u-_wI12g(Xkl% zi$(cwd@VD#xss{rI+evM-V{1Ed)O6Z1M|wpL0+DZJuITVa|{1V0dYrccG1OIF@J@3 ze)&e8){WXxO6gWnuhc3Z_EIcRVD)IT99=`lO|#3~qw zFTW_ko+S%gD(D)9mCN7~7WkP>8}1c#D4Q)NYLQJ%R^Sem8MbO)c%zBuAe+q$t`>mb zvmCH%m{Reg-EMCA(H7gr6MfgGB2K)Nnod$v&i~9oKo)280lpJ$caHF>-2_ZfTj)6U z{L%4&eJz+Ri%D1O5t--6$`vNj?t#ADgJ7v!)`29Se0kNI;>+vBvjQ0Wa6g36OphJX zv-=G_^<1Bf8vo6n^)dz{$*Q3GV0>rW%=%NQWN*c?nw=FdNK1Evv~&rGGzf~6NOwz@gh)5i-OKyqf6lqic|Y-mYj)l#L&2qi9{Y%~N<+J8J9b>I-3+B5$!USp1W{W9jTv|WoTDOz#EY3GYNudxi<$xVzhb_w8eJ=c4h@*eQ<{$}6XJhRrYoM5qxNFWQ%|Jq$n=aL<# zeEuB=@yl?=iy&Pe(m3bS9<p2PpOz^9Nn+tnvDDj-lRPXemc%aMkT2JKK+uMH`+W0bt}eq&7I(Ldn+k7Cqw!9r+>A&<3ez#a6=ls*ll=2?L(<- zyk8W1KIrJYS^aA?60=FVTn~MKjfVux1{_@O{E2~m_W7|}oAuGk#3^9yZcU;4>vvV( zb`pN8?-~QxUbmUfG?Bxz7cKVRzIqzQc#X7|$R0+Sbl9U@(|(7 zo>+>8v7Zf#SMnBiViAJD+hom87Mk*tWPDKK&MuyVCpODr!rEkbS5vtC1wu@+N*=UZ z=r4ir4tpDOP01bFnsA-W2sKVO(t$O+mMhx1<*<%bz|h?%*6pdUNgv|q2j9_0hQN>7 z9BflEI_VoLa-E~Q!5j&^KkboI9s+U02C34gS5dgG6)L`^t*rR1#DfipVPQ@eLDUIS zE#*@FZ6Q4<3{9RYXmeD4*yuzK(d3E-zV__qAz-C?>WPy6cl^UvHHtM+;K2`RZHCj+ z)?vUVTiD-AOHX@4xYo!!S7SjwsG^cLWmg&F(nrn}V{~_O(($hb7^I z@t0!`R>hKw3X|6&QtsUuF8I4wL60}h{k{zR)6;V`eoX82>shHmUZvl@_q2&O?~KtY zCb(P&E+G0f!@w)@)MlP@WvWuv;kfEpGCUYp*aW_P?PHs%R`K)ta*tCpF&9P6C|mX+ z_4574e2x429>)Y;5{w4j#3P@nb?484>u4`yX-`Wua!;AjBe4&!9%MU?lW=0n10*tY zBHXOi1i@k8Q&jF;#f{V*IW zo==~dN4EB3M$*>n^kUW+XUszqW@!P3D-!t-)@XOytMCtEf$d)>EB3Y`qgq(?pWB}I zIDQFssJ%QBBiL#jlj+J4`6e9T*noaWw>7!@%P_wzDkh04cC_tNVRx)g!+;5DNMwH2 zKBtu4bFG!cSZjzGzCct88SkkB8Z6Ws@e4l<-Bs8J8-$}I5$zg`mK>ZxYJqR$#h;o6 zshLoQ7RCs3A&e}og2Tvy+6{`%$+Rw(Q`rR%mhG4aXg5;=?Y;136pd{mZLj$%hhkqtYl0(9@ibLnlB2TqG3 zlrkok1mESqQG8Al|8uv=P#Bm~?EHGLvA@4w6l8AE4R$bqbv-Z3>DOV>@U&O?_Ko%A zFspKsA6FqED>!c@(dz1J{fO)z8?KeIG0DDUCTMTy)o^c%@D#VxsQW@dzp5DQxYc_% zeEWFzs6D^w$7$0jQ%wTXl)6-<8%KPa=RUKsVcYOm`A1MmV-+K8lpibKdUM{zVd7N$K6? z&E4gZM*HL4m}HgvNlHUdr`UqeU-tzGH&(}7VM1)S26Po-$!Mpx+ZHuCD|mQ#TMOI3 zC7mZ7M_|Kf^M`a@4liLUEWt)GsvbPFhns~zygy$%TUv&v?9~f$561WglU0b?m)-e^;PFc04jd z(Yy>z>!@g@lT~&ia^ zCX;sVSX~PO|8)AOD1;Ug_RgP>vA*?KUtYCR#ADQVQE4=Taf&bq8n%g7`g*PeEDBeI z>P#my=dy>Ae$&h+b*^}#zCA3`#FypR!%J9h#QT&}AX&&UOAx-}-zXll(QkNC=1nt; z@57zUv$}3Sn`e|}?NC?o^_E_&@#J1ncFKJJ@bTwA;S|yf{O4;TB&>dSE|jsp1i_dL zm)qebbiE|S&T2fv&j{8=O`pH8LOyo+dL{qKB=+OVnIq5q-Ct=KswqwPoL|w)-@j>U zv&WSakGYIloJACif`hp zr~e+{bi7qrt9e~KdGg2JIu2L3uC$mL4#mD%iN=d2rPCk&$RkbqT~<4S9sa0YK)Q1I z|0xB7M7p+8;p`=Eexye7XEUhN!$X|S7?dABXs_*2xkk0TBH={{zphP(7ra3?419FX zfU^53PAlZ@J?R@FC~G5s@e3~+_4Jl3Zjy{6;hS72|rB4HpSoSvOI188{E7W%gwWotNlxnNKHc-*42;=8kfUb@YSyK<~tjkK@q77rO@50(}KSO@#9E7HH;tf^@qO>dIrNs>h{@V*j&X+tPGGdg*V zHY_5%P_a^|2r9WXwPy`v5utaN@DOAD6AItH3x%WWw&SxiSxb50Nev1`k2HRGdNwh5 zI)#Lbe=VVrU(AP&vfv>7SWp?zyl%0TAnEhrcYvCtF`cK zezz~^F)6}!M!5my!OX_o0XTBo0vV3iPckL9z@6lQs^hN=-T@;jPdg@1pQ&40()f&< zhAGMgQ=u$-(TLfoWV+yZp1;R)Z^m)m3%2lvV$Pc1xxLDt)VKFS!GAgM_zb_W zpn!rY9$IY4EJh1o*cWSm$e00k^aV zVID?7$D;;HloIgBp}0)(l+xaE^u{K491a_pnCPfjh8m+` zqbn(>^uhEmBG*4fTvZQhe;JWdzx4U6sv+B|5X#Tl8l2O*HqO+>2|&D`^S&E~4Z*x6 zH9Mun!?Erqs7xm1i}D(rz2CNT!}W`0bhlox`R~(UQ1Bt*CMD%DKbw7an&f#;q8145 zhV`WW+!mUvsilB5n%B&Ex?eT*wcaztFq!*D) zK28eba;(GS{o?9v$9trhy6!jSnWHXC!2zuJEo#1Qat^M{?wH>3Fq;nBa?-sR4{x3> zYzjyW?L8NrW|XX5nU{EO)z)(;3-NeFh8)Y-9_R+OR`=Q#J#Vu*?d4NRQXY_mURu8o zK@>p~CMhA18f7@PPlLlxgHH(S`1an{f7&Qs2@XYE&hUOxC8XOfg}oIuoSF(ncGKV8 znxrnd*nfkY!tq%g{Sxc9er56(Pu~jgq`Oy)sU$D1U4rFUprP*~6vWZoab1(j&z9!y z9IJ_zFB4^@^e`Q=)(Ga_*vsXIgvF{*OApEdJ(E6q_;ML0)d19FI4K@+hH&rLpQ-HR ziYN%~Hri*djHh5;l_o>OG|VvAh6V+oTRShF4NQK_6s_1{FRj(obVUQ-S=l@U_)eMB z#83iKsH6^ARoyRj-~E@F#}>tK^(bgG^ue{Cg8Gn&5rKV93sm6Wfl7rLUVM;U4gee=VZI zCC$>Y>&uHsK|PufY4!{N!FAm6XUOQ?4*(Q_ME+)cmHC3Xk)mjj^6u6sJSQIB6$K4N z5BglTsV{ce*KfIx84_M~=T^S-l`#>is{> zr6mP^h$L6I_YSiuu8ljicKVXHF5fp&!Vtd4e_VlSO73fuzO=2YIFaU&@cp}CtO1vs zx*JgO=uzZRNnxf!c1w_}ljPud(J2=-Xp&w2^l&uFnfEyzfF2{O#tBJ^cutg*P1KE1q=z zbpmDK)vMI?%H<$8p)XF4aNax7Oi7tJTW;|56&hk&!>#C9K{sd$g}B0hwv$ovfOJc`a@GPo58CqbPmBmI6|VH-K^qE{%o|%Y0PrBn zzXVJV1{nCL37)xJiCypR}MZ8kGUZw?S47`c9{3+R|aR(EPaj0h|#StHJ`qx+E8_$jh6ru2t!J(m( zu^IOBlkKr=q!-D?M=|vyjR={fp2ADD7R^TSL)n{iuN$sHP?ECz(7x&K>AzET4GWL7 zn3x)qqD|rhP}rZyA6jy9az6w;*%tOw2t-jS9n?)P_;Sfi+mGgq_5wQX5s)Z!$+^{c zjUKQW+selaM`c#ODwVmg>i^1*K@{whs714X_Ag5Zyu+>5m-$`9G%}qfZFh5BXV&8s zkNB;MccRN;3Ds9_?S}1SvP#d7v~LCxav?w`#ZidNIzq6-IkT2aw(W9XIFE|gF{xxP zy}%`bQs2zwNl5mhMNf129l~$RRwR`(KJW4xfBm**-KOYgT&`F7aW1V|s& zVuWv7=YuujP_82N>68k>DTbX0LaGcbyM~Z1yoDAj0WFI(Q<}E%8ZtM8g>sm$ zh4sY}-h3h=oeN+Wbl{$)BrVUjc1nEX)Ysi;*E0F$187Ui*gp~rYfMM@kIoC@5pzbS zR>IZs5YN!$(1khZ@&IrMXa}L+y{E-66N4goXf*}E1o5z(4d_};OsT7BO+rP`H{IZi z#4n!^-e;6CAd>cNFC*$&->9EQ_BbaEZU74XimEOnn6hY@M9FJw`AcVQsPS%SxR_C0 z0&dN(OSyLl78~VffpNj!#3U5(K7|_ol59pW_y#J+%OPcz~z=H+$U)+V^ zRD&fkZy!KBNPC-&kk6goF>bugjZ`lQm-#BEI;)34&W$$^8VP~;UL0b6eYJJ=O0Qlu zD;|httGs5_KMx8$k>@+^`cVvcJ?^_7I$6FdkxCT&>9ss+u$O3ZkLv~M80w>cguw+X zN6_GDP*gSFEz$a)=Q{Mds&oCtw5xbtv1SsX;YmIyi&F z=w$8F?D3F>B=xq8z%V1ejEqc@kTbPon+NOt0|G^Sx>B*X%ZUA4wZn5Ps95k?feaw9 zS5|Q78L@l9UZmhs;5~!vko_%Jn+$PjG+ek^=_ZkM;Q=8-AvGl$Pv#cTYrl>722#VXRg9{iF{<_6w+AlAzJKrU z+-NB0@uBY+myX-9tH(+h$$fX8khA>~Iq-JXZ{w|X_gfwsdOm^y1eDc}1|?mRc@7)Y ze0&)8%RbPoz#A}LPiYz%A$?Vih>8MNRjqf<1%IcOWU4r3i0{qPB@H!KVr#xd=NfW1 zTw0O;&tw2%63k(IQUtJ|=5e=Qu^7>S1 z4eUGN(k>|2*~J5Z8pDD3Rm1ZhUl@)A$_3FgA7pe`g@CzA9Guml9m(%Rf+C87k?oyz zEz0=mOlQAD95gKn0z-HmD?H+#MEAOudD_EoZB#P|nGq|)>;JXukmgluW)RcLe2+p$ zx4bxB*0t!^VhvTHyL`Rr`>u@JTt5#-_N~7hnlKQ-ma-E(!yuy2&8lh~9H;HR6WsI# zgLX%()SjW-Goi$}(d+&9sQc!fwP)4HS_ zwbOJ1GjDLV<>7#$H{6fo8~1aisAw2`4{9UM+>CrvUzl1Na%EiZ_D`$fLEY6u9NdWK zh^X6cre;5nww1-R=YLUxf&8$kv`-HSYLN!t6XS!r;vxlC%9HZzo1leX9IoQtJcq+8 zm5shxx5cE@7y$QyQF^!~uZtZf6RUMR(Vc)2L4$ zCQ9-f#`zJ)KlUA((*W-4x+OooDjRehyYdho10@nQtBe;P%-k(VR>?5@2{tEt7PQWw z(>sV^=;(E65L=-R&wxlq&y7Lq_;q>ru&rz777#KPDme2U9wK&g&I7i(qJiai3&#>z zlyfK$Z|g;cu({ZXHWHIPrfnEMN$H}`Gd#@qUZHpn>d4-M(`@*8QbOfRdyT#n+o3Y+ zj@~M4dTd0)S-dH*`$df`F+3NCDcDy1-@i+A^Y(Zr>+!cdX0YrUz#KC!x}y^< zTuG(0|7rFkmVh}^LRRt>b31mb*F{EsZR&5_BwtenK0qs8A0M4BFp}Ux+2+kD1&f*9 zxXT6XmBU(-e$SM~km*A7fEpyXht4dpf%Esj3z$zP6_md){)L7AjGDqMi}$%JrMiut z+ipAVzE};=1HRi`xYrBsySyMDGIn&b?sj`Wbp}6uTOuidL=;0**z_$qu(I4qBnZoIUbQiIC-Z~&zGtlC1B8dPhZ~l;^Jb7)H@@*zxiV41WG0T&!kS^P1Vk? zy;vhzwz+0jBA`An?R<{}0B}9NI4qqvlOF!jF-{B6IceWW+ZTkyUNaf67H$^+?cPr z>XJ=IIe(_>T6{Nk#PY0;c=L4Ak?PYY%Ew?x)6C#%C<*`|sZcJneK1o7!XyQp3ic#1 zlvHI()F)=W-b_3kY1XLiLGRFQvPB9U_lX}q+8KqU?unE+e|k+cG94N=L>xoDemS!U zo8rFUdOC^!KAXp+J5M6@1{f|iBArBkFa1jbB=}(w>Nst84>{XC&8=_&Q3v;J8_?V0 z3nQ@$0I*c1%O-zCB|g!r$O&`>;B0gp*uiM*e7J85WG4_Q8FL=SWu9V$*vktIzfE*o z#)>jN&GHu7vdk<&B)1ELrK3O+S!Qa0oUTl+1vi_L*RZ$akgNlFXN&YM^ zDky<~-Jjil?Q+CiCp?|k-7-Qy>6t)pGWXePGUsSrIL%jNz& zRx-WIt~nNm(Xfk;2vA03Ib}zX)-Nvo+ewJ$5~D2M?ZKQMdHj}A>DC@i6c=fIr2kEa zSHkmN4$|SZ?2nYK8v~&5)Q_nR;u1b9rVCf&-40s*f3pR>?OS77FLM}Y2d#De z&U~Y^`WPG4reyPQ8vokkHTrig^9fu5#n-@LNsEmAq7$fiTv(su1H9*Di7se}(rh28 z>G=@F{Vw{VUKUOi+p~$5vcYQX!;xZw$V(ZC5H6e!nf}j>!v+f&yZk?O>We5b-3#T= z5~59!Og$A$M1p|8za9~UiU=_Ewchdk{X4QSBJS6xyN~z`I z@YeI4DY`fld4uMfq)@&Dg`!CclybVe0nmr&&;T4ro+fkk$yueyThW8{*}(Pd{w=lZ zv#VvG?)%R^tl__`a7zOn6RX96fJOH`CNyXU>*4CK;qo*OR=LuD)ZXpX4#R+CaN7$w z=87Ig9FD~ioM`Imez;mPj_I;TBH??>Oy#qWcI+(%O$e>L!Y10kHT^rZwj6UqLpzL( zD{Yy7JXq^nWIw#0_YQcI>!Na&E} zwKPrF^1Hhpx7t!3uUPA58Xl^gm}IFghGU;hEXh|Sa|7m`1);&+Sa30qSfvV_o)~%y zI}L!X0AkAP)n+Hn%89(6MTq1}LFw68M1uErO}HaP%K;CB;6V&gFX@K0`aPivo{vvu zH)bzP50_XY>`r==Vf;l$=RX@3QD!zhZ#YRTE>68L&ZeQN%1S)NyPNd{AtbOp?ypoe zm>s+RBmh31R73a}x}F_+Q?&{qUKGDQa@({2Ug;hj8HdD5{##Vu+R(mJ^%qCC@aMtF3Id;~lOqN}$fB z%Q=tNgZT?B?I$>k!pK0If)f4e15hf9o%W=B2QL}UuQgkrZAUuW;*_dC6sN|E=JMZQ zj-?WP=;%vA~=PurlIP{{1|_IUp{@CQWWc<{$=E3ao_UQ5v)V zHm@A~g@qHd_dy=lT#STOCi&;CO_9#c1+zdhz!SYI^&+K^J6W?a?@cJUq+Z)k1XwN~H1g7G;tnA}ivOMpbecgntZ6NQ+$B(rS>nLFH ze^b$)zUk{ptygsnk5DYubK?RBAxrLBpy2-y`+XuqzF(Rt|0-}ja!)lQx!fEj4k-o; zRRBIr{tSxoho%9}B|zL8Y@mDl^$TAwmj3T zHa)3?ki&HqylLPrl+csi_Mi;-AmfwC3pZ(~F}1htvMcN`ePKU)VH9mVl8fCMon5I| zYuch`bnNsuLI0ZujMt(k9z6z&p16FGGs~{Nl1}wM-BQ&WTLbKpz8ixP7LmXpfj9w63 z5{1g6$hu9MRGW4dSgc3TOO-NGjlALN`%sXW6bMhc%jC?m4gZ^!kd25JxIww8xk*!; zGM|NO{c${KbQLC!#Mg-U=!T4S-b6D&{Xo3`Gz(do zNdP*0NXG%cvB3lUkFjiN;2Y6xhY4)BHtMJwq7F8B&8+oI(9JBjo=Fslcoeih=X~Bh z>R{k<`HF~@l~qcgP4oJWuEGl%OCpX8@*PgTjV%XUAk{s#B0;#!&q>6Nch=Ql3OWWc zX+t0LzBG}!hQl8@-4lpWjhVsyex+mfm}4ZAmKF`HYBseOfP?^U`JUh~`dBJKIIXY4 zn>Uq&8y0`2Vjz%J+$8V22W;^=>(#=mLa>KIsxDhGqoQK%eqcMbwjodJq?J}ZU_roM z*_~al<|X7fo|x}#H^7s=4Pc3`oJCO=R^DzkXumXLO1(0phd#UK!9qOXbMpXqj2ub@ z7ZUQMEMn2N=2Pj`BnZdvk6+tK>TdW9khFPykS-7w9!|q;OWmjO2_wAg%y(#Dv~QI1 z@oCGpv$yM5Kf@&<34@`bWpJG^0%_Hlq_ekIid!#eJM zbe#OZs@11^h61a<5Q9R}7f}%l+Ow&W4k8RJQbL@c*t_Ty$M=T$Ha{rS-8fgrJ0FC+ zZuwZtSo3FhK?j@we2`-f51~<$r^k(GOz(S9t2eWApGCLLw;bFckdm4o$NfiHi2yxk zBSHsvvGWlEcK%~9V!B0@*A+)m38kV-zK8!qk2(0^>9~bS@fp=4RF}@1rhZSGfeI?* zd(AaCq-<8Lhl5AInw{kXRz7Xs^Oj!AqANs3yq&=AXF@>=?_fh*zruR)RamS|XNtX&I0K-hc+?y?0XSRLmz|6{q zm^-EjYF~~~H69EO4iXHM&uoE{O_g$T3TvU5hAE1N8is^+9dW4)uC-i5ytWPv+_{Uth92Tq0 zwL4*h$vXVsH&&p}XC_bvSFd*kI0MW#m`nT+89#FRAp@YAo1TGijLi=VqG@Ot=3wxs zV5NZkjrBQDT0V83!v6T~9c~Np3TvVqz9#z{=UT~|)0~+!37f07nj{?#ZmF*BSScD{ z>qlL4({#!QeP<W!w|lb(60LH;L7ox(TOs%L(U5R*mS|*zHzcK zp!kV`_G*I5+_-W3woL(+0ALL;mqZC8ejA}zpUtW+o{ysQILvkjY*054DD?ju_P$rn zo+e>jS?T1G#Q1nZv#vjO;Z_W1!fO}Uf=kz{7k(k})+bQh^LG>H8r#|v=t5GAlNS?( zj+8Ey9p1&ziqvcucU?9Q!Ip)?3Pw|gW4uAfVcL@JWXPjo+1O*Bs}wNPE~dI*A7&;1 z;SzE|aL5DKsH<+&)p16EuX@zkNh)+ZC?7*|ZfTcPf*b*btwpg%ARdF*0ujAjOIV~7 z6$%-8_|(OWo8|AUtak}v2ta#l_FXGjT?R{z0v@=yBBvSs*SkMG2eN}H_%NlUGhCJx znLdWRADYZudQXO$BOT;YalL;~w6pGjeA?7cO2fmtol*q( z^s5vtySz38_>0w+nb_rT7;`13OREm4?-KwkSkm53!QMGEffw1%J~U-oALG^^)7Zcu z74?<{+Ubwg02x%JSO1-Ptda)znk-Hcd}6zw!BMB{1<^vlOU%N^+FEYi2oMlt$%yCX z_Pg|gYrC>viF>qe%X+&syW#*1xI}xuAc&whYMy>y_Z>0ql&(d~V#U<-X{f8*0P0b* zc^^VPdL%TI2EpIh>#6Wzr^4fjK>j+c_p!u9Z=E1GLD}QFV7Li}tm4xk`WySioT>p) z(~AB?_oX-hv;r#bTEe3cR4<9m8$Kr-1{xwB3vs<9I6Vh!CE2lkG29o0*=StXDtfK= zTyQ96@OJ@gq4~66?r{~m9HC_owEAB7M_Pt0jsO87phJ4BpIhiu|zBs={A*I3Y$ZDP)mX&-%{!v@@6-dSoXGbc8rs>1?Q%zf1m+zxtm4g?| zjd{D3|z2B{xyYG^z z1VKp%!T{2nYrLC2Oj}Hl~&m_}p>P60R`xFq3}W`rwvV@u+Mj|E`hiNK zBIZ7Oa2WEU&OdbFbo=OO+WmC6-g;%$^J{{=Nnten-G7L}*E+)Yt)Trr*%c7{u2$lG z&RRuY1DVN8>y$hIRR0zL4bx z+~b0l?Dq9J_Wp8AC;$e)Z`(amuYRIhVAzBRx!yivf3hr)9l-T+1f>867WphNS31OX zFYo=f`~7tq_=r)09@b@6X;p1ZBBT94G!D9&VH?>6?-+)7CywW^?15zXxR2SrX4mH z%S6Q9M=f}Ut@q-4+3N~wFa-i}oj!$x`}oU`6^0RVtPT?rEiT<66mv%{*u=!d`3()I ze;@yRAg!@l2b`uMna|b1VrYWo!pcv}fnTb}W$zQ!Z+dtMxWl zG7`*i<^w;rKci|BsV#qOE}moV1B&z*ST3*;*Ss`W#U>EBH|n6{(j4ptJYC8?(wweE z*yq1(GTf3qcKd_^P47r@L%E6}_^I#|T3J=JChJM`QR&XMp?i_lu2I7A3OcsvcWD5~ zw`4+le-q!1y@E^fWCTi$Y<@4V=Uqlq)Z=lJuI@z|TEKNC z$l4vnO#z~AO#TIza;KLA;uSHV4?02?oRP4CK^@L2!_XsR===={(Uw$Xxh5%Iu?UF9 zGV!7220W{GZ4F|+zv85ba!2Q9Y8ppOoV8GMhcZhm<0@3_$Q$Y3QRLWbxTtFTvcSco_4IH5oNslZ2PBVmO;gQgK>;JBj z-&`k9eAxJN%@@Lt4!CgNcj!Cc23be`8kNBUMz0J~`kr)4U;kI%Y9yC4l?=zm}U8MGH+e?0TWW|L!cHXU4^x43>E|LDV#6u&~D2 zfsbpBC_rXHBTa2QEZ?FR`xQ<`EU*zP4I}f_u@DKZy@9rESa9fTQ59THPtW~mB3B%C z0$^K!DDJ81Wtto%1>@sNnQ&w4Fg~m7QySM8c59je1Ciq?vH8TbNKrG5PEIs|g}P>8 z>t|{kBM-ks)ZCA|06U>#(_4tzAwfjl+}iyB%RP3MLXks3T@=gogon0WVGUcAxuRpD z_Xqd9y+%PUsB0oC`N5;9^$Ha%0DDV;_?0aeRKQHH<`riH!^lu&Y-zK4LR6}kFx-Ry z1BYv5(Hz2wllP;5V%N6+rGa)RSku4z?E0`7v^^8|y)202<@UijtuTgzd>$N>k|c+l zBmw_O8RxTmh?c00v97n)5#mYbJc{IhyXrgdy$pcDwY!VRT)kMpzrM9BDg;X#Q#@5? zY4!Se{Uc;dupJmy{suuD5VslrHA0FFac)%o0{2*Ls z;B|g53k9-7z`Q=4S7L6$tuN-2Fb1e$GTf&|4%#3@;;k4uI)uy|tX-oAk9z&IY!oSu zO}!`5gG3V@J@qC5A>{_J^NNJMCB;?++1y!!vEk?GZYQ^&(rxJ4N#JEQdJXpGTQUFL8$w`gg#;&#YXZeEoe(_D8?vF^$~;2;P-i5-%kg_iwo<^9LCh7hDillsCI~G7HV(_Uw}TwHa@`vFv{#TnDp+ z)&N7Ul9KBC$z|vT875fqo|GQSD#}2oL4FLfjYQ+3)yw29<&lhoENc-!*3GX{b#`4R z#zNf6)_Yo4j<3<;8gfIVKFLh=IuoxzJ$C1JrUi8!%j;xoGx{qYoieopQ3 zl_Q7Zz6Bb~fr&$#<2HOkZmj4az~~8VE6WKYa%wx10MhAJJClF_abv$5hWTSCSR|xn zBWS6)a6tDL^4sD&J*!yLmzDtKHC%L;{~cx0S^;fK)!Lg<9ZymvWvVDZ0A~y{K1J%K z?Ang+y6fHbm3cdEvSQd2^#d~Cr0dk$c2bHq&HUFm0gzxyRZh`~-cf+?2!sy>#}~x8 zG~cwD(s3y;!QuT9$~=?{oZFsCq84%4XI}Ez!}RrkctGHCJ~j;t3+sBvy{@H>#lx#E zQ#QSpk|2<0@(9O4hpLe~*p=Jk>x`K2kRpwMZ`wK7>u@p*8#XI{|6epbA`p%itD(?nq` z$i{{QFC_(NH=ludLWS6E=O$?H;&rwECM&ord@`Cv{2vcyp8|0JTfWPz^q!h5j&Rj= zKURUx*gsI1WB$@CTJF7cXe9LyZ6@IHE$EV=5OpQdFDC-@G8)8ryQP_8)MZshK*0Z4 zf*o4D*pzSbh^Rzwo|=}n`qr21TiLfK$y6-4Wao=E@kKfiv54gA$}xUtY_7%Aa2f?O;{o;$wK)sF9>`z|g^` z{`YeI{3kxZ48|HBMjId1XbX#zFjBK5e@;DAR?F4{p147PXKC-7`X8+DZ@zE znCZ;UR2!th0n3}w>&&Mcy6kpqmYt+o0Ojj?->V5sHN_@H3=qW?=gf&!=p+r7IS`Q@!7hn;r!51iirm0$TQ6>F%^Yy-4JX^z~cy}@V@qb zpg`2M_q5H}+wAus@dKYhm4Y6u%|pZQyw=kgZSOmp+s5j3gG4K z(2;_uLS6|&7v&8>r_)tbq29(*Q_vj7z%#cC#_@;$RVql=T_@0V=fW+`0?DmXAS~Zy z>kV!67_mDVOY>cLO9$7-g5=$-v^Oyo^j=Gf*lkJIJ~-l?{^-2^}W>1Oj3Y{ zzb?&+m1rB4G0PncD?>(CdKQK2!ZkWGcK0slRu%7U?qHO$07~4eMnCu>?i)dwPA`>U z5TSCu_)8*fV(*5$cxBxq0;`lyd#;41U|j0G1_XpkfPVn|y%?0C^F$;C!R0s6Qv>y` zEBhUCU$rMZOQzMykjT2e4qmmsS9x;epMTfVxxN~xhhq-S{q9>9IHAW36aXZZ1X7)~ zWLG8$No#?9x1uHd7C_#FNCCvEQYkb5r4?FGO1H8Z9&t1P5fHf^=~F$bp%mMsY}BR< zii)g=$LkPTOMm|fqj(^N5?6p{cyaTjJOHy6JVG=u-Lk6A1b8QFK>#z4+fP=`_uODp zt`yK36B{T?@4oSQ)4$dGS#6YQvm329R)j?gCxa`1Pq%9O zVQ%2e`;2V*KcTPTcy3!G{b0J5=9&~6ZVBKJXt^W$!84f;@<{Jy+PSO`7uCdA^og;j zhbJCS?wo8+>6n>GG&l`H)F-l~U(UF_gaB=R0;l9+6kX(HciyZ;_np)FMeR|y23s92 z0We*0N=_pFGCJ4tG#mz~nH)7i7x4Ss|Cs_&3^*UcMirXAtKLO$JL5dS#+C&pkaIv# zfW_A5zm$QB$@KA*5{Nnu4k@4l^{IVQ#ivHOI_w-4_G-8g68F0$U>zKSgMd&KKo+T9 zaXs|7e7avbyYaq0ktg|-{O|Zq6r38^h5BYqz0W`pprEgC(nrk+_6FVO_&LiB7b?;bJd%o zA-SHazUS)5u@tyY2r^F_rX_**XK&drol)}3*r&KRAUIUHEIHSU(5dAI89zV&wRg8j zOT8JLLl0lp$n{>r$j=j}Kc{Isf~LXU7w#gIo=0=>$G?<*Z9I$g$VkdjNP!|sn|20Z zo36d>cgYFpH~cJ-7VcnBzj7(M-AI|GA)$}$5Fq}H|@J^|LCgT4lJk(wdvxinCF z0#Gx!b{^@l`Un!;BcZNG$V3KPTC8t<^IPfwfHQ*WS}@i=uT?8;b2PG`*&KpA!C00f%fn zyu3T86kjl&Hk|ou@v}PNhJ#Dd&u@VQO{eAZR0XVOMw6ef`PJ^F zuGR-?g>!iw9R>-*N4WAkg?OsaJE(7u85YET;}@soLohHg*YD!Hfl0>M8I{VFZ2H5tR5JZ2aC@9>kNRfw47?MtctAOt+!JVXk`#Lw<|%PEOy@A_$*OEyBM6w( zt0SI-N*xIuQwy9$BL&GM)n9BhedWLK@Ew6&}M7 znL!K|3&$5q@=u|Fs!V2l8l0+jcCD$Clqhshjn0lb4Jz9|fI~0`8L|^aaO{5V_o_qv z4sM6ew3tfCJ^7(107qWuznK`XLq4Sw5<(n$T_NMXJsL~y`OJ$`FF1}|V5I{V08CZh zSLOA`hfNm%ymlOG_82nRS!ALD$!@V=X1P7$wHoQ$S`O?5R~xB=%mJ9JW3A-BS2+hV zT0lb|v;P06S9gu4s8{(YZc(K<#{;tR6>yc4l6tzHd;D_RkiQSC#?ttsluVC?T@xBc z6&E_@l`PfA@FXmKZ7E_nZP2lev$NUXn|ZsnyXg#v!YQZHfnfTdOjM@#<`!S4OX3S2h|7;8;cY&fn$>Q3o>eTZQmWAA^^_#t?;z4h)q)W zj@zG!ll>JxLc?9Hc9z6}P+{S(>t)X$+?dN7_P}2^P6lIts2%4`?PV$!`3`nT)W%xq zRpc#=k@oi6@7^r>GAYpAIzF*D%n%?dZJCnanp9aduy7CM{-XrPxnW;b_Hw@Xf!K_S3W!%k z)Ui?c5*_YTa12N$_{X-xv^o(6%;0}$vNbK(VsWPWsVaEQzna#6l8X28(w{n>eD~+vnNKI4NkrQ};}0Iczl!Aa`-MBYZ5kXFNkE#b z9&PhQ3g4K<-;eK?aCvW`zb^t-@N0`Akcs_$6bN}oMc7j-yG4zPc6R&a!4#C1O|Q3R zMghjHaqW(>aQ*ukX7&wYOA&vIy|QE#Q{6oSS6%S3YG}TOrp@+$cUC+sguxo%K z14J{@P+~v=NDCk+044n3pmH`*5D?y17*~IRl1aG6UPN@*^fdC87?OP_Lq!8b7FFxo zeqYUJiur2^k1e)s`R-L}%WG6sN7@Grd<47{913%XcKz}`5Nzt0uvqU${1CX%^Ww6) zAUOB&O8miR>E4f<&oTr31s#{mDSL*{4N+5NJM6ssB30=~KE2==R7sIbZV!@!&0&AF z&;Gm)8}(NcqJYss1yCOZq8t^TilHUPc^c0wc@}t7c2zK6nL=o#3 zH;{mQz9$J$$@Qa}$hKIBAKBG@1CGy1>|&S);7wThny5fX8u)-R7ki=`TI7a_w=Hb< zJs0YG?xLD4F=gftf%k8NJbmf?LpeX@f0jGZE$Yhlhgn==&$F3o4ucKieWK zs2M}G11DowSNF;3o>K$8fbZo8*?-P{eewbd7glNGPfeMpLFlcYPC z{=(Xde*>pCkc+M2F``Uk@g=y~^*2dS1+q!1a0(Q1tky_XT({Q?Vq|yy$krdsDVNwL zMdI+$R$9&3DSc9yH>D?S?kJ8prM|N(7j?<4?v{CQwC2@#5Q(K%+SU&94G(Y#M(qDr z`YvP>H{QO3@PBh?b;qs_Vt>lf5sql|U%M4AMhVl6w_#_dLhH! z_qn_mxaQJrn?U02`8+XhPIUMTb?jIt8+o_uB`Ef{mMW zkF*jDLH_Sk-Z1&@3@GeCm;`8;hO1;UfXo3e*toWCrb~JOyRs=||MnUGb=4~%WkKV$ zWUwMvbia|g@`<6WRfv@^i1Fi`7JdqYupO&G-=2AEX7_Xcr zeUxl9>3ExDJG7@)?)aSZ9J3emdj0>ufR${S!Mn%NhX-TpjYRWi8z|SL4JRy zRgw1F&Vs^_^84#bB)Fv9xv!px__#?g-5)-HjOh}6^foZcGy|$y@N-c}s5qIiFa_3^ z(S|r!i}e*&KI|Kv?k(Tc6P7&$u1_2Q%k&8ZoYNi zd+!(H`^zyLz}aWV+H=kMJio`0-8)Mpd3rf};S+hWMyccZms;SjT|>vB2R<-WJ#|Yi z_1Em~kF>F~S-cm#jRxB345~|v2L5lmLuCC(`HYNl{IYs>O}>6$!Kim`u;6=o1~uwL zyle#~A>rnk9-#Kt)LZm2$M#)=xzYzsjsqNao1(NR+2UGMf&i;qo8zKL*K7*0D#8!n zM{Sq7WIXwgTX#g2Q`j(Z#ksjY%7K~`fOJo;eezYpunG=q^?>0yZ(^TQA``Bw=||au zYk}R@6i3lM?k9yOSiqIAPq`4yLmt}IQ?_u}Jy=1H6qjk=+H)j=nK~#V91Le`O$KB- zojv~aRo@w*%Mkh~m_&BqD%oq5*QVfJVQ|#Bla+AsSnWP7;FE#j_aDWFi9j1!>=WGD z*4{4wdy9y)=k!oMFed#FRYOnO$=>dav@PKGZYUjkes}x4725s88ftfKN1&wp<;~)t zY*3JN_%P)#^w`Hu&x+U3?iNueOu_`NY&Q8(baI}Ti<+64IfH;e!Q~fc- z1$~zyeMGO*8pAVkvw$i-o;SxG%Q=qH$uDM)CG6SoTg9u`lM7T>7Y_{C`I*%eC}=W{ zGnXO@Z6FNew!q9QANDwmxO2Z|nB(*>=Ve!|kxRJ|C&18J+ zkZYOwGm{cbCSxP}6%po`KX_`F-dV3euhS_9sOPv%hm6)pPUom@`3kI#ihy@V-D1i0 zfQLAhysf`AU69gSRqG$>v`vu%~alBbXk2vo>kv?9ZE2Zq}Jg!2hp zRs}(YA50P;7m3}Y$#sVpgvKYw+m{YliKWQrabN$4J(?l2P|p1fXub2Z`W;fSY=s4U zI>GTKea07TVjTec{`jvN?0O_Ur3!2ctXe$7|9tcf2&-$KwS-*@6hB1 zHH3gG;#y){@L}JX(YIX+yrT>OUpKxvIfk@vl z9&My0s_Wn|3}#ycO0>M1MB;Um{FwxXMX5NYxNm_VxeLK!@W)Y>;Bi9;_kh`JUG-8~u`_PU2n<-x30YQO zIXA!re^7I>d=Z73G2Zo9ZfSQ4u9l$(5kpagT)k^elG|FcZs+?M+22eoH}u{`moMAw z&J<9wB!ARzJ}?1Ig=@oM)vm@H{qyG*nuqz$c3fg& z*|y4`HE)@d*(bC25KYuEKroTXAuX|URstLR0 zU(8T%q8!saFT0D8U7ZgfqSrgAe@wsGz4FGz!=G5;!Tf%_ism&)8*c1NDW$ah$Yous zC3i9;PuCMYW9P{)2tz#jLXdlJ{tO%ZIfJ&Lg|~uzMj5taF6(MiJaExvi~lmoy; zAZkbx43R*$=$Mo-2Y*^t5OT{N9OAhGHq^^{yk47Eq zZRqq)j`9wB>_-vig$hLFt9(r5;Ry%N%irgAGezC89m#qftqN}%KXh2G02Tv?*m1H6 zgp!2uWL1drk(AL;KGZ1~-Jy+p3sGayr3O;W-skW#)|{t|b%(t%&nZoegUvsx&Z&`I ztATIiyiYhVv;Lvi62gi~&Sc%-G_(8tWVi!#B8JfLgP_=DUk84ZJBU-Wh>{c^yr%ew zkmh?jN52O3Nm>u?LIBeRiIyEnRi7k&Y&@!#t1UdqtzzaqEObIXhm=`<-YPa2DR(f4 z$A%}pqwMFc^s$p37fpTz8u4)FNFay7bzZogSQT1p5`(Prf>n?=#b~JQN3|=X7mNKG zG1J+)N9%-NIdm+P@fSU5Bz{bnS8!+iqLU{2djV9bF~7#*m!oxArBXex9Z5H98)k@6 z%wn&9ReTuu9vaApascq3wROv7;#BkxC{+c$f!VdPSyO4_PVRRv^jhfMe1@;$0vgmw z08v-S7jusx2Bd*$6Z*w%4=l6*Smo60f=iV`;e;#$wO&rF7wM#D|C-~N7!?*^fz`+3 z>|m}qKtZjlZ_CePrU^T;Bf${H#lf+rq5z>~)FpQYR7u$n@im^(vqI&z=lA3ns@dPp z7E##NFJi?cjU=GKtJ2(?7|>jR5j|em6UjcEcZn{468C?1pL^^)hKi!u2}W|IA^^r6xNc_NdNaZADGcFqUJi{G)>B~O36*_u7mW#5LY&%cop{m`0; z@|{2oDvFc`0j>Id3x&*V{a8hiizsCqDEwV46jyF*5&DG zqr>q64Gn!X(R+`-?=PC`P>N^lvm0?7^|92TqZeZ~pHhs1R-PL4+Y58~!Nxxfs7%@Y zwwYZcuI(KP83*$1)Y5DIJ!I6=u1Cj^hReZS8i<2K^hGe7r~)m4E0@ zmP$3!8|n&`_%j9bipKW8kc2xkdJmpeu#PeCs5BiqzQ2L>FXgV8bA*UVKDR*u#lxdl zw_7qta?#QDS9#x(mgblU4uV$BkviNES?ss_igL+kRFr|buwQOt;@!)r?9g8se)u?O z2MyF5i`bOyNDYDS13YNT>|nRjki+31T0=m)4db7IxkTfM0AsyXEDgUg%yFkV{Iy=1 zvRVK`Dj!ET@}~R33J*NNj(mfI;8ufD8zV{8!8;zG0rq{g#R0F?cXkgUb<7gB*Km4&j<6Gu<{b7I1xt0 zHqG>;dPZ#nVVQPT9cr7t8BkVo0dDVY@}q}{Cv=8>GnOY3cbRpLn(xdQg5*W5b~KHC7xzp=wOtLPG(O@;BZ3a8Se*OQ@S?wx=YQ@*#qE6DA+@gLSW&+b$`nt&WX^Iwhqu5@oebyup4ahhG)vv zMF?h5W22-5WMDM_KjQ=Gh(Pa-6r>Ucn7O!3?zT7D0c11T7^Yzj&!3L0S^ll1l_1s% zvIrt?I?rCL#Q&8`SA1Vto{_PyQS@XpN0Nw$E`2V3u$<<<4)?tL8=m0zD2UN~Jbk)> z5Lkh<#`>OI;!V*Fmr^zYl1)wy(9T5f|EM{6zIJFBX+v8+HaNVkL%%|etVvsN>P;Yu z#_m4xbkQ3;T|`@d=#6Y0l3uUo6ag87!0ittcvR-_;goAy{ZV`-g=rq+O;0VM6a={* ziCv>JHO@F805s3ZLyt=+my{_7NKMLbBRIHJZY$$B%o`a6W}5_5&yiBw+VuI$c=P{i zyeq1X3kKS0(BJwFkG%I#VW5loM70fN;F>xqQ(s#+J(pX-v6e9MnG@$#c}S;R2vntO zO3mH8)oC8ari;o{M3Na$ z5+?Qx%y8*rrCt7mu#sEMmkK{A7(m17rK-guaK%p|mjA&_Tc`)~a;Z_b zKv-jXOgu|(b#OPC(0($F@ThMW2nH1iZBQO?kwB3y-cNVx9fiyF+h&0lIYefo*kXaO zI-XJ#Hk9mh00qc2csw~^gMtz!$B1Rti%MPbM4U7qmRNy)1-w09a3$ej=sjfm!J~ka}W~y zr3vPbm#YajokKLAFp=O0vl1e9G%Gv0Gad3@mQ|_?1ONvwik^lQpdkU<0)!O=UXPLS zIbkDZ`qL14vvP7qh`!AyFtH-LfJrs!zs%#!6haRkwKb8-`2D?In3ej?&;AWq7+BI7 z1*x;0l=c-dDCCfyy zKEdC4T|T^z@`i#?qfcC1*y>j75GC>eN>jLM*9tPVxIghB8rM-I`cYP9nT+atJ|4<_ z#{qWoWec~jfZ-krY&bxO6>1@8x)gU*B_>vXQhqb~Ymy+|PK;mJ?d96_?*+#u&hIgR zuf#PvYG43)N?p_APgUfeapggR&t8J^C<`W19H%YeO!GCdeL82z^TY8cp_Y3;2H7|A z4%Yl2vnPquI>Xgk;*A0@%iSVuMXgt1eV!3h1IZPS8gUxF;2Qyc5G$gEg&!)9{KV9(?9PW; z_ZRto501BiJmsm<)ID)iYnF0wy}lr*a*(iCF|N>}lAu;6BvOEY(8cJbMa%eRtfbw417X9a{_g~#H7u+&z5t1)xGB(eFQQ^e013GO zYoqIzyB*POhXx|#C^hG1?Q9nQMun9!vN=pQMqBKbONFAl@>ia>KHX2AkWi=l`rEw6 zOcOZZO%)s{FZv3z{%~FJ;yRHsFo6TA!O0sWBcnBtu>9;Hy3g%G(K!C_4-l|ppy|ii z#V78cBGL=Q%J9A@Wc1o^k`-X)6~G4pzVy5cuk2r|YVHqS2-r=8vU=uK1|F7-=crJ3 z2-p-!yN)8+zD&coO6ySK0rCrr1Vvn?=0CDl3WKEk>BeG>+C@q@Jdpm~SIde=%LKnW)|-t!tGDt z2_aoG8m^rQ-(pHq z$${C>Ke}A%L6NaqQeNJ%yd)&N0_X6Y%!_+P5w|N&57N_WpvR1>AeNQ-9f9QJ@t;$o zipmEFU}6hAixT_=u|656)Xy##4%edew2ibwdQ?>X`XHFw1~7vn`%e0lvlQE2fVl(Q z**Sb%5!UfH-XG11x*mD*-d5^|{gMgVtNAhs8K0WI3p=%5hK+k)c`)_)Tq2yo8SBc~GqoW8cqmd@QKP$Bh@^n92^r!1u)$uRGSzuoDkoqkz1_vKQW` z^Xk5n0>W`~Q07Z+z&@~1*s+bFEVMWE+?fs zxHaia9Mlg{AoazPT`@w)c(Vrn-^5}w*@Ifv0INuFT`oJk6$eBI ze9J^s-mIWzmE|?sHS(szh;I<%jdD;r*+2*P@*Xd2u2^ilNWQ<)wak!}0Z!LIwIftJ?d~VviL4WPLD)4q(4pGw1gd z=E!pzHo38(ox%r|J*LL)LKjfJ4|%cpCOg)KpjL1oYHxdd!$OqxN-i6j2dEXL;1^J6Ro;r&~LW) zAHm2uicBn=SHJnGmx)y#6TnSJ`6`N0UJ&3Aj1Oro@YBmtdK{zkoB__8;4w*cCsifaBb_v2P7%uh3*( zzDPsGe6=&bXDaR)STh9LguT%f-#a4U?s4;a&R(cDK1dPUTN%!937zD4g=(_?()vK` z-LkCu%!s^D_Z;G}?2Bh!eUn2SEyA6yzW@Xfq)4BE)E)B89z1uNW&MP=zsJ7tU!K+d z^WYw5_3^*0+Bp1LjnfxveDi+C8`-;soT9>q!pFmh*Z=w$M|rdeaPdn^4WzB)!v{^+ zOmq7#Mn!|)Qv5-bkqNof+N;rFHn`^&_4Hr?ew!?RO>Na60OC4SJ4ON<=704I4nO_x z`pp6uBRZFtnoj4WZj3g*Vl0kmez^Fj2FWC!Ij9sbR}=8l1Zw}<$~Fa(rMJ;Up>ZmG z#!!h4jquOUGnZyNBU!zOClzj1(sf$Q{J$L7$OCr$%e1a*W@-P%*y)~4;lvugEQ_!n zv_67VnHfP@D3O)RVHaNmRLeN%WaP@`nt^guh{p#wl2_Lr@c9cJfatCet>ey1Gu~rb zAX{61`C}Pi9RscXgKt|puL-`=ewK(IajyO27@d(9)q^lTn=dL;3QN$kp`oXl&@rA} z&>7C5Pv@D*TZnr&^}v1U;e=N{&NU)NRxYfTF&VJgFjo8yT%!QY;w{O{+H7vXxo3sw znIB-kNsqql6KH<>@_usjkCa8OSfoX+b`;`q!$N^nAR85aBu6k-_8B-Y>*^Zc2TcYC z6wZ$4`8WcOkLKz(5hl(w&Q}c-8!P9g$ok}A+FM87XFAj}u!#L-VVC#n*7oT64*?Q7Js7dFiG9F%u zR#KwO(5=IOJ2#e|@ip!zTE& z4wH7s)^6aW;JYMstn!y{BsLPjT!l%u8{1C+a<hnng9F|icK>=MF{@Cvf+W(-#eFpv;9o`AVY7lhzxG@AB zULjRJm`jAP?YJQL@1u>a)23`V3-)Iy_J1p0zE2>wJtoCa|JRS<2MuKygOt6!YY;=y zW5`D<2RuFi?mb6R*{x*%O$LlxM&_H(-u{KJ(RX@l$t~@T^vcJ&ipd)VSyv@;vy@YW z44xA>K+hSg-br}^e`njJ+Ufx$Bb~3c`5uT1n#6e8rynnn41veWp;s^NuUd~5$ zA-!;THdx3eszx*h+woUjB(5{Tg9&?XyU!;xSDm{5@W&VE6J)@-Rl*RMaZRD@mYFjJ z8t5jeL+K?|1didL+U0@g*5_MBjqP*MK={ZQm^!5UHcXL?dvW^Ig7@VRr4}Uo7oiw6 zSo)0&$VdYHhi^51kbn|kcbN+vgr3?=UN3Suhyp9+m%)Zq5ZE1qH;7L|#X-dJ$)scB z0(i<}qAoXFk6l4?vo8m1&Ax}L!XQD#rEw!Q0GGrH96Wr%yIHM2=L)g=Q?J0^WdvD` z(Usw_h)uljbA;X{(z2C%qKj;J7kKy@+}_;*J|HRRWEV6J>~9g{lLuiH^woLlfu?d) zSybZX4rtV7GQSrBiBFJFfrXbl60rR{sqiBMMkUGITmLw@B9&5gz=K#*L0KPZ!l$g$ z#VB@J5_Cg|As0mg(&SQ2XAtNVYh=0a$cXz4ScuZ|;U*wg@~xvB63E2TbCy677)8~K z3aBYZsw4(&K+t!H_)=(^l$t`tbU_RGR6wh4x1(6`8l35CeWI+r;$W(FqSyheyhmkU zE2tp|d5vk&|Eb0L0g@G|;4ccl`|Ds8N@**rR}iqFcQnEVy<&HKS7=^&rH4-|&`M#C zianqLg?2npLBGQniTToP3jFsWDvZ*0c4+U-%mt_Z@CRI@9)+|5%mBnD1Zi6XGB&&8 z7$*3^T2W72g0sT!()?jPe})=4*_ZnsFLW;xv*PY*!L3(5R*KbngHq6i?I0Otqb z)Fo!u`WxavW9FStNIl}`&!3&v9tDK&Zo2?s5eYa@4Xd=u;wh{ccI9#a$a1k|Rey(s zD;-r?^a)k}QwuUcID+0~JIIvzZ%{a;cwSio@aq!guaX_Yc2^$ISkKIW2`yGfim)W2W4kY0KK4wG@3Wby; zFt_yfO48y2KPy5pCs*8PT#$>!DCN(@j|h*Ck07M;3ve3&1+rG{y7qt6&s6z8N=qRV zZ~lN|<}Z>|;DWsZj?w+eyH_X}eIhqvVbLTr+7u}swr@3L5fISHAtK;iG;at&9E|S2 zU%9HT@wgt$v^-tc={pgMI^$;d?rp^KuC4|>g`F&50Lpj~9UUYco|_mA48sJaad{9z zyE-n@t4~2l6BN`!y2Z`E~9?QuC#36bnsG31R~{_>ty0NM4S zx8SZz?9ZFFj(4FV0eKbUU$4Nt1{l7+rcAfgWoQnjvPb}!^6o;V*kiXpxVQVjy`l;r z{1-IT)EwrEx8I}Z>Rxu({t%=(v#n3`L^86mbxlU%Q(LW4cK7yv242ACGE~63FSr50 z#bL!MAdt53DJmI~wioRYS$kU-N($3y&Ax(L+&%(~HfXe_z-XgJ4!8zWI*eJr@z-E6c2m_(Kcp*bxtzo%p;#6ee@jB-=+l9!D_6D1|0Qe?>{i7YhGdwa7D&Y@ zdR?mcmrv{eLU;EvzD|u~rDpwY_qCb^0xQyq%(tio58b2^?)2tg4+4q^5Zl!tzo1^A|*sSC4vD?T3^`nX%JgQ28=N zxaa%K^sO86vI-Z(L8S$Gr5*f5P|mDD2BoM#E6y!n*8r?Tuf#NnA;?Tg7%dW-o)T{^ zkPZKXg%-w>6gBy5JTbm*C)k(;Xwb;4mCO&A-`gCe4y5=*pOo=X>)Z19vPNT@y}8(WGE1qLHYnA=9Z*gGma<Ig8fK{GsOo=VzB;dt7z}8z&sa{%es&A4STZkfalw^uL(u}VJNx2bMT6Eu#J9RB1n4pJg#V1!57 za&fE~f#ceEd=`d5oT7KdcHR@@t7umwnt40ale%QaUtCKm(J7@Y#+uVV`6rs#86G8Y z>y8*u8_|Jl3IOLbH*n`HNMO;+u-s|zU@{&Vxf8TLsjRqPHyToTKRAtp^h_sY=<5=t zKY2XCFk{+(d*F)vDi_sET*Kx_^H(QnCxPkuLQ-1GV4^C_2%nj_9h;I5Cc_JZ0r!>D zs8p=+(}Kfiz(3bW+BgyOcj2dRU4at5oJ;&GoIbM+7bZ^G?!u(GaiJ{QJ>G=~#C35w z?hp@bb_^)GyG&3Bnz*%iJ+D-8L%M^4PcJasV?Ws>A#S-hCm^78&WOD@-X0=5`K@zU z9Dka798?BC^1uC}v7`hI+XdeW&ZZ`IbUw!YSqX&8NP`Y^ic(j|VSibESfjuUR1$kZ z0yaX>bRpe0fm8C3z9|3|9xcl9m_@g8>%?NVJ2ME#Yn_t)SI3+HT8BbJWdI z*r27WP$ag!+yd1l8v}yg9CA3(fV2akCBy)72l6^Id5ac zsB#q9LYavV7?cTqiwFnx?b%$SGQ@lJR@vABLubX4sPAeoxVtdu)^W*auHGVb&;)oG zgXl(CL)GbB?m&*(nby^LDTIFxrU?ij8Xh_x4b`;#<|gWLebnGe==+9 zpQ<`)pTz=RhWGe^syakj#I6*6ou3uC2)nZR8GkvzgJmSUs=xirgq0=@yx@m2+n{KO zi|!hCo)P1H_OR7|>g>7-G9=J|zzStneHfq-b^$#5-Y61`&y)b^L(yf(o(D9)FOMxf zdw&4T0z{_wyVHpgpPm-PN`bsSMG`MxkQ$O@QFyxH$e-r-Kt?Fw9rYISH z2i=BN9-?<7OF>X<+%pH_3RtbW&DR-FPDK~E3UvBDE-cG_4=hJ237i!FxGvN6Py_8Yxxj=wG&@NU z?H7;W<3`oyXNNC8qBWK(cx}jagz&%29^KZ*K3sMGe?0a0P=CNvx47We!rb49hvHCc z=hEc4W!FFm$f;eu8j{_4!<*nK+D85?+(`os1GS>D3s&w^^+G~ybWE1b)e*y4gaT?cKy-(dq`IYV8o#pTBtxZX&rv!a{m6Lgk<9UM>+9|OON*H{LRgiyIiymt{qU)@5|Tu$25OSd0iH^e!IL&Bh6mwGL6%KqI^)J( zYPVZC+Jy`LI462q`(J_?wIWU!Xl5Q$PgqIs(VJO{)bxBCiaPN2@hyV$X<87H9V=v z<_G<4P!Nvo)nLA(4FhHjpyP_?^p!3}!To>>k7Bhn1oTUBz>IgW@;;px=XD7U5agmm zJb)mn3j&0bD?|c?A7CRy5%G28&($*lavCx4W&GM29p?AAM&)+1mNRp9JthqXTMb}N zR|oEFeW#WxlZBOV7qwt%~9;DMEZgc zt`?p z1DrWPY!1`)$x<+csovO#48+V}$y@Td>;`n@@yZvdScDND3Qr`6NCu=~fJL7f$XX$g zxmAk59H$n5@=6v(-1_G~^=2cH$wWOirzK9%7Y<~Zua2$+bOECdfbzhGOGkiZm)&+# zE{afKzKEF}Fn*Pr>z`>z=jsuy`eGsVD-fLl9o;P=T%M*L1(>x(br)`$6K!B)C!Te@ z%{4qZ&gOS|Bt%9*R?#f}szNJiYKn`UkicQIZW@|o|DJR8Bo>HeBtY;tsi-3q0c(~= zQqY_|5bjCtpJJi&NE1WgYh+-#jO0dlxkS`-sk4# zQqkFI03nlVgN6kxpSE~#>uhbAX$Yt@j??ktgMn@@z~*;soQdZ@B_h2Fkz_V#Kn6hm zuAHT&xKs~3gckCkAPGp>48YY~f_>e2&CNqh4ZgeMeITyt3jj;dh@*Oo00uthY%vD? z`-~_Ms{{r0bdTnko>F%9*jBUs(KJi3FCX^72{ebS?Jg=+z~$5Bqot=ennMC3=$TcJ zbhVoQmfdMWX|83k(L-HBz1@;ql0KD&lM@*h8=KwwQVX0({wM$5C~ZOkXI%H=xfrm+ z0Tp_%MrjDxqt8}U0i+)3i^U0Z*8+bX!ehnQkUQyiO+N3CRl?VWn%5=+m&xg`?LL?{ zo3+|G5KZu+ahY_H3WcY$EUZ8I%jv&MG3~FjeK*qV=UQnj-vn!6ZZVSXGGevSJNxjD z5%xX|>A2wp+B{1nu?XZpn>@HjL?BmbF?aX&jF;jI=o zOocM$YR9!4wF3GXn%T39pnWp^gq-Zz4k*QoZ=)Lu1 z`GDhk895VIrfQT()u&y5f)Yi_F+KV-(X7tpZdt9u2B$yGlcj_huZTBYF)nEzQ%DV^vlWH_hc!B{HiCRy}ymLN<^qp>h zw@}mMw@~lsxf+TX9&vJD6P-DjzP+Bp^A+GgGi0OU-37$fB3Eo+h@i zH}!*#v2Om~Co2=Ll63HcW#x+cBwRP}0}KB?9#;Hza*D`Fq$VSm@WL0$M8)@K<$f)j zJZ*+gPe0}7xYHknj80;gm0nm}t|1e$ge7{ED*2(HIj~|*v$xxm1qX6^C*lfKsbE7i zgmjt89zWQ+qwr0u6CRyPo5QbclL!dOkB({eRqL?`NCrOX8g1Q3;vAsnB>ZU{>RjnD zr>EZ?laJYnrNo^XfTl{@TlD@xZ0wJn-0+jBp2O<~ z#@CX58#GNVsl;@X2|IX&s{^f-gYx=GQflQ14bKW1{&dr&9(s5L&gJMSzDdgHHCS{G z=hzu#2Gtq$20rkCD69=pE+cKf$h|Z&IQ_kz;8@fbn#|GTZN9Uyshzx&C;#zz_~nuI z!FFq(V~TTpSHgW+J)xymcWJBgPJa+d{1wO(_sMMy3J^7J-ILAJ&A0ipbMYP z%9b#qy`EziKE&kt4;|wUqgtdz?ZgTsrNRVJ-uil|k%~}H5gu|*x~DKU&;wCdUI{;q zYTsn`w}z9j{0>xLTKSS3F=(YqFYkLwH zqYs{Xfd{dn83cED@J{grlS z#EyavCszsk@n;*>I|6~%k|t4MJL%v+j)oM<`z_8)f>gP|4$sngL}`YLQm1Pp9ZyTf zg}XyX+djyk{=GChri9$YJfczN}D^3vJeXaQ)29_bd0}4d39@R^Ox0= zAe5l%p)|;YmTKwCTB27k>98G5k-RiXd#4$gqq>^YC3V>t7a+#sB6+3!ZZK%Qf4(z^ z(pdP5`wQgU`lTh~=QqDdcm{ya16Bazor1+Tt$*=cVkj>mpS6_P?(NTtcy}N4iK?0R z$Hns_tagfO>2#LIS`U@lo2q^Sr1wc)x|En|)R3~sHb6-P|ho49*I}F#FJk0?*3pO$N2Y6AiTtq?7OKfEw@4F^>i{(SH~n} z>!Hz4)yogoS`Dw}7jy~!WFfga*f~6%=pP#riEjoD>@=IC?K&kn58hg?1R}~|Zt=$9 z-y}uGS&znLAQDp_IRkaVF0@1`VTekzCZ(uAJ{QMbl!TKkRYczuhoyQvQNp1$)7D&3*iDS}!ftFtNb79D!ESq=f|8`fV-GUtms?f6~ zJ_F|ivYW841h+CNX3KsTZorHU4FUZTa(gn`E!5h$myCdA>qP9ua3N)Qb7zZckkf9V zZlg7nJRfuxIAW2U@W6d%DDotYgCrSYA=nf5!%2AW#EPJ2Kn>;Xu=_YWj0DXdL6Ny^ zLJk#&j#}-TDe<7`kr`yB0K9Z9hhGT3<;PgoBMK87)Ee(d%0a+NyhT-YQDqN_brwgH zo9;dbOYGBG%}KgiYFn5N4E?3Ho^>>Tr&1_%tLslvhDp4hwg@~HC~ zl~=cA!S7`dvtx+D1!t0UJ(&wWt7V?FWE1}>|3sTwB%4=prESp?G2$(;bA1?C{Zb4Bw$N^mTeZ?EJLquiu#G5QVyq^TXuH82F&J27G2)) z1{VU>hC_vMiO*1ci`ezcP6WBWx1t|Ee#~-NhOapp%hw)MQCHtJf0R>DFyBn$D5NdM z#v{WE!aZwQG>w-R%l^lB@UkehC5Z$D%gq^IP; zwxgG^)&H*T{QU82VgYv+ez6Qg$0i)vk*l@6fY!DXOEesto0F$^KYu65QR(k-jpFqo zX_5Fhp1(hEH@zt*y;yrHieGIQLEm^=^>I5KRZ6br=G`Y_+>Ow2^a}+=(~LtxTTZ5d zq5pHXViB9gHW41_(-;}%i&7c_cp3x*pli)f2Y3F#3TDR$9eYvob7HPDDBB2ef6;f6 zDiHr|hOr9)3|QEkid_J4xg zWAKylE_wcUhop>9A=wM9@{wLKgfKnl$A#qzcX>CO z9d&Z?cfJio@$da3*`cUO0#XJ_@5VT|d!NeA!nEF|qZ8WM_hJO1CT1I;CPj#^Vbtd(<9=!UkyHROQ8^}=SdFWm2eG7e zh|3$z=A%-B()I#OC_y7~TH2~V(!t{<5_L9lHP~rX_QqN}GrNm=^!ITvv2-3?xLUAA zJ&9sxpOiT32`xopQEJnisTW()8Y(A8*Z*dc`rd*w%`@6#VxAf25G0QI8woayawr*z z#p9$|P|`4*<#!&P(+7-ql%apb=Z|=VaOCO8--X@Lh`%DpQrVE0Ywbp*+h@Z>dT%&y z`Ej@BawAn@oQM3?0qkjl*1>u9hi^RgTuXU}I*D(;ueAQlis;@Mh*< zU*r1ei`UOY8V|W-GV*?QL$rLixPhW}UTw&!M*1YljwnYs?CnfbO38PAA&Wm-n+Ccb zhSL#6hs#yj-@XAvJC~Ew8Hinrrs|Sqw;r+reFF*%8|{YYUbF+P7Goli2VVf@PPMX9 zP3}iT?4FE?#n}>yie)D`7?gExAI;z+2}Ufs8hJLiHVrw6{LUP9H-I9YG9MluJUG0AL#@WT?mv(vK_gbUdzp7ar8@AuReIsUe z2!V%ZHfT%(P^!4pOsNL7(c=;CnA7=}AVY3q?K)2^l9@`N?F^1UhE*LOcRiYqjyLJ$ zw13?DG5xF@_xJZuV{NH+wKW|$LB)XBSpNR4x3^&MS5&isn!WCx9v?CRjm&6mg6vpY zc|EUTH$@>A1gIvDW5eg>HvV4$6kuEl(1uPE{VnOD8_f5YM+7QMDXjW`zq;A<3;JiB zpL2qv+*>R{0j;9#nzQ19Y3r7l+<x?n03}FJ0g)#=AWN za$(A4-I3>N{9AcNMTFH8v7PgOeH1Y4Rs-txw{5z<@6CCevTI8c0mp}j*TEF#?b|aG zkfuFfSj=U6D+g(S?4}XEwaGQ4s(jy!X~2>t^Ul4^?r6u(<>qbsjSY2WsG%2l6_M6^ z!VOuUNDBNpST~$Cu%3{`ocfmizGsM5q+p|_@IYOcyWBiZ=FA7A}QE% z?i{}9F-#5D=%}@$PEX1!h}H<{V6E;q-0Gm=c@@Q`Fn%HK)7SV=EQvEp;UczHjxdv* z5k}^D7lJ`-A=i4G*m)ZA6(nq{G2EDrXKAzIKJ3m0Y+}8i5oszB4_cA45w_qU`m7-pbTw8rIld5~0Kh{lU zLerw>`UXB#_?om-Obe+EPf3$?8P^tCk&P}KEA-uxZf;0QoO)?-W=TPl_?%hU;T(f>6GQ=0*CMi~Q~Bi~mA62GWx3u(#v#Oqx#Inq?{ELo(}Go_=YaDM_Fta8hf-yh5V)_`2etJ{Yq1x zR*Y@*=;Z6UbKOf*^wEp`M(L=iM7ew0G0DkeXxf}sYU|K;`K$rRJ%J_P5_3JJ3`Hm3 z1l{+I6rp3|-Ct{NZ^l6XcjQ(+@os%1R;$s|sQe)Lx6zXhZ<)bhQFVpscEip?^UTa} z=Iv^W2P3QdN#gI{YDM+|kJl(SVvmGJ3m&IlWSPUVy=%djdy}Ca`T@~Ar5b;xPfqiL zrQi0=_~;Mxk3f!e9sI}fMc6+@Gc&rr7;>}aTo-|hvUENFt&czUPq)LOBW+HblT$MX zNh({1f}S3llQ=T74sBDIb^eyXA~-*My744bwyvL!mkQloDrR$Nd45x>>21R_3hyr= zA^J~S`?1Lm<>l!dg->Q5{JQ5>&rZYkJxRL%HYz|Kd!982kZ*}(r1y^xDMBtO5SUVl zh|AXif+?Nttf)#}3C=Jg!ZkpT?w`)A0HM#|=Ip5pMt1dELXf`kc#vh-xD{0qkk zTsB;Yz0syShL$z;h}#WwE44fGN3n!E%pWM?-U)G*yesR~y`b|737R~0={60Enis4O?VD@oGjGN9Em64UGnl9{Np1;X6!O^;)s2y%ffk%3SMn@#vPwPj5xBYQ& zfG9w@Z z_*cCAK96!(nM%mC4uM~Xh!v%4-!s=%L)X{I5Rh=`(_!!qF*@1B+-fbdEtHa@vQ6AF zQ{RPQsH$~0i*%T~WE#MmRnM_#Q-3N|9;f6VG&1|-5ofbrTvWgTHNt|G4wbJ2`;O$H zQAs;kXm%8lbdaJuGosc84qUZNMXrTXHtBYJWcu@xB*F;q=x+>(>SeQ%jb>@rXX099 z_eX`gueb^3?R?5GcFPP+LX3{sYWJZBxa7e>rfA89do$4}t+-Tc9+@%8PW?f;b9=aj zhQnB4;It^$VsB;ZE9x-XqKcw{6FYO*pZJ8LKEb2yho|Rk>=j+I<+Xjn>Ba$CF^I3< ze>)c3Fav0fPv#3dCeVCUBE*Z-XL%{?XPEDF~xQi+CPiBx`Ya3>Up=qWn>CaVXh z%C(VxEr;zF4Os@k@+V}jIr_w%z|?v&&OIfEsXcaHp<$E%04tN}45?{FTZfl&f)k1O z(xHm>5JMuysEd1r{noH3W@IGiU&@fhx@W8pd^gzmTX#Xe<9`U@TB64)elwjTa;y>2 zd*rrLP$inv#EXvc$v3Hmo#`?y!-oX*j%h*KR~(8ioG(;k2(Y8iTLYVa9-BkoR*QFn z$7K}6s8p#_14FLmLRoC&sy?Vn@n;ijT-QBO=NvnRB34Ewu`ks&2UT?RkE{dqz5vIW z9-+wSZz&C+rhfL{Hac5(>zCJ&cT}rWpTIK5J~T+{ld#;bEuov@A(c9PaIgA zW%Cscao7hMmJ<>iqvgyHB7 z?#6(E4}ny;UKLNfuI`w;ZYf!`HW}LQwwSbkzu0*7O+LS8fURwAvgE?Dy)$m`l!t<7 z*iK1ae&B4FOUTtV!Qf@eQtZp0Fj2|L&uQ!PHI~m!oT5@at$1W)ei*1~+OCgkPS#Ix zphEkHVFi05>PTBk;7bEfal-O<9&54S1& zmYO(dFt48;8)IJIT}DKu3@U_ix51URNXyGt47cRbDIPCQ>(pcNqWTG{1Bw1nZ9`u_ zPI6RA=Nb~PsF_)yL1or7qsulOhx3k)aPe10#-ENB$_7kWH*2*z+vBD9KLf5=tW(_| z{gOQ(_!X6v*M~`^JD3?H($psoxu&ZVkxBepR|F`vwT?w70D`<>{+^tonWbAQ&7nECbE2NQhn!^@ zUaO)GD8-x^V^Zy6eU~DCP-(&Ed(04q_Fu+M|2FEMNx}XPTXo$ z{X0#`s(Yy@=%dUkP_km#xU~zD=~|1eh&U;VEty3Ad6V z2pBMJ6OS}vP)jnPs_v>Bo}6%4TjcV+9iV2hPwx{BQhr9Y0Fs7rN!1AHspVu6mHBD^f?BOvmpfs>zXuD>!g;3=fGPd`RO^Wcf(8F3OsU%q zm`!al7Up&*ykw%f^OY9nSjL`@pLoD&pgPFT=8lX;%C094Er7t?IVVQEQ4+g2=;Q>E zHh|tvU3(9`fAFOn6}Lmjw?t(jmF7galxbe`8uw&$UiAPzYnP%}%5j1bam4l&&oXq2r(KRS>AVy`q4kLx}$?1gJ)T00ggwxWm zTk2bVZ29^YD&D4gT>X|@$;aA)EIbZuVYx!LjHKE9}N;PhE7~c@5*Cw7m#T{Kj z>bvfd8CidejA`et`q9t>%EkVVDWO#1Y7r5D0`n@`y;B~ra@y$e#SmS+4o!tdHV?W& zY35aghu<@Q1`(?G8+Bu2@^E_yhxW%y6dFDKwbDLM=f9M80ky2AZoX31>#yZc z^N9jn{$Fxpn$unMh`SbV*lE><+i}e^EpQm;!K+A?2~bL7F)(v;oU;@6<^?BQQve>E zb{?Vt&uv6A{GF`2Ve>&2n|?)k&B6(Myo%-Kkds_TKJlEnQpmZzX?nAC z4n{Adq|+2;(fdRtX6-#4NLC546Yp2dR}v$d9#4aDK_`U7#4+yp9utIy`3>DeTNAkpO>wyn%;j!_DON9!Mp|-3`R;VUX}gzl z6&bsP-mHC8n+%>?q-FPK)N*G!Z2qu5Y(~}DZ!_cPJC}#fEpl?2OIK=8|GTAAW?P++ zvShHk{o=F_Gb~fsj3|Z&y zqjLq3OzBbxiFsE_vx4DL%Nnx<<8`SG#na8;Hh;Iej6 zqW4O6{wt(udy!tLKxtxH#Cm=`SaP|Mw_!ucl>KbUlsR3$y6tp%95rzsS?_{ zYk6(g6LuDxh3A19UPpQ_dWZYheqJs8wXOyDNc~;QJ50rX7u(UCxJtK;4@<6R%z$LM z+0R0%zxo^CSu+W2O*73FqyX{Knm7MSy48-TkBFjf6#PsTNpH&0kEcp zyOH+n?Cb{a&c5wcg&hmq)`3%ic=xUkF9QeuGtqr~hQrqLgfd zZDZo)g6ps+UKbPurD=OOA!3RkMuFAl?x?vPh&@*;soXF3!DPpjj?QlT*&<4Iqi?!a z)kbF|Fi4nvxK|4z*})OU`(|sd#+Pd|mMopuqu}d+?v$Q@kT8ZN$*C)W>vH5Z7#4$w z$Mq+6FbPmczg*b-pf$A_>PqB9;>^Saq%byMnwHOSo zf;&BFv{DD?3RAB9)h$beB~!F}m3#Hc+V|0}CtR}JY~>^=nF;a?OT?soE{~2sa#08h z-0vpCF%U3GIGu4Rw(^2&2d78k zb2G^KsO{>5UpmR;Om0+SwHxVi!+XD-N<3Zx6 zx$(4uIO;HxU&i0e<$wRF=%k{wud9UuJ6F&Gwf*nZ2aD!)2F3NeP$xNYT;&)Imvhm# z{_0CMHYQ3Z72~!ZR!Q&CV-lO)nB1~{N_TP}ScKr~Y+<`{7Jiu4X^m6pObFz_bKb$W z0RR!I#z9Bkgh!%EC+m%{`TTgPSn$88no#boryP;;seE4g-cW(plf#QZU*s4%ZXbEk z=eC>6zw+?)y|-Y^Y`T?zfOjx)eN)hf52{SwshPi;wtk2-Z5DzA`2~kPTmW4Uo*dIs z>7KOR48e(i5wo1F;=6e?Qqf!^HhBeRDyKf?BEI;-xyKgR+xrre_r+AP8gS`^qMXA9 z1}->03E%<5KWE>{d3o>3ZF<24<>}@e?(yi7v)SL7qh3bGKMZGMCM03-zR^fRcJ8SG z`zZ{G_aR8bx^=$&`sE0ym%<@9#S6}Wvy~!=+u5;l-JSj1jK$)X;=qt49H#WxY}S73 zHg#sqbGuJzUB5gGEvUpT4hcyJ*o#K~d_ zHvGiR0G#&tVxe5D$j=7FU``CCX&!j~)_MsQ>xK;$5UCNYR;@3TLXp~ET9>$IUDqp6 zqC|lP%B67rT1g6LUXerC9?-z^%5L1xqp9fZ>D}iUPsEoeyG}{I0C0tbv{TLS>Hb1_ zN>3hHs@I{AbQ)7abhIJ>h5-OC-({a}so5$GyNrs0-A@=cOi~?t^7;!0N1~dF)?iU# ziFG8qD6ZH zJ3I)Z*NbPs7z9l2%Tnzx2Z-ma0_cf=f&p19GFoN2WHFw}sNl4bI*FyaAvepyvz>EU zq%8GJzE}m0<_*!XmpOAGgIdWMn&pl4iI-&$xMK>jP2>#@K>7S0LU{pk2D{CD^--kFHdFy|XKM0CJlf%N|^-Dy732e2Ppf+dO5dUp;Auj5Y z-_WI=f^$H*-D_DILlx+!)Jh44^-F6{UgOlGSaWY%-@hO$>+@LST3Mvzhf4cQS5k2E zM`Bu5B&}FVCY$ucSqFHqCQ+`^DEUe5D5$9NNqMe7~Lxy zl1%G&2ep4u)HqS2?w{C+Ys%dwEVmLpjqv*PYW05 z+jfBpkWo(rcKVPO@Pdk0TPF3)AI4y{OFj*pPIQL7We)7Q6UuijGN=-9;jvA&_Re)L z(h#McKDMT(S(2$1_&e!W$iUGsg=Y_FGSIxA8e|0G1mhOM`zb%G-JXSN3|kL{0vInr z-OcHdq%$oz8H;2RP93YJps_vSa$W!R7u@Kw=25Qy%6?EZ8bIyT%>S)j?Xr9l$H+%B zLSM==y3gAj)@Q`OIiV`=v+Z1BAUUGi9M_atd-o^KRhT$VvX!h_L$wSa&b&<<3LU?N z@6PLrz=!!mhB9$%@rqC4EBu$Qxj1Hc%2ZmugPZYA?~rh%bBDA%-~z=v2hL~|ADdl9 zJ!*%8gUum8hdejA<=EhGP(nsxzGagaydi;3ev~`NCUL@ZA}kNly`j*w=X1$Q>W4ia z2qEONaDKWv$Y~nxVOubSu!C{gk(&GtlfTm>PPYdJLei%z-Cxhwa_ES;%{%d+RP8x% z5W_laTZeXUNuX290+es*t>e zPk)xo0nG!?DB#j6BycyU7nP@{T8nQl_l}sqa;N)#c(XmbM>)gNr4d;fR4o|Jag1r^%rpO80gfqeElgZ`tCJVugsQZAQsUM zSr+70nkeDMI9`Dum z!%H2C`z&0le(QRb*ALlR?P*H?xcYVM_1Lr^Lj%>KSwi6^WR}v#(*e7T#poUr(w*yK z=T}HoVXHtSS^}1@P8#}q7f6#vYFIIvGAm)Rg>>d^h+bCkDOaCF%NbYj09-dkLV02I zrzdnqM-$jEBW1GQYR+v%u9?4f@issI_I;*t^=Q~t0#waf5fSb~=EOzp&);~o)ItX9 zX2OxuCv~7JQq9ek3Y0RAIa3Fe`pepz3ExDPr$1po2w7j)5K@NPnzfYuNQ$V5>v!QY zuA%I*Vx}AKX0*3#Ql?J^g3n9N$G1MV-+cd=S21Ky(NIdxR9BLy-TdKu6exkmV8e(J z_gl0kWhG4lz&&yl?#(-W1B>X4oX$>d?r$%MEfM}PMu&H=TUSGLm$f&Re+D30#9ju< z6!l8!(_thkTWh`{{kzeE25qoe!;{U=H>24gLvp(#Az~`>G%zqAr=clf9Kif$7AP=P zrS8mLsY)g8ga8~mF_BwQQ1@UQVm$tSPTma3gf8lX@7I1u8!t|XEBplzJ86k zIeRQP<3P6`e08`zDw&oW7NsDM$!YB~tx0hKdi_f0Ve5_Mc99VC2=;#c@-o05ZY&GD ziih)u#~oVs9(s#|N8chUCbm&!hvK8ItwJaV5f2*n5*HQC!?ZwyX-k<}7y1}duXwJ| zAKhB6jaMuanq;h2xPEE6x%r{WI|s#Fk(KwSzIimSMIY6L@+p#|99}U^?e(CatYyrs zoSxCQDi~M{oGhc%@sH&V1N^B%BvO>4r1DarxqN5gnxsf7{%%IeNFmzo#X}Zz-_C+Z zuogSQK3qya&PpO_ItyITARZpVpis@Mw0rI-L5s5dKjgTN+~n$L#4JZ2?ub4UMvda# zN35xb$`|e{_*3j70uws~!$4m#62d=UeFPfFFt4kwim}9xVgmZi1C%G$F1_V5HqRwKc*VOwCo(r~h^7IMx^5BvU9ot5 zly-w9fdVIR?5_g-fm=ljPb$(U8f|=~3x|b~e?51fav)^$_``Hx*63mf4^fNP4e~bA zN4v&FD4X0iT(Zc!CCC)wxavcfQK5ZD*HX595|P3La)dWh@0Ur%vs~~tH4HBmXA^UV zO4iDqQd(*0$YGK}m*wx*A9lc9WSj}UsS=2-rFV0GGs>LU|t+Y5*fg-AgZ z!)u4_nckx-0I34q2cWp)Pw&iMiw;Lg8xIz2yr4>cVx3;Ft=xK5TNgh#bSyMFN?#>r zgDuN$Ur`y|vE$av^KW@FuAomm6rWSvP7X{+j%cP4w`&ZO`hn_e<*a0c)~$Ki*qtEp zR+h^_ou6g#)O=>2&un?uO&PNg#6GJ0+;x>d;wb{=>Yo|OlawmY8VS7R*&0W5a74lAH?gYJD=tGsQ=<}-2SaHUW+%1(?d8eLb zOfGpi7h2Jk??vdmK$ao!ERxrU2+$J)02Fol~2sqbXxD zNU|tLtC5w@#gw;{bqx5c!=_SdhImC3{DE89W!KNkT{*6Cia56$Dz0RtBrD@UHuPR# zjCCm9(#~=BO+;$wwi|q8V9m1ra%NrjKewPGB;l#FzyvUI)!wgv75=qvE#Ha!MQTCR zAe<*ADM))zlN&nHxr0Q2}NM;HR4TRlxE?F*=7DS+P+h+rlp-q5+MzzA0M>*K9cibdA zbtx8r(w9f`?MTaB#mR1IOpXmAhcG&IsnKEJ&Aa&n1B4=~<(9A-EY?JY$wI!av`xOT}+}lD^rfVl=L!HN>`S<0%gf*MnxX$&UV8Zg7KVMl118+un{($Nun&R%9@F zjrv_Ut9gJvBSs(4hnSyMr2fk7mYG30lbW#p+o$kp-z&dGo9@h%$pLp9^@2-pUDbN# zw5I$3g(*J*%bUKN*w?O-zK-Hi0{bIYyV8jU`aiuS`OiWMR_*OJLL?=Qsh6p#dCn4a zg_$J#!J~*E{t^4zDpp1@b(wz}&V!QWD(K&yiLtaIk%tfem7UC4@0!O)QQ()g#3xt$;VQiVo_KQz9I$_#I*w;}?+I15f--4)uwS4!p<< zfWKEYT}3p(D?N+4u!ac-$D^1e<3;tccld4bJG~d|d}hB+`608&jgLGG6hWLv?(r(A z-iZ}s^2$^iZ9zs7P1;$`%a6$ikun|lB}<J+ri)3MdMbo^UK_1jz0%B zB^lFh=li|MpS7*Oe;}*dK4&)K05=aHizgk!+R+t9s@I#bnM@`rZ0yOb{Jy3$kJZsZ zUh$DhI93jC@FiJbd(r1dSbZ_}iM2qfN5mXrn4dK*V_*^%s1Vi%{-F(NzoERkMAc0= z@c}&gB`KQRs@5LHQzs{-!oyN=&IR|GKN^cTu<0g5yYVZ8uJfep z>fN?c1b~qW6yTA|hE3N7sRH6RX4byqFo7I@Dj2DXXf7s(S9vX~vF3VV*% z^3gtkpOJ3Xh#=WNgZ>HK0RHr~)LI2AyfPLPh@Vq;Q4eC3^(0jU6qXjzRm}Au8MqgdjDFKa)J0-V!S{;|5s?JToWY)JdEkuQ$xuT zMzxHtGf>T8G7hgL(ej?%&d0~AlF0BzRSvQ9>K-A9Mg9s2DoHS<#BRMV0czlcZhR$v z*BwFv3@!%@&)bV!gRLPV(p)g#xc4{0-pz1Q>9pI71hnC3zZ>7F@hCi_eFr$+QaGHy zlC%2(*&LX1*xhK;GABqm{adF(QCazP-GKQbB(KEe>Cs_-!f!p=P=tHBbS;Hd=WO=K zk$P4birEhkLJzF6vH6+}fB@4&&N0G<_1DbTYi3OFA~v<=>O*rPBUisTyRPjaudUt~ z(M227&TDkQbyTOozue3rr=>h|g~~332Xw+*`!XK;=ALBbbMf*!sZ9#veJ%FHC1LrKY|fw_sTS~RM`3f2kND|0U5%+DNc?#^SIHE` z_WEuO3QXfE!VH{cEem~p42svjeGugBi%})}>^}{5z zp-}{rFFElqLkmV7_X|E)o^wr-CmKS1M-jtt=ymOu@-%!C$#Uz4C@+&6pB4N?fX{=y z6*21p$~qF%E{Qz3Rd_}iM47ZTK13~3TeGvgFTPECX!)B_cy{925unS@lxNg{M`w_7 zI;C<7aY}HX7qRoIXpvS^mDM*E&O~Gm)%=3Lu1L?NEWl}^+R7V*vn2eA&w>x*o4RKH z7z5z{BAVTCTrr+o6F}DP-nVq>+rgnswg`yS4ud({Dvwvow5Cx@KzHK$y{+w4P;k(Q zX?1o^b%sV*sGJfmYpNWl@^H2=jJ%r5PIM)QP=gkg11RwylU$&{Ds!@W0 zF()TwaS$>~H2cK&`!|b=>v<=A($hF>o>@%y+7k_{OJPBi6kTCB!6}VMm`$5WzdpR4 zUpW`V-QtL81IWcz*e#-v$A~H6FhSJs7*Sb?WUS&74(~eTtXPcw0R=@XveWLOiTA=B zDDtfyO+JJ)+Bjk~!pk_cL9Uhi@3Ue{lp@mQ{5oA=nJ<;pcJ@PhMp(t$Prhsw_c)6Q zFKJI-^PP$Y0P*>WQEJ2$q`=hFu=wZ<8g#V`REzixwPE_t#zJv-0 z*XaZQLguc=+4G&#U?}lWkfVM%%B3I8H|EM+EH&xs+LCKSD|il~w5&3sArZT%U2GvY6|VvpHZ0t7->a2geKpS^KVGF8d=bQk zu%oKbNcKvk%WMx9-6ZSp>ZQAP(%75o4sx2VKq(lR&P*X-^ti>*}741${;h$~J&sl{L2o^{P#Q zW>f3paT0qHrhE=EBg;~!xpwY?TRaGBm@FZGRa;r`O1uU)$YHY3C0jtsA#f{HSyo;| zk^u91ymN2W2eoqUsvhGM71r$)YU2N3g6A&eVxsyNTATI8%0NhvL6zEU?^naO21^ zBbJsKA%AH8z0gK)zsKkTD{blfGP|>;khN zowvU~MO~M$iw&SlP*?lhIW>(Pv_$Z1{2Te~(R=wZ z4w$Fpl$C=fvFhv}*Yn3M);HqP$f>FG8;y(-`uh4vtZKy+a>x0h&j>#kB6cmOhJ~!IllC4e-1taYJUS1Wcc6Pw8C9gWwP1L?j^Wf&`X1M77kByp?9YGVApoxj0 zyay?IkoB~ez*em}PBM06lc{)-)_p*8_u7*YuOZM8c3wg6ihJC@;!4r?gZ4ghR&sKh zhNZDug16CQ*jti<6ujR=+ic8p&bafYN}7wmjq&a&N)L}0fpe$C9$vjSqJ4WdEA?)0 zjb`afa~2muCFqrVhXPOHd;ilIuivHVqrl{9hC#;}h`L&Fx+e&uCqG4L!4~Gk=n6-+ zNGH@05oeAX$kDz%RJ-}vUwJg-6cP0D>K&kQO#MI~6>O!U;pCT)nAp|PiY4+N@aSatZ`RT*Hch8oASV-dTE~uFMbiOM zMcadBda&V_yLDrrijIrFQSfK|q7PhY-M)d$LH*FZsfrGvd^PB(>H1ISCH(~a*J9%4 zzdLZ741rTvtbgbI;#FaEW zX%a(ey~JC?>xq;!8>#a)E1(-QIO{^d>+J^l{k5hUzU+Mli zjN5^?cEJ{*I~3Qdq9&Q;L6R7CdI)#k^$x1S9YPaHq*pty26l|KPs<2gxBnja=zZQ~ z(qSEwU{hrixR6@k3bEoGQr8Khf`)_P)p7y~F z>ycdzypvZ|{S!Pq^w-pZY8$Z5yPMo&+dK39cfXI}z?$9k*e5a2u+ER?z5ewB99-h# z&iabjKbc||eQYGGy^PTXJT!4k^M~oVIc}HAG*(Qcm+UJ0FAy$}PtRK%q9i=nsHPLw zU)`pn_JCfnh4K)OqU7pRSNP^yR&wISJ;F{z@|r-oy;Edp>n+i-V6JJcmm6!Naj`wn z!E|-IUtzRT7w@<{*{Eu4Cu4H_9oIJzWa8rAoO(ry55t zOZ({UK>C@%N6d|EQ_!lA$u!^;@mIzk$|vD+ukD03>Gf&4Hc(gD z+;@71R+!k%z>Ns*miSb)d)sX>t4GMIQ6x{y0XA%cRDRLWGkOE^;U1orbe$PlGX?!G zFun0B3*+s4EcW&2E1z-QP}L2Xhfq853>C|xngE@t-I-wFZ@`@$&DTcGXtpC6N&e)eI@=` zLh_7$xomiv2%i@okOCSX+VGxj@0*B;N}g*BrIMx$U)q6;sR8+)Z^E_1q`(rU9zblti;D%9d;%vEJH*m6AmYxRFTT}-OjSb7J&PYJ? zmB|oS0I&BQ+U`u_6;L!n_i(>D0hC7N6k;D39BeY)x79=hZP zTkHGL?`}?qV=?oGO#wjAGMPJ8R!|WMu*Qmt&`QV+19-f;nvr<+W9#l>=a1IQ0}e@f zX~TfdrT(a7{y*2S(OIN)S^+30Yp6AVrZV&1cslgJVS9wBo>pJqpnfg&&gC&-Hh$1p zxm5Enuu(BM%-GJ=SO81W`o>0?-Gf`_v8bsgjC(*0MAgXhWL%8E_+{5vo5>2 z!$k`s9v>0(c(Z*<-C0ah|GjtSzT<2CRn1(I5hm+lo#TnZIBRny4Ve+3Zpk~6nYXIl zWHh3ql?4O*frHW&V5ziI7dm14qAn2qfg+`^wlfF4g_6!rEC{dpO{qhmo`zox0t}@Q z3#S+s8li!O^q1F7F-rLuY#t{T5rHjoa@Hqjo_?(bzZXc(ME!r%Hg+R_{af`0mr%c& zin2OfuR<>_Md9WOJLsj#yKGfu)@R`A=(fZzu_jF3<)0pv_jR9j&XJJFHArfo0uix zO|@Y5hn8*3?jQy@+;a-yPV*a`AAu^N@0Kk*fqSSh1y5T6*#YFSs47_h-DLm+=8-`$ zbeJf7{h@FoIXS6FC3=$K*x|Rc!B1M?a2%tQAB=v33m~&Fx2_5hj8gM~Qh7Gwi>GFj zG`%!P7jeDVv^7%C3}s9)x~0nvI*4h35~pn_(>E$GH4{vD*voT)a-?dQ05piVoKSk5 zElgM@ZV|GOIN8XfT^_uT#d?;>v24{Hjf)1e>Uu^|f5pKMSft)bE{EmcX&%jjiITff zy84GpzonOzfl*CHBqa#gvQ3&-Rps@Konr>sSxqtUbA^c6`ye?;VSN;wMKqPR>dENP zH$b|#R!V>Z1U0M7pOy4CFSyH61rz*h!T3~_O zn=a9Nm}BnS0vmKq_wm6HT-H=(N)=f})$PhK(53eHxOzveNg}rDEn>y3O6 z-~@M?nUtBeyIry!HCi8-*J^%ve!us4F?j!vNy<3ND}*pR`Sxh=D!Ye*Co3d6Fw5UxI?4_J?t}wF8K$`#=j)u3l`Z+8T?nH|@5-2w1uP(x$}nwJuh(`3q27 zyVDZeHA-9gy|nRQ1lT3e-LFh{7jh_B7a`an@5=PpQl7ERV*|l1S0avv>t>*`>2?(k z6_u^)sv;+tyX7+)S|`xxbVi$vCuOJ1IdA_--qKlxs_1M2+YLrvzuId1S>ZByuI<+1 zRlTc)D?V?FmKJ#}lq(HVTP=-SMVW?*RlNYJBG7ktSjAIe!>)eb&(t7wKq*3zKoHwtX@<-oluxB;qT^J zlp<^dWxRf1adp>W*B1NHS(0qc!>qo>JP`7i=4|&w{PF#lzvsN2B!_07bCNNJ%4gIR z4xgCzVn0wmIj4u1aCVPq=MwNy(=+zokuL+m+a^x&d(O3YLp*LR67aC*fjS?gfH&Lha8CkWo-DJP$1R=N@Er z^_%~yms-sH=w_toshp{2Vt&OO+HnjRXzh*T`YcCmRSrO7?+*x7jOr>iA$ic(&PYC) zB5aZF?G&lld15=)YXkA_xTe7jG)^|+X!oMcGXP;>eo3!GWrc3W{VbEN_gJeX!nyKw zn5n)KR?6}Lp2WM94+wPZeBJB5iAT{hhN-~y7Pv}1bCxiDctMJ!O!QIGG(!wiZFR>3UAl_oga ze1*T|j%Os=-aBfBYQ|SXxJ&c%)Eyyf_-@UicX+NLla#R_--3W4%utslNmNq&x6PA6 zJd;%ea%L`=%ZPLF$qRHxr~lSuPOlc0)tdF$UD?@99XaIX6;cA{bHkI9L*BsSF@*S? zZQWQl0`V1|_pO@O^&xhR<=iiT=xKVq^1Qn+nZsn^mZtHecWYi-BJIt)n3hkEEI!IXJfL zY$EBy#elB@0ra-VBk5%C_uTysx!q20IgiSZ(_D*mYGZ+W0i2~5v5xyOQZdZr>J@f{kbFx((o&tiGApmgC zG#D`gglQ#Hg2pN%vZ`iM=|Ke=nWodDH}{H^p@rYOm(ND19#$l2!iVAC@Ea;tJJ{@W zZLR&U*rB*CJHTm%p2WtgHXM!tEcIyUYQO&wRCem>Wu)2CrEOs*0Ht`cAvb6t97Z^$ zdt+w}8KhX0W7Mv5Mifoj^i?PhLO(K@a6&(Oqb9tL4Fvv&p=E`>5J7HW!#xk02+xb4 z>t(n>Pbh|g>+hq|!^R_$qCDXXW6M-J)+>oXvfot(112X=-D)uu*-*nX26iEETl+M6 z#*wMzb{uYk1%WCO7zYgO=$w1~)IiI%DT_jK@(2K?F?q(VoNY|p!kj2=siJ42agho3h>2kNEy2VWgz?0i=gz#oGFPlRio-YNBaD7K4q6N_k^nS0}lfbdUpC z<{6a}3ntaQrl~yqkHUT`Ny+yJuSKi+J`IV|vPU<7bd08$Njjkx1Q)`>Al{&XO8e%4Jft6K(%sC=0G!PP$-MnIdr+ z3o#RahTuTIQ%(pn;wtMp24wt5h$YujDUya|Rn?3+*5}Z;7xmvXTg&r0G)?M6`TCD^JFH7S6|4OJge9%Zv2^)CSk>9PUR`q4hwY{? zMb9Gn)0!l+p?k~8}!Ma&RcDw-|PUnD5bu>{)6^W ziAG6oS^D?&Xw)T_BZJSc1Kr(gCj!@Ze{IYE^O?`2D2nB%)4E%?_Pi_H-23rh4g61) zCRa3|1#go8twmGoQ6MiZYZ#|ZGwk>BH4@uBTxY*a!~NO^kLucq8O*f~f;J42-ldntf+$6RB>#dJqq$L1GS{bU{b`Ia24x+^DOwiqyPTPInhOx%fjy`3J_Q<- z3`8>(|9UqkLcT;WjZ0>t;itqT4#!vpGJyxA``q+N8l-ZGxK8xKQYJ55; zF|1!ZA3+qj!)P4T^1*;e4C2nrtkvlBF8vE{+A!}8m_*IT9xt73&Vwh9TOL) zp;wVf(`KGF%crMAtj9oHe>FzW)M_XB#Z>xId6KNwm~-vvPSbr)scDoN27%cX?>Pu- z#Ep$tt#rNrw*1@r9d0iQzNg~5M$Y#EKK607qY;+`BUK%1J)jhoPfB?& zMj%v}37kwoh`&*_4&o3!B1l1~61YI>BcgP*GOx(7V1H^E-wq)c>}P86zx?#7(2QRf z_O<92T;$&{AM+7~1j^vQya0LFO;=NU`%CqUN7di~tzS*t!(?_!j)Ru$lUP&x(S2u< zsV|%_=J}B9>3(^9IA0o-6t#BMh|A%$`efbw6OY^7-@yVPm-f)T-)2v?acLuIr1#t# z(vq)54UWbq*uP;dBSKJ$A`^8z$yf&q{&*vXbuEioJB-h1sA?zK-Md?g8FoFV!Gws7 zigJy!`)9l)Vx}$cZGtpK0txJ>?ei%G#s4=#tc8~D1O!Zul7007IcUbOMWMky{ZHVm z3?|+#mCP%`gzxSh&Q?bO+abjEi3dDeV9MaP!bxQ8&mvnii)@bnzJQ&Kh@hbF6|}f= z+3#g`s)Fha*0F)Vd1EQk=m&`|Y#!Sm0azFxB7FYo69_;Z%`%|{3isacKYq&P zD}F8gf({eDi8U=X{W$|NU?`S>K1TP(pl?pDJg=@dhKlue) zPv|@lXV{y^Iw3B*C6ft%AIWnr+aPmc$53y0gm6FMS-P5Hnpv7kf1T|XJQ_|bG%Gyf z^;N7J%EC)!s-R0{Vg6~r1RpwD(W|Q$^_K$c|E{$B^FuP>RQyY!<<$>f-{Ii-D!aDJ zr@*Cg{>OF!M9%~yep(TMf3DoSt;#1`rNqiSgNx((kMBvGtAjIv?+*zO>i?T0_%(p; zd-698?yx}@LW4kw)jYTU^Bh!T8l>uVsUB#nQ^BFh(HcmWvRXWodyrWOC`_NeS|NU0 zz5D>p`W;T%YxG@$#-KTLw>tBLh*|kXVohqr9WHTeXE-*=W;Nb2#Gn9M_ne|v`k#^x2sHj$x*c>zUbHGaq7tL z;(;$e#^g%Tq5pf#ne)3ao~>wOrmufZZ1dQQh2kJLkGipNEg7iYaR!sU%||ojO_DYh zGitHG7L%e_Db}EQt&%E=P*gg>v1Qq7MAQStTrBPSrxMjoHtQpZ`#E7)gHcl_x6X6O>Q>7#41wnkof36u9W`wrcj6AlT20r zNQV_pQn8`=>HJF0e6nJ~vN|eTeSU9_)Ck*6&HI7+&a`{Cwf~DmOY8K2*1=PU37HwH zA-`1n%9AgTW53uRZ={DM*lewJb>h+^wxW}wh<0&lE^#u}qBNObGv{Bacla0t#J>`# z3=+#ML2g75Xk{F^u^SJ~T^=;Xu2*!ZERu$ZX}cWAG0w6l;_+FG55C^rs|usn*I>;$ zdm)Vka+7GCQyg00OEpLfHI#I{fEXmbx3)xCxm=73RXO$i(Yxp92BH=~`tS$_f|)uR zM~qu*~L__3sx{o!Vyv=H#H)9xad41og{bya2(_n>$%(UPnN9b={!CWu_j;UpSD! zDRCTU{YaN`1?5x}KPksWrG&}YPUs4#Qvu(buyhtJ8& zxVbsS(n8VVnLXxPAg0JZc%X=;_RWMfP`nR_jxiDmOB5*kVFA zbBX+QuAS`_C{?rFD2dxP?T87bcUi=d-%v{!ysi(#Lrea3<{Rz~Vpp}Z^aU;3Ya`rX zL0rcmu&RYcL;!6@i4y()W9qEKqFlSTjiM-sC?X{(DJd%4^J+JX21U55IE%;{)Rxq!iK zttHb@(+MFpe%|nD6WSG5rmWseIt_awVpiFJr)pXEps}M+pn>YyrZski661gUJ?nRs zIx=-N*rzDutw)Sz6T8DigdgySfaCMzIHz08vwsJ^p7?$9S?+uC&R-RBm1Ki%asyEK zrF_2~u$gw5YmvrkDdM&;Z*psuNu>S%pdZRd>53n(1vz~K!bjI!QI{Kj{DE7Se9xYG zZt&&2GPkQp0(c671AD~!GnD|yaVW(PcKd?-{syIJjLdcY^;@W?;%@G>CNwJlq*wI) zgQLzJ2bBx;vU;pybl)RzSdPt0@lq6TO_WtMOYH>?Rob*&Wq}MR{2G}ZE;EA%gWHum1FnKW-QCk?3h4* zQ}kO~J1=}%L`a{Hwrz)mDIZYNxzbE8s-Eu%3hPK@s{R7bi=WVJ`N12$F(wjktjl>x zZX0KR+O`bN$3?BotlXh`#Yt+SFbt%gD;Dg3nAx?K?t`pq;h-EUuuQnYu!rHNI=r{Dq&n(1*vAvpUExYiYgl9E&NOfNlCs#)^{&{edQ zTk$>1-2B3kH%)IsSBNu=rQhS^T!XG03>asc(HC^`{$tedVe%}6Cu&ogDcmWVM?)g9 zWGI6Odfg?~1>+t+;zkdz#usg!3Y^vg_^Y_TK`-=n6}C2&@=NJ%+@z55t`({I&YSnL zy##5c|AfZ>%IMNB%4%yqvA+fKd${Ed=H4co(b6?p9CK^@8MU9m{0}9#oC*cdE&6HW zvWwo6a8;B^VmYGGgXZp0B0Y@>QI>C8VSl=Ndnb=qn=Umw$7%6*Q3Gl=E9Z>&lS+SkQzVq^-8F10dTgj);;D=K%FQ;`{RJzsl0 zl76>+kiZTb9d9w-lH|^F44_q6b6+2MhyH>j?S;ir)^JDFNH}={o(MtIQN9E-<8)#1 zP3S2qE>;gAucQ2~SN!beMEF!*d%nb_*5@vE@Fmt%H-6Znc=@87Qe7VAi*v;Iz|8Dg z0oe=%@|*Z=?5~4tY#MX8yJpY8zv4yuWUOND6(2F3dya6{taVzjp>46Rzv8}!nhe3F zDPanc$iJ3Uj4Jo0sjke~gA7grk^{s7GLti`62YdH>-rPf~iO2{|>4d!rgR<;bp5W2o{{NrjBHPa!o{FMf{e zgzRngpD@SCKk;)ve(oup>2)EgV@Maake1O-cwxUZSFr3MHITP@`JnsqtDyiL`F9%K zG6!!CnJzBlkom&todYa6YF>Y}HGGV{r1AR59|Iw&;pJ=<&9O7qkDKqHC1HcUJ*-;| zwPMmraIH>;;yJzzvQ4krW8pxOvm#%`pu@;!$JY1v)`1SMYU_%CvEBqyk3F`jRlwHyrx0!+RWW!>dC1^3aQAbc z`+HvtSaZDhWR4Jl`VrWXu2Phy$F9$?232TV^*VffZc_|Q5zeLAoe%ZXQHw6yJB5%3 z6eUGQXz;$0_+=rmZD$S2aILhNWOiikV%>2we~pwq`hMY~vH_t|XO+SJJd@;6E7hY` z+OUCR;nj#A5kwSAY?8dsOt?F4>3J1IU(MPo%yp2`nxt+JdWyn9Xz$~M|AtPR`}w@V zanY~>n8Cj0o;*wW(msK|HiWz^>)cg;f+f)cuq<<#SQMXjRe)Zk6_&!l4 zF0bN?g!?*_?-zrMQ{zZt{6cP=j8Y{|>*dsOX&123>!9L-Nw zGmB3?ar&zXU{n6yY=K*Q+bGY4N(DzgQrEqusIa5qOrH}t#L8HjfTKqpM=|u!%u?KS zR>ZR3TBy-+^?iADNscA!z@-!ycSos0@b_uSLA#Y{7WJQ!b5GYd*Xo1|HFZm?m;5d( z{;=E+xnDi{WQt14`e2vDbRY$z?c??}vzo@rM~&^4?*hUVv&iBwzPmX7nY~YIYVM_G zek)hC3XZa;< z`57#ieeZMU3g%~K{)=l8`?bqzJ|LyvxQV!XS#Ld z%<4q=-bmuJij3g+!>_HFl^8=7CMf~hDm>u*1UJpgZ$s>eXx?+u$ZE>lvR>raT8@{_ zq#XI9w7Qb#xzuz`5jd&{RHT;gzB72AzWa=?fm1wnk99U+M?mOc#xFC{!jk0_<4 zvueO*9v~Ivt&*_(dy=TECwc=iTpJuqYn?c=`ybiCdw9aBpx( zbLm_()(4X*9%;hEs!Y-sArZeCoBXN8nYd^9Id-~A z_zWA+x*DBAX~ zNO^cV&_cFCz6px5;12vH+jg{~!k=s5{}5i}9F7Y7fXaD9+bHQTqd^#YEbby2z{d^}m3BWo36UTC$9F0WmyqNve}(9_HKw00+KPu5FzGCaD~ zjos%z@6$k|5e;@oUT)^QACGy1lLzOTdZIA4b9OT|iRl)9Z$I#>)%oR_j8UVZe-Vmi zIC759Gp9%-R6Wp}R2mW#S$C`dbV1hZkp8j6J@n@@C^1JiSOZ{KG9xg~ZrS0+gL z;@saq_{YQY#a!MYgxST~s9688t0RXqaeDD-!i^KL40Oh^Ab6RqK;J#beaDMU;9jK? zBp7qNbZW8rq4r+>r>=!jp^{YQtU>S>?Bn9{*6@pc0 zp8XS%KpAI-i~gCp{U@1;z+dT*H)~pF+7jk7yPs|;e$dEbxRzr#mwuR4TW3-EZf*;I z^RLbw!XcMtNyk7r-SeStFZ`RUPgp;k3fh>t9`3URf7coqP&{v=NT-)<@7KlBtH4^P zy)NT+?&`+1fF;T6!z~jkc^g+mv}iVyi2UB17nQdy3#~I8`sAKWPr41i z<{D~xET8=6?)SCbD&O6r_AU9KAvcu-iS##4X{KFLnVJO&8y&h2uk_&w)y1Xz6@>qIF{A zYs(3z$slv%!}}sr51Kln%|ADL<@@2}Vg{H(FiS#@<|J+*NBqKThp

?-ox~QcrhXEfjQ6+R`R>}JghOJ} zOJ~M@ijBKX;6;E@VAOiILLRC*fVB+nG&t_umk%0ce#GAQxNQb==c(T#-)2)VAU}UB zijcewyyIosBPzsS6|;B5qR?or_;g)U&3YkNak<-lt@10K;PhQPruu+y0BzqjQSWMuIvTo!|gmPeq# z96wFWjEEphLC!4jOW$s!3{n1@gSj83w>jg6j;c*aH5s!l*i_Xhj(>`@~R?B%2WUT z^n}P9RvU+SbG15f*zYwZZnW z9TOW#pH)SnVr*BeaevLsQp84I)X;gPAjGvLU^zW`sG#-zm&A1xJgDCP#wRJ?t=#~q zF9vAN%PSh%G)Ghb&nort8py14g!lmEKkhK>qkbqf@Fi;YpB>4+sj8iGT}+UR=8PNG z{vQt!cY@J0?^5*-DS1r@8msCElxBi?^J@+B zougVXTp1~&R3ETrW3-q`4M;E3e7Tp^G0DgzBhz`NZrJ>w(LTno92|lxU-$t;2S@N1 zc_DwxhSk-eD+JDp033sMUwbAY&-q6Me{I`;+q23Cya555oEtY?)k`=}{wJ=hwTw5} zRy_k2#(l4L)%YST(w`0BF@Bbt=*_}WP~6|)%HRgVzLjJ(ysU^vWqhl(|BlSFJV>%F z>t$M)jx)L&!EEzKpBqd=%kiGxjfMu$KM?VMdH?kS-A2pfy>HNLo2{O|34BAdJSE(m zkVi#)hPI+#qU*kP_OmuC6vYE)t6Y%#Jx6RuToS(iJ*X|AG2f5GGzzC1F)uPGeO)kW z^jPyo#^R%*bs?VD&&%>cXjH1$K1w>24?&oZk$Flhc0xnFL&5lKamzo{wXN2(xP{Ni z3&|-9i#%?hl?35+T+Bawbq8Z=V?=rND_b;|1^3hEExJGGyFGR5jt2xn2(R39K3Mo- z{nwm5sG6WQq3#5uN?Ri_t~KyL;<-0V6@s!Bo*QjN?ishdpG6~I1U-3A>Wm)LPnBEp zS7hjQba52;-@g|AWk&;?1nBkdd@5kpzaQ{VMfn@^@3&buGM>Oi$y3_~Y{wqd+B<--v=^#_xPxoI4I((z zKCAcwTK$(O>QRRp{QYM(pO2KXEA01Peq{XdX-xNCNDt`-Np1zd9I2}S``W|NiZ6+O z8uqA@2SsHs<3i9G2QY^c3lj%J8atm9#U?9 z?IwomD&krCWupTn(E@=z&CMH`H6mzUkM2Tr%76a#Zp_e6;x+&xW&yhiI64UaVA9zdO4y7hdgAt;qH9zrPs1t@q8F!kCV?0_NRqrW)L*x@`o0WAbN<W6GVD1+R|~0yc$4eJ=o~(`@BD31;@MW5B>(5FgCbMz6n|a1)rLdx?E?Qu5r| zW~?$=Uf3fsvyHKE=C*muWhkqVSsbI$WQ;T^}kh((dyP{f{~MUr1c?UCX;p z`S9Vp$8{$*MK8G^ex~|l*Ppbr<4xmVg>knQZBwoX>_J?6XB3$mN?YToQS?7o;obDd zryw?9XwGEJtve~?uS*(Q`||B8l~4_tb`|o?@Mnd$TO(^9hpWqs2_9?J$EYw}0rm;u z)H#yLx@K>at|F4T9Y)l#Vd3Fdw+EIIIZU@-fw!mzGdftv$zi0`n3q*Ck4;=yYT`;$f~J#PBTgC&Y6 zS!34P{X(|@_bTS0tgRT&+CyA#wsHBv+U#!(C0?Y(Q4tVd`7G+0aqfXx z;wWJuK92#BH2;35Gv8o*NBJ_^i4I^NmFJz797%hCic{&m) z)If*X@BtH#9%Q!GrPd>2KyE6ZFJy{Y*9oDq1CZtRN(+Ueih2{@QoQ^r4w)GJO^q<` zixdAT@6%7<#rYI|#qhLl?C8WFapmm6Q##q`woPq;k!mw)?Mf%3L437O9_QoA=^Qy- z3(Nip;hE`o=UN^s3k_(BHv-tzwHyyhKr(2{#ra`|`UQtw?>wbUI$QexJ_eY4lbWz8 ze>%pz#92iwH0wxUt+y)*6-zw#y`3gMbs^kd;WhDK()-jAJPWi4$gJb0>lx za*FuXSo3|q5SYYT#hX7KU1}n6@&jtr&aQ<`e`V#kPe^-?7r7{2|^MMeO&~Ec56~O|e8G~77PtpS;NsBe^kO_x?CR+LU6s+y(+3B{I z5j0iRdAY`>>sYjDY*}afKFMc8@7Sr+& zw5h$seIPqcRc10I7s0FrlyrAkMPB3u{V<5^`X=IeFR3{}HLr4EX`$fl&NF!aUV;jo zE;P9O$i?k|Ke}K}-lV?%x8p@E_+i9vUFgmEmcX}+9oj1S(vnoW%F(2Mx!@bA5J9-~ zLJ{=_sN@H8jX@<(%J1R>3jBVErIBilvtLC6JK!^TdMCWBibkRwcaG7t-nJUWx&IbN zvz#goM?K5vr%1iB5lLyenbkGx=`f`myz}BA z#(((uG2w_ceT|g>$X=R=IlEru4Y{9Bh7mp; zH5~`CK7`;cA8i3=Ht$JY(&4%wc$ZYvNxUoblP?qP2s}>?_tfR2Lcm=EV);V*5e}U7 zDG89mJ_zsy>@SwWS0R%ln*(7+JsKZXUSk~!v2FVvk z=gvUq9T=MU(Vz1GNFTjTw?>Nf(4&bZ9x*Y|QgMWY&EJ#J z4OYXMAj3$6mbPj6EkE!jjDR`(GS-XEZfA$Q&fNJV0G7CTEQkj*s8i*xXy|>5fuRCo?F0$>BEEI$m6R ze7tjd85|PRHn!#Iqm$S2h7H)rf~vW%ML}~7z-At+USd8sY?DL>Rs{uxgVoa<&C>0D zyr5rwD^YuA{`;VZhWvoDv%WjP=6MGh0;9!JCTA;Y4uc&IJ?15CHcza^>#OT7=DUA> z2#XBIP5fSu3hLNAChV^Dym5&TNeXVdMVRl@X&y)+^1@Y}xCfG_Rz|}Wl3FN46(4Y*H0 z@MFMy1)Lda@^OtHzl2r`8VK@102RRhjbRIX1f~#69=ycwPs^+)h}rG$rv)TJ1cB-x zfg+iK+hlc}dW|{l$jAs$zzay%BocICTZ(rUt@n(H4gE7-QC9?JvE5z!f)Pu|ALz-` z^+r9iz^Y%PrH1&%^1Z>>E2dLF(YIp*39V6q{(9`{y^=QtOAzhkm!hVg?0dk@cx?>=5 zytF04XV5%?0#4^i=YF_xh(6Hl8#FF_>qYH{PLP@=I#2$BMDvX;2^@-92-#s)FZO9M zK|JJUVfnGnv}Xk$f)}l#styU5#UJe6L1l?3GTJ z#pAkqfWD4jSeIzEG+?r|d-;3o1*`A((1JQ81TTdsCn2-Xo9h?Nw0Spj{0HHKY zWmAsw@s41GI6H2!`CIr+CvOP?$ErMQt=5b$_6{}g!w17dSk-3DRGR*jA;-?-m`$O5lYI~ZZpPO3cBA9M6qLAC zV5=gsyqp&_$A2z7Ph*M^-r%aZKz4eA@4RF&UtjvG|44da^dTK@>N)wu*GnZ3 zTH4yh9|!>q0Yf@FQG}eFoPRqy-W>PR3ZAd;0V#d3s@k|Hy2c&(N#Dc6 z1>Cqo^J%Wo#i?` zBQfz!xWs7d9671CGApignhpBpgSElkIpigHMk#){2ayZ67g`Ll>bM?@V_}&GtgKsJ z#0f---y*a>7#KRq>6>lxciEaKV~g$FGyxN$($JLU|SLJQ5me}1S`S*MZ z({(RU&fc`H_3)bfm`izl?CNp3q1IOSxN2A9$tO#KR^3erv&R$m^*W^0!y9yFLl3WamaL zagD<(Ft8uI1cJ_&&!2y!=lj4OjPfO;qGT7E_ykYpNz2^SRF$`P_YkiXXL+OJ!{R#f zXObXYH8nZ;bG$%lsNFo91SjX~QkRF3T3(;V&K)5AWVOH#Fca6G<_&Se{tYVq_b-xW zOpWQFh-fzD;y@yGS0>6Hf55l{WU$|F-n1_Uph(hJ`DWJLIJBHb8f;#dMX<=t4Q=Bl zE%!Gmls><4Cm&3-;0biCsHkRJV$g9pxSfbqZqAU)q~qe`MDSQd#E)$3l9rAq0!|gd z|FGnw2XnNO=HrhK*B-A-CZ)BsYNyM_+r2=laZZ1U4P*TAZIfF zrrA`_y0$ zQog^NVP*xMU!vC53?kVVhntg~bz`MaEFAA4ryl)9EWwRsS^9d-7YlvL5PEt&9 zG0*bbN}pV?hF@6}JfL}zgzFO(MdTYmBz1a72KUzbR9z(4i1v1FY@ODq4(`ke9{&9h z#@8Yp%d>(_&L7ra%#}@W>-2ELpwIU}Sw&^1_ZDJj8Lx<#H@(?m?cxSS>W?2jb1gya zTX`Z^Ovg&eOge0lZBjOCX65Jmb9avSf~LY<^}E0S++Xhb0H7iijc;lH>u9kZIs)Mu zleQ?hq?Zq1M#1w&gY}Uj&EqkKG@KvKiNX-Q$cLSqrKa%eJ7SO}_IRO%qGEM)t=w`j z9Gi@1T<^%yP4NnBQ?k}WclxI_W5FB{B?2^AW8sYff2AAPAf1lr?Y+liGb#p>dLnF$ zNw+y}Mn=XnH^#F)q%N~YIa=0$H0*;bePt91Jqo0J9#JYx5e6k1WX;*IPIm1*=1Ct% zef3#2i4gP*3y)-4S3Cm?tKLe8cvwV4q1%8o)E!+A%cTxW$iAD9K}$dyL^OuokIeTN zxd*HjaH*qk4b=ymr*IZ`88vd=6nYhTM+&~ zuRdJV{OW8Nlps{GP$~dd$Z|LzR9cXw+t{gj^M{T1R00kdx^GuGZ-^!Ju$k`@RXVNt z(nwieI+Ki*@+VY~Jjq^a*}7~=iA3xk)imkPw6>7zqzQ?t7147Asgp#@u?rj{QxqCn3{ufCn_Bf=XYF-n^cChS|9`U=JWuNvjHlw zl*s$+bG+*zAIfwL&nkHPLqg*hR0;?mLFQkYLuBr_=hO%Cwi#3o=Xf8^b>z-mOB8ZR ztBZeWTw~Oyp8G1;X6)BZ>6B9Ae=n%%Y^3(rOwY=|s=72>ZHJClcXm|ccf}BF)?as$ zp0~&e?(CD!&W`_inDe?c%z4U<%$CS^vwG`FZ{OI73MCRkwBT;)f*e7(by4H-(N&M&hJeO<36mlhUwp&U}a@6Cx2N<`(1%v>q4SaQ;FgPJ`&9JZX8y2XnbwH;Ds z)ba$i&S(FirCoJ3`_=k)G&D3J@!_8a%x^D0fKuIg(oI_->~PH+3psg7Szu>pJtbiK zM&z-ufZyyaRpLtj82O2C85Smk0*8loARQK>?Uk2 z3g0Lo!&P9jHnPW{xzcm#YgX<|UWNDejvo#+^a#B=fTEu&fk+U}J4IC2Ny*C01y*gQ z=(03j6t9?UFF(Hn3pP|V0s_vKdCpPPK5&5Q%hh%#_q6BP7%fq|@H*sMvfr9;ex<0@ zAur;AfC?2p*X+oW?k}sV2Y0GrJO3;}QJvV)feoo<#}1nmTCNA&)<{&Nw5E*AKqYIy z9;zEQ08x}}Y4NOKsWR&}L;T=NGcyK?+DqX(LMQ3HsiA3d=s)uFU$OhZkw~$oc^8^% zD4wD7q-S1i@1ih0(}iO1#(Y)o_GQ09ha`N zrTDVfrEf8T+pDJQ6@`_19>%fqXpH80Iw~k01FFu6O z9v4*9H>OXwYOUfi?tbj5{kcIaDD;2bqz{ts$$d$NeQ6@RHdpAO9Z}J?_En~9uGxas zo&62C0H@Vcz2e+60d#!$ zVi(XbNW4VG?{4|C#xCfcq51W$e6`3+vmvvqGE!I7&$lSi*sMf~j=JuIK$M%7-GL); zK5qGlTpkTN{mRC+lRc$DNG`*wN0U(=UO zS*vClQGXH-fUENG@smgtvqXk9Rvh-}ZYUPglDo?;8Mr+M(C)ksjOX8*=R~*)5l^ip zhgNKdw1;^=)=^H{kEBVn%1$V&KKq(gap)T>h2kL4%N&R|o%>U~5$s$(Op=n^q zjYtHoIgkXwfKJLs04$Wyu&Dd_5`X$vOc=KaS)-Qr+$DmH3vKeA^SB-Ie}VOjDe?TI zFG#vVB9QzKYMJ3a(@d;AFJCwm2=~4`n?sU6{2KEWRT=?Sl@Is?(4+ynH^gRi7bwxg zl0wkU4SPJR*j^zkxRI zLd4i6+K=+|&-m?;+?iyC>Wg){-YFe;NRj=|emhATJb4wH7;cC59e8z@C;nqg(5OA* zLpm=^A%(UnA^G^gEk2_UF)7uRK?u&dr)MAOS zw?d+aEvFan;y4jpJLxpsaG4wq?9KXNz0U%q7 z5?u!^KL0L4@C6m~SfQn7X6i%p-8zwQerd1FKXQ&bNMyzO%=X2n-nIR4yP=x5Ym?89 zp#gTe;go~V6cHL7J!86*OhfLuZ+8cB-w{wMT)y+GZjaw9F+s2zX=%H(rs%XZl<(k0 zxo*13^5f)IE^1g;9urVeQH>`A1+shA?3Tf@<1T2^5Tij{Mf*4p&rNp2pk}^@hidPC zC;4th*mZ4((`UBNzQ@=S8pAmfEQ}|P7SQK9U}a{+$DfyfSuUSBUITpCrgwt83^H&uT02y(EN!|`xj9>6snSXIcIlr zArPmu>loR8gvb^Q<9-I9o!lXs zrXLcUShwe+Wsdaf z_X+U`3G<4xvh0hJlf_)~vLrUI)#xCO`sg{3Wx7{h^Li&pcx&dUs`5H~YHV&|w}0E2 zaRN9QMoe#rM_BH!D4KG|A?At0PMfuYhxscztIOW!dGNPKcA!IGc`+ZU>p@uvVQmqJPMEqf<0S#yw)lTz<&Q zNoJqbT~`E~nB)F`5-0=&{NKO73TXU%jhyunZO&A`J9+Le+aVhjHlGoIJHVwhF&6o) zjT}#NDg1cP%*KwMkXks{?+j>A3$@^rCpoD@}!*N6>;u|5|l_ zyk_t_DiN=&ZpgC`8?3Lj&}oTaQI{0|^sY?DGnhWnGniF-LSC$;sfp90-&B=V6N@+G zr>@h&fc2DmsS7R|jN$s^M1-a}$UD;&7*&`ENTf^sBO96z)`rW4x7nC|cR3c$i#faW z0W(M{5F@3a_t3#uM0&_th)BR%@VQ?AC0~=fbtv=}Gvj8siZyclg3})!@!y^xO)fD@ zB6_;YPfQ*r)!MXeR5Ug&EC5r5Y>fg^TN?e^nM>=PBTqZK;NGbocJ}17vYesww3qR@ zL{A~cO7_^%$Qo-1l|=f;naCIb8m*nLmR5!O3zX7)HkVFn3?zauN?1HQDF6iPg+J>U zn3v7Gpj@VthkPK+0#m8IFbj2N0^#H34?fHqz-O3$RK%{miAM2_MEjrrPbJptKR^RkCyv+ zz_>Re9?a~hF4yIREek}B7(f&r5y#ut@sqSHgQc>RSuF2{nYm@%ze>LT--zpo3Kog` z+`oNEV)v4CVg;nAU`Vodv8C!J5I_Ux0E)WP<_%>}?oh2~8QHH38(FHG60`;In|iku zlD>TTa=V-~H|@M;;a>WkaQxdMt{bnXd*er7~Pnr(GCrjf)!iFHpq~EMN%Q%?xxPnIN zWx^`C>R%Q12kGloUU>yro_PnB?~nhK#DQ-=VAnd6O_}ScOiD^BAX7qI{LfZ=R8)G$ z$mRxa-!J)Kb3Ui=rgF5UzSV6TAN~0~=S16-U$}_Rjg2(VL_3+=IWRu_?BZ(~J96Gw z;z(PM2(J+IHXvb3wV;iH#fDQ}p?hSFy4P{yp*P7H}8DEJ6=+%Jgz4d62)=;(rN4M$Dq-YIo)hkCXJk`D5zaS zQK!|TZc%Jsd!B6VKj{T&S2kM_^cYcR)emBG=!{(qZewUfCJ)^a+~q~bz`=UOGA*TO zkA)Q8z6sszHzOh95Qg9z5~2@Ko|Z$a_2JrppMNA!s0?@6(uoIev7HFzu~qPh9In#B zFyWNk<0Ijspsbl0W_tv)KD=6|Zmdk#yXzoSzJX9FHL(={GH4PU`$ch>-ytw$xMBj= z-nhPAR1|Y%Hq$Z#Ix}0!y@rt9V7>m@k&IKw{b2S}q^<>zt9?8@>Wl&{kBpYQ8jFT! z;u*tt)$Jpj2G7$6R?HiW;~gfCwH!OSuLNdx$8?iSAp)nytbQlX$@5n{$*VhOjpeaM zX*VoK^T|V7Keig`uY@!)>z0N=P2MD~6Ow%E+QV`|HDj;;?S*%B;Oiw2%RSgF9Wl37 zk*PW)3qun4LsaM+wa4FSyBaf~n@W-WV=5(pliS`M%q5uuL*?n>)Nj@V$rY;8Dz#xmokk?DF(-b)(h+&R^xYdmpO^ zdx+5+7oT4QH`v3K+DQ}X1*Z;t><^B5s+Bp1a&Wd$F9NkZuf^`C_u5Zw{W0EpjTRXqV1Z~T1gN2R#C3TR)`Q=1gXW3NiIv-*$F-REIjMyPQVf^t$Aw_?6 z{{ec-`{TX*5ld;_?EYdN=_qD3{MBK&XHmk*<}oIf?0V-mYcIuU0< zo&+Nk$pZpeI(CNOqmS3nu&{O+SQ*Vr-JmK{ajo;7n#9me^Yn`$6_LOp!}=m@AD)tQ zh0fo(ouv1tL6+BhC&$(S$b7oU&+%LHAe9u+WF~+-Yb~#>sG^Wii{`f#iR>)s_UI85 zuqpN!$j?;}>Mo+n*N(hfi#P1FY3_cUTh;uJJ_?3*T(q4wXujys$$aLkunqcq{>p8x|ok!Btv-)?MjNyS^bYAoAYt0@l%|Q#IMtZVxk4S zcn)I&)mrt$`L^2AG3TzJllbK@!POZrZR8Mipu!rL+-eel`dK{uo#io;lAsk#IOLXC zwTZY4AK|6FTqwrGE*_8&lr(i{1m^_y4bT{)Kh)Xx8rr0e)@FJI5eQfO~jW}cYSDTLA^}Rv-3L5 zmVK339|rA5ZHP=)R8qPkAsp`#$zB7~p+vpz2ZcHr=hc0!1->QxR{tEoJbC*W zJ4JTRSLDHmf6bC`J!2enr{0R(w0%DM)qa{g@rqajaY#zZ2KfWshplS|XEj=h& zPx^8IHnMmrq;`y){`qJ1tO-!_j3kYKEOc1*nY+I+jEU#r7TDj!fDXrqJ7mN15OA-f z`Qo}EnNS-{c05ZpVPS*83I&>xQOel`Y`iBKsVbR_Osiy>ZPsN>^n=t?)Dx>h)@Lhi zr*)TcnkMfpswU*r)y=wjRt|nA?yj_4dZtxVu$#aAaKiH%Mwg7u+1D@6I-4CW7#LyH z&2imR<4b_QK|hg%HHm*ygLmB-DH<>mVKPpZqq3F?cLgvGnJzC@{4NJvgJ6~v4AY_M zn~B^W^N-39+CtK$He-tp7x@~@*;=*P>Zc9dy3JG~^yS`X7v7FtiArfhAHm;}M!~?s zkm1f6YLrOdKT&PWyvU!|_w%_#)3UOvMjJxp!bc=YLd9s|vdDRGN0wF_-OIXIcEXNj zb91w{ou4T`yLPIw3Vukc>Z$yzA{2{X#Svs!jB*7`Yy}mUNl}+5`<$-l$%I%?n=E$4 zaXR4q>Qs%fcMsw+@8G?Ub-MNzsA)9hg3|{To4aaGp2SAY{h4(FaVsE!p`OOcr>OFfg>rJC_CtP+VfVqK~VEd{b)#kzIiv3oHVl0{vj(YfEwT9&x-)906g z{<6vgt!hg@v|+WDp^qT2NmFUp_1Jv~gJT?NFZW}b%_#&ELd5@P`rqe5!@+bk+FA8S*lk@}Kb~NJCA*T%MdIXJ$6T#WB z08DkAf~lcbur^{oNvq#yy?YOj;Ih=v})6R9VL&#@BLZM@Kj- zoDN@FmoH*%*6yk5cpqPf(tqQgd@BD>c389MJi9tN(B5=+>&aD7FgCxA_FNcH6pXdf zE7+HDwxlbmED8!z%MRjh} zba$8Y=5QBCRki04rd+!{r(14p-^0=hHIWG+G6nC?Ak_MTnEr`SAgOTJ-?<>czgADC z8b>&DS-qbxTN@9e3>mX~;=v#$Q!_JF#?y~! zWOL1&_-+6*{DmgMxJhcG^N?2Mh87CX`kmf**5Kgam(l#442gL3;UrXLHdD=Q;g=O* zpL$+5K+?CiIpt1=A0&Rm_tO}h{D-wgT3Y&Or^+T}>zwqYqHTWkz-7ZgOMAF44(n2d z4P9+^S_EDXTb}(e_{`q8cO`$c!(JY()ThQ3b3-w2@EFV$P z(ni-{?nIG>@t2M7c#E}gW$f3^(aY=EG+3{=BNJ*qoAnkquf%a8jT79@a661S8PeqU zhCPuSw#%>dW4M05dX0K(G-T2=j~+$!7_>;S6OZ>4D4FEOJK%v5LFm_`UFc^QSRY`W z?2|lo5u+jS{}R@hCN*3mqi9M?CY?O|rd~HKsk}T&*Zbm%fgO9I=b7*=!ZXoJ(GQrn zZ&L&48opI2)<2Nvp{C=R)3+BcP3t^`L_>(2UxQ{oUQ5uEKgS%6ODWIhe{ZUV8Z|^W%!xUKDue?%CvecQT zzPEUru?6OB^a-vBgb7}~2KBl{BQK3#U_=uWuS*Sg&VIV(a4`E_e*!T4&HC&PtBshm&P^aRA_5In?3x{+m^a$SSeZoD0X6jOh1{J&*Yi2or{AH=RTxvDWGzeqr)ABmG5D-(CZ`rCffczEIzxw=FlG&Iu4HgeCwYYwH zQfWcS;NL!SYS#Ht0+*^dv~>1|>%^dfah>h)TZREP@HIt&^&Sy{(yBcATeh`78v4B+ zI>7P0lQ|Odt=f~IIcx<{5nFgzzQHL^47W{}=9brVp;99WNS;kr_lcnwdJUS1v3WJm zpvYS8DI$FLPIP{0DLCK#3A~ZFe_L1}=y4^)1$pE8^__0&pq*I<#2b$2VUT3IBWc)d zx9`S0vB7!&)J@}ooq)5Xz&Wp0Y%W+x1>C}5X$lEW=t4(M{_(kjZbm`k|03z3kWfH8s#zF+d)PTsXn#9N z4&#Xrt9B&^j0+%l>rQ=IqKEQms{79Yb17LNlwJTx%7(jP8J3g9Jyx;8E^kCYzd-73MR`Zu$ngLBS^Xw6hGvh+GOJOeuO8mz z|M{EY#m1#XkWNkJTQ9_@sWc2H!13nIH@7`VDHP$%I_^U z${HMZxcrcuAhI=pc9qR@aAEoC)gw@Gu@ex6!sYUAzi@Q7uDgO>vC&nvJ#>stb#dV} zep>&><9MV6N&wU)1%;`0?k#NW+09dOTZP7}#nychX^Gy^$VspG^=#&EO-+`Q<&z77 z-tmEJxpl2(DmDJ)gFS73PAS~Npt<7v$M4<*#y2%U$g?4hLH*Y|ZSS$$XeaD~WP!K& zjZ7q1kNO2nW*Kr;pTN6{jBJ6KW6F;~vy68iI+yis8E9HB+?vN6{&cOYiTw3t&&&CgO$5o4!d~hyzB$eV{A3(cz??Ib| zO>L+9R&~>F^ivp1H*O4X@_5Oaz9xFo8H-5oG0+NR2$x>e@}}1HIK)JQi+Wa;JzkF(}Ex?4cHyBkEhySux)&dYbsfBtW0oY5IwciDH}r>^^cUY6XE8sX2P z9-p3^_iC7&z)BAhcBhXr$Re}YQh$$~5?Irjjp;71LuvHY-G}TC=ddH@%m7@(+ECIz z*o#L=sbFIYbBwZ$as#^zxGcXwp;Hh+f#I+StJ^Huv=9cU!S3pohwI;cpr{$wCBy{n%{Y42}LuzWV6Rl0lR#tD1<{kflis-{vx({)pDusRp zkFA-cIyG}k5B&Us<2@aLP7-?)Wn5)#50EdEDub;YuDwHj-78u`6Wc==oI1z=2jMAE z+}PQ%Tq#)lhRThh+as0z(#}(?(Gu+ruG08qQ5l(UkdWT5PY15CfDhP`3l2vG`PzF+ zdDJKFml&YD)K^-R98MJhOU<&bF0xdrwqMmY?_!9*eEqt9c6X$!>%8MD^-5PYIUKJ7 za1|L1>n$Q;uF3`K<^BYi;rDz(Mpi!=2M(Je7pRm@_jhP2RVG9!jKw>Tceb;|iePB= zijjRGmdG%!GC-i(Q&CB3zCDyfMnkjRnwqiMVwjmz^MdQ-0mo(8?TUzBrkI}CR|&(> zDv-YKn*n!@&0-xcuG>A!tI_;TDf4i4_MaKFKVv3A!J(P1Wty*k@$n_9&Mi{h+IZB> z=a@y$YOl7*%$~>J8B@Z*X!!mLt3A6wE+{;_VnFplS@Jitrlo!6l!^2H+|C>TsQ{!z ze0NC(a+qJgeq{@lX@b-zRk7rVEg7tv+^Tl%#LoEnv-$MAi10Ana3D8~5S#NmOd8U= zcR3nn-@%Mp_qJC?Q+G`KH#>|5H^d9oePHaSUaTk)rCN>7?JpVeMEV9hG=Ez)TrO+; zSI!)uov$vW7X>?@UL(Y#iOkO@1;+h-fTJ_QU0B|*<>Tdb+M8mU1uJ+{m@HOz#|V%& zcd{n-euW1C{%AQA^GCcQj)QZJ`Aj(Q`iSB3c<=`Y6R=JoOZwUF!`vLHq_<#?)zNiJ{XkNpATFK!SdnBDJV7aj&%!Fve9=`4(U`P62LhOuW1ShP1# zP{uQy@!;B}DZJD;R{!jDN7aNA4YJn%|0v+(_0Hh0RyI!@ME%bAY33>mF+5J-X5x}u zLIfM%h7sqbVT+c#&^^hv+f5F`M|!9!7zY{Jrzh(;ZD*fL!>-W5@}K!ix6nx|0>EE1 zdx|Ma&s!oz&v#rs9pe%Vul7rLFs%{Nsa;G)a85|*jh>&u+O20Y1oG!0q_&Uf$ntwN zFOCnCdWQO+KVfv`X?e)GwC!&lWIPxH*uq`!ZNL5rd2q!F1bZ%h#Z7Ju2rBxC&C*2Adl+-BbKo4o#_G}pVX2 z;OoKUusumz`Ylq?GmODtQ0#k_Wqrv_M_1$Q+DA88eyg(+$Zh_2JSZ+t3N>1AN^{GB zg5ZB2a_)Li!uD2Uiu8l>^2Mi02YvPkx?*41qW=Yr&%OonFR)@=K0YcWI6$F6K31$L zgpMuU;}H@BNt`l{nCQO%#R(lU;QI(&2iaZpcf4!MnhnI{>3kE|jNpZ8J#hRPk|Jf1unJd{=0}ZC8&|RjCVc|ojRV8~%2KGlZldE&rC-x0H(00U27L0K%KP`zxP|uRxSDe{yYe5 z*9fqakpF^7nEf8dMMgjwwq(r)X|!BPl-lGF)AhIK3SUI6rHtO}w+Wi3 zr)Qe$o&u-K3HE0s9H4HfGIV5jb?9m0;G!Y@m15Zt21fofyUqj88iej?^v))}J6c9G z&VQnxc@!t^s&&!GDPBUV+#e)4sS%t%?dP+0v3|Afm2cyUbXEHAh&2yh874*?EEU)+ ztPWOmWs+vflP9@PG1zozd>)@U_4D_?I1DMXVm`xLsI^$Tt;hnYy)G#^Z;9d;d+3 zp%TyOrvF&=9^Xgoe&9rU3jJH@m5fWy>T~n`^$TT=l%3LjYjH%ffWlb~yOJZEutYj_ zWA%>UG$%~P{gb%)W|82zEK-+r&$(jN{>OtqPYmKOQVb7Y(&O4lS?#MbHz;xu(<$V~ zhp7_hW9~&B>T^uytPJbFP<^$wkCq*SnphmAak?<;W_iSzv?ZDuZb(eD}{IZDP{oaS7e%GB|;K>iCakL0onJW|tB? zVk|bRs@E}Bijo97C`zD=cJg%GTZ0nhg3Hyp^(%5+Ni#%U7t&)Bg=)JRb}UZvHX|fE zAbwL-SnEeOQ-}!WmL_2x^(-23otNO3{U*b2E#GeGzqCRasrvw-t&kQ(5)(qzc z3F#1|a!ozonapR)qU5A2=eU5My64?++HY!A_yVNJ(g4(?GA?jiNxqfwd51YHTR~G zY=kwX-2b4SA0fH9XPM}I*a>k@>vm1q+s&wwvd;@No>epYDI*!A?hM+A44EzI(XPq& zP#=qtohlUY@nt32jy>m z^U>7A4ag=e!&YP~!RO?+tWVci^JcZ8`wfo|K-|$c*sFb5Zw=%#>ffi-t?bf8<=%;G|f& zHPjQ0GF$Bi2jv5vLe#)}DGUEb@rG53xtr#%ddJOoAjVr06D9HZ2GR`Y3?I&5eSqb3 zdEtO)v_J6>!Qh6bibrR+|Iv?J_}$XxWbUKcAXCiG>%)5;lf?LA)~1j~f-Xf=*EwhF z>{(S3A)JehF2(v>ai-=gtI2V~ybaaqgv6o$Q_8Fm5fAD+9J9VNuk*Czkt5TeDIF+kj z82g*mI#@o$rkEo^!x{zrQh18B@qYvYIK{F@sr%=4f(Tlp(@__(z=8gI_$#$*jp8+& z@6KE4Wvt^Nlx#lg%?RA~j=7*H*9v>{h1|`e*`LA*L+BlvRohgx%8zB2o2UK*hAX$0 zHbX2qv`w95G^&ij88>F)iMPz!fbphdj z0$a4C`u2dauifTZbl#ackPSBEMkH7rut#^B>5I^1qo2>cOs@cP|5 zKbvo1zT=5x0vF(*xu7P4+qbCHIHDuTm;(3rAKjPJ@~xXhV-WDpd%Jv*`?`_9jV|_X z?kVm+5kq`QR*H?AiZVxT2p@S;MwLIxPs92!e5G$JyA#Mzb!(J={R+(l`XTWo&XCB_ zQOuQ>&7h59t*YegfBZJKl|Z`4FDNikB7{UNo+MheO<8D%n>E&(dv)+DVu5GB!4`S{ zYS#|3+GHt!hcAE*Y*7d5nuX}+i#jdk%MmS5Jf2@aq=SM9lq-5m$qJz9<9~Vis%w!M zqXoi>Sg?R-t!zReId?Gh0~kXCr=oXy*@n`xI)u!GegL-pVFO$lZ;p1(=6BLueuKh% zcdUp>it~b9`^NrxB;B*zb4Bw*0KN|&Zz8iZ`48$8%BiV`lV*{{@FNJ&{o(t7&G}dC zeq5!^0ReQ%BIA;P9@hKMA8l2zo%Bx!9|o-nJ$c*>v8KFoFQsjnh5a{}Gf!hj?hO}1~)8pmJ5S8jS=Fh4&=k4bE zH*en1pnv$Teo6uaT;E98us~-B3{p==vmyxIYS*YX9QO}=g7$8>u+#;Ozu4H=)0Ijh z&_hZKy|e>wVsEMmX=b>=do}Xoo-=6u>2#gvfDRgQpgUc01Cn|K&C>z>hoya{s~9ylxj5vNO9gnc>U}Y zI$b4*n9Bc-h|Bp8Od?sFRw0}lSU^9Tm#=eoG3R|&cW91ddMi%ZP=CK(XJgHwh%g=p z2LkB7f|p%Uft^TW{nX%NuE>0CX*TViuDk*{wOFw=@9 z3p56cPTir{fxI$ReLFxgs@$N%A`*xgm6GDCT2gyc;r>A9yicD@Uoam|4oE>DxPGm7 z_lyg`cr{Zu8SwWs27`@XHHe<#NrV3#E%Gc5V-sSt@_TsT0AMaZ-{>CcYj5#@!52)_ z?dy3hkNYSX&u2+1u+_-pE^HF<<$lAl)_h4EydF?&y{=~3{UX)S(gS7!VC7pl)Wda@ z+&$-O!LO9gDW1j}rdXn?RHUxuz6VoTS=l=%oZunG?&LLKC~nVc3B=zx6PwDlMT*}I z58}@&!-9KsruZ97%AhW+_0Hu?Af;Tmv}Hf zll=@7d(hC(qdBHZ27}20fUd!s@hV@hKm9y$JdnYqXTlpPyBhqKa)XbddX!um-)dM- zU!yfC{YNmZ)32`OWvM>gRG%Z=w$E5f#9K`q)ZCC&1dr(0nYktDpFRD#(*y_$X8-oH ze<`w&m^Defmgz9*_A}Wnko#1MD*f(_F)>!kd-2EEpM*WKp0X=lT7A`4lu&OJ_=`}C zkl!?*Vu^GqGHxc_QqS;rSzXeazzj6buZZ-7DO#|qdi9A#b6Mi@zi^}M8DP!elHrZ) z-)+t;K+|#l^JL+BGzN zqQNrlhf`>dTufsLJQS3I+dSvnthbI|sqx0N+Xi+&G9(BY?XBkF%M(TFR(#5LHjUjXw`&CHGyP(B zoW`==zvewx3WX`uy1u(ue|Vv(xPFhQ#5@%;%|p|b%3Gw1Q|TzA^=)tf6DxI;0)6Fj z4o`fm+<*Pa>|fgS6{*92rN1%oH^sot%qU5Z{+Q#nOl~u1)V31+`?JYJ>MfbJXkz@Q z4inZ}ig!w6G$HtTVT_8~apibL(6-o)O0E665)T@V=cN$D{>F(Ir8%kT(RexB@pIjX zElDRoLVq*OVP+2w%*!Rub)y7ckbU|lO-94UJMd2$VTb`r!(j8^hKhs5Opu~k(FBN##s^Lnyk-8xiar!iq9uw_0zooo?XA5$So`4$D z`j;`1-NhQytL@9o-jNm0fx@i;_GQBzpuSutpe|7I!ZfS~=diJUV2RiUqo#>^BIE%+2DMU{=&KlVB-D&h4 z_i$6sP?rYXM7}QMKmV{Xmzs$w5LCS&u{JpS3$yq#npJJQFudVTuSyB}_|ehHFnQ{Y zPM&?fEA!7OwPL z4eNg=!5goVt7Mj$nZ~0l+}G}-5#5g;%%HUbkaLV57R@uJh(tKCp|3+RYg&)PrI_|S zTz6qfm*Z(%IbTY7}W-L-<&ho2PJ{j1|e!`FdcVG;rYupyLb zv`I?q*!A?MkFW2*!9TO@IxP=_yKzqqJ#{VV_B6kx*Xd>X8bSRHP+wr)BOWfiZ?7bJ zIiEmUVOc5zPYDJuEN-Mx^%L}F2{$&#wBt%9JCdKN-Q{E*M zm8EX*1Rahd9WQkPb=MC5&TAP*K$Ikb#d!L6pzJdS$`%hx`aiUE_rH5`BpTsBd=+o| ze&iJq!SUQz0lE4yEjA1cOm<$*Yr}3Lf~$Y7%CLVxvy7xig6%sQ*;-Wu7Z3toQT2dm zr)1)!+Kr;50T=*_;!4*tzoj!t^P1elrK&&xQuO4Q$;n28u8;u`DmCBso8k;iE8Tq& zi1K~7`C+xHt?7K`EGrv5u)y!aTBKO4{nF~*d~y5$4Fg+gvIWoibonKZu6JaFgvx@% z+M2E5KH0S4`5voK9@ZBQ$zW(-0fcPD=bLmTsNQ`AiX4Z^^)`J?eaEGFhH+Q()jvE6 zq5}=KJHqTvqa^NwK!MhMUt^l;F)}h@*mHdZlDE{9?V;B*U@J%5UkoMG?rxr4(WS+gtsea~RUBr8-sQ|j1#)8;r%Zi_iNEwz=EXs(JYQ;j#yU(a z!q0XJHhH6i2NZhu44P~js@htbA3(`h>exn51+JE7@9Q(=P}Ppzj|d?)izC$d@;=%8 zoTim57+kpl#!i*`5FS27bPdk+0T^qT)0-*I-*SM3-P1rewLUR_jI_kD(wfx? zH)3QJVXBHT)uKO2Ucn$<)b6#MkRN0H$+Yz1h-i9G8GV+;s{Scs%X^y@jpg{TEW4_W zs|vrmc#uJ1Pm|Agl6``%J;&^?!W-W=3LoI*t#xB@kia4f*tE{OWb7qhfg@@L*_GXpcFVQ)VForbG6MLnx8ajip^?H#`(oo){kAKlJ zGA^gH%v2l|Eh6M6I@KxS&YWU!RT9jHUN-w8Tm}&**2YLH-{~ifpp}a<;QKl0eHw5y zroZ(QG@I?A|Ht^e)Z}p9_h6}8G0V1@NDO96mJmPJ)?Ps=%Mpv=bheNV>3@NiZ5^g3 z%~D2A%5f(zH@IzL-AMktuh4_>SS1m>zfTnz85kjk4;f^YOP|25V8_0%4RaMEso?d#eNRtZue>f9022=2irCPpSIvHX!7Iw$u z2%Z`cWPN$F73S|jZU@>4fac*yb6!KKyLrV*lq=i{V(WmZ*;uLjcaP_1P;ggJSimK{ z@(;guN@ldy_I9++^UbIj(R=#`H-XmQj?P2a_YRe^P@@hA%CH9#o+;cd$0||4?M*=c zJv8$#@Aa|BDyWjc;Po7cGEetYPMn$(z+&+wB(AO9F~ZO5jup-uuzP76B$76)b@o_> z{*MtWo}K4JTYJBbMx(&;wAVrcB%`ktNwixscuMf1-GhVSljzI?W}5e|Tw3qWZAmtS z^!4pQcL0130|3+Ea&;^QR3YQ!F1u`eJ*Y`6OwQtBGBTfli2}?(0u@h=EUn%y4d|E$;=Ki& zQ~Fa5Y&3{Oz$+zPT@3+hHq#T88G{SFJz>xq27R^$Tf?A;h1bOP>~C8VvoriRM2ZLO zxi(8A5Lm;&p;5azwmX`}PNnji$dh_qVhhwc1qC~It1WfTU~Z;fx&rjUC(U<_lPgT- z^P$gBaGyVY5|NZ-e0O&C8*IJH%*0=IJJMf%*_A7MGUD-01E+Jc?^b4crP}V^f-cGF zx`2e)h47u1mlp&qA`b6BJSERZX2GT1M)&ZPnV=VJ%S`x)H7m zWbm?qZijlQ(H#wis z*i=MpRvN3-Kcc#xU<@ln=YY%Q5c>G&1|YSi+9khRjqw|RHoST)nVG@W-GOmD^_4T| zdYz7^#^xCUk11$a82n(6YETgpEVXtT-iId9n;)wutf6#&2yeb!v<3K^u(b3?zCeUL zW47>Gmiib@JVhK851V9)egoP<+Ae%?3(N@wSMph-Q z4z@d0qNA1fRrQL;grTlO+`QhnH(BA5{&vdKgx6OeZBbi6wIUwSC+MfDtsR*hp3|R| z^huRdq$K&=P`*4Fj9WGe^Ze)E4& zSF2|6M7#|lYf%ze^vboX=fdE#_~`iyU{p;}+%T{PHApTcDcqShQ+5weklM?&M_?nz zz74+@77WPeApaW(Ta;7V`mIg<-J)FHdV?ZlYymYAidxV_%9xr!vN3Y#+v$%bsOY$v z1~Oj3*!TAuQHQ2UBJ|2mccGABZv7RnpNt+ z{h>Ois7*YB|2a#BruCAA95T(UV57ND^fy|LRle-%nS-}vcLbdzhB@cRP8$o+;>09X z=a0V(ahTi&g0Uy_TCo~W0zOp))$C)LZr+=qONNl+&izYPTev(K^aCwQ$_IL|b@?Vi zypWci$EH!9&8dqtt@)HGPeUp!fRq}nnB$yoOW39=82q0ub0a&pYsmM13D-50)$qiA zCU0fnLAZBrk-)2){!>;G!G7Pka)g$@9bm+joR5+nJ3A|{-KO*<%%?8{^RN6H5BLYk zS_-5c*QF!H8GR3d?0A*6dCWEnsJJ)jJ@Hrsl=x<3G`9J(J_>%d9-@MQ`3+e?ZR|8r zQ3!Z+VKD&z%#fQhD6#;A(@H4qe#LVxMhPzW zW^f@pT7SN+-=AkOdo@?(a!UujlGcZ9F&wu|>j-1DCKnjsEAx1A4EMT0b)w?zOWx^v zl@z$avK3Y|$Pe9u7AiF8Jop8KE@op!Mw|Vs{+`^YY@bcstW@gU$pW%eZz^~Tv<#MX zlUpAjzW_|@!&i2{qy!C~ka$Yk6!F*jIp}&R6={BP=mFuA=VPMdfVp@w-O%3eqOztm zAbWg$qS92kyZu!_ss->P3RMS1LlTm+&YPw=bR9+hKYxuI4?t`j+YSH5+Ijs4tuNaY z5FXEKY^)CZ;;u-+^j<_E&ug<|1g}8Tfkk}~xDzs`jhNl{38Q3=9S=clTi@B~(Usyj z$o6Uinsz7PtHV<7i3{M24Qa4J2p$HB>p3>Yd!xUoY-weQ*}>@McQk}hZ*=)0IWvnUL!+#v{3@< zHBL?L(hfGP5hujm#pH@_&E=(WBMX42^$YxbB_q+8OhH7+01O&nynKOQQi7CpX>+pw z%lFkC+*Ua4y|$1<`#ZD8CkotEApAppx~PlY&P#Xg=t@lh7DiLSFGkCm{z4mY?EuCN z3J%|1e!#VvOQkhFmrwIpmoa0+3W7t5b~^ntzyj!v*D)q0YWJe^1qPj2y_~1#Q<$yu z!Ie_b3JS1QFzjm!sW)DBi`Y}Cwt@r$p0QkWHj8Fs9Bfv5-mEdJ{mpmy1gQt>085Mu zg#ydYcRGY{2=LmScUB}WwlB6#%OU|_^#1uVHKQ}Yc`1pQtPK{N73k0F8$?jTPW=2e zoA=r2=F@Vf6Glg0tjT;+(lMy1YkftawD8Q?T}DJ zFrx}e8bcQ&Tm!%pOu5Yh8xH9!e}?qwrkvCdEA6{sV8PH5ezOb~*XK0JJl|g+i3#ZdY+ag?mP?d|wKc@! z-Gk*7(9MM50Bj%^q{4-B-9P#SsEX{-^x{tK1My;Kl}vBmNh>T+j_ZF?6^Ux$vt09* zyN5p(4Bo^3qvKSbY&l-kdVZBX7A)dt77~Uuj8;WFvZ?pwiLfS-33Pw(l_m0JwIyS5 zadW1J`scw!jj+oa{4Y-=?={qs-L00}LD>T80iHasnR#d{30Y2o9GBg&JA>oz3T_Ap z=gndccE6U)W5)~}kLYNG!xX(fGr4s9?7-Z+2za#7zkEdJ>bpHtXpEvJFJ|_Dg8I@) z&!3NcW$~E*KB?lDuwbT<{hdW5zwcC56NT2axqTvPZikVtpBak?wcApdN-$(Z%_uNrWrPOz36HMDkS@Qhkqhlc>HnvoMrjxFpKZzc5!Ig zMDSgyE{((#ybD}Dx~e}m{ZxmN^QC;FjGxj7=53zOr^AIy9gpvnG158haZ#$R zl1z-sNm>{gB~wl3%el|dX9S(!ZB9fudMK(Z-o~|?n!m|Om7$|UBS%;#09@k(?$yCZ zvHYxe1!A0j@SX_VF}Xvxr&X3t2ficd^mg?Fh%i9=P{TAB*V@x_RD9lYbFxHGLZ8O0 zpB!=qby(zQsBRHq4wz&bWR!+~-nWixE653rUdcZkaoq2(93Pr9It6KJtd?u zM|k8?=#Bf|Q@5>Un!&tMPkaG!J(IK8xI6d>z$Y+7o)d}vF)`#UOMK3GVyI3y_%Y{& z>ReS5?)pf7J+^@T^i;PxB1`}*B}PZ)2Tjs3Bl@Yr87_~fIT2?z<9_+NovXvC6rpsd zWY7Sg6nS`h+DY$+tGL*1Lgylc*_hmm{?=tub3TLH*3k5`!R%;3>|qwM`Eowxa&IA` z{SV&bV>PITx&+Sld)<*Z_ABp|LGHW*+av>|3O3h+7~SFNyE=;>!RUc$C0N!t-3FV> zA=c;dQ8hu%O8A#tL$PMV-;D;qjJ4}kB9-@qr>t%U7_a%jL>E%`@~@xXizHG~MPv_S`+FlJEr^TQ|KHK(J1y+;Qj5;3dPqe=io- z#}(r4ba$?gG%so`M{so5>^86JmNP70o}po20J03MKZ^iWWT1Bn){&=T z0E3?T5NilLX68g898aLTe`#|1&h2+n&m$ zy+@p4iRb1sFyU#sY#QK7inbAe_jb|dz+BeT{&H95oZ?!^$F?Bu ziOuL#doR}ScFAHw5!JU)e?T$Xo718Pv2LfkC$5bT4gp8@#C@pw?xJDi<#~jtHJUeL zbz99MZu0;D?hFo0DhrT5p%9_4P~vJFF)$o|)6Ui38F{NI5y5>xCAp!^;+>poZObZ( zD4Pgbx>sFM(^~^~Lul=Oj;oChRRVUup*;-IS1%R6n-Q$9$mYqcWNk(@?Fu;*b0zIi z7RWsif}hf)$f6fv8DuCDv1M9W?-Iwz?;0#~6h_rI3ORqtzPCH8YfE^hRM>rZcdfyW zBIA?2J5m*V=$OBfmSZoA|Ch;Pv1HZ@rGeO^z~B*DOGb%qLfT#p`+Iw5-W3(t?B|P+ zCQ0>ASrx~;8vfo%CKeGF@N zae&DgHOkpm192Ix|1llqIp}QP%}cfSo&DV3Q4Q>p2ngvgRsENb9Ca@Y69z z1{j|}Y^w6NI^;LWOdWQ*Yi!pzD>2GY)E8HW&3Oq)Heqr>R8rz2{ho}mjO)bcRiC9V zj&Wka5l&s-IXRhP@&L2aQwjz4+`Jq`6_w-^wPT?c3AT|UCv2tm_>$A_oqBW?<`aSt zZ=ih9*?vaP7>0jUz~Raq%xhbKoEly8^LKSf0{h2L&JzS|DkmxcqbbbcIm`)hvedHy zzg*e(_-mYAAHW0G;=w((uQ!v#g++nAI}Rx2V#n!$#BK091I-kZNFb8+@#36pm)2X* zjktDs1`a|*WO_Hmhs11b1Ga(L(pKQx*+g1R-YJK7EF z&HXA?@nlttKl7Ew1YKRnaE+!)Wzm}^f3rm-k6z8q#&0Ofu5pBPfH|>jyEYj3{l{GE zZnpeqsvh3aToDt8%e2{+y?#-jE}KIvXF8{S|3QOXp2W>88hM;(;|-}&cvDEyCL)lX z7|50Mo6Y|Eq^a?Axv#KnNtEu8&iNvG|A0!VDjJYGIeDS^;OfuY;futjYRsly=TIY$ z7?US)fho*RNXSnodpw7&WqHmF+)+>T4?YS%+MO4;^l1UJq{RWdVp~s!LEoP&goJ+6 zh~4HrvqF;HNRa$+2yQQsPy-L^9Pg+ssz46cB#Ood3W12$oRH6wY3ysr#m%8hh^3XV zh?wf&3pqGIb>mbFW@P*V3kYeMq>2q14{zpnzY%O;DQ+bhYmE$u`m)#f1q97tD zY-|XsnN?AQazv@?#3<&~jgyZ~^W@R~P!~&by+gP&s1v0ucEdro2YBHlWfBvCjhMd1*rb5Mg+iP1-gWyK ziFg6Mm`;nJpB-s&wWzD0MOxS7yHB1Temra7=St;^v9{HJ*fnM6ne$0o*66OKE&pG8 zltry`%S`OJ-L{%QU9gi-d>nZLjJB2ZRVebkXzYC8*To?F)0-tk2(6v5geQyW4ql%G z4SzQ5dEVlbM1m`o*YATQ(u^?tS_zCn9c&U^u$gvw-@RJWdn{+9m@>l_G+7%M@6l13 zanZO+0e^o5S#~&>cnac+^K+~t&$8j7} zgyTP9oVsoa1HUSIy!UArWrAGBX0aunBa@(1t+nBbY&^6vuCdU+S_{<(Q@DOuB*dAec0Zmd)5__n1xWPXXhjV2#M)^FKaeLKRbTKW%Ol{5#NX=?HkXjnPVE1KA9r$PpnqIf&e9O80}1P;erm=l^`+fWXPF=D~m7s`p#HwMHpC z();(eMg#tn#PhOAnaF>nwQ9^aC{^bX;JdoI02mJX?e2fWF1D5W+!e1T&^9Vo3N@4b z<<#9u>C;^zo}PY1Wf{#EtK{6UmA5rhgV~dQ5}!C;ov*vQ_tR2jx|F77np_G+LR+xA z_R@OE@d3VP+?5glm^Qb!<6Fz{Ic}7GZruR$D7%mDJooAqmteH=+OvDDTGG=;f;M_U zb5exWgAnxdByrjGNP!0F@v_qq;xKrjFV=X=;u8Wa6u3_yM}Z?ckdpr17c+u}%G}*G zGCuRy)KV@RDgAzfc5m^vBKWSvf^%RPO`t+?B(8y8*#52f*W$uf`mf(BX$s{<9@L8< z(nP4v3s27(R1B~nb1Z~>6y78mth8RhGLyb#LX&Tm);0CU5G%0x6Q{@%+sH0~bs?dS zW{mse!+Y5aC72s={o^tRG}YdUUuG0EwBO`Ae`zDEHbYq^@-;HbTT$DU_x7*ip{PP~ znxXxxA`_6jS{$XX9-I_dx{q!VKqU^C*UyM)+i5u2SC@->6Y@Zpz5qX{mne`q^+w|< zuKGr<@sOD8eJtYj?T?<&srQ&G0621p&`a*ZgiD3n{q!f=AzCllTpeRiLnzDIX{Gy~ z!hKmub&i?2-keOc=wj&>i% zg*m9*IUTn@aJfI&$6d(emo>bRE>UF38Qa^6R6SOu;IuHTS@hX!$?i*CNKLl77I)^> zdDz#g;K_Xn-!mG^RER4zo@xx!gJ6k?#xId9%^$Lo7rciTf(nx@$RBrRESfSLNvGE* z2ZF_K5MUr^N9z@P^bC=xygy!CtcdNHS#73KQ|U0@7ac8oavrr_Ue&*VSh24|gARs( zyub&(OOPP&Gm>I{S#lj*&+~vz$vnRzC}_dbk#pd43t7J2wq>?ho(4R8Y3**UfOJ8H zsMFAX!mvis+z#w9=HBJBrzOE;ADJdf2W@G{(X#ZMltby z#!6+VIQ+!NgFHgPlGTA(JVX>Vl{C4(jcze96gXPFc0a;=rd5f&MIlpp@ubO^v$am| zno3(b3pc+gNdHR~V3yN~aqFnNk&8C2jR^V-Pr0df1o`^`u2AN^@NxQ^xHnItaoqAp}cefX1DKLu(30BYKW0=>x{T{`1o1-Atm0y`&xdglYMr8gS6Iw&D5|5cP;f`xwT6A9Xt$)7do5CAFDj4U={E>s_FGQ}{H^m~4u%9~#_EPYx zT$rjwDjT4?xh}Pfo!jWXXWH)Xon*2%frxr~V)W_r?)w*Bk}_9g%Lc4`{%!guLJX-@ zXRoyL9ELCSC2i_yx<9LwHaj4e%vTG3BL&v>{{CR2MAZ0H1~!|cbM2a@| zpp5)&3jWT0Qi*Wp(nrK%o$|THKW1^Z_Tyk+vdf68AXlb73y3bCbdTF`-j=i&l5ksa zHP6>X)JQ#t3f5XILv!1ShlWs4yLaqY<7O5WLUc_kON#-JQyBiv!YA1 z1c%@$?zwLo`&-+i16j$N(@w_~X=!P0Yirsfr4sF{LKMFMe_De>W~vl-{WxE~hs?H> zW@9L}TJsIC?#3PmDmTB}z&%&BgqQ|zw39jGtlCv;v+Vif@8`3B?cTn(*9T<~vp@&R zFrz_@P4UAEwE6hy{sG-vqQ4=U6&P-Pfc4#k9UOa_@`APUw9l}vhzO*>Br-|X${4$P zLx=W55Npv^c0`x*4Z22Q?8$yvwy7;P65~uo(db`ljBZT0N6HWe8b*G;7j6cRtHW`! zUY;=}X@Rz*J5;P#@(8}Ks0edj;Gh6*;#6+dcklRnHN`*xT#*deAvxe+XGTe*`{}5^ zR^}TfBIaT6HnE9+_T+K_lNc>QKeK|)h9?QUQ=>jag@9R-2yH@p*w zhF`BIip%{5#X0Ag-mTC4r75KO_gBfUT-|3`LQYRzJBw*(s5ryejw=WEHa1o*bmr6g z>S~z9^PG^VU)_vmR_v6IK1M!PkfdkS!EqfWG}7e|2kZ7+-t(TheFL>0kQ1>37yc+qUOzHdUMet#S$>?-`>8v6L+?#5j|yd?TqCh6Kx5-)8(jk zjUEJpdl0QOfc?pOR;Fq*USBOFl`u26o~b}o3MZ2mc}&qi@KTyPg=lFR9m?` zSt94mJOGSOt{YiL2)lywHJ=C4l^2x9h!DH8ap^+cVpY`*EA31}acy-Ui5%sx{L3z8 z(eGc+2+G7-{fv68XRkW^_1-F|i z!|@x?P#LuZDl(vNCudC_Ew`F9VUXfD_d>pHVg;m&P3O>s^VOXpZHk6c18JOSKsb6I zAcFXXg?|lL_oPCF!zKr~X#l<>A&-o@PBZ;TMMnL(X#)|$orebjTJhAGMPUj%DJz7g z=fITkCUfER8^Vf~(@$`Y073pKle7{{87+P@;ik56nJUiduH;XF$c}x259iG@wZgJ7 zP+9s8q*|a+nouo|;@i;<9MJk3svML|Jv=;KFN|Xj*Re)>EPMijvzfhL3l*t1EACC0 zHgb+vC1A4(jWyjDV#!>v;{Z@I|6e+6E1ZPmv;)0QlDh*mx^dBibIR?XR+D!-U6=^FdV)L2t>uUBZ`NeeqWSy$#OM<_tbEAF(MM9P! z#lg8aFa%|`tc)_RmBIgelFDn8Rni0m4vJBu<0zLMqTYpr*SudBOE(p)8X6=lbNQi5 zAUb^*njKrwYasZ|7gH45~x#P zaDQFWq8u)mL)_{Y@P?`>O7!Y!z2q}zsl9oTkyo0iJC;-lQr-iyCfaQ`^hI;g9==ZNK+r1aGmWg&8X8k!U)veS!xzrs;}!#INq*CXmr;Q{=Y=4n4^ zsm$^62^Gg~qz)m|ZGNU1G}QgOtw75|lww)yhnJ;+)t?0Y1488~`6d^e1c69r-D1=b zr>8MeSwOfiCB}y=@b_x>E9Ih`MwgURDmHKxjTqjNWU!s%QNZyOb2 z*EcsO5E#2G!Bph(?r^TKE0Ou&<3J`Tj;~|2cv-6eCITc})UKZ$#4O5y zCD>muH-Q8@6rel4eWPNSuhe&5jHn_rEYz5$RAcEuunraZNt<#Y&I#ZFNM`qQLV#Hn zOkaT^2OpgWunkCo!*TJ`W)hS~OHd5UF7*Y(H>WKs;ILQ0o~Kn%+PS7$&JBjDB-}kZ z1D_(xwtLzAlarPg9#HZrP&=D1l%^t+Y}}4zSs>uGI@>aeYwaYq0oAr5jh8%?y?zr0 zMOx0ObGRS8F64?MBDSCStI9#sU$J`txIkQ|q zn!IYqhc%jLO%9m>yeU=2>E43L)s7=Xm`%@Z2Dne4P^pwxkso`ClcE?m1s2X@a`#}> zR;q<#?c~Vc8g7QmF+uHRZiz#?Jn+Z=f3P*s2gLns=t zDsS>hftwp*$@S8TYq$aWWB+{AhUe5F3DxG{LSWqRUGC+G+`$!T+Y|=LJCx(^mN$_F z1k*byEGmT`;AP>BittQ*eJ7*EVu)CX5DNW5sJ|;wAv#)dY)Q~6ZL@3__X#%6*}JuM z{G91-2aPLw&Y#sbxxCs3;#IvFEJg+_^qi5=OOBMk1_A-^in^2@Fns4F+8cH#%JNnGzmkSSM@ACcg zQ>iLMsJ7;fQ0%Uirj6a*?OJC`@LQ?Q6mYQQ+7@O9n(>9O^=g&8zG7!YNiyy~S))DU zQ;(496*S&jeV{o$IXO9N2I>=}(pYj50uF4iPOyu{VG4eHLY9mXz0f|w`U{Cjy64kf zplBSoK~;k!uuijF_9rC@b97OyfGf&`#JcH-wW(#eAZ zLUUlI9^;S&_}og1A@Z^v>U%>-#iFOJWdOK>EqPRZ4s+mlpq~Q4>~Q%D`LP)|!2(LA z?}!0#zEN2{!YgQxcTF>fuU(iuxjcxblm;G@*d$8Tnpn=0mAV;IwS`J!-62>9-EL9H z*qf6DG2p(T35d;sqEXK{xU}nwaZhaOC60;2zW)Ab&cJ|xDGAS$kNFELT01o(RHVH( zdsRZAn3OPG;VURTfO)29$t{QV?m|IiOXv^fxZ>%0#Gcivd7QfP8bdo!go}rz8X4}_ zIZ9^mT0+snWvVa%T$*osdb&I!0Gc5Wn*_c(#!VT0oaeTunAqLXR*;PFIoD9&tx=0^ ze&FkF3KfWJ)F-Rt5kdLaMQdamHFN{EP^!KR0 z=OFcFLP;b|QL!5-8Ehz;7(i^I;{M(CCxO_hfUur?^`$d#pa|_M zU9fZnjw}~aoQhlZZ>Umj_6kRUJg4<#Uks;phsq+|6^codAqA@}d1%qJbTe(ia;+;b zU9T_Gv)4fyI-d6Dxjb*@p=bxN>^}t^l?H}PAbJ6-``X-RghBA* zF~#nuXKieLnLjj8;sL8Qaho3)#hx`5|Io=OEB6v0E%!88w(uAT1`M2mMIERt=rRwN zM`|R%0wX+%v*&15vLfZ#{7OI%yb*06F$50XlBzJrT+uw+33$iiZ>% zY)|KPOQ{w-ivs?XeRV`rl$wrITI{2`z8y!K{{vs?ZGz{FKK}332cZ=UO_6Z6YuI_P ziNlo6_=aurl&@RRQ~`OX5;L=qaP~w4In@&P<=EiJ*c#TD^7D3bhd+9%65;n5RX@42 znniCN{^6zhAWKk~%u&Oo!#_*=&eq_=YLTO|(*?R+@rUSB`Suau?D0f=A$VOqSsSMGcH*-7FRrLK?Ju&h}DPt~pd`{Ap|1wos zBwL+61|1iKfOfU{qJi2x^_fyMLQeOK9Q3T)ue(yD^KZxFZ?z{`qihtU?TaA_zvr{) z8Vbt;>BYG1h+vg_{1dFd3eyjM(lGQ_Vnnp7vEuXZ3+4nzKqK)Ghv z{FU@zx+si~Dio?2pK=;J_dMA&IcUR#W)$Jq7%k9{*b($bzmM?^&V(@TQn>F=A@La= zL}0Nu1ot4Al5qewR%_cJ)83b|Hd9ZH?B@rNm~vNHl+GMki7^DK3Kr#cWRt@uvtE>2 z9_P#5{ZHB5-elR#OtH9J-oC!PQZ>&iXC!+EV_c7VDynSso7xMV8Q&EK*r46ep9X`f z_Yd^T!0&m%$cPwiz->+OLh0^(qTh!Ju=0+~hK; z+%lI%+*X`PL+&HS+r3qGG%S&hru}jeY5h^*0@AR}LqNC_2i=4L8<9>n+dzT9`n83o zA^rOEk0NuN2I2C!d%Tn3{TVC%EtO2#k17H9aSOUl%iaD7;VKy%wUBH{tS;1O)ItCLFrQiPB*(?m>d z5&=riaeGP~B)j5qjM@{W-bu1)z7v~tZ+N`|;Mb0WhqvEcE<02sg%4A12{}1t)K?E- zeNqmFRSChz^R6<fm#p07@BH$rWMrC?SC!E^vu-1p#V+xddB?bdq3{=1z6FOxH=- zgsQ`7gyD7SHwdNzRQQLlb7c3$P`^Mo=WFYJ?Xok|I$mn%orIC>>axKvU47N;yEL1~=C+}Grmq?T>4QV>&UO)`b1y_TnEQo!C=E>u4RN2Gaux(wKwYUxIGt2qd zC%zhHIJaqU`>f$K`_@o`G8Ih)<35_gfMQNF&0p8@5PL-?XG%8XO-84X&tDg7v4o!! zY_c%(p3%84I;9WEB>nt8*##QjY}q(D=z_U54PND!)b>7olo>mNd4Y-7(9O(g@f1}p zT2X{6CCu(KF>hhTje^YPn$l?|%k#7EL77#!e*!{zyV5PeAZ| z!1$nEd9ia*M9_ltV;WM_D~|hE3gs-b(hh;RNoXLn6~AK{K-=s4RY78s_BSLIMwuGu ztQ}B)vIvl;8!zHAw6C^}m()}AONiCT(p*rq-hwYV#SKPz|RSJ)% z)^Q!&)~-{Iq@MGx%9BV6;EFRPtwZbz!BI!ZW~wU;TK)6)D5CPetyty1k41T%<4Amd zv{jT3K@#VihBIfYisqm1jE8c_3f(*+t-rwn;{^`h`b3FM;pEB>(4J0iUpDfx`9!lA zjxK?VbQcU<`t*!c3=A)E6!4`@F;R`@Eo znE?RiDzWoXA}YamV{6b>FOH9f;AC3ju{EbD_c4JG61GnaNt}@> zDI;VSH3@OORPY?)w4Qo5VqttS%3wA7v(hLqI1d}y<0d<{;wrwwQ8_f+V0RT3Lt!M=L&nJ-(-T6Rr? z)XP?vO$rv(+~LEmu{4IPqEj3U|DmFYpu-Izq%4IOTi2@-`S`pkMWcHRZL;wl`&m*F z0=^{gU`Ebkq)oQAtN)2B6Zv<`hU8b_pDC!Xck5}oI@r-#Io&Rup7sB@PbSF#m#kfW zKu>uPe~Q-XqDUtpC3&4!b^zBT>bK^ix&~r|qo0le^a{u-&M-!Eq zXP9I~&nX~rz$Vpm)Mx>u5$48q)SQb+)j8%h`RPaQGp+_!^vvM3N*i)@eU77k%3K*g znRL29{W1+H1_x;}azUI9JC*kLbCqHu5+3D_oUIRNis-92$J0b%;9hm(tqEX`nHxn? zP-RtYW66k#ai^m4{~P*Jz=_s_ySnM=gYPb^?_l-pvGA^`St27;{U1S5h@Ft@L=o4) z?=^CIgN0cAcQG}T{NvKpTX@j1!EJrO$)3A;~%WkQ!r)WM9LZM z0laZs(db{_!kxN7-iT#_JK#T4|F`W*M*QN({(izY+NVNDFh0GE&^NL%C-AuQJ$e4+ z_`5W=P%o#3_!W&ie^l~wqkQsyxLa9WZTrhDhtYSvcqX1PH~K{AHZ0tqWfg~1o|))K zzL@XJzAi%+U4AbfI};q;aCLWov)i`BXbE^JCIC@W@~9)f^n(d%PxO_rOxM5Fs!gR8V|D zOZ%LRETZH48*pHDf~VemvdFuBtWYFf@7mgx8CVq13v~j{zO%DWJWJ&<37$+2qxMsN zCmM*VC_1PBxHJYtI(7c!$RBUCWm+=_Je(NRputRY#q-0BegH?JV`0^Nog4~vv|Szw z7mCm#78?+S3msBE6JJqED^7w?@dRS`iz3SXiIHts=U93V45yTt@e$(wGK z!nzr1X6A@E9q*Kw8wLaf5a#W8P-B&x*uhm}v_G8tMKkNTv{b=vas3g|qh_h%hQ4D2 zFUXt%P8#WCLZrZufaF*p3ihtD7;3qQ!v-PMbI%x&7M&eR_(tk2q`f`BC4PH@{2`v( z+`$~lG!pp(YUzIC5+?a$*dk1w%(X}-u>?a3GVn449m>kVLu{ z*9UCc)|-FaKm<^E9k@Ag)JZUR_23jmBg@jStBQ4!SL#Nl2!By?ycTa6{v zT-uSakynJEm$u`hDP!PFips>PO=#$u2&tVc~!hiGQ3eCa+If=+)jjhQ3Gg zf9W@p+Bf1(6}ysXk*OzSQsJPiAb4PK`Q%|idZ4)90F^`b@3y?UM|dW2a#kOnRHD=? zJME9?jzPt7>=a98)kwfA%F5Lcj_lobu+n!4oJ?VBDAKf56LVXWehAtb*q;n4=a9cK z_wD;7v^hm%GpyXx+(Z9Mk*sG44}-Yqe-G`k_}Eh&4n|>XoRN z?Tk0=xmV~WHi3<+iu$)P2$yj;t6gW{>>9V?uE<*()zHI05)9F=2JQi90l0N|W878B z#hXD(y0;!-6U`mrr`?)s_)Hpe|Ah|UFnF}3a+z*i1+S$sZetqz(cQrwvP{R|DGI#| zz*-u77b>@#b;+d@Bc?7$w~e$H?JL`;dUXC%j&A0ladL0yd~fuEbaXY4hi78S`2vyj z;BmO#%GTewnC)9Fx3q)ejXuhJlj_1c;_A++bfxS{JtjtN`fb6p?)y zq@=WV1`$wES#%w*L|z%|&amRsU!44PtqytNyrleCg7*KdAGZZc8>W(ZDmV&d4AP($)P3_ zqsLv-;Fje-rkeA7J?Af>WcaZ}9ao|Mi^B^E;R6OE{&{Bfx%RWaWzGOcCT%)qNJ5;- z&!|Z#ei%~oI<1SEnLYVN^Cd1$3JBSsu{Luue{bXe_z(7oMX`wasp(n$OB`HC>=gi* z3IE9;-S-iWd&xh1wg`aqfc%8Z{@d6%50J9r825|9Kar|-{vRAY;=fw_!@1Tn>x7&lLL8TI7^I(geZ2 zd$2(49y~FdI#?DU0U++)+vWG!00OG~3Hoyv03##E^IP-k>pLU?i^@JbFG#~(A~1w$ z>239|$sjrZWAZB8|K$fJND-$0k|WnB;FLDGhnKW!VzD(BuHi)bWyqLS=ls# znSuX3uQmONR}~kD;=#ox=c3qm6plwqiEjTMoV85#9q1MPv&Vz0IyLEwM>t}oii~FS zc(F)ps#Di`@wF389IDmF_e@KTtQ;>}mini$B0e3BP4Ch^^!uc%@0ng;)yC!lk2{*d@HQH+yn7zO%m((p9Kk#i>+RM(84;6i@UDZ-Z@X_u?g zL+w(}Nz=bn)fLYWBE5Qau%w>(zt6D1p#vIPcC0z^i-Q`-J2A0qK zF`m*DXepknqtT;F=LbJ4csR|SN>YJS#>DCnHciP$1>GW{%>?aht?u{ z2(qZvV*kVXS@G{Hmw_Yv%P#&&amB)ZFGZ^LCLJmF z=W=IhCrcSPqc2BoYxC%-5)i)*=@GXEWu&1NcBDF&(Od~&hRx>L;R$+)`HH6ze?!Qg;KgqAKvoz=2O*S@da8^1Hj5H!+Pr+Cd&;?=!PVa!Mcc*9lv?|?T<0MJj( zOGZ0TDoCRbMVS03Wp96u571Beyb70743u*|lZ1ENbM2Dr5F;BJheg)u{1EopMe%GW z;HmB{lAA6CEnS{XGJz)Uc(7x~xBF}XkZrz!F!p)$v;-XmLggMns3N#zSX{3eDt6}t zw}1_Ed3xn~xi`raGvnHv*?FH(5Ct&Au-fm!(%On6unbMMuEK9B5&&+ZDxnIC3mWpQ>nb<#bs{G5ZkY`)U3 ztFRQ|5x7)U+L<;rlRqYtuV@2}@?3CnWBy^?dUe~N89V>w_+!D_>7G7;pclS|x}FSRqBii*YI33XqxtYS$aA@Cd$PuLO>#ZmdkqiRm3I+|1kqcneczFpllX$!k0z_0&8pL z_(~p2DbF~V@IjCzD^+XM^-rN=CyT5q4n;W>UE#6UL!xQdr-f=aS*QG>8Qm)=t9MVH6 zYB-5Zu5>y!#*U@Dk(IF<6LSsaJ`{K2YNS;xM8i+TXYId_BX&uU6^nJfpY{DW>wgc{ zz>A?Lg5vojdh7%f6+Xn1oVMf?446^59|JmQ;4#|~oxp~UfpP313q-%;-lR9<#QhV| zM*9c*a=9bymZQl{EuYwI291U-PLMCJ&$m>suS}7Jg`4V5267-t0hXL3kP){;5A`Dz=6+Ibhd>nU|84!qh( zASBh_jYx<4bJTF=2H@FvS6BFmcXqR9y5xRy!Q{fdSP#%m{@o5knK6R()7LJz+Eei){0|@x0B@!{GY|@#3a1*k zy6bRVUlV=v2EhC|!jT48;)s_8%wOq>lxhFihj9LF4hGx0eRAMB7#W$oX(Wb{H4@iv z$7}m1BAx%xtmfus*7qs_s2I=Tq=YSa_Ws=<`{ltHDew_ufR_CN(|9cFIrYKrmFulP zkc$C78e6e>?Z&ZYC;i(oPf~Bm1H2+*L_~*gcU+n84hbt8>;D|&z+2ZALbyY2SX_Te zJ~5$gWWv32($$@Oz~|N>7ruuD#C7#56An+89V!8elt&qn5fO5{&f7iTSqve1zHxGc zNEHLt86a!?4Z*E%WCTMSzPz!It3-5fGw zC(!XY!i0>zH!3Pr_il7vig@t@#|mU=%pN^z+5L6*D>WEmhCpRgaB0g!Et~pMSMKE- zGn#sjqkm;|MZ4pIKplP!u~B!yk?(c5h7XSau;-Met7&(hQxdl+DToBe7RGxoDc>hy zRr=Wnb}NYM1PEd`aIk1zyhsQ4$9)3UXoNLfPw(sG$~5~50bE^3v)8+92+~aVe9OtK z@zq}rq^ax1+IW6ri!5^{NH#g@!nK+%OMq<=kV9Bl-acWq;$~y2C4zjsWA*OX%kD8< zAFN*x!hSldeZtMZLJhPSGB&mkpb=d=={DugfkSivsqa-r+ga}$SyMnV!DJA02bdWH zZ{WuR(UX49c&40=g%qF;E#Wwe6bxo|L1s z)sSifbP>pk%@rYNDnm`W64fw6!r`&5C}l1F2r8oZdZj3o_$PV#4)LEDd2ydf`hgm> zY@n+Rh0WLW>5HV5EJ>CmCmf+ns^;^LXlC*CZz;j_+h1o3o?&!>fghyMg(7_@@ zdDrd$DbWmv-QF(F$uoo$_;)-h7a;5NHK~zR#P_8fYOcJGru48-<*Pi}qK4ITT+N9H z)A>fN$10>FTO*O+5479@|4FUgcbLz=*gln8XU>EFQpIuC3?& zAD}VIV=V6XL8hJe^yf*b;+*Xx&$$vgvt`j2<2eh@dH2}0C02Yo=TG!O{(^IFC zt&ji+;CL!$(CbY44G{|y@{}u*wBhOt=EkVf8&|MEFZpC1uIGZmI zPl$O1jscZy5`ZkH zH0^&|@xVnH8 zp>Q`PnU&?m-DASy$Y`hWrISKU&T`lm7S-6u6n0Z{9PtA?36)wl+3tMWh*cl_FrLfz zfj6Pw*3(_Bzs--YJ_$f1psD`KB3?c6fJy^&*ZEnodkLI|RF1X{t@#Cs(o|t263u!v z^C?`qIVB}tk37Hx?Q^|%7h*@6z*8MIVzCq~E2Q7M9@A%>oX`nGYy?ysff9nH;o)gr zL60;X^bB`W1rWw9nXXE(rtP-nGdXT-xv~OaXn%hnI3D;2q0x{4f))grxt872 zcJsd#Iy1z^h#Chtu348CH)T%Ne@jyFb=^bZ$Y3#jvl`jL=zhcj``svbjI~y#7@3q& zvPA*7ZvYZLfROUg>6#ax@+|N%wcAllT!#a5^R30j#fYfK?L~lWs@Fr7DvPLOQk3ET(eQ-7!q+m~mBIAK2KvenMq&=dB2b^!<^NtY1Bfo&GYYXs@$B zn^)%~grUV8ysdcu(lzDFHZO5`bLEtGbNx5AH!pT|CSQ8o<(9R56@!wFObavb>KA{* zR}_QB74&?WE@O-r6Jn9S->J?DBn@_yq}}3K5x-baP5gaFz0D#{IY6>$?rWlKQzZ)j z0P8z*eS$cjqW>>*t}s+ahs3;SA@NP&kS&2Q*{G~ULE0BfimOxF`gq&HP-iOJR0Jfh zGZtBaIBq~I%O z@dkq}Ei&&$^d>{uuEPcr6r$wC?5M^sDEVrpXa7M;*KkK*lEoqM{jk+P3R-#+9J~gb zy)6U2xt*PU09Zm^$)`@EZ(qN@tI~B(7@NI$H#henXXEDdj5?N4hsJy7PcEBw?a9lW zp-5;y`m8ly&<{IuQu>F_dVbE)^_tkAZE0>sX}CDQM}6xZdo{gwtANF!8o-brh(#_* z;Y-miQNK;l5k{u*V6V>1N?qCF(xKY><%4iPbGxCvO=M4pusqnML5Fr9sqtq2@s=Uq zpZeFbah{t~4WZbxo|+0O?Jlctsz?N2CZ7%Aa6sX8fKW3Ce|6tW$Z^}+Izc-zK%yPq zI6J00akm|)^SV=;{yl(8$33u)zjlCVJqfK?@M9$^#7FsAKm z7_+3m5@zkS+o!3J`t4iBnvmXuhYus4NQDr+~3H*@_p6**rS|yV;i`8%JITODlkD3UXMo z1W?U#dALw?SDE&On#b{aDC4ggP5`%bc6OSy|0oPeVvd}tzW`~rVb+;|XBaNlSqg8x zh)+`W@(FZmMrVVRNU)DQKi-hN801Wei2>9#v60bu+SNH7)83_2@mD#TTxL#4gY48OJVFad|9@&W;89X z>6a)(lLtwJt-;snmM7aXsQ$!YXzA0meX~SJOx*HL_yg4R%-?3uVR;AIjt{*ih7j0o zWNfm(Ybfg$GXfxK`_0c3KxBiBh55u!j5~m>+>@@G z*m9R%3uxb_f1Z2=9?&WZFxH%d3X{0>OV!?h(BopKp|`uZUcS&%*LOh+^*&L^h{;lI zapM=C#-n4t6kGuf>(IgL-Zc(l5@6o?TZ&0g)+YBKA1mvZXRkg1D^$Wp2J7NvXJI&35gKNbqxF%V6u$noGsYqF zG}Q#A5K{bS`+e9agXBAxyMKd3Kkt;$7M$}BYqdLPby?jjsr=QW|KZMuw_r_#9j7<$ z`K}(v&X0TZzU@a!!xFR8!)fjVOSPmRI|uKLoEffpx-#=KrB?xiMP$ARa2Lr~ZRWz# zDDs!R7PAk^?o_Z8L07=a7q956XpOIxDot^vO;gSy{m37(20FSSjidAQ8A_7W5cZ!o+0G64+hxVr@NMB8OjebaolRH$;O^9MOp7nNohaKHCCy{t3*N< z!+Rt-DRSj^i}%I@Bg{-rf~~TFdw3$uX|_xUxqY6~Ud1SHt(QRa7-% z8~QX$6q>Z(UZsSP8p9HWInX%@(EI@B557AA$%Z9H|7L+fb@1Dfsd{ra-nliVZhwjm zXe!^v@Jr^ZX5)Q7m!sq42PCY%AghhJ5LxWt<{vSLV6n*@+jLv(u>NArLTgimrBYy}%p8L6qkWu<(rBJ(G^1lv_ z*QsuQTU$q=sob0_PwFnJ&g&|RNQi6#Z_@J@(WW|_Nx(QGiRr4L;|6vwm#$|5%raB> ze(V7wUphr_NGgSK@l@Wkp{VvB6(m^(Xk>t`GfF3>#TX{(Pu>Zj?*R#opTD^kXyz9VUnVzxR!qWp(@OmNh?{!_eVCJKCGn(cc{vLW*=t>L96v zPlxp#L8zfF7K~>5^s~pmA2D(l?Y%mJDNQ*2zGL0DY(2`H~~@- zJY90qy!}S4|8l2*=dYy}B0u5B!9;B>6;}_5RcVtpA%{s9myGx!$BSe^@AU1B+9_l1+i@1<@5jMkP|s9`yTi6 zZ&Xyto)xp8zepbnq?4s7&uy28=?R}Zgfh(=nV1>@rS3j|E z0HU=a5avO%#&Rj;ii8|O#PMk*&HYjS2&e{N!QA;+R%pd(X4rhl{W9`1oRj~7(h(Bp zYNxCfiOU^YeGy2poh$5t`p=GyeC}O1@FFb#MV}#vWYd`qH4bp57yTTT!ki!tCTnvx zlTqGj7?Q+l) z{9VbI(JK@sE#lmz6AYUaz)~rU{|8HTD-d->`<`wN?tyl@USb~ZA*jbI-lu;HZv3Jz zd@RTdsHuZel)>JN@yWT7pR{KHAr&pi)oY&?QtN@g7^_qsYWgKu%SDO4gZAGBmN1Q912QeR$+fiH-(rls5x*6T)}M(}`tyC# zckI3v?_MV@!ra2Kx+5&P0X{jgFtNobrCWT5cxAnu8WyDdzAb+xiw`+)~hV^u0aERE~sUp@Nm& zv1u*Lc?NB{dQx@_E@=!Q(-ia#QeCxG?-~$FTL@Q#I7j%Nyo>dYrqr#w0~8X2D-){P z3!Dva;))WHJdXC9qZaf^Bv!s4u1-eWM@Iu)$!PR zd(OR>4+2$2jGdp~=rNfZukio}TpY(v^rDa&YU5^pk;|4IE{1prLGPh@oFCcvjYR-W z(B=6-_}~GF&n9|RttB865fZUdVqTQpop1g!?QCppYUN$qqY@8plXzdgz+ZT+Uh6Zz zW(qUeJb4d-oU4`SR@cPXBCumj&=w`|D53g1f&#N7QNO0GY`EWaR2^9BHlBg7i5@8=6^r+(yf| zF$c)+pbHn=i;j}N^;LCeMj<&Cj*ZYoR-asd*6Ona%jje3w~-AyGxhm1GsJI`I2Vq% zX0tuRx0TqrUAG7QA5y&L89wO~-)jI&xvtNpumyFvz+Uv^DKl_Y&Z?%xKZhN=l$i~P zP`3iQ+?~{`mt(AE>qD*cPTyOu-q!wpY#~uIZ(7P3N1_n7h%`M{US@~qF>f$46Qs;?=bb_l7SYP@fvO3xaGxmJYo_OXR%Ng_?<#ZOff zw&tw^^b9m9hjlKWmlYawc?zzADs#wOZQ*4V0%;1*YZ@%RsW9_37t41@5eiW@NqU|E zs#Xgg9AccOFNQjnQ5;h`lc+snyW|7WW;1bX>rX)V(Fh4X3M9~MP*E=@-qClPmXQwte=U zXU^~DF{_E$@TmNnCwdHo5xhC2z_+YlN5%eUIz)niiu{7DZe7v49X>s>bp2y8YZ!OG z#v*m#p)PquX*TJy)D{EL)}Hvh{_ksdd`sGj-sZL7FxBG0V}y21eDz?X9v5u7J$PqxVAKL_o=WhIrwXQV4^*qBPaxB(9>k23-gi(dh@% zBwC?H74oLNAcPM8xmn6sX{Q`)~G7oQKF-v(Sw9^m=MlA z89ACuHCOIS!pnRv>zgcL;wPy~wL=PDWXF=cunAed!2QCXs|hqA25-R>uRQs>9Ymyo z*51+DWWS+Sewhm^%%?s1I(wc|QchTtT5)y?vl6^$jK_)v;x}G=%%TL|h(>wuHOR9yKV921Fk}iL5EfV$#{#tUSUpR~UV(@6pNcNaY%;sy+Lz@wJlL7o+_(n22hgSCI^fca5r#W~qj( z^2h3s>pc5@J&ih9`QNJu%LreM6%Lr7n&>Gap4|EnIh3=yHdmBG%iZ?R?mqoy*s~V# z>QL)H4?yK6wOxsEuiHDFgwI2il^+ykr5>%mIy;7}adaJhsS?L-Gk^3c@^F50|1f;* z(%z1|dqz#_aN>c<8sQ*F4U!r?XkA~76$FS#dov`ST@mf-n6|O+W z`hMh`^TK=3m`GrK8g6>^NoC_4vZJ1>hXw`34sIh-X(PSPqoZHH&M;E8pW1qaL$o;% zpFOlDmp=j~1duc9F+X_lKyGV=r%f~H&>#~F6VrKBH<+NemV%Zyn_v69Sv)fP) zC!|hz@Mt=*dSqs1{`on)I$5enJum6X=5zY*f`50e1)zU5!A#VZAL`!K4cL_yFXPh% zB-MGQf7#E|tH7hZq*I}JZ7aSlm4GZ9W`q21T~e#_H}7o`o1Nl$C5fYuZgs4nt_Tdj zL2SGjx)$4jV~Q3lLwy&C7(=1U1m)&GgO@PjUz&8v=&p?8c_MzD_f<(*-!*M1bnDKt zWK5MZ!%pv=n7HXt6t>vGipoJ+Aom%?qBf9_<~`F|s!8M4uPCdK7U9XQGpa2jro^J!-li^n|q@zlkZPGKoH{?q-j zX@4eI8+wEL1;uKQOGBP;B!b#;tRrhk{WCG6GKdQKcQz+*n4Afw=bY75Ki#$MN%5tV z6|@NNw}Xh3lgk|!n4a{5TV!?87l}8e&$M4sK$kJfp3n8cit+2Pd}+KlX~eh<#wN-(Q(r-ba zPN08}KWXHz+qvxL6oygpFGWCj%IpU$o~dcBexu}8=GVHNR31k>7i-P zAn_6T#t_r7XHoJ?DfwzD!%(osmPx4nB#GP45MD#zu=XN1#zzg6$M7O7X`!atHEp$w0f{nD(GU+cTNoig+c-5 zb6cdHWV-qGuxF=qn|v~O&gcL-NPx-&+yv&~4-BG6fJv_yrA1f5Sj9o{!&*~C=LlCa za$sIov3eDTn$h)F>eV7cuTlON;c~(KX9(??qrQVZWU{yIaW^eFD)$wL@zxc{%O}w)dN@e{Wh< z_fcba1I8JoIVAJjCzCc_e1fuqxHW7dWs1Jv7IRy1-!InbZsUjwI2A>U90{T7Jn5z z51s_ii?}6>7LZALpTzx$YSyTT+GWlWJUzqLSq$zMGBnLC-8(u|SQH+~`+UD$yOE)3cv;QS77i+S$g|p&RSDF*Q;SC5!T4_` z`}ph+?n4dgTOB=ig*Zf>!m*|LU6aD{T5@71ng|RL!Ap_o(3XQEz;dG4`8pDVP94dA zT5N3Tp+*@!xs;>iDND=hm-e3#RYA$LrF)H!@9OY>Uh zp>DN|kB^=&jo}5C=(>IJU zy!pYUBdxPPeg`w&u;TNE@y>b5;+4I%EmHPufKRuE<@$6)uB4Y7xH~;*>XcALm|2uw z)eer#0RoD|vSWn}k4P@Z=1j^IB;hKCb4T& z58)f{8cg1W+`c0&5(YE53H3xv1MP;uz;uo5PnN5=Uq#SG^KLJTUD&ICj5Uo4PB!X_ z+g}d-fJ)~WhQrLR)_Z8j(DHuxlo|QmH?f ztPF>KRn4a1$mI(bslnEIjMYTN!*|+zuDk8FLXJaqXEDpu_LSbrsuFzLc;9L8F=zVj zG#SS!zhanErNKc=h<&c^>VX%uo-PcWO_Xc9&!9VLyg9#T{r5+{at~&^+e3~R34akk zmHe#C-y}~4)wH_Sp5DVB2cX->=R2q{E+I zt)}FzM$@yUvZ#%58BwkpocvMK-)$~mfe~fXxFCZ?Nmb?mxj8oDNWa1$Z|5wBG#*?? zl^)?^F$3EMVR!VokkIg>PF3g*Yz~+dbGAgj8|8FleOg#wf8)GmwATuucIf4VCDt#K zXPRSC9z&+ypfu-xAt&(bZk#a-4|U);qMJi_#ykCnuJAns6BUIVQoPi6y>(=g^wP%8 z5UHaosGyIHML_z)BTxDWkb6JH$^53CdyxeUiFkrHNEij*7Q0@ky|63782iXw^r?!o zXk-_a5S%HHV2lohqf?)tD0n}kMjS#|=Z-l2dIXcH?;IUx)hU0%ge9Mel;6`(B#I9s zT7*ll!E8)BcawPPSTNqT{QmD#ea3rZ`%c{sW9F|zRYsQ*xXnuJW{fB%tujPE&hq)c zL7v+PBEM_tC!>C`Z~eXQjF%K4r^TN-)IQv@X3DlN7Kz1sYIj^S`^~tfHr3nn(es7Z zqDIe|8qcu81rCS+L7U?^W&`c;KS2L3W?UP5eLJ~7jt2X7OZLadjM}yKP%ri&8CRmw zR;}uXFUiUIVy@A;Xrsj9-+&`veBAxQ(XEt?RM8D#{)$T@?DtGVC;4_=H7lyr< zWMOn`BhJi4z>EfecXKku+2)I~a6>1I_y^g0HFe7PQD~O?y;B}q{ly7OM?!QWn)w%~ zbazN>^tm3u@tL(Ifaf*FDerU#R=t1pBSJCGb%p@fPc>SC&`;o7&3GmJ&#+zEmK@(t z8jvpSVb3LI`JC5iy=RE=sl6M{&k4;(vU@4zsQ^|OZQ!0P&8G!dnq#km$2UwOrcp>E$EB!7j677H2#s)d&E{nZ7pqy+Hu!YoiXq=ZrZN? z(XX&D=BmI|F2#0vy|tuNuNB+^plK~-{Hlq-!9{cv?QVBuGqP9PqODl}Wfsr=do$R8NqTJY&pRvM>V8aXaV!jWtnWUq7~D1LV@4 zo)C*sh`?wMA*8D1YXgM;H1vjX`^)at|>9tDS2#X>$O=fj9)ws#j}J`nvtfp++1 zeL=Ir>V@}AqiuNm0jTVGN_=%QBt2WFKU8kL(yTC(I3YQ9L4bHcTcNzxhwZwRN$YJV zBjZweKKC=jq_oJ0@mC-c*zvOWA^;{Gy{}K}2X-a8dhr~)7~S@{88Mw7?!zu4z9Apx z1>2?U78{A)C(n-c=qgm)DBrCWA}Y@>%+zPy$C!a*M*?* zkbQ%XmK}9xtp6#QtoZnlYW+wLP)YQfbsdE$z9YWf>PNErfb+(=rMxSBvVY@oCKlC+&&e3sSt_4F4EF0ndbQ}T*xiX;6u|A zfBs0<@>{~{lN+0r1Zt9_z=t5lyK!5csU5G-ua~M1{MMn{cq1uqP86P6f1z~N5T|P& zW7P2%k~a~G0+sv?$=VDF39sYM&r4&y4S5Q8bX#!;i`wZ$?~_!egG#d3*bji!CT7A9ki}qi} zpA!6@KGA#9=PFd-YGT9R@7{MX<=O9^>KGIhWM_9Hxa}xwYFg?INzG$i;v(LrJ&C^?DFD?B$9cVe#+os<eG#abt&*FMB4DIs@u{xd(qB;brya@O-u$z65+RQO(l~k% z3(270K9h20W@Z5eU5{M;WIm^+cqXW`?bw$r@Ogu}J)ESehApS5tU#@H1>SqdzgO`B zmZ;a~miZk#MOqCZU|+zgvYq|HjY=x$6w#eEJk(i({G7UTt*MK>kCRrd(^vZO$r-cp z%|p>w2d*N>T{}Ib8XPV3!6uJ56m>(J+IyYtS_W6{SQYA-tWy*C>YzsCa9ndG~ zzoqleU0Th|2xChL*)@0Ulo-AsFf(|Wkj_^5QB2A2P?>6sEjUvB$9$89q8*dO+}^*W z!qbx6W^pHcZ~0dRX{C3n>?6{+PVe)m%+?RF5xyp1xqw72FKT zOot;+yv!N4z5dAG@+li@{jAcPnfe;u+x77$wFw36*hjH;>|;tTMBPD-7s`@OMQGmn zL9-gG`mTJpxYvUSdy`mxsdD1-Fp#|Yb65ZK+ewpk^0uo!-t|B7Q3WR-LMlXk=uAr@ zsg8M`G=C>?Q2&j8@GwHLSzv(4Hn)8#`C*%~?k&E*1OePU&r|Z#*Rwl3%$R@W#d_?n zS-kh1eELfyYPZp-vBb8-s1xNwsA`;%=SS=x{m4;cQL z7?5AA*73ghH($esgmiQFBr-PklZ}AKOYK*;B+${(?qP|*|Kh=2OUA?UaBpXZwr&#v zTDDVnOOjgYC+B&A{^^rA8akG!un)gp;PCFN7U>+3gkn#cy$h95wL9z0g%Z|3cL zsv|f1JM;EOf3)?Brq{SfTfm+-=}Qg1b+dJ+y9^x4*dVP&fwvW(r1`FW;o0#K-R-+~ z9KxziA3lV{*Uv>ob6Ia+zrI_(+|zPwjq+h9WwPqQ+2&J^qqTd6j}0Ngo`QxM2_1dU z&TN+C@88}B*Ndf7%RJ7`m|h3dBJ|q(0+6@z@G)`djrTP=gpS|4h-GLhqc_m4e?R-- zBKZ~-IXMc@_fe44)H&K$ZY~H2#|n|t`rC6Kx9|NL!)L7bXzJ-9g3l))$m`Q<>=tfq z=dJ0xhW`&wR~c4Sv~3U4-Q6Idbcl3I2q@hR5`uJhcc(}Sh=_E9bf<)LcXv0ub?$rj z`SJNfws7{|Yt1$17-Npv6JzVJeh;}8<8^-E#lgjm%g&AsUiN~&_75~Pv4YMx7Ic3= zQi=yoo&UsvaSis$ae?Zl>%m+!)A${C5eINv#3RISKW_J)nVB9G1mT$ z%lgLbJg#e9A`ynnX@X-^5%upth&_Wh`p$3U1Vh-izeC1DRd_^yg`#Q<^9vDL$tYws z+dhH;mFP8wx$SKX>4=`z&f!weW!6qcW%(hPC22+x4R38s31~~hFv+>U=anKXpmR4= zY#awYFiMXYtC!CimzoAsKdV|QWk%IgiyM{v+4*f!76?OgCO4*{088#PQL*F9dh|(+ zXpX0MJ1?>nfy{Z*s3<>#mON@D{cq=Z01n;L8~b zqXHBk5+yo2_gC1E}Gf?NJjBz&$3N1!01*8)!J!FN!py;8I9{- zfa_b#_**(dnCc1j&`|r}EZw13J%h5Vqj)*C|Lp#ax9xBuE(jw^1Z^f$y{dzA&u1>K znP8uh!BscKsF4st$*OWYNA zbeCZ>GWy-#rZ0!y%TKhbZN^b4tEp-EJ10AbUi)*=>IV+W*h*RUu3twQj9;Qgdi}3L zMveWh{!ZBcPQx%I6<9PpF+%_n& zA07!o$3}c=oFA(BNZ4UPnXMnFHq~D?G%#NrZX;xZNx<8!UaL(rK9-i2CnqG~v*$}? zb;N6XdwZ$ECInB5r#uiUIzD6#HiHcxUlIxo;cT|A9I7~1EZQrHBduLmt+jq5+qB%= z@Y^F<1hWNId9)xT!whE&(T>6V>#krj8~zrF3s~U#dZLjmsg>Drq>4wN(F^Yud4gkM zVF|zVw%uYrSYZ8S>)?P>iZsn5-qf;AFCUbZMe#J>ND88WjJ!-69r7U}q_o*%{hY0J zErW6s?fm4Or6uD>GJzKm;I7;Ya)EbOyW?dd!p~<+WI|qw9}#7OORFsx5eC(t{A-GQ zr7bN{z@HWG?b;daKY#wDa=QvQNk!q^wzSSeKrl6&pZeP;qaZCVF36e`Et%{*X|?fc z$n&|A{@b;voE+-%^9ilb{U!rwM9L{I$C@tF!=LT__YY;6Su^P1fO&Yf&CV=(z%1s@ zbk36tiv$OaA~v+6Lwo^?(Nop|2Sh7F6BDLszFvh4IBy|upo2k$-WmAhx98h0kLDX) zDZOr6%id)KE&H~@>D1Xsd3;;S6!w-q;Dv>S^=drvWF?f5$aU}-ktJ12dz&;JtSE)? z1COR4sk^TB&!`HlwndRqNbsk?T(G;C*3aHWjm5*~->@~rIr2J9kBhoCM`)-D`vtxZ zo*^;#PpVN`LMRd&-b`TogOu<~yt+hVcmY`AXsmDw#De z)@B>=g&w?=HL#7$KOO!q@-G$7Y0(tC3`Ko( zhI;?a=&}~Px8_UN5Bm6LFIAOZM_SLBcW*BYZJt3nviwO;_{qu^Ndh^13-bqFhrSLu z?FTqhO0yr~MmPgLT#=#6%Nvv7E$?aHl)>rXpq$vxGUjG^kn9vP*f6^5YepRFZ{})t ztSi5UD^m4gmV?;j<%fLU!Z&rCn)cKF_K~pSMYGIFt8Rn{!ZK|`uKGv@J9GR|B zwsKkY6*AZ{(}kBwM$X|jV|O%jB$SDzipUk|?BslUezt7CwnH5h3`fhugBT*!v$HmX zuTR^ns^ua%I-DakWxEvO>3U4X%Z^oM(E1KE$i1nlHZ(Sl0Cj)o>?FQWrY@dY#?IV+ukF=ha9iFs!RkK$rJ!WS2pP%H8aM^Xqlzw3jR5>8%~9nW%w;r>2`xb9w(Z>@&wH{Y+^ z)f6G2qKkoT2@LXb3d%4eE3fvCw_<=rfb3-dE|*!Z=SWt)*Qy}kDTu`Y?4Vs|ZYnZ;$O&Qcat^2X~9=BZJN#Sb>MsfdfWO_Li?wpyw71yepcrF25~1 za_KwsdH@KD`ZGw0ssZwU;6g#Q2^K!_zFsGoF9&bfU?DfxY zR(XLjZ88}{>$ESwhK_%hbW?X(2>e13LJ}z;xD_QmmZq;I+)1%H@dm^2TcpkQDdS{Ddk~|ul!xrIau=v^WL?aKCW8}Q+zsS z?`|UI-}^105iQ0T8#~&BlOfOY&h1+j-K(#m7&v59!Cot0>jlZ)zwXjhv92ev=ulQc z-;1Imn^^~!DlmzQ+Pu%)OMi34K)5C=g-xHvE#WKiVaBphOd(p#rBJk#hcnWiFONvA zuyePXW+SCC)pQokI=wJ23BMSvAx$ZW>$4=*lxX%BiY;k#la^$Rj0^7X1wB+HL9u-g z%DO|pES^UfaBNK9>#c*VDXEWns1~oU4SWWW!RQkvuPJ+Qu$tlJ1i_=+h_Yq}x1?=w zayu>JDaFbWOYWHe3J2Ls*lXtY;jR}X2gm_bBO0AaC2sI6 zJl`u4qUg|gB9lrkrnGI`idu=S0?s%hc%u~sJ!{jxo(){GKIcBrcCwqAo8)Ii$LFZy zkd(=nCaC*m2znrGk7U3>qB41jRhH7n{G`x+Mrco&@+v|qy%EM}pl7sB1DKDNcH`*1quE-Ua=DVH#2^t*mU%^KULJ`Hl z0zV&#^8o8z=l4HF2o|c;Bsy#_GxM>N6mtnp5K_&kWu`I)&F%RD$*92p0AGx!8PYTs zU2KMLV52R9-UJhuys`Q^r;2<`gpwS{x#&Akb=ZecmU%5ap!@G`l^2|hW)UA(3HjF zrP9;0h@ajSAVnLA6^SB=Yo)5y-qBVib+;#p|Mxb2H#M7X6IRgWd*PkSDs~Y1pyP64 zCy`!g5+rOXq-_5z%Lr~+z|wR@5UU+HPSws-e}&qdq_MQ8@7xeahDPf||M?78Btfmq zihH~q7mm2l8Lw1Ch3yXV{o_T&nY@Mjh{5<-dGcP*n>b|2riU~5t6%P(ud>|}uvKMV zM`<~~J*vb(;4`%hYwq zi8`xVw{h7)mT}rI;a7}zbq>8)w%X^~>B<-{Op!Y}-*jY^EwIeJksVfbbn4tsV2-US zmbK7Zr(m1aK3u%nSNPAn0SjeqIgtpy_3(8hd}zs*rxbRXp7NL?_Teww)$e=szfOH3 zri2Q)PQHa4lvcixd&Da*HGk=IdD|=V;XMqbc)l9H*5!(()u7P}`Tptw6+*6 z?6CJ&1pk1Z`!{v3FjqSd+Aqe}TL1e%a|?yO_LM22|ya%x=2SND4cv z{AX+6gCw@z{u1Q{?8C{`2Qo0(&dAs@!u{A6X?n?9M%47=*6U{J+#gi^ZrHeiAWsH( zURzrmR>^#=WS!08s;~vSle04&#q-{#9P`5!)6w~ruWRSOf3ja%SH6orv>0ne56t8h z;QBmSH}ttaAI?Sth6)1t^5si~$0EYc?(Tb`(Bit&ORMKD*kw;cEdn6fY7hCV^ZtDp z$u5rA#Fkd}Mbv-R2DqVIA8Ke&hz?2Gc**>HX%0Xc)jMJ0!oot%Y=+ky*w1@Lj@^gJ%?Xn|cpaBj<& zA;ArNAsD2?yKy@)mwKG)r7qrQHyj<=g8nAcrNFX4r=&Ck)NPGRFEWYvy?7T5H$HRo zIT|7fh!ElLD*SJ_0e?rsJNRM2jlBYQzdv2Pl|eZ-H@CC>7V@^X79??jiII^*+kadx zIa#v=B8T0t2D{`EzHo5wkdr2eGvp&%UAp>Ev1hcyWSa$Jv%BW2cfgmDeXK!z9(woLaaDQakZb${M-@B?WVs1LCW zd>*Z%Hy&16*s^-N-rPRn8X)o;u$BM2OMiG&)$5D|KXi?Eb#=&!AZI~}> z-&iUi9YF3sGt@#slls5S|87z2KU)Dlek99b9w2;$73Z)J9H!t=W&A8bpPs%D; z=vPID%mZ^0@kc2f#(q(Eb)P;db#($@A&l>G8RYQ~ne!F^4*&Nt(8Ec>{iwqJ1et2Z z&t{@^hCTGlf=5xON4kwTSScebugb^Ag%(&Ihjru#kjBY@Isk^^0L^WXzD!5gMAH2A z%9FQ)!TQwSeYfi)7GQzgC-eF~xLU-0uKACPnO5y7-=k*O4I)vFi0WL*%h&;jc*elr zgt`+}&n2bg_zlK^rn7&XBhtcArm`Np#_}@nWmxHE=#Eie$HP*@Nd-oCz4Xwgv|LxA+ zF4XvN`(ySyzhzi}U5ZId6M{#*vGK#33A|#hK zo0>@gHJ=U$q3Zk+BblV4i7`z~aKn3r-7m0wi**s4ot+0KXoc_$Pk8H3dbeL#L65NYsTAh4yB-7V3TAmEuQ0hZGF@ zhYzXWzU6_c>Ewj$we#gWcRlap#qJ_Pwz%|kSUo)<&H1^u?tGpQcMq|;5Gm&rQ*1me zNGswsHu)tQ@FOuKLg=BV-&5XfJNZm@^-rx!-uFiB*K)s$6+qjfjczMS>-}|nMp78) z!PV5(%CT*I0?ye@@(!{eKX!mx7K;EU;K#;GJbZ$VzCI#yewQvl$$lChq%Jn!6VEBm z&7+aT5n^IdV|FPoFYf}=P3>17v>-rb!P{2^nEaX6^y6bzp z#L4o~Vh!V7RRMOr%O)qZd<2$J7M7MBpcod)%vj}iz)RE7alA*kxi9lVt&dH3v6Mn^kS{Y$_$Bkzn?7=~@?D#egeUCGc>VqFU$L+RhZh!7g6H}&Kl9vZE=IKuP6f%FWd#=ki&6Ux7ubgWIPny zfo`)0F^mspTxu!=thMSdvnUcFXq|SLBb9O1l_d#U6<);3Dk|~JF9T0b?4n4yWK|I! z7t1vx&;~%;Ftk=aZM&ubc$K2IHVRYG*3R};NX0sX`us5}DyseTJqENUzQ4lS=Xh}{5ECuTAA4$M$*?85T z20cAJI{>Q>!5~K?N2}qPAjZCXZVj505*VUJ#N@#{Y1K#YEuU3UkrI`doXjx-JtY z7JSsu)S;t)X$Syd-CWz%vu3YTGH_1z=AWCN-fAqj)o4&wtOLfjW$}4!E?LgFxAkvq z=RA*ny~i#M{fEq$@Wg_Mn(4X8A}st{d3j$4nksB^;_!2Gh4u4iZ}b9Lgu*?UkFp(G z==&#v^xDRmAc?Wto#!X?Y2^PHnqCoKOQd)u1S}v6gcH zN7$~dtvF7Tww7qZJ368kZUd0yWelYd^IKQ}fD{+Dyskg?#QX?QjIBmV2fobWG!3E^ z+vO(z(#1cW)_#r3F(1&V%sNv(ou$2TCIRQ8_{WbJ`hvbO_t#!4Tf*gO_H2meA2U~k zN51hGToupafZV6i<){s8zpguVU0r6t2HKx?@X34HBK(y1#DuKO74a}Lv&1K4MAg@8 z-rOy8kFHXv=`+v>W;psd9ZVpXXloFCK3-^nHmB!;ONxEz80c1qOVW3ym(fA4z~bcO z1VK{&J0Z2LkS!RK7m69a|5+BrOGSCba|Cgiwe-ejY>n~q0;GN`r*1RVJ}eYS(ajJn z9I_xlRj*x(Oy_1wcy_&$HkyoBj!RCat6Z)!S2#VGRax*|iOlx7!`IeMQ;0&INIY)>iL*`m5u`=%FEb4)TbY7;z^jJe$RO ze}k`Oe&4=*>+`-d(oF5R(~~LB-M|j{OFBi{jN)Fbdx^-*@*_5oL4mB-2>C8KAt4|s z32)*2)W67zjrp!cyw&6S2v$x`4&=DBtZxax2rA=x>B&b%!3X5+hnD+u)6nPCthC6<|Z)a@_7N4iV*;tTwi{SG&)N1krt8P{cAA-;7R7 z1XaB6mW^2v_5CtiPXI))khYQlK)OjwNs&;5git*#>TGOp8m-TXoNR~uW#`~16vt@b z_1N(XJI^Bn1ggd7&-U5p4vrOPbq2iO3X6*J3aU`&sz0N0J3BXd-V?No!SK32{1Tsg z^|UDPa5awEH%vhE$XrsqvT*={u-u8Pn;Qjr^k^Iv5a$?nrcG)#T@X4Q@4j@10lOuV zS0qDMcdRxORx?HNp|K7L9Yfs6h?+G+Akc^+i-zg_(_Ce|qYnTN^K5;2W@cunfzuU; z7os1U4p$`*lcX^v zPRB7L%PlYYhfkpaqj?daS~PA)hRJphjxW%K%Ur@@bst_g4omAY}aIl+E{7fgwMgU~j&u zFvNZRiU_egm_rAf$r!=e9fXXauyas*5R%Q+ffUy5`icddJ&Kx|VO0eR?VVOHflmAT z&z}fo*tGU5t=p%k+Aj-!1}PdwnAuAl&xb#p*jY`NgnYV4%1tRNT&^Ssh=i}L8;d>HJ4VY+T8i}LV5 zLG}7IvY42^X3GK3!&9&2ufjsH4-s zJd$D(v82J&M*d$Y48Sck)QB>;EB_j*0H_cRN`9lgC@qWmVVE>+?J&H1`w& z_1Pe_AMXZ@fEL?79v(FJ^6A{9I#VT*8{!jYuC0KfXizGQN}^ z{bB$4ou&*HsHg2V|G^KXa!dav1Es(!AUna&GrAkn0!mqisHo`pRICv`tpPp<3z6*y z5XQO_@>{=44yx1KLy!9Xo=Z1%^=XpS7vQKV__A1?<>(`yA&8$?(9B>aALadsQl!BO zA|LBn?1@hd~blf#L{!088W=RF*ITA|8uRlIg*o8QO z%8>bSlZS(0Bg6gJWI0Q(-s|)QxMm#yLqvQYQSzIPKx^WCe;Ep}qy<<1Cm*DX>p<^F z0z1-`7#LW@_JQB-c_f{nYdYFWgO!$=n&SQY@Oqz16e(Hc%fz&V0DxFHW^WJswyICF z0?`fFKn*RI=VgO@h=F#?e|#=EzZ@PIy{r!Sykngs0!^MUC@MHWd&!!+cg2 zpMqK*7weZlQi$~MiTwPS?SE}H9AKC78B}qe!oqz+L!y`kSqs>{SK3+kfyNKmPceOhO`n z!@EZwSX2b=bK%l|Xpfgbw13z!YI4U7XupYkhywZoRILL z0Cf@^`21lf3}HyVGz1aFO@9TP4uUWNHIH#9U}xRM-j=jGUg5U-0#q&QU^NGY1hq8` zHGsMU8Iz3-BC2gkvJJ7fSk9TV)4Ewg~3DcKmE7cuH61N}9D=RyIXrZk|S?2Gx$PHHG(_;Af_6Rk|I#~6a{3=Y~ z?>1Lg!#hJU9E!~KTipELTIXLE-M0kzn11>c^kid$Li$y+P$=xb2w#9A{VQY-T&jmt zS};xmqqX<}cF~hxY`F~rFfqHGQKhcYOt2QxO}Xew(sb4%ZCh|1eIS1R{?t!(hSb#q z8TcA(;UU4u=olNd=6^HUILw37@2Q*)S=mP!x>^GZzkSmrv$e7!{c>;4_SWVR(fht3 zoDc2|H#djlmEe)1ou6;A19*}z$o2FdYWFbFDEP^MP;GQ{)DJ|L_(|Bp*RP?pBEY&D}xdOC2}R@Qp62H1nCnDiQ2Q5y$wM6{{k{vVBjn7ZTqw9+XR$pWytnL7G3ee z#!$LCIwS?=E-xVbuJ(A)PhVQf+7p!xF`w3_Sw;=LA=%oc+j_v-k#Gb~AEdRlE}YXN zK=Qf{lLjybk+v7K@=kE~T@YTvB|E;Mh&5An(j$Q;RcAG0g6drs$ zBC0ci!Af2)JCTA$RKjPftp^C4)YUDeR}iQ;VIV;55nmK#;B^^2vqvO~mAl`U6LD9Bv}Lxx;`4eNI+3k_IC72S@86hx8>Ci9dyzo z>IBqWFXxn>Kk0wUr?V=VBVdpO*{?J7(I}}V>t~p1kye|P0TZyRf5?B;Fye<6hMag&_$b3uZ+xq2*fD?m!mNs_E=<>0@ zvWN=MA+C%#??Z3r%#JWYTGa1`xBgi)*yr(PUBP%b*5UDPXI){mMPA?hV>ZsNh7By^ z-DEOnXzk0Rg@(VEOqiGo6=X~i;%))bxAl@mA~F>JO~PLxZa_YxL>K=I8EL((oqLya z-DK-n6%`6ln}UecBcPT9k^nS_8y*4UnGUe3uUnM0FqJVKFz>EpW=e=tBO)g!x3G{g z`1J`$=gdq`k8nZB51ge;$+w3*TL(rdAS>(M>8OpP7&Q!9*a&+ZW2RoXeptQ_!o}hl_z%4kH zmXb?+_IEd;fVx1fumH?A$KC-|9#{qWNAr0FiCxF=;iF7FGXTC4`w)>+T@+_h_S>po z_+!6WoHOYPYr{GhF+hoc=ikuwGD~J<(w~vF39ph>X z0^7zxRPEvKsWPD3e1WwAAC6C=B8^%SabB8hkQ~}-OoX6MDxr z;Fh0EP3?0Gf;7B7nSGMcg?ZtJ8V&bdds|)&C?=>XhHm1&rZZjYf^cQ$NU7RP1}3=; zrl06kqt7sEtB%SDQpD=`L*b@Aa|P_%gU^$h>MEnw!O?4gx*8oDgQ_9{3RmH|jWLue z^i?iIH+dZ!0;UtLueAAo&y=K;y4|bFCgY$mnQd0s;q2vU!(TpU_aF>VMr3B zq=-LCOjJOXq;Wp%^}3%oRZW+=)T?blF%R&%xCXNSm8bcyX6b_n8_>AqiiJl6y|4I3 zafyHmhgmkw+g_63zfn&sc?!QXcjsFqdP$;P&zGK&A_;v^A@xpAWKvN?bd|=tqfgJg z=Kg>aD6g*m?d*MUpkwFF1OyomRoq zld)V$xm%k*#fECs)1gCuVWjH2@JWn6>Dsda&!xZ|`rBh28p?7=Km@I)IWv_kAm?YMwy{Mt=Q_Cg=khEdz#Bxq1SKf^7R5 zuFcJ>+~U;+-Cgh2C*{OiLGlgH#8kw16gr6{K9{O~#XbH`kgDU_T1(vtba)_czM%fU zWtH!S`|GmNNh0qBM%2w8X9_7!`D9|k->G&1f@SprI1(8QqCluIjCE5ec=&q2*3e4e{Ig^$PCh9tLu8dCB3v=M-FBlafLpe7C^`8b4tm zc9&;#3(bzCHb<~f^HZn8sgk+77$QCtU+dYIM7Tg_=;*i5LicJ$M2)E+AXeu;Dv z=voa<-(B{l{y$zNVcIh_T7D9lP^>Xil22rhm@OK@S<+N}DZ*AJ)%)4fQe2^ohS(a+ z=d)iu`1~XP=i1fZ{a3G7+a0?s-qh7f8HrJY*kXTh0<)3w*WvPnM9Va_2zoM~T#70B zQD#XA7QP))3%=Qm<@;L+CWu4MwyzC|RJW6GSylAWO)-!Xs!*qG47FaR1wJ22e*E|r zN^Rb6IWM%hllSz{+flwD0+!-IEkTORfOaPau!7y~ntM`83JnW4et`l-?`~qRk@@nA zPN8P@1;-%y5bF@5cj_WUL`1S*LI=3`nFjfRau3Wdl@$OZFmxK+8@O$)kR9T#??BA5 zb8zto*hxU(iwd8=maMvIvDf6Y_-1S6;3-jQieTW9ZCHM zB8_d2+~&}=NdR>9!g&KKq`cBHCd)JjKKS!kE}f6gDR6C_kEoxSUOB%-LO~N%G=x;w z)Bwq_FQ_x~BPIzed9>YI64PSdS4LstKV~OuD*rSSQXbAGzGcmUG>`Pj^g`*FmF?K= z5tDb~>8}UtLl}?sfBBI8J|H*6a~t8}0H=en9o5yrY;Z;fnV>I4;5G+`E^iG~3){Sp z4zXBj;>*a?``vgy$inWg&Hnp@Rnf7zu%L+|xlDpd{QnjWzR$oGy*f{qV_EK3;#a67 zKQ!O*X=~4Ah&fHS({f|T<>wVe9uqwJaksKb14`7Z>A0=;KBmiCK)|K@=DkXO7Srf6 z%+=v7;Wy&lOB&b|Q^_dhN}>lV21gc~#>_xi^-_JNPWG3X{(+%wHLjF5i>-(T*^Qvx z009&!VAM0Tq6Q5kZC?$12RChBORK2ha%~RTK7_U8g@T zG`Zj}Ki^czxMls`cy&!xw1$Ae@;9RP>2%v*RkcK{^vKTsF!)>5wz2JOMBZ8ILo^I1 z2EjA{3;<%ofgn>s8_EH!OF^Fp3>A{ZTgxHMU;|fRCbqL!N9pB#)UjR4lLZv07bQ_> z8GOz!c*+dAd6roM5+mIjEv>9f`q(iu1ZZV8ybky9y`J*h6g`)xLkA63_>6z31{#OP zkXIO;tApx%1>o7BhejN*`_KS&J#4+uxE~EPl*R+q*LZK~A0PG|!Y`F(B=C#ks$L0s z2~z^>x*JFvHipN3c#II^-(AjEZrT+ZrS_lsaC_Awe*8)&)9P@^`Ls=?iS05{kZTZ4 z#3xG~;-Th^{VSgNRSw^Ox!GtWKS6D-8V+WV^ldYNm*y3+j*4f>zJ)mYl#j9-a(bH%*-W*#$R3l0+U(mrbcEaWey7e zf#`0N{NBh&EOTI?t(@k{TS_WKd>A0TkvW}098UENl~q+M`;LSfta_rd4x9j^fwDJW zX71{`J}rTCC-sdf3H^s}AvdnaP>KVDTBxYS?VKKibgHyx&zZES?5m>uvo7)atOmyU zOD_zy?+!K@Aw4y&w!<*W%E~WI3j|Qh6SWEDP)B3MiS*5`CW!2*y;WNRY6!cRsnFqYjaoT<% z=zvL8y^h(QOH(3U!qV|ZIrvNZcEx7)B_zZMSRrHbHvY-Ap05SzPXOqk0#@E9?F)R- zwuUB~|4cX8`Q~y_ z595i{%<}(-`VHymccMvPItP=@eRt$`4gYkvqq+S_YqQ1D0*P<&qF=CF%35HoNGEW5 z4mL=6_O}+eHvX5itDH&M(7?xAZc7Lem5_in@Tmf1`C`y}m7jT@m<#|o7njzk`-qm= z5#tYh!1XC zrE1@F+i3Y1uL#7S))=VzVUWzGzm`2geLxow(M!K_5)l)F2@9t)^`@kt7~gPOtYdyw zGKG@Ht0jOuus<&40ml?JIX*mON2E=!i&vK%BsDw7Zy`nMW$mdI>kY@Y`mO3k9yK@v zx47iwY6YBMPiI5?jUuuvpw&$w2-vc76#e?E}f z2rx2MPEFU=)^2s^B!@OfL`H883$^LB_|RE-|DP%@04RWA`9zUohV>d9<}r_MCvF76 zWI0~<19phvuTTbUu)`S43DL-pV6Md^Mk`ddEu-h5`HpxnNUb73u{M!Trd>`N9ljm&(xLB&>+;$lXA@7)bcm9vI-S`ymQPp)hf&_DT%%!=Xc2N6b~p8qUUAz zn?C~l_vW3(bm?Nlp&vwq^}UzGscc{TWR6Jz0vKddB`vj|8(KgJ#LJQ`>0Gux&7_ln zx|S5TQR6Q1-q_(-xH{C~S@FInxSqA@dewgxCuWoQ^J8L>uX*Z^R#ScT_alb za3wQUXYu3Sw8<-!*;2fn;}Po-V1VBRGdg3$Xg#woL-ui&|!yr!z3<*^;XETm(hMsoE*#Bn|Rrq#;BM5U+qc{JoM3lyi-(KgAj7U{*p+cvlHBxf_TTm zMfIEEU-tWV+;E5pR6;Btwl+2)acoKK+R_@*dp@uG`}_Kb)qjzBTsW=O9^blY5LZ2B z#qubtC|f!=uV&HKA3B z-O-n12YCgB&cpQS;F!x_TtXTeMSc6q*{3(whX=g9&^Zpn8T?A#B7GxY`II=pi9%VV zz7m@}7@w@wjFBnen0CLgY%Q8cS~f8`$#EQr*)RfnY4SW{v(S}OCMF^{+Ge^m_k4ir z!AOljo1LFALe6LDr?o)!@n}xZv;yv*mLE@rKUo`x=YblmVu&~^IXM_mJxr^jz zk)1F9>|9R@h@G9C2OXLIQNB(zRZ9hf)!dH?{@umWY*3dW&n+!c=ry{mU+e=H*qSLe zb92Hspk7f@iq}0muRWa035=u7`hOVDA`Qr0S4PJsyHihb8%6+VFLtvojdT40aMHCO zNKbYj_)b{3-X@utSoLtvk7;kEq`4H zkcDpLKZhX}=7z(#Hb})Xj99>hfsgJ>#~5U--N^#Vi%WC}gm`xsT0(#cKJTuKvvynH~^V>L`fB342Clr!aSHQ~vFpufwO#1Lo%^>({8| zrtAFJCSUlVSfAY$+I55H2#Ulh$jWZE1{Lfd`l!RDYC?0Ufzaaxm0d=)CCfb8mX8hW zXeD#TN1*(eD$%DK(@IWBiQoq9K!8kyw9R&_eYy>v&gX$ELDnTQ7wD_e(us(_6jX))zM^_?i(EJ?67U^390dwb#nO$ z0N|m*#D(oMb`2ccdeAFI#-aSf;Dz6GU%XoFaSC`Vo!6+?bViceAicOco~NZr93Vp7 z_0m1C`h>FUCGV7!Iy{mg^mTlET^e)!;G2r_<;4!@+UD68dSL0)?4uL@Y7&kxSgE#U zWytgxt}8DSCDqg8(Eq(QsV*-+AOAY@I&^my1bxtapIUy;Ig%jPnB1)QX6S0B zbSL)4ZZc+{G#Hy0(9&`xCK@G`3;w7k>`ZwS^I_=AXu!X7-sm&R5N6S9#h~O5`^NRt zWPj?f+Eo!YEt9%pe$r);60J0om*6j(;IQ9$UoLI-4*#3H1btD&aS{(wTJNEyXT&k0 zZU>L1JDVw`Jx4;?X>Sb)(3*g`hJFuQfia3LR$OA`tsRyt#s`q8=-;8LKb$41Zo|d) zN`U+W*n6F_Gs6)MXLXDW`i6pY4DwyYTpG|s)L?amha+oNo-kb;@<8tH5P&rks6Vk@ zcC|_XO_#-T1uY=JwI9L;?{h43J2ut+$jO{Cs)N^R=T>HX$J06+}Um0PpE2wP01D z9!nJ16SP6QlFzyw;ckTdtjdHf7He4`R6xQ4m8cA(UyB8Tf+#>>B9{~-gcD{9UFj%&)+Ix7Y)7CbM1*SZ|Vr1-yjU?=t?ZyYQ?m#9+ov?3yu zf7FI35Fy}&K{|9ZWMupBPJ(6OA4BuBSAESfh;w9h61rl zeJ#nGPp`DAEwnaoL(s3g#v~9Mw5~loJcw3=W%iy{6(~SxN{9H-MG|}mY#1p1$@%~A z%evaxd~`3 z1}Escx}Ma469zOk5w{sL6qpF!2UsFchVX06!_EEmz=ebL-#p^EuXCJ&|O^#R!WGgY31rTPtM;9B-Ntf)XhDZeuWV7Vl~ zyC^8Kc%4rCWLimhEwF?pu>XsLV{JgF-zll6bWTSStgkFBLU~Uh#*kNiY5ejf(ze!5pb(wxsn?d>%w9O7Qdr7xG!N#SfMF8J<2pY)Nz~JfdZ4Md9v+Sj>oPMkUp{?`!uNd$FCpcjqIp0DrwtUz zq{?X`+5}Ln;Z}w_5!HqhiI9sR4({42s9XSKc5>Z_35*Afd#`rqDFH|U#PF29S9DK6 zZ#iO;8=syS2$ZDnCnAAIx)G=wIS1oRwZP6Y?xwUVckk400`jm1KE8U#{gAFl@(ljX-cp>4WC<@kuY$0OK@=3;_W!}*Ph7vow|5X3B!jJ zHQ*YbAEmdvJujTZ!Fcc_4|y^kBXHe1R80sZ!KYx~P%K=7J_iF|9zn{1zuG+FI z3QtH(02mJZ(KR3(jrm1<);;nF0Ze;F)?uF4Fs{V=2wAZ`i{P(V{_n_037pWlf=3b86tMCqjqMNhTCBPCA+1LED6qj0E9ESm=i^j zi@=;O`BJ9y*!=nj^AF_Y^$m@k)6#KyO#F;EW8&9a46zjb2N0!c#oi%4$MVNAl+5~< z#ki(tieG7B=lI3wKct~SJA&tGa6#P}78~2!;Fxe(q>$Zmv#epD!G}RYMAYWJBD&B- zy`#|yniN5@fACj5+W76|Bz$!K)8=N9`@?@Tr`-3TWl0LRM&@l%+^tlZ$!FMVwXGdN!ziI;&Ec@rZi-EENthbp#!3ZXc zd&wZED$u^uP~vU8>N#7UURn6266QtX4|WX^F=?K2x(kS8NWeb>@R2S@FTA~BgF`#g zI1h!u_J9RFqZ|PH1aKf3ey}LFf1@2eYz~Sy1H6@n(OUbXeaxMkp&VE z3`wYNaIp#|=EP$IiB{;*$B#S5TdZa?pFwA1%fp=j@MlGEJzkIkxuA@Kg2d;~pazUy z9c_U{z$A~cS@aCks{`$qP>q9_{}WWp1l=3S-;hB84V*5%%T3#Wqy@$0>WcffhNG3$ zLyMWv3m{1W)w;29ZaqE{RM$LHhWFX%+1C0^vD5j2o<)1Um92y$%O90Ia;j6f4d%gy&ez$j zopy%G$jM1U@AiZIC`dU#r4~*hWI7^3BdCrP+Lh1)>f{w+J9c2|5fQf{3WXNHNq2X5 z2R*eH78amgHh_E0&+2sSk^ypfXwOAhq>PB{Ovv;edbb=yVKvmq~fF8?5hrw{|x< zh=h(^{Acj*-{6)OVURR~1>=fl=PI3Ed$`xEXK5VE^0j?-yx`p@@N2OIo1`YRTC=a8 z?k%QE$yxQ9!a(92XsQMD4>?wKHYX=%0f7>p?Ls57@R(lSMS|0Hs01CL99VKaf~u!L zFFw!@z=n8w0NJ;XL-L>%_>jAMs|UN|VJwN#kpwIphNGfx9x=bp?MKH4QGr{2cQVsg zY#g#EH|odA^741rM~kaR!f`tGbPBCF7~zut*AW3a4y;oT9%yQRB*hx*Bg@_}Ge(VX zRu!b8$iXtbCVHdd0;h9|s$%oq@ZD31z`McjiLEy%XcO)1^7&Q$I1d>xs0d$5N_AXH z5K_xs&vvjgnBrQTIMTnufC04>OFzN(d(gI5J1eiP|1yT_ixLAcG=sQ z&!hHYDMzn&ZM2mX#_SvaoaR<~!AWy*p9f8JJBI!)!HVN(4XvCI0O!o{NOmMp%U|q_ z;WBAFvQ94sDvh0%6viGqH{kqGaHDUQ#QEPN5@lOi?vURt%apn(v)+q@%;2E8@a@%^ zWvM|w#mHp3DZbfV-pidJ@qQVF_1g2Zv)_v%bbQ1hFM{~F9L^;|kn@B872%+`r#86x zrxza4oijVX2Lj$M)M%7JB$RJ=(~;SYJDkk{#wg*$KBF4d0y%(h~`{RBJwmO<4YU^BX{9>fqs zOS2Hr1OCgWRf)Zlq-0;Nbi!v~tgKWQ`+^A&?H8qD`Z)t0`Fn>0mBoFOyWIcH*MFmJ zLa6Z~?!UL!+i!A$Qxss*uUl@{aCu!0LjX)Bs$f9b-QC?c)Yp|>KON?EmE?Jvb+z<` zxB6J-#mgiTPDJdQ)v4%xAkl<}xVd?NZJHUR44Y&+B|ICNZ1S#!dZG-dnfeyXG)b2K zA7xP`aqvTGeUyEAwVAAw;yrU$CfXqR(|>6reRpT2z?A9qIwjhTTuOxy2m;1t_ipY33O-(RzHNY7E5q*~-Kz7*nFM9w2zRgdiXwsgw!=f=DSTSae8tDJh-O(nyMQcPS|$jil0zlqlUD?|$Y#I`3R_%?Iar z&Xd2`d#!sN&*!XamLM=y+JIZRFG z6-1%?RpjrYFRjB{lu|V=A5Y`2OxVlFA3oXr*VUSyUe>gr2O}0{COorFM9}U5u($26cx{dt8TD3#iy_Ee$n)(8J?qNlELQBkbH ze^w|1UjI0yWodNDA9ATt8{g|=$lXjuEmWsG{QDUXY0I{Ap!Sr(_>}U7M&O++Bh#d7 zw^S9jOy;XcC!veaH<>8hjKuzUIoc%Tx$ z)8BacepQu16!VSy7xz{j>0#{;WS;uX1JHqr44DZ)ZxJkKs{PqdSbBb?l84ba$loF` z!SAJb_c$KMe>5Pg{zOguZb~F|+E8g2MLznUTQuNKNh4Z1_j68bHg>=-*!jk$3-max zQc4Ifle~Sr&^;SnqJ~ulPI97 zG0NYdH3th>S%9h*Bt#c9U29NPV4yjIGRbZ3eAOVs=kyl4+ZVPM`|v@(N;{35s0}t+ zyJ+uza^%0xefT3$g{&}alfB+s$5_m4(|Hj>#tXTG`lJfmd37;aOlD45zL_y#?!5Vd zrxl{CwRKGyW%oe1FkWGcf%;ZmdAIi10MaJnz`I(dz04{*_Jh-y*mkAln$K0Ab8yR_`5509 zc;FG%`;y$j`o~v07OcmboB7}4;i5c0PnOrS@wvt--X;m- zQ^RfJ&eRN(U2PAe*ylns&o13%c6)M*kGzAulwb0)t5taRj(qiM-Y3J58{5^AEe`)1 z7d(va_nci6kn3{_`9`BJ?M%M7iWOGU?)v^tVozU(2T%|*!HI}o z1h?gCG}N8cK3ho&tFVrXK|ccJ4)$;mDS^YUBFZZJ@MyIAX8~WM$cahG@s1YBYxQ|b zk*lLg{r$Kvf=X*y#-8P^(-V&QEq;}v-5jRC9on&dGXWjm>D-H&|+r><6m{b!n61K`2J4D_Y;zHs4njFBLg$i< zqCFWHeZE|fy`xb~)LNV|>6*jwjB}trLecr}Dj2Dd8Qa)u1C0}_@? zx5+LTM%WsZ_1^h=ez4XiVY+aimJ=GPWI_%siss`UcR!Tt^jB;cWu&5^?2mrpmAzD^ zFR6naXnFkmu!rYgGDI*crlaSg(@wI<`}nlQb)jCyMS+5S@Ua%2&|Og26H1p8`; z-)P5w%^2uo$(L#mu*R09rHM{2l$RAZZ>v}rEr$qcYZ+mq>`ykY1GTStr7uUp6zM>c znGnN4U-t;xgl-l6ku$wn-F@c2O=YHeW9 zEER$Px5xI@CKT?If0x1%Cf_M8j`&zMpYEE;u<|yR{5xy8X0tyIbDh#*^r2E?8Ff&! zy!pQ`1&v?Ec{o^N3O+tFzT*vD0F*-o-FQFzg*sTggT}ZyxMs?ZcIb2^3`A2xGIb{_}UE(_TU*AuzO$1FkVTG=_k!?0M5{tMbNH2<$>4 z9TQ;Jr8|9A`{iq@1PD19c8^kvr1^0#V4{$Xy8e=XkrGTlWIV1Mdk%e7LK|}%B5#Kz zp`kMPbZPzj@%sw9z2G+U5Nhvfq-oN+WjH+=8DQ0s;%s0wPu^ZC_I<(hrhMlqmb?j_ z37SGyasF{u%_LU=dFRZ0dK%6E&QtmO4A)b#|NkYxo`2{mniRWjL*Wk711&EzA;!VM z{_i7iFqK|1rJ$Jm`Ev$_0{)O-4^TwKIqir)(sFOwq7+!Cen)iKVzvLmc$FDk88m(;yvbZRjORblJg!rhnS~ z2ZHcZ{*K|_{j-8jxfCC* z>6^b?b(0F;jx*@uS=DH1OR-`Ze=OWTr!cK3Hxnlf&hszjYS_pq*MH z)x1!2XiQ3O{Psiw3mWM#VT-tGBntVo_%xkHy(EPpnR$-o29qsJTV)an&g-F z@dZzDo$OW~fSRl2Y2116=4o%C+8#&}h)&QM2huj`>01_Abwp&(a?@Q^W1cgjh;k(R zGkl`UkeX+X9EiP?WTtMeCW=^BxxkhuY`LMLIKyf(;(Xw*+0N)5MWwXIIgCE9V`6=e ztl&r9r*iYMMI}c}k2DsK#ga%V#%fZzT{p!B*TBxglN8Ra5zO){>}oZl^C~hz^==L4 z^(sJr~Tv2%>`q?abf9Ft|tD6&|WE9p&A8PA6MHwXu3diyMf z4DdZrmJHD$T5R>>_m!#;`kK5KxuZzllGwf?%qkR-IQg985%&KERe37N{0uus!TIdZMPgin%x`Znr46)U zJox+gGI?aIpk$Kry^P&;iXsiGxs#aQ-_N#aB>TwVATMU9J1BO3&c{?><9$}jeArLz z+hPk;6&3RknN*PdQW4q#h&`-e6sW8Ztl2x ztP<*+bBe*dP0p&crbnE8HcwkvA=~C^ptze!?Z{&MdX`jmR^a^$epN0AZ8Q7}h_I?Y z`*_iXBG24O(`NO3Rq3m6w6rS?`b|>?^Zd^UgW463tkk19lUO-o`y(ULhg1j0Nd}@G zx5QD)3WpA<**=+&%F5WeU8p;+#*L@YUA4M`r|%_eI~!enlKFiKBPS0FO~LX!i{hDS zXrpKL>7>GzrMwMpd!WaW@d@1oZ(DnAVq{3}E0@S88gqYF@4^XtB4zEQHynDh7`j6o znP8O1_As*I!S#^FV4B59zUbJ&RlgBS`Jel?q?#XIA$%+MEOr)(qXg+?mwb>_vxy~K=>)jw+mF5G{2 zYa|}o+ic0>D`|^GR{e>uqyGMoG#7lrkE7jCFRF)w7Iy5x7+tMtujBgna7fAJo#N5@aG%F{^5A(dBsuZ zjHc-6rCfVKlJ?*AgtdzzvfcE067gIuJ(3+gS+t)$T6CV0InprWao2?O+UzA>4F%y# zd2>f^-(``PYN`)>sJi`UY?6XyH>`|e@8ODkJf^TY8u;!Y$>>-0?Ky}4f3x=vTsqiX z;>3pK$6A>>uH?M<>5>t(qQbin)_*x%@ExT|ax}>l=hGym-gbPkc;C3W=dtlgc>Xp8>!zwp&u25y>Ag9sFY|d(C51Gh<%c9Y*(33V#oJF_9Q?WTqUtqn z#RJt$#T*F|ypu0j>duBD?_nvn{}< zQgmgEG9j~WV@Ut;J^WRkM}EPNCw<>vb&u4yCFA4n^u8F6j}e#CRm`|rq;oZG6YWop z04Q)Z>Dlt_lZQcENis_%iaXZy@fTX##?%J-!!;c8QqOfrShX916WE*ogK%4JAZWcOtIhh|=D0+*YtX!d%KP@myrTcB zt@yQIv#wMs`d2EbB)U=1`7&RB$cQ{;zf#f2@4Ouqa^@bmI#j(UT}S`F&%=KgVMrhl zrS~>SB0}E@X<-XF3^>SEelwWl$ns!?(^jUAAwuHs%E0JqC|cT`)R|;q>=eZbPtgYi zLAV3eiFa5=rMO!D-BrRP7` zz~ysB{(pN`^-S_+;Gln^%GdEe?}(ZNQ6_^hS8ON!>?tGnmp7vgeIq3uUl&5!=H};fDkT}jIdtU*9Vt7-^TtT ze8@GeQNM$u@YRwY&uW0Ew3n1w@SXpW)PNb0c=LAXYUbbL3nE1ZkK}iul{wj;I38EA zVnjJ&(@K2!cz2M!_xj(FL)bxv7weI3tWBHL`-jYZoqFObdifO|ehb4!`&V+LhUe$= znHX~;f)v%w!mFY+(SG0P8h%Cmh+-`*zd!5Sl+}W7-ZKJy)q{Ge@sLu=p^^J2h_q-ZdMBA44F=!(s@qy%gRO6lv1qLKKipPklEUMuGqU!mGB|syyZJ% zj7K7MUPGdf$t6dX>ZqQr7t+oA<|J|?$!)56D>L(vkfATb@yI+czq>vAV;=F-XlG0x z?e+;qJo)l=IU;#hcG=l>rp9*p#P=jFyFyqa=x+b-QiTC7OEs<#NsC;y~@yn_Xv&*(pv-7ZxS#IYo zipx2+{(C>KHg4Ti-F=h2fK8gSPMIfeBKmFV9#ozh18sA7W{Q(6tM7awWZl__d=c{Z z36Q?dgnlKNiyg1-lQ#`^It8h`b4F#Hm2`Kc(#vqua?EIZs^1U8RR|v(N;2uC{dvPu z?))?D$zyUD6Fz-B7AZNavKaLD(LjI5M1{P6B$?S=uhZYxi1ziGZ!FWkD_gpBg++kv zh15WVO?^tKZu6o3e zor$|X6uj~Lz0aN57FK=U4}&OK9!L2V^7FUU>bb2}XGMIi(Z0J8H#`~g5CT)r2jU##DU3EJ*+sNIzj z3_~R)5GB8pHhm`or6nQ6$=Xy^gzSX6Cil~TkNuR zhSC%P)FT&{u2?z#c`)JL&-zl*u(UK~_f5M^kpjsVDPugN7V;lib7R_qFpS#z-?Ob1 z3iyC*eb^nsq1-*nR7EE`B0W!@KUr>03+*~jA6$?Jr%Qe1V`IYyS&0OiWC9 zw?nqt{uDOX`T2N58a3Z@Y)rGVbLpX_{N~*0qvwwi_ZH}elYw|&x#lJ<xe< z_V@QM)*MF~7Dx9y%0G6QpCYlL66TeZdXnYnD?aYp8bS%gM=Cy>mXu~8Q1OcDB|5CR z`5|06;Q4{Ei0qEzr(uUUpw%tU+Nhu?V98tZkuTVYGMf{T9DS9jMtE)PQ2&@1Br& z@HJ0-!NW8uMu4?&12)XB*5zon^LIFq<0wJqoc(cdD2AZ$zOJydF#lbq|1N(2ITMES z14z+#+m5=;MeviGdE^1A+I#{jhN4hiuV1sf3{n!&CCfA1$jLxsfIbbhHO`^bKktS9 zIwoitZ#aKxW$f`uympK@@8``Nr18dq{Z9<_Kv~ zX=(0ONeO`!{@o2RQ=7{3X@c4+W%ZQRBqvWrKgvh7+!y2)e5iDoYfv7$_IJ-NgOnz< zGkRh@4esAZx$_hkS2!I-HJw1Dm?fwYR=2?C)YP!XRl{Q^JR&_nLIdi~@iH?Nx9f}1 zms>+TT4&D@+~Y*leCfB@aNPBc@}#80?$F-78`&pxuqszteCZ=fZgtz}YB&C$_YynB zSoS$>k@5w$)g9~f9NU}%`QGjUiyMrJ1=-(097D!q$q`I-ABDOHBlzL=5n;nDpKAS*CD>|BTL!rRPxc+-V(?34oR$*%w1@^j=J6Hli z?cfce8$hYY;jy!Wq`ACy>1Y2^2UCE^s4O3)*#_R$+nQDIab*OAQ=cpVxk8>Gsjz6( zPs;=tNyqx$mWZs*d3XW8r|3V%y~;t{C{UfFZYcv-gWB929Rrhwd-v|Y^gvah2UdR8 zZEE{&)geSrk7j2!F((+3$bO+K_HORUgt)NldQ1$N{Zyql0F>x~849Wmb`EawG45C2 zGoNeXQgSJ)tqOOQ?;m-CiUZf>Xs>mK8r=n`V0_4U0x}DDZr=F#V1mabh_=y3x9yuY z9fyG9K0)v`L2MswcGnq(&iFIeQoHi)Px3eSf3oW7>3xA>E}z{RNnbY1=m5^7O0KVe z1eO5M;)C1_&|8eSjTYXj~OPl+SbL_w*qk}0Jl=oap>vwx|lZ)KP)La2&cEjIf?_U?A(Q*?ZM6rc_^ z8mPKEK8~pchx_eaiUiiB<<<>d32n$ii$7cS0ZkSNE-aUS5$+#OiU8#cX7um*s&>cg zv%M?|dIu#_q3>cn;NVw3gZz<9z{IN!bhw`-1(e{k0NeBr4J81DI1L;pCMG6~PM!g| zto-~nT3T8(4{`B6d`Y083Bi0$tEA|ERbX?I*p|ND;>Q*t0JExmb$LUqQT)r$H) zKnwyWN8qA#3^<93iuM20FYkqp@dFye`fy&QzX0uaNV-*%pNc5jHOw2KW zBO8=vJFSMAu6R@zSV-DK+5!p^gs~K?fErD@EIr(Cja2rEMMMP3A1aKiR=#|g$IL=Ff> zpjqEUSD*a&noj-8w$9CUP5}a+Z4pxNS4vk&4Pf5{m%1GX19UBH&DzSU!f|dRW;a0Wd!N5z4Js&)EC`S%eLpeLG6N@}r5vw2&0JJAT+<_M># zpc5t_T{mW**9kvcOc(%ZrYPw z^#I8k%7dR3COM_yw(f|L7;uslxg2qihZS99yL%l2Trb$z>#c7uw-#$n(|s~spy7xr zifoC3T(JttjhRZ&r~2PN?}0cXFy z%;(e5iEiHUHQTOn@$o@TP3RD~q4RY{%wFz_a7i^AD6kb&qkjBIViA#3Y<=IC3Covr z;KG0FoER4NCNL1!%U7uWE2NiwZ%x$s^({GQaXRAf?kx*nFaA}(eLS_hKf}Z58#7iS zLF-TUuig#jQqQuXG*$^QG{>aYK{r3n;xCVRf~~_kab;OGDKnfC*cUeVe)m>&`GD%U;i-@lF5-7Kg98@dDC{ z)?C2lG{eV0dU7r@khDJ6kqp z_Y3>gtCg#J^pbmT-w|DNJvfjM6&JUf&HVTg2M~i6&8ej#qY=|Z>b zOY~V080GgPuWvSpk$4T{MZj4G%zqN7`2oXw1-B773AK0+G&GCNeVJ+=Yi`uT)0l*3 z-C%*k3~BW&48e!}<#qXWsa$X6E9D)EtsoGE&0|2n-H;H%5VTgSQBza@4(fYYn}^1} zy9h%D&}oG&qzM#ntNKK`9n&f#Zf$KLbl3U1V>$##TH8r}$8=Q<7K&Ku*VBhTE@`gr zg$NzU>$yp;*iQ|SE}g1%?aU(N6sNsab}kNK;7~U-G!Vc$?X_=zQ)N@2?BxXJN2wEK zWno@k-r>`|DY|a_g6dm2b{?nev$F7P&j1Ob;`MJj6yU(Y#vXimq-S*W#q#jPXWNs3^V)9VqZ<>WykxUY4SRM*&MGwbl&K)L!?#^ zr+F@dSL$b1wEgjS&m(YAA*ipLD*ix|i27YggLx1*vW2|d70`C}zlc+8)Au4zrB31I zxS|VyDw}wP$b9O@_k=tau)nV}$z}F@375bJGlu_p@0#J3FWE%4#Lm*bRNKb_Z2Hsd|;|tq=N| zHYe}G!;|26LWGVeVJRxQo5dsy+)H=bi$(?s{8Ma2qlG_XoGex8| zxO5P_u_4yoAy7Q}5pd>mi-;o!G`oCu$3bAjf?5aGrG{X+%04do6K}+oROd+p23@F;&)&50~XBnS000^hpWlRzEWq>uB-C^`~ zapaBsG3*8-n_t5hsGYa(P>$LW9JsXi|5n~S`AhBd_WF_yf4>2nqHv7&lhS@;b8U^& zy#?R&^y{vt^GW~-_a6(_f8($v^rh^Tss;FRzz|hzJCQhCW#bgddIKN>A;21i#|?+q zw=C)G8IpHVTr;=#^d zf3gcD32?R>>w9ZP-y&7LbLY$xzi45~4QTDWz`m%5homX+sNuL&pA*KCZ-54W632mY z>%}KgKno-IKZra#M?iKsR=(ywlcGb2)fRI{SFBrsH&+aHieQF%yVQ!f&L(Rd-`*QD z>`FjO{A^cjHgOeXW!kN~b;aA6iRn>$+u3q{{{Es%+^^W}R{3B5`bG$@eEWk<49Mun z83>0m0x)dRneBk!82ff0ox{}?AFdTp=4w@o2+%Mq0{Wd+kN1Et?XWyfOQvMIc1Rk3 z-^Rn!<8|EMNuTB_P6T?*TXyS7=k9Oh>pujMJQ3#PrUi}E)`pzQ{hNKT=mm9)LefnW zlYO(VAw}l235HN$qeyf)z=J)Qs^xf)=|vU+dSw#XT_vj4OVl%Ej876+ejYPrn(kdw z-fnzuR8LNife_}_-1fBkG{?S|*L@fc)JK*QaRMPnl*9zm`VO$;Et<>Jyp#8CgNk5o zHs+rG)jeLWdylRa%b$D<+&u4|mG!8=tYLl{^WxpRxMcURQ(J>bk5&L=-PS|umHD3Y z4DHT>1n&t}h3@w7hCatuVR_n5xL(SK9p(@qKzrLwR~LwPGE<=?1K24$eDwq7t4Gvd zMii`0#xW~&J1Z`r+@Tl=lV*pSI1vTn__K~H>}hLH7I8oaSc&=d9c@M~ zkR0}Zh4(Zyr~$!a)-y!#4QxqKG`DYG8sz3y_=!f&qfH0zi^!9*@Qf$3-Ip&@;lc3K z`F^kVk){ElxHRZ1EK?zB^7%C(qR%Z5EjR48Po`L?&W7L%S>3+uw(+|#xEcs|MhDz*=4A{Sx;TsS|?Uf0M4b`cuetJ zYdTS*7$nV11N=h#sDzu(>F{+VhZETqADPrvt&Nb!(?7ml14t!1JNtvZYXWl`@8#Y@ z702>qAE<>MriB_rd)CzV2rl1vf=*+>)ztcUtyNn)*}}po1ZekPnwv>rCkMd<;+fCl zwY9Zn7-z}BPI)#ZxVq&_?GktnZM?ZJhV#p>V%TU6IT~Q< z*5_2-tribDN5h^($!Cw6*7p&YTiYlQ#366=`wE-{DJEbtsq9)TF^T` zl`4E%966_{riKd$KeZD8_sKit*Nd>sEDK!>FLbs3+0|Ou;VnY_mWY%hAfE5E#ZJ?O z`3_Ie&9qFMO(J+tq}0`6B53C24JXRAlidj=;KnB)YZ`2;Ow!}MW z*pfDLLfb!CXH^Wsh^-eTsiE@g&ciyTW&hF-Jmwa&hKYhM-*Xg}SXz6Sg>&l)BJ&%< zTC%?DrUlCYpM{QtWRMgO4-c29w+~8{7emmQcv2S@78(m*dMAa25jyUycCGAi(NRKS zAA?4jytgcVJMKAdqt-X+hjq`P&ZYJ;uiqvA)ywtzR%%vfT+m|r?5&K&U2~AM^pECz z{fpg<@8-=p9xC~QM$?SVq(v+lRll$2hu;B}<=(;k8L zF){J^+zWSXd-e7Y?dj^j~?IdQX8SL%NiF}EN%c>|J^WiZy zR$w6OW&ubp2lA*d%tw6f`Wkjn0hLy@?r`unRu+6kDYR4(Yjn-9=+B2*P*hg!&b+<@ zSYhVuY=!oG7Ox|7vw|#sA18aT`qrD^!ol2u{HJ0CL6G)aR|(nwVkb02S^{G2ZW|2; zEFDC9RVi#u%`GWn9Z^JkAMP1jMdk*XNXe&33vu6Vo-eVG3;g7Ilk1tn{L9zyqH}X| z@7&iAaFtJ%yIoK)!>hp3taTUC!CQml*SC$)Q8a+a#l+!FQHacVH=FiVmKXER_4z-u zPs&BeDfL3~Ad&L%iYm9|l+E%uh6_>y`WY|n>W=3xK=<(JQU)wyH{BurGAU%Wtqk#{Mcq ztMSRz=`=FcRlkzk#3Mdlz@Y1WfQt3cnE@DzUr$pyuN_$AT3bQbhWXy@e0l}Gej~!fr|KG?*WP)Rl(h9#d8jsjFZjfRf^NZMC1>k=v(w}kim-b{ zR@V4Q@yBwB)@SjEfsBKb6WV;T%nZZf2L%K**YVjhrBy3NDeeery!|B~5XJG^AXhOTIz%t?tnMZJKPgQuGXADc zq3o7V_Na-Yy6msB(r_ebfKuU_6}4y#4HV1fUz(Tt9B0w zSAb%Qf={K%OZfyU)2S2;SB)|vzVb6~sMErY1oj6o?+K7xFd#I5`V#l(O3E{K?UPVa zpuVO@%V}t6bS)X08~$ zv4~aZUZbVtesbz+{(^BwJ9j^sd;V^I>gHg?OWM|)WZb=bm?_h<5zQNFntR-l+0ngU zD~*L7_Z`yx+uATv1Gx)xZN-I}N)8i+%s1Mm1WFH@P~Y7xFPLn3T!RY;$z*i&^r>He zi5*>{DmG}mg7DH-<5jV7E{Ok+mxiRcIYUxX#BWY^NhZmvC`Ga1LWsuE860=m8LHi} zz`M2LPaq9o;il!vEsD-B20%rE9EN&;sGO%!j*K9nW{XBkgK8X-QT=kNj075P_pE-Q zprS=%IR&h%WQm>xspJn}B4P}ts)r@EXv1aZ^H8L$P$PxtpEs?uZ}Sqe@JgwKM($Gz zO~CSMuiGsYb_hSdJRme2&4>LcOp5}|N8Zv#pERRx`F;#|?74)k+Dt}EnP4%K_BDp* z%w=`2#em(sb5HMY*T=&M8(R2}ytT=|ByYVjs~<1M%HJqo7u(eAFaBK9D8m#_gkYk| z5)WFZ-7aP$IV1poc*y6wTU1oy0RR)&o)zzZE))~4&pM9~4{a^I!O09gGeRO_Ki25m zG)UO(fioqaGXc=7-|Qd@(?EVO7~SUrbA8^`j`OJK@W z_%Jwb`&ypZN1>fC<>e>B-soR3EdtL*aJ=aQ0xowg&~`C0#PKxM%HHGj2(@X-DEb?N z$fel-2whYGa6E0Vd?U%Rb7y3fv7-sb+jA-(o!6WmAZKR&s-*%JtWi=6^4-g~*HV48 ztrk|0#vrMVA++NZZuprSZF|qZkGp9j~g2(WWA7fz{G+fNqlbaZrx$jZ{8>K7>}RQW1{@d2}FAx(qQYX9^bsNxcC z<>!DsK!k>cCl2HP(zk>96#pl9vKO$k9u)~VtvbK$4jJWufKIa`fS^;7w0p`@RN1by zyu!l5ko>Jh;+9PNaD0DceDvziD_3lCoWLn|Pnih8WvsD7T(5jrx^i7@`8D+@);5`4T151A8t$TL~b&Up+__q5-*gFRaC zL0U8I_h!44!h!eVXUYcpijoH7k0scD)S=kvhzBsT0{`0i(h`2!`g5oDM>n1=*1}L_ zh~zNgUt_t?I;_~He6%&xyW5s8K`sV=W|wnl`Az)wnHQL6fTRll$ltK zgF?hRKmW(IXlNyv4izX?o^8yw-ph=Ivg^&8Hy?E43twwX{38nx)dj7PXe2D4b+UZ5 zuCRl~ho8D5LHu0X)o&+T(4J<>9jQlv-iV0#7tF85-KWXJFhs{-j43 zO_83Qb+d=w7ynVjLNIt=7n_P%dUp1rp6(y`t^wwdx%d_S>Qt-C>h#>r%_E56gCxU? zC_np6bXD#Gh_0v|b^xKv^sEb(rt2nQ)NKu>a?9`1Z5u=YC@EKmmJ92wolPK_f=t~y zV@R>_$&2ir&r2>?i7vbb?(YtPWIRiEZJs*(zS7pzU?OFq*`-H+& zz7w;&{Brrw4#W}4ARNPeIZ;Ax?$si}3S?I@-ggv2(QKMGzF&}qPFEebc~d}1IW( zuDr{|m6Vy;>f(C*i?BTYUEIw#AQhscDMY5U+iAR7q4Loncbrq| zpn|buU!q_1i-(X;cJwFJi~RvD3L1ab3X50T&k4(SY>!xPY#vx6;46?m+*IGDf~s_q z&4)73GzbF^0NN3uVF{QIwBk-Sm%P7`a6CJA9t}vD;Q)xALb-$I7*_cZIyHCx>8)D` z-b~A#8iZEgAn6xKEc(x?Z$CLZw+e1we<#67fDsMv^w`3bK?PwR^V$_HAfLLfjD(r zr-LxyAf3<`|Js)WYs2Z8nTx7?d{D=y1*kO$XX0vepc>_->4x)|w$(ikxDA+7&gBFY zLxqux!*E5Bq#2~q2cUfxs(TA2fIjs?){GN%_^PUWFUPAf z7WExX;b+9A*jftfjst=0y1zdzrmV~a;dMChng8WFqoeQB*W^(z%+E*8n;C0L^pYwY zseXEiAtEC3k7FjXNvj9YGF)@BWe$WJxb6!bwJ|wq`_%Mco44^B3RKW^qZCuM$ zOp(j%{xw;{2coA?Xo`e}YE?TQyyN=`vNuuKq`m6o-%kYundth?kTICA50nW(f z18#$V3co}8!yk3|j#sA;SQ2#L2q?*D$_gVDtep?K&VPEvIHJX+7lVb^_{VrKayc~k zL#7P`qB(&?V9?`4Ep%3tB@S%J{q2szZ%>r4cnUOtPhGjQIFD0&avxCJq-RGyoNdO? zgG}uaY;7rZ1C$><$Wa%1{CpaI52iBK?k`e+v_s0my}$5wM90=on>YN4t)jCI=>r4_ z^x`^DDxUEb!(nLu7@(`v8OMpw7<^3}iv2*l{sO_QI!C2OBSceY>zCndn&yX_3F``! zy`L@((ZP>YB0#gpR%9Qe@?XqC=B6mni9`>L4wls=PomDTLj?xP$`?Rjh(d2Mp4LsJ zqt{+l!72f zg?0BNks^rj-oNLC@)ZTJtwd(*l_p~BKsB*EQhFJriZORgFF{ZRBqFiE&Zpi3!6QKD zX@iSD?r{qhF&PRfL=XUO;UJ;q-Bt^5#=yjTipgpTt zaERviYT`U~;%6p^pRKE-KK9-&k3+(Jij0uXP?mS#JhdmFmS*5ZS+$-zJpu8E^ok`= z&3qCP1b3GYNuk>F$SJ41xQMTi;t0%18obR+|M4Ja$rgzZqs#eTSTnJwCWb@0{bkKDrA0?q~BZ*5q2ZSXo1I7!D&M=zpa zC~RmBAgvHc@DhU6DBFzJ@myaI!uz53y#$whdgNm!U8P|A_kn?C32L|Vkb@KHcsqIE zn$4{rhm`a4)CH{DN!lHMP){~TwaS`U-0zkK&c8S(8*s&7&f#(1#0OVTQ-zNPUF!f# zuQ%;C8sDn*ggOaqeIzb~V7Z_nuo_H|mmM$+5u5gJ#`ZqJWue2>c6}ZvDj+4%kOkG7@$swCa$T87=|73wOSVh zvsSFDuI8kDu;w=N4>;|R7z5(~QLsVtX&R7SfC$7v{Ti;s0sgF)u=YURLmzE2gf<8i z3v$>gwRA+YNy{r^19j*1;QLp+9J#Kl%j%mxCv&v;j3~G*+M<-(Kb7due!c?-G((0YYp0 zoyF@VAKRAu6snUz|rpE|XtP%`5a7SMM4 zUZ&2cR{5F`NrmqyVZVFVQx{>3Z3}`pP`T1)wpAX`Lz874bFokmImD`8cU@OoF)ll%qUxpwI zsJYaG9pKeynaG-;%N_f+Z&37KoM&AlW2h(xEf*po;avcF_40uPe|0sm12kdOA*ZdU zedOon3!08!OG}Ln4Mggn?OIWGd-s1Q!dC&6acHKk-qU_}n;GVzyjUJz)51vv^WE7l ztZ|_aq{%O*iZ8?V!vo%77@gndmAJk%F!1SCuS&986NI@?VL{w>nwgkhJkTSd;M%i9 zLGR(=A;`G@hnHsYjmF*~$Q?!{Wz*;HIY>M)FEs!amGJ6Sf2g+4&Cfs7)THJvE3>e% z^d9mH({cE~l#BLHX`<Z1=~n8s-7vVh=nqVyCsMPUhL>M3o1Tl_9U#Vsa@0ZwM)c11A;VxuBy+NjZ?OcOF$W7Z!Sntee9a`Fy#sld3jHo_U+BDHK97DLE)4-Ty0>**kV&ce5lJ0u_m+%9aOvm;jgYPTTzKF7 zvl&Ou3DXe7a_Qxl=z#XH$#VJ%v3tgE6Go!O2I2R*e3j}PciH?t5OWxCUsd@op zlkA^U_~$20@c%hj>_il&L6=Wq2oF5lYEUpm60Sc+(*s8^DWf3R(B!^xvlUhs)3hM;=7;z-wD9w!4}bRf8c2I2se~vMM}rrFDju4Wvq1~5*}e5 zPTo1sWT>sHi}S9- zvfGun8=pT-8?D$Ra9hkWRz8ZlhL)B+^jya7dCvE_G0N4`AkJWUthdNz|L0O>;XlG9 zn8pbsqd`AEec8jlRvH(^_l7m!kovwxyvc+Fzu;3?`#yoW0*NvOb5YUCw{s_lpOXyP zB#M;to-0imHGfv4J>qPupb0VfrZ-Oi|4#9tHUS#;8)-cMk6GOLn>^)_jl`Cy0)k2= zR@TO5eHt}2%qWV*53QGy4%e6z=3bnts}DSTA|)C`l6#i;!=7%KUzGT_T)%4b1W)X+ z``9BQqLClZ{ylISf)_WNP{K6*V>tY8zIoj(cb@Uh84~=~8Te8!jfQK(3Hy%I|2vX5 z(wxeo=w8pM{8JcC2^T}UmWFg%BHjW`o$fq{$$A~XZxUa_;}4LMJl@)J@hue8^uVw- zm;uFY5F`GDx3#TSuE~FvFS+Dk6%l}>)a7I<}tX(^5}DstAZkNJ^Kalr%^wAfSYRG@>*pA>ECHNJuwGcgMT-oHOVB{WbHMc^+bO z-`BO)H??pTe*bp&7WX_sI2hKUBH)Oa+eq{)F&Vb`O;1)3^~+lFXztCqho*feE&)z+ zqMxei@S5<`p|2nXgMtE&m38D!G;jz1)vH%8Cl5#;tElYmE+}2RI&(ls!#0Ji#PRFD zREmA`|GzR=!XZ@Bx}wZ7GDx1Gqt9TV%68O3^Qc|-ix=px^y^$?7Ha^4ZuLGH=w0MI zsm$=!`shOK$t8w&wI*(0pflYR zATrq8GUB#ujqk|U8faD;7zw=m7P!J$*6a{sY(?PZeEniXC z?WEcN@7V|%m&0S?{TzOsD)aaN^Kqi&kH6H?G-!Cz;~YVQ%#YD_!?jXxhqk!V}vh14n}}Rf=N`AYI@qxYP4R0f=`!6(7?hX zCv3L`VzJRM2m(uEi0|AHHn!&*yD?H^aGyu#Cl;i#27@uE{@k9LS`_>L4#j{c++ir$ z!5=?-m^ACrs!G>zeB$~gzl=QXu!`mA{S%%*V6cn_fAc4K(`t7<)c3_NuzmP2yM;LK zi>#X0y`%Qs2Gz<&9Ia8~{EG?cJuS9dw{GeDu=jZrF2cnXbKDf;v+}dQe>$SpCi2+d`@gQL>MhO9eXi_R z@N&=Y!Cj9&&4>V(rOTkA4(EZV%Cf1q|9fev>{8cNul!p+%aI@EqrCCh)jROM^f$4z zhr)l@NHwP?%Xyp)IJ1MpWrj`Jle@(=pFgL5Rgj(iZ2Rob4w}kk++C#JVH6`P&v8HdpTC!KvrFJs+$Trbw7)#MN;WUhsw44hl<{lN-%>7tb!?t~l+VX;RTp8_#64JW*Gdk@1yGm3WOuczpMPii*N>WMHsvQ*QC? z_V;O6uK4)5LI9;XdhOFV7&XYko4mO4Dm^0u8x%eV&KqxtvlPQWH@GcDgB551+G=!~h7Sz`>GpD_?z2h?37ycZ_1ULU2SBo`D+G=K-Q=X^Qg=oG zbqFANi=_Y150)G~5jh2g8+w(SL4_&wplvm5fCxo323AQ)f=Mu4uG6M_MKOF5vJ=xS zw=wuK^R{C=_givk4K2v?8@qbmgye7_E8~6n_}~}#sdHUOmC<+YMFC0MK~RzU{>QUp9V zM6EihG}r|lMjpfegJ}Hc*AHN@^y2X=%l`T9FX6COx5q4Srsw6oySRXB+>sH=m5}MQ zz&U_g%l6=vQ&TpVMr$__BV}lVDxH$2r`YeITOFTpuTwgLulvHYFW1%`1dN;I-T_;V zK=!xjc{wTotd3iwjI<*5s0i31TMnlUJUm|``viF?aKSZ9C1!TBJ%V1_j@mk@eWKD~ z2N(@``5@N&dIA-Yo86QfMGB5qgaMbS@~~LlYj|a6YGusK(7*SbCnF_f2OGhISsjg! znsvl%mt7P&uOyBcvp_G%*aD8{w%`1^qDC9g+RT63e6nIw8y-tV$27xAhBp}a@wyi9 zMk+-yG`FHT0(mI6tzRAN|YbP7TTnm8Tp#~8Eh7hm7k-@ z-;MRSY3&nP8%_GZ=XKJisdtNZko{!D&37z<(z-N|?*;%vu?7QUCJPEeop^5Sbe;bu zAE6Eo;(21?tTV3s?*`9ZJjgGWvA2KUc?@V0{F6J(w@~@hq}r+@_0k<)+&ruX%h!X4 zs18Vbq`cQhOe);Uip=$f~^7Ig0ep2mv`~nORvhW98(e1x?FO*L@lazAHLV8pb42 zhJFNYgba?-xdatjKxUsjFZL$*{{1$4DkVU7;J%O|+zf>meED1!;ae|>1X1`W+#1_Q z2-IVU$Er59iSM!@h!`l|?UX$6_*rHAD@4Wl-2B*Uh5LJEC7*Mx2Rc9CztWx?SA9<&-Jq-I$s( z5fdM;`{kD?){b8k;`&(BXN@g3Rw49{R8*>eMf5H=*vv4Gw%Xyn!S-RtVa&{gic5T+ zbEg|;2d?qDsi4LS3Jr!pNlMJ)O&JfJPo3M=*16z-LP2`V@RKVWr!$iO)J~tC&F(OU zww~!3+Vg2t>WvngUM{D-FgE5APOGgIhmgdUfli>!3T0$vYr{T&&s*f@haY;Z#)~sk zO8#w^e@~>Gw>RC^R9z(Y$D9{UnQg*Cvr9`$%6b?s88{eCE_j}<6#EU{bH0)avJumnFpx^V_Gcn5Cz>Xeey zogb)soZkLD6chU?3|@A+u^P<8#7v>c@Nk7mzf!O>-SeHQM{Ac|@bs0$+`hc9@!15t zo=)-tGgZRp){)+SUj3oDxw-cMu$dgLm6w#37ph;;5nwjhU*2GTYDP;#6KJbl{NnUo z-0D!r!}%6n|7$Nq;}EBsjbP#gkZK_RI20Zpaz@W*FFQbW%bS_77%-SRa|qJTzqSsY!18!onm-flhu9R z73%}U2GwHH26CjTDY=}>+? zFz`oyvLnjT-Rli3CrIOVCnM(W(1@MM3ggu!lj+41O-+RvUp~lCPy*MsNv0GNh)hmT z>7XeyPSBsnsEzaao8%HYG#KdwIquBS}&T7r;b?7qvJ z_;?X;SM5x1)6aLiHTblWVP8|%P^ITs6`AP^o#1XJS- zA!T1$TXS1l&ld;o(E>R|MGPS2c6REy5$WZ*xjGVh$w`lXEr7}a0^9@O!aO@#kE+;2 zuh9%dMI&0}9{^;{0U2HoRvGg94M4z2IZSt=myAMOrNh_yl9CeGYoQ3o9}W}8Dt#nY zh!6n%N7eZ=RX34}t6FNf7!jxqhZ3HLf#8~lM9EpWVIDtZk__g%J0Pv=u^n>q^61`mbx(A3!lv$5nl7kGWhwO=KJ6g~A@Kc5dyu!$=j2$d zZZ4vup~=CmGzVqYojt!4fNwe48V{I>qNCJ1RT;ViqeIh`L=6>dyg?{IiTf%BJ-q?U zipUR_{?Qn zQWaoh`q<8H@T~&3j zBkOA1amv+{L|yV2^9m(gpu8+))&QxRoapyd0J2Nd2u`8#kNe&xoP;f9iBsajUaKrEV zc-B$$r}w|7RVebcg}694j!S#&pC$GQpFMjf;L%B>^Sm6zil(WlY3J||1tG7XI1dMm z$x7dp$?*VaE(@O5kyI_2DzA?e4#JhKoA?P*if z@F5T_NWlW@pPA2}&oT{a+@5G@DZYHkGhO>S68KI11~>Afqoc=lW`d^6JT6ukM_mAa3@Pa%KN=lxbczC_(S(-nV z!yL>~QUe9y@c9p&tl}{n6XkXqevYVb`Ep5AGXGuhg476-a^9k3e`&J#A!v4jg^+f$ z;4np4JD76MZ{>-p(%(n5mqCFyw>_vUtqFkhFYN3mRHXP51oVk6cH`xkh_P|k#=y3; zmhpB~wlpp9oK#_m= z5F5m53A(Bd{Dkc%@RRR0m`gQRrG-C8y0=d`AFyt4@oJ3?0o^!5C2*XMi2T;3o~d(1 zQzs?{GdsOSe+nU-WhI)=h-gXC&{+SG_WN#o3;Ha-e4HW}?i6s_y4&)n_pX$FjW;$n z_U>4N7v)cVJ`UBZ$E`naJMCF|?5(1x(n;VUkSkD*YBJZ5o%W5olry2xVgY|DDk_uS zpS#ZMx==wQ=Kk-UgWm~pdpie9^{e%E;m=ZDicHDCJi?bTAvL>Bz4wbs%JX0?m{GeR zBqt~5LDDHM1;BFjPz&5#&YdtgS|v4J?!d2o3byNJDk%(nhQMo|YqZ#4H%}g&XCWYI zf<78dgg>bLjF&%G2?$!Z{Vd=Du(HX=i)x{xjQWSbt0TJ7;UPv-lbwkXUf8Ib=cEYc zI(Hkgx7v6297AC-sy~}?r@CiT)`>n;_V0G7#jrEDVgp*{W&_qGz`CTgcu`jN3=VoC z*pJ3uif9#2Fj4(CdMhUT?leM(9Vwp+6irG^$I3R9=>dL`A2Cqw`LyT)sRFZg_u2yw8bJM zRH|{?EPc@=I~JF44-zvVG$2wW{ws8m_s@oE`A`Wp+mJfI^(cX=&H#_8;U@Purdd zT5RYbAy5#{HOT~klEv(I$={a&_HrfXCCvyEOH0n-Da{*SuO-{4q#i$hTw>nC506pd zgCurksSZXzy5{heeswrTkw(*<7*ppewD5=sf3>Q)F+jt-j_Ha10(#li)rHhHhTze2 zob70`7yq!llBu+xD)s!OYvEjeJ9*H<*+83+0{G|VHx_NciQrP+z?dL+X1pt`kH z{BcIOpfbC`@BdcOm)AzXi!Rc`f_}2!0k0=6? z!txRK@{F+YZA1TDf?Z8p1S10WhcHl53#R$hiklf$y4q@7>`kb?tL`I-l+{%Z$Is31rC~a+zyF_ ziylZv8H;I@t8HUD)9}Ix_YALoL-;X5^73wNh`Ghy3lKN{P4+nXp5Dv2rP$n|40U@v zm<0X7iM!lugq4(&D21SsbiOklPy6G4D&GcPR4lxaC7b zLr&Y%22FAV;lXLXXU}`#gK`rs&?&_k5fSNqecaRWaSe<7!zL6lv#q_$&E=xt(MMNS zR!$sta$F5Ds<^u4UN9~98!sso6h(dTRPW~`q z5CzKXmW#AaDkv{L(wkBZaND%|v@jOMXr8k~WgGw>e{D_swGCbbst&gqb`%a*c{ zsle^9kogE?Yb{Fe;}d;BmfRck=iI%%v$r>Tn)x}8_jT6dL%QdpF5AqzULwi(w(E~h zkDZ+3#r_Vo)jK;2NlF$qx!8dP)I{-yw7|m*82Xu(8rsV0=p^hx54d zR_rAlz}%S2XX0XGXP3e)5$GRNvJ|6Yo^#BRZ){&qcm0_m&mZ}tOv8?o8?=)_@Mwluw& z3?|Ul5@J?zNiGteviq4z#fHNe0mH+?Zwd`CIYb^>ISRlV`QcMVS`Q*|SIFj#?gu^R3%oJ^-4Kk?s9kOKk>0sK4FCqxN13tRb&};% z^PDP^V@!p&s(FOZo+Oe#gn^Cq6%+sOC;Dn^Tq-oVnN z*u$!q*WK{V*F6Xv?ob}tH0LNibO%Ckkm*g(3L6xEOe&Hb2?`e=`MMbN#sW(f#y<6~ z>?@#F9j|ZyUQAP$^ge0ai2gl1tN<4q&5FqI>Ty@jU&(i#TX~%!Imz*jVTFYYqCIa%* zmQUFaQvIFdF4Lc`3%5YD7zirHhb{q6X-Vd}->`#Gvdi_oW^zR@n@4Q~_F{FX0Sync zTs%(}MR?xlpWNKMwnEi6Czro`$vk7-*jjFhyJS^li^L4#%JZn065 zd82gc9e9rbhP9c`tE{GmR_v`r0%F75j~%v8+H1!v?}y)DXJ@zgQeCp~;Uh`n z!pTpa3)lHi7v|j`4LKH^-OXLuStU{uC(VBREq8m)*-sY-#@-~Fhq9jZl$7Bx9d`TJ zr$+a=fTUh7l(6FmryBfvjvG71`gPv$zaUFj_d1$#k1>g3oa(krqe^0mR3=26BL$b2 zm&5oOCl=;S@`e3f*8Whpgb;QNIsaw2cfnbtUms-L5|ZWTM;Y8R0^0V^&Xk(eOEp+S zzvVmPO*?GTIb|mK?2C@GQFP#W_enjTLQe@ycKzjiWbwP?gBGQ^9EW(!OEUw3x* z{Jn>c zgNXpy)Uv3QRNBpmz;BzXJx~((4gEEfMIiH#2YPk$OX&TC z85`H9Ei@<8JR*jFe{hc|dfd_V(c$a7`wZ_JkP6wy_lQVH&{Klgxy||Sd;0qXrg_~J z@$a&Wa{B1BskqlNIh*;qf+Cr9g*P3BpBUNa2K5y1TGCcx-E3p~suv+`bt8hNyy4dW z-AGmppkT;Qh1Ci^GHR&9Aa(jUqyqzOZ(;*cR(nKC&x+dI(GflgDSEyq>HNY@e=aF< zqk*X&>!Vh=UZLt}Gv%8dHX@a~t@%I7>J)g_%MBDX;|6Q?6N*NZ=`d;a^k9(_qPu^A ziNs35(*^CVswU(8IlrVUZ|&+l3(`0FJO0;rCG|3r|8Cr)dn#8iZ&7qoZ-33>yNh04 zm71yiK>0*JP2!hH-3uwe0!6A6 zH6M`AEpl0Q19YMGWIoS4yo3j+ep&n|_2_yUktRS4$9sFeHot>B673lc=#6JX!OgXX{R3; z4!0aADfux_U2a{c-vMVr?f!1a#Kc_^zq`W1EgP@*2WQOv#~j4O;?6###2NU6DqXsJ z+sz4Sl1^klEvB(&BQcCj>!0)QUm5k#tZr6T7Jhn;RYes0r+=yKfAV3Ppo|+?3EmOK zFbC@#a+>86p{Q|t*>NS;aQ9p=AoC^^^$MC6G1)&kTnOALVzo<2iX3cjZ~r9WMPSjN z`UW5lanA#y<6yHI(+&|ju>+-)HTDh9B9q6&1kdB2>K#f)8TOy z*sD@>sxvd26?wmcxECh%Fd4Z}b`x(Uu=`Do9uC8U)Lljze z;}23!2B8=QCT+NcA=C6dNRjayYGdsVa#|$~=>o|7fc%$I1%0Rwl$)0B8vZ zY)M&}%^xA`8bOlQ&Wtt9V(zerXWr+Z^mJYfeqg7PG(i_BFn9x6L+`M6vIn7ryez4K zahkN~37BY6;gN3&3sZUz#2M7sw%)~Qx;n|-%$3k&n)m|$9@|Kt`tt6gd>mF7POKqgAQf4BK<_mbI#G4kzu`_rg5R-RFB zo{|2PEcN@pM;iV03u0m-oA9Uv&R62LTe5H4qs~%EqRkGoth;8Cll2;Njii=e*{iA+ zYH_=jy1#gTd3li+>HZ-hAv|oSqyFd28}DlTuwIserh)Q zp|&O(?>3-PuJ;EobDa3M|7|JB|3;=OAS z_<4c=kZ*(=(Vyw${0C>0Sx&?2%Uic!4;Lz_!4qCCYM^1lh5b*rr7h5jS^x{eRS@VQ z@6sFnZTfSqiO!(9ZuzA7)DM|n4PAv0VcMP2@lDV)aRG$yEO$A-eouQewyH36hjjI4 zJ(Y0v_s5p1*9MyuvM}EOd4XX&!Q7%K(BTd?Ic!gTazI+(Aq+N5!;sd9)3Bz9kK^u> zl2_>ZlLcVSNS#l61c12>YQuWxW@g#9JF3g+NNE?16;^$<3?xFMsJgP<-CxN;_{HO? zDwkcB{nv}%2ET9RMVsdoh#e-y7`|>892)-UX=q_#A-q)crLTK~6(~ReNYVd$IKZbZDItlE z_JEZiE9=X}@ZDz8iwqf=-bIAU5EeF0-VdtC2$fF@mBof(Um#5YIibN3JIv(#{)#A= zeCC=^o9~L#DRATRz7c3OP!NE9j&@&?Gkpq6zGum>f7(0a*VHp)U^1>ms6XeqBJyhb zAn^zJSMA}m+N{O1B9jh0Ug1Bl4rvOqv~z8Dol03qFMv%v6xq$r$Or&r^LEP(sKlez?<_V> zup_vO(i;(UW0gwttyVA#!S@OQp34JLNtXj*U%A*5@h!0mq zr-woP%S<*1*gMPApcVUQdn&kDwn%3j2B=z(BRnI%=Mlr)@!=6ZKzN^=h4(vM&G@mu ze+!Y1J4YlN_P<9*9mtNM-G+LUv^wnuI(pb-KPu{l!tV;3;dg>~Fppg9^-#1v5(q?= z#luq3OF+xY$_jp)3g^dUr*8%tq~+yB>rYI$`Yye+-o31wGpJYoF7}t1Y! z19aL$P83PR4>2*QO$&TLSa*9>p z(TQT&jXyi8J#}N}tZzvjm$?)Bmiy!CGH?HKEOFm8*i2iz?&Kr=Uvx}% zf$6O55!c3PgJRTRq_!6qgWuvD={poz;p%tY1~d<4P;6vY_zV&kRteQl%ojYtrp5%x zgHDW6CV#t!SEoj+6qhLZDnGvRo2+uBN6c;=VSvQPadn!sySp1;p62_E4xkl>^>Z3h zbQPbP$ktW#oci@M0hN2V$e?KWLsz=C-wEU!vYuredFzbJIU# zyB@2alyHZgyKe^>bi7|3A4W;i)dkL}&8xv3bVeWE5ybj;c|;f51y-w9?ySYKIV9blnf9dBWxfUzTxVERLo@~sOabj zR7WTYdj2~l0_Z0VmKfdc^^#O~%)aTLR@#jcNEPS=zd1j8KyOv0&j-&VlGX!@hv<=0 z^Y|gHg3HD^V?46(9=g`sIzCZdoJ?I043*w3n9!5cRKdUZ_wUaBzCyu3wg~{HJZoG> zNO7T7fo`~w-*g0!>$R^BNv?di2Rgc_!RDEM6DOCeYiDoI437|GJ*^#W&Fv!<(}$0M zO6bupY(EpuM-pM3VUFJChm?+>R1&cp_s_A0aU%f6v0nSn1L-fye%Nq#JkXj7`({e9to7)5 zxdpv1ptk@w?wl<+^s|?pm23@?d%=A;K&2|iHMT2r?vKER}i z)2da$ObIb04GUOv6`|;cSC->lKNC;6AXkJItE7L^`%!%mCwoP${l ziOS9QU|#xCu%P!RQeWT@vfYAAD?_SbIbUTfu6<)6Jt15h^KboUQ3< z6a@U>q;Fki)X6~Z7xs6bVs30s?kOG1EnJNDe4QPzX~$Yhr*@iIo>Nn_Ibn}#~( zi*f-vv*=9?Z;}fgt-`0|y+nl&uAgrIP(i#8N@^lv3XXVH135HY3f{J8;}+TnKe&iX zal#`=Y(~d*RoDRs3S}bN6z~=I<;Psf=4${MwZVo zk1-)nOWT#el1j;uCZUFFUm_5q$-`|uIW;xAwZ#!%31ceqy}DmR;GA$-v+dVdUl;e?he@FV zmx8CYQ$5RUxg40T$=cUwC@5DZHP3GyoS&OZr5iO|k@Sxa4Ykx?VwQT1s)Cg@3y3%y z14v6LHT$e$bPbrEH z>EZ;FiPQNJ?_0ZC@3vc2k&G%9zte11H>_VX3?-%Obf?+2YBdd#^nd#|L@4O<-xVTh zeqVss+^}l7A|fee;7QJhJaCOxr3$Gh$N$ovxklW^#jW)@#G(FY{X~1zzr2tagOHX$ z>1(}fpI=|C0;n=Eq8KOT9zVV#Jv1dy zb;0BgU*KSMDa@EvQC3N*vTc1lOg$?Do)o0cLXwXH9$kj2TXoK_lwsLN~%v*j4GQ9Z_YYu z0uRdfSt=B08#E#+s!%OK&wu~c7ZPSFkS7_E6fGHevbczasa+w zDBocuXgE$5R-NF*Av0uP2z&ch5l~<_h9T`e3@PWS{76dYb!;E|PyjgUi`NI}43dt) zUu*7z2B>MtIU_3{PF!3Vd%}!cl%%zlzFsj3-Nd;DRlVn-bF0s&*9j5%TR8VtX{pkc z6N-@K8)7bG=nn3y(*^<@BUnzXVFsb9qTUj0YJ~2s@=C0gnLc>O(cn^&dB|1F7nl?6N(6+y4Bvj_kw-9VE(60hvs+Py@ z1@%)64df>d?pKq=Z|WqGXplXm^TUFkLnSHVt6D0PfB+&9G>5w$kgpt2UXFiu@?8jV> z7LC+7P2Rb5vHo32Y&CP%Pbkvm*FDH`^triQy|<*?6Rj~Eck(P4w?I+XiPKeqlUH9) zp^TOH*$l_Cej4kv`Ep%DiQJRIio@s%H2IkODK@w32A*)gTdL{<;SX|Igz#yT>kO%U zm9(TJ&+L>IMu%6CoNMCMvR&qEc1z>{`>5Zw5!)|Ft~#v$R-E zxYt1Eik|6LR^6B5_3BMTuBhC}wJJ*0BJYR)U76Dz^(VgJw28!B-ci%eE~u81?XIox z?yuYHR~mY}6}#cR_&FhAH=S_6)ho)9c$kGKiIdj{HIFMgF$M)OOX0XgW7QI@pZ<5G zF@+#w&{Lh1TW$EoCfgVvEQ@!_&oOT7T`2rlba#g{3rKAM(lE`Dk!^@KibQ*u3CjuQ62r@sA@)%oM zhSp!6W&Ou^*ZSkd55_>+XY1C#zy8<$^9w^+ll@a($&0*ZS#EQjJuFF&Q1s+tv}X4t6BQLpB55s-q+sPU_I|dxSW`2y z*FKHivknV>hpAa5A6YbiTf1AL(By{J(jyt&J5s?a;aGcL79VnSxcfXA~ zulDQs>Q{MfBkLb|5xk>I$zCnmlbG?{ABBCo^2CCVG`W`l~RWGjMO_?N6#^AV+16)uvHNVXDsR4BdHDwx zdNZegTpo$16<1bh2>eH>agprg;Ul>>3QaN^)C5W0vd4H#89(u26wJeT=2L;hyZW#BhM&FBJygdEaDf`C}|i2du-Ho_ilk)G=8FJGDu`{++jPgx{*@$aa# z0OSXj4*B(woX29{Ne(qa%Dh#&`uf`Wr5t3yJcpPCxdw=DKc0I7R0kZ<>|wGt^4D;4 z69GEZ*xo*%9?S|SVKD>0f7={*re2+sHMcaQFU${du1Vdu+`}vO(0<%fj&*jq}Ty|kS2LCA? z529iXRW7t~He+($-Q`Z}W%E-_?D)J#RC#)*KK5LZ?l;6wC}QUfBne}J%@^yDo?8_v z69h9+(prlau0ae}c%JK*(_gR5f894?+?c2%g$0dero;Cl?87`s45p1N+PV(u%@&xb zVp8MZWweAeWovT(zUllSI@+IC%1#zWg2KM2FszP%%X1<|M*ck?_ym9eAtoaW%hxWR zO}_RCzq&M79A$g=)Wc|5oBG^r3iIl|AHhn08tG|KSy`+g3HAcq%=8nLZzENZK1n`4 zjz?PfQH)aX#cwG_P`%X>Uair*%W~&RRQ_$O^0=yo^-QHdCr{!br@JL;z<~Y>4QWbz z^Y+=f^jth%cA*eq^y+T1kkz~wVSI>hti=%_M)i$M^Lq9~%wF=yXW<`s0O3Cdb3Z+! z7BL}fmX$?*&JY{W^7#}u$-n?SObQW=`L4>DZ{IRp@t>_GW{g`8T2(I1m>VIhZh2o}Jn z@4LV3=#I;WsDo%5jG{c6FF&zE+mz#3SZ||294FEML(Ho9=<&+j9G}Sr$mSKI7$l6X zUNGh8!L-HF4vE5YcvJ#J(0~MUau5XmtC!iFZCzcSBM?VN1j0i8{~7etvF_-QRa@W6 z3e6#@w*5Y+seyf~)xi9tw9?yVCIfQ3TX(}8yRB;ZZw5Qaa7`~IutexR!efCeVIb^| z8rlPTN*hftPqbg}h5yD~x)_i?jbt6r)sD^EON@_xuc)C%tdk-2&M4;L-A~iF2`Q-Q zd6|La`J*C30S_8M-jRr{2w6xkrz%K6!7Jo^^I9s>)24s?y;NCHy?SVXc9W-;C71f) zu$q}AghQ~M7R2xE=@R;yi;GVp_ad0u|Eyg=XWd2hA!YlCpm!^l_vPU=7>~NMpZ|0u zE;6VK{9)M-a1Nbl2_d{Ep}^1{<|{shH?k!FEi_NXeREuM*`vAj;mO&$Lw1g`f4am|Ti>}rcs9~`wh zGt37nMjvQoCBC&EKYrYG8D2Y;WA4VkXLFI;^F+T`F7VAKwO7l$(KZ)|r0>^G)k(g} z!yhm53?uU>FNq$zsUQBn8jfKRdi$un^Qxdz?^FJ|1l@hlASdjlc_9Qb@f-}xAMZ!K zx=ux&Hi&eX=X5GIl%B+XlX^)J9{lgNMIb0W+auR+f@*ZG#m{7POX9cfc&D2a@CUHR zG_`#GE`;<$-1d3$gy~i7i#f`Idg8zdrvwVA2yV;aGXeR8Nc*I2 zCUx;7sWl!PKCzcSV`=4|K05J8)eBsCEneHtStAF7(+Q8Trt^)ry&%#Bb9wG+4$4oh>$FKLQW+SvQ{$q{7r#|-M=y| zW8;ca8VlNd=9<{{{7Dk=o`t6H7PP2ID~N$`CH!9I-Ct!Unj19v92;GBA!35p#U!}D zxVEk2+wxDt{9X6-;k$S6{cS!kopW_P%--*5f}|L#1H)?bQ>-e*9MCHy@RNX}OiwA|uwL4Ps@9m&1+oJUofGyzz9zbD=Q^WJCt zGtMsxVupuxNF$&;iG;Y5^Ig4A@WYV2PiEh6_|n>w#TinU_I5;~LS-cr>yc>||FJ|< zNv07-RXWTbosol?Bpn=>G&D(8b`~M2@9P9#F5diRYt`8cK54pQqk3t`-Gn1vdjE9b zu0T+ooO=Wm08zxp5683KW<@JDl$2|PLhzg%rnHuT>S~N}NN*e4iCNwJqrFxIIfZia z9#k7Ot{ox2q|k^8nrnSeNl-6l-t_SLzc1p0(#dd;mp+OO_*z2?CN82&W*o?&dh%2& zBp?7xqucK@SQVj1<`Lg(49puKl|B!Pz*2&48Sr5aLfLHuwG;|C;|n$JBTWw4{AsL` zA{2D03@$D%$QqpphPw>(Vs3$zU!n4CDj1lMjq6J+2+sJlzhGioy4JCcKmfWdda@#z zIC_56^97o$en#Ef=}?cU%_AXZ2+`(GWxXkY49EinPC(#JkX+>!)jdxhosB9Nv1 z_^N_}fSfH#D0x9gpx63E>D?`6zQuxSZf*`D_~zgI^|DYukob!7SK1qI0!)PC-u7+y z7^8LT0SOZK+N1KVuYaJTtl*?h?BaR|{k=-aia!ajd)=`&5_;OQLXYP*=K_L)Jdkl1 zdP;lWXA9C)TDG<_4=FRQyCn+&N1eU zje%W(B!d57H+%+yF9w)IUDo*y&)_HgB=Q;+@uIKx^phl%2+hJ2XK&aL7`EdGOEV_x_wKC1b{$@D3pTuAoZtDQ6-?p(ZM0I zzORo;+#~D{_6+=;9w&+uBLv*1y?a033y*0lU)Sa~H|B{}h)S(%-GdFKd8i|5c5W*K zJ{iZoJy^=#0^FDd0zN!?5xSQZWfNadl)J&)IOn;|2e28WC-!+aK=n*%Sp%bFAne=S zbRaMF3W3BhCeTyp^HBm!yE>S~nWLKa9)u^_+%uh>Shb$JB!Fon?GVsb=yG`Q0yL&? zKXQOsLNV{9RI(@vnS$}Z1S1o;dJy;kRnK14)c|g+1Sd7pDO~l65)yB*;hrw1p**ko zncg#11c*_4Qu+Gq>R64|X|2~v58eI4O+7nL8vl`%+`yP`dUFm? zh@zGj1q4kF6d8C$&aB#YP$6nYU(*1Kx(Tr1$Ng!>%N1S><67b$HrvZNF8Zdq7l2kPP0hO1PL@oPPm zlyBge2S))vX*+I&);=Xq>&D+#2!t=B^mY&T0MIN4xF}HeyT9(vWLom?*29GQPKl7Q z5z;TXxVVt3BlL@ixvoWkCcUw=(xpz+Ynf5M)&m6uDWXn$WY07;krh1W#|FD=!^&)& zoPdau73x)ng!dr4kN!ThdiI*b^KgxPYq~D7tn5xU?%@=efWi#6R|glYxU;rNk|b69 zLOEa&#&#Ke(*DFiBxLQoaqgoC26T0pfE3qqUu37^z!IFgyytj7AHDum{QHMw02kH} zg8pSs_U_Tqjn$D78)vZ0yb^sq8??eKB#w7%Kh>Hr;}gX|!tpj7BvETntL1a~bfYqM zkqtuo=en}aKix6E1>yg!PC}5oGS~fO|9_Y`wE{XIsb;s23HmM#b{e+*K>q6D8u2ay z!6eZ6a;7>Md+~prx>Y3Ii4ik|8%Pn%AmgJ)(cmEjo(ZI$#v4IzKizg<*5TlKD z<+aX7?!p%kbvh6L8$9!o9$35}uYYH?$>(vR82#;)-ne_zC(J@niFZA1@cC*zNXM{z zsl7ZO>6Q_k>V_b<_GB02z9d0UU+TR?Q~Hn>5q7nMa=-HOU2iYmph#DDpjtd7kl;v3 zUx8sI3S6y1J(*cq8tb0Odb-Bxsj!GJq6AlG_{JZ14!T%fwg*XpDr9&4UK;q$duysH zvOzVBrUe*2TmAY*gdeC!=_V@)fpH4EScV!&u;Px@+Y&;?3=uUkgyQ-s7DeaNBfuRf z1Cr~>$>|p@IlNCz36Ui9SWJt@?ndI60~Dw|P*V&2`V|wjjS-sp+AZzvT71tTQVo+c zubV~vJCC)%>s2^%%_6?VG}?tM`3z)KrLLv4O74oePH7XRGgH@ zKZh;z)k|AjZf&pUxc@X^6@td5#jOQ6rA3`j)Wkg;jW&F#h-Rbw5q`DayU1Ml@}iIL z-xp0N5?WAt5~L1Y693mw7{xC59hvmaeY zPf|iWbkP3F6*=v~4bvv&TF*nI3Akyze4YLMZu37f3Fq=fu z-ZE}hRZH;cYc>-kknx8MFsKZ=^97>+*jj@%8mmZ^WvAP)vk^^QI}J=p!opG~zzL)l&0 z-9jaMdji%sFa;S8=kShocZWqqy@AmLXj{kQ5fzuMNpcB#_HBx>@=a}|{aaa&7E%f_ zz!pPB;fz$PLRloDG5D1w($rEUth1>fofb7y@lw&m1eG-_wazmurCb>H9SA%oWaKAA zdSI3p-)AC!(~&e0=I`FkkK{B+>&``+AZMBkiWoT>hoECjZhWB^bHssvdB1A1!ee>;0S(z?30rcX~^bU5hk_Bc!^ zxG_Lv^$VasS-*-4e1~vfaNA;{$;mC6nX?KEFoMSnnOJYBmil5E^{*hNWU>f7GJ6qO z26o@?{cgF`>+WZugL<1yp4zMO=us=c*D=Yg0~&x|95^|LfH%h~NfC1DYsDwkA+Yz@ zce}*+*R74QA8N~HFCnrC-a;@HmB+cme|NK=2mwJs$#)wx&J|yX+LM#^mzr+y!UTi` z&dCn7hKqM;cOB3ZdKA2DY2nKU0=*5TV6zLGHxST@+yYH$B`5p*twk;1B{d&X3`(Fy z19}u_6l4?#k{FMV$AMQAz!qjME@Ik|;uf%R%0Z)(S!@a#Bcp>L*qq}v&E}4lg^#wT zyME$)2NgMR7RWGS@K)Cz?;~edI6zCBrfBF+E(P%L@O%2>>p5)4cIE)+K~))o)B}v) zPc={w3!IOGa;p*_jCWticXfBS!n72Vn20^JH+&3f5YXq*k)ObiYzGA)#>R9heP~n~ z(e2nTY@DW-NyDAD?rwmHGb8Q)W9lr!s@&IZKa~(c0g-M60qJf5K}uRAq)STa?v@4- z0RfRv=@2QUyQLANyStln&-I>juJ_wsdu_Lq$@Bc<9%KAQIB4|UkT*uMB2m#%;l}$} z(C#MaGb;~_vy@-F!1F#|G($Z(mw;X~@C6{9YC$@zQl{Oxb3_Y3F)(FvZ? zx#Zd&faJL26Wc}a2itMdG{P?rU0s__S=3Q*KWL_FB1G|$rOfX}5e4wsmcvKz4|I39QP@_on(820B zQY$dtGbq;lQECYePWE4S$RiRY1gWg#pVuT^xv4Ld+v z8DPyR9Cmvzfn)El@xuSpC-YIKmG*D*`==-Secr7nuo#jusTY|Q>hFH3vfX_#!N4~I zd0du5G(I2(Aw|>)v~WrPZpCB)G7lH4Hn1uo>Lc?K-k2axw6Gm457~)_ zY%~A#qIRCxwuS+Di`?4(rBeOUH0CW^awQp7b!d%uKB}Es@+q{%aw9eQ4M$8RIP0 zWOgj8kk;_H1!v!I4qyIb7e9qKwPk|)Oc1#NV25D@)nw&yeKeCsxPp$^w=CmxSRpy+ zNIN=Y`OlWOHLDC`hkgQIdUj#=E2INjA&bD_x}scaIZO)IQ;6)piz&8?beaRX7{F=) zBqd9}jL~m6U#~fWmmWKT?JD@>gnwh|Hw7%+v7*UHk39Rb;?-MHN@&3S8VuFl!oPfQ z22FeX%gf{2d3wHxK#mytgMV1;6P8*HN|_j0?#_MZzgVVn-JKJF-RFl(FYCqb^1U4N z#{7-9t`dsm*>hRWY#i zz?%gnyMKl|dm(*f+!lQc0f&~)iJIHvMN}IU3uIidlBEMd(x&zt8=_+OV!BEbxr!}M zqha|%32tgYe*15Fbc#7wR@O4o(h!5D-SsdRZ+3nF``A5bdLW2Uy1rr>L?8>}peZSW zjE^!r!5f<=z1Xg2!tG>pqyQXTs0f`(*J5?__myB$ZX;)U{P?MM>!swk=$m~bgJxro z+4z(S_w}k>dx%A0qXZ)n=^b(g_h{Y91BcIoheTTwwQB3`7SM;QL`4rRNSx@naQN|) zCcNrtX=b$0&n7{R97go_OFKFNV10SkopSoOVEuU_%n z8c>;jLe^tP{VmW2w#_Xd8a%9Gh3iriu_!R4f(q)a?{lfM zUS41!K}`?=er8}my*2SWQkK)1<#**&02s{G3$#!?JUn8if&UXdoTq`rc(b$P`uX|E zlY(bbo}tb~*yHFUhws7q2-W1bjnaoOm}$(4#6*i2Alf)u5%*8LkADZtH0giI`wL3}E;jwAuxd$*3`96!KGlqfNE zTuQC2!T{j;*yJMn8TcYZ^L3htQMab6SmI4r6Q*aHrx%j%5UD74}pD znbo&@E7z1XZ4oVdYH#2qgQBLU1~{@NAlif&Hja#AQFTs!fep)evo)1gPajS!4$ExK z6Q|)OdM;ZRL7ICl8V^Sxa5%M3$ZSgY5GJ6sm2)4SNx2Jtd2;VpWI6*T)8BmK2r7I@ z4!5;+GJ`*73Y>Q(!f2sE8n|MZW79+U@KISzkrk8S8u@x%?F&;7I)8 zzx^d-e-1qDkO*4Qdi^k0&^)QtXBqW=Dg1YNe+v_cn*v*m40i|E42+pR%~W~qziZ!~ z6=!XOR4(i_2w!0T8cq2JIoYexU{wGy3S4;zgST(}oyhp)9Bp2kyoDsXw~@)_>MU!& zt~wgD=Yngq0lpA+n+9>y>`062;TN-~1m6=}W#@fB36i$0C3zjdt3E`#7K0HlXz`dh0mcZDI^_Tlt)bft2j_SUD_R_7`zkH(LhZ5Q@2S5g)iB0J72jmnFf{z0C`jqp-$W>P z*XV+JNJ#KGzA16e?B^6-R_DG3_9q0K4bt!uy`Y{q#tK~0I16NcJUhHHF~atRV@v;C zG${+0Ol4FQYh}VMTS3tAZdVMEV5`Y7eDLlSlw$+I&NQkmDpi@rXY~Uy zQ>jB5Bg_)J10N_1$}qT`zo3B3g0T)0*qYkqhvdW|xeT6yyBR_-{CYj+1N?7JU7OXF zHO{R;ATGUL5;AXBZXH#7YL#gO$AQGryOSOV&wvJ+WAQkw5zu@Hj5&Ysy>iy=N}kEc zemxj$!=YktyHBrlkL$;6V|ZM_JH?p_qz(qI?FW$V(}#3lT$u+>M{JqD*h-w&Xvgo= zAz9v8gHZx26%LJ)gAQZ5)<{)-vqZl@I5wMh=TF4#?=+w!zNXS*#d=lMBnLLvx!=@V zAz;jviX_o4@MOyFvCU%`(;jc1Fr=H1q7rSDk^c${=iv8`aGxK$y}58se4nO7K9)`? z<}5iV2n}cppNcuklXh!F7+4>hM!h~{lf}qlV`j|f^@6tX51o;QP@?z3#hBeo%U`87 zXGhumZ4!q=e0M3hen^@MqAM!8OPhkDeY<>ba1NrPp#ka6uVcKmRceV?w6vNn6EZct zyy})?073|@%+3{8N}p65I71?`aWOv7siLp_+?DoVnb`Oi{;$=tPvs%HnRt`&*UUg& zD{i}zSk@)tJSdLQK>~#Dwf_tx3@PgiT(}gfFfcIpeb6M`c@VApR7M%s;d5+kWbpB} zT8cgHY4fZt0^_Ft^1_0ch6WYSE0gT3tX^{HBkhtGGTg&wc-(c2&zo)9qHp)w7g4s0UfxP~7 znpO=FZxT;yb1f|hro@Smbb(}Uwt7{-uJzY)xHhN!kxTL$Dl|9%ew z55Gujh$Q)Ik}MDH@&C^1)sR2hVtfGG{Sa5-o)6npgb3Z%#jgyz*-wlD` zc>4P58kv9A8uN_INAuD#wG0-^pQ1o%$%XYJU#mthT-CU z7Q`olnE`fQ-kkC~fZ1bUb}4H#Edh?F-gSzMc}8A@KHZ4GuDFn7;Ji0CZ{wDy^>nq~ zR|f&|sFx@q#i5~%UCWEBH`tVLPP^#waSSE`WnC}V9?i|qy-!T^OXV#L29q~XV=%L7 zd&D*;nB9ZAWNp zsWaAyYO0C)b--sbHI0IgzT|1qN@Ofx5<~k)ODe!;(sPnQ@(`HQ|E&)gfq5&K^ZGE?WHl?oVfS z9;bnUfltMuZS%5swOB)|EziW61kQ|%PO(K1wk{3-p8loVddSqtmiJ>Q9F0_Elckpm_o?@ z!6tiouf(0(;k!!WY*8j~hKUFV+==URP53<{E z+(buC#DNE7`bXRM-q*Id!*H`5*K_pHMenlv^YeB`L$bmi2Z*i_Yur~XK$h?P0V8OOZ$uNB|9H6-!kg2wdkQopGBULOU0v%{zc8*l zJ=7B^$8@MR+$T_l+-hc)AebrT)LD;rC)qGv(I0e31~Y+?2bG)5d42c6ipFv5bu zpmWQzu=i!kzOqnk=x79Yyx*|4>8tHfeG^iZnCA%j6e!WM>*e37p`}bla`P` zp`)XdVRBI+rlJZ4YxT>uNc;j;R#wxV8@|q)V;aMn#auxy*F4`jYFdr+`!q+=C2o=P zpLl%L^#R1l%&4{qQH+ToQZm2@lM1~_N1SaG8cNz7lFTHIl~$F>S^0*MCS8*P))G6W zJYq>tBg_Z57^&zGh;8Hm#c#oai`{MP4kSP37E7{R&sH9UVPeJLQbj``tD&gsh;y~9 zv@CJ*HUwbIhbx^53bor8=a&DhzyHX<4m(&*Lvh7@2%{k_4oJQ6-8(ukRqrmRUt;DJ z#j7udO~YYf=k$WE0t=3}Pu0}ob~*HErF|#giEC>o@1E-?92KzzqKqw@m@&~Ry&)rm zdEm@GTOAUTNh#{-3t(HgdrnU7OxKweo3Aco76!ln(z$9=o16E@%_WN4i6P7%ns4S^ zQky!0g)QlShD*7+$UAYR32qDVFdX~R^YXL{v@EjUgiKr~F;$9J zY5c^WAX=!b?ITW&OFVEf@l6uBaEe{fO3v9uLhhvA`$Gu-f)Lk#N%XmR= zuD{ZO!F~dEb6eZ(l<7*!0A{|6!J_YRYOkLJ&H2d$0BG(NgI-MBceOubq#4e5vjkT$ zhuO!G9sQ!$CJ|JsnTk!jsy_4kMYZBSL`0zGoPdNpwD_Wq=w~+e)A?_j5@%mwd+AETB3PH})8sUlW z@l|`#tk!}>@5vQb8ZIxhtv@c*r64t& z_`W96Eh~s_!1m2$N<{C)`O_dzPcN@eVl4&Q$&KyJ-xMWFN`D#|HPh13QZq9CeCL&A zF^wqs`4jivJw1`DWMjyG8!(l$^NK(iio16bVV^a?iO+$Kczr(@nVN3kN)!OPH zefKg5obAJ7o8xLxs}CMDMAD+1ZjlVn&L|7?)Vl6gKV9!D&~{lG{j+IR18V7+fC~T3 z$d8(=f$o)9oO^Vf^tf7ho%rm3WC$t*SB(OK(B(sC19n3DwSt0DS$J%V1F+%j8Y+en zNOwX=eTmhvU8b<;_5HCz0>j0YqF(b_8Z$o2fz9QI#KaDAEHe7f=QzHV@9N`%Q;TrK z{cq;6xV)a(=qx9~&MX9C)ZqpswlRyw(;6fa=i#^+hALGw_Tbc0WN(jD1jF{2vgXq~ z4C>hJ_-G*=js66|-8nuz(ni+c=QsRUatbl< zu)Ib~u`f|uGfhszFNPIJa*$=rIU;9G(3bf6UW|=V=Rr@h!j!fY44YvG zPLiOJJk7axR#;8Ljl6?cw#j%A=xk?)J1vo#x6r-AY0Oga;CZxRlNaRkwya+v*0qZs zm-Jde!|_YN2mY#l{HYO($36;Q9SMfIbid@wMzI((wdUJ3Fdx6|9PV9F9t#^78Uya0dqWzb>?^3p&xIfQR zOR*NX)J0FTa+{V@P-xhq82`jiY~+46uAZqt;c@&lIEq5WC(}{ZNoC`%96w)JMjupV zMUV&)`qtO)uK(4?rB7EP1Ti^!8s|Z-a7YD`cN9&bpQHVe9IS1f`T|fu9$4#l0~Gyw zs`KNG5BxdWz>5K}=z!idCjYXSGLXbR6qyT9sW;|1KIc}zFc zF?HdeJEh2i$1EDO;Gh{OX8xI8F{aLP8s}Sg1<$BQ;1Cv13LlBlUn@VIi{m>lR6p3Q zj}Zuaogiw?1;3W%Jcd^miudk{0taFf>Q7tz1EZ6QGAopfO$8v!Q2rAFesBDzL8G^JuS>)t!y5!13 zu+3(=S{&NgfZJ`@a(pczns5Wo7Sg8b=+(l)@4v)j8po<5>reo};3_EU%ju(g#CW=~I&taJxac6Bm%9cat*hj#BG( zS7yDSXyPsnjWJwbo4q5TVx5RffP$3#4r>Ay09Sz(GdInZr2_n7QS7a@VL77Np%D`I zvoq*Zcxq7Z;mMF{05CZuVP^e1B}D8rYc22c+Gqv?y8@8UEyvTIp(2Vs>|A_AD;EEW zx^RF3i~Nc8zvwtJ^Q1%CJ7}}A>yTD_$ocRl#FLRx?`TnG31m3f%IYp8D!~)dI5-&a zuO<_&t8saMLw@<@VZjkb^M6OFhvlk4H-if98hZH;^@&@J(pi24|L8>~?CpQ5c$!|A?$=v)MTMlbRoLh~kZXUG@DR!Q<-NQh z1KVaOG)CYP5Y8RS+37E>!H)98#V5j&Rr+0U zNx>ZyUcAua=Wr`-jY#$d8ZmeF2A#s`9VjT_cR0hx#KMXJqlkwK?Ka)o<`B{K`H_dI zkvteKKwWK#5%rOFRwo4K6SBjyc)zr?Y@Uw( ziVz0deRrAE3;d!At@k5-ziiP|b+YpZqObROIf~DP9R{d(;^4Rgqx|fH2T@9plFipC zLoauxz}ISq#bS3nN*7rb0Ky$I^1M*IaAZDG_@q|1JYT962l%K)v_N5#v_B1Vcj4oE zkf;ncsvx;1@)_RHLJCGLF-1je_>o#7$bl@W`P=<&DR)^?#0^?DHk?~HTM3Cvse?Y@ zo__&@%i;U-(?6uIPrqWjzTxs53@q?<-kJE#B4WC-wl?Q8?R|?V;RX*Y}L zCW_38Q>TWdj5!=RgC~W54)vY(Oj+Zue23+`9Wt&uz!R5T2vIHdB}*RTVqX zKm=_M0R6tW5vfh?XDb~_Q9wf|9G+)yhKybGZvWE}5-2-IxrtgNim zLuJdP`$03*lcg0D44PZN^@7q8!Wp$jf0DJC{O4y=ggHpT(zP10b?l>WU>%5B0h zR%#V2R8dI7K#c%PbZMDWAKbp~Pzv4wucDX=zM#uiSa9L-C+dNLF&{9o8aHQiK!YX+ zJDx{TIHMt{vWgZA;OCt)~JRl(iB?Jp)d=;gJy9v_i z%Fg|48H(Y6Dh4_2!Zf@#nOn6P#{i71+&0 zi`p&DNxFJ?JYeFw4?7rOKg8fl9ziUC3DW~u?l#BDq~+xu!|f_mRf4gdDR$1Og26TD zQ0;Y&4s*!&v9Tz~f>^jHr8P($XrcRR?@4M#R#X(7BIMH4HckfiWoa21c5vq3z_>$;Y##-_dP6{P zdr0g{4+xy0m@RwTI@R2Q|5q^RJOr`}{Dtfs97t+4hk2g?Xy@D^!r)T=VYV&uSzsRr zNW+P>;{_fr@?V6}$`6NJkSR}PkB?#3;oW-8tjgd^e32K^QwIAb^JZocI z#6w&z@b#Ii@8A62A?nh;mwxY~P;xl;VAx}gs6g7dO(~r^?~AzoHw%R4y;B)$eU;nX)|V@m+IsH0YXTdkcYb@G z4=>A8A6!Cd!SA3TW%uVdewxc%S`t4oXSEAi)9P7LRth6|6VMu9kdq#YBD0%W!Kh2)@FEF>vV} zgpK|XlJdX)st`eiD*mMZl?2K1rsGacj^N8z3xD8$#qAY>#VlTsqvNVsLZ%ng5|yu$ zUoeql$|Cf0|7#FUwVSfJXPTDzc^S9Yo5IbPgM05&s903llCOhaZy#iLh0!B3w)n(m zX<<|f!|6&By7w>+qwvs}xmB8Eo)BE%^#&=4L}LWOU-asKa@ZJ{K{rvW=yKxq=8%;yp2SAi9qqXuK@3XJN-rRjeh;vdjBZX1w(r-y_%%-3M13ttKrhR zY+*9W%CYzaz5LctU6s=(1vB>jk!jk8BU^u*UcYr(EVRBQqngY2h?`tPpY^nxxO4}X z)j`;D#o2Pnlvqn-m8Zh{(dO0EfJTo`Zn1fi$Bk^utu~W3>A{wM(PZS0ORI_hqx~6$ ze)$WO+lNo7xpkkL&p2w`yOL!=jn3Dj!ChF=BU3AOL4Q7X5wIf6clY#3a3ANiocZtR zU~`LYCAFp5^{Wge6vs*7uTbI{7|#RqY*I1v(xXQXPJ!-yxk;jAejB(**U8QFM@EH> zjiS6`C;D$dEyqm~WW?W5W8(Q-G3Xb>nCK3fp-3#KZ&l`3W3e}R@sc-8XZE*A13Aq8 z5x(<2seZM!PgQdnEZ!opmj9TJtrQKK85)>tZbRn(h3bnRKHJtvS`*9+YcH>EF)(#G zpM9s7nPR;k6hfQ8FVzn#ZiFcK3@%9V(eY!$niF3_*1aGPku z@rO_`u8YiDTzC*=a8cUn#XyEzR-$a`9l0eNdKG2pr55Q4kRkk-O(Hb+nm6K1Wo)rfPKaID3+WsA4na2~Mr&$KsGKcYMioC4IAt zU-k+quL0Fj>^4aX4#JxV7zacL$%)WE7pMN{02eQq4WT2zc>Wl6P=BcT<9q(fgzRa1 zmrYmDhrPr?RaSUk;N?!DdiR#lyKG2|%8K_Mx?i8XikZr&QI4PYSmz1P7cACPW*2yb z@5((P5lb2|P#^z9J=|hqj`?EeaIaZkI+|KEm1fTi&e>o^g(&F^s0qkMwv7Kt6fI_# z(T4VC7p>AIWzMc{y*u9a?5{B^5?pjTK2m5sd8+IwB)cIk&ZMT@97wC1*O1Y(m;Xkv zSmk*qrjbah{@07VeM7dI3AHZOO*DMwlcbLcADFxh#1Q^BQTm6cD37qQ?|RI?_@T)A z7t_H{Po^&QC83;qva+~+nix++Jx1#2-J&haXC3|5YjgAE94+ZPpI0+^6z^dKzBA4) z#N^es6w?kpaDj)5U0exGm-}NeZ#g0z;*+>H(|d}j99eqvvTpLuj+fat@$_b$5;9ld zGd!Q=+_&`zZ-PpL)Pk|{Ag_uo=Q$(*91Vw*Cz3 zQe0Nv*k}OrYnwuLeo}M7bte@FyV>O;L_OD7!COzhZN1Ei`uzFrM4d-)#OJ$HlIF_z z!x@<*Zz?Ej+RfZeOnr;{@WGIaIKYGMb?%#bG%8n68_%0C> zE6b{MSK9tTPZrTVKQM}l5~-?v3AgBABjt8;kAHSqS)aSUAumzq$GeBgC8qTwkgMS*54Rjy*GRm4-O2J%2bi4DrJ`zn2|=v6 zKY2vpsx&X?sq;SM1lOQtI&om8ym29dAfLO)h&sO^Y;x>lO|1rcGLjEdi^4-Go>M7X zeD9os#Vl#9YlOI}%hD?1{`iCb1FB=%_0W$g5ACPw+J9w@wq+-YY^f-e-MsrTawRG= zbG#>Va($612y%~d^>Br}+$=Ttn)wX&#!}^vj}3k&3Vtq&D}G#v5cuBwh|o{Dgb%w? zHZE7-zyJ^BThQJ~EmK$*{dt?hXXgHs8<4>x)GS%0N4KswrFHA{5su6ln5li zp_OW&1POawgfO7{Dfd>)z7ww6V%XwMNlwOMO_0OSxG^3f|L#8kN8eB4?5n!M_q1DBY@_zVVU+ePPbI;7L4 z^78URh=Ht3IaQ}IzYp%6Xc!0}e8CB%^4{GygCV9)3GUs=k*Ur>6#~uV_lL#w8Lzb7 z)zb34c>91`F8Yu!ftFP zdmCWKB}Ia1j(<}bXMkzFOlx9yu$Hf1M+HX`hyE>4Ab61p;UHn3 zGt})%&zSfRn5-2DEv+#~bx1^ii2_;_DqMuWfALwZbNFSqiCOC8XuGmw2Qs`r#CltY zyO6bK`Q7r6IRy>DBVVUPZKEFo0mHCId=ad=lLG2GxjeJIrlx5!zt>l z2->^X)jwRI=cZaNp+)iSmE zo|inWavZhqf`aB+2F)-qcFfM+!zjJdW!sNqzO^A&fh;uaCCtrx=@encr+Lu|Pz$F0t33s40<2FTNQNx?= z2P=YLV~k&vwmX{&X2J8cXR@bmcz1}AIMtm!t_8jys>?WK)?j=lb|sn zuqM`Y;;SmGp-=T%8GlBc(=VVnGjiTkiMfZo>VvTb6XHKPrvMP9 z0azp)HOK{j;JgCxL|t23%L9=uQKW<h5mvH~-%!J|Dm4b#hT>e3!ffH$#%iTKMaiyIb;Kl_byT2Fe%0#&BaG z_I6-=gFFpSKDR18s||n_FaU0%_|M$fLFdMog^#%ZJ(kE)^N)Hp=hTp0MF43pAa$gu zVP=+w-E!l^w2JJTLqZ`kE+;ajhvZs$&I;FF8vgEfVEruAMXvOT8x4j=ULG6VqeN-s1C?k8tkC)lx zy`QhJj;*Kh9@jx69>P!%<6xbt+n0Rnc8UWCMKm-tVj;ciiv+fdHeyj=VnS=`JK$Zx ze*$mY%qkph8O)IKx%EKYo(yE78dV~@e-`M z&Cy2=aR&gsbUj+&Kvod{meYWKJp$4s(vZl|1`s!qkKMuoE%FJjvz~tJTnlrbqs@Oo z11}n$sNw`B7Ga0)Ah48Q+QodSprvidG`X zpQxLdi8(>mZe~QkoE=>qJpWMghpbY8HyRfg*B1gh&8^q&ZUE+(>A$J#K|-`^7npogAR7)e3jM<|Ey9dd4Bv#YD{m_*QpK>K0QHSOrYxU)ml z-aP?hI*rbav*Emlt9PP0fzqf zS{0+Cnir*RG?0wzD=|}YTpb_)n}F;7(p?C*#eDu8;nVxY@2j!R#cA8NJVljrnY5i9 zhwzgp|5@y9cjwSX$Nn{Ru6 zs-e{x6}41OStq{XNF(>|?MjXn8=XH5uGURvL^3lEd%sv5s20>RfeJT-#?9w!cnG7u z;UiDlfr7xcV)&bpIY0xaR-f^|KR)zRS9|<9^^&dU)Eb zlp6YHeZ;qG5z?N9U4N$yAf;NmXq$)TYoSqvO;HSaNP{g2C;%KG^Q{*v_vpProEWm^1NPu#jpPtMQh|CMB6+_{4aS?*TY1=~78V;Uf6^uuPFvYKH!(tdSL z@*au|oDhLw)Y!hVtY4mCresGlS+@C=yg%$LA*vJJNC8yFV{`jAil{~dk$E*nyS-$?sja2N7Gjw_?LrKG|*d_gn2 z?nyC(a<1x^5K3-qf8sxu+9$ooF-pJDp2;Fdr!jcVhdFhNdxlpUq0Ocx6B^6m&&nAW3&X}>O zghH=aQJQsFilG^Yh||?oO_j34U3K+CN87kucgssO%= zA&8ZMVag}&M|j#+g@8NlNL4U)elZjXV*HZpQujZ+`69>7F#;??)(=I!D*nX85qDZ6 z?n7gs7>IA(+CMM|<1>UZT0b6hA$E56K0by8FqNH?3|@qN?dtd4m1E=KB%+Kaysy`| zA+wz8pf9f^7x3m3n?jX~D_^Th5lZtAf`WpOFhqH&hQ>r|lR(z?4O%1x@6F#rfWL;T z$`-Z}V5nPwYBy4h&jgBCN|sfjb^{^AIceQc8=mk z#g{B==O_77qxX`>=dLa;>0!;eL@iSv_uV8qwp~;(Qf3e&2bDOFAupV`md(Hf`&{1t z&X4myC{S5&1T_n>1D4#|@e-*P_She-)T%#iM;^+5H9UflIBy*~obqBh; zQ7?#rQ}@7!Eq>{AuubOqbCU&jlhF`CeLh%gLPKv7sR;^JK72Aa2Ap$yF<*c`Ao6#@>82?b??jB3nn8A2F~83_LdwH|eut2I6#+k}OAz1l@QSUP8OnZ`}dm#`CO)nGE)l%=TJ$78V`yQaz`q zzb>A52&(IQKY4=85N{0JzKz-F`!pbtH=DX@g5m?My*;CkaUO$rS%RN(M5L#pH-*#R zZ=6M*iUs@q0Ejj;G;&Mi=i#-CB;likjpqhJDOI=;nmU@t)^;TxXeb)Dg(o|Zf;a* z?CVfq_5DqbSO~IAZ@_23qZNPZpPvQhRiE6*Rh9lPCL_0y>Iz9=mcM=hcLQAoFZ@n# zMf_v_Ts+)5HhQ!A&-{PK5mLBHreZ)e5wurikC|jpkgd-?DbCiUF4I#2uXJL4Od}rSE^MD3+Q)1HqRN=*Eb-1Zxy;E#!aONy2Oy& zPotx4ZsTerBviLgF@^(yF(Q;mOM%6iizvynh;443NjK${W~cTQFH|p&s%f<;rXI*Q{?%0LuJQHg7~KKMAnLp1~a%?tV}WE(rRhL3^L! z%J>LLYgx#vLBM$-*-qfDz5xw;#WX&1YjJYKf^Yd@M3t8EkzbSmX@-KS)%$qH_lZT( z6(Jr)m;#t4e{aD1iR-M2{0wY$SLngm8@CV>E;Yg6;4`dGd%Cjy!X;7d(Qi)|QUu*m zNHyT3EZ-t-P#fVIb!3Oz3eI|`!JjMwg9m?^RlA zeC5%Ru_C{|52v|tq_yS+im0&8;`@_^H#RtH@qd01;`2h**72qvwP-V9@9`A(&@hKd zv&F~;HG_yBI*kOO!IYcQe#wW3U6^MH|Fhz!12Kk!|FeT}CwuN=WKrXFEw%Hj~ffCvCe`k>&V zN)Yk-3cFp%v@Z_1hK^7P>QI*qW?dPX9IZ5<2)plqtKbZIUKL4J7fMw7UT%CN`Omw| zzE1;vcc7;`N0pw0=GTO^3PRqCc%|iNG zOOP2M`pVJ(6mZaW#FS4Qu3QR+4GVGu3wF_FVs3fEZ}}GTw>-_yfT^0<`)s2vdWXfu zB9^(7=3CA@y#0kPHZ(AWAz58@y*jwf@AjL4Aywx>6uPGAWp$T*E-p7$zX%H@Cj_Ap zYTCcgmQlxzqsdOo%DDCU^F0nf(fgVE&lI=*eyZR=T0mn&cqvAkf6d(O5nIXwJ*o{P}B_b@|M zX%I`#_4Ae6xmD%nU+shD`RK=S&vPoWr0cFXi<}1U`V3c1d;E@aG|y%*ZDn60$)K zp>&yUJtlJpK6AV&&h9dJeIhhx!c$ z-|`Y%)|v&Fow4gh*-}UHTS7mv>ORRX#xI~ogzcN$bBw*x$4=g7OlH}&KV7%x)88A( z6-g5loXh^#S^X{9BJif;iB0v6=%7y>e5U?so6kwhqLk6=)B4BgN_9*Qli>|FT;4o0 ziLA{2rE&1Gz96otD^tJa*yrf{*4gBik59vV!ndd%MctFk@cqo%r2e6yZ>oBZxrJAa z38f~or*CRJ54-e-ioAEZBBP_bh`%mVcn7k&5BjXeUORlR-A&nEYZJYWt390D9$_w+ zJgKN#TkF+Jw7$@+9nm{G9;wx%Ivu4yhhtsaMWYv5#m>17HI&x0A`kAn9N)l=>7S9gMMDwUF7P8z2lS_=9hvQQJM!n!*Qj72I(3CK1>lsL>WMmES zHn*`Ek<&lo)ICk?U6U5Q%DGyvo63Jg!f_T6PP`bezo_#%GW-JnZ=R#TB5JN7*447$ zBB065r-;yhjOLh&esy#9HFy(B;$>w+DvB6tRY|e)GTv4!Yy0IR<(R6CIoU5bx%}b& zXSGQL=imv4>VueTNAp}^v|*7RVxa4LQ^?7db=FD=K)mf6bZF*lLYx1 zw%1xW~sV4YI$E+Y`xmQOs%z&UGYxha+1MseIw$h z_1(&BPR;Sod+cxRhQ+tJ)3$Sy@eKg-CRn`x-65mMnQ#bJiPb67I_}7 z3-Z%QRS-qQRK0P{X~n7U4Ze*Kdp%|>H9eK3D(y0GawE+ddp%@5`P?!0YbZV1v-97t zGbz(F=i6RB@tghq8>Q)7A2{%@jN^p9h*-};}b3xm+;Q?*t7-d0o^i^(ybRiEvu zY40zox^*6U5;%=#OdPS`E}E_mqv%li{K~QwiI>? zDuOFB5(miTI$X&kG>U&OJO5Cr)2a9RQvYmw`MM2F3*L1eC5=Q%_Z`23kCJSHhukT) z1F~D;ad_tf`}-3k-sjsz1m}v2Z7D*|EBY>1s>kw5YA($x(iW=&x|8~>gHJXJ#>U4F zZOl^Qu3q)_P>#HA8A|24CJ?!pj}p@J*eDLB1;h)3Pvl2T%<9)w+lBLr{2a!qE`-&O zM_uYRK24tX3OV*32tJagbSjPCs(d3AF}YlXTtD27{=IJN-le;A>y^8{{HtwU`0GZq zl~$*MkK*?KVd|@+qWZpgFAe&oRHP&nX%T4|YEY!5r9(hkx`!CR0Hr~?ySrlmMd|MD z9-0{%=3Rboy|vz~yoSGWi9gL73^psLl7GQ?GL zS2QE}HKbX8BjqQMkB&sWj}@51*axjr`v0D<@7rC9w`iid?x^ zk%Te^b@646-jo+znLV8M+K^An3*i|T@|!wF@+?)Qrih?_pCR-lu7*kZRZZlJZg0is zkIz~a5)&)8;x`#+8&?e~dtX9Ui=9U>;s*j{{fQzhj&b_s$7weiBV^srwEHr zA(rREq%Cm+gWM9UeTB76K3Aux#m#{vq*bw6!7n!@E#JDD8qeC6cN^lA^dI=gDOW=H zENI<*&u?l++i+ezcDZ{;bK z%5wUs`cs6;j+1CqyMH7u%0I*g@`wINDN1M$=TMZq$Hjrp?@mr++i1C1*(F~=fD3PG ztf&SSNd%>@oz&fORvXVlZq}9IV|k_L<(gtml}np$pBGC94KA#RNt8+m9Cs893*QA( z1|G*_Zd^B!1_ucJ10M_l+MXH_A=dw*BL4OUU4{I4edsm0vyZvb`aQUCIEi$9O%4~md9^)P-EiHX4?mU@-86$WJH=1bV9*5lijUKV7`#jqyfZ&#) z(EkYQ85)Xs3Bm#D+n_qMGaBp0+AVl0@W<$RV42Q6E1NQRyUKFJ07 z75WUl{hMHaaz>zNwAJ|*t{o)LiH_DJ_jV*>SAId=&@+!t-99R9Pz_t&dS^s zr{h1XN<$33LLcNXgCcg5r+c%m=j1XR^x-z6xuK0`sZHaHlX+R;o-N>&h}oNh#b*L` z1Po638!qlet!2t!kKi#cZiG~4nnx6*2{K;goCk7vaa(V@FR?G@KM*|eh`2p4a)%uw z`uqDKXlCwl@Kt&h*CTNV{R-{A3df5<__dK(lT%KrL4z9Ra+41ByMlX6oHO@$!g z+aq7JvGG+&l^tV4&i4Hv-?N7ufK@au}ap1I9(V1GxLA7`^P(aQ(D0=e?A0OYP-3SwPmZ1G2 z_hiw-U&*U`TjyXf#4f@5dHHty4QRL(I(Mr_Eqpr*RSx#Gns@YV=jv7K7DOqk;Gitt zddm3rg-I;qB5tDGAB%oRoG$3GCc8xK$CqxwFAG?!CIHx4Mqnik)TAO_9JS2pvRBud zgDh)Rn$Q(H`nw8S`O$e&n0x|08$V`Ce#iIgoxVwm(TgR5Uv*Olhyur6BC}j%CVa)Tn@kk~`xWhN29j z3_?%lt>bDaZ0k2cwOOw@F)49DR+YL!+h2;pQuttUl&oHRpIKWIK}|4qt1ZsW5H26L#>L5UZmVX6Cb_P)hx5#FV$W-q<@Q*1jLOC#71vGyl^$iuQJmnaon0Uu+<-UP8b3ZWQ|R7$#+%|f zA$-}nXg|h8Dwa(rQfuSnq~^TYKY9xiV|62^MiPk?!VhW)*RkQwExpCtR68)ja5-t< zZhh0}x^r-#Wn)tm%cYl_6(%mt4Zon?8ITpp;Yb6CZc*vwH6TMe)LgP_Vcw?p6}3Qfw~rTa2{3trRf5M;75DxB7SsOD(7s2R2UCZ7c?1I{2>pQL8 z&|T~WytdWa+gsmxqi?vl)C?NmxQgbg(HYaQPENyMa&EgP7o5?5l=3T%&eZ?ew zvT^s}%Kx^yn8N$6<|)%)h5JnhhV$-=2;CNMZiFw4Lo!L#5HNn*h&PnK@h`NcDpNth z@){uf82pgO2fq07X0k`Jgf8hhBQ#5*6-^pG{iFL=NA$x)S+moy{`|!FZGWr#gNZig zw?a1!*Yrt(US6dPw0UrDi#UA=mzh6{77Akh8{XkOd?#<45(GR>ujU4LL@8eC#pP|s zC+FsKxTM~ri|i)S_eZI&(l;v^#fg}z+-_PU(sGMe9h#EEt~|6RSdWJT875dIPRZp) z%rFOEV7C?AFOp%rr>jLqx0!Z`3x=rdGB{F1xAGI^;>zRtH??b?FKK=%Nr}CFR;#{{0N!GZmO%*) zDTK{qy94HoLPK8Wp*G#%^79l@K5H@>VS{60VH6e;%3)%~dBfk=t}lI>$Db??lcEnF z{rJwG*S*!m*;q|^KNW}YN6JI?n@&EQnLb&vuYb|KdVHyMB_W?-h&M^89qy+;AQ;b? zu9<=va-;*shVCHPd1tv7u{dyvO^Wm??w{F~pP|PRta<#ltCsej-k1SZ~gZu2HOE!RZPkP<>?-T9=sUJ~cB6>h*j(|BT6d_V$PYdRq|5)fKC{FIq=bTb0KZ0fz!iXbKD6MyC zlw1OoP^sMp?*^sU+n?qgXG?arrwd3C7~Z>Z%FKZu4!`}rsE*Az=$!Q@32sLQGRSL5 zGq|F7Kt0nUgT{f@tu!t5vJinVU~S#{=f7w{TOW@I`ugbO++zSB^X})#D%%||z?sz% ze+2c|Tb#%)+nq0{6B9{)exvPo$WvH2@}r3gF!P#ajspjID>Q$om7~Uf7nFs82I0Q1 z;N#%!WUUtYyO;^}jq3MVd&E025qJ40CEwxT@rjAYsljR~bFmavlm#UvT*o$YUoRGN zmaaP16Ag^T>_$v=KHmh#w8c0BDmH2JRc~e7)NBF9Ym$Q?WR;iOPNl#XlXql{8pSWTI!^;V3BG^Q1C7*!tp__~1FsM`wR8yvB%TPS9whbtzf&gN%iNP;UeJ)UFM z>o)l`kUp0(%`I_b& z3$Z7*r>FW7kd0z-`(E!u7j4&tSXgHN1-)q>N^`F7LiEbV&LSxFo|aE8QLr2@UTgi3 zCx?p^3#$X(h)k$gGsGvQCP!QgdBbl;7g)3KdGei-!`ZB`$S0@c)&li8Y^|jhY zi{3ugROTiR*dP>t?Rw(Mqe!?Vi(zM({XwMr@QNnF)QZ+0Ad_31K=#LamzWB^c2K{pA$*YV!_EDcUx2|bo_WfKqXOJ{(t>x8$X&a9} zkqrm>S?uHw`uiL;S}>|9ZUdJQ-``TVIe`1D zrZg?GkZso8Zogo=(tFJyQgXBEQosdEpXP4xc_)%`?rPxD<6bjJkZ|=Nv!39x@lnes zr2XabaRT)26U?J?pKW7-z{>~z=WDdTS!x-0q6R2Y`SqF>_SE52S`o z5)JrujMDI3jvOnw@?H}Mz1VjE0Os+sl^IC0(de1JH+Th?g0N!_b<=!zP;syp#u^n;h%VKTPVBVtBLj~#qJnyRScg0oN7Il0}H z%!c{S_g3^lbaOgbEHMal|4W4H_xCFr;FJ$_R+V3e>*@7luqW|1DA4vlX{K}+dPvA< zVhLdReU~b`ffel?AJ)9r2_XjivP_X!1|#40&Jf`OYv*h9doO;HNc~652rOm5&`(Zx zz4)w4-utc6#?a5G+TuRN$Z#4=Tn8iFZfQ)-)q0YSUj{0+1+gWLenS02Kpy3h0e+%) zBanh4i2g2-tRBdz&j2a~=4|}Z3n_pRUYC0{ z>b39LZF}7%Vc(a{&~;J(5zrn+(*xG#XR$0kPNa{;2>hH38bINBWeb-3tbGK69${?A z3mWm+2?4)D%P?vmU(Y~Y(`rE+Xv2(&behhBBpwHu$(oTy-%LVWOigXupzUu;GQ9Dy zwnLcI+wob>I;BMV*-(R9k!Jav&V1%1Sm@sXiA{1Ka|g3GQ3?iK2yp?8t)bKUh3c>D zxc=ptShycDC2=xW*f=&-tF6+TN7A~B$u^Ej0Gi(l8-mE>i+)^epb%x$RJ}bE_SzqK z0}6^feFSIm9?=XT;pmXXXloX?*i6m{$J@HA1AEu((IWx*^#(1bB>9_`(X-b#hNrFX zKQ#Ou6a7GOS)0y^`{BbCLqfCK#wD?&%?snNCYA~-ynG+`H}f9YYRmXeJ>Ul7E4&n< z#cM^7zJMR4NtAe%Mc_=l5}AOn;d|xZtHYzJSsO;LU%fOO_wg?{aik8fecVx{JNQ76 zm#^&AKAcevFs0z&{9PEly8EyC@ljpI4+r72@b|5M5&}|2quG&B(zoy4F5&^uetJ~d zOth;6(59g9faj*wjQ>SeZE^4>4UObao2?2xW_!Fm8|UU0v*bNnOQhSHp$5>W>6Q@C z87K6nEe}6!ZV%$4jDUE?LhKGs7bloWFXp`j;a8%6JyjabygM}Ott1A&pb>NVlR9!j zqJgOL&;HdBo;iJD1{Vb{<~I4PM{g1$;28zyqE0b>n_4oA4!6#7MW?o=^Q6GxOu|W` zs|;LC2p#tDzw_fh9cwpi^<7~^+lftyxd`F04?hzWV7Omm?MuSXQdF)HC1g1Gvw*3# zvXaH?1z8R?0Q|17*Na|gywh$VO~0bpK;eN#0k*NE9iFJBwbD`ffN+>YPL)G9Lq7HS zsY}Hy3uKn1RDzw-?8Mq z>^mlb1Yj9ANIb&@I3$@LG*iq|b7oB_Qv5T;0T?+J%JV<;>cwB)1FqdHz4R$x+JTmi za0tL&>_b&&cbf4J+Gw<}vYEqDMbOZ2JN;)9OUpxH4-@!ehnHKlF;@v^?Y?dezMg4z z)=5}-h8+F1OEe{{+Y=3)Z&Hp*i~lxb79$lJE9$Rj75-ncT#YDan}v z$4o!F+v{IT)5ryQEo2s)cacswU=6W}w|F(pnErAHRJgf#vPijYSjnJJaKZrbAb5Ll z;tbrLKXdYR%&j684gf80_BO0aU5o+Ew~9q)zueZE@UKoN*)R~0XjLunYRmIyM2_}& zmaYiL#q-@z?1|-d?`HGH>Ed%YwpLnxu@QNEK!68yLXPLR9RC9(k8aKOtc|7U$zB&n z;g4YvGZ9)e#=NLWjEtH6_&Wg~gmCflVgu*IdK0E6_^c)0)il3EYu-d_GDT~C8O6{i zSIg@bJvJSC60K`0-QSVVoQv{0S>fT5|0{b!Sk3$+exWk^gV8kqn^%571{Q8=FWtPP z8Ql0U9`x{DZbE=4GJF~>!SSLlq#ga#5=ppDpEhdwuIJzZE9B!DQ!+Q8>hj4#KX1^M zg^VzStNT|ft%B9)d3LITt}Tu7cEgdJ?Gt6I6OW$J1KkRpdnpwKR@4x?BVN5>^se*C?ehF@7Ghc(V2U?1HIT5F`9JXX7D}#!nKWjs4oAv~ z3G!!fb!()bT{Ikl%fT=yacRCd+f*ah>Bfw@9;gr74Jk?ypjoPFhpa%ne5-Ejos&PN z-wrmdi$`mnH=Eyh9G=JmG|=mN-wTX+oiJqgJ@ke(uf%8OIHZx!wrY>E4yVhCuSw($ zsvHxVIDQ(*j=r@kc;hP*G0Fk(XHLWqi^SHF6P}yzO=a656?SUDo&hw8Dje9I)z&U* zMbfP3DqFSaND`ZHHJd#T4d6|LLUz+=q7B_1v_3U8S$72S{0s5iTLgS$hg75k6-Z~ANGk-fwX0G(u$x#;ar`ICkv}4Q zqKB%oHPsd93D|;)fx6HC8rI|F+Z-eOz3sb+J?DjA_mx8E+3cnO$$#&k9t!!7^IZW@ zON7Owpn$qZ<~>r9_gg~X=w}O#%n329$_HP^?Q6rgg=Rae8OcYtos-Z}`(H`+f}9rv ze%gC2wkRaM)Z>$VOw05kY1Jn<)yDVSa0H}6svqRbAu41N_ z{b7!A@Idlp@#BrIHwjAHN|u;f7BPW0w>UfB@X6X( zLyDoMl_YRdU3^z}D&yXNcD-~-Cwc6ApN$V*QPmtbm~*Bk=%&GERW`Y`dqF~#NXliy zO32o$&J=yQ7shjwW1-K){@qK%6co17xmU$y_B6u{_w~?;c>TJ+J_fv~KdUvELG6!+ zU}N3A5GYlp#*qqSHo^hO?t!2&@pMnLF{`@b*LWym_3i`2Afl2`(FqAF^bHr&S@>gMX^#U>QbQ|uDe-urAbb|18`$Tk1Bv&>mrI#}7hjn9i^1Y6u z$dT7&0F882 zWeNES>x~jLsI>Nj0t4b<#IE?V^HO(p%=}LtwwOSpT9GR zxNPZ%k&kP)DDLZy4M3ihw$idD^^UHBLD!6P;&HU^FYKdn)3aG z<7|>bv*f6@|NJY##m2jnaV?4IvhXs7+#@Ccgf!H*P$tO9k@yYlDqhKlJ=chcvsx1%?W-u)31VecPA_-&_EU+y}$!}dmRU_q(3 zU5*+S`ZDgk)TAmlbMLX}vjRDw;%xmJ&DP$&PKK(=f!Q+Q5B^&x0>%`hBVU@J2zW&W zcngBHNVfKh@X=$0#0-*kAZ*y{3a68n(v3Wp-ePPQiRHbAn=b(3bp4z0hf6h=px+Gm zEs2;KR=HViIMR)P0+}cDAM!fy3eCuL@6Be%f+OO%+t;AUOlno}f>1^ewp20Q)iYVcrO1&AeMh+yh92BW7|(}B&ct&|jR{{oVmH-*swlGx9%wAwTlFCE%E7g+Tqc`%NMeQ##u) zhZNcL8rrEZuBl8V!Kz_4bZ{0Q*)-drm`UE>zuu&GH+<6kGta(LTL;UsIFeVXs%9;= z!(;>#ZbE=550SE-EBbK6=8w$nf0Zw zLp_~tZOGs@Z(U+(Gawb$tBKuv6(Mo#5xyhqi9fm%r%=hV|6+SsFkT;?Y27xV7eM}X zI1=3W5S)RE&qGbEV%ibrBK#WX096LnI?%!@Xc6y3BLfAJGc&8m?*eSmP1JbUW7x!u z6a|%)`2(&>hC%@z=`_rzztMy+vI#&lP*O|Y|xJ%`+0Kd399xQ1Ig&)vOHYlUFxy6b} zhb=*asEE1MXr(vzzxs}HllBJ$BykA+GA)y#?Kz&R-S@#G!Utc4iT37uw!)=(t#ZOk zX(upxBH4x$UoEwhI@B9I*8N&4t)%3lB;QVhhBxmHCjACM|5s&7k@90Yd35WaX~K~$ zP6nRL{{S*`dsCFm+wG+C#`9?`gT;1Th6uGN-)dJ4d+$c0A{ka9S)7aTf5lh0=b<2i z0k#Gi8ubZZzU^WGglU_ue{0~hSrRn=3Wwzo``f-^f2w7=Dx6%@%HWMgm@QLCwX~y( zUbN<`OVUFM&?|oa&Veg1C^?+QH;cx4g%x@DOe}+bQ|7m}X*a(0Q4dW#zn_v-o*lE$YA(At&->;T&0m|xPQ<{q6o^vkPv5!vTTHwHeR=&2 ze(IEgCx?+1%syVd`3qGr6;t*OWM;MfXZrEL3F05?#+e7}CyC>aSJ_Dp?-Mf;4iIP5 z=y0c#j~80-i529nrdtXGNR{y9sg4-k^rn0ax&HWxz)#wB;QFzE>h-%B*`6Il5dnIy zAGIapX}3i^sh37KwDjEdx$4AYKG=mQ%^$2*(31f20p)EFJPqem5pLw_X;RZ|+2ioi zCqsKTasmE7MPKu0U_8vBNu3FTTs`sl_Yc8vLH=UDZ;Y52H9PhgAEwd)#`LSoSXf+| z1XqAzGvvC9>iEwzwjVq9)=wL`fX?ImouqQuXb+YcAFtdil^9pkXjnVn4a~(O;G@*o z&j}W~u?~|hKZg2I?4_W4pt+oU3>*%6-q$61Bej<-yPX+>qbnf4O3*wkVvOFfAaKPn zhBB(6IY3cs0YTRPA7S{%bPHFXRmE%7a_>IR1|{W6-goe5rvjdyB%1K09)sOaFaoOI zIO)Uv;hipO?g3D#q1sRKl;V8puBQCHZF(R`DQJ=I5J?9}jVNqZQbCpo?r1GxMo-eK zKl9)*Ca6YoUHLbHW5O9xae-q~CZs?cYZiM^T?x%6>l#AqVCoy%;0&D9Rp0x7UyuX+ z1$n4dAQiic)m){K>umTo1_0DaS2nrQqd2Vvm4tlDwFRyPUt6JLEeNU;*(aWDist^t z_HH=91^@vIC&L(fFvj_{w|kzbKm6o1Ju|X{#dR6XYQ$zA;nWO+)^@`p!J5ljvs!R_ z=@bknh^~#&#kHeoCYC9nxgqV?z4i*;rj zgMT~)Q;eK$IaAAUv@Nw76j&TK;TvXEhB+jYighWkcr%yfLn=#qCsrw~Jx>9t@rD<^ z^z3(BG&crkMp$x{z`Do+X6%xyA3P%vpvss(e~iF3Cs z%zf>0!`-Z{rUP2dcDzmzKitR|Ms0(F6F=TRa1riUrsz;m<=8ai3u6_$v1k~NO_;6R z?(Y{2sPDe|%}&rG*2EVXjK^a3i*j^MS=0AF)daHOSNqr*Lm|M&+cD+Vf{7m5A z8Sj}-(rp|&{r5(?(=ke~EA&KF!(Y11;z7^W!!x|}2W~KltO=aigViJ7tK7f6X$Spc z7(1h!W3BDp*a8mBz_k@0&6_!U-ejQ(KIV+bqwVJIFU~8sA442lbN_s%@T{jH_+r>H z@=HVdc*FAvFru`lVhAfA;cnKM`m43 z^$9$Yp5XEbpwXDh3$dw&eBhYH0)oC%x~msZP%!8SWp@U$f+sMRZ+{c{Shv6O4+_%a zA%46>4azK|ynNr!hY6ALb_BeAeWw)16H#;R#VC)hpaW&MFHIqdh+OhWoS}FSd+5fy zQCg~pdt6zUG6%2yq3PF-oAJJlw!ffKZFfp}r<1IAQAic1QqliT?y>p4dO}JTHF6)w zJOHEb`n^m`3?L0W-5>|gbzUBKkl!pqqrhi-?=S+Fm{9;Wv}w#h7^fTl>(JZw!Nn-y zgLCrdBupO_Wk>W11h{E(j5&*$ViXg~68B`GC)<5N5z~=R0Wu#&IE8OGsqz*R@;msI zoXp#m0&jK2AabwX?7y2Q3III(@X1Jj73(c!fKfnQ7CvlzLc#qI(3v`oA3jOA%}?$X_6OU=t5|(be`g5B-5cu%v`yL`=iNFo*thdwJ_+D#=l$ z;GC`8%V;8NF86Gx#zdDxmr*2Lq~^!JGQVggGgFnwr#TUpvA9EBN-0SyAttY?^Hrp$ z`uL|pb7ZTG-5!ASsBjoiS|mdmf7u-rnFn_L`B63?8Wgwg@W z1r%KHlNb_7PWzfvwaMwB)U<8duYEjE?F@lG-?q#CARi(F$J-kj2pg7vfrK-JEGPmJ z=?X3zIK8n)LIaYInqfYxdOKCF=Y|^YzOOk6wSK;9$Po>tfud^uhJ>ZPUH?F3Fv(Y{ zcLl~6h8=7c>+NGZBUADY@*N*uRktI*q^CFq>62wx3$9%REG#&p6%fPP+PB_c=Dl4`(e*cF?Cz z1L_4QI+x9fkgvm!r##BXiyHFht`lx9wy%wLk2jCc|12zuTQf;udx>Mi8r)}crkx;H zt@*rIY@@(At8wn1 zjh{kKcuCLF zMbY(-l2GtNUjCbPdwF9WJE5tDf@}Q<9k)*29*6X(Z$ zWtbh3oWm1Vyi56Kk?;=QkD zQZj!;s3HhLe>%yZO8htTXQRgNK0T}?S-P-^d_CxI^(=XT)@(0)==orJ8UFy36nJ_j zN&|gk`bXZ#V%eELAN0dpzD`m2wAuMgg-+Y zSv?&ehu|&e8RW^t6;bO5br91I(qRHa`0cKY^ecS0uJc#Lf@>BNP_|)fz((0PA9! z!`8nG$G_>(7?*0Be*ik|3?!dz)cEMIun&|)It3KpaYy91|JjLCyie)j$Tv=i-9|?P zRS|@pVqj{Vluu#*(Sfz{pedL&4+LR&nRQm02wSCXur{3i9Tj%CRXK15 z&J~IWYfs*6b|;i~B`@Lq-p7XvKp%;fF-ekP@0a=$i3urDaI18Iz*&c8C6a2RQ^X-$ z(ygX}7UsX@rSOidsp8f_cG_Lgz7#o06#p(QdKANn?N<&+aCN zmOSYvjA*<1=OzsY{#}Pzm17?;P9(l5NyB;jB7h0nQ`R9M41YWu7TFJ5bBiIt9F3joSLJ?U zN2FoEY=fI^SV2;Z70wt-upoGq%6cOX+*8&jPr>dr zFjHH|8;P!@#N70y&0zmvJQw@;MRi*6VV>GiqA*vL^9H5(_qn}>dEfP;B-py0gqOsJ zW1r3XM-aQTfw#m1RqEHxN-{AmJ;EeR-CuKJxj4xanjgH_TG!e;u89*Oup5aS*Uy-nroTv&F#_xEUqW!P$o{)~8ZEX;qvZG=nES|sTKeCU z$}~`#2DL$z8a)0d8}TwnNbFF0FvPRgUK4q0mBGu=Ww&F7B2WoitfGRY^I+pTc!o<8 z7QQm*jhU@V5+3sJ=(>_DTqn7lq4F$l=X@jA{^+$tXaF)@X!;8s+O3s}2)oU`iN(Z3 zY-VXEt-8_OG5`dL`sjZ{IJP>@iYf2)J^a)_>;0{bJBTE`mg+69`epgh3jhfEX~rdL zNHE>+Bgb<^p>i9IM2m$a->ZBJ(p0t|BGoj6);Xy>d}YTlmdQp7`~9>2Qzuf7S+%S@ zuZiYEA(ByBHpBH!SV~!k4ek%HKcSxicV?pQ)bPE7`X^_>(w4xj_Jks{M#N3ZcA4ML zauV5cx~UF+Z74fPouINjF$x}oPh!fTKF*B5xj#AMZ-L~>MwqX2 zMl{TB9)cFHGc@fc+7?S=hC;~&>{zNr?Qm}^J1(#QOpi90#re>iNR9PC<8G)x{D>K9 zD!NgzqKWNDaERR**O}uv7+RvvFnU(7S5axrNBnW{do)#UH1$$f9Dc-f*rmp4x-29^ z=9OQN6UQJGX_UdO`o7Fw^FTHxJ==LiOXqBlJeWrLX+D9pAMU7j&yEq!-J4bi{0mey zcwaDEAcm4i>TLS(d)jP&!_GXE(?3|PO%xbwCugQSUJLJIWPxtg_tl}=%F2^n z2;F@}J!kNnTa_I-27`$GE{#z#4m_7QhaF(3ga-OVFud}q#;s|CXYQKm59`aB-D>2Lq)G8USvYE6Qy>#7KtT%k9C)A^;_{)0* zrBLinK=g?1*%Vk}xH=fqApCG>&(l8l_wTRPWzL&4q;~qfp;;x}sdz#TwNr+avIO5I zAC!|Ae6h3ENx z@9{`{t~lUUG}BmvrNqp#sZ1Nu+4V6To2OJgg=n`Wu*iYLna8H+^?gBBL_#L}@WkuM z*rxP4qPc|P(q=yLURP+mhHKnMW=@(#z#|w`JXG7OED3;HOq@3(`r(hRCxbh-A}$A2 zHt4^JHQ>oAkiZ%FEl>_0`Ee-fSz zwyS(4oL6v8ble!#X640azj@a8;=1KPmBVo^C#?PEU>cHqGxP7q{eH!<_Y|AGxwMj> z7ZUjWTf^Sd`KX*lcZ4@er$sVGYHp7YunTCD29w*^LgoeJA9eKNLpf;6=O4Lwc5Ci z7OwsLD?wKJ((ctnRp?)$M_>>aIR98nP=U6(ny#}Iun%Fgf6Sc_v0xTE`!JdOzj5Q| zvKoUnZK;C&eS}5|5Zt97VJum~?|)HC@>%7`SOHj~Xj$NRY#_sU{$y8ItkJwgvqUGa zWUyqit%F$JcJ{@?HngzyQ$c>l&~UkauIFm$U>X$wS~4M^3QJAXgN7};Q<{apJHo6@ z9ZZtn$yE*h`oatyqVa560A>QJuR)X2tYGnI*T!b{0-dP)V>0A?>DbD=Y&H~&-;dEj zzT{}xeGmqWfBN`s$9xR(=(U}fuShAD6#II&X9j`q-`*dMX$vbw(QC1!*)m{_6NV|C zo(4>-ECqJTu!z|JaymtFK8$XJ@8OG8TZg9VR4LI; zmZ>j-3t_jw82w}uMCppuJzT82u>g;JV=uy4%eit*kz*WsR!->v{?m&xA0ic0l3aLb z;!D4gjZQ0oC=>Lu?%q)G4C#jo4cXbZnA{p3M^;M{ZD!L3YQ?zaxnM^85= zY&=HsbKLAW&-G>5w_9^t=>G2%hdypK$m{2wPG%9m`?Mx=>7ajl_!2D)W7DF9_Y_GB zFDv0a${-rGy1%pij5;HBh8lSAdR24B49}&F65LA6QEXjdL7T~%J{;+Bz&E8#1`x~@ zVgZFs!zpJb{Z4o)%Og zsSQ(*y69Y-!g`Ep{yxnAfg{Jsw;p-^5z`|V0{+Ze78+=PInJmNR*QVUo-A2_8-d;20q`i+`0YDo(1RzQ!UVY(5a?UOQnzc4+24;Le z92zK@2VcyoORd!FQ7$5(zMmy%9%pll#QKoAvZnzn7r9X2vh9>N6LXM~)E zk@!pG;QIsdhOpqnz=JjmoZL3-Ct!66kQsml{ZQvif;r9mT=A|2EH;udqJ5}9Kmyhz z!FljBfwX`G?E4OD_BgUBI~58(CG5^3#)U(?r7I@RzMWrDLDs)g@1d5?GS3|M-EQ`W zo}hnDr-xR@&ok)hSeeboI_I#M_LQX7Wpk#LNvNyVK4mj%Pg_jsG08h-v}Tei?rgQE zdHTitwrUqgP{%P*&ip^wdu|W{>pPOt4oZa4ivW6%DN1dB;;^6r4+$?C`z=ZO!GLRKHoX&UJ+4nz^5gxO+Bi}MQjPx@#b zgR!M9dfwmSNBqE#Sej1FzIb%_5L6OYLBTg*xQBPU4mX=F~YJwL)@EH+i(z14n%|8!`W6lBaf}-uPR- z-p?yAg7E!R3cqv;Z$COVF&~jRl_hIEG0rl1ACaH7w6dOD;NZMqP-6>ejV7^ypDCBh zsQi5{5Y33gY{ksdhV4Bu@ifWOd`xmk@p+C%z-y@uNkYSgGAsc5>oAV*g49%^FD*za zYe8QGcfjFi)2sByYAN%$Pd{oC(y@iS8^U4?5_D-j~_!x>81UEnn;t9A4_6!ym*gQ$iUPV*{>uDqq?3i9}z=$2@V%f zI7Qo|=gzPNhUeb=hy9(L5o!!#=%Lf*=RwY;ZQ~!1Y|_PAB-j$L#_SPyz0;pmo(F$r zD@X0A0#Dvl#RyFjmy#Y{+*9Yziz4ywfa1s=zQV@M9~Kh=x7ppjhmb5Cyp{pXXddS} zZ}>BwVLe?PoI}3>Ya?FQR1|_Y^MOG?u<`@3fNX8|u=TM%PiKyf5vDhl5)pRbiT0!QYZc%2yeQp&e4^XK(bviJ!kzEP zevb@*jw5w07H&RqZri<79vY}$fb!>?c2hSK-khVguPkb{ZEusi^SdghN!`tJDUp3f zg@}u!1>b>}R6?z>!)X%`F-qajWm7no6^4zqf3x<-%x(Kq2m4T;I6906_fYVJBZ2Kj zC-G;k3`0e>z>(Karo4N>)~%BpYpfEhpC7dpq+8d(Z+GE6?|zt6VXD9NCcPnMto``g z^4??bZKo~*9%1F>F*bQYzh7N(VF&6wGZE__=2ss!p6Fc6=Smz^Qp_uVEuAZJysV%; ztC-drz5I8u6$k^H^8&z91M@=z}UWQt+g% z$J_Am<83es$Diw5e;pshmam!u$mh5vD+OZGXVHk=JhKE z{1c!DWDP1TG?LgZFLN=~PetM8ZWV#Y=48(=1f-ss_dkV`P44s#eM}ilKCX6KoEyTc zVkajCv$|k#N7m%)-3b5tNxg3m2acR)5)%H=yoZKm?cfyhlRPy*jd~8)T|UR(cybXz zKR+;TC`y+UJ!CJD~so~o_cPbysICNU^;p}l418aZ`tY`!9t0@)%D1MYt| zYdH`x_rCQ$-_P-x=luuz+rZL%XcN~tc+hZjF`~&1UE5$-*6U-TgQ^ zAAyb@?zi?Q$=hL6#Rki^_0-0zR+Yp%vJt4;gpYgiC6;@vcYg^LrUKa{ROgzSC`yFc z)V4DT8166G1#L8FrC)-uVrjX4nxAJ;+InQGk+ZSzY5CKL4ciK3xr_DvHJ<;CU}}sD zR_9=K$daW)?n+Ou4)hdasu(s|g$5k%O(~{VVr=sk??9!{4aXog z!W-F(>)Oeo2>+FJ_n?Y6D1t$my10by3;nhMRn%~rBwfNJ}?JOEc8a14BL6 zct0=x^Eu~@v-f7t-dC*nt?z<;0xKcr1N`2H)T{ACb5tE={jOTeJ{j7Ai|g4U#0S-8 z-jva$Z(mYXUkZ^V1m*MXLYs!G!>Vxgo@fz`BOGF!yj_sW~v~ZW`9M;j&vnbUq=(uzZ5W)N%76y{&C}B*cFJB zWZp{zKi+RDRkxi)4Xw>C-t*OL;th_+w2_G%KI-eloh>Kv zBl&duPHnlIANXFBd2!=xeYqm;D#=U}elMdhoL@WcgU_5Vk9Xia-J z^wsB~PqVem;oKZqdr05`ugkM{IrHYhdswNX9pSP zO9&^%%>r&q34^2kZew2rHNr4A(52PWGFM$E1K`VaGb z-PElI?!Q`U`sQG-7t95J2-@U<&qG{JKOji&%0KuNLETwLIkHm8Ew$I}yh1)HPVn)m zZ=A@#nFs;?^FxSedKvfU8t19ojE@bM@&BElK^;#cTGX8u{IcaD3f*EZ8h_!M6nW5l zfe(eWo0Ys_8C8X!vayWX?jI(*B~92~Zv=NTqR$7^TnT~wY7&%ocZjuuMKbF>i{Tv~ z{M3gr;Z=}kBzOGEUZp`0rjLADGF+%9?Zjcu~=A?XIHdn~x_j8dh zxDm5A22_&$dL#bn4)!!eW$&F%ernMOY?H%FHQqC+CWpzyXG@!+^1-Jyitu}Sz3h}J z#HfRB8es*#1d|9PPqpK@y79nm50L#(8Yb_CJPsRjJ%2KhdfK)2J1w%?0qK*U;So9DWwiZOc}m^oCy zjPx7M7;R?HzCFI$=~f?D$;|dB>zLRjN7P@fWj=}0Yt{LVZ0KE}WCPFRD}rmW zS|A9SS0%y8)b}yd@GFkQN40K{9j9`_{1ynr=-1tc(eDY=A+1dD&eyxnv{LqU5?-+n zq!gZo7OILKU)C)|vh*?C{u)c9%IO@MxFEx7CKiNQD>4FrEKT$!-@xemY|AIFD|E2% zBPSSXFdGji4rcf-ZTxh{4SgQd$zDU4r4(poytTskVbx50TI8n{$6s9Kl`z2>A!d4Y<>BGR?6u~_?tI%2dR5}dk?4QJhTOy%8y!SsPoMD zX;Uy4_!>#_9C)1xPo5w_c-ExoqdJt%AP|jwLes=N^4wdu2R4Jf-jjZgq6)B>C z%dU$BMo@Ez6lkLJMKXgDS#5u~zM4*^%4$y~lB}u2vF}?!$9~Ey|HXbXPoTRj%=8-3 zyL-1_?w9HVaFf(Q;p90p_@1ZYtqH-I=-b~Pis-=>?iype7?3~Lo%9s>)D-yTNRu;j z_E#3UD%64lE^suLh~45KmSnvhC7}I#R_%#+E}#SLbFh4d)HYxqleLGhjf~(3Y>aUP zS}s|&3bIR3u8*t9RnF^VJk2TCHw8YULNne_YnQE&4Rytq<2{R$jzUAOgrkF}GeiBR z_V=&nwmoraCUA%3ybCG(i5gQ!K1+sc>()+ZqPxPsqdIxi;msXJl0Gb#bBFya`vY)# zhA?ij{8IC&ObPik_>)_C^pb)5&xe@WWr!Q4bTN&$}dd-!iPeP?3!-!c&Ff=|XbLd+G^*MX&2I&xH3Upv?l#S8ry zLA}q}{zZ@~S{Uf|!PpD{he5s);#Gw({r@Rb1*QxnLdl-M5-P{zsh7OIz{>V0;8^uV zI^tKtM<-@CGSTZ|i&KLBunD_Bxe?bV2CJAKlOBQD%`Bx9+>YEzKmA7|@Pt)Y;_qv= z+YrulCnh02_8(lCj3)|NoJQGoPMKZ@@u04$(ok2`GRI0v2hrSmub4b(T&dUEU~cp8 zY3-?<-7?s!n>+D;C1={Z&WD|H{UkHWi>v*KTu;n=acNs5O~k`=a!~2XeCf3fcNmVhcQetNzABmG z?4BM`BW(KjnvCJWVY{!8PV+L*rFTM!`yYH!w%-sncU*}trvtLm>?kHs)gjhzVtn6R z06CveLlr3VSkvV3w%q-0zezC!MNZ)99^bgzFc4x5yG`lmdN!g9`cJl}wwHrhSTn2NV60+zdb%O5`jA6vYFf@Up)Il>Al}t-h%o>b(yZfw-#N5x<2a`+1fU|;b$P; zCj>5m--cWQGIPPAk5}!55|*}?AU-1)BSJi>qZpa!Eck!Gr;}WSHs4`%D`&w8DD6cZ zyxc`Wn6Uo3Eb3=AI@|dE&BQX;hvyEGpS+2I=QMb!2}Yi}am9(nSxukcuDk~0}@@=o%;h@D}bk(9>+T793>t&K1GzV6)t z6Bd&MYx4x&-r*0blx?s?N9XEXd~U)3q$q`dJ>En{M3OACrsZmvAHA8WkGv3AJRdAV z0Zg1Qs&2^2);1&x?<_?39t0AUUQoo(5lXBkfDIw*8Ow~Scb)LN%~05I7^;f^TCd{< zifpFe?zF1Slw(bwi0Vri8rbMr5ZNwCZcED=6w?ul92dTm1Px>{&TC(upR9LmU5Xd; zH-6G?z>-VgaY!wl^<6kh&5dhZrPD^r%gJr7Cpk<4WQwfN<$nA05MS5kJQ7}GTsEp+ zh=fixjL)ZlW}Obc7rH{He@v3K(r<5h^B4s;+jyh7RhKU;gb8b968(0S>Rdu*{q}tK z-~ziF;~Syax;_@gt1E)Yii7(K^&FI0vdE*i>kHG#&Yk>?NR|u5s~lz}ofy^c^$Ge5 zSx0Zj;~u?rpmB0tU+ za#4em0!_0kn6a@K)!DB*#{kKawFp}wU(DlaT*62Avg%YyF(f;Fv~Squ?%qvx2SD7t z+LiJJKwL_JpS4ptt0=FB3J&$e1l`%7y}c$NZw9llR%Npn^d&2C`wag>rT$5GQ)|Lm zD(+tY+gw#gCHJ0nQ1H24p*HPQiR(P1RtnWU-ib#jYIVEn7Q`~o$R6kr2rp{YP~{Z7 zd@AGfS%tpFRdl~kfymDX@^QxlNNn8u>)4FpbDNEyi}`anN^lS2yNV|gN2KS+<6M*X ztlMO$bOiDYcNUAy1Ld@A?-y}waK*X(heuS_h-_i7;4iFrTDcmEJ}U)9JR2!1Gs$dZ zYlHq-Cbxc1W=(9Qk`F>lrAHZ1J8F15xDa+;d4IFw33;A*waIGty}1PaJx(sfSDLWj zP$b~r{IJ%sp7VchLR;m@Ieg_o@B+wa+?~Wh$�pRliiiP#@G7cZ5BO$rmSCE zY}-n;#=R7~*kL8rMX8rtug-xmvX2iYdpn{9jktzs@Fyc2kgZ zB*5!%ZMoZIJ|=u9m*x@ch~4Z7a|<{X3h%>qSSVJuP`R_Gt;GR z$no^rc_>wa!Jn96x`t|j>&p$kF(otSMC`&psJaQ&53W7sv2CG`8@MerIga^vrW`y% z5GDRQPsC1bY(_g}fgVy+IQRB<&?mg0CZ$0*kQTtV%Klo^*iJ{DIOIk!S|mG3EWAJr z311Y!(PL@O?EYjJX;DT9zfBu?24uZ!Oh>l8ByK4+%%aYTtLw4%4~>n1B)9R91j;6^ zqr-$LgemvD%HfMYsiaN@hZmcJ0Z$oZHi9eGc?8VIawX_b#-)~S$5K2{{V))!nMT~L zdOqvUADuj1aX-x5%U&>>)viAk{mMQ|acATQZyX5(mzT@$_~b;rY4`mL-}kc}@0Sh* zQCDIu4W>Phn$8Ct2BEA8a$8%4rIVn`6$4Qo2;4#fo~l#t8RLu^J`A5*ZTvk1sV#Ya zA5EX4idZ)H2wzNL%N%@>$xTW2N{_K-%;sMZ^6a#nN}5WDN%|ToMnbrY}3{ zpNFpQ?CH8&jWrj``QWC%$&Gk=b#C%^6dYg|AB=k#Nu;gKH zTXxj>%k##6)AlOAM_|q7`@fiylJVL$Hidfr`GM78h4b}}>W5v85A}uJ6sIda$;xjU z);KROy=UY1hO9dHvH;+_tTqM*=U2qo-G{7XqJU}`jaq}u{;fQAt-(G8{EYfNr` zi~`N#f)$1H4FMH8`8~BC$^rvg@FH5{=$k$fPVIOMtQkC_!SFvG1oRUE+UWbJsnoKJ zsn*H*_?UzS$WB4PVXmS;XbSCY}pFIIn|m*sKdW+51t?mKICPN8TUU7mkb+Znl@wWJao0yfc8ida4*M@TwdO z+?TK5iZ3Vgu;e;NR4ZS(LJy8>6B3OJn|dsrUgTWOB)W>~>M^)6$b>!SbAbmp*Lk@w zrc$Jgui4x_N!6dNl68>_|4(sKb^A+s*t`_pPtH)C%%UMH>lFJ@xt@rz~Z%W zaL{ydacNCUf$i1tqvl-bPGdHG_h~b0E32NFJygq$ zkKLc2{!w?w2|+%DjRt*!*5Z3%{t0_4;pRPM(biTvw&vYlE{JHnYgdTDa12nO_Iwm+ z$rQ<-5&;rx7W=WIhGm_{;Z}1ppfc)YYJu$v3cJn=(z}IAChAT122cKeuaBBN$)ptk8<26n+jpmC8B@d4pfR?TTvu6{K)KXqu(9^r3<~_FWh@AOP zmgwv5d)yr7iXe6>h6WR@w*i83qO6;8`^?Ap=3)_C+TdzS6N8-WN1xM#3uY|dT%(dj z(+9!4gAj-p-{BGpOTmtUEmthEPLQ-o6=y8Hn?DpljLN%fe!HZ&a-NQ^^5sC}&$$U= zH|*TOeWF+ULAuZcgG|I9_bsI=@Vt;_3f0Nyq7mSi_g$L|$kGKNAq!s>V&rH}aNKHX z_sG2IagPxH$)5VHM8~oLAzkBoZ|w$JtF_In<|;mzsjRLXW-mdgm|X-+lvamt4PIw~ zf=;kQAFZ%a%q(QZ4LOYTxICg|Nq@^%e6yq>NIB)yO_94Ha&wMGDEbzpUF}$SrIC`5 z46AGEXWv{SZ!`oA>g!#v&?oili8i$Ip-;VlsSp$r{IA0NxWD#RPacK9m#RFQ{8g z+L9W=?@2Gt2`=;EPnGFo_D+_8U}A^=gc@l|Y&83oE&45im7&WM%~QTM-%y=PEOjGk zs8Z^gp^1SvF-X#LMJ8HrPDjcia+pA+fG@mVl zad>lm;nw*?Gq0wmX49S0=UBN3>4O{tlxBc3bUj~-V~Y4~p9Oj=v=oEiBNZ7Ya_#8@ z-v1QvQlOa4)Y`^I6?8ht5D#`8m1aN?rJV%`A0-Us6&40Z;gA1qz9*`sP5yT;GEblV zr#5S84PGw9%Dsd>>W2GOh{d3Y9ePpqrghO7Cy)NtMh=aM+~j6PLfTNH$Wh`|)7(cc z6fVwegNNOew0ek^B}-)g3NE~v1F^eYFS5X0po_jAZp>HBRI*6*r&u<&8Ub)G^+_Si z5<1au_`MXw(xxlkEo!sPN;&Vw5(;s#C)9+x5X*5r!W1Z=N=e5pzrCxqa1itqKgPMNXzBsZW53hVn`okV7-DhjD<>N$PZ(bWy!8zYo__G8HR`UpI- zm4I86Cih=cTTeU~i@E0)m>=};v9j%MP=8uxxhH?|Juy8j$lIq;t`mm}m=fQ`MRpxW zWmg7_?F={|=wCB!W2OU)Z_vh0E^-!wHY`vcp2Tvp_(~|)$2YoUYhHNo)fuJynJ*S& z`UsXC7QMLwJYwR~VVJS03b~_Ft zfbQBDCY>w*l5+F@XI81mr_4H8vMhBSZWIHlu)TbYi-x}35E+ubBZvvcL!LP6HDvU2 zy(N?1+x(bt=VRnS{~2Ey&bcN14UUP3`4Pv)Z7C63azrtp@Dzo zb;<;5=Y$uYuA4&y*ZWh;9*0O?FNKUEF7|3gtt+pM_>y_S4CTOPmZT^~p*OrgG6k3l zxk+k9C8r*&b6x9IV=yrlc$phvo1SYQpEg-Z7p`}j)LT&JD;86Yo`#%Pl+5y#0Pc}2 zYsmv@G{%%HpZpyUd^`n_D_6|Rwzgsvq+5!llXczv5xDgukg~us4M6EwS}vWrxXj{u zru1Aw!BAnbvd)r*!C;d^plJ^jEGZ(Y4i2RcL@phhHiVEPz)~L-5!tOAJ3dOg5p1gE z_uF#n20@+h_}hi-A%`IJ*NJ5(k6t!NsbBhD2T(K$S5uK1DK+WhrFz2|c*HeZs}RGBnROBQdU$9|M#kI zQJwkGGo*C?rEnWpe&XAWORSeJgqq{nZob!jxpvYw@Kp&KHejwo?M$HbqJ_p?|dvYx)o-f!(i`|BVTYs z>a_K3hXpI~mj%I!%iKrdd5!#|?Gr(if2b_~+dl<|OhP{T`dxtUHoA;nEptPK@nhl+OV5bIqPoM9~^QRX} zE1DP49R5{OQDORaUsO3<J@cCA-?SB?rko%gpQw$UXa2xx&CHJ@5=w*SJ)asDYKN|Z2jt1B9 zyx2>O3{5PGpA468O?Uz8EBt{Xzwj@r*_i#~i&JLyj4a>sOHPqQjFI+|wZ{8{cEeNC zBE$0HUv0Y=RZr~arc0S&R5kQH!H_xaCTP{lP{m}6x3o0RV`vTgvlpQkT&eTdE%X9+nn^4}!zCPX~z=9Y> zN4lPTF%sfjZM^Q@e)=T!6p`9`PrupxjZK*&Pgn7?+?L2*Lx)xHj{rfTH3`F8mbh`y zhMO692)2}&{Qkja{?dY0#)3$lRFuXG6GLJusTDig7-HQ=~2?)`-pZ=Bz24IY;E{t>jnkIp9uhe96P zUwT1lVKP5E?@4%Jhpx8av5wzkNKQw3ZwSw+AYV~tX3aBP$Q3KYaE7P4#*}HOYQC)s>W`%OZv``A!QH|HgyJWwpJA;H(Do{4bwcr3{z=B-V^ z$8PvkT~za_941N!T&?$v(u_>=Gil?+S3N=1CbR%1mNHYtr}3r-ZgM2GaKR`I>LDJd zC=^D^##Pr{?@(MxUpZ}fPQn0IPQN^G(ol&cZ<>;z#2? zTAZ2RD6B#G=~WbWX@pp$aJ^(8ze#85AK>DvPwhS%bL{#RvA9Dr<`5)@d+KnMR0ZRx z@VXWH7i@Qfh#ZN_zMq5HSd;FW+DHaAS#qqO( zt|$TS?TP(0_rX59%a^~U)| z+5Y7qI#F-|bwpgXCDc&eaD8dP^WO$@GaS&~G`9m^%Xb`Kn^Bas*p$Y`vn&>W!i?E$ z**I(G(OHRw#p}}=Fz}k!&`02jOD`;M1N$}Y1bBVXm-C=7V=K|7#L1_$(S27(-(`R+ z+4GkPkQDU7b?$tOB4f&b!JcLQ9Rxb|2P|b~wu}j#83rT(peuNxtWsWIzOz)1nAv_J ze|`YHzD|f?_Lx55@$5@9fiBwbhGoj%KZhBr`1X+^%0Ys{BWA?UdA-rRsxw5m+FmJB zyv^O!LJxo<^B>eZVdJj=8#LR#<;q!&vfEnqEB>8 zMioz!GC@_E+dE{fJyN#7qulj{Ky8yWAR__TBy%E_N1EoT(2O1oN6 z8Q~V*jdMD2v9W6%SJy|QT7p_{j>tlSLgua6Ra^<9AS3yjuBtPOPo8ae;n7%7bx!2AS#%+Y#H{_!s%B6H4i}l6wl-507wJGa z`R>AKmXB^ybo$w#%keuQ94vg3)(b=O-mAT>tmHuY zd_ve+G@Cs~tsrFY)5NsFu7jEs_fEJ=Iv$65wWu!2eZRQ! zuVY>+|3)@VM>xjvZDw$uv!-WrQ-Sgv>;2fTUw)L(&F9!y>9l)a{O+1G!>IMntA<;8 z+84TF;{Pe9hIui$>X+$vY&b~jWKBReoXKt8**@qz~L^MDkWkcETuLW^i z!~6@-2^9gEf|EdulL3KXTK($z^if%?swXdVs-Cr-ze=~z#kPb|L4le4XLL491QgeI zwqBvHr+FuG^f=e9#Xf(Q`LN+ifN(3Cv++}{&%6UiKxVK-sO|I2gn8c1vW@*^zz9?B z{`IjzpH}svrMHz#R!@#(9y-*lgvQ$UAK&9)QOtFM9TuHjwT?i)-~B{$UvZjV5Rod= z^pzc#)jX%|v0RFh{+?L@I@!w4Rp0KuTLqVl6lA0Y19lO$M7}F5`I&&g-W>6<>w)fn zm>22J{C?Y+=*EVL9t=NFcbSoU{D?wmp2qi^6W?KeBIhc?J%m}0 zl5EAAb<`|#dxd4ryNwJ&$?)m^EH*E}URxYYQFN}cp4i+JKg0D#5{>zbLR3Gky=QHj z7Cu~+-Q|Z+n`)YIO7OF1G5vd*N-;&Z9~O}KZ5~=7$RS_#&VNfi{7#7Ziki$AmkM4^ z-^Km;<^eUQ)^7^YyRs}388#Aj%@|c25ER@}{eT4-ZM1%Eg75bsMR6HPZ4t}N|10VN zVJD6hFkyi-?y1YcxXu|8;wSavtK_>}UuDIAQUcL&AP~2F%uzLa{L78BWQVeEEi5GO z7zGg-a{(&fH-ir3%j>YZpzo`A3K+eq-@`r!2wNu;E+io8i5m&zJFFoyd6rUll>>7l zfTy%<|LWH2zVH(u@!;7!-&NJ4Sl~$x&zM_4KE6A5d|Rq}pXCNbuk=JQ1JCkh1wM6` zR89y3E|a$Qs|sN8eUc#;QSzE2k;cdlAfmNDfeEhozDd$+&nZS{mS)q&w|~zdTWE%f zPdKV(nBQ(QhF*$55wF*J{3j{tR|RT4R>5zQPY`7}0+wwtX^a^43PdUa6ywECRgLWb zy$@N^u=91-=>6Z56LmBTg*eTs2EAgT7TmN7o^ehZ+)UcGY2JW_lIdxV)}?M^1cDIi zbmMcys@{^gUhlj$EaJPx>54r#zcL$H65}vmLm*lAry%$Ahg7UT&VBA#xqtZc0+JWgq|>XuDl)H^5X^p!Qn}EzYtGYrmP22|&O)D`m~gxADGTcnyw&sB&77z5 zQ_Z-)<)yId4#|{J9wD@H_{D=!eXpA0oCN{%twxH#UFTVXnt#G8h+h_k=G8}P$a6T0 zsFl-3cYZ?dT>)L1nDcaNIwtbbK=qX&?&5d{9Dmk9sT^hVa+R2Y^KU%@N7HGXUb-A( znfHv1pjf`P_=UKj=iiet`!G{U^O zdcYup;7|&+`UDlWUwk?8CtKZch0;){$M}AFBm~XFjKI4uFn`!mG=>}g9`(ELof#|m zN5Gl#POOO$@*jh!e4e8WcF!RTNG*#P)JxXn9PjL?IX37K@5?i9AU?;756sQ>Z?}*Q z2w&}StEE44`n0)3QnFD&4TWNDIpy^)LpK~GGY4b5Cr$m_+r~+1pAJQ zm#&S^9}Cr*qraK}Ho3ybix@@6YTQ40{$_12_TJ=sk)nIcs>-Iaxe{V26nMI{9}p4L zUgzO2x!X>%4+g^<+S+1YeZf9#>^5Nlw`F}*w6YeOH*g+U3~jIOADXzSV}{^U(;J7A zUZ;&G$UKcIQNcoFmuCcx6aA4*WkqzFr@*$MHWhBm2D#5vK9HzBwc8js@sZdZ*1SBdT-A`RBG$fFJ*-&fR5r$zT#Km==I}O@1Cg45@bbdT5LflAgGI_xZmo{PF<9 z@Y!(Y;}M0w9KK*4PJd3s}@bkCSFL5Ie`kpBf{_Pja7eZ zo&%S5UuP|Hgw*!&;2tgRq~&y2U`7?_DT=WRAo06whAYUJ2AQcME__>ms({yni22-H zA#b&U1C#Yzljgp$gq*7mrM)Q8Cu178r7j_tn6v*fVD!ni)vZ#Z2!$s8T@bV+0k^3a zWUZ(ICA+ih-JiwNLUeqL8h{@i&(bsLujbqoMNm^WJykS_W{n>553v|8-CkQC`)#oC z?|y*6jvuQ2>?2fT>nJn}*E2#zS`zaGg!(18)4xp6H-W2yRt3v5U(DH0jW4Y9d}EKb zpQ|od8QIb?`J*?*}{i$9}rr!KfdL7xe?MkccL;w-Z26zjE@9EC)La`IZEmABd zAAKJXhOFolaI^Lhi#+~O^{)PhM{?AIbfev|nJmLS5y{9(^Viu&sXH_;{kmUFLzZ(6 z=_+RW-Y;7QGa~QKpGMn8^UX8u^64OS?w{N@$yC$%ViAg$D`;ETyEr0yC#QEYo3Nus zHvG|`?9yU9PHo|a-B z$Kl(P%~>kAaMY;&tefSa45|WO6H~JGu>WX<(gdsv~lwah4Ry)QL zTS-z@K-KjLNUUtA^MRLC7lv(?kYD(w*>Ty5z1?DPHW2@Xel#S; zlP3{*P{;NdqEx3^PgHM=dH_@?aRVSk1pb3nabmFlGtqL0-jnuv7wUwQI;{mEVm91| z&xVj8+q<%}Zc;GS*0dUWW1Yx&Yih5njHjT09s$#pIL=K8ImMPK&nemvSUF^n(3m*6 z!-9$vYW6CdaI*}Xy!$Y)$1AkmDp+A9FrWQH4E?(0tNE2bXOVI3i9s38%{D^pS;r`} zkA!oz$XNSaY!cO${$E%Xev+GT{6Yy!4JSTKpUrH+cm}a9vrGVKb(xtn2MrV?>qFpB zSCyMBMeFYOGP`VO^mZFah{ zx&!L!#|`JCsI(?aH2WQT>J5EBE(n9S0CZy~8!i#bu_X#8iWx%9sI2)U6ZD@w3TV%q zc@u2nLu-TsgguQw9$i;jzHxZj75;H3p6_Hctg0jDkmjD;`IFFqw-Z8;@x&@_WBo^U zk<_mdpK}NxcQd@4GQ;L+ zHKlWu1OhhSGrwOK!+R8nuJC(IKHgW~uV+-fWeRtRG}5Nu6p_QaPnJQx$!F}1KaLV{ zL;`lOGBudJ*6~G;AZ;sWeBX{2ZzfftB^Nj30Qe}n-(+fE0sQskYZQY%C)~8&!BGsQ zynvOLDOHRm<||BHyXi$fK}0@)&F2yD0P*x~ZD|>)Z<#pzUpXijUAa}JVR-WLWL_t4 z_A{lX?175DID+h#K3MNp;K$4jmDx8ws>s?Bq!F77Wa$xbeEeh_zTho6QSFN?Y7=`A zLX>ogNIxGL?K;^#D=mt2Oq-;?a=zh<%*pBFNA@%~4uK?_Ea-%Cf@;pXUQB!|J&J*2 zCw^wu8JWyFh(12s4`{Bode0=uFxFB-ZST6!rqPrq@MAtPiIcG~h9(MN>-26KO!}SR z*9piAkZVS!T{i>H{h;ojjHq?m%E~%vMr}-z1Q2J?^QUa`(1&CCkJy@w-v)=JMGcRx z$AjL}0t^7WVJYUjz*i!0Cz4k1mn4G+LuDgfZ1c_KX{_>M^LF%JfWo%@>7h_gWmmN0)W z1wkmQi1JGg`w$+_IDPgu&iGf2w*{#E5ichXjmZ03{l%C(ukA~jG;@fekZ}vF#$AYm zAEEs@F3N;|MTP{?g4!9kny*lGWTa1d!|-FngYG!T0)5i)JL`eH!zeLoYxJ_Vr@sE# z0^t;x(J3?YMIgdIT+4jz6M5_aR%Q_G+xlu|nE${od>bUp2U8a_JOl;OuX}n+C5T_! zPb7I*smdy}R?5D}(FcuDj_U^Mfmns0lw$lL6Vt6`UaP^KaZQjQTU9TC8BMLn3pZKh zKCp7=y_lwCX4@SZEpl1s**3f-tzYI2io9NE%8e?g+?yYb8;?8P10>m;BBa;E$EQM| z=M0bFd?|>+gXL)Cj=RH9!85xs@)SXaA5j~$uDh|yJ}wn5w?qpgz>V6BdCH{CWvX_& zcOLZ?R&4NWhjdSpd~Y9n{klIf?9jPq4G1WTmW}i&W##KMr-JP8K${qjorOpW?x3q1gJHRG%*Ua8NicKe_kRkBd1>Y&Z1 zG~(3cP~+ZYzobSt7m($9%5c)LAMiz01H|G}M(2y>6HWMy6vPbwG{`#W@=?!-LXZ@* zT(du+;RM^BI}6XosxAgcJ|ezM`%4#so7LgqRxc^Cv>WZ2AFvLVX5Eq5gn?IJc^HnRucMd~O$vXFHj_?LB}P6D#1~=LS;FP8hN7(5i(KKUM^Oq0 z`$;T2ReT0wR;vk$kzD_I9I~P<(|*e(JqKx&gM7$@wDjdzrNn z!j-TF?l8rzz5C05Y_lASHb;N#9u)BwQzohP%Jk`)VC19xCK3)hqpze95)YXWE8DkE zDy|wPY_l|3EJxBj!nT)|cCIYLrK#qc^dmX>t^`&D$7x=Gcj~=9{;5S-*IpZscIKeh z=JKo5?rX&4iYI>-xmwbaROzbAA;TKLVN3}~oNRq&o^gXRf7hUCvNsC8_Av_Hqe>oL zgm$}`4AtHiGN4*LD+$1)Os34`A0QOoH&w+>YmNQ z3~{ihZrQ!hQshpyMW@J@jz7O;I0?5{)cSJQ-xnP00RblKFh*jX~3eiPe+1x$?)(RsX;%EpzmuYk1Cy;&K^|Un*Z0P-I(KhR( zfmvew$7q-?-`tz&c}2&T_U%ps*x^-hQD_^ zxVi5bDjQh|7tAIoCVlOM9cs)o;Xz;qx>u8Q@-S*rWX1OJm8*N|DRq0Ksuw51mL(D9Rds!yW9{tKNv z-!6j}c2zZSE~bR0OF_bvSu0|SENU=uu_z5G!Z1%%qjTfDnILGC-7RSj+h5Q#rS0J2nda3b!6nbE1-S{PM@v=6C&3JwR0GFzpmbm>lvn`_`qN>wNHSsi(*)<$6hpSBBsasm{r=$RZsj2y{ee7-1d&}Ons|65UKqe&!2Y84wlvXMr9YG(-L zfZ94p^G_x2_LB^ZOsMI$v{~|Ad@(5!FoCNap)||cqds#cuSldHZTmxYG7>s4j z-e`^njStX%P?97MQ;y;P7Wu<2AcOPu5kOSB^q1kQMLB%^+%k7No`tPBAn7Ons&C+a zLh{dqHlwUR5I;1i-TJcNG(Rj*QXPLhTF1=q>tr)2^?8cLcH~5$+q=-QH<>P5Yh$-R zty8Gh(UwHk%Kk!)ZgKg&oT}_rY_;T(t*ya$%5ZS~yr%P@-EzQBRIy*8}p(c&>uOYxKks(p%RC!*Zm;7^2Sktbq_PNQc7V&R~WCHUc7`Xspp*U#XG6cB@MC~#13P{Q;hlRvk2+CqZCjTwyn3=*24dZQUS2*kT_@DW&4 zLL$b;b;wKM<*YXLZZwFHbLI$vg{6?hc4ug)hq_juC7m70(+4|!1Yd5ZNaFjgnI_$a zJb_HT%_P@2j|+yP749}QdiU76#hBP&6Agr0I=j3S8tL{9=s`miE|*=}6RD?ZGG4sF z?y$~r$W#rN>`wj8@noOUBfpw&7G;z5DW;`~e_KeU-R@S;&R)XIPI!-kc7?-6PHkHn z9@JhXbPzT_syT>olCe-gZtOYK;d>d8o^z@DAm!@DK=5!!~DgXLHW z+bM?i)=Hr2O8Si`#k>ITkFlJ-f=mG-^g^t%Vzq9M&-?f^DvrL6Z|nr7ugxa-=PjMv z+J(fYWSq7)2QNq5N_B=a8tzzO-)lemwn%V1iNIIgTmN{3L&((Fpv|QY8shZcGFp>` z>nx%QQ*{ZhA9Wa&C`n09NgxmB?h1VgrF}PL*&S_{YskoWRj$nlQ1|*xa)YwmblT*8 zk6xiXl@Jp(k#Q)^lb;6CujGBJSJf9^JqtxbhQHeHrs)^HAZ-0IS+p>3HhyYWqFw%` z^@>!fg=t(L6`fx4UHOS|#wRvkb!FZ!^$mNMPCM z##T#5a);$sdO<0oLFRQki|^hepLc@3lbK!V&BhY}uX%0XlAnEOXq@k`a1;)O(Qm|zyi}2{TTX`Bi8?!HAH2SVP0n=1FARAe z-|seKf~<)uRJ)FxDa&(bS`FKIg}iwpD>`gi(lAR@mY?)UVy42(y&$>Y>q6Fx--J2( z)2w#+`n!G$@`Uhmz$In)+x<=XaMEaZ!+S&svvm1t#l`t?){lUU1XYuqX@+>aqzF{32#>7*1<0y-Jl&izeVeK z+Xj(FeI1Y96R+T)^e0TNVRgvOMF|WYVc1R=$}Jn?78^57wQq4T>u(jc4JZ!))T% zL}^|JS|iRkV7os}5k6gtK1MYklvm%>q_W{Fux7xQlLNxs2`|L(idjL7FEU#-lpGXj zs%~2li?u-8e@f)e77XbRXS55D_y<}hG`XOLrV+H#LkNwcfaQYeBD1etO=NKWIu9#nlUr5N?(Xd=M{ux*%O> z=)l?%c?g{3#02W~WjYWs&zSr;RXG?x0=&Ml(7^sNNp~bQA+~VBcMxR!G{Y^lp=Qy) zX#?{>q{z;Wle#po%oWn*up&X1Xs~$zgB`d$2~{L#p+YNAYv@da*#Mi5eW}6#qmon0 zOC!uZjSK64^3wHXpQk3m0eP$A{IwLsRUc4C=}|43RC}WjCJ95MwO0wUvyh6c!Va|h zRgD!NNMB1gfYyikLISQw&t2Rk1}!7PcNTtBBYYaokA8ChKccQWAgZqEU%FfA21V%( zNhJ-Wq`SMj7bK-cq)WP&T3S$$kOo=0q+440yUX)D?|1(&cK6PlbMKrv6TdSPJ-puw zrs+Xl_VG3r{Nfv?m<+a}k5uT-%sbz+m2o!u5eTNRCm+GZpoYUO*e&YUYV$ieK_*#^ ztg60Y0DC$^CBaR>H!+}fky>0#EcXh71fQ#<;$j(|95#A%ikWf%>UV`Jn84Pm$e>MT<$!1nh&r5lcVGi7%nE0Xg$|$W^!s|+fB_3)xn?8h zGJ}RA+^b&tp{^9=T%@94ONB&zfI{j{pps3g@!HHoR}g;Y zrlaPp`gEQ`*gSaId-;_2G#Yz&6hvh{=>H2%$iXO0kI3{8MwxEb!xs;}Sp z7|82^PG0^&3mt9N$T?pj30n^W3il_r#I_f7WvdRx3oybTyDct-_^_yL+kDu9o;7AI zK2++t24RBwi+lnzs}GNL$6_86fF&?DW{32fom-r#tm z_x1*iT@zIHIRLEZ2Ddd6?-97AXO6~ECTW!Vs#c|?JZv{6v&CP(T9+Q0sC?g?Z&6fa z5q2n0s-$B5J0Q-m#YYu(n)y)wVs!I-qLc2TD@3{i>=gw@UYxhQWUnp7H=S`TRHsdRI_qaMP5ct5iOGTqLE`k0u#0QGZW`c>)T`OBAJBZzYF*xNXwW8igV zqla~D$&WYwlWEm25dcqj(VjZ-yn?mP{%2rlB@H^34930(Q;sjZ!0v{U^Ma+595(86 z3gC%{+^DQAvb}!H8$P$YKPj0hZ>+^caw9)=GGp-(%y`&nzu`M36u)$b0{q2CZp8BVwnZqv4uKuZiz4%M?YkBP@D-tI#7vkZ!<0m{*1 z(UoS4?2-gx1XBHX5(+9>R%3v7)Xx%5R6l1fF7qD4YqJ0GA7q2-c4g+_$^ncVHQ_} zAOp{Ew4-_u*vrZ%rQd96D$i3m@l8C+NaT3EM=#TNU&@5_<09};H{Hm7i&7t~AAmox zpAq`UDQz;z>pmO!g?)d0nH&HbmwhgHUaZMCV%f?X|Fp+7j=_2NzFPpn^Z9o~ku)Gd zvymd?rwst1BCDdN#{?I~{x>X|8)X8pjWc6B9=(Bh^wl)cuP4zoiuMV4SPraCI(&Hs zG-{dWJ#X&jw$5LC*0K48B5Wrf<2oGJbfv#{plNuN%GzKj&M9s;P4{}E9#b#G@}qQ~ zM_q%#Mh|bluAH!NHi24>AO7u(*m5&1edGBBI1Z_I`_7hGx^@*``5;2u(SUQGa4XrZ z93jca8v%wmSK)JsQgxBhD*nTw>T!z#Jl)!Eg2cen&t_)PCC5$tw2np9rN`xlvvo1N zX}NQ5YORN3mnoo~16~fav*lb$CK~mX&Y19VvwTXaqf%tCG^)7=FU5+rv2u#le~hTr z4WY@#3|DcuVk(b}hu8DPblk=+IdcZ?=szY`3T$7N3;ye#p_jsj-F_<48dLKQ$F>MT z8*{bxRnSJQ>gmRs#KfxSD9(_pN;EU@SGycgdAoJ0xC5V2kR^E{Ip~$_5KVq~Kb{C$ zutX|A_jjH|*vfU7k1RlV3{P31q_3`2G5NFKJ-ncp1OaNmM3oE5xh<~2KyZ@50>j{; zo6}nyJ_9ZiY*&m$xRie}AF}CFIw}%oe|i1)XKQ8Cz~tM>Z*tl@D5q>R2wpjQU>X*9 z(dQj>0);+`?G4$F2!5bWDTyEmfSG=&m;sMZc$)RpOnj}8hI>P5F>%9B+paRRU+pPb z*?vbUeG21vZyT?kV3jROe%SC#Y5b@}NXwEDIh5N2FOT8aHNIy`b3;iWJC}TT^ zsvbNc7t4D;4@kEx*hhh{h&K1FBu1%9EfLD2Frxwftchj}H-i;<8JllgFAelxK+Tzr zg)MA<%io@Ih$F@gF$7~Q5QXZXnfE>#=dzZ}m=mD}@^Lnsf7WdgeD4b}LcVX;{gs;X z`KeLYu9BrYkUNnJXUhIQ``0*%_MvU?yA(poCpd7%ESOA+{pK;lq)_|odni@$L-64~ zFt0G5!H=UT!54sLbV3S42Ikg}T;H)V(NAK$B1N!}>Hr}gQmR3;m(S;`AcEbEd(*GY zjlB;)a5luyg-Q-95WY*gW93NZ4f8M)4B+1mK8{%s>1cdoh`3o<36cMfp$NA&1I`u1 ziyKkX-aZ#xF?0xIlUx(9S-F3u^whsYX-!_2OmsR-EUHyqGKjWKcEi`pTo~0I;#yS? z2ls-q&#&-iP{y8eHZA8A32qNRc#3tcm;zrjxH!fOl@wI7kj=#kI{HzzV|lnLqjdLu zxzAqaWl>KC&X>LmzlxvPIg64Z;`*bw2&mPsv!;P$U#Fe@J#NXiRj>{c=LTtm8bM7t zo-(^!_xUg5ByqgZr+kX(-TiQ+GC|Dew>)9AUk$Ro4N+`fwOWeLA*uBV{OXi$NZKpN zWED`9o56qEq&aw?LZjVxTC2>Qrwyk#P)#3f)E{^<$*cAy^7|A z{g+mym(}$irJqikSn7@=8gn=n?Mg4jn4WJtam37VxTiJ{z)set!gkIOrH_E^JE%pQ zf2`}3p4H9m_h%mxYFZW90l?EPv+Vh6#RD>!6>`CN#3R{zvr)W6-p{?LX+nlgA zwiMzP%*kVYu<#ZL7wJfn)21em@l@gZ1n*2_i=rWV{Z^Ai{b$SeF#*qg6){9*BPWje z_v5Om8c#S22w_Jfoy|PIHLH-wAF(+~>*6?Ie-<^%flsfLWUUJY|j3AE2I4v zr2VM$ua>Ji3rJ^nHdVy$i_=L7j{v{(rfItvQllh``d#;Lc`fVJ<|xa0EGpuJ$`1=z z97CyfXl(RvLmCb{NyS;=s3qJC4n$t+M z?V+iy&$WloaE#pr21lNclG`fz+Z{JR(6s&iB$HUFtE|xPjG%xFrFG)-_UOuMD(pbJ z!sz9J1nvrHR;#Icjt_bTH+}6f?(@bRgdqDIo-6^|CdG{zH{AyPGo1jGi0b{b1=PLg z<=5Q=T(krFnP#>&NBNGmXN$S2g{!fvXY=KjyhHPGFYx#TH->XG@y#>{LTee{yGt!8 z(Q;M!RhX~HFL+Lu=ov+0O@(GTGu5d|rHRflvCrMYuTh^Zq~Ju=C9R#GtuXS_uQ@W9ONTayl+aAHGD)j_eyN3={9)jzQWd% z>1T%Oos#|(iT~Iq5UVHy65GdoohN9?*p+@Y+=kt7>UjA$(O0G2%bic=TY& zwtOH?Np`jRF#>E0#BlmHdAVY|KyW6?O`++2xKd6aY5I5H;e7K4w9RXkA|w>x2ADrdTI}r8XZr$k zSAkI1W>`9PaXSmYqGkN89?eGv!tXnX4gnA&LW{{r{x9~%nGJOl4;R%1-ytM z-#1%bsxCg?E!f~a#NiKbzS0>^qRV<5a-x;`#rJJ<%v>aaOv)3k`?Vhs1*U(JjIc53 zPnv{RhF@GvM+98nlc65~0dIfv;o?I`pRy(UlHZbJ{eJnZKl1UU^uspJ8OEnXpYHct zWh{g}0?8;#OPwqs<_~yBCS-EIh5Z40LE#OS@RoTcN&k@-eCMH;E9x67ZevTmm3otM zYr>@`&p5srmm zHU&=&L+iQeXsi%8M8e{$3Eo9VW`0P#xXZ0Q^{xKFt_k&-NIAjPW7Ve-tjTgsc4^9M zOgpytb+TW7JhbWG9RJ|_`_wM|9y4MOgeBSKoxas== z&31+)ag?b}x%GW*_T#aQijl*KykOQR;=v%AzP0JFpIzz8BFWUdQ&ZcDIPrc<*AVAx znYJ?bGW+W#SZOKutkWmQ=TC=aZ1C1jd29|5YTD*-clGp!#j{p58eHI%2^GioK#~on zFaFPf`!_)-b~q=m4M^Qw%)d`=TDghD5U)hy;x%)>s8b=$;Zk4VChnTuL1-X|(}!fg z%>h3v-p7Hr4B!VHDDNijcevIrO8R1QacmshDcWSdn7n)(ej^EoUq>S);rx>rl`IeE zHHClVMh_zgB;CKe?xm`n z8+p9hyv3pGZy^QzLE=W6di?|ALTExUn~9o zaXQ_3rui`SdA z_h#gcTeuK%^xdgy8>UgX3VY$AyZghT2D5oqM(y_or>c|G4pvN0wsa>MJf9S-0Vn&& zw}9-KV}HmTdVKLoli))`vzQ{0?s?BC?DqM0PJVil-<@48DTR6SSwXTu%9% zRn7ROW_II7uJtPJVe|_POG91oEC!JCwtNmA+;Yc^7!z20+6-|RK{5l41*t=~em}CG zdJ_*Uo~#HNNzM~_nN5VRPD)pPfuKl_3<{#iTD_GP?GvB_=Rra7%V#8b^i~;eZ*}ff zo&tL?{@=o7->jiu+vCTif4B|Tu3P2`gpoDa-Vpfz&D2-WURdj#i&a|HMX)v|?Dr~t zT4mDpX9=Z)qRkP>F*QR|z?+Z!B2g7NA0aFNr2Ti282i{R64xMq{@@9Fv`(Cnk1&bl z@5s{rzPaO-i7*An2&b@WL0^vexhwp5@XR#m4;tP+&~i(aw)z8!b;@f*1Md2@_wOB- z9B1%w^^5SV$mJJtszo8xv0l!%AG!*!$9JABRQ8MNu93mTNwmh&F|6aQ9u8*+3QZ&o zU2`NOH{Tnwlxkb(@dM%1rWRy^=n!HMd#9c;F~Dz7wTbGce~djwc>ZuAzpcA3X8&<; z{~+1vK;HcnE=^G}l}$mE{}wajhQhQz>X;*(o@P}bAOt2THa95z94p=Zuk$Lw+@2Cn zSJX#==1Dra0K}cW57_>mq)hOPlirE~v?EBrz;i{SbMiznc_mx*%p0Ml^DijOd=-SQCj=|&M4@ZO^R*7aTgrTX7y9slb*VPfXMXY6uP>V(f6<}!|DhX}}# zRJEJ$z2J~Qum}F2+d|CJXmq$whp!2QuT4CL8yV@a zeg^q8yPlx3bG>y~RLZ7F%oMX+WLe0UFI2_(X`ZK?;25PZ=yK#KTi}_?HN1Ce;BxhR zfTcEuUeEBFgO2iXC47sc-(BFvBt>O7$RpzDrh(%OqPBX`b0b4E+Lm32#Js_uoTbRP zVXR%~M$GeEXLVwyK-Jd&O<|C#DSxb|O|BJd(umh2N&BnH)DN@QWpRC%m1702@yCxq z6ZSy=y?uvh)ZOqxc8~7oq|_0fq$g?XCKDU%cllkSNMn?EOSF}=|k+_X+1}t zU3oyAZBHTB*3NO|$+!8p0(;hUj6#zZzWDwjUkXLI0~%fO9n6Mib|zQc;nU(&8a;Oa za6_=Nz^Pj~97gC|x3zH}Iskc0{dD!3urKbZ@WF|@DF!RXc5F)NU>g;!Wrr0UQ!(1; z+`Xxx5qJ(5l_$BKluQ-;H#Pu95&i#*IBvQKA2_zT(R$H&4!9+m+fcV@ZS$W zi9CjYCLSE$!+F3yyF&v&6i2X0b9lnY^`ja8M;zLZpbZ$sAQ8;EXOf=i>CK>Hg|mBGS96?D4@;ml27e2mnOaJ8tCeXos1LB2v>XH?y`yigU*L65omU%jt)10+ zxR5w{l8lwwZjFfuy9``4d2@7$-}OnUp% z8EW|H3sTKCk#-XpVN}{pTUtG9agGe3m5YZxJU`T!5S2b)l8%3(_&WvTkGF%`5$vgz zPlcA^b{tv!T#79U)YMnC<&*n_iJyngSX$OmEp5y9XW~S>p@;K7oUPKrNU0prtX6z# zR=q#Z*;`fQ9Zyt7P4O!#(>8ku=p$YA6MyS@w9&R@10i;hV za@~%JE~ds52sPUi+EnU)yd)es56@l2NT9p8I(e2Y`uS0y=yS|+FEOF51vu_k&X1{h z@KCqeUbVjcZ9b#KgRN#Fvz5vUHp=tS;lRP|^;Ia+p4V}+yWi{+B6?6BUN^p3?!X3Y zeKuRyAVK^L9TwTKSMxTzj;78)OLHXvY}S5&eym{%yYZM60W}K590`oBOiiJ5UbGv_ z1Mout2W8S?XfZ({o}oYha@I8JYNtp z2z`c-b}GNRFwJ`fYvs!f?2zH-wXrzXtDe46+kHdTRE>p=Dt5id>WrRH%4+g>0z4~7}ILq7N`;%JR&E=;^ z(>U`Fl9E2$JOD|OlOhxcxI!ow=QZ8Y=2|H+pM>E@H{jQuHdU4(P2Jug@un;)1y%F^ zeq0aJzq~|+DZv2XoB)^-LkxNc7P|idHQT4{sRvYwCg~|@ z%Pvt0nt&Fb5x7+hHt##AJ357+L7J1=2kOT$amac+5F=*Uu$O-i2bBa39?+oyfKLYS z*vUatdKY~~I=6mBNtl1BJ$OU8&xZlw*&Ia4p8RRcNE0`9rj33UG#G~XS z%c-20o%v3w^L9=)pbxI^>Hh2xAY?J3K(?$}yk=>5XVivdU54S*-&Ho>cdIY#c(xO$ zdyO~I-r^G38yR#iI){M-XdypFL?NA=5PK42&YuR5OXR`*_QVQvREIp50d5&3fDJ5x zznJ32B}S?#p`9;f8sVsnF)b1x?_csC==ABsm>zYl#9w{Bz}ol8^9PeZ4fXPj17n)S z)`1~e+k|IZc}pu?_Cwv!8nss5>}v;~*r!=vkEgkkepJfm*NeBO6hL6+83YBD;u7pJ z+?;qPaMj_+Sr24e&4#f_4GF3An2Ke=-QC<*3To7RgcsEYERjZgO}Vy~b-N36yU!QT zO&4c}sz;i~Ttsxe@lxPlzY08`z}B9lwx5G%J!`o7 z$A(?L5gn;BR5*UK!E6O}6KP)c@8iyACpr3;(b557l&KaR8d6))GbZ*9zbM?=d`9fH zcB%I?t=XlpcNjkVzB%Mis+|lrC*dh;!WLZ1x35;E9sFA@@G{SoSgnlSQ?^>}%6r*# zP<6vm`$m>w`t)PN@|w`GfgaDX{6S$)LpYqaKc(Gx&1-}4d5+b%=cf@H8yCyIU2DQe z@*etx3_#ln`N@I?u7c&Y73-<{qM9bobDh2$vp>h$zWkS_r?i)%R@YMbC<;4rf)|Jbe7rg?e5u+( zyMo>+A7fyPe6_xvJ{tzd0Wg1$^Z&kapFf!HnVtNwcYcWjq+|c1K8&KEHgU!+QkTyR z;LclU-HCxf@1}zl6QCvO|G^z`A{)Wi_U)BoM)M|6!Yj$jRV&b}AZ%QWNi z@pqpZ?XFRUUI(_RMq$iKoCsW^*rk6(gV3OX+6cU$G2uthPF1~rxjTvPr1WPv0ZtHjFSqcCO1}BwYQG?Rlz+!C z7_R?pyCSYdoV(7CritHJVeardInvlnWCc@x8}gGUA_cH-3O>AH2nQ5^?4ctRsj>XY z5HUfV*HUkiXa5>f)_JGF3Bj7h>cx!4MTi(HGAjDhy8W5Qurn!rhl6Ho>EPg0I`_Pp zW>;cW1^jvz8B=N8g+I zcBB>y34LNZ^?Mh4j%EbCr)+gwF~6E=upJ_)8w>P>YkmzK_{7YGD#RmQPLuAGYgdgr z%F*?xd%F;@S*EWiEY!RHo$E+1%=R?RjKq^-IN6(h{NCroPLMuz`*G9y8Y64?rSpvj zCwGT;Ub@J^gOU9XVc>M*uG!z-zx%6-+4G&n_*pb&r-;$`HLM+9aqm#|!G4d|(zRz- z8I$;Xlh+&l677?5hE$h(rPN5r^E1$gzbZM7og!AALT8q$(~BO?mx^kco|HT++WoG~ zjQ&M?==lR#p@zW3iigps&DeV;4kwp`Ip1U*_PD6hc~$#qlS*$~(%rZ`n4`&Pss>5u z#!300`)Grf`+cE#)a)K3Q0I#SGDsB`wNLAmL4x#hwj1oc%WTm6x_kTD9=o5bb}yjiCr zMlma}@;)Mt`ePq6Ur!^u&Q-VZIZ^5Cx@r9NTbH7_0i-^;9J+STdBzyLf~@zVJsw$F zJ^fbD^bH$->hy2S&f*rO+NBSK*mg91GXO0fWfX+_7hc%`Ksm#u^uWlF$Xd{?4>h_r zF!d>M7`90bbbO7f#|P5GDZ)VUF*+uAWF2QFV*rGb*N4pD0#H`!dgZ6d6H1+9r_JGO%nIppjSb z`9jf1{AACm7SjX^fH1gWoIQ-5I_ky;8LHoVzkBh(uo8e-mDm}j(CJFNQmX1IV*R-y zT(H%kZQU6A22TreXnKBDB7quDjaAcDXd7>yC1&41JHnWK;%aDThz@O+l7OhsD+%fE zJ5?dU(Ed^4jRSi}#{RN-p+~<#h4djd)SzrO8L)SA`U=|9;MI$;<))N7h$a8HyYw(R z!YbN(uHK&#sWHz3v=_D~qpmS@y$0yJza_fh3YzIf-(F0;@{e-O=DZuZn-$J=Kf;f@ zITdrv3*01tHm&$Bi;XUf5ez(nQvKt0s~sfac_AAarRtz)Z}$;Z8g&6iUM1Upt+}&7 z`kw-gM1dPb0tx77zPBmiC!~J;0^|vt-x|AF_xfv|zLS=LL&)elr6h!bvsbIW zL$2SMX=B{M%)Qz7N*!gMRunvkI_{7WX7~N3Jn;@%#4Gr~sDLGH0+UhfLNot7g|<@+ z=xVR0Pnl!wXR3V7gKWH4iuJn^H{hI?chKX@t`{X z(X~{79V2MC14iPpABv5U%wn^?=@mqvQmi|4kN+{!t9Y#<@;0;8#0(jneLf$)mM4{< z|4S;ebuwX}N^29Uld!Dgo{xccOaKt=dAED=@XQ*RlKI!ZZt;p}UvrE{la48Lqximw z?7l+`K=gZH8h}m15+35M0d|xcc7V0KM19@5``F-!R}{-D->8xXin4RIV?z66mwDRR zyusrq%|;~~k{E-KokjH6o{lD&+F{)Wcaj)X3Wq#vj{tFeQDXaj)4^v$NFQ`H0+Z!$ z6Iu-&KS)r%{;1deSAx_9k>?*Ja4lw)`S_JUBC{)}w#TQGCY# zx{bRfGH>M2n(bLbeZ^eOj7RwauQi**Y{(VgyTaIApS9zncG&c35^Q}~pKbu|c$60O zI8U-k(r4iq=IhcDEFk*%(A4{a{S}&z9u`+mBT6(^!L0cE_~F54GW@#mokE{apRKR0 zrZi^?f8h?MRV`ZB5~S{F4ciI%7sw7*+XvXCr3p0BqG@}Yuvo_>UXib@e8fz1N*|)y z``L}*g4z~$3S<)C@<Iim}G@(zRKUM0R3m$Uus@p@u4({-1A0f(Ef zX@93zR?y28mHsui&NT=2(@AAu$_v-;e^@thp}bH=>>h)9(v~zw9ZvVM?2ZQi zv+siqgdu&%L75Gdacp3sf%6a)Cx}-~S|PU}LAW)0#ck%NOx%tACk!rmzRI7n$FO>; zv}d`WIyFN%8TdMQ(Fmlu3%_=Hp#X1XZHvOuCAE$Hg09hU&XseLJ#2D{AjbD**p7ef zcXMp=)3mGv?q8(H0DY}*MO2nYmmKxE(p4{|0 zZ>Z`+Rg<&LW$EpU6|sZtbww)rsZu%veX>4t2Sn#i)+N|+OYHAsb@kYjoDf3sHVn%p z0f-*Q%bh0_ihz+e1j$UCAL(r($OP=aw{+BquX*lax`qLjLoa*%+4E&^nt>9sjoE`f z!ra50I3VLb=Vjyyp!Bj5#NoM2BXu7>5TNG1-Nfj&MyVYAeJgl&+qc+Woj@NiYHMPQ zn{c&A8rb=_y48J~?aO9UV1JJ+6=}qx#?B+736?5nIL{ErY(a8Rmd^oc(_+0dZ3S#4 zHkRd|Xa_i^4kOJ!=7y0%lSx4MP46be1PQV?3+4mJUCoU*Pyu?^C}hYy!m|bJx>e|C z<$+bZo8kV@jey#a!@182gdJH^`Xvn=;!8C<=$ANJp&2fxEhJIyA&2j2qxwjqZEo;w z$kvN~JVOPH1}80D`z3;Tkix+Iu!EHD(g`}9rbr03tC%W2wJ~h(Y1?*;T@Tmj|4AZ; z4+uK8Ap@%j6TNsA&1oAW3^XP?;JLMgwy`wQ-j6HnsHTVrhC2g}B7b;EJD`t}cnqmT zYwmTBZcIGdo*xtlsFOcqi%92vBkDu*VVeO}B1ZH!e~S!Sd&Dh8D1G#fr^Z%%B+vVo z(6xAcL46t>aNN>)6ne!NuSIMmz!n1P_ATg@9 zRAd_L_1dR5|zM2%AS9Hwqt$&A4orxEvHblN@tKa%b~EQ5P%M?q;6^}D8qVeX(&j7PDlR;m`T-2uPn#?gc@|% zyG&|NHgy!Vdeo&=Xi4tTFFMHUTF$aQSF{pOoCCDxQ*&Q_d>(#fGizWq ztw08ciLXXLM%QpV{t`5#?|%qb^fQ%jDZGiAudUsM`}A7!rNmnK-Uhg?I#c^MkE6$% zGQU)+l(=-CUTLH-)Jt}V(&}0LMP_xff*vv`TxZ7g{8G}=|8g2z70l53dxcfmP}la9 z*z+w5v<1worZZaR9lP315A19q$lxQG&T2k5#GQon2Uty)N}kkb6S+hhb@t$@j<|dO&)iBxJA% zw1#I8@&{U>5APLXf3b9MRh(?V>g(u_dCuuq1Wdia4u&+8b?e6)c9pNsj{wmUgDGTT z4HD+2K$xzC-nCfh4Kev|y|0HDQg%52@E3bnL#VL|1%S%kTYvyis+=xZc6J5wfC+va z6L~(4o7;{Al%aOuB0)Ss-EZtp&5TQqFsx=r+Oo{`0p0?_Ew?pRC3I#epCMg!kw ze?{7Ye&*ZyGsQJmn4#^o$T#CsbdRG2o;RhZ-x{px3x_#->EuB3L|{VWTN*o=1cpC4 zF3!J^#VHq?C1I!h1^nISLnhV(U=jxSch7}^F4ygtcJ`fZpXzHdI`sW8nUnX=w zbLyD?wlINxL~;l$EWS}6)T-GxUKvN%s|f^GRoyY1XOn8yf8)QYG#Bd#Lt{Ul!!z;= z+Cv7FrxjB4x9%)oo-&ZKR0E4q14h_KCSa<7&+C0Xy4~0-8wTl)4?~#r`$!hy0SV2CckhK|T=XD%N&9R!Je;yxbVCwX!J@is@!F`)?)-C~J~>8SadW z!=3Zyc^2dWh4Rgo2Me48+J6MP9}sb5Fr@a)fSYvVTo zpS{8EI1YQ2y#kfdc~S{1`ETk9pw0mc`^A4Z%j%!r?skCPu29i?XMlaNPfU}x8uf%ej;@)4H=>1R2mN5VqwzeR(5&D zfeF%u!ln4UYvXiNH4?kXAO1IN*KOXsA-KgMS#sB~sk*5)WwJV+N=lR&7PKO*fq_UbhI-dyY+q>)b zw8HH0+0a|JVH}t#JptqJ@!?;m^W#r?)4V}F@>bLPlngMNrp>Ec#Z%_;15eoIkI%l8 z4IWh&2jLHs1*@cD{l9AG9oh;7=*P5c)|I$!z~W3_bC6thkG@TBTfuKIbntki;zRAh zNBB6$lW(O_PA=Y~{4k;q%Yn~*fYYFoh`8fX?dq)wO2D0AZlU)InJ|t*#rxV-mb&D8^ zIqlkEo>&UwRwE(U$xkDC};mxcU`Hs_>wj8tlLlIeLj5?D*eZ% zn+6CItF()=%qC;i@&xO%{@9mlK5-YXJIw##qLau3m)n!)FjSvST`@e?viEtd+>+Rj z6LPk`;LXJGp(?N)9ox*@{W8$@fUVE<&$2M}vx&O+*B$fooaNbhN3gAPXraeVdFI!s z>gDuiczW(sh@8a10k1MDq9ZDx;nj=I?Fv90lFRM&TRN}2Uw}>$XhvCNhd`52IymqB zRqzAICJh!q54W9<%e9Km{8?}hyKV8f-9iq54uTtW`Gqf7ieGCVaWg32f4&PFVEUhH z-_jiD+s|r{Oel_1-#%S@BtGmT4;z#olwLgN$eZ^wxDc)Lga`bC;RWx@L1B~v{{ln3 zPxuvU&$=vMvO40t?2kN}nd_iT)u&`^mMq};Vy|0`H-A7HC2P}KaQ^au^7{x0PsWMA z(qQwGt4wRxLD8S*3Omw?;gs4`F0Bpr^A70-lst|omFZRX@2}(8PA&6)yRB()ZPRU}9)_~l zCSW~gv{|g{Xz*^ZGImGnCM*Lv{wactmiRxq12mH`cN{)xpH3-^eDSI4jf2@+^QKaJ zTUg5!^FTk@AAZ3r$Nc0@sRV-@6Ln zKXfD2*9I2&dErc&b+=~N!SXXk6QNJ;II)fy)?YC#2uSy6C2&diD$1?*Xwl96AyV{z z7$X-E?Z3)5{Up=At1|BSqI+v8W}1#aUb$RW*xUYyi+eomeTosJ-_dQNZ3gs)U-Hy; zE3&>Y2v{gpVkmg~bAUi7;Ln$xS^jmEng%7e*V$jzX2d*Pi6fb}L@oc+paVwpLmX*H zw3hefd3zDT0mLPUJ(`AON{BiezhI*lvCu1gUV)+-(EfPr5pR~j(U*eR4`OU=c{(Sr zEk}CK+Tob0u*^yCl9!%nUz}3h!*v)sx5^k!1-b+ICI^+Tcu%MhG*|!IC2UdRHre|| z%_*5`4*KLC+fk+F%G!IGz8k-jkc-b9vx<2Xr(cm+{N@$2UY(*puE2El0GzQJ9{!+d zyrEZAK^6eu_DV@73^uU{Ns#(Ci2y)Jm%?HqRKURd-Ok+GVORHESn_aeq0!OIr;4XM zGIxw}*}3qDQ+#W&+OPzM?ng|TI?a^~i;^cBLJ$3W%qP`C8PqAc3nlu>g~%ll1E$CS zcVE|{Qb_g>=sQS1v!duN z^UM=?`t!g?4(BCpew`)dp*@8@W0&Y1tq>`$te|YPsS3(SN)4fYL)zTy(>GrZ_9Sd6 zyan5w#GzSNBc%)N``t(OGug@F21NRXzJ>Q(IuMQr;wndb_C@sLS1Xb)Qgsra1FQJJ z=N>E*LoY4!z->77&13nj1}*m3x}vj8TJItA%Cf$1G0$c^!!mFrFg{XO=v20T(j#gb zg~Kc`kr*(+;MDG&=@y$z5P~%1zvOE1SEpq1F*XUE9iv3fYn??n&8QE%&SIFtXcwMo zVqXYp)DP8{bR5{ym)eDj(+b#1urSKFa+c;vg8sj`6keAw9^UNEI*UvLvI2MMhjqjqjW&8PM;lg zmQ4w17O0iayuRnBckiZx|177@I9VMfE^A$qclEM-d7)TkPt0Mb|GLn(8|V}M9HVil zDyV%!<#XG3ZK)bGqbE2R%5s_gmV(w^S^I^i+>^>JNDck+wHT=_+R zen`~7xmGtpf3I&m;Fzx`iK-*PMI3{t7UP+Q~mEa&bZ>A!T#<70n+;Bc_|Cz6P z0;~4QRLXJlEC05=1P5 zXi^hH%U!-s;GJ%~zk0pDR5wbCn}ODPTEzaW^rS)`WnwNOLk>v&Pqy)ROZ-32S4Q+a zW%1znZZ@q#C6NC{(XC612!HO$lK1xOn+cm__V>y^DYbvX&LXoS;QS?9ag!3XO{Nsp z%uLH8uJrZli8RBQjI!U$Unp6tSV_zJ?f%Xpp&%n1+=71tjZ0OOWXNNwDO*`_WcV`;Adb3KTM1%abHb;Y`qPCA|_@= zXZupSq`f~L!*)<7foR6E<&1#lM!iKY>;oY(U?hA)4u&gvv6)MC84svgWtkDo0EvH@ zb+qMkt<+?e973^WX1<9(%S*so_$%Kk-NViMDX{$9Y30SDo76(%AZ+ye@^zBCn_mQ^-Zg0H`B(WD?h7gi^^@7}3+@6X1WmmfqpEA4o8=gsSy`ZHO;(CGDqO#Q;6Ey_iN%3o#KoEvtEl& z^BYdL;fCFB`w{=!{z>bZEmxZ!g>mzrFvRf5g)__yVKLAmsY*AO=P@u-Z7nBQ&TRDS zFx9W*%Ie6>h+1?>%PcS+F($-or14sdUCB+GO_BoTeDEM@Lks^jb@`fK87PdVLNb(y z#4s@B{vWa?+B^Zx)L`i9*X5M#!S1Hz&t@X?pg&fhp65@w%RCMje4vHS#}<=pejVXM zNT9FTO~u9G|Bf!sa+q*AM(JXx__jomhm?X#X(5bJy@!7YXlVmdU6szN`L9r^-t9bJ8wISHb2i(>IzG$vF<&jQMY;tRGq7}|U+ahLGGG`0T0&0FR+oyR|4^5NU3 zTMCIyOxm{pl(Dn_y+Apw)IFE1>3{b960uc6$p3Xg0f;jc>&FtGJ69dQ7IA{;2|0ZA z?YTr^WLV9%@*n4f-eW8NSEL#~HI-)(7UjJ%y;@x`eok8BsU9d%LV~$W^F;4sAiARV zs=UB`uZMR*GGsyfF?$dC=Dl7L#+HGA+<=bQ9Kj@HF`sano$?~D7_yrY@|sFn`{sgZ zT+0PDSUU_Zv)ZQfsgLkDm4lP^#_!#}*DKDK9^Pqew{JLJFq#&Bl<2=2&ZeO0PjjZQ z!A~x^yMhs1b-J9BSGJTZe3jtsh-oYP^n+ow!jbCLjq1v(^6b8Xe%?$Q7_9`OJrw^g zmXVz!yxu2Rc?^AH3O{qJafzo7&P(`IZbe^cob&vW?N($w7w3J&=fU2YQjbfpWLJ@} zJ774^zYEv*Fsc{?Vu!Zu82Q-+2wR!;CW~5UiG-{2N{1 z2qJ4z@qOMc`z)?{eBbTZ#5+K4-SN#z&y?x^@pL7QO#lDC`gEud)g+9NO(Iv$B1dJL zxibvIh&dO^5hJ=8Hq4p1KCwAs&W#9Naxci&FlXpGXmZIBnG@evROEa%!d;Yk@>nspBZx>xN!!L#-@f+j(f98hAygG-qkq6Hs>37p_30Hk0xl|WR6*Wt3 zf+MrzPDyC(K1-5s&2z`G^@{0EBz*o1)uosBSf*N6<1i?wA^9e1XRFh}AP7tldUdXU zqw=L*lXwN6ta`_w1grJcVC_uUQGF5lU;DfGzW{z-sXttiISUtX=RM3=yFdv&q)*pG zm4wY{3X|cp8M=>>COZ;qbg}tdeI2bF?RT-M#Y4q5uE2CqrN*N}xa!FJ8Zh*#QQ)1Z zp6HIA*mM-c;-4pz$}bh`BKqcq!Si2K_=MFDyvD9=s5GmKen))JP+%a5BuaiG58*c| zKK;*MD01-3-pJ<(#!a*DEl#tU4Aj2#Mp!);`{5a25P4-fDCGjtb|VJaALnD$oCm$T z)j54Fy8-odt#hM+G1YZ_WB1uE7WM|H?rDao5(4r}Hc58>OGVk;!}PEDv11?kX=+RA zq3i836qL9tZ`$=tg8#dzfzdUJQ$YUH`V__4_$4OG*(O($_@ zp1=&d@EIvylr7ZPMr-U85i&(kz`Ayrn|2j9PXDYAc%Xi47rRyxENshuE$ODfAM<`C z_@AE+-c886o9-q5=Je(dWj4@oXj<@=YPv~Wc%&#y%6wxNs8-naxKvD?e0rK>i+t)m zy8*C^O$`6BWmopGvrZUw6x`hI39*He5ixmZ2q~K8c`xxe$AUMbChNnr}hK?#fvoo`J7hyt+FKW({uunnHB{frqIt zMqpO$iBDZp#&lXuoTtL|>iXk-_5r>nZ11A=BY@Dz9Tl%CpblN&?tm@<^2EmFKteRb!HKY6eG%@j`$k(+Vql z1B&~$XMiWk5&iT#s+O3rjkYovmPvyf$rUq6x4K|%Ay~XYu`Tvp#_%9MPgmtaWacp+ z`4U4Cx1fQ+jOIqzRXJ`=51{{6M|>c6_yR|j8%-K)^d-Qkw5>z7m%(*=yU3)<%EDt%_Re|%r5 zTebf2$*uido3jPKE!85==L49TX;xqWx=PM}`u$EsiI_U39+{9?z*y$hBn4xakDti~ zVRQYSewq8YQo-cTPpkUgX;i^N<-Qg}P2FM$_5sg;nw6B7()#RB`)V|Y{rUd;Q-Z}J zz2uG1>Cd?;Wz$ohfSX0f!UH5}hC|UZiOQzb7?oW99Md?_!+`fe%GS)DmmZn-NY6qlNOzw`N>r5_ptpbKHGSaXt>W{|j1A84`X0*8H`3&|^WY4{ZfUe)dU;|t&4 z#2`>XW5Lz`O=&rhJL>quqmf-tSimD71`lXxjJ2LT%z$Hyr4PlQng;1nCcR0bXscLt zY1E8VyluB|QtFjd_ud)~hnxTk-OM*^PyFskNm#9A!;zQt&^jsbC8si;u(K`fx^k}O z1;wL|Q+IeAX$*<|6Xh$)+z`c%OL|G&3gEm!txoQO^vlbd>9m!6y zJamHWosW^A`>JaXHd}3_8w7bJc3D`lW^9Vj;+VDS@-eY1R^XTF>Xed355gcfdnj19 zDu}8Q@VPI-u3)#DWcMrni}1@|7n*vEJ5Kc%UDMiF6n}vKJXA|Pd#Aa#N*WU&-hXd;oQCW0dw z>Q#5D>8F!r!wDtovmW?{>;3CYpR2bUv6i2pE!L_#p^+1V^xNU%pJGFk5C*Uz*|qz# zdW{lr27Pn=K=Ut7);aAjgLp$`Goi5<{;;P%3FoO|er{xrXpwA1Na#Ss{5w6&zt@d= z?A+a7{0%Tz4RKrM4afLQBCyJ>JwVzcLb}hYDdf1UqF$tKIU8cQ-7aX-Pw+}*b)gE< zHw+I-`=PyOzjJj5TbXP~ombk3asVUEm0y_? zk`paro(ntfQ%XHGp2f=h@nTDpDTx*|h;NUFh(IwnTdj0O43UZa6w%A#hZcHiz5q#XC78P^418qBYre+!`SEQA^YOV z8*wS6H{@M|Xr*}A{g9$U6-G6PVVH~U@ixbxtG2R*wy!gKQ487k^*0p}GrvsX#sA#E z!}4b%JzTd&zuj(W#*sw#!G-XK* zM@mdg^YKSx=ML!4ZU3_0a=yRC&)YodZ@!R&C(hvu+#E-+v1wtAN-63iQ^;w!=%U&SrBSE7JyGzHghH35MVG zAf*TARB~J?@gh|Ri6_6?6t`T)vkO{$p-D#ls_cuAC zfVotm@`(xw$wm-hU-lKFFkhiH7VvUAE)fw0^j;VzrRrF z*E7c@u}s4ekNLiv7{Bx$6*=Qht2kvO5f=^D%JnJrIUcF4lmF# zN&OCFqoH*LJBehUEZq9-1`Phk(-#@9Yu!8XYM@ncM?QP~Y+`QIPZN>i!n4(o#n4ej zs!5`@c5TfK&ZVK{xk)Kw>7b~zgR)p{AV{5j7R;^pZmL&1s4hDfX+|2OPTI)}`jTa) zH+(+C$i7r*K4y-lE0+R0lzE1f*>-M+kfiSzFG~z%^4h+4+X_+k6B0H_pAr zqpLut(!vFcl_!2(saMs11HhiELSKXAo_*-IM}(%jL-2HP((RU5NV)eTPi9%0lJ7}W zyl`r+?DKj7UG!d?vWx3Ivg}Aag*DND9P-YK@!oW_PkP)zuGWzMUPfbBwBMIHHWVDy z;}`Bd#+y}*?c47$%#*B4Gz#YqRDwP08Ju9f64va1@+oX*B;Fq%mvLc-^=4du!92S= z8bYBcps*~u(#lUI!GEU&c9-is`}d$r0Fld?r?%J)bIQ?Np~Ys_x$Ya(*q&_F)L?4z zkzy~hel7^bi=2&3MzyMFV7$XTN97pB8sqr&xmImAaF}*3deb2d79&&{bWrrbwI+jpHLeNnc*RN(M19rR2lO1 z!(P+>s`{VsIo9tqprtXmQontHfBa;Tn3X6|&@kt{!7)!#05a6fPqAM8H}&;l-`~=~ zdmdYg&RKpV^T1-o$n`L@^Pcldx=Hgn8<%41W$yMvPbZH$Lse}_M-Z&*@q{!Uiiyuj zzJXQD$0z5lbPgy?zEG=9vXp~!hM>lr3$kp(FE{^0irj{l+aSBa$P<*5vV@QkO#z2+n^u>jiXarm&=O^9KxXT?1J!i&|g zHXgPCQbA?NNS|?(!6UCUA_9EtWTJJN+K?@ zHfsqY0@+bJ!prI5z8VY^WvAo#mL0{B6nHOuBg1V0H$XngDpd8mAtg2gyh*#2igDWV zg}9e^)_R_MW0Do$`ptkKfw<%ix(hluT{85$tmgAeVzK*`yI|Nt^CM7oa@t2DWhop9 z){6A&WM~P9?>?mJ2&$?o%9DEFU157l^}(VQihU6}3-Ux)0{J~US1%%+a%Wkh!DgGc zo6mO1*@(WqQSpr&h#)0jLH=ZD|6~sqovEfS1bMxy(>l$)q|Me54YDYH2$rHkh07|x zvd^u*l01UK!djlT_z%1r=$|I!0`+R=mct9S>V?v$s5`}ucS*s0t+|3r7soWqC(_BU zOXggM>wd%7a@oIOA(gkQ>f*?_U$}4DzhfxzOpCHmpE>XPD^;>&d4IDNDI!-+vhK2Y z+RNAwD$2F%g9Pb|5HmS89-Jxi4fm)TsHr? zcE7N4u2%n61oEtx=8q^_Az+rJ>Vzw8_^D-$8(Yn-nGyfmRVMGIsc0nVb=Bqtk;j_J zl5MKDF}=ZkQ_hCNZrz6wbCR~1TR1d8&bxkra0iVJHsQdzlQ?Qrt{S{;+DLQ~?cj=k|-z^F`{s^Lao{hOD@ zB*dLj(ozhUMqFr$J>`ys}x=nRsg zNh>P2ev+Efe7(?R9r*Ua$-X4R7B{FKuIRZo2yLt&wXHX*o~7K0o4ss2?B2#a?&ZBX zbHv9X3UsDlUFAIg;iRH8%MUN%M1sh+p4w|A=po+kx`rEJ>fV$ou`W-xjahE!OQf_n zFPXiAvd0!6BXl0#T9yCfO#brd&Jc*=>+v%pLhO$h*Cm}ga#na^gPufHGPNI{^ut0L zOLFWjR0cMT05ZsAV+|E4{ys2t-{NgUh-39cjE2YV8@UYKdMo$r{tB+N`LUp7iRk5? z=5CQ=L(PQ#P|f_T$;u1s+;8?PB1MuEU?(Vm-?2a)n$QmnN8o*~4o7}72^8ZHh#rs$ zz)d9ioH5K;M`blLHT14E0AH&vIdcT^B;W8L3v=wnL7DV1B@d|CDBX5X>u1G zb7T99uk))T;7yGNceny)y6MB45fa;DyDM}Z2bShB6iUgtc`bD;L=MyISQ7!rqVOw>jT(5DpytW?FIhMy--!aq+#;sjPMYNJL3e_Estvq@> zBlpBF({_gcWtPBKz$Q`83j@l&Dl3(SBbo`ysp-Se9LJq7G0S&1M=p>fsLc1aP0l`Q zMpmVHq~qzeWtw()kW zcfZS-Il06mP`2RKgwi-^gN#qvGIaL|-TKW6-Z=4>_2ko+Fz+ilR6h=En2Yt7CbF+F zHzuy*Int<{ke~IdqT{MM%S9UM=Bqe;qGeNnu1XyHxor>#G=Hw)XTyU1eEB9P?TO;u ze4rks@Q5OIfOAfLQ!dwo&bdAm01l9Ci=vyUL_WOn2-RE_RuWE`*g`(5YFt?O(0ya| zV;$r&EH81hyT;~5Lzz6Ua=d!vX}Jfi&{Dy^lhOC=xP#-{$){ZCR`ICz(i=y9j~aQe z_P<~5gh*TZVY2g6B-cqUuHmTAxHY9rB&IW(o0GtH@yz}1{Yj{t=PQoNKH(lt&z&X(UJd7o4oZ)I8Z)QZJE}F?=S@2t zn>p#vua5URC`j`mx6szADlk`)`r~*i2Zd=3*CKT7J-{xVi4#Wl!{m($>v{)oW6D>& z^()7ucwS{$9L4yq@qBw|8I~n67^Xt9WoW?@%LtwQ++>luqbaF^rP2&Eg^9Lu$Z0eR zaQfg|EQVw)k(Gfix~iMkJ_to##CnbjMz7-OpPreH&4(cyk{T_ZabHl?ia+Vvh>TZF zci-&(#cTb~A&MRl@YarB_7??Ku~o0t{V;lz4XHHNvv0nG(H_a04x>ySv$&?Qsm(0B z9&Q$UzMSp27`)heU|JIuMqM>eWj%IPNq@eJ9lzJ(*dR;!ysK)|G}u=xwCT*-hbcxK z;AosFU|KcXtY`T{*t-VR{khWmLv^2hR3xTpLdJU0dpla;?jGu{Zsz3%t7 zGae=iyiMiR3h%v2$a(`=S!A|8GBELKmMYpqHwaz%J|}01LA#dHJN&E;;PxeR5 z(4KC7-R^$&Sfy!m0(PP(g2)w|&qB{IZukfgc~c3G!x1Ssl_XXLX>InTPdp)Ade)+B zvm(fWW-*vlh5F}h!ZwkUkB2?-@;X7?_Qm7yly~&N*H0Lxk#QO&G%P#IZj-{dMgXvP z-1_c|gqr^HQLpmd_J3@`H)2Hp7Q4Z zV)37wNE6mWEpoQtui&CY`Go+b<#*5K6C~f&@?x}Mj0i61>g^!Cg^9G6FCsC0t-f9k zR5k0tk8b^_57lZp%y*uLyFT-qMvrt6Q>2ZOg4)2D%-u(UeSzAwfL?EjoOnE`c_k(; zKQ?wIMrJyTxSz8MPd(qAFVYShqjdn^ENfW!{i_ z!mwEih;<7oD#8ky&NlZWfnLo)b>o@*3J%O(M=yq9{WdIgSCqQjgz)bl=f)M!xP92Z zW>EMO6$z@R8&^*THSC6rzF-=l_}7BAuuVW@g(Rz@1hENs4U=NwwpX{x! zbQ5N->Zxv|uUy6COl-EY3&OEP&$|BJnhvQC4fqaEt+#M**XWZJcUQg z60K9MMz&)`E_hF{L07c>EQ-6(l!s?T#c)Fab>tOSnmM4B*pBmwDQwj?IP%em1?IjF z(~B2m$L*j+g}l0sT7SEgm!mR!T0hl*SB-=x>y8SjCtM$%KPwU5tZFZ6s6s!cj z3l;|-tVU(!PiKhe$5P8GSEhjh44snZo8t}rD#*Te!--RGw;b|}f34ry{;#x&_uh@r z1WCiQMeuJJ6-|PRj3Kn`+pfarPNbDk-f99f&T`_C$bCEXw}Rg3r@?OhrKK8I4dII( zH!H8IT=c{-71*aOAJwRROkSYF^=ONM$#Bx(2cqLf!JMnt{&ePKuE|ZiS>9Vn-QZ%H zn^~|p5g?0FpuMcjCZz2YZGF6>dtp)|QQWlH{Pp<@M< zVbZo_T@J?03;$pP{fM0A(mU7@atXw2k28jJ)2G^|e&D7{jl^c5WcLrJ2JV)4_-0u0 z|GJyUU+?)96HE4LY$q~etd4TeILdvVJ^3?b!fgsAp+CkbGjts7yNDOyO^aAKiS8yu z?Wz$hPrGehYfLLJVY8hT1Y`Ac(?t&&;pAEzHytUT)ZYctCOr<@bl4`f^@f)n}tsK}nk6Avq+->>> zrq{!5^?EhzP+DK-&J?YxajUGqQP+PIw{c9tkM*5{z{19w?alQ?wCOo+mS7lBixqq{ zs5FL?xa6(shWWLtJsNy}(1K{JbyyLU03b)*G?f4~fi_atXCgeAN%f`QJ+N(uiI)LGY74QBtKhfOJ&0u^S;N`3XAiFvX&X9zP6PpuwB`=`Ui2o!R55p9ZOmBJ%n0T@+W-&xg|O#9 zf4%NL^|Y}d&obC)$gBddvKgs^X5b64RD^3%RUh5aL?g(VgK*v=WE4bY5!44@cEZJC zN(wNXUb@spZyk&Rh+I%Vvjg9KV#PmuAI&%^zYVxxke`a*Fe&qmS}!#TG!HDvdsm}l zCpTLfGR&x7ReyL@O+7=sCUtiNT+|(1N`(T^)z0OG30Au6g}R5Gj`pM1I{elGM62>v z6jN23onvx+Q+G7w`%cfA$L7>5d@Qw~7{r2+R1vfjSCR$#b>H%hrmrSslg?_bC$c25 zJ#=0k(rtKnTWeXeyBgRSvER||hEA29S8g##9>&zf;=MZnZGDDZdBqzM_iKwU~*6~up8zOcw2%g073E22A0(in5GdADn;TfecL zdt3gq_%Or^6#dS-U|>_6yJg2ma^ydB<`$DEq3*Adykyo<^A(qs+8n=|KR?+ySC!gM zw@tj#nzT3e{TjjqCtH#0)us(x^Y-=h>Y%sscJ&BLHYhwWRlT=(*FFGcDf-{3hw#-5 zwNkW|QI5zV@~!@)sKx_tt1OJUFX|ukx=y9&ZkgRS|GL#cxG$r!GZ29bz2N<$SQa+l zR~@5$N$YGluNbMpztF>d#sR{9=(S=UfLvP5uJ$ur=;GQw>vQ|HzjB2?^vnB@5Ft(3 zPl+j(xGaDqNcAxlyEPpAQJdXtH10wwK6L0%)X!A*h9|Q}yXnk`$E^P7HR z#>|SDuWYJv9{R6-;wn4a4OlCc-s64CYg4u^l{N)6jiXr^yLOsFxKjF8nr?#oE+(#` zqz2g{1*qE8Q>OGPD3PV`tQcHmOgi$b9Q@w>kA>ejwaM-7!N=nJcM=}gVF$|`L(~z{ zS5HIgJ6mSrA@3oCf4J|l7|LXd&&dZ1J50-S@?wcae93DGX_<#2@kY^cw|w?rH?_Lg-|{r}4t6UX z<3P1SAYal3b;4IYb6Uk|;UpOerEP0SfgQ}m{7`67X{865@U<)MR&{lo3N!N8IiDB& z>&1=?JSehw(DAI{IL@#7`B&lc)|o=UTce~=z`^jtNBz2uuR5-9;uBn1!6_6*>YHd$ zZP0Y{F3*5Vwx>ivJyUW>7>3{2p(r&cz%p9&1^nDuGc{;#wo2WbUI_<@MJ;871nuh5 z$5-wQ>y=Y!ya$ltI3{jCpT0y#VnSBUha;qiNm z<9%bMz(r2T{Y_f`N#V8^m@S zNVRXgRB(FGuH?U&XQB_^E?jd>=oe@7|Nbkvu+`z2cdkaeF*R^68mgzl?29>tO}n9_ z69rZ57w}ITJf&`iBklPy%#ukVXhSj2s>{Qr)vrCWT7_TpX=Ko4hQc-pc^sG@T2;yd z%*-9@ggG{TP;@hJu*?49ZTAw!{Oe)^;_GIvego2^L1DJFKS zQI~8{qk|!w5`Cq8kk|+|p@VCu7$z7q^K?pAEE)s--B40)`uF5W>f6LkJEigH zrfr1Yj#KAvGR8H%w1nM;zzMqHpH)PFHH2GdXNa?X9r*ULWDzM)nKl^)t_ktIYh2^G zor>^*HaD-}mHN;9EVZ_O9ADA7#VU_F9Xt-+q%=fR|K5_(`eksKd@0yVFHP z>W31OVeuXL`Dya5HwPk@>#cVhKm7Cj=?iH_p>>CBlA?LcSXHjDLhXa4-_h&f-{{5L z@!ZNyTM?Uc$!Zny=)a=yh-Bd^9@`>5Kqc&4gqXrByHTBU)C?9P9Jk*il9!MVj1GBi zJX*>y28-zU4~F_8yR~z>XDp?*$xyZ%*O7A(36AA%vb6&l_}yuf^|`J5PbYzrLa~p% z9O(G-3I;E^x_*sn>1*tz5ZV6Ru!OXTvz3Q1Yj7v+z&=8#V}XWKS5ZNW~{^eW=lEu%77_Q({DUtmZNFk&hG_8ILnK zngVU3YW9F4)OK$>So{D$GF?I6m=iMIm3AgToHU0+hZXrqU41S!+%6N1*y(tw?$2CK zsK&n{-0(nrytUwGuAA4~0OvbK+eT&K$yUzXK|ExuPlSiI4gq^@3T}K|$t=k(RZb@2 z;=VMS$@!NQ%8|crAs|fst6Y1R*2qv|*MjA!7!Q?o@1!G77fD z%v(5AZY9sI7$c>rAg$~J2-BefL6|_adyQSdSDkHhD%ei&pA$akEG_H+2M1~yo2Y!x z<%u+*>;2jm;Ay&)xf8SeGw=#1K$aRk0;x#L7|!@tX*>?vX^b@mt;zobhe)LOe2$cz zPDd&{!tc!6x7uaoOsUeQGCV8hZqNvxsHgBxalG^(0oIv;tAiwtvp$TCnfMPD<+1LX zEhr}vbb`j02lz_9rRdUH0$l0LW^UY6y4n@;MyRo0Jf!e%;^;-e$$(vN3T_Gz* zb5JuGGrtL3?q8i#o^wg8WmEa9==Zu9=$OA3AT->tkdRhppyKHTG#Wu{Mo>QcM=2h; zTvwiEvCmD4r_A-bV^as}1ZtSlnC4U2dQ9mtX9@J z_zQ)p7lw`7SWgM(@st{w!wX*%#k2Gj`Ww`Jfp%5(SjH`42nB^T$gr9A^Sjd!c=6-& z=$?T{cCMH%QVK@1u5_}2&<1jr5L_CiTK_nzjeZE{ZIA!dE~FWV`3%LHrG>gBHI zxS+bt>@Rc=gS>NX6mY=pXUSAFyZ7#{o--1MKhX`w$q&@?S3_BHa*HIFARF4FhoMl*c!bMNnoXbcR-kPK{%) zpDF@yjmjzKI81kcYO@y4q@l2FoKQ15J*V1nOC9a zZVpFpkj$8{l0!&{h}Qq6n4h6UoV|M8~G8>LuoPs&YJsizII%trM&}!j*8# z%SAVd5Xrd8MGk_6lp1eC(gblEN}b)Owbc1p*qmxh6I7K}5ov*_Zz zC;MU@rJ|62#>K8a^E-up@4`#+Z?7Zp zStx<+lM@R#2?%;f6MPJjBj%xWth)bLM09_)D?kJ}7&#RJVXN3a^85aES2YShZyTPh z_>J6OU~`^(ZpJZJuF1E{LbC=1!0P(e!%I^VuiEQ>dT)1tMVqw6rv5D1ZK!xR+wi6` zvne`s1xCz6#pF)eLV7P7&R#rmhT4ZN=VqqDpv&c4M3-Aou$7;|ED$~%8{%mn@VUW0 zwvHWm3-&Y2hd@cM9FnDKi9B#v1-+&RngALsu;3#q_njG~AU3R=;1dB zr2#ub^cv`(AD^gzrm$3@!x$2RT5oXJS;6IUOhnAoS>k_${4Q@l2gFo9jwIz)Jt3-u^Pr08Ogq4#RhQen3OFNrW2H* zDiz@)xomP}Qny*qxH?My{VC#`q=<>WorLvC!rLo3b&|W}8^d|pVLCH~)<>Nm=U%k+ zIM5*@Nvu%!7*8+#ph}Z5WtJnp)*?U1>v&{&XnTmzxKTkGzYOV~>7VAb%j%NXEcfe> z8!6y@beAy^QnKmK|H92zmg6Y@EXP=c39)%umKiW(@LrXsT4;O9^emcSFRC&T?t+96}exL%RD-km|mN&U^iI7X$er@D|%C50V@%~MmHvg$b*~iGYDK~9- z<9WKuUxP1~7{3TqPE`!%-+O$GFdivPbARAo&T2N9v43R3LFfgMPLlq;X}CYx;voAm zYGprT!bw%!Zme;Vgs!$T<~zBhvVqU!F?<*B$e7}mTt88nAZZ|#o{-(uCJ_z)sy%mR z0a+G#)ag*F2_*VbaT&{DA(ds3w3iuH(_A$Wy8a#(CmHy{t)v{$>p8?lb>j?cATv|8 z^W6eAHQtBqNO*+LBhOnnnjf;RrE}<9U)<6vY_aPrK^?&gm#TIPc;~j9m>-8c#NO z4kw*LcpqSnHf}i@+%rydWhM=QHyQ$M(gU>x0dMo7=oOr1L+s15ZyA^@i~ycffiJZw zqa{j~N<~XOOtZcK25kufC;CjjU;?BP+l{dNOPBlM6whbc@s9|lwL$mPhDbbT+nfu# zEHLpTU5WGsa=2m41J=5%d3TjK zWDo6H8l%8-7Ve#49eec>*h>WiCEf&%%Ffcm9l}x>Ikqar!1LfBJ$jHAO;&07pHlWYfq<=6GuqffTN z85(J*m&AKQ{7YMlc~XWO?4Bnh!8<{6QO7kD790i$us9ZKde&(6d?LDi)2=9~0e*?* zo`U(&!O33SL??MGy6j=CA}Q;Tu^-3Pb1^f680PuZqZON?rtfSc3J9E)b?qV=8y8t~ z7Pa_6#ny9@$21C6)F>tPW((P9u2QnHT}*gS6yDRmRNZY!_EpI8q^v``6$ep$+^m#1 zx#F#czz4ftXHR+eZ?3>OR(W+C!}CVoNGe1K(e@(Ygq%gCQF}*cgX@`N9|{eyV-L!R zUbyS=oG!eB5jaxROa;Es6|%>Bem&-zvDE#u=7UcRg+iD;y&gVLFeMin#HeLq>fE=N zK?|AXOEE1*6yv57!zv=XGxBT%bUVFyF}oE^S7)yH#1C;fN_OO0Ao1 zD_zcBj;i)1+3dK*C(S^$`x*ze_eq^tJ0W|`52}IkdLy5{&PzsO$id>pzyKwe-;RcR z@(+{y)cEGQzXa}flj`86qg~+uC>1>P#*MS@?2qpoms}i+^Nu$p1c#T$ppB+Qp0{|+ zJA^zA);adJ@@IWWK61<^#(9ZX3qdJs z+{TO{rJ$gI+{cBgvh>ZwGC*EkzLF~J_`;nNG=n_GL(zQoPkxMdF$WiOn~WTlppZrN zv6CBd+3EGScCW3h2yr2Juzqnet$Q!G(XzDQYv!AloE*F71UPI{m*JDU^*~($|0fOn zs~G$8ug=eOn^sk0BqaN+<8jr;Qq+GPynZYqazZGjK?BU=tRHWDsSd4_o^nK+XMo4a z6)})?tiS*WXYa1KfL6f62ZiHhs(4D^o66CrxIEx8@yp523+?hqo+sq`aZNoyg%Tfz zj^*hgxn(koNS-s6wXau00k&tlf>J4cfz}#tOy#5$X#q-ZNCU;x&FA?VF?4D5UGY?n z=cp(V9-Y4}moos&EeR5czDR&1?-Kpw279c&>0ptkQCaKm3@~JOxiV{R~kH@XQ@gGCXr29I@dOF`GWCjBbG6H%$*{y+Pr*Gw01tMGG-!ASV}=qk^)!q-Q&OIkvMi^Kh=Zq?&$q^`sFt^^yUnR94|} zUj7HLKNhNO$kHN{9ONPu`wq9SHu!bP7R%`T@;W7#{$$M{%;5z1V04AEqXvU%Tjco- zY9hBI?>P9YIJ_5P^mvS_Q`rh7CMym*@e8?0ddHtGT!K^+0Q~nS0g?szo4)C%eln~8d6T~aK^5JnYlR&RqNlwK#@YlrLp7c3M7p?A637%efMA_E0fP^ z{;Yu=zhD~hBt}Yq6*3VF7n=bDqAsZ|t0cNBoO4aAU$hDlBmqf>%U(6ul;v^`XIp6J z_9}oI+!8p1E3EA%R4^h#3hbLdL146Cw0jf=+P<2Tten!T4))6-jkL->kp!MtG+c-7 z4P~~?r3?*RP5j_rBIUtr&h&IGpf)9SAN~YXAPaT}Xt#ZB0ggshM|krcL~*=f9+=Hb z$n8G^eNO)QP5ivj=X`yso_nX@%471f6abh#PA9l0@ObY8psVuylyAg`Y%C)@ng>A% z-@e%jjVtPy+MT|%ob4$h*YQ?4!#GDYnO;FhbOt^$K6~sFvqWoe{juF@+hQ0%<+YJ2 zhWfUW#~po1dbyDYkW1=7DgcPB)x2_mh7-hnvcxR?Y3(9&@#zI1PW5rS&f9B|PYCPj zlh6CvVmK8W?#R;emdAQA!Y^#aaoqqE!k7{-<;qMr0axt zZ+V@3!_Br4yhyg$$Bc8+O{c|QqX!`Y&6L+}a3v-oFFR^sJv}ZK zIcmpT;Aa&9;W*P%<~6W9K3rhNBb7RCSbT6~Vt1+ftYSdpZ`E_qpRDl`uacvoMt`}1 zKU8T6;9>|C1&tk13hiF$#F7pm0It(-rhyXlK_EKxI8C@3$_ul!fGW{O z>^rLxhmMI))MoKaCaNuYw}qf5vrCqkq3Zl{PM zKkKiKqez>)wI_;XuXkakY4Asj>>(g)$$3Vv6Vpic~PJs}xo-bSp_zjDmR4?t4xJ3#14Gh+3AJKH!u%PE0Z# zG)9EDhcpq!YrFHD<^M^6l)$m5XYl}qc6psDtSjFwbgo*2=PbU1WT0&qFpewq;ClyP z_kc$(zD~8<;#WrJ7gTW5rNHS-2=4(0KR9|Q`xd0v;Nv&@I9DmtjQsxZ5mIf}q(t5f zp2(w2CQR~qX@i??&Rt*jv_f#@Pf*$u!Z*AoEfM6|zFMZEg*4d&U z*=9&5t**f=)4t$h5}78-6u?Hgr2`nk}iNp|FWkWDt~U@9{J*H zxJawS2oI`ah2lF>M@nFHnqnkUG-R-Nxza)8a=S+7WI%;)ludH~Op+iJrI2O0Z8KHRFs<{6X6MK#i=@K}SLqo_vOc7014uKREhJXqLnLC}b8^viyiHkn zBFXZZ`t`QL+i?kjlyyhHkJ=4#T|^IhcP5{TmO5Lg%sF)W`3c&nAW3gN;Qa3dGviM? zoyMtjW7L@c`$-qq@$(ys5hVEGE@$U)_YK8_mG2)FRM2RSu@Vmb?_2LY%#S6Ij6CR` z(}Mlxw*1d2$z*5&H;<2r}iXUr~0nbU|wWOPd>7iA;1cmcOqidv8~9#%aLaY?5*! z+wfUfvf;E#cylNk!%O!Bbu1RQ70?wKn(Q(4x?t#$pn&uQ_A+kvQ_{AlT6)?@dyGK4 zh-SS^%~S-y&LF$OsrU-1$bMX>>O%+UpqhDP$x4F2^nY!)yxy-4z3n#uzNP{x-*y~z zdk5o7RI>|=LlpiM7c0ryMJ^;bUtH&4{EW$hyr^cZ@#w3UEqtf-pK2dU+tTEf+%>{i z(!V8*_xLV1pTMOrtTZYCG%d`3$PDnyZWf=+=tDe(5M)@|?cx3=24G(mz*UQV>RQ3# zwbDc!?#g6Q8-2rYxcA6c_sOfFFtu^BX=*7{YBA7((bROj*{p5L>6yVOKy~QOO3uns z^m;EgL)}1p`dr(S2|KwpRU<{%WY>!C`dEU{;P|YKv8FXx4*;e?w6K6n1Dxxmk3V;{ z+c?HVd+}Occ=MoNNrTDCM`ovW)8%K-i?H53&|Y94Wnp<;RF3APM*XkG#&9?mHiXmS z6ko{&hG~N>n}y}5(H;5JB+%fuDpeoOYM9}i!R{cL?;1&|{)HQ%Ymbd=i|q0|dQC2s zXtqJhe#wqro%`Ja^(xXeB`y9&yWoP#6T`4^03Sjps_@GLgTR}C=pE9Jc7We?WwQbWo#4>{>-oyVZy!iV8JiwKYT0qKFvXMyyyNh?d0O zM2n!)Y-l1VDyl||q6o1)>F@u%xZmEN&wakzwNd!oR@4(x@YoQIDZ3;auh) zX%2S`IFleRuP;tgp~u#opRw=%SbgehD7Pf@bL&|wnQL-4_9GgGL$nYAk$zbXY#iQH zrll=UQ$ai_Rgt zWfU75S@N`BQAKJZA#_vM1T5-{U?`ystHmP~u0}SN~hZ(+D z3b#c+mDlWl~i>aq}$VOUnz0@DyJpo@Fl{}&KVY`WoDl2+W&dlOrmGDNuWq%{!`5PXQg;;tC~ ziQH8%rQKQqA)6@>oA8Qvzg*LcmdpeUx#!6!dB}IB1P0=A|z!(j63qJdjZrF zOc?9e(kO@h=QKAC{jWf7>NqwBS8#Y;d+`uck_spX9xz!BC&x4+_;h8dSX`@txP$H| z!?^+$Rz%_a9BQ8@@-791jd4UHT{`QQbMXis?}XqU@TXt`myzUgoXFzy>IpXSnkc$d z1oyJ3^m}hN^MQC#C3HbDBXxo?XXg?I^OhNgCpqAQg1r@<%Y5X=LcK#J#7)&<64m*t z!e0gI<#mmEbMRF+dou~4AWvUN(VN;p+&G~~!6IL09Q!cqeLRC)#S|$C*iO=!pAKIEPxw$ z(}Ff3?b2FnddT>y4n=ulS=5k&GKbkWlPrq{RpTv>=>fEd8cSCy1Fe!xUD&tE!<((6Fu%>>f-28|4>}IC6^cu?EE4q-Zea$dC;_SWidq- zNAx)FyRCcP7!V2rJi8z&N&9dTXQwjJl-YHdv(8>#87PlDb^Jq9x5BNQekHk_h`~h< zYQnJ$**?Fh5FK>UEeVzOV%PHyPUdGHd3mq2h#QtGG^wX(JR}|g2aE)V&G_vZ&q-e0 zvYN#gzAXn@A?IvVz8k{#pqroQ*hvxDS9tY0UX+ahgtSpbSuC4YD>1CY;dL!9L3mHu0*P^)`ym>^oG?I{ z=J)wP2ROXH6?<1zx_Fc{B;8L?LB$B;!c% zHxNaqEb92&Cr!&|t+%y=6FdqPfQmdYY}O<%GF5FoMdG!kj@r27!@g&U%SFatqszkG zSROL`9r-@h6oajc&Z~aqxQKOo@F;fmP+U?l7NL-&%;@ETduBc4;V$h}dr4rlPsI|J zTo7Gno$`9O*yb3~Bz6?9*g4x4ydrieNtta2Hjqm)RDFn&?N)Jq$V0UP!a%%0@s>;G z<`yy|$@jg=LXL!&d1&QeR1i`%@4P^iAOd#ta~wad@Rf=~iVK^)=25m5X?e08bBd9R zkpKK@U^Hr>`}$ePt7h>d$LIX9kfzv$YVLq|t8B>b%36Q(jN*Tu!~Z{2uI)SLHwi^B zYW3ZC}99zs+AL_-NS-u zg@;UwLC|r(Ka>C;+v+>TPjY#VAtC^;DkXCb0h#M)ZTL6XVPXezL&q`mQ}T>FG6~8r zO*I;5OWMbnHGqs~q9PQ;E*4?NNoO!2{r(9^FL`2Al*)m;3YvtSe{0F)?>>*;%f6(# zCAL4fVyRu%_aRXox)`1B&z`DX9Q;HtqOE3|+(l9?M8+$L#>UwmWwhI!+7;7HYr5V! z3VEuXg|~MHAz}+23R&%1*#7sIWFK^txr)l4=I!Utmr{7!7r6N6)00@<47XL=m|ux& zl-pM%o5OVqE?(B;hVG{(|6lFBgoMSPsy8>rgQC`^SIW8qPVc{f@|DWHua|SyK-AVT z2Of_~h^;!&izZO66eVFV$n97i(xDzPo4emfkD}O#gEr5-u-ZJ{<@__|Ky?49Du8?N z9+~|Jy9-4Q)JAy87UY6Oy&ZwJEWfLL&%bYGiv@3jwi)dyQ_r~Vte@lV(gaQ>=@?6p zB#qMkq=EN)$(QB!;~(O_RMf^3^^j@=%1(5_AKB>ccHzr?&S`(3TGF}ho9#&Tn7r0I z7s8x~b*XiHo=2W`M~NDCL00cp^MI^AZcgta^2e)B-L#?t%bMfK3DCu{BYGXbx;esx z)3Y|{jtidaC^sl+e~elWY3EUfzgfq59spvba{OOJ~23y5n)&LJuwp~suM>q}GT z1+Sh5;a}WlN0LQCWHaRt-m8npT5jE>Z^5xkc(!ZS-=27~rF5Ih9oP{+WJUj}L|4YW zfbfm$NFH~(mWFh@?S{*ARs#X#6Gk6s^3^V1?Ln4m@vGEP<+sn><{@Q1^Wg9NW%`k zHvC}YOl@o3w6_fyM&}zbpomJAQk4W1{+v=EX;!nzw`8zsD?? zgmr7HZGKc?du}D?SLD7TDl|EEtBua7&ZtNpOdu=SKEV?`j$`b5W|!kX4A3=DE7qMY z);}n>_~&KgxPur=v3jAWjj=?6aw!nz$r3kCt7RZFmSVx-pt!`0X^VgU_W$dVD#4ev zvnXa*#|2cIe=GVhzxYI?<(s?9w^Ja;O&y^`gh^+@DcK6cXAtIF;i^w>`Qf$38VM8M zqn06KkL6OWIpGW3fj?m{P+KC87PsjcI^^MqOJcp(F#73_ONgBG_U(Aii=4a^Keaa{ zYgo#H&cW<@LQe(9T$WolP_0J#DPpy;lsSY*V-Gh&$d&bYeQg`2RVQc^-OfI7#x4X? zVTO4$Fyu*UuF5q9tf~Q(0_HerLE#(Q3;qZJaVTz?@gfV9s#Dq36L92}-_H%z=;=Ex zAv~wxv+9^%3Q(qB&(us(r`k13iDSMmrkX^sjfFRFUbT0eb=Kp9e<4a4TczCQJ1t3) zis{!&Zr@l&@qGG;sG$KLq{YvzecuQzFL$6uUCkD3(k-%+a~%t8c87TXR-;LbM_qKa zTezQAKK|N3(U`6|I8;%?10?Anwu*_WfYrCaqk@Zy&yJnrn)+V$|7xNmZ_LVlFu_8< ztIx|?&V-FNq}cMDW|H)N>+;2^{GGi8I+lQ!;hk$@rh7T|^an#Cyl9#{=Q}%fv+J*; z4b3$(^0B9^OhcppM7O(3jbII@40Q(cwBAac_@J6(2-S%LeJk&QeB?Z2zjC`47hh%d zqpm`a43D+t5#~SWOVmqL=WJ(VzWz@9n@Xw4BTEOTymXUcuN|PKf1C>k1-vcr5(ni1 zMUvXCOS_S(s)tHYEykNIz-~{%nA(|xVcm*^GwqD4*jAHXe$vsFOJkjMStdFp^qa-U|f-yQ90DL*EAC=4}8<&HcT3I4Ie=HviH_>y&W z?IdB5x8q~ZOdnf@l~y2uxtPvr9hFNe>6@>F06Gp1sb2R0D=x@V+sssDLS(gSfBwNL zS3xAbe(LI~UMzAZsnG$|5-3I29>5z)dlm#udeVCOGX5c~K?c8OmW=GFEF>F>%QabQ zhhA~P*c*o!AubU1569Gvk^P9ut8gh;h#1{k4xw7zX4L=oT|DdoQ&k;}oUWDmaQm&F z&+T_YQl$_%@8$-UyH_Mc%RyBtWO*@8dN0;8r)zT|KxFmdv(s`cWllp7) z8OW=rWkRbNKX-V_h~C}qTY6|^v8AHBAQ0mE&!Yt;#wx_9nar5Z+<XA>vv8PD(`j5wLi*gz` zFj>7OEmfxND0gf~_C9II*Y#sCbik(Cy)UA7sw>&ypAl{N{&yq4jRFUQ;*MD99*Yb3 zyG&i-MvQxO`ZdE-65HG+J0Gf-8Q?~6eBivlIowqIOoMUDMa}cF2qxB*+qm7HE+Ql( zB!0NlI2={aVs2*H|Jo=eHG`mq5X99Pf4IpZGt<18Ys4qNE_tpJ+Mx2@6dmz|v=h-R zUKTOi^3mXI4eN=IVbnJ_Rc@_gR1S7M6wo0qdFLp>!p9Q#$BfE(#(5W~$@#=uIeZ^n@tS99w zQ{Rh^=l9_-S!KC%z|7*>ZEe5Ze|G-gHuQZ@6>j7Rh|xxk;N3O^rupwL;u%dW@QUKf zNrKg#48FP8SXv@-pU(JmH_FoNg+~UCS3k`eQXpSV$Di?f0z^0$0;P z;9F@Ol2Cm<`auU*y{OW2ALP}dq`{Y~qTPG(7v-mr6|e{O66y5?Y7u-1h3!Pc>VTAj z7q!o;hFJ1veM%gSfXkiYA9U*bTgBmj>V4ybyDaPlZz-sJM4;0iy2Pr3+Pu^~v_LAQ ze>Va6=CxC0@FqUTN5dFKRX?u4qBh7dE}7}*vGdc9_!s^Liu~2783%p@K9vSXQ$oyW zs+igw2=XE+jH>#ak#$LOyyWh8`=p+S0%p`-wgT3qi&;9)J78ath8zeQKlNu^a~!e> zva?I`VGwXMh3!4t!N2fG*V9`6j8_T!pOd~ST>7!BW2Erl1Awe@2r;!KyyT8@u_LOQ zwfve4;n4LAWAGs~`SZu$Qg0ev4)}5>Ke&K3|FF-S*7_L`Tl2)D*5HfeGig%(-zdHr z17E{uHea6OUW~wAJlMGnIMW2Q9pcD8_*&vE-jR4$B3&?w+XKDSsx&MF^_}2>65e+9 zMk9PsnD22Qs%;Jj-XHA8GJNlXvBLRPki{(QZh6(Dg%}C)bp^MzBtsAWSnX2@2QkO6 zDKwy!;{>rFL4HIy`b*TTmodwx`u?T2N^v5S+b|wO_?07FmD7C@%j}wdz9R4b4VdaT z#3~Uup5$7H%R1Frcox}Y%sR3FdAnK$3^tCxsPoE-Q&T;S9y}wfVma*IxmrRBtC@8~ zwhUz5BCZO@{auYcgI&#vI~09U<6VDULEAqY{y!c3=KL+b&sR2^!iL_N;&|oS{8B=0u7y-U|_lGXRwdxROtn#MK3ZK}^+?^>@FInwF8$>{anFD!- zR?xNH@ZnSDi;-ab8Ich%)KE5!{ymP!0(yWb*(9M9xzD98++HTYgkFa=ov&A)d9(b zuDWVE+C1^lIcPU{#!>o3K@@!g9z*}z?>88~yn$d7TqY*H;wqeH8hIQ@^QV)t4B?rm zq7lyk=e2F~tsOlu-#?St9QhBdoPONS;%oml+0uFg3#~t=u;A%1QDzKJ*%#%QmW!)` z#AMx0Z?XRFAf8?NX*@KXG$hE&RgRSrc-C>!)XVUO@qtg`Uy08LB+b8coSI)Q;n5b* zWErNWCIGmW~`FXjVG4ZWytU@=kB_Y}0aTcSphuT0Bgj>CE?(Y-*GQAvG zTv|)b#nUPXy5fSG_4Myu%_tbB(W6o&97V+K>U|_146EcLY1f8+J_*C*XDl<3hCabw zckz4}(eCph!u$E5tLMe`8r+|(8UuCTWNQF;bag(NsKmPGDp6ElSSGjkD)kfGJGdf* zl$1c8=Qcx5UhR{RFV@~bF5#7{c3;PqwG~y@Dp_!_Nc3G=F&qP@ua$ATM}J5)n|aO1 zDWKT&;K!fiQ()EG+o5`V+)q}^Bhjk6ukp7XEOUc{({iz6Lt6jiNdGBARZ5gzMZEDv z=Sk4(sL2CHa!Nk^bHknddY0Y^x9xK48KlR{T>XQ`WJtfq!~x%k{IH=(Ww@&0a>~0H zZR6Hc3Fo4_p9Lzj4&6Wku{!D`R5ksX$I4Vk)m;}Y=k}PyJmyMiU5FtxPmQ0rXxADG zVLUYofvO>3FJcBFFtKB=N{w@4EeB;pcl@c+!R6}x!Om8a6ML+9x>D=9bNVjMg~P8Oh$t6J86B-(zh9SSuA zvGeNER6>RU`Ci>x8C*X3sf-1zpK&0%v#7Q;SfI;8LEQLEQ(^Y)tCn8E;^-FjBM2>U z$G(qV(Y8Brgj*y_k4X`41z5;+0rQV}=@Je|e#boWbCo&Cxo_lo&aHoc^2&di_KoEO zNQdwm!w+7^t|`Pa8(!MHESu8QVjpf7KdY0VT-F}=T68J*fkc9iX#k9{jvYG5TO<+Y z81ubSaXstl_|5`_hqJc!CFK(Dem>c&-4^?8CkUW@kMq8L{CLyT0hAjh|2f$R{`fDO ze`Q0*@^%n+MmEE44$UjurJF*2+@}-UwXy7}8XQt4IL=jI`EoE#|3!gP6@bO{s^rg6 zZ!tzHh7e`%*hW^sPTHvlc1NQoI$Bnz4JUv*aX0%>TFZc2W)K~#C zS&~A^5^n4w>tt|=|C|=!fOGN)$O1E#{3&XPydu>2E$!bdSJ;_=J<&5eB#rk5! z9B+clz6YAXDjwpGMepl{BRu?Fd2;)=)@=~X-?kN@aoc|t-#dy;wohtR_iKuIUt+J) zjcsuEyeXwY=)$6MU*y__i{hO52>_mhLm{>B)Bgmh zt4gDPRQ0=l`K*iYmrerQPR{nY`u=w9{g;=M>EuUwFAdY6^-J~7ES3YxmjDUG7)+^! zX>r;iNsT)YtTEH^L!2a{_@>tms#=n#+lu<4dMDJBI1Pg80glAqR>&NxNh5~?58fE$ zQy}B4jHQd6U@t;tE#O1fu`%D=)Y%&Kl;?AhT3JWBAWCO+FwE7}8VxC>0Hk8n(SG_P$Pd?Q%pzC-#( zOVfjK9)OIe&2r2yKZBavEK#g$R#dM}1(GvnMP6tBD32y$SZL*a0f&ttxwRdg>c`i&05n#LPZLGwUne8%3C+`jru+U!->LM8EYN|5<>i8yciB3Ywo0j5ZyG zum{b|xA=1Mqs5)=jc^llW5C-5zX>+HyLG4jrU_S0wK^mRy+28tU${-Z^sZoP!Vn~F zYObm;+OUzo644xRg`Bf3Lz@x2g%-mJcGy@5)JrVx`NT^cOa!NU8O|7s^W#*Tjea1>iH^3?!MY&$EPyV0K_=luKNqgL3 z%$*-kYmpkDfY|kd%~xF=B7=R^^j5l1qj$^u+d{t}aEoMoGG-%l10S{^TNu z+r|nIr<*C5)mgoG)98Wwg1_7Np_9Km`n-Z!Lx8f<@nRK)SKyyEj*W1EV@d;*G>u{7 z9mz|P9Eg3~!x+ZM_x>pB^!{Z%4rQJXbJ$^X)Crty=k&HbK`CO-DQ_)LRK&DnC4e)a}y^zE!;#~qdWZFL~}n}vtp>NwJG@hF^oN=`@l%Uv?fI6OyS2evf<>A^V287afNai&am2DUGO%K+ z$UD7djpMPjveya}vXgbL9lg@Y$zC*-7TycM>;Crg@JrZ&`=31S(>a)t8LhYDUK_kP zTo~3hSGe=zXw;$eY#Z&C&ADlM%huoNNX)}Tx)xM+q_YNI?*lX#iQ&Dj-UFkiLjp?qW?cGCj)P_Ho)uK_ z>`1z}zav}reR#^6CL!OnMC7;OF1UNZYO`e8Ry|~|rd1`W{6AUs|8>^B5q|jY>oIup zaDT|_lm{Og10EmnE7fyTyy>VHF?R(~EY;N_GHd_^|6i}>XX;#ABnbUHUdpO0Zk;UM#zy z^!AH-{WOGF|5n#UNrdMWj13u{3$5=iGw84_tKt+Q-5>lZPLk|PM&$qp5X72Vp0XU){C^P`hI{ZXqf@3&!o#6I5fmHA5- zaI+-aEs-D@Y_0<_EH~5Id)_bmEx-0gdRl90c^yy13@J`T+REspl(m2PRF(i7(=Hf{{bDh1frcUdn3IF%i>p!+^$1s7Vyl zEB&@q?IZflzUdpyj%BO5VL$R_7@TcU6CeM^`)gQ?5-HhfPe*I%$>DwkbQ8Ptv?+>M+eqd$|@$>%#ay*_YiE zebGnp;ax$riHuR$O3p5h(Y!bRcC|r%<9tL=WaFJJjXi!fPJ?GUhw8=%opg?BURGu_ z&#!{?S8la&#XnQ}Pc(Y9-jt)q7u=h5c{?0LZn_pi7@tWDo^a-v%Eo|TuIbs@dcs5g zwK50Ghsj}J_TUl#H7?|zi^W|70tx}k($eS1>%t;EY2KPduB7sNmkc?TlW41c0$ zPSmP)gwMmp;@2zmr7k18nbSfWM;A{^j5hiYH_uTHcV_#LqkxOVGDMZDXmQUD z=N@*TSVyV`b|*n``wcPfAg)C!g4rM5I|=<=*vaoTh~&3fS}VV zIba#R8}XLA+@O+EDE)mRP~XTs{Ex^T|6Ux`;8)Ui4`Ju|Uwa_V5lkHj*QJ#>`pM76 zUU=JoJ$w7LuSgH~_4C@y8&p31h}%a?f5#5;OC>bzS>bwrqa$2&#*gx-Rcwsh8pqU$ z7_k#1_38Xnbe$!)%b+Fu*$u6;e`_!)yPeuAkMrK~BFFmDDsy4$m;G4By>eLN&itxf zy4ET{NZ7A#Rr>V+9xd#y9cy@D&v90>=tq-;m#YNU#gf*l(=bJDaCE%d6{}YSeeq`m z``=I3_wT0*NjyLIBi}^*xrgEI>-RqfLJ1d4$kpeH!pt)PFhF9hy6dci4NgROLzLtd zlfS$~U-h8zJDMECh*s$hJ8UOReBnD`3&Z(%ox$hx=<1V~6rl};A0;j9o7keP`jRq8 zLiHm2nQe68z>p+q`ghOwev1k8;DK^;fM~UpBtOe>BT1t{Jt!&2gQHrOABRi$d3DyV zX0g`5+&vo7HGQ8}shUmyI=b>=EC4jWtC=fUQLy&M)>E-LW%{?V!{?4c>*n>!%UU>& zD|*U~M-N{R?4sn&{qJr%8KNT=jSLQVpB-(qIX4olOQRMPjcDJbPQE)maDvM?Fd08r zt|BN~)cjqY{sCj9g2C}-J!za7T9{n1ku6RGbLpvT@NZoe`b{e%(~OhN(t3*Aygi^d zj?sNKO0g*xk5O9fITFF9I}|d(Z);4vNP)C#v8&ChHw7nKwpEQqX^lIPWPa#3fyK)!PM`b z8i0GJOnmwLPyS~)2Vn<6s9mgQpzT&^KsWZ3bpMaPOJvU^^7B);#o9IFo@;4Y$ z?3t6>Vw$KEVrgqbOKFNwx~i9M2>>Usa3%i|;*YALqric(7JM6#{VnNNUu#f%h&)`7 z6y&b>)XMT%T0R&ya84ooYR9vH!FWbI?bzWNIFoEHURGOp0=eVadITdAU3#J7Tu51Y zs%Iu7Oa^+oOw{){^{M4ltWq>DvdqZ;vwL20E;=XeKv|EfS?K&g?;juQq2-9rIFF^H zdy%}pVOJFNR*vHzjreV8UvNN0crI+6!|QEAf%V(ZgV2pO-|MX@?GIZ@A~`)Ys{WRE zTYqgq4Gg||?MYW8bDmdpYWXsNwip_O-`Np4&96Ts==&VnA$f3 zdbZ40+S_Ook9*#9kZ>J6*Mri0c8f%=KiK|GA#N;k2x}&K*zPvAX^>E#2`1>a z$c23ColQA3&(zpe^Ar*v{%s+W_jPg4*K>5IfDt}6lsAXcB6T=a5T`n~djE)7_fGIQ z`4i91vv#wFIL)Nu-R?0}z1{n{qkE^-yhrbA`wp5(V&lrv z!#A2If_X6Tk<4Y3WXHEWDRJgHcb3B@M9RcRcjN~(jucssHT1h7Gda{dj?fjAQ@9j_ zPh<;-`0Lf#?=2kz&&j)xeCcaK^Fjc_(zR%H9Dzp7aJjbvsHy+hQKBnum<+N&^f83k z3+g2*zy3x18~-%{R{EWKY*ViAoY2H(fY3I`2cDb4GkJU`7D=HobzRG?EIv3PO>%|# zaLF8FnRJSWK8e2ohP#}r2omElMleorL{t5eaifztO3*{zJ}4&u5726a*Lx&&{_in4 zS%X`d)*Zngw%#^bd&x=j=_onOp(LZ7`>xR7p&pux(#aifrIE<#N_LEUFge$3bJ~=t zp%4^S`>3Qq+)QsNV~xYD{fG86_R{flEsu7$yp2zmFP8s<1h!;7_tq~3tl@TbO++?5 zhR|y#J=WeBeg8N-3Ym8b1^1bW?P%-2sj1irqt*O`4fa#DIn(6WYmzgzNtTp0Ez7rHD&Fbld`U#4 zR7~uZS)GE*Vg5UO9?NM1G3F;+?eKMy_@1Kd9^~Ukk7QIQLlh=ikDSo#0dwctx4QoL z>4N5*Y4OFpe6+~$I6l)yG=!5`6gH4q7)Dcq`!60nA2#A&7{*SH_Gylm@o-{r0&35jfJrH>Njp0`&d3YvSxc73-~^9OA@z;E$Y+1iVCbbDm$mAK2aDK$jJ7kV$8t8IHJl_-AwF_-ZD?c9cGbn`rmBt9rp z9+C@1)C{CJwndI+a#zB&M5d2wuW#hM={W7A1Gl(=Z~KhO>_P6<>F2+A*G#}4)yeYM zE46*8UNTBnD-Cl5L}-qA@v9goS*Fex=q5;6Ge>>4W(13NGDLFM!hG|f!@^>9sL?aS zew$#em6g4;wb2c?h6#~fIZx9p;@VW^^iQ*G3s3!Z#V2PgDZB0oTOs(Ln?sk3VbDKuTt~Z+b#%cYyf9%ArQds<5xx$DjJMDl^Y9V;ifdipkC&+JZ1 zGIp0lzW?!RCQLg-02WY2LWj@uwEff`Rgp5DiChn^^)?Q0LYL8uBT}dFoXFhMXI8h` z^g(R>@R*^|FfnpaqlVfRE1uo!C-i+v(UZvNHiuh21vXELn52x1y&7D=NwLt+0KX7*Wq)c(YE9r0YHB4FUKRD94_ zaht-*Mpc^)AQKQ7q9mldoE0k_-v3vUESWr|0QVO?-&#RdTH&8t?t-3*dz2h2t@Hav z$;f@w7bxiU+U`t1h{V9Vz(J+sClws-y6BOV<+esqv9Q;tJMe;4kcCairWYXU20 z)hVw~hLh^CqVkyKa}^Ve^(A$Ul2}nopY1qSaoIzb2|U@UD0STU6c>@2$TbcKLr(!| zMx!Etc&<(bhSRL3UZHDo84Pc>X$5n+OYmNHL%LMYwiUWX`$xgomOU1*ek#n(iCibo zTt;Z^`0gHeU~|ILyLX2d3)b+Q`jsw>UeNXXwd9@k$msByQH!mL2xx+3@a&4mQceWh zhV~n7{X}>;vXz_PekFYOVjA_n2=hGYd_X#>3z96p9Qf!4W?+W^ixm+=CaYLkFouis zzB6}C-8SVyMu)$Veft_cxp7x*ARM7%kq)l=umKxVMSV$eIhCx}6DN$gdW%U|Mon^1 z*{91fWycPB^-PU_;2fU+CO!M{Q_&lVzkHal_t_^$lM8xfsctp54np`2)0+yk2RwK# zBNVPuWj|{f8;^f#v!>fwIjDDKycA69te4HhuMd_6nxKz-XwSZ}mBoh?Xlg`}fBZY^ zdzb#@#8*2q+V_74KqKXkNMoyS=>+i?uAb>W=i^M)HmF6+b0r!o2^X%kK$fP&29l(3 zR_xbnrI4#~j-i=G$|<0iX}eLZ;VIc8r3{le9Q})^zG~5Fm5oMS%}L>RbfKlFi#?SE zD1g^QrrV*!W7kX~!IW__xBp`Zd+ch5^W7KH`t+Y6n%`I}^%hzcqL>UX z2Z~2&oSFZM6IM<1FxR!WQd9DG{QTK?zOB~?+4DzFuJ30heZMCyn%hW9J__yTb=X2p zyn5$^Fpmy(0DJnS&ajA81&-GJCo4FMqW{U@ppX?-7I!7liWlGnV zRFT+PE}l+eXb$0%>2d+WDTph_ihdMH2EiLiY-xByjGsJlwSwoWq-|lxLy&suHdEl4 z7wOyIfa*zT1y-_uvEIC0oJmm=#h!G1>;M%>IUHx)gG!*RP(GKO$Q9VSlhb6;`)=Mu zV`wy!>akqvo458ZqJyDkbF58jDZ5FNys*BtA9t=g87Th+!I#*oTuNVTV0~?=`?J}-WaQFE}lCf zB;I$WYT*!m3>-uGb>tjUs0kt>_n;`{u!8tg_kAq=cW~^dWB&mP0vAs0uY|S-_izOy zc2D)y-M$J~+@S^bUsg$bEb4u=_f@F@xb$2o@*6-_fP$*sjVF=|v(cDyrTi5#$hXw0 zi7Q1UL#$$Sl9gQ1$I)i)KE7|s2+}Fo48aKcUej;kP!`{G z1nr3`ECl)nDK^!=i}~)xId6iqT@h5yM-m!!o;VHH)xICeF05}0qXzawa9*)awrS7w z1&=o9Bd{LO1dko>;WT`s1GG0%4}rsIP_pp;?%jJV-3Zt`OTQ#MaE-|N{(HhuEYG+X z$OvEP8L4;JZW1AV)z}?nFgF8peUi8nD<9BboAc&gB!5ZLlVL&dCC*wO_#-=Bh(MDg zmU=;F!+_)yRoQ)l{haF=c6Q>o1+|sFT2Z%y(Q(8Jo#eLOE1q-JYiB;iiQ(b&tbN4sXtg20>qoEOB&gFmLU8xIf-W( zo_t@}_B+ZF@kE(eYo_CR*o^!k!YRKxk^T%K+xWh%C{0AW<~6Yve*UdRywjlKJY8gI zx|W_C%(N>PUa3i&p4Xk@azU*t z(R$m$xj{R})fOYP$vK;s)l4_V=N<;Q`0$+^u!tKljM6emIZW!(lv_2}dKPqNC90xo za?8=0XXnM9K5f?!+ft?nC~bIaZv zTW>2yZ#HUeg*~O_+F{xL{pcj#JXW!X9Zqs8PnQ`qHY~yLPv@;HoKeRY%atB*aQNPccCVtyv=Z z;F;h>N+9&*6UMp%&lkM#-xE$oYsLw&li*~TUEUM@tN zAJoK0bJ{FnEad#7CEsjpF~Jy4Q}!9=-Wh<{P6F>n%Et-D*MPyja0{iT&B?_*uiE!h zJ8n#l-=8Mkr%^wr6TU_=O)#nj3D{uQ&J2jd3)6%^kf*J_OaQZfyAHU8FPNE|KDhX1 zN;T(tv60gjnxV(4xKk5ku-(m6ZF$wb%d9Bj2{c-Z{Q7)~d*xG`$12wSG&9aQtlr_W zf+5XroilC&b~prg&!JzF7rEu1G(x=S~$U_>7C&I>Hkv9Gg7`{yx0M`o=VlI8-pG|XsD z5=@8Dn;*Wod!gWACNK2U;>n-a0NMTk6=(i(^08saOBoHA7g%GSh0Xo#xg(wDlVv6D z(~ka>-gER{KClR0ces4xX`GFO?OD!U{^Ql&T{b$_C=a2zo%8plUJX>xr+eSM51rT= ztXzuygKCY!dq^pfKy36-K8b96wOe+F27l&3d^KS^gc3wN(YtQ$X($XamxeD{$&yku zUOSc@?>LxKz>rzVMq}j=g5=+&*prQh!8V6d!9q3-U_cqrp!;g)!lV|i{jjMiYJP${ z;w)n8bw~Vyw%M)+!@>6CExa@JmrcJyAuVVns404FbUm_`lP=8)*kB&_EDw<};XX8t z-6vX)r`)uHd+ervW;&T{`G%;e75M6aLyBMB!@cK#0DD0G$!a=tA%04mFNY$PBGqa< z22XlOh^!=zo9gW-mApO$0Bq*rglr?dhw1FsO7N|;fnqgNsdp`^CKcfa6qtWIon_w= zAFRw9?@F6AZ_au6MK(@M&Hpxz<`T%Dvs<3{^XBN!eE-7%hD9v4$~7!h^{?~Je`=e0 zbmkzB=&kHUiKc5@_<(nhwI{i`wn*(-7%3-C`Bp@YWh9k_wuR~yys!h%J6S85zgAkWJRsIsNhlOB z^z}xEP;l7E)*cfCsKiQx>IaMgWv6+4f$ijDq2$$10Qb9GciFeS@Z(dEU zP|h&FajY-4tC;-QZsi=-y92E~%l{Vp2HshIo9Q2SEGjr1?dME-I_Lj1>6l2|b!~%~ z>IP-Sr7NX!xnWB9!0sem^*o{bTfS!O#jEk%UQVCu>sp8ENHu$tZ61EZ+TYp5kqrGk zhG8v-3tKY9MU3W0xAzZ4tdt=4zP1?5OY8Z`Q~5apPOSv}jN2Z{cdGt;)^qZcvkPnq z9;pHMeJZ|aJ#PJYSRGiRb4mjL+7hD|l!w;As=btwvzW%1Gf(LyP6!_Dsq&^Q>qC=U`zNbM(zds?+G=29!e zww+#vzi)?W|9;{=T8#-4hhzvCt6YbWn<&Th6n1hf*X;!kDwGkeTV5Ig)8Yjj5O<($ zUaTm^!$kr8;|(tdh-0ja&8(#q`?QZ%e$`3zWauWh21LNrsrx>$XvO=}HMPM#4sh7r znQWS>!#uxK$eDlH<%h-ijzw;UJsH-0?@E$+Y>-!T973n%-u+@X@#g#*EGqhowFMTzeNZKvkb{BC(wm(2i_ z{0vp={_1?AUq%+?2h-?~DjIzSE>0(7s)167rbFJkPrkfPGqzj4M?MkdSK&_$CK<-2 z%>UNxAx)oIFzh&fF3#hZx&Ck?ft+oVQ;;eyq~{mG}WcC&-hedSh0> zF;op{vy4T%ta@AEH%}hDNv1Q(Y9$ci%|vgjdid4fe-u356*YC#sK57q$QuqN6`v3m z<;H2qS??R%5jOb8rD4uCvA*|G7&&bLL+*MvS41|nfjdl*+$jQQPRX6m2}V_IeubCT zNuD0qJxQC3aQb=h%xKHY8ZYAd#Kgd^s=~kGb9DU*sAhk8JSXg$!ot=)1cg(^*#6X_ z`{2}a0H0YEk;Ib{AYeA&(liN0bQv93b-?K@N z;Uz(UxQ|t*WGy0~;EO(4G(d(*QAKVGhr19rLloWfn&;nsfbE5=>m$eW_ea@> zTh&8!#zczuoD-fIoq^2TS`Ft$&M6N`JJ{$fvP<3laxPjRp50nZSPfUQY_1S8@-zxw z=8rD_3;$y?wt#IH?t1z~i8lFvJiT{3mH!_%-qw<2WtW+qmF&vFLC7JQ$ER#Uw&NI; zvPb9O$g#pXM#$dhkYvZ{94ou5<5&kr$L4qS{oVKdHxK9GT-W>k8qejZj{K(ED<);D zlF!|!f1is|r|`n0x3XVmH}m7~_YZ~Bk@0G3=O2#^khA~;lj!ak5f0o%_q~I4TR`9& zItn-<)>y9Olcn5YCT>UcP7+CZA;hhdNv~5f%M<&%gh+v03zBv>&)qNLGk08F?f0V> zhDRHntb~JTNjR^Mp}}&wEWmE4Y02)8!OaMYDR^Xg0hZ6)WVPIaytU{P3g*dCw{NA* zi%ni@jj9mgNIPUFe79tKj(YwEPUrXT%eh45j6BwYUB8(z*}I@58|SXVM(FQAeU zort#CQO@H(fP-WXmGfi{JMQ|zH?cz@T|ipQVr!#WdTi#2f@KbFw!UZ&K@|y}SShxZ zjD&4Qw8V~|kPBVC51KLCul+kK2Of?DCk{nz(4nqUuZ{@37aDlr#iDy$^W=A1=~kf% z#Y{Mv5T>e;0G(EY&Pbn`(LC3tnY2#iI#Uv~Y9JBKvvH*FmK<1zqH9Wvjwp{M_pdrP zOl}-oIir4LoB1+nN&Q>;Z8Vqs4rD%k=BmzWl0U4^;$m%GkO$AV2~90&XYj5D>{%Cj zLiVz|yDLMa%gN2l&Ge%im-xi~TPtIf;e9(4=H&rVeEa~RDB(R$)M1Lv%7+?w9C zBLCwuj0T{?&GOq8=mFxp( z6X=!ktl*ZfK^6<+poC|6aH2b0K~vMUHco-MA(%bP6fSAlGMn9Gfjden#;;qUuQ+(t z^ATG19sP)QN6iW*q|i0>cC#MoYDL3!{cqI-DS_(8ZZ@tJxy zJ5wWiX={R>G2yJ1!)|w|Rx5L2=xuBhnUXraJp~sIovf2m%-K6<2*d&8(eKp@0%W9` zpkMYy0G)|!YBM~0ufCAZe{{cAbF03%ajym*)_1**S-ls(Q+x2*F91P@_TTIg1X80% zmkl@*K55_4cdt&S4BW9F{)Ft*xM5kOd=GrUU2gx4{D`}6Kuo}gkC^EtglF*{Ao`@H zc?=E6WDBOvgFb0{17P|OtF+E{IpzD9rq7Lnw*~(Hqc8WrRArVI< z$>X;9wU9^9O55@z`+6C<`cOAGXq;n>{L9Bu6>1{0hK_sGziW|J;BwkA?2Y(>oT+FV z67DtS&X;wAv#gA>Y^elvQ^z5SqcR?oS9$F;vt=btv^1{=!so6LnfY^LJBhul18-cr z{U0eaxcIA@oEFm50Hq)&-gLoj)EjfLOo(Orc{$T*Z}87GYDP!P1WTb=sAvK#eW18; z=|%H%hJ#sj&BfZiE)DQMq-g0`I0`*66XOId0{Z!U6#MyhU!f=Ibk{7^X5jn&S1=9@ z%OUDc!B&xeCn5n8ohSKCzupp$uAb?OU(kMSpb_4U; zx`!GW7(l@CQIQ%dVVDuQ1kmK@rt!)Y^^y&PODdZpZ8jT;17 z>(YF@Mm^d`04YD|3-@`8i+|Qdx!c4-hsS@0Y|@5+Pj=bwp~?#v#^Z8^J6r7N6N)3M(YN({E63RbTBcf73Ye$$vJBnN7IL?G;@GBc46~X0+4&9_r77UI z&4<{Fdwa>=d4GQeZ(P0Q>=}>%9eLhx6h|N(^S6Bb2ltR2$pG3o$e{7I0669aOmGE5 zX}qL@xoGxrzaK3F>JJv;>n&I6q@6{#{z(mX6E0A~)ZBNt9*E*wpN}UGP%ru#R4W4Y z-%zII9Xi9fL_0}+Y_ZlyXi5~(T`f_bhmW!;OQNI?g6f;%(dEZYv=h<10uR?Fizn@- z9ie-{aA?jUqaR)Am>XDinr(etX_0=EcW~qfpzt}N(MtpkP%;3_<^k>JmuIBeFs5Ak zo1{JKgP(QR2Jkaez)jZ($M%{@Pv~+C2<*0Sh2 zbi63Tv&>tbeJ;sCVgZWmK|ZD~mdlHyeEV7@lrN{iTiKKY`LkYavRwiHA=B7Qy*&SGwAT#CPB^F{wGnBqX9)JPA1OmVBscvi;mC>x;h zW$L6kVAIM6^4UZ}rB*>>Qyv@z;j5``a6TuNpfw))K;=r>S`ANRP4&w~X>MhXe@-I5 z1H0w}pPxE?!S3!zTM5&fQs&cR-S5z6(@>D2$e^l=Htx8{n)$?sUq{7nufd71g!!%{ zjL6obKH-(>dT&XIofjh(?So*)SRFS)54$m{#ooiuYFs!qC3mhk788eC*yKVePv6Uy zK-;Nc-%_%>vbBF|Uks93K-bm@$$-k(BiU;IONdx_xKbuckhqtpTbj3t(sdAep)bGe zdO_UaODW#Ks@(iChZq*!6xO=S0n$;)>&aTzFZ-|zwyN&h-r`+9l488}Tc^w{lMggLF3pSOS-Uy&6y#oBYFe)z+kcGC1Y`2v z$?d-_?9X#wwG!*^F;&3tUjmh%M0_wY88or!#L1ftD)`M>25js4F27LO!)q#ZXDc@@ z-B8&Z^2+m-*~`hrqYL@O1%0kD;%UkNv*dAdQuxR5v=b32>85w%3d044>N($_Jtq zhSFg6(PD58=Bb0zAZmCs+_OHDzh>WRa>=})07;hYgDUFQL8vR=cLoPhx$p59Ow@#$Zygz;JjIICOsz)scHG-t*NbK8g5kk!6V;hQP7TJ};+-s_wQbkT+RJxn0JT4e@-ZfD% zOHA99M^8dfO=}+y!lbOlArDd0!(YiNFXoB#v)K$efW2XZ?qyBusC#-*uPjmB9P4e? zfV*Gr2NrDC_|}*)al1{$Rk@LTP!q>!PetyuN!hyfMwSDv@&n zfHP}zb}uRhwkBzm1MRfi$vhJiz8aXNzk|h$uDQFr-OFg?$m;R%GOjL%Ekg)*MYH#$ z{MH>?brK-HQAysq4O@9Xrals!s`C{=1At^jA}o&GE10czW+!=QlHwU`zwTEr?)(-= zT=9uZ(@abL^1!dSP@y~s+N>=;-tYcGn|=WNYzwhN+D7jX+W>|zjT~BtH>Yl}fvE5d ztHHO_Tq|)5#LIx0-8Q4|;-xj^sry^tD4&-Nfvp7-efUWgFC8AUQZ(ZfweQiNDIPw6 zE4xzh*!mf}FPY56r)-tY*?Td=#|}jg(Fj|Z9>O=L=t(^i^`XzL$s~x88Uk{p+zY|X zrH&bmKT>;{D4(Z^_0C_nc|aK7nwpjx7Yi@DGCkRUx!JF0Y}r~>-$cKRyq;v} z=d3>PXs_h#bPMxVgA6DC--hk($=sgh$0|U=2i^up-0Q9@30QYK;CQ-hLQ?lZ6mhb| z@WgKCI;oXqjxvwM1!p-r-j*wv{so4W1K;_zlN49pUB{GNiX$dPTMGmkE514$kScR|~u_1S23X?FZA+?^d8cJs_`= zXJ+ws8J{D#85;q%0pagQ6m%d~1N2B#M<%nnm$@%4fgqT6k!c0QDZLy=8bhR z_u%lZZi{S{B3G_)_`XsUNt-dIhb<7pk_79OtpYBiap67*mnoZ*^Hzsj;WZOJJ!Kar zylU&*eA;8eHI&S!Fx}^y4+f_B@gLDixY6|=9ci(h(>{1`D@}SBl45I_qea4J;R3cM z6Lfb@27Y7l`SG52^4Ww0gKJ*h&&eTu{nH~wt*0xyt}9oTWA7}i%?gDr+LUk}%M-U$G7k?X}~@H_31D_Q)#yU!;D?BuT$MZPBRq1?B|r3TxbijJA2a;)~b%gczcjqy8J zFL4!`S#y~C0PQ5Uoi~q&yO>x!mwbjgz4Q3_UBZ<55p``-x<8%JFs4vrZAEj`wSaZU zght>b{n`*Kr9?=OpWhzwQ8h4f++EXyD&hFu*zvjzwuB%DILc8<2Ymu3%63d<71b*pJ z-K$T&9Sik~+12Z6Xn|-4nreRhzgLoWoVO@R&2vxI8K(AsUKOxu_0~c;vEFe^qZ(k< zsB3GyWBGkEY4+3oY)bzHg#J$CBH>_7Hgb1golU4KM^Q)UZpA3`m?{~pkysa0uJfM( z%E&wcAlf7|c&O{U*YYHh?n-Lkpec(vPJMp1nAO#g`%u-{jaJSnEPOWAzmCZB04Ja7 zd@BZNKf-w#ctZ}Qcc&`%fYtoHQ!D1Ter(mo4tmbq# zdyoc|nHCx^&ey|#TVI_ZMNn1MC+WB|fO0sdz6uZ@j5n)$eRCO#{wq&;fyIheIT#x- zxA$B#yr3v!T0E6`I9oiV^7es%SE*u-We)SvWNoF;%b2f(amfv04G@Z4-yt}G1YHJYZKJAsbvTc2GPfEHm6%3Ab_<>C$ zZcnsyg)AOsg+J|6UwTII5#FwTXBf|-aHM;JUOLUhv?kScv5P?+NpCqRENYws zh&~4=yhL?sVeiT6B?6|WOxmso77)B}K4|>@j<+?c}cc?0?Er*rz5Z{vmE!kr+$_aFI})7eu963Rj~pER_h%_&m|!F z9o7-dkLq!_RDhrZ!Tj*G`_i{gh9Hb$Y>?7zBtpYZ&caixU@`rDo#pZrNF-c(E6fQ} zk-E0NT@7lma&1$1o62$?c`WTqu;%MGw~`U_d4FOjaGdXMo$PPG?>&~{(`B$_5}c_M zbGb#Nw5T>3p);u1b+PanK1F0F?DceApO=B?Nk@2I#_{k>A^plI-|gzeg_YL+H5Y2m z;W@?nmTx0{<-wHap2rYrrmo#t0~Y|~eARpDZguF@*|$Ld|ax|QM<>E zt=~Yn;3)A%A>no+(C&9dkW%R0M;pbS(8y7{4+AWRR~LrIV?Z)>9tJ=HZ&&_v z=%)3M#&V346l!tSz?B}Vska6Y?*@+OGK2Hm32rkgQxn-uAD1j;K8?w@EL0fj`=E^TO0nR)?}NJD7Xvm)*0pI(ioN*X zjfF>tVl#fn&jEzVN^J=N@;b54dvXjW}#S4-6 z5i3M-JKXSIUMwrsHpzY}B`R$66o>2y7wEHr7SC7 zmz@RNM_cb{+I*k$0RmgMG81`L)nwdPZr$(1f$%u@709c%!~3CiSy0tH=(=KuW?Ch5 z&$%JflJHy1+0Fm`Lb}+3UE)n?Ic}rKyYyH^o$>#eCm>w60g}>muvHU-s~V8ov1{SD z{myK4Xs~SDinyp|%6}Uj(4)E=R6KyWNBiaseU~a^hfc#5p2gA~7%Q#(B2$ncIR}>x zU#wyQ)*yMGT4v$}9aqA=Whd<4Lr+@D{8no`z*CSXyDNU{flx4cdN*n)Y!-dRM<3L$ zzOI$58_sJ8(Bc0vouMrJ!Agdj8`rEZUPx(&!AMF^e2KywVSy!ml<(Co2}Wuw6E5EU z2QJ4gfj?&fWV%CF^MPMGM~wcN*y!1+|E7POJtoVCkx5Qf^i7&zF3h%QP8CbnON zKS6q$1$P~TRiP(a+m7vW>-XZ6Yfp~4ijUfIasjwmN3+0hw(*3cKl?Ck>GyD}0Ymsc zmsQBB7NDKt(ST1sj$Zd?BMR~xCwHkwh@?&J@A?ADk%E(XQI`|VL(QR<6+@2bL0yf+ zg22Wo&zlXDKEFk3h#+w+L%V#{D2>Ky*_=QVIsKZryr*}leP3bDYwV8HHJ&{ zo8$4m=BGvW*}aR;*D+t+WLl-9zJ#5reaVFEHt{ZZvvwOtiFg>S{k0PcKAA|$wgVKU zc?TK|4T=NN!0!?NvGQtjME1X`7Vm8|7Xt)NkX_R{&L;K37eHLLcEqQ@#*(8Q$DsBN zHMVmorl zkZ-PE{GM<_3!_h=DX;zb=N%Hpaky^r4?cCTYcPNFQs`YkOud?mI#Sc%KCE%CR*S6i zesm;gNjE2B^B1CfW|iii+N{&*DCpY>jUc@jH?4lyWClCuQ1IJZp&T=`=#s)9I=we@ zSS?)Kuf7O`#5XtS0xkSbj@ilVhahpBSsz&sgEiL#8Ju5WBhVo|ddz1b{6df?0(XQ2 zy5%0dN*XD82|m~QEHj>kD@0P*_RH{K3}%IN^}@6&Hh=~r&gUgpR)uE@Rdo)_y>nUV z;fC*ASJwQrCv(E!)?8ke7MwvR5VzlJ z8YpD&_N0bmJgU{*fU^;-x_^xnPU zk&heAizv-ChH2Pzh3Rs8p}H}(9k62X`zJZwb$((1x+0J_sKh+wced8hR|7xUkw#Jr zt`FLjiAsQ*TM3p)e|%bPC=X8SJOwrF^V$6nYfU?9gtxG=-Oeh(v}_Rqwa5GXzYdz| zkt0d3?qq3B1)Ido&W~$gvlz>&Qyjk|A&>PuM#4G?TF@g6XuYof!>$AuwFIuD&MLZF z*}V*hi`DVY*?$V?d~;LYYTqtjVEzaFzMbKX0M;4~xBd(uhY{n~GU^(Hjh*7=>FhBe zHFr!3Ta{x%=!k0QOJPUO2UYry53&oRCC_%grgxqP|!qQp*Q@^<2)$0yi|kgs&|> z2L#w+@Xy$Zu;lf58k*h~Z%ZzzK3VH3R`<0MNkWAbSJK@itR9O`!yU3(sAUR!<(fMG zs0Dc}qI34aD-tft7`fz%-JvcQVCv0GtA*QYS2IvdPOr6{?zcP6=-O@-Il#3>%~(n< z{Q!jQ(tC;FrAn)n##p*=>*Ic@jz1HH>N0`T>42GKXFmRqLCuN52~_BZRK$*j^Im}h z)XrPit!3G}G0G<760sxgNr1m3l1d2H|*V9RMaVj*FAey_BiHq z7KbE5#nx3pd$(Ztq z;%^YX`F4Wz=dnc7K+e-T-M*}u1Y0rq$ZbPwe&_%sp<;Qf%y%p`?;Vb(#41?5ht>#a zc}Q*A9D}Qr8M$7K`*5Pn&sE0q`#EwYMeo}$^)DXVHKv5_EuQR%x}KDk2jbJ7!KQ~u z1)Dt0kfVG-f0OCW3+TgnP3#`PdNujhkkZj+4Fxo^^eDjM1eDzK&M2(iu2OGP2_K7= z2|NDSR&l5#YAb9Duu}e2ZLK)3BWs1mUC5rJDBy;&>uf@+;vnU@Mt=$ZwM1+DSCu!Y zC(1Wgmn&vqQc=OiR@yzN39c4z@{h>B){RCM1S1U z(kTBH1?f|52UALGx*aL2F4~X4@MgNQSg^B34*y8AIDt(qSZ21N^TfpiF@Q4Jl5ktC zpo>bJ=MZ=RydnPvnU`UK!7J7?`%wWVMe?rpkKTP|V0h~`)rB6JR>JJBi+eY7+y$}&L`d-IG_)xPqp|+X zhH%p!Kr6WBS$vesKCS96`>$G|>b#~8-A{(6uH3(Eb37wAVhHTWCO5RvxIb(|P`^vH zfvtp3&Tr`j+>{^XhoUMw5+^Z$Qj?~M>tCY`1s=WDtH?P5uAu(3FRBI3jklw?KWQsZ z&xkewwk^#wTHBG+d!9qMWnuD)#UY?IdQqqAw{sBx;+#duESJh|F;#SbH!7)Y*wgM~ zKVaB#fG-aHJ}Rx-4e(7Ay@ER4S02nO4u#F*L4kOnmU_t_9xVF0LFtd&pu5!yvID{+ z=|vN|eP`(7P@Ax9D%^2Auj+cBU-*Vw3i#-^$u**e^##^xFX%a__#MJvz-FjXT+wFq zE6r(iqzzb=lRDGgy2vw5c5R&wF-)4RI@UVycF6XIY#M8y&f~-Ki zuQiB{sg8e^7MbjnUabMB7l7^P`Bv2nt*R4PZCUo`cq4z|$opW29{ZT+P01jx&1Ku0 z0zywQC+I-GfcVJ!pIqn7g^r#C43yb4hB7jbQR%$lF*j?$qb{+Z(Jdf%Aqx(txb9fY ztL{W=y_?Q)Z=6Q*EME^3867k9jl0l>RwNThZ}F16zRVm&>Kx}zK+4vez;k^7Yi98e z6#6qM$fbIRmN`AiZ6;0{xO7kI?E@=Sc1nBevtTD$3O{j3@Nf*`z{LOTnD2{SuZHi9 z4%$rw1R2E85Z(5cdkBMDKU5{1Cdip(kvYk^XNy5*8?x!GTiOcYJ2|B3D=ir!c7Ge( zYyo&p0XE1_TorD8l)O@|T59kK5uBB_ni4(!4F7I?^yIV@AI-rndqWaEx$^n=V53cA z?c|Ta(vOp4Sl&wOr^PlqwuVC;$dHA}yFAIMZAZ6ba(G?`KmOekC!w%s*mz0%xW3Q} z<6FM#p|V2)_H2E2d3wZkyt8@^S{=XMeS9!&#K0d`eiNXjzcp|#nbeAj9>A|EEzQek zm+w&iiLGRfa~Bz9L{)s{rJ%dMH9=$LrZkMRDXrGHa4}YOJG-mnuN~$HuK&nrn2b4|M^7veERXN_FMN3$1Dd&VG-ft!z#<+EXQG+OxEKhb$bM zcX2L(5Ghhxc%iDUUgsx>^e(4%^D`fNNMpUEGVbTifIfjLKN75BIb*RRhk}Z#~JDo zD(~G)P^-#g5Sn|it;*iBp70Fw2^G+j+bsSUxjUFrapUg2q z;A!xm+na=2`@LOHXly&%jvket0KN5f{9J+pti2ETXLq>y`mH`AJB}^$Mh~TH%a3`- zTW1sh=k^5q`V8Vb!(i%b`NJBo9*ANe#pTdvw%t^M+9d|KHO8-Cwx6UW=I+RsXe1Pj z3hpm`2s!-4;JPWV30eaXp=4ckgi}(8n&CR_6U|>5CyPJ60`RA8{Wc2AbB~l-QS3@H zev_|!w*=5(Q%WBR$~&YJ|I*jZm_po@F~m&harM8poHU)EgJ}soo+p#0x$V3k4z#?I z>W2bxu`Ro4uHH$2$h|_>)b}Kcd1^)6&8So0!#_DZJ%WlkQaZlPdq{By%&F*VV?Anr zls6m1y}sEypAyImJicT&edOdO(~>eCr4~ER5F!kK^cQRETYXp0;4Q8n?d6!z)|Ce5 z4Z}ge)B#Drq~x(+qZ!M({n8@!#FwNHEm&fM0us=*X;n=al>g*BwX3?fFD z$s;0U2}C_W?)A#9$IGfYrjGDS31H!kmx;aGA7E#NAw+@40uJ_0radoJMhd>kM2;NP zbaV9dA?((1Z?mjaE>N1)*q*$z7?u9WSNsxtBN<0%l3kJ>z>R2AvMhpA^=YDijf20; zKNN%Ixhd)a4Bv=|2>ZQNbzZCBFTt=>0~xdRO=sJr@h*(0ytZcIl{q*mb-L?|{j(%|v=z@D<` z^#EZa04DV~))xd&g$&UEhfPvZDI{j8iNG8RF!nQ**Rlm`@YaIBWtM`T`f%*zC zgZ>!}SpA?Ed5HW^zOXnr^gjTqqpRKZAg(E+{W{1*3;D1w z_8yXMDt4wRMDr@(?)d+j5Bhr(1Cq|g|6~~7Xj|w;Q|?gIFblHC*dFm%azc`}n_G4v z@!03e^PGyiVkaffGAl&NL)L8co)bcTM1J;=L)9AvI?q};(b+dn>N3-2M*Cq0L-!CUlJ*l%MW*T@GW=a*67qn*)T->!w zfNA*m9NfGLQUpj%pJx4?yqsXsHpjl7Z3Z>T0z?jGFd0BPoC-a zML>hS;T><4-w08t(e-6cLA3+-(|tXQ<9c5-PtvBFiv9`LD~#ieZL|Ounos-#RiTeN z^dhOn$PHz}A6kF;KSXy9x*;F$g*F1c;ol3*}5Ivv6S2)d28E13W!z@+`sP{D2V<7jlG z)dHk%=S4{(Ds2Q=?taWyqJd7SLJ*8yZ4yB=7&EKlHD#!wBws(7)46QvI~t!fquY?Z zD&XFX^c_l{}%g~3t!|)0|l-fl0UOq z8e#Hw*qYS@IbpCM$n3rFE$!QI)RRTjjg4;0vW=hDeXs~WBHgj`mb*nyX=C@IJ?yo0 zS~}P)33LuNL(%B#xg+-D=QySmeYy)*An|BIN_l&vq=2JQwvE&}e&|0l2zeG%oQ>1E zE`wfXi%U^+?)!#EKg-m48T4IoXQU=JLl26$(I%+P54yxH_M(43ghI4N@{CuPbqjm4 ze(02}O0qa;1fAMc+pJ~qah+^vGZ9o5?4Za~P7BsTFfCToKS;S_2JWH>Ea5UrFH?ez z`mh6xwK5XsyM!0-mL9O`9q+U7+aeXph`yUScz%^$shfElCn*{q5uRYIn zi0dxmP`3!~q#XyWt;h2@+Ud_#Y+sXphIFnU(kOc^r0J`#bFcs6JX^=2PZ=!Uw;i|m zI+tSW8Ya9atv-rfQt!V%q7Ak{Jh92Hy{MAVQ0I3ioZmRYOy`Mr-gI+>3m;Lr^dL#zWn?rS5eK4pv;#;rDf)i{*=UNfpbC(1! zkDAEEH>^F$t%-lav*TTL&h*{LCNg9;)O3H<=m_ZRds%ZACQ?`~!cP*GjmzEwUS4Pe81w&pdReaXYqOh~`kxrH zE42Ue$|GBrsSm?X5$zTAUj!7NDriLwu^Zjmp!zCT#~U--n=gK{(&4h$`-R6(8t4`b zU*5b*hYEdo+7;86t9!xqd)W8nXWa5Vx8|~Bg(51PSY-rn3gwpwS5JNfo<8;sM(6?7 zFE|^a8r=3bkJ~^H41~P=%Hry1#qVD{^c7AoW$Rc!_B&TmAn3NvY}NlZdbHW;futZ5 z2$QAUsNE!8b%I=eVBnnQEWqbz&(@XrMOOL%!urJZ@vJiw#fL8jGOwa7zP*mPPwdv$ zsK@1mthspH8AYcG#Ei01AQ=A(h-mMJapJ>%wGP+C6IRqhpNf$oR;C){^dhS=O)J(4 zg++wQBa*GY{p2U9Yx()MoGsT|xh0$BROtIcGAVc6qLuc{9Zx?(cq< zPF2(}wl_Zj>G67HD&CmUH(gL~|D5~D_RazO;-bAEBKq(frx@2%!uy3v&ocY9x5e6y zdglp()68h-RxHA|yc@YH9tR7)z+bkml@nK@?P*7x=+NMBKY_JpTY8tIit!$~x({h? zs+}E3Ph`K@trqUrmm2L#E8iQtrr&JBlsSD(XW$Ip!;dq`=9B&Xo=@{K@>PG-nUS zEYh465%^`JyAj=t2?&n`h0^gXfVvt$TBLVv*QV91pFJG7ArY!pn9s3_W>q&q#*xp~ zzUy_fck*`On0%Qdf3DJ*d4Zw(2al_AoTAKsgt$rlwoix*F1-Rv;rwC~xyW-RWqmfS z*@%49O{)8c=mO2EPT%Mj7w-QeKSW1{J6$zWR2CB^%&r!AB04hXE5NPY7w%BF`y{Ln zzNE>hAW?U?s>A?mu6M6w6ruG8z6=)T#=z14F_(FfxgDvH zM8qp4AOD!p!d-u^$1e5uo61EulWSIqFp10U0+04V9B$J%b8$4t=158}v2j;h z){PyX3x2FB2sh#y+mD7KrqFP~_*<;&E9+;H=Av(nz!_c`GnAC0=6+UhqE)mUf=y zDQ88Qf#_15SU>m9JLP;x6d5X@D@5wp;#*bV% zDvkFkEb4;XBn?t+Qh9>hNsBI@kFiIB+I;p1uJiT1k<6gDRTecx2uiYQBpL%R3wU*- zhV3%o6y>vLYqUi39*Gx2YNSldApT~bHkS)=mjep_=DoDymklOua{p~S>UUHZJyz{I zWk$CY_^n(irdbwH$kVzjt>V;d;<8)gsncWbyP$9?608jem zdYT3b!8?AGJkzB(C7HEXs>-V5w7EI2=)TJ*J^Wt6|J+PDwn^38N^xzvOYpd~+c<&$ z=YY7m5Lkg%7Kod*ANt=WIeB+#tcpDcCK4 z2~k+WAJM_c)nB^z`lGXn(Vj84Dx|YG)y)AT?$1nRwKq7!`)K!6P~+MIZlcCh`L))u zuYO*$gB&zyP#|_eTVHqNiiT3PjHBnIzVdZ463A*}D%6isfx&826Ga3k4Tfc=&bZ=>v2s}cyK z5VXiTR#K9Y2Lg(&wM*4*sqJf6IPIxz^$LcRUM7(hy)>j{LP7(@26y=gjAqEq*X3Rb zzy6LBRv2N4{K&(A3#QrQVm?%&LoxRiKF0qjBadw_ABRwQTsbS$^B?&oiT_nIeu(YK zP?#aAzEqHkW_$kJ`!+N|vN&`B_C%s!9j}_lBJYzoJlJ<5owWOP0FCz1zA^9@OLjhI!_{g9hBzxt1DA9_|&B%8?ZTF)B}su;`_mx?_qJS^tjJ)S~&b znQ!_2{IFQ^7Oy9EjsGLVw<)QPOO>Aj%e{GD`8Ho7 zSWw;y)m`of_rsky6>}-Z{VexC*9*L#RE*#oc6ul7KUBWm>$&rhFPrc1tcpW;J z|1y8R&9(p~PA)I8f6^;y{Kj#3rZU>OEC?q=AWhc-v-V>p{p>|Y{X1)q#ImjcO5rF^ zwT3_Ck6nv~hnFDn-h$xo2RYm&3TL$%uQkJ})aLQ~#v!2wb8f>kNV@EF4)TG_K?h^e z| z&%4-~%hOg7SIul{$q&&slWBxHmGb?+zKB#Ha8|B;8mw1H#d{(HoB7T{-m?Oz}5DbT8FJv?hcPWaJhQo#GVG%hxv z@-Hc8+jgEPyQ5~JDECwKHz;ln28E?-HDW4ovwkFjBnv@7xc%izXuuS)hKHrd{7%B4Z7YlpIo=@g9 z0l8MR=oj|X?~LqNQU0Ba@t|z*-fzK!7!W9RrAE@M*YP>PGH&!GC&JDe9Ia^xvZ(+P zbXwS}xex5>WZTkwtBQ!R#@aVWYZg;EX}e)0f#@h_LbW0c%q(Ju-6(I`_Lk zw*qX)trtAKg?{+R;OTsp1b(w;M6YkCUVP_r$wokw5jo&@_G;$g4vEtZUZr#`#Kyof zRgKuJX)9#r45IGaYkQ;|A-luMkKd-umhdQ*N$ZUn@!950_3c`T?fe<|I1Ct?cFe&* zu_C5ejX||dDcFd>iBSHJCl01%ZOS(|?FPK=c~org`CP*fMI)^I938v@`R=$^q$rwU z_Q5FT?{Z77MtsDvXs`o74 zS@h@qu-MPz2#Y)93_f(<=M$?aWizk6R)IMDh6wSVK11tlQ)zIG6HT7Dr;l{T8>#21 zSv?jLEHoMG9vNPOBew4GQ@^DWub6Df`dC(6u+f(T{gE_q!XK%|r6T`oi*uMgcjmb2zygm!~PXzJD%_a*?NbyLxe zjgIE2=sQWH1lAl<71Pcb7N)#+7ZgI&WaB1jNL@hgTbXjXL;U^{7F&cPJt>)joNcGkem z4!ykz#_Jev^sD)Hu{8s&OvykhnQX+glc`ummiQn4HBWtwXOx0#g>Niwh;>-oH4 zCCV8tu~%!b^uKRXFMqaay`lHTR=n&=v2Kd1&(i?|J>+JcWrqn?ww@%TCx*D6Zo9lg zihC;fHLsJ&Skyupi@oQ5kfb~7mJ?S{6vt&0B#w!H{(eQVFXDaSpP1`(W*@Npp`Nb^ zd&kH{*M8rpf)54vhX(OhP`?to$As>Lg4kZOXQ;0F8lzoR z?Di7~FIzDI`sbz8R_=i`e>spSb(0aoRjFXPwD9C);@9-bd5NL(Y&jT zw-X8W3hISUeuSYSUHtGjd=c#h#fnrV|vyq7-W#eW|_k&P)&HQV*N3bQ2g}Nq~Kk-&{{X9pnU=@ zeh1QH$uRcV1M9LKqpP4tzOf?5vZkPG8Ml%aGO)N>~Gr@aT;p?R3Rf} zOFCoxLsD6axE{@i?5_X$fFO;GkQiM`D5xOdfNcoKq#2>) zm~=@=O6Mr)+URB@1pxsGsZoM-Hv-av5AW~i`Nh9*pZlEGIoCPYb=l~o&g@|_P~uH6 z`&^ft^_|dXcYXsn=4|>85R$^I8~s?5(Yk=gp|ECgv7o4b8B;39cs1J%2?#oQo|PlPo*T2|LtE@GEE;VMS@-k14IoWIXgwM4$Xp-ee7gpZ>&9CrZ{7A4qp z{QX}rZ;SA!;X!OLfqyZs&xSdW4}8n&8hjVA{%7hrq5@t~2D8dk$HV>%VC5uD{gUlZmp9ffapL0Iac}n&IasNx z6rz*u)Q|8(l9p4$?G>Dz$Z=>O0T9o%p;A#QmAuzp#oS5rV1$GVmX|kfOFH zg3@zc5qs&j8k*oEFd%Ao;?%Y(J0iJK`)GBghpNn41CnWcQUf)V=<^wDAHjrdx9RU2 z&T=bCTB`D#H@+m&VzZk2hYrWOyyCkaK*oSWQ9}m$lcBY4_N>#dV{6t#VF2gz+2jO$ zy?$PV)@rQ@k|e@BoPEo0UpgWDX%y8+=6w0Fi*!tx)t|91{xYc1W)}6Meay`f`x4qV z8Gxb!s{2GO9X;1L))mnm9j0G{NY_K$4FnI{cC!L zylqw&kwVac$Rd+cIk~A%@yNH!@M4_P;{z1iBRFX6k8P@acM#T(_^q zwOB^aC;TLuT<@@_?VzD^v0ylyS-PH5&k*6l18houV1!gl`jIkUr1J2?-g*h2B#ZDz zr6_>S^Qr~gr%$3r#35X9@2g>DAa_>;Z6eKky+A9GMoV{x*zTh&v{1k$(nj3x=tceI& z27T2NG%Dk5@AKUH+b*4xO>zO@tFJc7c;H5 zc3IE_1}kl+?EFYI7Q3BW9qOjMz^aTRli6HWK6lK!UA!ys8>+!W?A;e%&QzZ&S&=8b z?yB*3(XJ|Ks5%LytR>pe#w(j4z4^A++v!7_-?K9NYa#)9IKdZU_gdUj7q9FePrTD0 z0ZV^M=WED*X$VviCLp+(=J*eX{M{l-%6w3rL{(mutodt^moyVe0&Zsa>86#DRN{TY zV;{rJwkwtWlATNxHEdm6mv{NudQabfwnL`H&4PDMnG1;-L97~qFNO4d7s`i*72g~hhOEO#0vss51Ysj zov6ztOIH6_eJ;~dxpz#cNgjUay|>7_=Z!Yh+}SsOD7z3(m5sh})~rl4hEKMJZ#KUo ziA=@EZA_m#yUJGkV>&&IZ!fD*5y3FUMT*F`SDY{%rmTiKe~ehI zHDd-eoK_!A-##Av5hkj_N!N*Blq9r6_|@fP3d5!TD+D}+yS!9bO9!+@!b&DEHqNkIRdcY6|k`&d8?=XK^f z_wy`G#I5f7b_Tvt_Es~@-~Zp|wnHB3R^L+;Z@5QQ(%rXKZV7I&BRqYw5|(>?oHn_G zWgg787o}p~5cde`DgK*}f)?c44u+(c0Posc*;kpDlH?Vsx!Gkx9DB-Mi`;C{QTW{p zN(grJSVBx{4={)WSo2I4Td@jw!qK|dK6^DseMU>&oOzaXkuq!dmXmQ6W?NOht>^h!Z=`wcSC@Ay)HVE5 zUB?ryvv!XTmtA`czCQ0%JnEl1RpF#tn_yT{Wpx0J4V9&ZgZsi^KJ!Dd37%TfX!BC; z>hja$+cNPLl^=TEWayKcO!;Q4kB%p5=Wf|~6AQOPmND{6PJ#R1p2b1}bCwvc|Anyi z_pzb$-oR@TU7hOZRHlC}64?Lh&H=sU818(ci&4I7T0DpB41 zV3B>On0(1{IFu;vJTnW;jxprziMRA0=P@k+PQ8_?dITDWk4R={cWvfYoY}rr&9;$8 zNj+B<_uhHaeAfoB3T-5^X<(mP;|)?mWo}&*rZCCO6ZkZ|U(J}7UQ!Jx)0VW~ zOZx&ql+&P%(zt1H`Fs8`H%kh8gYZWJGb~>V4HrEZ?gre8Ij^;B@wMK{D~oB+n>BF} z++=enA!xbtA70gQu$_}-MdtBCMUo$4H}O6k)oS#VZcuscM4O7KKN`ZHlkGVg)%J^r zwEVU2e5mcAgI3z41Ci;S%tG37H+FpB3zW;tx_DJ;fJJ#t`j?B8BKrs5f|%xuS<~~i zX|tb0RNl#R!0K*f-i-@`hx#&YD@`kCo0F_RF+8Pn1R-xE!#K*So7NyKeb=HGTzGVW z+7AdBZOOTufH69A=lMjKwbRJ+#sV^f2#}b>AJ|NMap22mKR{m&aNc~A=f#f^j0rjd$-m3DvPhGu_@K18h*w+`kwB{=-HRQ zy(yZhJWAz{HV}u{q|fOJBjRBw=TJ65s0&s))CXY#rJreLH{KA}gsP9;`JxAtR>nW` zv7@6-{}$*Gx^p@H}tluW7r zjMycMKH{%|b;W&xpECd5`cQpLwXKiLjAZ2w|3ITAPl=&=+qJ!>0S|dUAd0dQPPm(} z=Y@n$DoFrMe6+TxOH7#an^tP0)VvGbixU~iUg)Tbw#}|cUCL`z;%Xw$qJWn@J(TuI zmziE>I+}LdI^)~VVhB^OHF*VxFp&bcwSV5Jkv%=8+d ziA{fFG!ADS)K--NuT-e`fPEB8im=VxdP&-b124;p7@I8BL#0b%X8cf7#)p>@tl|Ut z`LmDmq;e6VvL$4cPi(=i@P30PO`MS!z6ISBM|&}=h?&Sc-oM7|k4;(t^K)`!2AsD} zGbK6TP3t^1<|S?HTF=-58Q01%ARN2(2Xv<82>vb>-v}i$N3?=t1vy!xbPNdMc}M?y zu}Q!BU>&7O3j8SV*|30;8pB0t)VX*`XCebe!XE_ux*}e8Ew<*^xB|?bkMi$3`V6TO#6uVCz%sg?15oecKFRPjToSBaqInX zZ)b#r13}G~^pN2Q*O;C^%Db+1BtWJA@h7zU9>!?l#afHja$Y1 zgAfavXT^8F@v!(+Nx|MXc$`a8!hNGwI!uKRFtjy2%7f_*R*wX2u;_BAqdSa{rO2umz5^MPMI{Zj`>zY`8Y7z4e zSnnhAx=z9kP&?$~3Rc6gjb&_&R^P{21>GOiE2RI|3 z?~4_j+Xuf?NwJ?D9UTcL{Rgiw+^B;l{7>iQj01nbqZPWbSytsl0dalKrNuoF7>QZW z)mS8W;x2vq+v=UO|Bk$L5GV&>A#Dvy>(BUc@_N@Y%K1=RDt~ zbT3C=dRxn@Z1nKL3uM$TqqVU7V35A53!$2w=I!EI<@+r35nfGIGNf)@h#Mok?5`Fr zIuA!6)I@pG+4TE$m^mnPyiE;0J(9V$#b8EHIgoxJ9_26Kwq2!Bp6=E=JXOCxsOErT z*!3)PQ;!77c(Hd_hR^f1n8Z|!(Kl~aIc^UIOZ)QZ?6O7eR@fuBYS*=*%vXVu0&y2< z6<2e&WES9QbMZqltH|-k6`VmyK@mmyqi*zZcF};p*j|+b-Tsd$ zB$7`|A)~_h4+cV={WWU|_uxgUcA6g$zZ&QJ#~Y&VD*>~1FoZFg&Ny6mL1**Vi)Vau zRx0zq55?a6fT+H9lo*nQ8MwbFH!_=%>w4B=pt{g&_)J(Nh2ie)bx8b%{(mKV&i$jO zo_f5>7s^Xfdc?!4HUYbmu@K$Tvqg$5m7os?^+ywGV5zOz!kDrRD-m1;oNJO)GCh*N zuAO)3nAPQ_q|*n=`uh4{x4@_m-;W>P`0uuQe$cZzQurv~l}JkzqG*c;c^?qLm`Hr4 zaGq0yaoy6gw=5SO;mkNxURWZBjT;yC zuJ4R?$ef)%I%pf72yl!5p}A-Tf|mwp!*JD$3xo;a+a>@p?ppTUM zo=!u#lgLj`AHz?b*lmVT5&J}%3d@5q?)768(e!ogAn!rB*yX?Kis_(5XS@J?$u~cm zsmwX@a>!5}ChpFhtHa|q)%ynhy<%q&!l$w4iMPl5v0(Wa!Rr1%BmC^x4~v9%*2%J5T1FhJ7jwTii?$ z8gWgo!To<4j|F5Nt*;yYawMb`>q}^|305_L8qUBMShrWs(I>tX{BSMivyHangdXNu zFCJa2(+1u3`v!fQy^@zX@*gUmnL6M?e5%sfiw<7p=Hx--pbC=u*XHsfaxe6smgS$< zurF$zam?wr`A~hKCf!a3;Zer*a#ACA0dz;IVu?k#}jT=-b* zu+fd#sRnilHQOqC_gNjVps~{OmE89UoqLB}NALX4++?vSh7BnUwYh!qcexnt%X=Ww zIA5xPh9=R)n0hZ?z);(xy3Jgu#$W7k6x0Yb*UqdcEq*?1@1frJ+y5w1n2>jmVP_Uf zSgLy8P_o3&j~o6lB$1>B@KH#85~cu{s8rbtqfaIn58_a_7Wbre9b#yxI@_I2B$|Us0vj)}>E9ge zv#kjiMOt!DpJa~%PXXs5a^KUncnM2qq#!nr$qS)5Z?`N|q&9?Q!nloD49o$wUm)=td3MKqc?FV|LLo4fM z+gTPd+?%G0-cZB$t&C&m?JuBr3#*)^-{7@ z^5JFc1!pc9mJdc9ocmsAQC{_)I+X_!nz~UZ)57`wjuaz60r=(JN?#MB#LV>qx3Abk ztj8jF`U=}r&|^)$qijUXe(uosbg?bUcsPALPNi_rb93w!Bx2Wz(63nw*si_J@lE&9 z`Dx8ns}gO$)j47{gNhTH_HCxInKb}E3tp?H|GYxXQJh5Xr$-5H`s$h?`6l;yB!l3z zsaWD`Vk7AzAar7U{?6-sGD$Z-y!2-9fGw+3<#32%rG$!(oUX{I`Y>JU-x0~Hxn0+%TJ#iE-FooE z_cIou{Wnf$f(Tc2rl)|8mn+m_g?CQBO7Ld!K5U%7KOT2PdNi&%;yzT-S6(g(q>n(` zF-|Q+xTxAPeQd*3oun=Lj`tJf0hfPzio5#RNh?o>AxJ!WHmaKGZM5G9wiL<+ed7Jw zVa81nvKu3@+pW z*elScU8NN|bGm2p36$3MbPMOKl1UqVg81DL1Ar&Pxg`OgVnALG;`hfV)&SZ9V zw&5wPOn=^@G0Uv0-HLVs@o+&usS| zF?4HQdOtaDx7_oaG0Gz-sqX=95idN4>QZa_WICl~!cJ1IeBqP!0ZG; zMPbQs>k~T7Dl-i1A52DFGb{Zo(z`c8jQ?1QZ47Ys2_VVM|bKii*!Mr3(Hy{QhS`;kK2gh_1DaE z{}(gP+n6O0CVkF`3_xo$J2A>-$}X^}^aPDz*B+}RnG4YL?)~}#pyiS|nUrqDDH=7y zH%w<Y$(OIlz<}-OZXln-wmyuE*OG}BS7*t##IxnWd+zW|>ZNIO$14%0rF&!c3V;*<%%7DY0o-2*hyj zkw*xoxT&oW9HaP~R2L1x>FlZXnd#moOCKj>8d(L^*ZU%W&WwL9(_5Srob!iE*@+(p zSa;f?o=9h8>zP7!GN{PV0ZK&qwixP$8<~-q>>W61O1&05qF^!2<6u4pkH`O>pBr8o zB6f&rB%z%9E>5xh(L+(#aLBU~6~gw6>KrnxO0kJ?QJEbM+NcN1L13xOSA14XP#b3Q z{gw$W7!lbX3(rL(7LVH3Xz*(G2yIyy*z>DYDsh~1Ju;(Tf{HXXLE%XH2)9Dgddbhk z5jsWk?m>QO2?>F9nVOR04j>hJ=D{d5`xY z;)4AEPpOQRav{oi!`dC+nE`EdudiVUeaAA@b9Ajcf&)VR*yOi1C4a&03x|2RkxtK8 zTf)3wI(o?anuLP(9JVCs_dXO1g^z#Hbw%46mXF{0{1{TGSjg`~9~K|q&W@~)&?UZp z!I5h~v0ZF~`;@yDu7y+;ZRjZuiLH7P-<^$^9!nZ`S_^4}k~iPTY-I6L7o2C|U6IK& z?28+>zR(XR_r%N-6pu;u#UYyC*!8R+~WwcVd{ffz|?q5Fh!) ze3NT-L`=NAS?Wh33;^EQ4bM;K?bKfgT=((6e3FpVyDGy>sR@+RrR0! z@Q<7c7{qzO#I|zr?f5TY#6QsivqT>+6v+`Q(DeBkSLCsyJCPqjBk7$wYtVPXN%Ufl zl=-Azp^U`IU#`W=}VV1gyj1>M)07;>9Zz zQhUv9-$BT`1{7B1L|XdzSyjwjZME8UMGfD$AR%^=8d9iWf3=C%6O)e`PD}nUB~K*W zVc3~Jg&5gtO#9ko)W48!w{Rp`OplK2Ue^cm!d#=px-wdZWh5076_+J{%3Wzry{Mo~ zn2ZNbf2*)*uJ>b-$h#UUi4iDpxz*4${v)-AlAYSJRM0~hja_TZM=J}T!U1e>#vW3heVRi zkL4Sv0+4aQX3cNZ#^|DYljq~*fUjmE>UmMQi(Ut6tvs=&JeN6J&K;u zR{hF+P2MbAw#>`}vy<9k|CpJEgdQFx+;O=|LXj0W{)rM z-ALHC31*C){YL3kYN<(XFC7f5o=)v1L4job8BM+R)a zQX_4Y7K4{ulono>LTI|VAERq`1Sc4sg(alb#!G87l^oT1TOv7sz{&hGHzo~i)IGe% zDenSgZP5`VM|Omj5@qu+?zc6`dRq^7(lLge=~6r~7!p0>%Mz!w!bz!bCQ%BlJ~V>P zb;?bOllJ@N5N6w*Nt>}bKSe3?xvMoxCqeUknfJ#PEJCh{#sbc4mxgRdkg7OdZrhR{ z)juH%a>7<#s)TI58hFfA61xkeHnvPU?^JVUWwzC&6)8&}8+1#+$sjO~aiMY5HNYdA zIGHOYmV>_NJ=E^+_Y7uF@0K8JcS!k?Vpw${BL0w?z{<+%{R5KyS&Cifk={Ad=B9N# z{z9N{$LVp{!1>u=)4Igvkn^B8lB=@C+7BWN&tZ-=FS_1u#4-KNL_L^UG@fqBV&mqnk)aD-RC%;lWyh-1Il0ZWE7nd(& zsr$rW;;`K`{%5zzetE#9k3V++EL?vLJ>V~=R$1nBNUmYc7u8W`E@C1XBh&6rIwqB! z$vem}j~c4e{r4k(N{G}ba%h{#Ng#h?g4gfS426uq@|{g zW&xv%#4$K`!4q7yWm>nqBT(oT%hWe|Dcy_CW#gm7zJl2W%ToJR2$en4gx?D;u63vX ztyuR_4CQ}2u@J#wBL+{Ae#6BTqs5><^QXbmX5pu?i#<}5h_Vw@z6D0N-Z4(q z>OzuFRnTx0g-*@_p8*C$#)5V6iG3}{ZLffKPF6H-a0w!^Q}B9KDL}lj;$&#dXi!8# zNB-sFFKH!@3eSuTq!`50fdavp8&`>44KMLhjq*CP|6Dz?^&XNAi=60<5*R`#!-Is_3)>$M?suu~b*s%qFI< z{4k${K-*jaI_p^BjXed{X8XXkp3WrpWie<*!As{?{#xj7$6mT7-ErBI;Y;&NetY|B zD4W_Gyhy4D%zfhk+8m zdAirt@jZVIbH-$Z=?uF<1i4uiS=pNhRU$M80X;Cf*QLH6R)goxWz8 zV~0QNMg*xDUZGxY`ZzKcPBow9Z}%Ng?}3ME&IVf?A6$Oq#6VSz9kpw}V#v}^3)$Tb7l-Sy;fi!LA0CsFwjTZZ6xgZ}i zFl(4=k8O3M^b)ootGW>? zRX#yYN^~n*g7MaE*JZkD;KyU6Afc^YC=t|81IzhvzsVA(;U?d>h<1!~4#>9*#zZ?^ z&bnncZI=3s1laF_7)H{jYp9|k8p zeWP@aL}i?bAy*o9ABgJN_@@5&^D!}>SyJ0jI=kAGiH>r@aRWR*nAfCOtD<|mP1uP# zDxvqTS@}CY1^lYoZ3GX&@zQM>J)Zst=MKuoz0NE+^jmlWTMB=)^$Tb3xA;});0@5k z_RLjU%)LTKsGq<1j?Yv)pA=fv4`*VGpttuN<^nLXkX5VZ)w0~sr|v33n4G1X!G%a6(cn5R#{+z z=uP^P?Wp!yf*iZk%9vuqQ|LH(HQ4rC@|T}c5q+NZL>8`p`Fsc?NNpj;H>llPE!fpW zx|=#lSYdEXCx9gq{*Z&6m%f6sQD0sDa@r6RSX$jTp^^2xvV9E;&_h7vtI^KxKD17! zoyregY^o-I1>DTbdm^l*rhah?FK$PXN-qrK3|l-8X!tJr`}om-8381J|?z$jh=lRUQ#c zeRTa8yXH09L=q1aD~233)dorTT;XUtfi4~C{HR@Qz`2dGjJ4+JV}OP>|Q zv+KQlS90qT4xq8DrzdDrob|ldhO3ClO6F*Yjyk}ldx+Ushy^?+r7j=LugEQ8QanlU zPH&Ch*D&5l*K6>oHp)pzWOP-cx-6$J{zh8OSX~qSgw)V4piqK#jr~4EGKxrCys?|` zSg%@ZW=tW2_3TT+WTD&8xv2&2iJpMgK;|F6uU2>Szo;U)dS&A4Gao2O&J;ZwII)Qj zP;_WD8W`AWJD%o_6;~6%Tx5qWqKNfqF0`HX!wHu;S1FY>xW^pCU|duL(y;^f_FiJka+e zD|OA7c+{XSHuoy9l-ayoLFiZBWo|jxVa#yyC8M(f$rDYuJ7D7h6lO4a3@yz@^@P<) z7!6b8ptafY{E=Vt`ua$BAUs{bh&MwAi3-L%^?X}$X8&j&XckmF>ML5m!>x`XQ`>f8 zT7l)q4%gd$)=pmpn{A0aeVg$A##5uUh=e5`BDlPzF9T{S-YbeQ9Vhd-Jp$oR_VYLjB`|0^d+%S z%Xob?NlZ%G1pOv^ll<%>W4ouw3tzx^hfNbw9rYcnBX=qJ#YDNUB0C<~A-$*@WsjCJ z>NhG{C9Gif@cE2r4fOqp{nLPLz?``*%JR9%5`mzx3BHOk)k%Lj#m002{xP#LR8UZa znx9R1N~Y2k1ahS5;K*ZkSJNl(b-wsHO~X_Isr2$>YyEezYZ-JG*%X<&4ZWY{Q2prH z*o_i461>f{b*#ci9ZW~|Hmqw$%I z%2g-WBihG-;z#uM*YinF9Xz<~^7qMDNpwx!uD`g{H0f(#b+{hP@V#s1^^#BA__-bt zi=1(L;5U>gny;}YrEAP5Nm0DQE3fM5c(NTud&6QAQRgpGZa$w1nY8j~8KZ>t!F0dX zUN>m`7$`P!w?)v$ptRP7f=<6D_P9WF+IOb$VwIiGEZMj&X(WQp*hQBxeOQ!mmOjrs zqC<3IRr@q&-59@tMrj&VQSICm@3!_;m{c^7r@jX%Nylz318Q7uxaLFvzkB$UohOuG zv&wvf#iFVAc8@Qtow19-SIhLDL?ifMq_L|$7>fS@%l9=p|F@$+_@>fw0YoIMx@?IJ zN6E(nx&*x|GcC3)8f>}5NR!4P2~g!*s3)Bk|4EGW2%vcXJK`{=#qp-eXA1jDtS68R zt1$Rp=zc9(QA+#3lQxBG`4Syd;$YE5I~`UDgrhN_PEDxpSniyec07M?JMnYmJ3+CP zftW;$vz(0?F4wI8J!=0O_2*3+m*zQUb3BXU1%Vl2&-l+LzCp7mimRD`N`XN1oIUAZ z%ppZ>44)inPOv~ApWd~lr-E${H+i;QyXNoo+pd*J4Q58Tb%S{i&Z*n{l`$i?`YZ#R z`)j+=@Ic0Hy)ABWWT-JxHnYu~t8^}DNL*to(`TQ6ps1B&^FB#?CRHxE;o@vsDj0|Y zbh+r#xE+9M=*Icgscmqspi-wAa4F%P2vWpH#5dPL0m>fKDQRA7Y|zGvcPY3_Em!x! z4>j{AL2^l!k&}`WD*PSq{pW}B4eGul{VantI(m~|fY&gUQec+xN|_ds})+j7fhsq#s)CSOiQqU|4Dmllm5IAMu1 z_l~D`Pc0OISHEe6<~P8Gl^a^s9@rZX*mK1Qx}gVXjU}0Qe5=`@fR@?T&KWoWeK_}j zy%;NnXn&=e{meUx^a>55{AvR|vDfw^Kn>R%W}l=_>tvho#asK7l+ZN2$wxG|TI4Ez zKXOyn*!dWyDEnUruMXHoreAC&`i3ii?6Q(sA?wrzS^?FtJZFx{2Q{0f##!DEWH$yX zCnc#G7hK7+ae?OJq1`AB*FXuDSK+nuCS1_kxpZuVM<`ga+0o3I^$az(O3w>m?Loj@ z9~-z-7Mt9=NlBko-7l+ED>Hv@_mE-j#UhYS86?fTdY!AB`8c1V z?1H|C#Z zrKwuO0$VYoEJj?3-+vJSIy`xjcN#aN-Qc$)ihTG&|2iKbkvDBkl~^c3y*0kde^ty}=BY_&C^+Wc$#(#v22E z3I2@0K~pkX`a4Vi8 zF0qM17Tv7(&5m_N#)<|tbS6hObPO_tdis2E4o^$mv?%F;v@#ACpGku30>iX?4A}0O zeI>Qe7E{cspO+2p**dyNzi{ypfL>&sG>N7;Dkwq*W(q76)rWA_MeMTX_HeO1jflXF zAV2kb2{i-fG|H4$wmEfqGAcS|jabs%ACgjnlTvg~g{+S%L7iC0VMA}u6g zTB*roOYE-;AV~;6ND`o*o4lKe5{nE z49oH)bf3NP@rb>$nAOdjkvY9uRcMqUXK_xv!pj^eFpX#3f$_7$t` z@zPFm9^&+p;5m})1N-m6chLp&87J{k@67$kKd2DMQ;Q}An3^q6Axw;j7-FKUV_!TO z%ABvMQnFiAv`xN)T3KSVpuY7N3(?VNA53NAf^xA=Sg#W)(*ztQkT9zS4ZtS*E#!X3 z#*%M*ZZfYSv2z}}qrW^b7v=WYDOWwIePLtsBK?=D`?~0LXg-v?+ZlklwmcLlkGYb* zVp98N#zQo_*h{{T&n9L}%G;S9%=aYpqmpIr&|4>1EkpT?{gBH z`<(61y|wxTx_kK-{M6CSpWKEtnQO({%*i8jChIn>U)TPqs9qHoT-J$#DWa$xnl464 zkAbibzA3phs91pp5g9JzPKisx75h_(w%ftN&o+XFQ8Bme4qt`zLPr*Fr9k}Td1j>; zG{Cmrn3oj?jS>Vbh$}wO_W(ihi<8`HjOvFmlmBcSO((NoXqWYy7%SVek-J@>eQ^h? ze;+N(7oH911{nCM<~S}TTHhU_i-}*MFY^5;RM9qixnnR~DoC9@cAL=hCjZ|)?4JOz zs7D~qoREz#S7M)=$tF<;^s#q&)^;$d>27hqLK2SOT)S;}#ylAbv%BET@ePn*n63R? z!KKf>F^B&#BOH;B*f6>j0_(CWI6;50IA?6D%BZ65-YT?lb}u!QbL`y5iwbH|h6Dwm zq{9!UG4F}ft(Yt|kmO%JffIt524q$DzAf*NFOzLoO06VzJ6*kQY>)kAssHOGOy!KYK&mb!C6xdM#%E<^Vbx?KM1`Mxo3@YDS)FI; z4jc2ON&i%6HFmkmB8H4X0?Pt##PiU8oD;@HkBxY)wg41Eq9s9LGfEIW@XqvdY~WQB z>>l~d%g&7zwZj_OG@(l$acd{DjYLUG@43d1q`0odp|6X(Xdiqj)qWyu%vS<(ggWI| zyrWXt*~#)9ypy3I!PmZdOtP|HHoF|)X|%=2_Xy-oWA`NZM?XM$ocx@_fJ@K_WAV4W zelctXBuHaa?F8Df0-dOLeY?t>I>Ge_R3bW8yM(-=iGExL$Z3S> z+a0N~5RhXpGM5C~UB_)=gh`hZ4Mvz-@3F_&{qY_8H&0N${B+OR%xu)Tdgzmts9)$9 z;JvN6ot0_Zx1UeXQcOwp2+W9v%QcoT+w|fCGpQv-Cryi|CCTtQ>9!+;muqt;Alz}w zL`h1q9Pe!O65KcGWHbnvrc+ta>8D*)&_cRsDLt+X;wzo6zjr?lnIp|L)lh}QPZ!^O zpRYbkMl47RRPzksR*Q`w^f^iFq|i;%CA6yTiCT56Nr3*q`(?DXErb4pV%x2pylL-2 zGQ&$>gJBP$XA02V^1wN1uuB9ExJbJt_RtP-Q6;JDqf$->7TZSEQyNxTRktQ}B|ydhOv zcYy#D2zWkJfn<$N9oZpfWe@DS$@9C2w3j{1*y$VSvl8F^nZCCrlWAsO0w2BeD#u@# zuU1EI#WCUwE*pVor6*^{>D26t5lG$^;D4k?|64Ljw++y8Nso-6#mY5H*B|PTu&>jY zRJcv&L)19#XdLS%D&-PVS`96y969}{a4b+YY=lX@Ug%7gRF}St|&D)##sKF?n_V&dCIOElC0&x$JUyayx!KM1EyC= z7>_bpIb}>;QYT~~6k4mp^eF2r+jK0TA=1y+Nx+*H_^tDFH zy3AaOK(T6j7mO3!lkF1fIK78Y*y)N%nE|gMR^D(5zQG>XGk^}e6IW@KO^`>S?b92* zg|wE+&vm_RbSkIQ1 zrg8BpblOp^6Ts@L{JyB1Tf6+&s90d^mw(dfvZ0^ou-r>OW6?dQ4|9)K6}7$6Ql}Zc zLs!|Xw*8M=rYTjJtz1!FUP3Ozp(J`Veaw}>3!WP`^X12nS4qjqH7iTR8C!7D92+?^ zUuWDs;1ML;#iN~tr6q@Tm$een8n?RQL{Fif>!*g@SX3A|`&-$%v_Ek*g^JRfa)GnS7NRi^G8d0fU6P@~5SW=q_r&_{Q2X?6!&%8Cy9+;I2|;BC5u zS>KFarIyl^cOOV0<7Dt$KcGZf4;P3i)#m}57^*+l8LCwzJ%#rFYcBST&#QrP5!~u6XYlnjSLX+t*jPGCE6&(7};GhF0qsG^Z<{!bb(AiK)Z*iNM?>>HA z)XER^5@?8cXm7U{)H>^Zd=iw`DgmSr5@(YaUsA;Q0TB*orMSv39 z!m{7uH=K^#6&Aq#`$@vKa{pAC8w78lNzRkISwMMy!V{PTnRjfHq*@A;nCc<_G}X2U zbb;kl*HM;pCfo)d@hU=aU3f@zF&lKMPJz_^%Uj|yuipp0@^Y?`&_68fgF-`4_gLb0 z3;Bfpe;w8S!Mz0yFg*u8kI809|5V8m(Zy^Pk5$5?A=-9*avo<(AhqqDBKyQ^iI`I~ zc#^MN7nL&cz#Z#lG`sY7{jpy-fDYt^JoKd#wP-l8Q8(##Un?(dbsE2&aN_2IfD-NW zHfW$nrtkx?JBgAg%nxmi<&KT6mX6OVU(L$yj|K@<&{Y;9w&qi-DAnw&1?7aKX_EsO z0AScvm#(GrYM3hL=pj0-lm52~Axzl51Cr?U^bAFuZ?)#q&O8X36wdUmrO}4asV|BV zuHwHyxRg|`6N_m~7{4DZF!>r^{V~XSb7UgRBSR3`B+B9KpUz*SXGrk3&}3Lw)!7h( zy?E;RV%*`Xe>~V`<&RG769$gWaW3hx$b~)uTQjGhLX;tri14%}N7J!0a z?Xua)4~|9CL`ml{C#kRG1rp+$N@YM8KOf+~L_HaVjgY*5Q&Zf`aKP!ul}QecmqrOz zHH1dPWKkxG>3z*tdPk$Ozj#lGB9s9Tm#E1P$}{TB)iE;?JJ(254gMPGXC>bk{DK1%5SznF=B+xM<{$`O%guCwGJJrf-%%t6eVNWNih zT#8IngrIkZ^K?^Vl%b@K-dwxjF2X8#qMH;T$|hXO;INfJdzO1-)phB1Q*OZ@h;?Q) zD&rm#epGH@Mfk$61Iv#wH@r$YQbFoQ>nL$0urt#u5^*luDI2GsxJVMV$yY#xRk+3Y z!g}$a6Iz}K5l?4Hh!dm;yNJ5x#$;q*?9&7&4Ujf*WIPw^(1G;{#YVwnBRU=~8j2%- znax;{xHaP5SzM>wC@eVx%ZYYZB4ntL%jGBU+_Q?o9?JZzCvi!aKe=F>xv)UoROmjn z8-90Eh4Weh#Jr(U8`4@*d>eDuBjQN}$hGW6&{ss2V3}F}V5*iK|D7H_IpNAF@`ch} z0R*L+p=)T6?vU>8l9Hi8KpN@p?hgI#dA{d)*Y6M4a_K#HoU`|}uYK)(&gs#eXouBi z!RgR!M083s%U{1vSC+jA&^775`y6*-y2rSyj(Lg~p=xvsOwr%u{|8si=*r_Qv56Z( zFL`?^A`~fHRbVMAgw%AF>Leqfc~O*qTBebWR=Q&9*Yk+E!jsaYUng?)^Irc+wxQHQ z9w7RugTg=PtJ|Pmf>JW@8cdzVH#5ypN*Z&_-2)f@g7=W9;5*$cn(s`p9IRg5XeXTb{bLFR%x-^~o zqc!Ud_|I*+RHcK|5PQ8mBRKH2toPX2#nD;uR)5kqTy=CbOsFK0w5}+KuHfTRcjd)5Rc~Tm=8 z-^XmV^=cz3ETy}W_up_}3*GRW^C*OgqR^OKrlQvlrTy~Y@T8X!*9isN{ zjwL3LL0QHL(mq1$n5yGDwXOQVJ`9A@)GF1BkI>K>Dt2d7SY zr4lh> zF;Ir9rnWmt+wH9u=#$MTtl$Uv1K{d*Yt9aTRwv z5SnVovn&+jVS+WD$mWw6t~5Hve#jtY(7>f&m7cnY0q860!vYlo7s0W7kXMG zS9$4w4LcRAT>Q5b+>uDq)Ca5^O5wL?>t$BGK8h|*X?#tul$$A=1e5k;RCzb#;9}*e zgscLC)GT^9aUaq@4Dvo*;iaV}yt?s%)Va<4%NAj#d#6|?zLlvXgw^z!k`zgTd%me{ zbU1N}%opW8Kf+udt_m*k1+CFF`_CjLBm_PSQK-N3GC6wO7)kC}MhE3PT|1KAB|L+I zGYub`GmTY|EwX?!ikTT>(bP=Tr^J_N^0MzzA?nTsyj=W*$2#Bt|7J?Nh`sQFih~Gz zl%!i8mb)*4j6CfV^Rf{N47m?~_7!CH4e&WlLQhy}HO~jCZl|NKbuPIB_W6~X#anP8 zZ4yWD0}h9F*MCWy_^?2XtBeN6W*Udzh^i3fK=l7#(^tN=r5Qx7_0`2!s6usvW?-_W z8C!rT=;I}=-XDUO#hSqYqK16!DW4A^!|$TN27MUC|E{GOG@j83pC5vdxwn$tiOhIVT2xe}MMcYuQ1uiiE;a@gU&2^vp6FITz z6b2^%$TR2dPd;H`b1A;%@DIwGD`S*kHQb(4`=-nUH6y?z-``s+sbVa0qk z!(_=kJO0@OWQ3*iQZL@ysZ4YCu5!Ti&Y!5ory+P=jT>rd*C2(4BQRkN-~Of@!Zd8= zgal&?7mRu7K$hC-^LKxHRTTwymtme@FA4(XyZA+^uPL(8!OHu_>*Wiuv!qsT^;*{$1Ht z69rD-EF4viC(gAjQ*dxe&%)#VTyQO3*C6V!#O1B#99-oCmi~o{-FVu|4E1`}^3B48 z$ZV%xo<+-laAs9&9wjNvVy}*ehMmn5(KY>F1~l{0w@0V^vSYmCM{!3GnuJB#gwO{y zLp(F_hFTSNECrPG3Z1v2PxWDzXQ)}7eom0?W~RB5MK6{9-{^V}64fEnB)G!!Os{is z(Vg_6-;K{uMN3kckkWrB=Yfng(Uy~WPZm7k*@F|-<23E-2Nl_|7}MQ++}y81rD*D3 zeOgIxl`Z)yj`D|o$1ly5=;}IZ9gM@VcQ7$bIZ{| zi$Ch?{*#*57UGk41v{vTY2#deyj{{Xhde1bD*_5S*GZ22O7Ry=`Cz@64KWIHt3X`> zlFDM^kWC+*D=Ukj0_nI>4-QCBz?LWd*F=92hz3PsPppS8G;*Whp=S1zl6NRdix*uJ zujDeawQ6f0I0ltu1qo^0yHbH&j*g4sCOfP;Uk{hOu(uH6q`{@53Siao{j_?n*OJ5-gFQ|k=gPd|dg(}TA?&42hsktP57V$q`% zsu(WnB3;(7@r%>pA^9FP-Jo}l&`JZJ-m)o>tmNw;extpk8Hv_`tIo#9;Uvv^p@eId z@k1J-gNLsiSrO#umUs1sFwrnFF*(l$t|Mij2j|~`l-z$Nx1Gp~e+`Q|Z&y=cE_E9F z3ldue*${FUL~Jtdt{6OKkELTZVK$ClQQoaL6cRS+`T^@1TY-|Q)4#Xn*#%u4rC8QB zKL}qFT$rrrI8Wq}zG*Sr(2UZ?KptA2$wx0&%w=0qjh!&h;>-IJ+>1HJtD6tzzdLOF zbgi5wE^l(Bx|6Wrlm00@h+vY`K=aw@HJ6uTtN>O0FO! z0+2^Doh3(L!+_+RGj;Pd|8zpajS2gM9Gb#U4m@VKbICv{gykDT>1~Vuzn<1jA4c=- zm;%+z`dgUJ5R@XQsUTamL2pBd4DxbwDEkLHan`lll-YzoJ@&Ixq(XSmNaBcs48-cE z5pz(Te{E8&xZ<)r%1K2eO@sKyd4)t042y_X6PP8s|2EwN#&d=3bWbpSFuC}KV{U+b z&~&aFwtaiwsMXKNChmvt1Fc$knp8?dV>M`s5Jv+cgHG=P5l*Ie{R4O{Sro=yEfd^4 zbppFoYx0lUHf;-b0j6AzFafVxzYi#O{B>EHqs_hoM|jd%3Z(>2WWMMpm@M4IZ(p0q z`g_Jaju=vY7O0j6xrR!ohmYWvk8pCywBkiv6ON)_Hd-$K>M|iB?i0R}l`Z zrn^tab9Lwi1qCcQvZE=65dnAcaWeUiS;9k2?y(+Y7H8;@Ws85=^-i!^MkR0BHZPzL zYVm06+mQXN>|V7_7&KA%Sg+Yp@<=b?wt-8WP-!Br@{Q}yrR@bj?3zp?I5ESZfH_po zkedw~zR{Ui zz4^bIUM9mXyyMdX^)&mXDp3=v_K$bpQ{!#^1a85*<50;OEIW3rdpVzr8q!BaS$xuW z%=*#r2WXekFUzy$Y?-#!DkGPe;__O#b@2O=zK?B1`18v9t*@^1wU_jEk1WmjS7pq;bWi%3w=U2)e?bm}fCoH2`hDtO1jHOruFJV1xsPdKN|@8gSBWJ5tWB`ue@I4)7H zmE_R3bEG%Um13P&RHqt;=4U#m@bdEV{Ly4ms2WYyU&H;;#u2T*xpbg1X%s#_ehs6>wcLT$&gIcSy9}V>2l*^UfW*eWK1P6bL9>m5z(`gJkpzlU3;HV zq|sFJh$)aBGGPPDSIFKDiUhOY7Cu>hOMgWdlr>|~G3+|{?CM=?W;gPwZpSc_F)oGd zF?keCDBWCwKuy?`Pk3fxrOjArcmeD)9x|=v;c8jPbYFa&#RO$6zEknPmodqts#2rj z0!H-o3v!z_i*z_MIFL@+iV5NBr^>+0Ubx&@!qn_?a-cN*s6cDUz~hAThHjnS%9~*= zrT_F@1pcq@0{qG;vSF=Oh$Va}{P`+`FrY_Hr-1ye4xgSyJ$)M3;YXfvtS+*0S!I^V z3wn1NY^KOueOt^_7R%cTY!EEFB?vP)ot<@@#!m%0SiK=vDTkfJ)=~lWRbVA90uZjg zGm&0W93|gtD;)0L$TK^QgU)R4s+QAiK_WxF ze+zj?64gk+$mRMRXUBFoknqtS$;UNnsZ=QW_c{g(73as!K5_p6k7+CKVr8{3dA14O zHFzJrba_p@)HO5|E9ot)#0SUqFND=e@T*ekU=G)J(FO8?_QYO}hJDS4NA_XHr8Hor zaL}Qy>~ZfMrRvw`LMx&RCz?Mr2r<_yeU5;GF;x}BTAI|@MF$AOe}+cCt44Mtr7pxH zOCLQz!I|ul0jQEoTGoHt8K3@n`rgVr)tfrNDUspSb2GbBjiI?bT{&3l4@w7Un}gH5 zrwXLB3bY2pYw@4$kb)|GYX`VMG6GdzHb9OdKa>+^j>6mZ+VBB8zLGs`|_yhUT4&J3wcH8S+ zZ8eqj2k*uSU%s8fYc0!hiq zfFzth`z5jm+CRv+v!QwY?A(yY-uWbUNWh6zmX0LNSA6|iI9Xqbtl>f2(cqO8o6Ds} ziX5!EiI=npuSEJ^x;#4chL~|czRnJ6^8KyD*Q79FW+T30b9){ zb-#09p+09;g(jfUr(<D`#;5dyK=z%3k;IAWJQkcf z5k($Fc*Fk)zj#P+BKoD{W#-ZT47MD4dl&73HR$yPa5 zz`JEMSniLhYH2JhnRp#tlH5%(J)OCl0%UQ$u4wAp^AO47wrR8mh;yZs?`>^m9=;-B z+Rz+c3I4}$F|XBxO*?fi-SfOX5$H~Xv7MJ_LBd>mB>@=dP5$rF5i)%0ICTz_H4Bs- ztC&Ixe>Itq!p4Jz7%1t5+=zU-qLqbah2Yycls_A*x!|C4fWLbrT*o^=In#HC zL2mo8IjoWiQxZ@>ok_usjw zJc<9DmHrCsLzQd7?nnJOEn_y%@I$BzE^TgOUkFRC^6yOM#n(z6xk-U$c(V#@#=C~K z47_#x1tz(5(qQu|b9#5T=~NFr8(^`p`dxHUTC=ZOS1DM6R6(Fyx;c(R&gwhDn-wJ? z53LF<)n_wFwfrGP>&}#2INbVa+|VX<-=7iwq`(~x6VD4 zc@FJNYJVQW^Q^plxui>ew}Wi@$uw#{&G%W&FE}*65ZBAeh5-E|bQKHLSkPzeDT7s4 zn!c=QbbJ%kBu|cGz1bIzvXFlz`LF4s=St)(7DKJhNohS?m)pr^@*&%?-y~|Xq4O#) z#)Hb98m>FHaSik%S3RqKkdwihqlySXJ8l^z`?h--iw^&*88>{Pfzy1khi{KG*W<@I zT^F)k$8bmM*K>Iz%H~kQGVZV~9oY#pOhA)S-;)^NpT;Ni!j~fluib~GKC3c$vHMUG zS-l&fJK~o0&mx7fq)QLwUGt44oL&n|!<%`9XRHe1tytIcZ2M%9$RG~1yqwAZx8o)5 z`OA_4R)B}b8-Bs1m;IwAvAL%4gtUR{>GG`O99NEZ?_ z0qhP)(`!R%ZnM9M)dzI$u~o&_TD^Vd%g{^EYp5MUq(JpDlCCQ*Il1v2}>4Zr(A9VxErW{jq0--7(MVn-M{vrA+}M7wN}5`zz5< z?L44vlpto4M~auMxGi`{Vh1D&4vyp_nKst+3M|1buJ+v|UG1^Z)g2|-(^-$BPISl7 zzTAP0SS@yZ6K;p$zlJ+A59~^zN(r9opd4CMVL}9H{Kg=L-I2);g6t`HpflS#3(TKW z+kt%EMLNL2w}~2*ftg>@D}|DKIp#W;{+7})Ze3uRYtqQNpgxlW6{^LA>tZ=k*o(B8 z2O(=&bUi5z(d}%!PNSHww2mYkg?bq>?L(TQ3dv zqP9h>?BoBx$ePxo`D!A(;6rrYw-ZMuFY$D~Rn2XdsLpEt(dpr}Nt++l+R)m2STOx_ z40b_?svotjqqd2VS4*8|K>8`nfM56quo{RJFPQLQ$j?j@lLb>eDOKE( zbUEp&GNavgI?u!h>eo=u*mM>(ugZXJT4B*gh>xMo#T|_n?V8H zW>I0dOp}_4{i34^M0Q@tX{Lf#FbaP@E`phUub?irj|pC?VZi}?lH{R!WBXbKp&45J zPY)*g7Yz!{9koG1^YSgM*RKC4MCGPO61hsJs6RqdXP$T8r}3Q70xeCsXq0O_siQb| z%ZR6V>V@^=uJ!1wPgh--IU5eGebaS8|t5 zfho#JIj#$0#xc!-rjDU0iTG|(+?f><*m2vnK-nUvkoW4^WLzh;7%YyS_-SoBBr2R9 zC1XJr;@jt^Ys+9m4rEFn!&pjsHT>i{0t%U{cxktt#0pA5Y`U|^)j9*w#ck4W&F+?; z%j6nMXij}-z}HsgHi3C#E_Hu84ilx4J)iL0*sN?i88a@a_a;jvtdN0NrgYVZMI(pm z@dmK&5b&_xSTLif?D>5n)Jo}GqOEYt$>%_im~@=X_?9ivS@C`CzD;{XW`?nlFI<#t z_}PugvsTZJBNEA(Pbvf18Ahqm8zWS*dfN5T0T)0GFPy?a!J1(}e!{HaA>!ffh|jr+ z;)I|hYev3VAq)c<+_d`h&wAPFj_oK>76;3m-i>$j4fs5R987n_fu-GZBs_ex*(W9B z+UzXl`9~^NZan0f0>=k7E5VVwecEI%v+QS^j)5o@%NwO(8~4KL{}^Ipk5j%<$lkn| zDD4thP#A@}Mig-Cd)Pu6Ou>f}_mbmvZ2w`rUH@aeX+n0G2DJFYHDLWvx$OI|NE7#9#8XIDsdL@XRre`;gQjEQm{vNTt@A++qg%f+`)XZjcttu z+(DypKiHALA}ADXT7kqjRT)2sIK-px?s#}-M>~WpT=CjOy0>KZ+%G1n!IFLuW}KM> zRXVay2zF89z#7qf$mAZ>HaAO=0*!}pvE4e{Bw)!qrW`@&iDmJ}>jo%XiR$AqtiUaD zGz+`Mbx)~9lwt#*2-koHcgv8n#k{}%rRQvHjl0^ zyH?A1iGKgYxqeV&`bH9F){^)>f$L)hl%_Gc-f;}V$)wTJ6FU((;i`N=63}Lz;bUc8 zIKXJxh6Qs;!pEE@7K&nMDyY&~{5V5O<_qOFIQ|C zik`CFwtjB&Xu97o8!uL+{h0Zl#OLY2K%Ml3W}n{|X2mIxvtpH=)vUQb3Og~LtWc+f z_PBVC?NUqAcB<7_6VwRt3uTe3Pioc7S6^ce6CTKq-+=p-fm6X1zcg@t!kN7=aklSK zCSdGHUgN018c`(?a$*`0xzPi4%ozAY?qqr@Ej@@1+w->$|5iHPsW_-pDS|G8}oL zc{rkEREqngLOgwHr=RGfiK*$=o)EmXQDvb$x`gE9Z^OwbX>2BW>S?+V$l$RwdmZ2H zM|pg?m9^^(`~Gj58TKSA={#Xmb^}lEnFFGRUS9LcxbB3`Q_MTk-2RlJiIr-S)5uOg z7HM+@Q_2rrZY+=Dsp?(jqHVWakd&jaxv+9@^mC8C4`^{dKn7L*JeM!muA$jF3`6eI z^>^HJ+?`d)lHUivG10#_X7hS2cllY!^*BQKxCsUH&TNEy(P46o!)np zC|;KShMp#IFcAvoHv%qzo>2Md3fmiJ2$Fag6 zNxu#Ee3Nj#7}!^7tZJtfDH!^E0&^M^`Zi#uaiBz@$;Dk_GcMu##`Dld3Yn|56S1|v zZ7KpbZdvz5!RdfM9EX=`lzjyT6fnZKqPMFkcGN{+S$(gwUM40c5GWnmM{@i3;iSf4 zOaA&opq9-IJ9)T2;{)9N5`3dmhr&iu4n1_1mczypw7#PKn*qq!+VcOR=DQ^?r1PKH zhV9BUE8bbpzN@!cAZ)PwBLN0udjGvMTXf&aSWm_BZI+_J`^ygM6!cw@O}F%ot8esD zV}fUgEu<01UB)Ue9>88dPbYXaELxb4-w?j&>0eVcAvn?I*uz1TY+to=Pt!d2*H+zK zi!U^)Y|2s6l7(YVK&wzbPI4nNnsx}5pH_uGv9CVKEm21X39tp9zk5#oHE}G=BiMX^ zf8M<_)`0wbPwd-EVKiLIh`&z{D4_WUt8ePcBCnO-pGgHBxf86)kYTMnnu~jyq#NnC zy7byKE@?9FY<2}yF?^-?n?(9%*qix$a3w9O|q zmdHdYkC>`#O5LP7S(LU^@KTlUdC?vtxXs*3GgT6_`=^YE9YCs2Ri8!nxNGa`RNFk9 zd2APnC4*mdrt(^yE;^2WnXk71SLH=zZDPoKN|vgfMy7o#JmeOF*fU!wI~KSAeKNH% z_1l}|OurL@Cd^{`KC{+r`?^_T@#yQ$FE%22#PAv)>{3(g{@fPK)#~Wzn6JP^fSU%) z)tPM+WqGUJ)M&!lc}-_JFb$$#lSWvP6ahOv0KNg9SiR!?P&2<&AB{F#y2E7#(_n%BwgjlFMB?AOEJ$O}B*uS^0-Z7X~GE!aoCGxI0~;J28s& z{5c}Dj`!J+?BCg|#;hfB__j_Tc>j#*@tMXROT3)&Spms;p-zpt!CgNcK{Di~;Q6E0$+5X`FzFDw zcQwBvDtUtD!O?b!Z#h#*ktExi$d6CmImbG5pFk(mp z1cbV1vA@L3>U8pixg4uW)=Dv*ti!yhOU<=z6%%iO?&M+nhPnuOqICN%pm|;O^XI6& z$s(h(_1;-HOqh`4vvujE3mXaQN=Tpxa>0qi6{yRc2PI_t zhio+E8Vsq!9~JAJP} zOBi^ap&~r~c&QaJ9Bx~QS|2xSoMce{v9qyZ&uHl#*{~OGXV=i~WM?$KhcN%&ln#eqMq7py0%DpiLzTEOBx7=q$qe(*4wR<@g3tKE|Ccn za;ys5&cL;wz0Rb0`>-mNGKAL3>qd}$d644Zf6FTW)1U_I3TLM!;o-*qD`c=xhazu~ zr6}?_`R$8<{HhYRuNF`+PT175$r&lR1-ewuu>EQ)`urq^8K#4t!DEe2XeM^#G;o<% zUdyQt`eZ$PQwYHFe0sGEfRiFy07|fy?l|&crc$5N<#3kn90deeZb6chf>cleG=}$G zt^AyMUsze!>StODDf!3`%}*t$_dFei=&@;d?H*T_dag^(u>&+zB-u#HJPUK!hWVd4 zRejAX=DuX(+M>p>JSUWKe$P{3!v9JOOS^fyzVjjA?Psd74CIMfAWH>vx;=>&y~h|8`}h8VA~n7e&pY)pD2Z(| ze!oVOxdoJf+msyQU=W(N{NrD)n0>kn{8NpJjQSgKr-b$gjaNI!~HqKZAqx8e<&w zPFPs+2JRXs9yhnQzwVCZto@_%zWwqsm51466nb;mhh;m;6lHw&1qI@e5p8&WMK*RV z_Ot|0t&g0arM-#~P3alNvj1(HOK!)98!qgS%i)tIsVTBn=fX4zo@}zv>I>2bTT%)l z_}D_G$j1dzlcCsB1n(9bIbn0#uXTPx6$;r7I%?rwAm7$P9O1)vn_F8*pk<$bPXy<* zZb#=^L(rQg*E}G2eiwGF++PI3XD%r%n_R6|X7uA&-x9v~EwVrsA$_7_4t4GH=8_hq z)Fj{GIu<2c@WEuSL;`n-2@>%^MIDH{n>#z<#sSmT@8vJv8Gy|8(BJR|ywXt*0>hSt%2q%>(`QW+g^X{H zRRRgi&EkxsXeIqagei@q+E@0qwRu4;HMNDExby@bCBLP&Y-}cef0;yUad}+CMk^R5 zj92QH>5o0xyh9iS>GAZ{*8NOQz>d@=e=W>%do^`Ek-$V(oaNq4f0h+IXGp2WS@N31 zH4;uXFmw#;BA7PbfOB-#ubDWNhxX|r|_xnm)8At(`5$qaR3dQG=Kc+^2)%o;J>>rfN@_|ASH7&C4Ki? z`9NiYU;eEG_iY8nMGxwEoRV!q5R1vR+yr0J$NDC$F?1#fk2frwGpx?08U3Kn+%eC@ zPlvlU-_!LZZmg&~WJ|V+opk`SWLDRa#YFJlkA9y=ut_#gb6YVAqQkUfEf)Te*u51zEC~GL4x0jKZ(I z%&L{?X*&1`H3g})$TAPmC0Ggd$Rs>{&Haj|rs8Phn@f>Omww+-vhQule;XG}rkmpt z&pN2tSXOxFVk^eF_d5jTc$`v2G`Aa_r&WXFc(&!qzT7ylfhu&{M@QU9!I$G|@?y@+ zV^s49TJe?jxLu#D`^vMXZxo6oARjoEDXmH25M^Eab0#^F_3k^wD?e5cKZoP$0rMJD zmO%a?>U#QgfUs3`A3%uTaIaI5dI{;;$;;1l!i;z#5L&cCOZe_54?VHHUOgV+&P3r2B93=%@7gI|A) zrb)!Rf^wI12Kjaz0rTFBA51Y9|=FLki1RBZ+ z1h&2s;+PjDigmiSX7$r+%e|&2N9sf(I@ZAt>Pf(GGvFXP(wo4bT={!?cLza5pP}m8 zx4ZMg#`?vAmwDV0GXHxL;$ERK(z6E~f)Sc(91JXPn%4RR9%5>_OmbsWLeWuJTtkUi zya?7+PnAjtG7RxA8*@yKPm1q*a|;u{mbub`L5rs@n`myuO?v7rFw22#&*Oj2{_kHP zjm0`owu&P)orxV2{Y06cVeJAZdlmE!3Put3f8rKU)8s~#YwnOmF=Rn5 z)=urYBmZpCt?hv&g_*Se{#yam<|>mGi;0cAaS?$ehen~n7JQ~5-g3?+q*I?h`Zt>wonbpZ)7 zbbvlNyS|>F0@Bb0?Wgz#qz<(F{6qld>TW%OhY!Rve!EGFj}Jho8YpNl#Peh#W75*X z|CDJNoo^1f0s2RcQ9q8|v~Jbswy{=MyL#ItQeLZRDNRj6;8x#C)Qi4u{)(Ngw@}Bg z&Nc~}Je&by%H_cfF0dVoEb#iODk{Ff$`wF(LIxDJuHErGRW-FZWC@TsLU6m?i2i2e zbGMaT^m|F&3B-K$sX1YF=i#spcSLZ9oZ$8A9K^G&lo81#kRX6p9v&}7ji!oK5AWyf z+MnJTc7W=wW^fR)h>{WxpWSi}Cgy6(|rP9xb29GTY+JO88dWH}n~=oD*gXnJU2?M#P#~tb0fQvn z&j#263ObGyaP3(32NXbRpjc?M>*r{H^k-HtTs^32H}z|ch_!_F9u7Te zyZH*_2|$<6?ouoN{mn@WR4k}Pc{(3lD^PiEsIuJHHZvW?f*tp^iY#QAy_V)}of>H!RFAb#IVi3kEh+ZZosEjn+}sEraM-Bqx8UdIBvCj{(&11ar3j-^jmlameGLiuGw*f zcBwB9=UyqM@_hL40SWPmfD?ZK@?nHd2e@t~ato?etx zM!2%r69FJZDv=ZcGLD}6R^lwcCXpVe#mv`xLcu$!t;uLO`*-B$eoJr_DL?}>mHV7Tb;1Lb{r?Uu>WDV$yc$z>>@Zsh`? zbud%a4~PoyET@y!M}Re;sL*?Rw!vvJk)Kd*!XGaBJsbr` z00g|VGyqE~fX-$;SBnbFP$y%S7m&0Qh8Py28Mk;AHZ>9RuXu59k7h;Z=F*UR9@YSe zhHg1s9tt4lMp+fS3lI&c@U1%`Lbs~{l8xP>~>d-gcUmt~w!tS%(FSd(y>KK4_yK3(z zkKgHnuK=L#sx=u>lly3iQde91&VE%KNW_`+!pZooJAj8t3Nzt-s``2U+;XZI2_&$S z?pO`o=*wTp^4KrQ`6uFaYYz-W4y3`7n9o|<&6^G%vs|YR4FQgxCvD#V(C{#t1`vLu z0|i&ANGSt>B#2mJ&`v4#bomN?yN<=jU@wM{&vUZo0UZjFTLDo;yUG3y!^iKwz_UW1 zWCecvYO*VE`h8lf==ByQ0diV&KxRe68icQSdwZLw$wUz2Wtu>w!GI$nuo|c{<*4S# zklCr~x+d zg7Q5vpcqR7q%AfpD;mJ6uUmtO-$h|Uz)gYx)hgugM272f=ntEPuiL*r zEeb%3aYjeBhLShp6xhM@@%k-JAAp)cyjStfijUZyW25z)Klg}0_W>@S#e~!&`|DSpY^D-RuB%Johxv%K{iL_UJ)e9Dcc8GroF}QZHb->l8D5HuI}7 zk~o+f?TG)pmp#}PsFZ&coHgQI|bh6H1ieVwiT0w`~u6DJ5;LP$qou`=}{ zoa;F=DyO6Q*JhdSrfPj^fJs3&BKg;wcQU&HIXVm&&&NGwpXUvW`m$Bvcm`qtdurR( zBfe>*=l*r!9B|^{R9=NUnEgrsI&NRv&2qS)<90PVovRzF&;8ZGw|Hey5&-2s-X8)q zrQUoTnGI6k(cy>kAIt>?p8-wp-W@TW85xnRRX@2L?b=>r5wS~MY!4$| zC^tKsde8Z2zCjWw7mXDuQ!N5+^G1BXvI2IqL${#U+Pbj=SBi zeM1yyc;jmU$J?DMQ9l$(0>~E@dlLvCUvhUaAfBldDN!JzNk6&ci%gGwW`MK&YK^Wh z0|G?TVeODM=n4q#-G1nlA?=S_969Oa$s}Hzv9jxcA--^qSvte=ZB5}eTTd~|>;%L} zY4_;W3m_jy;PB$&qBdVOK$eODFuewr6a(R1lzFlo@h>`cg<4Tj53rq)3}`1RQ6L{v z({n&zt}&8zI-JG(M&UwC>Ao48?=10eWO!H_n3WoUY3Kn=%X~andhk6JfawANJvseF z8*K>O+WPtBqYPI^4PJkL5Oh!Q@=0MmMyn3<*BOd}@r zxWZ7e-g*un@YC{BLG@3c0@u2~2{12*lKi#hZL)HOcoYd(6MG=A^z>@(= zV03%B#>B!RPg1u3rz{T;k_FCx(Vh)3X00Y_eFnc-*ArtA7AAW*YNSGx!d_5`z8^3} zd=PNu><^nX3><|6PT&H>OAZQgFfoZEcygH*$It6|t2b-i1E{LHit%)Gp^_to+uPfK zs6be(R`5I+mnw5=rvv~=fus6KL=j_cT$V~2paUa7piJsX7kmGjZl<)kur0JqaE z6OgmP*ggSwC6ERdQhwVANgTmvv@#JLA$YWLTzC2}(@lFB@i7s!7l;MKfa<7@G0Lvr zk_|ZUcL6BP-|NQqAndi~x_V$1e+>?Hjpax}0XA8b4z^kNA-(X!28g=Rr*#5p>HvoT zhQ8?b3lew|2yQ>0t{2Lm*6$Ue4(gph5%dMY5}jxCzX4%`{>}^VafVbthC*;Fp!C#q z+J(hw{3|A*Sr~|clI@6emzh%sAd%0pu%LhMcD@Bt14qmRpnd7^MRHpUB04?mrwaek z3`{Pf(Ln7GLB`H6F2?i0ugG0yzuW@U=Infkqb~77C*^;xu(oXTxO(TbtMY>Q9SDK4 z-j8Rpuc>3>R2NSyW~<+nYE?!3=L6jR?3UVnd=MpY?RM|B-86lN0s1c&_9Klz*)`y7 z+4E#=n1981W(Q%EKy8JycX_%}pA3lPeF$P?6fHuC`~DQ9S*gd|_o==mCH_91g}&)( zT>C0;UEO^ft5CWGO}T&0Y3z1A}w5pp34I$gJn z6%B3^HY_~FZD6a}oMXaM(BTAWbiKISnBm75NqU0IjC@~co@I( z!Ca&lk?(Bqc_)ZKLHquW>q*E!>>{9~Ba#3LI%ty~$uil1Eg z_vfR}c=%oL$6gE5loJMlt%Z*L5%rG&(L?x$tY>$`%VtZuW~&)V9V-}^wRPREvlj*p?FX; z&jWORD|FmR{*?e^pi(juo8LDIBt4wpOc;2Q)5v858tkK&JU$CUyD(s{QC3#Qc%q`+ z&BxR+6Iun3Y?h3A>+c1)3TQ=WvDe-v;h&Y8d zvit1Qp5M=MYS4v)0mpBBiVC>0ih7=M;?V(89!_EkVM)A-CJ-@OgF_WLmIjL!xwVy& zsPR^wcyM)JyNX~yAnnj)sEG#4R8+QJVM9|1pyTm8B|8}4rLxYN0$*kO?f!LZ7mfVZ zfZ=EZJ4GNmGQ@h~nCKQc@so~%6S?2AiMrhWYc!c;!97KtX*<^HslejUQwoQ#}WS{t04oE)mz z&-K*p$$1NKtlhGd-)g)ieh`kFO7tn7_(4nu6&N1^mX1wAbo(PHb-;{PZ}0f?FsN&H&^c+fJ3R<9B_Y0&v*9nLI|EARQWC9-pYfnb*R%ufYn; zb2-LRL#dHxOuo1Gr{La^>PYCbOCL808x^yG=s>MFRj5kXl+8 z&LMSWb!E9K-{tGsb7=LwLe@`+<8V0p^^rf`03{gySyA3@;7LkE*}&)9iErj{l=uUYyg^4>@P(Nb?Gxv}h>9gK_I2HjE(0fP!PCor#?eH;NGtZ#5+yx9`Y^ z4Jw};F;tR6|B%07ym&aNQ$ZQ11owdI`@JIm37u&x50>?x_f>W9hplhx>gJnKJyc(^>9wMTzNA^Z%$m8%i5Lx+hBZOh@g|mu#QE9Vs8{`&y zV2r3Zd(J58<*Omtv!DrmFg{1Vztgk+XC41YnzV?Rm`P(JS?9AnW^ zy|XhR)yvA(M&;43g_s64{ilx8NBgM;IDQuFz5Vn?TAtndtmj5-pH5pwzBQNN7kJp! z3R7BOl2TA0qlL4xGoYSI51A4%?uehSq`u7~FZV?L=B0b7&ww9^`oF2C6VO)8i4L`a zcq<77OIkdtSRp{ybCi9X?$Wre_d%T#mfIcW0v3<#iMejiDMq`pWmo8fK?CoY<(GWP zof2|h#8s*yNEYYqI+In;VH&d;^d>^%p`}%l(Y(%!nzsP}!4EvyX4z}g3SbpU9qOBD zHR0U%E`xIE$9)qDimAbdcX&i@V^-pC3)!&qSPv#X1t4J*@?jR?D}xWdn6-`^#YaU+ zvhM*ev##O+v)nv|5Af|jHi+OH94$iSkm8wBGOO>dIbOCZ2ZD*UE{6NsuOxRo7FE(z zz8ENjn8t~n0!Jt*HI*-T9y})_sbg+kS9kGyL}hn2HEDyA-V9)pfm^NWOH_mepOvfH zxoVQ5U}2}lHyPlG*oGN6w^FFE8wZM!)6jvEP~)VJ-P)5~e&S#!TlUqHAx7;!WQ;?{ zas>HlM(lfYQvmFJa2%?DdnDouNS~e5@Bi+Ar^=jb(u=N!P$9aC83-X(DJ z6TLw^eJuv|qC!FeEh)u5|peyjv9L zFo2Wu<=zt&bY>up`?&VIPxMU40e*dWpIYc5hDW2kuR3Isa0wW8)U01a)*_E3InwBk zeb51_K_)$zUiorT<^=Xm&7g1gkU569ILRePoq2~jlT)2ZR5zD`Ae56QPqI?(1sQs; zi>hf~D*!isout?Yi*Lv%OdedIu|$9yA}V!x%^6K*GOTogRxVv#@etO{<>gbrn^Qks za(q4K2*E0-{0qisBE#(A3-fQVgB-Uqoi0!O!?=5yJ-ab_1#ht{+|E}-#Hf$)vNC+~g^%Bk z#i#u_UTXTer2Um`2>TwLo}{2{>(#zNoACqzO6n7#XwAZ;X;It>h9G8i!eaJbE}5#A zDTIf<5p(gGEPZxJYN~>1934~Ok4du!83IPDs~nx-{{Aj}CsEQ42nh#1?_KWsD(#DU z9nVK#M}_<|`Eg%E4^Fe{<`iIjP0_|IghnwoXJDVlfg9V}^E&5kdP+tJETsgYI z+lH+`8bs~D=Vw9zQids+01r^tB~0vIg6CBI-jF&2 zgTCfp@7)r;tc$TZo#3;CO-i{*&yQ%XCk8*2ZC9y*H3+fXh-?EPxG_O!Xz#5AMIVaV z#*C(|46u%YbRzZ2DL9XaxB~_(1L)>h7vu`giFs<-E)l}bUBKBtD$l6W7*mEPBGk}2#IRfD3&qlGKLk%+(41i!L{swpK zH2+7T71;i`B;GLIsvNEKiFD$tc+U%zb>^jAtq@t{okE*QescCP`ZoIvO81O6vWK7N}(TtfbmaTxj3W4_=H@J*)}`FxN2LMlckLuc-J zCBZaK7GB)%6Hl+DHQA#gtR1z$-^IEyHG<3420xKsj6h8?RiGX@fH>~QKi2?aDnD|= zV2})`MnE9Q8d-uE)z}}}eVv%-ty219h8TuB&WHB<6;#B2z~3X#CJ7r!7(T;ia)w9q z{*pcfZ`9q$$jGC<4iXh*i$v3@T9)=&aDnw&R;Zx^crWM1$1<3|M3X15$-uq)Fn77O0~;=P_jn8Acmg&Unus>I!x zzkeBg(;U;UOlk*3T5&liDs(jDsP5ybWw9K-xrJv;Ps%b?DvHNt>E+c=@87S@pL!y9 z?b0OyqM?O|7O!2!Z6o$=esc=TkB8^HAOJDtiOR3c_p`mjZvKsU-s$-d!uxy*$CpL0 zU(TmKRvHbD?nr2F&ucJ2L5)N9K=3%5Vo~pv#w00qU)}!D)PxV5pB)PPSjs>v726Pn1xKr;XAV*xb!K z%i}pgiOSr0kHQX}X8YQvWMz7s=EKS%@)&=?L6Rr!NM$B*pf?Oeo0Vav-u}0@Yp|op zc@hsmN@3vx+a-0|$M=lxMn$pLy*LG605}i5jfwIxih(>|Y{#MqFe^^d7TOjvjzXnB z63jX$ zI*jlZb@6VLA52RM8xrG!wFT73a0%s=$OR81tvOuBI)Z^O$PfimV1uG|eVfehjFeO0 z*jV_`i4R%d-*qx}6Rnf1$1FpBVA0Ge5cwEiS&%+4|F(tSJsZ_~m*ox&P_jdwwUFq3 z@0ucA=}Cc~MokGARkgF59P1-NZtd_i!P!NZc%S_YE0I{%3W|!>U~1d*$*?Xc=;T85r`+e@AqrJ=`@{qOprx|yflxYQ6I*DN-8ed9^u$6yVnW(_{7o~9hc zv=xX_v;z$4JZ{eO^HsDXT_s!g=wz0|eh@LOUvJ-+jp)nvz7#m>aEia%SdjTki1#(r!5@HGRm)RNZ3V6JcC{lGI2$f;#!WzP<)hhsJ)@|VsBW$yPeRzdJlrn$jC@|p;N0DXr8af8i-7eLtIsQI{WBX zQcG=4PUux!rj8OQUwyVe#Wf3BFt{8cuv2%NJdXT{!ZDeIaM6cCSV3}VvyYtmeIY+x zpB0g+%D*BHlH>41`I_xLL-C=C`QpC0b+w@${&gWeMIe8Ba~mEkW)h?fQ9VKXY_;U( znXGqUWP1P%HJ{{m8?C<2EL|Skw!9;Z#ODE`U9qEBg9N|zkJXq{XmtBY8_x$LmUku=ZpKScy_pa zIYFe=SN7duP&hw6I>-#LtoggFx8730LMy=wob>z$lNHwbCy(NCdik2qG5+M6cu3ik zcHdb2xAK5@J; z6XwV)YwxqT#kYI67e3RwF$uMrKV_3vAUd>#-*1qsSP>Q#J-KkTyVOfb8lIAx8&OB5 z^wTB&+Kok7NbKnhu^fYW1foir{cN;o=t9Am&2VmC5MIDZ~d#V!Q@y9b+(0# zqoI%j!v`Kp3D#MLME7RRghHx*$6=SM;e3F^G=`EYTlScN~Kr zmL8@OE>ashh5A|LBL)mS5~nyW-S~sn`-{lW+21IC5#^f?d4pA8&Wk0&?ZCi*dp=+1 zm0ah+lddP|a<1$#r@9(ZxVU~kYj?nwRd7$c%*|wK^=PRt8SRaxV4|)(y5TO%rDm~(mv#2SDAsT26PUky+ zhUu$CMNIz7v9YnI>MsMJZg&uoUJG8H-e-K)Kgrqy9w$_2ou<6P{=r!v3*uOrBfKml z@($yc5c+?&r#J~} zP5Uk#w=jVMzR91jqicQ3VYkt?yj@SO&f~YXC{>}Cz~CJrzUHAv)-yLvTXvNfZz*{| z4MxNdj}~<6#QjllVwm^wI+!8rl0z^>bI$#xwb}3PO<#Q(6GZih(&Ev>hg@Uqp-YLT z@xzxj20U{$J1+)c9!QNPgTC6}RUi-enJc|ty?zIV>7G;R#Y>mSi0&~vvTpo-SQ{9Y z%G6u<6|WDljrve6>D>6Wz%uPLo(}51PdY-C@0)LX#K4hN>ay>E(h(wVepT@4!I&q% z)Pc@?u-5g9)?We`qdGeMl&IhO5)b!97C7wGTr2yr5C-Ty+vs(Iy zpn=~znby#^AnKQTf54=;;jNcFkRH+&cU_prq_E2T#v(UG%mLe&=@C(`C5)YcT<i2L?=g%Kf%KSe~S%bh^ijbIIz^1m}1KVUo6eh-mtN=NFG#U-nn;?bV;! zX04_fJ2q3=5So%R_(*1Ku;qFFe*b)R4K=fE=J6t*Lisx9>#WNABS#(i<;gVu2DpfL z#Xdvf1ToHEYYE(dEnQoK$XQ6~JQODSTw7OH@Bp*R7Q7N7Am7nJLobcCl;TMGI)w+) z=0?_jX7RAU;LZkeje?v@iqx2sh|+$M`HuXj)f}Cyn4$sg1<$#X{R$40Exa4=F3P!i zPEAck%9()6lC{V_p!TX4=c?TP*(wbRfVaRJKzX z=b%>xn(?G{XvyU6+q)OqPDgH%31G)0AVv~Al4=VnZ{Bc&B37dsvf$mMdW+gLVb2WK zoz=HEJZwL6Xb?c43Xt+Bt8$*A-}Q5ix_d2tl_0DJ66Jc-t$wO>iklHF*ISMsejiI- zaJ=KLf}Ne+re->?aH>Q>ic2Exj~yF6g9jC+-bSS+8pA%$x>HX3@r#_TGOngWO=;&j zj3IgELS(yF!p@RrSbI(U0O)k)xfXEtkuM8`71Dn&+;3UHF*yCR^V5L=|MU#!@AyCt zCvx=i0R?6=Qovu9AK?3E_2XtSTx{m4-;;#B+aRoC?n%6>Q>7YKe3c-*kanh83 zE6xg7IByv_U2I}xz-cjYdi6X?7!cj1vdaLff&)&gEXr4vM(Y-p}1{ulsb zeSWufbA}(FMXqAr(W5l8;n^j)f^3|eW@y{Gh;|W7ivL3N`pdD7v?Owv`ZShe;Ol$Q z`ulw^HV-uzb*FGntv}Lfrqum<@iv{m3Qy?KLnJpy}?Vc1y06VFnvpzuc}xi#7uT|;%}jh zTQ@zzKF<}NWzFt}>X4u6F$AnS|C&sXFA|ytbs(U7+G67TWwHw7K*F*VrjP-MuB>Eo z`WF9CY|-%h-R70G4=p6PjmpN_n{Dz4x?C>35)I3;j&A^A=OQ`Svp}mrh%=vRyG0 zw%!r;iaSn8#QObuca1=!FKbt?5pbW~RyQan+ipw4H-${Nvx8e>)YTJIuju+rXIdqQ@9_)G>eJb0ma_>&++5KWF~ z4&(SubyUNb@Ej(U^ob#*O5!ajP9OU;wOUHnzPBlAJLhF$QsTes{C4jxk zi-8okpI@^3EWPexxqtp(d=%k*LFPIRrQN5ZAjZp5uf+>^3gGy;5b=`5&Dd%(%zE6v z0Z)axs@%^XKlnF{VRL(Md2-X?h)-_I$BK>pTQy!qO=%2yJMQ_*_d?|b4|lMVm)yzZ zFb~ZMLym-0sMNS0+rhc|fs^G^dq>;Puq3dCeLfUFJjw9Bz?vfsmL@GigJLw+;jCXB z&E5D-YmGKmlrm)}wzDc^e6}wEv%HO!7xU3}!t4@N5|Ai! zJ*oOv_LFK;PeRMs=X+wlsnNGBZ@oX1A!}fGO5+-b-8PFaLf6b>EI}-n=wLfL?SHv!4EGUnbzP3T!ch#$s;59b2-J5!7{5v=Cf7++8>6F=`YMxEnI-N0 z>Oh)tN3|!s!>14N29$NK-=w~q+BzUiuQ`+Y;9>^xu86peAN+lllSMLH&T=9XjN5sE z=aPA0GA4!2_af_>>dTyVkx9Vb3uy33pXlRNtXf9AeTbe&@Edp^zFA419T~rpOnoNudRCr{ zCytu5zJeAWHS?OEanzJSgqPPVXV{=H;hdgnvdmB704VcbZiM+Fb@!$E0tTDn#bQ%$ z{=F5P{WXj|MnZ*ka+>=SJ{xV+%ErK(drp-lg|IY)xvM-rMGPw-EQx@M7AX(%OitB` zdRtUa_+F{b-@?O&h2xP+`kUYB&gwxuZ{lK`ae7uE#l1aOnstTc%=hZJ({9U)HTAM4 z9peo3r!6~a%#<69LIldJpLKZgoLN^>)NxdtCwjVD-B)*Zkhtl`8hUPRq5tei)rme>WbBw|PO8=HlN2A2QMm{|Yo;KDUJ55sJgb$1S1^9_cWNlS-n znYbQgjP_*mceQuaNGUw=RK)ef4#AT;**~Xsj+HTXFIxnr?bS0JzVvu*z$_0qa{_ek z1rmQ4?<%2OiY^+BEJ~c4Xf0b|C&pe-qC^4iaQ$vO;sM+e^lqDna8q%_ewzM|yGrI@ z+b5EgSq7(pR%4{UJCX6jv;N=a=iI++=afPuZ|gJWEHZHr#gRFE?xOT z(6Er%^ADoE8I+%+yh6G5(Gn>&9ETqxelpS)Nv>XrA|>V@I8f4(w3j&(n0x(iin>4h zyMui)K=@=av*DN2LC-mkvsQt$JaTlc+O(tJm0BjhstP9DN&Ix<4#nr`>qa}2J(xKa z8t1fRj+=b&a~mrjg|)g~s{eLs>BUmXzS+UXk>E3-ij-b+vL;?L>;jtcx6zZ5eO6bn zN=K4V&;JQr#M({vzRWT>jb3x`ZY(0k)_S=`8;qB`_O|h#9WOK+>Iyi9Kj~+s%k<(* z{w3l(xBYHA`=l3%k|9X9BQqkzN~WWMsoo|lrrv5}@>{j2&o*rrb~jho5Wb8r->w zuUuq4Za5D_3q?WKwP))YtQ;S?@~nQ^t4lH+M506qHJj+E=v#4F{8-q32pft>Jc@lb z4;=AL6lycftQIH}?ls$dmL{c$RTY}lV-|^_VR^TInZ-qqYPXFZ9$((BV-YF4LnWY3 zo4@179quZ%tu~Bro2P&OqPC`!o7=1(vzyY<&>`K{=|jwfL}L4tZp*!zQ`Tl8wcbb1 z7pCn0gJh^xCS(_Q8=J!^lGxXCo1S=Q3mi;*xx`?Y$M_kxbJ7OiOgCu=$?g}vsA10S z^zukQDn<=iw6Nk$7#0XLq?f~#PiSNk0Yg!VZH}y9JS-SKM(YUdb@f}J14a{2i#+0H zH4H?42dP&Dc`zJ;Fq{w3G#)~#LZN=tx>lj_FEg()9(Aj@3+nECg+C2+jTJx0?Pl-8 zw-duOK6CEs%Ay&%yE_(peamDx6t>^jc@L%3AStj|{zL2Az4xWjkPxSo)4O+{4!2{T zXH`^uSFcj%;QHWF1D)O^u_$u=@f+dtI`H(fs9!|3jjF?{9|KM6ctDs*xa@}wtY=KR zsII@hwqo}<>N~UQ3o}tEKD9*E%kd3D^fj%v--dMD^vW&h+jdx{5X%qz-y(!_L5_z4d|F?p*TRDA0D z)wRLczf7d31>#6Hg#-O*U@@( z*@~SpJFW}yn`3vjg~DK%0z6C#7ujn-tgJ*fhF9nY(O>cCs_qEv{LB2a6jo%S;wufM zfrsxS6FK}Txt@QWi1&}UPH~$A%YMXv=PuGzY)t%HB-YrGcbOUWhrPWS2r~8JA^msZ z9(JR$@SCYQX>Kkudw9B?&K%~%Dv(c{a^EptlT4RGEGfregJU79o|mU}i#77lhbxfH za(8{}Ev4i0tde{}S|(1Rnm;x3q@la4YY3>Utjv9P{i1z->81+y`4||cxZ4Zt@1VPF zf_?M|e9^?ihu@4)@B1Y^3Tl3ot~Vc@${!EsqmlMtUHWLGiH>@bYZuS2nzLC34NU+f zsnQ~Xg5?-l->fK~5wF#LKDyK0LOJGoumjik=}c$y*Z+J*cRXjcB1;xbwk!Bs_g3B@ z5h}8VhD?BP+@EMq_@Bj=&FAS}R^|ZbiKzzpchEY+Fl7;%iewhFFb|Wg8KNh$*cuga zZ+!%U$||@1t)*J*zCA9m+f3;#hR}D_9^>a!(x7wcl%#t z|MWXRMCpPPue+>WB+}i>HsjmECzx8U^u3?0XI*Syk@MgMD2>E-oDH?^;>C-m2&%fn zff31c@?c~CQ;*E4GS9z%ST5orI{)qTu?S{0K3275A;6T!2NZ9sXVTpNF2?(74OS7| zZQe+NbR>7GdP+@Ums?`7v%pMx@7VpwdnuuVUKh8}oCjkP8SjiI>NKU@LWkXz5Zdcs zRu?Za8H)6Qt$EQfn75@=Se=OhbL~6gxq@|u0-2MCaca3HNtfar+uD!Z*&z?P&_5kG_)5l}*#*E4R(n3N{%3mCm$|c6c-qp^Z zk6G_3d9W3o_`?69LdDQIYBT%H>CWXXKp6ts9?5^to>9N$afe= zH1KBEa{7gBB6>AV2DM(Fa5lIXE)lC$m*><8ysz+S)RD2+9C*Y(omnsSshv~Im^(Wd2~JZuR+7cG`w4ek-Lm8Z`x6mKvH9;hd}A93gN|K& zWEarcy(v3hHMM?g`E9@0Cp0veZSoaraQ^S^gLj(R`*)Z5mvu_pcD<3tw7ylSNI}M= zC^ZGPjDJ3Wr_`GjIF}v`oBW)5$R~dh5F7dRjbx%pPEO8!=)rb)N0{Am*BguOloH2J zn2bouwk-j#0t>Sy0WDqK2hIDklUwnK5f>D((f+fABh7}bE`+*3<7I9-UgbmC`!8HK zwz|9Y5!axS2;(KskKtlBd)03wOZl-{>^8qys2IFxU+>qqnaxQtR3L6A7mZp&eenan z@`?p6Ev^!&KrJc{k>Pjke5zaQhsQGqg06hAGA&)SLHnZjSwS7}P~5TbnxyLxHaH(u zMa-tIBf7V@%8;D^M;#p{0GuLL=4%x7BIM%UOY^$E1ux|~1X@W> z6xt8BbmDF6_no{ScMbQlZZr(s%jrPJOL1;N&b;nk?)mcoy`W3X3>qFRkKC8DCJ$*p&X1pm)WBxVH-Hka3$P5#MM1Hjt z_|RF#UdX^_Sm^kJ%2o7r`;L8s-|s-A(0zVEIYYWLQ86H#<&X61j;p^s;`qNkW_)4* zQfw&f&8q~M=vgA1QEQI@mZSSHQ(U5$Z7YXp`?>+l<*}=;>Z5PWh|#Vxoy@>mY$I-+go2q zGn)c^1cZg!=B0{-#FAZ922~q)v+r%byz4_<9SL)z&wRb~xje)}XKooT8~Qz(puvMM zTR-WE{<*WpC{pXEBmAiI$YWJ?v$L_?EG@C#*m-3JMyk|b!`27dM;mrz&6$?bmh9w< zIP6|xZGgJ z$0%KY{j~^H$(qcuk26?qC8WvH98&Oa=Ge_k3diFRhE^3l_e>`=>+t;-#wqj7rSZF5 zx)(j|iqkRq8fVLwk~+#~hdR0`$I-c}_P)Ba%6RKcLubPZtPNFj)5EQIvQ9=mRZC6X zT7Rj?tY=|67_jq?W{bN|BQgz>_THi8c4vdxJ08qfspxBwkT&?mW~wXN^oMA{)5o~_ z9#P?+XVYKDgJvu{SLy?}NW!v}t8`IwK&YCY|JSSlQTJu7v5d-?pww*__{>c`dbzZ= zWp6EVf&N?RPYuxeHCsOSZ*9q(%V4r3#+FDL-IPD7hNh8s?{0{e97hHNbljgY{?=%ka}*iszDqcGM?MWghnXHFvBY> zgS?Kj-E_YlkKS+j_G$f7yllk`g}rxGQ||A@@g)QlckbG?%e+%ZC+!=~M&%q?ub|d; zecB2)m-UzZC-KiU7l9Uf%QR(1UxqI&kQ`1zMawgI$!&g~oERr0lIJK~dXX*<*XU)N z+DqDX=(;Sy;@}9kVUYYHXtL8b;#;>AXomgxc>59K&n~5Ai7WEyF!k72F!FjDt8aci zpmJ*YC0Yf`?E*RL=0xH3Z7CZFmSn26rXX>Frm3RK=X7*9m=OBlTb0b9xH}d{>vKlQ zcxR&5Sw_36cEH5P6gMjtf%YHqX>#!Y3hkp`v@wQl>HiktU|>kjy3+6t^lM<5+cL** zrQ&rWY_V6=o|+o_PdaTp1GC8%}G0F2|Iz6#d z>pHBo&i&TBl@uVGS<9-OVEkt%>IG-LCE3A&d7JG|V0MA&Ns*rIbBn}1@->y%6Cq_D zeM3nRCOiABvEac0+s$atm)kYD4{Tf-0rSUT;`UME9kH(pCk}<_fn`21ugR8qJ)(uX z?Q#(^;B4xr5SY#L*jET8(`qb@KlIsac_W@LGhU$L+}YUJ+~pgLG+Xwl_N|SV^;%w3 z4f}7ip55;}bNvA$VfxcfD_#*|96xjRa`Q0V&cDcMP@yUGZCaL@&e+NHIlt=NSQ+|f zmpZw%^b{<;R6klM>#FYgmTWF%Kq;#sAv{*|Qwgiw zv|eyjOCv)$EcwD^#XmELxOn~PMaws89`?iP;dL;Ra1cyEg0=2g#_P~(hLxAROM|^**&$*rVKlp1P z0ss!!5#f?EU@(|XZg}vjQb99V93NNqs{i+b;2GDPFCBT4kKqsn@$!c+S zG_vbESc%jI5-yU1^5h_FUp(}fE%5*>Xb3h+;Xf%UIDxn)yD*Nwx*v9)M5+!i?R| zuYbbTF${4kHu>Pz8HVIJ1Ol#$|H38!Q3_L_2=XjhzZQexm(1y8K8q}G7aVK`1bje! zijJI5lC{cRp9V1tSJAl1nj~HQMc^GL8(}my{}>qP!SBlSh#EL=8ywwgZ2@TXYITQQ z<}kbEE9vchX0}bz`Q6hm*;#3Kcd7)IUxOva5t}=&M<|UI+ko9cAbMNrIIR4NYHGnT zf1j9pJ6=q0$kr%N=eS9GV4g&8BJxL|sMeJ}!zZ^ZnQ2M2Iv8R<9RIofkn1|G-H)n` z$j>}v|N6>sATG~D=DKS)zz5NRoGvIV^O`;Vd#37dJ{|~nxP{4WCkuaszA}QpP}}jt zXTFzi<6rK>m&u%m4Bb(-aU?wJ+@KQDBqUZnwVU@OUQiPg@6QmC?I^kn3!&n0pP6$E_u~|tB!)ZrGdf3 z*N`ofg}s4WA|eDkE~dc&xsgntV5+pw|9KRa@@jB*o`kcwoQ&&8Ir&5HdV~q?UEI^r zkPUSN>sPJb{Hfc6MF^%%YMvvJVNH& ze9G0(MtdmzV28sR)R7oAYnp`982t>rX1==5d_5;&(U_RJ&8M`~)ny5X_0z;<#9x^R zpXn;XjI^@~w2H9ZkUrsnGJWG;x}12$&Dn08{Tjn+8Q8To z0j=U6frb?X;43BotB9IMRvbY+xdAmG2@51hoRR!k2!s4vshV9I^Y=UUy%j%Q2$B_B z5GrwCo_oyMk(?m>rbl7tCOcXIi}E%XlrCF;VwzP`)1A8l8z*Xl3x=KE7av6b*~;O{ zV!}gygk;hXCDnNeKfx{p8vU6{>?WtvbMWYsKSMlacG0FIZt^d}z7V=(hH zVwY?)g68DfJl0GILqIGsGm`-aR1v1Cs$2Jnw*Z?Njz?U5{w=WwSAv~DqLH%I6|$q9 zWR4Mzd}-gk4WWy5CI^vCBvx^ux8Gn37QgUzZLE7=F#7vje2?2?ivY4Gxmyq|{j~)zDsKX1UCA=-<0;8%RVl>5oG$=f2&Rq@5hi+Rg&+}dj#}zBA$X@cmOxK(|Uw_P^a_$ z@RMP{gG4{bWqXgHKS)=yuB7AIaF&o>Sj_4VgFFr+W6RP)S*(FObQn4;iIbC1FnJ^i zm4Had9Z&=*p!x`DkEfR{Uh(wf<7B1OK-8;#7vCZZtv_PY$qCl3qifV5F+NAOlnABh zm}@2s#IEB*k;q(<*YB3BEx0u`cX)V8Mb|&y9NxWo6UX65Yx$um>Yl^04RCqhfr*-v zILAS5Xd%r=LfLTVl>-loU;Q&MaX80DT9o0dp1O?f5&tH6!TywT!--!e{ z+3C=61lT>{b<_pyCt5ksS|aWwac5(|jyZCGrW;*2a96xL6_x^Ul0@?hbB)75FJQ&g zza=C>HX^a+&CT>9q@v|X`=TEl;1fB?%NG9Q`tfkzhzh8P^@eoy zn3}GhiR>#t25#NIjk>@g;FjJIw}1Z~`3nGRcrAhge8LgCyNq!Nkm6FvS_xNOcXG!d zsIVG@-9iBsiNaS65$6`J#_;Hg&I!Q z&HX#WWMAVzZ6sMe2kmd4xev+DtN*&_anH$#BT;LFf{-ss1|!wWB?F^+>hG56nS||1|9|$>dZ%Vc>6ZJo zT3ibYExa9lxr=qSebmE_x5Hm01tjjeb-<_jdBj-1e9{fe^Ov$l&c`yGW_g`PRzk;m#2mjP?B#9{PSn>8s%Oj=^gsx!tl- zJ2x*iIjN88`Ct8(Z_T;QV?@Fbq7`Yb#KKJWGzldTt&?tcpo!Jq|5)qIj zO(j>$^~o=B4*T*BcL3dPXCd!}kT`8q8^KQ;J?Fuv9!|IOqnHej+QcvlBzaqeC zlI;46tNz1e`5olb8|WVA)`Qa|si`nBh=A=S`WxCuo8&PyUu<>U6+QlkKqImO9mlDy zbQeEAKgkMA06OIjmw_20DOqHjj*NGahWu|~6_#-@7O!!5g(jfp#DNJf1CRD{jRa`bm8Ee&WynljRwutMgYwou%;X z#p&0{p57DjBocxaqXNW0RzH&6p6p7LZ8P{bX4nBKM17OSCHZaWegQ?ABd)HmRDDTO zd0B((tM7+F2d~XhKo^YME$rLz zT1-WX7=;LV0%3R!D0623EW&rdfh;g7pQ$eRW|dBMY!VGqwWL+4MD#C}2cVb$+*Gc-Yw;M1!h^K0of@?2n-8Se7qH*WY)gpp{n zd0VzYQ{%raMSpTmI3yaFN7o!}V`%Bti{%yiuwBzN9<)A2 zFF@j=WX)Al?(uYiQ|V#5P8bC7yD!0thGD z41kO5{e?9!5I)wR7aZCYHKXagn?&(fuzm0rS+)cji7YH3)?u6yo31xpB-;rFQUXSD zKCT0HMt87_k*q&~W$ts55*-n-G5q5z=+M#rO=&1Cx^LViUekGAtJm6kvfElD!mGoB z6FW!25^h7mR)WpH5qpq{2n(!7BqeXGj6445fJpP*K|bC-sU6%mqhXuJwA({oh;lw? zYam%li^@oT5Q$o?+bCd)oCzY)2gxM>-Gc=n2{g4HXBQlI5qEAWiqmv_n zpIJ3UFkJ;6E{o_3^iS81y_q`6eWh88uxr0DWgwuI31$nq4AL8w{#M{p8B?pIjO}5( zO>|(AfF@T1Yc>^uI?#@18t>!GoDp=}3y{t2^nSZq)9x`(x+WdDZar%Sp23lnS6;xG zWJ!f%<+@#oa8U{h3%>J905PMHxA0;5 zCR?A0VV_LP5@t1~_~AAUsfE5&=k$KAaoinwv<(juu@ZO!*$_9-XQ&rsUrkX_5h-)z zRd?hiIFJs=2JiI~vWPa5rH=pJh=#@5M0hRz2@E_5#e(cMO?s2+A?CCAz1smcADFwD zNn#tvYp1|DhleGld0qJr^%<-t8`5OOYC}a~)IlMUB)FLD5g|@GKtb{nB{Uh+|73kI z40ZlD4HJaJSbB`haPyXy$9?{}8;JJ;`3e*St)^If^+xO-IU(4}-*(lOxoMmS@AxBU zfS9t#>Qr2HlA3Mwp>O$&Lt8!dwzdCQl?x4BUUjo()#sbW_}NnV5^PUuNS;*_meXyAEV;E35}(>0jfRK{jz5YeWlIpg)F$ZI$`A zc^C`}IX;-VNi>qe``ICBv=u#}OpFt~$swYZ;oFt4Ieq-zvNWlBxD!H)UrNZwA{(&C zKu$JQW578j-~d5`P$Z-#6Gy0;>{0&*=vLdRFg{-=t4id&z{irm3q7@$@c#TC5f|ii zIr(4L*;_b<2&{qeU7F($U9$EEKI$m^aX>$q`D;LbtVaFw`*Pj)e{3<2RQ;6L>D&Bu z?c)XK*kcy45j}!IUd@a(&)+uDK3831*+2SSD&}OtvAw5$8c<0~Q^=ikKF4$_jY;CZ z?Wp%T1b4}92`Y+ho)d~>nEp}vYvnbP#w1TfQ5N+Se7nBw=A(XVYl~+5SPeNM7VSl4 zbgfs8Qa(@!i5b=`Z=0X7NW?`gh$AG=r%Mx4+yS7+G&?v#0H#hVzwmQd4(t za64`|T#!Q|0qaiVkIU#JDbNa9($NwxhF) ztzsG3Ie{6Co@vveQkSxK*AlobV&mfCT*m#p=4OudjGQr@Gh7_(O82POdfnT;&+V`w zPXsF>F68YfHT(DMp+EcdjM~*#J$ap16GL|djN`RujC->2r&Zn?rXM~j`QfV)eCCRu z$Aa9Pbf@E$)(x^jLnTFCCLPX|aXgmej`~v-^Pd}fTl{5e6#HFHu0&=tYvi3=FshKH z=DVYj;neVC#x#ZEMVftBLu<>D?YfK>3ZviS4&DVW_NBWI#5j(J7^L31Ftl{XqiC_Z z6MoES)rW$UoSi8gdn;M*7xnkdZW*vC7MoPbE3hj|FPC%heqybZ!I&3*c$y*I`<~`_ z=ee^far;C!sU#>)?MY2#EnwA_nUj*yjAWKteUP^tty@kPtL7M-!(&EXG%WJJ7Y)y? zF2_wgw~=$by=QdJHcT+Ga_hy?Ps(vd3)>hCe|)RBb-;EqG+@7|;=_BdD*AG-vxc+Y zcYJwC-df+blvQ+3qW0av-qOqV(Gk_PyparN@p34ryp;(wj1Bv#c0r;1xTzES7b8UN zo3G?pKGRsZd*<|aD{DSh<@E==8jj}a?@5-hp)|MjwT-hrx!Bn1t{?Styp6iGserJm_XAKOoiT|F-h-f-d-BNQ41Y(<>t&H zpGj!mC)SCc5A(t8%nAkucG36GY*5}KluWCjP0_!nz*X(g6RMiaA<2ANg%?F=1`V46 z+XZVM7bmF9%ynL-r((7W=*WDP!Jg^ZDx4LbGF*T8zE=g$LD9|6#o`{84n{<96#D8? zMQ4=;{K%XrshJbzkTH9>nxWsN9XTT?7oxMSzIu1`ZmuW#9hbKV^PXTUi(-}HuBhnD zVcTd>9$I%RsmO7?O^NlCkXB_DW$k?@GrRi~cPYd;8()n1)OR`asVZD+vf{I2NIlja zp*ax3!*^KuyLD4r#@V0+RlQp8FW(`vl$DYp9be~$1E^aDN@#6pBSRU{DacztQ?0a<{ z9Au3XnBWQsok=?DbZa+dUCnllw+efC<`YNIQcr!lpmoq1Q@*A{Pvd3IWhswFSy!bo zJnwOnTPNH)R@kQB)JDfko%w4#KVDjUf;Y~(X*Y@6M#?O9 zd>rXnES#~WAOpK%XS(y5LL?|JVScD&%sPHPDYx5o~l1^kPf%^6ay6zrCd@`v?N zXl`CBLTRL>DoY`Y90Ua@A;XVyACI#$CoqH z%cZw1EF1YQ>o`Re9Y6WO|7KIK@s=$@8fs1xduhZ&D$Z7c)^ zIV9prwEylfADSPCOy2f_Lyx;Q(VEg_$K<167fPN{X(0y@%D)BT7%-Kfm|QYVoi`GhZe4X1`+LYk8q%J5scszWZvw^Ip#v ztcJXMB;`W2rA;llw<)?rwH88ZRDuEGzp17Rv2PRASS;N=eGs4snS`hvzpBx zJwo3{K26?jRgiM=%Ik+kY`wZHXQ}u9^o`Db9kq+qw_c5^+Ll}BQ_?ZxqV8QA zGPKQO7rFHG^tM|n@+W6Z>nhxOU2^o-4_03G&*rZ#O*jrx6om09#Fc7B`ro{8M;Kni z^?WCPmVBixa<+exng8~(me}`09F{WpWr)>I-XohNG9sk1NrdcKvNICdGud0oR%B(b?2+tHHqr0A?$7W0*ZsJA)W!84=XK8W zJjZk*)_Hu^J`yAAQnnBpb<-!rb(ygd2F@d_O_5#VgVb`#e{SYce&@HBz9zBy_g?d@ zFlxqn%}bv2fowbenIrrU^D0eZzDDzVO@`ZeNP%583W7uh+sxcN186H~f#InMRAalK4aGohe?hfRV~o{u-Gh-~soo_~n{glTj6JQa%bu_Rbni9WLTh41LIP6_=s_!0KDPnj3t@`ejFSq_mAVsryjD5Io3EM+|pcDVA z6~sF zHJ*E}SC@@euBeLK?^4T(=y)g8>whTS7%+G%PUX?~ZSA!(DxK=vNov1v*os&WX;t6L z*lgt$T^xcyb(FnN|M%%5g|^A}%_Ug5;|D6)7f0WY{i=P0$Dg$vaZiBn9c|0# z(3q>Hwo?6YTI5q|`0PxoMS83AL9`z!I2&?uwTA;sKG{(6%dgd&YlO!v=osC50|=GQ zb-w6J1N1o|g4!+_I@hgI?ia_WJ-K+)<9ol3(WTyS-cDV!k~7_wQX&=(md(JS|ANo| zs|@pYF`bha44+_l`v#LQ%$Oa^YNmatqmnGWP~H%8bM@eW|H8YQGor(1rHQ@LUIbK< z{V?-TzLK>x;@9ifQZyc{&D>?4t8N-t86?W%do<;L=M)w@v)~}02wtOzGYgA!>0CHq zkcd-vN>fVyaVcAWCaNA-j9Ii>6v zB_4^f7z4Hrc8Bq9t&tCbA@TeVc@ho`oviFlSPkeyXtTAijD(VGxKh&oTu>CGP)&T# zx%B>BbQYE1?-aQUTe<#p8=_9QqUICTGg@z^6jm`W$$e|x&3iBW`J=Y)}K}H{y zsYRBJIcaMWGnI~mi{iz%8g$AQx<2gq>ohEF6*;ZcvR-uSv9C#&oLY*r^NNUaY3zNB zU7$K@u=kGDmNS~N^6;a2i;8ym2AwjWE4TIb{;X&9DuZ>nn6{$$okHQ)dWr|_kGj9& zX2;=DJZ0r6qMZxApO&0HG1H-3bDRHW%)kDTFsh~@0g{3*V1+WT#8IXr}^BI6jm__>u~QAj90|#DzPxb?zjz{mVxLQz)AUeEjn2FJ&{;GqWu;%&5LpXONl6$g<{E zH)u@$ox}Qa;>9?Aj4Dy~guW#KOq@MU9#;QePtG}IWJ57hD z(BDJJ<8%Y(P>dpoK_sMf!1?e~&e!pTHmm??hIQe+;p97cHG#svVmDrkSC1!#512&~ z>ack}1+TtPl8?JYZ^~1>|4>M$$xGnRFX!5j6fRDs{ugH=J}EiL8cOzQs?%mALy9&fdytuD8siiJ;<)9Z|owZ^V|Zo2p8G zo=1AHe6L#SSJ$ifzn&Z6zsc`7du5WPUT`Dd<<4I=zkFK6T8CF%rbm0|_oyheeRW&= zK1==!{UNh+uB1+MHQG05@xL4VFkU596PApcbt&j$Q|0X_`9Xh1-N(zEOd|$2TdzA0 z%RWx+jtI-!wSJDn-SNbEiv9ss6__smcP?zs)}9S>A|D;wwtjzz?V+w({>D7!?ibE- zq8K|(${({%?5r!e8rxF5oJBl7X)HzlyjmlHE>3qBzp1fXttk>-D@@FdamqKxR~oAx zIPD|BaLuLfk_1o;$S3>#)6*jz=BNS>gPWn0l&0K-z z#N#~Ps$M~v*(ZGdA$k!`_t{8Xn`$(?g^n#Be`o*YSrlEwCy|IVoU8B#*W+GguNWOc zT12|HL$<(YY?FHB@k{svm!xw+*pD9*Bo9a9(CZ%9V38%~~SxM0<@D>?6{ z+r6Rgd24O1DHWCgwu7PxMSe{Vo?dCm3WlL&7$n%pdtNE$a43SpjbZVo~lIF zN}U>&bh6a&k*F$b;Yhqv%*!pdOIAJ^iZPYt{#lUu!L|0cT=3#YpU5}gM)M!fL$;A; zm_hT^0&YInOY}_Hx{i)9R}$;XG43&i))%bLtMY2oGpIj}t18KAr9OUmwoClCZdNvg zr#CwMe`#8q>v=8VP|xSu7B7BAm5Gu_N6FjPp29U;~=tDve#*$X(7Y}c}1eabel%`@2&iW?*$vOj(IP3K7bK86$PG;VQPi}*?G zq2qood;HJWlEF38lQME~RCq&1-L6HX{y9|zx@_XX$) zL6Fc8B1`nq!pQIDQ&|8Tk)2@XFTRw=My6e=J1Uqv;1G>RW8?=WM#xA6EfOH8N$CSW zi<-l&g3r|zdimeef6V)wd0bg2)Ug-MG{XMO@$pS_!L2YBfuFVxn1=9p) zQy8oiji$0jQtxOx%pE<^ZcWo13HAH{QWa`wX^7LTL1I$aNK-W??mC?Y9+jft)`o>a zC?0Z#af*^>D`5R>2DAm(1U}klWP5JKF3l0NjB{tQObYs6N1&u2nDGEyt3yDW6KWyLJW{ky(}v>Ca4=HxZa-o1i&h?QA}tHs6Ndrf#Kz8|6)=tmi0i`t*}(#j`vKtW zSH_|f(^N*&t4I?`zlY2VBu7%pA^nu29` zpIu$3M5*uq!~Y+_3;qHfrg8VQ1~{eAVtfTv?b?C*VE|4MoC(P8e|lV?5ZsDhtY8naZm~_=Qn}yA!OR-5ne%&UhM^&; zR9tit*FccoJ4qpCX->_kdhxT7Z2Mz^;^b)&cj>L?gnzj4iv{N@uOzxWXpu~u*l^s zgA{s#&FL9f@}fv5OcPwpSFjjCe!o}zh&axE7W2@ib_9TpBIJczUk!$z4NH)r#lH?M zhyVb`!XRT&^vxSjemzm`eb8~Mf9IyR<@+<=YUmay`U`f|qkCw1w~E>gmT*+BuHH5@ zPv-g&`jp)otFGki$Hgrh3aOFxGR~#yz`qem?o?i{)Uj2XVr-YZ*LY|NLpb|oujJ+D z!@DaAa{(3xNE%-d?-sZ)1C@M}z3+R~uL@V!gLy7B>}`L>tLLh`A=WOTxOF3Z&6eFi zbK{sZon7_2RS3I%;jG>v?u%Et=Z3tM)F_=4)MG<$Upn~pdMK7FcG>9D_R6$=DM@v` z!c{M?<86=)DM6!&g@G~e3v!Z0#G9Ynf(cR)l9j?a@pf*p=U#-WnB6UC&Kw`CZb>0^ z7@3y|qYPCDSK+^`^);$OGnuqRch=B>#DkPRbyoc);pr6IedIfUkaYN1l=BB1cf|aG zed6c;Bg=rw;GyPwPSJ=FtMB+aPh<4PE3C82BTaulAVowV7?JTXXqN|Oju9Ym`%F}) z*e!eO{NcD7k1{AuV&ACKRuu)fCpCeS8EaQt$?N@xE~{f&BU zj7rsXwg%_*fPoi-cGH~P4=364;wVgcwgyH>IYudlP1TR4sLo;whH#EX9d2v`okA_^fh>5=I>{DG%416^`!%H;3pJg-q#c9e~Ha=x-JSR@*aO9x63NJ(%YZna=*cf(ShsZb~5;bkeWz24EL7?$nx$mJ6kc86F@te*wN zuBVYQw~9AYg`Z!#Pjo?)3^<+5KyWODB`2jdzkRQEZO-m)$fMd!3P$<^=GIO}nUBm% znIoGT z(ytY~tSL+es(*FAh=X->y07XL%g=5-b>L&^eWpVzW-+z+{K`0NdJ%hb z>mOR>!EvUWGgu!4l~#b2gqqig)}qFt*A*D*@Bi9?(0^Jfb^HizVSy?|b)_jY%^S{N zCK;LgQzdb;SI?#AylGc=QpXWov#jmC=^r7=wluKDHp|MDVP^1gV-xtT&(TI1$ct|U zEJ>!_enhCuma|QKwn;>5Tidq0LQWKhdNv=6#X%%y^VX&vdtr9!9Q!XLF z0iw&INP`Z&zMJM4B-n5Tfem{1fnm;6C0Ddyi`|5_`+)gggtO%fFg}rTf@92A zWFl2MUfr!)N+zJu+D|blrPg+ z+sLmQQRr3T2Dh6p;uL)hjr?17CP?pJa*sSPhTt^@^P2z=7O+0#I)_y#)dju;bVuZ1 zHQWj;xaR36z==i-8uZ)4dzVUcGxAZ;)p3b;nfl2&Dbzg9zdo@tvuube6d9F&Eu~P& z@}Jb!HK6=_?cCX%G1is!Z;-178jo-wp0lvZKz2kKY<#`I^58$V6>yt=09&yY)SWjZ zW+12+023WK9-TEVUm?+xTAD`5*Myk~t3c!Kypp&Mh%KAOZZ@2t*VcbgPiB z8(cJc*nCr+XczQ;5^3*&=lrxJ>e7Gn6SOWvZ?8NskFHc5{eGh><3`tWZW8j7`X@N5 zN98+07i3$Fby6rvt8zb{sAM{*GHMZtzaVW4Lu zJa4!I-w&-tp->>P4^#uk5d+IP;3Mrb@`JWZ2^bTf|NVn%OgX9yM=4l5VK9i3Cu~0% z41NgdKxaj)bl`0;b((o*} zYeu^4kqFjaut!hD?Q}f)yy1;&sb1=nw@xRbEVoyHi>Wm{GHS$*U&xlbdSU<;^r;YN z5PNgYl*k(AfokaI6FU*YF>K7B4IQyg`iXq?{=n}ct|U$^syYr#BNt(KS?covI{k$G z2W&EeeyI`y-q}GzjV}xID%xcZj~E<$5_epIz@(@=6<=m{nGlCzcEgy2b$&0FFG>2q zy>wGdmDSqBI4^(J8w5Cvz)!2EOt_M#?LU5FRH^@zwvvmtwDm&An$NRq7L#>-Uw;)F zM{zYw9>3w@|t1y*TcXOKV&&7>^mL6rzrkeQZPeE<0ZIMIH4=r-nB}m&hG_M|e|^{MUEOqB_oPo#7qU6BIihZms`~BVVrRH2$SIUu zBz#6mD7>EO#&fqc>@FFuRup@^tIFk!eUlsNDk_(y8f6aF4|`Gt1U&atw>*6Jzin?} zI>c(feKV{WsU7jqS4PNgwPi|jvIB^FU#CHgCCTyrCQb2u4-au`M#No%Qg8-E5pz=$ z0z)yYYg|MkXl`x}31uqo0ie16vHS?jeO1#8Sp z(`f4JDIDh}bsSOmwF05%adgtmvJ<)gp4V3@XI3PqTaCEyu3A$>4-ZRc`O5~GCy^Czq6;;eI`hVMA6|*E zs%ORNQb^ve6Uv;CGrwQvM?}b3!FC{d(j`H&qDJh&J0=iXtd?Ft>lT9HzvT<2CRHJV z_gpg7h~KZAXLJb&A5DF%(ovj6Ud3{8eV&-7@9UtiMS-N*(tY{7x8E!JfTx>tBXB9c zo&T&ZMl<1y27a7Q1%>&(aQ+{mwE{ubcGH~R;Lz^LyGya*o0FU?iyp~g7T!jN#pd2G zzTwK=ozOCST~?`D*DDRPGwXqtv2g_WIZ^;LKr=qGySs~+JiyESkNb@xG^M?3C@)ar znTKD)H@K~+&}&vA zDlhP7=~Dls!lSpssKh34J>|OF+WEA-BFLY+EB2ky!?Zg?I(m4?StY$$M*M@@vTRpV z^!3zc!rlqbY4PW2J9ac(o4$}>UEQ7}^6XU5gN%lTWDped>HfwdvDoR^vqfyNotbqyg*8U4yoOc! zu+u*OwAEFcKkxJN&%Jr`CO1EyS?0X%!@hb&w^%>BFU~AMT7xO$PCB}}(fJZAQIRQ5 zd;geiWTvH~R)n(luMPYzoTfZHM{HeVo6~!Kv(92kae^>kY9oBzLpR-@alNkm!wWht zd2*MciVA^@LmL8~;QacB3k*pH`!5e}@0&j? zRo-dFl8|nmYAI0e!(1|;II`CC&BPg3>cWqIPnt>b8`hd!FCG;0G_0{|A6Te84X1yW zD72x2F{i@PnKb+sr3 zH{ei&K#C6l*Jd0{KtMngoH}NdgDj9WVcC<61%2kxJnY=`xQs_nk-YUqgDD)53m2`P z>ruX;`Q=+7d72+|$giKZ z>fGo^4XY%f#PhE@tcMAp-33;S3S2Vb%dP8UPb`k6gO40@vF}-MZJ77cQc@~7U(p;b z_ei!}qsLnacdoG^t1Bx=z3}CF@xH@sEs58t|K^{WnNES~h)%hcv=Grh-3og;V#(b% zqsZU3c&F z`mo&GrlvAzNM_;1fZvZ9M1Uw-0Hznn6|$F?m%A^(#dQuDG=en-IT;xytTh1A zdjHGC&@XNQu4cz^ZFTi>t}dc{9vyig5;n{rfvpea;Kw8NFF+ulJ37vS>ghkDP2i1_ zpPa(%Kpt9!g2X_-aiivSY%FDVP7X8ttcHdLhiA`}K(-0mEEM|&)N(?xmt%*I)Ti-@ zXk~Nfkmd@s`3bcz;ptl*d{4UK|6^g{1<=UXr)p^spC1yFT?9D=MQ`7~ABo%{VI;SL zkPd8Y?AeVC6w0tZ(|8Gr!WXz0cFy~Vqz+71mTT9d+W9blVQj0hCNnb&|_&u3s`~*G+d1tb+voo`@;+mM4WIy-=ylE5|0w$)8#{-xq@WF`$qgF6( zm4wv?UKAFABLLqg;LZ6iN_{<)tY zMn_*CMV?8xZnVJtaQ-_A2`JT|L?frA4Q^_Z{j&{U6OjdL#QuUj1@Ux~TwGmUm0^g9 zN=^<36b1*3Wvw0}@y+ft=GP0Q}04@AMl;Dwc2 zT&x7HQ3#w$@~egC2iZ@+6+@YEAXK`1LUI+aWgqE%ZynsIgWSWKyE;JZz|KUb;S+hDlYEK ztl`%!xY(bT%)nX&eIW(-9q zFDP)_m=pum2->zNL=KvAP0{2P7n2}?D7-XC0*`y<%;&+u^N7R`JgU>9HNFcnKFJgD zO2_9ZC<0)Jx-2ct*xcLaEmwPz4W z3H?>J`j{r9C0-r6A}S&A2++mcl9Dzsg+ZC5ce$xqSy@eCKo1TLWqv9ExDL?DS9YF( z8Z-D}#!3R(N`b+gaLqpu(N#om!yAlpPmR*Dq3VF}@G3ZF%`Pnk<>zxHLt+#vW)Ldp zEZ%feUh9_t%=qj_&2Vq@3aH@P-T*kipR_JID#{O}8d>G#6u_tE0*wzYnAHG8oucFE z>F%BZ;~?qI?Af#8_qPMNUrsR@9OCcO=}=tgI0ic=_PX@vo^7M|BkmR#w;6kfH^lu7LhO zZ)`;1lH+U>7LrUrCaVzcJqa+Fg}y!mRFf^mlHNyxU>Szk@tGCBE+T{dsag?u9Q#2b zP)@D<>OwOZdX+)c1%BctE%CVk(JkZuy2(5Nojq)&e$M`|@z*Jq!b$zP(F>fv2 zdq;PT@B5ckp8NOjBV8D)n|vg^Xy`$JGqe?fjUdLjy2c03s++s}97s_Wb#!7kTtR4r z3QJ~ImLo7TkgcUW$PT;d;TfI-@~JYYsvj3$g8Yio(rZX23ad5_&(P7_>4#-erftCe zhiQy-xtNNP(f<49a}If=ItHZ{|LS<(W7pKq5%R>=PA&d`QUIz0ogP&FlIBh-Nt9k#PgPDcpI@pOI z89aP_d<kadsGui_&V%h0x^n=5q;+3FcO9*~z|e(@i;Jjt5&8p^ zX<#*0{_gf3JophHdL+Xqxj+_Rfo>sy?0XwiVX*8{daqtNQ}(K^q=e7JV}-5d>({5d z58z`!eQh2uMMFhpo<;hrj2zB_EwFH7Vq%ir--eAtIvCD^JP04{(b02NLUZwA1WK0# zLU{S7XKrqypTB%Tb5R{M72g|u8+kp&;T+K`7`A8l#yIh@p@9+k3m;gO1 zNQxJLN2v0lJhwAYn&F1L{BL-zQ3ks3(;!T!ic*2P5#nm@VV z6wu99bbPRIx$EpKc-9BCvTc!<;>TH_BIb-F8c!fEMra9wB2M@A_k*CMAh!ev>P1Px z!h&MVZ6#2{LDQrNd^G4H2+_TO*TLu#o1|p&4l@A}k;401DUg=JRW4#>yaDG2oHG~< z@#ykCZB+QKVDFB@j)*DG>j8G662}xI~U#FpK%`4K#Pdzl$6IRS36H@ z;T3fQZEfHYN&-i^E%uvl({b*M%`GmzeEXIb9ReV73JwYBKamy`MB=y`pi)8E$bhtk zd0s3S4n?;L(%MU-;k|KdX=?*fDq~GWV7zRL_T=xsGq9@4fLqkx-|q%zFLe1C5?3KN z#ct1CTbqIrGKX_CHTY;1U%lD}Vc(;prkF<-vyk1GhCB;LtVo^f5Dpk)k%@ASepzI2KG zDosa62eG)wiX2B>zoiPCL&(?zMxV~FB-^{Yif}vnKpTeaF%W0d zd~538V0|4ohbQ&e^rBaJ`CWs>^nUCx_HTCQFQv{svMAH#k1*2^c8_qnYi~LH$Be~6 z1MfhDg*MaW`h-KfRk54e3-3!G9)8I!!FWoUJmS!mvlMHB-!@d=#2pWF&8(fQ(CAZ) z*^L=cIOA4#_w*@ge#DS14n9&^9nZHXb^LoLXv7HC3E5< zaAgs!gF`i2qyyeFhsAGn51vmhESSxIi;Igxd8@)$=d{wOqP4oRW=(xLCIm8PgY-TZ zi|Insz`m7&7aVABmEcy){rK@5aB=3VSJm~SXXobwprnQQjX)a*=2FaSWOQ^P&=^3? zL=SgvK>@N&Ryo66yC^L!t#a!Y`!MCYsLN_>`Rn&$9>~ba(W>(19P|#jxVTK0FJr+R zv-RiCXC(PY5h~Eu*6c3m_R+2oJoc&FR8~}+gY+?`gjevqw?f@TmX@=#rmSpiqo&I zOCjJA0I~n^xi3i*L9e~F<&d47-2^uYSy!P57Z_eOgK&3#^EZD8MUXz}MCMD_g_jqb6_1z=7nRI8?m2?kKAx1p;Fx2uc2U3s$zn!|Kx zFJYYfUhB#SB`XNHP{R(AtOC{Wkj!*9f3y5s@g5xzBjU zf#Go0PP;E%gv*CrJ<{X?O|j_H1p*seTWA#h!Ju`;N_si{E&0a-)XxA71V(}%a8k3T zrAWG$+uy3nS4u64e*0Dh+YJyU%vrP{_$xkRUS5FVy+E;|ER-A#mvo31O<-m=n1srHDaQ^r;?+^ zw;hYWpSS}RDS8%7?dTZVS=Pdq1el^3ZWge8&@k?B_{V%D(Q0!5T2OTHvIBmBy9qMN z0N;q@l$3sOj)Ld48D1&Ax-D#|{jxo>zm768GLTVp2qTJg1xYC6!E5&P!_$QxOK7Ay zmN-u&Q9*|=gb+pP+Ae*0qqhzEgCyp@N2Z2z;nR|buPW2JmVO9 zXms@TF182Vsy|O1bqA`g4XeHYt{XYJ%}sH%T>0dp!9#^P_NC=rRuKFFu$eNejm3Bp|#mX_8UT;ZxsO$ytN5TRn_ zsaGL|URppqQ3nSfv9-0;gcyTB5s1P>a}R2H?!y!E0M1F=WJ$mI71 zc}5yO7zfO)&@2OtgvTR>ae~Z)ih$=3oITqN$6p4aPu~Y-se!>kWLHPw?EymyVj1Wc z8~MY5L~;H+IdoL;5+J)M^!%yfj!y!RM+pkvzOi{=Gu;3{LsC+bjDaBx&Tw>>;n^Nq zAv^L0a!rA!eRqzG(<0Fr1Du5@^S=67PW{gH@l8NB+I!)><*78+O`Pp4CDR}oW6BnW zOdLXJ_A~L}+{l#JM(Yz8Xk&!b)YNW3V+4lrTTt6(VQbGSb-BtCydqvlpy5qc*6$Xt z3B>cFtEGQ=7b^c{CMJZru&(gIOAYJ~nlXF;Jrv>xJ6p{r1J=~Dpy(mwY1$(CdA+x`Y3#8}> zEJXaJqPZ#vFZ16vYpNQ{rP?&yQ`j&Y5|i|&ar{L0#xL(%!t!A^r1%+~N=f?ZM!{zU`=D@xJC5HUUEiJJ$ ztwT0Vt^C+4)YR1TK=s+$*=YfwG6akx(&0k1B}jT5I3TN%QkZOheVA~T#UaL2U_}Ae zLSdN;H47PB@S4=A9Q69zj`?~Y?eq(kj!r*oVU0UD49=p>O< z1^@&M9aiQ+kYxwS=+Z+YBlA#B(L3k}RT$o56y$b7_<}+*P}0J zJ%9`NB&)Z~>gp=80)gacH#av^$k71XY&@*zRbq&vhpZ6**@0LbY*fY9To1M$To89A z&@0fT!5GwgR1uT4?%~hk$yoVu3JJZzl>t!fH%!LN0s?nN_02aXKcSHyxgeCwRGG+T zy05|ik}ygJgWVzpzCI2P0Ko^i`~o_omi9YBV%aM(TOOb20($`(RB zVMWFUZ&K#O7i5b8nmNWKZl94endY{z(54tBv;4`Md^vgPEME(Ov1K`A$5wBK&7VqWlt=eZW zSOurdE7O-*ePhN+ukpuc~Am`mWt{JaV#yR@_~hd!!GO8d?o)&K5L zn)e>vr!-;Mx%?rthrDz&yrXv&-pf+oe?Awaz3wivSdaF0bTq@$c?)|avHtU!0YIy8 zF}b<9ezmm{Fn1C_Q)&O)TwD~gZ?9CcfX_@|Vj?}%lCVcXcC`Rm_&-T{G4&X=Fc~v3mAflYg%3@Hs39L+F`##eh+9diQ>l%ct zEH78eAU72N;DX`2BtO{#k~%@j7~sr0dV2HV2J;mRGhBKP!GyE>JAmmfqet-j_kkZ0I&ZhOx4+0k3RI-@k;=!9aD#8! z{YKPM@KuBj;m}G4yu7pE3*z7Uuo*metI?M=CU100!z;<0@Z8= zj|E7!Ax5ds<+}iKp{r5T3sTz7#mVgbe$;}3L9u^(YhQ-^Z@7rd0r{}bhQpZ^qka3f zEEhHpHQ`Ep`!=2KHHIQXSA^nMJ%QTk_PdovHGM1Yo_#Yo&Ny%9_s?QCK}0wb zXo2IN3I_)mn6{usdT{}Y5p)I(5c#X6uO9?{k<9R-1NEpC;1g%vd`u~((t= zac53ATt`i7c-jtTh=czR-27K!`QQ;jtj)Fx%Uq24jduFV@)`4rYO|MVtBcfFm6eZL zPv?X-sf2dSKcz>6a~t3&PP-}+hmD;{B-V1UpkGSRV&}p-Q}c;`BHM6C)__`wswg42 zBIzW>&UkHY4Mh}_JAhwgad2>O6JqWBNeCpQng4sZJzxu?eGG*yy=3+hJIL8+br8u1 z%*LMzNO+ilrJr26!{Fc`IRiu2i9NJns$x6vFG~U2w10F%_~7!rdvAou#K@WH7Q7oi ze4s`iIe@E$!_xp~WM_`HIXn|Bc~1a#gC$b+ak72P-Fx>6vXl(Lj56;aBk8?KwF4HM zf6PA@1xag^Tu`73RJ3pGxv(!ojV!WpYSGFr!21sS3N$!+LCgIX!h4~83WGNh>SzLn zq)_@NUP+}4Z1$Ux(;_mf0c>bts`3+ne(X$fX9l(wVvK$Da>kmm!wmy9U`3YqEHkYF zer4D&vfiRjG0+2^4b)E>==@s2V%4SYkp5sF&Qo%C8~E*^kgGU7;Cb8HLqp6JM#M5b zopJ2bSA#rW+k1Kzd%D1n?<{fZuuUsKGcO`m{cVS-;H@0!7qwoK)6a2tb7Nv>|60n` z{;-URnHd|pQcSU~6qM4ooE00G+K~XLu1>PHhhR?%^=BXrn1edO(M;+=3Z>aV*)b|H zk&DM2tSsC9>t*e%_9fl6n1ITt;?vVrS&tf!wRipCPhfoK&U3JnJPRi|W$M^?g(Rf+ zxPdsLdKC6hBj$KH@7_5kaoe&0I0#!mS`qsTXax({Z3bKoI59rMVcBjN_~Hdw)JIrc z!L~vAR0v0M5o!(lw)zBFRaF&hy25>VwqtcOLYtWf4CUJx#t$7X09;0wz#wJ{PnU4{JuNMN zFy=Ld!}hb7#VA^O-2RIc^8jfK3Edh^{S5#XvdrjmDO?#FG&p^!B3EZgYP?4jH z)ZBMvd$b~6r@Wi$-#LI?#e<4H_{qqJH)DU`6o9(5+NFoWiEIkkqL9h!Wfnif9qhUHB@;5G)2wN7IgLU=CyyWc1l;i9J3r3Yn zfFIt4KnX}h4hDz#bodAug}+18796MT^byd~!QqN2-jxOydI{GPM9A=9$a(*sMNm-Z zV{synw9OFbH;Am!)zuZY6#_SdhiO*gFHXGyXdt*~3v2#q00<$M2XO@S3f}mw1(9B2 zmtr&H|0*%Dd}gXJ<^66=|4Y4-^m&eolf>}q1sJPB`}%I*OcXo|*~d&z-5@X=4heM* zk&jc)7{p|J{{B{mZK^|WAsqj&g;rr;zH#G*^Y9UR*I|zlY}BW!ru4KqHA3kw{&Cwk zLjbRd!Jo8jS5h=>$&co zD->JOld5uQlP&_|nAJ)%RdSgj3V*ub+rQoLYhin-{gQc{Oj%09T%HQgG_q#G_736D z4R*}ypRgjagiDr@MDBl@=v4CN($eB$%$cI~ngOE$7#FVNU9;}J2W>bsm|=gtU~UjT zPH_3|d;Ck}Vlejrost|`{{;r~u22$|F`t5>qG9vIGIaJ=6|X#mg(LC4^u*1Z1)^j^ z4wj<|1$7XLwa`HiXzVVecVA9$fJZ^wqZB!1L8P zsr@L>h1Xrsru>^j!7$ffDO=jUX0EZL(V?Lz8yrkaeO-pT!np`>o@@6(7U!MdqzuJwJh0sX-M7nVX3)y0LrGu_sOPd7Ta zUYRY`v_6Cc%7jYsNRsfaqoGnPszjT>diHLBUDa>iB!Y<;W0Z9{yW)%cXx7yy3Uty? zzi`ukc6Wixbch`+X_{eSYrf#dCtSi~tV2B%XsXD5Y2D ziF1shs=93qV6ki5ujtj*(vqY9Gcek}w+rNgj$`n05AQRkedAT3Bt}RuC_cn_yZO(q zt@x|rS<^gb_gAEvr!XQp*SDaN(b(bcan{N{4DS>+jMP#6&Ove4n#FAl&9S{-eX#1k zv43-2;!kQ4agO!BoS#K7B0D%b&S6^`R^2i-z6fpm*Q!DHHMXuBi!0SI0V*gckohI` z94&R6K>3o}dkAAh23E{iG2FPCo1TdcYMyaBJI*kGp+N|&dO1`n4b!NPwgK(OWgYgg z2>uFZkqg$v)H^l{BI7?Ejf{?-_oS}Y`+eng5@4p~mScx=C*6aMnXZz6RwVQS;*oUv zXa@m#u%WstiL;W9=XtC3>sN|<>Dk#YZfA!qMoHgule5%fO7#8!^&ULAbh)0x+l?Cs zZ5*=v%P=PNW3@Bjrk+3U+wQDr{m#T$B>!ES(z!PXrsb&JxfB=fE$;0=xAL9}*DBd4 zVPKGro7%hgi=}sST>Sgk|bUi588m*s=9vfx2p-Aw z_j$1Y+57ZJ^kqG5(tpI)e_aQ~x`FXw`?rZh&XqTXbP6f3iB^)Ew#1LzJ*S{}S2ctf zr`jehT8M_a`zqf#OZI@P^P09+&QUbif4;e!aOG2sP*t23ONiPx1@q2wZ|?b}^H)?2 za2Tg+P?#4owl_6R=N&YIIq-#tDm#wg$uPPj=K_4p23Y3Y zuV2KohJm-?Pr=rzdUgdAdVw#43wK@*b7ab=EiMjESLEgf-$nx)+56i=n=t++OseaI z+<2}72tHdSBZ5F1PWJ8@)wxCAvscA$xhthQ=xg1Sw&$HVG1}JFrc^w(G{pbjUA#$U z6K*ANr2PLPNvK(aLM5z}*hD>cIDywekk-KdKC_-Z@g6-b>|Pfw#4DIGsF(k2ZOH=s zg^-VL$zp>!kLA7Vt#BMekR+8 zIFbNLOwRH9_Jd9Hv&NOi-=w#JT}kvjY=@o-+9#k34V>I6iPjnj&drRABfNC!lKt&h zDV}t~4~Lix@JzGYU_c?Gr_Zlgs*=;MIyyXzK1VjvJ91=fU6Wge-@D{M)OM|46UfQ` zD+ZgMdi`C3ak6<^{&|yWZ9!MUuALg6Q`~FFOr_webJ?p4%M}Asc)QvzgJ-eZKAFEn zzF*{WiWQUQnc#^E{qTGeoxQ8ae}U7DqHYk<{zs~4a+m-&qvCT|SeT3Xw{^*-rKLx( zXAO>s2n19C0?Uh?Ug<8}@tlTr>cvROKLmcZ5kFu#p>^jD4glN(d>Fq6S;C$e4LaAd z=<{9Tl3eC7lyMm&n z-Qs+nm`{peFCN5_6VO#`v4=L7s)vU{K4)V~Iu z{J_=+lvxi1HP~XP_Ttt&lsAvW$H#wd!vpX90|DcHI(dA_<;JQdV8d|`Kk@eRf-RuS zn>*`1Cjbd;0m6Vbx=8+rtdQZqkKq15CPrCDjz#Y_yti{8KF2uloHxqy8jx1jCjlp* z$k!qz_JhPFN~S2 z*9x?BPzW%zyw3qqhC?Z9O)Fh@7r>-dE($ll5)0)%OTT=3p~0|MCnmRVN7?s=(wBwp zaX*4T3@NWDWQTgN=s6F;aUaABq!i-YwF@&KYD9G(IsMQPvr2+^HS>z)Tom zbyNh8KuyJ$aFUGk6bk+v|Kp25OVb40RUk=;U(CeQ2T?)sczR~$4gFtMEd}WGZIf&wq>vMKc{`{Q}MHx`G>;0G{5@&k8KBYQt!jhs8C*9 zcr%%ZcWXJALGw1l9a#lBQzgvDVBbi4!z*_b){V;kIw&bIkk$$F*O_e>mHPs=gk**Y z;4{N7GWw)_VBpa=djOav}J! zLuqHjJc4!j9GkwBsNx^_J09()!MUk-=?3{d%>^ZZC-nk0FF;*h^}EyWy1XvBH&%6W z0B}zRxUR$Jy$lN@1n~n(r$KN%n(kqffw&nLBVx~(d>4R~4gn8YN&3^YT12(Fx6E}aBzNS0p%;fJ)eN^#YGwo~Rzmq3G?l=cKC&casb_Njm zv<$#it&kfz+%EN|EeY!n6+>-~gb|j7m$&C-SHeZ5u>gL0db*}eVviFDu5+oEb5jad z!dLX2QK2aieDg!d(NciCYST8k6%m3VpbDFmloW+*!7wBTw%sU#2hBo)PO)0^baa9{ zPEg%5pgB}gRh0wu@}^jrlDHc6+pK?@I2Y}{=)O_%l{D4w`nnEKvh}x>jSYJ)+Vms3 zUo(QUT84%;ozXToJwFpP36vL@H8UE%L|+@6rnBF_XXq)(l}tUY&v{anj;Ep8Y7yBl zu1k3{rxB7Lgb}R!VZ#1-WF#pJmH?HKBGk8i6bK%6qFwGE(pn#uW!PR9I7dk6VoFh@ z|KrDxH@#XlPZt2Wa0B++7U1bwaIT^&XJ|-2Ffec%Ko1}uJ%G&!5G^S8J&pGEbN}~v=0FIivn<<{OgP~My$9Fd>|;f`?e|1q3$-yPywQA} z#iW{xZo(H%re3xa8Oy1Y{+e7Lct;2VK)Ztv`{(s5u=D+l*Y$=zGW9<@eg>W+$O{|Ruoyq!Hli*c*A$o&2pIYqE}g|$RTvxbINM$!PZpo0Q17aUfCvDE zfS!#A@qBE{Tj&=U9vU)*CKTDx!=k|-Ui_G5*m;IPuoDJRyP(!&XEEjj;OYMY#kxRC zB3xI?6-55zu_Cz_ol37$6oA3eiHV`d8?~BkNw#O47j^IFZoMp@LF5D!VFMj%It-{P zDk^?(hy(tCAb)rv9{vB-4M{cZ^5lVq!RWoCWu9sr$E&WB*;`3*yz{z62#?)3W3 zKXxJ<>EDS z|BZNM;x0E}IsxZy28P2UAU>-+*Nck_D`rf;S`S17g&tSxZ}0c9B6-!4Hrv}( z?ksWgJzodjmm46{!0QQzofvQ@&cf;D0CEjL?w~6ALt~e6yRolV2T)}I-eW>LUin|%u&SZd-_j$aaou@qR;~_K_%EejsQC&U8B`u> zXlk|r8h`Vs?5!9nz0;QSQ~AF#(T_Q@(#X8yP5vKG-yM(j{{C-dWF!??$tZ*(t3}DU zNdrYjkxeLx%E(MMp(Hz`WUrPGCD}8xl1d?DQ>1>+SLgHn{ddm8Io$XA{TkPGJ=YDW zEY_pyke%zZdQ7t2rr(~>?z0Z-?6L5&Ha+1SUy(*L6T&lvXfR$N>(Ft=p}#%FxTRiM zghTn**VFf}#p59p>ax9R-y7z_sU?2u9bF4}%RTXci8G0 zov=Jo-beS?V7D5#d-|T8-$eyz>a2aGll3)isdKE9IF@$#|L3 z;?E@XDrR`FK3uZ>;LEYI=J)t|=Ns$l>~t2mFXS-|;qS{i>eVOq;7BD55@5lMEG#u3 z0w0pm>?t^--O#L0wZ(L8uzZ<21CzFQ@67JYUVXLq9dA}(bn`jy$$*f{DbQGO^YQJz zK!w|pf{`9L@Y95L{nSOhMMz?~-&V?`EC5p~OCW*wLT%8)fE}Yuo;gWQj5RP7Y&AK4 zTt%iImtJ~C(qKK`L~db3nPHSh&9%IBT=y1jKqqzGutD@#67h<_NgWurQ7RpmJn1{6 z&HW?A4^o_JZOUhU9A((tYfEfEkSa$FHV%kO1NhN02<_g@g(lq%jErfd^RY)-atH_iId!w> zL5fGH4hJ|#B)b%ISfXOPfVnT^R-{@7sF(L6A-$m}kgLsA_JXl?j^6TA_d{615LS(A zF+4m&fF6GVd_{U%Os)ynEvo5YtfQ20VNrUzzv7GM&z}ogf0$?Vo$?n1bc0*Xk&{*IgAHJt6pPdLo(!$ zX~HuwFff8kiLesDh$r-Su=Giio{pZL)lFyhR@&sF`E-8a9$$h-9vLI93gnca@nk?N zBuRnHl-o1#zRFzmN*SP=Ah$4bYK}jYcAGK-4g973BSKaevSsCsGC`6erZzMn2!S9s z2saQ+M!DNRkhy!s1-FBmk3BT*XY?}NLFZ*6&tS4ig!x;0YR3GFc0yYNymi{dB>L8^ z0HUl*@-c1;uk?XB2G~Sppxg6RXMy{&8kLSu~ zs0?GjuQ#%J_LzZq{GiOanYwx3Wfr)h2roTB<`{@8KM6D7Plf4*4Rd`jbNY|xJ^kbr z*i(0EsBsoFZZ;#8YwWu}AWIJ5=fMZ61lGcEY!Js8$xXv&Bw+eK&xnv873QmQvwX)X z!=e&5jH$Nl*s%t>HE{UK*DA_=9(v&A<9YSGajSzv&4S0h`7Ft{Ze#)QK103>Ga-(E z$9@+d3D1^D1TJx~7AuD_R@rMR$Vw^a#E9Kr@%sJKnS^$b?8n7@m_d;k1b9uI<9Rv< zni|9AtIF#>p_>gwO=5vFnrPv`!VG}knAAML<;!WCuY^(B~QjujWf+b z({*GrR7L)lMt^wK!w&w3avSYOW*hi=#*Fwgi|Mmprmb_;dG?rTGD-8{EY+2a!6027 zReke1zAVs8Z~7q3w-tCyH0$;?lktS{4|tiH3Il>jP<*24D~f}+YgcOn(QtNl1_@TE z`J#llxTB1j-kub77h(IWnc33Trzd%S7I@i$c3<-;;egM6@4qWoX8KUxeGYHT-s;vW zd{OJsA4x(|L9i|nF!4gfLd=JaA3KI%GpyTxVY?j($2>c^=5|9!=Fr_BXvi16+&neu z*CNpN6Nu(?7xEguf~N5rS7G1w2if$m!0W4f@#@v9XA#1E4jpTTaX9iGZS8z( zAfp<_;2V4EmKhY>hA+I8NWKUWDWY8-9UV0+whEcKS{UgFR{Uyjj3C)JU!9`o)wFkj5`V~;O6Q#hy8M9iBObjh zHqU~1KmTl-`~hwYilQ4$lTf-xB`0rRm1-y&vc@~hs-W?y^Vz)`U1qWOwNb4(V+2Mz z9CRBm4@*@9^!6HJXm=M|eD5y{T0sJ?h>NSBR{`7&Ib#5XpMqaQ!aLSe@q7O?|FCDT z%eN!Y_{V==ta3STZ*NabejWRY>4-Fga8#&zV)n?{b1#)YgJ2UU_(5?EVg-!GzC+9t z1ChOLC#|l8#u&QIzT8U?fxQVk%543{S?(RU0tMbDek-4oXu|+S2%!kaw1|<3Nd?!; zYQ}POE+0JLHvI{VV zDddO##CEFeF{tyQty>)s)@d-QH_!!M_9w&BrS%&17g?gu#xVYWAJ ze=-P;%VQ%^{@$&#Ay#t_iw`bFoP{i-G$dc_LP6iw($fSi1Z-a#&m8;6AWcId`~0r{ zjW*(6`gX!;iHK8hkr7kv;C!f54uZ6aGS2GCms!M_MT{)rqQ43)$7S7jdjc)*JSzG( z30yhz=1Q{O8qt#4q+Ca%Ok01Y)=oo}Z4ToS7ccAWo^pGiTx^#nXZsmM@^_wwMScQ-UAIx4g z;yH;DgUkTv9ii8lF|{fAdn`pU1aQ;H{t^&tLDe2fF}l82W&T&hP%Ir?M0cF2HcI8s zrO6POgBGNLV-qE~F3cDlzBSOkH2kF?PJJ&Kd=yba$}N_~JFA}rlz!M7)9mxAnfF%G zXz9hP8FIRqa=NluQ~R>%buGUhwL7sZP(O|G zSxzW{^nl=)Q&h@$glXbt&qN|*y4@xpQfIo>K3&k*pqEx~sKDpyRYe2(kw4TRL$$Y4 z_!QlunuHH0*WToooo(!FmEq1WD9~_sf0oY>&220?00Nru-xPQup@g~5^0=YFx|xb) zZn;wc)5TJg$Ds-jrl+UX9uplhM#b;iCZ-%|g!}nTw+b!q;c2t)$xl9dVSdu}y&)6(bj#{<<6V-wAC*qPm1GL>h2IBm zbhY-M#tbg$DnhYMx9BkWjtDHUSXdv{tB{ywE`9V6x=fU_^^>q)U0o;^lZh#ZwkTd2*sV_qEM42o^UHI4n_fTqJbd zGk(8$j#KZIZjU4?0WV-DNh8nHCUGvR&AlRAle)$d+2*C_g`eGXed~C6C61Wx!=f`${Hzt`GP`c5j zkb(F3qj{^j%KlbNIR8uSfjf{^HY-TgWL29%S^IwW=q0=TyQ#2i>)C%_2!HV*|1zoV z7kxNBUXm%P*5i3x*KnQ3MR?bOP#BBVfR`I3ER?D-iJJT8j(%zJ$e{z5g2hhoSZ-3E zJ^NPk)D}q!O?E?jc5zGb#WK_{m=6X0-jAp#1VIM=el*8#1g^)gq|4j6sTyR*;EUns6 z1X|74L@w^LclIK-$-NLS3kxA?4MUCVmHAJeJXu%4HYWLy>UaNDfKhrZ{qLu{<)x){ zG$zt$g1Naj&!y<^l(Q?W0DyY>+I{gdkNNDvgYk)piAOo5q<&J!q~g5qp}ENMip7a{ z8om+{L3geU*g0Hz#kwnM{|3-%YrzN&P~IbzmDBP2gw3iMtJ_{rK$ZVtI$U1}=Jk&& z#Uj%@A2vGqoTbhWY0VBAuh;gr7tL!?Bn;4_2Koku!n^`yYoA!)Is=o@K_|6q+ z-s=8^46c6s<*6LATG*=RC!ufII}lFg*(jl(+8!>QZDpuXBRIG^I5<@O`i_wUnZC^m zhwL5Ay&Q2Q3{x_(6?!;;n)r?n8~rJgC|%-OvR2ZlSl zoKiLfd>vIby1z5$og0S^TEzdG@vgrc^XEKxzG(&R-F_AP$*X&ylmDOuPI1pD1x=(p-OG}(jN?TBkAk4~yP4|*S~T{_7>!TAEo5VM!s{K){Joz*r}y;P zv%XaqLGB9&{Wh5Qv|O>M8YTO+MY}HMp>#wN-lLm())FH$!noa7I=qLrylJez-`J#p zmPddI+E_a~vBg~3ix=FwxaD**^wns3iYu@Q&n2baySIgq`N}S(Uu*5(yfwx=M*NOmf$Au$Dk4EHM z=;X+~<+;BMIy>wgI!DEq_zB_#PTCD{up`@Mx_WxX=ImfP4GrSM61q|sS47+?81>DS z!!3k|=qDhoamYx-;3Dnx+W~F8dfe&{a^~7%SipJ{JaSrR)JM7C5|-K}eFen$4Y9nf z+=qGU%rbfNsDi(>jKRpym+;tElu&v<{PAhx7m?;+emA7pJrKXfw@uZ-^~d+`T64pY zA7F^=WS0>#t{~f0o?G7Ta@atz?Af!?tXN+MYH!w&h57l{h;n@Ru4L{PA5=h~1#CtK zCE|IKK8mJo^dtD%&eppz=mcr9G9q$g-=6H|1MXx{p+*59M8IJh>CQ6J-h#Oo+1w{| zirJ{E_`Ay=a6JRO#X-p=4jxYoLePPcSW`TLHE3}Bb}*{E`%H$}XaUZ(urzZzeXOjQ zG8z#-k+*Bz@*nat!0>eRj~O2Tm|F!E!A?M_?=QS!RoI{2G+B_B_ZoFaeK~O!05Dtw z6$FSN+e^j#V3Qf{=>}jyl2b4i}IWj-|b}sC-#i#y!w5M+1;W=Y(?9;jW=IIZC zNB=?fhkxeB4!ec@@u?8H@%LfY-I0C@^ER4D9TUA)4aT;W+O7PI|C zjks@d?#^3Al`a#;=p1X(wr$_8Zew%5dUAX5*-nuYv6_x0=Q9G!(Ik?|Q)pP&r?Igxn5caQvh)glJn<&MO;hvwHE};6 zdPzdxZFDoBj?*7HO8d2x~ zg~6YK7#+c=1y%CtINiE0#qXauZN{^prXuWBd@m-PZcxb%f^h_^;9aiGCJ`-Z1Ti!z zBZ_(doE(W1uLUEt5NmPJt0Q<1`j2)P=9paSz|e@)3}-Lssg2r-NWYH!v$C9l%9Qvj z;BORpEnkL_{|2yf2tNQWmd@*TK`@Sv>7DNlSX+wrIDo}Xw5#MlL*W3QhOJ;TXo?w= zCl1hIZIF_f7$a;1vhwoO4Gp=DA3r{b2ZjM1k!uPGsf=Egmfc)hPE!SF2dQ12K+j0x z{7+19iE~8~{AqxrkT+ zl^yXv09;mdYO#2d(4QeJx-PeO0!~a&q5`r@J@+%yW!ABepUP`z)g}Y5{<8zpcbQzp^jh2S}KS#Y><3~&o(uA2it>sVV ztY{@eLEQTP7AZtU{|%)nLphj)s8y2o4Uhh2702^#N0%z1T>XoDbi&{#Lv!HMTW3xg z8LdXcMX>9+BY0wmQp4bwmdu|lZBBz<{6*U?g9-=OchMXNYBq5DlAYOH>A(y4oQI%3ih1v!x^D8S_=R8bL}5g>@TX z^=jy<39?6BNHj|1V8I$o$8sj)%YSQm&&5^f%g91eQSr|=P6rd9%thngVbZTIg@e}e z3DVkE$fpI69g1BHaknr`ZAhpztUn?<0taLjH&r~NIV2y z#=H$TKm_pD42*1u_z1b#ZJ4TBA9y8sx2EL`#?3IVUtbQ-7DE2Pg-kT!D8Qpltw2pv z2Xx(+hy_o4QgCpv3>vE+Jb!)%;A~;982Gj!*60DuTv0k1@Y9a@~R|acbsGQ zEEYggwuzAxt7_D!ghYT8cIj=^tJoM%B^r@ejvjE#4j;f;z)( zG&Am>{TRW~ot>-U4kGP3qC)^20+9e-#+xMP9p-azph*}R#-g~2dgXZ8*4X`?{XAZn z0J-6Ux#VyQXad9qj6Gs9GBLe3vEDlSwt{)Plc=Lm38H%z-no+Ko-n9J6Cq~#Y|B2b1K#C@FB?&H5=Id#t2$V`#G?(i66!t7 z$K;3!>c{{;pfa4lpKu+Mjf=}2O&bl4NnDaay-z_>S@>-IPd`hz=Zh{m_Iett@)M|o zc*`^?iE&>1vKtg7vqVpzx_S@;qnY!NYAWH`|A7l4)iY+Y0w%jCh4TNvpUbhnaIMrzH8eQ!TeM?h6 z-n6Vf`bChJr;A>S5$Xj>N<95G_bTk*l>po!FJVbSgj)hZ^a(z=vyti|{9^rlo!MeH zuD>9##{^&k2oUJ>gHotV@W?vmPo`17fW(Jo@x2QhP7wx-t}x#v@|bUXc{HKn;X9kU zn)`2h___$X5%5!_;TlG~AwahzN^aOM+*@wK>L6xILJ+O5Qg*w#XhVCg-(~NfJ?23B z0m#tfSyO|~2Jg19Z23}W%to&QhQiU_MQuC;d`{~;nybRF5uzEi~-!c$e zfhrPL%M<6CU0Cxt=hgwZda%RtT~mCn{+_e?TzJKMH*v$94reEmbzl#zN{xdygK}x@ zF!2MySA-qnrLIF%WG7$6C|grYONcrOJ;%jA_KO(8R^yyzoIecO9$`7>uivyOFQax{ zGDrDc29sy7CR9P|k_L7$w(>#TUK`E&0qhVeS8|j6A_tvXK4`8Gmi{xvI(<4x&l{S< za3CZkuSbC@@4g0fz|V$9?j5=bcM-fyyRpZ%t^DAr$LbvhZ_mwK%cmw zzmbgT;n@Ha&ft|&n`RzJ%9(i$iakTlaTU-R%X!gIVb>z0Jowmwc7Z3aEvoV2eBpTV zd+f|#Ql@}%_pD+y0eRsbXn{}R_Us}i~ArK*uOG&0x<1rS^+BZ5z?SxzgGr5bL8HHCm3@Rzt9(d|Lnu| z5Y4+|?j(=Z<(w9A6}I2 zKV#gn?l~o0{NE=*!zFmj56Vpf@4;_u=jCxji?~94CSX$pjesytYsg=8);RN>ozZXhq5!7soYMJGegEh1)Y0e{O7+|LktV=9a>MAb-W6W$~ro0(~c}mO$n?B%byX( z>wqGv2G5Yi+8welV&VsCHW5gJj5_MUjX(bhBN3v*C)S^vjuu<)rdV3I{5zlj6nuJq z(oRG3xR7d4k5h?3 zyJ+fG3gd-X>Vk-Pby5^zKYSvm6YkGXt=%-M%P9%{FQiP%gUOmAndIQ;eS)MGcN!d= zI7tzJK{Aj8xW)U`rhUVHxtLg^8tQ}@et`q&SyRSezM@X}%JFa0Fe!<10z?~~s zwSdK9`8t$?kU2oog106kj@#4EF4BRHN6Iu3GKPP>u45eHf4*Ga-2JQmvVh~q%1tB- zj4T6mE7kwGVD7#=&P8;LPjeP0KWZ1>lV{?V-MS)E*$zRqq+uZypdK}JI>grz$1&-Q z%FFr4a>fNzh*sx(<}pw%aG?beUKOY~AemULkfRI}=)17;!LXeGx}ZAxjK2e_Ri*$BDIm5 z!ic5Up+kqrZ$hs`^so?JS%T+FIvD(J*c~x$mSbxo2&gk~H37(y0Sb|E8%9g@r|s_6 z#!496dOD&WKT%GI-sJU=DtNE!2o-LX4n=ohumS$S$(7*y5Ec34j9zgwv)X2KPzB{P zOvJ%~&=%m{1Hz{U9I%L&>1pVy3`gts4XabHU64gTg;GfIeA%c7?qZiq8>zsO@g3RG zoz~%BNa!Naz9N^y7gz=OAjDe$SK$^v8h(@YN^Fwz0=!X`FhwF3KLm9JTZ}?%km3A` zZHWV!*dh?MM0;V8i+ZO>@$w5$V!*f~?G-WagOEYx@I~}ue4sAiv-Cc7&NzDA23A0X zMTriH8rA}B$r+?>hBZCuTYv-*=N*?@u~-1#%<(vp+aiE&5aqkp+)rX3f;ETEH^oXV zjPKI%?|*!hqD!f^pE|T9r$2L%t>Q8aM3wPEh+8u8?fajq7Hgi!rt^;g*J2|}I(5Gn zsi@J*q`x3ySwaHGARYFSq1&?QyB{}0>WeC!9oCKnVjn2)yKfxe{Sl)6m;qgg-H0pf zt~)i)U+8i~FfGcjC_>*x_O5e}$(88r8^k0UtCiS68jZ}6myRPn65eCP`2VAiDBN{5GK8crN2)J=+#I6}#I(m7WHP?yVG#XyS z@G5u*T~5Z3X%L>p)h{4Qhoj4P$7y^&3p@rGS~o^ld0V`tqNmy&@74 z%tXTjF4cL*!8aW&alpuj4w~g9xcn&g%vM%&^+x+ZFK9l=6+l* znHzYa!L*?IxM)#x=!DU!l+Q8NlAW_HUp#F}2Hn;aRak#7XW{Gf2oaNRnp>}{yG1fC zUu;ZoneRi}F=m0b_rvLdW9i>ig#;4470TG?nETrnH_&Ycmx&#fB&K&oM-X!&5ew= z=#t&a+vjZM%x+{(v*&StkkEMR>6htc`O)C<0d=D}3Txd+;A6#%JF%)uvi;ua)~ctR z&iNFv9*<~oimtS6wd}j(e!4IFRo1Q;qwnh6=%TW%4qlBnb#U}NVsj?s=_U8eV((rA zukgR4RkJxV+v1baBz5$LU6)mV%2zs*-b#!9{r49G7RpOaty?80_T@T0yujzMe0`!l zU5S>LEA3KX!=Bggu2GCE6uIwyjOgyeek{Zsj1RlDC@Tx-#PNq&u@jrCut9!kj z(_Ku|of=$kD=pm3EnAqRd1|F(>^5AH#U|A16D=?Pb<{<8?HiVEGy2mz?E{-=;{Li!Z+{C(^_8Ns- zviXAC%r=u5G1aY1H?`#2QkrNoiUqo8jUVYX9H|+f3}%^m`h=HOhduV|L#q;=yoXBM zRpM*BRKqU`KRA5PO|4bDpI4|bdH84NqP2Tlgs*;k^mz7`EWRWwfZq$r65IyXa<%X-$Kbt%t{62Ra|3tXIM5GsqTm_X{Eia#!$#&WqDAr zee#ier!vpdiksQ`=Wp!Zyb-IS{7w0j!f6-foD(*;i`Dg^%~*ptzZEqH&#JF`0{UA= z$DNH{&~Y5QDD2x@rzzXDCgXNnJ&BFh z0(TlNHT8Qf{2mDJ6rwrZd;gkN@=s1?ctXr(S}r|q;W)ZN+`%1}J( zpITg@d?0m1k%Kx>X6x1rqBsdFp?%H#n*=&9QK+89d&-sW$>wed44mVP+UioL98=3@Bev6O zCg=N$#Q9kL-={p!8ji;cr%d#&)p^5sU}wihMH5Nd4mHo#fpHsQ_n56rbuG*s@h99F zOjQCZJmMbZJo5IVBHmJ{Cr1@w7ZEjy$!(io<-Xbj_W$Q=GXKiHG+MpoM*Fw3nyN!D zUU8Kg4DuEWT2sQ>Emn5PJvOhF5%z7$jd>($CrJC(S~(-TXq)VAYpNvf3mP^XiX(3s zJqXyiP2N~)!dp^jM|xb$o^Nv{oo1rEdePR!MUloB;$6TLhg71dBJcd@mpm83sHf}v z(ylG#L6vp0N}rEI@vD=jZK>_zn|hll0~NihTFdWn$|Tmm;g_Z;=hyYw%7%S1CRG#U8MCi-q%rC%>%+p5xDJ|$l7HpnaGlA8B3EeP7e(F4S#9TcZ+ zui5gnM}DoHzY|SOL+RoZZ%G_?WKX80EJds+wst=?W!?4nyopLds<@{8kZ5)at)lzQ zzEwU?_H$6bEx$(_8$h2Sd(`H6iEU|nxm?XgxtaQir<3Z`7M?U>=>ykgPQ@4q3NjmJ z)jg7IYd+lec~mCjZq7L0aI$D|NsQO!$4sZ^-QB1%7a|iT8L2F5!>b`qP~%A~>4^vr z-?E}Zh8qZ=WBB}o>+jRSpnvcVF0=Fks-5;P#b_9L9j?iLqc7+8pV8hq6T#9}+Y(-+ zvD>XLD5C3*#v{Qf?jKhAg|D-IH>W&`;%=cRvnI3d*w<@C&1m$vl5y2%UB7 z@2}_e)g84Jy4X>AmtIQZwt=Y>ZMd4}tsbi*-+oW?^cG*Nx_xZMU!c5-e_57YTB845 z`Y*ZkRl0OSBLm`&RT@KX*(tAOxb@OLvC~DVQROV`5L$ak&#ShRjpFAx;BH+jUGgA0 z)&6m%;~#zh?LwOtw5cVU`>AsIc&Ya(?h8m};QyM$7;sycy}^GorOPIF|JvkKn{g%C z6)(f*k*onT1ATSgoTKM-&2Gf%8+Dh5+Z4lG@Lth0iIu2kY3~#76waRMSUccgx;3(W zG2-V#>kS*T&9)U7>(Prh3}|28pS8-Gm-%;*hKSyBH+OqVL&}85a)i(^$7t;~9sVov z+t1zD@4({qz~bW_R^^=cA0-1V0y%t5&U6h18Ew|H_HJ4wtQYe&y!e@Z%L&=8ew2Z= zfKxG8h{QD65)=rMO^u2Q024i$LRe9zVN45PWUGu4rf6sYs{G1uN;KH~;{hSJ<$KU0 zK{nfO(q~x&cb@1MldW{GEn_ci)3NNVi|6F76Ed4gU1iwzezthUSt;Dh=#>`tR2Eb2 zl(?{3pNx$4YuZcAyE}>_eJS{rw zTY%Qu0vwsA;NwJG<+j!;;n72JXSo^G^Zay&&i5bWnt9$O2K-TM=5Aex`DE?oK+W6r$YRe2_eqIH z|C`jA{gaP|(+<38EWbIwDkiyej%RjhZmRo6imj2aAH&wv?E%4!+A;NtqHceC&L-XW2x`|eJD7#Z_6p4%WOHTmfStA z-8aA4C*}H;`rY%uN3!}O{o&&GN*!jGmZp@|b-%c$B-bC8oB3lie}6nlu3tk^J~MaM zb@sxR@42uDpnBTvc#_!{c9^a0aibC`&6aFY=hdFncRmpMP@ho{qkEKll#9b%j#tiU zBq=`AdEGC5neVdtr;g4!%DlMq zcl~#RjDXDpt!O3yI5-VLBun{k28M}NAZQOiPJekw?*}hX})&5ESIhUm;5J(@T@bI^1{c@iHORK=yOE%UHP_6 zNmp1SdRnAG@>}ee?29Eil{d9$kFYDBy)Bh&tJuhLgdeGjDPg{5C+XFw*9v=3H~&0I z?F$4SdMBhBaj}vcF!lpUnh5_Tiv>*7}b8{;|5`)6V$gR z_89!VSzauYd}J5(#$+X-Hnq!@T=UD)>FrcRv`$&QW_j{N>we1jR<#*>r>!(nKW*t92kC~I zPcm_j3hQH_>b1>nVaE-TBU>aE7KWt1PnvI-lXrRC_hr{?c7}EACW?Mx_Ci3Y)Y*Xc zEGobL&D;BG!}(?%4|0^NaE5P4P7`-kr1XZ^Me5J-u1I3ML1;DvhJ`$WUU>Yqz0?l8=&n1pyo*(@F-0S@Pm(oo zwz$o@C4M9-{TlPQN3g%WqwHnVHnl`;qi$I?F|)+GJ>A{?s}A(899~>mnyA#-%s94%{5f@U&r9zc z`@gtFe6aTZG~dl?Q#@!r{4lqpw(f~ey|^CTm^Eusgm?EHZ<*&GM+I_ObnJ4!<%(Bb zQXP5C^Ri+G^W%E|gEF}RtRi7U(V{n9t@$JvC`!NNo;TY+ijfV-lT(;UQ;*${U3p*E zdi@P=ouO+p{*mbewv>Y=9Ew2|tr(>i`TX@BeMVV6@s~B}PvrEAjjNphCpMGe5Mb?d z^y&Gjt-gsjn{S-%DNkp6l=GH%UxI^KHVRXXO%4{XpWmS4tk-14_i(p?&94vYfvN4@ zgSwaM7osJ3wmXP8)O^Wf^3UQwT|5}0DK$l9$h}tNi@cmYeG6@a+MuA+atiDB;3VcQ z#&Y&#)|L0=l9w}zFYT2UaHtfc`J?W)Ng?ay@!XJa@3T^AZzzPe*sS+cPaoLkcz}m< z@D}$Taph2^E)I(QUOdqj5UZ&SB9%9M03y$g{0+ zA#a>JLdIvjJ;bJJujg57LvGoN0z495G{5qhUF)Q*ST{{&hKYZ4yQQMIXRulDo#g3z zK~~F&N^EY_Yj5-G%;h^48V|j%x4Ip->HHQp$zCa@BMsT?Zo|BZTdMatMA&_@+Ix_` za(YOWgHNGjTd`Mewy54!`V9Wfl)(a}$4~o0x5N*~WM|1{-+%mu?L?-fEbppcqHW9_ zT_+WFPG3IH(|#o0T_ZNMK5*`I>4W0~jvfBF1))l@N5reG`j)4c2Ds&)@0xLTzZJbO ze#J9kBq7aM_S%)KIY-&f#jhUkGystPW$n%Wj~(QCwMYDUp<~G%YPUZjH0d$!85Tbi z*cCieqQAXxlDxK&s(#f@VZQOx(=v?K@#B<8RF^+h9w>HTHCxFMN) z6J)&-u0(Wq3Y*5zRh9zfaWBn)dJ~HHMB6M>kVxUlRuY zpIV*aQ!Ns=zlCgkkA~GBGY;TcgWtbrcP=U#nWgHN)|L;)B|ovr_Aedombu{`D>cV= z_C-(jRjY+W0B&&XC;Tts>I;HhEhI&kKBhej?VJBZcgO1Si@HAhtgCjza_53({Z|y9 zCmUSPvFB~1G0PszSBiX|yEo3usXZxyPFCOlQg&J5Jhv5h@B+;=E1kVQ^(AAeLIpn? zgL?7p`YjszR8Q0VX|9$?O6}NIAj2gK{B=Y2y^0m6? zxaJb2<_r2msx_IC8H^SMtzS+WP>Wi5(W*^0{@^VWUA6ClP}RW5+T+eceP$ax#X=I^ z^L{W`aL*9mEbFS3zGAD!{>ow1v3*x$m^Sx$_aq5(So*Oh)pu*&-f2^C%yv=s27fT? zNN`q?njc@E@wC;^t&Jy#%t{XG%XZP1H}IKGQMzXX7@D}JpJk8iHcic{Ej-*rFB0xy zp2ZbMF`BcnsuepCYOu5FBtH@HBa8*1CSajULy>`L>`qXnh`W?0o6##f{wI5+9B#)c zNqnhu!WfxooTrOedx4`FM;j zt$xmS3PM-UAI}*6%_~GxudXA3)2^GRt0?S-Hus)bcg5QzxPct#oz>2C@)h$H zWyOFX~BNp{~IaljZiIG>f$3SS-j^s0nBLv)x*Z;`CDmOn)gOg1~m`F$M&Qf57@lb90*=lt=Sh^#lrF0UhjBb z%+Ygd?B*iNM>%ep^=Q3474S7;SV=h9U6R&r#ItTBw$!0xWw%=9PZ?p24Q(AVAx6JC zJOZXhEYu=bPkPyX5N`PSjoZ)hZrGZ-Iuzm#F+pzZZnYB zPp?gx&`(!6_%bJ3mo9?m`-VGdlIteEg0>aDX&)!yr%Zz6wGJFGg}pbfaL$hJG>VPU z?6y{tg2dJz+_&$Ixp^lMq;Z_7JGi*vku7`=A3t=w=eaec+q6-7J@tufnbsT~R3}68 zHS3b&951}h(mJU3x^_WcC-1R7b&HydRgHW>g#jP~#JvW=jKLfXviBw3!S>2?J_GNw z=fY)qC3TM8kzT(__t_JBRqKpPaTRfPK3sI1)@Hs+$_|#aTXU1z4{df#T`jD&B{utz z=eGS#`P>DI5pbs~eZm@lYJh*3?!A7sXZLyQZM@c%aamXRlXt78z8T+RvE_?+g`5?~ z%z|%HMBk7>ru|#Z1AA%sBBww4U)uY>QS2V-wH#@7j^}%8Ill)og?t}sVByZN2^6o5 zRAO*fWntuyHh9!Zml)qabHrV-(bC9J1`PHx#?2)X3(2E%SUrEorD4u<1& zO<$?wWa6b|g7u3}xwj;Tm%S9TyVvnF=8gM~hHvsrhH`4%M&E^Ft0KgHR%Zx&p&q8v zoVvE-QQRI~@vdFt#_e-ruC;|s6Kt*AR(>)Ge**a(tr=I8n*HP&7Y$ttr5qnwR8v77A>i%xvO^2s<_=U7TP3~QJXf&jkiW(G^nP4 zA03*%t3Wi~SQr*i(vjf4<`je#szn^sZ`qMR(RN*@RlWeW{!f2+#Y`x|PN>g9cI4aEB)fW|+gKxk{fQa=>>!G}^2)0?uVm}*-ALuB+s zO-{G8Wl&gxLt;^pzNc>eLe5Ay`-G^h@<+NTpSJJ0yI#}k5W9_^uxIvZ z-kgo$_EkqqQ?16#HoVuHUTy8g6)}Fb&$Dry%DAOZc_XXEwEug`(b@>RhiaZ$uX}FR zhc{GM-3hY4Te9=v33#af*>-U4|6-wca8T*8N7gpn{^_L4;wX|QUeP{3FeD!FK!3m> zw&PV@?{T`$-pLZh=3+@rS=C#s?Q0AQ8k`!%>5V2?mi7^P_~#H&P5Nc1;zMAr(SKD6 zp<-uWFj=Y}-5GG!b4l=Z-ycAJXlp^X2Hqy5%q5z#9zPsVZi zr5F2dT6qSPa9i?=xw|hijz1Hj-Kxj4ztQ6ick-KT&)ZKR!1EE&jjo6Oq4XN^Dq>$@lOkwbAukP3~zDdrDI~tJ!qt6T&MG zf1}Fj4HQb)rZ6b@-CB_LsQcTXem;y!H^SP3!~d5M59flU`K1)er`v9Bicfx>!{0HK z_~3?h@z$|dBC{vd1_O1khe!(69(nAly6F_hfOo9CC4*N=<6LU?fGka8gjkE3f`@9( zI<>wOil^4r`a@rnc|5aLG3)uu=l)TcS#NdAN4(Wc@7a01qD&!KA$#$K@XX~kMP*T5 zXSyG-)5(md8OVhh1&<%=Hjr^(R(RZEFV;596*+x{^*`^fI5hJ{=AYEB^JKWr9oTw7 zTu+{2q{kXEBQK}oro?8%ZTpbh?D~@{Y691|8G?rugID#{_34^uXE+{ENIbFZIW<_l zswVz`PvwrE2S3h&`%Ksh2y7t%0jfc&--Z&Rcj+z^Nbai&7H_CaJMs1U*KIo7*4#Hb zG+&QcAN1n9yH5Xdo8HlK`i|_ComSMMDK8&f+W|yJA>vA3m0#}aZ6<>ERFs6$WuiZX zt=UjC$SL(yjHx!ne-Vqp->*E{0UtauJ26x#u zVOw3btwIiJ4bLOvDd)s(?2>nDO`T+HO8mX3!0#7LEh10W*VAV-U0B++#q(phqQab) zd#f^oK}5@0UACm!@h%G+?W~25pGFytH}{@+D1=c$;$~TWSISJbO8c9A1#$=cHd0xv z?2oSG=xa!K$ext`*9l_lnqlhw`!HL9V8J**1qA=Z3_J;^Qe^93$bT{F{QZ+iMyNIpvFOQuXEC z1ZWS)YiPOL?;Xp$cQ4Av36kxG_;W>uxaw>zb+Q$21~=3(wn@_%sT&uKm*lcKInGlzQ-T;)1>0TkEm7WZ0Xdmqx)QU8*~4d^mz5cdF*`oy@$@-Y zsV{avJRzGm*)M(NVfrCjge*A~$~66n%=>M&c#ZqH z-y0?I?}r4wZ_BW_+u?aQ@l^C0j?uL#$yLlYQ@&arQjh~^U84voIVlNB6IDlFuuGDUebHB)_7yR5;x+v$ z$aWz{{|}dSO=uDwy9x8V@zZh|xt410?EA0u4L;X(5?t8t*mgbEiSzdcIE5We5P#ax zQ9qTP;KpH|tH}Mq;E_|J-HO_>iTeJCtO7kRHqVvKvA*}eUvjH3?JcPfmN@l|jfd`@ z+VBZgPrIq1qt_eW3=D>GHx!M1x{>(dTDd^5?t)Z>LGR?0<2LR`JWgKv39lNnFIiP` zC9hR|7t!y2xU+HQn}25DhI#KVzua;M4 zw_M}qmVKo!!Q4>y=bXZGgRYUd`SqXVL%+!IO_K&{P z2teYprEbebF+0_8B{l1+jZS}Ol~?aIvsPFSlNYO!c>Sku)r+?_e*5NEl5WQF+`xS~ zP+qckFvYR8F6of4$&Q?sbXJLlP3pH)i$&6kSE}d*t!>wMO7Tp|iK`N=J`{`K&Yuh4 zZ*)C1{C0D=Qk$XYi=BKjm-9!4XyP5~9jT)K?Am)+&EsI_S=YfNhLi2Ajn;2Z$aMwV zMdHNM9MIEhvK|!E9A@xhqd;HH8E11l+>zWj1uYTmWh zn^c5T4^i~*ugj9AaVvOW`7vs&!6UlY^6#{Gpw;8Z_N2sQUXG9Vi`?4Wmx~2i??x0- zcg?;DudrNovX9s7)2MM@{M~g&HvICZbh%OLIVruN@v|St;{`o7rfkpdUw$(nU##(? zxp!|iwQ9zYjBHh=PxbeN}k{0-#EqA1=MH!`KH zx!Z0W&!NSUur>a~R+$v5)5+N{1sj__TYKejO^eTFt#iDaxW=ATzhFP;RPuXGg7otR zyhsKr(4FbQj4r*f19qF&;QWPBat$hB!tq8TR4{zd%n=X1+vQt$q0AR}{`?Cbghb*q z3GD+V4o&?|q)QRs6ZAa9auGX`gd)!*VIE83lSm(o!2of4B@7{uxMH>*2K(9GF6sWg zdjgQcLJv7LKYtxcLQ@LFWSd+81Cl6}pjNBBv6&5GQ?QNRdyM4~=eM}H zjZljffvol$ghVP|45dhj-zq97yZA7T`9`@j2F@~cLD1GRQNjEu00ufbMrS&F^B4Lc z62mphfS461LIVLw<99j3nv7_lplk28b}HInDAcxz3ci$W$Zmo?G&NG7ap0*ywy`kz z@djZrg2u09mIRv;m}L-JCFXF*EBg#W718A&<-ynApXPiw=k|~2>P8SjOXB0%*{R{R ze7eGe14>x(-x0$bi0KkV#`+f@9Eqm^sgbG*B;i1GE@_>=U=flI);X0gl%E#pBRhQ8 z7M$HZkwx+j(CffH1&wnxIFck5NAlET7W8-au7jkGuke^x0lGlcK@c7hn*+ngj@w4Ofug~6_%JxYuuz_cp&86i zdqsXW@VqltUc?GU7JI-CcRaIc{L7g4WxNSR7%wTzPX71-W~~R=ERgr$T@#Nj62d`T zpde8~n3&*F9mXcaHi~RGFx(OG%w||(6LFLyMdSs%N{A8(*1km9`XR;QCM($CK|Q9P zte84j71TTGfL}}`95}Uq;u{nD5wc|idCwE&(^^O>$nt>%kFWwEH>>y5pinH}*M=x{O|-1M-^L?ee-5EtQe?aqh&9GGY`?hy|)^WJG~~V z>zW!h1gw$xv^c3VWQ0q6)WGl^E?Y8>P@k-!ubQaW%Uu4>MSXz6+M&-=nX}5WxhY6V z**|wFG0x0t)orbAN(n37%Y%%ZCLKM6C_!pKLntub>#y>y73l>Av_UJ zlKku+E>BLt^d&u@!fl` z#SeS$a#6ubh)9%)`V(uv3T)QZj4k^{Mg{|*PvujN|C8}6ZFJlpUJ`>3AN)V2t~(s- z|9cyuL`V_}X~;@ZWRqDc*|N)C5!tha5Dg=HhU{JTOnC56**iVL?x_U5*4e=+aOKb0DsSnzX!yKq##&>@fR78>5l^KM<|iuue#y#L?>JhScj5_ zi0v4;)V~Jmyl{#`fZaO^t*eXb5^P3Fr-B0Bz54;nSZIziBWVU=EwBi{gtQCL6$8Q> zA|j*Lkkx$cI=DPY>MRJUzjK&pgyv8^Ff1?sp@#(ll+vNK?F$lgiLo6ydLrQX0nV!J za)P8JB-7jU=|PX{eaDcwJ!l;+Oz!XRqkICojz}8!UL+q0q^IB0`4C=uP3oJUg9Vq( zn@L4jY)1Ohz@_#82UQp*`25lDDbuV zeBfGxXvjIR%tTVNV441Ur6bosqJS3+IQlgMNXvJ+MMXq(%oX#6(fSj5V9>;PSvWAAvhzF+6NEgR{ z>^!SWl_#%$TBazEa=Elk%?`gC<@<|>VP4TaIvLX)C$DaLB!NlYa`~lM1*ZXjy{Y-F`zw6{*(ip~ii*uK$FFt;28T((vnW-aD{4 z!q@TgLX?$0v0~x@Pn3K1NE=6E!^ny#3yMBS?TU5b;0^0Bx+letiTP1tRCIJ2k#lCl>R1 z2qfRBOu!E!H3R@;=%*lef{A$oY$#}fA042F(t=Ugkb;3K2{6fKo3is!$~ zE0+=Zlho+DOMI{Qrx=5lO_P(I^e&+g zrh^tSKp?;lz#Kem5Mn<88{CIR;b6Cnj2(paScz4Dz`tB~oR_*IJ}v|#wZPsx37!cO zC`V}kCPiqKLU;ULV=*N<49FZ2-69ZJc>-}1{Tv_^~!8x<_IkC$%Mn?2o?qd&^9Rmn$y2*01<;wtyVe{bl1OR9Wc9$5)OK-wEa6E zqhgkU`Ur_@0Lll1T4dQpj`V%d-YxK+Ve$L@Ml?9dBIjmk)gmYQ*PvoZfP64h3hpt% z-xDYcFD8M@wDj+j(n$tnjoc{+CkstG;lm;;^Z)AqN`b}PyP?{dE)Lby1Sk)Y(gOgA zCgEMk)UeNWi6IY=aoHr;^%O2th`VS4cn3?=A5;grA! z_BxTl8;HXowNKCtd8nfD#Ap)KtT$krFf8J*O zgu=nGEDcy^AotMaIRfAtEet|Fc#E`vnDUix48Y|*ez4tBO+bK50q0+UvI@HE|6;`8 zgTPwh8#qv}U%v)e|K`XY%`B}KfD06e11K$Knytk3p|{aLY(r7gc;&+2mCeVw*-xo> zLLNy3PHse!SOoED9Xws?nbPY`i0Uls^dcTOuF!o}_s2n4XYkvpjn*Uk##TR68X3n3 zVJ}kP?Gw?vO8U73%1ZKGm6vy7gZjhikI-a?_-}{bw^n)NkX)F4UNQ|(=vtk?|NLfl zH&ho0f1POzoV&KE#7v!}lI>ejeRsvA^YL&;!F6W&v<#`f_fxF4$t`^BE-_UFRmWH5 zG}R4nkc3s9tutNEZ_3vOoCxwU_o4C8CjS>sf37{@YuhU_e}pz15tr@P+i{x%~~i? zI$wN;G+Te1x55WT(PZ8t$d+dibKy#x&{dnR590FmJT)Ckz{n)8BgjIbj)%wNra zr&7YjVznW)Z3y8acWWwWD#AkP_SPp7Et|lw&JT9Srd&X1eb0H&u}5!eq*?-wNoS@e zFKCst_-e-XtQev8zRPC`Z}G2ZI*8<8c6=MkMYwkPupWLp^GB5qBr8NYMQhvu(#vMj z(9Rz;M^NtqRBb??Kz<=vj|-GxkX(UlI1&m$Dh5JEutN?hunzh?R3MCvHpF1qf~cq*022 zm;%$iCs0SB!gJ&RKGYJ(Yb8QnCGZhhtf1}d>w_$JaRa)Gb&z?EW_AU@W+3P)-XVL6 zv=3lO7fB8v)m3QU9svagK>*YZZ6}Sf+3?2ElLfTXTj9!&Z0kT)W;&e;d4HmO2O|sQ z?F~MpPgM0%_;``T2kej{36Ou_O6ZQ%lR+7P59G^$K|le^oXN1*81I39yPyY=I}q+P zl4rYk6qeeO-E(2h4>{4mf-i`3)kA^=caX2{aj*|Nj>6=RC+8D#*7uN#Hy{f@4Zlew zZ`?i0NbrZE5F!Rl*jTS$|Ip+ODHV=|obl_STr^YJ{tI8b29_cnSA-xRoK)+|@F+4H zdxzW(ATpzG20~7+phtz4Qf>N+&Z|4iT@VwCjgdmqwFnFtK43zA&}i_Fj5PrlArcJ| zk%sN>_k~`79uYu*<;}Z9tccABvu^8c#pS3czh?p9J^}%z1{QX%^StIEqLZ-e_*@LUF;0`7JkJra&^FS@BKpf;SM_VQU zoCVCySr?F^_e85CDrJm9IwWwMDHUc;YnvZB4yd;P89}<8(gvw_p`rjhI6GjKo`PBQ zv)b#(F?N9#h1|?cq)duDkfG6Zl0XQO)M;LQYufLLvBe;r_i+>nFN*JP8pV2=gRUx+ zTcfxL139SE>_9t_W~-yy3I4Qt0z91kE0mh)UUHjMZ0@3==r#Ba||Owt$dATl;b%MTnty%P9{NCE|DP}*h> z<8D2>E&m%<Yu%r%ka^Z==(d=^43Uh`XQCG0kYyjVs zrA~PkBtQd^{Wc(5r-i{gS6EwHD0vC$FrPo3Q$gvTkP=jN%%x>h=DWa1eiW`O7|L;s zwGqZPr+VfBq9pJE;V)#0K3jpx1K8iKiv#^i_*85VU`!moM}&rsLUH_u1Z&Qa1w}8w z#yh^QAW09v>4%N3Cp3r=8|j}moHKqX^C_rqg~`>(ZO65dAIVXEU?IAwJy8|@PSIcm zBJ3vg;2c+PRp?(~tHcHaVlu3KNg~i!0D_E2We#a{6ZA}_PHmAQ<-a-zLIl_Tv)&$? zN%qaU@3zk~98P9)^A#ygt7amVnwwsp z*?(^j^nfDM>-`^)^Z@EY50Da2kWCIhth7K-ppC^Log;p@-G|~t(566N_+nX5RXaEX zA$tRY9`j_VeJEeh(}ekowTlm>-T6(A1fYQOX44)Ez#A!+tfrJsr$(pDMuOY{tj&zU zCv1SQ=~$MZk#ToAt9mldz3ISvbBqic>Tk<`0=F{=evI&Y`22$nnfD}@ObY5}VUd0= z2nY~HQ2w5Q)h8&zP5E=RJEWMPEpKdV>Fpw1Tvisf`#AUK%ncg~7V(&-f5^szSkwwz z1+oXfLO4M_90Jru$t02mAFD8?RoAp3UeLab*+7QAJ&)aqLA&vSkWi#9FQ~CL4W#Q4*VZIU4PSYiNW&xD0yUh)?suvJpN2NChcrbteD)gqE5?C?3)+mvxmUw6P(c ze~Nd6)XsEPaGXDH<9%$R^|;M?6!e_Y>V5t@&}nPB9}EE&rVt?1uXz_>5YuFPw9q&;SjAfvRx^D67BFLMoY`srfly=y)>MN>PG$#-yxSf2# zZ4ruwY4h+YY^Uxtup*INR*y^S^f?fjD|P>xlvHTb*QNfTfg?>KYfyR!y!NdYV5v- z>8*)^v!8$W9Rp36^X``f1vS~F=iD^Z)TW4hMQh@Fl6}u1ZwiJ6Q86umuP_Yy6c6Us zA9hM%re1m#WP6~+UizR!07+<7G11e@KTm1h>L$%il1{N@yKtejk(%;a;DoHz`_`Fd z02s59Q!x8lU^FPTmzBqzqM>=5Tn$!(;JNkq0@;o4_c3N5yA}5QhT@CVziNSuK~7*- zI(0moNJ;Zn)=Mg%z5y^}+UDJ6gtmu_DQK;bLlY5-96f^9-DFTZ0K%gom2{b%fmsoZAgGtX z5vOa=C$pp-+IANt7QwYT|4|Y76&~|1V)0Hqfj@3P$3a8#Xe@FPv2hDF_cS-}qY+}` z(<_6{Te?34T_YfB(OXu^bYOu6I1+YB!=JmF3=M4OEJmq`fP)6CE$O9{1C~P^;Uzd#Wsp z=!v4WY=V?D(_SPUv$FJkebcB9W9J9_Dkx~wjYft|?{MBN$;zTY_z(C{Z^1!07wBNz18esfL$C&sVgB`6Jt&{JJ9RW5v+G`7Yf2Q8(X%Y02Qmwg?371;KPZ!{KcZ`8n$a2Me?kFfuy9&0fCMa5Kd9<*WZ1DDy|WWs(mq$w zaeu^OZ|dK_*KqRwba&UmOa(fzFk^b1Rt-qqIM)CKmf)xv&-WE~=S0Gd%SeJoN*&9GJEW|oqiEEC5!8ZLL z!=7?*D^^RhsJv-@u2n>}sO3D}Bxp)D%3ba=OE^#>+p>t{hL{0307SN4K{=EFvZ| z5kl_1OoZBOGaPgoSKWP_!djk$_iJdZNpGams*g3V2XNkuRJK!=>$yyBd1m@N&6VZ> zdAZL%S&4fiU&hbYU!VJN>AxN~4bIu7uVqYcwNOZe&9*Qq91PXpOO_79GMwv{>&X-R z{iAi#g!GJ3WZ%GU$hSKteYuuxO)hu&O*Ir&D6PVH8tHG&4VKb^Ce7>pz%+MrH#z|VHlh|- zQg0IeEforlYJ4R4jFY=wxA+-IYBfD`{!w2>(2CYY2{te5`H|-x(;%!?SA3fA+YNs? zCIwST@nJJ;yoA#JeKY6Z?wnxb2eqZzuqu?O!bZW_p?{}I+)hB~0BIjNMoKFJu6dur zTCp;gUBg6d&h1C`cooU}nb^U~e*I8i-?MJ_iR5yzR7 z925BWl=N+|Kp`aTUdANU;5JZUldiYaeSr7Fu;M(&IOQOoX3T%V1wVy?{;lwa*ihiBPDl1;>J8n66N z%ri6z{W2L!ayDo^lz~x?ze{U=%O1H}?=LB#YCrY<2G^-+w6N*tw4s^#mR(4M0g zHAplNIXU_z>wm;_kd7NaS@P7iQCSxm-{h%>s$;GDX_SSLQk)FrNsiPEV@c)_S%i@- zFR)(mZIS{fPlo+skIc8|&ah7Riu56BLQT(5Hb#gp+7kW6@DzJ0kwnN49aN6(iR(tTW!4 zR?B`NgPd`xL^~Vl(?LfaX>|d#_)T_8kMKzf#iO5Zy#!AajHyfe8;9ZqBeG*b8J@(c zbtVBiGKm!(1&I9seq4m`*snpS_XHp{aEL<&hS07?Ge;;16%1dtN73DMG~@4oqZ@c2 z=)LM54n&NHiAxi2+sW6#3dn(r|7>rTjsAofLn~>H#e+E%Yp30FOZLM+|w*6E)fM$+W6MzZo-ljR|C>&(dkjP2FXR zjFrL&?s+EfYgdTX>|ic?q|Z<6E}&e0}}&zBMG95Rf9!rA`>Xf$5- zG(^QX6yoo(mU|L6gt;K`09K@65}<&V@oOZf!2~91GF1_uJ`rbjab}sr+J?E3l{yRC z1E&)FZy@AAt`>OVq(K!JV@bE*uJ29u$nYhlWr0%=4RuQ#M}<%ak%QE<`YJehnGy*k?e#$W9x$870A|A71u8;E{~y_D>}L<)3j;rhRoSJ>c4o z9$n24Gr?5++3yAPy8;FI1XELYWf`(KU3{Aa=+%b<87Eu#ywo|OWyL&X`pPRj+r9km zFMLop!A}JEk@&mir9Y&NPP{$d#=ny#7uKBdJs5h@5@Wjmvsm0WAo1tMv|kbVrSJD> zEpK1R+Qt2DHxp(FCu`^$ImDKr+#r<3cwLoFz@5^JhD?m|W%O9Hdh-dDt+*NCOym6l z)vBy_sBZ-XW48NM)Ax+RHjp6>2oJshngkkK!4%g8uEF<_QVKBl}t=_g9i(U_!>yko|Cw| z82N}@Af1z{~7e zaRq5l6y2}74FT0H!KxzX#nq@P`e)@;ofV$+<0QRhx{MHaVy3 zizCkqUNdlV&+{L4I_ALT_;(*!25Y7O8gaoG^E6aCQy@$Z6D_1X3vp+4rt3I-(|YKF zrXEjdHXd#|4d%;CN!Cu0Ue}VV=RB)t`_4S-a#qg{sEj*1Z@TeTZ1#zah1En{lH)kZ z1sOgInfw$Y?XR2v`L#{!A1?JY zeS8HNW&f=d)&D93FRgc1NX=PgNdNR&B?M4390=g*n1?e4GcpKXwU|ESh{Tyhogr*4 zs=c^fDMp$_6HBD{)^PPvVIA9mUxx3*+QS*h`xgmr{}%mvrU%-=prVHq%n;2$&z8mp zT02IdtB#CLKv*CtnoOCaRDtXaVX0`Il!C6_7#lXgJ3{mY zz(0s(@j5_3M&wBm)fBgVVcSQ*j#s#oy3gaNu2S<$vm|TEBE;M@>K**^1gNI~{|Gd_$Dm`=kRbIc#q51&BQ4|f6t!$$M0#x=_b07x%zd0*Q5@Ti zSeD#xK270;THGMZNdDnCkloI;B|b9L`uz>i38YJ3kRk+q=hq;rk^saQVD5j11|90a zLm%|m;&1Aaxy2K~pKZ)@$xQ`9xpo&@J;JtP;UXVqu!+6UoB zOnfaHo7VHl$aa)|?cegf@E>Ax4)I9W$WP0V^XFSkZ zs5u?svUO_0%yvtVJKayME&>yaXf-}(wdh8MwoK*A@qMXbqDCc&!OXFxdb+ySoP{Lc zyUo|2*(?XjnaD%|dU#2|J3ype7}3D=M4?8x`~B&*NPiWDhD57>hQB0>f%m#lI>`(a z4F+$JrG!`V>1&WqoDr*tf(yfB*6&)=uYp9|Nxp*xzFKom4yY=$;ixW{6 zBVRHTVBq-0T_T)cKc!qoilJZmX3Om>P@#>Q0}uw&y|22Cw{sJNE(fI*PG4RYoeW)w zM#7eOkuoxASXTsr(X82bQn}~P+5MVOdEVY>!CGW`Va^c~zP z+tkjc6If;3AX#-2#W!8JxOv@s-vg08A&RQ}l>CwZ^l0T#9Sevge!%hgFoHOIAX+-c z7&x~Zok(_S?bJt-=jNQTkU19P`43@iVpn2U;;btc7yRZ$SQ%`Y2Zn% zW+H>6E#;v!m?`ySN4Lg}sY`X5slt0HC@4Vgi3Hy@nx)7jLH7FTZ!0q(;-P>I#;;&y zr?5t5$Fp3Q{B`A=zwZkYe(&ZFrYEpS7qe1(G|=nw zhC)FgW7TFZ2-_GX&0m$?=bQd+tF?#!dTX4SwE~t>doi$G%3X?;Ihz(MH<_JHqnAHr zZMq?@_)1oSY{2aPrCYU`))uX6f=QJ{?2$5G7OAjTZzjJw;0Sy6|N5-~6CGDRMU!%A zm7VNM4Y#>Qv$!R}A)Nkq>a8SGA5l8~Xr_1scm4eo7nifqqDFP;uJ@(sa;;DFnSNsv zK1(OtNc`2cCsZuCQ~Pt`jq8jEy&Q-GC63bkN|esLko-GFBoB-RctD=*1ve87knRR1 zHXE3k9g)zQIhL$)!)d?Q?1PDX0N-Ci)~i>8jsN6=CkkMD^`w!<(N_w6D#G915fq*f zW4ZqfFmI z22wz*YMsu7PI3Nmij{)#DW5}T<;%-*Wl5lk4fB%M?Lm|><_>pW*|2r^F0cSG^|p95 zR2}$oAOL-6NdiL84cp;C(*tw&*I%4|rxzDVWEE!Z-2n;Jkw{V3g8QTrdogSTA5;H5 zAvB|lV*GH=+@WRs;{=HjI9cD0DvpOr2bDH}xkIOxgXYe!>zlT#FkbAQumGFge;df7 zDThXpH)WpJN#EG*ZPjV6feN# z*rZ9CY)u;*o)0?1rD@uopo5{rsOI zg=X1XJ>t29gJ=~VC~Uxag!zUbBCHZU$_m2&`zRKoZY?q24-Y3Dz&-cZh`!5gj6C|I z2Bx3P@ponmfH5nbr}UikcP+L0z{e6Y=xaP1A|gSpdWn^l75>nhk)A`;-Wk`2T4pojMF*g(yz)FtQaQKGuS@7Am;QdChr~jeAmxWcgnMtKUKyz zM48}r=yYetUK)M~kUBC}1zM|5p5_tCqic&JEH%Y<-vh&g@ulUQJ8&>R*3^L!UPqCI zs*8)ujTzw#4YTwmSt~55ZgNNBJBRH>*kd?16hiYb?M0cWWE|Pa0{6gnx$axtvXXX? z)G5#1j(p((GTOH_|H5b+_^Za`TD1VY_`26@d8yjH;`IW?!gsD^9M8DE9(jB_{cXsz#7oRMc zNnm4E_Nr{>*FAsU8jmU5&^A~paS(TCpX9*lRN-_|URnO|1~OVP*O?}Q-hKn{AKk}$ zsjEd+7PdK=?GTenuyIByd=@@l*Sn+jco_z4dW_F>baZe)W{qIYZZprN{Cc#~IWvCa zY$(u`U5|a#f8HsJTMqHAIDQ1^pJ6~*@$PYP+xbW&$5t}|bZo7hW|5JtcHC^$!mRPb zFQF=NORw2Of%&a+m&4X`RtNJ_V*gpsv^in<%;Ga$b;&VctPjin{9*m!iaV!~`~GzN z{xtqzWcl34d7GK-81z{HrrsbhdBq4N;4|0FdKP_%Q!Oy)!x-#!8O$?|1Ets=>{ueO z9uxeS$~FCsGEEMgLl+zK$lk+B#$5Y))3XCJH%>PgJLL@pUUNB1vUci>{?CE9gN^Eg zJzV+7T8=Z1rk*36*kY(&S#hy!>B6iT{F0t9@c7LR#rM5F>gd#`vGF(D3Al>92R0VB zbaqqjb^rA`BDut^DOI0^y`g?B<&C~0xBm!Huj$JX)gx?4Yu!Zm+_6p_QuL}GlDI0bZ$&mUGyy)byk@B~E zc9<}sMa}n&R^%PK-qZ4di9&xi+m43I(Wskx6a~{f`15tUIS_;?g|mLFlB0n z;+W@q(bZegm)079{Ay6OH&E@Vsoo6KPDH`k%30jbL7(_(k0XubI$!t<|8B$q-XOeY zniftGzW1lN6N6#8x2?5xD6qitM3>(xaaXTfRcpj;|4A#`GklSlCW_<0^y;>h~dC7&$&@^EU30xMitt_SYq>z#ny%>aA@yZEz+cG*3L_?^MD z-4*YBY($Ui4=(-uEatCRy&v(49JtO9uji$61(@~La^9_vyc}511&0ka|2!WWf#|J0 zU%`sUk#rt#I3m#BUlkcyq8xdMK9c~U!gsQ6r?EHm;bvm9k1#dyLn{lo^?BKY??iL>vamC~6 z8!!@V4|5-y)yHu9ZWoU1wvFg6(1&>Mj$@3NSI&@o#en}FiU%HBKMZz%;6u|yzce#9 z8(;rhw)bvi^PQfV!58B?E020X59zH&+ucT$7PGHky>`BNi;z4q$t0eQ*FLY@VrG#9 z2)p=au*=db7Tvg&n8~?cOf5&Y`D6CYb9cvB_Q&k+>pOO-f=I&GEz6rH$^`=!V` zv@(cd1qK}vvD&BMLQi`()HU^rXG@uve8}d?4q(%wB&%IZM~6#dw_ZXwr)t|Ws?+mZ z`B1h8+zW5lEsTLa^Zt_GqFdVH-tZz1ugBPN44tNKzFCZbpdiNCYts4Z!NG)JwQJ8} zHAL<&yYQ^!4j-v~_0ACQb5W`cA_6SIy~|BUaHrmvkGP#P+U6M#nfobnzt}IgAFJ7a zO`6C%tA!i?xRUkmzf5h3FDi*zEVaj7jIBBEQPlrCK{Xikl2@7a68_-lDD5y~^IwCb zuiYH10?Zb&zkOZ*hl0+x@$z^p{)z8JXQ+%s?9Ef#ysl=PH`$t5>Dvz=*a)J&RBo0+ z?=upuLV?w}_~-)L%*J(wD2Bwg^9~(EyBnog&lc=%D>fAB{(NK?iTf14Yb@kAqgFa8 zw)m)O4pU`)Orc^Wc9EOcy$?g$))`Up?-K5#;?+J`o&u{*tSJt1!BrIHOTjo4b9m=p z(pMNp7+T)gNU{v|C+oH}Mnrhr@A&=arQ_!owXRmK{=)B0N_Za=7@2LlgX6xdFr;&rOmbZ{b7<035(v$on7ciZuf z1{;otKg_bz`?FgfSF7Fo+CTM-(cgQ49;L9PNW)rt$OD5JjjJuuk}Jq z`S4l}zQ=p72M1;=JQ2F~ceZ}3)9GEqnJb5 zm(UGp;c@YLZ($;&(&R<|(%=HPa<16A{f=%y!O9+mKR?lb=Wzv?t6Ym-8|4_N@vB+~ zWk1}}y})U{nIGbrH8?50!6C8tTS70VbRr7x?7iV^0`$hgmADOVDzBwi5j#H)zc_l# z?nKJ*`>Sb~K!e@Ccxj1MX&ktY)J_e z?PB3e)lzwN&`I;+3d;zK%f_3PyzEh!(;VIz-U#or*0>5&dwXajL;!-pw`f)sc&rF| z7nU3R5yu{-Go$R~PR}bT(Rf~bujC_my0=!)?-xO-v`G|IA77!eI{GF z=((r^TeGVBJKhJ2xa%RVK^`G@tv2WkmgxZccrB56=T)p1=kg#J^O(wAYpc9^ryNf# zu|!;6AS1C^OBJrlUAt^{);q{zWjM#9S6d8GR zn3>rnwwlp%6P>=J#A&coY@m|^brDJ)9z9;luh^l9Z6XAwu;G0;hM!HurH?NEV;Wxa zH94@hu?h2D=G~Vq1;RFF01m!A^Z~;Iua>2YF1?`Q-l&)qix}}l(P|jp$z121rd~e^ z(IVD4a7rr@HCTYx8Zjw4DTKQZFCOpVT0_kI@M`&70UnNEdc~~XVn1!3)VbjE>$$Ok zU=yUc^~PZH4Za?N;^EsvkD&BmZ_yy9a=riX-&ot)MqsX%XNkhI(AU6q-Q0@Xs4&C2 zkD&O0E(N^QT6-$*ai)>)6cdlvI--YHQ}KCzV%B$DZ^UDrNj^T37+4W@bN*BHBua#? zXyxOjxqid#2Tn?B8Jq8kBIrAS*xs-W3Ky9=5B-1t_*;nVbvTkH^v`kQFd=U zdjwrIWEb>u4{wFRKF&b@D%fS=VQ?Jw{!Q54lOu+!-pAcg<)#i$l%1_Gc+qLw>%(A zTWql({EO#)wFEiwxAUb7d4)dH__LuQjq7g|D*BFRnMnoT3vI;y2Lz$j_Pu!h6*p0`K(Cg;?d43Be zm-=%H4;SE_glFcIWuOxdmWjC@*bNV*t+>T4=05q18+?iw9K-s`Rz=0?7hayjI>B0i z%ej1DDEyB?v7Yzd8txLW>z&f=namBJUWPb~dAw9!`ToAr!KxBQY|#~KVmeRny-dHD zwDNU)jj4K>35U>g1R-^d1Vf&=jZOCM@Zz3+DfmFOK+^kn7=z(hTXR&rn~$=};iz6! ztX6wkK3`G*6y#GCCgU49&Xt+FJqOzc5efeQO|meu?m+6%(%=0{AF<_8bzD^XE{jgz z%SRTyBR55QOdG29*K&Ek4LRv-EiCRY*h4HR)phDKDY|Ru?q0sT%yRH-E978V;@2{a zgmELg(cY?Ydvj(H=xWEnOc?he#N%HM*6ZH|mj8ShbPREWwRWZ?)3%d z>hg*ySzgZgtyZ&eLK;Ob2QcOhht%(iW5Bw|l@1IoXe`+Ii8NVNLI~hJ7?arbLy_7p z^3GJ-m}d2M7bw5DDgcaFP!$jmXpv^w?$Gn}06I51{stVmp7T~1P46|$#U$P3_H+uz zxE{N9x8Rb>MU)Zk7u`q72N4E<(crNCP|rHbE;uvqbu(yW4i<0`yiBMsb(n0iJy^Gm zKsN~^)~!GL)VW-zboG}a2Ar%bj=OATk8Ed~_{_tXad%x!W~tn5--G`y0KU+yKGY0c z7}%xL-k+A(OB?fgHssh7=DlNkFrQ<{k!gr;FXgsruHJDz$nn5`isx4H_)ClF?hY4S zL@yq{c(7N^o9o(UMXH)(Xn1;~23R2B5tVZ$7$1n6Zaui(u66Y7a41P*zz?sIogk^; zmeoO#-Fi=c`Is+Livu8IyywVy42sZ6YF+2^|K42)D|HK}^W2yHBjN|Rr~nO%EkclyZVjf|Zy zbZ2cHpU(>w!`Ger28hUOCe15jw>M<(^B|Qt;H6Od$|+ftt+d;t`$x`fq7jP0KA!i$ zUg&`f=?DN0UR#%XCa1RS_}%7s?t{7by+S-CltYJE9v}tJM&+XCM#TWC-WLz{7b8$8 zFxa1)xAk^+?ZfD6RITY$7sGN%hAzN;_w=%vxC2^=W!mz&`-AkMSHsLMm=YgRC1yC2 zxB7DGUJ5_cR5Y7m&5e`V+Z@C>Aw>z+U^dZgI=b$Baaq#eZcg*PN&&y?;83R1GZa(GpnP zr1oXL#UP*3Rl`tzRGYn4jp4eo(V(R`osKEeXvu_3$NQ-U4Jb@ljlb`|LO&o zcr%HeKHTs|m2)ZBpJ74{HbcspW=$gWG~o44hACbxO&Nsq$O}lZ`6_wrc|vM+l9M+5 zw(u8QAU+PF61hb8*$+A#c>nUoLj~I64iFUI-&0kh>pov>0_D&lfCe~oQ0zyJA-$SG z9OM@`dB$xp=dhAK1QO};Vi|{+3}F%oXY81AfKPaImvC^Ml^`KrU3B>=5}s7TK&B{G zp9x>V9*$aQ?!k60FYF9DmhKEK>K|r0gfCE~ii6(Jm4k8b-4Hw=OWU4JKC>!~crd!o zISgK$mTg*YUmY+ub{Cj6l^^ zD!Sbna&-fqQp-7bFnBk|xpKYMGBH5OGXNDl&BLIXyVsvP1j?r`=;!LmYhc12 z8vV5FYXyq#-he_?nO8pl3`Lo2aI4+<>LG?2sNNeuwSd>7?E3VK8IcNjL{}jSjA-to z7>dI{Y1KmSHAep*^bV>Rhn1Hr!i&SZ6M_*aP%B2AF%2C(I{>fl5P((X632D85Iv{geU{_wCLC$T>+k!rQvmFwkr zSnfdcstKP!CYG-2HvI*&_t%JJN6Yo6$gnbiUBOUzYSlx;S3;T}nC`q2+wt0P_WpMG zoI_k1F0>G{Y}VMr8}oeRX%EA=2*K*DHk=ZCf|fLiy=k#k+rGQf?h;Cad#DaP#O28> zdsBy5<}jbC!tFX4n)6&xuOEPu)#BE&%;vQ}(d#`|1~G$sThL%q z9)`CWj+zR0lyE~kpjn_tG~1)=a34WJ9>O%#X+#(Fu)c|iw=IqhORjw$!}sFmY5%~f zAMfQP)jbMkMAqj@J{EZ`>@9kGZvo&K#=mA4O*}mF&Xu!z7>KG7>K_l!9ID)4vREOi zBRa4w%j>3m_!O%qtg2EWc3i^29w9G$a@DO*5?i0}je=Fru+H>>vRhryQ^osvZ~Eb8 ztM_Lyhfk^bQbZ_BaKa8tm5FHEtB3K%N`EElu;jq*=`ROphW1oU+{7t|xT(1|Ni(Y) z7BJhZ(}(p13i>$S{lB~|@dsP+yqRw-%VAp_gMrk6Z-bW7A<*abS`Jj*u{$NH~&rADgx z<|{|7JugZRjY zSLNkL?Vc-A_*?-sY!lPRKRe75O14W&?Pg>LiIMLy9go+LL0 z8aDX@< z=Kqu=#005VjGfkPTB_&s>vmucJ!*eWTCU9)(`eJ3T83?Glc!_j zc;7{pzY@9jO3z_s%VUe-^uy(br(&Ko9#wAH+c8agLA#6Ade_C6PNm2#I7HL6cT)ss z;;eJ_Ua6gn^G}~Q5V^XhuU>t`!fYw>**#HCh8&n&-gpX(CV0Gl}z2M33q-K_Q8Vh8?xp18KGx`H3y zf^x9di%0pJ+Nrv*EyHWWQg7o19D4fG=5~L$7nmlad78nI%h!_4JH|0&;@?@0ebRH?R<99p30Ps>jO6Yt(DsPS}{^Ai1DM=nX3u@z`gDQ#;K2Izsm>hq(wfj(ip)9QF6po#tSzp_^w2*EzfBx2VQ1 zGHYg?dXx69CfNseHoaU--0_jpVeBtj*C+2g6B}KIt~WLK2+0X1ybNUa42+Uy5T?eR zEue6}Y&h|v(Rz@YdShK?wP;KyemH;(>vQYxzxy+x%MR2s!*AS`V_+s1KG2qHI3VHFLX29 zE*~Ep+pmAQ<-YE7nHfzF)7$~@$x+Yhz|r3*Frsso2H4i6)* z@d}GXw)&nw@rKV$EC+wjpoDRo=37ogn3yqfu+R3r(rpC6aM<|O6!tKblXy_Zm_HDK zF4Ez|<*;7}-TCUhZwDpp3W)^?Iz%j;{Np1Eolj~NTOV$mrIB_2Qe)xh+4|rer^Xrf z%DpV20-inP8-kWjSrN@I`ZhIee~8m++`V>9pV0BlXkKs*Q7{{`Vf0r$sRtEQ$>PfG z5wQ{(Gn_5vCS6Bpavd(FXuo=(?{o`8u1QFJS+uqLE6H0iGi|~ct>)0KZo>`#BUih2 zH631LbDTDA*o!7nyWnHS$&}Ky{50`QR(y8Z`R|Q>XMRUc8m`|~yDsGGr=xB?w)dV< z`9+I);b>f|q#+%5$)p+b%e~S&+GBj;6Kj|UN1Wz7yDP8x@a>sV`g9=Eo^aAFZT;0IreS|dy(n;Z>?Vw zpOj?%4VfQjXnb*0hAH#r?^hQp&-wD_qArHm^yWfqd9#->y$MCTdbpB%YzEgW~ zYSUSLK?{3Q`Ha6ET1Nf;lsLzbDdW#MrIt9@RFwEJCdJKHx}ZobM6lIo)_h!ay7zQrURQeS=!UO}#IdW;1Xni9Ji~=F!vhiP=4{O{(@@?3I=Av{nUy zqA^(kYk^?5a#xzXYM_8dYRENZP7#SN@rJPlT?KI;<&SLI;c@xpa z%n+`8+05xG>t`K_6$Bli)$^3&V3Xxw9GU~ls2gaH3)B2Hd-ZhSVM}>;!gfD3Yk!GA zxy!ke@DHCi-I-*c&MQ}HCGC{H$#hb1To}T{m?fBzXjq1kj;|FPE_sMYJn$i@urVa# zcclAl^x|*E*u&Cj9_rWqbOIvX8fn-1`F6Z0{AH+VCckCe%dh23(U8*SAPqL1Ouu<* z&XMj5LA1dwsz{?V${)T4S!B*8_iMhsHsdBs@ z$=1v+&zHHAQJRKt z_vgGu`@P_W!{E2D`L|)o0fnDCE3fFNw3%h~s;+bPvvFT1{B%#0sj<)|mEd>ZnwsO7 zGJf8dR7qn`-zdYSH?lT;#FzA8lI7Q?p9S0IA4bBK>HUnGN>;s(`=@bo@*R83Gu|>G zHzE9iKzKlr4cri<3&?BkeY|gM)HlMLZ3Sbv*oOu=HN zmjN``P^0EQ4UF8as9X*M{3QdG{aT4lGR6Dvb)J@ffq?|e6S%vCT3kI-q3KR_oHZ!%`s3R6DQ=Ze zz2PmN6@p1p4GP&O-5<`;n9LN`gtN=c5cbl<3nm|VTuZI%e(!q};oNYcTo~`#NRU3) zK$_)2U4FyON%eZ!jT~&CHvOjU;5dKD#aUH>MZQz7m04d{d~{uZC$D%$o!nGPFQhKJ zE0`fu`A-JzCn2g-A|_w^MYHF;>&K~=J$yMDQ@Yq!U+VA>`fJpPyJ5c;mlSNQF9=;4 zaSvU(b}HFCaY?Pri90W-gid4h{!P*kq?it&_}U1K#6_o5K7WUUo&S5i%XiEQ)&GyD z^L}Kz?caWcptcefyHrb1tF*P%yi`k&Sgpp0t*F)>iCtTb*4{ITy;`NVHe%0EqgA7} zs!*zZa^3g+eg1;{^2vFg@8ftK@8bdYTCDB>%O55T=0YwS5t4k7P^=q_gN&>f>EfLX zn;b_R2+dhX>W-h`1^zscrO#v<_35i6EW)+YPdk6D|0wt~8TRVu6)xjsKrQh!2+0+` zk*ZNZsCoKHDRCeb{&U4@j^YW33XBYZtCUn+1!;3F*$|*OcdzhcURnW80G>tBGf7^i ziX1=OWS%a@rD0|T#R0Ds$C`8laK##Gp*og5fO}kQ##G$>7o%tCsGke2JWN0RZ;3C3 zR>)nbP)|u%>va1Omp;<)?_RvGk0YDHU7|kpZqbR}BUX0E{a(Pmq6l7dU357T)vQ_c zKG$vzIfr{K!_qZeYY}e$44aD1@aOTmUevvfry@9aXm|HpU2>v!gN@z4%LR3IJ7?zr zTG(&bd8WM(){YWK71_?qb;;au* zxFeK(8RVo$hkfYwJ%THRz*q<+z?$MqF0O5#qkyBCTbaM~{8^d+IHJuk1C^fU%c2Y= zdvYFyg^9!bmxZ~r(mo6pk`jjFAzzlRavY}VjQYPR**~{LI2E`Wt>Jk6d@Otx=c*TSh1v!omIG7McCw6y(qrgxGzVk@ zCM#0NBhWw53@d?7i4(>qmLCmjHBs;F8hP{+L|R2R%R(JzBUM@Fd?enr1YVz$*8qLm zrYNa(l~tTnwFaJ%k8e|J>$JQw$Gl?ZtL)16YpLAQQ`w#h*ak6WU6k&Gb2<6oGIiEJ z5AX1Asqm~yKVZHoK+B(o7;_{ZHF(E`^QDHUHt#P&`_vRqzreGqj#n_pr#pBeRxgOV9sf8{N3H zoY%~K1&XieOUmx>FvQv1)1uQM>%T^ zI6AvL*;W}+3bU-=yUKEN`-Z3*c2DrqlpGpBWybiinV4pnDN2q9?PYM^1lBUS4@%0F zy8Z}fQS?IYySXI25fY{4l;OxfoGBsGkzbd!G_aUm+@56ZcIw^v<;)WJp>bL;^T<5o z$LeYIaeUB|^3Rub*0zJ@S2C<_NID}2^DEAKfjhv(vmbHSuXjJZq)o41%S%!&K@wV({Rpif->DvObR7gZ86g z@kcie+HPM8(9_g-K9w%kJZp64gGE{NtnuPY#qYX02~5&gc( z2CqN!$C#kR%j3i7K${-mq#O)mbWVh^MJASQ&;&X$x$@S%9XQMV?q7An)ALLH+MBe) zmW87DH8vHjZ(H&F@pD_@5X1co5du-HNH$0RWt8kW@NAx`seN#Nh7H`@?PBAg#62s4aVJ6zdsB=@AIx7tpXZLp*jSdM}G#m zt4|q}ZwALf@2DV6K`dU6>nS=n+62v_?5Fz0bDC1bG-P~H@BQO>j*3;CA=+TqdNX(q zsc)tkcY@uxH*NKUW=QG<$HJ=Rv>uoC$oz3!j9RsD^Cx=9jX(w-aTP(5K)et2+aDr1 z^Enk#BhTF~>pN65pZePr;3vYe3FY9ZB*N5kTKN1MImP+!A_#siF{DJqw)zsz}Y2H z%-g9AtA9m`pwEYkq-rj(vW6-l*V&ut`y*-7q1F3K$t?xrnyeQ6eohc5*w{g|2{xc} zUH-aUs8xd1T5gTq(UIbh%AZW zv)H@am6v*|OU>48XS|bVsIj=-(7_kmR24X@iZx^% z`lwKGJM8{>42DT1h8twS>@`&_&y>LO$&UOJuM)y24fu+eEze^oG1-WBJ~kyFj@&J! zHAczm)~Ro(MyE)hp=Jg38!5iE{a0L@(`4t=%8VlBAIDs!9I3w(0%j3oV%yZ>?ZFJL z_@X0)_SZ>=v)t0}V(v3ts&Tk@(z1?!>^__NdTRRXM)ifLwPpp>z!IqqD}x3VmAxB8 zRAm0R8>r{F9r!$+1kmFe{fM-t_*iBU*ZG%sPxrjL{G7Ce8kC-i7*=p0!1rH#CjAU#;IcHVb? zIueSx@qz+!p9F2)OvC_7)l3L*c^Y$0{S`| z*Ah>(Q&mGl6bCkUY|GykZyz?f&joORI)vv_=?hIqyR;KKWF5Ps4Rs6XR>Ti|lQVI& zQ&8q)$}zEB&tnW3rGgrB)i1;c+L*-t&FMQkNqq5@@44s74SF*gG2IEc5%cn% zo*X^cfd~Uz)m^qk#*$)FOaiWB&Po>L@dW#e{q7?%?gDV7AOlSk{R5|&FH@a^-gJP9 zauU*s{=Q-C&b&CFw(9qRtlARW-+{?D_Mv-bJPPh1I@#V(z}Bx|ij=(XjySqq{MqE< z^W}r#xp~(=7Jmr{F7pM2A3DV^UKgc(3inVw9bd4$Q=s&((v-9xy64w86XPk{KuWA2 z-X!oWLa}IX9>KwZgi3mDGy5wjA}R`#0jp5_o|%xLZ()kzhHhJ;+$6M=7(=Uw-I5+% zwz=&vUs>!Pl8T;|)?NtX9W7Fq0Orcy0}V0g{0aIt3{M)MfNNR9jwr>PU3RgPb$#7Q zG)5Z+0=lXoy{HP@?CtG;{Vq$Fqo6hL%XP%ye$S*)tMlFo_N#Reh!Qj?69sBK8R*h( zx>=&}Fq$DwHD2$iN4wsmJo<*eOVtFWmaijBA#m%B#TTaxmv}RG3mv=JGKS774gRed z88+o&Z<8QZEYbKVao2-sB@y~bxUe8(&=p{G6IlY^N#uk_25^ZZA}+Nt8?*=qMfim_Gdyt& zr#3avt_iQeb>uhrZOPET=JV2KdOfRZ@k)6eVrjwuDveNUMZpEmAs{_(26t zpyxvqIEPy0mSy3wb`YHl$Y(Bp6J8NO1u5nF8N9*NoNbQb$zz2@JzI3bhS^CdT#4^* z2$z%Z+~Ly>`xI1L?^7{}JoX)<`v3U0{EIpkg-0d5k2CW1Mv}9Clbj$T7Jzht_hQ(b^r?K(Nw^m!kEk91^@HG8;C(SB~a3NohKqM2Rd<^(ZT{UL65-iRnz>hSTSw-hZ&@f_o?Q9kJMp^pW#bFkETO#ludV@f) zZq@~fTE3$r4xfn2kK*U$(mv*clzFq0Z1QdSFtYBfCQT_Yarp)F4k(+^ec|e{Iwxaa zk5#pj8Q=1_w7e*&>GIwS+_P%62vC%aSZUXpnDNS8B10Deaa%0)m?`AyUP)ZIJWqik zIsZ%m(Mu9~>IQnlzrD$$#rOMy>o+1JRfc z_2bXPpu(cztjA~IQ`AK-OXLHO>J}qbgd`zQ~Lq}kGg(riR>$kq>3$cQQv|iMS<@ueD93N_ctaKHs-}JoN8$Z zp2v*G$fj^dX!+(hZh@>-QO69%tDxl=mx;P%6q8aim;UZ~DlO3ZWTzbl=BD1WESzKf zT(^Rp4u=G?Xm1Obg!PlPz%q?seJES;X0%slW9ZQc4;awoGq;yY+5&(JThS~CL_muR zzj;uLElQvUw#M1Cg%S6vic-AB;6LX&v?)N?>kEZFe3gwI|MO&Hb$xyP8Ef-~^j?tr zaG=IDpI}i#7R!2~(oMj)EuQnMIJJS+A3%hCu%=2*Nx-zHnu_N)xRKzvE9=33|?M zs3R*QTFARN%3(~Np`YyTQjJ1kDCx!^kLG1$;XM?MFh8AA8<}Lhvc!084o$o8nzWSr zrI##LQzsXm=+qZ6?A)W`bvyfYTat)!f1|nAA~y73B+#h0zcFnpzW`sE;QWp)wmS^# zV?&~5KaROPKCs0MXHR7>Fwc-p?H#=3^G51bnIPmcQ-X$DrpGqCyIPL?@usatfFiO7 znr`-jm5fpq^cFl?FQ>a#6W-a4?X-yESJ(Y}v*9(XX|vXppFOl1elIfH9P9t5Dmb=Y z16F?Koe?N(e>RJVZq5zKU*!0ey2R}eA-ME*S2VN9xUNoKOVrFl$?zv$$^&;SD;)R6 zu;G=SXAa2RoSkzQ-zs|^@}GC>tHZ@{un_dz4?f`YO#?+xx8{O5{=fy6#QMLh@QRI& zJ!#IINUZXTl?zBeb-{{MHuyw8dmqRs19W65k-z;7-TQ#~ehXH*8<74iirp(}Z2{ z>Kys``ueKsiKCLq47{FFwX_LE0~k{^2qgq4=fW)#97B4U92&oZu7(NwC6s_TUg`XM&feL(F1T5qv_h4GafuOc&Qs0Im;i1}>iqOyZ@d$wWF+667Tfx# zvgZ3zlHPxmIwRpuS@3*8gUC zzXU)W^<^-l&Z$lAui{3kP#h+seselRYu3h0G3nJhoek*)bK)H8>*#4fImGsZHPws$ zoSLpnjD32fHiq{O?*s*o8Ny?@KGytg`MP5PO?qw&Zgb>RqL0Kn8E2i&y>7V|g}*H= zR>-0pUW!7PmiAZe?h5ORaG(`k^c6X%o{KH$ccO zmpP=?@cZ|4Uc30y*R5z(rwW~vhZu*1Xi?tuHxphb8c81y1c15^*4pqt)Uv2038w=I zr~2IaFvB_k{T6LqgNIJkw6NF9DG2?+{KiLgJ(m~0n~|ns*U1fC3T!&|L!?DeB^>WF zd^JNa#yOVE^xD+lgI%pr zPvjfQBaqVy_bvkDCp?x-#p0W|+Q|jW&>;i2*aILtsbhJ}2X^RO6iGzLftmsLECIxA zx%RqsbVWr|Xr_d<@%%1!>j!jfr_E|N|D&RL)3f~D5lVlZQv6OxjtWHq<*XbY0Vq7F zhgOyublLDqIH$KnF#8t{7xlfc#zsz)qTyAkiJVlIs>AD#-?6_@=bFox6Z4+KRA&+w zB7l*?GGXe$iM@(@{!2;SJaeQ~SX;HcLYhm0FXMb6ffn{hNx4>DQzA;@OS_o0T92HS z0+U>4XH1v_aG5e3T11Hc_X6zmb25dPCQx_2_@NgsE|LzGdR0Z`HBFZ_d<}Z2B$=g( z=WAsT3%oVJ{vc_?`9X6)lf$;d?YEnj$Q4~X62YQ2*IPQIhdNOh zh_sJ{&l?>`JcEku+Oqpo;kIbxRaY})MjU8vyuQIo0N%x;St#a=4jc2vp44O!nb;h` zR162Y0LG1o*WcrjX`tki1gCy@uIdxBGJ2r=mx{_FWDcd@}W zv+;kLl=@wt^!$q4Rw3jj+!B0G@iWrh6)PCJ#ATl!f5t1upQzN zx?&moqk5ZOZ014bKXVH5m)H&FEM0`ZG<$hgt*FyBr?3!nL@du|R$+sx=$Aw%cjCuX z6R^6JqKNfm+h2#s-HtfAX{UVtlq}DzfQ-d+l^cEr>JA_JZVe(L64+Jpsb}XQpJVmeW+TF-~ z=gRj0)P^Z*=uck@nVkQCO4q)&Hx}h(s8-4s$_!l|;i=bRTD@DIt|L;qH)ZtCq6oFWnLHa8r~|N^J@v|mRoyctU98)qf7&>zt=^p?%u48 zKdT>onJ!6gH@H%gL|R`jck8P(e99GU47S+u!#&f+)9uXe1XNY?xtBdG{ndNRNw`ky zl1pF)o1uRGFsw8P>7&k32^)aYo=*u>4A|@I8s)WHJm_yQ&a#QY8^jZ^mR{FOZlo4T zIUK#*6)~J0*vsNBt;&!iflVu&>O5&YlJG#U~5$MpZpMV zCszi>xflibT(|nGbrF{UXl^}m0e7(pK*j3V6(y;IMZ=~V|)pB0qcXSae{!U$E zVFg{dqr5UXP48*tmr!Fm$C=ch{`X3%0i$mhY74t9A|%_r@%Qeyij5v=3f9pvD{o%_P=z=bEbgpD;w@|ADaBbmc3#=lWkuRXrl z#>C*}4T1};i8p?@JDs-e?-d6w{7rUnzUOoTY37A-ey><%r~m=ewxg%%i4*X zkX{Ye{+T4XIqe#`(2QA$V%DfOP`)1m9v-KEj-U-J-I%xs>2Ipz=6-U*XZ_acB+?)X zF0n4WE75EtuTkvB%;%?a!}@KwNV}*K<9h?ieH&cyO>6Mw#RaVM@ELPfA>!K`UAR@g zVDpm}2RA{T?O@5{2Q<}2ps##Qd3zwbK^s3YV@~|4B>#Q0`sp76u)+qA)}dVV?%jXU zenaD|(Ty7Z#BC}L{2b&Hl(y08K5ROUCtm;L(-});6lys_)EsXoNZ2w7INENbH436I zxPkx0#1}`Kvy{B72nE&wMEC0pb1#(?dSWH1XWwTNlz7#mRClY5DiyE9Ag&W6Wen}y_-yk_0e~19SQ%TYHEbIq_ zHJowLJ2vik1%)xmU3E^HvO;ik<#8KLMvSLS56H<|M#Z##kVmp$^>Os46e7^kN<>fH zB+B+louqTQPDwb+3=9u85QBPB3vFJTX8@j$P)x7cH!~+aJLc9=y+B|VviwHu&hBp3 z%AoNUdnV>PJfj|vdJ&o_VxD(w$RW1sAWsk)SYCX^UX?)lC}7s)>%QmT!s4o?-36u< z#olD6_N$wxi^xi4UPYZZI63a`y7a94K~iTKp1!L&wz@#g%JKS;9~zkD?`pXwHK;i= zSAXR@K;K{cS-ld3-R%QjCD<%`K-qjdKYrfWlqwq{>z6!pc*ph1vG3`@ z>;ENTg9@CubY3*jKFT~N#Y4ZGlrUAgbH&gV2Wo82_22H(80G#B`Sa;2;KS`dt}5k# z_>Ou4T2N|0Ki>XLzzp#>3|N4D#>Lu;89EatSp96EbRE2VCdYkHy@&5gbN*|(3`fmF zHHv6RsY+-}BK=-K6Ssa&IQ-@&C%oblaGRS3_VeMErAkt;j#g=doU9g6IjFdo`#VLf ze!2FSiMwtkga*)f*X5jmIGYoS1;@9HqQA~${$c2!kSGI;h%&yL-)~gNsH!vxADVl@ zP2Xrn=bCgi3ZBV2&ruYQW(4olxtW5Zr+%djR}ypeQjMGFw5?qe5rrJ$>ruT2W0{$gr1;r0L z=i0swG<;BAbYlIyU~xjIqjmEg)OhD>e9fo%x8ppAziVV!+P)4H0E0(q!NT*M?tq?2 zEbqAuo^LirivE>qkX5)RG$lp#uN+3KmO)|lFEe`#e}hq>B41;whnzuad)W^3_(;Fv z!FMp~jKjm%bJYBZntD_6kU*P}VPrD;y%Kuuhk|vpof#aJj-HJW>cC%q{r$fN6(bcJ zYwQmVy0sMT_-onMw77iMDR|>E3vCxUQN68z!E^_`wd(xFv3DBpAIS7>ho)$TZ8du|oeM}90bByciMsK=g7IbK@u za|DnnFVu`*`x&E+C-qqf;y+dU_O-iI-Z+Dvl1Y=G6oycT)9lnIBm`QhEA|!;IwSy! zCH*!nyp_|NvHT=2!=E3HS-m?VR=R_7kz*G0RsBqzg-O8hKKDAb!S#q*7Zn0l>3hV%gG;N}LF#5g+Pj00m`a^x1N;|BF=uLV#Z?9S8+Ow)tJO|$xuu}$IC@;U z>Cs3|8l|7}Qr>EC&gce39F)X9NwFJqeNYdTU=ptHN*rb>7rrt~kz7vZ0yell-MY0E(NpYi|W|6AEHqy&5=^ z#TRbcHjXz68OEz6Tqzty-y>uW8J{no2lxBAAtmR1l&(V zM`@2oET=N!)&omnuP!}YwRH0!R9o6zup1iIotOCOwkDJn|1&Zd2$^pZp!x2RaSr?M zIs8~STp+`fq%|JeM}Px}&%7O}vUV=47ruhyPu z$o9Jt#hB%a`(2l`&8`w)W=(J=Nd$0?_~|5Ev)Y7~8agguzTYnf!E6(8Fp2R#vaWbxP2NfIeM%F@0J`nfq4tRo_tATJae@igEvoJU73kPI|97MhLPY zCqQG<@+7i?>W@2azQt(eCN?hn4RXS2S%dA<8zwffkq2GxJ{e+yf zRqevFP@T?hHs+*@9yU21NF4d{sKl}<+5kRN)Bv-`WwUu6C>R{TS;5ZO1QET3s5Bp7DKzBn7mtgNw{ z*cjHHyC$i@PnfDle{i^Q)U<$VC%!JtG^Tq-iNIx>}RfY;Q z4sq_Xk&Bpn>Ii^uLnAcrWOC+A+{Hx_@DCO|@3f{XCg2}d&DKqsB-jXv>Qp~ z(ok@N&t!>m98iFp$zj_#uf(Rjtd*`BnKiqmav1(9pF1d%r@v;Gvis)o)B^$JD(u=< ziUPuM7eSxkWyxER@+-g)eF@nW|a^IsEy0vcD^5wnBd&7{6DX( zj3n>4VE5+&*r=l4>^`cE$Z)oixw`6ZTNs6MZw&Yd6il7W`Q+$yG*Qyc$H3jFjYcR3 zRrad(D>RsoY*%AmJZtLN`J7eSHYtE4K4buqf`UaP_bf<%)(1pK3!OGo4RNjN=?a;f0aZ~R&S#6> z(#guDGx3kV_6%r!Uf%rI$j(u(50uk`h!^ICD(tneIB7yWQCR}cK0d<&dbfIDbo=iZ3Aha;5XJ(%!F0scZ3IX zqvOd2Eral}I)-NXY^gFgWZu(lW5=k1>Fg#S?Mv<06LTl35>Ml9*3!Q}fR~A}KXUDu z%<7TJ%nt*o1Zey^6gE&z5;C`Xo3~KSShPN;iUvRbxlgIJ$;wSeG?S_poJ|`=(oMG? z4@}tXv+}r}9J5F(wUa$S(B~U9gkMEGu3`X#W^_ilN(@b(TN?C+CrUlr2s(d)W#0Rq z86Z5Wl{bWQ)XUUOCkfiiNvaMva}~H6zIcx1_VyJ#3XZ*s$;S;WYSP_PY4<1o9;N|w z9J;I-6})1I%7fbjg__mhS0j&!l|EncO4vIdL_U^T=ttPB>{~UN3D^5065apSw7j3b zXy`7x`dk@*ZWtYaBy`kJ60F|;|CJM_*6WVQEhWgBJ<8P@Dq^*o{UW4zU7=EHyz}aX zN@=+5CMLgQB-By2X)KKCdzjJD7nwVE=>!JQFXL)$agcypXO4=d4 z`J;g+zZu;a64KY*5C85wwOu5@;G^VLr<3SGD|tkIXie2~Mw)zn0L5@3qtRkA2sCF<30%I|xeuPu8V(ojCuer%$Tq+ve5f5GjJ2qyu zw>UMDYJMz>@hSlg%-Ev7mrea$V7LVO-NJJ*0E&L< zam}b;?7FUP-RJAa+B~w*?>D!d9G#!Ysc-+Z=)k+y?*I2~+J2(y$bhb+OBr54Y8d%W zv{rYvIw%?1;_!B3R@a~S78%vom6#M=(C$=x3(uJl%71pWN8;0Ac-!K@8Nh-8D!3tT zO|E{_P1v<@7Eee~`)HGc@+Ubt1^?cW!JpJma~WWTzrHpPUSrsF>QYpauwZ^AOX<$g z4dHq*G6kS>oDX7=q>du-!J4#j44Rm4&d-IMpKQ>qUQR+Q)3)qTQmT}l1QPUc`LC{6 zpQWu}|7;eVfd=VPLMID0z4%BEE-EH8YtuXNyH10rWUL`j+*LJzkJJ_>j@f+Yh&NV1 zNY~#D4}oncE1gMl&)<`Z8BM(S8uA)1?`UMzA)0%|W_r}@D`v^Y^Te?BnIY+sJ1Z*4 zYCyKfCwdpe?XL%Iqx?Mf42pdaIU3LT)c5n&2amDkN%G-yF7873Mgqfc+aJJ*ynoZg zxvD|Fvq4{ep#j&d&tY&AMz1}WNG5h3$9vN+mWStZq4bI~$p<46sMpP(gTyoz2+h0r z`{mO!9zh?}-9YXw1#<%Kv$B)>ITKF2+jNZtjn7UQs%3R(eX+b0o{&X)YwP_z>y?rgNZ`rDq4l1dWe%*nuk9pq>hIrzNXAhaWGn@BNi3py|z&UF` z6cvI&(&4$*W@*)q1#Mkm)`8+_(Q|%_g8H3cn(r{cgS!rd)7mg-*LKF7uH{ci;oyX- zB?0UFr(Po#Puqo4Src+RvC)yR?+VrCvx8$8 zoJp!f*b#`Gp5cp;;)Cjn3l2P-2`P*Dv=i`sT&AI3CxkWGT0oOmN49L8ZAqe7-L>As z;{ZgxrteqQB@Ne6=&M0EIbnx4VH&z>{@&6V_m5zy=^uC{Y4+hK>&no!jK}hE zPj4HHarbHp?yd$yBLw&2H_b=-zA1 ztVA|}((#~2EVCCZY7RQ>Mh#REZUw0P#!i^%D!qYh7yKpGYV31(VP?|DlAwC{H4E?V zhOXWH>FlGnMMzZAmi7Hh;iS4Z;EcOCk=4&+H}Q7yGRcog_8jB;D?xUEs-&w3bS3)L z#v`Ez9C6AGZ~Gf^Jm68U;n7VHXxGFmR05z9l;x&Q!i6&0SY5D4uac;A8hEv0^uhHS`AV>bVM+vY0$qc*Fl4Cf;D6Bs!P04cx~=sbq}%G(fBX zCpb{b$Bmf90ej-m1;z(;{YOS??ZMym$C_Ft~wiSpneKOcd}!t z(6tRB!+Q0{F#-QDXZ<1MN~Lzht`bLTt8xPsS?kW67%Jwh2l0@^r9ay!nY}A(ID(qG zq#7c9O$|J@G+h8*esMNd;J~*rlPHfaA1nR_;HWb%GE6Pl?L0jBx_yj<1{2e2AoWWga$BIfZohq4 z^m8_7+RgjwCAX+moNO>h?3Le8;n?Q5ed4CAmw=2Cw4B=EM2;+AAhs}K59dn0x8*8m ze6AnwZ*!lV=67Aj>ME;7V%J|psHe2dSPwf6SSPS6LY>Y%Z8cM42lsbntv%8rT?pX6 zP*#pnLc{YV%aQx0E;Jdt)j+9A`;2;yj*hEehY{%9Gs#JL*sO!*KRQDL+UN{&7pJ1Y zgmATMN@jw7i<+uyC;V3+?0B3r^y}P)<0a9hkaC*Ta(_WY-oUHq@`KuFlltaUOe*u@ zS8T)aDqJj(%G;>m0o4zID8cY!5;CXSwQp;Q36=3Kd0NVhtce{~_8o?*%1hT%{$%B9 z*#GYvMsqi%rpArfq~pKy|CFLF2hy-Y<=P1Jog3GjZhW;ZcKsnnCH!Z&ispQPyMxfR zLzN;w73^={yL-v~A@Z)ONtzC_nC`4d5lCH|vOY*XD<2X!%>(Ado^;9H zdkkXAhljAyu*h!O9$Ozgc0bS?C$3m{Jbjv(n3$+abr0;`eL?_^X*JxkT*jiQ|42?$ zATdld!_fd?ZZ8z%6-0~Y+)5v!SkAD^tc-PWEsidPChDL$5jy;IT( z!5XsF9tZaVvRd~a>=q;x@z`D9LKSEBLSqW9}$V}A~s-J@0>wa~#=pSfJpX3n|+6Yhs<_AdqgFJI#Z6oQdC{^Wh4eX8)) zDnO`$?ImfSO3;4p;YFt<%hxI{?@YmI>Oe|nY)tNF)!jk!?~nLesVz``^%1%mu6DHO z3YS8IYRE^dTpJ#i1gVt*5+D(?jy;w!!2Uay*S*sDYXO<{J~k){uvLzK-eHP}9^g02hS zJi+a*EXKnhRhHlKHxp&DS?0)0zNO<{Xz=*{F}(ay?zpE+U{mb!;>4uwihsSum_`nr zRp3VOH!mH`rTx4ewV@drYE2P6Z+iH3N>s1O#S&lxa_vxqQ%Ng4l}y!ymlf6^@*-a3 zm)KlxWt+mLlYyL;buC~fV_)N2=BbV{?aSgTo=hL{?mW_U^L9Q?w;l<11;mDN zfcBH(P6N_Y#=o8zUV7(HM~8Al)#gA>>hDBZZAK9q0gHhp*2l$S||Bc=)mh0CUB8`R29DYB%B<$2E%JPgoQT9)T zqL2tQws$PWH5wDF)g5`Y;N`mCHxUuv1)4?t*+Dx_Nd)-ra9L8srbC*tGV_d%`(yp*b6-LiKD4sAOlFy4=#yRJL|)6O(tHADxu=MD{TVBl6J{0 zU5F|RuXco9eL|RW>#lrdq3yL&9@J&IJ?BzB?#2zM&9jymO5urg1kG_C`#01E!vwy0 zXONvAv}$#d0MiAT&!$f2*B9WY^(jrYWkGyok;$vwzouNR12Mkm0y}>shXf^@soY;;q#T3jf)DDCcP`WNkfyVcC3>`K+7keo<&%Y~$?^Et*F2;BJ;`1uCa>LY2 zjc20Aq}|Y=PF^Z+CJiSlIi2wysF?7e3$n{nFs8bYMDIcEhJbqzu990nUuHZ@zMxz8qw#jl&vFB$3`T}`tjx|=rX zbuf6XSyx74h$kJ_sNEu>Dy#MAc>A%Y>%xN^N+On;gE-ARk zhu7lM%0ZPDDBc{)FE0xo+Qy=;OhWJ24n9rCk8f0kGiWK6iYv}u{k<7eFPpT5V4z73 zBFQV_+nO&vypF=R^?;8@*=&yMvr_$4OS5dL!o?=FFdhkZ|BM4|;ZcN#1Ag6M)`0x+ z8vi6cv*ThhO!{7U8AC6WgHIjQCbmKd|14Se&6`?Y^PgmM(nRT(ca(xJNH+a~rvkDs zvUT@!J*J_^3<$M$aE>-nOi7VC)?KXyy0wj%kxLlfJN~RF-q7}-Zz(_x)sqCv-!@Ua zxcj}Dn0W}>?fZAjW~vwzbuEwB1p^dUtuUV;OExollH9}LolqfS(<7^fc-gwxkiyGs zTRg_onhYu@WDqM`@@9bw6;fyNb-m{FpX$wP=^ws<=5{+Vn08q(JK_3}*|H<%+#P)n zQ#$Tvr9h3?J%5lYJ~HqEUW~K<{}!0E!F& znv>vNV0_;SGA>Fm|Mahq@3UU8n)jHYLQ^9hL z!LerCowMyxkL&q2dcgdI%$rq?IC(tv`g^gnOheHG;5_G@+61?A`GG?Z3?leRa%U7( zo;~R;-l~vX`*sZc7|BQ+L{sE7^iI-GOEL&~R7&io8g?sH}d>_PHNjLU(W8sTzFw z*y!TsR_PqYV48V#xb>Z9u8@q$k{f&6^E@7UCSP=Kh$1LibT8w5fy{Q83TCh(Szu@@ZUiUW1 zDScjWJGjPe#uXhf&Fe2<{kQ_R`0aajbn5}|pg^s*AQqGMl2*5g+o zUhc$&F(yJ0`IJ*re3XlK`-TJ7vf=#kfRVb`@&I;ai1wJfqo&%V5|1#}4T2$l-@fmb z_MN(PsXt_)M9R^gI8(M;8%UP>d*gol_OF-3zuX4c`M4{5Tr#b#0!;t0lKw^4a_lZQ zPsk>)FCXRKR<M zA#2Qh(t5`WqFK!!q!Ad05Q%=dlgIK3r?#Nraal(IK5y3j34z|q>c$lCm`G}#ZA{mv zubW@Sz9<&sm{KCkk-_xkxu{X^ zz{JC*RN=sz;3i%|>n{F5^TUo6J?$bc%v9=wzU;+bDIvH-yCg_pZy`a6y}9l^LrW&1 zFu@~oI~Vj-SoLKQ$zDKc_A8U#iDTA^qA};O%R2Eme|Vl5CKMdInA6-*+$^wb4y}vc z-=rEC58<4iO9?rtLti%Cx}3xuo^S|h=#GJ-T3YB2tav}uGRgha^)09jI^%vaQGzoG zO}`9jCC4=^#!PgHpXDW}J!&dfZKu2F=K3IF{UQ^eaChrZh-XaWi~nw?TwHWaoxDp! zOt^k(M$0gC%XEMYi!ZJHD&zj5p+XU9-Vr;P(7NF+*L(Z?^ErE#8k0|Z#{Jo$7F)}? z&5!0aUMR1i92^4^vZWCuuA0)hmSPTO6&Q0}=G8pdGLyY|W;mcoeI|894QR`?;!yU> zedqm&mL41Cci@Mu=ai@8ULc~>4Q5}e{c>Eqd7j78DPwWc#PMn+eq=r&r6lCZR8Y4X zLj7dKohXU3SEYn4j=@7Sy-oug{eK+i@47#%E?~YZ*kNc$1UenXjQ5InA>fDrfN)Y3 zz6*wKuTDCW`;wX@+32Y))C8{4JkO6!-_-~+aGhImz>QR~juP_8a zv4j;{&^pcFdXpk#O(71Oc-T(u&fxA+b@HPNz3F*fBgW9ZbWHWb4Jt{U{~VQ`KZ$Tv>xf zB5NamjEx^oTITxwXR+&M@lTY=^W$%C4HUq99XK_*jz$~3r<*O-w1zCXceBW<@QK&W z5-NOy*us7%+vymoDI{_Er?W^$$K#jE^6$EtY{sBTOW~70T~n6I8-o5bN+j)P%9&=R z;b8|?>H1Q7i%_z9XMmW;rnVWQYnPlKzF0<7xW=99jT7Kff%~C!R~h^{*WGku7kG;F zL6PXJ4KKZz8zqJsZ2mi^fwzqEeahrMgEL~jvgmGzQ?CboFn=dN{-rYhnD#*L4B8Sd zs!Z2GG%|Wq4>XIDlYIC3@u;n3Z*cIA{8#> zJi(WZN%_p>3|ZDijR&I0_oVG7CII5yp4&nWn=+g!Z;C8_HWYRcz%2zO8or3W>Bb9g zlqsz?Ih?(1=Dnms>G%(ttm)4!+Z^JiZx*wu!lp<)13>I2xh@yS5$mznc_r0b_Oa`X z)}#40F|Dl7$57Eoyjar?52`DS-!pTKf4sV`W30pkc@#0u&IB5SsLrwp91!Ok8e>71 zEdK@|4>(sYH=<5@5y{TkR=2K2pMA*+p#UloBa!BsDTeCE!f|YyOxkB<8_%>+zc1Be*LH=SBTkT zSp_FQ?BB6_Uv3TLtHthkkLC}DPne?m9$wm$afR;(sOG2ve~_|&IGe-Q92HmQdPMh0 zzPMMDlj|;dBE*qlvd^`%{G$Ch_qEDemAV@6z7iAn15Z8d|4zqgkAZ}3!|0Wi39Wq@ zmlr*QhS|LWkk6wp=LoZ{aiJa{VXItp(aMiGHDuSE_u~7CH_4E?d7cI6$8P^&5n~N1 zEO87qCF@#iZ}}C!0-)ZRJGZW5lHUbC32E971W1(VeM+xxkk!$cqxKN4Ka|bQ`hP^7 zha=lvANC1BZ8a*jDJ3XE)gCq5YR#CXR>X*^+bCjF)T|n{_e>~B%$C}F#3rg})ut$- zsP@hMJkR^S|3Y%k`JHopuj_M3&?%O{jv`BI3XO96h&YBH(zYy31ENQIDUP>rjI+yC z+z(EFB=iX`@v)N?Z6Hn%sV+1l<3tS)os4yuvOtl|rp5Y6lQlzT@~g1~frxogOO`S8 zU^QOB1`*P@#ZiT#E_;Ua5P`fUsEp)|fvgQSe(SKu)7E1m3FYZnO9_8q_&!cLpU>Y@ z#|BRE$NxPx)T#5FGYB%%V{~@fAH6*<{UhY=jlH}>*PR_d&eII+SsTB{qYha3D~SLE zgEQjj=!H)L+szid>x!5>LE z0CU3svkk5X=X#d*+ro}@SHXbs0w)LAKym$hg?Ozs4WI|xV0d^Yd(F5>g7oBxYuKR4 zh$wIH0pX4HAW_&Qgvm|v4%I$z=zwqLmTdo=dqv9+p5X49 zi!9#6~)G7&B(5d^1NxIK3oRT5pRJT7BMlMg^V)>#i zwBXwLBGR!hsXYF^t?-PsqvHqvwuQivD(k&X0`ePg#c$?I1HVGpP2q>s6jAvSMv<$x z?N&wJR@>5~CQgTx?15AE~J+7Eo$p)N!B!4sXXFhYoN4+U$oO1=n;&w0;t?)K<&mzAN3 zXDC%+t&vEzObg@e$JdR0s)SvGr^uI=D+bd3qb#Sz9gM3)OwxRJ53JwYtdt&1xhPQ> zrh75`_@KTG?jb+E@EBe0Ol+ajGo+nn^m^dNA{4n>?3=>dUgq z?r3?{PE%tH1AD`WGkwq{JUuWU2rRi<;d=uc9whH{w`5ssb)HrHY>sw~10SC)K9C>5 ziufZo(2I_?_ee8N3h)`V8Oc@+pvfvC0&NgUB%t(Aty z!|C7+@hVBpdu<-Y3uB`ebsw~hb7giO1ash@4E<_vKb2qqv+&>d@w;Y_l64|(Nm&Kd z_(+~YR_mHe!GH-+KTF~9iL9M6_D3Nx6ur)ec5O`ut41u#<|XHvzAFjnUrHL9XnQo z`X6HcRWfhVT1{?^KE<#LxL++C={mgNuA|W=LSBb3KV0#!dI^QQR9zVGDgk~z<^Wpj=Df->IHpTL_wsD2duY-n4UZ-GeCn@>V1x7j~5 z=UnFE^Y@qi`y$S88r#hH0K2vCOtJdEyMzuf4&I{I?V0)}dB8&<2Hh?d|5bM#eCaT| z{uC{0UO_NMx}%J8R^bUAbCeG)|C<>(@p7HU|fL-I4+4)`cNy%_u&7iwMs zSuB-21u$BH-;Z))Het|1N%nR-M+*^h*l58*6sWzH7XClK| z!K>%;d1C1Tc9jX|gDGUBW4-ONY9cbtuXWj}Ax6(HeMO5G8_Wzwa-S|AASy7!(!}Uj zLS4GVKss70>Dbr7^M$fkuWBayqK9|y?($J)FzcTz%TWA8CYOw5zSdsZ_tCjx*(YbG zsgtv}yykdGeizEQ>fU;y8kGsVKptm9O#;Vp_x=j4DgPs%E!}z%7LyF1@I|4bLzp5g zkg6OiCLXr?>hi2%ais+e&S3X{Q&Y6`dYeVS3uBz7aZZC*YOI1zETog<^z-Msji_&j0X;$sJlXlkP>of~4# z=uI+9p58J$jBEd>2cNz_QoRg?{%Q>87|tG_Sa&|7#oG>OjV5WptFw<{ zhPNEFXG2nxS#$Y@V~;lqE1`t@gsQj0O3Blo--KZPWANDb@szKSl@)$s%IRAh*%b1V zFXhare^v8SCACOW$R~sC;|E#I#=7@8evh6MS8f-hWSIA0MW%9mD%91l@G8U3Cic-U z^9>%f4uo)#OYUugtYv^~pUI-jEgh~(!K(GNw}w@Sc^i9wn1P1YopQl^-%rjO$RNLG zL94RE&+!w9^4MU`-1bsZ>rsUP<~6R&i9 zp~VLdmaOoQ=mtK0l1!tIg~tTltGHc^`i|{P&w0tYI!YG0tTqgGZF8sih)0Frp)z7y zO<7A=d?K&W(>w3Yv-Ss16f67GP>3VX5kpC)|9NYXl!LM8{{?kg9#CeQIgp)+wi@^1 z(&+1@R(Zs(&<+m!Sw+~LyiDF^!uJnGu7V^BT-C=y3$}-xt20VgU?@*qQNRfyQ5y5p zZy}V|O%8+WrFd3)x3HLbWCz^zYX$_Klex?c5?MFoIVMRy zg<9jnn75m0x?l=9-mp8s;JiSK;|p_Xnb$YZkRi%K_AHhRsNR{jngw0Ay-w5zrc(Sc z;%C7E?>}Gk!r570_U|ni#5{YX%Y_Cw#I(Hw=CFLUz&j2+Cm|TDfDt!Amapw`-w|_- zJ7IJ4^hTy^&cD3&ymGx0kF^ym0_^5r8d*aOHhW9cO?M&UO4~y3>=3)dz+zrO=dX(+$3d;oRN(o#?+h75a^b8=JrcIR`GJ?9 z76aHMs_~{YOyyOdb$7r1UZBkqhfsG~^B|6TS{ccRz8t^mGUNeAxvz&6984eR5f zO>h@9`D{?vLk*Rcw$9*$CqTNk(tI{sDOxiuttnJyPt_~trxDbyYFI({I3e9~`Bzm@ zGPY-6YqfDg3DU8n5Lwbrss)|434&eNQD* zc=zMU`BaCrF_n?zb>kb4Qb;T<>9^NH8;E?$hqbQN185J;LIeL7-^rx)>=eoOayZ`% zI@f`vpN&+QQ>aAa5Uks#cGT&o{P*ZXViSYr_qm<)xNm}Knme{Dk!Rq; z>i%wYlhdX9_qMsMzUIL%6U!NKm$;nUpv6k_ zkB_d+%N8YF<+^!{y5L}Bw@Ty^0W8a$3`2s+{ed*Dsa9cHa^?`H8p`6?gVLfD07@1~ zGxd`cMZ7?&N52}lh@t+fZdfk4Mo6LFo)6l+WdqHrHA6I}LI{5+l}uji?F9dni&e=@ zJk4LEgIMQ`@>+y^&+j3q-lKg^Prfer5RRuxLZm_?UbXXd{O=F2XwJUvtkB1wH}kW- zXZ&4I`n@AD`4asX!5#EJ28R?;KB9Dsf%X-{ktc~WHRLFWM@`go*>P2^rxEX1>??`3 zhH}!mW z-U#Y$i)ShX#+Inc59b{d#|`9JM%Y})Zhuma|AHJ31SVMd(IchIz1N__0TEQtkiOmz zvP8azl9_`=J+P)x*4CT3{53nB@7MJ`^Mm3bpM_a>Z4A_a9r zP0A#hdOH@Vq7NbIs)_*m8Bk+ug-^$4O|Uqqvi=ymzWP8yLB>h1x|gD1d#XZ6tM z)GXrTHP))%_G2Hg&>!OWPH8FQ_udR98zJc)$&c&=&tBz+;BgezMA=i7nhOJCHsp|6 z!OBdeYE_YexUhGFS0ceMNZD$^>VFRU&>!P%J@%*@IkeK_-0oU=(NOZG+pV>Ng52H( z@C^-fjep!FljF|b!_;66!bA^)3im|1f`}z^*R0pJC<$cUlCrojry>|Mp`bN7j@wHk@3jWxY#hGrYY{`~v-+;?1Fx&*Gef;o{b<{YO7zN|SAc%5Y{0kF zqR#VcocjO{dQ_NTKA@s+b$fx{?>%Dn#?(-Ch}4vwhP5PBm9%Y6+1e7X6V13 zTU^3LTzQ3^w2^smu7;WcnxX`--#)LZu7{Lqw(Khg71+iebElf@vQ{u@0Cn$xdpH@s z0fI#IMHK-?Zb>%ofl>|UO*FUmhpfV`vkD4ICQIy>J@ik|&{v5vi`1AKAE|kqkvAQA zyIxiXJ-wO#m?W%?o&Rr`RCu*4pC)tjG=niE{j}pLk1}C0GPya)JGr994YVI|$ zMutD9#4>J!%dT?AlvG_OF%O${;zWkRz;BIKZ)%1@`y42C{qH!+E4h4vJibXxq(Pwh zQGjE_VR5<%M*^_@j?2_MDJ}kTK~?vZiSCXV<}>}6)0f?c=QaMXdG6KNcU|G#l`(;) zr(TCwmcY26Wl^{ANxw!T=SHP0C!GaVempKp_AJ@et1ZM}TZ7Q}@3aw3dynF`cvm3s zCd9}GYQ|gZ1Oi5?90mISIH(Mp_(l5=iJ^rJf?ltzf6?EQgB-e|b(tWwVkibp2|>^=t3( zFbaMSSJTzZ8(G*4UY5Zc>?yR7DpH0Q|Ieewm>Z*x5iI69uMVn1@p)}EbEy^?_k0YyOD^T3hxRSA2K?s}@fVCcfWOi32y3_ za=`66_Zh>>QA-!Gcx(=h9_&*=*?BJey35n$L^Z02YZ9|AZNEU?hKAwoevhl%sUAJ} zHg=q&2#shrQKP$PCIcE%b-YW0YpR(GccRo0clCIpE_hEvZNQABVZhi&>^*K=`8a5$XYEQMANsKK^{Quu8Z{-LydUP4RN zHD{fkSydY`vJzSh$7fyR#Gs<;T4(3ZLfSiqn(DdU>6MJk&aLyY7y6P1?X(wl&}V3< z^F7lHY3D!A6yRDp@5x2elRElz3y)lAW&kqN;=vDL4U8(sSs;=qqcml(uJT!2utN-; zFWQt<>4d|eOCQQlELwM6)7$+6Wgizcmh$$eY?0y=1Hgbl3dISinyQJzf4ZP7Co_7j5&V4*gSKFx7=$H_L4oR2%c&BiLXbuk;#oy&pQuLs{>}2 z9+a6F2_n7pJMUoG?1W`PH{}>h7Bq5dt6uhnGR0nfxSjk~dbNltV6ml1=*@@s#_VK6 zdCi=zwU>5RUq~L5GqVm%YaTgLHR-wzrXP?_UuJ)CQ=+Pl*yzd-NY2JYV+!Rn=+PA> zD`KQYyCgKcOXpW~*ChPuYOMy_K#2MkHHTnxi7Q&r8%`)WPT1`7ep+FCZFu#nvZqqgV_^+q^ zlCV39W&K4v zHw;Ba;(^o5(IYPXB|UYJ4EC)8@84Mz!vzcn+lql&y>3DR{=)z8LYG8?m=1W%pq%5Z zy66EwuKqw&5oFv@`MrDLVgEdxqt32%2;Q8=o_T;SNBXeDUD{scQ}ZUqzKkc<`n0LB zv5_*w;{|Yl*-zbaR>L6f!oR z&nw*0PK8wM8)m6F!H~LTxJ1BBw^9QEyQTZby>sUdhwn-$GuHsbs?I~B-+}rat^L;t<;Ax%hS zCB7}#t$VT)O#c+~p1ty(T6{B{a3#Hi(@Zvx-M=;FkeQJy)5-GPLp#)e|taA?&14Da6jDvU2w;%oYvi0HUnNICUsC$v=>i zvbj;2*B?P?s!p@74Sxk~SW|uLNIEp5JW9C<5i0 zLe*qeF?|K6;~x+JW~$zj=xEUv?}@f^Cvo+eyhH4X>;oDnNMt3dp0jjThKe#f(%O@j zPxK)(DS05J&sKZ4$ty5JL{dKYWpa=j6|Q)J8;;LEDxC>>UG+vatX`Ozee6r-t%ruP z<;}~GOP7I{NM%w{g@lu+wB1oP7S=D3EKqK88#a}feg?B@t)+tvs$?&&D!8qEe*2}o z)6o1&c!ySaE>OU1F1s?L7?R#rhzs0>b&8epMcmC`PY_%NU0vVE!}LR%tv1?b&yDbo zJp7bBS<~*CxQibWbaSP?N21rjWNw@66rRR%$|D{_{k-B%%%mrLBZx^2oo6(oQ$VBz z?13h zIJGlmqsA@Ju-u}7_Tzcc+bSi_yNIQ>TV6qf9xZ}g_tieySSwFB+ zx3#elP+S_vDCF`u=z@P))e88|f+e$B?f&Y=$afwd9!M|?r$+f)$MD-^h@0#a$;j!N z9Z}qw*q7JzU!G99YM-z!+i`3gIiq9hAw^WG4+)RN*$E(8Ig5iK$jNMI(T}>hk`kk1 zUkFJgVaXoP%g)}>t?9)aTLC}seZXAOQ{|=R48Nx<*D57Gs!=fBETz^BLNY}rNTyfq z)AjfB;8)&l2|AH-FLZh>sTJJG!Bs14lwQ8sz_5J~^NVK^ zF56XKy77oR2A;gNf`u+ETf>m4CFM?qrw#3FWb9*K5ibUE=O>Xk)e@-F)Q{rHKn1fK z^?jROpj@ca({`RP{ty4@eW@mGr;qxK*Xxs_LvVPXEXKGV=OUidSIy5H^-~4rf@;%3 z4|O#P^a9gl5XK65`&>;*#lk`yvM20GM&G$*$;1J4%te~FhfPWX_{#v=LKAf`Mx>mv z9oa2e3yH8l7Z(?hk!BZlaqlsXA3ki#$=vgq25NK_7=E%+3QotGK&$G4mO8!DZ`*rS zo5taS6d_jfE#>Nt-9NavxJYnT$-fISc=u{;AM%K&OGq|$=F*|pfRI`b35o)+(MT?w z*D~+gg~O}+F1+Zo0{o^K6O9c+vSm9v@H-R3(?!(XQ6-DDA)>m-Q=W*_mP*VHB^1hL z%>6aU^h95xCo_Mu>223IIeXc_k>kO}WLdRh!ivrZ$fE>{Iyi|G*Rj}{^ioYnKAt+X z`idMqz^Pxc@#2wrC4gi0>?rSKkI|2)?YIFVxjHx8&9zl!{U!a~D~hkaLa~jBV!7%& zzm=bm?S^*5(%yo%PRMGMSBhO1maU@w?#krx<(YMqyIp4=dg4SaK`w83k?-39TFu1Y zstKjDpZ_mwYzFD@pRd#P!!K4Nx00%C`?Y&wgEysh?hH6{;qV+Pd%241*q z!KrchfN@JoIY>N6{)RC^$wxzW_#J`+tJES3nxfAlLXtrGd@y+oDu%w?^cMff`ynuc zipJnFF4Bj?45z`h%T-1gu6dOCIDVcOzCp9lxp_w9F#p1K4eB)ereqf5W0jx$Va#DX2kx@y-6TzrHC*8_5X;q2?YWw0KcT7+p%f*TM_D zM#zk|z{%eTXjaklfC{eZ<9fr3%qeUp>8joHT-BXC?wH!TAH)`geBml>r`Qa?P63A- zl;=1d)BJrFCFgfV8mX1@IA3xeYnGtone1yceRLS0XPixS4u4VYy*7FVG-`lfkVQ>U zL8z2bI{Pv-dtSokDU_;_tTmO&bZ+iBL928)$9%%%G?4gF>#8slSBf>}-k#fu&_CTIt^bd5eDx1C zV5{&>Bb}6PNT-mu4&9;`DUe|@j1B4|dZahLCJ?G3Sjcalp0_J@hRfeABycC?IiMvw z$pVQ_5D25g9JlYQh4jMtfWI$z0(X~k*R=8gRAlw`jzlHI6IeK%`In+O%c^K?*-o>B@wA|Ej?1p;x1F0<&9J6V`=Op^`Ues)b}Rpm#t_fK@*nWi zrA8lsSi?@pj-RwWn#>v|Zh1xjvBUmF=Kj2Vi@WDFv=ph3Wp;C?(fw~dzy6%q3F=du zss{8YJrGXF(!T7NlIr>NlW0%UoTVYhjD#zn#Dko%?=J9#88u(3!!fE@EPv1!3h5U? zY$3SB{Iq<%RH_V;?)Nt1O{DBaa074uAC;*=4+4cy$J>3}D2c=BSK(HH=x~)NJx`x3 z+>Jy}BP7|wxvtQXLd1Msf6 zY*WFH2Oc0*mmYCz{<`jNiWRf)2iHbr!_(WNHUr>i!CrO&K3!DzRU8g!pO&PdwL92X zvs7bk$P+VL-&x_@4~Cqr7!`YBomr8)Vzjpcx{I@m(%Cb84x{ zl5$eaQ!UkZ`-o)pl=e_2D)t3V%nmCttY*phg9?jhiN$OTely7}A&Gf^x}|QhT@vus ztO&=R-n0g?6{20zDd}BqEttgKT+?ngf0}s26JsRr9QiTz&SSYd#(qVc&w}KHouc?h z`+0Uh!aUDBar`wNxaL8Hwa+m)RW<QxoN5=tZ>Y@N&etDJMHVIo;z}2`^3`7L~pjB}0fCJV< zY2UXr3k?_=SIr>jMz>vUMRT%51Dw0=GU*$)?a{n-sA#tKX{yHbv=(>rk>qXJjOz(W zx2K;T5+gH@gW_V6DqG)tC8X?OBxsm{r8CD(WR&{2jccEDmljfu6e(U=y^8j9uNyQm zUBwYlcP^j!KVL*T1DGsZS8Kz#^6ceOC61S-Q@TD?WmrPJV!a1Gw=WPWBCq06@828F z9K0U)p!dh^=!+WKaOY|pI$OKuSZ$d0R6S1(c9+x0ce47S=~>Lzl+k_- zmJ%k!hv>At$@I^LhrO)v7WTNanp7hqn+n00z27VZB<#ygy^`g2*$CKne~t_(uafmH z?8gT@5N=TqBGO+_kq02Y1@RWz(pYPK!)!36-tB(Sxw)lqmw%)X4sZ)7> zuOA9-q_G_`w~@QoJxy&7bY|P)+0x~gwGuXq51DHD%{ZMEl=qXjXk9VIP9Bav%BoF{ z%k!qX$-kd^+m4(3I<0g(rFMJcYCid_o92WBicQ0QcufFy0VHv>6z4cJa4SdH_t@2N zfVHYU+Nh=0&;yu-$p0yU1 zopWQwLYA|}Bw|&1s>Xe?ECG_&9vbhfIfMIJkiy;x;?E8lmIu9rmDUxzDVUbplrH(nO9q^*P7F~VEj8h zss=q%HaD>VG9$VxEh<+ysd6MFyFmM@8Td+NBJYb9%m~IU#PnVBgN(9&{67Zd&9xxw ztShgse?~|9>79em=%L!XcBPOL_ZWG!r2`?b;5qFsy3dit+$>=C&Np?w`?veaN(}lU z#){6=DzSHPWD(6zWQ+bXd&bhcey!a`B{*(g=bDZ)kGJi3H6?)7f@uGqS3YAWOIxQS z`r25N3!?eDHo!Y91oOULPrtVo8!xR?&_mHj#`bv8R3; zHiNEdZ6t^MOeL4Rf~J?wLp6hz&eH0@dDuB#t?g1vG zoUBSLS`XUq+nbF?Nm{NZj`;!obs7vLG~frtU=!5yyt-6`IBY5Oc|eV6=AX3nGic@F&sdma`lS!)|~3HA)4!G z)sQMa=GRlrcK5!WS!AR?ymVprr0G-_aqBFt8aesOrWsffc4Mrorf!E&GP&qDDeLv` zkh;J(_@(@8nUU~?sUEXoH()Oz^c4SvA^OTQoBjr+n}qat*r5RD)VCKH)nV2=1Ub32 zpKhDtSRM^jrb`Z&d4E?;0?gNv>pEU&qv!9_w=x<2F2Ev?T38ryM<k}}3Sl3J}o)%9r$Hs7-;tPnKZ`v1|A=5+%b@pJCEyS!y zw;m}(m1yOU53@H22w7=(k>S4Mt!Y=c5Bx@h6F2r`uK6IBG^(Sh&|&K z<6Wwhf86FAZXlKKIQkmLOn6`aq6}V}zKt$5K;;-HxyQIkq%%BF@oo{6?a67MYMR>F1r(IVaC;Q7%R5_k6>XQ!jsaC8MJ+4@w z6J$AZWio!!&hU?gb=idvdQ-OV&o22dM4iRbx@5@WKO8lrMCFRr*!*B9#)nM&BC9sa zClzQ{(%wncQW|1X8>Z7&j&hw@v=6006G?mOoknW8pwj^gCAO=2^rf_Mue~{EfP)z~ zub0m$!iXpSZx$W z3-2|IIxLCLzzdpQbH~4@ z1~*UpMNpi(wax!gQp!k5irDSifipE7_*qhWvkYB1KDQLJ4Q4#o_cbKf&Ax0R0d5J~ zv@Its!LhX81810dv*K5oN_FG8ts6Jzo7&sk=_C2|Hx$VvC~8A1&2QQ_9W!qxNAR;8 zTv!$$))9d-w`+b1({eBT84p$qy2lY`@9P@yjIP^39?Oo_i{;&>6SP*!+^*{v1Sr2b zE6nH8zt&3zYN8JC>80>z?~HPK!y?=t*w-)hks20Q1?^rIm2@tb1#nG!ctKR@#< z;s*@Q+%#{JqDscjsJq+MpS!4goX^@s`WU1{B}tZ2Cq`1ycRE;`An;ArCZ~T;0IgH0 zkvNyDxQ4(i8J_$~n(vsvuZqv(D-6b7&Q+pTFiLl{s1>7!--O&lRq+TFsLmuiX}V^l zOAA}7S2S)-Jk|-E&3TO`e!ZgUc6NOzVC}n+F_{j}=Z!1S7NG&S9 zs;Esr@$p$E>&mVaQ}hw!(pb4niI#T)&mE+qF72U^>&O0jS@87Xqv|lK0OAH8ASlxW zTyk{;A*wi>bKG$U{t{yh()Bd`Tg2ah-))Yij3{mIvspv@!QJH>v&xtpaSc1PE$vi7+Z|PP&s=y78JW-CC*YtVc#7h7 zoH;ZYhV%9$1BfZT2t#!-A*Hx}^&gpC=v5ha_tz~y0xFjrH@wPKx5n3)=p@-tP9Y=Q z{N-m3_*b(h@7j}7W@^@go%=7uoyc!^h2?h_E*gFg1oOL(9x$Q3A~HaeXIOb(^P0Op zJjyrP!=GlDU8b93LwkrcH zFt$|njw$c{=_5*A>2doyueQ*JCr@~&l{w-+l!c}kx7t@cH&-DjrwTS2<(P zNj0g+Ef@*3+%FKVO3jBsvBGgLR#k%YQs4FFp{;Bh;Io$}16?E;(IRqsuQSuI-l z_1hb1xk&|HzIqwb)LiASgEA*w+XvuR0xT9-Y^m#(%5f z2+VoOs81b}?4`B558vi+D6KaiOkIYR`{}w5{H;*itq6{!l*}Vo#;{hfL|2dXP->Q zDuGJ|i_G|`x^qy5BSg6W8JXX6z>_=kb4-WEL6#N*oP>=ihXY8Q`c7?rHn9?kPP81w z!oq5c!<$}!%`zduDe^KJ@C&5Z9%5I+VZ!}c0%=3ONMGNGAIA3Hlb8302F;vlxl{JR z6WHZwzxV7qXs~ZSkWZUgUSVYz3ojrlW<-_9K_P@A_nN&BoSFA2sg?A8yrcMlD65&t z)qrS>3wW&!GQvVXPr5^OhJ<*>s&>{y z6~)qMz9u!I`Vr-~#>Szf)}2T{U)q}g3X98pZDZzs$Hi?^?WeE27dVEDeRY!)zLrM6 zvf<974Yqv2fBoTe?}GHn?Q4gy{1Wp&x@Eyfkmu03vjvO^G+jy7iSV z#dfqMOuJ$Q)E9eZMWukeDeV5F$hEBG+x!*L?Vm*)Y<`^3O%f}SBXN<7gYQeuZ82Yqaw zZM7)u`Egzzocv+CI2`t)6HYh(qp#&@HYfE-s6^E`&(DL4;(i_9)Y}(4zMzI9bb*-7CS!^g?B~Da1VNr_x9lddITqLYDpV zk8Zl7J8xhot2sXb#Yxp0#P*VxooOl}@P0lquw6oP&P(!JyA?`0_zq=sd+SETZBB*P z4N)^W=t8ZFJc+o9&}W5AD;Z<6u7-(fv25lN3niT_9|vklex&nY-ek9?>(ZzXU8g-7 zd5bS4CSt96GkNLIVlUd~<5|ivU-x~=(_tFdDL7j?W{VWeC8{)da&dNd`OT}uY&6`G zs)z3gll|E5V*#!jU5>nesk1-ymZvRoM`A1^h{>EMz0uE_>=bi4 zkkMFa3?hGivL$5yw)k26o)X!zO-d>Jq<@nm1ZjPrRp~Uuc?NU_xVcF#B}$j){9<( zSU*1>B7+yj*QUooyh~SOo5PBjG1M(O_do2Zs?;Zs=@}Xd;qF*kHGJD>HiJ#_x@@Li z4vjJVY7&u((kDt~`0tZoKrrOQ@8_mN(@8`A2e`Ox`Q|yvNLtge$YH8;xpM|>% zDnB=TzgJbO@&LcE$Q_AN2rUPa0GgXD)Bk7`QIkKn3A_QDnL9O(;&+9U=&j_=R3APU z#kPx>YgS*0ls2-|K4O>X^ERFJ$^?t|ysq_q%UNE~T!<~Y11Q(heAXDI2k(F%Xh)=E zZXSaj2NrxyP0a(LGN#m;<_-sjwxHB6PO&Go@2(0PKlUdxq1jxNd?n#tkI1IzS^~pc zEAKg$3b6JaFDn&HnbqH9>4%dv2!y=H=(tfv;7zGUT1ZL~WZsa5N z!z?zn9#x3^C`K?D@8(_06gn&@H|gjH z@a{A-RF@@(1x zPChD0HdlTErPND$N32)bbdW89lyuvLQ!ShK;%AQPpuD~$RL}UZK+6cr&f&$oqj|t zlbF>fRn16f>gbdLp3v*#)X^H{Kprb2TqspvvXwn^6eHoxftoz^z!CRRw=VmayjZ}Rmnm8dzq3yqcz4-uAM}8 zsqnJ!zpnTm58MH~vvcnc`bVIpr#(zOv3&!j(BBSM2eYZM=ob)DRO{8W&e@IAg65N5 zpT-t^wPS|spVFdL`u#?TDs>kEk9y|6Q6L+d(Zt<$T3MHa)BpU`yZ>TkZPveS)k?jM zBE=?PoP3p9KkAhQQYnfO{h3w=!&S09WN%NeEt?ndQB;@6xP#PlzvfA%S&(^G?DVm| zbIJa0mk|S`Q5~SaoOdykWo`vp)|iR108M6MEuW;!*wC9nGj55>rF3`GC;qI;D5?3% zQSj31y`IVxO&03Zq03R(kQ8<^akt`Ota(GC1|vm-t>?HXShANB^wQY9YlS9id&}7O zxk|+nxOsGCx3-7t{i-A5cvnle@*rI*vtgFm-+?&U92JEF4>Bxp&;+V)`FP+*3b`Gy z!1C%=T^OV*NLQ>6JOP1oqT8y{UrX@!j?3RYsGrh{cxp#RVkkh@`Op>Jn>depD$jjo zbZ5uC%@VMc&ex43+4v>B1A_Z)rsBD{tuG}zZ=shurpERR)gpF{wgoJ%DUqYKP9e-{ z&-(d{*r(mO*?|R(;u-CkM`6|!QSJz~#?q1?vj})oA&T~T(~3E=gDN_MF@IAzdGfDu zhOO3Frhxx<&GGZ)C(r+bV@sj?q`aF@)|~di%1}TfkbCpOVLUv6{s4b;snZ9D~7T)=9hi#tdLXT&}B%){p)9UsnX|r6Kck`g+UlfF?LG$+MJSw zN=}_PpnsBEJTlm@yGew5D zSm&B)7{M<@OQWvW)=3O}4B5Q->#%CnQr*(ngRZk-g0)%=u5_c(3nAj3>94unTu;k+ z*U(bK;7gj@XKlC!Tb^z`g?Q!v;px5O+3^1FaY0a9i`uhVv-aLKYX^x{Y9%qEs%i$M z+S;o{?O7|acU6qG_6RBnEm|!~tg2|G^qaokpWp9~JRbQok9%|PJL3PePPpg#oiwy%mzv2kxDwVrWVY}rv?`_Q^>WM z;h`8L84=A4PZgh9Hc1XBIISCOx8yO^Nd~wSFcnDY{gzwWbgM8_YD_5Z+rUnh|4&Y>&DjO7ne6n8hZg`}9ah`bz01 zRo*9u6qUIHUet|sn89g5G3I(cC@!odQJE%D;ryLm2u-bcg68F_)7C9*$!nbn6$_@% zu4q*lro49(oe`O{^(#*R9WOKJK}jn_58#~k^s#uj-N8ZHQ`&1Ae4USAZBAT&4h?5; z0@alEMC}TUt?vtWz2s=x#pyitil2!~f5xcSmkK%o)n|PwnJ!cwC#TA+5cCH!S<|@d z1x@L?VbXqYwa1+l7RrzIZcd#h*unKVaq@?AaM=^*Yj7x7G zUy#IXbl>ZyQW6XlemKc#x88LL_-(;@twQi*It-#;@ZIERe??eF9QkV3-7tU>I0M&s zP-053{_kKRGFEa43?MhZQH3Wy!GR;b9zR37hbJeL(#Nwg+7nbC?4O~=)re1iJ?jk| zW^;Hv<|J?j5?K=T!+FF4;9Esl_~IU$Lz}lG?O)44-MP;E6LRPXdD0P=|R&QdQjBj z5tIYOcz-wu#>3CW+S)(T2L%guU*ya@V87%2P|&pa3HRA-w}hW+2utWa@gC7mD=myD zDfL&0qeLwCieI|anbe(^ME)ZT7kMsrh0VQ7DKTHMuJ4#^)Y+KK4pCMqoZ8mWDxAt) z*Iv=hB;T=xGUzvce_P9hAhSj4!NU!`Ndr2XUD?{6r?M^}xbN}(eVh(CapjFp3KGd= z^Uq>5cx!rZPULN0>xMgeQeih4Zw(qy(4YJbMOjpHZABOI&BZXTc$+Up zZ^rasRC8kZ`Y&aRx{uMch22Ux{ilW8w80uZYq7z*1VYm zLL3lF`34DIing^n0L!08=XlQ+M~LN8U(+D%t3BKNWr3j=T`xtJe56#_|MoL2ZJgD` zv94I3{N4+bS8Jp&#rCd_Aw|70sf12CzQDTBDW4|7OILxtNBCfo9%~56%Pg9M z#b>(291+EmG8)lN+x)78Q%GBrw)Hl|iN~emZuo7@RSbUBgIt2xEcOVHp+t$bK~rgi zr^juv`~ySWH7`VpNC*6uRn>eL!Gop7@Cw_G1Fz5b|prQ;PWKkjR@ThGel<6Qw z^Mu(+9$Tam5x_7ktX+x=)FXQUfTix!D&KPCu){P}ta-*^&oF12q#}Y7`&AwKDwpUR z89ZaePY4yM!oosmaB%R;Y8D9f(!nAYr;USrz@1mXSiEpavayRph68Qc;zRc#;>*p=VR;5(8HA7s_Y)l^0B%HXmpl7(5-}YC~ zg}Z3>j(TSrn!^}{WpQ7oCtpgQM%wb%{CjRNC&bq(y9^uNfHjk# zkCB`Px=}Uvqns&BHxCUx%Sr}|L%Ox&2=eI|g>^+N50KWc4a~SLE|L7oRI3YW?QZq* zhE4t1q|{$H_U@36l;s$as8Z$Oxn^+WVf@;w*b+!B?_8f)$*td$xRU?LWGX`(eFs{O z9!RH`UVa@PJm%6x7Hg2udQ7lZLu=qOq!t^hkG4C07t%}flpE|!p$e((B?v z3-}Gxl2?Hi*Q?gIYvi5!HeYA=Pq8Y|N#Ls``@6oX8@!Bu+CnBC*)Ok=$w?XxlpKa$ zE)ogmoFUe-?jCUS7cj;C^XdOx+y=+qj2BXoOJA>M$}|KQ%jADW^(ZhDnc#XrMpowF z1NImbe-1((+%9IC)v~qaKvQX{N?a&m>D=zxMRVT?Dq3+%#YHeRchdaO7l#M!4rvBr zj)o%Mqukqaq(ILTwU3vO#%KPs5rSZpae<;_931TUL^afDr^lx#hks5!`+v0K#mCYB zS87bx?HflPZe+KaZb5{}R(=iZA4nqc1Fb^~(5@kS6yrmW^I=rCqfs2tkWkd= zPQwsuh<}#l)4JRh08OH$Lz&5S)ZkBlP-3%8HFaL>vCvTCu#SxZvf6WCLZx1e_JnHP~nuyZ5OQSB?AyWCX)$8f}{bUjJP^iP;%}!=# zWtCQ?ihRc1xuOv=HlP9=T@)udBTHW4%=q$4wIN3Gow;qvmlWkYeIOT>}o*h6sLqLwV zwjJ)(UP4B6U8`0+eJfN#{J%;bX4QWYu)EvFOF81j4DYt7;rW|7aK;rGpF5tgfOsd& z?a7$Q-xg|rLLGcLq3_LA!$ffrXKFAv2j!JUsONj)Uq;g(t$G-}EY)EUEIQ>yK9EBT zjxXdzeYsv??D=J+L=j!$I^{aKMAXy!_Ryq&i*3)M+HCj=Z(8_YdB?{&DxCJvxAj@# zKGaLzwGs0lA;FdnS!X(UidUEYAh9VG*|(M@cpZ}mcvzb4cHd3(bQJKjRo#9_12;ry z&wQj$!2TP__YMxW^YfVxYRBGFHXt11cC?VzXr_u`=e@gbHV{B}0}tnk23c(8p!YsK zUps96SKGi47b#E7Fr28r8J2$>4Gtx-YTnD~n~wPnGHBNnd2??vxJB=feWTIGz-7@} zN!58TAh1;MR(@`am*ZQCmBNv9^i?(6xF?A;%3ixLEZ@PKl7_MAM2Q88RaNxuoTH@r zzcWHLSEO<({bC+|1cKlMsMXyY&I-0*i-?7+szYn=71#WFrMu`<}PAL7#N z?!zTdFO7GqJyp4~2vgc<6J|y8G0RrUR=~#8JpGu#dZ-`mi}JTH>1Wdx;=E6T70>9`Oa{q zK`re1Oe+4h#Y4U=vSG7U^ICEm`kYdtc)p-xv02HTv)P2T9};ut{vhz%pJS|Sja6|) zfllZ0^gbH$rwCZ?k4tFK0WIs1pOjtpc%{|fyA5`l)=OuQjVA@-wGHm2@^kB+yHgC_ z5pkwQFGi=|(AB0;j@tcFKrPG8UCo=zaE5MHQC2F#$L8ZCn+klAhY7Hv4*~=Gc$pFz zNc_u^l5(DuT9#hFP4VC6dm-cd5PS#Ql=QBkIU9OGT~k-#{L9`5aXIxl!@AI zRm2C18YbTur^i?Hdq!b7!GE9CmhgAJg%`peMi0JNrH znR@oF=H{7NlzXa)iUKJFJY~Hz@QPB0YbMCkjbKHev;p3H?y6zR>FJs<@BV(tN zP}{>#0u3g0#kEOxAhDic|gY3wGPA@`1cC{S}W5jF3GJdc}gAK5IbOQ zxG^iz>OV3!p$Fm6oYfgZDfOy5Y$fc;R>fuEuU5tu(XzJePy*+c{WOgVy$|l{@`7IC z{W|G<+Vwamq#NhK;Gezp`CdbJqVK8HG?d)Nu#|9jU-%DHLaM`;EjxSOyXm&&;#bG? z9yR$fqJI$jF%)4Br{T3gZN1DXwhRHQPird%nDN2XPi^%5o7YI1cs;N^NAYVD!w9u! z&vE;Uv)n5cmgR`3SKB|Q0fGBcBuVqJ>^eUi+)P#@WEguy*+rcEu`0?NJ4vJ8i@D*2 zWpvfVhj>tF$*{ZcSnP*e{#*aKqyN^w%WJ2s=)I*gG{y3D7MyVuQT60OrxvXz>Yem> zD}>vvq{Q&Ls0wf9p@MlEw`&7Va2%h+Cw1^i+I=(55b{zFtXPZ6<6I3T@pBM`STZPi9 zW_cKR!Yx4sP;^iQ2LC~JoUY0f2-v4ezLhi;l3@&N^6enoly?L*HYcZW0-TVgeO;$KHXbG7(55yF|TA(6V?xBy13OD@dplt=M zR-FzIg8G_Q>#E3x<_laM-z(Gm_=(jvJqQ0f%vLNO;YYm)@oh&=)6+yM=tVrcX9h4u zq(kIxQgX|ufYLlL%tUo$*uv=~pnZ@*HicW6lPknZs@t>4i)1*9Y9aWpED|-PMU}?q z5J8VI_5Q|>V2WE{3MSqwei?j()a~A4|J66;-J!eOP?FGPJ*=A`Y2opPBk-*xpCe~q zgVNiOZ(zgEy|$!4CWxWagBVBh)w6}jrq&}pbUA+dLmyD{?GBB3~OF4wjTI2!AbEAz8UY_8Z3!!(kq{K zj=T|qsJ1j1?i=Yd z<(8M!!E85*KI!&qo2Y+D{@@ZdizJhrz34B@1UctV_Cu0*{T?>AxZJ(FW)!VV=1bW95dkRmcSIc`qI1Vfr}QN` z-Yezuq>FWTBSG8$5tv72e$oTXo60k?Ux%=2dyU-&RnQOR2G31=ou;VfMh%z89lr4U zU~-;SE;?28+lz3$L)L`->1@aF@(+W60b!j)%I%!eg`=9#_9T{?k_Q9i|gDY9hgc9M%N?|Bd+VeV)xI`Y>8INiQvl5|kBHZ+j_k zGs`Qe`KaL;kc#5ajcu!cYtjlJ9r1SCZC!yrHvG70Xe^z0!&>y6e{EYDqT)>1I6VQJSBoD-=^+LyM8&tZ{9;`bXu?=9-l&K=f;`IYN=;hb`Q z_yq^Iku584t_j9pR+fA01wKfNlli*b6-}<&TsMz@H>wXzU+*YcT3U$(!L&ceJUxHh zb3Oc-u`{>XSNw-c&{iVl+%xJ&31_zW==?&uv^b@Fc$7S0G zco7`}b%=VV|H-Mk1Sq(vb;y%69;=fHhYBpO_dPUvvrX6X!u-dcBc^I6sKuR?40`LY zH9hIY$tCg))?XxFrX1OMO14N9`vo1;&S<=*@Y8AGVeX?vbhd}yT}&TvW$CzrDv_DH zvT#hTOY%k2MZx;k>q(Tf?- zjCX3KV{pfh?^&D}K4g)toux9_WKVm zf#i9Py;to{rIYF#TirKVWl0@fm5MRkqQAQZ*&Bx8G=_X%t}&6FHZCbdJhUc<#e6cy z1Ye`rbCtdPd*Z>*1+1f7EzM=F_529t-G^W~CVe@Yfi`+7nww6sf#iwgt7SE@h>k|q zZm<0K**o6T=;*tXPf{dxZAb&QxH2!FIJJ4n4GHw|2$5A7SB}bNbsaP_{>|uD!AVfa^fglvPbb3}kURDtmj8Es- zhEu4cqx6_KtKZpd6+}O}bCnn&lNspyg75|<#6*Qv(33~Eqd4Rtti7ufkmQIjpCsRL zO7SA}#xDW@jmvOlQ_$aR+wp((u{ojx*l3;`hluAtDG0TOofG!D>L1WbLF_Z_;vyTA zR8}>-_|6;hzsOJoK3gzy6(xNtsmt#Y)?TstO`V!f&Mk9Lx~rINV;~vD{8rUB|Jbh& zE*03Sab-2cIXX46QC`xf-U>Fz4~vf=&Cdv3F~2i*oeD)Q8l?l~u3xZJvUZ6!gw@FD z-onpVv^5=6{ZEj1e1MRm z6*&7`QAuhgMlha*o+4c>NHkt&_ZN63%U4DG(AiaS4rfz#UnTa*Ll1H-`kUa^aXGlv z@e!2dm{g!Z>oz6)@IgRmPjt;>TZBk{L%aFv*^ghfilnc3lU`9*bB}5k*l2(p(Rp3D z6{o~Ar??uwlE~>txdJxYg_JXywol@e*urB0tb8og-SQNkrE%Za-HFmGCWvMO@NP3> zG>L2~Dph#3lQPctVe`&2pQt@})?=1~1Rl|o12Yi#Z=>%2$8rw4?FEPSzZJ@5iV2Tf zK!i3`5pJ=C0+%Gl-xA!mF4ZBAg&1_YAhFCRV+uW&@ED(Zek40UAN)P5Mb}|gHUE6A zFol#~Uc%JpJsp|RDc1^qwsh4_`w_aVQ^PKZuM(s9BK)&3!X)#_uiHh?e_S4=~jaA&gIS#AYbXN**4yvf^8?~G#umaF;jG`j z3jhtS`KW#akjMP;`=IO2!=_NDdefAO*sECicd0iEXD5s7sfnUB?>DZ(DT>BBJ_gZ6M~Vqb1^sH)nFW{D%;Oq%Fp4;xESP2W@_UA!@M+9kck{6^ z$Vj3`a^)&V=H0t@WmASK{xNn}ZQT0faonMShLPw*E6cPbOtprIy-j^gBgAn%sx!{5 zGsClg;hD33R_GOm+vt$Kll9NPn1Up;D9Q`n_S1uGxO8 zhtdeMa|64eRiE8pw?aah+3#r@ARg7zrSz>7q*nRRviSX(x#02JaDSYpdVs%^F^sL$ z@`Oi8;bd3V*q^#-TVt+C^wK^)>Ryx7r9ZU`UFh7_>zrXmNBc=qs1}5!?#z7nYeOxR7Iq_aNOZ+Hf%d~!sQmm85z5{FU4i)})%<;TvTh=_wx zh4p499+6(_XE*Y{3p37s_K2Ftm+|rji!I!X%UZB73cV@boCRPM7f2JrZ2f7AbxDCF z)&yk&So4-pw0@|vT>6>izLs`GeZS(mZ+jO`XXsQusF#nj^KANtcRb+%6Znj@q?4S4tS%6(YF5Hsp`GQL!0n7n#mp-Z$6-m&<(+*;pPd!p z{odtDs&Y_|5yJxVDd6OKkKCQwn2)6RN-Z6`eH!giKdh$X!ztc>?cwjC%(OL9D%J%rO+if&^)ggrhUL98e2DD2o$OP3#Z--ijL5W ze1Doj9_Uh;h}9tIxCvd}a>D7>q7%>79cN}(Id`Fr)o(+f0-{5N2D^sNm!FRi> zY?HegZFt0@R>$$|j`F;A1?5KQIhvln+LaCbRy=?Y*IysFq-eCe7{j>+PD+Fix4Lcp zvreUFxnrRAcMmSvf%{je{QE@dtl14d!QO4sEXAHuW6UHbPC#qH|AA+>=@RWXy;pYx zTcV9GC7>~vBqklJ6{dxa@XxYuvdy423vid;o{I-}c0u?fA3B-JZ$WFwnWU)N;pGP9 z%x9z>&}qW(QtMzm=RIS`&~pi?3^}j!FfY*UE3pYcP4!LY0cHRbm0kl=rI;n zXS__qNv`mPJQs~jWEAhRxx?2ycm%o2%EkPZ-&j>j8__(Gkekw2=d>9PGC0~!rF!WU zFGG<&-iY<)WEqP>R9TMN_q!ASAXHww-Of*z?)baTXFsp%W@PhhZ7qfda7vbwh(%{E z?~1tV2i--Zn$7~RL()n4z;yXUFJ&<l4JPqW)LDWe@B=hEDP?)l4ZqZoM1lf^t#5|{I2^B+NjZ?mNl&%9B=CI? z=p^h@eR~7^D}26?O(Q;xF4hFB@3kuL zb=J*5iHHU z8v0qCLQ;tJ(gWuK8ucxi?QcirqN7|#aVE@HVKpWnM=XR^D{r>w)$*X}@=_?&0&n6i zeED?IC!UWS9#zNcb4pJn+e#*vN{G8;R*wd6bK9hOO)VszYH{2@AsT$8AKB{4);)oP zkK;f<`B{Qb)1l#eFsH9^n-Soa%3;#SHI;SP3B1{FFrE9sXk|>+-UivTPVD^h6}{8# zc=A8ruZX_KCTGKx8CX9CGEn5ka zV*~mk^>wie?Zj4;JAY+H1;qmnJ^xEH5}J6l1`H5FpoQe15r$DP*(B+?op;GU^EP7^6XAWB9T76I)VRQ=fX#kx|a^6%}~$Ic!W){})V?R?gL{-bR8t3rhUnHx84 z7s<`~DUW3=iSHrz8_FNd5AIIb18Obm7=>o(b;SLo!8-d;lL+isEIsU(Vp;m7W;BWt zIO;vLam3FRrbAWDs^_rGX!doMDtBpZwOcAd>5ZzmdrsVY#?)V2dA;qV5@!k=jV`HVkW8}Oli6*RpbOpY8Upwe5HMRJ!d;u-}k@3eI%Zp$x>j7|lr;l|e5rd4?0;z;AR>>-TQiItP;> zUNMuO?6mz~L-_L!lZqI_{zk6{|G@RXBLyT^swXPHKZj*9rGa2yjVdO*NM&NdGUW0M zz{Rc>o6RLa0c(q{L|tLYo>qe|_>f1V*txnYx|6Ys6EOcVdx!MO8!AnF6`Va(Ip9Jz zC^l;PF>XQMb0a<9-R!Fa=+N5`%l5>(EVhE{-R=^-F!fiCN4gU`h4d6ZS}j0V2K!iI zIv02Yel4N8^PU=A`AZkCYitw!Z zH9@CU!9xM3@OJLu83B{G>*LiEOP}3hbHv8NNfd30^T(~@L<=z|c5xeG^LkKw~xznCqemMPzce$*;JmG72A z{|;>pNK%-4R1GlorlT}GDHJHBWj3Ayz{=^2(s~+-)L*pepGyzC-xM$LaLkXz2BH~R zsX_LS1ZIX8oU{4seO~V<%5tWB6a1qC`O}ODP!SBW@|=0)#zIvuIp4n-CVxc!?Q!2g!oC-G{f9tV8aodbCrfY@|N#kaiM0&XA3AgJpesk zRNTXZ^m%UMKlCYY7pEQR?~g9h2tgI;L`Po56jYTQ6JSlYSN4_(is6^Pnrs6<^;FdzX_9D3%><^U-j#&ZR;JnPWacGB1e;l7pWj>>@16sK>?dHU@FcH0hw-uSas=pR-chalbE9ubnC~TBMXX|n~ zdWf+@;=7mQ1xu)uAO2yDGDLBFQ}fKdHyoE1EAh=;GWInr3Rx!k!F@Ef3B@x$C)a#Z zL;0K#jZya)8Gu}ACtL!pDXzvCQN4;yq+7DZho2nN&3x|h@GpNVrR&`9mPz3o!hp;DrCG&0JtM1e)!UtPQs7jjui3O;>ik?4S9^Av%lGbB%TK%mCxye8(wIb z$ndknh#NYSM3=zmX81d^e4k=`(6~1*TKyhXGJ${I=~a8{X%&DfdIX!6`tqxXgZ_EBI0@ zx>E`{yb~=*6%6?rL*5=TyS;~MwgvY|(mm!#tZ%IsBS&I+KxvJTeh*iLqG9LKA5s(l zJTB*ehR7a0wCjz&J$o2|4C7osMfvA_Y7&oWBe@uxPZu7zDO^TgAEp@~r2p^G{2%%3 zyTW2H9PB>)v2>OZY!IF54)xBnx}EavyT`g_r<%G9vm8|}ccA7K*Nk67`QZw%kCG-c z8#mz72@htf^R~u)?e(uwpNUWifAPesMYH971@kfjMin@WKr@5ET9t%0pJD}&m+T9j zioK-nQ8q2Ov%J%uV9p?Rm>xiBbTy|ug{xK9BzT5+wGuM150@S&-~P3P32JQZaM!zAVUvOsZi~aS)z08NLsPcfKVk*vbdhPiErC+x^MYYGLyXCd)GStwG+Em z3;0uOm7?m~MvLz4&RFEI;pxS_Q+F9n9_8ApZhXW)^XyH2cKw6uq_4ME+8LjudFrPO z=&DHbWC_41Nb%SitR!c7i9nuHAY6)vw^3-j--=7i;|T2E0(!EGXJ5*7k}ONLOJ~>b z#M%&6U`I%I>4|M@Z2hb=Y>=9ILtC;0f)Zta3LET*lok6i^^yyu>L=Hp?KHBZ|H|et(LilJ-e+RtRk} z7*{Z=N<@O9X@CWI_&_upDFx^uxAer>@RxMGb>dcLPGX};!`lH_h} z$)WtdvE)aL9nIS|l{c+yBX<_t!f?HvfT5nhE5QT1ZJaI->V1&83*wiRGFAsG{oX5D zfuhQ%(8HHb4LNL*C_5Ge>@Nv`LUJ6G6Sr=u+`l>tM!jY&zU>u_w@{W%7yA%F_)p%t za@$9ng6tN3qnH1>*T|fbQ`zE#9?w~$jFU0<%{^1i3S7R2aq9#2JkSAj4^CwO%58i3 zd-}09%DV_~Kb0~KWF2uUC0y|O#n_ptYYIRo%Ta#!#bi{Qklh{wBfGne5K7tx?Kxo{=4XO;x9vsfk4UjnUZb1?hzrXFI=rJmwt@Z@?qD9$BNN z(M=s1Pe)d2W%;Fox@95LlM(TIOFTm)IiU>DfKc;TfXt+ zpAlM8$vKs0@c@kTAyw#T+QMP6Aswf+e!Y_d4G4)QXA^Kr9o(D(N zWwBB3I*?-MLmIix<3ajQ2LwVkS^Bk4|Cq6AmB%H29poDUH!*&K9L=vlY>SV+xJ_(b zdq*vURZZR�(fcn|^`0;g$j{P}Ff57DTA;Y8NylUS3+sXybYQpYV93;h#c<{1uUD zdYw+L)S}5(`%;#ZGv(lnp?YWE(=`fE=Q< z)}Zbd9rQ6=g;by9F=9dPeLm~nxob2y5OZ$}$PgJZs9xA10L?)Q#qK=f^O{#4EQJ#* z6GyZj%xkmx1RivO_1$QyY18Y%Jh@NuKBwr)R!QqO@=y<+q>@~w=-?#k=}Up7kY&x) zGZ+P9PEHGW$^Gkav5Gc1)IS1kdgb;Rn2&UmT_9f zjJl-_jYpIvZUZeGTJ{=TS=wqLhh7AvMMU6%G}rNT7W1HE>A-FmooN&D3%PX~wig&~ z1xMY=?z?3U&7adtX-{_EM8b+%Lo4R=Cnj%%Vn_QDqqI(e0sG(r4-@d$`ju|@~=r@R+_`~t>I&$)RgDKm!0E7^GqhWIZ% zSP?P>{uQaQ2UCSpW*Dp)eOjdA*!#Onszs&yxYm{>IRKx3o0+!HG^BWPs^d8Hp1PYO zv3eoM9B4Y6lo9K`Kr2uiXjB1SsCJljS9T|0WvZAf4Lmt+Bc#CtSEO>-y9_!ZfbuVGp2S*7q2oJj;Zx$(t(2|dr5eP4640ODKl~?{B7aA=KHbxn z(baei0U7h_bd9`7pSGi}hHcM^&}LnlgQJ>Q*9`$~Ik-fpk)752vLec3C*x>XfFb)` zklgsh#XHGo;u|*50>x+eZoo29hcARI7#?3I4snJ2p&cO|4}Sl~cKmH5xi; zx=B5r`um9w;eKA+=co#kv@TSl#{mEI`B{42k+akW;zum-Df?0-C4*YOA4TT{sQrmF zmyHqTNN1J9)q+YZX%4zNJ9DF-I&IDNbS6-CaZ z0EYFp(=LusQ&RQzc!i`id1lGVKt8ymNuH^4GA4^neI(Y8#&B}^&bZZ};v@0xaK{y! zbwxCE)(?pe{`f`!{k~my;`&%KM#LZ`G4%0Oaqlg=`M)L8F4YGL8=u8w<(PU>S1mdf zbXt)jl3JkxMk*O$#^I*{PEvS3W}~%{P4b@Xf3Go&3HWcvg8crsV`+YN4sqUmZNkjk z?0oeCWgU0(k&Kx`4?>1Ib^(k&QDo=u%QFG;Wtf9yy-_l;GBgDV}!%*q(QF{D7XCytrls;Q~c@kKpqbb=as z3VBQLW8tEdGa|j9q!lgMMF7FOy|&I04NfVN=Bt&LKw$9d8A#tew_~T_Hqw?wyrp!OG;luApOVI=cVYTNwngKnd{!4w>@<1M?H@LG!V|k| zXf-Of-#mDaiG6vh#b(`om7Hy8n4;In6Lvkd2-s0^(HT9we+BGjq`~iYC`%cs-BT`& zRZo|IHAD{HGXY;r>#|h-LWB^#_)jS?=5nUBY73aN7 z7R?86B1ip`Iv&YdC=4rE74lU(uz|({AVtzalz6P$>|L5H87yNhc{i&uO&@FW@EKd# z#OhPb>5|H`H-F1q%$uXOkG|c*h-O5h2+}E?x1(+wAr!<>ZfBriIp?retUM4as{WI=fyh9*5M~w zyK`A;)E`JruXI2$H?gp>+MZEP>U-zUbAP&$)W);yVqo&*gHyCX)D~yttH=hPB4ZC^##>nf3`bn3 zDW*;bE50$Wk^1xgVZHl71*L|80$%j6btqjcHGh7#MDb_7yk2g3kzZXimjc8qgvt4` z?z3OUS)<6^Jj0x3ZowOsh0oYC$76n$NX^-S4g^k|u9vOjp-#?|xgDFnOHkAg#b}jl z->2sim|J}R6Ci7}0dIN=Y=hVN#dU;zRNw#(mNGI&wamaV^?b_*4xq%* zsszu#&b+E1u2`=3?<@jj?Yeiwml!vsZK@^TinxV$I#du7DVf{i28GvIh>E0CCIR$G z3i94L=Bg=io75~DAogU6&SZ~{abd~qnZ>56U(eFft*PY5fMIpPBXpbDRn8{`*exg= zUNgCM-1>jRrU;eFxH6wL&*f|3y2z4!0zn#Wbl*bZrwidCxyQsed0rj{4&vV7f<7|L z|LhjxA@!^1Qr042=xcY4b_f3z>i>V?$lNRM zm3IlxG&XR|=ksmGn@^WzTTqmq8{k;3`?E3RY@5T^m9O_3;vg;Vfo?`Q{A>X)X;UNTExkw!5Pinan+}v+ zcy$h6lkl84P9YTXNflbEN?PI=#ihQowG#%q`kvUup?kXeZpGZGgMVT@Lr-1Vq$2p) zl!?Dr^Uh`KQ+g_?UrsJyJM0u$9OKV|r7V>0W(UMN-IrUI)h(Ud@XhS=3kF9 z47(hT>KmA+GcWra6|)7=ipr`|(P*>TAY~XzpyEE#1Gyms95@!3y=b$Y;+N@SO$Txd zLNww4A1vyak^fB^-3iM@_E3acMb1OG_dPeaq5S0w$->t6U6Mo<6H1|F5$*Rm9lfHQ{&N$!IzDjvzHiivogb9NWcvJ7s z3l%o>*gXU}$p}=RSCC_t9-Bm$0G8@m5M_Et8R%0RiWgV^xChs*hLMMMsCZBCew(_5 z@6-aN8%n;}bvcp3VeXr9G(++O-$6nx!Ebl%Tr6Lqx-oG{b4?!cwhm_|}6q2qPJbdS9G=~h|GH3}p%ux!dskNC`mX=~+9cop zQ?@Rw_}mB_AEv(LQZ&YyER_*@{Xyg~Jt0C#vw?d$zaC$or%D+uxjkpQzZWMv`K$5q zS~7z`ocXtp5?l0&rA~ShijNfZGjmU_B^>G(5>CbLW*;<9{EJb+hZm2&J z0HzgK69Q@ONVeQ*;-OnqzJdqGOKdLIYnwN&}n(C>tW!APHZ42 zLu42Ohx5aG&1Ti6FMwP6_P^suJ;h<1hHxbau>+uL$ z#0xMmd69O`4i*U)%I&)QnLA$TK3PjR;Z6>MAYc)4@5l=ADjJ=gElli-iY8ls186jo zq6`@3G>`;bK|F#8eM(n%yE~gJA=eaw&0E%iyq&RI!8-|mBXsnd>0+<*Q!aNdt>EGL zt%8+iMF>IYbTtU&}U`&5e@RVP0k{{TYv@27Tlv;k5HHB6%) z=&@25HuJ>=Q%B86bm{SKNW(UsJd(Eg@MRu34Ohy@5m)G=op6N2W>DVb^11rG$~#t{ zgeNO|zxDg)mH}_dH1i~lngmNlhRR;iVIZz+H#lAk=FG3QaH7)_Hq4$u>YD7%t^*NUsN8r{T$c@!-51=yhbPI#BL2q~~TO6um z{MN;7K2W-)HwYc}c`Z6f4K1<<_9%shw9xHuvUcLRB)y}^;byodICnZjYc(dEB z_jNkJQ!8O9%$_wEi9}|E+PR|ZZz&p}zvE{*pVvZ**p(a4A9-(hBS0b7js4#r^I{HQ zh}+)|!aFBz%rO7)y_FyT2ds9dDh?io~TjHn5&GB>4N(s3x0w%Ta`>^mnn>l^r|4eZ5si0xZ^Yp&zn|I+*IWD>WM&6HeP)E_c(f$KEL-j4qEgZn^^iikX1 zRq`2Zaybq06ucbwA6sQo^*^>M^y@NLoCXU8zi4NEc_%39l>6q21$QsKr(C?wBtMYIe>ExU_h?mO+0E=16l}BgX`fhLT%4tZDVmeutH0+Q!D(C(mPgmjBWcz+$ zFhD>;=@twaAV}8;DFsw&qf1gkKty7WROwI&k#1PfAu$*#h%`vIAl;4)We$Gxec$iz z`4jHX{ap8TopY{p>YckpIsGwi*f7-eQBS?=!owv5;?r&*26J&rW2|*z7+qaWR)E`c zBy1WmRPowisBV|$sSv7TBx@|r)XqlJ7{TuPoC2>_f zeZ=j@h|VxKr31(O$K|MtrqXCi<~wyCKjTB8JDz!N3=)Rl`_QxPE!x-`oEC0XJ8&^O|eV!_=E* zxe>T&8h&&|FheXFK=Qi*{0nS?(avt@~>$|)m4+JOhcS>?F`BCEG-#@ zS3y0qLg6$N=!ZLj;Si#s8#t8G!%c*d@(-Jj$hVN%4LvZ@6Bt|i&Ze8Yjb2mcbU=&Z zHIgM-5GNohXO(5}5kfJn4bam*7zK$6%xGy3Ij2*vjg}`LeHDfY?;yp9RTIp(-K`A7 zCMgHT%I|2XSwegF?_jpNm~2GhV&K&J&k5HuEx#Km5QTY7Bximh@nSx)oH?iSBabhu ziP)1du!2jJwvvD5v`<}jpWo(@0p__;q`$}ed;t*EF1u*ca>=G}qgjf_dA40DQdfx^>_EUB=gieOTBO3gf3?a%kDNE3ePVM*F0=qq{2%~%ZdOYh8oME zP88m3j?QVO-0=*)Hw!94_86d&%Yz~hIzjY3-<3-Uz|y-;Uq-^30H*|gVQ|8xchjtl zylAxW_a>R5w7LytOU)ek{lP%85>GgB5U!eO*(sx{b+m#MGAv$`A zIVxnQld<8yNs8n0m4E{z8&k@n59st=?FCNlC>r#Jx88wk=j=$q1Y3hGGC0gPM+QqCXG_l|8mR4^>Ty1F%1ECxoD;Askad+oPb#|-B-mCJL-1b@;VSi#vj@|S{bO%6 zgtqvn0sXRlXnt-%Q*NQxzU`hIHu*ElXhatR(OG$L31nh;4O<}G}3lMzwMW__dQ zcmsfV&Gb3Iwwy7lAhv(m#FG?FxWn@micZg+0r zLac0T$Z9$iitO%3K6yJFoPBxKq&^^KmMu>*qmjhaN_N=?+bB3^x(%IPA^5Qg4MHD_ zVdM_f@Ix}b4kia%@TqUT4=L?aKE9r*%DZ1+VaJr=Be8}xv6Q~WzTZ#8YjjFEnFF=$}4O?O0B+WvqTu~?*Z@6&|;dkd`RKE zl;s9u8ypFBxD!E8f?{V?&hJ47&`v^&>K93NLmzp^XbNkcxw5(=Zr#lC`tOiG7Z8xd?cZsboM~VMELuc%Yq+F)X7$}Yc>Xow4e~Lv^}y+*xg3@F7~MML39FS= zH!#J%h@SL^3a@*gp8y=P&W_(OnSa#%aYO7%K&e^TejGu|&0dKA8pDvzj+C}@li;k7 z_xZ58gNqrtcmHeW#`NEPzwz_%xXul20{*NO&-j&55$P`H3*P_gx-)kcBKT*qjLOWd zzRrIJ+}GpWf%dljUGQYCKHqdQb~?z1ZgI9V>sJVg-|c0+_jV|pAx+P#8@bu1RLCm5 ztGvg(!F3Q#`HJ!4OMs}bP?zVG8pgBGi+WCFIl%|NZ8k~P6qLF*x}(@F7mC!gff`44 zYVqQz;~Gl!>YrG3L7M96PMfKZEIu3%{z$g_bbWJ6GkEXl8^3OXl(2wQf$l#|wupCop!j0Ad6}uNx1ips_pgpoSzULIxf4IB_qTC3+lFj< z#ER^bhAKrzvO=md5KE^)J(KU|$v%DyuhA>Ksuq9C^deKhe<+TnqSTJ`>OcceBsW!9 z;^o%ghhL7D^?i}@j2*u^*2WdVl{utpsemr?fgepPEnE^NY4UW~IeCN(x4&cvo0&k( z@>crttf0Y#kJL+szipd30}Ifv=yn1Q>}H5Er(6T$7PiX*(~orH(UZ|=p&E*gKF!ZY z_i{8E!`pAUn?L4y_i1T$Lt1DfNuDO$@?`>AufklNeR>dZ_0FvruM5O?l-gXWng!V= zf1D2Aez!V{V0%AX?i(tYw+wV(yDfJl@_GoVX0RBo5sMw7A>=!|^J zmXx&T4$XR@nFH8l6LS5+Noh&=qm<#f2nF3#5F8J#>&v@i@lj#iQ`1_U=3|Jpg1yii zARkyo4mhOyUdH>Zpg=kM@~FU%L6QV^{Psi{;=Z{<-I;0HqJT{Ngb*nIXb~JkyEhSMNe)!V$;x97L>BH```V;n&NhN>_ zjOC{i>bu~aOkNF7wJN6PGLHxV>eQMR0jW)+`ucwJy??ngYEed(6 zbSvm*Cgs(E*%9=nuAh5D^t|_n1#~EC&cT zFTFtZLjqz7OlOVtsieUM4S2kf#;~ST^Hu7$Q@lX{YE^{d)h{%HcIWZfOTIalox;nH zyTW!Klm$h6+%`Ff?OZ0(R)1ROEq?VesGjr#VpxG|G|l_o5)XgnRhnM+m2e|D-0P!u z!+l}ml{SaqNL5wEBF(^y5tj7QIr)Uy#k15(HZ$&x#jr0?o~({JKn`$ia0rtM_Y~se zC^8JUe+#HI`+SI*;)#W45Xv%N2XaM+9C=V@dVz7*=x_)#sopmxstb$PA4N`vl%0My zJabHU(3aC4uXkxs8$X4d3l!b>0@CUk!h5Hid0kox^W^?(eum+9`LDw2H1q}!ny$D+ zFl1a?=g!__+dW;Z#P$6iK6_agmf42a+VyeBz7*OJQSl{m5j2g?fzhbB@)?n3eZmd# zPN6&ekDf@Iv1%Mp_KeoMD##bPxSmVB^L zTNiaE^gP3RI%j0RbA^uk5zZCJL7Q!6JFjz@5i>2-QCl;fEn*aErB)BA?q-3~8M$WO zi>Y7J%qrxJ_qO*XF%}jL=9HtG5{tg^-bSuL*c(R_T@f1Q=@aHp{ZQ5B1tPM{(`R;X z87hFYP=v2pZB%nXO^}eC%QDKQHU$=1rD+C)Wnm<3{Si!Zs>6*uitY+diMGASc{< zQd6GiqN?S(W}-!&E=?EO^vY%p_Y92=K-pZEXXv!4ysY|a#3rHUSBe%xcIz7n?rsj7 zT`A-eyZ52tUpd-+BVL}*9)*$Dk%lwduFrR!a9s%3o z7?v8J6fNB?s{Q!;#c;Q11=k%5Vn1LW5ha6Q)Fd}z=>_Y`L_X7j!iACB7B9!mSy=|w zfpg3lOePS)#T;(_UHV1*_1PO3_oh|`g_?~$dF^~{;MJb^iu#a5cBnH*&^rGv#tiu( zxc{JNCuwV=_j=Zt`bUbJdCVrxvk+~7xk-1$c64ly8Dy(zfPtgeEnTqDlvx}-J+ra* zz0bavW=hS|Jl*j!5l+YAx)hkiufO}%@Wp)Idt3(B2^^tCq`8C^41`%b2MAJ0X4FEJXi#u zMIsRh1OXFoHeAvq=ePS^zn8bLjw6~EXzM9#*YpJFs`v*&!7z>r`Da7sD>}h4AAjT2Ei^%<#rFnB? zmsuPfB~;mUS+D;iK#Rcb6Y**^xY9El1RWAZ?&69v^mXoC8f|hNcHj**bKZ&c_>d9; zu@m6uUhJta@o)I7LH$_=tTT5PgNiXAFW-iNd#EB);^le< zD`QKDRgI7=1HG$!gW7ggY|~{ba-5VE*x9Wk1gC<_6%#N1cLIR@S1Uiu4__Ig>vXMj zwB{?n_OcgTEwKS#!iBEi^Nn%K9e z1<(;aN?L+C{q#UPFF;&Ch{aW5Rj}+gHmW~Qv=s=q$%Qd;Sw@~PmOtl+a4$%q?~s0f zg-zIu&Taj z@m4HjDo30l%qwT_JlH;%Xr@#7a?0%3f!iOCD)7CU0bZNoA)OcK#KbHH-6?(b{*&3L zL*qd8F1JiK3FGMI!qBK@L1TFW;%j%*_992h%J?2U9)wS(h=Ddvd*;d<@6OtRFd)xN%gfH@36|a59q{x4_ud770pqSQd}uw>&WsUT8BhTY z8*g-%zx?j89?6!x%?v`_;rx_bS^gzrnI}0@zxfByZidt@f9cVm3eqbRL*1;2EFrFM zjE9IK;cZ#S79v6gxpavVEn)mgbio^mtAx@GZs5%QY)MN{>5HQo#*uf*CS(E+KkZu> z9IIcR&e{&~4i}(dd8)CfYVA9!yn}b`4;du-LFaz(Ia{$!>sqwTi`o)rh-wk*azVTS*QjUYx%((6H5a^c(+n^8c#L zLsd;AW!9}hsxsV_R_?weCeCz*u;Xj4d&xoD(c^Q4c8d1E&n#W{i6N+uy%93@&%!4! zKxR5Xeq)zX4+(FKuDiJ{eLakUHH5P|UZUhTQ2Y#~G&jzLz@=Hb7}$a%`P&7l!qk#3 z(2UfaRZ#+L*j=flU-y_{QV?==0bPK)X(`rw7Hp{7uY>3Ep=~;piULVo0MWb(?+kIl z4ZgW(wlAH1Pn#%O^=C?Y=!nXQf!N8$8)R7TjGgbhPYl)0?n$CebwAa0M~Q5b+tf%Qwc9l zy;T9ocX9uxf#J|x)KD-%K;g=#`UiCcZ@tdqYrhJ6thaO;XBUYr0{^HnnCkwMy3T2q zS4_;LPUZMyFr2LoXW|VtG~k1|%p@PHw*G~_*~)KlY^V*l=o{cJS2xq;rvyG}4hkpi z(^os-BE(ObUaJw;c+YAM%w^_x#&GwOsymL{U!=5m3MljkxbO|sT$?F!<`N>4#jPgq zf$xARID~p95G!j%fHF{OT^=8-n1VjNi>iA86s=jgS|r}p_`+*~035TM*k&cF+TbH_ zjDh-U5jPlmVD0;hp#-cD@Ll2cOyJJcbwbeqo~=8*u?pR-yo|*^!^FMF)kv+ci4U{OJgl7$Z|IXUuDI*Gk~AY z^EnyI=*S=I@F+~@d2{4@8Q6Z6?b_smsRf~w=@55($Yo(C!)5c8L48=K)& zy6;2~2n~tly$crZd~O7Zc>61Tcar%WuP+XCENwG3E0vqb#{$B44kXy$(%-Myz{|{l zN3ayrxa4A$3@t-(uQBS2sJ2%19K$*1nKs=iaX&jSxwa>KIWTpO`nXbF{ zx6D1>iXNHk+i13U<{-vMHxapiZH-<49v%iONL?X=CPI{f-r zh7BC%cI`!y7R&R_%>|kHdBUQ?oIJyI(JOv5?IGC6u_&hiAe9{BfH60k{dj3{vCIlj z$n}DD0PKymBOxI!kEYVj=xA7WxgaXSjH$I95H?%Xm?2Pmnr!+JwVCS^NOSpU$jyIM z;DvKs`duZ9J@qdUB|~Uz)ca?{i__Dok;O)?nhF)~ zM}Hk1YmT>6<@M(Q1u$&LkBJ~jt2Zy}RBaZgh)i?5Gcz_PHxHiojm0$$4QDLB;z_9u z^JWhFD{T1kKk87}2D+^DWZNc5Z-?3&yu#Zba{fibPy;t4nSZlc{e*jMUNV3G<5SEY zFWtvUqaWrXsbwz)vZA*y1SG@Px3RK?-ZYb;Rs_ijfK{Z!(@^$q?F5lTQdPv`=QoBc z^$$NXXzGwYMX&)ILdVshyQ-JILP-x_LcpgW*dWh`LyyJj_Dao5$jLZRMA|bNsPlNf zt7r;nD%62F=U7WzbcK_2;qYy>s<<0&^8Akj+}RUSSV9We4u#Kl_VG62>ere$pD(#LY7mq!*EGMKv3_wCjCmpY zmRt6!6~SRrYaH21C}2X735j+A*{NZ*TjqE|q58A)FGltY54jO!_4`w;qvBQz|aUXPcPdx6rpdBR2H8Q1Nt zs4ixt{u}P*%^>gly6LVGLeA%oO@3*k-d~=fu<|xArJGr#?m0ypf*n4LKBoafo#!Zx zw8SkYxR&X|dYm37{@fOt4f8Bo4zr!I&y`hBQax@(MBOUBTilR2ZJX$wI&hW;&X%2^ z8x8rfS8277=nZ*s!U%HG%>5ldIm{bC3>n}1Noeq1LXx@vW1h=t*|$HH{nLX_JNw04 z^w=t}|BD!L@%Gc5P#a^wkDsN$G8n>tx%cxF>YMDzb{;yrZrJ$>N)Tpje4U5ajO6td zL|KlqiqEhtuq#FWKdS_l_kPWARGkduvHGXzuM}jhL!xRnj3+Kw9<71}FSl7tXlqjd z7-ntIl)f6i6HiU}Rt2Qg79T_k)2-A+VdL{hayLB-oXF?|_ph#y$m2jp#)l1e zw^4}{J@mn|nr!s5t3e`HoK@Y0S%&8}EMLh`eSKG;=4RN8f;G~pjRexAJm(MMoqsel zR|C3!IhFvZLqv(ZWv?14xdIqQDm{>0^}(Am^~E%?Wj;e6SRi4S=iXYMPG_5WI>cA; zUwE8p`V4PlSWjuu)L9XjnQJ5YEY>>uwVhn|sWH1F8s_#xHstp9hiVW}9Eq2E*6D$_ zkR`q>mt2K+67wFMuC*>~59YG_ zvX-5bo-88n6rIZ%l=`EN9QoAvenPCPF+xR|P65GqGyre+w`Y%teh)&W*bFa;AzrLs1V#$SGro+6?QhR5%$okeaFX@ zh*5myZpAPmMY9QhKQa*D2C|%1E|JR^pN|K@z^C6T#!9a(r!M$flLweGVX)(XH@KN{<4q)?F6;hoC>&~?{=okR{uJ|c(*jeeYuYY z65sxab8wq{V{KvOe@DvZ*4wYuj4-^qHu4jTgef*xf5ws6Lv`I|tBuVfD4}@Z^xC&@ z?UMsWaLoIiMZUoSDLhQ?N@-sA5S8AilAbRN^D`85@%eKd%^JuC*>{D*)N`_4R$Dv4 z5$P6z-PC)vt>h37nswLU<#gxa7t5HP1^|_bpM2X1*)v>JC~M2+fWMu@Ol81LisLv7 zJ5aHY7-pzg#W9664PXeXe^Ms>cJS6ix{xk~30SR{8(=BxC>Ft0T#q;de?aVzky~8; zpMg3OnTI5=x^!aFa`)E#e|pnOrOLht6+?_9L>+3&7ZkM!K-Bc71Pqrp&`Sj~xhIHRf$S*0m7 z2@S1*i8)@7H!+ugWAQs0-g}xmm}!*yWy~d4HRwKJ@bvWbCgLW|#}%H3k)w2ppOrI9 zJNrCKmji0!`5WEq!g|6Wuw?zUGD3>zvX92_Q@?4op)Nv#I+YTNB~ayIhZ{|S%5i! zXmep&BJc2f#=-TGz>@W!)0z*z?1hrEeSGy>@brI0*XU-N5vR>7;iu=Pg)%T~W_i9d zG5SEfx&4sXKifNYz8Gp#dWAO<_F7a@WqI?Le)~D&w6Rq{7Na&Z)-hTBvY{K(!|SRt zeXT=Jj*tiS!@-(~@T$ZSck1iX#`=+q+ByyxP%NFL;L5x{`^{i@N&C+TuAKAN91#~8 zzvIO%<+2Aoo~h7Rz$ofyuOe{YV2d8f!RFq1J#n;5A?en;0dx=biFd^}Iu$uZD3?5Z zU|OkAaN(WI@@v0FFNwP5pPWj}?v$}SA5OetdK|p$?`CAP@!-|uqxc{JUgIM`G?%e= zi`%hm`seZ6wHX&4BRubq=NT8xaQ8{hDO8{J)!`uy=gLc~=g$qqe4hu-oEVRE|62~6ql=c2 zxjsymbUK3RqLP&d4yod~y*Iwwz#&Eh-gx>z?z2G92Cjrkuv>Qi# z$zVb)3g(YqF7{pPOsUA1zEh;0+47+2rvz1Mon}V!Sr*}LL*Dq}C7`$89aobN*!XMyLKbZo8lm!!f&%F1H}8$f31=EC;o?WUWl%nz@mEa>)L`Q_rY7- zA+&n~dux*$;QAcmwElZtH}Vnp_3*hq7#4YZF{Lx*g%}vbLuldfyFpbE?3jnJKa?34 zap%;E6|HYge!Gzvn$FHmc{-q;_0>&>;x^@kGj;R?#%fszkkgJ@5DotEDA0UlaV%Ig zUV^v1LbG7vC$=E|;*;g~CIRV`eF}7@)nB44l^%0b!t^FyQlytM|0KL@)#F+-BiRiK z`xaJe7f8@E78wWV1-wEBDI65RqbZjKg4BxFAHr;qXIj*=7ca1hD8=u5g6Z=~Dcscl zO~l}IfU0$rsiHW(DfMhB?zyL)HX#V14ifiuu?nn3|2x-{@?F__dDW|xQMnc#A!t)<^6+KoVup~H+(CW7XmNYL`ASp!>Ihc* z*<+VWhGpL9iR!;PAo2-!|L=sw{pbzFTuBL4qJMF_pYteH)wQO4((5|XS$61QaWj># zXlUYn)2o0Se~EfFLvG_M07tN~8qt>VGwztaju^kvQnktw_f!vC3Q*jJgUEJjoZvng zc||ViDxFRnK0k#p)>O|f0$Fu04x0r`aW8}DJ!-dUXsDg8MHd0;x?YjpHNjd;*Hb&1 znxJF_!_40ZW)ZVTHM{kEXM$ai7|nGeHK3$2>P3uvX+>arfv31e7>B4C@y2$`^6zMNVeW!-^f#k)TN>=( z?%l@Ld!xOTh#VtFHygAdE23gx`&C$20J*tbW=}(8s&^q{yuWH z3mgz=@>hR9dEh_%!~lJZR1^HqrJ#<%>msCCqmh|Qx-CC77wP~O6UFib?d zoD=9;OiuZz(#74~yI>}t^4=%bx82|r`%gJ0{ksK@!Dmo37bV`2+nzdjX4P`&fT=(Y zDttTXAT6Ce&2k`e!dXI9k9V}u=}`Wp)2urcstk_O@C(#pGG6MJ#*+A^Cb8G-m!ihW za2c#_S~enSs+@bnR=FeZj^7X42d{5UTd#dO9T;=1`2F_#wndjTa2hso#a_@!vk=PX z81b1VJi-$;GqoWQ0l@`BZEyNluciR>~K@jjPmu3?1oU3(Yv`2 ziaZ=VDxW&1)9s#-yC{0^i|oO}0K9hIOCWch*2->J?|QNYrNWCChukdt8j<2=7Vwvm z`1paW%$er;uD-&JPb2uLOO~F%>=**>~!r9Lw{vBA$n~xpP1Q@UyrLP zCAVg0^%M!>gIz>?b4BZ(F@MEKeU;Pu8%&rp6Ej=AD zCQLgOU@&odq-k_Ovet~GbGdD7*3hE8${Q)X@l+@B=dMcGfzg0Qn!ta#0KND}dvU&jrpvF&k^Kem538+3 zz-QfAcBAbEPogHRy4#RhU_xginV&VP^;76;b(mooCnH5Q57Huf` z&hGYcxX+Av=hZD|B5WT<&=acBSmOy%0ql>hG9g9Pv*aX(7 znSB6xFGyVSuTOeUPtQ-)z{KryD?cq@9G9OD)qQ+`{IV&fbkj}gJFl!oJa1Msx}K*% zC4E+ANF0>?$4q zU?&7jOgqpZ{I(YNENj)jt|SO-wH|JYU1zG?8#*sva+n-a)ga~VWX@x9PRL+l{%>ZD z<_&ew>)RLNV3c~~3F)kxl(rX1VE%^vx!W-CK0Zn<3v2Bn)c`$omDA}#MKX2^@}BP} z{AFSF|Gx>;xj!DVbktCXAJH$-=)~1BXWE3XzzmfGVD++-7l#&^o?NWhZ4nI!K{Rs4 zu|8;2=X#e}IQvshUd@mB;HzfG6=Cf5Ob>;*0gDZIimPz=&Yi4L6S0wKyqJ9gxY|PA zOzR{ReqCs1&{+zZNBPlvpq>7z6x}-TaT>N2bJK01-d}VrAQGfk`X=|rok3`{GCN&; zq*TVOdF$6@SZQ6(7%#aZiueZC@vsuYDkH|2X47-#t&LVIbX)mBtUa3hAS;HNS@`0I zfuQ2}7oy8~%5T3+SDVd!((cHvA0 z+|fATK%{j&TI4lzewl9JDHT77X&$btPtOe@BzorJvifRnedR(AuK*p3@k`df6<_-N zy8_4eKT_=8vS#k7ev0G?Uw;LBbgIE6c~Nxs>mt zSFj^MCGYjya*8(<@jA-w1XXUWMTvsSj`9i{mUepyjyLpxt#ma%6TG4dahtR~Z7q4h z@YCo0waBxXf@DC>E|F$C5F^_-`|DrE&G;!7GL#3$;>-aW$PK7 zKVmnD?XYHm|E_EkJuNbP{6sC42^rc>YG$_`7`qeVybgcX=`Efv5HN#Tl9U!6#kkB#}?2LC(cF=L3RL`DbUo;y{qWVFzMG zdYhB+#T*6-2@GC!IN7(IxO_tOPX}9xK1r!Rk#(fV69r11g^^t!4c_9%w<)Tl;uMIp0kJk4r>TfYMmt^V zQ++b*IM%G@mFCkIjEqrgGO)G62uAI^d)Xr5L9~`PRx=PvX-c5%r;8F-NtW2m%{3$} zD%}V9eMDTHCfmtgK)D%HUYW>5ZO1%*smd0O5c#^cxuz-e{N}+dRwaEbdb`;U>vW9h{5nz*oAi z?w>pQ!g=;?kBrZ}t3q9gidIHQ}*tHf42& zGazzWE(B;$Hg@{&_CEdp6BJ6$y!q$4YfKtH16&7P>h<=TIM0Kv+DR&$=Dl2t7<|)q zNY$^gtbodn4gc@@S+(58+9vl!v0sbJc>vE`C{pfF&l9<+_G5O*xka%ZnZWpZYns=x z2PW@z*}>$8%kY*D^;6mQQ*KfW9b+x|SJG-fONzSf$sgi1a2D?F?rsHkqGGjV{~q_E zeo1^AMQ=IiCd(u0niiUPskh_7#ShbAO%Ta#9;gW5M4WnhR~6J1NDQ~Zf2UePB)z zrh#%F3TGVVNF;zWB5pl3I?6L^X1wS=X%9~Hs{0EJqyHl#CT%``D5hA;y?K*UeS=Ki z{$cnwMH&bXd!&q;)wrWf_VFQ`RT3L-3ZFe^|8>Y$S!;b|w}lI1_==~WY8_H@&AO8{ z0^P9+_T?xT1|-dRJ5>MFhS2N4FX2l89{$YeV}sE@y)F;kqizUn76K^krTdV!T`hw> zpQzrMSh!hrc_6Oux?8!%6iL@M7-xWzz|BQ=AD3V5X%PP4^DOZu)d!)*g8 za(2P@N(c`rSMD^Z(Tg_i#@I(Fw;ky1T;u&Lz#AJ&U@3WXyWr`7Yy-7-kH?jJVk=-* z4fjjTmao)p7@VU`g3n2HF<)rh)O=Do?1~ujf9KRS-4gg{r5f0pbDk(D-h8%sj&bko zz0N2KGX&yA?8I}t65YOC);pPm?r>ckwexPQwXRZxusk#Bt`9=*Xa4gx75?v!PkpxC z{^WZ~#|PBX+T*S29QdAK#@zWgDYK0Yp_~@7`@yUwwCPD=kIS%|?5OapAf8nF@h!(8 zIfJM#2TCCt)ybU{!C`Wb?*`r|zFJiTwFi+4?z)=Nq2ub0@GLPp4;FfG%tX)E_;4Q8 zIUR&K)5XT2W$|H9p>}{_dh1Y>1p$XRpN4PacS0>CILJ1urUqGqZZN=YsO=PuCMu6k z{To?EWNP*q8d(!h!SO@0RpR*x*_!B@Yo^_tf^npyAQFM~{|GAfaNuHirb}_%H1d}5 z+dW$DD^86LZe0fwrT5Eblw&C0h@IBqRqRuP21rE)=-PuZ1MNyeoYA@d?NzhHeq$42 z1`b?*{k>g^zIw+%RWR12X?`8TEN0_?+pPPQpz-viu$RUdf<;_nJb^$iCc>`I1z2Lc zX@+GZ#RG@*2=}0e>O3cqEziWe5}vsyNQC1*H6Xh#x0m7$E%#p@-NXluu|3q*uv6$* zw%@9jSp41eWG5l-8?mZcWX>`xeDH&N7FHnF_&Rc^UkTEFz)BACyoNJ+Ed)#JK8Sq( z+D{pFA5XlZklGjOP3bL6X~EYiagC!5I-Vjq)4LRY7Wj@{JKGIvM4hc zmFx~&f%~<6QG=@2XYJ2@y4HD0G*3l&MQgP9%9fm{E`I2dE_R^AkJ{Goh&M6ciUwN? zf;P+L-UyF)pi(aF#c+pK+>!$m0|i20*O4nTxKG&vGlC6OaF1FmFWD9(zd-B!X zJ#;Eth3*!c`{B^cKwFhvu!-`4YW}U?xV#g)C5Oi?`+;loKFu#+W^ChJV+X8_r5DL& zT->Ik*&$UP_O1wn^*Qr*_I-3Sg!}ElYeYdM?In=Yq^S7x<@KRWzu-{% z#C1w}W*K(6&FAi#mg(IUoBoz=O|*JCS`5@I)?IWZ+eZ`*?e~8u!DcD7l@Sv;$)BU@ z3n*9jhGNzAdDwroXH51}<;u)&24bKiowL}c_)lY+x3H$9{qy0){4X=_A#2}%shdsk zpFWd~ZUDs7(?6uvxh5=GKXOlTP))x0G95seiItLe+~Z+UT#)}pa;dO-jWPwiP> z8!zRz(bxfI3m0ubUEj+u4Z*(~_HF)o`5lg7$V`_V4mN4of^{6R=nBKit8k)4w67+& zt+P1c9Q{jaOK(@lx6Rmg1t0D+gEwrdc}o{`c0#OY%W@!>m+pDhnsHLR&T^OF6_=Eh zOi~VWuL?7m2|FxaSt2eI`|;Jmk7wG>qA|?bd78e~vxo?$r^eNe`TAR<@;g%WVRycz zY1=XR3FKNBwp{^Jl2miW_T%DgA{ZIcbRPA#Mwl#i&Gg?s5v}@x6S2O^@S~=x-oQb2 zR)8Ztr&}XA>gJO_HP0sUUpH9deW@dE3EcotUx8l?AzA;vLJB||77^RSpfr%Hnq}hp zEYqTMnhY8JjU_415_OYaYKG}tE3W3w&D`aYnSN1q*(#{@*Zs-HSEvR@tW37Ew|8}@ zPwc+F-E1MUa2XAg`fjFw@XbT=O~T zo3+pTx7UBue;XTn*o2>97In`jM1AR4X=dWU(P%6OnuTAc3-s<$}!`{OFSud8$!sE^wnFp<%8Lp z`U(s);bFamSaYQUp|JkOR=`*I;@dq8`U1zU6;tBQ7Agn6KUMvlk&G7`_W${vA_>Fs zpBka8Cjmra;_o}@iSl7HXGI!b*Mx$-^ehZ&An0qahjp@Or{|9+7szL}IQ)dK?3OBo zl4Z~*=dy^T;_zt~?FraMX9*arM*r_fps2O&Z`@+VzHSx0oeBZ*Bq-jLek{ zqSqFtR2rU5^ryaxSc@&F)xA+NH~Zv=O+EJYVI8NjlcU}XnmgwXUgib(38Er0%z50* zK0}yF+or;zX#CpimeTN^D3x7zZ#C)D8#F35npgXorXs;?5jB7O_0G-Fo^hL+9NGHh zo%i?Ii2!8O#@nx-*^XT&lutuYwf&z%MQDjomRdvhM^lN;Ui`QBE>nJ;IsLMJ=W5L= z`nw%S$XY|u1t0Zg#uwxMG(Tm8goi8o4({1xjk_D!td6upy?bi4IXv(afU*cU_ zC%6)i9Lyh|o|DSmK)tEs>J6nBA;GbDHjd z%Nn+)_(-+Iib?)K($AWWwS& zSh^hBbI^ga2m3taKndL|srE1bc*6xkd>MK*_qKrdP&R4~+A75*G#n-P#xoTUL>@a$y*=m#rB1i<-s?!kK~j9#*mSKG(Wh5LJ*N6z zE_I)p-(!UMa6V$*2{ma|d?3{oI(cPi!45=A-7_l)L?l~RU{ijrBYV>G+c%}VW8|;Mt9$c}VSj0LFofGKwEi$is)NAU*PTxsOPB?0ts9XRYf$1AON_{T)L*(u+p$=Rf_tA)w%xCkZwhPu?XDG}FB_bT~4<*zr`^ z&$F*|6C=t0cG5rEL(DTAwm1GB?h`i!8}@P4+8MTFr!bklrLb>#F0y^qFo%yM7*|q! zR3Z*;_;9sI_Duwc{@HeZq4w^RmU-snuNxH<9ZX8c6Om5VSAK?}@?CkivDZD%Gy0?s z0=(_&v5J-HFDPz{7puN^@);ErKD<{=#o8y~JGg!6Pt9aAl;x?YAiDp3g63Ao@Y)_F z+L~w7CI6mMTTtN)Pto}>_`uaw&Pvc$_PtSG%SLC>^UdxDk#LsM8{c*^8k_5WP&Ac4 zJ5p{XltaE>nqafJ#t#)w^7?!pR}~Y7F7@GYdz-;g`$$2{+S;0@_G^P}@K#Xz*Dud) ze~IHXLY-TVAl0_NwIreiAMN;w7MnldI9$KrZr$F`DkS~}?aseBU9YcOAQE9qoufAj#}0JAl3XhFyOQX9(r6NhBc&b%Gh;I&=VdvEYtq=Q zJqFVoI@{{K2ysazWOemM!gEFCo~OoUO-R($hm@&2e>5psN^TSZrP2Pc)>GJn>#!=A zX9b?L$9bWs!jPAsmni%v9P`KrE$-dAzQH2>gm@rXaRS!+p(=w_znvQmSVX5=qhT%< zpjrrpf)R!K!#eA)1~+Tg>0uT-n3$41EBP9?M~Zm(MQn(HkC3PaMii(VtrB^lY>kaw`QY^|;8gr3}L2k|=dub7WSJhL!Nm;@pXJn{Y-)c&p_@%1{fR#Mz+=!c6rLpH)#2;_^`)0~9 z%e{*yyKnPto`sz#8iX8Z1Q7<04+2NtKQh0CcyRYo@0&ZV@e#}|J+&0aBk%dqtLXn@ z>dOP6Y@_z=%1(CKmt@ZxSw_~RqRe0zWXUolMb@#0>|}|uFUc7Dke$lD?;%SG!(ePf z#`b%>@B4kf@A=2y?z!)CuIoD2IcKF6hF-mV#ftN?M9FDsX%tx(Ybjg92>rkNO*nt= zhI6hQ)4onF)8F4Wv_LAE&U#O+-ZmGtFt| z7!IkvXD*`~NI^~;ar=8cRf}xy*T!_R#UvsHQYwb6cjqnThKWSfBu8ecff=Rp0cXfm%az;Trwm)@dK6(2to$Q`rSer` zh9e(AOE8nubaa*%FV-(gWZ2@u;^1y$S^9@MC5vE3Yn9JZ`4dUXV}6o~@#diFii(09 zgg#Ub`DjS}q|+hb{Of4kr!Bda(^qY+0e`u2*j#Qvo<74@fj>Wsdnz6hp*GzZMn7e> z_(m3fZLr|#1K?)PY4;Q90}nj2dW+H$JfwCw^J^Hl;HmY`!5%IgZKp=}aYt(T%=Xqm zUfkt@v}`tmJt}IxWpuxJ?!a@HQDNm@y_N{7VtyJQ8~~GxH6Q6iPVCNJG5%G#R4$w{ z*v=wCF_=BbnPAv6S-@5us$|R%9^#rN5~q{H>x;CD@zwKiZ6NbKVjq)(G`by#9lyrh@FO{Kxqv!%>)D-Ew zZc^}lUjC)LqxLif9~Mr28usT!NwrfV?vm`Y*7#%r$d-Ezz5&kAQ#vbNl(Ig*4IcV= z@k?*}Wbk~_F?|NXYqHw5pSjZ@#Pm1iL?`^Q+?dkB?8;~ zBwB60Fg>ViqR&49S z;wY%FMN+H@0%JJ#_qE2F3!yW49$6`5Hq$Xhq-*ld7xU<3)kDm31xnR-x0gp1e2Ii- zb09a>T|<&ya>rn#Y4O*MAC#(}2V2#k&SSTqXpzZ7K95&YEk@T3dqRdZa1LC{l-Y=> znEum*!1@#}^`8@_WqV&s17j#6)fSVFkpq+t;1aE&`5u+J_+6!g#wGHT{pQTHv^ozn z>wi+ute)#$6|c3_nbJjGtUA?i?agnC`wtw>_1fTL(b_~b2+_(fOQtJ5#YJ9fAhd}p zAKypf-!!i4ui7n?Osm+~byDf|1)r9L30ojtSkHh_Pi=uL1yh++PKdkHG1rqEHU9%dGoQy6aCnXrkV z3%o^CO2Or_6Gm)+Z>&bhgHv5^%s0Q_=6348L8_ZZX-~9KA&8-wmO?Qeh3PKAE0O z9~GO-3;0}<;Qu<~=iy%5?h(+S?4ayFPu&++L3mbk(Xt`mvfu;$Ai3P^CE<7P`paz| zJUi!OQfY!j64h+l;wRvmx+Oah2?3-Ll_J|XBiaAPG~f|OR+G?a7FW=ATWZ$y`BxiC zVd*Q$X|IJ|X%Ux51n1G`L%Kes8@n32nN8!{c?(l>Z*q+MYF?>icjk&A+=~Ij{c`h4 zHRNFrQRnXmpHUu2i-CAX=@Wx<%85P`DIkA8?FdKkMUaKDvlrkU5?7<2(^qIP?g-44 zw+7L2>U1%T=L5=BWuLYwD0hQx;t^*QDrowA(yl^XW6UM#D5Zm~7BW#)xJFZYU~?8O z#^nOOhmx29I=t8(RV=2y(#4?^YzjIzjX}w8BMQ97j&@7tjf`T*LnIBP<~5@BsIPYF zX}U~2bTzCuA)&jP@7pVgqzX3+kxmG7#GF*@sYB3nBFEy0>@86QZg&f3He`8n5VucU z&l~U{qYc1^d(szVLmrQKX^!16IQ>pZYJ|b)NSY!ApnnDmdRU$R* zHhSE%4+pTl2$TW@QZ{M;oAxEQQXbW9>J4W;!&(c@lWlDov}Xf zyKF>p&SLn_l`+x6H6A|<8YVU>(A(*d6*K7^uiQ0UfkTzSqNo0?74^_9C-0JhUFU(ZPh@pPZ~Yq#5A?K-t>?p@*I-LU-N8Cu~)!T z3$u?>Q51c`71AjgnlZ)SvO+X{w>~$F>dKdAxxvD8ZXp9a^Wo~JaD?V?*Pi7uX zLEYX?RFE{oee0yAQ&XRe8hlv(Od+w%&*^q7OS5rJH@tm7W zM|GDv+@RDU8;#8W&DltB)#sH4qN^MCzbO9++_Ai&{G)FVdN-_( zb~>HDbyL~lh!jW7?PNg*LJ1VD+Z3Z_1twWhUsE@OMd`n=&OcfF1}zlm@VCaw43z{N z;IRJHeGC-QeyQXcm8OxP2jkFz{Q$rJ-E z4L0N&Kh6Y579b4dqvd(WLZloDL;_*1DnGiqZWY+vwKIk!m=V}x_Y9w5`f_#7e2d)Q zX?|A;G`{1qQ6+XdG#foAjtcoYMSuU5Nd7G*^EopJ2T@|9kJKqBILJWty^kOwDyMP|#cZ@nX+i zl-Fyaq!D1o`ixmr}H1ugjU(f#F{jSqF_@{6`2n4%LFDICjS9YZ(SXaU-0-nyCb=OB;?_mx3!um-*tGBk`c5ZzDBnGYrf*s)0 zBkj%_oV+GSwgl$BowVv)8)b5;rfcVUu(-XwP2B#TxOmTZrp4YXhOAOD#Qvap^N6J~ z-e{n5Dd{=AP@vdJ=e5APT1_GDDAv|z#7t-BvQ80QjT0|NadAX1j*nMf`htA8oy&5m zK6Cy6X)2m)=HCnv+G2LmfE4A4%OA7=MVCH%*_->vrwsG&>8jHn(-|Qq7kh76wzZi_ z&|T^BKkMtt*4cL?M|e3Tw9;iJNWx3EwNP;aH#=SKn8S&vuh;k{kbL!v_sbYVfa=pE z_QC9a(^8qYL@O0Mg};@Ci6PH7fhof<4QZT4%SlULhB%K$Kybk&C-wWg+<$5s*cT84 zVVNnyNjwmTYa9$YLA;`i3cgQO_dp%cI^UJ>OfSk#4nE7q#Nt$QiU9x{gOK>ZCn>o# zAsOI(T>G*&rmblG#j7*#mNJR+KlGMs6$(3}8?^vCorBigLk-x*hy)vV(xifC4Q3b- z(^8xo`s}mF9VfN#vW+4L?ux#`z%*jF616hYM#^WoHdmVCz-AgK-a{{8}mtu;~X!QuzI~AOKvP1$EfqBwEj$5|v5f zZ$02CzQzoD1-CF`d6XuVeCm5}p0rWQx^P}@+XFlNG__&SBEp0AJ^7)6DN?+Ukrhu@ z#jSL2R}HHjH>{9etSR*`_+K1@-iYokLqp${B$tSBBbDTwka0Ybx97g>K0r>0k%JG|88zE?@~5NAN6ECAEMRRMXdaGzcBdpEhp83 zn=!z!`_`5yO1#J-T=weO!tX4c99yH)zP36q@hyc1@no-?g7+5WbmgoSZo@+u2nc9* zgr2wqF+WdSL}v&0=j{E~0vsxYX%l7d|yR3UK1y=jwLhs;&4Qp+ru9<)O*Uw(i(5f`6 zXqMATvQ!SEj!^!nhrQUKtGcF*g4*~u)jEQnX0FYX9>zL7NJ-WhEzJ;p27OLH`g?08 zITdy3u3?;(i8K-uGUrHIv$fDzf&H@+gRaAfkwaPqiWy} zmZz}I-`s-GhVmZ`^_=by_)5J)w{IXP2(6FU2;F&Gg~1iebBk3U5eIVdTl>T3lWQq6 zYpRtJ3xA=r(@wYqC&$WTMp{2@^=l{>n~rJLi}&kNDBD(_x4NkP`bnkdEcuTBvTsrU z4-ME#DSKV>@>kI!Sfu{={f_Bs&>rOq0q1942b=wjmda>jw9&}S`uP$AY^z-8c*tWo zN<7);YCmj*yOm++WD{xpCJ(M#y(^JoJ2_%x+xaWWpcDz?QB;;9Nb(3b?k=XcjAsI>(!su zsiUUy@i|IczGu2$Tc@YpM25mjfC4Ou?m#qI^5nSoIDXuAZRj!@_O=Y=O z(7PM)^qF~jAEua#f6|WaqDp))2QA`bHx9j)K|jefg2vnx9BzpB(9i~3Qsn?d zikn(r=AUT!ea^{5Dqy8PZ3ec@c;2_idr=;+lPWFh&~O{5{Qwoa>%YBLo$j+r7idO3 z&dF^%2?fV0c2h|?jk;i4P_do*L|T+&&0%79JY^Hj>WQy$#$Tzn$S-8vVw)GiXNkkE zk?^WY?Kt5h3&F{Y>G?AygI?refe+7oS)H^5rm9K4Z@_1Y2?+z&r!{##ukh=j9BXFI z@z^7zOe2l{1StEtW7=^=HzSo(?&7q6-$`|D_O>*~l~GLw>Ob|X1@$7@t2gquY>DsT z2#~`{y5D{WMwq~tJOU3mhc}u_Q{79(ieoCmNy7cy(n1=gQto7%ofx%dr>;wpzLVwK zgn6^Dbizp4qc~-@1ncm*$o|dpquYnLTde@MoWWWdy*}@+=i%&@C1Sdojdl_;?{J{# z61<2!u1Q*Zo?-23RZTQdIutz$dNjR;d3WU<07>hl{*j?(-`2l+u_=gX9ee zI$r8;tp!vA)sh+xkNk0G!#N@BH|2#)bL>?!|H$5+SAaOmO2n;P*0*F_)cf@A8V~wG zZA-q}APFz#j3dzo0STkb1~p7)6QH8+3p!$^zWI^63KcPu7Aky+7E@|I2QeFGmfs5# zjQSlF2bY{GZ?g`Q%%n1mE`Udu=qDONf@+_gVt2tEn^56`&Sl~E@$&bZ6*@k6qde0v zh>`25#5Gq~sF1o^9RpHW0n*bMl@)SJ{QFW(F=S)8L$=>5gL?OL5Xj_Hq4bM&FqYOl zV~jH8I@QR*VHw!;_W>f3Kh(AWs0;58`;5NbWxS-H=B?Xo{o8X3wgiJD#hO*W`$aNH zGW2S;>8+_Zy3&u6`p#Q!I(9gPKC#bUJ5~fx=QW9c;QWo*I$i?i#qP>Uery_1jJM-b>?5=zP+eiTjO9*INeZQ-JZ#?n|ZKdDQvlM!~zrGQ4 zzd?|1kyN{>jyk`%3Pg&KnI7iujZN1i5jvMZvzlpCX|U=uIe*~vOf)f4xbl^RraDJ0 zi++l-Iy0|s{bhp$uz((zv7}{pH^CU{T`VSo3L4x|3ZgMEQ-}{=W?((x zqm#NhmJWWWg{P*WqzwzMHis*J*oT@%f?e?sPHi;#k8hOvdN3cDGIHl|=3f8muAR!R zWt4~xP|A;c!MXXf#>%p5P5NVrx61y{3TdT)l_z}*0o^pLb!3eB=L}rl*}92V-h#GR z$@BLs(qL}N^)Gh2L^1a4TuH|cCSjK(_?ztCO@U(Kc{&(Lqq{=gD2tr>S55V+(& zzRtX1S3BfDFJsFh0Zdv2&bGRx1+ipqzogTKoDdoXUr}%>TyM&^+!ww5%Rx+URg}sT z{kW;J^g3L!W@;zRfHJ0)8cz>}3oPHHiZ6)HhO{9oa;8>JHt(QabnC#TP-#WVg6T?m zMu8)1y~?6t|8jVMAuh1ujag7s?Vuk9@yB|NAS*`t`!WoL->5 z!TmWhpxu#kDK(P{YIfV;)g-Va!(qbwK)lg_pGoMc`8G}EUP-gSmfDpwiV`CymikF% zrKk_tV58cNMxPYZlCPRi6wT$WS?nj|9e6OKcTr&^s+=@qN0VF8p{8g7EsaPziix0U zBGBYX;;UK;&5^&lTka11`N0XSMtW|K*UMdY?BH;0JM_0P$-TjME&zEF2bH12$a_bI zC7?|Q+o7g5J$cjj!ujQfvR}ptE88<$_zw_VMuy+|Uv)__Rw_YVL2YA}Gm1GrB0a z#K}FNMoUIvqfJ5%*(q4r;TfF-{a$jl)E5&KnHpT+1`A-;K)JF7Kcid>V_i>f@$O*1M)?=9m&y-uQWmFejBmKS%K@Sh5@7affr?Ww#0wHK zej_a7%#}s;2v#xaRbhsIg(CP_c`X=I*bk|1&p5oC>wi>ceLK^zKSSEzyx|<4eedLp zdvbs2=?|wJyQt`5jGx;U82cQ_Us~Ge0s{2UB3ie9`D6p#vE=h>=bL}i>Lu6O{=$J( za0~v1R?kg_R5x#39-^|4U!=){ssj30%GFHGU*l^py6DVUG1fWVeM5TfLVb#QkuDR@ z5wb3Vk=oB_|bg3i>LdM3~KF4EdnIVlNhiBjP_VUU%OZMnft)FM5&60;VCne&mq zb!A|ZDoGdZ;H|x?~y-|l#MQMw8b4TM5DioqIN70$rebU+t>|eg8rgWxv?Kov{#g6fnBc%0Jc5dePXgU?Dbq z`KYI=O&zWQb&xC*xL5peK!;t;=-AlDW9G@Bos!2;dM&HNwq_9(pE~=kTk{c*`-n%N zkAY>@6lA9;s*>GuaZQWYJ#OUe<~yY1ZzYD{SHHOAT2emFhl=rFT%9#!KwtX}+{sl` zGZQ!gSiQWL;fa4s(O}%B-zdpJmLwwHba18$(x$LWWDR$X^vmHqO~jSqzAflHG4u_t zeV!vqd!72V-zxzUfpsq$@X3S?Gc^6j7ahAf0tXh3LwJH?kG3WK@7tqd0?T83HFNn( z=^*z$O*VR8uea$DQC}7w4$|Rx@R0J)%k9Rs^kXh-i$nFD1taoGB_%-?8(3*&qYIf= z`45e*lqblC6PIOPi%e&WX4=>%Ul}c#~J<<%J z&PcVYXaYn5qE4oiL$c(8E$)^Gy+M0)I;D`FXr_Eg$hovQxlw0mvDRJl{aD@pjW)kH zPO_2d%395lMZ&CpkkFYNIUMiHixYFs*I27_}GoKjA3JMfarv7x%VUiRQ zxNm8~e!)jT8drMNEa2 zOVu=gK|Xstk0ZD2A=iWSJMww z=LVATTK)nHz3O%tX%qeh2-WH%%v@^v1}EIkRRN zOd?wF*j@Q(qiyA9*|5pyN(S)zV)-!^3f3O!97^yD?NV!dJ~Rclf+Upo@5E8!qE6@` zB$#y2Sl3M$=Z?OAR!#$2&vmw^@!uyxuN!?lVcd$n(rL}R)4%+^enGmr*b^0?b@t+8 zP1cD^K^gUus+eT>>RR&)bLERzwk(w#kHd@{(`Pwn!LmWiaQb77wBgY=OmNt8336Kx zp4;I!6jh=4J%IP|og3BNmq80P{%_42z{jgR%nrp?H&+ODKqY*ypzuO%&2os;ae1w|M9)t) z%Nhc`TDK7=w^Kmwncd{c%W1T@8~*jSxwO>sKHI~Urkt~{=_#ET2)mm~^ZL`*nfY)? zY}H1?NKyXK-qnKhabpYX!B)#0AkZjw{_jyt1^l&Rp-cMaB>&e~L!8)Nhy+DH%yV|7 z|4MqK>Q!5TT;%zke6?RK)(1=MjI+-=i0>cer%Y)W!SBQZ_%nmdT#oAg6r?8GMJzHEu<&3qx5iuJ~gBe>3+?E2V+o>H?>H^H^n z2>KZjz;!_+X^NnOeSVC4g47XmOW)>=Ieei0p*i8XdtF4227ca%NPFz1`783cr>KOm zz=-k?LZtDv>Rfv^8*!Dk{6^VPG~}pTEc64NHPDvtPYh5LQS|(ubY&@2By?f!xTQ zCE6SBLke8!i(&1ejljCUJ|536Q^ff$Dx~vBsvWXbRD0;8h*g>}Rd}ua?K=CH1~T&n zBwBz&H(k~&l*HS~uyVj#Io)XF(Ge{*UoR-+oSXW*hbSpP_keQLrfRA1dZbEl$7=3r z^EQ3OS6Xr=qoo*f)`RzBBzS_HlWXNJ&cW1wImK=K;5BhaWE9A}Q znQCKOo|sWY>#FgOd%g)_n7%U0z2@{BzcvpnKXCi7fmIUczaRZPn;FlT`+jSVV2-3> zMN~XWw9j%I@j|HI+E)W4P9L|?e<0|kMz`>b${B7JnF)3%L>t}q?V#872rKa|EDxUK zfq`@-t;&h9<@xW*5T0C^6DV$6OlG*$kpc4*HeS$Ti+fIt!|-5QT4-L$D_R^l3D}Uh zh(mOi=ARs)>GtlqF(`j3GvK@rFLtn;@P!0Pg~cb&mb&a;5}@BW*Vuwq`$>IS2GKbh zaBwaW6IHN2RfX7ZD}xz&sRCf%#dRLcbFhy#0eN4?%tR?F&JDFDK)zrBl2el|v+<7c zBHxCVT0q4)1UgEFjDitZ_kBoA%o z=|@+3j`vAHE=yXFkRHCCsVN9YLib4yGS#rrVzb;js28h_9I^7f}Q6>=48JCQxWJ5xj16$|eGqqt_|_ zo0w`x_~}PmdoJq9G@zkm$pqc7gUuJNAr-RJ7L-JPa4R?=d@4Bu^mG6Mj`$=zihp6A zV@)#i_+2phO9>mb(j!LShwcMroZ_yh<|)r)PZpRG>Vj!>Nx^ez=+yE?5R{b__KxC7 zGZiPcAt^12M_R!syj@gTW2D8N?~3sx7^xYv?g?d$=?pncWZ?r-+gF(ZapL?H&}5$q zG-TukSpC`mqMG0eDn7^q#xpff_YB1I^&m4%Qtj>{xyqFsejl6y zIuTgR4s5itulU_Leq&@fDwN$x)$ICj44>6Sc}N1432u8E$UHne*y@+x^B*F&U>$Cs zlRC6(P`8j?($IEh-yEu;1lOd8zz3CQIPVI*0Voz{*z%y2&)Q$v|u91L>kPm+D zY7gJ9M!C*G=O14jl8ig?X1lA^(CO;Nc=HR>4tK- z;-5P-##uF2{}s)oj`SUkhjBoS46)GPkGI}8te;i-t+k$Gej3rU+sNxFjU<_A;-+#iGvC3PT7lc2L#A_&FPhJO}Iez91 z3sCF7QR#^&ThfckHd?d^URy5vW^Ii}Bt%ol09Oq)9+>hV5x9Q9*F_g-ctV6w&&Mti zLm8i1(QZzad5{g|f2$@F5HFFCBk_VLQX9x5J-wP(;1YjDGUhpbircW$8?!W(g6_K+ zYe|l&(`mR^P>}SO&aU90ofJ(X6I%PYklA6hyLl09fjHpeCcuhb)0D0zwR>|{FiA`w znBlVuf7G)^)X5q+O!j-KNY>1_w(aTEQ=8=mH@+$R8h#OtfD>uAR?s9mZPB;X zVcIjZaT1kwV4dFfyJsKEj5IlAjD!2Boq9Y`GtgoJ1zf(ee6F+LI5}62s~fYHcBm% zTaCGMe8dgzP*szA?6G$TGD2ufR(egKqxdWDRHBt<0U1&{G5?9tAvpiV?3YV`|`+#WY?XE zSUk=Ou=*PrkNeaegKkpR3^^PE&c<&A9!`vJH~kVPx5|KVAf&b3ZE>=ra0{JaTw2&I z?5hJS2t}LgHEP41a11(|oFv5opGf{)-)J_UIa%KIrR7HMb*^ivhc5r9sK(+(@(4E4 z7<+~2DWr`igHZAi$(xsfvh8}5GAm7(Xr5xEEx2mEFPk7|jt(I_fnX+K9z^@Tz~Cm_s#4*{hh@VAZHQK$f?VU#b)_B2j@EY(g#&%U!~VW? zS|fGpYatG6Ryh`|Z5M>ZHem2b&uqJxTI0xw7wX)pWznN-gHyI78EyyM9%$XxKef?I znupzC$`gLte!KBu&IY}2<%GPf#0TDWIVT&-F(zj^KU^a60@d-CRg9dvP^Vpngp2|6 zmVjJYs6HF<_a|nUN;4Ldp9qTWi!gTTJse3$;VN*+VPtTG2cFy1${oU5H#n zE(O|40iJyzuD@Iz$N)Ah(7g?ZH;TpZ!lJ*(L6uAzf)C7%f{jd%^h-s}NBKh#=39)Y z__rpd>wGu!?;wXC2U&;l8X|QvX+TwdJc`3c3}l0hGY=Ko3%ezehGQ4gBnu_;&3tdp z8$Jdxwxp$<^+J~kmfqu=Uq~Wuylus9E@#6;>RVK^Iw|fP6W1zNS_3%d#*v2i}8noc_EO-=Lu9UHOKsmu%L36P^ZCbSvQA4X@nW7zTsyz zmuCiO%doCxj~U>rP>C8a)fR_zm(ct)%Y72AVn|`-IihL$0prU@Dik#}NTr(_9Oioe zxSL5mT}3J?`@x|*>d(_j2gZ?`vY+sTs3}|4KQ+Nh;tXt8hkS8PnSfQ4TSO^g%L@5BGhp5XX)8Zu97yhnod$Z zd>;dJ@6CWOYRg{f?}wo^!wJ1q40_WZ_cXg&r-hd~rtYxX$JN>)S5xq=S|$RnwhG@o z2EV93ANKFvw>H*&7yh{M$Kf{~i`9xVYX_YBMQC}@0`x~wX4Ah($$=cH|z_qC@sQ!rtn%piwIt~)mmQ6w)Jpu(5Ofp<0I9}q$bK!44nN;fO!pk0O zKRNc99s{`#M(8nXz~CMi@&|0A@sF4=(JPAbn)Ot z0nN~1-h#oUB3JZ(6uI|&FKSs_ISnL63F-wOk|`ap65ZdpPS#o_5rj2DjWP)K&aRsX?=H*PJmM3LuJQB%=YZubYW zZRB?M(9lERc_%Ti=9OOAufoWujEUrR_j@7&=Tg{0FD(t~zi}*A9c2Fy2>A)xp zoBn|%Ab{sGlx~l?l_E_`Z#Q4JgBIAUWNp_|Q>i+=XdBxC@9rCP0FF(wrdxe-Gg3*) zeXA{CmNz8yWnynpk*+QAn=GtE4OFun?iHg5MigkhI^A=Iavb8gmW}@{s~*J9WlJ;{ zI3NcMQ~>;aE&JU3Z6jl3HLai4;P-)*o6o{C`(}rgs%-69es6K?=mQ-RLjQJ1K%tHn z=lGoTdBDTIzLU$nQu0n!#kIa`izH*_ zHgXz}aaVw2D@v)h_R1BfH)B;VeRh{Pl9LRyRYIC%1x}%X^kMUGzJ4OIHe;DdVqwJ9 zB*0Q>mqc=~V4g25OckiUk9It*_2UU%0XyPh)IXZ{WUKL~b=lMY>dYh0VQi5^8xLQ# z=ZVw)@_1geK92(rS?)%8l0|ZA)u3J;DqCBZUl62=Q@K^H43N|CRi>j;OXSdQH^$kbFqKy_9}LlG(a36ts|I{MCm*hN5&Oqsd=8 zAd^<33p(V+Wtgwpr61OHy~oF6UO{Xk)ksNfo7HVoTsLP9&cygMa)zI-5L20L0*ny2 zWm@vK+0Q5o=ruzURaV(z$R}@T<|gaiF-Obf;_CL+{5_|K?te$;Mq#@T8k=I5awCSoLc_@u_@pvJv|Kx zuGz*mZbN~oGzF-$kKkyGc1F*22NN^bc#GOkqg6p;Q_=4TR=|03)vek83nXcMof4wS z3Wf#vRJJhm!Zd$3{ZKu>YFF9|>06Vk#MZ4;cMsBbr6275)T8siGIB^ar(f8BwCWkz zmxOkV;*G9f9jL5wUFYxt>4mq=QPHidgAnnutHL&}^VWgIk0tX;=@eOw8~__*F(Qxr zJGQ0(>rbRMKCu%%hfXsLkH5O5H@;r$`mf3WV1brLn#H8XDm$Xc7l0VidLCW0{-wwOEMqFB)ac#>MH@nWUx+_f*dBx{CIay)6(#t?yuAweKcO2{*aKQPzKWVh?}zl!>s1h64BXF3}U7BW14r!82A&lhvkm%K$7_7+`MG8 zAl5RK`eVA_U3Yr<>QD~6|F`Du4 z6Q#O!o3(=ZpWCUa!1xa@z|YGC1ExsbD1rS@j}Bi&`7-B8K0T=tZs$SibGXF07g?`2 zPSLdJy@u6H9S6W>Ux8cKR8E}#E70kxcp^FN)}(K)wf;r+;}>@)%SU`nlzO7M-eb6y~zG0p+Sr?7zr0n@hQ@KBIF*+uSS7Z+4?QlKfDomI>lv zG;ZT6zE)$Z9PH%qr^D)rLsf%~F(hvd80iEP-8dL-yyB-zN+U`6J5P>E?S*;fRBmNE zJ@b{_aEx(Ro6i25(zOxQ@d>TRv6kZ&>tZwrn2^5IdZxk6$Wq=?=RT1sikCw@IE>?t zys4Q;6?5n`aoVnrB_K{MAw(GRWz_O4KTHB3T9jJ9$8$Tn3*RHj(`X_>?V zYxGUX=b1ONmF_H7_NW>_l7y{THEj6TFLdYE#B4GmYrPJ~|E>v80DhcZ;RL`oMFWMWHHgred}I2SU-#hDL$w3f*| zstbsUr;1AU%{2sFyiIO>>ng_wz6|i6bZE>kO!)@#L7W3hO2xMhvR^ALV))ceIc?uJ z3+4;c7Si@h5g`xCUKV0!pMk4%NF!Y(dV^`PIPmc;QM1~IynWF6gxR)t`*u;cJU_Z( zHBHlJV7R2ACC<%c=@Y_Uh;&n3EbD%;SL9Yk8t=xav~DP`Uz;9W`9!@G6whgJ9i#Q2 zDH`x(XZP3uJ%O{0|HJgdxED_BmmO#JpIM~426Rc1anHkefvRz9)L_)kL_>!l%M}Kc*>e8Up^uK-Iu)b;l7n4J5 z6_gfh+jaL9K4YOw@}1OUzjOCnL%bsAtcJykm9OO)TK|RTMGc!2;62^V_avIOU$&U9 z`{=v(s=t%>ct{Ju3ZuuX+kyY;2LILn9lo~gna7T2;%v;$$e*x)+>vSQgIEjSj0f(- z)W4R2`}eVk_pvD-{o|$jX+nNEtWJRrJSHRx`{HH_4+v(O1>o zLZ$If!9)U^hd_g3VZRm-(^VIqFjInyxLfq(Mg!--1QmKzvF&WA-yRNT($+>6d|l^s0{PMLctxbINPk8iv}_E^qf+q$67L{SG{NJV#D{bX zW_FA3h?z~$-{g&;T{&e$pD(h9HSP{R7S|99R>?3tT(lThsxn~VCQ3S*AZ8X%EOh=L z&#oj?;tqb+BV5 zioO2{uTwMf`q#YDMsX5EQrwsVrTc7}j_&o>w*@jPqPCyu2mZa1^^h%&%Txc5u3c+9 z2Jd!lo+8uMaT26oyQR>>O>V=8P7VxWKB&Z$vZIpFQX6m=4-dFHbm44CZC}cjEz#MvE4m>MT?gt4(LZ%QfK{Z2lnIN;eMN4a6ZB! zB)U`8S1L1e4*fYlp1yk+QgR{lowMX*SBRWg)|U)d^{mOzapiR1DvkEF3DG3?w&jrJ zD_Fz2V_>247N~=vp-w&;nL z|BLkqDvMgmhm2yVTKxOeH|6w}2)wv}r@67rM~Bo3(z1kDn8=XwpI`O3CRxAY*8Mi* zj$e8oqkCDd7=`>HhkiWBT~{tl9qZsPko0Qe(8}fk$q`NA(^LseBhMF{S^~Lx9-kOe z=JQh9)K29T8*_8=5xT3Y*yJ-Y!;EQJR#`4(>BpzU^2ogiumx1J3|tljTiY>e)PrTS zp$3sZqzTc?^yb`OHV)_QV@x=+5I_H!=kZC?!7lc)v2Hr%&j!O5CT4zI`hdBM?RM3?_SN+}xBTWh!YaBKk7*bEh3~rYifv>g7a@ z3-yD%!tV64K2R!0^_KBYB=O(JKmDuB-Xn^`=v9dLJ2A$&T6IWQ>x_m9IRqYY5=)TaDQ zF?hg?18c?7^Y_qO!jbnZc5|X&``Zkp;nD}q>$lGKW~y4BBvt95Bo*ZTr>JALGBNE6 z3)DR!?4huv-z@(SC4|M{Quj^#pE8){_2u$l>i!q#>*uxj1FV?(9Lqpd)R*er@w;!r z7rO6!tcu-p@~7?8Q?u7Fi|6odBaKev_rlk^P7v7wpz%PJ*(?e6@e?N(MHD3lC)<(uh<`zQ*wJfN8cu`6EHDobi)ekXO>TCZ z|{ZU$FxS2&OZHQzQT#&O`6>x}d1b45X^3pz2riKW@CMoqQ~eJ${dZ z3Lv48P^T|I&H0~_);v&71`5jhbeLExVeX~n$qK~Z-~!68<&)PXI}-S1%_KE9G5G0T zM69;X=ttLId+u)Hhd7u(;6|L*qXEk>_Us>D0$JxPI1?+{>^N32S)<;7fm_{31Bm)z ze2tPWFCvJC8`aE2N&~lnM}DRKnE)2k%BaGROklvL7tMvJ-yo%}&KmiWP=*k7>cD&x zfQQkE<{gfO2(re;*mG8hfjDQ{l-`bWUoHP;5S#$9MY+(b4vCQFdeNpV@0Ac5r4bwd zId%l^_=Ex0*w*~b=Joo%g-CT93S~h}hFZmZ{AYJzv4Y=sp+?4WiTdPNv0+!qML25J zX6w?jtymlPAK#0hVEgg30p~S-Q++nj9$`zI8cXOpX;ykY;>g&U=;dRn^Wk1;UfQkx z@0q3!SK7yd4o=LL+_ArYaB}T6{NW`F#2o4^eV}~r%}AB%CV(@~L61qA?|mg8*nXlM0xbvgfD+>wFLPL0C zjvD{<={QijbDDXb-&MZYOb?%uy)S+LVs4)pDsF_r5AVSQSUS^k;De*(Sk=98)iyM? zCRfq$GEJsBkYA2bfX*hF-_KAi$h|iw!@y7UN3eZ#d3id=eNa0FSorKI2~lhU-(y-K zxck=U5s<@2P=%o8Dt==9nb)F3cKB%q%FQe6Wz&KgwA|$1@OWTiJ7B+Y@b;cAYKxBL zM!MX^PWI%!Id2(yUom_G$yD2mY=>)adv?+R9cf#SbKa_H zxG1Ty!aHfHWlZ8Y=7+1dPG0oU8zUNS=GH4M+V5OJU6uWRG`)vE)$jj5ZWFRHvbSWG zP-HtC8HF5ibd0QHzp~e{vv)?6b!5aj_MvPIdz@n&Ar#@5$6m+yo!+0{_fI&_+qtgm z@wm@ZlRnT*&$4Xt*@xc9oaNTkA&{f*$&7PeK?u>ce|qs|>-Wv3Z9=%_Owhb+&dU4n zwA8qqL`S!joz?}55TZ!9QG&|qtpS{D3n`yx!f&tFbtw*8`UhSAzX8hXtfXm$07H?C zD>_SA6iW`Z>UKBlKx}!#+8oqF&V~3240Fk?4cO;eB zEx~-#$PKjMLb3UCHg$ER{Omn7Nk-dZ^@lG@%$>I#S{54ntLc#Na`;{D4k&{z-j zRT^k&_&8SZ@V8K~srDvH=Y)_G;y48%{tYDle^LIvMvlMA>@3T-sZnn#b;S_+CWngB zWThFra_KL!@}E8W&zbJ0=kO|He1vFg)qJ|)8Lzsz+qy(kc~oO`yF1PARY#>527+HG z>YcOR6o=}6!YO|YPdijHHXa@P063>(F$4+(n0+9|Zu3;?*9G>A7E3N_Q?m=r(wo1D z6_ral6x-krQswQg8nZlN6A^&S8ILm#R8b@2OsQxhVF30`OT9+l{!s5_K33aCH zcDB0x)rN8b`vX1o38rqrR$UvxMYW<6tgzXL@LKn)`bYQr;%crQ$@FCEt(01y9CFR+ zQ*+KgjMLWsKg6Tp%gvTOq^H%W%ANsn=Dtk(gcjkrc)Ne}q|rx)*M z=^gjUG3Krx!D4t4&xG$ou8b5L!s*0n57)S=yFC&nXocI|4Q*{!Vs8`jN~(H-ke7C( z+$I~M<)j~rrs$0CVg7q&_=}|xJ4GV?GnNdDfJdj0AA4d*vQgH6)n@BC3zGk6l5np9 zRqL^bb*)aUASl$#zyv?~Q zJx`=^VF!#nbn5tC{&3Kj^@?!Y^oX2n+ux#(1D#WIHXb%pS+V6}d|UzA-)3J3yTygR zAbOCa;tIWf9U;Pau$@GsVFa=O8}yDCG4u;T{EET+>6kx{gyh^E4ePfE^obrh_je7Q zih;*WjPJ%Zcv*nhICF}I&2G}6K!gORQzStBwiCX3awDP40E<4_?$z4|&wnbfrL8~Gy@bc~7gx>8?67+~yUWF|N- zdX;Yc0*$vfnRMCUHj88)2==& z+Uw5NT=+i#!fWyEb(y5?8sT)H!WBB5>HE!Nhe0+oVR9K?C+^fQJh|flSQx05+HPzv zi4kdfcBeTj$G?d%>+&I*h$GQ?{d92wuDGuSs#wQqNk%UYwI_#)^?h9(oxlk;IM(h( zxv+Her0AN-=R2NScAd!ILL5WcqLL}pg)F1!cLBwCG^tL~cy-pdnQr<(01W-L2ai%{ zZqu+S9d)Q?9s4KPjH6P`zT|8m$RkG!K$ zDM4QCUFi1uumqM0BD6uO-anfS~w_ z<0baJgUZ^m&?EDdyW3rVgFoabs(AY3|J(NkN$xx>BHrHY&KAx;EFx7SH9bNLn!GUVS1N0q>loG#;x8ce zaxuYe1sBb9wZk#h6ER#>`X!X$IX39={i-xf6E z`hMM&2_h{dnFkLMJufJ%pm*0=)Qse1{jgVQEnjA0K$1H$7OeW@NizepJ%vWiW6bL3 zQw1pGQ_s!3{{#qiu3k^{l>jyYA0mv*c&Apl?))g))(V+Jky%_nB@zjt;+IOY7Jon< z`bis}f{U0rNyNsG%+jiL1K8K&1h8JJ`7xzpm}ppET|4;Lt#9y{^l32h6Wg zdY;rYbp-p1=H%rr6sQaM-GF=9et!jY2N10ciHy|K(7jHPc+72X22(ugQD3^FOT^IOG`j4qm3l=`sb6#XZvf->7NjcfV^1G!;N@&tn%3>e} z&0HKQuO_80=B0v)lK18j%J4rl)H~5mdy%v+EH_;mQh{n79KN76eW6VXV82K|sfuXs z9A%30+FWC9eJ>LiNEdIQ{>>&gJ-*%j1?Qut?_&g#4=_n4a256WX~&%)6-zJ^Cdlnb za-y;B0lEvs_WB4#!H(l9!EE59%{0o0Sg@&G&?3mTsDqxe2C?j5cU`@hZM z)}Q#bs7|H#&>_J(gLS{-gT43fA#&oJlqqVvC5V0Vl0Uf59&8+G2%{Y6!^b4xuYI^i zWg3>LTYE9>$Yyt?!v~r{@+Z=D?7XWT$$Dw2T22o($41u3(gtn1B4}`dOQf?-Z88*MC zM*t{XRMFHaPs)Xbde+x{g9ZK*tTqQ@m-P3+Qel=hM_ARvIz zI6&tIY!gK=4=eVQr!CZZ&{g{K%$n2sBv$hJc0c%EO zLvF|T8eB}a89*hY({OV1p#Q!g{!?F0XD7YB0ECsX$lp45a97L)9 zRLHiXTH2C;a!9RhOacFR*LG|NIN5rXmZJ9<+{4^d_~3eRx!T!h1Z)6zW+ir_>`zH` zb<+|@LO$fcW0RY=s-=ZIhC)y1!9>lGNB;l7y6vAz3;m=96>dI+LFLbZu-?yqC(OMd zP|}}*6Rp-F+za^=T!H*#7A`CD$5Fh7X&+_#9_8Ob&Uk~NZEuA7;2irDjmU^ZofRfh zYboj5u$wt{P?t2lVv82?Tfrw-O|f9UKSF5^Son#~rfbnKXw!!#KGEFm2=l|%Es_1m z=_H*r(v)FbW58A53?YYulG?R;_kq==d3lUrq9}Fn_lP{}F(x7OImEcwxAOO(*men! z(*NYfejwNb8_dNk3#-Ds{f6VL|4)ygNk)1BLH$fwA?>Z+=n@Gq(jD2 zcU#0c_&++J_=Ma#5?q|%{)P<2;C`nrjFF>Mi>XvO#tk%Qj;GQ+X~96L!u~cddPvr;!rhD zJxNv0?=PWu{4Zq$nnYP@`{FL#d1V_+zmsRGGK1-uswZC%X|;dWO`_aXR!h3pDq09( zb6d5r=0DEyXGtWv+R()HJ?0zje)A7jKB!38Ojf-+JjUsDO`$5PiKd-Y#Sv$(qlc=I z>u*=Pz*C)-X&JH{pB&K3r3!cN?0@iH*tl%bX%l8KPQwM@g35}>k=Ix?`?Kotu6UJd zloKPbi1S#6nFaBC!T#@P-T68$IJj)F_{Sm`a1}eu~ z@R*C{Q&Gkw2sB2K@>=rU4BQ^AGo2LKXQG@Vvw0v9#s9wHVGAM>%lFmLbpW6_7LWZZ zhH_q9du-Ih=vE^aUhCKiSE$PFmC}MZB2kb`VnhdLi>n~sik4!fs;$#R51A89i9pxTrrl!c@w?+i!clu{zz-#Vy> zzD`B6t$%C%alJTuEZr(0%}P@k{~*}u6KQ0Wjk&JMEnQTVh6Twpr|&}uCkj`q-*KY8 zY2EI}LGujezcU;+t%R1D>x0}bJuTyqTQksA*|u7cWo)nfd-eS0#2Z7K$2E)D`J6N~ z4$AkTA8>A)K`aANjv6*d(@){k>PXgX;2$e`=F>XtlHaKgkQD0&;aF+3>X9(A!IpWX znbOa5FK5Ig^oNCIj*06HeUhA#<__o6dH%5gDKP;38nK4Q9WBhQ<*7TZtJIUA5F`o2 zKr^Ew3FbJiX=%0c7TJFaMiep5>?!HJJZ_@ybGEf75yZDKfn{U>Jj(2dW*UMzS;pk& z+$GZm$a4sVIQgmo*VE7?4USSkQqE1EoKB$IQNkTX9?E2)EFfRRcv%;-27ie|!mhVf z&qo?Y851m-KU z+w#u1WyBh?-Ov5^``xaUj~76RZ%>G=lqxGXrfLshLYB+0;}&dUn&7!z{ANIz%hWWk zHMdCdIy_z@Zw+se9q!KPTDIbftf~urulM_hRRFl}LpJN5Gao}?&jNzxcMd~?$41Tv zJlFI8jsr0G_7j86V4Q(Ks1G(CT3()g7mLai@qooKPPSw={)GEwP#flSZ1HB6TB7Ln zwzTG^oVx&=3w#iciQgJ=78IReHkwu=NgD9FkB}x?`C3m{D(-`?zuZu|^B5~eV~^p0 zsO_+j`l>;_!7cLA74@91PI?U#!=Rr=AX4m?w7IimrY}BPTTv@m%*hQlh>JUg8)J7*IluWbp8SbHjqcs0otyxzV`Ql={$$clgWca9Q@G%PL0mDF;<; zk#B+7gi)~qRUvz8>RiRWt;vV?d|r;lny(CrrIaj>$9hW%Zqt2Cuy=6)==7cEj zHNTWOSp-t4yB<-KVcRdUTtp}Ii)xiQ-rai}^Eoj=qvJZ0r za4AgPR8nY2)m>va*tD7^f|$c$W108c?{i=#Hwa*Au;Gopp_x234IJ;D8~x&JF>$ACZ{M6=ijT9?V2>%cZDL*;XeH}_a z{9I?kq(L@_WC)(NEnx7R+$dnz_*ymFNM_ku1*8+SG7};y6^zR=5c;bra+m#L=_or6sOB0Jqqvm!P@QE2~Xd9l-*>2pTFI3;I@FHQ0#WSUjkV zep(&cRRiBD6a(4tZ#+7KK|QpBb%y(FL8Z(#26qGlmF+TMvs@?QyS7LOJEdziV^j?< zn@$Uv4acgTVmnl zcGXYyDN7{vq%@CYEaP)dAKr>_n!E)GtWYgTk+GjC_1LYl1)u#u7Fh-h9Gx_9b(8xV z&(+&TGMJTWq;G|AUZj)0pKW20Kd2If!yHG*Yw@>f#;RPUNa#A!=nI3EHg^^z5w0Qq zVHov^p7u%s&!P6sjUvkfmB^Yu$1CR2(fxRM-rOdwyG}G334V4SU{1O0!d+WAYh0rv z&Izauj~}g1^31NVbiR>QdQyLU-2WhODhz7l9OhHa&pLk{`z|Sdhjsoz)l}vy9C3L0 zvGlb1-yC0YUVQJ)=esxj5u+{>~x|55x=O&L~mcnGW8b**G0c9NEc9QJmoxdBjLgtWHYFB`BX2Glpt-VNv0 zvkX~?+9!!U}trG;a)_N@_XkEzmKVu+wiR+R)?+D>&SJ&W6f)TY34C-Tz*Vd|{x?k9B5=b=ut zGr}U0fnqg4HMwQqF=V;7^dfzmo9)TeW-xLTJw=OAbd21_H3oXT8bQe{3(j_JsT%7% zt&Sz56$-{1tCvQDqv?b$hDe1tHU#zAby&#E*k<ts}*c8cH5L$YRz2o$i2E~zAWW@YbJq` z_-@OEB6SgO{TO|pVLQE58VUUpY093G zNOo>71!xq-7>cH)LOr^djaEZwR-x&ROMZ*1vhhd!-Sywb1i6CSzA#0#na*gn>N&$M zn~zmUzgqP~`d>!1b?D`7`2xB)K5~>?LsmnVdT>^hJLKTvcg`icbYe@{>DgCH%dThy z&7pXjko+rl>8y&)KO-+XWFB09-&dI7+Z0W!7s-g{FCX);rZoEdMYW4V7`Gc`^`duUV3#)JV(^{g)#ivD2!nOU4Al+E9qM zm}85--6OXZ{{16;S<-Z58T2T~?M1GC8byeOUn2EW!1>dfZOjJ0ytT0-8Cio6s~G#6 zcSi)Mda3hxD+p`d8^yn{z;dP@tm{^E(ChL7661&1?psICqcUA?^)M>>3v0%g6h4%D zW+i^ls^LtS;GUJ5ikf+1P^l>p@cqS(smnwIBdX>ZmKYwn-Ovk>|MIQcJdw7@s?)%& zEL))&bH#DQ2)DP#Rb>;Oc)Q)t%buJhN-K&E2|=FvM7Xr=zF)~HZpn6VaVXjLk|55e zw|O4LP`)7OG!@tVwpBeass{u64rfnna*Ht~A{Or*D5hCr6Z2vhN;^nv*KFa#_9DSM)un+DD z+|hUGJ#K_j>J4>Tt@pI=&3s+v`-5tUkWuVJgrP}lb?ziWUzx)Ky)e-hak>NPSF>WL z^HOc|6QAmjgEm#A`RlX4);SIXD=kZVvh<9b%8G!cCU*}C?3X!qhO`VX8fek8 ziyL_P74iMMLI)#N6k1I$AbllAhJ`d=K%ATf+K6o=iC(qXeARAor}Mwz@z3hAOSc*k z`|_9gaMkp(e?tG(?pKEX403oO0ofysXR2nz8M^24N*y{M!bBc+o-Ew?0>~mYHt*$f zdkY$$Uhm}5`j`)CDH|^04OAtmU>sp3Z#JQ1Tykh`=#u1RD%~DGU~(L9M7*S%+$Pcp z0`n>#JLNvqH6d*chKE49ASiVgjac&La_(;8!i#Gy{x zKp8)}Z75b7zHF{H1unO+WsTzTH_*kvE5&wJm{>J6dPNlzP_ORa1DD4$F> z7Ox4{6>Ixm=0tLN-E15cm$nxJL+~yWmIPo-@T1vL#CX|C!M|~mj{ni_|#eWk-%@Ib*x}RnXmG=GbC~!7fJdW)942Lq%nTBt`>`oAW<&1++NgLTcsRE zKWb^Bg>T>b19AotvrY%dl7+s`8Jf-I-!d7X_ZlPVj|1Wa-!Xpo!9rIH@1aA@P2Uf zGgk>k2y#N%T*~Gv_<^wf4A`L6*hY7HF9%=iR;1#3eQ*CvFd7V5c-*SqwAGfO->1h^ z>L#S)D{a+DC`uihSysiT#{}v>lGA zSXS8_H9CqCm){_y^exK~b!=-JJ3F41#0>QPIHGdRImMwQgw$2`9tNIba(x^nDLv&C z-0{i&#@-5$Fa&l+BJ3HHUCUx;D6X9+SR532x00v|A6g#HA5gcQdoq)*#q$qivpcxG z#M|(fYjT}GkPjDRe_h6PDXg(gB-T|C;~lJ@+t%OjCtE^vl|AD`ey9#1sfH#G%Qo{j zuC+*92&skqElBURTui*oQTH+7XB&482ydnfcLN+gqICi^ zY_&_RRZgg9X>7jcrdx=tQV?hPBoyzx03=~Pe0(z&Yj`~1U@G=@;0iC9o+Qp-(VdP# z>8z5SceW@7v%NH5Nzj>|%1`mah@xDri?3ecSw1<~X~aAflm4?S{$>IyuPi{dKv`*f z89_#Ct^@L|0Yr%%ohZ=2H81ApA-ClD2zfz6RWSBLOHq zFi^WyE!T8h)#>K(aq#=xn6SOtzod!T*G1p{Y1D<^hk1?zC$1pu^N8CCkpL4ggY5Ho zP-YW_CX?;DV|<9Mfjph@!dNL&eM9rp^UrT*7B~M3_2q7%1p<3J?zF2A2~VO{h1%B* z+euZsqAJC(r?>l!>l^M~;xRENvs>>T6Qq%>MC$b0X?H1gp!s|RwCm#z1zaR?Ar}-B zs1Xf}6eV{yeJ*Ue!aRQ`?^u_jJDwtdN$2fV_|0Hq9!SGWnW0zp;zKKPB7Zj$#)S0m ze?03sH%$xR{Ge%BOOMuMdqn@!O-VzS64qwsQG9G)oPTnWA<@ph=s<%eG!fPzIE_-m zm_$S-mY{wPwr+j4y!wYRvHPIV$xR*Ql9L=Mr4Y|b4MYlZT$UDZXZ|;&ttI;~2wCj`S?_J(}1~ za6Bblhb}4CZ6ZqbDfcjo+~=3%GWp& z=+T!uH1lLzO{35KyLTD1m@8n=KWHN=NAT=pV!Rd?eFk}zg6_}j45#SMu*-jjv@z>k zHh~4Z&wjkgu77Z6Nmsf)?=TcWFwqBBh&|r2uJwjmaMS@?e{%ze@XV1ilPjp{{%>v= zBdD}LLc=#D!J%(y+H&2I6ggEYu|srd}VG#W83gS~p5J51Od% zc68J_J_TRh2>~`Sh6J-wAJ-C-@rD=ASO1rie-IkFd~;>#ItX$%R*cf%CHnI2Ng{Ny zL2)`e5n=k3oDz8!5h@Df??@e5!*t%D^=&bG2%J_%Du`ab#4i+vD^FVgD;%=;HFzS6 z;&3JrK{hVWzIlHn|8%ru!DC_$I>BI4;a93nP0e}{zrl>KPt~m^g|jLz;C&UnB-#2S zH$Pc*wboceTPQqSiCTQZO$5pZ0ensLP*!_4QK$Yp}9vO-X{= zqA|giu(cFR$99(%cJ`Ofi$^L=K&aZfFPE&u|rCVsi9^Amb3?%WFfdTlh`foRsV|rmCPG z=PK08P9yz)*R5?|z*628Ca?^+ds3>ttF$`|p|9JL2uqH-W&Q<5*Z&hJ{97Jr+3GDs zrU-m62M#(A&IV+j_l>*QPHT2eb53UHe`Md=7oWO4=zhYmg7p#Vbk2dfxi|zC=j||_ z86v($AKfUuo5XXWO8XXi#4_{~IDH zT1{y{`+h_pL*qk+3=*azOQ8^h>B|D7jn&p*^xV_cYW_Qm;eI zhRa$@c-fZP(a_+jQ_C;JLGO;|mp$ij`KHWTd9y( z?zQQ$>BrL~JZ2j?k8F~$?k%{J)5+j0;IbcT`>|R^m!dKOp)SR(Ce*YQ`IdQ2hW0xu z${Mql;4sMeKC)ae8K7|{j94*|xldY{Cs z(!b8KS|%Zq6iRlOOx$r*cNS|$wtbWd=KjrF25!-p448K}w=3>3Lkw&ZDIXv-lBt#b z<^zP|w)J{LhB~)EdBG8tWzoK@&iN(h_WgK5qmW((aluH zH&bf$)?NQ@nbhh^Y|&|__dssww(eO7NBG&Dp`DQHyd8UFXJhvFzZlmbw?IIPkk(%1 zNd`L%h0FV_;3B>e-AK$EezwpSm_SZsxxVd8B;XmGi68Dq1P(o83Mp9lCH`zdX#QkZ z@%v|$_2sIhpC4K{UAkq?dE%{_@wc@seN6sS4Hobut>ion$czq?^1;A8?WoNt-U;kn z(^SIm=F6jvNuQjxvjFh7a0e7$RCj-HJwTHA;kx;lp~nks368+ZPIQRSC8bv_+Q;Dd zAz7L#U!Z>kQTjr_OZFMTJRv>Bed!;cRI9%&%9uuz@^v_Y<*lqKKjhADjo3}ro?m7Z zE0qpabyaUmEkc9dYaE1)Pl&n&MjWC27af+mK;> zxy8I(XKuXuWzsK#xMpPOXT0%DcHtwxtgD-pR;7{g@m+)1$8J*odlMgHGpEd%VdAw7 zlbh28HkUgC^*i%0;fwB-kOh$EX+1uY6ee4*c^)LiTw<+lst1Nugj=6@AR|Sm z0oCe9A2LY^dOwP>e0!PQU~yI9Fu_}8Euql$Mhi9>?7|i(6%UHWk-gAt5 z-^6N6iQyBv|LmyiXfAbQdaKH!ipzq3%=vV<>*714j1}@brooOAUspCvo(USO==(%L zEpHncNUo^`E3zJ9e0VT<0S<-u<61G_V#+Vj-E{dt_7NSCThnx6f)VKaQa%V9 zt%KfROFTn5E2*<4HDCnmUFSA~w-C77&@1gg z-Fq{Xip9UjXEBB!&<*02QYKGO#~E0Kn(Aksq(?+!7c39*nB}8K*~-?Eb}8ZThZUIY zjkfvhN}j4T(%1TyBBz1M(^F3(L-+IV?XP#O*Z%hRUk`AHOGkib&k59#c9mowb#PDl zal)M8kX`^s3NuA&i8d{{Gs5rqBeh2B?qmpTb5F@?%$9eO$&Za-nX5Wp`e{96ccNQ* z5V1W$tftVmDIUq^RyKG`$&-E@O$jI-h9>RP&TC)u{-JNdn#fwUsYN3!UX3}9aIi*b zT22ICH2P}J9><~l+To2TuK5H@>ZxDI>bzS z9L}Cd-{1|w!(M#3%9fSN4I5(Q{lpmfE&SrV;bN}qQBy4t`V`*j=*z3krtDqVC_*J~ zF2(<2A~=akdnVt*B^40*s=0Qv$TCcSXtq-(zlR7zu{f;)5S0@VvBGt^08nIveGN5Yl|y&3*#Q{q|^+Tyo+)@)>in zcfa4)K|L=&t)~VgA2(H;<6hBKdX}MgBaA2UT(>vj(#x2zretC}6WyaU8o8E7!_W~F z!@TtyJ-Ut?i*nIi~kePJfX zA%tSF(X!xY=FA^C!9P3jkAZ}?XM|?cVgFBXo+WqYy%dB*W4tVMTa&$ieu=#KqEj^C zP9|$Z=;nK3vvjE4m%naZ2YMG>++BF9!KIX1KLXY&x6GU!yxF1pgNqIVeW#+YP`!xs zxvAfju*I3ff1kA*YGMOE^wTct`rqlFk69Zel7v)9#n&v1mmeThmtsI;0$*}03)eWE zXUw+_6kfR4UY^FA>*06R3Z%$&C*=pdDiW$zO9qrei=(d3h;OspM!VsqAI%3{234%) z&i9l?4SxrUI*q)U1-qOZ${}(3s*Dz^pQun)(<^Eq5gbAM)*@M7$7>vEy7+VK1nH~D z7il?nGNo&-p&73`WX!6H*pWp8s^up#g*d7LSjbNZ|Hg=_m#xmk`hFti5_IrL15+CUq0qfKPL~AS=!^x{M{h3Lnn4z_ZpPPOQm$|XTcTi zgN$id1+Lq~62WKZXJXRQd-D@XcqbB(?VnH4Z*z>$Kx*M}T}b2SR+@c=nJ#A9_~nKt z^h(E8zAVN}A4P{yo2QNEa^97A{RE~0XGlc8pm@U5@kb6G6SU_7YHO9Jo*$#2@q6Qx zA}*>QfNQX!6CnXoWtxyz#Jt&Gt%a7pqRKeq^}O318EV}_8tym4h@2-Z!u4Nzv>DU( z^O)EXG6s`2*TGctL0YfW`@tNw`?~5JrI{1cS+*=8vgVxVh6)2$najK?f*>UpsgMXN z0Z1yrxo$}Nv{6Dm&$c8k8nJr;AC4PJADsZI?prv%OzOf@?wMn1G7__KYO}4t!LwH& zYVcJhkv=?e^fi$V_CI)d>Hp>Gy|wXZ_z%gU(@cXGAq*Ysz1|ZiVb3iS2N^jlwYHO* z@>)&#hc?~z_H#CMLjw#>hTx@%6g&j6n+)~p0GQm+3AbyCm5xq0Q7_^2C#!nD&)n|c zBpkgj{_t)5t)Q%1-XPM5(wFpbvT~rROz9ZE5|3}$obnSzK#nN+C-_n!R#hZ|cx)`G zlW`qF_*f03o^kK3GnJbRp}A6MJux0`S^6vu0Yv$vW)YGzo@RJk+ujMoeXoG5RzC_E zjXTe{+U<_lTZuubZ4N`&KaXdtSE^@pKe7^bUCFBJyhjwOw4lA-Rv9G?DTIfr(3rXu5jXMX>M+2 z0OjKXw6dI`?yj1_UTQdJ-l*fd4NrqL()*B$qHeIMI4gtFHF@%v(gW<$q#9%R{U#=r z%dGxB zBxmhV%hl^I>mi->TUX0->xD^Ve=DP2Hb){Rvj~*IUPgA6)x9%oM;4zVcXLpdW7?~X zI?=Hi#rY`Dh6h|#SGJla_znUU59UOur-DB8W0`1YNY?+}&C14(1cqzlrEp-`%6(t% zn{37L6q>Qazi?Lmn-JNr;ap1H1-`CuD2a%^0khv~$G7MJ<0gi#LMqMNFZPkG%yy?n z{`y#@1u0if`30eig#{SX4~?u^9+S1=*Ulyn0a358zW`k)hcqg@SviR+X>n@%sZz#& zBcCV7eg}{FF#(d^2Wwc~^napXP7CiJOatG5lRMx#L>0_)QIl0oE|x8b;{W7-_RGU9 z!gZ_ZW-d??>VJ8FJv3)QGgtId05eCLh{Myhne$bUdP#8x>IxO5X}vOB^}xN&+<@=I zXVTc$TAOeweHD;Ygq@0OuKEeC={p{S3K{tt9j`k5wJub9PVuM#JEhGUfe&&%Lk|@_ zcRKkJu5{AGkws)j@AZG4fvu@$C8=L^IG(k2*{Ly3tTt3-9$tB@KhcS@M##cntuBQ1 z_mUpGZXc|!EX-YVZWf_r&{1Euqv4Y#79xU|+TJJr?`F{x!yCUX`;oVknbLgsec<;5 zH5qE-V;N@Bh5lDxQlnSJEC6)HlrhJH7ac`Ii&lB@g=oY>1|jN5!AbyFoc8H{>%2}} zA6GyIirz$`zdky`%iynxHxQ_?C9c585_Ek0FfED(@?x>EGfl@}((y7rw9thEz&Mnl zRC;vVSA8S-`9GRJ{k(u{x3cMlH!KqtC&9^t+j0blEQ_*Krsp*mzLSO1G-7+$8P0LD z?nq2#7(yq)!sfZNjuo3WJA~taI%6kw)!o^{lTz*6sh;Q?10wU-%hnBzTCNVQXdFC` ziqOicfJMMz5xRZd)jK?S^v%Cg|u{?hm&xnRZ!W{-iVEO6hmytOp}P+2nk;`z{DoM(`8XXTI-5 zbL(xN0>+-=)ujnE)nP7A#v541!6 `Gfx(v)MY|6Omh#QKBHp_nd*r?Aeb)B3ljh zjGW2q28(DoDnetR#+Q!oly~4&qekk)y%z9?QSmns*`N)GY~~kkPIW%&uxczoGKG}8 zw!-LIn5IA92a$DAqZY66Z`oh zIpeAGo%0Z4(;OMAa{LO$VXFSQf|~2Dw)#V|RfSWKdR$?f;}%e|Y?b3Mg7S8g-=4Kn5ZXAd=+wMLvUK|abytf|{T7jW7~FZhV4dRy^O?C^ zewaPq738+o=q!@(=u7ult2b5?aUp@s}U)%${0BHeZjh- zD38(xalmoVCHFHUC+BoWZ22FVJT#!(-7`RDZyt1A!Vm&sP}6pf)zP02HTIwVQg&j7 z%?|jT#JAr;qD9w@eDIyqf(IiMpKO!!#^DB+E(6nm{Z6f)yOHhhP8A#+5eAc`;KOyt z`-wZlc-Czs|AX?vF@NT{qLX{$5}biWxe!KF#$+@!FQBqWDqXfUE%0~Jg&`%0Td}sO z-BfoReMGT#$Ox@YL<;sp!VdmCEYpB@Z@RSmzN^orN~LQrAAXnbzDXk{{npQX_{6Yxzn?*t2%y$O0`a zze?$`D}|Ou>)7;c`pVI&iU{vUjrd)5(3)E1g)t|J8%Xxv0s*HJTwMXHN!b{Fq=<&c z_}2v9vksu&q`poc7TJI9kivU|)~r|~RrpEDo0v{VTe2G+=6hI)W*MT_Vw&35Mwfdj z@|31-oO1}%p_Jb2bB{4=Ks@7Jodi@WutB?(daRP7`F0lfV;a&-k?=z zMevqSTNTO4wb~7P#nrp+6b~~PnyU{QmTw@YiyFz3rx)EXQ0B^(LZcN^8=8%%UkX|_ zt1f>1dw-BX_Im>iz7Pp@6(&(RCj}he>%TwOq=M<`hIb1eG+;|5XsH70>TM}CjqB)0 zf8|HFXQfd{N!YYqe2aRSAL~Li5D;gdhQ>x8C{oLQ9Nfh;l2`tEoK=!*7+w5+I*iZJ z7A9l%D&daD1SRw$#Fnn2|-h%(6pxWXi7;}kQ=es!>`I+(!74s zQF^2G+V_*nkj4|@o67OQF&-sME^sIGUO~*w@+rId7;?1OQ7woH!CO~D%9d2!T&?Ft zfpeh#Xfz`8aw@VTDgI-wrMlU%1WQoOG-d{(u$<4E&P=Jv8c`>=BaENU9bEog(*bi4 zlRBrsADHu7{@drW;kJ4&j58gP&AXDNV=czJzCljM3>k`P-T@&Y%%yM9q+~b6rv}s3 zeK$;jPq->+CyU1f>x9AEm7i2p(9ACOP=<4wcl~l&N3&9R4$|j`Ar{LFBXcwbG+aOg z%YVdOi>5G`XB|0Hj~%mkWA}pefCf5qz6C3EtaQjRIvf$6EP`AV_;mntrMwOoGF~ej zKDMyjfTlRQ$(%p^7~XMNc(fg;BJ(ebNqj_J>hRY#%NB~*^w8R!DIx@$UwR${x}m%~ zb`d%h?lr}focws`8p=t)C4cL*2kGNr5CTMxu6D-{D(l2%l2JchK|B2Z*(YY=-}rRL zI2g=liDII3Y8wwNQLK$$pnXrGKv)g+NRl337U17a?Z|W${{HDq&w@xe{I(Ek7U!s5xI6Ns6V>L75~jOp$O~fOtr={0=mn~~(ncSe1=;VdHlDcrDM~XJXm|}Z z*%`PW7s2xc7_A{;7Kux#EvX_CQcGL|q88f9)Kh2EHr_H#zA3Ns5&~q&R7g&ZD$mJe zj;Q+nMqXLD36{VtY8jPrXgKvxxY3*LHC(F;hQ~i>RF5sUEQzD6PsjdYLu#NKLR5l( zCcwhc;iHG&HTa1bw$l#uqj9qiK)vb1Ogn8p_$p_ze(-3X`_7GD|gW1)A_tVKOk%^Az~jhAllZjL;6^3&;VVHLGm zRK9%{l+_vQc*hkiaMRzFm&!jqlOzCucuwtVb^NFtV(U12WLbKS=9NSDR6@U~(zMlvPOLu0hNk*)|HQI(~%-xsh)Zyzs2zxwxKGq+VJf1>_;iXOE-oHuJP% z)d%oK`;j!P-<8ORfZI1;x_Rq<@8aCpLRYBXUJ;mh?K)+*x$mBTZe~tZhqqwkp#Lw` zq1{bc=h<7qC3W288%mT(Hwma%kC(=+VCpJsDhH~XvUMr`2>z+ZAsp)ukzyxIquD}H zHmLBpQC93{C%g;BxOu~%q2nF0!(2h0z`*S#*X@OQKK}i_X=J0!@RGdo^NN2vrpoR- z(S+p3r&9d^0SQccardk0;Znn0YJ)7l5seh=56os;O_!UJZ#nPCIeI_b|8&rFePnY; z#*Jgy%agg*IfRMa%H-ZiEA>!v8Xv20mhFNMpxZ-U9Uem8_QD|N?gI+G^{ZVCb1F}( zF727Ctp&CiVq#(3_Yt?UIBa+N&KcDw_y`C>q zhrws4x-PHdW^T7fZHPt#Vbz{>1g4RouxPuiXi8%jU$cqew&UV+18Lj7N)$k^n|nG` zMLvv}#2CoZh6fD2Vk^lndHj2l!!d7wHp3O0;8CXnpp(G>mu7M!<;v1V*f;H) z8CRr-i<7XIsczA2W3h0I!79L9WT?vG;PE7?W&`gh1-6F9p37~=*hiYpwYK+c#rjQd z0V?1V!3I;W7MW;syc!HbeW2V8fe1iwYyv(hTEUJjLv*r=5HdEUtjo+x%4(6p<^*k; zaG(>Y!RBp|w$`I;Atk&3Jq;QBfbeAQZdARQG0rE#k(%)W=@^P%z%pWBppg<4%2e-D z5#di!jyPQAMsqJLk3Dv<*XlRXhiS<U1u+yO`Eytl6};%DY5<-zC2ER4rwvO$2`v9k#*8=fJPmq zohuSkbbV3j>}6oaCihGI8M+9S(v;N*FQTct939$1rO) ziZ(B@`+Nczwo}AuDEm!KZ#wJ5;U|@_2dC9(UaYQWP$is4qIh@UcgrL?^EfNg-u4o&qA*LBFQpfg3Qp%<>IgkUWy;V=Is6dW%DvF@rVqJ^kJCPLF4)p$3*IxIEHXHBlZ8;Se; zkzb1BMdVxY8b1g8*f{W`_|GM~4S4B)N%=05;wT z0;uBhH3flFSp@BW-!m&B#Up?i*g6U8%m@v+gC@JltP#KiMlx(1UZw9u&>h@_zvnu5sVK zI$H%inCoTyOn@~=_m&3@2fhPtot1>|anp@2mQX^{o5#Fh9lO5o6p>-{26LyJC-0zE zPiUa(xSDhi)!p9g1r)3in^bm+M^^n!!Ki|HvH*J3c9%@piH8_Q|v%6}s@fz#rjPC2wAp6wURnm;jOKXm|?`$hTh&5$2|B+J3 zZcNU_wn4|sIzPR{agv`tm~X8Zg=zU*=sVY$ZS~2B&vK0!&3T@9>n8nh1O{Py;5ltZ zp}MT5m1Fh-+2g;Xuu+L8V+bee;E|%YwU>G^w!Uyvn}jG5HgOB{&vCwVL~KGjJg1{F ziACd_dW%H?pC2ZBs5>z#tqou)_;`X*y%H?*S2e-Ox3OwrTn^7AzVx2Uh-iU{$ao(7 z#A!(PiMD?u$T18KGX?=n{E$~W`B?4f;g}|%wA&N1=!VqV`Ykaw_^qYuAp(bBiCBYA)C7Htmv(7sV@2d#KVzGTsyDryr*?~SaNUH9IuiK?~*4uLP9tauqM89N07O9l{X zrN6)bTrmkSEMDMUO}O~9vT8;J_`?l$qJ2rHcv>*dByzH#DT)=hVV|wXzgpr2%LsLX z^MFdaECuIAOMH`~kWSpgj*hVEu1`c7U~y&H{(gLt2K?wc*>*O#zE4N#iKa zp4ggb{immux^hXb2wgJ{CqSm+8i?K5B$Uz=gQF9+v20#dk5!~~q&G)pzj~As;7dZu z@%dqTkwK`?O!%cV*9=%FRpEpRtHLY7VXNdRPrC;uF_b^G0Tf*Fe9Th6PDjxR}EYNzxhZ`(3sp6Rjf6h{G8a`Eoi9c+f{9LTr>*?;V)_Bc@ zNs&(H99lyyc7EyC88m1Y6%~T)n(87VeIR-u zLiBpDv7#x0KDhR*X8!iwL3fhln*;OOfMi0w1$hnuodp@D(F)ruS1n+D+O@@KTGcbn zaAm9-4*T?r;MgzwBOdXIURcraz=I)oBeslS_TTng{}C@k~5tO}cwRAPt)8*FUV zDH9nCgU*8U=sA#*Th|&-WCc0lQCmujmzT5nuep1K)lIl5*H*x^3)bM>n+H;@Y1GKw z86$c;p;?;Pu^v3i!ZmAx8r7=|0!JHB`0!s_rm}LppM@^U9AtQ{yxrb5x(HtmN&5my z6gq*ZDbwDE{4Zw~WA%;kQBOswjbCkJ-jKGVND31=sqD@QCSs3gzSDs|`AbTkD_3%1snG1;-#*@i?LZ@!H|vCFMC5J|vRYdsJ7U;S!yoW^T| zc{T-Z=K#N`Q%^@)T*WrZ5Bd!%Ha4z+qvdIiGE#%7Wgb@s%`*`bDi!+4l2Mp+$t;S) zI=h-)3}=OJ(N;Q6%swATutqVPs$`;i7yByVXJa>@@7e~dB_)8Ch^7XC^VE=phK8SB z3Cvheqvj&`Y4J`^1#sSvHN_?ha~8b3(z3QX^D?0Knkuw|*}Polx(y?_Xq*ye?R8SevpN;yYBace<8cUD-E z_F~j3P04co^>=xBx5~egct)Mub$nkw9c{Mr2+cZ%GJB&=ANs!2Q2W6>H$DCdQBeNr zb#c(dHWWuQ<`XrUcm5EmMA<@aM8yc#mGEU}>63=O?6=%|m(rQq6b1pi0cNWv@d~Wk zwtg*MD-Gv@XA~>hj^w^I=n$Z5J|^1Wk2*pmA%3BPs}7;`A}P90!UPG;&+T$;Fy~4$ z*M}u_xdSJMhVF;|x1cfjx1jl$D8>4z&429Ar{$S@%b1(?DH*k#WCpP#VI|6@a-Yq0 zAr7G({5Dsujco(ehv65&s9|&O~jE<$wWx& zOPqMZ$MY?Av-k|A@q`>46mFDfNe52^cnSkTx4btj4)rCxfucg0S~T;@iV@8i?;c8> zBKiW<4(V&rR~~W-CV*E$xNlj1DF+$(Ip}+cJR9O0lb9&JqB{^X;}|cbI5`vUK!2~4 za58o>@qe9=B0uD?x}9BfSWj6Q#k`k2!#huhE^80|%ph4Xi*lAzOk>m+;)h8`gx0TQ zD3aP9 zy|@r<>L6dpdj`I5n0&_gjpuZ$%Bn!;i^Qz6q^{YNq=w}yTniN znwQTi9itAEG>5;-pmuN~(C_R;rZE$KUl0x(HC&$V!(9-Y;aCPy_r_)6B+rhesja+hw- z9k!K%jhWl;T0bC0_!JX{UB60bO1>C1gP>%3KpSDU@45dS>g%EZ_GB(Dv_)$9)x+US zKk*Hac7+lOW|?yM8iib&rb_xT>_+%*JEAMR>ylxtU&ZD+V@<2?u$F}{b>&}>X&KUhhKXJ%+|*`yyzigT}GCOF?2l{G5(P0u}ejI2YIh8DcjruS6jieibZ zFtZBU2^MH@*K+`5reXuwNZT}MjCtOF2IO%oJ$5?yY#?epYogzl$~RB%!syd#OH3cupv*14|fLxr}=Cc5ak!fFaq8okR{bdsPBO@gZf54qVG>=2ECW z=w=Pj{%5Gpdy`E0iqLPXiXMTa@HE=KNblqw-~BgNdPn;I{g`gnG>%!5o`D)`1OvQQ zjm$djrhwHMG&O=lf7WG&xZnp^P3`|c@jC?*Rmeu` zZaDCcyirJf=Ni9(`(_vWBxj4}__z}Z&kiRsNffW1lwjo$DmPY>AvG%D4B?PdO+%iY zmqf1YiS+Vlwv%NEcsa^EOo`#|cJu()%>cwRcvDfCH$7z>&D|U8|FV9TM9!hJj!ZJ2t@JnH_FDO$)R9n&brNKh4XI}l}c6UAF~H#050n? zGES!KGLEeR?b)qPKjZFsbXLq-`|7Bp9DpAX9))JQdkvk@T|`YqR)A)XjtnrN|MyV*I#{KWgu zjFkF&t!jhhbZF-w3KL9A^x@VEaBSkN+$Up18?mZyex^o1?@Gz6VJv9MWAgfej2Q20 ztgV!y2)C5e-l-^ao8&syaoFfgDJeG4z$KEO0^Od!R@!Jda1-Q?_JFt}6Q1}P%9X?h z9ctL)B%{e&-VVt(r2hd)i~ zKxv-Rbj)ntEIMPm{%xezDhZj=NqAeo=-m5%<*+9U&%c{4k- zkrZF#*-^Cc+TjMq7TUnUg9o9`kj5i12H6lb$0MLa_q4)-9aw9$0Wo(=&s+Ai{m2)6 z=?t@`N@I3^+~L+}G)#YN{dM<7iBlc(6QP*XDS}HxzM>iuR4Nj>qP0pHlG|nqSrhnk zrcOgJfxC=n$_>XH9v&7{5H%5D6KgNtqM6we(Ii zlYn2Tj`U33wqt<{1o_g5if4-5S?>JWjR@?1d?nZR{Z~#9i`vfg_|66fpxFWu-ugS7S*+9q_V@R1g#=S(&xoMt~pkLZ!y4`!Kc&6#Hv0E z`t&sBT0$NT`D9*;s&Py3x-wQ}k>GH^RLWu}7i6QYb;q+vu@V@6{^c0U>~88_JHEQh zTfX}Z+3q(7o?~~TEmcN6ALY)eT$qdCr`OFuOGbu92w7L+pfgtbtbs+bN~5P4E)Oj|4r5yx zWH1ii7ukS&MBa@Ce;q8{s>i8K>8I(egGI^4oF>MQZlzM|X!a97BfTDgdM!=PbCrpU z+Na3&{+<`|K= zZ0(mmTUtXa&0YDiu{U$48dPwzZOTf|8i|(@@Ty7>H`vI2)lS0r{!zxDsTr`dEavAJ zaDdXHO+Ct!|4(zXfq20!rW^+5UoISf{qo6n-W3|cv)f%-5Ad6}9=a|I!fCQgts9}a zZ^nBA%xG+mVVHYlA^m^tzQ8}cj1&F~w-9FXx-ag79XnZ_TevnW9zse=F|^O|G>7nY zVvH;n_qJLLrxJo6R-yp&wZ=}({Xa%-#~-qneuE>rKs`2|<~h6NXvYVU-Dqu16Kkw| z&Mw>0m&4S!2cfF^ycnMyab3TquPSQX6w)#Fu~jyelZjeaO@?V7v#6*3feezB)*FT3 z7nsh11wffUnG!>UinqXb>Cl6huUM+`jL$pD-t@qAh*nG%q7clSJw65w z#bNAhC7-;E(uutXdCl(3mF%>vIbXBFL-nY^tm^&NllQ^1IOQ(XBv!EXtT7V8S6mV* zSS{48G_4B;kCzR|I3-(KKBBkeRQoMl`GM$;q8x;~IY16BDV4cz)%m`h%!}~12OV7kE+>db z&Ml$=+KJ2UpQJSAb05>zHh@T`lA=IIMbZy-?ko9~spZ*Biq|VfsL>Bqe6Mu1$-&44 zCFO`f^Erz6V*aKSoiYwBAiEx#W0JLo&pvCU_PSno_zO9~sUN4`9?NsY9_P^=tN7M?7mzM`~9mTtt+ zEG#!iOsI2LDE<|i?BTvM(Ua6LyM)~vx2v{He>F*_c#H=)Oz6KK4h>L{Rx~-*S5(26 z8Wiykg^b&?onhqGvg3F?gH34?go1&SQ*Dsz=pZd_mu5V}1Q|)#^@TE&EV~tUURukb-%qwiQbQWOq)yiRrRC z{xR2-;r{OaMiy3lEWym0-=^HgQ73|CevQw8zR=I}Zqv7~uEUE+3S-7IrsloR!UE!$ z(juBwng*t$0Z3vxU2z8W7%W?u05 zYI$D7`I{H6_7`H#E|$^vn4>U!Q43$J+ykM>1aW2dqN8LaY7)H-!e7sLjX1XUr_J@$ zw?!tL-kG{B7vPZi=4mzp4WV3Z@!+#5m{WC^I?v8OYCKjW^3NUig2nl$`9!Jeqvf-q zbBBxU-ZUg+4^7{o`igg*JI;pHC$ARgk!nO3AlzdOKl&#a@0&wqrWad+zxyjA8Da+0 z7mJgafYi`FJZ5fUVM=)HK6$QplUcKb_YXYw9URtCP?L9l(J4RI7p8@J<33(eJ*1p~ zGXA#B9ad1@z z37S6!faHeiqwXvlS+x?stX#YqM&PqKn7R6YUCP*%yYn!<{>_pln#8ayyWv(?QNkCd z+z@x^cn@ol$Ch)^|H)vF6jxG__iHWBnXX~V;mk%m$)i6gD1|WR6tW=5XG5Ae0AuHm z*z4Spm9wE~Zr;CXUWTDui@(!=JS(^yIo0SYsi>h(lQaWAYWAH{Ap^n3_k$nCP4}o~ zpbK(fc4q30%?dS6CdkgmPhlaODv>5ijb%@&^*H7V(-XTZttMi6t=PX*VXTx#cNR9x zBD!J#S{~*e1q}|Hc?nY{wUVaILS&xY97;_ojq-7!Y0lJQW&(-@VdQ{dJpsXniK;*^ z>08G}LNdM`N3Df)5F8di+_pWu7U|#TDD#zhnet#)@L9NG_hr0fRMGB?dwYK1QL^Zl zyV6Qqu3IQ?6?Be%#%m>j>HT&{Yi=-Ly2NtLNJ4SA;`J9#1Ff2w3b2zjyDDEZ7_NkB zgI4tU29kx_y8D12$@_1l6Fh2qiY%31yzpRMGLIB#ZO~@-Zd`h|Zr547A2|C)D--q5 zcf5_EwlgG$dV~2<9*{`b!^6kab#mqN*k@;5#qn|h~FMAiKYRQ9RbM9?h zhO_e(5#`Bw-}po2H~(_iu_~7T^J{FV)Ss>hTbRs|GfIcUP;h`NqLHIU@K^a-Gq7iJ zh{;jTI$T7GtEsZ*y@1Luw{Thx^Sd_7I6|KZ)rT$2YlF8-{$&Em9t=W}&2?7`xL+aR zCTkSLAfTs+G48$Y!|Ku4KwLCWTG7P z*+ynxsIl;@}iy@P$;L~Z^_@;`Cj-l@Z-ltoSEBfZ#`}ihU>3=pMpbT*Xn(W4Q zP8Y9IA{Dx{5C29Nw2HSbbq@Wd@Dd)z$`@6x@(nk)VIQ2wyi8BIqF~xlLP)tHo6&)wEn|Y6lZTUKv!R&!U5Z~Fy+wGeY*9ae-#&~a6Ji!)!IMjPl$d;)v5bD~ZPFJjKHkgu&Sc@%Qv9Mx3!uNFLeD}$T|Zwm?EFyQ(T35uJm8s@1}esJ!r zk&pwI6UjQ#kr_1b%XQo|(zl#8=tBLPA0{q5Y_{KOyQBtLaFVvDR}AT)En|Y-0XMzr zQb1|NX8p3cLDFU=RDW+5{ST9|sm>bxOLqkc!kgG&&eS0P_RMUKAVXSOJw*ec7`i zMe}d;5B~dp!o$LIbMoD?g%Gv4!FQB2Ye0@5k(pZ6H&$fT__mPfZYfcdTQ zlMacSlIni_iI3*(q{Z8N;2pxB0(GR%B!{g6?N0Yrew{v}Gz=TJ5#@h7 z>S>F9sk-}{o{WAkg{kxyV}Ax20c&@7_rpYIeU`+HVsP zDS{o8`gEav%=J72_Z2cuy1b_46lkuaKyUpPKlo6*`Zx4uRCt4(Ry;*;QIJo^*h`bR z3l)48rr=vI)iSOjJkzi*hi*Gce=+u-jIB3e-=iKVqhtq&r|B2Yj61*ua8J=pw2rD@ zX^OrpGkrc${6^`#(5!*dH0B!ettylxj3YE4+=hrcb-g2M+av$h>g(9_Qr~_;1H*(5o8VLH4^<)H zugJ{hrYmB)zGlGJk9Re2c6WR@U!$1|G_2@jFOBtI0~zywR^T)*n&ytH7wIo7%e)zT zd-2n=Y<(T|dI-Pz$@<)lNO=kUWbx4$vDxM zSv%_+EqE&D^&&HH41f4Mpo*{F?^on_jFv0tQN{{XTmF!CXn$J4>27=2tD{peaC>gJ z*Zgh);Jezc`o?}cCqx;%)leF* zicW)VhtI5IqkEPN{H3sJ7n~myh>2BK>4$31mac3YngY8}mUWfuQ@qmxuP+a!AxWOr zyt}b?CU<7(J59k~ncu$bcj^rOt9QM+@@WooSPCm0m$L|gd>-;~Vb$#1_jM(2sAEKD zeS+(w;4YI$Q5hO?Z+lLZy;_`_B^|-6Yt5vUgDD50z@-_L^X=!v~7){wjf1Xw6#D0+umb=;a@Ca`)wMyk_`cic3I2YEtYO}aQBPB2c+Z6XA(v+rHN@KF)etL?dbFXx z0lxPpz1q3aPStuC99b;#e#D~_5X+24a!TKc>E^c10963R5Kbc25 zwQiI71gwQ9I18m+)q14YRlGaT+r+ke8;f?Su&V&2CrfrRS84yYB-(7J&^nLJl%d`{ zZ=iA4Wtoanj_O0pyBxmUX`0Dsi%5S@?|71+rU~wbXOCBU$|H0aD^H@D zGPZx_hkEv7PgCyWU{h5T}qQ zVD7@P(+X)SCMg>KbZa+RwjZBKhk3j?1?2R42@1!PoifI1G?bxN7F1LQ&2^T>tBpGf zV&wP8Eb8k{7SNlLj#P!`G0m>n+^7?5tQnL@u5|jzFDt?ndjU7yfp>`QI_Ro~8BB^tGp<>s zdHI?u9Y7{aeeUV*LrcaV1Ktawe73U6JTcb`PUWw=4Kw*RlFz=sL2iC^g}=_3WN% zPQ&-Dj8~!-GwF3M&Fq*6i2u^?bA>BxI29lO4uouH1Wom-?zM|{zfs8B%ut(K0zOI< zGk-kp^53Vx{O?nEIN$lSR9L^2WM}HT$S)ac?#OB37@Uuf+M{qNXIGM%67=wQdIw~l zHFv~NFchd%QUnh)r7Oml)(-H86q#Cs`Qxeb-%vKPmH90?jusXxznw5smtHT3C!yk= zh$qa3Iopug&%mo^g+Xgi>kRX6$Z(Cy+fHF3Tbd4^pcWfNU{(RU?{a%6VdYSn;iY?T{e>Vyx`_m1e zkVh!iMq2O0G53|bE|lEZK(TFe-@3E;8iV-3X403jT$rbDQY~M$A9%T)I{0UY^Di&0z1py#tdzkE3}N5qlfA+b3sH`5f0AwVm=8~ zuknzRZdr^Er`#;gu?E89uxiuHJL%TbveZGTI}796vFeOo-HwV_te1yMK6oBS(4{e; zee_^Bvp>KRwY}1I5`BeB<;teEJCL|advC0o*`(&YL$>n2PW9V=o$AHL14pa-LN&CR zJORC4Tn%#fCF(0wjqW}BnhHZv7X(IiFiz815_3IrWR{*cKG^=iZj$){@Hc4;VG9-W zb>^r!hI4Kg1#{Enrf1G%DmD0AMO6(Xu7%CeP6UUk^@jm&U>?JNdR$v6@T&x~c%7Vm zd$^_h^f!s{+KZba8qdK@3#Nz{0XTM6N6eb>M^Nr%c9Ezz3fzPplUYR`nns|SnWQNh z9$)R3W!0hQ&{)cLu@1hb5Dgu(%h^YeIqZP zkO`cwk}EvqD(m@5k!td7q*S$gUIPK;*;`v{k=G$pz5}tLYo>rCld5e94*15VQWJ`|&x^7Ns99qq}KwiNPF`>Akha5PJCWIbEy#+;$dr6vJ`be-b_ZB&FNijp^W* zJDgZ?o1md@7adS*bUp0r7Wq7*vn)t$;i~0%^+-^b|9*eQpwvwU0PBn5Yp=eEz`qLq zWu8<$(qJ#^615{g5?TqobG%y^Gv_lA`CAI;y6T+!+T4)Q&u^erHY$gJd<_L>8J=V@gy+O1=)VadYOuMe40VJ-~=Zn2~3%r|sSP}yz zX~70jPbZQ3Ew=cBPqUPILpcn^j_9khSc27NB52SQz%gH$csLm?cJ#FRG7! zdiq$kEpuFKqi14jXgB%z6JDKt?)}Du+M$}A%TfCug;|e;8eRpQGd@LtX~G2^yEyx> zL9-FFRn%DabI#uLL21CtU3FUOTR6E4@Ejl#_R}7xZ znxpcubE)$@6M`vOt)E(pY*-LCe`~Aj7t-qLYxjMi_1E*&0Z__o zLWN=-cJ$fDLxo#|OtTNX=-*#lL;IqyG5c<8MoseTU14%a1W?z}>@km4^3)7{axZMl#;4sZT8UH~9>z$)2?!}?${$NCEPALsA2yx$tW1l7DG^02LE>PYve6nKN6olrM0)%T?k z__|O;b8?Pr@23V~5O!Wx6^_6>$7PX}dl9j8$ zXyut=V8uSWst+O}s|TM(NJfehZZkfxsC#G9B~a*T^N`66Ra1=lPK4%y9%xx z{(}juAGy7)rtB!AxE%^$hjnAipH$sWyM=(EQ?1t71H_?89J{{@7HN`pK^f40Yi2yR ziH*YI6IH;nC!q_@E;F+}JJ2ZpS4{2jt{|^Nf9ccDhH1zBzkctGu}F0TrB6%lN=Mjk z|9)Jj4D`#q8)R?672R6j?_SER-~3hIWi_##y@H+|{!4oZ#$plQ>=27zg5)sh%e~(; zrgIJQ+x!XXV*d#eb$)o!a?0}Jl=P1V(v7dJ&z~`E0ayXMnUM#dlRh5R0qei?izeec!q@tdB?%hn1vE680D7ONa` z@d!j1C1r@!$;XT%UeYdlnVu=;fy~?0o^{cCpYWT{8%@s?A;3M0pMj$dB)|Lyo+Y2-Vi7V}=8h>=y)=B- zsx@@o#+bfIX6D1wlMsNFssMcU>nV9&)SMzH^V%@bglYBATBXgf9N;L+mLZ;S_Xi95bRi1rJ8-IUnp&?*HnO2Aqeo!_2(#JdM(3LZM?QWwx=0B_CRuckH6X5HOJnO6wYnn- z4~>!CgtA;&{7&O83qRb=cVDIi;80*^oyzBenaWpMGAb>%?SZ-XstXetpIKnIMLXo-gXM+RV-KKpeCl_3Jn7 z@ECrT@bug@v{l1#)vfhy`ZD&`Vo137{#y8#Gq-=mF?Noa(tKmQ5HRh^I;CA#-al_P zUH3@CzY6Ox1+*{84WEZqFFXr!M`90B+q?^(%|9YHHVYSd3I^&@%QzmwHb=LLAIJKC zVVN5j;c0S9I?WwA3jyQp-vcWp=h~{?s2qw>Kja->{jYSD`B%DTKXA%35-frMX}y={ z=HL{xOL1&ta{3-yHFYYF@#UalPB*#54|nk>)D#~xJX4PJF<1#)!${v4zDv<<(RyOC z)Upbz$Ubh_k5ey+Rfkj)ok_8eVWV~vY+Kap_Ft5xhx zm4o9-2n%ru10I|qB>SXcYEqk>{G&c0jhn2%XScCbb4f-{wHj${C?s&Qrnl);G-xI`pIPXUaOo&8w+Y&KqW?^4aw~UL&#P&&Qo8!$<6x zdjh9gp4GmNncc@y!#g)9`H6mQDMw75N&4orxxvu#VWUsrS;qC(I*eBkFdcOrd9ytS z){pI@yqHgVsp`ofJF~j}LHe%OytDOo*BvzW_9nIN=E5*NMge^Txn)r>KbPM#@!38+ z5V>gsFzbR&->!dH=(>Ee*~fl~={$}A!N?mF!0rzE>^aK{DgSXAH$ zYIK0%3kXb+hI*%QG0aD0vnKd`l_UG}Oykw7;y>SMO06UB(n*<6iFr+IOMwVOTkdSG z$1$wsP(>G~2wePOxx@(?0u188yAJY!z6J%!=N_8y_=z$X})g|e)8Ehi77fN(r&w)~I^k&Uau&y+B`Ld<@} zJuLQ!amFw8q%`zR%6^YPDK4)X+O)9yESTo`BxpHgu&u7 zZ>wnc6n>A9T6C#qB{O09_u&&lp`-h8bDH^lVCk(8T&Qv(FU#{}dpdepQv(S5cWN%> zcjI*%o%cPOZga6mq9O8&vkSI5?XF2hT`%JI;I=+az)p>r6SRDeiiQu1azW}#c2ZOQ z%sFy~kH)?A7jBvu*_rRC55%Qkd6ejy>p3HDDMeDA`~T^?`c{OUAdSgh@j{SfY=*+O z6Wsza3W3uhUKRKJuju{qFh_va;WF5{|Jj<;aNOMuu;iD!irrDIlg0On>;wYGb^@ik zORP@w;2D(h8*Xyb6fWB!sm&R;ih@Q8_w1Kw2iBj^`-6N6 zFH*akc>SL8ALU|W!~4R@a9{dm=ie`$!f~GaXdIK(J7rjd&@G@g}5p9$>EzC90Ba8OemZ* zO91M^eP*W5o`#M|yZQA;p`dlO(J=xxp5)OUlMs11RrC=%IdRhV9-n{xn{Kk^Xzboe zJ#}YBy7;SbY}o1RQcR0(X5e>ILzMrogB1wM46}Z9vFXLXiM)ODME7rU9C_e=^<183 z9-s?Z_SNZ28EWT3$~n+@yWdUMcdYhAqd#NyTXw*%S4O@04GJTWNYU7fy&KO{^4fh@ zy|1*TPbZvIPP^$Vqq2R9n6*^0^ThxDrvdoT<5iExbD;THZ#YC`Ptp0(54_;8FK)K= zNp@s-d|+gBNC|~Y$gCPta`5?UI&0g;4I~{hTAVh+!dG8IsQDmS7wZoiCAK?zIK7CM zUR3<#P2r4h()}|Mbb7BzRsC-Pcmhr>J~1l6c5QClm!5Y2hH0&UP>eSsJp-405>gv_ z=`4iJSAjhJ$~qBkB*) z_Vl{kUOBRqK$%`NSI?iPHEdJ>QEg8i4f^5jiz9TKWGET3^XH2^O`BOU9{A48kWZEW zxhyLuCC}Lo#CS9DX@jo%6;2$Xj(-2Serbw+wI#5Evy-tCG<=ogGa^2>{Y7@S6>^rY zz*j^Wv;)72W50@ke4I^5NK23m9H}2ZWDgoFkh{+tVg%MkJVXHH(axoqsMjwum$yFy zy3hwh9~yS$P$s3A4p-xjt?i*P-GHEls|n)spk{ROcIsq_l*zE0vpIU><1u64K74Uj znPn5$MFBHS4T;6}5h?Ll$@2ys7@7Ze)1z%i!@EJt^kGO>N@ZFo_n+&Uaie%W8>Qox z3#tt9;ZLWFuTM!$6gluz&w9vk1E}@*u!M4>?LOLgbsQ$J_1U)I@09^II%+(%yY$tR z;AEnO&X){28XNb(!>B=z#CxK{>(D>fuH&wn0aDZX;9-Oq{?0CD~R^1QDLFVii z%u`fvdF5Kn6%KUat`O1@i#X38v^hyqJb4@h&a8T4w_azGdh*3CDY z5I|4fm$$}ly=jCI%b(0&RZbI|zIlWR(EG3A zV5q)jhkWeU<)0>oqB{GUTRbwCQ3a5TPv(^Cl+^wZd(uo<@v;(DS8To5)Rmr$H3>-K z*?vt;T4nY>V!$6yiqkvPFplGtHW5}^{gXKx2VmBw<#Gui{sG=%KJNIDogz<8sFRvcd zoUws%B;>{>yzBVQ8b$s9G5N>gi;8ZW8u-5U!bP=4bDfvX_fvg(xR(*Ru2v3$wXHV5 zHY26Esz~btFCU55W5V7zbd2;d(BuMIE^0O9eq6RzZEaGj2&4R z@V80LCLRmRcnfZlKRta#B#qBEo)I?h; z<%REZ?8G)lKEE<0{h$?Me569tXzgBOTE=c1j+4-$%K_nKAVAb2B<M&K(RAED8l>rCAJn}j4X@%+ZoNLpT#u+n6Z^_ZE64tqGK~FzP>L$R! zVmxlLNC*73+o=4;(P!-{WbbD}w^ruLX_v;IN^P?*XXqN23Rvd{~SVirw07+B<0e(XWAp*N@EVs#Mbd#7~8QK)Wx z5Cy;2q)-(6NzHZ3p}*!FLZ7S2(vLSd!B+jv{Y)}_c$1SoI8IHK(r%d+CMEeHG$h(N zHb4K>j2)YD%Mv)Ooq&)l5@^6XrDhil+ZOWsMBHIAYnBBNt)sBt1NpFn4u1Nd3i}Bl zO>XX(^WzDQjUyVa?=ODc=tTS5_7r1zfVK&~U>U7|@eJ%tifMJP34&Qhg=fk5nl^9M zNeUw$SfweYJP&g8>N+W?c)C>aZi1eG8fOT9mfNYF?jr6`KwFhb|BrVXKFt@qe0tj1rciC?IJJCp zrh1 zju)U09%t~C6~L)j${W=(o(#u%@8n;IIiw*_S{Gp!wFqQzGA9aE%bly_k0wxsHa@EJ z%x~!eDf^d%#J0B3jHu4k|!t6({=-@H2WQJzWRSR z9X`ps+r@!dtDZv9znl)#>YuMlKDW|@AFN;m))OvT>M*)Nx|l5cnuYHS(7pHp`7~@g zTHW|j|AkNFzcV43cKxSz6EOPBXiP;lQC1n(auQ|~$)g%=5iJ1zt{jW#lfgmK_>wb- zy?a-DSCDrP5>*#g-a$mej$NH2n@hnn9QLpngVtKbQnR^Yh6o~EeNW-Gbi*_%+)thV zqvn zd3MYTEB?NM@tm7Y_;Ti?_ljdjEj(p`+A2#`3QXx zJVVdGB&1V~{2nI{o7v@hZljR{f0YI-Q0Bd@g(0CYb6hOWTUK;x6HV1Nn&v7+y<8t_ zG#h>zxj{YSZ5qZ4O8xI0z7RE9Ck|J@>k&x%%4KhgwR-{=U0yDJU(8)ZHkl~2W{XE* zQ^rZ#o;CIvwvbs=@NFspP?`YM`exaul`KZFK{r@uSNSA|P*RkQLRO$DAd~&T#y{d# zF5CmDRaRauqM}UkFdW*i{w_7nD9F~+Nx((_dk{~ z57?}oh2Gq(i#chMc})qk8{NJBTs628rARe-?QmdoOfP5KQvKSxif{_Zmh9**gU6!g zILxjTvHzard&HrJv%CKEPgqM1mn}pMPnH>|$iKV^%Ty-Up7) zG(MIJrT*jSd?<-S;#>^`Lv~y-gCvw}bgA=`2XB|%-6OZiz1T}(goBgK-DZUHGp!vK zA{5T8Ry~w)owo>RrIV`*bq`$ zu?%K1j?b@nM(`E7Jc5h%2GMxTMam}L17q)Jt9O5y1{TTab~5g-Tih<`bUB#Hot^Ys zv*7KfD!#vA1+_nmbxVNc3Zd6UmA>sOL+Rt`$>IppxlNud7tAjlryP)L6V_iR^a)S4 z#k@5bKP|LAXq05B*j%;?_#tT#7>TaAd%?coNV(lR1wHN^S3E)oilNQ=k|aU~r_5}pmOX-$;~9l% zjT}DK>ez})N7ELGbEQzFP>ynUJA&Xtxe~hvr6VyUlU6uRSy$Oc($I@{_+O2>iJS7) zA7eXR9cir1&9Fs-6hl!lPKhmsIua{Nm(@2wA@|b*Yp52awTw;r7V6ewell)^nj{rp?LC_!pQjeC z-HuWy|8_d1^nEkH@)SZR$Vzepl@SCsHS`V#Zzt9^E1&UiznRGWCbM%yO^$bE+owSq z$Fg-1oC$i}{bfzpBMUleGqZrh?$?qxLNWtRlCsG;cPPzr`CWi7<%5t7EPy`B0;{nHtfE5Ue7DaVX0#nAX@dIRxOfxz0KyL zdRXsp)TWlrolD#`7g@U1(cXN7iLLhNIX?i(nSi3q>y@%}z==Z%pCc7%_Hj>h|ln%M0Om*TlcDPBrJ+9DVjneWUnm*$?#C*Xc%F`?H%vBs*o) zXypBn2XYSd*N1?|s9Es_;j`D&HQr9)UshRR3UEiqX)Q& z7v*##eozA2O)4mrS@_EwkCZLr%#DGC&%X{e=AGC-yoZyprQ6AmnO^kb5sts$^H(QS znw)%NeK5{JZdi8&$CV%>)0km*6KzBc%q{fQjG#5krFt5fEiR_*#H_6Rt?HXTT-(OR zm69;)40Uf(UgcyCYBD6dNZX(%ICS_U9Te4&naBvb9Uo2>-tE6R(DJDTe0vY$P<GpEVY#le zu3WTmxd0=yzXba$IfET415{zM%TMQ?^zVhD;r{~5wFytz(!BH27E3RpA22bv`o7X> z9SX*(b_|E9(a|v^mr`DefXJRl&W_C>DALdFpv2&!D9X*FvIlod)PO++wxvcYD9?B> ztc)nHu#$CSqH${HIG!56tog17ny)|Fg)Dm=8a{?9hVU; zD$}!fK6IxtH-4xtZYr9#dB}j{Wl81Ub&rg>?Ir3R9M_^mQR{dLPPM>&pEar%}b;~ zh&Z59Wyad<)5CWjJ%itp+`@}I$PZKZ!huDaeow5)~{nl}AHGM~$C27Sew1b^@Gd%qfFaWh;KV$A&HNkxNn?RMt@ z$9Lw`Gj);oWC;pqzOv>=Cz;^~Xk*2j!L4}uxmDnN_*Fr%O5}R?b{@K1@TycDK6o7L z8M@hK7IX;k^8VV33I0wCXuVYTCn#iN-sG~1PSdJ-t*Um4(Xt^Ss!l)Li`grq@)Xl0 z*hkEHv2%lh@g_~R_b??-0PG>Uv%GE))NF=nYQdY!ecC?=KE}Y?UDe@_<5J^r7X`Io zI3mp7CmQLr9D6KRJgg)-NINKkf-5fzOk-%N@ik_My$bgl`La)CNk1iMl&YF|>b@8x zaT~a>3VuiAA{it`7^?}Rh`aV8w(9|D%w0AJX?Vza=87i`YKHgcrI`^hmOf^gjCxuI zYlvtyx@lJ5{Zhg>eHAS@J*QBj0+=6?p?2>~K>{Q!8Z-&*!KEHrjW%jRNYQ+jjuQ*8 z*~C%dHk(m95U@R?+LYsTOX z2Mum=W@rqOtw8L%d+QN&1vq`69f4o*`myle-|-QN19?ZFKe@q^`e$?P^z!cf_%+nS#)YtvN9l8{T%@%Ul%^ivdKk1&;Eg*U%YBG<-NW9DN?M zkZ4L1OsBb(D+qIkuVV7$SJF2|)fRDLW*S0;NS43G5|wNAE{u>^SkBz8w0810c~y?! z*Q&ecc-4nkKFn74U13?Dijw~gvv{%atogD^sSMl9$TYLgy+K**%P}Qrd3}~Qv_rIP z4j7c=<(vraUBr*wnUed~DzbcS{^P)N=$!p*UI?Nmmb}FM6A;&dyo1nR;NDvrs;V&; zH2ADdpCUlekyh^0h3D0`p<%Vz7`JCdkqmORO^1ww-yC-xag}K->LDaz!FngScvjr) zy^|X?kjDh-qW!nv&uqGYH9N9hv3g}a5mf0f@$UNryjVkx@OQD1@E0tvCb5P1i59=x zDh!MW+MErG@unq-OVo=dKDzw?IOF4{+**yy$kye8UqC&EVg_XQgqVGUBeEB>b8pSB{0Lso?d|Bd0=jdZq$> z`1A{VhzyNE(k5LXomuW(QEdgMvlP*sCa;c!VLb+%g!AWK`G?DT7jAA>$ER4N6y$Ti zW+>G}e*vxef%~@R^l;J{BVlk^kJQ zl(&5%OWKS%<1HLoI1shVH*I~%LL~Cg0RRba_yuvooN$%emX3~`>~tQTKrNqC`}EK% zYaV*;&nNHF(L1#0n!^H>DWI)y@N~9<3swdrI7Fjdr}@!PZWZBmQ^i1>x+X%XD+j}a z1~n{F;>##~6S>D)Nr9t{vkvcu_Db;ixaSb&^0i;8ncdJz@DltpVPlrZ4Nii;*e%GE zPf3&a_3bVIXHUO?URP-U_GhK@<5uYR(EM5k*{;$BqvhQ<@^V(`rGfhYaDJ8lUJP#4 zh{URF*7I>!w#RSSS0{E~?k@XSs76Vro4V{Z2Qz0Qqcjgi+~ma#4ZG6#`UVjY>7-zt z+aB6DabN!N?vE{<+(uTSgEc6WvLQZ25IrZj@)yAX)psxF2VxAQ4e~7T zSCX7g?i~X{K(kBET<}#*&9J?ttdG1}B!?TT)HAa<7Apwz0i{2zPg?}yc&mx|z<<*h z;Hk*yw>#0sEywbOV>~#o6rlMF#yv1}DzUXY2ZuC^mm4`GNYVXp9%-i$_eab_hputQ zCwn&ZX-6F6vxy7d(ot34`I2dMzfhkMHSV?e$z+08Wt7PG)F-=g1?k(K1(_6+LZcgU zj6*xO!=5Oe{@9Kyprm?ltm4{zC3A_osTNs2?{^N$G8h_#5`1`&mmx(N9@4tkZ>!!k zSMB?P5i&Uy68By8eJgMsINf>P_g9&@x8>65B2*$c$KlUVtxMonSUI)f%*nHv9K;mo zG`|rqt3lZ-Sm6;+fBgtfo9TXs&6f~kF>3sZTQ|bI$y(Z=J?nWMuw6ej{a7+8lOy{L zZxhR&{z1UcvpcmAoR9E`AMTze;7|YmNA#Taa07<*5Jh`2-hXVP!wFlyc zwBFPWKm0l&wqo5Pyin+D80Y@j!eI#v<6KcD0vhMqiTh*Ndws$zI;lwAHg-7^=#~f> zx)F+?Lnp5bQWs84N z8ZyP2qL#W#wM>)E(A-O!XJ(2oXyyjWPbQ@S`xs@SU#A z4f9aVfYI2kVMh6y$CqDsU-YPpj9hjc? z06IjsgNr)>xuTvfW)zeZ&BQBbp;H0n2;iA7Mk}WiSdGI!zK+X|DK~@YV~K#oCHd|j zi=3_HwgEv+s^pl{>xl(gYK(f6hH$q%+yk6uW}fwMiBfOLkVv`1{?YCU@TTXP$Hhk*UE##B^+vKxXp`K*cq|jcBd*iJ0el zCJ9AVgw_oi-%ksy%WA0Al~YpZ%#_zYx&{M{B(ONN^xU>xzN|&0&aJo0l$m}sBy2%; z7!eI(PsSHoGiEr18}wcWNZ=Fre(T-0&C6VUZH#hG!Hptheg~|S z`RaEXH2m-JY}%4f7l$E=@`t-KS2A!?$}j$$R&`Xjf%Ln6erdtrI{kh+Vv;xF!tbvS z=owMHAMhS9liREo@hUTDs7GSzsKm==xxAmCJv(b2OklYObvcsyFJ{CA8>|v>3a)YONg($OY-; zPuFgjvsVyi$)@RM1HFc=wG?mOp3XY&a5_p1aaj$9;_X&@&%3r4#jv*2Prl}x;zTG2 zx4t<_Bft#Ry;y!KE*UWnW9DHCPka`wea&^B3#k;PLRFF%46#t?KttzHId!Ts1S$N)2f>W=D1pMLXD$np&rW!Hlr!&)PJwZ z)Bo5?Hnik=iKb8djINynm=cKNH5>N)2n#cw|H6eKcR#&lrIVh(rQ1FguX)lJJW5g0 zX3V2aUEV{e_mI1gdg8I0U2ka)a5wbyRcV(=adyD^6R-_fu?q3qc*&{^+;M;WY8KidCgD0YX*-FNkWn^@XSg3~ zIHM*lJPA_rhbW)iFMT|DRR&j&^R(U3WSOh4{9(vhp3CsT)z_HFPW}du4^k^z0)#2; z5qE@AP~0eJe_6H3H)z0r_8>P{ADx(JVP$OYl4%~qhnS`@yGfs89pCZYx(LPK1 zNV|~6h|xS$%69_9&jW<8h@}J_1mc;L5xP`ztMp6xn&QN3)!PZ)I{jjJBm*+kXWuTA zvBHJvi4#I0$gT@){pA_Q>#Mj*LZmF`3FW>1YHj`xM4cD;YvGyW1G2%(QPl0Q@qM^Jx( zMId6LqR5pn>arPo6CL)f4jWg$03MP7OHQW2XS1fh47D&JHNQ0+lCYOSx?bVQxC}Y& zHd4Mv=c3_vd#u$KO-`Z^w@X%_SXF2@3&?bSS+LN`g&FIiL?~Xb+CqrVVQMBkvLGn? zriomyROSs0U0Oe1*=P1pr(C!&`eS&4lDRAT{S%27mj`RQa;zWW>dVv&o%7|kdKJaA z>7@6HkgNMs+xAzZFa_iY{E{S-Z`;(vZBv%*Pi%FWAY>Siv!3QN;+5)HA|7OzQL~fR z^L{f!ZBf>mRd7z2*OlF_{YJyU-q+&~mL1f$lGTn)H6HdAuq9Y){NP)!CcESow~MIwH?axSsNAu|B+EWaY!26dEY*Ky1H}vp?KdQ ziF$}RgoPZ@MI>_g00k9vXv8iPi7&7g>Mtu(%9#v_?<^cGs)E7Zu}^HT8`WbXnFeFi znMYVc{;DdwhJkGyHvBTB+jTHG{I}|Y?}RFOK<`;!pih)mv*xU6kmtd_Nf#|SOmc0r6AJi@`*u{mOk#_0KIv> zDv!A)<`G)Faz8ur7_DFvQ?IVcFgUAcJ&8IYghad}Q9ah1$m8gW}*{Tvd&q6ZeMvT0LqpdBiDWioafD+Ms5~WrL zEh6sdQYZLrO0RjST^;WRb?-Z0kfSZ~&mj0PcR719o#8axuYScafvc9Q=63DAsnXFr zjrFpb$5|JKMjU0)!m5hek-#;Eadt2@0FUUTzMX zZM+=XLIVOUP^HFs(6!5;nb^F zwai^jzr9eNxfH~lcG@*DQyYFtr<{e3br!6H$<8*k%(hd*qcy38Q zjDS<(BL+I_DrHJvD;4s6xub5g>oj3;8@K;YlUsV=X?cPC^-4Vw&XdxM){_sWv;2Omx z%K8j;lv&M=> z!;lOGPCuAzIDxO;U*hq!FORBIZuJu68BRIh#__@WMi12ac#h>GU2drJo8n|JeqBEXpWD%H^ zQjdFnOa~vnTTvu3bR-jq*A>OL+~Y|mgIBSTxzPKv2*y8C2xcA>DY^@y1jm_})mzY+ zvZ$#$e*Rf9Q<#JkmC~UI7BdXDG^NL!uo!AM8bx+%5u4*#)r(3yXXt{HL(5K{=cl_>nGd8lX`Qt0;{xS_^gY$&C5q+ig$*P! zYENQmo;$5EmU^p1>FfL|U(Smr`-FzpgLG6B2_kulU%he2$ z-Jw)EyAU=kHO0j;`SkKxPWXk+;EvS_*?M_XfCZ;C={t*u6qTFWH%L_Qubaysk~iVr z!ddO#Zw~=^zO6C1*9G9)yni`+V{yEEveWaNYV4*?kgnr`yE~1q-|5dkTxRLNt5m>N z_XAJKdM|mPA?lOCyim}Wt;P-K&Mrz;SeXGXl&IAHkwW${$$1|9P4zh{z21PFU)dkO%@Zlm zD!>`b9MJ8;y?X8o(5OjxH$Cg)w*ePsfmn6;VJP;xY8_|)xs$p;RV5<4bdU<^UkXao zI(@7tjQ9yryj8+5d5t?op5{A3lD!!|M1nfE8Ct8?t$0NI2Md9PDYYhAgfSy9GuT%Z zzu-d;aUhVgcvXmbqv}i)IVOLKC1y~$soF*sp;5O1IMJlEYy5`=D zX^7}l(z#T=Wzv@K!AVMB>b!#X98uhs8ahl<5@jnc9<9Im)8c%++u0^^v$0EgXuCw| zFT+NnRV*=YjQibaR02VL*70Sxt1|?nZXl8sa&|xcYsIpZTmYw>?@ZcYg3`Hlv0{=P zKXp6a+3D6UF_Q-$FK`ViW0UzOuj1P^kwB3=Djav-Z|%2J+p`)F%S$pV6zd)<+AtIk zw>d=#2;a^oFcFEpd(0N-h6opOeig>wO0}U{hA)O(SECceJVU`n9)3w4HMd+4$4Y@} zl3(7#<3z?rgR>^=IoOWn@7f!%TH9*6v}GCFX*?hm$8rkO>L%?78~+JWEL82FU{f3C zY^)h~4952q^F~dnY*=bWKL3S<;gVRCDyD?KiC`2_hQz%cQurz~;_~Yu(coqmH6QI} zc;-gpxz6rQJ*6{DKP-xXd-KEt=T$9mXGgZ@vQkSXHs8d^pw5f;#Mk!2?9+=3@86 zY0P1J;|yDkphSkdQIy_$iu_}*EQ&%|e7V1$kfN9{oye5b?;J4Vzd=UsG&FnVkaL3x z7g_tM*Ep%dFOIR3F5!-i&XYp8>|Sm<9{??w`D<^olq$RwzNa{2+t#xtT6OBvf)|c~ zE7|?))sw7_xcjdmz0vHMEl*3HuZ3p0n?wDQti|8|%X~%sCthSjo&SigJp$?xfrwqa zqaX2cy+eENgTbd7yW6siEM9f>qt!1oN;U-Z$e&w#KKH%#M{AQdFd7{tIU-TDA<1i< zNw`C0tr_Za$Lp?af`8u`z!phX2iz;@F}QuWXDn-u>7bj+YOa8LI#u+YS(C=6&~F!B z)|y4R3_2}BW=xoGDjoe8;7(9%*V6 z-8A1a7U;<=T%b3@XX-epEM*&|D!6Mp&`Z2<=-Y6tIn57vS(hK}e9ZlMtBIOL039j< zW5RVQ5bMLV`0>kP`$?*;eEE&hi7=1yuf-QokAeYCV(dyLD1XN`y$)3+$&J-ITyC4> zKmP{)6D4$EnF<^C)x4Ch>Vig4S&5Bb|0IA|jFXuH)B3q;ni0fP4QwK7;Z~>MKwrdb zGs#(ue&OT37hNyFs-a{3!0-*)xtTZg6Y2d1TQiNBypSSo*LYQJ6v0|r5f|Yo7~`w2hiz)Q;8g!UPvJK>nRp zuzwfMM}^1(Tg2)?`y}RA{WB$xzQt;TNZed*I+?g*lrL$v=N)x*2n{WT%Hv*!C44Yl z>1zVEBE!B)LWom&p8Rx!ahOIi-!2z!I-o<-w`zTx+Q)U?+^`mR^I#^4V0V_jI&tM^t7b8XdAl~+zM%Lp5mfh};YR>23TtL13hB*F7)R~KBRB%uU8RrN@v`kV43{p}&{M9?2{`|NA7z;mbKk$-7 zewr~-{u6!BPeEDm@-CIxdL8qON&%_bboumZ%MZLXCW%r`HXejmj|8pc%65GGXyww1|E}!F=VjwTkqk_l zFA@Kh;V~G`eihu;%};n}+1>JZ3NQh{kF=F49)E1Cc};c?6HEL)p&NENQ1Gc69Doc8 zA7Q+^k@${Z6F?#oz}-lX6vcCN2hnH-I#E>c2=K2Im2!e+SmbB@IDYLhg|WjS3<(*_ zV%dGKszsb&VNZ1Q)XU+zSNcuhsEIpV38Edl#Y+1h_jdtw_e%H?G)15EfcfxpD)@bQ z=JZ&p)UTrkNhS4TKAI3sSnXxUQ_XEni6@ft2GLLBN9bGcY2maF<;Gs`Iv-2c+Jtu| zhO?15|7tg``if9gBd=UkCc+az3ZBVcDK>FzT1?Wr06{1t)fvUK&f?=FYX8E^`N`3t+1tr!R6jULw<9G)_4~y zStgbzK8r&`TMZnBzq>AOb8RAu>oOSznFA=Tq18&I{r>;Gpa1#w*0lIjGStV{WTlh8 z%aT@$2w7gc>#4-?$FcoB^ym4MZ5CWV8Ibw>_pM=cmnRNB+~U0Z4v3A$q_R6*vAx(Q zj8uO7+u%8s1WN+oHp#pPD~`SO+13_b&4PLScZ#BDRoa+ISQ46iz((-UP~*O3FEcR{ zuJ8n|0qVJ6={JN{B@txajJVMSrtYNV@OGuZ5wV!+&h7@W@gx)%CCPjMLkEe`HoxYu zb$uA@JS_rqo{$I}d-FL_#x0@STy}?wX$WTFEnh;C-WE0M!NF{(qO!OZI)C~{a(}|| zhbf+0As$fQ;xXeHN&iY6H>2`q`1jp|gOb^#=n5-Sg#`hZT$vz+_g$`Ff(aS3i$t<& zXJ0UQef(qTQ9QB(bAe{5mb$>oJ6M`ib9v(HTb6u@FV8aFcqn)9K}>hOBChKY00^xm zg&WKV_o8}^9@f0}4-u!bILC7vQD5LhTc{l5Y`lWbu-_e*S-CS*c=n_I#CJpI3rmUZEO5HV@b&%JX zIl5l$F-In|MLMwCg?FegkhOh6n&Dt@h<~!XLS%${fU=gJk+y*8;S0;0Vq9m!$J|C1 z=@QnnciG%h(hVhxe!+kG=mD#FG4n*Gs!K7FEO8(#1$SeCuxV1gODvc$Gq8I0C^rY$ z13rVc)_8^;2>B%-SdmS6F_oSPLdg4Nkq@g^kne~zxZF(zFxtAJ5AKGWpU8AjZia>d zeT)N4vtxi2=to0|Hp!VtWh$L%9-0K#%zkx41rson@kp>6E{XB?CoM^wP-avpU;R*t zYlY7nOlQe1J_73@&QGToNjPn!(QU%hjK(ua)Iq|z`+3^#(PV0N3Qtx|T>Ucr(#ZP8 z=(dGoYmLU_*eiOhcJHn;o5Lz;7YsDR-VKmpAL=?Kgym~_K~ir4o%s(2gONy49Xk=Joo)A zS!+XGjl(q`>W2$1ze%<|gHogyjqC&^NnXACnDNE7v+UsI7RlR^rfJJ?tJkwu5v%_M zOp1hmp_B(s7`x>c^@lO5fz0|0n$0p??Z(1lI-h7Jj_2xku_VI98Q3=b)f9dWCs9OW*uh!*-x{p%&IG!K0fMEC6P(Rt zlSNmFrhkerzOGk>)+l`hyo>OyXl>#qVX2Oa>2L!89REv;FkYH3^C?Je``3hQ{gs6P z@xWCMywk^9t&N*ySOpg+U3n~(-*7G3ix$006Ft*y^?A%b$l=%C%Py25fxzuxz-M?( zj@LRr3ikpymwrG zDYjxcXnS?%GE{Fo+40u)Owe+zkhG_*isKN%!|5Pe;WkSz7^Krk#_O;1xGd>1cy@gKq&qHOLAiQA9BD|hTiYC{Ro0t z6(&raE7CHz)VI#Tm%;5XNpWcynrqf#vNqRUOMU@bS2Bbf?||vg=g-m;_PRuR($U7a z(rUN+>KP`kR(q0geg7&mXk$_)q!~OUhsy?+1OF3t_-WF$7Du)JANBn+D@!h)&?%h4 z(Q!3Dy`a!EtQpd$a@HQ37gE0P6wq5PaCyiD#qCX??okM;@dD05=p!!oAC7D$XnLkf zl5)cC)pJyT!VX8HK*`l4O`ZmvVR{#>ki6Sn$sh_)%k`U7RLw;sl@d0bv}&2)4Gho9 z7ikFIW!sj*t$u@w1_kI$(pFSW-!f=@k`AL<$_z6baRza96i4AZCMg!DY4d^XkDXnF=ee3m@62@gzBmCy67cbEYCsvWxn zN#%&K+`Gm^`Gca~kID-##{I&$*RlC=&esh$O(J1?{ez8kQbwieK1KU|Rx5|uDZ$y_ z8jzdS767QANW6!o-F**1~#zF2ZJxM&islxp zrHQFvUi&$Hu1BnCaJ}nHhP2Hj0p94EKT~#ZAJ;GXnv-eV$LOwtq?jG&jeHB=*|sEe zWutx}nub}=+V&UL6^E|Xv5wNSM_@QjfV5tQjDTUc!RRA4;#kZ`(JnN!7g3kuLMKQ1 z62~#$H7LB+?PjS0CJvS2);#5ytgnEeO7$~qt z^xqSB={s z;S=Wy`ChPkU+QFG5T~)lGU9OW!EbD*_nG|B)oREa2mwuxmZSj^q7Vk6u$ZDYwcP^gf>#5bP&^2qtIQ>~z9{w8>J(jAtL+N}u(Qa@QER`1>#iU#sK*vcSfr z#rh~f>l?mVe38|0|GF>iA`tf{BJwqkTjOsJB`tv$m@9&_hnY&RL%14uUoK=5zjSpy z1KrpT5ABRyKAR8iMP=+Y*ralAyvYw7Xj*&2aZzCWw5|C5(_TS>(mDNiZOPkQs^bU$ z_``De|8yWpiFREagK8O%<=-qF8tF-?&PwqAIq6YfjxK4WhqmP!Vk63u$8`T9=42kAY%7-tnzgKyC~(58AFN9Z6}wP ze%4Q(j~;?~LE`o2Alz)?cUd^f1bI2fsf4RXO@}O&@b`!#BVZ*OBAjKdg4n1Rm^JF$ zj&502IE&j79m>2Eyy&c1^tr@fE#-gKFXcca@y^OdUoD$c&6S?80c8|0W_6c(h&U-b-f2sLw&24!}1dO$%< zeWX(y4lJ|)tbV#&@J~g*-0iM?Hp8w!?rjm$eD~jKAPMx<+FK3Bd!Nh`c3!*v8gJuC z3#u0453s4lgfMG~2d_RFa?4~s^U~k?m%&ZCs*vp5=mVL2H0#!_Da~!BnKn(xoVabz3*q z!x|Zr=NWfnwxC`LiH`;T`yBrR3zL$c)})n=g-*cHa;p?Q!Tl7?Zogd8@xTW9S$;f6%x@`9B1Ec=@M=L3dc@D!+%7 zAycul0D}_nw-D7lnw5K>!o8?UScbK<)Rrx}^(lgz;Ta9VL3KCy*D?y*S&gafcAp;u zAI!_u1}hSlo+7qma9GrAOW!w3Z!_S9``Kv`byi^vQNDXi{9OlZqP<>&t zy96%H#+~-jg&qomi3O?*CxUu}GT$-am8RPF@FEKxV@7ps`&pv29ub~Jfn)HS(zb3h z7~0?BOhv?;#iPHS2!ZEZMTMmCmmAKae(2q1r0LzZ;+4o_vNHjOfF5-i&Ot{R-%+-c!ykq+LHeT zudlw`Gj`Yjf3e~-i3#7`GN5|IlB0CjGt*l?*eUqet>G=qa_u$T^8A zY9MTZ=%tB6B$*o~zyXF!x?dX^Nr>=+7eGqt+=NhXi&~OG-4kmgPg8cQPBze|x%OHi5+`T7cQk!Lw!&7~XF*zw z6bTcmMfZwq)fC&vm^9D^SXsY6kqRGKXTe-J`C_XDCQ6#$rAA~91e(MjjAi%J$ zakAHM8@hL_!8So1U-E^dQvCbwfKM@nUwgB@ynjzQAStD9qv={CS*)QaWy-b?w2fHn zIsIYOXW3!9hCfT>g8dE@4(kbI(g85dUe-jBy{+g!C_)wHC#g35Oh|Ijb>nsP(n=O)b(i_mNtHKZWvrFoAJX559gL!H!i-Z4@iy zI`7URQox-ea94bvjVN@|pH=vHH{-AR@?`t;-)(nRvt=SFmK| zi{y-cdn2iwI7za+8Q^@L?YhS4yR}tX7{-Z1GcnIZW49fL^($Tl+WY>JoJ{|ACdk6m zc)@e$%bo)L&_EY7&vT>o zKjR4;`FfDBiH(;ki_nQHXNVcu*+w#p;s)y>c^BUqJ8H$!=QO?Vs)*zq*tKK6kqoAD z*VyQeszyw7Q+vE${;+z zc=V$*U8o@Q4WXg)xNZylx}^YU?IN_=i1xu#* z-P=JnIbGN%i2{8ilN%D}Vds1|<$nb`o%uy_pvvmE12*xSRmVH3a^|l>uU3Oz3q^`3 zuy`)1$GG^ASN3?zq9>T2T*P%X|JC&dSo4-Q(uM%DfY4COrG16W@V>05M-vz9VG{Vi zZs-4QEV#5F=R@&+cMQ3kX`15zxdiv%7m5L}u$X1RE?aCi>@CqtP9#~t+zclPo@aI4 zD;$~)d7aLnGkq4a)KB3@!IC_;oXOGEOSuZXQY%b_EsDu*J#&DTa8DIS9&d&TBA|>D zT8ZWt7VsmiBd8q=mdGc_FRoTTYkRZdsRmIX|2Y^i)q_XwRe$vekBj9ndA`)fjEaUi z%d=+m+pNPP4V4Bx=YCFd;_GU<#s|IruVZ#D=Di35XQ1k_S^mhbUKndmPL+SPAzvB0 z_xX8B_43lv5^(JSsXsY-;b)7Li0L+y)@Qb+%kw10WO1J`WaN7-o`r-FpJqYWrts^# zU6Ezw{W)v*J#$4gddse4G}68xA~#QrVETCFlN_mIAO7kWX>JJ)EZRQRb!4hn?3qv1 z-~GfJVOF@AVCPwU$3MEYwbdP_=_rfGU_q~38MG)D4qfnz{>{*V3MtU07Owhe`0Tdn zo%+}oP}kzZT`O}1SvK}vk-)S3LClXNv0vsl)5S-$NNTTL&1sJ|kHna`p-^+eq1Db_ zL~*jgFM>tqwP=0gy}4VPfd-vkfQpxC4BSU7W)eO`!oMkldKU*!7f`b`2#6Koo)|}`w z%tbQj--_4>wou84?o@OAQ__3e@&k3Y0IHPolVDy(69@P(sC^FDb)N*sW#NwEXp+9u z#HR7#S1U{6Yio~NMlK6FvKtj*gz)KVHF_wmw_PVrixCX`ENzqwA=1ybWDy0wV=f<) z+Z5?~-TLF^A<+ojC_fS^HIB<$?ixMQ-sK^Fl|EnQHdbF>NS(m9XvN3$3MN?2SRzb3 z=WoQZ;fbw_KX%18uDh4@E7QonzV5Y9%BtKTjGKgPK$|>&B(bq`_1x|j*wdEmY7|sx zRHSi3ft%pgF$v)hV)%_}_>LfI)OZDuwW621mO0K6+O8~`AArK3$?Bj($@w?=cSP*n zOuo3``iWli+}6=*dEd?Z#aFAla?-ufvb;g;}h{%BQ2T zTie?i8-74}oUH%TqZ7WHKmrY?zO>!$iD(XiX$J@LddEZs7Jj$K68Q)HX1T9t6r-E>?rg8*lU|kby*Q3%wPCqw0=<0bs z6G7f@sH^Y8<~Tw(QF0cIU!VN~n3A8upH)9`Dtct2v)j}b3o>dE|3f~K75xmcR=6qA zd&wZZD{AkZ{~_W$i|zAVNa_LZtvjXu_)Q83k8$Sj#34--pW}nxuW?p2c^d}EdVXXv zIXXPsltFZTO$}ulh!T1!FDjxynKi^0V&j+TVAAL{+931ZgXn8rJOV|5zu{u#e34sG z)Jrc#YJ3=GAIgcy= z8LjbIW{n3Lo|C#390BI;>r_^g1jVzzszS)ADavp5m0+#g)v&gMgPq%}pE8jg|Kf1} z+BRsVAC`1knVuPCt(*k5aMi4=G0XSEas4MHX6VdV1d};IKZ9rVWBj~~k_q?Pf*nlJcF@=MCqvdcdrRsfI_MB;%($O8jV+mXGFX3UZe}VN`UN9b2Whv7Y+M=rO-&m$i>uS9SbRiin#q}a zZ%Gjd>f2}l{S4rHq5)aK=}TknC0kdcsE@A3Kp&x@{w~k?MJ~6+HS6||^A&&AO<3vi zt+|e)4=%VKlo*X$>}kQ@D!c&LkZdM+?ihr+d;hX!_iix9wIS_y_l7-x`T_Gz*i3xqEDMGcs@aEq0?Uk4S+@ z_j>ws{?Bvsbn`R`crD3?g+z4?m~3K22i!hb+(rX6=H3;HeiE}(F?TV!l&3~+`(R`*7?;JHNhVD zbds-r79fEbJb!R|Un`TOU=Q*pBFhN5)?_cZsGQ!3spfk+Ge>@CY< zwW+nrtPe|CNo*PoqH>v754x7%@}?qJJ*9{j#I$=h!H2Ae!sn*+O11*_%o%A7r}e5E zG}ps;#FswH9+CY?rc0eOR7>_lQwv(LPoE+duEnHp@Ey&aCd9^RR80guNe>@q18V++ z>NJ~07sOj4Fjr^_ndGslfk;T|d+E$3o}ly51*KzQhqq*OtLzqHF*_`kIzWl_o(cN5v&$Tmp0QQu_UyA;5N(aC@!A}iidB^k z$O3}Ac_%0{Pd?3-{C0+k*?#K6PuCHf=FnXFmM zL=#m_shxW(xZC3E=VvUY;vYPd3SCr5EYJ^FR18S39b>G#ur95)ln++%fpS8H!9A|N ze>#QMzwG=FD`6v03DJh+Ot5jS($?)1%wMMlrE+AaQuUnyv<7%-@f58o1WFX%1-xPn z!|FJrKgk!ELSVsNlv!rtmsx#?*{ibaGk`iohe6lSHKMwfidy3;%@*D)C-N_f>9 zs^wa8fLHn68u-(zE}XmX(RnWo%}WiWS6YwitLy7ubu(7m)k)x&{A8B)(wwK3(I>>|A#K%+uj3emx#wxS%+( z*M+>su~fqt!BkIkGUImkQLBc+<8jv#0h4+A9b22}uhw?=`4f08elqq}rGtV9J)JfP zhj7dT@~&CCU&l2cQkZ1P%vyW6fk8r}wdWosnVlKjrW7Rhj6xnVWFTMLaSKgCLdJ1QM|hiCCZey1MBUVg$e zNI((NI*oJ z#0ySAQWUBvWET@M>5Ls-g3d4jY#?=va`04L^jxYaeeHEk!$`mLZvM00G!u>|e&z?F zinCn%2(tWHFDb?TDt~Qouu@OmjE8XBWqD?GSYGj{lKIW2H7)bDhrW>1?wGq1YzK!K zfwVJi^N4XTC1undiL)xK^*cgRTuBYwHo~12`xJY5HuDjYRu`V;Ei0QWGO#UfQRVrK zeOwh2LY$SVq?^jq@3ipzXIJmlg1LjoKD_65<`AEiDb@b$BJ^CBEPwrE%{fy^h|^7O z$tNXrL3b`9RYM9*je&)$Qn(p?sgjf7XZ4HfmXSTdgq+Toj(MC`X z0f^AOs{Fy2!+Yy^PR35iI}_3zsLJ=7{1yHlzCyjJv+Xp&TRrUApJf-SciGUDn0)@J zS9trjwC%7oEP(P_NGk7D4~r{LMdQqlhD%_k($^hJ6ZxCn9>LYS_~YW?Xj8zxSuAeA zPQy8HK3u_-)g!lTwmESml|ad#@gV01?bf!Z2H{OMbw2`8Utgazy6zOnzgE)LCQNtQ zDS3cqCvvt7$ZCGjc&wQ2JqSg2G`_(_;`-ZFMWf8SzC8Pjm*Gtwew_B=oz7vv%UO;7 zj5$<^ox*1rne9a)J)VJs!OD`iEkX!lCJ+-mI z;a~GJB|j>}r!y9cedeRg!xm^DFK~_zMSJ>SE2eL5ZvG@Wl}wI!>e_lf=+%8b60^!t z?VwZ&C#cA_#?(ZQ1BSO`+A^&I7?oDH0~=vu9KI)yjJD&KiFt~`4B z0nS*XN_DxS^O&Fxs5q5?SiU;eME2&Q`D8K3SrD-@{Qd!DQ~A3~ji&9IFSk}%`Vv30 zvT{doK1Jb=V`f?LOL09~OO6=azdgsDzRuhTi@&!; z8g<^;#(Ch5z0KIPo*~Z=5ssmwc zYqt5a08!N$4te{1MFif;!A4goTyX+qQct}meCFo2JUIPfZ;63nxe;lx?6xSybBoz$ z4mUKMr;I#|Ik4;=#@8?&I1}^P0Zxc5WoQ{s}OJO$INvK9F!!iCZ>v{VHlXU^* z^ZHZbzyIKP{tve71Nw}~nGr)1nnpBw81bNtrcMw?g^o#Tbmr#m2kbDyo@g?9fIxZQ z7!a#bjQS~EfRJlyfVMUzb)F?K&H-1bKr4ne99Svp19)nkI z{|t6)i#WY1Ce;(J7R(ln`_=6h_Z;_RKeo(#u`gwrHXZx)un3p9;Y*l@m3M&iQQLqA zB;+s5l}>ykl`sNnZUOl*xxpZ-rDt=HlnT>$H8%*%E>)j!4^j?&GKM}0xwb1F_@d+) zHqSaGQC9p|oflwc|u>cR2%d*xDDAU-}0(;rRcFfKYPFz{Z0~nRk`sV)}n3 zkNrBPLaE1}_iR>c+5=UGh?TP&GafSEqzm;OJ?m22&&esNG zVC{cZL7!HZ{2kJta?DffSHl{H-u|2ZS8K>DB|gE$u+mB_TXX+@+4?l>kvup@2^T&X zI!j$YVIKFWdUkdK1vo@DyIo#f5Hic$eXGO!;J?S%VOL<}RBt_cdL_B*MycH8lRWNc zcI7n|OIFfIHv(WxR-a7?8CxCs{kW;3#2+jQ`z4>lgZ2A9;M09RKs?aQ8~zgK!lz1w z3X|pc!8X%ll5~HPpT8aLsM&)V_t#JRHP&0vhCR0Pd9Dkg$@AYhkukTeWpRbn#-10&8pjUAzyTdli9hS6eQ7_hz zqc3yu^41t>{=TKtd5Zevy*^q-bn((+(L%o1s(unFU-sH;xGO3`Nf?+g?fVSr5=5lelkd%jWsYW~7UvuY9 zg0zBb@l#Q2&gpv8%l|P%B!P*S)}u6f+C*8dvH@Q*cdGP|PdyrD|NEv^OdGHHN5ABa z`f{g7%~UEgGm?aNhF>#-F_sO}&iMvfH^Mj{P|}^$x>q!brKFBGUM%=z!AXc5!18K& zX^(|Ld$Q3AYZ3WG6%3MeB+y5&F8vI^kU``;!#IN3H!vvuXrc&?nR&l67VIaT2Go*y zDUd$q^+P;ZH$H6toPFnE)~(O>A;;%TNx9$0HJ-GY@WO7#9OU~$B)-d<bQ}B$ zxGzr*aoQhnr+U@|mhwOxm_c4gAf=%z;fQq7U!=(-e>4slnp%Np+1gl^5W{G)V3yPm zM+WvDjy0`j469Ss-u6=lbe;Qy!sobAQHOkAbk?qhB(+B{0pD9cqlfOYy<8LH^R1Vw zc{jD{`(f&f%gS4Wl?ty0!>l~f9g(1pkhMHj`+wQjKNK?H<%nU8E*9w~7h{B4S#D-8 zZ@lD4<8+vos|3!)POHjm^x=}5WcR@G=aX9>k7IRcSCj+ckg&6`Qm@-A} z%T$7ywon#U?YlyO(zOdi4MK0%VXuv%hM=pP5dn5`)@BAzRz70 z^FF8FNQy446JQSVZu-kEPR;JF1x z4j&G-5{IZ!!eNayG73WKt6hhW49Ygw`*EhwSmwcFI=$$$xPTlaeH!V7+wkn`4a_?U z8*8Yp#kg3>y^s)X0@a%=NnFYmMXMN}rb>@lI1_8eJyOyCeUeyZ&e&LVf^hROU654( z^1J$qL7Vv=8tdL^NTae~#UA!D$-M&YSbmz6WkOP54sB!&wXue!Bl-~yfwfCFsan>s{)8KuXJSwhG|21NR@ z>1o94;oFp&1#BzHAV?s{n@AehFd}HDcvP$-{f8u3HJFhDMx}4X87u3?z-0X zRE%y#c6$9o{2GGO?{D?Gfw4IvSTv#!)bYr9-KtGIQTfGzbE_4u?*>KD9Nn!6^zTah zZt{J3d(;$fS0id27iw$wiS=#KRaz5w@X~T<&ig)Nwn~Qimh%T^rm3dL~Xge zc0bJ6)!zAuX92Ik>MY4+J3WL~n)p(*`!_%<;^@kkI7>r`Y*@4tmS@qaRCCT;qL>~@ zFrXfwo8W3V*04~?s+?mX9|>8)zZY%kpSyCc*6K zlw;V$9j}`Qu`o2kMOVHaO{7K&wR6o89L9zA%%++GEwaC~fT1q!=;r=5o^6KWBw=>U zoIJPswvM9zJ?mC3UizXeHF^OaH>?D6*Oc^o+<|T^?CS#3Uoq+I2*_uuznz&t{D^cS zEJhL~%Cc4Jk`)6V-OTVsI9yE$j@-EGEFSCkY_WQ7XZd5kl3|2<M>StYGGBO5gW6SH9##4|R3@BCNv6Pc}pDuB1F zpB?F|3!uXRYe9B9M1Cu1JL~T5++E=bo4;Qy2b?AuiG2&$_z|;y;q}Wtf&oI>5%1<{ zwtF7W`RTht_mSft@~leS&+Fdt-!7lQ;68aWV!D&H_w=nPWGC{*34b69bBl#J z5n|iqkyGn@aMMU&>Z5ceB+Y?6ybQXm`EWlfJ$5Xvpf2wUWfYl$RQg$dM2`x5WhIkz zurqjG2|l3r*+#E?YmzaFsf8QSPu!}gcykZL*F+R}L@|4h#FCU4s3~Jq)p6-bkWFI) z@IT?v=Q+;NreWGpD2u@q-C$hy-@sEfgjxeH#!&8q-%R(my@e0-tkAq+O7%-47p2`(cX|mEo>rE*c92h>R(?W)Mf5iSn_Ri{IvoX7WC;yosHSRACWPxHbm&K2@R%z>RB1uP@mm;!R8QDARxu*?Dx|dH zfdqyexS>L;4+(!ZRri_5fBnk$+n!D@TEDQj-DY2Y0z!q-rN03ODijo;A|UuJ1vG*= z19>W|8Rx_IT(bf=K@$zz(W4;AeX?v2N=-_OXBPl zQ+1e^-Ww>%qru*o2QZB(sUtE+=tYBK#>0lZ>Ka_)kR{fDj54agOaPfkBF*VwG`Fa$co%ona|m#FxHjYP;Mj-oP z7%LW;>^*uNTUM0IiZ=jDWK?kY*}Kz~u5y|9Ho?}VlLbc8IkBv=7m;?@p_wm0+BitK zZD_*eF~nS4bE>cobQU+6~X(9rg$7#q*GTN|F7s{qaAZ z?TO`C_2v)$Vzf+G$sXMOvC}>WOc|RNSl&c-kWQl~|4YE(|24|56a23@Lco@=?20`y z^j6a9!%09P9#IAwE`a})miEElkW-{Tc2#|Y?b6WXfHokOVCs$Q=fVZ^7Z?nx&W7Iw zFtN2Ef}ts@2Tvq*HP3TQp9l=7VvTP^9k(SW1(ujmpu92cnAPjMoD2LZtIU?PaL;ECyu3p}i^IzL zNef$efrtVI4wAsREOF^1Wzq8NQfa5%yg6V*6Sk-@1jcTCFrvwh3GPibzR39X;M1_R zM(5^NioB2tfQTHPUEER}MxUo+xyg&Mk7Hu^|CY$+u|1t z*hl%-vp-ht&X@I#n*9>UzFZsy_(z7brD=XfR{GPV52tl;_-6v}8@l?&rx?2flivUaRYSn?7lO`-LILTGRgW?x6~ump#WfoLq$Vb(AWvoLQyY74PTw&-q-} zUwxZe=+n7)8O1V4?V*vGSI_?DKk?2h@JF|YZc8u&xU0(jBul++zNpf=)Ow|8>aE)o zIYAfQD9{pcVB_zVdhED$y0U#Ec4&_O?bdT}dPWN+`w1*`oTKNTXYK3jqr$YzEaF#t z$A*&py>xK2YAw*XIoV+31*fuqU%8)j`mQ#8aQTSxs%P7Oe+%y;v(`2W3ebxPFs@Wn zpJRY&yvJbDntMbxc8iRIU7V}?1`xsOHaoxIvx5`%E6d zGsJM(THtrZT6xK2ze z#~igNna_uYYetWl2A5we*znFzJ>e7vh6E&y*@hn6m8+Sx`T$C=cwQc^NUeQPGEy#NjYPnjPDq`QnMcT~qNzpt-_GE#Prt~sF?Hf=1|V>2`Aj>g_S(`(jW z#0qi>MX$%TmK(m$BUzS(rZkgV_OQ^dkpWQEY4AWSp zdzSzHzP^Xz*rT(q7$%~@HKY5lMkCZG-hcW%(Pev-!IZcf+sd+%jq~+eH}-@hF9TOv z5B8lz&PuDnz%m~b{$lE{W@OZ$CD*Hu*>B}(`zPbIbJX^BBpL`*A(NkiN~Hua6IR7F zyB5v%Vkc%nWZ0^|8x$u!^Pn1oO!Z~3=Mzk z$y4U|w+|4=^m#z|dwsvxQb8?ne63(|N2!GG=VLr62~2L-FNnFJYAT-wt$chC)FVin zka?O_z>`Rh6>3XyETtF98Sk>8uOtqKhX}HJ&!Lm z7zAbXbOY;x{Yv}$>NEnE75rhsQbCGavd+DweSXe#B;7=rmC+4_+Ox1hjHdq_xAAuO zXB2nM!2E>l17r{i25@Wr%@iZf&ChI;R=~{h0D<;Q2wE&naU4pTK?>*$qG>}|%lkld zLrUXx{~H3n^eh=y`H7_~m;&JGk804VxEq{b@e*IZ4F6A1SWc)yt;Yks85I^_Sa;X# zU)uBiRPpfRO{#}ecXw<3jjRA~RV@m$5jQ^^8!mg@2N@!S`guQ|enV@>o%q1}CbSlA z)};tQbc`zGQvpwrD`kW=YY)Yj&9DjDP^$vXlX+9KzA;S38Zp7zR>mXwvlViVK3`KG z!-jybn0BPH+lU2yz3Nue5aEZ7swUCe^Hr{rOZ!)jVSdSQuVj-Gemy7WSEp%8aHQYM z;|yR?66|;5LW&Pj19EJSl$Aa8wF(xRq6@9(e1qNSPmbNFlAZn&A3ltRGKY9l^G*;f zcI@K;d)(-&(E!enT!DODMhZZmQb(jhOqK79sC`$eL4S*-h6nB*aN)jZtgfL_h5g$h z*p-#7Yf02C9ERw#l_IU-#h?8yye;JT`2AIFd;RR*%%Ap4)LFL)qdtd-*M~vp*0%3# z|DXu*xjB1={QTv$w+60%*@H<53<#OTlpVy9#&28<0 z75B9WWW{-QuTMdH-4C9Y%g4In-tAhr@A+#umg^(p{P*K6yerY2>D`|{(?OdO&g+l& zUN`T%s02Q)!~IXD{Tx*a-vu4sPCq(3Uq3#$OZlBQPdm1@OT7?d{^p6Ad;jPeHJvYN zCBu;quP*6~{O-c-98VyH6ZZn-sM4(Sw=ijS3UPe9=Y8Mb-_jfo_z3Qs=I-yj{&rWe9rW)dz`c8^qiecmo<=DBtDpYMoH_oR zIja$2jaRdA&FxfbpOy=5LO$rbrUyd}l&f|OC!a!t%*D7? zsh|ALuWkc`_lGg3Hhq_Ww`um(9nQKk#z(1%d&Emy$%*@Q#dPr3djh+sUGSD#v2ApLK z2j1Oy6r&16v@TUMRrx=26sbuVo6tCSd?+O=Zx! zMF-E6HI9hApr}kQ;5k&%%6D==t;1%li~C*B-PM)5U5e6e?5ol02l8C<>-;_sG)FR! zIhkGcD@t=*xXFBwnC5!?DCw+RR1T*Wb+vX2kon1yfQfJ%>bfwX^z^O!jhu&DaNry= zpUjS;HVKGwoxzhJ>2{V3ullOV#l4gLtz5F079PY5SE7-j7W-$noS|mFZx(3N_SFBq z$cu{>3CDgjztoqcZv$T;{Q$nHg5>e-dmN)Cf&EHW#br7WQUK6XzKZ)IWS}z5wk+<9|^HyZ=|e=h{wE()RvdjmrRG zoZh#9%FCA5>=RO0-z{eIEx#3HbNRlous{~|ZKG58pQZQxC2C+5xVP2Nm<@(sI_fIw z>wj^}l@r^ad&I@}jeqiC8sYb%?c%ij0CaJx(4E$*dK;J2zi?k>7s^NfMcK{O78aID zI-Q+#b1J^*FMiX#=O1*Ym4o18iBQ(cbZEEAi#f&iOa@A@MQJdLj9r#TTi3mj$VfgX z2pT6fJuubnZPV_lL={<3>;*DE5wVOljv--DqUKw zZI!cW+Awkx%8YtNBWEvm@0-tOr&UUe(0L|5c^Bc-zlMqEZez*fWxh?<XW^^KtSdL@6X}IcMPf{w;ka#C2wj<588U*wGP~htheZ><(>qPtdB9*y zYC%kyR!=d{Ip*LgBZPr$Z(v=a87*Jls!v3iHk87-oN5 zD$i=dk6sBDW)O{uz|f2evrknfR@d!y>i8QRCw{a%NhZK`Sr;}nUZNGfq_8eONw2v{ zT4?}Yh|`VVpM)H1J-2 zW4y2uyWv(=#&6?)f9zXrIo;1Hm}f&7CQ|3?>uXdHf%tG@yMWpX5Qc`gaRnBJ$ZkCn zzVJDfn*Y&lYoHxLdk|>SaG-r8p@f9jd~+*!HB~>VA9-`AGSO4taj`@ZUv}P~0_$Ap zp99gRd6>)A3LerF??}&%<^;`lZZTtYx`OIBzLPk;A(2UGA?%S!1`_;oB?A#cHLb0? z9t59#sQKh)^=Xn(X<(B4anptSCJ|^`ax@kMV}_tvYG@E=d_3U~?!ype*-A!}op`pK zvD+<6@%0(a80%m-<&Kg+E6s7W=qV#LX+_VobdD%ku3aBj`~|3p>yJu}96yH6y}vf7 zfJvk8i5w*Vrg5i`$#b>QuF8_5pX0|v-rh4$v725+QksHaGOr59UvYzTOOBc3Be#01 z-z4P`(gY@sNRVC^@8sibX2HX%u~%_3IY!$pnqMJ+(CNF zv%_Za*<|m0v!tT(myRTVeoI^#zZA`|x@x5nA6yWJHUg!X;A#ezCHXVIQLEo&=6aj2 zo{VX+dF9L;iaY1vlCG;5N);{hY1?aA%(^-8+ z_a?#>hWzIWqLP%n|CBR|j<%q}wI;^86VB;(pI}4usu^$U#55qk1Zc1*DXIpNAmA)C z{|*so6Jtnj_D1zEgs+BlJURmb{>)H4cXM-tLxKm(5ba`Y3-;L}D-YGxoE&9Odo43i z0C@7in1ZFWw82O?a9-*Z!t%@@D)iAAGB}}Hz>+-chtc4vu*iZ8N;EnGS`7K|DDN#Q z9KFbQSr~>ED8r!;MwL~ARtfeoaF$fo3IBqFi2!v&MXE>Zo`UVB6GL1m8O|`TrZ9m& z1r1p(K0&&56!o08G^RGO{fIsx=sgOOPv3o8>kds4PB0KyatD_Lc1pNTn6xCOH)tFXbt;9Zi0#g=mXukXzmJbEo;_QB2j6PpY-RSl<8V2KqZrxg5J3f#9qXI|&Lj~s1Ltb|j-|3~x?BN7XMAnkAK&nDQ zX!Lffh6SHdQ~@WnHD7m)(o+v?R%K~f@C*Dh90bat=D2TRlG{99r&nHiy493f771W_ z8MM|p$7oPm*e=hrBw@*=6ILFAXEAz#4ZcsS=kA)-3+3%O5YK=13e5|g&t^cP`I$-Z z+4pe6m`PM%kXDg{J$^}F)wk&&a=kRg9eJ!!0X2)|=fnO`mV|d2>E6Hjj+#!FE>)$T z6Yys5VD?$z9J4CTig{(Xm?%R-&UrB!GTPjU2toPp?_Q_A0FQzITMslhUSWuDVO9nf zv(d5_qcSl{dcx$nG4CY9TNxJ+ATQb&+ild3y-$ftt-kdl1gqePv3?nWqMVvsJ^r!m6JS;zDPkCi3U~#Qi z7>3q~bwWH!&y)tQ6QQqJL3bOfW(<93SOH7^Sqfq(N?{CoBzAgzHS?3L{nr=;xS)8< zz}_r(CLuz}>FKD;!HNtU;oV=qH-LRyNJRAXpSfRynXaTvOx2;{kBI^5#XUX-S!uNW zN|lN()kfR?{(HUdU)P_m5MtLg-cDLzaAz^q%=zPI=d5q9b=97w6ki3WlPH%XjnbI^ zk0QxMGaO(afwF6*ukHr7=2d0G$hh*^QZ9nQ!r%e?PuKYiH#SD!L>KrdnRitQOZ}|1 zB}LbWJfz=%j>udOK9i5E@*>5axpCs?K)V32HgeRDB#a*)}^}<@yv<@Yi zB`IJKJx7H)~>nO|mE z2h?}>=0xbYt9VT^HXz54d(#ZyDa>F-Qz`2|325!<_aFb9(T=IGJ$ThGqXQEm0OA)g*@(t~g@XjR2x0S+y# za}XBxX}_ZqEvPEL#h4v6y6(gG8<)yuapGUzTQcu{)uaJaH95bNr(eIW8^i;%o`$)S zOciCOu!w4^hh)buo*hOJ`1Wv#9TRsb$Opgjz1?YPOj9kw4WFl0*-ra|UgMB0$>Gc# zH_MJe&B835^0ad+Edh7K(EuBkwIo+XnEq2``$Y;9j9hg>zbe)xum5-cr&ei69X2Hr zcL*q)LyRJZdZG*zOol1gI3z4-mxmze84*G+AEo9S9wk5Tdov`GN@LMyBpMv+K~zQ1 zrW70N(Z#1B1d(S-K?KHE5~=9%7B4$e%2}awPmxjznhctgpuAert2=EQN#lB!S7bp! zB2=UwW*|gB?a8zW>ZG0Mb|sx$O0lBX#5354!Q?~e`7Bp$5cjgC>qn;~`D<~&+^-cd z(=77xlIYhP+ik-Hf#tuy;R&##;U2YVojk`Ww`s(SK2CIGK81cm9?u`l)oX2xrfP|{ zVR} zAHgo4Hvx#sDckteG1uw>E7(E*N6Djf0%#27M*;S9?=!Y)-P7Vihbq;CSg>?G@Nb<* zMM}(g^t$-?2OryEC!;YRG2T%LR-wJD;DG@xz+^V^Lk(!Fm=7t2e%8M#LyaIpNdr$E zvIIU5m6PjYr}29$XzKhv`WetbU|;UVL?gWK-V;#r$y$(#;O?o=Hb1;e2)24*jQAbO8}}LKa9e&pR>b;^|EQ?t*WA;;)15Bhf1TL%!mGAx$uN9vqtsf**@0!el@gP7@H5H_f~?nSG5_1^*yQP}-LKV}Wi zj0ZZ1?|H%N6_=556tJ9g4{euf!ECEr=7i?@ zK0P7m(l0*xazul)akrbQu{4u(UMqgMEY09KTH3*|0UySqA;) z_&-?zN*6Rk{GUSkfO05Q2TMJRaFPDQGY_)Lf!6eL?zvH28GCE?#7{Fv-x|f}$el8K zVDcd$-dZx{Y~f$?)-b&QVx!(Ox{Xmwj#6u<{U3qxs~Fj0%y)LKOTJfqsN^iycArrR zyh*cpMEim^zzY*Ygwt_|%un?zs^iD_PHZtxmZmP9yU}X~EuSnHPq}sDDk*jI!YMi4 z%9YHi=5{z49Wo^-@U5p*G*JduiVi*zx&;8gsq74&{dPF?A{o7U|4slhthd-VAwwyw z?$-5ray`n!^oO@h3~nnf?-pe_u0&B1b1zF$z!Hw{Q{H5;?km-8mv`;6*^)}7q~?cB=Biiw@3T|Rd6q|-_mBaDD{Iy9wbq;a>fbR|sR)%NHf zghqk!1+TJkKaL^W>3bru^PaYRFB?OF;^a5_e9NnyE+ za8)tB`Wat$Ruwq2v3|ZZ0z4~o-z^PDrPMC6OEUW0YfW93;xtn=L)f<0^in_}Pk>p} z>wO!$BAE!`PTZXu%Y=-O*?secBe$`BMqw~qz;(Evg|k!yFHWE*=pz#@UV&AX(?Rr! zwr0(`%7hIc%L@6MDJUIWpj&@0p=^}-run%=f?IoO>1Ty_>bZIBl4X+%sn37;Q}544 z&`C9aBGAQ$SaS@8>m;Jxf#6&A1mu089jI!!$6`NrhNV8)F=o>Cj{Lkeboo>OFj z5CkhqLJFm!S!9JNoQg9Og?tiN+ryk1qn!c&{j@KH2RUL=>oJn!68vD|`bst+^Hbs?cRI~WKU-BP%|99sfiyqH(6sM@E@UkNxgYuhZ1~cutoWHy!c)Gjq-%sS zeO`?z8s%M&YYf$!w!7S*FsLD1pd=Za`7$c24h+j-XRQi%8++_c5+dXMGFppEmBKb~ zXe}k>A>R1jv5xKLa(6eC*57(s@*X)@wAQ{20~aK(X2n`uG~O_O^U8!4 zKVd!PUA7v=V@2zOUhUW84mWrK8dqd$#uQ$2mIb#PuYUV#Tk zXN`9&3dDLZ&nEM2rMJeJhbe3X9#hSG=!B#Z%kIo{^yLG|LcqNmPI$WaIYWTcsFjh<%8`8)M zpH#P4KNwC4fPCC}(MEz8kr5_$MWe~mOvgbF1pyKvvvEEjLGq+Znpb>DrrAfGd&?dh zX{#ZJj_&H_wF!-+0==UpI5x3y+lI;#H^^ygwmCL~Yl*7;WITBs3Vvs5z#OGV$eyJc z*5!S-tSjdBbM}0lpXB=5r}_jNzR+xR{~B^k{BU||dLKP+46N>=Ro`C#!v%yuKb}c7 zYo`GmeP~=)??c4-6yh`Z^+!sF2FanIHq=x>K$4Q<(}J+tCr3S^P^>s;_Nzh`3EhG( z{xIFdk6k7P7HV~eN)t_7XyU*{8dW|cUyV(snu>~woEH{$RvC?x;|tn8`WezqqOqxt zv5SdlKAF;0B0Q<|*5Tb4Kfo@DctO$8C%^$a$eBHFc4}<3itOq?DHf`cuAS~bO^v^z zacm~`DumaSHmi1WT_L6rvQHb%@;nb=76znSLo<<;BhN6W@ZvR>?luL5ec2g5$SN~B zP1yQ==VTZLW@^1EL|^8%|2*?FJ<`IJ<0_ulVhFA{A3Y)8I9Z=(#)9$Uh=EV^c{;Pj zpH)HwR5~6)r84CRja8&PW>|dZi`2-iSKvv1YtwMbE z{i^~L%k0r#iL69pvWcY+F)DYY#{6}f-_#g`9L9T@dGZ5Md1-((eVVT*;3h zU?fcH5lqJyV{OtrEI=>imbJb45xB`aPZ<+l8Om6#wIuP^u>+10nQ0xa){Y97ba5Z}il(k-o9mZcr-v0&Si$j!?!kf>8V}6>lW#%NwaczZ% zn<{&F6K&bBnI~T8-v%hRJJpfp`>;X>lY?Hbu5GPIq?g253hEt&Tg`d}ZP8Yj@v`=_ zERBR(VbxPkkGsrR7AGLvwGWjOIX{bLe97;DZb_#8LUN+sa&{7+N^aCk6 z55$@r{H?n5FlMLtEAKblDZD#=IXN6}zka;s)8LTTX7$eRY$*{2PZN}h^zJQ&GJsJ% zgkV&m3}^AT*Mf(4aBq8i*5pl*1`a#%Lk_?+NbiTF*YQRs912asUGv|~T)DE@A@%&i zj31s)$LMXdl>Xbzz++!JX}}*Obp;}rpt=YjoE7-V;WOyHHKi{DBk%76x;YE^7Hvh2lAVAA}D{Vg$VcU%6$h5^7rS z=%SwIS`y2jT8qXb-v>YYLXu51nN5p9Ha1yjsY)~$d*1>7L-_xr>aG8pe%n88Hb#Rm z8l+*wKpK@ExX~gtLJ$UwQdB~^n~^d`N_VFyAT2E+NEw8rgtRnx@AJ8?>%Q;rUjRSs zalX&<3gt8=6%PDNpgaezG`wG?Kd6gQ?w}13%(7xK(>`mt zVLYGRBD-2-KN9#b5?&s~vB^$;`}Pg*FO@&W*fc!7u^5R8@lcff%BxVC`>}c5_MX@R z=a-z5CuKMH{C~u*YWX_+vRxaK`*I%Rw9(6xAW0yrkq(FS2Tk$ zPJ__6kJ~LAO(wzU5nxo!SYyK#m#d!f-NKr*6)$yPjFwuW_WEMR`WzV^X8glDm%f1exakdfQe`(8k_dVcgT? z98IK^4ux^CW_h7#Oxl69+EmUv4!QW$)RSxT_B&%g+9(s|lzg$I%|Dx+Rbe8K1_`e^a4$Ce zsMz=F=+Kg=rAh4ZBk|NjSot2Y{-LnQi7jn$%ht5x%Pt^*@dzO|f@~FcJ2-XO>{H)+ z;z3k@UO2-&eV&y3Za5@EHi*+RF=k&c@Nv}~U&sk`-QRtIHJERnfu6M?OO8Q4uHAkO*_i&y?{;KI6i__tw8rWk{P(g~l_) z-(1wUN&@{~i|D(v3tLN+|3OnNFi8>h`GgoS#*xNBOWnFcIi+;gxewP5#>p#(-M4dc z$46cIvw99zD7f34^E>T#ZW(q6 zoxQl;SRcvwl2r(X{n`-9Y!X(!b!>d-uBv!i#$&E|TjE^oZa?oK;cUiWSRVb7?dkG$ zj$6HhlWsm~03xtXLh;#56@Z95@JB<_6DQTePI5x^c3iSmsR2TPc8A$ZT$z=RU~cYX z^KH$Sala=`_ck|K#QW3R%3};ahfxo?TL`oXuzMov{uF^oF-46=NvV5FJsY3obmp#Y zMmB1@t%B6mqwwjGTU_w{g)f#{wL=4}8lKiB!JWE0zP+yCwW=y!=7CHsv^Sk(1uz|8 z@>qOz#T_BN=^V+0-$aH8=8Z6)8BYvB%aFotI}mN(K+IgRT>tjpDXRcJ`69F zGOFUD{=Y(Dk*U1<2v-gp=;=PlqL0 zdhmUrR}5l&ZLPXK3y>DFA8G_rDRjm5KG*CT9DJ>j8V$zn1hSOpuin?2Nd!byHLCgK zi}SiRMM=0jSUjkE7C$OsT#v`|rNGA7nvkQ&cumO9!jo&-h5~dDRP!m1Ue@pF=CRTm zO%Q#CGE?OXbulruoz&i>Uk{U#JM}rps*+Q|_`7jh(i7*nbBCTHK6e!Mo4kwSFqjKM zCd6x%F$+8Hn9J!Qe`R{e>VbeR8F;AKMBVZ2l0bD9^}N<}wkEMOY7Vy)2ImDo@zlu5 z6QI$uL#)q3ZXt^nj55_%fuSC^Ro+3*&?JFwDkl1G=2kBW!z~WBzbiECY%Et{O;1;4P>`p5FSZ0tWFG@ zh!smAM{j%9+~?vUaSOI0TL4?DLQXB*l<)JKR6G z&^jYs>P0f`UIvyS+TN^lUeD`1F=9(X)~g1G=%Cy-8aFaSX+|wgI$UM+4DSwQ42)at z7arQ9`C%;SaX;045*CAg@KUfzl(#v7t3KDtl2efc&n9vC-a4b?{Yrvx^9j98CQpg` z;;+9{-YP)+cujg7`6EO!IHq}+K@MkRD_J0pJ=0HFB2}%BNeg)}T&vk@eAx#eexdC;^k~QUG&X)SecoK(3H-(J0aOLI~J62`wbwB!hXqidKn5et|MvI zMC17o_p7CmAP2yDzl2B1m5q}luW!$mX9e;=PY%%CQ+A;-6t@%^*?%Nbr@J>|at0A& z^55u?r0xD*7V{9vqDFw>;r;q}7`mB}|9tYBN&okq_MaDBP|tv3<;oo6l|~GbfKULwn$6~jWA9VYtoG{9Zxvm9ivd_E$HY(_kieXm z%LoFQ8aR%U0DRZZ*vTb{oU|t0o zhX?dnIjzjO%Z+?7dF~3H{BM|Ko0;_`He=Yu)1iDBWR} z@=BLUS93_5{jbHLKKAn(Fqv(sA3EixDNvbi)Js~~+^=P6rMaeZch643VT^5ibF&_w zqP)j4@;=yv8akRGHPDK0IRHKfHRvZ#Es|&@)z!Ryl^w745uXalBxCh_kr(L-><;+k zsikHLVGMQMJi7UM7IT-Muy28i_$|kv!}{dS<16=l&DKX1>3H_JKo~VdxE(ibKdD~9 zJMi~i8sHobU&j`^WYBM}t9@Pu?r%R@fL~h(p00au1y*Y*Shv&t9=< zri4~#M?j*RZ{^iD2%Ofbnrc$=g%TFm?7yG5>=S6dS@7Q=C%kK#rf2j!ox&hJj_tcP z{jVAV;zzy3L6;6c|9sAHruUpHm-s0xX$BDk_EwN9s&^EeJFzx`9Sgb`7Ll{xzklCZ z&;pTOJ~u{G#VzQ+qr{N^U0?y{uhP5L2rhGLwI+S;Isz^=N};6le@%7yxH2`E53z??q`^)i+Tp2B!O`0O1TmHPI=*Sk4!%CDrjm zYiQ2b^ytuel zSC3O>{DZQ8J?oW|osv3`cr}KW=V`mPIM|k|NpYUn>#RLARnw3-*Lb^x@YTeZv278AJ{9g8-J}H?fB=! z?-0l<=LGKZZn<~#E#XUXhY``cfDfZrf73$MD2wdIAtvoC0D~k-^#n>mP54AO+XosK zMca~}f*yVTP@K?nG~>vO0ECma{iSk^n-Y`$`w$Y3Ip2`*dY)!_A(|uw=;wi3CD^V` zC|LniM>|j(%u_7+re(O?qOB+=KX+R;<3Y*K#9qndf{#!y$P-#5P8cOHS(Z3M_2bmk z^}$&9JM>;6?UdlUp2Q`}=7&WD=Z6=>7Uha?&1NVz7JLOxFI}zC%CUO2AUJcBqbG}! zfEo=|TWQp+_}ieL(1+!TVPa;r_#ElKntHIuwE69`EXkkFFAu{NOhSfdJf|bTYhKP- z>hni&sQ7h9%{9NVSiZ+^_Ssj9)C<~c`K-hanxY3ePIQPX>8zHYOaCy{Mp72XECj$q z>w+5F1!r9!Gr-YHPSYMX&5MYCH)D9659(kZAM=0-Xl?Q<;)*_?-BQF;p#(^NCvun3 z5Jr81g3x=Q7E?&B7OOi~u>gRkN@o?Zg+uW#nR0I?$4*HshsfPkGo4N+x$coB`&OhNKx$K+llV`077JuGhlOG19_RH)Z z#o*67p(9a!1c%d|Q*5QPm7PJDk`-pzY>{g0gl5KPi0|-fuJN}M(rTh>6yU$<7bN`2;c4U>t-bNWP z$eXqb$x6J3dBv=poFmoW8aRj*VGt4KqHU)(LM_p8gP3s~ZD~E$YVDMD2H&QYnt$)? zy#0qB2%#k`$nd93et+1R4YQ+uS9nZK9NsdP%?A6`t+-QSow6L)p1}Bu%$ul4cd zDUvDpkXkRKu2l^L<#8bmDc0bKO)>`Sl?LD2v;IlPt)?NF!H;08tMDei?}UsbA*K)p-=~VP3Q9aqIiyp1YWWx! zt#ONUHg1BR<5pf?Lw>0q7+#YQ@`P~s`D%^gVSxcYO7~VcLt@XT@Z>&X0db>V;m$*D z|K;ca#$1DF@#d>ouU(@xasvIFFcsa&q!r=D6L)7-610AwDSpRME6_3ADoP- z60eFA4f2+Z9a74(Yz(^l&yWe}0hNWzQdmvw6{lYvogm98O&u71=wLC(J5p9`d!@_c z5$?cQirUiZe)Cn{U|0a?+me+1YQE$-d{P2?rne*q6d`{bS7c7FF;-M`#isA(BhuV^ z{t5P*l%Rk2u1x8^S%Cw6C_3;73WnZt(Fs}?E>YxUY59Pr+i<`ZJzD+MzX(nqXJ0E!yi2BQLPI z)YO70MCA^P2~v~P{w%@30h$Ukcoc6nO}09~!kXP!134}@a;5d_3{>pup`5WU>nHEf zw*M7(q{$GrxhC(pS-#I!PgRRfp6Ld*0770V!z*Xd|U?en^$(Rt;gboHS{OZ5LC-yj)9w( ztfu(gzdVWfWSpSS3hnFX_q#6GI+AYxje(74d`Ww4jMNw(0&kr0)=hJ}0GIoio7U^rj`M%z3={4hg&M zg03wy;Z6#L`rQ0ztw;^9rfGKdSogQJbP$c_3Y?+O6f!8sq4l`6aLemuL&m~0P}j0) zmzHHNflu;tY9%!?dVW=M9UG*w4v%vic?)x{J3J9!nXh1amnAL?>P*!-*eU$hw4kO$Tx?Zf zY5sDOJyU*^@-u)QB+OEcohzD(Q;IR1lcnDu4$KAbRUMj*QZ$L4|1pB7ZLw-YO$sj! z^6pzEZgqV;7^AIX(=;n?GXcx*x&j+{E7o4m^4XE`+MrYt^y%J%&Y-K~sk|~c6 z^9dr6_D`BO_gzJ{nQb;4isZJhR2vf4IH51~TFBP51UJ%cJmP-pv(iC&aXM_gFx+Yq zk55XKi)I1`z*%;$85;^{dYRhWQ=FH5;m-$7i>-B^gOl;=tJ2_xQ<1-&jp|)$RNJ1a zgOj`d3(jR*{j&hWE4nma(5%zeV26zR-ljvkAYC@1j)Tv?DaoSVxKFw{45dF}3&5@> z`x2FuZgEjNUk<;JUU*pjbCWflSl&~G4I`&lH$5sbX zX)A{tzqYq;i>tlksG8>LDWK}QXGM>}%~cQhu+MsY9DDLBW8R(8c-6DF+d~ z@xxVyXj+z6Qdk)Bk<=ceKYxoZw}SHaSa*B4N4iZ^sX%Fp0Dza--=D@~yuKOk;b1*b z7^DjZgj(tqtBo$0415yj0mp7X#-SzZkRIrUWdOng9w-i3VjQ!>z0u*Smi%TM=yBuD z{2|x%Y$@$�$ zwc$lTr|ohg4qi-EAKhH zK|Zec__I}PB2$2WzW;O6dmqNL_uG`L4o|ZclErgl0!wkLaT=ZoT5IQGIqym!8iEGA z@p_=>mOb3!9mmqu$ehPF%l=}Ce#l7;mc|&dT6F7~WYNDOzzwET9qyTnFhLPJJ4`}#?f~imWq|gh-EQtlCSC0 z@+6s+r*>=nlR8Qf_m%mzDecSpm~BUY!92mODVtme&9p;V4Bx2RcFdvI@ceDYl2zIV zh*zs|3=E`YyF!v1cP4(D>=jEB4_x0B__Bc^P|_bVqJiCp81*363uDA4!kd&2_qOsXB5S5?lH@0rTjpmvLj8=} zq8uoYT4#^0f8FT`p=^==?jG$oR?jI0k#C!?y48O_@Y+$rN)H9`U4lt=BWg zsC-L*D<*@t5@v|B_I(W$KA1dh6RMx(FowOU*jI(ItArd|D(quGR9NFV-&`pIdxqzx z64AHcTuAYeTzT68+JkE2>aF;I|ilxnmODr zN$VZ+>yUtKI9j|5^yk~eHgPRocK`yOr}7SH^<@r)EcZ^V_^3YmvI>T2gP5)lTjaf? z8Aob|EqWp|;L$VK1A!(AByBKz;3n!?u6n1oP*J5porSte8C*(y8=pK>5+4>zdsggSZhJ zE|FG@?y8R=A7s?5x7K>r@#cYh$yh)yYWHzkC{>e=wz4ma~Cc#&y3|fGCL+AJ82I z8c3G?ckTXC;NL^$vxJf2Aa*EB<*}v=5n-VF#k;3ml|@Kod5Y3K#O~6Hskm4A z^~H+hpXr)I&?=bKD9MxKzoT(+Uz?;bR8!S`+h~Rt8o_xvu3ESNg2d{DK#_maDVSIs zy6BmsG%MjM``nSn;vc+9Y$-;i_=|%k%)T%ocn`?o*#h)<}O&5aRQ8@ftCQ6`& zwickGbyLb8NQGxH>0AI5#r#jhIXUP0da!KvS{SnTk1QBeeh&DXn|~*;eFeJjHeCso zh^x4F<*uGV!S<;F`$n_%=Y7%gB~_lcd`l`^Jd(yHOLqv}d6#8?wi$d86?sOJ3R~Bb z1&O~YDr^gSUrAN4_78i3YE$Sl?{TZSy#=8$=vEh9#0|8WDc{1FUJU2^9al9`EWv!+ zFpe+!gsI6`;t_|kRg#gOdjf;oYFnu3Da&@Mez*%?MntgShd>A<{m4r1@&1{@S2mmZ zj-+04UZvLrn6@}(pX4uk32mNk3sQ4-DPIf{6ds9}d`$28^jK{*Zuo(bdN|N_S{~_+ z>Wv25+t1*Ot9ZgzizN%&;cN0+`+g$WR;ARQgNTFMjK)iTT759fZ_qyRDtQ4QO&#;d zB4NLxqg(Avr{iw9f80=_H3uX3<%kzQ^t1kChAG!dv6zH|cCLQ!9opf|MGU&nPGt8Tjk#>A6NL$2gpa=t~j{B@4&g&6fwAkOv59sfhq=YmX#j=|3w23x6 zQuxwT()&+qLeOoG*NWXmt-=cDv>{eWL6Li?gUo4>e1p~x(2Rape4zOrmr(yf`I1c--9mhfDE0UXKPKpdkEq;G_Pn z$7xJ(KLTmkIQ)v?Reb=(Z24pW)6nkVy|B&B#*H4RITD3ohvU`%ez4_8#oLfikqe?p z)DgK+-g_UD2|bKeV&%&GH;PUl?z`qC zUV_Ed4Kh5=>u<5+f^867N}?w2Z#1(iJUCZe?&cKSvUyh`IO=+=VS}}YE(mcCAqVOX zZ7}3-Oua-2FImin(Qxg<3yq4HHB5|uulL<8T>Q*l_plLSqq;!07S>@vHfND$Fzq+I zdA@-T(st!yP&S6#q0hH0ZmjqZobQFF1ODMUsE!R*MBas%NE91PTNS6UA|Dr;evaz) z;Op$ARhCK8w&QxuCMZjNV-C>KX$=R&=m7bi${TBfp51XEYe@T~y3Ykk+~iyr>rp`L zf7?G_t(ka}e{q_R1-FSAlbIB_Z)4Jp%m&bbT5q@9k7C-N;Z|d4IjHgG{j97FAh7f- zL93gITCLETzQcC0J%kUay`HWK8Ga#%p|((F0OJTq>;}gcETn*hA9#M+Su&``5O=f7%4IWa4~OVy3GGtB1;*0ceIx$G)g{MJxlm( zi}D4{)dQ2UXBO3Oa-;`+qE{Cl9=~vZCZrYGa7%}A1@0<8h78I!Ju3{1@)%z~$&co; zV{g=K_(b<|=P0KN^+ZhRdcMfFr=bdEE{||!iKZ!GjrW&Q@6o| zq|C$-wp1{cEU)9;jeXX(?)T*VW*cFrS=OvqRfnGw5vjlYdI~BlW4C-N-}x*a?v1Ae z190co&*J`4?JQ{?33yok^g9i{Q`w-i!kWA|NC()6&860t93NB!Io5xK6Omc+BtqI8 zqpOS13gEQ?FgEhcYs()W{+YD$)@2LR`t~{T>%xNNHeQqRkGsU;eQg6m@fAN=@dB0B zm_#1ccpB+P={=mt?Hce+#zl}ie`+AR7JJl4GXHNx;7A(KC?@)(!L#a;VwNXJS$5wf zNm|6-`iWx&J6o9NJNrhc!<9dX=5otAPPvX0=8=!Eyz9K^aEQbFN|f^`(E3|e`H-bX zxaSS{9%Y&JY9la@A$o`$=yL5)vKW|XWGRDOyXzi7>^+*a!+yigNKqI5HJ7tk-OPkh z_^BR(z^PNWUg&!zg9|6PyIH+)V`=sjf0CvK-1m?!4e-Z*?`H7B+Xj=Rw&T;ZoMfx_ zbF8@CzJYb2brid(lWxg%cP^7{FZ~g(>$a_|e^7IvwP;s#*>TmCTzt0pW|t{6UMN@n zJRO$Q*>YWsPo3_9btG{N&jiO6k^9&puL&c?_E`gQve;}>4$NL60~G?r`bl12_aRv2 zA;D&K0Le<-alrbJlm!um?0(JLXJOzMEz2BD_LUB)^6E(1@U>9qMI%eimH^ovXC8w$ zznPM*=229e|L1N#2z-STKbYVX`nojzQsQekc2Auy19?}_5TQ`Yy023L{Wez^!%g(G z@~IFK5Hb&R=Hc~D#R`GGhzFl^-MR3tbM2xOQ`FleVLa~=6 z>z+yQP**;c<+o(D1+tvQ31nLkJ^4grLiO_#4_5BEksKE7Q2(Yt)_XhOzNQ9@)v{Fbl@0ttc_uhSx{}6IS`fHwRqVkYD}kh6oYltMM>%W2%~93lQnG z>EU+MsZ0-a@yE@m|6Ljp6hwRpU^F3dJoO&mbZ$ z={w#}?tUEPEG;4zI~>#V1KsY_cTNaO?4uJ&MJnAchCAtohA?o}1*Eo{#EH%QI3#=b z*AnP&#zbf?@5&*b7vdo=OoJWTyx16Sot|nu3YX)pHBAW56XvZBNC>%<<^5Vv&(7cr zH^|X>2X5EB3S6gvDs1A+1*ScGmj%Ik&7y*PbWMMK4o%i>3mK#8TfU|7lq>N24dIA+ zXiYrss4ci5HG+KrBFi~a%)m&^rFHbX3M{wtlflvQvJdxxf+Q;ev`In_S{DDu%jW;H z^k^V>n4qC8eLBy^JATvlwpcO^wYJNxWnb{Dmrt&Bovm;vR1+k}LNg{uqxCRQV)K;X zxmIu6x#vaO>GnSIDdpQfs0a~l@zxbQI4=wQbiRa-2TZp)UZ2UTN#MUO7}ZPQX&ezX z#7LZfbIMaUE#Ogg$lTPX_%n=4PX6_#nk-?i^QD$k)h%1K;Z3FM^dtMt4oUDpXKgP$ zS&e$GgmAR7J~;~caYd~kCP$5u(!6`uE19L}-XHtCM(lw#ne=u^7l?+epLU3iPpQq! z>4meTi>?Q4(W3S|6~~pvblSo%2EcPZ1idv2L@`id`P<;GJ~-*dN3wbo`n)-?{cyVo zxJAGDE4O|&)C5Kb^jeT7`|zi2UG8a-lxA@>Gn#e2<8aO^`%F=K^2C8FcPkaO0#s2e z-W*#uCYyKy6oF#l9#0Sik{@19+ZFexFM7G<4kU=Fkqb^f0Sr*?*lf$}YBPJ4J5~xU6W#&8{uD2hi0BI_-&ylCpZImD;rI_rjua_>_BuG)|9FIpz4fclL1@6?DBSPMr z9@Mr5Gt>0(37g8i5ui6+liG^9+z5u_YW0pJ8I@S9kxNM>Ho)h+VP3hxeg#A!($pge zbQCbC?HD-xMEuA&#nJZ>*ni!b?dJ#E%!9KVB*I>FLX{>YWcX>jo$tKPkp&BJ+VJ91 zIy&2=1r&$Of_}~flt2g^wg|c%SOMqIB^wS&=C}E9&~RW;P+RXC&M5Nx387Y5i5d!L zO(mtJQDaQ0XBRSIL=!Prs5~g)ZEZyyPhPACt zY9~OAi^kX7heq~L-e6pWM@g>(bN&()_tB=3?K~u9$$3E%qihWb$Yr z!gPqUj!}v43G-5L9>WE*VDdBS1%c}=3!2I}c8T-jY|sr0oG%wB$IKPFa!-q9`f*yn z87or@S1xi&==HP-N2A{-mgG*U=n|zk(s$x8)B8i(?~+B zR&c>SM|jH3xC| z6!aQy37ylA*bcMe{r3HPH6Af5{uq-anEt+QjwrU?1s_Za2b}8orex>--nhAEsIU|J zzV5YJwLr7-O8O^&YD>>sHkZ`_y%;8mTQPDXrnk1oyW0}9PF2|)o?4hFy6g$!H}M$^ zNyNySM9uy+f3b?Cdn1KKIPqFwiJC+_kB63=IZs3NKP8IzF{W4GKd-w((R4Nl1C@Rg zBIThma!c|xuHJ#PJ)emEPMN0iK^x=A=Cc6wSPjX^@%v7XOKB0T?AJ)pqEmYJ&nDmyY|CMm>x7$?5b#tS3k zEwQi-zIs!JYVvgV)}|J6?UNd96)=(XY8O!nS?$bi8UBKRJMTHxPTp0JF%otaj*(?i z;90sExpgt5B>(4JK=D)4zV~uoe1^0D^n{e%g2nw8%=N6`Xow_2Kh1J=6erKa?x++ohoL|yJ0fgs`drS8W0Vfc%e0XHKS*j#(* zE<1j_zB&v=Q*=gtBvBLly-lFIqf?Z@D7)qD52C$DQG8dVVMts#^u5sn|>Lo?0DDWE(QQ7%4bY`|b2U0O&tGjNWdz zTU*c|rlx&$;@IKE0`$tjVmDL-`H&H^Nh$u3fWyvQZ~NP#JMeK59A?JAD1C`0&-JKi zR>M9B=}$-V(=_9M-H;)JB|eHD1`$RVaTPHR1euR2u$bD~yU5HF9VVq~AGv##8gMc} zwoVZYlEFa8=O`OG{L19cNjgY%ya{J^7!yHjBEx%p*)`mh2k+Z+ViZ`E(Rz<~?)KOQ678gll zjxB;CVOB8R0F{)sWQ)8ko8R*oI8YSlA|7?%?FkpN9lml8kxA9v-pw~8OG9#MHqEfnNjLhEcv3Cp z?CeDfbxf;(g}~RGQ8{7;(;hU}wfrf2Wktn(5>@plh(HlxprU|c{~*`eWghymkpsh+ z2{CiyGy80`ETQ^Z{p(*YIw`*5gGM`gqMB1Mc%yVKNtY;>9Xn3FC&P5gUzTJ$PtG$I&{%pFX>y!OJTmp{Ctm`y8K|Ltm@@gOsIzjU*Km#L-KWdb?XZ0~ zM^OK&K1e>X5 znfnq0V*a437VPaZlW1-QW`o8S|23@S#Y0Gp{saRPU}^xnL@#d?6EJ(KvRTR?-}*?Xa4uzOxl<% zIlg#qMD`e@#|!R)1@JYSZSX36%qmKkj`uG zAzpX;LtP=c*9>=GKhzUd)XZor&p2?&Y~|sy8gu(~T#o~X2gQo1gMqWb#G|u8Q3K(8+_Bg3apCpEdtD^S+;-f%V_}T(} zSsD|M%wht2JP<0<+qM{5+&~+;%^JtZ;C>i7*?Hj-akO+TqNUiq4Y@cH?X3Uy2aO5; zOQN~hi05k=hnI$hC|)ZSCh?0yyc;yBOlSW&&i*G@es@C~Z*SL@ zu>^V6k&6a#lAh#UCD%Hm2||D^crja7B~LsJ+wtu050O_*Yp*80oH-mtcz6_F4vg`w z;jzPnzk#g|#H4UZA01lCfkKk)tLBd$QpmRr!!CE#GN$HtzBYbD=Kz3l(kHNFEOLLF z!BT2F6GaQz9Cu$o8rhjzjM~F#Z0FQgA>m#@K|$`n{~NhmzyI+MRjxi-jUC*mzY!BO zOL_k=SiJI=v2CsoH}}uM!Nft62N{r+Q@2$U1}Ea zf%-W=7pk~b*5$XulNb%sCI90*Swew>J)@>~z-6OiX~y~@AV@^%*YDrO?#vs>JU*uW z-Tl(TA`)M@*1i;0%<%R+?4$C&#=J$CO-1h?Z>OiltJdD3&M8&Y1MkM6x)r}FZ{z*@ z>#{81E^>+2E)VO|#p?E5g=if#W*V+Pc^TPwMRJnpOQ^0|M}%if(meXhrBchM)ozvh z_xT8+xaDClHpokf1ETheBW4 zOTKQ=9kfuVO4yFBswLlT1g1EOnXH2SYLj~H$!;XFf;+IS@#JFeSSkHd3SL_6=%OD@ z>O}u6RQ@%O{tFm+b@Q2pXcdN1psg@C@C-F+x9U5+)pg2EhZCH$psRL?_@2${(;X z>}yT5ij7bh%Wd0=+eDgTxK4wM$Yxh>TCRY8ZKgc*ZKa?eujbm0vJvD8uslM5tj^BW zhr}GAP|7oB30bu|Y)DrQNHg!PvXQ_8Awa*h$U#7zE&<=N5kn!*-}GLN$}ZF@pYhv* zDqW|^;+$mswE(IBJX7TUMJ9GPb?S1+gHZf4c=4X`m%FS~c>J=U^}_jy^}H8{%Mn*X z=dGO_)HA8E0r;7CF74l%ugqwM=?S@^8Dh|0-9EvZm)nhEORxMaw;rV5+Q4Sw+N9hl z26pQh@(FphUSX2)mg&Q|MW3kOY}JaCLsn%gLB?tnNepjT@8BLtc)mXDbK)qxK`ppb zlE?urX>LAeVHjxZJR&}NHtC)1^WbMkn5)w*X|?iuoh004wS4C|63$FZKQj(K12cs_ z8)dbf#u{a-xUld$yvrHR%>DFQp)>=vonsaW5qw~*qA4nz{eD0|z(XDoAV8VlziQL= z5oD;;Evw8=6HKF1ARhBEsoCMcF~$G!s5vNY`f*XPqfFFS)7UGQDb`PXmIq3vq7iJ!2^aDqhnDjTG-Ef+z_4e0$ITD<_%cm!L?ogg(PamgkLiFy9qZB^Dn#B zeMQ9YcCEuc0f-Jcui_Ez)y25?5*F-w)*->&zp-og>FWGS5rz0L8>VZE3qdKloDfJ4 z`<^>QNGdssZZ+-TA4iKS%b(~-e#sX=Rg;W*7L5Rkyemd-5r;G#hj@wuIQv@U5SiKW zc*0M$Og26^Y)|J1)>7-Owm)EU({PJy{b6B|ivkMs%#KySv5u8Uol^RANew^mtOZ_( zpF0rn8kb3R(*C`{x5Q>XqwsVQ-=7#)q*f^R=%*uWekU%=e0Prrh(m5kO%iQT`arcOh;UD+X8KQ#fqrm;m4{VQ8il3&_j?6r z1x50zVCk5h;mt}Z$%IjDM)mV1!E<#VGCbWA_3VDKm%+h{8ak2?pOYGTaCS1U;fnB9 z@KK+F$UFVh5z@B7XEDE(<5rRLJxoGX+V2c zqtpzuDiEzdfKp8!|GWb^f;Olr@R6nCl6q z3N@4tl_<-d&0*YPDObh(Xk;GQqaw1ch#&iR)crqowx`jAcVz{WT>5A#S)KZH(1Tuqja`iHuG5fYkJr%K5L&~d~n1iy?JSW3zM7#1?L z#Fp%siM`XD}Esz@|sC@->5fz&JLiix3 zO^B+7hO+B&AAN_mB=C8UOm32M6;H+}-49`{um}7tV8{ij!CD)|T;_OJ;Lf|4*8hj9 zw~mUk{l16k5~Y;}fuRwGZcv6AI);$$25FHFmF`ZZgrQSukQ^iwX%LX^p*!9ipU>}I z>-!(DX5Gwv#lH4A*ExF!C%d|19IT&t$d#8!iyR4>BC9Y+$(4D(SE7T!?$T-7H=21` z?R3+R$;r?m5EAt3nnaUJAxKU*Ythz5GTNyIt!e`Iu8=?Vdla*gZ1H!hjxS1_TS~-U z=+ZnRYvOs6=+h6woP{>qlM$A#XUtZCM>PAgK&}FF7JfrLmOc!GsWBT6JsvxWlkgvV z7Lk_yBjgjk8&L*+;#;FdqRkm*V(UVV62p6T8h+&ij;R~$yn>l&zwStbks|bxl)rz? z(q`zTy}PYhv|xI&Xp)T9Lx7U}SjBWA1 zzUc@1?gu|A@+NlNr_!Z(-&upcLpxY6w5Ld%=JmLGnLlQxi*)}c?cs=5ksu)01dd(QI}o4S`s&^n(8~B3Pn6l zlJB&kz&v3U3A@8q7R6r-99ac!FV&4BGHw_yqAeIur&yf|_bEKfTxq09)X0Rd4|DtY z7+;KevK_mY3qn4j34t*d@?#&R)H8Fr29ClXCxLd#2eXJAx2{Xy3AZT`P+y23%ihnV z_X!Z-hMf5Mr^TY(`+W^ZCLf)Lk@aoezE!6xyCS_P#$li?NFY$QJ7qxsNyK^tp{?Y@ z?;Q3V`+Mpe(oHo`TPgjtS{6{wGo`haHKDnuo_1jnK~4e9on38M{W)kwHK7{8&Vyeu z)^Tsm_m=*yQN*hB|LM~PAipq z5FB4Nqh7hoE>$v;(4Fi;SYDAok2uVU6Pmb2tTlsr49V_sQ{_v(qsficfwLHoe!kW5 zBxUd^SIEiMc7SYG$0AFVL=%HKx1byn3`egdp3S5C&-Ynsx-JaujKsmiR4X}ZR}G8u zDA-FiuY>+GHWR~rNHBUM3MndMqCr>P`ktMZVaaS3q=u#J`bF+lI3HQ{Z6e$=gN9h2 zJ)^gd*3Va}8hWBH#*fZN7=6??t=F~7vFU~at$c+*$HPtE-`=K_9$-RZ8uEj;!cXdF z-gbp0XJqkx!XZ&0E3DIb!!7Y%kp?~S7ms#BV!@@r0=81EK4unLT*`~`?O9V=ZX7pX z5w6|%qx1gG7XrC@ZbQvE`R7!@ARLI9?o+SQPp#M^EEp*hnFx=L-yKPcY`>4JuMX{A zTzY>$`J?d~w(VLR{zyL<(P*o4vYCf=Ml4d_=Lt9{?oSok_)PnE94A?AxjP6EMP)P9%v)Rro86cTk{>!$0cLfnN-=6|B1)}D(Tcq`#+d5V*WAj%5 z@48?}gc2&t?r5S@^AeYkI=Ec}m2yO0ma@dzT+o@pZaGnv#Du9xG&4cnDz8gGuh%FN z--_6@si72trgR&K5nYqs=wYH=vpxs%EeemBZ_oj$LlN-5J)ZD)_5X|3+G+l&7tzZ{ z%u6GdVutLXg0qQ}zs44Io3ru45q3A`A?eq?yORnLp}ga#K`J^JTvNjAPQRg9X*A6pZ z?SGVXWB%b_$O5AuUFTCO3biDKECZke&Z7>7os~vbCS$O~xTW%Z;#7~=;$`GYbkwI5 zYxk7_)w1I%j*8i-eeoWF^G;A(b#zNlur>h!4NZ0XWlhj|kNAtRY2CXQ>@`-#LT`s7 z=wBUsB76U~#Bs)(we*o8zd%KR3T&P)s1U@OVn6jfy)iX^i>P0vU|3OD)gRn14TtugHb8=$WJd z{p~FzPMHzv!;YpN^qe-=txUAC?7^rsBiah8g+o<|tWMK~u+cs#{LDWo$#e$=V1Lso zlj#*A0vE0_N;ECq(|}spUTEfZkrOC_xv#@qtHv_UkQ@nQ(;3-(t~QoA+@=b~nvS_< z*x=YWL-7#I$K^}C{m2D16;DN z%OoQwj(*EwZc_Ndat91hdg6p2xi+FtCTM+^VSP%^Wld4g|LD`lwPQu#9O6DHOD#jI ze~y|~CT*oiaNHsNDuKe2Z{0Wph3}0TYOMl4t0|u6*9;dtG-g`<@K)T`p4auNY)upx zlQW`xr2a;r+vS!9h9F_x=frK;lbGL$4{_$La}}q1!yvlvJ{UI+Wzm)iL?=W>lbcB@ z7fHWFXpGH9Tcjl*o2I2JzB=BphCnEmYYRIH3s4v3UwpG(QLszgfHUZC;I-tIBx(mk zLCAdmN-eTuoN{>wJB;|c%U)>_=AEKWet}UysZ?RLZYN5?6$596FRCz0uSU^X&4$Lq zUM+TjR8Dx+JeHL$=IlMSnP&cF<+=zXo*N3s+{bEnJw+6@S4{qs=w-@S@@;(FJCVjv zd*}6K-bp)h1WnOlbQtkZTX4|_WGTF0V8ImOl_swDeBiXkNX zD+5n9xno{-am}3CZzH@6V9G_2?}hMlGHCPqSx{Gx0<6!AG)wk)Zx2Ic<5{q}RkXZY z=>Nj-|9YSoFq86`!o%6?^MlNIDs=79WT|Wmn_@yuFk$%Gy>M+Efwd%tqR-o9`^lf{ z)L#F>khtxrVmdqDvT7hlbVa|VU`<1jTvSB@jn5ts!tc6*e9}pXL(`?5(Bl*3Hf+Ur zPiX5cAF-ehk;GWluFs;wgeW=_X9fp<*enXu z8h_cFi;b@8Ze0$2^&#QhaXvXco1w%QjU4_^&Cw;Pg*FKP_IZ3L1F=)Xe%h7(nd7Gu zt7~SY#(2xwiau&@xj|Hgm7VxSrGlqZ!W7i*TqCwbV}<&hfLg1)F3bl6;pGNdpl&oY z6TrYmc#!o zHQhC%iT}Ba|99R5$!~p%A#W`)YW8qjLwj`E!ugHsc2B{94D^LmEIfcrqzMh9Cq07i zP9o{Up(eW`7RzmW8m(sMv$E==9!%&|AtXXk+lPllk;bq({@`WxufWM4!*7Emed3qg z%@Jb98X75!>|hIev@$H6^|*3#f->-}|7u?cno7#uw<{VKx1l~k==*A$u4u%q$jxHG zI6AcGvSXA&k&)a8jmbBIEO5_w76+9H^C@eNn;hityY~U~yKU^D3x-9{j0-xjFwveX z7A5{Jv6s@lh2LP19#Ep5;GC3hd~{=qtY<~7Ci3X6WID~B$XzK5bhk7iJD{8*2X$?Z zc133u+&%^Qk)s;h=MFCDDsGsO{e&}3nt_#7m(kBXPN~OTo=?ZQ#|3XB%s)*8Yzre$ zSQ_Nvr#Q%Gi(u$LP3*_)ud*1N8#j6I%+350QeOZLcg1^EiIXWgXMW7Mmol`GR2ba( zD&{Bm(%4t>ETb-RKgBUUSHdM9EF5Bx7GNm|Um>#4!9ua{u2~clSIoa5@*CR|dk32$ z@5}pT+>c^60nU{SZKp97)Ir@>(B|m?{4DW2`c8*QDDcYr_SK^I3jFaw&B<)1>L?r8 zaikp8-@#8WAN{4asSRL{9ZVo}3|Kod6=c>3!LQ2rLuYV2;fpZJi~Fo}b{rl?3m1|j zi%9pub$e1wzMS)l7xG^G|A7U@zr68*B5(595&){t9yKv;wtna z6Q_jna;Ylk&m)~`aD}NLty@%wz3$o6ha6A7}WWl-42P_9b|zV4T@;t#XmQuxS$16B(F#Q zZZxr=K4fK-a#@7G66(qEsq=e}ViH2JhN{pNH06R&M`V(>B3rr0Q9gyg#*ikW|B+G8 zflF}jm{5M)Lz{@3JD?6hAI$vxF%mmt`dt@X?MA%wI;K!Ly*1Lrea5fXy@vfA)5}`{ zUiv)LW_(Ah9)C;wsL>{S=_(XjSp{9x?gGF=`;j0WGzcHb656RU9@EcWDWOj0c?Tw( zK$b?nu{fmVvpfSok2tT~)ei8q40<-F4iGl~t^u-uehm zAG^@y^)3HF-ro|qXsknO(ZQahBAoYo;aS@pafs%v(UW@ZTsb!515I7M-M=e#NTUyu z#*Wd|7u65y(J_=0yPs4ytX%aN#@^gqc#8O_rMxqIyWG`5m;6QBQf4;KFS-Pei=i5I zil#yCDqV{x+gL80taY`IKeIe-y?L7t=Vw~1RkXW4b${eDo(+xKOin@0HkNsBh7Oh# znbh4PMR;&`Th#-eCuQGrx0sh7-Gm3{RNk)Q`2yGG+Xa2zi;Dkx z6dy4Us&hQbpOjOUE}&Q33Mf;|4*_R0;o#RQMy&Ucr?X2-U*gf1L^H|ZRZW#VP%Sa`VcaThs#3%1uly`Dfu5~@`ckSM1VVH3n1LG7H zU}RvgkOh^(_4Ke4j>y!PKA5CUP*zz6>ea>^**Wf~c|loUO_M}Bs>(YgOJP4UgpoP& ztNt32VBsJ_kfv;xmZ3CZ@Nl6Dxw-Q~mz9`^DQqjwb~j(ETXUq@u8QKlQT8!?!P~17 zX1v-Tb`;8<5NRHbLu&Kx2#Q5A^}S?!4jC1Y$9}40X4C+3<(oTqI{r7gsq7Q{aaD`=y>IZ;)x*;0R@yf~UmJmY z+GrPWEEgzYhOe7CMA2n^wKD&$#D8VM=8h4d=a^YKtrJXOE>CaM{6VhZm!A*~ z4UM4N>HumOF>@>J5Cn-T_<;zecb`gmD5b_Wx$`+s=3UD#TfM-*4o|?S@NJdp1V_l? z)~qJr))IfQub+nBxNAY?M){*ef4Hv^ItKWlz<%2;Tq2i_I~^=L;{x*n{H|*@a0vrx z>=t}Yf5c&yqn(D4=`gaAOc*|DJ5o5bEbL&xd@DCbKb;Xw)`zz#i<>zPrK~7Q;C%WB z%D{`L0=Gvo-TE}srl#|%PgXs;^IIrD0oB~pDet^kFc3|nv!Tt_3Cl+cA0j~s>7_}L zmjp}i)<%(2IE$X0&HSxlPtYbnie*QB?6{M#Uh9-^%-e$MK_O`F`A`iIcJ}}Qvw;p; z`sHCpme8~n*`*Vh#23R=T)mu_{wW>!o_swnAEh&V+LQ@Sch72(%opDG3bTAuC9m6O z`F?&;Et8LxAd)zb99eoutB3-3jlO=zM3;;ne=B@KBR9ywk~nT={33wPf(blWb`=W^ zG!kz7eSF^j){gq>tw6Sp5wM*3?${w&W*1ueER&ENX?J_hJ5OuC#nfAxwwR z`D2v$P_P| z$3nQgHU7^{6{epXqYUnvsZy z?fD?=$(poqaa%O*iyi0A_r~C%!Ed;z)N=Sd^nj*Qky_joVZ%3hnn$=EaVH-b?@^g> z5-~8!YOO>UMQ+`(uoz5(J0B$xy!weZ8t3L>e+yB|vUSoP6C@ITzZhj1uPvm+u%OP1 zw}C#QpI2QV>6vT@c0)%RAk0lYIiX^I{md<%Q*z@}7oEPQci({AI=;2#d^vF;wMN+W;~n}_>6)~%$g_=k0gIvc?le}N`LS9$$;6(d zYj@E^ubW1+*QInRxe5AO1;;G={FN)(zD<^mP-6WosQ+ZbtuJ4a7HjT~xABEi9`1k& zVmX|-@XRI4fm~-xedQkbUP;)vU{?M^TvFRPnGahRNqQcD!O!3lpV-jhaj%i<4?Rjq zAo~_u>nXX7W1XY^mi9zlyGI7GFzEKNM5$r?{FUdY6p!MPTY6F5i8i{am~f29{kQW^gAi78n@+5+^tSk=nd6jnl{pF_v+@9t_6)fJCRd?SXyhb<)*`w`;z z0Sw(cI76|@9y1?4B8PQZ-i1UFVQq;!wyD>m;w^OxyxN-Jt5vdl4ZpU@!AVGqt-^|{ z&!4%KLwUj|G5t*~#~J=Q-Y1~2Qk)>0hr|YRx-8NvI|^Ue?6?Fn5*~cCAO_9&$tbLy z=?A|*--u-AF91j6YKm;hW7)1R2X#T!R+*IC+=M{wOy3qE=Tvru@=FBhCycn|)IpV^ zywka(xdfTCY0!aEhX_&Jn>wpr%JwppDG`v^M~5c0@YY`93G~y?BNo|CMWui89I+0dj+HB6gI>Y@2G90S7%yAUuN!sa(fc*D%?iDtJInD_ zHs;^({l1Pe7gysh@Vd<`rbju8z-UTU)81&$EQ@K0^>;n z={q&9#AFG{P-Zz_;bYM*=Y&lOpc$26JHwA&(q>}9r1^Xu#Z@3xuSOp?w{sE^PHsKA zzK6B{ap!!YG*J)9|Elyq!qWDSutZ_E&0e@O3yJJG7J>Uiva%B_EBD0Vs>2j~wM-~w zqv@+bdD1}D*&8j?y}NS?^$5$TnJi=a-R7ECe7eJQ!RgA9Kcwh%p2u|+s!_K(rd~;4 z5dLHdg*{Gf^sakP%;Bifkrzz<>zg_A7r@zoJ~nW_iVpRy;0wP*WYXBcSCmCN=K?ca z=Jr5Ac~@tkCly}-@3)v*j^x5B)rQbu89jxsKcFyYI=WDz_X%0TqvWQQ1HP>R7!3*PS`P1Kv2PMY zH4kr>C}VRCVbZGedG69gQCbuzQF*ZIVmP%f5@%|iRkyPZzbH#xCpx&!@ek~p(~I3_ zNwimY;TgsT<%rfg_J>1mMqY3`D`rm$-4kfna_+#SRRc2*w=jX5FYnJEca2}a8o0Pr zG3o2EypNP|KNNfF2kDi7h09tsS47T=H<6OjyhW?DydBN>RyXpFSz^$w4@b}3UCDEP zO}dy^=5#DQaZdwY!YY4Pw*OSlG}UXp?RR(>H6lH#?8DAG_)x?D&uIRM`ydk)^94V% zX6S}CLO~RafIO{wGGy)bXhB$h&j}1PDH(i}OTqSQ7f6-Tt0fj@`+3$9c=)?5*z&VZ zcfDTFN~xdXR~_X8?dM*e^o?m?3Ns(yy>1&yIWIgwG`eiK@Kb6Iexxue=uv_y6TKaP zwecbz!zkh`Bggi1P(+z=%A2)vv;YR-VxqCR2=;}^Z)N9_FelwL6< z^_Cu)BrpNxKPq`NQcse>%=U)x!Iy%?x7X&00p-8B(3nzA(Ax`6oCzV85W*1~sa$={ zokfnMx$oYo0Y64l22gVLjFiol6O!$A3vJ?)8oD;JCs7+rYDUC8KWV%u`)2tEjc7(v zk0%$E0#8q4u@o8&>GFWoYbQ*E*Kbh}mM)Wlew2zzDZ$Tg#URTd-shI1=q<9pXGaDo zG2QqUiF61*tzI#RfEU|B18B*$K1KMR%)66Sl?S~K{tYinR}@>m`jBHTqTdicZuwq1 zTF-n(!s{pf%cL`*M!9^t1ctHXJdAd!lMC}d1CkBACg z&=O~*$;&|;IlnVRC^Y6P;DC$Ti(VdtzL*i`%@FZ?{wsrKNufPIgPXokPMp$&Oz@gZ%=b81>h^{}n&TgnU@>G=Q|GJb-0(WqhG%oCrQ}S}R;&$*ommJ7FH-jdlo5 zUw;4h<`({518J%GKMeZwU(mz?b(WTg*^AKOVTM55lCJ0 zSSs_97|0HP?6Utc#RY2IrCS0^OSyU3cRjYFZtnqPoS zvye)@G+&R1+=8J{B`HO+;}oo>f^Y)5rE&3;l?z;}3aisuRL0S&L{XEorMJX2|Ip!6 z>oy;4H{ZPFnn;za(`o4Q>Fg$0a3w1ktfKHtSQY1{r5POlk-{54>imX%KCWj| zn20^=uK7r#!3d+|(i2goqFmhLodPyxJ~BrT@ibu=U?#xb`@Jl6k$bM-awZ;v1BphF3tvt=^9a<>qUYp{@&SGn8N4DY3i9;#UOWyDPC0-bPoHKt9Q7H zx5H#gCRMVBM0R@{GIf%^bS(1D8yc5zT`p>#4q01!Q!OKlzy*i8VPMW&M0*s~{GlQd zN$oW6Wl1EvbHAV_1M2vPSZ;O?I@Y@It;hBkY0%*C*JODqQ=+58fog(02)6qdR52d_ zndMZU0zr{8g6(?wh#<5(a+IJ^MNkoby6Fx@E_N4*71s8m76VqzY&@)qz50)LGQCLQ zr24LQ*P``kp4|>d1UGX^|Iiza+!t`H=uTM20xM6i?tSqRZdcs+UUzh%D|bYp0^!@E z9Sj{_4yiPpl0np;HjRRi&m8@ntMOb8 z46RgWvJoy<_@&T?e-7@rPYH3==!%OAjK49f$-4JXj)BPRK%76XCbBP^VI(I0>>6dq zWs&3gd-`q}U5wpr=LrY7Mr{?`&G=H@l)BU0D4AO8IyRHh(Q#u^3DlpFrIaqlGseO2 zEMG#1MRCLG#T;OR@yj+0oX*Z3*;$!*8;s~(U!|R(F0VCV=+eOi{8&_QOYiT!JClY} z{(kG|>XR4v`#;YCkB5xi!WxOiw-J+u5FTg`qbjn2!m!GjZT z+@HNDQZzX6=AX7by|m0napD0KTbGg?IE*lWUfn=+QHm3F%#qzDjN3xKgioK9s`)LG zcx{({8FO`=u}Yg!3%vTh?xW|)##~;$9D#}4rB+6!W|+t$DZ4O=Xky$*2en0b8Rdh< z0~dDm>r`;6nlMaFAw-G18of+|R$vn3$cQQsy4y2*+i^1D5Q8+@=WzY4llvObP|{=H z9%EDx8_cKeb9t&AloyH)Ein823d@>#kQLJVY!8qCJtjykQs*ThmSoSf;4ra!h zEIltFKEm-ceHqX4;gI&mzb=-Vsm#yjiOx2!8|6zCj5xx#2RYu*4=>~cs)4-nC%!i! zm}9mW6$*-EZ{%y46A)XbiF<~;>Yy`?l!K-x5t?W$Ux1E0eZ{rbQ^G@LP;0>OWMCo-uE=@5m^=zc~JU{?TRP zNRbY!iPhzOr*vYwqA@W}vISaDggt|FwX8(23(od)l*mWQOyFMW!7(ofaTaFng&rbB zHtQGZH?Tyc+>53DRf2|snyX)N5?0#?GzFL$qAxuy#gr*d&35cU>6~g9d_vI`168~> zJx5J^yTHMMmYq%=L|0d`VK`>Iwf5(y>6}#6fP1%80l&Az%MH*Gp{X{ESg$4`m+Nhu zqtPoh+&qtSfb`IN0~PGViN9R(^*M+|;e%-w+fyzYlWZRbja3f6FE!^^q)CS4rlCqFm-6#<_!-wVfsp;@iBn#Ezdn> zFoAkts?(gy>_(sqj+LDN5yd6!Y9;uUN%+6d<3-q3WjJHrY)&7aHa)iFHtL*_E+ z{E?Sbja6 z1-k}H4ewG9QwnH}XcLa2=T(7w(Gw=@PY^6x9@`7yz+7UTT1GX{G1>~u$}oS(|Fj>* zxJ;kTx!gBKw@IAO|8{QKYlN=6gkkE~b?7`2^0gkCe~p=xfPvv~Yr&iwIfQ6P*@KUCk}(s6P4CbFKF% zh)Wt)Cl5g#eOYJiJzAKv95Ey)!ClknKgsIY}FsO?m6bh5$7@*|-5u zU)Jb#OWDwMze5p?{FU!hyO|#~n|F8e#ph|ibHjwr*|bHRm6#8Mxp*Y{!S%G~cX2zt z*zV@KgacCx5L#Bv%8d8URVy=ZlufQpQB&#mQN*O!gjK;ETMAaRn|6vX+@1BFXI&(5 zbw+(~x=JnK88u_Kn-K^5r0J1m5p&b_#gL7ph15kC!8&3-N6;zLe^Z7opJ~MOeCqOL z*pNfDyKp!`w!^fiZqjprzX-Hnt9Jiqq-^%#`^XxW9R@EXg#pe>Sw>C zIo%aLCs&=BbyO8@#T7A8btq0!7=-E5=Mv;QGwF|N3J13ZV0L1wcA21zeDkr8lvHD9 z2E}68+-GpSZ&2bO%6Y)zBiG_8JI(Q!hDT4u$f-7Y&nN&I*#N&LH8 z-mQGw=;!2RexZJbv9)Q|E?yAdTJb-jEXy+qNwZYj3Ats99eU2o97O&BKLO#QPX_2y z^Q3{S=2Ex%%})XWou0~6)!7pR)`TcYqoKMF5(ad9^*~hqa4l#E-05&>W|i-Vc!rsO zbR?CL-4SSaVQz^CtX%z^9*3V8ERy$F@QawJs3V}OG5q9-nt7p5MRVK1*V}0`qfe}M zk%=9~3>Z`54OJ-$s_WsCnuNQ11By!iJGBGBxO7j>(x8l(mAdtKXVP(hi`=_diA$4q;P;Z4`CC-!_IgrAgjqS=)OWw>i~m_& zUc*YP*obq}S}Lk#*et6)N>^b-J`)eTL>588ov>Pz7_V?l%Xvpln`~xXr)LaI$Tz`yRK=IUeq+7<5Dn-X+ zjhHya1A+k^@spf7OmDg0TyR@&h5P;@@x{fDy$QcDe95NHtfI>+==Mp~xs~;|6`;Fz zEj0Hr1)mbI95fE8Rj|*~LK1ZJ7gqX-4|G~ES?S?_$t^l+p%`Jj{lGAk4_;oOYgjM# z&OReyI%A-pLP}laVANidlUii3yU7TfXr&c!;~%Yl$c%#W!uDj!QKHuzB3mO?ty2m! zw;QbwaiiD@Mq!u*$rvW2-r!5C25ZPQ>?A7zwK6e3Qx|-1`X;Wc52O1fHU4QUY&juu z^l=IX;!?5gPd_R)wW-Pd)zsD^joZNUP)+LpZmKW|{xKxh1)dDldZ;0`m`M73EF3SU zP(=GQ7#^fWLKG1-FJTTMy5hWmBxJ~2^k%{5b%U^UKFFhNwW?CLiEAOIEfS5(zb9P^ zK%~j3_=eJPpV_9Wv!Xki#Jop{*jv~2#KW>{!_>CKSY%uY5?9EnhUEHA=Jos0Vx>-> zBpYA7pLfX(yJ=6M%r?*9EI&6U&uJDa?;RszD6*fW2vc3dtnO8YiC!_$bt8e zG)&aYKI`~sB&56m1@$hdF;UXdW^1nmZRK8r*YbkTnb-sXp=bBlof3=Tp1nvH_2RstlIJ(>Iw4pW75U7>!(rQR-?uGl(?} z&y`7ud=0p6Lyw4?%GgDBi^$p%l2u+49C+)4A>%Zk2UMa%-$;cIP?EXVY=kq}TUJJ+ zJRiioI_8~`X4>R0tt{1y`ly?qN7Psv@|w_+aaH7hT4PvUd+ z8E9LlNOyQUopGcp^$nvsQUb7xJi*3Y)79FsBS;~(r=26O{JuCox!UQeeAHl5{laCk z2GLCC_c;SiPn$);AdviW_0i~oM3ML4sC(`I{G*TLmGp zi4va1W>np$Vj^~3>^*~~BSd5dIzIAE44=D*1wpml|F=G3smpln7#5mH&69_oQ*aCp zL@Q=9s3nr`=wc5OKj_0DY#?Nnrc%KL)NMm8TuydKGP50t$_~u>c3gx|^P}h8>G6nh z^qS&og>65?;EGdGZC{%8LnEAB(F7&{)oil~lmsGH+M6w)^7rTR24E4^&1(1e%z|i5 zX6({W;6<5S|MsYlN>Jen)#Am6wv#cXv$@4Pug=-!7#Y`Cc|gW61VR>)UczA3Uzkct z6jg{lxN~{>D4092V-SU6YTIM~p|a{}ZQ(}>d&cw)To!_`&!fLgIapHE@E+yH`)T%s zB<`5q~bt_DRKKJpoH4g7cFkPm@V*G@O*GqX6Uh360)QW#g1=LW7IdfxM(_6DClV~F+cQqqgd^{lw zB7-fAz3&%HvplbtTUhlsZmt%9CfyZtLlU^xZ4Cn)=#WcA!+ZLLXOa5pGggt_%`4~) zUn>ObsWZfgagebm$*HJ#vt5QuD9>Fp64dl)&fD$J8cY-y8u?>kUqnQkvoJDPA~uJ3 zH0kfyrtT_WcZ2YhVxcySB_K1#wa9!z~T-fyuj%GE^trR#NYE! zT#li#qhrz7cdwy%6f@CMm{|#RJzN<<;kx2?O02sntNW@mC7zxLwfM|T#6O*shyn~so?rKc6)KFZX429z~Z-A^C(gD_9nX?Uy8AZ!&02&!BF95~AXK+u zfhm3get!(btIap;WR8i z{>|T!tjad%|}+)pPni=2Zul4J{tfMJ2y(=p>vzOwmVA2V) zQ%w1kxXj*mM_d})6{3XCA3N!>UZ?)b5mq{B{)t70o3E1_sLK8`s%_paD(>o+pH0W{ zlU1L4I-oRCGQH}RBL2<_F%!SL#fvGcp2<~q6gzFFj~yD#cdS3fryef_n(T?-pY)~A zEt)9WEX_B$?};s5szxPv@Q)<!#12vc=bbBO>t& zU`JbU_?jW+BRypNP`g>O>;(eHRAW?Z>b5I7r!1ZbWE9O_O#Xyq&MNESXzHp&*&2L3+&MO9*vYNB*a5L?MLvS2|}+q&tBQB#0)Foh?EUXk0#1 zBUXH%*msZbE}4z)=J^g__jlA=cR)+bKZ|bh^`WWTTduG3ZjFCGP|dz}sIdCMSr;8c zB{Twf^6oZF8P|Qu3z&Tfp|2P3Z%uqJ*V5QZLZjBdKjL--kO_4AC+~LG#tR6TGBRdf zJ>s(5srZ`vKz4NuU1h0+oU{M9{owMNwfkb#zaNH6vRgoRTcVOHKBM#64n!pt&>BN2 zFlarR>-4)=rH&=fZ*0E>DcN$lp0&4lf9L%}%#zrE^TIgba?PotVY2qT4e8%F$X+(h z5XEW!h`SXqPaT$Uo?Wh_}R4+75m@kfg+(s zAXXl{Hgu?H*bQflB{wa++>pATacga!*8K7Z%lY zGMkoTQHoCOLvCUqfw7{cWv*By%UVtRFzk>2`5&*}Dnc{B8%T4MxAE&WFRBF`C7pHC z-NhRN)PLXh;Q%;2KcADMa?(X2D)9vZh*9jei;Zy@>5d+)L@5_OLKE@;t24_2WMxP;o*92z!H? z!{XU6KQk)U5To!+flA@}BoOl1Ei9%0_4; zvUmnA1kvDx^n?6P(~=}+!(Ze^Yn**rJzkcaSoh=jbNpXpC_ zMD{Iq!+nuyDa{IH>ChEE4H~|!OrX`~L78YRr_lQxn9!e%)8>z^#2yk-PK`6xXJbm- zk2ejE{tGs4w{^Ef_S>(W=X^GDuzQ9svUT*#Fz4Q`#5nCWOf{zH8qYj6^3b4?c;~^l z?ss$8zxR+7zTHv_to@Sv4vzV=|FpgE;z4z-FNVq{%c(J=qHaXAan`{Il(fXoVlxPxdDtdF!?erzbi}FpJgoK2k-B{sz-OQWr z$NyFvB8g>gIf~nPr7xx~HAw4t>dP*vhD2k4q#S{nDWc+KckBFOf!CG zH|JP4?AUfX=^!~88~fzp^A9w{tDnYun(qEWzU6e%AnW{Ks^e|~AT3f$v;mhtOlFDX zsS_}fzw;jOLvY5DH#3X zCN%@B`LSq!CG((yILTQ64TMDZbxizE*YDK;yc1k_YheJ4vQueMYVF}l|6FmFvpskF zh50ex;_bfoT9b}}lK>wd71%t?e_JcBHb!uEfLSHel7vOI9$)8^d!L!qi|v2w zexPaBJ0|z+dFP@#XqAZG|2JSJy+N@pT=w2Z1_HK@p^$pss#X;+2)-}v8B;b(H+j~ zeyKYR^pFRo1|-A3s&CT|+}KPIVkx|8^`w0E6>@~jMOP&=(eLOe;)X6xe4;3FRNAe3 z|4*Z6{4mfUyffqE{nVDcyE>-y()Xm1IiN0gcYT0}{y`@sLItY1F_Pl|oIonP%wzKB z{SOPn+f$y z@9Xy(=bVG0H7hmW0We(8?f3UlBk-}`qp<)Fk&B~sdN{c%0L*C|mAsx-5&C1fk>i~! zaes6CIm76orqk1NW7kA)&A(G`@!`!`vLXP?{3!8Od5enu|r`Cf475^x>PqonPxgkI&;ud|;HEdeN(=^`mzr zxzT?MY{n+f3D|4%LDyZC8S{qe;y$%Bu02Hj;YeTz9u^4z_cp+u=-)F~yh;VoqobDY zc2iyu_&2En5QNNyyZ^p>UfpQm-LV^WVNJsW5CFh$2W(O=08nNrY_iROv2i3nNyboA z;;adydDDs7*!$E#!R{0AP744)W##)LA2{pnaY3x8eUPPYriIDH_h*hkbWjJJWn)M{ zV09djx3aczKq|z4h5&i4Y{^Sk)WM@dj>H|o))E5oZ%s0 z)R7&=6G}FDoOJVQhJ)asY#*JhMb;=^WVsXqeU$eZ$^^sLWAIrI?7pW$P%$}@Q@k!B z2_E*IB#Vh);fp!T=?=h`Ga|&(9vR-r)}}b#I?5AS4rg?HU=mhoMqZuBXaMR|MYovd z9IDzfd(;dJ43u_{J`?y4wBM|8|K9Nf#%y;fl%TP(QP2U9{vT)nez@M0m$H9I1v}+< zP9}gy(!m!0Eg=70i?fC*|6%90Qynqj?qRQ{pEe0Y-Xj`_w$2s<1Fvs3q+AMsV*G>i zs29y8T+N&LXTY(y_y8op^~c=qx0Tqsjl96zKD&0Fz9Gk&-lug&-hU<}uV+SQd4F&+ zR#`m!37D-R0Cha)fIE}j0miuc#k;ewUPlNPp-1`Cq9$WCV+#xamiTU&$t}F1`a2%_ zU3*#CkG@zM2c*xaF95cJb)ip02S$K}aNWxt01ncIIlR0=7Nr@_K9M+4zXqUAW#tDb z&2TK$&`t5W6I;^Mcem!_A75mf*KSS!?CtrY2}Q~GOTKp}wsSUl{*F^d-VN`c8K?J& z0w`X+#GQAw! zEIyO~D8U>sDZ39_3*bdRM?^NV<8jz35{)0&T6Oo6I)H<9%htT~*scBXqVfLjdd@tG zOU_~sl&bfA($HPyVGefzfT%7@E z0cYA?vX*L%39yA^nFfFdS-0%gMmYhCJZ0ljV9L512F^mfom~r&1BHV^!FVXiSf1m~ark*ce0@7=L2XqK z3mS6ABXiBzlpszG>lFWVzjxpBtExud`TA!4p};xg{k_uOF8N?}3mlAD0uHIexe{{^ zE$ai=H%9l=zmKYu_w7UQm1N>51`_Dn&BGiFY zQSFH8a9zL>I$d?$sN|gBtZe~TC*HiY8J*oYAQ!Mt&Uw2W(Fo)n ztR_;$$C{i=!04G@PQi8p%F~Vsy}dmzWZU^e$ip>y3UI}=!HPnk zW`HNo0EeAp-pwjYRGx;s{6{B%gnRvxeKrHocL{ow!yPsFoo>H%mXo#A{pDyk9&=zc zwaD1RUb+5*46xBER<>haEWHk`kO9=${xKe4!J1=JzmX=wT~GQ1Oyy){`<4Bi*+&{y zz4Uee$|T1Wm`;rnciZ^Grw=mlL;tFE`&c!H*NmB09`_qXL43?jQbo=M#?Xd3xUvfhUb{1ifq zfpKc2T!f3#j!V=8W%&>!Q(mv((60Gt5Yw?`JcD_T`mw)JIdTu)T3sf$D3tZ+&~r_> zGx5w|&!7`$i8?<(QXmQ@Nthq&9aUgms{~x-pR%m((nIc>b>K!eBb|ZBZN?-D66ax5@l1bkdYY@Lbi~Zbz4oz%3j$- z_TD=gWs{vfB71MY^Q7aJw!R!-|Q{#r%F990~+|81yZqWYwqBz4DN8Yy2gtT9Ye zpBViG>QSr0_|U)b0;3e))IV@+pvGgV_pxFT=n9HK^a~nRRa=W-PCzHrE6+k^e**mT zy3nQ-L+Mmme@lzFEK~xw;WSNq-&^lEFgR!iG{q?fMaLxP8A-L9>w_KceFzh3c^qxc zi#)91D{7>39I@FxTJeYrqFL;53)edm1#xJgP3RUwDcYsYXZNwox|HvvLm6b5yb zZ7*SV9vWkFbd9g@BLR55n+ayRoxWDHI~f;$~0!!Ly^mdpPk z%#(J%;&g}~?cM(+>v6rw9-aSPAnWr%QNfn!3`?7iJ~Oij8xPEg_({%So?T{~ z;weJQk(v7jfQL<=Dc|3tnb9TGSfYQM8T(^ZbF^r#d!YIF_O}Hd{f4u`tF^e60ixUS zOZ%uzZo4}yE$-8u1id1vgu@8B-us|;E1DYj64luR&!{gGb}y@HPZXoC`_DtmCJ}2= z|BjH;u37gNf6bn}Fu;AUO&u~QCYlr9Ly5p zm&mE*^QS86GLP0TD>I2EDv;a>NFvHtIdWnCMS0=!f@5M8lS@FR`D@WQn$jmPm~?+I zN{V`=eZT$*lO&+g%a^KZ^eO&*`*$ULZKWt3xU5Mu#lS|It0KJ;$+ zu#54cE5ywgfkUq#!XS6&Rp$F!x<+iifv> zszh;z7kq&-;js4O@?}S*@w{JL6$8-R8SPb8l$U=nidBrbRR`spCYsMog=7(hjdz!G z|2HgG)D}0%5R2>wQ>JPK|BmyQvxL1l>(B0*xiWJFN3OH9w(><_Yt64bp2=Z-5F+yK zx?zNRF~9g1UK51^4kk6y3|aAz&Kr1?qAh{hoYXS@G=lkTm-(oaN~WDwFk|L`F|PiW zYqY5is_%X;A{q^6Q;~*0t0Ow7ih)ylys?AGs_%VQsu6yGR{T%*Q@)XCZZX!7zxV4C zBv!QBtQ2dVXKT7l2R>e4%q%H+5^D}!H0Lvp`I4PsD{+M3#BX*O0Y78qe}P$-pW7cQ zv+&VoPc$9%BRZ?@WEm)jO(ap%&kc5=f!mMY_WF1+D_=2`#+yOGdnL3exam*Xvi*+>tVgW9hW&T0kYe~rwAM|N5 zaLmYpX7#T*gs7%wY+RcUmAleg-fq~_?Go9iAmtztuO4C%PbcgTZR7;;os0K_85b*0 z-igNr)Ll=cGobeM%e`9vB%bG~49lyJJKh`7ul_le-Ci`^>JVANXdKOomTBZS3)xUT z|MVyNuhu(vmPb>OS&n8$igBMWLGJM9-r)&dlgzeO=8=5 znS=+{G{l^RpK0w{dD?KYrn7^=o ziWzo4SmM9AQVoxrE%l2&V%qTETb+BzdaM)x1yM!Om%XWufPN$duR&wRkAF0mw?o8k zV0I6&bP5ta~C!OM{o~f^-r!-)1H__G<@}* z<#4k5?R8vmv#kCF6LZ3k&2Nmkt*mWSw-TSG5%e6|$*FLZF_7QKQoP~B9ca(V+^s(E zbi6mW^er_O-Bm4pZ)S_%YEMXTf53)s=YsA5dmNV+i?)>|sQsXNr>eu@&#V5`4aB21 z(P3H8ud)|`V!S;atT=Sls`5F4Gd5F=gR&f1h7>H1 zO!r2hO}3MrW_w_zcFjL3)m@u6;Ir`o7uC?Lv?qB!_7Q_^ELm$ZsfXNrp42hbPXfJL zQH9FBkIBhGO_!x??vtMV`K;noNkq$S#t*6~stPWdo6dR5zG+u4O+`o#`S|giDNSmS zS8Ki&3BywUCe$@bJbd_2?%Fv_-~5%Ms{A=`1|9D_ZXdfNZG(TZ%T>2yjJ92?TCe}i za2Z#bA&nimZ^rIHU;Qh%?e&dDGz9}5P#&`aSEyaZ_#5KIwI+Hi?;N*9>%R$JLssq^ z(b$+bk%I){yY~<3FIVd!3Wc+%SH%Gc@t;o9wYX%3@JgDmD_$Ne4{2;9!VV(<5B>po za!QdQN+~0&ShGhdg7#pgrsim`!=o5}-dIP8nXU|uO6Y@i3J57!29jlhql~*25ix-{ z{^R}r8d54N0QuX$bdS5YN9+{QI@PS^2k8p~CD3xH(Cn^BJ54l@P*vc2A>-H%e`-vP z_TAFunqA3XRN38TUmAaWClj~m5ZUmJta@q~8jJ^xR@EX97YPTwr8ZNG(9CrlF9Sgq zwPLe4kXO9Fkbw^GXM)D-Qzn6um-2!Y#RPrFMxCZeFu+xx(r5^?I?sfD&yLF~86A3A zI)Q%xppt&}FLOsFpVZB7wp@aUee4Az?4hke zB!ELJPg7@24M0#!AldVwPqD2P@qj0zIlD(7w)%QeWDL%-MRY&@U%C8@qKD4m@*zPo zDla|;b6K-AeX!O9NhpP>^yN5ykBsm zgiODE1`1*{yK-H&0x<0&s4ykS*Uyv>Iw{innh&58xV(r!$eUVsi$}ovgO5`@s+on% zYsKT_fDe02?=1=9^-u3PFyMM*;)koAq%pwc0U`*Z1$ce?=_s&Ymc41pcg_1UXB~sq z?17(yhEmg^@2N@GijLdXZ-<5p4-0)|dM`h`&FIH{=FZ_%n|Y0MLDK+sK;j zM0Q5(aGUF3^=Mc3qwjs{jscvbIcw}7i8s9?%@z-zZ4{MiePL9Kh z%+Q(>-5&T3x)y8MD4qN6L^1HjMOX%E{s8oUaaC=qR6u#LTQ^(vIgdT2R!i=i+I=$D`u*vBtj6oX8|TW&cn zYh!?yIpuXgvGA#GLTCBQ>OEuO>CX?C;vHdk48g7*bmc#GcAsXX&jUJFRc8!YF)?EY zv8RN$Gl5L^JP@IMSXOV%dcF=K0xSPv_<06iYXBwB zil=jX<<;^?8Cq$B$oBvoed04{UAFuJ%INp1|h(!tjU`-))Yvx zXS~MJb}vE713KP|Qf^CMXXkg0yPD2M=F@^j;NkP0!86~6&Zs2w;Iw&zpR+wY?JA(x ze5oPrT}PL~MBH9tTD6;Vvd=9%pBx;8XEv_^2i?-&q<}EGi%3n#@i_X&8I-GL3-jJ) z2Yx@%wFI+6ktm#TKopF9(q)fG{4(;ndeJ(ZB_RRKTo*Q`3&qCB7NE1@5HP7PK}CE) z5dm*fHy85(w(d8$I_ZSL^T9U14w~SQg4o{lZ0Tyel6@sSjAA78Aij$)W^>~J`f@)c zX*j_DktH`o4ItwC_M#C;MCwXNjWd#h9pN5@C9{c+!G*WM2O1)Qh^Kagkro>7PnP*D zEZgEI8{%zaH~(lIkDVNNAkwbra2YsTJ&=4tE2Klt_z-L+uB{>Q6BWcV9puD!fT}Sh zdHIe|`O)O=hVo8%ZX^-z-CmJYiD$6c!mmL*k zwCXI?@)MjfcpXC`7F(|o7}u5&>+lQ zGWO;~?PebdgBEWIBuaOZAuN)w-FEXaI^&JxqJblb zSOOgoA;9iDHze`43$Iv+17EO&Hhca-fG(MoKMk9YI!M|`mMVmT8vj&pBJMYw%x3V( zC8$*k8PRn_5hk=D@|%%@uqu!zHtNe*wMw_wWSS=~)zGZ^B!pzoiZ# zGHu@xxgn4R4z+8;K*Y(57obH8Ezi(@njs=y)V#(6qnMRHt-3vHaK5Qm&jCTu+>fFSxBW79~zSs}++6vA21dK=(rM^{Y^=m!>n zB2UR?cnUKG^Z))8aAcR(BL_(ZxF`!YD*x{VuDQD}m#|gnaq+JPTm8gVV8;$H6b~W2 z&GMjny+XAjTf+bSYpJtQ-z1)@HKa`U;x-;vv}7YTdN~i~%YgA+E|n06QF&Dm;LoM_&bS(|haCT_IhJ!DJD`ilx3(8S)(l`0 zo;o@@nzo}0^6Fo1AuAT>h`RF&I@&WXqA<*+7_Ps2IRQ0KGVW=9%x>Fo+81SHm&@wR zL1JMjF)jkjubH8{MoZVvJL=E8YgJVhyvf7>^g#Kxx#YceCJ$Nicbi&|C`NOL(Se3s zAVG7^!0aqdc+tO<=@bJA;8zE|+h*6@R|~zfG;+V=tSZ+&pw$LZ2n!7AdNbn^6igZ{YiE+b9*0x(4nNsao9!}7MqT6!+7RLb!996z7J$BS z6OEnk*7mmS;5Wbv6_cMh7LncNux;~Z7cZL-SJ^Z<+5u^#?p9VSp3{{L5<+|Dm{u6I zcfKmbTwxiRr!jMrVEoNDssq*2T5)4#Fz3C@_4EDKil27Z-u$uuEC1u;_TRF(ZO0kh zgyYyi(F>*m+WE!{SM0uylxf^QQkNOIINv_!F6V4L-8?U?PttU8KR88{;V8K8MI`~# z{a&kd(eq6LqdD{)();7CwF*z~&W5JS86LMczqe1`VpuWgyBb) zz`s<6gtXJ+6<|c#LwWlzj-$?;(*ziL@x2zs>77V>|DF1U<>g|#cEKiSV5nzJ=XF+q zfx_0y3n&ZHRtqthT!WKg7#aiWSu8;7xkms2Lgo;sCOjU+su*hlup;E%3UqD#zC2Hx zhQT9;Tu7%WE&w|!gv~?nIHz|}EjpF_(2J%2z0qY15S)$pdXb7QZofA*Ib`lI$o&)P zOr3%8Hhk}=LG;IE?gztT#Ypr#c1!B|%%o@U3Uq(SRN2opum+s^tM+z~dJSjkhdF^M zU)~#gf&S2x>}-P=VYFdg6dMbdg}R8uwLrsHcK`paEALt9#V0e$j^i>YKj1;4-WcjU@3r6`gYR~s&@2dqq6$-1gNg`OV zWht6J?RemrO3J@*T)I+yFfAC=;ORk6Sn2Bze8il*b!_C}*Aw-1tq$>%O4L=8pIi4h zZsqN0#%LJ$-T80ofV`IDg3v<5t>^#!5_s_a_lT8#XvPB5f8^}gF9H`8=T|Vb#t?5Q zhQntVH3p}B8qjG(Gc@j78M=3xOv>@`Zi@iT=m0R11nZ5+*|6IBCVG#`nSx^tyS6*b zN^Sli`o|$shfL!iRqYYdAUtQSh0rSlY9DB6MWdWnP>nNe*kLfX7?CdqATD%W1a_c9 zsl#N~@UU?08OoGh*Lal$!uorrC+%q0hb?n?EW)L4gP8oYdjEIM&_nTk@nnz0;SlHvE0=HQwst`P3Fq8>@RUO&yKFXUab*Pd-2@F)yFuxk^XX)wzTNB- zSI*aJ^lzg~nXiO1FUhCWnv>Efsim5BQ(;R4E*Iv!*~q`AG1$i5D=JM>bnwvow(J8Y zKNIfYDYC_{fFG}RRxcTm%8rq!v%A<52vfm z>2Ft3w9508CZP95Y<1I8Vuo+ph)fyJw81oc0V;!kH|B4Oo|arV@$s=pIkF1Lj}9@T z8?l%4&2yW8rt7^;XZLSrsbow6J2%8PaeE*5d?R#{{4EQE+l%-Kuq8elO^qA`x%Y0o z%TSJGY%SueECF(^aHXVIwdKhnML?utYPU zb3H)5^rB7Ra6P^>uD`!IkNg9}p#BT5GhPIN15Xvmgz<$;lUMG8-_MKc;$mGwX4hVd*nGZWwZptqAr#7d>N zFm=g+e!*=@Y~_f!b3;aEY20p|j!gFYrz+MO^}NJ@&1ZbmTw7DC67Kt=ENk9tO8!{2 zZ?M0ZP;KP-UlIxb#Bs!HaBNE_(3E&~rsB;%@9;y}n%DTV3wsZf<99C98J5V3@lfHs zdlixEcmOBR0Ps)4eA)s26bb@$bk5U(*tVv}&vswp6zfjW$epZ+?yCCgrX;NcHliwgf@Tayj2z`)ng&Dq=Nb@SyhOyo-1z>IZbBhJTD?zN>C#dy zhw8bJ;o)dz{6pdO+x1QoQWJ}-7sAb;lGNzDW&boO`5=)TT-AU(> z6jf=`J;q)&zt(=W`cFC}XTK(kKZu#3!G3d(9`hkRsDu87%=bsU!^6W`o7&W?E$)n( zmAY{Df4%gL_1=YNUd03T9ihI;s*+Ts$+<`U3v%y!-oBgG1 z%iFq!TY`$8>l(%1?k#DD|JU*=3`;U4#?GB4L7OxR`}X))N5|$^>&aUg%XEq4X}g~r zXPS5%NN(Iyj`_9Xm;TSMMfIED%8ttBb%V7l8}rh0b=mh9#Ug|qU;a8y5&C@5=ADPv z*HtH-5J$;+$~p&n#!2UHq13)xGu&TezX?G$qKBzq4HTx-6`{=kvXlRT!zKf1I|V?b z%DQhumr{VNI`%g)E#HA)X|bz>O4+tU_o^>VG>?et2u>lBBhns^jxU0|z8!;B(N*&~ zjzB*T17H1tc~-wB6cd0f##)V(9LB%?FyiW8ugRM}2;4}Q?HIwdNMinry1a3P;U$nh zARQEHhkshLJJ_rgyQFD)jryNrjF8%FSSvl}^$Us4zx?ZVUDJ{pZn^bkKKI833UtuI9XsZ^YmSURzhTz;8qmzzoxx6Irkdt zt9eY1K4)__`N>HuV0HY7<}y0xUCu9UIFno!g7|u;j8R z?dIAoUvRGgU4k^eCoVa_w1ge4dWoMJ1W{LWhgs!NGpJ9h=J>WE?n=&7KhC1DG98}a z-g&$$b7#-sN2$#(rjdKx`Yg0_6a=HlnJx(OE}gv*(4OEswibC!uk~!9_8mtB+2*(V z1GIk)K2EoM*Y|JEJ>MeDq?CA_LQ#EcSI_(d!TZ2ljbpWw=Vr~5V!J@kjoO(IePbP) ztno&MLBIbNuTE3mWIsub<6b*4%Yj#alD?7aXzSzmeg?h)8cjs9KlXPkm^|ttia(vX ztJI^O)7Oe_wy?Ulc~!V3ig z-zb|GXRHoSGCcjL74(%pQDT@4ad9v=pJxn_H(}k<4UM=Ot>!@{D&9*42AzJ(_Ai1P zg_BHbZzHSb$E=aiEevLu@P*jAm9zzolXi`*3>>=;zs^0S1&ZjzfHlS*__&`O7x^Hh zF+04jlXvxc`5b@+?Kg&xPF$fpf1ZotF_7A*Nm{5wKE7C&g>TsZK8G)__va1h`xsG_ zlgDd|25UP$@W1z|Ts&8E4_wcM(BJ;-12z@8txw(SNN!R2i5mb0`$iP1gKS59zR{w4 zL=Fxwk8$;-(zuZ2qZ=M7x5XXnoTARQtP`LNbQ; zlbh@gK7P&R~-H-P@QT!$UbL$bYt!P^C^bwKL!L* zB74}bL-e~jA{$YGK&{@nw1FpU40LkP@Ork>deE`NgvBNWRD9N;Y1PyuGA+2Hj|^-; zy*S4P(!afS%T@b!$a3B0QQ8AX#6crF$F6H&DnT|SthPb_zzMASLjg`s?KIod#sMMY z=OkShW~@Q|%mrgt;l)YGIUVq5&8(=p&00OQ`Ew{X`&%UEe{UJ3W&gkVyuo2qTG04`I93r&u`_=lVO9zp}s!jXshZnPEb>BUn@moDD)=< zkVP`O7utgY4It!^je(8a#K%=jLH5laM`_tN&c>=zHeTo+Fy^`&6| z_wb`^q9*>}JvQuiyLi`ZgZMM0G@l*~SvRVt%noJhvkNKC^Li)u<-RF>msZO~I7XQ` zO7FlkZsOWn*C-~&NRt}t>DM|Lc{!SuFoHGU6UV@DCexw{UbSwj&GNL6efKNo#Mebj zyk>EKh3v4t={j1EFmrofWXyZ%WlAee`#?bC61a_;KmsF-Stsg#p4awM+|_ zQ}6lp>%3R09k>T?1fy!vMPvi(s}n0E39VFaAhS&Vx5ufZAMMBl#<31Sc#b_1RkK$Q zJ;S!-+7Ph=W`dBoKPbfkMox=rbCHrbb7Um|16+ z>|;IwugBycn-F&mIzi$;=@xC{75;~3BdXZkid$HsmAc8WOFLX=dGoI(fzW#lpTXa> z6XQ6_=3$3!F0#&e_64f~5GeZNIQA@d4s}q}W6ZQ-fdTJ=QoUyj!|}ZhV+I5d58RLp z2*mR#HbB15F%Z27gcs71rbU_JUz_!_;?8W6F&0+#%Q6Y4)Q;Ww*x-?|#emagXLC<= zkT-(s*V&t#*old5CDWP&(I2NZ%kAc#^LXMUC#JLWl{aooYPQDm_^|d`;`lF8Nx>Iou;Bk}xpB?fpLSl@sIvQ{t*n z?~2TO$n%T{SAFrX-IYa~nr@`Zll&RL} z_>q$u!$%p;H`*yIg_)m1il`3WwX%L#6iPJ7VQ;4-OeA*-vz~iHxjCViPg#8>j#ljX zeZ>IsN#>yMr4TfocHSPvSRDW+e8lnOf;F&7%~dn6rl$G zf{oyy?E25}S_C?7?jJATC!jUFYLWYzCgZpo1%M8~yJq1h#dttt+ho&3YXYb52-fE& z-5vIfOns2zB1D>y4%{2}(%ifNGCwj`82ta28cF_IEXpW>;!VR=HC4#cxz3O10`+o5 z{C52&%>~VkXHUB{o*9Lz_+Kl~GLJx-}(wWBu(bJjrRQe^M$3 zjuLu$6J85{KgLRKUR|VH6Y3F>v14CY&}-1`Rmqvo?OtIbf853^$&xoWx1%7b!S;>& z4$JDEK93A2Nx-=mk9Y+zKEC<;f0_X9S@Jt`Aqryu6z@e{RpIH+600vW~0of%ldRZ+~Bz#{l}04Hd_UeH3==_NTa`kkjhws zpBn9d>rN`8$4Jm^lme`NfewdVPiYsd0PLJCIl`u|@f}A#49~disVe`SHls zL$zxuLe&e}YV6WUju)7pERHY}?l`_`j?4gqMyQ2PG;KM=E zK}y#&xEOQ}em<$bJ-&0eH3EX(HWTf(K^t@W%qO%wp>SOSWlg8K;=+Dbsx2;dx7dP#fZTcuIFsUcqloQJ~@71FBS z2@G&G#QK;A4JDGOX-`8S$fS(qLlg;@4xR%{I{-6$7(Do~NzU@QbTekjICap4JUZE3 zk^FO>uJi$eqFQ5t0w3O{q^I!JVdYxQg}6}MYu9VVamE?*uM=fvsPmJs-1SMup>A%h zwa1f4hzkgyPBfX!7!iHFC}Y7?BNv?hg}@6ZbC9a>rEk!kWC;%{;j+Uo3NeJcA{S~E zZ61Mt3?k{U>emPJOzLKhWG>^oD+K2GN=yHfy?zfuJ^1#i6G9!?K0nkn&enaRSdE-2 zeYltRrMU7+-2DFG#%h0h^Y_hY2=)|@*vg@Z*WZ=u)q3J$a1{)L)mHAr9c5gBnGCrk zunAlg65Iku_NZE@nLUs{?@>AQoCtJGP zu=$5UIoBP4$NGJ_MSGOz3m(~v6{UU~D2juqzI8Zv-X|D@P{kwSPLxSTen9r+jTAhS@Pbr7dh$F zCQKXO@7=q5Kf>QdEouGCjk$E)qciK{F$6)XZ2b8YA#-q@ zkm{kEUQpAedKGobS2NU9>NpMtwmzCe$IcR0>p?nZYf)vszY)tAA%dLA+re>%@9Udx9@_$Q*& z;V!(%%4@vh06z6$5OTTd{Mj3N^rSx{Ll$_@jR4j~xk0V^I)(yLr?ELy#3Zi{zcoj* z69CIOuUDbtrUZpax8Xz|KtXDx{hodq*xQKg*R0<0R&=cggTN9z2Xh@0MMbi#aX)|L z6@}{*JskspiXt*W+yx@@V4OfaB6O$}*4m=S$&QDX=hu*ru*l+yp=xk3_(dNR4r;oo^$=>n`Ei=xF6+|(!lcOE}nU>Yl@YaW` zFLNQH&;&bf5zN9loUjv6P+|y$C1TDK)-{W`~qDdN@@T< z`|@-=&Xqf|qu<|>i48DmF~;YEe(tP$PEUS{=}4S0cpz$7#(*!+Gl#mv1F~ zv-fs(#f3eJeO3}F|t-;qhCt))-F8tQlKEA<7laRqtQL2XI5AVz* zra%GdTPYe?ZgC-Vc>8bmNH0{<{l3%CXzwD%MjG(wZ;zD(<}n6Sf%1L5!_u$5>1VFN zgX{q>RvgJ^406UAjqrdm_cRI#j;JCl*Qu*$x<%(MLOr>VQ^?r{4KaHrvIAynB4^&I zs{%Pg{#rfyBG3h^cx4b(33N!K8;at=L*P1i0YgA8U53KoJRUrc?zMAoh;$V7>} zV|UGH`)k4xQmS1xz%0zEYip$}_Tk_kN;Yd*7KI|y^QQ3Cm!%1ofHTpwg+bUOj%X91 z_%|FnsQlcM+d2j&$pSfi(1_i;Zu^_pJ8zcgs@HMJCTpG-uN@PajWAe*9U1P7LWd@B z6lb0Kr9o5CfE$|yXmqfBAK4BO;>VS@MwY7y5#%m8b%nv|OBL*31&gupQen^M*?JJK zm``3pn8X2G{DZK;%(!a~^HHE29bcUYfe3@m>|eM#8k)(4-a#q-aR|dVOMm}e8zWaXBTe&6sMXoWp zyD>X)*k?R4y}lh=n9x)z{~KSK+*F-M(^vNN1lajIMrEq`Pp{Xg z8_|B3SV3+^C|&{T#6XA*B2x*H%(c>2539t%RqL=npE?Y&ORD2zQ2ZoFde(sV=%sqE&1wkJ!4z+#z>p=vJl<;qX`=!3vDjkRYOn4k zz53xX%k8n}gMzf+V3O&m==_hE#K{;QqGiF1I~dkN)hZAv8?G#Gaf!so?HGqs*gg)s>228IO#+o=cI}=(%UUt?o4kpvX~`` zh5y@6oBST61;Y&=N15g_vF;q&b>B#rlk}@;#u`0I`t%^t#*^pm0*9mDF7Nl%$ z`m(}$pXiLB4uC8{7l@)=*Ly;6H zYeJ@M6bbykCI*v2CIxN<#whpKRqQplZNT!w40vpSZ7Uqb%kwem5IGcE4-6Emb7y{hhn~ z%)aZAil-W#w(HuD?^ix@gFj8)`W(mVoLct)m!Hgj8hp9?VXG zEL0_6Y~;l?hxf&^d@a-rdX<^S^=|V7JsxNnlDl6a{z|^v1gHe6yNnGm=1&-`pIYe) zgLKh`k5NY)QuiE_NIwRzzZN=_rT1kL$2xX_}HjTA0#kM zgxsWYh~3)SDr%r$n_ce@>re9Jem}S(*I3CfQy1nH%d5N znnaC9j&@<9|6NFbGLIbuu7*phw>am2U7!^d%z!Y|ulfRX^S7Z!-aq0JW>NTJ3jF!m zP(s^1gWrO`+EewtM{J;BBE4GH2hR=S6d#d$DifR4=5V)3++Ax{kPb~tW_NQh`mLTs zUVEz6RE$qn+`-QGgn(Ia{DQK|jMh+JNX2px=6)wFhrz&f3pQ7T#=-Oz8T`0&x5g9f zyXww#Dw=+M+!kcWEfXBXb3)4`A&cAdrB7htS9labdPB)Yr7b-L7k*}jOdLIGjb4aj zq2VXAp!g?bTea9gHf#_mQVZ}>aZX`iK|27*mboV`1Yzl$7}&@@v)&$Jh_D0u>L4t& z+RVX9aj~s$itlxB&na=Zai^FoLPkSAPV5grRww6Ch{FxQyeF-6%E-|ZIF1dVc})Xj zrloZMR`l3mBiu21B>P~M1&?T#B1a}! zADnVJkeF${qnFE><-~<=_yq#O=%*=lA^&{=c{b6`2LCC6^u_5Rg$wGOCG~^JdXb5mAiuiI2ftouVB( z<65Tu#eb7H#_i5Ov(5jQXC1WHbtXKxaQU*=1258qfV3Z&m7yZy%et;S)qquA)I4x@7L4^c zb`}BG-UWm2X3KoT1L`TNv^CgR&{PX+gC4>&7>#wF)C-6)$HS)mu}TswYuG0b zm14_=CV%*>ZN#0>Y|OSj7Jsayq(_T9yWH={_fH$@}@999OZ~vO&I2@=gjv^f#u2UfdvQn^(10<#QijA**?PHmkg0Pu`&}AaqMPW>mcFq8m{D^+)71-yt})*!B>5LHE6fX;Lqh`jGDT- zeoGLu6AaAjT^R#a!W6FbqP5ZNeQj-;>f?QLZRJCVPT1x znKxzc^%XsQ`KO!`tY(obzWLqVDu85#OMxxO)Bgd3(Vl7b9jB{hSVN9-0!}YKwoY|* z^$%e0JP(1WdT94(>m1v*7=25#%&W}fFA>nsmxhLgO#)zR0tef&_EfERy#CSt)&-*X zs}RV0zB*p#1P6uMYt3+j?XHLP6HxMZ8fAumr7+-;$X?}n*7M{mj?%Bvu-hrj=j9Sr zdh=5(>#Uyq@OI#m8~+-XMd4$)8aM5^i|3fW;qSgApmkn`f@Ai8r^tXwDfaE|m+Rgg zjKee`v*-VCKT7;ySu<4;GgV`&ww-XHI!VNX(a5LNyhCioQR?QTs#%Qn2_X+ z`@yzp@=4hJ_Vg2!G@71aKEF58$zFJL!yAbBg7$szWm|b!n3x#Y*w`jT^3)1qKN-h@ zjHJMR}r`IrOa2bc&)N33K90H*3-3 zgecALe{zrgOpljLYJ$l*UMxI-7a9-%nymXo$>HiY2QpC;Vniqljui=AP3=rqMypC8 zzHSMwKFMSw2$fMRo11A9ZP(@(> zeUS9Ibj0A)?ty_!wnOW`Lr4OotqGmLj`c-&Z)+*3Kl_<5)`hp1#w*0Hx$<{n?OovX z*Z3KczJa;w_x4};mDIv93$7YXN_%Wm>~lJV&v7p^Jyh=&8P_f&mw(N<-x4=?Q{`Ap zB%?X(b%!L&ykim1Rsr@PmV9g*bw=>d`^vIL6F848si%jk(l&D19uWCQjM2gugv`}- z5YN;$mxeD_VRod3i!Fh_r07joBlh<8zQN93Kk?lw&uUEUrcNal@nx=tFix#RtZUyq z$mm2q0ye^e8eAKH|7~ZgB7JYhlMW7Xao62j>l+(9kSu!?Cq_#^M(6t%*U}??>bWQ9 zet}ws`ULn88{ll`aaz^0U+5(Sb>+T`i;%3GoXvPGw#7*41+Z}=R!3P~{n8KR?6#8y zB2(EY!O9MHcJ@`oRs8)^!7t>nNVOFi5^@n4^h-gVV7zC?E=K&NdC>zN*czzA)Q|)c z!aqml=}#-1=)5u8+}wOmU;jE0F|p0=>hr}v6_?TV!0*X}36mcWY?Li(FiX{L2i9;7 zBx;qs6qx&BS83Dn^XGp8G>vs{381BtYK`V6)AcyI0|O7p?=wEU?;&5&jI{?|xUn_Z znG--4)uJ7ae&f>uWAqzcT}Axq#r@&l>O&$tLfk_PohURSPD+_dQ}KTE?he&2?=X5l zc^By+4lolPGd#wvRLIQ(;jsH~3nr(glr=OyW@(k^cO^>hf*~@`?ZCmxmyBM_7qmq} zxFIKA=&?Kup!?gGbrtT+$Dtx~Mh*^Q*lYqWn>UDvh^+s1Udz-hBJ#P+-Iyrpqokoh zg;!{6iT9+@2b)0fGW%TToJn|t`OhLB0S5Uvc_DLcsq|##nWoOH?7+-tE2`Kyc?-WA z_7&X6hPT{@qH?{lhJtSHR_5AZ^*FP8`^il;*y>6tW)>)92x3lEx1AT=idwUP%iIcry7y2*Jsu-|fO z6@RpIgp?WB-MEH|Eq&mbC7E=@n*L6ww6(Jf3<`Q8T`2Of?T9)-{|D{XcyF3WX`~U@Znrt?Q7hwga-tCFGr~6=jYSX)BjUezTmJp z@VdynUmqAXus+VpBz-<&J0t#As0Q*Im9IuC9Ib3(JfMb*3WYcH7+6ANs%8}?EKVZ4 zfIhIy&crI4Uex8Hu)|{Q`phpL*rbo?I*Bw<%@-#g^D~E~s8qAVsLK##d3UIcsU z$r9+@9&#!ZC-4&tk7-%t^}l^2nsdoJAYdndE=_qUaXwKmYEPs?^=^kWFU$OqABB98 z%C7N?>|gx6Kegoda@(AgQ~iwJ+Y#Nw(pP8ut(oB3$Q7v1^_i>d?5Z=DO{Cn0npUdH zR}(cgHPtZj)cy%OZ`;70S})Zf5(N*-qtbzA(?6C&biM8|M><7#{(G|Z%35*r&E zy71~Q=E+G>L!_S$J7WvC1^69pP+fKpoh2a%&hZo4n?WJ zzd5b@p>HC3#irdTiQbFIbEoIr-=W+0{le0+76sBll4pDa?j+u#RJ*d+qQaodX%-b7kht9 zu6zj%eILndlBk}gsobHYto(ZUPlb;Vu}FM9g-T&M50=hWKBuz6g6<2&eL|rFL3(Db zrhvZY7THI;j`~9G!Mr$Evg7eMYaMZ2`R}^&r(qEekrg{x7AgkeUN`C<*flvK!cz9~ zCw?IN`-=UVO!T`mXE!?5-m}m9T8jz4^n6i%b%;eeW>o3MMQqQ({C9k$&fz@&ybNNW zBq{0j30UyqDsz}k9m(*H?`d>p%92i&lU~vZ{q9Uq*29elIqbp42V7evA@XvsS;dZv zU)AG2YaE>WuUVzI%-GtTIxD+Kx{h1y^53Y$&?_{DJ@4Y%uB`u3w(R>zzh)v|`8&mK zyeW5lV1}rDup_JtYoOM$(mHCV_(0Mj+rIkvkl#=V3#eddNXY8Zt*0G z{LQd|X06WTgRieIS6j*4E47q2?f8n_e|JbkL9(%fo-iVG+l_)DaU+!Vi*)&eAW=4E zd}+JSLffu!v;9fsn9U7WOEm(|@%v{0lf#yu_YK9lHZ-RoRnR8BOxCyA zI&n0YFM8-3x&6o2_Z-CES$84FxC*@T6bxBW5WP9okIZ@ctGEJzPdz|3jff4*;Taya z5@uz(I^uAmLBXIMNF@H#6HIH zWAf~u<+Du+a1WQF5VYo^eyTz(&_);Lt3fC++m1_MCVwgNX+!Ug6uqPd(Kc);wuP2D z%a*cn16DQb&J`KzNvuSHv_02bdctnTY+A}h5}iCVgYueem18RZUH0N9AV^6+L-;uy z=f9E2|Bt8h4rlWX+keC=YSe6Pt*umvS;QvxrgkY3qGnqZja5~96ML`Pks3AIQhTpZ zvu4dwTl;%_-}n9fm46)15susaT-SM?*XNp)hmGe5HB%#^;mPU{kYbi&G)_7Hv4_+) z7O868{5=S4{YP;z`Xod7Qz1*Xd3z(X4Y}kh`-k=07qT5iw-utzVXLQ~^kWdmx2YTZ zHa-x&ORs&LBXN0u5Ls+& z;fKPMGjVqBv7E9t9I)F{I?K zfla~qfdQRp&Ls8dlj!xiuZ-%oKTd&6jM6Ty!2__xmH;o~8_=)>1EwOaW~vZfg#^fU zsUzqvG*G7b^?udDC6H4wNPONXI5hn@=WP<(4;44NqatKmYEJF=y5Y-Vo2`3RNqzqW z72dO}Q)6-o&t9PRO(+-1!R*kkF!%Da2Mr%7=QgAq!UdFOQ^Y<7EUvq24mCGn`Tm@0 ze&P@`S^WsZC}Fi|qn&UMEhF0AEf|h*F6TD;ibwEA5IZ*7YrGxW;ws#cZaa5Z3o&H& z!1478r-C1&BKl)`d8K|5VMh+LHcDghtiPXS9mO302j3E~PGr?%ZE7B22c zcsiH)SBDIxj;Cb(r)an3>W5TmA)))$KdFX@+1HY&{gtzgf2o;IP3ffqc(U;ZSo~A# zwZycM!wAtajI$z%e-cQ0YoLJyqPgl?&|F8jd*+ui)odgDz(np96lC!d(V+8g)m;Q6 z+I|xG%g@~5j_f`J?}cmZ>U1K8v+#{`(XIh^^Ybt10Wo`g)GU$Sfi5Vi0D73w56VWT ze$@K#))-i1RWU^T_z0pWusygHk%j&m6wUZMj`TRvLbKU}uaD6(i3-_#Rw990~GSQIh52sop8YG?+k??UHPfa3H~E%CwePp|8P}jVIuc zgg(u`c!C*IK+`ZrCt#{a+3!!cjPmnf1{@hC-;w1mfg%S-#sF}^F@4}dNHwB-j^hsr zrO|BoZBW|wV`Y#Zsm7HlQnO*JDNw-?)XA$9!PTr$Pk@eKb3@=bis zn*&r%w8Y}KyhmL3Mtr;QtOgZEH!tmWC0LQ8rNUc(yP*%FfrSMP=T|J4sm+9Li|AD$hFe#ohu*ZDcgm9YEllBJbZmdWQ^zV{0Rj^AJ9hByU@s)`i%Gt$!T)@Jigrn%}) zp9rVgF#NK%wvy#zDoSt+X)L`!!X9I8^2+KO8VPu5p#L|-0Wox%L`f)V)N*BFk_lAv0JB7_-5h!2&duOrnv@sFL2Y!v@G{GO; zUwI$467+;v$l8g4E|Tak+~F^7Lu!qpME^GpC_dY?e5b}L_Fu-hIgIJnKUreo(sg3u ze_B{7hWMoHr}=&P`+WMsGm^GNo>JtctL(X)3136hF>k49Xk?eYtzFsm#}5t@Gxf_J zL6(B>Pthj9Y)fNq5xGg)LJs|!iiScZ-^7c>t%&4ws#-&wzH7$t=eT+Q(7r7q4A2dPD!YjLR{GzaZk- zMUnW}4q30+-3^v8Jb19G-$yT(i4@U~}=DO{2}k{|u=c*lO@<`5~QFIRF)o_)U7&3nmZjQ;@40= z#HEhJm%hrprY~W1MU7adxTv#%J27^*5{~ORG*S+E=+=Q>y!Xvz!U;aBIK+1JkUQ-elJv!=-}O9FQd0S(;lx2co}d!zf>q_q_{F)*R>zN}DeSwVUT)@j z@Fsw_=?n4Y0JGc&*w+@J1jBbjAwT=U)nwFq-^hmn-WGry0Mqe$8XGQ5P)>q z2t+v#fT>+pK!o{t_|zECtAJoX696K1n6MU-ZAllUZpd^Lg*(OO$glP0LXR|0S0wJz z5I}?J|F;10^q07Wx(Y>Wo2?uDP{LQ{TSlwSJP&fl= ziy)h$dB#WWY&|{Q)k6xj5%yUpV#Ik3zAB=UTzJn}Kh^|g8NA{wqDn-$QIx9(!13QU zh`G@e{j}E<)!6D(IVG-lY^^+4a|AXhhXBOX8gC@^V3)?+<_JX2##Wy*&K^M| z&D4<@{EJ(?bJ)TnHwp*&oF6vcGS(-tWw~;3&p;(4C5k<|;W@DvS_G~9V74~XBoU`Q zb}c15R3X<`m90(F@1H|d0e4q22c{%bj?W9X-7AB`FUbN=qYVjVTFQTkLA%#N&MK`} zH&7K9zJRqU35a$#YP%&c+q5}e5^MI%-USdTzX1~)s2fPaOzWFZ)$G*M@YNtAXj^;5 z{ccK?ESG)nL6*6u6^Q~Vcx}$P0@;6>Q%}@QpOtfPe>Cbnn)$;R_)tKkDySh4L>2um z!fW1u*wibVH|~4=U&w;X-zwUN6Urk}rqvOa=pDPg1CJ#OYU+*j7)VQonibcw`*@?t zt--zmH2(Z-fldbJ&mmD^F%4dd=Y~DjV9q9ctq=|BVYz)%=_=}BtS^ro6wXDIWkLNX zNqO-r;ioctArd;z5)(!xi*I+Pz4DGMz)nbMax{MNXwit4T6P(%C*J9Y20KkP`$|W6 z3dut$7w++t;D6rPn)d7wW||5aX6At3*R@=8%Tm)^i5gJIg-8Cx#lo`fZ~+vCbH^$5$7Z}u0d^`uCl>Fxs8Ab88}b{Sd(rZ9x1Huej)fWTX>7X9*r z!X>eGZe6{+oaBXMlSgT?S^E(N4&>F@@w^>AVR*Y<+v<$YJc4l5YF%hg#amy(>hlbf z#|ACo3pOi$#hv#U?=FesRm&xn`}o!R8`om6XXo$>Ic5sA-7m)j zlSB6yQDgG%e0RdD?VUycQsvgKdo>M_?y^_~ouiHZz&g_bH5YJ@>;SgkcR-{E#MIFS z7t54i6 zYqo0nI_n3cYqH?X9kSMbTs57NTQcr!KB#Qq)d^m zS1l<@^1K6Vvn3F|R=6LrQ8vlkZmOkTVH(DboH z6V5Rb#P6>%;~5)s|J48TFA1`v@EIFcr!~fToiF=-BI(1)$C*j~yUtt|TRx3(7| zURQg=H-(DNkvsO%Mia1Sc`*KA`9X8_K3CJ*ZR|*W@-FrdYyan$qb-P~Td7*bvT}Wn-yOG$!jpH{D`Sy(^jp@{ zKkm2FH_V=&EA8H?dhE2PQ1V1XY3+|Mx-Y|DVJ`=dC$Eqe z>|9gzd+l@sGITCmJtJzsDM0NLoxON@_=6qvn+9%R636D$6U(u^vgb{5=-kcplATL0 z-XPpvO$EQvN{6FlA#W+3=z~`)C8?^1e21h?66MT#+UPzy>dD0dBts6UHM;Z*o<1`m z2{bS;P!1!ltjV37u|yf>TP>x>7<9|Bd99Yhx`oIozA-8^&i?u-yFm@q(O=uHP z37yBG_8i2JGfrzvFfNLFe3;t{?a~Dw<{l+?hDcnUledOO^M|`6pV1X3-ZrCnG17r0 zXFnnv=pkL1%bugl{Ntjosld(j{$(9A#kAPyB}1>C47nOX92oKM=@L2bYOI1-3%;~-|pu#@ky;{zV|++%jp1o4;_VVb3x@-+-_P66h~9()WN54_0w-l_xTJZ8S9c zCl9fY*gzK-@dVhEpRBig$(B^|ce#P&NxOb;o0a_@NrC?i_Z-p9g^}Gl&w5l#WZ>*) z{g0}b>fau_ik|U*!p@%Vy_`3dkn&@ND1>Hv#bOEpq<6nq-Jt%DA8^vU7-Lp^+d!@-eJB}n_gs6TF^PD-j( z@8xY{5_qmo9o{QQt}(ulRer5OlI6w2A7@sx{@A*=ZHFyj0qjTl!0+nz1&G`3oj!7H zw8A5q?t_P)TEmU3zT(Rzyo-8HrQU%h8c{bg6jus@KA~%CaDaNbN0{!bAHP19<%(ut z3{4KULLWRTsmT9_CA{luWQgV_V@Q7)LFNSrz@TXRvHG#7FIdle~^N{Vh&r*bo17Mu^8bzb!!d1U*kp`ljU>X`9MoL!jeE8IrFM&Yf z8VNJC-cW;B;ZZ!Ug!=k^b}-njy$Aobd4_A1aZC^RuE(I3$Q?J@k-{baD{bP{G+*3FF zYs=~50**g9RJN&ojM5&QDrtE6z!D5}1hSd{n>5@dv^YoRB8N#AH#>>%zT=hzGT zIh2?aw##FY~PWnazMX<(|(znO8ktlsJ&j(3=QGD^GI9Xmnm;aRzNw&*s zf4#bxzE;&Yc87~(t-%EtEp69q^~}F${h=z7V0p=0$<`-Gq?gPKmaEh}Cb?f`r`Ks*kJB60$Acyv}(1fKah;o1ay0qT8ss z_}2w3dm>!t>?v1JrU85CKHujqJujd0R*wZ!hr4%A4Csp?vt%s|?T%cyqR$ZM)t#gVYA+9cl z>x~9AOG>%A0{oCXAeUB3psfR?{UqmbmqWib@#6_uP{L)P$#e|*8;pFJ<)@34`g$w}7Ejb5q*8+F&nse% z@P}OR?qp2m(Z68Tawf$tx5(xu!0Cu$GOc(S`x)Y>)L?JOIN>>(|uWccn@>j zB12~5h2)DX-ikbUor~hzxU=3#@8?QtZCH~+^a2U7&ZJhrXXm^i)S)SKnAM!s@un%H z;3U>VET$wUt2p$zOc;A7PK6GO2`lw=V;sy8`G#l(Awqu3n5277W#)?G_3;$yB(xh# zl#|)4>(yVt5oQW3vk84|de**aFSXsU?57)OD*<6B5Nmg5C;qR-k(v)yhsECB?S zZkuM#oh+vEU){tJABQ(cV2t*!G)Ebud~uyfayLBtso6h4so$?`@Tz zjO{37KYKBxr=v?JK-`9FLh7}6=LR-e3;xB7h?Mt-wZ?1Q40tQU)hMXB);Y)ODYW85uk{BH(M;Vz<@Y2~~BGPeyP5NgxsE6{EcV%Sfj&rIrEcY20+C$dj$t-ulF4a9czW4Noig(n$~ zec@EW(%KWF`6xQNgu2A#WGrbUSQLwj{CX%Twdcry_snk7{s4^inZ zpJ3<=SEa1(9u=uO&&+$1Curuf+K>viG&g3Mw)d2ZHJFOPsA*R=8&$rD-EU-CSs~m3&-IhvLVj@4d87r$L2@_aO1| za(qe}F&aa!Y__aiy{41(I2_7mLko&zbH?xf zCbiWF`lj%@%vr7OHE-H3gO=FoPuL?ycO<{p*8c6?a)JSuu60Y9ES%F=Q}5~J@86!W z*nXol^;OM^B!rFE8)MDqD>z4Pcmfbm(qC36>nObLml2>_E__uVO`U?%qCOQP$09mq zGDcdBnz~Mjd#5%c^s#+yhIs6khgM=O+WB3puY|Jz%9q)gV*HMNTaN~9w>VVwmm0K_ z)FMB-f8*8Y)a=laSw)`xJtvE_px2< zd|u&V-jIczUH)V)WO|I(w$XkVA1_d(T8u|I^56pRccZA{KRrDwu(0o+Xw|v3=4zwI z`78ujsa>!s^4F*s5t`pnhduU4XZ-bYI7{_VJij5Y zZgZtwkN7+6M+9OJ{8s3@uOixyqG(p1H8t?Ek~S}HbE zf8U-SO&Pk+$8Jl5HyKP4*vXion&c{ryKNP%s7~FMq7h}~gsA}L2ZU0s!}?PW$#(up zV9Z3#U5(WY*uT1UsPlWgCM?}N(u7gq{8!#YRFcB-85{nD+4PA+ojyLNnMLX?z#Yi0 z(@i`c8VAn?chzn>9Ud89Hqla}6ci4E(jXX5O!Sj|nTOL2`MAM~qtXwY2SM~f;JL{o1- zsuOZ4?pFHb+P$AI6~};pTf>?U%HTiI=)&h#Z)CijKeBx9!x(oDzRZ{p?)YILJ1B?P z-zzbgZEbB0NW&a~*^+c3)ncS_#0H0c<}b{X{LE-i65K0i9Rb~j+Lr#h5InN5CB}*T_JyyPXOFLBrEbahSZ8Q54ib`UH7jR`g=Z5(2mDI{;8RuSa@F3; z6qP0yWtC6MVtMrxLS&M3l<}pD0+-&9QWhS3kbotI86wZ{9u&ziqv!;XnBjL^DpB$fAPxZlrjK^=C)$@%6aVcuEP!gK;+1u6Hs6J;SDKGUqMk*$1L zd6pgXM2?!q6b5e%1|?tz7WDuOpovO+alh%7WPA9zY|)7*q)J@jC9EehWPP2o!A9FI zgjP5YkHBzHbA!I&(SVfGx*!V^!x}yL#mKMp!`#WdV;Ko(;@2Lj(ic^lVH*gj`lY0e zrp#=_c-&ZR{hAvtnQdG8JPTkUo9nJH=0^*ME5%Z zLrW1MPW*vx7bHH1<-2?Wu(~uk?uowIc*CrWEWL%Dm?#(S$Nf( z+dRFPJ~Nm237cs&*-hQQUwHjpMu1IVFfI4^zRZDg(CvugZw?1DQ-b?sj1z0LR<*%x zwFD0_8n-WogtSSavp*T>vgu`VFCQ?>CKJ3U>Zn_9bUBg-uVFwW&`+*(4+6p1Do|uj zM*&$apzc&yn*yY`-*Uy=i7a~u4ZTuF|3DHK*yP+bp zoifqfQ%Gl1<8%UyOKz!mpyo!ZAii$Ft<|7sIMjX;h| z+p-+(n@ewVEe;j2t@l7Z2@x*TGY2hB-CzQQi^2AjXza|I&D@U1^yOtt^7sD4)xw)urGhPWKDEv9HMRL1T zVM8s-%#%oL**W8H5Ybmp9^KWQwWm=KcMd!UMpu;YTct1+(GyNqnLQs*{833bT3(F! zr;h^}o2m7)&J9KegDLT6y~_nUIhZ?MYTu6UkWUXU<2U#w(wyFF=n~dWB)-U7A{Nuo6V}41&#u&CnR8w)S>Zz^u zVQ->~&m?<8c%$k&!Mlp5kI`8?gbF_G>E+fsEL@1b!$NZOao4GV_U7DY8akTkDRR1+ z4QxB7_#?tBAP#NxL&`N{D&hG0o&_oK(5- z4`**Po&vj(SlzeMb36C%uuE0|Ic& zpN9^K<1ce}e+Y$}r zeuiJhj_}zPh(Mf$KroFyQs;fn29^+QH>lWPY&HWH!rta-f0Y#ZqMG|8bK;SBmH>kM z5OoWx-VEf=n&k3eB%{~uig}g764X3?3hB+$?NX{XgsG2y| zI%^vgkZSl_Z2x>g6i9nJw;mMoTNvlna#hsx%%D7^b(?gue~KQyJt_<`t6y;K+%+2_ zhtdgQe-a_wR^OlmN4p)|E=PkRjSc(hu4-mK1zrbi`Af}qQbL^?qPM53>HFFr$TI*Q z-Azk+x!?I;L+TzpM_~#jDiuuRoO1F|xm|SIeoxq$7T@dE4sLWN3|dUc@P8slVp=7=c1^nXhbAUC@2|Tw|=adWGPOZC5`4j`*Jy~ zy8M-eTM&%IZ`HCfaLPC-+LBWm1Th$*G04_$*z4f&7)Y(r?gN}G&$XkCBF`0q^hvFt79ZYO&Y{q!@ z-RyvQ@}uDM=Xo-}k&U(M@2>E`6Q<^ei4c&oi;a4+qJeSbxkN+D*1e8h*zWB*LSe19 zcQdkF@(-LJL|AK+#vo2at2>HaKFm>KHSU?x^L`Sr`@z%TtOK=M^|zYw*JU+Jp2GhW zR!C|)_-Wl(3@7HQ@EUpwcKI zGmHyW7b_WBr=4N;-8~f_@*Gshj26LTLWq=M;C#&O949>ueQgrkmDxAc0dy~M5Mg7l z1uLRP!43|GCBr2YI8Vms>lQuINERZz!XrQ}sX(rZpgCLTb5KAJCO%1}RX;TJ9KzR? zu^5USx20)XUtKFdamUl4CX5hV9f~!Hz{s5qpU;fnwk6$}Qzn)$-5bJ= zYkLs!VXpKogq$g(fM06ZUzRbhXKe=tYJE)ADED66%{NDbdHnN=LPb>ERFG!ooN?W+ zK3WfbP!mCm)zf73`;X7R>I)BX%W30@QdGe)wgyy-4(ykF`mchh#Q8ZbpxxA#wN`W0 z_)Dg_^H@MN>TfAtj5UV#?E98ShZC*0l(tzmvyc5bmq`WpiFYK-nKNpC5MZ~j_!|!| z=k##d@~_b!nMLXB?VOK(&wmqsEJbdaI>gN;ecq3*4@$@7Pl6sXF+gIuH9*pYb?|Osa%S})Fq1HcgO)~m zH+B&9)*4^I^<4`mYN%bUeyLPcrKxIA)FaSgOBTT%X42%|=8$TZz%2uB>_<36xyr)P zL}NknENU5g&A$S1S5vnyx2vqO2YD-H8EgfO9o2)V(8;~~m3a5e;}p!tuiAvv`d*=M zyr#&@NJtKHl9%zl&>&N#K`@v)fxVSBbDZA*GRPFo|IXXBH#c1)2>qO7$S?5s#{mJ zRuf`2mUKX7g78zpo|XwkKh*{)SCYQp|Mod}f>80>Z=r-3Q`L$_kRLjh$Bq2=XkA~qzr z5o+uXxkdDUdgQ-YKAtoK=#UB!d+11E*$AiTs>Xwho*?hFi!a*?df_NLzIGaJ%j<=! z(Uge|5&BIL=M&4btiH_%qh%su+TWIk*q6Ys9%ynRt19yMd5T#*tv9D? zLpTA6T0*Y&5l79&A^PZ7rUmIAxY(TwEb3=hYcEa$cNN z|JYfzLG~83wbDyyyq+wvzf!Bbu$UC(ae1kkt^H^v4hOUs-ir$v8T)8yF7u{FPDr0r z;a0%v$_kLqx~ni~FVb^%Err@AMU6O(1QR6G@_X3!^z^8W9>Sl#`@AB*;wMglDU?#E z|09M<8rK`udP1(8hr!3_B8p4CE^CJ9qgTK7^cIukNzGByp>uX5P1mJzpktZKwx5;L z^GH;jla0I=G!^JrIdgN#a_SAb3wH zA99sjbi$`(%9nWO7}?bJaH7(q?c1!j6A;TYug3Ccn@*CuxlIy;o4g}jB+V{fQ7$~A zM_rD`u=G{)+;{k922(ZI7f94Q@jV%rMarcW2@9Jy+&ZwIC5+1WU#@O-IbW6)<}C62 zDwS3sghCz!hDb7Jdh4gmfQN)S(sI0HKz1~oN!>#!ah(;rXQF!AxA-J`cJESjd2K&{ z`YD(@yl3;1dXdA;&Fwe*Y+T!&aCq}CH{oYjJnslUJ+iiUz*v#A;Un7&@uZEthL#b|do$3P$G-uAq_VvnN?Oj?9JfJkx5USN!d^5w7ijGzXpP zEv`19jpa(5bD9<4(GJFp^^A&PBwbzAwn~N|Yb11ky9FKmGBB9E)<}q;GdkDpf6`u6 zHve^=gTCf zhs>K;Q_q>cZ$;!0js_a2sK{yD^WTRXMbqokBm6>^Ly^Vg&+z{hmecd$$KexF$2kk| zeRB9`;Dq~=&Dg=(zx z@GaikT@&MqR^p9lxOl8#$w=f+iK(<dI!}|Qz_IpA;GR8gJ z3Y$6MU_g}{e{o+Oh~?PgAyXHjIG;}_y|8>&6)iVNWDB2&M%P;Xh_bb??fVmB{!L9= zM8nru|KV_9Yov{{fFPMU8C8#g>^k@-GJyb3rvdb-OF~WKD^`sO z9djwUlAR;XRPIWi=y!c7cbD_;w72(V982fvu`&ST08>L!PQr zA539r3eS1*R%Dje$KoF2u~5`#8Z{))lWJd$l&6(NtE$W)7RUQoMd|0?u6Ua!#0>YI zP}-LXjqXsHaup2jVJp?FdmoMNpH~h{m18W;gRrt@8QKq@0g0-XFs~v_TWa!Py>dBIy+}rB2roM!?5tkjl`XrIAJL;e>2h^>{1m~3 z<{YXp);qjy5Mi#{x0wDW`M@~L563j%cZfwZj!$tH+pBEvm z64=Scz=ftA838%>PQ|zJWJL&VvyvQ7V{*^V;1_qXfopWHWa2cZD`rIt<%63jrfCw( z+culma>caQZ88n~sjb$sN<=|NA(ptZvEY&}z)44iUn(E+ zT_L1lf*WG5AfOc8AyK^&k1{XMazwt+_O>jqiiwO=0%9pfcA>s%7Y~8oZ?+wyJFrni zz@mZIgTQg(2+_CXbF$h5bcaT~X9wP-^HVgx;uK_Pu0l|S*~G@wyHZZ>{9>biAJ1Rh zz)xoSCoG4QfMMy;>~nN=x&Bxad=f)&zt`GbzpZ%(1f|Oe+`UD@oah}W`OWhsSoHst zY`iv?8>3vkMp9?%kCicHpn?t448K**lML!jj(Zp(RH&gmd{m{3Kojgb*iODi{%ABG zgjeF4P|8r+_Ab)x2N4DlQ0x%roO_!X)f9-gCYT~G&+ryXC|-K_FhYM$1n0^w8ekJW zq~wAwt#Q45?SAYT7by*_#xsXHPk$m*DtvqN`e#R-YXD5)mUUJkUY*bdcu?Qlc+EY0 z(e0n+Y=+UeT1DDYdUqhRSE}e<`HPYD(u!>*QuTAfcdp&>Nn8M=0LS|fQiC=f9hHwS zj_nN6*REG#l!z!-Td{a;>;?nH>>`upE6g^9IsJqpScOs^#}cx~2fqtEQDRVcd_&Y` zZMXdF)9xcIO6{XDdm!@%vr>~QRJuWj7VZ-!VBAECV{`^~?;6`DMmpuZ@s7aKl%X^k zGhYazAjFC}Gq=Af&2d(MinmqxJtggcA16<|sJBw9TPt)*;`b_&8wZ&SNe>BJOR{_f zg$@?SG46)>QukuzbVMl61CgLtL*c3?Z(f|#{b`? zz-#Nzc>?%R+G6jW6XIziJ&dw$>uP6?sSYmp4UFDK^p+)v^fe`RzI}A>yNpt7WPv8c z7^nKIzZ>gt7iQm?Ww3oVRb|C=gWzC^a375>e?cZ3CHrx5lBk!;Bs6ju}IjGYGn7@WMf|Neqd0N9B2 zXk+-b^vZngYWk`;D)T7f=ua`rrqJl7+17(iuLZwfm78;)9)Xqs@So`VUi$ zX)H7LIi-Ugrm56-bwa~Ff-+9!trIlMb>MSRc=GpktKT1YfZ<&LpwY}4-8pWEpQ>B5 zh^0@eDzt2DvA|a2;mh+IzD1TUuBjBke}?B_M_0R+6dowB#@R|kqZ_0AidG77W~GsKW#%VLGVwzMTOVKVp3C|jceuU1v?wetUI8GG z9RT|#lf=>SFT9t@Jg$p~_59GHC_r9w&wX^K=>nP(dVlxogIFp3uO?vOk=uPyQ5ujt zK>J$;&^&lEU(A8Ot#II#55yHmdxH}JIG1--#u;29V`F;&hR5dh+kv#lVr`E9BZkU8 zJ$pd~B0)FnLG-?@!RG=uz&~Bn8*#wkOsbU#f01*D9&acxRlE!=7uKu3M-dK897h4r zqGte$#|#+bzd5fBATa>SSuW%tf3)afMH#(e4PNBDrri4on~<8%0|xCO<`_60=;oM+ z178X+MMDSEE13wdhYJ8+Td1U1t=HfAOoMl)Apow<_^hy`#D1pc*$oGSQOr5?_}Ke~ zMU$Hg%8+pD?n@S^b)MuO?Y#?ZPc#4Yf*f>L*cK#?oIwF3fYO)<2oKkV5C!9mJRkJl z8ne#`iVb@2pNvJk^bE5MkU>rg4vh?U22~RTAMV3CY57payQULcuN|;1>~#AKfdTcb zoE-X0?}vLb3~#CX|HGZa=_|;u>PP2iI>Z=2&&K7)O7k)DmGrhtM;7_akzu&+gsOAp z@|G?~0Q5w@<<%|-6hchd4G=00fmNy&JqGv*4fTn{Gp;Bs!7YuYqh8@`tK3KdGBNtr z2ZG;SG8V<#UbY9Z{LN0_#kj~GUiWkJ?rhs{ol8+Y^1x}n#fW}+xejA)g^2#pW60}n z4O7R>+&&=Ovtyz2*tt9HgS%!@0d;^tiThYEz2%o!lOyz{fkjxzm5daO^fwnLr}E}C z>`j>O!p&d?7ng6l%VL}C#p!-51&cI04-avk-Ypdsm6>`cN&vL_9zeg`96JDP|Ds@g z!+VR?IY>e?{a%vytnD=22zU;xF4$>B*PEU8xPlBScWBzk1K+@p4P1 zO2;-T$Dwx9+qh?VdMG?mVfn-!esgo;KDkkX?utCW1su&tV3jdH=*$1e{`xB|@_Kl` z6Kx0rxxKab^6oh@+IEVzlq&Ugy0Y?)$lGtVG0PO?h&>Ij3QGl|)rEze&z+nK0I16i zETzVEP8`_XCot0%@Fpp7ILo~+a#(=}E!Zs)3!prPjfPgj;7 z31@1QaT)(RvS80P|1X^b8Os(a81aF{cN;bLH|?aa=5e?itc z%6Ymf8aTNH0LbnxaJ$hzvW^0XmIc5S1=ybXKeR3_@aKHjDt%LdlmzdtLbDviN>-F2 z5Py!kAs(Q=yu^RtU)>5IT!jHT=B-v*(D$JsRbb@?@W^n0$4qrYGXp+R0Qbv`&rMhL zw6#@Uyb!wiJ^*?L3^KMC@ zjITKJYgNRoY&EzxD4lu42Vf+}13(JZXvSyfzt_?v+_E3xXT-=3W{!&+Bfk9XWX%W} z&anX753~~l1fv`9A+Y*$cdpj|+>@4;mL0&10K=ckz~t2pAy4|{_7VWL{tB>cBY^O~ z@2TI-V?9V<)X$)>E&%M`%Tesbl?l`)1+t+Oh!B^b;t3P1#hb073B zrtS$&%#48i+uzatV;=6BI+1X#UP=d6=#>d|RLZunIZN=RIg)j_%bVgDZqPRX)U4pu zE)I^v@X-rdz6ZE&kxocwXMTW_Ne}7(u0DV@)mG{>AhyB` zafZi=oGlIP&u`ckXipZKBx#&!9Cbyr;^f@M8J2UF-#n;nOqvq9_K(X+A6GqaGy*j@CV;8| z+jDK@Jv}{*K;dtvGQGyU(m|n3sj!%31w2Cq&Y)Z&Jm*TZp+@i$2`Te@G*B}D+ib#% zwKKqy@f{fCtjNxM(|AGZ?rc2|fE~I6)M|m(7XZPK;D)kuAFPKtB&9-Rr90*I@q0jBK5hGQA2VtUWZ%Y5mOYSSl{I=0N$w$y!Hdir3X)*Fx{ZSH`)OZ4++2o z=jo1RV>=vp^!WgM14g?ki-1~+0RV65e%RmrWH&wBw7l`rTR#}Fcq)KobvfuNa-ny5 z>*+{fx+DnaVQi3Pcxbj{%zD)As!IbR`Jb%VKkYLiDkC5)_N7+x>cclgWO&HCs^7eW z-^U3;xmI<+X+^{69SPF!p0+7ifG(Juo7>S+?6CsCT!1no8bGU20L&p(fU)%gz@^Uv zq{v(0U!1#d51*}0Je+7MNCpA88|$@jCJC+NT^9dkb$K(xH!_W_FsVsn4T zOV&2!-XCTbf0{M6USg~aA4(=l!O4SZ1~mz$pgyo4U#}TOp7;7pXL93u3_vQ| zHVg;(zKVM)_JHO>hCwdn>0lk+c>ZL6-536pz zQZ={R7l1l$ve8GHMf^wYOkyaCPhdl}U9o)l#Cg!KD=FaX8PUpU+|NoBh`HX00F3L3aiO zQOQVO=;xX4VPxBxj3L2=<_mtofb^Ccgysr zWa`hmDrBs}*DcX$t+?2pAH1exR})1wOl_PVp{2R;HVvbQ^*b3>QcNTND-`338=;Sb zn_JDx+XBQ2i(&Bg+AUh9^Y32W3UEC}C0HrZ+L#r{Y%bDTt7u-*vRBhF!$BnN0X0Q> zgPY=)3ni?VmVQcl)>rc}T@^d`P6)e|ngWyi>#()G(OL{s!IiJN{)drZL$>=f$JYDz zzV7Fdy?6g)!cYh6tpIV8FJa#U-gO5wu(c@fT)+9=ezAFIrjQp5A*MKY`+b|Fb`Sf52o+sRA`2hQK|-S$;tTK-MRroIrD zjDWxrW{2YVit@XYu0^wDYVVs`P0KAD#%QwCJ_q`l=hXie*ug&#A9W|J;_L~x|5TO| z(sPt)B;1qSWuN%)POEZ;zm7cjzFl#2W^|v#a%GOCq`QH;f}6?7@}yY>_s27zDTxmb zS3_RdagHrIqSncK=@BC%qYT0rs3=IYX+n1wR##WYa8PT8*rV2$U;2IvcjM~vJgAPc z4;9~i(*sh@f6}PBt@eIQeeGE2IozSY|E$6eUvSUDnO>a2uEY`$rOc@k$J2K$K0hB8 z<;+zV);Pb`-oEOYTFmaA#G((3ehuxb3!{FMMkka$way3U-um`Dt~c@jm=i^+f&530 z*1_WC#fxbbNk!`Oaa0pc58C%1HNBR8@{j1fF70{gV@$$)2i|LFXw<-)O5FdCPdt)6 zD96t7`NFS=C5~5)Mvv9{GZp8nS6`^s?hcNsI&`U9NH|*6qxP%Lic6JS;8BxHL3hpU zB!V(tbKvs3P!Z>{E9nrqI6Mk4^my>dj`xpF3)ouf>#29*vJ%`~*f^HLd9;wOTJj*< zZlN#KL(hCeI=^ao(TlXGMM`U5>iLE*y~vA;`eim`cSi<0Ngkt9KJu8r&?p{v|KTp7&o0EUwvgK_k+>pn`#d; zY#a^OY>a8yo_KX^*VNea0@KM6YONJoYSY*x5v`3T)n!44IusmeJXZ9W8-M*QNoLDp z8h)qbGtkAIUwG$9NrvA&`^faN7p?2I2*>G+o8)>$H-3Ef$L#$V#>%X| zg8mys`kM#Txkb%;wi(=YsgwzSnrI#x#lcKFb#9~EW$s93uS_@Zwi4cqZ`(9mulCj+ zzr^+|>Pp?M#VSrpd(g?o%P~K$mc2`di**+ti+k9m2`a|yHgAR$0%>Lt4 zzsbXr7uY-lE60s%Ht(30Oe|ydMBqJ*; z4J(Thkft7`Mk}4pxgqpLYr`F%Gktxl@j7w&HiwKPC)S!+UDJ^?r!F#8eE;}+*5onz zRgQ!)#hp$!{}vlYe;fHfAx=`zBs~Xz?e?N$3c`m3yJ7b-np>}LCsFL!m}$sq`^F`j zN8X%Ed20?XWG|{)J9Xkz>2{2#N^x08@~7H3$9lVoSs1@#m15cS=5y=z@Q43}7?uUU z5O~ab>KL8C>gL9ZJHee>H0nOwkx14bZ+P({1^%}Et=Dhd$mh?Yk89VWjnT`OWR|+= z7JkF@;O6vwO1t^D>r*dw9dZf0*#V*`h;yZITJ!vHc*lPqp0rqJSQIk0^u??A>6q6h z8zh$U9PisE;$W{Q&z~qfvFp@lCRNwuV>J8CT7;M%Xx{Z>|Ip5JWs?%Weobk>!l{N& zj#AqM#|-@VlamYHKm2WX=(Qer9Nj{o*axJe+-13(Np)V(S1_)^ zI*4!7Ev_X(_*P5KhxDpvbV}AmjApa;iXr|c@WDkt;oW-ShgY?&|LS)OeSBNAW+R=tigYfAJud)- zuy0SLLs7Q@7O%*Aph0EzTgdsXFKB3&?$dTD@J7uxD&Xzt>~x(S*C$4*dyO79d@OU* zKYo1JAot|Sll zENA5wKSxuJO?8tn3jJgJ%@4j0R4X1+Ty>Xp=%9UeuB)y+O}*&KjI9qq(GTU9@;0v% zYgNm0+_QHttSHwKYx41TIc!g!J|!JdeJHbaSFXVV{N0LBc7?5z8`<~EQ9~<7X*t=c zujIpj9tASGyI7$&JMX(!dSU4k+XE=;(G4kqx06w$|b5 zm_ibVC1%aH55kVQ4S)R+@Gk0HPvox^UixlG97|#UtP;g5e+vyBZW-&^AUg6v1o{i` zQ3&i3ci_U!w{MT4k+X!S*a8f=<;87;4{=kx=6;0p%6lbW`riHW?ORoN#{yCc;n-_9 zh`b4PWo2bm3r(J0pGbwN8k+I86q@^@7B>M{ZmtPG{vCM(v_MIf(1yeBmAH9Yp>ztn zaihL$Eb+$q$7S@CDTK=p!>uwDqdtHmNKgtTfV>}s;Tclxr}2p$+(D;v)MCf3UDhy} zCTJw_tAb%3S`ef^RMiL3trfFwTo<*)G;hZi85e%~4Lo7!f49raZ+-FN1%bTCd_B6l zk%j4z;rK5-Pub5>1rT#u-6RF_iP2V(MNwCG_>sx;4M~1WyHWK$nu`{mi3?8A)YRN8 z=P8CE?O=GHZi9iXprD|P=M=x;W7BXn9G2*Jb04@g-Q4O5PyN*5Vs<#J)0Q}Yx(+06 z_UET902bBYvU@u*@g`XT@N^~*m)Hv5g{tB!eeC?JSFdVO#I;v?dq~>1QScpwgoJ8{ zpDTHG@o*2j=iNC&la7GdOb_fOOh1FxZ^mLuRc0DG z{-!&L!p1eK!&WiW=Y1^F<}=+j-K#ru#}<~gIK(=tUgvFm>&LPo^vIUbsA%c??)!=Z zVpKg|I&G?|67psD^*DFPVMaf0Y}R|$Jig?5qK(|t;fcM_8cgmskZ5zw2xOf(Eu5F& z7iB2xvPa=y7WTIswaPD^n`2y7I`s z6|=0N6rX>;0r)C*G~7uJ5ZsE`{Gr1Ur&6?CM@hzMo^A5{@vdH;z2g!%$W}%Vz^2~^ zp3@}kuS;tb%|3Bxx9=+v#(}A4ZhkZ2kjHjWQD!X6dYoY|?3k|}E=3FL3bTe0bW0?X z0Z*H(9aH!ABV?BV6f1NaJ9acqk`W%&vyE+Sc_d`R{#`c9o#^NyGz_1=d^rQ2OGred zq$7;%*S2J3VpL3ymLESHvD~*QD)JHQd$RPN*_tV@0E6{e7z%|$F!7v^WL8+9P}rf$;B4DA@>>ZJSkuOSLB*`nHy;63={#K#&AL6-1_ zc_8myQV^1cAWufJ)=!`2GWYr_ND$I*cHXn&fyfPEMj1~``KJo}SG89i0ftW_K}SGJ ziUixgzz9iZjjEbX`%w=i)J zuc(l_cOw2^_DUH^*F+%e&TnII6rU5SOJ8hy`WsfQE(rdzstKUdPjbQ{=azO1!Jj=&?|C?{t}vij?FUyfBT{zZ)BH5k6D zH@~4@&kb95dYSK!o?>rJhh5r#zIz|}bSxuxf&7z0A7um*Yb8(zRGyat9*=|S2pX(u zWRb0h3GxD>Zoj(fJv7WZwv{w8%d@sW%Sf)m4^|w z9HI(86g!+aY4|wl*~bzm6I7l@C=Ii+UzZnO?R5K^V4r+_2dner_NR8bBou??CWV6g zmJ}q!_#C#{a&qucf7#j^)jNidHI3XfT%hh@3x5BzgCTot<%gZ(4A0@$jICEzcUu~Q zOE5(U8}^RTNq=1RM33E_82mBnyQJSk z%i;44_C=+|PM%%Yg(>?cv?Yr&@uQS}%gvhtu&v5)ncGQ>n{u1g!(RK?u|}K+=UsIt zv7QL)hO|3U=~xYlD=6?HiIfpZV_f7?{Z>On7 zZq@e23jFJZPm_M3M&?)Ol6>d5U{mBeSvjAIKWBN5kQFXcFg$HJxE2W^E)6SbPPk1< zaVVn}*xL1%e0Y$kVpvxs`9Q{f{1zKS^k@}VA6bvEslBn_3rO^@K;dn1>qg>L`}>DX zC-JXG@j8rxL=~&+4|3DP-Lh@o+$V7~X+MSuRf7dcDn3*=!HUSo`0(s}%Nmf#Kw!Q#-mogexAL3{rI53Rq!|Q0?DoBxC z6eqcx^6ekND4((5tQ7d0&6MYHQdhdWBxk>uVsg}I{C^7r84;o*5k2E;N>yG`IfZ+L zTNI!O?*9vprhuBq!NGwP_ap}MhA&hdiDCQl32Bcw-YLIoRNbT@2j@xx7jOZzJvuD` zihRVVdWi#JFLG(SQNJTp;#YQAi_FM6(dhmPiTvZ?5If=Gk{4?~>&LaLPbR|MI_2~` z3Mo(jWpV_`LIX)|LM(@Cxd<^wn}EBoVR0-;^k6M}u_mfN`T36{T8zy!!!9Cogz%(3oUD@Nl%G)PWn)ATOnvbB6#Jw(Pc(Z?CdSCwKNgN z3m<)&=L4yZL2;p@6NPfEEmLO;aYjwid%1Qh|5VXo+N$EGH6QapDv{)p>u(9X~h=oI)&<9`Ng4D>`IKYVJNPkMJSKCX!6SQ-mc->i2SHA~b=;B+xcC>k3jD63Xk3~6`$v>;)M$*Yh#@1gdAJWa zN08eEoiG|15$EdF%O8E`KMl)g>#g95K#`(_Zr@u|XJ^hAR8$T4yIu5m&HQ{(t+nMD ziJE#(JR6?Oar!%HPZHqAZgBtSh^i0wo-(=Xs{Q@R3Pp}$8Nd6zhJ(#OWeTG5@fva$-f zW<$O>_K%P)-8a!V57P?IqJk`uxGMl_V44KOhR__H$`m z0WL^4^NmZX1PtL6WupA|j}Ox2s#;46DD^N)JWWo-OR2!J`j?B3rOIj6OSV0> zxv|tGj5@p2_vtNBXzN~!Azs5it+P2q4KMgc#+Bnqw#wyvc}oDq03Bul4q z-QE*k?1 zg!F^?Vl5(euND_e0tp-h_*6eX;2(vmSbS{}8aLDxn@BV^&iMCfbqmNYn;r~i-VTCW zak;0J)Jp&OK!qhCklB@X%b%ll|2fMNQ%7K1*O>WkLi;Fc<@5s?dJvP~2yMVqh$7`y zfGVCaFX@ruFZVhS!VYYXaIq{=)R8?>_G1Eowd(xD)y z3+CAT`E-TU5XUHoJh|3%4txqh4US%V2xuBOMr{Eh<$nLazVSHQOR@Hdf`cd+c`I35 zg68UE_`w6z;4+NDgY$Hk0^6N^B5MOWsgT8)G4;0>c3bzoy-KbVoKQJAIRt#DTKcw^ zdEfq|EmG&$N#%u!6jS8KS7|qYjE>&75n?}#;*TU$5y%a< zOns~0oW#+G(#_wEmJU!ziJy^?K|-XaC!P;@SsEdGP+@6Y0Qs|QWVZt;LFITW``dMG z(aLwvpn5FEC#ji98?%#hGYZ(=+S03Py-Zfy_1)S17~P!{j7F zs1VzwQTK^n4s@x!Vx;Eluk^M?zoTz=3`@1r*A|})(8S!mNUGe09I5ipxrAGbRKP?b%b;~1%Y+Z&n)#a4BI_ovF&ZhdwMUI4ud^&3*OOA#t@~c_2f3M~}Jj8@8t%&dZT9p89_=GbbBht7ewKgxXKpGj#-#b+njbQh=i zz2i~irWK#hmTr!CtbvWG;SYAh;3KmX@f*TPy{fa9>U33Tta?SI&FmHgQGyoQ(S!)L!XB z`A-XiSSdIQ){v7LOK}Kw5jnZkndvDKb}bEflQ$tTy)B?lyiU!fGCuclZE^myviLyK zft3VA!W}vl3l@+@<$M`no(Mk0{b0k*$G$=viJB<9qIw+Lg2(*NH64F)8yNS0fe3@sKakY8XMom^NZ@@e9XSbBM zZ{z=0-0_biYq1t=WhMWPBoh)KN4g8dt)`}@H!Od88!IvWQXq=Z0eG?MSi0nTAw4=~ zi+(45M-oBtMdKN?#2po@fuLG3e44#HQ~Qd&qwfT5*CL7eAYhM zsy*v9fLvsq-@q`F58~-jZPVlC4MiR!!F90_7oHDo1NuH6#7F8`q%i+j)X1#F5lO=0 zNT^>LD!0wpb_$E1*(T?4tKy&HrmjbG%`2sT2z4h`^$51Jhr$UYz<~yC$K?j%g7k8@ zbFVL%f-kro7sq|Zd+z&t-E{#(PYleN#^rF{J6b8z3CR9<&E^MdgXR0&hU%`0)9oSE zETYPXpnO%A;hFRMgW_%2qk4Jk(%i&aN-5%mgD4vRz^E+t0lEM^F|#1fycrQ;2B*~j zXjz@!Uv}N0J^$sH350oT>UtY81O zLLo0ZTL}*h3x|Nufy@iz75flhXdNYg4HeWCx4MAg(Src^RiIBoxxW?38i%OcWH0|XrTVJq z)!D4cXC&P5%2+}vpvT)WF=L;a-X@VO&(*m;mYZ8RrX($;v)FDwIrpE(MucNB-%c0_zprtnO??$WJP;b@%UNh9?rfHmII zjv{OI$r+r!9Hn7F6JpJCCU%$7YV%Y3EdB4e-!)~R7EkWwF z>WjF=6G;E7PDA@g1M)>-rpyS+n`%(^- zaf+VMcJ0U5O8PaY3=HmVdWXX*X3Ud&&wi#}P(LYX%KJTb>!f^_E3x_7w0(F9xXmC* zMng-Nx@ThN(FcQ(+F8dE&|dF3PF0p2vS1vu&fwwZlDR*$JvH|~ZB=Ra_8xz+F(ZC>j>*j5=ZBQp z=7W6W@d&*ZodTVCq&W)ZD_PDYelXGN+wOH-`*)-c9~2jF*S<3}a~@MEU9H;8-Deba7Xq9~c zy_2pqtoh*q0iF#ctP0VEHmV%001+#$FG4{yg8PAU{s*>!_Y$pIR>S0{a(udx*EjP5E%1+aBvY&7at%9{qqqzhvz@xvKxfHzh)9mRoGzYq8n;V z2CWP%c7yMZ1d@iANE8aj4HqhZa}uZ%=QbAd)WGBAsT&q6)HUIs>yW9mAA*~?G_v$Q zl)4H~ATtvQV>%o+2hbs$s+=Sm)`c*d-+J98bc7@SS2A*d{mhk`7b{#y$werc&r)z1ol$|`sNI=smBe=3}l|L2iLCm`!cJ#h_$UBz zc$b5t0MS^Ir4MkE0gDDklVba!y*HA+HMjW=VU8zkxHo;U6M>`^SK?!1zsg#;%ReX~ zc%I4gV^XHs!5<%;ei~M$dL{3tr8tw%6Y{>p~ z^vZgdO9?|on@8_drUcH5sF>3HF}obO*K&ITqhA7JU*gULe>v-ZLzY_qU4iA2_Ni23 zem{=Hn7wSenZ!|&OYd~7?RV{qri__L>Vy)eT`{Y9bj!tmy6!kyP3$#azm4jTpHRg@ z|EsI5ixMZ|^cf{b?P!urRt`z)Y&lU@L-%uc^7)p-#}+f`N*82iWbHbWhZI6Tn`k(Z z(*px++jF8;^h6;HN+pc5oKO;$jp_OQhL>v6ya4NUas{XSzgl1y<+6nxvo z5~8Dn|1Ku|twnPXLPbO0a8@zSyFG-}c=6Rk#{H;#M7LNR@<99aW%1&Q$2;2rbgXle z1ERf>lF?OIQmG34AUN~Axqk~pT(-H?ix69ku2lRLiXd|UiS)0~LgibpshO!JaAr!V z#=P+3ZO1>^-f51g7HK|oLaGSwPgJNIFoaNFG<{9P#G=ac-6t}$tNU=-*n89eFTdyn zeCyaxDWBL{dMYhk`j}J9xZS0nS+bgOY4ytDA|HfgUlq6Sv&u(?Hkl3NHMl;sTYB)2 z69ETGH!&9yITL=}KW6mkR0@;a!$B2gWhxwa-@;igkGD~w;#Ni1bp87ETQM=A5-l<` z090fMI}A3JL1YS*IDjGbfYFaVoziTb?rE5mFfys*ZTl&g-K~&1!f9`1#;ds!)CUTTY z^f>PC>laJbn^z0|uoLfAIiIQzXKB5E=`YG5vaXb~z- zi<|ND==tum=DZ3%AKr*PGRV6hW7E3aQ*r@xmLSuPyA36h0b100JN9sGNnlhYG}R6C z`;=XKBte|y7zVknc`1_sF)+)`&*SZBu2X}`ttlNrH&zmyYKnH8Jo=tB-z(W`b4Twe zR~zYTmMoF1@S)5ti>W-W#B=bwE`Bnp(3w#&dWFwFdO8m>x zWoT(C&u3(2dP$ms`TL#w$BHF*MxgG;L0zfoudiQg{pfq%nkJKtA6#R1Mqr6Ce{F_n zTI7Gi*+ac+R%iv%|FktENo_QEYP}MpCtz3KIPJFn@`qA}bT7r8t9 zwze_*sE1@40$Sk_-DafCJ4ChCP0`uS{`*5C!D*(o)--zF55B!_w+vJL(lo)W6I0K; z%H?acdwjcrgl6nj5S^1>J-KwYFn%lZd!Y1{j5RFrj8cybSsB39UcF6hds!mgHmGHtt})H z+Kj|{Kklu}#$_!I{5d;Syu8Zq@gD#0!1FDuQx)11IMJsJQu2E^vr^kb?&4LDIfkVx z2j?M6`03D#mZLqdvGmJ*lc|qxtzD&0G6002>`{pkF_Y`-q-_ge>r%8;Xiie(BX?o$ zX>>(5S{0V}SvhY>NFo8)SZaS=Kd?QMFEh9Jzv;}_1!q%JQ!=3W_mw@(7Rml|@1@KJ z0|#E@1#*_Wuwyg+9lcl|d5>g%p#F&v+x+Z~h;`{Nd%^s4v11#hh8-Fc*g5C|h)y7_ z5J_74Aw>$Hx(UWZ2>`5Wg+`nAlm(h55wmhn(@anqbMB%$l8+t2&Q*i0s>{^VyB0U75%Y4R7m35ZcrS5&4A4>o*aAepPuH|8{V zgGyC!qh<$Jp#il9)p~O}A;zZjbF3C_9V>%lakk7ZxjXVdC;YV-;py(qkuG8VbdUYk zP<)+jOJ9%{>j$C8hn#XnJ?X|Ts5do?dLPK2yS3-8y{%&FudG+wD*j$kdMmef{pYE& zBf&3i6ZMRDGF3g4-QM%5Lq_YJt-F~66?0;t>2`bpFS*F4?$MeKiF?*F?t0 zAQodF!UrI&Bw>6qp1_ni+WsZmSIxDfQN0M$pJuZwzBE$IYgifBdJu-eEc_&3kt z)Eff9K{uO9!7-Ckmy{ST)T^q!SEq5k^pA(HDI@EZT3Uw#Lb){<-|xtr}I zK%$~%{7~($NVsyW*fbP0_#)58-o*_vQ1+cFRQmk;et>umQ~lQE@riE&Gs`&gfO)MUx+_BCf`RuOfKH)$&9(9dqxCxPPyo5&8KmHAm!caI zbLiLs%^wX12Zwz}IwQg4MLnP4xj6P$^gOICdAm1pcTS+vyDMEw*MbEzqd-*>f`x$F zEF4rtk4_uWQ@65Tc0Js2Nu}vs>w^zLUR|!G8HRd#8(Av6phqKlqVX6P)4-q<2n9@2 zZjRuRpg-jCvw<**jDhD5pDB4X1A6nyJ#DZp-`q4UAMd=@_bsP*SmL-Dat zMwfG3iyi-I4QA37Ym5wad>WcDVw<{8ajmwiY8HEb&-uUZTiUmDd;K91&(W1)QPy1d zUQMvRRZMuxN82U`U!}h~d8y-vi25_&RmHIC@O*|+=|IiBH~Jl;(U*NS^Xf+RroT!5 zk$1McxWzbCzr+5CYNZe*XAY=Enuf!MyC*Oji%H`0f-Ga$yqD z5ZZR|E$3V?O)=0ym!#jNXB^Oa z@+;me7a1$UUL_J%ukcNv<>zu^1s`7Pk1{g+<(Kw{K0gRLdlewZ?OD2fqPJ@}G`i>1 za;$DDO8jQAaw^WPolM;J4BhD?|4KgKWq09P#E*+nt z4@#O_Hl_q7ceFZj$%rVQ?X!|dj@aS#YSV28Qkw%WVIPpC^W4FI{REf2n&jBkZi?o& z5dE44L5;KV1LU5sTPsTIa#+;~%M`qW3QpUKJA;G*#Y5HSY4XdJwGU{RUE`7KRKrTA zizK!+#TJ))Y_dVvfoo(RJbZPp>?t9e+KW@+!4soPJ5?T|K1ESW)NS(CPk`R#E@a=w z$ba?UtpwLb3DXYY0ijW?_;>-&5tt;E!fD>SOLn8&+6OeY$9EPt7f~HMyK!}8OfgDm zDC$M6xbJvYd_q*@=^G-vo*RCi+Yp<7Q1xI)j{T52pKl06P1oh7-6N;VR0HGin_)l^ z^+1xvA(M-mEW!O-3I^B(=+FpZ*wB%5t=?}9MJqpYpn6f~C{HuD%#fYM*zi-^Pv;Ge zlq~D>x8GlERz5Vdjxa7n){Pn>1p;J3WWAWY7ZWoA4s~i=AYCHz1QFhyL9Mm$XL+(6 zv~saiA15UEASGDvKZgw(_u(er;>JdS21W@Nw>VQq{Vd zJfBR(@3)oh)~zMIPGRwZPY|vX7+MaR;r=oVvznnnRz1ovIJdPRH7zNNd;91NAe_wy zoOw{6aGdD+PkUEW$zT0#pK(79KmPCMK^vv#-%aKGR%D1z%W#if((l}@N553?P4USn z3oJLV=?>Pe;ZubS^x8VEplvGG!Ulj?2r4WL()@nAl2Rk;Hh_EZ3~WcbLw3HeIuTv8 zylo)iz(Ho5mqQO|*o)C=F%Ypk8MH+;KO7;^q6D=M+9)rGWr2cNqD)=rO!~tvNc;F1 zh?rs28Y)YoV<92gp)F?EU-lb*9P`XNA)8?qjlzzhQ zwxQd*T!S~>M$t}3snlscbl&+whMmGWT2RtMh^zn!Q#&*SM-vWqb^b}Vd2*MvMsPu= z_5*PC)(1DEqULFfb2jd5UFfa}2dpMaqqu8V)0^^?(^q+>VirPk1cd3$xr;M^wG1^sfA_GEc#6v~=$u-gt1?>qRXq}CT>Y!KED|M$tqeE{*54Do}FwkX#KgE<)#AWf5vOaQ%hyW zy?j(gP9ac1M14$9P#oj%>>VMahSxT1&HY&^y)pQwO1yU5&wTdrOb#Jiz78J0@H*8) zeB;K_6Cklv0iic6u8B{cc_?-!C~IJ7O<2}<5om}Bvw?XL(0Mn3#d^m2K}9mNkO=Is z&~-$O$V8xOCx$VQg%S0x*YYnyXg|3vb<3Qa&rhwiJ5Y7)iLI3^@8=!46^~P1sD(BR zD3?Evth@em#*bQF#Fy3NQrPTAX)PU-TOXs6%bQ0FWq02xp`cH9oyFE^z;ZxHv)9FG)8Z^6aD;Lkp-gRz#9r=0$bQV&ai6X@gVUb@zMr(>lp zq~yxR_6*JX9PLHpFX4R02Se8El<7*`p(a9SvuZEW?(J}So5g#PB{g2twkKPgFX^}h z(AO=NUoxnP-Q!~XyRPX@|3mtFZ!1WJjec36AtJK5V1h-i=IHwk>jU)ulYq`PwKp9T z_-|rF$L^VfR60yQ8h+eEFCo+DWjE13gW4gyJ+JZKM7221*!>#_SMem9ZfeIRX) zJx}PC=O@*P`mLj5s`q@sX&Qb%G3wp50Vg&tt-llh$dW5VWpibDahm}$8 zqJgQ)noc!~!v#mS3NHOPbos}Wmf89!1&%ct?qc|c8pn>^9PAqaFF||26|3zgul%?0 zJe#v;N#^7!$ab3ijUg9++QGY}aPRkf2aSP%5s7M3ejK=G2=2nY1pPcqfaZ?cl#^Qp z6=15R+<=_mP1~G-GV8rmZ{7X$5|10NKP%DeV4w|f$`xJ~X+U&AUaZe zR&^5<R$Y>->|7fTU(fY%BA@HvlaTfN~H@uiw-<++92aFm#OmE6cF9e!8EMVc@G*Xx8c8 zo?Eoz6Rindpu5O{dyX00?66ym6_LH@ z*Bv`x*SUXbydvFz?%il~kn!=U`Z?2;p0|_hIHHSmq?);RhY9u^FxCsBkCe(fl`Hw1 zO{_#dPnhA{4A*#EI^#af(oQ?-_MJZFufF%emBD7Y@0ii59Bcv*JoS2S0rWCLxlclS zD?65dQ5XucM<>u>nBP%C!*)A5dgMm07R})5!tRa-9YvX^7XemP{qX7)shB!!da29c z|LcuNSBhOBBr4hjsVj)v`(fVpOUL{Msxu*^JvI}>N8Fa!bmaoEOpjDroI7{!XuzpQ ztt~XA@0b<3j5ii@6Nxs_>>m5}8_(zW6AO6U0P3Q*nmJm57!ervwqL;an{5#Xp1N|ibyFIPf7NGD)hb%=&!ZXy zM}KnfInVCQldg5j{$8St_9;Cnwi20x1?^)lvf_<_`|#L^dJa+(E5O}^FT}YL8Y^LE z1=$k$EiT~HCl_>*v<(jXD75>v2|0~RVGMod5j0x%167r49=FCxt%XxwRO!w2mN8FM zp8c+UpRYP_coH%o@ySCFPTWXdxYeDpzQUdEE?ReaN+oI{P#!k49_6ocj~+WV*G*05 zF}@->kY=nr>N|t(et$7g~*Wm_+Pz`D|8GH3*oh{WU(!5%{ z0b^8F9^P;I_Nji;c`O~4)s(=1lkeV7m1uj@eu`0x;*CUcmx4=yOlslF6uJx@Mny)0 zGYUh9$;J-p6Y6rFl^|DjUp|2<`sJ%v(;;Va4DUGLJ=41!UQWm3Ck|c#Y+T;J@HXzf zx*#VR^h`RSlTLDx>bRM=kOjMJT+J8Dci6mRA3NvB+0|1SM|OU0(7wArT}Jjr&kZ$w5k zcbU3rbh6#v!;&t4S8>gxiC1Qad_r)@=zMX3lQKh$?Tx$bjbHZ)PB7;vE*|5@<1c?sLi%v_x#! zi{?jEA@b1D)`tF7z>&#e<=JAUU@vJfFreH27fPMYPx)T?iYT58H?FD1U|`(^V+ffF zp1!RxQd6TRIz~zjYR8)(xUHv$Uo1dQL1s{iAzF}hiy=aRrD#%VYC;&6Csk_<`1%jV`IxJ)X( z|FR9@0SZE<;V_E(bwYq$cR{x{_)h}+KL>2T@_$Z%y}K>gdqcV@wCmdnKLrQ-+<7{j z<=8*DnoYBZYuGQ))uj83scF2rwKb(3`0;h0H;q@Y8Xm+*J;nH@Zb4@*=H3^*{Z$cyBJhg<26K{)uCtL#p&1jKkyn9#`FUL~3lgB{&I zyM%>xx@HG0tew`7KqE9WM->8WK2}eoZZ^ZuN{?HNaR5UC4v6d^Edv$4k;zhwYrEA1UN`)jeXQ z*aP3jF55oJv07jDAj2}_jq)<=oGOzDn!w`LLs>r>#TW)}6EDQ{_0d1kdwnA{HTCb` zWZRK*jpBlWFP2vz_D>s4UUUXWrrLIx+TMxc>EN&%v%X(eeLj}Dvdkn-dc&LXFz!V8 zrt{eOELN|K2V2y*vZbE-L)1QmaTd~q-@bi&$fmlN+Sxes@w=mXX=r1~Tr~!wHlkcZ z$(220gVhDq>-3y3TRP0SVvQ2&Ypt7Q@3yFS9##6dleKBAihe_1LzUFV8?Ayyl&irx zC9QoyJgkFx2D|NBheLO^{x(ybH7<$RA^dXN#8aMAUzTNO6{P7Wh!pz89a29LuoiHwIl9f^EdbYpwe8u`e|+N-@^m&E5_RK&rwc5UUK-7t;( z16>m8#E<9Rmj(Sg?(z-8O!IzV8<3R+%=J$f>%MA?-Qb5#_ z?-Mg+C0TCDacET6+4=FBL^8{W$rV_hIn%Z|r5Q%heO5djAkL9`z^bQ1!D{KnsL8TU zP}?5PuaifUDN3qe_6=B&5fcpQc4spaAuqoMnqT4%H|BBt#ECqEB5TLx;bE%*ZvM>J z1|er}tvErlD;l4o6YXCRHm~@g+4~hwgQ|#ojtntv5s@j5CU_DE^iO>5eMx4*+ zH@J)$?2nU5)7IOHld2& zNUaEUCZ;;L?|oIov@e-U>|ccvn6=AeXEY4Tn8;`;8JNfOi8@hSSlIT4HHAx|*uwLb zu&4@9>}`)rhndcz;zj%R&!eb%b>ad`MFR-a&4AQ#T>Z*^x$jc3wwBh^P$(Zjn#W4m zRnC>a4J)SV*0RLz8(k*iVkqSzFv7Z(STKlVqPBHgx~0%1AJNL$<3vVCE^-vV;;zH0 zj-SfAygg{D@J$CZA37ffoJFB@X6ce%Cx0gC`-{z%v*-`hA+(~++MmEih*S)E-rsjR z2-maP$EML+`b)GirG-h3)&dkK;{x+a(!fA+r^a&-FZBgvl;3|xIyvblYh3)+ygByw z;l-z4<66;8LB2)L3fVu3+^YCe5yHuJTMx3Am6ee>8X~){ zz$`QGZx%YsV}~Xr$zZVz&NxC^w)Qv>9YfhDH;{A+X_#>%2+S4yL!PN|O@KkRW1p`| z*(dH#bew1!|4*2WA)u@3JvLQ+aCtEG{oQ4*bhtOGc+bXz&k1@$XgV@#0U2sIK|RO} z$f@^eRmd4m#M6_@(Yti#l>8-rN)EDa+B9asrBCUgAMW(^!~rqhnZ+Eyc9$1zc!bv< zv~xsyj^Thh$WDl~@Ajbq`nWOZVPT5V?@O`7SQIhE@8HCEI4BiaGJc2>>q?82xq0IA zf>LS*RxxbY?F*ei*dw4w_Y6=%cStC%-*Ki&=4|36RGWPiI^6bh@`ub<=kKY%Y}hw< zdMU8ir(zn;c=^;67&C zo{*8no&tmAh1jR2c~||C=)-nwOf;hI@Eg3x=kxa#^`J=edfxQZu6wrf?Y<|u1$08+ zO8@CNrI#<-y9uSR(b~Ijw1s)yO zpY*_^CxDEV4fqoOMrL_4}Ph~&P!&yAD(uL-;sQp zwSFW3Rt3CO3&U$8aMpt@AkUR7+(#DGybyR2KN8UN+xJ%}Vx9nJl2q=xq^c%JeB`ZP zpVenpScs`?qk-6WZ&AWV)_j}Kb3WMCl!9_|x zteSsUEM)2CHR^91?+18q$-c0>PhR6F2OKFl$uvEgh$VANxL%2h9<6sWniE1Y!dQ6_ z?p>j2>C=O(t6dxVArJy2;HjKW0Cp(vfs4>VN8O&ROhabBfFqMXA(P^>v$G6^7OcZv zKTS@a3?b@B00N45m*TjZ2#rqU=z#Vy06P2)lg#LKsA||G4{$j_8z@c`m1{*xDd22g zKtWds`7(+x{E8Dj$ba)c0Ue*AwRECv6c9PreHJx1gj>jy^Cm+&1b_gl5Q*b|8}JAs zp+@(M3Z1CE3%IWZw@Q04%*2ut6~oqhf0mAHKxD`W#IKE5eucnI$SXgF}w4`0LD2lCA; zxv|BGk|d^CJwfa77b3gD5A8jZf(4H!aD)0m&SgsFebwDG@ySOdmjno;j51bVPj9e! zo`9_AA@m$JS?3f^&&V1H20B@|hbNUsxG1(1?=byI9k6;XZmQK@nI}I;Z8-nEyH0wg z39F0;oy5vq+R32|d4V;*%&fZN<~CLzSo1Sd$4beRn&%ZUx5-wP>=8glTTOM* zcL&z%=@zN_?LF}3x6Cw5@j(+#hT}j85~)A2fU!c6i>q%}-H;eeO$auwJM$Ol$oKJ#ep45)nIHZV2EtxtbW5w7XkS1S8Coub?M`HUGG7Mo(QSBSUENUSJ4|NC5 zLL;&n7C*#41tWR@OFwifN>;6*5Xh5|dPlO3Oj-cnB?c3Co1P~Hiyd%okncp6CKODB z&maTl`AcWJrt?-yz|DD;+hTZbCw6);1f1v(s39d#O;YeBmV8*cDcCgn91Xh;ZMItS z!SE#vqVDg~@CR3FHCPi!jssRUwswrjlC6a2_(0YzbH40b325gL*nKpBWxk3HNX)T` z2m&BlAp{dZEm8sa;JS}8a{Yu#0~=)+<7`BoBkI4XO|@ZLQvbB_^7lcQ{e<^19MAA z7ii#T$IC%+Cetna^#6ZkeRn+7fBXNjQz0s4MfR3GGs>2kl}J(c2_c(<3K=0}laW!9 zjF4F(vWblB%&f>B-|N+V-@ku;|J;x6J|8~kyvOyruIKd}+_hlwb(T;*(9ngTX=U== zy`iDET$1@>!O=nZt^rQP3S0zc-%g6>ELA()s(Mk0WP^`{e>GFSz&t`WTu`Py!4?Mr zg@8dT$FUP|s3&r0COv{K&ugTnX?_CN1noSskc8u*Veb%_2$z$1$WQkE@jLweq$2}f zCmT@MTWfSp+qu)k`iqdfo%!1f(|%wl-hLT15M$NO)P5NMqGO} z4fz#aC~gVfk;awUQA!1)t{T~kAO~C^LqKy{ljm#-ofz8Qftx4~Gv>-`tb=@_tGQZr z{MHuqab554X+W2%PY+NV_qB9c2B4&fE!Q3S6-}ELjQnxI!SA4jH4O$8IrMgdEc@1% zvyL#G*MlOGLAT=w9*rqbN1?G43Gg}X_=T;3LTA~QDlPuBCn!>!Y^Dar3p5}jg*X@p zz<|avnS}OAa))aah}b|VU-9yGFQ<^@o%hs^&?$rBDibcP1X!MY*+TYUYw%wQQw~%7 z{)Ow_wVV+BFQ*t8SC({*z!e-;Lr;P0Hw7rO5?m}O6gAe`YHA8_hIYflEHL~RQSX7u zTZ{rP_GdFDVEKT~kQIjYKY#R@+Cs9D>*oP*t_i>V!dS?cxayfcxV1v*Y(TgqxHkYC z<4K;sD0W-)LyeTy$wesYROH&ShK*2jGI zEKibh+9re6b9vE6b3VUz#YH&fg9!WX=dL%l5kyqQZ~cOEZ57&5OQ<-vlrq}=kZTw^ z?Lm;=ua>GZ8})Lmbl$q#{Q&f)m+b~YB!_6X$mpe}6NbvE75^h?tB#aV=;|_IvZE9W zNIy_JkpW%F1VGWq6wV1r>43L}s5C&4VCfL)h1NHG;FdQT&=SH;X7~M&+bF2VBB60P zhfZkpFaR_w>$~d#9L~7dShOej0zmW^J9Z<0H`u_$`57FGNFa%v@PK)=sQVC@tw;?E zMjz|@@jw_vBV;`oii{`gb!*p;IS#{)2n-#ki4>$@xB~AO00ht$@-+LkdMJTD>iA4U z-ZkLuhKdntymUCvhzg)L2c9y^(P~doavX+(iWm-zr>IUMqlJ-*;&UOffhT}@m#HFb z03HQUrHRFVx}HWx?!YQQ7gl$S2eh{7hZ`Kw>9Wksg2t;Jc8E3VZ$SNQuha|-LKX*Y z^)Q3yo4^m5g8oej78_v4cTSMKX>V}9{*mP(kz&P0Y3(vF_41n6(!;c;2rUPINC9Z$ z0GGAP~h^Kqn7+ zdZ#mm6uG6DSOkiHe8`8)X3)P5BNIA7K=%%FF0$2n162l@lYzqfqSP)uF3Y7GQx3~& zageJ$hE2lcGyi={#f(rZFXZC`mBC{?fJEoxLo6yu02mmQRAKAyy7jZjT|*n(v4drI zM5sa3DS#@_eixq2FJO6G43!-5f1pF+yi1b1vCR_SVs0@P{;vVLjOg? zWP&sC9W?BDH48vuC}0$jlf)_Rtp zqy&mN3BZ9!#Se-+IyCvfm#De@DUv}tld!G5mg%qHPdZIGXhBYX7VFUck_#8hUd8poJF~_SfPa*UeDcNDc)IdNXgRED*76yooHA(2amaiDJcnsJq!xKmC-Tiy0O+Z}Id}(NCT&TgJnGU7%9;jHw$NoW_uFAZ zI0{-)gU;8} z(&|yS{SdNyL*94rSu3r*slg%?a4N*y1BD7L#sW$xZso9f>LcKdA@<;WD&KgnG$A=` zPct*7>;1F?)1&gP>}vv=v3f#%o-?v;^x*_wl*G7nzSKF^dml>H;<%XZmvVV9>ToeE{#mL#*^4c$7*VC)6CnaLgG}jfpzL23R zBCt_)M(1V9nBFh4RL2;W_J))EZ5^|`zUHS@Ge>%eCB%GH(w_xcLxKJbZ6XNW?dFt9>&&oYUW zu)sVFW+)!>IWMB3qHu5o;yc#vymI#!)~>{DAYgIqaPtEO2VQ=7a8R5I;`dpJ;*81O zQQLbSNjGLx8DQH_xv!;l5Rl>ylT>0VUg%KB}# zgOlg#`ri+*YVt-{sVB+F_S`(d!@6;VG`&wC}LxlC*#I- z^UGbP{|TN(BNb_~KpuowL{JB(+ho{BSKx$OLVkq>UB9GCV@!Xl8$+@n@gK3qMExaC=#e#}}}=rX9g;S$RF{YqPT*Tw{;s*p&io>HNz|ZFlp% zoZ{LOoiife6T8|~9n*W1WPL;9Ml>cWIeGCwnvajKU?E7(9%>G-Kk-sH55y-UXpM{h zzR*bdF_WhzpP~P^kxRv)Pj=&mCv|lxzsN-sxej^~RW@C>b;mSO{-4*6-%YU2>EkTL zS4cXsf8Y@n+ffIFC!~yni1pgLW`ipQ5tm7F%6xx{lJln$l79U_qokMK<;y26J-j#z zO@or}GZHW?D(C`&-^yOn?JUB>?fge2OKU@abC__-0&Hd~-0N}6UkJ9o=Qoab^5PZx z^*@Us)*!%ED7+z}YO}`9y10!Fm)HGpU?Tg`Bh=<;?tIDYTX}8<7X_^i9!>sHnXrBj zL2s$7!`V!#%TfBpY^j&`fA@FL4F$(AFxi%V)+bh595aw)n}55;eWtzE zrCoT5hV5fO@0x8nImHjBr-HOmaoi`%+}M`{_fNiRAfn}b89+^kEi4~USMcVdi(dXf z^^?Bl!U|pc^5nztrE3{-S@!Xpq?b>W9wZPO<#4-)4s{5a^|pNFbX#iqp05gt=EIVv z1_r-uh0aS)!${okUSL#|HcJ8eqP18eb}hs7L-7C?)NTG_7yk|V596svX{z~09Cc*- zL@CWXsxeU#&Pta%DXi+wOwQpNgWl`~d8FjDWT&vg<8g!=hwP`512bgm8yYmyXjCf0 z=f`A9Odi~pToJBeEcBU(Q5(>4%Tr2;H#I5~3+Aij} zfSxhi#MYtxOP$=hziqsq_6O_zI&1Di`~52-HiGRcj2Rm%V~n6CZGfRzhUqNMh?MI1 zV}wC@(Q+b42#(x0H+V{8KKn!(Hviy0E3)iGr+IpbgtqSiUfvm}sRqE-63TCx2DsM> ztnO)GvIu9?+A}>=F8ATZW;CSKY)f z(#u|H<5^&JcFzB!r6C{ne!Gm2j_XvTs9d%>;jR4F^O0+qRQ-ler!kyZ9yk56R+=uzJ56Bo9}TEep>6|X6a>vZ9Zf=!-o(t_63Q-VRQ%)GXQ>wpx?en z(d0w$oy7BSqFQ~zbm~8p9=uw*6Uaq2klLl>-n;J`Nh37<^yGANw?DGCbLZCOMpC*z za*)R(^RpS;9Jw>yCs&>MNruAhA*;NJ9eqkpeg3pOT`Mp7Z&kXJM+_uZw&uxO*=*KS z%{7DxgF+eDQW2{0Y{?jz`qN<^6^3P&JY@i{tq59o(4Pbk37|K5fF)Tm5|ALN-7*?M z5J*sFZv^y5jKoDNaWIZslkYB2*r(SoKiquIw$v*1jO|1xvAp{J7`@Zqb>4FKsER?$ ze7}rN>%h2Dlb|rd_2ZOYmuWE*0~z+Q*O{ET*;`b{EpCHM3UAniQPpz1KrGrOXwF-G z!)4%h#%LKK!kcx7Ijy^D6N%GUu5L;*)mlQjXuEVO|pK@w^(~XnSCP zHf_elRkmj<=V3%_${mP%r`ez_BPYogCDHBC?EZb$mN%zzg`}&DG+HChBWCLBX`PCL zrsu?^HBr}J_v|#Lr(aKT{-~eH9J2|+O~sXqh4aSyRC1PImYkCrEILl4iDc@Escl#w zPP&Gc+Uvpb@|vf6JjHW7whE_`3vH8g-xj+Ns@Xw6#Rubn$@NkC<4 zfD!p@`1;j2t{*l|$iW6YG-i6Z9)fa82CA5HjU_a~zn z9^bjBWs={~;eG|}tV>w>xqb&4E(!Gjhhf=#qDx$P+}-mw0d&KjoJ*-aX*{-#ssZ@q zee3IA%gt>RREOl)NrMdg)d$L#+ItfDyW=15iF;{v6H@cx)SEy5rVtxWFw|0|wKdH! zZC%)!vfiegjPFk|{KC=Azk1kR;Gg5&hqWkyOg(S1g%XP0OqatezZz$s#ws(xz zm++l7!@q$wu`i#k~E)w;LU~j)V zbC%>oP7YH%wc>ODaRl?V_up+bR8>#q%a&!I(t6(Frc-hFq_8Ti(^CDXvQp2^t#K0p zv7yifJL~N-y3z%*n@r{<+75d)eB&>>zuCs|z_5v|BauHGVx}VxSwK5>Nf!*MC#%(CW_$fUXF0Rl4jPq8ek^7G4Nl`4$NK zFWZhZE9k%;Qq5&J&n2G}C-<^;hIc*2>+-&+i zfK>y#AQo=fHpX3_zR*|qHu@SwJHMq$E|2ue2RL_e{!mYKZCz{UI-M6Hx}@Twoh8m} z%j{GyEh{^^NRs5)tW=pl8W=J9q~qe}8r}c~+B}ElPA=triAPiw%y>Jr2Jx|6t+w2p zI)LHM9ZU=s=)q)ZypzwFF)q${)g)B0%qH90sW~ky>re4}yiUC`(o_N&CXRNR-QW&u zlN)S!nR>s@<+e@XSO(@Y8l$#hT3C#PrQ&gV~=udii;?XaP&bH zUA~;es`kJoe`P6m&y2XC`=y;Qn&4 z^M|7An7FqX$!cZZhhjGm|3vpo*7?Pi+m*M|QX@GAiZULi7JtirdI2jJ-IPf3c|K)2 z^KVZQsLZJXOtm@{X9Yjp+!^_`9%uI?VRk%}#>&CwC~0;^>|!ooR{8nwY0>+q3Q8K> zr1E@~@-NJ9ckeiGR?X4e&61dkz3;m3(BMRx-Bp@DCpEJe*`dPc!AwM8?^SE#ck4|o zL%DE>QNHcNoW+xFMDvxYRx_l3zu~{R*fSI7u#%Dfzhm-X{G$SqYL}MD-FNIw!F*D4 z+%NxJH^F|x#HKYoqiiShvI}u;jwE%DqUNr>_ z-Csg?zin?Da&fnZlE)MYPWSk9VKm6TzEU9IexfNSfHxublw+tUmcopnR%HBICg@&X z(9YI|(IsA=?(*w;f2)jlz?fX+X8+sr&G~JeNC(@c;fkIdZUU_7!CiIrj7J(D9}z^v zOf?1Z`j~EyzU*$a!2}VWQrl(ZXEI7oFPDwRT`v&4n^oJr$)Lt4pER37-WHGTm<@kL z!5q4}i?=A6JIemVL6{!v($!g6xFjq}bY_1upxg@k$-DfGCEx0=bF41ToqK}Iq92=- zUs!gKCzqcQ*eWl)XIm5%$YpZ7*I?r1pud<2=S}(1@=ehK=6RVu&P9=A`H~0+T<*-Y z+S!VYU74uc4%8-m3R^_9m*QhY=KPWp63$b4M5Q&i32=otLe?N*e#cO32T6XbN~Zo) zry5p}pn4dmJCO8YhwSZB5!$|}nLNc7E?pP(spg<#LrKy7Qsy5;UaAfIv$ZR{W#AnA zkko1Mnt06;bnZRx*k_|(J+mD4E?XDxza6~j5V!w0Lut$Z%|^=qJHbT#N${f5jim>D z62%r$j2rOVPnE_ARc@PO^=ZYVPS_o@H=*cLn7Z-3>177nd<;gsXnUN-n>{Pqx_waS z>S-#fOzz7PjF&qbr?g(M#%rbW-|BFD-|z8I3uNMi6}h_l-Mp8dpQSCHaYmo508OVBECbOOQNZA?tnJc zFZoPg8PVK++I-U7JJ5{vP0u*FlG)imXIETx&hFIgyu)=vVOTup z8W*XK+Y$loSG%n9Q>4s#Y?&hbA|BUDX4#Gl%EjGo;-6Z47Fndfrk1Wmpl=JTUt_jC z?f1?OXWV9_fG%)r^)vPKD__k{!?Z@oBHq5G(G0!=7uAK^egx^=i+Ol|FmM1PBW-NL zma`0+5+FixS! z5x)(2dbwv6ODx^L4)uqhYs-cL#TXBB!DAc`#aCeJ{{ahRt3Qw2$CxmGz|fvQYGtfU z=fLUDo~WHAWnV82YcwP1b~oEWEmS!~N-dW7Nnm|n<*ah?t70Yt?^WJ=TB)~B|H-Cf zB=hT<-Ps#EiUi6NhJ&y+B9Do%>ECp@DVY(`)5K0?d(%6~rkXX0Tk@}77s_oy+fNJzIGX=5u0S0Vve+w^ zB2AA$YHlFfu>iMQ__w&@DDN^6_<%G6v7+Xv4i@4GGM?{O2&#cq3q*k;ZmSy*h69{m zlzRp3gK?SNKTI8Dah$=|hBdZVkdzf<~;X0Tc!@M+DT!Jl-ii?4hET|d!2aN`K>tOn{8Wp?2q&d z9EUNIXH~9T!AFM6@W6Q|j+fqpJrQ)r;J|(bNE151A3{lAz+(OaYGVCmmlnxTU_C-? zj1#zDFo}zcFCaGrG^GKlzYCZO`<+Mo6ex5a3E$9eg{xkIjnx0b@$o95TALX=H;Oar zHTMWuO?^U#hO%&>v9>LE+`W0XG=TMh)-NbP0fUtK)$<8hvftv0u&K7=>Gq6$a}OmXUK`BqT&CNhv67zBe*CUrvCW-Gp;Z3eH;?}J z&n@uu&GZHRcJ(s-ikBGZFFhA(GNb7eTf_RXS31xZ3Y58xKe&=D7$x*s^tR!*z*z;n zTVxudL2Wdw^Uu5e?FajNZnW&h8ab``#h2il0)3dtX{!hU2GbtKg)byKv1dH}4hrWfU72{aNpPCCnai zxhRE3#O4%oKmnH^*!B@ncHU3ZF4*n!VUcq5d=RTl$xC+{IbrL^KR)84BMT zV@AVBE`?jFl+>2BnWp`G)$Lz7b9SW}>{pP?5BZ=biD4Ifm!T9PvgPLT&oFp!GNFDV z7i=`?fk7k0X8j{60GneCXd#xsfYdEz@0kJi>SNfFQv$hebJ+kGZm4VmV1-5?Oa>eT zz;+MY0<^>J6WS@m-tb>YabN;{eRj%{UVr-Q*1(`n{@b0z@9ao$SiYSJp?;hXsY6!q z>4B?=5p7>o^8|Q7&%oD59ymo1(Zd9ksq4R0ZWW4vQ54#FU{Fp3$k!EpBBd%pk_1v; z>qcQQumOVt-w4tsMQek-L|fQBpr`C6C%CB>w$O*AVGgywZM&j74SlI_9BdU zQ7$9Ay|9@z=@b3{5gZ^&3Mp8Pkv~or6<1GL_%xztWKcw2zDcYorfn*36`40P>(djXQ+PdD zY-_VqmTr2Zw_J8&a>AtPLpi_0;!k2~bxdyQj9EaI@ow9zW~HDCF{c|awH8SH;qa)o|b^o=aXHZJEJ=ny=~sTr}-s2bI7-4#Ehv*B2v(zrM9>O|Jye9xGl z$UW8?Ub^;lVlNoOuX~yJY1!`8YCa3=ZC!gxZ}eCNt^uNv{fm{)!kAr9jO#zP#A4#C zm_KKu_k=IG=b6}J!yIdA5|QCP10vR?M87Q?%}$jb%PA9AF}wPt?K*%ZK7lI+q8Cg7 zTWY6;NY)}paEgzOjR?31VIOXRRN)*>7WJX{KH~N6Sw3}47^+hLVSHCjr$fnPt02ZG zL!t0|;ri5j!=l*go)OA^d8vX1z-G=dDkbbw#W474)jg5x z8{!Y<$U&_a34GkX^qsxF_RbfEW@C*+@u3KjHKvS-5of z72p7{?EVCN`SG7CD2*PN8RyshL{2<}N|L7a8Q3nt@Q8wrjRBU~Rh*ZUsPJbjQP3TV zeWNtsv)Ts}n}11W=m%Inf*U04D%cCS!wGa}yug~F{6)Y=-@S*3CRiWZ8VA@+-X8r= zZ5#8|gQr&5q}hqgZyR1#MdL0b>;-Rh*PL}oF|g7WpNVxz>piAEGPl7Xf<3$Ly?!BO z`5VP~Zr#|fwwnc-jS4qxv8om;CXb^SnVN|L?eG|1@GJ6So{g1^#kF7wlFM*!h?Ug` zTl9JhxUmWx$(P>6{=}9LWIw$u7huPwpg>Df>sQ*jDy%Q7PXyxsWe&mAiv_1So_sLAtLqKsd<4CkjCqv(^8@;ZL8trvs3@wkkb+th1ml~$r zLE^%@mkPwR`%(0oUSdurI$jUgWyfdnieyTc>P#NT@tx-%Y-C(tDtj?Vg{Pw@O%>f4UP7zx8oZz`dBO0=7?n2nFP%s|7Cd z=c-nzAj(bEJiEX)@?U`Dtz$qqdIp)%(vLsiL8>6gySfA?2gSJJ!%i~s5tNeTTum0W zJ3MyS4=M3LI0BlR1W?}|f$7fcj7eZBA$R$4Kz*BTI@UY}sQdSJ;J*)+dhe zrYDo}>Eg0NJlTO9;dWa&TD%rOop*dExtrl06+ z-*Uh3d)$A!v$Fkby0oEmlNFCz954UPmQBgsx30I=Jg0}USW~5LvOTp=)s-Jn>dfn| zR&u&k;xfoiE`WFPt+ONz^Nd(s8-;|$`Y(q7r@oZguF<~yZ;iI;DC{AU+gMi5+N}AF`Bw(LIp+xHckUCWu^f7v!nqGKItr=x zqf$tB$whh-2~vApXoAv$()oi2l|ECQkPyBM4%ybhEpl&1ik#u4usV6GMfR&G2aj8ELT0ZogO1bs0@S3Sv3 zM$J{AxLgd(O(RI(5T4oF@bam9K%-21@JM;*)0Qb#K*(1!y@l9n`=#5&V7uSnlcgnE zLcg<1+NghoE43L8U*BiPSKYhehDS&jb>9AcAoX;-P)!*wgz@5KIa~y&{tLcp zTY+J28W`E1LD`kuzVX9M3h{rdwyuVvf!mB_qHx1)X`wdiY00y zU@}eCJbtOSQx7wka@5xmW3y$miX(O|bum89sY)s!cC+o5tDS2+rrKI$<@0OF(ns_K z0&EdP6z?>4FPY$zmbH`?_cV=_lO)TM2Y*J0Jz`J6JQ-44x}@1t9W{eX$JOpk;Ww7K zgjmTv_!zfG8M9Q>PS(!hL}Yf5Lf|9!ZmGdXAlAV_Ez0aY<#tjm{)@Ly)dnt`22k|+ zsh>TmH>PjByuDPnz-~wQ5615D^ZAbkoTB#9K1Qrqj8w*n=7`_=hR}kUMb!{~e7(iO z_;nTIA;mU)ZFTi4(1cf1l>OO-a)Jbxu^)#68T?Wx>KdMff<%w!lH%muXz9O!ZMZC0QKBF=o*#GL zIztM$l8i8>En)4bcx!ac&|qM5yW&^Mx13vE&tLTr&Z|0R2AWZd#-F$JDOQRIZ91oE z5vtym*PXleWy|6Wui(PoRzdPHM z6|>7FTes}n%lgl|M6NyDa71x``1NN*rktNxU+Z0<#b$j{P`E|;36I2@=^H6!1g7U0 z`Qfekiny7O^5{uAMlD{|PKU%H^%&emnnP+%#w&!XDZcPAI0AYU#?SJ}<96{>hq3ljm6Wqhq@+>M=HZ{Is1{8(bNSDaDI} zy?S=I2_$wd{*6`)R3j{OJlRu*;~+97y=d~6af}CO(pjL9403qB>D+S|zCu!XmzigI zW@g3;Q*}|uFaBDrqQ085_Hc>Xo*Z_?^rwd-Ww%Lq{IT&Ui8s+hAgXzW$hd$qNlb>YU@&k_egP)ni|7NlHo<1aS_(uO zhQ~1#Pv4#jUu$n@LBKr&^eCqzWp{1RatXQ+ML2RnO!5e^DIpi|6BK35)9Pfr_CRPy zS_q`RgEbS1eg;3o2o%NvDNJ>sT&U*8#q326-~UJk2l*Fh9-W}WCBPusGKeq#Q8yt& z85S|XxHlh15=HnZeCjo;pZ@@5^U{N9Rg_JLJS?HJ{}-MG2mwvn8LIk1&)lwBfAC~? z0<9(s2L}m6TsA;M9w`c5+Z&L6T!Z{wFk@C(khhdY6LwKtr4aI)ARztx&(8?Xf^McQ zS)2lZFSN6E`f(@tC45Gd>Rp{QIusB=Aoy1OQ-s{%t;%P_M9U{YMD)RNEZmzI2dXLM zEuXoU!I?mh?cR&V9G5y*q3Z-{O(d*FBx@A20qP?n_;V)Ae-a=+b%x)Mq?YJvgQpFp zn&$!ZC|66}04iEX>DZM^6ahHQ5 zO4P}mg(~~t@r-2#8@>(gZjX2I=*^JalQoW5xhs|l$#vCUTCL>|1VfUquDdTyD){;N zHGKq;+-p5gwY{6n5jfMvl6%zO)#of=oN#FoXC5g%QJON0N9O(qqDXcLaxND2OPP&V zpyVTquW&kXa7H~+k_)k&0E z1}`hhfkR&pf?jX{oG1@)!GnQfxbX;xGth&(3mBjsveSXC-{{x=8y7PG^?K$-(0fns z)~5@u6MVEHHaKXQ(B(#qG43kI`uHV4?~td_(CA+TylP{JPE zU)jCi!uyNnN1tG(`t`F;6jU=0k1E8#T#??nk&YEr(4TQr4AFL!>^rK*PoSS0$2bgtjN}e&)&o79 zxi`F3lz2U$`v)PN6@B%bdkwJWX@umc=y{Q z2?XUL3BXEMVEF8iJMtNU=sOzB4!mxR2M1`7g$MGQ*%FX85m<@&7b2}Z4@&kgkci*} za_3F)X@hAS1G<1?W-_WXG3Lx1VJ zTGHpiy%bHy1>qC$glEB{i=uFm28bN1nvE=_V)mcIY%ndC9J;$AivhQWKhS*|REGhjiIq%VF zd-9LQQ|lHJ_r9CN1#PC46$trZvHscj##}7gRMLzUqwnFjk)=seY8I(&3CFT_yZW$w zdbDCGQO{)-W|+DrQTUg%&~D1vq+m5_)5+&&hJnXWQf35;UsNw^q>Y^MbiNYPZV2%Q z?c%R=VXlAG9_|+CyjeJAKH>ll+$h%_Dmp~PWU@83kQ|~mWlBk-=RT>~Ja#MX$5b1PS_z9fk# zK;yJU$m|A;U6LuyZ-Q73qKH;bhg*PLKmsf>3w~c^xFhQD;}VE*&%qB;Ku1W1*@o71 z4a^57kueTv_K;~0N{*x1y0(>tGUA~mAYmRH3)XLl=3Qxle0fj#afLln(u0^#5MX%3 z3qt}uQ0%>w{l=A>04wXFU?n01Lvzo&9dB#y#U*cgT=Chx#W-%V* zwSFY4WW-cJV3>1{8i&CR0%Y9_O0(IPK0aGvCsgg( z^v)u&^~?B1tr#uRk#o}B@9Sh@+w!=kFuvKB$F7&P)Vo?wq{S`OJ_}kBF}5*a0H@1^ zhFE;Ep7jcAVAe()GG+#IPC3XG$3ac$FF|FJMDF}Aq?fD{c9!{ zC#O7^X=L)Q!l$yns{;zVwzj@kD+#S8-PRe&74UpnU2f&OhA-lyI&f#6jCS)R!Y?dpOtu&A@^G2Z|>~dU048 z7UH)e8ziK9O!1fuMYfEfSI=_D1!Pz$_z@g|ci_lH8|MPktatBD!JzEox(dctpTVmI z6o+=O&Om(yD#8$Q*2aCXGJ38vX$B+CpaPCRk=JSwrxtu9R1ApW{dILk`^F|H{Rw#W z8uILak9$IEBh<7F01sU>DUhT;XRAFgI29yIaCaOj=iqq(S9Fv5W2 zU=rMc?-3ef!KfIXOqAx0JW!E62(s+}=*VfKTSa9ZM^zz{b{!MnhJV;6(qA-%v5_eaxVJAp z3R+tJIG@7J$9Fa-JdcnuLU-BkXWhqiNg6(qWr;~emQy*|XNG3U>s{AI|0WMRuC<=k zy3|uZ#U-l~dO-{0Om%C>NF&ZR{?Sda7dz9NLP(=2Ht}Rt=1?_8wK^%`o1=Q1eyM+1 z<9UsE8(0h=*(+qNJO+EE+n~Bd406KoQi6K5r1>l< z_P~$}HPa~U5IvD_anVeL79wi^GK*POKR9}WN^Gv&fi3aQ#1M$M17N3E4c!;A5e4Br zdY6^gQuezk_sa@(mbxP^>5eShikX} zOTeGzaxdz7-Iq;KpAF2-xsgg?usaNeFl2OSgH1RWT0NcqY76r=f8}({$@jR;{37^z zX5bbpeqRAeBO5n?RKU<6v5+dBGN3u1 z>u_XagxQ|hxcP2#N223sgt-CPpp+PDPZfE|Lwb@S#o6lUe+*ZVr z_ne)-{ndn#5f0VIopML?P{;q7#K9p6LU)ubN>kU|Qn#?-jL@DHvD)NQOlreLr$1ZF zUa413zwqW+z%&N0@Kpxx11nF)y$g0U^YkJmu1^c!=#dYthO2pbJS5@2|F#2+j#(0u z^X(E3YJ>8mA9X9U1+$W#z*bk-7l9cR+}5XJ;d~~g_24z617%KW&kY{jN$>Bjczgsy z`}_OhnmvG3GN_SM)E2=Dpd5ZaK%j1)3ZRec2fQA2$V^V+_q)&NB|#CG%^(dH+MPv6 z4|;Q9h6smDBH;JSp+F)xhjcg}kmvE?V%^~hc*sL>FOiK6N2)6odbvZoJV8{e3znPC z+UHE26kJyaAv@CVXm4x^>Tsur9Pm{>fyZ|ch?ejAh_juRNXU*zggFS|CMtwY>2M>F zwG%wK=&tx~{`>1zdz?9ZQ)VGsco2b8qSbVOj0OoO6e7hS>F)74wOKtFk>H?w3_d;>44Nas7u(w50^+|Q;WJ`t0l&++Pgi9Ex*OrL zUWVv`do9#w&rU$6ArJTY5Ei-?u;@je!zjlC?LA>>pLgYwnsYmTnknyt#0eAS^F&?9 zItb9BkbP)73DD*jC38|nC1~X$I?E)u`~Dln;R1{&SVlHLGAxyu3xF7uJIJDZe_q=k zB+9ng+I3*3;JQ3Q1DuTpxOPQ`R;ydz@MO6Cm8ba4v~7IK>*YzSyXEhb-Y&0J_Q`4K z@rb|svY;e@%vP4gi)?k;UT{S_qOWxN%Nqw@b7tH_vrtek?}+U1hJAf8niD%GkLS6R z#`-77$Xfk-(tcuvd4z~q&g{bhr$@(*7`9HjUQic$!EdNrM`_}#a_>E-ZD!&h^)#n` zSuN(FxsMOL0iBtX#+Xbg(9QN##LT2RrgNB$#q3V|Vt2@G2}5!O`PdXI9zrUSC72&n zKyI(_v?#zqYj7wl$|L_@luDy$P`+G+cH$VMtoDF^yV&B()9`~GG=nGKuOfvLK?w=t zq3do-mosPU(USai1|gG3LXP~Q!94+S-a(4~83rP7pbkPqHDH)%CI{;v7W}&?i~+KH z3%)*4Tl4{I*)E{tRYT|N0a4W~4_<-}s#9kDBm_rPsXknX9<>=J0-;STdQzdFK7~q* zQs<#LVwveoPrsP62Y)0$0K!=#(*SframekE9^Un-di4VJtp_+FwP#{jsA1#>2y{ zI_nMV`}g?~y$=x13qUbwfJxQ~wXqjj-pHCEL$lV_u3BGjI6=BUE>{*Hj}t}0uTWuy zH$`guf$H@JDg^+5j;!VjLvR*91uhE{xGDg;r2@7}h|W+jAO*(Th!%#tF;LHzmJ7oN zP3Lpydw?P%#w?cx9xbX?apf@FP9f_{7%iQ?8yHOhS2MIJE36yY5g{@U8mi$Jyv5hA z1I!EEd1TUdT}zTkpn4Vm;qu6hUuJM^xtZk=`iAh&W6#I2a2|FiI>IZ666u8Y4>03! zTz*kHXZ8pPpEQWch~OG{n&Y>9)s#A*Z<{$z#p=~~Qa0nsa2t32oLzk(q z^yfDK0%2dD!Ql%d&+@;&{B;5TBmrI*S6PpnO2e(ntXYLQG1K24dV))^qTHWTk$c)C zBzLao&=c@#LC-(a+*3mfjQOcPe_C#gX~Uro4;l#uaX(Ro1QN$R(>i!g6Cl7Hc{zdq z%Kox@-DdzKg}AR23^%K3nDo>RZ{N2FOe;MQ5`5Djpqbi9}}a7q6+?cge2X*bk`C(8{HhjrEh5J+ie3F z=ykZT=8EY;9lVeKwzlvBf_uRuc(B-Z2T}8NvXY;c!$yWy&_dA_jGV2((2V(N3>(A) z{~>hV`aP5T%_P2boG<7X9NEaSWE+z0!vR&MMo=jLv;Y|d)oGkn_oO$6eb>D&O*Zp!9M&8bl zpOJ(FwQ-uyU5_B$Gyu710{xe!saa$_Eh$}H{+;*zU7zZeywK{q^a6>s>WhpFE44p( z3Z;FpF~{U~8TuLr|2Pkx+atU$q`jgY)=O*CIu@jTU*-Ayggwa$&n}JBeOA4u4-`EG zt|IRh@aJvYCX~PUFlH^)iA>qFbd7vrwxyV`2s)F_%9Ltk{i@d%xW0-md~xb8GcuTV zJI%%ncq;y;H*r@{SEYBa8A3RA;w_-tg)WAF}rrI12wYf&ieBzznYE(V4RXk0$k!a=hbK}k==^3vmi>w`e#%JFErXF2-I#fs~h7- zMH{1IAnVPWH?7{L@TR0e&vTL~m4kJ4+r5d#TCr0Ex(&=w7Yh9fydPU;IF|~imkWs9#S71b1B41bu{%Xk%_c2^SWm{_KA@;` z_qshZ;=%EuSgz~L7O&to8B8}q$wAg%Q*g>RB0eTm1H;5I=e=C1tzK|oQ+=`sxa!+0 zewZ;s?#idhFd+a(H1{dJq2|9ndHmy;nUDBI`Iz!C4mHkWw>2M~dKGP?|7amjgX9_) zonEhh{QD$@HF}eqDCFS4U?b;?6g0H z5p}!5#lYMDfz;_x*(E1)q0X{2zL0P8qgqj{+L%9gk2#PLHH{nhyRy4(E8s1Hx9hjLThzM_`H@8b_=a+n*q2CMrNZ( zmy+i5M@Vq{>KZ7@}A__%)TIRU-I4Q@P<+Ld`=q!MNT@Lc*d;9{ycKtSEn_W@jm=_!i) zfq-kR-J$YG*Ns-@7ZxeXcURp4{GJ5)RzK+aaA+&b@G@DO=i|*G#eR{sJB9NmZrNq8 z9$?Iw6-q^K()#yXvu4KDowLQRwO=2bkyCsd?x)4Fc9s0Bp3oz)w4KhJmFTaGYK9#{ zpCz4=skmJ)bU&hSH~a8bJ(RKZXs$%FV5xR*V+S6{{J3M0jp!O?5;AZR+qCc{&7P7Q`6vcW6!*$={2B6;&i3{% zfGkt}w1@cs*4f7~U|~Umz`*Ezr>%9gWs_U{`SAmdIm#0Ax-32CqGRUArFC=sIKx$d zDv?>W>{T9>Y%%xc5zd`l82eyk&8QOKhEewN)<_VTDbmIThxfv^L|17vv>bM|)+ra? z%oL1pRkD^@KD#WoyMA;qc9fWI1}mkzPDKGz^cgel0bR?#-xmQ&`LheAo4H!EUkUxA zetTHV7(2D|;5(R%C(ynd=dE&R3XXNUzuKVwy>1KD%~DqK9sp?9ljnv{MEVI^@P+$Y z;RnN0qhuwlBwXrfa{UWj{*R{Xj;Ffq|F%e0D6(gE8QF)-bL@m7p^%j%%3e`+I98NV zMz)AjS(TAwCy@{`635>3`&`}6@AZ2Ad0uzjH|Ko6*Y)|lr|OpoZC=&9?AOIPfxT!z zxl0I=TmGR*BI-H$>=)ulW1Aj5_E8M zet|BA=5Ps!G>G9-RfY1ZH`gGY&JJK8;MY){)=dD}C*XuCHW9p@c(E^VDXgqup&pWP zXI}vBa^#FrD$(H#kMqFr(~O5)8wL{Jh(q+osMG4bFmb#l1*IH9Z%`CuUuV8%D_riW zXVr16`%o~2);nS%6uAL|nI@4tFi8)Uyd{u?0n`AooGNTk>86>oIaSQ6-uW6eD8dZ$ z6ISOkUeQ*Z(Iy9=0H&HFfw0~p;jJ{k4f`PwZkGd_@^XF!%t3KJg&0lK5lTD5OQE8FeaNOQ?;WT-I;NWl*6bmVAA#O?Vf~4>dqHhd%Eg*Fi|k1z{7 z%2T1NXu4GfhheXD87w}KX_o(bv#7MRxz2Z$cc}(|8rFdi)v)FJGkoOmJ`(48kl{AD z8^o1~+|`hpeN8p(2R2lG zPBA&JvWg%ZMHUzNQ?Q69klW1^Ze2)I&zv3Of3BmnckU+M+)o}?24E===i*`45xD@6 z0`qgN6A{YK`+`Nq#arOGSVj$nO|PUh5jzTC*C`n5LB43!iC=3!k0m?@pdYSpZQz&r z`dVaZZ-t-wwKikO^67HSy!KnvSDN8zOrpx)G~j5iANl}}q$iHuS-qitkavJKdA=pA ze=7*AX73{1K+5Yi4{_+!xG0ExCkFScsb0- zaRRonYz1#W)KFLU0l_0o4<&N^Y#?<2u* zf{7_F{U>AX$J+)qH9aIBHiVX+B(gS$oIdbfv>Wd@IZ=t@H5Qjr`)wDu*Hg#9Z#**S z7~r4b=# zm=C9w=7uMj5evrM#_@JX5A<=y{a%p+l4SyRKz=k~%gN?ILPmL^SQ#6G~6&yU^XD z97bdT37~5VX`xz;pwuu+EI&hjTzLG7!>#iL25+rd(Fk7Z(jy>zJ#0}*E&M9Ey3JF+ zemwzP4H#fVGoU6*AmQwf*sdOL?+njBF6!_T)R5W(PE4`S(qCkFlW%H2@l;xTfeswM z0??`1PBcf=f{-V-(hD|~2|yDNX%de}abPN1APZdcR_JK9cKGf@t$nFM8-^nWI6X6> z%i^9|(aSRCCM5Ub6>!nBwuO5=S0ytEY!~^>7A&rHC@=Qgs*D6lbL2_T1wV2g> zwdOAAV&DGm#{jD2nN1Di;5ikK_g@z@oKlkCQgkk*Np0oVXP9zmj|rvqPny*#mt!e@ z^*wx6`9p;=)AccZ3L|f|Z)qZri7Z)sO7frTkNk^2c-M1fM`z_H{h2Q8^K6e`{Vzu4 zOxQi#y}KmB(&?^KOfjKJ$05BKl>fSGMy_JKz$6Q#Q7moe0MbQj3$Trqa}^oSv87;U$!noivvUtO)evT37)o| z#^ArP)MNWYRUCg|*f48tbVYfg=pcmWM4QSQJ%$w9#fh3;?3{)B=`lahUj)e+ozq{W z4?@Amh(`yMd>m!4qX1>Z9RH8pSO$iKThRu{>C$M^uMM-4c>?0jW8(k6u|?Dr#rKzf z_C6y2gc2vLVZ8G~X?BIis*Ek{lb}>8*qx-fFoa z$VB%X$YyNt3mB-b|G_gy(;kiP(c#tH!k0Q)%Qdz4|^&82o z^FU?eBJf|vUpQW6-G*1x=TBuDujdC~-%$tQ#VY$KYV+DL4i!JI*6z$uKPM$nq4K3m zWqZ6OSJRbJs#7fkG0r6a=1Bz;OG``gtruTOGS=7OJ--S=$GOJ^*P58N^6<*lWAK{C z0wY3+;B8nyPXV?GzYv0?5OxbAEDB*pRx_4g&jK{L;)T83a?~E1vo=ZR`&!+y_qMjS zZrw_|dYY1Rn{7Pl1AgLf!*$G6gJJ&F%A)kwt|zWX`6P|9QaaVR=w?4rR6TTY{*(aq z)~c@Hue~5=bCvoF7@>fw3nrf@Y!yi+1JD;KLx){0H@GgsKIb|A2q`!tHD*hB>b&SBNf%^(_JO}MRbRM zoY!L(?6byK2ryDzWp!BTc6CjCxzVFA(R$1s)e-z8)dx5D6Ef>H8K1D6bNJ!-v2nEG>~;OrQ!(w|ePVjWHVAS6K0GpJ&o!eoM; zZFtdCwRU3@q`A2wEC(I=Q zyG%^x-R?E|`6}l8>n^lvwPUv_YkOiP7u2pX2(T2k(AA;N#x+?TVDV62&E%WK=Ph(0 z?0ax`w4aJSfJ+O2tVCja)I%zjegb;fP!mFISUH)R$IV`cuv-M;K}i&a-*~VtSqIo9 z(rv@ha37xCr+|r~{~L6$nmw5T9tM*F$wVIDq!EUnyRrvjP^9bO3S47AaZ#wO8M)_Y~!R`b5FYG?<9QGXJ@{ouJ#YD#t;|fFVO_T)zExj!u@{_6xpOf$WkJKr- z-3?GR>K&2J89MEIBUY&c4a&otdfRt*t65A`<=a zh@7?)jn`NUu`TASDu|+C=A}T#BO+mP<1vbg%^)_XL(d+Fxr;>X%-%S*pVwYFIzE}y zt${1Xe%g8Fnvm=v;as*e#Zsf{nqKU2rr0B>`;%!Jrp-=xvvFcxA-H?b@3BwcA>wws zrdMYySI(GdMVbHP*?*+TG&4QTn`x+Hc2Oe8c?HWJlEx_Q^XGOJJ)lez@?NX=+8{k` zh8sgTY)RF!NwxR7(2A#?l9oa*P_3QWn)t&^-ju^cP^+l?*1Am7XvU*Hf?gIoW5Oce zS^1w$Gi(cXR9J7bvt5**7`PYTj2v#QS87kY?=NAIzGBWSU2$@1KB4+pl8DXRCTJxF zjsr-(W`(4o@9!P1yw=Hvl%hZ)Abl1>I*MJ3wbk!^Jmu`KWWD~Z{l%+3&YH99Nz4RVutw)g&?BZWX`~~a~@s2yGa3S zCtsgjKhpXB8KIfCE}wcfjQLBsVJ;yl!^E*4kUHpBYo2AVhS~(kr9KSdb;L;h3al0b zdSIdI2DwoeR~>WxT{`S|tMg5Sk;t|;1JXRDkOBwh)i%H?BVaDd`$Ryo_$zOL`3hoA zTH7C@eR)9KPzHI>Hh-hRk|6#e>|+i1fKUfTJcyoCr2GE=I#c;~o!w~?iXv+WKmN)x zspBf0^K>Q!1&*1NDSVR*siQ3QE11C+4o~$NpCBCw&hE zRpCH5(W2q0_bEA2x4^{|Ih2q(brz5qDSbR@X%wMYuBcnl)eJ!e(&&L71z=pna%h-X zi)5~b)EAVEFWtu;Ak8w2)*ql4E(R1CXtad0tr=+Js}Hte#f#-q#SEKDSX7ZAIs&1v z4pui`(*zl@%$K*TVzYnL`AP%vO+J1pssI)!efDfjzwJU(_usBI&)Lun5@P_vBWZ1s z;vH-lRsu2SNyI>^hWgvl7Ye@vJS$}Xlp4&3Q!9(#&cM-80WpY2fvM_&a}TK@Q7N-@ z2LqX7kx0L_>fyq`U0(d5 z{U8ut^4@OLjR5?MLx2t#2U2w9tV4McofoB%AO}2nq41A>BA6Wx1+=mtOx$cwPu@pU z;DUUm<}c$Bf(MlVZP%sn+-!oX(cz4o|?>-w-vAFT2FAyAGSi3xewJkBkVc|{R z@P}VN__@FG`b=CS)nm389&XtbQoe)3@CKB7@@jsUUM?mtv6T2SYs|ak#7i!~!awPw z8?xdd-lD0SWunSZ=C1HjpLnB3lc6KNh4PQ9Nwi66%0wf-EVr5C((=!FE*-zxzb6^~ zEIz`23HUL!;@oiC$e*_3)%`ZR1%0)+w{Z0I&%S{J?7_!)IB@KM24QWWU*zN`G93P{ z=g;e0My;TOoqYT^tJ-@#lNf$wsjTJaA84g<)%(38fq@`mL9%kRqJgBB7D@jh)|1o! z&uPzc;*Z}h$*a;iH}uX-H1P0rv-29A3=9f(9Jny(Zx0k4%3(*}8)Re+5cRQR;S^tm7t2-b749yxnqbeKqhS|7vm{ty%B#~dFG zGp}}*51Jr>1)=-4EB|eWa?9LcVzcqD3Mg(oP!bXpy@NUh*?Z9}15AjfiT7^q|5WHp zKSuIm@OQW`u?y31IdMwi)SH5-PxiRbWH_HBzRLJ~JnzcZlh|N6)l&KWQ9Pazx?4<% zNk(qxOGzHN{xa)_NKx8Bm$X^@_+qe-AQNcJ3Q^@T*4YZyIRbNt?SQ7 ztvl*I>t`UE716t&rZ9VVqw+~`WXxRM+ z3QI_6TUeyOy80>f0OpWF086!7%2R%IPQG}V_ABqf8ON=ext+P!i|4-f=^`E@CJ*UD@JLcErE5w3*%}b&DJlyxap07GH=&jJRg@~A)s3mm+UuEl+ z0bbdF;fB7|`x_|)6_*@SSho=InzD4psfS2zTs67E3)W zx;Y4h9D8Q)=-S=fy&#}n7&xMlQXNJ}zc>-uuwOuq`~=h2NA5A`V6$*&kbz$T>`>7M z2a9hB83)A51^5lZgW-L%Nm43hKJ51Fdw@(otndPWnOcNKUq5J+(fqy!N@P-p+&{y?cM1AvJHbYz%*UI7xH`yUo*#U5y5RZS?EJBMAJR*tq-wysDeB+&WLL8%8%?hS z)y}YPonR00(vPyj3?f)Tr`twiKB zu6gKG7oAE&RS@lOxWdMPr-<{C`wr4wrNvrOIIO!8%Ev7tK>pCw9Cb9e(+1Y31K^bunZJ)H) zL*ymCYdZf5L^LRCi6{hK_Hn5Dj-zE>vqaijWZ^hkSg9sr&1#pTZMmu9vot=7&K(1Vc!^ogf(53;dmP1`Q2(qI+*ipcpry?~ixoMrS zlj=BSlrANp*!+N1ngXJVyNQTxqZ=t*T1AC${Z)nTh77;(XRM_MGZs zrCIO(nZl^nP&?hRO$WOpttk9Zp=Y;ZEkq!mjz z{Sq#dda5Qn)`+`C=xcOM5#Y(o=96Tn*CVubet_{@i%4q0eew$=Zv;;>Vtj5p!;An(O9V`k zhE{T71ksYJhohpMFEJo#$bD!94MHG9DgE^AMb}kx6S8b?7$5$H7Z4#y9uzz>6USN| zc!2BJXX|H#2c*6Y9HNqfV)GGLX3&x;Lu=K7^o!uE{qyma!_W8kemC50+(c$xT^TmO zCy?dVBOa>Dj-f(n*2%kqxIZP@fmHBnrxCk&L#xlqFQtpa@CW!-XF<_5a;rm};Z)}( zI1@e`vKj+yt) z8>yICZO(&E4{8A^!MXb$RGf*+FW{)* z@9cu^{=z+{+ugU}VYdUV7mVI(n7NsZKiL^BhI3EQqYcf$OJEZr4+hoqX@^ft`sq^S z-71^xoW4^G;6@8>Vs(6s{HcT_jG<*8W5DLy7=j=tH%@81lSEbAh^Ab8hEz*Nl87th z368gUy*;Oidvj&!^pif#mukdRdkGC~`)>v3a^}?at_9bTW#3hTg`OFO`5@1u{8WMl z%3$AX3*MvbQrWaZ&M72t193zsV4}#YkN5#t0-n0M4ONkYP0J`*c5;+M?i^(ZTC-qp zYXMR|9*%^6mCg`Rfl{Wl#$afcfb4SA%``h&uLQRzYv3T#&ux<+?h`o^VG?-!2@*K%q7T5jjRepApqF00kqQ!T~C#uwnfP@z%J{6xL^ss zZOGb^;eE!x>ZWKeujZO~dyl(hF5o=hGJLs|u3gYV57uJjg&-PBRab@oIv7`sjIZC^ zoX#o&)*~1YFb{By@PP;rvXM?AqaN6rqsH~2S8eK!_*CB#vut1 z*izCm%m^h__|}5mOo%9>K(zK+AgYZ-s5&CoicG0F6us0yz<>MXDV*k!8 zOFg)de#TJtu4W1S0H*D)!AfbQYpi~@lD$zbNE8BNlWO{=kEChe+FWP~q%M8i?NMcv z^l0jD+GtWme5p#Qsq?!*enp!tOReAw#kGkWualX6g%|tF^@S#Pe6(!v{-T-DO&%rI z8`Sz8F-Oq$WxG7l0&%G)P$VLXodAJyuOmVxu;v3TnLv=~?3N?5E>K_>Yj5(1h=`!R z(KW#IK+J~39&pDe68~{wjjdDlDV?4S2JdyE>2Gv60C{i~*fsQKATJM^A97u^PUx7k z|MV{dnK23`LQ>_R^%5KS>`~9N77Qb&!MKCu{mA8yY$`BgXpdio%>s&m-iicKcvzNM z)}R2+8~|p}orkJQK*-L8pf;p|Z)VW3FC9a~_M5b+RZtJD`z*bqT#m8XBLO<>|8oc6 zwS)`&2<$&BNMQ|kgZ93Z|Hkz?Ff_iyTo|%{@@8xs9G1`BzMnzkEaKBId;hox7wP}1 zcIl9PL3@BeskaNPe>iB}4+C7L1G~k)zHX4nqa*?tS`eZGb-qe=uUTo6!f78otq|fI<&98sKllcLl+y4Xu&?3LTL*y!1sE2@xtFKnHOO z0RbKbhMCb29KsE*9@N4K;%oZ-J#b&2fRpMz{2fSLK6F&b5cS7DzuH0#S7$B^a>u3Y zv0jESjBH|-s|wo>ii$RX2g(7gJJD3y9YJ&>wWrzSZp6Yj_RpLF`2BqdJNbGMA@{i5 z8(EW9%Fmzgo5%X?4y!DOWp%vCZQ%A=(QPeYNoW^( z<8|sKt;(X3)$3E6j}vH%7f9hofD8=@ESc-Ag3E3^T}udl~{!P*E+s{j50(?f@jdhmA8b&DxI&{$_6| za;$5k1WUljz~Tk=PV5(lOa)Itgw3vxchK$r(?kFm$@f71-_r#w83i3D`+gTfIFQ~O zsNdt@8ir3pOjp&3=*}UF*3d+hiUgxS$~}q#SQmmR-st*nfIoB@2&)Mw7L7YZPsKes zz&N~@6mVVUeQOQClsb6>(08#6eK`J6`Y!K(2SKOt(~qAk;njf$`2&bP%~aedXI)J= zk&y!wq))?|a6*~k@P%Cgrf(K*e|st9fB}PU?x(ASY39Mx&xphuXP^^w5}?rYp>}0B zMqcFtg``a|I!prbp#xI}bQfkniMNKh&Nfbe8gOWKJUq7d<0g0JiLST$e}FOJM8%wR z!CM;WB7^^!%Qcut4le^b^b~H4;xqnG^oi!!TzKD5Bd4L_T%JhdE4wyY<+UCSC>3>M zuJ<#zn&7{@w4CRgV;oFA7wFn&##U%oR*x4uVpB1D8>&B~7B8$=6n6PpXO6A9+2+?4 zCz3GHyqutki?DpJQCMorE@jT^E3PFJnHf9VjJ*!T-#fOmpBBqnu8%dw!8v& z$=RPR>d>uV)CmqR^+T*-Qu$l70fA2|H`*zV=;y%iuL^e;-BEElT6WM?2>Lsgb`xDU z@TvKLHUKr2ia^I9k2NUh(ZQs;JJgMe>OJ?7WMLWP0z8tE71Zs|%2)~Yo175K)aY}`=*(y0;8z-(VRanXv;YcmtXd}OF_lt>Mp0_m)J_};InzYhifv)hM? zpmou`m9$1pSRfK~^H1FzZ=xAHGzdJxUGR-C!3E#3wTW~ofXHY943GdDCEP359#e6! zZgwdVY+>AW>dTArQ-wQT@B!4VqqG*lVOe*3VI6x4+OOV*?}J%T_l{1mW0$=c(4~T$ z-4MEd1`cjzICYU%7MWNfazxwlH;@*ZvXR*`&WwmIfH@a28ps%t*MffG4@cz25e5mn z8lp7eqHyr(ul10I<0DY}!GQhWFPbF~G+O?8nho)g@DsGam>-5_IQX+*-H0v%W{(!m zQuOZy;VPo_eixVA1RcKp=l1LWub{#FXH%T9)xLd}#QE-4)%X0dN-0*^dY`dt=F*X= zdC$c(t~+}g(5>N<&7HLIx9O?2+0*LrcbVnR4bb|+LF5AhNd%YX0uFQTjxnU|fHaK* z)ybld9^Pxzi7RGVeF#W=nSHbB4@kYVjKELyH<1DF3B-ON-z$u$@a;T@cMsWdvx9bo zk&zu*I+1PIjOa0F#gJOsXMNzpX^05$g7#RHR|P^|NHmQGH1D{3{W?pkm<66Ec>M4Z z&}_9pczQr?haLI?;q8X|4qOQoC<+SgHQ>~OLctg`1Vc25*-V7H1ddX}%}RCs%Xu_V z7=l0)#jYTd6#XXvj=TcWn#4a%;267!Gyo~OMFYAft)i6r0e(Y$o^MS4fE%a|Wc|JV z6L#m4CUeFB`!|||gpbqzrR~hpX!u8!{@iTK*F~XG=s7|cDEtl*Z~sW`%>*Af+JCbK zZvuK8!ESl3-GuYl>~1NvJ)`fJYkyX!SLM9QH7*}9*-a~x+gKduLvl_k0+!);8o)AfAxPlAhWf)r9 z^<|D^QLU-xqui>A)-t@_<2b_~lC1n>fiBShV?tP-sg@w_z#>Jv&;JE&4PG^IH$9o2 zhr#RX@Z2zX+y0r)E#Lkxd<3K})qq7pC)Jod*(ZK>+-aUj9!4!y8UvL5Cj_rfW z1Pr)Q@O)~wi}H{ay~L~rOM*!ZDSTdZDISKCK^t!R=a89;5}N>(l7fE^vu3QGzltIE zEp-g+6X-HTrxOi_A`^(7wcwHmS|SiYBU?DedKHy}5B6MK!`{Me%4-FuAR>OyW&tWk ze#^$jgB@42?tw;55qx&(XSbBPnb_X?h#~PSXysA0!oQkla8IK>0uJ6Muoj$N5DNHMQq4&Xox-%w{uSS2RU$E!dVs;H`~-2N?#FV-F!4!5Ta)Y)R>*?Jr^R+CznL z5R-yvIUo#Wi*?b6jy@r9*diAfg!7d#J_C;;ibwhhQni0Q_dvbOvde(t6ge>y*}uaY zCv89fZ^ye)x2*jbT!iNa+F*r&ahPiyfTdV|M~(03Yd}Icc)F4909Mc__&IF>3qWRD zc-8NsarF}!(M^af(M+L&qg=W~3OFH| z!+Bc>rzpap5HSbqh7SbHAlLqc&1Iz7BkHExVmkGtyTIXV?`Kb3dE|*0 zlgroJA71Wz@+|uqe~3M8_wA?o*RNBJCuPNvM(^c3Yp2IWVAI^R*Q*@Ny*nbswA%!WvFvn5InC!w2^ieHSs@V?j8Bg~U_&4rn0ZEQ9mbt3vq zV;(iV$T`i)du9gj+S(4j@n2d=G#N>%yH_o1v#QlM9mnE6w->u>$ba;TaK~jm^&Hh_ z-J&X@^+rMBW!>8s`}2Bbcy;)gwl`PzLrE`= z*-M*0q~)`DMkA_kg%IA21nM0KOFUR!e?&OEwfoD&REA|qrPOFAau>T4STRMOw{Rk_ z{=^vF%BIogJ3QBs_;&o@;mq%jnYYdDU3Ovi)f(medXQ#L((BF3;O@2O%IV(6jxXm~ z*qsd+-z9Ml?2DAfv;}xrfm|c#TbzTQ#06e+^(Gd#vS0JnyWYP)wCq0@W4$uQDd%NS zm8VrUvliIakdQi(=DHr*5T6&QI*h`FP=q4UO^{aD!jm~V_8M%pxu0tOZpHsCM7T68 zDM1r&apc%OmulS5sK>hp^mZq>o}YMgZt{_5kZ}@iVnC9i>|0sebkd^5C0mEzE|enT ze5c61q>ff9eZ+;n_byxwj31!HsCZ`Wi{d_B+!Q0eW|g6#l;ffH<-$`Tj^{PrWe%yW z9IuAg^FBj&#Cs~D7_!7V8Xxl5)O|^Z4=W(ln`t1;>tB)(7dILTAG(vxL3$L%y$1aJL?o9$e_NZbW`XTfW0y`fcQa^s>vgD%*MG?U z$i1j`tg%3=d?}DQe*1Ct#)7-m*H`nGMB>_Ks$}S7Ed+FBE>2p%xwY8PL zOj{~DytnInr!JL7BT7KR#vyc;?c3)lXJ>XxYfb!21X+V?xYAgf(^$n1(v-lY)`ks< zz}?$rCY_%wzjUz#SXrF@K122Na#)4yFa{H@d?@OkS9WWgtco{ox3IQ~ZOHTw7N^wU zB0iRNiiZQAD)aiBZy8K*eyZ7NX~(v&-++nb<6i-gIuCD>ju{+E$XiGXQyNQ-_^lXm zjd+)cZI0WPcxkPv<3&Nh(JqcA0qz8@EUWuD$wke-LfI4aRJk&uM9uP@2!_9U(&2_ww1aI>tQ%PsaMHSPh2IZWgQ z=HBzG#9kXrIj81trA`wI9Twb(3f`M7`kK{*w#b8yx!g!u&y6^0KXfDExH z;5&`l8iITMpDVvEy+A+xma**C6>_)6O4CUFWCv zY5Z5Z@!Inz9Jlfry|Nb-2dg$1xEgF3hC#W^$9nlzh-nFZFZKu*G2<<4B9TM8vAMss z@cAT0>b@s2r1Na2W=?!J`Fm5nRPZD5T%co8nIi)S5C20lu`Q8|fCyt+#Y-_oOeboS z6I1IuI&UeQT5Pc4JDh*rx`>Y7S>!Nx!Wq7XgXCgrC#`sMx0ZG_=TVmfPA2-?q3PK6O^$zE!|fN-2DI zt@$qnS7cMnuWpGvKl!a|QbJBOE#%4pVQ=+;e&W=L?KhwDXk~XxjCi9o!B;KG258=$2F4gc*ou(KonW$ z4U~^D8n}5m_V{TMWMx5-DB#m!??{tugV7UZULZCPr1i5yFNFT-E>Z6eeE0aerhg1( z5_Lk}z~`L!T#w(ozF3QwUeA+a<6gJEo$9x3Cq0Lwph}(!V#ogpr!a3*APeVI)XV|MEi3sVif4<)3|$sboyq}vd)tBiNBA8cg z_4;eo@Z`DKodMs39^aP9Sb@{;-(ji5@B!@VBC2`b;_aW8^v_#*ycZ?4V!3^Ci`O}K z^*C>+jNz3JllUYn(!k1-b|P_{8!#@vB*k&&q<3*tWu0cg>L(n(uM8HG=*h zW@LYOVqG(}-&-!*4D%VUoW+kk- zL6}7spJ`H>T4#|L8_;lH&;I$N`8ty3mP74>{LOZui$|Otjx@S2zB@}L9JQBN-0l>R zv@^8wvMTbZTj#XN`88iz0)$jo|0cmb6|--Avamke5Ep;N@MMJFv*j9z2d^Hl*Fl7U znevv;A1Vb;-03snKK)aW+-kOBKM@q_Au<$LnT2_!Euzb8XSr@4$%VDzcC=~d69koh z+a2JL?EsfSkzLSj-vf*rc-*x1u0ui`JS%s>Nh4KsfJKayoLz7Rq!lUIit~pl%k*PO zxyr7KxZTA%EY~rH96hXjNnd*Cjr==4 zv7$#D(z))(N>ksw)p&U9;@4thvHqXGIYR;tPB9W0Lhw5-P;jxK0QV<6Syb0kIGn7P z<$Mvzy}SC#A40ea=Vtg<)K9eGDH_N!dKe92^r^_heD4&InfGiPL@9M1Zsq+mOTgj9 zWbWLe&u%l(`*11as6>Opcsm}0k7SlJ@@@WV_I+1Kqe*#RTi z)$iUmmXB8wxxW%z>=QIeEOXc!wIeU2m^%yAA9ZG579k$19oQhl56P9W&U;=kf2!C~9rmMc1)J5m~;G(BSQs++(>tX*MYVn0PdluVo zp7>TSc}TQ#JKIw<>SPh+n2pqK&6Ql6T)nFsfHQg0pmKNW-qVGj0;(B3fq3&8_BYvU z3#VUfUp63p)aIBS9BIl^-2V68qHIm{dwQwIgcR6Zo~}}so%&_}gfQF?_^SFSAmEe)^|pd9 zj1u7dH6QBdhpfZm`lyPi`EZwyF4wb?1BD!V^|%X-+^s(OtQnXeUP_?FWP}^BPlO$0 za*jKjtEw{Tj;D~}b=4A$bS`xG4HDT#9gozg?(x=X3%`A8jpJqYpQ;|x{Nx3etF{sj zrM)xM7B>U5mw6&~YxB;3JZnbMBV%ilp_4HZxmK4tBr2p@Dy4fw{}8$V*5jV(*V?1Y z*X`oSmcfa%sY_^aIK2A#auHXaH!e`ZN%dC0iHKRQ!=COuS@*-#X~n^LZ=!734S}Id zdT!$qr^!B-RQ{yo+xk&F<+m646a;e2c<;*axr>+U<%Pa{u={yMU1lMF`)VRrpY-at z95a(8YT~%P-o^As`mWs~zOzo1CQ>&BKUe2h@-Lj;@}J_*)8xeM3Kms3-wn|eahjB3 z+S*J!iJ?~x_e%Rn)jo(F=Cd$4Yq>(TPg_QUTVYQWAy(h0uDcr5hAE0RkM{VYq(!=- zv9Xx?3XB={p#<>dpd`g5zzZlIJ#gLSDSw8Ae2@|e|bZ>U)QZ6W_%@~D)5TZQxF-K#c1!LSCn+0-B@k`V-W zuJHcLm+z$hHzb<5-W+V67JAg)dL%-C`-gYWxc1C2@dZ*MnRH&L7CLm8is=ZCQeMu_ zkdJkBbu|6Ai^jy<9CjSrvF8=JahoCz$-7dYOaE*ne8{6{Ue^C?Y&+&yTSWW_lTLEv z^UJ&ev5iZsWIa-2z7$X5>k>jp7d#s(xn`EM&I%sfkm>iJ;!Yx(tHsFR`IEc5)shbS zLTHa1e_pIoy7`lDNxoea*N&}B(=Drg$d^d}lv{&Y48(%DOCKI;(!@s>1|A;NR%Vm;PUBM(TYolkQcYMnncI~Bu$ zzYx;xi1QosP)?P3uO>}9Wv%X|yi_bN-nwlcQ>dIH`7~ z>GT&HCB=Ec*Q{Wg`02tUXPY<0F1RfHe*cY3N%^9JxJzT(Ei(%aEvIc(l4{(aGt%c3 z3tlm?BY^=;o*|SZ$=dJtltfT#km)@%v6odPE89SsFxAhaYY@cj{eBwMzY@c+%OnYC8RC z`{8Yjki$opJ{gt}J2N-zfD@6jc{Pj#7?Q>sz=zcItL>AaflR3gEm+ zZ$)zSB)u@}N8M3s#*>A(oSP(?Bq#Duchro+?Q8m8A8-1kSqDwi4>Jf&s<&7sl z=B7(}s>SZ;ZP%Uh*_-tHJFKXY9dAx)Y4I*2;=bft^O$~oxL%=5%*z{C!iDG-HfQcc zuIl)cwK_A-k)PA9DT@6_ns&@L3tYPR&S9;Zlt}2?+|Fz0Wyk6!5gbRnZ&q-y#mrvx zVze%wh}lW3ov(e}F(x?{@2n;x#se0#4NAn*8AQ= z7Jh>3b&3$`q~uMWN|+8igW+dv>I?l!>;5E&|LfhB+tUKu>BeeNjg;;BN;29@ue*n~`x_Gd=|T4y>Gm2l^nIOKWb3(fcAPc~LLah4wosiPZA-NYXZahDQ%AvlX@I?N zKSDP+oSvPhkVG8` zkT(L(A|fJ0Ho;O50e3;M<)AXO4V(s@Kam>BdHcY1Ko6cY!dX(9MM)_Ubo(Ru(ck?v z6iw-##J}d~A@__eWRWy6u*ztyo9X0>>T8+yM46F&vNd5zg6VkTgtL?nX@(-~B zmnI(4UJ5Q~4m*>jF`Yz6S11%^IAmqQ+x6tfr~6+cQxZsPO!u#}2+tAlQ3{j{;^W$U z+yU1b%2h9~6H|T~QL(6!Vjq90W*tK|QRQt;{xJ33=NSySP=2>1cOBW|*B)5uQgIG% zSGV3e%h`H8+Y&OL)o-~tQr#2{Mq8~C(^+rlf>DgLm+ScsDrSQl+ABUk_cP;!V!B^w z`w2Rq?;Mj9YR;<^z<)`9uJFqbE!E}>4U-xuBe86gL;M{3Y))#VZ zLg|IQZjjUb{WTgBvuCD1^VWrg2FqwX=H3bqiQ{%JHa+Y9`yr#mQY-dlcT(}${QZZT zBmLia)Ae2b&pIpP{6(_Uj;C=~+Y8OfI@@evrxWU*RLf1K#F%JBpD`3C(2GlWUNtZN z*1N&R67}vEpUevGQpXSf0F2Gr<`%j2lv$Sv^J6`qHJp2? ziUj+rdTVx<9X{Rr)NFBBg0fIX{FdHM$FY7NRlO8a#&O--U&T*Zy^%X`H}(FWn9Y*& zZYEcg$f+sy7mm07Fm02b$JwO*+$IW2vuYQi#iQytDhUs!3}J(c1^!B(dq*i*71EzD zd`f5pBrk$UO3s*pv~^&`F$srOv01MnAA%_;p+Bdr{%F@^QF-`;uy~&=>x;p zQyCO>y@dX~kZQurCU>HdCG)*C6_4pEZF|=#rnIO1R~73ikLB{KJ-$HhL{x2RmfM0Y z;;Px#JhY^HBIV#|pU+ozeB`Af-E+f^=h7>CbeTqH7>o4tx3=mp`eWV7yvdlxPOSV5 z;4VCI!PKPV!V@RoXSm6>;qN{2E&|V*ReBAEyisNv$u10^9=vvx~<28I*%9@|kENTR}R(n2kFAYfh4)s0}5Wql&4*rcH$I3ek zmdl=?QEZA2TH_;HV&rzOTc$uFBA|t@fL0gvsL>xFpaG2(n=SvjRJ|s`T?+2sxK?8z zGFG>Gq&_utTB&wLqrvN2eomI4+q)y0uUVv2OFg?uaOyg5(u{EeRAf{|kH^QuUOJ~u ziONvX>aFli5k2APDUEg9EPou-NS1?DOTP1wc7W|=B+0z-Jdyh%2RCsR+mjpzSr^LA z1dWT4r=_?CJ@U-e>1wSSvy-HsG)G8gEyvzE9FiDGMVqDcw5zyh!p`#3&D``SeJ@OM zK15Sx{Cp|<(#nB7gyyMy`5JS@!*Mo(<>N|a?yZsMG9~%Getgp0AQdK-p*f{m|td^AATDt3{dHk7|g~#qq zxlNNg<$q&-_C7SMhcVJ9ySWRo?=Naq`}O9NhIc3ro+~7rvPuw{sX3%Z9gqs0xa-O ze{j~8=C^G>N)rwT#~E*r(>pgAGxF1_N#gngkA*^p>dYi$XBTaHf(DJc;Tnk254PG= zTS;bMJ3wFe-_d`%cDF{u$OHqMkvP}FC@IR+JSqWan}{2+;=a^W{F~`sE^3xowdZQd zzu6d_Z8PI9CRVwXRh>ET&tM889H_Tu+&P&i#cpEmchdH__aCR6GD65a>7BgmmQ=RC zY+p&9ICCj5IQxp@%fkic>HMLN9y3v755w&xT%@kxFNBim?o<^EEVYxEZ3TR>*V@`k zs_Nk=d=f|*c&%MkC*wO_lC-{oEY)?WjVC?H@>izAC&RN`RL0MS#?1p>o^j<_4ez!S zR^?I}AQQ0U?E~43(7i`;hEfNN7Ei3P;szz#R^u9}9 z%%ZUTTE`!ppLoGifJFeuZrd%YBxa$pkQregh0_d|4f4?<30B46bUVI{Q07Ds74E5c z;DpQW8g)FNTenR3D#CT#fbPlT$1}T(4Wl@dOpi^^zLB+s?$UMH>PE3`OL1tZ%h96I z4di%ZQ?;j4s%tYgk}G8za8P@YS5?(u&n-SFeTfiG-}7CkINbh)3-ftPu4W$hz{$Pc z9%M>caAg;3)-lk1gkDOtqTl~-)Zag&5I}lKWPT&G84vYVA#WP{ue&&(FJZNH9kL8i z$Ju6*Lp|ZlOt2Djkwv+nDASw7G+INCs>rf&zV?2nz^5uP{x>KiZ}QzLnHu}V_~J89 z4Q65}D*03bjZoQ#Xoovx+Y+?|!+aAWshXs~EG8=#Z4%Z}QgPLr=btvo3Z1_y?thbPKomgZ@C%M$Ngns=?5QQnn-)Y2h(I!r73k)Me1(8)5A zv#WbOGJ^sd*A3;jW5dd1tz(o%=40CAaSz%lXZsY4+A`>BlfNF@++S3bpujGhk+200 z+|1DA%s#QW1A@zskgTeh$r3nFy(Jtcr`W~+^nxX6;UKjf%b>`V3=U`QcJ}X&vhVo3 zG!`MTsB>;(ISg!GBYN#jeLMEPD@z`{Kjh-S_nl1+KBKCtYDbr2Mtf=Mk>=7xvz7)8 zX%3w_6J63C*}sYy!LmM=#IruE zwDnI|q2%#Afvp?s|6T4FcT0=clKqi4tYt0YYbm0KfA*66F0xlEOg;5C@ZhtRwlF{G zL#~mU&W4S;zW<}^ucM-D+c#{Ol#musLVD;B93+GR$r(Zr0cj9HN{~`&Xe6YEl2AYg zMN+y$rICg~5CLgKy3_Bxyr19qzUy1-`}bMTy+FOb{s5By`q;1dBs zP9PjWY?-onW%v~D`3MO~wt1VG(!iM*9n4HSN)Q7yngep47LK!zt4Sm;rs!swBn;tP z{TKwfId3Kxjfz|d%Bjp9rz0rZUQH71eO{a@mseCZs&42w(SiG{_A+{u zf1)NpgC}pHj8>4dTVY_aR;hegGUs)t$_%IYMh4&d1Mi|VbTLneDwjg}NBhx^l;^Kf zFjBP(mXS|i@B6UbhP~~WG&Ol-^kckp;)({FA&yOFQpz!V*C5=eW4loyPop5AY>o7~ zy6a%TbEhYO%dQfjOVFnAcDr4yn4q}6nIqT9c;)a#N9dEo+`s)+KCEO#|K7mR&A#Jr z3FbNLL0WX{u1?n_=3Uq%6U68fQWS5Jhae}r&u(;6A7&iCAILW&_;6g|o)9~2$!g45 zm}UB#WaIv<(E3u|-!o<^3M_)3(}3RX)?dyTNfK!#&!D`o?vddYr!swA3lYYbk?$^H z=t-AV^rmE32p*eym=l(GFFjiE(rxX<9F_49^9TrNPAZ@H$9gA9FwP~vFxedDo4KQ) zULjQ%S6@jx>px5A4y)rQJHiRtR(h8P-_NMLw0T7YvAx*?ZXyt10<_$ef*Vrm=I;xt zQjtL!3?61#?^0+nLlvhnr*b5*Rc=l`+(%t_4l(vl`0H0F^B0XT44(z78X33MUotdZ zploT@XUI38bj-;~aemrPy73E3D~OXsZ(4Fasyh5Uldbah1*_SSZ0BinQIT-L^F^XC z*bKI~5RKMgIyY%?a2tAA)>!9M*CV1GGW?*YG_f^zsT0!~qkoL;1C0ZtR2wF~hk0en zLQlQhbE_}H^lxZxW^ca3R^VBVC{cbYcDz!^^`c+=ZjsX?i81)foW)asFm)$Wd+&DK+Z%Oe2D21eg0fc-sqTagvOfUZ7X$d{uLYSLNQMCMjv=1|Nb^U4 zXkd|P4HX3Gf;K$&$|gXFixtu<4CWF-mLHHufr9e?a(Ey+8Rc=7<7mmZ$e0s9S#Xuj&9AD-c6$Zxh5(yKA#S z^>#i&;p`!9;0MHy1_dXOnpXz>LC7l%hTYa6KMbkz0JMd`gK7*YD}bZ#Gr&hc+;{LN zvH~G?2w4H*s=-hl#HZiivg_a72X>?!|8}G%u{8Ub#+u z*=tqHQ&oyNUEx$G)UFJrS0HlC(TWTxrhfG+yQ;vHH31onVxJfCF&~WinGjm@++2Ic z?9^rbB-eLx^3FZ-Hbz=3${T6&1+n{_%=6_BxX04qacR>da@L4`9|zHfmz;ex-_sb1 zn5<0e*Eu^fb1evl{e~0~0fEC``a3BHw#FhQHIj{IX#;V9U9pR2=MZCBrdFsm7*pfF zJAe_;$kPMPIVOxe+$klK^Zs?ezHdK!0^F?F_-w%7s1R=^Imhk%tLVRK!(qCVpp&+S61V z{B9R=AwuQM4NpG#&pxd$Vn;1$e}3&b@^Q=a>8<@jPtn1S*VPJpv;vLggI8y2rHs1# zBNFxuQz{HmzX@fhd`&!?K+Y}m z#lzd4D?t!J+u%(TxX+=E14I^p+?G&90wm#5f>i%E|H1oz4wrZ}kKZ$W;F<8ckxYTE z3MJt~WVwhp-8yebe%%Wz<;i(7%_omOZ52i-A%)DTSH(o{^Op&JrPr2<_V^nZqK3J9185d6@u2tiK(6=yx*_TPBmrUCtFh~)ta zqTAp%vIbdD=uHT5eSt&|+?9}oj~HZ1JB&`FJJ|zSLBd(>|F|H3FTmdmY~JH;Gu#CP z1*4&GxVoFe|LRa6cs~T0cLB%Aa|}L^XB>}L27?_Gql4B?Y)o_ur(0$S z@G`Bky7DlS?DOcUa;p{l43N1C+<(<$xlPIXS|`hsY-n{^d{nB$r@CI%#vx3d6yM6W z*J({os$prSos59J+qPZyGUQpNn6~ulK#X-%DJEXi6&$pq1I>0cqn$A|A*rPEKfI0uI!;p_Odxk3__e@& z)Ndnq{NGhmjg)o8E=h{9uTNLXS03~Wloemc75}E{E^YH=&pjoLrmu|bNzkCp-i()= zmLz;`N&NmvYVm54R%VPwZ4_g4{shCoI9X3zmxnTE8$ zQ(!^|jx(GKvGF?C+W2S(^CM{UxcK? zpw_0oxeV#&p}_i`^XworzwfkOpi#N3nXg(BYKZFL6o*Cc#fR`1%u;3EqauH) zKq-C3K7v6dcQlD68)CKHt+HC96*0Tebb6UCa4fc!xPv_5A_Lz6W0re@7#PhOJ*Pr&flqruj1lCIAiETCnjg7Pg1Da zD5!iOGP9HWuA&jc-R8~2g^3ke^*qL^?XGe0Re1+D-5#ao**A-1Sf3D-4a}d)V)1Jy z2}z`gyFoNQvy6ys=4nT@zH{s16Ys{Pxk|=}m8vNV#htI1rFZeVInA;gUdOBpkAA%T zjGLMTp3UI178+}*ehb3}JGLw6$zDV@dAIV5E3Be%^^PS%CMH#VCKTrZlDIF(Na+#N)E? zUChtVbCyr0I znoAw%RCY6Z9%pN9&it$)Zrw#BlWIik#^1zY17>$EPj2d13?6*fcgOS_U-&UPSU3prAj&al&Ey9h^oq5#fu~~o;SqrMs0Kp*K_J&?vpWOT*0(J{=G?(L4?u)> zRHlq(4!ilXRmQ}@ZU`W1e+GQThdv;|xuDR$#d~{hWdP7Y<@rBFgR^`tXhPuyLDJHB zC8wt?=eL5MHkq4Q*4J%jsOG~&I2HcIbL6*~Yc&wO@ zPo}3P=FIxtlO?b_$f&mjL*bqmN}Se_SYDxIlZiIPl$+P>@vYjp zL+Bw;`^c8w(PR&^{q7R~itC0XpiXl?ZIo9buUdi z!R9B4D&#b|9Q>5`R3CV_zI6p8n-)|})cJF*+ws{tB2EOG(5 z#^M5Rwtus-DPx;mhYc}aAw>Q4r=+n1dRk>#e~x`yD?a5FnaEBHTPOWZ&+r;4yM%Ts z>0gXg!uQV>ZG@@vr3*SuGr+GX=!@Ydi*{>s(!C;Rki(6?{P5}(TnE0Lf8|*fGfAAi zIfh$GKNan3G{f8)o+CVLFC&%gwdBLb=gVPuUcC3obG6pq)!9YSqAqTuH*EY`-?7TcH>lx3-<{x***IY9pRER-jS$LRVf^F$<)B}LXEK00LUUdR zx_BhSae)68A5-fNh&HdXKZNOlZ^$iBi^9W$tUeHM8t`v!B$c(>0ymxnU!(I@y@S#&3Dq$~C7Is7X7AgG!4i@XR4V5@ zvmb~5Qua(!Rx}e5y61~n|M>#lLeDQ^zBIUYiuc4fAr<*adNz8~9K3~yxH{4!-1_4D z6(3EJ2R(^Qq`CgY@>z&yDQ5e2Jjo>bSI#rD8-oNv@ca7ABy){x31!#m;+2>3FU1+L zQNuel-moI*xNInMx9?-%zx=PiRTgW1z{VnJ$rj5o=U-&dW!y}7X0BO(zIT$rnp~<= zb**R74lN#`v59OpL?~+eN?{I@s~Jze4Jj`Z_OYhDNypGq!Sh-_QeTVnU_X;b`e$iB zPknAQXCaN&p(`(G|H-cRMGe?=7)lKP9HgvhmfhzL@n4#7!>LlP;Fe-NMWhbvIj485fS($6cqB@^eBA%!V@ zshb&rQAk-3qWjH+^}&L{9S^~8D1gipS?NLO46gjJGrS-W)t5W*m~td?u+Vfj&B)Hw zmuDDWk*u_NopDm)kMDBdn16Z9J;xNZ`QIr}15Yz((UM;PLc*F_V8H)>YX4oE@HhW9 zdti{|I{PmiR>ard%x@Xv(RFy;Vx@Kb)+V!SyHt|dhu4osfuQB^$*f|A?OW|&#rn@< zf?~D8RPwdq*Wym7MsqX1!b3Acds)%5k1=|eK2e{gQmKlrnG%%AeE-_JFR5&_YJT!f zOr(w`JH6p?ZBeX~^Vx8bs&nI5+gpCx2Zl34J}WFqdWP?);cp|fo&K0i{J~Wqr^T6r z)GA=WGryl_J6+f(e>rRxFVa(t^U@c&E1`Zi_G4z8vjqzicks2MNO6KSJY+1z*_DXY zCCb=#xtm5m>`{*}@iN8a%7q-G->{N(YL{Eb7cQ_f)E|2)aFPf$f54Td9}5uev($Fs zRS6laAxrBL4Ui|#(rY0jvlB+}}G8pEn5+Cl0w zDF@~~e?IuLA2QWEnV>sw0^Ln8Hogg%FT?qCSWsSs4DJx`(yAK+dnIA3u`vIC`3}F? z|H>Z$KZuMuTyD)ebuEymKN$}HSumSG<(;vb!yBB}By`~;a(~QgYa9OxLeT;o9VBJ& z=X!^$D1Zhpe$yCx$QMg1P>7Rg84W2Q%F+yr^HfOvmH<$JK*R)f+inI<&=~qWi?*lN9!ilPu^H9wnvj zh;;(5JiWDaUM%T6@7Rr2BFO;<%bzXZ1jiWj+3D>hSeVu)Dz)Zso@9S8d!tnpqEvDkERWY*zXp?%$!*(~II6sO zF1>XeV1y@5@>nTW5B3Es`)Ei)XS`KUKv}eFPlU% zN%5=x2*F`9Y-M#N~==9IgX5YMY(+$m%B@G)7W^I>?g#=~Am2OJ0* z_}zU?&^LpZI>1T~sPf@Snd5OZDUpP1h5nnmfUI^`cguuJ*59B|uGt+WqkdMuWSznI z0V~MZn?GHnupB;7$-Z(*MckC<)jNa#7a=I#HO}LFeQ_<~RJ8tXt(P|ChQH05WE!sS z#hq)s-TFfpOWBDBf|JJ~8u7#?Bd_=`^HDsR#IvD7c73$@51h>CGH6q2aY-2`3(8=7h*xJ9Z<6c> z?>B3g6Azlq`XW)yM0DX(I`(;?1FYh4YBfX@FAU+jTN(}Qu`1oKe+VO# zDCQ)$R0(l&Y#TfYLH$=zZ@ ztip974o})rS_i345KI(K74H(+ac8p@jGT{9J=kZPLcrfiP+95Ie;UNX7lEhLEUr{K z&{wQ%9YI8(As*$cD?L0D?90ibHIr3^SoVRFAywXP>Sp%oH6ohtKUOQa-#Uxb*jo(GI$u=bqtBC8~VYg zGc?QvvUO=A@tL9^uT1j}Z~ud6v^CHO~U8?$3&iX1usL^wpUM=$F`P=HUV;kIgZf8K1gn0ZZF;3k;H4={IndQ z+^G~P^O1pHWJF6-4|#HtKz^01C=s5ie9h&8>2gforuoh5i&j`_EERsj@v8&dyQYe- z;VqR<9LY#4P83i4RyEXyG^l4&+6QL>zHZ2zV}NL zE0x192zeXl`ijjbk0^+((Rw}`@*smZGnH6iQ*_L%=eEqEY%+G$zh=ryLqh#M0~2E% zU##T?n~b8xyT&V~y#^yjAjXG&`O@`G6{Q53}I^C5m60K+CkWQoLJX z6PW>QfcDPYFtWjylpp6zH4JA}%5F7R?OvLhX>j{GUt0CX(ZXO@Zm(O?WSL`H0kN4+ zGn~}13#i!;)fO)(n2=-+D26Bz>Lo^H1fVwycDK+<6-@pMG0Yovr~7MH&;J0TFexH} zRmA#O5G& zuX0J~e{(txw3O899Cm#m)+kF$(K7vhSJ?LTH+jm@ME3PhBt*WxX3wAc#Sg+R%1WBO zTHu%C3`*GisX^i=dOHXIDI?z6qX){ZqX_|riJZd~PURxahk3zz89a)&L_~);em-UW z>3kxCD49=C&K+1tsxR*dU&wve*ZIUc;nG>eS=_VQaZ;M%Y%^g1{D?1CtNMOtKK#;x z34^p-he-VG=DN;12h!(UDEy%#$L@(2comZaMH;scn=(*UmsIq=-1YNnu6yhZhcQW> zTtFsH+%@Mn$mvU%vK#E7a0}g8a}#Csn(@k6tnv-hr8N^YHU8>x6&RK5j&NOF^`e%o|aTcZDW;NesK!e{4 zG%$dx(iuQ+5u=pU)HyH_j=ewtyqrhC-sa3dY+=yTzCl1>WpZL?E0;pN@|Ur1kKule z1v8MFpcp2mV3Ip?||h7J{}M--0g~o5-Q-+ z0`Fg%$Rrl-baR%_UkPtm8bgV|GvkII*%cGgDEx7Zu%a^D3cX1pj-`P6woF`Nyo^rx z#wK%(8MC5=9KCs{C-D(>}3y)Eu!&8 zPUMp-$z!wKP+BKXIA`l`eQ>M;YrQQZ!4ThGtIlcX54ZE23TY$XNDzU}3*w+t;Wz}}!>Cmrw= z|E(f$MH2{;{y931(TY64Wg5zccHJPb($>5LXtHeWFCerHV8j%BZ-GV`|8t5#fWEGy z3E)zNAaT|UU5RsESwLizZ(1XYr{8NY|G(}*%?UIE+n2xICRrywv|xj7zB>87j#uj5 z~yqP<)fj*|*U3K3> zH0A8J@lDd20$KE04R5@ifh=caix}u0$^y=PAs*LJyI4RlXtDt@2^(aV1jwi|fUJjL@8H^lsG08qUV~9A z1nwksXQbAijq)=jt(yjmDmPG7f_m)vV7Cf(Y;27{D*~8%BEQE9BOu@>NGpK_%V+S_ z1CXmZj!7Jn#$@H5t9sCe77wz+SOfSDcqc+%O1Kj9Xv>S8w6cB^s3;G7mu|o<3z4s& ziVPqfhC+NIu&f4&8E9b)Z8O063m*?mS;E1e832h$AdV)Kn+GCs76??|FS{oE?TtJO zSW(;oFIC^Ym0)0QAix79j4eodfsg&aJ#X88IeOI!c#v|CEj#}=Y8|~>jN`p&R7Y~B zLp^`y4%P5cE||MF8>Nx?__-LOcpe8XVv54yJ3YShR(K>n{uAq*5i;w`oOmBEDZMcJ zYG=mm`)RQCVVb}S;c8y!N8$xd#UKM%+h_IF&1U5rd~%gOj_KbujKAv{78Ad9eLLv& zolMe;THGiV51%agIYyEW?~yt8UTfDfFR>j@h1nX@QTU6;IhtYkeA?2w`387kB>B>< zEh7!*mms)?=DEclA*ZQdm@%tRLy-uxR+iX(?-X~_bV&uHU-k~whMYX3-`cZf)ub~W zRm@bl5*Q%#*wO7LmnIhR%T1H}X!U#E8}9xmulyvCGhdq=;RLa9WX@AVWlQB94vn}1 z&0|@uJNF&;zRg4|?5fO*!djGUKT7)uz;w5c?r6WMdUaJJWGCPg7LAq9U0CNhW_AdR zWw|_h`l2*;avC`4k?x*!_F}~qqf-{Q@lFM^&`w449#}6I+VH*C$WwEH3wytNQ5-{Z z`@+WJd{G_qx8k2}_fc^ym4$1=6pg++Ekb)ipn@TH)?=Y-oKvP7h z)*UTcPYMZ5)^No`_0OEPD~@)C8Z(9ByO-gVNG zX8c8a!d5AmMnk{}&smRlTTC(prJlr?`yxrt)=nkokDk~T3yZi~5{EtJSnPdYxiKU$ zM%m3e%QTc4)ud|F&ct%c_1rB;hsA@D?DJ=|b}EmJmS$V{v(3~u^6{J*$p&55_V%L; zc6yqKunG}HcB!kPBsY9IN)2N_`zsdh_w{(El7334g(XThPDW3Euo?Ul{Vu}`8L5@2 zM&K}W72{B}PVLj~*_%Yev+l2{p_k#2tm{4wC`AnNAuGGcanBqnk==vtMPr7m z!-%lIB`VnP7-MIOhz(VEg*%zeVR12?m9RmGQBa90&+d02gEZHQCjwD-CZjd5Ik-T> z#+`QM)nf;AGHHJ8X*Erq(uG!BHu4w=qCWqWv5d0BJ1%UbvBqE10H4xG5A4_k25*Bv~ zwn|Wjvs1j2H58;UbHOkG!Vy9wL$`S~h)V{p%=ctU>{@Eex!dBN%?&{3!wiYCAX@KW zsiguOTtr}fc?9Tv;y@=4bh`{7!2@`fWZ+_A>XsU#CpCOs?Yr;zk5dbUFv0qhMQUhhaRR7`Itchd_sHyERs()-E@#y3)r?l?lb^=e`{Wv z#mh%=GM6BtCKzAb1K$}C)DCzJUr9Y>17RLXz<89$fBk>Y&kipS2u_$zk+?adLi%u8 zi4VELtFUle#Qc0PW}LAZ8X66>|Tp)Pyolyiyr$<(IIP1Gt!0lw(u=Pq)KiC4W2D%$xLjgM{CoXiZvXF{>1 zrHNEH)**>g_?0J@M=@Id#R0>N*Gf<#KjU@ooAz|2V8<%SBc#vUmyPouemFQ|ob6gn zsU<6gKbOoVy9mG&U8Z zA>eu_iMZ!$uTSq@#PNs;Xh$1J;GR3hrnbN9Mmn%OP(xVtV-(1L8{w9?ig_v zw#nnaQ73p@T|rAx%xDWLHmmog`B+|IsrWq=4LhCBY|CA|-@HsdR`@QxQclwdBRqsB zy{cH+Ep5+{y2sSlt1Qu36_WsS5D<-T)$B#nF*6=NluyHDQ>lz%UFTT!l&Eh{dW6TU z(KOj!u<^WAA0a$6cz6_(Tan&5+;kF2|4}KJrK7%VDTpLiWeXLJ3JWQ1$$RobSKt-I#9G?)nY*(;HDisU4XEd#?z4IT?zF{aug6 zqm63jgkbGOf6xJc^?ijZ1*I17_-PGH7)n*tw#aF;`$ZNkB!{OSlv$(LjQu3oTKxU& z1RK)Sm=xdVu37q`rQ5YP#q*zVsTy1);+Z%I27m=-j<OO_O$#=$^ z2?z2p{bRG)>=C+nbZh!&#IQfhW_-SxcvJ3I6Aw zpT7sLivK$&6bA5eDq^Y!ZW)X{*(v9n1S=zo6AMDlZ?hVWoW#*Y)lc>ibKTPP!kAQQ74?*7lwq1G8o z=x0lrp2(#Ekv?Tgn|Q_#XJ|m{etZ^_sp8ZzhkJX?R~lD-P)uybav4|QP8V@-Gle*J z-WYTC3D0PijYr9l0O6B8G&3@%9?27$Bs=G3KuF;ujF~HDJQPV7#DpeA+E6)~&YKX3 z$S8IQUBOc3JU%EqzKLXBAD(d-dqMP8bB#WbuklMrytcrGhGLZ;!ihq27EaP4S+4M7 zb0jE$OgFis=+Y|_#rHaII=nu8!t#q)B^{=z)Q1)QV!bwoC`GxRP$4n!6yi4#CC;gx znfg^u?MBR({W)%Bv*0q8mdrsK9UK$iwoyOe?0!^`T$wv7s&?MEH*)w^& z9mP|&F|MwH+U=OE2|p`&*22kDmFu@%JGpdvTJ+y)_@5{J%D-dYWoGo)*n`+dU)FnB zYl1|CG85RX^FrSzmmyI^t9X3fhl5{BZ@(HQOeMM&W+;Np+hbN-yAWd%a8xAS6uY}% zRBp=2#xWTzc9-#HOLJ0L?xswfXo=Wuh5paHD$T+ha^E^yO_RROZQe`L+3mJN&fiO7 z{WUC@)s>TjKNjaz&IC&Rs-!K{q9WFPrwQe~gXQ;nTYvB^z5`ZhJkuVw<(bbgANX5M ziK-OAp(9BiI&Eetfa`Y@t`anX>*_}DW-JFAn&;qeG*WvnUOH4B>>wxZ7oKfDPtSO$ z$uy0gHsyHT%bN;bq4|U5$C709sOG-lAWyl5P0Se*9#7*y;lagAL_ea{C8@(8+pP5M zrHHGJ#GAC~=u|7KMB=l<;=|U?Vx4|%4AFuI<_ZTL=lfVmXJIGoOEq4j@F=-dck1lg zHj;sbv;xOGzshOJ_*3|M`>^K9G+BeVKWOvbj9H3M{l~%B)G{A(YoB55$)hutH<>APR>KHt)qVFwiSk^%%{D1po z8@K-%O${Hhlw}B$QFZGbI!uS-RWsjc`^?-cXH57JHm_T#r$P{4{D&v@ypn2}k^e(C z;A6iWe%Qo&s-WMH`TI!oeG@{5LP*hx2l?!cOy-MD!7CJrgmaI6nzR*Z$z0wVKN%$G z!_MSlIma=Fw9Yv6UNF7M%;|w`xK(lITN+b;!oNs17=d=LwT>L+lFAjxseTim? zEL450TP1C&L}!wh=dlxBCM=g1cFol_@zj4Su%^SsUUvd&|HhJKn6e^eJ=sxgt zy_AP*(xC3eA2+3OqM6C3v>bbr2muqz;RKy8!!-!gu-y2plt?n6kL_GLmHu3RuNPvZ z`w{J4yh#BY+(jaKIL!ICgQ>ab2}$Ggdm|}4(2Eaxg!;4po1kVKa$x#+t7T)X&CVZ? zwQUC{!$%(cpx^zP^xVJu?1y=@-I^muB2k?ECWp%3DM@t-`_>P{F8AeKscsx~M5MY2 zGJP^_)kCJALO>2+SCb@4l~b*B(u{bh9j@3rd3l?B>$dR9Lst|y<`WPh8 zWa)LCuaC?2#FXiCbC0wv!oQgB+q-6ClFF;cmuyj~3We`Y3H`GAp}i)d#pTn4z5qH)d$bz$x^5 zlb;kQHvo)D2nayhn+;vNGyW~1DUjc1vm;K-V+NKt=(a3)dsTkuSY!O5Y(SA4=lbUr zM9^k%aT$!(t< z_>{El$^+)Uny34;5A<5XPT=AF#k#Zqa-;uk1fXMhK%awRPpP~!mv-8w@EdJZCH7ze58gSs$s;+By5xy z4ACBnBh@ujpK@p3`QPgI9%9U=X}NN8`|c%8uInq_$sL#l)I+9YM*|wSd97;kzU9xq z3cn><$HN~NYjC*?Y6r$&;mD9nC88N>9@Z-G=dIQ=EX9^>_7=R?Gan6ANs67@OzMoG zDOX~?pK7NO$(NAIDNI{rQWYWA;lL0^kC#fSl5NIu-ar^65WLW((AV&FCpKp-Smmxg z#|O1~`|~`55+f^D&{k0yZ75Lf-c_5td{kas%tLZFKzd8YCXmN~(|DRb_3Txuzs_dt z6|LM0!sh)1!Y?>xu|zJt#f$?FA(UcfuU?>Lj`VdgC~yrFq2LheCWo zNNOBJ6z`7+(Tl#Cn^Gs~^XA9Zg*%bS1y9caJ@LOgcedg5>c4-hv6Wd0No?-{qC9aq z%0u4aU8#Yc{mfNsiIVj3aQp8j%tKQ(VJy}r5!7UVei<+7@n&7}bt3WaF6G?FHM>pf zD7#E$jPV(^03*$RcW-&B_62-mLy=(-d6zWJb*n}uzIJqLYi;de6rred%CZB$`% zw0W5#&e3$Wd*O#~ob>MfU6a8M0g|w~cqP)HJX;x8tCs}9`l5FUjo>+PNidVgC5tQ% z@wpg{-qC(Jo4($qwW*UN0ibj|o4mzu@32sxO-@mmv;4q3tX2!Mmw++54g4J_Jhv~Z zZZ(c_-8J~C%hkg~II`UpY&LV6@@-Y}DP^ot&C;zjuU(Xe#_UIy_`RPdyE=uqcIG*`fV}RLmo88bS@Mty*`yW#7DJO=<||_QTeKa8%m%A7&Zr_GiC6-u5{l5Z;mz z;M6NUZC7cc?sura6LngBZ%*gs3q4h`Lwxr!`;CUm0(yjw2onmi)A62c zdiPyrbykk%vukh<5$}&TM;w`o9g$qhKaEn6P60aTC-%b*@JqU-vQB?R`kt}{76^GU zD%FRtct#|&;*L4`>nh%3CLHIU{P|&LvRshio%+95Bt*RYPkd3hP5GXhqf&8FI@6M@ zjg0too?t!KDk?SiH=(e9#<__hqk{f$C``W6c4YaCroguN1re{1kg%x^g(ZWQcFg_k zPE@`H{4bDIR9-?xAl+ZE>HAMq4L_XXv$eucahsz~o6ikWW$m!MJsZ*EYOEMU{5?Y7 z`~|v0UAUcT0P)k^>7A9W@rco{xkRG(?i@iKqOqf&c&Y%?hro+I2y^nPQ(NG@W(p@G zC(E3{TibNgF$o;+J&E!|6rrKMzJ8*6GLF(RFN`56Z+VuZJein{WN>bvAb8FVmzm&G zY#x7@?H5RotT~|JEO(vE;7=r{tNT!_J^E@AzoA4>Oy!H9nAkuOa&||J&NyeC1wQwg z*<;V&sACsnlL4<*!V*<#=!*_uV_7WZ?_{TA7E;BZt>7D)Y}S2ltg88RfHWCnjIGOR zoK3MaY{!pfpYrQ$za>DX$}K86?{?S1HA-lm^&KknaRcAjf%7Ed9@j+P=^)wM@JqH2_m+knY04p}P`eZJV8g(wJLE-(3#)!YkZ5)UQFgEAnY*qMp_E9% zO?m(=|MDP@E0_=WYHs!&c3Z5Eq;Eu-U{%;EBh-j<7Wju;7GMjz^=`W{@lFNucb{$M z4eXY^>y|j4uHpIc1$FriYHf*-xXv3VK~i4j^Ltk*QBayEAtoshQ*`C8-1+VO%)vQq zgN0y9&kFa)oqHH6tYR@hk%xpGaI*#Yeh#4f@V^S#&(PI8lIUqAAX4|2; zo!u$w60&~LU$N-$?YT;dsqyw+qkw6MjL~DcI5f<=sw;+Y>{{euka!zM#HQ zd25?iCUi@3pjYzv7p?mI6E^PyCsRho312s{eiz`|0J) z$HJC`cV9WU@$OAmq}YAZK*Ek`$-nK+yqoBCTW%bEnt`^;GIB<#qp}yLi4ZapWYQ^$ zf+U_AyuYc!lC{vqhpL?z6@L3|MZ&G0fm2wc%tx%AgjvHzn6qa}X9V6a^2H9e1jR3mFDNimj8dA* zeu8TV;X3)^kglED!2;%^tl2U6q={Iub1oU@FmoQPY0z&_Q1&RGYq9}FcE|7wNy_@1 zf3Z&$V4wOjy2uSI6CTFzNJdHj@^caCIGHZSc@3W~w}pd*tNcrPG3CQAz#nSs9FBL@ z?O=$rg?%|IB{t1;>gB@!^FTdp{jXJAWTKtAZGsnL>*iK}$A!F9c^daVGP{+-X7Crp%|-2bL( zo&LD^2ir5 z#k*W?E#x1W`=!_`_doB14cUCf*1kW!jMQ^T9Zl&iSPtVqyq43(owhN=(~4bwJ0EGc zaNl(tWrZ4l&j54z<9fra(A9${lw}t^HKHM&-AR|``p&9>_jDzCJ{6u@eKpU&H%d!( zd8NU#+;ECL`~kA94?e!soSL{XZ3z$~YBMN*aEj(a!a}-g>=F-h4T;mL{(>YDI(B|L z)=(F<7M>YlVjafY#PlEzB|ETH)wc6)J|&#f0B2}zh-@!EplFuHu4@)JVKVw;o>|f| zxHakhH}V0`;jNz;ozPN~X@O)>Er!aK><0P7Cr9BNTSR{ahomCh6ac^cBW$#dTZ=r8 zFjTLHABt4|zH?e}Nw>}Cadv;RXDO#zH@z!q_xGB;3jYgc9Dd3BGgMKim;F-ZC2PZR zvzs<|$YrJ+NuIO+(ldY8o8Yd=j>>Ne6bW$f9metAA$)aRR|%$ywxK#_8u*e%8VvFm zNQtNcAx)e{k9%tQy}G*UlwjvRaZ!I|h51%PFKYbBP`aOi#(9 zzm=ii&+(WXAIu=SOZ|t+Iav=Rj}vLw|M!#xq0dkM3w@Hr{=R!dB&nBRWhGecr0(%G zdt%a9VNyxKctUqm2}%T)k`Qqc6)rWK@Z6%i@JoT~7QSvSg9J0bI{uXOBlW`BK}A`r z{3C*rQazaHudfPMx#qdfGl|r;h0&;!HisJ1*1#23D)Aa}PQs!($0l}Xwg|RS$%&{z z!4hd~baj`eg#d^(4SXS^A>TtXEo9XWo}>^~O(}F7_QM89$>%z{Gsa@#MTYh2bxtUz zKD2_Ew?LavZ@yiSVfwFL!!qm^zrFfq5}}o$L3owRU^AKIa%!Y-pNcV0J=uFdd+oi}@^*gQ zct0GE^xMBmlEq?`xW@m{5E8`^S^QdfUGzp#39<>4BQ5_|KFu%(J$v&nYk zf6^!T>ahLx6*=@~%h;#F^)mGHpJxj-5c4_d+S*{l?5F9tM-;rpW;r213M0}Y zdk*sB2*5&NP)#kZ$jNYUbdq1QN2;KuIzLC#03iRV5%sEHBG&<7bw}i_zKq=?n+nj# z%D8On^%9bM8Et}4-ew#3a34Q>Tz5@TzPwfqMPUp zPV&)E7S9NmvwVx%EM(b&C0k ziSGG&1xffrzq5flM$2Nt)X?X)9@sktaS;C)Y#Q4i7sZT=#M|u5^*2_>^XP zH!nET;B+;crO*+ZNvaIQpdq_%bMRm;fYF#FfuC48z4pc=#}51CGY{yXCRHAv0bzTw z)^;;g|Md<8|8`V(Zf2Ij;%v4{eCPkPe9r;@29HUo7^QAETABS^qv~+$RxC=8u^YPw zpE0=uJ(>jWn%#Ke-h&z}!Pep&8juf+L&i1o9hAh^L(XbJm1nB5IsPJmm?R%WdHZ7A0Jp{v+!|3@5z(RUT0WpQ=)+jprMRh7n>z zL7v}p;3s|4{m2UhOW%31_xJSkj^1Pl-4m{rS0g}uYxJpZ*%i&iuc}i_dV?Ue$x%pi za|tIOVHv8@DzL2kSfidiVjeCRMq2yP6x7{-5qKb{ zLS1R5oBlsnYyV^c^}AHUVr{TtQHgL361bKNT;K=J8-^Q3;=xz3|2mPu^@UPSxtTUX z4YzLDKR^V3^@8Ge*U%ixWrv!dH@}ZFtyHOgytCc^{%c1m_p!FI=B@(G|6C18NETa% zYttioSK@axPW*+||4u*fIRE9-T>%F_x%D6n_^*<`nleG85)_Hsck=bmS;y~wBU(1$ z^xERf_jH{Uww}WPBDBTI0G-vgm*&YGH_4i#^^3kn zSYLVeZ#uQdee@&`QEG(357@8m>2SV{e!}gK9wnx_ykz+dGhqtPXWmakkpBKY70CeCc^YEr5H7%_W&VE6> z+w=4RrCDKBOHQ-5?)naLw8-8GUz|fF;L@A0YshbWTds`mkfg^XNW{b`MYh!z5>FL- z<^JK^M$Q8pX$U*8!3So+=Ss7iV(5leP3y?|cXOD@hv5=pF z?fzeK!5y*FFp9lR{)>cmZ&$uvmPnv}NRPmYSL(?+W}5a6o-OkkX3^{u4l!?%^s zTbJt`Ofw*?su<*QX!yOgT|||xe#Z7o`eXn|($$h10*$+4Q+AC+^n_D42*_$xs80{g z*f`!)I82F0!j%(yY*W;$?3xeC7pc6uRx+ z1Wwnj`ero(an+{3f=PnhBL*Vx1hbN%nlE*f!~P8Nj`}W zD*Kw}FXce;x6^Duk8woJoc0DB=8m?Q&MS9T?V$5nJ`=pNPfu8v+7~JT0TyH1 zDxRwUP9Bf$!(hyCBE!|<7J7BU33UyK1h)`SEHLTd@S3dXntJ1QJ>^r9l`g28OA1}> zOdc9M%0RZEH)@3Dh07df;~haY;QxLQargFGoA-5F&Ba&+e@*=$G#!9%VPO}mw98O@ zOKudgyzoPhakC@_3u~(wEDImbZ~H|RmpTvn=m5mF9&c;L`-`kboR?Ej3hcVE19?E$ zY6Ywr=j*HGS@)`Sa@m1P7ILv)C4Xijj&-b38!6%R`Pc|m>wN=IvgcUY=bB1lcR4*K zc^CAu<1!y{&;fyRnKnPf&ftdida2AQ*mZ*1da;4@;~dsMBlpjz>ge@lCV%&6G;`S( z;!Er1yiR{kUq$$6$V6+YuC!pXbVa5- z*p_4-)qG7Jnl;y~_<7p7BV6DaF~9Y!6`;)!nsTGZpjJV=Ssw+;GljZzd>3?+t4K-L$JJEG9D#6th=6!iHMmi%AY9eptIqvs=`fx9_e;vuD zq6w~fNf5Qwa!fw7aRk4k$dtxI$);8EERifh5}%90UA}NXx^im#cpE%eftiFGo$VyQ zn|VT>=2)V(`(s4Z(ik@XwVVgRN;e5NnIGMZSQg05`H?39WQ>ka@?!S_p(z_Vgy|JA zn1BZXkytvT0wB8`e|fm{D`>dI&NWEV;?3)i`NkiVnH%9uj6v?sSEC;7@Z>Vov~7j) zD8ZI81;-+zqKAf5;ros@BQDV%lPkr;s$bShw@IWsW#MbA{3~cEY(C75?OHE5;9@pH zw5=-q)lnOOTxJqd6Hoa;B$aoH3(9@bm)Sb6Xl)ZxJp#z!l?Kl2js@wpjAZKR8&C&9 z88DVQdj|nKFoW#(q$f3x7E`@x8&&dFXMR}o&Gs`|4?Ayal)(d&8?D=+q^e!_ea#oP zqYs~--!NqP)74o)#~w|W#?3Ax^%UOq%DrgLol9v?&^s;HUsg7k?utQF3DJl981BH= zg!FX!A5Y=nH$OW4vAsg=FOD;in@9S1n!t|zB~~>~7 zQuZ(JeR0HD;NyLJ)e0X~cEC!lcn-YeAbr)3+8WB75q)KkJ~W9OFS7qjqzm6U{!ODi zM87iPjX&#dB^|0`j7)mmH!Q24seBD?Eu1egxD`gDcdUo)7QRM|_CKu9$FU4Pg31U2 z%kB^hVH0K6Hty2Up`Iq(MS9p9v0Pm<&>#p?*=6i<|cC0y;D_CVNTT78Ut; zQneB?PW_3G=hj}-+^s-_E&zk}n0{Q#^=PyZ+M15rK!xbmxgK~WIf%icHw~3A0v}b< z1rf_?>NwVySD3H_F5UD?ec{FXTe7qYA&65z-YFNk_x%PL2|~s~9uU$tDo7fyG7`OT-z(i;NklFX!4IN+ zX!-D|EHK1lZCjU;J}Z(w>tp(%p3n-Zq~$nTS=c^F1fo6#`e-mlyl??sVmisbnEWm7 z$ifeOKU!VVI@G%ee7f07>OdZxYj=~nbw=&-xHROENiUTK2sOHr;Nk6e zcRVyM#(cz{1yI^Xv{emFTlCiEk7XV~;_KiwNoaEar(?$MK@6O@FR=VOdOP=Q#MWc} zjq$mF{MWWK2(K^1nj3Q+2Uy8!<9i~N!UHOElBmr4k4Uya?0dz=TU zinl&(9U#=MVGOoxpUR|QK(4gKN$tolNQJrM?KRqT?)>52b3S6>Kws@dIxg}E1Ew}r zqP^@{^VEBC75x;bL_5sW=ID*?H~8*6oG+sYmjM#^l6ygYtp?93M3u%syjI~EIq11I z(x(@%fq}%=amQZ5GR5Ta?i;bSI3V*dZ_rJ^_G0@-9u7wy>KDN1*VILWIDO^9*Pk)` z?+sTQW{9J|No_UD;vBd^y_ z)Zq?OCDlEkL69n#IS8`-`(Yv_d@^@pwI&;Md}y0htz;(KY}U{-*W;F*6Gfv;V8wjpRP> zvfy?_xMGMs6jX!^ymm_3+VXZf)%RDfgEOt`afzUT9`VV*D%RWHPIXA5V8V{>00Ik; zO`acVZlyi_L^|KF;_Tb3gt-jiDo9$XHaFXB5$q=oxf8$1x;%{L@Ge1p- zq8g^JMq7~=Z$KKJn`R4A6XR;zOQbg=J8eyQ5jQL0W7JO|dO|aCgUH;Bss=?ng?g9c zNWHFJ3A~UUG*D#7x?t<&eiMi9S$ z5<-sm&@LrU&o(d8s)au&PDGxZ-}snrx83G><-3xM2p@@oX+hrQEy5k6JLtMmvS*@{x} zv4jKLH7bEp|3Li|@ZmnZ+6`wafn@{|gQ-9}@~ERXjpA=gGHFzUKJraVun3wqjaXJ! zyu?}B*bK9H4Hlf*fWV33B>WG4dtRq8!jcC5YgA~ma2W^!4FmDbgL0I!TObseG;COo zuXLq#7a;28%|uGwoZTFbdZvoTYVqC3EvKvNPaPN*>HUYi*3Av%SpVeNgMxK^&b^$yPwkg{U{Tz{g%|ZOlisrGn!oSU0|7m6VM}+(#_Cxqlp6fUCosa!Z}L`ahIcW7F42+N7?Jq^e6e z59Wce>THMkJI7vosHDh$Q(*{9?BD9ha%4I06wVhxk+gbO4I zbsqOjbWyaQ1O_oI*t&>=WGn0hzA@ugQel3$U5Q4~)XTUjD_0mAq8quQ@hA71&n}JJ zmv-2EjYKNK+82zU&k~(heVF1@hr65JT95K%Zt!sy3OfEr{f=x@7VP0}^z_`u=kz87Ll_={Psruuxu z>Qi^aEbA=6>s_NRtcCl-R)7584)*n+oC}CZ;yy(57?kh-im7w$i)~yvXD4?SS234= zcq(=6*`#Js7U1Q_O)A%C2|J#FxcOSl6kjAzA#4EgSGW zQP}F{PGQ$G;pgi<@4_i$$FFky z(xj!?LSr1I)c!n@wpd$-*&ADv8kJ`GnXX`ivl>1bCDjL3|7u5}yIYCpLAPOix%IwG zZp7hQp@FXvu4oqvg+keVPYa#ezbJ8crUyXuU1VuOe@rUs4L$6 z<8~T4sR#=JHR&!7!msRHjCh=jaVm8;=~S%>t$TlN9ED)g>IKD^{tHPvs`c(VW}Tv7 zg@xar=;+hBz!ki99T~uPknvLo0Au|gwMSW23M1_3UliES&45t>*mxu6#Ojh;ulxewkn?qJY(tG49)C&AH z`CjB2EqUVwj4~EKnZ0&5w_cfWcIeVx+r2xm0lKRXm*$G&y}2{4V~_GcUXU7r1BpFp*49BF?J2qFc=cmB zQ=rn$tHkpf9uO4V)mX)h9w%(h4W)QL*w-iF)t9WP{(s<;4}bGu7h3g~SI&joqpo;p z^ZO06(A;tzs&*3Nu)%Sz6iL9EF#D?h*_;ccOJkX&RdqN-5%On(kt^H)kSF@#g(L@dcE8`R*bBWa^dub(nnJvktU zAr-ZJl^zgFdk8JdMMtRs@~R?gb4E+zgw+Mla43Czn2XV28m$5{rcfYMRl*HhFm0#tM zm*k&S3k6?C^1SUe`6~NR1@dQ1wu3X(6J6gVj1ySrhT)VmZ`LR4>Vs>wI1zOj5WHvP zJ<;`j^G#$Gm-gSU2K;0x-KoUKJPpAlcXUn3hU`}-b%KQYDlvW}|96jv*C303YEY8} zs!48q8H)V$H1OK`U8K`V>32syJbLmiNkZUpJKoFJ(;Wo6G82ela(L(Tk$!u3h4a?; z8{I{FME60Z*J@dZ)&tUgeZ#Q=#xabx9&BB5PC$Gb+2>&Jk1&2*rxf1%<{SC1vnHGF3T&sS9 z0L;BuuV`wnj*y2GrkjaRIHQOrZ4+}6}%Y0r*#clM3rimIG!q3XE8{ste zG!z{s4!bI;&@k7#0?=&$r7xb!PNP;>d5b6s$h2WnEE(ZCY!GG4z3 z%&3dT^%^?A9}OFBP(Zfs zD1}+h^pAzsW)Vq3v+I+#sN@T@>0jKMD37$+f?LjQEt2^R(p}#uF3-J^d~EKFt5K9GM7avF9T&0i}p6q*UN&5SAzG^W7m_|LJeZ zxmS)aJ;dT)sxP5juW91>1&+QDCN>U5?)T7HT(u>7G_9CMVdu`m2ybOe_l1=Yh8Z%V zgyXe0{4lxHJ|j&mJ-h-IFU4?xpH(#URaE@7g5iXio>S@d)faHH$457am%Y!LvYXk$ zirm5r)fFw14s`ks$Wz7uhHoHbqe0ZNUCUQ+(ZOQRiNRkHY&5m4yUQQe_bXen*5KNA zUi|*Lj=E~+;om{b$ujclAGk|+Qi-+Tx2u_gIc#+~9IS@VK-bdZpl22q*&oFDwn|IV zMac+om=KXhupE&6$T3KA6B4a}X^h%cIPWbPzaxz1hNHgrj3=>sQb*3P&V&%r^)%P_ zJvE-g`YGJk+sOUb<0>D*<>Ln``_v@4muMlJL{@tgny?lBh)_*QZKZ5eV*J8_mMsFS zcpb?MwxomYj7n%h7cQ73$xrh-kfQSHc$w0A5NUw-YiW=q-1cg1Z{ux1K!Bnm=VRAj zlKNc9_`c*g2XC2ThhM*5tt4>|GzjQ;{C5|mpa6h^f-?E|+TFuf0xdvg(~K`BV*}vN zjq!Ubh`0J(uYaB)n(NetHox0-`w~xxA@ZcU^YsTH{%ZzK*>}y9q3Qj^mnenr!wn)n zMgzG}?Es=_(i;aU`etmMrqx=Y9G}6h>~V6ghSjrJFuN5nkTmu;7Con6AU=nfIzy1p z^QljXkIxM-kkd`A(rM}nZpD%+pB$IuiR()6|Qg%>5$%)w2cE#yi^Lds|-hjo=k5B~N6#TTPCh!nEOIwZ>6T^ng9S#62 z7gYygBN-E+r5Ctz(%z0Z#V=QUw2aT=iD;oMYjyIB2z!EZ{$8L1uzY9 zmmvbfC?h7f%2p(@M{BFX^EfOx+wOJHID@a<6yH@f=Q~VGQ{*xOPpjKmD5 zg7pI#7~Geyn<#b&3#yl!iPc!yNERZ~Y9I+GFi%eRvFm>!ojE}PD2JmY>)+3fdu1Iu@VOHMSe34mAUYaoDx3Z ze~rvqI~wi3oy=EC1;h*(E2W3B=5;^uJPBJ1 zs9QLv`dcV^U58G&CI->ERD2g_MC8LezB+YtJ1*TIe&1%qH!)6)Ka5aBwhJIYTH>uzR5*>9qQ# z0n=xcn$rqQ9PfsTKUF@=)o;Z&bF~B|k7w+OV9|3RfybMnjN|E=*nWCGLgxRx<&VMr!km}~Q?11Co`rEF9vMc>ynGVtn z;Kb5gq`;S+c|W7H1OpIO`PtMvN`G1bb2oD4QN~EaK;=9GP&}r8#>1oImghh~oT03J zNwIz-G2v^u>l#;fpZetZ(NE(PXJYe7boXir#iB6Fz)6ULV zXg}rS%sbxNt<9II*X>&@r9LzETdnd@_g5z$9yfK9KUBH$P#vvt9Tm1hay^)#8_6!? z-J9PO-`%p;LA)w_R#ftA9&RC-)kiFH{F06Q*2;f|yHKO+=Qr;G1tskNC-_kRnV?uV z23H<43m_B6^Zypa$aQLb=g8pK|4v|Yf6*b5gM%(yRVZv9>mIR`rnkJyItm(x&)Ri^2($Uc(c#!|D8g-FZ6Q%X01 zhNenoW)i6nmior`@xeH4a!Pw~odR`VGdp!Y)C;2U7(W8#IJ=%7tymVC=z3dJ+Hs z6=S}^4W}Caxo?2nq+dnTkP)lZ@7BZWs$aI~gXkoLjTOO!mODsaWv$5siqC{mb4`-Y z5R?mL#HVXzz-qrOA{n?Cb&(EbYltxOtQr8u*F+4SM0e(_1!?ikF$U3v2xcaNY8q4@ zT3bKCuV|^R)o?Ye+!*3oU^Fh5pKJ=-)Lp7ARJE@T;`S3vm9ip*_Oi5YkjdMQDGWKz zehpYFoy@nwBpsz@u0p6si0(W}nLpTWpkt*kYfth{H{W>4y& zG`YhDA5A^M?nd=DT40a?Bie5iUx}9(UNG^dsmj@(2Hjt@xU$}+-T-7IU6uvmp`@Ti z7mJ*FoRerPn(xB|*0cV>p)Kccm`nT_NW#=h86D^PUNKuKL4Ca>=3X8CBl_I!p@x#* zQQH#!?Ckt)0RWu`9ItA)09kz;)$imh>A)+kjKp$G#^risFhggWQ%s7%dpQaulgs+F z-OU>K(g@#OJY1Hg3`EKF>xQC2<=DPX6O31UJ|qGEY2+^~lVLW! zH&yFR{1*0sM^;FO(5BqycY1V>Zfmb&rP3QW3x57#Z7pwNnc=y*FkW)l zlP#=g@<{IWCj8>A_~!9uEWG9g3ILm(9%a za*x)+1jI#C4!s_1V{nYMu&AgAbDeM_x=>{&{HnPTV`l~{eJR~V0+UOud8O1Q>G*Eo zQ6x>ZeEipDFffG;p)D6uiiUFpAT;?r_`?(PArdZ6v08|_NO4PlRDR=ccTd92sPui@ zKa#QA9Zr3M5A0RGs=N$K88HE!>Oa}f6v4lA@&S|FJyl>5m{}rnTv@VC=m`EA-}F3P zg2(j?U)t`y&f8lp#l#(UXX>ev7<)K5`UOGeV!Q43%B!F4n7HKEGiT&(apP_3LH}3b z>F*p0?ZtnWiX6$+J{Joo%m%^1WQbcsa@Q%f;^vTpQ9*R-rJeP~-9?X_^($G(v+NJv zy(CL&u)yYJlH_31A6-vaW2o=auQEZ+4Jym)8T!eL@;$~h z+3#|2qCrxSpVmp0y}h}+v-{ej)7!oF#ws-o?D`;jwLUdp?ys%KaC}o&YJqIBD>0?x z!MqVRi~ce{xO&>QL&_(j1zB3<@fU)CeV5wy6vbr!W=(o>Wv|kQZ)26nCD(NEJQlf) z8<~H2=;Gg2;>nfxgJ6n`5#CGn9jyYEP<*2X-z9ed@-(32Sv6%T3bV$`dt~k}EBr*SYn?PP&_WEa^jq9qQ_P8LSl8pv&{|=i# z4tL@Bgxuleh1;s6EE93bIYKyik4*wyH7MUxdCICu7I#r{O(X%7(tCJkwCXgx$$8T9 zWk)s2Rt^1jT?}FhHJVrMR(`}syz2M20AtGuJrXK8N(l7bbg_hKyLQI`MPvdKRfSw- z<@qLNK@y;I89v|3-tYK9{9)2qC{nUp8{XEr`lU(;Dtl&=UITDF2f;+G;y2KUxdA+1 z9F?L7!nYpSMwS^&V$6G+jwCGEP6<4}GHoYKN#vlQIb{)zeyN0uBE4wFPPIy~Vx@S| zL4E2=nEEnPB8ACkeA^Wj=06lK-e+J! zB*6kaTv_aUPh~Fge);gtkBz+73tz*N78mlS`Pyc;9m^p4tc7JN-;8xtlMUPh0wQ{H z8MRqefXV9IGSZ9=Od|YGd8IyTObu0@S_@xQ&&MPZU8rX&P^%@1^zCbyJ{ZkGXG13% zg0F7(k4Y+#e&1Zt%--NhsQp)k{)rZ}f1+jBx5x;IXBt^#%homESj^INjq)?y{O*aW z71A6ou8+$bEGgvab>qS58=do%0yJsgf>dd~yuuIE?@Iip2ME;MdMT8^1Wex(cwWyV zo;6&$VI<>2?|Qu~x~`q#@g!+{6hE>i5vT&g0AYpWLm0s=Pb`GrXtPzQY+p8Qq$0D6 zXr~}v9(R>F#iTkP-;Jpd=)>tn^s=1A9vHmITOS}TLoyl;np|e4;6Lj?fd4D_!_o&R z+aI>xf3yNzBd%|LRt-P(hIO0dood2nvI^aAshvMKoT**peHOsIo|u4~*vAz=GWnq0 zC|7Ck(K{ZW#+Q;V?viCFqwR?>k+VcUtPv^@0<3Sr%4=U0fjV@vCOe#KNr`I5)w2G< zyDiveu{Y;!2lksLU=J*W!BVf?nqi4ovRAJ3bZs75x!Ue9y))GHaZZU^m-wlQHb^5} z9{7!T;mhICw>S??S4Ioj_STnbS+~$!IOXZZkEaRG&o%l6`O4>V*$oLdp6hymOq&!bPv%(YlB0O7xuTWQlM3+WFrW0CtcYuPNERqpH#goD%dmP~ zS3R25vZKwV7^&CT=9kCuPgH<9+H!o{(=~+%#nATh4u8bznbA3y2bEFi^e7-{pC)8w zjoX=yoFTt0%`h=`wvqqsSZWByKCs*Av5Mq!YMD$K$CjTXbKhX~ALP zTeLs>6_nFak@9Y@WEVhn zRs#Zi6l{eI$21{^a;KR1qIrU$JK99=s*8FS0((T1RrCoS0w8s))uV4hVp!1awu1EI zOF9EbOLF@-GXkS6j!FMFgAx| zYf;Qg_{ z_^y3D=LQ;_N~!77k`@#P*UXA-Z1O?~RrcKn<;{@rOMRp_ONSwzn|c*ZAA{L{lD~t*+NAEVOU>o)abwVZ36uP~7xTX3Fw_Wv2%WEMb$2&4M<^x20t>PPwW> z4f-T#7m0~45k8pcTfXTY-3cx2zay3a@LK=L*X=zn4<6QfC1hm z)0!|ti1C3$mYCb8NN5?ElNY5T-{?CT18B389jH#Y5(W!N(EZWQg{6gA{AIr%Jimu^ zZgP$$oUQFsw)xozu^q9SViaP_Mit1Xt0&MJ4OoR@Fl1uW(y8;#E0TR1L=BaCi=9bj zz)&j>#-}Ufq_=0Pu7|YqPc2_x9l;W3TJ;R2wDdn;`@@cScOKxjU0KI|s~=@Qi)!gh zXjRwQ7I>C;5eBD_bD<`>EavRcNT(FCT3T8hnIr}rQ-5f8T4;>CiIX^yRuoV&Dj3HK zy4dR<5r;hfVudClg|ti;-}9PbY8Z#GbMw(rQHa&XFjo|vv;H8%PY7X5uR%X@Bu%pU z!HoLR_ApLKC7k_4u{c@%>+39aX1>pw3R}3o+!~X;0;W!a;Lj;-6le(PG{QUapPR1^ zsp4iS+8mSHDrms53j~@^h=Yan{7K zy780H$ucRx{%9Ja{zpFj6N@OQKwT19(pNU~Q=JXF^dbGP&2k%QD-XN45TwZ;c-Ejf zM6#%}P=ubti4E(38LM}SXyf|iR}_}9!6{j;avn5Up>L6+{ES=XulM|R<8ez>N%bLHfviqr;vuz4WzZK~Wn-pIlH+BYlPItdZ|Y6No-~W#mtbQ%gN1k2n z_7jGR*b&dkw{2=oe$3}F5`N4l1PG5=We(}StQA1ZhranP#Xb$&AD_xsjC$Kn_}~*x zT#CdI=A==&5nWK-$gbya+(aQR6D+xe>anZQU8VwTLq&euRXEXum5{q>{7|RT%5L8% zXb#D7vdxCPmerJWQcB^95`~a+rz>OcVA9`;iuW@?;vo;=@zrc8T7WH;3h^6D{ScI` z9ChYMzPriHLQF(b*1FaA5QBjypQ33yJQOX}Q+C9AyA^BP!#pw{$ecIA2M@)wupbin z^Qd1Z#1j$yRu=X}rK)khT}A2KdP?v&|MRb(HTmVG#nZKjNN0HRQ@F-&&I(h3CVy)#_Xb(e6_fA(Ax@V^EQmIsZ%T$A>&iZ&D*$Iv}Dh=M2tJ zivrpPSl>{1x3R_QlVr66e_1K}P|d1(dcpRE;srNNP-G2>4i3HL_u2u2FV99c&Rmb_ zFMi9t`zds=LUdK1RfC<>uyhtqNj*Q2eQ2-v;^vrHtr?Z06IyT)(KsdM$iWz1&1MX~icZ z5SjeBd6hh|zrL}t@o)z^Cq(I8XEbnpTyqG64Lb=D5hTw$eHy@Bd@Q?&f0D>nbJFBh zRcOl7SyOz*UN#-aPa>`< znadj|)>kcpIrL`|YmMoIdc;)%yi81;-v?j+bIK7gA<(N( zSQ9|mF;w%ZrsFA(%t~>Z8>)DMOU*gOD>`jtD<-P#D+)NgQ^uZO2}NKrCkORpIR_@% zVPu}ltzMV48*Q5zcuyhXv;67)i70gVjSNF#CaCw&%gNkter~s`@#i)HirkC07Wa>y zdc|}U#Z^hwubzz~J|e_3VgkpRrzhHsvsod>{Ib@0Pgtg_hrGkcGiuMNFWCfuG`*^y zj`<{zg=nkfBG_>;E#r_UB}BPukuwo)g`}fHT#O&F@r>lJ=Yj%!0;o@95Lb6a8kX)3 zB_{n6IriXyipnEZ}8bg`s)-MdB)I6_>LJa^Vjp*V5%uTDg&YvC1E;>wRAG>oqcxqn`02*%~xt+UeC5RA0jE>`r5ugqea$ys<1=^cRD>v zb*VKgxJ`7Be0`S!lTIyJ7fb#?P8T`ASGEcrBxkI4xK<=1#L={ONmcK8=6($!~V5~~mz21!wTFGS+E_OI(^SYXuoHgRm>JGLlIe^&n6eUC1xxtX`U=VFOZ zFV?(KSLjF26y^o1oToKaQP#dM_o4e2h-FMhLGbKMMSer$Om6i;Cgg84{LcZ|wp14Z z*^39YO*Lt$Z@A`74crAgnR1e#*E~v8;#1gjd-R>-qXQrTyF0{S>g{Y9;#**_{ zN-s$s3&{%wT!gKw_-Y-&nbmzVWU7rYcF)QR0um42HF^1(i}XlDRvog?u$mWvmp|b5TAWaU*}q$VQ(DBL|);~QKfmWf`M(Z_%D#8RBBSmeahsF^{T|?Yb($J zC;pEy)&X3fR2}lppWFc+v*TA~Gaa|ue)+SSijLEUf2;p5FUqb(v{h$>q}kc}wR&8i zRYzNU{Wiq1Dn3R`GVh3=#nYDJb63ko+msuWiPGT|mXtc5z8%;W_YnL}tWXk|u<^v^ zOGTsc4ysUf*nW)+_C{NXL$C5eAJenhUG;gGC1(fQy%9`ux)!|YMfs2v1*^*J1mKd6Lvcijo-}=KFg_`JTEd3d zm=}Udh4r-)mti-~P0MkR=$J$#H_heyrt8Y$DZ30dD!xfP9r!F21)snuSpn1MgH?xz+I93qh3y7 z$5oBQ*BH|Kf+2ZuxDd@o$z9~&e13JWbr)fyk%T#YV??*m#}BW<=rZKlEL0%xLp)97 zyL^1IaY8oyw6r5MQ~Oks&hd#(>u!WaugP_(*VcoqwMBFce|AoGe#PE z8w*sh0{#h+#@UnQhJWh?2b&fJ1t_iu_nuprXKHM7FY)Opcri{j7=ib$zyOym4ob(E zNli`2_nyYJ!j^BkBT#9YM2L4?Av)58!>qpF=uaXG?%w5N1#Y?yii|~YWpV9CMPYynq&D`b$Y9n4bu#8CxU0AhKeswRz8rAdDGhZni*;qp$@e2+{6n}dSQtF+p z!iW)8!{Sa^VZN1z&xll=K^@DOiLfhiQhBvt#_DlcNQZ?fpF3<0K%kb??yL0@ej8c98p}cG zG8$5r6{mu#N_Pw!Da1M@Q2O!JF7!nHOC;YJI#pR=*1$b)3agoyyvbK${4`U9- zM);iT@)IJn2Ac+%jlU>) zUsS1oxWpdx(wC*gw6cgd)ai7o-5ODy@b>4=5y^R5Sp-4n{0YCJmlGse3Xwkyto9p& zw*`ip#&5F9_y!QqXVd5Rxvj1{D~7uyBdd=Gt}<*&YBNqJpiZ^RoKcr+$5 zzj6E(;&GU}__sm)o17y1yi5UGn0Y;o)@pJX1YVs&L;Kd!pGFHA4|3;2k+BR4e#zOm zn)cHMGmx`0^qr35`l>H=93Xr-coU1LeJCjiQPIiw`%yu^?Vq~0H>v(D?$oZU{>kVX zK@REL{L4cMyOR()vp#N)voYZ*E)6USB8||VU2hK?DJ1{jZ=?@Ia!O;ic@SY$0in(& zQX$cc3tn=cG(sI&0U>r@v}qUiLkPvc{U}0&F!*DdCbKXM1JEho8;AsjpbG|-9uX}k zI(7Z73IxVD!)*Imipqv+s`*e;2CYOs`Ev5ziKR={*d!{+kc>A+L4xtADY5qbB;`s* zw{y0 zSI`jOnWxP+NddaNgKXt5s8tgUMF)xyCen}R(kjC~iMR^pHq?aFV?marR5BC{G-W|{ zI1T_8KNwl zfQ9m6kD_136dC`uB6;edW)x|YgG1ma&o;6&HRhBmo6~7MGkMq+3PllTJGzG@!w>9% zbKC-K4;%8l-Fq6l?x6LBfGgbB$`b_9-F`nIEJq&+t$*66qLRDtiya=U8DM16CH+69 z-ZPNR|BD+=>^*Al)uDE+)}~?Wu70*D=A%#@@vp#$BMde?ypm=G5 zyTV$h%AowDISX@C;li_rIN3?JouQJj7QOQ}u5Cz{`*jav{V-vN$ z@6)YO(tz{UE_GXes6y^GlU)okM3Aw7ItjJv%;D5_Klw=HKu0|vd+E1!mfM1JLj~{B zt?-;V&sYZVLmX_t!p3h;0sjSdd{m{@hy-k;4z#!zxP;TPhhd^XJ4wi}_q=Ik%{a?s zrT<&2MfUzuS6)AnOJ>jHT72MQsiba*iCnyFo^Ae!sY5xm$t)tX=22!;7FPKBGqFSa zvq!v!u6ZqlG|s(mq138s(4@w%U2Ma1Zkc>aWSe=qL>AwhsJ{4>H`~6MDs{|Vm6NXk zZI$m=Ud^&)PH!ZCZKG_%nCiSbS;qRVJtwz&Q|d2m2930c$e$M8?cuSQHd`sA0-$U4 zPs&vOB-ZMl%u~rri+f6HsgJoAQX*D!nm?Q>{8Uv&x?it844GW+>*K+`EDipFbtDmh z`eo(B!R>9CCMCig{~ohD(OgQI;8G zK{IH$?-pL9)IOX%&)d5rpJiholNWy6g*eKcrrHQ~3}tK=B5ln{N^P~4%I<|1SR*f` zdMY+fz|@Uw?4mfqej@F|5wNvI%m&K|eR|iFnXi1A%B5u88H&P2Gac-IH3QDLIQp$! z8ZdcvFCpNI`fj?L=!~F@LY{55%T?Qt48I`72Gqf_#%UU%+4H%;V4n2;%G9!Tmb%5Q z-ll9*lWt>9g5#%eA|J*D(Nl&G@81O3xxD$*apE&6DeL(Oq){+&Y~x9x1IHy6wHu1P zr^~ZrT^-f@;lAd|{-Bub_b%69jI@jECjONKm3c2rVC_L_i-c?jCW zG~oP1RI``^GCFeoE)de+JEu+Wq>sc}+g2J^na5&~-dc+`FT*=lOkwwwrJRY`a}g z7Wig^FnKi@7QV1OEUqI`1x*OM#{6&;@Z4lL{))bw04+4qOm5VnI`t3uB2&BO?k(pK zK^#-r4Z{1#hYwB~YCA{D$Xr9=`pY%+UR>?eMnQXFPKPpiRd(KyTPWF&(MCneruvKh z2hE+&7ZFIv^o8>b#jD!SRsRYB>0|e+B-cNbpn7k!HU;Jt7ZF!c#k?x@gs7p)b10+y zAPqYu{K&z$oCWJCQXgwBBXGHK2{pse%!k?0@5`t*p5&tQ z?BZJzfr|D(AmqoEzmj$$#{S-O4d-bFUTcH!r36{#Ec`QqU&rJ9TW1<{mnq`b$N#cG z`HSuj)*_opZ)G=(8Tr>4R_`afcnR6jXAJ%@1AL^SA8NPRj(kOnlz7QRNUijcbil4^HR?YesP-!Cc*oQ%7%T$Y6c#1lZYghs~xlpEE#P!$n&^yTzY)mC!wp7HaL{X;AZvBkkQPV zm!COI&_y74dHTvydO0v2gW&N#sft}Zn~Rl_g+SRx2p@vZdwX_kcCXtN5Kn4$-<_KR zyS9)sW?CPZ@KT6T)F#v=>VdMA($N5k9fZVKn^7JmQ1jX%d80s5fT-we+0m5v z2m#?ezXxVM&$q5{zC3K=KKuo7*Hb@>0;uYq2K* z94(vgQM6&@&~?{U9;LL`_g+vIV%rUfH4V{8ucfIg0u{e08@9N{TqW|Anq5lt2Gd;oW5{^e- z3_~P|DkV3}MCmiLKa7*^+VW3MJmUmB>ov7DSn1?->SL)}Ns6i+7ZA78bZ3`8sURom z$Xlu8$MtQpoyd z2va{|9d9}ADhg^C4ba>8(5`>dI_4r%l0g-86einb8PYM-3~j`hYT}k{0p(;y>&$k`P^4IMYK-1k%EU{$f$ zay}CneQ?fzRdrS-1?=jRe2nd(Gi-EJA)i&H+${hjhQI7#-y5IbRGZO|u99cA`5uEt zLEtQFv3j3j;=^AzZZ;VNQB$7R+EVLu-wa)l`s$b+GGJU)A7#$x)Z|*FH0`&T0~l~u zv`xvHzPe9{&*i+$6UtZ8qMQRRmfyys7QzPW4b zK?$HDFWs5=!=nyiO;oK*lh5hg08=Tl)ZRecz4q+p{_(vtyrS>6hu5zautdv$y!`Ih z(!WLhUG!B5`k?g@OyQJiSzvokD4aPjDTFd=dO@@qaK(1kL=m?vn#w>;cGa_rOv>jY z(|ddQE*5{Tp*el99RA&nOluT14M-nf?dP1O?64H$(Gz4dPLr!v%NfN*b88>BQpIFx zPW0szPaud}|Fk@0V0{)sJeMlxXKQU4uOnx%?f&SSjR~Ppt#rDsFST3Qd}}kPq)TsS z89XI7FIO-sY;SeKziw>&sr(J&(HREGGg;+=tg_OmY;g~>?y3lWXG`R<0>JIg*K4Y8lXv%_9@IXkf|{^e;YJNY|2ux%G}AILx@5hj^u1^I^~~ z_We8fm#O0A)>?Ay@5y8wrk$Y?iP@xn;S*b+Zr4^FQnJR3<_!s97r= z$diJ01ftp;oK|k#tVK8tST@L|4f847lkIIkR&8ALlz_+sSW#QMDf@Y1z0sDp9@Gd^uL?w zFA-ZbMN*#9e9hJJQjEofmz|Dn_=(yX-|oyjb3dn!a$V@XJhf;8{8{<3NT5RD86-eF z#puF3PGE?CWS?2ziA^;Z!_X@turs%$4NcK&GUl;Qh~Lp{-!{|#)y7n&i>GOMgYh5L z?i#T!g&kZwJiRVTDZE8++dpdacrtkbnM0=dy zL@C8Rshb@YR+G^~xE1U0E0-q`lBzX#6He7K&c_ithk<>8+KW0-EG;v*U%Xh={TD#% z;>^7kKZqd>&!}rl1fpl?z)t;a9jpZ<9-HWqT}o(v%=uLFOQhv*V z#IglsE$sUdcdjP%RTC%9`@)p;eLZ*9@V1If4tiJSZZ_j+ZKs-jF{xKa+J28_yh@n) zzwM~Kz(2C7Fjo)ZLE91YK&1c6e@lqEheR zYxKC(hgr)@?8vDIWjmdx;+yj0$sfbK{DG)H4N-jK`t|;vF>LX;xCHO{WBr5b-DX&H z-cJ>JcMl~w1P6#ml5xOe-mc4gr|fL#zMB^UG2o|a4}F>gC#+}1#KgFzeY6C*7kGV& z+TvDlI7Q_}FD!1Wgj~$gvEHK|Am>-|XPYCLdUb-wFU?{tB;5rL_TGqDhGT^)x7t?Vr z_E*WoP`EeN8k%7y-((}68y7u=sIB*pjsDD&rcM`EzvPMyn46tV`}*~3)vHTtjvDJS zAll(3yTb#Fgos!F*+gHFVh`c6rrrO;NQuhG0JH*zYK5jDUxv(PqR#u)r;m7vjy z)Xpp&)=sSDncJwp)4aqyM3n+6;SmPA3VD)WRXV>!+W?!nmsuzTwz#qM)NMrnvx>0K2}QXVV|(a=2qXBfN^66O_e<&0b)$KD8NE;FxZr!1Q&dWt#r zPs2XX5<_xP>Zpel5W>^+pI@k;if%7X0a*loxNKx;)Lr{EcA9YlbVqw4=f{}!W8;6* zo}VWbzOnHhP=;L>Rp7W6GKLrCI-u=X-IoaMJpbDG&QQ0!LiKVZDaqY__0B7(P-2xB zoT$5^Fb@(OZ%w%b-Q=xa^H#R%Jik^w&2|E8xj$6f$g3qY8Na^VUw;&EDJt*3YHJJs zwT$4L|EG32EwUgcXbc50R4&A6l{NrKdEndQ*`;M7gQat~g%X>&>dIz`@ zi^tQTUYpQJdfeUDQ@Xy4okAP)C}1=qh6B=yJR>PB7Aj^{7e>UlTcMp7%F4r>&)O3ioq?l^^4|3J1I^~Yil6kykix!EQF5Kzx$>* z5C(&tm`HK=uTax-6V4~*Tr)p;FP4qmxZ7>H;#um2ag6~4vpeaGBi=;%O&eI;@ra#6 zFWjG@Gief8bk;{NY_0W`-Uqe%S7{`j2wlZ^!C1$Dmq)&tO8kXh zm;^;!?ab*xZym5xR`M0Kg2yFa&HeU7)wrp>1b{%iE>4ZMZ zwrzMn(A%6?%WuM3r}5->p5e8#4*S^!kyqnEFbS~yv9q>U-0iBBB}6jscO!!m5miD! zVXMuq#;Iw`{)b^1eXRrKScZWm%5S*ffsKs3oM4Bu1$%|7X8ICs2FkgXY`J<_G)0Uq z9CwQ*nx{zFP6RBUum}A2q#ocED~ z%!_aAg=9mJm1W%F57*{xBPFV$N7rl7m$dcR!?FC%Isj1Q(C?kng)3yc3K3FOGP-`v zMFM-`uQ03Jg+U+0Ni4N%CdCq16S_@0!uRM)@_|kmj;H<2adwGkTDmIXS6pvP(@ffu z_ztgM+uv{`0bC$-gHGLcA}-3^p2-4nLnOtg0EkGAGw^tisq*~fps>SA>8w7)Nqk5n ztebZj&Lo4caSNDD?2F(iFoFb~35wgi;s?{}HCb%L>911^!{e4ntu^VSLXCB812;_^Chw-LT ze8T$(%iwF4pPXi16gi#>zgtCTY_#J{J2cdLbIm;|T&R;<@Dl+%7V(j~}e=h-C%$ z#}{{v@ZDW&Nm-&s-QwBzSvI%#qeTfzKNk-o;606H!Da8*DA`3>t^8ZNflAEB9m`n16FGcH=Xt6~c0n)xnz@qb(^o}-3KjN|8yayHMvt1h0`#cl zT7Xx=kzc=jVP{PzEskzKaISn;K&$Qtyo}n^X54g>XK&<*+wgnU9-ls=sIiLBSEO$V zvT6RLOnCC!q&exD@S`(S#igY4h2;pCa$nhii?&4LJ8|+E&x}lMJz$;R();LNr|-}K z(Gf*Y7#WN7r^(}A3_`z%NrB384#(3LfQ6I)t}2>oG< z+ED;>;e;BpUd9{A=*IpOsA`tRo^N+bhNO1w5X=LEBUJWN6tsntF9-?w*}}%>E#_bz^gU>Z1e=eKLB(8!4Me7KW=1l z%+;^bddAlcc-l3-4mJqtI8(}t+$>aIaHxwWkFpd$z$EsxQqKneKE;zP#IjGWk_(1g zQrBUSKiY6s#iJjqHCRhYf8L&5l>+p}M%aBgctjpX1Ay4vNoq^cuw$I~mX&_o+`xJS zZo;KGkn@s2&=4lZ}ro?Lzri{OA{2cAtssm^`}|V$K~`z zD}@{dTm7QqywYyWIU8Cdb*#?vK#Xo1TJ1N>JMMnJP+vO$oUf>~nu5d4Sfh;oYf2dx z-Olv?%5s-rK7`l@jqa>Sr>ImKpWDaR^IB<|sx=tql5XrA;7w#gD|PX;Qj(pPv-4y| z@ueo$hoWX1DF;EhrzJ&HJI46*2Q3EBN|M zf?26reHH?sq9@?gnaMtLpBHY0W+o55Bmz$-zc!9P zz+IW-zMZ#rx?pIXjsCiC@=4Izo|XPZgFi}AvnKp@6tASjqq91TK*B0+Bh?Kzzc-O} z%@ENFc`wVE=r;YV=0n%$D%>5X!N&0y(ioufhx{$)^2w*bG9K-gKF7w5r&#*ZRfwvkgAZ$R9opUH zpz6yE)g972C=R=0MbX^OW+KnYz2;MIOD%ejufl&~ujqj|C~)_jE|Ocvr$=rWFTR#s z@XJcHH)ul{O>ubICH|JySP902NGR~C8;TjgZC!e7)fmK~~aHY1Wi)6`B{ys}w zkTvG%k%1+gNKr#*)rw71zVj11Vea=@gGFUuZVdz zO@&n^RNk6ZO(u)lG#dffdDn28#gj!cAe?nr_mf|;u+HfJ@o5~$@V`cF)y^lyq5RD3;K{{OtKyv~|QS zd-=g0rT+Ox*IB3er?Q17xku2clJmHqCzq#78`f#6ll={Ev5y+bLrD zr*x{Z_CQ88G@hy2p&l_S;>lesuZfA>Uns})(6bAh+fm8m1Vv|^WeR9hdp^f=l4;Oy z{1I1}^rV3_t6=#1!>{8Gb#95hEGoy|7B;>7eI1=MQlXL=&YcgtPrfKfX-Z*v!yznH zLE!OvC~=^6nOB1oZQ#;xZ^c{Bux9w{)+IR{+!WSVW|T2G^wzqE5@<=oEivjTP^y$x z_(8B9qA+BxN7MM2C}>$%Mn$8C+8e1@zi>Mkqc;_q7@x|zUfcjSFn3aUV83P_>b7=a zjl8mvID7mV%wY&i9JP5>=TcWjIo}DmR?siLya3&qUkr_4N3rV?qt_}JgMZz2dP{k( z&~}}eXVbmDl>ODNrjP1iEltq0Piq+ZeclK^B64Hd4mMK>vorG_WUZ(M4$0&1C znxYi$RO}#1?r)rD3K!n&PH(Y?w95l&*hws;*S&q4bUZ->Sd{HkA;gYW+#xP@nE zaMa6i$~8~sv1Xp%3*Vlff0+~kxg9vHaFR>d=zo(CPm<^0CN4dEApPy}0|mJhb9U>c zezm0;{`F^?m2Tau;44ArpR|W-e=k=fit0UbA`U3-btbc+&FQz@Wh#XHJwv~wp)x#r1bg+7`u^(BJ5^o5`7T)%Vul zZI7$BN^p_9vl%#iMhd74TLjk)LP!Hz*tbt714(*Yyyb0dwfM~S?x|^N%bZsf(a*yr z!gg_E>ohy z47>9+l0-HBb`o+e+4GzxG)%*7q{w0c!O2RZ7K zD|t&xX`zHPAhVxF=UAtP6+8_R)9x_Uc5ft5J2N?;lQVSWP-7w&6})xw+hmbyYqjNl z+7a_<*K2_cV28oq*v(YAX=ZtrIxVb66V_rvxsdfa_bVd#*vf_ve-QLP*V4VK|6XD& zo0ol}D>y}YnV~K`jv)teH^7jw^ZwNbkHJ3|7NV;3wVQ|E!d5^a?+@CD!*sWso zb(h4+;C$#ZW(RS9AV|-B^ofqC6_= ze^*3{1Oryr16h;0@7w8nSN%^ecuoGVbxfHKb}NZM6SaR-!a!wbQf3q{AVzOkcjGJR zJx|{Y_E_WW9f#_YZcI`yiWKTAMqY?%f(jMT&&Bhy729W7};O zT^LYEpecWR)p+S4Ie~!z$00bib~vE6{+xWrr&>qX{*9Z0IDJ}6cQ>;VMTe1?eea8g zPXm29tGlNZ$vNm0SETi;*fL4A&EI;x6jV}TW1;pupNOVSLP2M6efsA|3U;kU4iuC0 zLn*DRYC%~k2q}C>;V9Ig>htWy(28=S9)hv{0(bt5Y)F}VIk}ATUGqxxHk+jC_-|gz z9CO9wn^LNQf+_(6POuTU$3>g*({lAyc{}=EY!aKDm^6zxe z!Ln5(lsXm>Sp8>{gnaC(=;Ozkqc&{pBqAe?;7pt_%ZRE_cnXhQNsk(~aDm7#vP>i} zeTv@~Aw%MtuUZwxTKJwz4NUuMl)cM1iCB5Jd7uX%c~ow{?@zaP;^lTwiisZ|^->7W zONpgg^!Mnl@Nj7%2S!o;)(Xyd~L zzB_wyKqQwXxM(ep(t=LhR+Z)x5xcSGV-5c3nEM0z8%9D-#*`EBDz=_Hf3RBT%a^7=;@E zt)0b;G$73x2_!CwnfK(bcpi|FPfY8be*gDdpOic4uIs1rqTwyif~M`v_2kb4tH%fr zyzFsLD+<*Ug#FMOYkU+c!)Qv)^;07_p}FhtEyCLs8uHI%v}JP3$)Uw_qPjI2pCD?2`s`f8q>-nbJ>2*vmTY<5L_3CG%7;3-Qv*M(Ts7|NhF zX#ToMkp9g$&BfTOwW&+NLY8Fpqq`KfR zk=TMDX#gax+CK0Uf2dRM?m)^M;{O5U!oosb#ruZih6fEBFsSPrN?U1nI8a33_e2}N zt+zp9mcreb%J&RzWcr_>m0Hqzx#*V%5;*yd!TVr*Nit(*R+Ln3VFD*dAfJ|9~RJd)`jy(Ro;S7``;z?#g&KtiWic`$z@_wD}p6KF* z18D!p#`J*{!aIWb>tJ6QUHo9!@usTQT5ojz<7%Lltyj4jLWE( zWW0-3xc^|qf=!(8WU=zTlfWs@f?DW!tajw^;`qzJY&W&bGhSR1>T1mJ#;|rxZ|I}r zQr2poKT<(TPX#IqQ=3bSl7+zmXxyQ>*YqVaeeSp1qm*?<3ABf(GrQ5J``!=*>C{_f z-1LO#9@u3~Zv|bR>Ev=lXR;CAr^O~$oBn9EK z6yNRCiUO{9VE&f`2@L=HM4JNE3rh#E+b?Jx8oA-MgF~&S{QPMp@}XTad5?7Y&|TDw z%nx11=YPs^Vx9f*7JdPh6*X_RGWH{~-@jh@s+jvaxL9F4rU&xbo40bzoj(W(zFRzF zLDvw0b?PIr^JMS!g)>K!WM}rYuN1sVrTBETvlS$=&ZzMRdoT`Fc;~nFB7Q*Rw0aOC zIzK=E#K%WiO-*fhi19GVO(tirnS+OyLi$e;DPjodzTNFwY<^sPGm`#RwWQ`DcV>xs z=|_p<`Nc&?sArj!H{^lhm5f>=ELf?0j+B^MSy^GNx}jE=`&9?1k{bPqDtzKp-(|6g z(al%zs1RnXK1vt9Q@Kwzswbd`oz{_B<_o`u>T~I(0L}MR4&>fjP7oJM;~%B0NR6s2 zsu|stczzg|%gIu8QU6)Q@?PZ#*h^Plbixfyk|ll~Co<}A81NL69Pv3)PT^`Ai$kYl zmbMrPhgV9Odl?#9(`S*Oa4zr`=7`p#5qB` z`Hb>Zh}O&ntWS2Q%K!DwgXLp^n`xh`v`nc7xSYxUgI7vnGxNr_BrkTJwcz6Zoj`t^ zP25&OEU{dD2s(#a9fYoznV5KwG`dXZz2g7}fNVzcRPaYj{GFk%u74MhXtyY;m)hGr zW76s7Fjt0xf zf2rN`eWvLMJ^UTl769*mW{--(aevR9~{mS|4-I9Kh(FMSaJ=#Kz(dC84 zU4HUWR9l&zZkC+yI|DIj3l(!?SZa8JDrm>L;9J%-c<{NYKFJ>fd=$!@&G@ohLDwa} zISQDq^wsTa@XVUToaY%H`e*%k%eMDYa(e%t;=G)Y8tb^`LN*!-5QipDx(fx3XMHDt z?bMs%mmHGWO@F>-?|!G51kdKfW_-()_)@Qm(Y}`3+sZx_z%WZCn1UNAc6n$SU~lu- z+uki&B5(7h^p06=8M(45w?e^ab`;0mgYvT`_10)xjX3)-J6+tQg!ot8LVD4Zjl{6+`oT zM9>h^JCPsGH>&F`l&okVPkaIX@fqr;=Vxp#c`$fCH`wLtKpko1ox2uH=MJZd^EnUr zI;f}P?yCd|)@QRB3hZ^^zu(k2{y4I?NSNV(5Nxqk|h!T#WT+E_0hFxB)#s(&Fg_C8s3;0MBZe5O0%73xS10us=8`LEPETt%qgf z3!CN`ARaO0Hg1FIqp$C1ZO!4`F|@XgG@!n$Xo!eH7!SrMT8sABC1&KDt*tus(20DS21-|J>(rUW<~NW+Q)ZO{HAGWt*Y%BjtI{{zaRuv$yxXzd=C_$6y(| zLYHGuyZ-Fl;Dj;$UC9wt)V4cmNp6aO4OOMnF6r^i{5l#fd}<@V{IV1Z3b>k4m|E1| zbn)Nto5 z&BhY#v$k0GKF%-W^0Xn zT~1-CohtIX?nS7RRs0@}ALMg7_Vfrdj#oWuis^Vo57BC$&~Wp*b)W)ozT(NorS9`( zTiQI@s4sOCuv>&9+mI#V8G^jXi;0DKj(nr3h^zL=_wu(sj06RK?Zaw9&1|=|PG=tTyiF&UKSS0f6k0)uD!$FnzuGo-~)|yv5 zV5tfLb}S91f~>8xfTkfp8paM`X*zu^3mp6RNSG-rJ&oSd+cA@AKlv6%7Rs#fmHnHj z8ke@~`R@&_Y%?X8B|{!o@ec)ZA0<1F9rnnoCUCw9U(X|Oo|OsA$&EGO&;PgvzBiO8}l$si#gms(^3&k3c$(3 zEmCz~O+Bb}>`HtAI1Geq=Oxtws$OctEsk9&P|WGlMQ?ZyqU&u+I{N-R598N|bD0ZF zQ>d9asi9nTiJ!`XrVbXj#X^|HH=?$5uxE1lt(9c6o@1cixA{HJKaO!V8t`Fs3d5Aj z?PEyRct9lV4p6xyI(i9V8rl_g({yt+uWGAQVM8HmRtDUy)Kan2$;T4;WPI;mvqO^9 z&u)*NpeVI#k+f`X!AEa+2^gBx;dgJ6-9t_(iQ4I`$eN#ThCxAa#hcc#)MTI4S*SI1 zKhD_NCCI-jO?s;IEH_oxzKmEO`h^jlDAOCK>Bleli{)#hg~TO2gWj7J8x`m3ohh@bQ@$wWiRqbZ zhkdw%GBI>9;RHdMfR1SLji)5YXAKv%+$G|%p+c)CHAE90FcAb>xLWe{Kabppz&iE6 z#Qm7N9SpL2t1LZS#kSK3NPjqsq*l!h%8N_-(}tT3UL1uq>QPVd3PU-bRg^Nib45*? z0NegcONX-A$tcw&xgBI~OMiyiaGuYA5u2Z6|!g zFql=a^&pjB37Kmuko@3a1wtSW`6fJq{foF(D=9`)dr^c2HAXL|$JbwUO+RdCGCs{$ zR?|YMxPA^ZY1MbUM;!$EL9@lyxSEZkb1T|FJTYd37Q3nz3SKIf;g!!A1S#LVnKL7i zC4MUCHX@bGL#H^~;6@Uplcrr?0S!3ooh_7THetSo#|pf<`mAopL7BNdRaz4v({mCB zC;XaRWEa>AF6?$mD5rE30!euV`T0~Z$y2V(4cS)!L>KM2UZ+#|Oi{VsUv|FpqtHXN^ETP)%w-(({8f5m#H=y+?6GA*>QNNe z!-ME1-HA5nIBod#IWs`^QE)}{tCo;A|8Adu^uzvt87DIq|ExL6a4x5<+eGBHp|Pkc zx4(Ul63-!PVbm6Vwn*EyO3)X#aEG|nsit?@TrX`h0F4mKrrG#>J7xtSp z6RkT4a#>E{gA4DvQOpO8QHqvY(lqZ1KHa=OJm`Ef5DJ-8TZApfhNJtd&9d-DT=skB znlY!8qs(f8fyL5~e;_^t?Wc2~h}NHP&wwvn}9Rw63dj zS!}wRX?6Y~tejV9oSp{tBc?LMF!kp|rnODTLjFNCBma%_f{Y?;$d{~J|KX=XG$}(< zR_qN-Q<$xVIKLgysbU^*DC6p3T4>JOOGn-$n-}$Y%|E7ev$Mi+a95^oh#T6QQ<_{B zIIHdfA1aGcG3CqP$f;u;)Pom9bzp6eDlsTaq}|7Nk7n{YzC+dju=@Nk7Y`=Qb-QS3 zi*h5{sa6^KQfMS{yoR>qBzK>e^*#Y;JQVy(~bFgGi|9kp~h3P5v_>}@&o@(Tc?@N zGc7H{R0Hss#R26Ypp?GrQv_W|M4c#&hOtc!PYC%v0)J=SjHCG#=RVopXa*BFDsj;z z#@MD|H@>#T_*4BO(g7PQRJ&G&H4F$0^f;m{ATMHy&-sBoeM`lz&9QC5-c?QGadj8> zQ_wtZkF+VEX(;1A$%?nDo%ioOQ(F>?ooT4++^G_HE8Zx%;eI^&)|om(^Ru}ir4Civ z0KcEc*u~stHv@~={9<*!nxGSM+cD#feIwPqjW}yv4VmI!)>>2DoZ_jxJF?rPAS&Xo2ovM& zt<|(q-W`>oGxtyDps2f>@8k#J8M?vu<#vcpi%^HBP+fQ9nXPm)#H!eE2kf2Ej{WMLNF!ryL~a(3r_PQ_-OXKXH-LAKpH!}#wAJ+2u6Ecus@b{uy&z*u4uC7I zqHx83|LT9;ICi$Ac~Z_>w}yhP9*@UsUL(_nQ)HtRk}>M|Z@tiPc_bYW%~J}I1-u8@ zOLM2OCJ>SFnl7(j_g+U2%1q}Sghw?I@}zPLlumWMlWe+v<*z2-6o!hDn9l91wYam) zp$-NdH(DmifJ%lL9~Ooq9Le{^eM*YUXJ79HN!i)ikTHdKOzqXFl zQHZ{9eg)-JFC}}Ac9yED+z(2XnzYt_VBOi=oTNQ%rKAD^Y`W%sK6Z9?hG}na=jW5% zjq1}o<{C~a9$%F&9%rVsIov^8Yp^*RWJ!i}r^pZB+fpvkswYz^Te^RRx`+EkLXJ_k zkDXSGgE(HP_CV{RqKm|bwT6Do6t{wPin7V+zO2I}doB5zbU6eoQ_V_>JTB^0Mu>p3 zh)vZ6hp*S{iac`awZg-h;gS=#%IqrNNU?dsMh%tpY`fhQDXzZz97DO{qQio%{Exk}bQg)*qIR_gMcj z*yh;I>DV6r>PKj$=?(5RZ-iop8Ay+NG!H(Izr6#(?PPsv) zm7k`?>R-}YarHc;hKV{vWN)QxQj@lVxy#j`%QY5*?ojfeS?cBz%yIs-(GdADFA{?0 zwrd@E1|ohS`%U8Jbe3xa=GPZLZ^kyWmtzGdrX8W-TA4c?>q`cA{{*`Vn%}{!^Fs{K zvWV&>c?(y(t|qG4HGJfSc1>X-Ve0hP$Ld>UxJjDU0Jmn#^S?P%l8*bW-2o0vlbpD2 z-G5t!sh?dBAhtcn046`Jp{^}qSZ27VRJEebGffoU28u6yGqqxolS@B(*5AA^GvTIv zmR~cL#46;{={}S$HT(IP$5T=g0j>GD*~;^|#ZBd>mD>Ze?69UHMbdxX-Fc%tteEmQ zcm42o*^DrG&DOcuZh!TC9S-V|M`O@Nw~BL@hBOk7HiIL{J1Cvy$2dD_>H^>+FUyln zh>x_00EI#-N8QM0j) z5iqk$r4^NXRX62(pFrTb#OLMuu5;YY?B?0~5+TGn1i|pIU<+OI9ZEB2Zhr%HR*Y9Z zYaCc?82314;-lD$er{+C1UJ?{rC=X`UKCubx3~NDEoz^}u$5N_p?RpmH@mL5lb2rm zqSe4H`a;UboH%CZ-RXa4&^<2XvZ^l`-~`kj_Dqkxa&3JzkkZ|Ale$rC zffv#9Yt2Lah6r5ff5iX%u01h{-()vf6(%Cdh3sR)9HRmN9QM7dcWydSnb>JcgEt^3o`)wng;pB`M{F8RZ*7Sp6e2Y7Y8 z86l@feV6;~YmX9c7LRJXLnVI}icvn&)TwE~q_#oJ_rgx>XfI9x_P9~eNmY9ZkD@U# zct6`#tWH<8zjG;VYG#xsDzsSFNpXFOw>}Qo)3)eUo>inP1+f3{p#XbhVD1s|53j__ zq`s%Cj=?+M_I?|vLKlwmiY?oz-H>>KTG9AA=Iz5~Ps|#(3n%3(V1y=GHx>ad3O;ETa|Gs_*q#f|f}d%d=3*x6LidxH@NLiN@FR z!sg?8d;lFC8LBUg%~}j=AM_4YXwsVCS{YtKZbv9>(yG5u4o*U2h_ndb;C2>kU>$3y zex~a}hn`I+;!!Z3C|J%>_PDClzWV5fbu1Su0)vnK#I*7Jqlr=jmqkM5Dho$Bm&u`o z0qfT?>ffPR`H0S1h4v}(Te-{yxOTW{vc00{mr5&oltR>f?fcG^@qmP?kRX{C?o@$ZRH2UiVDVSS9w5 zdxC%cHa;`h3iOj*KwZIiaQ>y#+vLi*iI>C`$E&%ygBC(hQl|MQJN>N-8WJnt&%T^s zH*A@U0d9;4dOR1iyHiq3ZvNl~@Y|D}OBUC)W`u)J>}kU?H*%VxpZ-6h-uj`*_kH80 zQ5um>K@sVe?h=tux@+VB=@=uGPNka-5P=b+q(PKMItIc}qz9uBMm+QV`99C{!~THX z*L7d_b)M&OypAPCsX7Vn5$6P|5RJNTq&%GYLz|*_!MSlT!Xy7f$n~?E2+Pb$1F_t0TMgwKD8Rts?$i`yX1*E*y!Z;ld1OJpb5_?COPtlnk#)OHXw;~3oO>hH znEFUR#}!!Web(eEI!lm#XVFN!8$5tFc;5bG(jscRB`Ov6jCFE$D@o@`6U_4SPJX4H z$6J=mJjBRilHhRKi&v|+F2#cKYuNlqyMi-Op*L=Xzt4$B2**@`MMX> zv*hCo`VueNz(s87j0F^^Nkptiz9oBW%UD)}*C*Qqz0e@O+rEj(@ru(^ghW(|-14Z( z;Hhz9`G`n27d7UD>>W$h(zIdWF(L}lJ}Dw&Q>B7P9)sdW9K0&vw)SYce3NrDA7fs^ zv6oe!t+KxwhS~sD;ysfgx8Y0{dM=)Nik6uCjLQikC)J|G(I(c$YG5rjuMqrit*S_C zbTuvuyL%|EGHkWmRyOvzX?%n6lJ<=}l><136yVYYL<3}@bN9pvB=`N|d>A;kmRg&P-t`^oP7 zU+r_slCO$mBJ``be#hrQd!OUsm^DN8i7~b5DY%V&Y{|Of&gsZM2&c_{fH;n6Pl&>+ zhXpN+7=CYDguHyQyxTXIP{fwNA^U#ul!E(0IV^4DZz=Ve+kAF>Enx5ip)wUMl)Sc~ zZRGl~N9!rmOrKGOL^O}URDtG%GjgiPtdk=yaCLZ0+0pB&NMau}`&d6%fdtw)W*lzH zTJyi6;h$4!=YLM6!?h{EQ9*|KgUGMc!mGrlPE#|e$ikz2L^SnPD8XB(s_A)eI<9bx za2E9j@kl%C$X~8@0!n=)Wb2v~Gg8nUXtc-27lL?C`T_SXh;`ubRK8bpkv`7FVAouoU}03NzRz1Hg?t3rcGY727HeiJilW+ z^81G_Z6PblAiH_J15w20A7Tlmf`nMu&#V#4#>sp5C?;C;;-&hF`vj&WPxGfN4m_Hr zfa;_W=^4l`bN27}@6Tj+cavT>h!js`W4Av;`R5j(#K^zFu`HxI1yyheuQ-!aLCn;c ze_aY#2`qYbGA|5A=8ou4ON$D@h*HV#l?EQcix_S58ukn(*#QesFh@vtjf*@yoW~^w zsLOr08@X{VEudc1s+R%QQS6~`TC!E#BP~PpHW|xdY@pSV-OkT?;A`H-J>}?2LZgKc z5YSPt25E<{DYLd8`M0R9jz&>#SN2@j+MgKC9#RPJRypVO)n($GdL|YQRr|=KxJU{y z1+5V_|Gy^5Umc(RBOZv&LdYIdaxgGCT5Z|eAtJyBXaiM|PqHK8Ye5J#}!*vj905WGaSfvz^gy@h3WwFsY<>F-46aL!*=1JJrV^bT*s2+_+&L%c~j zUd>o-*t7o0uEvMC>Gy&ws%EMKPJvj=xZ4n~m+|n1D{H{foO`p6ad|k_uJo^F1!I_g_2x~~>%ihTqoy$R2_!;)BPr_0T;eIXWVF@{aD|x?6&w&-9SEJ- z4?9UX&+4v`VzrDSqeFkqOZ4%B%y1X-y2qVPLo%MK0{N|NH1h+$fvjbTsvqth`#tYG z14aj?<9s1B_T%Ua<9>jpsb~Lqpl&WeH|d;mpEOLkR{*btsw?C9gqhNa@tbY$sXXd- zb_Oa7_+RJ7Tv?=D`7Hj?2T@%2MvpZq4k7 zaPGH1H-wkUZ8}AUyIU_-@;Dk>GDDD`UzJss8^g{5AtFgt&1n@ZOa1UI!a6sx_vK0JtPSH#G!~feP0v-RmrAqgIypSraH;PO_ zs5;x|{)(e`#!L`TvCn95M5f;>`V?jhlb@aUsiO1_+Q;|XcAjGl-By|I%5U7f8&u!mhWy&*I~l=z=#CEH(;vt3|gH|NYJsg&-AK!NYN>BD=vX& zeM_CT7AT~O(aNr3(GyFQf0|cp_2IsLNp)(A`7118FG(x9f_raDmTT6yjxOKxbF*8N z9Q;>Zgjm{rqd?B4}DSTnhx9ZW)&2+c!iC1~l*l@y#SpO<<%<8kmfyqO& z$-XW%>-%b{W)i3-JsE{xP_$jimPaX_yoH_>6&4%hKCTY34;a`b+m?3uoFfW05tnRf zZMDPVwumhx93_lKn#JQ_uKuS|&^`K*cHxaerjo^O>=Sj7dpI#QXaEI_)F()DL- z*~eqa5)>GyG_ltahmbd80lM%_agNX9ZsdEmWBJmSGkVe-@bB z3u>`PklF{+8tQaZ#&}9tkZ&0*A;RnIk!G~Hy`|KfHa^sv_kih7 z!k1t2g?#yBy%7!?6YmDTk_s=1z<+-Yu!6b^m-^fUThV^4D)P&WFRvJNiwpwC&SzLX zeV;dO+%B9ZO0w!$*{9Dz3@g@p-j@>FY7&CWpw_rf=+t#FeIoL}Ok)n0>@6TfCrO+C zn7Q$5b|rh`t(oNZg1XC6wV+buI4~*}R%3e;ca1Yav3tpSNtv~4FmYdR=F@;)5^snZ zGQ{EQygYQZ8b)^v)Zb)7mJQD~QA!+oX@_I37Tnjwn+8q$mDQ@$ z(83;KDR9p+3Xcbb#LK>tnKv%&C5FS|QpQM{pwhN=0DQ^~aF=%Jcl$>tm)G~^UVp}! zDru_~ZwPtdB3KF@!e0_C3HK02?t&ew7^ckU=bW2msM3k(UK-acYKAYn!<8TvPaDDO zQ-2)4rO9_VM>}Ty{!x8xM@z}L#(Mb%pc}GQO5U!18{ZnvVUblHeH^9Ku0po|>inb` zBmfDhI#Q3BeG$)t4Q*N;q#TL!)r{I1Ye58OA0cyLaiNJQS-4WT$1w?9q9$Y*3aj#v z5iWS~VdtZMbJa-l|5r+3iK5j1&JPn)+3^&o{nAo&lp3QuLPsy-NN$!vtuJ*O2L(V= z+C@OMBYBwHGaD!|f>-(q*a1WmF5ZzSV_?sUxTvxh3DG|XfLc$#$ zTgBv#qP)BWa!b9h1kz%7brwTx8GmLy7$uqp0^ayhp0?7HjW2OvKTqdNOPt~qMdt~h z-jrJG@ReB@lVYt9wuY(__n#TehiZ(;Rjc=g4T>Wn;69M&O<`q-(97YRIi5W(L-v)Y zZ@xzjJOL>jR_>yHp7>otv=uT8dq0SB-aJ@-I#w62M1Wy!K|7-YvfC`gG$BfXrwY~) ziQ|M$;s1Ya<@_JBuZ2f9bgy4|Pr7?MEz(c%>eS{jo|*6AI7=rrL*$p6*c_T%lvV(h z^sCrp|2lRdd{Hcqz+nP!fJ}U1RTaxPiVp%05$Ks^Mz_XLrFkMBjj+^N4L18xO61Gq zNl_CTh{sg+$d^phJavkoda!)n`<5KS*r@t`vIGouclASs04xs~`v7Gt4`5y|!R2+|dF$Gziyilqo|2$o zzIBjFZYaBa@fN#UMEj>FbO@fAYSh=0`k9y3>#!ICs`9){;XJK_g}ZZwZLVl*PV@YC|t( zh?|c2&26PdX$x>YA^5OBSgo0j^YCGy8Ks2f3ERC0C1L?44{3B)f7kf@!bKAkE#dX* z&!3ify;-8qK#Q6aWyR%|t=F>Cq;b3uKVcEoji}Af<&(p&UzjF*g4Z@5ysNNQv2EUb zu8B6Nja;QQxQn|^v~7XmzzwA&hwShFwzg|cuvEGINn@Z{3+{QTVUA73Qg z@C;IniwN#wOOQ;#dL)?0_!AdMTG3dT;`F_#QxiavAI@XA`%)HkEuTW}k(NTvVxAY@!cvV|OO+C85A4CaM);bidM(J@ zdCfnnr6cN_>!SIF>!0Qf*G+l9+OxYy0QKtnuVj*VY0lnTEhGLE1D{ZsZ&e;oljiL- z_lwVQjwpE5n7wyFdfVOo&`&|!i6wL|iK#;WxWV>T|94wCT=|&#pM=Vq#TnoYXq0y^ zFa_~U_F59v?8p!`FPynNayytIl)AY3t1Yd?65A;2=&!peyqJlU>tBXNKB_(`Ig@gu zs6jLr(*|nxBu13vsY>8yFn;-kOF`C~APP%&y5}o+ij?VvDB48$k{*a9)Rb>8I>O0( zILu+k9pmHUPm&)_r}5aHudc2>;K6FmEfhZ1>Q6%EYIq|NFPRCZ=2)(f=PRS&mv?43 z3&xhFZ(YK}@8US>VCFm%&_O+7ID7kxnP4%C0cFa@9ow4xiMC8*G&%@x2Q|vKgq1Gdey=1d=VCqyd#XjPtT5fuwv(>k?1?dUhb&cH8#wiXH+*In`1J-tr7%^xZ3150` z+ehHf{R7eV13|d=nLnqAl>oDe6(7_c&F^z2A=zDFAu0*0i;X~Wp?X8rYHYB$ zF)E_@+3I!5l@v{l-P{YS?^B5OgerbH#la;Ct5*;9#l{pzlI&v6ClrcJr0EKsA-z@} zJ}<>9a(#8jrTojk9bYfSt=2a4)g{;Vd`db9iB3X?1R}nSo{6?EuK+@`nH~Mc{W&d` z;SK*D{)T146XxZuqw99R4i?nGP~Sny&}uFAsb@tewvOH|d!~Q47%hH2d~1PxoM_?c z$%@3DtJtFN-M^yGCx-ro$?XhN?44A^Pc2jjcJbA=T0&U|PFCQms=zA%^Wchu#s7Zd+e`oRUA_ zgLbS~RRp#vOCI<{|N9$2pywHAi_|31@{75fruUtI*N5*Gt3iXmHpacataF@XJs-Mt zx90Y_e0`5-maT zYfB5c<}F@0ee&eqYlXneV?ge>)5EdWQ;YLUKcfeDvL0*7b+~$uJH*v?Uc2P^2|Hs` z!$K9ZZ*Fc>4gE&(yGR_>d^zw<)giyMl&-0Iaqu`?$QU;0Ng>O@^tgX@wv_LzO)P`v zl-S;r&veB_NS6hsf1X#Jqo$JsoYNVEgs2Siltkk(BC0+zv5S!`I!EX^K^cuK%ru93 z4x^suk`$1^9A5Rx(YTy#ziJ(@$tG-p_e(-okQ%-}MGB`tr{mLa* zZtW2#tvj;o{Ic3{{n|(~OhNtRZMY4cS6DQv=hjFxe5D%Ted6wT+io&^J6=bfyWbq? zhHYtK4OU72UAmjc!wG4wzOalWi7CE|QNt}4Kdgu(42W}L%*NW1Y35Ev58E>!(7nc_ z*90!=_GPLQ={yb|Rd>y)2OlJUE;tHheRhojp2i*IKzhw{S(f zCvE_KH}ZOAD=aqQl#JM4r=(|_*=AixJgVpTyJ+~_OTc*oeIm-zJc{+I3+ivIkSKL0 zZ_b>77z*>M7UJyHNDcpt$IFp2_jR)6E0jukZ9hmZ3oA64*)jaL5pd!vmZ#BX-417} zRKnJ)V9ESpEc=;=xQR|Jpx7}&3R*mE&Ld&#u;Xwu=!0Ai-XLU7|I!L0u~Ye@^`&5( z&k)dGTkLNupTLgsHTJf@@L?8*@Ad6&W++)2D-{v4i@qS0IG5uK^%_*I6Pc)8aPgl# zNCmPjA~oY5)fAiQ4-n<%9Ap+wY|9i`)sc_*ojscjwNu{aY2)sg0HM=AOZ}LZ4Y(hq zhPJ&BvUn0*i)}os3L~L(YM`nL`zGXQHwcE@pMo^ly3!{k>AV#V@nj~jD;^%JD{XYN zkR{9+lnDGVKB%xGubg_3ek6b3D_Z1^{r~c4zID*5iKOCTKgEsbIix2OadM{;P>f+Q z>%1iQp!(MvjzQNl{%6_M{quWB&V;?e+qmd}RU597E`c!PPn5`?$}VlOCFZ0wZRkCy zA`5y&2iQzAA?4th3aGfTB& zx&S8!7j(hbnm45S$5$q!eTqFQba&UHi15oq$J^0N*tbIEJ~cl_rjzy^&IdR3zS!TmxfioTYK zeF^_8DZI-R-&Yp;o;=!cYewIhSGfwuH-M|{!QoR8Jt>h~lRcM@7&)as3Y1jAzuz3- z;0msCpY+`E<@T(#!7rln|EyVg#o~xSlWirHoYOd|@^YyiIqYw_w{}sv&`HAC zRLd#Axy%m6e^I0rq5)hvp)><{kIRij41$}v-N0?N3X+Y%m0u^S>l0l(a*eZB2S-Cb zf5vG*o180I#5*srLXYhos9njIY%ld+up7?|6uENB79j?8WwvL`-~J4mB_5jB42=RR zoWDqm*%dE-!hI1OQGh9%z<%t!(hC)DtPnR)9WRO;zIPNoL zTAay-P&Alyr4Kuu^0+~q6Gf{aB-8;V>aiSXnW>xw$I3aDoCVk3E;69T6tvF>tR%me zZ!<2N^6v{9)*Cx=dc*c~MiZ>$HJ;KqtwCR#H9iO~11cPFZFI(=dNu)~pgvy!`ZD~{ zNp|NURXG)&0cQvwL8pjp_SD1r;?@%X+&dL?Q(Vm3jSO?}mAzyxe{=XQ(8mz!& zI(L`9!@6z|`{gD0=Fica5J#_XOe~hQUe1%+loB&%I0-g8a7QlVNmPdWHOF4~=Fg4y zYO}r@IsD?>J2Q6MTj`DhsrB~M`YHG3)h5_s9AjjjERpX2<#ekv+IKH9Z72WWREg>& z1Jc>5%)K6q& z;ohG*M&@aXIrCF7JlNz>gYik@mhafB^d0-HIbHb8Q&G@CBPHNN;t=&KQgUtc5@lkN z8gOI5mU({E6rC%1!f`OcH*;I-XmninXTz|J2+jNNuwkj#9JkRekLLR!t=Ixdb?yNO z1d7FDFlMnNmgG;K@9T>ka}vX%d0(!iL0IkkSPfsi{^tdykP2AOjU-5evzl4s&n?%{uJ$=4{?T# zZ-f(sZ)ySrmPMLd_&|CZ1|t;SHN`+12noZ)mZK5u{DyO>o&P&T(^XttKK+%W@`)m( zIhj`uTP<|4g_yh=9^!qKmaMi#-PJv5Mrc&eVUttnJrb(qU|nQ`)-&^X+M?Oe%yRkH zAdS5+*BE^3shkz&apKMXY+3L2VQx2?xcLWFdg0b}4C?y4(eX|~$h{D&F#Heti1XL8 z8pjo8vS)tP?dhQ3m?IbQ?2Ym-b#5-M^itLOUKh#gY%Cw0aAHBi=E^$uzH-O{KZnDn ztZEj9{AQJ|sag=wdHw@__U+Tq{JNqxHzgS9v>nnk^}ZT#+Q z*t)J5v$;*3J#YjPkx-ekdGO5^ltQQ6BV5BclwHYxy1*!_w<1@KkTj7MbU6Ga-cwgR znUCqjH8~OpBVPK)hY70flqrk9EOw}t%%RZ4J%=gf`~LtQ_IC*4J)O#Nx=?QUw7q5j zbfDJ)+dLlyWA{o~bcPq(O~B9{yxQzuHqN%yVZ>fZkUM8WRM#$1 z-ErAw{rU|V;)MqK%^UU1`)-SuDFdAC0RhQyRT}};g){^v7wss%5AUXXdD?)cHzGcz zb*$TYlQs0Nw$D#pPWgPv*>To1cNcE-w`EnXb_#V=yRvj2IP(f|6{nZxTYM&$=#Btl$FA@N_@%?zjw2sXq-M^}~Fx)~n7m6#EEEDe>dzMIkd~@ez z3V$l=3k}E5oobG`Q*13qrjkhX5&V+6n8N~n_c;B>bUXc z-?&Tq@Q>OFFAWwSFJ;UM!91GoRK_K!*hoW&32c}hMapTjt3CfSMfzyjr; zj#p`#!?!))cFU{p?3rDPclha&6aPDAjn_NKf4S|e2^mw??3nvl?bXja8PECraS|=$ z91);g)I{6j%Bsyp;yu2H6HgICEo8GV7f(?}J@_S1>R5>uy(N)BZ6z69>;4RjhCRE$ zp7mE5vOxi8AF!B~yW2WOLH|eiK{(ZAON^@06j2o za>V3i^<;U(h@pXJ4>H7GmDTc}UbngwiR?2?+$9|Vww|2O!&_Q?6B}3 zufU^ndQDt9e)X3Oq{o(8MdM?{wt;?@F$~Hk?<>hC?(kOhA?5a}R>90(|I*RksGezr z7&tBoC#D-GGVrh|_9vdUd-t_}O)_3(Lk(8^bJP=(Rsh+s2$EEjUm)LA-1DRD38{w99QG7EqeIiGh( z^7PN!;2Mlzuq(y&POgjrxFMl@ zTMThC4XsItB4_*JrhGY88jI+N3*qe-N@|ixL+6~?xo?*M6#*Zgi-z%#eAwab*O?=+ zptr7%-G7t2)r=t_i79D|;5EE56o#GYzqy)7=w01yP3Cf53M<$t{ zz^pY^j#y8jvc0C}itWS;+H~_{5hI%4`usT@{^KmsP@5$bx_cx~x%fSPYhDy-P`({e z-CA)5${3-eG;E9{B2C%bWvHgH$5pi0aqg=E#smh(sDJ?PH>nv0Djk8})AudTL6Ub2 z>N(_WnZ41p%0KR*=O1&<`b;j36x=I0Jr_6ZvQwmYjRBmCrlw#&{+bxsMv0o9#SSQr zKDY4K0a?7weHJ(bodn^5zE3|=JOz=x5XsxAdqgo`l%<}1qUw}fa=8Y}+`fU7alRZJ za$({WU__ho(|W;d5>{D_o`i(?d)&=V$B8UweRkXNrDHfA1KZz>M^??wTr4XHZ7G~2 z0x%B6yv*Fv70m}8Ck=WZb}(USmbaP3>7zYYzOUHJ{`G*C4_9!ItTurw{>aseX-3=$ z8MewR8Qtp8RV~Ws%vnv{?!n8HFGF1G{k6_wX3)S9aK<;YDk6^qxa6-k4#_$ zhpgf}t>F+s)yRaOla0XsNY(R!9jJnmpxn*!pKI*Fo`eoYItlB+1&Vb5*CnyT^Mj!= zNe36U(m@N$j;ATDBW=E0jv$alOG`@@;s85f)sp-?FE@!3@JHN?Su$6LA`(5n8FT`Z zTgLY8u-WB2F18*vpFd3YzP+q1C+5XXd)-x9&6QKQ(6UHMl{t~Apz3Ftg>Pj-X9`N< zRYY~{^t>z?SZz#-rl>HL{X=M{KOlm)d3qyv#e*rLe*da1{4@V#lWRaRATx)pxTiHR z*wE6Y*g5Lgs!V(n4`(5Dha?otI`vCLI5C-hW>*;`58aO6?&9S5$U2E)8rM$-T&sbC z;J7AUuS7f&u!SkMXd0F1Kh=lJsIIc8o&;zeelUo{;v94$;#du#yrhoN`ig29>8tHW zN>My60DN1?68C2}Kz|z2vH5~jPVIp>1^OFB-=f_rfvC-3#|2c-a@)7=h03~Xx)? zVPeaSH+#^|;RdG^>-9G2HZj)zQQ%XUy9Wqc>QAXqIEIgjqI)Sqa{F~E3KaWi@+DMO zb0}POph>MumsujUh%Ghy!o8HQiE%o}E&Pq2&Y|f#?C0A~*SdE3*pgQijQZ$!w3|J$ ztrz}M(<Ql+KKZmL#ZFxzoOms`odp9$BdBDSb#0S5-RR;lpH#(N-Jmu=4HV9*3I% zIm;u8aFBQO!1FFn7Y~;<%^o~Mi$(NLF-YXAE&;~r$UQG z-*{znf5diuf^m+Zz}80TMeNp-Fbxx&@#m=(ym`bj46(gvt(m?h;Q#^hH0SD5(Qc#h zNQr4a2e3yUrdGirxp?UODYIcM;UBXnt(yI`Qz~#JcG7Q9e@n5LTZ zHeHnJZ|V1QhO$~(x&sboda(D5&FrQWQ`P*R7m+^u7k8aM&+(BQpyw-#GXM7?TCG8w zv80Vc`a!DSV^#$>-MXF+Lv4#szPSmk#BTa%;(cPYee&Qr>xb|K=7mQ}81r;B0{ut5 znE>26hr(Grint1w@{~hNXj;MDbDPIAvE5!`Z=Fk$*$%0471tj59KpOkREMu`IbMC} zv4~ohp@O_07T89+h6T;JZ***g>3n0bYPIYzl;0*HVy)yMHyC;dYVYY0YDA#!-K3Y- zOw&GU$J3aR%G4%yG|}IPDUatZ=_cx&>Tt(+MS5FEL*CE(tLNUnsqL@Q^<&>ggPIJk zWZJL#jh~j>)-NRR(x5Qew?}HD9ZN5X-g4p?5W|7OwrZlr)B@SyaLPYU3&U3ixoet+ zk&*LkRXN+gHPs+12%vvfsD0hwKzy!j=1%q&JQ5VZY_Danp+usQAyV z9QW8`ji%puSO(I!Z8C=`aqpAC&jZdDz{Qqfe;xizPu!*rh0gzftCLJ4PEymjU~I)Z zw*hK4=-%FvFrvxruaqYXIVI2;qRw;^^Bx&HTeN#7s&A!qg<^1uU>fMlX0%XiST}f9 z(qN$}9VnhH5Bq3j5~;&>#L%|87q0Xpe0OW)uVA$3J7{wfG3JMjI1oBcA+R-`))!SXr~ZyhrhGd4{Zg{LkVQ5%1Nu^l|BJ&GN4rK0 zcim<^HQ{4XMa_6_w(qa9eJ)YI_^am06vTa?~OI#>* zOD>0-HnT$1My6*(4E)Xyk~AU>B<8N#B)|+i8}-ICEXM~Q3AH#qXq^-p)ESr9;qA}B zKky_RX7i+DJFzK%{>V!j(e8^Ib7z(}`P~csfRmeIo<{ngkBPHAy;!kR(SMb>=M0W3 z>0?kmvs>gWTa7!NF8w0~zqcyHAGfKt<;6y8?TDYB`udefr6g4dT87SZlL_DWDq-ketm68tOVT9z%8PF zMS=Ho@@h^}O_2|hqax04{kG$j3qnqFN$*yRbpsBuLD0~(cL(^aO4QWZzN@R6sf{aBam zL&KM!>EcrZ<)1^G&wf;--_po}W{ZTTd?l>XLzk~A^|Gpa&OrbNjOAXEgC|sW#i&K` z7+b=RWDorwf8I)gMM%e>B|}?{A`12iUqemO2){u008zxM0;WPA753IdpUQEiVV91^ zEBOkLK@~fSmnC5tEU~@}unw~SYAgkJPs1^gw!9yknOt3)PFj4D=`)vor^$%Cz#Yf2 ze$f&po|R0j_?nyjSOgw)A?tY8Tvsw13P?try?>X^81b!_li9XDL;qf=ouP%~OwXkC zK9;)}%})1sVb(b7_?ha<=m;UwoSlnC3<3VBLAW_{Ek=u2(T`*JVCTH;RNnt^2-*ur zM-NyKb1W9rJ0$c*4FZ0qFSgT@&Gt&(9fX$=G-nV$f;p-We zzE@HsAPLDmQjOa`!he}fs+ojy^a`~*SY=g zW$OBUw33WjL5F!fSA>#2UJuob?NzvdbqSi+PuYE!T?|efbW(%>r83ePq<@{;nvB|b zQYIv+@a;y&u{|Cgw^X%y!l@ZCeBAN1IaNu(kG1Zb{H`Ja{7kyi|Nb|}`4uYS&-;2o zc?IFvif*8dbo{WH`y~4|8g)H(k=VJF)?cNFl5u>5Pd)P_MT|V*k zPRUO6$eH#NCERomBPD8Pp$UtK@N`+8f;6jHj%-*CPXJlu-IeqiC~J#vqB5FNM(L~4 z)^Q=W=LskV&B>S}33mKSPyhjK8p7WL@8y?xB(znkc4S);$;ZRj$rzw$;$ePNxu*GMx5snlo#$~N^hp9!m-j|xW z_7W#UY`S8!f|3qczzf;iX`@eEBZAD@OW-jCFZ_hR ze?7NL z3M7yb+@p+R7!OSt&t1oW-nf3Qt3`|g+O<>qcc+2&=|->s|CcOUKn{1%x1ObcDdY30xSS5xyn{NJ$FGLhxHJEc;- zNv-qOHq|JP?P4E~?-zT^zHJ;=$^piuXe|~AchjyhRc>1sd}eAB|HrpQ(z77j5A<={ zyoNt2$#RBV23hr66c0WJX5>5%TbZAH$e8SS;-H|)&HlGk^zJh{`@7<;1OX(CJGDHB z*EUq+ZH~05PGc{TAZf`H&RAZx(+Ll55o{&dGJq$JB`d@#1ry-7rrbUVYFK(im%%&H z{4YG4Yoa(oaaHAPLsFtc#V@i%BQRQJ*u84c{n zC2Tf=vYB>1WTFZd7l)_3Z8=xY*`XmUu|Ctf7CWPf?cBO|pF9Ql^jx?VdTTGW>D{t0 zT7jI~ZZwOgWUyi5<`x#RFaFa;Jkcz3I1g#@8;(M!f9%@57-LCV+#~;uG;6=JhTAzhn`x&4h+E;iM}2dA5~ z)qk1saN<8?Od@Mi4UmA^H|rSeZQL|_OK?bH;%~zn`fJn9br?KoSpa^AZ4UG;BRLZT zyHqIzZ8D-?(r?&qePH<+R?R|y+279Fa}4d52dsNuWMId4AC6YgPu4*z=-Jc0`PlGI ze(VH0J8YA9SuE#e%vp`Njuf>KI+U$ zI?OI^iJIA&<)xy6f{B9)1(JH%m~*CBP*#5fr+z751g$n(={d0S2CVKT?D*;E<-{G+ zzoux?Yj-1$>%UJ&x6|1<8f}6q_=_%3s<S^eIh2e>jpZwBh* zWFMThOe79O-tW}o{>Y_r$TMlQT0I#>+g=Y5vG0@Rwq|jCU*dco#i&CWNjTF93~0$- zUQ<?;6S)7V&12f3))A0^wMT}PlXz~1>e$}X>rU&-eWEgB#<1bn9{5r(X`j(vG9 z*PR#6I8X4+#Aw;3#1InufDGr0OD&ZAI=xyRa8E{YR-dvoLDW#>Ay`q&+Q25nuz6M9 zv{z$-vSmPQ{h$z^bDsvAl6O8h#-MKWtVk(%!SONr`r}zc`h1Rw2fJ%QkmP*?a$DBq zb;nhHm=^cb8Yb{j%k$CIle^z3C4(=mc`#lfHw|+AzdgLNE)#7Ih4wH@vj5~HX**E% zr!yCqN{m*%EAcyxCpLe{15cNc*JiRj&GSq5y|5DkG<}tSU=L=cZqC1mHm%yh_4PMZ zmdrlqBItz5NCcS#*tXCGRPRj86L4s!EBZULl@@2U!|`f5iiv6LFer8EtP#i5&lD!j zv8^KsHl4>CW;@Io{stiasiQxPkIU7!#=kbu-E+D4bol)zMOBT3)z6Hr^D(|9tJg$` zn^Lcgn}x1~*Jr}@JS4ip%!xdKRJ26+_I~BDEuWZ~nXv&H0BltKzj#S6uT-M2i;IhF z$Tn7VHn4sq`qqA@h5sg#@E!NZVR+uxrD&gGtSI6-X@xmWA+9BM!~6*s1LBRx^AWIi zW-qp7i5010XX;oSQ8puDqb+?imb`s?BpvRYnUFdSe9yMzivqa|uNW6*Ol0ouDp6G7 z*v+xGhl?qvYsnHA392vQQd4Eqsx2rGZ2=U_ra_(n)FwK0L~54Ql22+VHEQ~9O+|=aiAdH`=M;{kQbV<|;{En+dYq%E zci0`2fY6yUA9y-@@^h&{tA57q4PYzOEU{dr8f7yd!^x}8T(aPsGro*MkQFBTMMbO# zwHNGg=5IeC*>M|;tK|Z5WAmM?s-1uM$X+xFeLT6Fpf8AXHbYr{K%Cra1>F4!bUddF z2Oq!h(&WmOJH~h1>sQomQ8?_^eV4V4m8^DRm=!e7?=ETgBWC{<@LimTE5^7!PjGE$ zIY7n3R{gXld~dU9gKGRc1-?-KKTN%OG?efEKW@--)qH*%@Ok z6hgL;Jtg}#gv?OcmofIS7BTk8HiI$ackBK6p7V2#KOBF|ocp@3>v}$)kL_B4JH5H= zVH*bT7IPz$pNV7In=ZRAcl7JJbs7bS2w(SvSpN6xA67Z_lwHdQUWpT!QIQ9q?b3t2 zUhK?zN=GuMv;_9F!{wv547c#w~JK+rb3c!Ak!10oL@-ATt~; z{>RXeJAy5HCjou%R?zAKkTb1%kA0p+tEB}Li0&9T;lu${Jb>@Yz83^icp|r;-vZnI z48ozKtlZ>?XX$M|UkaPZqErcbR}QO78QL>mDjMP zE`I&3&ll(;L3S>aIBs2|sOi{oBmu?wMI+Eq!-7PRL&TY+uAFT6$;hliN#A(c#-N){ z8CrudjNKRMWY{`P{LE~w8icZymPrRpIlf9M-k)Tsrv8{zm#$(Lrtxx^XK0jBU*%Q} z*l$mJQjt@}+{|}4qN~Isto^`%;WyenLfeq(Hc|_8uI8$no1z=c)94~Aal<491bJeg z!iZw`6L}wbjmBV-qWkQ_D(_rnHG`uqytUHm;Gd!#>X>y{2q3vD5uk-z-gGcBv#A#1@_)987Yc-X!MY z&2XH^UO=k7)ZvcSY+;M#c-qMHAU7_9>NcptR5D<|?XDYzm(;2}jL7N#n>|WT02hU6 z>a@n#WfN?lWdmd^;Uqbj1wC*m(aM*eHN06AKc)?rKjLk zta@=#^}zMBBncxU<2!_(nxamTn6!Zi%-ak2XPd4$OLh`uIM33#ZZsqL0pA-gvoQ0< zV11nq2t5Z0GVA&!EHG?q>l_;^q{uhxCOdzz?L;!@A#N^QK}}}fWzB9L%XkJkMn9hF zi%@m+^0^f~8`j^>>Yn= zVVdNWD7^L(wQa5B7zqa`Vt}%Om)C!Dyd1=o*lLm1OBasOvrROASVm2I%NUb?I#5|| zH7$^j!Addqh3>LeUn_=xzSs-2Y@3j}X!W^s^VI~P5CEZj9dioUqwJaePS8?Qt@)`J zf(kfKNA3)~+R1F8GX_&A+)C*C-1>Uy@{~|HyrkbKcy~Re?DHxD)1J1?QL>TB?aXl^ zLVTH{e9f}5!kUKH^I*ssS5_G3D+(!B``$Kz(5DPPm+p+Rjfh}E4CDDq3z6nxn!X+r zeaaeQ5mO-py|1c9KiJy<)#c8`#PR@9ty6tnJQ5~CJY|v>&Lg37kTDj(->yl}WFqkk zU*w1)Vi6Z>4ruZIqZo#a%^%A~y$le?%RcyCsU4(WHf$%M|CH;TA1D}r1IODjOe>*} z49*G4a4^!do%)cc+3rL%yfl^Sy0@XFQzLc(F{Pq;8)()j53bPH^d$# zujs0E=<2@oVQESd#H$HqjLLTz)GPSM=Khko=~;^$KAt&DtR?ljEBt!CaWOfRP>7`@od&!^d37 z>`Hkb`93^ax&u>Lk@)RL8#*71MNQCYVDhegxJ0JB8uGS|%qd8#Rdm%53-kIS><2sk z+NO>vI{wEqQ5X9ZYU=^0Q-Wi0W;xC`;K|L;G z1PA_Lz)5`HBxTj1Bne(`?Oy??cYynB+NiX~hM@(us@C!GB9>ZKsuB_zu4y9^SRI>X?LhQL)-9aA*gD|ON)E~XGjHD zu&Nf=>&o3!!6an~I#AR0emyn;SrDdb`|+atOvQygms!&~q5O>}0C|s&zTMf~?WVqN zM%uMgv&UcydP=zG7j-N&G`28#C|t>QTxq}uAKJEEyti~R8wT2>X(F3q{gscp@~N|{ z&~$ze(7ggcka0Z?|DK2KuN2UFr%6zr3YAqdV-|XU2 zb@HwFKK0f%o~K3yAzM87nP;>@2F+1tQ#sUj*R-JJZPVXJ&(Nx;O>5`qh^aIC3HUi* z+xa0vnOWm-)#ra3^7qWp$sW#O8^WTL^JmeK=-C*$ElOwbzgxok-z|ZB6~p|vrQK#c zWL$@EPTBTXW?47`ciJW89EUB8%GgoCp(OG1YAkKL_V@R2dU3@@p7-$dXOo#d@h(TqAmWV+*tv-SCapQaNfB@bUX zr)v}vS5{3BoUM-9GoSQSua4lnmIa;+uBa>ngss#)WUqYSNK%>_-QqY>2lzI+{%v8c zPQ&UG!L~6jt*}>ECbxOzIX=IoP}DBAQ+g_E?;i7T^NcQivpcym@q9QER23!pJxN-zbzL<9AL@x`@i`=-#=~g3GV^D5Yid*Q94-NrTAvqy?y2?6)RL6 z)IPZ|nwOl(XWGJ&O)$7#ld6rDWhA^q!$YG%hWqczpIg_C zEOMYOhSc7j9v1RRat{4rOwAg&Stv5WaBhr}5BYtxOIMcOkB)>UV_rB~pVx6Il~S&N z9Qn8x$;_r*KIZyQG!J$gh$L0O{eXywaJCMz^W>IYAfEAQ+B76+|nvh#VtsOu*(nqUp?@P&C z*{H7ZT!1)A_KWjs?E2l(=hfwn{daHEK47p`=MC?xP2pFnJ{Xqz8BkYde=_cuo>H?5 zUBrxw6D#b9YHIT&`KUs>$Z4bgy&__v-Er13&qRWJh{hzp7>$9C?^CcN^e| z{RlzayZj%RO~$SO(^p{w~LZz@Uiy*KMi ze?T&WHtavUEzS6FdPH>8W@&c)iQ^Ptft|wpH|CUz9?v(1Or$j8KP;!6(p(($+a#{j z+vY&z`K1m?2p>S1jZxb>p#(xtgcvvqXNQ7x8#XpTMe|c3?|dQwEyN!JXUN$V-2Ebf zRbc3F$VFsM*Js(xdm4VbS4$D_D_t)DccS@2%6iy#CgQXmImX(SuOi4r-gHsT&E>uk6h3$4l#d zQ-7S(a43Y3G%K=(#3aM69tKFNi-ik(LQkOoCRYrekwLL+wCA|Sy-tXY>ByE!ygBTF zmuZ#dius$;$V1iC9Y2l3wLdWj~rLl+Lu-Os@&$f#dG zP|?kk{BMQtz?5Kn?c1tAy`^=#W! zyMQ<1KEuI@8FKo|@#`u>^fM%aL(L#{mb^Yd&gs$J^;l~&a6>8S)t!ZNw%p~T1W7O! z_=-N3I=HWOK0ZZiD&T=d4Bx7*ss)y~l?rMIIPE`cioUreKA%(GPU2~0Rp{>qK0*u~ z8$0!kif?m2K-w6(gEYFxuv^I?T8>W&dzzRm>c1`MJI;(NG<0zRG2#3y<1Y09tmfJE z)M;!GL8HVOvfshUV?jqBkdQyf2b&7(o`CdFVy;!$_SKF)QZm;-!1yIhz_?pT!3%3A zj_S5hL;Xr9aHlmBbun4$n5C?n6I|t!fD4t;-QbvQjI{aG9y7xFQ9qqBObUUfWP~n0 z#8zc5C7Cnu2vvFb1a-Y1dBCi!8DrKtJ$6TyZ%C+zg=Le zk33HTB9Ek1XO%}u?&XH%o;p~ToWk5^MEFq+Ej7Mv>#S<+%*#PUfYwuUfngb3p{w(B zqTepdf$O;ew7^DSxKi_NFv2Cklpb(1zgS&ve*5nK)d*IKyF1yHA1McD+)PAyke{Zwza9jkb;i5_R~`+TalV0Emz<`r%ZG8=Kn%u_XD z%?@#09Qd*qBL9Ym9d=QQK8FPufeeNdV-$W{Ej>=ZHGz;KSRwMh>H^@vJeZ|*a;EfG zd7eS3c6*}^9Z&ycBWj-e4b|Z6X{mN+P#2}SzeIaZwXsN*fmXCE8CaCghQdKRcg5s+ zH%&z2j;pQbcXeqcOer+E*?1PVMq0jvp&3B{764BWKP|TFxkcK=*cnu!O1T?aIgQP; zSSYjsGFu-YWCZLkZke_oGLA6*!AOko1V+*2>6$||@wZvIUYZNgX8lYrVW?8jbH8cz zxQfZcec3s9=}BLS_w280r5H^rpHHc`PVdP|tn%-<_ExOh#qMOoo@F11mob@w*9Xq# za#brzpf!dLHZm0f@8+>^qBJV}T(<_DywBmtL)8lJAXU(?1v>9W{5`nvM1q=)PDq<` zIWF%TK&?PCM4G#Xd=85Erx`Z5G|d@j?tdM+u1Ym*puaeN`ef} zJNA;pSeisW*Fdo1CaDP$ZJjGmCfNSgmgT|XTpaPb_m`?)Es<|)Qt<`~@J|P8uw4Mz zyWDPTSgw;RsMDGYekx3atxVcY^Q-l3MFSGaWVcLYor39k46k8*Rsnk3#HM7&WUTz* z4D5+p)KR`<6mofRV>BcKxrl+Rpu0D=yg`TiMu5TuP#1SBU&FJ2e)5h6i*D6)BQ^u6 zDSsj%K1`2JF91tTw>0nYN`oMVO01wcr*@8uY(B^MhEubNO|u=9qR(HgvMWU?WR!TAsQi$er~qw3}H+?kTf-Xhsw9^VldH?=*)S3xR_0pS8 zAi^_pOnOnuUQb29v3&UU?NjS?wH~2XUvoMdRf+Isu`G3HK=Ha1M98$!{WVXJQhd9` z@*({LA^)kF^LwoJK_icSm-dP-Vit&+%Yu^g-rWDSPlydI6%k@C34RuA6sX%qTC%OK z*w}oVqSk-6^{va>+PAy9H%ze?=Q>(>uVPD~Gx-J?WOVfpwCk#pnYM{O;ncra*J=6s zXcX4?iT5urjoW^O^o-U0oRRIEk4IH@hyE-~z>We>rV)^q%a6X>0Y4N`0Eih^w&jdy zKGJkPB>f2tS<}hEqV}XV?k2hXWRW6iNz;8R0E2B&?bIHH&sWPxsR9B>A)L<}cemSU z8c%t+M5)9tbkkemlw=9a6x`nC{F+Ea(nm zGt@xk2mrE(d?ZGk4S91{aNkDCHwvh6UX&Sd9nWT6(fGs=`Eo}Ue=*n%J|g*_uC$Qy z@|>O{QnK^w_u z-u-cJo>eSM#@8{dS>%Y!!VX`!xM+?>A>{_K_mp>k))jTaiKcD4c(_Aw6fQ^m83gU* zEy?CC9x&5UTNC}1G(p6WmHcMonNs+O_ZIh{H(|7OV98K!a0zJ5lQBVRfKVKf;cY9| z>U#F`bK*Cmd1L76wv&KT>3luwu5RViB~$zEW(ptfo;mFr{-<>@KDMMzCK5dCnaE{v z)}2?qeG`3StQ)dj#c}rpY3wXVB}l_4t~@Zj)j?H4!rWMp46sAuL>@$s>4Q1y&ZHVGb0GzwXk9Y}i==JLYGW7c9>8~E8ns%dE}U@{+Z>rCOGIz#ny_8wz;bw z`=ABc^u}mO1I|O%q^sam3OearT`FeU_G?pZst|m%WY1n~HKovmIF`yxvGnTL5+<%b z-n0oJ{+(GHH;VKl_d07nH3;@=H@Tdk18xun7Qy)dCJG{!qFagoK+Zzef6mh#Pie`j zwl?@Y>;s(K5~?0TO#}_o-iz7(lJ&j?@(Dv^k4)B`LJYa4Nn{`|`**ulh8h+^R2_hF zKC9+)#NcZOIWVB2@Sn#;b?%(6iw|^nEI*iyk;%V5#~R|(`k#7&fb&al7p#{^TimRU&7S4 zLF99VDt}{NEfHT=*juf+p1RD)-P{+O5itaozxDRw8gT6u zxIGZ4((gVyEEU`l&0BWOMX`zKj;Mvah8@izJ1|eT~PdM z(!2a3D=_5uB=#h&jC?_H38ji?LtJ>F0J5E8!?xT0wC$f2fWNwGG(sD868PyRiW z^s4BS0#ej0n5WPu)uQ)}iu=nfMsDY*$iLsw1LZ8LMxVI$UpJm^ItsGSEUsyd=I;Wi z88#%u759mq;rMlnMhiU9aSQQ4^#~LnKi)Q0B+7a!>(SH9UCLd5qR0TD*l@X_I{PjFS|3Tit~B?lR+ zU8D<1y&->u8T!zW#T{N9`07SwxL`{(>G;`cV;A_3l53@#wYGubh5NY)^Hn4 z+JmwHgyC)BP1=x0L73O}5IdJ7e_?P<-QmIA-(^?Rps^Dtrt+-5Xtc7C8n8 z1cV(#lH``}ye(%*t`Dx17j5AsLp}I7)lJ6Te!*B^Ce7kY`I6aRmsA4J@sUs>tWHfR ziKJ>~*a(3h_E~75h|?>3ExaE;Q5#bc0=u+K)5E6jIFP(dA)kooH{P*+BMuS&*a^sf z^(MLm*tnlhY&!~XC6nlVs`;H_$pYr|q?gFI$j|^D1zCvV?aGVU;u44$Gj|oGtTpA8 zvRi{#&*s)J*$fljhR3yHqzS5#X=ry|lfyY7A8BTv-9`d45(w=1VqD+!sZx2oe*ZkU zE-%wFSG(Q7gzPoJI)^$f;}2YmNj|Z3|FM@P1l4*u*1rPZdy0OyfZcTzqGIv$>*^VU z-~n#QiajQ61Q)g9HJZ|q1Hy(NygB~gl2NMLC^2S$JrZP1#d_!;=W-|Nx|fp*8vPj~ za&l1fMJFQtLrLzE`8K(vGn(xB*VmSFRUrTNdnp}}rXHbNRM(~cd`CyDy|(k~h$2z} zuSitZdHiLE1@jDevB*%pbF#-nFOfk2wesm=IM2X=6*kOmT ziRtf!hP*>UxB?raUn2Enxp0g?-Fvw9Yu699N}}`ixC{!4aix21Lr3c>d>lUQRH3_S zru8{pMZLTF#>e_!RaC=e55zUDLW}?e3iUVruU~xZz}9n*^iW&h4U-?U(Frwz&Y5mY zHgC=xFbWp>y%S^&xCw|Wn)YT9g5nX7MF;lNH+8G>C=GFm)cb>(e4-V;-JBhK&3@=g z(oQ?{8aH$ObaO!Y<3|X!V1z23tupOR?3P2;BdyLq*A&B#o*St3ACf2hooKrCyuI?V zWob}}B=n*+*g7=}MpgCRx!daxPSQr7-T3viMlkF_(Ufh@(!!evMtsDiZu;KCHBAAN zDF@-whf~yg8B9hi0NZ26l8PW+?LD+kwkcF_P(RrDR+E8e0H+Sm>^9v#Ja z(7Q@LNtpX8nng*rX3Q)%RLRV!5IUc~HZBD>6hIK+{zSEi*5tjwnGBa!xz<0Gegwug zf-PKcy)Kfq**=-w(UP`!--&g|Cz2cQ+3k6BM-P0LFB}mq<`>EPm_O6-EtW=SZFP~| zd{}~{Zg@&i&*N2>=!s99sfXG)ZeR|SJ+OPMG+$-CJnydMJwAc!-+3f^^|}e4b~hD+ zt78w3fM!|77oGj)^gs!-)b!fqM)(9QCnqWskDg}AC;zNE}S!s zeIg~*rmwWNTdZppC7sio$;3?Gt*pdi|5ismt@^1v|9f*<>&S)ks_`oBi0)GuM(tw? z+ls*o|FGRP-@`c72>zJ@_&FB{jf*TNP_h)4|s}6hRv3Nh$}43|6SgD z|Ea*{h16}fRZ8NEh1p`imoU3(PqI`$=_(s=;%znH>Y5;FAhFDR|3($njgj2ihx4c~IA8^K2^iF#wPTdR==Xs+(!&OAJXJc zy{G*Jh8FYZ86|p!G_FfvNaZ+q)#l>kE>BTFf+&Y(pQ;lrok--mEF{@1dt zgfY3Hm6}%RG1s2mUkBQZjJc{S1S&X|nC~Ed2*@(02mbL_O#!<<>a^)Awt|{SUb+_r zd5O*`sv4jCyOo}6eSqcuh__^91Z9`0zVTr4qBEXp7>!-YeVoZ7q~=vgu7iWY?M~(} z3MStEfIC>`JPch00_+y*I8$xj9{DhbjD*fabM55i24&`I%6Knsv)?k%P^bGi(oV2w z+oghOv=G-3f4;Lo;(R{9x3q?vF55$zT4)FCH?HzS!y!bw+0d%q;_mt zVu&(~bC8hLFX|ZYt5+xUZiIgj?J4Q3rTjI77*kQH1lLJ{LD~dB=fGVPKdu6yYH(pPRvDt~0C9P4c+86-Rok(k>coydQB5)5$Aj)L}7p z%$)Qp83?Uj20=nl2=9!$vrAb80dcW*6brbYZQjsbD+x)d=^dL~g;{=90bA56M=$cj z&}^Dm?3%}cTiDlyxi(Nd1bk8%$`*LA1R>}(sJ27mIi0wwObP(0)|mTHUvUut(R z#^E_MjyQ;9*e^|^pAqbfyL~Ld8hTrxIDb<$mEL!l9YX@&p}9WC(>1z$7hU^@|p7Poq4(J>Bq}I zhBCERhhnLLcjZgJIwk?|m>x`(Y-#tuLOEpo>OBlzuKz~;p=`nqMtN+ywnJp(?p8n* zVGU{OM)D)i^}34Vpb`dy;X+c6Zx1=7nk2h1xCamW!e{n8Auz|L)H!OUY!gh1`=^xz zRJxdZeBO({JJ%{DT9^VIib{jfC}?%OLkh=6-rd+GJ|&&R!l8+;U-l0>&azksbs-GC z;$AaZOGDpYCO6GmFrHs$Y&#!PLw3CjT9E|m4|GVB_2`A##j~;P|CaG4H32}E{=37S zY?%Yf^K4h%hKsn|k8~q(U-lOhcwDPd`cP(NzebAOShLNw`^yH{!ejP{gsYYas$|ST zN%$a_$>43Ts~~L2$CFs{Vty{W3U&-1+z^xd@E#h3kGe1dy1NL&+voj0#+ng+QxD%U ze(h5&DrwyWtPttqsJLGR{Pk_^U-LUt&Lyl5F!Fy;-a$4Vw>i=+FOJ&+LDiaB*V<#F zk*$FREG^XEmoikUfb+{cGvq#|e7WX)fw&y&B`a9EdjyO*fi%C5bWH(|C%C;D0)&N9 zcAA*}=sbi~x0g*vy2q_zF$UM5bT?26S>@=14Z!l|N33uEDfVY(?yO|h_x%k@?;V;Z z$Kbd1YQZ&gLLvxkm})GPF1%pGt%=Y3EhPuuY*3l!u+wygao94Ke2-Mf6=of|;O#x;zr&}>XOLI?g z+N!VREJvT%YCjw~52||yuu>ahIK7{BAWlcR>lE786;WS*JN#Q3=>HvgZ+%~cCOz$^ zB^rFn_{6c#EK;_Ae~K$FsojnRnZsQl&B56jnJB5g`@7doj;Fz%ioSMtKghsYRJn(;1TpB#r^7PoX z+zaLhS@dybxa$S{)yD=$5Fed@h98RkPt=|7>eLlM7Z6u;218UJakS>HnL&QL+VKL^ zDr#F?wo@64j@H*>%+)htxQHvwa;P_K7NBT~ZIlwK6S)U>fZM!jJ#d%I?eFdF^?&Bc zb+6gPtEN6VTt(d4sqc&@JaP_P{S@KSY zQOEt2cO|DND(3E%E={!P*HsOlC(`3Not&zKp@ham?i*l)aTsV6Y+aO4)5L=|R7lnFCq0{p#+4&$$k9gWh0(`k%l^Dl$AM6*Yx&7af9S%R2p=uSckehhd%==YgL^bB;XnW~p^T1ph;3*zUu<;`G+5j28+FDq zIK8TRpjF-7iC(^oA#QyRrjD$xgik}?mWf3B$dcvj%V2JTwC53$XB?O_wj;o9OEU6Q zt^cG0ZYK*EE!=#-g1Er@z1xrDA}uH}2zo_O8@h9hz2Tc`;wE27HaPnb>}S8|Ec|c~ zJ_I=ZUc=K?{pXCTtzLO`tw`6plaZi55{}bqM5%tqP8b9^kAyH5Gw)6;ouyQm%_2$% zU+vr(jYZiPHf*cm!Q8+6E6)-m9gDihG1h^YD zF1Fsg)Sm8u5g`+IO%1d}+hn!hO_O%w`%ivmL3O**W{R z>dZrrJ`DKley?VBa*e)8t{TMLcrVQhKksH;cXr*hRsk}6^Ut{{{6wqz%MkoL;fxqo?#y`o0e{Aortf&6z>5i=PbX?lT}jMY ztm3X;tqhWWT%`N7g0bcu@onu=J*nRj#5ZT>&O|_YvWw@Ms>N-4Q{sk?^UsmmD&Ijk z;J{R#{FLdnqLULx66(ejwhIm*7~ ztGRT^_8bv3>9xeUw;OOq@O5HDIW<3@e(x@;FBbZUo*R@ z;NU5CN5VIUwG@^G^~jK#Wxpsygm$yQPUwRu^=+BW2O`^K=DbaK+hr2-_nFW;z-PQr z&tmt8=zMwK-kizgN;oQYni=J3=$q5NPGzUHRz^|&A|+N)-&6-E6L zEmzxVn&mhFG+2P4?A?`r8wDyxf7G{{Rg=OjDdvSq%NaOmE+!!#Qdac|_6zjQwzr|z zwIPwdu?H=_E$of!9aMTB+MSx*z0GTOd(lOY3ZIDlhVNXftRob<05RW(xeHi`5GGc5b+^w z>V-Uh;-teEW{MoVM~;nUn(B^?FJUgR7XbOycOFG6x=+OuN= zs^4{1arMR4vkv}%HCtCz=qT(xuFX32Mc1)0M@MZg%l%rtJ-@O()8Ab_pRlN3+h$rv zfd0>B@KM*l^3TOy#K*sh(p324Tps`u{o&gD_Jp5eIlvS*+p`ynxreE z2lI#S%;tAxLP4~ zy=E2)R0p)t#gT{VDK=he0^x%s@Z=P&l`br<{46fUL-ALP(3PO<>{|<)*G8D(MEN z(d+!f4zJ9Sxq?qItPM|@Lv_6;%hC^~1I4dE2f5twdy_ymomHCBZH^W|ISa9PV z(<9upzu~x6idxzTucrAUd#stCc*PWi?K|3ys@KEN>i08Drv(% z(%ZHXhy4|eIyq`GZlEs$I4(xyuzA6H8>I&{I;I~pi^6UxR-ex)Em+&cs(wc-b*q%p z4k*s_%NOsMAnvy!K6-l0Y6xs`8OckMeJj;8r&E8D!JjkGpHv$*6?G!Uy1X6P*KUDb zKG10+sHp;U+3>|*ldP;~4YV84U700?qGZj-XX<8>7Q=IM+;v8!F!gBJ(*MR=5^HYK zNm{1|ixyXYX&Q7FfD;3FFNg9)$60-fmaVG4JsWYjsQZWLWvw9>nM7BPd|J70OnPpm zgNz_&W@)X%Zt_RR80xXqpEF3Q?H8gm4S_LvD}!V{)#o`NEigC3jVE;t_ohj8wq+U# zj2w)E@ht%_NnzP!y7#EL)0WG?$se%QDGi6zl(IWt!<%0$!3wTvxh^4Lb)VP{-`zdi zpml}kqYz^s9)fjrR_~Xd*?_LUL^6V=pT$4rwlz1CijpK+*D%Ckm-JZr+1=~r2J*er z9nIKD{*K<3H6Emx?(DL2OL2eqwEaU|V?e1J$E=WL$gs37 z&vm7^JOlJ(kl8SQz=O>65(&F38x|0oz z_J@@nV`qhMWJ$ttL3z3cVu(JObI}ajHN956xQ0I~F700NDW~?by)-vFCFSz3-UeM{ z=dZQ+5y{d+;BjQ9_9S=xi0+Lqtm97=eG)>{p@_0JXeXV_IK_Un*a%B)pPr>gvCQWf zS(OkzTa!KOb?iYHaRmoD%9a~k(T5rSIe+Dn-^2ntQyVxJR<);J+Gjr5v*81La(@g; zGQ1pbd5kOK(9KL4jqRG#0poA1DnSEH6AuQr;)-#?IPqoCKuc`L9E`_{se=kdY#_ZZ z-Fkecffp_n)|`15(|O=d9PB$C5HQ>u$6a$6j5c~(o05r z4DEYtAHP24Fkum&1qorgrsjS4xix_y`p%BsGw!|zt#P)?G8@OeGfSsGhfzSa2J}hx z`-?g;Q*(1C2Hx@&-ttLO2{m~;4Qxx#EpDi}GAomD-ImYz?V@{&H@%^vBzI$oQTZoe z*C8R4oStKq8N1{I7tUU-G!m22WqZ4^s#*`)d6*I^NJi?_ zC~JMeJ(4acahv1dxE*?nEnJlAi~vx@nU{}`G`kamS^*QswJpE%Zq0CR+WtwlTM!LO zR~p8vex5^;+_2VZ<7rp{Lm^?r<9#S8l~zEHpf@jPgkNgnPO^K>*daH85noUdTQ+@v z2IDt#b8ZObkXR|@y@4y;=KITJUlh}9J#q)LoU76!9DwjA;*MG356rziU}Lw#GArz{ zn{03t-d?o8EL-vZfpyaq2kYEtF_+E7GTD7T_T*t>sP-crnV9?vOuRe;y>`Ov6sB5% zOGhJA%X;oJ+z3kS4h%T)-rJRqUVA^^?Tg{W(gy#ooc{9vAMw0(H4ut|(`^U-R>(HX>xDD1^vCH2&3o}X0L=0p+^vFFK0LiME{GbuuY-4!T0CxdnYx;{ z)q_o`Req>0y?U)xBl^i^0~`+jMt|d$+T9O?yqqNERee|de3TtPVfk&fj``EcDF#?7 z3xhD|qHAq~CiOC8$AR!HRo#_2Meuy=TFXNpfc4QZWAQT=R66^MYW!V&riCKS)F>UH z&<4#{`uviRCH`@k!&W6$h)LP&K0(QFt-R^y@fng3RPk`YjLKD*eXL_X65wwNsu%BS zx(X-RYiO|0R5sumxIeQDYcK_Y9Oh{MB!ZU@qe`h+WF1xL9=NXhykakldm|WnJIl$9 zYxs=Mq&UT#Lc+0Gpkv|Ck+r~ax-O+sy7N~DGzX+wD#W6c4Gj#Fku6SA+cbX$rtnS(zJn3}L? zk*qR@A07@LHfT?ol6|YL%9C0RE$ua^#nn9Z1=baCf?xP2jGcZBZWF&Op-7Rd8#jD501_9 zpKm3Afl|?4%-6_`o&ln_dAL}+S`c=RPH-GHc(Ive%(CXLRJ)SQ7{NLPl^LJ?SILS#mjb{ zO7r^+zyGA;=2x%opryHnEZ8gp9~mGcE8y;%ou!>p8KgBuh6r!znK3EAi{L%Hgp}64 z)0O-uE%)xjDyt^UB=tDM@8uGO)Lvqe5si#sQG#96N76gg# zY{qEK9L3(tjeNL`oa4)W?p()#9O1F;3H&5EWo03L9hJ|6cr4TPc=z-*A!YihfQG2e zg`PM_Z?5C=DEn8mJ(G)Q1%Qib&v!UR9H&3h?Y;zWz5EYLm`QHfav!Q@E2GQu`{PF~%s(0xC(AToGUKa&jAOg4-d+TzzmTvDjSCDno zz26ek+O8_4_xZX|q)+hQf(?1beqv*$`{jWjGtyEF zWTOd46<9bkbmUG7`F1?pd$uqEH+02Em{0p}ve^4}H4fLPOym}()3vg;uN5Zpl8?}^ z>op)g_kD+D&{>s)j5oVm<9k9!t*`fETMIDETH3dK+QoxfYG4Tv;Ex--NqR>dlpM2% zd~?DU8r{>P{^KfyghZPGat|c#G29K;op|uhJk<)E=)=6_K3SLOFQVT%-DkOViLx736}d^TPo3-3%2IL=pGuHex0Wsri(NQm~}xcL(j@mGxkj0 z9Mj!t0O)v5R6?uYeeFu*W^(b-yoW%g}K8IJ%X(W87VYk2An<1UaP| z$_m@4_ltVl1!EIRu!;1^4D;%#&k5K9MnWMMa7V$JNDN{C;5^qr=#%#%I(;Bm%l;)J zh~rgxAV+&A#FbAPwMXFu4b zgeZ4-k+VYtWtvterqC|AzjM8{5a|R5UkkgtoQ0d-(z=o;aB}7A&Y?%7aNaygKZCSX zwi@q6U6HQs6qn^UEO?*>o~%HW2E^2Ufus*lV%{V+l6#Db+$!rS%jr%zsG+n zvG(+_io;#XJ9M_f0HX3wG0PXP)f zpe1ru<`l28y)Kb(MrD3;GS;NuK@0qn!!g*XO2H-00LpZiu^_X&XK1Y08XPOlR@!w- z$lJaB0j$cof%-@mCveAE4z;>`Cx#;7C&YUW1v0{J+G$2i7 zLTIxtUQsR6Now8?sq7T<*1$2R^JzeU>7^VxB!or4Gtkh-c|gYzXrRQ=KaR*`Ob_bo=2x_Ww=KA5-tl~}^3dxo1n^;l3o0Q6zsjLH{-6pj1&AF=%!pY_^?@#_GL4-8-*6Q z#aXpzC_*&^6L$4>=c$bUz8a+b&M@{ZNX!Sa+1d}-4`o{1%jg+6>)#VsoS%5|pyYvg zOtOcnO=X2-&JgbN#216lrb18Z;>_6+8*XXjl0>(n151blJLVe@-e;lMY6I7~s^NZP zHy-p?8t6v{OfvnOW6j>k8MjAa+Y5&&lD8apVAb#9AVsK7bMp{4vi~?C4$^X7_l>1g z`DlVc4Anc~_S4`IaM)Bz)n9bH{KCxH^e5%&<=A z7qPlHbp%t4asM^!Qn&v>BQ>M+f2^>-Z0HXhwecP%kIvJmqDRezGG5!A3}VvgG&P&D zkL8L6c9)Nt8bc?xO$j~g#78Q|o9O#p&q)(ll3oF(@$VP+d?WOH6#4dsHoUKgf{p{; z?^^K(eTd}Dtnpn&+V)-2crJ{@Gvh7}ME|J;=K#*`=*-YMU=S)o?2BSfS0a;_&6t3R zm%*K6ThH&em|F(U7RS~6d~YBy^q8hg0>}rDynNrSTJJ^U!HI_{V;g})Iz`c zvlJxy>QC1rpBBksqR4pD*7uH-vkB@3a2DeZTIS(Iq2rtk&krvVk4kll;&4@~8QPud z&^B}wXyf;pYa(v3_5IhgMZJ4uAm~aLAqPz4%A6o@h zJ;3vo1axXxHgcU8{x^o!b<2>F`l_WV2eLZBW7-M+EuPtk;%aRRnO`86X*ZEj1jf_B zLot;$;VbcCDWFI+hd2|JaaeT9@6CnZ)Qx;MToh7v=i5q;ZYa8}p$Tj14VUl|Hk1Md zDf&<*!s_T9Bz|cpnRu%^syrnpS3k;j04uDD2kn|9gIBllK%8k;bGmGMAIM zM~l+aF-mG~`M(Mb=qRiH4>py_^>J{ zeFB7;hb2jn^b(0_}3S^=hmXnjoAi993kS6Yf5S+U}(# z=RG%^QukbTBPKsDDK-b+_tr1P6z?~0tE@(aqvxmpyO-S{Ced)YJ%Hu-vHCBq`Zejp zAS@IeJOT|?HdhEs67&u%;KU376N zK~{oe)vmB68D#%?WPNBr!$YPqrnBMc;MzrJWcl5#o8|Fc;2`eiS{ISH*KNV#NhAlbyJ=rweR{j(CW~Ux#Xl&!{Ps<=_~`9{N6WCgLESu3L>dA(vlJq(k(DH z8l<}^bMYuXEj>t2G>Ntjz1s zIk6OMbx^~@n^Wa{w#=EHpZVvc^R12#`N-v4tNn1F+sYJ+-8S~ZUz_eqsehlbczC$n zn}5Avt6y9{?wTB1Fq$#z4Gp$9W7?mshSGkKQ6mpgYrzP5ufCwD3dXpV(LTHUU%Ng& z2$+Z`GAdWR^RBqt(d1cX-2-{hzKh*WZuam#{JK@y+X1ql>6_wRvF&Oxp1hADwNQJ5 zH-vaOvqLvO7LIn+I4irB%hAq4?IwAw;6Bu%55!&q=4Uu4jUzg?efYSzfbrv@?)U95 zx_io@t!lhmZ0#GlO94fJpxenK z0Ml|54Ef$no?Kzobfrus+twQD?{D(243;Pna3kq7mt&^bn__yxd;W2SIkGFhu;$u= z&~z`P2|LGtD)LmEhsX5{(#-JaQI3&q=2hk&)m(m83IU{meXN);`q)XyCnbRdQCN(X zdJ`Huz{8Z6Td}EY%&x7V0Q&n1oHC=X zD=)E<39Gk8dQ!q}1>#2!WIlvPLPnjd%}b97%S;uUn?a;BiC281Zt-}L1Ak0 zq9j|Ky~HSNU6}_j(rEOXIfLXjNK|IZLRE%gN{1smt#abj*S&Aus7fhh|FZt=5#a$&RYZv`+nC`T7%O-1&G zpfVL2Qyyz~4BWZ*3S(?=$ho(QBT-!M-K)HtW+QkX#rVjM9A|*}u}!z9xtO~AWLPpqPDXzh1vw}oj8qp_N+`6+U9<pYE@`|hW0Cj$8@R42 zYGjh{(bXn)iSiW+)q@tp$#I*A_=Mk-S2lQ|D!~^#C#ThC>Y)3- zljQuM`VYXgnOaz2P|ZFBmVbs9Azn%&cM{CrcB4b^CP#^y% z;&H(Gx>@LJfs}f;McoS^0Ojh&#fGLWd<8l3lhs3qeFOR-w*Ay?`twR!!SBjOS01LR zN4#b$m$#_o@2xoPoM~VOLXilGCb~l0$cWg#)66hnys?7);+YHUu6NO8VAJhjFE=0w znER#z+}i1FG^KbB>jNz^(6<9$ZrrlFPf=gEuX>ZfRd~E~GM(@6P)!=Ciwo|oq|=di z1ve~Nw8?fBf)^6#PeU|<`*s{2U2-m+byi2>E1-`#yLtd^F2rP)1GaZY1W{u=D}0+k zmf;X>Sz8bA$e;pBekuCAk1s!&AKc^~?#Nf3oXx+VadZYpvA5<99>BN*hS8Rjxk;7% z?|DPf%ZxVk7v;-WU|a!xi9&UwEc~LbNe)#yRiNDrZaTZw1}QaXb>j4Duf<$k`?=5H zHJ8c}8+`*q6;wc};4Xyhcs`~HZj=`i%Xgz!1U&}USpL%qg9!HabiCW&u!_G|nCR7i zM@yr?J0q!YEpegs=q`yaL2m#&)meVth?SyFvX+_8`KStupNT{EIhZAqX0NYEdQ~lC ztulGSDivrhf40=e6s+9X{53l1MnhWSFw?&>z*3lQ9SQ29mR^{lJ=3Zxtz3-VvuFqL z;(Nr`oRO|tF|W5?a(T+{QZ|S;T^$233xMpdc6M#D%Y5q%Sh=cfxL`#W*x74K#&_PJ-fN-8FPezR6j$+%o9p2O1#zX&>D3%IA=UPaoBuc5#My^ zSd}NMLr8W67F|ItyT*tQS_z*cK@noHhYLefmknnIc+^h|)rU9?1RZy7upQ8|JQS5xI@6|H#E( zT?lYL4#yl`1)|<-BPA#**iZj7op;-0eao}f-6SZRL@3Gyg-by3HJX@+%9}nf=+s!* z!Uo)mTk)C&TQWXU*cTNbd`lEbtFI@$zfKKrU3`o_9BTx1aCdZ?M5M2S!lm)g7q7Vx_q>W*y zFb1d4l3VqtO>2((q8{Cwd%@O1zEr4_*YxA6QN|y2wZ;$C4bG3mf8{@4ybQn?HTF*5ej=o|3 z;|CUThWSt+t`@^stbAKsL#M!X{@$hnzfRdNd8Fr;w%5h{e$2{Oxyax=-Urt`awecv zMO_!(;7$qHDy5khdS~H}p*h5i-qztX6u07=q)FhKGsJx@wYkznU6iw196H=h0Uf<5 zDxhAOwZE$`?Zg=3Y5Yp}!Zs7@*;>v}8 z)}PGjAc?BSnrG&q7F7zu=pP!#k#q@@}Ww}Ope6B^ATL*VJb_;-2ZtbtWmNoDmBjxLR zptH0}r}*93t!6U4e-cFk(Q6Kul@z9n`F9nz0b@6FF9#t21*94$x>}}(Frx-A~tw4G>PyYuDo39Fcol+$WtmH)6y}7g884mcS}O&k6h{Sq$|(31{E=<45~Lj zPwjTd5jh2yAs`PstuMb3;8B2(cljPSw{Zm*AvEGy>}bywBiUubU2VC#)Ps!f2eCOS zSsM4#ffVl96t_NUjvXz!;LTaJoI5<)!Za5oZ7B2b(nkK^9ojR}Y3v!QI zga0i1BCmw_WX_6qQpKOYPU;&zZIKjgvzfwn=YD^g345<0xrGcr#fz9!aIC6yT zU=pscH>ovOxkS>$1mNe>O8P70gI-c8?sX?Je0NwGJx80>C73^o;Ff7rl*CasWA~fQ znG7ZmZX@~*K0Cu%qiV4bELh=FDl|`6gS>T!KC&)1cLBGl$_Fst0>}A&`=c!A6{IM* z$mbt~;5Sf%Y8TT$Pe#4@td8O2pv!&oJ4F0TL}MsC5)ZtGosga=D#o3p#Q7gRw@jfz&|N)NPHU)a}kg^!fI+1b6P zV&omVoa_YURH%)W$QYl^{g5pm_m$Uk3!kEk&9m(B`1$XgV!8zdm)^zARkzS^xbD`p z2jXsN<1sat2yN5ynJBoLQ&b0bhYbN!y;9vkId2A5?Cjsqud%RL3am(W`n$XRUP@0q zlpsrO)d>1?NgjAuyS5KPp#zag1Tpw|vQ{Lm#bvANS%(vASoPbt=8FAM&f=Kl_D~nt zlPzj+U-?I^&qOgVHn9RkTeeFwoP!>~%2%|0t$5G?#@{j9=Tb zp@w}cPWFC|Am{l<^=5h3NBH9u6|B*h%TtCW;x#L?&fW7@>h>RT)r>VP32j_C26|rP z*Z?Xg0Fo!if2XIHg^=JZcuT60O_i(W*QjO@z5i#+drSHg5M24t?D?(0?}NJC+T?vr z3(>FQWgHrgWBYJt^!uhD<`(&B4tcF3nPuOm{(%-AF1#BbHG3CUb4a0@CbDsRTA`Jx zUiaji-W^`o-ia~g4feqP*Ye;udlwB_nW28+)}U`=W|Ks&|5U}lDi+}W!q;$d`WRYy zR5_+H?w}cH*}UgX#a?LA2@-8}8M!3kcrB8C0^e_ub^oy^W7fxwGuC9pDUNbYqWLty z;a?CAv1}_ksscDU-L1Z2;h38BDPhbxm32r8^K#x7dfFWsHF1o;u}I!PS(;_Lr_#V$ zWF&%gBeZ@&)}!$WN6tnzN6wn9 z1i}}w@R0D-sfFIbHOJGjfpjx%o@lKE$p8U42zRHUDdBuv7LJ|3d zQ!zQnaJR?NobmFwve&19r&@0YTjofx{m!y@ z4=%AD7@&eit3Gg2VEx?7{(0r@Wv3O|rt}27?bU@t+Vc7L+}yUNM%}lJKdPUu95-=F z-N#PZudGmK%_+M}aTkNAiz)T!6r->Pn2F(=scM4%xxFq_oS9l99a`8m?b;!&4#JviFt@))?F0-$yj2=c6oXbQ7FfqMhYUOCyuQ5@Rn z1q1FZc~vf7Dx#rf{X^CDPVV_KY^D3o2X~NJhqP3I5Sf{)Ky*$`@u~79PN-_!)jWFW zY-9{E=Iu}~I&`ONkvopY_@!& zhJpvs#1&i~5xX~R;r`8AsTFbfdjclmWU3lIcSo_1@kh$hGEAQ8q53ZOyYB8XF>&b< zf_CrdrXdRIZ5F>5bZ=dVg!k*H7wWh$IBaW*EQr=D&|VS!+8NtRf5pL^tfm!Vh6mOM zMp$$EurIsiXUcX|&S)PiMT0fsR5SI@s&$ zsYEBNdjtDd9As9uE}d6OU)i^O^W8z)5W86nd)BZkw7c-*H!tcCt*a1iAUhqK@$qj? z^0#9^pK7onZL)4t`{Xw@inKnrOzWia};@qtG$@}#wSQKe)#66O^;Imr)Pvr#&-g7^@bZ~zqJ+Fut^)JBM>ZDgk2MaU9 z*V6X+EZ_8e6b%!M*pO4FrF=PKg>qfc?o~S+3kZ+Hvf#RLOSxLOaXqF{aH%^!`>7j3 zQNZ3}cZ6!Z%cMB;UHIn)bXdbueItJ^X7UMj63%EDOH-bZMI4h4GDDlRSkc>N<)h`` zLgqzCmr>}@l@zmUTp*;Q(0w@GJSV_dJY8}*2c zM%P3ME+=y`gEJZ@h-=jhOUAB&)`E^lSYu@IPN zz%2%gr8Qxd5zGsD{yFNyy0RBCjt&)! ziAH*uEz#7h{o)3xEJ)>OW>vnDt1%fmNN)s-O9&HhfkWcASTY%d;cXTzRWsK@bbe`H2F5_^R{h1Sra}!Se;pM1)w)aX=x%aG(g~Wj4;1WtWY1AeX z_BWeu;C4sJrRxyL%x>KSIPOAs8+VckK~JEs()V&Rzh@HHx#YneUtR6DjRweCJ0@gr zPI@m!QAkWv)oD>^S5^)2t#)_!e8iM0g%d~x=RhSA4HXWT*>9>{!#__u0BIvg5w*PA z%V~#0{~~VYpNWIPs0N~lDQs*E3}@?bZ*S=4=7uWG46ibKmwx0!X-moW6p$%?pTm7K z`=%C3+1T2N=TciROX~!PUhzB$<>)Ca$vl_k8~b_}QIMP!vs|IR-d6%#Fbq{vJwlz| zctuN`vAv@fs$*Cl9mN?MxZT~C0Ku`Kq)oba?oZjLa$1QRa-~GRb`!x*b0io^sd`4KKrbeZb%&G(3NI zW9{A*bsekAM>8YK(@&)sVPn*Mi&@w3H4EC^s_h}q`Wqj%$mElA}I{?LeB-zWOO zZX<%J)U{s0%ZCFe`ORI~e3gj6Y=ho(TaVJf74CF@Be(Fz)IRN&Z#9umfe2$5jXB0HVN2-rc4p8=j>S){G+6& z7%D#c;c3YFLHxO%V!n|HN5c?-fobb26$NViw{Av8jD%WN1AXRJ9d=0lW(o_7{^ff5 zy;koC{M*t9$NifKydV2;mou+sHhsm`jn(OIy}wlwb8JA!XKITPMg&lA3h1_It2)v^ z0kk4I)oFW3rym%2_;SCs&ARKAq5mC7$<15EK#6de_jFCb@!khyn``gT{6m*R%H$8H zE+WIS%Q>Vc-r1tHXQcX*VVU6lxw&Yk{QLRk|88;JzxW^50qlTXJm*3*__s)4Y)EYF z7HC5+ihPt!x5=MFiScXB7bUz^QqBl7EiVyMnQ$dwtUt}AYiWHYFiQYv5u}9DvR-f6 zF7oA%ae5L_@_28h@FhH-`r-DEtHs)gluu9Z6;JO z1cPgc-w+G{5KpR#gaLSRfZ$s51)_*kM)-OZbP`41p(deuCQRK7{<%FgA!0=-Cz17h zWWlDQ{MYz}$W8k2uc0fmLLZ$!Mwj?rRrhR%C$L#fsnW`yzu6Z}IUv9DwTv`K?T(%F zTw0$n$?4)__`LdzFjZydIBh+)CKoGdO(2aC0xivAN*-o>5qS`eqGQBu@9vH z*B%YS&c3k~W2B!ntM->M*+TuoRk7E#OUF`eZD}DRQ*Q$0U2XbA*A^Y?zl7k-)mugB zK&)V*D%m%~cy^|JIH45#yMFA`*t<+!Bh6H>HG0%$W%yh{!%W`=EHP0Gs})!RnSH-K zsXst9<-|N)6~Ja3w6t!!1t9a3$o)Kj_Y`#qQ-4o_CPP8E9E^pw8^0`UNw7_=1_Fly zbE!DK-~86iNZ#HE+PE%XTtB+KU<|^7vrQtTICS1E0cKx;ZeTrK~P5z$4--H})=!AGgaCOivHI z*wfm2-Xu6JZnpf~WWs8qWp1_67{>-E&rP3}Gev>Nfc zaUey_V1K2It5IZuM>&c(3vy5r`guYf&mGmnkaiFIfyIdfE)dzQ)@hambjM)al<+G6tLp|Bmy4?&J#Jx;> z)vhf;I^yvrthEaDxTWzuRq!C@(w)wh1MtLL@82#2n1KM)Ltq}_ARIyex6G(8({JR zEJd?dz5il~VJ~o`NAQ)pDhPLinF#f-2l>6U_RU}2jkwv*fM@^70V60`EtXSR|C>mI zOQGd~BztX7QXqYClnh8d6Wjz^*LBU$YLaE{hbJT1#?e ze>~JmPAoPTCLf@>(jp^g{c20A>&k9N`}`7ha%J94 z)mqQN?66NdCH%*=`#=;g4CVr{)mmA3i_4rnc9V@59jWcF^)qpJ5r@@q&*Ix&DxvHy zW`IVzZH>{10d(rudZvSzT zcQo0Qu{%a(d-x9IjbFAHa*B&#DKFyX-3iYZgS5E4oMR2* zA$Y`iAP@TK738l6B8zJfjO zZgq8R0xQ7Bh9IWdJ)S&kYlLFSrgLSo@W-7eWwuEe_dxcHe#^_Id1(D zJxfq<>Nw6^rg@9)iC!!JJ%YkJ=!S08w9%yf-EGnm-^}uvMv24=25~W~N&`v2LFQ;x<+mGz=ymHpH1ZWhhHjJ$|~F7|&MkR{-l%)4^(SlmlHmsW8m> z%9C#|&Ke^#La7RRF9{gRM&7#?!Qg`QiQKc*WR`83QT(_H|8KM!{tS3Ye~}8k>!In~ z^_}~n;!r3!`q;H#i&Hdp1V_0q^ef|pnEKtxH_QD(m+``=wMm%I1M4b?wm<$wXQYGpH`mVH0Ba zDPv;DGE6|@@1-27rs{FZI^omR-wOZdxong7!lU4oB8;KX51uGm$qvev+`K04zh6>g+1A7A2ab&mCqT?LWi7|(a(D?qhV|M_;@mfH99kkX0&TqS-2 z#r7uVWlUCyTaLqK{$(Qc5jX+90Z!**Dnf+s~i*Onw$-j#8pHO%je1e zY!vC-$!!_iU)q$nAYVQ?wRTY^92fJ97nyw?1$(=pN~V6}g>Wwh4-+lE1r(0&-!uLS zM(|CbB_rgoO(lzu3a@>l{Cf96aZ6pxeObj4lDgE^;4Ap8x7nu)GLg<7*8J>c+cdW= zdzjCns>?9>+G45c4~VDLOaa2!wNobXYKaIYu9qHU6B$>#dqFaAy<%c%FYVxJ*)F!- zqe2M|N7boOZ>LWFJk~XY?)Ijj5v|691pEy_{G65(*MkLLP))jXD2d_Y(!(`5bwA)Y` zb^TB)`1NYssf$JW#M=CSf|G)5<-h~?}^BxPh<{P96RsL@9&JxE;Ycx7XO0Hu@a0%JkSc&f@z8^17)CzKnn8~S!*C`SU?PlkyLwP+lP|{ zaV!4AuSCnEXaSacGA<85CA}>vpHe2rdB?HxbTZ z=~tYAmP70pE#|n8n=-|9zQ~7$WHcx`m+-xyIlqXLm&p+#Ob=v?%MG6W^2BPScVOeQ zU)hCmhOQW0&LWOWotuTi2zHKpGF0}=t>z3E*q>NbO@eh`qOWK5jy9gT+3B?kQ!SOY z-BN_!*hw(oX`(Qzvhmh2K4ExMgEXl0t(qLhQhmUQ*b-aA`=`u4C;_tBCwgt~s*yzG zmym@(lzwqiWTI5>iVNG*NMBnUsr%SE01=QfY<0>y;lbq6Kij}L-}hE)#JMTA-n1_> zN>MUSZ3UW6ekJZc&Fx)l)K=K~f@~rH*9SE2^=^Q=$=O0hwP2a*;&}!5S#gw;mgVoS z`1&4_;4#>Cj_FtQ>({is2&+IszV4^sFy_<}UCDi@>PJWT^u4?R_X-mNgFQ`+zV7Sx zVu9D`pj*}OU?N#i>x6U2*yeG${J_RWg*I?qcW8LI1{A`8!%8F|qB_`T73+?{E-@*d zfEh9Lh}9}b{~%@V4Lv^t6(FL=Rr57V$t;N8<8;%yiV;Ek7HtNulY=%Va@_K7JR*BbQtx^n}Ig`aZ#e zdQTB~SVMKS>$?}HsLp)#redxAW6m3QzpP!{%i@GGfpO-YxIOdjr)KR5$5+p)ntP^{ zM(57{SIQFnD`m+#AtL3yp#=>Ko3`+|6Rb#Hoy%o@ex_max63EQSebMza6NAo*%3sf zxN^7n>;59y9o#v!@RsA?-l;pqrfs-OZL(e(%ZF?7lnyun5SSn~C0R(&Aw9@Hs1NtD z!^)nj*ik8q$TNX2h+LW}SVp94TMc#nTi5g=K!@#EB`4iBop52RFOm$pLrlQ@9ic>3 zLsc40Ngp93!GK?<&+!?z!&Nngyk`qMn_;ky0@zb^hJRdZ@wMcFK@UG^t`mDZ$~9gt zVC1L5US1)p$!S7Wl3e6>_ZzKM%h@bGsHQLFIroW45cq|eSui6AM0WH)xY$MN!oy+M zS}HmjRBCT|>EZ~|MT7kvd$)HUPy{xloaUEM{0MD+!L_nfHk5p6&uiYamoq%QKYaS) zgQ#iEm)ECnrU|(G@n8S95xKar1{)$_6Hfng*$Nb<7h+aH5{|FGh;n_&2^(e$C{2AG854Uj!Y(!^0cCcq5gCX^8i|bqF%@ zW3qm9wT4zlv-v?61Ct}9Wh4quQvel>RSA`DZA%TB02i=Oyq5;zahEo)H_UN3m>Hnd zfvaB}ZjQoV!;>LCu9*{nyJim%la`m4sgmi)zVD9UhZanQbMwBe5pa#kJCI}@YLGB6 z!DL+New|3lkDxlcjOzeIWd8FipT{YVaR7{+V}IpHbo_q zDJ3U|7uZQ$d@t_oEUg^3iA3#KZIw7vD0CjF5bn>5i(>Qqf}0Xc)ch@*ErzO~{J$B1fWO%qssGygT(ecP!Baz1HG9$w=HKPM7 z8o$d3zOnifS5paZu`6xynVv0am#Y<;=)-BGvcXJCR-3m~b^X7^VCv}#`p1ox@qVtJ z`~}e>Rwz9}DvMU+5nhw69{9}?td>_+u!=)%TAf~5KN$=zVn$SwGGZal@_KG*kRrE! z?$^CdkBi>;Ncq6vK=7$aOG(Ma3uX4`*M0l4Eas13qq2=gx@OK4b(qMx$2-Cwf@xSw z85Nx$>Y$mJqI&QU>kStVxtan1s{c;_0ERd@v%F|e29m`bfLJlMCYyL`0{rli0JtLz zc-H0SU*76=OaRGx7z{@F_?vOWR)=L2`IGa{A_phEqh|u*3FVo5XMA=CtvJeriX)bw zoIj*`uo>yKKj)MYV^NZwcI6?xhT0`b)_!p4Dm6~9bHKdI9@P~5_vz1f5Zis3slDM^ zdttB7#@CRmbX2-Czn1e}(p+2B`12I3t)s#idT8x_6WgVsO_RSpZM@a#lF|9MA&H=# z>bj_HW%b;ufTRsGpY8>|-P~1;54%R`MC+k&C|FIwOh(cLnbu=Ae@T=rey{#%8E%4ZnG=c(AMfP_97Gt+jht_V-uv2(Gy+ZBQQ|$VPU%7_0~}D0{}g- zdrRlLO_*k3i;H$0Ao0fGwDvY^YneM$f5W&ci#L~@>lH8mr|T|5)2*|qAo{=RA`qpG zWtbH^GLcy7^>UvzSCS1XMWwcE*EXI9sOw zoC|*!oWq%OBRvy~(<1tGMFXb(0#%|I0sfdW>hG98$XKo7ux3(cX0WzaUwT-&Lq1m| z9w9q*G34wIiq3*qIZUuIj>pI6CK`>Yg}!5@I1O>N3fe6>%r#dvFkr~7hhi7Z8OM3o zI0$J9G;!GjGdwQZ=aF7cXT9xWn@xPrr)srR0QN^xtH_4y@!!zHEct+4-Mv- z6c1PRH9^&%=KJRp>Kv>4I??snAZWd0?>2?%93|F2SNdA6%y56*p{&E8Y{~9X4)rxK zECYl|Wc8D)48Gt~s4Y}?Vyi6Nhe7IRXw})ub3->tR}aNi@?!de=^+h=K=_qJL(wdQ zT_+`*sWEOX80Sr4vhu_eno>u)Y~Euwe7$aBHu!^wM$aMcLFhn~TxrFV54ClumJ(ljEK$PVnjpa3rfd74$5-QtFkg(L|i>l1zXWH|z@=vMwaM zwke!q?Xt3l%2Z8f2^vOPwm`Ekog5_A7NN;Ttxvy{4pxcP)HHm5^dNox8W}{8LrjYC z(4`@|;}3IDYZeOS)i%|OH>%k01<;VUBMhVGN)$F1^T{iRe?)H6S1RZpEm&u3rixHV zN=kx)gRds@XE2p3;Q&gg^Eo5M6(OR;DbESpgCFwN)iDPQlHY-6a6HF$Y>{i_T4Us+ z*`0U(9U2~PWWFeCqm>JnsyIai|#-y-ZA#GmWuHY@Tj%#m))!p9L?>nKM(fZ;K2r ze)`AqB>r0&nG89$K;MY}^6h$(p{zp9sGE8! zaQ%9S^>F^mlLzT>J%{E8EmsWTyg18UrwxVDLm<&Rx+4Q1RX~rL^zzzN%Q;{RF#PiH zE%ZyJWvMGf>t%Y5Zs=aUdN%l0A@~4>q{hmTzl>gAg@+4s7qb{S2Vi+MV$731VJ+Z~ zsoUF%%Q_GC%g0$so`zDXrVuP?ajX!x!UD~kmg^uFsaQf5$AzmN5**(%!=_H#Hd7vH z@_Q6Iu|M54C?08t?mj82(Yx0w|5_LnNz+W|AWkk4rndb;xOf?4tz!S9J6dujC!9|I z4G5{|vp*(-+{!Ki5ADqO7JwPMV>$PXlFvIo?!HjA&)x22x{9B3nDG#o07Bw9c|Gop zrx_KLbhj+7e_!C!{I4+D?UJk`A$+3sU(5WH!GDADZfHefnUiRPoT3aaG3XnfXz8Fe zd&A~rgsIBfmnIyN;$rL$-b4|cmRKpD1&P2Jd(fI3<8qBFEc?1!U^z(3bgn2+H^n!zc6Jorf{8}x9EVOZ(}LpD1g*)voV z24&N6nQjDA@&?!R zrM=&t#`2nG7vInMyKy!DyNZj^?U`}beiGL*i}cz zm3FQd*B;@cL6C+Co7CjsC0%m&Ffx2=pB4I59l|76+p-WS+9Oa{%lm^<$X}1n{=Pmj zpPY>t9b;*wUBnAxEUVk+F9hip>J9M!h81TL1_uXIsw7muqukmZ_myCGOU1(W5;z~Y zB&*}6-#UV{inuTu{e09ZUGef~oe3>bb<6G8LBozDo_6U9XkVK>G^Hm(GuzcW146A& zB%;GGLr4`dg7vc1q!u@R2WO^qvsoeup?-?r0_&uw8qfAW{f+MElm%C$$c0-dq%74l zvKBH_fCgMbTRVfDxL_@h=Ca)bi)8 zdlbDmo&z^M-oJv_esAJ?IhdAAqq(j17Dh|kLO7?4(+ospBK5GFfVm@( z*RhMi=jNO*KRQo@FQKzW@$GDb!KR9I`aY%>l%PHJRt}f&yIT<=5~5f!gSzb7j18`# ziwue3*UV|US5dPmOSo)2i3%45pjA%$UM)(z$jv8GwcGP(@x=3hl9i^<%dK`_M%~r0 z?lyS^-9Y3hvM7vSS(e;W_SF(EYTim*#ZT^7Cv>}hn! zpW@s}Rpd}4qU3nPk>NXi@H`}3Lk>M>Y-Dn_?Y%LkJ$trvxZDLan?>?VvqrtumqtTW zB_gL%tLem$*CM#ej1jaknRv30{7`60B;JJn$T$D^mQPD1+EVU9th`c8$yo0G0*d$; zh0c|8kvoN5n^{Z^^m4RzSIMuXj(19wC}gHoQ^ z3J?-s!Beoqzq{b{KIl!byT+aPy9aHM|Y=RUSLyxH@QDx`<3ol084)3Zf}iyo6JqeF5yo?1@k)k+S=Mw zCCb|%DC4Itp6v4HMt5Feo=O$VH$U)-NH8x7sCyNub9>9#9bJS?IQAWExt>}>lz`2L z>3xXd+zyAn8~SKHy<_~AUfX;+Up_%@vr@C{?t>c0nrBhz#H|AIb{yaK@p^%T=d^p< zVCS2i`mCL?3IYi+WQmV{J(8xzq#Tb53V&;e%C@NNR?=r5m~VdQ2P3)v(ZJbhYhP^G zti-mA7VAFlgG6TAFJ|z_Z&$Y^(%n4h1@i?gX11fjh98{aq@%aTZ1b1{$#E7_#_2rx zSK#w|>G~Xsujsh+Uhj9QQ;_Y~@BDP8;{{|T*ugJYv~*$};@Om5Ni`o+z5*^$u<>bQ z&Ih;&#WQkhLfPK3&rcX4{cZ@?eEsdET6Z68J@1qh>plDlFPHGktAZ( z@Vjh?w}Po>Ym~3PKWFHurYtH=un=bHCTcl-{Eb>2q1J7pKs3GYH<-ymLPFBe-cD3! zOd{br-vE6nX+3Q^_ycZdu6pNurqGR6oOOs_8H&8z=wJ^F77h# zNpweqp|iLq6>C9_f)Ug;AlXge#PJ>46MFHE&&RtrZ}Pj#GHVOHJ+urH@^)37)Gcpd zgG~Cz!U-^xo7N=R!NDTQ=BBGueM=*+T=_M1j%u)PgQ1XY978TL_+5pYne7J8RBGL4 z{w9{8?>ExKu^)>^umi(QLz8|%`^7);M;AR-PFb?S<`;=p?5bAI=Oa>{DWnt9Ke*nr zq~1$T@3L{O3WQkBh-xs#g$)QIiA2=jFlXu~4u0SEv0WQTo^)R+?IDQnmx>OQV)^`( z4nv4l>_04tl&jH=d(no`1?_!%aub$12-nM3Q||duCmp_j;ms{BRuPdy33_WB_lyNI zBjZJP$6W!^q+UfZk^getBuh-DqgTCKa49T19CXZJ&vGW^~ zw(GAosjr`hjx_e$HmEUl`mYiyUk_|$^bGdn%d%AkJ*}=SgBTJ-W21xQOs%ci2-9Q= z$OQxhlJZKfayBz=UgaFL56j}$e$zuilANo#Vu+2Mkg_dm229jfyW`=KP%aKy!!(>> zgJb_4rm)!ba0yMnqycLLUWOfO6{V43HKt;?mJE@qk&)4u$-7XTYoT66Tc(P$qv{IU z5lBU2wIRha2~@9hGWy6**gBS<&MePfKI#!luN3d_(s&YiMV{IG;m)UvOZvsA8PP7y z_R~W-`Yg69v?d=+$5G2XZkesMdmGcRTVzdEV{>6h4b?OG^aXfb?i2RdpF`bQdb*vl zQyCZW9zIuuCci*G@x^+fY&rh$Q03?GoY)`m>$&b@4mO_o)K7q30P?*|xfd9K99r$k0!C}omWTnV^e34fb(+Mvu!iSpyw zqvTRU&Sxl2&Vm()SaGA1r~u|0e~ItW_C|5uhr=J=xaY4wA)j8op0-6QbT9A#&)lKM zr}#$~s<0p9hE17nt}#J<`yNt?C*mC8N=`&Bt;wmU>>MQ!sj)z+sq@8DmQaesGVhNy zZQsX%^#B+HJ^esFI=UZAtw0sR8lbVg+v30NKbN!u3L12z@h;-$Z%_o?cpWFz5VtG4 zW-(oO(NeH5DBz1h6t&z}E;7`om`a1>H8O-uvtP^eV{6QW4cLyX&SAZ@A7xu-iiu+t zhiVcP;2L^6TSi9Wnpw_9j?VirLfcJsz)SL zztSi%n3cB}JE;t%eDRpaXsG;tg9fJN+U0UB3yrVpG9-t4hVjjWES|=a316v0*j~wa zd+Ia|O@*?Pk1w(i$ylFRM$FRXQPKb#*26xdSD_LQdR%~iepV_j&0>!e^Z)#!nXbj^vDh`TKa`_Z$GKe0^7-e{hg%}^{VaFiy?nRzvFh)&T88`i+})xPrE zS_cm@p{t1}gwnAI+-iR|w=8I6*w}f0<=#vLG5RASXfsc$)^C%4{Qg?pjo0HHL5v)X zy9|jBo~}#oPZ5edtvcg9V`cTZ`;7CcobW-~&s{Q>zW&?6NNm32S$q}CR3+TIKZ9)* z8BM4)=rk?iq&5m2#98a>pe?_yN#_<@DVC@8NQ>!)ylL=M&&PqvDq4~PGJ_&Ms2%5q zC3}LFYCHR1Z+4{r}!scn={Z*%F%KymDzzAL`}N7GrjHT{17f3!4G(xKAQ4bmXpOgaRS&JohxDcz%C zbW2F5AYDp_FiM6J1IFOD_vd^4Ue~pMV0WBzp6BsAHxO4kGnP^1FQmoYJ;xs>ICRJy zT&6cPm=z zdfvSrlqR!%CajR|Nt(qqNR>Qu!Ea}lyFqJ#RYs*3O$;C^{5-UEu>4UGqL*Ru{TL9^ zsD>mF3jj()RBXAMRb*F+f2>13Z`l@;?5G~5E45V%f+?-UUe)nu&Y9$Ew`N;IrC4$m z1heMtF`GQdoP+O7i){yq)6>d>e*bN{e(J;R=zo|+%Q;a+odzNqsJ)6R-p1-D&)){o~rD=gp(QRdYkgSi@8DESp4i?&<^z@eo>%*uS~88;y}ov^49*YgCu!is|9HNP)j#`e=ypU^4WIm)lgbKwS)Z3b&V zLTH<6yk}qDQ@- z*C~x{-}(6Ya~=2tMW>6hn$++^e++(tB&ZmubT!iEhsAPHzrG-o+~Jqyb@iDLw$V)T z^i0N^p`1P-M;H&0VntfI!tje=I_+VIjgu2j0&EN;b8~aSnHA=*yg~Hv5FcY(gwT># z$D7UF0gGgLC3HvqaYNO)SJqE4=u9*Kb_%O6M1l1d18C|vZx9rOOLQv62vYX_)8RoY zKm^zV8=vA^&x#9i%>1%pJ+-zu2?=Tm;)7wx;M{nTN~UITYu5bHZp1) zU;8^9W@8jrzX<^AZ(^Z6v<{h1={oNYq|;^xQ1+LOtTqQ1Yv36~4)Ajp%VF(y?%-7H zo2QV4)ZZYG!gdLk-utJorngFq&_r<Ajx`HC8diW21XycMZ zUy-al+5V(i%3H>iS5PHev+yukm$NZdlVENO*#Nl(J_we8V)TEYi9!^!g5e+L5QC$0 z$RTAH0Syfef^FeI!z7pq;A66gnr@j)<`_E^IqBG0chChrsu0@WZ}Ao;0*l0}i?eWi z+4||}AIGCWF$>Z|(zN`(d&hT7sHH zN%}$UjdH|qX&B(vqVX&1&rpY_hk+7Cl1dt5eHfR4?oNci>ko1);=bsoVC1KDz5NTS zVN%Oko(NyNf^*3pWXTF0D8#kt%cK^b?Jc@?#831N>xutEsZBa@!SoTHxqk7V4k zjZ*p>p-c%5o5h<~>FlEqv-|NsH+*_JB;L`=?y#>{4jyNrGcE*AN}X>kw{=0q$1kJ9 zUy_enBaX42bT-80sv)xf)`5KE<=9YB zS-oJfEVNj``J$S2U@6BPVEuVno9kI9of`UHr-1xqs<-T?+U0PqDvUxcJI#TCs8^o{CBfI3GK`HF4KE46svCDT5X_yMy4uhZ8YlheZ(i^9U|%Hdt9OM zpz~jy@%ymAdE|rGC#8wY1*!W5Ytr63^>|#Cm+aI`YR_GLURa}DdSU}c)rj}EUs5Xc zS5=S@6dD2m`9<*ixc7haepCr%iwqsw_0x3pUvY>~v!Xt-G>2hdZh(M7n&d09Q}Pjs z(Poyl=GFO&Cr5fsq6^M71i)_nu=M-xIdv)DJV3DIuL_({*gLtRvN$w-B^bxBWfq$P zOE#WCNXZ))2T*xt94JKyRHnF3t0j5%$8GvCn|<3FO%LyA>F70~)d)4s5>g=yv%vW6 z?WlH1(4M(kP)dCSk&WQG2Zn8?!k@5P9;-Q2$tz?eU7bQG*pJ(y_~PY!%56Xt#tzF4 z9uEJ5ED1a)StJ_2a~Ia#++o6P|8>2osfo|ElSh~Ux{|^edjXq2_FDPz9aRBzpO8ES z?ck9+TB=-W#N6|(KW^CoP_^*cISe%~5>mDpkZX3SyXXdt6i|HSb9 zL2kY$BVphap}7 z3}!@w7ro9an)`47Sn%nQdSuAtu(ZYgpkHjmg>K*;Jch< zUe8y=Rr*qCG~{Utoc+jPiePAJ_)5Bpj|tzo0569eMnz#685vO-MqMF-Pzj{dQPl;* zCAZ7li;d09B2mGCi;HXj z-9H+0wn7j}tjNmBDqcKJbog$@%dXLXaNpV)eN~6rR4xypaYB7Bp`|iz8^TC<%r=(A zHeGLyB{P|)KzSFmdZG;&Vy58xWZW(xD*Pcb;4pRZwUnDVofS9zr#CF7z|#7*rK<(@ z6R7=o)?T*z+m#YL0*;^Gr?s7Iw!p?_+Z^!UAP0>Po%1yeM3CQGcPkTSFl2+H z;^N}Izlq=N@erZA`SJ!JFr5Dqx;NFO8ZV-p>>=^m4ic*{_O~nM)>C{y*)vBBH4n^H z;q6g|4e<4FVwv6UK>o}4hOX_f3RwN1w;>yci;IZEWZrbWX!W~RrH12(CnE9&4B(Io zM6ew^I9*@mUa1@*TK3X4@;eXg#Gt_;Cc3W~}v2RX&w|G1Ul|nGa5hm7JSJS^_s7Vv!q5-sCQiNj2oirUx!oJ>& zb4!m?J1riz+Wmne4_61XYd))N+ECHZO#i9qZV&0pL;F+3b*XBIrKcL^9iI;8yx#rJ?p9{cn(wX~okgBejf z)5^ocvtA@loz@JKeuIja4GbvTY}2=I1XEK}`vLb-CT&b5 zwThQq3-Y0k&P}G1M%e{PB(j>oB)u@vjaLdS{MB2^3)Bpp{KVHc3u0!#dG@F)Lk-?| z&I)@gkA>j)?R?e!0!h;?-5pd7@%OQDP5ZBRM?Xxc*H7Nb0@M)g?5vrVu5C|WIxa#5mx{YO%hfjeqC(6kl;??nkb8>Pt7F;>4_o@5vPai&^vdMW?4w_tb zG#pTHk>KH!J3x3|*@cmWkUfGz-ub4t@_F4AonAES_=}X*DVtFG6Gnhvyn7vOR%2E9NIxv-HJNk%E-ao1CU-$Wm8fS1`z&YXYAJG=j z6p-+CK$M6bmAoFI&W63vSg#D7{qJzo$7}i=Ou#;D*Q3pZo0MrkZ}lF)SXnqkxWIA3 z$y1#SMaSu^RwH*H7E|LC6?J_Slc?8;7F1G(p3C)0KD^1$O{`V8cu@6U#c{To2|5lO zwSydLd=Y44naji*(gi0qQxSt z<8agVX-i&JU(Y(d{6%N;-Bl(3BWd5`5C#Ko(kKh4Pt%bZ71ttWAn?$wDCpWp)C&Aa zr0UCuia+oh14hbMXbbnmRz5O~Nnq!ls^+I-#0%vnn+Ypc^E<_YB@G-Kfg%PM@}}X9 z)89riu~kn$O?51+9uDA#me;YlJYj$LOUjH2kS3wjlHMf8PrI3ClSSoKm5x7pVZj*w zmXGC~pTtrNPBC^vL^}Q&+4qZLV^CQHcpnq$<*(nMb)Hnsk1@G=O3@LGXWC2uJRbAIkxRru^n z!ou{PeuVT4IeeC&p+CdG;b<#8bV#=gi|PM{qA^cf-%Sl!{j%@+j}wiDW`fN6yAh!J>Nt3WHIDaxHDd zy}(s)lUwucfO3`-%q&p4t_WdFg?td8dbsBdUC#8Lt*w|WmZc8SdH}69etUy=^n30D z@FPqFzR4&egIG3h>^j|i0z@!|z_Lymy{OuVd!^nK1Tz|a8%Lt%Sf~?!Rz$s{@#2@rO=iHSUm<18kKqAfxeX;GOSPfI`=X#b*)UlrQT;fH~~TY-;}$x*>;fD<0$zF zcAq<~EP$H#IWGpWU$1xxcs}vB- zSf;P3Rz27yoIlGz+i(h}ppls49OD!>%eypin*E)p9LED(uWCqarfddPGkK7w`Z_Js zZ++#sv3K6i&1g^A&W)Co?C_V&$Y7ZVbf3mJ`#YYM%|DZ1+a$~jI0H`7&};?1It#p< zD)F87o2U5OEN9?it*f^4YP>H!?X+d)uHA6>CR@5fsF&~IV73G?1y+DNfnyGcpYWai z25F1E=RW*`wYslS&;9IXOVm-icpcawp#uLlE06lUZ+Wk&p>Yy{^Lx&_H4#;0jg*b|$u2_tWi4_$m=kcqLHV3jlYoN$sMAPuyPk}wVA?Pp_y z`}FbvqOF3!gx$DfUHv?ZjQWd8!6}gFTo5vFI z98h;zg#R4N+VWFLk&sL)dp@#VwX!+X%V?II)Y?M(pM>+_;*zoUP;XJ4UHC$mf<@W* zzP3T&_E*ZzVYW0y2l7uqNf$i$S7X2X81ln)I!rXCr1)G!W)Y?SS7|}W`qtZ41x$C0 znDLk~4RkUH#S?p$PCbqDx(JjWei-=Fi-7pA=pl85h=y`8_g9}>I;;tzl0PLm)M(2) ziL!D9B?+u|+Z_iue_kY1b>e_Nij*x8#JvnCT7)maf|p7+H-1RqX4ksQ@yy|+@gu#5m=8VrGtfqE1%5dS2})=rqt zDekOgwKk?GubDQ(llh)(nwQqN(62?R^T*FZHnUh+9wHW;DLh{p6mGQZT=-P^qSs#O z?YtBPn2ds;3}4A7{=q*?nw4V`f}|O%6hOCD3w;YG_6~KQ9~CG-1&;v0QGwT2y_LP> zem{PK##_}7-EFCErfjsPl9k3SPs*YeIO~>oKlB=U-T!S4l+$cXjEs~&B9<;TuWuWG zp+Dvh*;_vAx7wG(%3a^bC5RXpe_20H+)NakqSTL5nKo_@r95yJ*Ro_B7$*AkEHu6yd{YqH1X`r$_Y^(OFQ-0-T~Bt~;@3H)&% zRPVx;^y}+>H4|I#Ir*HKzQ@j08m%(>oKAFo=&BnYF#Xe}qsx14Z>PEtQhliimwp{! zzK=}geXY(Fa4DF0GeDE%qC;60blP!t`ssk|2^Z-WBrK+EqQf=WKoh{zl$88@zrKN>8|XcB&#c~$h$+FFknAs8c-g&~+n5x9!Z#A+;>-lnS8 z^4Jz5VEE5`gi7-+m|Ze^N@EDV^bcMopkP3V~uBR zEejA|ZHvK9gN z^T$6J1!l!Vag34AlF)F5+1*tpZ^l>0r+pMe!ZMJ}L1y-_@{cb2 zAmPI|u@LOZgSqlE2zjyZ!c0{qBL+&OMDQ-ZTh^hu_pgn0G0zG~^(e@!+&XkBhv(3Msd3)FarK?`D?0{ADk$OxFgBPK{y3H{a+t>{bk`%hyidTp1-Wv9u|D*b0Ib_VZOZw~`YYSP@5@TD;-DzB7gLR{&V?l{oeI$IVR`BDXpyNXyhe&um- zNq1yFGZc<*H1%HL$!3xVUg#J&n=rjqX3?IQpORwC3#h!xfK1ME>`Op8EWQ9BhrJ`{ z!N= zDNcpkU!)vvWYt_-A7dFMXcHbKMj7*$-?aM;uO(ThC zlEs&Rla-15sBh!L%7u9?Aa@XhZ^gLA+L=x^YhjMqZeJBVCG2yYXJ9pqll$<-a0YGJ z^9u-1MW3a#q-L*RY}ftSA0JvuO3LDS`vH_HlmoIPtqE83XPEr8kVx@v`D1J{N=Cx0 z;qyGtM`nmL?VxMN&Q zsBrGdXl3@$7M-!+Ot4m4R2Zrsv}mmAYmC<88aLBFb;y%bZHVWnv}9W0DsXvWqR$Uf zy%S8EDX#X*XTg-kmbvX%lPTvkf`p2#jFVakLayzp5rAPX-kAA@LSuy3yHjWS!ER%{Qo9mZWa7L4{VEAiaYB5~m2QT4H3P10ySg^r==IggCk1~P%XsAeI}UeRuUT65Ajxk>JL=)U|0BdR<4mB zOZy>Enl8v2eq{+MmwQIiz#E$!DOt~tS zOicnz1|&P4RJ7=`Pi}t~qkq|o+t$c#c>$VMe_kb!U0+sm7Ra1WF`mQ zGXL^!L;S`_#ZIWhc}k+_LnD4u_qTJ4wAq*Qrm9H`6@Bboh~bn1D*~yL0yI0WP z`uBsjHT&S6H^EOJ10RV>1sd2CiWuPPnF42w5;_U&n>XUY38c+Q+Ee7EMA;ic`UN7< z;gGQnqH3tWmwTwBvhC=ffG6?JA{w!yJ)EJy6G73KbN^ssnxx0l!)H$#J!2I$s^>9a#nC^Yxbw)oand~YVB>Pme{B@)AA$PmQ%Q@ z(%FAOys^6F2aRfE6db{Y64JhojH##`Wu>-n6MDL-Bm2gON1kIgM<=@0xY0ePvyU2|0FlrY!9#y3#5?A^ua~0M?8za2(K+Da-EBIx1Q~ z9E38(@7Za7@&raRE@G4r49dEwVa0tvJM~iw@s#Cgh`k6o=ahaRu#<_UMaQEvU+Erz zIo?q)l~oV|08RikWs2zhA^ibbBF7!^Ap>BV1^#v5&>)r!pZsRN|7=dy)Kl^jfVPp0 zj{R?h(xaJP(l!LF4h2=Ggc~FcPqS4ecAyOZ3IY=Q>)QkwD@QrWf+m1Mkm9U$=sZWUJ!{ClOMpWil}atZ*@Iw!qz~4)N0K4o%KUY{fX42 z%n@~va<#S=pbeI(!XVgQ-v2KVQvn_c-SeLYM8fQ_VWz*G{@ZdGDm+g*(W41zbvSz|Ru0}7xcy_^<6{whJ zP*>&&`(BYmcA4Ug{7(d`=K+)c@0uitT>jJ7B{sGe`fcP&W%v&8O2>9H*tao zC5v)GPhVqd+l=bGAH#O*SG=T^G0$zMUuap0h=Ih5U&}D^0WB<9p2BQIq zDV+5D!l-|2726czisJE{@g{f}FK-bvb4BP+$belnT5fi-lYPacFhK#x0G2Z0OW}9K zNeT<<%_v7370a61w0ITn+noW%)ypwPGP_R1>FhQaxiIbZ!v@VxbuV3K&G#BkPgnab z7iZzP@~7AL`DUS&Pn&3qPqpzyv|VR=FE1@BTj^*E;^|W=!vb?J&kcjSP87dZZW!?$ zFd24bA~sc)eAi?h2dU#{G!BZSZUS+!mhI?^YdkFzU@yNuDs*ht?en58!pq&K)xUj< zvHz9)9}D@7L@~HWL({7(+K5Ws=s@I5X|2;?ubEx#aK+;PD3wl=3~K?f)%mapW~#51 zPTO|HQ~X$E$Utv;83y#epSH9DUZsjd6U5M1StYg`zN7y(qx6a$ODX$Y+OieIw_SCH zYIdA@yY}cm`puu#f6u$VCR;XJnJy{w^R!CW{-bz3aRHrpVsQQU=hOf%qjG>(GGl2JeY4nB+~svMwjy;w5v)@5fgWP7PA5ssr=MKRSpRk*&E=u$s@ zI7?qiwHVx=Z1vID<_86U^R%m0EekT_TYBZu`YY0>hcF@G>(vYjK(wd=yGMO#V-&{K zS-TtPz{C;|qd&lLWyNY!A&<}CCGClxBqGu%Rqa@Ta)ZFx#$mSBsIRnD_r&qiadyJ& ze~7GeSaz4{K1u&}XnLd1xopoI^QYCUA`~x6(Sq7gCE8nZU}TA( zMJsl9?E%-hX#kylSP>`Dmz+e=^k2^zb-a6NI|*!EgX{rpJWOYy%8ZE~aLY0`6N(&a zB+nZjo(8lnk43>6T=7cz(tF=X_SoueMCjMX7<#J&w0jawJU|_U^4T#`=SIpxfo3ia zFK@>}a3k-_05M@sG6rVJsXMfZ{2>7=s=8hNnrsj>eZ4tn@JFu;?j;SwNo5i>Ok%W>u zYE4j|llDG??&yb678KS2*)>ZwjA%r$jf5{r^g_kM1&4P@inqCf2t{8|ejxw+HQm#d z`<9SvVkQ5CsTOsb29*@VX!-49|HMEb5CA%TK$Nz(f$D5$Lo7v+s@Op zSHy<71e)$Z^6S}EEv3tqEeiDtSUdD|emdW{b!Q^M>FR9X?^iYx5694@u}WJ@*(lga zbglUpUFN@daS8Q`ZHr^e zd`{ksQ-SC0>b!8dE6FosK9KOuhOa`G%v!zncZDt(<-E2KuJVSKpn%pb(ShOj)wb_3R>;bM)VrUIh(}W zk;}BKBeo)*A=__+W4CG6(2&s=lb4{*_YyGNvRZx`$E=-jDctSPI&Br3lY_$>iQT^9FxBU_3DgK78UUkB6IJcdgiej%d#Zv_bxv&~!*BDeh z@2b$aiZ7wXaYYxL^_9Ail^J;m_;FLeXJv#jFz5y>7BZnTu0rBU9V2v6lrK2lG)^V z|1a(a+EbVZa#Z}{h^dP1X}5n*;;rehv9?8TVxbRlQ#=FdS`lX((@X{~C^|xXnbG3) zK*j`=YST+L(583>ruzB-`Le}0Je}WOd2a%iFk$*N0_u*Xbm-#3PFkfigWFE$&31PP zPq9!``ikw1lp!KOH^P5|SW@_Dv>u_K`KmD?f>GKwd+9VL?@3357f0wr z?~FNDCFi^KxqJZ=h-|vHIE$2EpUf(OVNK|WQ^bkf9z5sE*q))!9+PtQ2T2RV&gb7) zJFA-8g+%o0daDS-f2`kCm*^$cPeAZhGEd&>2Y_3-gil2(C;7i_Qr6)8MknmDpLGv? zaY`@^KWXBXN7l6&*Xn6Q=(^o3+_7pkz^-p6&{0@OYb!Y6?EknBP^i)JJLUO+G0#6) z-v>E`v6sbY>11EeySh_%b#}d}0zfK9NbQHFF~)1P(3Eb2`I+L0HSW!B()LL?lW0?1 z;4=%W0ZykP_8XJ=+Shu6vt&K2;yl(a?~82DepKm42u_LzEjqRv-0Q3dg!Vvb_?)IX z{=pAU{)rWzJa$^e;)m{3?(5BkW2iK3q26KH1!D~4@q6?NZp

5a3}eNjAEl+SFm6 zHO_;P!Qiu)uvvV_Q*2hPjAGDUN(l-+Xgs|yv%0V>tsI(-1yVoJ*Ae`=BP~XjMK$dja`QfPud$T;?$v1h!rT~*$1SbYip2O&5 z=gY6nbN31FMk&v7G&yQl(@MBd~RO z;ZmPA^Ul9rJq$`7NGAmwALPN)n{2ST%oF3&Z!gfhq(pfsDiy5g2&VdHS?;58%+%`^)!gwn6~q!!FmEmdwd;1 z0Bhy<9`c8snY^6ndT;n8o77_l$ePCG%%PIH6_6SC-5JFn-0=ya`gBK!IX4)*Y{g*o zx8qqccLS*_{7YgwYy6QJF|7LUJyp7VhlCAAP%K#WeG(I7tOF9gesuT`gQ-l@bV)8{ z!)a|qv20(Qh8|~4FB9w57sYrL+-Y4KKNG&N5S*z$(6=IV`$pN}woTM)L5vC>wJAZt zUJV`(_Chr9TU^^j3Hk$0CwDjEI%pv0Ylvt>1}^us48yC+#G%Y6a+WMaQU53R(O7MB zb}ZYA%bh2LEPbWN2wF9&gs82pJq;&#gl}A%^%Fih-^jpL07R)>P6!*%RkwB%J}QFZ zZCGQil~@0`99RE$vDHhpMU_HHC{Dy+x8Ms=-pX^9Ym%~+bk->g1x@mni1@X{&b4T~ zzzTrBo{qvLop;T@;vy`Z(1aVNgmz105EM2wcR#!P2KvLDK=}5zvl-8`T)iN2_1$Xo zskQjNrEB@)C!GWT#D@7gLrqwXM3`J5j!t0C+9aDS*4my zIj`CEzeefBJJn-J-I(c$KdN64JF6c%Jl+*mmQ;RJ)V0!^$o<cM9sDt5*+nYcn1+YV*vIqSsafWP+=LtuO$^tEX}(W_8i6 z>$H0yhVk>D&0&$LY4adbv+y|Q-@D;<+7srHd2dP&#YuFK9;cBW+OPnZt2k{&5A{N3?R{nzmOEu!C@S~saw6D{x!7?3R0&)k4Ebx~KMsFjO0%W2e_Ffi$ z2K7f22c4uw_e||-=p_O4X{+?*aCus%!g#3Mpx_pukzT*-ODc15|9P%m5gr(cf} zsDV(BlNh`vUBXEZkni!gJ=s7GrX4uuUm0k)Q7~3|8;-|bSio15j4Sa!la(wA*a_|@ z-gJF&k9@q{PVT5fA^BYD8$rmf<)io|rtr$_oD3u8UvCz=3iLQgPI9wONV?(lixau( zG;v*SYGf)dOf>}g>y3_kH@&~B4{s#(R^*qh%2}=GC7k4gyyP#djt$eCTv>s~13;3o zIy9c6bC{H-&HH1G?3KpX_;%6&N-ZgjwQ(?deJ>n;y*fJ>$A23s;Wc|_N%e3txv=7m zcWpE&QCPY4PJE26hpnn>@;{qTOLvW{&Hvr`;y+)T#JuciQ~>6;*uR==Nz8m1ZD~(L zUlCuH@ULGXEQ#6bwa;VuP6TFbbdhE0%wCPY&^v^^Q21`rYIa{$-dAywdkvqiF$iaO zhu(ccUGQDHBQy)cSYcnAI|z<|bY4rN?v3WQ<|}~8QwwZp5@)N~^)1m4%v+aBN3(YF zy*wiE*k&}6^I#Jz)+HvYCnC824mw~%c+9`H6)^1*kln|NShd7Ray2YBUl4l`bKixZ z6&Dpcy8a2l#z>a_IWfMivr}fxD$EXUPLkBJB zBfj91+yR3g?+>L@AcYTjcxJ}3y_R6S`4F(Hmf3ZlOvAjrP{YTIkQf<8bV2uilH)fS z{;83NWV11h&KCi{ROHB?KubjfR@RNHw1!cgzQ^zh4=K=wZ&2@;tuRQHz+@(Xs59+8 zQD-TgADAm%AQ)FFm`zm0X;!7wHsd(??E{hlv84bLuDoYm=FL&e@=AU;YYTXwqp<1U zW^?dppVbq7hCWAvaq;tME}5mhl+`Eci&s8^k%0E;_pheUU$>_P6i^Elj#{X}v2kfa zpC^Q=)wMc!f>P*$D`biwJQkFLSfjRooV1@XJw*P03P0vQ3SUc9XR=hgM535rbz`h% zMJ@r=N)TFdHsdH0P|S`B+o8f^AR^fbZa_1X|28Eq@Y03?(OtZhwEDg^?52+}(X}(H zaNF!x3A5JC#?CXPbTUxthYMB2BkKym`=4CF*j-uSXfnPUI>1(G`5hePuT`6i!HwuA zU0s#CRNpKW_<=yc?|Ubd`+;BfkKM68Vh{%%QXCd-fq}7M7D58KXBA30zbEoqeZQp( zByaPZ=M6A=DUz~Z-O{~1>IrmWTs`oNL69i83%;|GX=>A8GVQi^ zh8_}pjk6qUrp7mC;H?{Ax-g&P|D}~!o`O|8KWDs%OvzuJ-20z(YaeL+gjucgCuf`y z=K>YtCC<@!J)tIc$XQ->_g5ujczI2=uuq4;dXJy)7R8a8(A&4DQ_dblG*2f8|Herq%tjOoJLX zAZ^_;51v?fSt>+M)meECHMCU0jv$U46I#gnjPRJ7ASMtZ?h3l&{a1O4%7}*tYEx0% zj#JT#M!PuA@6$eSL$@tPc-Z2i4i_a)0krI~DbiTF|7GOUFv1E@jXzzP(!{8;T z1mf$ux!nt$!7-gz3LNaO#WBtJGD;T~3_L228jMK#s(bTlnSE^SQb?W0B)02?k9&-u znW`McB^Ez+%~0GR5GK5$m0V)IH)91cw6Z7GrD!)(D*Xrrif;RFhb_7lAnE+sl+YbA zoc&k0td4ydOz!i}3O>L1xv$9>TG$xCbH&@=c5%P*HpI0%QyBIJzNUA}1H_U?p;Q{4 zKh2_HhyUaK+4A3=e$3c4P#Z9rAX)x2sQxZHL(X7CwJfx$H0c%cQ&C?;DUe`8%7*62 zW0ulW&3c7?SW->ftV73UUXSjgtauVhq z%GULimDF3~9+PWORG@|GU-@ZhGjjKP$C47mbX>c;9vz zI2Y`?{B~-jE~KwRpg5@y(eO^ak3uv_wQ?KVC5JmX;R$(moS~)5mP`I`YGy$v=NopR zANL&s=G{+&7oeH=R}KPa?h&BXVN`$WRfXJJyH;qDJ4miLf zxg(91v4P;X*Lz_^aY?W!DND7%!Sj|6LNJXC!hEY!%U&#r@gk#KSNlIfv_JP@j~G7R z4u8${UTnzUxc;&-)_L)}&(}KK=J}@HJ>7rth229$HHE4Vf3EGo<|W$4bg%pPK<&l+ zS4$IyH0rUnrWmdsmzrS}wzLX)0V4pD{{}4%Q`#{)0eD=Uhb=91`xZTZei?+9{!*uE zdL~?vRMCqoyk2=8laIacOC}iYuoPlKUyfDwQ0Ia7aao5@br63;Cx4Naj{bf1V8?s6 z9chAdn!@1}&ZkXtWP&$9_^@+)j1(J!tRe1iRJ13IyaE)_s>SHZfcE!kJR28P8FW(M zEf{i0nc(*Dvi?$ZH1f>sE5Q@GF;u@wcw+h$k%&$vC#e)(l_mdj&PQS$Py&=1M@D|h z@7C|H7>k+`1p(>O}sg+f~ZMl zVO@I=OR@Ay(c%$l+`IT%i}E9`snY1lc3w!U3c8{i970LSMI3zFayJ@+U%0Qua|S=i zdl5)D^Jsoq_@E}@$GeIa!$C?Q^dB`4XgKCukB$lr81N9y%C3(izeV!8ewZFV>aj9G z2~p@qhG=U z%wJdKldUvtyl}0CGt~HDnQOcp1w%l_h40iMKYFg^qEHY4_HU$y*>^wUKgJE>;s;B* zgnI3l^cbmWvgWmf(-=e?PgoW~%QVFsjp)<_*!%CcAC2f${%oZ@`GH;I@pasv#wcVK za@DRO1I1xwkbiKdbLb9^68i}mJmksm0gw8mZrH#e2R*u$WLV-$tx;SvvpXPGk`}`7 zu7F_(N{sC&f$BuG?}kv$e#K|iU1mgSSYL_w`O3ME$M)0CUTKt#U!yMo{+RUC65#M0 zT0m~B?ae6_IDFt%q4s#VC@IuX~q3$> z2yR?@BMl*rrhJx~r{v^i#G(}&ZYoomD@d{PZ&2?c_;r;9y2jtmatm~WWmK)L@~h6^ z6MF;s&X&vRMOn#wUGc=#s$o6tS8!$uN6`Zw{&>{6-8l$pSWV>D846UZ13?_YKt z92y$RV_*ng^!dgRxW=RGvWFvG%}MZty#LS7aq9291JEv;r^3PAfd0Ki0NIw-Q13lZ z?@7x-PfaygqPRlYH&62Vdpr=cYtAAcJUpKN=a~8BEZ@H!Hndtw#n+n2; zSYO0-zN{_g2^y5G3nSLRGW{m(A1!srvmUQK*V_%;xmcf-VhNl+`#EZW*LmI6-JKU0 zJ^nMVL^%G>S5EdNAtHAIqk&&NdctfdyHKF)Jey;!v$exoH72eaEat|@uTAz<2TiIZ z@#~PNQ-?6L7lcQo{)aP#FkE$b!0pJjBIxq{&xZoT;bcRpR?u}_XXUfy z$mo`O0ul)6u*J_8klAspP-}a^a#f_!b`lQd$e{1LjF}<^laX>pQgE(zzU_FW(ik8XzM$ei&XEN>c*uR>wH7ThYd1d zwC5tCs~$lkYo5+o`2k%v9JJ>{&EgU^kM>HIdVc>Rkl&$5J`9|yz(sFii$S*r6N{%m z54s~4NdJ8`7BJGtq$BBSF-A4haE`KuHAD#RR-XuPsu!#)pSN}@hlOzCM1L?5JT|tb zN%OG!h{*X*R&D8@gQ&R??au*(H$X(H~v?wZY)wPm04` zJ$sjn$kSkUBsdT5-TJ2Jxzi%y2}v91xMkL?`rtDN_j{bH9ZbkFPCIoSnMOY#%C49v>=LG^2>6UaMmyPwQ3+_sw4EK#Y-mv}7 zwbV-%_KZ@ zEfi4KKz{RuYZUDtZ;f-GcHyAT{|xnn+ezd9(I`+_PJ=^kak4dOEF~guh_QPthABFO z&}67UjRJPFqEh;OvY4#$Db>oC1vHG`{JNIO_{jIKaiaV0u-b^;wk_G&(|e=;A~#$Y zjpCeN1rX$%_CJ&Hp*9Z5OPnz3ZXGdH;oHd!GBcuXE1##3Qq6%U?EH zMgCi!y`GVY*qgF}2%cUQ8bz8-fH1SGh z?6UGNyBE{cYZS|2@z71W{@^@FPnz#7)u9StO(MTqcmC(Nl1>Cw~OkTfn#^+97 zS_{tOoXS9NKG2Je)t(vO+<~zkeuz_XfZ2Rt9n`e$lZx}CL70KV+lDfyfpvcq{0fE9 z3j#APyg~ftm6zpq8FUuEi(<_vo8Bo!?X2}}XE;T39ymC_U z@&#S!JmV^)VcENGP*Wh>N`(aStEve*d#S)(7T=)QNK`M!&N|6H9n}GQeTaq>_UL*? zcqqh|e;;YAqT$+?ni8QMTxG~}i=5%Q`ynx(fH6^sh)Ip2fNi|RY;^4+h}&eGS*Py! z1gq^!3ENUD-61u8K(Coc8}A<=#mhZ?XBlW$Laa5xmkq@^ow^0tN!$}Zl(%Bdhtf=U ztn=^q$Ds#3+{^Aq;c@^$pK5MYr?X|I;|JCtm222KW*gWAOx15^0z#JdbKxf;^jG2* z`PsPDp>EAZu7RS(_vHt9;4d|S?aW%jXJWYzlH9Z0&FoxFShL&^P?2objaZGp{HVw` zM|PMDJE)W;Hl%Eq12J#w$Q7#!{F6!gYvQYClo}O)_Y1p_P6Zjq>Zx?Y`7JWn6@D?~ z8M6ALy~uwe*OOWcHPe+)m*_vP&DH7RiP5vo^rTEDRN~(hi{x&<9Kt%iaXKSi)c8+d zX#IT!PB2x@O!(GKNR^zcCVWiAz^JfBkl|96#)5M~5G%~gSpK+m46YqmVp(ygLHU9z z&PQ|q%Ctpgy$Aa@->mw~(wWax=-etsvL!Koj2$uT?QFrt4>J6((0nBMVPyF`pj?LZ zg>L*)Hb2`d#eQ{TJEhXD`*0d^y)^)mU-s!s7WF#RI#s|lVO@!tKw(SF64`PlBDgb} z|JgddSH4HE38Qjuz^pvWvAvc#l?|c;ZKD^F^|bL9h|6SBIxROHwzIfvf5U1j%> ziugMZ#?Dr}g>7QQ3x^M@!Ge3chyqmniCzxrZJb45=qf4UfWp+i!lG+!DN7w|X*zAe zlv9Q##mg6-;0ftA>hb<68CG$CX1ub0WWBZw+&3}{?O5lCX1EQTN+sD5=hJI8X9@)Q z3tZ=Z#H-8Oxf&K(NPL@p8=UOegI)lo`~3Si?~Pu>z{0t}2q}a6K{L|#z>|r50b2ae zB`r`BgqNB0HN-s323+g=L{xJ*Iw|0MMUFA(KMSt6ch^k=yUHe`n)to)O89zCJu&c`o4%w=5o&e77O!Oy)#scFzIP z!gBQX=P~a`WY4RfS?wjO`pE3*iM6|+9Q>Ic2{0LH&H0;df;8fB(S-D-<_!h)H3bJv z{c45^-F7Gbb0+0VB1QDzJ$pzd1O(?V%7it$S?P%Frd_P zGbH&az9X&#w~FMRVzU|E$rg}7Giwwh{wDJ`+r@|E#)^wNw(*Q4UEt2C7NwV=RAWh^ zzBN(hg1=X3^4nbHFEf|S=L>+Ih%YrmO%Poz(n=*urG_57axyZS+^n)!lPN%uerXW+ z$R{)LNZ-e&(QiOhZm~pS)~XWF$l75^2$13+Mn2weS}DkUh#J5v3->ab$$@52C=3H(aC$EM! z`?Xr+*0`%veC*)9rTdaAkZQ~5vZH4-*KC3cRLG}4W>noOC#iO6`!r{mIIDinv<}M` zf~C=ngYiF!V`nrHN#Y{Iamb`H^}|W4G^a+#R3Kh=cyRs98i|zbuWb!d{1>x??L}p7 zC+VL))Z3u^0O?%$dELRt4X-=-6Z>WvsGQs%iNLe#`Z5jpne~XDzVMN1 zzjn=#hL!)0*d}hiuU$!wphM9O{MGEpE3ikq4!dW*?jDwX5VYz7$Jm?T#$2jFUMJ8n)DF|Sk* zbFbU;etLqjPwE*aTNIXzIbf}NStbCi>hb4MyDWuX35CvZONtMK`J|To^*8_3pPebgh(l7|n=vQgltB94XvTQro39qq-VMGnNH-LUr%1*OP*I6mbPPZK zCt?)+wD-mm47cVUNV?GRTd;%H*wvv3=NQ}TN1}?yGD>OA*=As=Ha722L0Roe+ziWD z-#AZn%rVv7z!2zD!skbm_nQOXXaiL9*#i9iI1#CUuO#B%YCn}tv0ob=HC<0(ZObf9 zgVeDCj_#~S*tT-07~w)Dd_FCH|5gB>1M)`#PzbKxULA!THYo`nWpqC=CKjYS5_3ShO*f7eQ6nj+W6JbqX@&y^9V~E6 zSPgKcL+S_8J5>TxeNXoj8B*sNs-w%bowwQaXGp5sxpLiB> zq~Z$KTPddU=brA;)&ezdIeUX?0`c9bUnSqq> zm}pZqp#+U<7N5^A@@`VvRskO(}?769X;fs7BPs@(oSD{^~xVq(KzeI;EQz5Dq{D#B+ zvogxfu%ZFQ!nEJ%jZ&vgTEhXKdtSx(-}%{gE|vSTnI7&du;nm}y>*x0$idS&>@qpJ zmQ6C9TGnX!nnxU6BU;}vj|c%R(N`P+wp0ceKfRKlm>+76c}|}52T)G4n^E>zj2y&1 zb=4l3Nhy0?qSukDY)4@F{2#oaT=Aop$Ii<3EVFW_=i}2|^HdE`ZsfYM!9Lr; zLX=Pi{H+-XwXZtW>lO`DngOWp8BL@59Rp~B^ck*^X_8Ka^~rc_d}z5g-~1(7uCaDa z{MqV1c{(=VessYR@oZ-~8^2fi&QDK$Pq@P35!>qbOU0S4NVrGIUSxc%xWnZ4;f0rp z$cf_VgN*72S;Ozk#wX{hamvKFo!yIj$gnfi^L|Ac%{YYK7msR%G|=E!?mVEgo-v7g z2$LgYd`AMVgLieg3Dt3+Lb)YaYHo`jh`MAW<=T)ccrHu7qoZ@B*Mz*)7KamQZ}>Dj ztP2;iww+M*N#k??F(=ZA=74Q(ch_CVgV;+YfY%wx9E*e!v8nZhGROQ_zB7SYoI;Uo zpP59ZdIt8Z0%GHoN`(q9a$#st97H&5!% z$%@E-Y@1xw=fi_|s6|#(Sfy#k(AvWVS0{qb5=sb1ha`NVmm+-$1#P?Bd4?0(kfWz1 zOw|inPq-jH$!@+qJpJ(W!RJ`L_n#EK`n%LXlsPdcw-ph&@wE-Ng@vDdC|phc@7Qdz~v4--@f%AhrNtiYAaQmMRx zMB%__9^%r!!crn`jq8AylBV!roEblJZ^I3j^>rLljILOj`)jv=JDY-F<|(}a%)|R~ z3(mn@;Q(QyPECIopJX&8*-myj%J1eKwrqt>?XS570OXdOTZX^RjHk5&w{1Do%tguE zo!D+i=RaqvVLxHeu5t+mZNJ&eTzt?=GO+R&ct1pzS1@%%xpxqEZDeopi)Y?vR7~p> zYH#pi_I+MChkEQs5t4qW)`WHGi;+*M^9ZBSJbFGQeU+DqpNV@sNB)y+wqBrnJH-5Z z-4BA*r8Ax?=1s3>%}*rE3K1@6Y&!H(DU+at)r}M&M;wVa2_MitYsGZr#cC8DbglNm z(Zx2u6du=%mwI9^RO6UhU4p15fsI~ZY(G-U>Y1PR!o1A~A2@$&p-c3RH<+w!Xr*2; zG-8F~oU?7P#@@kg1=2g(j_G`);e^GYf8#gg*+h(0@6g9J&QU)`L2SIj|&r7r#N?6I6;uW9!Ex11#tLVU_%q{(uptO+Q#z^_6} zx=X}2r_(jh^easwFn|yeEyE5HKn^4Lrg!O8Q%mpK@1wTf1uUB$bZz!g>}n8)c8yj8eJ6}u|KY>5OkDR9XZ1&!64OP zuq$xuv}|jbPIRv8;WMIt^H!_oo~*e|>Y8B_LKwld+<*>EZ=9h=S!iG!UaJfiX(lu^ z|JsoDuMNQZk|l^8d{~B*ZUzOyHjuqjPf@qm8ITv7wc{Hkwo(U4eVIVYS61htS0fEG zxTPr4${}{Dr2)ImvdCIhF_Ij(%|W;=w#+H{ON?K@VPx#D!}EEJwufx~pYSkb@Qv*F zqIL3qY9IvH2>qhBl0ensD8YhvZymeclT_Y4B(*qcREB^{{!my&iSd_%b7xqq{4>^A zOy^~K>=G^TbBYq(COA6#=TAMLf%113$w+i)ej7iC-xEd;UZh ziqNdvVpXs+3BSzF zWV?2y*$-53JR(Ai_|-}f(c{9)dX|^q`#m|#ubhnjK9M_uLYuN6hLZIt{8qEp% zz~3wqmc?n)gU-_O&jToryO(XGg@MGn6_M9iVHS z(vG{7101*u7j;@jXt7B6^roq}f{{^-v>&CX`^U1lVsqADXYey8UqYI#K(Js6HQiN- z@~Xk3D0w+*#T!oNpW!Z5#JH*3R|~Q}G3eFJ{u-b<2;q9yEMaa=D3R06e#rD+Xm|}M zEUFco+_^KmIM`Or@R6p{wF|rNj-Lv0p>>RTDU-X3Nlx+=MaEZt>%K}@l3(C!2i=_y zFv)RhF^avU>0EA){_Pd4CWQ~>$9p!`%m8<^qWUkaa;MvZV z0$=V6d@vKS-Oacy`g>4kQvUecfVI$4cHzf(#NHnrnN4AcNaATMSYS{+;Mt+9lg{n= zT*uv1_roVEpZs9vUAB5VWT3^4ljRUwZKPF@n_KAz8~&Q=v{tdON zt+f_LYP~Pr|%7Ix*uuOg7Up+6YxT}c%WF&#bW>R)*-{>(7oX}9df~{{6bZ> zfLL*@^(t5yjp4}+GS?N+vraB)F+lo3x;vS}o+#*bzvt&Pe;1Ulf(+DB7@L*4vo|A& zM%Qf^tTP9I3%uRY2z&-dx$!P=KNxyK6e+K&AOD8e&C=J5d6n|Vqm!}OU}NgK+^E@e zA+xwgi?peGg73Zu)6P)J^C#wa3eu3|^v48!wigE`Qvj_w2?Lt~ZlyTe=`fX@NjwZs z!am^VIC73%)4+~m8Wfn?;ve6E88)KG_Be)CY^15(;wun}xtz29DRtmskrCH3aF3*? z6gMf?>_QTi2G@_ZuRuAY3(?$hwXwy}k8P=Kd8N8I*F;yMaxZva*l5sb+4Jf|ZL&vj zQr}(OqFj1Ax48s9As=Vyzv$Ij-H>j!LNzcW1zcYLNip|n=6q0b$|&ZX7vxS;Kmru$ z{~M=PnG#XBkt@#Lq$~@CObCs+k4kS04$7Ryq{ih=t?V0ROv0a?%Rjj_H94P6?YZ@j zy(?9bQo1fGk0qW3MmDltw6{f%V+NAz)Lw{Q`ae5cJ0;rmYCw_x`nkv(I|-*UsjyYq z69tzhqjalh{5cl1;QR<%+WEp;GtSIYyrVd>h|2M9@%CQYYCqreFXki@Y`(;=XU|eB ze#Yln+owvsW{fKfakyKh$(U3H9t=nnZ-#_vRl&0rjy_59YFkWhp6_5|J7c{C>uu-| zxp-$eFpOe)8G?bxHKvaAc9q$(XS7d>*PUUZWeGyI>_@@6UwL~!>HDO&q39O5ZEuC? znh&~3Y&ep6_#)l{FslmAzj=TEv;ICVO)&N$=8#rn=4kw{;gskoKb_NK(I*#{(sU3}?gNx_N44|x9*$wQ%lg@vXP4f_zUwI}{#i0dA$8e(s@uXF z_wO6D>a{nY{X4J*YWJeVL)I)P-gW-8jC-ZM%HT2nwUjk%!a^Fki0kp(4?h<8$TqfG z#ESdczTMyrSQY=#{a1}EHTRC5g>5cy6+I=FRO&(o!{zmy_NHHCa5i(_=D0?yE}q| z;G|DYx=1WIl^LsO@QL(UJG$|T86SeE{t&%AA{v_>FCQ$GB$pTcp%CN=lzK(-XC3ga zz(L7@X5!6J!-gPF3Ts)0MXX)nf1vxen#z6>@B^gT2Pm@E!D5X5pci->zrNr29~oyq zShR^JJkPmXvM2k}?#~Il5J4Lir2=KSi-6hx%21_RVF9zcT;}#4SABlGZ^l)JK^1No z_s(bp%++k-ylrY?5e@S>-j4+t1i8%rz&JmMTr>Ta+rKP|HUmuSll7bL3Uy6om181T zJb|0fJtbV*(3bpZzI)&ye^Q9c? z%)hVy6JX#3YYn&w!a@sWx<7@FD5u|x&WsX$x*!=y0$>)GFg2}xSgg!Ie>=v$-DHdQ zj6?|De+V@ep`wkt71q91MsnPCa8kslNUn_j!ga>4NgO2*p;MPKka%&kjibwu*(zVa zZ#n`nrjnHWK|2TVBe1~yO}zvnPgE;}WXT=ir@;H2BF$OaZ?D@9+TX9WmiU1n;RVIti{1z9QH?pHEkH;p!yJ7scZPggzx zP$9N^k;d!`At`B1wd;<{bFwU-SP8uIS6{Qz5VsrHqRv>Z&x9-|p7CYRi2OYyEak!3 zkIFObe4xVFgMnJrW%reSUG!$iSy^W6IO5afNzI_Sx{J^^OS~7}(W(pQvrx;8jH&27 z$^Jc0`Ou*?;W?JdpY-CDzT}Vx>nGK?-Wp|8Z??s#veoE9>imM+LUpNPw2s$u;eu-@ zZJ+$Wh7(Xf%{Pr2^US-3*$oNwyrmq6Ad|8Km^d<-?aCc>Ao6+cuaSWov#_A@;6`GM z;V{E2g=Ge6_B6^yEs8Lmo0^%DT9`l?(A%l>t0?9weuOMCytVHg;C#yV>#&z~X|ytU1{+6mBQ%7@UytF$~loY zHQDpKrfj_acPoViTt9924Hxp0S0-=!h0Q0)r->DV@Jp+{SUdf_cLt-*YlW2gcbeuU zxs+g@FyWTW7z-d>;_Ob(c&7bq5Wp({U=Lopb&=P{yC}d?K+>Q5f#q z{_mRyy_2mKSc4xejRuyN$!i8`%69|KB6V@n{>cA$TU>_qf72;5*owBmlB$S89*Xa^Hc4Rh)=m&cB(GG@#w{OS z|CP;Z(}v9fjZq>DHzg>TfKMUz7m~a>!^Y+SAS-9JzkC17;b57tE&5%F@9t5C_Fl$;k<2${ma#4;Ld%^`=eqEh6%;o@%z0@GYS5BZs5s4<|m+g$eK|95f>fK6it(_` zq8&bgS_!~I?Qlo&h|1_P{Dwxl41-{~RJv=CqL8)1%`Y;UgV_3xH_pCK*EDr}tG}>7 zV*%x9U3VU_QcR9FXaf^{=Y|lt<-T`*4Zkfy_N#)D)%~g$>cBbZ^Y{MUqzrQB9BNck zS?5R@o>|yAtoEQ#uMer^ngh#JX=Po$ZgTWbzO?OX$nzsAu))V9Fo&kPQubBihHhfT zW6l?>K^6yrje08Kxk+-ZH{0skjah;ccQ|3eVr-hO6)$Na&h`UUn70iRpoVD%m)jK7 zYSP@;+U!KfVs&6XC*||96CsTbvY#kQsQbD^{oX>hU@5jV%`BIWuJkNH!u0LA z4xYGyionM~GG$Z_2vY?~123?uxHOzoX5bB`ILxb^A^(pKI|A4`5y~E|4JGt1@9shYQm*48d{|Yo($mW~RKGisk2w5T4Q;J~ zj)9jMEU*q}_2servlU}VFi5qT?C?Uh+=7izD8~eWqY)}0-J?}*H=}LsL6?=77yFYf z%XN?PsbUFV$3wO**ztT^$un%uOrd)nF3I^5yS_~fL86hGG_FXYBG8tm{22bIT47R7 zZ!XkYdOweZ%p-j`&@tvGc6^_7iL}sMX2|prPW8uQW#ieCa0gRlYs`>eP?yK!+Dy~E zJ;u>!r`S>I5{?eP2K?)zxaV8X_Vt>JTfY|+@Zb?-h{!N#16#ETmkc4+lT2#Zqlb%e zKJX>Iu617^eT;uXg`c%JkRQ?FzutQ;?qYGd#)~ykB0+g|tby)zNjHT5dQ(`a-C1l6 zil`=T&?~16f@kl?=I?2Koz^b&XQ_zDYkb}?P_GJacF+`GGeqfKgA2p!4mgfz2nMx| z^mI&B@;-hj{Wf>;BC;knI`H``(YBvawXa%#MBTjk)<%k$CH7tQC-S&Ek2a0(`23EK zjEtpSLPz4-pThU?^{lXlVERu^aVa32xz|FHK&ns^n3g)DgTFS0+&W_p#tiZ)Ohxk{ z3S+$4(!VUxD>Hu`Lr%^;Kx+ zbXU8>tD48l6V*N@Q+T-(ecCzK1f$$xFOPEn1jHfIHgx<$-O^_G45rec!(^(YM*l_R z#VbWNb{30k|G~ozj-lc?g`W6U?poj%O9wu&gk85_n94I`eH$#C!$^Hl zJLl*n6i#8^2NF&62~Tw=9?qG?(t(K_*I%R~F&fWXU)vCo*?&?51vdMpEYul88nrIO zAM*9`g`^okeYun$9{7>VN?Wq2H11=CydaJiLM)v-43G9btCv44Zc~hrJyjQ%$x9c) z-X}3@*BHouf7ZM0gXlZ3r~cYcmGWVL<-1I+| zwGMf5S7`#(M}oIHyb8^sx8zqH`ToZN^4>NQD@hp2gb}jHask>$B;(qwV9YAxy|ujOAZ;9zFUT+U-*+@TcXQIQX=W+#~> zlxg~sHlqD_=ZYyU;}-p`juC{>pqZ1I++K6RWXHZLpoXcJm49N zHWE1C7-1iG?66B6B@r;Vmt3p-CWOn1hWi){P@m9)#Z^`1ZcHXUGAF0P-Cl6EV%+E$ z6Fyy+hwcT$ZYE6O`&kA!s&dH?yZ%$}0k(nLDNCyzE`P%b`pZwaiW}YvNL*YXvfS%o z<0X4K94X;rA%Xa0=Xvk#-tYN#^a{MsRlw9Z5qGY_H#B=`kDx&q1w9^n3xu7qVdF=j zy(bxD%1p`4p~e=oM<+B4`<~6M^2)aHMUPERc%GUlp(=mu`>t20=~M{9 zkMC+HPa$AVHn`pq{whsUj^RWYU}9&IDl+%=WczKNzp`fB_2lVxLGdqR1!bN|vDSi5 z76bap?{WidR2#(mu5D`ktziBe?LY1w0I6B7_taf**fL z$4=Aa=}b~|E;A>1n}rJfvXJ_2xa`-Yk^#$`{Ab`G^<5XPMlF_>^mJ5LUsKK|mAzZu zQ?aFW!N>Q%k=4@RpU(tUCG%VfXw^!w*=JI)gyyNZq7r`*`SN=JncaE@B?Skdpp^R~ z&^PZia_Sy`AkBx9E21gm#LFLohm8j$u>-k{KxMP~IKEvZBaN2XPO=;Y>#3TxNtx6s(+=he41^M& zWTK_o+Gg@y=sQYcI2qX=q^DlbVzAW*#n{#K@cWJm+g34~;VCm1r_tO`eWvZg(taF;!Ml$FyeK;> zGhhB9hw@_URMk2_g2km|f^JAmnw)Mr@I@+g4f=u^k!U}W`4gk-o0_XiP1CUj=3jKd ziDLL#sM5HKIKQMc((+%8d&X`MZ*mj5-0pB;$;_wh0GRiA8V=MD$GLm7zycP$eJLlY?N5j{wbo#v9%G>@QQsfT1NR0 z@278dZ0oi1Dd+LkQrW#~?()Ed;4>I2fy7#^;oXWN`m)PWb zLp2@1)7bA@)JJ)39m|tW*-3JuP^%05jIGsQ+I@6|XImQq1EMB*zuP6+e(VNiv(7+d zN6a#(JEGg_#teXi7Jw&lwdPi z==DOC{s4m|mylbxS2N-3O`Af*GSjJ`VKr5-TJ9+5V;{CVfofV47T*l(M*zB>H{HkY z+FW>!?v&c?C)^7s2?N@-f});6m?EC{w7W(peQA^YHG~kw2^A4uR*Z$P3s-wNg_zY? z)YSSZM}d$oB3uT8tB|^!=K1#Iw(M>7I~G2axwAlLlsji3OZM@*C>#|{);-Niv!;Mg zf}Z|~ka_hk)C>Qd&U<_7DXRc66arNoJ+$bv2AjhnKR3fiOmUg z!l>(6@KR26QH!eVitHhQvZSpek@BO%H(hf#AE)7&gjIFavZ7LGn7(JJ-eTzmj>1rC zS-kQuOD2{hF&7d2>7E=K(?agbr2HM)!g(Ezc(jgg+o@ zmWSkV`gMR|!BX?^-|9#POL#L&q#{LBp>Ep6aM%LGVTvLd$#>ak1#h%!qw+-X4Dk#u zj1mv&;rR(NQ$aUFT^E~b&T!Z$MW8-~5|DA__=SCtS!#tpA|$!;c1+zHRmvuJ2Azjl zl%bd~?M=P_v%yb%7M>YXK^@{yyt(ksxPFP-uBje6ot4{N_uSjQ_%Dk)xd0yfRX$38 zP-ptoIgqTS40@982O)h9-5CZ!Txmd)d`87PF9Yap&a_mwWM}C?)fsqA2@Eepv|P5_ zI=br1YI8GuV`+0rm)3b&gntLNU^n>79s}IQk==3}`X7h(zD};H2v3v@C-DT)9+iKn zNdy8s>Iq&qq>XS3xQwQ19Y*JQDD5^|WNATGwV#W98?QCIcqS2nFdgZe^!a|sUI2V4 zvX|kkU%KV6wlO16j29`gpKCdvjp+)T07XBX|SJ*iBK7;Ki$H(omVDGDm9h;N&hc^$WME|WJEa?eoQoFk-qG#0N%>!mH1?R4w~M?} zzB^gG<(@2skUQm0p8n@B=8CC#9Pqs^LwB!b3vz66{qHzkU}if#Ek*e}m@t|K4m^%6 zrD&Rn{(1R+GT2pxwe!cQO(F??N+x@dDD?a}ZjNp22Z9B|9q8(P*CVzMhy(={W#J@} zr5lkViHe*@vZ(HJgbQRMTq(zW79osQJCNJ8AL4EYFjz}r%uXiT zXk`tZ%9IQr)NU20(Agk;=XldG6~Anyko^WZ4Ub)g;@Ydy?UoRWQpl{Rug~!B0A8+ z(Ka(h+T!)1&cZd4=G-Xk9rKWPLE9d{xs*qNVy8cGq@*0#&1G#Afu?6AUKOq#ZxE0R z$KQifK&jqhCI~3%SurBHd(wx;4K0d!GD$~!{ma68mB|OWB+M8V{yU^k&~~ zbJWCmu^SAztyCjkTMi9-$goO&W<2 zK(;v{*Q=9zZaFJXb?a{*5@Gbs{$v?ykZ#nz-20b!96%9|p8PDdv9`-Hw~rOR>$Hvn z9M}vIoz%FtMKJ(XdKR3(ZK|(Z459ULNV(ffJUnXvQ_K)06xUy9JqxN{=_$X9|8Ktb zx8%e5%ES{PE(euAKD7}yJ_V1-#hbNoE!6U7>*Yok=B3KtwPw&8dGLYlZMdCOB?)zc z1IfFf%H^evs{o521vSYHzk%~YoV_2Z5cczOyr3EGA^MD?{NVcLi49Po##4AO0&tOK zs7_%=P`tqK;!V0Wk;4UpIBle`y7Jd3zq2-0^9uS( z4TJ;2`3nn=F?O`nSSPajIp7Mo4a5USjblpOxwvlEJcucS7$45rqF%sJTu)&iPfEDg zh13pG5eXE4LY{)hOuU?c>%z(Qm73%g$h4L*M%$-sqWo>6*OCuE_mcnxNL=sK)C)He zTBMr=2|^nP&@!c)uVYC0ONor!ivzHF_TcL z?1}|4IvRq0V8WB=9s}g~EhnP-$RrdgD6aIxRNj{;wA5>vC?D6 zOjb#G$PTy}t3f1Tf9U;~tRjo4$Z!(eNa*@Zd8Zh1S33C?B@6Pf!?$$G=J0(p?Oom{ zVZRWcvA*3jyG!_gLHP>Cr}yaP^XlkBc!GmPcnr^56Yug@6>RSPUAP?^#dE^(8~kD6fhaFhps*+N=?%8qtvHINVQ>Ei4{>x=-frmYa*}Q?t%QnKDJz{!8 zKhm>yPtE4bo3VFumaZS}x%j$z7W`i3+dxh}+t-Tz8?t2%=`@_Dx#c`5C3PB>dadCo4$}-sk+?m&n$vdZ146F@Pg({+H2If){e-nHpoO9|v*yB3Ayv&~WF zcu5yhh}Yb;agX(|$)*j5|C1)G9Lf`DS`Xo(nB45AM-vrN#u+9~;n5N9lNQFLIExyh zQROCv1d3THALpF{s?hXW*65`!(@la_1v|cpRn@URQ0ZRJM3`=C(Z6<=tK2C-B2dCJ z$Av~R5ZUWm_z&V;-XEx_3czrfvn#&o)SY~ut zqhQDyFeDV!D4PgT{{6yVlkPs@t-MvTL#Gs{7rBpwgYDZl3BVq`Pdo-TewCJJkLBMF zHYb-`Jm8VSlzXf>tO@^Eq!v_X55sbEQn=pc(`3*O2XMU_{-IIB}et zwHy0f35C;=Pr@yGJU1@Njh<1DDWa*s6kHOdy!7upbEEag5=|qAHRLP#N6u7S4=pUP z$|w8^URqo_Tbcm7eES%gN_>-3qoJ#*lU3y$Y5agTYXVX|>?y;ULe15q%eIDpK2H7@ zWlwh}#HIC%0|VyljtN7{=H@Iy`V_Q7+Ywd2TZ)HjhnNQU)~^DxEf>u zKg6Z1T{gO(_MZQq+cRvGm9x<{F5ym?wp22&&1gIhsX_I__&Gv zryJC4WMgC8>)|osqc59Ua@Q7pd_bCWavf9>+#AKNSLAMg(F>1Or-T8E@~?bUEvC(= znLGu``or-KJ9KGNwrFNX%_!lThz5%emc{Am3>D2#ZQws?p$;Yt{r=s7*M4T^7vYWZ z(gzuk+n=!Wf;JmM<J!5lXf$9fUJ+Dcb)l;^tv`Fv*ZscDY9Dq;fLDw+7D7C)o|$aWs;s zlm(iz^O zUw>I7Z_4AC8DQuuojPi82QyO(bbTlPnfvdu=HKFDP#4nNB%-`u@_}Gw1+r3Jk~huyX`rs%wgVMObu;zcgmyuII4I4kF>t7;?L1 zw_3u2K4_GJQy=J}O6Qz!%OYtjDc6`Tu-uLR9KF=-gS^dfn^%TcxJPJx%c|fQZr7WX zwgLr(o(&X~(B1=ne>TEKuDnd&QMO0xK6BJdbBQz?RDBhR~Ch zQDR2Qz@bF3MVVJn?ov`GZJRZjhPCZ_v8p_#$6M_CEUE58e1Q4DD5hjVxfeEtW)Q}m zUk4(@X8_o*g!KKBVx`tb*$0;C3FZQx+huM@2!S->@vPTRC%_6#9i{i%N844+BnYy- z`v_Qt3@Pr^10KH!Q4pYp6n6=~Ds^Z5+r8GGpKw?ea8-#@oZROD^fA3ad&rjk@3~6L*4+O^@^-?={u74bO<%HUu0sJZ?~gCx z&tf*4$`z-zf4-Li7#z#ntH~3W|FG9^@{!GDH=$GPAWT%jfDE->Ftu9AF#g-HAZD+= zbK7rdA7AM1UykHJoo**SpdK9Ew??t<#pLe(^o?TASW(F=LyjrP1{RUYXc%YLF{;Tx zEH$Kmla6*q)HC}ps(@$zKrjFqHXqWQ)c6^?+b?tiN?%|Ar*8f=lj132GdJ=M+-N|; zar$$!{QH%~?vnffht!8qqRi)3KNVmpIeg4)8kA_ynA*DcB9zc;nqKIjP4b_SCwhH{ z?N#-|FKN|+kY#1HK|~!dNNy{psB%llEOy8*Thi*Q6u=1A3!Ueq`D(WSZTj@o)R_zKk9NPMsXOntn?nE!&Pt9Ih=mn0Or?Uqlk)ot2PpA+Pb1<8eT; z%hsxSDZNp@di(K?fUnUhohlPZ7U8`@gR0u7U9!Y@kfT}34it}l^-m&QYITvcR22D>q~5)*47USd(nSeJn0!j_M|`>psq7%} zJ1X#tm}chjJXDFDmz|)8XcvMEKw)1BK+Y4c+4B3ccIG@r$k7>zZ9{GZcTuJ(*ueid zik+57ir>A*=|po0AhQ!8KkzqJF{ibgGdE&V6pc6pIg^9(gkjNX2g=M_PnaGe-n2^W#29P~Pn@y0O zbH6-~wv6kn!`AwEc$~{kgYs;#w0S}ik!e3KK6goDmGszVUDq7P8RZRcib@cXL=w8H z{1c#C;o|~<20WI_6h>BIcqmukHxdn`MH-NKoFQi+8bSGD9*~RN7fBBqzU~PH%%nR= z)^PVlRrFfe<7&w;p=xJ174;8~raE!5NOmd=oRx_E)91szKa_D2GvfRa4M5gr*WaXU zXD_{~%uIrQ$IqPJwoG0cASM&ie2mpPwz1~;NqLjpj=YM$j2ghNw9F_iPb7N3jvo>s zXyy=qc@CRF)Cslw78C>r2Txc${ZC34{CL3)g~XtNb}{{385| z_C_{3)FmSs_S6h%8IXc74D&Bl9t_R-1RYz56)IOjAXUL4xx3C6zTf`YvLlaioBk8SmGg5oDT=rcGdK@Z)F--?#Gk&QAKz z0t5RNjDYl9N>FS%{m+j?EXcG`P=C1UW?B`Flae2-z7d%w&`aJ|-AeiJ@Hz7agrq#C zhK{TBc+N{?hdxD(%3Ae_Pb=^5kIG!p+T`0@^_rawO0rE@w01vYbGiUhXhxrc(a)t*Cw|ItcG<`s#$rvUjK5r1B&z@==iKszZ z1Dp2Gy~UB{?=2}ba2GLRTY3c#rN6TS&wD+JSWBq*& zENs5Tn86txwM!`o#GqpE{r2T;hU)O%?c`n2B(JNDr6LjsD581azmoldVzRs}&qoxy z&Ge{E;myk#J9^|}Of9%UO{_L3B3)}hlCp5%<&f<;sN7qlszK|-k|Oh%>m(oNK!efn zIV?F~mfXv$gxbtP#~+|=esxOjr`f3t9$@zRaurGAlDSP4)h=QI2Gb|HS;N*V;x^Xf z(xOw#vF*ib^oXhMn>H@#iK07BC%^n0NsezPM{3WZG!CqR(qpAqlY?fK%0ZZM{T#?# zYmnQ~5@(6bA;Df+fmEK!cDJU#<~m8GEz+%bMJFNj3f!!C`r*7PfocSD3Ez3qQM|Cq zoy(uARGu)0e@@phE5p`ks@azEn{p&~t$1j4!kzFtDUSoO3X&JB!VNaHO_* zc=uIm&k=5BE)@Q2TxZ;KR`{X*3nD}V-J{eS>oV>elB0{3Bp_W42za$~r>e(G#)Xtn zO3{AcWJZS{BTkI=QF&z3L-e2NJK5s!MQ=~b_3x~m61&eb_HI3KbgBh&UM2a&}sUQ9bzx*8Evmb!o zDtSWade(!0ew%9** zLHYdW<&~9{exFocx;*Md^la!(G<6`U?a-X?fQMF_6T2E@3vG*|>6d@Fl8LP*kuaWK zkVoZimame;Bvg{+<~naD2!!eRsLx*xCNu zAr%zTLH?br>D$~g(;26y)6OIdv@LO80=arSWeGnnS`>fv-`VAuXiK=1>RL#`$d@eJ zpaTDn#^q}DEUdD4gT6lyY@{5n6(bbOt?MZg^(%J1t1{rRcqs6B`j77KDIJ(lpTl%~ zZM#)DBV>0|2!P)&%ep18mMZY}bXH>L{lZ;$9gBd1=-R)hLeF(7LU5}lYPjKg^2{1r zxO~?{_W%j7#^HAd^Sn>!5;}CsT#T7K=?Uc?pfxrmEW#!kxz$mOJjcR~NBsJWpY?!W zOXR%!_1+as1KP$TXS(Q^M(&TgNbD;cW>Rw@pcaYCcJsr$*Y_a>Hk{^(sxrmnxK~NM z1{3NDtaZ3d3S8V+ObHiSln&CerA&uJAHnf%|D)-wgQEKXF1~EX{NI{^t2(XP9A_S$6OJ+;^PwIt7_3Gnu>O*>O`5FZpYz6vwcChs~r;cem2(NF!LWZPz1rJozxGX zwmrvDk<&HB9VA~eXzfaU2@}{ctU9Me3LgC!F9?YE+V2-6q%A+V@!akAPJP=HHPbs_ zo>(q!hLr)!`ewP*z41NUeX$y>$-&8@J9T!g60N;BQ90z6Kk!Mw4wK<}lLYFyw% z?T-8-R5-{V4L{iq0#JHgqrV^9+%|^-#sVgF!PowS$Ql-uo|J!z@<$rn?fA(5+$GKs zbi&cC8Wcbba4eQ~UH0iOhHC0ZV!$`SsyTsJCrx&D{wmwUdiGpCl4mOXltocke{DCu3b#@j;FK%1u&3=CY6xDm9{! z*`=4Q<2r9oVy5SI&*9Hzkzg&BlXhTU(0G~d(vZIjNpQ0gWPduK&<#$_h%=}bpXQTa zidM%PLLLzYqR|M=^!1-H@m^O|`&dBQE~?ahAb`FO6Wz7|sd@*1?RxIOHIb)CoI2Zv zU<@QdZ*TLclGWe4sl`*2IW!6f1y_G+VEgL&FwDm_>Ipf5CtUGg`?Xx3JiG(wv z)%XpyZpK zd?2EQO`b-rNa803b)d#bFJ?KK-E1Id)SQ+!4ynacefc)qTUxs*V?s@<;VMD->*m12BPrz{*6c-n_jS)R_y3b@_3<*Ih^FJ7+zpGf?{!jLBAjZ}{ai1j>B?YHkKQidnOy1StN z8|~KfigD{dyWhaLOC)Se9NBVUHFt^fdTiE#JPhJC^ zky8Rz0oPED{Y_O04e*@=6y>4d(bWR(Lgn6L6nr3d#Yf8|je8rsQHquE^3r7g+JY)( zG(*h%zyXS0hlHE8>~A0j=Y2Mt8JN`8z2B}3`@A_;5X6ZlhaA?mk5ex)2u5A%kT%Q_ z##+eCS9Uh8$3S|*L2?wImb*mQ3f+Gs8`N}suDSjj%P%3nuC%Av7u$B+$}E&*Hh*KfK_my?ajWY4kMR9 z(6FZG4G}q^&^u&mdJ0eh4Ukpez0O%%TRSi@G0|E40v>Y;O{MWU3wsk7JR0<*<0)0C z*{dV!?(=7J@Tq$|EH-6(SD9>c5u zhKOMO7odehH8O*9+B*LFMQBp`fs19xXx5+QKtSiA?RW~1Nl*u!Q`^!6Ui{gR0i%kV zK7A&w(;wx-EBlB`c(|llNQ!HV*|Q8 z?D>GISW?zxNnMI->;bBTjJvR$K@S90iSHpb;ufru(xamF*I#Z^G}7rFyY>)OvxU_W zFe}AbxR)vx@rYF159FE~ur@P~J(_V&R1K$6=8Rjt<(+%FzQ2Wax+Je zzlL@#D#5~m(24@lu>!+R8v=ft)qa5#s`93W{n(oM6$y^Jo7m+-*+ynSjKA`fw5}a_ z@^}SzGSX^k;bwjrw#xi?V)4q$N6O(fqmPF5<@Y)xf>dK0@ASfz(nV*J>Y{y=`Oz1G7KlwYv7} z1N1$wI6trD2j9V9M_ntaWTkYAn!s)AmIMo-^IUZUknAFh1uYxXC43%5kwN*4|8T%A z%OG@`vWj1NUc!33*suLpV_&GcBmz9%y>6BhDRSJ&Scuh&(SLo!CKX+y1{sHbOVEK$ zJw26AW*s4swCdmuJ2dQWIS3%L%LFReC#P?q;|66?$ zJlm89JYeRR+b3}V6lc4PWn@H05g+=tTsYPaEw+VPIM7WEu6?0M8eN!OH1=<+XKI^0 z$XIbm*DpMKP}>r1hTcsI?I~bHM_P&Ky>W!RZGl^WYGpiQEDFch^|Cs1blrT#yNGU@ zrBphb$OFDS<+=IHo2uQMX^8@F&b~5{zg~YxyRgF5`ZGe4pgL>p(s($ohW&|RggMQtR=5#r}b75 zgvcW^%4Y&dvg4P;zU(~ZO^^wA7fVV@Zbgvok2C%6W~s(j>#HGxR+UtHH{ySHs#+rr z8VE>g7FfO#JPC>Dd2l|Z>M-O0#&N(}eUVQ>0I9es(xF!gR;A)sKM8=OjW$jj2)uuy zKA#VdLq9M?UFaTYLl$+O(9}?G(`1d+QOB24Z1p=g$m;33e&rCFX#K5CV z#FzD#Rz4@tTW^16``73D?HSt_7U}SXkw-XT^W}G@1b!IfJS(yju~#%k>^9#5A8V4Y zO?IWjPyW_mWoJvf)%b=%U5SXiAb5}icLv83%*A|YsDQTK0JXV$Q@#@8V}5Wb5N#-1 zE#9dzRyOv8{7iIaa%rqPjHGG^BnGrgwT6}~0g?A0Vw{hP=Avy9^bcgk9G|3t?2KxR zQczFiq|)rnY>UTITJ`&TVK@@)?1L6hr*QDQ9Nl+yRWBPGR9OpI<4Vs9FhD!gg80}J zx{&aoiYn5xF;?BfKh4+{V2N=L)((gTNUSofv+1BRy3XWdz^Z80p}x%E#r(q|v_zZt zmW}CXTV2%qhjRE_k^(Ld4`T16L~+|)0!WUy)wF4eA_QmQ->cdJY8j7 zHS5__653+R(!Vz?RLZRkC=-UG?)rxpCi!DW#NJutWGIo<7nQqndlmw%Yw&Z=6aKImWvXwvHK)ET&TrG&vk4w^6!2??7RUpDYhOb>S3@y@7 zc-AXnFAGydO>ko9nnq0W#q7o&%-|0><>cUF0;9cKp2@T1PRaf@Ji3>~$p%P+{{}uNw~_w%2C!TGd(Q%k<-sX1kQs0Y7h@=Pj{ ziWYIVy97}>`p==-%ZxSN)3`)Dj*!r6p4;6PX^14(WENH*TQGliC6<`{QxU4814dJ6 zBAP3Ck@TgS?+bI&DXi0G5L~kR29^0`F>Z0ZIc4zR37?MVx4f^b13^FiMi%H+yJE}g z9_^nt5Go{JMM#OciQuIS8&*BW@+CM=-WWq%UGM^J%#E%$fAW5pm2I7=0;w(JE1Zq6dtHvL?k$ZE_e#P|yPeke>%>@xm{QkW+`2 zXI!14aMqKhIA)@U-^!qcPfv%H&VIBNXl<9`CF>)UES$c}B*9s1wi=^&!oQVx_`oqb zD{}hsKU6m{V4*!2FaYC*79?;YG0&(7p z-@iGyP-9=9Zi_VD0pW;jTEjDMA;{FsCMpOE#_z#bKZ_9)>)tz1A?Ni-9ODjNCKt1| zNb5#Eo+}o0w7wh;{j~*^6*hH=ovo34S>wWUoK2!=*rH%dXLef** z>QC(_o3De3f_?0*)^J*H_N9|QfL#&#nl|rs$*>+Ay0v8c&VS9D;($Y z86l;0^@g7&yJhwXjQef7np8DHU7^F)XS1yE1(s?r2)VTKFDYsEWaO&qaeUblZw-qt4k*J?Wx*FU&2tsrLhggvuDPtnBM413 z_6`wX;O>SFT|!ULT-WY+$dpzL>?3t02S(t+?PpW=M(aN<>%PsEWp;u{g-|~x+U`z zap(9e1>aWz{|STy-e6&BpIkD+)nHPM*zuq7x;%vD3S|7U*UCTq3g*}or2!^3^dt%D z`{YmZ?P^Jkq`mk0q;RHI-Oc3S7#@Mmw1(b&@)_x(-wg*e(0LMEK2s|vsL!amdVA*2 z5`A)dE*4K_4bT&B%q(gT9*#g0JQlv^?Wr@#VCxG?MV zrZ~mymJSp{o_F4s?>qI|qS2$r>#|K$aoo<`!(2{pKgrokQf64ZV=XE$5X=saN^^>v z@|kcQ*)CkfwGr}I8b0Slb}xgPzFVyHFnl~gj^59Rpn_sjS>dlHgMG7scSK;>*v06u=?M&&H0m&uU&;@BP% zqeyB4kS^Z*XOLTGHx}?_Uyp8|irCFI+-AP&mKCJzIJ1a9SdJfgm8J8@h{Jy~z5<%Y zO20%!$*@yB)y95q{T_-WKJ`1>3Rf}DdvH7B=5q(_~0*e`S3T_=C7GQYlK zx!<@7Pe}4-WZ!^&Xv3&R0L6FLG(MzHg#$_yd9ezCUuGC@ZS5XAl@N|$oQ3%QfU)K+ z^3`1*S?j1R^JX!b%lFFC$=9kH>w-LG2ft&9IU8S--RPv_lus#D70)lTRJEoUm#JhK zH0Yd=GHu6>4ATA`R!BE6ME&0UR<(S*KGo6V7$%GuU~QznYqB&#&3@43ep>1j~6Yeb`~D&cw=U1NLJ z@}A4;)#Pcq&`%izoN<9d#A5NbuQkboeNv~MYo7tk6TqVS2nyd{f2EldF)8~*b>opV zg>sMMmP9atvx$gMbg9R8T{I4w)2Xx1zTYMN(VLI%MXZ(-Kzi`zkMV0OWbujbvz-1W z6}OCZw=&~q2|F|m_GZeDrE)lXApwWuRx0mX+pRkm1hE)9zR!2rL1$0gHU`=$n2RNz(;ZlwL_GtBxDo2k}X z+a9YR({X%$_Jitz9NrGkQQ4X>Ri}ow4JbJM$&aMXwLO<=IwASIQm5;q11HLh7|(xg+tDU)V;PT$#wEVm9YhLB zu{6FD?%vbvVAGjdH`Q5W@jI4ejhwQwx>_FYEUzN`Ts}WZWfG=5JwpwiD}#x~qJ!HF ztw0+h`_?BTYgsM4_K5EK7CU|Us*prh*bFesT)uI^lT7ZRJWpWd zWX}Qf`pGYBjt*5X&ivQ4Ro0|Ak2l-bCMoNG3iS z16Hfzg(HOrYDXJ_+3S`~Wip zqjdwTfLZbxP>q#G{GH#RF3)vB5deTA%QBvG0au{ZUl&%-(BrsQ+vN~|-8!Ghz^}qu za4RS9Sd&?hh3LuIjsxx%XdipGg%N}K!DCYj30b1Jd3n-(Z1q9Wgt=I{R1u-PvXdp5 z=SKT;Df`9-1x%^Fc$B1X2wrm5Gzl%iDl4hEszzPDY*bxPd*q5X@iEFy@<4 z@bXRD^v{KuK~de}R&TXbOS|mjG&aNRl~l<}uGh{&9$%%$udOg3yYRux|9&p6WODQ6 z<0sJ~Qb40EuI%U>@cJ&dMUJku6bqRyzS2^{O zioM5ZkFNc^FT=IkhbbTd=f7N_fdEJOxm2Ui6zbr<@Dt__8Xr`wKu;?Un8*84&tdMy zEj;z`k+~D?yCxj(qu`@Acf6$c7f}%jgfxG>9)v7D^)x))i&LlpjDXf(N5BOFzdTXY z#n4DceWV^(!1cibihsySQ(*akH(1k;`C4l4HW^zofEWo^$10An^dHPjMm~bKMtFN6 z=&N(C@oTqxaUn@2>jb;WnR&UtvnPB3{1(CGxs>a&qm~vts#g}V8_fGHx=jUIcHR5U zOCJ0dbvaYiqPxYx{>(A2Q7&dtN`<-wKld*^h($2>#^&}k4fbhR`qn3z#A9oY`W86! z10{$QP{d93>-@(Bu^osKkdNP{t`22R(PgFDl#LhZRkTP5Vs*$ude3)GIj5mRpqidP zCe(AlQUkkxgXO(}Wn_BqJ^hz`-mf+e{`n<)?iuK>i4P}x(4j=(Qy=CLvUS?k4AVfQ zyciL&THl>cytmI#TjN8+BP9y>+91UleNT!tEMEkZnU%$H&9zlwcIuusn8qjLZ{lYW zrneiJwf@GJ1DeuqL?QD+7L($!kxG6^loG)$wqa zkX2a(_oKJ&?fO|B`F;<%nM!zT3_JZS>5f(_ug@z}fqbkJq9O0||3YcFEyW3m*is;` z-E7CmOSKF#K30xo*w~9VjOT9h1Z%^RkOJt-=mT)sIC;7Lk!A{)dC%y5xMR!5F?#x^ zI=$Qp?9S#Lzdd*0n9m5(phrvn$G`qX03>JmHw!H$ypx7q?0RNe_^Pyu>>QXq4nTq~ zVO-tEf(Db!V6u)U7m1gfdQ#zj5w6|NT%@(UzbhmEJnAO3fIkk+)RVa-B(Zl?bmnL#YJpfHk(9|YYXM6M5lS1Eb^R@X|KW@}+ zdtZh9;X}bas2%)|>^Y&X-D3LUBi;T`0<$vsk3tql%t4rwyzNZ%!@WTl{N-w^h_U(zXX#6O`W*(?Y%jcKOQ z@-&`+Sq`?Z`E$-Ya0++`f2}_~nr=qK&JJ|x@+`bO0-ghppZPwMEJFpTvzSd6=*fS(2eZv#Y0PhRp#q=*LGbBW<0X+x z1OUlXhpY*}moWw2?z1#*X{tXf({SEP+&sF;94a=HH0QN58|a5eh~}Zk!5_u+g^uE@ z*5ua#agpd`AcCZK8{szlpK!aWaE%hXnA;d6->4zFR>L}en-@6v!|r*JwqIL`&@<~X zQL#H|k;ft?tis*<-t*bS_K4SC6je@EZc1EER+<95hY-wJ1u2BsSE_zfDO9w&jBYqm z2IeiTZz@eK=P5~M#!kkevR_vj5t)x9ec)E@$LE3EYuff#Yi0W_0bA zbzO}uIC}pR{{&`2A>gxwY#of%%bUSRc~pm2E6Y1nRm#VxQ?F9DdcY5T#Q#l$obfqM zOWpoz<2F;ug%b{{AhUKh*RDl|64RG}vNbLh@wORlA{F!C(s>0gfERsp_vxIeamUIf zWRlxExBJGV_b%YW8PH8_sV>Q!06vUkWV7&N?|y{o6V*Q^>h}R1hSS1loQ*!aNFTQ9 z;gO@WqgCsoYz4P35B*>(AauSU?nur3l~luks7vuBiFY+gT@x6_E5%uuDnuh8HbwE& z#$sU<$=g$|D~W^>!h)PEl2gd2oxitMLT3X&KDh*9Gq7XryVn_J?0g`JEfvOkJKwZKEQk; zVEyJpV=`{3^8^t*sYI5LpGNNS*TGICf)(yUi!%bpn<~quTXQs8UM22YT!;* zJRd-x%xE2^1w#9}wWsZGD?DCxXCJsLsH>{WD4U%Xfk>Bm`+6iZOLmA+hl96vdJrSg zb4hLa@pp^)Ip$R4NDtJT71q<`AjKNJt!Jztm8EflsYYTcb~tC*b=Sjf zZr{A++FAb!`4`@CkIrt*=qS3ThCK_9wAUg%6-$s~Afr3Ze%w4pgWdF(b6VLPoypg> z<>=1#_1xGVf^yxgNU7#ZI5F?ud3KR>z|ujnFAQA2Y-!zGdjQW zJ)iDBiA_JDTf%-nkZXI|9*m*-96YhnkgNr zN6W6S@yqz-D%y;~4NL=zR*kG)OBY2}YA0Tspg6_gbNiCBwS1lpbA54%Oe0KA zeB{$_uTSrZXnVX+j&i4a!|`=uf2L-TSr{&s=%!?6&Z}cVO`dpRMu7Y@GB-&FiT*{e zf@EYQl1VDjI08`-k}eXpf~uP|h1?LY*&ks(NO+~gCf1T2Pp|6YkK>>_|Gy^xu$S-G zmaNN&GfUam&L$gO$3&sc8}Id=4T#$kVFiybQS?mn*UghyZg8x_oHj6y0A1{r8ApVmc`rb(%QbO*@Y^oG2QM_$;i{rf2paLp~= zMV>@nRuPjl1KZMdW=b<*)OpvHIyx@Ex?eg`WRdg54Vo$-Ft$*?{!y0#L2Ea*{Yw|w zt2u^e1*)JJEXn)_=4AdvKke_Wp3WCQ_M)jaKewSlc}Ks6Pep%0UlR{k;x9eKI>ZGmMf8x|#ZmFP<@hbeBSsRi(FrfI-zYybqDC*2MG z>w#hcq-4ARjZ`470i6=5xT66+kOnJ02`f)@7aLT z=0B?N7h6e^qmaqV!fE52UukrOOcirFf@=0^O%bokbtCPZP}eV%g}HB%O?QouYwY=DTG!ZxVX^xIPn+x6YxE+bgU zASmPM+^O;2?8*Jdlk#*^(Yb8(iHCQJA&)v1lO*uSo0 z+L-ayTf@2jlUs==&Br*v&T+;agd_U2r+e@zke#YTk>3X8k;+>@soCdAB78Le?jy}X zqhy4yJ#Nynf9Z6ON>4v8Q1=AllK1zR0vX#faT1XY&6Oc)R$`;h(;6*}FOMRuEhCB} zg?aNmoOja>2|TbSgjE>18+xD*jDG{*2aP*j4UowMQS8~ZZfx@d0b43}QKR@QE7u49 z#`6<1jE57GOvq{Sr-na#_7{2Ygz57zg?TRcdMmTpgT_fe4I&ud6mG?21p7O0bQNOq zFB#9NS9Rqr?u|WVY_w!FvkpIy8_Ls(A^=F+%al>-Y@LOO_JY`$alRE>Yq;7#B=c(! zA}9|25TFl;Fbd&E=Pmi$j0@L7bgO?oy&fM?hh}Lc`qE$rPZv>bGordo#@Wt%+*uqZ zPS?(XpF8Z7e}uDD6%+F!8)`tmWRLwmup2B-c8@L^W-jJ(XXe>6=-O?ZwSi2JzxJHq zIS9D>+_@(l^x{GJO*@HYijAs?ANSe?NszwKHC~BK*(0@95{il)!{z&dR=vbu*}tHj zJoJ~wUnUiR9GRHk6afI19&kUm8gev4V|4J@$s&9XeW=||M;-wA9KZsgPKv6=8iX#? zh6RFg!v;YB?DgicjGBwZ=2P_5k08OK7GkrpfTJJ7KJ7@p2QeXcmh}_E z=v94cpKt=t^-2;ToHCwh>*(Edw59PxJn){RnAY80<#bTD-O%%B2>5XD;|V=mnWANC z`*fGW+~@L5^JK^3B)W-&wHS#BTo&pSf5f)OTQ8pz6Qjs~^<}GPnC#;Z%YMPgcWlKw zJ{8RhRS{zdRCJ(PoJrq9>xD_ZeIZ7ZBJ;aaaxwshw08ehJ<{al_SY<>TI$NznSG3B zVaMRr(;a>AdQbDgH=gE=Hn}9+>7D{@5TCdUeK(u^i33(&a(yAC)WiVWZ+7=ljpABE(z@aR*$!l zK@p1x9UMEi>n?$1#C|rjkK6PYZfJ0>JAmTh-kHADvmxB-^s8NOSt~1HM2&14-@FV# zOnNgMiJ=ooZK#VgM1l_1S1CQM5e-BH)6p`2;=s^Ik>th<)aj^Tv>r&1n|_*MXuM5V zm$^GFDfG-iI@-zn8xjk2N?yIc?WTMF_G(?p#vhMt5}<^(ZPq=RJl(C`3|N7~M}HS+ zrVWnqEQ<}8fRRX^X`Z#)9rXcTD&j%uLgcedM0n{KFjt?v zeE~!#zZjwtlqo^j7I$euQ*wj7&pK$`r|;f%!U+b*jX)5*7=eJqw$=1nYgw!R(PL7_ zH-LGO0;?O1MDO`{i4!=FPQ#V+ZJ7Rqn&-1#g@ep>{Us<1FJ^0S5$+(`Zs2cQH^RrZP@76Qkh)8zs-m^D zP`i>L>krj|Y@2x-^qsP4v?H$qjmC4c(axfJ5jZ<}uU^c4T z2U`Wops-eFSKXJgY;wq{o$QsQ)o)a3fPfB<>A!zA;hg6%#&f5GpIQLb9xKq?-|z^$ zs?dO12UHAKMI9YoTvZ9RpC4ZX*J(}lLv7ut;>uID%AW5Tm_u`Jn7$wgI7_Mjn`m`P zmCEEG{gf$Fl~sDz1(DZ`+muacF=W^dM`Cji#+>)$N{>M~oMDcfevnxUBu^gC?Y0;g z7^b@2S)YEGsQBPIqF(6nEw8Ytbai3|!*zmAJv~*f@Ihcc6 z;W46XYhE+EFHnOA;RN(*VvQ*y$!vicEi&rUJO{Whn%Q`xRH z&#<1N814L0s0_@qUk_j>g}xaxMBe=hikiJwI1lG-UFVk(Gv)KkKEN)iiv03-Qj2HD z5;2(0pB9#-({T>rk%vqI(w2)i{U8+Zy>Kgz$WO+hkH2SoE=0Mm$8mMKRV-6?rlYc3 zD4C9a{uXv532v_)1RymejlKjAtNw-v zFv3aZV5Y|Wm=t_V6Der=_44x+q-$!0ziaZin23@kon82d5)h6Cs#Emm;695Qvzlb& zXL1mOBpBlG!cMsjdb16%EFlJhrk|-^>2^z#~j{|J$Z< zdq+KNlBHtkzwL;OvrQ_`(CpJVuKAJ#nEF=YQM|_J#~Qq77nZ`CvD%u2DReE_-Egke z{Er`6#M~eaX=mX2%A;Xax7g|K0&w{$%9Q0?fl5KoQpk|iX#t6(_jK$eyT>voq=XW) z?#FZ%WlJLeMYxvP7t#`mHVZ`u0^2~-R*_HHxe_f#Dk}RdeV9`b$KGHBOz++n)yVPT zkCyH>k`^UX!j z;OSRA$%A%zK&hEuPFtb>eCr(s!X*akJNi%ni{QJa7jkXumQ6M(8HN~o1`2PB>4s8f zFLk((w6zp>CLT$Jt65d7WXbZh=G2U{q^y=Vo4WmPEPn?ko)o!#WANi+-2!P_j-U`| zDfMYPm8E&ep1)m;pC2Cn$odnK_X~j>`){smwrZr}&a)Fw=4m#rWfLcj%0RCt+kbS; za$aMlbon{r+6}nVpa0o1ho7f%gTbn3;R;SaV@^nZWRd;i6L_BZ54rYer`kPhtYi6hql{5SU88_@FgUx}93WR_F_2^hBXbW76o zyJXTP`3k;j{bk;_oa1b#vYM||MJEGWuTC;g%vd*K_i>dK!6}P}_!t@=3s>-HI8ZX%eP+ygx%2WNPURSdj>S72^|KEbfE!co=UhnBu9sX%)XskyDNo2XEQgFaKjWh z$x;;+pZB-FD4?hbW!M5_jAcK7@_%#JMhqW_3dsDkt*IaG0tay0`~vi&G84_XjJ~@h zRmMBjY5XyT!1W*k)^3Tyg6@pjs7|XcayVDJOZIeXy}nyzMc+%_QR;N3YBc7ON!=Pp zR;~n>`D=mj%5~i&mR|6=5+A*#p!c|3E5ZBp=K9rtuVeQ&`T%3++qWujL0Ns^^xvj@ zrqoFSv6JQh-fms!)<0BK38Cpa4+|9)1u}Gf!r9Ro6R@tRXVR_J@Ct@14-1NzAbqN4 zQmBN+r@eeR)IwGLcbfDM_lkTGd)0D__PGl1mKlpYs=o72GzUb1yAiz}*OkrBl{e6^ zi`9!_6b1CGJ(0b7_uqsLCasAVxybzaM&`Z>s`8VbSWE1RL>2%}OG{qTezvz?0mWgd))I=qE0crhVv@M>{svzwPI%8g1Ag&H?4akZBDs9yk z4GB@fQbL)N{=eC2k~F*-_JxA&N7%~nKrZ&jI?xLUu0Gw86t41pD{gjrPq-DGe)#hECRQh2VY}rV&;`&(K@JamtE73N z*u_pY8~3J69p6Ao`BrXj|BFknyb5dewqOl?cqfw}_A+k$&*_Nes7Cm1bu`4nDcvGFTf619?U^tBLHt1PFkKf_S35+Bi6?!4__;fHVOJEt>KmhO zl6*`6{3`Sbe09@h@FaVIp~q8G^_B%6gw9`9{>i^~F1qIIesueq5*@jtixn%j8bi?9 z8x~W8I2c(KGzwhFo(O2@3WeEu+UL8`-L` z^#hoWfT~06^vm-Kza2v`wU!4EF)SSv;P%B$>4lkdrxzDZDHzPB^$~`}q{;SGjewYq z48w|sH#w|HvNB7L^nkI{WrD(<4MOtD8m(41*SwD|qW5WNEPr8@g9Zh5m|9|>%qs1? zMMW@o(9f#Tu3^=r0_BoIAzFqP)tjK`A2?TGv@D6bIFo8sU)E}c%2r3Uwc+=`Zd<*R zmwo+iaJuWDuc)hahR~6b%-C1BHt@`{@n4zxHy{QUYd)mYk-w^1Wq+N}{iBRcLHQWL zl8~_9pqcv%D>tB5NAo-&X-|7wmy> zct43et-p$vCt3jP&2E9c+0G~JMwU6>bL{DdRTA@^IGU)zB(NawRC@MVMzt~@!os{b zl~$XAqgB*Z%kt@v%`aCWLYB5x9P95Wr%z(Q*!JUYC-*JFONqaD)%}HtBs!j!KYc@% z5M{}-nyG~ixsS5XSit*QJGQ-R=i8KeWpS$I^Eh3)Z*<$lpX*oW{yo3t+Z1rrXgTBx zQDt`N7@(s--UN|j1$iQ8k%l_)JKB^ktJ3wTebXx6`Z@h*8b%V~$RY~txc^-bK7z5K z>6gUbb#f&ih-h2>fFewVzS2p_-mk*~Ca|25h<0kQOymhJ=c#{RXB#tez-#eIgeyRu z%ue=R$owd4Vc|c1@>dZjD;QLG2AV;{uEHbcPLQ6#+CU#~`^GT&v5Z6pZe$jAEDIal ztdPi!w$$D=bQgPVoD{2XqCG0)#*ZXk!JM2wJJf$3Syg%Jt6;L^Lfdcs#6|Qf@%;oY zXXnAziR(jIWmkH8nrT8i0%WUY4}D29JorI_uaMe^iq2zNUVmH{T%rnpDHs2nhV z&>KGA>!N`700?{j^0wr`)Vlv@>lc$S$aj+X#|-L6{6{-9WmbHh3UL=$N{r&|jSHao zA}RY{;w5$pV&(SXdwV=BgD>-*mdYA!W$W{Di3q!j zuGkc&$1oia!&D#1DppiOnJQhulJ2Hfyw$N>G{9mJ0l>|qU{_-Zt+0+tS3o{7{cyEZ z2*?VG;CX;0(E;{uDzq8ik2G!q8s^{4r?1>b#bSK^zrouROwdrn`P-MgUe_g*(K;)T= zEV=6v<~pEh8|G?&L+-2qLHUBSrJu~yI#YROE7(f&*_HMsAo@aGz;fv%zWoXezYFd+GbAJ)A3G_*^{_$u zPXqM4>s2Zw^%!cFn_CC=p0tA0B=@#JxN@~*Zs%r{11I&q4IQ#~14kx_~H{C7t)z>8}zIF;OKy zhY`g+olir3ermO7)H`N()7a^wIO1`rQsk>2uV(%r4x-Ux9l3%{*Be!>^Z;CO#p=4c z%d&D!;^R+@pN_9Y8(shHO|N;-_}_TYKd`+4M+jWyz$8ylp_A<{ohr6A4maQ>E#8sC zal7Jy+0~A07&Ze@me@xNEk`gQ9G}9BkdFq0te`CHB38s$kitA&`8q8NLvc2eL64LL z0@+@d^b!UOv#P7KeIoTlb6tvGr2p|ezaVZ@21IfAv(qXfpsESk&A$UU$H4R4$;H-j z1*I%5r8q~XMKo8WCVB8^7_+rrA(+N`TVd!9+9u)si=hafj zi?{U;`~W0r)l^zmF(}sE|BhLaDVUr zo98z#*nZd-=QZb=700YubF68!9)X>3NB`-^mn(W#mP=>vl5G~WM@v3Mhe|X(C+SYQ z5578W*ne!=bHQG6dJl^D$Vxmm2L6>%9f=3UV=QnJNe&2(Xq`a?c86cUiq7wBzO@O> z8tWvL1{(@{Rq?vOf0tl71g2SbBssBJ5hY;~azyB%>4{z=?Rg=`+2o1ha=r<|r3n9J z#!OTlwJZToz%t}(DXTIOINvE;h2q}KBAp>CrTofDfuJZW=KLM}ZecKrgsS2#j-qZu z+6RvbnbzBmR3eO{*!U`3PX;CEXrZ6B5Z|mcge7JJx6cp81v_~#LX3&w8omVO%@Rl4 zRGE5d_E~eZ7gIZIs9dfKht`_>3ZBKk(_k6(Gt<~78-*lO#7$vJ=8Pw%)5Vf!gV4qF zygwsflmMM;Qbm3yWwTuPn*<5N)Hsao5Fg_=4P&D(R-F$e+7Q%lvKc8t=2-nEE{a}< zQ)By%iG}>A?Q>YPl%0R&P+}h`ewuojOPUu_Ce2-c{z_H5ewT>XajrcG8o!8$O}78MIs>A`ekpwM*IoIiaKx#12QprykH+ z*NC*o#-@js-pV`Ah~=B8B$|+rnTP*V1T)k7U5wwTFTZyZoDg}@8;c(2gwA9g7{sTj z^xLGzTe!vS=>$ydX2e}AVe{!9FJ{4z;Lg(ywdCVEH8O`Vf6P7e=}%}E@TAm5gDo>b zR>MC;NNrWH5#D!wTl`aKM&^~B5+=f{xWwcHsbs$N8s}f`rc4l5as8i?t!L=(^tS1Y zP*~Ob$VGxQg4xZ4K_e@U|6 z&5YTa!qT8~)E_f7M!ipKMtDG4YVaHV)#4xN8lhn;$^jkQ+M6Awsn7-MKpEDD_+ebF zRKZk{>v^KvfY}e?p=H~+C#Jrt3SOk-XL9SU;jel-hvn7p6wEBFneMp841Q0iDccU# zDyiF}9T3h)T)o55FCom87>#_ZYxJIf{jId1L-ZafJNbK+4-tz$qS*PBdl34M(F^%t z6n-q0Anxlgab#J2D7eBac)r-&N?K}L)s5I69Ic9R%DdWyD2mGADhO|+kUa*opv~a3 zgZd0U1;pA)O)wL8Y6h3D4b%Oc+f`(~apw^X8)+!PGi~Cmj4pIlGjA)y7dst)0brb1pVV$JZbTs(~1?6|Y z;6S4$DJgPm(+4T!DM=jib|C`4 z8%FPKs-Fr@E}OVm7KiS^5$;>LZyNTlMp?A4EIKUE1pWFQl?E}^q*EYdH8Yok@{oT={LYpnIJWA zV*#@{$5D8ta`izx*s_Na`NwXdPS_FyJoq^=QLDcmjH)yvoU#Yt62Hw!O5Zw6 zdwTX|QUk+hhOVyUgbC{J8@Tgk=XMqL@enZs<71`g8yX=TFTFGX*GN}QJtTvGysS^pelCA{iq2j|b;)NbknPcNz zQyP)tuAWpJu?kb_q}N7zdQ1;H9--0}dQ63^xV~88&Eo}|VOsiG)Rqkp2{shvT;kLf zDrC2v_Q&vw1F5IP1f>X04$yxH``?_o>I=HIm^cI{B?>=4i$VXPlca`?pT}3qi82?Z z3Hv!<5Vplq9s@16&1(zAm9#2m*5Mp;!}7Yidx7B5p8ifdFZ8ANXfC273jsn zlH0pq)e_|6Ss)mWh{wHCVhioo?KoFW3T}{#5AVM2GRBxPCcPZYkW6v^<{*eBqtRzI zn%102Kvj4*i|hYu4@Nu zW9z}B5mUPfz}V%EBG;0#*0}c%<(k<3&~DN>#?k0p+>Q+OorGm$+Yr<^*EsP7%@V^( zrpJOJua|^2QeKkunIPohv3#s>O!{6X=N(8q8K4AtQ{qWwoC^C}FDc0UyxxH0uFWg& zr=&$>x_MeYXqx3JyrQczU?GiZadH7F}UeLU#(; z9i%AJ7(%Re+ud@SCY+l3K0--Iq#%xHN|+SPW?;0PZpW8x$qlbd6+G+EFy4ce(K zJbaBrb%19tR7QVX{h*Yz@Y^S?vxd=!9HVLxqy`M%g8o%u+B&l@$k@!`;401)Qn8>Q zS#{C}=pOS_Ns`QO{j9mI8ZY@M0!kdTg;sJYYZZJx;BKUXS`Fz{R)>%v!-V7nxoC|b zlgkT>gQUp}VXGqQ(ucggkx!{{9EGF~_!t}Blg6aN=)UN3Zg)bkACnRu85yY-*xCN) z1{Uxqy@@&R>!E4vclAF6Hnxy|#`MK;8XPCjY8g3g*l;yr(xc3#@XuzcC9=kBW-Efy z&tnYHpD*$(!Y#(hCRg6|GKC7v{qV^GyColVD&{6&aKd~t}%&oRtz!JMnU`d!c9C6&xzbh?|K zfm8xSS7D25m19QVGHO=a1a}{EcxGl%Rj7|_j+Q*8rbk-J=vz5_WGKLPR27zAH}+#>|hlgo!K;(joC`}x#d-S7kG1keM7k;C~D`g#r{{nRLQ8NA}U@mC`WykvL0@G^=;-A zT`%$C)^TIUTI36vk3ZRG@G1P+W0O@=_5@F(X5QOK<(dNsN*Zn>uYdX|qFbS!%{ zZ<8T8ciRQ#onz(U+h?~9b971f1~lC5)hq6vpEWE?$2P+bvy>P0kp@K%cSuT}W7N}L zNBY3Fr#Ji|@xIR>6rSzn)gMNIKd1TM0BH#Rk4m~6#%>>4g*;1y(9vPUy23&eQz@Yt zE-v(nF%6m}R>lDLhqPa-U(>EIiUX>{X!7^w^hVz7abra6S0AblllPsXDB#)W+oZ}? zS%ErX@TQh-pmr!V+Co0B88gOCq3g!Xy%7lV`#$Rbjs+Rlm?P?4Fdfm^5@Z+0ju*vF9cg%5v6_~&ZwxJA0X5>pw-lbbvgEHgBJhx;YPGY+HPl$TvvRND3#By|;$fU*Qr zoh=?z{llQy7X75E*fY?m#aNOe*N85Ea4LsJYzUQ&F;V-$@|ynF41MtPTKb3L4~={g z6)0GwtX?BE7Bj0Q5&6&%hBfdogyT+yp%R-JtH*%>C$V2$w(lhH>>H#)9;f73O^V3s z&r}tOqL@5!1xPNmE7ZjeTOuT0j3M!`CBpG{PX7v$a6e3Cy408F7WnK~C=C-N@gwFo ze<&JN`ht=LucOm|>xg=21bHRwj1f?63E_3>yr>TfZFN$>Jy1yYT?kcBLWzL$MNava z)pwb}787FP-(Ou_jWr*J$uyitbx?JDt{{@cI8=G2?_bte0w(L4JU+x2u3IL$&Pmx? zojx&YmOJ=G-Gxkei;UG*7Fv|Wtzy1mJl^edtsmT}w9yx9;Oe9x9-%cqS=iz|%K|Lk z^;@GV_v;OIJcMTZCv9C>x1$2RU+Msdi#^YDVEV*3gpWRU@B+QMk!2fCnoLrH0%AzB zAE4h=B)(UevkX*a=^jOdKDTF<3?3bsG`v3^VL2D1JXlI>H*e2ycDQVK1Z}zmDNnNc z0>@I|G)5cg?c_M$n^N0SU<9rrY3>nd+5BMY7s{RGEYcAC^aj*Yq{Y<2gL`i)$2)HO zlLp?gcjj*EZ+KrD!XgKBP)f=jzEn8N$?Qq;6Oc%~tpkgbbD$0^OTrPx9-);nxz5oR_NT_EsvRj??vH!+cVa=SYW+O_ogCHyA%kX)R z7SI6el#H3EK^ep&lOU@mqY8H7KQ88tvm|dpQCP*u>GIHzMZaqhW$c9ERS;$s<&;j2 z`m(cw5a*pt#N7%Hd?oj_p)rveHM`)@O1;8@8ZWM9V&u30%Qn~ISr>Mi$aZt!Q4CXS z1MIuZXj@PS116@{NO>9hvy71{IT5Bd_)>FXP=s<+p~sdh{~>aKfqtHU3RFsbLB(!C zJhTmP69CzvQGW#1@-bYv%r0Mk3LI6&SOr`;c;hNF)Gcg+-;r67mC6dq)6)`ptmadd zmePYKX}lDzC^EktQvHVWW|872CD|+!t1bt#hXwWkmrA;Vy~nO`#hKY};P8RVrw3hP zdyMCGKZ=*>4SuWLI%#H^jBB`!l{#y%mcRh?-#dtSEdwk3|2XUM#mj&=j4EX|uQjSAKRbQ0-W-Y#MfPRov|EfwUu;8DH!DW9le@I|9CGpKJ9 z^jEaw9|8&C>R0|9Uq4o2HBu@L;3_i7vBKkYVZA=lL{X$l3PLVUu+Wn7eXCi?Eur6l zl&dkrD>w5^*0+7xgr!^EFiaHoIg1z|1PdiiOX+_uB`Md<&wbJoJsgwJz;K(!(p{bR zoA?qx6G=<@l`YyGc`kL{?qfUtK`rWYuA_g|l)^Xx}5gC(nhyeW!`nNv*F>xGqOWEr^+SZEHa_;X3T+%l0j8hft;^w6mB#zQ&^ZcG6_?d11 zM&V;|m1V}O@2k$@mLBwErkj5O;X_*;`aJ=;$cQeTvf|Qo2g|iT_;kz!>i>{~KijLi zkBVNHmZnO9MZR~Aw8)q>ID+c+_`PesEZ|TbId}BRsDVFFqG?0LF<>yMFByY3Bv@tI z)S18dyAn(lv_Cy42pgJ*Xdy$3!5P~QS=xydyrACh7@-FBYR91*5IM~ zVDZ`peO{a@fNW-y>k=0iH#&=~T{QQr&rJO3P}1N8j=^2Qb=A96S$bE>%SIyo@rN=5 zSNe!twiJUOYHL1T6JtLlrGk3u5`N%lph zOJ+Nv1M|gyc{^1ya*Q@MGfYOqmCc3q^;xDfP@112D>OIpQA))Y2AS2_#ymUN}7t&y>qc3Y>%2s2Grte#$QTlDY6Of34_U7YpGF7Xc(M2v9o%6%sFaItB zu9E*UVVtwoDbo$RmciJeg#tg6n2MJ^wq&Xp)mFZPl1l6`rDT<+@@8f%Os<#u>#W%! za%qVs(0U9#QR(xw;ha=iREy=!)-8-FjJ)A6@`c;t%`vq+$Hu}i$v+RNUdQ;IT+PJI z2618&;xgKsYxmo(=MpEd zbC1jW>T`SumDAg`KnL?TohFpP@b~rZl2DRRo}4w@a$`H+TArN~AE>|z$Y*@9a%ChJ zN-`TH2!S3a9eRU3Y-h6DqNa`y~8l+GWr((P8L}&K2^a$gQ{rVBggVgJconfA?os`a?B3?p@Qiej>v03Mm z0WQYWXA4uXUTL7_eb1GyAAP}r7n+?nem*Z*fhdT7GCrp@b$>VG=p9i>nMgUx6ky5z zN+oD45csqx_0Jin?AuZ ze){>V{>|Z`K>8v6H80+wJK!LVyyh~Wzws?zWLNklaQ9%kvXhkIjHCQQ84fv^YoG#I z{n>+)lU2>~>uMj?ODq=C-sOtF=^)HMD~9*|WcP-&n~z3tO4%TM(SwfW+6Q_-Jv(4( zHc$C73>*!J{C^x{%**wDZ@4n__;m~vO_4vC!b%DRbb3-yp%)2%Mt?EpLqAVxIc08? zL@BfH7R#uLX{d+IINA$M8WlAMsT3Rou(){TC>+;?PkNm!wUoBqb6-xGzI0zke+1j9v0DG{2s$&5%$}Pz9jQ!{*AKz zH{3@D^T2@_EI-TxQY=sl4+VAm;8A!k9CJ7#x8)vk?vTAJ{GGM0^nerRjt8SHAsZr6 z_IhS%%zJek1O2<0#Slfv}&^r;Nzv z`qMdsz^g8Tl<)E z8c6yUrRr?$#DyotYTHQZCf6B{_po4s>?-w)|+yoX`~|jXeovqRlogJ#-;KTjC+V7ar5?9>~p4znhK0 z0o~b86JnFrgWs>9c$x+O!$IGaBqwtPa}6Am6|Rq__?Zzh zry1+NS9!%V_=lj=SlZ-Rk5f|-mKsp~GpdU|hb8g}5+yjFVic-*t)z8Yh7Gr@$Fg;; zobAXW{Gl5+Lq4(8!-hyYrMmrb>b-{Q4MxqOPEyO2|Lvynt?-A4LrsJG$1LQA#&hmW zNW3sa#G;0}zh&9Zw6l;#e^Po8JN81aAU*lh*XTO|;B=CiHCc7)*u)7CF@8|fQ=SM< z=m7TU;I!1FQtwn}5p*eJ>GOb4Ut9jgTd6RZ#gy(L6w$cc7?Jkuflk z^FW_Uo%B8%Ns_VYosd3_kF@x8jG-wg>_lG|RCr@wzGX^dzOF1cN_*@kx zY&wSzHJJVlzG&l|Mc?#n)A^NI3&YeIRD!?}5h$72I4sY~|KZ6O;NoJ!N3-|}QPoO7Tt51XFBDP!MP z=GdhkYPQ~Jv*aI#8I#?=huNsc6WFIzau12i7_DWJD_=MA{BRfN{Twp-JLv(GHKh@R zHy`u-(`lkth6MFbigq$0NWKY1X7$yQ9g6wtC*y0S4>J8)*LG@?*THNjF_qT!@U@Ir zr_5@DZxY>&`*W5>!{5h(6Q$pxzpa2*UHM@4 zEFw00l$GXPcgiRJeCdxgyf17Q{20$@=a>v%%2scLN_$0hzeiL6M%wE-ezJ6OX8KP= zCq`=?c}IBi??&o64a**^hMC4^5B!+a6_DU9jlRpT!t0dF_#c&E3)w@})ZkZ<$7qto zc9=s72wd3=TQ|pZV|`O%T0#)x&F|7SIi7-jkVT+TxB+Rs)V>LN0-dgh>%Mc)QU9AM z{MX&~3%&MLzs;iO?-BA^Qv%9$07`AcRC6O*?93X9W({2^tnY5!;^W!Qqr zse9?Rv2_Jwc%w-s6z{&2{)sH$)%*OZp#;UuN-r#Z(LWc5$T@Z9_n_$<&mVH<>CY&u zvzO`w`SrA4icBe~QdJA9Lk$N_Exht}U1i+EnO1C-4;IdSg8J@LEwQVAReAjWbcNCA zZT9vvFU?irV)JnS?o1?Cch;&iQUR8RB2h5bt1HTW82O(W!SLoxI+L9_P0Sr&X?G}F z`=9rdM5J7p)IJP2YMi(^5@hNPY)~^^v{T|4-S1#zC`l+|InkKQDv{s^{v?zOfg>zP zk74ATc1gGT=jQzQ9*!%HkQ99_FTV{Px`Qv6rLQG8X=)s#zognC`T#$lFRgp`P{$=# z{PGJ~skQ3R?_YO1mv%pr{1T;R_y*in zy4@JM)Ji+J6OB;5amzmEMvolR6?!f`Qw9~gq@<<-@?dIcrHHS%3vVAJUFFev`ciij z8i`y6n+35&F%wt73{0M9pc4@)N&*rO!MgPQa+~EAZFJQ(LjGu~K~ZKeB$Gd~P~gs^ z4s%fAdb8@ccN#d@JD?2@Iy1xM-`pyP(ruUYAxp~Ph!?Vn#(m1+YH>sa=az#IPGeWk zW~*sAw1)iv^@P?+A9&@VFbL{~Hkmz7I$4H{uSia)qsCF3+IvI3@F0nAC2jvZ5uVhI zeP@8PDi-C>9(}4b-L4+1&prjk1ltC*^xV6Twlt#Bm-b%-ad?zSuVOa->(E)!1e@}W z*V-ZchzvdE79!T+IMHJX{f61g%=w6#Df7^a{n=$PRxpEP3($405ln8^{j1@;ht$FE z4A0^AtdacN(eKqpX-%$wkN*GvQAPd^>fb~D|9>QMRscGm|L5o%1Sf`IW&U5oNQM^b z*-iaF29vEG=-K}N95IRLh+fZ06foMT@>5_S9snOkf2Q{)d^`y_8H@11Ah`S$FxUCt zN1lHU{o4*R)r`;AS}xF7;Qlw6ZPjDv5!XMiD|gx)_a_}+zkY?DKVmzqTk$yYddUNY z8wRgs(+?SVG2m6_yae+WkPYZ>9O+$U2~EgwJ(p z;rRgm>@?xes5;D1NBX#~6z#wp+6wcIbJa+g+?oBt=i zxfH|sl=PcHohO&Sj><}-N&m@I zFAKf+St}Byx27%r#M5c&K0RCoa4(;RpY)3Hz16-bQfsU5Z%BmHuI_m1)A@sj{$@`!6@_EEi@SO%7LcmI-*iWmoN&KJCCk6iL3X_gx`P>iY z5gv5#DcLsWv{R&HpeIn*#jUqA*hui3kYT<%i`f=;?wiKO<%_bDs`Q7@`?EUFyE?Xt z|653AD&sU~a(w5_sC8q4vxJ_u?l3&dN~YPA|Ng&7C(H-%ud~AYBx$F1L~W=M_hVa2 zCaG=hmisM+j%>mQ6Annz*|PwD{r>$LOUI3o=g3sn7kq_h)hi}-k}y#r5q)p|@|y_@ zwoJf}RXn9}*7J~Zht5o3=Jv?@V7|`JIHEq~O6k%{-5s`4ewkJXO0vM|wPxCR4h0;4 zmHmN=(cd_muHP1tl>FJ9QncEc{6ZwWbL^CE|8aP{Xt~-(Zm0Es>nDE z_|LM(3NH2S6s{`rc+fANW)D`KGhtAUnX|_bKr=>8cwi_t*sLpBUa%`P+b${MGrjid zvF=20Z@-snQtN&?Lbc+}DXB?0<2Ao?m_AoHzIiqDd8{pY=+2@Se4#7H*&wrW`ojeO zgQC-j>$2kRQcsy;73cGA6BHE$|1!(9ZLoyb0!{~-E0P{hK>4^++%M{@Up0)h8-o|jabD7o;9YG;_4v5>aO@bc5zbv!eW8t!kN_WCCNYFur?a$D{~G$~ z8^1MMvU%CwOEd)-+DA2;npXrAs)Y)5&T-oscMX&FCAnqaA#NP_qOFbUIf>7tO|3k~ z-y%pXnW4POJs%Eiel{)|E{#CkcDOrUQKUdUyU$`BYsbcg_8tBw=fA&azBs;5@wnX^ zg4fp#l!h-K_3VZa`ICha2Fph>jD5>&T|)} zgYs4akK2j#KhH6S5IFnQdGqobKl5ir-1*Nk8X{%g*3m7V>HU_{=SZ_8fSApCf4z+z8!U~50*}QpLMv#8k{Gy3E-ZMaShljnP=j&g%AXpd;&2`;z~<{nyju-AjJQ-OPY!$m&e%qrDxJ0q8ZIcGa}g zzCm!sF8xqQ+Is4`@JmY(Iv&)z(H^Yvr zh77JantP}J#Pe`yTs6~j|94=`T;~q=SrraE>Ojx8Hg|}t&h=zIUoOGH^R&JG-!yK?_Pxm_={7+~69sG|Q{PQs2ZYTf?rt`oI5(fP$ z&HwIO?F^^dOh~g!4^^eujZ2*L$$GpcI1Lp0RjsY|{J=I4Pri*8u5U&Pp?F7l-fx^_ zVKoOLdB}bL+egs>#QkZSh)NNKV-@Q9B!C~uINhBM?>=L5)fd$t*tGpgCaSx5iAi7- zAwUc^d$~WOTU~pF2(o^6L!KTXRjo8GVG$nZ*^02yhs{^ZCs7e@FVcVms2p|*zaWT~ zBZNiw7#93cKN*-()P0hirZ`2U(T+TQ>TYa0Tys#@TV)Gj+G>0pVci(1V7K%H=hr_r zzoNQg9|GJ3{N-8NRhz8GUv#$i%}=NFNIvKCTf) zw*njCgI}n#rbs^mib(vdk!G%ltMOjF;3+)U_dEQkz{oWAAgg<_o?LF{fQ$4F-1oBZ z+Tq#ZJgKc~mOe!M4_Yq#&%VG~W*$QDkw>e0feUIS&G0ywE5?2(&YRa;2o>7=?y?)i4mk=11Zdrr2k~vfI%_bo6h?`SO68#=vOZy= zi))}Bqh1hLYM&jR5#Mqt6DDH(!)2Qz)=j6P*FeW#Wse0S>s2pUUdQm?pr7)3KAxoq z6qmOo-4B9r;8+i0Q}MVps{5|c*9hLr51wLSked-tzNS5CYut&hyx#Vggh*gf?u65e z3z`6~3czYP@dG7vSAgtp^;ZWJ5o{4w1`XIXe82@m}kM6j#pvwx>z? z){V37NO(IM5Ul(eYK=NlQIa2db<}KpKT&UKn7u056oWW+s9Qffh+qkP5uY0CMm3E(+-iDL_z>#&1((Iq@Uhlw-Z5$9v)w4J`y7HtLw9^<7A z_wuXXMv6PXWm383Z~`TEr%Ulpuj=bL@VV@Ix9hZI#dB?hE^oDitcgO%2mTI}S2zY1|Qk8PC3UKBm7wRgvG{|(CwVeg>*#$ET)uuxC?x*WrBYsUQ&8}GO z?d=6hh0#KP)3kdBJ9l}~;8cGu;rjtbb_>`3?~)wZ9@UhujR(*mcsZA(Q<^ys_=Ucq zT4SMX!}l#!kdY#r>Mz>oyQr8Cf7jPb>z0Wh(~^>cahQ#EpFD5RsfHeDW?`EH`WE^#2wd(8VF)~dt^#c4?9c`;WPN?Dg7QRbQ607;i)=wRyIktL7 z2my#gpJ_F!d$*xBcXk54cKFLTw|W`(+eQm=0BNUkI~o!AkV_?aNyLz^EjPQe&6rJ> z1eLekN>Z}MRE-wMlS~$?M!2|lhvHzfTcxB@Xv@jHak)AU1ImO(LigL@D4750UNMPf zIkYPT3my5x*w|QaJRM#XZKYa;9;HqT&()G2B9^G%YfPJy)lZG)1Ox<5ASwjDG#8uD z!BMoGDp8M-Bxu!bhe0CXnKk@dc9C3O&ft&o-b`Zo%d0A4eqMxMsp<~zPU}q6!ys!l zuyley4Buo@jf#9C(XM-K+!8YRl6WP05AVzsU-_^SVJr0$sccBU+!!tpOPMH8q_JOL zh1P3;vaF8her9VO0_y~6z9JY4JnhD_)}605ope3`n?SWHBV=ul8^cC(A|j%|@bGRR z$3Sx;C~Ap2up||FU9Xc@TCUd-jkpTI3$5p;dsKcNP%cqpbUW?Bnhe|qc7TNa5ekIv zM8)}5>y?(l-bDSL@U;Pk*6IzNR|p7gu8?N2B?t{A7)=~<#a=!>e-MMlvc)!*99Oy~ z@@11aOM>;yLJ5{RrY(EaIJ>A{w;ENMw(wzI{RQp_A zyy70Ivd6XizMCfuP-{A9{6-nWzqGQla-pUKk4>(YqjlDc@(y`ZHE}zt?oK}LPrKDp zHSXA;w-|jpAzAb>dM%WkxgQ~GHT1OiZet&!`9+bbC{-Jy>1I25@-{k)6C@^pi)MQR zVbH4on8afG=Wu3kB42S}yusGE2!FFT3KlFPDIdGzu~ss#=};0Y8V*h$4-GOdOJJ|W z_uF&R^TW9q(37T6kz#W&abm6Z>f%DA(c!3I=IUr6;PPkzy>ADy)EIz9BC6Zw1#K24 z2ZmF7CejC>Dh#B{o=@(f_?+W!6P=9OawKAGHha;wc{h3@^0jHSn>bFdc6UwonHBS8 zy7s4v6Ia|$R-tb%k3K8ia^q!YW)^5SbDhqEwPQ5w$2jH&vB_T~~h|76(I)HK@S?pgx03phLVviq~`p^atR!&%0~Cg&KZp@|9f$HzyuRuE3Y z5?l7KRy?t&7vgACf7$IR{H*&lRis=P%olYzCP0#mgotPx>>X-kXEIq3^@YRJz<@N$ za|@WT)5)s$66EG=M+|)2(qkZvw=vb2=p?kx50fk^kZitxhVqDR(i4^`|b;qls__y|LcOc7f(=khoQPkG&% z7KWl8PtmIwGsqz9yKgt=dlQAjFx-yEor%oGfg@7|^1g}3lS4ycMZX*!9mRlE2Cldt z)yxErfL&Z4y)+gLm&16DgrMaa5E*s)D+peeZt6rlt-4^S9MRYH&LGJIObiSRZCy&( zz-KoQw%A~+4}3eN+ArOBDqBH8n5l(+q-l3(XlS-42DM)wfF=Z9rSZC|P}`3KP5!cs zLM9oTp^e9EgfyJSOLJ~KoWePIg+Ze-xc1#@u|6t+X|SiKhko5()Pv7@nJ3w8M6}v! zX@2`jI*ElS+Q%B~H60<#L$ORl3VP(Eq#yYB(vsuFRhGZNC02{#tToUVD^2t#fUq|? zsiZe2GTzxcIpvl7%yGM>M!%%!bXr8k1_| zh}orJS{h<&IJlki83w`4xcqzyZO;e$^%@GY4%r->Q;v#a1WagnT=MkQqoP5Zumi+v=!v_wr zAc~Yuqxu(-gWK}B4jCya0u7hp<`?*^<@(BojjGDO;y-rhqg?*RTCilphS~Z|>r`8Z zOpeSwP)Lf?|NRobcp9oST!1wqC-OOfO#elNnH;($D$SYi-$hj$1DP!x6y|}XQ{voI z^Qj_CpbkP!wQe`x7hBwuZ|?7J&Q5p7NY-n9YP$s89)l3D*y>66Ii8kC8x7HC z&MmO9tarO%ayXp*L~1vZ%FS*zQ--{n*q#TFfy32eqa!L1?_lKy2eY?WljS47G*yy( zfA;w;ec1J)S)wyljKP6PSAobKJe6S_^L*HpCyNX+U6M#`*>EhPnBhuqjbIEM;FSE# zH@HP2g56N`1SVYhPEG4Q$W_f`2aTj~3fT;9w7wu*6%ldmf7MWM-hx0XvAm>|kx3sW;C!Nd&Cm`#Yd#VFKs{$`{jd(Qh_kRWk zLMZR{K1n?h`{eG*%0`?Fx)eC(oeF(cHB|XK@W$foR-#&p*zjExj`63?kHR$R1*g8E zT(Z%&#^1AhYg;jINOM)uS;Gx487ZlMG95kfI6ZL}6EG;S2peg+e!=nX+Ss#!|82J? z$QlXNcDm71VLU>x-$3U1cn_6!8XKA75Ni56^cnLhC@2I%hT>?jnwpzaD|Z~bwRwwE zWr6%KFqkM}p@9yp`TYUFqi{yN!A3pVN`5)AM6lB1bX~+O=@+p`@NNJtny`pSLsJtl z*BtFTu$QT)8W(;9c~*|x5>r!CwOR|DQ;mUmy0wiBAyRrz5DHaFHFBTQ-${&@s53h` zJI|eZpQH^?_wJq(s4ktNa-smmQn`Bgs2HJ{}nzEx1X9_K@bl&!EsF zk5f&YU(y?2qRW#_^}$q&v?=h7D%G-c6i<$8$;p-hoE0IQUkMVLx?^{O(?MySmiEuK zHUWUOz11TCOo+kcd`d@J8W=zXn3jCG%3_Ww3yqkLE=+Rtcx%fKm(>hmCKK$7;xG5J zI6NPla;=lm-o5kxGAS9_o**~&V>yOFhY!yRQS~cixmk%!F@k_M@F6iO1BYmTvd|ZN8QMVO_btif z#WAsP{C2QnK`(c~Z!^|g2?_j@tSV-lzpPu+dc&@eL^t*~a{N1|<|o;Zq>p&)!p^*E@>Ij& zw;6F!ENsqu^#)GHTC8QI{jbdNn1#~zNGRB^ zkq{AiUmt?qd+<9tjSnm=u}(`;9#${tDqlbWpiifCX)#xsDHcI6*!(;D8q)eyFat2N z(3X6K1_c}#emm&>P{71a{(Mj^(-LNIMFxjY4y{qKL%869!O!06W~jXNao#j|^}Ox& z;-GNmITWy1FQ?ozrKb~m+#RtS48#v@88&-7aOvsm2hBWha&$Z&loLF2O(*gS)T{D7 z54c{Rd`;nVpFeg4){cb3^y4}-{;?k+iD)ZEmXC-a+B}pcgQ``S7zJNBg|jL=96L{|wC!D3 zJdw!3Nw@#aN=~fta3r4Ulsa&i57S>%!<~mHqX;M!au6nFqf=5sIc>M!ly40sgA<@r zxYK!W*p~_2uo?zTCxe^;U8w~%N5Gdx{QC9LtRYN(P^H3hfz1qe21s&kM#s}I4-Ga= zMAPwLS{j+)S%g^F|A|mA!)Pcef!CGI$H%AO|Hsx_09Cnu(Zg7PNQZPCKvI$JkS-+! zj?x_>0xFF`cejGl2-2WPNp~Yi2m%5E(kc1v*Zcc_G4nBVXP7G--t)xXYp=ETJ_m2a zTq6!Af&0koKiM5tmt#_bsI+yw(cpr|oQ&tP*zCo#pgK8---~e0+qnDzKy>YiG{l!^uM~6~kLZVeI z1MSo;gU{0Zn_NbFr-s9v(4?n( z=jMm+&#Q<>-}H6ZJo-r~<(77y;c$1SOempW&CH<{yD7#cI*%Ov_{!);VIJYUxA-OO z?#%D#?fwvtvhBcc=Ug%_Mq*MM2G@&{X2?36V~m_L!|a?_{dx@GGj3@_HdhLYwTijX zWtXpA=ZZRWffKMIro3DgwvaAhe?7k3_xg{%kTVPr$0(ro(JUsQ5hjF^h*?1&a1d@R ztGWUL{`>n=h5FeIJP^>Da9W!Xu;@>t1rRL%>f)85 zx>_g=+Mom-gmQasFGD_b4rJ)&)8hjtc*|3toi0Jhg$yo}%xn4RS5tpKfp(7C9iVZY zph8KEa|Pmqg5M@;pza#^E#@VX|^BHd2iCuL0fYN)R>UTTUHJz_P`HQi34t2OD|0S$od)dW@ z{1kZfi;nuUy2`4m<-v4B3)kOg=b=thvy;l3$WW=rM$A`|%7fn7mVG^JrWr5EapjJ`MVu*3#Z?4)~@=={eKmnfh>`h+H@|4!Yf$3L3-rOyBGqyGXWGVtY@y`6>Y@=!L9bsvqvm#0@D zthHt;Mn$W&{3Np(;ou}&}rYILz z7}dqJZ@{ujy#vUj<{R+o(geVIbY)8+&VUS?^K2m3kQ_YUuJLi=LnOWADjP#MTg-wmZRt+e-G zr%_g5Dww(MKu-7Kb%!g>UFyWN`8Ywrp@-FP=oBV*3)QU}Lp6*wZxNgZ4#lm0Xbxq88$Xwr_auP)_pKoI^?a=`-X4Y%!IR}bppn3|8| zX^!X=e&t)rh0`P_Cx`7V#=>&N7ZcA+;cEBXTx;kdka=5R1>oD@)OaTyAZ&r$HZ}{N zJW_q6_7=aFCLRp5c7%t7q$FK)Ai)dMiFv4*e~*{5KK}6~o}~+j{-9fiUw*=C-E&We zFI56{ltS>28rOLM_9LqWx*waMR8QVeQdOPLX>i6g{!0Jir1959o@S^yK_h$iz*97J z=WD#mEzaqKGK+=6)rh!?e37O4zCLaVoBgJJ8!quy7iaO$k$mlh zG;m+c3|H2Ya~sLQdgR&m$T_W!-h8?-{euNd2oK^^?slOKLv%Xz*3ZUEH%uikTH4xB zl9JQxmR9VzkEd&c>%EUrA|mKRZ@}37BiriQUxd2{Pz7F=><+_BFB-Ncc|)G*CG<|+ zP-t>coRQ~yC){N(V^3n8V=zw?n%c11@y6t=sKDgg=XO4i;0Sfag+q6~Dzy^C^kkVS5reY)MyuoA7&Y;dC{;)7Hk=$eVcVpZI zqUJV0)>&^~`dy$fYb3hQcC-InnK9v^Z6!wiX{8!%C z{}0M3y%BdOhV!Y2#L9zp!}rz-k#q=idDY$c!dD0*TM%=8f_iS8@F)`+fMy{^w85)A zS?Z&GZ(U?m7eXL;hyn58-of^CwF?%23wQyE5|H)ttr4mY5^M&LXWz@MBUQWIVXYrc zR)u?fi(7RGxIhbk<5133g>nAsy{or!@R+S!{tHqmXqo&CbFJw@#g-D3O%v1S{}Dt zjszyodmGTSQf20q}lSA#-Bn<0*uTJ=(~7a#TnWo0pkQ48U} zIQz>A6yR%2JgRqqnmQ7>>Ak$YozBm^nQz>fgUj$8oD{l62EkCFFo2v+sk;c5+!X3M z1fo$1J_`D9zaYbHYpx@fmB7o(D+(YRoEb(Q9wG#bgMLwJ-i~i7o5WY*wq?fu=zEl# z1JFq_Sp6R#enP=d0orNtA=z_wNpNPqbqgP8ZJVL2tH|0A5xp81&^SCko`;+G889o{ zPQOa~F*8U)_h_kg6A{iAKo4OtH|G)6u&>$nOc7M$b#uUDXH9o%82kf8+Rn;eLX9bR^|)}w{!-($t}(GPFmzD-Cg`m}_{jAH3sjq8RPxJ}&l zzUc+eR6kuN7Id6`RDBBE&?}IlaivaoNuVb31F9wNmLV0`-!^x4WFI`BS_gtOl$?7G z^af;!fki~M2+gU{h`SLQetCKaAjkkfBb@?Wyw(shS>RHjkb43rAIYW&KL*SG1a@Bl zjRg4G-<~;0g=P2&04?xbp%sVPaWQ2fSBQ*4mXxcP)KI$7`!4e74>g~M#*HUGb5ihN z(S5+KDbH{F21;w<$+qwH%;q6AHDWv;+9>z<6XZGR`?1X*(-$ZZM%NQFCRtOaz2PAb z?xNZ-tbK0zBNmOv5K(jqCpmMbu*XGrjA`6yKBTe}ZTakJU1`@mvuM461QrMKWNfu; z8bk>13t#8h>yNP6oIF=n3Bji5^rmrLTvoY z$7OO$X~-}cD?L6{TeW_EBFw}+>L(ux63ab}_~mp> zqWJiRbRr_a9rYzsX<8$Jq{jK&!IIyKPKXx4Aar7 z)*9qC`#l&p-xuLCINgc5*w58*8r%#_LEif)cVVz*GL%P6w;kTq(cB9t6zvqVefB$I{x*}Q;acc$n_hF2U z9Osz98(%3cud}Q^e?~9-FnZDEh_HNHyzW`c=S;GpcUUnm!>J@h{0WPN4phA&m zUxS3^m!k@`zsUyopS8V7qT9*9C6CU#5VpjVj$S+pyA{YeM3<9$p&5tq^S8fZ5)=0Y zw_EMTZSpG%DU=I0L)pv&|82rW%70}p6j<+m>ae`z!~ezHT2PQFt<*65`Le|d$6V#( z%0hmB!B7p+@-FJTrF~2vt0t;4cyFm3ttzF9c9$nARNUGTcjVeW(l`dp_CeNxiC4(R zyE&AU(W$G0u+cgp&JG7hWqqjOjH|im_kj|o;&>$olW_fiS0Ro39|wp;BA2H@*0ckb zaTvTIBfFwrVk?@ess&7wg1Yg9y79N$bfAl3fV3&2%hS5!UHorSms5RS`!F*TdAgtx zblc&qUG?*QvEkIj)y9Mr<5V0z-`c-g=))lImzBt)60Y~}c3ye-|2!Oq;$McL)I4;KT9Fn- zQ2h+qa+uQeGFNMOO-;=Y39Dx8&S8n0H}UfG^Of%2ea0s9Dyzke=ze)oXh%w3S^r6G zpiB%DdNVq5HM*JOb+pb~lYOC(C~2L+9CkMw?`5{Xm4$CQBZRCwsxmije`@%4P>$Z20UMcpA(CkKg}CQYGhwD@SR3c(<$loeCZxNs(=eAq#GSF=66 zkzClL5S9XQlx`crM*?(Ojd+H8fiq{upC$Qc!c+^Wn4ysS*3r-7!@GWlGrCmZ*cWad zjoGzCGx09rh`3gj4yc6iD|XrMNn}hBEIaH9`4n6CryYVRKkwlA^3WAfF{b`TlcP00 zJvLNJ6Hj(K1uDm8I0tVK82TplK-?ioa+NQcc}~Y zOE1FN$EUAAYUo0vIw}ydIcmEA_6_qAn?Do#b3ehC6e=KK|BFo%0F%@bx@=gI{OZ2ol|u7g$EF?Nm$Kec4EkAJxXo3V^1(B z_^Xm&O@fOhRcYEy(c=4*YsRVS5!3d~0v!41s?5D?n}%qMfZdw~^Lh!F+B9V^C|^ze zMi#tmh^5$IEkDgSd~7+fgp_zCCKvXm!4&YTJF)-0h=8~_4OkHvj8q}`g^+P_6{{|H zrnm5#<&K@T4xUB?MF)ymZFHzSKhM!?i8ESW}vkrE)7t1H&nE48MqYkADbNm_i8kii| zx>*>_cIPYWk_W~I|EdOXcMws=GQPX#*cVb*hAA3a(-O}RKMPNRxClWERrksPO9%zj z&0`vOUW0W>^yzQu+5{*!!7xVHUV|MNpXq&Lm|j;nOW*u{Kx|7q=0&s-`*;UI^2UGJ zwASW-arG+VAF8jfA6ZT0Hf{sGxAeui4{)DIor#T&E&b%lZG;;I#va7E@mgR+sRi5o zdR`(bgTz>|v7_F!pWkI>W@fevof!JP+Wp#JEpKG(f>KPqp=eF0k$Tm#@?fWSOg{cy zSqrG2Cfp!>I@$nTv zA}oC}E3?dc9w%S)v1< zW5S3WtO79=S2M!s|79O;-v8luLbxTe2)i`~40}kV zXOyOBQ30eA5*fD3HfyNZ>2OvieoLm04wjkH20X6TES7nEOFoKtNqsgAhy$%BnUC#3 z1>2SfA{Am1CiK))SHJf>SRZi&UGV+~$vztwv~0eJH?4yqic-sshNjR-F666A8$~qw zp{0AWegqElxJDZR0vP?tY5zmh3_&<#92%J@ViFRBdVU{w1%Vz=b|WhfG8>JPlhcsp z*5;-(5EO_RF7D>T>+&I_cR*tKIXn9bTxMYZpaWU+E5MRc(`L-6FV9q0PQe|NYh=FV z<#n{23+lr~3_m|Vjg5i_l^oI7-ao!PL$ZAUF6C=U@1yUA4emQPKIj!k#Kn<5rad`5 zEp^>6Lg}dj1^ndf#QlAhex)55xG@|KJYn0QXUqJ+6OJ=j2ExJ3_+G{z2OB&Lz$ToW zoNR8+%EJA^0vfXg)DncJ0rg!~CAkDRqBt(}(E0?>H-qKY>KHG9D5T=Ic?m3rPLTm6 zSV7u=5gr5yy2#qn#)d6L&>;jEtjwp&Lml8y00s%MP{0lO*%D0hz0#f>xD(&Q!^5Yv zzD1&6hliwt*(%XpCPeeWc|?9$yNv8k7{3(==4U206wSD*lDJ(jpZTTn% z;w;1$YT3xIa91WPsgUi^r)+h0%rJf+wazv!=Qw8`GSs3HQ0#n#R$$V+auXPp6Fl@n z5!r?-7{bCvWOxH&mspONGFN7?XFqiazY%nxLhOZemH$!bKLJnm{Ot?+@@!QLj{}(9 z^Z}!Ci_RFEi3)ZOy`nH6!kO6Eu&1Y|kLtI74`w1{&1kW4B)04M_z6F|EaBfv zmkfu748;D?0)HWC{zq*@$;97Yp_$7VZl0c*z`wSfn(77=^vg3NKpDyMpp0qcs8Nz~ z=wL&XfQ4>Hp!45tOBxa9%c+76O+XQDft4z;>JDrxh@|pwv0`Fl2Wwm%fjeh!KIVj+ z@cok`NJ)`WXF))&|DMlAms{l-)(FA?jaLTM&WQUMdAuTnYG_!dC`6ZI0&LX_!GXJU z>;D87fbs8)#JmnmvcuN^aAdC^Y;ViJUELgg=*VbX@73Z7#UmjpsUNRp*E_I*fauo* zdfg__(DU%~Bd#0Z69MD&Lc%O!+=S)`tAk_ihLhKc#y;rZw6n9b*aQThjuDl^ezdR= zHZd483LftL^Rru0E*dCw>_1!<;Qb6sAdfw@toc00SBBCIO5mxU~?i4|$UiNKL`0 zdX^WfiNV-Cpbs1>Yg!6K`2%XJ)_wL0Z9i`9fU7mM(L#_*7A}56_@w7an}#P*`Wum93))rcv9wD1VkIU(Y15p zuWh4edR4Ad))Sd~5Knm8Y-IjW49$wZN$p?|)pj);%YXN#(Tm}gt0%@;5!k^Z>W`Jz zZt-20>wf%LR`*zRh&#)XdJ>)0Qz)6hPQH9zl$0)a_{w65Cmz3Dz&@_$(CcuMaj`#L z-P;%rKs2Y`t@nKPt6jOJGoV|XD5G=XZf(j1YsMhre>%?%H$e!Kj>UV>>q*nv`N;EOc@y& zC18yjDKdO`Qvs0Gt^iu#6++HYfU@2z9)(BAE4O08zTzAWXP-n_xHmc(mE|!IH_gAm7Vh?TR6%!0RfMmXV1rhC9xH!FZsCj$FB<^zkuq%08<>@abxXi^ zgYRXr<|;u%gm#=*VSGes2M>psfi>*($sp@en7d;Liu+^j20DE!BAt4I$VDX^%#L{HK<5yK&ZsT_=wa zPK+;9U@H<*XNOEeSEhITUcSUQIh>EQ;{hU`;Xf&w^fD1WeLqVyE&)NiBE7dCU>@`1 z{WS^^XJ$}^J9c|a89|mjgdPKa+iU8i%=>u1ch|J(e|=C}RQ+y^ zDlf8;B;K>?Fj2vHRu3X(>baE9Nm2(ZRNk*)lg*$$)US2pK_D(889HCy}~aS8aL2^eb03I9G)T9-s4IEmZq-G>#*F)E%bPW7!*3^pJGN8 zt3K+pSIE`Pq4%=bFUrRWWt{%RDSm1#HxyMAeWcS?Zmi?(C?MJqt#hv;k2I}OUMIla zJWbD7^Yt^mZanV0N%31ZMVGQz-;ia;YA!r~UTx#O1tC)-y)#`(3hDR=<8@nz*UJ+} z0e}Ua`1Owsz=4bF7r=uOib$-Ge-N0oK3%6;HwHl!-sfm0P2v7uaC;F_Q-{KeKmx}z zAa(}e3&w}H9um;y1c7qa=U{uG`+JG$r37x{2xxa>U}x`iKDRsf+36KRd{>Knk@Qju zYHGL%P*y@03gU=&e*qy56#r8hYI(jn11K>>kYZ@+Ov+=I4Iw%O>_;_*52jV4fTeXn-OCA?~sF6o_=Ite{}NZS!&$9&{N z0M@Ycvs0v97^F2e_kf=_P3ZhkOz<7|YkjLf#G_c+-P7z^x!2btw5e zSX9_|OlQcjUR=M!yKH3s3wupNjgvESr^zcaPb)D#MI{dRVTB}$?ifXbiJD>h7HVZO zn?35x93G{#8+m~TQD;L>Xfy)Q|2gq|M3HzYx$?>tPPaKFD~>udGBB<4}HHL z-iBQ3iU^yB92Q(O%ZW(+4gqK6k{=f>R>KTs18+l1hb8?=yY!qw9z zn?~{p0yXEpzkoiqpWv`QT?Yn;$LsKkm^C%13$@4VHExLiSbLJnk^w+01q9~3>Hp)L zI6oBvs_>D^M{rIZf`wA!^App#asj)Muh11%xFgchCqnfKV!`U(DdXD1WTIvFTSG|0 zAg}huE#rC`CWWxCz-2%3;fAIs$>TqKbMAIcB7Bka-tt234dDi1D+ z;%V^u8~gla0sFAUFsqM`57M;=0ZhTW3htv0t0+QNkaJx8r-@z!Pi7N=)QQRR_{A$Y zKVf!2GrSTQPC_AP@ha1MdwC^cO+pov3AEbtRIi_u#+{q9&0BznB9FY_{yW5N&Uo$M zL17REE5|1hu)qGJV8;5S9N2-}PX`d~gVWr=d1o{5?!p%3gI}0eE0kj3X;8w#-`5Ym zf7dr7l>?0jd1r`o(6QlE5VEi;zYhjtkwlJi&Z|r)r4oiKXrz2-;7QumrB40e#!W#J z7j%V`YFdo|4Glh!mL=#y@D+5JK<=m9LMxap2Z{{E?D%y6=Vk{n%9C9yo1Ww+&@oCu z(KS})SU6oNz6evPyI9LJ!sC284Rq7W-pFs?oWQE6`sqZ`;ikQ#myU z@;;l1M0vbzMLmJ0TTVg$3a3Y4BJbU}-$uIiVKe->YtADS(R3%oMQZKwnnVm0B4hD0 zE?M3m6*z^p?;-f6PPg3ZE-AOsoA0?mua9^g023sLPxs&y*&G2Jq)Q7PynLM7reDJQ zh!iZ2cOWS_f%|E02U@)Y-d-@yGKBU{7l;;JedS^REa7Jw!P%_tT?NSED6RQW0s^fS z|0d*XdI|Lt{pBM_c3SC_ zz`7z`dt&og7;i+M;lMLvLL@VBiSRf3#fUlb0-zK(By;CZBmV!mwP5JbL%@3J&P2=|;HRd&4-65LS4xeD zs3;YXwJr8YfPZ=6(r42nFn5jAwJ5!d_OiZ?9G3rA#~; z^668MU1d(YI9k)AVqZ=iK<+(@dnGdn6-l;rXU>U`eDt}QCSar41lf~W3M(SY^#gMxmpQ~uU1aDpgj~KkG z!^0*a5jAkpdeS6PMT@Jet4*Qf3nbyJgie~-mBqyXpzDzQa@Ye|8!4p46v8?3VAX3F-I8CJUAA4iJP$3>37jvKh=tCZlw^ zW%iaGM(PBEewJJ_b3Su^76{$QnPB+(JyBV(iEa#oI>{W6kQ(tm&{*cb2i{M)3OxFb z*u_cD_(0Hoy0!`((Bty&quYq_;CJ<|WkOLz`yVgVIA>Z3|C%J`dW#1ymhIxji^%aN zs;1DN=7g|gwrDOm2bUt(s2hilmp@Y$>b5_%6iiG^!Css|ccK= zeR__x6?+8jR$RiuT|(tVnYoKZ?zw+|_J+g|#@|oj3ZatXr4pBY&9|W0a%?m*(5mu6 zLCc_YC|6|2sNyIn$JV?uHi#y*9fx~PQD@Y>t$O#iV9Bq+``flG#41neSSnNF^BAlX zLM@r&7MPvL=)~Pj=2;#iCVE0bLKE!((D&__{{VE|%QKi4#>c_QPzZzUuOQSku&C-# zZw!3Lx2t(jMKtZuVt`PXE*wZ1-Uxg}Po1)f$-5ur;OfqrZh-RBpuy+uk>Q{O|5adQ zvZ|c4v|{j{wX;Q4Bd#OzDnyj%V|eOJ-QJ!**qTQ!@ZG+x5#;-NL>HyPG%*WmE)CQJ z&p!9}OeaOiw3U3F=ed2}HZN=P!C~8+BbcSX_Bn6v3%-VK@#lpK za#3lB{Gl0ER^P}c+S&28$BThiSAXNi-us?|GLAO_1Qe4YBi4P7RINF~bJdbxgKLy< zW_5Kn6zl-s+4^k{E`9~wYjby5yJiM`+yx0S185=qG1;Bkd#b7=bNv7y8C-B}&aLFD zV)j2VTT|e{@yhV&<_d-CqY;oZ5glEhA^FtQR8ra!q${0^)>_68K1cwPKkbsVht+G@ zN{G+s8ag(R3%NCf_&R|Y&3*X8w(TAs!i|BnA2csn0MytWq0udbL#EE<*{O|6?*9Zp zdzpaj!oOx|1~}d?SyU6=!9}=D<*H=cAVgUYpry2T~)c_(LwdBdBEL>hJ zWDW#CJD`h#|1*uMa;n&v03cCeP$}rz7u98PxV=Jtf4SbNLkRLEgqLgIDZCx+RiH&?Ch~Qq4FF* zI{(^7b({GC$`HY59RptT??iKM$s)llzI_@;Vnf9l2Rmo_v<wSH z!(;v{qCFsy?Yi1v5)nfMc^k@t3@^0PK(su_L|MN$d3ZE!By+bu*d9ym@G&n4+7sLj zc|JJJ`eg|=*1W3puS5k;R{X+065O_yHN$)pEa_9f3wt7VCCN+oyWz#>awb*OfderC zP50K!OfD9fQ5n6s9bu$|hDOO?Y2FRwnkc!OY|abi%QJ0K z;^QWD>Yj=!Dj{d>1~1I1g=Oh%ZR2_lgeNw#W|ZHs)NT)bHgj{hsdaDuNLqWkoV1I7 zJgYKL=?izlmV%%J87B)>q*?C&w-=&$O^;fPn<-Lw0N3@TWv? zueq-Y!rXurr1>WUsWNAImdZ^LW2DCUQov%qrT!(nZy zZGighr~!=`>-BeAIi3ly?TEd2vzpacn8Xk?{Q$HjL~X+GI4XdPdC4uu%K$?B7TwL5 zEWq`f+uLO|^+1n)$Q=WKKJ2e5|Ldg+ibV)%+>kjCxkwlMg_DeyKk`|^SlNB~;DUHe zac+B}$VccaHF=FMzx7qjSRBW--~7r^vqhC(r?frKwZNcms=mskMJdm8$Hu6RR~#D^ zeH(6o#Jpt~$D*gcijuCO`?k41NjpxUKifdj8f9OHeVsQl$4$-ApVuN?7c+=|z49HORbRF{Q zJ1QDY%)kuGRZka{KylYa1JoS#5rMcQsCk@x1p&mg(KQHH+Qi3(j~H0}pEmho5!|*J zU_kh9C z9_${Z^rF_C*aqIA#h?qEIml21zU%`sPO|7~p9+t1A0f|=R+z0XOZ%wKFQ_^-t++f` zq18&Eb2+taPz`@oU-LMZlLn**C| z^?4=2aJQcl){i}-_xY>XIjKT!bn~8aG%;G7q_Q&cVv-k}h@dZ2i2QcXOV894w^Dm6 zO7^cc@&RbT1JDJ>5jh5G;1i^Y?*LAk^65IHRYb*|{mUg0)*0~=D25Sx0N_nP)c8-w zO1<#8aUNK02u!1Vol(9P3#cr-!}C<_A=lrkU0fB*;7$4##<1*t3+c>q(}$_5Y1wKYV&#Y29nohimyL~$YwV#Br3DzM z-E(>oXFoRvY+PJ9WD-O)4YbscNQOp41dwD(AOF6$HNmUBZO>P*P}(016+Kt;avgc^J-nV=#aLW@%V0Z8s9Fdk#M>2D@Dp`zmd>vh5* zh8~1wh=8}N;Idbqxr1wL6}dlSNc7aeeFTjBjvh! zWOzvBH>f)E#+0UY#AzhGDBu!T9V6Y~kjNP&GqW3bUt1~t{S~Vog!L7&zD7J9V6Ktv z^_hnBmkGECRkQ&H9IG(M40c!rpKJYx^IHYV0aoYv3707~Uw!LK`h^W{= z#$@EHmRoiQfE3)+-X2&@S79^QR1_iZ4&A8juqXKkdmA(9l;hFRg9zd%G~GmWZZ7P`m~MS7_} zy*-GC37HPMQU^je1)o)z=x4<7Pw{`Y_xDIX2^3En4L;tFzL#7exuIr4XVK#Zb5oE( zQ!9Hwo}JDh<`sYr`3Hi~xD2Yx4UVBpmo6dd$~+9H%#?hwGQtjQ^|YnKv-vi>l}e~L z-b0}$*l-04%LR{#f8IYbGV+Hb_-&<;L1eU9ze$J0Ff`m{F$Bk5f$qp3gZL5%j-W3F zjIv@=@Il=Sw{Aro*21YiJ3Dstf=1CVsFsskK(ryMB_h*9b2XyyKLnq+Eae>Am>*Nu zb!)b37TR>dS%h=$TIIEomTts_Id`0Osk;fk*>CW2R9c1;6uJg`C=Rz}Gqnt&yc@S= zaw$vXhLg}d;8DKS?Kw@Up!&c#N@>JWM9v~JQ%1ZQL6!%z5#(#MC>83s;9gx2%0`vl}iEto`L5`*|&GWbYleF-Er z0$q`$dQQ;#527<*gA|MmhdLK}<>7&hqeGl2;BrF9LZBC*JsuwhoV0*?KMNBcK>Ln^ zLJ(M5xpnao5U+KuaP?Rk-TM9R`JO!ea(;W?))Z=$dVsFaW`#)Hsk;-URx z;yWm+5Y-z&8jA!`9kD?|@hlH&UA4tDSh1gL)}~zWa}6*Jzs9**iCceu=4oYTa2?c; zSK!#O{9gSVW?eLay)wW5lkG4j^!v4eDC)F6C4#h$n>4;=dsxM#`B*|i0%_hi`26Go z%t|1(^99U1ZgCakC3MzhfD)(w`3WPq)q?sVjM8J_(+o_iBi%*v0splGU_&0eJ`$%0 z$^g;|AExkn0flx5|8)D&_uGp*8D-zD)%#V3GgZ^H!*eu#tp~Lz;L$nM#nx44Qfr)GE!&bLzrs0j zcw-sGQ}@iO==imqDhA7Cyh^e^RWf*clgWbD@OF0%SQuJPZ0e zYGawX%Qh^&C4VDdEVasR=<#-}oGNstu=Ij=+=LkgOFavkS(D`v1S3trbNn^~FFhi` z?bnsa9SQNoNiW8wtU1_o*PF5@+Z>H zUX3L?{Rzf$F#LI@{2FaK%Rw=`M-lIh%}bdxK6;N_F6t;$i6+dh10=y?@h9< z{4eiC9bsNC@(gxcr3K!z)SRCAc-i9@&@gotm_?dXNyKd!SRTitu#QcYFI*6AGZtP; zYV{b0E?D?(BX^8*$Y}p!X>a#cbtVzPNY?9#*y?G@4qRQ6GOE2ze58XG2}0Zt-bT79 zkWULtc-Q`IzKfLP_< zt$g*rTWJOd45;X*D`MK(+Q<-6)04xko?|eS27ng81%YQE{tSL{ zGzJ&eHK}2^F^hXpj?Y65?(uZXrvL`&>w;8pc(^<~-KScpcKlgbnm}9e3lr(Pc$X4p zW9b8e>^C*GKF;zb`2UBSgFwgCpw9t>SA0 z%idhv){2vgEhZN7?ETsgVsSZ9m^`|1e&3uJnaEKMV#La=+lNcvVy&{Av+CqlILt~& z78(hoHHlDeoGzk~Ek?Q#7I<_;DNFk1$@h(*&#+)MuYA#QNEA#X{Oe+%mxTiFtQX2Kf40{El4_OJTpc6{BHq;1|ij;Z`JjyZ{F|6C4cq@u_|gX!-gD zAS1Q`R2(rif`IA&e*&f%%rVK+E2cwko?Hcn@TwT0Jfk%)Of3*if(Y*;%}s(>M#isgLyIi~X-3 zpP0iD6u@bpV+SBB6_oy_0|bVy^?9gGT-_&AC3eHHo@Bl@0d*Xi0}7rTWQb@#!3tikeG{0&q%qcLQ(_u-T7%EtygA(d2{DtK1Kgd-iy$!Zn|V zZ*$s_Mmu=MG{v`zWS&0cY;dY4cF=pE!Wc7`DsQCDcfDM^&US_<+A!hGRvUJHzxZ6+B9Qa?VOFb#qXFd9}^7F4TjniAhI1u zpUmF`q1I}HF*=BMkvfp3{7uqw({P=rXYQK|w*%fH}Z~x^=i^4q^o@aB)rGFhyEWYGgnE z{rVY<63Ea14+ba_h(4*oAD1^XLxCSKc&*m%8%MqmB@9mh3dcX^ZYnZj0c^jDU?zb) z6425jXHfGT57K=zWU{r6b;FN6jI=hrA;pM)6~>$*%_Kk`5klPsR}N+(g30R_Vs!`G zODOW&Py`~a_OMjkz#k+^xI>EIOn5u)W>yn%h>bfEMmy&4`zrA5$uUPcIn;1rBYtO1umx za2jwV5DE^wz~HuRhEsw3224RR*<1P65_B!Pa>T$I@HGM`fhJG@OC3^iB2x^&Uo8zA z1J<$VxHvypR-{J*(Va`6c@?o=H94@@VP{J?`YYb#Lu`6ru5CqTdx6$S30jyUl$4rP zkIn>;xy^bG|EWD`3^FKCulG@GyXe#4x=Bwvc&XPQTZA zei9vlLb>+I6Hb7eDR!6$b&JKSEhGfuJq-*9LMl9f79gPq!eyHSDK-e!6Bf}wlYz9X zic9$T33n#N(DwLnoCiO*V@k}oLJXk>p}L_PNu34CM(bIt{2OWzpS0BYs3>Rb7grf7 zi-UOm;-4$7N>QF&qq|U2-C(nvR?!e{RKa}ZS}#S$-lcpRE7_~v7|)rnt?VHcspy|58M6D>e3$s+N81_Gh4|cXfrP1Yl&qX~)L`0D zZ)1hW!`XF{aQ0}?P2BtnSK)_udhD5W(?fei3RiUxr7VWhf)jlAZW?h&X^OCRrebf9 z6r2_6cvQHDRbWLqcpB;8a>~T;~SS70&*kuQ7O; z(QE<&@f5RP3u1$&Lb^n_sbu+2uXDx(j9g#bFPFJ@bLhG_W&D<0E@hs+1B2L-a0+IG z0KNt3xi}M`bVUn^m@T8kU@f=7F+=N)^zvc#=tVuPin#Jo9_y**RmEr}&H@)Ihx+JX z6Vl{ji{sczJ=2e-yeHc!#wYf&sg5~%}w)mBgZv4ZfgNv6M0t2yNZpYI|*Kq1riy!+`u2|@D zMAgpA*LI*)@aCUs{lem`B>Tw4i{qx{u1v!*A&^M~9t?jr5-T**g8UNu4<#ZVEA+g) zWl38)4}mE6Y3y_G1n4n;dG$?w(Mk0Kld^7)1FKmSUpMhG_2OBya;{7)(@-rVZy!2s zn0cW>b1`hYNmVna*D=fIC%c)g18dB75a!_XvLSl$nEf!`K4Fs_h`r6|vcQ`@6*cVIBp8#yET;7 z+S`UWjPIMU!=Vc~s8O<`W+JK;!Ar=YP``Wk8(FVa^GnU?u(f+%ZfHFw;`Y*gz@&NU zLct4tO{R<;s(#L7!36X{>_nn~u2Mf09tN{}LiGQ|(|HF{-Twby3#o8KIYbV z8n5+yJhezZBGw*zyEQv}&68Mkrf#QjmZS;}<9f$=jcn%O@Kn5X<3zr$0DeBJb(v7W z=gn?DBzRUbiSRP}cyKu;b$i;m`sy*un*FBp(d4W>LzL4+&#x|JSCeLgD~tMpG&cug@Tc8RoI*|IW(5KitH>fjp%fjZS zz4iC%Z?#$AGkfm2b8v1$N^!WVLZf$tfC*=_L%SQy`sqC7+U7{0_cn@FES`LoAHb?I ziw??5y=I(dS*mj@w7h6f{$lFSUp2Z5b`pW^HmnSfgDLeb&b!O&?Oj@NT>G*NESo+W zcU?w=@#x?Xp4;onW7Ntot(` zD`RSWqW|2H+Y0Cmy|xqck2sMicVa9t2itCLBSxFsqgimBz+J057C~;`L^|Z{aN40< zl%c9+C!tJq7E$eU>tCk0l++P2Po=iMml*6J_q&y4{DW*v*VU@;4sRTcJ3& zs%SqqM-@_i^@>HXXmG^yW0JRts-&>OG6AXmJFiEUvApAjWZWn8j(*wZ{#3?i*Y?Fh zueKNq_b>r&#opk3!c31o!?{@9d_OC^cB_!81N%n$>BK3VL_I^b0AEFjzWJh`kFFXw zJ}tjui1f9?)GPmB4epv{vWob@m^d%NiaGA1wYTW3EYA{*wJ6Qlgtm~)>HYX~Eh{qg zOuSz~lJRJTnA|>Mv_q0Xn61*_dE%m%+-sw{kER2rUtKTsf7x^QRcB*k4l0v88 z$ndc1@}9JlAHL)%4YuT)8D$2xobMN$9gz(zSMF=j{TA!zXL3iC+^kNw5R65dpbEKtU_kQ2?Lx8 za$Hodz`h^jPmZbzNCj}ahbHXMdM2b2FF5Zp#1qe&_BdQ`Tcui3{vpy*N8dt#J! zu+fL=ky43U&X~>%JVLH_uyz*~;4p4}^5%!DQCE&fUBQ^s1ogU5+-}g?hpZ@MR=Qin z7~wf*-7gou9xKckDQx1iG-oDT!^+&_huwp}>PhCe4yooprMiLk^Fx{by@qWkPHmun z)*wBe%O~v`*1U;5N1gj9>-yl-OTK9*-3ITYEQR+Zx&J}0kwc-(EsUM5fPn0#Ed%iL}PkG26YS~vaQ zJ{Wth(@O8#Q+Zn6%abOH^Pm-$_kZXO9+mU6zvXP-{tDuYsWs`snY<@g$HfnkbZN4B z1YKt57@z5WW->>0%l@{4mpLnD#<$!=Z5%h!erhGrTLn|yY=6(!txySFic+;dv1zl> zOD?31yq!HKmo`qsx%Hj5uhWs#Dk!W=vTT!Ts6Hs%l0ToiHL9j0Qf(S*N44)gTIC%_ zHumg)_e}V>^0qJ?g&uz2qYgrM0qpmUh_1`sbgyN1P(1a{VpJ3{(H* zo3id&n(fyQ+BnlFUv-j8-kSaN=5Wa(856?9Mm)aVUPWX5%>M=iWKPr2` z=vRM^f3&Cb_NWv2_b^tb-J}w&to5eS>GiaC6)8U?xp#|Z?(6tG{W(Y4z+dS_k*ZTP!#k7pm>Kmi*?Uc#^*b zqnsi-rdY^fp65{)DOnnCd@&xkhy>h;h5cnYmx-~I% z-Jnj(&CPw3eAbVo`O~>_KPm*U){3!!qewkf5$3U84{v~ zi6Sh#e4js_DPkSqEP6bme?;0;O!3DQYxd|OEN1qK z%sriQXH_E!E3M9uyJb1E{AbIwqZr5C>lAa@N zFK1^uuheNTF*u}KaLeLx70x?HY6gi^(UC(3V{!`H<*Q#*3q zXYq;Rrb6OENCO6MC(~di zzpwu_Z`4w?kC=O^iE0wl`gDNFkc5tvlXA+#)4Sc&gOhNz?n^t%s8`gA+l0QlZcAA+Jv07c4t(KdD4qQ%`Tph>jL;6? z`L@;nLJHQ#f4k+s&CX~4<5O155U7loRUmMuD_+YjFq6eXi7qKDE$w;914%t4g9l{? zW7dm_ypFS8&m{7yBy5@%^Z%4}^HrSfIk!yvb{-cliNS!fU4y!A?3TgaT!L8qF^SC@ zrWn6J@dDTOSso%Y_wwD?)Lnf&tvH8qY9#P8O=yczoKa1XJo8uQY0DV4lXCh-eQLe! zX81o@1%|O73JQn#X78&jEV6#f*pUn}3!=$u!JG1`iO1WDo)mO$_M|4Ml~i!18QBc> z;6hk#16-6GyZ9wxg>Ct*qDDa?^s!97sF9C_%iGnYqgzD+uJ4qx^y>Us^-I0~#}4K7 zF9r?5x0}^mko=h*IDTR_lh&%=JsZJ)%v^}WF2{;r{1J*V4eTQS#oqRI`mJ*+n!kD^ zJ9?izvNAT^6Vjtr?_?JymtP_#GGtVD(3?6>mD5rcl-Nq>a}pF78WcZPvqpaS&Ec!G zgsMFeJB)1^|1W^uHx z>bi$S$@R}1tcBwL*xwMs8IuQ~YGs6gJmB{8-)URuR& zxg@`ft4_;NH4b_V#t!;B6fS7B{{X=`%=H}kzYsgkHFfv%UK%H+858w3OrX$JpH)o@ zGmW%Mn_!UTdFi%0n5X+vYGC9DO0;a>6&F(~x5Y~4;zHdmju5ne3vCl;OsK*QPtTj@ zZ&N(&g>8-?ro@tcR4|*ic3#c((sadkvM`&NE0y^&vAKU>2pWD)#jL0L5|5R56KN$8 zcag=VnY8nP^MwA|M?Jyv1=*c7)y2GPrtl_l|R1me4NCkgUxg zjrZWqkCVat+2JL}=dHWN6RUP-6C*{rrd3*j@c~Dt)Py9qH_SKfq{@`m6IvKrrxW_q z?;O58m&0p6$zq*VOW6NL)xIvp6)$(2a(=xV)k7kcFr%EX&Luoq(Nr&HAVv-7dfT&{ z`}&XYMe_MwycxHjZ<)3f(09St-@Na^Ft(L^MyTA1b)Lh~%%m@?_;0x<@zuX+8m>b} zR9p2&X>(W4KJdicPvQ>hYRx_*ft8UvQpS5CDR-i9OTOGiqFgw6CiTe8MDAY3h9|MR zq8OE8BHz5nyr>UeaMHZFq<1{mP&j$bb3uI7QlVJ(VRi70B9@vElQ^m2UU$bk`UHJ~ zGL!$_*9fDKH59(6=fbt)%#G|{G~-iUqe6MF!qVoNxUe-eFAatCrV?(k>pf41oAET% znRM{@jfRE~w@&@5cx*~PDBW_O^~?TejS+W9jp0LqfWTZ1jayx18)_|ddT}zb?bNKf zgVO7-5VG3Z6`=J~l$=}5zptu&XXfvBbt$;pQNG zpS#y{dOU_9H;VNkciUTkbmtdW*t4wHmOOA_f1GW`f<_GEoyDncn}yjEQkxQE`!YO& zcqfmV#BRnjcZvqE`*x|CXtpK3o$nVid9l5+e^=={UficX^NIGS^9IEBVlOsXpB!lz<8N62-81 zkuO2@eoAEScA!GX6&JU&Z>8)XHmQ5V{{r4&tq2v;p-OJIu8$pwQiZC;FU1PU!*a$1 z?!~IFtd6UlrI9~*tf*K^Tyh99UrZ=A(4VMZ77XrY|!tVPBszjz%8m9 zNSyRqq*n%bOZJZkt0aG_B9VHSiT%Nf20{Jj?cMr+XM1kUqYuo}JUY#GSqHdSkIL>b zqLZCyMPax&w@g_%q2=|ytlqwoMBOs)TjTB%{=HPElwb(|Kf-19EY zE_RP%fz(%*{$-xI+W6Eu%*O^$b8uXN7qi~Q1*S%)>9lU+s(J`xY-Mfq| zn$aP}z6eHu?*})LhR)phvZ~~%Qx`a5rk{W5?MlLC&AFt!FjRfQ`}MIZRUB&_+a5Sn zYovExP01(gIm_9~#St@K8)wWr^q4|Fpjenl^%4>q z;P4Ij>#qb;od5r{7g%pc>@j+gPL5_1!fIL4CA0s8E$!;;aFP_^O^D4pCzfixU~gGq zWV60iw#&gxOCoSzT#l`z0AI)Xq@tjkat`IP(PUj=#iu*pq)2&=@tB8stF45o1;-g1 z3Q@JD^;8XxI)=zP>QSu^>OQ==SWXs_96E3G;tEa3($tu=L+g%&F^`MWEdRJ?!RC&A zVk?$u&M#t#Rc>AHYV(=vNZ7LPcDcVK4UA z4tk*cRIB(&i;-3728||_^&LrXU&JOTYJKYLs9R!SUl_G^d9%9?Q3_L!d#?F-ST&j5 zYKgHc=+w|HC}~}JX6EJdF2Kw7w&~wkY17ev6o6ctR(Y+QSv`el&Meo)UF#aOYm&K{ zj7AaDbz)OkU-hOQ&Fy4%VaIIxlytrYqwr!M4g#uY#zvQw+b;**ETUeiTDjq=ds1$h zDmux;zaSY#Q8MTGwQy$gXX5`$>Lb}w{n9pJ$2d);i8Ja7mx$5sosGGl-nWnTC?{-4 zv!Ka;vp*})x!8r*?sLC9@x-^eI&;zgsIXR!a&2|2K-o)G)c{||E^6O9Tth*leC^hU z+A-!dfhgjLF|Sm5@vFGhZ`PiEQh_bs$G4d*Z&&@cb*PRt(a@JqtV1n$}hIGGWtq`vkA%ZQ16p1zTKwyQ{VIV5w=cM^}g~f z-qP?WebMW3@vT^{&GX{c(w&>1jZ1$V+g&VoBhGqT%~kQz zW5oJ-(xF-Yy$m8Z$!Ak;%adSBo6E`EExJ}Axu0O7;W5X!#f#?OlPbSX9-C;Z zIN~AFCM(w9Ca^^n4j#G2ufp2sw2i{pMNdI%<{G?$&)5yd!JsD_z6P%K9$*o=X_ zR=(R_mCG-OaF|1qSH;T{2>pV6tGHD^k7GEa=RN&$xj8XiRL0NiOa8g8boZN#!s+S; zB?-KYc1#K+=7B+X8y{Jz9+U9)<6V{Zwakl?Aic47=C9G?vy6bofhSg_xU8UjwB}r8 z|MoOi-_{IV-R_#eHX)n3R-SpCxUUT=x4*~o;B}=`N2_JM>pp88K($=}|NmQA{Nemt zHIHBZgtkKjJL@$SBb==*EzAZ^ zzahTiT;4bPX+qZS6hHUnePvqVM~?T}#xlKP=^=G$3AT297n#nY)(rt^&#&B1xY?Ok zW_ug}+|C-K%fyJY^D7>)uLYFZ1m9-gyOG~nZY(22`bk*YTT^K!e6B3Wx$4Y*rRz6Q zn102;^IuU=x8=X3;U+AXinY=DnFD5XdsP+e2&qRHbu7;r`=rS75|h%_bvOEpm>V8* z21K;x**5*>W`|FFsxZ2asGyM$p2d*-*tWgAlgL5I&1<1oN(qTencX&@7S6J8!q$5x zovUt$FcCE;J)%)Ys$-3DGiQS0Yfh>Tcdlc6#=iN?-K+b{Zv2?Zi!D*{o9VVnb`Sk1 z(dX<|q>|oMr#y^ry}4B>kuyEg;?rf$DD@bthBwyNJu^>Wqa8k+w&UkCw{!pHEbZ7$ z=MPaW)as}Zv)Su#hra;B{Jc?I`<%8;*5!WoaZcXMlHHgqA$IN(3YLQAMO1c6J9nXg z{ho!LR7~=}a)7|Ua)4M6XPVx-m^!B>m8`R!#Fs3RVhm-AaKR21*QNRStdrN71!5s$ z15?j%Pb3R{_np7s_;riu?B4Fi9{WowROz@+>HN<04|cvsq`|<)UKY z*adm=WG0!*#gV~luGK_hRJ0ol$<**`mvQpjiT>BiFI!h>8f~Fm{4Re{AR*bn?&037 z@$gqW#xLUguc@+=M>`#?#qjN}qnfH+=C~P;dzkWW*5qc>Xw&KoFL0d1s%PfQjUzGm z{^Ra{3Rb(acM}HmNc?H7uf1l4do>ec=}NfMQVrP>W`sS-1|8O8r8Mj7>c`s!4^n;! zTk8usYOx}`2j6weZ&47syi>|EXWA5l8CPzSSl;noWp?n|{X_KpUe>fo`Ek~ahBik< zzsM-1Z%J-^Nn^%=g*U+W=`{FBJlb2aV)zeu>u&UabnowBL%)R+T5aqc#OL(;)>%go zlY%a*2<@lbvZ9zB>vuhFjPcX2s3z@gW%QgVOv+mniD3<3Z#fd_dn5zQGaGdhwirnI zZMCvyl1@Z1c1y@bdUHvL?!H_y($Fp_5Ty<}lAX#y(R{wu?RyP*yCtZpnZn*xR%UM+ z%nPLO^>ZtZVBnNp>Mrq)Oc-GVc9~}u%I%DsuN3g-@5^9d4^Vu!l!qEgkO(jSU_ac# z=G%`FB}WcR=Er&-uBr-t(SAbeYYN#+3F@r)e*1YzrISZgJBuv1U{KLi*Sn609lYRo zVRwfhGe$in)5ZfgL(t473>@g2!8_~L@!w!@9*~$3v=pW8GR=4Psngr-tJHx1uKmap zjs1Wl5dYtJRlEZj6a1j9GKS$L%=YbQrq5{kPSq6{oZJ9xV7AL3B|<~hN(7xpS*?i^ zo6T+TF(C)5>!?Qjd|AEFnYs$tt+hP{Wrw0|Kgv1POv6mL0T6${u<$AjRGa|$L{r@h z#nYZyCyi1RGhXpz;kzd>!yaX^M7T--N( zeVZ?b6A@QVr(0p%qGyjWh#IhCyb1@0Vx#`n-TW^>~217IYJsSz2G^+mZ z1YwHM7$gmeFt!7l0yIjr-OM3xbw7y9$o*wlm>3TS$t?nnAxR00>I5!)wnjdlpwX(b zaRz^pli&gkqOF%>zhOeS8AdxFdb<$n%p91UN$V4e_qk(5iC+)Rx2mT*5QY!TaZO;7 zt4ZTMxF~YdjhY~PhB~fL^K|oTjY}p?-y25Gx>7BZQ`Ej+Qn2?p&9L&&G_%iroBwml$Rk!#Y222gXjDYA_|Ex_dO?7x73RgiGxLRm zaY)+1B+spU$E@r}<87srFh?WKMBHPxQf^ken*@jQnJzY$+Q5Vwa>xNF3l13MFwED8 z9y4fS(3BGlsWWfc6w|5(V16~!@>_qoFo-oGfxb%`;3}PGSKvxq7R|iZ_gkm4^^o}u z) z*HYO)J4dJhi#U@=)n6o{tEXoT#HaT}*YPi6silAuAb)tO2Li-X7YCT$QG8O!ZVtT* z&^h%8$l=YDNkLc1$E!%3QL^kc3#!IfPSIy*MU^M1n(gC#11m8{l!VqU&x#EG&R;Db z)7yE323qOQ-BGgJ?Y$%HCoAl^JXOxc!h8t7xat@_#yq^J)e~z+5QxUj-I43dv6MfA zZ=GEUFa9*rS&D1l@6gO3U+>iV<~wwS)LQdgk^>joN5q;jDtU7m3@g0CkV{4G*Qh=!f3|%B90js?Vkh4uxiAY=J#(w;G zLT^()s3}taBVI|rLr@>sH^aMLcS{G5{07z`Ra()I!fiH>LV_zbIg7d<0eNA2O)nz~ z4QP3r;9#X^WDq~y77P7_%%{zjo-oqC0@7C#$YB6YKwkn32NBVe?J^vmZg3L)0CnOi z?&~m_+M+X4w*joWK=pTc|K*<63Ww-}y|%Xb9FEo2mv^Qb+H9>LeWdMrMwQc#ZQq{N z@TNp{II!(|T^F^=^J%(C?o=yfJhj+ebL{i6#3q}o&A#R-uAj>Fz1=d*1i>6)y0IZxAZ!7ju%~`Fgj~aC)Z6< z!)Lobz7va6&YZOr@@4$&@X6Ad|7GN1_40MV(~0uhAvB1&;ETRJs9C-PXBlQwH-IQw z*7-rjQ)xIee*FL!Q@<&FSUE@m^&Px0fP2XcV7yot{$cTCY(RdM7@vo%K~T$j3TMKJOG4sP~MCmPMym8`xc3-Sf}C|{g`8PH~@fG5{Lj^qYhEik06 z>d_CY(P)jnup4H+ z7GN-CkKV~4vBMDO0aS>*rbvT{cUPD&Zt?{Z#gC6yc@96lKxI1s!?1`*f+l(&`l91_ zq#!|`v_5RX)IsVzZ=p!m+(fq$0lNGkBIx z6YQ8-%2~h!pikP^3`&JrkPQukhDCkZ3g~Jm-nr}YBoQ2n6^}oCcjq^{ctJRn+0LFc z(oZ2z&>tqJ2vu2Ys6w~Pg0Vq2uHbSZe?cKvUg2xJ$yCLZ+o2DJkJu5OqCqr8ag0Vw zijsoyt32Ath_Q$M@mE~2C9$gt2J6j9InnZyu`@5*$wq*z+xVE(}`wy7j#Y= z|Ae_tTrY2#nzilZBx{xZmYxxRqg}msodzCH(zpnC@+}}>XoB#;(PPV5kx}wgEgu-S})K*|KjYKO%t6@1#4buEb^8^jX%8;t?2xUEWq!$z0hHcg9k^ zIVEri*H)Cue^~YE<5aC1YBRmNEMYzp(b18@?8)+w+npEq(E*?H?)-mNmya(@y^5h) z!Tr#aZ?t7~Z9mMzpUM7H0w{C!iDXbK*jfE7b_I(MZ4Os}s3P=Vap)Q-4xPVAIv^Z3 zh`3BHT&OEtr2v~Ebv+83{yOUDdV#Em9VswiB03L(O~io!CHnU_UN>$r+Zu>U`KPgk ze3o*?^0k$}K@oY6Q6erfV#;A?hh=%+jlEQ(dk^$Q2vxg?2NwrkQw7u9w7Ye4(SK$@ zD>VxLy-B;dxp^|89WG=%4@>vZmcHTi3GXi4>Ee4*maYwE6XGXJaCDIuQv~yMZWnTQ z#EIqq7?lg7C8#F zGS)KP-Nct?$3QsoQblZ7&CjIf-e;o*H?arFr!9nw8M1q^qmi6zQRKnBD!bWCFA_aI zmK%=$x))?$<3;`;-l^hA#SF9Z3iFlwQ&pAb`j3*F=0DL=ZpUfd)k@NiEBx$I&qGoz;pQQJyk(rabzj-OU^w%ej@YJOFnbf;lJbQ=y@VYZLpkk_rYd{wz26v&~$OrCA9;t+`s!kHnn|}&^cZ;NLZq}3`+O^I1wi> zvaUrnxHGidXG^ti5FE=2s zE7AT=26ACWTqZpLUy>9#j6#07;n}LNE&Rx z?i2p)KEB4H!5RH|P5tz&UI3Dpf{W3@!$hywJzX-H0<{4j`s3<=sV8flAO3P4#$^y^ ztn(Ml47hAXiGIVGXt?jXJ@a_BY_W+;x+We%3+zAG(z{$i*&WNyYcgdQMg8b}3yJ#*h!CmYGy{%nV+`){ObYphvxeaIE;E=`Ec5U0_ z+~hGOUTe1G!JHyaHH85CULIBaDJ+krm!MAEVxe3cRP)lxdT@K(Q>1Y1+C$C4m)clXU@;2Q~>fJx2A6ezSO4SI6Vm;O!RV)p4 zh`6XmD11gb zOgZGb4)J*fpyDo(3RMOP;IYE-RHw=uS%>pfO3ies~#K&Hp1!!;|ei#^&KER zzdw0A^Q9I{o&s~;010U7D1nI64bjVk(_>r^rc^?<^=&-Eb{Uj3yEOm1Y=3UgHYY$S zA@@~4Xsl*w)qjDY2ti|C>nbGq7l2nPLS`a?Ef^9YY&DRUp2N07^%oFH4>C6P4Eh0J zNPGB31OS83&8A*|4CK*(5vb9T#q#8}wY9A*!e2&=Ch(W|SR^Jc5(^TTcvPogL-rjO zS*oT9d-sX@JbCh@7px2rNE5L4$TtT?#URW-0WlMJS;XWvbjT_UF4zBA@kKV+0Ke%o zY%R#oM>j5dY3P~*&7LxV5kM$(=#n~QcyKV9fM|~nZr*VDArU`v#ZdQu*D7TUl?ENK z>q&rBar1DV0mOI>FN&?eYg+)71bheX7=d)mCh9~Q2k3-Y*&0^elXp4;A$&zq}KeNk!%z)#gOmpv}$7<(^z^;u8F55Wfn>9JaW5T=mXhh z5|=xm*ms`JDQV5U-lbicZfjK&WKpx=I9^4&zp3Lt19K08%C}^SRjjUkjV+N8h&#EF z&*5!Oxu8Ix>^|djLIa=Bn^ab&YjPy@?;IU`gTMtqV_>@sAm$MOpI1=3GS=U9yysKm zRJ#|UVSyqN>h~5*IFJe#zUbkBO27f|p*jt)B0zPxMMFd5)jn*q7Fs1Ma=1CaA0fnRt;#0Z4xh#V07<#iZ5rD?x|SsUKJdj~+=tN;97fHI=) zI|t%oq{|CUFibj1a*qRP3)0)W z7a(cm9|&9D3Tq2#^U(5bi5Eds!o(Lb)NQ4J6W?ny9{LLmvA!&Qh3tbeS(qNg9Sblh zH=wqwug*+PMnO4JOifJyLE?c;%?+UPnp1E1z~JKm(B_a8byIUQvb6y7l6Wwb2c$A8 zPJm$qBE=&YWdxl-K$pMS7Qz`KO5NJ(%q8vT6!=;_Aes%2jFf;40;Ri#OKYo<2pj^t zBW)r&-6do*)NJ~v_X8M-?edKqyFrBQeeM!S%zJ={nEe4^6TsA`#{az#TgAoIkkxl> z2Eai@bs0cCkHRrc0fKhnRzz#V}!1^WF#jhKAtN>>@ z9FDue;phI_M6j^A37Iqb{UbGaV)1e|MV~o-pkNB-`>huo-HOdqHlANT;UKRorRD9Odm5W-^Xz@LjIc%_Y=wNFvh?i-aG{898eXj)uBa%hl|1S z04v1=zSS&n5JsW!rOvSkl|8QIZ5`(PY=AY)G zP;CWnBXs0_2wfI|4|yv`R&mT2{yRbq!QLE(ib!Shku1DT8ab2k+x4IgJ_H^+2rJP^ za#m5zZ;&4-HdWc#HTYMsfM)9Exj{JVc}5SK0#N-YzpfAm+{!*!vAP$3+Y^`Uxr}mg zNk$P01|c1ghBSA)6dW^9D1Ad2Ca&yHnj3n@jx*+P`NVOnysu+R`b#BAzO!%0MoEF! zY-OzXatZNp-dZ*4lbUOPW+o;1wzg*Rz)P}W_Bo=n6*D*=dw}dQ(iVAYQ2x!swBic` z`~yriDyr6ioeOfRni{&|xpAyB3^q5aa{>|u369@3-Y=Gk-mxbdg#Y>AvVd$oI~Rc= zI}CNldsHvjy&qxgFAtsP0Wf#P!~J+XAJm^)Kn@zX^u+;bSwXs7Wjc|($4Na!{sgD-(EjX{1se1cT`gCw)zr8I|;zy`RfnH!!vN#14`|1DH_6chN>or zUISuk3Rw3IPfmK<+ryoVY!9Klv*mp~=&EbL7YRxsBXyhvuF&?m# zS3fh1h)qC70-tye2fJ<*z9~A^aKZyy$A%a?u%oI+C-4YJw&Hy5_m4mz^B+ShN*A&J zMeke%Ray{8f)$R$&`w_7%Mdkub}{hGDA4rjFN*@q67ju85Xyyr*bna~GN-Bg=4&hF`n(=2a-zT&#ro!!-nQWeq5OpH(vZ`Y}M4 zCM6|>+3an~#RaDqGI!CQVM1Jm^z=|369?Qkl)p;s%7q}d2XovAv6| z^4tgt2AGb|#t7645iT28m7&TVoO8g&x|tw?yvxwOd;k1Bu&y9tH-b`G;BdpHFGEj+ z5d$0o&%?leg7&~LkO^9#mKcW!XV6E`JTtx(VrV#B5jeU4VjQ+y>d&*_7YqE^YK8M~ zkDj89KrJsCe(W$nEfAs!KIt{E{y@R$?hD`lLdA8)cFDcEiUk@yAZA|{kXfie$$Mj~ zRb^@CF-cOO<4+(}Ahg-^nFV+^m0sPV5Oi&V`PEi1#DJx?8R+WQYfi&;)nr(;Lm&t^ z35Y_0IFGQxkdX&$S`)&t z?m(}xFO%g|q3TRNW`sn~$$X#cjQ)?evtFr`<%M}!oiZ}0IaYYhbynef${)!_UZva7 zb^%%9IqCf|cIs({VVoLUeZOcW<#u3b1U_%fE=Yq60IJ1y6CCzXV-#J-aDR=$BWWtZ z_MNAisR7R^?|w@NVAkP@1};t=2~B`ZR|}df(~OS6T*MF$_L~M}J6M##1+^Y}3{Aif zL~d`$s1P!wa6lg*NC`&5_(W@>I67t_4yXwDpbuacWJVS8M8US?GVoho8OxO~UV{E! z&`dC!X7Cq5z!HZ;c!bcV0FB)NM2AJSpQU%7j+~b3?FSDfg|}bUSYF#OPq|6AO>>hz zlzq{tZ-g!U*A&Z=8*XX{pg?wCd_KPWy3T;-)|DSWK0?j6Um|Dw_U)B`s6qTh=zEsH zB^u2ycLjhvkk|DTDcQ3#dGvoA(75=0>1!4y?w-qw!zG8s(GEec76|YO(5*wi3Qlzc zIDk>@685$m^r%r|845TRuo`yhh46!mM2X82ZP=OYY>1!-kVGTr||0&NXq9=5Fphpt@$h19EMFuW|YoIqo z;Fs5c#Ruvv${~=Qt~5a%?t0h~P_*B&LlHrxzvw!lvjV&r_+f{l?+DxS8f4V#*pOoY zBoWAqyfsx}CwvD#^{<}LBYw@K;9?-L{LD;%^coq90Hv_j_bOZq1(3qB&OL!X#G`c| zQTrD_cwg$gz+>(TJe)lEQwqE*^oAitF)k^CWr=JfQ0oxV&bQav5yuHSM+e~vLK})3 zZl>tRn+Fa<=mQa=Q9vZvSqv_eL+$})N>_m`a%!l~;lVfNhL6xn+Xt~{io#KDXj>w1 z+<$Q8vps_!8#wpL6po`eyDlFsca%CyRJjkPLwZ4@EwHElmiOT_Qr8MCw#<$IC|KUb z)fLo4fr8lVbB^7gSC=3jfe?EqJk$PdU~nU653ZX7I^AW78!rRmMI47S*#8VUhasX8 zBr3?H6U+>@0e9q{wM+CI7z?a}_!yo!oW{+-y*b6N28VeI_~+#b3)g}NBr*bkD?9ks zK2>D635~G+7ncy>AIt{9D@(#9bnyrxVW3M0?xhN-d<%~b!KcQEh?JYqQDkSHruZDi zouq{80Qh*Oa<>$rcOdW$j?9GHK?2@8${68P85tQl^@;V_)G9d}-oXg8m{7|8*GOlu zX0wL>y91DjpnU@+1}+6vqm^q#ViIyk9-o~qQgB2&3{__$t-cNcPH&361G=`G;JyYs z%bbf(;EsMYiyY1Xxqqkg92DyU06NJ5F)mbcvy#%h>;axdAl~$jb_T<_Xh%BrdD%-f z`NypG6DBwrV)y)%WVTPVXA?b+&vh{`mM^>6)lgVQwQ+L-%V9y-*r6yiyXpD!(HF|| zf<5Cx^J;GGDsFG$76^cMs?adtHaa7Mw4vaIh!G22}qU?g2d~u1x>rcU6jh8SPQ)uu$Dq?^tFCCReHb@ROFvucNASaH6^yt&$E<@HxSOQ7`+i>(Ffd#CzT z)coJsYg|OvIPAqI$Ar4!sL6+Z3Yct%9S(U2(Mmqlk`8BamWtl0>fCyQWruW zmjt%H>j#`G1yDRse~t@h6O+(7g;)Zy!;wGi>9KZkDXC4+r@8t*6rCy(P0;&qRlSUA za1aVGGnC!FbnSw=;WL28p^=IPP(gwzY2S++tu63tp_+C1@#Dw-Y!5H4YC{XovZ;qyZm^r_H^?kP0i2@$Nx{u}O6dsD!s z2b}&kz^C9~gNL~Zwpw9P&sQ*-`zCn*{IWmLYwhJ?Ar##w%NGR7ZC;34D>uvaYw8nQ z)0K9k(*$l;H^`kKn83pv&FzUgwS4F{!oB!H;5I~EQvNAWY&@A9x%}$r@q4orl@P$} z?_yMW-`WV5ZSh2mfDw^MyTf+K(y|#j@p%1a%e~f%IGGR5&4|t)gJKKEcb0+|^lzJb zh7pvgiH1QHQlRqp+&-c(Jm&&I3Nl+kw=%rLw<3qZj8z$^y{l`E@$MLM#QKle;&82H zSV}_3x)droZ;e)aru_Av^-k?Id+KA`_nm(qpb{R+`S@3a1PMc86jYXIzMC1Z&t+>UN@-dZxlx>hP z4@@t^pNeT|y)izBxaV-dOw$#>+Z8Z!b)6Kof%CxNX?lp9m{!iC@eyPN0Yxh)6JIVa zF21Ar7Ans}U9hSRVgGzh@c}Fl0dn_QXv3inYjAWeyfs(2wpMEIg(UF@Db6eb!xINl z1_Gg?nk3+krvc^>*78~gN644#zDTME^s3YH)>r`dK!FH>rF7Q6fhySvNJv)fL!i0q zH&u?60B4YWm;PLMJcH(wAW4AvnQPZIG-6a!gO3?&b&^v0Qtsvxo`JiS+p6KMIWfv@&v4m)EQMuiIA!U9?$Sp*=~BKk=BB2Vzn;$WM5$)j z1v_5Kipq`qG*@#vY4Fgmh{`zDF21s}ea_O>SEGn2k*91o$CO=PK9n|`rN%U(&6v)e zfxsEL0lrkDLR~&X)tm28(Bu_}cgNomla4~^^19_ z-BDjQcb?hc_f+|kgr=tb{z$U#9JE%x3{k;;3{u-ZPfK+d4deIVwDLiEvBWMO{_rGh zDs}4zo(>vmR!$T5&LpStz5MY7%AE_j0bP`6WdNql|L4pb;umctMpxpb9d-=#-*676`TtzpMYcs)K=o z^||{U*L7;+Hk4pcX{5g_bMFA22?5vtBCb{fEb0T$Swb{1;PG+8rQ3hk4|*I>M;iAR z1=pOmx|X+ZotBfK&jQ~aPAf5&Q$tgEpgZQ=7fqcwqIbKHO3m8B65j#62Bdb2jxuXgX<@*WbnfF;d z4O$jKU?C6f00qdiq{<&`%BA{yb4a@_T%J7!eTPTN3c!^kG{<8A#VU5uN#fY6o76?R z?w2^NCjusUaXu3P5q3k6PrJw4j!5QGDF(Eij z0pvDRUDr{@H(THo*>ekLKBgucN&4Ff#>gg6Bw-Z5g|SL)zc?g_d++;A*m_Jw!KcCD zv_$@?aXQ_}+DC^EGfJzB^wbrT+vI)LQ?AQlvYGg`ed=6VCCy6~dc2)6xyA3&z1^~Y zC&r#&co}_A!ke@T9wbZ%+8u9ZGDjfAfO@%3iSKDBRrvM0yX{VFFU9KD1dx5JipUJ3 zhh+B6(5HYZIsWYzi2q*J93DJhv%07J3H&Y3YU%8b@~@X1PM>gI+ae%OP%VlkJO*0? zEWC5irTrcD3fsL2$qMuH5WBt@_yqN-Np|k}YG@~+z~az%5e&w)+D>S|9di1j=Ldsa z)bGyMgzhZAST(O4SN9uEz?DqPx1&kpQ)sIbnjz(-t&{^3^>9508&H4=r%sjqxl|CQ zERmR&=9w&NZo|k%G4lIBa5_?8X%|gk4>v-v@Ex`WI^)zseR8%OhtSa?M-v0szBWGX zL?}G`hOB&L?KpKzAb(vk9JnhF17V*9cU^=&ffBndmm(UofiRoveJ#W@*_P|Jm2qOW zL8Yv(Ef~1B{?%=T;_B*lGN(%+IlJ%wp6jCn;{eQ_PW6{>fuiZl(xcsbzr613wA6S2 znUNc;hrX}25PRtqmLIV#v$tM52l1s#$fVTxD)jJHos)}Z#J-Sz}Le2`C9 zDDos)sfX`@;C#qTUH0z1%5UIo^m6);jkAGk_dE z0RnYYFoM_x@|N@=e>?u#y3QXk!h)!=8`;^B6$r{(&C(RT=gXi;hHPb^wRHlb4Ck3M zZnx?1M#0!l5bB9l*7=z{?}U19?BMoaxR8FUT3OpHMii$P@WmI32qy;xhVtJ3;D+$* z_JoX8*og(n?WR;iQeT^VIF+g3mh}WC(jc8o`5EiEiyMp#Ac9zMo`s@17)ozMRSKBR z{0O;UWz5t`>RR$vSJg(2IFqYO`YIZmN<+*33vXq_O31NTxj*uIH!Bu!+|9B3p&t9S zeZ(;@)TF6;=tn?#eA#_5xgk}l>jI5D-G_~`IlSlfCXXrZ-B$hk1x}GTAK9wiET2u^ zPa9A#E8!VEN0}TU`eR^o*Drcang^=QxcER!F1A0%;tE|OR;^yBE#V&AA}$c}oLZ`d*B|mWM>Ei1;wS|? z8BvEXTQ(%=;EM;MbY@K8has5sgboq1Tn+h@O+A!iY9iyK+dF<6hOXXz&+ZY!DddAC zBqv&VY_h_IUsmGZfx*Uch0g?5YMapSppijbd1E zowx~^r8<5XY9)}sN=QjHS4q&Z@GEMSeWLDIjb$Tce77Ht4N5&W>2Ardu&NpU}% zr|R8(qHrQXCtUp|gvzM#4kmxlNaHvKDIA<0FAL66&T8=4$MnB1=}EKxQ^{Q~Np+X& zf_M@zop<*ig`&xL-a*^mh7O*K&!JU9YZm?WDbOB2y#PtJ5!V?F|t)pBIT|M#poR5#ZwYb;s2&VNx z8!_w*1SGo+3=KgiP$2BbnzJ;saXYpBOeoy6&*OH`#S4N7;w7toyUZbhOcgbU-+B#F zd{i|+mn&*@p_xHgA74Jy??&`W5GtIiv+ulRMqJdmzeh=Jm+59B^L54~pDd5q;)SBs zt|=3@C$Xo^<{o$%Ww){%bd7RTsSyL?lADyRu!qdIG>_VgwW+l2Yf6&X;qXAqgFB|~ zy0nVw8}+U{)iJq*AeW#}{OK)%dX1)&&nftWF&Bs1avkEm=W|rHKCY@##Mje`I{4oh zW_&mcaSxar^1Or*0yHd*;a;rt=-7dp_u!9qkN=@j)&Thohc^%T(^-{{ z@>%^+(H<_yJ#MeP6?9FtMiUrdz8V2PVRH00usbUsnyB2=1C%jTPXGIn-KD*uZ>k#d zUohV0htm`dv-Z?c&xF=N+E)PKtNNKd2~FypWU5>9|D)+Tz^U%r|3N4z6qQwI;2_zO znZ4IJ$ChL#Ba}T-*&?Hmk-b++p(vY5WMr>UM#$d(``h#Wuj_fQ_kHUr=lp)(ao?Z& zGw2a31Oa8hI6-4Zc;lV}(!5n5hAAZ(uT2K$_l{z@cqJXr3+&}C-^Fl#hKZNYf`NW8 zr=LFBLdbHofWU*x)gpowcVFe4#`7ygC?^qY!^i%MLU5h`L4&N5!BG`4K_I5D>GJMC zbk!?&yc{h=-`<1)YZ8CLRP;2xHFub{aAABz9O02`sk)k41N5q85Yo2_zV-k3Yz+vyN;0ajN3rJMEJSoPc15r+RDF`;Ig6pZKNA z2f{3aW5#3n+iN(a!VEsxv+vCEjmAB>$4;Y zzo-nWpEr{~*-Wt(eCIZI3WaOH2Sc)wDsn&YY=yB_p_k~ zPp{o{?h7uQO7Fa%$k#daN6;hZ3mu?+!qyk83tQ_1MnVBc%Ya#*Cq*V`ClIp-&FGz% z#$?d(2^U7+h63B;VKk0}y=&87eh~&nh)sY3aSWN|JeEOs z`A`lsi=U6;6auoO61{!-qA}552Y`0z3$R$XEK!-+24JDVC|1 zH97v8vEZG^-227B*L%g|;qJ;*+*>;QPPvl_YOw~mIceY`23kr6ZObl;xpA6@W77Lp zk5J`|!l>AUig$^p-m`u0V{4P_5|^1=VaXCtmlr8xlTjk$N_-}w>0rQ#QJ&-F+z#j_ zYkJqe=@{Sl<`r#n0Y?`6Xd(FsvAwp+*gnKmTy zS;n@Aw?Fmk+O;;0fzvP&hNMX=fmbhP|L0+gvL=(14v!_ow1cJmzo7`MO7y;AXoh%o z!NG^2gk^!_3h4dv0O9jJ_+;D+wGU*Ff3X^M2)FQsENw)R0TwqEY{)9Disx}Y;RWGL z+@dR#Gu%kEhU#EY^h7}u0|X{j%|-j4r(;>AL{QS(8zH^0m{@*2{kI-uedoJII70h7e=WMK!}r2!&!K zeGut2xn_~z()7J1%OLcA*Z7mnTz)QLpca?3>q$#vilMX0sp0493BT(FCB@A}(M}S{ zR)4eASiy642Rn;W=%lX`c*5)Q^AWw3Y#V$EMCg)OcubEXKGEgkGNW?PxZ{NLp2~nJ$v(?})k7k^3Of>^=9~Bkl5C5|sgoc3jJ|%pLrp;E^r#SJk z@^HxOW#;r6iYDubMZw4{7@YQVaN8`Xs#<3B*g}9ra9CI%+*fEw3UBEpV6985t05#4>}J_cb-of2V)m`vVs!0w|%(_%-tWTA4R=j>t>B%)F5z-38OWqy_@& zq(Jvc6p5m+Fz^~ioWLUybsEFKF%|?psgL?u5r-H1#*jGhRaPd<+)UmgF{43$CG@|v zf>nU=?+bp7sGv2@ENATd3AZ(P-VZD6+qxw8YuUtRA$cV<{hQEHXlJX@%PA^mKx2xu z32=o$S$|9o!fdK$Sb!}^14G4T=o6wrcY=6PfF%b3-+_V-`w)7TTL2y6>bXlCKW{8= zRxz;}oqn`T`P+uJR-g>X9moN`?v z36M)fp%AD#hiatf`#K^6083?CrZJ!Bkh?;!G4RbWh)J>LwKWG2-aHq#qT^2a{P~@ZdCG-GjlN&npwS-LHK; z6aOiyanDS$B^3LHXbhlCF%L_qd+l{#MW?}xSNL5DuSwN~%wK|B=PYWHJbZ43vzash zu^HX_mGMLi#y{wj!kdr>)EdGqp1_fWIDBuN#)&%z6BMy+e@o-y6mRuI?6ljY;`Qsq z3Xx19@HPfHF*Z#qr)Y#q4s5)s6dKPj`E7lPP&r1kMXSDY7q)^AcO1y+V4P+adAe8h z%IGt=ApyKal{Lzu0_obJF@wa%aJ%YpQ21LdotPqh*-Ed*oNDyl(7Tn-r!;Xg+=<0ujf+nc6Z5$)DUbB051pLmIAUmcxtBqftFlv?Rp9jB zUJ)93wmc~%+tAOyKPla5#FiK&XxfPgEc1t484MLS7>-%$z2EtsXfC->&}X{Bd_agN zF5=Cl@09j}HLG2!DDMtU7hnal0tNz8c$8lPomv3QB@uhnI76f;LLc0K1#N5A@56G1 znT=c49SCXwaIK)ERpFh8;^Q+JQWg=Gh20?oj?+R3@qeQ(N~LqIy6+g7R=;{74|8}Y zkPV|bJV4TC_$>~jAqY&&;P!~HUA2~PvE5mRSgCQycvOIj4{^TWtq5%G78Yt2y2i70 zDy0tzUjY8)+`*}-6g4U|Z=1Q<}0 z3kNj~14Af`!G70jCX4l4UI4p_PhsTudkz5v#)e2V#id_j*q=l=2a@pwabV!wjBJTY>kUx>20X%*>Yg??q_cN`IinaC|@#36G-0`Y92 z4CIfitnj7bOIxOOu5h&5>ItyEISavk-v%SH{wB)dmABzGN!HI z%bkG@p(l1UzDEhEp=aLM@T(MDD>$aqrb@GD)487B6TN;%=e^P*>z8NK{0S1%wk}sy zmA|mPINk5~e9o4;+GhKz!Ckk>#Lo;RnZCRrfb`visi^SWNylTW8ykv1n^~0@0?sqy zNx>0$3%Xf&o1%bvgzOL}tcD7{i(Ws=i}pTaE)`4_(;Er5IkQN1S;XAFFt zfH(%*TJ-?+CL$4O98!mQDGVFlE^t)fTIya^I46)on49od4p6@(|L0XHwQK)Z%Kuxta0wwJrr&I(AmGk9*K9&K52pxML zDBq4vvTohGMM3FL(Z?xN3@&T`Nf;M(tzn$kUq`D&}sFnfY}Ty zS>U7-MzvvIN<7>LW&z>~;8LesV-ydHprYacDlah!$r{d3P(Hx^tMk(n5!uw{aed&P ztI=f3K`4BlC3{U(+XB~{Si*R|KAeKpm(kCd~8a&@gibvFTZA|{2t3}EnP{13ZZ zA=y_1)?U}5927JGnoY2NR(f4CfbEt#zqMhwuf7G z&bU*U8Tv(AJn44KyvN4*$#&t^E}3c>ciXM=Y%zu1R%{eER|Etb{Q!~Sv+L#nGDMJ} zL($hJp)L5V=#qh0qt$oe)`waX1akgZbfWkaV1PhnThTume8$@2P6vO*_pYtZv?88? zM75{K0AQ#VO6VoStO`%cKmHcZ0=!K`e^WpA^e28N-dWu$I`sQA+e)G_Jnp3Oq-J>) z6$(W2y|pSds>o0c*pXNc3gfbWyDAqkpZV_d+uqSCw{{IOh-+xL!a>Z%;EW>OXv7^99@bBc3U+(3Cs$)UNp_QeA|n$6;C{dP(iM zKcL1Zj>$wvM|;YB1c(-~hxUfid=XVbi^rJ7P!zS?BXgLILR3{ST!eEF2I2u!0lRwg zj43Npf240$r{i=B>b$)Qm1Gs`KhB%?-y@xep90}{bz$%{98Tn5#MuSE9YU@*GXBC% zYYm_$Bq_vz8mjV60qm zXR!CNUsK^vHcrDY#$**UHf=X=dFI03+wYujb9WE45Cah&3ArfZ1p*C~o_s|SJcx!3 z0)O*sK%-BC=Z<3gv??7;lK4=b8zO?i_p1!CQ&v}hl#|0=b#EcxPXuCM^QhA~<>lxE znw+omdq+_oo?Z;*h_%%|D|j(2nDt@Si=5X)s;%w144st46^^B}2I*tY@=Rv8gWjNirc<=G77D9I{*(LQCr%G;%Q!ShkK zVpG}e>9(;5)sdl3jF9~*oAU8tcMhDx&j5$Ggoqx%>pqRZPH1IA?&6^I_J(P)uopqy z)Ru;PdIOORXxd@N)(4&Q4TdrZxx0Kq{4xl7+XeU*Q8LM>&W6JXw?8v};&rOcPTQ*d z_3IDz7lAz2{{_O0QxN4RAUw#`FJp5qY6Bb?y-*m^9t8|pSRo3c+020K0vXXC z95DQU&Q-hqPG9-9Fj_krxfs%&0`H(1>h{N%O{#wF+?$m6$Dm1b9IkoSd9qB;W+T`-xj3W<@2o_y=!1UN-#MGd6w z0nOozpba&gcuRmFr9%Qa4EL!(ABeO^u-I9ENH=-~?leX?3@ksORAEH2!bt1+qjGB8 zI2mz@K(+?)n^KsLn!ivpJ%W-Nsk?ymg6Pm79dQEQIXDo==_x!dg$Pfia)TQx2mmd_ zdI0t5At)0*!Rtq{Pk{FHcLM`HUpQJokO^|}fE%WO=x;L}B{P2SA>R#l#3P`ovv6}$ zqCOiqLU-6K-P?{}+yO|9hBS2)=EnPe^#qLkLtqHN0z4YHvd#donq3=MF%De{AA}tSj!WfqH=`9&(pAw5W9-yZKT3;SwDnloCLVg7A z{qtTmGcba!HS5Q#a+$28g=5IykbTRZ;yX4&6cStD(t`UbZNFM~Z zjv18l9K5`WAe%t~Mj+C$T)V~yKhB(phh{8OnwEK+gQBjy-yVdmb?`>cydIW1*wRFJ zEMQ)b>&NSki46INhg1GoxCf6T^!M{6>FCeG9O}=3>Gl$UT$C{je-6cRqZ%79AM()9 zP&8D5Yw495Zp<#~Hb9=G{q~5hd$jNaaCy+b1Y_|~c*(5rz~CyeGI+VQwS_20obI_N zsP#ytH}{`uM=$$P`nsDwOgOPGw10}k0IPn8Zc|YrM`K+~Dl#7v6t1B3MxiAa=UR~9 z`moMzTb3-vi=xy}qJUeJWlnZ>l+beyJGgYg=9a%}xkdl5y8t z8?UBqmSOMPx~=Vf+Ac+pF#p4jJI_t&{);?J@Q>3_%!xWr9D-pU#`sv3wUw1Qv_=Tr z7>r30v^7sxGAT7961M*_Mj%ZyyyjofDh`LB7<_AXQVx)}Ev}5n14*TV1EU=^ufOoIDW0`I0`z6br9%RIsT#mx!1=qn z2rDcV;J?X2;{y$X0Ud%I5NEDxjYf$4&-)Ei_`HZ1k5Fu=Gn#kT;Z&>ITBtc5?jRIx zudee&#z4x;Py#;mHH6CoLA#}+106JsF{(0=6qCJyVX$f5?GWoa z1b09we*NZ6R+z%@boi^3E*_+6hOfB6X8HEP#|wtIt*(;FDk}WRn$W3usdG6ph&X(% z`0Y9Xbwfd>lnxH}5GdLn9~m82gdJDNq-(wm))f7{gGL{~UOemZlLq7^z|uGcQ+(GQ zV-Jt3DAE)1p+Emkgr)f7gU>a1IzKw{Rs0&s^*|rsGMRm2d9OBeu1p4ETl-{gKSpVO8{jh z*(6cUY$N{~SXVsBH)tMu!0#`Ev&(r&$+K`GD?-iF!nXrB|1gunWYh}$1arW#1{U|> zhK(UlMT6hpzkj2lH?&or>+`L?r(w~-1i| zxCR{`avQ3t5x=O#PSTD`ue|*1C_LIvDCZlPy<^!)4%gwWGaV;4d}D7b#zJ3|nR#f` zd*v9gdwC_?+oTO)!NB!2?&!C}_(Fr->htpesF;!J91hIV!389Ufpv|vs&M~c^a7os zGPNMON~iBg%FymF*)tB*=eNBvtcR|^Q*+5sXX?j-OG&%v`e0yahn z2L#D4>r59QBL;EQn0YY#Lcy{Q@1{;|?(C?}Al>@%!0nQRT;W{FSfUjI1J{JLMSqI9 zzmo71ITk}p&GIz=NFE)R8>eWyXntfhjNtu?=kF7$==lw$DZ(oZ+i`opIO$^bZC`es zEl)4gkr1GB)m;n2y0iN#vKuA)Q5B2@eU-=^d(dNeJ>Xe6hPL*DLD3{OBBkwHb>4LP zd?F!MqI;l&TxxTTKL^p~1E(D%f6oqO z9rn2hUNhiEBL|=gLS&)wI1ckl?wD&=u0)048R_!il>Y?gWvJXYii~iOkMHrG+&O?r z&T}b0NvM~|F%afx-7V5&`Wns(ZwQ~>930)ZqVQi@?~qE0etRKFuc>3xUnEWmad3e5 z61vcu&WqR4d4RMKXnb8TfE!Nj%bDoonWX#%ndO_Cn{U@hYuR}r78T}m)_t|G*GAkY zkD=^b_;5gb`v@V-Lm#|=PY&2E9dtggja}{tGonH;{H#PG93CayD}zNg(}n9y_)&ue zn%K(`^XM*Wf>#B#1r-R3d$nqU1v`_U;z z@^=BiPWSz-na)~2zoEPBJco}Rdjz`xPL`J0e6)a|K#6Y+OL+q&Jdgrx{d{2x=qE;W z51kp+`$;00i8~|HcjE4D?=L^`O9MhOs#)QX4TAqnLi>OObLi-X*(?7?spK~>#y^GW z2PEMXrg#uB!V%d7PJcy^6XxrcL?Yn}{0M!hc%Wt=GR~r#g`;!QIolAWt#2xY}jn(9q)jO21DEcqBNu! zfnKgc+66W#kmJVS?a9H`?*#S>R4o}Wlz@_;8HSOi|3%pPGk?yVi;s)*SpCC)1+n_v zrxUE5fR>#B7d%ou0gpKvt}7V-RIMdZ+E+liz{ArBt$LZ+M`G7ML-YX796ow95XuFZ z;5v=f5g}BXi%=--;qfm1ZO$wp;^pC~JjQRSYj^)1g);@oq$eLUI-m$tVq#(~W8?7M zUGJaM(-Y7zS*_ZO8QkAJ03VDH#j_rV;BextSt16+#i8o4bE!yO(x5|i1YRFh9kKXB zx$_F_n>Q_(i~@MP(P8NfKOTINjv|ByA`_8B=~nY`7(j=U<^oRi`M5j5;0u3R2iB%B z@DL~vo8Zz50x>{3+>J=xgEW;|TK@C%_ULWE*yaKJEx@M9eDSNw$H3Gy60LqHUF4zM zLAlTXvDQP~ik`Z!uOzV9MNpw+NxqUc4p>py-6<8<#Sv!Y00t^km}5cH@enQ@l=2J$ zr-&n>-|`+)-$|t6{v94jnVD6tgCBc-SvrG+((~_#0=2^HOIkQ}+(Gc-E%~+cWEXJT zbcDT|mSOoS)U#szW+N0oyG?ZQ2@P1*8$E8DW{*Cf!qI;-pGr8h`z>2Mgsty>bW z2aa0M52gGf`(-ubg%vDf6z_WnwuriYGdn8X_xPvF+NVCjyuJ)p5Sq&YE~p3~oVwRv z@KY-Vt_%2hy$HBt?skq&Zld`LP_2M&hOQi#HP&;)<<6AA$ptGGmCUDhdw-wPw22VU z`>+YOp)*vlu5-P|;EW=1iqo)#N45!WF{Syd;hjA2=;*j7X~fHIBeU`i$+zhd5mcVT`qvWiKck}Rfd`$Nf{h` zcfiRH4Ee54SI%`gn{o|yCbaW=@xXQgYrH_fThf8vfJ!IOogq;SD&XPzuKpum5MjpP z^x7^jzv4^2z!)%!K7I8E9+sK4v}ThVlmLj1z%L*WosxpYY6-ocpor(YCR8zrDw8jR z`+bQ;P{>_&6md_g^hm1254Ua{vUx>3?OJ}k$p6II=PS6n?wI>&91N~oOPpE}#Ak4R zMgg{B9h#ldzx-XT8 zm!-Pe548z5dZ_&t(yFkiGOwTTk>5N1LCTWpkGEA(?r_?PRzgJW=SYjXH2cWVb*rp9 z=_gj>*LdZdW${VDEH5d>PA`~PrIurv=uM*Do?2eKTyUneYwL>Z)7<+x80CVtV-&#z zA(g>LhK`&`bc>u6)w;qOUz|wuNtS zZtDdjKZ~AAVsoi#M?wc z0mrx^n8xy{H{cAblitk%Y)#YW6ij1ykTJ;^mb4!PQSZqu{?(~(=4w2+P_4Re_HEZN zxNEOc+Ba@xr&d^lu&C6TqD7w2HliCeIvlh7_ospDyY4*Se6_L1vjPSOvrcylZ0yBb z4f|Rj##pxL`Y72RYiTleyCFNu%E6(u^|^^CHYZ`A`hE$clMGQ}x9D=u*{Vr<%VzAt zaTCKU{o{k*=L|^eEIPOetiJ}rDL6`J8D|qL(@xWkO}@TUICA4u@QKCxKpkw=rGD?i z`6^`zk*wclLOE`I5}|BrS+}K04Y&p^WE5$*bxA96UZ?4(Uv8^XR^|1Ine6nG(P-Ms z(v^01#;0vprKew~xDv`BoPsk9@yV;U3Jtiek{aS^+LM@(e*Zf&RgZW~e|&y@}HZKtSnrgk7K{^@lmI##^jaD7UVOV)D7CHxvl%! zEk1o8c6fJXKc1T-%}^D$&imERmpgYW+c3zD3)_IbWLFg1pUPco+#`^h(`tM$HzQj{ zpLkCr=Oi5KYsAcO=fgjK52la#|F;=E-2HLPDVAnKukHB#!^A8Mh$0BaOMTmz3)gB4 z@DFn9_%(@6P|(H&5V2jc#3bXU^FotMnoKmAoh;Xz5BkBs@uUv3u>Bc?uZSjVh+vMt z&EIi`f{O(6HANx}7ouXptuow-}2aM{O#5w_9v}WvNmg3_+g#Jhh%Dyt^{vm1s zerRI3swV}eiaz8JTjJwnv6vs5A2c3456yo_Y#q*RjIERH%*e&gKniyP^X#Fj&5b^T zN?iB-Cb#g7Y+~~&JTIY+)v|WNYuTTNF8C!eu7-Izp>yJWdwV+&Pj8hQ*cEQQ<2ITr zTE9r2mSd<{Bxo!5{;io&YmqGFfc6iz4@-^!ynWANxn*`Hj= zoXN%9-D8@$?yjr1H%A$7=Pn;Fe@zHV4^O-?@uB5O<&Og>K5^QxzaD zvCHfsnk*>up=rp?&8>r(w^AbahxC9%k_o1%R9!kJx;{1<_Z)0);dGkw4ZGt@9UsG7 z!#c174?4*wB;|{|aF&T}@tg1LcasLFHuq-=q}&-RRIIc}w=B1Xt6Uxq$QI>0y1mZE z&dr2%tXZq>f4>7g!Od3rxxSJOJN$nycuzU;f5l#3q34)i9SIBLq0;m0DwEQ$ zALkw_vBdM1W9gYygbGwBk};|5EH9L3jNfRZY*s(**GZEGggG5T)n$pf9&O)K{t;@sJE) zDEzZ`_5a`NNH!6N0g))K(Z6RSpG`QI7*r+fB&NA1yb9V*NZ#(D$bFUGn09=aHaL^m z%2htTXq6o&{8H>n*a0EnTGha%34PER{LQ*9ggl*Ak3*tz`kZSC&ZHeWsFCH%U%P)fH?!(z+kNKuo?E+v&9!(MLr&E&a!ESD=6 z3vOM(Hrt&|P$S|Ix4Zmu@?0T#{{FX@m!Faz%d@*|vOvQn9om)_zm_4|jGKGhvwg|v znM9swrZmpP*FAbxQ(^d)(6gdmM-!Fn3B^ZCzTXs&(f^(8dAZ5yx7?A*`v@`DII9a~eam8U1NW&$nJ zlZm92m5-QuEeMH&ku1XR01yDJRCHpZ%DN1IGufJ{kwBn}zJ2)ICjY#2_K^!KMiQOZ zb@8-1-46T%SmtwTgo{n&67HjcRFc8?tGjEs037zP-H>9hUhL)Yx1)K}j|ykyv!l~> zKVJVrE2AcM@7Fk{fQ0whztF*c8m=8<)F+YwA~rN`j8 zZgEoMgWPOl+WlE|{P@clnM)*xUH=%+pS4QvAWZvPuGOSCxf$VYwZ^Kk?HV(~7UU8p zX@=slbFmw9hi+J~#L@W#L-`By;^iN=p1cHZ&c7ZHh;XH)R{$gU*XG^-!-T*y=qQj_ zCwoTZ_<(q6cGqPs=f}DaiU|G~Qmy3*TK+MGxYw$k()!L{+TC9j<<`onuseslm5&uw z_*&Fe)72^A6I-y=xZ4jyJ>_x+8bSw@pJi*jS=TWuP~x$=$WT;$NGCJ?*9zU&Vmuv{SLg zsX1I4JVwtNy$lxmV-@1!7PKZaUM=RY-!^bd?b$sU;1b;%<|pFId{XLsM&$%oQ26au zENg=l9UUFao0$;s01(T00fCdCnvetLFKW!7-}&_EI^x9vJE{@<#Kv63vTlcm_lBgq zPWoK*6}RxO$~W{ccj;d-z&9J>#qw4^HL%3mG53~fFH7P`GoP!m7C-4`xcrqf!8aH` zRTAlU=QX>#=P9i%=BkywlJqs!H-KZ)z~$g1mb^KgR?<583|UYeB`NjHu$CJ$kxtM+PS!^YHKBw-^O2K+|%SU z)oD2Ix@(2xOr*&fb6y*lQB}bZP8Xi!lyxOG%ilQh+fgp!P=Rwch7?aNOTMXNdr^yi zX?JsJ((XrjOI8VqM#$pLA8B@lT&g5Wc-JK`-*OBsF|CPQE*6_Bw^xq|Ff*S@>}=jO zY$m6&FjUK@I7@dXm$*s3dTJru&mrSn9_5|>QNRtCH_F>2_YFAJnL<4y4@4}fybp9; z+Vbtxci)vs<`D-@xcA!&1B}?4lV2uK%$qSXe& zG2!XTWN#SO&3;6R9wtS%zyexK)Y zy{NP4Ok7;ty9LYGj+;LMZEo?KP!_P9bqp#O(m7>(nsbmNm0%nsH~R6HW+z$0K6T&= zZ$GU?EORcRmWigok346}kIj0$7HBal%iTr+FTEQ>Dc|Y@(2DJL;e;Mi zUdZA9vE{e2n49hrW%E zjy@r{l=I`RV(lcE&jptsogH=`K1_Ek%I*%WZ9@1}*1@B0dsm~6D;IkIBuVGLL*;C; z)KHS?f5&8$K>jwnmu>$8PC7n4dXl7@HY<7ArQcf@FO>IS89RI3fbGFsssdtl!g|hM zFZ@9tv)Ay-tg@pX`6o_&zZYpos_j8?{6ja7(BMMzc8a>^?3e5z@q0L58v{KL^VWn0~?hii#A9Oklf+oiyh++A8k{;QvKC`if%#me7 z?ASYI!sY@VS>gkTMU1{N8&Z9J^%gvTO&z5oLCFZos5FyTu z>nNe%S1(8L{j;$;L{DgyG()K8v{(%S6bJ^5=1uSOLkz0LH>!@yhlG+Tzi=@>XFw{G z`vE`vtm_vaf39VZEv=c&>&NX)^7FdO9vlqx*z=~9cV!MaH)0N7TrCo?;vc`o=Wi|^ z^qjSX__1Y$x7bH}zNm|)9r}xIAiVQSnU35JSCccz9y}izb9{<^?GMf`ADe^|KA)kI z(MwBHdYVLbVl#w@(_jpDXd7y68tB9o&-u_o;jiG}a2Z)#yy0b>#F`orZnBZJHhjnt z6vw^65(bv=F1V+Gg$B_X}2!a6NuaKL4ps!urny=bGA?UoRCFvy1%$-QAAM@++DjruEt<&6XF4ZXd6zmIvVa-Vy26-@w6 zA|IZ`@U~AxhK1FGUHMTA8Zs+@T%G)^d);5HdJ)oZSoXE6eC20NS-XC(*qpM8)McF5oOZork-b}WB1ukG-p0Gkiql0!|L zs2+#sBrt7bS)JPUEop<;^wo-b%(D_gi&d=z#3iEKP3YFbL#^7|;&Vfp?MBm!*^fGf zx=Q5Nk>a&)O`XrnUoL#uWtqrc|@>_F^?$7c>_>=KndX&CzoHiRL70TE$f zRuu$87$j<`I;B++E_S4V3+W#GlPbj+RXDS)X^~aPYpOd zH8tfV%JgfrRtl6!%b>xIF^jgTjjb!hPYcT%rPn`E?}y@DoX)9-l-PCpg5@L|%kR7I z#+*cvw7C5o~)d_dS{m@kF_?$0=^GUdVW|BKI>TagI&s%(=}g6+D||0I}aM z$b5?TZ<$W}eA&XqNU=j%F-fkuFN&19Q6e~B`sM1K2I=!cWLT9;ZGO~ilJ3`Lc4Bf0 zUZv+wjCSTujIF)gv^cc9UlXykPj%qO<*5b|>eabED$oQYYX`O4@o%Mc2bgyS@&r9C zdI;&vVJ^7Wqq*Kxaqk)C$TVLz&1vK{v===P+tm;2_M^>u{^#n9;fvd@T+Liwmv;)l z*P@CQw9JU_Du=VRf%yiRyu3VY{)fK} z;3#nFGr3QM`EaoBC88Ca9(6*Xpphl`^W{8A9c>{4%Z2>>7>kav5aCBXLpc@dg*F-C zUdW>iMzrky1%mgwiFD%C+jS$C&0eWhE4 z++(&>R^{a~U71ACvzCr2nwp+P4hSHwk>BQq(cb(4cKB4n-rtUw?W!fR%krdDa(2x9 zK9(KW2S>$--(#I#bVa3=Yc--VFm&h9d$W_1_58|P(m@pA-?EZl`m+?c$p`UA`rYHA z#;=EC|JBq z%_erKYkAw3W;Vi*_60nB?lY3x*>CMn$oFq8wz z*ulDovF3(0fzY%amH*-@h=o&p)(up#DhB5Md>T!AjdmRS{f!&nuBx`UezCY6!Pn6! z)D&tJR`smypp?QCzs@~ni!Y2Dy}a`1{g2D z$bLN;NP4H>lc*4BFQ=WiG7Xhsqr=ma3g@qKTF@GG>$kdBTh;~J8@sKk;N~jSj@H>Z zEcu*ZX6EtHC{W?l9*SeQ!7N5K9E#Pn!QfZLt6ofb_wteI%xPWJc4=0rfg!wJza*(s ze(xRp6`2?JC){;cc_&tuS@JZ#g|w0B6>ac`Uge6?&^viOXkCf@uz8lcwB@s~xO24n z9S3Tcwz-qS%4fN?olN5Qit-Ic zuGBcvKue-KonITBEAt`4z*^owVQ)~k${_zno^&w#OkmrthINYePDR_BTssNP6IsQT zF2kvL%K;6wpM2i`8!q{34s|kO;HKYUHp2gY?7L`PZF*IVE2DqeYojdmZ^Oy2X0z|M z=CtTVYJ<+yP>QZ*^5U<*=^pQm!5-I?)>HA<5vIz^KT4mACH_L2Hh$#UyTcYOe;mJM zYHc5ieM}Z-YYM>L`c>I^aNm6$suRajim^`nzUR_}|ZW`Qz}_&x2huGfc$bo-aE7~JW@xpXOg3ktQ|0`_ED1Nw5v=<|eSLim zwI#%BTWL&LwXAmO!EXw?617SDim+wa^Rq==+FA=<1Ul>PeXFUGR-0EA8?Pu@wECW2 zJQWI`zR6nNS^MDIk2QK;v~`Sc$l{%nh-(`6l1k(ReI0PM!7gom zeW&kLCzDFc)qYyKZ9#XYd`sQ7%wVevesizjl|$h-B> zzc)K#i=*wOzF+mzw=MHX^4$@@{cqH;XYe0lnSI0+N9s>-*4LwJc*(RTrTZoVD^Qca zx9=rYdHh?xr{r?-c{Vm+Xj&i1&Ofe_V)e*Fg$GuaHrf8~P;Dbptp+=a*(eTTdj9S6 z(T+x$XSB3MerqM_2Na5RlM!}@cUj|emY!N>>d>*6-{YfVG9X=dbv<5)rM4LA#V%VF z%)2Li4ew#NPK3iXy$+x>gzZOX+^?`Di(CMv( zXBLyefxxHy@@%L`!Ma1iXV18^(T8hv=uQ(DL~uR9bdQ+njH9$g^0vFMZ(pti9f-@v zuz$B4C(*zOB|9{doU2P~QdGEhVbHJeP+vj%X|@bn+Eh&|)%-mAqWx%K1js{x|AlMA<;J%=d7xxuM7c&6uI!hEiMa0DFDZv_IEvi`HX?N zL^DwGRL=H>uOs(Fm~JDM6Towa#_Txn0DlC{kU^0j8y7bYxF}TP^uAkDr&VXbtE(4j z(|`&W9u-B6ejlprmbSJ}U~;F8!(~dGg5C{^C~*u7ntO!|XQ1S+{S z#g`9J96g$4)&}FzZ(zoasXPBf`~mQc>Zb1Agk;3|8N?AMl$d@gmU0*p1?Oote*UL> z++euuGX0rPf_yZ!9E9aUh=BnRfjkgT#~>vrhFud$?-Ak48Kja$lKI*hWRhDyPl_@f z2g*H4F%bos`qcE@xuVL6H-ip=Al{VR-@Jtc=G}TgDnnlkF7`(dGXyMFl!J=Qk`em` zWNc#)ZgR`De> zUgS@J+>d|Q3nQ8`kkr6KiW?YhNXy)3>UGTe>x;5OKEP0dM!K{5z9X0*AqOBd%ktY7 zN0esZWtjs@GP}N#4qzGJL?FD%j zs?xz<9kD7vqJg+wX3zvUEH(_fx{Jfw24%?SH~gtB02potj!wG?&3BUZgS=q~Z36 zuCglbR(s$Z>=jkAiQgDSHYd)bheP|GTFx5^m8DDHqbeJap`&~nuv9+p)qkzk^*Bde zeBw!hG`;+hiv_eaM2h{JE&IarkEzUpdlV6&mq}OlyK+t=t4TE;1f6 z8gm5O46s;$NQ!bW9^)Tn2Tm>`Km(`FX`{^XdDOA#dPsL-8VGAs7KbzKvIH@ z{}^iinNiTd*`)fR5^uq;8ntHYId*-a>l07h-{fo2gdpYMTObLmv1E<^ya>;om6Zt2 z;CfKgKLMdKLF~#TECG0_89;k*=zuX0BCMmp6_HVI0YngnAI4dd{PZa?2B9*4suv}7 z-AFJ<3D3!SBq1Teec^SVJ|;+t2|n{Agv}{{d6C+vn04A`(B9;&~$MfVO+$MCyKBoUoUWph@6It2hj5i}`)HT%;mCo60G+`(qhpgWR+z($1UkHA(0utH?8T4F@o z0bg%X+aL5|+~F&z2kCYyAaNC3H4~sU7uL?qE50K?eu?CrTk0rI90@~qpXM-~uaS|ci#Addc(cvu-oHd29R9xE}v}@Tw zj76juIPR*}R6z?0dV(l`SJ2=Sh0Gjh5>3kt6a0D#j-q-v`WNnL*uu0OEGRAa3c?)Na^U<@d9Ap_88UIrcq)=MH7fJ`hGU5%7 zc+T;Nq(=Mg!yW=Lz))=F#~n%VmOdlyeg$dNPBH!c>Alcu4F(Q0jErGGh92@-e4p*c z4L2Ap(R!4#jk2O(wRDKDP=Xw-#YGElE96FaQD`0=v)BH-t^aZ=T<$e2L>4ZtqfqYM zOY)18Akj<|3`q`%xSI0fh4EFV4u@uheWR~^JgEN8F5I~2(1T@s6R_y)hfVoIdX>kR zM5z&O2h(RYsS<-%myjYA%y))BI=2ay6hmL5WA8v<5K^?c&zCh1P1E@8GfVl3d+e_v zl&bdBhdCf_4W`*fDT*lMOl5AN$<-%yQ*S51GOw3Cn~`j(pgu`TmH{49tT*aK)q8 z11P!D!6Odi59H}x2szH~ST;B?R|R+-Zgs#AN_}?jp`aCrUPT#uaL1De)dxU!j`;rO zBw~4UFLYbILKiG5uQ6#*v2Q{NZ7@wsI#6-D?>IbSOtF;jH0fRd27dN>jWN9Q3-2&$*ohqRBikxq_^RUD?hat7|LB!{Y2+TAMyz&MA7 zLxosx*KJ~Qk`H2>;zJUjJqrQ>*aTdWh#w7y9J&PHctxJii1J}8f&9AA{@cz?ORMWv zeEdGl#{y%I!rOqgtp&RNAFI1J zoRM8K#bOTyUxBn_2o$m?QXBe@>sHK+bK3By&$^EhbxngF+HP9|svTs~C43gdjvrwU zYeSI_)xb+o&7r#yJcgIx@EM2N+k(g@;R6{4nL5Kv?;+Id(9@~!eGRxSGz)dfzhIeU`wxy^3LVlXVtgp?nEM4!!)-2S17m&|c^H z#85bB`|Z+ThiirOCLc`!ZqqHGTmbtk zi-J3k*t$yWaJu_zCCiIsG@Bb~(l(|orWG;J3XT_7|3T41D9{c1$TW~2pqma#RpjXo z_1#P8UQoUWm_t5*LvswuJjlc#gD$NedjheofWMDy+8unHS<&sJ%Be){8r^j zTue+L2!=9hYM7wkl7XiVJUVT-&UO8grTkK~388p0$jaa&l?uNH9*EPEaNm#R<)oM& z(St3~(%SkFqz%Z_1`%JtLy8T`#;gwo7XCI;Cur1R&@O#QeM z3mnK0(c>T)rnF#*>4VzUVv+ztH=v~>jR-V!C`kpWE5IHd1TEundZr(BH6AOQ>|~@ejv_>|l@TfHoMU8Vq|6khY*Kb4Br~#(eavK* zc_c|fC8Dykve$jRKHuN{xbM$jJw6Yd@qUf#dS1_g<|}Sv8qmH_gCZ404Cv}=-nw-f zQlkPux;g?F#it5_x<~f6zpux6ZEbBw;Hx)=a8SsRiiGAHwaKt|Kp=2|NMwhbC-AZKxi=qQ?b>KK zVx%n%mz9;pBqY#7hYMv&ChTsMnhOeM)IFfs8$x|CbVI{CkKigV-JKgOqX&aP4PdW9 zfr)M(`19!iETF3dxgAxNl??K#I?>d(L!+o|r7R=E+eCHXu2oTR_MU?;#u6mHlF9nv7Ly&Q+eQ$5C3Fa59SmWwjFP~#&c8_{1Ctc z%?b#sztX5XJ-=B9Ie1P&*=-Ce+1cO5mx;i}EBhh#+l7 zy&#LO!nLVP(36xn&VmRKgc&LgzT3taTd2689ZBPEd;_*H00u~GoXk9BQ9D5UV)5~t zH!Dy`Kj4SvkH%Y3u+`oQ=`jWOb5>fU3oC019lFkB%hU6nG zHw<791@p7fDEYtsARuzC8qzQ@<|>3OUk#xzFsymR=eNZSuD?i#br8x)&`Cm|Y*gJP zNT7ku2$%{0FQG`%2uHslHCJLOM*=5LP(wq52!;#-w6i5o z!1{Uq7NTsv*8p*BIGEYhgl-5zkZ9WOmQYy?96>MsWERK;nA#VRZ>yPeCyE_VuXsfr zVYm4T*JzDp48KfBQR$hxKYGl#P?21pv!O;;ZAcJG^b#$|+wl+E7 zS8e129Hv0DSmvh{Q<;n5A!>T3_%Wd6tl11KScgV}lw?ZRG;gU`VP8TL?LaLfIjY=rYg^BaWRWAQczjynxeq zp;uQKMGgUa6n66fBj;%h+%5s|c+s5%x~a1J_G^(KuFl4U{Onv{y-B3arYej9+w?>7QL zy&nu$AbPuYiW`sZhSeB@?1ZN-e=0ov7ATdWc=?N9rlWTCrIC${1l880P(%mVysBRA7GdxwG+gAAOn&r5^7eh zA?FrBoRMdLgaA--x+ahE!zjn@`gQWiI{$L_Y}n!K!;c;Ix6DY-mMh|L-oC8-1hn)^1I_bihHK1MH-CCsPpoI z$_ZB?0PAn<(iMf}&xX)H7Jr+AHQMPpyPy7DFFO?O;L$@<{o>}zr%U3Ao{Ew7r$A2$ z-*Q)OF{&T(jl_RfoOK%TA5ZoA@N13B8C^^BGJ2h4=3qYn<5wR089;ke7zYK@iTJ*O6)940-)QonWmjHStgwbFsGQ=N=lX!I0072w-BvuJR2s81w(R zy*A^7-Vq!JF&M`$1=q?IM&;3|ii~+S*MSnE6Q?NoQd>LXtD!>#*g(>q0R`a^@HB$< z2<^Gvgo9GR<@_r9JOSkK@Q__h;N<O_X*eB}7g;PMvfF#4+z@hK@?J1M|Ozdl|G;zcM;#1g{wk8zd@SpWG8 z<`s?9(f~dsX|=Uax?6*l<64{YPE%m!sGK|kaiMO(AV1R9m@9*KU{-BU61twz? ztYSTV{iZ*nOpA*$n}G6K!5wbPz6c~}l$0Y=3_~3GWv+`Vc4TnJOjGQIj_i44 z$SQnMRUH~&f%E=PjJE9yj#4&tb30X*DW>K7qSu^tSN+Vp4$ye#?6i|)a@SRMJ!neg*BxPb^mt^6AsrroBcG_S&DjJ)Dh=xuIMaQPi zJ|Vn&YI=Gf+!X-92lkJ8J*W{foDLlwpoea<~LDp(Y0X6(F}K1N?{Y0l+ozeM~uDj%I-k zXWbH2eHV)Cm#~IUc4R}XkK*g1pwBX;0gnTC#XzWwIKZrx{+2XV4xk>C?c>m*g6GWB zJcBQ5Qt+UA&t*XnonX?TRR)K81A-suQZ%7fmT#+D`RXXBjT>7>xow~hjP|*qU;{-T zSBt%>DwPFffW#7C_H;wL+XQ-+R+SZ0wg9r0-3|G-A^Htaf9yxRS$$K}sXqx&r~il6 zlm+)47WtYjWRJYptl_G0ac_ez^IAXz6w5G|y9No-E@|>$CW1nBc658*aD}SC=P#~Z z47)o2Zh#MszTzWf!56nvYQAA-S$vUk3$j^iQUZ$Ay`aQ#13J`C@Qx4=Ndrs6CTb=q zx3hoM4VMl1tPaf#LupY8f9D1W&h1rCK+6vR&4v5sV_Twh%8Y)``{!Oxxc`S67YF}0 z#Jp>+%b2ov>?T*C*xLC3dP3cGyQG-c$KTNNapnO9zpWp(p#0e0p^|GfBH69-3mP)q zRv$KUzJl@BtH4RvyV(&>fyeh6%MU3Y*M+@KOTv}v4HhU_ih|y8biWzFJ_SLN@RY$} z$u>?5Dtq@gzF>%%=|}nSfjC7p3r~M>BLRk_#Q0;oVB9q`-1@Q;w+Eax(175sa6XtC zi{`T@6>LBwln%}R%r5*TcQ5gsZQwoK0-Z6&D0l#M@*6()bcn4_ zA=<}?RoZVX<%#l2qjD?lxUZvZ6lOn!9s=Q(u5tG`}E16w{C27^n2i|+SCA9B|J4V8|Ehs zJzZbSPaEzyK5qkh-Gt?LOv)vW9bcW`m;QKj6#T0@(XLwPJh_xOTED(?o{rL0tppO|lkKeN^ z{C-rKk8a7^m};#A^xF>&Fg6usy%3mx-ehscrf0Pw#K&M{{+UjnCZoq_hJj1BPL5VK@n(6X3wDFn4%m&w63_?Ty+w$F-`@ zFHGQTi3M5Bm&H53!D|EgOXe|L{_{9&lTEoHVs2?X3JMUde#V}=%@uERIS*ko)<<9( z@_2Zr$fb%X;VUzfouW#HTi$fLS{MS?nKOKQ=VDox!IFf!s#TUv|ty7QGk7Cu|v zeKT|%pPH0(X=-YMHiqW_eSSUNdpQU4Ik>G_Cho3>tw5hpq9&H2y+TSZE4KT@?++M-(ryLK= z>0HkL#BKfnhKt*fA4_f0>IXd;d(^?had;Y^^pHr$-!c? z*KdVi+m4B3cIJ|zB5)+Jm9i+G!`;YYixH+3GD-Wvl&A^h7|jn^fGPqu4}+>(a8jz8 zm~g#0;CfY{@Wssi^`M6_FN03)P@a4Enbq3o4G z!*dXa2%J5epf4NRXaOTdojI|6HJnTE785tfFw2`6%DWI8Mq^2<)tnaoOt`U+e-eV{ z88NVnUyC4$|6AF@NQQi{F+uhtu+xKJX6%nrgL}Y58e`P?IXpak=wV^rIK$q(s{cp) zfVc46=^?#f?g9&q0bbA^D&m20IM!cfOyZ?-kEtEJGGi0x9NHKv%hViHsl)oBDh3!3 z)o#m%-8Zr6hIjE?{sbdF6)eA@z#mEd>y%cJ=unQK3X+-LBx9%}jdYHP+)0Nc1vvft zR96SR+2@2hwJRz0hZ=(0>&mA)`IUGsoJ64^ccd>p#7M(Y`Uzo3-BA<7F^bhmVr)NqHZ!IndF1@w;xsCYW}jRv6$F zfO5{PpUTk9yZTyVwu!v_XqX196+is#ps!tD5Em7F2hG929XL_@X*a?ye-`}N&s4wY zpCk0_M1?-vRqwR6)>g7VkVitly;gs`_;Jm|-Tlm^x56SKZkeVT0oW;JsUQPle%U1VXo$su<#z> zd8xw_W#;4z0X~xQuX@R3)f^yogrvO7H+a3Exm*eqHICu!J0ov?5E{P~ZSMWk(X7|Q zk(;Vd$8SEZ^r@>nQxJKf^#I`nS)ahF?{{YzPdOVF6hEcAa|gbG{(`wRnr>*RZvmu$ zCOcpV`6w-o4oGpPWsWJ=E2)j&j}B_B0O- zO?y{IM?ml7!~dBt8DowEWsK(tGUIvpqL8xHOk;1CD^W0Wnci4mF$dJR@a0A)C3Tkb zpr}s(e#pbzSzEwQaIx$1u8d?p6B8iTI{b)}4=Wtr-Nt8K@Xy2jK%4?bkoOgSYlBW` z73dfbAM-xg1Jhar21CCrDJhBi1lSD_M3F!>&?>!l@7HDsbw`9R%jQL__dHiIKE7bj zp~Z4NyvitWpAcyWO=+W}F`&But6(lD-UymN5Mu-cCm0AVK+b^6=|f-`tf^p_Z-6j* zaQV)iJ8@Qa&<*ueI$wonbGj><^q!e_`Ju>ejs$;xGcnBKbuIg-M^2W3e;^EBnS0 z*CgTz5ArbHT*9tq!+XdEcl3!J0vo!dbdq*;>TcB0^bg9%c6THl#0c250mep?0$RgR zsi}$UlLd;bC*p7ikN!;}t5oS63uf}=9H|{>u%@eZ`4~@%HW;kQ@r_{fck%GaPv_0@ zP%mVY>^frdo3kQk5hL%xGu92Wm=ZveA$6Pq0csGMd)lUz5%j^)RDD%Lcaya4b)^SZ zXy?8R`Yj-|rRvvsT;HschA&bgX^+(huw3(-T&oxhCby1m>wV@vgbC zcG@@HJAOPSbN_&&Tr7SHw-D!=nmUZ16Y(tqgdV|9NexAJH0p?$KEF2vnUJ5iUqAC5 z_A5g~3`DsB8e3e4t)JSMb0_6WUN_-H`!B>^xA5+NcJVKdh3gyQBXa`A%syk%cBuUZ zw%~~P)TZ2l`HBZdZ06lym4+~Ojey&QZRf{N+hTF%j&JU~HbZ`a;N2Xumqm~typI4m zk+!Q{aE8~?v3wg_59k#QEK}+c2e!w|7zvU#iYO&r4GRx11us#U!n}mq=edmYVa&aa zeA4{)si>Ho^ne_Cr3HHc(rsZLVXwOdGgp|irg43yO_Fhb3p1$-$#%v27Hr+;bmdh; zH9J+Vayg*TQ*-k%LJ&%A1406U2Q44vyr4;dId*fsmt{ z4NeN{(pNqoPH#LcA=|jB32H-RjtBEvz-6E^eE#P=OmW_z%ukek1=lNZ7bD$xx&Ilp zE~{A`tTuf;zuK_N1I_NoO2-ruj!j5GH}kChha-q(_R2@kD&&A{(dJB?iK|EMvTc7{ zPj5RlH<48?qyYYcjG&}a~s488f-><(3E zbdsd-eY$dSQd<>jI3Dc?6OF;lGA0uqvzD-Z5}rA41UtT%#95}7iA~d9$(=eqB#qxH zchrlV%pSqQbw|hUX$0?QQ~Oh#Wh$PR<~6F>ez@U7sAJ%j(~*7$f}TEGyhiBI zCplaZwbb<1aG0^3ZmM|8Rg^PAZv%iK|42fKC>S%kplOE~+HqH)0^MS05piPDBJ+`G*OKB7?;JX3h| zk74ruf7YIBGiBYlZ3`%Q3c@m=EqCFUS>E!NdDPS}wbwcNZ=e@Aq`iM3y$=|1%ImK| z-VaveOt5Tj=kKKF3N}{)NZi`@9qeMgVI&8Vyo;AE(aih(GtvM~Aq@mm=s|%829{%x zEWr3r8mGO}9+`(*5z173X$ptpl~jdLsMMfhrH32l9o&(~wr?c`*bA?Ro{azb?W_To zP>F(uIVQDnb8yI26nKBBk+2nu62enmwde%PqULjvCS zJfO|*u9rz%83C}nx<>|MbU!W)lrrqdJpClxU5E*c2BTmn-U1W0TaeF0#vPBVK7|bn z-Trg?wayqbJNxwv-ZJVyMJj^(jr0h=rKR@vhjCOUlH4y>E^=jQ*kXo_9mE0(Y+3Fa4eVV}e z@Xx1;hw*|Hj75;)8p`^C5#mVw=HClIe)zt{KeXM=x$oF>eg-r7lq)jVp}#?#DKAq< zbPRQfU`Pj>$ml-ij7N;Wm*$_@e)bA&5*#%98I7sz83_o#(m3aVB6uLn3i(t3wel9s z`;p@gkV{%&`nT{{k;65oM(#*$YYa)C<3FL}T9Hr}$YLrTm9F8VjO+v-POTE-_SQsI z|CJ(0GvLPj<9%eHImaqP*2Fw~AF;IsbmR3oW47h6eoiZWglRZYTig+-OwF-=kfyFJ zex6(}lj;hV^eBI9acK#8iyj5PF=+g4x9S0z4DOx8i-nOSz@MH0O-g{?ff5gTOt^e% zV9wwB_6=OFTibJfU|onPv!yUZq5Jh0M#|tX_?aTMbu5S{bs&&I)}s2>QJ7UQjF31t z;0c(he}G$qE4}-yMX~?5f7Sur)&|I_4$|mYfq(p?YPfFBnIBTtQ#merUrT!-6B7=fHp#~QhYMhOy?qd<^#<%3rx=9(mHdp^+itSK1}I@A_H2WSzSbV?)(N7oBa?gR*Ueh|9%OQ1V=UX)ZI@M!MR zj(v@dLrCJ1GV~Ktk<)OebN)60^#Nj)Wz|dlb^Vtxafw7aZhP2glyh<*!>MTTMJO_m zf<2hY+*dety6E2GFD;EOZs-Hr+b_bbP}qm{$5|wp2L%K0Q-Flu?P~#CNW1h4GX3jr zXUes97!$X)2IYWB0_WnU;pk}?U|t)019(g=xEg2EzSt$ogGtxdO6Sg7bSZ+p(f@!` zCnH{emCd`qP5zZdP*H@G^>2P6d+kTXkg1THl;m#|9oD#@EiV}wJz9TYHowLy7xmrY ze0Ih^@q^YEICh`gcmazSMlCf4n7Y2Q{#<>UdqW-^09avRny+^Eu1vg`c^C{C;NkNK zx=H0PJhhtxY_l{?+Vw~B@+NHN=(IG~2Y-MEfC60#ih&qOIS{U}9Y?u>|0fXV%qp9I zVgJ}(j%{SSNNJXml0uX6c##T7MU}juATIvIM+gW6r}msze0)@x2?P1RXM7%Y>+RdW zU;XAyk>o2mS1ZXmK1aX#+aB8n4m9h$#92a5I;5tlsbx9%#JcTAR+mJsEfuKbMCz{f%Z71~xj6_xJI$=vC1 znL{irWAWR#K;7C%Fc9o=-m?3?no$(!=_6ValEe0N?{|{BgBmwsyJymdjX%p&Gw;2% zuX(h7eTaV^+jGG(&A#V)-A5VB^EWQ`rO}x`0YG5zUq|Fl zai_QBuMUc5?X^}9INrN_(D`})M`2OX3nnIslf$(`OLKxsN!8f~jpYu0qnl6WH0!N9 zJY|^m2n3Ii{y)P*4DaLj7I%I*&t-RrjdQduX7}uF{T5%nYu*mKvr&Z-*EaGxTT=bU z;px?D@&q5})jIchKQ|prDImveKOpUh`2uy4{T4(?BLb_ow)Xcw2VJW&9wjW);}+Jy znW=IP^1&nJj(YKr@$hheBRkk~xGzs19#d=nUK zuh;45g7fuL4jn#Bp}vCiQ=ehVbl|QgJz2BAxphufN~*WZclYEeDXG|PFBt6ftIuDU z83wX#r(zb^JOKUVR+-^{_Ku@(2rc*OsG@hT9V?0mcyM@+o=+NXwx9V?k&b^;Y==IV z(wO7WuAIW0ze&U@0EM5XrCq)oJ2JoY1y~%#SKe*!c>ms=Can0a7HWI>0!T{@p_+$dp1;ABRtNTu1NH6wrS4ODxi&Og zyI@tX@Yhhcd{4m_uBjiv!NGttviavHnge}W+&>?W^{!;yH3udN6h!3V{ali2T0PHF zQ$Kj-golN3W<6i2FCf%ru`sk6(D8WBL%5ibOT}Z9uO3t$1gPOSyKfY=X6X9^yz0~hJl?6WUBDU zB)1ZT`yb#{n4mLTBsh~Qy5T>(#IKH8BWzHF$9~M;>ahbN>GoUBv~}*(MIkxx9!_*Ns=Z5zm+^Ktwn>nNsH{gvZ%)FPHwUM)Xerspe&zo{0|l}mQ{Qose}d+`6^o~@4=0!^^L z^87=4JYOz=jA61G5TxFEQM$9aN^Cx+Lq1K_O)lVbg~yAU_H=0S0( zawL>Y6q$UkJ#*+H<}}X4LHXs1*FstCuA)^V23Rh6mmdWOzk~|K#m8nMjY~;sZnOOZ z2k7ojQoUc}Ny~Fhev(^y7nB{t_1kj~zO1|gBqSo>A9ywhZpKtJHa05%N?iZNm){r> zz|AT5f_$A;uDH*q@GBGtCKX=L2ypqN77T$2_e|>R*ROd`m?8(L1#|KG{I_UFOnaW+ z`oWS(j%jj~xL=6b$Me^)@2IAGs|Wd$yP%#O)nVOayPX|xt}@l&mb1{k!hD`fS83fg zE;S1XL6c|U6ChQWZFW6CRLI@`k8BFe_AkYsTpyZQ0&?X0$vp6OhNj>#c>JRwWb+f{ zoe)I9LjOiFHV`v|`2SJ?A#ygqZ@)&93t*f)<|&9MI1#j??bO;0TjlvmBM4^P;65|- z@6cv7C>K9AeWcn{;K-pv*0+i4K^k^4l6~13`=+?>Qk!+D(fdQ?S8d0&(EmcwOD6w2 zBEBLP&snSe)uwlqfC0U-1mu+T^77A@ufALJhJh&HB||DPaGj&ilRffmW?p<{Z=47& zaEKi72!UEKeba=&5m&XHS@+LdB@Tj^HQ+w!@OL79%(X1QC#pfH_nmy13Isn*pEZ@Y z=4mqh%MOL-NIs2pIH2Sxe(qeNIUssZsU$`ZzX5+|Vu0O508(MD{vA5r?hv9a0~#?v zcWmgnafYj4_`*075*{v9sHw0YSU+PrCf0E&9HXA%rsW|$cogi=9KsANpIcWAp;?25 z_6Zut!zi19t2tdVZNGy+YX88*y<^7gkgfFKN{dPRXtBye{w%e=i4l}{cf z@E1GrNHm)D{2|!z?_&h-DqKSlgHt;>Bd_45iB%_s{@^%!)*b$@jKh}RX#Up{cqfRb~lW4D4bevT`4Ed z{>;zeV6qM2_d(s?H{P@O@}*0T71q7tSQXSd>OEBlVbbzO4X>A*GOmrM%E zU*Zn7q#x9Ey=f=9Rb~(;2aYy_Wc`*7`hU&*dy7rfCLJ-iE`8P;j9W;Co}3N?5GZmr z1ri<;0?6J2g$q3h6qK;LHLmQr(83`BXcO>}ZxE98S6mbts^=E*(yg9I*#M9D-nV<| z@&&oMx0XaB#wE5G*sR{J7IywV52OTiHCE06V#5xVw#!lv6e-Y;xXb701zfMUT=N&R z+Wywy|ieII&rFX<2aoH)udftjMcmi?9jlA-*#KhA?Rf`Sb~ zFclmshT`u=e^JU+J~egqYv4ew$<|{9xMzwKAL+Vt+GQq`-Jt5Mo6~gw_0Jr64TZG? z3{?$JH%;w8aRQ@JHHZ`**kog6wSp9kU*pg=hXJ=4G&_<#<(I?Semk?ku| zbbvk*+6+*t92jxP9)!E;a=!wMmH$h7I4sQo5j%)ThM4}6X<+&UNgygKF>yZJb06sM zH{bj5`i>9)_ZSQajZXtjj0VaC1Uy4N3(~H9pMhLQQ8?S_f$sa^N0)J$@a6}g^ee7@ zM?Wbz^&&R*!ioo2m;yVP(s~=nUub9zW8+{X#Q^>&(vCrq0PTlE;^pfVQQ_N2n}gD4 zfR=Oy-cS!D*C53=NSYwKNfRa<@SDM)<1C@1rl<2ax3pXX!Jvy(^2rG@giAxND+m({ zOv>nhhK7I#AYU&4vM3?(1!xLm&;=qj{pj^$um#njivtx5=t-Q&F@Rj%XFbBUdV)bX z19P4C;ji67iW+gYt)_-wZm#JGJ=^DKtUO*ujfx`IbSz9eV)R$SLR0wM2}cEEb^Y5W zZZlI8(II|o{7*2?oYar})E$KMts=7-#K0mU(vRRhatLYd2-Cp^S@( z%|=i31NbfWBrnoD6TdWL+25p9H!AM03T*g9T-e4aqJh{+L$h8e8mgUtlZt15TJLJ zN*Mtk486~j<~6KP;Yx(oEKS>i)FWFbF%Ve%%rGqj5k(t_=FkusG~RqL5r+Ho0x&6! z=f|2uSv&zr{QhSX=2|F?Wen*2bhj!tlmO)fw+Btwasc5+Cnvu@6al>s$_vcqxeu*9 z7{fiS>$iEL_y{)DHDHi}O7zA+$x+x8Xd|L%iJ5_z@5Q^^&XBBth71T20=6$Bw+v(5 zgXQxGj!lunLTiOo4lsx~dGr)WcLM?fC=THykS$h9IOKya;wAJAFkYcXCmOM< zHZG91^&U7Pe;`+Z60-*q_*UwG=HS3HCGyjR=O~`7g=rYRx#lA?kO*S~4>SHm6v%*D z5W5lz!T-fk#oMigs5F6=Kmv%&XHUOhTY{WP0f^q&iwDEDug|pbFvUa_EUX(L8h)JB z(@}no_1?UKPjE?(!H#?f@hwQu1c!U{RtL~6TVH9#0^yR9+EzUb?_M8%A4$HUNkkVu z%Vmzu8y!ziz}k6{I>14%J)h3pVBrT&6&JO%u05mEuw%I;eN_sIMS|?Yv@Z0MdE-Y{ zGGW|_jO*d^m%O_Sp+&u(%(Gn}B!rV3txwQ)!3A^Uf#4Ws7c>X-&{dwqoVPpFNgYe9 ztcQcLcK+=?P`a=J*;x;m7*#qtnLJ=I3{UnbXkkY*XatI;z0+r*ELVY9YKQL=Pz!+^ zAB50NGh#sPL>?r(-t(%bxYyyXjq|Tyd}cK3!|KeUp80N7QM_Dq=W4Bx$0@figMhRQ z%eUd@I|D(XY?cvpS@Dfi-FSee{!#$>GVk+0!}=Un9Bst~P~<;iPE%EXqE7X1R4Sb6 z6mPO&kBk2K8E?M!+=PPWK0B`y!)e~v8`>+xGp`(?k-{H*UvlkOuNkA2UI5O*wS^)R z3Bbu->$pIjhPDZN{f59|27SV9lN9qcw}ib}hN|o|YwVj(Uif{kUfdS`dq;BW!h-3e zQ^xCzqc1WtB&2=>Z`8@&Lm@%P7!)S!NC5y6mQe5y00P!w@R2}7ddT(B13V9stsc(u zK`n-E_d%aroWT#GI!_*uaJ&~gg#LR3z+d6yY!5u5(b?VI1{kv&WH1|I)Cy8j_7B(& zAR`PgO+0$~^v7qpjhk#5cF)%$woH-XGeYx&IV>87cX#fgBtUeTnN~>NG@ajRg857& z6dIQT?uH%GW#sLgN#WS0^9M2m{O#;CTFmZxw;$qj5%D4V!=E(YOf; z6I)Dk^$Gx;^PdfMe{j08L#FCCbd< zDv`Pn1jy^=L425b5FuoOb~YEvM0{DG1ISo5IfQUk35aA*+UA3E5i+*X+9 zE`R}oHBdg0R`JqC{*;f$w>Cb%2tajz0%7%WT3Q-+QIqnx5Qx8W*fLiEHywS`|KBWc zD}e59ojRSUA@=3FvFmZOguc};*kaqUYb`v^am)7$+gifHePHi^pNI0s%4|3s){WQ8 zkkuxF!VpE6>;m2ss2aJc-2S&iJ_#jlLJu4Yg~LlYL@r*rq5&m4u=j5Le2WFrCLiM8 zLA}*s;5#U9JSn1g3ZmJ7wxI@6dDMfz2GUsP1@(HPRJQ^R+!)7&guE0i5%>s61<->e zO%nC|!xvT|+wmi)GN4_HJze8D5mQ(8zQYn2G$_RgUka1Y{c|`n&b_`#B^qgr+5;s2P(iEau89ER#A5nqgFXKVsyv zo>~R6D~hfHvzlAn<49Z`DwL`M*!qwYQuU#O1^Gomo`JEc>WJ2eVZp}8u)1J|STFC$ zW{_oZvlDUQtH8&Lgxkim;^dKXStSyMp24%fPc0o|P^xT~_$}_7Q*N%jh?S|rtBKoG z;Z)oUCCyJ7a=p$ECJRqpiIiq@`dHyws@q)Pv4By>rZ-nSBOPH5@EW{x*yq%~gCR;m zvg3^Peu*g^e=@6qRl`p7^`~fN-xzgYPRPA4x(`SB6GN38epr_5p$&e)T~ZPw`8AJl zp)G5hiT0_ga2%pkDx?5)O8eEX|M(qMQr9B@$s)MVM)e44z+@We+y;eG3=?Mqk3z!* zrF$EQ4sStR8X7DEB%`LU&kSjkQSklSK&CI~Qjk;#o;Na%Fyvbb2#2$E3?v`T;BL^o zQUzTfnWFZtIC`=~PtFj9hQW#Y|AwD|07o4*A1n_sP}abmh}s1xSq1YCDV`fQAb45> zBESpviplu{;*~{TIU@Lbpl}UCrX9$r#Hg58-q2~Nh7IvS>VH60rlWMA4;fHF;w&{1 zI07l;ARk|Mu6sAA(x8b${zL$b$Nu&L9z7$hg^B)RK4f3S!?Pb$nY|{rpfhrza(So8 z2fheM&5B+NYDoB$piZMgqi*0XCd+v+K&1+m-8(3vZ<+r*2XChZtV@sp2_=C+7mOSV z;DSd@6TFrctnG-qGpjD>D}a+D=*{1naDt^-^(`tic7;7r3Np$S6M&0Bx^w{b=xA4h z;Q$(rL6+KEs0}awD*`ZD1%fh*I(!swLK%rfB0Y6p_YhkKDp4fqgV%)lX$)*O5N(>B zrT+WBit+C*d%fd-sQ`{&cenRuc-`2nOEW)9EtI)8ot8l{lrfC{3Rj50W>L;#OP+LVrU5>qY7>z=<~Bg^e5&BoezqMQeAbaWJj*MUdIK>)a2 zd?<#R^GE(!f5{5t)og8hAN0yP9@out*)3)X^JKw?`T419A+h|S3$y4{^yW% z&ibmyYcp7alo^B4?zL(Caw%4N8McQXnX7(pMjdL+Rymz7xH#ImLR4~$BdMj6Q}2J& zWv9(_KVs`hSHVY-Y!>OU7&JESDWCB7#QO&_jOfoD`xdSy;mUC4_jskwtA2+RiM2m1 z(+gu_`Ol-fL`mlZND9o-0=E2uEiZMkP3!Mn2bD;R33%V=wIc5?HEUuSsR0frJ%<=C zXg)NZR@+P%e7&X^BYFAPFn!}cIkkpI#a~Y2%p$rCyvjI@N87qxsvrO_4MtSdCy3O) zwpRCVN;^IGvvi9rU)0K7PAbNfew+Q}olRR~r<_3O%oFx6*t+PDs^=BGP$iodQOXv? zDam~Ahs>H)l5E<2?y+UvHIL{0R1!Fr2*ni3ZZ*rmVjY$?vl&f^i#Fv@Q7Ei_zk~4y zU$m~m!--7(oZVJ5}%%tkEVK8j%ExSQ+|h%rQ#a+|fi zlWI3_<|WZFxDJE<9WIK9y9IFb1NXlGgp#^!7suL6+U`kg3>!1Sb*dvUv1PB8BKo5U z-Ci(g9|I5yg&el~#HVq5{vo_%ms|0oO4+S0u8{BZ*KCG^2AfO-#T!_SNqmCg=F9)A z0)dLT45h%~;bo$~*|9N_Q}*QCe)8^Fb~*{KD{VLIO!V=sDPsKTNha6(c0x+iWoO(m z4k_b=01;9|C1qf?;;S*VK4bG(pf|Tu^J~E1#oBC3L;4YE*Onfu+Zr)-Ddlyc{I23& z+dSHS!WkhV)xpxN>}<(v?~ykiY%Yq^W!+6;^0;+t?LfaI14Ckou%G9vFFYod0m4NN z>Y6svPnsiBGBywHhVUP9)qSQSirv!RK2Gz}gXbJB$$~wCuw217@+n1B@_-)C&vP+h z>gvqu*mL;7pP$VLR8eHn)UEj&3uK4M2 zPW%%XMrY8^_i1Q6 z&nL?ClKO_MgLqD$C25Kyf1D%sIDYe$r?Ok*uQokKfp9jBj5*N{%FGuLITYGJj9J&B zGPwC^1qmvZ^;zV~%^6fW{$q2^#NU46#JkYgz*(E~1!Hn6wINmKcpvVyYPmjFpMdfe zbTr?+TdC!z_nj|~KbYB5;;-HD+IBEK-gfxyg~t}Bd-JD+2_`B<9XRzr)5!mCCD5r9 z#kk?wwstZjt8sJba%$5@-izM3NWR_dK5Qa$bNA}Lr`oxOblFqHoObs8YzHShmWUPI zc!hr$ovaGP|3Z#UL@{wC6av4{?YF}Ms~PGD)*Y(Sucd-@O$NchvDN- zt1DZppRn1Zbl4fnC2d|WX4#Uj>9!^g0(`a4y8v0Yl@a_Dv|zV6N@dh~Sv+$wz4{a3 zd;^|X@VrGRGoHD@2CGB~q>)s;;SiBquScaqx*&Gqy5k9pY}1D3FdoXe%rmsPj{4^* zl7Ib}F;%9ncIlB$4bP~Eh_*|R5O}Oim`s1;%hjJA$WK<(pj~Nx@2bB~y`noj@hj0^ z@ONzck4{Rxu%2eN^3kO6IFW@vZQ-O3hM{VmUoMp{24`4jevw)@oN=S_(_(ehE+vfW%Ec|7iCrR@OM+5P5frVB;-K zQ(@Fj&HnkY;0KmLC5L5Ra{5cQ`3zF!*{@&(g#lez`83|Ay}<}zq<8To=DqH01c%Phro_F#EgLU%LNlRrtp( z9i#E|z>HADv>OsCHSMU}*i=@B%d3>b%0AwJ%K8Ezl*qIQ1~or3pC}=g9lE4p-qQpi z4uE#KmJLc!oecg&j_#y#**8LVQ8oWmaGOdKc+ON9 z5ZX0CA9t~&vzna=cb_cL@vxw9;?5fBz?79Rx2CArZC%N&mI7Ud)2vO`c>SO5eb{k? zMYmP=&&l=~{kUtwn+h%8ip%~|$ZzaSqRE&iIs+!l-&5ban&@4Q%M$2(5jS`!PPLon zxMaEkM?rMtV`C~CLfwU%4?>!>!Zx(ooHGCHjnglzc~pHj%z6}0ED`FvoBFqlw5}al zH?=|BiDKit++~E5eQWe;VJv;LB>{`~SiQ)Q{;Ve`?B6}s0Vnlqf*&M?aBPHh3k~%P zks?fnX}TPVIa7WuP2uMSO&Hz(#Gs zS2Z2&gR7Uck7+K~;}~!~mC(F|p>iJ9M=qFFA>}ASe>`I>g722Rf=nA#5io0c9@nq__w*DRS>t~Uy=0E;( z_}os+TG4i~l1LHu#-{!0HB!9mq(Myk5g$>S{to^nTH2Baeq5d_UYOrC+u5QAd{5mt zgU=ule#-v)^@g}@35^Rkj zOyMoHY}pK%-naWfQpFUab_BX`@_4)UkaSx0F^$3)VgUctIwrbymb{I}?&gAZ2LR z78g+a(}#%2U9fOe?K5iJCFsoC{JQ=6IT5=n#S_NophPNCE!>vW8^(m%5iG1TFqS_B z|7K?R(&`qs?OJ^ARm17*3<}R4{Bd{9_h3aPNa$_0JTEib%>EvKsuL94(2YFVpjdwi zRX4iCz`p{}5Uov7P^KV7HM0C5tdZQWH>Zc>UbgdJdbVxAX5Q+v?t3uyC@6EmZHyiR z8O|PWg#7rF4&E?J$~X~w^MQU`5blLsPyef#XI1;g9zYkm1~&_;z%K@QkohHxRojdn z=mZlD` zsLK@|J&T0Y^Xh)b!v##^C=^L&yALjQ!M=7@?s-J9g{?|pPr%ZC6c_BoxQUFax~ zFA&0#0EfwhnGHfMf%AzBRFGW<%+HXG6Vy1!<;Fky!_xFX&`GP~Wo)_|T93QU?aL}( zbmOAqUiiTt)Umw-xGT)CGs}Pdz|D_MZd{;>ATDXp9Wlg&{`Jn5Jh2{BNZ3mXQwsBA z=bV=wyBV^tiEI z0LlHTZ4FM+hbJGCb>*~9>sirWx{Qs;Pwo0QyC?omlbnq6rpz`0OHfzD60my+SOIFEt=gA?2T1jj zN^{fG(}DsY=p&omN=a{DQL~aLn8a2ZHhgc-$q|}cpI@BES~jo0-;FAckC}|nQ*~Cl zXl?r^oQ)s9yI^{bb?E8I3I4KvgckxI9V~d5L9zN6Bmppj6p)qWgsu=U+y4yC0G0!E z9Se|&6yck`QVJ*Iv-Km^2i4eh(r41>f2!kT>x)}3a4ya_xhkm`gQ4_L0zu9c|MsDi zZ#y-ob@WT9uHm;)D9AJ4$M5YAPHq+a)5gnLde2|V+RV`Yr=QYb_wO-rAS8^vGk^2v z|94{bz=`E||B%_G^e+z9?E+VEa-q|OCVOp&bd5xwzl04Y;`txs3n3BK7vt?qP}7#8GR|c zhkvt{;eDn|7sBztcse#LGC%pCXe5KEipFDy^FqCmyA98?ba)07_OmX~Kfr}wd5>rH zxQM?J5Ed0cU8Hy}cM8)WAZ##5I@ebtNTk)Ho=*Lgt3MJeG?#zOL3cSu$lZg4W7Vb3 z%QzMKS%rAuO;l#FXu0;ypj?b+%JP%dqrwhHOdb{N*~%+-wLQFtjFXJJoG&|I7ht4| z`)WHPTLFbdNwai_oEgygC( z`+B_eDW36RDB+yR!-*QUs6YD>>3b+CAW`Ce7s0u3X(D6mh{J5$ z-qNKe&eTdhV(E<&lA>P^5ty?~=@k{jJ4pBbe}&Gr;=K9h?nbko$8`dgl`ffE)KD>< z@}lMof6<5Ir4Ph-wE0BmFT_dAhzwZ9kxw(QM%&F#(b5of-{E_+TQ$mbhW3`J(cF~{UK2_tkA`z8O4!#elpIxQOBASG< z#`zmljcVP@jc`ymJLY*J?B0i&(s+D-hT*zN#VQ$H! z{8{8;iFEn!m?9N5>Z-#E3$9_?jRvLw z+IXu<$4D!C`CU-%=rZG1E?!|sCbw5TXg*@WYQr&}F=1ptFtD~VdCzFnMbDM8-_I}A z`VyT?=YeukI#Zt}@v;4m*QkXPn=u}HT%DV3?ih=G4t3?{wR!ghxjt_q8*2^W4RI%1 zd#;J}LW7WEoLHx;@FZmVc=7#fv?aOPY^BA`I35XqfvfxQ;|4wV4&_M_#`%62WeR`B zQ_p57B~OSOV?FTx$!iL7=NGKggG_a82??Kl)4#IhNz}8i1*2|w+k=`91X485c4 zjx8<|>uk0zyfK?wkx23VGpm)=#ZTwl{ED99Yx~)3i&K9(CW2RoAbq^Evi~Jzj3z9D zoiQ%2kQ5bbcXz2j;pTU}yCUD-sYPEl+De!*k_bv>IC!|*c_w`8O~_$($*+Q8ME!y& z{PxQY6En?%KowjaeUDO}V#KE~gA-QmU(6l6MK=G43goGTos_+<7ne7YE3E&(fhm@% zUyf^5z&Y7C;5839h`rmCqXjOF?<0D${l4+c^Dkd>arKaO__tpBJjRfM2Uilyj`b>+jIQ*#r4}@s zD0Y1QlJ&HwL#AqKoPzf?wp*Ui&?anO9dy_)%6lh8C30;LWKhQd{>Pkl8aNF$4+7u? z|Df*wK;Y`1kGPR39#CFkX>dXi)a5u1?|dDT(uU&TM`3K@0vHHR=0KcW%zti$U>Ihi z(ipqST6P2+gs+@&`Ob;?SZbp=13pa9^!0u?SVd-WQ3bYvdRo4BYTx>GA~7B?=mv7XA)^yrG$*^O^ECfS=l5r zduQ+GeE0i4$Mf9B{m*^W&2@b~?{S{5^EEED2D)b+edfox|FOQh<9c?SNkL~LUr!F5 zj>WQ;|BEFWjt!8ioW}~bPhxJ)3hy&u|z4|PK8Me`Q7zzux>5h z3`6@|$t7A0U7P_1nMS+B1YC2<_`bI^;wL+V`!Djz#u8@jjb~tA-`nxG!~W*fQfz7X zfyHDK3r0(llZXAdRq#TZ0K-G_RCk8{q83$)H>+)K3+}T@OFUOzJ`wwAvld*-$$buz zhBbdaY7v@&2Yq+-bFh`m&#^M5*OWFT)9cG`M<cVsstWF}5ZqpdN#zwdH+j22C5Ds{lJPw)(C!T9* z8i~x*=eCt!h`T~^dU1C^ch<<)z%~60_Mq%`ba?5Jhdxlf08SvpAVUshu&El$--v=1 z5glU17234vTU~yHo=Uc?>%-MU zpGamLjT7qnV=gnP=u^^g`qEZrU6%FqVQYNLgd;LKy(usMbbb~}-}HN>xe79~CGVQQ z>gj$x%D~ma3O<-DLUt%1yAb(5Ta}fcGrX4jiv+Ibgjb?z-LQq_Iyypy?P~bfv{ucc z3+z*GByr(I2c&+*3TH0Ka9^QbXFQwU$TYgQdT?+6#~dT*ewsm5sJ`&+`+i5*Uqy=# zx-#Jl`)AX>|`?8bNg6v&D`7VjUeU`aR!JDpE%k67Or&a77n9nBG|*Nbcvvrs7+eB@O0t z(aPi~d2gMs<_N{w^qSm0Oa2*R)G;5esk|`_>APAl_}D0K<11vyzJ5o`Y`L7Zeet+L z-cem>CiB~CKWSyATcpouU*r)_mB{KavrWrt1oX68pV1V$I2yEIr6-f%dDSfUy9;^x z^*-e(rR=7OYAXxEv&+n>S4^?LFX9bZ9Cf@Zp}osDmmGd9kQv8mRHHqHEeTl*{G-#D z);5+DuT=bBmBa2Svg6r9u~f4(`GmD-QLgs?ruKUcrm~_Nwr-Q=hI;b#GMdXxaVIY& zrIUh}1Ypo;{)&tlip{bQiMbtf`K^?O_LR~ViZZQC9S+P2N?POaP;MVWh>jd4Dz+E< zUQ6=b;wCK2d|sZ`IZ1@!40}EwbuTOaXJpGKO1jNIA0=^~G2BD)K=;-cdw+3cYb{RER2x z#z!#sEdVc1JIdExsnS|oR@i<5J&4|NIgQw#FwK4fB2#Y|u5^1L>LxnmVal}zCZe1P z8vr`pgz?!zf6jAoAT1>IQ5TZW>eP;HjJIFNRCW6Ak4Av6*aha2(Yr)q+G8b?&-*{I zbzd1uDU^22isItpT7$9tB$#6=044_p&d&k^aY1DH{*)d(JrFyD0dIf-1IAC%?|hq` z9V!g2dIP%!Wof{X_6FFk0Ff&)oYT7|OYm;-R7|>4?{6>3PtrxhvJHIS7IP~QZwav% zV6Cz~{23{m^fD$e-0VI!_#&P(a)boie;f?rJfeF;$B^^K3|8}}&dh5w>IUlhk?ccm z21C}?JChmS=3*vaU9dV73Oim&zcaavcSRp!p1|dqN%@5Gn(h!izW1+XH%ghA*^ux@ z@(PL{h+RSj?@V5olVnpSe?pjg*-?9h$(8Fo=T}u_MSW61jbZjn?u!|2q|v_>ex5pi z^7%=Y8D&1DNHH-^aY->UsitL3hGca*!~_*2u-UiPVyXIRmZ=v zOUxGQ|7DJRZa2Hhl^jOpkOngaMvG`Tipm_e#waqMkF+T?c$cDHg!bBrc~8sBCE32X z*3SqXMXyI@E7g#mVXEFuloQ?9dA(qvdDj={I(j7?fP6(;-OsYUYpDMp_jqfhIeGNT z>r%snhv1zFPK{6+5dhBzsl`0R8~=CJ=E7CW^l&q}J*Aq4s<9_M#yvkefF(1iEL!$c zWO-)f#U$?Wh08U}c&iq%1!88L;-rgfvn>sWE;Ly6qJ-@IM&&F}SpGubu;;JY*u|pHzc2C0G*qL_g5el}nub&|h$ddNA)j zIsZ%ZDJz&snkEWduMR%|dwA=hE!6$MxRYgiw*Sh{(nmKrSG*W5{5(^5_b5R>Qm&?i zpBhIO3qB1^uZk8t(wB6Hyw;6_YWZ@Dq}RrVK*4kjtQchV156rlobie2oXo~%#iX*B z9{NCLiNwj_2J3Q2=2uz#`^@IE&%M{h(7qoa!vQhs$qlP<(m)Ac?85(+t{7tc`_)xZD}JpHiV48cTPa zmLsuOLjweD&*<1FYVM>QtA*zNzzsQcZ7hh|vo2iyjv?ckYa^tD{dHYx1Ilo-jyO@) zj~vq{a~LDBC@22vA>}edZ-uHtS-0bq%;b!c*uQ%^R-AnA8dpmzc`xcNhbhm!A?3bE(7&U>%ZzP8$N>Wi+dN`oK4R)H4GBC0HtlC|p{vSD9nySj~ zB$+*gy7MuX@Mo((7oOvSxrjS%N_vvHE^`9M%gpfm6Z(SZdB0G1T}^iD>iYsij)A~T zIB0_kCG{NrTWvRb_4>;bI9BiKd1+`8x6lZ1A0(5#hC>UHQ!&QCumCfNpnmrBN!C2o zafP&M32M>-91%&Jjt0!LrF{EnzWEk0-Sc6jzqd5Ltj}*(b8Yl%GvBdPKg$-O_?v|! zOp}_7fA+bjl#?W1IesVsn4NqmLw&bYzbM^5ijz}q>$!4i2zj7}>Bc2v zSsd5G*)$i7OTd+nHLt0sLtly{yK_?dby$7-QMio_5Ya0+uU?Z5~|)*;B>NKB?B)o8~m<0+k8_{>GJhatrNmo%K`{>EX*#2^|cH?x>xIaDlN zI|0HALboqgkto;R z&1sJG{#)uxw?3!MUVg2#^-6dRFeJAl0_p#|5d|hIwxw+!>CimEGMvua`h55Nnr`&@ zn+*J%@%Id6I(tIXr*w2(4X|-_Q9+8L9TKn2v7;#$g3o^B7)ml{Q@w(>Z*H6sE)>kG zeFw*czgeRsV{R?=UUYnh`(G}zSMf3BVA#&yMT!Bh%(d_KuC?CkLDbQ|i!I(W>E6H? zD%6YoSqrg|VhP8s&>8wGwkf0&lSlpWo$4R0S!P!8?>}ZABR$MBAxkl~gHRgAkH!k6R0>?8K{}_ue_wa?YTh%kZ z8Jya6*%lk3{Xx(3Tk`&wSI-CjWU+@Y{_Uf>^lVW{#^Btc7Jl!o_vf=@{7ot#*tPYW zLh7P1e&zX2&XwRO5kBfRij#DV&~HlDV{!i5URauUiY#eKo5@^jy9+p({I7^lx8fE| zikYXLG0T=dG&r|I@iB!$vnR+;o-61>S`2Uiy7Za6a&9A2WTgAFdSakM|PP>Tx z#yzX^SyY{fO=>I0$RI$-C(fM)8bbiy-E&=T*M?WEPR73$nUYXHn6E zNxpG3e<5B<8kvGcvzmp2u1qq=!PBrn#Vu0)`xboxuZd5E5jql|O7<7ZI-@7i)w+Mz z?R$(U4Z%1Yqdv%@XrFPA_=Zw56HwImyiE_ZGR^5L_Ip&`SoQ-fUR@^-Gx{Y z;jJp~8Gh=`pOUn9f3~#*;ua=8dl^rRzwc?v)H|U_|2S;p{?4AnRvI?Iv#;ofjODtg zH*?6>JWa_<9qL@;EO>F)P29pT^H@ttS0=7}hwR5q&VQ4B>U8_B=*wU|S~jnyf0Oq< z$Ka>o_W8f%P-UIOKw%vjZQYAD62hsPwPW`xa~0?BP`@6ey6y7OJgXH~^s7`RZGM+% z!un!PE>m{08S6cT%OB7GWVaA>=#7=-xY52Vo#3yD9g(>{^Yu8K>+Zu~oKU->QaT8? zU*5O-he;iuha$w!?vX*~g;;8Z*ftz31|4(4d))hxnYSPPmMU!p56%ExvX{9c@mSq> zj@zOo#(JSWnvn(^bT-sDFM*{D`t&!Dkq5d6C_+)ZmujUaRLJ%_s!B?=KskK{mJPgX(0_%}mFjWQ0G=e1_3>D%dn*g9_Us(p8KP7aevLIXqhzLn`z|YkTnErPm zoe21#O0AfJPQ*1w)Ty*It#@+>B9z^!d9mlC+>>2F-09jEyiDpjXvF z?%ectC2+~WR?AfV75Dw7a8bRRx^zD65q8jXQCJ2p~!J7zu5>OPNiX0S<`KvD=a1q24 zI2hzJfascDFG0vbJTWoxd1(n)J*X=GY&8lFGa##|+fN4D9b{&Xg8{V<;zAN>(K)BW z??O3;h&2pCEfjExII@)<0x*i4VK?sVoCW856srkZdqm^{j;SN?o|k|S3sTTpAfHK& z3Y(vmh+6v!QYQfZzPdriRIkpHkdUHvG4MSQvL8W=(Fj3_rkx9d*2q&SSt*h|9VWVn z{z*dOw7X{VV6^f)$kf@p#~Wr;&=n*4DFkSw zM#MMlK8EhM3uwFu%zVndf;NbdTnNkrI;ESDGF=84W+RI^AwpiD z3&Tn`UY~3nEU|k#J#h*6$j~4ndOxrhUjPTZ$fFFtu{`hhYIPuABi%E6-yU%wb#^R^ zHiM)D)Ekj9S<%U=qV3*t&&W#NgpVq>=|=~AFXW=Z%6)jJcGY?NGE*pFd5#N-d7lS= zLI-hnM1YH~e;$uU67F~NZB7CY3&Fd((LraiZ=#KC`lRC*Qaq9zEKVimJSlx)X>CKR zwwc`E^CPT7gMk0;R?uKxWsX+tToY3=W$Sl0;ZX%_Np1Bx{Ox=5yc%bXysKMWly+zT z;0+<0BhbZ;yNIFpU=S|2d0o_kH zyj`%v{Kp{%IU8c-s;cIUvv_JRXY(NPX9D6Z;31*2#5ms+f84BD}qpuIzRv26+e)KyAKN^`#}gkk8d zS!Ai!b6gFZsC3V6*8z?y_LF6x#yf3{0cFqRy*4c0?`>_jz}%)Q@dh4BDg<6UGA=?a zSo0Q2gDUT#Wb@Ng`*0M^jg$)jzeQ~}0KQ6W2VSq3ZTKvxX4XLz1|;u`5Vz*Dzlow9 zAtnKhpkZg30D<^Hwhr=TM3O7S)xB_m1WW_b_dv%)t-Ja#2#A1gT80N~sCNQZWGLqE z$0}?a6ObdJ!v#4E!QkPmPm{=FFik9L4@N^*VD@$|j{U#smcZS=20d}dX~H@#!2o?dMCS`AmQem3yktFF zZgh~^S0A~tCq5`fhiOPiGPshJ!G#1n!U1VeyILo^5Y>0Nhe3KxY*-u07sC2* z9-=J0vYbv$O-*!z!(m$Bd*oROnK_`-c(Za3gT^F~R{g5*LAqt>uXXs_iLeXpojF-p z@L-Iy3tAkM&l}-23fb)Ncy2&Rc4c-#e6`Yy_!5|^g2(PpmJ1roCElMa-xY9Em6s%a z(+?Ro8 z1Hw%&&-Kt`k#GhW8=k1UF}`7VVBum`xNx(IQazhe5EsYPl!)4Ke85h5tY(fyD!=Ym zk}~H=t5FPtJXZfo6s;)JE{xDpo+JgH<^RnX`%R1bV$|ufC6C>8zI`xu0PQ=$V38F$ z1faE0YKM=(wg-E^*Z7j*>s~OJ80mMwKrD_NT*ByzoNU-S^)f3^&U{!K_HfONHx_%r5rA_;1+=&|{sA`Zx= zY^mb?f)WlNT{VZSVmQx1c@(iJ1)B!eZyhkPkR1RjXFv1JP#I!Sb^$G)=@T}~by%q% zyiL`IL9*!t0^zS8_u$M6g<9YeydgMTn_5Y8&Z2AHsX(Sv$3L!+y zgEDyZS@1ueIULCg9>1vY@|MQu=tXi`#qt`NwO@wxU6d)AxMvYE-}TPmd9VVZwI&XZ z*g)5WGWOet=(!iRl>z8B(Q0n zE1DqZ66vBacgjz|I2R@e_aQX|c``uyElPugLFPIfiBsjX@hty#c_ZwK!4q-@u_th4 z#Yy`yf{P}~uLH|RO;}|p{28qNp0Hi}1GN~qBcKp&I1|vdUa<|!O*KK%eT^CFC1gMk z)PY*?Acxh5%qXHSL}@B%!F&%&^2nd|3tn)jG{T!1Iw1$vFZy-jk8kh6ArE>&^xduE zJ(^IcB}{coX2(EYPC-NS6e-Fek{FX~n+gi7@8)k&fXWM|MjPHLlrDpk0AnO|flLX; z3gBo-0RwF$g@bAbc{zig&J;jI;Io;89E08LwY6SQv4idnqD_$Z02Ij~AaAdMa}8z} z^`M^T18b32aTHlIkZTN591>6#TS<$97!SOa!;y8wwQCem-2a;{Q&9y~A1yn$&!@f} ztStGp><&s%y_!sjJ7Y)R_Q-Q@_9ngitke3UDVZ6@WgJ)d^G0v#l zgwE?Ch@9ZGMs*oXSz5{5;8I2r%j*zRQfNnOMgu@Qis*thlIEy z`1a+~G#N)4H|s9RNWzyuiHER0{)I1EArZCz6$tc$QL74|q2#5%mT954$#8%xKMehx z;$korgboWTt>^F}2+)ZGzPQ}K?`2`Lo`NSeIV#h@hYd>35O|Tb5L^Iz3JP^-xKL`$6L;7X#zko~1xb`)S!d_V9 z(5YqjPy9mJS&-%eJZckIen`;=D+5w}YafgQjZF6beMYFsEEntm??Um0q-`KUtOr53 zBe<`kG#pS)!Vzt`k)N1|fuDQj;26xd2Ti_0{t?dwcW9KLMlG|chPhMR<<~rTDHfi@ z{1iIP4#iw|(zdVarTSA(M}_&m#O0NHFT!UxirLNKuQwmr=V$a4{r$ruvlr1@*3vH&OYmGd;bwN!B)4XU|1;I( zTgBq%CC{cN-~3h-?fAvrp@s2mGEY z$ykWbhCN+zdDo;E24Pdc$NW6r2P2dEKpHqR(2};ZLKZ6}w!t8dFGJ|qN2rL>A z-5}r27wmvOAJ86u;2T5t{b4W)DZf`rhD=95u}cR?1Vk#KjB@C(EvX50bvmG}*@a4T z+Kmy#slyx;>B8L@QFZ~64#F(20zc`+qHdP%8HhBHt@b^F{apZ&X9x^|XAhfir8#$q0@pKLL}|C^r|@0?N$=qzBNgWT=PIA=91FYl#nnzRyS>ZASim z4?jX44h0Bl%?G#b|3w{VM~s2z0~q;(#g|CD$IN+$%{nv#0=F@{Tueb&n_-r9Odsnf zvBJVgtUTXDhBY~xsgby&ES#8 z-qJE~Cxk#!`cSZK>^LQOJ|r4WxKE(aCpAcp&w|Sx$%%nWwhm$G@1=y{Yzv3J8%`c1 zKSQ1c5{GN`pI5=y|EZ`pnkynu5GWWBh6j4naReAcU={p z&^4cZm%=1amGcqPV!#B*a;M<^0bGqdyCzX-7Xk>TI^hTWtn_f+t}5JycZ~<2RXwcV zYv6ndVIHTT2n2~}5D{rfSlb1h5O_63nC~b{79uB0A1LTipDrnYm>}3oVffO>q8#*j zXF&Tbhp((gi16}*d^uX zcTu(#Q&L_(hMT%z9NmB@tWRFRe6tZqCMeSG6A1X)?6MtU_Va;r|+rsYw*23r3`>XIX$u1AgGFSt5MMFBX95_jU2A>Et|2SzqElajAa7AI0LtllhyO^P(>r=}I1TYz# zkecB{TmvIughG85{Q}6y;iAzAN^VA$1khk4rl+5VZ-uzrP)dzM$pP3wAqKn$$RLBv zB*U4dr>5I!+`=y5HnZ&K$V9O=jezsqemXJJ4MA->pQBEDK0nK;8(_$gpsPA~?NoH5 zk3a6b92ZO2hx-GMQ}$z$l#?(HV2eGf<}DO^Ce$uEY*dMw^ykm76XeFGiOR0yrGIaj z3vuVC*~yhO5wwncnXKuvF#(Tt{FOd0vxPN3-;mD^ z`|rBgE(Z7HH>Ao!^Dqtp$EZgv0C!NNTZTHvl8TkDh{MRxDJGt_cF~1*DK9kX;K9nBy7M- z;s*RUWaf$*ZqR@?{VyIF?wp?CQOG#|A8{g|7WxWfJXsD%$KH|Pd-1i07HdlDAD11hHJ?$dn5D_6xo?5{rRRNGvY%C2owLJTe!l7=^axn(v{zaJ3}hEP!|;0Y=Hd5m-v2 z!vel~Ef`0jGbhrIz##R8??mvqyL}C?l3OyFlffj3{8y>NKUWe!biP<3e$Bst(~4Co zObtrxgzxpiTM|mA|2t5Sbrd>KK$P&=3;aw^L&YWQ?q1fsT?OkDZiga)3@%JJSem%8 z{{~_Fd|Y&F?EJdH+^^C+e#L9B)Zxt|ddn_` zJcb=&Q^s15rwA`3BIFHNYfL~esMcsHl=T4anAVb48A5gm$`pclbzBV8AY{<^s`}Xa z$3lD?{FO&N4&yk-fX!q4GZt#CB{=s{X!Y^o-k%Bw7)F7ka$zcaDCbN%o;>Xp4h}-N zvdjrOn0b6SA7GN6=u;#a8zjR7HRvCLG$*pm{E=|ES8T`#1+L*Rt{aLpbfw>1U&k z!WaDm-$c`ag)e_0jJo)Mp&irM+>-|(T$5mwX#9l%`ZqY8D{>ONf5Aj))P3pAhF!&L{2<47_|*39~~|Noun;6cPbhk018I^azD6z`b*wp)04~Ps;z&-?WYPd6y)x z6tb|mmy_mQ(=zu9O4)*{kNg(Ii}&~h)}i__?Y#p?HT0!LS`xxAnt_YSg`~IK;3|Ru zA#59ifhdk7;78fR)m%leQ*`=LF4)S!R^9o&m%9Ht!C{hVy$DXA>ry9&&R;%nOj&nz z;M}<^29&hlO@E*_sYUKR2sQ(5XZEj+<5{ki6ex&1tZs-|s zv*kmoWHh`@VM6xT1inDbt@tVa{2?5eF!l><84wtTn&*2*5X@(@3x};y5Gsryik6T-Y%#@sNgG7COeL5841_EG&P5?3q zQo_cS-xX?68uE>|!Cv8BW3kg1tWIipyg52d>$G*CN?(Gw;$c*f$~1#-?JagafnvhO zaYDzE;rHaDa1Af;UN~GsBLxtL5bI)#`l_U6e26@^XAD8I*fb-{OjX z#;{lStFL&rB^oVc#=RxC>SGw#EzFvX6iyA94@5F(HHNz_jDIe?{*mYQkh}KtC*d

kbEpzff17NfXeOLma*p0&6&nd6+Z9>UpBn5 z)__iNM}$Hmn*a=aQ+rRm_`&S7pO4PJ6;CiR(~*6a1GPUwEuA9(o4JK+GwF;jD7fPY zF(`imuH=}&@4Ac6omRoOtxd~%fS5FL=yXXydM-Dvw#3*P(rZG;Ra(xCJKfvl3FGQ{ zda%mkv#A3lO-Wd>kKp!}1GI2MII}QRW#_uwYI046Xi6Pe1+ib0?d@}k94P`S;pQa> z!;=9h=l7F8dvIU!YmdvOuutLVyeMyF8VPs(1MT_0O;Sc{oPcxse)*%us4Yv4*Wby0 z9hQa0*6CnU_+t~HzJp3saBKMui^2#!QQO<{Nx}W(;cJ z{N=YA3Nvk8h}W$PDohM)Q_5|-t8I6M`up2}Q7$7@t20p+iW!;O=}T^W8r=6~N0`iy z&&j39;TKux&6*};G*s*zg%D2fZE2ADr?04E1vHFtuCpf@ac)pu9@E~u*Ep*gu$jbJ zuKdnmbL@o^C}Pe08hkY3O63!PUrRGM9;9*T1G9X3vXJ@5@|cD}*;@-&-`v;rCg*yc zLMOYxaQUE+c=UO70#phB6sAt;YH9|6{Y`<7JxqhNY7GIG0%Yx4f)pEDuo=0}z{iP5CYvj4Rt#TiV;N<13`Iizh#O2!&zy z6Mo+lNYn{BdoX@PICUQyda!pyQ00Zy1i#}Uot%pu6Tq8x+olNcUEiDOOyE6}7%$=! zh>rmU@7?N9yBH3$wgVYmiKF=V)$k4f2d`!>-v(d6JklAMl8)WVXg!x1FH7AL|T zxH>fxunBc+Ep>ERk}4}lQtp_r9zBDx<+GpjAEo_9UEEH-&D;dc45hkT6n-2`OR`tN z-h-KqR}c=Y<7T^Y6Tg4*gN~z@jD^TmDr!c632f0$sp-mu7IX(NeToNl(wryr;jcURK84V;-vo&_q4hz!8Bh zCJd55^7@tG3q*L;(TirX>TNGg9?%U9>Iz+59DpiRK%OhzR^_}v*yRPx0pQLJ-xJ=&(0-7HyDmy9A z9aX@A45R;gfNx>^ipH`(wl|AU#Yj8i6B2&tXR5Ld7FJAX zY||$NJHJhIqX+iwEIUZG=NNR(;-sojpOw=L0|+yez3CmTilA+!FyDJyCDXPoc{85S zP^AY2x72#=mg=IDINNbAg#`v@x=>h>2~qDt46DIqWlxYR5B8+8QB~MPP z-R!#Fv?osg@sgUVvyc*1+V<{8mmCeTg0)qdtf1>mYtB!vQmJKYCKnTb`N$qscEm=+ zU{`P|o=|nGvGKxPYXk1?+60CUJnnd+4TVVQiSU|G0=gRIViotCZrAT@`57+;npEig z_I*am>)GzjNx~YZJKpg-DK$PCcNXv_+b;Q4Vn+xiv(}AN$9}+6=)eSl2;fBjrluxb zBQR?eO?t&Tbi=+gHIxdki>dz}4TurWnt#-OmHE?5| zyf4hn?bzHYxbjKr-0f37#~TSDz+0*->XiERz+O@(ipH`A$6JK)^px42R`+B0D({c7 z!@|M>C4;HRQmf)U7c!nq+JGanV>82J!J=~LY8)?JlLFJ(z_Ffhj=h=+8Dq1*N#K|Y z0?yC7ooX;|K$%85SZuAj?_a7iP=!TYT`=W6e9)WgGysi}3E-<;)qW=pRgZXR<5l!8 zRCGsARGhE+Fj3LI{yVO?Oqp+-(!E7ZzHR2$d3w9i)d5`VMLpJabrMC+84oj&VN)T- z9dT}|3wV#3G%h)L2S#lSR9wwbv%~-LPWE^qEAJ_&JrU$J;y(4_8U)ZmStJIw>J^DM zRahtc7qybmw~D0-=zn7)@n_Rwbe!C*el=i49O zYn+2FmFO6}*w0l8y9hy^N=|GSy`i{!oKy67xM;CKw&%wvNNsCxJ-}6>qTgmsU0Z}{ z+v$>$5=?&b@ChhFDMT-d`Ws|rXJ=#tK-0tk*7xLneSP?$PiuJFHK!Wxm+fEf(w_Kp zM)>bkIX;9w-_AM23Cm^atk?r*-o9|o^X9$LGO4+4fEYe z>xG*~@M=xfHWkvJKEDWb@+KXR~nD$9M2$IjN)7{V@tV8DY$p~Ml2gVH_T z4mL+Z00nvLmO(Bk85WDh#iGC-?2)BcsWF4S;NyfzLbf49b zo>%RMhB6qqPrSFw4S-dSC?|(2kE??q9vMN&Cg6Q;dgtDQ@TUXOZdVMy3SP$L{_HFZ zTg;S_wH^{|h3g-mtj>y(Ygpokq@ET^frRR(jnwu9f+YHKpQbrI*|q6{-fdr7b#JgI zUG$KoU(=^Z!@4+AhxNZ})=7NSd9Gey>C-jh+b3XQO$fQgqH)e0qWR$9ho*aA22BY= z2_mQ?f&pcygT8Vn${VUgcDUt<`4!q z+7Tcxg%$<<3Qbe{&>zmNC$L|pY!1cjifHIVhQ0@hmgK224TYCS4xEy>Pm9Nk zp5gyKkHK9~j zF49}4mzA`)Us!Q}vxK|MTo+}npLCYP+wt%7ToST|n6GkWgEx~n>Z9`p{fI)%=MS4g z8CMLhG!2k>I!*|z&pyee7%>T64gE#_36E#VwS%dvDI%A*GFS9OeK;%Pga&U!-&b(O zJmuU<7jY-^#{sR<*D(~0zG_R}+Brg=W5pFpnc>riQZFda=1pB=1fXWs1OS?~@=hNz zE^cn5H+2LX)_O1#A_sW>Dgrf$USvIa(>;w2 z_C4GUJoOzO^Be2VD|hn~W2+P{Pi~p!0!fM7_itoE4R8cVyp~JO!5d=@jzo(UpjAdj z_i>yOMb)p4s>_WOYm414+jD&_cI}_8TJGi^4jZ)9thA{W7RhK`%}NWnOec~YfT8q% z=yRWMsD^fY1h1?~jFHh-$fn1mtVyy-aQWhRPIh7D5G(UnD8S&bJT-Q-^4J9EwvNEa zse`Ng)7P(bnORvAuVu*sU^ZU^$21|i)NZ0zkn`dx@fnf1S{-clZX>Vp%1C+A?OX4^ zNOpReiuOz5*zcYI1&RnJJL~||66%-Qp8*48<4f*OU9T|u9Xbu*%<4Ul`pUAsQM@%f z9k=N?;#Ku4(|;y2CUrJ5Cns2-Lj;dZVyz}ZGfBxfE$!0auq<6-#*5^$#>#?tB73y~ zcj^0x2*tEyl!?Pc71)~OwO&iU{ZUYSaX8L{UeaOf+cqgB=hbiVxzjMTAh}xphjI`w z!*TRIfX~gky$9sPr+8!{7{C{fZ?PIWJ4*IpZOTd{?Z~Thb92e6j<@paaR})tuJ7=T z2XXM-lzW>)^XOGk)(fU{53HktCM4a}tn+$gr0kFG<;=wI*qGhyyvgOe(kK2VP*zFj z!Ye`o1t zVwen-2JMHms9UE@rV3=k#0?!YwME% z_=lrc2w3N~mma-z)vgmeGZh@*`TkE$-ZW(>{aVnC73iXcaOxUK(4kS504rIgG()!j89BqRiZ@v>UeSY z^Vdx3PVMHM?DO9J=2@Z~{Jgs8%NLpsse=c!0+y<_R}Zxev>sFz<$^f6?z~kTj;pKd zHL#DjhIt+CAG0fz!$&uE>HtC_bDnA2Yrxq64_3UZU*|3%^9g#lL6d9VyK4;`jKcQx z^l;ia!uYvn?0CC00%x6X-N-GP=0f}0Z_=^f(d)lQI%d{*-OL;fmWDCzdlhDl+Qp$8 zBJF%1{zM91;*vhj$1UO(}ErcVpeSI+>=<>R`}xgurn zq3+{{4<0;u|DLXFGK`yYI0;Sp?n6T3-F#!5N??bq!4X~uW#PY%Rf~V_nb5Dvkti;M zpgCuE0ySBG+)HX|YWZ-}q-bRWCymI8=P@mzMxfh^E==UhPqPL|m@#6)L&Gy~4c+v*_vCjbU@SKdoSLWqvBwhH(LB4wcry2k;uj5pJMnJ z!Ci$YQ=-QYCQf~kf5^d>ncj7gQC43uAh>0{(!`TP?7mKO(6CC*?x_S1eXFRL-GW2O z`K{fGa?!4cP!mIC+*ffzB%ht5o>b2ZjOUV8o+~SPMRhBV{ne@T?o-cirE$iAPB2o57lde@TwpqQ{(#+k?Ug|KOcgi-{Pk zgc0Qy6Qgui5kVgJ1G_RGcI-rV2d}+!7cD+VIxB;i!-)E_4No7P@Rx~EP-fgsoGJtZ z_CQIFj~Ow%2~R)EQ&py&_0kITfUpfm-EFQbJdEJml0mt7AHz|-)E~Y(A^k#^J}nu6*dFRFw*mN#cJ;uOsovI zwzjUhF6f9%K4VENETkk8{X?;vaI(jgo}TV6OD+j+rGaDHHE>s22TID>i9kXO#Bjw4*=DR6;y6@TjqZ@k){TNw7goFF( z-A9nV`RxgvLv)#MMS_e14zQD`2$ZYcM35WD{x{f=v zWDnbLj-Y@RCh@&q(Yns3ZCn8V$TU>I(4`$C(>|YQOr#KSGsx_@<>e;f(+R<%Z-KM+ zSlcQIUKhYR5r+m-4_=B|u^BU+RKwAWVvcuP)O~Tm3IMm?E$Tc6}-*Qpd&|LZkR z_HQ>cdOaxgHS(B_wmfiz#iU_m#B{|zEyt{L&zvaT*7xFDnLn9_B^!4)9SPtvGw}dDl4%s6ZgUY4Im7G`hzvEa$2qTM*AcE@l!Le?@4RI({G#sqwn^445AL=RdgTOMdy;( zcvmv?Zh8VCHNp?FPezww>xOiQUVrk9iYDz7%qo6@8^0>KJ(z4cZvX-O8am3=CuKnW=Q+D#AO;6u1JjtEGbK(6<62ibKNA0btmY%&08BA0L%=nbUBt z4q3%uKxD?2tzW_=D$A--XC`3n7#6hDHQj(yIdWv%H%tk^mAljQEcQNxi8C-`SM(J& z|4!lT8$x;>7p8A5gD_x}$Nx{n>ax7C+OXHV7^q*qnEq}1z|0jqWtYQIN$vptSzo-G zl9KqkoHxt<)|w+q$J14iWcBgv zGaX&sn{X6Hw5`z)IgWpdx)vj&W)p7xI6$XXb@sw90o#hT{Wp|kG+lI*(jw(7IQcH# z*S7xaYa6HJ?_E9P%z{%bQcfAc94AEhIKd#0=+(EVx$%xWx9x&Qi(+<@7;FX-lOzMi8Bt9GWPsv1x?Y3e%55!`pPs_5tc;-(~A498F1jqLqkB0q6^SXAQ+n z%dVrRp!<3z^ymPef0b-sfX!!$$=iKfMMhSvu3RosSNy*mjv1$5}G$(g~ zq8y;B3N?_MSj-maJlI>pVS`<812~739e;d2&$?0y?yCm!<6?t%+r)YJoxuqYp}ojl zCT_`0e0!7c+0y=wTAew%Cw$+p{eHwtLA~gGwn($veARR%81GH-nL6y-224c($*}%w z-F(JH3HK+e<vnl^u+^2+b)7GYfg?MrAH=uZp zUnZe063!Z}+khyu^c0l|RC=7d?|yObB~(IeFJ)mqHoiOcN_gNt)JR35MrDpBS{6ok z?hpcy7`J~OLIMOC;!I_HJSBl{68fJM_^DCl?*a=j_~}yuCuyazR|%zXEmy4t^FCv~ zO))X!-d=M3zm281HS01#j-kkD2V2`fAgypn9{^l>rz=VIp&1M%01C|ey0p0(eiJK%5)4@x z(w(PiBo?-!r56E_2^3xh#wPIP>D|WzkdUZ9Ub*IC&fTWsa}&gZ^mNSJY_vaGTM-wh z#R{CCCFXJ8EG z((80D`N(XS4<|M&0%koqnuF$<++GPlaMMKA|6iV1~Zbyso5d&$#wvd~TV(lkEHxcGiskbWo z%1YN-;#H!g^#@4sNkyDIuIzo9=T%~0ituBYD)JInEIW0FWR#EA)jYlAU=*rOMSm)7$W%|estE*cF!8?PeCg~shsxv&$}61F;_-)879=?VSKKz5{Rg##e(I-p z&YWHveedRSTu5XP^i9aOyhUFG$eS4m>=0P$u$s8{qIjT-6O z;_JWo|3>-qs&K~$0yW6GJXPW7q!)+d$lDQrV=iU~BNLOQ+CM;PY=oI-Z?)H~f zMIWxf<*bSuV{nyl>|k`~y{5_a>(_5!vDBypAo4%_slbGa05gJ^`&YF*Kchq!qMe7J zDi{amp{GD=TvL-g5-WRed>C`VCac^wefI;x*#ldDQVfQqJOn0U<4e-qoGl>K1Ofqz z)$9N&^MrhO3D=9Z;7)S{Clofb3LrfT;N0|Uo)=KGJBB;?X~OYlT6^Fcbo=SKxle&A zetmBU%&4-vIewC?s*{TSJh5A3Q=>d(Hvmid^N`gS5U_MW_)wq^=f_Tw`JOzZ>Oa@v z=Oejn(XaZiemOdXZvegf$%j@n7JM~|E@{(P?&YSLnFHw_u4zpN=M{o&Vu;2Ze?%Q@pj>7t0s5q?dL7XkZH zv!;ThYg~M6k8BC%{_QgbFbIZP7#A?zt0OKwYK}nCrt!ZD{2A4bLllx%TD6sPs-ejl zwb>$&Jly^VKj84}IS z$x$?nBwp5SOft}Rp7(1LJN|^DW(&}(Z@gltOGU82cJ8MD&NKfNygRv_Njmw z{U!Ec>iC7<=NOHo+HOcC@UD&R@2nkWKIsch%-nC7M+6c8&-Y|e8#Q1wlkt5MTQCs6}<){Cy>6O-9`>U2F zPJ~?@XPrI;rk-SWMzKp1q`c-gj$hrhtd=;hqw?g6(A2_2^^C~-627AQQ~#|`N%5*R zYQ1-25^-ckm<{W32S3 z(S=imP{=}hry&K{A&5}k0ml?5THA0ID9NOc9XyV{#UVKme89C#+;f;;Q1Fx@ouCrS zfeaPV)%&WQEe^pBj0~tzkKDg{62jz@2BR#(SCJP@+vh)vyhcnYfjw8wIds zE3}Cu7DFZyI8`X~2_@TIsYJhh)I)@zLvJONTe7!# z?x$oF^C0}Kpu*zCV2r__pu}NTE?(N-&ny)v(XT)6g7gDT_1Ui?mOOz4gwN6nd@>?% zXn)+``%4a7*Z(cIAT723=CNZ>(&Dldn4T#ed;tiv-_t5EhNXuxaW9+Aji93r z$)X4`gd&fg_`e4MKsQh|s{)EmB+9BIa84SO-t>KydJM5rmOeq7-86=_tW z(A#5e&0;0nz@)PXsdeDZ2>UQ?9yguu5SwYD9*g(7iIci}m!J3RFah^E@{)>Jdoa?ZQfHFm?-NA*c^6f#9~g^$k6lDF|RO{ za)N7t_0l;}H({bTY}&1KadUz`0$<~ws*v#0*UT|Wx<}a^5O0GR^VGlO zb(pHBgp`2{jkXoQ6q{SUJR~f|>dUp^Nl#Bd3(p`3&I=(7o(Noa=wgdwZD@npARTai zkOGhZ&qjIC8^)4txJ%znO-@SexmBCe{{@c(4vPcmeoi3T05rqMn*wdr9AI^N4I1qv zzn?38pdLH~`0WI$n#lOB#OLVWEsO>sH0%2O1(B8hj%~)i1F*8gn4KW$xdmjOGtdSF z!4=Si-rGJ-SStCS8OJl*n=BYb-waG+qMk&ig0xrAZQa1*Ta12MLjw~?qlpO_T~3wT zj#I!B*;$xwHwF$Y8fdWS)dkrSegLBvT{`WD+A|G1;r2~{8WQiL^V;npwciroUhMaS z2hRD`IprtN!FO+m7>WlqN9Qo<_T!d3i_lH=McH+!@n@rhrJp1}BDF03T|yHqt*Zp)sc{;;9?<5e=t zNK$NP{>MUR!)h8F4YEuVfV)xF`gXg3-)WHHV?o-c9-!m{D`cvonpJMt8lDOt$+-S( z2HLzwz?ywF%!R7b-#=S_)s|D1cOkL96@6(jI5O!_LD60tJcBHxZBPju z90f*KDv<2Sf?I@v;TwGuPy8Y{%@2fmOCOJX44SV7*NMx#cN!R=DiUBKUHlzva0xF? zcr`+J{9T}jckOP%e-+1;B?$rWK2ywDE3&L%c~awYL@JdRrvB(qJ&i z;pgf>buU{n3AR$_b*H!(xcdaA9xrhGJ8Ez@LcM1vqJ3-bKYH7}8RmqSb$?;q7z$$D zYv|yEau03GGT)uXm;xJY8@NkMXvr^zrd5Y=i9M_PeDC904MZ{TY#@KVqX>bea@uuiKTny@EC+^-V)` z5@7T|d)I3)v!vNiH{ds^SAF$8xQ%vA#jHw;r+Lxj4NX-OY#?9pKZhESBQxYQ(-f$L z!^$pGS_D@T10n*zE;kr>Z(=h6xbQzR&au#c9~W**w8=UFLGXR+Nhfzjfr5>icjV=P zX1v8bK(m0lgb#!;eoVbcqN*&Nmzw$Cz$@ORX?&x1Lq{C~KTQ4gx0|_>!$>swb7@4F zS|nD+y{meOB7!0^SUUCVtD)g0*F*;lbynS+Soq4}?%qF9qYae_#M9T`|JToh%x`*+YgYL0+Quhr%?{VoXni5m8@1e!s#1x=H&q|xfy z+AQpCLSUU#d`tf$!ZLw<6hNsaCM&fId)xWGY91k;Jzj6E^gKR7Z|x_@)RfA%h@8`2$ z#>U2Y)o?NY_JioHMBMd7ALJ+E06oULKl#x!gO-}xy$+#Y!HtR>)S{1}5WmgMcNtOYx<*`F2Xto@n893uIZ}vSd;zS66l!{8ZH?}?XKDcaG(Pkv(3=1U(cJYG$VN#46R^pXS8>Zyq4-bNZGHH#C_c^G!ah1V zdFMI4c_HS;&$CNao%guJPYr!aJ#&TsYaSy*pF=atfyA*_SD%-7JsXQYC@>DJhF@zv z5W)Dz8wPzHh4GaX?%hWq#z(hsIz;X$wGY6Xd=f;?p=g+L%**;U1&OMYP|uN85}o+H z)nO9EQG$COZ8=bY4U9h~f}RIRjEaavcjwx|l<;ra+3_L6H`H|_$Y=Pg&_c5DJ=Afra;mX^#9`n4~C!)vT8MZaydRd)TK1Lx(>z~k#_yx@}?@J z1f=ZYDS-W36O?DNOAkH=KtX;)9XU)P9u-i)rbBCT0Fz8B9D|v7^N2ve@^LHer^x{8 zXF{JK#pk=y4@_KxIY`hQ5ZD2r!d)0OO5mhlQ&l~QJfEQj!9}g^EZ};o%Z@Ee3%j0Z z*ZS`-ge4p;D)dmogW+SHLJhk5)uVeY%*UX#p(#)E<~hwN^Re3s)?~*k>i$8nXl*{+ znNJ7hJMu>Ru(VqO$Pfa-5oomy+`o61%}`?uFHH-~`ow5y4$8D^aAebA$ph3#47vb- zuG@?OBoNC^!|N*k5=fCPe6dQ zN5*)XxRO>-F0eaLWvp7w%bx*Hl;E%R-l*9s0758Se7MLB1q9MXXA2{!nnD}j!@9rm z*VNVw#Owy33W%B{M5hC!3$lhTfJ+e7Vox#&Ix;?2nY*_(ZqLt3y^#EV0_g(DuB;2v zUc7e#y_x8aMpq3g!XOJKM|~8arrIhYSKR%6eVJ~7B?LKC{zqtH2b^{m^+cfeqBDWz zX7b!9dJ3RSnFZ&I$M8Yknlb}7_zWDn*YY}kFwgUnJ9|6^45$V5=4kM}3${=ifZYOX zJQNh3P4MF;xcDovoH%1U!}>(WbY{3a(yxcjufluIux{nn^w3cBx(YvLSBJ&XP4=hS zr=?wD0WS<&-Y*$SYT=!hFrqS#TFiS{xrKR}Tf#zArmj(xDEjy4X4^#T(y7LXH12s<94hV3I$rF!bViHt#Cx?& znR>W6(8!8p{CC&KN|8_(1)(7;2lViH^a>PxHfAUtot@znx4=|L3>}FM&W9oxkZ1%< zNWpUCF}M)M?+YFKfu64fM9X5}pN6JAG^s6oM%paYjrNU=od6^;6eipA=`B$sk3^eK z8wLJ?l`WglM<9Z=)3TkoY4j(9z_y*;8mFF$F%(Ui2y6q6f!K3qX(njrNkKvp0%aFk zWL(tsnD`ytM+;a0RI*uK+qR1*VT$i}Vln7lKZF;6m?PPRVsGQi8N`%;c3~Tah2{${ zByr%(2furF5$$!*`dZL>h*NAiEf`rSp%(=uIU`r~?FpOWX7d+Pv6iA9CBZYH#%|;H z9YD9*ia2!8uZ03w+6?9)h)1{$T?OmZ8-a$y^9+t{r*oUW#Ea*}cN7ic!KlYPx74qZrN7s98sM0yLZ` z4IJSSP>Z@AOn8s~=(?NspFSC{p%%c2Y6bm|lO8liTDvaK_`izFth@Q+@-~0Jv4%{&DOs*xtPJPvUoD~}}FU&*)U*Ia89Y*xAF;62~ z5hV|me5V6AAZ-t({(+T#`K7^w0it?l^`MiSu?jmjj=c4S2T}F9k3^EOavdldybQ-%7QUFSU2;t>A}m#Ea)rdqwjf6ay{- zV{uS5QLn;i;3%2R`4WaL&Z0lDS3}u--+G))zNWSvSA>QRt zZL%jnBwm|nY8Ah&TEx@R&?P7OV!Jv4F=-IQtv)hUJt_G$NsL|XvIf7M1c8gxEEyj+ZO^z;&sW9y&*4I6 z8v9GLr{wh5uKsBN^cTm(_ETsUi(7o7>6w+o(6z_(4+Egg;Wm*?H3Qc!K#HWghevHo z0e3N%d2u82Y4}d{LQL$?V$X%H(Dy!GhQFUS-cboq?xpDAsq0-9n=fr&N?jm#@KV)z z6ILdhz)r48Wiw$i)cJCqs3MHXkTxv;_IIwT(d=}&uA=pc;o|=+5>8HcxAV4{opI+9 z4QprXzW-u?SCEI&BJhmiu=rA%mGR)nQy&aoc2!1;~Qg0CvNLxwVY?(5d<$GE8QDhgTRI`e&I(Jf;cyW|VT zGEW-a;f^%>#vh0GCT7u4HzfA?LPw1AjZAKnmHKkNSZ6n}KqIpQMA4y-`ZC4pr6A%QS) zY1R^zM1h`4%d6K)Y-a7rn%?&~=W3;{J$>`%G#M{fRaY2}O&H_D4b48ays?~_VuF%^ zoetU3p_XDtdYh&?s!x3f4oli;1Z6%15${fFx6jJqZh2)Tb?fjZPY4!KwokNbIpS5& z3y-rGs;=COT&Ebh(TtU>xG$#kyux9buKiacyGqNNTt&rum2-BI%qh(mEE_J(d7YGr zGBc1MG-+&FElB$n_{M&4c}&cX&Mqly)A%@bl-fQUEyIOZuUT1e1gAS zf0du1Z{_;OB6ahO3;!ioW1UK0m#eP^lycfjVgmH{3=(JsmflmbIMWB<9tfLLI5$q1 zjl4A<;Pnf$Fu=7Gk8HZ|wH0ftC9{cbkffrJK zFkP^1J1e+#b+AokWf%zisA0xpkhnDfv>Y{g22z+b(XiQcuF?_KBH^K`3l+-l;UBN5 z5PNdUn0bD#b`=P8ow%CKh;NL~c)OP&ZKcrXeO|9{WL!gPe%_wLb89!XHOW~D>ciiq z40#h0iz8RF8Zycyv|8FowiS0bPv0-=xoqce8PM5tqA5$n9G{L(Ea|e$fMFe5r|!Vs zOn^4eS>-^N@I)G1$%Nn0oZeMGZjM&E6*>KR%8|~B@9vU3NbE>IT_+Cb1v3-jinmZxcj4KIaMm4KBSyC* z+IQ^SYNOsQR>yx=$m=br3AqP-*{B~mIIGptWUXGEc)4^-T5FUyPPlD~%UJaFo>bC) zkg&ky>uax=T}-SL!t^aCaXzy(c7FdWmUzLHNkwkw$_1ji^x(m$CwfB9T^b2PTg}kv}T;0^!(&|r{Lj*a3f)sOC6&9HTSAT3|1pD;pz9v zz5CzOPyEY&U^U?*lsM?+5pLM}v8|oqj~-him2lg4+)kV`UklRRw)TDt6<&|+%V~#* zPEs=GjocbwL=xGOtMMw>os(kjT%k8ls~+vMmi|=bMP3Z$N|GDh!XRXcwL=rzs#Y7Zdqr0?~8F?^Pz zUJbWEq2 zR9ZB*U$F0S-VQrpSga|@9Cf0j86$6EDL!*EI`6w< zY!;1s50f?>yP71$}!KjqU-OXz4 zDf=^#<5umPP3^l(-PAV8mJ@Pc56{=WCbi$lLF zP_~r^rI@`n;0-5V3Fu3*U1Jh?sQ1&G$cJlDaCsn$1bI$jFklu#4Be(XqfF9+z=|!Y z`L*=>Q9&xX&OfhLRei9-{2p?!CyL!glU zbtUnv3gWAzALhirc}Vj8Ca5D5?mpjpix*2?zB+pCD9&wDvWX2pJgaQP>xNx;2YZHl zC3EJH+!&c+w5^bmQPG@20!g8Egi3$|^=?vth^mIcZ8_oB0e?HD?i-%NB`6eB;LD;M zSiDB3PgLHXOi86twk#yBO3>3en^(zMqDCoCA>BwV+805^)nBA3hwqD*z#5g;#Ks(- zKMtZw>^lnTQ~2sxco9Q8`S>|v%{|?hZXXC4Ubm935cy*6 zYOl0|<9^lB&_kyew^-CxWw}hThTLVt%k1LG%t_+V|b1a#gK77C#F+_GiyjwKL)_hhE<~#j|azYoCd& zD6HhPJ8gKje5{GBa&Fj2wb+h~52M&hZ-16hxiL+X>XywNrxW#rH`Y^z_Dy(Gk9%e! z78ty3zV1wehul&+tlD6NN5(9UQg?2~J+J&~me*({a~De^rnp~39+uG5I@pV^YdqIW zp;g&*^%Ikd`3Kz!<DDBVV$zCN*@%*zw7twqkkU6-tKz;ws@(fx;KJxg&2H zx@$#se4k~b|9lh}C7^s~i7(>K8vo_=4@X8~{mpE*->Mh3uj-wtdfcwqMarWW79L)< zpx}02-}paTD0lr%_fMdFD`wv;;h}NqXLze+M-zdY;9ONfnyyp7Nc4m^&ESpPK*uLs z8ZXfk_^ZO059U-{XWs3T8n;)vCo4^x>&hqvN-yasrC!J4PKdKiNq?))!2}Z~?GaE5 z@l6?Oumnm*UC6`QFkSn$64^|>sWsfF%f&5@r67Ng-=s1*HOaIz@uk{Yl}^#I5=UD? zv8N$gxU?#xFj!lqNh6%7E5%{B&oHP{B2(xav4#5b?-}LW!v0}#fEWIEk1jv!VbiG; z*A6Br|Hc!C#kal%#CL9LQoSZiu*G;_0&G=lGsP)9*c1pV~0jZK|gWLY^h=nN=sB*Z*F%QqpnMm zgm{ z3dEj#F2bQt;TtOxH1^!|CUwdC8mZWQ4%OkjxVS{4hyYO-e1d?potp zYtiSt|0!21YL{%(l`Blgn{X)*SBZGQndK$kpMGLP^#dw}uq-ypdNZ4$(pQ{imMnBB zN>1!%QF;lx_r@p3c5fIa4v3rAci7lV?r9GkSXtaHsPg)3BaD?*lbLY#Gl=;_)5)9D z%c5K6yf*yBMC~B?erOf{39_N~UyuKMu}Q4n#3M?}u}SI4kJVYiAtn=x-G8cJ+E+%C ziC0b4rr0b%5D#%92HtsW{A|iMi44>e72}R^lRlK-sCLEeyNFvl2j$kY*4k+@C<;;C z&euDWK_#dX#$L1KK=GNouJl+}DL^~p%)FUwPv}fX*qYk>@wFNOv)tCqO)e`Rv0oWh zY6j6aN=xku8q@o`9{pftYs-_4zwIR3B;<{ztK=@w1O0Q8XiCcqr>Y!vDDELdTKP7r!=f?}S$Z6}DcR zmnsKd;rg5BYDgZ?ugMz*RO%ir)rShps0sDfmTig?1n^&`HzqE<)73x1d8HuarP~&w z006s!RT?4j<0EeNb3yrIyR5OS+aD4+`^XG20kE2<1|v#*3}*W0$a@40XK0@f3xDh= z4)L9cI)%Y(*G~T?L+Gn^H0@s_oZ`aZVVFP~r;!i~v6es?>H*u-Szt}sRX!B{Nbd9E z$fsdE-mr`BSw@K7UF$9qL-A0aKMtZ#hmKlwl~vS;elupZDdIAOR8R&K($+}52!A4_ zP=0_2KwVdl5Q_`c>w+8Ux<87O^-XGR1Aj32jS8z3mcQT=+8rzF_%vwv{BJWhA@+rQ zv$()8sYOm*!*iN-MV%XyeuGWEJdQV363mWq!nUS~*{d95WDNM5IoS#-WT@QhXC2#h zTTQ0$CK)@!G>p~)gMxG>r)(^$N|(3?TYpAM_-3+_ZwP<4w7td1GFj71#5O5)PBX}= zDWB$xqJ=Oa)u5Wt&ntO%v#oG%`IYazFMpqP;5;Lyy6ix7Dp%~rcklzqS~yTt(z83R zSa@itah{#2qQ{_6EO=E(X-}=ndGu*>F3kzmAy5r7eqic*VstRUbg*or_~_&qfrzmWk{4bZJ$Vj(|H#g!msYexap~(ZlLT8?@a;FbMo>3Q4D9HpQ2S3I=sN z3H9nJU^b1u7uoyK4XvsU`d;9^lMZmQdxXq>$R zhaziCm}{dIkEc{JgC1M`fko7!tl=B;LL-6BJ3^DKBUK*qR_3GGy0Tdtr@79~i?bF! zeLhx^tNX+TYX_S_V}Rk&>K}tSoEU8&0AW`k5IJA>ei)Zly?OJBQJqD)5tbebuSUC4nX95kvcWZM;-Lzu>GH zrs${9?poa=8k(4Jozv>Mr!$p*l$U1R@U>)%&h&<1X28I!rptUkbGDbvMO$mNXC zA4?(cS4Oo7m4y1X^0LDG{q35&PJdXYc<8n}sO21| zZbqb&#Yi~tn)0gz+|zekDb@L}t|kiaNo-6Uw^?~0?>@F7@3F8?5t9t*73qn^`MjF9 zGIXP6++n8%9`WISr;~~Auqy4CO7P$O%Eqr=YLrjXY)WdK3@>(Qga-tg( z{n*L=I9D?;xDIKe6;~B32Zu%O;%m^%@ND4c|BT+WdH7XqM^8;f&QO}-MYTn^X}=bC z3H|(xlKF)lSrvt0bLdJaO`Eyx?W6Q(LYyg=q$cS5iVa-j7Nx z-ABCC4;Nkl3Z3`hSLghg7o*t5)j_u;gLw*-la}KKg@d21&yl-bw7jB0=1ZDE=zR*a zr-9#->?tc6WPM37nr*__YY&&T$MYFU3hs_%v^6G@l_v8jD`+V}ovMR^!(?0hTIvfo zHOnya2%E;bx;hz~kO@v@g{PFnn8<>&VFRH>>bb<~^FfP?CS`wJq-NS)bdp8qS({|| z&GeWRu#Ol(w= zRhxA6!ds39X<;{3S}+YGz7N~g+f8v&4nmI>_r;g4>FVgjCr=8ekXI^X+|Ts7H_2f1 zhi&-gtDezqiGoKVlwCAT6g~-vt%f!%NRS&Jopt-t*jHyv`UCHkTg|SM6I!D|pytE+SF=C7-zTri^jd7c=*5^*S#2F(kHscM7x)W_L{RZcmY#eu3-4@9^#7 zyM&VPn9}E1Imtby6w*}uednzg>E=5H0$kdk>iH|b4`%p0QS!^|w$45oQa{|BaKZ5N zZ|@avG0i;MRXPEMG`*c0(w`_Sqqs#Yc4FG%p5r9e$DGkG zzxC@i{T8yk?-83Pg`I97Q2zv1{zL}2*xYfXK8P9&p}b&t@%en!qHW27v1TpPpT*5P zDo?CfLWlHtbpx%12^ci)g*{R+Ex}WEBD=uhz!$iXu<h5r7l*XDzKI(Zlr~oiok-GFrl@InD_9<@L3UYdu3f~e%~L#&_eK4CJV!p}mpBYlaQK?LaP}X*=#To@q_&v{(846N;NGdM-P_-)gsgR0I6eVZp(&_g% z*a}a6nl77@&czuT7>Ig$nsb{c`6!w@1edak^~CM`k@3t8^G)7}Z%lvnb%#6k&Z;!j z-x!y#wdXp~shO!PLo(73S)(rerI|Xy((L`YTsjIFogC#vZ45H_Y~{*H!ofspP^iST zjCFP#+@q%Qd}b^e(^_d39JfonfJ+iBP+6Oz~G$j*3ks*&w`(Y&+&xG8%l_ zB~_snJ0*KG<(`!dD)Y?Iq;#F1EW(bQygM_Pzw1SNVzIe6f{TBaY5QWGLBLcNW-@DS zXRo|RDLmF0dIQ3{rigfow3@Yvq>v@b759gMQ*rwt<$kTD-z z$yOjgeSVz3(2(3+KV;Q(;>TRp{#?hYUTkHcL5N}AaZcJ5f;LA&l5f48Qyd=8x4m9Q z)fg&-QyHt+1n#Db@nI%5njI~)XNFgc_MT?igsCUQx9Hp((tnBLsOlZ`HEv;k(6?yg zjPk}cS(_CT%Wqd1FIasRDG707a%>><@qnttC3_Tc;z_a}%l?$Sneq-N5; z?H_4lZ7P#jME#=}2dW6}`mOHHBf$n#99pN=yB*qzbEwuZR%!(_hnA_if%dT%3RO!) zW)lW=3SL?F+j){c-bhroA^t4qTdS4I zTVfurS9ys^bAtw)HD&`wDA#S8UDn0so8AJGZR33RFxj8RfA7j?c|V!GQIi6N3)PcM^GCN=b9O%|`p|Eq>cb7@INvu-koDg3nB>K}aTbL^}4Va22>V zJ-VY3A3Df=R5o*1x+8XFC51QJTYt^6Z{&)fUcr?nHmYhe5}t^cBci@0379v%lpRy6 zlXC&?6Dw3}%r-jrnjb#?!Cce)wz!#ksZUBtc10K;BlM?UemvW%?$$vIb(3O^pUIuj z-RjKg&`kc@`N9!1Pq9@YXH{7hiHsj^n5W*zaL5WXDl$FMNWkIUIuZNUR%F%4zM#m} z|GvK4#%kD$|91Cwe&6c$sPynl&YXJEwa|v4DGj!g${{dT=@E%L_buS^r?U~*6!TP( zSmL$}gFc#i!Vlp>Ua`B(pKKD{jFpARg=Edwm(C0h^kAh+%@?fnznoRebEWlO`uaw9 z27g;bW7?d#g4>*U;#Q1T`PA(<<1;}qV=TJP@nYN26DlX$4lMQih))T)Cdtodj?+ct z-%@dF+fG!b4w_tY4CI`{%|FETIo71`UD%t1^z%hDZpM^!!b>u27@o|>)K zYUwZYAJq71h_4@OPfaqD8UCeEjMa`qLZRJqoV=TS)B!iw`MQd!;h$Wc4^cM`jlNq| zEfgL=^A;&Q^EOB0fdw`aP}hw%K*7c7FI@{Ri6thG|g#>SP888jC0?~&rhr39(#u~EryN+Rm9(X@R{zL>oy$*Q&hiih^QhYeZcewr3I*R?6Ln8bu;f9e;3w_h{-Tbdjo~_E@X%z zlP^oid+-5PC!(|<>niw!-I-c%Feot~$z?!E&|}*aCF=nL`SOtzwd^zyl92kU>n|ZG zEk^oymK^--u|=SIMJ#9F@FFG_qNkOB4qnFBR|*kW5Lp;$^)VQTN+LqtCkBJ$XR{C# za3K*7yq|)BZODum)u77^0v}WvV4y*tjX~-VNaVq@ohT0*K5m-P3MFGSZ3!U~1WRs2 zrA7>%k>We#$oK}4&rJM(|G*IpE9(YvDVmVP)=OGVL2rwQg0jF<{KwYatleq>E{!Q< za-1J-0#(th^xs`+z$9BmMvZYHBT;dr6L^~cEV^KYj_5PT;NvHXxH8=%xcU`D7?f#; zs5GX)`2a=6(n3Ql?=2ie69OGyDRl_=5N`v+oEa%C5G5MHHy8}4=1Eb{jp9on4lC~Y z5m06CBJ=PXu7@UI?@s`@&Of#oFn5r#2lDO!FP6tB=@f`cGdMAPfm2|H*bF3lVz3Z@ z1ph1xh7?H1f&7F(D$jsCQ6veAtLBK8M~j&e&CdZ&2|G)Z5=Sx~aMqZIhKHMhjz0@h z)L@jF_m7tfdhm3l5CAL8g-d?{+M)L8gby@BKYjQ(A(QiRKU4k@)!HeWnYbJyp2O3| z=QT)ph0~%2_DqS{_+)#hY?j4lWOP(6$?htMF!>j6eZD=^I9$`Qe6?LEjD>S+XDid% z{`fZqM}0Q7jZOOPU#{?T`mehKZO@%;2@E_GF$lT6TGyJuHCfZ|`YN-{JBJ!( zTFbU6jszN-lsn-yVJfj2;na1-nVT$prD+?|T}%c<)J3%l1AimsH?w*O1T492mykF zoydR+7}oCvf#RYAbVR*~jwlH69aX^m2k!xkRfG|Nm?{wd06N~VtUr_DyMGJbI;XN~ z;;X7ivgSj_&yJYBQ9|^R9)iYBU2KuPOS5_TMaaIMFN}!&W<17wy_8TGocxdq2l*O8 zG>k}ME2N10`vxB(&-G=goI!Ld@K0$$x*A}cZ-W(G6R@asr}*p#L{y&M(~rgL`p+*PbN`kpp!h(yz2WC#Vo&B=dKTh7_?>xbeIhy;YZZVw=?b_u@HrT-dh_jX_wz1 zp*b)!k@Ap)JkyvAJ%3c8psZKUcw#Yre}7G%3HXBkdZgq)QH4eIAQC`1O~f7G>U`f} z{C*sDogX|EhaT}I8Kg+_L(vVu$~BFOu0>`h5VCCc$Q>FfP&u?97cWSpdJv^ZVqO6R z;TE9TQdpl>CJNpv1NOI?~Miho@YgmC5yGwHA~ZVHl39&@0H(3^!3y&QO}Z_Uu7s@9grL zF!1=73_IC2a0cX)E2OyFFA2@Bs}9VySs_Bo5ec><-|!S0&2|@1wgm^Cq;xvlLyXV*<^vP zDYUMKFcz^x(D~s49$#4#fq0%6Oe&ZZ{1bp*@_!5VK1g|oqB4!0!Rq}MQ_{5BC88#ww*NK)L?y8&cn*;19mBoF`)pb8GxfNQfm>LcK0A%qyu03d`gJ*@vR z!upbmGSu17IMwBI@@;5^{t+Ql{d`0@G+h*5mk5(I4iUaoc*6G}vRpPR#!Bx;eS5ft zE}wEnS<32p0n^!WR;^lTLZ(bB)$b44BRUjNjS z;IV|%slR-a>YJt=K|9wB87b%r&do_lINpRrHlC_RFhUZ#s|UyW&Y$mbB%4CU&`|{W zTrD1m(fERB`A8dt#h3zFTo9bDQQrW*5=gjt7s+73zvR@=Fo-dMF&wqTBy4#q3FKy7 z2MwTC+6J+F6BLao(|15G2X)`4Aa9~%?pZ%DhsQr-?0{Wxy0VHzS3F`DgLi@~RMCI* z<63un6cugkv(t|5`4)Kk*IBATY6qpFEoecZ>MDq^a6Zy<$wJK_Kq`HT87XLWAg^c! zQEEXVkBll&h1Ss2#G-~1K0!0|V*+|!s8t~1NWvg1P9TTJgAA(FwyZ@L1nZqn-dsRB@fr*UDGz$Dh#}XZQ^!#dSB*YFToo92Te{%r~ zKH{4}R>Y~o@*}jGfY$e3b395j2RSeS(!+q<6lJ&~1I;dDC2v%bK>>q@8c&ia=2sI=aW84Lyy7#Yp=9{a4?3$Y@UI{^nITKsdEY6BZ*xU7^jD)` zu}_6sWkmRf-xqoHL1#&b^ma>0&SXAY-qR{y@7%gY1g>yrfhqpJ$=!3eTQnUcj;JR^ z-b6?u;`YT(vfeo{)ScG~-_sP>yGL5`DJw+Irm5a^Yg zJHqMH;XH$U*uRX?j!LKf^6$3cZBVcXMz#b{N*xmjwzz^T9rd;E{M0#7wC_JyB`$2X#Jj*pT)0 z^>yln?@9iTP7gH$w6-gmuaK&q#~>JOalrtNL&;B(kqL45A>*8C|EstCGNgqifmU0I z-t&1!SoW3EwUuNN%W15oeIWXSSTtPlPI)u4y9qbQ;i`UPLO|o*FV=orOaL;|L@a-h zkaH^rAU`W^&LDp#nePw}(Ta4gfY|aEK!iFx=@iVg$rmZ7g%7MpI}o(d40A(@OJqoZ z75wF>_rPG9VD`X(ppmh_xS9gEL{Ys*-{TsSBoDyPg2MxzGld{hHiDaDV>4vQkwT|~ zg9!j3CXZ6jqf!WTx`2Fr!GbOgjeOOMbO2^%94}OHiDkt(;MguLl$_hE&grArJ<#_zl96>B`Gjx)1I)Vh- z|5P^UNjg; zv*Qi4Q)l78Ru6dEudv@bKGd68$Q3^LIXY42AUCfwnR3NhOd}q*k;|2e(7{Q^de%OV z`r8kc>Z5mWhvWqL`!yX6nWLvu2c$hmvxbk}gjssy+HoE7-^giswOvsoWftU-yNl~? zYwdSg!8IFu+U1Txn1K~v2kT48tNHTpWnaCF-I%A)(7V~|YG)P3$N!S9*1!5;sY5ue z(0L_4VUV^m|Je?0D?X8W0F_9Di=`S;oD!%XhAeb~SOhs=u%XKW|G*opoti-DbuyH} z=>+(1Hu)cS`Zrxab6aO-u-{u6-tt*wOM%3|AZ1IQJU}*#03YxsxlLGgt)Yn3CK$6I zwSafW$`WS*bW)tOyCo6TLhzURB9kD#Cq$^rK-Y^gzrJ8L++xa6%wiqQw?Da0IufFN zDXL>gChN0db0-*iSb(m_cH(TInYc>OJ=o3sZycIhOx28FwBCHt_Iu;opM@lrTrY`z zEUyB4<+rBQ2OA<=$+6j zn^kYlCZDcCY!Q<8|lxb;y1GSQGWv5i!46B85nes{mVl#@nxULzQp z^=w1X6b|N}G7>y1Ff7rFOi(EiC{xVCryd`$i_NMc5|HzfYirw@7d*IK}MgFq^9uY2* z-m`9x`b0sF2swK9{|%y`b_AzKl#umU|BkPS5~f|k>aVh_T2JE>N1ChyZDvgzn`+|u zl9b$CmEId&({1xLkmmtfMf6{R=?2XCiB@a|66f`dYVm?Zzz`TP0-vh_ZoDB|UEiFP zEU<(HP6t7<9Cf2r;w`^4zn>E`y+dJ>O~fuSI=RMoCrBmIW4X0zld)!#l{qQ`1}`?4 z*VuM7LFkGMY>HO9?t8-OB62HZpl^XQ zugKuQ%Z?jQiK>2NjT3h5EBOx`mYDoC7?@1ovE44)_L?tuUQWoaZ2j&mHN*HLtF_T_ zwhwgW95lKJs6y81k~_OW)1Gao6);T^MdgvlY18BAlAQK&mh+`9zrng8feApZ9)Ion zMS}`!-9SA}n08SpYKhY~Wz1Orh6MPNy`{aiMvFI=e!2>9%c}Kv|I9^7z{m+SZ{8G? zrv5XZ?)-6*O*#Nqlai$wgx6%Qy#XyKyf625kN4ZG+UHbZR{GmR6!~9_|Nh7|q1W=c z3HX1-+W0TGl+AM=G1*Yxt}JhZw)Xtqt$A)hf=%q zLN!9KhsMIsmXTHLL@r)@;Om9)&eJ|s1doLJRO#X-07Iw!-wjg;2 zZVDu#fUXJ{Xv>b7D_$c{YDnIZfAEh=jHoDjfcV z?}Y<;M$Vt6EfVzSJX^vw4{t-d=q2B?ypvCYRe#nUxPu`Zni;_6w$zKsG-VlV_1^~mfjHLWfcs-uvcO$HP9Sjw zW~1&V(=dwc++3o{hf~ByJ|@P}NK&~cCdcvIqBw+P>lJz-0Zfypp9EuPz!_C#kTuxt zq(Qh=TOlQN^SkPR&Y1NSY1U1TwmSCg-M)D-6+af$1S^KM5nAm4iGuM+%#O| za0x1bQjR313HaUPw&9Lbo+*w*qbOwv^6GS!ssS88h&rZ;?B_V(LpO{EzkU1muUa)M zz;*#8DHq8Vl^@E$rrGVEL;a=~I7cn2@XCrl(@Gn%)3*A$HXHG5wx<&Bs#F?|8&36Q zpJ!%DmyEyaxsh|4+3Bh3^y17{RD4TMD#1jTuRWiy|G~s$HKHvvqx1RPIYx)l$yNZ8 zf)G%T!8Ab3@;`GV7)SLfMXi?1z*!FAj+g+P+o8t%apiHi7=%PKjBbAh%h;ed5fTtZ z;}UIoS;hL>Qb4yxxGk1rw&nZ`LdRhs$+rn5aas1xyrxIYB1Jd`4FsjeYZGJqs!Bgc z3pMaXPHGbQ9GyPqSR;+JHcpP$cjiefQ6h~Ug}ZWZoaR#0DW7%zAv}4N zRh20G&ol1_E4(x1lB|DUIemBbJJor_6PD`zjI6~gtxJ@y{863{*&a#p$=laq_`*-V z9$Wm`RYoZc-$xA?OK*jPqYX*@Z}d$y-)0gUSL~EzkE{e5aW(_trVS&fRh~Fs)hTJZG?`iN`^_ur70%I{?lpJnsaQ+b zRFvO_n8lqk!Yh>As%C8ah-FD99A31B&;hum02Gl06gC~KNAMe76B?7IQa|m$V1S$& zGbx~!W@EuR{JweZ8$y51UV1<^W@PIQHu_7cqV_3aLa@gnLiu25HG!5z0Ic4HH4Hzq z{1ts*OTXj!FIl=B?@9Zs6{!HrnQVLyD_P7+y-9;%Sf|9u(LB!e-r3Jn%qJJB@FP1) zpNZ(`Ek=DJH6%zk;E+!gP-!Zr#dHy$Up73TW9FCXt7@#DKl|n7c{XXuA#$XdM-CMK zqDcUtp0$wvb+!(YQv{LM2n6Q(z)4y6Xxl7f`4IYwY4#F2cRB`kQ#BOF!m0kRi8 z@}DUuf)N1W6J*dwFa3tK$>RWXaMI{4%wv+l=;g zJ2wVAg}@mPrL-i5RaC%)guIGaugEPa9d5?(=(oV82bsD2TerbvR2K0pO_P#;B6b>- zd<*UX&;~$6L#rL7+`GWq5xHVjZ#!(>UfUz1M`eP@;wF9)u!k|mQcNPIzIDn4P-bD^G>RYbx ziWQZ0;NmF%J#ev%z8H4ed$Gfk*)z%NWL?=vIG*V(mcpfi472yqZjX1{IXM~?23v_u zwx^@Ne5G*7ni3XHXE};D##|Wp=_cP{%@9s~`R3HjW}McykTT|97#gY54Wbbg&-I$- zH(#Kh!zM7FEJvEereigl$cFff7S~<*#zbOEoAbLS(m`eJhDoh~+hYp5dN|ptK9+t} zXG)&**Y(e_S_k6{--pSY3Wv>G*#{y>(nv z?f3mXw6xMvqR!B$DBUTYN(~{Q!hjOeDJcRH(jwh8gbdPMB2q&m-AD@(g7RF)@8|wK zf8X~DcSE_%2KI%04pC!Hm|!Zp2vDlh>Swm_c>9ouFmhV|c=l?d5bx zZ-5IOi!5WA6!PXePG+rYbn*(`iB}1u?yCjf_3^4>jH~TVz@-19;+dZVQ{a$W0CJ3f z)qofe4gvxig23804nE6F|MW{}%^w(g`6qH|z8E^cZIA`S)7-#Mi_;)N;6aQ4{`JJk zY{6#!t!6MK>TLlmmRS7ON?LUj^Nt;Z9ly=LBMKIxQr<7i_Sdz*_%urL*bti6s3+gU zfp}`rh!8v_8St%v+HHg z3>%|jG@=z|AEkGjkmiWZo`t=HBOb?BvZ}X6oG4A1$EPA)r5)Fa2;9&zL)ndS7}OVNC@{hM?zlt&0xQ4ya!jzGQ-pPS0P?|oGU z;TjQpa~u{0t4K8 zG60Jrhd?DjpMm0D{z<_Q8qE(dEQP66qKS1a+ob!Y@=Ukrgsrw`7GMgh+J+RtgwviB zsu9sh)la#V*I?rHE|8W4iS?O42z2~%GZYGMYHvPP@$t5f2!$MK&zrT*ZA>gyVtXbrYHgNf;pt@r_T<>Q^?DDuw_MSM9B$`r3U1oZxd(%# z+4LkEs`05uFJifgo5n(?Q%>BBhj())MF!8Os1U&%PMnbuipx)R7+$5t>Q)!J5TYNLT#}5lc(aJZy9tvwX{U^Wejcn+Gwf# zOfIY+8?C&T;RdtKOmg3`72;O&03+e;|M^o*cjrZsqPfIosE80!b5)#4)t3_}mS{^B zB`(ec3dbV3PCE$^ygbpUIcsbnf*gMzH=hn2hL2Pp{Dv+v#N%xm#KW~c(#Nu6L};t! zyKYk%f0a@0tMwkY1_BHi4v6mq@t+t#bfslMg2}&mE`aWF0viZ4J2hzjNeihS+u6I= z`>RLoV{*wUZ$HMthRl7#_OG)psySq?N~%Lg*+s*rPqDPGF|CxSyI$NB)iSbMG(+5a zk~@h2v=jn}JPggh$I3sQ0RArfDU_B2Bo1kk`sDrw4Jqef zyR|vXdoZDYJF}lmqQuC7v|uU3DgEk9%!US&J@9Qi4;%ji#3(354D3Z#rRKEnjDfAM)JC*NByF z4JfiGe}%i|@j~Q#u(bH&cFP~vkw)+0GGoo&9Z48E1WglbhRUZjI6eW}byIPtrJ3ko zI9Cf8b&l$4zm}V~aBk3wJ>cY{wN`=$%vQ`7>C;thyKBwEu$R5rL`0_m|^AP+Ph`WM1!>HOt$NmOB1^Oye=)~ z4fMOz(e4%GldN>N_0{4uQ4JP_()8VQ=V6AA2AJHTxV6nA`>|qL(4U6S5_v@0nsT_j zvk^{B!1R3nIBlbTvJvLao0bWleBc4;^eg?;h~=uGv5YsBOZ;BHnlM75y6GLX)c1=*nHhveC2grFLwmZm=~D5 z_snv(&~Cr5H#(M(4^-zpg@^}X~#c56fh1!Fs^?XA%J}9^tsgoA0$D`;x zWS18G=mZ$5Abkb6PssgF8s^);jMC8S0r^GMfLvq^4PFVxR`Q}5OdFejCX~ZkFI}f0 z`Frh8C&>pelM*;H1w==4Kur2EMPsb9E$WViGht_x_^s`DH{_{bp{liV@fFn9KM1YG zZj|F6E00wm^CaEVEh}wP-VJj%m#TXA(b=6(VplT%Y36y7-~vGEeh5O3Ero?lhuUvSJ{ z&@8(T5-5ch_$GzYC9&68TFn4OoD#Y>VV4E#76JB#C(Gb}ivH=KI$Ztl?pFK1yBlQr zEV_TVwK4Zul@ug*ge3(NRgd2$->AH=IH&KVF&`j4iO7st-bo_6`qziDb&a5@>6Vxo zKXZ}gH`~jfGjWfv?=8NG!__H?=%`u@7d)+OO;m7xto}17r!13s6=?vgdH%#>k-!6p zJr=+<77XU#azHW!d$jbvg$v&HHa7miw}_DK2GFWSfW9=Ce*i{HE0>_(zgzpdloAV2 z{|4Sx?{Xqvp8%XS{E{O3HI`Y;?csMjee6TEC}nd34SyRK`WZbiE{Dt`Fqp*Qw+H*s zWD0Pjhrr5lE1{v|>LrtL_+Ds#-B0iFh$z%CQV<%-156TU^yJJU zKZ1hM1K{6cFZaM$XCK@JqBzQe_a;kB*``(n9@A8o|6=EnD1U$PF8Qz*8-|6M?oEzF zT`93lV29iM;x#~_&)~Y*8mhS##$R0-l>Jh2(XCTt{jcMt3~;ODsqpNc`U@a@(4F$*($@BjfaadS_*_yIN7k7MM6gGMB z(%4Q*4M`i<`Zkh9gsc@8q#!ffUmDIVjGmD8s`2S43`Pi8Df&hOGlU%UqR-arsb9hJ zdx3{QVi^bKCi=`J5PJ-Kz7PWsz$Abm4$zwVvdk&4ZmD|xUKVO=JGVC6`|E=l8K>uv zGtuNu!H*?C$Rh+q!i<$m;FP>t$#F-=D&V6L6}-XimxA*DMzpx`cA8v7t)5i|>BU}X zy^*a>&t~a0@zV7qX6?wOfCl=qCRQSj%B9?C<}R4Scpx9$i%-l>y$5`s+m*f_u`cxC znIjwf=6tiRzZH-;s61DnKB*)!J@o|cPnbE;>?37A50p)*?eV^-mgKL;KM(KvERw3g z+9Y2Ce-%_t^zLPVdpPjCjn)7lEa`9pL4p70MIQOggNB6ygoFy8 zRO9CkMTG<4o?zi{>s!lW1~Amf_%>(}%0dWm*8X5+9T2?}7*d^Gn9{^t!Blj58Y!|G z|HvFvrv6~!{+{lg?kXf`02^3b<8H~5KgG6}c>cjX{Z>h(&cRi;0mr-d5|IAb-FzWh z_R@@VLc&q$L3$3umo|TmS}hnSj9_C75Ltr>Z}nIEoc)CBOo5e65nz&0H_xfBuZM?S zQMr)?nlgBE_=!pEabc(MmS~PZtDc&&$DkdTivL7xr{Zqj$l)nXYDQO>uy@Z0DO}}m zmcYaK@$lt>6I+vorXL48qE{nHk8`Wk5@{zA z=nhCZEm^s=^Pc(WQL%gT<%!bvmX#&(?p$LfTB#vyTJFcZIpZC)-FQ76pe2HVuk4bY zADF9K3#PWuqk-HU`xPjf_dtSlFxCNB0SRWwXC7pLAdcQaC~evX$q@aTE7Ex%Whroz z@5LgRmuYpE1O75-2~MAzv;B1jCT5O*s$Qp3A-TuX%~D zzVVcZKGAKcJ&E}#k~tlmk3&)#uBA%a`e%{*JU47H^)C6-BzC>~hM3~MDrG_KIlMAM zzM+);cY2HEPBGmK&xlV)nO!1+#JdZPZXeOHMWOwI}Xk{G*a+e zfIteN24DEQ1EVvC&u7r2qu5Qh$UD)#Lcm4=(IatSnP4{u0%X(dZ@ei160Ret4cS|F zfH`>q_#=1?9jdGcHUG|ou^13&9#`${0`v<+PbWzD&40pF1{rlg?nLUl9x%Ax!RPF@ zk_H=pP&k?HzB=Y>gudLcZ6SEc>GuzSso`$jAmBdIVP=i>d>ITQT;-rQ9!gyUKxDw! zg+d;ok^Le#&V#`OkRD>N)`A(=BE*@6Dqkq26v``32{5R=zgL(O6YAgRy=o%lpDnPPPS=bldfIP}nD5_<^nuq>#*R zUoi7q;+r^i(Gu8A*fAaK?E#Q5Jj@;V09t`g+GsMVP8KAyf6N0B`yDvsGlQuJ$Z%aRe4;e4T>s>I)vgRp>LHcjVz2%fmC__ z556|=P63yQe1H`GALhQE3YhDifNNDzHr0ZfB#tM{uygacpJzTlQmiJaY>!V?P>5F$Pt{olk5;%I_KB5u7k>{{7*$ecF=J>z9?btpBDMH2|mVYj+I zrzWT*@-aH&eN+fWy2Cm6EZdv2)Zil2d+pwxndX9Cc>Ti;h7jxV&g>#qeAXup1#iZ# zTMeI?d%ryi%1c<-B*EAOh@e@~-@l2GZkpu|#&(Z;+e8W=5n^|azOA@O<<Hep z`LL+YKAd1QD?!QBLH5_P6QJ;10pkhI3faYTfM9imG7+voF`scwp8$?ER|az00-K+e z5V0^sNVUwJ)3#iN&P&`;x8C!3axZdoOM`SHU2*a1dbT-t{X_5{?kqwmgk9OY4&-L}O zSN9|>or`LUM_5bng%B&9Squkx9Q!9oo;3?f{NxND6=?QfOn|5enG> z4jz!=QWgR}D9C9`ZS4njYXB1Z(EY06Ijg~`DaZ`ougdsC2AVcJ=#GS(v(E=oiJ>Gf zQ2s+3Am(7GtQC6$D*l1Jw{D674M4DYAs->+hk*_b51^#SO+a+w zf5*YxNiz{Ng$69$tB~OUoNG|qA_GP%5V#g%+k@Y(1v>^mlLa_4W_Zuqb_Dr!5Tba{ z^avE#fL;KZiZ;I2+=YO+uj-hAr9W-oa~}<%vW%)ls+4tocw|f>P#0jvCLqi_KJ?J z&7jT2Rz(J0rX1rEW(%0dZ>7hGvB7<*qc1rK7Ch2x&sPQ*Bc<42XomfQ@-~dNthc`! zg^s^Am156&odRVp&bqE}L}FuZ;K|Hf>~Smyj?zgEN1H_#zQwm{@6UzrFv%mIrV@R5 z9zKFcX4p?%?F;?X4Tz^199%hFe$0puwC*;ud+C}=j7&rskFq;{x{PW7Z5aBaAp;K- zX%3A038$hQAd{fT%mhNrKkPDSmHzplfQ9xy zewmot_7$N1p`gSY`k@1_mu0IXi?|pdCPF#8ko^ke)s=j z@9$X;q<%Op2H)rX**!n{Ige#>Xa@<1&!S=U-pAV?eCABuX9*yVJ*^Qcp4&z8sY=ZM zBXE+<|G6Z-+FMjGfFbbk{B(~_SiG62h)Qvpbh*~ns)VhspS48wuHLbYL>-kmo8;}9 z4+!)dj6bS!FHS+dPG*YAYR%)6?<*xS=Yd3qtF&3O1mDn7sv9{&7|vFy=P37upgcpf z6-1rx7o2DXkAw)avw}4G4tkJX_q==_yrdVuCtBWshEPkxKbQ6n#h!7qkLbVbhkr{C zU^f9;St2Pc+y4bwl^y&JnIPNq7TG`QHDuQZ25~5Y2bhEtU>S>34&W*VZ10D%xSb<+ zG-VTk-|oggZFM6%BD21p5dz4>v1@R9%!47wqHxO@`8F8dzrgMEu7yHDAQc`;*MbH_ z@3f#41n}uW`5MmO@@&=Y$be(O95QbMwDb+=M*;RbFEAJ40b+j)JReA`nb1K18Ir*S z9JqmKM8SIm#ek^~go2PP+JCOSCNDuKaI6BDUu-7IW+|LXOdxeO6IhUj%AZKv%+?D+ zb#zkm5#pax2F6jnwT-|c4QXU;&~pTLNT5C%3GG0Aox22G;ljAFgGPO%M6c*zo$Sdn zAP1X+AqMdJ{0rFy@t>`4uiYl05(Y_D;?TbrdR%bp(yz2dec!Sr;$AF3GZyeOLZCkk z94szBM!AX>I=pw>Th3VkSr}u43xCMg0I1%O#~C_6AY&ScHNpd}saEIGCeX!sPrWI%`y|B?&b}(mG?B?@4?Zcz8^c3o!=J{G(P0{reuo$i+c6V+6P2< zn=~&9;$`WoWAa@)^`?f)NFwcHbk`k;IZ0(GkvNORrKReBpXlhkhpTTq2;L)Y4hSVe zs`1)1vvJ5d5PYZ7`dnZvhsVo%BR+x{A^m>fZsewAESYXXHsM=UQ!>m}=g((wV?MMf zSLHK=3gTXfR5T$;=Z}Y;h0c8b3K3)NEt^s+%}P`X>jLQ*Lyhofg)GC{((6^GVEYa- zX#NX329FDPU-xpALw<{cER%m*hGB$S^74341q(S+Tib|kq{0~jMMRqQOAT=#XKEuT zKJiCx`YFA)Y_9 zNVyFRb^YnqKvDP?i3c2{IhIVsE4jpryu`7l4cPx!eHXubQK6xU0f#>y+R4h4F6(^@ z_9|JC%*3PL_exdWtWLaA^J@y5A5LqN_^CR@dCN4u>&1Po%mhNRV+Kw>!y~B-!B7`T zBNrpq0E4K|p}4n|WWs-_;--Jcab~e-8*4 z|A51U2rNI1yt6XJb4Qbypk~0fp9yd~LW3fxtjq!x4D=U5Z4PvcvumZ3fuEtq`5j8z zs@9+l%BD)wcz45p&leK(p+YW7bdBNP)dd1;Ak#81LQ;UOSiY=y@8w8gXrJW8gch0m z1^8+~Ky>Ig{p0WNOw)qc&VO1K6c2xKb_i{DRy^&cqRl|)4vKOB8@8ReL;Cg%m zrCI^K4RT^b#(l7VdWi=LP1lUD=?{AcT$aHrmUq!!eLqnW<*UWxcp_cI#*d~YNs<>o zyWL49QMpPyG;xQd(QY9&H>WM&E=|nph3rLxjIlQGYXPWND}_^r{GQRzML}6l`$mxp z4Wu+Pi}`6#Ty-KHsiw_P^#H;Vboi5k@)JT$lw$5Ct0JaM0u&3egR!*_XtOD;`i3Wz zVGRjSG23K>@LEB2uHDk7F$rH1V~G-*W1b$C4&0Q;5W%63)nI0z&e>61H{#xXFJt-J z`;J)*zEt&jHA%9>;PU_-q$_vcou`V*A1JtYq)Kb!+4%&cjwdIr!1vCvkFTZ``VNBb z4ytLPMP#sI0=>`BcC#5IPJ(@wNq!&!GC?2dKD4BJ&wi$M>|0OVhb*P2BB(p#$ zNTYI({}7HS!6>MJ852|?-f6jbB?2;J3b(AF}PxiBbkNCv9NHa)i1MLLs3ikb=FQgN&P&!#f$4h0Ws zU=UOW?^S%B=(3a4h&i_lt*$oMmT{`8U|rW%(JJv~b$ zlCL7djf@y1(CotvN&%m+imNoC@FpXrbd}B5++Tr%1oeXl>m$B{#LYzBh<@^X3X)~& zzgk=wj<4`xBm(yYt~vcqYXe>Rm0lv!`L49f)Q1WlH^wKfd=~YIe!AX%p8G>ilk#S1 z25_C^l3uaH)ouwILB))h5YD_ZXDi^RmLi&`&R_jG@PvW>j*870&y3`rV*FGIfm6sab=Q`=(Bj%uf6ERqOn$mE0 z8vXPPpFh4O)d4=`S^pY-8Di{iLRN-|=2XlOkfQ5i47F1J9W~l)ES1ttIoO{x{*0q* zE_LV1$(R1?vlEl!-TpR-FJs0dXo80SnAxUaftIDUtQZmaKd{uvW%F(8CRtqlJf@LW z-XgRC=}L8`6uUF+N5mMN={LA%r~JVcVIF zOT~_oxTTZ)@f)&*LAg#I-s25!f0v4t2LHC7lpp+7+bLu;&p6&5+dyIgWe!=7c9!m+ zj;?IuM>6I$hx@*GVP!DY^ho>(byNIU6hQdij4qT!JZV6rE z88#Xo#4JhnmMwZF9DUl@EA@DolU`vX$f?}6<4IYul7)^Flg8Ln@KB6evfF8R%Hr{H zF~NT8n#I>Y!dpX&WE?m|;+Z#EudC$#9K0kL3c#F^AHR1nEK;Y&GLwJl~nOvlO zhm}B6Z#ct&3%P`fU8X>egD?98c8A4z_fU}WT7TF&r!rhtji(k{l&FqQQ!}CU$THF|T4lCocxjS5=;SVvugda_&!3_1(=nj>MV{uP?_o z9?gl=^X!TXAh|Uh)Ni9s~PQcdl8aMNV?$3q?pVp>IvtuxzllrtrIHESB9;8w@2DlDS7V*bT})+AUHqC{sH%uV^(prSvt6@cbKz6x z>H%u|ouyn}cgu`7G>N3juiQ2EPe4>{5#~H{lxbn6U0^fRmT!}k+4Xz$3 zJL3Q5*Ds|UMAhCZI3G2AkkD#SFU@rMw#2FD7V~|dpVWZ#d2Zw_(TA0^%>1N?{ExD@ z+gKN-&I?VvRmqD{*3d`JpDaCL=(7ViNgLUZJ*~N`lX2WP^Ex_=`8H5_(M8>#DKza& zI2i&0u9B2G`qNvV2)x%Q>ent2sqP-NI?W?_^wLCpK%fjY1^A)ffyx_?7axm zf&N7hL92a$kO1tAM9_W+*gF&!g#qo%46JVH;95d$Ae68y3!z59ZaTEB4&_@e009te z)l!1WI1r*5fD~~m@?=P-0SfLd!eZSm3Hl*b=54I#hQ`%y?NXJ2w~8ZKQ-E0A-CFgy zO-Wq6ag-T(t5ZzPGPXSZhg~0W)GrlFuEx^hLIDWC)|Pm5DBYSR;^v|CeK7F zi#W;%3*TV&x7Mj0DkJW{u^uS-;-m=HL}asuU$c3!v~pGBlcV<)Y0~Dsiif;6)PFF% zAMhLeTLTN2T*-QD@gtJDt|>PyXf8^&XrwF0ZYlCw6U#t+`-u4E+@yN8dliP1Ph5?f zc#c7goTE06e_2B$SJYi{KJq14T>O5eN*za-(_@k zJ=ZVr1H3tFuCw?5Ba{0ur;W5yYQXix7Z8qLa0xJ9A8lr-j(Ny;_&b4pjm8@BCbwX!BT4v*g^ z_ye!Mp^=+FI4>YW?oF|0RQ9RMnAma{i(2RE@nwM8J; z=G&7zGhhoKx}M9fB`c_W8Nl2m9E`K(s#o5aVis9~fbi!xF- zh+S8t3BQrOjz5RR9y$D$<3rdlWc%;LdP#I}5TU<0zw^cQ$zyD-q=u9Hbl^Qc{@gD9 zuG9iu0t^8a(wuxOaha+aWhF&Me$|tfO!V4 z?B<(D&Gw)6e(_ahz>KWmL-m4$i)f-%tWfL8(@e{=ZNy)b!6v76%#5||K-p9EQj%TW zpnE9c^zHz&;&HAWDOEwbM90|pi+vb3>%F1F=`_JXR#|h(y(cN&3uNd7!IKSzp}GiE z4P|+kO#O3tzF~8Ui$sc>TH+$~$wqotbo+98rm(m(zzp3!=y&`8vX4W+BQIcwg&-lI zYKKzaz*?yX=m{W$3v?e%g3h5K30j`{mzf8o9|#-tkI4i&T4>uHthVq&scg_1UuMo)>L+hA?QB2`^<5&P|Q@X%$ zeRA%bBdLD-Br$%|@CQ0Sg?ah#`@j6<0&-KAk!aos(wQL zr8*I-kE(l`qrhWin~^pWc-Tp$|Ke_cG$AJG2XmFrqs;yrv)Mg|~N~9ZLJg_<%FQtTw6nBO@s~p9?}A>Ej@NLg zbeVmdbX&%;@fTRWsc>3;2qw!M(2DTmpjXVwmW&@@Z*^p+zzl+8Y!uV3lk@w1D`(gz z0{2G?s+$bjgh8x}z5z_>QP(ch_%`Q znwL?c!&YI(BOfJJ#ZLBFm&QL4{%}saVWOUSc99;O@3Mvxuvt8@Aa|0wN@SykiI0`c zJd`_mvo>hwRJLYi945whz^*sj?SEU>C#OGdl&g%EM#VfzDK1D{zR@&_iZ)BwQ@+Q4 z>su8SCmk&h{fO#1xv-SJQgw(LD(&0k8$(+;zgWo31XsXJY)5c z_=LxAH(^;zPF-bqF9#FDg_EfDjvq&>l~4TrOeRUxXt&&<6E{?OSgI9f8El-S+y2FQ z()n|wuBg%R(5LHjzIFkA%=>JJ2AhvuJxva-V)zHH=vyXKTVpPwr7IuUIST?v;;Dl0 zfZs$i%CGa&ZDx*^qk4hQvv{rfuDIyVw9i_WyOL<<4YXVS$&J1n4!$+2+h= zT8QtFm%+h^nz`!E@aG>@vud&f8ZF8lcMfKdxnamn-Yg{1qVJ^8BL0>9&j;HaS|O78 zXW5?(m$DN5xl%@l1_a4FM+O)vR>tau;OANmGW#ufs|+Wz>4(AMM54ZA66Ly;#KNJm z3!ds%xzjXKrTcY)RHm=cec{{j-uqiE5YRX)n0WVTm)abhoTVIezE6E=M-X>5nHH@V zF)teDZz6cZBTe%;}6 z_cKR~sfi%}1fT57QD7&E8%*ThYRVLI&mVg2Ogl>#jTx=}I{Sb%;@%}I%F7Qe_lQ!)R)j?b5CX0MupY>rJHNw%BqzdpISq)|uyN4(hx(Fd;I9~O^ z5xlzbu^j|StbY1m#=%d6fmgRIgHU9x9>rf8@vie&a*NU+$G?nduFif-r?c%hO6nHu z$5kes?)K-c98lqE{flXLO?O=|dO`udmW)8s#dk*>u#`L>Ls^{bHzg3GJs&3W$S%;elJ&k7|tVT?} zd%{XIq8gvKDOKg)#&Ax%h4J?JAfOV&z_g|Eg+A`>`)2tR>5^$PJUQMS7_moHaUNex zH1n=OiWz_1*sVUn&i(3E!fYV;v}q50P2|S0-4)zP)%ZaM z=2CP|Vz$%A_}4UOEE%PFa4Zp&f(?j(S0)nzv+GFr564sKr%BzG$W+vh)24V8bV-l> z7e9btWJ`f1t%@jr@ZQRd{(uicK?3r+o~GBzm}M`&H7eBgzoqltgL@czM}}1U$ngRh z!QVY~JQH+c)JS}V)F)g6?jcAeA@LQ9^PJdD?MSH7KZStIV|`>g)GW)IYjMGp!(>aM zEHysRHu_KI@(u3#{ZnU}t5gh%JbyW3l(_hFxnG948!k0RS30BczwZ0$UVBySlqJf9 z`7LrmoWfv2TS4QmO3QL;CZbABa_R^RR}6XXdTcWQ7gmbp8;TVY*dLRjQl*#wg%78& z*Ah-qd`bUkjA2V5k03~@w~v%W*-w$5!tvXrH>x8yN~GlHH+eOEs)2@~dh`hIj~+ zFrvx*>+H8PR*}t+qK*w@Jm-{vOa|SvA!}l*&|jsw4?1v9Y9GiLm$Tlq4x3=wS_(d2 z3x_qzgy$<|pFLq6GORK(6z{fE6AUk7u;tx+p?>c0!b+rx-r*vZ&OayYYO&GE>dp07 zjo8`z_9NEIS=C}k{-kkV3s-S-asQW@gso1^DZflvx8;%F7rkvl!=DyxHYvMlsun6Y zp62cMe)_-CoaKL|d0&r5T{68liyog^Qa){hJy}^3|7XGPRhgFTNL>58!J67R33F#g zD~6AJN2TO%erJ;EeyR*$wKnbkpB)~JQ zjzsj%qT*iAaz;`rT;i_bg5i0y!0#K3lehoOor}_Jyf;&7quxBLy_1TuYo}@f##aG~ z(sfs}@S@4_rL-|B-UAo4UQw;pcmn~gA4fy=-n{$R940G*>$$-gV}ZIlLmTW=*);3b0@fgllTOgeu?C#e)hX6BRm&O!Hc~ zYNSOn)55ox&ejSA@>X!t94M4mFvb`PcJwP9wflCxN}GS1Xm?q;wFl3>2C${D`7l1| z_)TX2T9w7Zj9<%Py?R_U?qMAGg4xDjH=BPF-fM-r&KKbElDzweZ`W_O^eSUj;O))R zQShW9n@iT<4qOyau044(ANtgxw8ge7D|W+)|5S#{avDgwuP6Q+C0xFieJ|j|s9h+^ zM8(-h%v6A*zPXeolc^Z8fa7aJ`w3$x+B3YIY)cqgBC>coR@d5d+b4xk``~S7mp?)v zGwP+Qs+D>5`u-K`oZm|nhVRM6+YHmVQQf%ZICrkKItibB#<> z4OZPaJODzlOo=cZIZ#5|hD<;*P*CoFd<>wC0() z?$6le*G4Sdsh7LIo-`6Cm*T-2q_%pa{s)&pu&~W>qj(PKKW>f?J}w!G;kK^pif32G zz^>knE+nMs{GqNqO4KEml?SuLhL?Cv+mDDK^bC3o6IL(&dLp)zx7B6LemuUj(nd z!Fzza@nzUw#j0yFUwI%tF(x*6z1m#IS=VYiQbB3$0|y2EYOs3~i(;ZftKL~ReA;q4 z-s(7MRVnXJv*mUfeA+H8bo|7*H^lfd;n5=4DVu$PgQoCYM zHP!Znoxq&`$ZT9{#6=81%u`!4-Q<6`42k^ZDh%xzk$=#NxIk&EuEQc=J-^pI`a|%Q zjf{+R^&(|0ONplQV?8`t_`d$K%7endyqlZ?X+D(k9oAaOr|ZyZ2)bW-@9eWUL_>W|is|9BPltou$qIun(X?YW1YU_z z6zeVC_re7ZV)fp2&`#$bFjOPjFT=Km;%_Y>=4WRq$6u7m4YteR*u3i(B# zwJ(nEWPc-{7{i;{$Fsz%H)ls9u3t^d!K#UKqkbO!hgaw2@Ir8o@Ov47L5l*tdL-XG zX8PLJOT$~!bZlJ#Tg;B@uBDcnPXr3021xA_e%aWW-;1FxtVw-{=Ke@{M#b5K_Kix9 zpnhG$xx))~79%A!D+ri9VT^W7osZKyCmkbfdHGt(^fXX76N%I}I=*jRn;6@;)|9YP zsbUy;JN2BEEZEqsy_jtIh{%#VLbQp^MD$%8t%sI#ykCk4CO#QM^$eRbj;Rzu%6hF? zFw&}9bWKT8Y!u9QAi^+}J-rBZ+90kcrL{rn^i(ozuIZ}l${w?zoB25GxO#Z@Jl??M z=36>xmCwNqT0U>O=(r6JQuX*yw1FNw^8BqfWHDuFSy&KLszS|%`6wvlmu1CC%Wvq^ zGC@@BL(j*WgxTGgn;5vEL8Ns^YZdG)`aKBM)kv(Evhj0)m`*u&xJ-4HAzdMsi00j| z9Nv~5yW7}>TSi36Zadun+v5pW0iAIQxK>w5XT&C&s$Dja$Yg0(IB`IZisSh4 zoUz`W@xUn86~XnQWVd-kr3RXXmbFZ0!hYPWrZI8W3RPTIEPfdF&;yTh%Ui^YaWJ6Z zy71jAF9~w7Qp;kJjkCfgzo@GDPh)cCZ|enPJtq_zu=u#hZ26IgmBl-jxQrw#R^RW2 zMZNNl`R+V3DC(!_KwJI!QgT^!K6>-vJ?)1jTe!77db3V5$5b~&H7^!^JXQ5<)5EH* zzwQ3xKoFoCD+k@leQA-%u2MIOE?9Ls{0j%IO(*_5oj-kC>5$EN?n)?!>;M5f*2ixB zO}vlBZRITuBER7h@Gv)Z%i)WRqd!5~S{2>UaIZgO~1b-6ZtCY351j)L_(S)seP8ciC4MEtq zrHsSIGMentN|XFN!&WNcbR{LWd|l&|2b3IHNkL;v-^bqRrSPz;X!9Zhs@Wx2uBIGr zuDZVK<+TgTW-v1?KODTS7QNx~tt}^@UjKgY_o$-&8wO_uVXaoMyK9aKfp~+BMk&}`L*NxRy8+FRgqk+Fy z_#jO_t&pPmNZr*XrBn6A{qMM=5$N^x5nZ%PAlL~%QIVwbwfKbXE znQv#Q-31G~OhAHE5U6oOc!?F4x8a1wjuTkVS2ndhj>;;*xgkeS=^gQyl(c^w4l(ywI>~aHBtQuVw{@l5C zFX7n4&@R?2vFAypn26=YQy#jb)SdL&?rgLgwYTzCSI!4|Jp4Q(N~E0O2;MRkKdTpe ze^ON1U6i!bVZs})@nup&r}$A~_*vTj~4Nr8KZ!<}l`qEx*9X`6ta%`kx0niB7=LK|b>7vt+7 zJw9qTN2bj}??@#8PVl9azXJEBk95k;sz|n=EtfsZ3OKCBu&6*YK4Q5vs-mCQ@Tjm1 z7Hs5rnTzux*R#{Au_sssZ6x?f>5lO(T_RzZ1A2bQKCkV%wQEI@iysrH*s-F#dX)ur zCk(G!vk8{A;btc^@lkmLpKygJY`Vo%T%y(7Vz%<*aPhxt3{I&Q6-!PII!4!4JuE$V%mEy^4xj412BZ^AzTMfBphg;9jWPkz<-Dqkoa> zibtDV@eMiYBx8B(^eXHSbHFH^@6wM1Fo0zvp_^;zd@n`G89w_URUX`V^RNU2Ku)_O zc~#ccx3d9`W9@Bn}VN&B%5!~&b`R%Yh>|oX?JG0gU@>s6Bk^r;un8tRUwVFVr4so!mCO43J$DhW7 z&_A|{kGYzX$llYlN-%{gf~k?AwcDHBgSkS0g(*F=y@QfxN*$d8Cmh0xRhB+5z*CYi zFM0Y}QtuPi-E+`tW-$+^2UBmNYW`}0c`n+d9h-u;d)D5(<|444o+yKwekL2oO{aI` z*9lkQ4XGg9bL9OnwR<)v<%p4uMyD+)_~Y7NaxL;dP8S02r7(|U8a8eeOWs1rG_r-P z6gZvBU?0TAN;0;73phmKdOLJ+Dn+pG+|y`S)o`0X~uiSszn!9Dedu!pd_Y##;e^pQkhFfb}2CG+-FyC3| zjv}V_N3q3Cuo*J%u#&Kq%Z8aArFU`k7p&Ii(~2a}-T%u%?k_og4F$Y6bVae)j#*ZD zBTFV3vGT1MIv58*>bO@d_mSZKH)EAH0+w1_ zgCF{>E^w;kuX>I~Lf>%h`Rch|O6$n<^jvMu0ugW$NX?2c_o zq3_r}E^+I~fEtLrSA9hMdLi6|m&w{SN!dziZ!m(`LrgLE@ZHvFSBTsAgU&#k8NZHW zk%mup2AXgG;bHs|4`xlKalU_GlPwLR@6ci=Z)Rusk%hA);v+~T+fai+>&&oMb8|JG z#JfpZb!AwsYdPoV^4}GT*qZ%zlwSJ6jm*KDpOD|JMVSbRy!!s9rnl#URdWPhLbdfW zt|kx99_nLFFfLkNFK0Ant+n{pf*4K(%ZP`R)o~@_Y2mQ8BO_hxBa10!jU#;$KfXC< zW^+488cUKahn%1G17W=dTBqufsFT{co;z$Pj(qud#Y8@N#x zr}go66deL~J~J7**JYy>(!X8ZymF_sb+6n^cULk|39YQ!lB8(@8718 zmXVH@jSly9G^3=pNeT!fL{Qo25G0jUx=XrygbbuZN<;>X5=0uNG}7j??{(kT{rt{9 zVevUX?|2`oak5#_2cD=JbzZ-+l@#r_lXTB3kBdh<^ zv^vNo*L0&kaDM&AEH6X#c)CR)Tq6(klKWm*t+{hxUz(+3<>RWBrn$ZW?nD)%v+S)w zl+BP`-{i?sLBK5UH|{kZw>tE&Wo-#Tg8w)O%Is#)H@k6Zx;j$BIazZX#;3_EDD%4@ zwwoYB&bVyJ2jR7ks5Moh2f6neLwr6k8C?MN;_lSORO`MpYw0)dLaegQ|1g^1Vt&7l z7y6Y?0zy-7NSi|)>DisL#BJj;sZw3JDy*86gWeS;Po{_&H@Y1g-!$H*ilZ2R!($gZ zR8sV2&ke#M4`Fs~lK#-tMW;*|q9Z9XOv$|TC)yyK%QcFs4I^YSrBljrUu;zg<%$aiIi$dXLM ztxGS{&KYQq?kF%8ykNL4Mar6z64l`lx``+@$(cFCDC<(c@RVVIm|vHCM3DQqdhzc4 z(vk0b4ArPYzj6#De`e|?N1G+b3jbvP_xZ0O7`lY)`ZUu}_)^E5T5ga93saQBa+>l4 zZZK<$%d4+LS6pmCBCjqT&9mZ1Q1>`TIRI#B+5efr-M+KFXlJj3Bm8P;_sF9OHGG#3&?Wm)#&(ZMoqG}hL* z{Fb5(N9V|K0-gMH9Y>tJ@c1HP`o~sv@EPza)>%1|2z$~1$I&kSHm$S^GP--l`CBUK zTH)}7E5?5C6L)p@A|bc&6x#KwoSh7*(b(#t^!vIDNtb8U!H=G;zHj-3$6o(bXl81P zD#g()ViR{ey*XW~kBP>&NI8DS$|Qnh&sk`u34C%&bkf$vXPm}ml%b$yQvzuydO0^Ve87qu zGQ^qoka87B$&uzKR+_UTU61@Z6q4Sl=}W@4*tf(V#4vE+=DyQF-;D9 zEPuP6{Do1Ae&VX6Rz_O&Xk3k)<<$25672X42xSIf{M(>>fnZNx9Wx!@1q(ycC~|Uw-m(N zi4UT|z;a9BjfGGA#tPC3oqEtYdRM4uGG!|vTpG|AF<*}pfn}uGm5%PirArUwwwrG5 z@&~c<^m+G1RengOP_x;RxQH+IMgjuLGHU%lDyjw3b)9}P`WD(MF^i@R=e$J-B9h&p zORpRiKpKH`lQVW3Qvf`9#+?>c4O4$TXX_RV8kJkoT=D6jT2KKnqAP@`2Wdd&wq2G* zkYG?~1GW+1Z5i=Zj^-A8r32cr?6+7M zw0GPHTDYRT98o%N4^yu^E(z%=Tj09qUqljYiU14l=R93iZfLOsS%D1Wv=!=vu?%Iq9&UW_Yg8<3ftgGb{66O*<8TbOZy)V5v zM`h=M3B%OS0zFT&b8bPY)laU1Z-3CHN4zZD!1E{ZCq7#V4ApS^YYNm?C7O*%>Jkl= zlRz~p2l3lqd0~qz1>B^@s5ktU(R_C1;K@$#5XFRP@!h*ihf|f)znCz=E%hLy`0bcV z#RpBFB6};wN5DEQ?uz>=Wk0t&a@&YZ?0(SV_2X}K2T9QE1YIYwDY|=wiwyA`)=?xK z^BKm-`#%>R5>w~oa3WwZ9)@jLq;w{;%8}T>714|sxSK%z^95KA<(_#ck_|G)46EN@ z(DwhQ+O7#EYutYWBGY(!lwAS2EbtSP{hen1rMmk88*@v~O0LdaJl29b{$hpH17i^L zD5Hw1UJmP=1jG#`Ccuy}_ekW&|yr{nd zSFd=aL8&UOd`q%#Bb?7jaNMif<@A0(CvE5MxA>_VBnTnqf(_sW#JMAC8K?R*SZp(% zT)=V|x$RrT7zuflL)Ws0MMMy@@^(A+Bb4XX#MVby4rKh_mYOw$$LcXZbP5IwXe#{o z%`SU~b@1PK;pZv4_yKvKi>JQ%Y37%aMdr4XA>{{P_0VatRJ^9);k80J&e@Fg!L(n& zi0(2I&b2nOdl6G-4&apPUX3{Rx<{0=-S7UgIC24O@t53iYMLI8KJ%_h{XiZ4BOsw~b=&QZb)OPN?Yuz7Cjdi)Z)jdFF*zdHSx zvd)roS#}&twOsMo;yr1l9xAH-U+Z>ZLtbXUajYsb!vlk|AspQg{Hh76tmj_im-XNO zVgp%nZ_+T9y5wg-4078se0nQUs=6Y6!@hy6#mUt{JVVOvi)m;ufj@Eu8FDd`gQ>X!7)QUN}$Dz1(O%TBeT($+p+6CwD$0 z2|~ySt%M&Rlr5#h?z!YCLHAXMX-{Q(mVnH>7lK*PyAJG3Yf62X<<9oJn-V6L5 zlew8mpM4HdI;}H^?%P8Rs(sd;&LF!T)A)?10)KY~9^?v4pqhA9#K|T@`Q02{PIgJI zd#+@f-eock$~BnAYnnVy?Cerd+m1Vn4#!B)N9s06KF87_CUnUBHAaw*I#7DD4{7w! z#0vf{3Nq_vLt4%gJ!~S~0vbUd_NmQ4#`jPYyn^pzF1^=Rm!5fMc+D+g`ipcNId~!o z5Q)s`Pe{F2fAxROq;fL6t?w=&s_gEa?M*wV-5&0rp6ez0!0eMq+{mM!TpNup`A_(z zMHu;`VndYe6gA(G_9tuwA>^n=5ALdp^?BZqI44_AK~}w%_r41H8GFE4hV$EPI~$~R zXHwN^Y-P0|H5x`e!vh57d>%IUu&k5xP*xfCq9k8q2n zBpcgA$=P=dLNITL=|N2Z!Vx5W@C+OHemywh3wKWG?(EA|UKJMFMv)RHTi(ZM+n|cq z&#+pMmn##(f71P!tjwbUPLjSe}Wxy2# zkw;zWycUnIM1@|uo8Lv{EiT?3Dp=!BmNrm$ElN7Cj3voOO-;#Y*>D}1ifc$b1eN_RF&Q1CD#HAJ7*`yY!7|AR$_N>*luF`*m(%BlvVk#7Q z%2#kQdgpkp=_*s*oL;aj-8Q|P0^v~mq+J_Z5u(N5+GTsb7y@q#<0v!%YQR6ISaY>C zBUOyLb#CMCWUJNcJg(cfWr5XO96d6T$pjo8Ej}7Q90v$4oE`o@_LDybGEB+NZX)%u zBe&c6S+zZAl4^IR28Wf&N2xXVf}t?6sc&MpHrt4C%X&Zj2J3Hxq; zjT|>YKN3Doq%Xc#4Taw=(W%LdTWiedK(_rnkG_B#RyYaE1c>f?)02^pgveVCZ7d2aNb_`cfqo9Af^6E^I{IiXN5uj+^^`8QUVE({b zQ<$v+gc$1Q9&qZ3pmPYI!gn)2WVFBTb70Nf`sjAu&%Q4l++|yUMI6DZQ^4TjLoQW` zW;RY9G%or}%4Q^7U+7>D3?T~?@f{U;5A)*2pOpBB$a zwR+ZP?t1U9#+znMdz+orA)wUhFXC6%x@>r?(Yuw0%s9|(B9B-2=CbpXI)!%&HseNb z0lSzm-z426zn7Lc?gD0j$O?NV zG_FqMS(CZ%?AR!uR?%5DetW+Bqpys^i!nzQ+}YsJ{ZCxPU*-*dDSpe&L0TtV-SWmi znG=T1DZp{$38eD!&zJw%4zp!i885$aH{sno!0?&OEhg>8JdA-D(wQM^(A6=o%YiY0 zN^7d=x>=YnPj86V;$+eU`K}HHh z45Kte#5V+;ZeTjr^U6VU_g%_)?(BZJ&cd`=tmm&e_Pn!D&OEhHiv+Q-PMauf)-%#- z@lD+g@r3bKw4qcdchG~TKl<_h^{06#aPwPdNed5Ta~!l^kXkwKT8+6uU4n4AXX+eq zzNvD-0M8lFLHD)WE0oi~lu*X(bgw;9I4ig>=3($(cKx_=0KEAL=4NEQ%9xCGsH}pF zS>7@Qc~=;3*2i@U2XV~y8J|PQP`1V*;-5kM3#qKPBCC66RyadX$zv=mV%urxYw^&a z?c&e2$ddG;W)0c>E(vqS@q~MgXP>sGnOTv-F@6zKe~}Jnmo}3<$P>+WJTxzxN!fHU zaCOiR?3qx1#+}PE29xzQLPc4cRyNMi3EbfTHmm!|KQ<)Ql%fIuaXgT2v}t){F|U_C zMWvlzPeIMWD7V+F;?{~=<$Lt}4NHC2@^s-wLT+-&vjzDyjYP&2ow3qyH~jO1CxR>J z)}_cR9O6sMdyC9#TrM2RQy23rN3YikhqI}i(dhFFuB<<*C}Q0LWYr(3-MtE>yg_$s zyQh#Qedz*yvj@PztWe(u9H-32sLn6_MnWZvKN!~7C7%Q98#7XkZ8F}JZLN_fs;+ju zqUB#<(fhWA*`3ET*cikUXG+vJA}5cXtoo~-IDv9MexpP?6=~mjd1wXT-a1DC*IF~a`y%+EyNaF+(*@qOR=^?ZvHpD((3t2i2p=|uYK z2%#=fGKlDs+N5E4-iwG%nJ_s!jR_R}WcTpJtLZnTKh@>sPr}1KJ)g#_$Rwr?KbY>_ILgE=KFIl#tKB4N zjUU#g68jvGr;OqWdJrNfA zm~^%Bo#12o(28%7De(?KpeV+6+gs%>h$a|EEbD8b+H~oQ%%tioN<6y(8I|1cblfZC zc!bo7u?s5tLaR^-nXTef0N2l@0c1?KnnX3%Il||L?bxE`HGCwMFiMYe`pRF$e)MjW zB0{%q^j$^>1;Pc77!@jq%>I_K9^-IN+ghyRza&=gY>VmFNxX1RFji)(UXK-FZ?vrp z6z0~bbP~_%i>{7t?sJw-P6t%w@B}8|ZJQ6A(^UZ0m%qh=8j^#gLu`20Vsh&y zT4R+#5HIP>j8r*-S}LBR*4qjZZs~HH1ac*5#n}I2S^h1xMr!@&9AZP^lmLI7F)8|# z?3xgxRgP)-C(!1W! zNU{E&76p$~tRVjN1^wMX4bz6=jKxza2nLy#gFHY7y=L%iWJ^?G)=GBt0y@K~Sk7Xp z@b)!q26?xbuJ5+1C+2=~WCKqH#thi1h>5o_?dz{T)sxCKQi`q?1Xo@;90wvs>&c`7 zG{_n!8@xyl^cBCUiWgAL zPj+&TBkhESn)7$G0_J9Z@siaD$+}T8Zc3|L#aQ9C+ZMrm&j=pggfa(mh-A&F(r#Nn zr>-0j1}9W6)6VL?bJFz#EN9jo{=d>cRZSh z9%;u_*5RMI^uoVrHNmeNj)-3t36aOkDR+eerOQ$}7|Ihh4}UqMd^lgOpWTb2)`NMq zKKUDmT{MiaCJA*yIMaat*|Y5g^yDI&;fQu6s2iEgGjNuaN2@9bIzk> ziAm;bV&*?8z8N+u9yty^?%u~26wL^~?Am@V zxZ7pMx?4S%B~jb512Z^EKHxxP0EEqSU+9IIB-&{sZ^BR5eV(IywyI4}3N(3-s={vg z=e1L@P~T7#g1g%WwA;a+N6d@ks_v;e#XB)W|JdvXPY)a9?&4IhOh;19-7sNhb3T^4 zHa}!yXbWuYAxq7VZ9 zKRPd4>Xq^RkK>P}Zzkl<)v%wD);1_*-Odt4b~qfbx9t$GM`C7!EOx7$$o+}s?BwxV ztNsU50O8Cx^}sAI*Rz5rp`=k0r&EEi5$_9y3soDzL`^~bR8~zn;>Is{#>WD=$9&4b zkvC>%V>di<2K#Q#aO#Ut?*XdTzQ{t?G}CNm0vdUrm=kn z8+d>#-r1IFGyEk!b;J!)NT;u&fk!YT3TjtmjFNqL&~B(N3rmBFpn{)#8=4AeuGs+p zEl_c+8)WAz%#IYLwHqwZ8L}%F>{XyUBzN!P)8+K6^JNVPvD zyk*Eki2(cxXqM^99k}hZ{3yKDPD;~@MYLu!&v`Zs!gGI7V3AxyoEN$u3jL|%Hdz|B z&(EwUel4~-yfmZHrtzV9xVK;iJ9nV97?voL8QzbK+G1LSb%5rI#k~F^?Mt#YmUaf$ zm@TDtNFIp>`&`_ioX}@(XXTg@1VuM&iO9D2kaP0G2FPa~A40&Rl^aZ7u{asY@rjDl)qW%B&s?`S4%_Am6oVs~ zcr(5Si_KnbvGQF!Pf~c@;QP6(*z(vpE}&mhR$BI%08p^Z*UKwiJg56RSpWcw0XnnA z$e03ojJz`M&rdnVVJ+V^8`im}|Jwz6_n)RgXYEF3dv-#&hjC5(5$`|zBmERg&?$4b zH4X+ff2trU+PKecLfMt%)gx=t;D*{~)7G=T%g0AM*UBIokT4Baw)Eobn6^VNEb(h&}!DpCm#T97mHTX0b5PI zfJ@Db`;6Gc&FsLcKT<@qK#Rl=F$~XDHJQunQV+UGPE8WVs`CQ{3MhqUkzLa|BQ(~TpwC{bz8HZOg_-9pyy?!8L z_j?iiwdF${Od(VEu7lb-!x|PwK zjjw5L5r;jTL^PrHf(Els;wKK3Jn9CypV6Q@?(&n8e|4l!>6CHtV(BTy&G2ypHhFkxns4N)2)NQUL$?m^LGxAdAI&9&L@aw za@C?L&PP5RF8r1Al9Nwb-dfRWU-k|@e*ewUxJFXaIQj?YW69+GkK*>1~< z79t&8ls;T(=*Fa1{XT)`Pwd$z=$; zahjMbPK%9Ka#e;jQa?5gTX!mpagdn;OtU(Nt#FoC%oJ-A=_f>c8XB3~y0uk;>wX_3 zv_o@X(g9yNDzaQX?$T;O*l#SmH(Cbe$a@iwKbK!l+=;pg<^<&=XG1pk*oXrzd~G=m zA_);MMJSQgu}xwe;m!ba)?TP-uKO6LHfL7Zx*6 z#BL{y-mKt&pW(=?H4111JvqD~G}h~fG9uR|#Y!55;;2LGES_`;K<$yrd5X$3`1V;b zZs@^xhmk4eY%mM}6bq1)0L$ziDO6CcZHJR;wQQYEh@#$-%V4{OztOpBMZVdaRn z=~4xcvMY4@Lzw4dR;xd_Iy)mY)R_C$aHfhTLC&PXOc6bhws7r&eea!%E+W_y2m|=$ z>y2qnmqxQXvN&q$B+BgR83-cpbsLZ|EzB3`Zemq0|P~T%(QWm!k=XF zF0avjIeLLzWDr&V8W5`Vt?73eQ1J93)sSnBWv$@;iMY}OiKqK$cFQ&%T?EK;2$b5O z9rDkw1;8~)-ztCCBGIX$1%yn0=GYdA;I2u6%#mrNUTY4$&mzrI=~gtvmCDSK)it%3 zQ?Z*i>^CH$3O&+^&6s}f4k4C2X~0ooALq)g++XD4cV?&_1K#^-qJp^^goGy1?CIwN zd0Ps$?_-D>cmFX$9=XJbvLpq&e(VQlI6~bNdzT4%X@Cd7s4S>^xr9IIUHqdgP2j)e zh~Ryq!xd~=@gYC)E>LVD(yL)3TvptgXhO=&phlZ62=@BsU<<)Aa?_^VK}xfL+r=nB zQFE(7X8@W*uF0m=bgTN*u3E>q^M$zNYZ3pZ%K@ysD^u4r#X`385I2mCfj17uC^cdW zcw0eMl*N*15f-TZOSQkWwbzl9KJBwQm(N`97ryIa&K<}rHTrNJpvc}h4Ny&IDJ)%G zn@g#95V}vp$yTvz+MG5A>>s^>{rQSV(*29`C_S7w@MauXBp5Rg5Y}(WRBCFmGE9bE zTnfq`gsuqXQvyHT4C~>&#!AT_NO8kJd-i)X?onZ7M6z1ilj-gml{T`lW<47(O4>Z6 zBZsmMI$Zr%!ai8k&+zZ?279V#Ci)-RdN?`yQnmgbh>6%Z<0gJ}I`b0gBYov!>e~s@ zlKMTBDvb$W%)W@E(kIbbap&ZMLyBo4@8Ae92Uu-ivybA7dS%m#S(H zn${2O1fh#aaRoAs_udW4Ct}yd2 z&f^V_3$c`W79eZ$oXnR@Z!1ZGeT$H7YJJ5--#~#iSGs;sIc#HF%&ZsDcWawKJf#O2 zaLa^!FzH-9iJ-rR?3euGY7-?D_Q6z6f)?*J%C>Z+y)s7LV(P?(1)M4yV8Um(f7C$> z3w6`+W4`zW@$vh|W+7I6^*VnCeIqgF78KHTGGuXYrlwN`T*;O@^XwwiK^bcIk-F2d zGU8$bF=P_PASr}ZNR1FhA~SI`k?O#FU$y7th8q_1&c2;G>| z{4aUz#uR<3QqC>6{6Iigs;p(K3^_uHb-S1(Um?-$nMiiWe@VF{oP!hF-%BgcGZEO| zwt3`po%p$kiv^_|Q^_YysUqcfpQCeR7cY=zbp<{me!S((X4s&Qu}$6S5_YU!&Meik zCN=K-38^N^3Rs_I;R7D)yCNoLaB73RUND5w-avaSsY%&IYENgUuMx-F?jI9`-J;}* zD}F?(e1ZSR`S|(5%PO5FS`W6I%QQnXc8_U`{4Z2SpH5?4{#EO(>1#OD=`|D?IOHv9 z@BT@Bi{Uj{Pd;k{?Fd8sYMHM_)qvv^g(Y*ZS<^SBGF^Vrn52118 zqt<)g_ZrYp;-B)BsfzQ_}Dty1$A1jdPbS`I$b>7H~bo=(|K(XgdPA-I-P+xv=YV_?u&M_Y${ELpA0WwH4Y7}=YS4M16*6@2$BncKmu=)o{N??7)?ulFmI7Ft zX~c8@tw^Ayh!-B|!~Qwe@Jv?GmXXPR1Fy4G9mXbU^H!(m2g3`+AGZ(G+Q{%cARjVP zo1`C`Yj4zMsF5&VKyOM2z*RNWNrD!kf5iSQ?pM8!23bG%i4$TGcGT%h={ z`fNu+TXQ6#D`T-IsD{+1e}kZV?;K3Dm>S0`aydHMbT!EF33=2Rj#v%=t5((nu(}Lv zx#=nELNaP=1^19;n2at6>b1o~0WKf?rtJF-FG~Yj`(~hvYX7>gnE%gxB^_L!H=mM7 z{?q|VrW%?+f&-&|p>iuTY`-fSL#w1(!{2|daSh{M793@3^y~o4abptmEK)LFCgD}; z3AfRC1Gw&vrlzLQJ1Uul%QfiPa8K-pR#1|{LXqzse{Cw5U?G*A56%{NtHIm{q4Am{ zSf5tpIbVHv`E2?kxdWZOH#;vc8Jhe?9*ypvkjJ-Lw9k#6LO(rEI`$;8*IRW{9~@a4 zrOlJPGFHiL27>q}g2*~ziy2Gv#(^Om`POuIGbIwh2?FBL6&K|uph*dDWRWRFDd=Yv zU9L5@fAI?BJ5zRS-KCb6K?NVMHd6O+nk?{769fvbPkFvkQ(#Kg@Ar%G8{e@xddln> z#zXtTc>ktB?A}AVne+ck$jGZV z`w-T4F$QlW%%_!ImV+AQ8()>a9@D~b7^Z3_huy72V7@M_jFOMD1ma*Gc%qNc+ed;2~S$Kry000yV7ng>9d+eF%RH<*Z=U=12bGA z&gnN1=XjTRh%fyg>%b>5KXbwddHoZpAItT{@Z1B2>bvDaW^ERQM1KoJXe$PYfy285 zt3jcXUK%dJ`Pqr_rhQbN|749d2|8agO4RK7YJ=&iUHGO0MlL=q80@-kS7AY9DL+*g zuZl5W^@&~D85#1dCN=c44w7!LAS8vOWBZu2aTM|m`e{f`$lLJO(3oo6pW=&?s_}9< zN0u`#z49<}Ao4*Rh04qmFRkdD>tO0=rIpyvxi$pKh(X1xIJQqqH^K{tHW-jld0>9g zriZaf5PTQj90vrawk}uw&Zzke3eP7)Qd^&Ngs<6hciL|FWa0O_^S|`SG4&UCpG%j%+QAfo=C*ELe3SV<7P+nFSBI<`GvQ|9$)!9dlyTA; zQghb=6f;}St(Y!J;OUl~U?XcEl+y~uy=mi*`s>4ht+x)C?u~?V_(RS;GHkM z)IP|;?is|~KpQyGq)~UyZ?KCf6`HQ<&&kP2#j_|IX6`pfs<+789g}y?N2M}Nb$B`S zrJ16W($@*-gf4rftg4L2fp%E!cmwVAi$OP(UM2@^;CAe1QHWwV)sFsd6E}(^4X(dv zhiMdVGnl?GmXP|s)2r`y^V3tAmwoBA{tasv75(~M%CCng!v8(ScR>HuY;it+Vi-gw z$peO=f&4?+64$>KOVR3l@PzYd`)nhd!W^6P%eQULLTP};>$aX4|I<393&j@}Dy=$i zK_T_`Rj25IxFSe}8$^C`^;Dd2?G)oviZMmUFdk}3f@$i0Z;tK+MFJgbUn?bQ;l18= zz(70+{Xt2(45D^*e2Ku{87-o?KI1o2skh(7j9B+4;AlN5Vm2Z!_5yZ;U{0w|lPo0F zXV)7ece_IwD)UQ}jDcS=w)&iRM@wZll~!=SAMCYbz--U97hJFCQr+S>oFb~6cxw(tkP%t)4DsSIR5e9lJMK5C5OZUvrGW-IU ztFsX?ch1Dr<)z18X)u&uY7El{N`stw3%l)O=tCWGr55feyon_b zO2+}X?6T`?`c8R{_I%MKNmsjW+oW37!}N}F5=^aXhWzGGZ_Yt7$F66T!O-9vPPyU{ ze5KL`Si&SpV0CH>u`%tBb|`N{>>8%5n|~uUG*+NZJyg6XuKPz8@g5nR$s~2n|Ff5N z@z<_!qb84V*LzW3lZ6YXP;|s-2`ok!O|DnpI>Ke3hGT2vPeN%@kE6*w>q7f$w$G@t zAex2SWj?CEFJUa@a3cJ8H(Q5O zHrauugwjd)8GK$C*wxYj{C3~t)-MS*o2PolW1J&oNcG`Iu<|l@=s*Jr<>1hVloVC^ z%^+^vs>ts}-8gqcySnFVu!((~h@>LZjj>io!COz?PtxlrqF%-ZBhOR9^`9C{g$#vo z{${Sf{W5kQanq$BG7hJA9HO880_gdT{3|$F+h-X{Yqu+sR)r=wx9Xe8@dtsZdFBFy z$&GCYY18a)I*c6n9@lVe>@U9w1-MIN{xA|HQC}jPh+s9AHXqs-^_I0hfi) z&>`?Y4$4C<*;>syON#!0FUv~n5_*nvy#s-0DS&@y zF)OC03h*0`*JPj9Azgd#jHp()ZU);_`&fT}2rAT4o>1aR1>YgHMTGvZpi=G0m5g%a zns)d$ZZ>2Xxmo1j_P2YY;rP~w4N%ZM=8=n53rb}C&JgPc2vx{RX%`S*HmlShcCmP2 z1?A_jx1AVHY_GH|eK?hdmUgi_)^{_2pWa*SXhi{F`C?7KGM43a@T?;lmE3)q+u;n1Z4nNGdDwOTFVZG{bjI80-%^@paULrO9Ezy3*S=GHD}G=8 zvW$Ym2mq?su?k$~mI*lY4;&t&%&|&roO{?u{u3znIDdX=p$NRxZ7)po8rweG!2n&< z!M@i3C{@D!b3%*M08Y*Cy8jJLotu|zq~W1%U)Cj;1j=8gyNY6;zE#Y|p6D>tfStA7 zWYOvQrr>U~*ApfW0#l)+VxRMG!2a9x8R;nQ3Y}vhTLX%?ji0<0b7LU;(q==Qcz!3o z;?=9=(HOGu$3gz(h*I&5z@$*?y^xoMCJ4?3 z$IyQD27kUkxwZD+L*t>`hy^8x9nV$mX;^F0?&2y1uZ`94x6j7O zNwGAJ2qt&gD5d@k7eG1LeQbiJ0TOMeA`8nq;cbamU|s!fII&AoV9xn?^RX`5TQwgx z6=j-_4o<-bL)lOzBa|dyVjEO!b+64yMmmAt?S&g_{FZwjMB25)_Nlm z6OpiuSHizE{Tq9tSCz@$a!ly5uaVkuA@m95LC((3#;aPZ9`OD#>P#v_w0Qbq)|XTF zE9qQDS%xRJ$P2_nKVotxeM|GLEi`tUFiS&2!a!T#?91fTWdit0+H@-Bu}6Dk`Kx+q zk@HO)QPn(A1t|uTKVKJfg&p5``?v0AGJSE^qTy+?^zUmje;RAP!{`{RPgr(EhU$dt zg_GG@G7iiMaVMb6wh$3tUX+isi5(_rYTb5TJG{LuW%p*KKeNHtz_0fms$QrL-66es zJ5lfcv#Wa19DSHc0=R5d9O%>}B7G+2w#DS9t@lLY z7I+se1245#Xu+3&KcTtTi$k%gibnIzwji<2S^N)1q;F{1tAvT;5k)Q!nh6doSF4 z#?)biA{Ja}icp4=Ro|!j_~y*?LX)w#O#!~fWaIc;1S879ARoXs4w-N;f9@Rv*$u#L z>cy*Xx2#|!-l?L5QQ#`4z4B(e+B%}E`WJ}EXo*u-kbTw9IRfzPcL z0S*-pPUxohxHbj`1g5s8J*}7ynwN+YkA`}okEqvN_NyvY=#>EJ6EJC)Fg7odZ-{?atkl6|>7 zNVpzrlTRTB3T^$MqQ)RqO7UXPM};RFf)`L7oz7?oN(So#Q9BJV;LD z@Ybg$I8{0lJ6$^Q`df*fUFKGQD(2xC$ZF5 zm1`BHhFpjs(61<{_seB~uFuLomb!9{?QOvv&RFGpM(8m29DsUE(c_ zTbJ|U${1Ja8ah(kl_P*x1ALt1eQIZu!SLrUi@K9|pC9JXnym9Ya1@iK!Lw`k?=R-^ zB6>8aW&;N2a|>3b8#h&)$;FZVo?NYf=OAuDnbY#cpZ_Kq*`vIj#!{a20DQoeVO4N7`c?lgWWcCp^M zKJ!bcqXHx_Mo`_rOWC{+eW0h3*ama5e&uo0F zxjZjG7TszIufDT>w%u1vEN+NT7*%y4sHiW&^cPWiy%OL8N3n%ELvPH3e@$OMa1Z{s z`7F87sWc`e>vt!hhDvp1!km0WSxRM~2t6T*LHMKkr&Z%=D<$VgiXWOnD~4@dsWqUh$G9V_ z{a=^9wF)`s|s%8a1YKPvOX?w1ckdv?i)Po#> z?PDvjG{-loB)TWxe5}H5&iXb6E4qI?vfAO0oD;K`v#!26S=LaQJGYu?H5HB3IZ2aO zGLfn>qrX02?fDQ~rRWLPHM$c=Y=3uils2uyvi-2}E7x>EwZ$_mN0$E_@7al54YK;@ z5SvSoGJot^auylZ@{6qd0hS^edg`_8bF=f!?sWG5&s`!RDZN4Vh#xnIgM+Q7C}v@W zue@7usY&ZPNAVk!41FmzJyJh_hbP9@p}Lz;Yy?)x5Mr26mSS)6d@}QqTQJDPV;s^t z{JHr#%)EwhG5s+R$Zy58xh`={-1v^BE0bWWL|d65)kmlL-zkxp_JeCSEj9ZO>)+&C z_&NN%Q|phJXDmOPMB6L6y&|je>f`z&BP0GO2H{MemL7e)b3=b)jBgR;%W3%B^NT*A zf5eN?QJT|`fqJ4=gGLtI3uzuuHFgpX`xbPr#yq z@PY`-d|itZj%;OvF`%Et$ff@DBR{JGCJDV-BWkjF#-nRi$4hf?dS&U z+J{gj)Z9VXM;_KxRiQ;T5&J=xhT}4xPFj;P-z|dSbfWIP-kOG&d%seJ+Z@ zmu-naBfdJ}!>4sE|1A`LH;6uGjeZd{f@D;MS+V#&v6SdJ(} zA&`9E*1!;=DOmFl2iR9xIk+Ql*;~?#p}O) z6-Xe2l;VQtdbWSDR~O+aF1mhB5*Ci14o}^Vj+5@<=DY}$JjVF`dP3?nqyBGL#PEhj zKi)WA#I@3#G%?SBtec_yjOp`Yzp$HX)KKTK_ic$x*Zh-J5W}WuxIuLoUsrSA*y10X z0zWe*?o%pFeuy*2ZR7pax zetoXw{px}GN4l0VGn0w9+ho+Jn@&mQz)x7ytQtTJ<(PzpUY-h4151(mcwqc=g|3 zB|~iA@`pVdS2%y#jTs$xSZBvlOfd}GOF$Cn5j)`vRex=^93M**2}T> z_=Az*R|Ko-A$7YC%A@Kt=gHeIEPK=Nolths)Kyh!QdK8|eIK!VjU;6P{hdR301Y>e zBmM{kz2JAZeLEW!=2+J~@%hF0Z}$neZ>+~R<*USmN;II?#b@*cO5v}~Zk0b?h_plu z37RbNMz<+v z7IdZSfXE}#uGJzS=Tq6pm891Z zGJ}b~h_4nY_L^eQF8O_q=v0eFE&JMY z{U6;Nu2o83=iM($tnQ<>EXMnFzdvN9XY(k%!Ft>7CKM5K?6Fm*BJ{PVUwxP#T5AMhI872*3%p3)>6>Pji#gYe8%~*at~5ZOv$^lk#0KVMRUvE%}nhOY^=K!eP=kG5EfXVtfzrHk06JnG2F zy2)^5usb2KX6?KIT-7y61!;A$-<903;9Y?n;am!>0%tyc-GP)v}r)K*nSEsLAf?V96 zQ@Ipe@9QA+mBNX%X$Hx(T#l$_OQ`iCN)tvl#iRYPh}MCLl<#bh3bxa8z7D`;<(m zQM#r})XdkaQ%J>!rhKLo!W+STsudqL{gIK2h8dz~IQ__3-$=8SRRg7a8MV#?c{Be9 z(mc24Y_Z;Yq_p2h9(~R_fi1eR!hl={9s<>xl_kb^=)(%)kNl;%%sbfREb_+)DglT0 z`n$jI%|G^($4IY>)Wh|tt|Q-E$eY%fnd)^Et_W+T6c`{(2dzI%LoC~dZ`kiQEutPCxuxmrVw<@bNWrm81Kxb57pi;fZ12GRdyl@XJOtg48N543rhE zU&M}&GzdN2X+pr^JUG>%DHydRf*8^{0S>NH3(c%G zccq8ZdKUpYW!3>8nH(>dkJ%j?#t$BRZ4D7wk@C0^aJ>LtlbM3~?C}{kp4=>K+3qeF zv!*k2P%xdik}Whw3wLh?B3$`2`L8IRW|)n*4?i{V`pN{7O&RsB3dTAR|VaC`iBT^MEiso>lWs-^^)~8ZJMrd$>ZwSAE991MOE1acu>&6Yf z-Jq&KvEOCO7}0Wqb!cICXE+7z`gA8#P3+kuH*=9(!^M{wXHs@Qhb@z0M(k}u>H;;P zoM4;4+e(n{}!rQ;+0 zR_~sZt%LH+@%SSy93VPlxCzRD$_@r4xvt9wKJ8TQ6!Uw`9EhW7%%V0rHQG&wTLZOowMZ)dod6_z zg)!0K6UmBPOMXN-94dT4XpQO8?=n+6>W#`0It9l-?P_e zb$8Zv8v6yXvJoOeT#0E^>mT$-!c0A@@y=Qr?&i$&k$=}%FU*Mo@ z%AfXb-ja)qfitsvZVST+HUuKLHddKXU0}SKg&h8l`xTtHMsWTf!A|*yN&>(OrPGJarRbMGJfwpxj5TBc1-DpXiVd z@;hqCn!`SoO6x~UM%cs65Mas*CqrCmsaxcO?zyN1hOk)&E5GN^(&*GwR(B~$RCH52oSxpy>RH>R~n^`W%Ly&HGyyrD!cWJH#;-a6`+W0b`N$gvd{lR zg8wUZDrVd0mwu@Buj}o=?P|%)@9wW*qwzGgWHB?W{fPXjn&yV(C;dS;Jj7up;ok@5 z=emWj3HR@=$MxSaK0P{mZL1*FsD;rT1Jd2bV{X26z)W@huGX(HeKyFIdxY#+AORT& zXYquV=#Xn9FZWwsjL-srNx$5V&(hh_daaCOa@p&WF(&dFq;z}@ESj4C2wI}qNJBk+ z2c^9uky@>jC}BEpofHq8d4}OW=WR4IquE7Mxme5LdZ!BiA=#s9I`4|4Pp&aLSV~}C zl^CmUnb)7!4w)e>)gT$9c&|_{-jP#(%)Zq-`Qf~U*?_^6>ighU;Puq3a?04z_dJ6! ziBC&ImSYy)egWcajwP=@=r4x8e>fU7xU;6emi|if0mkrPD8(nQR&I-shSgTxuoJY5 z&|T`(SP3GL_5o(%|0$^>VH;(5%n{Hu-CpKO!^`{SF{IwIsaNUN6T=N0Oe#=R&zr~) zDgL*F=fJ(YYrzHqR_mV{J)zPgk9e*EBk-%v(CRMy3-Kb}UqGqxsYGTwubjI~qv-HU zZt006&Sdizy%0wtj~nBLums)kPAkfHTb zlR>l_#9LMv#1Ts?3FL3`t8<+iV>ThQWNO7=zY~q+uzi@trq`Rd2!PXhy_-D=@O^8;!y8 zcUxB(gRz@jMiDyFP~?XwgCe*Cd}#F-w6xtle0?53oq-96T~@eSa*AT%Q36 zzzft~4+K*NZE3;=4YkNFM2gi*#MtA;QG1v98{KV_h(f#k7J-W*>u^t3mhJGeX6$}B zXJgD^^(CtE^&W+ap*#t~3jTqyaX)J7^`%GBM8}|qeub9JeyDJ(>j=8(mBaBuLuG5E zDYyRoFl90Tz#{F@s#*u1Pb_~J_$Y_YUC7_x6ayF>T%Z4gGi`9$_>7NjOw-54rw5c( z18*Jvz?2D0rHPx?>AtTat|0+OAeNg*haIXiD}dWkzrOo~A?^IUR$96O6&??W|H_8M zC+*w9>2h@Ji-_D!VGoNk0dWLzfa8Pzl-$qPr|rjmEL=OklbE}BUtu#f6>SZQ-$dnUr4$2 zbHYV4)`J1@w;tT7uvoCST@jfzU-NU36fCV2C-N{%iOx7Q)QC{{*bA2%x5?U_%t<;@ zE`(l|zHsxicq=JJ$q@(8WFruYbsqVPr=t;}B(DV9lyKw*3zmSs!UOP^btMmT8DGLt z<=+<90XD=>k?}9QOUjq%*DS&em$OS@W`bjAehTGtiU&RtT2&|gxrAYZi z0lU16J+(rYrk2m*x&0>*(@}(54CRtzsRb=SgSkiq4!ZQE)-95X!agm9w*)B_|B@rI zfi2a;9Vv%NyW40U|Ku7g_m1>=NY1D%C4b4zhGrDeoZ}Pw#4>bj#cRxEf6OYDa4dfj zgrHppm+DIKFr^tPz}deS)c@}|fIs|OzZk4mVF<5txqV}anrWE6d^RLn;~pjt!LG6M zH$Wo89cC2A^>Tm`X?c%kXwJLQ&#bzqYURC)#GA&@Mm_bfZJyvsiT29xNa-sc%r9X) zj;pPM+9;NHwO>nwe=bf5{c$odfYT>!*i+MqQaR9=5ih`$5`$t=y!?Q|OhDcKCO=R; z)w1$lr~;RuL3KT#^T{9bjecqhL1qE;!OQKh4viQ{$>^U0-s&n<(%@C_r6&GrSop`Rb&T2eA}T~d-Pbv-x^7mj!i;^+5qlH z&b2ci!d@@anKlMh5j9xn%}I$Qc{|9jtDuk9-sqMXy(_y8*VQs#VQc&^GO%!~2lhhybDstra}Fjx6(J%1y&K&=M*%@*>SqJhzztENPA?+*A9V zi6FkKMPjI5Ixza==i5$Rh00f^QjNR3eFSrwqkAAq>FkEcY}#Re@cg~~UHk7eUgnlj ztrYbK*xVH4x@BYW1Gq7m@*wv1#H6#eGYg8}@9xNM6WTKjDlAE4+p9Ixd0*o&`aO>v zn$KCdS=Hy~IKfobPsb;t9uA+m>3?1Xs9jzOLJOAd+Ija+?H!eh<-F{lUO8&wEUY@N zO%B6xI@-?t1mSL$v1g4-X$hU|kpDb))9~{*O=FAr{-s-0Klr;<3u?G(0APGE4735K zjV{WdeH@J-`>ocrHm?YFkJ#;J133}=e{8=#m3x{~dySz_EvS^-Q$q`u*_@^Z<)s^; zI&7|T#-`j2uv;O9110AvYjT*Vjy|Cz)}@Sss89hb#Rfv;7?*dJO^H*Jo>I}#-5h0i zm{!KWfRCy)XOT&Z8qbbAUwW=OBy7sH)`hgf9n}OMs&Wkd=K0GLwsv_#A6bglG;fU? z>;MFT%I;WX4rxWwDh)Z?l#fpivHcn-8^+n zGK&t4X3zNsa_-<&QdVZq)&_ngE1JT?0-%Y4^{*094 z5;|Wsz_ZBn=;o`R1rjB0s5c21^cjwPtfT_O4v2c9cM#0D%K4)^=YGiYO6j)#*C)Ut ziZXWHIrD1XT9B1;$vWfyx-ldOZm1F=qJT!F5q)c=-1C-kUmADf?^}Q+hCy2Kr!}>y zqX-N!NQV$|zr#PD7TlAnBhgfPFp^;0xFv{;g=XvJ(fp!Aq^0;ww8eh)y?Sw=2kl+u zV3WS%gM^6?7;CHj{iJ&n3wm@^a$cVL6X7t%9jM>uyonzW$LM4Ofu1tVhmP)oXy;H{ z=5)@WimE-x6$F)@f;yvQp(8TKdKXMH5VIXNT#YkyvNX?Irl z$z}U#r6%+KX1kq9xTEn^y;=lV*fEvf$DbpXKZlDBlo$TkVB{O>QS4puyKC2nEh9?- zQztfS_e3NbI1WeT#j!RsWM}N$WP{2bmy92jPmZ#&4aC%!7oi4+4c+Gjid1}G-h#u- zI+$8d?to4U)kAeDpT(}R;{-6Y$@o1&0lYzXdghAcUlQs6Zra%=vKN2Z^IJAg628xV ztwPvh$xQK~ zgk(IYdbcTq*sy^9M!QZOLr%bJ^y$vgqLblH6f1Znbt+u5 zV|BF%Er4p|6%dI2IeXf0Pk=S3CTT*#vS9Ppy`lsv$AG3wi&xmN?z!&gHvFws$BvuA z1Teyfo6nbU{B&mK^ZM7TS{q+{T^DMCJ4in*Uf?a_7NF%O)8~=}LGI zJNlN8iKhys9d!wJcf~BJ(6IN?YKW`#N?;s1<_|wpk0-E^-#xQ!#aw#N!%#@@Ay++7 zs2HcdFV{!-O2dCTL`gS)U=#eN$IS$!i28R|n$4<&^FLD_F`KqMz}wZ~{iwU^Z#J2n zM z+1!gw+YY?{OoL3{zg%Mj#w7aeR}>Cn10d@YrCyZ^1xFvJ^|YR$%OA@LivApBveBbD z>Q?m&;3>xtx1P|^L$s!g|5WTdD46gTLgr3~Z7tO*{?)e$Ncv^t!??zv8WR0F7F}qny`hzso=Gu=krg0Qj7SRC~d2mR+>krwPLp_6%o8wqC?b4zCy`dkb21} zyJ)Ij@Y-*u?OwRXr>GzlDwaOYdM*0%!R+vg!3k;B?_miiFCU+)^flsnLe(k0SHj?A zbzuQ|Ibv*Ay5%!exO@2{v}MJT4oc9XSAj;4|N5=!ir-=_BcFGT2o%vN5Wmvlf9qWR zv$#f2=SVy&zp$3-PX@i*&@XVT*uVFAp2k<_hYv%8T4x92UYOsG#Wgw7mRE$tQ$V2H z`K^kpc#QCQKUQhhoJwRpPUb%cdUg6D50j{P$ohVxV$bm}pS7+0Cn1KvY0FWb z#eY4uF={PzH~oUvWT$h(q&hE>2o<9puH#d-u&zJUvi#g`MY%Tx98+^WtRs3Xw0?P| zH74&Wi3uZU!E(x>Y&h3qRMn8=VVTEIm-z^de}W6@r|HyVSp{#At6xUEKiUNLqzMV0No!8*T<7r`Z|&><{Yd(E;}|5%To)A1dDo{n+; zbDBrCfQ8@>q?UtkMs5=`I|yPZ2h}VpQq0{A&j?>kR4mKiU`ZCZw|Ni5M!-U;+x=Rf zq5tLO3LXz_e+Awdf}%3Jpy=IKIhaSN z52o;2u6%LO?h6shCAR7@F$a@&>Z|!4I?`Xm2K_>IQsSy0FY(U1@^9gRPgtzS4W&Dl zKl%p!fJ_s0+!j~+MmKS&WH%r#PJu07apB2qnm|?Ookwi>RF^(8j7}vpln^^IAcU_tk+Rbj=1kd0d-S`!*D%566++pV~$aH(RGun$WH~ z35&IjQ7YwW^^3e*xThs7A-vR0g7})KXBDVjor?qrAU2-;0=S73k|~{{tigp&GpL zAWnbD=-IsO?Fo2R{PwgQah5K~RZPEsVa8R|=?eVQpQ*Mmhpx#PsPhE^5T+H z2kPn&&A&#YX1&UGWEg>^NX$xhubk^NB4yuYopV-goC+TKK);w2cVSuE4c=pCdt=R^ z$NQpy!;ru5YuAm>Y{OssaJ~gp8s(ljKL>WdxF|doqPp-&W?46oeq2gN?$s(d%ZcP+ zvl*nR8|3a788IJzv~^3=DQP4sNnbHXH&ZY;A}!@z&AxTAnVsDGn#m!bP_DL3y*1~^ zeGGks+A&8DoBo6!i8tlqoqg7^(T@y3P=Tvh$D-zKa*SE-xYGWqpdN#aNsu6QEyQH*u{G4Q~tKA7(5WF#UaH&!DHL=kD!I zJ6>kba}OccY=G}VDX;k7Z0i}1ms@3IP=nSdHaA&A#i<|gOMYX5izOg0>p0a___wG+0u0ZBJnwFd{QtWWc6i4D&|gDVhM zzVb9!afYWf@gkSGZvE^&9jZ$LM+v@p9cimh{lK~&Ksnj=xCgm`PIn1vqL=c!egu4- z%<&P_S(_j582kqKin0mh(uonFeZc0+^*$Cd72aX`th$xP*-F6X`cu3{ zW~_50e*}ZKf|NKo?&)5#!nlx44F!9=NdErYf^KsQx=ADQud z+$7u-N{7isH$NXhe=;-s7G&kudRA(A!#SSqEfA!VS81!CgJ(vG50Xb5Vexk zjEblA{%It4cY+2_kx$v)=ixo8y!z6KKIlLTv0k`A#I>A1GRYdCSuq?ZhW*A zQYT1Aa zSqxLJ7=$MK6bAp_0ONbQv6q{?_}8n|uN`YDC9+19=j3AFscNeLBrgon(h_^_23v!f z(TC}7P|?RjxG8&;ZXGJsK1scd7{V2skW{kzq{m}4pPE<%1k6pPz&$MnoDg#G zXz#THY8z6p3W*i;EhZm)uUzjeT~rOQ+#$&i6`UGV7ldZe_QP9XbR(4@4?y7COil(29? zuZp>Z2*wBK(Iq#%shxuH2sk(nQ`5kM$hcsj#vp>kF#c&%B3{Tc5ziq&d@Y8YhL+_H zPYob#kufm9fdqQ+0H0ActP+5v_$hdV9h)?NKzpfSagQy#YlAXiQK!1ay6XQv0xl@z zkXQd#f&YP<@q)wK5r`07Il z)x{9oAizK?6ZDJvu81MHKiqm$Y3j$pKG*5_&$nj&Vn){#s(egA>aKit@~YBld#jdw zhBg{08VL$D5-ay7Z7AubR?;3a2o4?gGWVi#yp-94WyM1=&?RyVgI43MqIGTTC?g1$ zn{O({IB0v)u0M2_N0Tx;sM1QdnsGtNKFY@5D@xV6!tSsXz=9HxM9!cC#Eam0&jrdv z|Be2s%!6By(PQLmu4-dcI4k*RhJt~yk%}czmR6kvA(!C16sd6>!4V6%EK~S+SvkBnCZ?`u8bb$Qx>{+)XHoX^K=Oyt^J(p%G*xK;QdM?de)k(N-5?ij( z>(<8?ip#v=YKND9St3{Z{dLd8*d>ec7qobfJb<|=oN>)hA_5z%%<-d&wK#((YhQe@ zePMiQKKi-kR%>Mb`VBe`!gBS6VkhuIBmiZSG#I?g95@uP{cmZbgFEe_p{AC9)KG2u zOZ6M>?eX)GyP#5im<+kvSsr(kd1>#?c?xIhYVT$g{2DBqu~T3 zf1(1$(hBv1J_J)7+GTl-%uAX&f^AFuSa9n7f*6 zy=zYfC{^7VMHHZ0?=f@O4OUsay^;JxfeuDWzW=f5I zg&?qW_PpVFQw@TlX$x;z7Qks6ubgLUz6DA7&Fb-}dpb26Nzl?|Zh8WKp1ZDkq>S^C zt0N4iG4JAV>wW*hD-MvIzT?D19qQ;53BIOMM($asy{f_`=+TnyCEqXI@C+QJHA=xp zAue}`N`#M}5c!AC2Ya^abh7ngKmrr>s%{rS=koPbX8EOuE^KhYRL75@UP7+)TZt^7 zhqrsXQ;OlPXtS&9J@ud?8p}ix!F~WAvNQl7-ZMLr0~>#Jb=IC=sRF8xd>=>mUB8XS z$nhacI!jw{xEH!IMA+-z=ArDM9A(%(Ak%eFWvHDy*jvxQb0p`m^O{{6wahfiy{9a{ zl68%-lhL5|?OfCAam5Fy%d2HZYDs+yo)!8LTPS&zno zau`LcdHA}C^oG^FW~Ci^X7Q|?%jn9i>&p6VRM9S0<0T`jr{pc?!i9w%03_qwtLgx? zH2?EpY+rEq7fRxm@W!YoeYyRCOUX`=z-*-C@G^m*->CkG;M#Nq%3Vn$m&|4e(gi6< zEg?k9eEKg5wA8v)3>=uYhKztYDd?@4R z&!6*XLTS%0P#e=4_5Psbs>q^_0zoc@jjZ^L$5AWwFDILKDdOVdzwKrwTmt`?{gwjrWE?bz6%U+IADB}PV|evNTL-tNQ*u-o zz=wM)jq^bQgM`|{UEE%_Cig$S^3$35+~?DR9xz`XXaKNr$h+EtTgnAw&i?q2?Nhjk5%OC1}K zBq{ezcIdwuSJl)FjMep;+k^bFwf^x=cS97fnx>h(mVKc(xW23ZU#gSyg6dR6z``6Y z?%x!u@G?VBgbdw-D`vn`92S&OLY?uL*rec=uiAze%M`o@Uu_WH*6<|q zd{1n|yMPcqhp!J+XAG`a0>{i2DkS;%U6!m_9^yHZD$nf`fAMU2IE+Q^#wZkGG0f6K zxUCe_Ob+cO{q*A59HK+H9w4rHqgGpNT}%7UlR$Q2kR0+9mP5<(7s@6FJ~zv2FX=BN zD&ZjRR?Jpgl~Nd<=E|8ib<}t3aD%~A+c6vOr{AXILyEYJlDVws=7Sk-;30all6qyIZ7fSXotaiHx(#lPSI9MTi;LiS70)5L(=F$K^!FZNr7`vXF%yIct!n6a`_~ zmxTWGw1-9KJN*;4ylkWJ8j=3Q0GW(CA9je}k<3~&X5m90LvI+m9T>cUEP5Tx4*qi?SWGU`?N@*8;=`yRI{gR)V_zO4L_JEjp8u4}{@Dp2%%u}8%KxJmAcMKZ)Qx&ArSs9RhL&Me zy)~7(9-i+2%*9UFW>CYZ;e?I~MJ_dp-0E#0%jH1|Ny~rTQ982J)?bWlJty=VzSKm2 zO@E@pti^DG0cL_mr|~+_acSziY{)s;1Sq_=swmS%^-ybvy&Yka{5wgEaX|hJaEycU zJjbZ>$B-ypX}(j96-r--GhdQ>%K1!OPF_TwnXDhr^VN%JK5=?uc)gv}6dv@~WTJE9 zcHqC=U2ogAYelVFA+qLgC4BU&~w=_ZO%%cI&EU+01c3mAjEvqhP z{3H^QWPJ`*@iO5n?atVw+>tVTM6>Vj{7vG4&~W4hku92|`QL)980d@V8$b!^;}i1~ z>xpYUw;tAsnZfxNMPr{ocWKOvAG8tF>+dx8ycvI4gSl>Y(TpN8T6Ll(_-UVx0fJ)l zN-Dlfb6I$l1OKGVK@-U z^o)W3qjkT0Gt)?r&U{#{RKuat0l6X~3nN}%M)xh>qtw#K+QOHd=Da$9NTMb5>eqh| z%lW(d#JctK#kbe8bT{%a0veChb9w_5nWSp|FsG>HAl|@Ep3-T$95@W0G2u_+-W}01 z>EMs=rF)V5^}5>JHKVcM-vJP?C`yC0)l;(5SSh-$PTaeFR~a~QfY2gZOmN4MSSRH9Trc3^e$wiym#IcT#}VMX(usQ_^vPp?(lT(e2HA#=lYd+U{m{7d1+ zO~??mDzJeuUP`tov0f(`v8=+sW{IhxoLuhKJYbCHV=~hg zdEfjU$N(!pt3~9BAFcX}_Z=3a`kY-jF{;PK6x+4t=6vkQ zx;r~K;|ih(m5H%v)Gr4R8TTGSt91fA;m*@g_xZJ4GiDJbZUB?owCjCEOPfxSg z12)tZTl+m(Y;HaKH6f2-sA9B%2_&do?^_Mq&Xf*JkaUdM=vt|N5*ezu6r-bRWgaPt z;c<%Nb&UQn;WEMu1l*&Lzffs?YTCy z|1-NrZuD+&lc{W;>^uR}r+(2w;NV_UnnKN`;3coVPAo$W#V3~Om)}e!eJP5EU&T)( zM|>`*2;mM6ckfsFKrgtI)T+n!FkX4QzB0Ad$hB=NE0RVTzA4PKav2b^=dTX58Iyxtg|37Gm{P`GBTQ=V~h>vp3?3mIn4s3nR>UWF0)B($!H^gVcU4$$hjtd?J5|P z4YV6E0%~@{Q5DHw3QbvU&YoF1S;M)kk{zE-JFQarO?(`F{j0e|Q;31P=!}4=#Z6xU zjG&#mt{mpCe?Ji3txh^Nq#>a$y7z#`P`0@lJb=!W7>Ylm&Vq3NyM3zDpvN_S{TEw-JNk~aYNJ%HEH{@J*2x#)ar?e>tjIx2VWHnnCIR6h z&GGr4?!vjsYTA6T@%Bg=eoP(z|f7lHG3*XIyB`k$3rsh+< z*RkygHfP%1iMk$53S;o0a^w)K%Cb+dRpYUP-w~0LP~j4dQe>7ODtcxZ!l+>~k9cxx zD^HE`qdKs8I}#8VC0pBZ(GnqT?49i(sh(85qM^q7Z&U`0niH&6b5Cvwhjh0(2%# z)=CPS&7Nh;S`u|`--S$<<69u3jKfqjW&3@mQPuFw;MbwbDFYa&D!VcRTC2;hKh{1w z96OV;D2=Pc9&J;0a*1#8ZPqSr2bU0ogC1(g?|I)z1ctnsLgGF;NBY-+o@AfepM0Hv z<|_Z39YxknTL1lzd`YF%YSg~sS_c|1Vr!)AJ(sM{(Y=Eq;w-Gl&Zt)*H9gf;r=@1k z+4OBGH*CU-5sGhiwdN!1basjzQa~TB}bmQOZMU zkC9GR)bOSe6^uGfrp5dZysl}F@pAA+lKq1sULiF?QK z%TYJan~&y>FHnt9O<+HFb|{3wwP>zTv3mTf!SYOqZxA^|KyB#7o-cvcVO!Kov16F# zBWFxSkeghc!R<}l9<+o%&r%R*^vM!y^h#4`CK9UGeHLnwDT;v@X5;uCls4D0f~{#{_a?6>z+z3inm_(cUZrEVI~JWfH^*LKC2uoGx6!)Y^w1L%;Mdq8KQrv-E(aZ+zx zw2pDXo^BhG#A)7Raj?=)e;=1zbo71zhfL(uXRE?`AN;4CDYC1eHXQ_?9YX-yY8f zUy&e5X82$>gO5KvgGeplN~2hYER>MDW9EUg!bw(0NW#Qj3uXd}+2FC3Kyw|zfEU_AZ?u+=5Y=PSD}f{&?gf+k6iebHqI!EkzQ1u2?H zO7L_lX$Z;jV0S`UP;;o#p#B!=a8F80jdF_>ZKDn76VSi=aw;tszfLgI%L^HyRvBh_ zCC%MLULx9znrV%U)ROj{lFX1qxX~$YZ2IS*yMXKwjPe0KlOB6AtJ3jfNgG_k^xkX2 zYrtM^@;g)7aE>$hHJ0$wn&9jGfNd>|TVhE5knjR+;H76+P(gh$vPhU+U$QKd@tZ2b zS&w}c7uLQ|+56CXPj!76P`Qnq%K&TK=MhiXhe{u|P3KvS-=h{$yZHs;Zhlo_OF^ws z9Y&iyv?Prq&76thXR~67QtOSaIqxQ;pnUDJPF?7xF`5*>CiJTmOREpQqOli`s zVy9DEDrMYYg!`Z_H5dEz;_##4_tH`yboQ<*LA{t@A#y`rqb*RJl9z!x>tf(ZhVW&y;~f9zB}ld;h1o$PDD0I{Xk! zk>)iiLdv0BQ-H2A>vfj|{4xLVc*UZljDl=VW%Gb#$MW`xk)53oio;Oub2*X7?V8d| zucBEJNmljJ|6c>Lxdy&D61{+qPD^EXkFZL=&e3DC$r`{V8p}}Vf9gWfj-xgoHULTv z)+nYEdD2B`G4N^#ymxR})(mKA4jobjNs_gYEOxxD!5935X-yL6k0B~Imez{GTA3W7 z;-i~t<)gB2#THt`me2Ao50}3B>4lUp@5SpZ$?uXuBJOFCN`{f4{t)cWl5is(?mu)n$ z_zfbRbh%C6CmS-Zkh}BvKFg=01Sb=IwT)MDQDSD$3D09r^c}*cR=VU{@ z5H1KRw}1_6`iMyS3B9vuO3{Q#jL~eC8tV3k!&F#?jqV)mz~iQv_VoiqL6;U#OII$} zvR;Y5C$(psqPci5mjm1rAT=i*r=iBn+K8y}8r1!KPuj!T5HqZSE9-$R}4oI=P}hOX$$JYBBpehev&r#<1iLGg4fw zUdgX&gaM3HZJ69++VW95o^a2W`#++<3$eQqU4-Ql?`+Hq<(uQ1zcvC|H_|3=fwoAB zS}96pUCP}3tUF@1Yn?W|Cd-0o3mGfbh*ADHmv`;>%Yt&w_6KoxuYGFGmlg(2U6%`X;e4-Pu zq_4O{%E8h3K<~_hF6D16ZU@Ebpg0*RXzd8V>E{5!buAG-Ymt6-SIpkA7SjjYpcX|g znOwi3UQ<{|1#1lCL^0B3g!!WhTm#i;2mlrJe%6f}PiOFgTyZ%FG2J|?3T6SP|8kiw zMDJ%DOyX{O5{!id=Dq~o8y&1Q3xXcw-tX8qd?ve@+Fx>wEj=33e~WPTl>695Ls95P z%`#2-Ji8wI$sKMse)kA|0~CZ z=WEH5oy;(@gja&;CY1hS=XLj;H)PWy@B1g=kmX2G77N|@(1%GM1XWn`c=}%}y^2j8 z_IE>tf`c_PY?bb6KXH8~`mar!2LDUg=_Da6oXl@k(8T?HZl;vnOm25_V#~_PO7k{Q zqryhg=?eeOShJ=%BI+2=Q7{M0MlejR@V62*S~FQ@EIHxv8IxHZPLZ^Y2^NENejk+m(wyOnJ!r z56n}FycR!M` zlYr#ZOG&tx zLf^D)z+J=ZE_Ce|ImF0d#IkBu5VRb%{_Aj%s2*jpC2lDJ zpUl|rUTc?!Lqc)a{3$o+H2+7Rboq{hc^JVXbv`CG?GdTS_|R{59wnfcCaXJKSB%S% z!QUb2C*5sI^?*GEUImkOf4A}^r8xx`wq!`7FDyn+y5V+$vPkg9tcW-QGDRMLG?>Ti zwlIN`Clkyx-nhrJQae-_&?FxQ&Wp~#3yK(ISaKN0kB6wlSS}?TPh$TK6+a==kZF7H znAnspt)8`svfZ7A~>`bjSM@DPB0S|ZlaqN_l*%|qkjMca#yP*Y3n{(MH} z`a7CdI)?8$^=QQMos8?Y!9AjXt`3{INKgK- zox#x*e0}&ve^^_N$t5yg_l^Wa;Xc3MmE4wLc^Zh|4eDnD9x7H`VhpD;S44hym)=?n zRxtfLVUKy_dXAjv2BG`9vXj}1haIeQqEo&}D&H*z-*BzM&%~r;4zy?@E@xb9X9fQU zy`yqwEKTm@-gAY_Rd!5wRA1ak#eQY~)>#gH(vA1A>`aY*cNcdx$cF+7ykXz1OU&*9 z+n45pc6Q)e3Usj$cJv#G{Gb%B-I?Iaa-o^e@9!wixc0qY#s$UeN-8$audc41QMn=6hKU5o$_t{ zA^(+bTl3rp$6b6RBS^}FMFlAlTayU`UYP4{X9Z6^sa6ID2B3U0Ww0A`u>8Ftl?)Ts z<4YTLmPg-+-YX}5_4g=^WU}e{ug003ilyORMkH%MU{_Y1GFuJXne^F%lH=ih;RLOw zq-%nJOmZ;#VVY-rkQa-I`}LU?&cm6tM4yTeL03`utE@Y?PqyJ4x z?~V8nmg?k!5syt(nfqZoja>EMp7?5bO`+LCoU$sk5 zz%E{}N#d3;Bh<@rYL2nyJiR$jucTmD;X?c$CP>MtZoB;%(i(6@q87nJ2y%uxrp9tI zDFq~RlXM4w)dWh^F_(1E3qUqW$=)!=k}1ak70GFm_w+vVoX5YXL~WMXM(-CcxL9Fd#-DU_yytNqkff2v7-^6tp*Dl3Kr<) zc^#I1VWoLC=u|HY8PVl<1fX+~9M?yo9IcQ~xLl&`<>BFk#qEd=V)p*oaC{Fok0kE> zQal^~8@n7sRSqGmz`?NqCkpyC%;-S*6EG_hyXLg=a7~`SsglkxFI6~yz5`5%N}||A5>HC z!WDBigzU_zQYj6yEN+t<$}0ik+++4p1sddmrdtZLuHG-S`o}!J8@s8LliX^zJ$t~{ z)a|p#ldHUc0yK#pN>!m?k^wBZMe7b=lAIS@O+mixrAait7u8ADlG zI(}(3Sx-K)Qqn;bL>P6C*S{cZU$CxL#-*UPy+gL>E?2%yLvY!~^NDkx(r$H`5|xbr z?|Ed%vm~+`RHnOSCk1)Y^ngVEVexsTt9BzFj-$6Hf|=WICaikI947gbbyKFqrHdWV zQ|4l=_~DZC5+K1!X&qlr=?-4PTw}}6_)OxaN&;)*WuomTh?8_62lg^vFG3TGXP`I2 z3xCj~gWSFdlue4cI}RH&~pe1EGksXbOdEhlCS23JpAT?@hEd4M-tbh(4`IK?r6d~=zO{8Sm z2-Nw?Kb5w{c+_*Ips^f;0(M<{Yp{Ux!_Bqvk2f)O&)Oa>JE)a6eldO4?G5}kbt{Gi z11i4BIxZ3KPbt4`@z`!>fnmmapCSw4bSF*`X3G~0*1wj!wlF68sM4kwBs4~67Qw)F znFzPx6H9*`uB}L)<00szh6IH7%fs;A95&y)IkkDz0DLnZGRBdhqTE}mEH3ADE=784 zagxoz6Xi}lwmvV8Wwt8iJfqvm`w+FHWeuH3H_O<90JxQ^I~B#txWq2~ZxvhEzG-Y! zE$03{Ul_d?cn^w?g1=_=X8YnB9r9%AMTN)H6(b)XacARPhUL4bF)I zpP6y~#GJ+fSgcYLr$=ut8dpBk+?SY>cCNG&U;l#7VT?$`JuSkmG6z$P$CmQadFLK> z_D?fHw{L8I)5GID>iFcRi~oQ*y^UUBdMdhW6muQvpk`*DprQ6n4(<|@?lW)ww5V>J z*7?|B3UYD;3XVl!UkQcHV1nN{*eML3$-mBVAPqsv<`%OrTHZ6r<`~P~RVm`-_*C61 zP>&#cjw^<#NpRrIH;IEq^-n*On#w4YeBVmHqp3Zs?!xiMg%U~uo~aUp$TAW4pu=lv zbG!{C*x{{|&v+WrvZ~qPguncjoFu+|OVX+Ctz^Q{LP$OLrWNJqzU2{XeAFd$s8oTe zYi9by%xh7f=a8X22Yg2Q!+oI%4?e2L5|N}4iF$Wp$V4?S?nB$E2{Ryyp`WFMeW0|_Ru6@y01TSwO_Z5AN%R}wGi%eS@nTyqRR{HsafrbZkLSE|ox*~h*niYp`e zsjpw&g!3(FSA^bLTTIVU{K-zauC;WOiI#1%igD)We*IpPgB~Tg!@hLh9R#w_z_-<`kVL)N@%;mBP{YmPvUtN|?`3YzN7dQc=|ukrs`Ct6{?--AS5U2?n-EJB*>@B*Q?$BG;0QwY9)~>zRthxqp2{7k80hQjl=&o zP?1U*VW0pvG2Gpx@bAD;Zal^j^PD8|wyrOR8Q(Yz=%5JHTU37R(+jOWZJ`k7G5nnN zq{0kOx%72-d%b(pTa`9w$CIv;$i(}(vyjPnPwyWr*Tx*mOa1H)UyA%RonGO!CpSq` z`9jUk03!Jw*ce2v&D^^<_0v!diX1Fz*(YhYA|%fj*h? z3m2-IK~dyieG3kg$8xBRCCkSE$X)u$HG@Tv;}zlTPdKb}_H(A<$TD0o8d(PuH{ zw!>sTQUjV4#KB9FcX1t_RDoStu6ARWzMHm(GnE{NEH4$wEL@0zJo#S!xr&5Sh;KE&bAmyR@#*4_1}n2Xph&l1UcH^HUc3j(n1||aQBN` zj>nfCCBsh>0)v(GYL;a|UTv($6&&N%-DBDg3@@Xik&(9QxXuqeU{D)1Bjztu;BU9Y+?z z6{oq$F^X@N=KSMO)cu>cFRjIM2>w3TITKq)nUR!eYeZk0^Oyvb>9A#~xe=>9%i(CG zFfmUVOv229hEGHaMcy?i8`cz3*)lrw_S5yXWJaQqfdvr&r$>`6=UPsMgdV88vXfTK zoC?{E1BDh;_~b7tZg7}Gq8>ACj&)7?*ii11azJefKbN6%=G?m!g@TQ+8z-^nDxk;~ zZfCdW^2|rd5ddG6(MqdHdx4#f)j_W7K*p_wxE*7_5PrmlY#y_##3Z{ub)kf|G4{9V z#GTCFFxHE-Tg^vS46L>*VB`Yf(J&;>qD&+{C#G=iH1o!4rt7B@U#q8n(@uy*9H|e% z-=sdpthhHvX{6ET7t?RON+}8?`MA+uCUCdSmZ``$zV8KeCQL9fkuIih$KX z{AJJgM${h|fZV#vb0PtHn1?7zMK=a@@|E2=d59&K-RJ!q#$>yu#5V=pj0PRks&pj; zi-z0O-}i>nGAHV6B(&Bl3fx9s7yl0M_5FCoGMxNlr!;tvS+Ce`$8nO?*c#qIHEO+l zl2oFL>|w-FXW{t$8BvaaO-sRC&ZuG7IUtQ%ig3?+K`FD?z$l(rT8ncxiA+k^4@28D z(TB^F6-n_BGBy8B1C}NI>fi}`Q#c(T-8e4EB>Llw#d+qDdX6$y*x@3+*(@8vp$$yq z@#O-&)0MwxvAHgEiqZN+b!kLhD2j02WW!kXl1Zh z&Wq@V{zbnT4aB>(r zT6g>C7nBm(zkTXOp|9T&&peoU;aHqzO>a;mB_StwYJ_s?NLFEpEKx(QOWI3ien#7( zG`l)kq;;jg?Z8~6|3%f*BO-MSrOoiaJ7@l2M%`2Yc~A4^>k4CPKla=EmWRP=M>aYl zIn4~iUy+hA4B1NVV)RV*kX3JPE>zmx{1=zz3kHV({@@hUvSy)mG=WvCXCq4~k-=_< zRJP&@`mU60%(gm^>!AiKs5(Y45_2~js0Dc;AMh$CsSl6Tmjf&%H4_*P%(nofVN~^R zI>EXSdFKj768;H9yu3O%LKbGb&DQ`yVB&r)j}iYaT;bEa`bJO@eqs6-kkK;@H$Czu zpP4iF8+&nt9mNt};(-p;by`0kL^1SX$`bpUCjzsKHOg)kxbXpb{W@cj`tQj_RSD2s zn@xw0GT#LZ+O+XBIU8-O;P@Y(7MwlTCHP+U{E$CRyrYxvxTyJsot0T|hRwAjy|1jB zN#RDae+7yWeLU}PrG6rby;|?!(J78x)j*bo!@M0XOwKJqHaNQguLdvRs4oL&diviT`y;xcK*#TrPv z!>fwU_c*R8{wEGK(ND@vrSG6@Q(n=ndq`;ELH+k!d0B6O`9(ptz7EP!&mO@{V$OAL z_gjdYW*+ohxRi0u%L=RJ4YrixG>8b9!F;Ill z6C|zgSLCq~A4s6N3heF-6Kd;O7BEhfWH}stL;t?CTtAm2aHzCSS!ryB()qDjW~p$| zFzvWoxFu$fAZ)-%b#Rn*jqwk@F>TFdbRk(RL6yTo)`gSP&KCi7#DEr*O1XnJe|h;@ z8`rE2s|9%m)D^8g7MYrRK`LVTF~``_J9Wgfvg@s7$8;7y8+16aWFCUgYlTYj>MLOO zm&oLuIn;xEEnp3NG z4DV_EoL$V2xKtV!iLtiOzW9zr1`u%l0oZ>(_-!TJoUzN$Qk z&%@0+vproBV}YWvVoFa z{PdF|m#|+f5sia&A4WFPSbQw(Tjow$=ZC{q>>Wu1pYAmdDqhVlEJ=-0ZUlZHTfbQD zTZ0x2TPS6uVyKt_+?@ogPwnqeZSxJ*u1>}=lz%@dBzq20r0;3AiO){#|8h6_j!+r% z&4h#sF#`qV!tUKe6LD%i?2ZNu`GH)l^#QTpX;XqjuXn0&PX~{0rNev2>zEUsTsLEh zEU%qKpXMpT-w#gqlG=(UK46++^r(G<2{hjhVdqVeZ>$j3aU2Lnz1VHrRY$tXpPy8w zLJ^(e#@kns+r908B!<0ngs2JP=quT)Ndk^E>W--q(hGtcm3~5BPPTbukN468Z%JPT+6Ayu?K(S^7@#5LNC5&N0JY`obgbdP zdhw*VEZTOg$n^U0;9?W8=ew%kdR9QjH9%F`Y1qtLrbg8F`{r;P}$ z4 zsWf}eG4XF_0hn1PaZd}bHScyh_jf97uE9dua_~K5PP(HwsA8|EGW4RsA87S1`zQ~`aWMI3wC7uD7fzkV$uRx+~@);+w5i9}o z_GUgQ^)o=W3fIM>N}?q{i+Tw&1JH~Y>b+OO<`j^n;v^<=Wa{CKt(u8Uoxmtu}9@68Ft&5VzaZ@sVr`V_@FMr~^W9}<;uLb zIOCJQ((i$N0}5*=QF>{n*xM5Dc81nO1+^IVO#674Eq1>enaisOJGxCQ$~6-~*P2%5 ziQL(TGtv()cEsILGfWirTFx2@(M(ZDt=B@ChvVhf4a1UZPU`5*$L*9p}| z)3jx6E2%HOEkqdEeHbPtuUH$k8YH03D3+~Nn%&$TaE1L|K3mst>4psQd{p1LEZo9J z@+%J)s~(vPTG+<#G&|BML3MTWxc<8R=ic@AvaD||0mU4*+p@}~jSxkp$nVs%lpEc) z*#@_1R32t%tlB>3vcU^ynD!+9ocCSEAbbk*pb`;)S{C#@jfwVXWN|@wVm{fUF8qKf z8ih_gL$c44v2Qifc$^u@zQLX~v3RF;dgiG1m1b7t;Zv}nFAOrdG!v7F>Adf@elj0L z;mXwX9R+;h%-5ieh+X^TnS;4o$UyaSdET{ZI~iC(_oefQrZcnxz32J*HK&28rXqJ0 zf_9HDX`%2~tdvuOOvNXY0%NgwF5a38X8%&&=G{4qPb{c_U8+I7X>H@+kS~E2Oc=}T z?eQ2nI&^pV2c+`rIsjglEaaWDVx>F#`KZv8av7m2G)4^U9qxfHPYa{g)fB)2Hi{V0 zF<|atMjJ=uMEcYnG{m;4Ay|B>NHX2M6?x*gcGKJ!P-5W5`XhE^}W?NH2E>G%FpY>xd6>zDvKQ{LOY8HPt*QJ?Ogo z@@oXluq90>wm1RW)}fxU!6U9lONx*?fVU}AReS)?DE zYo{pbGt=nBY|6RF)BfWVJz1ekM%v5D}XQBtnE+&AB- zxkvb2yvr2&(%Y=gy=zjmz3msBvz3;u1-`eBix!!+W`s7`?w$?{BmG*cTH5@gLNy)T zQZV-xfED*Bld6~XOsJrk8*1jzg?BwKKAv~Ezh*HZ?^09c{lQExg>$Mt8(nW3gbx6CwRn(LeX87IeY2Mn zFC9@m8$wyRKR&l%#OCB!025fvbF0mVRWsb`YemMGil}?qPW=yt>2B5W`iZ08hw>O- zI9mVEld{pja_Q*q?c!PH{0y~r^0t{=4+i^I!|!fs^z5HE+& zK4afj_n`8oRzHtF98nI^$X#n)ww&%78ykxxT3=atP6MwXg_z&wtGZu^hrxbLDswyq zR}S3Ss2Pz^EaK+_9fccJ#)enjPTxg&f| z)i1W}DgkXPza3Pc5y*~DtwQq8KL^H-Z%<~0Ii7rx{o1~g5f1ZWRod+-JIy$#Lgncn z-YD7{OwXHgWUbbJD!tZvcdx*_Nk!X*$M-sQRrWjMxX*JQkI5`IiQhDpdE@+Ah|Wm0 z)Uqu`$1*<$5B^TVwnF4IYMr4FFP=B&W>*6S2kb-t0rnC2dwr)#ih}22)Hnuye9*~h zej653f_%lCo^$JB;Y|g2!r?u&Z{C4uFAS@E`+*xiE$W96vv6Bu7YaT!bzMiWRus1@ zG_Va>>qyl%?5Q7BtY%ic=R17l>%^uZMIwy%#n=-ZM8u4&b%;TFC9iW;+|Li5kbU?` z?3x?!rd{kuT%$@7C@`Qj;mjt%J`?5+PD_hJ&Uq^eCwP9sUq{*}s>D^wrG-!=#mbR) zj(?g3LF(@0NuqZhCfqRoERuRR(YOjXK5tb;z+AdBW`vI!64X~*1s{ceerNER&+cRyi38#s%^ zxNOyQg)-@9S8IfYNyN7UL z-+bUYaM`Hue@h7v(y6~wdB@;cNMp4na2N8EMQ$y2`gMD)IIfA`wgIyQ=5k+r83`!y zSdDpMXAY~E3_>Dj2N%?_cPe!MM@6wS zg`#>||0V5J>vK zX0TW_X|h0QMyNg(uFTS6yDvf8?hygfGJSHO=jf^wq4ymB2d@wKT zO=8KmxcD@%fE}Us&M-dhTLx$$hM8a{qbA+^7mlVO=_&kiL?4Sz*d@Wrxq6HC zpz*XPwR`+D(!!{P_Y5V==XYo#x5geq+pWrm(0%V$X1U?h<=hAGzzrEgd=*FXEw-ty zr{qee#6=|8sVH@%e;VO8&4N87f7pc`>6=C*x1jvbN@#LZeV@-O(qi+}XsgvGo|MPs zbf;h+y)l^zHASz=kS<7vW0)|PBK~!Ia>C(p$y`<~<&;65GTA$gi+Ga6208#nDF7)h zg7$R*uUzdUZ}m<;h0ZS-d0K{vK`GW55N1(UUawkw^1LW04aiqD%{;*Euxb+h$=>|pLseHElA9XQr^U6d-N~# z@?wda`4G}SRs2DLF9XuKh@;FSaZFsO zwJjZW|G4wk7h)(f(TcBr#iWv-T3frj9GwT#bARO~UpTy_L0^nyaLhQLnAS{v(j%s) z7fBo@UNc8dXG;8nqBGj~fdl8}&2yz~bqTV^)j^yye%KRl2^NZ_DP#Cp`*GFS>(2Sc zg+^m0v-;l?$ts>Wumkt4n?CB~vgyY?Q)^T=S4v5%d~x{jr|RMyt64FSi<#~R70pFF z9V&b$MFGxEA6~~@s}}i+hmh{pcT)q#jx()LIcXE?P;S)#ZD}B&hTDwxoS3c93brTN8(f1Nr!Fql>KlU`torX%EL9)Fn zpE$D4gCYnk`PImUOyLEnjHwcwmm9!0KD`rS{|GXjBwDjR>OI-xa)o!AidBbDhvUNu z;QE${cqD}j^(zMseNq(g8(R+uUWe1TMLB9?zT}-0Umk}x^zX9xvuG?w90wx-xI*at zpKfz7Iknc8_~hsbpa2`1$1dW)^~0W^8#*Iinc{RAF6Yc1CHDvz<>L|=?^fy?Y^#{dB?U6hpv{m9ne!*&)I~nR0n_Ecw{Sl`y_bZqiWU~~2**ECdLM8W1o50H zgRIpA5|Ij#Y7aj3w@kd6f)o-0Hg0{86NRwm5w7#)^$3(#v~8fP-JO}%vuO3@G0 zQ-(UoPpuQ~I)UN2ODuoJzVk!uS+%@o=F=P!C+qfxM;DQH1;5B~5{4$b1l*)N)#xH1 znk5b|CScabbaQqvPuuv4-Kp{P})Z)e?TJ+I2 zj<(I*O$F1nAg4M2Yz$F2#AbFZ29trf631P4@p0{rgj}2nX&e-k_Xm@m<9BV$=}cNh zm450b5Stf})^}PuTkQM%+ImuPMV5O4kuim}Ar_x)y%o=8uPixq`1p{z2Ui?^fDP;{ zyhf`aeU8G7Z{EC_JI!y~il1AQ!L_AYaL5JfQlLVn)j3u2n^wktpH0_L@DaD>G~$I$ zf?GimM@bj=VJ{&ZD?;nHD}KgU{#ssJpZB@=pFQX0#pr!~k-E2rTHBj#2tYm^H5h8k4>|t8BwMTEUsXpR1 z`%=&t7gF9r68!-&ym#{Vwuvvd)C(vef6ZGu<+R}&7G2iApiw0ntzr%9A8-2ry!#$wEc&S?yPIA^9MoIi)P_Nc9h6*>oCc9o~x+f?nrh$ zIj%>zIJ-LL%4HdXn;U~E>-Q07`zi+LG$Vx5K0UEfdQ z=aN<#in(z_i1pK&x^2|3gwyXuxhb1*$ER}gMH~qejC1E7>@3~TQ9t!|@tf1`l#=S1 zzjq-WT20luWV?Cac`MKQYG~;o9?k7@_{8`q_XBBBTo6_l8BkP4sd=v(GLKjwuGD&~ z(sC96vVlNBw?alB@VDnG=T@QA6)S$YLR>s)6lY!1Rj^SMk6oaqq5+iZHeLeo#HHi$pZ9GmBP~6?T5^OzB`Fsosrlz32k)aT)`7tjRdGl##GR zhxKJ9&GBwMGVyp^3}#CED*>p>)!q_+<3q_q6K#fY59?$F{H@(039Maczni3gi*%9q zW1b}fq+G(KSJ6{h1vRXO1~7MyyVNzAIr~W*Ehc9NtvUo_tk2}F{$w*q6*Sh6EZLHL zD)zgzh)Ja?aY2e9qwq0=#)3Pxrl*8Jnq(J&fAqtrMqL5>ZNhD?hG;mZE|XP{7RM%hQgO|PzD$L_E6S!FdysD%OXLIY9K#>208{3YyB#Mp z_YQpvt^8qL2*g18%2u3(l+kTQTpVOKOc%!G1ek<2{q<=tcRPc2Vw<_&nQS_v4%*eI z%tAX%@k}bU474qFX_#eS_LcjO#~Qbr2MF^7OyulwDLmaY9qGhHwPy?ei+_#`-hPSh zQ^!FD@}@fDG9TyS15_T^SMJdBfh{q2rXqvPXunGTnjpbIIWkmwXehJdJU)-R3|4^GdiHXV|}Q5mfTM2J|eB* zsQX1-G}t*7@gLKR^W%N#tLjosJR48Z4NRiFs8Eh-w#4(d#`I_$*S8LcYDzN#R>~UQ zz>0K1o)v8nLJbX*gKGRM8F`mRUyhNOnZ0KSOZzJV_mV|JfGq1QYk|Xs{0GP6773pR ztWVx-JHXS4KO+SFC`rcPA%;?S32z|=ga=1=UAu!#W8`Ab-Ac;_%M=Q)v`~JnZOv)| z_FLZ(Kc%5LJ{JMF!VserXkG)7$YD9vgmBW36b(BdW7e4sCXzkPQKp@)tfZNmlC(aMkDnPlk$81yxx&@qYGis=$}|*tY)V&!&1C)} zzIwsXPK=|O!TMN2s<{*eC`^`i3buZL1q+RPI9^XR?j~p~$l!RLLV5l+x7BM`WAp<@W&o@=FvrZ~Z zJj7N=b)kwkopbaOi_!+)o1~a#d_8P8IIg67S1a1c8IzG-TM~TF;H*(xQmU!1OQ}k~ ztK5*cbA-y+aL|^zW|bq6QG6ljw9BdKB=L(NUblfNoXFb^5R*VGFrFT&LnnJInj=xQ zw0>S-6zu|!V~<4bxCJn)kSJ6Z0F#!IyS{;Xz5OFFsE?MT&|`E+SHYSc~G4Kwav zbFM=6L8V>_1<1M^UIq5r%IWoGhlM&3_Vcj!U$r9+6#Hw`Z0^SOFESgW-l*zuT8br8 z=ab67GBqwC-x_Z$$WuAGN{hf^RZbci5~NS?l0W-DPuO5BLPqCif(ylqn}0`<%$n0v zLEf8Pz(0G(#Fm%r)KfNV=O`cZe2{8nejdNDmmC}wKp^M17Aq-a-n(rM)p4BtH17Mg z*QZ4-PxdE%D@O<_r~h0#q`W-i}$FEkDcZ;cwuOr^ctx#u+3{p9!>we{r1&_T1U z7|5yAH8bsRk!%op&+%vUt+HSMgNxtHXoRlAY&zJYgSUfMCRlTQ^Dytc!uo!x6&Hc6j`gW)-;h)XipSY`nGCj#sbVh|Te= znL{90qgulYHOllWL! z7kVEO>)924(l53A(oLBzr?3G`%WLss4q^QH^|hmBQ1(`k#M-dI=IisuKcAK!1Zezo z+PdBmyBl=+=5|GjE`vGegD{=3G~Pj_aazl5F2Q?}Czf9K*;)qf^98%usoQ2XvTx@t z-WO3U8pv+u+#%)vfIzTfGowRf9u3$2`SiPgw{MFhmROQgF}VEosr<^?p{R-1)i2f4 z6N`aDh)z^psHdPz7S|NG=vXjr%j8(1O1!2HTI2fI<$K{APyg>f5AUn496QgB0hfw$*hNd zZqr&meM7jKk{Z_{!apHe2KNAGcrD{{q)(}C$I&BQ3@v8U=EiB|?KIL(KnxowQPqRFc#?ZF_ zYi#l++V1;rbm$LV%z5k1F+cestikKgEZ+Y&8pjQr%+zYu%W5V1$m96K9c3ahq*kH> z_4BCckgX;K1~~8X8nmsLIOpL0H0f0%l|l_k07qQmAe#x#?ypxed~aJ6V&??@IyZXL zzh4tpXaBuA$K0kw3Yb5VN%d_aZ74dyku^o&tCb1Jg?7?*Y|e=^`tF;U1!bl{y<_ro z>)z3Up-ru=u&!DohF>R{^R_NGG@s_Q+MBI1acx~A;o+4#?=uOkTkREsiZCZ zX?^UDd0smNVJN#(Razyo`w}uc9XrDlVmRhiyUhc()uDdQH*$#xG1kRgK5k*j{YWKW zzfvzp;c13Ul@QO}fc;ra|NryX%;Y=zJ9N6M2;eX53z!~HR%Pz`Y>H7CQ5<$ikRhA# zfE#XOj^TCIEoN6H%A^rpl2#vgZvNtkI1*)o*mEqu$xc?)(LimogP-8@15C>!r_JCrLt6X#r(D$&sY6 z+P8RFS(Mm$#XKPLGTQ=iWm(vWR@s7`@1X-G4Y2IGWM~M(&qjhA;h-(>o4`GOZIVGJ$Oy}it`)Qoe&2Fu6MC}SDnZ>NHk4iw9f@3QzZfQ$o&e%7Ul#`I6oml| zPjUndd~UJ|AZ+}h^0Vr>Bdjry8eESGVUfrI)j`UfCxvqY6i#j=SUJ+ZVzACdSinfs z`o}h;nwFD@RDipeU_o#irbG%PiD5AZg?#0d!(Z3^{tbP8gl+Z8=R zoJ=CMkMVdXiOk5>=`18p_{onzx3LkQCN86}k9F>3V&&^$N z<84|V&AVJt3LPp|!0|#TKXD0i$yyvgtm0(8XP2+r%gQF?VMFovqON zLD_Fq3wv@Ujk0i}nS)=;IZI*-gn8|g_WI|JlpMG73zX2P+cmFaJw!fOMw7hL-m%nH zp1|aec_NsZZ_&j*b!=A)Nl#iJp@N&*62y%L60N`H0t`x^lgyP{38`C_G7r4&__h!FL}JPz+fDc8#$0O% zbS7!qU(YW$90k6^#Xf(D)4hMEUOdqX$Fu74TIiTHN(+dgFQLMu40wKxTJV@50Ecff zc2t^&Wx&p3j0*u@&31D-zni}099)wBS*v|j@=sf<%e2jqp_2;X>t;cy_j6+jM#G$20Lkd%F zM=ZzW`n6qi-cYjB!w4X+0kkGXC=Q`x;3@8zUbKk8db1yjqIMRIj#Xw|Uj3GZ0_=cQ zCWQg%6)#@SJg}I;5%YGWe=Fa;n85f?R@pI;{4tL)X8*c^stQy{R??<{IVW0#SiFi< zT5#_d?c>)5`U`(g-`AmVnn z4hgm6+R8afveJxYc8+V+gq!0Vei2jF>N;Xykuv`i0Th4#pPxRayS=?9*CL%YI(F{O zTwh<9t9bn2injR$^jD!JF|*RY(Q0&3lQH|>8wM)8P13PapJZAb46QxVivm#JFH)+ zjuNee76Uw!vLWO-$k%0~r4>yT*NEWvpR;&_&$?%WM|p(T>%~8-hZ-6V78#xfOD%H( z2h6ZMG*{$A{u4qDA)H&;dA8X6%H_1*`|duFfKH?75k8rp5thi?R^2jxf=h7JzlZAH zC(6pQJIy<5N6X143C|G?fMXCK^TA`7YCnw7-RB6e+I^`9>1DfQNU}(noj8a^h&PbFW&AqU`W5jz_rkwf?w3~_U+|tO!!3N-uYMV}u2Fm8 z1D=94eJVpM3*L4lcd;z~e99E&7Et$^Hw# z@lW(L^uPZk?QRHOdZ}eC6}EEyViMUSlqB!y8xys+h!sKq!9P@c|3 z?{<*3o}Z@S%ih!PSr@Q8At!g#R?_fH^y9j|gnJ=5X$?DPZ96-{wQ91YDVbbbRIB1? z1=)}?2nbs9|J$KO-;u>L>fr871*P)q@FK68Phz&p^4kSeE)fA3CHC&FgV%(sk6_`_ z#tpQHASK&a*mO_pzy`HynOOOh?FS#EZd~;rgK@9-f1@80ur9^8 zEmTQ~3*)`pDfpQuco^{V<$L3N*Q~v7B?0XHxr=a@;47m*>t$~R^hUX!gL1-C@czg{ zx65sy;m7Dq8j^$ZEJx9P@~lue;jDOk^!@{8+gE(@+=M?pnNlV~nozdV8|}v}uTVt3 zT=dc{Y_JwKc~GWF6Z!y_TYs)tMlxd}!oLRl6O?@YPp_{Q;K%@SiD_9{tNkM{MSE_$ zV)IT4Enb@VP-62+ver`vJb2xgzT7AIdEc!3brV`-MW+g^*?$K@*9#rym*e|#j{?V{ z3#O#Z@uT#AnZ7Plax(RP0ejeAs$>yz-06^Cp2} zB%xFqy3Q1nE4+7!@=JNVyNtlx^Hwx_<9cNI=j>ve|FyT#8R?a#_+N!B@3`?D%(8L3IPhuw=i60BN2 z$fJ%e97l$0GqqBgYgn>t8HQ=5tDbfOeh-Ms^=9^HY(KGPe%NI|<*4-=bk-kW)N7eK zKrWlO*0&(bm;UuJ$k6wp?WIGzb^4^b8^4g23)pNQ3$kUrQ>7Z#b$$Qpk>>q_Kl|SN z?=LR!OyZDKAH7o+{4!v-Z57E!9MSqSjHeD(yLwS_V%K=}K&k8XoYfCmk~)5AZ_rh& zmGHhsE2s6T%}SeZO(>mPZ#AsnY|G#L*~`(kzM`w!)y{;g-?ZL~R^uSuLL=K(6{W9X z36%G{hLDKqt93}nCdcQhE4z-oo!EvTZF%e6k2mG-5ZZ#+|6JSBB>y#ZmiNa2-MkB4 zBr`SIw~64vpHEJ`Al|dEiwL3{4lgctSxC5HZl2NPHv;%L?21Z=4jf<``a$O-Kc`AYNNXv()39U$W@!*h5^+21!K>H zG^VR>24Md4r-ijR=E&e+iEfadYW;lLH z0!jrN<%@&OJ9RJ$X0|Y}w#{ffPY6W1dz)513i+ z3+w^-Pv{7%9@9JjnU0)c~EAYq{w=;Fwv?Nofhy1H>)1)5c2z{3qLb(E7gMUKCA+6Pj zr9m3V@3o7;yltt35U&vrTmcpnutL&V>FD9Q7{g*%YZ*hijv=b1eR!;*p@# zW@f?*m&FUg??i6R8-+}3Qy#TTYpY@}LpZ`Nl?YAsnurPqnX4iOdN^K&2nq5&!?Q%x zh89|^xhbyKb$+c^kP%)$;5pvh)hnovHg+~$ZZSM0A9>khaDVFTz{kkc;jrGADUAH0 z0wIcl5tfMUj;;Qt%5NJ8My9Uj3I>Ic%d10AM+_#pj1--e#_pYEAWmEuDELNNCE3BjpIOU&A~)&3rVPrbQ^>(9O@Iwd+Txn8B6D z|GmGAm%4sa|8)C9549&TWLu{?fB)`HMJLXx<6h`ZhlKO&zRXO>z)wz#Zf2-V zp1C)y7x!Wyi$h@Kwy$5IbnDN}wYSfk&}-nb7KfGsH=SW(6b8F!K%p^R%eli;WM8?* zM7RPMn`A76DQEoVXS)1bU%#?{FCZoptMK-8#ZZw4Z<)N%fk+T1+?LKT7CuPR8+PbS zuzV-_s+^6?{dOQoNJY-ad7r(>MSe^4w06R~FPh4?i+}TDQpKim{z@~4kIs}gavrhw zG`0b*;HSE6lH~~<6WLqe75UmgvUTmpHy@DNiRK9iGFxx|p@79p?SPe&dgiAZ+~!sN z0hVQlC{U`Y2rQ7D;^Dt!N>_ow;w9A$-wu^24gJabVaH$nYfU&`xL!7rYCd3odG%_s^UCRx^KDKn(9LMZF0t#3-Hv@5il~wbNH}B zS)au`S*81+`LW!rx`Fh7(6p@Kh^f%*pWXPw?!Wh!aW`BaU!|N( z&{~mCq&Q*!symExeoPfD)khk{(QG7378bLiYdqEt``XJ4X;)XZY*VxW3(%O;22uSX zwgG=%->0-(LC9oiv>kKR);!G9B!|klm>2z)yT~A2hn0n8BzW15K9m~jM^sHGLd}s` zWCd4vYLHE_LA}+-g8JofsA~o5p0r&8`q25R+#AA;a#^;;nd=xK7N)v@d=@gT<*o2Q zwaw@uP1B%?MP7DVH66!D+q&QfJT9ZC1aoL%jF?S1`m}0)?JI})zUEY!e#hTUrA*qb zXI&HJH?V7DuiO3e?#2K1r4RXkac-OIa{EIeQ&V+9wkxdS`IpwCWU{NvT6Lb&({!Uo z9wnh`9bk5yA2XV@@fBx)bER8^qF1OB^_>*;9Sg6U0oo-R^76`1dX{X3mG}z=`Yxma zDv_>ylgEtH&;8GnL+*MO?TsFE?PqO{5lQ?;hf1%j;k(K+g5f&;ziMex-|ANZ@$F_P z*Ys8OW_3^`0{6{+o(k0k&`Y2E!6HS|f3aSQo=d+3>IT5c!3v{`xYk~t#T(!o&yyaZ zUWS2egymYh#rVB|u6>6X70raepf5aS-W;-suyBPnj^jm+Yq7_yom~6+jeW^4eTA0cpdYLUsvqB10 zY=>!kknV&o@mreUR+Y%YY_#c+ic{0b#o6X<=dIs2WxU9LXbg9YzX73&LDh_-u0vwo z9_7w~ewXxpyLe6g3XJE8%Yd(ByG}v^Bv!JKQn9l1{&LXwJA;3#y+$A66fNH-u0gyvO_nmz>q3T@4Vs!gsMBy=r%R z^UWR1mks4H{lN0LEFp-mfg%?&lxmhOmK~(ut^cQlJNWv4OX{}M8U3|3SUgF5X&~>_ ziA_ek9m;wv{u*GUcFZ66HgQU~%2V`4At5NJBe{5|fgGUl z*svTDx|0U`gKoZpn)hPzw=<=@@x`BQ7JiI*^axwsw|kyp5%rwEx{6^Qq`dzvQRbHC zkmlaf80D8xs^HXLC!gi^j@B^$`T5LIF)<;!q#Wff!`Qa^ouR60k;%hiIXY=wK=2pu zWC_Oq)w&1D|50L8@f<0_EgP~|oeK=5T&oTFmoBW$mI2uUgd`R73nn=Y0I4z7qHf}# z1B4s`30QxdJ-@|ro54XLg1J@yTwS25p5(ON<lQiyjC5#yhDB%GcHeZ&&^Cjx zT6o)wkpO0zHi2(K3U9L><9%)r<#XzwdOQ6-;s`OO)AI2Cd-P>r$co3xzJt(hwt#|; zF)~FK3TS0+@5$*QUO$lD^f~YBRmHRo-c7HtpHx`}->$Ip%}PF0L%HM6Ra?>jeF%5P zVc@~Mp?^{YC&K23cXAv8Ba^=H2^E4EjqpwaEMH9{w%w(AFgDs;kvAQHWHn;u&8yE3 z(eCAi%o{zyh3AC)2OcF3edRmrO>Kfqbby6PSPID?a6E`cRZNrr+5&WBciYgAS$(qf zojU7C*^J_HLShqe`vx0Ifirm-bA}7-94htvNh7s2+;|_=BlsLlz1XKWaTcBwZ>#%$ z0xCCTkotkv6K2_l6K|$JKKX}Z@xlM^81ZRL2gkLD?Y*eAbr=tLVQYzSHg`>_HF|^V zaitLLn^dtEE_!B;BOOou+(8@O4@Ndqzz-HDY^B!l!rz=SeXb z(Kqy}uRP7jDiTu|tEV&&t-~H5Dk#%lr7GyA0i)wN`iP95p52f-VpOf-{=jV``%YKm zLF|R!^M5&%+P@r%X{}e-EsN((fl*Sb3DBls#mm7E3^yswIfh|kX{N|^H5nch##X*Y z(sT%Q}d4{{oxK)h|rsKiH@FgDkIPnsd_2;RSM3P8$-{R(^y<(5PCRKZxu9`zGr!^koFY z+r=O3@%Fm{5P3;CL}D}1S#ACZa)wW89+fSC9*>{8WFZ~J@-+CH65C@Ps@09UKPfWN zX7Zlp#H8WxtR!?pd5V?aL|3H$y0sBikz&?c?CRzvdNGZ#!; zP2Q^Jjpa2o5a%2(_k9vg=Zezave6Nn*gg;5H@+p#jnOFiocDQi9(&?wBYL~N6!I1= zHZ#35Ny=XR7kNI_56xs;s@rtO$kC#7>qsV{oHa%JE28|PiB+Y9BZmX}$jLY@b8(NH zOPOOf#ApBDgBPv;@c`%s)EaJQwI}ND-rAtNx@2sQ3fu~C^Jl%bK$y+%a`vTCHkWA~ z`04fi+{NW~3iJ?Sue92l>ekllS&qh@)L&DAoD{h{Fewi3r8UbZCijCe3UXHXUEXL> zsN&;NQb}6%H=BIdw>dB(ri=?~4oyni$X8Ic*SM|UbK)S%km-A|_T?%Od^>K#!ip>1 z6&B+H&g-j-f*B2U=AdFtls3F1{-|hE|E#dE_rvY?e-d!f*xzK)C>uo?$U2^ZGTG`L z9SB(-Yg^ssI>^KdZbceMy>MZ@UTdiFUg5=xC$wHPhL%FdfVG7x0BV5rwn(9c7{tlM z&WMIOIZc-bp9r2@PM;kEm|%$}L-nl^w9iBlxPdHK=3vp^=ZS|+=_N=+jQ$|T`zhNf zO!!KFZ7Jni&6S$JL7nFgGs}MO>%M z-Y2|{_?N)?k7jSAkJA2B|2k`fI_nlp8O>1*IdtQ+&nWJRgi8F}GULq2_mwKet=WPJ zARDvsm9L`kizOC7@w_A?#(0FVIk2!FvJzIqW;O7ukI-g7YhTRas~NN{T~j-IEeBw)?g`o-M5+2;ndknR9Mak=ooVfMbh_GF6+L8QJafnC z?J)P!c+|^7#S*X3JZ)MKomYq)2Ux59CRPCJmwm}#b@z~xU=1>%+uL?I+p5MRMOP69 zaE)H|4+8sCFr@s*JDod;z?|S?lLY=m6bsRj1hWBgDVUC?d;Ldgz}W-GK5UAML)!jr zd((NQX|Gk43}~=&7QNgz#YT5paJ8rES4}@ry@~D4 zK>CquXjSj`lVs^XX^#0n2X`L3F|ni+_{<RJQ7Z4${TJs`@hV6Vj_cgQ8$YVd2 z(Cl!?mRxl*Dosu~Row*KE#>MsCLz8Znz>kupJ|x9Hht^+c_*W?u(1qkp3wMKp-*ij ztG`f0uJ*IDdg_`7)(m!`xK9hfMaZwz@qDFGJ+Kfb=7sY#kn_1arZh?5DAgY#O|FG=Me4@@!yg4o~U%1%iabm zWZRFiAw&wa(x<@M1dHrk2{p-{??mU@9KSe^BQ0|x2T4QxXoc{L-J)=B zjG=ib@f*V)oBM|u+l^U>$=ePNiHtXO{ILPN`3~)u@%=sypK^b6ne`Rw@C2zaZ+wx+ z6SDUodq-M`GlKqaNd4u--3!@6$j2(G-tq_Ue$xX=2*6S%Ic#7(mA6ZXhy^_O&`x-e zzu~I4ndaA<4BfPVenhA0eEqDYGF;LJV?vn~{?>~_s%wOHoA|N)BBOYeXBxY@NrE%Q z`Zg<0rNqiY%ZL$->Uak}iT2!1*dZQuu3FWvr~`S;I=liRk0vTZ;H0|noFE05p3RXF zWRW~^nRH2a+8FIRKYfo^m7)k#|IYOJ)*-#h=7n+gknw)rSP7c#ON-N%fQTK^3<{xI zAf=J9Mc-Uyi?tl{w@;ET{Sm}TRKVYC6*!THIE9;{SMz^TNZx-bgtfX@Pp)3YVx^w* z>q_P+W}nwXIB6r&)No-)w|K+IPFKx4wI^MS?V|FhL@5-ol73Q3!La8e%Vs?CcU4_p zCW!tX%cf_cv>`;s;yhIzfMduEvGu3a>HollO@rlYkj;g)ffyrE<2!gP%YHLPKaG+V zXLqto`qA3#ldYwAdQX=<%`AD6!b;}IyR*XkCSK^$1*TMydeTgrQTASgBZBa^KolQi zaI#8B)mN%yibic4i*ZG{`?47cV{*m%0mb>AjDNWy@L!&p%_=QfZ&ptn;3_ZKtZKLd z*pLdEL9u#quLXN;=Te%^3#GvTRKp>~;j7&VDY_EOYzByj;-w56HUhw$m?UG>g`N>H z&Kpvx>X4~t$5|D`J*|yns!l*M21;Gua}yVkNf@h==<~TZ2sUjgtq8rqePtxa{dGY3VHf;5 z#pmX^)f?ksGMtG$HU~=kGcLIQ`I}|meu(HSgQ40C%cYgv8aX*t5*|Y=5^sfH+AtTA z0nvPs@i$hjwHvb?6Ne+szz2r1Kk}n2{(nyuc+Y~aXfRc}paNIM6?5J=vMxRg%Hw;f z1Mxe=m@rOc((YRgAa7oh?%H<6bq6v_iIiSVHk*v3{6ZbeY?4%U;g&2Ce_yEmyC9@! zVg_D`Yf*dj%Qq-se`aZxFTZ`Y+9W14WD44Oyd|V&COkTefP5yGDVzl z5hBp3I8Q*9$Z>bW(OrEd%oPql6~pTy&8(wl)Uox|-xbd9zQdQMP#<6-_v8$f?9Ew` zvv^NbTqRe_a-d^W2&_RbdwToZ7J-!jZkKq&F=NiVX8x7dk)!6&_~#mSm%ZY)XDN2o zrW1RAZiT5L|Hia~wDE^!=J#BFOR-CiA9BaC-3DPy-T-hq;H=Mm+ej-*7Qcz}X9qj2 zE)c^zpQdow4GV&NjL?Njy0u4x#4ovX<^_AUp7bsnz09tg!~umZ{v`&3;+9rG^Og$X z&Te8X-09*Vw@&k6W>8< zgOVRg-caiVY?6{b7pl09C|5MtP0g`*D;BfQ$$6YN&tAIw^MEKGNz)kY(B4=zKXBa1A^I`(4{Fi>54AVKrYD1v zs1`rH@%Grviwp>i=p0`m=O;|L%MzEJU-|037wB|;FxLBA&S7VTnKI%yI z-wTavvc-cz+#(jfN~;knl0-S}=nZ^mey%?s?vbSqpU+o769(igEXxVoDmttSlQG)K zzoH`31RgGBUm-8a#_sudzjCPr#;VGUYak2^VDX#j>j_G9l zjwM=|mFu?my}+-xxza3oU8onff!;T=m^(s1ut6YFdR{@iOd zeXCC5cz<;n2>E5${xm2;S^3XW{iO^=0d0F>?Crfi5pW!!q9BeRCT%raC1xAiOnofE zkynF{XIka*Sotp_RnL~s;%eiR>pHRmM^Z;r30Kon^B+GXV*A0VM_QhXSASNwARZ|Vt zuHt2e_BrdB^jG1r&tGSnl-bj3S<|UCc*^Yi8TvUA8O~N*u-1m!N-QkavA6HahuePh zgsWxY{2>n7zW;ah+oxt05>ME&;G)RnU%Bjp4f^XD2FY>_C(r4&-hl1r>p1{j7r*sd z!6oZoZ_0Hia1r#S0Lv>Mgxu_>3lv$zz8W-hk1PhR7 z+$3}0ieM^gz?Zf2q2-4ljz^8&i!Gs7;lGaX`QB3|%o zv+_Dgi*fZzY=o=36qTlaPiM0bei>{b48;K}rhM_A#T?Q}7)c-k3x z#8n~5H(+jj|5G<#zV;Gf{an668A(g?Noy$s9rir8=xY|ztG|D(&O&scMcR;B-EBZ_ zx@hh5z$O!CSeI2yW##N zoy1e?k76YIOMIhGs>+;w&DA>3cuS)RiR&Y0$ zj0&2S*scA}*pSNDJL=ViA)J;fF4>fNzX+6j&z%=mGiamlDsAbwsOju=gpj|1nMyfZ z4za`l^W3mv&tVzSY!lH6m5y?+#2`yUN+)p1Rr`?LwOYMSO04T)FAnbN&rR!x-&V9r zN1C5V(FbZ^5#jA8*WQ=)22pjyDqVUO+^E~>m%Y!I53)I3g5a|9O4hu;lk*Mo;Hubr zlj>(R+WNACW$fOpWS^o5QDt*O7{Sg%obQ~ToBOKbCq_BtM#D6*ODhqgPhd)JPY|sh z<5GdP%-qZ3eTR~jGQu9ks15lE=Z)+LyGA8@S3S>vxNPzNJOyly%hDQo#$ajK+BiE< zP67Pf$pzNbO;R7?A{s_TVD~xCTsEID9X236PXB>NVh_WQW_Jj^ zxv}uWE3!vf0&Bqc9HPgdajNNqVf&$5G^iQFrOLGE_`jrJhFAV)=83Ap2!6>~6A? z{PjByZ%CBCUg0SC3~Cf$1>D3B-;a3qqXwHu0*Q^fSg%M$g<8sGvZ)H~UD)x7ZBAYA5JWgOk5nzj2TU)vlV-RYc{Psl$Ap|rXoo{!R}4|rtsC<+43-| z9ey+Ta-D(?DxxKW5i2uPP^6z1^`8rM_vyb3Hi}h)cgaLhc3}r@OV!u+H6(St0rWb; ziS`gG2(B>q*zOsE+*Vq(z`c&$A&5je!0h*;;Og3IlG(|HVt^dLRa-iu7GZ6IxJ5+G`<^hPdoe zs|&dUO$18oymjWmne?h+CzJWURM)d5$(B}U$bcH&sOWDRZsV+kqn~fF{yVc+Ffv%v z^5nk3h(q(0-%Ip*+v)eIC10&B6i>2nEN5%_pZc%1+;k|$51|X(RMI*mUTWIhbp*el zs{FzFU{tO`K$i$IfE1{eeM2@UQ6|o%0qeDWF&I)q_a-cAMVz~;2nLjxS3o(y2L`HE zDgP2VWq+mUZ8|x5Tbk3_4Y^bWsba$ikqS|W9qDu1JMmaI7SIpUI4>)IwIF1n>JoW& zG2>VSw)eYzz3&&PVifueZ44z3*S?;DxzkIj?l`fFWRi|jjy;1Zki}_ty^^I!{r{osXM2w=8w3V&zEZYg=75b1DQUnSiTdR>Od<^j}VKv7A$q za@$2nH;b9Ch*+nyh=aC@?6)wA1`Um@i%HMm=u)~%FP-9}emLlkRuP*P6BA@JYO?aC zTUS;GcUG3{Yi#-`+WxY8t^gOAtn;TotC~W=ltyg=zdBo6KS!w$%$;WTr58k}!&1tE%bA1kPcvqzK-pr)fhbHVg5D#eUMrkV;f*j% zjZZrDvOcTcRDkk$7_q!R=Zi9FL}@x0lb~-(lQPc1{C)#;cz^|fXefnkbo_Q!dYm$d zwm-vz6r(gdj*#8G&G706I05;%g!xe%t(weIP{dEXTaBVhN6l>AjYg_brYzkinv zGwKbF35q;o5k}c}7KnB4j~0;=M(hp)=l(PuXRT;Ich;#nH`~G)y;;=H8_&o;PTee! zKgSQrQLHE$Wwe|;t_gsD%-H>8WJ4WQt8t1WQ1Qv;u{b#t&6vu(PgUt*FkkuuKa@Yc zV#3=3lcg@^J883GW2NV-T@Gm?w;1hG!)7jUv3}I?BPaa&W%EISJ(m4~JCx&>Fxm)1 zmxsgVGjbPUnN&qd%0k0BetEkq_#a3d_80%O@h=SIqI*MXkrYVBu;k zBH+nO`cjf5%_?Fpi9&9)q7Ot8kT_@QHbg{Lu$AT(p&?|5h2L4p;V9NMz2l?+KhGyvoF)p=_(JpH zS1mOo8*z;r9am_RU9Z;$$)QPUe_j~dsY9GDx+x@FJ3DKYmlt=Ta;wmGZp5t0gP)gyt# zQCheuRsVsJebj-*TrhDD|08d@SSL|ybXK4Os=vuF9#+?RDdY!8*_;8sfNx! zC$on9sN&%so79%JG?|J$7&Kvf-ENpY0VH$*Q%x*PgK}pbSd#~p!}7)wAH?$Drf?Z zF+{cEP%>@9vhkHP-H$6L$0}Bpn%AYqxr#yQp@P8~k1~A~+#OWcUp4Q6y zU-DijfS;+XLMLp`j4ZTH_^`XHK(J7cy^z!s7JWKP^a_uqbBDOv&%MQ1&ZW|Pd9v^O zk$5%d@I5Z-gUZ3rUJQUReB9%u3)Up#p-lw+#VJdaB~JJ&36tS9Qa_ICvLqEFZs~6@ zGr5(Yq=W<+Hbki@z_x}SyR!Ex1Tq82lA1~TK7K(@EvWZ#$RFKpJ(EJazdua+zI&ZT ze7=H(xUZauQ)Lh*JVHgjB45qAH5`IAa3)H=irkkyvNS;0*W?(47%P}YqQ;sc87g8Y z#zzYJLHj|D5tWb^lFGM@pIcBFzKF2K$<8=hWnNAcSZWalcVl+kM7C))1Vpae z3=d|79rmq|?7KfB7kJMK_6X#ib+6R0Bn}mDzY44(p_}{RUIGeda4HFM21QO$BO1j1 zWb_G->QTx0z)vD-MGfOIuefS}`Ka9XbImFH1!$Q(%jSZN2eO{UO8z3=VF#*fS|IR^ zmrUFBu6vnZ$Vkov4s}doSELJ0e>wY38k&=RRUcNsBX;vCmLsV_qp^!Xq#qd2<0)A3 z0ok5nJS~o6-@m@99lhHL^esm*;6WmI^10zb@o(y~_a%Z#qRMupoy`20BKtX8^s>4p zL}btMPpHY-2nQ8?GP#Ic78i|Ae}`;Mx^JFFw3+o)$){ z)aUa8h-G74Jrk>rC3m_Ls`AzI_$IkAc`i=gPa+jNTn9{e+V9e`5yf52K}B*vC4ing ze&16CEXmdXAmv@>9j+IE8u)9{0PmKXObYFXGc}b9@uPV4ifvDSVbB~0LL~gRsqy^U zZnTm^?Uabf+9?+XstU%GRNfnpsIHZc`IIUfw}}P=ZCMAg<%}hg$ZUUAMU(_gLWpfhJ+hoJK8 z$$H^RU+$g}J)=C*vqpuVI`2Vmm5f{!;aq@jfYJx*$~?MmWQx-3QD6HHB^H^ z=y~(Ve*Ppc2^Ywj6IHVCF>t3NNfcoeY_j6`tCUs>U*+RvhS(d09;MT&?x;J?mIWSq z^E}rbb^?b({WO&ris~zPW=vA=m@ib*L*sWhB5@1STLep06Yv(vPkxO&;**_LvtoxVx=>oB~@QPRD{J#otxSEqLmlTPGT>=+H$Gs3%(r*8%02B2T&MNOlj+S z-LpsZ8r@SN>rFhCf7B`!3+_7`y&a?44<5}!1tgx+BvobDKi5I<*GNvj$%H6)*{@p8 zb`FVs3oVGkFj%-h~63}tgf3V-Ym1R`i{(TGiqEN7Br(=sh{(PPZ4YEnjCe~Uc z%BS-#CG_6u4-chV{YMBR-qVP*NhlP?RNSl>^(K%xG-h;-51m`HWpr;V^%2kNoLkKrN0;GoI({!%rsnH}Sz}&88%ceR@5Pc!nfwE7Fd>)6?wgz0C zgjZ~I6~U?y@{T>k5Wh^sxLH;U?beFT@s8`dDflbhLm%$*v{P+25c4c?eqvsclV@w6 zxUiP#mwj00qSy5)p)CsZR6cWO!!#!c79=0w?nVtl>B!)4S&P->oohsWj~*kyTpiIP zy{#cleSqv^hC{n5BNj%tp$>Z&0>ZUgBVxu8M_E5C!v132#W> z9Oa=b@N1lKa-$S_y+LzJMSm;+SBOo~X5Wz7L{#1~SUaJIs2FjVv<; z&gYy9zyO?JY5LbhFW^3IJr7xTn41qN{3hjKBz2QTjBwzY;s??O0Z#hB4N?Oa&qu?l z_=H>IPIchR9s@q-0B97_vJXOTdL*60osS<9;uV(^Kg%FWMQ`*MPCZrV^XRVlc;Va^ z8H-VeKI1ca;gw;1b3-;q6nLiD<7PEH21ysM>WkREJS1X7Q3ReG_c zf{@*cnmop&{%O$w*ZnIB6fnes#v`FN&-U;37`6KIv$ZhUXP9Nv(9*j~!MEAd%ZyeP zzc-fWO?-)zBIxawzL}@)hcKd$w*b8B&Fed7cfc$m!AK$s$n+@p0YS{%qkBcKHhtfE z9@!#%WZ_Ry7?A@RHh7S8j&HQY4gi){-<(<$I7FIc(&}<3jXBs-8tAeJOc@IBD;caQ z+JO!#x^Zx*1E;c*9~%2pJz-vG=ZYAandsGQt(3;F>T6weBR3@;5zGbzR0qQaZQ6c< z)Kn>hY{MIj!MY`>iXE`J$8nGYMFLVq=$l_nXF%=u4k|>Uahq@ z;MRu1hCgpoC@BjRBg`||hoEq;|7&~o%q)L}a6x-VUsVzVF>!u@-~xhT6d-<8V44w$ zK}Z=v;@a>*ngP8I_yg(VP+q#)KYIOz!av2w0a}AmEHq;js?uGekPunz9Q5z;i5y|Qwa(TbPjpoSfGjenql zR&Hg+-8lHp=H}Ojci8<%b&Tc^tIDXU7;My0&_YMg+HQ@F0|nYca=7Gbm!dzr1>_LY z=Lzc;mES7RRc11Mz3$OdBDW4`&go-}Js7zXDMr;~4Iqho=X!fY_bVnzj);)IJaPg% zT^8+Dn!fqVZA}n{dX*CHCw-&Xo5+Ku0=GV6|H$JtI$J-ahC1BO5llvXiWbmqkQVJK z&L3qk_FpNC9@gh!Jkq{Ulx}>KLJU0fX>8X%1eOByAU>dzk1lb-Ufh8-N(W~3izIM$ z4_J6qP$s1V_{P)sB17RDVRQdS05{TZW$BJ5DK1|g-b*+P5l1_y_^MJXFjNF){(b!X z94zLYXXEb@{~B=Y%|4Dr^o&9N6Ji}I&pm>cu|kf|{DUs$W1yvY4C+x^q1C$X2V1(q zEUupiNd0_D2w$KmHM#HGCmWp+WrVN-3G)-#tFs@lv8=UaH}Ff`1J_Xw?aP==&?N}( z0`e4dVsztg!hCZ>jqt!*n&+(?=SHGwBtnG>Nm)N86HCy3dTyB9m9H6$)G+Bv1ttu3 zi&QC{sVKjj({^~$r}sL8HI)KZA0s#7^Us{?->uc3>Ru4^Emzs_`%NzA#$QA>4k@*j zMepJ|LkC(0E%}wM;2ww=Sw7XqkU*$wNg@K%@A=kL%Ukm zQ|F1q(#nub2_G!EsO!Uscj(|1S^rAqu?~~`)sl*lOmLA(F9d0x|&^GIRdcd;OaY;XnLbBOKTb#^MY62~SqI(amAV$tK-AWrVMw{d7UwFhI4uCA8kWmu*nJ%5S- z#D7hCPXOY44avjF;pO6Vvog+0NI1=dO0`2Il6KCpDb<=$Q#Zj2Letinl*5ua*vnwV ztS+w2ni*a++Y}G=OR)cQ49HopB|SgKd0J~lV_)BhA}x&>fL~n4CQwHWW)qSmfAZ5T z13^a**+q^$71+%$q^Goy)nq&$Eb+OtlsI$h=gAPi4MPl;`u1y9nt6Qw6JMB)t&Z`M zmivxJ&71a-H2gr8_h`ci7gv3cS!6ljo95YizZ>6c9p6fBk`7jcqhPx zx9Hkx7%x+~RE<{^V=d31n-GU?Z=7Kwz<7J;=ZWUWw(W{Wb%Xd6(9{*J3pBQvv1gXL zea<-C#jF?@t?i$(6HEY>$D{D2Q59sxt-8j~HZ;6y_WM|tOn8h!&S+*|4YejR_=8hL z|9TuluzTQZ??xLc_EWo$ya5Ji8T0U-7l<0R@fM)yz%Y;`fU_3Bxa^S%40@?WXdK;O z*+qId{S~AX!*?V7WLoa1xekL+Bdwj2ruQSn3l?>ExMfc?Gu%s{D$*l9XM)nhd>1@e zBHtkF^O zerUVlYCx}2V~brFy8BE)7`eEqg3O?Iw-YPm;n!*&xt{R?^G0%&I<0=L+i=wtkSax? z4P4>!fmro*xgt<-!rp50p9VT`-M<}QLU7J$1DHm)?W@ttny$`-_YqE1X#lSCQ%sONp<;<3<0bvFTP5@RBm=d+9B8B(6&-7g3*3}`~rM- z{dGp3-1}4Hrv-Zt94*Y72i`1X#Pc*HZ!&EhNH*b2I6*XjnU5b`)6I?6yz;(>!p66v zy7Bj~P?{4U(1j(ZcNPD8{fk$ia9WMGzh|GD@2`%`ih6#XKz~;Oc;|}BEZ*JG*?nIJ zq!Ha+v!>4M>8M-3apkz}{QTuWBkZ{3x&E>8tVna6O!LySbAZ!hdG}Hs@W{&-`N+=~ zxu|30IhWlTDivklV{bQP0+DtZ4qQb!oH*G8NF2~~Y~k*tbnoO{if3iC);%6?p6e(LCR|4{M@Q<$MSRq z^MJu+_qsrSo5FW-{J|e5nuTk5U=V#@oAudt?*f;sGNI8QDsKUOTnZ9ln&v&9V;Tkp z;tx4?9&j$i`@%b8cP5{~U9FV1?qA>4y2)UCAhP7iSYnDFHDRX<^-1T2iB>sS?X|V`?^Ik;gvV0JPnu z40jZIsjrBbE9YcmU&h*6;BEfb%WcfZ=AHY?mtE!t^mkm@_wBzk#~vq0K7rcJiJBj{ zZYM~X3AxTCACEsd_UL!q+>9=4EyejMb8HpMn4mieetXhl85)I_?y(Dkn^xl>j zvPHOlj-#=b-Qf#dIeGfSYI7=7EHjJZc*k|Da`(e~tylDBz0_T`f^5K=I`s(F^ zxeub>BlD7u|KoGX8`RE|AROIimt4>X^1G9!<#*J^aYJ4?Ykfa}NB+LZlD9jUe%H%r zcRTklg%SdVgeqxmOv_fP4_Eai{g9+5it3kj}CJmS{0Br9Ag zq%1`w&4gsGQ6!(*GF;bG`5Zy7FH>VT(ITYPK^E`4Z^2cnTt#MKckOZ4JtT& zRZqOeAHFZXVZCV5bL6>%buBPv9t7v!$FL9P@;fB=J#m>`HS@=KSRSDM`glE|csw~@ z&ko{p&MM6;(xg|BYAf2rFI?D=_JG_M`I%8}G#AoOQN#3oj|B|!;$=%J1ZUW=kwB7; z6M9-V>?I!ptLmuIoNRt$TE&HamtYVvY1W9Aa~870NV-y0{{)k{lsHdE=nyT#f8IL! zCjO6Nr1bCC#Qlocf($aDo7HENo0FFb+>)2PK1HP3&O8!i-qwZ?29x?NCj-T!*~rs_ z6X%tEzu=AF?Dyefy&*?rLBQ|xqTbw2L51c5=dty*CSVbOD~|xcF$3kfA_BT{P`=tg za8jCxNf|R)4Pv4E5vIxm_L9_e2oIchabodp4O+a(iMTE1sRaR^8}=<%yBG?4M`|vaW67~_liqQIV+&Tcv*p8? zE8w_qjH-u3(gW%7m|);|1-go`xD>xZ^7R?*;QG|eb-rIt*hgZOdUYl^gVis34~wx% zT)!V>RbL%F*F^4?;=}{HPIJSYw3GIbGDf8jD;+&hyKZBiua%j(P_=@xj-GOYsF??1 z=jrt98khghvpavu2ZIWQZq$=i?dS}W8z1+di+J7gA*TQ7f_=P42#z?vTTnm44mTo{nY8|0^1UrA zCFCdonJOb_(&Wn06@oN36*M^ifzBcEY?M-HO)BWZ6shGELPcn_E1=BA$+k=|du{$x zzSJdB-v(g9JCNs)Nzy@4!xjw_r?72+?oW<&*}D* zq_St_zWk}+epl7xavD9NzAPo+LZ>ZEk~WawbDn(mI+p5LxBoSq;#gnu-q7=a{JtUJ z?iK2#-^>Wn-NBeQvEL7w9vr)|a@@`>^`_Mqo%h&_hfXz(S(bLUISntQb~pDt!sklUh1E;P))8OKr4x0hWz$@1~2Wv*yz2`U-d?WO%BKq9SV{*jt*y2 z;HRa$>yp?p<3icuBdsejbai{zcB_9ki}GKl55XN3u$y5$i9O%pQS1f_#r_QWMeM}f zgM$R4M$dTCI-nw-7w)Xe)?{l&8uKVQC~HhxEo9D)|{?XwXP~r+$rF z9d>fDW9jNN@j#^(qOjX$@2X4BU4lwh7){h$@CfEEIYzjoUQj!wi<{cHQd{+_1CXbHepoD83?P|lJKK9a8=#4Tu%e8_ z;;xRh-(&k;>^uH)jq#c$U!#!RB)g6zsf^h&Fdq$iW=)F(=8-@~>7Zj>1)El;;FuTm z%qK!`Vum0o^i=~A)qK_$GzVyyN*g=aIr z0!)FF5)P!9_6fd2sU6t(Rzqqo2nz4Z>cZH#E9`79)cZ~t|DgT9nptq3Tj=ADo}}g8p>z3o z`J`+le}VHcBv%FKJH_W!0z?9Bf+gun6=G6eYMB0y%P(5d95Dm`XEwX5@4kHkB|FLi z0|?9ymQO(930OKnAw|PS*nrM82anaLY|&D?s5Wbmgwx_zMU9*BGt5Q>nB?i!!g1l4 zIfZUOk~Yo^@YAP!;mDVdToqgi5?3rFS5}U#Gd;6i2iUH~RrB>re!H0h{~V1mkuM=Q z0In?J>y{@7>29=IzW!Tc^9g6#zZ?lp-Q62sE;Ep>&efA5!X2>v0_qAN`q_AiM>4gd#|>2V$PPhK#}pRT-FI&;bB!?i003u zd=~>GRDhNe0?1v8Fj#6=nB+Oi$$`N479sBmp}COk82HB>Rht78Vs0&8X?3Ku+Ajx| zdA2#WdcpiiJ1z zss)H+$8t}$-z}dLq34|bD7x={RNPv2moHHA;+T*+q2_%sAluCa>+#S<@p#|djVjCV z8;KYv!2CALXX630al#qlI`OEDtI@~#rp!9~@#MB>;bQVr)Yfw8;Fm=cM8tWsSL;Vn z9nZ806g~ok!28g+W-=5jS4UNX@@jFkX_B>rC03|5q?H*D@lM{HtI?dqCNI96Ch=kA z+>z_o(vF{Pak2E4PUNO&pnc#bjS7UT?4SZ&&8<*{r(Q0Qu$IHew={W*%jxis|79Wd zU#=D1!0_6otuvO%lMKB)srCQybk$K!_HTb1Dc#*6VSp$|GrA_qJo|sPLgta;^yh?$Jn$_E4xrtWxx3RBiPcnEymLO+fM@Tt_AnGe2D9$ zs0!~Fr|!2Q2p|)4yNqZwC+`8=dk%ax41pi+5VGtQ*0k4HhXlLfgI6xLNiaK_10UdQ zU6q8p#v~$Ec(s}-gZ71@wu{ZZObC{U1Nl>eP-R0D|vEc@ahH8btZu$ z^{Q|})2A__>v&^r_?4AJ_}^XwdE#CPf7-c;f8C0GG-4;w)uYK8&GXZHIT8`8ml=ER zQkb6wkI_?zE^@gG@-s##NZOY0^(Na6p!0l(h;!OD;KyEaJBkGZE#>Nv&t7~jeXdM{Mk@vFPnj$K2FdA&yg|V`Iq$J**jLMW%$1LY#(*% zfVNgAZafVFmKPn}aLBa7MivHQ@W$1xS%@nBjS$OlP!CVT@=AVv2O`Qu+<65`delSk z7|DEJ%rn73`M~!LL-?qx*Z{G$;;o3q_t8qYp6P_I>t6k#&ADBBLP3?7s`lu+q{5f# zJg@?;Q-)7=?}_dZXrtc3UN#PjJ2b=e!7F}0`B7)lQD@QKd{UFwrc}`hQ@u7n>ohWJ z4VWm&Ctf^62&A_e_YcP-><`5Oci8w=tbT*|Gfd6<+K*}~)GnR`M)XFW34fiP3ef;U z$J*?+cyGwrApvaH@QsMcehN7#A(A?I6wbU7#tzxjX(tKWy*XbioX=32ql71S{%Kr_ zzWrTfht>(Zq(wK8kM;WmXjsz$(5kuO(W{sbRj^?8^UVh9u<33@@Wu#n;@zw;n;QOl zB}tib_Kj0h*Zvm+{oG@3!dAV=yKXJd;pW!TVpV5lqCHgsn@&=9OR9hXbVXGMP!93+ zfqht)5b|m@kREd!)89?*I?^>qk3L}!_@_iH#T63Bz}Q2!EYWMh#qs)6&eQKL{53M| zqV_Djh`5g*m&tn@ePui^xH=JyO~i9PV8CmqA$`9S{4riMWnUh~Fl9hrXm=GwHde=J z9JyM3E#}plI-9avMj94EJBEFbKxT$aj}~~f9iH!-uO%9s#H8X zImZK6QLop-s%QIS!kChW`eS7_F4x&ASM&?3I+dnhLo@3CMF?a5BeH`*uO60IaEp)$ zKY#Mr(ZLj}%eJ;Gqw{1i_rsm}QV_=Ef6}wxy8eOL(S-!Rm9d;qK=-3k=k(&v58Jnj{FKM=yz(`8xVG ztgv|#IdjUuS}-N9J2JR|#xi@{6K^xN541g_qYqA7%B);~pOUXg=>eUG(u6L;bEOXd zLJsRmX{)Ch%t*5s_MJ9siE!+MA1GXuDo|nSQU3=E6rp!>1My^oUNj+%+b<=tfW^}Z zLnr+CI5rD+tH*)xJN@Ak+pXW??CUO$idX&FWrJLrmguFud3F)YhXBmR+^TR_us)!3 zGy5E_dYGHE(oKXrm3w=FElIbi!#3o)bGRIG)EGX%o;Bp%QIq0u*9bx=-Rn&vN`R4pHmj1Kvp*+vNJ=FWWm(l+=)t>s-bJsnC2fuP@)wKWN z)}-wJ=k??I%IYKG_QuELxYoN!(Gr~x{)*#_Cn53nB~d;#^x3O>(?FKJ8+iau`@Y=+ zVbHtC>Ij!Sj{RLAdzrZS2!|u|ioZ9-(t;=>y{9t5>N^i%gruh!DA05UZ2c7)^Xbu0 zol}w6M%RaJSuxm0BF{#I{9Pr>{Fz5*Vc;Da&C8XkAuF$0C*%hn-0BrzWjJ82oG?3 zwCAp^6n4={weyY30RA@DVFtL;yapO!We9h0+s|*O(>P5^2Ey6H)@uSs#@ZWl65Md1 zRUsp!0qzcR)7F=89Q094@ptxoMs&(-DtoIxQP&?ntB9~GB#EB`6E9Dwn%UZTxV`{r z<5{qk7wqPfsVLEF-$8!e>QJ#aWMh$>ta&w7R@YTaA&!@1%0-Gyu`juwfz~Tcl^};DK=A!gNFMRN5~aH|)_KO=Jcz(01$Mxlqs2BZF^`ee?TkrqfA;OGNR@5-CmK(54MFiHFSgVsBDz`z zKFNfQT(6ADN=9~_9}QG5LJyo$YdErQ*}TkVpa5jExID5f&`3pLrNp9}M6f_ldaz82 zx3zp7x3=OUF_R2TljA1k-tShDNKLcS1;e}fVsxix?l&ic!jd-?*l;#?rV(MQlqPYE z=u6ibTFC>yf`FdgGb?p!Q}cRSM%RK~4|o;M;Q5Elx~wFP1@gv^JUcgBQS+tcoY`tz zT};)&hho%!Kz+@B$t|LKT}qEfELMC`b!0Hw9lVr__dEICJxy)^+|j_N(`1X`Mj&q2 z#n3`2&~x~w*EuJV=i67;ve$va7>HUxr&RkOLs57fEkQ1B5Z@5bU(le zo~Wfc)yH)I)O*oinIgvXvp-cf*@etVt6U^QQ}b#2B*O&16kzZ1l4#sFE~wPRp4rLQ zucSnS@+lc43xu>9Zm+gF1{%fsg*xh@yN-9pa;8|;0?J)xR2C!ECB?e>fj?HSnqv?l z7fL7{;Xj3+BBG}|FM7#Gu72&>+`E3D7iXCG;mcT`Z1Y_w*EAZ>w^ost#EEsemz~Be zMCD7rQa^5gsPsjqC!q#bG1~}C7A+Cni+oMiX@ouY zUC`Pj{3@Dlyju>#D|K2X`eXwYOh&TMPH4Rs4?$G53%fVlb&9V`$-~%szqnLujk9ev zZoEGLIzk9pB5G@6P6G+=PQ7zR*H&V(kbr6}tl(Q`TE{i+$P-vK)^z1FsEk}p{bBR3 zIOBf+>m zOV88-W?cfpuOXYlcfKkOXqLz^3*L+KoZy0DHqm-YUO*7bMxtFhk%{JuSzTaK{Ux-; zTlY)SNqLM3pzlkH;Ny@;d%1w~?>9fOSbT)s`44|MdnoDz+tq~-cWy6mH`n#V3YARy zE+*8CbvVRV-)?+La&%_%3ZC0wgG}aYTxOZOrhR-kIUs|keOpqlIq^vPLe?nBu1_c7 zum&javEW6LQfMf<)%dF_nHc8Z6(U`#1{}Zlun=FFAUhXP6~{!FFUicEp`ybdEAtJP zL5hoN}2hJ;2`8lIkuL7MdZzT~)`X!=4xx&aj_dtZ#WiAd@P#)Z$E8?%vx_Oy(E^g(z6U7AtC2y)v*(ywmQRWu?Qv5c{)PQ5| zD1ZD&!y%)Y9sE%m=XtgaZpZrvwK0lza*>G;@qevay8k71=)7|#XvshX$;F!-L1K^g zG#4^h)Ldo=k!&>qt3uDsK7VEYBmlG3bB<*^B7#){A1yKnOyWREQ!=@Jc5Ck}1d~Ej z1LpaJx+A5x0U(D`d9o=l>C#0?5EDP%(4enmGsAPd-AL;C1O9WFsvrp`&Z)`m?|x|U z$$+x#!*lG6y@ACZ*n_4jc5P9mPmQqrp%F3@3muOF;8^x43K94R7mHonp#ep+FC>L} z6}yfWhe9`VLjwepRH5Er>IL*BfxXKMj2bR^9rRwXJRI%9Kzh=i-0tkFw@1Yf8=yCv=$uU%}6 zQ7+C97q%5&4@jV!TxmZpfL4Sl@00}DW^d8n`FN<93@{nZmH(2!G&Q8f%%CpiGsG5! z&lcGCuxNlucF8Sgc=u)Lm`ZSNMXq4M8%p2M!Yk6rWW`#5<NorP(fIC#GsTcN@*uWkehk$YCYq>xU<=O`>hIIw36Y(6+W z7|N^#p{W*%m{1w*^#V1_r3os4-aI5*P-z7q=&4f=i(>P3}Jd#-Z)wO>_^%k zczIGXch~Z21_TMINog0Ywt!HPV{S_JA2{SP+lKf{jsx)=YLv5^?+#Vd4~0~w4UF)3 zwa=-24%)Uqi7-ml*Z$SPg&>}lbw2PDW=*`w_#G2h*Co(>@pDHtFk%GwhwERGIQ>8A z5RSxWRWkC5Q^R*S{-o7FU3meTCmCAN;h!o;f^x53&4zJHefA*FCuy$&_T2@t#4wec z>;wSK9+9%JfN|6x1M$J~gA@licCnMXCiP}iCVE+3!fQrCjoU4vWU6D)81y(Uq7RY! zXuKft+XO{Qty~QxOZmI$$f!7=%Q^NZVt6QFRdWM1cC(Cw9>gJs2T_{_dO({rFUh571*UAkn-eH7(;~H7*u7zf|GxI{wso$5;f+!z_>E1SX%_qdB!w+fi3=L=m*5<$R7I4Aab)dHb03l8e5_Kot_De*`xypn`wWC<7-R#?HUUMrsri^A8lUn zPODw9iT+R^IxOf&#wnTF_hiAXF zq)>~TIX=su*%a}gSHECU*t@yTNi}LwV_99gf;Z;^4r-wL zrZP5MRDcwxN!^x1i;hIgiysp-#{CDKIkp11&qDWCG4tH$&b9&Mj7Kw`_35(STm2t( zV_kL89+#(%*jxXnWx!Z8oohfcfi}lF{+AMuCmE6A75dDfDkc=}SZ18SVz@8@|;?prT@Mdl&YJJ+l~8tEW2amw`U%gf(;=U|5- zynEYHWIcPr2AOc>KResO4unGtT)&ma!I54w`1JUn87cb=Z>7tU?@JHvw`WA9d`J9C0PjssyH=)v@yXz~yN zxBe$qDq!mEMPNyLbLvjXq#yK4GU)Y3d-5%COzMPyehE~^-yju&+|+bFy(2iNm*A-C z#l)hG&ma92t?ePypqakFcYTR~Ecdbpj>%wYxwSdjFxJlP7H%|N(_D3iSMD741n6ZC z7}0KWM?}jAq1sGDwj?lx3~oe#%=@JLG5)bo;RQJWxyUV5?~N#bLi}tB{9Bwb;dz{7 zV@e<`OUJt%wsgK+|6tP9lO*E@Vt3i;p&r+;$VWEu^lnZI-;z@<20>2awlmw|Yrqm* z4sx?sfU|?e-pENGH_%iEjZu+$2?U~%GD zsX1vSuud$(|1a;#|Gy$w9q0Y5FJI2@Z7ds<76wti>v&eV^OSe#~H?BvQl{NEm ze*qb0%%lBI7;1~{72>RWK7F-EsR?QlyNH}}pI^&*2bF3$t(h`? zDrqO{MB}S;y-<)S`EY8tiSD)|^``XvSIoKe;Q-^|pJji@Hkt&GG>w4lCW^YU@yLc+ zghLt3pR1&qW`=Q?KIb|)Xa-#WIRDj!uKdvY5U*R#)1n{f-|0?_NhDr)zUCd<_^iz0 zPZxsI3eS#L4#~uOznN5t3;evuL;$t&?3oMyrPbha=7bVaR;5IVrN?ty#cy$Ob*uH; zW<}tr!cb8jDBS6Qrd|h^X?%?{ejH&$`_kUJ{~TAa!SU$)H=)>w(}O4@eCdC7o%~Od z?8jlGs6#6tF#ylUjhtJHd3gWQmZT!G{xxA*?f&=j^SI|9eLd@(KC3{bhI-Nqa3r}04xNALX4@obF2C%tHZd#EeF#|H~eS{^~wT?+}RYY#m0Hh_4TK`)o zxDu=gKwmp1{oJ~ajVXT7CF@znL;=7m>)5guWEF7mJS0Y%i%8n+-LFAg8IM*k*K2ko z!*%leh<1y*Q5TU<{AX1CXaY4-#oucYo{` zd@0j-2;Vd#g!r{>lB+=Qi{*VwL6NTZKsEVKwRaYG>?G^^1zcr9=_;joLo0iUT@1)D zk+o0ZCxndIoBSM6fSYKSgek2FNMWpG!QLllVN&4ex80PTXt%2PrM%$ytX~RuiGq+DTp5DDh_*R=Z8-+F$6kh8xM6(6-N*&dl%d9V z#2F4rg-6+ND{}92orXWbKi-lg#@Fa(@{nJBRP5F= zQIbCk)qdN`QP$XV5?J?#pU>itwC)s$O%q5wMz3Z^4mD)V&ok`3R9E!nf_xmkGdAab zlXW5@nd(oRUl^Z!c4VNqzuD+Bi*>N^pL>L ztx#fLix-xX820k?&vrU-SQYWD(pl!{fPg|wrkssI*{m$2bSd6)xeDr^UP7K4vS}aM z8!yvCq5Gv%zpQZgjZ6=ZjUYOP*6Mn}i22iq^n<=-W~YPY$Lx~0PLl0NMOX2;byH3l z6NS;+rSrmW;oT20XN{kncw+p)jbXooO**@j13$+HD|g0l1#=0M$ng={9;~&CRz?m_ zT>ZNzZR&p$DO8!9ab-)o#t{Ne!j;efqzZQrI~9Qe=GEJ}+lZ!c(o~>%ax2JxqNU`T z=m1Kh0UIO~2jd6biP?I6v~XuTJV-P#)w!iZ=jco!fFcrKLq(p#4~_y*89-(woZb=9 z+_A$2(?g2qe&2{)G(DzK=`LfcF5vIX7ZKhF=fD|{b;3RJWc2!-alXYdjWPHcX`G3cYJMiL!$P+O`Lb#6xp4ec(kqjRa5aaNf3u1 z^BCDx2?4hgd+r(M!Q(jB!)<&ncTca_m(sB6D{o$WA)(C#a9@33r;b19F?&FWSQ*j0 zBXXk|5ORX05It^xd|JCgWD~UM-T~tPu9v;Ye^w5H{$kSMTkMfvKw+*p;lPaRN0vE0ZtBow%724pQ(fM{(F$wO8YJ@nbRC3>#4g zoT}k8VnSTO-h19I?99_c5swln{m5v| zRt)tB7ht6zV%Zn(tdd+I@tWzJH*EvFuC`k`ELSM%72wz~3?{KrbF{ZjicoOKG90=Z zi#&CrD?K~hzMfcYl_2Z^u~U^y?&KKEerf@Z%+MXQG}SYP^pvKQ5O<;*e$jt{=yxNAz1MtcK7R91{Y-{q3>Kq{8gNW zAq?k!28Rv|4rj}i>p)qm`Ah%{doWvvTABoVQlU{!o<^w|aRi)C?8V>&LWhQT zy=_y0T_bOWmTpPYxSk-Bw+#YPMbceueuj<>`1Z6Oc1aNv!kz$#h88VTWhldDwT}vl z7&^&|(>SV4r^bd%JT#A&raETk!xPJ7Vu%K`LxV< zKHfJO!Y*G7mDj;?G)lxy!;1C>|EQRpL__dm* zqn$4Vg8lXHOxF0H_fs0M{T85@ROB#$MY8viwN8Ky`2ZZO^OtuySM!|O-;}`Bd~vJD z9(9?2JbA=zQ#x&JMtz+IB6CT5>-#GzTezr;ddaMeUqsNPeF&~^!` zd~I(vm>n}8jOd-~IG4Si7|BIEcKRs^Ko?*Ym;Rso@kZR)`2(WCgL3Ha+yQ+PS{Ifc z&3CYPiRf`Dhk;V5jW-azpLq|>oO^M<{U(V1_%Wv(?&}%mBGs&)1tK@n#r{lHb>c;I z5n2?=`MOGP4e4Akqo<1egk|)<2%I2seCA455mSlBqWDn_wXo{jae*J-^CY$B27g@N zw;LL;Lf%=t(vCb3|5Ch5cvI5ESC4wESp72K_VFyl=`>Bn(hxSwbcAAkaCIPY6+O7} z?}GG$+W%@ZX=X^`BCexFF$!uMj<+ITikAS`@O;ixNm~>(-su!hE_(3rS3xm>iLg^A z!=S@`O{iS=Q1-m=1`Dq>=jOp=;O!yuF-ugpWavS&hfD za5~!&Axy=XFV3ph&PujugN^I9C zWi4@gVkwjh^KTC!xjn@y5wP0xHJ$cz*^r*?m^pS|q^L)yXvN|STDRVe(-H!-xwhvX zArN!AlpAjC6D-5l)-BU3)KV8MclBcomWicdRzr6mBh#PG6>uDWL=o+wc=gW+Qk|9a z3`h$MWm_?}sbF0d(68&{2ETkzrFqYWRf-}${LT?gM5*ceec;-VB_J}VD&btLUMJeC z_19BIS3K4!@%>?w)u|(!LyrkE{S#DPs=59dsc@GRE;PvO4rsqc*U8^X=EWHhpUUk` zW0k3SLujh#!~47ctsDKfO_6;XVvmCuS(`i6KT#`n1X=Tj{jE5Ni6jB=S}f0!pzzfhbKcltpJ zr$~}OwE!NgOGqjn1ueBWC~c8TBsu_m?{qoAV`YYJA_QkH9A-kHG(^=PV(uFH{_9ij zi+HouZ;4a0XQfK`vFmns!_^H|YCy=FzZ!PHR(Q(oPF>F5JAcU>Y(|`+76#dK^?0Q` z$}5EfWp|)4Wd&r>K;>>QSBKt^1uU!S5z=3WJn^Vhp;a)t#avaj;;&v~Eg0rmuu)a* zAT%+10K8JUDvK6foaFvvYt^)uJ$TQpIXdXiZ)6=-X4abMuuWpOj)b9nlN1ztAifovVB!JYE0#35d12Zj;Q7)v>xG| z%``?}Zs5>2?{PYmlb;$O{C)CfQc_{E<2_0P8pM0|SMgboSwY297Z5OM3G?N4xNoJn znuAavd7`%7-LsX%D%el*803AM64hK(_9T2uNaHM(RD=st12NHqNAO zv%h5Z>A|lr?|OIgOLAiU-mQfigYgWBvue6ca90Z^UI3o$C}{{2)-8rKKD{eR{z3_d z#1WU5MaDZl>G><!MfD zyUfVpoSG)|?Rpw@z|OvO9V>A@t^$<3IT-X;VBBjgVW5kZ-{bvb<>?CegNvD?PhN{T z%!Uo<49}`^1F#|$0&C>H=wH2YjMF>p6Db+{I9dKRE~?%wyO?s@8^hl7NjglcLIo>7 zn%t_wN*X(&JuZ;k=o~C|IPrm4x1|?^z{(u0Z?SUD_ghsh8(WBwQ_5wTd*knP=%|#w znh}b+ZnbzQgISz@P;}lN3S8glVA(PogTm|Xr@tcDyRhF%dM9d#+a3d4V_xxR$6V=z z`W0?~B7|<;uzDwJ4E7&4Vn21Tl|*!IPyl}Nk83k-Sn;Y!cU90K({-z{W#pF8)W^18 z!0U7!2tMZ9`En#yfl+qpF=7;8<@P=FitseLbae*zd)LMvJ5lVqFbq0qsrQ0MzP5ON z^3A(0)l^k+jK2WLbELF#ur1r|v^~f+Ok#2t_!+mWJak$ds{4J_5{>udX|rN57u|MN zhmin4hB2A`2iYLVp0Ihsn$caz$Qp1*BbA}gctKjNs|7jEmz_c}{sFa>VR^6F2@#QJ z^wMmP1s^3;Zu;GKoQh{F`1AU{my7dc`B_Vv!jpffGB@LY5iGveF9i(`bb(9ly?_X^ z(WY0J_}A6KqXjO)_8|9rtLf1AG&f_H0h%Q8W#z!94>Tzf8v%dDof?Yn=E>HtGA2a| zD%yO7pGw35s?i=CgWU;XC3a93sWc0G726 zVNx#|z~I;35scn?Uywao_T@H=)|pRP-=h-qNR`<>ShSmddxP9$QR&xmE~ul3j8x7w z*UJg=c%|AGb=zTV>5bQ1fYM?Q#6@6`iZz@v!f{P=VfCe$l>L!8$$%5Ajl=kT-gm5_ zZ@73%KEct5aI9Q-SuX6Lm%J%_{KpAr4^~5?81PGvplf%5`#cDHNm7P%Z+c^kU30LJ zO%!0PO0s!kCNWbEvvP%0Jl7uK0bRD8v!5fM${rJ9K47I&RX2Y@uyL&Yj6K5KGi=Iz zPU_9p+*S~PGI(`^t@EOQe5_md{s#$=Fd6P#If8yBP&{K}6&+513~WkA$-l23-;rw~}i*P6r$@F@a!-J$UFT$vrr8U;rUMY2;lI12HI z0Jggm-;tS4bQM%?WnOVI&{TvU(U&4Yc4O)PD1-dc?hE|0E;toOJ~2=9wv9N%!(A*@ z#T9njhI^RUpFdo{6xaBHV3d4eAp5&lIU%X}dD;_vqr7cNgQPp}xJscWH{m@U@&Qi` zb?NQazm>rRuP`5%+9`JL*)#Tv>lRbE2o`x5F%v3M<cubksc*+coToKHPcKK8=PG|aMY}pD91io} z#MyK4z6V#K`d$B;$@U^d{3YK!wcLYawIgeA0$9uVg^r9g^A0ug(JT%uH()gsonx$B zmb0@kbMd%it>huv3m*`+8%hoj3q3Ni=&FzF0Bsp^++KA|Av@gt33GiaB8`o4<=9UD z(NiL;yT&=ie_iKi;Obr8JM87rDr6&)-UoJKI?iESm6yv{ZiC#~-+Ql4rmTd$-Ji(% z7JH30zo4G%ZV9;g+el^DAnmHprDd1&JuL4g3R1CK3?XAc8{%c?Lii1%#p#(qs-ADZ zZn*Hz%nCn~qfl;`$`w#N(QLu$Dxq9vF=vdZTm|(q5<_#luST-coZCn+b&U~LAvmCF z#jb%l_A1(Cbmsd(;1s0Komk&fDm`5C+J3q7j{>oZi)Pj#USC6^wc_MLk7U{NMHuDC zW9NfSH^aKGP1|@Ndl=6@0maAvq=yFMs=M$jp+Y%Q#lGou+-b+GuR6tFjIK2hYzRO1 zM!rRPOk{G9H8aP!Yqkga$lMhf!eLhXlC)GzvWA0znr&Aui2irI~{BKd-cVKy3sJ@>;lYON1N`w()ZD58~E?gqKPzVLa_ zOW+IyYk#d&@Z#!LMmn+!vlg@20NL7ehdHiTWM93?B1$B8-SHejv;>2?&K(gwsycpc z8&`kbvw!8fhh#pk6mx-#BeLxl_9z_K0)7ZP6NKky;zppXfqj-6-sG@SLgv*g;*{BX z@w;D^GOPvY5xA2Y^xix79gCd>%mX8S6KR}&1AVA+&{~e%KW~zu`i?FUZCiyV>^6{=%G}1z zN%L+(86KJVc;A-(z+$FsGM#Sx%N4VeO2Umcc94D1!*7-#^?;W(r~9X@uI|D_Ozt>- zSCK}_}5S!3t2qI{? z_jae)I-I=|+i{3$C5TI^He>g2uR+2#uxf-=>2VzCJyOeQQW7IOI%sZ?5B}{Boi5NV zoO+4!5aU>RntSpj^Q_dnjUzQL#o@DD44c{Gn zQa?uIsXt>pzY=pO-_pf!jSH&>*>7Kc0C}1XZR=E(2M?YrDfq_Giu3PFS{*+ln0iC7 zOW#1WmfY?BIS?3Rjj!24GK=V0!FB|t6THxPD#?yDBl6!DuX46F+_7GDG=SQbB7 z_82|c__=55usaz#K6scLGDe|a^Bx(f{6@Kmdq*RI+(!I|e}X|TO|e!fD*kht@xFvu z(42_OIEwkq;EiN9t`bEbo%r@6LR)gC`!|4V8j3q#OE>R~8Q}q!7hUpcvK8EjwLKqA zypZB$`@VN?lkW1Z!A#{s7(4f|zK*7L6n^{7rHfJK&0m4GIkpXfgy8IQ zGk=Im3_i3L0xi)~|FvjbkI6t0kR683ORQIQ%DrB0>HLXN_1` zfks#d+J~VG$x`H-QV;66r;TzFIK27z{j|J&M5zJ6dtVT=83B4s!Z&86*kog|_^>{hrsPr&(vKqk%aknvCehap3r!5eSY70oNbeI z{{5RP%>iW2z?Q$Y)}a&`@f3X1DT&0ckOS-c8bDSEvGoeIcSQfqIJl0(+BUW3LI$s~ zSI$V}bMy-K(rUAkj6P>Qmo%i%Pvp!WQ%4q1M{LW5+|po|c`Qf$o%^u^8ma7UI(NXx zqDRXH2w8TZ?kpx&DWITHa;I=Q* zy>#^!JN|WdEhn&BMy^RCXWpe_9{*!?!A@gCF%+2Wt;+7I5bT$`nq>lw;Quu=&SA}y z!B(=-h|oW{YA*U|@qH=th)Y|+zSd9h|ol%X+ zZ$Udr|3+8EM`gLuLwwTgxvVn|;R54bS~THaHZ(RCmS#gw)N$q|NmU%kYtNFWRTxEbatlA zY_Ej@oBSdfJB*zJaz7#t3$j0j+!H;HAmvh{r)hS+D_lyH>O_ z$4=Y<<=!?J>r-HV}ncTBV2zl%r?k^`B=`SZ4`F!5qDxYm%DL?t$ zMOi$YFC$3zbgN2MAz<%}wjEUxDRu9SYrx@Swlh3g$YSr9%;8!#_DXz{KrHDm1y!$B zK1K-QaVJIf2A=zjvg~9X4bF*_qKXKhb^496bd)xUcANpbVOUSK8#YU3>5NvoO{IB( zvz&5G&lPJ|X8hWltJ=LyP?8ydP9KH=W_IZgNv zli6la{s@P|+4(F_)yIyZh8Ks!yV97fB$0frh3CkgG{vxc{Z=m6gRRQcD2+gFuN@H_ z(<LokVuN?w^pm1R8(eSsJA+3ATkL*m_|=XNyIw0z$=`|o5WmN3}s zdP3hq!HQ3P{C$0mjb|!aH?DH(I^{;|QH!qRTPx?Ch~UwM;Dd%a$gJ5| zua{X4OGc{EV_Gq}=={lPISj*K0FZ!{^HN&^Ldiqj(ieKe_( z4nN7ZIf2%V6?Sn{v1rM=z;O;eH50SNT_qCnr*LC)^y-~Y1@yY)Bk|I2{lScFm-q6R z;P;h$%YWlHz1Q``rh$2pv(B0ef6;{U>vHkKTnyfld1;r5N`z}b#Zf|0)(bep3V9R> zasHa(AGuKsOH=kD9HJzT-Yruw6n3X)b!goMM?l^!wTtGl+NP_^A1W`}MA5&pT7G5z!8E?|VD(*p?7G179n6{5{OXA*DLiM$y(& zU`WxcRSlC5H3&Z@_5OgMs~EM$)So7V<88W~ampfU$u$;Tqb6_9SQf8JOxu(o3KW#N zYT+_{t%3)x1~Z|buAQK8y89o4=nu|Q>JOEy_pB~=kFKlXTR0& zihI*Rw*uMcV>G)ZQqvNoNAoqv^238=tOpLQoOqG;K(M17*N>i(20{BK2TD`o>`~>q zhro1>?Wgbke$_teOj0qnxj&eJc-TF=nw)m{wqe!V=@yWs)Pc&zm8$`wFS%-~@%ow8 zzGL*1M(=9JFtnUENGiWjmZQU?Q{G>VAD}wAmgkYvcigbo8xKgF`}d_7l1O8+A!>yq zw77vdl0|$XW;!_QM2xxpFkW9cms|mZ+W=R4Y)o9`W#lHa@~&N{EH&C`PE9mXQM!t! z#%V_sEkV4ajtPf^F?;490{nULH~m8r&G_2UMm->8H}5wyG3S%@C`lJ=>I`k)fts<^ zp5r!H|MiymX=qYnis}C0q6#to>zpKw@;x49ocC>LMIXo6kfBl12I%rw|-5F@A!1WHdrtaAO3K5oGiazBX-)HI(Jw4hdQWkEwcQ~DYozRP;zzX zW3iAD2Or6n&rF%i=Z6xT0?nP~a#O}@1LycRf-EQ0!OsW*Wx=@aA{i{CIDQBnOzVTJ zGnWLsxhGMa8b8YNPi)`dz3;YNs#~eJk|t;i#S4aerQ#*k<9I!{1IR;!`>|pLM3k z;_u4Ziq_B;eOQ5htC$!7i~gcl9!GvWE)&_mBdEf0YG6x&Vn4Ry9O~0mpm_JWoANc^ zw4^F&HUlxyxV^M6@)az4^&OM>;?n`AV!?wA60@FhKiFV#{bKy4jUfK;LU6xp`@b)? zO4n!5guh4K3z+~y2GTUveHQVa?0eEkKH2A^e3UvV$ct582Q^X5zYJ$F8?YG<4a^%U z=@lLKUJ4$2$x^u#2_fF>Yp!rOt2LDu0E9@e)n-`BzP4N&Bzvo|Y}~3T+*8*6)XM;M zPbkt4cIdrzza11esR7UsfN`i^Kll47UN5oC_btmYDb~Zal~v|8m4L;EBj#v@Lh>Ff zys)!(Cu;(nRA{l+|M`o0b=D{k!auNCECz4TKLqI+Zu)@1vSd{7W?5idcj*n^d)7(7 zi$j2Fi70XNlUMm$0InbvWJ9oElK+CKomsy6;CqC}X_h8@;)_-OvsKbRA4Fm1u@{Qp z=ls*w_bZdt2W{&Pn&#E88Xn5jG(gQY3G-f(;R^_8SCXAbq?P7A`vgzy;+wb%N|^R1 zeG=&hT)_|C<>tLt=lc@i8~A5m^nk5bhBsxma2+}^Y)_CHHj}ph{tLfB^Y~@pW_8EV zZ!P{B@UIo_gc{4@#I7t^-axYAHz^}#Ps(SbHYT;fh_^C9G*^pLdYnp$lqjn1?b>? zdU77;bCBWBlQ=F*71!Q-`B-2P%5Yn4MV#6q7QsX* zas*p*+$FoPugaGM_MC;MTf+O+9kqEQi8`#5MZ@GfODcWU=Aa~aN>Yqx`3%3=e?DlN z1-~wm)d?5$9`?J;6~Ooqp_wDU2tF~sFX*>);h-(`myYzNU_SX`(57{aEo^GAQs3)!*G8c8K4Q!ybH3EEj+>5?XXj*aclaZ zb++cGkbWpnG^~<>F%b<;LoVs%jx{*F&VQepR$l}dQNLII(?(eDwTG>(BhReiJ3v$U zJikgC==g)8E@q(&PKMwea#WS%{2bavc(!~HMsvLKdy;MU{0^_j_ymyht%RC)A8=_R zJ6wN*t3ixdWADWbO#G?ei>W6&znSaW@Xx7MDWlqYP7(AJV=&vL3WbMql;ZP0Xi-## zv)+1{(s|7}5g+WQerb-_EJB5Ye{?8ZD2QBB$9$1W^Lz-llAfjg`h;CzN$HWrgY@?$ z7py2B<3&U|g)nuhrMuBovZI36i>G2LTlC*T=k^*4p;lyiw=c84zS8h@4)7_6SU2!P z(r68mnX@&6g+iFHQIF-?IUJ-#`MvCc zVqAR8`^OLFpL>RG&nZli30DG=7-op0_(`Vg>g!c-Q2?J`MO;7!VvFJQF;J&fR7h9E zes2{{B{A6T%e_L07sL2lZK6%0@V+A+R^~jarG9r`VvZMMoUr#?t_pHejP=IYeBQG- zEN9pN8fNwe1)xaQtHtE{{RZf~!f{qzcV6>16JLQM$AD72J6j+f5c! zBY~{9L`*v=*v@sW%1mta^RDEge?FdSs&>KQnxdk26ymtPd|ZFldtbUu*Xsm}{G;X| z9K}`q%Vy^e)g#?TmX*gWoRd;CuxUk~6Jq-ate@-oGx8@T&sng%#vH1ad+2?;(thNv zpF=#V*K^!Ujo)7Y3v()-tm=vvjvZG|qZ)EY(%Be#6g0OuESx3E??p&m})L%ns+g)X%;(g&!*v&>clNM3#;v?NhM`bvg$XJGfDoq zjOf8Ngf}Dw(I6!K`rt>QIJTxk*AOxKe~>ZtA7oI2vkG-sHfM~xxXtg0C>-zQx;SFm z-xJ3=FP)2pyol7r3@kdxklA$Zxi8+8S#q`5KxA>gm-Q>m=F)fA;x+$PMmsFsL^oWv;9M_sb8fKQbwzjH5wl33=q zP)R03Ncs)DLp+8sPx_3X+?tWihAyk3IpJ2Fse2hG|aCjH9LAQU#r2z@{;_azr=JaCtQyHij%^2Nknj7IpG_fARSoag+41o$n_w+uZuWdnxt+ zd~OL=h0%|r))m?-Tl?E?0@2^%!~3a!@#h>`wksgnu~GqsCX)Bj7z@1tHGgndzUs3F zDY34OP~QG+E-#jf@>&|+Q)|ncoI!3*nN2Bb*hI?;PT_Otx8uNniwEo~)HHtO(xL9o z#-G@z_h(;ja+@Rkl{u218nq(=DK1+do+l1wNpWq)!bR1_hkBe?LNS|eK9zxBP8`K_y=jjbhgks0##*Lf$ zIwO=Fc{PFgLe%JmwZaR91>A&nIm1v`rzrha9L!oNjcMo=G3lP(i7~^yfSjUGk0Ip* zBib}F-DG9|Vu0R+eq>mI#Z0YCQVeMX;4?L_-AsMDLNhb=obm={%~&b~k(rCCiWExe zqewjw;Y!Q~RjhoqP<~{OgYf+*L}==p2D!V8yy-|U`G69OIfWfDf!Jj^?Eb}anYvxN z${g9xmu(|*wBq~Tc29$^#{7iP{P1M#2I<(^MA5|G-P8Q%63kT1)gJusu&l%B(k&xX z=hYS`bk@aZ-+WQ_G{ALC{aK)*)=hCLsgVJ*=en+5nK&90LJ`l_Dv8{zuV?P;xec>1 zue!soa{8g;kB&fl9BI_~0?ITaIwK0IopKKerhNs;g~rB`O2s?rL%pLkscxx8QNUhr z4)I9I*nhGQ@%~ozSGNU>WzSYU?uhC@YcES&A!1g}bGgW0XLpfPYI(O(EG*;oXG-v$ zYgMkBLk1>d;=*n|r$aQF%^N+m>W5Bi5HA`04JasMVW6e@D;_a+3Xdf0lHxJ=(@yB; ztK#YwY@7&YHXC6tB+XywhG8RaRDv(-q?P0~IiB3fvPZjW zt0MUxBEdP1c?fgty16!GJ8X}d*ke!w5~d2zq~bGcx(>vd6hlf`{v?hG4=9|g@|PYn zp}Y=jEFZ5&lG(Fca)mW%kx-P~qBTllL+K~7fF;2%NhYl+C|%}@MN~CsGiAh=?p$F( z%+eL*LLaHUgv%?Q#71)H`VUlpqE`M$#~I5_kP~d*U)8~Yn>PfNw86rXZvrSxLJO~* zPF3Bqp3914(sJEW)JNp;kyZJyty@mi`%E2#ZvttjNn1}STV;Bc+oI4)r2Hz*l>6%E z(jZueX(nkiG&WS>Ma52oZ$2)2SwRsq#=k0c9gOJKmwYqo((0EvzD#c?SjWU3)Qv0+Y+9NpVGE{76+D94vLeNFG-P1SH8kTM!o#!GeHo;{plsbsGLf8yPN z^K55~hU+>lm^;z(s%g|^T8gHVj#~m$X*SyG&veuvZAK_VUE zOHhyRA$~fO>UNaqPl_3dL;^+VJVLm~$W~tYL*?;jr`FQJd6H013OYTv4G-1dKruzb zZ4(;N8dyPUV8EDAnyXt1jVfXU`g3|xBZZ?Yl%O(AE1juWBVdrBErC911%+t?{UNs{ z>%#@R=f&ZLPFIle5Q)dF5A_@6I%yOY$SjT$9m;Rl_2=kPlr+Ejnlob0y{5~s7^0@s zol#62H|a`J8>Ip|&CsOh&ECHvDCiYj%Y!t;bSyiGR#((3rmDf8_84_Ry!}a+4jJ!}uI8 z*3u^Y`FlDQ{`;mM;4qr?jCU!-iI^|y3jUr1M4S6d^Zw~Ev><0sc*1BZn2L5iPf(_^ zBuXe(e_9J4QCA70fF7L*Djo(5@~Uv+FR|#N3=XwNU$Oc-vjLmOEv7q&GefliZt*>5 z`-{b%C6C?@vwdbr2k$+<`XMsdVpFY15Lg4yrvjc5%I%E_^Y2PZ+-9M$EcIY(sfY8C7&)Bn6QsVkfTyxrq*|Wnx_!6_-+N3*)RIEiM;c%DD?=CiaMEFUy3QD;|7x)5)igtz*{zY9})K?OiZN%Bf`8VI$ ziRG}dLc!`DVKic9n~VycmO;z;dWa%(TuIa7Zyh*?W`(P9mXBX^$487E-0$>yoC{gY5 z)Jjd%@ccU>-{DR#;u_*2vqS^DBih=y>>m~czxooB1}LnPKK}Ht{NOCf*&*AD;%DJ2 zH22NjBp)BfpUBv!F_~?DO1;`hLj z-&+*q_uKI8u3s`@;HpzUQ0)LH%gHcTLLeN3#s~D*Vt$lF_&_xtMYxV$xlsrlI^;- zaQ3rs7t$5Y;Q4)|2%n>w9wXRQM{(t-41$df>+t&HF3^FU!Cw=|5e!!1)l|ZHZ=W#$ zQC2QOoAH+H5r3|RFP%ntdR(K3N`few*?4LxJx3}hX$sU~om6uONVjS<`bFGU!}|p4 z(h3LBW6(^lv83^Uo`I<{2GX9yS`&1u5I4u_QM4&L@K8SaO8we`GZ3T!iQW@(;U^b(fZ@ z@wqP8{tHSJ=V872j?Dy-Mt>z6VOg;Kj<|neLwb%F2LB~;%1e>xf-IHCS2%M&=G#e( zJRx6zww9A~!r6-~tfrcCoEyV*sc8-50m+2}@l5A3`P(lu%_h!0t@09Jr&Ms2!f`dQ zI!K8fMy%>MdxlI5Bg-JR2qBn1iSQ%5hV03%o9jNg-c>%$v@x zID_wCO^AwUkXfXq2h3?0R!VJ~_5g@zsl@sWo% zK$D}U#W3|a3QwV3!ncX3eOm31=SV4@EkTT|VIgPk`$-Ob;`x0t<&VmDuPN+mw0{)u zEfV#iOBz6}PR9u3@Q8v*e~>ii^o>qsck1=_wAz?o6QsX#(0A_fN2_+j(he8#Gv(Dv zGeefZO8vu{L)D7un}McA@D`)aUJ{3s4QDFd>!?xMMXeuG7m#nIVp4HJG2Tc{4%kwk zNVj~J(K$h$;?yTDJ-SPNi%?c17Z{+!P;regallG|UmJpnmcl^9@;K{ft|)w65cq_= zCeT*VZ)q6R##eO9yWyo6^^mG{CHvN2##V#=ol9Rg9( zwV<5AhSN+v;@5_DDLFZ`APTYNq}Ft7TImi<)M)D&u?($6Cs;_-F`1=K|Mzh!Q3KWnUfEYRbZc(>1MU9 zEczAdA%v!BA+FVD0`?xFH6byovf|WGmaE9P1|*J=(5Oq(Dci-}E)t%WXN$Ot+EGPy z>I*u|d?sKeSIr2giFh3=L>M)`zL6k4R_z@!fAO(4$xDAZSs4_mQOxifb9~HzvBvLZ z8U<%f4#V{dyHso2%;QTHGsyF8>je%{s|K&gPD0-znHJt=yr9Dl-$;tY?m?%|UmAe4Qvis6}CYwyhR#x-)29zq+6VHet@)+YAa@Be8$ zP3_>9sQhC2SRV;h@b8iM_f+&^{&#D@a-P1z-0-6?BlKuM)r{B1ln3_*&YWj!$mdr9 zyD_f`v)5m3eD{S&&o6z^)>!TZjMHqpefjB5t^Cv%EjoWWL7NuBDNb#uM@&l2>*EKd zm93h>@ipAu>#h;2Uu1nZ0_iig&BYO=@zSuzl&`$-FW?ZVlw>V%J9o1%G{BN2K@oO` zcEIo6ry_{;eAFA!eXa+qIuP(IsOzfuI5BZTN|4W1dD~u&ik1sG*C5A1E2= z>rzp$<OF+HM&AKxP7Ymr&G+q zhdnUbx1245^QI8E5=J9xl1BU24++i!RuBW_TT#YBmovQ0NaSe$_BSdiZr+x)E*QZl zG5xqM3BJx%kX8@T~}R^;#wnhrz`9~BlE=A%2uL2 zPjVSsKXA021U~{Ei6knDjeeHu3QB$P4LsCYVSyvRxiOJiaIXR@%!xfydI}npvV@ng zdiZ^PXs2*qYK+0qKkfxA#6!=_yMI;k+kL>m^qj!(M_I|O)oWzA=Q4ODJjar>n)hH7 zROw1ES3dt)bGlGukt*Mo0|dn6EV}RFMBeFKaTnhC+=1dR(^-Uw{-0XK*lraOeRniY zz`U^O`fIs99;1&^go!!K~FF*&dLRnvI z*PC`?S+AfGd;}>*TC#ew4xR6X^4EI)d+N{ipC_z8NtMNH$OB0sS5pz2f@9YoG>(iti0h=ca#9 zZT?(nGz3pO9yc~X#}4mPP?=&t{jfYKj9)itv|Y+*N!eBwHVru zpR7&Njq{CFlC%daa_c&!#)%(Mp+=or+rDoFPzCF6n$6PSm(pOM%yfbqLf(5k07?H3 zgoqzPcKulh39nFOTG~k2a~GKJQGU1~jA0YjhfeI1v|z0#VgdYF+J8}Tm+`x4lhu4f z7l13_SPcs;-&sQ`ATTIjdid~Jo~WoB!`Bhy;Lg6Q>x~G)6K?=MFJYa;$n1F^hSz0Z zOP6jA$sIZWB%dL(Ja-7p!;1Zh3HJ1Zxoy#4QvO*B?pidnfYyifBv%Ppn!E@~c!kBa z4%x+7aNrlZaKf*`Vw)Yj4eajBR)?TY#)|u=uXWo!kuQHOJ!&FBsb9Ag%TRanwOpfP zOp;lLhId$n_5zy!Ex1@ng5JVVYjD-}MOKphJrU}Y2=T%w3rlVLy(%Y_8btZ=Tg?V6(4dBi4GT08awc9(#Ij@B)yXQ9eQO*TSsey`WeIIX#;EqqD0cW$E-9%(acS?yA= zH1*N2K!Qrmuh2OgdAZ@zsV-Aqahh0$n22Nh!3E@SgK@M+QyhmM3w5wdM-|OoidGVh z&6L2=AKHbm1Lqs_=g2GLe!a_fAf{Z?UmKFYgKkF%&Iw{EfmNxN|4UWK_<8mJi#(`4 ztS)Lv#-{z#$+todh(1CWUm`_(Yl@yh#{7$2Xrsf37o9`{!dt&MRY!7cr}hBfj|$B1 zTR2vI3nx~mJIWY3BkF#UryDOlyV-qCCSl2V5+luK{FG?-9cG$o_I#$p8}XCmVK8i) z7FU98k#Vm>P$Vc=n!F17=Nof29@3jnVjV5pC=q{2dl0j)*4ioY8h3%^q!sPKW{^(+ zUIMQ0{bzQ>oD#61+hCx>5G>kf& zTby68&Enc2gBpP0n#DT{b;ha0SJl7eO!tMfrK8XAsu2PxKS1wvZY0 zdlCaltwU?%XZxKI!O3@+)#?#n*8_5K&o1mE=y^aKJR_Uh>akRBT0njD-V(j^ZLc9E zp?6v~phQ5iMJ28mk6z$g()3(3{h#V}R>)|+n)BK9I^YU<5t)`*z_8KJUk16Vn`ObL z(kGE%J5nnHDfN7r@lsJ8s;3|*AnM}dnXvwG*_|y2wkG4*(*C|FTUbVV=FbO$n|S@x z?D$8Tt4h{x&X5jkc-~}fzH@!rr~S79pBm)MC~ZVX!J)D8;bQ@@ETKT!?aHwAM*OB- z-C&SnbK!|=q0j3$FkSsa5eo<1(D~OLnm>p0a49pts=7f)8>$ZD=S4KijIhKyu8IuY z*6A}#6g<1G!gTbq`$Oz=v$;3f_7H~h1YPI_^uC>$;2+@HaooNgjn zF=3N<-nCqUfofPkrt9WtE#8$KhwYC86Upa@w)oEJSD=+ALmB=YPmhg^@3u-cbaNH? z?PKy$xsXNVW?nqBN=6gGCM7N&e;cX z_+cY{&TqcsLJlasyF}N*`hwHG5HF3CIlYU3rd9F@`r~N=Y%&_UJ%FQ~BHPgTGEAij z&a-(B4|MLo)KxmRHBI0PO)tj5^>!u7V7Dyw7nNiDH?`F2R=0;viZV&so@C)5gIjKe zGCGW}NX=^yHd=lD_!)NUjd)6aY0>-r2YY8?0mH4Oii1^5o6&}5&NP-ONxLh_a z7~O&8<`w*cFhnhy^|@4}Dk#2nnnuu%A?$uKiFHAqiXT^fTguCO-_!s7x)_5TEMR-p z+`AQj=Um|~4?+8bLL=cM5g`4uQ+warq!gjPL3)V0jm_pB zyW=GRSGltW#BTDJR1se}F=li3ido;K5P#t5%Wli3Jnj-K%B^i!c7o5S`%skx(|~2X zl{G3CcKq6|M2O>~%n`D)AcBEu%G)|WB7L6a2ENfu}fhEdM%$zc0k^$u^$gto1 ztBo!VC=SgG9%bP^eL?1*TS~Bz5@Ah~Amk zK6J1nkyYtmY*^^ZVa>-@e$((tAeXjx#YRB( zODB8Qlw2b0_3vYdP?BIr#IP>{jHmIRb*z+RC{&|0*L_K34e}WwjNt@4Nj0>R$CJ8m zL74W5@&1^}e1nV6N&S*rTPo0jR*yxvJIf1fjk>|od$>c!h^Yw8y62wWZiOhBVt4(+FV7o^hH&z2c%eJ z1!ma8b90jhu4pRfn(E)1uhHFKmLe30SEiKiNw|p-;se6;WBs|mT<1#ViG49++W0X; zO*V_F?(AJdi@v59y64S1uo)mCUHJPClMA0?GMOK=j!soBTCKGywU!k{P$fj${+3Mt zTRv1Kk66IB7y4}eB-6lp$zd6aly1vCDf(C(nS1%;8VdSOnh{^^eXsbhJCLmITXR*v zwsRBs6ztMtbjEBYX}t6!ZqSGsL)ARxpUMv=`UHo9%znytz5Mw&%5l`;xVJ^OpLHy& zRVcbYR}bw5rKv34)zW6bT0mLULmL8Q9_euQH2VY)_N2;X;~bsklC>&);e-9X{)4_D zFIm5P(B8Xoxc|DdC%Xfqj4XToeIH#h;2bGa9Bp36nd~7JK3``q%eC57^13I(n%^d1 zMYH_p%=6((KvQ-%JV>L36~E4-DIb-|gAEkCTFF9L?OOZ%C2Tqwbtie{TqsIQ9%MSC zc)`VmD+R4)r8VIAN5W=D1vcLZCTtaslSy?!0DNxkpPe3$$)$x&$K9*=x`eAEB>O@` zK7~RE>$1^lQU5E9bJ-Nq6#^w*%gWU)wQ{(gpw)i#!-}~<2^myEbnz2okmh5ULw_O2 zFGHI3a5Yb>3xv6IBEF^`!o8v4mR#8ST?U8a_k?`J-??pa==s4yLkmtv`4FLz_*i_? zeNEPG(TtE$qY%vi6|r*aYPO2#J=(YT9A$R+v0Rw@D!JD|ez-wyWNv}^FH3r-NJC!rTz!HxVkBk}_i`P9Kr2yQ3`uc?$tTxU|x)-&a z?%(92A!4|G%O35wg~5RE6|?7yG!o8lhn(ee-?p6a<3~ncoPP| z+@Z?NoAL6r5fqKBOI7HhE3N^hc71-T5uz#+i2{E|2oGu^49(*g{Sd*oO>jaKWr-U4 z-dm|t`ZLC|ppFQr1#mMr)CadB46VL>kj~3`Nx)VZ9RvoAV+DWi+%%}WQ(pmnTR2J~ zt5Vm!n#CItem=jlZPyJcu+&*KaFMspPZ{m!biTrL(X!Mn<#VOGgbtl6SG`fo-3~#K z(AF1}ry(Cxx*17n!NmS1cDeJBkQ&o3^#o+suluw38dh6J7WU1jtu9EvGl6Dq1ZrA_ zifw&3ZowXb47yB<;m!_vU4puaNvT2mWB3kCuRdM(B1%PCUdnItDw?uf{QE^se(J?G z6Yl8f!9pE#r#vce=D?*Bs7HNdW?kdTgt0>FuPL1@LZ(*-Qpdm~OsV{&?nF>Na-#`O zjUaO8H9ZGHb&haa&O_01FS+Ir_abIzZc%swCs~Wr4DDN0nPB-ckD2WEG6%mx*d~p7 zYqcun$s-a3(N1pL6z|eTk$s=DF5T=f*?M_(uP2WJSvdG+J)~fF;haQ#e=>VfY5dzjwug5U2_GB5SM z0asn9zVqpd*^WV}@Z4k%VNreb4rsw>d_kZB` z<==zJYUz_AbiW=$gBqL6B(=5No)wv`vfejN54S33o5$;er|!8^ew3QKf|=9{G-snA z2dayItd~t0&~XV5$FhIee!p9a0ddGBe`4&rYG=pGpe$?H_=XchCsS)qIec&v8rB}&iEB6jUOp!)|eDO1mU4u1Cy?+x15f9jyQ z()qzm>$Uo@5lfT#oe_iOvx86AGhhx=)?{eJa~PiPteXrXHC=%qY=P?lox#9LHF5Xd9|paLCft>bUo40}&RBL%Ux%Yxv1@gu2@dfrSfxxwBkz7q zWtW0iOV62FMs zrOZIDPzuA@&+M@(MnjK?%^^Ad*$8DP@+*z&{D~0-Jmbo)0x5?eC<+GH0k6M&8;7Q5 z`v}8r5ED8Gr#g1FG80l56Y$HgM*P9Cr<XsyI0#8Ip@j{zQVTZX5?~|lK%H!7br;pGRgssMY&%P7gy=)LL*qSs z#o6OP#yIPVqfV6OU6}bL!N{!=SN81e+_hj`T_GFkH0~Fk0Roxk{L5kBsX)XEm zbii!&Ac&k7gWf`PlY-0~==ZQt-QSdKZK`gxq_TS#fqnsl!#exvO^dVM%mqV%+*}eR z<5Zu|r-PXOXr7iSF&GOSHlLGXEE?s`B$<12e$Z1jcE^_XvTsOrwV>usMCH;8t?@}O z%LwGLcj2#5b=??*lgQ!^a~`GAhR>xj(vx)CpOs0hhZnut+b+?>1JONBg1bwwcRW|s z$Vj5|Ch7e?CH{8jbJ-dzB~F0WS{>&6&wHip6Wr@Y4Erad3CjT~H04HR3zB{6_LZsh zR(E5#k_czU?$D_S=flR%hC(=3p?Z$-u0)caRi(v!GW>xtj7j7k?m%~Eh$uZPO(6QQ z3K{F<$I5gBSIasb)x}3cC+zViYejEY!&UT|vWfWUmM9xmX9(=fR?Exz4td8RXDHvBrvSI)ctf>)A9!en84EDQt+^ z1#u`gsiKE9!0ihx*4$4cK^``0Vm6>!3iEj_)Bejl06b73h8=~fp$@l$8LMxgHP@I+ z59UJA`6#T$pHm3F=EloTp8)G2C5;w|DtP7hZU&dBbU~HeF2 ztCxNNBnJ9GEzDCjiIK%Zri*kwc0?1Wm7#uzx0g&=(oSz!pru1U=X1Gd@=Re(hhiqS zD*}7DYexKNTUoIrMmLHN_d5vrHGYuetwL)!UO`hImjEaCK33IJsr#UYUVKxoMEsTT zl+~2_Np+qd95P! zPuwaV8B@`vx$_AiDn>UCO9fpnU;d_)E5@2V{f8F3koCBD?{dKD-^zysbwp!sPc4hT zI2DCe=F15%J7LY++}NKcg6n{MkD5+fHIJ#6*(^*=U1}{6NazW>VB36&V_$}JINL*e ziWmo6CG!ueH+nvzP3FpBw=FkrXv~_;n9Yr4Y3Lr7V=p5t|3BpU)BU3!UB!0J0$2i& z@>9`vh+W|dEQlO>65-`w!3UWIoaBjrZ{AnrwZg*;d;!vt?72=WaeVl)6^d?}s68Vh zb#hKNVp<=~rCgJ`Ffh0$-4c+TmJ59$K$IebQ5is~$4?s+G^g+8T%9T`rjaNvSqM#o zRucw;1M=uvT08`LlT}LUcj2}jO3yuD1L)F(ev@xo)+%f&&8aVpF=#5JN`=(rjkT8e zn&YJ{L~h-^k#yigm+$MgY*%+H>P8u-LT~ZyATReDj307|G0X?@?_ddPa%$s+$ZA<~ z8Mm0uO2rq$`XCv^*bW>Cr|<()oX0+`;B23H9}g29ImTs1RVga3-T1_V8=#54Y*%u* zWE!fuWWCT~n$i(KsbJ6ncBB-|sVOa6otWwxy4C?h)fw_OB~;KJT2?jw$Zi3yxv+l^ zX1(b#T>g*(ngnYtmyKu1ey3mhi7=O}CrAWCaC0@2iGxwhNAF@j`6+bR2Z(d4>H?lf zI0P_n-E4g82$fKa8ZylpJnJl5+vKo4#q64)LGQ9>RPV$TDihs|0X+MjDaVrI!*1&m z)`SnF8!3cZRA06N6G)sN`?sE>Qir01$g5QZdd&?n)^ri?JO~0tK2e?OYMAL$Y`WHJ z#^>^nt9o{ClHH+I1};w0KA#AuHPG6#z_3ewld4ah-Z+ZBxsOTs*npjM1VR&RVo3Jg)i`+%LP~MX4Z6 z?#N|Z!{0Q8+9W9dd)2QySy}{kY9{Q(Qr00b#xu2-6ej%ND{QZuvhVpV{9IYKIN*ra z;0fxZU;-2@y(+JCEv5jU-oTl0E~ezy;bdZA3`cF&c`j( zZ4)6OoFf$O6!v~Tmzg9}W*3lJc(PvVSwuB9N)J^MJ`MX)ri_U0llQ3IB9ewblSW-x z2ZQ*6Hlrf{OxDWdQ=lImmimor;aU#amoYAkgrMyMJX15FoKd_Y@(zP_f3Vx~jR<(H zvf2Kd7L|xN1x*U+jGGSC>3lQ)U1hYLzMyByMgT9GG+q*e%1W)lmM1{; zvld;gLzA-H$cS^9L9_FKlOJ#d<9%U*aa)@^XytNL9xQ`CF^D0u<5~GCGhL`+FCa;C z+^MmkvP3i!1eFphGTFx19NH|Nr?)Cvd21qt=_C-WJFtx8f`WGX0P;$>TN9Gtm3pMC zzGii=OUhOb%8$x;1Iq(kgf8K3;F(M1KtEm5Z|rLFbI-yss$Ck)i97rBdo!9Y$8fp{ z9nXAQ*HowC`f5+w>`kt}_8dzgOp+0YuehBD4Gf49e zM2RA7f|3ZvfhP%yNa(KX+IMa;8^gbZo>T(Kd9%7@ff~ZzKZzDtW4-$G0qcrmgnyv# z?aI)H%W~}t@HN6}UfRy+)MX>nZ|jRwj`xa}3^e}(*a8SbScHgho_ggOwHNHR-`g6?Ia%MfIof*;VrJdp6m`$e6l8&PJ#|{H;U0 zNsz?kXx#Okhe}G3p++o&)19SFqn{6*D-RhW8BrC@$) zTPoSQj-gpqErc*Y4-&%S9?|DVmLmBXWNjZWwroZ&==io9kusasaMNTyTmC8e6G4~t zZA#kpRNL!!IM_`oRvW2Yr|~?$HUV(}ykA4ztB2k=`+M=FUMb|Lj>@b*9a;ttHFFCW zqs6nj8^)^r-D;%XNKmAE>KAbVZwfebiR%|$)S(xb1u=ZwHfXFSSL5OeW!qy>>RmXq zK)^inh~^!S_-a?}9*{BFo4S(7@6KC-{i{s?Om_FigR!h3ljdhPAuA9cZfIJ0N%>=f526L(i}cR<*zxIjq^=KffBYx-KJ43(Cj8fD{Q!wN zhv01I1~jl>itLoi+(2WNF7Kg zKcF)f9bQEh*_Qj;)$m$mc_CmstA3}8w8VDs%Ql|f(v$ebn>DfI^t4-CxaQ2cF|R(1aOjiQRJwJ}Y0edjZIqeBBlk92i2YH{Zs6-_s z>dX3%q()X1x#WejXN29^Y_-HF3-oqle7dg(0aB^*+)BvhhwRiWXZ>i_kB!=_|0#+Q!jj z6+#BvCfFEy)2G?;1-be#Gr7BtYJ^e7j-1(n`r!}rF&La0?LKQ$0O3!0!hA-YryigG zd`Y=~4~Ys{HVD)~tI-|}yy4n7&J!ejjVh9)xaFjg7hIwJ;W4PbZdLl~1`Y;Q$;XN$ zn(9>B2WigZX-mXbZfkUOTIYgY{b)Z%3;scac{0|LZ2q*`MwHRE9#5XiCh}^r=y`=N znh`C?I>mLgn&Sxkl4pmxQj>BV4sfml=bckgjV-P01&K0AEz5S(09w`fxr%VPsk+~a zj53&U2pP1A`(6I(5u8`wev%;imB8%!_e1Z}2SHDQ-!-esid+(EOmF?;a_RtM>g;(5wq9*P_caK0n_|Hyb&0##(Y==8ggz%}f|Zd; zsTtcPYsWEn=;f$2CqSg?JbP~}ZXMkv>)V#*8nCyMU1^@m!2@&)3W7NM4X=^6TbOAf z&`-yb!6N8kU8(BKyV9m6NHEqQQe-6Cqy|osyuY999lwi6j9P0^WL7TtmA07X?6V9D z%AmlMf$S~JR4LRWj$DQvGh}7SrA~wMb4lP=$8BT<$MkuX4t1;f)p+`umQ&#Z*Xyt< zgVn^S=n6!BUh>hGsbLje6v`1Do-OY8F{03Fa=T|rD|{T}{Rn7TOMMd!VqNyISZ6h3i-184^)zT4-S_MqRVjCCq z;X`3h+_dqG@Q12s-PESg!MW|E>Djpf`QDtlSlYo~ziXIpp9R?KupYu!ic5_OvMi8% z8h^yBmwbvlT~H0EQmROWK0Siq5I1}FeKX27D4F{HHIVAvL%-Q%9C$qJwN)6|YxuVs z_8z(;zT6BQ@hT@hLZRfze1;E-R5dv*^$p^P|4k;gkt1F7cK~}>0dA(?2HJ)$$^ig{ zMue2=BWJ~mZ0i_6g}Wg>neND59mg(6_c@hOtCo|iGDR?eUqZEIbQ;w^!;qXl!A~cy z%ZgQGw(203ILz&|3*NQFyJ3lC2b~Vz*Rg3i@tl`WH=VAsl8bF2CIse7ZJ{wDT&IX6 zU=-Jejy0PFeLQh`M*x{Zv>IHyvsG$aIks4QN_z8ifoN}Xsvz!_0u&vDq?85s zisR+6C={1xkU-Q|>qYhXB)OMww7<0L>?KCI3OYOvtU>#MI><@g4*wT%5$(r4IwFkc z4SZQ4!}?coHMIB9En@(0M+!To=J|klxUwFQ#chrLwcN89vS%YgFpRu`_BD1BZ8N26 zy|}cmRrEvY9ahs)sJPOv=sdeEmqBf;_=mr`9xmY$UJ=`n!z5@Z2fn?`CZ6%NMLp%m(E3_6;($KT~O@} zORSV?scL{B1qET-^+UY^Mnb}P!4Ka-AvWukak^5lYGNI*d5c*CF`Fa%qyNTh{((nh zTfh6z5E#aCea*kZTH%txWD5d0P_u*cvKwXnpO=ocjfD|AG#GyoAl1;yaHSs|u)Fh^Hnmd1)s@q9km`!vRDG`3^&cu#YG z{%SX)=m-A+3PW4)56c!?{MxqN!KQeq_CCd$TQZwXb`3Qjlle4V<|w8CXL=EcXLJX0 zo9ZCdGg!>_uievt*szZ%AyFI3d9hL?`tUswW`VkyYF7)g$l0^0A0l_I-o}b2I@vz@ znQqv#c66Sg){n2m0QC9Yr}Bq9Tk1(cr5Kq&IoPy0C(R%EKZfk!O=63&Oc8i-W`$Y( zp-ID<1O8Uuuqf;I(`TorzXEVxSThA-kx&F^il(z=0E9rc$t2>3j ztnZ~pBR;^)m%7psX7uZ^@a7t#)vhK^%<4iIHX9dL30kvXag&O<>DJ0MoTGYM$Tzwj z<%QlYS{ibHWS)w$7JR;N@w&lcyz1_7z)G40id8?Pj|p(ZHxpd-(#>MpFf|vx@-F(> zV&QNXSEXw2YpAgkdY;LH` zZn0eFVp^pZ3d-2i^P{NmHcthH^YX9xUnYbO;jCh#=j~5JQWUbayE=GaxW9#M!>*obLyJxVV5l`&n_vS`Q~pSRJO9 z1iznR)<;lc%3jXrKnWWxR2p?zUyX3OFKwf3wNxRwM0r;RE2?1Tt93Vr*j&5W)wkoM zILsH!^*892kDGsOy;p(yZFELyh;~G_y79r+{9HHh6>YUU6p5I->~Oz1M+R5l6{dZw zlE7dA)!c$FWqWVve%g6CJU>`g(o%BLq4lDjMjMgZ9J}dK^5v#dUv@=w!fyBOn1u+>mbFVfSLEWJnLH*)Ml zjeTKjqhDa4B%Z|=@;2`c?5;RCldQ<=%j!0b)`6MU4VUh=N!gW-3!UC`%pYnjhStz< z*M27Ipxw@~6xkTo15TCPBgXd!L;q8@?x2HyGQSmmUE}c!A7xs}wop;4Zmuj1fi+y_de89(a=-`Pf^M-hl{Vv+q|X?=RfhNiC(+}r!qB7Hd9G0o^GLN zu_w_+g4#Gw>?MV`{k-HDh-cFz`*7gQ@fA(EAC#U3C~&~{7+(j}K4O69ouK6=gr_on zsNp{NQN&erlo?^Q!2I0gPb1!?oGBIdZ~B}J?DbHe6YlQ6+36Td{ouP*qWj@4<0qTg zj^VN0tO^`5s}(9!F9jU}muSt^3P|z%tJ-hi&0P6j!MGaIlKpct=-TM~{4{>2Y5p@q z^r69EYWw|kk-AoX4S4fH4LT_4EzU;BxuxVoHT4*O{VHlP>X7(PvwBQ$?D)zfWYmM zuXkPH&oiD{`R8(Fte<~;@1NRiS}3=4Fwl8)L4X-%_%ZSihVFU#o0uqtF??KJLAW7j zCgONU6%BZxJ^q;Up|ZVTIw;*FbioYk(D+;#iHJzf|Lx>7(=L zjFaZ*Kc@cN!usu+eaVM;hk69X7|6*3|Kx4u;`x1zj$2M&m$_(o&Qbk^!}l4}&9GMI zi274xoxi}LLLrY2(J%0+rX2D&t9J0;6k1pFtj&QY=oGHy1T@faYqhh_SXlM;Ziv3t zu)uoa@?Iwlo+rXMgoqmcV-5@z^mM-%4mtlBBSA*-_N$FSX~}f57qyqSsfg4UUhF?{B)E|^Eubr6=k)+mXriCrC7 zjdWBI=~`&YeS<{L9AkHNDNCN?fqiC$_Hj=b<; zbqX|bl`N)jNxyiv8JSx_!d1B9+nz>ft6Adnn#`$$WTb>hcJ^oPcbQtW=;jExi%9j> zA0_*BDfMxjQakP7-7T)}?Z4djzi;`$$N7ZLI+pz$aYv53$Rg?Mp?4jS3@Ut#D+wOC zcesV46u+r9MgKshe#O2bm6^aT)dT?<)Cp_rZxwVVX$)?=P_;=s3EO737p@;EvdxOR zb~}68v@P9+O)bX#Y;~CROt8#TL*EtSTj*Xx^3{DeKpAu)4z#3~56 z5Y!{+&mna$d+L5t1tlj^Ltt@cdVICHy~L0}mY`beHlK7RBJPbBd>YXwMTPtC@P~K= zj(vrpR=1)Jp-XGR$DA)P2UEO=NOk1(oOd}31JTa7>s+h3@48tNB{Km7rt z!P9a|l@LDh(uDGE zt7!6Mc{s2T*z8HXG7aEk;Pfi6sn7zYK7HgkoQy7A7edAPjwkqa-Y45u*70lpBn+bn zeu{8);X7h=4}x~(XJn>PSgS;t<&xSwYtLV|Rmu!1$>=bq2yR1vEoBiS6aJgm{7*Av z?XC>9ztN7?2ge|fFwLNu1E-kV z94Fv5AgxWrmTW?dZ-8`@O_-l6MP&SdG21$BQQ$ySdSc-P&Gzjp%0qeN-Q{w_F!ruj z1ysB?3Uo_q-kUNWj~?AU8y?OgquPR-YEDbXhpz2y(y6pj;S!3YNI&Zp9h~gd=BimQ z{BG(!?o-wZs1?B?#STYYkJHm@=Id`=2b3=a0`D2j+||5_@AqS@$hMj@_x&x*#B_+r zaDpcgwvzXngqfYzkO5f!ipNv^?+Q<|@zx|-RNi95QU+{X*106nK_c=sp`@5$hf5?S z7oQe?^IJa4z(J<0ByD^l!Z8&SkyOzw#G_ttd|Z$+Uary$!%+1k|Rt2RSCNMDS^r>6=V zw$rh=&q@x%o|v<8P!;4FKLfXa?UZYLLZpEs!bj`Kjb&eLknHUVx?(?m zAuK}LqLg--oQ`g;IB_xVl75%HEsCHXBnn%laGX!^WSB&}njcBRxW^dH-6qjn}$^^I*; zFWY#zu0=Pk`9d)NgtEur9Je^aAi4ne+irYd6Np zLOm@@&$}9&zFP@5d#L#OHJl0+tqh(xu$F#-R{x?ljp5GP`PK4q-wgJ-!dOK+{P47g zg-p?BRwcuX5akg|oPxCZ*U|n9%U_BjTxt~^6Y?m&69s4(Y)@Sci0F&*9q-RH+wQ(E*agZ>6Pf>jwod|cR59Vb z0taJ3cR#Tz>v}{fXo+oo(F)!x|Cp8c{5$-7Pg4b}*YQj-B~}Pz_r$m7YwX9aMR`00 z4IhEs7&1hdeWEVG-l7yE)F1I=SlWJO3?XEPMSTrQ5=o}tKVYQr*1R9pj+lOA;}-bb zg^K4LsJgL`TaL@x?Xa6ic95;Nt4QKY#|;(HGblgKzSi2To7TIb`z4Tq+XgRUew+;7 zP9F&gs3A7Z^TquH@#DVL!+7%Sko!kTM4f^U3!DAqJet**KIG_2XVPQ7#XOZ_X7sw? zxj%FK*NFXbtnQtOQPCcEp0QBi)0Tu)*xpti5m~;5x=GjVh|OfK^&|pc43u)jocT_@ z_JY=rBJ`>@zjm_;X&!!7qc>?x6L+qwHnt4cxp@wpz74SZFxsrKg&q3lxdz`3PmLiK znt$I{+-_tx#{JDNrR>`;pI-=V!%tEt(D^Usp>B$IzSh#yz*T=)K5wBS3vW5M)1oFF*8 zcq#eZ^6+!_%gv#COB|0NMV5TK;+Q~GD_QyaUfuk@=7f%n?E@(k~L@z^J~{if+^cX{7I&zI4BWj8E$B!9DNI8PbNV`gKi1lifA`XTF zU4u||Z!;WCi8dvARYJklax_xv^rHP*dSkTGkmrNefdR>J&WDvGOcc{s?h~67`SF@n zbj3kb%Ae>Z5Zi?c7p8S+da?L2vjmU+hn-R3$uM=siotq)k_;i)nGdE|b|2pq90u^{Q%*!oRg}H@J+L{<3893N6dO}>WYYjIBN8X1E zo&UV7rMmJSK=aGpDtn2A_xG>kM=vC2$`8vRb8GX;a3T87?C1;A{U6tdzgprs=e}GV zWx&!<(G=V5S>fIygFbYIV)G~7+7D?gQ^3G0%TsouKVo_>RC2G)nTEe1)G#0K`wU_CBU_~SIg9jHiRus4+D|zZNEP&mXz^|TxkAU zd0XOb5VxNwwK3|ksT!B9YHosM6^FHuW-Tbq^_bzqtC;%?dMUH}{yDDN( zc*svY_?qD@8!zQ*5v&k3`d;T4wm0$x!YO&QfjuO7&pXb#L-PA#=E|Pm#I3z__%oh% z9NM!qLiVO@s6)ES|Do-Y>zIS#uOB7GF=yge4gF-#6U?7Qaoo?ru%t39MAl#CTwM^Kb$6G{6b~@)l|@j+mQBCo*e=; zv_dY54tEukg&XN^L5q$5k(yxmHiVcKi;5UY%T9%TiJP$>QQjGSz^GOKX`Iy$RLIZx zx9=G!bT=%G6ukfGnel`|X+^f^R+A*N8j(!AA*G76CRY!SBH@eTJ-+mIbu748i(G7? zLk}H=ZTBzUAKI9kPR0DBWX_-K^~ zXwyrku+gM#d?H$%)7J<`AH^}pG1BMmVq<~^F0!3_l?hk-3$wpPZX{j{y3}^eyd6gC zFv?bJ_EmqiSRA9JoI#htnG~YueAKJ+)qjMRF=?ngEspR!iVJV?e#_p69gKVF#qv7k=2?j4>pDR+-k}uE8LhzPYa>-8RSWGw6TKsf3@IB zoSaU&Kh;?2!be-?`Evj9SV&O;0}S~`DS^N+Sq!XO zW*agS?c^buD$+oqM5_c6S9wc98@`nO*z57L{c^lOK_dK-V}a85*hO+~r_53P6C4AB z_6%TP1y$t!C*an>;lE;5m)i93s82ZrzhLi}&DJJ^Ow5C>yK-BUq&MxA69W#J6k`c_ zF7Cd@U9-S#pSaVO@iuaM1teRS{mK7ARH&$}|F;2+q|t+9jF+o$;I^qSt~Et?Bw1Ou zuIu}Oh4%SyfRwN-@2BhT2UH;5pHq}YRRvbkrySMGaPOT^gbFkiJe@bg3jL)ql=XB%7^w%u`GCFrPSZFZb?+FW^41cG9%GUzPi$e zl3bYvoze2RrpoLtv-~D|S&s;Q4B_?*a{uUVHF$0u$DbWO?Bu#^wIU z<86Xz1m^IhSh-mJcJRT~lJr%=NHRc3D$T$AzZS4Kn0jq-${r~4ImWW8Dg}FYGO>jR z>_WDfn!>6fpI9YVVEXNmHb2Rs%25l`UHif;E5_ewp zhg-Ad=SzzO7i!k8PUIgYBz~|U`SCheeH_hw6JH>jJAexgyNoja#;N0?qg7kNy2ejEVA2uk1oCRpI3{1WC4>+JhS5cS6? z^OEqtxRG2_ESAIDcP@B`3)hHH#b=dvXlBBJmK%m28xHx{qFOXY- zc=FWdc66o^Iqjt9?rXLczX2wdAgCgPzt`v6SsKoC??1!jQ4kfXg=Zc?kaMV3k10*< zh5EkeDs}iD&J09azff*ASq5I;wc^LnWo`sDwI8Bq5@tn;5X0PD-a|Kc_oUU3knC?( zC4Y+}DpCvgqr<tF2?+z=GhKHw-MSDPNs|f5;>A)|jH^B2xG8C#I zb%P@v>=GwpVz!yH5rT`^M>vYry`4=dc>yPg=8VM0A95>L8OoEO?0$IX1PYUAQ4PM3 zn6KBpkQL;DL$;S;cZ)7c@Tusdi~B)0^I?hBQPDcCeYbXy^iG9s@b=U{u67%lRyXHh zb31oK-xCDJ_H)%&AI!e(PL`G&)K~>$t`G#DNGt$Hi41d7TZ4Bi0QfL3({TZs;b5Qg z{_u?cpXSkcUNPh9NWL$KJ9TrGT1NimA=T+d4E60?!XM_k2a}q0dNp$QA-g8&)z=IL zO8SM7-pMvcT=Sq4ZqO$21Z;co%GI~~3gTweUrxLA*iuzP{KX(of&VJ)f`08Jq6@YL ze>xcGP6hCTlaP)l=T4b;6illS<858)gMTmbP>fTA77DtTUA!sn+C!hsFDub^Vaop#{i~u^mUK$i@l{!Y^iNI?=IemwSFs|_ZbIj#o4`Kr;l&Ys~xKHk#?YhI^a8gYebNWGi9`=-y? z=4fQmn{efw6%=264t(9T1>8PgACoU-!;*>N z(L(*9SMC0_9Lx0OWN+Wc<1%bL7Yj}RZk^H&Gty}BlGEWn#Vi!u6k` z_HNeeo!vBB>2hkyJPU3!%RY{_;pV00c&g4Q+sUvp?U6unJ86;LOmLUcGs@S^K1t@O zRym+!6+x9AS7xGjsEdz+;Up@54bo{`d@9~XI4}(_R215$2`-fjV)lQD_lAF{XSwp33&)G)@yQ=P3IpIa?Q*`^a^Oa9z0qI^N>k69uRgL<$~o z?iudZc~A0>A;NNZcNg$PZ%8--G8UXqq{dR$1zc(uY0qHX*On8?w|L^1fjp zXYM4A!KWKnkV~kRx6hnkL-h;H1`qN~5JL~hNceLlJLDHuq0TcvErit&>VH5dtw;C>CGqid9Ph)L^ML7?vk7&=%$;^2fP7ck z=Bu~al8!6Aha>|lfzr~eTwRCYfG=?^sQbNjc<3^J1Rii_WjzGf zZJ9Su>gUWc=~cUBJ9NBg`+o1hmtGA!-fT49Hd|4b2BC%}yaR19{?Lp3!K(dM@Z^oJ zz;BPhe|#u-#%KXCXVzN%)_vtC=A?9eWNnW%1Myf8VI;Tbk7i^UsVI3Mwe=8zYj@olnREh>NP}VHN^s`N zQyhNsEx6!T#-45P>D=hQ)B*VYuvPf?I!qgD;#wiGx6YSnH&4fcE&M}98>1sf{C~~w)tcBcv+A-Fb_5Zm{p<$S_ zoi&^RuZFcJe3UEs`<^occ*eoIvjUzT`fo$q(5!xOVow`^ba2NU5%XeN(AQMV>fJqW zdb_4R!jq2VskLG_8PhM_gy*<|W;;G5yO+E)j@uzg z8C#4rQ&euvUQ?8oG~u7lnD@z=c4w@dQ@t3+39LliO7uK);VDNVNWALy-i^vsXEWja z?LwC~zxAdC-l$L!(F=cIY%qZfG1R%EDy;?QPXLb`ShXz;S=C z>I!>>)|_4>{0Wz4?IUY=>d(cMH*D5;z2qnKg@e#08J}g& zhAR0_efy?@zIxAGKD>)AMNZ@_bU@+bIlv$P_9Xep9xFc}7@*AF}gvhreXEP{<~xqVdPg%f6uiL!^xcux zs>m`9Wq60GSEp~t>D##t6ElC<<@U;&Ur?8SD_{W$-mYf{8e3O0e)xu)Oq^Ti4%zy2 zXHIj?JYL_Q_u-5kdoh{MFvBETj}EUg3s(MgkmQG6;F%#dYiK2!ul&K*J6boDsA>CxYZZEc=5-}e!2A(MMgoBt@$=WnS3 zX%a~6SEqXZ7lWp`IYR0JlmJR#r!OD@ay4mzF$~YizytXGJ=ZaCrSecA-Eae4 z0q&3b8KBwfr_R$t4M%va9AZv7UMACJ;&uN1-j9ru;AfvCO9k`m{rYvdF3a|4_d*#+ zDfLQ6&%twpV(abAP;}^yUa9|0J#8Gvb9jN9SVC>Ufw(W4PNMddPD04B*33II86LQd ztIRSbfwMl;+-!M}!I+(jV6{WAR|qK1&7khhUBUIvdgzhB#nJg6;GGd|F`nk>`;Xty z+aFNs#lj<-xug%>T}sXUJ+T%hIFL0!9S7^hmC4w;L%v+7|;b zixzYquvvRQsRgV_3CF1-WstTqxIkW zXxbT4$svm>V-=FDMno6*dq>rZcf}P*@0@!5i*3J+W7M81`_4@Xdch)c&mIpjCNs>^ zQpBFy9R`1sS(sWS%|g`|CafsF#;|f?$u(wWib0q@WGzomobi*vOH7_hsrBZYPTw-%RwhnI5*8}AH%&xOgY)0 zWmyGpFUG-A7MjayGl+I@;<5dmOs%t3{Yk)Y;8yD*2#d88=AQ+Hp|zj;!2W;Y6t{(s@*5+7e-_=HQ>;t6T{Wp~v*cDr#`woW#^bgl@ zGGuQ*xbo-1P?6sn`L8_yRNvZ-5?o*T<=oVBE;Hf0W&Tn*l@m~5Zvhh9nE14x7Zmq#|@L;Uv!89Hqn6Z}e2?%d7_%>D1ax(0{- zK2__y?PcH$xcc{7d)9q1lie!74=YkR$a8#%sD1-PIOk}n1RV%I;AY;01=DQ5jk|wc z;#cG3&3_F*F8Qec*%p@yXv62=k(mJ5f3PJqbcb0I<*$Z11I!x#8c}-}owD+e`Th=Z zGVOKo1=5Yc7}7B^3dkzG$s1rytT5_aquyHSx;3=s@3oww*-SWjt{9=1J8_ z*PQ1|ob-7V`ZT3t9MSw1Gk=-#EQ^-0g0~ZaA%oNz}pyNS9#>m1$ukBJ|H8}9a;Gu z>)wc++sb1!H~b%dO2`(jQVaX%*m8?ikb}rj5E=aGUTGDEabVSk{smw@DrX-4p7YQT z)eX4t06wA~rum#|v30E}ij};tl79lBYTxR9pdPzd1hv-ZME1~m=@8sbv@-n+r=e&4I3a0! zmA}g#B)#>U0Jg}FSo1R*3i9K&hk^UPa)FWa;_v+cEHv32Nc(UU&d|dYX?x(PHvXC* z_-Z^Fva7^n@&N5TypWRhM|9=C!)gVjX(rZGX_yCjN<|2NE)^)2tMt0(fo{a zcQ;gOB6I|iTW>Jj1{&R1bg73~@18E8dt&SkB6nNzHvS7f9isxbw8MbM`wuVaB@CL? z2uQXk^eh^{MaR?V*l2qUoRf~=QN9fUFuuj{Swn5p?|0S>PaEBmX!$XgQR+U*JG_y zpJ;zEI2`>qT6FIT-@16qIc_^pQn7)pNVb%h4}pCKO>Ixw{k{!gvwS8L_E!r zp+up3*0=k1Q`64boiTJgU~!)jVo$UWm7VGmsHM?7+SDhy2#rf)?R-UzP4rk)=oa~8Pa`mr`-Sp44A+ARJ%zB%e27pn8y zCb(}ZON8@b+nZ4ISP*UsTY{QOq_?iCfMmdvRQL60Zvdre$uQ03>;ne)n)1LGK6>RA zwBvJ;2EPXIyml+&pemym#XrZFUD|<0^GSX_rN8%#3xXKva7{obC(UMpVB~4yX-}r__Kl*SSxx2nU>iT^b~Y!2IqF4~V{iO#0>r#YVu) zY7vF;QrQn1j`>$7gh;|zA}z7d%A>RE%3T%@Y8hcK>^U; z=X@F+F=6%w+H}WCWL^ zYPq?w>VeyHzL~_Tpw47cMI#`wf+|UNnor*&-ZguNCMx}hoaqQZY3P*Ft2J6e*OsT4v2Okg9p3_`%-q(v5%@*;r|tTD@h>N=^6KfFp20no z>;dygU_qOKU^l`P;E7H*tiPdy4}nZ_HkLuIA3Rk~S@lxj{s15~83EHH{_B#m_=i@?I2nu&hl0>aQS95MA$KsK2iTV} zf$Dedq-NfN!cf!+=54j+jFXbWD_7Us0`mv{TM`0dBgvNmp?k-|r|>k8dy@rC z!Y4zAfX;trwMhnLG+!L7mDZF2Jo(y1LkF5ySGet_`t3$x>cM>X=0|(aZ@-vgkj>ME z3ks9ht^`8So)0{@`ZyhI)94+H$yv(-Nr}-}`O|-dAnAq=;sr5Dm0;r=Y}=-NtzsWFvUwjb4h?y~g)>mV>$enZSH&j1CnW*&w#6zsYuC$ZI)# zm?wXmmP%H&;y`Nygb^&8TOQo`?5S0mQI<7wmxs)(kwybNajQ93KkS`kfn)DN z#Q5kedkl9!)y)Ar1=H={EWY4>q{(1@MYcURht zPwoRydhe60QH_^|Zkpoc^SPZh%8oiLG?*A}E4=kQ;A;W?(=Vo`N9^vy>VL+=&4P~D zSAuNM^W4ZmbKmj;iY;>WXqfh@N3qN3(}ggZEoWedxuY*y$pFS6AbOO#CBRr`k#9RQ&46Pn2hkEKfw_*v&_Ob$`E= zsx+U@6Z5Q=fpK50t+Nl&9S`Hk@T{L)>k9;#+7^T0)EkgL40S#tJ8qJ{FuoQ9TG2-1 zNqi476UyN8q3XrL<17pRLHq7NAhY~Y{mPO3q;rsRXh5>QX_X66*-Ov-0Oyg|ue%qQ z<5=rW?e1YJ?U(ER?X?a)KDK0QetX@X2ETs0=pBc+mB`*JYX60gSvQlQ?9G}JCOaHy zCwn^XQRjd_6C3^gX|F+yO^y>FX{70fc??GZ9U{LsJP>-t5!#OARSK*W)w8i2M`% z(~Y6Q)Gkqan_)5`(4?!vD%$43X{AJ3hZVk^Qqzs@(MA69@}HSxzH*x8(4)|0qfIrs zcqWp2eJe({yHL6-HQ6sD0ckE`_7rQ%Wwos_cQ?-~XO0cTz3-OqRtzw=ukc=86eQs8 zz9fz9Ea{uG=b@m{6Yc)4-Ud8{>UhVO$Ip$&x{Xm^po#SokOOHu{+uu6jtM!50-UUN z=r#z#PSK}6_wo4!7?aExdV&*=VkEIi>;%eQ^9BJs8#N4m{J++t17OoIe-e=5GN7MD zLaUkiH1*NF$GdwDo9m%Nzx>4bWPZ32@9^B3iAB8Py2+sk%jZeu3(aCxmwdtA!Oby* z{YGrEe=8i^oMoZ+8-| zEIWvkI;po}*x?3ZRfw+yDTm+@(ir#R#{2!9=fxVzj9z+;Bg;$wl~jg{)kpZI81&5| zF3uBJqhE@iZlj3dHT4H{vM*M+^^GF-B4 zZd1{}lsNcBF0><=gfRT?=TwQxh_I$tIY6<-`rrL0Cu$gwKVXGm-iOOG^iZ#BGFKyh zcsU>{CIDoXGCT7>@@0D^dDCfqO6S22Y5mCkUFX5bdr}i)&hK|CC(ls2IcUZWW!L=a ztFgoDBDFVh)|6`b1^Ti=zDgYT_DsfV{q--3SdD@w6{gc1)yjDad z?9Uskj=x)N3Ss#ZB4v9hKJ~b?x8!I#YqDRihAtXx(yFnaS?ibj-<4p|xHiL`=KVgr z2s-KM*`KDj#jsgx(%GC%b2py}InPKWV+^s0V@C)7o@Yf81MNfl2oA&3fmv2~BSn`S zC2~p05Jpwb4_*s=a1{}t7Jd262%3E>|GRd*hwzc*^x3qw#+E+mSBKnL8P|0G6}{Nu zYIOi$0b?|@J?Dj$Fhtv&Q87KpEcAU6DuLULC+m8k`TfF6Pgv(+s($^^gGsL6Rp4O? zmsx;^2u;x9+{gtee@#(D@1>}b{+A;R7RAKyY}C%f3CDL`^a9I+{qJP_y*dU zy~M&G3?W%T|5|HS;FlN6=;0qH$iRk;ut8t!Tb$vYVypI_|%xyYQ`JI!? zb!1U9Yc_j-e+I>oP?Bu}%Y(^FVe= zc>Mf2-IrHPufG6e+8J|$PwN|D;E4#J*zWx2c=)%y zWTUj*#5EW?lqJYJLBBeCrSJHaTnQaQ6GOc?E06svO;d;r_6B>GEs8(EX8!Ze(#uRT zCW6h65k{|yw4PX6o>kRtjd4@K*ttb^4U2k6to`7*CZ97Fofx6^FRf6D&Q=W$~(q%38hIAEQsw zosHCY^%gmlRZ<&63GL#0)OA`$7+xrU`e`7Nx}#-Y@^ypxdR_GmJp{W|MHsol{Nl~x zWdR=!hp{q`;`NqJp%D|>MOb6*K~cE_=5+@y4SrG2UZ+re(%0{;T2Jg{B7`z1t4QsAG(NO+JdBqOhB6vF z12|dW>_-8-GvFMTq`P0O3<`-4UFF5T#!cqeko?tIpA$IY1aT&mef6U8k;M#pSL#Bm z#pW-}He1_>&olo#7bECxIjNW?L5%XW(r}>7<{>Pi+c$=7XtD-*ZcQoXt1?%chz(L z)~dIFt3jXf;l~;s@)~Fh9N#%H-VQ}S>35nxKz;_gzPlTK-?o->yj7<}EDCOU+*d9J z)5Oi-jtlCuwROH!jE+iqa7l2hQtexJ*ZOA?Y!jz?i4P|(6%P6KeNs#&VF=@c7Q~52 z4O*FmDj0UFZeJ_Aafeno^8&HW;mTbcUK426y}__z+sc^s$bHx*Bb-qGn=u!aX+c57S0s*okAuEw-C0@T;Eg!-3K5@nNw|D(06CGrcUZl z&NCgW080e}a8uN`Zzt#5_)^6(e{5 z?5@5#@35kl5R~>RniDgy9;#Zk{S;5~^QpU|i^=eTo>Gy1Z{@noUg&?99f~5Q{&|#u zh;^5c_3VZ4)W4}=d*eumNr)LFCfIHl#f?a!zpi11DP`fuk*Ncl7+KBrm{(6U%RVRt z-MSEKe?2a{b}f3$cD*WwT{Mg7-*3Sttwq!a2-&-(5kdr0J3sb$8h?25bbLZMqSScZ ztr8;}pzV{?K~!YXO0kG8C-7NxabRD`>Ises{dIA=y?&u*@S!&e&kB&gr+&Y`TRFTOR-_M1XB83TY%Y@RydNS^~J!J~QV z1A!yRer&&nT+ThBxHn)u7c$H!85|H{Ywg?rlw!`>i8U{YzU+q-6p%A`vxRcC5?=mG%ziMdQ-;Pi# zt+wCUE<(>{>wS*)w=1Z$Z=uVH;o<)KOUXdn2wWh>^ZpIOE!ND#sR4J;0-vciE}Wf9h)Yo!1x*0S)bzJh9rd*zw9j!|DWk9vyd;EEIPvY++-ed!9jp z(hOPS6C4B;c(@)k?L0oFI$f^L{gP0Ax-))4e-O6OvTc1QRvA+sW-7XOORs{O=yTs~ zdF{&?kg!aJM*kJ#>Bt2a!I}?)!NcvZErtI8>B9eORnfJF{xWcXRYHL3{-qN=aE{{T@ z(SJchc$ucX%5pOi?1V3@4ZbfnIPrY?o}dO-SzJtabZKgsl0Q|#FlVy0_Xgeb4|tSG z;Bzm|Wjx=M-H67B7Bp3K?WViRBc)0%-jk?id#zqbQdHt8qtRO-RM$)WlNn-}?5TW~ z98E@*0khbVwf|$>L<~i9=UZ5RCHvm7HVxFPqoe6?7`X^;VNF07Z+Ov$@*!KZf^O5GFJ!p_|(CD1HrG;tJbK8K%h=Ak_F)|~iwGXp4(M-{fY z`IN}hoQ1K2FCtb`)GA343-wF_rAC#4WdgjPc7H^|$APK|2%USwe&c4@1_#pzL8nD=>}}s$c9j(;o&D)TL5jcW1T!!XEZx2G%3~{8R{F1E9198 z1?(GGDaUD<=PaKP=G>1M@1d7?@x|)UG}GLaOJF3zAH4IgYJRZH533XiN_I z;T(eO`|MM+(^zBHOWfr~PB8RO!POMn?D26eEeNU?Xa;$Z=D7V_`R3CcL@8#ShBtd& zw*LzIZOv7>y8NrfALgcq&GH##-w`(}qw%gThRO&d)!5uNLrxW=0?PscM>RASyrEoz zpNN1QY3!$YD)rM;gmbw;QA2of;G%kGBoRh={4+% zBFPwJ_l+`?`CTv$QTLXO12Ul~ap}w71O*;|MN}QR_s<6k5PE%+`AdBQKz0>AnK~tR z>C_W8HRnwY7wcPhVX0O#A>GT%G`N1(4&F1-J$XVaIvhA+?0NTClXI8D*@-2}fzCQ_ zol1%byN(7NGx_;n^t}21(GxWs;@I_+xUCmVjj2TS=M&y(nw(%?8n@VF*0`;GSg<_x z2ynZemhOl8!8cj?pQ}I0-OJI_`w8w_mf_w&!s2hCTuwvl(iSsBfB{8>32+o14`U;rgZ`wd|}`|nYkPHcAc*Uhp#xJbcN z3lVJLtZv7Mx62sINM7r{SXgcSx%HH>F*Uq+W*Hn|O$+nv?HQ6>MPHwU$+qTWg)?`lhyZU_J z-`^ca?e<=Kt>?L~>pUOxy)Ghp;0(~4ndnN3I*@^n1CE~;FjP59Y_@Ca{W9{<52W}g zyt(XZF|?Noz=H3idvgi!``}<7P^h2F_W+2 zUfXEY1n<>xN@ophA6?K1Gf~ff$hJ{J+}#P8Ee;LTvXz_|xB)4#VVcR8?jfSgk4DJl zww0mu)9T$zRQs^C%!do*}M4669J<-Z0b@DQeaNRr=S0k`v9!=p?9%dyOvs* z{=c3hL1&CfgC;EqSH%=%G#4-D0$=mW&y=O#{OGq&;O)1(QELy#L0g*D7!(quoOC** zDYI7=i#*~!j*3r#k!Dp6>}V`3_g2eTE~Y97Up0R^++1nP%Tv-Ft~hApM1@OI?_HY6 zB879-u;=PH$vokbu75YCqN|Xl{#;?22z8EQoCS2)IJ_+>jt#)w`wE~8fM~wSHmTXI zsdu2ZcN=aSg~V?ytc(Zmy$HT4U1_FE_V-7RdO;bW zO*W5R6oYb1r_G(bMfR4s5Cj3=^O9^4`RXF^a2eqx5d?z>Dl%9C*|egs!3BY-zw8r_ z^C!B1f;7({{x|C*hGh@r2z=WxTPhB&i!}qVV({1@lC&K~=2PB`H}(Ce^TR4s#hYQB zrP7miG+v&=9zHPcF4{WK>D{KH9IVjmVP3OuNw;F=a_`B)L9>lZU{avHgYtGoI@RPj z1ByFr_yE#MI$b+8&(1;DOWFr0`eO{?gL`P!LY6hv_Wj&MP_y3T_q>LjlqU^E0N?j#d zk1ajHO-uu!UfD|6hT2&RsPB9d9(-t|cm^V_-8S3Og!pW4Z@4b^P0n*`@eID|EFbwm z6=w^^rTf2gF5$5}l4efDbogMKMct(go6-S;xs}1@+CQomCAFlqi?|IN6P%0AHnNZ(Rp-gf(Pbyu0xH-W^=CH# zHM$XQCNb1@S$;w;A^4YdR{E@+#H~5x{~fopZ_Ql%ws7J7af#xiB>@b+(l46V!du6X ztHnaPI7f#&6Lov6&cv{W7$h6c2lJPm-fngX{X89_{k;0f+Hc15mPy#GRod>1D4dd`ef^E&q$We%XO|*g_PV z^uWOT?#XNjd&j|KEq!Wa4nj%VT2MA#tyAdW2sC%I;6n|cF&Rl(Jp}S&)RUk3b&+g+ zEEDD+nSAb=8NKgt;2&*jf6=5NqlPJ$Ig#6J&vx(bGHc}Nj7yh_7;4a)fs%nw?+o6r z&q?SlYq{g!J%iQ8(R8?sjDGr`;BUEh>_wXk-RY}1-^nUeZ2<)#0<2v#^QNoGGxYao zzyos7L-aE6(SJ(%ei_v+Q>LaTEQZ4m0aT1io{KKp$`pN1&G@#4v$g)^y*~SSY<|(C z@&Pi(bX)GZ37;m7o`>|G#Fu_gHQG!Dn<^2X+;SMp5FyQ;u3}>!YT&lRMG@a72qGtc zy?t3`qY%cT0_$$%eg@XN=h>Pg5X#R7IOnU!Z?DJS(J+;MfFjqBKMQcGY4#)ZxBSe0 zv(58sis9ky%a_jbR1=zb@;=^vTR&f}uzwE>8mZTy`CVX8vSg^c(rECu<$C`JEUf0h zOMo^UinZj>OvJ(a_CFBc1j|R&cmFTBG{nPAUfubHT{}NYd}< zXI~sQPC-l1mKSluf+}1bLh-`2M90)5n74`ag~pz)W^EIx@A8w?IiIZKq~S_Y;oYN4 z9C(Xs$?%;B(IweCE|{;pYCne!n&+nD$tdLF_;JzFx2>~u1aPpqld!O~uKOFschZGf zU`ypP;`RHjUF&;hRH5a2MS7${{_~1>MSRK0-l*U2OXVVF$b7Gl3 z$iCYYJkomC6LOfs1|q8c?4g#0QMzp!^OSpE=k4)2$$(CGiMMCj0>dmUP|h~9!ykb< zHqH)>)oV-Z3rG}xI{@5!H8uRCFv=5IEg!J|lLjf$%yAc0<^}KLc+`&PzW-7{lrP>* z!vZhlpgsL?iQa%NlA9e8kg;1RPBa7|S@gZ}mMGoc0j=$p7`FLm-S4;=a0~I?oNV+u zb300+)?}zuwob34^^rvwY*BC|s{NHb@h?k#ty1#hj9=s0c+4`)s)nf_?XAao`sg8? z8E{!JFXQWYdhC~SIphY@!Vo@%yen5(d2~lmp<3kF5v@q)qqLJ5@$Xgf)SQd@&fskP z3;3oL+S&be^0=F>cJOCjs02K$@u(>hOt&b5Fvaap-sN5-cRf1&;1s(VOg43}>G`gN zeY0fUH4?)=Mp@C}PzD{qeo4PfeUlt@Z=i*Uy=QdLGY|U3x(Y`1M)oYD`gy(9(YGasSuoA{tx<9I?doy;eEkDT z0}zOF!Q}ui7xdl80q>Wd$4q=wJ7HOb>I`<19@~F?C156Q#K6oyz{~Z-&hsUgE^D1q zc%xB$hlFcvFIVY#+6Ed>1}WTo8M=6KZ227vDGKrSg?>KSHXixtr=4f@o~WV4bP!k512NG|=#B3!Wi#b~#>7UJjnVF-zk&BNYk$X-{g&*2u&t?ey()*^0Cm{$n$G&mxxIYLikIlB!-k`(^*0 zEaw|5&y#fQSc|T+Q1^r0XqEoS(x1ek`-gCjO08lh)(X2b))>oL)BHpaPPR_ZfkDTq zOF+GJNELrageLzRcjw`k@RLCTjjLv{ zgs*RzJ9pVW#%N9+7q**!{{eN#4S~uu^#8U8abOML+Drq#0kFI6oHwE!Gh87M)cxMV z?Izp_Ab|7=Q!k_E$$;rc_>rXzsDs%%F6V|=*&J8brxPH%fImT=r-A!Van}UHRt-D93cs&v|b z$@(wW#5L;l_dDQKtwysjqLWq;#w2I04}N2({NUgWoz5&3u_*7tKgz9M!Pt{in@#If zq`ygj9}km8Xz~ns7p);|)Tr+~pRXJimkR)3i~^F2QI51NtVVM2>?oFRj~{PnzG z0NPu4T#Q&7FM_w1m>*jMg`H~oSvB}!i>fNYjtGFF`o~!d=kMonMlV=-RK8@k^&w{z zSMl|DCUkKa0qBJt0r|yAU|sP{;)1KGI1+vYwv|=@dcOtY(1szRz6vA>GKdGNuSHY5 zoPCQK1_R|Dm3ZKPz6kAIg;E1=-JS0a&XlbQ%n>LXbt@5rK`Q&7T2hqf=t@0_U5=~~ z$OR|4b1Kols`(p~ko(xSh?ObJmgeZj%EK)mKtC!1C0Rv_I~$L8s=vvGejXb%+v)er zcv_#=YYV1Vr{PYOc82K%;a(ZNp-XqW8iRf;-#SdXL7~q=MJ;i=yisl9G`gm!ViBfa zmb3p{G9-cLw*<(12p%-H|8VG@9~TN@n>agI)OsF99HENxLgvpc$6y!h>M#i?{QHh8 zWT3$j=}4kOe`i;A^>7)yo^N3&>-^1}y%u0xdRBYwiUq={cU_rs=Kgj%f_4Si#FVfR zS$|gQu&6X}LDAu-ZjJlxuSR6eDNMpRVQ%204q9X;;PJ}peV8Sp-`-m$vdxUFp7p!x zW2Pu?c~C2->pFwrHpr;VF&b`g_WpvAW+*U!dSS-Wy!X!wg)MniQhq@Fdes~18@)s= z;UL1ceiZvVf9ARmc#L4dX8PF$>-2D-G(aAAc+f~fP-5|BRmWWh>7yHp1xs2)Hi@JZHbtwHr` zk#R;E7O*A5BcAt{qw>G-yD(ehstR-#$<^9znmpV3^%o9MQ2ou>(0G-{Dwqn;~rvM=Fk1Am2d975kC41SAQCs{ zA43t*(S}||1b$u0zb)!bS886afaY{Cz`6nW7Vu4bNJ8QH0gR7!Nt&>iDlGM*%n5am zOPuJp+JIF1%lr`42fEcFFWEOG_(c1GC3Lm4cYhgab}i{&>cmaFKwsPy(r!~{t8byu{bm$$(`6Cbph<8jU)u4*yz~$|4;*jB+XH|} zLeGbJ?q@)`YGL}{2Yr4dnQSjJ4f470VlnBM%|x(`cSjx+4YS2ukKV5$DuMf8x_8PH zs$3HllVt|qZA(x1u8fag%c;26&hpew*k2Cr^#>zu1*72nKgzpPyq&?ChHC>pPJ=Sa zt5blPkT?A?^0uYURT}JMwhAN@-=Q>cTrD7OH^bZH>SmV=bOWR1Vap_J zn*3S>hk!Bt2Y}S|){XpjB9NW}$yoqu{KN)B|MFM!dR*}M-N2A%%beH=^1WHxibBBECD89aYYc!pUE;a{IpPjOT40bOF#HGn03Xv! zC70yfHuLkC5?j6&Hv#R3zsdYhv>Wv`-2^Nw_ARCv z2J}FotBx7XYf&Kt@Yx;R^e?%?%77{6PFj@7Rx{+l%@8pd+(j(QrfI_GM1a25Pj!nk zacXcTN0^80Hj$d>V+_@#0y~)ho!kh>>QOuS)~9mQH)DvpW1;Z%8xo;^eJ8CZ@G^?_ zuZP*ebxQQ;zi2de?*~!VVCOl|Ux60uIqhhu=_{7;#uC{YzzHFPDufyAXi$rS)zP%v z3Bgd%oa)=T+CFWvvk^ZpU()vRT>D>0`)Hm&3`G1AO|t*oZLSn;L%q;8KOh_~^0&Xa zmi2DoVpfpQtePWnmL$d}8of7^4X?-aS;y^d1XFEqn0*XVMYzmslCuh z|CP^I(ax^DT;#PU#qBC*v)|SZ9E(KXg)lVo;x?~NP)?0HOkac+iF2VpW2Q zq1!sW;K{LBMylq+#l7{{P&^uQ4*lswe~JW9Q#s~CSRXrK_FT^@LY3}-q2AgVy)nr# z_Yv2W&29o9G5c>Q&40awp5;;g{`h6!f#qVgA84YU`O}-8VzJs6L2*??e9t-WetbXQ z=tkLa#GRvL29&;7FFQV~lNWDOFs=ZT*nZi%VcWT7x@7Bnc`k3QZnHFQ@Nf4o$~h3K zs`A^q1nMfv%NboRo^SRjt~Z@M{>C4N`7dhx5C$af%BG-SMw!$hJ0~pye4F=uX7ben zQ}XlM1t&JZ9q2wJFD`7o0mXlP$sg?-4f;E}K;gM9UM0k)TAn7O`0*v%AY)g1qE6s# z8ZrilNLo>Vf8Zpz`6(j+0OP2<`);k=_iJ=^cY(Ax8vBdadWY_|*F`I!y-2#P3HI); z?9j0+$CiV^Kh7^K9lJW&@nY7D66&aqRJ0Qw0ZNxRtL3G|C5m%cgo56UUPp#{8M~WZ z2W)TaKdrcVsMea*+%pw#ujd6%Bri6`R~VdHu1vseEW2J-fvWW78P1hDK=b?|MU=tVla_(NJ!6Ien?nkIG@$=i%ttFA*-^;Z#X_no z>j76b7oAZgU9YeTa&Vy$X*x0nAAsMCJ^{BNl{wSk-7(I3OF&hZFBVBB=dDGG|5K-s z#|1V36h=!m$C<2Y>_jLb6#4<$#%&4U_L!y}AO>}rf$^4AugvQEH2%Rz4dJD08l>zx zdf;vPs@fH?aDQJtvddiUiM-e#MARw>7O(K|1nSm8oz;;CpPx@KQ07O9?w*GG>X^a* zHCCX1C>2=j;z@zOKM;x_qzV4vV7=PCxBl-BF8rlp=iK+nplFX+74Ahsd^s~)WH~vo zsRCxN5BqM0ws)xyX$4@z!*Tc9V6;?Im``gtM^d8etz_@wgZJ8SV|u%zP^|X|E43V5 zAH^$|9NfeICh{;4oqR;_?mDUIum1UBh}y7OJluZ{<8T&J`_(Q0;h-t@gw?e zbTe#aqs=~VYmLpnI4PW^4Vrslr&n0AxbK}9wkKG(yG5npYM}N9pX9(b>oq4i;JQEe zr|Uo&Uv<#X+Oh`UTT*({OWGeu28(= zL;CAEXQBkBTW#HBn4LZmm&>x{>!5#>8Fs+0ii1vTji8tG!dPlG1L zVA=4WTVK>SLKe&mK*;F7hSoOAD*SB&x&u9P@^(6Vd7-kBIrwkB4XlQ2^_cCON%bmm@6Q&}P^wz1Pr?e=W?dVAPkLvA z>17J|SZ;vmYq*bntzPfL8XfEpNKN<}u|J4Oz}4AQwo<=fJ#GYGZ1e{9j!?i;r>bz*7)4rP(kLy8@kP{$d^_-yBh)9dy zuUb5CUv)hSgMNQ|)Ng;`e2V+Sh+Ita_U=0?6WRJp1Auu&qE9SK>S+LK_uXTN zSMYg{?L#YIYmf!-%KV?IE}IBGv>|QoLmEev8%xX2R-XXRYg>S!pAo?nPfb(|x1L+= zc$ody9{1-35HKBz6mqw3x+56m^0*obC-YC4 z@Z$Al*KHBx-M!_N|{|5|28Ae?S4y*{Ti0tq*` zE^C$Zo*MNN77SIHn8MRWSL^2?oX#_l;45I0>5ZcTma089a9`WBF+Of6VM5_fR zW3^>Ee%aH2SUi#1_q+wnBn>QUuB{Q$lodA{5~Hfg(!0c7$(;%|Tb50a)ZxB>Vb zAWqrA7KsoyYbF2(M)#}fjEtn>O0=Kz7UI)qd`iu~G;%T;&UH$<&; zb-DUPPkEd`dG7-;(9_I@f*U@c&+cCy-}^P@jSkf(u;3ay6_EARda{A@0rW=^It}32_a1) z`Y>Dsn(7OmXe#IT7a|zCw%_(j{@O*k!U99KUiR176^c^Tpa32d1tzkb=7}RqM^}G^ zYWX2k0bN>f74iKz#GuK)H%P8x#p&N?b_Hz6y%5FeD71~QMhC%uR3Fx6fBICC0V4cC zmK`f+to)-mdx?_LAN3lCtc_(ZRHol13k$4QN;6g>q@;X8j#6F))4}N8e*wO8!3cvd zCm|_^7JsE&=GdfqJpf|6%sEyVTPdG|X1L&`Sm|2y#1sPG*X8WGP&~you!w_J>sn^f zsPQHs1fEn>bo=$W7LOZEnWq03(wmjo%Pa=ne)d^xkEAjsBy~# zRkQ;8GX3_5*WA42NbA(YShf9Yik~V`f{h7=vKO5MB{t_BjAb6?fsG&?xSx+lK$YKO z!MT&_(%C5)$^26?-L1cO`a|3t+k!dmC!w=9ZnUedKs*F+Z0ztQogwPnW^vVZOquuo zRLQvVL{|n3QkC+SKV#pcv)RtmIWGo#nXwOt#|Uk|sO!Xx3gS(DUYz7_vufVU%lIw-k+_Zudn;7@sEH2XIa^fDp!CH^!zE2PLT%BH@-(Qk_miezl7+8>#hiE~L$ z{`D5>nWLNyM}gy4BL_JmuM*ar^n-IXE7mehFPvjF#_Hk{g8a)0C13=JQe#^hUFIJ{ z;hv(JteNky-XXsWlY0t)Nt z7Z4tvq`4l%_-)0gmQN}o_^k_+BIX5K#86I)-mMEKR=5%BVwC?o3I1`L^Kqt1@!Z>3 zsyLb8ZPSPxvV&PpLGI5vg}Ua9`X6KEx(go-v1`cBI|s&$&fe?9zu}YQQn;p6>DruI zA(x?~Wht<2FV<&lO8k=b2}3|gVoC1EXE}GPgfT_qQ#r(9$MJ!|;bF2BkN^6)(zP^b zyy?j?#~YxLVD7X`D#r@{CA&od{R$3kLZIO={uJP8&b>B(XdtBQX2$ z4u~gzVwkG44z(SI_ETeP;rL(^Cw!buL`V2vfZ*2e2BTu6e>4#4(;n+~0oKG%mKmP+ z+OC^pj3O1Z-GYVA0}e+O7(I8e%-z1?F9o_m1P6OoFhG=i9k=ZL1 zFm*JP$4PUO#LVm?)gA2=o99b(0GqHGf%x%9`L9Z*#gGOi*nI}X+%)zWd|aak{^cwo zcqtolCTzJKvOwJ>!OYe6r53qSdZPO|Znw2y6ZZ||B0x&TqEC)&3)`aOCzWPVoZN3m zz=YDOfa%s7JPVLFtxVRv4;PZ5^gyize?L8@XAqxnM0lIm)XgQQGe^CgkGkCc<+v!c z+^BujqKtK5AS_|)LSg>!ikbw^5W8r1{g*MDtm^pyYmx;QSe1NK>IeW!P3RX%7%tKm z9K*W61ATQ>=?*|QbFoqK&p!y96yooT?Uz}uME^fn+_~woq|OMA<WmB}|t7sV`3^u%H&nOe7l!JH0 zj!|+>cUOkGydDIvluWxYrwGNZr#<1LQmOA|6N>31&N5!B8jS;8y&_b6#5*G_)iyLb znHbURrAZ?EtqGyEW}@^F*(wHHwWvs))6M{PMtHvyqA;^;_Rtje(Qpj9EUFG3`oRae z|1LK;`7e$mc>Zg~t*ZHNrFJX^U-&`(J-0Z;V#(WODLtuCrm=IrY$C9r8#jBf>@BI6 zjN=7TiwUmVw$s@*3mMiOL=rnf)E^d2;!_EjRdd82DRb!C|Ed{&LvBTML19FNReSq= zUV6bb^ycsZ-*B_Suj!FN3q*MWwb(E;pvDYWTG9!>Ulg?jRy;d%J#w8iEk-mF`(HFK z`^ED|^ceRDpMFHN9O1-c#X~v8-V1$(7F$_#?CI7sns9c8Kv9w6W{Kc7pCZF2_);VJ z{z-~uz&(b1w?n|5lC8T%8nu6LHQhoDx6MZDt+y!Y3o_M3$=HET6}Jbxd#X4a&* zt71fu>!A`UuAi|@p-!w|Q(F$3fdX*^)2CwSjdht*axi=>$G4k%7hzphb*660N5(TB zN|gG%d3s?>eV#Q?ve(St@bf&P;ZaVD9_Yi9<1u6f$3p)xB^Oq+(;39AB4G5pYRexC z=YP@q9SNYPu|C%10&Q5XsSfk?AG);|LAE}1`J*Rb$nnyxPk^FJ7(ARJ>!%Aj_$O$N zj@TrhcZ%{%0dxAZcerZ9XvZ&cgoQ@^uPR$S>f1~rB@xFivi5CbjPR%$5K6EP!l4U4 z^q#P%8fiOOFlGLTxuMn*=~aA-fRkZZ;VV%O@K>^x7Jxl#jE#JjYAye^t#O$kT;eVg zxM5aT=(}I55(qIpx{~w;=yQPdUjCfQz|X1Ko_KKo{{?_rNTvp&>Ush z&Ze4H5$s^v6N{(inls@2am~HZi6NaRi1-cBD-qAOUv6Ki^t$;AD*CHUB68OCoGmbhR;O0`612E@Ne8V^Q|x z;J;9UJ#}QLhn{*__m`}9_P+5lE$s`TxJno6U-7dL$)_^l z+C6oe{oeqAr<3m|6FM)cNta3_of;7yx+k2xV>B*e5g~LD&aiL5&$;$k2kvTQrlmf1 z35H7c6;+aL!nmvT90z zcn-cY!~*sioCJt2dYWYqj4%Vd80E@g!2kr+9YTwb+W`9s{Gs(kvql5eR*&A^gaX%A z|AQiaf7w9dZ{9M+LOL_I6V3Rod~VneZVzH!ELA^J%qgA{21z-_>k{6{YlNaQlyZ>t zTX!XAj;_+8mK%3Qqsv$jtHEPVfPWK%fxx|?BJ-0Ql?6*|u^pL#7nUXu)`s zefBvsZ{LGltwACW6?^o71dMhIX-o*v1`f7EFG`lI( z;`wIB*=-&%DURB26%u+E?BfLeweN1=UsuR}tgf431*Uka#>-SR(4aevffJ{xW+pv# z+_<9%49#MBe`|?`hdBI-cv=`Jua7h9UzUULwRtr`<%W^$dC}?@8{H~*brbdvT<>(u zqxdv>xSdSAe&1;Un1b&Wgfm8*3+2!w;*7t3{~PBiivf;@)_hvy{9ghXeW76TWBmE^ zniALmOntFgtgXf%c~_NXl?GNW2w<0JlG<3F+OiF`R+6tlK8TP4;yw- zxtugqD9nB}4~kY(mW0NJ8VHwkuOU6m;J#Y6`w~Xp5!6qlu4O;*)+o!0aq!GtdEIq79g$r&yP>Sd z6>vq0=GD7V+?(LMjZ%MJv5+S{vyze>c1aOkju69G+2}soA$~TIkSvC%#7ypJzhEF< z>&ez%8*l;~lK^+r>|+*ak^qv00&;`3I^At~;6#C-Yrcn~3N~Kqf7$|;)%~qe0UWHt zq~;gS5(j!=u}ikvMij`uqs;4W498`(;4jMJEBkT{OmGsRJh!bd#O?S{mtvIj-;15~ zreVdb&}_O3++>uI)83K;pyoUC!8}}7X>ga9A&g;=Q%UJ>xT|IHq<_~*xYpIrefibc zX8@+DJ@6tu^sV`8$$81cPp4IP`<`=tf*QGb{y+6s6p{Oi1&CdN^76<0d27iSMrm1g z@*Vj@0tI*rmEmxDO!yUky>Z}7d^y>f3PDR=_3HnqZZWHDG~*;wDT*uU?|ih%5gMu| z{R7dZW|2lXY#v3Ww<*3qtZZ8PXfo(T|7!e2P)bj1R5Y=KIo^Y-;RdDsEZq~}u5&cZ zJ@@O(8#t(Q7qOcf3uf3UrSS3E*nTN9&1;qo5*jPE!1#&HwXzn>eb*;vL2%_3HjhC0 zF#x>-JLY9Q{Hl86!S$x{dw}b!fyO^E*P#iWC$3vPP(klVn|HUua zTwJOV;lGZ5IrCESoz(atfaie-d~%r#c@mVj_pIDq;vQ;;)D6{bxIii{?w^7P1~Zva z^M}3yq8j&*TF89mOZV{JSMt4lQ70l9X3{vYT<~ig-L?@(d4ET`#b~@EOC_2xO`&ph zVNr#@C9bmzkdPASBbCFZ3a|_jK^2mb;1bE*oS9N&=Z17%V!feI620?V!G|DtlZmmd zAk>k3rDhIxwQWM3n5S;ZT!~zu<8&M_JjhGq+{5{LQkESXoS z2fmgu0zTsOk0;4Rf~57ouL;|PDy-7Ol1|pD#MRnGttY=TD)7LZi+{(*N+usxV#v5U z$ALqp!=WyLM#yr_F-R@%9^!qBIJuJtpA&Gn@-I-Z4(rf%EgWo7s()Ydqw9I{b!e35 zY(5E=q^i|kD(}7PsYW+ke6opeq^hf%Y=|iVbq=LrFsTr&1l_vhpwm*99+{_2u{3)O zhJ~>&DbVx1#lE`Dys<&k!kh`%zu(niz*`v|a%1;qE9#^be)FYA4oX^4fbV0G!73y$cgZMpG9#tZ=@(&xocpyl{=@Ac6xb zc<-WUxYatj#jm4>`}OctsZsY+%TDDFttxl6ROow~Wy79fmdZvkiRR&Tq5Xt6kD21e z5dMoCv|VlTq;lfjtJF9+r_}lp-7P9Z3cL$bsa?|se@_froH)QgQCK?1ElKSR2f{SD z`$K26xqxEFxfi38;rqHo2EesB*{FpFt=en7-~NADzxC>74xac2Bf4nHzjY7N4ZlHF z7|KcgCH4Np3^+JgDiu&pqcf?0yNn{d96mI6dBy?Jj<<2>$a$x!ro}MJtp$(qmVEx} z=+7Y^8{}h4$2%iKFH}eN11UHTGGiw(iBUSR&qg_!{hfcV`M#8~p;Y&fDQwi%5gO)W zAlBr=g?PTQbA8T_Ckd#@?JgXh)7;SIKO;;zR7;M9T9e-V1yV5y0FM&GGjj7CR){12 zcS_k=rH18=e5Q`*AXw=Aeqi1{{?frA-pI=te? zp_1cE>f6TN%1>vhhI)()X+_eKzE9mT`x;?tVlVp8ES9C|6HgK_b9jeQCPaa`E*a?T zC~?`wyM;gno2?9Z%Z@Z7T%N zwP}Uh!W^nr94B$OG4kxJFVQ>47KT*}MnF)bW;#r)HMXK_;OHfPvON$vMM;3ZsS_^_ z8c`CkogmgbpP6#sEW)-1FXIMO&f(D5X+}%n^kzd~y_x=r5sI{g3~KO)-E&MteVwl$u*anIMnx4&#Ho%a-RnnMb53Cn z>rmL7zEdI94=Llbr8QnewwOF;4|*D%_8GYI;*Ket1W7=$#5SsiP10SIudkTo9ij6D zX(})tV)OA3Ss^m2nbVWArY4ahZi5HgyMC1X1O z-d+4nRWQdd8LPmCXe<{Dl>Q!NzkO8xfF1kudlvN04QT-^8}(<-VZfSED1a+rv0Ye7 zm+5!FUnD$8$D>h`23bW;tNyFzBJMp46e>On`$^Q>xqD+J%ZcZ3WwUUYWwfuOP{SS> zJ44dWEb|LDTXFy6oe*V!F!V!RGEy+8=f)tDk;1k~TjEbUOteItvkZ7gIWmhEh#P$i zgp`R;(15mPEqX19MoPVx50TD`!kQ6Qg#aEOEH(QHP1s_E2^p-krxY{L33eO_7amIr zJ4|zAN&3^>dVLOF96r+AOJ&t+EV88vxw%Lz8TO%4{$CBq1VWyaPzzdEk4)qYG;YU1 z->&SwU?@{v*HnC`lNQ{#$_lCS1PE>iWF@O{u0)M)5yC;*{%wY~#-)pT_y7rO%IaGm z4u9TYNzQqFiwP`=9egXlX$O@OgZi+34&d;BWpIi~vZ9S#3?GdeItO=Vm77@oMF{aB z@P>M^TSNMSY|K*Ox?&{BfyZH8Gp>S4WdIBvn?OC%v@ORmm{4Vl{H6`g0GX~D(AVwXZ^gE%L`H)tK zWqelBtV3YquC&qHkIICg9O;ovgxmhM_((-YgdgL__AejThotvn z3{w#{X_!hP9j zJ4_?EZdNF;`C;%Z80aw(WX(nfwY`A2X@tbk+Mr)xR0Nn%bUCG>!Z)9G){M`La%-e{ zRsOZH`}5}r^l#!?QH)`|?ni+Mh4Qf$Rm6jQ11WMu6q=BzINd|be%V9>p@xm;-m?oc z?mH{x(2=hg7Dx5@VO@{VKcb`a(+~+OK_6OzJ8SGHP=Y=$eM6{^xTn&cTj1Z~6C5z~ zQ5Kqi@toPRP6Th(?%Jsg@C-6{r1RB+5CWf8`{M%kH3DV|dVob9^rjwUT!9_Fwz`)R zTHIk8SV@F2dZWIu;^4z5`D$1mPsimxHgAo;GK1r3SLP%gc>g*7pGZ(6yvJYm4wew+2`Nt z_c2B_gD41Z0-l?~LtH0$&rmq;z>tUVlOjx9R8%KTbkPjHo&JHky^&W%zfsh`hssS1 zod0c{GVn(Op3yoxui#`yDm1RpqMp~!MBSh8GJ#c>RAST2MH-vG+KX=YCBH%8hOaG? z^wvl-f_O+LuYwbiB15Pm>WVqa{OGVv?I7l~cNz{QlD_i&t<#1=9E&&qf%3~w%VmkU zup%OO(ixFaSQ-gqX-HXi7Ayu?qR2TjmpHZok+^B%b`n&U+eh^6hhlxhGa*dT&@c#s z>ILxBoQrS8AahwA5WrN#e8mOioes}VRx`5Jd&Df5ss zEn|eWkDJx6;BxxeF>Vn(<>){zz~fd#ouc}3;~z%-Q2QF|5JM;chw&K;-28l7L6h4N zjLGUq5*`LVk_5lpZwqmC3awiK?rg_@-}2Bc|1=fiu0H#K266Y2BLN~+LBPBt%_C+&nOwNzn-<9D@fKq+?KrzFl&eqR)=21K@QgwNvTkRjipZ`M2ovIe3 zbn2^OX~9t+LrG?C?pDX@z#KQW5}guPa)TLIbaxe&k{>{o2WzB-5*6-0t*Z{tNZN--iOP z`P-=k8O?Bs+vkwo<f#yt5JAZ(3o|vUJ4+ z#}8Jo(~xsi`8onHwh5hc5S1avQc`COa!Q@t0qR4cHM=QN2PlM?Dx;2F|@(X<>e1~!~D-K`&A1q z7*6(tw6!<3jAufMb>YP)3$xvE9>jl${*hB`P>Vcy zMb6blIZ(Oi@8qNrJncK*sE~IrGiU&9joSeC|IVob{KK!;-_Lu)@u+E#+j*5XB5SUR zaV(1kv=9n;BBjEU{>VoRYxV|e)pdNq$WQH`~`PlW2(_G)#5m0 z1_K)hevMQ-;oLy}BZ|oPGlO|?6W?fAB%1NWCju+(*0!1=?{7nG@QbSYfp7;#a zRSRCUK%4q_6m6GH#cCV-!v0J%WvAE0P};Gf$-L*La4`kOYmt<>p!4a89JG};kUA~T4}SkkzQP0s09vHxv$#uM%psZ1=PIF+RI z)gbpXTguGkEC#haNbbC&qKYwUsmc<4D2HO*Lt2_$_oyum`E9Vb+DqkP^ouv84ZF_ptgDg3m)bUMmRgE@<0g1^ z=Pp+kL@H-S-YTu~La1>DgcR2uw&R7w61U!f$}f|ACOl7!do+sh4cN}gBhwv}ZYaD` zs28M@wl*S4Ju+eH+n9{SbD~~?+7eurNQVs?;Zu9Avct9*nP8cvE>di9<`zP!_Y`hb z^xd?k870n~OG{k^U!=-u$%_e!z4?)%#-O+1KT1OXOUFfk^D0$YdhtSC5roGl?2*t? z1!*tw;XmE51()K}!Y$Mig{e>+?+N$AG)um#>G?$B+p_Xx+ zSAg3S8zJBt9gry@qWM!&dk#SmNiv&BYuFR5gmIrK-P5-dm;E3aCo3NM70UNM{q&DG zuJ0{Yg%9hLlYi7*NNG)IU_-=J4vOc|Aus!H4F+z?lF&KTVD#x ztQu$!2$mBuHhScV)JAv@Yji`9p&HWyAfG*9ke5W1u-xv9EhGY^P2J%k9_ED!!Y6ZD zTXn+9R5G%1{bjQ7y7j}X)Dc=yuDUYd=_URJVIYs{#J7B=;d$1fKa`u%@AuZR$X>jH zG`V==?T?F&>R>*EfiPLEY@*+JX1JMCoAd>5+EJfv7=e%%>4^CnB;*~Y)WIe6Ltp#C zproT7cFEoBlx0H@58eRDuxdypS^{A|89jsjhTo`P4L|Y1N8aWW2kk`TJNo>BO|mf! zHe!=#+nICDK3_?NwXJVi!F)R8pp#Tnaefq|>EFhU_b37CdKzBiv$;q;Mbz_hvpoAe zm6KmdGe-i`a=pbDv-*gP`(~gfh63NN*7T}~M{F^>KDoml#q;_C1br29F@6lhL`#!j z_hoZ$=SOKJ{l({q@R>v0)ssf2$+fFPGE+l4PZ57^>3B>acT=e^zq7gg=63F!84!UI z`n<(vHh3V`I$H1+Ut~oY+{TxN(QqEWg%Wa=z?oG$xE2YQzks|7cf63S3HRd9FVFHW zc(!@6ltBdWX0TK>6E~wiA(e80hYluv$#-y?kSz(}X9`8Q#MOr779R+}*?;K>(Utyv zSJ5~BAVkmLe)33ly$hFw9Rc4T_ci{GpwblF7-)e}(EfzXx}hU8uKyLxJjB7h5;B{GAU$)w24i=OaP-#Nl~>D?kv`7o zJ4kA?l!3Wo)K4G_Y8cX0CvI&CpB@xyP{hkex^FY%seLhEO#G!Y5W- zD7EX3PQQ@ZjkbC2&%!1xhJJYSDm-r3CW2PPpu*FscmS)7BK_|lm=I6DqOR58KUO-l z)oFg^y9pl|;>RG-@@>(VVwFU4#-0P=b~O%vt}zZ4bk|JR;L8fEw$9pHo&uddb#`(L zC~p@_lV&uAhPDlr!j-GCK38( zc4A2_$!>CP>YR1BnEs-N@-g4Ok5MYN6}IhlM$OaOJb%krE0kP{!%B-~*taGHDKPW5A4hPH~oK zpLnO3hYbyR!f#&#b$*p#g;}*zWlJdCY1fx(47t)T%v^bfv2?6w*H`eeqOSpo@e&3- zHol`hh6S&(EZza~$?NKYO+tV96ja3-eu6rrwS*h_$iW2O=JbX$s_-%3`G=YPKP6q` zt71aM7Th$~Jr(V)mt$bIo=iqA!lyZqIG#w|eYq*Zj3a!`3dAMn<%#+4nphkkPuO;|GuOoa5R2afr0SnhJ?aMI8Z7zIfid}hSK*s0!tK;gNRCOBEfk)%xJ z1tmqFJxLIB9%*y+kNIi-)i={0kKMt0Z)R`5Ea*nfTdfAME1W7TD^871?IYdC40z(( zttS{D@Gv-@|5{y7rBjc2Scrn`^7<@4{tB-@na{qFOCUhAsWvv1rT%)XtNH~WHVgqx z1mbT-h-JC=M;wT8GoU%eYNh12a%y(3P4;&8(6h#w^n9?QV;v8|BfWl0io0S!BN@zW zswnjJBn^w)^ok!TNIp-;zRWLl&+!-G5&kg5t=|`<;P1ht)iUE(Hs&w7-rzeIj$Lo& zIdG)y(vSGQF9UTeBSP`<#n8$IJ68WHh^Oz|T@{7>5-BhO0jTIO;fGjwZXPWgBpoo) zBDBrW=X_NCfdjbf%s)5s6MVi3xfXh^`)jBL7fJq@M$DBKRt9&3>AV7|>ofNQC|ZS1 zM)-a`chHq4CYFe)UR+VZgi=pI@A{hoDFbSj(uYSm1iT;Jrdg=7nWN4v1%V*}P~IxL z+lmn8P?+Li2y@wVz&rqKv`CZzAyXzAx1K+U&3@AZt$`>)ECFQ)Obw_i)`h=Q+cZ^i94 z?UoB6)!QJ|a0>l&@UJA7FY;u$@sqGO2v{Vq5C9QvT;O6{o{az43B|U=gp#g?Dg*i0 z^NN=u6w5Jf4@mL(QsQtKk1D)0n;|nAYn9ga>_JpPMszGSg-ZPQE;|~_dCd)(C|>T0 zzLVTtoyLcI-ynQTtsoyt`Y8x~qx#sNSgI3KnHbpsBGK6zU5s$@e(jIFBG$8R9=oo* zs4X}6rq(?oQHjdx_B4ZMyBpSdRW_OGu|RUR@sBa)xdBe*k`fy=t zM1MKb@G-nR7>lEmoKwYktncp2TqY9#POioZ#)wvyzfaxqD`p+sw*Sp0+;;2V_qT#3 zQ6Tq>0o(UxTg@QEIjV*sMP-<=%DZWPqIGnc@2gb$0CAihNiA@5zs^q(>RI4nYo&bS zj&hDi975%9p-NO4=h~e6q2JHQ@tT|oo}hP|EhgQn zUl49BLIFkm#XdB)1kG|!nqgu{Igc|)VxBgHlxx*3oB=QIVOQ2@zS(2J#hR63IrQ1a zfin#dd~~{x@VpaZt`{lj6&9Q3(4=2__fdU6w`D)5N3CT8s89#8;^rJqnih6uA?IYb zMbXV6Q(!dd4$!QQqn>KpXtoIw8G<2V%j7|Tf+tjRLW$f|0Q1x_t-bQYWNYA}B z!Cu3@D@=jx1dUUkPl|7SpiQMW(Z7?z3wf2Ifjo`yuymz%HPmngYN_SiEYo_O;dkM5g8 zaB>=M9Tid-=kYFRuxX+i=YX{TJ#d=dbmFOM5Im}`6hUsyR%Y>=|cQ!MGQB`Y~Tj4FfiuJTZg1g?*;%ouuSy05$ zFCyMrq45BHP4Ckx2?QS2d$3qyw7uRA1Tr5wyU_166&*D)1@4_+mVm_TK-1H4J_xxQ zbu3l5R4fJ?*+iul#MorDuy;u}AROFdD6(-3ozlA^(VZ0xi;_WVG8C=X8s%ga{~tnv zZ>`fKbw@(3(HqVCWyBQ%Z%RM!lwSnWX4F$8dR}sl|6K_Yvva&)wVQ0J**5AueWPRp ztHYOnwFYZyK7t}AG@(&kHo#%SD83DXDRurd7snAdw_`tL{!|ndJsPeI7w4{-ofUCo znCVjMuSB1ZF^-d`i0bzxr(5B$v1K?-!$Yj=(bT78GnX8vY!a);*+Vp+xKUCpWaMwM zs;j3aK`-C6?BCnor!urJ>YEAlatAsB#t<2b!Tt9?$iuM<{{Yq+`}kK|WZCnx_Mi+! zqpFBKmfav>8!%TmMt+yr1AZZCPd5|iUe6Sn=F`5>&+yf@x48wlH??m4@#dS#SqM7& z=vH93j7;!#8Ea8msncB4=ysH>^XbnknUn25j&$0F*zqw|rj8?TF4|_`V_oQz8`arz zt7%kn>uGuCTK_EbD8hvCp{?SOEO^T^U8|EE-h2k(TA>|oHqAWf|2;e(0FwGW4FEr^ z-ajiP^;|#!aA=9DFX{uaGQVdr4yn7gT_>jfe96dh(OiEot=Ag!L(cWuwz+>M&9JG1 z+TJ!u;~*@_x_ZL7g8BLyfmi1GszjJu(BA|TA05NnY{zP9-b?0!{AxOGBCa@YsxVDH zgs35?Q}X=lNun3Ft3{8kYj24LJ7$pjvF|X~dx=Waf}>~wm4s=<)l(z%Tm&8*8b_M6 zmR_>xBX-twXfi$+(D7*eBwuieh7du*H<>J7=xI6Vs%r&*{OP9f!Fk?^QdFKuU~eF61`) zds=_GBGburXIn-sXuXUV{L6 zGjqnfx$*=~(#$HZUBg%mp%BwUq!~R>X0jdLFY8gdL6~ECpy)}$WvX!J+-@6oT4*8~ z5A7E|;w>cN@znPdu;=Ye;SXQlyxle6{-Ex7{z5Tw8%9o=SkJ!`=I`snPB&`b+fMhR zVqbNNTxtx^;{N2;_wPYjpPon7ZEhL}jc3nW5)D}OH5H<7uFIa+hYpVpndpK*fd?ci zF*P`CNduL51GZ%3=;S%p40|!KoA%uyK@`i zJL0vcLelZ&=E7t2yr7L#%iueiaTHQ$FfG9p7b77LglIg>@F}t~+SXj812Jn+0bI zJ>h(eSPZrFMd?$DTCmY7)wE@3X3Ul5K)NYH`W_K+ayUUYVy)oTSqck1eCKvbqMiZT zSHWV|aeRqS`GwRP-LrlE{JU`KOkNrWhaqQGeMgsjjPhG!c^t2g6ki>x*w8m+6V+SIOEZq@0&DGcyhD?>BJouMO4fE(?9Kf?0J--rRgaha_{G zl2=*3JXfgs#c=wS$=Z!v{o$M{yMd$K?sxRh2fEj(Z^lWMWYjLE4?R)I;W)K5rAe@3 zpc@Ev&~m&`Bnul&ZTJ2grOdR9r@h~ULcAYO-f%m{U7nTz`D+mIMi95@xKd_U_+g(H zZTa@#NgUPXp1`!>z#5Ml!8=C@FIzuLV%0OJGR8sY=kR}zn@i!hErV1dg*z5&S#Df6 zScU7h!vG)caE)sv4@ItURSkIT=L?Fj?^i43J+o3bBa#3Pk2+z9*3V%& zt!0z2}Zu(JBc%lB%ujpd(_8<4p0RGsIK9C zSMRo&6m;7!Q!?)gD}*3Jvxc2A73k5k1W3o-*(=ZGK-M0t988Hv-MQYkzc4S%r3Ubz zdA6P)M4I(N<3|pzunMl7Yh%J-w4BO1_j5`Ix9wtrX%q@!7SkOemsXe- z-M53S5mt1E&PkOhrvAV}t|O@2e!~fQjYd4)EPTSZJ3cRQ8Az|4OO;9QLkWH6poT$N z@)rkERzk;2&!>Ek*8C`s-gHneR!TLUW4>YB03{v+c`E}}w)b(q^5nazk3OAgsu5tt zZA~ONS*C>BswngVUbjC#pHNbVb0`~B5%U&Ak7;HOvoMY}O%{0{+sP#+T045Ab24AH zbT`z_aX}7bg|3c`Xtv8yEw%y_n82w%V+KYzd5z;2cvxErGxJ=l`(S|J*`RTo`0& za*<3S&-~D7*N~MR-bO6(NcbqcaKCxrJ$tdxVJ=%)G@xOt$-eM&-w^$nqmhqYxS5=UlT`a;+1SoTN@v(O= z<+_H*k;yBmly?tkL%1zG(~IxY#CjcqY2Z$DPt04U4m&B>&y+G5Ruay-E3(b!Ez$e` z6`tHQ#D6uAq-RVnA4dNxl4eLA)w#c{4Zx2MEO_D9|C8kj8CQFa)y%S>pPj~g5t1rU zpO*x!6Pg;=XgB$kr4du-@ysVtkL%JCTO}jJcwa(lTKhw5E}^B$PE=Q938#2^sYt=_ zWU^7=-|lsxByE%oAi6Z#KxB}k*gA&0skIi7Uw`|lMK0lD7K*FYM>AteZoWu(UrQFN9tB)9wxYgF{x>-*C&)fiD z>-F2wOBww%T|-vdJ?&YcdDS_D(z%rVpKv@h_K_~`60HM$T9!(w2dxhODl(XStSS0y88tV_HYSeV%r`)UxTs^0)o}H$;aI zz0Dwo9UT53LQkB92&8_7FClSZhO1Otc)9Vg^`gQ$B8YEF+*f>_IpNVzH<|QxXvYNx z#XpK;q2FJ>=`jU<8Gw=$c+ocitMrHUdY2A6YjP!wMLeUgNC|mqFN#G;7_HvEHrM!# ziWBngmWTwG?y;}bTgvm$rm9Yt0A0J_l^Qj;{`L_1`!v=RmF~q+6$vS)Cl;LJ0+D9VAh|Z>d?YcKzo6(-h z#+{=82>9n)0DeM`!kFVuE6}-|W*Nd1&F3m26M4m;c|>qksl)*U&M)EuuyUr4Yn#Vk zC<2{3?v9RmUO;tH8D=IP7}`%J(TuSru#&>bWQz zf>$c0kgr~r*Bi%EzeVf%uSpU4*&MHoT+TtENc41u=h+(Aem$omxZza^1MFz7G8e_+ zPb(vWp&*UDGt4Ntp=?X-vZJN~2=G1U#!P6d3(Jny5^h-VMdln7jT)UCd))4-f)I;B zm7n01Hjf#FobaPVae6fN|p>WROM} z3Kz*1(h7q^{-PY_^{OzwN{q0t`k9VEMtU)iMie%P#51=QOJ-9))1H?t66UZe{meSK zNNxxodWOBIRPy474nk*7em#a@)W}PQMKTg#E4@*n0@4%IXbam{MZ7!pgV8=rpyL6A z@E!Z~4w${`rMHQ+zKJ=e`xggWC%IVtzl&xPLOX8zBe1kf-ILQ59W=A+xKsD!ni!~evTgK@t%CwnwzhfGRoRZIDh(ymy?+VNKy=?jP28H2oWTrbSOTRtJ? z-*1yx@v8>OBka`x`|jQB0g_`yr&0Yh%XK+5d@UY5MS#a8d5Wq4$l+m2$i#@I$g}xe zKH@~EfSOS~U}3Bh&d-SR9$Rr8E`)H!^nz3EAY~^~Z89(5^otgRN;-i$8iHf`PJ>J& z*AYEE5{wedL_nG|8Jj1u=W%|(anifj+~SJ~bwYLOkFS1^ACh^00{ee*x@^w3;BWGu zDRjD{p`4BF=YM$7{$y>9cBXR6l6 zCs$(yy)QuP7G3|tQo{2If^n@tv1`0r*5{{G!(&XC@K+CCzU=VD1LQBlfBq=jwAy`0 zZ4^EEu(GW5_4{4A@kAwgHoU9A8`LOD=!W#zI$1PkjO|am&mpnj?X_1jrecaLp*=J` zt}P(k>CgQ4MSa)b-wT+3+hxcLr6%e|nhpmqM&u9@KGisTG(TA>QBwsQ(_=DzObq36 zgHC>Kpb#Ncy*;ND=(ujgMMJABN#iyTomSB!N2N7*mN%X@)v5 zUC@+x)c2GykH>)%F$I(Tb*$XWIpi zeW^eHwYs0AES`eO7AQ({f%mdy8=Zeumr&xg)w-l&?7QM^(!4%$5^kw%&%~GV6{*En zqr{FVdL^Jr0?Sde)9RHs*DpTAZMY{P8cuf(_1XmPhuUa-k^|Z4MZfaJmc*Lk2|+WqgqtN-SUX zh!ea^c#Q(5FvYb?g;-U9>|vMe@HUOesJ6sW}9~G5G1eVN% z2t=A6sCEThK2RZ3r=F%`l~pzKkS0i46CYLt}>rmao#LxUyv=vMtipi zu(UMpW27LVuLF|}YFYS+-(a7KZeO??QMvhS74?6b%G3{ioZ%5s%q;aaXg7FkJwBr10gah%}z{)rx z;F}-1A|YWEIA(M0N?0*|s{@Um=D61lqDD@Myf(d@Iv_XNCxHP3_(FN;Qtz**s4?zYvaWbX=_T7 zPg~59A{WkJX7|#QM%obSM z&p!nJ&gIVPFA``x**c)8fwPu5zl0Q#w}c>miFs64Yg;qw=GY1B<>-#+TH{kl(%LsZbZev)k|ZWrQB#o z@IrzbGl^Bx0v&t`F~wcKw8{78Bmb0?VYzv-X9Z4@DQotEgE6;{q~-spVgDpCmi`9^ z$gCU2dBraD1G0-eO+A?|>0CdZK19&sLx%-H_s-M@X}CR#98}&u_}G0Ffy2k8dvnqe4#RDp=H_V!x9= zWid)HhA&-tb!Qyo8j-LnCQlOEXtj^gQR|oDBTrCEK##^LON)9qs4obXLnxCic?5+E z@|smRs86Q>Vu}J#@};9NUTqofpC7taLdjJ7GZt{;orbHhmEUTkXia@?8Q)58_~R4G z|B?rhY2E0<)lq0W=DJ1du0b~4&8(|6Rrwm2eYHq!`xcVO{|_p|zy0>ZM}53@SHBGk zl!*VxdXl)!m%3NYuw;!CWON%Y-)KloJ;;V&vdP3D}(gnzR?0gK$i|ioz_uxB` zniYJdoV|u9vlCyJYvH$@u4bd|%=X*u%?2{Fo~`{~fB2TJo>^k#oV`Fa>*s3OeBd&q5Cng#PvQho6YMbbh||S^BA*!Pxf7y{9eE1 zt~er#qNL2DYgj&gMKoxHx0x@8cX~SHNqa61jXya98q|g%TH_gaiWl)Ezv0q*3^}nQ z<-Ck4}YxRH7FC#G9~dkh@^|hw2=DtDQ!8PV=oZ_CeQrp@>PF+h_ckzKC#?8@qM$*rm>3@Kmz}@ zTfK+JoN(d9W8H3h7qO(As2qiw{t*GaLp_AzYZ|Kp;N~xiX1!y)FST|M{;W2E5ghRJ zsC}=s%w=w3@1Oq-PANgyWGSfid`z8CI1t<%>1q^TeKv!p=X8D}?KHtjeXS2jsP4vCHK%TI z2sc46D117G{|6seq+|H5v7R%{i~+OHFO(CT3p(ZPZMc|`2FQ*`uk1u8`=`)sHypBP zdC-!8jmG8~MvA`nO8u1t9f5|a1-asbnn|1#*(8P!mD>kNwa81VQ+Aeyc9F0QTw>~0_I{A7Zom- zn}^!%QKoHntW*HDY|E?%VQqJ2;}-w=r7CrlA(X2@$bD-!^d^xS+9fppd{PYi&z?pn z3aDtRXRa~K7pD+cQ860+EKEqxia1s+W($DW38;+rZCwA&aHRZ6#y--EK?DWyeK%x3 z2NV{VHGLe8{|yMC0qHVw)Fh;Y23xjSHII5)5?s34Fe^&`<}5UZhXl82a#s!E#TR69 z)%*hqyyxa4_ysYm>?!lPd34l&qB3|`)NB?Sgn6+H@t#D$ngwr4@(PH^pD+RYG;uAs ziH11ZuSNo4USB^}(z?`2s~ABU_jq>mP1yn?@lP*mR^oFI4_$f;m!mZ^x?>%#rl{S7 z#>Q)2d6wO!nAyc{icop1ZAUp_DDW|Y;9-%>@wB4(SCNao&LGap69|1nzZS~Z?(^q_ z#@Dhr4dAJ|wIWGbd;0jYtgqysbG&jE$M@1!HLO_$?WdW}dM_oElg32PyOC?}>>13y zi>M}6#oC|%cfTH+TIaqY{-`0w%Vi$70X1|0@xGXZRe3Cqd0V*~Q zr5H!0N)ZX-oHyCSMDO^s<8Q?c5g+{r4P7}~1J{+T-SR+c4fZ4M$})Y_o>w0H{GSr> z^$J{nYCB{PvrEZOeB=66DL3h+t1Xgj?XMV*I9?UYqT>JhoT+5;&ry3w{v(%>`Yn_0 zJ2~xS!@}lO=_4V@a0r{jE$Bm#AVP%+|bMkL}ZpZ4dx*^9~|*Pb(MUAVTr z{k;Rvb-YI#P{8~%iI+?E&9AF0c~W;d5{3^MTck>NE>~mN=U+6P{ZY~>52%FzQqU?{ zW6z4irhS^^p%j!ODeEk19t@edc}eW8;yv;WdZu0c#}_cH{rv8nQDIo?xIhce#5{K* z){Rd&JIsT&!P1f;ThsCbR7M6x%)L-lFL3sTJoF{|AP#0W%BW4q9l^|6C_r8i{P~(f zDl)MPy?395AtLC;L_X?}xBA+bmRmO0_fhc>n&(FA{Cs6$`Xo|yp}!#r>`iy!0>{^E z3V7BW^A`MJq*_cU$!vD#h#lAg%m#_zl#=e?1@r9$pCa0;yeBs<|VUAaj2YMwQP z6114N!>-iE$9&zz+<9hdXWXzpzUijmW9DHSt%-$HS>!))=Vf2mKI=|L+6nfG`YM1w zcnA%LodAzskE2?~e=ua5qRIfc;K~_U1e|ZC8dC!2OI~2QAO&5CiDlB$LHBBF$mp_* z6XzcQfyEJSGD1+BSLQ4c17_3whnW+Ihsm#IOhvC(BHsvBk#Hkk+H3ijBNFEhk_;kuXju)IK{uHBu10I7peqE3r zD~p0(lZvX7j&A7HN*!4Di*lipG0Xvc{-W!K-2UE8ehN$gG!!_fuoUJ*4U&$fKLJql zQ{-l6X0$Jb2LZCFd}K%7E%xP?}RBwz=h zw6ht)^I3^9$D0{mrG}HyjBAr_vq714+G#G!5Tft zGHFI-j$=Z?obeb14yF7?Jvr$$k*N^s0d@#^SzA)YI?wa-gHx=A{ylxP+rMO#=B&o{vK;}&8V zvQ=|Fg4S8l^O&xS4hAv%-lvbWU?=m!_MQ(~*3&god{56>8u{-H?u>!IR>ZjNLNBNt z$v1C=dCka_ji#InW&N9VenFeI8qX_kR0ki%UkS}TO4)$%ULVf_ygc=PR5dNi!-;R% zQ%EDJM!6%;so*yBzfWc8Y@|mlov$X?22YHL9Izarau(^WEW;^lDUF z!Y#tLH9CW_F&%F$Sls5JQ)gX z{okU`H=!gZAOIZ=N{Z5)CjG~3$tm5945)O^&)K@4# z%8Xdna|Gk=8tn0oGi|2_aTkT-5^6IzKGW4IREMAv1pM6V6gM`Q#tTFa-Kem-r@FfD z8X^TifEF=6xa|IB+C-jl9}8!6jdM?fQF?~u=}YzPHnx@I13ylf0kkoU6&&ug(R-?v zjlI&$lGcb?^Zmzy6kcWVF10~zsKpX_6Chiz-?)-tOm3Nbt!6CylLqF54z3p+6U%@s zso#<2Ex5InBxuGKLQOGfO@fg*2?eqR*@lV8vu{f}Wd+t6bq|)XanH)&`EnZ*?nS-^joYi=qp1xmUx>Hgd`ZgeLZ*uH5gH;MK)i)r# zym&P189D#2Wp2i++wz+4dNT{nRSB8+hdq}AP$Vh{vBG@#Usl>?#4nA*i59jVq^jdG z^?b~D7dJ6W*94$>0B-qYcK4p?4bKL)6s z3BVF--PtcZ{=(L1`__V(EpTz+(o3@AM>5*wgF!a)Q2t-m!1rSn2ptUpYh;ngCUG-F zqOv3?4Th(q&uZBmP!c^7I}}pYC!Q>^k$tz#a^IymvfqTr6R30C`pTn29e(Pr8wIGV z-Q?d3;xAI7C37uD%@S&dpWO)-r$3|yI76vy>=qpdx7HHLs2&>rv3G{N`d7tghnV}T z9UX7{)(+vu0wsn6e#!8h!P*M>%N``dmMHO&rtk9r3?aypYfB+O8a-uuEi0%s<9^7p zwMHXP8oj*ao=-7|KwJ%=WE-yfIa?TJXWAKvxoSeMm3(055+Cv zdei=XZE7#aOTU72X*TfYMebE7L`zz)iI$3 zw$n1E-<)23F=@!!2!;Q8dUbQ@5a1m)GSD{RrW6>qYRF#SIMMx@t1Q=0x-RoC56Z{y z%*2pMe>yY3bE8l^GDhkd%yYhMKJQh+YUogz8_2cCoE6Jgkab+bqxPkV`yj9J?u~Vr zjh^3k>s$;m$cVOc{)_N9hFkggnA+z=MpOCJE$IXVK3K>A7GsB^sgmf~HfGyql{(tN z26|Bal!M`ZOdH9l2zqoLp{(MFK~jnjwqd$3oDZ(MMETeBz&$W#Mf?PjG0?u~Ic5K1 zR?f%WO~)jGQC-RNb|Br7OviJb-W)7tGUXa(Jr2(bDh$s4aDyaz(%T|x@UjI9}TM2gzD1=hRk zl;{z<9(H;xCEH8=Pa6BeojVZ9yvZoSjk_o8ci}Bv$K~J<$o%?`*78dA0<4D7vN)eUmwsn-rV_0Y6*W#NC>j6%I4O*z-vBmPllCG3 ztQ?PEp6b>B#ILKn&nWC^KvZsJdt?Y6ypOsx8!Ff5WE-3Xhru8y+wfBs%X_s;v$&<` zyfePNoTa!`PalPw>Mm)b&EN*&c(>x<%>hLT2!zJDnwkU#+}^`kH2}{xZ)`6VTA0YU z^=@p?WRqH+sms_ct5J*Qi@f8*pFH(6f*q}`JcmzvDDf^IrN3P{-{?t%h(MsF=lkKG zU${lsL%7@cwacRAkD4*mVEd39;vokQtkzc@pi-*6DlI|C;VfdEN)!yur9G!)h8xe1 zd^uer<2x&%JB#hpXHd60l%m5}3sqTmz{;MZRB6L$ja77Zx)^rE!QTuS1F3w#I3A{+zG<{$ty%x-DsbsO^Rd98yXu4XyuFVu zpLUCSA9TLbm8}hg@-vmu{vFF(806I-A~PoG=V@L^3nM< zMUqd7Q{3(r4pO$L>NkG^ z>+2Mnu{5+|N}D$dqZlycHiBHHp?h&G+|^jOXOejm3}Un5PW8F$FNg z754s2=b2i>;zY8x%vE)j*n)|Z7c{|}y@FL~?mL#rs(tMaVpJ@Jhzt4XYCJEO8 zc2&uiApf*qg<7iCu6xpe(6Teo{S5?ofSWrU$ASi~kVJGnUOV<@^Q3Lc$uW;tb?dmL z1ltfdGWFj?RTI3TV0-?lZV(X989%Lv{Kj{viG5w5NnWzm#Jsxp+;CKgedm4EuGA_C zcctmxG4Ae+{%5AvGML^~2G)s}Ybo~CY8m9{s%!(rbY;$JQU=4ErR9UPX*VlnH^{wrM%&H&a=k_vIA+hYLq0|>j+Qv zt1re5rzzzA@5M}hnb0M~nY1-|jO^uUNuo80VLy*XCS6O4-O0?V`)vd`!^bA+k>BzC zmmL^bcTZB~J5O_*vmuB>mMc{>?|sWjxls)5gi~Sz25&g*OIg;9#=)uZ81VPHzQXG< zrrVM-#mme`b9OO5BNsxtsBGP51B4&Do=5&phwAb;=|)=(bkZHuHc!*-Z)W zSkGf%S@STjkw@%c5OPu`SiZJVMq<-vT=sgbD44n*GEdHK%yixbW5* zl{D{OU*`ap)1p~Eofi6+BzSE%_^%Xbw4L5OCaT#W0Fet9Z{j)XDx_Lag9uP{@%d%@ zYpTl7pVgqTS(B&0P@^C)@*!j3b~A3wJ;d%B4h8aacR+-F$?z_uVtQM?g%=-;UibqJbaj4s~1Hm=h0v&5O5I%as!sKIs(+(^5a%9tKw?P@+&~&ugl>z+JaM zVovhiur9eM+3s^BF6_jb*?+6Jcw-boJT&0|!L2Y5la^^i8HTW=p7?5#*BxUqte3Dn zS%alrx>Sl%R?_>`3nA8u`h$h)x1g)a6zK~qj6k8IdQ;4I}!9~T9D&HDJc1y$f_UJDyV8bgHwFcFaFZm<6^kUyH8<6zHn2m&aw|T z+PAj=Xw38>z>N&u`dJwqXG-}qfoKA2Pv2~$7!TiIW`P6+r;`iUV1y|>q`0wQx(Qsz z<(40=NG;|6Z*W-uJ2?DC+quw9K)6ZaF*lx}=-L^yc55N>k0C2m4>j^oFG!qi|8BsP1`K+?MR9a$ z)+V=`uud#x&#f6Ru9g2&!syn>s*{KufCE4}GjVA<_M>%YX; z!$0E7I>{2hrC^q*!g;><**=}pU5is_zp>lRsXE%rWmbBGOsbb9edMrrT^;>z2yK_- zIT}7EdvLpb%Fb1Y1!1dk=uoTu?F?@IM+#ykQ)R;f#2$os!541Yi1Tvr4=sl*O|_vm z2$IX63MS@o&CKx86A)E3Ax;sxv_*J2k0k(C{#vZB`l|`wfMH*{(5m-bDnT9$B}wF# zSa6effNx`%e5){KpWd*(D9cc>2p#0uU-Rw*grJs#nX^R$5S-OvILDs)hTlS#Cbb!j z)7+jt1RS&sF`{SK>Fl-b32>lFmceMqLZXbDqAIGvGmq`fb%L*no7}rz-a!m?Fce|{#o9HU`7m3`kFfJ2gKGyhEOsK|C5=Xn)&?CtiC6diY)u7 z7}>;yQ~hYa9%3;0e*DtlfuV+g1Wd>A%;2roca$S?Y}!oPMNB_XC4_U*T0<#!&MgwF>2j zG93&SakESb#>H@QQ+=1+h{Jfk^4*8{6TEny^213?{`fL{wa0Ti)uZvX|t^RWMesQ+fxVN3ARQRfp*!gQDpHv>8icQ=YuJhIYfn z;|j`8c`-re!zw@`b$r}*i3GXsT4Uw57g#&Eou;|IS7PB^)&(M>aMVYqs27f)7~A`2 zg$PPZ0R)3%MM=paEG!8l*Rn!pb+mG(pd}>6pmu5~X;)0^f~u%QJH)%i)++Le1XQ_I z+E^(f=)jw0w(eZHnNmE~R`%=E-YXVq8>?~XvzA{})I!XVM08x3z8E?vQqHd`2WOt^ z76iUt1kW{+hlcSRs6*)*ujIF9MORB-$7M~HAwr{%FwbJ63wLA{qEDGrnIVb%J_Rh z!DtuREK^=3031|U$T_GVwk?x{DyP8FjuoOU!-Bx^cSw8y1R2QR?%KdtPM(C9S?mi|)+Fk9k1!{nTu9o^{d8Mj^3~ z52UnHu&u86e%6yf%6%1@Uy9SRZ)97K_sryC%Pt;0IMIeb38%-`~VXsxVg#K$BHE z%F3Tag8W}Zy#se$fwnfhW7|&S#%Y`#+h}Yzwynmt(U?27Z8vP3G&^=@G~nf)T)+a2 z4yiM74fBV-jBc1-t(86u0GA;b&VoUi0#S&osHpt%naI4WG#5-^k+sNMel?s^);xAZ zS1lV`d^HVW`PxSb_J7IhUwmnnFrt5`LKbWHTx8#$+Gz%0z)#)5@O5B$mY@_=tv_`+ z?C?*I+vB>>|D>kX4R9?cb~SwS>_J`q6Xut{Rl--CS^K_nq^Ba>D=%***wE}gevBv( zB<)XI4BWF8C8=wWt?Q4d)320mXwGgrOw*I|8;om%06yvCrafAv66O4Mk(*#G@FxZE z!n@FBgx}C|j48*)b2M9EgWtsYOWmA{Nfpp$ZmONNZ6F42^m`nTOBh*tfF7}ctZ>G9b&AdlMh~K(*N16 zS`GhiEwADbzQYsfaY5Bkr1?GwjLu#OtYakAFCb+jDYF(Y1d z`3u)Qcht+=w^bD!O^K8_#Ne>FVEN#mKEIt>*wJ&~;8<$Le}X!MXApg%@53z=_c4T- z-9xNLj9mM*UejZf=#4ISX2AH7<-rBQ@DxBX4t@zk zoI^qR@5Ho1qf{9lDf-s{={M0z#XnJ#)m~eDN4x-);n) zs2nAi9{6V*uHEEMiA(G`YNM>AiZAS|?m+DC9(wTabHzhDoERflXh(C$l5bBGi0yO` zvTBRF6IPL9zpo>sNS|SiV9a~T?a$5)51%}mHWOsFzpko!Bk=X}^bNBl&Mn`5Nha%s zb&J~fWt}(X?15e^sUcY>XEAQ%2sNYe=8w&^1RqI`{!K6Z zsq2d-l01AyRT>u%05SPIkF5|L%Y`Uc{64wjBpDmuJysf-Vk1zTsb|u|i6KbMHm-Q+ zjeqpyrdk4o+kv#*WVQ+Mu`n$nD6T!)@xmsP-Wn$gLCn=ib*@q= zct{#^8go5_1mSu?4mnK6@r7jk5 zS=77eA$ZPi9z|qC2+qI$_!Dnr!QY{ShEcLc0{F*OGV_V93qAf9T^Aa80r_Vj<ww5g z4t+2G@59ip(h2=^`b~7UmN4=IW#MzrkC*=953z~gLw5nx^~MeqtYOgyrIacZ6?Hra z#M){?pQbasjF|X#Id+m5S=x0HyOIfTCAR9Hn&HQ@_B3$HZ$WT|kpZpsoO1oHJg8^Z zgc~Jg!X>idq^`k{`_K5=G38l4P`hM3lP)3GN%Uoq2#M*PxxXKGsyQk?;AfWxEywP8U8!)WA$b zxNgHz2hskX3150;J>pxdu8&Xi0Zf~ULt`a(ys8RP>g1b+hEZZ= zp+00D5&|*gtivdoL!2aCW#PbvMBl*pJSn+Xo7G%;np%qp5>i)E@1JALqXi>4USU)m zTQLdz=_0LT$vO@`R7Gogv5y1jUtw(-{Z#=F1g{`voc^-vb$=4|vF9%QhvdL;J)~*9 zTTRVTvs@ufv#qYU7^{o zo1ME>E?^?=W~m-d;#f3Pz-McJL$!JYZ?XMe9a)F7jn~Qu|MGC{csSr&(#zz=?S#Oz ztbw>pjbo_LtcumJSZR5&UszPq1pXAEa~%S(7U_qHdNocZ_I|5!%Ut)KWhG*Ilka zpG^eL<6jjo5bm7qZp>$pVAJWm)T1VvcVLA*c?fEx{o^Em%`dt1GrTntd38hGkF`49 zb+}U@M|%mj-_eJl_>_q$FOapKb&$e5!D2`=#OO>C9pD(%E+@_@aHF<1Y8cIjXAea` zr$}Pic!#dxG=cR}ga=$$YH`+-NVQK)ZhG&gF8FmSx^CjrmL72XUlYwc?`>{S!&>l< zEC~%xx=D#0j;agFp|}S1FUmDWEznq$TYA`dQsS4!c1etM<==mu5#}ld;dA-_tPdb_ zA%5DLlq8x|&~V($+#7`w2a_M&_%@7DNih?9Zx@neu2mTbh0j7%xDW!A&<{a{APcW*W)WX{zZeQsCz+- z2YTc#O9!96a(T|Z$i?6mY501y#oSGZF zLeu(gYxc(2Sq8Mc{KdsknC9JV16$7V3$wF4OZ{-?eWPOntM%q5e{OC4br*6w-Ja%L z3^qm4BYLUwt{bRhzVMOSAt}vw)U_=dOlGDZztqisOczDO0pXhzHL1OZ7~hdZJcpBm zC)wxe5N+^dblVvz;_5%gT(8G}v33#`KMS}HeaFXil2%H9JB+!>BRPv{nM(X^kw|Z4o^c=N`j%U}}6WXZ23Y zp9@>bm+`8^p$$bFMWuZI6(%39#3Hu(2I&1+8f?^%_s}=UO)fRNb4CyNX!uu!whWCAkQ?(Xsqrw`c~7u zKir&?7I1ms2E*x&@N@f^s+`nsU*(Qquc3RU@3j`l+$h)QclJ}EGmrZ^>O5Fy%=_Y) zMs&QdJ5`h7ee%KZhSb~o8#^VBtQJWanZ>@&!BaEv6=mCD}G2ZEoFQhM$G1u`jc2v5aCHLA3IQ_)gdXrf>*3dJb= zh5?TsRGbsYK0o9Zw-VA?rws54;Hbgl`PMsI`JBI2G4yY!zB`{IHi$CLGrd+|Xv4ov z%!EiDX$VYD@DXuJ%)O#lysv`5QwG4t)A}7VC{83YzC9K^r`Ib^WM;JAu=WrX6uQInqyAuM_exxt zRySB-y{8WWm4uO{ZcDlSwyoIVGeXs~%zIQ)1EyW|+$@Ml8Z|AZHJt>w$6K(bP2gs$ z4n>cBxYQiaPfNDuWgkJrZkrDkW_Y$H7}j{w!z z#z7%udD$ODz9o4*GM!y%p}Y(JZh-LY=wP&h+F3c!YUVY4f13$>h^|Fu^raTUdd$mD zL-Mu|t`PjFz>xW(6z#~%&S``Z_A%^v8kF!GZueL|o`ZjkXJ6)#ciI0UsJ43$7&{ce zjRi5nXPW}s>dw8F8 zDeteG(&<$B3D^kq_+zYFS@t^TvALtF@I}ehSAxHP$Yk|G>&_&i$tE+$q-21!4GXo% zv$k5S>;xQ?hx#eMyZr9~_tMi-3zh(~4Z(3TGDHpm zpTiFM-?la_tZ%yX{Wco&ZrMGSk zv~247WTSFXu{;wlJ>CUz1!s`X_Shj-R?(sG0*eo1@6Wu_DUyPddnyol7|Lf&O+) zG-jB^+7Ifc<7JX#)nDg-Kk8?p!jX_nnhpNh(vm^fS9ho(D-VVexNJBDzszYo@1-iW z?|YN-!tM8vxPqF~VRuG&J?A7j>-{@*lwxy!q8GzLB4N1afWJ4s;v)<&1U=dKYLZk< zc%Pr3jrg8Idvg;j3x4A!ZyRS(mCsogUo3P8nYH_c(3H&5#k=OmR7aR_?*qYEUgrUo zJ(c2t*(TTw`B6k>UVHlE%z}hLRnadR-UxLM{9}kqzBvx1<-XdfRC|AgZiR~-SV?li z_(p61DY8ftMyPmzS2^~;6JVH2=JB8`X=SyC5f-)tt#%z%5vXx4t(r_d$BNL*0yS@p z4>qO7p1E%_U%b);hJ7MY0gM0Lk5>NadmmfQ6NoZTiVuAFOWd_LI97_Vsm83P3a^>4 z_Ue)}Pnvssge2_WSp`z-qII?Z;%OEo%THg$YDB;oMLKCpKe=ZU^GM!o(!>bvAsefD$P6FdFUmCSM(wPGLTI{QooH5Xrpj?`oVuHz5s+21yV z1N)>06;OgECVOWa5vQ=Rp1r+%lCjuW^wdWcc&ad^`GZu{d1WxjL9nvch_3s37IB=; z2gJ!Iea}{9J$s{O;9J@|^+Z$u@TyJ7sJ0vG@P?mNP!n7z(Wzti22qr>X=ibT`8N>k zMj-9{`Zn|Wll(wB`LTT{@=z!uuJUKClaPeM&hP7pfFo)?2`ZFT^y>@p(ve7TI`fMz z4a8#uFjitf(ic}b6+GdeOR+NWj%nQi#fL6{^$+02hDwP5y~@^)&YO?9)%Q&B4_LdO z$0`i%m!`y#7kq!cz$cQyL5q=M;7v^zvh5r!kOd#Tz*Jc&4%cu&kSw)1LZ?mjSFcLt5t!vkaO#Gg1i#E)A;;i z{tGnKCc#Q0!bfnGoD8^B2qMo&(So+u<#EaJnu~4@55(cP0y@g;Ke}x%`0Eg}A9|5U z`=Oc~C5aYtY7*b9UI!Z+8Ti(RZo3nXPkLq!Htf9EbZA*E;7MJJBuJ~siO6;%6>^) z$;~1n&k%2U()<~~$kr?raA(&It%>}|;26sh_Pw?!>w$@%NVWON-B4{RS^t>aPQ%pj zbqNZRcE*BJ^Lwv&3Qu-WJM?{8Gp~4HJzN;$g9?YMxL|>p+FbD092sE#)2I}qEiH=Y zVw>b^d6F!X&f@%5IMk5LyxRI);>5D;0b0S1#{|n%B%%DkvOdW|qO{9!Y(3vSRryd` zpU0Y2351&sW33BRSG>%Bo01EB4n=c5sTK7e7nVnO^}Zs!C{+GPhT|9s=JmufO98&c6+={HJ2iF zV+&>bgu@kob%U1pzU6W1bnSs5-)wfQ>cN||#}KkKBXGYRM9|p(a%X6p zvg3_61r&Jy*m{bg_O{D~n9RX}$c9g-=TJYuKUF-Vd5t@Cy=C5yz!#4aZm-adtaVz* zVv>sq<0}&&I4uNT{=&j5eKX2G`5hIIHbaUL-IWvmcW2mDqIL;JMnwKcUSoEXoksuK ze}tO<{_9{UhN5x_TlFp<7@*_LhDl7WsZMZ=pa~pdN^Ggw6nj+iI@n2)Y0(0mphfj#d$rW~ot;vVi9{N#y3*#JZ% zV=AOBas#y^?-@AW{*#?b?oMN3;k3kvBpe;tHTYF&vK0QsoSeRiPo57HWq|TJ-lt&Q zW_DjgG*W<7PKGm@bU(BK{IqN)+?R}ssq4juHn{i3*b{Ow(9u{kM^ ziXEwTCY8IkrOB7;jTS#r6Nn+tz}nf61K1lo4k${k6?*kWmnI(cKhQtbUU14kw4FU= zZ^^BvE81XAHr!(VUIB-+yy$Nl{<)E~(JW{IlJ2aAemUzm@Q<9e5-P58+l=`q-x2IZ}ane>B%cA?Ly!9AOe8KBEK`mvBf0ZDJ`{J}qqMt51Y{h9Go0nX}E*a(EbLq04 z!hm6IrIj*kLDRaxODKmgBky&)TifksENR}#UP1o%xXrl>{$?eqhQu9vHTr*;mF53sR+I)kdWAMwE2QdjI%K5)m<5*CYiAMkT6@s2{2OSV=Wf zU$*=)nH=wO{*q9*cgRTeeg8Jg0k}`i9ReA0`hsaR9W=oBG|zP}&4v2;qg#{>$~Xnd z6#Q;d=ZC8{BQ99>4t9L+#N#k3tzEdipdQ(YAz?^}L`$e@RKf7QDmKJP*1|0Y&HWo` z^*;Inprm;DVwIY8&A&{rt8r)b#d(;U1%pn$0UdzIgbED@jp(UrtIy6Z;g8 ztd9UI4n*xA{Za{Nu&E@(??Bb?`5N;!{QlmAsh+0Loy5__U)Acb+4s8OKWQ80a;A%OnT#TNA&9FQ6Op;TrDg2S8A)#kSJG>B}TLc>f_Tj2^JcGHp4l zXpZwNG$I5iU6|qj4qhQ>p^@pBm)X@9GkPs4-Nzd&Ms={md7xdfHy34<_sr&saH{FZY2n)Sb zc)H+!xz0LKqIsTqL$EWHIHSh|tMJpmP2^QKx?IKxP?n=cZbf1Yyz<*pbr|+*hbZt1 zuV+g(+q(%osq7A1eZ``ja z&iJbJ5;f$2@YvW;qT~t~x^DXHll~K!i&d=+;~l=rQ!kKF1fV$~e7ztHekEQ#wiAPs z5`e}e3_x9N?3x7}kC$E>NQ02}`^q(u~ccfvA6#qbK zrU2`?k%5VZ=d1%G-c`_yxCO|~w0Iv^8$vt`QQ0NY)Ig@yi&C=~Gx({vMlJz{Yzq=- znXJ@RPi@FQdrpQ@1BViV|1eX!&qua7tNS!1*<7N=_X}&E_&CMFR$sp)pc>o{y0%C& zVPlaWd<|lo*+(_*^@4>Icq>H?tZP~s_-A$HPYM70*Codv=KenXNq2dT8L)pwY&5#n zKgY28&*376yK^ZcC*~!$vE+NiKdkHb8Ex!go22jV;o*AjT5|cTl^l6Vf->me3puE= zJJd{3($W@gF17NJ@zLzX^-G`_mS!eX)swgy2v-9Fskg@O@SKtfYLi z`rk~1{HRO+k9&n8T}pN^db7fugQwYZ;8MYi{+0OcX2^Mz)#5MrZx+le4s~?Zvm8hf z6h6cmrzU?=IgLZYI6;dfwA@I))23M0Qq8o({y^F?>>VZwyN{^b^7(3rLbL58&5to& z<~H$bprSi3=b`d<(bFe0tgMx3NE&KRocdj;H=bO-7f!l!+*H979A#$_k~2ikL)v`o zdCGSpqlQ{O3^XHC5RG#bMLJ)$@Ms+j%bSv%NhuWQNTot}1UXjmg9Lvo>Gl*h-3FBK+JgnBo@YZ_9D5U75^mhZd zoukUmp0cW1so)`5|CIH8b#PS6rNLEaHOa5!e}q=TGUk*V<<;%>;&;<{b_793c)Rj- ztzxak7%aad%PuAhXjGfN6VgpXc11AL-Dm=rUFP|?{YfkgR0rmDSnMne$C#NixK1l$ z%8ulbnqUkVlk`(GeKm!{4X%QKPbAJMkL#Ux8bBk=u`>3Wk!>78#4S%!l17Xg62dRa zmpMSWhK+*!tQnf>+*9}&m&I0A$AtOB4e^|LtlpiCY}?EFh_E&N*}@m9hD7Yu;PmTv zxha-_Q98Qh?Mub#fDz4{5QA?tVmp)x7z~r3flpLi==^^cus5u$&CC2%bPon13?3aI z1t)M;f8OvK`UYKo&e`ycrF`>2q(8AH!v2GU6P^~r8v5`Sj;P_rNCRl_n=c1uV;NtA zXR>I!LK#ULRuC~EY`3Lhf9YXnh_f-Ow|sH{l3AdxgPzKP^qcYw+uBBlcB?SQiV8Uw z#5^%EE<_UWy15ZO+Ku=PZ#ok9YgY$s4deart9vSESJ$kz@ei@gvbOtNzgz$$bm#gl zCfHocjCgW`Tj5Jfbt1R$lZoJ;ejM^9#5q zHZGYAMlASc+o-+yb9J^Vm_yvZVO@5}9E>ziFVAGS>XNq`v#&pIfe$!tztlIh+)`W7 zb_^P&wCdh~!ZYIR7!L!q7mt{*wHMi#?P-i`@o~SEP_hZ34#?FGmF2kV{&O46Tb@t} zzEI#N$J~y?7QV1j%eA>E_(n9|400U^i@jKgvr?d?u@2UCS#{a#2s2Ba8G|HixSVj} z+g5_g&hR_y*}c5z%63Ds<~V|cEy=9=(~nGh4}}AiFtVxea>6jx-zNCWh{(px%O+Q? z+3NqU2u9wnORg|f;@Xr3iXde@(J!1m8YmerOyY(Tb4*wl~6DfPtC%XM)_6*zqNA>g}?)%Vr)1We}MmP7D zI2fC8T{*@BDYJe#?rFPsf7$e7hQ5=_ ztUvyq4>2_Syr+#fISIhhX!NBAba7_;%6~}zvp>*;bg$Cc?R8(yoq(sG6xl7TX+ROl zuc379x}OaJIunlJhg~{+Thd2&V2PBQJ^MBs61noOd=LF^P#n6_{xGI>dI#rn`{{hX zmP}^_B!FT7VWY_ z?d^@>`|}nRM<_J}AngC+gkl$GHIi>yw0EKaJ?5x=>$j3iJY1lwq0Gx8rpbm5dpY|N zr+83&9P*A`W6xu5gq?wp&>>aCYb=%#uHnhDA2OmGJa~}b=HMyZH-@u24R1sCx#`!M z=txdBp{d?}%RQ#6=EKmRK(11&4Lt8}tU6y}QMT9+bSEf2& z5HJz2bitM>{E0FNe_uC>ktQtdRO*J$0HYDFx-Br)0a@Y2GNJ?2@Ks(5)iWt2aT`hB2KmxwgBe-FZI4Kboyuxp-$>}&O}HR9TT zhj5+hM&0kC>E($Ka72Cio%5fiJoNvT^3OnyNE1+j+( zEUE0;3j$r1GW4+hfqzCf0rS&-2M|QoXrALx?xbPK@JvPO*FOhb5;P$wwi1Be_c)b0FHANY}?$_+e$3yi&Ri2(T-}md1M;|GuP7BKG?vO&sfiJz;dC$ zNsuL$G*zX`O7j5T8&1Um%31poIq_}hz;hMi2;p9qH)&B+CgS66&{}j+oi82(O71K0 zOOpQItu7K<6STXvYo_v@n7zhPH(j5iTOYg_=a1a(r%X;m&mW5M5NNaES9waveP3U@ zAaceZw919Bmz4f)R8g@iCXls%7I_|A%lB(lY+Q_z{~<|aq^mW`TVZ(w?-SV$LV|ML z6`{Q-uPGipn(Tcr6F77_qa`V*Z`B*Sl`EiI`NXD9EOhMZOIJ)1s~u)u2d|~T?VhwE zJ*ek6PjAOP{P_X;v`IX83?S&?f~?Xom;rZ#+1k>3D>O(IX8vqEI7$CM+PkxjxHAVc zgtO{VPEn?lu;juBM*~4*cy6v|@KxTovj}_W!*2%s>E}!6{Ef?+{Sfp|5n(-gzrUp6 zIGAm6M+h_2E0!4MJh9`}F!9_^Hal#H!>xk?yDuK+B13^0v2hhyjb!-sf~&>qR=Z4X zWeWG76UO0xC(LI?#{1i){O*=ZLt%JJPP6ofN9TkmlK0O`ML1X3Yv4u`k#%txg)l@~o8%mBc71mavH0hH;6~6YR z&kqKH7r0P+JZ^?)o;5tvJTJch#~i(SOQE~M1`Z+)^inWRHrL>@qEcW(1!fDRaGfz! z?8J;@yX3^oi=`b3dtG3@@;XLF(tQlF(cW*S$QE?l=TF&3+B&q(sqpviu}h9sy%G6F zn&EF{25tz;vc?3NpTOUG-8`+^bpJ7#I#}F>ta6-@t-+z44_UP=MQlHZiwgISNn7<-_6i*!P_MQQyh3L z$ieS9nd;ocj;?=r1aaE z>IgI_qLQ`dJHnO`iFq+s#tv{k_!hI zxRq1%a^9ldJ%v z0K5(UG7+&!t0!c5DSl>REkqC*^9<#l?Zwd&-2A^m^jTK$^jzAvR^{l6`LtBi37}dO zc$dY79mBRA_D8bE@m;gB3g)g50u8b~of>_qn z#Y!~T@3&vd)~97*<;=(b4Bxz!@+|;V?r%eH4$JB1q3rr44-Mu6wC_-DHy8^!t6Go? zS<#TB$DYHz*{3v`CaRf@ZvW8X+Zl zVe>i4*&(ju(9Y&BIi@-=r*8em%U5f8?v+E%o*L&f%=;3cpR>N*tiPir#KIJ84jK5P zY$g_k*hjQ1CKh*>Cp^mU{2+l__L>+6FsrFzd%#G7Z!^jJvp5d>0xYbg>c5i<=YE95 zHAIRR6E`N>28*SdqsXg`p$EZtrWP)@u@1u!dT<1EZO?Cx8q{L~_33ehP_ns%ZdAM4 zj zaWzyt>OC8@j1EI`33QmC(&%n=CM%tfVBklsdzz_v6PSOqk9qmL-g~eAi%336^@@-I zXt7-yZVrvMw4wFdo*J&vTfcuOUNhk3%mq)4i22^gfinRkZ|0Fl^oxwX-bLn^2W^r8XSWo|ufr6LW6}p*mWQ8;gV= zk)y_H62wMRU`uGSmlj_ZOe6Z~~6n6nQRfimLgU0{J6?LoVcT`-> zA71upvUFi$gIl$FpR2~!S7({f= z;wKMvXi1@NHI@ZgZUAZ40zJWE7o)BFrHT*~tn}R?@L0iTCC)z9Kf+g+gQO!mQ0&hL z?9o4W(heQEvpEwk7+j@0|8RJg#2Rkat<&tt9<=_u^gKM+ZsEJ=Ln=Npne{~eOkuAw z=M1;-=)?qrSB?FSO{0@kUvoY5XTsWMn1lT#l1<)3dUJ`uV2Tk0yd++;m`%8v|QHnQC{ziIra>NS*&g)jm40AwH^$K1xskdVu)Vnn$d@F~L$|1XPs zy5G4?dUUUn;N!xs_5oU-FgMl;Bs- zxT5pTg4ZgXm>p)e)c}`5ki3XQNd%xr^#TWUf4EiSS1Gb}CqiGihHgS;@uXM~7=lxz zje)#w{^{pCY|i9|UiF>W2OosB9S|TCUf~|Pol~`P>uhZSe!n14#J15E zK2lN!I9}wTq}?kGdjw;h=`FQ4%^l@#8VoMiOLO!A0wMV-kfDFBhsdX&8yUEz=^3T1 zfZ~bUd?~q9Z<6e`Tds)#4M$T6#8+abqCy^~g)DpQDhrQ=w*B?IB0R4eG=fJcqyL84 zned4dlD=LcXvmI_A6{*c(EYPVhp)fAo-&leEdEO0Y}4&zCBVK^m94q`@6B%c zJy%O?ne-0?gVq#Ff~H`HzeYhe?&jd>kBGz9*Br4YF||c&t*;EG`DhZ^Xf}TIy-d-u z7r|N{CPSOsAbu=|YN6u?Z8j=ovi1s***l&>9*s+Lx?Da5V@|L5mFOaOZp@8E;L?u%~?hAKDODM4PXpQlC);qsb%d5A7jBQsj~7_6ZNoaMag~po~?Z+ zi~s}_=2+wvTB^D%Tf|Y5?3}61nI2xRZVAT_q8It7TU23LoXV%@d!7^n zk0Q&*@Gm)iF=+j^m>U!4faw{x5>F~>^lNJ2PHS`l)vlrNvNO-bo#RtqL%|Akey54Q zJ;Cl`GnpGM3K7Ukfs{2ml;BIE(_hI<%C#gh8i3|>S)6a>AhVm8S}+nY0-K3|$mp|; z%{h0BoPR;Nfv>nS3kw+NyQH~;0<5<|>RLWIAy7Hz+3nNNeTj^|--42AtUnpmIpyJF z`mNn@Mw=(m(+#$o;j@<59eCjTORb%G9Fa=`>-v^yiBb$3A_fyy*twK?7eBCIF7{T-@k+{~lZ7cxdd^fYF6pM}AmX&AB&iF7O? zAbYO!sv|PJ?RR~@Cg$~dEo$eo)%lqDZhEjIja0Wlx!bnEK#PrTml2MLMRG~(J_=(o z4cel(CL?gu6^=AX@r#_Uavp8sOdyy=(ITu-QB{_p4C!ai-cL4E=eG|m`m+4fcK?U} zRRNUkc5ZvXF4}08nn46Cqz%H*(mPw%47NOzyibRX)C_2*Mt>vU%kHYya62v|7_Bow zV_V&8i6+|HT!Zp|7F?cv1!**FT695mF=5Scaei9OU}F0c8Addftrhy%U)#-`T`9G$ z2V4q1`dbzmP`rBU@FJvPoCd`O=7M6J-PIPJf^C#6O3d zTNprBYmHmsJr=zw5kbHB|o@YVX$ zhqa7Ytv=hYQYu)bxCM<3;Cz>HFI@BUqg_Vp5cBrv9`9D2_ngm?SN%m8VK5r&s+q?L zYf#pXG{Q^K4Du`VyLkG(#JuNO!OIrP+~i_)T6fWkiEe@L@*kO7^nYb;-JnY)nslL6 z-_G84HOF7@_~n&Cwbs80cPaz76+=_U;b=d;)>V%~%%vKUJDKr zK@kk2modRXU06dBkn#qOT3bRI5`kP~B1jzGAgFY72dVpZ%2 z;&9^-tqiXzE=qq_Z5&&o3~8n#tL>l~L`8Mh7K<8y?e5XCEu$C z1OMrrw+XXN8uZQLDXRA**SfzR%H_XJXr5+Rp_F_qFXcr6W+qV`b&N-SkMB9I`xWIs zkVLMj0^OVgMZF9-^@0y;DX-a#-tZ2YLq7$#a2YH*)lP50VzVVt-%5)a?jJJllV@Dy zKm>wAXb6`xC>`_xEH7WNR(P=H>~46OeQGKg`(dfm8loNfcqI3vPn!U3%jqYW3miN# z_^TP=B*`JH!R*=GD1o((-hYi16y!4<1p_PBKB@OY~ANWJS3t8r@rHS8ai(5L(I z|8Phu--nkn?&-2^sol`7YAT=TO^9C&2a9Eh5A&<6Pj++iPR%Gu3g4YNE*u*#cz$aH zhN2XSNEBFF%(ycY?*tCx?UV_Qx`|cBw!vYWe};^)5`32UsMkA)EHIS!=FBVhmfePa zt@SMdTmkSxM5+glQwOu40y{9~AFd61q1WS)>9{R(I5I@Qz5AQ)_A%_I!opOhJP_Qj zv@t&LgyEdXj?KS*eDG(JkNWJc{y?fWX1`8`s6#5NZ4rY_U4&kCJflJ>V61Fw9J05N z1@sHBY+IEnEfM&-FGKsBMq4xWC_jHYB(>1}?FER^kWw7pt&FIU9B35JSAUhaz&??I zb)WHh;Ag*!yWs0-73c4^R=(#nsRWEG%5`~Mcp!Km6_fu7!Z-y{motl^wxr4*H5O3p zu8|&@b#71^x*GB%<+lF|WFe7OL{O6m7|x;kopSUb=eQG(n!w!0gBeMPdZ@U-wY6&w z(ztTs_<>oVIu7f1A=}9vkJXu_hC{}B2Ca)Z*47b1cljQJIi88qK{pM$w!9dFVjshbf{ z1AYKqU9o4vw+)uIsA5NlcuRq=eCNm;8I%lT!sv$C&#H>VSb0je@g#}*@W$@nZci+- z5vZzXmCo{!eiTk(jfVy-^Xvcr8FU}&z7IYg^O_7sjxH{3Si4usX-9#pco@P34q*r3w01Z zpe-B@8?FMt=d2lqUL}XcF5CeP?6wA`%G2a7HC&E61Z0apt7*noghON>{w-3hSCE!SN1vsGF?WSh5ck?>la!--zTzBKUR%}%J@If z#$d{;BSWhBUq;A+FIb)_vz&DLj_UflK|l73FbSi!%+&J9JXS8*)SD;l5lpu-_iq`q zz_@D?VvL#5r#sLDtn|OUet8sLgRRXc1$I6+2Wae=0*_y(`#93;yf1~;X}U8MwX^jS z4jH^;XS9zzN0x2-R}C%m1a+E6eH4|^bEW>FZp=EwAC(mN5pKoRJJt(T{naia&x~p7 zM54*T<9LNll?#Lj`Up2}tzmfy@|9>W@X#qTm8!Q*Fb&ZvImWpl=4P&@gt+4Fdt*L1 zV{g6t+{1zBuj9fL7))D5-xKPII*$~?1!G6i@huu{q_?`r_Jhc;DeYD`9vWChJQ|V~ z9{2?RAhr}1&P!Tv)$9@BTgaNa<NH;*l&RRHHxo0TmMNz`F|0I z*{*@U3wyFas1*6MYI4dOFGq%C6diUOl~XfLmo}X8isfl9=O@TYsH+theukWyPDKuf zK-hWF12irvE0U=2%7xSo1g<(`bV}uUXowJiXb2UbrHxrMT_SAk5D$~xuncd21ip<^ zLF~lw5&EL(T%(v=1i54~#6Qv`o80<~^wQwe(n=G&o#!^O#Rr2!5~n!_XbP<9D3Ser z$V^+PAz-E_lP#G#b?^`LfM3w6ffw!WB!YV&VJcSDL0PP_2dyFsIQD7vW+=bY;H{x& ze>@^{Mce9J!S`1^tZ@coS$OER2c3ty=34Vn$?)y#Qai`|pK(r6l#Lx_*sbwr(4SF1 z!x}uN8#>v^bL@6`OhK``eGs!p1hQkjiH?*ZSN}4PzZc#L!&(UjCPX*wL>4aErvj66?b_O5+1=q%nE7AmOr+Ba- zXmzqD`Ef=rcUL23u4HzYiyV0$x#^xTr(i=Cma*qu1^(OnjT`0a)LzdV*+6Hqto_9W z050?B=>U&F&D~p3@R;I}B!B;8tDxI#bW=;{xu$ckrh&C6Ie)AYzyY-IRgb_~=N`_Y ztM36X2t-nVCVPxBwyU_p_%-Wb}8mWAdes+_Uo~RydfrOyNBPPubga@A^SgcS+|;HyPs_Y@^M7 z@lQ@pZq7x6rBsW@#=s#Q8RkH#LqDS!6*ZC4BvJV+*`Ih@?uFGS*8<*#GqeBp!n7-4 z$bWiTfv{6?3PFBJMk=gINIc@QIR?ca7;L@QPxwOTb*SEJgH?h6ts1F0#VMpG}=Ro90fh7c2uNQW2Vl1IUP>aflqNj2B)f{>0-ZUL!%QRvE%- za+7#2E3`lv9|J59>&!H1V8HS^k*k64$69%xwZnfE+C+Q?J_N zKMl57d!x7U)CF-Ih%9S39Jn1hZ&JSNg&Gi6-d8UM3kzOUCB9Z7f?>letOjA^;`YEE zJ|U$5^~V}?!M7D-pyd2ww5=@2JohLVeGn|QgU90DzXs3jiRUV;!xl#H@TFfQ#c#fz z+2@uFUn<_<%3k!Y{nPp6`M=^NyiYwqluJLEEoLQjhneON4V@%?WpYPMiny_;!HihB z;{t3{nKJdCt5tXFZbO&WT%O5gjZQJ%eSd?CvyJA&1H_52jsnlA8BPNMDM1K9Xg^dG z&(#>cI=&nLGO+$zxBxsE zM#Q`#0ry+BfFxb*7u&(8K>2mr+5u9vMQURmkv6wp>8!fU)?Rj%kT1(3Ty>KDTM7N^ z8?jF6#@whn5}|LBhqgh7ZsLvbI)BehOeK!|mc4M_x|fT0GwP(}+kFteMwkU5P$C3Z zRO&Ewgp!W*K1nDwUgmhG4x>mqKe9kJy64g{lfGZ9@^E0_ZiY(CwgE=g73X3R7l&}g z)L$*hWuj*#-3{{-ryDn)ZHIB>-J&{qm`Lc-eFPvvw|wten>lCn=uRtnRn$u%ygLBR zr@butdH#^`JV#Yq;}!~DR6rskEWc>Q_SA2O&z*QRBo$dz+l$Pid%afwA5(AH76-I! z>vrQF+}(q_H6GkugOi}a-6aW5g1a@|xVyVM0fGf<++7dr?7hytzhHi;XU>{c?-)af z3r;i=Kc~Kb7KGz(CVJKPBCOn*^K7b(W{ME5UQACK80COpPWT!=V8oiRv9_#wj4rJc zQ+iv=9LZ)OeKbBQmCLfhgaQbpak@@`_Bq@s(-kd6rtod^*D10C#7+m}+ms87&RdJi z!kfKfM*ghO)P59e$EY)tMG&#S@tc5n<#B``He12lj?;=6mxff-YY=G6uTJrt4y7f z&fq25twL-dxaCuSzIa*?Ta8M=t1N$als>MJyce65XwDfFVWgOQ(6-4R10%`6y2Yat zyq|a`)LK;4$NQw199}0;48QGnrlnLO5D>1bKHAgb;Nf-t_&%U#*WayqjTyXH=DS^I zrxHJr*2!0ll)VefWv%7$2HURWh4GZMbxJ`K3qQ;cI>yh+Q9&3~o7T>U*n_+`#}VCDPT5Ze~!Ski#G98uPX!O#I6NTFFt zMJv8!tjPKP9xjCZ|ABP6WTdVk)NDT4u&0R@>x7Jio5ceWst6oQ=%ytoeqMK;(v~P( z*NjSD_2*o0R!s`87}h(^E> z;L;1UMZ0Mcu-So1E`c^*@Np%|rF|j6ra&+vh=hEy-$$Yl5l)KwYd?yd7^5NWW{uNh z9Y0@+HS3&0FqagxXHu{arW*9RWkAqA*@6(??~{@%M%2A=(-xrLg;4jX@f5M`NJ&KAhlHZ4E=?K@&J34j#1c+I+-gZ_yi&tAGG!?XmM>mm}y3)zE^E5+pl+Td~!09W5hsq%$E>sL54zA>UgGdK#g-ir{VmAlCeB1mOwx| zE`mpbBgU^M&~l%*Q@^XZoXeRaM82q@kFl&fTZm5kvafKwM^rj{IU=dtA9W|g?Q{QX zb|`h~oZ6#9rV(MQrXa``@_RJGx}ON=rAV=OKKAHb4D4!ANgY16oJ$YC z><|&_)W1Vruh6XEv?Iv9S|Ti})VUYsBl%(E@O)`0nSEpu@W0aE)5oU`seru>1qus% zFZ@yVicuIBQo5`(9)e=r%I{)&pY_BQlWITd^7zXr>EsK1q9fxQa~_r&5P0}Z6wMU0 zl3erYBEW|C$2%Kdo0AzNoCK+a%Q2EM$PG1BktOAG=u~bc&h?5z6I} z2srAi$T<6s-Alg|!w@R6NKXAEwVH|Tyr!!%#cT*mMzdjzaB1R)9&8(SLkABYIpvXQ zn8$DaEh94k<~c!TCTd1lk+*y4SIi^b{S4jn%#<810bjXWdh3>)cWuKcA5&_xl<9sZ zb8FLqDpaVK;lXVp?YyTAo#3SxX9nn|&Mer;m=c3nxb>q)NL09^Kgwy1V+MPW51y{E zxIeGyf-4>}<o9>UIp3RzqZfmabzx{iL`6Bxm2_QBq-m#W&}wdJ z?P6znP>Plmt#x|6zxTh6sm^^*AG*baqNT0yGLk&2Z~Dq-X6AbK3affk|5vR z@#)r&8%o#8N*fk0=OCwDBVakZ{9`14+v0pPd7Waly*_iFlBIG$^pcQ39P4&4Qh35hGE2bLi<~3@Wg)Y z|Gwn>Bj7n!EFsLFELyPOd~mXBf1=MZDdA-$8FU z|5twAaogqjAmW+HVN?@(Jl0NCnPGoRK8-HTLwyXtZr@~Y!)Ep%_`&iTUxGb^2XE+Q zl0KsQNC_<_9{tGlE@5tf#BR)`y3QHpPwRzg(K*IM(jLgSue|k-{&|Ra!(E6_1U9_D zj6^fijI;lX)KNRBgd^#!{upJUZ&|7U|fGFq34@dJ=t!Vb9xRCe*v5p)a8FWlLJS0Uq};(y%M3Js>MG*6yoGF z>qd3FoM#;p0fhyvYxT}bQ35USl%KB+mHeiktF-Atup_Vp8g5Czqu)&+uBdp z!q6V7G*t|!ebfQ{1_4oq*D*4)Xxh4{R%!(SV6f#k8H(T!lZbF(IJTSyDA*STWzPPf z9ju=x*W8N=d{bXl)*K<NEoE_jvbFwHx z6r!}w2_LDdVW*wD>YgMu&~2$UdOL4hSy^+|7s`8?){k_g%}=Zkj`760=l@)|q_wSS z`}Kv#c;C|(z1c{;LHEDEygg=Mu&$^Q?SFeT`HXXA?8j=>#P!LZ&OJZu4Fs5A+MTOp zZ{NQ1XFA1b{R7lHF`s$*^>G@L=xUNv?tLw~_{tx-vAjlL(;n3U&G!3vpBlo;XHdQb zzL1^RENjl2X=Kon&374&7GZ)t4eagvH7+b) z4^|KM#at99fi9GdXG{6Go2iKz1Wl0(8Qw^0+)zy98*(OIqqTzh`B0D)NAcbDRoS#~ zTbReZf#6{kUeBJ5-q{7&(tpMv!hdE>AoFd=s%!ID7yfh|%Q$ALCrOkU=av?cr5T4( z7n0CkhZ0P78DO6mW41wWXN7~$2+l56XA>ZYr;D?0c{alM-EG}@y-t>SXt9Z~xo&eJ zJS?Qj)ipk=XFgQyAgtSD$3#au>_E`v=G;H^TB2lc)ELVU123<5L!9N%jE%HbEpI|? zG+*KGOW4639DPF?cY799c`A}sZ*AN8i6Tu}1GT5q!cn=CUqLgAons3{{jC9Ns8Jb@Z4r0SyFF745My*LSgPI>%gh@ukL- zHKI?-O-u8GV;t50m$CX^1y+xzm7k{~tYwR!Ii{JFtF`E;g0w{P!CbHy4F(&JHb&e= zY)&jmWGvml)(U>E3eZ{{xL?ivN4*G>^yu1qnUdn@zbJvXSP9$ltR^Q4g8h5mNfAQ_;Ydy(9fK?TbgeQ z@3Ibx<_)Chk}%B<66t9Al3P3kE!;OYaKiYS#FEUt?A5^9?%deS*JIm^_2Dn>#N=nQ zfYRUljizbmMBDVz;jAQ&jS?In5Iz~u0@u?o#`{;M2)izJK`xau0b^;1`hjQGRU|V) zifgR#hXVJW1m$kNOPb|WExzNUYww+)^gF*QoaRAffIC>8Cj+Hh(ak|u8rJ&)^h>Iu z+Rzn-yhtPks-@{+>E;{b?XPU%Ywb^J;e?XY2YmKA`Py8P&G7)k;fIL&`;_)QL%!>q z#$URr@7yhJtnV0zCwVr6@okbK|2Da*J1j@2Knl-FAB#2B5dDurQbg|3P-D`ue3B*}h zf2MS^6UP5xj1ZBX6_|{cA`Y{7tkIBmciD=Ub$3jnht608z1~8>UF=$jGkO4xbspVa zE|G?#I{*6*hV}ek3=41LrBY~CJ9w4_zyiy+C=y9dftH&L6MI^sK!xtX;o7&BC575Q z799hHJA;!i3>p|+rMJ*3b)Xw+scjw!47pk>OK#{Mb{Ln?1XA=>4sNLU5%%uJ$z?A% z_xu1*;gV1rGXBb>>^ubc4!QuBv8qUJJBx$y;VE-0?6lCO@eu8UIBnnf)a9wKHms{*@@0O%XuZs&cEHX!w%1P&hVH!iA(5v^9PmR+%4{e;!Bwv zpT-G9wjw;LD`U{*wjZ1IQMwtFosGZ^>8n{R-`a#>vx7+?L0ovh*|~m`?vrAw>n&tU zleKmjMzyayTh`q{v{HZgf^y-WapjKH)u2djhQYwhIyv1R`e&=|p2$-$>(Sbd(WDf8 zcF>eHMMUFOmtSZm|ISH_mk_g=DQ6w%pp$3oA59N;uB^D1g;?dx)p3K) z4zIXQ)V-RCWu)Wu+4{M^*1p`I5mfO}$gg7mgVpXTY>m}O=Va`P%4EBY{D!|_C^Z$M zC+PRJ9Jk+PLxq#P(yJYB@s8~H;C-&O@!z(-GUhD6H_Wkd*i3MiM6z)~ptE&`OVs9< z&+w?Ee*4sV?(KGVmVMs%G|~4yoQmKyWtGNJ`cWoT;Ta)wmzM6c5XLmQ_2Tz1bUp^e z;`o2$cpF(dRO$jiHU`tH`4MsET_lt%{S&8i7`5pa+mEp@lo$|BJf|lV7=&*~$)+Fm zf{MO|;RLIauEi=pVAtzpp^G3lGH1&EIMe3*b-=L@5yxgNRY2H*nn)-SwAV}vi|Gje zH2UL{LuGXnGYZHAko2D4`Jw?OrTuc_i{sb^E~rf&p2ZgnxSDn#B0~%9Exa%kPsNx% zPFc^;OQ76yt(!>cf=i7RMtN5-OQ-bd_97p+m~^jbj#-vljJq-?@YvIG&e!PKsNGP- zU*Q;rF{bd&Xyz*6{8(-jI7T=8H8o*Un$aYQQ-gb2P2s71N@OEwxjjO$x9CyP8DOH+5^w;UypnnW_`` z&PoZ0?UT2qIgIQYIFLQ%SuZ6YZI%@|56QA6P{d4vnVtkIzAxdx&4OIy^y|42oIeKD zi?=yG{+w_3j4k_m{o><%N+9y#@<#(JW}ABU>dfYEefke?n?ca15J&?0=d`eRfO~n5 zdE+rdIA_;Y$@s}{9;R|^Y`;zm&8Q$w&BV;!o8!OCXX0PBKc~9+dlj*zbr!?a#xAUT zCv7eY^ums0QZ|s3EFtfcE-WiosK0w_#o`ogKbcS-j(@EdWm?`nW2qPXEbx>R5Z?0U zDIFznsc&i?GikP$ zBOs$%Pvbbf5F5W9NMXYwxwX!`idoO0+v=0;m1O;jU~kV(i)`zmvDMx^lQy*X%x{3o z`m+&dKAi%ZKzChsV(iM7wP>1Vj@&mj4tWIUQPJc9@8y428}8qCztK&G!^j1pODsF*kuSk*T>dSA|gx?~2 zO$(K@)UrCDm;zp6zP@cTvZq$ zJBMH4Z#A)(fQ=ULy;RY!MNVetX(h{oDZ*BL4QcE8!Mxs02u?vfZOrHfMVX0Q(hc@ij=+TOG?sUY)+?g{qc=;l;mGF`P$5Kij ze5ZJ7zWwZeh%%k^*Eju2Vf9_^XZ!HJBq`ntf)R3@!X*i@<$9-nyfroDH?VIhncaTj zANHfGr~^6-W&L4r@X<6MQuRHHhM9?2Fn@43tLf)w2i^G(pO*;AyJgqb>MR^RFX#0` zhGy5w2H)SmRJO@V6~TL_u%G*LQT$?>Z0*?6d`9=K>WFeYj!HG;-``V6TXY~Epueh_ zOOuDs;2F-wE{XFQ~G;Hdfa1+?~!C6?i5~0zT zB`}+&t`=TbKQd&vun+4Uq|W+5%*K}g2# zs*oPAGLeTm`i;%;mSZ9w<7zbKF^BB&+%hAzrP-@v~3gq z_L)4vcae0gyAfe`w(#m5>fHq7X6ZP5QynVYI+7>XwG$Q^(3ZjvI-Rgn3~3%8iUed2 zAk0DfzN`fnRZ_ctiEJ89(!71lciwyHQo7+U;jrerO?)57(v3+3Z~J=x+0zfE|}W8w}V44*HK&YiKwa6w^xgaHTHl{71=mODl&bG7`YeDb!i zE@uy1Sz@ZbUi^m6xB1?eoi1PeFXhbF`SgMlyQUKLrFA)eAQ8O)aa;>s+9Xj+o(LRgw2FcQU3d)RV&x+(5f5RGpUh;@#U zuosOZvfp|FLKiw19CNo50^3FC#eT05LFm#=Zb!~Afk|cHBeW2y>EpavIDCuTd5FL~=7x8QU5 zdVXoeO9YSgxK3Oa+3GvpAXvTzgi4j)Y(c&7en0RZ$s?+_m(i-}Y9r(@b}#%s;q=Y+ znU0&9T`h`vYp15>wzt3@T>6*+JUI3`jxB5Mmi6y8CkK9fT2%-r_<2`^be=5sz4;Jc z3lmdyoqIMoQd~hRu=xCeu=YiCDZxVdF#+uNwqH>>@SkZJ~zK7rYA7yxhaO&BeR;5!a{(Hg=SI$Qy zn~z~JexBl{@RuBJ#nuovM@uIVK`6IPl@GR-tLa8ZM>miXxo?tlt{@6nn70s9SBk@m z{EeHpCk8oLm!59HJv#Vdi1)4<*mJ;xssF zYcZ*r(j#2iT$y0mKyzuF2!w7`v-Bi6D1pbSaA?VW;|Rl;?xxMX!;=LzH_rzn;rA))Mx*aRxNcfr807_-(-J;9(s-{wVcuzX8ahDVEX2{RCKW;N zz|2h|Y`206z1tILkI_x$HzOcFO2`~40^y~@)3Wk477AXeLF&R_@1O~k{ixT$;`v#- zQzz_4p*N>);pE`BuZO-eW3YfIwvH9H<=n0EnluDf22qc_SAuG;MF_Dww8NQnjr;9(r+6_);i0BK1c1jVQ=Yqg`2n%EYRTw_oJX#n805OL z-Qv`AWEm;Pem&m{Bvof)#j7EOb-@gfhW-*U& zGQ|^iG@;DMWj%H5t@VY*m*b$x5f4AFrPDej%FEDxU$=1snlWQFymn=G)easMq-<=_ zTG)CR;VGDO8U7e;fSI3ISv53W-nFV|3eIAkmvY_uo$@DfR#&~{-~#Brr2+kXw?_SN z{`~{&m`<&4-60pA4H{?N{!&@)7#(TB0{+vvGcLd>Yy%1cM;oTrKQ4Ad=sDUa#ah-6 z1_c+tzl~a2=Lt@Yjx<}H?S|Nw*!+_ofLGM$U5<(-ER*oyBY~E(2?X`Jnz{vj_ktTf z4tIkR^KzWL*V_Mve7ud_pZ;sa~x`C2hBIs8IVmGMb%X@$rUYUY%Tce;y%00*K`evLr5r*gomBzY5Eeh zHY8!lOtL;#{%i_jYpmAIOOpjnPT!mo`|ai?gh}IRzf$wsE8P_bWmBk*JPf34U$#@o{&{x#M4b1FXz~Z zPuibu$O{`kSIh`(uShG_ueyt-&2lNO3MNudPXax-P&lTrz9KRr_i#tWqts7L*#UIL z{#|K@l!P11qQkHl?oLGHmDS(d9{Y*O331w+z;Q)PaQo{OYikzth?>;DVl#iT*O@V| z%>KcNPpp-+Mh$hnOcG9yZ>8phlSVaPPCXF5V`OK2!*5x{j@oIhJQPV#MQb|m%P*_t z`BvmWQ10t~*sca$h#gesO}(@4mkhhF3t2o?J1G6`F_1MWj)&3x zSLyGG!>X$;;ug+Y_@TZDu#hRj-eu9)KzX!G^|iDJf4KOz!X;Jqk&w%bZ7Nl%?9>6R zYnmUy%6{=--<+NFNh!y=#QWMnQ!;-0wBl0KQz}luygl~k7|r+B&u@eO{R2wFSPsQ4 z48AcK)zD!)Sp$%)$^}NDZYWoYhqf|TcY-Y|bxn&kib0Y>@z6CqO4oE73 z78EL)6BOoEjy27tj#6X9HoN6yt`Ru)rXezSQt}L;d+>M=SJ+Hg{q=jcqbMjFn)wEX zSE6VoC%Ou2#~*~4q;`gC4YBbsW>pCh=0t4CV{P4|cmzoK#ZE&*toLGBP_w#NSLmv@ zF6G^yi;;k!on-nk%)KP}pg(Y%n~yo{9w;Jy!!qAi3Pkg$v$XEt}yg>ysA7_?g z4fR6ZYCrWd_H{9KrFLRurTq9~G(F%Z@-zM~Id`CdA!79s_t}Nl9q2lOCa{C;knkQ# z{x=EJW?)>fl4X$eD$QFf&hzGp;T}o0I*TpO*P}J`@gY|4HvdEaW+Uum>^9HZP~Q1f zCjb%i^1iW@l714wh!`a|0aZ$00vLZLz~5Bj#6>)i*E@*KW5@NIgM>qwl- zL4QaIn`OOdqm!>IA!&WQPzucWN+xnd=DE+DUw3hu&NB6D0Snr{j9H`4Kk0O)Uu$Wg z^`(LsDFvpR0r_3(yz}2ue7U*>xekl1sTDRt!P|^Ln=*rQhs9%>(B2xH=@OYZEFg&| zehGrtra&Ntep9cWcd*tXx#1GYS6;%*??0Ha>ub)vEr#)nMF49ooqt$nW?|Q`Tun}r zC%QeZBlZqySSy?G;K0oR(c{esjslo_u>VTZMY=aXB{sMU!;voWu(}AS^H+m|g-Rs5 zB`Ha6S3-!s8>>#^N-i%r+Wg+~XY9g~ta{=4+qT!tg3RE-eQRb2UY_W$yB&BqgALLe zK{CE0g-d-vX!L?P%K)^c{?YN(z(v-DKTEGS5VC-CUy9OY^Z1Q;{KcgAVv| zy9OgRacA1Kay4fmtl0XD;YpQ`DDN%~u|gZ_jBnJYi4cB$Qd|m8fsznv%T*;@r4*Zf zp+#pogcKbgNHGszwS?_{PPKUfbX|_3F;aI)F7aZnkB}v;!ijgKs;XW5V1Afv|96M@ zgL*F|3qzT23qhGv;c#3jOQ$?yj7|c=)bq|&2UH~c1%S)2yKC@2K#`;{_CIpxM58ll zl!Xf6jMDG^35#n?KO1N4xsYec=nIZnY7`;ayfbm9TK4>kr7j73Z1Y{)ToA6N?9@1N zpTAtt&Alq|HOBkZ(IeaIg0@7aqkn*Rh=+hwUtUMR3i4$|A?sLTYZHSF3uur;t2Pfm zlsGqd9yT?_fA$}n7tjBCecG99=);2q#VhWt+W*;WLkIKAUeAf1ptg_ z5~OfF1`UyekKA>;1Y%ucbmt7xI%OaVJb*|6q{MK?ata24tNTsn z$r=VZ(F&p^($FOTinop{pXXKuuJxs)p?kLe^DeQC1|KQLBvgsVe;vri1GRHMh1B^CxG+@I-bp41f@Z8 z0SO^144QA>)w67aPg+sMBkN5@kis2kRX%ib6ZOM32EwLmE^r=?MtfKEl#^Rw18>~O zjasRFR*7hcih-h{w+W6(dCaLvG4)LQEAip~zC^P+XzR$$2v~LPZ*@7C*XSAWp$o^X z-7AAr%~5}F>*#b*&Xqn)w=f{`On7aJ5My`;cu&?1#l$jlbfZ%sa;Dz5*-$7vuM!_S zL5BbNB@dtNr(t9HxrfPj%iAhe!v^rTwpI?N(LCHu?Lgx&@3DPvqY{-lo)2ZXMTSvT zcsbM-z4Rvo@p|?}+~|1**^!Xlo0VlSU*;a_i zEPRNZ*8P5V;qX-So2MI(2+@H3Ec*#m&?wj?uPE41=J<13!hrybXXfTc zoOT7uDE4lMdy;qE${^TR4=)H!?8$JK=d(%-jrE0Y<}uPc7}Ly<(ej>8EaUal;qF z=*z6SnuomcJ^4xD{eMlebc?5+St8?BX5Jr@9y(bzXeZ&@PfMZhDsaB1cgR6lnJMYE zmxu0o(s91#;*lDD)HGd5i9-^4%XSY#mHP9;M;FE)t1Z`3+TLK!Macj`xC&i)ZZE4v zWT~uA1tX~0`4mq7k=sX@04L}@Mg}L8rL~ok2hgq}9OdfQ6e{IutDM`Er)nlRjh5k1 zMI8hMa%$ZhOUYuXgP#k!e$Rw)EaPPp`$<)+Qg?gM^3zsq6L9(;`S;bGn8m53WRZMR z@Vk=O2vt;t)omh=B{5#35TEa?0O$t0;R3g+W{M0Z9x)!Dpa=;Z32BePj_H3%aATNb#d>m zmiyV!lw3;87<9oj_$b{;#J@C!{W)4qLQWBg8Rje}ZsnlX>V?!SH;G!dh3N+13r47Bpw!X(S zu$&at7gm`Q5RjS#M;)b+sd3CZ@7BQr{-ajJ`F~@tcVyK_7JDQlmJvr3 zuS8<^hiBGt4CR^&b_BMl>WNbyq6-()11z5F6NmdYy>v3E?cUk3@u$ZU*Is&1_%b+| z$(9L8S*M+|5lE+4*5~?M++by2skH&i89oTJ`TOiF;>T#$nL-A*W-amr0WJ~(CW)H2 zJ=+893jy6ianxXygduK8``2h8pVLXYmKbvD>p$=3Djd|u%NRBtpokyJCg&noz#|_U zB)9_E{=7TQ#Ij#>1Z3750cz~wnu>}deZFVw#qDLn*20K~o=pIjiA_{DL(uI}S4N$E z%wA7Uj~&-;g5k?S*qq_4&I$7IHQ6yWe1apKo|YrAxM^ypTij+=Sv^k5e}0^18&TF~ z?A#x*H-x2EVtB^a&YdAqS=lF^`Fze6nyGR7+fzjuCN#vF@%cvAOI{xQ*7pMT8q%qQD6#k5u()kf^C@#LY83L1BuRV(PrjTTlFBUclohE*E)@-Dmr zx|$sEHuA$i2S`*j?$h&`omm@-f741BQzK^p6ZHS!I4r@Pc-m4qpWsZ@+l92UPNyZv z*Zg>$(O1QrVEThWRil{EU9`KA{2ZWwErh_jw3fBu} z*rnOx`_R+%VOalJeTUK?4&f9gNZ%8V#5et1MLeU^4l8qZWcH)6nscve<^#D=6a)5$ zKE(AkMV%1YPS-~A9Z%D~+7ndC6!@ecm9d+vA4{?!vDbcKPT?nx zt#zOvq~jPv;yYbXjSQ1x-_;YY#o8LL>(ZM^$$gwG&D<@E`5ue1bvAcqg_>#!g`w|= z2+(mcN=Hu!K;^!``q#aGTm51BQ(v&_6Bh!f5p0&s``{Lqj9$MAhS4BPN@;=zW?eWFC^Dd* zQHltuN0u5w2fJTN-fFjdM(?)#STF@zJ(=Ak!yfqSwKi_N!49S8(Yn{7T*%-aQ=7JO z*UXeNXMtqJczod#k4*gl(Lmqwqm*rutSrQC>c}-4yf6yi8nQ=q;}lysJzq+^1phtB z;MC8+jCoTdl1eborKO##z1sP??qZTg2+I*ZNn}HnR zKZFq78y-sHgc1$Xg>Tcbtwb??-P|cRgN}zYVh37b(?;=o(HNVYjyQuAqAGR7@$EZ5 z5Ix;`4wS~7jN=}}np|ea&j>VF9khICKk*aCnn%Iq%UM=~ z=$i*stBe>J^&hNf4Aj>WQzv)y-ft{3cpRFUMjb*&Cb$T>*HY#r54a6+K4``9eh}id zqBv{{&g&L`(l7F2l_xxFMds$d1QVh8Uw23KA^%*y0bK9G3a)%+fW03ejN=P!kAmq) z0iXeW@3bA;LB)efbkFA?UIA@bZlI@M@DgmQ4`&Ww9;*V*$(2hyBB9`XsP8 z-x|{C$s-|j=$rGgG~~CIPJHiCNqWH45eS(JW6-2u!By&&JgN?0OIDXY1UoFuIJ|cn zlS-gJb!Q9m$~$Ud6#kBZOeN}CE)@Y@4>mIi26W?4raS{CFTOUxMnzf$Ck2&;2r^gm zYiOrV{ta(iuiYn_kZa5Z8ZsX$onpk<)Ru{liNE{wkHQ3Puu7(exSoIX5T;bnbyG&Z zpmFB3S>E5^kEi6a;o=cn&F))4(-JJ3c)Wf((E_>88{p^Oc`xr|J!4dKGrP9zf3ZOpjn z1_R@opr7wiX9YrL77mWTZsFmlsg+Z^&vM^dUB(4-MD8#Yp4#q7PsRLe`T@jWUUsjw_2UvUL*Q#R5R%s64Nk%7D& z&`rr>0S8TDlF=L$hI1|)bk-7{{XrZ@=JLBvoXZv&F;SSW-b}!;P!U5emEhcm&HXQ# zD@x3a)-lK=!4iWwry+Hp%e?mIeE*Ri?JaRSPGo1^n)}QBa~J3WHCJzJBQ^b)fyJ!r ztMS3$e28cazqMJuqaOKmZ9HZ|EhrG=Q|MJoUu1elr2J)0C7pz?RK)((rWqQeQXlOO ziVr+PG5;J$UOu8C!Ig)ZD3g?_ne_BP6iW~SJfyl1;WEwLbE0yagd}NzJeaNoS)js@ zPU)Vme=*`+kH(;$U+$;cFG05M#qh_hcTSm>=x!=cE`nEh+T>sVwrJ8#^oL=#O@jq6 z_OGJd8PjHYgO>-hl2)mmDIV)ct*HboO22JunLSIC*JNf*ZYAVq@3k=On759(I*p&S zA3dFFA=lz)I&<)?{IsR`8O5%ar+NL{V(kFF`5E%^FQmqFCospx!rNJ)fvM5F4q^wL zs~gIoc@5rpE4^2H)%gq1*`Iv6>Ui?XZO+GGT)355)c*#|jO;eS^jAEy*oNl*a@V)hQu6!pA;vOR$W>Eb|IC1@89Mfq zcPe%`8A!R3t{kuxmBQQUQ1k47gcY&f4l5 z3KkPvVJKZgk5@<%mZJlz3}Uze)g;UCby0|k8lO)4(U0M?lk+}xgkWnO?}w71W@qK{ zTjYe3_!&}Ah3nUFE{b90e8Fwk8PenFXtV0N1LL6>m!XD7%^P7&m`dZ6X`t2CnXr(I z$4-P@c3Bd9A@I?T^RU=UQ5taxt&NL9MT>n?Wtw#P6IUnriXxN?^{MQFDF`@UL)>_o zdl&u>VF3ii=0l22NsKEv_L+p&aiLdMyxB z?*PD8q+98M)umg4>I-lNB&!>HU2w2N>awzC8g@dvbtdGa^UU0y}F zM}qOhjY6MkTKet4GBD{$R~0a5$7=V=XP5#?d)}K`5@%{)?LVZ9#ijSoOgMVp3rn(ow6@p=*t7)&{5=oYLdheis%)-`tS^eT|63!xd^8Jo#*Ls;% zqA&wlmjxIosN0B4F^(5&f6)~j%2%-hPnB?2bDl17WQ(c$cP+WrWIrPEc@(=s9-rHA zjl|Hkywi1_+k(DR^fN-Vlozw_OPMyZ`Xy=G9e@hQ?jv7?>O;`jhFFllrj}nJV3Ug?GnWs7=$sd6 z7hnl6IB;qANOdH%BG&4DPDwvDhA^>p~1#vwQzde|H^T}(!5+!+ySuKl6096*vF z7Y(3TWl^N+8VfsYnJ10;cbL;SdryI|yl(9QUt7W?5JQ5$XHI{Ad7Q5#C{|45k7%&5 zT5reCZ(kw}zus)F=IQnnX@+k4C0?UOZ)`8EW65{C{LLtwh-0^*57@Nx4@#61G$PZS zYwccWxuNb#_!P=!WPK6s%iWQ{7^AyZYGy&K!_?=1_D9iODNX=U_HIk@Ie@#BX~OmX z{-wx97IThFFY8-6#d^IJ?lhM<{FY>}`zf2sOnWpZqXXfTze-dg`l z_TukRq5SI{Zy&>d3v~;g>G0)R5xO5z@ z8LMZW51qO#&zi~*K6$cl&Kv9H78a5`Az3L#oZWbgl@tDcaN z{4f%H3Iwg6WmA$~e5@8NkrhC~aA&|~FooWLhCqzCfkQ>cn$@ov1yr-hx$OC~reGD9 z5VlmmYXcL@XAr(}(9wo&Wch^>8S_1{kkK*fJiABG36mIDFc0C+gK`%Z&Jvu0SxzDPQR-pXl14#oAdfnwgi2%Y?uqG>RqZ^VMuu&@v+S zb&N{k;a~kdY)k@pt(WOf=ISh_Ss6xier657vUE_SM7!yb+IE76W*!qv8_N%4+&+o( zE$meWio)k0UC*mc|3eDmd^a>pP!=JC?+{kEf;cM$%{p~4MUqZF4}37srC$sb6WX7I z*x%#bDe5vV)c<69TJ_PJ_77I#N3iJIK;OTCWUcGBdn)GdI5xN6EXyB^^ceq{S>CO{ zg4-zT-|aFAg!6UY#ZcQ0jwp;3yu`@`b!*=EgS}_8+`m#$9O6zTJyd0mkYf&swX=A+ zuKxc-Dmm{z;SKLxv~ut!W$T=V6hFb9QP}R}%Wt5UrLOyBSQmQhROqAQGG(SfTwLBR z1&8=Ej!f7)YI;g2OL}@h^;_$CWHW84xN|zB@=QVr2>Dre|Dzh641NjxOT9F2cPl;izngdMxTrle3NZ0?;S#e z)YN(22*Le*npa32=AAH&BW(#%qXx5|FFd$BuN~dj(61ZX9t=CrA0-H$d6^sYDivf2lR8b^v5cqmmloni4{Ky^3)2cR)bnDCZ@(&W zMX^UK9bpe1(+txDEk>=MY-l9fTE?Kty- zro#EqtMtwxb7%}V@4+)f>-Ec;)A9ZHx#b4nmdw*(W+FsXi+4m_XdK7tM@< z%V?XV#Siv7hr3{AiGaNHd2`{=?N-;RVpJmii?4SpU=9zJl71e!!IOUuUAhpAHzll z{g--llEg58&|xzeOZ*UO3rp`$M3(!Pz@~fakbc@U49>-b0|TKGoXY)xrDZQue2?sB zaVj;_ZJrY%s5CD(k$R=#+8e%~Rd4I(uGGyetrbUgMYrfhO~Vwj1$Qh|I!BLnOKKYQ zQQ?BT@P4Akg$$xuV|9|IL_(z0dRD`f0n4OaVolnX?BF15o(Dt7ghybrneSx)_z@1sNZSB6v8{4SZw(V4sif!ArZQB*wwo$QFLB+QDWuLR}xqo4` z*~Xf)_tBqTTk-um&hBU+6>BIEXsJ;5fZuluM8TTQU6!poAC&A5SbFgWxA8aCk5v)O zg~&l%#;`LtxR#V<>Q_B*5YvdJ%{c8>-ASmR=0MbLL%=^8!~g6F;Q?M40B zwR&J0y@^@NO_=x^5grlHZkVJjR)>G2AOs_?wmX1{`2}(Wa&IUW;7CeVVri@^b~Tze zQ4{Ct`z*0VIop6thsPEZ-oy9%Um>s%@9Fi&T^;Gu&aFott8pYFwiHL-Mskj!f;%EF z&Qg}qg$qaz`)aIsk&EEI`HH)K$t>6L+)MZ`w-G5$Bpqjg-Xhm<-R;v>K8imDI|;(8 zw;IG+GyMQUASd!k;eKz5%g2MvwlSC5&YPHD*wsIBp+y$A>stnwwm7b)@{-8j-x!EKvFmQy zd?=cKU?wZtIbo7$y0y)cSUyfOdytP0cC94pD>iJhQPZd})(y?<2fcCh=bxA{&@g5} z_bE81H@xiU@#t13cj2&m0|HGgJ45O!Lhka?25B#LskuMFK9Sa(6EGxFs^zY{?NRre zM!a-s4?#oE-+ts?qLQ5%n8&#{QLMYwO~1o@Y+aSv{s-Ml^KtUu(%$aR%Z&}(wcan| z<{dfuzU_L2Pbyh{TiX0yPp3Kxmh(=04&~ly&NRdeZBj)3p=*zH>{ti@6 z-WADl;(nX!41Ya{^dN*iTS(%5f9QH|YMD)Q;yIeh5q9^kh(qVD#JFx`BNe!_OBB$*i4D!zPta?s!VnMU6} z9E!@hTOeq(yR5pkYjxn=jBt0QY>8V~0d*#8D{ROS%Ni)U3-R!S3!Dy1C63~PoQGLS z=T@ZPwaqAoVGMe&ZozB-B7fmELiTFD<`^yTxP49%A}ss0=@o1qg-={wh%R9KEE(bs+>b>Q%sE2YmgH^f%^1i+R}SUPFw zy28e#^z~M=3zX9$7W301DQDuwEh6lAzVf|2(R;#HHt1yx%KiZC>dB4{r|&>WtL%Bs zh_U{)}1-BdscPIL@nTZ7?tabJtzs&AicB#@KR+wm@ z$URZHmE-37Q_^#kX|`p)=p8P06?$k(fiYv^Qj@_A%3UABEuRFEtf>|e94wNBEvk| z6cjVK#xk6qz5oB4tDh0immCRGy&vP`FFDg2I!9%vZJP(L_qjxcHR1O-6)L_a6rsL{ z{JBb-pkcY}*;+jo$?9~;a7cfGndy+n$@EQe?#XI;l{f`d87uqiaE!2Ee0c82Jzg5= zqsu^(qHV#R+D)D!kV)Hx;*rue52IC^gy~(Ts3;jY4>_nEDdbW4^+`nXwbh5DF?l)^T<@J=h(!?{Zl5Jei$>J)5ZMdaKh zcc_qm;Ct&?-qeRdz}Jd#PjJONWCsDCFYLXH2Di>%M+D{~{9`yt7nmZZF-qVwxd-Jo z|8e#jeVKqhg6T)|jp7i_Y(C?Kr0>hp`ju)f7ZgTv^B@i5FCVGUUb&cvKRT(A>aOR~ zAB(v?)i>d2yW1)Dz+hVMBjCw}=E(0DB^ek^J(={zhvH5Cy8@&Bb`vSrwEkPS>-90( z+WP!Sn~g#H8U>Y=XNa!&{0ci z#1LHh${vBK+;MRV1j4_vDkwaPHI|GonSi1C8-n@-h}5ap6e=}}|E3>UgTmR7KA3DCa?{}DsEhr`4$nSu@2Vtl;^yYvPanv)v>3_M zvO%Bm(mTIUL)l^A=3u34Ui~YFebkJ5cX%Px(i=1u6}Gr^bCd&|B`R)O1L)Hng@6r0 z`S}rUA0y?M{*D7HeN}>b`a|E7Ce%vwU|Hp}dQy$aTzb5Fr_XyO;rm^=>rib*i-%F= z3v5z7iGBLY+sl<%yJ-XpX0LIZWAEuxAg7_Xv6KDcBI0fy6 zjl|mZL=6{TanUP;Xj5mt44w^Dtj_1t&cVdGBVws|l0cb0Pp>!JgQCc4QUd0+e!}HN zWdTJNfQ3rGVJNEwf+p}Zt_onDOKDx^!I@oD)vx^hS-zeHsJQ8#1c#KS#Yx)$_=kV5 z9R=vB=2x$IKfeR{$lY*6t{K65h4*h0z+GA) zdyrMP0qN$%sx=Te4l=1K5atqGWbcWP(GjL}`6YfMbnV*yS2b4l ze&PXYmhE%}`ubrY_rCb5C^!q7m}x}8_ESVn(H)B+q#uci1ug0oRo zV@Yw0%;$_IGjUfsd!zd_VsliME`-UQidlR^tOq&KXn9%^jr6T zkk1*ldv^&oDQ~8vf6||&8PyGEQ4sa9p ztum}qFfd{8ZpprYDsJ@TsDzGjb6pFM{Akj>+G^7#?v(ouqH>p=Y&ug=OtmL0swwhu zJ71sa-^fE6k2=GvGDPq zGuLt4BxE%BR%clZ+hDu2y~*2EU%L&jr%;jOugY}&H}G*C%QC(4aPr{mi#Ej%!Q3F`cf9*-P9F;6ZeY6 zyP)C`k;iDjwu?5BT=s>)ok-hhc2P?H+4}4gZshY<=l%MNlXnKm`F!3Nl;PJQ?|9tN zD}~N~e}A2ZRok6igY*l&2_1iR$ub0*FygtGn|Fm@Fl9k2`@}zjXFRI)&lz$@bG2)-6+qYPu>SXu=a&^ ztBvUK!;zZ5JmaDxO*M%47TUT{;p6vwRW0vWkKp)0hF_j)66{9v3Iu`8Rd}XsVpm~5 zjE-|@s4ZL|aq$aAlNhmQpxb4wmg;o)++;X$M$nEnZoqfRce7zvqg+0#i%w-*1C~w} z5re2J&zl*2$T=@Tw9n(C9F4#D?a>q|vhS8HT&K&g&qd)pw{CuR4aGn*YHsQ>9PqMK z<6)7jU~@J3|7=MQx%g)^-(jCl(HpE%fH0D)F)drvl!E`wKf#ZE@O_taqZ$Crxqg_y zie6IN>ziG`d40I7Vy-O-PiLM*9Hy3{o8+ib5RNwH6_-DD)yIJ{$9l(n58E3!@8i(^ zRzLFi%Hv3CR$3_Q&DhO|dtqvR!a#SJeF}#Cw$0{3%5_TXNwXqoM~c`tDi|bc{QQ~^k9Q~1=4Z8Zyg9TmHe0|3B>N9_q zi}%B#G>9;FuAta|iEOQ*{wOqds%zxZp5rb_$~+XSf7Vjk5gWW3hnR>|fTniWF2;{X zY3}LVB$WI%4E)!V^xHfcV=&xgQi^(4asaHTcrys-@Rs!?;nk39d++=&kr~2MV6KOA zZ}O@#d=}|tIG)Lp%WVFZYt8y6tnNmyhn-i9ri;f6YB%k=v+I(>o3mwta~wg)1z!v+NY-#7c1rf8r*U^4L6U>V z4R!ar9LJO=Zl_hTH{m-;)(!a)6)%hcq07SR4zB0vuy=(f|Bdrr|I7S;x9vAK6D9XP z{4WvqhtjMf-nMbmv7Q-$dwKyf+++nCQI+~!r7E#vjc{byCHGXNd!il1e{Wgrr04!g ziGH>3zQxqiZt?OvL#jZOl`*cMy@)mvcMI7*X86qS*0)!XHEbu2{FaJJ(w|&!dkGO* z&6I?~(;hX$pa-1l1yyuFTo?p50l`i;2Ns4a?idCweGmdcbovCx%##i*8pdH>ia#Co z1Q<8s#TJ1^@;ud&5EgRwJpy^#RMj#hzo@RZGZ5vGqwG7t=b7iQ1^?_cOvJ)GY~lkv zHS+l>Tu1mq@Zr2;kjnXH#g9O1t&$cyx;k*(-`;ztVXB;=tbyI4PAM(JGL|aPaa^7r z`R2@*jf_kTXga2t67_}jmE_)#Cx&5|G_3Uf~+L?eSk9(Bf30bwwCFDbB7DxH&oD&Tbx)+sg-rF-eg2IJ$ zbPhhd*`=iu?l_u(iOI7yoN589F6qu;SCfA=1eY%^Jp8W7`sL}^cDb|!{Dq(uBPj}Q zq7T~LI25NZo)L`=2|B?pkemZCN8K9=>Jj}D+|kko#A@sOTkgI#Nn;sTv?Xy{8>mpN zkL}S)MSZUprQ^$E%rlVFqoL890xsa3Ypmm%aHEMv^)9VvD;r18e9w#D8-RKtY5y~a zKFhzK_~;yvU!h{Ja_n&V>PVr-W@SYD4gfbloQODuP33U7F;-zqmVMK)DHLI5n|Ns+P(a z`{b7ec@2-6qfiB{_|0%4Eq4zEVy$+{Qvi+@Dzq!p{50sOCk_kq_q&oU+l%`>oDPYU&qvf60vlE4W~ zKhB%o{YL&sZ{QtPLgbnhbeM>gtgKe#I>gZFhB9sALQ&kmh!NhDC|`N=4blIVFF+XI zN_6T=19+|Kl41D6t-KN}`xtVVFx+u-Mpg0(lk}KmAsD-W*$(q$ePu5?`6@I<5XTNv zAkWhHl3DDJxCE{{!;R!|CA8%QpMG(^go5QX zlHuD_mYq%z4*E1Dpn%0a6SQ46J0BLV5Y$wHrgpPQ(r_uoXyQ`6$wfwrUVS+2AerB# zc?L)A5xbzB-zD~mQs*l8oDKlLHeI))kN+r0|D|=0e;=>S^lY8!sXSd$za{dUK-gCh zqke(w&267C@$6zz=ouek)sh?^9fxilYxfjw)GMmB>{_1CSkxWKC{49?)IylXXjQ_( zjKGcr@YsG3l)_Vg>FX|VgtL2IV% z!UK_Z5;k#QUajS=ZfZJ%FXBSfv!tJqMQ9mb8okSf24}iFcfW1W)QzN&^9R{rH8=9! z5VB&ktqeKk195=WPwe09LeRfVGMx;$9GVBbNhJFyNc)kvaGbloWn>i#S2G38+kg2w z)7MF8YwXwyRIE=N!L1ypGyphdl*`%lBkvoMqvY;kk%&kEePdDpfp9Y*n5txs(}Q9@C8t>34_ zLoreU1fFktViJ4Nt)d}*+=9=RnWUInQJ+f-zV zO%lAYJZ@D+=@Im%Xap!juZ9I*TzxNTJ33dnz)8{V0v>%rZYXLe3VgpcCc{}#He~re z=-gUch!O^cVz?F%Yb-OYJGes$Y6>WW6Dm_f=xYOh8gul55AF_%o)=KOeNK&(&MN`P zf5)2XE0c5O!fE04V00HB1F(45(WmB>BEo9)PgDN)O+4qYvRN(Y>;yMwXtug}BINiu z)#JIo(-*wU29;F>A16O1aanoVs5c^5hm|+&>N?0W8_1Lt<=nMO?b#i-jiP@Jnz-pU zUFy|ps;$e%{Rkb$)NDz#TlO%Dn5zd7l`|?Ui>RUp(t{#o$luF7tHZikfuK41pdz50 zCA-sRC-~q!#;p0Zrmdnb+qodBE27sRp?R%y#NB(0)pOx*%24FxIvs!>CUMW5 zQqKjCZmbE?Zsi=Hf|J4a-t*Y((AkQ#crsy63IA(7Wzk z$j5%fx_i694}_~UB21q^g=qTe&S4pnmlp5Q6>3Wz4n{w?KgLa~pHfC!!o3b$mmdZP z-tU>vUac{)pWn}qSHKFi@oy*P>skVDMf;Gv-HiuBiNUp%R*kh-Q&KgLl#k(k2XrQ>3)f`m}FEbnl+h_B>e?wmQ5W5;gpc0n{DG<-LZvikzu zeSUB;y)3F=JQF?yo1d2p%gdk6vU1nnZ@n7wfBAr{#qQfeX0v1?;zTU5(`2!B98Ei= zsew4xU2Mk#<23|PX#DMNo%UDr&=(m`E+^T>X;iXIXh>6xEj}7hu-v?BWt|$fQQ~-c zxbU`1P`t&VgJ6~vj_(w@y-J1m?lDi1wmWJ|_d+`)nLaFQ_fY%cpCLy|P&VGt5V;|( zj3_=U{psAAg$sK3K-Gr{qT`Ac(k`m4&$~pe?{j2*X%o@=#Wv$jk4n*a2>4mvy*$Bz zsUHI)o_{k6Pu^5+97gqOFXwK5uB0@SOkS>167PyD7S-vp%LI_f1;rf#7PF+GY|#CkFF*{W$HQ4 zC5-`zOXmEc#WeyFb!S8bi~#mVa6jISgPTM18;(%Uf9!3=42pjCfS0k<_K`NqhHG1u z&ZS7t_l@u_Uo9=cTY`{+G~iCqk3^DR1JAU}a5N>sFqH?a{e43R2IaD4K(J?a+94+` zJn<(iOkD5zEBtfDTqXZ`$|B%{@ejF9_vNfq4Dli&A6~o?n^gC+kyHLIhHZ@+cXn?WR{XQmEHs z^W2AW1tS2um-|vAOePHxEP6A%t03x*5xT9#>9PmHGE>944(+ zQ;m{tTL7JW=2*$_!r2b4o$e7cYH^-(hx1b;QM5E#)F#l?r58U-DB}gj+Mb*h|6*L) zn5)qF6_3?jKV?62CBa4woeAHX_Z7&-A@%lo*042?cFlO927&5pi9xLOk;_A2 zG?SZX4&55_e$&}q|A&nIpZj!cGovew=%sBebJ-iFO{`pq6?OH2v{yzKbr>Gmv=Zrk zW8=R{++Nsx{P2^EfRH_BLYRHHOEap!WtAiw(3wjOiMa-0AcDu#gJb2BLzZq&7~sMw zsU@Ne&q>l&peFNtg1Y6-`J6rV=sIXc0Pu@0vn7An2f5$H1otI9x1a$Q)1#RKnWP$m zx^}wtJwb=0%YAZ%96Kd6v2^%m}@5x@Ymb}n-J^-Xsfgpt|-X;Q_ zy-Y~s>REnZ{Wc$wISOGAMr180Z>oL;#?&Vb5Tn*nVkT$fW2}gF>(q?#l%48FYl(F| zuTiM^3+&HZAiG%Pc}YApxDP(ZP4A5t^T|a3`#&$r{Jeiv&=l7h_ch61g%m zUY?tUTD~0oaT>fbN%G20MsU|z-xipO#sO{{Y_iE!d(!Mih9BC<0liLm>4`cvWTVl* z@BSEd5Z5M>O}87kIO=ovdZ*YjLj;&>pfE4NW;+8UzZn{iRmBdT{fVl=?>!z~R<-|= ztqHtWe)sL}f_?-yx|kL2*!{)T1@s9#^U&EVJ`jIJEIUW};f}L-Gs|WB8zm94)F!ic zAOF1%TwwSTwgsKeX00$0Y78n?EY@|o-s~>+Z;z-L_!X#+0E#@71{BV?sy~*gvRlt~ z!$u?ONL)uDPV3!_e&IQhRF7b^5M;4W*FdVFdU|j)uk=4B4+xjS*v^A71GJi>%^*;&SW1{@M-w09G^byX4T!Ay^<7!hiVms| zC#Ni66OJ(hj^}QdjqwU1XLc8E@JKmEun$AtNL04-Tq5DjNAoUJq#}tUoAbagh2T(u zzyea!SDd1iE*~${2B5Pplqnk88VyH98U^)Oz<0=Q(nql#`U%o9gy#151hNSxT@#u0?-ILvBI!3V z0r>S_1<6XlO$WFSnVojb_{@U{RjU%^*LNLXFUY$ySV-Cjxt9a-A~5`QHpk)6PpPE? zHkF-r!)3~(Dpoa(i}(@Gee_8dj5HlV(2ryImnNx8KIE47q^q3&k{awVZg{>5(Y z8y*qe4)Qg>t_{Y@@EOe#W?;zsSDn5@d*{cNhpMfo&-rJH{Sivzv6YYT2F0d)tH6k@`!2~56 z5Ru%R_C3z8%dz1_X2U^pd*2!_PoCFkE5jMB9+aqupQBsJXJ*cRT~MaCxfbY#;y2QH zog^zLz)i0DNrsuexHE=1K9Gx9J5{_~otyy0y?wTGGQ&s+Fa$ajKO)cGG8&AKH(KHc zYK=ws)4KEMt?~+Et8))ogJVX!?E|2%SoA7%fNx_qbY~sb2X%? zMItRUyV%bhH{0|cvd3iwjJ*cTZOQFemF&ZqglD1mB*Cih1P(zT<@cg|zuVV$hba$G z_KMT(YlMbJnWazP?T*lCpR&{{U)cXqDfAdMsK1}b)5u#@03sP*Tf3AI^vAVk$kU0Y zM$pH0t6q8{HQM4KZAGpIsMt|x2lG?a^CBb&WPU)6p_p{%-qhRk2Sb5|zfP2q(w1*^ zFCey(m7*``5HN9SI|nl9SO;Zr^wj-a5epN@cUE^w%vfLH1&OqcV6b_JyV_7uMbq!{ zOUt0Z_1~|>_o`G?$lUYmxTu*Kgo`Dm;-(8d$9h{BrG}u3b(xQ@S2BdC%3W3xc`)s=r z%eU#5e(iqG`M;80rvL?f{kH7pvXggFp;;K_8Bel34LMH+)7RZOg~59i_TM;9vD7^Z z+Jy{|V-?Oo_?IrFg|0}0jA`Q3XH&opQmoV-CzrJa2!!&B9RE@H0L?~a( z4Up{?L!%E-Gn~2Zp&_}EycFoe76m3j7XEUAikuY@IXD#A(G0RaHpYjsAB~Lkw z?t*2Td0(~rH^%plQ!I||(0>#x2?43bIBZEm0Y(D!kvjj$ny23F{!h-L->vkFM+^ozr_xz~2oQv^e|I@fEUs^Nf~+??+_utK`u)b$6(W zGueUPX;f^(Wqve1|MG{xFiZU>RSA8b+NsnmT;OS>S+_c-7KZsGQnj+qzQ5^@^VB`2 zzLi=@VDR9ZMwZLPNZ;JYV1ZFkDQURLijb(@pZF6}1cG;d>BrpM+%yJD2DEIsmzim4 z_;mBqs+y!E@?(kpu2@8gZp1@Es;Lp}g!vc)t+95)F}ln?Cwj4;F-y=U>-ONrzbZNo zqmkkK{VR`1_<ro2socI*u2-|rP5Amd*3PU8K!s|TR79CI84aozufyXSqvMos|d`n z10XTAx49(PxO1&Ry$@N&)TgAq$f&wgF+649UuQS!1EE9OCN359?;t?Q*twz((OVT^ zL6SA&gKK%`2oNEzavNn>jRK{E{$YM0K^e~!TWVuiz`*DdTITM0>j9x60HnPhPxdi^)+S-WBQ>Bz5%v$OaBQUKo_y`WOiCfKC+6Tnl}noFpn(`&dj6Y zcDMSk+Q9x2S@#0at3;x4aHbvO)>lnSLt)YoO>u!<-O0RcSgNsLG}mr`kwf7mxQ>v; zNI8aaK}@8(g#-}hZa0KdkV6yZRl~RpAJ^QW2)-_J=@B#Q6iaF4^jHPvIjaro(0kTS z6b@C^_G4yN9&vG|$O{(@Ge27$E6~l0)K846Q=h7MHvg(!|w@r}0R3lju z)hO-!)ltA_{U^^7E@BQkq7j(%TvWa{+k;nQ=nXx=14T17wx8KV7af)3DalNtjPn+@pH>gTerdR1=&@X1ec_v0x2Clj^LsuHZssBOPy>#j7ZtP}N z`+J7Demwop+O+`ucj3b&N~i#~Tc!KA*!@`p1PU}kQF2z%{LP#r{t&hxg;6UFAUIT!M+J6h5m#kE&MaQ=>CVJZAo)BNIaJY3ulz7{H1ZRe2_&#D!eF zWBpBWE#o%aTf^}6DQs{AW5)Gg8ROi`;5{UAs{XFZ2*174;X2K=9ZSZV*XOFSjZFKd z`U6dBp^xg3&#mYX z%Gnx7kwhWGu(fY0R2U;RNqk#$^oPBeYHw>Z@)yNknt3t9xqFAtt9^LM1hOA^$z0RR zKuUL-WP`{2y*L&3o{DP%n@wlHMEb`oUvU+?+>fLm`eLES#D$75jLGL+0p%!h9Nqw` zyPp+H#u;*ZYXKf|18AF%pe(LshEg+HzsC~R1%%`cbBc3Aqicfkl-*^rOJlraLTCl6 z0p>_%WcooGzG`G?TrWS>HLZe1sZnllyr}CoIzTzAf{ zT4jJ3vGA(1Di9T0ELWW0S}4@qhb8>ytoy}hC}cY0fshuPlC=tI&TieDFL=p|RmD24 z@tGK${u;2s<)E~)Cp!|~u14=vL`f}JsM08M)RQ>qG#9S3!5rfboXr!qjRV=;K@UFd=W;to@8vfqi+q^ zAvBhaQlQNR7NPkjR8Jz`u4R*Ajf(~}f)`!1Wqi%@RK7b1a`%qYB?kp3=>xA$;P1(Q z?cBb3h@$S`_YSVhU1Ps02L6s_QmhxGo}Kpgb8<)1cY^j%4%jZYmjyc|@rJA)L`$UcoKdOBb@^qRy6I zIxbQ!VEWWs&e|p6^fNj*dZPE=RDFR9Zo8`XFXs25=nkt>7_O}|Sj-rF?0YpuUx z8ezfLMZO*cUmm_lhOuth^_V2w*Vp-nM?RgJ3Pr4+YK~Kw+je?dmo%v{AyI%oaReL@ zGH7Hql#P`LO+k1|OA}oaP-LT;QkGKI-0DdUCxziX`*q`Dw%Tw4ZXU!KNt8#lpH&Ie zczVL?Y17H_7vhm${G5%Wao0TRgxxT{i1p0rSL@Yi2zg&C_a^!sKsc z2CV5_{kAk<-tQ~Y`*^dfGhiduG*_u||IN6!q!Hsi=_jvtc_UQFg1@9`LZBk+o|lis ze&aR2WvR5(U#Ni>E|t>PUsBn)Z0vcwbs!#nwyjEtR3HK^LCo3q(P+sq7;BlZ%NE+? zS%Jjw{C~}gWFypAh0!9$Qw#XHlrWe7Dn44bIahRPd{OV^7voy>E*Zl{_y!(#*7p(9 zj8=7-{X{L%uwFaI47MF@00vSIisp929Y_?MB@1sCZOCniQ-v%{yE-~j+?ir*S>wIW z3Q=hIfwyMjtZ~J823MG5nd=}aq$TWie7aK?h?2-lrwI!7FMk{U8R!#egK1J{||^KS~A!2@PoIOG)Uo`w6nHaxt_wK>KqOu=fODe^X0WR7!g zAdPrp&77#@$Duwf&(=iT@KL(>0Iu5G={XSCD}V``j%fprh1^jURThP`Q^;Ab_JSHi z-M>=!L?UDyWdEwpNGiU^mwAG(i?WnO{|o5P-dwgGa28}YV8JZtVfSp%$ZQriR>vqn zDsJI(Pw(as4YFPCUZ8!$9kJ%7awB=%cNM+;jHmMkQ z*EGSKeO2z&uufBSnLtaiVdZXF%W$zCn={z5nN*?e^Fz&2W<1&&pON8#Yw;D75qv&b z-IOu#b%Q}{lS6Ks#lj(4{K81vp3@cOZ|~Ws&ePR8)>G~eM%5P&QK?Yck|>Ort?6+x z3htae)f|;Y)MFSogTChKX@nwh!&OGz_!n<{Ap6R1*dhzr#1BcXZ4cCsIy=YJ*s8c# zCU$$_gGtf&B0YIoU2!#g?I>F_4iCe5pdk!-joAxv!DwLlOM)e?$E}0_+yT2c^iR|I zdP8$(G-^kYTSNt>^?%64i52<%$u{ex;|aRpw45H1N_L@+J`GhYE}D=C2S*6a@(IVu zucR8~!A-E@kIpO;lX>f03|yZ|S<{q&{>>^RpV|hq%M{S7B@2U7Q%=fJjicmtA&Nd1 z478ODrlJXB>A%a8(9>A8hpVNQ0Su>rphfchSJ?Vg1R9$-`VS;%NV?h6N#`S(8aaf- zZdvFYf{H>JG1DF#!&!-b*-IQq)sjd@T*A{lcDb6*r+C)QzY!B?Ik~xB?Pe?sFERtB zV`~T^Z3kgBd>z@W`Ut5)NYhPtL)t=_^zzYasv(8kuOuR2iNXqxF^M*rDWMH92{I?s zT)IDA`3@u}PFV9bINCOTqB47AFVIJ%VLv65~DO;X0Mx7?#uoueg((Q z8dd}oq7B2SWY$nl^#p2-HHR6O=!BHdhfu)-*(Nf2p-1gc-9*aiURjS?22Q#qO6BbQ z*V3Py7TvO-A5%+zBUBwRnAv08U^Gt@WJ^Uo^R}n`tI<&?_=%L$5$5A;a(JlYv|WlJ z+fHD&{IlhPR@nPkL@73L(s6MGCE!#+IBU+*SjH={uuoD!wB(iXNju7{4kv6?WN6cB zh9vgf@HlqiAkX=$=FM%hccXj8{WvfmGhiy52l-s6RS9A&K4#c-xH`0m8u5kS_zUBbRQLEj)-tzza=_4vaUSDKc2ey#ma-*{BHX*gHQusMyh3J`AD?SD!I# zMkHA~_mNH`dsSDneVGBfo}?8nqcg65n*QDkzGNRI8N>HzzW*qBw}W$<)xjsI~3Dz4v;~ zRoR@y@BH6Hmze7YngY&AA*7;zI%k9pH(Q4HwECT7VRN7(87msI9I;I$A&Xp9O>sv$ zwqP!i*$?qgDdG0i@*;GHjzt3k%g#{^ifwnOIXQ~<(#m^d>FQ6i8SUxM?9H_fos(%d z5|m~Z$G?=pkwt8__2@d^%=%Y!aHmS1|8I~1pFmRtFI0hb;|P<2FJG#nwx$(zM0IK45X zNI^L3@uxlIENgsHCbU|F%~*P>Lrq9-4U;NxtrdCmv>We%GqIVkGu-HJ*UpvA$T-^~ zb`Tx)ohv>ZPDg1@YgN@@Mm8z~7Xm79a^7T7qYkfw;p9~X(bLt`lb*n@1WZx+c>0QfQyl2Ga;EC5foJ;By z1lFuxSjnU<8;7IiyVx|upgH*v~WpdZplATISR9!9F|h`vGh^g8bGY_HDV-1gjEUW zLqmLwK3VWPN|qCck$I^1UGU%7K<+o9j?mdI%Kh!;5pk8#zu2`xJYnDm3C%>(YxGrc z3|wIoE}bMhmWwJN885>M{>IdoE2W6!QD_T)*R*fI=S$BjeOFpyN({5>X0d)%A!^rl zQ}GO*@?eDdmLF>1Nl>><%~GO*=&EMTlCvnUfrF1nw??|!uQx_4;B;5dC!aZ;!`IiF zt+iT{IXX9GZ?M3X?ObrT%VaqV-(M6S{pQVR6}Vw<{ZM^qb`16Ug_A>-fIQFP>M7bi zp1;6sQ^4ql)&C_iGek+Dl=7h+m=%QCjyfyI-t^56 zBgXQIjT?L6{MhNY@}C&Ooa_ROUj1ck~l22K*Bp;rR%TV5uV z@CF^jGY9s{aQBpX+`jX95$E7K%UWf7hsL(M&vqgy%2C={P3-e8%Eqrhur8C2UH%VOh{EtNF(JO<4@G{W1*bKu%r}y9njrD1E(QIJDBPy z4JjQ9z7wEGLEk7PCzGW3CWIFp9*;(yC6Xe~?;6zK}>7 zaF6(hl__>Og{zDq{*xQsrjm(T@I+?+jGlK5pc5u5dDoo;%0REXtXe z0IMwEN=R&SJ5(p=Gs|MW+yg*nS)6>A2y}ghYQK@vkvR2AkdQUNg`HxMrj?n>T$S7@ zTPgZT5Y2+Y$RsO5SDaZZo{YiT@R;yXG$AgX!Zlx%01Jyd)YcZ(sQ!VC!6+|3EeoYr z7eKF98F`fH@GNq*qnj+PmHTj;s|H|J$1qJ$%}!m0nXU1_7t>}Ra9M~`ED)b%w$#rY zl!*^?Seg_Q)gv&6&NSnB@>9a}#Mesz%|+X3{Qp8URW=tYvvX_3Og!c?U=lWrm`(r7 zybYTyc&RT7if!aR#f{AYeY)!S&mlq|X$SX*pam6y&t6FQ(MbtxnVJ0?jm$B2yzkx^ z4id#S!>OS@5THf2o5S6oxyw-sViV6?650ep;wM#g#d^gHapxKxr2Csgs2UVsRrUg@ zL=-RZRs-key)TfUYrPwz`IVgpL5mLrBh;wM@mXnKv~=iDB-%xmnxAt{^5jYO z-bwPOBu7(bx^Ac^`izAEho3pp2NZ;MgoKzxQB7S$j4mkQMeZ2z-T#)tcJ6mcEqGKz zP674LF^k0Y=ryNt)N5A#I{ecWZ#xT54UlJ)zV8|;;X1`)uZe?WJ~}9KhO`|lSfSrb zk6R$z6O&V8e?Q4FmL3VtzN75O*ON{2_9B67^KHu{l2kvQ(YplBJpkF9RMZzGWUMYk6$Yl#%hzCQd+3oW&5a+MDX{3b%QJFdW~18H zJ2G>zx5gnbLxO51Bp%9hxe*aL-CW!7U*@K)?40=0S6DHnKs{T!SK(0$UlL{g7R_A0 zWK?*^nB_m1I~FLp7uZ(uRdb(l5(}haW62z(223ry2U0=T(fi|XljNf~n%^US_V!+_Bxqr(MG)L@~Bl}giw3)7%;gjz@ zfo7DygXYzq4BbHyOS?)R2Bf>vBWp}+IOS1n#y)K&kZ8S|<*6v)8RoYvE$A|(Cv}Uh z;#2#$RU8j)TTmCCo%W24{=WS6N`uvb5NM5hrKiye?JG2*@2HQ%@DzXq0y75kX zJw=vFf;nHey}lmNm9Ke|gN!{dvn*3iy8>WVfJN&{6P4?)q%J!tV~B!KoD0XM;git| z8#!XDvI>XCS+FqFL`!ZIdPB;Snmsm@3s+ajr#en>9+7<}1Q{3;_@uX6u${sDx0Y3h zta1D-w!Zi=Bjoo)vMKy=vj|(Xfdfb$nRb9gzTg!gH)*mC3$aFLn}rTVA=qTPUMK*J%M>RGU$SRq+*p(%XF)*);cY z8H>ZPI^H!G)_X~Pc=(^|^=XCVWD5mMl+DK_tS45%L`x+qUQ-b0$UzFr49Drcj~TqJ zB>y21ANjsze6&-oCMvY^EY(nao=fs$p4^N}Q$h+)a9Pp~mZgi`fTx;ZD#9p(fTB%R zy->o6Kg3%>hgTmi1k?C%4N$!K?v`DjYKrJT~ zP+i?_EH!Uki;?UAKu3V0+n1NGW!R{exo87-QF;9*KDjk^<+C9pGLsL^0TUo6&F@ku zohF*R>O5W21{uj2vC98OuJO&`$iS^Mx)GmypnNR8qMKH&JRvMY)?}EOr#!)vX)$9a z7rWfcfi`Yir82(+SxDo>*qpYC88+oLd_I?VVn;1otmsG}%fpm(R979nU-2=T-R4|mc8x79KLlE((yyOKqPfc zOuyE_;8lKE{01Ys+m*Fb8dscrR=u&1mpj#xhlte7I2sS*tIEwfkg!Qq)6uKMXy7`Cctt$+ z&0MH{=CtT;rKs$Q!}IZOF%1hjLTUC-QY`KpD%YdBi6l8IGO!KFGu?37!_)8SD=k7y zdv@D|bYU1TAFahNhMH8EL5T{32=VCE%v%5k|IZcreVzuQ0o5FrblPxQAsOLbMuB6Y z`FMdHxSSRj`|SYk>0p0d>cuIc;wX;~MZzxWsw=-zi}l8LPNVHo*LU*QHKgs+0YnkC zz&}o6FlRF;*3CFlSY26`jdRV}KtwrZL~8W2$0pEnxyn<6U4E-CKo$4@P>bPd(fr?T zo9AJ$lbQXEG0=kh`-0}Txv2(1E(LwE#Fo~Zv0(^4jRpvVtc(HeBW`%l zL57vjIxKC$50J{I!=Ck`Hx~3w|EW4s)hSI|9w`+D`RzDLY64~sK_5khXtmIwg?u!y zMrcMM>d-=W1TrRwPbL|5AOoXs^PF=IU- zTexo0TS2BD+T+a+T%$U!jx#@9z{2!mvKrb!B%0)YX9NAi1b&wBxAw{HydsEA?1fFR zBf52zYoptN+RgV)z&(>rF&%2ZtY%zE;iqMG353M|l7>o&KNldD&cgZqxGft(CO;`f z=1K)Sq^nt|XX7>&4uc0XwJt)s?2`unD;bN9*(-3W9r}`#5$MGR4!8U{?VgQF<>YN6 zpH`{hlZ|BZ(!!w?ka5kuPu!Lg7kK;@$diq0fCyLi=p!{esw>oQb1$fWA?P?93MoAH zT)f)|PfcW0wK?|9kJEbK1Yem@(w!dXp?lq+&5n*+KVV^=G5!jypM3M2g=j@vGWNdy z99Xh>yn-AqoxTPkzW9z*qRxcKu2&&{{pqjA<<{%OknX=Y4;X?uqw%Kk{9tnxny&Wt zrUl;*`5OIG?`QPHNS^#JrIDRy_w#p64ntF2Ak^Aap4=iu@5wosLbu9}`A)zaVVtK!-tU2m0};4DhBDw>jAlu$OycP5d_es~RDOj~+mwP!85nv2Pv^dJ zMd7uh98$^TY{=mP_*EuAM2muFfVD#HOs>22BaD8^-YoeQTa>hg(Fc|>Fqw$7EdMO6 zsg-AwsXXeNs%m|wm_ldOgH_!*V%hApvxeKf=+1TtJRCZjG+p@hsRq;H95U;%hAWiux>-@hSn;0J-{r&TOnHkHxFKtC*W#yrMvE1kl1~ zIp(Tq#1zy`pC-+BnlMySW>V)2BAxEE3^H#z_Cj#H57`u#;nWRr76T+>TUis_EgW(R z%Z$(xfhGk*Xdg39FX9*Lv$)yXRKdfRu>cv<{80;-@7RDB zBiP=GeJAVxK+bx{=TwbHBy*MuEz|140DosLf6OTsgZ($fH3{niT)*5r(Py)8{H(F5 zAGZ$jlafmOpMDREIFIEn4?t3Vm^CXq81NqvvlV)(*v(4ffIR`n-XH$+wkx78@B45bUW;sO1f4lUGgsi4Dej-dcm z#{Y{$tuG0Es58ZAWirH^U6ET~?!t!Fv>C%|W&ER2la6l71Q~PvPn~|CM|b00h*8{h zr>**zWUPCN8mfODE0ZzYm6BqHxeLUe(m0AHb2Yx-XO#hWkebcp5)zZ0DE*jE^vbgl zg`q)g&Tc7&D~OBeBUk-2vhZbnCBiE&`vjgh9T|6=uQHs9x>}+IRs=9bf=JU+e7KrC z)ZZW-YpPd~!FWN0h9O_PD2N&d{)PYg8xjN*(wlETaa0&VYf{lj@nEM<7+gp8y98qw zs}^A8${xx)$~>UfjA65LkF!2CSf-O8nihe|7XkJ>-tE|gmupx#7s*-kA#bULQmXO{ z&Unu9;j_g67+zmL^G z>G{@_P;Z6p6vmzqS(ifITLFE{j4zV&qA0&LnFMHM?SOaM=H#W)3I4Rw$}um)^UIc} zzK~Wx?Ie73?qmRVh>E@U@nectF6_f!5lc#yR>2ki3D&(5SJx|Oj1kr7{{Ydz@{bTD zMUvK5MBNtPhUOfS79QDFxZWIMnSK-AKhw~n6?4HcFIN(zI#_!?1^k6K5aIMuqU_(9T}IEhW% zNZ221+k(e7yaF(YnOSbB)a~$Ng@_ew4f2>RX2HoKzgbj$+k^q42EJxYU3Vck6$}9D{Q^xMn7L#T z$QM}`u%_t8%Hz#T1tTveal>gGRHgJ!w+2HCFSXLJTR_gX($GeO#P}ON+p?-+IbSN! zXCgY3wBq)8c~LGs`nA3TQ3m${OIdiTfhB{_fWbo!ESTB|dvYkINLto|^@B-K)(dK9 z%)8Tvn1h5sP@FkCv*Q3iy;v=5M*@F_U8d#=zs{?Avu@6T?uz)T{j!{nne{$^N`m(?htwd%zQ))&Mm06?OtKz3@i3pMzm$RNG^d&o`k0gvGK zg@3e51?xg=M=9&;X4WF(zc92c@_8}BlMOvJ&gRNsoCx@IzZB%?O)i$s%RGl@J5*!L zHmp=H#v{s+37b!O{+D!5d%a%*d{Zv~CcJ~&>!)6uz_HjtCiRV06U3> zw>+2!Gxu{dHYVSSuWF(D5;dIwwG8n2m%Zm{L68>XRWUU_gBgNiF+XhKo4L72nv*3P z8H6VC7Z&7hyEGd~a7FUb{Tun1CfP5mORJ(|mLvmsb1DAcp`UOPONRv=?=%w0fWnL#xMTnRpDA5Kv z%tl6JD{@=z=oz#Xb2{JU5q!2#GxJE@ydt)+4|L}hNPQ;9v4l)YQxQMezl6QD-Gf#V zl#t9~TJ-0>pd;T=)7#~__2bjnZ9J}1<2EDpIb2tl5!n`g(EevAsnl3;H1=+X(@@cz zY<{LRE!_uB6M5oijYthwQ>K;-s{_hOz(wGlZeH+(=bO*5ha*e51@tp-(_G+G07t(0 zqyfeqbzpJ#FH;9K1t12W;)=;Yr9m~TX55WFo$`zX1j?HvjEQk*s*5*0%%` zO8UtzMxlM*7ISU0;6&527m>nlk9+Ld8}(qQL(q@G0o!-u84J5Am)UtRo2|P;_@a(>>jH9_PtvguCz*5~({wD9A@kazy+7N7N*cRxCAyiy26sjjECN>07+Ttn2v>_2 zsS4$f$Qee^CS1fd4eA0?1ge}#Xx3asG5+3YrHHlJxMT@j3T&Q3bdresxAIW>~dGsp#1dP`2ToB>>^Nv@0Kt|2C}fyBS`gThZx!7)uLrgAzCbTKh ztp^falcCb6F&NPK+4me>II_8jG1Zx!n^+SFq$4TF{yXctL=rcj1-Yds4wl#-2ovR&tZT7aJrB{22ec3wrO%CEO4 z8bBxcC7T8UlV^m9dYhL--uXHI;LdZrVXG}OI~Jb`H;p`vJb6Vb$1?|M(I`h!1FCz> zXV2~;Wi=qOW%Ib@d!Q4m*GYsoXBSprwXrTEbsbPf_MI$1D0ud^cA!D$Ea$&V^6YKn zk|&YSUK#54+T%ecxiv6(XI?~|@NZWJZmbPc{61;xYDQZFBubXZmb_HNmXXLqvMW{7 z28}=k69(-ld~0%;#+vRH^y+xLZ>iGAjHtim-I6G+Szr!H$SlossEA^6=2T8DkDbMk zmDF2U^JwK)6{{K?HR9UTV(`Wd}=lVEIlWKGACnvRF}P`M%l=7+2xkXKZwEu6Ul?jWCan z@_5jU&hBdP9u-Db`XUxsX(IkWW@mlLYQaO57f;&^t$Vf*#PTv!1^b$dqcg0NN?&4k zsV}(0Jlmtf^69ULs42;(LTqcG#_BQT`ut4mRK>sw3d)_+&{1(LE+dBg$eJhG`$A&^ z0cDGn-iJQT6JfT#B~}}A$(jXScmSt@oMwAw_9kV8O}1B}7J9DF>V6M|t6m;(AaP9xg!6a;vx#~pkgbu^q0~AsBcs60f zt%OS|Dz%rorS(Z3XHNXExZD zdNNvAhO45B$>B_oZ0-zGShNv^FRyMk{YwJPe%NbT{p-gj^+n{xe2R+UkGW_Z?*Bj_ zuR8@qml?F=Y}oi^>=N?V9FmH&c&k~8upSZW2a~F)i)H!1%%b$9-x?m(Wpg&alMKG* z&{Ro3HwQ?aNFsC1B{@qrK+(;VWh6tFRP+!RuU2*_+fwZx>iB=%WeJzj{NAwrr)^k~ z*f24H3p;_2-y6ICh6HByL#&&h;icG_wS-C1kW?VH|W>ViZ4v!Vk<({Up}U@LjD-yt$rsZ4MH1f4Wk)Cg2M(Gq-N;v@gYirNN!jJ3>~5O})n>Dk$~ zs630&;SgM1H}V&q_kJ0U{FHipjUPk=ySm9Lcu8!SI^2j^%8u(UbPSjlGrxRIkpK() zNR@`@b;a5)e|yy}nELhmh0Ao?n_sF(roYnUAwJunQrO1%)<178?wmGlSq*`-$jth? zg`c>KZtzq07t1!K>=4}TZdXGn z)y&kySZI5PKe=n?MZ)_3^Y&+7TL@H-u)(4P0oK)Mgi8_&1+tWZ+u{I<(Ys| z_HbW#dQ-1vKI#`E;mR>-j!-zdhWK7&ez5RFRR1bK8>1eJE++3W$AKZeNL^6CA%MAj znVG!e8yYZz;inY(azj9f{ZlJ|;D?&6+<~fy?b)~^IiEa8785)ImIiP$kP%~JB%qKH zVLuQ?0BQRTCG$zT?XL|X;Jyz`3-dg31PPg~`M&)h7W zIJNQlO7?ZL^zD(^MuZc;4yV26?GdOoEIN<#=#}CYTRkmSF8B1AN9~5iVTWe$3~llL{hH=}9NuXPTisZK7L~ z|1=|X<>?h#jvHeHBo+Pz=t}@MhCi1Z>YPjy-Jz27yEoR7YR+?kUG|aTqhtO3>ELrUSp;%sD z05kGgllb)&RSMe|&UhRHh5*|u050=0zR^}YG7~G|uf?p|r$Y4xtap`8{CQ)ma$9f* zc2?LTnLes=SFzX{AqFsg%niE>p=ta1^vlrFvt+XUfIUOU9}|&VHV);hLyZN1*(=)> zCrD?eK5*oHu-n8XS}l@X?8m%?zy+?rPrYUgOY~V(vd%VRX<}P^i>*nZrlp3Ml>IWc zpsncRe}xn^us&up)Jo>Eyax`pK^2Sm3uWc-ZPPu z;HvQkjOBe*6xTl=43`HNei$be=P|SQ!$jB2d!dc5SFrOqzRqqQTdq@Q$CX+{fw^JP z){p~GHBjWPOJQW~#3NCN>_71S^5o%aF5X#WK{mIIgZH5GLCTlQ*~9HFw)B9daX zEeJzJA&*hU5OdUnROsBNJQ%+|l9vtK>hU|Xh(q&UF8^xHTbNUz86 zxI$hI4UQp|1ndy(7F8cXF#O1VOfxJXxCD#whn4PNn$hMRq&(p#32KSq z@-O!cE>3)~vlQ_oVMJ3V3h1Zy_OfQEXU4}bX@KrK@KQ5Ws$|2zI~ICf*nFLj+5NF} za09pYP1t(9L*v)iC4{|8`+Gsu5noYdISEB@Sv1ya4d;0XRa7;3MP6g+p|Iu>*P`|Y0=+f?k$1;d6ExN` z<6kX27aOR$*(HhUx{_zU%Fg*SC1x*7&TuJ-&ja#PmW#LLrvr;Z<~+9+hSPPSZ}sHD zHBv?hDD;Hyqgg-L7%_j}g_?`yFGvvnqT;hyn+YBCAwy8?s?2$e4RNnw9J&wUfE8X< zO}5natk0}!EV-_Gjz&YuJZI%~XTC3;RVLl{8pf7TxXOISuPi%rIGVEJp4*@ zg+proiR|&?@A4UI_3C*U&=yWKp)QEK`OupE1XJfctap#P?>7m{?{YmYj07YU96N7> zU3jE=VykFyR4q{ZtU_Gv6Y(X{N6SdK1QXM&f;Y(iCTSMplqaAkX}y00%yOk-@X7-W z#uvS_5E6gG+ywaH-Hf_sL>$RG4X9G|Bs<{u?R}C@;MIt5+{RB#wIeprX8zIuTjT9@ z_t2(HB)JiIhye{5DIuWMczZd^4Wb$PyFax}N^~>0YS8&i>)+NrvzUA1;K;{^8A;Vz z7u`7*VMfQf091o87XZ!oqFN;IG8Rr_ROD2kss3DsyqfE;Yt;pn9!`Y)T#T?RmPIec z=qrsFc=p&A*sI&ornYiXJ33)ac=`!RoIg}}Iwhbt*o$z$>V1{c>XK_nl~6H)Jt-e) zO<^3(hn9ofj7TGMu9ElgHSHGg$pa;vdlson7SC`UAHSuRK5sSNTmtLITdCBS%*yG_ zeQnWLs`@u&x;Xl?zPXSj&(MF$ORm&mDaLW}(Ppin5%6gzw=iK}V=2&b-J5p({Y)!pcOUP)-IV|R?L5GK z&dKK?T7Jgg24fN3eGwm)eB$;AEb?b(S>b1IGHAyuEC>1VCyg4xZq7yb+s<1A z@#kWRj_77yD37>R5me>q45>V{sk}wyjqoD{xRtBjm}+eN5TEDyQV8==)fYN_p7fz74!GrnLn zvNvPL@LzS|AR%1W3lJMRn5j(Fko1592U5MwguyGb6P&jljRL~keO!Ds8X-X*VPgcP z;+cR2Lvy%TAHE}H)+V}L-ymhO61H1;N5tu&h*}x&&AY82%BvD1 z6K1=JPsUnCWn6$gSiy51j-~jl3q>bzWj_)`4Wq^F$AyDnH4eoqFb4|*ox!)1{poZZ zP1UJJK`K@mWB*XAH1guko`jrpaYZ@VPKXgr|C8|d+sD?$Y)R2Nw9*90FEl?dylrH4 zw^;7@TC!(Ip&gwvKt-V9f5?t89bf529A3jUtHwmX&e9{ivcaq^BR+3Qa@5Nt5zesljd z$f&A%9ea=S?$;<3bT_6oACuFFbr#X8=JCdOdHq@nVT2+fi8f7%aU z-FFxEa17B~=eaMdo?opV$Vv9Z25bl@iEYs`in`+BSJX<;PN;KWvk}l>Hg^?lgb9ZY zv^Y~&;4=zs)P#@fm-tPf-2SxG^}}vGa4XlorF3*ivVn~hlajbmA-Z=<)O!Vi1Y$sU zi!8=6OF5W(c2K3(Ep?!XOoDZpzLLgSa~HLBORdHA{qrc4WN@)tIyH2!HCq0 zf?c~QFwFNd;)${?Y|m$| zzK^KKiHg!pHK!thU>g735Vln9JOJr?)k2zG7w@@I$KM=}jQX6XToLH+#J-+uTA0J6CF+Rga=0Jv%Bmftq zr`~qNIr!$??5CS+_#d@E;d8X}mWIe}T(AiON3;HyQvTT5pMU=Cz!Hn72tF!6I6+JO ziuZ($CN2E=)hslGe@J%iTQKNG8|xhg42H4;C#W|$BF((&`UW>(KdrY-XAS(JEdCNU znS;H#7U%O+wA79A2wa<}cfZec%7wLGe8~FUpuw=(ybbv34W&vNNe2UiubFhub1%*R_^`rBhWqK zExqS&TiLITi|n=U83^f2w?8)7B+jG%=U9ZX-fF@A$!{ixGphxwb3W8<+J5P+#4;sc*2kFAw2RE?W&5t&=cA#M5)b|V+>uQ-tleJ1KT2pJVau%H<4 z5E8P)PTH-^sdK#Jh;Cq5Yp3O>;;MpJL{DPVcH?agM@!=-*9f@_%02TRmeZ%p&>uBX z&`Bu$$5UoE@DQ7d`|ov(*+o=icQF-rJ;37I9=-3dnj0W<6`IMe=vyaGdE+uT@oJ0Y#69X__n`fgnNBy;B zj=4$7nfOQX-_vQYOlZ9H{;a5<_VkyWuuzJ3|8D?R}Ub{Na^j`@x zt|BZ~MEuKYI7jrqiJx7?DN?C!_)w4aE^06yLwRIE)WeQZv*_Q#=(Ao=U4~Cr}&ro;a}r&z5+KOpIUT<+=A$7FCL(GlXGR> zclz@}d1&u(UC&2Hxd^O!mAs_PG~!8ERf{U_qxSI@%M!s#GU?j0EySvPWF1w$v4YKS z1&x)rFbj-Dx^jN|Z(I~Qh$12_!M@JR6y2`z(O0Cfwk^3WMykqxlJ{``-G^%hJv|{@ z=IPdahS!5!2e_q$?Xr0#CL?K%LdD`KwRsVe$f4*wnhnxi^~DO|Nc7FjlZ;dexpRzg zOo+!6|4FvCS6%(RiYSiMJLn}8&mTvh)+8m6$&)fR2dzOO40||bg@EK#^DS{8Z%>)W zD_CkAT32w3RBV1Qab=ESjC{Jd2sNTPo2f_E>(GYVOMftvE!jWr>}RE%1TOv2zNDxf zu6SbDj`44{w$O*fStl!F^y|VFXd?b5R8Q4+ri!v*;z5O0eJc=2Ky@K49%_Q#H03eP zUOdkwQZl%aT19vTNjB|x^*8sASmqx0Mt(_Pt4(Xr`UaH2UD`^*Jd}~Vm}4{pMh!qX zZfceF4s}k|0?iUN_iyv(E8rSvoEfA0L1&Esj(C+q>R5K)caA)UOh~#&>$9rhL6LBJgKv1pG8} zjVz`YSDT9=uw#`=U%z}b?T+$+;$(gOAYTI(+j)NXtTlXL78~UPR7fK5z^oyr^uN)1 z%hxs3)xOS{D8rKYn4c&vMiC8YA4WUrAM$mzN(!4FGgQ^pwgvQJ7-ae5dM7Fi7rf57 zF3-nd64Hu1{kt03PyVh#x{shI=qmN|7G_ulLM&GwDSJQ%mWf_F`%mudS|e40PLftF z9bU;DGjL*F+c6DZyj_4NL4^f;v`@H%;^nBQJV^KAU}sd~x7P%NK@9gzPHusx6cuEL z|6Pho4;(vjOI0BwVuTD^Yo72SYahqy&&RtOBTBo}-AgymJX8>bQD{`(a#aRCq>PHN zWJmHx8-9&^fLnT|obTkMg~|A)_{B{5M%$lMq#iD2O*us$U_v?+3Sopu?%1%(JyR_F zPGjO3ZYA*lB#+dCs#XU2T+OGCkXbGnzdGmk?U4C2zdhq#yTV`ACW6lqx(O$;ZE0`a zMoK7sBCV!x;Mqn|kJ@^`O)}FwW;x&M4gcO)NRn)jrFgQt_47ECp)K1%vpHKHq-?IC z0q*kCMUK8v2}k~*)8jOkj-`P|_L(EU0gIi?+MYYb_jldB@+m21p2#L9qNW#U$QrWl zux&LE4^b+Vcj&wI=Nt94m6?t0NgywL?!Vwr0B6yQZPp9FgAuK*nSqd0C#!XN@L|g< zE9swOVzcP2_YV^d(^CAb31p$Dw^fNvbwn@qG5vO8VEuU|4mzpEjSBmt@cjKU+&&&o zZcBE#%yhkksr;u1k?}uwdfOS)w$dGOEVkysy&-X`ydP`S^3Mf+PUJ!Tuf}xwLhhXY zRp5ZI`QcR1(*U)Fr?l1nEtpxDRUtI}8QayeZ+M9v{;WRxT|G3TNs zW0Dtazk{-Pv+?QOOJ=djdULv&xSd7|cTu(ZXi`zuF9w_m5VO;`6HF12k9a(DB$?HN zerxpLfF==$itj@QZw)#rZlqKN-8+O`PZFxrsWX}wg$w}laZ61eL7s&ZIK-U4e3FV; zSfU`;Y54;7A$bVDDRhmz$zZB3nB046!`ojq#tV@#kft#lw-)e`+e%##E9*b2R*A%%-T5F?9zuWXKCG-B10DM|+WSoDiw5jzQn91*+`V z`^R3e4aX_7Uo|}R=mM(l6eWqll68m+n)k}-mYr6)t-}kyfM*6|H1nxucCzTCc@(;E<#(!@x$blq?ay7U=dHAV3atcvJlpgIkkTVB9cr_EEB ze9a?r@*||vc5gnM3#5@e0w3 za0aZ9$R5#eLu#JReb3ROPa4)#VQcZ&uTIjjsk-ZwLCfd%f|`!z5QOr{PWH;O{dQJ! zMCPe;D43xFUwqZXn6Gk=>e8gD{BP zz=`wE&K~Z6e&f>p6}D|5I!OFt6bbWms`h#1S5=o?u8&u(9uh?)1JnYtbFeZ5{-!30#%%mC9^Bxq*2k2 zK*on9=r1eny;0=3Om@~IC5TJIi06p;ai*~<6j3C0`k^4igzXQ#IJKgj{Vj+YZlh`i zg8ZQ`;P}VQp3p}T&c48_tzMJVM&uAy`~|^lN^2K4fwd~UJq|z~y@`gzMuU(Ht0BAE zc=Y^Vb5XzHp zdIz46ayvfpePe_E@~82Yzo4wZ{c`ok3IB&Lwt410Pc~sxO+w0t-p`ocV$O@@TT=%A z7C}HaX}|uWGL~a^H)6SA7hB=OkzcsOft1U=FBDnZhcEnYBeE+$)u!Ra|3i;d|A*TI zPxR!nNEKk1rnpP!tb0X0^FPMtqK82Fo7Pdo2uQ(u+Tdf8J?9x9-pxQuW^t_MkgzgG z_vxbHD`Eo;|g_K{0&yt6pLBG5SN>)~jK`Dvd#P`Ymllwep{W z^9fOG`z0=;c}sb({J)=LHx*Z4HG}97#S!dq02EH6-UoTaA;>xG{W9|54@87@@#`d> zPE%bl+l#okT`%3}>;HP;D1`-`nIiWA^L;Ox)boq=828o^ zsF4l9is7Y`tgF(EV+OM-o@R#iz_U*A;lr8oT_ER zNf2$MtrM$^1%VjY&en4AtR*j5sc&!N#Sinuh#nYLv`J-a(?Wd|&!_FRguuD4aKeAe zc%;H`12k=AyyspMCh;3j#p|q*!_#y=$5(8|d#j(yHHZFk$%s3AU+SciF;Per+AdyN zr_rL|+3P*UjM~IVc2+y)>&81PpOl|BL@*T3*QSzzn2d=+KVF$5tZWt+K({`?c#)I% zL}7@R9i|!x?3W&TQCY1|1uODw9~0X}Pm{u})IyEUY`O47A4A zL`hAwziofSV*aS65usL;wi-Pz1A(p2eP2X5`(jg?93iY>GZ-Vf&p^&zj-1>3j{jKh zMiB6AquUYV_mk3V@Nr*~_7^1talb@pet9Au9&ydC6{6+8{==a?_;FZMf6jrR@($ko z3o@$8QAYG*J0R&SkMkZr|Cf=Tzk%+j8eckVhG%?S6r+@@=4K1kxKFh@=DVRw{AL9u z5IFK;Q!J#uvmYB_RC(PrRszo1&YM^&}k6Mb?uAl z&c>t4pEgDYjY8TxM{c;90aJFe9JEj@+c&xlUg={5@p5XYeq>SPWkcZ` zA%dECJiKY*AKXYJ+??h0L$L#0T#Cdl#8ZfDVs%a1iU;jikj#s*JI*hLp&RW}o!QQ- z4UX{QiuYZ4%sQF@8bVU=PHiRC!r3}JC^VZiS_+!VC;V|RC*Fr6a6Y0ivObjO+lC%0 zJWQ;i04SKt1_d1kE&Z>oRUE`n_QxHkSH%?J5=16qxsz7)$IJ58_i5QsNK&@!WzIv| zP|{*bu>d9u`0+b$Et-?Es;eSWdPS#Gltx&oRRVS%{_o9fg~L*sKM)=&mEut9ux_W} zHqJ{89)xTQihQ16qsYZ3Hr+V{xoz)Z)u;2n9v89al&C)9M~sjg_oIJg8FNMSpr8A@ z2ZDvf~chw_-CL2_vjv^#?7|`J{P|*`e=G~-aEOu#D8~T z(fSMy?Ov&7#X#zKh9*`NWk0Bt87*?TW=!8D`U_v zQ7iX7wqqhFKa8IR=WT@^s%gcguM0IBSQE;Ra{{YCHGk0%?$sHfB#A9`rwioQF++$& zAol#nP%#VfJBjQ_Lys~)RaQ{j5s63f)Nv>cPTHw^nO1h=bBD>| zA)nzISr72e1Y7Ihy$^EFjV5t;Hmymq0HJWNOh=sd2 zJCz0eR@rslRO~8+Roz- zsu=urQV$ldHep`oCOL>;H&fGye8QQ>uqY1{EAF2`sR_T;9WED<=5v_CMDob{6!+U# zQok1A{r+Pni-S222Xk3SO zQ4;;4__D(`3a;Ga$}+e(Fk`S}jo58B_Bl>Am0z4@3omgGiJ$#lJCoft3)~S9#T`Wc zOn0NtdvX{qhit~8*5dzlR#hW}>;8w`z%%VeX5bm)(i8Z-7B z^%cHj!FB;OM}Wx*H@Jc1XZB_t=LK8qY8{|jrd zcykh&9DSK_#X3pBQ438_kc0f^tmimXjKpIqj*eQo!MF7xXeuK@>A6g2H=!5Usve2^ z8fsF>Ux{Aal|8Xlbm_K3|gp9{mItjAS%Yd0J&bXBT^6yuRE!Jac| zcC)?-P&2HmNJ_A!%0R|Fd4N`>ou`jq5gETAqH?IYL<;%UIbHwVjhxqWg3tJVb7uA5 zeiTE+z>;Z&CPS=zFFRy4(XI$m3^wzrjvBI`P~fcV%tx2)gh!`sjcpCd zk@l~?*WEP+BbV8STNfpYP0b=NStJCp?hcmXmFNQ@(2IIzQ=*CS(2>x2))aq0kE9+O zQ$kgq_YhPHv?kMnk9A%1q0yVS%EO_bpAvYwG0F)|61Aq^P1EEOb%3#*anJ^qQjWgr zDkd`G8efy4lc@LCY@zgv`)FY(eBF@0xLYBsi8aT+2E$B!XbN?)^8G&kxJYxv3;5+v zMxg4>*Nvvo9$_x~5j}Z(C=!*#1%=&itrEIw z225x~;ZL7c0SwNn!)%yVOVMBXy1wk`8}N72T8oCHCyDBMv=RuPi3ZqJV;@@M!__l2 z{|I{YYcA>5!$GO+e93Tx4bNJAK}K{-hwn3x6RUhH5mvk0$DzH<6l}0a`Sm${sNy-@ zt6pse0qaw=FKHpTJfGN79T$}4@j@J@OwGUAj{ID|@ej0&7s=1g?G2asLM83r`xo6m zyHQloSwAODME5i0cJiWuQb#Wl=F=}wkIl-mwHmf&jstquchZ%MKRkq~aqJ`4u5YG) z3`T@PZ@IDmluW*H3WzcDj9h*~5}+{c*TQ7md6rVrzb}lo%rwtN5+FAiR*}na4;uGd z`vv}U^kHQnrZ(}i7@=_M{~!jJ)enco|9&pqt|TeXPu&%C-^{d7cE)+amq80K9F*2; z4tfvyXgVz@@Lpoymk5${T$Q4@1*ooQm7_I@ZB_U4cO>R16;O7DJZdAnMsOoIJp4rMUe*z|6eh!Zc`flx z!w|mn<-m4l;J42`fv~Qfk9cA|8WwO0zvfZ0mBa#>8q6kQEAIt7LNS3XhMJ^0J!Of@ zZgfaB6ET1n>1oQpd~pk7J_H56L!AAwZ`w8z4m701k0_BTOA+Hx$-Igh2uLHU&)CFx z`Z3HutpwxXtkvi=F@#~ISE;mKfg6lC{MiRq(d|)?XJ+jo_`KB0+05qG73{t8%R^4< z_t6_WAi0~K5>45Q*+~hUVRKR+-5HfS?|3IUZoRSg*&<%A?3jKXkAx=VdXA-F&S@4J zE6={9$;_+AK{Y5fFFkquX?%4g_FVl_)8x2KQT~*Z;&cRpy2E{}KnhYw+B)rVerP#{ zHSLQf(qm)LVTnt$FqHDNASGtk9igyS)O@Iqzsq+PzQ<~J{|}|Y5}8TgXVK1h)Qk;? z&$;M_jO6hE0l-7mgv-IvqS?=Gh+@)r||ca*zD&{voj zl+b(HeM0NM%{{ZWdz@)x*5CgCX*8sS4n@KMAYvk^x(4#?&;&(Kw3KyUyWSShaEA4xjly2*zfCT=!WvL?5XvWV7wHk%_Hw#^bmTIw zM_U>Mk}TEsQqr-zZ~tL;@BPyW`V)%&@2@DS-`Ov)+qbo3nQx8dW+9PMi-xF*`2VP~ z!|2JvCgYh~9wM7X!_?as{9<@zXYw1tlPv6c)$|CZ0dkD@6|^ueE0`IDes!}ogY^^j z=G**^#erd;^69ly&)gKhoLY}2Ad+zHzI^9s`>WyS4%o4hc%zgRj>J$jF_V_-E92hj3uV%}d zfc(@bHSq+N%e;;VSNdaxIbu3I>mKSV=!?JQamn%@>hslWiMi|lk#yBjQGH!hI;2y& zL_kuI8d|zrLJ6h2yGy#Hq`SMDp}V_Nx+MmN`X0aU57q)^Etq-lzJ2!IXWw)0*HzKQ z6CWf=zX4jH#RuYe=i;E1n>ysLg;##yDz!7{r}B}mZxUuQi5>s+-t{(4xpnEXqo|H9 zW9vcmfYTIacVB0oAZjM~Qt}0rL=if?{%nRQV&36!c5Ik-S9^=2tNM~-1J_Ab;Pf1?K8iH)`L?pku17;cEiil$JpAl>IgG65;Yg(C z;7BAXP`Ye~xGjqjaY>8Rf9H27*milQdY9Wee_4&I3W?@vKs(zI5OC^9e!Ano-BS2> zZa*PtxegjO;zUQu`gHUL`3A4!4=}bG(#ggp-FrWrWp(n`llUxMW-EpE=P*ZIUzzf} zn?ia1G}zP5#SuDeVk4VTHjZML?F<`q5$r5wCfH-U4NB{1cLlJM48YFJ`UnHr4k8C0 zUm4%)(sAuB08RZB(^IxzTCeb)Pb!?!=y$Sw9Xk&#ODeE6%(#V-kem1_h^U%`|K!-O zN~*~?b;4tTgpn0Axe#v4;?J?}C~5c7;uZIKX3E4opaS+-BhXLt%FL6bMnY8r8$<3) zb7H(9px~l=W+EaYqv#)I)lOOvn3Bzb--B4c-3h!J`~?|ENuSt_hy@BCRp|gf5Cy%e zR1KW|fs3Hr8{Me}$Kh6KrVz)SN(HL}ntD7&%Srq>l82)!&zxN`({45Tt@SxJ!d1~z zqIzo51W5Uat0H zd1jM-<98diDsOp6b0^jbOzc9vTZtt5a9|V#+af9f%mjqbKkt3pH#}_Ak5>*~FD53m zx|r!c+y%5MY)zaC20av>(b_R}R{FQ;{5O|wTqW^)`&8$@f3U}VgJMdO@f0YMos*$fQmy0eGJ{FZ!4j99UIDH+^)u?I z>4n~=%I*BOn>ZOBTgkK#XyZQExnqZf>QWQgW>hn9j)9Xu`9tK#bCfm7Qra3H2Ye69{%gmi^lN& zR>dawWSBZ6pIDK>rm5e7K-@vsTqLr{cQXIxh$CWGV1yi$9sh?~SzhNWU%gS*GU~G9 zkxu@$Z1CCl+kh52)uck6B(mwGit+%8noMQJfOQLweA7gp+Nq+WU&m#*=6%zB@1#TR zk3GbL5t~YHrjb*_WvXGnir#R6o)Wd0DdN1*pZEvR=e{9(hX~5S-BPt9hG0j8`cqoY zn2)tKk4~#GEH`9B9H5MnnPlUsj$Z>iZYC43pYNAO?v84|+PaM=Ar) zbA*SB0)X>jo`HgZ_JM03&z}E-%frao^V;d<`8e_Q;flr0Df+L2;0RjupgC#jcMv(Z z>bUGx(pM#d%I9!!cZ_rpyQ+k}e?JCaiR5jh!lotPytnoOG> zWjm>W8!meD0E!FzHU?L0MM;=NNm|kOM|z1hp68Zgf^IfhO4BeIp@oY1r#$tdijo|< zT8#Wm{@ZN0FYKbUPBnVV76?v#ZyA*jn#k&$zx)^l=Yv2!@r_q`9f5dqCU0m8==lcf zoOtAejSy(c4BtB~64R1_- zR8B*f8Y)nM-3~gtLQGH64K74>{CZhv?2NEPVpr^xYgTP2p~+B_mQzi6)TEZI^c~4m zLd&0V0p5STmH+khLX=&T9H%_SCf(+vJHN*h1$p>;h$G7>c zbA2+^P;>Svi>2R?pNh5uB=*BwN-eZu(~q!=s-dWhJC9@cD1^|pa`n8ZupMej0!3`^ z`D6ozk5Jux=Z&KQ8A=B6zj2+TaXtr|i@vi^EMZFV55a}KG34K&d`Q5hjxO^D>Boz$+1sZrb$tx^jdOFx zbJk2&OA|GaTIP`>hWoa9EL#iJ^7=HVLqr*Awh6_z-+wb*0KIR*;4s)wQQqFAO=4oO z_LSG&nV-l5KG*6b@pxJP2&qoG*`bKRn;pd+_y+`b2Z?tG_jhoVr5w z88wyjIoNSi>&&f%*eY?H+cAsvr#>Vf_0sI93PUnXBDa#lA{YgZ=QFkEPBs23p4yrI zJ%nHkR>3B8y5224%{gfwl;hKYvx1uuw>WC`HTm+juBi--#A`4IlL_QM1zkQ;* zHlWYGDrRaO_gA?ghw4-11R2hXXkqsHBO?@H%vU8JYGrx-Qdu*}C2!0xQ_R(ipLd-y zz)7}bM&m0kMQ7^!Bq%Ep)-x3>O4H4qQS0wxH+pIrY`|#iD)%4w zuLAW*4{VDAz6w%pvQPmw1-N@LoNbUPNv1BE0D}DZ$aVdh^Do~{c6z+=$z<*4J0?uN zzYfHc*bTLppKRIC$Vk5>n^mXgcto|o4UZFWGgo!PK<;!KL3r-tWxPwtWn9#_`!%|? zXiiFm+p)W<&JS7qxb6+GxJJGOfWXWcD-lpT2=hs~ZMNj3?{&ds+83l+&>{)MCXRo! zq>=oRr*mwT7Z?*q9k2>=3J~SDZ}xr5Z9 z04F9l$Bo5i{rOn75eUXT)Gi+T=ICEl_(I?`8Ie*gpAf=3Fl&}yQmEvU4`t$H(Vu0; zxiMNRtgI|J^2c$Iz7^9|+>@@M$cHW)bDKs9*!VzD{=jx3j3B&L-Huz!##*wd(@sC^ zErk8k9`5wkFrk(!Jl&W3xVupX%s`%Br`b#-eNV07bNtIV}u4 zkDE(hTj!O+!3M#b;gIM{ha|Gj;3&n5W0$mEW=w^Y34dh!NjNE9YGyy<_C%?zeJTsB z)Lkqj+%Ine;s+6EhjSzE^slgL%>n{_qjkw>=p1n2L&?sm0)C?MskaZ#Cg&kjA6b8g zbyAQ{7_65IPa1dMyOy9#n98XalOypBULxlWSVZ-FAFvBoR3<0+nZzpPMDJ4Z8YB^l z#QDJ5myE`)FOfzt@XOLcK{Y!c+DzN2U_L6oOt(7b>t`qLHG>UsX?ArOH5C{!mB>$= z%fitxUK9T60>l%&$qn`X6t&a%N)knF!lds%0HFXE~*g=)CF6K;_cQVuJBVMav<-;TB`Rn2mhU9z)fd8YmKn;MpJg^TD z&LQq(2fR07v%ns!`e6Z2$dNkVF?Na-hGvN7vw1C!IOLkhoZ7qhj;RC2{-mid`P-S> zdjj62u1r@~lnu}EkL2w>CkgwuCrbRrFYmzi_b_b`AgShlyLa~<*?9Hi=v!+>JmpZ&_H=YOq27bvsm7-hXPFe=$E(e zttkE|xM3^#O)F%z{FwnEtEgy?rbR$YNw@J1)jop@vx2+F9P-c-sLVD+>1UW)dcQ0c zg0iqr7F9UCKazaeV4MRFlRq$tD}T+)(3s-85&w+3c&$_L0kP1m^Dj>%oS_q2_1V6q zp`&;go^s-ctAG;K@}L7o^q{nNamAw8%KAN%6%5(1@8kEx6c8tSd1yr+5T)Q-)Lz12 z{|GpcMnG+#v?~h8(^iJ?1r6I`=>|62vY1Q&!c=V9d3O$OEymJM8ta0ATg#s@ zOi;IAdn{IStQidQKT+w8Y)FN^g7qtD{Ir`R(M&sT179zz=3+Hcda7kFngV29SG#Cm zvm%f4`wH8+TY1F03(a}iOhu(kD_yhgSry7!Xx~%weu<00(QcSjiwI}MlpJ~l-mGWC z<~S1hU#TDp4Uf8KfXXvCKGrApN@?B>#c^+I`Ds?^WMXCDuo-pNMdiu;FoEk_)ZB$d z@&d-4SMxfu$tZCg##yr;V1+KkrJMacEEu(SA6~wwo+<>2Ld0{nQ@yEv`tL1EhThiq zh@w>RgJThB<~}{9ee;sa4XP^>g_cNy!KUVpM?;fTGDc6PYmr5Q3>XTRq+YeP1H|S5 zrNS~{Hri45DoW+(*j6q)sBd1S9bsClzhuQd3{9{>}^N$D=Uc9W@;ZO)2 z`o(ZypKYvlxC0?6pUfGL-|VVMf3m^ob4)YuFq=^zmi)*l&zsq)6EF}`XuFy@{&`kc z4SlR)%8zMjdBe5_t9nY$IjxbqeuL5`+a=r!vZ%E-5s$|%+W&;Y z2pOI2aj2Qb`)}nNX|*l!G=iQ^B_HCX{N>vp7A4%zFOwrBuF|t8;k)QJO+mKTt<8iYb5UZ zRhoWdQI4U$6zV7v)dd!%!A`G`gEviQp4epUynhum5iLhLg@JJ}n}h#%GAPY@KoC^h zq*s#_8@Gg_F5;LKp>KmF@ss28j|$WE#YGFHk*)%>Ce6mT(;~Pk4k9MxA}P)#SrzEa z1BNVB;$OewpS(%NZ?Y03yz0%uwNDzke!^p06+1^A2I4PUstQvuY)2+<*SP(Ne$V$!&SEGr|2?6o#)(7pk3FE(er|J>rnZwTf zx8)l`&@%1~0lI2tSE@j4ZXH$5SR}SuPVe@*k~zXBC$>Kf_N&oFW2lr-PU7@&Fmc0b zl-DLIVj@&acprOch9j^s{!JojiW5MuDe14)*2julz@vGC`TfCh&&9ss1iDFtv8T#e zLhV8jei~(qF+_DGI~bi5o~$Dz5@Asf{FzDRyt#mmF*e9G;nc>j6Ok`#5tI3`sYa}n zW@R$zyoq*bj)MEoPw#3EFjvz#`0uu)ckoDd#WY-uK>%(zmliM|K&C)?v6E+ zFVy3M;6tYLb6mD_)Pqa#8POWJHRN`?HzSgJ3Zs^P#`Qq|u$7)s`KO!6cHd`1g}j7q!75+cTT#H@~lotN)z5ttEnEBgH~kaLk6~ev2yBfd%C$Iy@&M2I zF%t9>Rbv6$G`~;mP?^Cz0>5suu=hl<>l&rggu&ah*^;QFHEOBGkYylKhZ~;GN ze$dh{PDX5)qrs_5%){$=5ym;Q&e{m>8&xCz} z4j^n)Iyeka%YJb>yrd?G9VZv; z);w(yFK!DU?^EC*a!^U3D_4aQ6gv%o>}Ik>%@x)h=#X(N_>^!T|0t129m0R86GY7O z7G?ydGK3D(V|7Ks)ykEX)`nczDW)I9ZGlLr9vden(Wp-Y!~T^HBX4Q4`dP)^=dBgq zaP8IcUDJpwT#CKOC^HUG{+^97tJt8iB&%Z`jeAU%H@d=)6`*7&4cTD|5MKI>PnMU9 zPG$KIONxo())|uAvXj3so|r=G*8{jjuC7Z^}Q_!e@0 zyWuk^BB0w@JId@IHM-|+3c?^F0b9y5Q+}8Hi8~~)yIe8ef=`y&V9GYdh524jmrS$@ zOv(SUiVx^f^)dp5tUcQ_Gx|6D#|Nkx&aOn@%jUSdwTaALv2xn0vgm(#-ZbAME4YM> zRO__idS}zT!${ZaFTO~xavtz>7~g!8ndS}h-~>^SicO$*IjLhvbEw;EaOBsXgM z;>Fd8g^H&QVWh=q>Q5(JqRu#j_`W}KYnr#wG1wAf z@9YvtxU#J&My=9S8azMJPygUAeUP~8+_fXa2;Ld(?!w;MNCRU|@OmJ;T-MTEn7Cxx z3yqNj7u^MM9H4~8ecNs#V6wR7yI%?l9B5JNpQdKm>xP1fyEzAv<(bYeL~7I*3d961 zSm?n9HZ0>l7a^iN7AL$E7z4>sPc+?-?^T!+{4EiBkE1A$=MP*p5>=jHh#JZOp5m0W zk0=o@ya>qixxT5n;DG3hNp2-gdTkd&83MSTC3wE-pf;#3D_dQoS(Pu(pK=y?=xw$0 z4^bH;udawM2n43SUIPLR6rrpbZW$pg9}OsO5ta?fOxFlTPG~i|{91ISZy3~Ia=EZ1 zr}|PNscM(b*k?LxJmAuC#XPh`YFFRUV8?G7f-T@!jY@1jQKvM15878q|70n{hjy@^ zX1cQHkzLW`MNr!m_Jz@MJM~!lBML2iGU$>=%rrhyFmbss*8PLM=-MkFNWE_EPQYA? z-cPIb*Mpv*cy9WIY7CSAD+bWOWLxg?oaNuM*AjiLZfnT&?vyNPRVs_Xm)?0OILz3%(_g}#oPjJ_n9 zMY;;+m4abweYxi84>7F8W-vcw^DXHaE=Eby_CGI9$`Qp9$Yb5a(`aaP5!6-WG7Qw& zI`5Nz7r6S&--DKnizF)HM{S}@EC%$QLDw9cc@;hh9J(TKdlp_%jxtPZ}T|(la)*S zCI`+*E2Kkf_D)=v7Bu10e!**y0=Q7!cv)2c$@}yN(&dpXWQS^`19O8>5FgOuo@pr0 zYvN)3`3eeA(BgsS8uj#9;0}>Sxn1-I$lk4$ zV(zp~==DAOkIq2<;k6nue#VgN)k22GH+-j~p%Zkt`j~7nzzTF0QD&VEfH4sjhYrNS zF3gVO=yUi^il&&=0ZpapZ+g4l$}H-L-rz$CT#uT6;oDAvr3Jzr-wuBTV zw*n_7NB$sr%qgnK^%mEm6J+<|I&g_N))2FrgBQ}CvS$pLhu6r0uM0qwR~0lrijLS% znB)3FG8+5yP}K4=o~L;|EjZ~h0>=x%>zwXLfcP!m+XQYWCb5xJ3y0L?J^=$?b}koO z-}J3_Ynz+8m@=O*-TwhdYRdy_4Fc+g`^}HG1Ai|~2jU|gOvrhL+o{#5i9(W35}_wq zMs-`W+&Q%qu0@s7HWklK$h(@Mj6&*nW>Kc=Vml|FnLzAPa9nqh~8>K{TVCM?cW6YJG$N6;Hjgp0`a=hKgV zwX{KFTd@GO&b_KV;ZUuAT1B)AqCrHh>1_@~zGNUh1{5|OIeoUCwwc{ZLKrGY<_SGJH+@itQ%1m$f zj~x)Xg zE(lC#Rx(7pvK;nQM3nT~f(bbI9lvn-?kD}>Xgob7EFbc$$u})WBY8FnqtQVhMGvuB zQR85It3!A>F-m`&AZrfoBAi+cEjltjAw#aAjZ#YSDZ^1EItz*0r*%vEBV%rKbH&_? zt>;{*Jg@=@{ zcl;SbSiS|R00kanGP?zxume%zl}r~+p;hS#UTcK}2D{;oC$Ysmd=5tya{asG^BLdB zF5{0@6Yt771WA5e{^arKvg|l4NX-Fn{7Y=K9Pvs@OuXnO?7-5yHPZWa=okjR3kP>v z=sjq&v34Y7c$_u6UWV&MSX4A4x@>rH>%Kr2Y*rjVz&*{e-R;2kz8Vg=n*rSDl!=T^ z0o=2C@jT}sf+`GpRbb2a9C}UKAxPF&d9UKQwq^PB4TBm>S*LH%y4HJM4^(*`pAt*3(l4gr>@4bb>HR` zO+0H*eeD`qwV(9G%J+gv!A8TkMi22hXde@{5x=h47GRE>BmDCRH>z`;qjRrLK6*jc zTy{h$pfRlGuc#YfdpL{?c3gsKyXruH{98!gyU#6C8L#uY1ri;oXbwgbW;!3-k{-y@ zj88ntKKji}W3|KX;H84Y-f7#q2^6wB$ban+G z+5H{F=6_h4=;z3|j9_kFkkx~#e0N!MT5PnTU}?Mf()O2@wTm|C`}Vv)zzh@aj&d3A z+DkEZ7$>wd#{TSlo{Pb!*^ChAI&#kovCYTjoLpCnS0^>{kutG{DZa|8L(U^JI*`QU zScac>p#hGMrOxk`DR2F@LT^)j!a2gkI z%4=sW{_H(hO#Xx*>5h?jVHCgR$A#RTMu4%flYP`!e9^ zODkGFLR;xkzkA>Bt`M96m=-0zGx+CXIQVRUV_dsm(fdeb)w@J)S_@{b__Ubketq&q z$ptrNg{gPJ0Pj1mb+b+VE-*?H8n<%Huzz1P4h{LNz+V7C|1niVQ5-i}e9jLhqXbL{e&Z_{^OzW{oRoQ!}uj|wRHxeBVMoG>AmmJA-WHw6fc;xU zEQUKC9CxY9{ehyGBjS%gMwu)3W4aH|rzp`dvRa6!sK2giZh>3R%eW zk~qU|p56O8Zs0OmmAr0!2yjM|m*%6qBe+$Q`EB2fg=@LSw_iTpbB7lSoSOaInQ%S+ zw$Wk*c@}!vf7xs~t_WX$IFJ--p@p>UCVsnk{r292J$W3%(=)`%QT6ajc^Nz@O3C;eXLi zc-AAtTN6m}G8=Fgj5}j$#nk6cr11OOxNNiRtwzHKnu$J!(Ex-qCtfPSv#J zFLLQ4$61n+ZxOiWz7Bk8yr!lJN8z3z&0S#I~&l@dS*S;4otj2Q1b`@tffaTmnXKr?ZhVWr-xMk(+ zO}`f%S)|wMW=OhIWcl`o73qK-$Al5O(tEp>nM-aiu8Wj~HpEJ|F^h&rU6)lmB<~9( zpGguxBAuA=|Fnu&&~Zbqd|5?#>?fnE9zU$tCf1$K-mv304xD066%N<2=xOF%tE^%7 zk82)!{?i4c9cFI-Fh)djHx}|72$}8|4d-LnO$#_1IM&#@40( z%E*^&^y7}f4SxPYw}*=r4YKZ} z6AH=gNwO7*%ua5FD8eIg>3}HW!V~2BuLzbf&eVJsoi%haM&F#cC{!qQ-cgBKR__TO zxomMTqowCKO!q6&4R+h57y7@QRUOBvru5Xxyfevtr(K&(Vq4Nz)mO?kOtaFisz(YY zgph?D3yUj*u75J5r-93=VwlB_a zfK^z31B4R#W@(LAU(gSen!zL+zUs)jop4hGY7sZW{Gzl>NB31@3u}>!@@-zPAYnHp zPRQv4hP0pe(NNq=J>EsXxL&Of2tC`iT?Day_IYU<5Wo<+H4vJAe42{(#@hfGtBE&c zNYUFq-s^G&{Iue_cB~ux${mGXu7oJOAPB6kUEfK1Y@YXQ`mZt|Z3pd;4oLgm6vdOW z+y`8KNb^MBRp!g%UM;KV*4w)R8|a7gI^fBg*xm-hOjr0wKEc7g;j+1dMNoXZI zJray_qLw$_a_n8&h46e5bic*$V=4QLcGwXY(j39E-mCcy&${KXKHoI=k6_hpKfQgI&+z~&<6nH?<}VWK&inn$=v>L@?YqmJyT^T@=+`^z zI+MB{813`8lUfomH>b}3bf`G+`e#R2!KA?$WZka({g*ofm&J-+sKBy%Yu#~g{CK1H zQqQ^y+>M3JEx`La4W{U>T=&KS+YO*p#*hJ|*4oN#;Ug4r_Ga#0~Y5tZdn)P5oLC;`2b@Ce`j{d_K4H z{M%)&V5xAdy1rLc6s2V1D&-*-CO8teKW3sr;-@`aDr}_o)HbKS={I3aR3K{EN^R6i zw1mR@O%YThsb=&Jek>-`b{KOlPkF*aI1L}SgOcniXpRL{BpN~OxO{M*D!Y=(pK+|c zDgWeS+yudl!yyxSGQ;n=Y-LC$yGxCPO!-hZ^<)<5HErqn+{>vU$aW=)9rr^$_HcSs zDSJ+dp2Cr@tmjxFiyVicJhnyZL5DIs8}_PcJ{rai@?@>K-dcb9rCRg@o;bdZeFm&P zYNL(w1bmuql#Q89l2K?Q`02E1JB)F!V|{oSwPS~`15WRXQx8t1Sa~3dtf$&w;G#%U z0CmFW`RWq7049IA0Y7WR=L@KS_bfUPH!jIGu+3uLbjH$1+5(sVyW4KU9klYry=|A- zrmOOCxN_4EiTqD<+k&nKv+iw8($>XRPx=G~gB*MMc+w*V@9?+POEk_qC+Y zETJ_Za!M~M0V4?5UVjH^BpV+>?N8NhAl_Ms5+COvnX@K8#mT?Ys~Ew?qy!|iDgZswg>eOFQ`tJWY(9*MU35FEaU{FM&!*OgV1-oe%E|sxu~vZVa+_ z#F6`)AD&LfEQdv_q6zE4#^GkyyFl#vN?0>LkEb-56lyaKWq!|0eojQ;x8*j`b!#30vMkN;NqXLHR}dt@3z$`h z2>}N^8zUnGA&7%eu!-PRGBDn)e|j3H<8-Bix!4DiL)ebIaV4-ZgW|3E%Fn~}o_F>7 z0i|g2@jO3CH%z1BUxM*PkH3j8AYazP22Ln;TmTYTNUD1~%o7Pv^YuRKvS`@D0Nyt7 zr}b`EWx{2KfPvf~KAY~fskhe#S z;2xhl%omvBp|+GJm6S{}%@&7YKSF8aM5x_m zW6dtoggr|>M|YEY^47c-88sV+g+tocQ6dlnG3HL`r9jnsYZZNozAIF)+$RqX=U?Mi z_xFXRA}*%4<^dwK4kz@4el%8hHBA}bTq+V0(#}@6^}npJ;mY7dc}E4vVh8;$ z;h9fBeh7?3iwMk;6&L9v6R|&TE~7-Avoc4}Hq@svY?G3YDyYy}3pUVZ*{j3#dVdrg zS=06It-4kTxWK%pGN9JENa1mrF%pyPfj-c|X#phMkK9o@pAF+@uV-DV0 zUK0*q$L%$`>lTk_{{Hy(pC9kp()(CfK@TM>W|i&z%==N3i`R1c#`hHmW78isd~P&e z)xrEDGu#JOw;@^E-2@GZ1;8&yvb`GP-T{h9_bcwx@o%AM>ROZ8zVdsZ-tKRq+qjBe zt#f4F%f0#tAr&0y3YS0$#(affyMsw8{xiGi9xapfIZyAcAj0in?}Olr>7)+Fiz^|( zYlzA~FY+hNyz8a2J(^`8<+X>`_-=>50)Dh#^?7-^s}*|S&?_Rt7^vvW#@;evU5kEk z-hU?qNyg<-Z%G<|a^iqCIZN}lgV8KxheBdT()O6o8V%la&GIz|V3gx6i^F+JJ^eE~ zDDxn57yS@`)41-=D0n}lxV;_DYR$#}TDfw^7L$DLlTsJjPijVNhiH?;zW4opHV36U zv&-$-Z{s8A{`;Nen6Wee&883Yc@uN{?@-+OAYjMDcIE=vrDF}!UO-xjw4JW2Ry!!I z;B@~eURdm3ie{mW)!!}lW+j`W;`9F(-sC)cJc`^rUppOEWtl5g3dek-6s&^cd_m*l zUx+Oyx%MKozg#X7qFjLhZIJaKS&v6Nru~Y3hNV8*?l5`v~ zK_w5n=P)Ad?vr+SE6Pv1Rm7kHO7OFq*Bq+LzeGEg zH268YzA$uFj9^bS-54@y(V^u|49-u7z>>})lBg#0C1!*?uE*F3hi(v<*3Qdt?x`%$ zaSDyLZln^jbGUnXkpY*<2PF&D7npCU2XWFPL_k>wIM-(M%Uv|zLd#x?h3!rxx5T;E zUmA+8=;wpz?dOMcn{`0%U0tXO-Ke?_ijq&aLC`lY(C^}e?r~QEdrMPCr|+%qh5rG_ zW!;VL`3d|20oH=xR9jrZDcnC{P2z$lv@l6Bt& z@bgXjxsGiYLeoJ`_~XTIz?j0lg980uT3|xpz16@aFpQ-##_AW)H)B}^ue`{Gp9Q!_ z$6Nkci}8<_#ol1NsH^Pz>E=eH=sq2nBR>%=^tg4v2a*-F-W(Tvu=JcF^in=nQ)=t} z*Gl-^7KZ#XL=vE>b9ztsXYG)6`2?TO#9K%{7f5_v(XZ_1&gJE7W2*~^;#$HPz(jIV zQf%+X?1#%I!ipdHf=6WRlm!RoT!C>ne*PxIH*a<5-j6_nK6D{dV@(^hng%;&>%Om0 zAJuQHpAh9_#&$Yk;PA?5amVSR5-`#aXm$%KBR;+-My1`6fW~`^1k%EO4TItz)T`-m zv|LLVslM3lXck`YLPT2=Nlk7|muZWUXhu}SHWYW;i>xZKOPCU>vwp-?7RcvXaF?{$(iG3>9&gy=9ZI#=i@K(8_;O!^SZZ)h);<`kH_eXadGcy$KRa>|> zo0ri({I};D6kg8`Kz&lafGdLKs&t<#wO!D0p*?*RG{wFxt?VEs)OG!_?~(a*V)BYQ z6NJV9g)p(bKSHhq|D)`9PQ$N^c%_nOWeq&4S!Pit#U$GLLLVneNf%5FX*d-=wbU#+)?{Vp0`w!}8OT2FS^!1V5>>yu6H((O-JbgncP+Yg zK@lZM0|xHPlxe}@ZRTUU<27AhW~6Y~Y*Ps7nkCY^JPDMeb71VWFRTu(+C!k~W28hV zDwA0Xd%GKQorVE*L@0HzSC}M`X#iTRsL)(Lo{9B=NrE4cLfMrtz|+OkGYDh}A`RCV z>I~#1)`KRaI-$F5P>Yx#aXN3`zDW$Jk_*iD2f5QGuFE*+)No4Z*A-)Q#?e;2qor2;ISXUIb8BuJgS-UZs{{x>X`k zcw)Ug_`IBtVXk+Rcf7KofGN|z=qJDp=GX?}!_Omtcm#qb!~-san+JyQodgOE^Jg)K zSiE!UU;StgEOiz@0=T?^k!a|QBiZPaYz5!nN|NyIkp)+B4k{ZvP9O3}@wf**_Ayu;WXL7?|Ud~xg>REvb!AT}Bf_b(5ycKwp3nYJ`fZBy-o zlV_8Dz7pqwY%C?hQgN}}YwjjSi@Rm7f z3=&!)^{)m1+P#YLD+mDH!C+`9czKr7Y5v#v=;UN(@CF5sEv5U*S?hVm zF-Y_RUTgt8I%-e0hh+yCHU=~tr0{VXS<=nFD3lZiAYpC; zp0367^ItllQ1HtGm>XOQN5j45i2F(*zB?}&jd`5A4)9%U24HTpK5w&vHrk;_r8Li5 zE^Rwxk(1D`n}E;o`FRcu)mT4#_1rMZ@B)(r4AF(WhP+Q`%;5+bmQzQe#voZ~v#Yey_&=_SYZ{N#UbI5WXmA&~&*ht?z z9N#W++aJxoI~h&Uh?|-@@=!>hXP9|3qZ#WZb)4*2!_oWX7!$;iDnHUNml<4^@bN)R z$u%}zIgca$jfhAP3#a<~y9#!7mCv?cB@}*K2<>JlB2nI8iuz8WvOD+lFFjR6|HepW zmp(Yjqax{|=den>bp8bppBB--2NBUkG1!;DIuC zL86z1KF~tfGl$IZOlWatH^s{(#m=iYL+20_V*7Nnu=D!*6I&cmSmStXiaRTHz25+P zTuUA%72sCEsbJuQI+M!Ma!b8su?J1B_IDtuvN6aZd0y>T&}k>e4v#<+fRNR7vl;wV zHA1lK&$o?|FySQDO)z@*33^0c`#w*VF9>h$ULWuS$Au)XrKBy!j%~)Aa~A*S5+agO z*Ha6<@K^I@>fz-&^Lb|63!wBppGaR5rQH0FSQWY?jmc<;M!0o71P#`~b%ioF=TZ)V z!F+VNZ%|LlfSH-F+aCFo{%jnwIP(R`)jxPrNzAF7%Bg=0YVYc+i9|<&zR}{dnflY} z$8(lzI@M%=KxDjUJGzl5JMW)9BZrd+#f;l52^y6rvlo-ZpzUxG_WrcyaQ*OIfMYJ1 zK3$H4<{%Cy$cFT(%4`a?ZkdJ|flwXKNDN(_o~NL}+)3mFWK&#SgxibqGVg~eTlxY2 z+Vr3)a8Kqla8AXt1WMXZeVxO`KyT86eo!*!azEWCA*JrN$k8*WBO#u1*ZS>lPT8r}c zCDf_HtZY7cGmi=hv*HGvK3AX@U~yzO^;GjGKTex2vZifTGp$KsL%JxPEmWTnWA^l@ zmk+(xaxjWQC<;&o0%IFUnB={+88>Bn=M&zywUMsSV%5TnahHzT`;)TT@$Of_0k~1X z!t0R~{1+R`Ghfhhuvk1{|CjRkor)2jY40RO&RP6LQoWwaEn2Rxaf-_&1{)y&j zUa#33@6)$*Z{XH_He@)3l}MYyQAJixItnwc-KmSyHn|W>AubuCIYsDIfJ|fADy}uE zayzBV5o@!ZnL0b3IEFC{GHKUlJ;5BDV3ic-l)M?N!P>Sqt)A57n~bivXrEoB5 zq=SbI@{3V3iFm+vspl%fs47Cm@G{Xx%2!B;h^)y^`b|tlC9F!BiSXM~IjuMst}yM` zr3+Ebs|!zU;=2nU*AdVLaNWkuTzvF;b>eavv09YroMWWKS36Y61Qg)Ve0 zDm0s&2ZF3RT>eV}^Sj#^7{HyoFSNcqo_X!ojT&dbZnHuG7%%;@06l4x4D zSWw#z#96xueJ%-IVEKS{1M50;zR?+jLwd`#u?Hxyy1l?qx{F`I6utPR8J7)fwm=~J z9K{uFd%4M(1bv<F&g)fJ8y@$?>hhslUE7rq9(X(Yj_UZdv6BwE8P;2e$9--0~#>8h~B$02*Xn7E;GLnC9504-`28ZLJk>itd|4Ga1XeJ-}i^}QsHSZ?t*ave+< zBUSP!cA}JhwS^ik{dtu4WJOgcKTDqiq+CDB(l3#r{jlRYitD+;Q3|0*C=txp=aThv zjarF3E=}6bzTt>64?aXzM~vv$k1u(H{z(bd*00_5Zq`L&3nX;^EOWef){?6o39@D z>jQ=hNOOa$wbyFbf2<1ut$JRKH9efQ+O50oZ=ooEyHEO92;l60#XA!^TWEW+DZ&r*$Isz~o&jr*_}m-PinP%8A5IfZxFP~c z0h3KY<_$16uKK?=^my#H;pgY)Fa8YhBNFO)+Fg?{ub%;=$pafxhiJ=5gS@v?&lEH+78cMpfBrbSm$4=YC#ROIGpD>a#_9o?B zkF3mxMP_3s*Hr)R`0dhw>sm1792KtgUivhou(!5a*+%rRYH+bE_6XTX@d?u!_Xqs+ zo79*|bR4OV^jWAfc`W)yhIm;LaJg7o#G~qLdGOq78g@jbZFsW_$dUL56`c`g$o6)O z4J_wm!^Ovf3CvTEeE3Riu-0gz2N@B9U9~8@%LW0$PPV{~1FWzCT$5X@ulFX03g5go zeG)A#-nj0NY=i&}l*=iP-_A#eiawy%weaSR?$eRR&g0d@K!S$ulBf5@W*5`baqIdG zOB-O=gseYMyzKaF{u^P9uBn&I#jXH9L;pGf2H?czfcMFOaY?w(CF`@ennJOt=@!r$ z??Mu~6VY=8pn=E_*wGsnzHqVlMDt$)<(Ef}3m%}X|Hsl*2Swd=VLDd2yE~+jkXX8< zr9oP{yE~SY?(Xi8mhLW*GGIxSlKg(~et$8uv%}0id+xa>p7T7$VgNkC?*Vgt){bEK zZFsX+_93sf=-GnG{@>ff;IE0wH!AYW0qSt3CbH zjDq680{(dP=H!H(bzBJpk{)?n{8|?{KLv`s+eKU8tNi<{K$(j`h%CHlP{FcJwVfSh znQzcPbmt!qtm0+stEB0E_jB3{RGSHdblDVdDJ?3xIqSG+&a^H{>rKU1QJy0~eiWxj z8{dC2tEQ!r#pYfg{ut}ZOo3=jX&KABV~9~3!NSW%nI@8_U2Snz;gM1nlDx(%CUl&%Z8r6JUw3cEiQN{9DFi&0Fp8ks+SG>jk%^O9ludmjseiex5 z856wjKIS&?IV_#tJ_~%hLtd2Z`8Vx2vg$XzDs|TLJI;}}?+z%DQMWIYx0k#fC+|>r z0{$=t;sAMGA0+m5SB3YJ?yL`iL(k<3hGF{iz}9jIU?RRB0m`aBoALYpn09o8@BGz; zrRz&_yK_3C+FC&tk(b2ZxD{z8im(Vx)bZ5p#1cMJX>643P;3rPsLNTH=@1hN`tn(= za&ph&Z&*FQq*_a4py#a<$1RdwB9 zFg&u;w*U3+bL0}<{x<_`Kmfh9=St~3GVmtyrP2P9-T?vsIs88N>0jn-*^a%$j^2~{ zQ$q?kfxx^Z?0J0SHKCCga#Y_(@hd-2G@e2v=DBh;25RQ>UCclt$AG`t&PTQFGX{ju zh3IWtOaVp{C`WTWzeNLW;l5!YRMas{4g){SjFdq$ z|A?d5JyyUDC1pP_(D4dq!vZK&c=F8JZ#=!TCzW9iHZZq_vx%ubj|%Owk;h!G{mqGo zb-7aP`=FnH`P^szo%8E$`M+lz)UpyyM11X#H7|)<@+|Q0J>V3O0%4Y zH|B6`ZPj%WO-IXDS{riG%r3K;nkA%-g)$kIL{ev<%_+D-^rqnG1i|Kkg&7OQeXwzY zi%jgf4B-J1P64zXH<8BdF94AmZ+iuX^R7=0UnH|flGS~(Gzj#Lao~r;vht-nN|Zy1 zT@Cq0c4}z&QS%KBkF2|in%np>P5}-pW%2SU5%%z`F5oF(;sPdB3vWop@p2hcTkiE-uN+|t;4(}2vFqaa<`JN*&ZreEqwP_RDQ$vBbi=zM!`C8kbyYup<)foFJ_WsL0;oygbgKoSb2eD9jh{tl5Si>Z1B^A73#TNdYedfgKm)qP} z$kd&Df_Kn1hZMPS^+SaKg|VtZJYA(q$xcQA?3wxs57FjzrXbF|k~7&FFpyvwbT4=B z;j`claV*3DeMwPwsnNA3y;aeWQMUjal>f;~4tTxnS@UR*xDx?^H6OvU*l5AED-{$- zwCWEhG+ILtgV`CPd~84#1M2f3E*>MVN0xw_JwCke?u{rNfp3gCd=I^^)Qy$x9xP9@ zA;eO1kv5)Cw{vM(td9wNHJHgKL(eHRnXpIAzdK;ocum!7`~t{Uzp(^4YOP zaN7_Y(TmyB`9Ab~JTyp&(8&JDb%6dz=IyB7#H-C+1nC77X->T|8v-|F2_hOTU z!dm%}yd~NkjBsToVb?TW zjNXQ}i>#G-kOC5cfbFWX5WQX3cxYJh88S;vC5S*bi%a}YB)4;MTzoH#$QvcfNq;6P zj|IX`3omK)Ny>h3%a;nGRoAS|M6s%C!%YVloI=S!JMZbfPP@^_9z-B^tz`Rrx~W)z zduTv#AC9BvL_j6&6xINErF|{i&x}~#px@i4!P%~mLQ`-Evb&`Df=YPTYLmKh^GsWF ze{4Dc0thq1z`#ELemvhx8pym2qi6G2emjc&h7omk*;r#;pnzHnscuAXuNx475!sX9 zhVLqAr6^?W$psQ(G5!eWnw!JaC8+X%xLUf>PP{FmN;KSzF?c2E+E*v3nNaoZ;zYKA zxvvHd0!KVi6lP!IF3>{Gr~GwNVQ9s^alk|fu^<(XkB(mT4 zyUI9iCeq12B;Zb_O$IIkrIU@`K>6ZO zWbx!7uhL%K|4c>xT_UNN^gES%kS*!RT!CX9L+endoWhK==umBMDGSLaG1tOB2^a3i z(z0fv5H4+%kr{RJR{FOoSG>mcv5&v_uHUA2F&@MnxcjaE3l~=&Y zYW!C8Ug+b5JV0F~z~(kfV|QUnXvA0(%l?wf5&VCp(&eEB2QG0oj1K|_ki=SFwSsJU z{AEEk+Aa!&y`ej)<>mzFdqzn_=c{O~H_rUAUKBHKwCWc19C+5fgRHU%1ecp%yyi}} zE5%+;#9zIVwt7Ys2TOTw+0%DJsx zyk26E9r6ljaMs8N#@Knq<ZUfTh zuGo(NRH== z07?2j#pzc}XYnS-x6oM$|1`UN(`;$R2*_^>3ouuA?b&k&e=9sz8+88@Kk^*l$9q3Q z(Erf=H+}n|dsAbU+1K;H)j`Nlk0`s(8n<76vGc2Se(mD*!wB%00Z^%*Tr@kQlwFkD zZl^ZKFlB2=?C(BCemW>t>I!nd?R~=|A#hsDQBKxQZsj?PA&n$Jqes(JSw&KKp7pb0 zoKtni&wC<3dmq?oRCE0!<^##8Lmj5spmjs+srAXB5*@~D)NR>d$6Y)?l7LvDt@B7< zh)M^Cs5(?t)(k3Vte5B{yAui?@FuccXrq*pyzcoaq7r7(v$ti+bYEw-3+I^=XQVy?X^z4}1iAb^viV-d45 z^L)H`^7!VFFk{~}SOa4#17QMS|L>FyXbm;`m+5#>NW?}N^dIQToB-a{(xYFax+$-SNp8#b`5Vyb&5y2i#cjgc`cc+7D zTkSi^iqOvgVsbE3xg>@5VYs)5+=dbszDqq=a4NmRmmG=h&0qR$vTRip$jHs!lIYDM zY&#Y(%Er2>E8@S-^5VD0ZZ!m9#-A@>^4#5qSAX#BJc<>L#e59KKdE0&}N{TN?ydw=rLYmmu+>8plV z7m5i&Oo`eMHwLBi45eVB5ARD9d5#1=rPk?H)vip0p=C_!n(plX;WQ`1J->{l3wd|uense zgn`;c*Ewx^V-VA-QT9!iD#bk?g_t=^=Lx|*dm`4!)KO}Wp=mba*5Y)bM%OG$Dw`p) z0`IL=qu9~@Hy6MF0F!AE)yuxjKgBTP?){SYV{p%g+k9cuXr_zQlAdlU=qhl;pAPY3}=YaDeR zDx|;Pvp{aBw|+OTZ@Q@QB}K3-N~kmxJx-1n^#obEX<3$xbVtUqh&CxFc4dEjLK&03juYN+X_sU!oLw|F_Prk z_41!~)mq189)yM=amidC;-v=Y?KM*Hi^KX`jTExE1~XQ!P3Pkco@!}nm3zjW3!p=I z7Qy6rws0T6S_aDL)puSgNKi_*Nvpded&nfc{O;Yv08<CVv8W#Dp zsH5_V#}o`@7p})(rm05Ae{jA|M4=;EZGdCQtwH|{(xZ(#=)(R=UCdTdzpTnlJ)=G+ zU7CWO<3*sJ`f-`E@|Qi?&sNDkJky`lYq$=oAeKt3n{kUkyd_X|0t_THsEyvGE>97Z z`DXBF&%3-LgtB~sWsU2D!vq1M?A!_;j@CHQ!oZwOlM~ycp+&k=HCV$cTil{h98nCU zM#wuSICt1h$7@l6UUAT`+(DI8t4tHBc?I*^d-eGW0Q=+68jJfWdJ2Sf7GUA3kx{%$;v+=q)I2QYsuhQEs0uP*0_5hNpv!SoWs!wE&1QwBX2>N zX(wv1hEIgnQa_2dXw8(R-%@ZV;%s2`hSDf}OSKI7|?1}H7ILn~BZ7%(g=aW(q2l_k0Ux7&= z{o8*|_z1dJhjx?CQ(XtC#%1_HoDci$ z;4tQnzxEuGq4;Bq{SbhGvw>#av48&@J!NEv97 z^*veoGJYqeF}zN;0%Q-8(Y|9;QqsgStvtOG=dkGQoqXu(l@s4o%g2QPnI89sUv^S7 z>&Tt|$SrQo@F05`kF|?GWt_wrc2E#M@Y*=aPY+l1y<(~5 zg6ikOs}Ha;s7}Z}2asysPDTixJk3 z64lUEFTI<}t0xHVF6AW`>MPY=(*vczHx6xpbjD_tH?;(ZC0AsUIvjvI4VATY9y_uv z^!)S_q|F)Ah2hzS0*(#Th zi-1_A@U*rqt*`lllP;CGqnaHDY8m!=I;%!XKAOJSfQE#iwgVhKfmRS09C^L75vl&Soj4WEiBK^Jiq*}NlDE-`mlS9HyuA6md*oy-b<;VC zv6GydbeQ270{0c<{N8l_tAK;6F8%`55-j?IZsfOdtnVs=m2K_(Qs9h3?O z5K&GdHfUm{fvTD%t7b=NqVO-Yzu#mG7LdC7ZoilZrta&TLBKpz@$p+HhXOo}?~i+= zMIvVrUNSZTvU1c&nXpxZ02o3xLix~oXLC?_^FWXVNd$pm;yq`%*!(@g;o@l%M98{O zx}X$S581OsCFHZiFX|)$K1!Rnij5~K1mW@G#1>ORi2%+DFO`_vP0#vLiEV=6a7+c{ zPlWjC8jw~4t;5s!hWPN44SAex~M+8(8c|}1E|k6$5&uLAyB)-(%U}jO*1yBB}vkFn_MCq z*R>4re?`|7_w$(pJ8A5#gn@b_PPYXdbMiU!<;Gw{(vGa}!vTw+;J4v=|1yLpK zSuwZ|+$iv@n_sYIk;1}$V%V`?k?vmfv9+iT z*X{jopLXD!5HD>DI37;xYQRM@Uplvq28GK}PJ}e3>4Q*kXyS4Z|5&3Y3@gGhYej%o zAjfJZ&Ljfc>N-v};)l|T0NNt~sBH?yPidMH_r8oMv~nD-o|LID)Y-R19-rtx?rog8 ze&TCYvvOC?81||RQ9|6H8tZTiG*hG-YbBGm?Q;M@=F36yeu#gQHO+_)S zdG0vq@hd2T4%!w$+q+YJU62|~)L)v5B%SU$9=Z!_C?<$lr#klm>j#HcE`$jK1d$La ztcF!z3QnM}%DD}Oehil|DZcgX91kdv88XkTK#gMK6C$n%W!eh*v=TdhVk?wlYlpC1 z5W=F60AE#GR>3q~#y70X+^j@%g6{z5Rp<{-pS47nWX8CB)$0jNNP(^Rs7N-#n^Yiy zI$wJ~SlCuK)VMjP!>JQ^PL5$_j99WD2&{A1YJ!E;`}0Wf9oeV@ z&L-ldF+!omT>%e$dhe+P>Ph{P)Q}4D;VL>kWDuEiLYqt zY*dnqyi)w-NqSBMWR)cq@RTV9mY^T(xZP@pN{nv98|zpM9KkJAJw-UIx*z?WJZYz* znj>opz!z-p#1fgZ3RZM;dgHg~uq9lD6E_vjA}bOjvbBMYcyJ^|Dthb?JyuBsaN3bl z>bY=ijFP&;$7!-eb{CA|1h{`Y*=QlW>r^abx`;B+sl;T`t$ft>;Dqxt4U5a3=rOkW zF19QiHb#u+q8=D)5C5p9z5fHG+}bywj2Az_AGSn}z>MF5e`oby z+ZW5I7%RMT#$=A{4Jcs_;b)~;FenrdHwVYsO3phY=El#dR#IWl;d7o@jyp+?(jiV~ z{`C-P#-LEuJV~PJIp%R+kxPZ8{jwunSWP8Qf7-J#XV6;Da-)XGXO3k?2Tv)bd~WvD zIs|6Y{pXkqb_;I>wh{*p36pX^M3Yjgk0M?gwtTd(#N`#uZ|*y@!G2~-0AG^ZiQ(q- zQ1$4~@_FLwFY4wxQ_9)QOX$qO_WHg-)aSGg%jS#qg|`@>rSfgif9Ni6{;Cr4OUIh= z%HqpQ$u_7{|)H^a~fXlnAA66uuMk-Gz)&#j?CXMmK}B-bq(#kt0Pf$ z`I!|e8Bk2^BtT&`2`ng0>PJ2h={8x7h%B3$LhHqK^2@&TA$OaYng|I+i%&2QElz1= zAhjG~I(XAg82q&|=2ym9MIg5vHsT|9Co>i|sVW#$C=9Ao6GpO<;LI3{=1zm>+<%GM zC{UYl1>7b-Oy2_Dbo?-_LP0|i3Z{Guva-&0e0-+yOI4wWl<9F7CYfqU-2K<;J;gf}yq$ zB_UgeiL0Po@A*ez0yfMnjMAdd3d`6gR#oEjYSOUWP#aOVjVKGM2;XKgA%05qb`A|a zR<)j0UE)cEq?3724WTtWg$rAlQhd_H_oy#R(j%kl#l#DbG7Cx0gT3sUeXNOdw>tq3 zsnl(}tKh1{OY9Iz>IQX}`(%k@tl2ZS_b<-j=Dc4>|M}0}!zq^gvEH%v(`nJ9$YiVE zXJHk^(U;pYlr(CFsR>R@6++>bYsp-Q?4f7>v;;42BgC~Q)b+R*L?lZZD`6q2q`UB@^%j5eoD@zQRfkl|?R~Yh zq6R*(~>PQccY&)Z)iF@CIc^FXd)!%RiRaeLKtOE+e#nZc_yk$B)bqdtN) zj_9Tyekxq*D4M_wH{%{5D^1GKN?}eF8VM~x$>ORA`eflX-j7Cq!Cqr?pc+CCEx_(_ z3?cif?oXX7f}8U%Yp;4@uOKQ}!O|T8x%UzRhNrWJU{xGW3W=9D`+XNkI{5;X5mJ>o z0Ofr8fUHkK7UzHpP$#MXXo6#ACMVTM56j70dAZYMy^qKE_t~$myn!A+>SiFv06bNE zI64~U|2^63DZ;^LPlLo1` z=o>L|f5F8j|I`a4z2Mgx(#A%Xs=Tu$JRh-M>HIR%FnsNR?ou1~p;Z>8Y|Jh^rQsfB zDJoc_YylN-QN9rHlvOt9*>|c)u;|nGem1dzJ!RS|m#CPJ#78v! ztg7IssWa3=Y=3*k^XdydbdD1gmc2F?)|;(kZf0|K&r~krNhqpekz6vcypmd{qcMT! z;?PNPrNDdUjfpHCY|rbCIeWVuN`(>m4gQo5((~~dPzYGWgZ~*7^0iHL_$=_l7Qbew zGpXUl#)Zn;#B}}X1Fi(_XqT@94db|A z6{V{u)ugtmg9M=Y1gTk5M#;hKmJXL98Nw~<%G&W-GRnmadCN=n^7mVv1nUYLJwqStU!KBR6+}Ll*w-A*|btM<3BY75tG3G!(!Bh-v#RrhgI@dvM5Lf&jea zAnO2NF&{`9Wv3TY=Ygpw9AB^Gk;s;xQlxm(iQyGk@j)azKB zE+S44nshh*L5etfsXB^*&V_pNH-$xa-CNL~PGJlOG&BU~qw}*U%VNb!y0cUq|Mm^S zDiw=@;+o2WvZz)e9W_9K4YwpKWbmnCxd#PLe_v>)k*q}wR3$yLc?>}{Ep#iu2S=)L zG#-d}=82j6DM9;3W&HC~JmmlS${UuAXiDnKaC0&o^l9qC3h$I(ii4K(lW*Dgis-(q z-;LDXn?Qm2@re`Q%hoHGl-*wF#x2{k(ZXcD?hs*axfpdJf{;(|Zb0=2$S^yZvwmgo z0Tvgh3zJf+&$kQk9bOjZucDjDE9BPS>{)eoNN}{6@zX=!YWzfU52flXkidF~Cttu5 ztPG7u;7wJdb5ox0sY%yOQ18#h;WZd(4ig_*LNWNL<|?1g2d5=OdCB7et;DcV(ps0X zzGTd5+tm{*dxYX?VHM5i7rc%mL|PjQV`(-677L1e*a^c@_3q4=tpkIy#D|$JYtkVa z7Vn27kx(R5Euv9qX$q^smfLKdpem*QEfd`JTi(KLy?v1T%0yH}@W{=5iWkqkZh}n- zmccO-mkD$E&JTQ z`ceAxL9O;=-qK&QJ~i=QusGjvhLf~%s}UTd;?6)5Mi{4=Ub-}rSquYAA$Q4I@r{cI8)IC=P88c4gLLY zsB3fAA+q~<@=2DI`w*LcGMd!r3wKTPS!;Hut?x?G^S9B_)Mv!d(CeEW#;K9@9&5J1 zb3>iS&1*dy_5Mw$ERP+Y%jv9Af}@y)2; z^(b;_2>F%AKgxEu_^M|TCYO!kD7PQftu=^D?I=jT*Ah$%<`<^+N*uM;8Y?$RX|){b zs34oyS`l~p*1mzWvtt+8l?MuP%0`{XX0PuvMo?f+c2g(IZONxXfYT#Si%5<(L-xRZ zTbLmsukC;Wqp9MeZm+itFV*cvc4-}oWMHMA0?2{hKe~|H!D=E!VJSPp;fCB+joVag zsv}i_miy?Gms@%RQmG}B1F4qZ2?Ymt#Y^0&*iKYyOsz2myZ^NL?Bo|WbEE37bA5Jh zU}lpaE9rqss!M{mD!oZzZn+vJYX31sXXIY)VmeAaPMSc`@++dS-~BZuVki0Oi#rOu zNIjqLW1951{is<)1jftPe&w5e-DXEt97y5~h@s{jm{`hcyK5vspZM_2I22y9`v7QkBwXb6v*8413;W_>v3#K{C!(0WvIsptE5MXlx2@ATztwQyM3nrBGm9+80%9=HE@= zUoqyaAJyW8JzX@wdtGGxZ39>;BF&s%=%fMkSa<$0FTh&gES7!exwz)4O>>rPdzyk8 zdNt;H>gM#<{lP4?3twqDEfgE#<9P6_h}A2OSko7hcKB zdb>{K!I(P0vDFld0V{M}!W`sYAhGNfd)1}w)+U?`qT-EMN(nRsBn@BX2Q+DNzYpL* z`ZF>7K30K8Rm%XWOi^XyVx34ttsNQ!`a#Fg1D}%VV7(|2Rn6u6T+F(=*@{&4@bobqBq038UTXm?B3{Iq7g}>GPCOF`5ZmK)D zr>rY=UaY!~tdXiA!H2G`@Y!Hhl0}>j9x?Zq$svwFA!@ zBC|PJd!C|wr>VPZ^8lcWf&xYm9!Y%rmnbK}tIl=5n_g@q=lQG`ni+vMyrN8sLf0<2B5Y)>zQb%NT zg^d+eB^9-}%@meE@vb@ZbE-7UjQ6kFm=g+`xFxo9b-8!`-p2D+?rP-9q7-wiHAtQm%Wj{Pp-lP8pkO2O|*| zU}aRyRk++INf4*8j-FERJR7mzez>%#CabKe74=>9%RBF-Fpl0PEJAl*clkT{ynrzH z>gpdHz{y1x&pv!@+!66EpXGPF@0-uuWaR)O{}vgj9xl?%mZ21YB;@xU!)Sy4C_Lx* zqiOr26kQR2(`^@3qS-@_ahLUO)4A@hQ8g;Z5fw#JJSc*F(phPDwc z9Kc7} z$}HpmAcQN0upltMeW5evE&yFmoS>2`KBO^{HvRmaY4!HD_c*YLl4eo6^URIKDngmh z>XgS#V`jwlzS!0M&yLJHC0AZAo_ zXyR5$)e15t2{BbR2_k8{=s^2AXIY!xAF46(`!?&y;NjYQTtL*~t!iKVJ7UI3mO1X! zhgkbjAICfNgFy9!vWnq-$v|E9s#TCyJv|iEb<`g|9O73U$!syjbe-!Y^>1Y+Dle>Ti zy-KWSo8!>2)3L|r?*NQ)D!?k^KV$Ae{muNY5p91)pR1FaHSmDkoDfvk(W7#6J2jvi znMNRGjE7v+0+y%`=CV;|*%-cuMEp&P5dwX+O@}^Jd6|0}kGZqm8;m_y9Hb`*sl=uh zZbT~hBhnn^?z6rV_O6xd1k9kW&fXJeKi zXOs|CGHWTBW8u`!53Odd>}@1)8H{5b7hLm23AhITrXZn9qBAd zwf=9nR<8f#1VAE8u#-%OJphL-?y^=Zqp}C(bk9 z#*=|aupQ4=IIbjuWY=$d>U~=l5pSH!-xYeV&u$_{GpbmlbYNAJe^}1K=7CeMAlFV2U-X z-{S%p2*xGvrGlQD3o0B&0rMn}r(f{$1q9;|KOs}hLsgHcs4pPeI@ujZHIZF2c+1xz zk{zGy2Vho{A|@J*siR62%Uw4PC!IY|+HXn8Bb{h8O1w`uxP+y(>O!iI6QEBh2zAhu zZk5ZN`At*>D(o5*FtJ*rPzDzqUyA0}3ZrK7Lg~;JC4M6_^3u}63{Tk$M{>|os@IxW;l@?0&7c6y z-~?u_5i})eF9ozr)6h!wXT*F$&Do{9@)iZ6DVKXDc(I&oF!Sijf~53?)A==_2*5Cl zG5T>NmP2QVow4kuAN~_hFF?a^w8rif48(4*fY9r6s3NAx@xQY0X?AW1YK`b;W3oBNvx& zo-9Ne?&VP_f_0F?U?F|jqV}rtU1+h`E>?U_51EGgG?Z#3#h6+gyNOYTZ)+i=YEgM# zuUbl-jc-=o&=9qDKDn3&#fMJwiNoeisYcRf5Z>)Sob9-y@N6v5;gMSVlk`I}nh^RI!#flHH8vcF7Mzu}xkD{VsJ?&d6ak7p>SJ4a94Sn}d6J1eF zI)gg2YK)n-r5lb|=sEL03*Tb8&$~YNosO{pX1QhhJ7>4!>g1tD{hi|FU7b1c+i}Ge zr!?6Y%yXlp(;*Z^?9bf8^fr&$o_R0byT@O=;uU`rzIcX78rg{QGVTgK_O7hJm`;bp z2fgVEhSv>HoRoU1L*N9n1{i{Zf8q?0FLn9&HluQ%Y0c7Hs7s9mqhXDU%YzMT(J6ES zh%R4mN~PBqy6y?E4xvRkzwh5%i2hg)&fd#8MF6=`YG9_mVmfF`d9WmrIzac&!a_mi z)!moF62+jvK&3!K54kXmjr*Ovus;q)E->$zaX~Kt9Xw8z{{N2Th8FL`)pwcqQ3e6= z74H`=L_P22dLbK{mSpodWiRy&{snS`>zN|RzB(NHN$B|NQ~(v zV*C^ThgXrzFqKh&AyDAX##qmu3w1Z45h#%4vY}-%c75}g{=S`x)>bm0E>GB?&wE7A%*;Ub(+8|3ET(yfKZ32+J>&;Ak>TrD7DD{w~!hc4{msFxGruDW^zm%$%mFw)Q)( zK=oJs_36vahqrayt`#4fxg=D>vLF=1Sef*n;AHYqX?{un)VtLMB^Cr6JyH?MHUEUE ztzIDP`1kGA^=^~a|1ZkSpcy9Q_ui{qxUJna^yfBnqr8Eq3F_0I&ssq9`PoD+q-{4jM&#@YjCihI4 zKg>2tXPV`BAfir)zJCvaI6%&xZV1jcTH!E|VNqjxWK% z1ip>4qofz)!%p9UO2;=qN6c1udRf(vE!(26CWiOMLd#Qo8dxDK};Mr=z)_ zxS4y&za5$5FHu~Qov67=7#VGzN4&WZ+Z&xe^gdN*m;chDg4bvK)Lm4*CxfP+Rxe&U zBrfG%hT5(RFDLLMO?>HDGGu6*9A>TZ$5Vl++c_;35-Jx6HVo^mDt6A@#cqv5IaNBk zlM`ao{sGbjY5Zi$mc9yC^UvRjlC7Fqn+Zw0oHDSuk#oPSoZwF8RcjJ4ZMFAI*F&T#3dVCB}&3BC?k2!1<_D}V6F!cz9#e<8p7Ny&@g@;N|_;>^_ctp zt-apgXDl}&#u&v2_q8XFS4PVNCKCUz+17qP$5`C-WYy7U522j=Q=IH~z z(sBCiO9CFafC@H*Ft3lpXVyhd1{UQX1zO!>ftgyM=osqef!`MuC-1llrH}x|udY?R z0t|5hQn}=?o1G%HmkcCAG+Nlq>~J_2lC%Z;L}{1QrHEn)R;oY8gSP$NH z1}7)8{t1MsI9N}iEHNDG%TQ>Uq?6tejH-rqAuYE$ID0OQ+m`-opn-;6(gc&-Wsf*D zU(roBdMlo(9y2q|>yMx1KKg|PT08$y730nj=d74sdN60esP3XzwlJVEDTUFlm=GXg zozApVEenV*?Ru2>IgK+;_@Oi)PD|XpED{)0 z+?U-YA(MYo_xE}?$<{2t<0Xw_eP&mGOl@igwm4^k0fO0h!JV#`x_&Lr>sx2_P0>TD z2A3z!CQek^I+2hIPHrOOzP}qhBlmd{s6j4tx#%ls2Fkn%i}0WnCxa4OgLo=h&L*ya z8K&W079w$bN1jDr!EIirUo{o2d0xWK!6$JEcBD-#;M*W!_9x(Gs+2S4SutV8kJFt; zFfc9j?JqdNxg}Uyq#Qi^H9u(GYEltUT3H$7K-ti{n8rmQxC%>94bj6A@v{P8Q|06L zFlfq&S3ERYjOON14O3yzcnuf@+ekI;H+Tk3IkaCg)eucj2*^_;ibO8ASIKn--{c>8 zyfDFf5WWa${w|SAv8RM2TjNF(l zaT1J%lt#5Fm+D9d6RXJ(8>GOF%#DJ$nRY8k$qrws94e*6)Xf6QrO%IsitrsiVf}96 z;u|3{VHZCkvUuY2Kd~!LGs&3b|9!!rMSW-6DC6DyyWF`M3+u7>PM?3~sc5c6#npfmx)*)~q zb3_SXBGsBf?JR~JY}=}*9z>ygj62%{{N)f_-z4fP22FepAYji*3aB81Z+}N2Uq64J}pxk#JU~DT9Z_ySbG)J(zKC} z-FAP0(SNJ8^ey(w!^GECb6sYP1|6DNNjKF&5m~!c_rJ#eYX3x0(m}Wj zplH0RUKzT%Z5r~XeH~tQV z+Bf<9YGHETsLhO`v!kwqYG0~cVubZRG@G_We2vTUt1@PgfMPwv1SdEfm8Y^Qeb#AwV-^8si`Xmikz_pq$mT zl8LD00lw6$l5VEBehjEkYC+Em&HN%69!*h^f&;P!Qbl zHwRd3#oa=ZbILsyZ{N^ru7mfx5^C}K6W+RsrG1?ODC#gqDVmy%of~cS1j&REMG45` zVPEL;!b01IsaEv|6DT@TsT{o_#&2+E{=TZ- zz)O}WFyM&Dt*(m%E~i4Esd3SDFBY4%2oU#2(nZ!(6U3*1FPTR97~Zo9quwW*3EfUO zvV|;H!?-gwn55WCrD_NxAdXZSS@26#UT|&rU<8w#wlOl>qqaPqE^4B}ma8KmmvO>j zvz!zz8k;QUOWRLKeC|P8r_z!clVOI#-+QFazzSiEvs7d^t>@uVkT&DTA4tF`D>{7z$yu|b|3lQU?z}Sp#jXCGPxk?- zf@~^ax9{B^&330U$wHtht4+H?yhdGM=oS}ZPhVp$ikUemmZTHtQmObZ| zAH$wmUPW#y6|c;UcLo1F*XwK9YwxiD*~7<9h{WU}X{_z2ig_;A2SkaMVlA5(-b`w3 zP?WPxpT-IWKr1hh#Q3fCO^$V&PZQag&<*T`MO#b0%sSSRlC1@mQh zY=<LlRkGYjKIjiS)VLo9U*s<&(;;kj=SY zBv4*x+h4ZTxE8QZoTKv@VNN?HrYn^7#SfgH;cSi~v%1nirwbJmZ~@fkWWhN9EH>pi zbNU}mR~grI|FuCuM+u`-V57Uc8Qt9=DIFp$NVCyHy1OK$TN(kC1_41py1U^SxBut$ z-h9ulbFOop`uu)iei*#IMM%r>H*)ryr$KUK1`i>VvwR*Rxz8AF!f;lg#G=c!NN{y}TtTOM>p()v)PMROnRb zqLilxOaK69;F0{jJPF^0(avVcGkCc4ksv z%^(Ih-y&b$BR=vLW`c*5w*D91TMM|``hRcWeyN0VHza-O1?hJ8G}si*EY3-I<*MM1 z;t||gaElyuL65aBFuUwRUbpBmA(hnKZZl@|Clrswq}KiOgOxgHOg4rZ<%hZOpMrO8 znPFpS95q>a7O(;(A?7;M7OdvG$6tP@%}S9cdylQRA|n-;w>4|bAVBmNCMrNIu4ObQ zF1RYNG*=de(an0@@oo2klM^j+pdE@{D!H7>FhC2zN9M%!R0m2D8$cRKY*Ni_vL`PO z;|_K@Kev|u6#Us~Y$mqJ{nK65%R|Q_E26yhrjtEFX=JK-b|<=JTFHrEH!2m7fH)o5 zVd1qasz2#0y;+uN^R}#xw&mPz5b1TcjCB@oTALs>p91o4+2K$Uyr{?pLR$VFO`5D1 z$F{(dzv)Cx>Cf*e<#s{iO?%AN9x$6#ql)~s@PP^+1%K50h2lsJ8CyXDFZXLhDUc5i z6VifCRi!|8-(D4X4`>#5fig38eqPEax8sx^LQ&y|>Xrg&xWqD&JTOToOx6aexVW-5C~x;Qh- z76F>s@@Z))ypv>#2{_lXD7zWwNt$~T3S;s`ZWwRs&=n^;)2-hTT6u1m^m(2qBcjZb zfy2A!nK~L;`8}EiNaZkbfY{kCM+G)L?Oh1j6V^iWk`!l1Cqlnh={aXHM-*zauK zVxO@Gw+F0S?1}YQGf;=dhxMC}gdasL#MOWSX~-L+qwebN;!*=6s=Xvjon%^OKq-Jh zYG&t%#hy^6j~E(ZTP+zLn6%9E+0U3lNuR*V|EK-#cn9BKq`I6i|_N;RiP zJpq8g+cqn@KLz}uD0kDZl~Qja5x56iE6{ll9#}&IdN2hEDR3A1Vv@$ym_9e+Yv;X< z&?|xb4HK?eE`3fjznVn`lOKPRkcBVR?mpcX8+BE)u_%2MmTL8zw>EESu%6CZyRwL+ zHAc!61c|lbk)AF5!~|llKda>EiHk~rH@haCpdLf$V_fP74`2ggQ)hzrY*W0=IkmOo zrGh?O9hsF;17LXmx@l zg-4I2p(|>h#Qoz7m~~(PbtsE%cHMW5*k3lpDb)*x9dG$Jg-dhpF8Rz)OFS0K3?#zEx!!QsF`wP{MG= zyiBR5dSFFd=Ckh~o5l8$iAF{{YKs3D6q=n9O8a{GGh5(i9HkS!;OP{kbUtDZtjf)^ zDukeA>R1N4T|o7feTYLyK#k1Z&Zmpx!U>Of+~ zETt>8Vh5}6FPSGd1jdpv=w&32D>Qr?kJp7`Egor&18@=M&yjZ_EHvYcrcC$Yqqed) zM*&dNF1$ipYRAY?1S3Kj>5oYpKN!RuVwa*y4|*XnNjAGu<;fJL3WbBuP*z{IS$vF^g@=Sm6065|cc>g^j3k zeAPm;@h#CEV^aM}Fvogt>AF?w?7sB4O~`lIh}AJx&~OsAZ(*)&!_PVCG{?EhYL^|9 z!JH2Z`C9o8g8rGaSFdC`Uz$&S&+W_C_k8{1i0(%n8p1=7zW!=s@5Z%xO>H%wizFrg zZNbYZ*eT*loJtBnje?~6>aF)=RaA${hT)rdtMcqIWx+-AD!!5i#=t_&NAFoavPP`# z0(@KJol-tC9J5g9)bc%UCeh4D_GT2SVOqk%E*6P+I5m_W3zeNW z83K}eHV)rD@Co6?zCkalckSuj0U`B{YDWs%J+=zD8NHBnOQXI~H#{tWNXv@G9( zz_lzlTs`q^f8kuQKYLDUcE0?WOQTECPlrB0fv!dIE|v>6cXkEW)Rh=D1usEN=Qf=0 zdzRPPi8=WoejUQypo2Mk9FZmL*7ovJ#m~{HLd~8bFG)+wB5b3%c^tYt=xl}-OJwPm zeSUb+1-^M7&?A@2gz^2o%*6*k3nm@S`@Sv-MK^Q#!g-#b6)TNM6aXP>UnZA2iduXP z7``0ryZ7x>2Z3j#iVZA%NEmJr#gwhyZ=>U=Q8^)xtkQdAnlalb_M3}$T37AOxR8DC zV#z>DX&4qg2Ud$%xVDs5s&7S#Jf5t)Ht;2IMG8V{P2Z0m6NRf&s6eN4|JjYWo}k-X zxkGc`KALO_D3SHGshD?_(M?5RnjM7ytii68A}VXH;W?0&yGLuM4O!(<^2HnNKrgp! z6$ITtu17?Z1CbL#m3v#0O(Y0~==TL8pW6<}KmF!2pFo{izs3+q_5G9I^ZkdVj%-ht zC;*z4dPCOXE5wN!+XM*jxPabqzU=EP4S_kZSm0fMA77sq5D8j8c{*(i39^+Y#<6qu zR#LJG)qPD7S*xkNt!oEgwMb5R_N~zMi&Ldm%rr=z?m?;01aPbwj(Wc?11xJKExTkA zPsSZFfdp9%DSjRcE>?%*insfPT|hrcLI`uyE?A_sjxaFL{UtQ}Vm~DxniY_t3RolZ zqv-q!rREcGJ)ej?jwbfyegQ+3Iq@Zig2M+k5m?K+EY*)#RFMDhE#|X#Tz%2j62qgK z0KJhg);JR+tGy0m)fP9q(w(4<1 zm${Xh>Nwwm-SbJq20F~RxDO)!$nhyyywS7SBqic0KQs(Z3~afyeOa>C4*e*B;G_80 zr;eogcw7zYNYohVO^1!4j|GSjmh!Ek!E1Mjqn$piE$PuxtI;d_h;t!QUrt1LP)l-%$Q-u+MIwFKdfY!^s^x0mo?^hOEu}qNZ zJgjZ)^t+@b-r&i=kpkFRw^4Uzc&&%DgeucMVY|MqWcNW8;j(8VZVQ-eS5D!ghk@bo zaQUXS=!%Guk3~-I29u0YJt`+-ap1-ASkaaP5GkpYVIm6>F4S3Mg*+Wzu*wKd1e$EA;0AsqF;}hT>DPF@?USPl8gp z<l;I}XSTsD$*=Z&OVBqL1Tj`)NS z37?2Kt!b#WP*HKdyzv=y)}DJpTk`7kck&w=rN7X~_WfJD#24!WA4FJs9&qr;_rl#r z&3a9_FFIw1Yc+^DEiY?eD;wS!pnO=$?=cqu4g56fCq^DvZ<)WBn=697^l#D73hA2y zTApz?bJ8NF1nJf7?(}|pQBN89}P8gSfHZ_s|?>@ z?5m?mV2Y!7q={_vC=DX!UaXX^_X^lwa|j2=GX`>NefdKS{NprQ{lu@)QL_i_041SS zC#a2W@gVXCx1J(P%}>u6l&SHfDr|oT%8b_hx|}(hWW1hj^nlLv{wccRd=~WkYuvfy zlM1A%)EWiTPFLp%tTwQpY<0%eyD@%lKhx$2UxQ!BRTl*;^e8o*zf~r;lL2?p^%z12zjt2Bv59isqtIhU44qyJSIbOF#{r#=(Cb`C3{s}ibrQf}$QnefvyNtrDJ&n?fEl*rI(EF4>%CiV-5e1f2GlnuD zzLIe8?EdIu8X_90@m2^Bg0@W+(YyA1Y}KQ6wWSVz&&y#t(`?|)e*7E&k`GSQHL-Mb zR_W5pI5Yhl-slJZd(@92T-%s0V@pg4j=tDRWX}jtgtWicFeRmpNil#F%7gcl@er3U z=2XmNdQhDrZ~U{ax52MI4Jc{6uKs3ALAAe&8)@ehtl(WepU-PS0T$g!!Zqu;Y0Sbn ztB*Jy&>X!IC0W7Wu2x^PgGktEIoA45#0@G|9B?cXA^hU>D2}rPwHbR%H|jRh#$ArbBo99>i)Wr=UMR(9jb30xpjq3_B_9!~UenjMw&U z*>5S~?5>_QmQ!COc$)j(bmGj9yl$ z0PF}(hWQ^IQ~LjxDbjG1xDc7bTu4ER4iBBms=H=aen4FcfuL1_fLjD`Pb^_t<2eV} zciN5%sos*~g?zDj%~S1Qv~;z}h}CG`4Nu01cGbNX*UGqUW8w5yXE(^}{uX9M@@mGi{1(|?P;`8pT)P61Sk*EAV(D+C49 zFX3;?V{FpP^=U8-2jrOEfow`&D^U;>OFo|fNorq7a3|?Hj`jr{Y(LNU@E=cLs!E9$ zck21dcYAK!&Q9@t<%g$)2vKp8&13?pURNf}3pjJzG&y-?tjgFkcdL^)!RM*i ze<-Nwm*Xo1bw!*SY?B^-VoTScCK_rSWruYwoH@uZ=4^FfYBm_uvP7|D=6gUfCki?50{aF&G92Yq`rFFJH@~1b&v6ckGz??10twCXI$CATc)p09i1O_4ZUR60y^L-3Iwax&2W>N|w-zmb@ zA~QF~tc!qfSmkSE26=8o|5lljtNKceZ)w=&*cZc_j|~p&xqZEBCc_#q$MYsHN7ma^ zIo1Aj4Qj%#JO~!gq zZ3_XqMV6+^PSmEP=52IhimqPg72Vo^B}mzA8X5^`7mg=>>2%pU%|LfyB{|49;e<+d zDa!xwJ;?M?agz8qo=Uxc=HP&t{pc$xaUi>s2KhadwU!}8y94#>p$mVosBBt6CW5!q z&^PSy0n~LdBt#Mxbe}?%>0E5iUOuI_qISEK{)Ww9z7Bz&7BkzKMZHASRkGHGuJF^w z(w}yYgi72KdFB$YA;?zpE=+DRTkkqn<`%Z@v*l!>x+d#(#0@2(V_71 z{4YuPf&CoB{|b&Xzf}UFP1YXAT=_t8)DJxp3oZNJb8G6OijoZ;tC!GBa?-RGtn;O( z=?4)mcD&j>oHp9=ZQI36VxJutmX=-XNs3CWy__{wGn$d))EpP(I6sbFQ3+M%Ro$OM z53N2bk{sq?eqRJqG&U&NAKk)!LaIDfNrP%}nYNBZHZb1jJEB?WI;XioLxt>R0Z{;$oBvaWA(iidKre6PE0P<_Qb#Gxbc=CN=0h*E%^UnqK_f z_xPfL!Dp>?->LnYQhGvpT-z_=>YTBUri}mRN=aCx(~r0QOT9uADP5dqCBG*&?zv`@ z`fLJr9-6L$t!!ljs1l?`VommIwQ2PXt{R22%C^%cSX1UUnQQ8!)0OX7c#kFrKJxk`7r z8)BL^{9!zo;j`sDn%xYi5Oi3N$3KJ-98HdPC}X79l!*3$CrmHyz)*;+M<(U^}k8@xN-G>!;qNQ@FCtxBIvpLcB-DGdzZb7TT1Yu!4s$yRw@jm&iZ}Tb4dxSSwR)@jx9Dhvucs33H9XeFdJccV znEVE;HarxijJt~R0iI_YM^`}59#Cu7hO4N(wv=W|Y^2ZRWN7PI1rPfKc>&py!Hpy_ z&$+O~Og~u*JbQSh4VNxO1v78dn@HpO+X=@0&x73OCaB39qYYF6B-l^x^>->sd*CUH zrv3SQ^6h9&_VfL3iplC+pdXj$+1Zfcu$I7z1X=d$iMJ*e+gX_@{px)qJqr-E!oElo z@P!R)Im3zOm@9i*ZMNKmw}%FlYK5-d3+6g$+6#rAq<6PaAW4H{rcg6WBJiXlKkgIP zWSpw@ZNKP=cB-Riqh?Le$Hw&fh*1sP_W9UxTqvsPlEzQArtcefTbdKCuuO=jG^R;e zAAPCMqb9!msnM1NxuD{|*RFa9yH`iWA4?#Ijtajroai<``!DKkLN^_`qv>M^)gl(4 z$W+cJn3z}uYLuD%G^NcDc zz8T+XdYu>lvu4d;B*JYB_rMFt#qfm6nzmSyEJ6j05XFw8W4(60vhOq^5@_=7ifI{ESXH`jAO1E$^d5KXJiq6 z^Mv2H8`)6L$V=;g>*KfdI;WJ@XpD0HHg@(Hczi>Q+a1r%9YI-ZUTxPQ89sWe`@ZZ) z9F%NKbBY0#-b=+x-5Di!BVX>0$Hexcnm~8)eBW&*bg7fc994xgKP7deD(j@GHfOM1 zqvB0?qucag3M(($zF*17H?5~UBD?vkdfqM(Av6OK&7{-F4q0IV=L~aCl&72-a`(^( zp0g8(ibM@bz{Ro{Cr$e`7c16L-TAFir2s$X!S*<+6a~w2i^4gcAB0*@d#;P~8y64O zqvFaO{JudshQRqz$@g@@ba`P;?;OI6wqtXz4FTD8<3s{B1jx$plF4MRpsk~HK!a+?r0<^0hUAUtMy4ybp2LO97nxY0{%MU#9p?ke! zzc{x@Fec+eo?bi~NV)Q+78FPzn0Xc7dmX}{eQ%pd&B@ra=wtm?Rt`m4b<|aZ0tjSo z_p182s5G204ZU*f!HH~LH!L3H662_ZDx}cnl}?cB)ow-W57%+vmatA6if@h$}wxfD-eGw*nSE9qzf&~Lz3FS5=KlKRvQ1c<*f*hCMaZURZ9GC8~5!l zre1hEuC*v)TW6oE`7jlldd{|{G)eW234@dcT%dD;q?}{1KGvbxxOs7MvI->fUqO97}%Oa8X@EN*Slg#{rq9gFJDt`D6I2_LaiyL{BTMN2 zO;O^1eT4}}TWAaneni_QLey$YuERf~##WX;J~^Upjf&ipJ-73FDjoBDpOCf3@pYj? z&kMFrIO-rMT&2&`4GWmrUG@(HfBFhrsWfoT;AZ^qbO6 z!3oDET@4OPHgr1n0Ja;m4%CR4cW5%GWGV@1s!=2#Kih@GcmwftKtU&kM_|jIhX#v; z7g@=dK9o*8YIOG{&Gy{nlr*hiUS|uZAHhV1JAWShu{M7_WqFp2x2N4GQa4ZOQvBmx z(cVSc$nqH?- z=X7q>`u?BDW`UDOHL5LmJeh!C@6hO5pNbEH<}~eIKEIZKbN$wSRfz&5B1rfQ6nyp= zSI)|Yn#@`AlS)TBB6ST__5Jwp)$j8W9CT{hjbmU`GlDuCv1Nie`VCoV(<$1*T3UHR zGY6X4KiWnKAy1fs%WBDDXA=Pv7oyOZ({+k&Sms+i#Q$CwIeX9-fd}{x5Yw+m;!jvy z{5K1lbEfHpGrRR3kIA>XWm2D6)u6;x6ot3)xB-FSnbWolb(Zwl1f->an0 z;j@#)%a~GJ+5GmD7QvpdYT5k@-vWHSiL#~OTs?pjAWf->CMOkdnIIYA&sFqySr%iP z+zOY9ilA5H5Or&G@v{U2fzip2uSnQq+fT^thM&vuD@@3Dgsd9&u8+t%$$Q+-$Mt3J zk+i>*QgzI;4$DXk#Es2^O{n#K!ozS^p*&prxc$nF`qNY3a|{2p@l}+%v6Muo@@EhD zmf4cS6NuOnkg}n#p8xjvvA+1>?b7CAr5?&4WHZo-v24D)N_1!HNGG1^UYFrRALjHl zJ2SqvCLEhDA4R8a2Vd8;jaOc@2*KNvaeeojvvMQQcuq^H?3dXf(7-6UMJRb$AMn!D zshG{QUUrlc#TFf__BNY3!A51&FKG@ObBve08^y8%6V1wHyT`l@72?_3=Yf z5`5hDKSkDmx+jCtdXLcc_X(`^?6UOU@RpzOk%-z;j*ztfs97G{MwBaT9`_DgA>> zp>qR@vV`79yabMf+19x6Xq^LAifqQi$=qyd0UZ2$gSpSquf!4;x@Mx}ztW zH42P#5Vez$q}OXY1DxT#YaK($5Z{)g?9O*V;s%OO@A6dr?Xz;@~A4h@k%JmaTvVI=FIY^Amo z!2S{Tmm_{Pvvxwx>N8(~ThDuIRg~KE1SpcmnThdL?E}d9sNU!29F&6MJre2~H^xC5 z&C>2Bb0V&K#iioQZI$Q9u5(|g$?HRZYCpZTE)AT5Z8-~+b$ItNrM@<|liD=woa>jy2*mTj8}8;GG4Ba!8s>qIgM4deN6i65x)YkZT^Kc{ zj7jtP#+v?x*|(vO+L^m9E@GI=Ytlv^sCyjr_Fo;ytn*HQzo$m+*zQVyMPmv}8PaET z40W27|JA}R$KIiuup0~+X5Wp$z4=-Qa?c0J+u>kO(yw@{$#C_XlDvpRf%)s*h(7jF z5L-WuF-JX7zUHvhJic}Rn1VSRj3=>(_x7Nl{oA6o2A%i#{|41oua5HfWy@n`&5>o5 zKBBl-n%tM{eE#lT=1FL1BHk?c-Nrz)+kWfA|*us}aXRxP+u(MSLYE@}>qP zJ4Yx(@ohzf!`LJfttsl6f{v-tlKZS2RW2Zq8X#1p7m;jNz$E=1$o^YXcUqcsc61yc z-}rs_Db_b7PDyY=c+Anak+rtzW81y9?!%5IUO&xdR)zfd-m_Q zWX10BZx$mEA7XCKsqvUHtRkmR zaj=!mb-}(|EraFVe;o~?r;ac8NPQA$6@wIZofd;m!eHN9&TzFpYD z2c~s8HmoeHF>Xr+BD+v|#1Dc}F`H4~lkKbG!)_#?Il77~8UBOqay!0>a3W}t+q-jH z(vP2kF0G}L?*x&-aw5OAM=RV8cQI@x7KnpU~V^|_Cq{mdrSnnJ>9~non-kGTJB|Y}sg_zrE7ZrSu|5VRa~TJ zJ{dyqC9;iWzMv8=!j~L0njIC`5JFiBTW&+z#Tsla`>_0wkJWuq##{1s@12?U^XVEl zBEPrzW>e--6$EkMaes{_>GzAWp7cth!Z*;5@F%AbFLtC~?bGD4wO|R4x*}JZyi6VY z)H=&3eLlcj@6)w-{IOYd@@eae+8ritzN09WfLV(%Wc;@*O4xe`l+N`OU+%C1M0~Bg zhDQv%v)XYv^99M*gk%iHq6IXjOAubOq!9w>G$oa3!k?Lx<)mKj6hH84_3acR(OgV* z^zrWny-x?j?)F^whm;ot0RmT?p zt9S&%QM|`53bLD|lj>%@sr8p5=d=#ZhZ!CII?=Zn&~PEaxb_6u6nkWdtk?{t?&O2` zu;Efxfb0$Is!AAtrMP?rWxGSl=3hx+2#WMkfkF9+v9K~(fd#xtV+mh80SGKk0Il#k z9QT^Av+pif&TAM~f`jvvIgBs-*G%({NVmP&&4#`(HW!{TA8RV1T7JE7Vfj)7EGmGK z4wf8v5TBdh3M!wji|rbk;W@>YHQvTYGDzi%3EBocjgCiUP!^fNG>F+M*QS0ZnrSoZ z{{V%HFFF@4)$j}VX1|nsb3uM;Q#yfRceCxC+jM2Vd>WhLtyrb)o0q62mx^A-TB*D9 z?cUU`t0zFBJX^!v$qWV7AZ>J`Y#y4pb3gyGFX^|WmhHFi;Q_B{DPn=AjCY+Oq_D1X$FLBUbo9^6UAq$+(9YZWAli2pZWaE>1s~@;Bp=QMZ`h)L;%WhcgCa#iG1Omrz@q4{tApLc`Q>2GsW{XagMnW$S z<@;93z&*pw9FMwI20s|RYx7+&XZaz3sBmzkHg-h(^3w9~CZ5_KnIY8vPvo#TP&`*# zJbylUtSLiRsL9hHLsMEjiDuA)yXAF@S)%q97C2W5lN#&I_;AZ&nd~k?lyqk3Ds)z%JO$#K z)f~RGbT#!dTecO?aSl`F4*w}@_YCpBk0WSy5_s>qO6Cw)LaQ6KwiXjrjKn0;LKt!=j5eH$J%k^}^vCr^)x{7#K2^1<0Xvf`%~V*mH@5T6T-tqdjTO9V5##X(}vX9Pb57`uS^0(^dSzWuPs zVWK#%k%&6jQ!Q>vQbYQ9C=V3$$HH?g3mRW=^o4jNYAcS99qs3p(fyff+4no!^y(91 zw446Omr%#Kh>cZMdDrclR_k9`?~aYV9jBg25Gt$}GPFxH+K&hDvU{m)5`EEWIJ%eM z?$DoJw$PG*&BAr5Bt4w|z{uw+Wa<^E6XcUXpCc2-H|AVHP_mG$uVz;DAF$raq*Ybt zOKE%m>^}r=`b}Wn3AEovHm|gV^W(Cvk+{X-8inSj#WMeoNcitwKjx_Zvr@oS;bmK# z>(Eo$It}tC@~An?S2Y_f=F3>fey^4$%Ybb zt@B0avE5b3##c!S$?`x1F6xxbNwad^S;LN^TT$Beu<&u#V&%8qV!FjInWKM9ca;Qv zrIzfI2Jc8Ze#8gTsrE7Ku;QfbFqOuA{>*J#?a$wbhmuK*=>L2fz#F%)oLW57|Esn& zu8GE5wie?)M!o=-_nE8SOCX+0xZWnfF#>2 z>e-GAqz^EO(vK20=DpaN!!iORv*7CwId#+y((B5_txZ&o0U+~e(G&sry9pZREKnmb zW#)@3KD31VF8+xtzAHCVu zP4>;|KUO!pdp-FExLWBCNISZtQQ}m78tyiNDPY;-fh?8H+)3wa?7$piBNH6y_F6=qjELY{`Hc3g;^Ws-URO1D@ z&TpyzG2SVBvy!;DiHMq3dhZz*k$}Z7jz-FSQ@N+yOMgMU|7RO9PV8N?L_(_6;6EyGjC|BrQ;w8v9E<_=dG6f`JzFPjSbuWS^hIuh71x< z0+i!DVrC4>lKKN=$1Tk80#3=+pVZDL4|?%4%)ZO zKd3yePfdmm+Mmmwg#p1PYh{tXR?kilH`oLAr)af(h|4i4`JQGGWrswryebe)c_}KR zzW_?siG-eRcypY>DAj`V!NRV#zlJPtvmVfdI!S$;QA^Gm)-U;)y6FZZ3bXSHxcfox zB@u-NNlk{>53v7?~|sXj9n?|&JWRyjmQzC#t!f2*Uxt1#`Z`S4VLh`n2kG=EF+Q);{$6Y^MZgW(nO;AyzGA{$W{mu_;B11RiM z3y=-BH@&3y%pGo1PAJ)Wgj&MXT8J-RLA81(_zwRy*oa^*Ap;u2^^P{V=Q9+)Y%tA! z-zg!*W8Uy#K}JiUY}aWbfttc?<)#Xb%MA5|rBxciM~bG=xxEdl(^9>Y%O~@dkBtAx zT%T|5dYG0_pBex{TiJ*YB4!h`B##zPU9nU6egqeJ$A@NL!zEwiW5KY#}&<(tBxPffRv%qBk`luhH$<2ib zMJ5X!e0*dGTD?|@M$Q(P#zC5*_}qC#6(rf5ztRL>cyGi}*3+j(@gkKW;UplMaZH9a z(|~%UjVQ=V)|=8##-0b{!t<^x#%xeR{sYc0KvHV0uK?lvKoslgum3rtZ?^v^--odv z97JDr=F|^!^(=zze50u61A?xRpt}^p)fo*po~7WdFWFtP||q${a%mcz2A7d znc?-@KIOlnc)pff2l=cg?^4Wgp8?0(8;N)=LgB{uL-?GQ!{{b4Q>Jjg_}0NZC;L#jcYm|i|1DbeCxM!MA79QKT`9%1XH3yT$5qT>b{=~PX@Yav zIk3~)ngFV=sintA8tXyjL38&NY{l(XcuVXPm@#|A&iw{p&3Y7kDplog zcmWKy+p}W@`MhD;EhOS7Z(m_YL*EqM`2f)1l2MI9KpMwtf=I684s}vXMnYi1Q6MZv z8Wx>0<)NveJfSI}uL@Qy{q6vn^w{_>y&4dccLhKGq{kpD{tBuiM0O?rp8fb3M9Td7SxJB3HfI$wQH$au{9a)q-xyKsmMR*DLqF1M6*JE*6=o zLHTed+7tp!&A;f-(!)5AMDa6%nDps|+kCjO79Xo_IMu4$>bhOwkAqB+X4MR69=sN} zO*MlSO5nzGl7_@1LyO2GgaEnI$7`#gUH}f4gCIh*3BPiOK8ZGrAd?90JyFuf#{ib$ zg4s=y9eLQCU=l!6R^l(?F-?9SPjv0`g8eD2OOA0OwiB9{AJiiLeEIIF$UR?lm&f;3 z?Zg13F(;3=Rx3T@YBsELF5Eq;Pb(pWID<~Yt4?=@YB9>IjFlD| zpbMC9MgkMQy5@F6yFC0)^PJ`5!TmsZ{jG8j07peuqx3qjwd%&Mtw$bxR*g@p7smX< zsE=Zy3?*Wfm&Rl2TdF-{sBPNo&&|3kWGf|OkvzOGQc1eKxAd|250s@lJTwhI<>_!^ z9%?%|^7x}kEw8oTN6>?8LC_;DE*3)57;C+))&NTKR5 zPebaB()EATive5HJ9@mgT9HBy9W{)#F|~N2ElIaUKCn(9@?zJ(P%9%%;XP^o3f}5t zx{$V!>6V-6PM!93?eqP&GlfQYWCuUY`aD&gaGjOEt;h|%S2XV}o_Qy`KFzGzt^UT| z!7{d)A9~J$Y)o2lvo6zw;&15mptN1^U6 z+QI!sx}*bsaPh4yp^*Sjnt$p!I2f@FIyCk?bX3uk{Dm zEpX-hPG172hLs`U`E;%3t%G(a2!vDlea?L{LbIH};-&>xnPy3$ykS`eeDjq@RbBQ9 z<#OIrkKmj6k{1vxh@$Cf91dzoL9|Nboush-#9;})mU4px`w`&{>S{zQn5qid|QWR*}W9NUqxXI?1~9fn+|I;o6z9AE$nt%E)J#lO-#K9l6pSkV0bq z8WuK^N+0i(=aV`3(F_k1|0%y?26;sL*4c9V>o*JL;HS0&5~)zrb{Ckq)p`dYv()!7FsNe1J^~S_3+DjWvs_m3S|6uMtXf#>5h%;0h`_rLL<(hHUm;llw z3wgP25aP;7wr#<;+o6;U3c|ze(bh`xf~L$Xa)y5um&Sk(6zL8tH;`_B#qFXVHuq-ardDxs=O=YT(D+4Rd$IS zQ<#x$x%0=LLBl0Q4mXg7?b?K$+k*ck2%5p_KjeWd%BjzyMuoyr1uPgN=n$#z3yvUS zTQD5iF(`+RVdr%GC0_#gqAvj3q_9CbW4^RiHtpe?(+{Iw`)W*NuB02rfKM+*itf-0 zP)|-oQ2g^r)fWDe_+;!7Zratk6dsLjAzGnAJ79jqI@;CkVNm>ztMudW&|9(-aa6SbUk;hRQ!B>j0-Udtb3GnZYxvTJBUPlJM2WEg^WPL=NjrCb< zaUkIZ-rrrBz5iv6a6?Wx~a;R{6s!!Q=42(21 z7pf6?S6x|yCwn9yNrPARLDJEzK8uV`Qf1R_HCI0r<6lD-!K+`!5NDP)6vnAf9d`_W z^O+CCpflIfKBUu@`&o1T_1_y8IKv_}-5UXsjU_w#oaPi#<}`YhATk{Cg0Y+JfI_Ur zN-uf#aq8&Kqu9D}-T`I*QJO(qqB1HwQX{jpMx@PkTr_A_~la7Gjxk$OOM&BH_+b+(r?#=_nb%#c!2- znZLCT<`)66*VNi}DJaBJ+r7C1l=&}LWQBrvk-yVN^#Gm`agL3*ie(SwZ8IdUnk`57 zUdNniy7chqn38f-b|{@pSoZp)zE{8TV;JKNAO@kuq0RE=xr9S*fHPCZ<6&fz zYh(47lTz9DF~VjOmi;r!l*0WYw~YVGcIi5-2-@9Xjz&;cWN$K7kOAzesTuYi3P7xS zEtaaVPHF~FUIb!(jYmS%f{KO8@2rceRY3FKPn_f$tT;E@Wu9=xFACq}z4T*s%Vh6{ZOz#zuxC z$o6S1E&GH?Op^Z=giP-u9w5ur?P^f6cpZwU>&IDdMF?UvjLpD|&Cixe$|f~s%n+9~ z+L4qqYrQeBydBzxl&C9H$|Qb_dPNnR!;X~KpVvF7Z9lI)VfP<`GBx&Slu#D0$V=OsLwU#=eVWUoEuAQOU*z<`yE+*@|=s+%yj4H`RYCNiEFl zJ9#TjU5P{jRmw|=82f^$k%g=+%lYJ6bBe5cMQ3L1Z-#GKR`pgwq4S9*QD=IkVR5xo zyu=`X4x5Spqv@){qUydbDydQe(jXnu-AFe`H%Ll{NW&oAEhVLNBi$g4bVzr1*D%y~ zFYoXB%Xr|KJ7@2`_F8M7bFO*AckKq5W1Qk*PImNT30gJxC89SGzVx;Uz*$kehS*;i z3zf3+aXVVog?(QlqnB$l=Z_-4Jh`wjZ-!C&ME!x?DP}$aDG8C_PKZCs1HpunqgSp< zqZk}stVCQmap$qXcBivGXHR#{uED;2g(J3?KfO9gErhzuf2ZC{=;SwJOTY<-bx0Vz zPFf3$2l!+w8Dd>_C~xX6wIwlYZbuTe+{&nNJ-nc?3fZmfCXSRDlYUUYEX?jnErt=e83 z>W(+|tHxM}I#=_?2JX`;1s=PH70w*~P zsy7-lSB^V3m^iU%((g|C(E@2S6I-P883Uqe&a&ES4!#Eohlb`@T*k!mt@T8fqveDx zITV%`ef>;src|uWvj~DQof(z?Zl%)*%OQbzJux(TD(f^B5S4YD$ZRw9k6jeLX%)#J% zK-9`O17Wh~H|Faii>Qy7C=}Q$so}5s)fDFh1R_L3LSH}vfAmaVdBbl9_ioa1l^h1u z_hb3WBMqd3GR#v6CZT;{rD^ks*urXI9xZ%6v z(Yx(BfJ5LgDXVJwveNAl=C#r9oIR2ZtscsgC zhw>%oEIz7o953Do_hx-i86zclFlNH`B&62K35yCzz%MQlq=uG+`BfAq_9xl*>l0-X znw(qkQ%#yH{IK&}!ty0+ri`*)K#E)r*Gi{YMu<1GT~%T%Z0LqZ1snjGU@rq;YrA+Y}OLe;G3CTZ35AB zt|Al2u&haB8GX+ua%FNMdV_vS)xu_hw&E}%OztnK)btp}qNnfVYP7w7_2%w;Nh%(G zb==aUYLE+?I(I;^OHJaE?JBkwgBGYbaiShL*(Rd0FMUz{Ra8cINpV(78I*a6S*Vhh z&_>$)pB@R|*q%jVGQvjI=2=gV!QX!OFa|1l>3|nWXg89hClvI?t@u&Nc4VO=#-5{* z$U#E?5)xYuECh`$Ybn!mlE?$G_)6-;ES4C_snx$5%lnoBNAD)NskpbD;YN1m^H7Rm z^T_B%!ftu<xeM!Egta8%{8U+|3Xfn8eXWFAHuAK0Uevfmr=Rz^Hl9OHymmVz z96wPBNRb$7B*xQiz7WmUbE3XE_IC6|1BLtci zyiZdu;8fm=Jt^prcTIk(rcdWMyi^e6@b=W%Q6S+z{1Mlx32=h1WC7`9+Uq|PZ=GmC z`y}VDDlR(b>ueKp=?Jw8DX{{U<6=xY9TYJ{zYCQQjPTXzOFWd=l+QV{hG?5)v8Zz4 z;)-Xzn7Nk@&EB+V@6)?P+|f3zG|M}jMd^v{KevSqe}k=`GN zz(c=;Uao~aE}ui?GycR8k;ERQ?`iAkr+CA#9R%Fd-`#G&wq7=_-0v3_ZJx|kW(_;R zD%E{{LJ}D6t4ui}_x?wvT}VHpVvr>;a7D=H77mcCVt=tkOU?0jUY6omq}_OG{P>Ih z*^dnS(Y#=|v0a%91@G{Dm|!s z!`2VIFro}klI%yklaA+uzNht z;XE*nXXO)B5JUO!$|8(6MLL14$UjdDGp|8Z+@^4Fm{XdVO5yyAbri`JX|u=881|J% zMupp~edlwAe)w#1Jj`~7OL`%~m#B-Am$`4Z&UK{1;c9NY-tJ(u#kMIk8L^E zQVx2wMR2XeA@?7s41C_5bbT~rab%_`3fSIO@$^y?!rsf*6a7ey9V7pdF*i5lJMyun zE{)q^?HH|&A^Qc^sfsmKj|?8d#wF&DF%kT*@0!GpB<~=^z2Y%q@1OmJOij*tN+`&d zmo)#D6i_XRZDt(ELpU!Yfp$pe3?cm|R%09i5}v~B@I4;ij05YSDa2PAd}6+WJ&)p0f6=s-1C;U4s7$xLfYR>HWW&pG&~!jw;PxCDYEaw#rf;ME4k+^Rv>3+-D57a ziMoB|P^h7k&135truA*T~go9CbG7uO|gJe^Gd+)+wY^Hws=aQ>+i(^T(lN zbo`epIy|&&Bh;p??f9%I%2)c|jX1JdpZLOfgt=dfD1(Lp6|?+MdbyODw1GxZ7&6^^CbQWT>B?vh zt_;pas->2i-9Eqd>;LsytYjdy4Oft9*k4BCKcNgdl0?Tj5{@uIYTuk);t~d$AL`{` zv*|aFoHC@{a{blqUxqT9BG225$szx~X}VgrMoatfDvRUnh{mRVS13!XRk%xr{@dv! zp;tM0pu8On<@H|rDf*i3K^@z&q;?|^dMb`)(~pz-WhGRvB3Ir?T>|n!@G*AnZ2W{? z<}&b#wamnXXR=pGzw5sh?coO2QwTT*JxDvq`E-Q6b?dcY^J^8)trqz~Bl%nt^YJm- z=d9*ap)@CBD$%3W3r$fMA@9cOznKI^Gu?5yV`8b?`h{>PG^o-gsN5%0VCa3!Y1y-) zi=q?|I_U999xhCh@zVXLNIO-JpoG*CSi~YrErq$sn)l}|qjla?JFKSW~CxB7`Eohzvl7I?okI9ohXswH40_JZxDfrlR?Gnn;%!6fkvn1wU(j z&tO-BpixCC?7&YVwoPrSJ<8rYCFjvsAt4b?RaEN`G?=Sjt2{d?Gl^`O--~o{qZTwjhvBy?%@}!*~M{Tv#&uMOBJ5*Lcmf5!@OC-;RQ`umCM}ya4-s8a_A2VH>6a z^QPgLFRP_e4OPg`kl1X+O?Y@^8qC%1m-rQ51SgJv$`huKB`n=XNt1F06bHOhm2i_j zZzU^8N`A>b@gp?fjqV-?a_&m zNd>Yr7#!3_5C_2zSPVYp0c0DMxIM_ur;Kzp{!XUKCMTO)FUNOY(naZvyXysAG-|(V zEcxV?R~Pa^LOwO8x^v6feE~Ys4?l5+HTW`Avqq{=z3JLcNe3Qbbltqjvc8WmIem@X z=@XK}`ILdYUV)V*3)E|7V0_xMKh`DDn+}yFSJ5AMFGYTg;GK|!x}U`&5u8}qiQOlW ztxVAEJuV4jw|G>RExaYbIy(6LzojkOnhhA_glb`=u;LkmyCGtHx6rar3$1IEGy3px z6#PwxYx090Ua~qlZqLKz1STX4OB`JP?#KUTgb9qnq;t;jWfbNJsSl@;D0edZDab86 zOEL)#S+=&_sp6z32&q)e$FZ_u4bXB7y8aRJSZ3u;ciZTK&~#E*WWaH5k0vgyieW-4 z>Et%*`uWyPX$E`ft6r6Ivz?Lsp#Qb!9$?IO11H6u(k@)~pXrw4bEQj!ZcytN=-EB~ zF;MAmFkP^US!1NnttYN!X2hUkWsT(<5**Wi?oP--2zY%%Y;))MT=iq0u*>F6DejoI#&=H~xe!(R}rNLO~K*%344!JFjz+_uqJM}m{> zCBB>so;eX-@qF$oEf}iv<)c!op)0*lGOYV$A%W-{qVYg3UH#r{-Qt$F=6EdU8@;TsoX}8K-^ZZj@Hq~1BR#mPYICcbOz!2^k_3_A))q;B&Z)*{&QApZ`TxESUIMM0CvG?=Ay&;t0x2PhM zLcA>@D%p6YwqeG;cviFaBE3r9QrERyv5G+gO<`djj+@#&>>0`nn6z#YUv-YsK>w|N zGmVVNt+}D}BE2oa&l8>d4v};;P0A!5(p}^T7}ZqN zi2>B>TsRtehu((iSjyk_zF=#+e~6N{qP1L-vMe--80Amt!|@&Iof77Xcob?a zt0^O&L@pB2<@rg+tf)v-BYTyjskeu{dBN-VLe;tQFDdBfvIvV%&)LGr<2!5w#cs_#Rh&fxvYt^B zNc#8BgoGFrz_O%gG%Ttzi)&|LmW+}Sg~0LLV%;ztG#VWq%p8w4OiMD6oM;Wep9+Z{ zN9qaVzaK0$5uz@v)@3!?l*#@diaPKFCqFW%VFu9s?u+oEgG&8(zLRXz79)ISXA{LJ zIy$#d*4+nt?HLPYV7D`_#8+R7rrm}v`r<=pjT~@lrXw!T~Az;dhX&U zhH#vOCqtTwlY|J_oA%oF9KZfU$M#Flg!Grvg-c0p!hEM4OQa+7-3#S<*!swPwT1(! z<(qK*@63e5c{Rgn-z0mE8e=b0Z_Qko)<$NXo-efgH{T*#H>$%NCflM=ZD`}y1mv*? zL?+Mb92^IenX+wT8036|-2P2dsktN zxH+e$dgY}V{JQn8yB2U1?n8a2A97sswN&=V7oAEimVMw&DHXndg z_@aIg4^nnI7#dg^9=58fsUHdzzG@mEwbBIRU;(?--S0guxQ;S9x*ydm!2nlu^7ndwKun;#!%_H)|^U!MLT zRqqa3wlSyeEqrW-AWsP(4*Fk?Vr7a2Y>g_%pY~xvTe!Lx5xs)QzqH$0@uP>c(glP< z3bNk$>D$Ncv+8v7lH{^LD$>xm^abpYRYa$h?>+fNSKZ0no*-D^+I$anF z;q*pLMa35BbFbziWF1XvDE>%O&&2+Z0Ca!^;5o3*=a6ClAMeu;L=@3TJglK>ebM}( zfaQ5s7+wf6jzNytM%Bsk>vn3dolXpx{?C)y6OL%DWErRisZ);Dk3z``luTsnD7$R6 zm>vIf6&;0KyN}HGKNNU=et@cP_BqBKAy<&?kR>My%vUU< z>n=U=h=+pAjc8IVyO_>2T+ar7lML)%mi6;@$K)-nBvYIhbYt{a?+k>?1y#cE^F~>m zHN|pbK73H7s#uI8qN}-a>tT}?o^i5K zv4MACl9O4NUT}|aLInPl!yLIBD{bN#3w%3<#W(PfNla+FAU_-FY610~$U@#@))07XK3(%5!yQEFSrK z7hCH-D=)K?Hg;j@#iUilS9Mmz$h-+z3Fiyh<;@z_iWsMLH)+5=pRvv96vlWercp5N zh`?n(mccy{PyZ9qAWlL5j%6IpF?HS8B|kklNN&=UJ7>|{CApP;a~UJ+1(6{N7j>N) zwxQ-gwt;>T=a4@?IUs}Z{APxCbwqg?9V&Uvx>|bmi19js?zhYTcPEzr={a+v6y13PAd$GXl(8{ka@iH}yIcore3t5LPEyj9y^&qpf^{5Kiz+qZbU z*bhb>1mDKSl2u}s4~?EAKl6xkA_6>LWk>)=3 zE;O;P=HQipeO=pcD)RSDT1iPNM!Ifkcq?Qj7{rwl^R~q}L@C~AXYGm!{CdH7h#DBK zMNsq|L2~^^Pq~Re1{tf*cMC!azsTAP_f%3DVY-IuX>qC%DD}jXL9LnlM@QC`z6D$vKC>d{vr8`5qM8U49f3&2aVkP zmxWwO6k}LZC44RhR#l6k2u$i4c!kOdq(T|T;x7&bmn&0uwKx3L_-L>Ft#zed86wXc zG~wG%e47nHbhW7;t(4rPch-fa;Pwno3mS>e-x|ticLrv@TlLR!JdW48P)PnlKhds{ zG~WA}D_w`7o=RPkM^S&Sw&Ws2WHj0YP8@sw%fwTA!TRRuavonevz#vX5iX^7hY}(~ zeLhe@_?Qe@v!-vh-W1;NX~jq|=xcms{TX_evqU+foZn-mR~-G)J$1c|NWs%EK)rG; zT6``)#Lc*%(C{Z^NM1Lor&|!4LNZJks4!(rgw~xb?}fIR7Cg5v1iPcj<-wF)tkt0u z1iQD1H|}b8F)MR>`PY@knr|Z#h{A~cSP^Qo;ed}1h>=PD96#G>v$&j&W*P?rx_U}2 z^ACS3HZbIQR!m0SFHt2B4h2WXq7w&Hu30F|7~{lY|Xn;mc=- zT_dDeIYtIxY^3~5S_=+=W>AoSoFosU9N+Z^7S4Mog@n=Z*u&jPdJX#hw-GZrlNGf< zp2P>)8co03GBceLBig53Ovovf?p!HN3>Wh_ z6e2fMf|7dqPbq4EZT~lPM&xt(KaP%BWP7nZ$?4T8BDGE$JRexOz4Jpoy2Rsu$NfTn z(;%qq%P7EgSEAe6rqJ`BeUxVhD4nnD+S$PUbEb2TPunL0F`*CrbXY_o8)kNWvwXGT8@wL2O|f5ZqDvib&YmS2u%BbOp)3W)Lg*u z?N!=ew)ow;X0tnrrzRnzlN@*+1=(VcLqXgPN*!@q1V#P?PyOWrN;WW+Q?|G zd{mCYoS?kD#)iLY#n>wQ3vdO)7XCk^UJFx(2FUqduD5&)rx2v2qQIHI`4X|hGrhB!twb<S9C%uD17lOX4oi!&Ua_qw7 zx%{VE(TT<{uPaF6bt2-m`pWPR=d_+bDk0aW&HemRqY((JgH@H>VqsvQp;iy@|BbyKS( z6uM>lMUaya$2N+W!{}a8*!nWt&4}u@a6UJTBdQr)o!f#BBT}%B)Jm}xBD_MfZ5o-I z50>zUnZ`C2io--rwoQ16gZ>>?2(i z(E{Vp1N;#;L?PH1@Gj+g6i!-0Xb0{|Lb+G&DI|ZQ9Z47}LgcaY>wt3Y^r4Bg*Qac8 zd^*Sn+69?f>s+<%Pr^jizNw;!w(;{s__JKEl*=K@$fLGChT5`aTo@9?vPY$1pm7z> zSX?a9NWYuT#=w4`TFguy;w~J$ki^nRg?_9Y4jab^x8aDYEjjR$e(NfYnA$&ZVUO29 z&git(r}YQ!-28&I_7Kl=?1}=qF9=SYVgg@I)0tMf83O-s3g2B=PPYd3A;`OZLjUrB z*7-U+6-`n2{_BGG_2SqFQ^Urah=_>a@qKCQl>a@mAd;a>buR3ndhZKiP~kmn59hkMrl2vVh0Bebk`KiM&2#eHurK+fa@@=jhzt`z6PaR2|BpM(6#Lv!pfw*evAsFxY9B zH#l8<>yqy)SxIbzB3V3w;D;@0zRv9tbKnL$Ix4-L<3EA;Dcu4<4nv3RA^ywvN3L#n zr@a-<`x*>7)yQ&5Ox;}bHvTQwON32Fjqk;I@RL#OnooPCM(kTIr&{|PuI8*y(H~FH zp^L|mX{b$S5NiGX)x6{FVck06G8A!`XZ>}W+gj+0Y5!N@?e#ZXsj=JcXXl5Q$!Hb}Tku*5-=-LKsJ(^uSLM6KYv$qdQqW zncKZbzB-Y$dz<-#LM}6WxZi|w&1h|D%N&6$z@eqf`DIGKJC}C-;N=c*2qnNrJU^s1 zzl1vV1sV^W&*Qbv$TKc9$isQ&y71$<@agj7{jwW$HQ1A+&F$3qpl%uBc2$)bX%fYY zIB(x3$nTgqs-!r7?6u7g?e)2nD!96CI|S0N?$n^%DMi=S0oFh&CYDx-k(tbE!Vsxq z(u~UIK0Vh&UfZs38-PT(&#HRxPxQG3K{$=l=mRcwMPKwxkmpRsZ-G#~t~})8Xe`=l z3}jfyw-A7kXW5Oa9RDs|*B<3(7G^$N%+e&9Y@7xu0Uwsmj>S zp&LhY1wg))YQ24+q^T4IFV$T5rmX^;tjbjT0)T!vXa?mGO3|oip{NSvw4PcKJa$K4 zdbp}vpI?4(Fx-UT2+yD2SaieAQP#OG=Vq>n7P8uCz; zdH)(jm)p0(E_0SNL|;cmUQDmA_@i$P5yYq$Yt%?;000EhYIbAg4|6-hJ4*gW`KUV1=KsA@rXn52OcHRH-Aq@Dd6S0t@Ox|~g)jCvMbJMpD zvt~)FSea1xTDwKQ)ylH^wU>I%lj`+5S>eBd=JDGpKW4I6bG>Q#p2@CZGqLA0P%qXa z`Ot^m%m9WB_aH2JttHET;`z%JK51am{LR)KaU2qKc@$#+PCt; zW)X1pz9qcZykh8FY)eM(>+3^aI!mlOdG&$7CSJxwwN2B)rC&=RF{;QY2Ner}T!A#E zUMYzG<2}vY0BtZN8$q<|4kHpf9RY8hP`o#xKSMZp zxV_&@&DJslH$*#l;Spn=Ki{Rf{GKGF;HwA2ik&-3CDsIPY^u$-3Qr_$zyRK?0lXf? zAzhRja5$vfoE9430L@+c`aGI8#fYix?u*xf32Ev-HqBBUiBl7Tov(b*lVITpX761& z=qkET2ok9m#(RyDKgv?XfvQS^HIt-kz*~JfZR-{j@4Rl#fO|O}?^!uG0)SO}b-nB( ztWj=2Ea$HuKIgK==Qh2w7;3y+6}py=REa~?95OP24@w+)OmvCfV$qTO_7Y0`cS{V z7rqj(!uMXk;4EI^Xv-}MR=mrCNUxm-&8)+tF$%CY!ZjA{SmB?JZHvlw_DjqqUA!3+ z|55NxFkwHszbPAAw^AC(QZ7?nh(*K)wfP;xz+X(ICY+^XwW8{nr;CJ4MLGeLVMs)C zR213bTJ=}O{_qz132uBVg>U#AC8bmVy5bLQYP)TcVZH{@bhcrlYiEa6k^hh*4Je`) z>8^{;(^SHqu!+p5$NRQN?nFjijTYBVRPL3(N{}!6Yij`fa@+S&p8Mf8!!f(HznZ}` zU1^BmZbx;=@k|K_RwjvgC;QB@YF|sx25{&dLOi@KjLwL|8A25fYy+f{73pfm>~7_& z1?M{MttT`JpX)nXmc2afBnSw0R=lz95;anzcC?Y6Fw9{zro|Sav{Bt4XlXVh*e%h4 zXE|iW<6zAIjrcNE;1xpF2g)XqU&<{iw1P2<`YqyrRE0bO1BOaniWeWPXZ7;fMBiwKi3PiHHThe*A?70 zC_-7wl}>rYVeLGc6sb1{ziVQZ`OuGz&!5vAgJ>XdgVAz*Y0yU--u&Nmxd#DxNrwJ3 zcz>2R&{VktV^PXtUUvt%8IWZDijsB|!c+Ii7uWAlaOUR@C)Ul}AdHpQzYBylM)p6na0b&t>mEX&=2kH~Q+BnY@6 zC_=W^;*Oh9$>pGf4pp)5eXRV4%D6!VhzRj4Gxww9$SH+b%(QL zk%;F_WsGj{clVQtQxI&096K80;ZR&K@(Pp{i{*CGS1e z+aJq@UZ>qM&rBchueS+&tvLa=lnq!7Qu)mXJF6%@-EQ2YxgjiSzR|BQ_s0ep;s#%v zn3&YV_KF>W!dU$*e2Y)weW7eK^ZS`xB15~&ylpVpy`_j8;iH6L7N)aZ569Oho#^Ym z!Vj!=^{a??u<5p*>}a7dnhdw++1c4Mc1?#TIW&SOBW^wHCkLN}3HbqF`Cff}HE*vZ z=~JRr@%-3hx+!i=s$Pq4H2~}6Zd;gC)4-kTYT4&;qhf!mRBlU05cm~`aT%ItaA1U2 zi;BxSP`MYrfzW3?T^1Pf3B)HTC;tO(y`)c$>;)>lg9~LfdgDnAE0d(OzmZ@^X=+#vtFjTh(Rp@BE8yF=9EgmYZpVR*J zZsWJe4|lqUQw~og?spG%A8s>^e=u>jowsp~#iAb1=HntS*l6FD;0Ppt#YB+TKCYH2 zeV;)C3GmK29icQDX3Eo_`=Z3gk^SDra68n~Xn&3TONWPf`{`)?tOv7FqFR6PPQ#mH z=3OTt61l%P{FzGDaeqJE!!Don#C~}jiR*$R(p0H#@K7qZ377|#`RPTxw-Xsx)hLG6 zTqT(1KMK>TazGj#TwLBt04O!Aqt;tHfwMk}nQBX{py1#NubVFi4ci%Rd#agXfL?op zMC9-%;&KQKJ=p!~A7J~A*Nd*}?MS3uJ&}ZCyI+6X%(5M{-X6`kE_*v(j7hEk^hfiP z?^yn`t3~m+#og9E#JwD02*kMle3-w&=FEHHbOSu+g74a_%$x+{l&aH@Wm*0sFxF1{3ZVYpWZoFkikqKMBvO z+IdCD))6>cvI4}HtMzV^8GOD7CJ!)PAkPFD6Oi!e&6|w&?MA`GTqn*?5-QyAjvNB* zBqbj?@7V_Oq9acs)nVEDdKIi;A)r*&W=x{H_YJQ34jT8%;^(%INZj7t%&KObefP!1 zBKHFj&PCMO^3@Xjj7fK!bfkG+WOS*5`h<95wErY%=@cb1!>2U7Uj;q9kw% zPvW-nOwVbE6ABbf2)Ib)o{Rgxk6UjQp%9;K{^fSzyH4Q?0lW2{NSTpPd!O6+7vU6D zxzSH>p}P!w3lb@tg?d&G`MUXTEF}ToU=j~xP>HtQ4A~n4Y2)@+&cIKzc@0NK2cT7NUF#(ySRBmmf8|ap zlUiN_u!mLFi4Hk=q35<5Sbx3bNtkK7*oZ^OZP#^wy&V0%y!p+O1yH2f@)G!plp3T(u;V%vHqY91W0t6aL25BYXqX z$qoMSN{HTP#P2F#yH0W%d6e$a*?h+cTbcw~5+He2@lSnKfLrftAm)1w)Bdr{zjuFL z$tx^psnM5zPhNG;vuI8;plg6uQ>P%Oa@+TSL6T!?0A7DK3iN;MXdxIaFf%`xrBXsGyHTdyvJ@3m&Z&IHT!RwX#V;^CIN7(eb(&L5Ft|A3*vD?S<~QJy@6MHGCPq*f&ek4+47y z=t3az*)KLa*RS}!I%zrfM*p1Y&4tFd^YirHM++wt+C|g6lMI2~0(z6duH{mr`MTxU zjITum*Ib(=I5rO>&eChWX`Sn#=Bm1YYdja)941a1*=pMrG(S@pi(52A8}u3?{w>nx zqpF>50K&&G77M$pZEyMKV&~49_WPWxjK=VN5k7s%7L#0|7tT1letaESCPLNQVZ2N3 zkgmD%*zWJ&k4@;Am7!=fE-=HuP=Y560pT)Dk) z`p2dT=`CI>5TbQZkGm{5_R{Sq35=Wq8ve=6)Sb3tohs4xNB7*6?o95W~m4%%FB8tKj#zTfqI%LNFL+Lbh? z;dYQ)%2;0mj!t~$BG4*$9`DYP3^3#aj(r|)UxboImFm{5sb<2knHqPpGJ5TRTmk}m z^=B=36KL-pv!62~A0Lh%kK7OZ(S<_5wOOB=se6?<;`4CMbKHEswRvq{bh`sIv(CD< z`$NZ2(nS8_W~^iHW6ui6J&bp({0XZnqP=ZaBH;%>%2G8VM3|)SGFv}PN=Qg3efL|> zeKUav$mbj30w7Ju$9AGVQX&g~XA}MPLU>3;KET0G;vW_T%R^L3fb{`Pq(M4_a5aDt zTe(ZzUhVQjM>Fw|!mYrmifX=t-K-To^L=V~?^d<}ag8<&qp)qUSdhwV6ak@*_zof2 zl=9xAaLK(iS)8D*iWZ^h+`n-`QNaEM`He?k{}9rsUQ!>T$L+_v%&D)*Ro;;-%i9bf zxZN&4Lc9*G4O2&TwzpF4dou55Gb63jE}D97Qrm6_^&Hv}UWAh-zAvkPe(bq?``dYc zO1nz372s7pz)NCo9^JRogY6;bsS|t#$Mx$`zFpC$N2D>cNZZ)#BR0#+w#6n4f`{^A z&rC@myyoYbbVYqmscnz9ZO08{9%B-?3Ugft?+tHW0yTOpFRR_6f~XJBavp%zKH0#> z5)1NQRs(U@Kr48k^2YvQ%l_m%^U+J?EhQ;zG}r;i59(;`Hi+P`(5=k^z&YZ_Tg$x< zt?Spq-fvA_f98W(00h6cD&w+5hVBsn-R^v$%R=qta>LuXY49V=RGvIoXs?w?N-FCmzt}akZ|=S^Q9WjCD~!>!}C*ealKiW z^H$rA&lGgcY6b+{iuNJzt)jTM)s3Stl{v5M-O;Koqkxl3*{+z&IoINmAt?=|Qg()L zXR?T=$FAPX2->rC6_D@J%d{S^$nKeVJaY>~jcxJ*(05sT(f0>{c@YYi-9m_x*BX{! zbZV(}z>UCXWp%F|G13m8riJOI^_pB5m(DY;#Z|=>zDIi>n1D2$jm~WG%K#%ti?@M* z2>}xannRt;o59Zj-~ZuW4q%%^eiq!<7DPoAK2I5umklcd6hz_Y zrGLP9g7m3Eg1DQXfk8P1h8T6wBiA;5OTsDtg>Xm&3D8dTN_6X(V6&QSF!cq8PSn!v zW5A~2f$e0UE^G_o0(68nkxBoDfD6z;p+J~OhC27D>snxzyW_b$7o%d10Bo-VQv^wC zH8eOcz!)XI#`3Fje#S!V{awfO5U}0VXM0IJ830+;mNOE(em20ISxIwG?LTkVgu0#S z1G#;S7Y7;B8t;fZTE_js=WC9*!E++8O`HN=nc~4?;HERsS+$6O&N>4a?4B9t%#UZx zccc^I)Jt3vIBQA^O~}4v$U*P=a^4afcLdJo)J=znQcoVo(Nff~u_(X8;1I`r$Jj+F zlk+Vs*Y_+-@?W&oU-ej|q7PrIS_Sg04Ru;Sz9RbNfGs%`aCn&YR`_6~0Ugb^ z6LPZ4YN6u&{l`F0#Pn^Xoy<^@X994GSUf%`?s(QhC{CW%iRcURTSlFK9(N;WT$FHlfWfa*VLJzAJ##AB+;Bd^{AVCSbGcy)~RB-(qe6AF@g5fBh` z_#%;n0D}cIFt{#D?%PxA%nciHjw41io{`PqIwhM#SvCvv@rC6J9$JEds_?k90>@f{ zz1|ty^(P&#wuc^`kx>dtr42Zz?Da*T{tN$`w@tfvaZyn3u+?wjo3amL(djKaGdTc`S8Iw z2DXM$9RUPcEvXv*;gG5X7+1}=i^oU%GawVKzZjQ$U$qTbnri_6?gc$S0OaepdmP(L zwSzQU_SD^G2MmI`!*RJ`n_!PP0%Xok1IQ7kTdz2qS5fUxmR$3~=rSHI^4BBShyMU9 zAN%+oY$bcCC@c;t7`MMmi5_4jkbVoA)x)qTX1#NfJdn)7WuDBnK|ou`;~b%Q<^xQe#+p7Zs4fIN{} z1;#Q?*@uA6U>CYuMPCO$VZMRs=Dy; zRFMDEgjRwP6;~SJ4)Yo1k?^m-7SHzav)V(41@v-xdsX&Tvs!y4%G=B{R#_g#_T7XmnOphYo2FYZ!JkQ~^ zJJC2o5iv2hA!`GFAOIDsNvGg&1?HI05?j6v^iVX{_N`z9jb9%6C=8c6Cktz}Q$!zy%fQ|J22dDK3@O(z8wza2AZKpkir{FlzV;CU3 zzF?EksxX$gI2S|Xg@1%bKZXFSBREEsz5Mua?Fie==Pu)=1?(Y~rIR4;2tdRD)&9rl zuGeQp_+ef6H=y_L07@jJ$hVu5p|n%?Q1Q0?@nQLqP>RIew9*jx3Pg9^hIa@+Vn*$- z0zQkY!(L&&$JSra9U@HKi~>zQkS7qllCRSOvoQpqMHrw?%p&h=yPt34gpaAsp8~82 zsk{5-NAC-|QeeIA+DY%80RS!Bysv)@s_x%kcU77X%$Pgn3}NF1v}4RbLppoA`Z?WM zLj{ia{$e73;lQ);b_ZN@V3y&#E&O;>Dmn~ML6B@3ef`SOAbo@*!=bw1wjK%XW`@Mx z-EG7x^%MhQV&^kp|KJK;{6b${Cw+8d^SJ^P0&$wx+26lyx^x-9@D#MRU8|RY!9pOQ zRsG%eb(eoEzyl)|-7F=PxFx5sTGZ42>uhXczO{^pB+)Pj5<>GW;`8Vb3CKl>|E#*J z@YdGPS_JXVB=JahH=A~hf6EzIOc>3P5E{krNE;{TS60TctB{db!O@!I)$Hf>Vg6(B#3!sf z0Z=;cb3otM(%3_9ulf0TeAh*AOA0puHQ)U8MYO;fvR&hDo~iaR zfRr9gAAoO6dUuog$O{w$rPpb=VOO!iWf4j!X;oy(PBt(_AO=cYbXl3f2bS+M=LQ>L z)m8meb3eojOjhCvQC!-uqFkFP8jufNn(EK`-y;=GtaXQ<*4DL@)+}EG;$!OgUax;& zfY2dzl_^0z-^2$?j}F3<$ZQw|$YJll zyhFsU3#@dlp|%-8<$%qUy(U$XQLI_s^LXF(hzoZ6UMh(EB*E+%Us`CX)k3Anj zl9dlI+W>Ma^Y>1_qJhl&J#FAAAw1vgeqM56EOS5f>|0XX-KKZlEfwH+)t6zegG}ji z+_Bo0Zq#pE1CgngKTHgIx~oAf4+<>(mVw5-98)}$*a1k__#C8PF_2^ z$g}JgB0VrbY>hy;FEU>2ZJ_-hvlX%DZFqL9%4W#AT3bFwA zFC?{Inr-tB;Fam#r@d4~`UXmItS~Ld85*~_vg!T5m4O}dm&$;V2@XLr0p1z%v%6RpET%Bc9R@>M15m8BLk?vMnN?N)bB&9*5 zLAn%>?v#{nM7ojg?(UKfX?WJg^B?0K??;aux$nK#nrqJM`pvn>%s&4T-G4lkQe1GQ zl{l%G>5I>(k|6xTd}cRA&=$kI#DjS0?QdsxTvSk*SS)S}s1<7^%(=OP`Ud|F#?B&y ziFo6ch20>4T}lp~rO#=deK#*oh;|+!*+kVCoURrPJp#xBsC$c>AsYpX?M@)YFEty@ z_9kWz%%V&A0yXTI8IwHZJE zD~pO;2&6(odv|BNAYzm2LG^@W>ky6we@&}~HwkY!)^1J)JHcOHhtf>jbP_(xH_@yv zPnMVMG@R1O*lRq+U*TO$2;jTAJ8udbbl?f|!|At=wEm{c9K>f>U#5G2IFLZs4I}_qiSd@{1b#fDl~%Hw8)>d@qYHS z@$O<$??>Me&lr4}-WqK~l)Q-j8-w#+HO}%4-D)FCkCSCzfND;rMBPXMFwUD~W zG4mAP3c_itdm=||^!ONv*R<}#J_`yC`KXr`6& z{Zxu#FH&@boAUEXQIn|JZP&N>-_G_523J`Yql;H5YvcIsi~|R4XHg+;X7KdcO-1r6 zGo&+bi`1Ktisa!U(>!O=ohXj3Nrp)TC{{#g$&K6GsN2Z1yWruQrqz}cTJb*1ZhhCf;UT;3{WK8GilxE* z6w2Thf`}XLHb5+U4kG+sU16mwWKKO_nyzQELx<~_<34q_?pP35S|*Y44Cn!U&Iq(z zZU)B$HhL|re5iaS_3RXfa{_jwjcO_LQwJ#}A|HP4uWwoes7=O(y-`fi*)C|Y&G&e9 zpn&61Tk4_8nJ5184|b$T+mDy-3I67_y81c{7H5yCs3`?X+#?)tlIL`pAtEbO5nY!@q_5M(7pPc z_f+0(jhr}P%)_j10Sb>wvRp>LJ^8Z>!hm28ys7rJO>hW%`ar2Pq;ixx9j$akIe?V= zg=ORA2G>1D&g|YwcA{kqaLgvu-UBYHwR)d0fw1~iMv?b>iP1;;JoXlPa=Qz;)5q(6 zZd|^fJGM3a$bw@A_cqr95cy%7MHOK@u)b_QAycKHRkZU>{DY@O&cS+}&r?-XVk1aV zp+_vEnRO)MdnjU_x35a7?nYBFMPN&PrPx)6SCH=4aR4L z_VTBrWlhqKL8Wx<=}rh_$aBbxm-J`^dWkB336RRb znJIP(Eq(^th2S_)6fxnZKY(jhbGA~t>yW#00o)z-pO2QbKGa@qK@`fIqUyf8SnNC0yI@~#;*T+PZ)zd4#N`zKt*j2RP8jO_)%=%XhcV0L|W zMLrp7T8O7TAfvU&`||kW^SPvET|NL-;o=-{jg7_5kXZ~ANzab) zVh>QLKKTpQFT&&rRE0wF{(D>_o3n8>u|;BF`Y!^bO8;zU95Sx)R-TcT>7~dRKPz(p z`Nk~Ev_)`{9*tMuC}XD+j;<04^m2g2?RH#tGRRL1Xg3+%b;w$V_-kf%cJ^(DxoR77 z0NqO0-`^g{@dbEl?_mZmdBLj+9AK-y-6)EI@n$y zeOd$~?g4G)>cIiYOg0sR*&mQnGXeYm9hMr8du)crs2m8%qLcqNx2DP65&1hopZgiwb~Tl;{CB)Los2Jn)Ns) zy!}g_jU?`=d@mxYh_etoO-fslIBNBOR_ZJAF6rlXyS&&`HJi%54swi;xKm?6nGC7% z>>`>VNjKL|8U7b8HK!Fzk_2Pssvku0R+)#mC+2mTR5<`6W?x$ zopczwb6@4|UEA(eOlDJ80YeMoJONNNY*SHWar7Bj9+27=V#7P`X$J%BNQP#>ARL+Q z??6I})BW{g82C-EobRA&=zXf1+i%7`vUdxjZua!d!o6xr;^0!%`QtYm1CPVw7GF!$ zxBLk;XR&0zh`KKknA4>AYwLILj>Z?wPUw|wiz`1G=TjMr@m#H5*vz|z8@ZYGEHW1A z;b)3&mU6Lt2eWBNecf05iu}WGlpHLCszu|q-I-MEVk^%CK&GvGx2_AZ=N&+f%{b{` z9pu3T;m`5-J9V=CNakrjU@G(hmc#je5Ks-b7b9_vJ|H%;^EGW}Ct7bLm_SVCV;BJ9 z;X>B5EZ2Ip;cRx|n0f<J*YY)VRP6bsU|IB}$MS3BdsXrMAN;wB`|7z;}W$IDQp!;)ZAC-a^3mQLOLQ*t1x@Y}EfoH?_RV3)eG898I z)(HV<$GMZ65lOlLbmR6;zQ4>#fNqCyR*2W(0fIcl)*OMHL1eH7FcwE(_aJ^F_P9tI zynUJz5=aQFU<`7UiLM9vb z9iX-oW>7Ca@Uruc#C(_Cax37U-toCUld*EaTsSLsq{NB4KhwSUg&bIj04fDRj%?5l ztl6e*+=O4?+z&2^94vk<&(GwymZ=xE?gXNh z;_}l>JtFqamz8y&gY?|^hspIKn2GURc>tgec!*y6!S^mj&pJ9ftnV&2SAiah0jav5 z0Eq@cQV>T|ftUJNWTyaJ$4deo0P*X_%_cztMzj_a$ zWh3t%;82TeX`3Z;J0$tJzbO}6*S|}zD<%H14?wnoVcut91 z*=%RU$p*sMf-V^4?dOsAgNp4?ylotX2PO`L9W;Z_Fv!1CmQ>`-D%3ilQt0>;Ciu}* zzSo9E0GRgqC?o|eW ze`p5?+P(yKs?OC&+zMp7hk4$tPE;s1H98BRW3!He-UkA37(hlY#_cXd*8$s__RgE6 z%mwr_a$rs`60YHWjV0&p!IdM7hczcc)o&m3>kZ4z97L`I z*mI`V0RTPQfW=(zd^R7y!-s*Me)jhBCry_^ zvi8^x_cvrlQ(I52J)Yi^P59J>?hbW4Z8C|q?5l4$M|TQn4znK?f7{S#CSibmf^Fk) zK!&C8PRFzb#WFa`|(>X zZu8Lo?g#t(*Q-|D+i_i#r0gn-f%AwkH#op~oMiqD@?Qc1(_&_S69|Pc^}tw4#y-D+ ze6+uSB(OWQ@1;`Fw}o zs7op(F4)}3M`Aig@BOMkRsyk38ey6>wv-Q17{r>tKE)0_v^h(_s*I0Y49VNi06J!v zIZv@x4Tcp!4yjI)`PahVUGV{O<*YkrxuX?i)qZ6I+~z_-Z4mNHd_C2EN(Wlb@X;#n+p(SUmx#i6{(6W$@10?NUw%AVdl(vH~H=TB3FDB~&*; zxg~1(kC~uNz(zeV3Po1#NO4-W5-c+EO@OPH`>nZf{DQz~$$ORC^Ju00qDzeL3j`Eh zfFp2va`bS}ZG-iwgQF20m{4kqlQxO#kiG^qSV}DrieKX6|GB<_Of-n&)VQU51rF)f z`}6x-&+3iu<`4i{1Lm8q4ZTBchu$C9+m1S(9ND#DvV50@yC7e<$nm_Qh7exfUZ}<6 z2xK`(AP$sJl~-RkKjZU)sw0ScT3|J?i8XQ`w?LEST!tg~Jf-)Ln}O4z+-kLVy*F+( z>~1Rz>g*!`#P$mD0aq?U83(Dj)tp)Iz1xu+wpO&u1v*1 z(Wq#C!{1zZ@MvHjI=YLX@^;kNIrh;4>J>E>dA$dl(3ikPRkeHRo1DBP+?rSgnwo5p zZ}Q6BWGCI~x5r&`O69y{)WJFk&w^x5vPSNcs*Csy&J|rwMb^jYJRndyksT@L> zFs09vvPQR|_1+BRN1NYIaLTj0P^N)$VFQ5pWze#47wuXM&Izdd2~r-RG!jxrw`QLi z0Aafg+L)UFiZ9#uH~>oX#Tqq#0K`r}%|lZs7f`}=Ix5#0q;pCJb>QA)2pYSA;QL~< zqUmjymNUBmIB>6fnYK(|Ql&LbU+FdyK$zwcglGaQg0Q%5pL-4%5D?{h1hPB>5E|7R z-MCZ%0RWaGI%L8ES(|AWFk?zAzjZ)!+TE$#Jr<+ubT5QB5dZ){?htBi1FdUsQ$R;! zdSD^(4bRIuYABX;N zdFX23T!Du)<$pZ@K&$+(2LMWPkx@|%K;8p&8a!-HC>~X}wr%0TVOl|Zs~5EDfx-_jY$yclk3R?jp|ZdyzX1djHBg|8 zq3&mp6pMkB3bX^{cjZ8P5G1+0R1I?A5xLgySy;8^<)j2Y2>%e74&X3VFdPUnlR?_V z0J){sAjw^Yh!7B2?>`I*?k173eUrttt&`c;x}gpgB7K+14)56X%}8Qx?xP?{P9MlDQ5r4q-{@hWv#$Sr!S#KiEiCJgt%aiLGVe+oWrX6VksklX zH(62W*;@RjvnxFWRPiW9Z+t04$1*1VC?xq z{57<8p+Xnn^)CdLi++I&eg*0R0dGx=k(;Fe@WOX25x4V4Y3@2=IcY?;Qz&89%2BGm zRygjxU^hMhGp%L6?jV#G zsGDg4X8=U`|NDr+JmuB3jPp-zlf(;i@s2(oFG`&ys=4+Rc~KHj%@O zT4gS6PnyJ0C@ZSqZm{IEpVS&j78C4ESJj_?@edz@CHv$U^B2*hT+lc}|BHEtaO@82 zQ3gH>ddaPGLaiiuj14;BU!8!=kcFTz9V%_Lgpa)wvz2)m764EVVEF06vqBZIs-!^t z!#MI|m`NdnN4aEtap7Ld%%7zC6SAA>;-Je;?}y8X;(}AC6mPO9c0!*h$UHzM(Xd2@2AZ)L${J5$O6A&f6uHj~ zXkM=$B~0KS$(CD3B@!r#BIQXd~+6|Yfvde)i#uy(f)@IuLZnwiH z=+w-Wj-inFzv&c(Ad}(RXt~=@Ga3}WpXSSi5u!Si8ZU6WLx%=)cNs3RySmEsxbn(i zvF6BTjrJ^!;7VXGkj`N7>FW@yI1ARkRx_S-+uxZMT*=En{>C#hAsKJOM=^354Nq<` z=0gtuy+rw$t65f0v|56wqLSIn7E|L;q-h-+C#|Y+>rd@ozR=*W@tb~6TLPpKj1R0{ zg{b#6QN#!q=zY=2?mmWlv)7P|2@U~hXa?d^lKwu6_H|ukd}?S8k&?ouJlqeM7QqE> zajI2L&63VqE-Nf(+6R@MUM$B3 z6yZTPQRS`oO?V`=hHr?^GQbc&x;F>Ds9d!ySP|KKL8MDj&~5ba33I;hn-qxi za<=JzlVDhq;=v>MTbXi@b6};5toe74k@ew|ojr9dWoGE=LDE?MUH4hYX_%<#8}_;M z0Qq)F?a1z1`jxf;5$hxi$HK+*bNUt5bc=$buGxXPMgurPN8&oconPu~lCSW{38ZRh zI}rtEFlvW47DqlWYIIs&GIG#A4E4daJ_v2w_&w8E`;ly2_C@J2m^EOwj=&fHFw{rl zgVKU43!$u+t8v)K3~Q^Ua^0!SGUhFAu=p2w0vd8LES)VsOtE}rg$Pq0(gGS9CMuD! zFAYvTeX~;i6nnP{S@V(Bn7TcK6(&1O=xLbyTlC@YdfD{7)%3=A<@z zhfN(dc|(3wr=i6kA64^+&ZI?(XBZVHuvA!S9;%S}|81&v^-08jcyKGA-}|w2q6rF? zfcRoiefP^Le7kl(th~6-%qmeHW_a0Z zU;N;xR`h!n4e3H?9;b!o=7yq3*A!H~T&A4!s>Y9}g?CeOD3Oyo zB1anKLI_V_f=5w-xxl}fNNpXbrPo{)SwgNJ=~?!P;eHYun=Y&DZyG=o5JJg_n0+HK z)`Xfzlf)#We&NBNSHec)>8@5P;*Bo*F!qea+xc%t5~@m{7}eXA^oW6qus82#30&!* zR@~%oRdlf-wnh)H;AoIiKYMeTqJG?sn_17%id|8yooWw#^`m2bbmHX*MoRecb2H&j z!f@d_NPfuuUC(1Q`m9%c#j9~kiWCq++Cz@I4*Bd>-~&zLHN0}edcS(U-CrC*5+>Owrdii$BvzLD_n^Fmw6aoi5N{#@ z%k{I`?Yg}2x`FtlvGEDkNp(|G(}J=>o7Q|*xS~ag(pecZOcgq;Y@v+;MsbnslC_Gp zS+*@(1C9RVi_t~`o8Ngd&3PrHUA<)|!flTg*MkJu{Aa=i#KkXy*4DqNj=_fw^X)rt z$tVUGVBm0;8(|Qhm~C@;d_7S*`J}LP_xisfR_@nkC7kXLvlz>1DSxN*Y0uzA2@U&d zU+fBM&Fkedd?`AjDP{^SE=!)OC;6fCVC03l|Izz*FAxhr8AvTo{?q`%;Q0tbYR>DR z%9p5N%t;Sp=vJxc)+~aAt%U?Wjf~Kz3s!V$r?ST!79(MritP02Nw~AWbW5Cmx^7G5Z@2qc2CIj8&mAEs{Uz-6SzI`X zi((&Wh(zIiQc&k@2C7;@%r^6vh0*FHhy#hvNZ9AV{YQ3k$7R->Nr{W)H%T@6dH@ z;Q@zT>N=TXh#V(hr`?P_R5FzaRT4J>qSZzWV$e=}V5G}^x%j_gqm@ghQYZ?mkD+6E z7=64C)OT!95|yal^49w9K+C>e5vn|N@r61#x2s=p;9aJHM`iZLP_~KK9$~tmy_CCd zl7zFQIbwzr3wEyQo-o2IN5f|A#|;CqZwG~90d_j%2appiZT!HigTL|+}a+BT#>eHVJ*djN1miLYwBG&UFnLkIGeeT zj-VK)>yKCyLPn#c_=ZkdRGQPkCJv9zrKXGScXpSpSw?LKN2^p8<%T*sqr3X63T13; zefA@RPKU4JsEPZMA-Pd3tf)^A@nwdkDJDKOQS=}j$gFOc{&X>QagCcA?>Y@i^ z`Xt63zE@lE?z{G|QsAzmzb)>BrQhge$qh1mm8G7+8?Y7C|KEa1;$ewZLoE-l>9yZG zkj?gr_--IZUZA-kHy!|n?4j>ZM;grj_;({I>Eokj)uQ@WyS>hIhQ=G_8SMF{KDM7f z-QsBN(4l{T|03&rH*s8g$HSENIqH*Kbod3uJP|&gImZZFjrn`u%)%(%sqB2AX$Azi zko@Np7n*LR&7+3OyuUjebYDi&*9u;$uGyputNjs2VXmnbeu9fNFJ7A$ols-pkE!Z{ zo9gO8j&X!%bIah68eryGC8p*6PJDQQh-xU?G<#LcU!w^#%?$CsD|4v0!MMs_5~8B` zzdp#m^+$Itajv9KeYNx`UJ{*od~>m)rWYTY(-`huV{XT>bB{)D>_+4&*%d%Our}ME z5BrT+WSMyOU`@9Vj;_-CAf0xMU{QS1m*`7yLv}RPADR){nvi>Seo{qZO-3Br$W{&& zu}qKU0XI60bQa%l#OvtSH8zWs9*g*2KuBV4t`1-`5enidvCr5d3e&FMu-0 zwQudtlHcy*sd||>@t<0cjd=?&=L;x4FJQwlp z8Ji`L7x9gT?Lf;s?idpH37B_20R6}0WLgPaUd8!b(tU;t?}KNfWwN%b**JDo5`Qe} zz#)B9iWn1ZnBQgGp>%f z$az@2E}!lhI;JzWcZP}&JXr*-UfZ|7@oSQXib-Si<&FFnL5+uZ;>30q|9vT<{Z#_} z-^{~c9}f|2(tRJsmpEt~PY+*ZkD?_P_CaPD=#( z`%K{2b|uVNt!@m?K%IGY4hN>)+{79DYJB+>Z+%K0Lo!b&I$U(jhuVXrak@AHOZoi}YPtsQ7a!xDA0{GGar-U#N0&zYjkqby zPR>H)?gYcvKn$+)~+z-J@vbdQy@nkEB9D9G)_nlPV$-8{<&`Pax*$+Rn zr=4+ameXlkoFj$)P$*#FP`UJ{?x0wOTpPr*uoeNtoc%>WWuR>qU5Vv8;*^&WG-#R< zjFG=H*MHqhqJbOk2wO~_Zu4$_Ldii@Ilt~&IoPum|Ga1jkw1oC;Y zDLs4C{&ly~UkuV?7%`GVKFTCT)}w-kgktl;+E7ii#ktt`I%LymcZgP^2U@p@y1%vbTY zH09rr=U{`B24=O-ZLk6+TXWr<{LI*4E`O&JtUG4;?#)=0$8ZZ#TTdP?0)QWwo6brK z%*ut`K{>F#^Hz=)Tf3D;)J39>HY6Ljsc;nK;Z^R5p1+Eivcpq&sZsShj6g}OWNbS= ziD^_MLZ6;-c02-H$4Eq7A^#)9^b6Bo9IJEOF?WJHBTH2uriE1^rqBo<{q3tX{k;6l zF!PK-?({6n83W3k$Hm8Nw)fY()I72OJ~T2cxwr{G0HiqHI9dgbq&{ysZ7}p^iqb{A zvw4tjgb_k;Tj71JjR|GD?A|cGL`7lCfMHWqwcQ94=*#Vyquipj@_tcl}AnO3E)&0_jMq!VG z8m6cPy^BD5LVc=Z73FZ}_r%d11*l(71ULSay4e03RUXh+*1c;~xp(kaD7(7&Ho6~6 z9ce9yIchVfr!LV`>*2A&I9lyL=kbp168gck_xw3L4)#uPt9C8f9%G9@2$xHq%NXs? za?)aPVuuos*z7oo<#*{Su3GbTiWG8qwjGBNvc2*z3pN?n<7#5DW0c|Eo5k*58k;K7 zNM4nczw)bPnYvYG^ZhE%6M(?2LYPIHGIiC-Bgykf7JX+WgqYPG?qV+1(AQNs}2?!BTtqvkv73xgSeQK1~ymGa(S?GOgqE9m!Vo z9jQJXO3a8r8guXt5VKc!08AxjAN9r<8b z#1e`QohHJ*8n?Q2o2X2~hH27+1A7i=U(kT)Uq4Y__G5u`Gy3^qW&2`D>PrJ^XzpyL z)jn;iG}0(;R{cxcHjd?SkNq~(B64)P)sJTl94#oPWBZkk^#N#Tr|hLKik^gNX&mq1 zQFdnK{Q83MA*4D8_1Dr>C12^7?0_k8nG=HZ^^*uR zek=##s&O%l_AI!n_%KP%4gD4QLdNS5yx}(YdOOU2!310kAtT-!UF)#VyU?|9G?t;O zQyxwSx%grBU?HyY^ymo{a)vGiM9yuC;Iv#FN>-$sBx!2U7p>1#4HVZ@_H zGJ-!WSmqB8hd!`sU|@chah3L=&1H!a0#NlzaF5iJOr)Y)Dy=|zH8EN;!9pvEtvzO{ zif;%@uHmMaf_L)QOjbB!DX&o$kOU2y{4z(P~{&Cw+QdqgZD3PENFhvZ9a z4nj_859XGoNeb{3$(&rBw9L!%`<-BSB4VGW^A=#UnrYcppdkoQ%LM z!$9r2y>W9Jl7M9QfWA?@$#Hw$Pq;B*A|J9X|Deg3`Cjzr`BKtK&(WJiSI3W;hfaqr zJ13JBvWE=rHUyS;dsy~{kF{TEXLf%GYTU}oG+QHj6A?$|vi1Dm(KGU_DjwuLZy{ab zRDCdWT|4(zilW1+(j) zW*{8?kyXp%!A3L5CXKKKE z+r^U;7s;XH%UJm`hA*_LB$53%>_KdEIq8*|?`R`)>!GP6B__frnvCx*U=%Q1f9eu1 zD+RX|ZC1?^kodv8myUD;8$FS=-9s+ntEK`a>I@CTMm7RE!^v&I%^{KU}5#Uz|h1wbk9P*F*E_*?YDS&^@04 zymrboe9EWCa*JA~s7TG{&HBVlP&zGzxZ83@BRm;;&f(Y>TKbYKJgcwQl))X~IvLYz zA==4wMTQj0*k7+ItD~BgT6I{hYMPR}UJi*<7FCl+xW?h}eUCRV4`VaE?Hiu$P(1bO z3g9>qB!BoY(BRvs>0eEt6asfQoJt9iKa^0X`gXgS9cI~{vM)Djm2T^A7$ozs&m-QrsE`HI=qfl?yf zkMfTEI3G4r$6tlmd|7Il@?_+~Sx@=hiyI<_Q{}|7$YU2=tn|jMNDZ2gv)AaDCpt*O zTcweF?;}wPLsm4YPk%c*e%kr(ya8uAUfLk4J<){Ykb&axnY4F1V@GhT#DAZAMNMuk z#`AF-2X%=%VV_ppu6^eS%MYF=a*wP09x35lx6*f6gWq0aw>pO_^AQOq?^WpIuUIy5 zZ(qVJy3Mm%sudN_i;HD>5b{_dM2rjy<;SV$6dtCDJAb6;8`s?M<0A8*#v3DSToiHY z@53FabE(p5+F^CzW8NX$EDjpueSA}Hwi86obtR?Een`PJ@_DeHZ={PUCLa5?_Fp-e z`K*dRVid+bG{Y{lPq3KRl)Ff$Qwb(vvx^OREg;qb|J~k0Xsl(zFAxqwt~l^x&Dl?@ zvH8@BP#7MLAyOZ5Rq3pfAezU7|EvS+w}JCXKpn5K+^!u4+XegbqO2c{nqb$F?>B$t z!`E45w<#D?lMNT3WfDMYdRD~o$H0e71m{THkEubvm9XBe*CJA^fqBT)j+>o7$YSWc zjuRn6a%P}(V;9$}xVrH)3}w(PyA^}+BV}c`l`m$D({FGuZ@BM!y6@EE)aKraW;*K|h8v@|{r|iE?XyRBO-rFk@$P}_=|wl1uA(^wh~OPfocxPp z;KD;@$*-c&HiiS&AC|B?1YwDT{{7|oM_AiAfg#r;GnzLy#j11Ga$B1b&hizx@Wz8R zTvVrc-fg4r+l}W&SeU~Q5cmB>Dc%XQ!R)xW=*v>BTx4%^1)|*jd`^g!SFay|$Xs?* zi|U4Rx-+LJ9}vJ2$fD7i6_=lG=!SWfA7W%L$0$e}e1{hB`o*6+Yaxx7&g5hw!VyQ$ zz0H*97)uHH5p~f52}@oFP3yqE=ySKslww5}tKx;^WblATPIhNsK4P&Na@N{B3gl;B zNqptS=q2hg`5sKTOQN@2C)R?#op7~-0gk2$607Z4_WE76RWf3}-c88JA^u+W!h||6 zyP2#AHVM-!)LWikT_zLuT8d@Y$LS%L-z5;<$j8@RQ7uWZT3LKAf7~c0Ni;w$bsyzd zQ+JW>rF{QJBxve}ZK6Yc=hsgyge#g@J|xqHszW}*aK94q+4NW2m+1{*G9im=P9kL? zmAsa77X8@#tN*TQMz>s;YLC^LMz`~sZfts+@;5E)>ij$L`D38V(n^ojZ)|j$)e3`8 zA5K+eNkES>h(x}N+)i~7KasdRoO9Fb`* z9tqtlnvY5mIluNvrn*vbnP(N8E6nO_2nbQTCWJ1cg-59Iwe#Wntu?bqn8^z|+{PR% z#=1z(fc*o5I~H8J_?sT{`Z zj$>0aURSC4?JDRyeyWz!@1T9_N|is%mpfwg1FN+BuUek&NVVLZ)@W+Cp91%|Lxp9W zkjAYB#R!wHszZgo-``Ser1mh=S{4~C-Na7c`CT3*MKXo15d43Fxwu`5J1@Dw23wg8 zC;*%GRg5RZH0@y>vcPwXm(7yzxLj9%o2_2P)fpvP!v@{8CjL8F&c3v`VBCjuU2VBv zM7k&4bWOx8+j5lLxA8@uL>(q3_x>@}NHcCgos5%=u%S<0@Q^Jby|J<#by?m5x_JTv zno1cngF=|Up*DtHEfXDi?L|1q)`z7Jusrq`9BC7|$@*!CMpFeyOyO?HH&TS$n! zE@DVT&kJsz=p3urbKf?&k^y&U?BKk+B1mJloaXeS4hj9q3cWShv~BGnw%Ze8Fulj) z>$HR4Nb0-3DA9GyvxFBWd2J|9MRx3-2yjeM;F!tTP=t#H=1%Q4NODn@UdD_yQX1jc z(iD$}z{3kP2=2G}6n?||fKp+QnXV<|-R8O|JP$t>q_qXlv?fe@bf8D`B5%)eRyX^A zRSEsie0r&}qPN$Ia8$9l!xwBt{h)mHt2cjS((!ap&oJU#T*CZ`-(X6iQf<_ggSKpF zJ<|TTe15)?mxR*d$JB z7v1u&*dZ-yX-c(z!Vg&vmEe=HLau+CJ1Tq`f!N;kZoP?lSg^v(OIsv0+6YT@+o6UX zTiG;HI|kFAV!5pm!)aziH!>y8C|g!PQud6sN?Ih}iMI30)n|Es;#OE>6Oq)6X4j6e_xE7Azf0WEJpK;0pBQzDYiGCVqRkz0 z{`*pSKX4A_jDXwm*F2MtsP*hf=PNpip<;r+koZ{w6bWMS*|F@tY9WOMg~B@H(#rR} zz1egf<5L5Sn%~L%R&=L5>5zYwknx?$quPxlcW=Xe%!zw?8aYG! zWYVND1yA+XzG!*Bj^OJhvt!6yD+Q46Ffv|zag;dvkCu?S(n~a0c zJCo3v_1pZpHfJ^sH>S8s;>2oq z_4UGON($cPE{od>nUhth5TGiL7@O(2JpD;@ZJ&%GWrUH5KT47;>z8Yu+wmnr;16O} zyxF%r5kVDG*Di~i>`9jGT0`A58CMmG=#vb)t=*52aX43Iq_O6|K{X}Up?4Km>1FwKLDkG<>ca*yiKmWK{Ze9zA-r*&A z19nU|Ts8r6XsT3O%r%@>KqOPG5&4s>bAcZDZ4`t2pes}XkA{=^za3+;}LjrSudxdbQac^k@ec{#m)-(PAzWvh+h8g3Xypos~<#|u!ygt!x zIe$m9544l6*c)E;x(fpdUPYGtXW)ZQreTMDAb%TJQCoijQ*R2Q(IG5qymn`9mm^`0@=?;C`|f#JcMqh z)PxvnjLg*6VP?gA{Wsin!mKKI zT4Ct(8G2)I+X4Z$NL}5`FVBk~+v;W%O}1eEwI&q^GuwMvw8~sF6H;c%O@d*ROIx|7 z<)lw|*sRdpS)05Ey}Qnuc6YJjdz)Bm)zvzsC8bJ}fC)XM6qxCiZkw4$H*S@q7*lSO zA(-{cDjA!ZhT)IutFR{<%cXf9xgC{BeZsop^ATF28 zmRdC;3+m`e_459RWYAPxT`Bh#14~07DzIpVao&-^tf@* zQ%d8f7Z1bn6h-}J2Lj*3-lvD~H1Imfd3|@Ou+veZ#zG0HG?pOl#cs*0V9SAZQU-!u z-H?We)7ycwg~U6fhlSti+~L_|qX=gwqobkczxENe*LWEVesOHea++VYtsyOTWMxKC z$wv|eA<*o_$3H&8JGo=jzee6E8yNPZ)0Oj3JW*jP&J&Z37JjBD(#$X%PLXz#f<=6w ztjj`fCJ$#Qcp~)nt7K_QY)843$rt+MrRi_<3Yp*L*geizjGfxF32yLQq-FfKWCxul9l~moRgx;8O+8;tEPhFb z`T3Wc7w0}_{lNxaC$bjF0n)!mfiL^=BB9~UX90;-QUzUH(Go3ZFzflMLg%poyvK=< zL87u@Ek;qcB0`FZWx{7R{n@N3?w~fgoWJ<_&;3wZ)QwmuD0@!OR!rVw zW?b zL2JUaQtoeM)~>aolAP|jFC$l0y(FXkgBUt+#u2dda9W@GYM9SqPa0CdPY*SBTi{}N zAJjR2!F>98e&F-N)}C9AcONcY_3exlF^j#Wr}Zs(e0XY854)D+#Xc9S)BJgU3zztC z-0a`lma6x(3L#>qkuj^N*D@mx!L}$9|83VmrmLo;{vM5%fB_R}rbEYj2t7em2{F>{ zJ*5JLZZMqR3+cFV5_99i&K=*1G$S&+89`y+J>tBo!ZopHJr;rG@}(|9luW7=1w1ro zy@-2?j=clqbo2tM!s-FLSU)_v*RX|CvvyvpEdTB^u>FdJ$gFy+IAo7KrW>tu<`7QH zr&}Jgb4}2hNzinBARAouk*7csGsPMXp_Z{HWYq~CSxdL>zy0jo?rN2?6yHERz%rod zhJ*QecjWJY_E!}d3+P;$ecI?NSbTmI$@A|mQ!m)9wz1hde3+B8p1KZ~iK}a zG8J$f5Zs119)t6}vIk@3ISsu6+v|}5apnqgIt-@$s;368a}(9~5}$OMqBzX+HAHgH%S-zyWdbMGHYvz`_ZcG?6PF!&0NJdG; z@Z9pFHyg6f^yV?&@0Vgygv!pc$z#JY)W2AS75#1S%g3BAW)fxaPuU4f zX!AdswEm6#e1sJeM=elkpLUE??ir->l_QDZ9aa+;h43dX(3z!;vMT`41s|5Hmer?n@%wskB>uYKNLjdDhH$s1~mpI zM`ElJxnqoc=ipKJm+xmxS-8v!?4WWJl(?H<{0;>P9jUvhCqdx*XaLvy2^kk zyCzC^vvhY!cS|hY-ICHB($cVWgEUKbr+`Q;p>(%&ib$s)ukrodpL?G(bI+VPbI183 z!f?6;Zsc*eQ<1|yBBrmAF}F$QHr(JJFcOG(k-j8r#({PT&MA&rx8{&9Qt58K^?tvv<_?I92kNKds;uw9&(;4$x9(4H`8ML8yK~t z2aapTd0R6in9jlBV^+KovxNslls{fy&@GcZ@RG9(`%$$>OK(ZpHS5J=K={lB+S95h zx3-e#V=HDOK@b!$P4rQwM}DGBf3Z}0r8^-oO}Pu2j2i~pxPOYeSuoCUj&??y|60%a zsRw79rC5-XIanqx5tIDd+v}@0=pSDs5pg4R*--xxFHj^Ha0P5dSpv=k(%#;PNkM>$`(}z}0UWh~M;|rSb}M>@6$&T;^9gNmke0bxiz(Vc$jUro{W&=lH-38GOYmhu<@#Tw|K8N zJ!C-RFg#HLUBr^GW8Ewjab#yjp*g+MV zuJfz9=262%pxspHWyUIe3zwVW#NEDr%J~CTRqy>P3$s}_{D%mvc>2Ct?;4xgFTHAo zE?g*Pp|aSXmGB>7j|YMiJJ?_@?l6VFz2@UT)sw)|-91ax%bl>=1t~EDu2;NkO3qb) zywW(p{ps%(o~yJ*DuPTjE!53oz>}gp#5HW?LfRG8Edd^s#-eZDXaN%8?Y?%X3v{RF zH@$RE_*D;jhvf&-F@+n{DW(#n6AI?daKoN{S-Ve0nm%8bk7iBqATs&k9uuRS^L7*O zJyFp9eXZz9aEteFG(w|3AtDR|s`Pxz+r~Me{M5`gm?Mg5=JntJ zq9Go2>yQFwjcAC66D5O9XN2;HczJ!?FeHnQ?d4p^+v>Y_QrnryA?-VHO?0XI(u*$RvER4L{!mjvLuozdpg`fD88{uZSC3@bw?Oc_5tDr6YIUoka0W{6ts4 z8h6TzdHu!L=mP}{S}7?(7RU2;OPFMRu5wn1N=uK z3#jg5{$w5%phmbG?`M<`GPa|w(VaM4y?MN%=8aZ1*3OFx%K~k&_v7GN4U*Ags!;dc7x7< z80s;m`td1CAF6m+5~s4Uq8x;={|egpQ;3A=UIx>Ajtej0P84x_1r@h zC-aw_6o%gN&|t1%iUe%k>vzKdd9pNZtOoUN?C^vYSp8oXah&R}W8)#FB6GeZtM%E` zcr(#REU_b`db?*9R^bKx(U5t_$y*0O`FD7k47rI|Bo&O!NK!v7B1f;`ide~@=y5!> z9fUo#P$&28i^0><8mYnd*6h8t%~a*gD9y=8VHi2(WqZl^Tt0M6D+bpsVrBE}RA1aF zj<@yFFa7?KB#Yw)ip9gaRwQfQo{z<3)z@@i7^Dq^0+us=pd`9;aC*NropvPN@hv#s z$asssyTO3=xQPA>{QG*g$Ue`@J`T=KJKA)@DboR{fHV}4Eg2ddW5KHtYcy9v&4sDV zucJ`1=v}I1h{``$ni@x+l;GWOi)9Tdu85`M163r^{D8j9V7X5`QE~5z4g^ZP+^qcM zD;b$WoCMJhyK+)kMXG+pDX0STiacvvKcaeb}fyl$GITRSZbxOusM{6gD#DLZ{_LuOt5}$Q_ztmj` zY9ilQ+gbM3T=D7~QfclI3nQHv+-WDL z1$CnPG9b@(OxPK1>BzWl{M~;X+Tz#+i}0+&CmCkIEI5D~_O3HI)anWvnngVq3wGXt zke`&PDN18bUOpx5CiO*Eu=2*m*~P=%9~iv#;c%cfZkTH9Za(1iE>7YijUa5sw16_! z;Twp?kIt2GWC*DMWU|+_D5*_)>k3&IVp$B*hK*f_o(y@#f6{r2hWq?Yz8oAUB@a-IFk?{n=%)i7H`e(k`obSXAI(rzD@2eW7*)}Gk@ zW~@bn6U3nef%X(O<#h1mOUuXDS0i$C=?;7Ibb9C7 z-F*aedf{o+xwGR9&=H3?fq+GUI$)l-zgyt#(1`aN6opzwa%ZH8ci>MFExB?b!>``B zSKE!uQNnBEFMuL4Pmc7pY)$hF>}#X@arhXRnW~F9I*Zk-%KNtXsDl{}$CV!PM*|Em z4gEy7A^+l?<=dsMHR{TLsK1!G%x$h}NjN}GWX+*vbvj%TEqB@<$n0Oq7yOz1r_ROS zLaZYzvL4D3gs-=915b)1THzRxTrdT5B5YUL;l%eHTtz=s^K;Rnn&T7~(}Jn*BpQu@ z!tG+tk7c#%Xzp^`dE1%taWWhPzb;Vkwpa|cHX>S za?ar06;$fMWzkx?(lbVV;q+0r^#wzcPt#huz~o@OD?+#M_|-SpX0P=>P=`-ya)m0a z;eokE%!KS^+y;oZ8^}bqJsZEF>CM_ZS^pN^8ggCktC}Jm6VBFa`6dn%Y)F=w>RV0C z^;iZk2TYYRUY)b5d|5$X%X?=c{yEUp=&(y{<9EC`er~cKN_Znq4zt~70zwX2OX6c* zM&R_`&?K6jM-IygOVkEPE>Js_p~cHx0WyI<@)gAN8x^Z8B*FZ#-=PpVCn0!`cqO=n zWmHfU6CWipnsG-5P&j|KsQ2IQe{o0)x!;CIoLdlaTGd=(OPRyMAp-_r6Cc*Ok$5DE zwOWX_(kzt$>aww-W&#eS^X00VaNMkY&X&Eb#w1XdpHt^3%+;>oJdCCtMj8m}=yax< zMH<%YyNZT=M4Tw~Yj7d>)+oGbP_qj(r+yk*mJ)Gm6dwaaLVMf)(Nx3GD*GYf+~=b& zn_UC%oLdqu&sYsuPj7tShtmrNjYW75Zt>}NR{dBbPnz|(e@L-SAN(e6I^PiUM29#R zsxDi`fl5MXl9QIs435dt)&ri&QqK;A9IvEXty-kZR!T_YG*VZPwA^iD3GisXfI3G| zY^1dLFKN2xC`HD@=fhPHW)4J;n>_ji>3e?i?zaOY6@D$8aeP|GVK{bCq_i-vV%p zc-2*edoxJ4#eIBw{v`hJvku=>TmW++77IMsOBzj5v68BSqOgU7OB+yD&^X&D_t{pW zMw`}XR)a;c*r0YiLmN(1nhq%qp!#wd>ZY5{q7({oh)=q?N}-9`WlNs|YRQmla>2OB z)J0~3#tr#8JT}?YLlXW6%G zZvS%vL6~IMx07aX2uoN9mk}HLBKULFk(M2NAk5BruOl$X@QvJRnE=dv3IfDdXcP?QOB zp}<7@Dhw&*oZnyF^TGVk^!xY0S#LMZ5-`ax*Rie9_UU>aj7Z;O-bGT#2*gsDD7AmFQdSm{MjSR6V6iYeTAMWkH0&I zu%=qgYuIkwh~hqs#PU3yEj?HuHV#ldNEtZG>p-=J!CFp!lki?z6g0O;o_m{#`dCJb zp*0w3M;Q85ItYk}R~O20pjC~uSdwEzyk5jPqQMZNQKDK+h+TteI+Lyh!u9O#1Q&zZ z40kM(K6D-NxjYhDg|G$5#^HaAmeTD%a5bS5hYKg-Fh-ZejVp;@^Xr=b&yZ3hU8`IBa=a4DfR8-C?-v-ouT+z)|1TQS^DIr~|7{5w_Y z5BfRfZ4PBMz)a#6l7tVns0^esiC1q<;7q2q^USqMCuk6u@#d-9MIHpeK$)A0rpN9S z@X*9|l5>J+m^zVKUz>?gB*M4Q2wic*Uw{;nyp#H)PP4gsD_d#JymZE;t81wwx(A`K zg=(2{Iyny;h#!K94x&<^9*I+V@sS)^>zhuaYHy z(jdTazDUz@2AqlxCe~YD&MDUuZ#1Ue29r-Dnk2Bu(@X!AM@QqFGb}N!lw~W<8$Ww4QbUSIo=;mn|a- ziL~Dx1tjhXgQkV2kfDo;si#XFsZlC;fo~y`U)+T9IAeX@cB#}H&EPSeV-iUH=9k+J z+o#X3#G3@1&)1Z%JG8rTUwSW8w|o>aZwf%`LT8xbej!hrOMgXr>e{Q={AI&3yt8hs zl6do}57$vcc41i&^0k#2Jj% zRyDZYZ;F?rZ%QHM@B0WD^M?3pKDhS9@^Zhl#BvTB*pRZS(6eI_nDDB5R;qyuPh9iR38>wyx1n{&XC` zD+1j}hZ{nG)E$!&@P|dM%XYDotpmjk-Sy z(D$KCq3Ha2ejieL6`e*2mV~j}(2HxZvkgO%m7tekegXbx$Th6jF5IYH22&ZUU2*Xd z`e>R+F4n6BfL_fr8*|tY24?1_c75yFAWdpUPd1-<-R4CgAiwW^jfn{2c8Ngzllu$ zrD3ky;`RfD$iaE=)4Frx@0-~giDL20bwfRYHv=Fw&2h>x$%#%6$B^VA|7{k9k%7vF zN=+2*0P%?Ft;#aSa*uwYQiM&RSVbIkC<==POO2ckm-JIy;}(@khLY)kG)z@ACRugH z0y!?dR8W34Uv_cIQThCOVu1eSt2k$a0EhG{ca>+fnXq^iwb1@jZv1rnEc;;|wI*EZ4sR zWT8K~Z2r~Jtdajq-87NUkLxlH?*8v)uAL3&sGpP|_{vcPC|T3N&So;%DFy)uP|kk$ zlg^!g|Go43JuKPalp&eK&j!TJES;%co78fma0AG~^|l|N)CDOW0kyE*oI&KUPavV_ zpD&v|xPGYkleb8C4LmdHQH0)wjLM_LD2gKDkB5p`djK>-ByCcq9kDBJu-ZmOlBVCH zhO{yt^blVu%%9WQxp>gY^4nGI^o;Uoh)R>lc4K|GOk8Hv386dkKOqF~FJH$!mDvvY zlJn?K-_3X#T^^5n{{qJ=NPr@gXz*<(^elyKMg>bczb*&1=B%XWI%{B8M@4!_4xurdaXI4M1(FWmFf^@#vGD< zvtL1Cw8Wi_+)jZQ-h&6VK&^5_w1#akG8i~n)BD4&T4oUspqs>}sQY$+8L@kr5h3$s z#}OwEE(>s1L5VsF1^Me{I0Y+Yz!2gPysnU-W)Yi4rBeo2REtR{H4>?4D-AQ^YTCu~JPNt8M{>4D zpYk`poh6KP2f&6qf#&c-UnbK(R?NPWhmb>TBvycQqDz4j-Vfa5a(^rduQnZ3DLyZ- zI$(|)`oBx*Z)u&IH4sAHdMVR`c}+_j-?ec~-SY9y8hmIyZ20vwBm3jb`?o0n-Qg0= ze}P-JNK6{zWp6cc^wDUfgsz1_tN}@%&QEZl`m<6_ufZw1CzCl2ZEG8@hand-wI{+R zWK%Orvv{L=+~u+wF}kB$DreDkdMNcTBf`F9M4_j-`OU7OcV&{lWWY@%eGTnuktnuU4u~)C=k0IhCrAwfBw4Z%Mau{5oD$VvMN}wp&(I8W+_Hp zW=j-0HtC*{S|HGUkS`#qTFHiJn6sk5w%)rB!BE{+%P>{NQUEcXPuh;(YLuO8SxO7> z!b(k?o}%0g@tRqp2=-`hBY6l_f2_Ya3f%Zc*auz9nf*$m8J(n#sn#Y|KB~9mT5;;V zk&ZggU5u3{y0vj?AvlaVmw@k{hC#9Xk;IcX;rmKDRI$Up)szfl=JH|?~|adatJdiXsSUDL}@@OQ3CvaP$_R-s@{21x;0E`>Pk zndhQbDDOg9@ObGBD1S&=nFSgub&jub^fL}x9Rz7V8YgNripfx$Ui^jf5J8C(mlELQ(EF! z%ce}-XImqfv0%OCCeRa@)cUFRYw-&AzgFlGYTm>j2CLGa!T^2tsY8Ze>=W!<)uHb8 zg&3iivY9mp!Pe4r590~wT$!4gF|%O2LrUXERvHxF{zeKL(D9Vk7_HJV3lICg;cI}y zjLnzO$bjagb)p5Bp7jL8gD53GhXTn_m@5{rM*zo3d-=OY zoTuyumNsq^{*-om3qSW=l(+{sy6Zf+4Ui_aHR$Uy(GYVBsq9dq(RLQTJy!O_2T>;9Mg@%oWeDWOM1g6|MSLi;*>b&21}ps)p^WR|Css7Tz0q5%WC%&e zD%y6L+OU($q^T)b!{9wP;Zr#qlB%L)C#GxVSsS@oQwL$vJz4B{dT3D`ts8xP;mK!x{ayJicT{#PdTRvB?NIPjWNA0&7D_Y%ed8f z^sSYPzCN_@NLlV`t=UJz7h_Y9IXU44&CG{5;#bmq!1;EvgnQB7_n^Rc5&z?q+JzQJ zfr)eDD&=Ll+!-X>sjt2;mWm8xr>{co&Jo(ig*~fV-Su837OKu)1w*{Qw220Uk#xU5 z{Vo5wGJJbGahq2K(QBH_-F!q#khsMNB@{vy#nMUIm9v@)u7~YYkzJ(gQ&Gw*ACQ&h zv1hOO(171};s&oF%LOd~-=a2KazJ#qtYw%I(68^38z$h5qe75DbV>=XW~C0D>d**^ z8Hkx(D^JD&8wV2|>#cF<2o2j$`VxSME37^>e6vxjCM=ZX5OZR;t)aZ9G_`>kG$Ug9 za;TSC%tApg8xa3A(Jv~HGPc#U%^VgZkT2@ZSteX;Rkmnk(Fq@p*(G9dQ6Qm>BHKHF zvgE4urn3KLBXQ01jFn>C@9+1({SPQ*-+U)tm@s4=+c5TmaHHn(W>M^YOyy!@a1s0N zB6TyDmtvEvKPoO_SthB@$I=02!?;gVP40j{rxf|kua111!v%$0wy40KsNpbaA}vC8 zm4hD93+lv+Fon{hS5zIa3l~;Bn@A6w=zkERbY5cXAlrVH6cN_uBZNd<>V~g_^beCs z=$UF!vSW@$KcwnO5H%;P?AQTZ#d7^Ql9`g76k=*_95On`EY%sBwYNl*Zu*bvdaYnA zSyx5`&E}dMZ_=xJ%JJ`OO+2q;RjAdOFxYSef`fSppBB?iVlm4DS*whf`I_0L7D(#9 zp*5O0jHS7`emRXr?$@q-3#Jyd6pquf30XY}{Mv&^D}d7T+RV_^Wc%aS z)~afd?Qu%A*Y!(hi<6U&tgEe&^{Y|{ogP=PzVP^{+2eRw{ASF|Z^u+Sw+kuZFEgVY zthn*acBlcA0J?PJWx^6qL&8prU5HbLZHCY&9xAM;7GMN_7MQF7DhW{638pm+9lK66 zlHcF}M-)q91l3XVrrMN==(f5eC{$(I3~M7=340XuXkKdo5HbKJxm0Rm&EY5zQ>-A0 zWQC-js>t#$Sgm?kH;q!pzO@xYw2rANa)V+lIEYN2dFV+KtAO;5vLD*zx^}Jet4@s zug&})H=B$cJ^h0dZ8+o`xvGxVFG+0SeS~(`q{xrN4iKm$HTFJWY5OdlZ5fHjj`YkKa*8$81CN(@cqH*eezC(mUXs6PNlKo_ye^ zD}bm~6V>SL8OewKa>p7iT6OhGfae1&lWsS2+7AU8q^Om3F%@NtyCq{i%d~GOf5EbU z#3*-7N#@M47ujo;d+h~G;H6hu$#D?Qq(AWyRJpWk2S-N$t}=RG?vIVLzqQ9Zxb?s* zLe)IDvnbX30^^&0c%|%GFm*{?7SI|^<%(^6g-j3phBHlpSj&^7L zLfV39&Sg>WV}tg?y%Gt;a8^;86b(V0!@w)lsxaumFv1d)=zISQ^zo0q~Sy|e+F4leTaPf3?>!i;q)**nzJDBG5E=V`X;VSHdJC^fq z`}{yV8N`{)qB2&o^{}Ui{H(`y3%2*SNI`&g))^S`5Pu)tV_U$1V}B-ySlNHut9p;h z7@kkZs{tr-I(&x~2{t&BAVhCGf+@#EVwHWZfehUtDLq4`EC^j#DKHEo8xvrl+q6Cm zY0kl)87aK)u2lyXu(-<6@*C`9s@ssAKF~ZUOdCiT85VC$2M8I;TL>s|5~*t?0EpR) zri)lPD?4gsK*Yqx{ftgODODHy-B}(CKzu$Fgcq0k>B}L%N?6jB9{0Su9+=SalTeTh|>n_ zuni2&MEh4d!~_+R^|rssGcxdf^O{pLXY3PFzRHtImKuT?q>jer| zKS!kzH=ME%-``j|(O{w{rSwnp7+aYpbWXZK|d-_d9|-8jiSLwWP}^{15|-Af7PBY)7w%AW*2TN zfPBL-zpZI`(jc{@{B6<3?jqL@CIINtXyYxb(@5Iv4LF_T%+L-<%F@_?u z_^a%4T*S1ky~b(Ff^9IVLs_SJk#9l-+;kQZLrw~X1l+EKSAlVKDZ}~wIbG;(nu(l3 zAlfhA!c$INdUjmhyDUdhoKt{;D7GS2cVmLjdPma`6v@Kc^vonEdrM>p*|txjc|0_N zh6zIRvKyvkZFRz^%}ZeWZsXIZp^1*aW)swqo9{kd$0FalAnz*7-nIF29WT1Qf#9oP zKurjWv-6vnnF;UFOVeErUmuCHES|HflHQyCSNTS6!}op)JVN?n@q?s<(F1KuR^pWE z_4onwiw!lx#3p>e`T?bv4ciMe^jc)M63H^FcyzPGsIWH#hADPG4rWneiNg&~M0Jr< z**fUNE)A=$t`HArqD69kIWdh^x+SVbMWuM4cQN07Jb;7+hgMm$8VQLJ*l4k30hHQ! zL)rJ;o1A*3G)6wkqgzrHZacuB>Y=1goTHu`5>Z_{32LA`>CZekjFZkhd{h$@le?5J z_G@%7X7p>)Y-O%GuRV3IXfkVIA)f#X!KR&-fh5XpdnAc3k|JuW)3X|n$Gk8Y9_JbU z*?7Zy`TeSoS9`ZVmb}3su<;Bb*3<2WgzJiCh!G6GwD7o@(rY*E9L06#n@8Z19t`x` zp z2Y+B{$ho@9D)@9t#<%difLA&Z9%6w*OZ>GW`86F&GABA6WgM58DbX+Ae5P#0+P95W zucS*5kXWcsCV${=x6}-_C^lT_i58s-R`gHp5wTUIM%zm*MXpXiZ?L-&H0u4FUfXoha!rud#<&#w-UVs&0-Ue8HM{=`oXV(XzLf>8DdH)Cma0~js(xx zcajvTj3d<=#_Y}rI$UN{p7e*n?hESQqS1NR)-i=RqX)W9RPdepnB)qfEge=FTtAiw z#X8e9!9$59ibAlxVyaL~c?=w4jJD)3K%(153M=@k-LW{uAYqwSgP%sntQt_Gh3}Z( z+F=tMCq25upr*jK3#VDzC6|V8@g8TY;1hMFb%+a&insUG799(hxo4yYwch2iL056l zfWnl!eCXFoX}SG~?jxmRUz_h6cDn|yb&j&giD?pd(z(t2$S;OKm8u4I;Q-x%QSSJ7 za&x+wc6P=%>kj~1_0|SrLS@750%cs}f%7hni|{!2`bh*cCrxZPsEvOD;{?m|Qql8? zXoA4mxv|_EjH|7-9nFH`Y-QBO0cs9Nx+xQcWI`#TVmrT7*&Wy8=+RwYt^-9y6Z-L> z1^1uUbP<-n^k$pExprnlL)bi=E3rC%NeU}B|o`is@ z_MK?z!Gj#bTXpl`QE6Ex25o@Rxry@fnmQx7XJ44Xdrf6gtg8G=QIxIqVIROO>*Lh% zKNR_Y>-MvMyhX2j7GVEz>$Fn9&e+_p5-pc)vT_yAnoS$78PUn}iPw9dD=_me$22Cm zm9&vAC6~YfR`7NZ5pDC0cf_9zybu5D2-FWyqJZh=A*xS@_Ll#YddVam)JY(OFV7w} zmi%@EvFa53jhk5aEJh(tMiP#ZDc5|9CU9L!S3ph~$7xxO^`VR=b5^5~n9fcBpiS~> z9akH-zr&3(0N9J+Mkll2!o_HuKRFwu%tBwqQsAIk?zb|gkP!Vg+DX{w)o{qVgF zh&XhDoLG}XStIe0sohoSsiS2BXI(&)ij&jKFr_F{&ZzBtjbG(QPj?IEAIEH-)PH6{ zabYoM)L=)}bmiU3`#uc0U=L=rN6DNV`_Hf6n&HbjtLC_M4}+Me9sVAvY` zO7w(zbEK4E@hw{rtC)*YDL+$_hkAG3tcrYo_?L_Y2mNm5z0Z{2ujlc5`?nd-8LQi! z^K|PN73?oIj+mhf*`c}EfWipVe%?_VdQo`Zm`oAsB|Yo1Y5uLc*pdxZpHh?`kR(A}u|S zAddkfUrB3qaq#-1-W)rNWpvuz7GZF33KS{lHU~$%U`)OgS;jz*j+KIfQqp95xt6S& zO$%J};1>%+T@4B#VX{U+J<_bZzLmMK5S_9C7)#Sbn*|Mzh_;fS(1AV+Ns8oMc!5Y< zClT4Mbi^uu>~>9O;JD+8M6JLmj|-25Vn#)|UK%9tAIJ2aRF&^bR=yN*%N{|wB~gV=ENRroLJbH~$NjIa%H&vp z7C6#23u?-RbX9^5>Yi*vIb9Q+>Y6d?Y)y^0z)ZQW;mSn3a)l7Mex|*l+d0tZj-H3Z z?iStP|5!@@Iq5fubIyxdK`;#R?(~+;dD6r<_dgvwn{v71!x&UvX;?Hpf{Q)1axP>i zlUs*fhje6=DBWmndCEQB{Le9x_|>uAE1l{$2#9! z@A=hG5r|_N?se!1K*}IS7sZ?-&04ml)AD0d6< zn2YrEN7E*&Qpf6+(?EVo&%{auL6!UIBTOi|UaKJW%hsU#)U`13r;0_<5$7`w1GJYh zb^{IYTuQ1#!*7MQ;7M468$aI!c-Kotux%T%* zL*EEO4=@E9Ga1$%T~Wcwy_muT|mY?htYyOd$HX=6V7|OaUWCv68u%2$Kfkn{~rZ6 z@h%QwFLt~vd6KLJrI+STI{FVf473RWE;ZONdITbTG`U{<;aLET?*snEyD_GwdrP|U z3sv&RqJKNq;$hve_#d@fpFg-Mtix=>Y19n?X2>ma8@#tj=P8N zCr&lC&>=0Ye7O~Cq*4eo$f<8Hae-{H{F?CQ5TeU(=C7C=k)F#?(ZEADgAs&k@!sSF ziNMDDG;!8~s99nDiyng`_P8&(WWO}RLQAc@D?6jT&VW7o)?zw0{=+A^_~H$wwO`|I zmW&KO%#a8>-%6#^v=-&9xNn#2x;kj=A7P4Q0oepw`_v@(32BhQ0&E zz5VCpdT)$HhhSx?rug(*rOFQSxZpLFyre(dn)QzEAkN9uYA4kXw3-2%q;b>eY}B;$ zK^Uec4)u&re3e|))7P^At`m{uPCW3$kl0!ph}P1su2*oFq9R`Js-)O48p%Oe3K*ie z=*~GTo;Eq6Eu=-tqG4SVm8H$Tmh7kUQ zGBQ3Mk3#~H2Fw9&L_jXm4(;f;2y43S;RhQ-al5!nnl#-^mk8J(%ztC6j{TqB-y=~7 zT^=P|AS9frI9Hu6wZ2!U_|MJ9C+~!(d<1K!8lu@|A(QH6*XZCo-aer#?i*xref|eS zHJg+iJy#?B%NPX)JO=bqI>kIBiNMBpQ5qrAM_R+tSo-U$jX9clu%nxSjm|bgci6B? zKrSd5Al$Nl^Rfh^16j#7r|pjB(p$oD8FkTMCC-w;gCafO3A)@=m0k|_IX0!mfHZf$ z?||?f3#c_WBg^+=$Ho%Ki8F7nO{6Q^D{xed;4XctouV8u!1+*8npRyhItz)(1X}bG zrEn*q>156t5cO}1cnhyq;t%KCg+OnwPA4gh;vKcuW|6b%Z_mZwpFlDE6Y&%mF=Ojo z$yVG^6VBK^)>N3osJwsL$1Jz;W$`YKU(?7YnJZN8F&TjaCGFm_R#sB{I^5OLX~TBSG;Ubgn!P

9Xc2t8v%_oaFL4TTdBmMUXd;26KUn{N8n+P; zOjplS7L;)ok)DwWT%K-giIjEPv1GE6P_N%m(k}4WKs0#|jaXw|F>S-NF z4s1RajJ-T(pskjvysax)dz&G#N2nHAInNm1ufI*@V))t!;fM}io85!Y@~0HNiFb&k z!nNo8>F_cpRc@$aXFY&+pBaiBy}tSvN1#eaAA@ZR<*(W^hgMElE{FuaO9NjA@e@S#0i^`N+8CQ?w6yTm)5gx2&er217AUY12q?Zlrh$J``YW zYcN!N@q2j=J1r|PZj5$9O@im(0MPoe{f5Prtoz_5^Yz_4!@oS!?0q7zxsrc52)B>- zQck{km=z0m9=U=M=zWPPUU?_oz|6eR>#0828EIiB-V34|@x5S_-$O7MkiFY`2xh@{ zb~=(T*5@@9Bv<=wk8w7+s%Q9`NjD4e{4f%BrU*x56~or>jz-YRwXAWC8odCsGPYU! z#FCJNmL6^4g*pUmOQBKIP337o9WoW6^buHLCwna{5gn2tUkW8$2&-rz4SzIqN3z;8 z-65~dJSoqwqRpOJ)vCW4l{`gW8@4eblGhxkYO(!u0Ipu=DA<9OtQ&nc;1xtpkndGZ z67Od7?>4DR4vw?e^0hl=!dYuTeaVBN_RR}0ra^tEh&A})#fCW&tVb~;Af=Xq61r&{ zP`-hA;cLSvo-MKo@@?1$dkT)i$lV)nek9VN(aTheAMZ8mP+X>OS*6F zqUuzBcWfqG#$z?e#bN8BL2_ zzQ-%Cqq2*#(PAtd^`V=O^D!a9-@bR^6izP`Or=0>L`TbU)>J#Shqd(V;g16Si`TyXx%n{C8@ zVMNzk{6UE-1*sX|sp(&L8zOGfPh<$GnJ(;Y%|KdgPp7 z^zRVNgqWH7Z{tQv?)b`CUJiSx1}PH&!_0w#XrUc|@8h$|tfFxh`y$OcQPJa?Gx+8y z(WoM)N<8q@W*P1i#5WdT3p$gvTay}wzSaO~EMNNmPql^oW;FxM$tbhmo9=U3BO*>< zjU&dv%|U{wt%#vQ%(@kc3`Nk2-Ft>ER4_Hn6MB=lbp>qde)8Q$2_H%g!X~~69{!5VolfNq>&S2+&pGXrq zVba>3eZAPQ3}#rOZ+AAEt4;KP4JYS#?-M3=I1oDBf5PgOWt6ko5`N}t$4F&)A5|`g zujeI)w@8s9WQ7+E9swJPP8H&>#iwe7w}WuPRM{6-+c_8WZ7RzFq==1+cLubHmz-*s zsCXfpIvUiu1fF!5Re=pB^72$NQ-PK;glAT(Ds~=d&1SJC@vyy0LFn5t(~H!j3w$jG z4h1|#;H~f^NVd`zG~-Z__Q+IatEn0H7_EHWHL?YrR&{ma!bWHczHIN_7r1m~(z=rU z!mLp3IUNUoH5H5EtLclHc783Lo?$O>H_{*Is{b4=fagIAMDHzHZ&?AQ_f{i(4AM6LG>{kj_2lNN;f=VWfCR^N58J&!dz1MoVSs zB{BK+||N5=PGbqcpN>^|z51Bd)hMn_>krl35?6 zP1L`gF}mLY9!i>(uRaI@U(2w2HI~;{Zt^=(%pT=cSjur@DWj6bMa)NbiP;IDb5T|w zhVL<^nqzfGD(B-dH3$*&km@vo!_?HR4(+EUf3oas)1KmnGBeT3bw-e7o;m7^rtk=c zg#sRIfDK$oht_4Ml9g51P=*}c0M;@$2M}6n*L5xDv!!@VxmT$Nc&yQ0cld^3xpbDp z&OXpWD%L1>*nrGh`&O>d>y%L^O(i6mtsXqVb?KvVMG%2fj%S9Y%ODB$EnlGKPxrJm z_o)Pv0uU2S8b9+=`jlYKgY53p?1LN#47$b?8~qg-REZPI$yzGB^xqpcBiGp57&DX? z8|op;dM$Can>F2>=59XJcB&QqW^p(hPhYSD%|5XYjD0#Px2Di)CW|LB`$3$CEYcqNc=8}+@Wn9@4GApjaDmL|31mwy1 zHsGoAosc}4*yOnQUn)x6(b;^pnQt94AWMHnpo^{x-m?dKiN8aCXgw01 ze;Q4Ds>tn5j*nH!Zl=+$o_4iU=ejOf?T^Zx1) zQ<1SqX1Ge7{kCM(5fj3M50!%L%@i7G(9)8oj~zp=KMj5vvwi=HWT-$o*(-SVXmK_o z=}aFF=1WU=s!fkHrHDp6og;jq?&okFsfs%41eyuavWnytDJx0YMUz}59KvzwLMBPV zp~%v&8bY|ajo*}}yqT-w)2q{)ZSsn*6?IATzZ}~x^^m2#v_!o1;%*{_#!2r(loVcl zc-e23OAtVxz)AHTqulNl=P&R)Qp`zAH97K}KQ=L^mIlfW9}$Qg<|Vm2c>jCQ2MTIo zKDJHd2roH)1u^05tvDMSfaG!Ze?)y{T-1NlHPYSPNOvRM4bm(vv2;myBi$V?-67={~#p(OCYGrbUBPViZ-IU3}*Lqy7z9hA=OZGd=fQNNue#R z{pq55>LG1Q5XQ{JheQO?m@X01(&*Wkr+>`X!Vgk zR&ckI^__f{oAq&s_+)D>?_sPn)197e9=GiU51?OK@mpHv2aByny>=IesrwVTyO)^% zAPki8!;$E1&eJ%jX{fK?-8J|}e;(=9D!8EeM~dZmMVeU0xN|PikssnTKY ze&(sRl_10WP;TcETb8tWba%CBSFzWtE}ewSr%w$r#({UW82^M0AcN=YpTt{#&z!-i z7%b4;5KAIGd%8HhQV~2NmIW*P9#lu^cy!1qpf{)am(=Zee*bXf&b|z`c^z-5eQG+L z3_U|feihFsdaVJUYLjL$0A33!0B$(CoUy-#vE|y=64|*i$ipGdPmD z&tn0JdZYfdNfepnPJu8>qX?EkX5@zVv@-hY85X|GHeR< zP4$kJeHPc0VA%0dn`nt<#2yH0LT=T%;)1!ULng^u< zyATrmc>!m!8-5o{K)-P%_U)Aau+NCVuzu5emw=JPrW4?}d@t4|^6N)PCyl$J&5q1fJ9BF@(VC{l- zz65^|^HDnzP2^H3s;`7AcHPb-dGA*}IA4MI{R1y;@ufhk11i21TgVyONCB;*sFm2< z;_KC)OcSD~@p*yc*;?!`=y60eXCME#)OOF96WsK}ZKjIC9Ja!F z59TK6=mxjSO3S7={3=1WD{76ph69_NCa_BL zsv0Y0<(Q+^121wSuS+;8Vfzpi9{(rm!s`kXgZxGz!_*VEg3XO`c>6vcGp&&cD&HlQi zr{WgpTCO0$fFOCONLQIYaJth6b0Io=$U4aU@@zpSn7^fDa(ePz*whp_R8{39gg zVC*Ci@V~G{`;8SRo#m)Bt7lA&fa_IWMsyPnqs9_536X~V7sq-tIjq%z&I6RRoD8d% zfSP)W{7Qwvt`nJNz~Xs$18xQ9(5 zKhfFqZx1Vo#P7at1kyi6l>PLu6{jVEIkQE$ zioyCwHO;(hs>U_+Qghg?{R<0U5QfK8M_$NuS{xa4j=pxw=qv$U`8~t2payW zR4POzc9D>>g-m4P)U2qGMwwrcN?oU5c83!Faa3ujL`0xf`dc;O`$kFI>9J<}<$i%Z z*|Zt2u0cIDt{DWjgD=Ij6NmXB9xQa5G#^P$hn;_0VJ~_sOZ^R4u(tZE`oFv*{RNqe zcY~v(E)Yk|y!`H#cRQSc-=Nl9lxuo@Rc1cq7GsvIsWB`SX3RFy&C`y~v2ugf1(un2 zD{o`-ZlGT027H}9GX0Ad0VtOCVI%}wLG%7d&RNEY1`WtKI(h4iJv4v+3DtaJ=}E?^ zRpLQ2T2J%lS#@NW1zGe^zOFL2T(P}fLW!oS2E8X8<{A_Q)NRpPuFWU? zV%5wQd#Xs9lgY#|Mt32l;Fvnt zUoJ*W#(aHT^TqFAG??5$8GsL;z0QZ@0Rp#AhM%k?W=dz`K-)1(GF_&w2JvihyN)tE zv0}vCcCW9Y|BH;@+M4nGcJ6|>pbA>T1=Cjp0jZk%+Uhz_`-i=JP32R)(VvsY@AYe|%xuaNt14cTyWlU`vGhyXp-`+Zzvd3`5lt+r1*Hk14<_At18U&x} zR5#5rJVGA(FjlrY@p7-SmZ6}4EE+;^3{h5L`ye`Meg^uPY(yW6JVR$#t=mD<01qpawwbI}9PEk^`$?3k?0mJ;46}P4T zXr2Vj7M~B)>CCemnU+-1xK(&glt(-o&8r8yMDe#()BNI8r-gy|q|yED72=kNUO>Zx zgtNwGQtOMlsW}A73)y;tO!#^l1r%JIvSw!Q;a^L-h48t`$tG z)r!{Z?VY(M2IH4mj$`?3;;_n>ycs15nxxIrWIxz`D;_5!K2V!6jAJLx6(t?1M@aniQ_`(P}iUheMfUz3v)cAsp~OZ3w7oo z_N|N;UQhB|LG}t4S9O&>dzxfA5VrrB#9nsvp4^w};ix;N^Nsw9>;|xzh^#Q6GE?H~ z3!||Z?F;gcX#uoMQ_@3DZ2?0CM8C*MPwCJUn(=*$`2w7CNnz1Ls6h7Gsy4o?UdfJi z=|Yk!PQmg1eQECiG}n*uaZ@^ncv^O)K;?sa<#$TC`P(~>pcna$!~aTn3*I{w|9yTD z2s(e->0k@#9!il)Q0NZZWyzASCZntj#pU5vxQ=d!AIEcaks-Yv%m?3VU1=jsYBEpE z6cv$%;$QT5hrFrT#jdYnM0?+OZ@v5d2UYT4QW5?E>CiIJQt-cmxvWWs4{5O~ixGn7 z6?0YAkir1aYIB+;uCDm?@gp=6c3M#nNTCwQEfX_kgC&P&WB?&OZPxXJ=#Ufa9In-p zAJ{N!lV%;(n$8cN!U3J0g1-tGBlp&-U*}emuwl2|(DbV@%bAS?*Gdc7r5o%?xdDH5 zC7$tcBKg;R80X9*0~?DKs&FYI2D8sX3q-!;ELt)p>z&ryQ_+%+I(2#pw%28I6r$9m zdv)3VRPYs2bMyyc*`TX$yvwX^BRb6PE|Bh3!7iS0?VjJmY6-w?v|_@M)t_vj-afot z@!H^)yO*N)pTM#OV{2zoCtef62it1EM*lQUdw|=|@m8NWcH0iDL-97nJ3vehWo_{# zn&aU(dh;@?L{hA=)Q#a1b55O0|I4{BuRZ>4l01I-;X_;0%l_HWQDW5h@A_Q%;L?03 z>ryC0V0kh2kg2C-Z|UG;)wfuWi}i6uT@OB*22NTFL7~;adUpb-KdF55Jx-=;Rer^{LO-WAaUNMIHQb~{?xyHDRXx!}g`PoFHV8lPx= zQ2J3|O_}JOQ6lv%r;PDCyxLd}*(|>3(qTR62fJE&di}_(-#4*=m$Tg%Ja6^T9t|4) zF$*WjL>H@0YH=^(W0N*@S>TS&K1;8WXhJ)pAAN!AVpZRoSEQ2Z1!3ohW?KAc`_?nE z8X+zVYK{zj>`ab(n2Zft6@50wl9PM^yeL?Ok)}e8rx59ef(7X7@)SN!#wB%we8a87 zYf;shfs94vq{=AbMVmt7w%;@9jmw2P(S1*pT5TmSI?=v|0pv`iK|h?&zM1t5}w;--K?fAj;otXT{_cd?9#I(-D7m|&B}%?N2CG&qtEtO-7gSP_w~

b( z6F+F^++`0$bB^DvlRUu`epR3MHw;Ys_nknHF;bW-x~&y5EuTYP5Le;^_i!Nc6$w&_ znL#LqP9XU?0VBY1O+r%v(={wrP!GF=0OGx}GVRAw;=`}XD+)l23po|qX)bi>q3J}= zvL<23!Zu3l{;=th4cN7_dd{kn;2P4_iQ`r|uLC5(Nvr|XzBmu)Ihac{y)cesH)E)- z&Z&Pb60jm}dByb?uXMxKraE>0Z5OPltk%9?pKfJtM8!o@(tS`5=;lc-@wWO`^R zO6j!hClGB*7}$1?g+%Tb|JSxPZU~xtI%;>oz+4)`$T!5>8u)}qQ-xr@AE6vz{k`v~dQp0D*IP520UckeLQ3AEODHLn%tw^euc zt9kgP2ViU!=^bFg!%Gz~k?12`6@6F=J+2A}rMR$)7zX4m{Kxmm@QC@6>6E(xsk~y} zwL**mZr8j1?ABA5DU_9!!KEWZsU}6QIYa(QX#iH%EFSVN)`F_2$}s`?GE|f}CfhAA z)lU-Zi;w&@-t(cCVHm&v6F|pv$B>BZHvZlkSf{Xv-#|>bSbtq81sjdv2jQ#4w_jB( zBiD~14Ol<{ZMRv+!~s30i)2f|nI`-Idu0$HacIw2<$dOtrBR|Eq2Pj0-tHaK6__^% z?a10-hDc|^NW7GGAEnN_l3s9ZQq2v*IF0;kmh^NI%#OuPxWk6pqYi@3M;M~>CHZ7Y zh1^z#3dc3t&6Y0xmQhd+Oe#_W=qz9FDFz>QBUnSYyXgD8#Db#faCj&oeOF6|^n8D} zNA6iwWrGwAb@gjZ%R0K6R@zzQUUWCS(XUh{b=mCtO0o7*N2UV><iK1N5kd@Iao$Q6e#qwm56!-KfdHT_|D>iH+AsdFrX=H9yf3eMIp+tm)=a1vA$T_CayRV3hHnbiUv=Xk6BTj6=*LjU;bUIr zmc`DxgEE!ym&2-&d(r>;>dwQL7kQ%nfn5hP>?7xIAl~@xTQlHcEcIGThsP_8?=Yui z6EJR+R=Dh#g5z)Fl;E{$=Y2>GE#IrK&C42+>9yer^~u5!FsvuY^=uJCnKYGPIx1Y^WN7P*%c4my?Iecghr zl*#6y?<+>6%w{EqL5k@G%TU2d_Y3_e6+c`^o$>WBCT&;(hNz!v5#Dq!@!X*aq_>b< zGQ1mbK82`#kIR16-q%7zBAA-O-I^P`I+|wd;Gb?w2aB(OeAC~X+6U_V$7Clq#R#rL5mQj;zQczibrCp+9&T@68(BQWlb?)m=R7HFgL0JbL8UyEJY1Rc zoVY&`yFNPF_vtiGrgbnz`o*h1JW6OXP5qE&4AUw7o!$Z;XEKv>Sa&Jx0x`PfRy}U= zVR)(RkGlmA4OUR?xlqMMKMOW_)Q(Mllz!B>uH8*{vG8fqP$P_@A`hz}IVQ|@C9;Bg zE^9^UTw&z$y|ROrKKT!?oFrm9Pv!6+d*YfC5p5(%*^T|Ks3**|F|i*bT}^Uv5ByeT zc5^q2=mnwgy_0Q%Ssj0%)a(~Fi^(T=7LD)MS^3rer(5HP;YSVq9bu;{;P~M`AP*4> zTq(F@zwDWmY*=Caql{GL}wU-smAMGngL(0ECQ!X>hDgt>v8coI}9h=ap`}tJf2EF23ghT}pI- zS%q{6OTdsNe}!|BgxR4}*g7FV;37JnHal@(?XbD#3ZZM*FghZc#d#9wY}B0t|9sU) z8NbHVuDniz>2tKDi=*6f2lHW0+F~73vA(M$J@U;HUQeU)cW8)6F(L4^{J(&$o9O~(vAMhCRvtA5{gqdAin@m$A3x&BAm=2AaHDewl@#53UEBDHm zHxh6zw?y2(cp{6s|0C|dX`XuE(ZBHI!P7qVydD;1X%+OY|0e5!E;S?_PwM9tKT2BHs{eNiBhubl6 z=z;r&!Pu<$87nd78%r*iVXqPRyQSWh^lN1@feafBIPnXKdxWIS*kqIXH8g7x=0c&| z9*s*8%h6&^BEx0LrsmI0ur#d1s~?x^Rgle@5YjD6i$Nn>;6<#T;OajW|2n?YgBuXf z?fJ~T>o|Dx4Z7oR{Qy%nZk zU9w$mQ%vHfccZ7@Vu*jRz_{4OVfzuPV|)oJe4AJNCKdKt+^wRR@EiPb54Etff|For zfyoVx$jq`(G7E420cfb2w;>v#LPrB*{HzX}R8bp0JB&y)(pXDh+X6AoiKjc0{{`@c ziDa1fAV6ai<=nZ|9k-PPe+YQOYMAUxb zAT31h#W{JxgxRkGlj)H`F3@NJ`bO=5X@rzaII3A8F>{Qe&4(_2U%-Syz@n#BI&Whn z-C$QchM$eMUaDy#g-qcioD(#Uaz9m*r;W4BgIzAK4UZSwMjuIlV%C2QwZs}Z14A47 zI*PKMEo2Rgz_;KB9SE>;OGRdnW%ir$&AeU@YIuVR)Am?zV@Gcq;imHvO+r zkvVbo5st#zQEmE6XhhvA-DHliZWT(i>IItQkb-QLkmD%Tb!{vklL{%1zAUA|$qskD zeU4l7Z=Xo#!|w0llIfg(M5*&~^_0l?d0Q0Smko6VKjZ9-n^-{J4*t7U?pRrX;Ix`5 zIF+n89+o_Mo=zVC4Cyl@q60EOhg;)FN1c8PZ&|5)wG2W zqG%VD=UGIqF9+pXY`bGSk_mg9*}K@SstLKXKFY=<6z*#2Q@N^|Y|CUsKMafITsm90 ze1E`1HJ5OKN_(XxXtLWL{#xWVCovhZ#J_BE`X$NP_%0Hdun?Aj`>f3vJl?X^b`dYfdX$RGrA`GUT zl9i)hr8qFNC?uwab7l1(ekGpb%4ex!%dRT7{_a0ts>^z<#SehTJ*23l-BbLF-rg@E zM8MP1UIb#17(mj~rv=igW~$SDPGqJG87GAUbJO7x%24ur{~WSYP3OY&c>K-t3a_0OxoBsjUb7_5G0}3m7@zuiehh7%DDZ(A80izWdL>=k z3hKu(g;l2{46kHHie*txP&b?u189Dljhm&ZlN3|vZ2HeE0iPc`Ji!(0UE85EZ_tIE zu=`I1_48ib&Al>^`zR+g=?12;xQ8n1w|vaIabVIzb)Hf{qG<$f&mS%l*-tYeKgL^T z8+Hkz(B^N^szf2zs#rv)!(5CDm9Q6;;Lz}|D(P+29gd%ra3H$1)BUJdZ9JwLSiR~b z`QXo7AVU8w*b;3y!Fq|3F4-G*d^a;7p1ef+V9D;XDPsS~MqMe$IvTH=8Fl!5aCEmZ z+NOyV6osN^IPuHKf(Iw-DAyh=sC;jW|dzD#)mZV5*{c#^BgQFT#NOhMGiTqbZrOe?A&ASG;Hj#>JDozqsbN z8PK(K?*|1WO#jpoZAehUkNAUl|W1M|^vtY(I$%MXJ{gAuJx%xG?5w$+I z=TRL_a*QLs-PD2|ssGUGKGE%0_>H6bXI>milFMb6fy!2F0i{}cgkEotj-ZByLFCGb ztIrBwhwL+&2r?Fst5KfhP?{#5HcJ7~%@mRoW}DUsvb?hM1dJ1lDfewnOT(OoHd1P} zDpa*2eTrLd15j0^(t z>JifMNLipGt-tUeCuCb9yK)WGxf!&n#_kHR-FMnJAF!H39-TKFalfufsDx}bL%&`# zv;F$(^HB2ZCj{Ij#hSG zlF7=qhYww5XCOW(w&weDGfALK=)zh7eiX~P(oJ-0ZX?XkxcKwz2$#`Tzh@Dz`WU`{ zABFc|qaFDmA*0wS^oDE$?e8g|Nm`;zE2k*EP4QZNtiHak+?4e$8T|KOhc4G6R~aF`Y~ zul<&Q_QXnO&6AUgYst6DkI=DnuI})ics`?pz9O;nkuL9rM2Br%IysyMiC4t$X2Q zvX;LOQeq1P!(-i$OI~iav8#uc=36G?>W)hwYZ(*7X!s^y>vB;I#EO@YD^!1>s((b2 z4*M-Tr85a>Rew`Vxl0h3X-3!j5mR`+WBy~4Ftn7hF(titSY2CB=7dm7lVLC#!xEku zz4m^Ey{DDJ0_Yr^g zK7$H;`8gp<_y!ojppbWd57Y?v+kM~l&Z*#%EG~Vgq0(m@y83$%Q@KCLAXMW?aEWgs z|Nb*spPuT`3JR{UOC)4dG?`swxFE}j z!mdmS&uQ?jp@GB1fnO}9J=N-`Q)3K4cmC^bCXPQwq)abCH_}XH_$i)<@BF-+mu7lEv4hVk`m%fx9M^`G?k#P<<-RIo!YU2oBlQnt`Js$T7z<4$H+gC)2~QyZop z8f)k1U7RDjRV}sy>#78crXI;t)SZ*>h(;(h>wT1@>^!A?tF@7mk|_Y#(k)0lksb#A zRM@a&1(>Z?oOgxs5i$jEb9w6mU-g|dZ*Z1&L(4rBo4FOuBO5hC4}!+MncQWIN6qET z+$PRPc8&G0UIV|iMT$LNDYY$npS=AxQY)0L>p`mSziU9qP&sQDvLwU@vX2YR@jFC{ z0SEH{pv&7|9Lbm2p*(mrT(VUg&n8U_&T&pN9?=rms-nfLGz!+q_ibz5k4uvt`0?eg< z=2K(;O`nlZi>(j%3GkIcJYvOzvtMIa_U5a6+@7l8>gP#-pcE$Y1!6Rr{G6*-@PL5x z5M!CV&L@_3&tiMd_xQv--hK)lD$y;T)Hmt1&{1O*K`i*wJH-czjqjCA_`|fOF|v+; zX0X%HI{=GF-f1_khGyGo7u=K}pIuQr^kQLx{kzk1Zg+w z6TgQ?J{dlU{};Fc)r%Uidjf?PkJ!uoUW_30J5a8}qjxn-e~#DpnR%PIi)!h8x$;V> zFPYp6#SR5JFwPTDoM&iJ`RBNwELSymVXEdODO#E<1E%?b+30Qt8J}#pA&P5n47mYW zI^>}8xkMbmVqJ!!)*B(5!*p_Q^&?i#j!v66?JoaJ80Swk<9Szl05t2s}sibWZ5 zk|aO^Co^a-Qb$=ac1O}-iqE2nd``j%&$)?X8EH=B*Pb%oGs85IgntM+&;w7>2*7g2 z0Z5;&-;y)FF)|_^TJ$Nniw>`104xcyn>LGa68sB!4nwB1@}Xjp^?O}$lpIe10j7xD zlQajOE1_0E^B58x3}u=;gRLTzg3XY1s{#U9G$j`Av`lY+iQn>zuh+!LRwzLS)4y$- zjxfK)PQVrz=S4b;0?EV-m}T2eGJ1m(Iyh5;0XTkIv@ckB)4FBeMS)RH0<3KSo0&_? zsmd=KS@!DUdM}bV6$t{Sb}vG+Ex_wTdvy=zQVq%Gt~s`f;C||%b;GES1MnZ0n2T@N z`32a!6bFxX!@RHxb$mH|lAaTh1kH@5^4FIN7v~GvQ#{qLsWV0p&HVOYKQ7M`0-Dp- z1*;u}c|i;J2Z^Kkiz7yyWlA>+^V+kEZSdZ|y;K?K7XsEw@I?RK=v?|3-@kd`;<=;g zRiR(kLRkuQo1y(uwekTo$WBp@8H(z zBa{8bu|MvkZmyB%cpjyT`-p1#6bw2udI~%MH+yNGdF;!x`;;^j%&11O+bgAe&2OEs z#uxu$*cc6&rP)!mM@7VU-VQk5Zi9`4{!Jgr&%WCCEC#bqOWbf)N422f|jlQ-7^sx9>(-(Gv|@q8?Z|ysM1WcQ7e3rB){HO;5gMCH&iI z^0Z#aeq2)w#Y=>rYX3)Tr_kc;P?Yb>d_{{p58ARgFW}B$e~%EUwo>x_Pi_6#nYd&k z))qF0I&0$_!)1-p1-KSw{-z&9soc0Dfr=mopR#8m0=%xPSLuy!@=bM^oS%L9;ggAb8BOp{XBz?=&8xk7dNFE7-6nbi+UdW+}KAkyH(Lc>Pew+U!DAbTOpmQ+3 z_oKfA;i74!;&H>-V&&N4`T>_IOO0z>K^AyYd|GQX@1ifNO`HbJazm7AJ>;k(l_4#a znD>gce)^JSL#0yc#;t~U7@-=K-&I;_la^+Fc)@ zR4Rv4rbO$*Kr`pL)Y6bar$^Nq4UBN~I*DLy!hv)Lc@@bzK58DTDdw5sk36>nv z(6gsGPT-eR0z@t4EZ`z&?~4S^cA}LI1k25Cb}@u~V|9#cCuV*L8 zA94)RC=#s|a5&L>t3mggzIq3mmYxt!l+ic#O^z`5E$iGP8a+?}8h?G5ZW7{eIxct~Isv$NfGh=pL4L3*j7G>;P` z3pEE8$bIQa++nF3*&-&nc*THA@!s+55+Ar+5J;V}K?1B+!$r&7nE4^ma3Y7pL)leFXh-U?pBok%TFklFMW*3PBa4LqESrKh+y)rApaC zD-C+QygB!w-8Ss&wXzcGU3&K@bVui^I=fpP>PKp=%vH*nvXxA; ziE0HtGKMqGV&po7X;tIN)8VsJbLi<71j7#mYIL+vX_4xSz~%eTg85p4UyI9O3460A zTDaS)ajBQKHg!j-*I&UIfcyCmoBNW7Z%BC+`FUalbNSXiIkiUh$?Onj>AYQ?jj+uH~!r5ShP&Sm=oU1JEUQ_pD-s& zWwDYKa%m>i?$1FCu|nZ>=(b8X3-F|)GuldIir z{p_z056Jm0MdvTJ=k*Rh!M9dH(eT^X`py3giurvtao-XpHa3r}1`^C&&kZP-JDD{O z(Wdvr#LrqQpzb~{bKW(VU=`I>mY>~grg(OK9Wy*97)eSWp|nOZb4RPG`n%;gx*ZaN zqFhkhvPYrQ&t109xBT`ldbtMO%_paw)I@u5WBz`6f+*lS0mH-(i+wiCmkrY(_nB(Csyd&jNMl1 zFoui~^4G#l^aMj*&rV3KgorLEn%**;;j;UyUFY$y7fFJGqDP|KzqK&)WM@H6V0+CG zlpSr5oQ?L8RS7LTD_r$Hye8i$oi@SJ>xoIq`{~7&uLsFIn$XKEuw92X-|Tnlm>wi1 zgrw=j%(P{jqKaYEbE-@!IM1r#OiO*N4!Dh`q|v^*S5ml3hI#uK9zU^vYsbL@Kq}Bi z+7^$4b;Abyj~O*>RzO3nqJIK9Ovx%TEu2n^Z$(yY$`*nPX|c0}83^|Uy3?<0K38XtSJfuHsiW4+ z9J7L0pI6yLD&z$o>879#yyxD9Vq}kRtI{JTy5mJ`0uYL9f1kT-aLi){rR^&BPUV8v zFg6EuI>C;elVr+}K=QA&{Vg9k{MnQ6(i;}kRJ+cR*UFvFK!Qgo10BLDf>F!F$itc* zaHL2jO1JTo1Bb9FOTA|h+Sm-Y$aG7s$UC-W83yPr-m`Rl^1MS1m#R;+f2&^Hy||kX z=f751mOO@Ces^HcmSYcWQCeo6bEw4ez>?7Z4O=vj>2RT>k?yXAJg!4b?4umZwc<#*-E1cRuF2EZbO0Dn}`^3B()LtPoXE z1`qF9S6kbs*}(l`@qoR~w+$n0`ZKCesELr#mQU~w!z?3x;dzg97lnLvB%}Km+h(JS z>H;Lkr>V(>(C-Z>ehe&}CIUvegFeAF!&lEab%71XdhX^xxWU{NEbowl zsl+m<+tjqfuifQTnOgq{KR%r{ZO}Q)YcCk;*oif_eAXwETt+RV5WZ|E+Z`W6_G{sj zKhod441xW$H&E4ru;M$sb$|3x*bVm$w&6pZpB^{!_qFWYVi75W#L7*50bf;e`;VJD zTj36C?!UVuCuUek){IfXNfdR<2~Q(?^HLC@w;m{EFq4GpiZPP~#9Rov_+4OLUOFeR z2RLCwe2PAX{JRd(6UY!C{PhF)OwjzNX6m~o6XBTaKdPrb;$&qOnTjIO?NhOcA*j9TEKM{2Q`K2>L$FnZ7-~?LJXd5k!Ka*MtSBnG4 zI@Ev1g50(LHffl5WBe%P@F=z$?m)m%p`z7_$_JjCph;0ejZa4C8$z9>3VRl2QsHef zcBM6SRV5a%9x>stI+;=H#1+=tl&d22S#Q2uO`)&BC9F~rmGQ*L+Aq@MHf*ZYUW7vh z8gda69cI_$nP^C(i1LBM*v6hBYge8vIq8p;Obds|BA?K)45Rvjy27zGs)(~{^T(=l zH^{QKAol0gj?13T`;b7!H-HSRI|;Gf13?l$;`QR3@paQHvem4-mOLQc6u6Og6P zNeudH*x*imNREpdj&m5@HvdTz#i+wJE}EVKIp7S~X{H9C>*HegwDsK5M7~iu>aw%X zTdk0hUW8K#Zf$9}>F97urS^}$&46j`v1r-%Uo3M|l=zM3ynfEZKOG;QC!ZS}?uY;2 zQn;W&PpuNQYT{MX1STDw(vD%U%71gA{AeI&mo+vM;$n7H$;Rg{_#WD;rC$cXnsxWt z%mj83PkBn)K{&9-U{`U$B`F_-vfVUG+pQwmeklWp!yPM>T}vt@SBj#RT9A&f$fT@i zQcnNWp(3e|r{Vbx@w3ma(R~f1>G=QUuP7AXk0Eqn8M0dQhR+pjv;yS}vMuB+^=?oQ z8sa9B=-nP?6A#Z8K%6L#Ye4vGFWA+ z+;yMru?435jzRufrLA2jNzS5t+s0teqpqNK^ijIX#y;P}MNoemc8Cd8eN0k;LF9u9 z-2~u^R@gh!4!9)>Q-vMXX2x|t5j8CzxA*l}Pwp0o6$E&FW8{|74%i10a>d*SS+$sq zm7mL%0bHl2y9Zur3OHGp$6sovV>}U!Uxz!u5bp3=@^&LLzD7bhU^8%U3?l+Kp0^G; z&jeX?47up_1qQv2Ogfhzoqdyn`@9ZXh^8S#8g0gqtj*m|#56h|Y8)?6g9kU!Zxlpo z7rr+he+_NuWGiRIol9N2XEe4|QOq-|w{ZW&eukld`3)8#Y>Yo2h|2}HW9;q8?fuE< zTXsonVZ~kXqx*AxxMXFhlX0ZI!__MW*5zYnNMEH*TiS-NRN8$ z{S-|<;gnnoccT4wu6C>iX+L8zsaFlIkeRa*JY3m7Sbkp@);DnyBfYiclyB}LF36kC zC%Z}CBI4wYwvL|a8W-0tMR>-epiP@}z`C@8OuNXou_zVQQzd{`F&;AeVxzuw6GDu^ zP^G5N{HOSK%#Pjd{v@GiB<0^EXO&6#9FlMNkbG;&YqjxPVHR)ka#2RxDG^>MLn6mK z(T?v_NDMxKQfmLK@Xi$8vKWSeJ_2(vDy6_l*QVPzgkO#US_w4WxS{UCH0QKgqwW1d zNEoSdYHRrMAqL{D2Zui07bbL}bbLa56TKM(Tdl;-1e#z_2%OC&dGTTO?!qu)5=6OU z&q%t$p{~quR`vJIUqwnB&DJqiD#ke9+%GzponchPHEL6KJ{#(;!k=E&yxP)=F&W6a z`v|g8Ya4QSl|SeEsfHe*9vd!>Avg-cbJcATlQ;{z@4RpTvAF)w8 zf9)Xuy^r(U9TIXh`R5Jr#bg#Ezl7iwR0yAFM*I4lgSOl8>75HY-NYtMw#&}kswGaY z9U%VP{5H`R4b6Mo%w_g^FUSL)QD}*oSKy$bf(N`$4W|aPq0(+hmI**2exz8;Z#qJ} z9}4Atos;tAzf%17di?RaqS^ku<%t7{@q#NWo!IvsB1toMfwV_xl(_whnHVeL8J$$E zmZAR4iT5=eK>^StC{$&o8hUr zC>%yB+Vy^ay;BwQmb42y6ODa(&hGHIOrto2e4uZoh~N!j{mFfHvL}M5`t07!Bx@Rz zaBTN{s=c&0O0_;9G(JQ&X#Dv1YF1bk>pImeq&gh6s1Z(VO8VxE-iApiY?Y$@t64P1 zwSy=9CA4PAKP5gH$nglaN>My7{v^)(+bjCkZ+2Q4&v{eO@W*)F^KUo)?uaT|mOwPc zI9hB(HYAQsZ;9}$P4a2ON-LaDo0-bb4Kjl`DSV254!|s2`icdhTi4<(uZ`&Z@JSr~(as^GU_GJ|yo@cf zcx~W{PNKQiYT9|F()5mFuwNTtq%tmly)VBMjSy>)vXMvE{HsnXquOrV``w+$n(l(i zog#$Ei=ecmK06PS+_*Iw#!G#{P*Y}q5Me{ zUlTOqS%T*G_*VJ&Ekj8(VTicnS@WUcVr3-oL>?;B+~Ptpn{#?;jp^`vcqJ?dqBJZy zqs$5o8CS6t9E?6!lQWX(aXmq-Wp;kkFuo9+{awOTkgtJzR!^AuC6dRo0rcrw?k=N(4t2<&4+!z z*P&Va#Qq3_)pqmI2eR&Nk+Yp@k97nMWrG_2NTV=_F0AMd`!Ve{G8+W9Tx! zkwZV(SkVG0X)7zEeboSURZk->3GYkxNZolu(Fb3b6Exr$kESu?6v8jOm^!nbUW6?3 z;;p|Q#iOvZtj+?HT&(qFboTu(Y;14NlECAE50IwYs-Tyj&T~M_o464KGaH__u(_T4 zpe*=Fo8yb(;djkx@`)u^LuB=N(jL+!W;6#*%4r-~T83!th(ZyM9(80v3#%+F;&_Hc zoqO96zIm=e6Dc_!g%PZ$TL|Z!3D~Cl?di-8sbOtEaJ*Fl_>R0SYL_yZf)J4QEz4QB zJD!l=Y}nbPdiTUNRbqu)_;-YsOmYeZxXYB}V<66=Yq9Fg&;KLp8>8#$x^QDRwr!_L zW81dT*tTsowvEP(Z6}SB#%S1>cjx`?9rstpIKNKLUVE-NpZVY#e=-@WCgd*W2+|KML@4{cdI?@ibx6;H&ZzF{a= z>>d#KoZwyD?0?=8oGoylF%&(If3n)Pc*NRFUjAI`Z30OjpFi}#Si=de_#^}w2SXjL z`Vl++0|@%`K~itXG)O;;q$xK@t*B{M6}VZiICnv2U5?e!Vo<7LA{_{zX!C`UO+}}f z@9S>)?sEZbXxiVJkv_BA+6J!db9n)MN4>@@F(#=0kGcY|Vu@-fBc(qm$>^&fODOBotnYk)Nn<*gB*Id@NLV;TaD^=z zWdE(Vh^7daUkzui;5_ocywx-1F{M%R!u_R3j_%F8}> zV7_W00#w1xkBq)IFL~GYQ4G1*HOi%OP*18*ER(XL*2d%)7X7cvQj1L>f;9tkPPNV8 z+mUV(j+1u9yv#!)T9C+XZuimmF_$$l)(LOhyIuMy7*&j96yu42)39^xa1S`r$V*mT zd(8GzAv{0mC*J@P3f$vg5%iO)OyAT`ybsi!IK{{;Jts6 z^&>hpLnOEgRr3RW>7_un?i*H>O1aU3adv!%fO`LQ^lzNHF6$WZ9P+tMcJ>A0ggXH+lvSpZSJy=Y2XvJiR(Z0>D1P=2J`Tz59!YKc&UrSeEOF8ETud zkHChxp_D@#9U0&Rwhjb^t=O#%33OI!xfew?sSb(&HsNF4Qlf^-cH+dLZTvsd3 zR8ZM(YtS44JkScjq}8IYTg}2xj}}wXJ?NeScYXJsXC=w&ZQELHKzG+|+&7@EoIUip z#dJ!+P6oON{gRgiLCq{Z691z1y<)76)UGikQ>I{rii+V@Nz;5~%*1og#JW}B{cgSz zFeMssnw*}Uf{3G-wt%+2MCq87J8^1ABR!*XfAlC*EpAkqoQ)v!)BH8YiS<~Fu3y7% zV-x7*J}dq*G4mA#urv_hcizwWvjWH#e{Ws>$NL7du^lrT%jGDCQK!#zO49O&zb+?3 zR4NPGp>d{}yN+s!FFZ8`!Ok0DC07?^r20gmWm1BP32`nZWpTH#smFs*P^fQwtmkqM zE?5s6_)nP~wE_E_xFeiz-oxfw?r4|WI#gs6mHWpd=Cfni7kVfZ48iCivD+^u$X{!k zMy?)G+(PIv5LKz}epMXh@>8!1onYHgXc?i-R1rGKi1yi+CHhs}FIpzyFVj+NU3JzZ zvtSRVJf~9rC3e31fvv#O#vcPNZ8BkHU2PNLCa=gLCv!=r6x`TVP97%&vrd(tXu2>G zI(2E?A~v7wB!B9nx~9-BY|_n}_hntZ^;?ao3dM`!KauDPXp?uT^OV%b_gODuB@Y5@ z7a7K&s{{K^cp`Vp1B1!`ZNcy%hqv4Pkp$e{26+Y=mH=q@{FC!!8chkEV?1kn!^MDr z+O$hGbZM$+@)dC~MFaUq^3ckUpXG>ce-@qFl^bAi>+gp8r3960x1s~-rTPqOykZgA z*|lplc5kqYBdU-O(t_1a%_y|CuK%(CknvZGabbw`Arb0?w`vQ%hrMf|rzbPDAcwuasb{TULXhG{Y_fk_rL^3t z`a$vV_nPjJHv7AO$O)F&Fhy^hvV+NSiny+FV&O6*x8tV36fim2=8<_$wJ7r*Ne4=N{IE zp8CtGy3ax#MP_2qUsTCgpDc_IVccj6aT6Nr)`*IYE_R)S$ZN?CgN`~2lAn}PiymCg z;TRXH#^P0x3!C|ynaik?sbv!AuIIBPq9v1wuv#qc8%jF|M<~16&uDq@GMYx>5@rq~ zR(2KJ>@NPe)*o*`ZvXKc$Q&9H*)1a5dFc5I=Jzq7i#82h-1zH(pF+1RqOQpB_+a<2 zJzZb`zGJ74z4TIDyzZ2p#WZNo#Sbk~xN~zJu}QUWV2K2~2|1Q181q|Ph!83#uH^S3 z5VXjq!WJc|ppRC)8ruoM9<=q84cZ6kkHYO>vCHuWP;f|Brmyz{CMC6rsT{fds zdR;_CRWm0Y{*I$~m^n6DhI%R*ct}zh+-%ba-u=T9fKv9iK95PUt!m>r6XvV)#&PoD zYxN)zO|%SLcpEK&$iNG1C(>(zron) z3f^b>I0S1^P6m>F z00DG{L`7=KP#8#9KNa+hbrdrQUwiry=Ql%o($CK1X1Fuv+H1bu6F%cHW%j!4?dGfe zS-@=vANZX^>U?fNpaWGBoM8A>DpwY^->ey3xeFUG+e+DG!A6A<_^FgR zE!$Ej5z$VOtkcp-aVoi`&PeUH81bq#vS`fBu0?wEfA={DzatKP2;)w>q6PLAyE;A5kRx*Ail3ffXr`e0$D<1R8Pe+eNr&fHhU03w_f^JkXR-5%R}^h zr}Pp-p+b<;3pP;aM>b$yu=z^SqY8pD~i%8oicWLjAx{B$EO>Vxs zPD)adZqZVgN0b+i)N{`ihU8~Z$I!Hm?M4Ty<%8|6rNf=l<;&Vw2)RY^{@okfmxd+% z^bi>o8HrKod1$Od1h}YiD!b3=s_zwDu2P<4c_@yU+o(Y{r42R3EzUA@AS{iMGi@CyB>^QZsNo*%^G9jy-Fl72-JWN#&(HC?;gbulciv z?WEXJ-l$3bW~Gx%i!!2arn=8KJz_pe=`!3ok3Sl^0EM1O+gEPZ!u}q4ER?qp?#8rS zNdbV6k!h1nN=cB<#xeBTl}BgqSQ`del(`K}=A$lCV?D%@&OMQqHfD88k?uJ$U5ZB^ zUoL@yX|uH?7;39!i)kV8TG*O+a*GNGmWctkqfzC?=&^OiEkZe6%c$hAq)rVq(h~bF zfDwF=MLdY&kN&su*7RF<*uHb!QvS2F0=5^6QoUvVx0L)IJGiBYfCl8wbwm5ViO>0c z(&77ow4PQMN;0Bl==NZ1q{}{q?UEO|pn0E)FnX|wnSgtL#s&Is7bHS(8?%I95FbPT zScR9XFFspmm;H5J6FpF$8!=eF$2FGj+X7#Fh%W6CpEwGU1mgrY|34$9QZu~sILm!{ zHFC_n;8u33KbEkDUmEp{c7?Xkz3l$Z7aq=yr2dua+*#p1#2IIZOo!^cpUyBS8dkFWYlcZWh|QDlW8lsv{cPk4&z$YzLjTlghmxW{ zMiEejd~!oZLz5NQ`0(0mU=t^}s054^WtHuR#^{3)=nBabv>+xSjv(PByxB`7!2_)M z_M8EzMBrh3;_;(n?{iBe2LaW6aV_$?UWVuhJe%*0U`3B(`I35}iGaby=U z%hiVo6Tn-M>27syHCna72`Emv_XOGCkIiE*evmLzJ$AX6Eo7hfqlLX}xMk%kOjyyo zdRX-1%(YCUkf{*Ze{T@~#y+g220FF%QGmsB?N0BMw$y?`N84Qd z)gGfpY_nd)-A6h!aqud0{ta+V^5DgrCQr9sS5iear>*OJpwe6IE9*Io@|XILUMRcw z3-DL~Y&9;8j}S+M0oZ9}4*owO*hq4*SV3Q_V-UTT-q@G$_8rCCf|yxtY?MH2^CmPf zuDOcIAg*j$>af&ERn93u7@?7!x8UexCRsb05Z9ia4;sVF(TT@&O>U~4Vr)hME*lc} zuU*5mjxl8sgN3V~WWIVf0U~mp^$%Vy=U_OZ_iHThazQ#7eQqBTJiZfLi6Q;nGk^HK zTCY;2cKa`W@`xmBqx|M+zGyKOcUtWG4H*o06IxiISVqxF&Fz?3;&`^4A;sf41pK$y ze^NRF79kwf8KM}F98B=7&)+Ri9#Z(&n~5r%b+X%+r^Ut|(nZfGZOUm9z25v9YG8KD zq`!<~5UZ=9?DIDge1WUA(HR>Ie~rQYYN&c_bDU}}^LM4Z27C_6If>vFt}0jMedJfUAo|qGwq-oDvW{WL zB!nb98}4)6Vd9(p{SE=0Dz~4M5~ci+q(xF6!R?+*reI;_-64`qy!T2-P$(t)Qa)Y( zo?!|35g)SwLMfdt)*x^RfPe@9IhE#{J>k}8AfzQ9#e{A$U~lTon$Z0joYw{Nc&%h= zWN2PNI1Z_>FKgJ0cgWhqtO`w9{K3V79M}spb0tt*zca~~LDMWk6bJM(8m+Y-&KEgw z4fbFIX9Yc&4VM&-o%acVx zTon6=jom#@Js8kuF5tY=YvMQjlc@gV1w~ zwYSG^NDAU_u$=~D5Zu`T**H zJzxYL?lDmWttn9y+wKK5eCe0VOj}Ya^cqK$>#93qD?-nH=)=d8?t8owjay%WW6civ{+J5po9YOc{F2ANvhx=Xkb94S&d`Mdf$$*X-0K zahydoTI%N>oL)KfSg8TN}y5TM$wHpGIi{f1Z~6xrw*j*jzH5iqElhM~Hi%dPGPXt5NwZD*b_@YHnn}Q`Z7Pp(fEu zZ~{TgBNcg)#luu0qR(1}-uhL05-}bNzWa~u1>NlHv6(=t!rX}#xD-0wkxKYkD{;+} z)K#VkfvBi1JoZZq!A|#e5P-SyNUMHfH9}2hL;zxAxcg@aZyzV>I%2SR+JPRDlj^?% z|H~hVi2Luq2b#2lR^<`HM^vh639o!&LexNXzPQ5SKiAP6CWM1&N*XZeqzlWZ&e!-c zuVr-KUuWw)Ei3UM0+{?ghycSPUEaZ_mI$0;D9S2Tke&FhUDWs93C7}{kI@OH-8sND z_ia)M(dyrcbXko#<8@<>{fJk83F%o=U-#PZoVL-_k_t5-;cC-hwjok?lT^$VYX3qN z8@(hswQ7kMY&A}++@j0oSxn8T5d~&l?z7XRN&Xc-+t9UBlGUL)hPAEnW;Z#qfee*~ z+tX<7hijp+2w~ZgQm~w|!5G){{cExmuIm@8YSUWPZSS z=GRthlK^UDkqJu1=)||D7XvTQo>f~`py)Vcvv2~m!Uith?&x*g|D-*gRzpXb9~*F-Vn^*Nh~+lcvK#@{NA8iMG)jjR$z$OdBoqw0PdFlx z=8A|u;Up*|Vj`}~N#fnyPv3bBzCmrN3tPDCOyW(?vXmg4MBP}8KOQVpd1JoVNZjhh zeDMAH{#q1%5BM(piV%1kmsz=k3Lc9TXayvCAGnUYt=m6kuHfk;{*u|QMi3@h}$RZ{m zYyOJxNlD&zakrFzpWN#3*h(%{DC9n#`I0RBLBK3GLopdOMO|;PRcUUc-_F{KG}VUm zwV_oW5hCSQ1``r@ij&VtmzC|gO)#jej-68Y`I@s2|A@A|&n-!5&1K1onTw?=mBOaQ!n@5+N_iOlV3yPU zQ{a5(|4V7mbtfDlaL#TL9Rc4-*Xd_b7k6uVQ{k>jrJfK3+_DJ>NjVub%rp8w>}(A^ zFwN^@`uMSUYA^Y64K^s|4#$@bBGuXzRRfpn=n}L*7@Xo4Ccvg%2AYq5Z%f8wb0}4T z9B@v>cq|Df1b7*Q{M^d=fw4*3*D?(QqM`YL(GZk zWUp!F@tCWqy*EoDH4_>0Tm_*oJ&MyZcHkvzGbP5M3@C0|VOywntw~?Bixt;hHrh1I zaGvWO8*(h7mkxW+yQQ6DCth^bP3jAxg+nuk7pIK0F4!CTtJQMAo07vClW1Yaxhl{| z=?u6LzPfpJ-$-UXuh#Vh$>h|D{?GRAKTAqaq`!au?CsPHMB=6CtOVD4CQ?_tttsOgE|saF z{1Q6rEV_(n1S!VQ)rmCE`W`^IOobHZ5ptZ1o%W{QXFF4FL6oVWAk6^}9F`pwkpSlP zK)%;)B4?Dmo5pAdEWoBCTMZb0o+810Huu6g|J<`FLeZDZ4VRTOQG$G|%P{VsF>ZV5Mhk8r6%OT7|T7K}q`>UJq7{O_@lgHZ_U*`d#MXilD zb*i=41TRWzffn3jHX?fvQQ9QtVr+#L-oJLyc+&#SSH-jT{H1YQ%_Z%;lcaxhswPCbAgy9l9M=_Wn+$ow_D6a71%{K zK19`v9BZ|3#*AmQHQ$p=t8-y(C{hCio}*+Qi|H;}KE*J5(<7OIt^9rw_FlXB6|I1E zeJ&o5kh`Hj?7o@gmM)*sJReJc*?N~t>)puD5sYn?PgF+tI(7P6)VE zv}&iWX=-QEG7XbU1fV1Bs)`xG>Og(3mT33~SUdCVvcN3GN+D&uM%bot6RVemU;IMU zazNjOj~c-k4#h4*9*+$SGlA+p2OMA){o;F`PbWMg;fsOBh%M|>^}6-u9a(BQt=XjB zrDO1O`)Lv7J~ZtiiJ6Y z-gHWK!P(O6s6VFaJXayzQm%Gln+wwQO<+5i2aBkC-L5l-7n|A4JX*hPRs>a4b!4&= zXw1pxspKexG*{`X3@>{FzvvpPYnF*-STxHj_GP&q6r>o6bwZ9(KoX^Q85tO}* zwLTpVk>=h?UrFfWm>MG-MgltmnN-;1?c07m#`WK0*SI>nxT!+{Mmdfva3DHvf^Zxx zCbOrf@Ipu)-Ne`x7R2X81=`~#q$>XqkFoX&Y1`wQzB`HkP1eO$--zDnRpP*(_2PNx~yjyK0Ph`1};hSKf|XxRh34Ek*bI z>|of{X+T^j6J!FTfZ|TYd^Nz>jv0wVlF5UW=WEadsnN(Owxrv3+m4Bi2NQoatS` zVEy>+qt*8C#px?v&TbxLOV3G=kDI# z-^I|@ApE9>^qFe)SQ-9seL&>y-tbn}a|U+7!)-&DIEB^PC2zHW`@W2IzRRZX4T&`r z$yf{XP_6zLB18B32YBACyp9q6caMLnsh_H^H&*P@0t7xzCmsiwdQ>SQ^&4b7hAt5K zPsS17|5h>X_eq{d+7$j5a$k);fT!I?`iv6l!LgZOpj^{Xs5pXi><~d{k{0 zi5OJsH6I71812R8B&OWk#D}#FZ|IU=I4`A6F!aDv;*;(&$vo?=ohr86PBElWZF3%4 zpRw$=FdUa_(ji=mwv9t>D}{;foQ+0WY$HzH;E{n3mu)*9q2PG}`8v}*`w1}MyE7AV zA^zt~vXw=(g#+-lAmT57I7EBFLqDeM@jiG?B=XvtME!I0#(VNi=jy?Xh>e7$L!HCJ zqPHv}_4<>6+4sJSi`|DBDaNngoS7a#V0v0fq9hzSPx`|~OuMpqr-qUx5L(|tK6{fF z3SN_QOH_mcHoZZF0@^hr@IcjZeh6Y((ixHtnUzw?iMfdP@Rxn|PT9RY&;>Zc=AEt) z0~H-{07%ds*5GprDEmFoYHT=gRp?a0HGFw%S4>2{58-+SiW^*nz66`hax`1PJ@9ptDwNUoa=BP*B%(BetP7S?!3z^L;#ZE3+YdVRwG?n`S zxwGYv9GzZ0z z-{rLRY5?-zvj_caCdbd-d!ykoeg+@-H+%xX>z;vi63_qd!n1i>y>;y5=&`dGzd-8| z$^08WNv+v{k*;?jcQq7E3l`#B;W|sFie&7Hl6ROr!VpT}yk?bfaf>>$CJe?`trh;h zH<2%CC>frC&{1<;sC*Tf;$X3tdmZ#bXi3oIG3Ph)AJHe!n(A@#w{D*`lNUQ6F7PnA zzH;nM<7z@`>sPc{iYi;ivNn>zpH(z-fe#iqRWm8H6p|jcu)W( z{Lg6RhY>9Z>%(d(nu(?N4+wJYTQpWqF{|E*nPwH-MRI!er#L(MITuCIcS2V-a(g!T zGF~W*-P3V`!YDj#!f%u)U!ihOlt#0~!c_FZkIv%gkcF7(I5nFhV;hjMtm;veWHOW) zE2zB0d{GGAKmdHb=Gt7qg#Z9x(yk;79ARq{FMz(sKAZWfE|;_SvqYH$J2&k@E>+1c z-b1R%O-PC$EIP?6MqKuMyqN(>!j}T4SU4s0Yb#MhY-_i2C?EF~WIlIAFJh3Bz$lCL zaRrdtgH}%ByLVCju2z$Wggm{kkxH~j6gnD%xBuS_Pefwf_=H7hT&AK**j99#O%pvyTQNSjolHFo+e_jfY`NM|o z0Dp`&bd-3AI@wKoMr7T%*M}l;N&b+x%yg*Y!rb<^OVG+VZ7Y*{5sEl%Jtracs*&Kb z(b*zP2M+Ws<9V4h&#-*;;hXbQn|zKqH}t z8GNjO@}F-_SgtFyH31zZ>IIMSK08|$iAog8`|q@r-`zw3GXM@+`%q%|3Yen#Uv}ep z%vBCRi;ve=gdlytpwW6TSiuo<6&#=}pB7?knM_e8V$TLIf(wx|4^~OwkDF;9%y_M^ z#j`{F%Aj2PxB7Z;(_-!x9%7?rTqU!C!JF`QzUdq^n5fO7YS!8$#YNk>rCe4uK}e6? z92yJbyDD7OnJ-Vu5|QHl&NjO9{O3g!#{-Ilf9J6<0PXSc<+GyYGX2kx1DILcC?@4` zw`_!mOxzeolFrpqa?lfOIJXm9xgo(kHsTuxdg6|dNx4oH%m7H3JoWPOl_`}%0 zDiNk;Ody6J>WcXkYaU*#YweL)~X+290f9_JBGbS_s>1gJWZKN7?pVVD!3;3i7Ml{T+ z4HT0rDnhD&%&7fzL&P34kzKXDg$J(Fl4>IUj%Ks8TF=B0u=y-l(O{@Y&Q{khPDp(d z+vToytQnds`q@Zm+vtQ}Z;2$#DZncqq_3!f(uS--@5(jWGJzXM@NH{h@u&fe!{K}< zk;~Mn;~J^+melV6!+q{QK+W86suzf@ifH9`Q&iOeMw#>emJ#>O4!5Rj-6c7kz_5z3 zk#sjgS6J2G`Qr7*3goe3zWmeKQ|X$XGER+%>m!4bOvj3Cj=l^XFfnKX%(C3!#9(>@ z9J&$7!yK;Sy;Sv%-b2@ijSb*x8g7r#sVynsl%T!tysi=Mx_rY1es>f;QPH0x)OyTk zA`9>}0^Ss%OihU0L!A!b9oq|wEsw`~DK>K@j6i^}9D<#fIzp_YHS#593fTN+OwwF_ z*w7!Kj{5B%w^F|MY1JKLQK-H8f%bfR7fNH7=JNgI=fysy7TOhZK6V88rLZPj@7W`> zPfd|cs6@AoP9(sdbXIRFEnk;$>MTLqU+)AT+mQ311}(O zfwOUe1iPX=ihh9!6%TVbYuT(?sCC|<_&&)g=mWGTj(3HQb+z}P2G6tn?*o9ZX$`RG zt84pfzz4Kq%bzX=0OE!S{H4%C{dwJ0$0^ht;7rvG9qe@|daL^{m2rp#T)-2kX}~-1 zKoIJ*#0MT;z`rA-PC$rMAUg=s_RwGXlx_#iMLaVB<|tX!)(KlSM7P?!W0DYA9j+qDDIP1l5PICelh@3ydx;^iZ@w>m^?X zsG}oM{i|V`;l4y&_rrHkNnYDI+6Alstfr?xrjeFo9D$+J5w1NxEtlnI4x?RXH}_?! z7+}G7e`L@`Q6g?Q^0-T(5ks-1U7|9PIIKjkt+e22=p`p!|Bmd7&beScG`tptg$6K~mw zy&9k4_a$O>>8d7b`QMy=;o6HFP|Dm*8rx$aqS?HI8E!&Q>Bho=a3h@vz2{$z$r@~V zDP@=U)UCfa1SO!JLxhmobIpYA@o|4duJhifjSp&Os8^f^iW^cxNgj4zNfrl~v|SuM z{CInQeJ4m}SH*kg3$i@WH;cX&-J-9W%VD|TVruL;e&3C(dHN1Y!XN^p(JXm~a zLi3j)dx`cS?D{V3cnZY&Q?s>g|iw82VZWgv(9u7;_ zKW=v6AE(RW!bF>`UM|&f2|%u{lmy1UnMIC$v(fjtGK@8#Y0CH8+x+D*Ryoj|TYw>c zv8nfGJnAa3sJqQ^aG1^V@HO<0oUM1ye7WL`MlMezkT0r{o?QwzSSc?xQu!Pf{jc6p zRavHqKC9f?GHQ%gCBKq6(#4se^%BckXWU{0?i{W-UG4xyIAAkJeK4Kr~53!aWY(3$|gxB5fb1-#1FK zaZ%y!`N=O+kz`p*EIcL@jR?ypAoAMaQqAwsYzk0S^W&B+8g-bd4E60jRm9S-q-2Kd zl&)L%wHFeb{_+g!N@#s!tLqFgaIdRAc;Q{tQ*8z(kvru$twt3bQpF`Ehbz}5N7ahUXkbN6`p8E%3 z?ZXo>(>BR#@VBkdc)$S^Nsp)R8?ReHc)ZBGeT1($&Qj@P`x>)4+^lH3tXJtZjpfW@ zWx4SyMv9d1>?`^|!%Argw6_Hkrj39`JP#qHJeG?} z75=U>t6Nu>H-W*%_F2OLnEo`}3W?gTFAapAA;@Ob;Q+GJ4);-5zwm^Bc zTeMxwY)D-93l14ab=#Sl19NRk%G8&rMpC^plt*ncD!*#t!f7xxD3;lDn5ZLvpfxB3 zwh*5#JfACYg>=|cE+8>8+JIYgkB*S*6A)Gr%aC1bp+&u|v>uzmanv(E1g-UkXC7!6$Eol2~ck^}&5II19Jfj)J079%` z6{;8wzzJ;~kP;qTAHH5-UG9DYT>kr5wSO{lr@R-W-546gw4uC>>KrPB`k$YM;cXG` zzAr}^I_qRwnlNX>iT`4i>fRiG8-)uOR8=)cA0ZLTp%8_-^Cmz`hhQjGa-6U5?alD2 z1gEf4Bs^gcW`@hCkW?NLqcS5(8_RCDD$raN>Mw<-#)=;er4KCMrLjw`8SPH;MXo#9 zW2^z9ZFiUc6DfPVUq4Fq3i#fFT()^3{N{A$Y=H-8L-rnE`<)6w6yVR8(hUs*DW z16nZh;l@Z9*@E?4bvZ(RHUHG&94K@Q-hxsaiR4|Jhowv`o=r|P6^wBTBCP|X2$_Tb zPFP!qhUPCOoF?MSRSmO3px~3uSr>lpP7MwDdv6E@MIF1mEWWX(g*hxbn9ObUmEtDT^iR+K`yrmwmRi5P`;fdSo2=Hw z2i1it*ZiPy(FI`+>H698{EGzm0dZw$KgZE1fKCWJ{*p2J(v4qr`r9!& z3t04e2m6jEsU!$XU?oQ)2KKBAv|D>>^K)w^b+!7fV{QP!mpFR~Rry|)W8_&>yQ#RQ zW-C@gx_J&m(g@{h?cxr9NuK)@G%6=omtIXr6mZnS=OXALXp^adsw0vH6v$OqL9(lQ z1>W4^7D-hdRTcA5TVrGMaOyY0p7QP^V3Rb4q(9Q*wTmp#2gH%?@tO!Qf4ZE%&V7FD z|6E^NjBIfK^*WOcOlJ+^8APT#5!+3f(l-xphT-YuKRHjYc`x#3X?fhW2Wa#*E3#$LCs)rK*ko zNlihM_mSkcL%_&B>vHRk$?tP~=4Cqe%rAZq?(rZ1n7xLMH^65btH4tI7OgRl>{HFY zi)P~G#LOXsRtXb>+1|wJ#%)2y)loCUj8a_>rfn(QkRK?ViyX=}bI=YpciiTDf}YG* z@$33$?>!cn62FAYzRDf6RPL`n=Ey4O5)MfLadfyT#6@%@RfuwG=;}7zj4^mSOWhjm zx+)a|MWyPLk-t{eV1HO5Q>MkJ)jgr0JaijzJz%{2{sBMg77$3pR@V`+{gM=2i?j=P zg8(3io&wRX4nSLL&UGHbRaj7&3n57hN>RoAu02s$=2-*c*(r6VMEO(f&Oi|tp{of_)X3}|8}pCG6bc^-3$dSQyqA#qPbd%jd}}wlZ&<$MK;lBqpYzk zbj>5<&e3ZsI%Vx?P+T{xSZ&%8By{MQU0D;? zZkZ6pw_C0@M}@-fh`%(RpDn_nXgp%Z-CL$TW zMr!EaF!}%Q6gpQZ6S)sV2v)mAWG_=0ImG-fD%-H6(o=OARZCw^3o6!*Sg+$U=W~ZyIS+HYEn2A6 zaE0od+pOr0SRdyYbgmKAF_|w-t726VIO7_sm(fychM>&*X>*72jQk74U=CB7%UZw*^8d-lC-mr z2nKU5LC~Y`k3RO*Do%~?s#+IBKDf*O<*q#rppKM|NU`}-Rz2ZU$1G#3UipG-0GVZ*Kx57Bx6 zyD}`^`fvkhGid((SK*&RHyuQFSutaS^ z_LdF0W-cx5@{UWz(e5^GnY6*1DBSIm^zx%e!a^Kx=6k%r2})lvAj)*u8P$P=o@ z*~C)5ig2Z6l?m6PbmMB6Nr+(m*F+FPBXDv3f3O0>(k)P$^;r{9lhITmpv3>E1V0EmSjLHBfxNNoo_rh4AQem$C{`566&6Wa;++4;xT z`M=Jh0U+@Y0EL8%osVh@C%YxQkIl7n&rfSn}QSjmWm3g zdt-o=te_}9nmXjD#@zeif4{}Ml~mb*^-){t{Bpk`2OdNWM;$?29zdNLQ7HcP@hc^N z?7+W&&N1DCBm>b>gPt(BM-c2xkwJNYjm!+-Mst|odiR6K}!)~bxMWw%#%1Ly(r6%6JY^H zTU#=8N{!7+0O1H@_(VS=42JQ=R}~bITHn;6|6>dGYY}rV0R#QMPzp-bDGIgH?V&w6 zt8G^VH$2=Id$r`m3OZ%p&?x(}nYx@ltmUblYdXxGc%<~$i1AGUQriR^O+dN#WW zssKZC1G0QWtL89m0SVXC?0ENS_EdM!75dktnZnlNO!0CV>tKVHb0`vMsl#|HJR;-00OTkY4?FIMq9PJizseHmY}IpVCjX8;MJj!cC-RJ7~_>%6b!nmOTAzi zGddqHnopbNdAWJ1)vrf<_0GH{C`WX#PgCUsQne*-`xEA;>8Icc)o! zH&5lucm~q|Tfrc2zh!q?>5a45eFaboX8A3gtrFuy!8xwaXob%u0iO z=LUcIMz@vAsTGTB6D%M&`h=;wN;QuI5aG&eM?u`nbKU_yVCl24fVYtNFXeR56GaU_ z@^vi-`|w*9UF&cd!69fxZ5Cx0c{&iZETrysKg?}?foKW(tbQUQ=GeWT;*u>k-ko|K zo`^(Uwmh|4>dgU#F)h!6%yc~qPh`Slx+(}>J;Hk2obXdIi@0RICiRx{JMO}onXyAu zqnwtHjK`@{4N`lZxqx5IHY9Q{{ZC6D+}99^tcddl8n7?{|c8ilALr~aI`3rTnC zS`IUP^PU`yGhkoJ<%8`1n%PWuxHabSIRI{{hQ!yBsqNK~T#45Rp!* z)2dt&II(e94zWzkx`&Ue7ZA*6Qgpgugl_5rd#2In&|0$kd7;LZx3-0#s*$gusU0xE zs(Q@G)V_w{BGT>942;(S*@OT0AtmZHS|WbF^Tl<(!w9IG%&nW!z`=SF;7QRT{ zoP2JcH&ne?yO9!iu?2dPVKj;(J^Ht%x|saIEJt|ca=_l)8&y)?Y91P0k=!7kYn1su zKub=gF9(_GrCRQ^k{g1kZAP6jG`%z!Dy`$_y7iAxskH7dWN!RaR3s}JVhB`0xqxAF zp_anqpe!A5CV2?C*MDhKn@NwgOGHW-bn?x42-qlAg8zr7YYeZmYq}>mv2ELSW2>=k z+h$`lPGj3_>@>EWGS+vl%*w(-U{Fk`?82s|0-^)c5 zLh~gQt#%(g8A%Dnu~hgIj{c-n?k{2!h}k9WTt=@!qS!UNRQN|54m2jY+|#g~$H9?# zLCexvBpr+UGhzPttg@(l3j$L`&ESg}c2EVnmY+%ta_qCeTzI>vj7EjhKEIsnu&Vo) z>%RZLZqo!ocPlgd2euYY!^;HE83|i~#!;V7eTV&)mhTqu)19s!Wz)WY=23|{O~8n{ zyux1Pv9)wiEO6RgFPzS+2Pw0TZ@S}L+ii3?Z~d+D*`1Cv8ays;nix&>+KsW&9TcBF zxrw{b=qDT??*F>8d!5JW-jS?MFdlT?je5EQD88ngNF;uPDrOCF*G@U=q$0`ju%3j} zSUEe`=DJolQ&71dkSm?7l*romsTGM*fSHB8jm?w*N-H=IPdbUyWMx&IHnx|G{d`>sQnoPRCuVMS;LOIqDnFbZHFIf2~J&7Z-uCHQbO zyzD0dV_OBIL{5~218urHL~!rg)wCl#aCE>qxH$!%;ddfcG;AO#TpLeg+_-AFcE}#? z-E1XXv8y@@a!jV0YCMBixZ+e+9hcQ_<%5XFnSO;o!qTD^;VoLp2(i~M2-=r@t1X!l zg+{S;%1pLZq~W^MtSYDYS#W1k;Le88Tpz-O^p4Bwe=HMaRrXe2t#u!_0ITq7%H#ZH zgt%5G(vr9xMNW2CDr@vPV#lFh5_M}n7#qztx}{HLMzHi9cGOM79}9T3v<@@WpJ0#^ z16w;v;YJs0Sr5(;e%mNwgIH$Kqo#l&GVjJlT|T$Ey;uy+>(572VQ+%ZVCD;dq7|@A znF(6gCz0P|qPy7xPxEKUUtzf`A4M-QweJPCWLaSkf(hd*Pied1HNXD;+=T0ZBq&Qa znr}Gsdu}0oTt4D%vZx-8tU_FPrhna2k6;+tTexMi7Vk>}0pyH%47+e%7>ajrO{k>QPyvsYAJ zNrsT}l)x`ld~FjSy)78^ugW!8M_Rf80N+3>ISczyC#CzN+T?Q-oWp366$qYJ5{QKQ zMneNNq16xnqb=bV)G8bp!(U+pNp?n$1m_cq1VZWC|RBUlh<5VU|)xp7>%?3 zWtMqsx1ktch{UT7vM$>IJ@P5r=2u-opy!E6*Dbd$pFdPFdyH3p0>!Xa<0;lYg2EEfE3#xV|3P#DCf;h?5ZlIf6UK0wo10j~E zgRfgiHBsOF%;9xYSpFV~2#^d=p=&|7?Rm%bc7C~WyQ86Sa9V|B)T{iR+P&4z^SgaD zPM%>WVV*XBDF0~O4RiP@VeNzV)@RzHMv4})-=lkazjEHrDICga7Tyk~`JL^}^3Bsc zwT#ejPFc57KVeL9Lg8xv{IcEK8KQTrWNRO<9lI!hIm6t-aWby3Q#HvrOoH#~-^_x> z*#?h9Vh%13m189BKN0P#UmvH7*R$F^1HUwna=)^*6SIX7yCl!tI#$0L9r08G_%n(| z-Rb(H&CMn7n-7e7tX*}IOD;99XpTuFE)LRDLoNY%#eF8GLK%hINl(k_wN6b(_&)d* zg6N~}PctKL`Q`L*oSyB+=CcHKE;GNJkFt?7m>6Nd>ii^O#`|~DY4#?a&ZPsN-KJQE zI^3Z(@vfm4B9CdWjQ!WR=Pz8E3+_97=PaYKp;#$i&-17nFm#o);GinPfdlwybU;vx zDH2CXxwi`hf{c)G@W7#lV!*cVZ??C+)bj?)(a}cSYw}mVo-7EGH6O5V1qUk3Asj3> zKc5&~8qckjq>vs(v(tw@tqh%(COzR2=hlM4!M!MgD5t^bS&3jOHgu^ErX$o2JMmv@*5cWp@<18; z$4EcC3kij8tG;>LB;Q+a3;Xk*4qUq`EwGoI!E`V+uEs%HQa+|*uPm_XTMHT;6+9b3 zOKT>Mr@IH}Is^kzhAdMf*Wq^O)&b@=wRWomhJX%p0<+T5tbwc3mJt~Gosp=xLzJ@f zVv{{F{Kd3oE2CaK_4yMB%#uB31hDCe)>sHQ=B-hs^VS~0*c~v|!zHCsH0t%i!ryS8 z(vTPPsbr;+QKVs084T<(Xz!O*PSs(dtpg$ZvdA$+NHFyDXWa^7nY1G=b7oc;k~e=ywExk4z!Z7Z`XzdHLw3w+mj)U`U(4wraDtJQTE%AxoUokYhb?|>1 zy*YOUF7}M7-k=6i*XRYEPR?ci2koiq^X!NYgswCCf%q2R2Z?-hzq|&W(mbyyv+KRWgan=NR%UqoPSR?gw@ZI&2(O_&XrMuTSQFXW zx6i=`Z*jGooEA{{Rc%U-b24ILB+l%qbPzyEz7;W=cD)|ecx?y6H#Ae|bvYw_dfhF@ zPum)WDxzQPmN3cYT}i1FBRi{`i324~Vw2{C?5;zrS-%p%e}gvF^)Coz_7QlV3dA-$ z2&z?pA4uk8q6G~Uh)f;MziNc86@(cWAENDgT(9V#9gu>|&IxDIaLOKXh!(FkDwwdx-_|@dJ->Bm>n*E^JWs}e=Lk7}Q4@^iE6RfS90N0#*JbS|RLFhO zubyVc4pzG<297U%vy!?50a#1o9t=Y*?oiK958Ijw(xyH{KE}M3+E7g4a+!ID&DlA7 z>yBR0YTR1ucDVO@?Kz+E(+72p4agKpJ7|PS1ty3*1NP9bb(v9CSk_jd6St+y>nA=& zx*8!TcAt;E9VRFq4}0Q=3;o@rYZCscq*%w92#{yd@ifn*g3PhJm}-iDZUhxuzjit* z&(zV&bi5;l7>SBVrlNS>)zYtfSvC{~-&kjhZH;JRSZ}5Nhauajtz@UAUB?$2O{{JbC+7vys$~Y~7pb z{5-`p@3eM-vtnQ8R4siaz@i#xDc3c4asFRWWLY&PvN{L3l{%cUiv|`mdm&$soix)> zQDxb2>Y>f)!Wh^}VQkewECJGwJy&)SJvk835^t%EQ6a5q4QF9LIwU8^G33(M@d=y~ zu*)H^+yQ-|!h{3tSo?j8kV0J^lCa|UjKbKvv+*((qOz6Ig10(3){Li&)v}o+5WL?N zh@#pXA^AGk+Q7eshM|#B?*3skeRG?@iIB(inh$`#@ukP!4XWtU{*|V%(Xv7BXS~HQ ztCm&&^tvo%utmelEI9b=j2xGsyf-F5Tf)u%EEj*Xhl*qCTwF`Zbf3R;ZE)S`RAjb9_O`>r??O0bq${p@Aoq)azTDi2zmw=*-_v$oRP zPcgj;RJ|2HYum@5&C97b_*~UjXxko^fl6vFaNA|at}m3Dfo2nFjJjOrLR)MjAbbIJ z98-B_=iBo|g;IIiNq@`PbJa!Slz+mT#9VHpCl*8xNw-E(kNL%4PDB>NLNy1%))>JL zkEc5_au`J3HMS$MhMSa{nZ4t>A=UzE&q$=<4XlH=s9^S+V9CEb+=eKGFb%uvYf^pn zgXT)x@8rGms+B^#gaFH+JKLFJYf;Dhc*)%^$d5m({K6eBToia!38F-l2X>5)D+Q)F$n zfoo6|KEO(F>Qf622kt%cM(o(t-NZdKwL2X!wDRL*e)hd4=zU90_t0%Y-t59WcFY)N ze>9AgV#*sJg@=octhbon0}(0Dy`Gc1FPG{YOqL*=b4p+4bYF<7kru`n@BGjTXV~ou zbzGYzVP3r>*aVtgC(rJ2fkQSB7%*O-OiK-m4(1<4(zLH~`uL{p=lafY#8V9Q=kYz_ z0y^{jBOcWIrLRmi=iK#>r|<3UuYp{?8h++m3?I8e)^F2|v;;l%L;E514JLX&?PHni zvid!_r-67{W=m4#(GdGi3tRXgge)p@QJ`(E?a+FF4b?bZ!qM_uPzI_~$40K#aPBF; zqJ!ssz@&RO(MPaMd~(A-eSO30rB0=Hh@>aaEQ%hr?(R0|(Ok^V?K((bMjKk03Ph$PP0gmKp>gI%%5VlkRH8OA&1{SR zg4RfG_<8+B+t0$j^yj+nrIY&H-}6gMF7-~Ko10(e1*Cip%czP2Yg2kNI}HJA{m+~IN?|=h5No%(z6&_0e@yy zw&ao|c2YoNBx}ix3>1P3Tf~^>l|^!HeqX(>feFzv3WvBkm~wr-P2**thyAM60IO;hEKA_Lhq%WMj#7{<>j_n^2)huIa&HerH-H+AkBv&}uA`N#h6*@Z_yk?OeaEXNNMsJTq*9pnrx5Tb z1Et*t`qG;>U&bNZx}8{j3q7T|#C0(qijW14VUz<%{1F{IU9SFyp%qO zq3&gPVL9Eh%94Sf7%IAKIE%BMXB1JOPHqnZ$2m0&1F7uyTT!bC`aWOLQLp;Km_16U z$yRd;mz0DH@!pIww20)HBwRsYG9NWAEUS-Sc8>`d*3nS(e+*37B{hf^8pv@6ACqT# zTCK8g&{$!lFr-V|Yq z{p_QJA2+%0n#U^u`rD}tfgO?KSyqdU$FsZ!N=*9W{RA~`*M_1QyC-_I&i2D@t{GIB zvu$pzOq!+4^hF|n=c_xIk@zB%{F%*npMBpiC^qr8eE@9t7B~XV9|RwI7ywU2&YZ70 zG$9vf)5A`#_RS=O?w|OCn5jr^_Y!f8^(0Q;k|1`#BWIoVxz(wH#+iWN4#K58x-H`A zB1iyT`jPbO?EZg$s0)<2%`R{WhP-j9MF<9FoyTkTO-P3NLZP5+Fo?*mt|A5|(B#8h~T!oRg#rD!Bj&cMG8R+K`#Vt6WT>a#p>LWD$<8DF4YOU4L$AQ1F< za6SWGJ>HOS_g(rTozDKy`f0-8Zaa4L@je;Gn;+KCXmOIg4erU^ZfCXaH`!YL2;v6% zAZ#lV&NASEJy(fgn^r-jA+WrBF&l$%?6^jI8?NJqzHIm`X9*=v`(k7q71;I3CU9IC zx5}3IKt&%=t-)*m*U96}8We$NHmutZ8#Q41%ZWWOxcPNa77M{_5iHe9Kh}d*0ucauMj1+WY0+i~h ze#WOCy4r$JmG6E7;GP4=YGGh1qx!&zvRek9$Jn%^#GN`GF9pK0NA+@a!}3$;vX`$K zOMLsSh;I3DU;@s)K<|bzQ0;B?pIwe4?CEmA`fPE);-0?P$owm&1MZt_@4h!;{|W2P zt)YNQMDe(GP7RaYb=V_!llID#dGco1KIZ zn3ZXhCC0HjZ!m#-2B>beZnz-48%i_DlKvt_?v}#&k-m9?jjGU&ipK&i*{|Q~g=oX= zeIX#yH>l;PlEn&slgV!p0)PPs*o|TIEI?Fvo-tbI1@apxr$D(5;)K4w>$gIq$;jka-QP zMyZLU;|@8$iu?ZT$k?M{%G=RXL@D@Vb{mXCLaacFhKR$31&d2<5dovRWwgG)vcJ;l zq_@<}(^*g5{udPX$dJDWLo7x!ZsqBi9*Wu6z*y@L=+Q1KOCs~zggz#(@) zll9vL3NOv(+XU{@t4EiT4dZP@FwjiO*8hk0J!YC~;%}!wz0dj!@0-(toQPCN++cRU{n>NU8NoHm=3QZCX zxQVi^W-uzT54?g|s);q+YFJbXh#PvynRPs6TNH!7gfvo(S%Gjx@C#fZ=;^gaf_JE8 z?;&pU3tQ0mT|I5*8)5Gmn`e)Ekad3SG&jOK$zfzL2b0d<3T(>RqdwGQToU+Wvmie1*Wh@=?<}t}U^%(&iNs)L*e}MBxKAa!EQw7BvD6D$q*hkELu%`ce|K!X z@vB?UUDdQ#^;NELA@O*qKH*JXTLfU4d`aB-`*C~BkIPp3 zb|W#QR`U(sPSBt?2;|wPE2R8ovJzl9%{QPRpA|7Ddvx|~>%bH3+k`!XKZ=i+g{%H1 zy0Hb{)Egzb<)%`tCRDeZ(n=sZN~{Pr+mHC5Ucezva?&8cLLxD04n=QEQu4QF`WF`S zAB3hKVn^IQH_e#bSh(qoHxyyJ6Gu46EW(iuHhXIW04u!(W};P^m+WQ~U*<0`i?Nua z9%&X}CByStCAt3Jg5kL)_d^hywB9!CpK~x(z22f}v%B2j%q4jnFGX4dCZGFDwL#&E zBebPwxx`;UzBrAEB=Ys@_A=$Usux}&)Lgh}LFJFsw;$l@2SOtsT0pyr{5q)SHHa>8 z=h6!TkVpe5|S0}0#-w=-=H zgLzxN%Dxv6SZVFo9D6J5O!@P-pwztWy0DzDV<|TL+-ut^6&&|fli9-l z5AJ{#SRe)T?zqW&y04|NGJQ>%sl#Xg@SpN{YiZwpFNKd)f{y8bKleTByhP}_9AV5j zaAJHrvETT2bkOT05nt1TZ`^GxMQn1|O%eE9rPVDS?e9ZPfAgKY^9{K(;{D=LLJP1^ z_OvEs)bJ%M?^Y_C6PbI-vEen;KC3va#)gS>*Pc;TxTSoO5I2LHidd19vp$^p{i8e1 zFlsbFXm`ciO$I4EqlrWovIegkeGhw*b%Wgs)}uA+YH(-fUh^NJ?vc=}Z2{uxVjUf` z2isO=xSFNc9)Yi*X5#IXG^SpyUbO2zU*h@nh&7-ihPIpuR3B_58s{@`&*?|jc_Tpl zZ-YnnsD7)y?UR}xH;50tOt}@Hf;P^;SIkR>bOeiHh7h!669xm0d+QYQL1boOo52-j z5JaDhlZb@laXj@E{4Sto3yP*v+NWnSLm{Pn#*OqO!$3+8@}Co?S5)JT9pZg+KW_i1 zvkd|_5m^E>r_%Q1mSB9z59a=qPlW{SB^*^#hQ=A0#0ga@7&E{kyrS(80IXYF(ebgO zUDAVL!h-WI3Y*Mo6!wa4C9?du7!4*y&xP2AYgeljqICPsiO|Y&aDHxi+rn>I?%s-^SFK#+DZ)-@3-}OwQ6oD!s@uW8F>9GSDnSNm!&# zpi~qK%oAh-MPGOwj@$_Q%8%1m2CS;C1h9Lbq)@j=B>IXi1_sGpL;I@w3Kj5q$W0?B z*-yI(J*AS9l@voqPZ5BbwhWb1!2CR_qHYgBiix4YMLdJ4;{XfO`IUhd7JnqWn4k&r z;-P7a_2{IN7b<{V6{w~)G0wNEri`sN0QnkYbbv_S-f!*f+C8m{|KS0Fl#fE@4=Ir~ zc8b^?il&lh)JuU5{mW~lmX8xDB=JQmxb}=(+lOh{S_4cS4GaiPDm`OkuQ9V%_)g~O zTX=+L8VT3%?W`6Ok9g%7`s@3eUYptza>G}WhP>}f;u1xj%V$~7GvP#0L<@6TjxR5( z66R{C|B#>E+M~gS8f#Ar$mz1hF*2NW)R^&CPyp%Usb=H$hggUITVzmR$0u91>janI zQT*j#>BeJ>qJe7Auexq=oKFe)f~zl|9dRk9 z4!VodvvtPh9?-rs=tY;Nv6{s%OkmOoW=si=_Jp;KEQOweAS}5fL>m;A^@_v2^Kvoj zjQ&=R@oQ|zo-zzW&3zHoqiuf>#+pt`AORYjZ#I0u5+y&x@Pad6G~_FOeTBpNcoGy- zib+lFSbdAQZHWim55d%sdjGjo(K%o7eq^MIZa$|9sL!5y52$}?r37%VxP)B5WDSOz zIcLDXY~q5Uam(BT#BE^P{}`0Ox45mkROfe$CP|bQIaKHFy@->*H&W{)Da;69ro**9 zy~I&heJDXD#}xnGXX1|l{7lV!F*q2E0>v?W^ig{VwXP|SheyxbM}7raelK{?&g9}a zl$;t17~m?y)%Y+ve^1xc%#P8a&;Q)OG0SyMvK~;swu|3m8b9T3rHc7YLv{&S4sHO1 zD2K_@rW|9mRN4)+KT>_TpxY)j#y(c_*DFYDR_=^8XTyA9!-B#66|OcG5#lJd*Jz>} zLsfAc5r)R(!kO_fGzg^eIvnCkTH#7in73+qgL|2E1FMRbZ*z}`g29C2D;V8?P)}h|r#VGJ0qP70YP0+rtD?Tjr=rcGon=Z$)ItO1h#Fon4LOLE;sI zK~2JXM1ah+%_sOYRQo)bKFBQLN0F@ao{%J-Mjze z6Ne$x6MY0Y(n1#D{|y4MTXC+>+atUw&4|#9G|uDmpaR=G6eU*%&X;btc4V7HH?wgrX58{Nm9=YY;=z3Ga~g7 z1BynnSD-EmuyEGLo;HlcC!C4of`u2Dmb&&Q7NWGsG_dRE(dL$(bMrPKi+c0g$xFZ! zw?PP3+!~}+iBNJ*26!;NQ<*h~(gRuWHt4xGv+aK59V3By=M(gw#2}B+qCtKQABv6| zaC8aif{;AUhWBT{LNuf@U({sgfYTAKxQf>eWXG5!{oS?nbXHzvzyOQGdDo4wPAxBg zqpg{mUoKBc^oveD?~RmR*_MzPGR4KmZlXaQ$JTsKN%iHAo6BZ=aI|{RGEM4=;IC`3 zjLYtFy@m4`o=Q9VNEUOo3agI3t2_+z3f`7p@6BjE#2^2%lW&$i4m;DDKtv1(F@%EL zNB+}?l55Zx4HIQItA~T*?0L8bF;SJQF&&cQ23`5Z}c9CqY!K?gSZ>nDDtU9aLkhM zAh4X0@Xmu(siT9qY-x4`kDa!2*q_I9IF;^#B*?QH-QbWN!O7Md5!XN(!JC!pJKJLu zE}z49s(M7k_8#I$x%jcH~XcJ&HgMoxqEA;i6lVq_;e z7}6)Y{s3j^tn+al@4Ehg@QcdtMuABe?F){O3o}=d-4w&D$Tkrj$

Q9f2s_9F{h(T0w&afEE_tS9ln&^^XOwTalRj7%oAV2`;rwvlNt@ zDUdjBqO1|{wvTGyd_(qjz_{@vpz6|CPU<;1RBZ20RhwqJLnl6hhIrxP2!#3x-5-E1 zjjrc(FnqMM)?1##T6Bx+W-2N~yQk!%0+FM0o3V7N#<&i<#j4tW_ z%Bw79#X&Fs;OXe*ZSV{(PfT=Wn!T5{nnxjp(e}C(I!bJ;EXhF&P769qiuL{8j~poY zklnc6v~ZD66GVfKP}r(I2F;Kwp~;hJ%hyrO1Mu8a+Q6- z;LVqE2=g^r%u#s*m3G$-hk|*R@4Ps7hryaZgVuLa# zt895nhk14?#rC2^gcC!g3dv`UQjKDy1V&mJ4Q7NPN}|qxA&wa{O<=ydR`^e-`--o) zh6*;ygu7Qvsp_?wgf_~IYpnbog6zrd^-?|@)Slel)nGF1@Qo<2V@itSd`EjjL#i}` z6Xq3?Dlwc}^aVS_cVE&)g4IVh?cy6ctf}ypw^=y&(QIGHl)RD0PM4S3$57T()A@Qu zz%_B`RIpkY%WFOsJC;~CWst5{JFy?4f zDe3D6g+iL&b`q`h%T1n~fAULs)Z|0=m%I+t2$t20_19?VvKe81#`FKA(G4O~?kPUK zR&%6uhuWKW1y`*s>zYUFP7mMkWaduS^aC@_FSlL^9d*=iCjM79cA<4tui*c~b5M6r!#oY_YXpwR z%CoI+sOs16vO4DEKQn9ZswWbDrHN}G7oj-SD|v223V4pj%xq9ZkKMv>;{K3$IU0aw(`Amw;WBFgi1M6h(`fgbAXuJqPOLGEoL7(;Q;G5( zF`K=mMe=3TQG^vTk5eUjmY?SL&W6$`VP+6V8M>Rmz>>&CVo3JySw8l5T+QCG>`Ta+ zyet?tRT0#41ew=jdV8JaoTkD1JfOQCzfJKRe@xV?@eI5&(A-G9ex;sy`T%K7peuYg zUvhFso*b}TO9^RLj`I(fUc*f9e_k8F--0*`ldViF*AQZ?7+>ch|7uqZ0d zQ2rwg4vJMpm_VWOK>hUKTnnKC1UyA31O;*^>hkA-UHf-iEJ2YgS~4BR)%)VTcc*sf zy>`bEAu~`H%jDF1+NEd-(jzyvj6o($knU!)V#)38DurB(+!s*h>EWWhnk4{ooOWwvVn4%mDy&FjyCJ z@O6-gpeIwCLI%jcdmmsq6ZmVZBBrc{^{(EqyDKq@!E*fy(xfZKz5VI!i0I7I9{IK#g$~SMAMHgcq|KU@lR4&97nHELTj3C3hanh6!VgJ=%uDg_IH!5Lb9T6>{LVkWwU%>>OW-NISe8t zpm}RIHTEhAE`I&v0`yIu#Q#Sn-G}9S2VsaM2ceHbaB1Q z;TC*ICltC8Lw)|q8e=0oZ$O!Qi6 z2L74tY|kyH05B!J*~DE9Uwgn z^aIZ>F*O`(Za^ntH?~grFG;m7v@-8@y3NllA7YYkAZ;ie9n3mb&v*m6g23@!La@!` zEno@w6jaUi7DC;_GKzZCQsIeE@VOmV41W2VGmC%Z7o9E$?v@_3vio**#(ci-of(Dr2Nf0B8RF zUc_s$sb@P$_^Lp<-hWP*Qd8~=Gx^ufTi?AgKcB`4v?xlJWzn_`5)dU)ManyD4hTat zU4l;1^7hcqG%-){5tef)z~1-fY%c=iptzFR2Kho|30Sv);#a-(L;XK>%*yNrGn_&6 z$$6XR^F!>Q`v(2La3pkP%Kvfa+9b{{^qy@YMBM@SRX(QWQTU_iN)D-#@{B}}nv7{U z7M2x7R~U-04P4oGGPD-q6c8zBk=p>X(EO|W{8m@`&5>&a{UKZG5xL|Mb^o_O{qbxt+&w|n zF=6cMAL=Fb?%TiB8h|OEE3_=*(BPy z`1ym(F2kaFx{{J)o2!*58>a4MtV$QqX6xS>{O`3s2}4s49q%c6GrYzz?J+=tosBZ2gzo?pkq2+k4h@4TTPz-XGyWdg=3}-I4~wodBTY zzX(jb-SRQav(F=#?X)S%_x=$vt#H?+$>=qOt{AxuYbTCVKn1PL2ayuzs#G+g+yaoe zBirIoqEzwz0;3(GLwbv*QYRKfv;Wf{^r0E^H!8eYnZ;2GfP|PZhdk3R&Fg^jqUsV9 zw8yobRIjzVFs{g+PZbzAY}$z92jw3|iO`56BfxFNo&9t3HxID%i?dr=mWo85nD26GM$eCwMZKPOE>qZcEI&t1?^U6rQnN$)S61Rt6|Bv_)8tu83n!{eV3Zx9xUyV#Ui0E5 zW42dG?>g-OT9C93@)4_DGzXUcl3zVQOy97g9B2#q>W)=_SL?HZ11~G9IL2E|V)=LI zhSuR*wk3O{XEj=3;bCZ*x&!ZhInh!}0k-5;sCT5iEzXZ(>$G^zTO+nNbB#v zzf2$+lP124nu)!-@=&7uu$fU&;`UY=PFr_ zJq!7f`bJnyFISC0KzNJbV7g(jBf7z1Qj7bze)+S_McF+OfyXAAtdOUZ@9+M|qmz@c z@L}oB(Yi3vk_d`E7^ypxN?&{Rhs);7M&>%sgS`(pw{+t?X>sM9kEnrGh7vSbXY8G% zPX^ys@nfdS68-=*M&S>t-AiIGq^cjXAIne9C00FVJAAg6C)z1p@ev5qH+>^+hXUV9u06Vn%pEcsHSVZ~|J(l7zg&7y$p@Q-Eq$2qb$-SB0eaqgymtiI25jT>p zph^v#3-Sz#v>*X}vA(oM21zkZ{HN}1JlUn;dQP%}=zcAJ4=w)D_M$b{owx>u( zg5)b|D(#3T$ZYa|`ilp3X$R=(wC?|yN&jCSl3^B7!qNI3Gh(6o3P{B2DI}&b$d5_} z;$1JxBQd5#)>8T-6dmI z_mC)1&~%GB#FS^pRlsomf}2Wv<}3Fg%>71o@B+v-ObU@haNht|v|UkuKl0@H+#SnU zs6{dxy~RE{px#9-YE&voB$g;4?5sL;j!u2-eh?x^5G)%7Z6nujQIq0t$d5cjWrN%f zZJ=e#tr#V?tHi;tf?Khx1BXjev2MEHCSxF6>Q6kRG}hKO(v|@+A8BayL!Z}4EDB*j zAPZ&rbm@=J_#w;Okf~njIAHkf>e6S9tsp-4&J0_9iOZ^*^ZW6c<*FVlmj)6({Rk-B z4pxo*hh=s%;%?bhT#IUil`!1cibxCP(Sk+G++4N(@6lD&HSL94@Ix7bqyqg_%SdmP0eWoUbXkIDyjacNnr)c_Nj#?ay2p3fWPFrQY#KnL+*i}8SjIQ)D#68#+IghQ6Zs+GzPY2CR&+n+$}8)B z9!D^Z)%_EZLEbox(dSJ<_6*~ZZ*U4mp;<;!-N-xID2_cm5=d_UeANe?xH~x*J5&7k z{!U4osmBC9r#q>~im>UjO2wiuS`A)%so8(?1B7u#u3L`hmar9XAJ2uV;^=PYnR4P5 z)9r7)m4?1VEP(*u1n{G?3L&MMl=}CO9Kajy7-F_PBIbVr1hluI<1}9w)V7) zC?PqU3%S9nYC+NLeFQR?65tfZCMc?a>@$gPen3QJIYX#@KoFvEwX|h1dczZF(zCAs z7#BBO%q&NDMqFhB39D>LbL+5ZGUgdymDXku@>TI(frzrF2WRW6$5YQ(N>$CH+7NBI-sZtW!sS&j^NW$ae;XcjF~A@8HHdkk}CRUc2h&3{FtWA z?-GI5I41%AmG>JW$&u*Yvo06VR-xxxS0j{mnu6$_zvnHf_nvU3ZmO?1xEKMP96+l5 zuCNp^f=z8v_>yA)C;vkm<{KJkDir~MQ6;0jG_Q_f5Ok;x3()i$?r70yCY9_|RD%qHZ%Fslrn ze~6aY|Mnpj^^C%iMoz#&5=A?bkJ}0H3`E!7Ra7q7ZUzT3)`U2GnF>Ua3z0Se+vtIFWO(jyv zTsS5{F#Hws)n*MA@Ve?pLHRu$I)9~ts~KDCd*B(rKJrKi8HQDQzjIy8w-F(JrF`h4 z*UUb5%IaCU@4jew`GS}Dasls8{aXjv$C_23sMvD7e5NGVt2cIt2;AxX*a;6Z_{UnC zPkZzq%a2)DJxIjA#pw3COAIu;dOKk(VJoj8#EgA(qh!b@xW9si zAy3zq-xh+qf?8?4kj@T`W9h)vh+kYaM0~nut3()dYF_nK+N}aSEtQ6qXY>+DdWq&; zE`9;Ne%Gm{1^$3V-6@4Db^#Ci-9AMz{FTK+N2j*q|5&;Tpf8{FL;ic4{)K(J!P z3GQB;;ts*3Kyi0>EfgqLthl>Fad+p1?|(DQWFRnPlD&7&p0j)QLm7L2TX8HkRw7fb z)KnWinw9b3x%UU4N@;g*xV(~YXYb56+i{hDTw9dHO#q9+3UQIPPq4=N&fmma#k=y+ zV8qiurkrQZeM&rvM*o7l(%GHK02E7j5)nqf5#-%r-IWLNY``Z#U)N)o)z~#+kmZjc z&+#Zuz!i^4ypVkR<#+#JtP1);Y$(j9*xx!HLGtA!C;a4s;ClvamF728B8oRe z>Z0r+P@B-MAEd?f;|E%hvVZ>lumu;!Pd;qdSAr<{ST24xFGmZ&;8|A?%_MZk7=vi! zkk2^iq_9X$2oFHyF}ucW>#jWZe*Z6LTYGbLWVjzJo+hKguzL#NQInk<6(m8=rVYNr z&BIjn=6O_Ak}|NwLH%*TWDL~)J1`c}Cgs-T2tw3kc zI-%(Z+{+Ll*R1$eEtDP_sytbcDpfILp)3=tb1w5;LT=Jrew@$Ij|uzyj|G(2A!)N3 zwD5ds&GpzlNRc(_coHcB!}+6vkw0_A5h9_>!u1c zDI;w`u{G1L$vpd4>@5LSu3?m)6=~0JZr0V%Ll{4@q-wg2^j$+ODt{0N@IohkL&e)C zka9ol-1jU7&I3pJ6!Pf!>@`9Zn2B=`Yj2?%f&NKpYYgac*k&N8s~9LKL1n~Qg8(Rt zinA6={QwRPGuk|mdCzAf|EU)_CPHxy66Y_0|7L^*7Lq73_Xl93)YVTmLk)Ch0JE)} zg}eD&{oWH}xT?1Jqp}fHrQ#r3+crb05e|eI$7~Ib(o~$IFbU}a28vn*tquFC+dG|7 z5%;ZM?b(_K%iy+O`}|)#paM+sQ#>1TAoQMhWmcoh-bMk{(wsh-dT!hK%72VY&GK64 ze?wKPA{>u^ATkkAS|Ib^@h`5)bp%vyW&!0}ePoB`gteUOVSMfy@J? z(U=xu8sXF>I zKc4&zgpdtwe)lpsbnVH0S!N(Z#1V^S@U<*EFSIS<-G20Wj6oDNS;kzB%0hB0I3H~c zs|m!zsr3~k7ndH334wG1BhdQhG1Z?KW{l3~?VAkfv~;yj$f0JL>8;w(RgxQ~2iLTXhk?t_dhQuRbq&4zkh&p&4z{aq`+T0outN|!ZG1i@x zdpKh7wnvA2oO4JNl>i*M(|*5-Cu4XshE!)xLh8FuQ}aoZges}98}m9ADw~XqxZfkr z2(@&u(e>kQMBn=j$D0sXSn5n97iw_?Da$Aa_4~|~el0_uNw!N_T8sQ&2=EF#$`z`n zWhR_Q>RuBu)|TuBS>lW+McBA!&QgIwrEI7k4woawc~d{cRv1b1Q_-D-2Vl)MYM5$@ zhT(jt>{h`T(nJg#6+eOp{G|+l=T_}fTG1d?ZguHGk$&FSH;Rw|sH(RO{+uAHx7|14 zhtXwXvHUV)F+(7C&x0vTr&6^cl|&M(tib^cFr%|W>4R(~Fw&F>Oq$U^6(H2^OvGg0 zYw-u)a)6a~JwEGAsuOo{G6RQ*Dh!l=1S)2xcbNnpL5se60euxZYnxouO!OosN+cmv zXUZc(Q#_k(I0~~zkg&AbNew8XWgt` z6s2~eVhpW7q#$dx4+J3wbrj9(Vq+Zbwfl2i%$gOU$EfbjPr`P~<3*G4?UC?_6w*X8 z&+ZJPg>+wo#UGhU_92}y=2!Gj9Y-kk^E5f7;t>Mdg#6aVX@T#sV6~tM;CP&mg#u@}@wrjIL>}FOMTV4<7)oS67{vI6!H?rk104gcpba`!nt3qsQ>>mIhMoRJsHw zd)hZr-^Fd;{HwAhPssQe_N%07nT%XD{sw61Nbt!39#4O(L#wIkYKe?AW?K~&o0g%1 zFr{yfVh&!YcDCWiR^7}q&*BCL2~1GY4;jjt6YF*0}0{PxMt(?E*fDk zna38h*YlM;uz6NNOiN{}Tky2(@qB!sc9EOex}CxQI|1=?LwrP=_USv_KQjD9AP8Iyi%Ay^%W#_u_zH`jK;D)I;F zk=wo&O*mIo`Iwlt4w`0qLZB?(&tDGIvDyFm5))e!xp2F7`{q~lFi|l!5gV2*$wmqf z14y`Sk^^oea`NQ)$fdn zO>?q^ST#WM4Mi;i+hUuqK0e3zf753;5Pssuw$0V#`r-`3PE~b4_9HUmpfHkeFvL^= zSOBy37lNZ{wLh|N1TO8u>8Q!WjZ>B55N^J?^$-8VV2>6y8>h01fhCt7mFky7yB`b` zk)T%}6Qipi=}MwZ#OH*p&$AZBMB?TMi9v=oVOVnGdX!PU;?9BJDkeqNf{6!*f*~~5 z?^)6fox-FDWp?Qe9c#Ux%{y?Xf2Yk=CdM)E4&JzP%NiWo-jE&Xe)OS1mHuVIKO(R6 zEPm1kA9g(E?_g>r^lW!@q6m=lpI}@AdWf<|W5q!qdlAY6i zMZ*vaK8o}Isk5-ES)jFDh1p74-!qi9cp4qaXr-yx)O;Cx`M@%if7|>S4yAFh9`Sgt zTh02#z6kJ5WAPBefg>=voc|%V)Nm|x2wJ44wD&8n`0a7&>ZKWgm5h!PeOvcjP$c#T zNlx_R7ej=-;M1Uc=0ZP=0reQ=tC=ZPjtbE@^evt4NA(QH@g>QALdwHiVZ1u+laj9w z?Qaa~RT@i-h@7pgOHIU1W`Cg%xX$ua9Gl#>IDW${}z%*F(rwxSsX~q?16&zNC8q% zEmN?zOco6_kWrDr_G2bl!8{KP;TCi?G|q#U2q6V{C{&vP#&Qe>C>=2{|5p3IuCb+{ zI_J@=m|tUxXQv@cuNYrJhbXdC^e9>=Wy>Cp93SM4=q2w~En3ys*OvXPJy)?*l2Gk3 zhl|CTiWUJ*WN23O1I0Db*1IJoB6Z;JMRSR={0t~A?)`-f(Wox?uTnOP0nv5T{r0-E z)39vMK6EhcNioBDNV%LLFGkAcVkqR5MS-AWO2kDgIR3koM7fU$*P9NOjKs^6QX5Od~SD-w~UnV zD$pSLtg;SwV%>r+T0@7$!xyrGrTLwzeUzV4VB_jE(pOxPiw^p5%!6n?(LkdweX#s{&w|UdxdZjtvBX1T@uj!^D^*x(Gou0mu)AgfddU4xFPWtfljY!g z)!{N>@GOA=NiRA;>K@3~(#0A|geANG#tV|u6ewx=J==K;{I6x|i6+gg{@T3p*1SD^-ATHr zP+;^2fOy9Yx%^{qtZWdpZBXpDE29G_*aQKnXe+2S6_Y392mu=>qvB1p@mz^|U_r;a z)8OXm*TSBo*??A(rAn_ua>Cq{LP{(=7#7Tr9}}y&+!f#6X4S>R#d#SIxXRt z<^yabvbHy=>*3!v-~AnQUjZ zvf6H1$&MHE$eOWtiCKKA0ESsRjG~=|M_V3R>A3JZ0gLFer?K*If!X6}+#^ycMtL`PAWm5(xp<#xc57BhHsckh zBM5;zCfFB8dj;EBCphJQ0QccuLPhf)W$wuHEe)DDM(&2RNe&)lLGv;#d}xf1%7zQ) zvVa9IWNC!IIg|{?L65Mc<4Nn!hSktGA&*dXJCIKw_wL563AhGOwz4R}R8qqgTE*py z4~(9jIR_I5*ae}BwB$2prhmg7%^HJWIC-k$>~bW^tAVivk=uEQbUMhlpR(sXilE z+l<1IwSdo&q_|?hkpv(jnud6JrMmpm4rD}Rq0X+TugL#7a5f?{rW~}~&mfn$ z?byNNJ#Z4+zX zF+LD?pjGu-?i_Q;oKAA9ut~LRXI0a0;J56)nFO_vntPK5-~JI5DH@bc-6MGw-LlVM zx7vc9LdV#RfgjdB8ald|vvy$$mX8(sU*`?|eMz3<+%`i9wq|SmTuFMzAvQfJozLbz z=Rp*xB0?vP)920pPtCua-15vJG6PE6f1~u?|7*RxE$vHi+aTm*?U6G}zCrO5pV5W3 z3K?>vgX(DlQnaQVggazmr|m@a8{K3;^K`Zo%vW(wjHc&@KtuWX7_n^bWiWsA=C^y^E`c)fZy*ux4nSy3-*v4fKXLiOZ`76Zhs3 zwiTyG)Mr(NfVZ57&rpJ23L7#I=x5Ql5LQxD>|HCZxjvRNGef)|O&LvcF6n(uRboph zW%|C7MNO%(@N5qu)y96W#}`0Pvqh#Rt4w^A(1@(tjFXvUz{~fYm|pSv!Y6uh+YnM!3fbegpqHNSK!kP(j99rqjAf_%5| zEFM44YOcK+bLy^Egi(~|S&(3rXo@MReiCX^q7NBJS16g^p07rDqs700!8L896#A?q zMQ7Nsmc#vV1-D`^oXH+L!%p@qec$z?Tw{SJGHq`5IY+lJNd(rTiSMG~H%0iTTH=gZ+l<$bfS*diF*ULe?sfeIh4^q<#;>hFeqeY<=VYug)u; zdsz#$#xNEZ7PV%7u`Bg{VM~*H(vaVGA#Ba4DfRt6^K~%IF^;`0D}yu=EGXRmp?JlF z+(AcS>%-x-J`dmC|KhIW?)OEw^e5<8pB?Ht>)G;^@H-=+Pd4PMS9K)hekBl$yex7| z?FMMe+DUE0{%?TAeOU4U#y5~Kv9VrE%>^q{T$i2Y15@|099U6ALJM)lt4?v8c8@EX z)?5Lw;M6%$h44kj%rQnMGWKz4n@(a9CMZUVF=Yr-QGg)@(76DRuM9nc(T{?%WMC#S zGa6J=9%LebZ6s*wkVdmr&L~6La$@UHD(>UqefbDVMwJARu`#Gq$i40Odf)|qs{h*>z}#S9Styb~ zId*lzJfTB$e;#1}&-tz>JLVk2;7@;!+%z}m0F;9QT2o2;2s{*B(Ob9msAH%@6m(2s z&<9)%h!ZSzekyj2{+ZO<-CzmLjTC99)T+5_iA4LWRcVo)&RdMM`tZWCV5 z22>!2H8_~o%rP;eN&OxXPwP@gr4Za-{|#s5#8OMaHMe5q&?T`Y>#Pt!{2TCj>r5nE zLcec_FuHCIF+Y`<6S-Y=1>tTOj}j1Y=KuC|zy9{*zrCB`z}var;zZ4BzY@Owyvx_J z0Y*9h5$gjxKTm8hopHCAXVoZ7J$OIi{{spQdv^NsqkyHi6D6--a-QR7eskCk9e zl2hYe2RmgJrftFIZevDC+9(wT5dj(YZ9qta0jem9&eDq@sL{~yVvFRbi zEiGSY-*v=p{edizFqG`rASO6@ZY^kWjW(S`?RbqakkF8gkQ5Fy>eYZ!{0YSTu5o+O zN|f=ZF0#?!Rb$ESZ~wU%{34ioW{sXk1;8KY#^Ec3ZE;Z{cQ4xP`l2nZPx=~#xHz`g zvTHC~a`+g%^V>lMzYGT-So*d8o#DAP!J!Be(C;GCKj-~}m^B>C`sR+U|Mi~DKoym? zNaNTG&_);$>}P>-)|);6_5Y>|QaYi4cz%?D*`xW zJs=is?mQAB85{M#S&U@)f7^O;QcIeIrxa6gY|Go&@-W1l^7{5<=tK_SU2tG>wHjX zKQ?Fk<2tXOLb5|{1sSRa|MvUo&Fhx%4$tpkefTs3%-VG6QR47rlO6JVzh*lhiaELL zT2b|;QAsM~1xlttS(zao$sTa~N&|Jp?cfD*b5$v49!n=Cg*}Im0E9y5k|MH!h^9G6 zb697mrG4T%3notkB5GI`J5oV#`s}@RU)x#Ttbpd_3(?+v@ zjd`L8J{0p#7lHF%jCm`7GN|IJNhrlIyB?Jx0YuGogH_;I@`2$Tf1Vr{MyTq(Vt8#ymHSW zu69A!P%1D(#zd0NsGUW1dCFm3qm5FC(CCWDSd@7ern;l0ybmCgLJxvo!u^?+L(^EJMSB7A5{=DMxYXhQ5qa!*~JXF-3-PrQ)t<0^;Z-TyMrwzG|l z>*KlV*6Wz$80u;!Be4BY>o48mpit5aQ7N8tY{2k>KY))=((t~yAb}2n=z+|JzaEAKaja_FE808{!N(r(FRUpjKV`U(B=D$+}%VC@u7{0!mcE8`kY zyhnFAv-4h8%eYIR)Du6p$Lqu1w&?4&sN4OWlIM_`a&n%u@Oc-^MJQi8RVVvNpW9xR z`_|d(>DhT6hA$$sX7vc#H;no|xOb7G4A7YpDIObW4OWs$LbP#f2qM2IJEuVrjg1<~td&|o&w zp45*Y4$WhC;{fjikL7@*y3$oSkihkEcwc5xz%A>H!q zIy&HIA3tu`ZO5;vp1uAaSr`$M!N{!V7n(WdUHf|#vTL&@L^-BLM;!9Ym8J~KNXF#Q z?B*J5bCIXK4#*W)4Ai5uH<$aH(CCr{t5t>*2xzBRw?_X$3@i7QhhxAwO?{RcRtm2- z^L$+Y+R9uuM@y4%4&#{E@I&89)fWy~F)h{Bq00@pCtkd0XY{wnnm6L7@cgcWlAM?X zB@rS7au3SL{H|h!49Az7`E7#EdpN(#gdC$!+`C)tJE1;x#^p`?AI)&8 zQP69I(b2%UDgawZpQQ}^M6>`@G%wC6l;1a)vbk3?-sK3!ELEWf)cG{2B}WG9K4T%A33A3qI`xU$r$MMtTt$e#w>7bCzB{O z+&-eQuw0TC(#ZhDc)Jo7;JKso%v8=~HXU+CNzY%8HX`c~hrF4d`9zE+xrzf^0OAVM zrTRev@>y;X+lsO9wuS?mJ~JEcnkqCo^Jw=n+5&&96%*i6b=8C}&MTQxD=%n$O}snx zo&tWNV1jE!lu0Mf90|V?ddw6bu2)SV@nD^p z4blD&7qP*7qRyh!pcot|Qdd7i&+xmj^;z6qK`7f#Eek-cZ>&AM;Wm;hY0!houd!~xyozA-vwiire`*3pZB}qMZ zez=c%lVHV&JX&3~NsC`DsbH~lc_N%NjNJV~7m~akx7kpDbE&od~jJX;YrO?!Kg0pWs;T;(nF}m35 za}pV%k%@|_*RC96FaYfa8zT@u>l$!i&^6ywj!i_U77IOU%RNZOeDAiab#~9i+(+X zmlj{-#XUxP1&~K24;12C*O$pB&Fa7dEVb&Wq>g#4^k{nLRsm8Vz$f@SA~3fvnoVG; zpw+I|BU3pydp`vu9eeh`r)j%czF3qC;0o8Rhf#-3o}+*$9eK@65)k|Yw&zO~raZ;x zh*WP(cEa&Qc$0z=7bJcYEm1&(fY9GN4aaHX98OHSh9jX9Jh3)vfFgZ<2RR`bWc$r1 z@Vot4ay%~%GTqkmdFz66h#;Igh{YXpUBki^watlk#i^*6&+#E;&lz-L^ zyn8=?kfYOZKP~z)P1Z5y@u?p{%)I%sqg_`HE2+J)hF4)Z+k|3a{K9?F**NSTYD@&+M>_*Nk2YxnMGzGmR@=IH$l z_?$ZD{4piJB5c1*s_A|2$vD!|sxyHzxGC4%1l4$f&L37*NHuBk`NaWYMdjsQDF2JSzie(nZJic>n))>h$-z(F>RDGMFI3kI#OO(gqVK+ zFlUV6Eoc!Z5{&IHzLjJqXH0kwzRD)${(=S2F9S6s3d>bk;)1~Iu8nviHtDH4S<#9W z)Fb=upW!6rsfvNvNC9vgTI(8oaQcH`BdTAPFAOm zWHz!tvxJ}zL-wEot4&A5iKr1z{=lv_!OnsOX~2Pv6>}1WNuH8QsW(%4d{6){G8ssd z51$`e>*l@z4A*g{yAeC>%$HlG>Ky+AQ4;z0hmx;dKz)3lT#4zV4!qHqM0EtQ!$=-< z-vTjxnmvd$mjvprVou%_mp;4LBX-Ws>B3Y=-g!C`!_jgQ&b1j;9|;`5MizI!OVYIV z0S!e*Xdv&6iuy_l!GmG*?B9y3pB@!_Skx}?qxji?jOYUL&Ri)7rUs4ziad~N=WvH}U=D6gim zsB6^XsapmOir~#^;mWqfxtP9I5bcWd??(?g!Qh#_ka6N-NLy8Iq!_)G4#x)_{G&A0 zlh5H8Gj;~tcd&9t?lQzttnwKo>;X2&EH}DkIPp6x(t56d(O>I&!%iuThsx8+BeeUP zk6_8n2|d7_QYn5$Dk`TzKo222{ax{U;d^B_XDQ31g z`eSj@8C6B4UJYW@KKJm+Ff|qX%JYmRbV!VP9<8BFTI@RK<~&BaIZi_g$GXa16RGij zxf(d9*&*OAXjELyvAoV*ZYO*%}24UYrV*Q`D-G@^Nzi*KamzUp`I(aYKHIFjiZ=THQ zI`n0%UDJ(>jh$YdohLksEOiTuy^F?>?&j0#UUz3WnV)3jGrmRx)nn(WG!sV1lvid@ z(Bh&KOo7Jqfhg1kDkuq$IbP|6%2{GoNoKMl_S#So3QJ2(?}td;#fB<|X}Lgm=F~Z5 zFJkcCAB2g30w=d}dz>)-0x}#k3~4;P4>&89qQjQPLGgn@at6(RRK`7uTXe+yD4bBd zq-|hRRR6ipaY#XLOhLg|Mpy6(rG`N{ym(d&aK!e}!TaEdZ@`C%L?6)ysl0OAPT%jl z{R`~VoFe#(Oi;nZIArVaDr}!!maB8zDwF#sn|l3*pPRGapQ?N$-*N*pE@4|ubEDA8 z5v;08?f7AU6jKB7!J0q--Tc-kZ-Cy_h&Ej=3fY)_{;pe(D}}a5O94bsf$pv1!X~4~ zJ>wC>kZt)*q=<>Pbei{T5ZdU=Vcn7ntdpAY=imRDL26l>3-|^U<=Blrk-z#?rTWep4#$$}Ky1A1QhNWg% z(e|3F4GIXBY=NX`iolom1il90);Hg;v>3rdhEMn182w1}nE^P8{8SU*1)`^ZzK%eO zmwoBUz3J&`{_SY4^V%?BRA!CJuHDfLr-y$j+bhoFeREa1?vJeqWG<L=pAT`;YC7ZCK@@Kf}@A+fe>Kt~U3-?miLbP&Hi zy;dCK+j-z?EjyK)%W$9GC$i$M;5f>0I8LqDq?SCVY)s!3dfOwqUkhX zv?OuVI%%A>1XRQVPw{ibS7BWXTRJ(YjIw~C+r3t*Hzccpg3Q8zJoV7(!V{STeppI% zFfSwKE__DX5TiZ<;^w;ejXA}FMWE_j3qa5)2amwpTao-;f$P%+s%ieqMRCKg4cSz{)LE%c!(^TsQqXQ21DEZ3X#w%La+~w4uk! z5mEh0N;iY;F%YnCQRgSF^72xz#ISzBYZz4O2mdL(kPs=IduTk(&Pr!XBy{OeN=^wb zk_x?jJ*;^}_J5i8x6{zz-_s%c55qD6or2W+ojB_!ap*M;Bg6OcgH%xjmRYX&D|!@ zih@W=5Ypu0GNqFgQc7ArJscmiKrVPg$^2vYB*@hd5h8k@Pa)Of2051j31k)T*8J7g3l=>T@VPQ=1|Y+(IIW6hXNyiv$rO+OA2pP=P- zVY8UC{Q#qyQ&Xg$7Zc^Bt~}gK7D#(|@oU^BZk07U9bBwRbd(6N_W36T^pq0zf<=TH z#GQ>R9_o2oGmbyGhj)r-S7M{JaQu?{v(A2-czVqmvJsweltJR`D7nX; zA{!Wy`okA2xJS5F43vc#+d1d_njEaDIsq}PBCf-DNJwqYWJ0 zyC|)U9;(9Et=(VD3tPkKa;0z-#z$SL;|%+GGmD^$k6Ma$tpP?(XX&S3)=T~!+3D~_&WZ6pOAuAr8B-{TuS>N#vE?lQSOnMzr;h1*g52Q|K>NM_39r-?4~W@s&wJZ%&pB^6An`9Iy3O`|vzmrvzOO@? z9h}I19`6xYS3+>fH>N`D`Nhyy}8-t)Iwhn&5-Ci7}l>%-q*7ozB z{f3l|>mrr&Kg&)7WML%`oZD>)DbQlT3{UwdqCB2>kVV1&gCMIBXS>L8wrw+&wr8^R z8rHx+nAhLCwqz~Y@75hqB6-;c<5{~$R*D3Vrpj;-0_tT3l7TTn`fzd3Qrt4au#VvA zlgb=R+Z!a>UPFOhl^j?a`N+;ch_KuUf(zGd_zZY~YVc%{g}X+M8C3R7vBj~n!ighZ zdy=#mH;q{1{tNIRdfe~Q)cbMR&hv@Jhu|_~EF@NKi~+g9=GyEu3BlsqHg!Cd5MUB7 z1|>|FZIF((SPQuH7rZp|sz$O4^7B;=K{-VLzgFC}GZRkU=uB};b(N7WHLVm1?~fe& zF@2pxQDKuwJPtV}QR=?Qzm^MX>WiCPQ%3<3-(BYHhV9~_OFJK>VhUPy3emlj*aK$z zE#(C}u*pEmSs!D7IiC$mI_P=7o?Vm5fW^T1HN~QZTK>I=I*-wQN;x29nXqEt=Ah!f zEeit`_ET-7PMkZG%A=bwj{!h5Syeox>2p&cHOIP179%GNL&t|6O&Q5quEKsl@o+u0 zUTyK)w!?p5%%ebMHFG?LsZ#&4qCZRm$68TKldX)hPqIjF1gj)lBP?gkGRGCj!BEl` zWWoQ|go{fIu4jd-Z_ZZ6L@5$0B}MVfG%xNc-4)Up-h1 z+C9QbYr_%gvs~gIR)0v7BYlWuz@>OS56c)JkP4)Z;fGGqchf%iluIyy@KgM6&sR== zX;U^Hk7@?`zmrhsISoSu-j?A<4+y?i@|sH6y~!vmV{G4{Wm_!hKRleRC>V!Sd6k|y zd!Z!uT^9osol4_RFVexf^`vtDMW>HD+yB%J)*M1&8QF_uUAEW1e~nS^akC^cx+|(b z8uqKPHQGrb7^!B!2FPB~83e*?=vvTg;!fd$M&&07oqjfnDn`=B>U;Rmh@?YrxCoIf zVat3?QD#s?Rs}aQu1mn1BQJ{2Ga7jLS0s^>z=RjTx(aqBL|;g4Wh3>H!phQUksx9; z6JxGi|N2%wTGWrsEq91+6%b30LGx8vhy1Kt@prBV0Ag$d0|lHl%XzwW|Fqa%0_)Hr zFsGgtk#s;NOwBTcuX@)FH7YxEh6{FqVz7)pm?CW3FSGb6=8r{)=qJtFvSLoly*N4w zWbk>a-Fn&E1kgjq173s^_pSbzg@C0v1{5$QRTus~Y`tWhAt?#%v@H810zSjBoAlV? z!2VcbK^!BncDUzIb@rdzV+~jSMp#L%!ceRlm%5I$#KTxz-Q?!dc91K-7gRdk_X8xN zFiX^+@44eDBNuN&XUxLz$E>Tikd+xCF>ty43@O*VdZR|q zo7Y<}_;mUR31mC1@vVS@ng=ZNV2EI3o_0{vnDuRlksksQltFma9go)U#M6IVa37wg z(bMh8t^;ewy@?M*yzOqtzNw6;F^#Z>sJr=u=yD1Q3MUf{AGPaYqwqg+b}|oRLmnfc znaj$d0a~ptU#}NeR`jkHAC9Ake)otcI zG{?v9V2Y7%cK@SgA?dx%^8eQ-@ui;&tp#3Le-8s%>1Mizi$wMwCvGI~dB@&Q!`*x@ zw&3gw$Dy<^)X2-+kD)JNs4ETKou<&i)L75JeVNOxo<^6kGSynVO2#oOBnidQAx?+y zllGvGQ05XJyR0^$*||d)xYmFZ&sAbYEbPjbZDhU9j~^1xk>tY=vpO=py%ELVu@g1$pYYABT zn|61x&UuxPZ$_v;1kV1{Y1empqjQdS&marHa3;`9h8?zQ%p$;b%hU&YrvnHzz2t#R zxmaWMxNl6O(-f#xcib4FoCglq?TT=sGN3{@5?e*JekUc%&qS_6WHNPN zhpIRE6%rDH!-As^^+9K@u7uq@=y|rp@x&*n$hT6sW|{(~Cm5#^AbE`~B2xa;? z*0~3Q7%RX4DZ+VMaA-?OA-u{{Jx%YjZ;`{K`u9Uu*ICG#PF0O$TJq~$giSFFFU;(h zV@uOd@Ft~Uc0 z#?6E0oa>}aiH|{RS`VE7a|4v#{t7?@v+LAK z3UMkl&<3$GI$eoK9|b0<3+XN~uukTGG^BJT4a^odA0Z9+%Chtet{N6C79&92_Nd8m zYq1h2O*M8Bef4+!Z(ZpCc7$i2T$fL@^1i2tFW}lz=ZW`vJf3vjI`cumQq@n)nuC3} zW%x2hhx2uT!`a0@Fs>F;J~=ntkj2+Lum+p*#B!l@2B@P{;>R1qEk?sc0f^imFO01~ zmK1V6M#;(z{jpJq(G?BqlgtSPA8Q_v6m5K}@D3z&za)~w!=*Cq7~U&SFS)b>@nG!M zs39=?npHA74Y;bdF1$U83Dhp08_*mTSO10vD-ZmoYz$|J#=q-0_Ecx0;wuXfxYQ*@ zPHGOcxVAwn>JPsghiH)5A$@4JZUv~B*=O{NO4lk5MRSKU?leq9LLZ4^V%&wDD`F$7 zfMk^CNrtNQ1MLE)+u18P+%}dFbH0%X!_U6mw#_?8MZuxqe{t!6G&ya= zNuWn?bG=?rykS}9`10bj>Jh$JK=LdFgz~>DcYErk7r}xPeOIjB^KJLbnZG}ac0CRM zZ9>lT&Z^(Id@@V-)B4-%##$rfW|SIl`Z`UgW(Wtc|9vy3@8%B?)gnv#4ena!H{Jd3 z+^-}dQbr17`SJf|?0&(DGgzv)wF9}vgcqf$Lq z2BDat6vCU73;UevWNM+zDDE`sTwI6RgT>cuXqM;}rJ-jcB*W;BO?~|};6FxpWT?+9 zwikCe>}rG);tzP_{}2jjH@u#MRo-As86+RJ4f0RWGmW>7kbR`V?y(@zYJ&9)>o-9; z)Y0zhUufQS8JS+Y$wGG&n1PC6;!xCm#77Ujh%e1%J9iFU+9=9gpBX8^3J$NonJo?WyB)m)F1Qp1F^sVyv=;!au%qq+M+`Xv1GHrVWV z6S9FTiVF@uK*w_H{nF|k5It0hexeDP;=dZk`hh;Dh1h1NH;!C;+@h=&elJ9 z8K3+ScIp5P{Hfbxsc%?aVXVM^6)xNhk=YNHw|B7Li=do%eG-ocHqx+SB4ngtk-D^+ zskWSjs%(O41-tVBusufdla2ovzICkrh6HW7fC_CM*EvrdQ8Wd0?((f2$$2RZ)rz{! zLsuZqo>Y%}U3Krla;o+$>Cj%1q+M+^c1ID4+l)V63)+r=K2)!sW-+%vAz?;62FkX9 za2FXYEzYDY^M-NNw#@f4qyVhp9QeThRq&D|akuN|9xm{L@#biMU>pU`>J6hM9$P9061Sbi@A+5yb!L zw(hxzM*e!@5+wBC`1^ahLO^`l^B~0&6uQXO^ucA0a~IN??_&2kIOqxN{aq_R^z~)) zRcPa;t$iElDmH6YJcY^SB=;eg7Zd`i8F>)!4BjZam6GOvI4BA0-%SugXA8RjQDWJD zRmQfxFZSwlVRYNQ`CL3D3J5(p+NK4-gw*T(W}er|`x#p?V2tSoM>~(f-Mt z2|}mea7>n(IDw5dK%N*-fcy~pau^zc{Tr!PnpD#Y?>WaeT}iFPLpMUW(-B9^i4N=?QBR6KuQS>2Ot*veIyNPKIuRy~;HRI{(icm3pXO@sw z8Tt7#S7_T5%wEIgC&7SzKliQ`Z9=M87iIN_-)_jD^Lq(tCo63^5E-GdzGafrcU(#` zymmXVm7!`e-b@8g$Q*R}D5-{+wd$D&ckUmV9}|iI$hs}eE_SH?xl3=9|}T0$aazl9TPcp<1d+=_>!9}IW4n)x$GPm1uM z(}CWdp`a{z*ux>>aUfHD_*2_PRT#XePNg0CQ2mq13|E`6t-j^tXkn8CVPSc{YfoCBBqc1$mLn!}OCcPgUD_^AgYIC~i3EX=-Io zSkd0QKbtJ|>s|Jx-Kn9qH1QApmg;X*Ps7OONTO^!)i8H`?Ha7%BwEC-bc8Y8Kd#;7 z%w@N8>jj(H*ua}U?GS9|e%0%{!1MpjWIDJVNs$1|+M(nq0=RYS4E}jPfp6nm_rU1` z92=QBXhM==Ep{`&uHrhE5hm07?@_Y{`DQ?u42<9rxs`x>Dik=f49HKlCcVUvS^L@N zN8#tIpKcIuUy2edl4uYxUJrvb-kJIN34xcu_@0>Yrizi(7rb=o5{+uwIaFFV>|km5^v3d!6iL$C8gfiz5o)Idq^7G<)x z-?)BD_XS~ZDN2OO7IE%v6Z_*H7o_$>=D9V5fs*#nd3(3e!?a_wIhxiJ8@RP%P&mT&%(NQMrqT(zQhzYEcyom=F&DzKoNN&Oxx^;x z-Ar3q^#{frpG6Iw>qj}JJF2=;)#EZv1B?@&a6~S?uwuy!kQ_CZe z8Qtmq;T>SsD%45>Qs+zykrw2X{shPue3Pi%Uwe-!6Qa>tjw8wV-OMPZg7;5L@TYvk z2dK_r^`VR}26R^)3!-x}$4Jq(hyk%Tk*%z#aQ;1goHe+QM7;FFxnD-pC!Ux??~k5s zfA&qhz*b%d_H6z=Zk{uAV0y{^OXe@yND+21adQQ(|Lt7& zNrjiw6^DkA)y)^L9zdsBvjmTyw!BxY?O*mHmL7-n)NyC0zW+S?P2bMG$p+&D334Ll z$2qY2Q@y<$;4MjU5=2Ic%GRz0TJ*^85n+X(W#Nw(CQPmk`lsqSH`aYen_W=gQYe(z zPYlpj4C}o3nDyW=eC3p^dclENO_k(zI*A(|HTYqN0Juvcb6ecoI?^?+KA+Gp_N~n_ zY|T=!q~I174T^JdTBRwjOYz2%vyITEZ#FN-kF~*{1*79rzd2qs8Z#8)&2sa%-SHTF z&v1S5np4r$?cv$5{_I^nOM`n8?}_&$`xS`=nM^twzObT$O3Fogdh@_Bu256qzL|!{ zp!8P!J!sh*>!V6=N%_XkjX>FreBIw+>O1M=1`A7*WAM#`60N5hyT;B&$IlyAEZWQ` zvH6Tb-Eff+pX}1qixp{_{A3Gca1?%mMF9^(x(;^+-O`hNd>z@c$K#fsI<*rV0z(~B ziv6x=zx4?cbT5&IcDjk&@K5V^Y46P&d)U}zE!2i=gfbrpXkd2HCJeUv1x&;qZx|IX zhwa~ThDwl?>58a<f9eQ|$vL#+ zW}k>4_;lfC<{U7vu{8(u#z9-)1dIGrk<|QFex9%GixTYTx~szeI&=OvJTE5brGI$p ze>v`V1?E1|1#G5$q(KiALB8$lXMpDOslE5aDLHVArp@zM7m(fe#u7Zph=DD$QFL0W@^AlQ<%BNWKIy|g%b*6_JKi6!AZwOR6lq96qqwJ<|Qlq zZlDNi)?3_ZVScfmnAJz2D1;mVSmE7XW=CDQT}8#L@e#?a3ztPk3Qn^sNAbEBE(-pH zp~>%!0gBrz9%?nGrFff}Ug~wN%-I`tn!l*J1r>KwzcW2{@}vFsP)DGf7Xt2X7%)+e zH7!DKLUV=vS&sRj0x%_wvlLA6X-s=s&kvQ2cgE=Zj=ap96YFH7z%)g$2#bsJ#@qab zb_qf|rP z{!T1hkrW~jcqc+|r!97a2|r8frh+uQvr$CeS42eZc4OwW&1zU6!;^pzUq=Zdd96>I zqQ)4GL49egW4Q3738fO8R>pmBFtx^Xz*0ERcw98KWTEvmuBleHxhY+siu8ucm2R(O zQ_qBMRyd(EAVb_Pp(n?`_Al$|(!@g_En9Ia%nQ9=($z<#Gy0&?DNQ=Xruke2mYG>A zr6oLoxu2`&!ELQM<+9c8fdj{0E8KjkB~0F(X}6AWZq|xEV{$bNI0*Z!I?gith`#%> zObi1*pI(Nb1)I+06`|@{x0jEvULJH$@wywd1qr%AniPl`E|Y-W|2sp)7NC3!pbPv; z%Iixkra$ihi=Zd^t?jatC%OSji{)yY6EG5FfYb!Qz#8PK6I!1}A7hb-7EJ23WbVC7 zvKiIh|9k?>2m>xUfbRfq*{MND2C4hRWJ>r_*~oPe4iMA>sTLGR0ePL=A2|N@j{~b` z&l_ih0+B#*8^qlz)^pOn8F-f}c8}AuOLn$YcI)@&3wQ^(9tVN;$Q&Z=gn@zKWrgT< zmG?}nNjT8_|03}JW6T{a1I^zp#Ec;EUpM|g&0NIdgR&rl_d)JXxaQ_iHaF|H1k|7m zX#HOZQ1nCVvHg=nDo(z&e^keWL|X)uS|ecCfACBf-M?zJa0Wb`V9Pr<6kUs9B1cKW zNW_GW!OTaL(r({-dLie^zgPCAETxvM>d28A=j9;bNS-Op z60e}vtPoQzDw5O3dx`_k=V^_b3Ga!a9x#eC>6c$oF!OHG$txILyRj~Vqrk!EC`*+q zR3}&_^bvK36=gFzhUE~)pg*aDkD%qF%8WKaecB(s5HSg3K(dhu)$B~;X58O)*1 zo+BzJOU4%dUFAQks_@^#q^s;V7uLqWxLIwq%QPS$A71&V2g83o7Elh>IKg#PMEg#~ z@^)ef0duyCSAsIfav=0!uTVlGtvHx#(XYX0Fa|DJ(D$2aTwdre_``IM0Ty^8{&TDa z{$^;Oh-?^L_IPcC@AhaXY)=xy+b(sMW7AS7E9$ioPQmd+34(H_2jN%+Pr>E0$}NVp z-{-8$5J<*o4NBzT>#y9UB_xKkwS7g*EQ8FKn`)t;LHtLRCI3>qOI@B!ti4y7kV+Hs za9yZ<7p9WKYYq&({~gs@{g5yWQ9`-yr2uK$ItFJBAj!kZdq$nQL zg@M)y449}-7eI(u+ko4N$K>TA0|6?Y#H9zT;BJ`ie2Acr{b2%9oF$D=TKwN$hAL>8x2x4e~==Q*WK>ahV zF7T2dg$v{*{j+Uvg<(trt=W}{J}8Bu5_0yPHithRmKN0g=o4Et7UX!~|HAX}1@xE* zTGHO@D!_!#bnay~(6vRz6p0H>p zIQ12)?12#u-}|&zGsLdxgX~YQ5J!8O0I`UpMXPkh#NBjD%2L8Z&JRU^kyKTeS}Wam zG?D>P?ThNLSq?_@nWixKR|nOu0AU+pZ=V|d77|17w>##M-&3QxXC|M!{~lvotgFUH zBomA27C2DGBI-}8V~;(alU}Cm)N<~TYfy}6>o;M>Ah@%SUb_?2og%caJvKorB;;^Z zz;Fk?q{Axn!1%7gnst4T&cvV6;)N=L|1@8Y9d&bS`tvTl=h?j;N%J63n`j+wC-^MsR@c8?q4j8a? zjvX3o)d^;psh`|*zIs9RDrGO1p7 z&ECARV4?BxxBgRcm3_8)kppfRo@IviZ(oI&>mV*8HlHyi*QdW=y2MA|c8~7A&*_i$ zpv(UoXPYUA2Mm;s+gmM1Qv*8#8@|$Ug8m6NkK}zhOu%N^1tcy7nXjeb<3W*@oa6yy z6a)Hu$+Nvq^Vu!}hL->&bh}1Ec1Br$Uaz5Ledvk7*DY?Ru>@r7vdLuJ&#Kp{-`bq2 zq%mhj-Z?3Y+z#M~TCPRDgt|RAkUWXgFRW%fJHv^kq>GDyIn0x66gRv=q|a615^{-S zFV?z#O;;06zpfH`;lzKTa&?j$wNI(ZYjKu*)z9`o^|2>B+TJ%;ct7HX_s)2EaNV2h zK|M4@w=6MmFNrtCz-(qV${ew}dM|pslU72UDMyHy!V%u|%{iXe*7#<@f^1RwilnZ~ zx8UZRO|owkx28)7#;pl(lLQNb)b&L$80c&E;~r^2xL2MnUhG-!6Spco6(}QhMPPK= z&?GC38y+Vm#n`v=&O>T5;rVm3ET*>fq2_!9i*#9?#JC(VpdfP5kha?JnHt1=?IQuf1TKBy7Tx zw?I)o?{>aGruRP50%yLN={BaO$psCHZkxyuMBsxcFbL`>h7@kYSp4_DQvU*JUrZni z2aB~0X@Mb*H59fUOdTD#ezq8BwSXfncPX16Z7^-^I>CP!LNFxJhafL4uK;{|4R?DJsAoz6_#Dlql@1S<#p`qk)mx_ATBo z_(gIJy}Rx!>7A+&Q7-~Ym9vqZIKJ!R{1htxyEW3b#l z%2w?bJ>o^-(2rk7NYj3@6QiqHOG4+=pU)ig!nsTu5l&7s7X8M^^pmi)(Z{}k5HbCY ze-_dWS3r6_Gm~bTseNS|vhiT?Ro_*!UrdW+ud6j$Qun6l!%QOlD`0g9iZ^|ISj2gK z0rE*}w8S(JIfFME?`wxiizsA2mEq{ekL3UH3pzPwJ@|cr!&1X`nLoqEj=tNKduOb; zA7;qj^w?*WLqLH%(EPR^-iSKTy)6U*>GRvwMLWBi0PlR&cpL=zYVxQp71MqLvl!TN zhZE>bqL$0CftFE~f=PrDsmc!U;Z6E=89r=mta`gSeUIZ*h)Do3he_D}ud(6ZW$I2< z@8>>^4#5T#2}SI2=mrOFsfr~^iP2^hgbn&=&(Hhk8ZdW_g!xiCnPC)x?xu4cc}(e1 zX|S&04ESMrT3Jy9L47Xba_{CoOdcb%=KqOcEmMMZ&;N2rR}{+7i>ov@v*lw?{@g8~ zgSI0egVL~^G6&jWj{@*;V^fv$>>-8ff1VWema#O*iEx_gBxk3hSTn05YjrqmC*2bQ z-rF-adg)%C<)u|M01$DcAOFp`fOYLIqyGh9ITapERe$LA5k8#AZFSnF`j+jQw`T9R!|{Yj z)eU6g>&W?`4F$;AQ2p{1l0Q`;(c<)GSaIWw8(FD+J@5S z`TP(XVZyztl{&T+iF0@?dai-I$;jlDyN#e=T`naicKay9IV%5s>cJk5Nxk85o~Vmr z{Hw$~y}pRVi2nDCuho>;7`2{arE02hG*UI4N4PtDw2HYFW!hlVAqhw^N*?RS-lU(S) zqpx*X4p`{FeU{N}?K|D?U`1A0`LfMQer6n^ELmg?qEr=&x*k-#XJx(${==+=mLIRK z)t6Q(;{;bHop@L7zr7IpogG9zWq9VhQYi0_g;-T$I^N}y%0pv==B*ej=)K*Fv_~9b zu?Ka;rX#{BlSk+_5+@+Ds)?wUjjg!2=@6^{9n*`hGedX((#D8di-5Wk`?#7(&r*(F zg8XL0+$Fl@=tT{#@#^VK$%NJ%10f+-Zsuwk?(H6TQna*bd-3XL%fEwMP}zxF42|^A z!mE^t*o&WUjR){IRn{G1UdE~^kyoO-J9R4mGF~$m`%r;d=3l-~DeNW0{3u@JdgS0> zy(X;DM!<>?Rr!f<-FvQCOcwB{#4d(OkAG{38b_uEZZ4!$<_WCO*1@-gZ|lxpsnK+= z$852Jivz_Hy64Y2(=e*m{^bM@)Yb&#<4%wRU}HTFXg4P|yUm0tS=b&Lw}J^5up`2o zfiDYk$D4Ef46v=ArRaB@sla>0n^OC9IM9mWcfAX)mN$M z;Di~cd7O|#DbM;$MH^UAqbfHcmg!W@Ih(FbdXpixC`0!rgYU&J3JCI`i2+f{E zoot8tK>(%(384Z59*eOQT1Zaq6i}FU!*Nvq#id7L3HD`yM?b;RSjKv%l)eOf5u{~+ zM0x<6BOc}Q>BU%4W8?3IEQ z%>9F?!psWIs{T(L9s-ZB9-YIR3sAx-8|CD$TPIy?9tliXkg*GI88oSJDw-ezrE>y` zqMpMyOMg5JCRarmn+1KuhtH2(Pdovr@S}}d6q#6_WKZg$zXKjn*GJ$i5s3Uv}v~~{}~;N zcGU5*M3w22`ZuquXX&*&JNxGGH)7L9?UbKjTCW032%si9!i+43{T;#xov!s@h9196 z9D{_*&Qo=MZ<03?3=Ddr33ChpF7r;EU%n>`@7Z%&1&G~gwVlpv_>4?kI(dvho zr|xLhVo2fThp1`zC0XIcFP52q`NXKmTvasNj*<6UIjpr}saPh~_2IB$_v)wGRD3ea zs&msaS(L@E0XfKo?}W@t?Z5RBXgQA>WIM-KLeD9dTm?%6m2b{EQV3qy^OBbYAVD>J(=7J5uC=L z<>5y)kwIs64jp)j==4dN4^X5*`8x!TGMRX;KP%QH)*9T4rU;mM?U|1SN}M*6SGp5-Zo^9N3pd3pFj9wEHCW)UOT& zVRc*?zrEcT9}!oGL-zbFO#;FRwqqI|U+6g~mZ*K`JH@sS&p*z~DpR3iO0dF@y{(Ec zkh22CbOdb(!bkCcv)RutOs5#U?iwoJkS~-N`Mbg~Su#AE+tn0HK~Y1}yd2T$Yx@{-oDh_PK%&!VVAe?f?`sQ3Leiwm0w(Ddo_d z`;`b%qO~=w{0{-&?SDRX`*DFLDIIqKHWT9+S|#{MaiH}14a)hJypnh*cUgIJ5>lR( zdZ>Ib3J>NtWMRr9`fy7AmwhJ3`euoMw-rkKL_ZGs>!GBf5tdf~T0G;bE;Jboq0@uU zN}K~u1EQTfA}?)npFF6AZZsD@NqImvTFOwH@w1IA3NLzEl6T|x9mmCIj=6lH4{@;g zO5vcuO@WVlo?}yGiclJ9QQY4wQ5Za?sP4$spDMX+74NE>1Qw#*yI|MTN|MSWxLehz zF*8bqOT5Y5xDwxs2I?IvR-(Sl^-4>K^PC%evBw)ued$4ijX7gNX5#7*4XtfU4$-XR zk(6W}zEDayE*xG$7|C`SEhesfQ7QQ?{@0&6WrdkEY)oZ2)&aVK9ucLohX2B{bcY=4 zVk`T)R~-klGAet*GWBnwbFE+S=Xj7TL1A)VOmU&4^x^_eqvK&3DusQ#p}Q!FLqiaw zT;AU2pDohG$Z}c)2BO~$^hhn(g^lP!eNkKCkpl=-_0(~T^Jp>8#G#Bo=PGUJb-XRa z%FXeG-OYLZ{eBu*-56{55ENomqNLDjQ@3jmpkYNqX?0yrq!2mq(oNo6XA7DR%4nU* zC7|tg*3RDF*C#{XUN5yaqKs9_)r4&^AGC?jPE!RH-8&!su>WPR3_I>3XXog9Pk^YqTCvceBe_3@OtdWG>p=nyM%>l-V=f`!>>_r zn_0O23jt4XAR4Yrk%BC}%$TzIch$a$UmkVDEroTuB&d8MB!UpdF_;(AlDQ)d>YyAN z4WEZtGd6T4gJEF0xcfp|>a86u^{KPjo9{R+-7mGcyPkG(-OVH>43*B4PBEUM18!v! zh+g2V-YTDL19j_BF1mq_si!g@nZYgE)0c0Sn4_w>X_rK}-9j%@Piz@^#J^$gz|Vr{ zZsSbrzJl7o#8u)_zW%%qbk)Bk9)83Ofn+2|wXMFzJyf1eYrMJVMOh(VCmxs}A{2M0 z!d3BG7;IP1%`R%bAFFjf7foZRT|4+`dETFFIm?qA+ZRtq;!a6xVT-&}f^tLvbF2U? z*oeaowQp*C$|&NogzG}Nnr`^QqJJ7>8ZIP-c=vtbD&O=jwOlP6pY|3n;35 z5yg(3q@NNjPkV|a;+OI+GSIEk@v;pfy8l0rg_id?!3O94Ks7e7;(rT)nN5VclT;L2zbfjtXVedR-_LJF!1*hk zkMgh$W@~lK^ZPJ5LkFreuePAL3?+H4HV%CqfuoWe`A@13R+OKHf zauzJJiaCpPs-{Jo6~GqWAw=)f$HR@-BU2O5BJ|LSYR+R}{ET=<2{+)7yoE$B_OJ&< zd%Ee*ie7{7@t9hi_Qg)d+x96KTAgQPX^Xl&_DPlkTv|{31z%=Sj_KE9DmF+sQesln zMEPAWWz|(_gT#?=%HEhB79~DSMo7VdO%+&8U3tD#NZCbIb9edL(Vu2SPvVPeg!8SW zw#7G4@HOen3sX~=6&d@FiB5)T=E?zu*W3#R1`(1)cmc#oH%w6S&g#Rk>iByiqc(ro zDqA*&QvDC455})g2EwWiJ6CY+wF9~JT}ntsN-VE|0)iNBoZi`vv z;x*;V?oY6iwaOoH-lS1xeM_5f5h&{53(5Q`If~fKMoWft-IIIFdo9jF$H=@EK3S<3 zWRc=*ADoZu2BKOnmo58LYIV4qrY0hX5=A|MQO{NDSF++rffGHNTD?+qMR*(_QHZp+ z2;1|DPbh+fhkZ8OlZa2T;UgxF)3Qz@LDT$-W{l^;%EL;mK8w_%4m105n~O;-r)JYv zM#nYA)k<_IJT*#wUIf5S;c`+#j`b-bK{j+(WQPcp62M9|)| zddKJ62@dK#0@)TSBcJq;1nr`bVr=)D?H@5A8MN4oA4QH=>X*pj)7?ZKdlW`p&WIJg zA~f3angJL2}l7Ho#WrWp22I4Rq&y zkSg%mzVYm)+wJbO6Iw-AL+(N`dGe+^1HWQu28lkV(FaW6f_q`qIV@4l{)ADWebCm- zaQZRsI&QpBh&g{9#JM^jefi_8EXs*Ci0&*}=2K(GS*XRJ85;RJrwNfj`s>Iolg_%R z5bx0~!r`8s>`*I2b!7pWhM8GiLHT&tn8)QHJ?bY>xcV{s!aii2^>zkzS8PEdffxOc z@)l3^Kejaj-KQs-1Y>pPfEa_Fjmqkxrk+}d#k|j2qw;+C}{Vp$#+#n zYF>Ni+f$`AqAK6B+1GHioW^*X&fKbqjdNIzlfr6{T0FxzuwqA~W33SUU__$S5U{zs zi8=Nxwf8T>C^dWu&)Ee}6ll%GI1ljIx5fl}jU@`rS-M)qX(^E!PBkdrBE%|kFAY9g znZ?h(3?N876|}Na6@48E*+inye5{S;cBk*Fucvh1@!!y!zsy}Z!ryG~LzdSCV|r-H zEW)b-I~ygLTell9C-sj0GF%!{*lh{*(=p&YPg$6hG2)OtqzeAJI9OdZUA#CGZX|cJ ze=WI5dAU5%`Sjgu6fl-V>h&J!T%rfccR$~({>@(Ofd^O)PR`T7o!&eVb8%S2vbkZl zTml)q?RMW9{p07YI*}k6YFQ%KhPk0LH7C9m&P%^1oYkM-8T))-YwR{ib%GUng)K!i zAA%@2(xN4()v7nFO(tX-Ik!l@CjiHzjtrPPf$bw4!^dI@rm{nOR(hTKcvOP|-ghgi z6l(AV!hh^>xqfmN`2~~juhUu7+`ka<^2=sYpnWzWWGQ6inS89D*UTKhd=O?&Oi7nV z>Yw9-U#;~}rI6e4S@|Mqt`i0S%c$7ciDS=o4Q`6^Np`ReeRBB4tWa`dXPF!9J%n_) z&xENLS~L}@f2pZ$C=QFNFGes@XoF-A^9jU$1Lb7NOfcc8=*jAE`k_Tt-YNU-PtyY_ z=`1Ev=-ol#UG#7k-<8VVz{YwH4@K33q^o)=06s3P`%ul5JNrBOiSqi9C0Bkwc#JA^VO( z*7~27>Ytl}Bt)`I475J&%s%SEARQ9avAhF$M>=_V;RELH zph&>vHum&#P?9*hOMc4_F|7S-w|g#CA#x;vkt-A+N8*tB?L^b<0I*mW=Q+rG?DRpv zDhcrNI6j81@-q2KjfL4{X(e~1ZJ$c@S#j0U_?Ky^I-U+y1`bEw2ktB&=0H~%wLMlH#Lr>U zIypJ*Qg=T~&{M+Z-xt2nWLy~Y!&4w|;(FSHl)`j7cgC+v>OiQG9;-s)BD{r81 zf9!J&`i&q|j6@o5>X&(I;vJFyHgX&7MZGUvu;ra1gxlf2xfP{U4^`()$J9b=Iy|iI zVQ=lHQ1jD6pdc)P|KxnF1#mIfCMEw#*L*6U5he#`HMtFGmC*7qvWl-?Qg*ul^jyN?#?d{D=)ETKm7 zPm85ZmJ&rHDinub~>&|5mHAgLrCtbIC-BB*P4#zM#zkp8kaXR|-e5Nw^37;sfW zF#_aV2m<H_;5Cl&I$eotY57(5`fBIiv_+RdJ-S)C)^a#<)^Phgv<$x2wmJmb79S|0dgb)yb2c(paj((rN0J_+dYp(yr z8005L0m%-UhFb`h0b^;p;ngkpG1^Ayj9G+BxMj>3$w(EBr=n(r0O< zlN4_9f3`WYf14;)4;45!qdET;mcL}2gYFccSZTFa!BcARh{wbG_-5E4eQDp;crhDs z*%vCplE-_vuLzhWG#D6HNSJ5X9$|=a>>@C-PJ zk2PV`m<2-p(jk@n?Gh#IlvI;a)yUFt{PHhiduGh)L$B@Hj%zcKV<0`g*N%QPzXcl+ zw6Jj01hAR?TGxdLHc|d%>^HaA>=L~`)wK}Dt1s9c0Py^*hny)pPfDAUhrrHF>ee4KpLi=0~t0& z^2Zv}XXG>geIXU|Yv4NlS2Xi18ihf^EQPNi}i{wcociR6#F}-7RZUXbzn9*xdIsQl^_Yqj+3_4;ah)eY=)O_ z%gd(;;FgsFb3WLjP}PT{CG@ySM$b0_?T0u zDO?3+#}kUXJksZju;iGAD55uQlP29Z9;t8N++U|rev$|J zHLg=>c)$7G978nB{5VDV+lKkTu6|8HXaj;#H|3MBqXD{-?F06&pTPw`v!PRir6VMq zxG4I!&Mf2j2joYW;`dais)cYJi64aFs%0Laa2>3?pFe%!pS+zgy4=^^b7OdhU+#jj z0ws)jx#;>*BYOyzn$G6H0uzyYo^6g)YQao5;me*H2T^5}1-0 zp5$~37#y2FeEyGzrTEZJ-pz&hhbnditoyRZZ4F`g2I3fc}}t{Xi;u$8(Vw zrZ16cSWpCyzf*KTKClt`!*y>|3>A7SBQqJ^;*~X@XqDcyFlI}IbAdYI3U?)sI=rUl zail599?5jdBSOC^5!4AkbIyGVc5i`|$n=Az6khl&g~T;cMYSeN9iH2!=-^xfh6W`a~NQbTr=c26S z?2AggXKNVo#HMuCuw+ z2%AJevJ~E0atH#>2}zuJ3$?xPtiea5LgeLsuQ8>Ix#xGd-NLWGF_8v6mywyQkW5);*VGg-OAasLKt#+KBV@Ibm6b zz!*2c>tc*fPFq9BKEuS90TMZzBq`kl22B4f?7-!>@q6kCazKDDzkfV~aFvP+R)DYf z0SG3#slN~x=z}u6Cge8m0WhAUfb(q6)1`gGmucgwoX_0L%jVEV2=FxsA>@PY z+?;K|v2ra?y_- zz-Fx&47<#V^r1GZ{wD*Hp6?GmW3#n~Ssic|0P*^|2X3s^DD2S>;Zf2yMQ&%5G)A4^ z=q~uvFu%)YfWH3`{zwG;+^0~H)P(-NU47whS-liuoN%&z%^mY17axtCZ2|7T?x`xf zpYj7;8(|R0M3jLbL9upfy6QrNv0DGExY&j8^Hf6UjgU*gY z7X5f|+pJ_hyjbmN$d_)c)7dPe$L(oMyJ%VTv5H;dk8?!qNA9*ttOzv1TCKCznk$uK+*nKUKU zA)o(seucHeLwC|#n1rG0A5-T3A8y^KnlvfK0i$op-jNk<+eiwY)~gXNcxKBE#UF0fo6 zKUhmm1P^c)4FkI3`GiX#4nVC^a9x9tv>D>^)`FW&R&+{#CH$}To3efTI0kI)uRbUy*K|6#51JSs*njyAE48NtX zD?$B$^EWD#0%(E1LhO^4i6ZzvGT6W?tq%WC8lfnxh|tmyzvs)P*eed3_aMq!-@O^T za5~Yy(GU(ojh$|@>QpqD>WFQ|~8Fg}j@0wgXtAJ!ob{Ljd!mG7slHuHc7@{9|R zvQvjpq6dMfl9;lZ+U{pV=Rp8aTUYu0cdY3XH95c<+XZOj2hvlJfr$)RPIwig#djv(v3MB)NVwBQgGQ``1>;R0wy)qyO8b@Uu}Ils)hI z^U%l|o)&pG#cy49gAzlTk}bo?obod}3O>zR^Ki8wf>>}jCdi`juX(VHBVv|4``FIo zDNJMJz+sU-j2b__)@_l`stP5W8$ibyp{AAYYj$@KB_@C>9LKR5|B7z$#lGLHj|STM zff`PYox+bi4)x1nU-0B)l<(j0O~anlzBNr-?BjhF)PZy}#1^gnnx`kHs&P#BX9Cin z$YVJ+$Dzd()|*M#zPF)Ux?3S0W>MiCO{fdX?BK^I->r&PjN^AkR$E|%9K<$q#qR`I z_SIGOECN^Uj%-~`U4>-en3X!VDCkN>(IRsz`*ZFYCS9pe^ZsSSa`e7|)a;<)a|^bpn;LMS`@NFkr8%9?!0LL!`t2 zO1?>4abZ*^A2!C!tO=0>t&)+6{k437I=8{QDtfA84!P%J6#{Jxyk#X2D)N9WoxffS z-%OuP=(XX7rRj1n1z&nc{s_mP+rSU3ioWtc#O|itK~^tbfVVxTfWr5nsQcFwgfiO* zyp3DUz;Ob$8%*#6c;e70HK7x32;y+G|LI3RY=P;=bx+`04Gf0Vi(!j?09k_wDFPA{ z9)duNwjdqRIpEthO{lI`|9tHj2>B#I*k8aoRQ4N(fS=bs{9x$-;vQsAH-?)J_-!tm z38X@-emeqDp$@Xxyzd(naO>?HOI^j}dxMcgS7 zJOp&p@1Fonl1PHc&C)?P@DfBp!GJR$t3O}>hCCQ>$kRNkZeW0(PS0LgO&(Vk;cq?yS^Y2xbp6YOF@)F@zuY~0x-!R7?6 z{_+jt&la4w;`NHK%&vk090HSG3t;^#N!;B~o&sNu%PO2}HBsGQ9neh@lwGSu9@5sV z_b4x+)O&O70GA8Chzn_h+Y(q>u3@^F;LOD4oJ9JrYa@mj`s}TC&2~yq=v!Pi^aBm) za_2g?>8Va<-CozA0)iu7+P8^w$8i@5RbMDq^@5M_9A}Q^RB+LprnE2hi02#`6xqa1 zp|QMB_3X_<`*JYy43%1oD|4U~g=W|o1}*ScB-iilzklxQoYAz7cH4Ul6`0dSqJQEq zFRG>-ttk95^U~l5HmKv+ey!U_fD2I0WIXCmULix%@lkk&XY!_J_{yw;Q#$G{gnsNt zOf@%pu#yae7L}k`1wS32D~edR10U@*W7gz2HL2z%R|O{nmdjI=Mp>!ZipFWUi&7qJpgeXCf!v$_}C3M(Id{q2R_M-gPVRPWt8EmDxIrd#B&Ch zEEX~N7eFO{nvfq~9$sKP95yVNH4<7An=esrUBS>eGqvLcA@IS~)vwte{h-S|Tw3o|+hqC)`W&vskU%Pa{U*-f98 zb%+xlNU2L+b_0>(`x#qcZV|FDnnJ5|z62KK6+8vHDEq5rK*&hn+SJn0y6fG1?A>?- z%2rciII$iw07C8!e5AgR2HNqf>0MjryxXs zW$Az$$oxX!?hA_J3IF53fAz)3t?o`}n$@1>;(OLi(gzbwYc1|gzpZJ=SGEz z(o=MtEN4_yaFd9l{x4X4H*;^HYEZ7dTOYP4cThz?#fT%w6z&$t}A1M0)9M#KUv z16}f~wzf4-=64NR^6R_5gY2n;@?CY4@RJqj1MZmF*XN(PB>P?)CIFw zFchuak0EOA2e6NnRrl5oBx+b=nkHs5!sSOT)T=p?cd^V!UD7~D^=W?9SUYPyg$W@R zq?IEz>SiBJX=hcJtgDa2@c59J=(uRwna_$rsJ z-}nA!`IZ2LkiFwz`e@)f4$v1o0T?Em-BbXOXWQyJu187m0pgaiz-@HBarVwOkLQfH z2N2F6_V!!yOCYY~oRNr9bGEm)cRp?_>Ta^1m6P+8rF|_FfX*=cj7tD8&GI)xeM0}0b(FI$a2z1Bt; zDX?2+isqBC%(etaLDrAZopSNqqWZH%TZNnxnLKr822KK|WR^etutaa&;^Np>m%`e} z|1fA~Evr+KKEU;;1S^I3znQ}mIN{RF3=xrbOBa-lS^WN(8bBcO1|v3B?p@Q-9kSaz z%(OLs>TJBc##cLH2BuVBQOTB6)w?t^C%*vGBFfSHKWdwaC3|W%xNow-c{C!HAVWZBTSDHa+ZBRfJ%MbnhO%NBK_gekA-I>n6`(OEh}nGZ>?mlvrqWw*7ArlJOVzy8|)X{0ss)v>N-O*iSwb`GO% zh^Pa4a<%iIm3D?xtEOQUwtayN^=)l|Kq($tHOZJhUwXlnCI7`=99E0;6#~z6eK($c zePM9+7b#ZgtOCeo20%VMB=#JDA!Mv5kjPXu`I&?NMlDZibr6AK?eQ5{fKW2k0=m_Z zBa0|W5M=DSfh5>(Hl=p{mQmHM|I||M_fgL_xB(M zDvIrttHAe>+lQws7tiZsaKbbON0-&_ODir<65To11Si_C2lh2W@9Ew4>hm3 z`VJ|VOUR;bzNbe6Eu{h$r?&*jiB45J{HRY#_5wvC*tv@iMd}2u3}IWCS$sG*R3(xG z9^6&gm^17N>T>x((fp%n5-#1?UG4) zOa%h{&9Xz#1fV(D44bT?t8RBr&_%K?rfY9uo!qO_Eek>^^tUei)_bvv)1!r2L4w_^&&u z^JdwS5~oUFtSpIcY*Kryte~HnVn`+3(aiV?eO^vX={df(vFcCyX3D+xh~gsr8McJw z?F>E@9P}8+X9Gm$^FEhB!Y%{{=Q6vN;J|Zc%mv*=1`S&!w*SM_RfR>t{Y_d*y1P51 zS-LxyMoQ_F?rxCoTDrTtLAo2Hky=V51%YpQ|2H2OJUm?P+4GB;IWtx;`l$Jip@2^o z%ipX9uW{hRP%-aF8F4R4ybe^RyvmcNZUIauCgzWmyR!Kl9GXBIM0D9v7hh4M+gwH= zbo#~{pF7Rav~V<`j3)}J$Rs;Opo`2$1;yEL0)h}}Em-53HkZX0>Txi)|Rk~dHU2T2w6U|HR_EGuRb+2h#*RuMc zsJ*4NlfGNtHy#tE>603aR;kpJcetryH$ywmMOzLMcu}1@lOA1p;bCLXzG9g?Vt`VL zs&b-e|8jLt^cAIeJ2Q>53$1d8gVD)E$T=hcLFnHe`snBFKWQgj z@qXu~|M{&!7L2;5&a~2@g$1m4gDN|`v5$P4pHB4YQQqTXt|4}o&k)@tB$)+s)BpLx z6SDZOjuSP&(0xE7>E9cQD7yNONWqNv94?Qj~jhRO;)D!m$Oj-(u-!gv=D|NKf!<$g%5nG2C%N!wM%56W5h0Km&g4-Fi&` zXF}}1q!%1oI!slH&L*X_cBV(~IO% zjstc$*~Ws-tH1Gv5xg0wHU{2V8#I;l>_s-RSmhSRFlg zPwSE#wJr&)!sQUYBO@|J{8pN2wEhr}#+IVY#KHH7ly_H&m|jSHa-O^* zBv_({*@v}e0D8CBT=)H_AHrg{tN3-F8D4=S^R6~K7MFJGC!Td6HjfOGi;JQf8w`v= z&Q%u^jl+gE4WvzxAetBHN~@PE^l+ODzemj0WAs`xjVG&>q-K%t*vyRCZk~?QSU$zu-#8 zC~IG<{A47Tg~jab39MR7LPmtQ{1wWaxXXlH{KS3CQn)zCFMGsq8K|#w5&U5rFR?a_?5fFl88NXB1NT~Al?k~R(0PdT$s;SvoPfots_0b1?TDucrPxbAj^Y4ig)BfdbHp zfpc5ej2&nE%G6bB_{H*G*PfbZAaJ-{Gj^J!ExuK<*a%16Z3=lb#Yb{GSvvsjhC<3j z88{HTwAQl@OTl&U{?1+__fN{qgE0gr_zm%tKzuicN;l^zwcN^9)yM%hP?gny_{{Tub)G5hVE}!HOdyEUv_`@OG`TL ze%`toVK%x(Rw~mV*DWJ3&f|Ye9olnj5Ae8o^Z>z3Hds`r=Zb+hMIz$d$R0=*F~^kD zIn=rs5WX^@+j7nq{VeuSp8+xO_ghzfI3wiNiUR;REE$1H8y^+Q$}<`5mKGyzGjyNX zexNEviX*UlgY{fim6w&BKfJ}nD^-vkjj@!- zU!=e%5|W%`6F+gr2>9{O-}^0DFD-gROgWhuOxYL{ZG7V=Kc{x8GrPyvN2dNBUaGMw zK1bZ5p`(T?-L>_@MLNYV=ZYeF2Q9@l2cSn-sQ1nfD7OF>fBPQnT|v&)tE@VZ_M6KsT6tDTH+#Q1Kw!}Ags9_nWI ze%$KvF65-hUQhF0k&Gda;ft=my;BJ9PKywDiCpL%AA^vd5yC$AyAa}O_}z)@Kg*Mv zw(Sj)w;7LKY}q)H0f?>B%Hou>3poJ&M9(Wn_L1-8H5i+SQ`?fVVF9BwdQ=s}&b&R6kv9ZT@ z!Gqu1N?R}PyISEI1QBVxYjHV#h-ww+B!DYTCAc@W9b4cRUo}(R)o%vhs z2QiYCI0w} zTY|TWEoVlfQ|+F~sg&B8g01^0@X$UxkoZ_vv#**&5sA`+^kn>^nSK87n<^>dJVR50kuGRrA1nb%}un>(p58!10)C@rt9FO$PHN$Qn5i+GUaG6mYj zF*de*q2L4}mw<-DrKQR_S%Ytir%$XvznI-h6PL*k|8Z5u=OL=P6--#n%euX?x^nby ziK$WMEG34A`0uEBio$Q9*)$?md+6EZ&c7Y&C&SrvOI?vVG-*k6K*nt?BEsvb46vnzxS6q~aKrXItUGPXaDRx}!8Ymnkyy%#K5X z6t$4ou`oof;;$^&eLS2^f*2_1URh0G!>O8351(Pz$x+@BsF@enEZHttmZ53;_4SKN z_iW5mqr~M(ASql6@K*uk9b67<6}jxxG{O080FTaQ`!7O@s)2w1g#L5igZN4zIdq))AGICqcb-=j z$PZHTUG?zO!GW6pPul~L`*8hz?tAulLwis0DT0E5GJs&(o{(6=JfW)%hznJf(H+yj z_b94Pkq5|ym{WoJ_3nZJ`FG_>rUaDP+w04F3So>6#I_A&3n7QeIYYFdA=!pM-}8dr z)j8qlwHl#kDvz7Tj{GE-J6l4phGqTEcAmcjRWCPNj9}|K%6XQNnk7T*!9+FB1JOlY z?Dg~OLDu}(%{P3qLyL7G5)C0ST}uq}4sN`3oF%MkU)!mD5&g6z&4Zgo#KpCSJ&GqJ z2xQzO7$YeEcw>Ti$sfNqf~hL8$wt!GMyvScAlWs6ndu~!M*d^`m2{{%41}YKBS2+V z4WcEd3XT>2j`FIlrZfQvaaRReG|L>fF^=Zq0U}7{ckM~-@>sdL!swG&R+bz^6%dIj zBZT}r5s~5r<*w6@=Kzy*MuQ z1@ZT^Q4|?P5{cjUK9m6v7|A~WF&rVWm5{qg&JP=4I)IV8x-9Etk3-6+5~VJT$@TU{lEVVSGnpog5mHcS-r~hW7PpyN7G%d9A@z*T~3d z_1Fu7^~OOezgawFo)8K7?9fs2_xU|@(jVgc-f&DY&qpOh4TXCo?uzAg-p9;bjEMW3O}U;dmtVUyi%8h z${b(f;L{JK94>9NNjqmx>zIq#9}^E-`8H^IWX1{dX_*GjklIM@feb!s_feP$ww!|e ziENn}DB*Fc%+I4(Fl}H8$3OToZ@&znQN<7CG7Jp5=AXm{y=L8iOLs0)%hDs!^Y42x zfa#_5Fm0>IP*Of)mhw+X_3Zmj-Uj916##+Rq-i?|EwQSoI@U*ylGS;{!|d!9_Fz;!5H8 z+pEj{V(=#K&G+BC$0=LqN#V@Z`^w^f!xymlZ+h^(PyZKz3W_(6`I0x|Toa)jpP& zE*PbkTq!QbWV7`xOu)Dny~&Bp=ThX1wZKf@m0kvO$a`ddf#^^dntxpe=GnH_E|U$* ztECmDo+CFd_OQ2(Z*?U_MBEZhy{OfeS1zw$+ma_rtQo2W!QxnjrW5HYoBYeurNz8e zPPFWeDY=AV96D{1T6n*sh&>%rt3&{;)VlXrJBibfxOjU)qF;W}zi+!;EFnCQqT zRAv~=5rUKuadEdq+vHeKlme?F*7)77+<(!F&MqYw41%nmaqx^DpeoC zUHnRA(W$EDi>&+<=GmNnI&rCn&S@9GDt~N96K1=8xVSri0*icT!I9Z}-L&YPO3K=5 zrM3*Aa~2`C8Ednb+D+L_%5^C^bHWy~tKa|>9yNY+!&^^x`kWySGaqGUTz^y+`Gmwo zL31lEL-|Q7ei26V%*;H2hQ}UEki%yW4{YOTF zAVkj`eDbW+Q5f8@Gn2?pwGucgbj0Bak=Dkl20Sf3_Pss4?Z4Y1Lx!gjnaTH(v(^_N z$_7z08MrNLdCrB9EuGc(-7Y9z`}95dJdVkV1ViGAU?KX0-oVe_dT=KvCv^=BhC7aP zzcbgi!^C?{nf_MZxm6}EB+I=mrr(3;8(gGz;Gy1Mo`9C{t_cYeg3lz9g?d=Mg~zj96(Y^xgox}Im!1z@9w(4BLW^HJb(V& z4u989wL>(sPLP4{e60Z%66uRcc3&T{2hj&QA9rJn{e@(LMnM8eLmnaQmgT1J%{0IJ zIRPF%egotiZ{U0V<6Xh^`+d3;^tikgcSUx(h{7U!g?w4#V$mP2qTL2k^V)~nSO6+W zCp4&<`iEBlb;bNGFN6HE$5eehM)g~RUqIvZvmY*Oo^y)Kg;J9(R)WN?1b}%f#qJ(e zEB-dYbcR}XUXoD2MyWyeJ>amUiJ_gY^d$NzD~|Ti@pNt<6%kRrv^s^q_KG&izWPARjh@AnmnV1`xy2*5BLXH3{LrK`Q zGS8M3op6^?Y9(!oB3YkCeu9x&jmp{_c!OPrknmXh=}4GjW#6O#UQDKs4GfcZm(L7F zqEy2@?ZwQ6^!nLIP>uLM-8jptI#@#@>K+aMrCZ|4iPTIp*Lw`&gW8KWvn5eJ0aybK zDtQIgb^oHyUVR(xxF_WUsCKo@mMbUDpM^_F#V?1DrfC(*G-(M8cnx4$u7 zrk9;mzl8c$6V#W%81vfZfKuVX#Xmhb<~;c&v&>q%3Nt9)GZ2*m`*2^4hh_@W_(gaq z=8u794)tnkx+jsUt8CN)0VwtSWdo!QF>kVYKLZPVt(U-`os~^K?G8JP%nD_6iZS5x z9Pp0VSm-_-wGHs$2XA)SM}L*Ttj5LvkZ z$yQc?_Q}c`t{QkHO{htUn8hi5N84fpbPZ8<1pRSQy9uDaq2!xQ%k=8xD%0Sr8eQ<< z*nv0e`=Hi_iph87=wd2G{Y!a1hYXSl+FPh7P9+z_e^YV=&tUyiCKI20D0htLCtMQI z_rhzr`L*cfg~P#cMqzUOIw+u@k|hRa6;y9dn`Y^u4hUrjveHre{x}wj7}{G~S&Ml! zL=WWG4ik^-C9GYRjan+>$QSILYR&IWO!aJC+AGC4LtTv~p;;0*^b~tRt9bwdNVtEX z%(?yc$m!)iCuF4$K6IT%()t|dF&!nUDB8^6QFyR4K=!W5F5 z{%5A$k+o{peb|MIJ!!KEwIp&9u+qdnxX~dW)o)a$L?SpS&=uYB=5_1Ksfb*<95K|c zv=GMlp?29Q=i~$9K@pe#orA@p<43`_p(OWW2fS0|CBdPp<6?!K{FxC3@1q43cfy|+ znMBW^m=w4cVvV!mb2U?Sopc7Z9qx4k5?46=h{j@?22K*>B|V(TrYl{3+YnO#{y$bJ z1hFd8V$i@fE|nqU5kug7O7em|XN?9%=^YZ#rK~!Hv9W)nVP~P_umUXcv*uGsyPIoz zVZdoj8mIW)2e-F#&rc)t^tH-S9J)~BTOZ9%9@MN*#0yFoJDXpn)h($~sT|h`;|l{K z8VKRh+Ar9*{^kl28H(jxV{k?W^0ouMRD4+m<@|c7W|=JY16)dKaFoS}sUsNcS(@RJ zd{6ltv?p$`D73&YYaAyK(%`#x)(xIJ@>PhA0aHL^V10pi+5=XHZE6+ zqyYRcwDE%dd5Y)tUuY|O+@eWDxOS?=l1Fnn)B?fSY;c-iH62-n3%TW){5UxK0WlgYz&+`J-Sck=CIBn zj`7Xj*$_v;rM2b}$IJ#sf%WpcO_A_I7^&ajtV*vd?tccg$6J@_zw@sGu18ym_y>8YP4Co7b4>|#;${HxHRSxKWxb)xzIVTX7j z!W)qD#P^;jn25101_KQ9v?=N|W^?jJ5xLC#)%qTv6a0y{@;b$n0O}=&fZMD!o%U(=C=SLtR=VIcy)Us#iF#EW6281fQK6!vY-)K-UJW&w?>c&UUB!-5)$+u#;_8t$hq(~@CQ?2({r{Wicm zQ8hBMN+0u6M+kQK|J}!*1h(7De$kgZ$AN7mpn0*~j2qHS@kXONa{!YdOr=ebs90&f zpAirZ{$L}7Q-I&-#55cgzskW1;nLnKA4fGUE{c+nD5c8xa7`XCu2CpIPun4=9ue^Q zmbp9HDFHW$k1UasG^JuvybjZSEva1(Oq)90Ier4T6{g0xS|Jr^cQq~|94+IKvHWPJ zuaBtBt5N&0+PP#Rx#Wd2?vQ8Z$ENA9R1gf*fqq&3d1SxFpLLcCOcer|rl~FqAC2uX zMflhv0O$OSmY*7qW;r-ekTA3XHcP7qIO=3fx4~exka9xgy}5W55f}99S)ymOx{~rz zpv~>T7W2LVBQ7tR*m<8&;KdLpe~j?J?xE=ji>lvVxJW*>1l4Y$JHEnFWxi8PysxrG z_0ph9s``hH+8X#P^S57w=PguR=t|kITfidmI{>Lr%2gNTex!Zr zN4^Iz2W24(6Clm}bHLFWT>PfsF$!wLP(#V}sVR0H+^?noMN~)BN=)>SQX2K{gu+A|E&^EbSSn+Dm5Vnu!=k z(NHZVE{}4oxtLvO6{V9-iIYAX3h*IwT4iA+yG1)#Tj515L$}DtS;gJ`;`=iZxvPcU?8+X}b-=)pfVPfJ)Lq2wsH4`T;oFrrm^n9YBi7LRBsBu@}sEzAp- zGD%tu@|F<9{ADF#F1U;mo2t1-fk&?AEf@0>klnOd(!I&ZsnfuAvEd3|S!5V1tvxeX z$;j9Btvg%HdBALzk?3kOEmc}_u{JA|a!brth=E(d?ljTnt;rRXUrUj)Pg_fYfHaW) z_d&#E36=s4a`vh9hW}B4)m{nJ?vAK`?N5X)x2^5Zca@P)O-XaPjwvpg*$MNg_L}A4 z5ve8!z{eZZYi^4=qLLxxX-$PrX_P%TIjd{3Eq&o@Y#Q?6j?Sfq5i95xCuJ$8J1GJ| z2bRngeWcW*=?q91*)PyNM4Q0j};slvKKZXi*H+5=diQ;q7?f1~02_+Mpr zD_u2XlA9el2*vB2dyX6$rAvNp?P@-Jad1D!*M!HdjENU$3c|X{bN=N{2I{A1|W0An_?N*XdxQY zM$jvv)qp2DDlh3pj=O3sHG~;Guw!i@=ZiB*%G~SNPU&7S!3N}bI)4Ak(vcX_8KfkUu5UMSjS!+{S>evz z6kFa!Nj0T6jB{F?5ifHe9&HfdOz8^w@JV+G|2u@cdeZ+6A;f>N{=~iCslv4i@{&vbusV09Pzg6Qct)s@{d$PAF|wpI}zdHR3Jd5B0TDm}79U zm4RzNmF!uPVsg_4&k}h|=NN*Y)P!LznZ-0oV=iNkj`KzZZmJHvxI)SFTtQahm-)Yx zh1Y4lGGAQdG~FfFFzoTxODn1%)6TClie`xP|(F8r%|myY!UZAbc^}0I{jrAK%&ycbuH?2$|4dU4 z+RbZzFk@D+0g5W|g4>*VZTyslsfAGtdHFLTWm3~)*1@8Mkt<|@uZhI!w~X_uUwv;| z%)Cwi)k+Osek)v9NCsD{w5XpZI1BSIT0OsDiKl~eF%XI3SPJ|bl)T5k%PlK}Dk~{_ z0uaal0{C>>Vxpue87y47g5c4y5CIIiyUWyjQlY8OcI;0%nYG)M>iJFdv{>Dz*okJ# zXRC5W?Y5Uw?nHmGip|j2PDX1fLi|9TiX~z9q1sgjC7HFBmK5S(z~PLxBw@~dx16`0 zmcxf!eU47XFXJo@tFlxyGlIB|MA9e*{t#PkUH;ipeC)Hv0S<{^eT`*W@Y%{{PPR)4 zwa$miTU}PLQYfarWi!c;bOv{3vYU|{xFzd#3@mCl<3bW3>;A@ojbIYJ&3Nb$9jWyiLxE~nl-7Q)MNVd8gskBOhath zvK%+G{@V2X9~@l)Yr3*j zUI6MlnA-dImr=GE4dw*YawdL92|`diRCf9Ykq7dqNE!7=3LoZ^?VEft`kYtq`OI2o zVyrDOfhj3x`Q;b5L(03X+bs_W(6|*2NBHX8r*V{@lDveIjVGQ^>;hU8FQ8=Sk_Zp3 zDO0tzBxz9ITNu}s_w+kBLtqWc5D3Sb6@Ij@anJ?KR#hpmJ*U*SuI%p?fK6>i+qJmQ z{Et*@indD2xuMGAaB!v)=LqPnT1ujwn({!S0y{_LuX% z8yW$cf;kl;PByL^bd!OfV+jyUrDz(zm3y%<1{y6%Y)>0#TN)`BFvOS%BU#pW`&Y#d z%|9x@SBB3#JCFLUtvjf=R~3Kb3Y(z4(;hmV$XN0~G&NuF-9XJ?aFl)tI>x~#K=)J~ z^KzNU1bqAp)m{9Jh;~~NN1AkFijj9>a3mvtSf~oVi|0abTzEeOr_XfIiF%EQ_>X?t zh!U_Vx{K;sOkgO=!ZSibO$;2ElsZu6Hk@HsIbUoq*?{pRjdIhA0Rh84W97NOpubNY z?rTi1hC7A7bRUAg0Jfhh>Hq_v%JL?gK~E8I;l%2xmU8A#@9Uz6Qf00ifGP{a>1JeaINTJUYk}|XR)?n6 zUZ4kwt|ir%Vv&Lq`O8SxV znazZ}PcyCv!}>?GH~veI5E3ibQN{ELCLRkI``PAJZDfKMMW9K;Q|>_rg-t{b??;d4 zNN&e5t5tQ4V-9!?e!mGPHQG5np5SGxAMuhV7NNRk9rM0oq$KKk^s%0tZWW8Vu^lie zt_v=+2DU9>03D|{pVn{PyjQ5jr$1>Fps+Qe<5RJ8_nF#T3WFm${P7t`hX|Nrvehl7 zu+9UO^W$<#pUfP{)KU}y-i#DxevZ5@^!UGz3AdRm{)*h8rSHT`xoZ|Y=}?YJZjniy zc1jeI-y_i+Z3DD-OjP;~AhV<&$x+Rc{N8LlnbUDTdFEyy6JlDFaKv;cD6gcxn=~hHK!5AG;aCpjZQ$E?j4)PLHB8R(N zF?C4)G_?J<7UbSRIt`e=KUbN_Me-=;MPU%GIHo%u@C_68qtHQ5%A)r+3JFG3`*%_g zD^d}YZ?N@wo!0zoPT5E)UN^1EEdKD2aj#WqN35lZk4H<3>3X3|@@h`>*3-iHjzL#% zY4HW6jfb`(YlsDX6`W?-l_>F zJKnDhnH&{i=5)Jqbpu(5DZj)@btPvc|MJBI zLmbB@rnbf{Nz0+lHq@4S!bMugVtJ%9r5S%F2gQ@>IUQ_6@GQMYl6QJHu9pWab9dzp zHQZn`HTX9T8}66~tyZtjT%Cm$UBMt7VOvrl;&yQB*Tz+aMnzBp7CY&N5#F~}+%?2F z6cYkkV4j%6OhKB@rQT0(o+Va&e#X^2FWk(JnQXi_4N1;Ym#xc%%Ydg(hB|)i)hP@; zsQD!@*z3o5uCzU_A`=~qpc4IEfnL4tA$iXZcu6` z^df=E9e*C#70Nh2FHV?s8D`$Joo+&%!#f z4OQX`1I4f8YEInM`>gcf&}3 zC@@|KC0W7!jK|OIn9GKJm9HtR>;4_}-f57o-MV9VnwfS6bVK6(W`4r9%OeWC_kiuTs#lrO#9pe^oVbjW2r zy3)SFQ@#MZz85Aa<0$_%Djjcg8&mY;u;ikNt1LL>VA$_&3-v#S<$Ib-w^ zvyf;9*iAmf7L`d6*!)O^3Ck>#U0Ocm`n$lb(&MLeoXcrH%UoU%U0#W%UtO}eX1bf^ zjvY>F!L)DvQMekJ@*D0nd*x1|6M5-WKe&-qmrQJyXULv2^(xB-M zTB?ZTWHTeKlt=_~flLxaM#}rdzTtD0G`lNj=x9sOq0_@usp)ZtvuUiTAAYcRHS*&MaCyo8jADvZ zFuF>;f{XQbrvq9|y~XL4jA~i+yOcDzI#Uxb&fl0D%~c^jN(8x&!82z~Ja1B9QrWd9 z3(rlIIpb_Y?z6-FmTe$txNpRU`4OUkNFfATC`x&E0e%Me-g z2bVOuE#YNA#;KwZ`>P4?LuH^)SiC>G(kO_&O#F6NW=Js&e$zAt&#)k(2%{hp_W*xJ4ypv;=h`vKa)R=2sNtrQ%5 zWZbFH7g7+2Dmc90r*di5CRr4_j=94Hlt}}|v$PO2iI_ix@L->U&P#8?o}08RPF>C1 z>dAVamd!kib13|R4?1>bXBvW&xi1UzQD^zJH8E(kPEz>2jpyVA+ajOOEYrA04Se*M z7)osBdO3^3agL9eit6yfGrSxgoK?UUYP98;0&(v0 zRr%VCmpD>KQFcs%Tlg&V4qhtI5*2Qrt2_5xW%PgL%kb?I2NR1|`Y~Bm6p8^gc9ywR zmhVC|TB~^ks}YtSN_ba`4t}FADTXarGI@>w%J17Jz5EqUJA8!g5lE|fCRvB4T55sd zbyxB@_g$CsayIYnGoUPUrd9KoAiGYi_%Bnz>hxpV^gCR+9jUl69uaF zViL+U+6alLIj2grWWQf2hb-ox4Xf%V&Z``2aX40qH79aAw0@G=t?^?X>epa$Pp`Q~ zl*O>;X6*m@k;pCqnGVzX%i@(C%_jcqQ%+fXuUpXO%GIzCgh_Wbu5~3SEEis=&P7jf z9sQ)Ne8T^WnZc)Ub&*?mapyaN7Y9TydXUAE0G*z&uR+~@BS6W|t*Yfk z-_k2?wZk|no|woXVs4?m9L@ueuYoPcB!N*OQbz&Sb6 z&b)^n7shMg=9y@Fd~N$O`n(;!{~MHDd#NgPj>La$uPWws5XXSv}m4dhilc>x~`JXCxGo)g(+kxQ+Sc0db9s>bxQ#j~&qkE+*J0t5$fJmyCGooW8Ts3gBO25sVZJz2#d6!vaHX}}jPDAGA=(v6s;@{(oF zoRL6e1;!69nDEA4bNtHl)`=VDXoj+cJ;+`|{SV|%rfy7p+#&<>1}iGs@|buG&1N8J z7jydZMH^k3<27jZpt$7p&$50@%*-VOehtd6=Zz+ zT=e+e3s-j-pB$_t@1BRpI_1|1oJCM)jS%!jil)RQ&}kn0m!Sp7j?R7FwwOI%DIrY` zf>s52>~y#SSN=jqkG+hK*;{=+jc2q!w)coA;g-nn1a4oLBJD)hxW#8VT0C&b?tWPFq1Kl1sVSH3)J! zuA23_q0Zrx<@YFfdiZFab< z>`|IyX1{(;lA3%h|fL`G7z5J_9R*g!31mbXxA38T7ZOfw5 z64!_MK!4lV2u+jL$Pru~Zi^eu`BRqEP0X`2=+HnQ9EtO~I-@c+-Ufk~%r|+LQR)4I z<@5q!$@-sJ*kxQZsSg{zgeN2b+YdF zJI9=dRhBb zleD#>>iboS8YIjeMaJrKPt~DvE~ym*P5~MR?r?&SnDK(z(5S9%baMi}2l+Ca?DLDq zA?+Tc94a<#T|#*W-u3Po*#n;?yFoDkdJ-Jl=!Cf_3LeWA@dPH=;wtvJ^gVNcdC`4s z0725gGJp9vgXjkd)&nD|qSErFK;S^@ubpUQR&SL{^hdR$ZxhWNF%Jk2seP}bDN^)h z%}~)(`=?XSX=`oQ^#aVrQv@d=uA^8leVTWg(6=2E!gt7n`Tx~p| z{$sa!Rl)*1%4NgMm^F1UivFbCWoGfW9oen@cc$Bq2^Tw%%QaQT=2#?--s?~b3M`bj>jp!N=)Bh)6^ zl7zlFIw}u)wsiF7#Us|~#|%g98es5HP)23Z35!FvpB8dXjcYXrb*$;__ro}Of+9aG zw+6*>&i4i12lBAd+-c?aM8{!fVPI-$>>I@@!|&91Fjm>9c|Xc z&4l`DpEc>GMalE_?^CfXr*U7YAVg0#)+)R5^}4CX|JIIQ{9CVElv7xE=8yV}oxeID zf|P1xN$UV-S6H#W$1CmOOVKAclD`FcLlfo?SB~>Tj++_SaAoxIBalq2zV;cKd?CZ( ze5fGGiLAm%@Zv$_3{MUQ;PrQbU-_q8w_R%YT}!R#d2CQ)5k zFo{Fh4gA-U`Vo0#@wDv+YHcHMwwC^WAx^>tDO2hgbZ{DUyXTwa!^xQ!fHJ2OUg)S+ zAuJ7^BV-Qfal48cp>mcA$Jr&5Sa? z^jkJN_!YGh2H4W%2Rxgw+Gw*7`Q^(Sx8x!}|1oO-FrQv*>aS`1B@BS9CUa$EYLM{A zIx!Z6r6Aj;T>Ynw&~Ov6P)9sgyW7tuQUMogL?WfzY%;e<042KUyj(`7G)}^evvxQG z;fEd*%To$&KY5YOn>uJ*+nGh=+o_3s!E^otXA+T&azc34bIsC0sgw}e=L-ULzOS2U zQ6e~%4 zxT{|LR$Nv!WWP{{Ofb6lT`wzRn90%VVgoq^1H+Y-!~%#Q3JDWHdo|PmOS5tlvIjbn z+>``>_t!RkQ5|qr@=xILjv&=$z$(GRPr#s`hqfMBmn_-Eno_&TmrxWu8P7q&3y(Yz z-hr}smEYGz*uMY9;ABf1=u^04kceL*wRVBu-7GyCGz7563)32pKm&!An{Q1O$3=8g zaV|-yMKK3T5sfRfwZ)%(cu0)I)mz%RlOYl@Te5E!qCnr)AY;%^JkzOBzB#TF>g zni`dNai&FYicDP+W<2oTO~Gs3q8u%mDjfS4q?Sfth_5&mx} zQe9`Zg8>x*80H2vIpx}cKb-G@gIxp~znc$PN~kvx*-jdGsI6*`P^^52c=qJkgsDPN0Bk2r<&*S32yG z{Z?yG+Wc4KgU%rO!M{S{(#k7yCKY1YD;@J5?c|B4XiK;1^0T9h|XJR-;KW z1!&${JyE#>)TNKy>ENy`_(44<2#2%nmS4iBhBL8*htADzpRk!ucTD1GEfE)DLa^WM zRW{%Zsh%i&tm%)x=A-^oIrArpaGUVHIqdKdSa+I$_4tZ0Rw5u3G$$>nam%Vs=~x!< zBlo?2`d{`9P4EfxcYMbkk@`Q9&N(X2|Bd6>%gb)rShj6@d$MiYShZ}|vTZEeZp%H@ z;%e3J?)&@W{-<-E(>b5}b6al=Q`XEVIvM#vS#P874$9c05OeZ*R|IRJ1M1cv^7qvT4NFDvD0DbmV!OIXu5SL47X~;k-L#|BX<>=5!c4`qO zZ5B>gYKj*dcG>hk;jgWfNjd8{dJXp%6C``0hwn<_w{7%wC5_lrcc#(XiI|t$#mvai zB_#t&gWJ;L3)3!_4r@nbw2joCbM$o|UJR&1Q1n7u;zv~T^$+YJ)YmDg9#}-+EG(8m z)rhW@KDf{|W*pmNKR5wr57Nj4TimER_(4A!imQMaprI^&^3v>eII95 z)(gBIRB87Q-}FOjNAI4S{4Cl_fzOEswk%o7Qhf<4O%)vmni`dX9q9z29QVGs%S(6L z4YZf%GWLrd`*uZKB8K+bcFkvIHX>Xq(n}-&%pg29JIXJ1cbE3Z`#}$HFQ{|$@z8MT z$QD=K4X^EJAK}4(Xs>g|K;&oNQM~fi-XO!{SQ4U8fbaY)ms^t%kD_{N;g&q_sk9hj z@i{&#`vJvgb2U)++%g$C)O3q|h^~rt##f{XWOSEC+;sr!4BVhG zdApYaNtVWRb?a9BuaECeB!1y^$FLfqqjVNl0MN-K%Z}WR`_7gsS|z%p$;OJOVG!@O zRMs7ZiM1RJVzJ9QvE`Q+iN%Q+hWilh5W2O%1f>gX9>9i5!^YCl5?4i~5uG`xDafNq zT+hXAF9GLEq8_i6wzaS`M-)-fzK_kX6E|p(qjDpo@jrG4rKuk`92gJ4bTlC`YI#9C z!osGb2xv1<3;l~VrGbyRfBK_kuyqCG^SMtET$9t$c*)0%X8H|cdX$&sZ9df)E^CNy za>yY7PM?l69%g1C?lJ{$H$ZPo8je<(zBK?6zUX+o)5Lg9v3o=C(R` zm^z7-iCV%yTz0v=^*6{Nf!#- zYuI6fV>K1+=uY-3!kv{p`03emV4Xr~4oJXx z1}|ZgJHdyEuR0a*bA%#h}}rr9uG*{0V_!MhIAXRGVWaJ7K|r3 z4|kC28jw(Rg5b=2amNPugV6mzi3-|SoqziA?Yjm{i(Wqtlc_n1dURABY*q*$7FaJ~ z_bx zU)L)cORS#AOHfFbo`Q3Zgbn!r>S?Nb!EBJ-CUPGfd>pzaf;HMQip=11r&A zdJ%IAwz6kcVw|cRg7|hh3$?I{PqDJMewZ}dqy&lg>C76*3Zj+2?nGyLNc!r)Mm8BG zOp;WLP=m$|1#xoOj0Gi&Mk;Mfn$%B^NI%m!d60nkZ$6h97KcPuc=%c04D)JXb*Mew?p6#isARUlBqkop-mO z)3aZByDu!7CiW%G{Gw^%MB6bKNAl9U876K8lg|7%C)?lal8|UnS;+8_122+A&heco zZ?W+GoY@_$suYYtvkz**D*p)O!}I|Wu8dnYR4k(BaW1cb>kQHB%U{5fDPHw-Y6Fj! zSa9g0qgbm3ioD)5CdNk<$>o<&xag_|Cgu3ocR8A(oGra z9dy&yOPxQ8b*&Ne$mYDb8aXruw*hI<>jxsQWo6Ls=&FusF7^h(Aqr!#Nh&IG3>S5D zxU+}$C1Zb}P)Eh|P?=>%gArN_O*0WGcWr}%>Y)&)xUdp1;B~dT<>EQ;%IiDY<8|(# z9C_e6%?$x=bpaA1qJyxb^FHmgQqMO-22Vivd_1q09i{y`sM3%<@lA}uS&5+YGK9=& z^%~W>B4+^n;AoHT%wiL9l}@`pH@zF#@H3NAXO`~cHyr5%5S`jIB4tvChHl(V?*6X4 z)uMjUTi=%9Z_~-6;%#U(2%*J=SdgRs_jzar|F(X=p>+ucB30+*;r{leNM^dn4E6G&r3gFdq0&VIE`*@EaB z&+=IMhYQBD(|Fmahn?ow%T?h^7E<6-DYypnr#W@qF15c`&TzAt-@xc{x@6Ug)^>QU zz}`Q=={VZ9t(6Ud->!`v&#h)gZ_knUe+GU6g7U3Fx`-tAuQKatVpnTrP)vLftovY7 zEJfC+DA_{RY^I!pNY?IOS%rq#enB5~P~(G=orAjSo~@~`9oym02@ay3kFHiP(#{koclB=Ps%hLj5Is?2p>9&DYKFXBd74p%zqAHU3M9 zgXDciEvT!})|{*VD$rMt0lnZ`?RO!b=dNy*mZ$y|?tC|*l=u4?*}GOxh|T}@5U_FY z#@fD%NfdCeTqJN{^39r}zYjBpjKkY&QL$j*bIOZ9KY(X?KqmuGlk^Ty5;C@R#u$U!; zOf2Z6;1@A5yTo3+=iZtr5^3*1BZL;84?GFfrd5{R@*uE|=K8+QOc%}T3T^QTPE4|X z*rc!}xA4bIja1}$qj_J%SGfvwnItnh2?7OmDvIQ=#OchYVAAY4<9bUrbwkLCYi60z zUz$JI$Lon3jDlZPD@F>sW&nZfIs>F`P`}{T^FDJjWO3>>{$CiD93>>@)m>x!L9p8Z z*9XEhD;UoGd$OCca=9DI@Z-o?-OY#Ep`<)N!vp{vSIlHyJ^|8I3F8HHE?f?VeXJ&MTGA_-zciJ23 zffk=Xw4k~p@%L~i%2E4Yvn6c?-`nbQ4ZdCeNT~^P^8FO8WGL!oJdA?=W zb!P-ug875oh}+O#jE#IHnB4S#Uief5GA(ZVj}ou5d>U8E_#=885*C=e_>YXOH1fPB z>r}oyES&j_@lr!+tupFWEQ&W@U7N$YPbWxvK2!MV)z$(O_VzZsqP!cO)A?^0Xt?G2 z^!lp>%LwtkrzNUR_g|;@nr^wp7KbTuQYA7_pFaq4>HsU2eR1UDVv%ay3I6+bnWN+X zhy|ia-<;EbD6zV*Lm;{hYW0KLXs1vkmy{es#Zlu zogmm4`CjZ^0;8+hNJgeoX~dRAt%3LQF2XwW}Su ziU``!AyHYa6)JpCVuAX0AY*l<5XE1(OWvlb@>VF(BQGuzd+TQ^7!DC{N%P`S<{!tF zmr3ZlEQiS7DQ{8nlkZD(qxQNjtyl%!`4C5-U3V(xNo+$PaO+@&-AF)}W1supZ~H(s z1J$MrIW2-VsZQS#JPr{1UxMUz_9y0R~l$l@~s4gpnHEI&7PPtjG7MoaSBs#^eTd_1_|8fe_ zs`zQJ_b5b1SshxxA>^D`)h9ySN1Gp-UD8h*OiFx^)Oll5=|3QdwC89~+Yo&0B`BIU zS?wNb9Sp_wS)1O4rJ^K=^EWO#ob$L>o}PxKVoJOtck{rS8VA*ieR?Vo*0zqn^OAA)yfMnp`ob--hu-zLJ~5ibA;& z<5vrv)ieqLOK9Gn&*VL)*J55NfEh$WB!_lCy6wO^NIz6C$NQNk3$K*gz7!ml+CGxs zcv?>t2OLd$e`;>IhKM{!F+o7%SZ19i(kC3AGXCu0#?{$B$LGdrr*!kcXYvqv^$Qx= z^EAk7(`Jshix?H6&GAbpDZj=0gF!0T5ZwDZ!oGbMXXb(%ff~#?@Ea~E;1jkT9%#W_ zn$Lr_n#}*w6vFZALyuXzY8rb*2B13_2ZxJ@S`PQNPvzpNGsJEq*iTHtn^nM8=7j%| z2eVsnh2V&Ar=ttf3}>*Wig$L(_hNA3Y6vGMLZSOpLM`dSHh^UouQ^TYjt&3r|IK2A zSDn%O#V6^o2<*GC zvWYDt0_^ww45+_RkSP8WNdutztqDfp=5;~`yxy60{k_NH;rorM+(YE^p*w{rZyeH| zDUkOLJWFx#?TNbJB+#3A?j{6#D&D<6CMJ{-*eb+{%Sn0~RbGD5##2aId7Mbl|0|S( z3r4Fr(cQ85%-fQvpYK^5&iRzIy>#YVf5Pq}D(YE2p=vN2RdlYtdEh6>LP_-X&0$K~ zP9zK%*{M0zESL4G7Eb!&Rj&-zNSEc7$-{I^71km$O8vg$MsM2>Ub zdW5>GV$=<4wwya(6eUKQfQ;+g|bz35u^t;9X|3SH$1Lml!Xru z5yxJvQxK_8Q=|onLEnxq2=VRg-fXi@pqlu!{(7Frdd{5Aa@3#MvO=<)UzZv#2Ma$O z4}Vcs6QX!tHgQp3v0YaMQS_K%afP9MegGkplnQ9t2_cBEK_8CKW$W+94u;L1>r2#S zFuO4zf9!X9iBy2$IxR(tb<{Lk6SD3h&Sb7WauU-v$V_rS_W(M=QHq zd7Wurz5DJgoV{u)|lC;bXWW<@$to4dYj@=R*oh`uO5{8F|&jfqV60!L++;u=f${_yaNqcJIW3c^@cJ?2}#^^=CN<2PKf^aAu-A zcO4Sdd7pFN3XUKvobtGWzwp`(f3DtfT?+{ zE%O$b{at=*xkmcDh{jt3HRK|3NE)=GSN54g`MJd$6jnBm2GyqU4;cw!7=kG^ELCsC zPu2w^3SZ{he=4x55fZc^?T5aqrgw0srvFXk16m>&4>U|d7JWsx+!=lNcHZmAfbRz!kI_eg+!>%cd3ToEA^>9O%CHP_J-$Nvt^&-Bf#c@mWZtd z;Y*t9Jb1#Dew8@c#xHC-59RP1@9M(izS~+*OmKSK|5EEL#c5;Evom+rnn{soI{0K3R+f*V z32LddOx)}UyZlb_G=Kvd3+d}ar4rqR!X-jnQBwMX^v&Yx&rEzlvec* z6fV7sjo5-S6^+zlI9e6sV=%FO0Ag7$+}kr*)^w8+Mihw)ii*NS6P>kYhF+cgqna*{ zTdC$;tRZ+kA!uMcpXTgKZFKouVjasq8OS#mJN?oenH-5P-2IKTmE_?)LE*Wuc@pmW zJ!GZ7k(91n28MrkZVUI!I%mGQ9rjA-e$6X~ngUq;&}17OSPS%gEK2)*jy&ObKRbGF zoiOiJ>)#7l!k)`eB#jOvBoB@}Nrw+TCJb{e39ZRF}@qI*iV~&kn`wvWgM|71!tYW8IlE>G!B%F zwIZ4ZPT&FH(%s7XNjF@y*r)ZOioF_3qTGop)NPO(D0t!_p*Ja@pNKs3l8{p6$0JDA zIYZ@7j$d^{zQ3%BN6a`A0 z*fb%(=Rc?&U+74k!l?$7q7Qw zhnC=KH^}8Z-pzgY?1p|h8mn2}7I-8z)XD;WUo5OU%KPa(uLvBV6eaY5kEje9{s^h- zc$4^XPdvu+j9C6Lc_Yp7%sFH64S~O!0iIX#5{FKuhB(gI$XV~msrEjGC{`$h!q7)K)p$A=Y|kWDzMOo9LuVEK!^)!5e0ppt3_obnHt#2^}NF zdYmG%nQ0V(FgW#2{WCEu;rE|MnykmH<%)yZMOOM*IMkd+!%+wTdgtt@SgB+|FnT*| zbg3!B+&l>OCDV$yIPuaGzZ~IC9~P~>po^lI?)Ny^<8(`#x4Mv1?YCzCs0P8^PuW4c6D!k-Qq( zbT4@@WnLRSk%0fYpqy^{oQ=$rorqOV=M?TBpw3e!pP(j~nTJ@(@0Cw9V2WnvQu)skeg z?3VsDI^qqxz##o3*8<(y6b8!5O@_zq&AciL-1ud>4-2vBW`$HORxt8lZ(53rM97;~ zX65tHOTJY%R%CpiAWi*o6N%|a)FySD;nY(1=x1a%_ZRM?3V3tX)+skww@iO?4g~XC z4AXIj5ItS~_>P0V)2wd;4d`s^59D+LbgR7 zEYUIaMB*qtCahHZr3GOUqkcfnbTr&9 zgP$#~an+UAHrL&MAd&oV%x?Lqhqx2GztvwsoR)Cg_pUwxeI^Uj27MmHI(_<=Is>FT z?oh4EL5X$h!ls%sWfeFYX#CT%U3IrLPA5dDs8@8OoiiB-*uiA`e3F!KM)0z+TiZC@ zN^}8Du@mbR^v$rrH$p0!agecR&W!TIR@NcnIJQvmqBJrGjiD4`8YVd!2Bqlk>D-k;lU7J#L>)2cf6i12U`ad?K7Gn@ z;l*jSKmw&FADvoI=sOqV*G_i4bclZRn!<=ZXB%3hDCmtF_A3V)FuFRc#r(Y5y4-e# z>b=kfro0cZ4;~zN!Ku6Nc2)g!XUa|j%6x{gzC8BMVegFu;#$d9Z;xMy=xlEE&fb{! zry)>{7WS`EH{>PCf^~rrc$tJ1_}d5d`V>#~Pq;OwubRP(=D8?v9kxawV^XlQOZURN ztfl~ab9Fxd+r!GDWGYW5Qvv!%5glvQ`miFQ!rxY|f_R%w$fNk!OIDj_k@nG)*`2EG zn!1rUmzU%n*vo%a9T5!Rb7Agq*8?FEcMv7=xg5zFbfbs7l7fDeH@mu6Vcd%hNEHIR z*3%GRU8H6B^EpxODR_3wOiD`wqQ{2@&xPgi!j{=`P++w#hUq_iy2WaOq*}vCL4eZv z`iFcBYh47sQ^%~)bzFJt^^2KnEL2#IHLjOv1>vW=kW2+;Ci(^>LhaZ4gb3}c`XVfY z6TSbAZI2YKb{BX&|BINY`+;DzbeVM7LEzx7+SdI;YZGx5c(rPY;UIVVY>g`Z9GL&{ zrycegRGNps$Q?vRW!fL#5}E=|5d%2IyGd9BKNH9Rmr=~u+k2`_EqJk8*I7g!T0aDp zm7os@7l<02ZBb3}kx2e3XS8SputOJYu#m`ikPOWspLrZ~%~XqT$>q)jb@KQtV3(>N z91t)Sg5r1iOl;!%%4^FNMAab?KYVcYxGA&z@#JY#Rt|ff0jfr8;=c&e1CfJ5PzoaC z@FztGZRdmXOaE2&BW%USDV2(4{{StE0-nDC%{sc8@0<3Yy7TA}?ph8~PcCtWMHi1C zHM1V{5<5N)LJn2`iX?Tl%u|KlgCh4Lt}#vej&`-+*P_D;iqAxN*Y3G79fShuYxo%)O{iR3q*L2USHTGy4G}02*QmcO?TOPMvsb zS0ut&7FHp6wzDK|o`^;w9oUq-IZq_3>hhV!Q8|19olwLgnbyKPU-DZJY^1kMIXb`C z@kd2V5mdMRV)i0~L2mz+!lB;}I>wV&t(r3Fix8D=JYrmR(|qa@=4}@8!GaM9m|QA#^|HTZND;6Ws!WM!- zT!V%IlaXIKe9&ZQvvfieuk>H3r@Y%m=!73g_@h0x+GA~$75+bKj{Jq=(c|}eD@#Tu z$JsaC>7o zLY;@6#>Uo{jfNdYWeX&+ww$Py?;_@MlT+tdfK!4HdiY);U}_8V;MLYhtswP>^nG>p09TQ2%+B zhRKn0Y?vlnm)sUJFH)crO`{5-Gd07;klHjC9qw!})nL3M+B}KzTjO2c=@9;S$dQa7 zrityONCp*@8PBR62}~o$Ir)`*<5{CFsjQ{VD#tOD{%M!k@Y*fHZBo)9#_8|>c6i`9 zl-n+){N5?KOh^UY>vA(P_DZ|RzxXcHX2DloU*4!f{op@+I6%=em9l5bpa#+?$4Op&d-=iDfP+Ut!v(7 zo(s0OSUj?IniS>{?eV{U=g>2!RXFv5iT-gFf@(T;L$GI4po&g3ridPv!W`Mvn~xUl zzO16XK!L=naz1I%v~ps~jpqg@7o!}JjI1SgHNuwDAbG1sQ6!G6TNM~wO4E?r`e9N< zA&xruqv)CF$_KtXyz!CrXd5vj<v(&Pr`l}lViQ9JW4*hcwWG=E z-JNFIR?E0Mw$OnIAnE)7$rlH`T<=Bgdy>AYi=OLq57l$|Lz3~)T{Z%=@uh%F;OJaZ z;3U?oYwtVO;|6~kAxO^JJ0(1jQv*i^vfU<^BIDXpyY*_3tN$Za=_UcFnxm`yvMi_J zNpLkKBv6be*DY{hJeVvgr?6HY`fd5``;O!qrX@5dUq1GnD5A}xE2Fw^E&3IC2$EIg zmdP4gCK8iM=E;rx5FerKFI|_J=O~+}lJdL{tkYDVS5wwsp_=;fa;6G5tRcJL)?_#?z*L z{&k)?VJ!W{ANBVmwK;vgd>|73%^E=BJBtNT9egn6uP<13f7hE%41M$x0I$R8#O zu1eRQbUr9^CzclRq=pRd&0_tE47}vE!3glr>-M}~;}>`Y>TWJX*$h{tESpg~U8da3 z`b3iWF#TQzumI+P{G^;^sOBL$Jo@yqvMJ^pKGt={xGm(+G`Q}pcZ=K@R=jW*POr>X z!>H-E66PO-qlzwSRbQqvKclhdq@1lJ%p3cfk6=xURqSR<5AsuW3%6fJ=T9^h{R0`! zt`e8S(){UWTR3rJZI8JJWHOY+)eYKh>ZM%9<-ej^Y}MY3W1J@7X@|;+y!wO212gw#<06*}sq3~dW12mS6nBE=` zqQk#+L|;F(5maX@R<$#P?;5(Ha<0Ud#AEAp@$9pQj^Z=e+n|0~Bek602v|PH%bELQ z(V7S7?1x*+?-w(?mRa%oa3ihjeaXq7(|ppO%X?S{bHq>`TUeE>&fB}qnXW1R-#>`Y zH6)PygnI{1vEE&N7XVk^BnRToZ?q~WA^&D39`>Knn7`KeujvxteNS|Y(uxtE|N8k- zL926MEuW9V>Q^&~@tMcpd7E2OGAI_6Ae1{YP4v))HBxconq__?3lkkzUA>e{6l5*) z=)?l70^+@S%eY`=j#XA-i{>%f#2_|?M)6!+GbqOg2d-F#oT#rK^(?lq%b~d`iblNS zHHuOTcaHt7&CNbNc_KV2p1yIc6hMJ1Y#JtHGhWTu#hnWM%Hsuh?tklXqpEyI|J^oS+s|*zIiWT_ z5JOISUzljMv*v%VuD|>W>J<1gwdaU3Sc9=A3G@x*ZTgUs^f-{XNZ_f@%CZI%e4f(O zRmYQ!@Nq2EqiYV*V&KU{hCr4`XP|ZN;@Te%7m`k{CIf4e?J<@%g?v6vQh*No#)Sf` zE^{|2ai)Nm{##y(glq`~>9!?%T0$LCREm{FIUs;BB3Uw}rjph%MxR@3cG`$xN(Sl1 zTNsic3Gow0n#}0 zt_z@T@Hi=zsa?p`a|>`9ai1S<*Y20umf*68$nGu4Vc82o%R1n= zZ~)}t{XT<}*;%BbAo48yk(ylgW7Q!cZloY(ABQ&9B7I^|n_z6*Ni{Od)B! zSk!>UDGRwQrJbl14>rr%YIV)#{8-x&$o1uiegxP!^*gnEAUu%SX%sPiI9|ziZ zCsX|RUC_nzz|7|=SUd(#T^l3<9%niG5rl}zfB$p4nVn* zJ?UA&(s+;O8Zg!uZ|#?NQ{@nv1{6zhg;i!vdv#3n;uNPnakD>~S?%fA_1A^XsC$#P zZ`rXvg>yUOsTQFd(@s9tAb=YYh6;OhHEn$wY~4Xj$0N5m?`f5~uMknRr8qKiK> z`Zpx^VkrJ;x<*)04wBKbwvgJDb{gd8hs)6r08V~*c~;YjY7FpMxwmuot9$Cx5ngVCoCZ>OJAk~Ln5IZ=YK+I|x3 zYT;$tsJc}T_G7~gZS?+*6Qd6Lml;OJYf_A}@^!1Bi%yRvY8QJYMLA_Ga&9_ShR1L- zo7X|U7-q1f&I?`el4p!9BwG%>8SUa553i)*GQpo~*#^JzBr4oB^nFLQ6IMPvEJW{> zi`7kS_?l49d@%g?7oKVcW$RU){!a{!tGLHVe#M{iO{8>%UHkvMe!kOR09FIVH^il{ z<7<^_8Aa8PkDxU=;+!dzs=ZG2NC%KQn}t_o`$u+Wgf0AHT&S zlCVO{2Z~(qdBQuqcLNNoif=U&FxUlB!z_;|szg&j>MNzJ>~~$n(lN`@e!8Hi@5^{o`UYJ_^_B_}gb7fa;p$dDyGu}H&HD9ZO! z2ofjltf9?eb2BqtJH52$RBobSLLdO)-8ngTdu`fp_G4U`X8D+!i*kpE zK0+a}^OHCG2>t7oSkEA?p=-q9Q*yP>Sz7X8a1XZW4l87KV0K$w{A{w380wUF>QHGF z)o}!6MI2W!G9uC*F5~k_0G`H{=%VQmk_&?dtQmPfh5xIdhOe^)Qx_X&Yb6mPk-5k| zVrkt&4=vOON5Ss^GLqvvpD6V{Ep+j(^goQ7p%AgF%pw`bt?Ee`5+l$$F~ZY=X_YcL zh{^M2bB_bpbg#$DSf2d_l6gQGdo8BP^)4(vtw6T(-e^2~sISe6b5vL`F$@C9h#P?f9#1(JA3&TE*nHl8uz!68z))cu z4!v81o4~JH$fkkd`V{aeFCLmfiTqmQ?%Mtbj+&RkYE6<~x%oJxb+Mfzgq?i-8v}7s zH^=D4v$u3-3I!znaxgb7?PTEc6TgV$pW@jkWQm=}O3Qas5u>nMszh2q%_82zX#1n5 zwMg`t!G46RO_a?Wy8c2}*5ht}_UF6ltWbe`#T>TkN<<-7%oFs_Sj5Vlds`#@LKqO# zK;%LPW~MbA6`qkPltAVa<8RlMBW3b+E4XLY5)jsl`L8qFyS8LeN-iX6d`iyjnMpg( zs2>eUZ7kfN$`m*1X(n`dQ-l+U!tJ=_N!UuiJG@4m5QnFACjqB7B5?h#h7NE~{G4is zF~Dxq2*Tde6hhvnunyfI*voDk{L%5a?!pH^fCXF;no@Is$M^i$mYA$N;*QJ&znMMA zM7vmB3fo4a){JZ7oonK`9cF)E9)L)n^t~e)9+;Up17h{o?fMj7;ll<_intFYt>ntg zj38y8*~vx`jv!~gfSI@=Q;r74rtd!9@8mp96y;2pN%cr+1YzGKw50h5?|HX8Z<&w1fvFk-i7o1NUajq;47?}V znb@p?EYo3XswO@bMt>xt0&Zx`x!_j3xwoK3+SMZ75&Qi$k2S;aLZVv)B?b z6fa@cQ?{p7HnKQKt1h(g9+wCc_8yqmLI#q*0yj_=01xgKVYkuqkM3X@7 zw)X@E`kVygb?`6$HGkT9KkQ9W@pn-K5(QO6k;X_Kbc~UFsTonEXxw9St(4^&2g#@f zX(rQ`?Sih#3BC{OpH6kW3^ZZvi7u&sV;&K;5vdxd$}AWHI<}$2b=l3NZHoTI5BPZv z(3Hob+b^`w^F>F$?ep`0$swB$Y~{%2KqN96=VWk5&bI8*H`4eH-1RSAioOka!ucty zU6fV)bT!AMvF$BA$6o3DTXAPDRhjVn)DLGv%}Cn9n)BdC4L{CZS_fj#x=?ysp1q4$ zmZtbv%t#UQgho@v=RF+!?{9NNA7; z@w-O=mIYp2qRu%_zD#G_IR)Lq(ak_O-7?>5H`3;qU3;_F3M2oA_i*foo!TJ zR_HrG#PiZ;CuT4Ljb=vJ^NOtJhQAl<{m)LXe~&;jxq`G4m>xTR+%>(g-oA$%dHwLh zkD>+vFLy%k-6r3MpgrQQEgrUGR<>M;0QD$pjJNj2QPj1$-g;8qiLdoxh2QAH1 z^34?Am-FCR-5T#$Bs?_<{WX%OnfC$#t#e!490FgL(H5^g6DiWfLKY@POVV-M96!^r zu=nz#=n-U!>gG}r#5{kpjDgEKf?w-QwdAD>KAM)_#13s?ctb_T>M^w69C?l=mYHJt zBvI9ml=6+u8fF!~RWhqHIa4SQ+zUhi5yLtZChUD8%>Q(MRKKiOv8%JH|esnP4% zEs#OO@w?49SbQJW{`bhse?=LAbIt9+c%W==Jm5xCx^eiI?nVfh1p=nK7cO>wyV2ex zw(~U_0PB)KFZ|o)!;H7uES~+ySAsh?g4cokQ({{?FIzit00hq~Ju54w=lyI^NdzJR zQfZLqv`cQt&cCT0P7eK^%jX`n8SmvrzM}~n1Fzqyp7)J;aok;dA0A_RACXD%082Kp zUpBoF1b;!Wr^!t+SpSVp8#zK5KOHj$0`7C?jI@Sdp!=x5qqkB9tEPjxSTldm&-*%w z0bopfI-=`sBr z;}KxPddAc1JmCuHD6NK9S+U)4Br0D`-%!kw&FF`KLASM^Ev!QqOwskT<`+EGqa2mH z#if1|7YdZ8rLzf`7fd1I&i@?6Zc5Q;Eeu~&7^`A;mlqGq8awCNjB&YRVPeR4;b^U16lalfkp-L_w?FfHa=02&F&$(nv!iNW~ zuq5R_%SE}bG%4&s%es}&W)+?h9zkC8KC>fcx@Uda>z7e+FF6fA$G$ZPS9I9<9Ii}1 zNJC%MCQ3;5$;H=MP%fjh{}XZfET_wCik*K0HWI1CI70LbT-Q7Z3GO4)9dvhUa1tsIZ-sCPVb z+s!n;)3UC`o_^17{W_PU>B9%yo~y8Tvhx){^FxHVa(JEUjhZ&r)B8Wd*?EGAj3V1@ zS+@;9R>y?EqwRx8pYdus!F-oP!0GGn&Kd;mba_!=mdT6zXGZ&UI$Q8JF3JXINpo`=jWe00CUAJ=#nc<9qh2u|Fgdl<` z!VLW4=MQcYi$1p6Am%!D`L=*IkE<5Iy(VtCJl1d=`hENF{XFOq?co9%C~i(;q;QWN zBG6n%#h9v3BTZo`ixKWX@-9YSgf|2GMlu82ZM{vwpwwX?{_D@l(DvFk4=nBV2Cz&y zf;|A%^YC-+&w0}vBmnEV&pYF#bi38LeaHN7+2KVCyKk-82KT?)-jC+b3SnYzk1G5a zA{=S_RAM{;AQ=H0g=cv1nt&xZ>`MfdXGz$wCXd(J^`Of*wkz3Li-+6@3kEOd@h^ z^JBM!-dT|o^MrolY-f4SmbyJOgWvR*mqgpmUaU_lK^cdwFq%ns4g;)l04m@_cAV;0 zqn5K+U`4=$0@>orcX)fWGnMS?Kor!)yNQ?I@`ejPTu54=8M8IGf&}8({V1F~-8i_w zhz+>D?8w$K?xT8}p>HQ6pthZO3}$yhU_i<#)5)=>Zzj7HdWNqpQ222jvFk3L>W6I* zkBm5JJE}{|`zHaDt@H-A=FC@58CV3V>z^3|bjNJ>qJ39F%$u7V&&NU1?SC%-qK!E3 zX|b%~sOy0ElINlym|pwt@E7MCFf)Ij-<|B4(L;yQ{rFsw^tDazz0KT%wxQd{!=t16 zuC7?Xy-ST611A3+<#y!%PHT0#XkPIibpzlXm}sk?N3xhVVx-S=xGO@{I?tJoTwHw7 zWw>2o8QH9CaCsl_TA9Kyns@3IJv1q%p-eO#6%932O2{E0N@$~c0*DypR+Jxm%I`Fy zQ|cA&1!3&t^t5E3nT5@=N zVp2c-Dh@8Pnx7Ox<6juFW@xO5JyL4!ERkie-tZc*^O3jr(E2c{wZnEiB1IM(g^qAj zs4Qr<6CI@?_4`!U*d$B7tqJp9N&-IxDG48DbMe*1{%4_nafV1gAP{&sJO(d zb8BOo7g4r=9dZuv$u^3yN^uU-o#q54t{aPaudO(}d+zjmKNm)L17QmCq3;P3#`Qwb z1al|jlMjGMd&~k%l<3hk0MrdeX6|!aF^up4-o+#M@)dm83i#H`L5|#Oluhrm>PLXn z7t9jycjBFpoA8c0%Q1<1f7LYS_!$0og@*s-?Y-N+Q1W+5f9_wFG$W}GhDRrxL8%AC zN6u*izjq?CJ%8E+fypmV&Zi0LH@bg*Gja8prL4Ef16^C3WGk(~OTJtch|6< zOJ4eZDi9acZi3R3rvY0zxV!lms@HQ*$@fk7=5glDnJABs58oGT?T+wY7gfLe%_Ztj z_Lb3+;n@{eE9F(jO>u)d7w#*U zW`8B^;RBk^viFI9Ve@Xt;stE}6PAQbo$wzcshWqNH7i%!ehj1aI5VlGk8ASmDBsWu z?Z!-DfiJ%Z3yjiGrcGMOAtQ%zc(Dg_jjI@%xt`fQ$AuzrKb!^MGQ+H*2A1S1!U@Tk z0)zi*umf_xhLJb!4{6E7M<_;5)!PltR0XMnT`OXVPb*eT$zbfrrcm0ZOsXRM@BjEq={ov8Km4zySVX?C%VSnLW_c+Mz z$av}Gu;Q%|H~i_-k=hjp_fv`#q6|90bBL0an|tM7H%SLc1R5#W*W-E^_h4DyA#NiS z0nK|hWZ9LadQ=q~*63+It%gth_dAMvWBZ<~>%z{#ricGw)8!h#aHGxu`B2tnP0y3{ zJL)qCxe)le-~;n`9pHPcq=R<4PI#13G!wr_VDkd(o_H=X(Q4@QGjz$HTrX%Uyt-v{ z7NSSp%5go=5DFr+8AS^4XD@_A)$5LAKhMol*i7LpBfJkD&G_|$P6r~kp2IpG%I}RL z`rWGFxO9C1u@PM0jJ8K#NiCJ!j{^+pbQcl5nf| zw9AcWTx3ohG12s41D-gao(jzp)E47yx6@+%X>k43vb7%U1f|9y6;t#ioJ*P2KT66i z(8#)#S`O>{Kq^8(pA-7tg9z<;0$B6}=8X`SL&NRBGYQZ-cOEicD=9I~T6|n1 zQe&QW-Bvf7{Sp3JiMC=K;3qBqD`UpjyqE(@gO3n^NzP@0?+VcTXyoFb&KfJ7Q&LyhF+hABlv&>WiE74S$9=BdQf9~g}JIk13gKXE+u zyyFvGN0@FBfbiLTvT=R4RkUVv6Qs7e>TpSDFuO#-kU594FW=tm4gw2e|LPP0j5H=m zmfQpQk_!M*AVPQVg8p?5MjwDm)2<6po_8SObAi`Qz8-73P(<)|kf!+GcL+rcz z^;$o^LDZ)|hhHARVxGiy?U>+y2g3>QLI+}tfZlA@U48MEx!;}nWk0KL4c|VXkq!5s z?kK&I2U5pf!|$zM)>Yl7O&c-E$+#H~1B77J&%9?vnnXqENN^Z-TXowfuxoc_)pvMR z@xD4JnEuQb#W`ac%R{Hk##Y(n6>GKcy}P;_elGtbB#aow{0(8wR-Tf2fQ00glDL04 zI^S(H*qTclhC-7vqj~2kOEmcs%UntQ`Q_*FOOylYOPsp==h?Z4xcB1b)##XrYE${- z_xPEUI4$J-Uw(3CKB;#qf3QWGo@dKM@@)O3&8>%QKI}Qq!^PoOFW{(_!ivu%OZpKR zV;^m*clUBIRa{{dpEK4)KLxth8pxL>m8xXV2ZqBj5d=VraUY$rP!&LP_#lfS{2?zt zA<7mJ?k=|z3^j080V~-A)R;>??0TK_05CZ?mkzc2EdRN`?c>i^70+8Rbo7~L*OlIU z1C9yU4V+R`JitHGwJy&8A~@;K@Ep{~lXyGyhVXFy{@S_2{oCUU6&;#7 zJ^lp#_DT%QY>4zM9lX)JZ~L;oz>sx3)WYb@^v_mCqdR;kgjH~`pyR_F*Edx%asHwp z>~6=G+G%@P6?kr`xF`G(fzeqqS^6Up@h@OL;C9Q1#eISq!o;!w!#zZxWl z$}61qDe+D6Ay~N~=KrfxVqamQ=gHDL7f*1Oo=2nh5h6q&pv*(PF*o=ZGoc!3&nU^F zlp}eEfnF`*v1zBV7mAX~e!uY(ezC@^MZHVOfGY1BXVqYYqPWm$cSMMu1ghC&${&Er z1xyGS-BtInmGFd-|5-Q?!9@IY(rD_U-oC?^3Iao2clOAQw(SbfsZ6c z^N@WiKXm?a-}(M}?0O1z^AEQM?=BS;6(3{i|2nP(vUCC{SO>4y z1?Pc`(ra_wYCWzZcFwM4x}0z7z_s(hZJs!tbLh z906Ii8?CFSEnP;Z;NWp-Y)wK#-L%792KTQ7X;8nU<*ci!tFD8M408P7)kkX3h#qt~ zIK`%dQ4y!@^QtDVead{(P`~5KTYLQ*iTgu4$WNM3i}a(Fg-DHLA^8NG;<{LQR!iHt z;W50;U$Hy47VXMo#rcP3z6$*cO5hg;i@pifq1K<+q z0H7fX{08tJ+5`30HjqJKya5FR3)1L+O30Uy22ntPfr9S$(Cd)>yb2E%eFx`hd30c5 z7A)Ij## zhc)fsD9jkQET?Vi4HJSKRL|;~^n~u{dFdQBq%_274-ziE9wBKI`#*CcSQ7ZVbW(&} z-+7Q1?uqBL$-cuOL~zKpiJ!P&#q46NLK=&Cqy^+~v&-sLmBLriB_IWrede!xzEOeD z38KO}=UJ9Bn=5c-v`iZCq4H~YeENA5xC){w;xf()2`OnRA_+udMj{x4&<@ER7FwWK z!#jWz`)6lbYkYEDx6Ftbjq&$vp36j;P@97n7mDihT4VC=V*_!_)`>$v`Q7NF3DD=` z5zKPkgZj|!6_x#XrQ+>kd4vnxGD*tVA_&ZOnLgULo<4rJu@?O9j- zc;@@)`^775rLXTnm@mSF`vB*!PH=;I2e{@~w+z%Dd2|=Rm8~)M0P#ScB$LDUwFva^ zEbtSSTAfi-pM#AZik#v&Ae=IHUtaRhd{rEm=Fo}ZZ%#QTF+QlTOZ4HSU1MlB{1%Wo z!)9soyDTjXgCvmG4dDXNnp;P_WqOf<^*k0p4SD?DdqrM?kUfE1JZz_6rzOmF^C!z{ z2`&! zNEN4iY!5hVZp`<5X*ilOVcGDS+pSAYLVom7F}q9c-bD4wOw zxL?u)g^S0WToJ1ZqwlN%WqQ)0ei!Af!Qp#ca5Q8?EH(&hQJL2K`)8hy6erK?B$ilg z7F8nRG$N(4*OxW;^qerdFkiHCCERL1#;70j%cM!Xa0g~ynp#o`8Vc*rfdC@n_FIV8 zdi=f_}+&JgB0Y*lodx8D3aSnrtymNMB+!URz6_hA7YlH`1 zRB*4D*I3Zvo&Y@H!Rw?esg1~g+`as<>QN#61j^PjJ#THhBBNjxDH)$!Y^8V1_SU`< zarq>k?tmQi?^DxmfkfHpPzRQt_L)22I7uu$ z)%a}BdnMR4jonEziNF2=if2RNUvVU&>vWZ+fn_6%(HuyuSyc>YX^YI6W%s=g0t`|@ z+|Idia|4D`F*ep>|7;jbB{1vhLXQlU^Ylsv&;Ih=Rx;rozhne;(nAkA8*BaIkkA!0 zkGoqQnw{$;wAoOlsWUeW&?q#@v+aSX5@PRH@_9svN&Wx>)THTP9_C|~^=O&X^mCuE zOok2c^=2pnb=27;`Jm@Ipy#@RP;4awlf4~q2tMebS>KWqtiIo{t)R`hE)~i+OF*M-f^ICJBKWnU-75$YpPqH1$rbIV91 z8}wygbg7R<6Zp$btdxUXpx}Bi?M%H#@qd<+lr~Gsa-vuUZZ^`9@9#el0Pfi9u+a!BAIu*tPo8!7@A48mVX1bLMF5JWZWm zELo)?+tj>mOw(V}Oo%&>3>Zs@MfChl1=6U-dPI+H9aW<@Y;|T8?3G!EPJ=WL@vNi+ zTctYSMETk<%m3YbiUp{dPsnAhu!F%#vJ{Xc+sdc2nku1}Vx#*%bZIU;XB>%bEz8F+ir%&{sEX?}?t!V(@QA&iEOUtSR;HIoe09fGXb$2uThTcl zFpnHb4wAx`yQU#_M5t#gkM#s@&DV@fZ-3JX02JaQbAD%p6+0E98LQjY2WaedZ;N<2 zv3@&g7I33XC`X5&G-AzVk%Tk(dpq)MKIbuD2aWJbh zh+|H23(Ktvi8$~v;m{9o6XgoONvJ8HIOpDq9a?rlJi}-MqrTyMK>j`<3FeNa) zyZ7T)){o#sEkve7M|Ep>TSnz|I9?6;*>^KQH@*2WI3PLn><5*@15I2nv@;c5(Mv>0 zUQffZm-QD+Lro0H=^wXzwa6|Ngk9vfe!b(r`Ze+a!p7F-G)v4r*RJw&?Rjw-jlkQA zKY<5B_5|h(ni~?4(@uG-{9c8*r{ec~{0lO|7DhfY&_rR_yRS#8xG*iIOaGnTX=`v| zDPTYAR19bWZ4p=v+R?n*+B(fxWv>7qJWBg`kokcqnC>&IcPe)9Bz=%oj{simpY7ET zX?gFX>p<~OulavwQ_6AaU=7CEeq-j7fYWOi7b(oTi??r3T= zCP0D1gekepammbwZP55=^gEA&m}MqP`

2$Bn9lFBkQ{_;2%bD!fj(N2PrpcY5~pvw z)0F08aD6H#JxNHc?KDGT1LL-cgj_6P#Z_;6q%)7BYScSr=a``%My7E@Tu+U_sXBHw zaIxwSmrib*mgfAVU}b}>#iKVp#&XXT(J1|EfQP;2ENB>PG~nZ}_yC@JTF`ALz7Exg zxHl2?pKf#gmDBCN_L!oU!p9@by_Pa+j}Ws7r8gExgP>yW_nC;6Pv#c|pJ#5yn6c@E zCXT*@GrMEVZi%fmt>3iASV_IoBHH@DT8?>fb1BXjVOiRb2b#*-%DSu?@|QbtHW-BV zlg9f1+a73OUru!_H=PeArvIPQM0`Hy%#*MLo>$P#caF|ue?&w08C!jpOS|7ffyY7! z;4+g?-?Lj0JrL}(MOW+_tbfdCon`0=e$1!t0^f0+^kpbhmj-b(Fl-GR&S<9$;L028 zZ>w>Vj7|wFQbE!p+xnv)5&8{B^{biGuD#MJ6nd!PO({1$4GI%y^=K4sjMT71S717a z@;_x(1l$n3xg|P`G)l_!pyM1dgy5vmBJmtmBrW3HlayY5DG_e*45b;!39Q)fS4) zoH_@j0%+8bn#CF}Yt?RaxqTXL1#O~F0=)3taHjqW=F7nqsg|*08Au6-&%=h8#P}H@ zz9#_B9lrM=o3MlP_J5bnMW+la1}u23GlIQ2qs`ZMmfH$kGoSSf!4D8i;smXUn3@}O z`i}TuNCargechpG+Xo}2AQ`c>dxrj)%gvJSP`EBUuvC@kn0zs~yYn!(rgM^fJ`F0m zOOP3;PoOSo(zN;H6`8kL9ICIAk#$D9yu#^ zdVTZ))MnwM3U$2-v#FY2>h47DWTbzL$Ia~uILr{B$*RuHT|OhG3nP_PG8}{wk5GGd5~re zgQp~kqq1JNcr6pjJ!FBE1{)>a8mFiQ{dQt6={Z3HlC$YY5%qcroI(TXN36PvL28&u}hLn-DCCV;ghrGzcu=!M!H0 z{vkUm9b)ETdZMoN_#VdctHMi*5WlwaX?oJ~K-^Yze{3m(tCw>>%kK|feoM&CBs;%J zja*uX*;?$R(iARK^dR9wtbx#vPrj$kN?l-gZ7A7geb#~u@SNX`fUkvnxd|Xu7YLqq zWo~R=ul@&&Do%QY*&}90as2n5w=@OLI-R06n%&V|W9gQ=IaIU7O#-<>DF`9a=`mO^ z=<1y>B#3`;fcoSU(en1OF$v-Ueq{8SoABU<8czxv>;1RM%rCGE#Ur}R2qLv3<^=yz zy4(x$jZNkc%!54@O(bV~*(F?GC$1u3{;4#P-ouOBgw>49eTj`;Duz$wjQbMr+4#I# z_QTE@gS4J_*{%8)$7Ho|&b~j!tamRn?M3+~5{X0UKY+vem`dAYr`Jvl)V&_2z|oik zDvvfuDO<;(&qYkset{{LE3v^v955v;qT2`x-e`A6zl%lk*SWkT=MiRM_!BMuCy{Cm zl@at22Ggo|U;cHf6;E|l5aug?sJYBJ<@}eSDFm%h7{3ZSxewC^E6oo%`%<|WaB({Ds5B&OZFu%1b zd3d&IGC#Lm?1zh@BjsJL@Y@xzj6VA)IEU!H zL$La#ZkN zB;hsItq1(jcoyUG36gDT`Nxph)wyxRuqHh3vxi)%B1DyM$l}OJ*5*!$4FSF~zD5KC zTe@jqbLjs#;|1M*Zs`&)7&KbsQk(Up8U2oj5_&x&9~~n;XAst^V1mvyp=62ab-KCt zna~+7qG4xa+Dqxui(Tui*+?5mPG4PZV~VrNUPQk!GPEJOR5hX^e+h5 zWNt8gj*GV8SMcG!pS5Nm#DmEU1t1vko$dVF$qT^*YK9NMb|aC>rRu5vPcCJ)1HVv$ zscvNw!qDQ;yGbr_4zJ)6p=?hS9xMP1fpYD#WQ`Irf%HKhfL zTSBw&TXho*dR&59qOk%UtlLzb$&W57bZ8`!r$Yme5y_+EM2tUH^xoUPtpv?bo=$Pn z5tS%mpcz(rjWt`l2f z6H8lQ=4~GC#vgv4nm%lO&~fi_9BI#9?b`*e6Asn;MoW#4PKgX`R5)(+^qwdx;(R=OC|_9l~S<1t}C>|5JOLE4@>O6zv6PKv5`kw)r>m!73G z9(bka#y&%V9R?_Gw`z#VqJmr7#UzVvW_{9 zE!Y^bwAMs(QT}G4J7Zc1(-LOkmx>Ip2wz!of-m<<9fYY-1PyZ6E5c)JU9HWQCR89S zt6Y~-pBxk8SD;nSW_P3Cl2x(LqP*15kS!g6GCy%Ehjdydr~koz3^BmAZrash-aNrQ zSnR%sf9|RWR9{1jgca2bPC;$2^_D#ibjZ8^KTLI=mJtmsplHCt4hs zPqmz?vE~tVw8yk{7LpUM@P|nR6In;G5>NMWu%IhlB73OPOWEF9tx#a;_!pbL`zdDo zokM(m**qotvlUEN7%usA9>&T@#=`pzy2tT&yJ@OejXxUx8Br(&jNbpn@8X3cN zEiMi#t%U^8{~KF7zG2pNge3PdRus&_A}z$uA+V^H*Gs}YF%(x!FT{EMv4p2PA*8@? zFiHEP>NhoK#nX+nD)MG7GDu-RR6X10`jqw}Xn|w^KSs%i15Dk9x8XJq)!{N>FNAR) z2E@0Skkh@5!Vdz1O|CH0gtv~b+rW7RW!-W2(Y{0gvtYoPYiceYUaue0u3gPS3Y^e( z=q|`Ps7%ZvoZsZl9dTfc(ve26gp~;EOq3PmhfNv4SIRPF#tqfQp zITQi^CaDjHlEX|$z%)4FAQGF);R%XQZG zA!KSfcQHt1yLi%3+=N~DFwog73M>pS`tw=?Gkkh%QAmG1W5EsT(jJYg^CFw6Bt5?4 zA`0t#)x=7@-%9{J>S7##8-m@@;L$}z9scD>9X{1g&9FY3{uLf+f^!i*!~l5|3N+{P zp`u=Kz-ZDYb~#M0gT8+NZaL41A{BXB_P7{3L3o&b{u!L zgN0ZYH8#JfR%tgT;cFUQQkb9Nya7fSw9K^$g4e?m6SqU;C))#I_N;dJk-DLz@ll ztD_ES#b#&tDcMQFLu^hfu-?jp-!S22!nNCW&GY`w34*DKwz`rJoNZWWSlALCCTX%! z7f%}LN79E`OhZM&9)8At2GPm&>Ocrpg+3Hz`_4@6S#o(;5vIWgT>GOxw6r&zSn9f* zreYtV7*u6HBrR;o>fuZ4{2F(q3JP*^$@$%V*sqiQ)^CO9)M6;H{~-x8c_QlX9Gr=} zA=#uUq5Q_(#2}6P9=F@hZBs^9ZE*^C7B7$#cB^<|Bh4Eh{1Byk%0Q>Tc@9Xc4B;sazH+ zrm>6N`l-368@Do@ZpPL^l@#Xxu&A_J`{6))9GDLgGP_}DBDp^GB?OHY!ygxn{-`>Z zlLhjY7r?L?4FrR>-1B(JL8gL|impUe`0>b+E*wr+gWS6;glYt7%;9wwj$)-Wi@5c= zM}Y@9@kNZ#+jmn-M0<5(#>zD9cfYbK)w}a84`vM6oP4_r2KwVFQdX~v`Udj5;BQ&s z)No9;@-jSPX5CtjinAJtYelm;E;c$`NjBbr*R3Q&3v}oJs|3iLXZALord@*@J}Vz+ zS2_jye3PuxrmLBmSGf8Ob54zcDd&n6azf7&CczN}bRQ-~@4s&D)OJoUUFa_mA1=dX z{zogtz(%vVz_J`&w-1- zWhqbj7gDdxI$0NyM=2zrGP@1wO?|K$YcWNPj51Y=p^oTzY9pz5Xj%*JYIXAfeOD3D zXus)q#I)PBMynZWS?(}BnyAQy+Eb>&?>pmAfXm4_K2*6r9H#^k(=Usv=ccp-{ z%J}?#=DD281$rcEdmT|)-Ew-x>$bvQJ)W~v!rOa43`%`p9b~&NoXF$#Z2EM=(*?}G z+V3WR+Xk;+Rka>5{00Mxnp6NaW`C@{7l8t`8_Ft8dQJ?lrmL8W-zRR8K`Qlb)`5UmVwOnnStOpGd{Khx{5P5pBF?#G8+mf71gz!f90%$7-e>J>8i1d zX8)HKSE>M4?I!8I*A4s9)h)$@qbRronFjr;Oac>wn@y+JEelS)RH3itbyxZjvaBi-r zGK7R5*QZD<8WB)pICu$q>scHdBk(>=EV1!-k#Ah@Xm5OkalheC#lAydg7Pc98tMvV z>O?t_g>T1ouL(p-(Fl>EFf&zwkai8kOr3&^n{Ai`&1h>epz8fZk{tF|)iC&IlwJfy zKBOxHPrmE0S||GX(0x?gA-OJ-(Bn^L?n3R!seL9uodh_1$}DHY?ovd+7?#}}&`Qty zZ5Iv6)Bj;>2+e+O?m{TH=dGD7U%IUcbcqXJB=GZnBBjdF=$bU~k*{YB(;HMxwS13W zGC#ch7bshI9G>?tN9*tf&czg{@;pQwa=OaiHeg6ftPQPx(H|G;VHimUW6~k{%6c-% zt*9r5ZU03;{XxgpQ(5Q7&>+#wSR&NtNedE~jzh&rDwDC~)bv)CjdZns?qz@{gd0WZ zB4E($){DQix5{D2@6%waEYJH(_dCteQ>T&8G)8IZvqT-Pb3^q3_GbHVN?vusDU%<% z7*1&#hk6in^$IMam->vCmS28xm1ASwWBMfhA$H@$(n{^Rtq%RA!Y7j6&c~j$hl?%T z>=K}Gp&t~4e18kf1Ph*k)OudqdSBWAka0VRya{0|3wC07V7Q&k9PjTQns_ZKen`XO z{^<4!07R+86R&Rg*+T+JW1yQp_@QLryetB%c+IcZd(W6-0&#g!GR*Fzh?cZA(L-W3 z?H7dzZj^YF!}5r*(`XwSi`p>KyhYqc?eB8DPNjn^lscQ<2WMqP`UO1DPOpS!&DLH} ztEe2QEAOb4;Td{nOCt0&kE(*$Sf?95QRAj-W!FBLE)?GIt9nwELSUKN3@bjCj@dGl zq?4-9WEqvbDwLw5Hf4vwy_D>?-D+zV&r_moE@P{;U$j!WZ@I|WpGK4_%>%9_X?qG7 z1R84__|E_mfB_C&{Pm#=UfRI(WuiivCI@+@DIr+DK_2m%P5I`KDU1pmc2iKg)3OAD zvq2+bmhf^L+n4OXlPHUH^-u?-Q2}BqTm|YKa6ZO8STyz50>-fFu1YZtglS)&BnI0` zgtH9ETAC~#8s?2}byR-w;d{mrx3+xck8$~F>%#TJUn2_qyDnYSf`jTp3RC96%AKf` z^ksRDs%_A6M<%JR$onndnS%!NMyE{;Uq8>HdM35{M3<3+fDQE%r`>a9UHYSPVdezk z^jMC@Z$s`=6QhV@sU_JVCq(S}MTn%B<=M_0cKoO_f5N}I(XS;mEdJBb>b6WvgRQg)lA(Q=VkNx;2cu%rvyIHk42hSvGwZd`p$LjA zdXlb|olvwcl6NPTl^!Az|36M~9J(8x?Aj&hAOhSjAz<`=30A;Ilpl<>6o7Kc!Mr^+ zexI4Saa+@fBm&>*(Hqcwhy3LbEQUtIXP;Y_r6!brAOCAJnAT5Q_$mMTcr>=DXsN{7$MIN;ez;{j(&y0Y(xX!H&>|jU<9i1svM+1t zU*Bsvf*tpVh`D@7EREdL4zUjUM^Vy9WHe)$1^y+rN(Xokd=A?#H@CRx>PT2A)P!>1 z(EICt2V^N5e!FxX_N$!YfcF?4Oa|5@c#89YYAGGzYy+@@i(ffNSw{Dm&lzh(`d~lc zj2RhKM^nBGC9lso-q`l0$G%K6amrZiVd8!@WR2=7<^V8Xj9Q?C6YSfJkQ?ZuYhRRD zJX#oDP0u0l<>Hsb7W-}6)XY2{7$39^fQ@YWU0A59|P4@6&y}85cYy zp|1ypwJszN-k)lCAHoVaOa&I-|2N_@yBz?S&~5+x!~{x~A!pWWZUm35KTFHhlzjda zK@8*2J3AD;u0hgKj}(J~R9&`K#Z zkkn|MkcK9GVQS%HJ;te5LebXjct>i)o2<%!FaV7_TTI3Q%LWO;I`}Oq_Hj*{y$kIO zVU2ODr6{wXmU>e->4^Miri2jBN!+H~2u;dH;gfo?4UG4}5R&hSLfB=(Z<20vA%OLS zR}qUvk7P^EeAEkI>WrB|0#ejYzlE<^Bwxa|)Y$yLaUytR{w6)e`L`IPLeAXB-*>4B zMMpr_AES-;;^gTs{0xxHO`$UV=O}3ePe)RC7}pTMBvD|LSQFhaAYa0Yg|DP1VSOCZDdGr_ zg8(egV6Mlf01xl|0N9h8Q@}fbNH5!g((%rY>6>~o_=OB_zUigD=}iD(B-3|($I=k~ zctHs|J+0Uw)yx<1R%P! zfF}RpUwxx*z3WBa(uaXiud1^pvj}@8$+2Dz)u$+Hxmz5xO=TLYpg>iwl%z%(*=&&@ z)V|lb6>Gam6u2DInG2MAvMUk||1da~!1>RA=B|bE4T_n~|AvAj8dW3Oe2!w zSp_QOn zh&Rhr3nwmi<+@W9Vn|8_G$D^Q18%40mK%~aOfXGf3po>X>_ewR3? zp#v#QGaRjJ(}|1t<-K1)JSVHCqoStna`392=5YRaIvC_t@%uOsmBE_uU1|+V_E&`> z#+Tb`3|*h0Gd}N$wCjhvKiA`1=K$4Z@C0f4CZB;IidzaWzcqshd@cEYz@Uzfm;ETz z2lq-Xx8qBGVd#65xFqO;UdGRN#(JvG1$gZlt!!@iW`)`}nEvdLcI`IkXMcJL5B`Ii z94_A4QZC7Uiy)a9_BcQk$ZBpDVSb>?!LasscEyO8HL=XlZrf2%oH5v4e^+_LoH;#! z28Mvu=9F88<*;yzW;l zv0LAIs44NOiB)vyIY>a^Ymm*;KbMaY)MkAbI>0m$;n+v~Q0=PBPj53O5aDlKy`m5^ zcmuSC5Y3r3<(~H)me3ZKfPQs(uad4C46p^?4+gU{@PI_q=e4clb+u;8o&&$pAM4?t zuV)b2m_PN|aA+M3yS;(qo8tfQdQk6HJg~g}$DBo7@fmW!2IB=y(M{na;q0zHYU$7~ zB!wey$(}=-8CsVp-BCQl>h*=IK}9%oW2ayyYx*qO;vMBKys(sR3g*w**xzGEzONQL zDgCJPbPSxQxZo6j_RDLZ=>)OfF1a5Wr}#IzlqA=%b4mH7ge-3E%Mz4J)LN@fr2Ku! z;l6opn9L~bn~qra6_?gK*sryy;um<0a=?$~Jd5cEIucE*u22)Ld$xktzuGQE?1TaY zXbP3C0Ea*$ct4rd;Jwu0>*`z_uYx@<^mo&|YAzGUXtsB_{ABq|D5lNlCuj2ncBP z-j8!b-2$#KzSpVK{gbfMD0e83K$M0&yDe;V9z$Y~k(cky>?QJwsxIU~BLB&y*9fs! z#|b5))IO>8F~~fc$k0z+_ZlRyYqdci=-3203TT6H17m-weJ_5sIou~vd6B~iBS8)1 zq@2YE;F^7o#wT~mVCJBK$`#Uw!*cc)rFf+uEkyrPPuN;~%HDU@8v zH8}=8AIMVDzTRU<2!LZ=;y&sUpcw|7gcI-PFK@IkssJ$8aQ6F=3Rs5TK^~k}WTM<^}0)a^J7+cK^rkY~v1|g51SF>+5_U znOd|cIval*p(pAjHE$^mI&Vuto7wgCfT_j~%lV?`f_BR?su*@CWN z@A?!W%sk&bR4I%yg1JKhy%-K5U!hePjXkx{6+}293{Q}J5@V_gB>h-4M;%gvk74-J zCsVX7$+l7B4Q-bV^H|3!v?Js!E8@0q#f8PcLs3w%d~CU`Qz(ddnD)s2DxU8o=`#=l zq*t)uKU5IlHF2=y0q}j>PX$_s0;vRE?AoVTpB+%M_4acpP>_{|J-eCz{yEF<=)4~L zdcx}YbD1b7(OF0v#AiX8%_!qA<;L0)^tD)4D+Xgs;4`P7ozvQ{-e*(52+(dG?ZB=d zkex!~v&PsLn0W6k)=&Fj+-dy=W_0Rq{===`nybwZZW&&~ z^QPiX_DI`@2iJumM+dKxmV>JoLRpLvD!imL-F06m7vd`<^`*|xB7Ha|Ggi6xlUHpP ztIEL;kJ^%mhP}8s{y!*0`tQloO`&Ew_Na4bvao*$4w(v#L#1rTh4%@^NsWI`)IQ2A zNXRetVkInil8@aYkp8O3{Y5*=dA7UXC>H@{dh-L6N}4uW0#`KTnQ(&Z_JOTf>M)R3 zKKbTF(q#m|Zv+gBIE-w*t=-b5RrRh!ObhnbZbwSnk^0UUH6O<_>%@WT?RFj zGd1v{cM7?_3;OPUXloAw2Un1qQAhyU>$K6!^(CTo;F){}Yw@-K<3nypXT!`=p02o$ z9^UMyWnhEQj?P_@Pi7_YG;|+ zDgQ9wX;I~i6PzVJ_Z`Nk@4p*F>npkYwDjn-%k9^6$tk}rXi#hU*i#0&`9yM-e~0?f z*OTCd=h`~zlcwb3!p;SeKwK>GbQ9NKGI#e2sj7GFGrxjdw3O5^^|MXc*;DXNgtmNe zMC%7=UO)ys2R^uNs^fFVLB-af{)qffdb=TClmPW7PgWp@d_^ErGreE zp$k}(y(^(jxZ_2#91IP+0yD7DZJ68X)bO`H0CF2I!@FKJgUNXR=|~_tTsua9TP7ss z`6Lw8%3bqC)$3C!bZc>+F-sxEp;3-=JRmPSSl|~0Br;A?E;##c)zD668>ob^FWEFw z{2MNfOHS2GJezI=3p8CMj7&&m7|44XV*cXP$hI})i{RcsZ9^cG`;S!c7+68V)Qjb) zREDWSX|k-CA2g8mJ0(T9PQ|<@nEz!W$^(Hib&T&srK~V58>X1j$XkEM6U}HS5B;JV zIuJ3XfiR8^S#3t>#Ls(|JK`4d3wD|yzy|AG0V-I*@Tb3e|F}j8DgZ=*a1Rm3G5^o8 zAEO3$e}1=Nj`v>WbY;ViQn0FbEi`}4t6gke*!Lw~OVZKUu%cl!fa=8*|Kw&99EEs! zn8!0&0mkFSi1!j0(J&+l?5F-AdeDSLyeV^SrBt62XXFTH7%9&in zYYJ2AT6!y$rv&5Q4*TmQ2LsJBF-GrRa=}jq@^=%xt)~5dstghW+~l?%y}0}9vXyMJsHRv+6XSB#URgUA1*T z6{YFAOPGkew6r7&9*xA@&OBG?3W}TMNOPGotE-}HcbxVzi%bq!yL`08~SF1z4~yrDXHQI7^+eQ%q-E_^N| z#l^c@JODqtsaK#7{Hz*b^xXk%yt^PW!e z`^j+QV{^(Zn4T?cL1+iGE5lhE#n(m?9FoeGKBt8CYM3kDz<#UXxM8+XRb0`SqR`Gd1VDohgyy?s(GFZMmCDCxc(^N z`ZN>ScL+Przd~0)`P1`ZV=`6~Gjvz|%2@ot0a@Zm_b!%L=Kms|HQ)@W zUN*a>u3s&t{(ao&KA1kWKmDA|0UB8iHwv?cFD~Z63q4^{;=A?wt#&RM+m~8eZcY9t zuK*=PwlA|aaCzrREe^{+6lqr=6 zaiGd9JODAE?jy}%5zi*-box1sRjpo)AeBC;me#z+V0Vv@4{hYLSHVbM9`gc#>0jvrS80j3^sfS^6S}JmDrmiu6jjCAm z)Y*UB=%cvJ*}ymufTh8o6YY%hx#a?drW!g>Xs&f0*WL4c5R~AbHzUU3y3leIc(Vu< zgKrq>T!_Kcw~tXX09xWuH}=DiNvZ6P*R18VTG+ zD6)0filB%jPKU4>t7Oid<|BphCYHY$lu9`c=_V|5(+|EeSqITzbbW72ifEm8;V>GI zgptS{fp`8*4K0yDS4Y@|Ly$`vmXtPl<6mD}*mKRXzd$)}R%YK7_vHKX#H`sUegQ^lh;;}ev=f+V#1!t>Bui>|+t;ghZndpiB|2%4ss*ar z>aKy_7{^IiuC5`@>J!Fl<3y9G{cno=9Sd7o5muvc#i7D>WoJ&WwTCj$N14ZO+=#Cz zdJIB%ukn0mza8-nvxEH2DntnVhxKHwe^xW?$2BaWAUD#U7+l~d_BtS4N|HGN*ACtF z+UAkIcy-RN6btHgxzLK&X~(fr5&V}mb;e?gKdQBlOI*{@&}eoYmDHs%d2O`l~q$e1Y%kOH%}F%fX0{`QM0|oG)5)pp z%~4xt&~-q;dre80;|;gTnwm0A2ujG%Qrb>Rp(Gyt%0yy5;!N^4LrpxZBjGwCuN2>I z<+n|XVv&`4$+>qO?R@2W6;cESx_M`WG!BYzb|gY7MChtSho0{P%7|^K9{GzyoJ2KA z$1*-X26NvcjKp_;VcCYi$*DB05a?-F;uN^bMx%tBshn= z1ee1@ut0DP7Cb<3cM0wi+}+(ZxI=JvcPF@gd(Zp*J#N|CnV#zE>e(sC$xF#0~Bh7s_^$85a?W6VWTM%(|w=O^R` z;FvJ06tc2i8PybZ=d`mAi%~+kK0hu^q6Fsq9~x(=m>6*J3HPt738KI2zJa%BcZ@Q} z0(wBO7>lQd<3JjgLy#+gXnV_9+khOr{By-N%{J+q3Vt)ZqI8x*#xG!^O{MCTMx#+Q@E@|n;i*68}_ z(3eukbvkRO@#4+kzsjG27-B*K+S$+_ur<(U3;Ub&9wCuaZ2Hl)kncLMXja6`w5G^$ zk7to=#wavzNqO!LJFo$5%0bUZc7HBWr#j`+7v^nWggTyZFCj)%)nSCO$VP(x-6C{7 z9O)ioLEIiq#sNN|db$GD1j<=!{0FqkS%jgoCoBkcPGc4@N;CnoN2D_9{}N5Jd!%gC zEc01b8aZ4Sc^YpNT;nN*-KjZjMkBGM#PwDHaJUoG_B9gJ{x{#1ETF zQNEJ#j27vaxkBsM;iaT_a<8H<&a}0^ROWD;xy)TU?eC7uX#G^5UKf{DQ0#e zGmwrtcn*tp8Y1{be&kgMJgeL4-5Rt5Rc(shW9$P*L+<~781yBTIO~)9S9Lk<^U8$!F&`KD z<5Cxccg2|UBG_|&pTN6NOeZL-*S~q#MhOF4cc!GlZ}&_=DL|4gSv@Cz|E-0c_%GRI z3?kaBxD>o@3g2JtPvh|G4fC}C>zEE9j@>WLaWa^iXMHIx~g=A#) zN@{P+9G=E=H4zGk{YT!%KBm&oX<}NqSGmhFW*Oi3sIK^UWBzIHA!C@rzWkX6BEAq0 zlH~3p_M!_igEGF8`$fD8MWz49uzS5H9zS zkzlYfvB@Cs7;sRqd3}gd z3v#j35o4_bg}fqa-2AWTXk>PHb!;QY{!hzZOlQjGJ~J)v#Y@Tp)kZWKsdI!y`D&4y zz4ZP~3K3S$+;pMB}y@P+>_Cuq&ErXt{hou)Rj0|j8J|1*7m=Xtx~(;Si8C3<8)rRpnv8M@-t+qw11%pT=clSo-e1Wu zVamizj*>-(k^M=UMV0@f;CboFUp?;X4ADNbpGjs1kQAk3c?|+b@3od!fZ4Kj(hsR>aX9)64Y5x&?_DRJFEBG)@T}dcp^~kgJ z)dZ{Td&Gn@sSdXB3Fj)$X9X%a2^wm{5P}hEn;f{v#PIx@VQgg7WD4c=t2+%mWnRfv zbZxZ!suWcp{&?GLSW@GIsFI9%h8ek}2m{M6K6Za_r>Vt+kvV?`!&ar+ehQsJ3CRjX zcd2>_w;1IZ9Q`G$MZLsVXBb%#4yD~<=nr4G;Ru#v1Wtlk0jg;;fI1!Pl|DIp_B*B3 z1q>awjs5IJD&GilJn?givb`a=Ui)AAM-uRQ6Cg>+_CJ6Vi7xDcIpO^A$1wHr%mjap zT{P>RK;19Q9IwmsjZvd9B79LiXe#1cUn|suBYA9d&Xhm}0+E?XrWwKJQH-%PmM4h` zz2q!Ai%M4Y%$i}`WCL!j)Ap-(LYat01g-thH|>E+&4!OE>=2x>QjH zi{dHbr;=>9fAd$qw!-oe_fqumv|{0K2^QE~*tyH^!Ndm~j~WEL!E^($v3Km9)sC{g z!i#L*-e3` zN&)e6zo{b)6Rp>NE?PpcuM~D~oq4aQnIP&Zl~s)j>u7TNvdC;=vBF@BQoJBI_|xHS z&559zcN}Qi=;QU<_*!z%h-%!!n^xg@LaHFSzdzNdXmM5_3mD%lBp3>YqNZ`Arct`# zC<1JJHAQU+n=a$%E_lfqMQHdKSq(&1G8lc-U(pf%C(T2DSD$9iqm~P;9UaR}4uw`< zyfXHMhW>ayrtvwJ9JPJ@bIz~HNM+|A+;4p;MA_4XPk<@OyB&H-B>rY|#*%vk!XYsz zv1hwhxbOIg(px`~XC}wK406J+ZGQ|rS}aWqP;6-}!FG;0VG$TNMN<>Y6gi!+_w<2& zo?2U6h@H~K5@XJ4{(>pSF?n*UW9NhE*u@p#JKn69tS!~kjPEl(N*L6fPIZ6@CxYo8 zy4r%`GF~TVt)D{w%0&P-5-79SMMl6r(my)YVYqL!w|XX%-Y~3LDsoM(j}fP zg9AlX@v7|%+Eatu0+VAtMA>nPic$)q8=d1D)}V(>6?(k=igG8}c+t?~0sUER`y!Uy z(5=wW2E^dP%!vwn-$6vw{%LJ0BwthPCuZJH!P+wD^CFpI4;(Ll(!Q=#mD*L>!nb+5 z(F%U@B}4LMy*Nzo*Z)a${oX2Bf^L>zFu5u>RqEl9k%HZUK1^l3_WB%?I-K_1#(U$}|E)`Qun;nB=<`5wCnx?kB55fVMv3Oc0XCUh)F=+P5) z>jvqVT6~2?a@|P&IfpC4CEWwiUGLWIKXO-m^;7w(a#*mlPbVR(BA~TNh7fV>H;{Pf z3E~>N8~*!Z^;LZLeYr9g?~j)8qI2nEH7%$*DWHFdhJcoPZ45#GsM=qlFHz*CZq%2*oS|C8H}JNJsODq}AySsQPG zInH6q;jmb4*P@=b@j1?e{hqE?B%KgVA#8C&kz*eWzoi<3S`*usz$`=SSG<(nuJ$>W zQ+?iz_4K|`u*0rAnhpo&Sy^iKv(-OEwBwKap@xz-xv|rp$|BG|XqA4XG~2vWmIlvL zq~hr0hu|uEuB-G6IC>~RJNOP_q(kR^2Ec|B=dZB>eKsEPbI-rHDrXDGkT*Bb@6eoaF3KC%Qr&263oC z-tV$wK9hGsl_dlU8l`^fU`mxqN(Jqn* zsgLGG(9r@xJ^4kbI)C3?BJlPrsSbJ4Namn3jrTitdhXsH_ve#()}P^KeDQae)eS-2e7WID22=8! z=QvzmD(2DQ3)WX-VyQxPsQFve!P?d4>gMB8b_4Il%*Wp(YR-Sd`WJ=OP!po|g4RYw zrMUh81bE`?I|rThoAoW&%?C0Fn_oJ8?43zWaO_|a>hw8@Wquv5kK@#{<-A=>7ydeK z{j){3ThEYA+ECd#$bfT&q0Fm2^DZHxXo(P8Y5y_LW$N?(UC zhw+zA;rO`H_XYN9owiIWyh5DxYUcW!2K3scIct$Sd2l@ZPZq@;+L@%abZs)%3Om?3 z!!4|Q136o|vD=}gbM){reu_>fYBMD46G#1OzJo-qzm#Z z#gr)t;WVHWO8w^i7YYsbl16l*H1>mpXPb+tGf`ybls@1%s0T0(Qxh4+q|knGE!*SJ zBE*Wy%`5?-$ByoYP0FYuIIn*H?g1ITsD8|!9M54AGgr1N?ae)iTBq+XF`Ow3~6$Fx=|Ff**EPsoJbvCguyyBa%j;pRSb?PjVrqB zFs8i%MY2eUT{0^%8rU6I+#3RwVxX}MF7(xWj~kp~BWZ7Z&vTAavT`Q&3NXpkEFyq|bF%}DuueOv8vKABUNBCZTNC^3a}C8zEH8%15?YyHzmfkm&B-)=6r znWT_Cur&N-bjoBn{aM=+Lj(Nzw^+>q;SMpdxZJ7*$D79GGKf?s@wG`k4N7pRfP0|w z(Uz9z?=A^>jACuoI1QdI1caBv#W4PGjFyTZL(0KAX|2=z;OHkxEJqTsaNJ$sflW0J z>QTU#hT0J2X!%k^4$Mq&(#Z_gMtHK$?ps9)A7q8?XZ)ln!TpNX8#2hq**Vs)BVl13n^IXuCR}vM5hCjYKW$nlDim}6-R-Vf#%_mt9@~mIk}Ld(!s!kPId|MI(2m;r-YtOk-H?lra-)uk-JuicK5TIeRsapypYjn76Yj zHK?Suepd1sGegul*_<=k{2`UEbdor1{Km|TlV;vEteJ_3QCrFek|HUCUpYP-%#EBS zuc}h#iCLz$IUAjMOk5h~q`Z;#M1D{WJq33*BfCpj-?D1oVsdU;Jg18&H|EnBRqRuj zq}R+U<3_`_E_EY=GJNOiq`tH&&3wiN0zn#MMruhyVEMX*BiEEdMeG5u(D?WIb`@Tk zrh>iT92OPxS>c>>|0Uf`HY7 zc6+h5Kih8yA3|on1i-+KB`vCQ_rn;rX60&PF-KzZvQzFnrode>ABC=-=bz)SsX^(e z%Xd;mA3H@$&X?YYFOTQTOy=6)!`pdchMgGNeNp)rGLtcQNsec0(#@fKTdQ)Q;UQtC z8x))Mleh^d$*3J&gZJXIBo7I^3)uA-10&>fvP96^jqBHotNuL}yuU^OtWW zsFP!wy~JtGZT_L72v)3*lvE>-$|DlyD`<>4lEZX0;^U<){bG1ZgG8aF+1E}qq-FVU z5E(!2fpeTT>dP1tY-;Q7J8oIcbS2Xi8Pxv9%_e$cPE26>kSN6ElBRyGmyvdc!S;nZ z+XmP!ZoyR}&uUYS6j4xsq54<-@zU8e1vKciIsJ3+8zcq|N{(4ueaRXF%#FbDE4iUi zdZFBOlnzN6?H}HeHWbA**-_c!6EU-Aszn+_?qeSNT^ug$Lt=9;8_b6e!Yys$H(vN zLL?2h9~Z=1U0t1FBdCGprA77~q%XHx$H|UQslxc-x3yhjL+6}h8)V?ihMfW)2yLw$ zOBakpfPpZcJegn6Ca0VgIrpyEp5${WrXS3;i*~RP>E|2lwac^=;+DFNH^njE!yF>Y zG~uC#`**V9Q7F3@8wJo?syv)ejoCDhN#f5^Y|hfR=ESK&m*gsc-t;m?j9`B6_f#gLG96t^qe-s_%E)uP5+H66J^VJ7KSyTz7%-cwI$Usb@QX;-E)v{V1c z4Y#F;PI;Z^DK%=g8=3efs4Shd{ctqrk*eeXctIzVxg1Y@^kckVQKt`c{{#UmTt2th zwK}MCMZZkWI#*}UKe;f&4F#}&8LxJ|{_*ebZW|b)-b(Km^P{A2@_i~1OjrMt)_6NE zaUV>sfYR5jOYD{%n^lex8$5S2k>@F^hm4}uo0uJyvX@Q*F$w3yHw%-e^i4vzQ7W)HSd_G6T6=JQdjLGS7I^x){I``_U- zoA;|n+hv4xFP0?e*HA1i(fI7znjCQo+fEu4QVz~gtEc*_kcJ!bs>@#)sbZxmX}oue z8iUh$Rma^qD)i(@;*&U)mqY1vkN@$knmE|8G+uN(rgL~{F7R+`<=1}C$pwZv)EG+g z-hZlc;)NRZ(1~XLrg0VOdhs<!5juX?KJH_j3 zyO3y4I;D4$XO45di3MK`+%p`{X#4hZw+)zPLBBp^z7YT>7Ee%6Pv;%N zLcj{#j`Dt{L_kEeJ;)B)dO7zNcKq3|00-<^cg>qUZN1_eg#PTpm}@2*SF*A|c$fZ_ zZE8Z%mCbg-pBn_uDEP1FFdB-8r^jltwURJC%#uDNmYEj`8!thAJ}$BDw!Gre|H63CuZKCB}WoA?!+N= zyHa?4;mDKX1}(Y17tYli^`K;<6Gp3|{O*%6jP#s6!gAQKsc*A*Q!fwU^2(bxOqnds z3MZB~;H2F)zJbK?my#)ykjU?N=_4x7wYg*5bL%f>&fv4AZC2+q?c-|a69ZNFN3zi#W^&dtrd}1{Wi*Ion?P z6G6j0B!!$2zJ}cQa(FddCihdS5@8Wd)X(=taeuv+s>4X$L(pmF6UqII-1fy=!fk@{ zRxMqNZ!xMnNBC?*G%=RlVBPSBb}-z}06oQ5?S*P$Ea`dV96Ffq$&b?1-U}ca(4)>? z!xCBxu}%g5h2!RKiz&KJ3wyKGuhYj-JL1)s?rZ!4HhO6`2Z87vUeBLauzr>zHPOKi?%v_Sq zfNgN?6WEI@dba<|>!3*1@N{5w!&QSDCa!J&m+O9yr^8IZYPrGken{TyGfOMJw)3hZ z&REpgm>kIa`EtR$@(-)+me{}BTZ6?K<8MtinDDnXdyZr7Ej2l%UaisAO#QNElN>jJ(b7|?)<}8*hE$x*Y z#{Zz28k{WE^y9~aXrgYyS6>g6EJA#Ht2kvv-u|Rzr#i-5R_x5=Bc=N}M+L`@;=Nx= zV_T2*BDtMSGnW^q@>;_T%!1=E66u<0rN`r}eJmyR3}F!*H&t^up(^!@nv@d3z4V!x zsuD`nF~zdi{l)^cswIwweC4)=+D@G5<7neRR?|*EN_0OQ6iG;j!1LXzGifC69{wqt zFkn(tWx3pNTZLxCyTZzm=s?EWAxpm^CB#?p=-1hV@wTWyl=h@0VgtHGq(4${$y zPrVm<-o!B6?vL1Ae*-L!wFv5K-EM#`*Z?tPcIV2qf?{H@PMWqO!8_5S7q536r1HWq zoRBm2-d`)B)_x2VpkV_AJxmza%29m*P z-P0MW6EJrP6$WnUvK2yGWwpu&)mf%dYXe~V1~8C)y&)gsUupr^TX8@C$gi|D+o|$ehoh}A2YzF&>qC|6# zKV}s2yHM01ul*E(5TWL2@I?DN2rn!m1~>$IR7YL8cCH9+5~Fd@WTOLJer!xcA3V)z z6*Dp{B{luGdM)iTM69f-1D*Cr1z`%l$S^EQ8B4Ts8@(@w3E;|C&`Mj6lmi^Jn_&wh zG((4ZsTBDuxlue8CIf+t6L_#5>@bNk`2ZueR!c8o_eigZiH0+P6M(vmk{uTFd3W$# z*P;UXJ_Ci3&k@WeGlE@eZb|oIS4oFSXch81Po!l>E|eddEuYC&{moUvWZ(2s#)?}C zz-q1@0a}IEO%k!eJI09*_4D7uL@@+a%vN-3jF4XepP|x$sBUO>FgTd>?S24qMtO;l zR%T}%L&OP?|F9AP>rEmV8$8+W2r;}R9=!Tb{11B$%0{jd(gWhw+^KKPq zod^gVAVF8VTpB<=Sa97>FZZl6oumNHmtXIEyg6okZMWT)uvlrrk{7(e_PQz6-3-%x zrnp_U7B2K!tug+pN($WHYH1r-J-R2Y=k3)Qn?U|@e+JGn@4L9L>01XJ<3r*Z)wd$~ z&pLr%+xKWUs1Am(!!SISiu)(v9=79xcN+j1VjL5CvOvSY*j_TP6tDhP2DXAg53r2R z+MldEUXFDK(s=C|gx)5jy!;_l6K7nxtsl7la*#4gFVpk3Yd29hQYw}vCK?Ep7&h1X z^Us%pij`!+DLG2veX9w~ef*C6`wp?9g>>hF6+VqJIR_a3g$gxdq;=1)4@)J~rhQLs zNRbqXp&%q)o;eVmom1MNFU`%DcyJ0S6JoI-BLjEVw8o|RM&z2EyrgsnJ-3&59|(V5rl zz7=qqjI#4M-hp_BVa9D?ra_z_Lp#2b$5?`X);kM74A({DcC%?3z#6Zk=!|9T5=iE{ zM2F;Wf@q@JwtYC#`$40bum5PxkIJdPCa8dgcg(#{&2>xdyapkQ9z*!K>M}_@40rRZ z?xRxtwdfB3y_zn%QA^Wc_zL7RBR^*=TsBsEo|=!XJMRLPY{XvA+obBe!eT(m1dg_U z?s`bm$0uAS2qbTRT0P$aKG6sM%UNxu$1bC)p)o+%Ain^Z${@yyrkp){UnM;(xXIz2 zp?34%<8(0oMGtww*MhU__$zkrmuZHQv0oqw6w`4tmSbR3*S#@b_k>~l>e~z=se7Tl zW0zSoRHodm!dVkuXmu%Eh+QwDJxgR+s0tP_`<5*<>9TD_2^N$J-a2}Alt2ij3EO}> z%4R~Cy7Nb^BQhfH{UH30xk@QH?sRr!Oz*IDbceBEwWkW2a%5FKvk1Z}V(_rYMlfMiM?k z`Dj@+!w-;pdx-mYLvRl`xG|Qh+Tl>?^Z_srSl_H3AYpu4o0|*VjuIw8#bx@0 z3FoqxY+^G&>>T&*21D>4=2^=zGbFe6JB?)s647S3Q0$E+D@X1@ECVhMa--BhJmzyu zX%16TNrLX&+*T{W9j`Z)IH&59>+4aF5$+Bawq6rR0{}IN*PaHFL?9J~vE=B*1#3my zl{93{)ffC=z(xVzE*RR*>o~{1-HvjMZ(L`-2|xfEVgL$BTvb4JF-+8P3b{ek^}JDq z7_Z`Z6Y*Gqy(EqE4@GdO8ZOgnw4#htb>V%;LiKt$hsPG}~bkEeVmdU8*N(EsP z6Xox3;gWx+Eli@2>OC%UQXIN7QG(J2p_tA2OwfzAxRH z$`|S99+Ka52hJ>vjNo|IJ?tOu$dGLMaMU+CVKJEAPLm8HyCx+`Bd*7VNhv8Qp?p%U z+ZPX@cn`AtY!34i)$)g1b`!K1yu7DV*Zd*b|Mb+*ZG*lr&G*0La9EI9x8DIo*l;~9 z)CTZtDBG{%E3?WiN6YN4hG@5IMwolL15lx%fY~7=@%*O<0;YCO=s&w})lxN8FdUTL z_1<5Xi!Q{=4L=MRs2^i#AwUq|Lj2QNU9XJxO=M$>pdsOx%iIW6c1U9HQ3 zH{n3`qijvjS0jJ=2LQ{>P{4xIeOE~E@gTPgztrYH?8W|e(InB^`)PSSvUZFQwN$;5 z`OR`NM;r$|da>5zKc@~6L}Ha23wfajBZxf{4i;UM@T-d~G1*^i=+8u=$i5eoh*w7I zT!%JL`JEI;V8to7%f|va%;k$};?@Id`TyW%$B(0>M0uB$90$EbSp|BQ3&TiXJF#Mz zIzQTlI0kdJxTZ;>-)GA$O?~ba^L$cuXyP>RjyE%H3pE&zw;SiB099Z8rt;{U4jsRJ z9K3AbQ0b0B1)Gg|f5<68(qoS}w_|*wBmEz3BYjeWrCX1ZN1!3bc6e0N6nSkY7HPP| zni%{+IkQ>pGWf4q!209^5Iw*xc zqrhYa%cgS2d#?lI%?glCyLX`nCc|;`3nrPK!vi06TI#m=*a4cS7XQn`)D+NAcWX0W zECQ}!q3{jC+u!MB$P0p%$0Qqf8fV166A zjvDZ}uL;KI9T7L(a$X7a2RP`p+lEHf8~KlirWAgk(;P#|g6C*hZgq5)bGGSV^7_pD zFC-FI4TSiIbKEnQH9D7RoF~ZslQsCR8it7Pz1)T8-US(++lf;JmVc>Zc!ZrG8c^+* zn|0Q9PF44)xD53#TFcLqzUj$YS2SJ{90TnNsIndB*%@dKu!&M?N4zlK<^PQSd6(po zfjL`GzHuLJacXx+Y2^~hT->K}YEulowPcm}u=Ve`Y3)~DYh}|g-?fDvC|CD=I^$6k zc}5gnbO0(|PGuzql+CK+ygmTny+D>Nyke6i_2j%=_kJt+CusmTn8IbwAf(mi!ZyZt z%v8u-rqilMa5J&E81itvul}OLUEu8OYzQFyuzh1=qv6>~vkTyT9iKUJ3RoLH%kOiy zPOYs)D$DW07pB>v%#~^Qc>~$^Tb(IZhU*?dnO0-P)YuzB@(lMJ<0hSfTZ~pKb>a15U zz36zE!&-~0_?oj{;<$D7I*#a;f@qTBl93l!!l;|ydsnHCei8MjU43uj`;3&(ZdY#J zMST9(sj{M`DNLXu?057)1$|4maodn*Yy!o&!o#Sx6AR-qy@31J%Ri#nb^|vrMb1gg zeMk9v4$CD@kF5`xofuvhuuz}miu*Nu96S$}i1`l@O8H=cZ~)F=+~ z?&DuDN~w z#T@;rxVjVcI)-gIOW2#-lGS|XR*-I5B2*(-$QiFpKT3SPqD3`?m8IJ0K6pr1RmV@>r9cejT&D{>!sXN%{a(o&ed2X45nTVj4%0Oc$^_ zESX|49s(lOW{h`#11M*DAng5WeRmLh`Yspdw9`~J-VZ~lspQksQoZ@*geb=DXCW5= z6B*J-rwio=l1(x~0NRB^3?yXW*h17xprUTFvIL>k)}{iH+#5fn(>{%Ms}n23Jgle! zn-{Rj7P;wY!RVZ}F}f*mo-rr#KiUxUp#>)JPVT&n9WAV$V%RRYfX=UYEl5cYQ`wkJ z_SKu4f$8|@XB^A;EPPDgx+*%s?n|GFL({&i$5G_M>zQV0kHfq8QTln5%R?e%t)_x; zl{bL8wpT>x1-g$?w20iG)lDjg^7aT0q?MnRv~#Z3npF(n^?(MxYlb%3382(_Xzzuo zzkCqY3Um<~Ef&GtK-Inf9A9eyPyrV}!{eX(AqqE`;eHlkHeC?!?R_(=ekuHREj)Z& zu2GA?(suDVhda}z8yTl#-KOW=J>a4o1`)aZ{QSQCapQX3_kKmxeS4gb*ylZ|>S6GD z14_UW$0UJ^PFNiH0iF9}-M7#%=9Z$ItVVz_+Nd&=7AqI_9|ZwS6b3R&kh1UJ&5b@F z5j5>*xI-o@tD{30Z(Ft^^9n$Iya5t-CP-~Rn$C|0m~WTcZOo*QkByj%RsZ_{0Sc$O z8qY=#(DX5G98A~+vs3bJ);>c1WP!?Kows)9MaE(JzYApGixiS=-a&HD1}{*dp*n9R z4qt0*I-4|+aEXaabVOyIF)9;yd(W|P>;kF}NJ#DTf)g*|b+nZbs8y}D23;HKz6x=% zSSZ3Xqr^OG>pYI)&gv0{(QFZJXh^T?M~+T!002^<#^8H+G<@2Ws`qyLRmKpkZe97w3iy{ zBu4BgtIGh_!^YA*|EHbX^+ldSN2ag*YHdKHH^$2UAR0UYMdYZkz%3;?2?|%0aI%3S zSN0ahG!I}MYThL4<)}z3)OPyB6*|+salRww z1a1u6LjA5ey0KXb6An5|Xp-r6HFUjMlV!sf{Y%}1US%W9DdDX(3OSD~DA7K%1@`~< zP>?)KgpZ*h21#2X2asM&8ls??qT(+RO!UJA1<0Wr#0N~|Wj_=kIKY;<~d)(=T&5Cb*vdD}JiaegxrpCKB= zt#0k@^-e3|*wWGx{PJ(wkXM*u?{8`l>C1uSJz$ylEyjz{0BB1LK-gwU&fy0dnWB47 zh%BS3t`pE~zpq*O&@%sLtQgD-b@JzK4g9bZJGr)Y=HQ{Ojt8-YXE0A*Xm^I3fCs>$ zFMAG9Y48Fzq4yXdyFv1PuOggE_toPIK>VrOvR34j*?ERkxyO8X+~~?kKzE});H33+ zKnV_Mk~MaD*Ip~dAAS}7WKlH>of^{o23-Z7af7(4iK8rt=1>~1p1fwDyA|}H5POhd zC8UubMT_3u$`rZjC~Emc?B3!XJNQKLegP{>BB_AY(Qa^L_`4k?PCi-i&%mdc=NmQ8 z{j%ZBEFp6!muVZ_g{n9+SN+MZ+$%EmR6Eqz;=8r<1^zH9{Hgwu>rLi&}dZ8 z8-np6c3Q|j5^z7Q$Aggi%@|3NE?5i!pZu?h2EYYKJ(#hy^8Mf4PXlrz`B1D~N3_x? zX=&s$!fVHch)mLK5lGw)$OVAzo(oWLRzc*z^>*Tb&(M&o07cFQs13KvtvySpVzxOk z2zsPw)BPcG0U#*!wm2TMva|aVaQx6KOm~8TdIpkK>HQecAUxt86S}RA((m$xZ@QV& zx?Hgz&j#dQ;P>=cwVnn-@C(qfkzRqW*i5;TfouU+Np2n86^ChA@YNt?^>!pbgK!6+YOv}K+BkqIrcb+lZM_C)D z1^INV9ey+PwBLJ%pMpXoqtN=KMd|L8IaMU=EsI?G6Ohv@&Rbk<6N~1dU*FI)a z)lh|Y#*A=JVnMn zAwypUJR7aix~!KcgRk6<*YEro#%2yZY<4+_qVleLnWoWDyE6@yUviQ_yz4=c+rvD3 z!)_^`4ql-shEXQq)grTbkO}liNDD17?Fm1XXc5rAO^1MUBlNBQ8a~CO6Wel5+_mUY z8t;`vomaYMKVZZV$!XgYDyvgsI`3EUxdso7jQEacoZ|Ypo(ry!S^n=M)Rt=NKZx0p zQ6u;fxjU^h|7>JyjngrvdZIJ`_G8)k^yb®Nh$@A}f(Z94S=kRBJC$y{>*jdJZO zp)o7B=ObhHO0)gtUu!Rp_(#USGNq%knZCVn!1_SvF(8`y&0mawv{|Nd399ca6h!MZ zn+8rYPP1}Lf=G^&WZKns{8r1HD#jqyT_5A$KA1V|;t|@ZqSRj(rZ$>zd45FNp*qLe zqR@F=>t-}%f>Ini=9|`gTtx(g*vkjKo4MIa`G2YA{ayo-gc(0 zKmP!^?!=gy=jM@f3q5bCwJqr8MFMp4j?>R`UVL83k`KU|m`9&cW%nGBH(__#?hGAx zx2*pS-m~Eo((7)%CC&|Zj&tibYymqT)=hBrr{?0OCfNd3@w6r|uJ+W&#klu@iajkA zvOe8X%17Z8qme0}?mYcgsC7l31so0-3vbPrpuXysC`BeyFj|NY>GXf;JM*#y73@HT zY-{V`8Y?;>_($FmHbzuT667fR4jIaVgU$O*itsUvP13sP`_T-gNN6i!_+;4BRV?G8 zxOl$>9=rI{96ZQX8AEd8TnS>q{3651p6Gu-x zko3qHtS4vv+9Fdp6e#Ugo(b%V&eIg5fJo;p`UVi|)rP;?g z-C`H;JRpJ|U64k_)OUT~_V4HBgMG8)<+Uwz4}e0`|J&J!uyapOY>F3NSEH{?Enwf2 z|0k4kV6gS?_Q{shLmGATfXY7RQ@OM&D|XCYinnZN*rnGuj1J>s|c8Z&(db5FZ2aFBAM_4u2%lK3}xl zHbwp#q{kO$Z?3Y4hHQeS9i*4S6k}BW`cxqm#ct^v@=A^PCHA-Yy`rF9EA=j9pCSH# z0sV{DOw&Xh?iUERlZsxGyR0<4-A?e`x+Yf1K>$;{e~HeS(h+U^C{00HXe0|#xAzVd z!)IOWr6k-hHe!SP7xA9T?Ef0rveF|8R_$zkiz1= z#H~4R8Pet>rr|4y2vo9gGEV8TZYe(MuwmwImu2YLv6-&`|JC-{SQ&ajaB&O@bjZ470HP?xvVOjG8TR= z>tBbUKVvp;^}WXQnj-^IB4AttuBmMVo!GvXowhQ#%C|Asmi+{*m*$$a}`Wg+k5oH`w+_zuFtk`JIr zf0e`(gPk(H)luH5Ja&cb)G)f5p=>+SndUp}g762i4>or6@6@Q22Yunyk@jWoS^uW1 zfO2C<4NlQ)c^b7n1QedXe{vLYj;H)gdx7`x4LgX*I(`|6UOcXjcz8f+`)Fp9l}7+h za_}#`mqTcTY&#n3(TS8!q=q%Jp$-vYS+zhJ(LDl{BX+uNUM>6OVz{1Z=1*RHAlUU9ssTq-(yM$tdT z+PuP;#o|CmRD=q(gfA+2SeVXM_p7gDUg_*>j|++(Gt*hgmmlf!2t@fAE-tTLPF z1_~UETWk+CLDP-`-F8Ah4k+h&N0_dIP{;jC2}esa380vch@eFrp4*O+7J^Z*`u%$AS_-CPSN9YER7*wCm*&G0G{k$;-6s zHdf$(8US+N{~p3w=Crd(Z&Z^7uPebAK^^*!_BDB6nKHM9#0?K87q}Pu>o4&I3{Kw; z23h%lGUEf(v6~oT+c-kQnUGC)a*1i@2%AVO8}m!iZxxh5jZu8;64MqqBX?u*au~DD zeVmG0=SyCOd+wFSp-?|!GA$=RYaGM3duBh%5z_ZMjFS=w@Mk{szv~!T*IkiE#{`y! zA}20{FPN$wS+2`o3oRYkzK@6$Fhft92wWuIS*C;_)(->i&Z_l$Zh;odZ{}6l>4+MH z;M^9>-7ldBd?306=I@bpm{EO6A3n+GQ=g+@G_`~4#*i_2MVbocf)+50#RJtd)aOlF za&|^-yaw+AtLflqX8CL!RfguVIsi+-5~`g}*6rOVtXyA}b!7<|C>;8pCK04r94x$C z(OwlJGs2;!-9_6G=PZSv$y;Ge63fjOe_)7+o?42S(8YHGD3mD7ysPmu52tJ&u(>Pm z+xyAQrfqY!)zAYE2sV>eB&3{?a=u%9v}>EuwMc$4&M>!0yF&ohJFYoG>_4%bAzd{M z9PWQO_uCE2L9xa6y#M7yYU|{gGb+C%3W~TI_{#7&)*(uR-rzB4g;^3IwYSeQlGtv8 za@@&9TkXdCK}KKD^&^A7XbCCfm|$$GfmS5xLmyp|U`0Ltty5Go)112LR#@8ejybT% z@Ql5ui)`UueC+CDJ)icj9>BEkSZ6w}Xo_?!bnLVRE$>mmUSQ8clLxn4_1?yWVy6LX zxISz4q_tQ)log1#cdX4i2u_^jK-0jGwo!Qi>p$qaN{~8T+8PBJ)-&%6BIxLwG$Z)` zq!mV!mQc~n9vsNQ_}ttOaPbh_PsYM0t#Vi*gP^jPMa)+Gr{s9yDDR$5n`S?hzCJMw z2Agj%f-irl;8XIMqQrE4AMqPxP6fQ!d}E-`|BFN3=5oZ5oI|yqHFjzJ!IE&dfO?3b@Gnvx_F3^ z-sHx}OBlUUhBkJnVPRd=E+Q=uYe+f8Noyne}+buX+jY4pJS)vE(|=tv!kaSG;&pmx8Jy z_NrphKLv0;zO%Ju4I!?SmX8;+iemgfmd-k=tLE$Cq=eEf4bt5W($d`^jf8YbBS=Vh zhok}mlG5EEjYvy(clyqKe(xW;TrLdmckawN`+WAE{Tjk;)jF=}5lVwS*1oBBm8F*W zsruc!EQ75`MxxuMA}R=G*`^q z6eFe+l1#i+V%xH}rJAuzs2Oj{I>xo@$`MUY%!YwmWfhKnf+;1UD@J1WS@sd*bVkE(xn$vIe}AChPD?>2->(q^T6fK%=QN#ta?7jU z;&a0{Bhw-6((tk*dI|*TY7^*Ij;V|iz5U~824bA8dGl_h#_5_~Yz)J(g1sZSL>BUn zn=Z=EEe%pMMJ$eGeJv%%Uu-;KJ%V!-?D1wVY;A`SjrpZ|idL&nW1YKx zlCtT|`J=2xfuM%*^jip9s0qv?!33D5lDEchwvIe&Ud;9!s)oO zWX6A6X}VW7?3O#C`6Z&No+fcbyADZrSvEdvmupDJul~umpONa4{e7d-OZ9R3a0OcQ zVFP7i7zvD!vLfqBsiYb2QWugrW?CER?TRHP^%(W=N=EqEgR1m7o9aU`ZQHGLLI&l! zU~vEJ#4d`dad>(e-Y>>h!r2Qwo6Pz=|5lYB-d>q;)4ex?XXI3f0n7HNCUC-cB1-F8 z&YGyd$+`THV2d2>4B@}G_~boF1{2H%a0baU~zC!gyZ8z zbv2~nwE5<*KK7R*QE2BQ4)jVtKe-yr*0KpU)Lr^KXtqM-O1^vj~pXX-)GfuCSo1J`o`8LB$H!uDBbkGuDaMtxr+`s>vIjX(Vo{qL%M_wvf%xw1VdEP}PG zkMDL+D(sj9Uh7-uZy3d~qrD|S`~-bc;J|xHB2-ksxYn%`&L_4)Y+T1Wj8T(PcW5?m)b(O)A&R`Xh&pM&Y`@WM`GL)&=bt61NA9dcl_yg<`zuaU+Y2AN#Vu_|P zl7vEu7e#TX%r+H&*eS06R@BVjb9NM_*<;d)7CP{>O;Sf;&OcqZMGAvXbES>(7j{jS zf`{e+gHzA6F7LXhNqqPBQDoM-Od<^DluozVkMy7t47m=EvRPwyAWlVp&W(ipIaL*qt%VY5i6x5gzfEVI^}mZPol74ZRO(!S6nb zj{_}jaPBIVrMtE)i^A5rrookKW*OL1oqn@m5A}#nP%&mJKBR&t9HsPe)k%dY-Xn93 zk*Vnl7^mhyVp zEKMDoqQN0X`|#LP{g}AVS-P+qLQ{&fRRZvas62O4+{kmuSp|fK7M>bdPN_!0w6c2P z7iXJvbB#Od-x38XFp7DC3|>--NuCPrhe-;{+WbJyrxjk%=_!tn69k`f#+3Zk(yK?4 z$zPxu;1(9DMf&rz`86rDonx}}h(enUK4FMiY6e-nxPj$J%K6DYf`789h8DjF;}25( zJ<+5oROcFT{iuPsY(m8*B!i)H7lTGY&&n)pGMUr^|l@m;U%N?7($I@#Fr}Wi$F#?WpIUp87=s zSgHp-FrZ0cHHrZ68y-Z_K`1?BXaeZ<&f#J2_&6rG!%U4Ce*(y96%`d{DxRKvV1!IJ zlEG8K%)2>e_<*hPKF?dYce*weX2OyLmz)1Cez7{2u*S>T|qmNKfNC^7#5Rp1x zYXb@1?0^M50QlY?0N`=}X8vVihI6yUAoh3NDmW(X?;W9N#6KXj*~Nv4wKZ~ZaDi9w z!otD?0F*xC(3ye1Bu&&$aBDO>((8Q76i9{rqe91u*>afZ)jev7^Umjeos5mrDbB!G zc!`)o-OYuB$w~2dZyx`}o*>?MR%(A-^U!wki#$c!PZg|z3e7O?#si`Dx%woc=-_50 z>gGkh7lTyrYxs}K>VXrp9Qg@}_R^i%1*q6V>%8W|=Lep-0%mr6uDv_xG#3FZ3>7?xgWIsx2kQxf8ssAPWx zquAOe%aV26s%7TpU@74cUQ%;bE=H6385d;@JR2GpuP^;GV=VYOsw;5o<(fc`hjbl0 zVd;LzYs#=e9_F4gxL+&woSAaqe3vS2z&&7TlFnK8IQz!{n?ijg$ zV(hjOf2_QL3>H6^y_q1V!}~u!C<*Leiunu20NB;{FFbiit2&K!&a+dBbFwLb|h!S&iHFt|MYv!A;RKpX-4XNM(pn18#YY+q0hYveaE zJQDj1-&5BX>TvXo%p8whh}m`(#x&>Anv=Vh>+h9cv57pfJt}qhwEK6g7*Ela;E!>N z@BaU3^(D7!y0oZ2y+V3(t^|`aiEv8#qat{!E}QjG#BH>Y*!T$> z@HlJ{y=JTnf50y3*}888AqvEdo8y4t@dwtC_2Nti#@V!Qd=S9~5t|U!iYDeEu-yP$ zOs4>XeF5gxBhs0)ifMs>Ck*~D=Cdq`MJY9WemLWI^DDGUkU|Y1gyBw-mv^5^K;lR{ zaIWZY6T=XtOCYX1dK^`yqTMT@*AzuV5y-gLmh$lU^dur?3-8e}jcKG0=m@CmhDvZ{ ziK>eT)?&tfDhluZ5|u$hF~T|8VEHt66z@~dHR$EmKc6M7XpTE> zbY4@_x0>s5ke>=CUN}<8`(mwB=l&be3%->cY%{%U7+M?kh{IhN#5U}%iyq1MiGwd3 zqzhMeiV^xYmG+8t2*Fh|$-i;-6@)^B<(h*n?Y{>WaMMlhvVRk|3p}@a@3KR{9F!<( z(}!*e3<|@5`wt(SJVTcE&@1Qrbe`+@Cx2NXg}D>hM2wjAs$ZoZW&)Ff=>6Q-8o1lCtr2>|#oLf|izr1w=%1`YKzu(2BEdf`qBBdR@S7$qyTEWB zx}HAz=n@IP7cS*j6?50jq09KQ`E21!i?+saGc^sbT0Zkk`853*r$`b!7qfEL2ptq zn5dKhb!JQXuP(ul51nTtRyE~fY*o2vkLD?lLd zLav)PtzW##`61Q{(1>Qh_Sa}<05H?G>(=AdyfCsMKQRvvk2PSi=mEfef=`%w&%glk ze$&_>5&h=x${+tYwp4Hi+UVU8ZKV-+J&|3&V=3^J$J6nYI8B`qq|#m-ll z$(Zkfj+yv?`=*YqwmSVUOqDbWf>T+#i3{?#h{DVWuls2em{L-9o8f^9>0&>;R_0Cb zoD&k^^(&fI3@uaF;?J6;T4G&aQX2$c!}vIR7)?LFPRkX`5`zs>i-fEaFb}*B}{P&q9{Vix7D~fHcgyAjbR|Y zIB^{S@0#;!2*DaC6ne&0*YP6_YOK&8|HprJJ#b38PE`P+4c!<#I^ZZ<3*G4lRxdye zzJOK^cwP}PF}`C9fN5XNk7VsKemWy?S|;>CNMY6sg52N`+Ct3eM=V|_{*gm?StzQm zo09O4^{F#MJ|(vQ0--8$phq8O()UuvFe#FBy1@AxN1Owr$u~CHbX|y>P1H^E_{H2R zBQ8cdb4ngj4MT||;$+cfPIFJAX2NCq!&f$hPj*E<^!u>Q?XR&&V^}7Qo4gu)jb*3y*ju|(a16Vx7CWf zfUFlh@tT08^|^1N61EkQq1-5e&YA?vEaPoAF3wA7FAH58j=E8*X`e9|2pr znxMei30|<&$g2n7iSGlPPU=FE4($^d)vq4ZjP(I)x9dV5RH*#-2LTkrWB9KESU+?B zJ#0fhw{Z!nS`x>s@fgh4SS_Wjp=oCFb<_sQL9$Vc$bWN}`)Q~5BZ@OUdYQzw_dJGY zwFNviw>L7#r&3(C#EjzcrgVLIX5O0; zG+d|Jy3cPOy1zprQ|cpSer`_aFn6t(KBB5cK3aT4f>tGplZ44$>&A#=S zDJSJy{y<&PdNm*VX0Xs4)MgD3&(Z;lWO8@0+i1H07|9rbtRlCzwxTVx1N#d!r3O}r z7to3;2>EQyAikrL89Ic8nQu<*!YkE0rgqmtNZNlHGM?TUSE<3+(_Ru`$5p~2iW)g; zUHU%YrF>}cds=mmy&roXw>id|`jaVY>rzw^#hVRH;D2{%vsy|W zabgiZ>6M1?P-u?tAJ&<1ZT! z>C_f;^%a$~;h2w|GBiy-km8Arp~1t$L)JTIfb;NN`aJ<&t^*WCx~X>mt^@w@`GXyn zPg?Bi;^J@1`6x)*>+Qx6ivmC+0)TtbR@y;vwO3ZzNB(qzq@NX@V!Cn!H%~~cYq@I7p)SR%pCZOYih*Pq zs1VdRO7W5?NRq6wqv_C9OTP4#fTw*##2NqFMvave`4R074i@UR%6L7k1XwqLQa*?@@3E#C0e9WzM zd_W^bP*ZWx6$__w%)Y1j3dlp7N(M$R=~U4fTH|vaOw}?jMox>Bk zQuhKjf}fuJ4L_`g0EdU#@ZvdOF<6@qINvYSm($KR1ABQU?U|$%;4q+7Qsw`6*HmW; zNQ?$xKF?&eH|UwsF^&d1X%s$FJ`KOGdUN6_&!;xs24>frBhEGS+(BjR?6{mzL+iv- z-I4QB3*}U!17?}~eairKqAb5Ds-nw>>bCycWTPoxRP!t8os#_l9@)t@zQidkhS4&9 zW!7hZi=%^a5hXA=yxi$~j`?^iajMeyjj#}YY1AC#*1t##^_$f?+T=JEy8{7(8P+Zq zc|Urx37I#2;ysngxbvdPyt9djh&rVSj6MN-QvK$UALJ;ynz!R>9|hjESjhdQw3G_m z0)46N50)>`W<+~@L5th~dRTUL_VL+frV#$cEv{i?N=$!MIa;Phq$c zX2J&Y^4{U_FB{Cuu;>t`55LluR25kewnywY-p zCT=n4ZgyUFL}%LQFx1ruE@EK|2khDE918eiv}@hgkGsT_~H^9=e^y= zD!d~XzHj6NoOt~k8>Z^?5dyX5>Upc%mtm&(D(IeFoCyB5i|1_C?8?L$yUPwOiE z(ClVG=I7HPPzWqjjkF2qaKxt*mYPw)z&a|_FZT|&VmCq4Ma6K{s0g89`is-&fj0(u zr&_`vP*HV7l2p+B=!Vpu)xTtxi%4jmRz>-u?3Lm%RLtC;F#3_ubL95-pA)Suy^&M4 zfR&=rxI@G0QMdCx%J)nOa)}haAHYX^m?>vP3$T%IKmBH>X%o>2WQ)Nx5X*Hz*(Hhr)ZK0LUVx>&|Vzy(*_6gcBp5|qipNm1DbIZ59 z^SnLV{4Y-;l3-#Q0p^Nm_8EI%)dcCS%i*&HhqG6lkvlEn%7tZqrmhW|gf$Aych5(T zUZ^qPnc;>iqsTFexx}tF7K5Q_kbb6v(d5^`v5e%WzgpBZc~tK*;9;xXWzu3!%kieH zy_NMxag$xSMjtrpKEo3t3pf<&Qy{GNy4xX*BX^SP%{Wsb=bzfVx@YBXN>@l~Ildi; zQ7jZ3YzR(B(cI0uBfs1PFH|r1p+pM%ckW$oFAz~u@4SuyDVHG#f7a#Mc1{YE6AS-r zU|qM`YZ+n!)=VzQQ!#jwx%KED8MSs(e_r^BMNee4COFOt~wrs_G8BO?@ zic_!&#R2fXyG`?5A3zR7KQQoGSJ`4+5$SXwbHl|; z#Iea5AWLW>w|44QEK&S^`Arq!M)%^Gj&GQaMII_OZRPTF>g-W zWMx(s-DfHoqlb{J=r4si9?Bn!2mLrboOwi>7_FV`24eF+fn|{5YS7yJYS-LyAYrjE zktXJPb691dkKb|XoRe(1&+nX-gIXaT5((SoAT!8!{rXbM(3dA_MS&uDf7xO9l z3l-CVzzl~t*7Ph;{v7v%^G`4Fi4+I`=mHy*v)Yu>3si!oNiUwUSESguH988E zM(44{zv9)4l%xAQq7*+~yikp7JMud;3XNG*8AYR=W-h(*-beKgBbDTZ@TR|9zGm^J zt_g}*tWT_5zXA&yoSY|vjPhWRQ-VtbPflCnPFs$taJ4;Qm`WkNchLChK>dVQg4@#f zWa^;V8*iYahFR4gH|-HFIvFqK;S8+^>;-4 zJb2OJ+65U{j)AMbRX zC->dvQ1Z?6SJ4pm5ne6u)z2YQ#(JD2y7SX0IB@?HMnI+gtHtRC0%0A2^|&P06ZozH zINxy2EDLOOItn7IAH{X+IaWG2R??*fao$>SMgr~IUu zCKiPtQG!hrbFtZ$UQ6rbGVHcKrl?>=;KWPj7ahofaqkEY2X%}gjJdr}-jm=4OPIsVWu^aI4SFdNh}Pc+WY&pXZAd|efLS{M7z*aSR&;1jAE z)uPA!G0fTwJ-KdR^g98)jMd9lD9VNHT~Lf&MdP#KRJO72*^pO9U^^>#%y)|maw)Xt zjzO;=WEbc)?9i91XK7#luU1V<(gN9i)w4yt~jt~Y}MW%|C6zcpSYcdql zVFp|lL*FrS0-kPrwm$%4zzI-itbX?a`^_2%2_uUUx%wluy?b!b1DPs^+1g1!Mqhf} z^|shQuhMN|kdg&*{L=J%nwy(Jz=+OYDB8%({2p?)K_4P;{r&ph3K^B{)SYrD_Bw-3 z?Gx0h)KAK>cf1%ff?|vE)D9gYo<@r>3{kTpM^gq+)B{B)gC!l`Z=_8?juf%e>s*fO0-v^7}927T3XrzT(?8- z@^f(LH<&dH(h8BVm7dK$Oz$;0(}gGq4Z<3m~p097B9$k+fQ4lGy@ik zDva=vD{NGps`tYctnx-IxKo9XImy)r3(6~^?|6>vlDpoTnA=R}Uxks-pQ&xnBX1L~ z`d&Ex_}U(^K+q~3bNt;VifRl&jj8R_mYg^G)zrGJjVmCD>#VKrD=L{&xre}XQECfS zSzlfa#>CMja3ceR>#TM?XX^n~zJ)ul8_>Q$u22tn$KEE^|4QS4&wbdS;}WN1Lh-04Jwh9mR|JUFHbL;qYC$~mepDKR+XWHkN1qxb$?+4Jv*x>giU%BapDIG zM}m}M0F7_%$2=HqYG?@{1jj^;T(3Grd5$%2LGwz1T< zUx0LyR-MgkmjIO6XAQ$Di*o8rh!Xvaqc9o^)&sn7PzD%eXN1D8hQ@@1g#LT=Kvsvj z(tBL2r{s!waWkx{By{u z#c8t+O2AXa{!`%LcJ4$ZuvoL0Z}H+H^S?3G{}Ennu20;Z1Xsq$KFW;!Q-!d8Hw<3u z?X#*YSpmUdIh(vRO{wfghG%yqZQu9whw2$EI0TGT3@z!Hq!rzGdEo2yndOp(xGz34 zAL(4)xCvBDv3|(azW2+Gw^f#kiKFkLAEqSDzRxVX`%(ACXXf*7E4%ph{jxhqxgMbT z<*?!&UuEcyG8?UFq2!Q1IPnIDfAsM{ASU992OBb$L5(DchQtIX28lryVRtWqaTEv` zYiB+59yVA`81(Y-@i7m$W(&Agptbh~Vtp{;b9{^Cuh2LIczt~e{g>HaoI-Y?Q!gOi z<|rQd03X9QIfNDj%QIY=g8eV_6^q*d9+=(4q7s4V+yZMdR zIz$}u-fu=VARJbDO9hk?vZvLwz3FnI}@@E}mb!fLTqW+Y+@2fc`oqLNOdy7lxA3J)w{Y&ygxVkA8 z3u;lDd;kj#a{g7dCiQ~nlwq*q8BgkkV9=Ywz;`01)B~`S4N&j^`tJqCn`qE4!e1U@%{A-HGT1z7N820wNx~G>gH`c+TQgy|P8#jFHCyKo&D@X`?BaY?#3QbI*tLo2F!Pu4>+-)?UniH{ zjT20wf5@-HxVp2z`4@>Y&fDS|bei83mChR+A~9t`Gw zV8!taC4c!qpaRV#L9r8$Q-0%ByhY4F96i1O0b(*HK)PK7b2-fEW#e6OJDEuE@DLa9 z=y0dBq_bZ|JW51uETSURfE_rE4FDBItu)K_H=0D@#9#tD;hY z7!^LVZeX_OvcTmzEywsf)5R5V3`4{GnU(;k#u?%02O9-6clJQ#3mRaWnkOu-t3stV z!8O7{4Pb&J?6ej^8ST#^w}+Y6wKR$;J%2NbSXa$?cZfN`>J*b7hy68NJ}iXiOrj-6 z)zIjHS(6@~vUEyjH|d#<^l+gGcd6O8=G5A#{ra|{8adXZ2H+ar6*inOb;fndJ+2`f z)7c#OQB-CgW8OQr)4@bqvPsS=l_j^`X0uN5R3B{tlh4xteo2;h>hLOQ1DeN6a)DRk zH?dpqswGhbpnn9_Y_pXqV!Ae_cq5)DCSS>Qx{w0v^~uvHXd}}HA1zH^d2RxCuHD|Y zFR-ZtH}2YF>*f9|oqVp=u+R7H8d4Al2qFM&Oer#AmIR;cHx^Pc2J3uHWn}--@n@$! zP%s4V6Szp_7QT@}5J@5mUz}BlvOzRL$|FKk%H?FJRvXU+Zb|+t6 zF>lW~i8*mXk2T9aA=a;gKxa95Y_)p7oQ$)XqzG51M2TuW@?1?6tMc7;kLrbzyodt( zmZ7KQ(0;@L%#6|bBpzs%G1G-VZ(03P4R;ih5$5r}K%l9o4&TZnI&7A^fHnA+HYy8N zel|&T49T;0q?vyd>iIx$la$=WZ{7c2jBsoFHE2VM{R5!m1T=$tzuUn{tGTyL0zwZJ z*jke!pAZ89?NROU*bEc`#T;R((@c(rb7a0h_I$==eN5e`H!{vMPq&<<7jr;TgICZHEV=z0)d zr?}xUaH;H8628XBCJb*Wn?j`Kol{*fbT5ogGxpN~-t)mg1Xp{hMrHpcs~>fYU*EL7 z>P$yTFS<0jpMs9iS4KFcyMP^bbfajp;x}wlF>laK&XN1QhP^r7T)qycwPfG8xwdTG zxh7eUK0?SNQo@W@s+srnBNeQ$@y%-tZ5WKUp8Ra4;S26Mm{P${lx#~iY6c2sVK=D% zv+e{yIZIGhFNZI){dl#2A+Fk9cbevvSi8?_&PXhO0^jG!hllsCnCuPQ4Fjhn^`W6@&H$i^e^vI_jp@`2vl;mgM-? z1g+b60w6Md0RETN$|l2A@K_Z9a@BR=>nFHxt=z{|X(m?zt0KF%y$Gb&mUb?XqzTZg z!sQfrbp9_#ep%AQkOG$B`xWc%8Y;u~whcjT&w?&B#Zg)IMT<~MTsNvG95s@FaC|hd zBGA-u_bU@j6QLxM`KG2$NcFk-g->9uMs}bt_s2cM(yl!`hC1Brt~8^M z^4JU%vLuC+Wf52$6ByeL_NFKsR5LXVdOUoQv%5)ijLW0r z+mxSe3Dkc;U8nkW>N1u>x%k5&@GY5?#%YZ^e1qMvDx<6LVAI5a2Qkl#^kWk%AoT}Kw1Nbgh@xcwu_R6E*CD+) zgdHb~dJ?_s9@lpHBt?KZX56F8SUOIjk#50d6z|UOucAy@sQ$X=j;cEG)gh@_o6v8= zjY(DKSlZyK-Iug;zpq->26{`~49YNxbZy&3GZEF&|6MwAjil)!NWPsSts^gKlWm5 zEM;deibfH+>H8(DeVn;09#$-de^p&stl<WTK{1p_=pzxRln*3fM{j|3Kw4EuPUf=|2 z!)|VF)2+ER-{QeABdE@9_IF(XtjW{Et^4uH|8k7!pq=v_f*M;N0ilO2#?Ym3e))Ws z-HXj2YV+y10g9AaYo?;!2><+`?I;wRG*!L7x>`xPbSCNQ&N~(~v?%ILK}(Bg=1e)v zOoVc{v@1bja<&Su+S>x1^&uHP|r*bDI~tTyi5{dPmwIK<1{*4Y1soiqMn zRZttQL0Yq9ul?Jd1N#R5b@JQq#PQ4`e8UTN>bZM0asowupmyvBb|I>&y z#42Oqd$x6<)U`0cS8eCV)_nN=-+JH^@UpdArOVHkbH>7 z#Cn5?fTfc&)a=LiIcmhLRu+)wEZjDV;I)T2Ll_Dx<5Q^{#sm$AlnbQ4Lb>vZuDL+V zu4+pSsS;3rC9iEUfuAcnoF4$m;CseF*6iRI-JI4o%P0deKH7Q+BJ!<7fyrn?_Ce?H zMPmiN_muoH{Onx<5$HA{RKYZ}at9+SabXe;*xB@Qxb%sN1N**Y8ssG|PfZu^Cc_h_ zR~-)N#TsFAr;Kt_3=E#v0nkcSJ$=qZOPRDr6i_Q7Eb}zVKeLDrQCDWSbyt+ zRmtgn%VWm4k-aa-m{ddnRA2#dK!Cf?saJ6GA;p~CC% z{zUjsw882n94HGTuIepn?C`Sarv$SEvd&S@!pH&n_Z>i2tU zD)H{}t73XW=2JFM%Z=_+DPD#c2|mZ`db2SdXPF4|-3&=2F~ngMi#;@u;|uN~M;B9p z7=NYmTtNi#YLL{}3%FKghs0#qITR}YyfrQcJbZ-iuL|M^-ux=Q=VjcpwPv~F({^4)GSIGjx1@qerUPRAXWoRA%rDz+v&uFD*`GCEVA2i@* zem`}Y^FfH(C9hH%J0+iAuCxIF@VEr(vF<(BdOo`!g4YDs${oS{Qj~D~t-K{q*T?vQ zJ)P2;@y@^slZ$hzz&v*OFrF=38>Yd-r+br3&4j4esQm%&V(WE0 zYzyv{nqniVs8Eu$q)=QAe6NQQ0pg#2-7gwV>3t?0>@Q8#RuQlY#v1gm)h;nS31>yG z_1@-w*nHW`JtpVABIaLCo(T8%f@lMQ@~q!;_CiQN%=dSrK31PK6RL8`R1j8z>H@*itK3axOr@G9XO`>13Rk`57<_(j_X?Poum6)Rp3((a$LvM z+Axe^YZJM~JY0*pEmEst_~MCiCE8zt{b!K8Wi6ipMPQ@3_umwXTe5#;fqeFHDV)hg zT^o}gxAR;Iq0fU(OqZJ68~z48=j7TU1HvEw&EH`2fB+K;V#?MsCb8zTYU{{YE~ZFP zG5`)MVyjF9`D8(G*K%7)9u7?nQV9= z+@WhByAk;J8D+qQpt(?Yfkf{nGTQDlr@do37z8UIj?=1w;5gk-0j`UnQ-_vlgDc0sNFRepMDD97^=$*g8chOS)C6? z`-^KCSJHN{v&8Hlf==UmV6gKy5GKB>47HheSTg-Ir`Y&#eWC2#iRr%GYd!52 zfe7y0kUF3Geq}V{JaX!*JaN<|lk$3k0F>ybD3;I9c^Pm7H>q|JaN66sKrmVklw`7< z?MVhQ@G=K)>6Ek58vdRS47{PWx3e1_OURKn0Ot{xK+2tG6rc?yK2D-z|LXl-0d6c0 zl}CF0>cgk^wJEX|9ptO@U+W`0lwt+(r$;d+&IU<8QKpifX_dJA(Oq@p=+zGApf0;H z>O(Xy#l`Ci@ekkEjT4KS+%GhRxn_9yE|goZEHB|Tr*jnT$`+T?dL-Z+_HQ<_!SAgj z&C)vu!ArhMvc!?qbojls+%_2utMT2gw7#Uu^1bdo)0lv{&y%KDmj=caZr`DxrHKRX z2tS=)YyCd$97*Xv@egrzAk4SzB!mqzeS97T zIT#1`ERmw4iRKh#^-)n#fV8p}^q^-iav~AH;g`uKC;8q&-E^=>Khp=Usc3M^h?DKt z8G5^>?5M%&SAltM$?=)@p9m+9HIq3tQ8tP)jA1j*vue$@^O6B6KC_9ReKd}o9eTZ@{U6>%;_N~YD z)*IomvTbHZ4``|<&yDv-6F;dM??d(r!7? z@3pt`JwF^o$Xd%3|BQ~dqt!zv!kK)N{DglpgsWj0%+UA5`dqzq2P4r1>(Tfj9wQ~2 z-10Wu^+oc$W-UF_d=sT&ZngaOf$Ct43u-pMbe3OxKS`{dI?U4M?TkbWo6vMaWR!&{W}lD#lH6f( zF>D)>TTsAw#5Kg?a03F0;did9Z0knB=R&Y@dZARG>42IdUiR?oNQCaVdv*`MzI zWWM89nZVMkqfxP$2FNaLQodZTn|igPCNJl6cP_ZqnmBmsE{;6rdnYl0LGE8A|7b%Cxsz>oKS)aw!T_`@JdlBFWN`gx_1qQ}5;Xmy<&pLO2HF-^#x*C*Wp_h`oxkj zpk)sVGyU?4B6%eiV2}kli0Z&GIUOvo@)vkel6AnCp z@l%k0{}+m<2Q`7!thJ+KKg10lH0@WEc0-Gt_-eDFq5ep%T>d=uek+4FgGy@SI6|3R zU}yx`Jm-s@rC#}YFmE+*&B*EjEOsQdepQ)KS*ft-`0~ZN2HUmSIr8<(?)qzGmiHXa z3-eKN=V25Hl?=a3R(J-9cm;-Qe>XWW=NS?x@pBj^Gc0^jEHiTMs>t_AUzS0~%+CPh zKKPZ}QO^!9kAk17^nalu322$>V%LDm;kd=61cH#KOI}odR%BT1O=Z?OzY%HoBU*W$r~JAfn38-m!g#CgoemR#NdWSc^T)p z2{-@Z4mquMfuUG(xQSdh`i=`zFy5fgLtXQd`9sY8z_drUe>aaeXtOv|1qMu%%KJ&8 zFqr#VzBx^nPQFdHMcy6toQOEo6(n5a5^|4UO$-;gt_Ub67kevYk`3QBD*ZN$r!YB> zCy-)o*sfwct6eH{{uOm3QA0Nb-u(DYu&2niAw7d-}80&$Jt_5vpmduZhiWEm&O zdhnwgeR$&mWKV*eNXdYJfYNOMQ2zSmI+V{MsvONsLIL(f@Ux!47IOZwqTM^Kl3ces zc(*>2DrDy@Zk?vJzOy4212wT!Z(KQCeDX$?7{hceDY=xha% z*o(a-qhC8~Tq0DtBU$adqU!Hus$cIc@1Exgmca!ju_7pmr>vW8UBm1az!d8fPVYOH zlQenpdHK)?bly8jOf0@dCwTwcVdMXO$6#jr7cl=L7lPnJm0yBQu%x^ZuI;6hFg@EC zEHMrM1X$zl3h2Io9)pq}pN7d^3r~o<@B5?5=<&ttjz8bT31PNdvb;;FFvMnw9SU4S zP&Y$}HYii|aRqNjdv^vE=3h@gGiqYhI5L`9f#db?PyK$tDzu_Blv^IF8(RII`>oU= z+jF|eSQ7H0 zysKW4wdSt`3H+}+E_p08ZyS5RVQ|cUejbm%=(Hl&pFXOqcBC>Rfm^3_%3RP5jJI8~ z_p&F^Msy})&YI>?KWcn`gu5Eg#cT#kTcVMYbuWMMmYt^NESM+|Uu!d9Kno>=B>{w--cvZtFupiTl1jF>`k+_Q87II0P3iuF!t>mz>%jlo)@&X zl0t(+C=$@ZUj?K*zj@38qrl-`T*F`u`PFx$3vs*ut1xP=r|f$rz5(u({K)A|?cy(m zI4O(9I-(a^wYgsD^o6}f+<24OS*g5;k@wIpihXl^W~S#y_LOGQ_@%CfkddwTj;+_9 zob)rjlY_|@>|xvAn*vgef=UJ1Cy)?f4x{q2qXpp7`)@pmWY>5aS8of86z>bY&qUZf z$1|y9!^;XLif4ECl6PF*W$xXl{U*+ir*0xQ+Rhj~-%}0eN_pR_^7|@Qa1mLe+X%R2 zs|bFY-kMBU7g!fQ#_JW~f2aEnn+q?_Jx{{5M~-H@5>jx4sS{c=^8^pBVAx$HgZrtl z7xD@xu=8jT2W&KzT5uo)7P`Cx_z#a1E2n@T6X={TfPuwC>BtVaHx(bV^ay*;r~fDL zWG;2${v3m%z!$;UoW8gX4d=mx5%5;f-B0qz(k8Y-Al6N8+|+y&eZpk0bGXkT5v#i& znPONcZ;NE&cWl1&w^{rrCKQ9STl=%LGMBsrHlr+Z#&quCc`BRVaI3FFR(Ydc`xw@; zF9bL5c#Aqo1s?d#&1bjvGDzj_f3|SN-mfslayYC z{xH%lQ+qtLqEH>P!@H4olo|{=)?gbXd~SIkeff_n)}kw*Ak&3(1HP6_$w|0{#1@q+_ELZ!jkZFK)0Tmn&I4Bh1h;V^}>XO>_H zU6Pv!PHrnJ3CzF(WbK58es#lW+6M5RZ5l0{jWSkv_#=?HXlq&<343aJlgnlPC|bgb z#7&LPFw3B2D2g$BBOIgHzv?iM5?ztE<$5&tEY*&#gu_&wdy4aceYj4y>t3^t>*We1 zIcc+f(R!$Y%}PZ4`PiyJuUv3KPx!9Jc2F-rc_fD@=6O?76Mg;dsQDM!HZh+j4bFe+kU)CMJrCB|T7vMKaI zjL%md>};a%NnPJ4vJG0^n(*hQ@s?#hi%Q4)^zEM^YFG16SQ}!2-{!oqTvElZ;pF1! zcl8WO^e7m@H4^yM9Tl}VWnU6ky-4pBW{PFldwS(Uv~mbWjAmVaga6IBCRyxnP3%Qs zTDOuZ;7n$H+eWJM{Xo(&e&k#E$o21w^{CW()9j506Ebrl7K0G`hk14QredcNoTR=8 zkm4p&cU)>AbVUDuG@W%+Rn7bMMNmTW0qK(N?v!qjl5UXhEY#x1PY(!G!vj}*{J*PUAuWe=P+C0a&wk(t=DcDfy8w zK-v$LyTx~&g88FOkMS%)%~aeGbZ-*>5|LUeBU2(3m%bRmYq;8Og)akW=TnRD7C{l) z0c2B{t5A0(f~~ha@)b0oX(ihP+ZGC=u)fHY++Tx=M8V7hnyc@x!Yr)%UX^=sD-R;j z6gH{I{CX=Xc=y)a3^nNm4tx+3elB6}%Xf@#D>>|>6tierdh3psKY2Kv_z%{x`^lFgM$+5 zG}bX*;3p{w!HocDPQI5P-!+CcU#kbW*Eu))SL;pgkOYewvDazv>VIebF5Q}CQ!nMx ze>V`2%gPZB$AV`VzrB$dRdoS5e=#V!WL=Qo8~d{iX?5>CqC%-a8KD)G6q4K>!zRzX zyfUK@s?>BXb|vO$9$DWZq9;FGuQa-yeJx`_5Uo=b|8nEd7mU#bF3Xj0YlPMREs%G~ z$&E%kh8W_`XJ84)X!oFRZ>vE|m%{JAVw!JpiuyR>Y)h7{EeM*d-Y1_Vl5X@e|ByTl zT%fU+j|%h&a*C#j=8A;n4ICtFSg^QH=`@)^1&L?&e{bxepp3$KttvwpX!?{f;BGWG zot7hCLA_HeCkOv)OM^|l$I6j@a>VoKA+eqou!8{tKE5%-f8tsDh9)&q-{U2)JP%>6 znRc7HevT>|m0lZ_f9;GX(6{LwjSn{~EJn;;xuXh1ac&#uh*VRT)d~2lM1Mi1FuBlp z=P`F+y%{aB*5D9xivJjPM3mf8%*^{A1>gHNa z8b+N5{qs@%XB)hnABRyx;hkh-It@hT?R6;3XxrmCiMy@2WJG3Tp*C}4c*&gc@&a(N zel=C6FYOMr)Zq&#b)d@6;#ml+-TjJ&kvcy8OE1BOmr%e6aDTMPN4AhbQTOc+vz4Dz zaQT@49K(-l4@4w*AGs-M>3Tzb57yR~&#M5N&*FV!b7=4exO|`yy%wxwX=!8riR28X z*8G@c{JAl?X?R?et4SwCrHWEWP8pzevbQkwMJAK}E$?(NiK<|nSN^oD>X#Y(rW`lB z9Zz^i?X8g6gO&!~ev{?EVeJlqe!1B-P1h)x+G}v2$T0;g$94B_fAbDJK~4%(r24(Gl6m?FDusnQ z13{ivYS|-@oW0&1&&~!0EugF(c~tAom52a@oYI+bZx9qRx6`Ve63pj}tI`?Lh| zJpj^y`TCL=IA=iJpy<_C3luG}|F~RS16e94)f>-3AczR3<~GijX7SYQJ$=qOPh64m?NtaNaP+}1BapBl2Y`y z*Q8E987)ol(05N&Fxfl&Nl#k^_v8yNMoGCT2C6XZ$>#MeKJ@Uvt>RG+`Pn;QC7V_r z*2C6n-{zHcxBhQ*7#N4cfPM)pFmM4|K;Zdq3+l=TJBZ>}TDbd<4-XC?l4kyo{xj5B z?CyJ2$o+#hp6dx1Un)HRK7&x8p`L2jfp?)30pc8jMCCO!O&NX-qMCc6jK~n|ZP?HF%iKITd-beD&aZ};V=F_msWiLAY9PTqZ zZ-eoFN$_ZdcV#p;UOdO&c*$_ho0?Nbz0fLFR|a zwIx~MFFOkwJb}Dbw)xu#p6&45)W`sB2_22z(fqh5M~v8!^}=$aXCg`$|i79kq=zJL%42#@7| z=t0v7s{qR&?b;qhhJ6OB~K_iylzK+MeuH>dSXu2=;66!9#wPqF7GgzWAV4P z1OLfWhXWcQi^FAqHaav&H6tEI)jFqkA$Hg}~=lu$SbDrZX`VyRt=~YTIK)RDEJiu|`RwuR87Gy)pJ+(nyz04qFC~a8`H{=d@2D1m7!OH(j ze9hk4x|_A1FkWT}0^%%2`W<^vxR?D$)49PgLdiftn^y>Y{9b&xs)d&4vFYNe1!UTR zt$rG}?&-11y(z;Cvhbnk3!5dHO+$%HC119Qj!V;UAwyWs`v$Xu`_b+d_r?+18wL1m zH$54BqtWb2Cpl1vm`<+9`DG-MnoTfY&3$b9`7#3FxX?Rm*qBoO`=~ zSlkkA&+2~O0^AS=6(k)c%r?Eel~+thn9>0$3wgo zm(G8psFeI?nW-i#f^~4$|2$D_`U8{ee2h+!c==#l{ly`9XltE>*$XAB@7q~h^mZgo zBWoN{{|O=CyJx_LIcCUVigyR;ruWSrXq`uD?r2*b+B4|}^{1YR!uFa!P0Shjd_J(C z=(6WR{vI=BQZQE9iN2<_5)+?w)H$zlZ4^v)LFJ}~jx|8j+R(OWJmsU*B3}A1 z!~(kNb7?B{kC0;?jfMWY5}9Wq&{Vf^;z)C!xN1}c@GgO^cxPxpMGsK;58L!(ncRWk z>llz+{e&_r40WZk(TWmGg&Sa)+6E=UZeV!8%-#dTChIKF$ll~*y5$*LAC+Nu#NuyD%=8b$dXgb4CWGvS9Z12=9{Y8HHlhy zz|h2g8R;)9OpV~d`LNOmrs@KP3+2L18a0UTo^upWFTP&%aIO59>VAA1-D#nDhn0t( zI?6j81w3^Q$uLu8ftnoNQay@!;TnmQfiW~Q6v}-fbLAObnu_LzFP~&Hu`|8z4Ke=S zTL~-rG{76^FNF4c(b7@SLUkI;8eZqCI9_MN*CrDCdKq)Md81eIN0~^&?wCQxy6-OP zPv&d=26;u%2X~5q%u7wmhLdT&xsXYFDpOhb|n0-6~P#l34{` zJ>!b})FL8N^vle0T#J(^#Au3nKGMRYyXC-&&jDp4Hte!xSPb)Cq+DVSA8XhR*E)v@ zA4Wd*hjgzstGy8%p#Gtvn>p~&xtlZ8HSHnulvi`=I`AM0eaCxec8ewmop&!4e~eNk z0%rdWuiXkqn4f1e&Z!3kUZdiqpWT<7bos$Uc@3exwUC5bcrDORZ!rS2;B<)GS~$m& zyl5@43^SU`(qW@Eo7}XHh?~xnC z-c!{(GXXCtbbucof!E@a*!%Yv;8)3aYd4AJeGNQ(!}%3p+2H~CX6L{fT;w)3Tc)wK z_I$inW!xJszqkx4a!{&Ooiqlcn0d(sWOAYlIoQ8>l}0zo2yResb;FcxQK~h`rY4cD zAg+?U$CPCQ|5e@)BAMibwC8iLw`0^8f>24Fjyye;b7yx$kwAG6o!m{Ru~!Z{wzJTMbhv1Y2!(m+f7^EaiXV zLLoqjCjFzERL?!cWoqBX0?HEsW4#Vi`~KE&TDiJyhSNhjKoZ{S#8W+3#5aobqKAI} zfkF_0wLc2#;QcxV75PH#X-(U4azM(NtmXapAp4ni_OiaQaSK3d96lW%A02f=E16K6 zFD^d5tP2Djc;Nxff(xqu((+aU>DY9i73;8CidFPX1D%ou=1;viEg3I7&5V|N{f$&a z;|5$Ac5!SDDmU|6E=tfaIvC^Lp?LDjqKjhy%chtWY{1 zsFi&Fxb~SJ1OlUNd=Er*dOm@= ztwE;o|Hsg=ABTeSC_FgjNFVMA0@v;tG_6px(N2%*7_}Q6N&$k#o%x&vlJtOc^ihU! zxN|fxaUnzR-8s}uy!aDze7fO<&S12Q!;;9~*H0=HorNMBwt3xhY$XP8#={YsU0G8E@Luna|!59-AgFy=&mNia8xKRwsFJ zfamOk^3@VA=fdij3GKCg+HF#j$lQ*uQ@%2;v;JkumiBYH)t(US2Sby30o}PGR=oZ; z)cZmv%)N#PWrqEJB5qhwW; zI~+l1w|pgaWvf;NFIT^r{~f{~7macit z)%NwjJp{$@mX>V4qmCy)p9X&~y@dak?^tcn5D**^b) zjhkj61_{~!%$)Y#-uzHrp04LkVrqjQsBPbYlf*y68DMtNK>2VZ*}^1HTOu%9b>f1q zoG>(+erGs&3);MgdijCfWIo?d7)%c%aNe)e#9)+wH&O31)j38=Hr}ss*lI}^Pyp@( z9aISXF!a?MEZ@hQUrjGv0{ zoXK*a$TH!YSF2bOJsIOLfOt z-?{BC6J3IveWbG%$5+3nv@BBGR|;d%BN}4XQ=ietZAdz6eaZLHnlE_SdSYx;BzCJJ zcU3bynI!24(@|?Y{<4jFm(TfbJ`j_$zY*Ea{!|N27x4FsIdy%`5xO#{=xO35?Posl zyxeu6Zd4pXpug08zn2{Y?XX;0kAmcZUt2 zVS1rd6%bQN$?ba^?cN3p1$lhh69#7G^CICVL?yv%wcXpPrKN~}Z@1~_flONDT@2@xty%t! zNpgthBBa*J#1gwzU;Sx%pUp~tahxH%RLNUwq&a?9&>?i(HzOL^PNG0BTykk~kmyn6 zj{sK8P8uIE>hU#Ek-)~Co2Asu_)-Mn-$q;9zm2ZA5*z&9(e#mg5`3_~g&_W!{4amc zV9YR@bT*Ln@5Z7Zh4SkECh5#=C(Ak@=uFF*utXjngUQvpa>2~$p2JgvuvRG2;j z7W`;E1juscML$sVcE&o z2mCXyB1->B{D`$@^dQKkuj^%*{GM_`B8qQ8dx2!fS|SmXqVz}iwCApnD<|FVyT)5H^-S~=q176PguDFN zQjhkj6rbv!VK{GJ%@j4lrz{8^A}^E(b|@Yr^Vh?tOksbgf3b)sCdGmu{7d=aM?6es z=f1jk1R?A@DZc?$^p{Iw(W_+rNwMhZk~~~Eyj&XXW}J4y6V;H;`Rc?Jj z!thK!%Pp9>j(vFM>wu49Tk`A+_3}cUzB!9N06{Pj@IJo_eb3N_!Am5$U5sIQ7#DbP zMGw}=;CXn$Umz7TP?e8angsIogfZLUEbkJ+ipZMiJtfzA4gGmx`7=mRiK+n z$k=k@1iw(1)ao^zP~j?TR7OkNg3nOX$x8Dim1W)_4W|=M75~LR{f$^-;rpB!jSAiZ z;g5oTornZ@JGLQ+D;cp%>n*iYl(wX5M_^^Ws&*TxiHa-TOWRR7l}Yg$U$-siVl_+FcjS^5xQ>?yY(+vwm6vjNmM`LOTwS(STp82|hvNj5 z=Brck6=fxKw62%K=16pm&ef3DS;u2tY%DT+<$Vp9=GRe8B0L4k24M7K9)y=wsg-J; z2T&WEPICpy^<*A0&3vK+mN+i{L;_!yq@99^?Eu-efiBUYn?cQQaiDZDc7UTrcqOoF zn(+2Z&bKTXa;OhuuAIk>9-3sT3;bA&u@DQeHg!OK%8L;9$c=zEOdY_elHTsuA43uY zZCDc#5ph(9C7DShJfWjt!Vo;c$VxK5D^MSh`pJzO{fvA$xsNs`rD`P6e?a&;_9X_H zmZA$V;r^aESAOl2N!Vf{-=_@WC3bL+LyuC**s~_6oYY0}+|dpE#BjJvdu#D?zubY* zi8x^{J;3F7!WcblEc_zSWXPmTVB|fo==7BG&K_MMf8-KQ zgLP>J$%tVUqQIQayvRiOQN?oQMam9sxxE%H+Sa0(?gQYY@9Ldin6A0%MKpbnA6%oi z|5&^Kp3fW}9E|S@PFmy9XyuXBf0fAWb7oq9i${{L;{uBU8Z^?eu)QCE!J+(wiU`Ng zV2S-#I-Q-J1yD6O7^bH6m%z4=PK7mj;UMy2GFX1NMm`pnoDi4xN%%hn9`2&xsX<9D zPn78XeK(=%goi<@ZuM(=rB4ZR-ROH$q0-HM-`1Dg*Vyr634HXOVuT!KMO?hTDpb3( z>R;duGf%vxu^G>tH;klgR>XFmoaa4en{4zFY>pDVc)P8#+Hq8??p##zucV@v9+rKE5@Yub@@&BQ{5B!69`Zf{a=7{S8_tmw);v4g6k$IhrXN>Rg;90)et%E@ZU8q|&R6j| z0kLqF$bl+^6H=)KD?{9Ef_S#A2R!Ewk-9P07!0rpZsqKkw_*s2@0fls|L2Ckl#t7y z`munP9`kx$qo#|?eJfg(Y9#(b_nbv2Xi9shMc}^hr`*wkQ)oMua73=V+L89RDd!zm z-1&Cp7lqQixKlyB2N7*WC8hoN32uj?ID1x%gw8F_1wVNG!51Br^Q<{_g4dJ6L&-hB z`4qd7viS_6zi_F)j?1O>W>B!Cl&D=zQUxCYp(DA?K(31XO|E>bM5SnZ|76 zQFHxNFWF~NLza+Yx5If8pZ;by?D44`q8%^0kAa_!IKA9jZfP!mkMrDL+D4;;QxUp2 zn)mx!kdV_3GlYM!~GsdmqGIg|s)ljE`h%U~4S)$~N1Wk=j-_)m4 z%m{i)1mhw`rwU*p9>K=8>wDVlX$lbp6DwlXC znI{}R8B;|J--U9AJ58W0?5<^Ex+jR-M|rMCHs9=kN8ZBW4Y^gNd4l6*{}j)^6%CL8p-*GcP)H&n=z#yP4rh~#EGa-E;BS8A$zU0!Ss=D z;Y1?Ot7CkTp@&ZbJ{2QCR%&`UEQ4}VcObUVt@b}S;!pxDAfbYQ^QODa2uDB?n+ke| z@I_>77&Qj{knj!$&Rpz3DqSO~nIPDu_kL<%i9VYTmO}!7e0Xk*DxVV`PJ0VB<2vSxLy+DT8zE z3fb3sjNQU=CmzeYxAPugDNO^o@X!*k|6t3|%vJ@gfDa#(i$u{QO{t|}-V?wsejs{FHq5}(I;<|rV{$`us%w>f zxa>$s$9K;%^XHe_5$p+n9b%VMk#sGW#BzeJ<&m_|frE>)0vEzBtJfuDBijgH%3W0B z+l!o$osFJqS2VCqn9c~j8#v?`fn_BY0XTE^%tordFen0>q$Vm)=54!+S6dmcc z7(`wWHu&2pbnnB}w+!bU7^}#zIV=d5hXiB5Mx{PzGU78-N5+*V15%%SvOQ-+${*kw zv!yr-eW!FNWe(zZ@0>Xe?`CKm9*Eh63D))w`S)C6789_=_Tb!T;|{%<89IM`xE7Y< zF}E@4H`5(H70`K9u$=O_@>#>8In$yi{Eb!k+2Ly!nYkb^R+8%6mrpjhvfJrQO;K(Z zcB}t@RiGtWvOwUZ7Wnc4^VZ8!9`#({NkT;oQM7-iMAh+rCwU806aG=FKsLs9O(rya z0jK@!)kr3PW6lF~RG>-YtDs`A#lLos3ZQ#w!){Q$O7`ROo&zX1Oy!dzzy`jXr$b$T zKhS6T?IpbCpmk@H_89AqzQz;ru@x$a))Q_XG37B^ZkJ=Q^J0iaw+mjaP2i5FF{e)V`D?N&Kht@x}fx}#COetnOQ9n!pghaN;Y`PDGIu=s;elaRZuu2}$qDa))Q z#8Ng6H#K!nFl8~do()^-#>UNa?bb&N_fV^AZ%|O!oD)~Be!p8ApHnk@yt_~-e17`4 zWsh~K8?%l!>NDpx`LLl+58hFWS~T)(ENQ9Zs7YiD1s7bA!fVkjg_7O4D{A(-PzG#Z zpw(HmhI@p_nU*Q}rL6vFxdNCo%ZtHI!qzu^+WM|w)WmSVmQ_~hygF4Rf|=?!rmJ9du9jxzcr{w z3VbwQCjKnzwhbQ21Y|Ypg2Vp*9>MY&sFSw_ytA_*X>tRc-Unadz%zFwqbR!9sTZlkpwnvFc$xq)pn61!*x#UZa_*X066k-fPoesn^`~O-W3Xig3h2GOr;*c zURbMpT7u>q0D6(feCuj3v_uB2yn%8uD^^6W&AeM*6@Z&;KtCQUMJ$6s0*4W}N(OIY zHzbbmU9&X7PHy;R)9H8PwA1EiLC6#q^-sTLJ!8)$l;PN)b-I?zs@h&+TA$3H`^?uG z4*Npv!|}5{UyYh;@rbC6OR5`mnK1!Z5Nn0j$kb_jAHtGuV*#ac^uwnqX|`QYgZ949 za}?GgR;w)I)pS2wZCby@^Jr=X>}iaa6EFC69;B#tgYt0_G5ni?(DA;$UuU=6>37&6on0nTpZ@7Un00G#Dq<8Q^ zzp)P})ZDF<7ah=2$tYYtX^1bWu3tA5)YP%#lFna_6<9eD&ir(iSViD~|Hcf)#H7Xioy6tTP)c56}F@Eyb$ zM>VVg-Nc?cv(JH9%i>24@yH%L2w$}j%tw@2&QY@YKFh+lw+wrDHNnOHXM}4EbV!;l zF0_F7@C9@jOh8ffSCb<-NE2ZJ^>NVBVCjRVevgeQ%BQlu0=%eRsOH4|L>KD20EH?+ z7BE*2KfHogsNyK)Kyw1AT(|i@Ft#1Lqv^o1qM~y!a-SU6O&u zMQ)b=tr$5!r-1QGpbA-`77|fHrS`zcNUlIV(iaZwF8rI&Qy!%j>$Q480TJO4)Z2cP zHSQ>xX@MGEiYX6N-LzXXbG8}OIF2m2W#iq3NA-gJGulrlrH@@(0_`Sg1$TmW&CDk( zOg{Zu{>tzOuphQf#sm5Z%Pf~Try}d*yemqtALRQ)1By=xXMW`2kG2m}-23<2a6A9T znf3huCmp}uYLfGjAANJXC5lRl8Q8bNTu_Ka{6Qhs1XzG)@bIA2){zX}c#wnT)HjC_ zO*W5k-KPEei)fR%1N*85;;Ict{kI6RxVrb>hnchsmV4n|g|ybIDmr)NtQqN-2O_8C zljz9!4Vd^Dz zgKD6Y%iNmPg|3C}Z#CU4V&&>ig$mzLfKUW;S@VgsTgg0(hD7*dz0zCGE}~O%G+8rx z0@K4E>{`kFi`=eiNw0dR)!Ou2sgqsAmvfk{IX~&XQHQmQb#+vEeScUi&ijWqFXR6GH*lwjI2C zxjD#oTVVH{J*xU&C^G^XtvXw9%0)>+Za94%QnRL=L@ByVM{J(Zww{6|Ua#7Ll#ke? zxXLq$d!97kY?=WP~+oW zJVBkT&b9%%%2v7TR7g&G-pGdU7JvUyGuJuXIMeB=qk1^`XFQv~wR z`Yx^!;v%#!oQ})X6=G}Hf{+R!mRRaA4;hrf_?Iy#lK0cX#V{_{rqmbNBQ2ZTa)Am2ixGzOW(LR}@PQ#3@md@8Ekn|)vwD-*^Ff(b2s^bM2Q&qI3{`0rKpj zlT&~T^%BXG91i_#vN&cS2g8s=3o}q<3W^*=gxrOGdI4V*agsn#f;;?srKpD`#3qo~Vy3 zW35PxTxizn!x7YkfgmB!BI#Bq?sRslo!%g{_nU+~0Y*ysrF1_W5cg=X%E{eJKd5l+ zM1M+p)Z|vn50(9Qr8Zs>Mu|RMMl`xiGUGLq{6SPZnDF77d%Br?bR{+g!>z;!!t&>M zm?u&$hb&UBB}L28 z&w#mO;b*g*1*luL;}@^0HNR8}xYf3yzxI9{IjC%RAn?&o>L=qo;XfKCD7m*#^@ef8fb&J(D8WX#@np^@^N% zzR5Z+jB8x2`6gK70KbQw^}*9R#_AgcFLz!3-?P72`-$d?jt~{zEWjG>mIG;nDsd&H zT(hcr0G(Aq1EF3yvUfkU?yZmx$9usjE`hy0Yl<2c(Xz2g>1(sYo$alG)h}AZpGW9W z;(-lo#5H~1aup--l-Th(SYbv(>$r^yfz05vU7)_7ng}N*$NLvB&geyfT1(-37GTTT z-QGlvkHLFgHkj9#reX+{)|1G&;yV>5gq@d=v z{k$4U3kRT**?vo6r;TzqjdRo3iDc%a8Eh?I9Z$48VU2R<1ewY@MQNk$M^1v6AQ&ul zObNV$aBkEwLkQrsPIxBtf`0PEYd!z9f*u#3_ZG&OqlA_-y70!cmx*djwxkyMB3@Ba z)>*2COH@>~PN1XsGVg;>BK zkID+{ZBz6CPjXmu8&AR^Z@U@>j%VJ-$rvqx%8!-I66m8e1f0N)ZFk&CF=l}QXh82q zR6kVoM!!jBp`1O1Rw}?Hg;A6fBPH@$wZD!>1^Ul;CDcs$jaD71 zs1JJcdR&`p+{ggT^6%R2K<(U2v#!c^&|E66Y;uIc?|w)HvT<6v#_LZenWrInnyx{s z3Ss+{6s|6aB#fEQzhK3i->f5iM6@Flg|uuGb*{y2m2>$Zq_MV_n(xtU^^WBoPLO=)N`fyMsL#7WJz};el^1K3hQ17 zczMM!yCuGFr6uPa8OFgEpLki)BI$$^N}yuVgv3KH7(vMk+Jw?T>dqbc?=9jUz8DNn z5I#;|EbW!Ro9-ML%k>xGKERx z>TX$G_&}0y!ze9i&jTs>0?LfLSN@Sbe;Nt zF3p)O-R5!%Pt|ne9yK1>ncO$Mc<)^TL+;};oi`}d*?gawy!*%TtKtyd6x|??qpzZn zbN`OkRBIe5Th^(S4{D9D1*B=TSy9atrz1|^?}Po!^ybNnPAKB&F+ zNp|hv)XO+&MLv;~S@Rwg^{XQ)(hC!qPvJO84wlv-U4pUw$& zSK~bil^Aw?zpVa+Q=Y$H0^rbPl8MG2I~S%5NNK?(UzMEWPZwTD=WgHOFM_LOH=C~Q~wn#NOZ{6xNEg2A7{mD zP=539%I}QppOECh%R`4Sh&vW}qo!6}o=E+fKZdz2-IVwf3m=8db?h$0HA~bRAvY%y zxozrRnO^KOBTBR7$Y1SB7>H#PzLB2nf0@ZM>tk5sbJW*)W3d~X{>psA9%q zu?R$I+dqzumf49a>0V^?9Hj0#8#X*sAc*ph1Cs1fYkTpkZ(+dMhXF@0kUcMbwBO|+ z?`DQAJF~FI;56O+)p!k!qlXTqUlK})q`BC_dTQKnGrC+WHvNKB)P7K3IwpQm>xjgf zKpHR*2r3m~eW5|A&2V!6$N@cOX45wVM?7^g)pFlRu zoFaO%^^P^!Lg>HZl5KkbZvY7hq<9)|nm=mp5+bCwpOxtnVi!X&yD*p&-%?1BSG*i( zkBiHQ*J~6@Aw85~{g4zb5VFXRly3Cgk`EJ!DWhE3Ze;VD2y0KPuS7W~!l}Gy zw9B=9o=y;R`l|MX$UxpPi&93ok4>L@Dw>WGq07F)hU*cch$eeP^b(Tv1GtHMspC&x z9nxX7oH)5;QWTmbp<%QBhzbD&C~%MM+B9YT%;IF!UMs1lz1F*WEwDp3VtH1iTSdS2UUr{@rP+CrtUUP;=<5O{z z#J9Vw7P{~R+%)4YUF_|ci8=}BsD=ygV~N@RUE>%7bHT*+>*iNJ3~0@=6OMzGwsEOy zymQvd@)=^8L#47`4fBLy=-lC{Sp&YsHdbGMZ4>O4Bv4w;Eo%OgS)9458*`3vF-f8y zXx*z|nc^}se5r9OB)g@>(yR3SzIEKwN{~3ut>1U7-eZme9$ox+O%)t>I1fY%>wgv8 zH6t#ntOd!+WpwUu=9nWc#Zxd?I|~2blk6Z>?)h8Im&>67+vGEyeO-+*&i{wuH>`ciCPaKj$qo&ZnMzVFf}uzb~`rw$r*7D z7}`*CBFO#AOaQ{6{ted&!vTphAFVtaD!25t@|}wsS`W69U0m&9iS$?7H=bsH^JDu3 zY|UuV>cUxREMtd0a->zKWbatoS|kW5TKkr|qePZZE2N(AzCf2&_LI=p8t-y%TS6+g z&dZi1fop4NPf{`{%@y#?#Zx~}6Ze)X<`wc^dW_fF|2>lI+9fWx6vc1qtnT^*a~69`1@f?mcBM^@@8aHumM^J|*D;G9Uwj9i2d*r>TkFzDLExIbZ3^t`@y%EJ_*lAO_+7Ol!}E(?dJDF|Se` zRrNK%CBsz2D#YmG9eMRhUbe=Ttfd`Ued7aD@bn8qAWfeJ@dW=tS34sr+04O>c1+o8 zyyR{A!f$1|kpxt|@91@%;ODht$-_Pp3uo*G*W0IT;Y;@PbFU=CU@(rc@6nEa&0pi> zCDk0Vbds)H)zEy z;q||*Hv)VT3RW4`t63#pcka-eyBbpcAyvEO`<}jSf<*Le_(1AVgU>Djq<>r)4ai?A zHw%5WwpI)M@=*RfE`F^=^XE=nFUY6vS$gU=?IAS0i7x=pcSjvpN6-Z^vR z`f^9rYtQ5GS@8SDqkO)%XXW+Svb={9m5cKa0yZ-n}92 zBdSoTh>;dC#B~iB2xzh%O4rU|Ba7<{uy~zWM11+Rc>F2lO@~Y_N}*qS7D2-)T0+tYx!T#t zc;8zXTfj#!hNfE?rU${TjG?dGZjUD;2jL>~^1&|t1b9%eW~Tw_$KZR5w}m@u^l!&t zf*raz1KP`snTu9sr*YSfCu(+3siY8MrOdx59=LMqhquzyO6P6I9i{E6Klm=mJ2NTf zzp(7S*K^mlJZWA0YC%L1wm9T4G4KayBj#XBVWv!(zwh@`qZQGHrj1jm?heoC4quVY z?AWQ|ar_$zQt>2kNl2ar0-Z1Ve%FN1NIBASH~(faq7+%|^`|5;us88P{EVQI@unb~ zbWb)n27|3*f7#qM!+cc84#As*wcjLV?^if`U)qo7_`7x#hK4uU?N$kV95UIqX(oYI zQ5fQUmqh?FKCzrU-qOjj#(H2R9xsooQP83BVfHPmLT<)DV6D|R_G{Auj{g-*Q#7Z9 zjaNLk$&;Ig)JMpCT8E^Cobd2)!s^hi*Er&p`J-Ie+WQVZ60pxOpKKND@0Hy0clRSE z++1rCEsCC+9ijzD%eh&C(3L}d&ynk2+ke8KXTG1Ny3Wi_qu=XM_)uFL8NY6md6Q-z z0ASd^*RWU5%YCMcH-vDuOZU1vY}rJ*THOOIBE`FK_8FODT)Fojx8KM1dAgZ|v~)F% zrA5jMp}Hqsdb?OQ4p%d5xNb$u&9aA^Xx7z})0?(z2j4(y`iWWApdvpU{)pmeoV zFoi{osL6>1$!w64zoMNt!i;{UzjunsQ5pAJSHW6-&YN&4mjy5GZQvg3LxOk4u#3`Y zm87X7bDi6N;y0JIz{O9sBCFmc2!bl0=kdvW2O{ZG6PI2X*H&1CRZ(o!7e*nSs9f6L zTxLn%ic&-8gy^W@z`2uOwf5@`tJL1Y7Y=!!jDe7`?a zh1u*T4z~typZ(d!CV1uSgZ97|U^9l6Eo4f2(>UC!YmRJFc*|n_omC#)Gu^MkaBY^z zT8F=>FkAi<4ouGNcuGrR?)Z*A#(3sx<@c(o>~O{CeE;r;EWnN{a|}>8M!U&qK33^tEKZt+$nz&f$+j3f(aASI@Pj z)S{=xps}&IKnD&NtMQV4${1Hv*)&wImehP088?R3M2Mmbq7}_UgS(kYyPPUX>)nZas@PTI+=fluH5?v`sGfSocpSmC*p@7&}qLL@CL~_BIrH1 z@BFE~q%w9e3%^O#jP;HR2#u5d^~f8n2me{o9_@G-Gqc*-7xktf8BOTf} zKIEJKJCTT|0&4a?t<$j`S>ZPc++|ZrgMwaaw5H0DS=k{HJXtW=oQxDL!rjAt4AkAw zk{Cp5S8tQ%*v((x_h4;=zy8f1VA1ocIrVodU8+G_=zBhUu%%Ul&0pA)u;fU2E!i89 z1p`xd^Sto7(j%+m@>LOE%&`P9(N7EhS(tydFJt6H8}vcyFOrHI_^A{Mc|i&t<6Vf; z``<1D0XngrD;V750p)bf$SvO^^T8C;Ft25eACGeh;r(ukUX_^QBh3rjH+sB3Sh_79 z^Sq^7BqitH!6S^)>@Xo1yh@N$KDP z@RGKiv(WiNkk-X#n`XxuQP{rvFs9+jWkoNhWD7KWGPp_22w(C=_o)8rt2sRAEo8Q% ziq!18mN3j^PQh}5up$j$(x~~2VIrV5ba5+3+yC3+AiTKqJ`Gc8Uw^^VI80hf*p&OS z6U9kJH#8(-Sps0EaU5}|c@5)_7NYoG$1QVII`ZpfpvzdB4$jjV&)B`(C+GGYaiebD z(~g4w7+5WNgepRzS(&!nPT$DL@I)*N-N<;b2mub9*ms{}=5WYR z(nWvt2`O#hCVOM#d3LBCj} zCipLn^C7T)ojp1}03&O>ea?i+@(EG(uc@Hq=8baQFfX$&1CA^eZy>3Y_?utuwtMLF zWYt{p<9s0hVmFgO-$=lFB9M|1tHJ0a12cxG*LuASogs(k(45Ad-TDfV9#`_t1)j zbayETNK4lM(hU+al0y%IFx1d-_RaHt=Y0Qkn7L!^mDk?uTHm=JD+#Q63;*3{MnBO` zli`}jow{H0>DD_g7sc8|&nWhMeCv5$)55)l#V5vzd(o8v4@ZsY^je#X8il7tH+367 ze^h@fnDLYmuc4;(`|fUIy1XQI6fb>;1D765>$@cbHsE@N9)!0K=_PNR+u%gL_>TA| z6_!@Ro1cRf8i1d(*M+?^h#+$?Z0+dblAEWfChf^cqFc8`#8c9!J9Cdr)G<8v70oMz zSw;V-r2o?BZ&5Bt3}|@Mt&f&=q!fA3m{<`#4*F;M$lo&1mCirhLYF_SwRvMN^5tyV zn++9rz{_marbr@uC=h3XKVDzvdK(MzQit&JrGDi41NT=n|G|5@Nh_b|CkO&{J6o$b zdJ>gx(C&tAL~0o6yM0eJ<uHf?OK z4fR1B(%Pb4mS{uBmUK_5RB8eK@Xg!r+E`lBOQOH8!$iV0X_txY|Cck2^ohf5-?05l z+-t8GjmjD2#_y|H5>XOU^}rl%m_4-Y(!YErD7O$?b8`evpX#OmT=rN|H94;}v@ z)X^z*AYZk;r71VbK@=2MxBHMS?iq!T>iN_2r{BbUW#ZQj94a%@lMX)&H@?!;W^jO0 zuDFu%I1ox%U8kj0I}_Ei6@dw%Vgh~&K@PLj1pl$yP-{J*?LFQV83KN6H} z@o`8m-^wVj&V7HESl5S!(BwAI=J#Q9K1CQz$dmX8@|I*)(iV;2! zIQh8BB<tZR_Tzg`<(E9QCQKMIzZqKY8TjsGABCofkQ^NIG zIv(Mtgx{3BrD@GZ8d~p%t3>^5`O}}kbllCURK$T?-9%Z>u0eEd^)O3W)0;76ZzBZz zZcOfzBIE_23SJS?WjI zhUe*fMa;K?MNu=PP3>!3PAaU?p;vg}psG>N4h;RHS~9rzWn174mFw`Z?AEtLBSWK4 zpBAu!1=_vF4|gB+q^u*0uHK9uJZUmrr@Q@-RnXtrC&sY+{OgJ@*g(~iX6gUag`I!F z@Hus8M5_|LKGjZB)-MnNI!BoSHA7$>EWCG>-Sqp^eB)_M+D#@L!&Y^AfyZy}{WNKU zCd@rvbPP z)+O0bclE!BIr+Lg{u0MamaLc65n&n7cCP!d%|4 z$o{d3<}Ru8OHLIfeEuHu*VN$bKKyTT6?5lUmPbaG-dwk4`oWYCPtQ_AQ;`2shCXS7EEZkn-}QwVT%b?XiTcAF_>| zart&lhTtX}?w9L9+@s&;`-@txSK|>YcV55NO7fUVjwPGvtt?OWqa*e}OExVXoX>Yv z6gecGF$&;XDIjNNmJjlg)@K(_yf!5e`X&SBn@wt`=QAkr!}KO?enh&7kaf67*Vgt@?wRv6;Xtl{v)3Kf+t%{heNzo#4I7d8HYKQ4;?Twty1tQ%<8 z<|f?UK-Du9r663TgtSOwgs-S39{!mMq(8#Z@%xVaEo-MUyb*pH^b4zEkeN#=aq7X8 z7(s5gOqUYgef*6tuD@nNDpzik{~a7!qq%gkOlfLZeIWZyDltnHK~3bIS88S1j!sbPqW~ab zF8u2GN_njc8Sf4__sJ^W$KC5saVF`}Z{EU0D~`*vP zairRNJlT6*?{ePZN<>fnxD@^N+^+aRedfi5$3E61Gieg6!Avo6E#wZu%4E)StW6cjyH0Jj>WpL5T;Bl%=< zw|uSzp`lv+43RTz$|WVwKdAbs>^)9AtxvC9sR7k+LW5x-{0F;UidB@zel)$Q4=N~+ z0d0D2$Bqhiy_|yi-hWy%c{86&Xui+baFw$wuRJ-XZR5FE@nLupt?B=6?NmUrK57R4 zqTD5FqP3uaLqDxT&->|6xWd`&{r!rB-L+p^204uzwaoH2Wl-%=UKimWUI4tiHoi`zx&H-C*bU*gE5%askY%qKtFbM6|lz*oYLhM@sJD zO*u-_`EKW$5PXt@7G0RIbmC|~CSmR5k;TqN*7RYnVV<{yOwYk{YW~6=v0=|hhqTg2s|3TR;3rD_l_@^XPy8N?C`Q zBvy$(&_0|la<1zzMFD!<&zx9{8Xk}T-rP{4G|zUQS{3Es^YDKS#2;Y8E$Ifk#bI2= zbkZTkBT`!C-cwa$;-H63KdskW{_1e$Plb=EEb|jBe$M58_f%&Y+z~t9Todr>$rG&_ zsj)539-4+losXli(D6o#BPfvHF%qIoi26xZwH)Y5Uu|;C|Dg zexmW2(*~`Fxk1tTD@uwUN)rxxF`+!v0nd=R?``1OPK~UJwI&L@h@3mh@uw3WK5co+ z>xAkd2<21Rz`xXCCqst>IraRfZ1mK>qufG$g@qSHB%Zo`-bM-dB9rZ=Olh4z^@VJj z8}NJBGZCk|wG7i3v}P0u27V%z!I`}MK)+;lj_~ij3c}-{nAfAP*`MxC z6b3{`2>RL}Xtt-{7037=x)i-QO-Iz0p0dtWMKg^qT_i?665c7(L^L}&5}rqJG8!@C z(4WBM&h1VNIE12(yZNwt-1L_{xOj#lLslP0eq`&C>0-ktRpj(_(l1Oe-~L#fAd>gN zGP9Syd3t43mg7jxVly{-fBDx}*(0a{8|onhJr^{DwBnx=63ElRc%wR$1Ulptd3jN{ zmL0YYPH2;8CRiw+Lr3##K^OOk$-%$LPh)CQG!Rb&?ZJ=W1>PtR0;m&tO$54BCg|rm z^c-RlU%-U{V&_cGjX+An&&ZP!WZTS){=Vnsj?{(x!0>R?h3~pXRw%fehlW)gwLSc9 z*71PFRhLNZtQ&RY0}=m~6|;ZSwM5X3n)k$7NGT0r^xO?=kJ4R66(K-A%3VPStNEr>v~vx+y$-Is;-Vmo*V+jkzjqU;pV*PcRb7|;E(zy*#P zTTUC-M6Oy>^ja`_CBql{YL{ey4{NTWH@5K0cWZC(_+6m+QUsy`sKZR?@k&WWk*bN` zh5A+ik)62s;@zm9(EQnS(9XNTo?kyu*u2%S!F>iU-2CfZi`G0=8N^R3wF-|FjXlM zGzaWm5v$CA8R$>Ej~-*qgI3WidM`lp<$JYG^Vm}N8r>X^HT$G!bg7s+NKMKY%4D6~ zkG@TCk11UjE69FZ$!1ui5$+=MqxIY?hm5^gO|n~HHSfWV(1$$V6t}!B)^Q0k!|W*xU}GzUSZE?;E8SV=)Z!4$D1v^_>R=p&<(8 z?r1}COo3V_KhUx@SL{#MB#&B&7R!K`!PjDj4uRs-9j~T2?hOhrL7nq+JCW}5R%%}N zGXbrH$uMXqHB8K>SH9fkx%8Jht(0m9{VmxCflJ*{ORH)2S84)ZqCx+R%Q`bX`!{^S zsVcG(&xJS?wnk3>n}IDwz^13?g35d`MeB#yM6?~PpRjkT%Y5$8fu7IB0LJhJI;gcFXV3-7lE3X-%#U z@Zr~VCjZbmnKNHG*(mGwJGH+Y6!5it@WcTN^gvszkZ+fCUTgO7CV%vSfbyEFsqH*T zm^T}&Wi9R0B(*Qu%E&^Zzk-xxkfcI$pSAuxhW<<;L_dBATd>Rd3E!%d_QUD&U8Pm$ z>OQugp~W74kL!f!O>=G=t-Fs6Yk#F~AZ~@r5=GnoNRH?%NKAG(fQ<|)a;IAVjq^WM zd}BxHLipG10rouImTp_%DeI~TGz<$8!w4R79HJ|k2c!($fQBpl1~%dRZa)viR{UFZ z73c_KB#l@iIddP1#dncK_gw-Zon&~LeKQr1^yP%;7WA$V`;6*m#;|TM?fm`Pw`j=L zc%8h4bmzWj@K>SxDIo;$X%njd`nOUMe{5jX;<#@FHP9Jnz zLB{s5Vgmo7-S3EKRWOQ1EGVhzpIHgDf)z49Jm2B+FE<0BxVoth4%s*-ao;N zYe1Bak!@dR0l)ectE`@V6FHVcA6vf4pov}ncJmG8ypguAM#=29B_xfJ9Qu_idVinc z&{KbL{<;%u%2G4vf#Bgy>{#ZZ7%k~gh$D?v7R&U>A($YiKS!#mJMXHFqPx1z(w)@# z;e*Wa@p6w>DafYpvc*IS$Lg>djVB`o5qtx&C2}z?lIIlyi_RENea!<8nA{KKERWKu6P@WGXQqfPDeizE5O~c0obnnu$re^Otr&Q=Cf0GZUtM3YGL!aMuBixh(wMI^` zHtPdiz!Y(~a4>Ce?{fg8cOR0TSQio2_d+~~+i3^eZyP&9AKUM=)=w;9Tj8*N*k|0E z`tqdgvS9%u2!g)RCB_K-?<`YDSy{Ob5N+yZoo^Fe{z$Prh3sZ5^FZLN%l<6LV-V1P zz;k9=x+S(gN}c3LwK34{;QUVB`G75s<#!b9_ZeG!{#wZ}L}9aJLU;NnF9}Ve^FEwP zve9j`je2ey92a6!dqs}OPj|vI-1euOXX5d|HM~4QSWrvV$og!WRz0>*^XSufy(F(u zcDd4WMk&5THT)KMK|i9hx8)ShgK>C&V=IH$bc#CKdLECH(wlOyY4sfZ#;vn5>bDIq z*4-=QU&UZ>kQ8Yf)Fv@>{(;kvap`@!k$>tcNimI6y3E~aogPd4lecMd`t&zHugTDD zu$DYYSNd0<937mICy1&(a_)>ZQk!Bq|b1S8d?LH;sq(EVfQ*4UdCNYKI9RG4XhPa~XE3dot z#;w(vDK$Yk56b`OC%yST8diIUZhfn z(*LNDMm@H0&gazs(#RsW)cfK|N<)V~Q#EUOpJnGN0U88LEysSR2(QhrO=?TPk#4}K z&RPIP!*t&r;w8r@uLqE!0#+EBoZ;sET%HAyVUM8>voR7Ly~ZM0$%~z+rBv(E5ZXPE zck?Ni&pH5_m@0zD$fGXd?ZjI6Er=V^VpIrH7g^ff=!v0IKw?EQ4C~@|7?Gn~ct_-Q zk9PkH_QH(w@L=;Q$dM*aP62~LPw6MnNJt&!HM68^NT+S+!4yd=F|~7Z%EmHePEZGL z!vYv9Y&0%YpwekjMio)nTqCNj?|5qtP{ztf)q|GYlGT5Zzkzxbs|n2gE)V^phJ6nz zVFM<#pMn7o8f^Xs-RH*HO}lhU&s``a3rVqxb{j3lvkDkn7e#2@R==wVYVSwqKjT;F zl}Bpk_FgBGX?rHh)+pT|mT}uUdU0+iP^-bYpLlav=|+#6Y`9b>MRfA71V)N#(Kvi9 z`Pj*VnVX-UB|pH>5ppk4ZaH3GkzD|N#{ayvD#Dry*@0mZSyDZI0WEdW=w8!iNxe0sYCSX82^B=^CyB0WXpx;L<-$vF86m*nI7iAlUdVx=dR1H(}3I2 zw!i37aVMy_=qjtM+FmhKoR0AG%8`h-g`GLtAj=ASn=O%Bc;@V ziByn<#D-4B31Ujrrjabw#u710&|&%)G{~x(v3VzERC%?i`E0smf&jb-HCxl2kI=d9 zvI@?4?+spM@(^R<0RM0Y$oN&xdZNy7ICxr(x$2hZcb}ng#{^z4ccgM@a=)}vskuRT z-1`}qej|r2`M{f%YU%0Uawg{j)65MriKj3mrtfZrPS-PLQx;R}2;?|=eJ>?!;8r~V z+#)DMM6$G%SVkz6MraZib8K*9~huQ13TfWo$A`aO0@Nqdd**WMtv zS>R_6?mhgQS-hf(Q^wDwbJA&aCRaTJk~Vb?Mtv)zKT0Y&%~c0~$0nFI;ghiO9NNHO zsk4PE2HLCY6XAERJ$BCt6vvBP_8$0lU@ELQ2$L%}$rfTi^_MK8D#KZ5xl5JFrN%gK z(Cc9&0{B#Vy7;W++#}z~^7UhX+w)isuQttj!GKfch z$l}T`o&%OB9TdVff}^x98#4*$1JDJD<-jAHP7ZTV37!{fH@#=3rNY|&#v*|$JnKRV zWdjkCdH_Cv$a8%16h|QYTLkv^5NjS3r&rX1Wj>qMSMR@3+F0uP530igqO>s6_eh=Ul^r zy5m7{RJKrLbj}XApoXiRu&@2Ryg*)Fd331Ia3JBEc;M&!mMwLd!R)&Om35vZGKpP8 ze^D-Ip{mEtSBE9QX7eK1iz|s2Wrg14Ho1uJnPH3B)89^^_I+64JeAc&BvWHYm**>7 zio`_44D6+ldp0gi$xz@qMr@U0S?`Q?M31|v2yCf0hvi>tP)ofObq)#pE-T8M?mB=# z^~V)#-2@nrH-vwSl-^K7{NY-h6*2aSz zj9Nt(DzbEbs#Drx_UrjFyLGWa%*zR3|6ccMcjJ}keR3-|CwmaLWqJ~QH`Ulb8avNc zbw#C%Xz*pWBcxwvaz7ICd+%IZfD;dsI6j;u#1S%5;FeK1eyVnEcLB37P<~1jO{3T+ zW8OLXY+L;(I(*Vjr@q}_B-qTy#y-9mfF2ZdCA?o-UxS}B+s+6 zGjYk|UbPy@(@gYn=J&H))4$Nj!vt+Zk&{!9p{oU%pMIq~p@(l6px;wrT`uxmTqgq5 zF!FQ46wnwmX!^*DEMnhO%g2AZ!1F zmwyxM3JC<;1hksq?X;Lty7iccWk(d4j$I&|<*`tqni%4~sjS zA08cbOGRFxjL`Z+9?RS}u&AuLVX4;<+8caJe@)m9&1Qm9uF_^fSgUtsXoU7OnWG1>|)Kq@07?BhOl zf;yQa+>r3I68#*Xl+T|jB~+Tyn9hLurRPsvK}Go>|kI0w5&$naigu`!9x zvlY${`iq9;d$$^Xzk1|fNRz{5$~dy1ed`E`ow)7qtokh)2BGAz-$jOj5Q_5V&6|5Z z7ZB6|GI{51sM3R2uK`WCDU{hI8Too}ymDzj^g$jjqzrqn=E3rynsYLfYS?q4(i4d) zt{iH!Hr%@pKkDS^8XX;VL5bakD8S?l5D;+b2JUv^fq+Q(W8L)ZRuF@H zxzv&9e6r!+LYO6mSqjsXY#%7ce?oq!jaD*z!W2 zF7ALQe}-{~(8@p_Z+fUOjgmYCutErks7+8lO|=Kl2Q@5|)s66(a`Nyj0T@XPDkGKv zSjf5s_-tgKIrMYY&T{~d(!*~KGzDPqErAdqIJ6s}%OjFu=40S8B6n3#Kul>l!w}`Y z_+H8|NG^A9(w&Dy-hj|euB|_^`*>&NTgMoxu&A^RXzkXrBLqLj%{>9Ni`+zY>V*rS z)^y%K{CES~0f^Dq)s-B)nAZ+O90^g%K;u{Dp$a}z!s`kwcI+gtyExgAbR{kLSv&LU+KpI>lf5qQSx?M(ancrF4%wO zJ=ZF0Qi2G2!^_$+g!Glv*x!-WSz;JMg&RFW>%>FWIxJ>!YOFAB*&Y*8r^5CX?mxy` zx@-u|jruu16iKFY6sdzuXHT~zlx^$)l4Dv3GZyQDvYSUKEQ?SL2^HDTRcP zG&wID{SMLFq1y24WgdgpDnt>I(9Xpct7;UjL~4TAJmiaaqJzbsoo_*kbcNu7(K}l( z*BPgNuDX>(y=;UeM8poJ`iZ90E&y+H^I{JKJ{S<+*vT1G#xmL-ik$C{L0@T5V6)o^ zU=hCt?bqnir(Rt7Xb|BY!LSe`I;r$_2vuJ!vG?JCND3$1fde@LZxb`IX6Z~=zn=TX{8TRt*e}b?zEh)z0|@pZkG8f&ggJtEdcvMz@74v)upZrjDla{)#M5yEM8hR@)-Kh-KzH0@Bhmyo^>)%x;uifAV}2)U zm$*_G4Jl32o+kho-Uds3A3|t*aOD@!Tl#Ir8JD5w>g<66mOW^m^K#M|^he>v~%^n4))Y72^&h2`=L1tq+j{82G>r*bzR(+{# zJ!0rZmBv(g#;ay_b?(8y^(Nq6>4s zxU_UJfK>G-*i%!Rxx6^+2I*sfyu|t|jmd%*8ralWW)Os`Tzx~Lt&))c7t--47Af+!uJ!W7zKgmz&bPJiJQ77m7-84SvI{En0S zTEPyT95h6)ZYfgiM^#k-l+QvHCU9?3;{VwIOs!F%EhwU#Z4a1 zk+5u(BruzH6WYCd-hY*i+CXNkbG0K0F!mometfvvkp$2iggh)kSx_@5uIVf?TqkPo z-8dOX{LRmbgf>?o7-Acsvt&jf+(ILhmj0BR{HeC4gz~`|KsEMXkOCWR#ymPxD$ph? z?4U9$0!n_{lbZLLt~l|5DF#B=JQUGE=mtd)88rR@_VWhqhhT|+?;u1d&Q^ae1dblc zT^2QsJ*r|__?|~&mz_E4Y8g)-@J~RgyCvOyGQyWu%A?pc(TI<(&uk!zH}{pIPxtDd z^bLi@b0m*5O+o(*rcG<_+kCoO&rraLL8HFb=i+pcZi#;!?vDDi%=qo2otdWk9KRjY zcWV=q2ftc>bxz6nO|=sHj3s=N*%52b6B)OYtl_Q!1IikGXH^zEX=j}}k_ExeUA|Tt z?kdA>UOb?%@GCy}HrS}wY1y&o=V)m6P~poG&RdQN_sH*q$q$vFlMS(Y@HJ8zWvN2k zPe^X`6vO3DV40-|_*UMVya(rZ=uJKMo+;8z|2>&a_sE*AsdYp}XCgvfzju+aeQtaZ zh{QOmjh31jAl6?dE_Pfys+^`|6$eLQdTujd&AFZ$Pw29cr_xvdNb2C_`((kPIaQKB z8U#+tv^^-NMHQp=I_3~2XoSe#N5;92&Z}cqe;>)LB)6wtFJw=icE;S~&FC^ulXaGb z0~C!GfD^7Uqv+LfraKSCzQpa{9T;!ps9B2+czGkPGqPXjPnTP|z~R}{8CDXFQSLT) zZF=e+mdN7ypj>IE!I;WA*BF!PP7EVH4E$x|lTAA+h6}c-PxEa5&jL>=s!1shu6AFk z^4pMb<5wn4Kc@Oyb#{+T&%3q2e%WET1jn6+(?8-=#2hv4Si*F+zM&T7NVgT4XSSRD zoT!_igGbR3%d@gk1Bym@G+3x0sV+}h&tiM#ulpyj*?~k(n#Is$#(hP=kJ=fiHju(3 zP{?1@xw;lQU+6y)$BN0nYMDkKS34%&j;8seSY>jaY!#>46MIDc!=ygsQO^Y0hr)FM z)8cJIZj?s%(&1{^=li>-_Z&h_U3(YrzvcsP{Aw;xSXM--Kd)&oZy!qpeZ(Z@UVT|& zVL6N7_|Okmv$^w2+nyKui_=eT?1B37yQX4Po$89K`Ljt%zBu$|K1FI$Ggc=Cj9ud3 zz)x>SVk1^8n|p_1pI#1)eQA|!zGyHb#rr|Qxuz_`htM)V-`-N#BC@?krEb*Z&D#}SC9>sF-me0SM z-EYx+S(WlvQ7p=F%DTG;|O3Aqk7=K_iu(333!zcZA7uJU`o43X&>lJ+usly*8> zKgYP|ukzQ!c)%0ola0maHXXV&%YsWbF~XIN9|x)cSY&!PrtmjR`af5$AdwzrY?LV zhD#i`b#lT}`G-a$n?=kMu89;U(z#`qpz(ki{Y$VJ-4(Ha9h^0kG4J~wcH?a9>q@q> zQoN84Cii$cA;KT@v-N_bn3cqlWI?eFow-kcd(cgC!PDt0tM5| zsqL5;LTy_4NGm2+rPtk0H{7d_g8_Q{N92JEC7bf&_sdLpXA zB0IIJXPl6Z|1)=;-No%Sj^%C57ftp4D$6`){ut z=uxn$K=w~?v@}hTt>lk+ee>6vG!A{*UPeuqZe$m;)F&xB?H@}KNki8v)3Mo?si^WI z{D$$Y4FwW7gteBJt47@Zsh&~^8JE`V6Oh-e=HVuNH<9UCO~)@lX6UzUNC^Xjtja%9 zbjqu*aN^gE?kILIkK`|zm6FU7Y49JWHTe1fIsvD#+z$k>Vp7EKrI?I~)CC`H$VN;u zCm5Cek|;&_Y_VFAGU1a-_%fqr^aVXbDV7-d~%W zVrZFo4rgr~;DbKm6?zl`D<*KwR$()f{NW>fC*Z5D@vx5cFgn&+Jh>{J3Bh^iuV9hG zlYr<mzRaloGOFiR$`~}J9h!6e_iyH&$Yvu|H0~7g zg@c;sED2vHWh|S%TmG8+H4xz_jn(=tc$+moZFo@k(+Jj>$nZsNFl?9K)E5a;?Wb9v zJ*9MXsLr#2-bo_4>=t@0<)SOi!9S~DE%KDk*;;Mt^%`c%!$`sSCS88 zOztDZB#F;@H^bstz}>!KqZ@qgVr!eN_61>Pta_8&WqPWT0~b?mju8jh$D>JK9}8$G z9_6GTSMBc&PN8PV?sKv9`f!qky>-i^C~(yn*keV(oBNbydiI&|*4_Kd4#oL z-u@RSAJfxW>iNv5qy^9+lC+P?D_&&NrI`DbySxxtum`EZhI9Gh!*%yY)EIDZq5(p@ z!ctS;gzuP1+w7R?%;oX!TPS8PV}D7s>Bx4 zB$-P^?{lP@Zu+?#&|0q}5$gCE;7S@=BAuC914g zb8Z{gSFKfN!6PVy*3QKqq^G;EEU9|@1%VcQVd%{HFJk&#MQjlnyN?vldB~uF-RvCoL^O`BlYrx2ro({$ktufdbR{M!j% z0{%TSliv~>Q2ib@b8}?cb|8J#dEY}Sb3&q8pJ}6f^WhBgKA$Hlx|{&(>b7u8?QV_<50V-_M(4 z&m0(E%9dD(>w`P;$LR5m5pzAAzcl?zBl6E{osem{wZ!z_F7*}8?cg)KmRJiiPVd`< zHm!#|<<+t_xchb0wZUryxOlV=?h#NzyY%nTWgF+TO3Z%2$iC+V4wQmGo)gD0C$kk! zV^}f@^l{8?Opq^Upp&ZbkD^;W0|(i`|G_W!p56d%0M^fi|At}<;AF%ySZ|vt;0t*k zS~vguN;G=|GyjhLN^TcKHJ8VeFrpQvIZXY|9c#I=&yb7 zi#(5+ih-AJz*TD~YdH}|O?vnK-+d-NLiZVv;exGTy35`sX!= zTc`&AtoKL!lxMF)=!9DVhC zWH&J=d_nI_C-8xokKsL5i|>+nB*76o&`wk9(EwK)K0ViPVhL6WqvBIlFHel!OQ*jt zTj?|=8hdu?#k|b$Hs|wxar>Z)e#`c%dTf2zVwre%Ix73lXW8%mc|x>~st>q&kLm{? zX7ip54ng0I|4bs9t9Qdbvzx0Q^SYF&OYM{SyF4{#6`}mv9geU80cnBN$v0Cxrk~Bwjj+s_;u^6v=<@znDeHwFD{wp%%(- z5%=p|$Yk2_kDudSUfv(ud;Za}B%Vb+%d4|bJc4GCI-{zor|4%wmT<&_JD z>Da$>F=emgF8U;eB^ntQ1s9gD!v)|I-wwI8Chn;Hg4=xP-TfR-22ykL7rjrW-8osH zt5Sn^(7~p7-^x)c6`3=D4OYW6u9E$ya@q8eh;p8b%GNR4CuJl1B+2K2ify*_w61TN zq}?U@*ZmAli5+LH4+INezWURm)*&wQrfh5j#pGnOLTDTrGdO9_Y-_P913h{kKCtm( zQUo{QcA79B9a!(^!9i*ud~*CEQUeBgUR1pE`)~;{rLEsdR;w=w{km1sblcOeYke%?m!`0vCp1L&k645WdFEmc?Wo-Nkyt+$Tu6y0_V9g zQ262aswa#+^3F}3`mHAv8`brS{Dx1K&}3{ma*-8q+*^XdZf{sOe4mO_!4z#Uifu|? z=Oyop7~YS2T(td8*Xsa}Jg+YM4PUz^dCGG?mGgmrb_xaG=IfV+(n zfi<4QvePNuNfRE*G1r8IbQ8WFv{Yy3`0IqT##ssx{TSExksazopT}jpkVE_&LxOPI zr2&7b;;b?}W7X1H-4( zxeHcYD86N;<+Gnig|RPB7y5qcyX;|ZpTUjn1mc;JmI~yHZ5_LeK#VpCzV8%)FyRj<(UffsB(2&N|EN+2$qt6_R^*o)v7r ztq&PL9k)>7P1>+!NLgVkuWSxlj!w-Lr^k!$A+VezJ(_L`5q(cJB7!R^r~j&w2RDG?mX6*EIY%WN!HK?7Dy@ZN(`4yMBKDr}X1c0(zAaQC zsgHuWYMd1Ft<(^q^m*;cmvecN5Fn_6aBje8C}19eW0azR$zF!C>`zKLN)m zbWNL!V0%L)6mq&WZ^-9Y5Om!U%AZn@*1BC$T6Kj_IbO%VrS@FhS8QX`F^in_o5JIe zzEE}KN`cwwb**!o?K}AdbSEJE=#Ix@ryAQ9ZQYnm3mon4FZ`>~@EJG}{f68IklGJ* zTJcJl8|3kqArnXoh@#c)LeKIIL&2I)V-B__F6rkYdYoUptuf{3Q#z?%n<&^GtdJRN zwD;$iIKESRT0G+^x27Ae&5bTk)`q+l4DrRAdIfb_dM)219T-Ak@t&}>SSicv&#@T+ z(;p;b(yUFUMAY?Lllyr;fY&Xb>|}pvy0?vR=Ug~za)zy^c6;ew6#Y&vWMX|0xvZ7bE{gO>K=Gpq_3kRMQ_320I_9Dlxs~Uu-nV-NY4C&Y= z@2Wmwp8b~f zx;Gu8k`i0Z*LE~aPM&|)k>IB{J&4~Iu2ntUdENlbUx5N=oQaEYxl|RxeErH;o;m)z;pDrBz&~c!0 z_7@_0B?P@GALKnroxC3&l_4b~WsCIZKx&v0E?eYp)O>I+l4xQzUUDHm{YK%}1Ez%b zccbEWD0p*}vSw>Dq8Zf_^*Yp>SK@P`j7u%MoquVu-5C1zEnKtQBzN9Z_q>awRBxDv zKYBPKK&-Ww(I);br$xGpM#FG%R?fGqMk(EaF5??CSF+sqGvpMH&7_Ywp9 zb-<_RZwhabTXnN?<$8X;IqTH%G!GfrpMErI0(dYx+fS-G_X&9@QIw zNY)y4Mrd%K%<&xV=^RGs^o^?S-F~ zrQ^wdV$GpOjlQ&kMIdoipa;3#?Bl5Zs4~^OqnM}C#g@9p3wcWMB21y__n&fEONr3l z`s{6(lVP3hqP@u&`cvN+uU(Zk;@w3!2Jd&yZw;drqxJi7um>;t|48>}eKDPxRbb3% zQQe?2e}@x;JJmH|sD zy3z1vmd_nHU(N}~-)_ROJGCo#-DT;&LaBL&A*oN}LQ=nehM`f09bU*?g-*D~(od3$ zlSn44ICKY{hfj|wZ@0x)fe5ByZV4mL86M4+!JYDsom@o$-=TojFASDJl|1hzBzIrmYEK*wt%*cKQk6QpO5IQ}SWBz|B@#nszsFFp5oh7wY-a`31s@ujWJJZrY_2FPirL)&{ zNwNBjKAAiMQ*~{qE$RcgN3PL@)31{sC_WJ0q}j|>3@UJ8OuI!%mG(CLhMkhhPpw0t zXtr8etF-#eO}ODOg!S9VLw1H=4kc|;k-)->3BUqyHS@NF8XX_-av}^g6*!5WskFxO znGVQ&)rd9vHtfooJI~l_sj-roAg#c!-b*&c>Y8avi{hIWpRkL&C&Mhlf=Y2dNoKl{ zSZ+~NIh$!w#5c(6CDA8Z08cn*R9q2d*`Iq}!w*FKUl~BLbo6w)A3@t5p)3HEk~&KO zq%qvzG)XS&*Q96be4!c{p~L>+g!P|NduUzTQhS3klVVmbwzNvUcIzCQp?Y3?a2Q8? zu+_a*bw0j=ch*`Jiai3$cBv){TChk=U5icmg_PnD6J*f&Q0=J~4XRe(a{Qh^Xdq3a@mLFc8IA@=I_CC*^{zCOy+hXF8d9Zaj z)ymwNG}|2SGX@CufZ^H+$jt%y_ggR=XUOzm`V}$|(o$`{(!a^?v3*;Y6j{4GC~6~E zy?AQ>>9QqDQeHeu#^7=;XS&QR-LL4V77m`qEF8~K*yCz=)XDuAD3R%cfHc~`F2M2p zxXUhPZQx5)3UCEAAg!#IFuUmW=p^!=n-Hq&ScU7QMx}V?yGdW75|_eg><1NazS$UG zR5K^|hep-iMzO@vt6g`+JjBl=*)L{aWbqZ}%?EJD2j8qsFNH1Y9lg={ zTg134u=;Y8sEgJGt^N^i++1ipfchANj4S=)p%t+ZgJe5b0jJT?J9&4^s%@2{#h~95 zaf~g0Z}n#N!Ww1eDGbIE6zW85+Vmj6qgzyWJNrj2BEAZH7#gL<+$|?&EvzAmq7rqV zL3?kaKWe)~;U+}iK!8c0k@CFmz$Vjqp|Z@Y?eJi&+tYf~z7MFFn+kCXG7)mSqJ|8#xM=J!m{Z&#lFJhR2T71F?(SPvXAg)!A&+S*-E z<7Z~C>~mh-=Hcd8@W9fCvmbvl%uN^E0FDq^<(;jalc9N7s8uyZZLD!-HcWcp-EhOc z5C#0@zrd)!oIe0ng#5ZkIn5*HD0}Cks~)o``ZlL|1ojc_MKPlhjA@aZSuEhd#1z_W zj`ouRg$A_3NoI;tGP*ldqIN=EIOkdwQNsd_cZ7x-7n=3w3cX!M1dBx)BT`><-* zq5l9QnfqD;68M}gQU@q`r1+G zA{D#d|C3|+Co}aCNPvB&AREUa@Dzc5p3WLkuqoZVOta>(VCA=KpA7lPNLM86w=I^2 zSF72+jo2wT-7nJDw9MCkY&}|ktQy-#yAJiD*E0U4(Wx>({<|WxWol_5YQ+Py9Y!0d zwzYVjijhEWudvtgDaCU%+Ug+h19EV(xybBKaj5vZA4}Y6L07*X&cOMARgG384G3a6 zTT2PLvu;D^(9^_EVR9dCbBpJ=3;#WN)kCx}*1W}g164_tPhs(~RdN^%P;!L+Kdi5O z1+cgx59#KDLaQ!mz!$TkN@ZLfnr{1{^GhjJa{^WCy8g~sro?im%* z-c)bLAYo~Y9?B};`lfy3O3MlG`{UmmaKqpz6!vTMzpJ{v+xsZnZ$=H;CTL;_1gckS zL;c#vfq5jxq))r&TzEV1(4JWwJm{mZ+tg4n3}jMlV@)KQ=?zX<`nDb+16K9hWte2I zv`W$IiPUEK7*D2Hg|C^(Ip~P#K}C29dt(TJz+v}^Rw>G6oTlQM*`(msi9WL2=wp?G3+sh7HpeN0i1&|JSZllK~0tJ-mSx~U&cpz+o>Ux>3hj99Err0m z3YCU@0w{Y(gdE{<+I_r|B%zM2#OdwRTOvf3e+)!9y+|{R!m~L}H>{0x5 z*&PJ*Dj`h%eQ4g)QIqZizm~FWefE4LjJQ47g3@w03uJ_s@9UB(U`8sC^LI>kF?w`y z_kv|NN*i!9?3M}h;UTh)4@-TJkS~cv20MbpK7E<4QdPsHvcg3R@u(9bk2)cEW_hn# zH=E5bi=>872;7Y!j{6JFnB{r+~?HA*gdqKSN>C3cQRg+*~513Z{7u!+XIo40@-E{d}(dX{0 zYP{U-b4362)4mUm-MNO&KAOvChw~bt@#yfsT4pTtB!camX3Y-Z>mYF=Sja4&d>Ug2 z6EQyY)98C%p<;n>AxwaY(Z`k+O}^(R{I(o|eDh1;V`D3}gF?S>&+~lv`7XiS@X0f_ zI3IxuoWI*#JO7xu5c=F7bm8&7G5r1xv4b?hUZ~8yZ;gs1q3y?Q$YhMg2Kvh+pR55A z3t*vXZ66u=Oo?#7?Mir51O)A02=L0S>F}W^HBGFnML#6RPv4jmmvW;5m%DFveB`1sQhB{D|py z#`#Ni&-@JJ$%IDSN|konYvgx3$sSbGYX+68D{nl7A^9{mbM;+U@*l(r3Z6f$jDg~9 z<8)epYt^Y8O87l;Pf$Z;P;CgRVN@#!0G~##M}G5CY$#B|*8en62Pm|2gd1v-eJTGi zDxa$*$>+Vod@CxFOKxkpyGEk?IW}2cb|SJTktuny*x(08wP6QLSAl!S`Djsa2cl4O zoLw<8)Lc4HWcY+!7i&lqUx3+x2U0jo_v87XqBp;Jig6Bxk9jB~J z!%)qrecp|VYvd5w(JTenQ%pXxERV7!&?O6Rs}#(qv(+3{WJrr z8WI0ku8$8^aL0fVAKCnaC@dbVIyHdJjax`|U#QAbpeGVRYF|H5(8YgVBF^?HJ;Su6 zVAoCGbiVwDfAu!UjyQbz`9tM(DZl(mA(=&d;>a1$QC!4{%J|7qE; zeX?H`WA^aBbHlqfZ72aHz!wQ_-B^R`tSRee6LKPN&{!oVoj@^yx_F`+j zQ)S6W$mJ7A+bb9}awQB2O|n=j>qf&xJHr5Jl>`9eISZVg5A<}8WCG!Ga>m}ud&vFf+vV}BmGS{YuLI$&W)vgBn|Px zQ#P(raFKGnLYK53a{BrES$2Yl(qSOzT zbgm#fXUh6C3){bcIYPGXCg#Qs=x?}t`R6JV_$pgkt3{B{Q+Wytncqrrz{)2XYnA+1 zJ>%a8{}=aBow5Pcg+P6+@74eg8*o($haVt6f>1oqtG#NRf{D0D_gf!%67}%d_hXZ% zBjMhq#!kzYr9v8Yl%2 zKl*%A=+%0-byb`qAse=KO8g467B9pc;;*pGS8-;pKo&-6W#~Pbb>$ZerYZv$us@M^ z7>$6cMvDnIF=HbwykMIl4}&8&YNx}X?aGwJ0{6vytEGZn^R~3)lu?-^p9N$*_HXCO zcF{1(lw~V*&ZK>c7BJr>5xUgbq<+l5xa_;wKHzZB2|s6&U=I3JjOw$VUGCnZaf)9s z?r-g;0xeo+6IkC6(6y(daB_~im{0X1TOLlOo=K^~(ueH(pG#_RhF zrcYz*6&&-WR}L5^jczLU91D`Y8Y(k~=)GiOqj8oVG&ggSMRw3^yS`~z9E zUB1X$%G1^_g|T6RQsK8l4yF#kj`P4 zLlwX0MPv0kKz@wd%~>^=gA<1Dt^bp_{Z|EIg}GdvXo+l;GF+~6ZD9b#8T3CtiT}A8 zrS6~rZNGcojRNDI2wx14TH~Jb`O9s#n+|_k5i|!MRQQt4a&eg<>!as(ZPbHR9gOgK z{KE_Oep^o4tXLfTW$W+=+4Kj=5w5T1>YwYU4 zvz_5-nzLw$k?hjV^OM+w3PdiAexso-tG`dn{Rj` zT2~|=oU(Vw@_cN`S{;2iv4f^Lu z<3`Cj+Lz=)nQQ|Fri=Z-IS|-gn|Wa}S|9B9>p34rtI-%__=KcY^Dra~6-PNxadhze ztJR7|j@2ZffuTNf2lQzPT;^<}NIu_?-XD&_CakIj_w+Awk2BwNNbHiAa!=yoZ$4Oa zO_?K7-%#pUQtcs<1Z&m#FSwrml~1Nh_Sfu}$*?ia3r`%>|Mq$loOJUU6KRyb9m7N8 zU2~0ZIal>nlSWE#5jL<e{z}1ty^+S`OpgV zNr$d8*M*;Cey{@3n>s$G*c_W=PLR)Jz93+Bj$v^Mnw zUy~PsYJD9Z!>yk&sV{&FgqM?olwCVrxBg;+tv|m8ivlWM6jd{AL?9V{HQV*Y3qTp@ zc8IUyD;?i}ckn)0-2QQW{<_nHIVj25Vb?o9>umjw_V6yQ`SY2-(jY8Y4d-YsMOV_E z&kFm+%wNp`MW*GV%=|No7>r&Yx>x*)xHCld!s3|`YR1|I7uc%AhuM{h?u{C;q0Zy&N`L5 zXd>Xn$F;X|RuPN(F_pLCP}44vG1Zg`FDseN^{C=g$e$U`oW-dEcKf9kVx4m@uF)DroN&rMw|_@3~4( zjLh{pN+cJ67DE3H0*pRX)8Xn}3D(Z9BMY26mgKPkc^~C!vVL?FFib|>qqINBbI}`; zlV0<(%O#(qZjXJK1{s}&)r*kUbd1-QGSX66gde&=Vsnu+rjV|q;hXU6#D!-6602{8 znGs}sx7^lO>MmV+Nn35o;PXuNl(*i@wbF3=Ab&dCnp(jahkD5r+?Z~woiCX-8rnId0xD+$GIEU+5oSq-JVJ?yW6d(9V&$2f+P}(Ow)@&u zK~yTi9blV;X)DOK>i5=&V6uqdmYQ8w;&6`Hf8eoXP0^+Xmk$8D25g3775rLw? zc1ko2c&t_v!gvBL*=DD*%g7M4g8oL{H9ABd zV(248d)0ZuvX}~g?ry}r)HvPTXKHArV?FX2NdQ^SJ4d;^|NGv|ulukdzP_KR8V)g? zcBRMOG7sG(l~#z9_3KWB4__bSJH_Lbh4h@|hbr~Ee3V<`xqvsikFsm~8kiD8>@q%; z1Tf6KC)&cYjoR)E_9kO7Y<0ZAHsu?6?@)ck#ZTRmSv~3&lR$l->!LzT#%7r3JAp!3 z1Ma~ngs6FSxn_wHl6Cmy_<8;j!{Y*I%ubZ6U%(;N(aTSX!AhEyS1UD?fw|rDBPMU; z8TkfIOTtjTG>!fzBs^42BEc@%XTqzzkPK28X zz_wLq%(uOkg4Phwj_pBtMjE@RaT8PIYnL#gZ%7K4Fp1A?*AADN`t;sx)A__Tia)&0 zFi^UssV@uik^|FlKUm*cB_!M`a|C?{5D1NwqWORN{rKMHVSUWz)xBRBMA;GtboKHIPkL3_p#~OWNSG*|N%+$Z! zNp&Ex!-l2Dh3I27H!>&-2U$DtW%Dokk#cdP+7(a3!o`Vp`qNtVR)?8esv7LQnxoqv z%NHCKIsy!ECk#KKBwX9cZ7m>>u5u*^cfdBQPgp5OY)n;BwuA>A#mP~EzK{Q*fZ-th zRNAZ;HT7_tlD?{CC(4yf<1EBEbp435WLzfM#pw44`R{i$EusEx^B&c%aZTI2-@u(+ zf)|1HJqvovc;8rHnFkVt$&VDMuD4Ty{G8+X8xdt-B7p9QG*6$CV{eqG+!vN|fJ#PR z_dHyPio1wp>dU-PYBv|^f3IgNxS!v2Rny|(8hOcvJ0W5ZWn z5lWNsQBVcs(z{GrH0iA=vuTQTj))EQvs7mph8A$l%lOorz10v7x+(bCb5xK{%9Du) zL#jt=n7pO=(c4Vv=B)Q(Dx4_~ zKI}o-rIhE#vW)Z2yOVC3bSsLM@g>~?PP+2F=57{#M{@z_Bq~fVJq~V!-xZ=?$;7Cs zyc}!N0KK~U47okk8t*RI9Qe%YEE1cdq_4P|jhHY6(`uZjmKJGZs*)M1ujuu|0ISLC zBF2d=nEX%Iwn&%jCG-)^#eUbl7RRmw-StCxN#ovYqp-!TL~(u{Yd2;VRTjq)4Q;dY z#ezST$5&m>#`NZZcABX%JB}1H13vKaiDR@%)HdFKvQ7&hNkC&TFsxUJ;n?E#h(@$E za0NalwrGcMUj=Bd22TQ3-2}!qXz)2=5+CK&&Xb&!YX(iexKehq&7R+cGEfW1qu_Pe0 z+)4UG(Zz&zgBou1O+TQ%I=80<>{0H@<07z6Avt6j{Sv-WrX`;LCYpnThWo47e@B*h zvAf-cAx@rl60kV$PmqRUKZBFtvA!i{9B{+R0x=sl#Bz z_-z_Ss&?@U)ih#OgLs>7B$|;UUm~}sPg8p;38^tR4=z0v7^Vj_E|EbC6OrJVV-mKY z9u|cAK$RObG2d?W@A&>Eh9A7a-&2WH zG4Zl_bd{I(rSNh9Zl63CJTPR-qyu;{bx$(l4P5$24G zNF`wl1zjwV1`J%%kZ&-1eVEGVLdMvcO~3Qx8KONTaJA8``fNBY)0Pxj1^!ju>h(09 zpBi_aZmKZp=0E()j>_A=UQoNAI^15IseBgza(OqTj`eaWV+$qDns9o-1@e*KKcB8V zus(d$BlYOf4*K>2k8WPN{#fN^u^jll3xYJcpH7vGhnqc@{Zry>CEuiQh2q{4zTGSG zw_QJ2^WU4r*;#TPe!YP`Bc>vY8+=Y%-Jb7fjJZ-ow2@q{i%`~Bjc#E;UZ$C5Q?yFj?*(U9V7M9CxUQRo!fSnMr zmRpW-o;k8_{=p)NIBKJBj8wnS@0nLVlBR!dNM`P78|g-NN{}(f_9t6>);FFf6cvVl zW7tw-(@}H*jrP@|N|C?^HmP01j{3JBf`AX;$MDbeb{4z z8!tXnf2J84Sv|V+;1J(&Q^NiYbsY7nWEFfLnWG7HFHbKVLYTjnZ$hRl~V!Ya(Xyk6kxMI_}*kJ`JE{Dsd}BcABX@UcOLd1pcIWD>iM zu9K}q*KZ8q?o99pZ|`TS3=p4D!6}c6HpXkam6PJSsF!I8`WHz}B9#XDA9Otn-d1*> zNb=x8EXxDAjf=Jhq3}r;qhPNV#+qooqjnh-+sHip2-xX2fM}D#!RV(rjS&pB*M@L6 zc;C@702inX!`d%1Oy3q3vmZ;51kcsEX!ji2gJ)fcSVr)EH}S0?PGuu@{>O3BTgy>5WbCWM*`m6 zPEkG23}SL?p3a{|ai2r6#X9RC_c!VduU<*D1g>%tF>7DF;qRIEGG@${I#Ms;L8iQP zDIEFKF3(^38PBUPe=w!Vm=ZBys50M`+L${NBJaqm zW2B@1r-(exSG_WKBEA_ZwcoCfey{Vwiyi{cdPRUk{slS9`5Vas`P3OnxA48 zER2wu8YjAhobOOH+A40n8xx3Ujaev+3pxQkjnx%RK135hKDQYIv3*M79|Z(um4790 zY09VNUfjK(JdexIRY@8n+ukC7>ypjck7h>BXV@Gzy`3nB$DE?0s^3}OstMv|LSS-L zjb`2oCR>@LS}#F_^F$&~*qMw$R}~5tdIq?<<|yYSkn|q`|AM{#mb9F#`(%APyBMto zR*BHrlNJ#8lN{d*rwE1bk9J|*#jD(GU-u-kaUt6Z|6p9RF#w^Ru@yNqVe9@0}O;=pq zAxP1DP|H8jx0NN8guYWmnl5My2WUkWN#~EyM zF+h_$5l8`@z3j;Y0lCPetQz!X8hEx|VO-~*A~C+nW$u!KKO=6uPolw9Xa>Dk z(|~KFS-urxw!NVy`~$0FDDkNw_iv(jJk}Sq!`z%V7$i>tMfvc!1Y^4VB zP2QbX)80h*k}VHgu-U=NIiTNje(tsCe-5Ke8++|T^Gn$)7B0Wb&F5%IZJgQ2$aQp$ z@MpG^`F@UFQtnrJMGdm$c6U_d;(fnuLyZ2FnP;~ zmB{{wbw8bP(TEPNM+)5ZHD!6dY6~_EdSus*sgWZvuXM6^t|G+G*zXT(#SJI(}X7Kek6aslDxaH zAJdxr+({x9g0cEa8xd9bJ#wP7RnRXI9~i{fFu7&z?TKO*ZQcNEkHyf5RMA0a)#9FX zW=rTjaC!KEvC61cpvRGMm-=hl$JOKz4j?mznN~tEWDW< zsgT2J&G|aHIa!wq`|9-JpHv($FWsF5%wjoiwh`*3$IB3%?9p>A!rqbA$UrA`@0GMi z?$h<2e}ONfp#!eLmSk z-J(dkukF=Wb!F-s=z(n9qV#K3A=s(;;PmS!at%Srax3>#F5$@H-4 z4S*ByQBZvO+-}`Vi8q^*0ppToJJgO$>5DH0Fzc_cwlLngsX*6HFpQbY@qTUrtoiop zV131PJ!>bfp=S3x5@f;KKzj&Z55=33EG=;HvJUgOVJhc1Q6H!%O5SI@{_5yCvA{1f z`z#BTz;=Y*cKRv9&6do}-2988=c|He{?(7=JDXtVoUe^l1_iZ+lKTjXr9F__IAxYE z-au#SGKIjLor{aFK-sVG8l3q-JfnYvt0fCsRTQdE`GVhJ_ajnu<a+@VUeR!2`sN-}a=$AF&y<^(a}l z0>9Uek1OtL4S9NEkNSSF8sf9Mv8%Nbm;W2(YllgGvKgG{<|;;%kif(w9e=#}Sn$h3 z^k{Haglb1=!8Pc@0~_wl(N2ffcNU>mmB$>(Sou8vbulj>2L@2U|5j2H_r3$LiZo)r zI@xc@`BIeS_Sk(2PjaAP3ot>po+M)cD&26{*8xcl+5-2YqJbqn8*j8+_Bdy|{@NPQ zd>Bgv01*wV>_EU<({AXyCeZ|9LaOvLzl_l>a4Ym)%|UAc?HHCmr{s2er|MU=~H%w>O3z`4KdW*Poh$=WN4ZLt|-)2VjEDftqOS z?QBhr34mAx7`Z?|ryOhF+Xi6hdr_624@Z%0CP3bAAVC>HtN`M7LTYGtbRjnJw04jR zEz%=XU}bwVoJE;F!}T>A^S2LmSj5aDXS%{WcOryIuHI%d(swpvdQWtzyaT4gVx_b` z2-hDH4n5+&?d4YA^nU!vQg}^j4Bwx*zP?r`0gSyl3a0zfMYXLZ`AVPeBUD(nZ^6s_ ziJWdI6`VW%w_VHJOK=QK?r1+GrS-lj_@?@qkDp|_T;a!N6RWoRC&EQX8QBzlcz4aY zcxDBy^6$rUy0)>|q!M!E5A&#V$imA!beq1B1gxyM68&C)>#NXcaljU*-u2+6rQ!rz z50*&x*|Tiu)_sF4Q*;Vq%~La)w#ZBKzuc)c9erg_>GX&E`#TENs2V$JdTm21uaYqC zSInp1g3aBd<3dpRfc3vhJ9+Ua2-3QmNqF+4=s!|QeZXtEJD|Yrfo>9t zhZAG-?D1QjmsvPAPx2}C2T03W>1=gz=Gq$k{Z?LVimMj;?y&49z0mzkrVuI4_eG)y zEnZvWQlf?)V*6P zOEjLmuWPRF30=7*hCF>yW?y&1*k3mAjsWcQJtaKqIq*9>_QoYp#$_5-b5+GS6@3`RyN)+pPhMwPED=#a zw+qTuBj)J*s;7{uO_kK=BnuB<7bs7Lt-i*7C;>TS;7Ps*c}BSLWa5f7jh+yioq-gtih)aGaibCk?4zlQUQ<+)2=L}-jg^f#}P}? z#}%JixjS4FqF{hXX7NlBX{OGoF8(>IY?&TjJspTSz@^3h3d+ZmC4kqGG&QEfJl z;mKxu=3yn;ZprwX3OD`OK&2!Vnx96qs}7YAtPbR=*W$1*Kkj2?BhksJ$48}tU;hO# z+2h;<_q8;uquveGmF{s}l%K=r69#Jff-$6B=(=3pXwp19F>ey^rmI9uaK#sw`7t z-xo)T(IY%TVeP80mq1It0;QdfrRw$jH@XJ75PT%=eVwhg?=Lyfr}5(+L<3GEXx#hb*Z?duGh1dK^uaT`*WlEXjLYJLk2pRF3RMKV;1I+j5t24Zo3WlK=F( z7+tI45ahdVEqhE!j&-PCasn9CFQ?-yeNX<_%GylTO^ExA?FiaC+}6>w+F^INZulxv zQ|=$ry)|mefxgR1#_Z|%;@SWWqAM(Kx-uKkWc81rosbX#*;B>MrDCdoqrrPd%J%De zy2^h{Xrklp#tK}FJJE-`@`spJ#MQ&4NHPSX%>Tvun=l(xTj7zTmlVW25>Z;W+QUj$ zJDa-2-RHTd5AKeJtr8;xtM4f({9U`6;JHVaD=j9}wOzYu_@y&?ChvbpUh0__B%iTZ zio^#7{fR=mruz~9_ytj6h{NVLugR-DT*g^C(>&aQ!C8t?HykV<6)U03eDQ&_WJo@Ap~fRfKxtx( zm(Htmy6WynTR6%#*KzSD-I>N+)mo>R{h8HsmIMBy-9m#j%n?#M;M^W5fMZu5WHST)^DpI1Ra`oLkiM#>u;2#Zw# zQ@MDggc@Oi&EF~gDgXy`WgRZ4OdVeZILDvj)FjKAlH!zI!7mpRjtg22z_vrOnXS0^ zZ7U_7XCwV5_?Rhl4zE|Fjennhy*TK~@trHVgq6jtQs92wJgIJu0ClTS(UkSSVGg9p z?p+}>l+S)Fwx~=+E-8a}OXlxT--zUTyy1%J$NVEH6NjfhuSn5;^Mad|nTSy$#XN(aCPa z7yqOX|C+D-@SCYtvNtf4-K zCCA?qJT}nB)+~%MT9Lx4of;ipSp9qV3MmA=ejh`<_tWbBJ?WFdv9qdP3E?<-k!8_t zRO7>Vjmv!sEv)A>ej)Ln48BL35d%NEjnR5Go`?|q<8SIx5=GsAK1u-L8u zp37fJ3bG6%r{c!p3FGQi?`t0RKJK2=RTwEWgoez?lv9FLsg+D4_gT6Ozl$K?)y*}1 z1>|ITH6jwuqMJOkhui^+c4xtS)ITZkUzBtteoXm0NGT;(-uiy4n6lSzXMV~m5^;hy z5m~AJo?qNw<5TO{Gvee8x0zGk!QqjOf+exa(0%>$`E;MfdGqRNpa1moIPY6zvFNDF z9;05^NC7O|9m1w~;%>7>w-1L6n9OfPUeUE(B2Kh!4+22G*MAV{T~5WlQD6b{mQUu+ zYxRuZwZ|%A8@n5mj!6%KM&A?RXkE5d9Y?XKby-pVjF`ycx~+?ZgdNo6RU@YnYkC)g zd2VgQkBt5um;(~X((6_}VA<;v0cyrKGSX8aC+|ulc%2WqgB4E-<1DBc~ zKkjgGZ2luw7UT1p-m3g@4|V8xcG@K^8b{f@))#vuL5mP9G-Te%+iK3hQ72|gbIAmi zg`~(JyzV18{mQ>khU)!E8GxoGKnRsrwIe~Q$D zS&Z9xGM|&bJQwT2|Fp|VB?;JZkK?{7Uj7zNaT@8$MT)AKw`MFMgue_}#g|Brn>jXC zro};pH06SEY>PY%>Jm3NI2TlP9Rlv&P*o9g66s)oq8lT$hRI{Z?FIf}$Shy%8}}g3 z%1R~2bc~jppc^4beJzLHXA0?Ne?4ELCcR;13kqBx?i*_L>n1g;vNHLx?(4I&5B<6B ztMr$L)+P)wHR(Nn$C2cNWO8fV9kzrrCv`~Kbsu|EA-|jQx&-tmoI|xf_;`r9di&Tx zpk_u`+Ab%F5=5Pz1)%)sK}(gc6J6bW=+~Tok<~Z-ef-L4r8LDUn1l%TN)ov+**MTc ziF1$TqVXy+_ZaV4e}+m+bB)!`qPRdDoJ6eJl~dd*Bx3vfKo))ll;~TXp~~dB%6!?| zr@g71z8kUVXDysZzyxs0{Vw=`NLt2M_P<8B+ZCEB`8E_ZD3jd?8UPeu#IOE&d#vNZ zzFu{t+jEiAOd;;JWh8Pvy_5^&RC{1-&}EBo%8CCWv?otX0{I1g3^KshP_tzmPkf@? zgd-jl1Po4DZ&vVsa7CBbxNCi!_b->xBdl~&i**QRWRuyVKDz||lR?EMv|azz>JyI- zo`$?FX2kClH|kCD#ENp0bSx^^%@7iisocyTEL`PMAiksXZG7;VQ5sN*4u=UDN#Q$o zy&o&EOf~$s4^HldflC8JTsr~;dIE4<3T*EleV zVnA$sIEPu}aEZW%Pq40#3VuaNoJopZr|WXjBzdR8+5!Qgva`CIf!t&`H;Y0q=ATlI zyx2-?x0x-f+wRc*BOaCllytifG8@)1-MaVeDHCZLaB16~=M`9prIM7O{$P!#@re_B z4P?@|rc9mJdjoYgYZu|1+Jaljb|#KM|xPyA>1lD>Q95NWNbOfAi4d3`~ers zJ>|Pn$!}K8v$8+g^iBt{Mvqs;e75y3njCDtFg)4Wm*Gz;>*myVV|Ay{4_}bYs=?hp zv^h%a@HUNY+vD5zVH1ghy{KFG9G^8Zdw4_%`Be;8O%P?=l;qXZPQ28gr;`6GOPj?h zsn}J~0819=M}mfD`vT`j-7tSgDEc%wHF`&{@h8Rfmj0&P$k~jU9XyyWF+P{9v_p@RW9Uu1yZ7MW zPE8DQc1{Z<<|)_=$wp9}=~HvwLuAArD{AM}$9M#q)MTP-(;(U$a*p+Rc1S8I$ko`a z*mIP^=$Jv9ISTfn2ZZ_75W`dqnPzOxcLR-cxZ;w^CXfqKtV)_C#nQbTpavA zk`WpDw7oENl=E#f3qF~e#moN@YCWgO=8;m@ÐRwvHWdo;dDuoX8lZT7i1cJ9Y$B zO}^lM^msJ_@DTQzvw1F!;9ho4xo^mO{Qe4@FpA+_6m~C)b%Hbb2FSxnUXaTP`8OSdbPFt=xki0r}zi=Kffl`R6KZvC6^3=w) zhjqWIcpj+%V(6ZbWK9E&kAQg8%7-Sqx~%J`#=ceD4I3%7|LU=yhrlK2m zhi&*(@QZeKuba@XLzj&kW%|{^W7!$E+BP+Ryk$)! zc2XdJ5p>Ukox6>n3wO3sRLW+~@6ql#R+LY)a*4J*Pgp}ooqpy2?F$G{Mug&XY;f{J^9k9%G_gCd$h*&p?(FVu8qy$+^On?w7TAW#<7TRBR;P!nEI4G z7_G_0^ow|h-y>ieVmzL!g)g)en$lCRe)YOesN%K(XSDhhYz<+&R{u`nfS@?k9ECfS zN9PW}(ETca!t>%wjmr}Vi_CM93(^QAU5&eKH;s58x50*%(o=JVsZkFpsmgODvmpDL zQ%fxRmcic9G9sT32f{pRwOkHqbE9zUmG+l|MXMLsp?^t(GR+hgT$x2G?IK;WGh5a! zSw1+Bq>$nZoz?s~%LWxG(>rlVE&wJz+s$CgueE#pwz|)Df2eOdSj=MyD6yRRmx*=5 zv71Tsi6i&w3GftK+WEDws4L-qxjiNcKCit$qj-|i|Lw=t9x!4Lpqh>R&qPp!lgRzF zp=Z~QkJG)8cS!6=cR&((j$mt~zgTM^U>L9`BQCdSZ=cjuTwGB9BO_V=wmBS*cpqqu zZ63g9sX$D5^zqL3Lik-?9zy82n=af;% z%bQjx?O0oX*njB$_lcHP9*N=y8jV%|(*Yb{6hUOW!T+J@EZd@L+cvDy-NMi*-Q6kO z-Hmj2DoA&OzyL#c4-HBUozf``Fd*HaDDQYb+xubtfpx9(T4x>mK{T)%{-Ys_)B?zNCjbWB$5oZd=JxIO5OHIfc-$#5*Z6cjG5H%{n&{7IhS=;DF)r74V) zo5f*#u@zD0lt%FWY3%#7W@P>u1HfvI-r@sfREZTQgTX}I2LOj`$UpWS2I-ZUrjv-- zkddWw8yJoXX9hPJwPbr^!5Z10n~Z17b=n43ux6{dH!tx3qXjD$qSs_o1leh-iQz^( zzoO_5(~JWC(`lUigK6TnB>&rJhHuJ_Y`B{YKQT`2qQQs6P>ro9l)~ZN+&ak}xXZUr zOwLtxX>F&I75L_wL-~l(vR7vVNj^?J(PLQr^!vY(GfgU%L;e>PFy@2qePaUB!<^Y&0M!-(^ zdp0CHAc9BAmY)7os6>zhyQ*bX0JEf~-iGjz$^p{*l zw^Om8kbifR`hRy*{-=#>=jTR*ghvaMPw<8ZW$;h8kQe5jt12D8-9$4Y*4Wz*{cl5_ zj#wl2z6byww5P=C>xu=QI-9KyoZO|tDAs8aye%nb!}eQ zOLN}&hQ8*^vl-VAmnF4aoDt?-{`u*la`DQ$z;dxhCTR4UmD~ed%TXWEeYYZWw04oY z0sAjG`mZ!-8HcyL;7&~dct1TF;nIw8X14_1CDCHM7<>TsVg!?K$;PU&e-nJGfAv(# z`uN-oe&+qWXySe;18mLrD^tWX+r@C0H2K9wIqkSqJH?o55p=P~X#&(4T zCK;l4>BeSgUJ+~^uVEnMe!z9m7s<__|Gf{h)wimKC zG(q&o;LKs{tvS9ftIk&&L#p^KR$&cd`3GnVR~$ED-%5lv(NEZy+l~JwdgO%Fu~Eoo z6MHGWJIdf_Ra3T=^aal0^4Cy72c1W|cbgYn1;=NLGBN}i{X_hXEyyJzD=t^|`Sdw* zm?|^hZXTsXbb8VXP8lzg(^!ou3qD&+;f8axV5g}9l7eDJ20voIG=2_q21xJ?1=l7s za4O_5xbu1ai;Mr%-8A_m1IC5X?(o@q;h%4X6T2Yz{qXOVmujpfU5KQ`Euwiq7hYKi zb;om3S&R_FH8HDF@}j5=*M5{N-fcM#xgN{eE0HhPu94#o$$(DFm4M=r*r->Y;UzM? zW{>?b^2;11j;v%d2Qo_}==2o7SgNa938Cqla*77k6r|$XG`5SI9N{^W|7=PK;O4=2 zm8XMH^{vkr!j8n}VEDXBIOc#rL4VqT&8l!xO8-TGK@5Vb(u z@2yy)gLeY=N5!(_At>0x36zuQ@Q0Qk^8R;H9Y8oy?X|N7*rrISte>CGs_|+a;AIyO z=Ch1t{lMR9Hou*Ti|xSxDc3r$hR9CMR^y8mW%P!S&E)wHg-1Ln*X&Z?EVuJz&PP&cKR87HR#!4hMgj2CrH`uPE6VBPW*QZjW6~TvB8}D z$E1RR$J5{|3yJoK&$SEMxle(wtkJb}Xo`DZG5WLhB+Bg+^6Yb5S-#q=6J^npccU?QR<_ha9>-3*l29RgMx~%=S$%* zA<~z;y`|b^WG!gSN%GYi+76LMUq#XM2;`0&BD1{2fS-~+Us7CHb@C|qxlibg>5g$c56X6f$E1_zy$HLH_%T)Ly z&N#h0z<4$|?v42coMlvlWWa&x@dO9wi}ruG6p~2IPN&UEkijrY+YG-5)G-uhRrbSx zF`@Il54HK>(96p*JY?!~P8Jth6g2N2?!{2?gOd5(u#P~d+gMXmL3-NO3Z^^VF&FI_ z!7Z-!U!|JYQ)|MyQ^C;?4oOvf2zmk6b}z{_+16c=mfvJkCESILIdz5~k5_CT^0bn9 zynAy%Uxno#7NczGd1Wfre7%e%v|b1Huqa>bxrY($|H@x{cPZbSuN01@C@Lm55#&ZhjBf%kBS`UZGP+&vQB zjUkQ+$jUGj4FS!J%i>M0%mr!XP%|^_f%1Mz?c$x&Ut}r?a~dbYi?ard*W%&)!6!?!2K7AyhZkVN?={Ap!Jip+ z^k!CB057Bw}#~(K~0jn$}dY|mSv_Pi~Y8N>5)jfNj%EZ)(_)E6qA-e ztk0YxSrB-<{!kaL$m>kVcKKIsX;QMNsV%sf4Y9U;NSv7l;z!>rF>qeAV#g&t3Eve2 zMY{px)+B#Vl*qAaqX+{M3Rh_CZIzc4GsJ`llF07U00FRraN zl}3_A;wf_qkHa2{Rxi4E^78}4-nG(w{+xLb#C&GM;hpM<&nfsXweN$Hj zYm)XVukQJ8m=|iWG*|XO?7a z@QvU;<3+QdQe7Pi%-qn=hvinuJDQl=)*aQ7ZvHYi%s94D`iR|>Hr9!pyEhGY`R(Ow zm^jr@)|uIyiYtb?DBdd^N4toiso-^QUx+X#qMnd}vh`WFzgZtKe4(kBG!O6aQ?ReC-!B1 zl%6Tr5c==jj0{KO6SGt=&3lJdSF3YQv)>>G)!FN1%$c&j&4D}$F^*Sd+rL(1?Ewe; zs&8WWvO&fVRj9&rXHJX&maoy+&tcJ6i z=_?O9M#b%!l~LB;&;G0|8J(I{z6Z`T0(mNwOFW0#!PiM``;4eaB=tpBUN8?#%B2(o ztt>4{>K%*`yJt66)0?tZEoje}VbritJLJX8RG zc6U5(1uZ#vf{Oo;Il-jOhWydRzRfqKpsbU<+>W}E18VgSEtEk%KR;e#KkEBD z1XE4gh}8>LCQg|v+FT9{*{u6`oJ=GfO#|;Fq?5)B>w}K{9)PGw zVUcn}Lvjv!v45|e#mcf!SH3zrxk?5sd;jA`756`K|M)*I3{)B|csRg$o+AgNcR3ZI zSwmgHD~U7@o4hft{-XbutJZp0H(hgvj=hQ0H^BT!^zhNqT+NR;r=%f-0k~fW9E|CY z1+PO<{<+YpsqkYrEN|sVt=vuF$_l3itsyRWP7kfFLwec^H)NS(iSlHFjqd%6jpM^} z?V~L8@x(V}bc(=fZNgJMskKaVKRFq#?yERR8R~pwmxbDFKrog`vptd>&1J^@NW+Kh z*qDfP-R&2X0yF*Z7^CYEq)HQY%q%wM5?L)-U0SCV*BkqbG_)@ddYJ8h{XI*qg|;2c z)r`sR$B{}{U<^RjZ7O#*hVqI?oC7lqs(rEYvI9?0)PWM9e|k%^6&h`S7*g^ba)v7xPcTXVC{@oyRE&g z89ijzDEy!I!qk6lfHHqJs~G-^nA*3?*G8!NQ^Z|8XI}qC6qVD$1^u;y$34q`C0((F zLLb-SvWB+NR}YrW+hCjP7d-_Se^JzLBltKIEW42P?am(bUS~TG#J^&tHLM9|z$2$Z zOQI%c(okb2qcxA8++( zzqQc24t14e`hKnXFQMu^AJ}fQ5NpCtRvTWou#PCnR+dR(_n|&FcVWxaEj5sNDe;Op zQIbNtNhMk(zxH(2nRw|UU2_clNL7~K9*fb*`zo+Z(VVKaPD*cD)HXrGP50ffLBY;5 z2x!7{&I9527;3{{inF4_t${}TMM2M9qj@E{T6pX|#94YXzz@_?|5%4GHGDOVM8+FeU9JO=)&(4Y z=^ERBu~>P8*m*e^dLcca(l*;pYUxvXx4U%gRgiVbtk1HU+2Ab5GqCO_od^r;FKZ=( zzy}OzX`JtS(lT1YbQTJ`W*ve=LG_&)f!`GeNZt*+=pQvN@^<*Cqr{u3Z4Yvrk}--v zx9KCw5^pHzQt~)Q%lkyd=oD3Dod6SFRBZa#lC$!Y8CFNfmgwN`qo?W)%03wm3RE;C z0+#2 zkS&( zn7eP-1?=iE)yZ_WN(&K29YUx!=byWFIGTNXDCY@~;TR+AAG1m)ah8cP&&8n4CYGt) zDM|GeA2t5k=={fgQiC8_RLO?ujXTu}wzU0{ED8REuo+D(rH$i+jU4YAV`v}A=MRj; znm@kaMK3o)QuYHV)~Y41xiBC*mqyPm`hd`qoYDM~L%CcZ&v{qIahxT_GjHW(>>3p1 zK^s~}a`_d4d7ScnM*5453$RD#yl}JLiu2bkhI9m_jb_7Y=io_)AD_zpHaA^tTatMmv7VPH#y%biS^r=! zT)@9_b*@D?*KEoUnsS83D~kG1&E3^CL2Bk4$gx9b#(J6r%*Pd%5wL@)Aa;)K9+p_Oc{om$#D zgnCW~9#NhTCNzxmcMfO=Gay$fSt#y;{~w~wpXZ8%!jvOSq!hC|{1aUld^2qs8bvY&ZMP81)u80UwXae62CGPI z%Z0{<&Z6PL;HbK$en%JZ;Pp0+N3bJtU77Yeo16bo`ndZf&f~ncS3muSa0t%Wswwj; zIJx5Vux_n(Oo%@2PEDyw%HGt#XyLzoH#lbk{wEx2h8-^$eKD< z#Ppi}&Ed9#0|OKFX{Ez)L0(KfmgNdBMTZZpC5XiET z=dFnbWwtf9U}GNMHA(4B?bs-1)XTnHfihr2Tvai<7lR%eyPM?LkLo-JQy6!KC~)iK znOG92S6N2cAh~cUR9<%DOCghduE=ZTAvJ7@CuN2V|1A%o@?9;64A=~y#oRqgsjZ!`}Uu zh_A^_tph{S>HF#_J{P{JUVF+`9&^|-aG{WM9yMa)ZvC}z-e;z~%WKcvkmS`iVcXl* zGuFj0k$#EPkrivI^v#KxXb{8Sj~3^ox!ruPFB;>9C00wa%PW_xPkmgOpV~*A>EQ{FP z5n*SUt|+OSgm84;?FJ;sxS+;NV6fLdBQA-|~kY@@6qO}Wm6UU`QVVGkB}=}Q{%MwB5R))gq21EV3} zt0!5`FJo8?Jo@c+YKy}Mn)|ZRg+2(44IwuDkA<2u4{toXn*&#uX}52Ldf4kl?)n6W zL80Q)rR>}(%GO(H#*>je%q{PRz-@i)uf+LEmy4Y2$ylH5UGN)AuLR&=@9)cj3nX@I z0Oy@XJqWdX*3FQ8iL;Q?zK1%*`-z%Q02#s1ncUxVHf7Ov{`&b=#?8o!bK)>Xw~$(T zU6J|AiQT_sjrX6hJJRL#CgSKwB0f)fixGM&`AEM?Z>EyWZ~V~eoWJPgh&?e3ARkod z8mujfXrauvj()Gld51aQmi6Eu_!gcHry%wQ>`O}|we3w-wNj5JAkz5PZN8ofxHMcX zxGdkEN_k`U+QLR{9&~o3D_ccPajux?r+7!qOhJ&jNo$Al-i znSJEaHef~bcXZ>ATaF|8ugUy&vwRR8-s(^;srdPo#X0M={~?ZY;j?r zyN|`doFVOna)@Z=fiib0F+(V24KrJ`xK9@c} zRcZ#Pyet0d>IzZ zJ=ni>KvX|&tQMA;G?;Gyz&YlbPaAnF+VcDJ{`eL)k&u*d|AF*7N1dY2u{lXEJ%?&Y zHf{>?R9UJ38C!CnG~o?9b1}PHji9jsE+&Ov@v1_cj?U!;&7b7|yZMm*ck^jpQf8<* z8DtY?VmXX%UYx#4?hP=B|6}O2ss3gRQ%xoAHA8!X_*_^ zwz#CWYkFy}V-#K-lOtPc4AI`eP8U;nWpX3pU6w}47+vpH*`8kA#h1lr_K6w)+5$CU zr?#7tD&;6@G2NSTS;569mBp`FCJG7Ai#Y)oA=&1VDDjp-nx_dHG;xPs0=<#^9HvgK zc!PzzH_dw)qlsx8nhyRD%A9lO%M+D7uM7N8#R{Q&lNIbf&o=sDP^Cgt012VW6Bdb; zexk%~vHxu@tv-e;3F)M^cL~D=hbBbXvgvFrV;QG!e|CAupD;sN8XP8Ztq9mI73RV8 zu8b0I6ML+?8sN78{w0SpN;F~`o$kMq6@(=pAQ1$=i<=r%+xlg-R3l-NI=u4XX9aTeip;#g?eFrF z8R403bEw)uAd!-F9{^*e2Efv`X)uk9yF;Ke9SR2mly+%5`n#TKws2tl?ggytEI50` z1mw;y;2QJ&M+d0;-{dEV16n&^#S|o9v-SWRPo#4T;F8!T_56SncHX2qxXGRlBq}iP7c?9N5$b; z{;(}*GYkB-NwEMj&{04mR%&OHKdRLqv=}F+>I-;cfV!w#V3Wxd%)g{6A{WvqR#=I6 zn_~SoA-ee$aUOn1mNF#F5KP=`pLjvy(VHr~OtQ-Z8>sSxQ)^fs?R-3Ff00AiAv@WE z2q8mqL7VN6k>r-OkwXLk%V%gy?SyTB1sbo9;f;JW|4dK1?NlSs)0K&C`q5B&mH=A7 z>utSX*JB)wu)<&COi5yu%qGR#JvQfHKk1|OG1{tE=UUxyRBr}jfYDD8Ub|T{asKU^ zCeg-`P4Z2=z>nO$9z_r|mvo}E35)GyVY1}si${;{(y)wq#FUjZc0O2s1hEkUS5Kz1 zcV)Sc1REyJx{w!nWIoOLMwz|UiE8CHgdXf%XjxI0=XH%MX)b>K|s zm=Gf-!gr-x(&~)E3lS~B^~t8M87+Zn_3u9dqEuKxmc3)q@gxD9%heP=>7tr)##+6; zHN11Xzr?Q{vMs+P!Z$y4kUR{)vO}SRthoCPM30-B*u^nLwoy##3%z@h@(ijXekt7L zFz3gS-y1PIL5YZz#tvFAt{elgxEo90Hcu{b4p=JweQ+^iG=d2EGVW-vzk*)p;qlqRnia#38U*ROu)wnROGuo;8#j=wB`3oz_ zO0S6Sb2g!c`m2u-zI1<9q;h~%urRG0i7WthWM+|^RZsV&&=SLwJm2@CI3;>zYj2QF z>L~A(VY2#OB>pvH_Qn0XJm$*aITXl>S;!sp1pWOe_F}FMl+<}>JFzsym~WE9!|1y} zOTD*sDI%V+&`XtMogyH}hw512fO)%vnYd<4jj@F}xzaBfL z9LP?DCG!5wn>J-tewi~^{=)zbczF@I5&QRB6aO#oZ+{JUCnzVB-kq$odmIb3nm{wk zIAcx)nP_HZG}MMT0R+lwo7BW-b%$QbvG8Kj;k`?Km@J9v28;}iuFpU;mAK|CXsV@Bhu15>3A$ zmy1w?q`j8NYl2C)D$%payV1w*PcorogB_QVbH;AJ=ZfAdBO1-Aup&)z;~qU5tHPS5 zB9b0IcGt#ssAx9hFi|47Szu*-usii2D;qkWNlQ-G=KQ<)Sr(2^XzJ=Yt#5x253MVk z=l`S(;RdqV^c>iM-`zB{-fXlopzkzXaSL1s+fP>Lri5=eaJ?%{;|U=~@9!6lnf5>_*S zd*Ita){K+;1ah3VRnNm!+F#uU=ypTzD|U2AcrwS}6B68(|1Cyrq)KoOzaNhzcwi3P zRXU?oi>i>`kKzVQ*h4O0)wc%OXm=x`7l>+ob+yxLr7RZz7E-qVeF zATNR$@7lNZV)oOb$_IRL*iayZXp^`pObRb(7k6G^Pj7B@ad0^aLBAOLmbEG5`UtaJ zShJSsTvOat;csOO1(FbNArv^)w+F5-$PTX0da(E-vMJAIV{N;fafv#ndX zBb0{Y0lc)sgJ5`)6xE6^8}8{D2i&;5l=CQEwIe_@4brVr$HSqVB4|`J&8WnWMilD#LSz91Ug?$9nST zY5U@<-n}U+&{TQdxNI$C?uxqYS8T%U3v(#~?H_;xS)}q{Soc)FLw!&9c;7!IX{zHt z$B4*V+x2me%FrF9iH`&Q z(-L=?+}M%>!t&%gva&&1$3Hq4v-~3Zd-0XYbtHG>H;77roOCG7wci_O%D2XL)qYl$ zF-6Ye2H#(R<|xL459$=mpe|DPIP|BkxIN^@_88p`jtzg@QW=|Fa?qkywqRB3Z^Qa2#!Hg)Sk$f214Vj(;S-V`mAi{_@|0W+bY7#?)vMC>2UA8`0v|;8% zevPC-8?7OGG+chuFj5i9EmG`Gf`-L3t-%(llYuZAC%#f`15ETzL0iw)8w_E#o|5bz z9W|v!X~qJ86sm`RbtU%2kuM9xb*?Vf2WFGXC+G^XxMCi)Zl4Etf2abz{#Uhq_-EXX z`o%Ks;_G52DfurFCR3}fshoyH;vb7D+NWX$k8JOE>k2|sHcc6;gBR0aSVN-I(gr+O zrv49Ri~|)fB~(h5KUu%az7O&iM{CmpYvE9g0Etz$msl3llE=SxpuB=<`puB{45REb&>kN6doElL#^iD_G?r*s|sE!&zMYZ+iXA zMl`%N86#sXFp0S}i}RiBJ~i`nq3LKFomDMHWv}wX&#f@`xB3aRb{#m&IsSgDF~x&2^~IAasNUrX1(*e&dz-I zdAUI^cm=hu#M(RV(6cn@MD3^(EXGn2^yRe;g7jo7H|ky4k`B@BnewgYLY}|2uxmGH zWLR{?SC&3r=RhrD&;+?c%Pp>$%25=VoQ=V2ecDBr(`_1cp`bMIQHh?fqG$snt$!O0 z$EcGdU8}Dr4W?n6D|leWvjQwh+{)wr{s6g#@m(Qy#ZM81<+g(hKCq7#=m(67fX}_< z|MHhM(0BS_iD#C5eExQlLNvEdkMEb)ushfJQAl4UM2&I-k^T$R;wO-rh$j6%Fj+nx zyfiRk6qqovT)3`yJGKD^!g=Q2V9x0m+ysC`{U#-Y9iHk3%wwI#X1TFE>utNtuVo<> zdrRdftea}amFc2A0jeKXD#hzHb*%yjHNO0aR_+j4ZFG)4O1rvwf3gFxvZqx>d&NGa z?AZHLcj`D-)&IPlo=Jm&fhcFk9!UEGKaIV<7uaOtaIyK2^^6^Klp#`;s{0p74L}zj zvY6+hke<~;Y17D1xtxoaJ*sPLj~(*YH^0fE^zZqZ%17zp3?k%^d%n zNFyg^H2N*+*4C0{qB4hnT@nfK*OcpegFF3x`FAQJ+0sW)Ys7`qdk*itrAV>4pX|#a#<>jKwv(g=zMnn28M~&08Oevh(+Eo* zrnSxOYtorbnllGc-h89@m1K&`G9gOY+QOK6AI3pt5dV)e-jLpm+=P*G#uxo$OcjoZ z0vQm^(kz}fnYSa`l&M1h8=Q>hD_IDLf8<26K^!K-Y;jJaZ=ZORjW^84rtvt#C_Y=h z3pYF&`|yu)jT+w27B}MA@s~sGjd^@|X~wWh?1y5dk%*#u3{93a2dB|ostD#^)&Lg9 z%y=$6CaW<5i|Ty{=O%veJmJRgVx8FmvIY`Q`L^HD@o^$rj6|O%UiUd|Iy^nDqoAE(hd;MZTc8Ot|c?Mh^rUAwtjY&pB1a#vb05`thTnBZJBnNeK7c)_?6_OoZ3+H$0OH0Dgzo$U0ZcZ+@0SD zUsk5ZkC({B7_sk~<`K_4e77#Gp>QL(C30BO6MU`|dVMp|)*DW!k)rsn~CxXt=DXx(^HFdd;kCj}#s5?j5@ z&ISE9-Sb^E6Ah`2O-hbtpJRsd6<2NFuSSHFQepS!l|gqJn?i5ENlw$wXvMq91V*A7 zPR2}&a}h~4gY#d7@NdBg=b!9RbvoEmbm@JvLJT-V2%OQ47{~OD?Y*{3jyKyx!oAse zgB@|#$CsD+f~J1tF`r%W;^FfbEl^JRA^6otOPm>;fUR;7#~v9V*7+S zw34e#T*-t?kQc;CAKi%RC2!`RP8JiYz_Tx}MY3UKH>VY%vL9$2XI4JCO7ITTJxe2S zxoIcwVS4%uL?~3AIPrzds~0A+!Ygy})YHH~;%>6yZ4>n<#AX`&y_GZh!yqHgE*3v#3{mtp8ce`q+zdyf zu9tor8`NQuzs`)@(r+U?A!FM$W;{viFY5dTMOQW)&c+xwJ_4Nw?nUi7;b8YOYW)0L z%Jp#w*ETG-TKSaAK=`{obbxvwPsUd5xW9(YjW4B^92&#_&e@s6kqFnE#qSTLS|=l7 zm;WHSw$)?J)rVKJ#dEhtAJrJPnhK5kQ!`=vM-sGEG021H&c0_61MQUUp$^YgnfzG? zT8?)Q`jkA)v)oCaqbr+x(nC6 zb=I#LZ6-%6R_#KD2)DX(iP@9UD8F!8>B$~TupUdVdePS5Zm7&qGzLe>nRRk>q32f4 z@#UfVsTYHt;3X=_1sBDIG35oNFCBvvgH2RSajg^;D|C~Iqo<-^g{8Zki!W0vBH)o{ zJoRi&2LZKLf_`gYaQG-|S9p)reeaL{4_i}vDbwm)0v>hCu~d8uab2NG2r+ApbZ*WF z(!_E)w<7HydHifW)>-+JJY~>x7_0t*>ki!%t0^PETQ1wF-d$v9WB8~CbzK!#%UEe! z=v@;*Y%L5sYesGG++);Nr+xjXvRVx>+h2t(e*P(XO~t-I)}zk9W!=B$eOpYLyI85!U5_Mqtwbi|Kkz^Zj?}($0|C zRos3(X$Dz4 zI|_yA#+_{C%g%NUj)(RZZa{aJ@!a3u;^`*deq4u%qnwU+vaGg7Ec;dNa+gUg{Y$pf zwbrhwfB@fO(z9Xno?l3483lqZuRVWux2EA~C8pLlRc=Gj*>%^LiW1U!hp9|x0LUNh zeh|l{v~quTZh$Gc)NurAe32(n{8w_~!-L!w7(1fAqv&Ox>&GVDSvWWL+Q;9cJiX*_ zn@8}<@;pJ|{7GxXSPqm;AVT-f0(6a{{=z}@2Et;&s2jh(H1ha9l>E(PPE>AA^rVAH zWpAf*oJeRRY8+F_^VVv=boF)SE4A1X<4|lsHAKGW!{<(dY?&4| zqi8E;dN-*_tqR$Nt9`wZ09#mh9?4Su8NJ@lb^d{v?_doV_<{u)5E5B4;26BO$JTW?XOfo%_1m?FC>lm(?Iv8`l&yv(ja-RS?~t zY<=A_B1jce$B55u_^Xk=LawLw@e)6=e=1+ zCoudCjmOV+N#&*%eZPxz6bfNL?1HAj4wxJc?j0a#ZT|X#fv<aHWGMu895qx>X)=4bPD@$aW* zC%*>-2<2dVW}blYX0oc2xPW4^b66kywHV&!&9da%29!m?W|M3oR$NoEcr#RgH}Rv@ zoWlJ0XN7OejP4o^;2WVDT+Yd;;yTDc?(TXYDp&2)tIp$M7%+ZGFIP%jpxw9kiI2{Y zYap>mX|XBRm+L%cxAa-<)pWBO90^L0+_hU$Cm_QlLMN#6*o)BCxBUE9R0_(xIDK5c zT!gXAvE6Gu(XKCF8AGMBf&!^1UccO*3S1dO0}=sPg8Pc*9RA%Abnpr-6|1C?QBldE zBK>4Pnk}6|yJ#M2w(VOs`sW?<*Zj+%>iwQrruS`I?owhBVZWm`!nEY}%D>*=Q!yQl zawcx&{7OVs9M6&b&dVf3!)Qt%a@EXz8=qSBkibF)x&O}f#UTT=XRUmd={>N$PjkJC z;CXcu42qod>v6V8j7?Y7-TR#WnGz;h>E3mFpf?iV-m|l_3rMPP76RF8HMEp!_v2*Tl~BLyKX}4hjw7*2$Ef46LM;a4GD0ua_)j(Enmf-*Pmn^3 zZJ4~Eel-{n57+{<$6Xa8D+g2=^9tCDM3T(v?0E?yy^ulBr&BQwe!BXl(-RN=ESEMu zmtSooM9v^W<&Viu4rQv0YtGn=x~raY+$x)fHn-Y_W`FrrnW0c4vk_o7uH}T%p}0{x z80QSA^}a?d6M*v$?fs5}ROSTaP3|@WzUnSa&l8z!Jc`~TwS17eX;>mDtOMS2EMQwF zrj(XJXTY-gap@N0Nw8fO5y39D!0S<0XZ8=`MHk|Dq@2@9SWU8J%j*S<-z-VYT{6l0 zl!7jz))J?yYv!eHyHQ~*FF~LIITM6Onh7rflCH55`gMQc*?i4i%I4iiHTkvSH-VL6u%q(nSpIZZmo(LmKg`;s`6~d1|5kkdDpWB0?GbL{{CDhAUZE^BZolxyxT4!M1&RWj#nBq^Gw)-TYL4y zemk`TwT7PSyo!8{N=I7w=ZQq`0ieM5ksx{*1U0s}P=X7pSIEoQaL~fN!H^;o$fZq; zHkN6rO`u^=0+*C4qQzl?&=uCWlWm+^*lrrf;vW`}c8Kv6i`~YYt+|B>&3DL?_KUsD z32}5pbuAQM2Tv$_0JN}klUjoXEiiK5UH#Nh`RQvna5MB=~F>mIc3LKXe5$057dkXm#zoKMNmtiG??WNW?~0EJ(|MadZk=#=^eF{bg>W3tE**qcsW%m1>9ox9QWciq;#E_?w z&b^r8`=(*n_L7)62ldNLowXpw&4L_~Ztix!#2}8_^m$v`X)$76^(yatvK3DvN7m`z zbYfxTH45@dn}19te-=(Ji?G#`I%ve=Yna1ub-=(j{%dW{D+l|N5iDe+1;!{;900wG6$m}p@@`0Hlq5?-RS z8rkAdvOC~p@J^Lt%!d)hz{wRza`fEm=zC}^#uwrzL(<(~A5CK8?(|u;jk+Pfh^zfA zd!YRp0rHxfhvff{CQ=JK)r{Y*$@_}b!_o>zNB0(T#$=MM*~>K*%{Uns<=Ec(j8CRq zEa9Ekxmb6q?1$B)s{{fT2T7|zaPFx==_c_+^4zQYQnlZpOL%b>@ja&d)uo6zZu156%Ge?aiI)3d-o=VF{8DH=_> zpCISriAcc4aFpoQcDmWAT?Y5{RoQ(PNCKjK$A3W#lk5OzSj7F=G3CpnLdJ7%R17CO zFgj!Q2ik#rT|b-8ghW|lV&2?D-kGKp>Or7!I)@yNqce>|{RB*8OK$J{cKmk@FHHUZ z#-~}EAtJcvgz~ejbZRLS+L=cg3;TxPyz*SQGDjt7&3k5ZEDmLajhU`}`CMjrCFZJV~yXa1- zG%sI`c>w!+@QteFwjs?{mn%tZEgkHQpfPczp!0Q77ZlVw%O@)Y}>YNbZpz`n{V%P&bVXL-}P(N z`&7+YRdcRbk3}rFGqso&G+A?P*3cJev7&nQ8Ci$&MN`tdRu_OQquqg_4v5t5H}!K% z$xD?bt@h)DrA7;Ap7SJ_lY`EOMd^h`0MNz{k#rb~$fwwZqgkOWKkERvjI3_$T2!be zlWy&^p->ZgW^Ja8dF*3VWRF`H4)$nZBS&F3D&(As*ieD^V)4#zcIP_7pA}>OX4_NG zpEjPZoQoJu8RYX0QPq$KUSUYX{Oin=yqo7<^H-`Ue=+>V4^yl(Wf)9JofvNdC(AgG zF4iN}e|L)`S%4(OXA!fWya60_%{fV^i@c1zpoM z#uiLrHOYkwfv>l53|r?mIT$kLBR+E}gxrM~#WKrIU)GcnA94Tm{21&Msp1IE8TGYQ z4TS4z%k@;W%pRthxtI;ON_nhk!j#7mDo&i_Z-P4C=lT9)Ln^WU;|e(O zxrVGK$0PQy6&XBv>J4xyS;VDxS!j^sW%@g`$2k?oP>)!s+iNh!<*|XVZ%FQjbNEN* zH>sX=tINuwC?P*kGTz@GcSmZTqdU`lRCQ$4sP+@^x>-f#KB~@C!pGv8Lgop0P$*K= z^7lFTB0FT^WM~nblKkHY*{ZVU=M}r@69aqw1^=xR9LoOmXiiKL^R)Bu)EKTi-H72Y zVjoDsI~FXJa=plxWERPG*E-ia{q={evPOm9!zJ0{eVB1-e;gPfh2By?U^SU{E;5_M zl9ezAvH5{~NBS2s15HA^>oFTWV0n-|pbw2mwt z;+Jykv6f;sjaw^0)FRH(oX;lNYNLcT1p;{DgGIP^c1U;DM~+AgkLHw&aeIxA71_iG zotHHwRL#~%Y~y@*LtWwIHhUI`NY#UE-}$P00NeG5XEbIHPFb%_EDvApivtS zE5p%XFl|L6g50%>#SZ*-pOEv@h1+1MY7iHjV$BXh`GZ(}i=XRQkM097iwIsu+lE&# z>_C6#Y`&Q7uD;r=zB8uEGjnc_K`9GH){N&}&9Nm*=INF-c(6AN^*gOZvm&YxeQ*3Z z&a$)E4e^={W_XBFO7qb6tF()!563l1c>2$cOCFVE1K|eXXu{FNGXSKbZX+ z8uR|9B517rcMkAJbE9{g(I;)+hbD!S{G;cuaoD_cop|d%5X*c_q~AQ#-hZRFNC~6U z>DQ!8q~rsOgux(nFTrEUCFd(=dx$Y**4=Gjc0{LIWH8w8#2D}6i;JkS81Yo~(**2{ zJ>t_tqr(V?O9w=a-;zwPk_N$)2urj<%mCQ}b!oid^4cD+j#s)Bh4PB7LU++VY#Bbt z{RFk$=r+ogJkmC#Y4>49X9c(6Z5iD;yMwKhi(+>--N+UbcZ@CB`QYDdDe!eH)EtT} zPH_>tmVn017f*>;GD6zB41!8qiA61zu42AEA3B+hVzU-?`^UIz zPK-P)5me^W=bGxGZADeF`9F{e7V+7>UMeqlnvau=CgZ-uX+Tq}9vtVry-Vj&mIAtdrvvP=uPFL-Tl) zBKF&Z@FJAAAD%QU^PK{p30B?EN*pdcWh|V3Q#y$(?k(e1y!*ZYu72vr_N!Z73ts;J zQI9{%+zY=^B@U})Yo7M6s`Z0M4W~}saMo8?8@{}sXvah2SzbJ&W${3A)j10V!Au+6_Iu*9B_0eiRY3Rx>p*3Xn|OOh<#evq0y9ti0Huwjyj~4E#D}rfIkz zxq}te;Y{a>YpRjDJZOP_>^@+H^jf+zjyE z6F&V`RcLYA(An)l#ShkiTElmkp=R!~s}(odRwt>`b{CEjjqPixf0WBhUj+~(>?R{t zXmaR?8l3t^LOnx2OlZw|8~TF>N0_+c9Ep;#T=w5Oq)#v>w89V$RaC=7uonmiW(v={ z*xF0*M&f5;|JlVV39k#UJ`pDo`zXzhpzpU_v&_RX9JCK3Pe|{B4SCXG{EjG}L}!W@ zws_zW0Qd|zC6rj|adOF%6U5l(&zPrjXtq9dB9e>#L?mi;vMusCX`5xeM-BZb}FP zm#VU^0(ckM_=SYvkaqF1Wzw`w#60aj&%dujUB=OdWM(oA+L1ZHcOH4EHE&wZ&SFm8haDiIb6R;^=HGqp;$^if zaqyXxGF5tRR~GB)JjRVGP!Iwc9u&LU%Mhx~57b!}|5bF*X1+~7+3Znajv zEgORdM}EkfX%j%Hn)dHx;!n+uLWrs(ECn>i(2Q0fr=prJG#sVSMas_y7{h7`7!C?W zOLsCPe=X$HIYW+66$(d*pHecUI8f{?7_ZgV+$SN!IANPGsXsw@9S53b0U9~A7+Sm0 zEf$CFuoAxu-*xQp9iZv3!m?L63pw9J=#`K%386|@JP?Q(hW`BHKjTJS^W0E@;T3@L zH(#lEnoRpawQF}2<0o(@FWV{`Wlfj9LDH_bm40@I(6Bc@=HM*wzQ`iRqNNR|)8oJR z4Ls@0yDiU3a6>;F*PO*oUMx)K;Wi7OBvz{2ry5F@Rx<0n1w6Vbr9?+w@*aMzXSm0- zz7s$eb14yHE8&Tt9Q*#PTJSiRS@EM=<$(w?0lkxu`jr-mvpi%`o+9> z$q>NnX@h7_(*WeayvRV`YxRt79_Hv zVZ*dIH~{ji)Cjw~r`pd(*8rk8xZU=l*pZ?p(+gXYbi6M$JBE-<1n3aTZAE}bwe~Ph zRSwr3-#8oTt)5~2Xaq$=>>M_u;L$tlL5&11naW|T>aIk29t-0LcU3hW8ISVY0kWt# z<8HfkklsxCY8WG~(0^$F^~v~6NMg*dYzU`>y113*^q>CSz%zE{5g)M7epXO7W=EP=zE$2Grz@i(RnauEh``tE_%2ZMcOmjgkVxA zw#I`j^qY1v>jCh9PxfPT(O^2f@UQkGWuWMcD}cQ_Y07gfPr;s&DJ2+tCFt9#40dU&B=;x?3Fqt^5pR3B53B6EBjXx+i>vky;$L&=s}$Q zcHv(&dPPu12XZXKtghLUH`UC^y5XMI2vt7&wyKfVc#fHvZVK|jhBkWlfN@1MsCD6l zH|#g5SA23mAw%zLBQkL$$c<#9zVg;uGF|Fm=m!Al_kYLw*$$$Ycu~ zZ<^R@_C#N0*UVKXf4flZ;BR~P-bI}6+m=t&D7*-H?EmrDuTmYKqb+Id3PG6+oyM^~ zinx^u62F~3S%@{>m;r#F>{9%B99{o6KUQ#n@?05RB_%=kCyDA?DC?aB?$4_-1U7fw zA(sV$$g^ZBSDJvf2i3 zUT9x=OjC|?q9b2|NmX~nppI0oH;80fNVyM>*@v8d^nY_n`)|HMH_Gy$!r@%4SwLJca#1C|0E>Nx?NtLO^@ekIZ5(YHeu)_4n+|_pxD2VQF1t**d}Tjvrd1F!v;BP_J%mnsSnT?ZjVr!;ys+yV9i&s z5k-a*hAuPu{Y7)~Z*wHmH0urEPyg2kbl@LeK-XR zF!WgC}fU ze->VwG`c>AB*nwI4x5soHSL!zv#hNlO|d;tcBsN(Q!^Z#|Jtdt$0t_Z=*VU!ZrvH2 z`O6gFc*0#E!@6@Fg9#z0(OF$P`*+4g%(6>%%<{Z`g#|b;J-E!(w$2$K0jUZrb>f{D zgFrIOO@KRCS+@vBfX9~cHr#E&=j|z*Z;+o(58;^O4vqW0)oNoD?FNZhFt`^ z^5zyZkM%qAy<~bDW+q%vGD91WlGpC~kMNU|8{hG0wOpr1p}`l0SemKq)C=n-_npQNt!79e5k;w=4W#fYzHfNMb)!#IrLM8Ug)^RLW zBz$rj*AKaVEXPJM<`7wb^TlT!pz86Z=|vbg?7kLP$JuVzi|%-)3LhZMWR`z!F=U_` zFA5AtmRW9X{^JL2Rq8Y+u-IcvL89HUm4elvbXXDV8rtMAwzQs3wnL^c?g)2=u;nLl zB{_lIUx`lc!8MkJz(&&TZwZEd(N+_6c$rqpaIe)wMM6ZTz^dqw?6c8Q>*r&&QbFz_ zg&@Z&fKIikW_1s^XNpvzrS3}Nw{~E0lNc!nA$IMZ2KUNTA2aTDAs|C8iz|3GqWd_L z2v}^!e3#O{%v*5!>kEANZQ#Xy1t&h^EAgy=K&g2Y`vmQLK>6z97|}^K9`QSeR7Fj4 zZ^fva@BT=)^fWHBNh0NSpO>w!x5Jr!pR4z0-C6stxsGoynsCSig~lt;C+p56p->kM zUYL(l6_~S2icXP5%o;hxJe>V6w{`Wb7ecwY?pATCWK1vSR^U1?7F7^cxio zNn!Aj@Cu|I;If3~0)}y)UWLTi?zu69W|7D0OrzwkBK7kw$7lUmW#g?b`cNE~54&S| z+GBd6*nsPb;1BCqvA&MKxb0=jSCbV03+uDZWxZ~f z)|WFD9A!b%HBc|uT-ciSXrdA4$`2*+s~7#1XZs@OIr%c8AtK~l*Qb9jmVI07nvo_& zPQq5uDYKPMj8q!-V~AdR-qe04tnNBIvRCYNCW}ioy6$I8wH{Yp8w8Yr9O`KhZ-U~_ zoaVgAyFJ-&VD=_~^;)J?F|aXiFv(@)rZyk$2X6S#0( ztdd3~fw~17eQ-RdlH6H?quri2n1MhsP@ikdUIy+7zXEcmqrLtZnoH zWJ@zw_uph5LD4v5Lv35BE0$qet1um}n0)3BWjkkW%&&R-%;av#eh3=LaDVSJJ@A9cm4UpG9)vJ(Dv88Xp)KT zOjSXO%Ah~r(zrSeQ|*t40A`4wVqxbnW3va~_FzKXApwhlp2ASIi($qH+zbcgF32TB z29kBu=~LI`i;`ld6~yUPue~=T0{`KZ^v^*J{BS~wyph1>V9ZFYC*?%)L~mJRgt`L- z4sKon)AVI`(E)RY*YWPO@SqbybYT=H`WvWnvbw{f+-tXNR}1n?ye(a8cSrsBka6^% z$3whII4uyT34wKb(n)PQOKua^&kK8(?<~(I9h$m7egt{l4UC5VP|MVO{ys#F@%~}+ zoaxxb_Qk>1q3@;l)J3V|$tP(N=mAB@l@wk3kDH0c<1#erb|h`N^{{>4=j8LplcfaC zY6z?qMF*ySx9GsD2XtGu7T+;s^|aQpr9p&o$Z|~BhSQtQT20SfdJT1#FVk-a!AjQU z!`PBkkNu1sYw9$%-P79AB+Z9=g!Jeg`t)Mp!;t&#XvH%LiEH0&Vu4 zR3Cr2HXUVn3Bz4$hlKcx3CEHf55{vUvU)(tFT{4SxqOI)pku5z4VCN+Ct8J;U=Z&% zQH*zgB21xIy#9sUH$6Puv8?Xl)hYOv;5rkgwpw|#x=9Y#9Xpxwlz|T}en^Jf&!kcm zjpsPUj$yY);xNtS7?InN!SdM1u7_85GShGu@!%`THN*Nf~uB|J5vR@~fqW#0xP(NGdht0W}Lhrda9nVBIaM>RIyJY z5-KV*45ZTDK=E@_q|^vnp*_}47c^H@*5$GveXRFPmT;ylZ=Fm2I^#bKcOfwN(CCResGSXuxh1Ib@8_xwUbbe=cHlT2hKSm$vlRM(yZWu;tZzm`Qr4^UjCM z+i$8q*=o=K~%AdIdiRqZ;45cKDu zxF`W3QK?g zN>_FGoiqOFhcu{+1DzMaoPiwk^6b9MF#g5-Zn_KGnYK=@V$Cx)w;6C$*(2VCwsFn{ z+wzj!X(fR|)DY$tR(7@FD3dERQ)Ujr4OusMx_%(HN}lP5OSLep|GB^BVx&A{RsMq< zFh%>Cgmp?8MxS_|xDw1SD^De|Ib~W}WLK-+Pf_-a=yW>1?>2Vs*634jJ*9vR-~d#o zy*g=+8tverL8M39+bUW(-2v(y)qagZfN^aqbEvCjf!NT*7HU9;Y$imxH&$V$2r``< zTSpU%wzGxit*LWd67h-vPg@l$YsOD7mK2BXaF(UuAHHf8y+Bk++6hN1Xpo10VR;NPrWE(v1*EF_6GJ4GwFH~LnidYw5>7(nL06EAM z{9RhV!*c+1h0$4<0%FLIBqnI4ox|4OG3YLY@p6?8f>Q(SA|YAnb)UQaPc&YHlj$y; zT1!tH<&$`ranW)B`ryWb=o&f%(ldP8T^|32IGHn=P~K^1%5{hw5nrgHoQr$J?W+K^ zoSJ)>C-oS}tl{nx!u>n=sp4gH>Xw;y4d=F86&S9UFT6zYs2;A~TZ|1#tnR8{fsz|B zStX$o+>0+A8yi$s@OZ=1W){l>ZJR0nvlPW`?o9jOB@V2M*zVir4CgSR@}g1Mn)pE4 zEJ%4?&jV0uItAe4zpdj~p=uc=Xy^qADc>N_At=thJ}DF6zM|qbdJkkmQb~sRm7j0K zf)2QtXV-QN1y4!-^8$03nAR=1=#Q)S-aau^0kfQCh5_1D7*GXWn3N1t%ljZYhHj0( zKBVz!^OqcFY|dgnSWM$r0_OH13bgN^JJ;iGs7&v2!Zt>y2T6V+ai~qwP&Aqp0Q7HO z@j%%RlDgkrgJbC}2K*hYSC*Gq7@nLA+*{q@OKq?fqC|qVe`v>RA@U-}9i&R4Q$cOb9xn4M!P#@^@}d5MR0&teymmDm0)Zq0XmE8IKm z{qJjY18+0h4W)Gs|IWOEDyaS}iWNhr>Q=rvA7Qz?aVpv$k}7LpMlKs@}MlUFS;UBH)Bsiplr$ zz?uu>hc6;0?W6!Nsfw=+T>3dHClp&`-=1iwcfD%Z>#T;9xeuuE;|EZ%fset-r>R4H{TsOrSXH z+Rrs#1pc}Urqo#@mB}hldi%|C$C?x-nN7T~Ppvmq8=FB)+c?N49%mVtH&$Gbbr}W3 z3I9W>AQSvT$Gy_F&dv`cfj zdJbBb{>DpAYCM%E4gY?;nIjVTCZPv?kX`8kne^Ii&)#8tEEw>21JJM^R8>{u-eD*5 zd3!iaaVlZMsQ$n6V;i4r?I^P)R`gJB!Rw3>l-wiLM+jc8>rdK3Vz1{SbLjuM3W2EY za~S+j>~&y)Z4;mq@4Fg>br}W-n&%A#xWff-w5i{+-`qogR`aAjl%3VWv()6ZZN@iC zP2b-JZF|qUwVimV6kjqrDQlVf0GCYK_U%E9@*w1={{q9N#1?e015%3Dj3BscAD^|> z34k}h2lQoi=$q$b@Kd-bS)xi-KX?`a_)3Mp7dad{7-?(4i4#C@JAzvwJDbLkpK=T- zapeD%4|);MQmX7)&z)-#)1F@;BQ03)5Ku+Ejewz>QAtyP=0koYreds&LBf&4I0too zf}lX|;qvA^9>fC9UFV|*GPcFO_@I)roNS%=QSoGn0clyy)?)4!IC`fVOFp}m@L0?b zNkOL9$oM*B7jHPuiOC-XaNXYAJW5DiO7$HjuhwgC$r?MqvC*$qG%=4m!89J(8v7TF zt{@8O^eG7ItUnRr9C*#HbQK?k=<*ydu{OhDBYj)G$i+Fh8rR#w_}+wdV%kNy+tvg} zLiRI+@&*YzTXVm}MJ~=A5Mu6KTYl2>(C5r8GnR3AM!D>tBEgl^6AAbh%Gn>nRkUOw zhWa3pEY4LQ0xJpfJG*-B>1?oqP`uulNUeC)cPK1#KT$ifs(`;l=YR1E%6;gfa-VAr z!7w};K%NbQoLKTsP z6S2tC1bSmEF`HftVXUQ>!2{6n=`Q*+VhNmrK*v#VhM^<6YXx37iU@CItq&}y7mTw^ zhf)brlPWq@F{>FHu<8S4)u!v&>DWpLdvpQ<>Rv{Nqd9388BC`mDM}jpY2VMJ`u4^8 z0>W=AmYT(8L(AG>Bao~vTht-zJ*4dwDccRT zICSXW^vm?qK{HriyD+JIVQygGgy58rE%7eV(l1^JWcq+I$_l~3;|AnL)Q?VYJ;|4y zYgdB%0Rc6Z$$xJarR0;vyeSeFI8Yj&L5yG?uJuo&9Q$Pf$nR-SshZIN3 zk+RZF$ZQQ$y#(yoLGXK)){(s56Ctcz!zKP0rDTZH3m=0Gz`->#k(c3M$ke-T^5wrP z1%2?aC*i-i|JzbKFCd=H!(KBKd!_|@rVJ{HoU;m%$*O~m<`%)p+M0l4u`4PxC2dj8 zwW91=XhqS%i~A`%FtW6ss;I+lV(bDkDv(aurXv58Liu{z2#v|%N;Da809U~ zS&~^1*IywMG>Tn}#>=p1>Mi}!TR-=8T6(?edklt3JAJfe%SDBE>#%eIsWVvubc2i| zuOiPf2yl`+TN!H17S-{tJPPNoCmMzmrIv3>ozEH+> zLdRIx3K{d3>0V)_93v#qup2=C9uu&jY9^w>cAyZ_T{Tc&nO47aSOY+pjgMv&;oX@5grR^(RMFcewW~TdkwRR%DRkJ!4fxS6f!)8 zVT!CA^7|b+JXop*j+31U>QUY5y8JX;Pd6=p!i&DsE*Vr`w(By{vY=8J*A^P1)(rYD zPsC?%zp5CNhm?5Vxb`IlJ7Ovu@|i&U45>UUmF+}BVgx0q6ep*4mLW>!_&c`85?HW= zGZv+yYNyIz4o((RAL4J)l(3)8 zm7t|Pz@(#fSLBl?(4@?WJwV9&IyYHq&~F}2+WnT-WSdd&r=h%V6?nAlY_uzWj@Aft z(OgnOlw6i;pIwkVraA`V(n?4fI$TQ<(OnTSnxzyi-oD|s@Nv-dShg)TOeuUdsM(>ZV|wc_5+&?KBo|LYPSytAU2TPRHTKHp+37_b&o3=3TK;C= zA%a{+xlM0Nc_2tmuXj`H=lTo*Nr~B01e}Lhor{dvSIWCG zrVh5CR&z+ML=En19jdp3uRgCz*z^buXgj{a(UPGvUg6*T{#4s#Ascnr^}AYuvhodi z=T3QEpJPa=K!kioR_Z}>IfvwjdrL5x6UQZe3J5#u<^y*X^pe!TI65B6)QkpM3u`rf zDv6pd(A^qgw+l@iPAk`g^f#`>c(IOR+9s~j;jXPMaVMF1GTt$}uJ{TLtx|K&eQu}I zWzh^u(-&SkmC-=EmDTQy{6>NfzW)J5--YWrFyuN8HX+`KjL<7SkJx^^mwQ3l1VsIc zjRFh04Y~k@8J|Y6lh}yk(wvlagiq=v1G!g_(ZwkO`Q=$&AX40+XEc3uyoN;WXX8!> zV+MPE;5h)tdis)HS~EE@zeaQiW#lqXC#nsNueZ!onL_^)XN{YuGws{FPckK54=kJ< zX|NU@ov_D^I?)8=j>SJ~Z>q7KH~r41fTnuON4M&5Zh08Dx3#>!@M2QL3sE^NelPdZ zc{!W1uVzt@FyD%_W-qP14hHm|=kHEl)FQo6@TMd29jLK_$dQJ4@&sM>jZ9jvoyLdg zY1fQS3&z?zj|meoq;%M@;a7arI>(%Uu)LEetV;8<-DYZGGIY^Pk@An!Hbpfmm_Pxd z<*y(N|{MGW`KXXkO`JKdCwVB&yg5o(!#O0DBJg_VAWh)pJ+9LKyHb(J|&W2D3}_j=LyC z+0Hr=M!m0?lE~`00keyH)W$BU$O~t8MsttUqN}?&pYD&EZ8%1K95oV1BdX3$w)jMt zrFZ*3?6eP=rVxE)zNF;6c2*^k{x=W#Xe=OP@x$YPp}7T#ShCu*Vp4d2#TcLbpB9*` z+uMKl8yX#eb`ldtJo8X1Aj;CmodgxVe6J|+EUJRyq8JMIjjuvhV>3W|q~Es-fe*h| zqk@<1XF4ZP;Yab*#!Eb~a9*5kUZ#O9XA`Vr!$39^_qn zUSn+;2Qg&-Izo3B3#F|@>D4l-&$a-}0HtjbEO9TODR#ZKuY^$N8x%8!r@yo`VT~yw zMP2?l01qHBY60)(&jLIRH&@hClA)H0mtP9R7gWsvo>Th~zHf$;NgjXF`wK@ljSLG$ zO5^XI`Hs#cv^=Z!8ftf!LcVZt$kS^WCALD=t@IW4*{~jMwuR4us z!-jA!x@q;cc7NTYNIRM0I=hcC0$CY7_I_Nuv8GH=BEt76}*$XY9yxUq3;XO-E~OHIXq8pda+OoZamk3$wUEN zBLGvy`O&fuxD@-$fTh#K2emM!s+jvMOhKxqt;}tJVhlwn=41Y&t)^*(5^0BR#o%s0 ziqi6T*YOM71jM8UR1Z$_l^U?8*3ApGCte~IW9J~9s9x#~8R+Z&e|Z`ypJ&nkkodvC z&K~p*m?EsyefTIz`o|V3bFiTJeQ)3n6Q++rg!y>YIO5bj>5S9tM{Swnue|4(SD*Tf z4oF$mMkefP*ZLepdRJ!Iz_l_)vI?iFch8WSM8uuM)ocC;bs1TsLHV2SYeR8R6*Kid zyHin%9VPG_eXx)<2sV1|}!Yhhw9$jSke9I)r`&jpzrd z`6&sPP*gDI7uk^7B~>4|p&Sfi;kV}OKARp(Lv9Q68R;N;$Sx|s>2SMEeEppC+~lt( z?P-d3LxPVQ>Rw!XfH)-$!dB3fDq8yZ88~|k;Y;eg9a?1J#+&C@v{Cul4(0gGq8ten zNy<#C&(`|V0qi{@Gk*41^?k{@QTG)gMqLV_k*{P3KzhkGh*A_6Wt|}5tI}2H`C1<< z3d;YAAk{q)fQUPvu6XM@FVuk)%9{knhr^&>aqz8rPJadamK2}$CK51ADv*v`f>@4J z?sYcg|2e2c7X!ph6Kf2CqUxSfm&ANdoN_NeB**5YTn+SV60<-W&IDFlXdfbqjTK<`ekJ10dL~JLgB2`5Kh3tD4r7ituilo z$NlH-0)djE!kSDC-RCBVCwtK_nrsZY07Y zTD=wrUo6b*65jiu^H#Ayv>R+F;fw%v7@wURFI#^DSO>Mcsc`N+SF@bTtrX-HH(zD5hR%#veI9U%Os$ zIQpbn-pX8>fYMj@CmIpzf`L#l?^rMj?O2hSOd=?;%Jye@GJ9zdzzI;n-ZQC|=tDk_YvVRs&l8DQJT6c3;!vgQu zca|+$LAj=yYr2jy<~d0tJ!}qlXpZWpT1DJW)VH9)^Cij;Dp}h>@S++zd@__IqY4kh zNsVY2e}r#$@Ng;6e3H*)t$MU33hu!*G^N15yqc>6blT!5=Z8UNB*~dKhGG`2p@>0? z)oGusKsQ7w>gg3~HSj`rz`As(JC@)}Q?io|jms&Ev#_6+)OaYCnhiN3Bm46-jqS6^ zJsA9#&p}>wU>URw%Hl@z%+r$E82OFvj>ON9641nR5<22#b71QX0hN5PZTB>+P!*X1 zDVZ<%D_taNgB(j}ZCUxDacsnm_On!9<;8p@E1W;128wNb^1$m=Ys^*36{k)Jp@iBv zER#Hn>I4tGF59&-LZoVBfbO0tJJoUkrhN_N?J2c{%#JT5$PU$1nDij# zylloAH81JZGau493Ls814IgD=HLyi;b!#Gv$G)SwH%<~ar3YDsEA7oWF%Q{9)Yi6IY_CFFKj4Iyu5yxC*Bb7FSN^VUVn+d#i@q^b(Egh@MIybrT zC57E8UY(TC4P!z|f}xlc%V8HkVXI6yIc?<@1==*I_qInBX+3i7hKq%90+nVpAuHCr z`)tDJ$3e`TSEATjQrfl?FVUTw{6@X0il}BmSr-E^F9b^71-k|P68_Lu2T9;*1D^=iEU%MrNZEEsJ=@M`$w77Gd_~pEx7r63}{i6H$ z+NwOZt6MrMGEg-0HbY$5l5l&xG#dG>qSp4N^OXta1;FH>fp=ND3x)Y zGFcJSr+_zH277neTP*rd9dO=2N3tle-!t4=Nem_uEMR#KUS(XKi;7c#%74jzEp zR-%b{ZG03+T}ZY!`iyL5?# zKF&s?()=9a;_jq|vIjB>>hfeF!XB^t$&^}TSrBJ|Rx#h9B9Hi4c1s4Bk(>nmIlTxb zYWi)NQzT+cVxYhk+)jx&Fy+Acd8yqL1pLmOUeQxdkNv=&q0Umugd&$MZ|KDA86FI@ z@E}17dKUYvXUlKrUO!P(yzO1cKPY0rh@x&Dac&Ir*t<}_Z46m~X#bVMNrX@}MLV#i zme!!@T4ZMP`X!~8Pz6Vsisq&f{D@4=QvTL7AG)&-n)%V!@%^+ zJ?tnb#gGa-#7renpPiSPpcQedg~>%ot4c{mMy&ZVsqRV##03fKB@M903X6K#8AFj$ z3QZpFlEr&JenA1Sv7+ke6>(#7C2*si8->e#LN9+ZSidSrl}%~vQB}rgF9O+2yi%(# zMK}8uQjfhy`df&y*wRu{9CA(u}-J7MX&4rgwAfuD=aeXzE;*IcP zlpH`->NvMf3>Yy^To2dr;z?DNHg?C7^EPRXbg{(a{f)|}>e1*JRUPZXZ{otzDC2V4 z0w)m19A!RBr36<*qY319TUl2KZHAY4Uzx8|z$G9)TLyQRq3OM>FA(NO6ZoV0GD$db z>af?DD948nUS1z<{(nK?H=BtJ^Iv6!HvKEsXN7A7g8bnA90R;9JW@Ldh0~>Ws8NP@ zq^4#EMcB%beuBIOqDJNCDbhc9(@0^+Im|-V=dC&uU`Sw@eb|&z%2(2v2;t4o+7%@9 z+BZA+SG^yYlPlc0Ke*YjD$}h7*630i3AR0_fW}lDK$ZhVK}IJlFB-A0&dvtMWky3WgezGh)T4E6PeAI4n8GnetL6qI zDLS7xqwRWbdT97C{ilZoA~Tb=sBj;7`;XB&_)j)XWDzRam}ixnbo|`h0K!=+k~H z%IPf7?Yuh&s$HH9M@qxi?X{z4l5@DE!rWotCBATF*JWyGg;_O`)b+o)B3Xpz%uhc@ zqj*r47v^UK8kMJHCx;| zIo93^ViF^Q{4oid4&nb=fcMp2#Dsx3=E?Plm=NF^V?OXi77Y;45%CtP>IudUmO!`6 z)S@a24jqcN@J&d`0=?nIPm)9}^CQ#dp$Z6?*Ku~JNEQ%QjTaHi1EoZ+3;_eky0$Mb z9V2-Vmx<}LV>Ta4%)em3QK#@9l5Cq+$!#jk0~beW)#Q@JgQ~Mfn+m;+u~HVpx1PQT zTd_e)4zwD#D>~%0A`Fs2x43s;S8}QjoNZID&YGHXjyTYbZRZ~hvz^A zLKub`jUEWc@S$b6P1!D@uHE<_jgefqB<01`DXDC|x+INOzg2y&)iSu{t4mwu{V-se zQxF15U@#yZNGa=*Q0v#ZFg3L{Z6WuTCdk==NdfKUtjpaYJVI^Lf&TXvohcEm56F;f zSsL}$H5LhX;~s)JnDe$$dBX0|ishqmy*za$-V$ux6n{B{N^q&^A$^f?2qNEj8U-|C zi=kAsLLh8kwEcRQt3Oi`-uehK(99X_(we&RU7Ckz36LUq@lubLX zh)=OIL)ZJUFE3<@i?NJoVT3u#x$^@yE-zAF{`oF4Jp#a{0t(!_v7eHv$CzDqn@7ud zgtw^SIL(={Wk{mf(MIO5&Tw2W#nmNJ$@YPn6s zjjD|Qk3CoYsCh3=MncX-#HG@lT|Kf`uEYPUk3yX{o2M3w&;NeP5&bY3K{X(*x&7q-M7~2h!c)lXR-1W51tBu<7|@SXAv=E+fod+N(_#ca&d95*zRaivq|>~ItXp9 z?FCw5R5RnWck5eG$p-mkf(h%q@b}uExq##y|F)Mn7mEZ{&`vs|b?E&E@|n_z474tQ zE>D%_Zj%uch)=0)>6bo9{4t^2%UTh*xHOsqQtkAF$L+3g4PKeW+tI8ov4>7>O!^A% zbrluj>%}=D$f2TOJ))Sjaeb6`0ye+Nj-fS?MctCf?VObQZK)7&eL=PH82G(-p2ULm zCQ=ngOtXskLK-h&q^P^znKnEnv&wGdE0-uX1+_7M!t-FMU_L4?;2!lhmI027BJ4C< zvgT&y=D<11M)ywD^c5|=r$B{5_kv4ew;M=ccsf02@JH$-jN0GS^(%B509=5*LBE|R z;+7$aqsk8G&Mm@_vE->vGKhU_XvktV=0MV@BwNv}cm{G3wi#;nuvsO2gq@So&gO!jJx^i~lHaqI zeW=N4lpxs2kQ)7fK#HrJfjmZ;N^n?XjrzMaEzMLvNu-l|>`3moGm{r%`;7P;Y6Vxo zom8smE1bwa1_XYP4D2>$`>}OLW5mXUhokO%Aj2##?RQ34*G#+VfcTRI?e&o0R zal@vfP`;rvZXqK$NY%ykoSO4IH{D&CeEYU4j8i4Ateb#ZLlfm=wkG>n z7@VsnEXp!=t+3K7KfT1x#`uRuP4T5*VfT8+<(mblNfk@qUn)5&1upTizb=ePCN1rB zOc2@DI*p>-T~WUOY+U(apeW55PN#w*Vi{|W{;iWoT*;z6>Eal<%mtj9F8{J8 zG@0ijEOQB0sS>eNXn$M2cW1F74$WqL_J0KyXac|x{qxH7c6^0BaZ2fpI2~DO_LRcxz8i2Itt_x-nK>=bTaxgZ^sO44@IbxGf&aU|LU6k&al3gM?3#E3 z>VHg{Y5xJD%THrBjh#DyxoRn{OjyD>wzDbNcpOz!H0UPUNY$45kw*?`NKA!Uo`k>d zmNwxy^{%J-?rYv1aPF5-414TrSP98AKNlI(@Y^EE zi#^Z##Av=eKvKA&AMogQ914h_Ot#8EQ=Bo8)m!%`n!YosGEgL0iIWX!1z&ZEPrPn% z`Pc!CN9`dM5nr&kbacAiWW^Ch6|#?$5=NPoWwsWvsn{ccd$CC-ic5nCwf+4=&5JJQ zhoHNK4+XQe%bd11X2RUAF@7W5Z3%$vXR+O5V-~<`lHc2*{pafW`uzR3*^oi1$EcC3 z9(cauZ15+;?B8NGdjTMlxVy4Ov zOx2ze2j>~yz{3|sPBiy#Kls|mlM#?V_So|2#zb~jPXB&7n z@$dMT$ZNGJmf!(9YJmdVGSUfEbwi;3S`pRpZVDJy1x^;?3|7)^pAsF6y0q+SmAroY zUk$8Vn&(p?+`|OA2VXc|RXA=Jtc#a2iP*J3Z+bAnOp{yI=SWfG0sAO%Kl(IeK#X>l zaNDYM45szsC-(oYMSZ8$JKlDdA30M{Fof0jIwzF$ZTJ}F3^>-X5r}T&F?YCYeJmDE zv>0B;5a={`)?$9{9*XWRfNOgXe0 z4Uk_$B}5GZNFQA1n_&2_NCDV8n$oBFTHXCEW6fY`!D<$m4ARmN3wvb9O=@T0PJP`d zw$C5*o+H-d;BacJCDg|30p>#He(>?j4uJytQ_l5dynlKWeHvARzaSHNZyK1s#w??9 zb9)YNPXA_@+jp|b1(hcd&@pQS_mQLg`0X%?IJn6Hs)R=ls8#Kk8XLd-|A=}Ewy65= zjdzCb7`mjpQ<|Z>ySuwvhfZmvVd!q8V`xxHIt2;oZV^5Fo^!7Mc@N)f?Y-{!EDh%t zga9-xRD#y|n2b-IMYdS}Sw1g$DlSgYe#5N!8D=ixs36D6aPszlO+SpowYb3Mp-gkg z;Try0HT1nGXXuhUD#x@yYD|#d*zoPP%e3pN{LxdL5&~~#Zes>vV)|xzz_^1XOvll6 z3R6kuD~?#h>iNwPQ)H~zRqH}2l?chX1G3?1#WA@vKjYV5!(L*FR~_fVsiee+GU0G1 z{zC5RgCPUqItsTSTB5EJlob&;~w(z1W1it#k>LaJE|sPR?YwZLb`DtYQ1p9$xA z<{>iY$92~7(=hl=b|YjYELfeT9ds=d(3}6IT)Yu)PdLmxR?KJ}F;^%WN>p3dsp>Q~ zp@w--xgIG@0!z9u`_Aor_y(owl06Z1d6vIP*8^|&f$~3^sTlJR#{8G={h!4hd-?87 z4SQ8ECvG0xBv}vT=cK2vv(bUp*w5TFLM7%MQ?!!Xy3XR53VxQA6<1?j7 zqbwTq1F`HTkti-vhF& zSXucJE$dEKTowPc+6zA@`-bJyQmfN6?KwRC>L@7!8l9`*wDv^dR1&xkiQqhwem84f zeZmMEiT@L0P(vFl4ELRByT~%jQ6zKl(0B&g!;apWanaIC{D+S`Q>uDLr^f1$1nq75 zw$he5B;I!P+MT5ryA7>#EkXL6PMDN`Tv`k#n)TNh=_V>U#k8F z*Pz9~Nmls^0!yMQu{%{i7NcR+-bCMwWgrtb1X9g{yW$pf#5DkP%o_374rvY$ya~(@ zY%LT~r1@*eAsG*nG#;x^hMu%Qk-;In>>mX+ef8LJG5OUdGzgriMFe+Ifoa1{F%9g; zM`rQld`Ag{0knmOfikS?x(n@pc2R%a;!{k!jYu!N_0MiImBEDZC8e*GApUx}@jz81 zTO4GVEE+O#8oKdqt8#qlP`-iGcLrM~mCJ>&fU|i2@r2H;lU<$tg`1yQC0~Vpp|iAy zeYI(GB(87&In?qA(9y3_cTeT8#jULwWWJDLz#hvs=)o+0;TPA5+O9D~_W}bu{&V_0 z2p$cRASG`{ztqpeqK>~5q63!?L46$YLe?J#pRk;STRWT2slXG|>&+;S^&m0-nhbUk ze5#7!d-ZFv1*Kg7T>MXeQ;?X-x2rNFGUJxe`U&M3VHj>KCBbID;lxqw9nlrZvLLicc+fdZ(k%T)wUe_TaAdw_XVUG+P+Ny{=H(7q1XGIFj)xdEBkE;>I6(P}15$ zNMc_K?*4-Pb*P#JzqJ~b*}}m=fzs|-&bDX-W@bH$*QvOM=2ij`(R>Ul%8tCFUxnt* zTkYT@b)hAj)m;#>SZF6rXTEm7v@k*Uz{oW>m)(#-VPzsK+8UlgHjtnUR%XlD9ZG?< zU|8cwqzA=GE9?XR$;ZV1^&4U@lb$Z3#{4U>m!s0)JRAov$>6xk1mDMy9&6y_fRZAm zuts-eQLoz;AUmiw`Z@R`RTA^r=|1NAn%Vqv+m|hwLe7WkT4*0heses6TLe2Jya0;#{ zGGt6|Gw6IkpXA1UpAC+)FFA}|*-svM;&Ee0x>_^_7NFr$uQJc@(PU?q;%Q9V;{p#@+FGBaC zE8zz|4k`RnViBex^Jrf->-bnL)_NaP9@HO>$E{ncX{9wChuk354@E2Iw?%t~*Rk)8Z2rhsUapv>6QK?Bc0eK=gKdbpmFZ%JJ2FN2tK{*e>=F~+*g-Ev5(oFaR*$GlQNbzDP>GPNC* zxUy@=y%P}Orwj`+oaptXO3o}bM8VeI3p+ibL7AsX@)I#`ct@LD71z_l{w+U~rX}yQN<9rFK=k z`5W_N5>1q@z#uQ*@iAIyPFFYf$n#4s9%k;b50M~@Jh(R*T__HZD#|GcyAozRFlX!o=5?5BWXWrKjD;gEnZQ`mEySo=;P-vELSv ztbz%Ue+_sR_=&T1t&+v!`t&TtCrOG~%j%~A23yfurIlJzD>80YZc_Z^c|V+udvdQ* z#Eb~yQ#Q8d7*%d}owc(~{0f`5Cuv1o5069^lx8j`++S4+Ag9Oe>-uiXUE)78B^Sr1mm; zG|5MLA_ZWZ)5E{}a9~0<`O#ilQo4T*y!ea=lB#Q(N_vQ1s9FFdCOCD-8~nZ)xH<3~ zzRcmMI4zx}p(zURXhNn&baEx-4iL$(9l#8Qr51!HJZR3vNzbfhHgro*kj3pnAW&;T zM-!gKWAX9inN7y48Xo5hPv!CKYrJ0d1~i=teM6{xd$@x4tS42<$Df^@5b45SFT4Z< z&SIWphk4G21w-+oXg=ig3J}!Be?iPQmdFI%$yu1LeiitM*7WcrKfX9OQWcSh&u8~< z)9Dq>i-pXP#CT*>0SBI10#?i}7Q(K2{j*M^?O5dGojgx$#E!RV%hAv&nI(oBMr;Ky2TM zm)?htOXyD0P+VNl;KlMo22N|MMD?W+TTB|o#6zjS3*=1Qj!Vvh*pS|(!HTLt&!fP8%XIrlAMK6sYZ!R+pjNbgSWFNN1>+))>| zb-1`p()6!8beS}DuJrqnC;!qs-j%bEWIZCnW&SOR7@Oy8s!CXGT3QvKl6xz$IM$2Y z3w{9}t_I3Dhvf+%C5%PF=bvF|$f4Y^7zQWjl{c{_b}pc!eD}}sv4T^n7KVqp^TB(2m7h9ahn_GC?W8d%$VUY@=vD~V%087Naq{-#vCxAEl@eyDTR z{Vt=pvvz`WRWx9_VB%ljq-<%xAEbt1%sN!E#azZ|v0~qGyUOTS{TO9(T8BS3Nhh_0 zqV(uo*j*D!BZB2wUA8$RdThS_g{{Y~JBi{a`i2^fBjeU(6MBvR?RIZ+B|8l$_56?x z7_`+j5*>P~I(BL@?_77Q^Fiegp2Ov0`+Pp^YB zR6Yk~DF&w`0 zt61vR7xX7m`gvrnl}zbhVHudhLv^?PEV&k6Vj@3q1|(^&RmPvqPF&=z2L9I(c_;Y) z{_(}Uz0tk_LS$Rw=?@Itw%`One#ZOd2;eWAOD820HW7_JfQ8pYYFUk-G);BBhYEB5 z&EnA146*jpvlml&xCQ@n$;1c=fET-Gdv0Wi<{<^{yY?2kP>GD_j-fSyw2ZkEg`g&)ao^jqN$ zq~JGd63JA6Kh&+;zsSoVA+}+>BBe^3$_|4Pum)6dPGV&Iw!uSQVJpWXb2-&BpdzsS z&4#RC*#YXWJz>m}-%hqQsN;MTsX@u+yfjCA(EX-oFxM0qSEZ2Ik>wFD7^sHmew7Y~ zZ{S==MScIb1li)14jXyIyZa&{`b6okm8~FQLht}eSiXynPrCB!!iz}i-9fuFEP2i9 zAwJUFqHJ%jLAby)F9S;JU4YND^ru`v+n#*nNvDK%=zesc4#1j;k*P>Sfu}N2+1fnP zXBcSdDq@-z=6e`blyUuwwnWnkxWZGt(Ri85kz5c-8~nC26rnv4hc~XtIQ8+a#rY}E zLVo(|JOuLuLi`T3WxNtF29Q^GPhI+u`BBN*XL*-<_6ym+R2bMM%3pLb<8N!)ZElZB z#X2xF=iO27{i&X9${_HLo^?~Xe)Q<>o~YbcV)Oj@c-A9jFOqy=NGIuaHj)ql zTJqvBR~^Vq<0h@IR{lcO%?348ztqazm7GR!=`Nj(YDw!?LpkEL|qs`pugz7h|mS~V(_ z(1j(%d`p5Z2Lc4hxKJEu{KD|uOjy7B@Zr6KeslZd#7{bhh_LPS^DD^qC)f#;gEh(9 zAxE@Wt?YP2Ax!LZpEh(lHZejV4N8=!W1{k4`PJw}O}7n>>J7g z9z0rR1tV`7`#IRj2z4JJl^kn=>A;-*;y4!mqN-iP8Le$^W`D-@JsDi=gIUq*2%fzl zgEB%xc?^1Avh*e_wTFLN8e5NZ{?3^6vRvavhD8If&gl0Zb;VY<$QIkdMP0eNJ6b2 zWciE&%^gY~37D8^H#!}but)BxT?&cr#zq-4(%+k+`Qdfcmdlw7z4$Cew9&GsZ>>Ym zgUcckB8W5G(q%Sj%oOCFQj~StA3tI^7*75Aj@i@n^yO&?68iryC_AJ6m+#To-d*u3 zv0xM%`yz z=Nz#)B@#vKMV&1|6*b+`jn@_M)|;UP#Gz`TL^`iIBw5J-H#cBzz3#;t%0EP9P}Z-S zN)SSqe>Ay3iA$aa2Ngen0pLw70Kc=+B@k(eoc@p7RF)ws1yP8ebuktqTg?}5&=7-c zMyd@p7NwjpR0yB58U4ffu8z_u(!N#)!6$_dmHiYz0=;ZT=EPxQKuBtUaK%gXgrvIP z!AP3{8a+yb`_$AIjyM*%s_yJm=TG#J%xa3Lf_Z;?yDX_k+7ypvo9Bg6`WwR0uiAZ7 z$_-B04`@j&KE@BJo(wy5i`o}x_AGCqc@^x`PptST5Eh~Qbf~xdJ~YKITbSCWN8v`m zNAFNuv`Z9&Z$deuO!K}!Y$K5RUjy^&)a@dSKgIj=40F2?{)A$f)%t+&2PUXI&1<7t z^eC9Pc3~XBe`Jy<#&vB#ep9Bex-W>drr3bIewMQRqp9xFoanTt}?#8Idp zZzg-oSe}OY|0gSd5Zvuqz+T!7pmMiiPU1-d_+(^Lp@jj6ET$Y`*_A9ulY(q?tpoWL z6tPHs899c(np#mkuMK0&(IB+NLN;Z*Fz(Q#>{oo`Ug~`Y_`6`8SpCP_@Kfj1*@HH* z8=!=;)08$cvyzKJ^(D6M6j2!GE#w>6Hb*z-8+uZ)ev~@$TuC)+&>A3iO%TQIGroq^ z2P2Kq4TZe@aXPA1vjy*_>SuUFmOv`Pi4gOLKd2%FWL^bo7!WW6>o3e5hEXkc34?_S zjqztJ->WQ(2Dbc|dfNz-321>z9pRzPKC{?l6qqPt+zaP*i(LlNP*H;OF;M=>kT zXv!#JRT#b`&QeHkJ?Y0S5~?|s+J)U5#T!kBBk&6661R)VN`G0=RGyqT^2 zJE!=rHDPRtx!INK$3g9^yq>(4gNSf~@R@(mz2C&vI}_@BgX=$^ zOT6}Ql<2IiS{{6VLiz%!djunVLHx3KApSjKU?qS{kg?J@Q-i+2L zz7}!_mmN5vO-6I~%*l(r=umC;#B# z`tRv1r3<5Pw}wzyXmvBsucp$`jgAi;uJPPsQda_ap96b zJt|EzS1Zy9w55U$q+CZ^=|79}5v#qXNxP1L6*nP1__1LVP3{72lA1pSJ3plMRZO@;Ma+~5ww$5N`)mG2{iLs7p& znK~5KXEXk|KCP&B!Mmg?>K>`#V1fMg6k5~OI@b1WHae>4d0OF zSJq-rZ=+Wq_}pp8BVtAs4|yCzRl2=glrp=?4;0-Z0csn z!#UQ&b2AErsuM9bslP}3Ic#jvDpg3~{7)|u>;NS8h1Pwi9vr(>h?l69=Cc3vt(m=C zLUT)snu=&HeD5r=xZKtYr=U!uxuW%>+yfqG67-206ol=@AADz|L!q|yaiU`7#wzDm z0vc_9HJcId=ip+1+*&))*7ICnPmKoWPd~AoZepi%{ie}*>5xUz#d;a7DhK9n(lAdk z&d(g-DomL&YH3M%G5dDZdMs*3J|U|sH>v%L*LeHm0bB15=?gv)e+n8fiq9^2-6ohH z+I#b!2u&^K1{h|l+W;Q6nwX%&0#>#GyF!Ype;-siKc9R?{f-HmM}3+z2-@mA3azg0 zA|RHm-#_pnw`&{1Jnv5azU46^9uv@Uk&Qsocr7dl2>tK94JKZyX;abvv}iS~mIakg z3!((&;rD4eX=>V0;k-<}_61@)K6fPQp^s`(b+-3M^6lW~RRXA#km{2WZ@k7twJ$bt zN(egjbX$;pV> zaufforbCmQCRqxc8+)?_>WzT~Av(bH)-ato`@ufy>RTNT{4eSp3@2bXEht&;TS=sG zj)9b81{FI)^2E;%C|Lo1_L-aLOamLL$?AliEWfJI`rjiPRSA(mHEHy$BEKM;T+srO zG*;z}PU903nbZ5WvA*k-guNIm)ahOfzWv8@-PFYUbmV@i%-afxU;m0&`SR8M*ORCM zm{+*4g*PJTdYxl(DlFRw(w|#_SPZXDgIkU*;1F35#nCNKX*cR-CS^pAL3}M0#{xq4 zfD1vG&n1`_Ks!iy+4j~h5KhgCm*hKu-n!VVW*o_}j1KFj?pJfmxUu}QEegt>>{(8%i31`mS2$O3bAHo$0au`TJz=Z&CJyuCqX>guGswj-ymOh@m zgu@UqeXxMnaDHd1z1Pz(B7uT075JwTh`y_fUwbZ0{Xd97;J27W$viiH>=9_a#GDqwaeIG|%Q#2@rS^ZuM5NDc7 z4n4>6`5-LWlWUcqz1oo1owQ^lO48A_=yEZsViSd`(kV7Q40?pgz3Ad53r|r5-4QqS z2rA0{RC!S({O;H3wen@b9U@;9wn&EieC9WS!0%$=oz-s5K_EQ=|6}o1)6B!I-goBu z9zh;&1a7EaTBgdFYWb)A_4lDxb}Xb_FU-n6GEBgIV1+RAx7|4$9Pcl1ZqKI8eJpZc zVqpI`IuZMVDQG~RE0GIv9P9z-^?TW4891qSgj9JuS=DdnB7=t3ud46Yja758Grne> zTmWi~rmB09RfGqMV_Zvcz?UzwtiLR*F&Q7-M_8vr>uY|zs~M}*zry=RH*(zLuZ{Yu z2kYV)^ONeE5U%zttQF#%C}*mJJH({h4Q|aXG^%N2@C2?&k|dECu}BI$XmR46KRxuH zO8YnJ&{#5lDHinYcZ)nQwB4CP(5o#%*z(m{fPRs%pMke;J3r!RA;$?h^2H%Pei2&8 zwl~sb0_8SJt#fq+3B`^`6lZTF4l-+{s<`QUkTHUu?cMDABh9hK9L`P=EhnDiOnxuv zbl^O2fBfHKnVB5==B)nDUUmC8DgqwSCL*4Rl8cLpr$|D!c!$o8@vak$D_Hi+Zre(# zDFGokqf5byJi-1CKCnF#g%lZ#Xo`Cn%Tl9cg9a4E|5ao?!kRMu@esn~V)3_(*qt?d zqD9!aSN?NFxMideO$Q%LSqotk3b8ni>K7dTT>r^Q;r{#Fi}AKP`~aQqF}e2)zSL2w z8kGT6t9Yb*5iLD}vH-EIpFql1NkdVehxpzApY87|ogwZK)iYhn4&O8zN{FhkKs2Tm z@t^N{OJc*&HmUB2QQ!tC_s{SlAX#ZcCuSTk(Mg|iVd(SPykPY>3rC4J&4=w8==qp5 z+t-E`ftF>ja2R>RdOnOKPLPH;zj?r4XlWMz=a!v>;ZjrXJvUpN49 zS6(LO{^Rt~`5zVSayFDGqXDPl$71FM+pa9yGn=FIz7{6#Jt-Ll6FHRCmyZFiS%|DX zL1D;Pivl+)R989mFc~qpAWR|Ad^EA9yxR#x7zO1&J0_?m>j;FNM#*@U9Gyk=WtJ>CB?4>Y`bY_AQ5 zx2N^Uc!(gC<7#78<785ZXLg!*=nr$$gd>rWPZtQI8ew95jx!R&_q3xz7_gUUeu^5) z(kc+t3l}RV(c#8L zZx>Y4;jd{Ktwg_mtouLT>uuic2xl9`s6}rFVV_AT+mpB^E_kNCcreArLhFmsdK?52 zZz<%Qa4ALtZh(Q4Oyl0ahA^}is`e%44Vx$sqKpRF!)!}Nc_N}bNmn3J~Vns+rIe9kr)sfkXl&G&oJJAb036XKTUGJ$I139DBxG#vNy?sB;*oXRTV zAzNlV!tR>(@NLo@jPO-Np7kQR(O}*%C)PFTv9hm+{vf$%oB*b^eV3d4@Na1sWmfu~ zezB&`nx;|^yDC&shJ8PPuPNme{}I0M4jHm7pY9N8SzG!$n+t*p4ZHLyXa!t*FwsMg z(*8#)zX}m;aw;m&zH=`B=~iz9*aB#{PTV|Gt>LAQ?(mHR-+6Oxjg--qRp%$kNz&Y& zGD-i;uG}oJK&q&^vob>3YWw|b14}|9j(Y)??y5F)VbHi$$-Ww8B;J+YFHMSv3agfK z^k+5E2PnQmQ|1Ui-r+u@>s?R-O>^Cu0F%rZG`!w&)P`=D$!mvBf}47{6&2zLuP~G6 z1|M2gBZvk5*37ZvO%uErwf{RlTWr({p#X!%dckhbRB3UGz?B@l4_~u+-j^7-@CmmY z&5{Z4u7JV~8U5Zgd}^zICN(>)i*tr)XM@!{dyErb-{BJy?+o|RL2qbzDQ+p&-J7B& zlV{^K8?@;YM%plzcx$7Nj~Jr6{pILlBWez?&`ws@LcnJ+@`2z3OX2ylX9sK*d7HO7 zF&gd{AC=#%5MJfergc&J={t{f$~Ow)qIM#;y5QZ#^Wl&F{hYOxQV@MuR`%hb&I{g1eU_-*C8m;{})ApYa zgWqrhT2L@&fopO<{A)Au@|i}SXInAP0dRx)u=nj(Q-}_KXc5D!7HKMA{*_NTxPm?t z10zoW@0LhzsWqH0$|>T^@Cx>%?H5v);u*=WQZA7%UzTK}3Zg|t7y(^6h|eiyscXJg zXCsEc;Xw+!J|Y%+pb?yd3|RhRDfv&&Vndf-ef)KLIzhE=3dF1UieM!ANtGBWi zK@MUefziKemb{~|!BzMAi)5Wq1N18`m6Rn99+feFk_<6w*fbg}ZciWweXgy)L<`mS zTjk5?IFc9tl}uQtScT#aeXt;T4?guYW7-Z?T!e2?8STlxJ{qa-etD^V$p)UP@n1Rg z{i#LlsPxI`vFm(SYW9*>*;O1@WJWi2ULRqR2i|udl^0)@BCA(^a|x$ysKEkT-$$mc znPpXepX8B5AN#HN!Ooa#0k4Jbep|z({LU*pSYqSuV`2a|0>Y<#nX}6CA8RuSY#dZ5 z6r}a(IEop{FZR~v8Ev2Du>@19+W+Y0!D^VBR}CA@=>I}2HgO#)uSn?i+xX>}Gfzrp z5kE8Ss6Tk?Q3+-3&-d$=MAU)=PDgT6^Mo=I$dUForLdFy)Qu!i2o#UqvP>`uST!35 zSp7cV-`UaFZ@=av{)asK-?H%561*Q!_wL$!f_&n&HOLq0tiEhqlw!o<)JqBr2vZds z^QFk0nj^*_Ncq8ulm9J?2ra0t=-bz8Vh9mjdMWw!SoSRhv5_*8SNxltZkw-1D^oa= zJqUCn?siS?^IN$;YaXdxPkob^j#6b zc8oP-aN$vPg3NQ1h{K&l3kX#O@%{mt$at%_cSd1=f!{)n=PeXIX}#M{Cbr|+$SH_M zl&kyR=bJ6cPhvKio@@ zU6w^nB#(M-8O*T-09QZ8eSj!8HDHCHYEhtlzydtR^Ehh20rEDt<0 zQ#R>~?)njXn-2fUivXP=>f8eC8rm|nGiO`>e%r%fMyJ2@x^e_UUi%PS*Y~v{0$6i{ zUSlL*aGF1rIVJdVAH_7bebhB=Mew?FVQI_d@(u6M*;9-Y98P$FJ5+(G4hhvEd}`ks z>6B;o39vGyU^fFT#_xhL8csg3(2CpdsqE-prKu7LXMFYkpSW`KMfg7%k23M;!e;_z zHX-XpEvY3}XyC1clR>j18=t^|6ol+?G6;Ld@mTrO2hpfSgc@yO@!+H(Q|pQT6Iu!) z$0;HEN=e+SZ{yqa`ycg(ZVg!s`~b1+ST3trvsym$Y}wDo1W}3l8}3$Nc+PYP`}^YN zClChUILmMhTgzYRyr@hW=Z&AWfStlqY-SIIr5JZq9IXinkNlEo_;ws+n`0+8$IFTo zy(0|*G`SIf-Njf0ZEQf^-{haSMlHdRNMV@s+gU#44uB!n-0IO~2c&FBkcx4oMR5Py zek|dF3gXg*LHhB67xNq%J0@+Xqw~d-cWD?qw_x4x5m0eYW22U~fP+vP-FMPKKY_5p?wB<;+vqm4DLm{~> zkg6XyJqh>OunrSFJBE~~M7&vxx=(@%Zr4eSxj zlJ}ghE8mWwFCO0 zjhax&`*PVe+f6rmJ>L}_1q?od^uS=7O8OBd*+V00-{=uzAfq}taz##9 zARc<^4X2*?=knE_pXOdNGjTyd%sCJ*kj#GguFz5iPvAEf{oWSOLN6HCjcZ5Y-nx;O z$hgo>NBz_4MsOl;0IvPwgF8Q3T)?%<8V<7I8sw7yQ;TQS3cF|Z9$|ys~zn?O1 zA873M|Kz>52^w}B6RzzUi)*7@Bm;L$Rpm(T;0306J>Y|Jc@s{)9?MLkpB(beC5kxH#WeFq$f^PW8G>2Y1iUejTGx2k_6(!dM8#3G z+DAYW`i-_f*Yq?AjK6d3_8We8kXEOLLC?mvZHb!Qf{4Zvww-|zaP-l*fRcF{SFwHx zPMQsj@yiEtMzPFHKd(}gmO*r~9uA0lW3H^ml;}o@PRU1tf`k;!zheH{xf!X9obk58 zEK<(u?lYP-T^7%kTmmKRg>UX`CWyA`hpIs3#>a0y-K?>@Vu8SQ%l#;$sZqA9-L*&@ zTiKZ-ehw)U1kx)77C!`A>j|`QESG(^7Te7bLYkMCo9+sJa}0EA6-G*OX=C@7s`E@B zu!L!NnJYHL)HdWc{#z+)b$1HE%%kWCGIs**(%gK|{4O6E>Q}W|Okk7+Ev(2zum6`D z9Uo*~=`zw{j^<$3*84YeF68Ke*-y4t)kD|Ex-AZFD@p*HUcc+oiaF}Fb1OrfKMQFN zo&VQ}6*)!>xJFyRsKS%TqU8kx?=ZG(1gp)8XyI2d~*oc+85?m?9tERz7#Aj=Q=JPmaK-UHC zk4|2y##=%H8IgZ6$8&B!2k-fbMO$0&JWvtlQp*G$(yO<|P9z){OK70Qb9g+d7);RB zJegF3tT0-+o5!(mF7Mhw*W@s(rw`)lNh<-Nbf*7bZi?*PWA%N>3+}sj-BiTSB~vfV zh4yq`yjs@d(sD%M_sO~y9+bDzhXV`tu~h@q+6j?J*ssX_d6sFMYvakeO;_vZbS*r! zlR9L(wW-#El3#6S_5hZf&R)Ny4#Q@sA5Eiu;>btj$WQ*D#64)jWlZ6oeR^h<6V;SO zPwcCpaAYQ@quP%RLKfzX{-K}nIi?1?jsv&SD2*mFuSOJxz@aUka<)y&AMhF4I7y%u z2hn7oQv#-D{M=TZ4sUP@S6Pn$^#Pn-auy5eMBcB*yT&locS$lrC&iNkibRiVMe25# zzI^7tGK!-^zy~Y>jmU{au;5Um8MFhY)3uw^;(=Cwzlp$j!*B8N+Ge(>!sEUcR~7?9 z7o^iD31Os8BI@*e6eqp0-p-OOSWS*A*vF79q;7P6hU#5l!6r(a|9Cfk0daJYM?IGn zQF>Z6uuO@b!3?D-ZSlpQ;G#^@`s6q@aaiso%T^@3J|_MfPwO7NWiW1c21MI>n;tGT5M5|7^3MQ?_)J0r+)Nu$@a}MPp8K zr2REJ(>*xFYUC)Ef<=-Lq-yJ$A$FU+NI?p{nn8P0VYgu<$~YmyY+sgprFk}G%2a6Z z*>O~UifO@*IQZ~}+Y8-+yBAUsWUW_z^yG|)i`Q1i(IFO;G6P3lT^$tK;tG=1TNO(N z1&bmP*6Ocob&zAy1%HYU0&UT$b0w81yJ!yaA9i~+uGMh?Ze(J3pjCk^|uALQ_<{YS6HAe|4gEy*29m|sLZtrQvTEjbaeanQg;rL zu~Z%vW{VAPU+H&e|8HO__HuoeFBHl?FFP8Gyv<49V2?yPL?xtgJ!J{?IkK7sesT;O zZ9`F@g#T#r&Qj|VCikWKyowDg#E#P881N+p>MW;jqCw1UpQ* zb_tPaIF0C4F_T*=#tj;`+NmI#w*<_a3a^prLI&1LLMCx*;}IoZaA{lLu3|&dB#Wl6 z5mT+V*`D5j7S@~v5$t&YoAt4fahMWLB&LRYIMDf~N)BS6yB4?~OO6S5&MDPz^4Q$A;WFtj3!GKg$4ek}wdGHJnwE2Pc&Wn-kCqV* zbBSR>Yx63jsCj3e&)L|cVnWxS59A|I87`Qk$pIvmzp0uN7lr8=;|zy(uMTV&QJFu| z$l6VZayO9##{p*&Dn+-cghkoT0hkJTFNDmhSiZzeOM`W95~-Al^iF68k)@J{R(_!Z z$3YxwT6}7GpKjQ&ro-R25@NNLac~6fOKZM6;hvVkx=ZSA*m89Ds@`#}j@D-O-kVnA z@Yo%u=#r*m{-peGa$a@AOqJdotG&uETwY#Rp2Sjvt}#@ zqYA}Kf&q+4n<5wJvOEGA`i3D{V*d>vtt zI;2i2Sj#AA@k~%9Q+oWDdah{ZK2J(J7Jzo{9!eo$^7ltQ6!ShK?Iey$sUYHfqu-FMw@=_)BVd{Fs*6lqVzMX?we=ib2R!3X) ztaw{u5DwD(UF5$k-?%C?&KwsnO`5#^5-V)kKxzFff1Ri;De#7A%6pfm2hvaaR^;ZL3}8lsTq zWf{U0aNq+;YbxKeK0!SJ`ar4(07|W&&?{@KL zIn<&_kAJS?aM%?kH8;dhD^aCBF!xGlkmk-PHu>|PB=f(t-W#%xuwTR!pNbaaaGeru z^PuhTng2C*P1XA+UTrxdcuB2C4xaEn6CCl8uH#S2V2@=Z^3XX2r0i+CQQg>GYIlxJ zX%v1P9D+3+U62pDFrsWSj0Afao}!Gm0T=hsAcgpA!wp3B0t&fB|H94bCB#QW=rA%Y zFqa)*sS;`GMm+CnKaKf97N+Zq9qEha^~!~P6+A;+_0FET{}(99%%pM<1=k2BKN4gcqoK5GauFq80}I*a`JhAAo;4snaS3emj>5`oX< z2;s21w@1Hm2twtgUi|l&UQius0VRZ6Wl=n|_E_ohBLpl;6P!d#Rtin?h7y%W>=h3V zlw;bm%g7r?hHj*1=6ttF`nhVwZFMGe?xrlTl3y0sDts!q&kJV+w;U{st&=O2uxn%{ z90zAT9kgXx^8!2Ja*ka$@uw_3 zKM2*Cku>ZuE=jFKv-5P(97V0yi|l~uN2?SO+S|N>#Ew+Kjf#3v7#BZ?8g32&Xfo?q ziGhiz8BV#~24`7te(OVtCjI_>V^+aUNtgR;Fg*9e05(C~-(t3{_QI3g_laIuthmU+ zyL-Dt8yx*~y7lqH8=d<8iag`95%0ut6kuiHph{;MI!P(gh#T=@tGSmWzfh--Rde=fCE6%?F-}JFA{Y}91PVvjPKIdV==d~q~3gl;in2mPz6}- zC-~st*aigmZo~%#4=wFI4SClg!{D&9KXd1Kgj}}m(MU47K;t^?m-XK{rW~F#h-3=L z{EOfH1lQ3>%WU^s|zU|9{M zqT;o7)xZyJkNRhhNE*`5zrHUSpvqI18OeZmOw6HO+qO3mxn!Wug;A7Gl(H_=0*~C? zN?nJ!>wNIiDBdcot|VDdQ%k@@nqD>4z;p|n^YANm`ZiOv3GvegMhZ-7i<^6LZjS_{~@6I#AR{x}QkxmW--mU67 z)$!dEeH(!U3}`^A@wjDg!StRxe>UbPQy&{N1ekgp&{O2GnR_yfNXPx$DyK>7qw2bF z6&vw%*}(QP01MXQRMmf^8*Tx_1RgVgc^B2k(y~#`#G+y!S6ko@Sl5#%dCmx@^N)SY z?n9;GPIR)cZO@Z8eXhF1;a#*xjBXo!6QoE32c;3Zj93ZaT#$v-aC0a)<6G?T<=*1T zMi_Yi`M{xEZ^69cou$|2$$h(PHj5TvSnxM^nJOMjl-DGr2OJrFjOS(ebN4WkUu-}orkd?@+hi*$c){-?>Sp=#HE^hw;jzXV9uLQ+l zpUV!Rlwh!o!O`(xu_J*|S?9_pW(J+Ue0Fjnhf!gI*fTn1 zm*FsKJyy%jx!>s~bH#3WwIFEhA5lL6>Ui`t$2oC%V+aUlGdrMGlGcbgxkhls2MpA| z5=IF5dd)uio3$mRYa{Htp4VrmLMFhJG_VH+Fq%)S?5NGw+NU9@ceBuHF{NriZj1g@{s+__@kox_fOu?6MnjyL&V$vSXtDQAi3UhGgZ* zK*z?L-Zx^gYasX}$8X7tH0>J^{*4W}u)Oq_q3>=uvqOfSAWm;6`Pi!%pok~bA_4Q- zve&97#FGcq2#J|(t5JcSsQ9MTs#ZzH63)jG6aNoUUl|wG8*M#wH;70}Nh?UlkRsik zf`D|x&<)a|gft@E-Q6{mbPX*%fWW{I@A$v>{oN0IibzYbPjs|LeeA+b6&m2v8cO5tJ2OCD0SuYs((!t$s$?rkf+ zO5q?MMR_YG5sfAzdXthMTnQO3;)t+g0^~5BN9&~i!R)8wZLyZ@WWDd)G? z=T!_Ba=(hKMS1xu7EPD4Fxc`H=E)FEIs@Hlu;7r=6Qe$-v4n<*OO3f6!B_H@`<0G; zG5!2Bu%6ZT_(Ycyo={F~z((Enl-?hoEi_hN^Y~QqdYmgUhMn46yab-CE5eo1-(Gw1 zrWGhG1BNOne&~BkR_2}GkhdyOtiYe>(1wNv^vPYmQ`Idag-kMUdP~7-)aaV`?AGsC zG}V$ArZ`AY8D$(TUa?@J(N;!8sOijU*Q{8v?7|gk{`4>%2vI&M=rSLnew)X(v$Ijt zB9UPRR(M$=fyo46Wd;0Ozn=widLT>bRVO^3GtPSYc0n5mm9Fdg@V% z-K0}oAYv84fL z!X=@{$L@C%O#O(|AOtUzvmuMMe3+CSCdr@~QwUOH)S0F8Are|6o?S=MVe%`zvB&Zp z>*QpKIPW!f1+(P0)@&qz0Ov1nl!C(GM4GXT8Qqi{SjANfy%$FlAubT}@hA z6r4+q%wc#T#B!|HcdwzSm5ujy$X5=GaxV37Q!5pvmiALtOtENk73+OGjD@Fb>i37S ztPvwZx9&X7;r;)HQRAbc{4Z!h+UMv|UXHDuU@%gf_elS7e$mQ}2YS;K;?HnT;kqR6 z&*fz#C1F!?Z9*GjhC2Km5LiC)aolsM4|95jJLgSaLHKfVR+CS@n!(#eAM#_b_mA;e z$B8e^1p6t(Ne@=MIBFV^Z>6X~6(|pCsnt~C%cN$4pT)Rdr{>JHQrq>98~fsGryOBp zV`Uya?_&q+V|-@=%p!9=D#h2NDXn>D8kJDm0>zDm7!|V`4`>8H;N`-#Lv*|Yg^^)7ZTcx zrpce&NVc0sue7T_YZ;*MPl;1B>7$ZutgHcz$aSLiaCYf-0L!VA{OAFw-`1~!l| z9#WeB)(w_e|9eZivf6r%Z+>(HYducJ)~pVf=##2Yl*g0aMQ$VW>vGpHI#8p=U(1t7 z*+QXTaDvxIO{<&rqnF;rkYXgzXdn-n+XxdyvgVoRSt+8SX^;l*qO{)M?Z=t2QmWhS z-*4_u7$Ym*H}~nOF7Qqgz4%yNLL_DF$u__&V}i{2`8Zyc#jH$lw{px4JF1voX|m|_ zyB4wE&!@^$zfUUFi!V8~QvkBmw8!?aDihV!;F4fS+2L$3vS>c|T}BR8mL4Va8y-Y> zs}Sw9Qn2W;O3LF%E4WZA%KOdt&27&Bh?h*Q%geI%Yy)a~dCfhr_WT*G(u`a7L$<~s zvct9Q^4iFWxLQCtYRzJnkb+Kw=|U@Bl@sHxy5gQj#+W0*A$Ajl#GakEKx&)%eE7h2 zXRXBlP}59K8EK___-pD>8vMtY#lB=N*ndo>Qu=o#d3?3zu|FrLbTNFbL~mclby1Oq zOQXTUOyFJSo7dg&B*4Z$3a_NF>=> zCTtb=ck{pV;#Yw`^c=c0^=R@7zuA3h*q|q03wfES+EsaD_J+?)M*23aC8+H;?^`4% zGSqZZ)DIZxt9x^vFH!vjP?%g$bTo()9S@bWf=Q^)c6eGc?(4-OXa;@q%S^jN>UrKQJQY-ClVEpC+P!ssn}bZcW!i! z&L`!{IW>8ppUx6fpKy~v_)e2eOQk#=y$Epc#HCH-MRiF|6JI1MLZAgbrNEYc#V#rvfD-}DYO&W*mfD#$T z{`5?2R06`{vh@=D-`I*!qRs5tkRi7~P7M>tldzirssu%mK{dE7B76u{%R&;H8`@DD zZm09htuK)gQwa&mg&bmV+MlXdj3x1k>P(|T0R0A^XgWTQ{IwYXr&pfSPP|D7Qt3dYZgI68h>p{X~BspoySSj-F~060$oH*-AIFAZM) z!dW5bNP?gFp-!=53_7fXNs~Fm>mOvtbQR;h6;{*E%50v!mXQ$~QyTB6+4))OT8rMe zeqlB&(b!N98EA_x!b4}ax6@E73Pkq1unsXDtzd2WTd(~ylkvc{E7#1HcoeRST~pff z9FAP|)_%H*VW+p&KUupE=VvI=A-qsnOls|pd>cT6n(^8PnA)ws+d8q^?L!=m*ohTR zh8$|}vi1+^;x*^GetF5cXz74YHt1X~kNGfNSVq!4ENa^t&GfjJa*J~dmDP6@R$@c>%x;={HvhCe!ke&;IO6J(5+h1Jq4EU2juskHa_u`oPtjCs~B$Lw1{V~{yqJpw%7-5#n zFVOxre^fspYJX>O;wuzFF2S_RLi&{+1#2mJy{bxT*$b)pi^{pIPXHfNmJnj(B(Q8+ zB)PNu7zAW-r0f4Q3f>`v@iX#Ak-4W&_5HWblRdoPf6Xmt64(_uov@k&^2;-7NGi)O zUYCYkFHKV_;rFMyH#ZZe>y7?=t7BQ_Q<<9MH3k z6OoG*_V6ln%k66B>uHBBFcI{kt%cc~l(hj*G*%MF(SSCr^-BaJ4b=-;#GyBuu=&v0 z4{TxrxJLX8ep7sr&g)~OfxcGcz?|hM@vJ>w^XJs^^IA+X zQ?3ySq1?%j_YuU-bv&Y;B-me{h22P&?0|=Vh`S!k_y9eo*&F=?YaNH8S03YN0f(O= zkpNz2+OTb}?89ztoqhxAfRnjFb+gVoOw@J8NJCjuY>1-HWK)lC4NtrN&SJF^)G(oB z^WdfvJNNOtxHGs}xQY>4=`T;Ysq&h4UVN^w9(mLET9~Ger`I%hV~}9IZuu@6Tt%tC z`Z|#N(xI_B*@@&vXtiPitu!oM2rxlrnVe&KC+cunK<4HYe3r2iqt;hQF)MG+EI^cb zMEorZrb4)Zm$kVzFrWV=$VlH-mU?V|N5rQOnfCGedX^*SHR0e zY0ym)1ptEKxI93+-ky1SD@3>&Nom^ER@2wMZcfs7MGPTdSpC!2-VoN(u9(7mz2;@&ySx?*cA`UOVmgDs{2k zaX#j^&X9@L^1tOF#}SI`$~Sks5C0tgxtD79kswYI?57^liR+OlDVMfI>YDS;%83*^ zF%GXlZyJa@tN3oCU`07STie_w{(T{$VnJGhE)C)~u8DrM!u+zMjJ@tK zxPhCuloPRVkTCC^dL%7gkl`q9!glCmS;UfuxdLpdUlDY_MNwtK=Ip0q)<~C?q1)mG z2Ep%yp3Ww?HtK|iY2aiyWNQj1$ex3r=nqu8H8C3awC9nPlDq2X-qJN|gf3&0dh9vl z7;*JQkgv-vlX;;9Rd@MOC+L^kapVNLV?8$s4d-UBcS(#rKwoH+&r9bvN602HBagu;n7l)Yjx? zE%|VCkN9?naESkMjTYW39{S5yMn}!kBHxF-V<`9%d|GzH2F0%{Z~l@~f$eT#7n~I>ToZFXRuFqlSp$oAx=5_0+ zddQ_Go;CVDLX|)pycn@nvtiFR)H!+JOD&%)7u=)6%?kYY&{CI%p--!dDzph!ko-VchrY19Iyh?Vv`ksV2 zm-c}K9#f=4IlMOJZCsyh8OMqU4S0WAL`z>(5Ec8b!C!y6dDNxttBok$$*k7vr&KxL zT38>;Po9H+pL_Sg@no6ltaP*8ooDb^{8vZg>8X?boQwwY$KQ6M7=jZsgH+WQJ~jU* zaR=GhCsC2=u7w*Ywc%8V55FKiY_xZ)?cMQV|` zmUvqr>$ykoL!RXFtEa6&A}G~_!5Si+35u7fFuOFgEaYoeRo>+*lHrsoMHd?O@7I9jzaKH zp&t7`W`Md-m=?TE1>x3QTYjk*=`;IMb;hPRN$8oxU8Wwl5#zHL<5dtM~F z;6jOF+CqX)+PgtVfTF%Gg`}2BV#;o&?e#d9&n6WpwO%IlJ6TD8q!zA>8?wfCSARCO z_pQKD(CEIq)fBr|Pzi5_y&-FvpC&do;gKxmGnDdGpYNce5cm4fbC9jqs~`y)%r<;X zuLY8~1)*T7l{Vfmy1VXbpYXy|JalXc^%HKV-A=HPOr2fCJ^%xUb^b1Q{1PbKIaC-L z{>Wk@Wvz;TZziIWY#dm}Ub6m8<1Yt2e9}}0lVD$^fWM_}+z3kSJXp|+M%q zsc{sGsbH*tU;~S(Vyo6Bh&&Y=Z3y-g%!;nMTBl zQBaiwtBr3Dm%+EJGSj(bdUe8-Y_N`)EP!+56|r-j>8k0vz2n^E_13(;wr-&2rDHo2a)q~MUP^Y z$?#PI=Z>$VaEzOFAg1FWSR~2CsyMWGkNrUH7SE_>=p>BD-M|>luShj91IqwaFCmbq zWbL_uWE}Q@_)ELG;zA;ByH(u`pdnW!*lJ6`db*k5divXCEN3K)9({Zbj_Pm1AKJ|~ z#xP>#f@@vA{=JuW$#kjjPh)wqN2YWkv=lWY{1d0;<4U)5wh(>xJ(>eBX=qYLC+k%x4>7vW6Y?W+=qdCXtHmjI zwcGfTPD(fB2uEcQ@s;@Ue0R7ywe!;o@9Fx`_+ds&gsYmn{d*Flu;FI`MMa0tHXo>Ip!1aej3-*_l^w!AwOHY6t>TTg`!+E%qF>% zaALuh5igLe-|hGe&7rne-W1Qc)b07BVGD%){z#*d${I=;L##waEdSzAfA`<)6Enn!u@@sksA^jS+iz~(wMxHG__G6VXOZvTm4%O*dW9yiZD`Us7Cw)nNgwo1?#m zg!Q**Mm`J-V7T1@BAwZ}k|kA;ZmmKh?5D+sN0Ix5t@6$kI|RKf-iWAR)eaa9Q|(mY zVXa6pNt)l3otz~o{*vOdUx>29i>{!<+ZUWf(e<1m z{bdOa`gBUn-R_U$B;39jnzwDahy@FY(Y+WXuQqE0V;tY4-=9@1|pF368`6AS`~Ll6`EWG z7qJ5BT`e}0K5{oJ3f!tnM)8IPgoVkZaRi-83RQieqQV`C6pYO}m~_dgrS$fc@(ho7 z&`3x{v7w{G7@0ZM_&vYNVP=Yh+4`<8M1J6KP)O^S5esWXRb^Hcf$Eoqj~{RcKoL%e z(aV3nMaoCy4&E-9lq}Nrzi}4ig#b=$d4#%Tzc#%_M%=*)qe3$1Z>G1fh?_~$AH~H6 z_@x#_SqE;z6|{Q~rcGR4ftq^eBCC|3$>s3f;bTM%hT$k4Nqr+3eN)qf(&v=DHnf?& zj>rg~QOH%X7CFg5qkNH22Z5aHqQS$zGm%zq1;z1Yva~9kXSQG?(`01yk5{pE$dcC{ zgR`H5A(`lhvA8zNRS~duT$A5g0-4v6#bq9Oys5qSBn$9}wcPfdjvo(ZzXm6yU1S__ z2PrIg-amaDd|Ap^e*!h5ci=7+`bthpy9<)bYBXUR2oG63Yo6|nCM+hx@pw&mNpe{v zSY@kSUD0YWN_0M?L(hpRwWJdYw^+QBK>ob1qT6>Aa@^DDNi*>DHvdEQ0Ac<G3d zXpN!1_`nosv-pKQQa4T>8aq<^Wm2Y@UKLU@H43H|a#0XKO;D!bG z*&qcvS;FjM(rvon&a~X~M8IN2juQp>AzYOd6O3zQa}sdpXqRz5Jv^sM0YeRvDPn758Ci z#6*;v^^eSOwXC8-sdv0qM$#uji=PNBY}}ORe?6ebJMU){_SYzJx7MiI1Tm8oYZZGmGOO)-nI+ab zsZFQuK1L5b5mzQRpEO+@=zhgdOf>T!OLOPXz|<1_RK!~L>ao=piH^7NIpd~^<~>G( z6+o`|vDk6FbfS}lC@+T`W)vP|5(J|KKlw~!@J4&dd92`1yitF~S{74ptJgr*Li;p5 zlqIeIqfU`J%+MwO;js!i>y!&H)m{Hsp)vlNCEa}yw>_%oqppQYn$6;Mkg&}=S!GK; zG_{6o^Y8KG6*urG8J%WpzH&emZ=4Q&jK?4>%0DE zPbWjy@i~(wyF?tC5q;O7NBFH;NbjtA-q=4`b@{baRSp^v)?U=Fp zAE}ag_V*=TM3o(xU4|x4`xydc-#DuVLr=-kN=8z?TAD7KTVik`DJXM(N97v0rPHGR zoCT0J|6W@wujBn~GaG5wa#H#st~P8ekzeHTLC9!n1ob-6g>DCRP?PH;A=$Vs0d-kO zx>RJggluym`}B-5(?)MOv1S8$8*)qZ-Df6u8e&ne{qIRiIbj=<_9?qvjV9vXy0kyN z)R1i|sq~9Hpfc|BnB4M93x4(-_jbD;Jh@!x#P0SycwyqMKk4$wlvc6*ywN_VeG(aD zqF7Paty|gL!{|>`?#+B9ap+N5BF53czbDz<$&B$QbG~THk-&$eMWfo)9 zY>})uX^q|-pRiZ*9HY&HSNKQqE-9bdUxHo5z|?KWn32!0`9tI`)2?0;4wu@Cmm~22 zZ)^$GsJ`Pe%SsWz`xShtRfz;idbXC;Fv-!IfE5iqG8r*4g}J?+&nUgMi%O^RXtO`t zeZ=$q8nbAnOy>16^}ZZb6gZn(5I~?0T5R$2TI{m~&174aL*mA2nW%J1qlJNG?cA7! zq!lm7`Z;oRhNkQKtL)z-3Kq@vi>u*>s^;=8dZk$4aHcOa`d5f5_oB3?@qksSkeu3& zTI_u3f#4qL;~=GJFW#^}`&9nfI?@qyzk^h^l!7jmbL>WzFckA6Ws|Oo6oGvq z+hM40_Cv_mJkW1UTGrEW#u9vmeOdvY0F=mgrB+%Ja>ydA&Tj{~5ILNd6)W+7hZ^t^ z)3t^BmwZtK{}9pr#pH{eq?;u1bq-Y@V_uJJaT+6q0*F&Ho$0Hj_69wIz~zJVz?YF0 zImf}ugEuKqOYoM;9GMG1{mY>oHU_pL?JHLUYl{qWA&lKe)Ta(w`1q2bxk~)axm_p9 z$FnQkN#@};fGfVnK=5SpiFDYGCMNSsi(u^{AeBTrnL(hjrOnl<_LWph5jeVmdWPTSPOUa9d~m+k_Fn19XZ_S1Si z&nH+H^+TkhPOT1LxH#;9)^G^HY9709JUkV|L!23Ep8CA9hdQs`8ax{7R_=UD;6wrh zJTzT_uEj(oP5#JLszBw3Q=#g|yjkgF2*S*_y3cUxbSvR(y;oWJHfXn%OC}tG;D&R( z%_(R-zCV2M1uP&c7=jM#AjQrGK74efOk+Pw53t1l~CGEx1pQU$w1mJ;ohrwuB`(6N#~i^8ksQoKG{aQ z_BNjN4V1jtQ@N(-`i4934?0aV|KPvkg-Ia0yxb!V+Yc?xv&KmWA!o5-i&GR!briND&X3Uoim-)Ist{lcAkdpCt(zQV~leRI993*vpA zZ$g@L`+h`sirtYUOhB^=6hVJiNQaBjJlTdYyx2P~5bf&Jx`?3h%1p(>;vV86?9MnW ztY5Lk(=vpCq_4G(ro3CYGX~h{gy9xWOf=%VJWjcKpB_hnV1LX2&8Mjd-dXHnV|`UU z-&OIX)jpY4RqTDgb++D6!2+|OIHz;l=ZC9(ntW5XGWokCIZ4)yczbS@AX4o#` zVO+0_%F(udXI(5zianf-I&}E9<05l%^gJC<>G#zm&P~0XgesRTop+~d9otD*WEj!n z#SxrnjrxOyKdS)zZs(6d;29<*z{9A2JLr%zlSW(B{y8z%Zf7NuLlrtsP`wCI79lf% zf#>#VocA<>$xRw!iyeM9iPJ-Jh8CV-8`KXmH69phj1U()O}~W;OVI%TXp+fS?f%Vu znc%Z6ZLf1k)B2cl0034XM?07_BoHv#J_T`KK5BJN18~2hyI@+Z*g=bPdZ;y=+95b! z$2wzAQ^N5Zt7Q^Bh2o}h&tLg%cJy^Sf-hKZPq*W&Z$jD#05v**Tz_-4DN&w&X&vV5 z><%}(cp$JbW^t{V@)wYIidqWtfOvD!+dn+w_tT{0&HQ>iPj_oHPg7zdASa8^`)q7L zwg1{XEkFQbl?P~kT?BxlD)@fzAWN_J-@)^9*68y*T|ZED`@61QC}-o9dv_zWf`c5r zp*aHXty!zejg^Y|O|e!>oZvoHKNm(Y5=w$$?lvNHwnpPjbBVV$Iq8)ufJJw-$Cb9LuXe;_rtjy zb+2Xp3bOcfcCm}a&Q;fb-TY7>Y0Jmh8K77%b%7?+PV2Mh*j;ls=tP~$;i30xGoXwn zQbN>kCKjqcoOV$gY2DB38Dmw;(4Isg{x>j^Dr&be(b&G>vN%iDJq&#`5}Z`I=3y3sGdJ|qI3x;R4o z%VOWH5M2`Q$QqNRPlimA&kJsIvfeQKx2+Jp__uGF@If)=+W(S8>1e|LpMVo6K4~oY zu0Qr@-3qg4@1+QLiyD>-*gmFOQ%6;E-`6J?FzB5_L@~am0AE^j-i2!}x2{S1asf@_ z_faq$ZFT%hOt(L7_qGiOlqZ_oF$mlxp(MJP1xPvcjnt6H^mse`$&rqQ5*?t{d_R2Y zCdAg+NCCK&?wGGVz`=IozfH#sGLHV`b8ZEF8Y)@Xonj?~l0@=C{Rh)mUDb$wB2W6z zjp$j-{GyNpg~jFNMOUcvym+4}iPx(AEF~@5B`qRAu8c)sc<4)opxvmgMVJbR+x@xa z>D2&BRYBcioiPUjJ!`|%Ia>+mtID(I0}Cy!1kS*~@&Q;=`NBm&+{Dr08 z(S>El<(b37QTD2bc1IbZ-^~`2-%g61o(_S}T}96xB85CyD8e#%ePI`d0=35T-OukR zd6iuK8N&I1QUGe$H zQO*7px53b&N!Nl$C7=fzQ`IPUJL*`|uP=$IW49>dNr^i_Rj4WKyu)^#vY0&;+o-l7 zOjWEY3_%t46Rf-9uc9d6UBk08bVCEuv_kd^7peLfbk~>lGYDxKg?kHhbT4GdtG5dU za{D)PmU;cfkw7a$xSJl=Z72pvJ+-V`qme}*M6h-J*(O6oDtLQ8n@vyonPNB%+L#7! z@<5R50u@S7R>TXhXtvLUetm*tBW-$53g@^DG~UG&h5ZN42^?Fx=PN_i8;z$l(XULM z{S;vFh$D@Xv)TZeh%)%i&M+bHi`c|-)%)Sx*R$<>I{ULO7a6SA?y(jfv06dN`Ed-D zy8}dlz$i+f|Ei8|xFNFvl_A}!ZJLM#(8Jc650yH5o&4$QTi-aj!gsCWCTR;l1RQAP-*!~DS6|5<-wlHg2sGUykN$?uK(RQ4G!E#3uXu=VE>&}xvN_+)5{o0$@~5peny&LA z99fmY4SXKG)uCBc)>}QNFw7=PYd)?5o!FiuGvgl2Q|JLz*dvy>r?3y)a`UGdw zV@}BZ8XH&C(;<4eLixqbyk^@-@ zN}4uF(94Dpm6yXN5WIK9ZT6tCZ;GiF4?qj+5x%of3_4kP8&{KmQ1$G5f&C9lG*Z9AFl;ZNm3yG$yH7k1#?Ok@!NDL1e$oD{Q^f?y#8mr{om;km3A3ENrWDf*pP`yXFQ@G;%}e^w3wZ^`L?IZA&n;q zp{)C4GiiCaq4@EIqPwn7KSx|R)GLwkr<4^0U!Z>l*9Zl(^8BDe>hTWZGz-c$R1vY7 zTX+WN*L@YDH!w4|3F2i|5&10}zQ}rsCJKdj)b4G8fel?9a=SIaU%yq*+7aH|4Fb|z z)mpDaV?rgHV6Dg^DMl3y^IMbc*EcFspG80=TRj_6gvjwjen~~ddEjoKM*#-)K5ob3 z!R14}O^`L%?UZVKDV=aV6b4n+ zt=hU$<*-NyM!?^o?OpSSg7&-my z>`8E-FqDF*md~KXTscHJ{+}asH+ctvS($Q=4))b|aqUeP)tPQaoua*gZT4it8H@u? zS!+Yt?I~AxoJrFiwxvB&qJN!l?+g)T^40{+*;3_O_8>&eAk+nGJ@z2lfD!r**ibzz zvi`{}U^|Jz#OE~s%y=^(AYLFhb4N>m3;L@^6JPlvy^*!bfDKxAOt4eFG3U-xdOVlF z?U7Oja9(u`7sy%eU%$epBEv}`^c<^XN9p_=kaG)J=qHMhnwN`UH&Sj1X!2w`mLuWV;p!0y}0kkLbe zP$HCRWf7()`AN&n2Usg5{toC$Y?TZuU~QYZveOoFFC>?SC`V0QFR=fq`rQs?4&`5I zzXU#U>Q;D+CIoI|?T9#uMv9eG4TVY1P$$|mO04kdM>{4DS0eUpEy9`tnm!xVYC$OC zDuLy-*WEyY^M%Vaqqcnvc~d|Sh`Rl~cA-1>)Qb(U#A(=d1VTYDR) zwo|1|nG{QkkLa~`mM+J9&|QLYcW`y!rha6f zStusZs?1Q7>9MZDLp39f|ND1PJIHf!Lb= z`Ev4w0OC`JJ4VfiK+_vH(7X5RwAWgUw`r#)vr)7Bp3Bp49ukiEp}W$WS*#R+ZaxIG z_Fcy$@e{&6!_}SkWapy5VZ#BhM);(4uHKNBQ7iL9*Of$Mrx_fnlK2*{AY~gI#^OROiu(9!DRx{v>hk>1GqqL| zJS+e=Mnnbp1Q8VnOP?TPmR_c?TExRR&!e>xLd> zTLlQLD_bH*AguO7waC5D(~ni~PW57OIx!XS_FHqdmqd!Ol}nL(!S^`UE!nh6pHU+~ z3!<~ZzXkXY_Jg}~L7%Z`7a5nHj{eeYbn*>zEgH*B*|v>U+22f6`%N9HTygwrEZAw! zdU;=*`7VPHYX0uS^UlH*_`tL5;f?9Wd1jT~V4Bg|>TY*-wg3EKvWvX}qUdQ{r^z8S z@tG9HSH-L*eHR^1#*cXPw!S!$jYjPd3Q%2LBzN~`vgc!PWd-l{bEg-Esh78M!hI>C z0x7EZjejm1DQttkPm%~gbnq$sQDAp1J(aevg|;of*PuE+gR6zD+-Jz-E3@deJbz_7=YQ$x^2 z3g5>L1Hh)&wQ$$NdU3X`yTAWalx2s9TRd%>H;LEDwcDkgm%|RwsACq1)D(1q9k8?e zqG`a(f3T39y5}AN@jHR*t$Q7&F2~;g%F1}v7_Pfslm|xEZbYXjw9zIsOm5sU%k}6v1jwVdtdE#*|f`U73p{dzE;E2t7_66j3{8AU9ai=ooRx zZ5Z#+xeay@Js%+ae}e*?Zq)m^TjD5jp^g1 z!}!vwx2si7%?%lS&zH-cZB4e+-t{7i=y2Wj&N$<<@FpY(4!1#X43{Ai5@^QK4s_)^ zB^cy_1c6rx{bmAg)M{_9I*LY$+#2n`qY#usIag(G>tgP5OcfGw$i(v@!k{B59emSu zO1$Z}BV_L;xIa?p^IM#`A?=G{psd9)=ZCuj!Gr^9!@ek+;D2bHV-elqHOy6`rw}LePo%G< zTew4|vX@et1A67G7ioGZeUvD7$YGrC~61%;z!0e>Y9mQwtLOHWu6DNT%&}bEWKd z9)3|mWWlY*0?ze!$KvjCom755su#EI@>|!mYlR7@k`_z83BrG_6Y`RXO51D-R|VF_ zve0JCd$MeYIklKqqIfuMmP1bka{A*|EpKT^%DxeA`po+@bNfxrAH(Xra)+$Q;vGyt zGd%w+fCOs|Q6dMA7=e3L4t}GE{tvyD`(ee{P;m3TVuwZffJl=9M>*=q`9|l?0E`5= z=%=~t{pi1n7k15hmdP8i6@T^bz}DJzx5oC6HGh6lN)?{+M>G!`o!Z;~0*iL7k_vba z`?d;NmL{;M1XLMwLD9%7Ap(Yh*oHA5a`&WjzdipwH)MM9FCR!&2zsbu`~LFPCP|Pr z%@4${W{lqTT;%qTs43>X-D`IGM;PuHRvV$@7o|O~g{|b-QC@2IRPauqeM>39`3kt~{0^*C_lUHn&z7ItHHzUl}t2 z>V;6w*V!&w8d*);Y{`LcaPPIoVU@n!+p~?{sr8y*52uctpCHa|z_9Q-%nP0p_wsEUdfs2P#U@G=fJ zC>7&D#G1n$8$m4REdETn2(nY)FmNTv)5ZiycMbIuiu2)873^lkU{Di(-|axLo*){O zkU0*t21U}pB9RV%Lw*`N;_*kQ4+8i8K;v93yYIafY+%N_8&>H&1TfgH_Hp|)vafGx zpDamP&||HIV-;@lvBA7~zMF*4o?VkHXczPMD+rJi(mmPF8~#m1rU}&Xx4rJFe;b?S z;2GjxPZ(72jpkm2_u$XdbOMIA_Q;xlq_3!$aG@EU9$usW#mPTcrzZ;3-?_O@(P?AA zYOi{3j%g>-v8uEj6Ix*TtMkA@}b+g0v{Q%{~pXZM_ME@A5m^wXrW?L*$Qn z587!K0Zt;g56K?`Mq2$QON}3H)>q-K77bsWEFjBrY0$3`(TCis=iB75yBL5Dul9k! zPRn{qJLT+~y|gN`PRX>ue;lNRW@%aXF}KR%!vz2u+s|uMyIa)y)IZ2hojrjdQh!YK z1D-ZZsUPaz<-B`-1d6vr>27qcGm5|3I$^H5FI@$Dt-q0D2}=O-paiSsnN%|cRr}mh zbU-%G`w{3ES6L=6`nJISPier_u8uNRXq&-(*iR%ltiL|~e&2l*R+K9BVRFZ65Ojyg zHp{1mhk8Y=g9pY9vE+R6-&Swg{2t+8&mK}Ojvbo-#uqHS)=@nQhR=H<&BCV3r|i2c zJ{SYlzt`XZXp`Gjm0Quxbyx_dh|)g}@nLZx4=kdx)vUsgC3x-o52#our!SMrNsKt`YeF{hp!Ht%ThCr_9l3QD zi=f=LQ$K-oL@#IF>Fobk*JP!79s&FP<4&7plBU-*fiAY>2$9cI`02ec86s_Qca&8B zey$?OI)49o_s184p66CyjLpYjH$l@I&wz_q=-toE1H;Wg{Byf61nlpa4=7;OKBj_Q z8pD#oOqYmC8H#rt+m6Q zce3_k4E}@8hUW?fKWdW zHwvOeZXc?anjOF*!tIu2tlXN0Q6{UErm90eR0+ivw;u=lgpPMYf)f96qx=8IjaEyc zd&ziLRtc@`<>Lhc^NO&3%QDmRL*tR`820}n6EtEdb}5y&Wn&<(q)LiR^*wg}6^lgA z{qE8eH5nuN-Dg>IOz@-2it{q2g#M#%;S(x3LGgKJrV`zF=|C1GLA#voxfaWw|9m^SInY z8%}FiSOd0L7a#l4U9Xd&+@{6`3hL5!<#xQ&Y+41*xJs_4li}%2Pj)wn;j@TEFSX%n zV+ol4eXtl$$9{V@lsyLDxM4#ozHC#@3Jd8+)H$cnlH+rq7(%Qr$wT3f*w=gJ?{cN! zf3s`ZhE;)096c+iCEXA3df%36d1BF1=iEQ~KYbp8+b;hi^c5HLD1|}dzy)ZjmzL`! z3YYpi-*1!d710EYHU2#Flue(*M-|}d$^{^EG?YcaqUy7DjL|45a@d=M_`;SC{K)M(|xqt#KN`-or?FU5ggb5R1+iy$B9uhcnX+ zxKHHL+;pf4+&ISx^!Fh+U*>A}Sj}J=%JhcV_VUie+qJ!@^u2Ha8^GxW zDM$dbvqs*6K$gy|XhcZPguDGwRD3D;baybiv_;hYabeVd?IcXivEvzGx34nfYTNBY$ayOQwWtbB;YQE zrMY&v^E~yoQq9iwi*F4$^WOd{^7cd!i^Vwc_r}g#{H^Z+?MD5#&#&@&gkTd{?Na4u z9CUuyBH&w*-hLgHja$7P1~Hv;r;@8EeR)EZZ;8iUGM%Qi!D$T^SWS}hc6dki%K^k* z|04dK{QsBEug^sM^Ejs0aLHqXtdscJg_h8aqSKak)q*m`o4!VLToF!ZBo1T9ebluX zMptl)7X~ut)(3n+rcW7-;Z*7&$1xemsetc+3(=hQqKHm*T5sx`T-`rZ9PFSGSO`&? zG<|e6pA6$SrTHT#MOope=M?(d^t{Ke*W%WUk~kEZvr2vT^8A%4tGHr_YMTFJeAwjp z3lFIdlpab$=?<|5m!_X(`FJTxx$;NOgESCui3jhBT_v5b{c58fY7AQIY5uW7Y29bX z0pCwLLt}Kdv#{B=e#Wy*pn(=kF5x;|e%_UH=stBeA)+t09?M93FgA1(MF2PxasVVl z8um}Y1b1Siy<-C}iW-1U%fC}P@d{>$lMAW&p zhCVy<@d%S~8t5pWH5ChXf#59uae?i5Ge2>=2PkSsU+)MpKx*T}PI#cO>r%~5M`PbO z+rw-2xwBT9dj3u#Q3wz9k@Fn?Jova)@({eWhWqHN-W^0v^U3xonQPG$!~ zyv-u%yWi9QkEgTni|YHn{?OemEe+D$Eg>b{Dc#*E-6cqafOI!Qr*x-uOCvEL^;|x$ z-}C(kVCK#}=j^@LdauJK(1YtvN@}4neV&p`JGF|V@xKzsj{NTSBh|2moaSJ!M)|@62srohbbj0{ zi5z$a#GG5{w82a&P)+({pG$CzMQDm|HQJDA;i4!O_^~gE0WK`-Hve!sV*_Zwr!Ib@ z4Ke9(RT90-wZFC{UjZ#)g5BvWR)yMHJvd8)sB+MZK=|ukwsrA^{p*Xm2?n6%E=>qR zUmf_n4t3j4UJcw@lZujNx+6VN!1vtgZ&aUBdIkpWW(a4mndu8vG%Z!@Wo!+d&3a$j zrbRnkyg;h3FVf;z6Y0*4vyMw=$;x|`0lt4N70{$d@D=VZ`kC(X$?$^lF0P<$Njw(64_Yox|z&Adr>*oc06{?)qY z;$YTxEAK?nV>s}d>TMew`c!`e-7gj5EnV0lQX4*`jq|vqdI+AS&zK3k$iKafCz;4kwt`D$^ zoFZzXYynDR$MI*G%OPOQ3Y7c6aNA)RrJG#LW=8vXRwtNd#{bH+_b{(L9&u~;*qi_{ zt>doj$R*Ag?}5ZoXp@}~8z<5_2cu3fg-mC1ppFp5 zDk4Io-@?(G#9-2yuf+EbO>D}vQZKsJ0N!D>$|oo~Vz?3Df1cKH;@w|;!O&f2Lk*;u z!e0VQVq43py+|np9t!QBJ&E;RV}=&>@+iPONZjU&37hRv>H3}M`S^o zFEIE+JsrRO_w~ep7=UWvaV5{;m=yFHp?5g!GjNyBGd2T#T*@NNUl4MBgw<9=tFGf5ONY#6-20d=pkkJFwvb`ABAA9^G6 z7s8J%*urJzV$>R79+KjFeZP`qmngkgz-D{2DhnD{*uJP((#n&XZ4Ov6ESz2p9y~pD zr|fK8Q!5~ALW6X{Wm(D8H*=%Rze>V+wg6HUpMkgXk!F~_io@)uz6qC>%t?7 zj%NhU8nWoy9MHiw&;n7dZkVQ>*jl2^@Vj3~8ImKSK zr6Wr4A9hS(>gv?&z)6(keJJ}RYS0;EpFugLAGt3gWRu_4GAY)UrHTLzmW$tbD#pUf z^;tW%P#gX?*R-gP@h4fTfhK>Bi#!1p?9)@<^PfjER=ok9@%Na>gkGfrwxYK3DBk=L z-&uO4CJQ<^7-jtP^yoal>SWeI|h5J`nTR zwrwY zlAK#v!9B>kJpVjBE@%J3Gl-Pe#om7%&%FJIxIsxsgxgVO@NhEi)Qx8E^s4Om_}dR9 z2l-V}rk{v|2C31Wrd!I_WW46f|7tdy!XQj~midKrk3j41p1eLvNrtmJaUl`ud=bGQ|78pn#e?-F<@pBJ} zsHxroB%8sksfjB+V8RK=HrvPIR6L0uf7t7O*!^#V)Nj9-i2{`8Vn-yp4(L}+mm_F!`yOy_I|zdDr(9wXuTKpkydJud4w6j#Lqi$V7AV<#5!le6jMXKH!?&wd5Ptvvm2j7? z;7W&=)GJF=50`(YRmrGzYH`$87`(Y{H=m9F5*^%XUtD+a4?-5*XDmJ{UI$f+=KN*j zQT1s%}M!sPw%yfF*iCWg?iut+4V4!^J_2WH=OrD zF7Xq4F01De*kcb4lcMvwtixQFl(CQ3Vn+M+&_q7O-@ezpzv@Va9upE%qdh8Eq8YA$ zV!-Dk+}+f?!9&K4BUOJ4Jgoh0=Gy7qP@57@U1=cS zVp6-k^++j_3v63VKk!D}EBik(uv+gbqOBNc;Mt63)%af!33;1^ACelpX_vLC^E=Zx)D(B9{B0^1GdrKIp>>H z&&t;oTjDrgt2>{6TSB7OM+Xe2na-E{fT^Q@@O!RDroFY-#|LaypNkAT(Otx`nBb?0 zl;8I&g3aS_3P>uNnuBROuqJ2jG;1uFz_m>|h7J-rzGw6W?3DgL7A@X-E7mrjPMo+Y zmpyozf_}Mb^iL$9^BYe<<$FDeXBM)tk0v0gXxr?*9p&!0ej>TBag%kEcE!7_s8T|R zKv%}d+(>~{iEx(5(3<*nvLSL?XRORkDabV7=cbW zOH~Sh(8B4rwoOBlw`c%T=I0tzLnrM6wv7J3wm;c(;_!G=e+Z8O(6Gxh2u;A3Yr=i8KBJRDxmxEy_Ix;gTPmt(dO!CN~kM#xN>1@UrWC}|HThPSyF^v`i*r9Xo)y z{FT`xm2S~&tj!XJYgG-kwC?pv!kTtpgdQa|ypB+yxxA;0xHP{IIEy44zMG9#Mecf0 zi{E74QlrxZy}dCtqI1jtwpSPP=-}vbnxFC?Qf#oQ&t@LKG=a}Jwu;r() zK@yRKY=*XzM1CR4wQ_p`5xAeH@TmrLD-_7Ah`1;@=^pyDnC;k__)}e|5;T>kUCtf=zK`Rv_I$282@qw2a(0= zqhL>LUyM4;V76CYrH8$Un3-IVGkaEnf?i4xiZqG%z_3hUJ9S<^N8R_#@ z)SUN!@)>?qh`ornW0FTk`JS9-%Rez>iQ<7lq-MsysaH-?7BbVj@^@aQe+~J}UwjZx z8+}yb`BU>_O6i$z2zF*^2SrYWBSfgYx_-Iv#OuvQ!~I#xGoSyztNo2vC!fxU^OO^eiww?ldr-kA%O=dHX%GPj z@B-7lkaY^6p=+YL!Pp2?-nILcIr%fSMJ49{GO|f1PP0f{(~deh{�{3%z>rbXTz` zxb?uR5VMv{M)0N2d zXQpQB?(2_rtlIz3igqkIS=W}=L>I)zNFcvg;{4Wz{m(W8EQd(0M&%}9qb5A3P$!F( zy}uuc`CNFc3?_izTYX1E9e3UNSKwO{Ys=(u2H^a1*he$%l)Mh`$))pwxe9yGkMRlDe|20s*CF1z@(g0E%Lw*8t>A-)mY!{|lBk z-F~C(%m}&s+2qlvlf^_x=FoM^<1A@41$m6O8B!|{#SqJ`a!T^?E<;k2jr>LjxDx1u ziu>XJi1L0!wEt2K4=EHCYXmAL7U$zWBApuH&9xK-jF^y_7qM1+ zq3HmB2{Xkv9MHZve?R8*!3U0J(P5b0BW>(Z7?hCrG5ms9KQ6ve9`r*c`Xwr}!45!v z_sJr$33+n9FXBy`W}v69|IYWjXtCjmq9H5jsFaG&uXS#7UGoP2OARyna@)57fUyvy zth_S2dU__0hwjyMPlFjE64Q*l7Le*499P`=`pAv>Ls<2s=FE-Zmq;Q`P`6OiZ)^Pz zSeNTsRWdl_X>t1OOqcuVl^(B;?jF&Zl=1h;=Kh`hiyxGp~6CtWfxp}#Lh=W zLHApJkbZ;y78X;=-i0K1%okC;mp``t<|-Ip8(}vT&BxCIGY~ z;1T}-k7P#u4>^sog8FM22q5$3SHI^mGapbtPa;?GU+ zr;DHh(YVx3Q=Wo>O^$wF)23Gn@w!mk{0G#h9vl?`r zK1CjF@pV9qt-?GnGUK-RqWwMw$)^QVB+#lsli7Eo;FK$dI5W^MMmu5(_kH2aks4Ei$yB!!ciufMU_|jFo-bdZyDi!M2Jz z|6IiPtxbe1t6J6=KoD5*34Yz)`t#=WGc24X9~(0aJWxsHAZrd9t`Yb(y^Iyq(14xZ zH=ciy_)0GcPV)1UekqXt8V59D377xhyi0|YDBX+Z*oSBc9-jtLSsc}kj6=mrPUUhX zuZ2lol_Q>Pd;>)-->XyyttFxwH=F2+D-^{UK=%sWSde%jaEpIz5kou^%-U_VV0$LOIe^cf@hDzKswLb~C&UVxeDI@Mk5Rs2mfF@QaF z+yw0}(WYedR8A`Cs4o!YHBrrYUWlQ1<-b(9w3eOSyuy@@{Par_-K6cIkCSE>&odih zpBbFx>Em=?`0gDno%2lW6@aiQWBR;@EwJw6E*3{g4HzFn1@vNpC^8+i4Uv8um@VC| zOqj=w!G?f=^Q^}axPpS{eNY^#G`x!I*y~8Apq0!Kk&K1cFIAK1ljgf8y!1P{5>ecB z#yaC@)I;Lk2HvGApR!NVO;??!+2=K%JdXWF2AQ}G6ezT9UfVVA^M}aS=3wTHJO_0- z4l-49xKi`L-X+KMD;DY~V0qt^6YpY>$l(ujoax%dQ{B%fwk`Q4#rV%uT6Cmhqo9{c ztbJNggp}pD1&)f2h}Fl~h*CyZY>|ECi<9AhF)W6EN^3iAm!5#ys-a=B9*l9Wd7q>= z>HhjCYSgxedTGAmF}e&{^oA zmEN(3uNAqnpMFCKvakhAKbtbmj^ zXeW^9rJImAD)VKx+FxmY?a>(}c(rwROT;4XH`x5IULR>miKxnq)b*t8RBlxV&}$LQE*e zv^N@5O$78*9eF*Hs)dl?zOn!Uz7z}1Cs{qk)H)*^yrgkwpW&w{RKLQ#vu`> z6mIlk-z`<6oG0WqE`z2HX!TUHFU#UY_J}3mvHs4r+Z&x24=|EeMSrLm&FJj+$>mX6 zRMm>ADB7f4C>Fn(8uRp<@`!qU>776?^4^%Cc^d7<@YJ7J6q-Q155XCGvs-!gY>>f- z{_R!F&Th!)cmOx}@9!MytGn);-2Me9i-4PUGyt03R3akXy3?ccoqV_e`;aOd=J_Cz zz2Ew)qgZl{kRTFrNT%Zgo#EJRgC^?!3{Td1Jg3Nvbx95<`!~VzaFUY^B8Qd#vr>Q- z)Fo4?RI6Il3ys7G*ecz(dSH8ibfZK$&Uuexp?dFgps;`H?G*GrN&5?VxU&Q%9i*ax z{ox4jRA9XPB~w0tf_UYgF+hN&lH=v6PUZ@nAQU3QOyQHgd;Vrg$$Ix&fQRO3@0J*F zmS2KvKyUn`me47i;q#H%K%GS{En~CDy z6axh2NL@^m*=b=)&?S4&1@MfzFKf|+Jp6Z{evhp#5-a9IH{Fc_`Uo4~;ul~^>H>Jl zPZn@pQf?#9yKTaBL;n4LHY`LSKg{*Jq)5ev;^w?(0a)?r9~xa!p8%FvPt97}Lgy=i zQAfyBr`3wS;E8n3z`v#l^4=wbuGQdrJeWK`H>7T_eiI?cuW_QhyKW=@6`K;Ro1YC} z9_j3CGY}o8-Q~YY_>!Ha6}cd-As_06KdLbfYFr|-#;00F&CxQ|N^6rQ)n%sv2jTtk zR^XpHF`v2D0hw=MM?}=^j8e$Oeg_Y@hNvf|M!!E#^nhMu*K5Diqnq5${>GYCHq(syoY-(Ia*cqX!g+h(2nO1DC(E3O`I&J~n*NM%OnR7X?L7lO=R$x%OQ&fg zAl6{$H^c*`t3iZXROHS?`_UpZ1~Y?Zlsinmyk8Cv(>_7lpUnCthD_WPykeKU!q|b7 z;Qs>Dt58Hjm|0WV(h{#yeA=Hwn%GTh^|v@+pU#GB6%xbjF;NH?ZAdevBm&GNP8m6J zzVg^rtWxc%lYSPxPbnpp{pA2$xSbNPma#y3ape{06ibiaaa8QH5i}-9qS7GY-&Z(5){q?&{0<~#etJb5q zTj_0g{05{6ya`jKMt@amV@g{zF*m_Flv(OqGRic1W|g)L1DnDHfM<;xjj&dSI`J|n2t+cekv z;Re^5PsN=tJM%1EtynOItU-C*+iZruJ_If2smtH7b6Z9F3pMGMw*_?m-o)uZLh-;6 zS6aDiy=F^4--tqhT6qgv+X(0y=+55k&)_%nm+-nd##I)Yr~4>kVHOV1!)HO4hrFPX zG4l4{Kz`BT-;)#0U8Vp=e|ZJK5Y8~C0f6B#Z>>cQrHvq4@<+tPMu1bldbJoLQI`C=j?C|QSiQx@+1eo}ME0c&TPr%?lS;g;B z@h;YPXuFt2ym6ujve}`drH=Ag1s!4P${MAwtedx^mawpU6T?d~^qc4KzQolP7>tai zAq$=Ss)YICxKVZqOjG`JT?5^nqE=;r)yqp2py7yi9V&3ZkCX|`o?J%&v8t?VPJ~(? z@LGZ4*rwM#7GM$-?y$9uKZ|xY)!iy1=0tGwpDiGA*!UAX0{A!|0cSaRcL2t?%*H?S=9g0o9+)-js5MRk}vt46Oefj0+u~M{48_&BJcI|4;LtgOu^6r7eI@D z9%cSbeG7g3u@{(Q|BWCU(uESTun*A^KBhPH^dY#|WDzfQM+cy)G8p*0Mv=kC%)CE- zs)9B+@Z|v83O*AeYvSqMUHaK-(bfaxs>PGHdN(M;;#C{?kKvu%A477S#Y+wzX^$9c zxfJnZ9$VyCtxsM%fa7Rt!nyj3e!Kb>5LY0unw{mz_%zcgXrKkmHFbx8O3~}f^?9Jb z1;&M)m3y^8?wjwgJ@hDVy(I?F(^&Yw4!s5dRA((}% z7#F{Qvub;xSF5vrV7%1}6c4a9ZH@$xaia8b#5}K}y9=OIZ?!b!$5l&1pLmlLqb3NS zr<)=!Gao%_^|{O%4R$IvTz`HNIj)10#;VN4Hv0~9EDU15`gCn%DNiwxWZ}PQNf-oj z;5Vmix)))xnbmU<-W);9KEovf^s``9(mc| zYF#IDM>|Q!Z}9G6A{(PV%x4(59`eKg{G(0X#^s_?*$9zCjFDJSuU@@_SkSO8AoOVa zpHWcF0c1E=aZvUADBel%A*ZN@#uO3bC^FC}u9YKqZu~so;NY3*5x?)cS(Ecbi%mzw zawiMA=l+BVcXup04Jc*){NAJwq45C1O@|qkff`NszI$|hd!KeQoSRL8L6p9ycHTmt z-iWl>fZ+0CGb1F+ThOVl61?|Mu_-k?*$p>CZ&6Mfxn?uIKkunJo6$HDo9qGD3jIdF zO1q+l?SLR=Gz9BT11TXlQd(UGNQF4w+#JFD(11Ep_^!hPMc|N+coUJCr=jA{{wp&c zdawC7idmp`8gXLyUpBIMuH3aMcL3J0Pz-HIWT@0|b3c>z55dI|lklszYrIjb84A#N zFs31SJ+00|v9F#C0mzE0nj+Sa>1#RRvTb=)cUc*7x1HuzgVK%JZRl-TM(hzpA}`Me zNH%)v;`|TbUn}J1z2iim5=c_<+-o$=ZD; z1lZOMrbORzyd1qYiTqxH$n!zfU@Dxyc8#5@lVzR`-zI(SId=zna|aWQT7m&yUjYOh zCa6;av!Y`e$ycHxUSw}%2@XXPbTHsS2F|HFfM2gc$ouo=iQfC!u>4`2nl3nVpw9%5 z{nT~yJo^lmT23|ZUjTdg>1$pmBtD&)>3Fca3H-R{y1ORGkHL>ZpN}nt1RV_p1AS0Z zdXM{zgz?Q-LYkajxhGa6FC^r>oC~HDu1YFj{~n2hz=PW|I3Vz}QDQ;Y7SdMOb92YZ z;pzxE@6;;QxUDL`;I*WJ>PushgzsAb!v!24yFdL6W8!lK?yraG`s|fE5pp$}<#{=@ z+fRYv-C1K}>>Hwru{U+mMIP}lbeQyeKOGO9m#cIFhx6&v!?jMb5!7;HHmy6wXa265 z_9g|AakaKUa*E1ZCQsL=z$H7=0V@Idm*aSYY{8}eT_%yo;dAn>y2s}x$V(Hup~sx2 z>-z=qIl`VPBXATTg+;?GJP9pixy|C^w_Y+f0i~|4WHMNG(uF9^hwP)qf}U;`i0^aCZ7U;GwT|l^&mew( z;`Hw47mE~w___?}jjK~cMW4dlpAH6#{YT5Ghp99X3?(iVha>Jcc^&j12UhbQHMGF()AIi9@XrOq zU&Ff(-GiK#^Gx?ia|6$4bA8XTyG+|0-ElIyela<03=zjpl3eF%T^!u+6E|P}KuIG$ zZnGq9g7ggY(%pxh@LW|E#&|$WUE;kSHRr(lc|z`1G)l(f3MCZYXP*4-ICR`>j5FJX z7FExgfaoP}x;Gd<-6{U|ikZpaW9B39VTs>mnz)@zkrZk|Q>#L*hJsetw7jo&w@uPd*RGKz`16quy-#WGxQKal z8U;QN41-CK$;FBy&p~MS4uiR{JS3~na^mpAbR4;IJDqeni|N!@lH$$;Cl&oA0bsi1 zE#-1%mn2%FPIYklRUrCaNpGyTvWd+pH4*fuK2IV%GSokpUx@}`Lk>B*1ke3P{Kf3x z>raqMjk}uFKcs;>ak1cAVw-KMeQ`R3(9`>n06kj`!nWGL0;NKf$<*$@gwtE^1 zOU^(U*PhGFKY3YgOx&vf&Q;JJM{^tDA(S7=U&y0OUAtigTNBrG`V%B9^Y&;}p*p?z z)xcKzgjQuc+w`^i@D8(Z=Bl`V7P>xyu3pX9B3~L#L!&35%&+ip@w?bRxz8;`@fzr= z_chjLb9je$Kiq`1;cOFWBF;BUXNMpAZ9JdZY;)zGXv^uAJzcn0U$3{2RdGV$S5#Li z?I|K&R98Pg*I3US67G5Auy2h-JI}UMLVu=(x?IeI8V)%=SnOW}n9vO)EPeEvD#IE& z)q0w@J!Gc)xcrMqS~*=g}K>m0e{QUgzVgdYDD=W9$9al zOQHFcl#unia&`-esXDIr5c|cN7A;#`g`WR%3vC0Rqb)E9%zWdVuT03XyZrqsPtVNH z%YF^S79pFe-?xU7tGk8{5{cx$Z z3XEZFyXtDfs$R?40w;Xf>1FaKIkp6ziPqVH*Wn1|hP%xd_W<0XX9ptAfGreTz-KHi zWV#8mylJq=>wwH7I`XrBI82mJe62suK!yrxGi~XC=y!z!L%-p|yQ%G+FtRkxzOroR zGl%$u%Jd7X=xJ5hSau-G#BAugdVOH5{L3HLDTBU}7P?j!x?zjn`<$$ntNx*Oj<6ns zyt?YiDO{QC*yEd}^|}~H&b#d_^oiXH%}-gz)whuBciX`7QzRhNqFDBT>bM7frUg8IZF|NXu&z7a%p|{mp zdkc75I?nbm!EjD)DqPJ;xUUgnUWa8^FWzRcbR^lsl3MV5o?WLd%O40^v~(#i^oX}n z1ifjtezUYEIK*G&c2^{SaQK#m6x;q|uO)uW|7x6* z;A-I!p3k(hch%xtbDl%%^q|$Z6CURA+xD@=A3Do21W6jpz}wB1cx1m#JX^0-A{4Lj zV1D4#fGHG8+3>Up<<+=Yq4KT4FMy4_>@IN`dTn)qNmv){!NHi^75U^(a*ET8JTy@V zP5zq@*qg#zJ=7!P=NzCqj@p@@Zh?3B&z4Y^sd*69LYot?CQU6vFsi?u%$-lO?AbjzzMBX#(1^ zziJnH>Ga@!hKcvGD&p{JPx89eic*qX9s2CV3|Kbnv4F{ep*xSw3xB5@0o^DCOd^{%p z3(4ej3$Gn_cLp81dx)DZt&Li@WHpd^(W->2mSH`?YzAA`W9rCSC7oW3@q}|+^OhlA zQpV@u7Q%I<13~<3vN^2Ly?fW{jh?wF?Verq$?c~HvT(TFX6N8QUGm+F_=}zR(a#TC ztAv{#Lmm3d0|D5f6Yj$v+k|U-2+~0c2tnLt#OMS4Iv`(c`@$fDIo!VujuyuMW^fp-!{AA&&Ek{!}z^mTE*?x%fS7$q?r5-_zU@-^p5H5kp+kK`%s%& z3zCuC*laz7{;F`yz_~K$d3rC^2D^8)73Lob>;aHqnQV(xlr9f&sh#ldVLrv-&glV7BjPZ9xgO z@L#!3qKV=cKg#}KD`aWI(1q2xY?ghjRRXZ4ck9&$}=qFa&oYrW2{u#Md3F}l`) zdRksVxsR78@fh#9u37IH=Aj!}PC1HNXhiq_TTwq!y3Gvxj|uWLeJTs(1wDTN@twTL zdTekyRosScVbHIm{l3c|g$I&hA4YJVAl2M35WWs;Qm5zH5S~K3YW@NdSe?2&@Vyv5 zNkF^$o7JqLiz44RC-?1T@?pGhBkBQVl|N5)J3~6R?q^HA*gu;py)Mblyp@Cgn!}32 zO09JG8bycI5u>W2SlPht@w(5_G^qxNJaPhpvT`0yU*b7?ji5%)8(Y?VMPL3cW7f2K z>)kE9Gx=B_I{GP7+95gXc4e``&I&%|Bu6hvzgfI;9BKM{zoqWA;Ln_JN8;nn@~N0{ zZ4~^PPRWz~+$l6I;U|a`9AR^w$&?WT$s^L?=?T$cr1$HApGjU{gV5$F_fi8k;a|S! z7ow*3kO^=2{0lycgSA7@N9imO`_!HUQ3F&H*C*_0or@V=J`uP|_p>l!oVNKNdw!Em z(jTZ9iCl`iJ_*x2SnkC(SUzGy`z#$&dgjrCWa)t)6bZ8hS(MhQ>V8oyQzU!Ob6_W4 zVWlSdqBkUu3P>q&?(&dz7I^4hf?{o4ETG0FF8(2{>xsayTQP{0fmB}C$@A`5usO`L zxJi071EX**%O90~kYM)4LqEDfpHK{0DDNoUNz66kZ1Q-88+`u$0sa540Q2zz<78E z)bA{&D`Z1Z)~yQ{awp(^GeE&1Yb3YY_UJDuTs56&7=QjAQu=A9my4ocoWp&Ym+~t) zXY`Jj%To(?ttv7qU+?$ffkW%eE7}KP>e|gBP&DcBqJRsZYhi*^KyhZ976t4bHy^A; zLLkwE>to80RYeg|*AX8=GWh}L0?7mW=O%3xbvkAa%32p`!j(FV3D+6J;wHg783H@+y=@mGiwoa%o-mW`h|*0Vy)=qehDfB#DU6~pYJZz5Xsz3gj(RDT?yA_u!-xaby3yJ8FDs!Ophi^gf;!=4cr&5 zQ>v2GL|tp@VVXpFO-jsS<;m{XynFlP=061^5JP#=X4^X?)0Md7o?eGmip@hmXLG9% ziurxci9qwxih~mrXT(a>SP%O7y1;pK`s>OB*>Y+L$(}P9mhO)Q)ERZ8rOR`6z^tn7 zr`tA58}e_PtiXMb<7O7qlI_%3&}pQ12B zv0~ptjc@m~8Etm|Y^6ukEI|KB!pcdhny4D|WtG4GMK_FrR9wN{=)1ZGOHYQ@W2@}V zw<2y}S7Y7FV;{5SaZSc>fOu3z4Sx8V#cq=uOGWY&YCN;^R<2hg{jXg2d+g$I%0NM7 z)M&%T$DDW)L;uMD=Os%>sH9CH2mkdHjW!AzAxCY$i{dYMaXC7YEA@5Cy_8_4xYC6 zL9L!1wP+-b>a6D2)RL_}?CO8CR~?hjU{)Ug74zEdiira0oBy;aws?WS4P}Fd6-4q+ z7g_uZCAT~8sT2o4w!|YGVfz}q)1(PceKJ;Z;mhbhh*-cmuW-|j7X{bye*Lb4Gje2h=-As*3Y;rHoy)w{B|_|y zDnQ6hqy5p|IF(qABj#t2UeKH{onkEo3_llhl{5j;q(v|+``Y-&DprImPL6q1uU>kk^7DDHt{(cQ2BJN;|!*p*w1dvS=B_LVFV0Kg!WKBB3CAldFIB0Cp{4`7hNqjr5(!pcKomZxm z+W0}=a`yq5r}P0-cj21vPub}LJP>XoSf`PiKKAMZz2VA-2jT3kLu?CN?S_+T|B3&r zEOL~{m2Y!m12G+Bl3V511G%uiPg7U2{?a4b0WI zCD(1k7WU0K;3~a}$i;B&=sAB_-fFeVZ>&}$QH(0lf@3Yu`u-@LS){_`_CdQ4)^?)_ znjC8y93)xNzs-%j-B34`V#X>EwI&x4!Fg9^fJkc|Y|${zjsypuk#{lal+|CIU8RIl z$)t@eW;g?ZZ3{DPmp;2JVep}MtTrbyA7>qL)&=s&URyzb#}s4cq)5H1=l8&23wQzK zV#6rsnj1t`uoc|lggF^asE&!HuwV=6JM$)AI0@t*XDoOs4xoB|JAsl#mU_MxnkKaL z?8{0&UMHT2Np+Ve1jkq2yXX!`%*w|phZM)xyX+^~x^GEg4@?BrTL+)xfgX!)B;H+7 zRhIPgPS+JXkd}+=0j+U@89Fm!(q(3$ z0(DoGo%NAE+s~No(`Dz1Zu*B+Y0rSFhM4K2qA#JwyhS`4=OR|^%FAWYmO$rAI3GyJjqy z?@8alukHIq$sn^>%lTEiSbx3Dg6PlJGzJk?*g&0IDxIJBGxR!5oUy5`kt?FCMTciD z)g`$Zz25Kh4&Wttr4Rf>aE8LZT_@_CPg4wVna{L{uUBd@jK+CcuA`(`$Y)Ud1?cMDvHax4vk>q9^ zTyDWLrAD5-nNpH_vV>(n62iyPULt*?Av80Rc0|6V%!V@&HU^LIY&kCRHEQ(Ho`P?^ zNIY9HCDHIXU*bI_Y>U?UM`5!H;|{qD1TxX0&qO)B&1UDtpgbC@8IdSL#U)k0%2ty} z6!L>QRo4|ltr0wPv5 z9z0uH*D|_ldl%vzpNNhM7PIEWm{%2f?yVABX0ajOq!j?^O~J6WZc@_Oj~B($tevSe z<4&g(7Px|;uHzz)vtUVd|FtB}?5pJ02!X9J>R}TXZ!N#in)0fO<>NjoN4fsYQH(~x zydh``{B;#anSH2PnwBrR?GfZ<_VLd}%>*2RUEW?{5p@=IbwH6H-Ike8m|=Kx!mzS( zfQ#M$u|jraUyo_S1wV8)+z#D@h&7KYBeK-aY6kE&j{QmY3;(}Ko5O>se<-bTDG3Y} zqM@~NHGiYDai1hJ^IY?e(+;!~16s0fqqgS|^57M3Agg@bfXU<{i%$1@P*+K;QTeqk zf6gRK`=q8k&FA#z;%I@eMY!FY^e8v0vC$$}gyG>}?4Z5QWv0a*s9bcCyq~J_g1E(c3?XA$Xcqr_aqX^m7K_#@Yd2JqZCtOg+-aigD zX_(`T%_HR?gDyV`6(gNe_7X{#|5`Zgo0jT{?dsCfhn5r%FjyTtZkU^pdaYLxYnNi-(^#Yd*1H(C4o2qnnD_~q5#!?E zV)4PWIw&gsY^_M>B07_uhEfUMiMSP*X!JIf*%XHk4|_KEsK*TI7G;-$ug4ZT_eyca z#QN=biGMKm65uqL#^1YyK7;cmsb|tJglv>r_A{D|$p=-=Bu&p|uV52JxjCx@l?u*3FD z@ZWYgd1*kjd1jku0oRK7`R;o>X?`Ok9Ul~8WZJ-h!4cOx)EO&kg(4JFjxYi~>FlM{ z#a$M4p1Jsy#*E>_ekIw%oH+puD`ZLjTY_wIR0~#q(%6tRW4^eWB;=dozwfBFFXeTO zqHy(&MQGsszD~*sO*~?|Wildh8P5*qy*FbZZAat#r4$i-<#f7Cy4id$hgs!H&x4=J zrqteYb6>QJ#!ltRl*djyS|zSOGuX~nr9IMwowRL;QT|(Sa;t$75o4SQ z|K5dpndK3OGKYb{j~V)rMN04}B*9$^Rl_X2oIXS@Lr@NLc3PG`v_TKX6a@};=BYyW zgRoj`l2*p3b$)3Z3&nu81Dtmb?rsp8?6FOOtaE}(+I!H4;sFiaWY{F`{i>>gSOMFh zeru7UH6^Y1d*?DssqJN95ydIpoiYV9NF>db}FE$Ni=SoTF~SsnCcKUZt(7PpU8@24N4> z;SBf~r)SZqOVKDtVCqMn=))jLb~Bm3gUYZOsGMZ0XedH1wQe<18xXa|u&wxGXxzQP zWllPix)>+x;Ujg)l~WwW7CFp^k_ zz0aEJUBIyEI552Y=zkzrx;eDg{qBo576oPN@=xu?==*M>|&)H>YoiKMuylo;=UxV z8TG>zq);RHYwg$xt<+@jJW4FtBoBGq^^E4d9$1Uc4OW^R$=-^)AT*o4M z8oQ~d)m9DpS6}<0zS<`_&2G!};LqwKnd6riC@|Zmg^x40Nho8qEAhHhS6L^bjw#Ey zYm)9V@Wi_cR^IvbHVW(U9qOWHrgr~4#w+T?^a-l}A5T{q7G<=phn6lW>6R3v8%b%T zJ4HH&?v#{}?(PQZ8akxA89+ihr0ag1d(ZvBzjTAYt+$rXz)$YqBpVrTLIUO6 zsAg<3Ov&_VACNuakAzSUDfZjqI(SAE>5tdeFjl2hCH6-rOGqN$IFJ`?IP=cx9|ViR zByyO(5Dbu{+^{61Xf(`>bjD{%|9YWWQD5-;>02IpCio>3oMw!gU+({Q1+QPfjY@@6 z80+j(+*(rZUVF_@MY?hNQ-8P-#aof_N2f5>DrFPIWABNfQ?dZBs#&nrG7$`BZ0qL> zNGC^EHs4O4n(ccQnGbH{P1gk}-J8Ju`S}0U9C6;nxcJ9msL>=}6o@O~qbLK1%o;@h z$T&WjBnJ!nPFLcmstgS>)>lQ9 z;hhq5jHXc8xpT>_Z(!0(W#W=l_$h8dRBj=)%IpzrBBU+!V*jIHQ39mV>I$=5ohXSZ zPY#&=o_F|gbD&ry3@lTyV0@fOEYqS2ZZKJ>V2FUOnyBpXdnbQ^>fC9uFsu9m6x?_m z#FYGqWOa%iuT!s_yZk}#gRjVFR-qaNfx)m3aRM2R39%`Y`$vJ?4f#P**c4xN?A&0_ zg3MXBh@=V5s)FnTQw#|PMEpKTuxQ5PpP?H?b#mLEZ zh&Ky)?2KVs#Pkoje|i_ktiKptZfxA9s#=BodY?i@=!de1Hf)#fbvhkFX5bd%1M=4$ zKAh|frp57C*P%hABnJKE5G(RIDt&UI^O-`NNVFq>uWtHnh(r-Bbw6P^n}nm zz5RX>CNeyBPDV3-eW4(X9bpRD)(Ia(*7y&BeI>)`}g61fdC)u~E3)MLtkiCb7WPMOV*C61@PY zEnMrwpkBazv3Mt{Z@?}tIn_VYC2+Lr!=Cl`)A85Nx_rCMC%KFU7t)z9nxpaMz0+1G z=uL82P+}-1h=g-zphm)A(U7xBG>7*#d_0>z`snO4&%~E=jd-v_==*O)c-VO}U)6?S zK90iB%=2Knak^*qvZzHM25c}eGsTTkAF8XNN^v*1=>J{}MdLj_Zpbr_!(aS)VMnwz zr}~p!NgvLJh9FREi!|t84}vrG4X3StUuFgE=%`3?Fh%&IhN@FwFrcfXnhR{%`&=_s z5xJ`J6&SdgafYzWxLe>ask^6$_idkoK)@oyN>DYJm!seOiv|Hf-dNIuTlnu0r}X8J z*()QB1)VwYQFY9B9g6qB{c|5m+W9=D{~Z07*ez&MXaKNu(H^0 zPpRT}0fW!QL{p;atTIsvUm<^;p~a;KeAcm>594~Gh|o&IFMSi8`|t4F+qLB)TsPt_68Oa8qhj;~#zF zHkFn|C&3nFomOYMn{TOy2nLO?2PM*SO*`&FgDZCBH2gjdg7`l{^u*m=~Y z%sjQVVFU)gSkanm`$XQ6+y_=^#Nc8w1Ay4RcHH#Flp`{xHrH!N-xfclZr{1ZTB)#> zYxQ$=j@?YhoB#qaeDr=z_Bu%|vJx(!gT0+ifxO|)NP&T)I|iBz-3m~0T66@DpBf!L znV%5`K;VVS5qR;=PSj*^RFUuALYCjy3$gb|jn6;!fjloWyIw{m_1LmEBi2Z=H-?X0 zPAl^DK7X9|x_tdCVvJE35Lxr;U`%F57=eCQqSWv~Sf#m|EBxHeID%abn70|`u47dn2H}U$HZor^ zfQ7F6pY_rK6-F2E%7PAP-^^+D;%DfY5d1$odiGh3Myq$6bgV{@c5THQlpewGQOfMujUuXmdlEDn2d!In6>KvTizXLR^% z8IbsQ)XlPqr{%khLyxIDD<4IN%np?c;+&$q9WOWK3W)x*aezsYavP!KuhltTj**;M?BmRTgYt%?G@q8y5}6#r>-Vf#UhKH*##09fHs814?7!dIxhKC z+tN9n`THyw4%}?32PIdG&f}KLtnaIjQHp=s@y|s6aU731Mh)j+(sR3iuXQFgf^e3z zBRrnTqf6#N9E?XtEh}O|l=SLEOY>mXH0Wb$v%fsGwD`U}-_|IUsNWD`0oNPLR+@2ijJ+b@ zMadjXfSjMwQXSkB9khSrYjzO`fR`;+W;>wE`Ue4GbT6}TIH!^O!jtS>ZMZhp34!cx{<4?fBaie>%?JMW=st7S~oZ)`HzMUkd zkGWtHqu*R2H;+AOSnQ2t)#{eKY+N4N6y9{`ia}zzc~$w`juAJV1vEHL?#d0v^rIzar=RHK18Ykkp(+@+aIIS`3`=gDNBW zeWIZDD-wLwm;nSSbIB^T?(Zhl!!Z@{3^~mM5mM|bZbG_VyimcG>jnoC{NZlL+U&ql z*tTD(Gn_UmCbIzX)tOQCUoDT%6$8$YqQK`;u{eDa&Tujiw!cT3c^IFmgU)cPKMh@R z(Rj9PlSfiFV}7yPwoG@Uf~}J$w@d|#{Ks!9<$ULsizy_CGOFCNoNXjn6<5MZLmSqO zlyaYx52UiChV-n|_xhf`NCf_Pn^sL2Mh}zCzD#EUiKS9xML5q}1S8Qe9Zyo2ul{1c z+)oZJ8;?4Q2u9ZYgtww5&-ciEmGCq<=^Te0%b7-}MjNQL7Da@r*IFRJ|8`OS-3!MM zHcC?~$w7p99q%?}v?JaxB7Hm|ta~he2S!DgGRD;K&qrrd8DcoFN(_|BH9q+N%DP5# zFB5gUX>yMS*#3$5CmA4~^^YsCdjA~9c=I?33@b-ZXp@mnrh>x|waoGkq!bc&G%R0+$j$%$zyq%=w^Y09 z668N&vv=ELccKoR+rDkTOgi7ztlDlwZrb{zXj1%FFMQHG?WR(|z*AyhH8X`me$w?@ zvr&G!H#Oz^320Cf!Xan4onto`kUMb1uySTUJSqYjnV8yCj`7srXZvtq-h3tAS^CHM z{&M#dF5=ri^L@UCrb>@TEpoT>y_aJfey;R`(hGx&jD&mRX70D0Fymxj0dnVVkA;#N zY9E8%F;1%r(VM1qxDxr(C+u+APiElpSD0BH*T<&E{iXC(*8#l0pw$ZrYs!Q}vy%H? zULQfx^#c%~CSfG`OM zLZT=rjWYDszSb*MW`+N570j7tl6kU=IonD?*){!-L1871uk{m`@FuKB11Zn8w}#2i zu3%9x9AY58JO#t?v|HRv!`p}dXzExO{_oz=9CUlgm3;R*Clg~V;H?gtqBr+2cA5s4 z@PH}LSVtkF3C~$+P*BvNr~Wm5^0l3YnNQ}YQPFAe3{XB^G1ONh;n@i^p#G}kDUlX5sN5-B~* zQkA%Qgy+`xu5oJ*1;ycNW-9l!2w#Y=f*ytY&_KpLr>R z&Cnv}SG3qRM5`$%;x8uweU${L>4UEJ0vfcv0tmw&`*CDba0luEh~=Q=xJwd)VRiCH(S+5qrEwB^<( zp`HoDn!xNv{TjxL+q2y7pf4630f5LpRf|wSD(Tbr)53* z4sv9Cqln!9q61Is^3eUs=~~^7z3i^2LGqMde}96Et|)UrhF0rfAmaG~yc7)>v3HfO zAT9YM?*r?*Um@vjc-1z+=Y@PKzy-+DY`+|aiA>UTf4(tK=IF6EXkVrg0XXyEjdn-W zw(n239lEY(qxq<}=k)|}Fz%aozi)dKqpiPtVEy76d`>TO^L<%;H2}qs=PJx_v<)R{rg=|0n`~HH6uhrT& z#$4pgS|kJCfhaX3T}PZ@-)8lzv9*2Wij?nTV)%CNZY3u+ZgfW(e*2FQsrlP0kOWjqZU7(em)(qxY6 z=v;@5MIgmCsWzdGXX+8^Xj~BfuJ9cfhRvB;s9`#J*|SV0y`uZzEZ@5Idqf zXStte2@?aPH#mj%4C&jgy*gAo+G3(ga>3tz%dQ&YmtUV`zzC}{7$X*JtZ90&F`KtFMP{sO9*4VwO#IHzHlPTHsK>}V(-eLtXB+QR8TTeZ=)9?uZzX!luz6Sizl<42R`IE>|m+r}#E*%FPS~ z$2wy2I5Sq42#`z&7#yde#CE2!qX~_gkng~@dTEQfp3whtp7QekUiXMbZb?xiu66?SvR(Jo&H*v<`ME(Re$*(1GuD8&^-jqQk=T7xR)d z{z=YmUTUfW_xh^y{Shj+nofkspJkm>fw?EYe@Feh0)WgG^^~9MVt$+uQmx+=a>(@H za81!meKWRnX|Q&RG+}dkQ@&uo`DDF)&0J3AFbXNRU+V5s*QbdjI$LDqGwT^le5=K=X-lA4kw#FY-J0vNt*-U)-ciSElKq9(ybv@v?y;@i5I_b3-3k z6Zb~bV=&`w>I!7oY?UVh$u$T~Ti%MdOyE9{TKmX8CtjNBZ*l*i zi>B^`ksNQW5@r?mhIpHLp(k1PC2-8beQM<~70qvcoMT)$oG8yZ67 zX1T_nJ(43_`sP8jqvx+mjPc><{}x+O$?%w1D38?7Lc=VQjC+oMY9a$F8Bh~(=va4Y zT$V-|k+N#|-t7&6PV|&N(4Ix`73&886=q%sA3aWNoo3F9vv-U@jv~oDhKrnqJQG?% ztKZs(B4-XZ*jCt{CzDWnW=Q0d_M50F(c8%)x;&I4`bYz@vV2Tfpj6Qv*X2nBXcu1utN&T>nTGt_~&|ji!5efvRbx z!~W#TLBfDf#*<9yJ08b*lVS0|JB66Vvmn=WIfp);dRjIHo_DZw6JKOXYf8}zEb2*{{>a~-%+sE z{G|LeIdIpT@>zjuC;tY<>GnP!hOZdYq^v6NZfRHhGn7>>tVA2R>T|BIqnEHM?03sH zWEy@fF=8ta2sKe*g3%ZCvaQ1 zOvGb&D~H}i9gBx^M_^Z*pj6^&&Q8pJdC!+{?AjljpJ^ge5sgF7%e7bN(5G}LO26&@ zM43KAc%R2`XB7On4^#L@t>rKX=h|6lSAn)x+-nmtEF|`QK=+Rgl+lm( zbK&EoWDcOJeKAIMXV-xR@AbfA_%{d`7`TGNqKHQQc?$oU2piOgNt*5&YHFSFwLLM} zB!Y9Bh!*ygr`l1y9-nr-oDw0MjBJgAEpH8#jC)l6u2ZNIvH64d>c8qDf~1j%b_Fi9 zd}5UWNX1l-_OyY&W0I|kINwz;8g>X6+P#i+m=rA^A1W0&Fi>^+)7 zUTD1gHR}0^w9H^A+@5aS{vfxPZa(KMqwDZ9>4IHsEx{POsq}{cXr!h2dzbegcjP(a z$>Y=brOzoN;0>i_VJYelL)a13AFpkujLl|IiqaeBE9`FgIZ4h&^txQ~VlvpvtNm6o zpzFVVnAHq@*FAs=;RK!seQ7%q^N#E-VQ9vZu84sf@`H1--J=N|x91#@x*v0>Jg#Nc z)dO>r{Gff+FSpOP#}_B;^u3e$#Ln5H~FVEM8ZbxsQvem8M~9RU8sMJK%yy*+XIgX@rF_b11v3}_b< zB=z9oC%HWgFcDirS!G33fk$Hcw`qU0yqvE5$rGv7!ZPcEh=q!>)o2R7WCgVP^Y$0s zLrMwD`8jg|(!}#u7L?uKzbvTGz+tg(3XY(9ge^t%8P7nwk#T(NmUD1M$SlH~SzaY5 zWd}JCzEQlOdU!^xmakj9XHzyn6m!6y!YPLU<1?*39aoTt zmN>M!$%f#!=>j6&ak>MQ=;n_AYCXPVgI}Mb)+7>TwSkhNApD+VV1(&yFi5G1` zu+cH7j}PkHn0L(tr(5SU(D_3ZUDsN{mZiO}A@$G<`3r#6Yd@odwpa2$+EmH$S}1|wudOh5ux*60+ei`&%bZCHQQ;G+zThO{sYYA zotPkpry9siwU+hs#o;yj*)M8Tz-zZD9|U{Im0aa{dXbr2yHGah#(8NavVoh;!aL2&I|I)t6teoRBUtxMpi7-7jT;eqE(ikuP=4?NTsu97 zO-B-(cf&ETkX{X>+azGcZ&WaW6<1Use5vIc*dQU^5^1E*0ySA~V4qnYPWY@n^9k-k zNKRT7dvia1XXl8HA+pT$PUDKuc)?J)}dC17~ z3>pE}P5foM*oL)dNLTsU4n%uVk>zyjT z!hYUetobWZ6FiO%i77AW1_s$|$2}l6SG>z#v$7Lz^-{H%d9!*0y1p3+_3klO+`J9$_Yee& z-Zu84x-SACNBTsKXfST#)9nMU_~Y*Z2_d9Tr@|Ob{nm&zD|_Ff<#YgagfXnQ_wSus z_Z}R^el=doqYZLE zqSpqJ+@_?X`ah6F5{y1AV>^WRlWO#&V9iC&?mvATd~utgi0%^?QjA>UO~}|{%S_eY z$&;7$K#9({r6(dZj{(lwHsZX>*!DT38iZ+Z|DyRQf)#S;yK{QWo zzY{S)E!1BZ5_LY~c*JK#ZffGT2Kq8YS%&m$S@d3C2W^)itRkX)v&B_~Fx> zAfh~Z3mc6wNmPr)n z)D4a{s#Q2*ya_xi?teOA415kTp0}>`QJaDN+?DGp(?Qm0?@w0L zMb@q|9|hR*NPMqXcch$~eD5AuuN*fDg|nP3$X+fF&~5%aNBj14^9jDRn^nW@WVE2| zjgD;s+wTnU-2&EHg(Je~p(cRTSP{DWPgcX4$=;x(2QQ2x z{EyJRaovIV3>W7TCHL897_tUGe@*qn693iydC+IY!4N5t{re9@4>|LC8YrxOPcRQH z(P(cBUnwDAJBzg1BKdhA+Q9{yt1qPZbk?|3%~340ToU>I4a8gRT|&K-&`PD(;}wZ1 zCd(Qm27EE0O((zf!x9y|hMdSn{GL&w(T-Bz{d@D^DWump+3QB84KduP1@heWd^hU( zW~=gn<*LoVemzyMua>=${HkVxW}>Q6aL3xw!uNa;tuJ^v1e^2`3iy&Yy;y+}>)l7e{L}Q0s~&Rustm2q za=>M$_G4!42mA98a0*U+7JdVF`*>Zz7df8wyQW%N>$kRdC@e7DIC1!=-xA?=lA|&0 zbGEw!#>C9gT`r&C-6Y9+8~4Bm{f*^IR{s~=@=KE`c4ld$V0&J+P~dMt(Cg`O;biwV zmx-t1&VT~yJGcJmVr(z`P$3B{K#XC#9j*{a1iX&ZS(=AmUR{q!l;vqbrX&bZl=^Mq zfI%&C!Uq6opFMuN|9cL&al3l7%0S9e0$LnDXJow ze;)J&WJ33`VO(OEJYRJ59h|?_K{x;U+5V!Dn}4l;eu{o5+oRgTAd41jkxApzwFR2E zqkq&80Z5TyQdR*n$}jqDA=#_W^#8bWYv=0$(WS*eJKuz_%1Jl@s?jj!6-qU2&4o!< ztgsF`zuzKd8G?UdgIXy0h_SaJs^5^6LYuj%z_bm&Tv}pyqdC`pf9Fn0tH^OSkD$Ux z(YW%{VN`^j58(C5C>B=MHmokTR`>*R8LLg;Wmt0+OTRCuv}p2+`Gm)XiAIse*c=Xf zD3y+a!FO(l)4jTa%yO3-#P+os^>5qJ3KMs{c(}Ep4tcJq_%EW28n<+hLPRWQQmW%x zab$}6gDRxdp!J^${Y?+Of@I2cSqVi?d& zdfW3$a$ayQQ8@`Dbbg@OvkAWN1JGJeJ?u@wrOEEzx0i!RKNU>kVIED1T!lt2Iwf|vUn$pJ2zj}gY+M54e^=!9P1STF1;FISmF zKqI*W;81elzijqu0M%=Vr{1f(+>LtxLi}L>uQu6Btx&f}bqq0M zr}Qx~G?`V;a(?>N^9tBFuN?yl(V90dKtP?9kMwG3hE}wYW!XDR$t;)xeq_GAf1lo$ z?*QxL2yCaVTo00cY_bkNf9Yy;hg0C}a&W*9XLX^fBHra)oH$zqIGAbrQS7tJy=q__ ztyV8f{`C z3t?GImbC?sAhhaE8*&T{u+wD;M8rPI@vuZR+uw`j>eUmhHR8X~Y=I!+bA|Zq0-kn8 zO`0$mANwExzKpwKk5)ioHV^jtaCMG1w<>rX<&nXcyh*!Y?*XdTsC`d+@sZW`lh4z` zd>?*LOvcl$%PvJP@U#TWG3nGTtTzUwA3W*$+;RcF`M8H&hfVMAuV?A*6vC^QHm339 zMZlhjN!@k-1^@{gdZ&dye6u)00O{fGV{p8<4Vm36FU`4~b}se;hR&_#S1D6sxmn;f zz_)4y?f~TNqj#W?-_bM7`mfc&E*ts0xs%0B1>z39a>^SD-tHo zRQH%S)7D7HS2EzAnz0IJe)U_G{_9{cO2=d3O$$c2o7JnrEPKM2J_}0OcZkXxW0`f@ zjvoaHZ}#nclXihgjR+P;elI(#<+#mu@cm2wPuijhez{li&>+qK%N)qdeUC)lHoh|) zF~@?Q6*+R5L7ME*)v=!5VL@3qq6+Bl5ssC0b$m1w+PZ|LTU-p41zu}3?+l3xa|-5= zRBziGLZcjOirjnGGu%FV2M;7rT+V@^W`8*enUB9y!mZ7P$?CkzHKH`rmnttKEECO? zA^H^XRs5U#WuKX3+l$w#T6^+ge8)zdzfZOP&t7Ee)^R8x-NfB3#>oNT>*marsM7n+6LQKSlN&iz68YZ+fV6?zB3&6I7Z|^$Yr+T&p=eL~hHG#c-1qSuL(TlFTdzXw~iD=-J z8#eG;h&~AnAgmjC(`#7X9o6HX*N*)RJSY&?z8La>dt8>JwYUSM5uMKvl6BKCkjUX^ z2qN>t_KGV|>>O)#J*@E9zA9igl||}ehpT@L6W zX2R($zVu^8R0C|nTLIA7)D^qppJNk&MQU$1NjzW{Hn>V>a7UnpiE=jss!3*pPm3;U`+ER#%pC_jrsHp=#TnQ zlg@9;IR4O2X!ii#lA*CbNi$a#bTvMX+*!})%<<-9xGSlr5TSckG{7D zZO(leKq3NyNN%x{4_zL_r@~x4q^2H4WOdVnF1@fKE?0;Et};gE@d^yhw4DwDf|peD zB(KY8_pefAD;9s$JKx6c$03tizo4wu{1Vm+^ z#r*}<18mHDj)KtE5cDm~yfKz>!xY$npPjTea ztl8L?p0+PWM=Z-f(ikORS|q1*^SvPGIwO9Id55K4D;&N^fnO4FjEUa*8ZNFO3N0p( z?QU4VC~w{WgRNY41wV{e9pfOlCbAMA*CfD$)9px|1`~C1A~M`E0#&D!#l#*!$P!juS@tIYsR6Whf>c2902qslQlk*UNrM~^&b&98YInCqU&>#!$oWKsLg zM=$h&*}xHfTS&RxTK8}JW!6tP+b}4gF1Jfp4k=8XzozWCHdt-~FaCCKX->d?Cg8yA zPS0LBUp9Zts+jZdrnYr}Zg5Q3)bpjVZujeuS>T{g6)dC;K($&;+t%A{@F3vorM?B9 zdzvij$4*P?FJE+6%plDNYEx0Cd|)CntuM+QV|T0Knn)!}ZtLzgO|w`IS%+!H2GjBC zUY-ro_@o+>e0v?4k-Jx~!B)CFOESOGF#fnjx%|Up@?pNw@x;o5=ui?9s+3}C+v~r~ z0Rc+{iWhM2_jVSlHhOBU$S|*wWBA!ZqlQi?Oo<^QAn&o~7Q|b<-$WB_-*B5^P-E83 z%0bUS@DkmU#%b#7S>mLw{<7YHZD6bXK9&0!K;CW}TI)fOo9u=#52tawZJpmlB93#w zQ%^8dQc!$=4P=5WV1Zsc)trN^R!1#55i5bZEDqldkUDvz{p6zt`kx&O+p(5QZSmae zM%f&GFhp=zy8L(nh#={5>eaY>2M6ohpYtZqNK{sXXVvr?^POzbP1TRI;GY71K%UL* z9PtRdP`;rGQR?%^4TkO(4WI<1uylYFq_C3gu^gf+J@HR_)Y<5(G4pyx~3^h5WL!kDLd-L$s z)i%3=FcSjyr7fpcF=wmbjomi5$LT99^_OYp)&20EKa6)N1i*7}FLeOvH z=0!{<$}CZb5+x=PxtG|5+Pk zur$;Xm3ECK@c;bBH(UZjld-yXEq6o)afXK~QKm>U+t{zt8Km?_}@baX7q8WLabM>qF^uM?}Fe#P}A{m998p)mWS z-|hXE0NrwwSu_YO>XSvCg_2Bt@Zp5r#utQf7(m_Cbb6VS*x8S6549;t)fJOuskr^h zus0fCUKNd58B?27&(*biljT%1d(A6s?CtFH^~VghIP){AKnuccn)&!1`uP@k&#M?c zW#8#3u|9hAyv5g|I=_u2Y1T4zTGC<#{{k1eMsd##!atm1ZoiNa@{S&BzW(c zT&Jh36o;iv6T(_5Bl^+XEkka)TRBr8kpgg3Txxos&6e(S_;dvZ*mH8?8hEW#Awkkj zA18>n>B6V9YKayEcpb9zdMfKOCrHvg3YIeJeu zHE3Csn$tAGPxb1JiQ;g^u7w2$3(q5S!sAsoP+i5Sc8=+5)H(G#+)_JvYRuW2wGeI+_AXq)FVT zEm#X2as!(;MzByP>QvvR{?6o*>0e_sH9_!Qj4ZAR(ZAWmyAxCAK2SY7>8s2E3Nnm z3OBQ&S;i}!F7ofvId-obhFXk1EzU z99*6YBz~V`Jhfxp{UqZReV8W$tMoNyX4k;WH$vW`WP~1-h7XI4Zdp(Xol~W+xe(+J zLupTbX5MiSZbJz{oOHuD)QSZwPM^KbnP8UYjy%g3C4BN7oCHDv8HJ-VwBk~dk zR~65!Q5o;AVuKQyYRX(HldkM3v$DaTb(xSa>HKvX_dT@Z1ldW2B=zPn^M-NQs!nx- zH278&Gaok4v^T!PL&uIvYMtdtl)uPE!LJ0-IyRPp`@k5~dy#9Ul9|URmETW#JIP!S zr`ztWX6{|D;`Mo$-+fs|gP7s94!jTX3#gmE+aajl%J?+TXC&hhfV#)A>NZ>z0ZffR zgofi;JdDTp;zV)V{9P^}eGm_lze>iqTDd6+=ufbko}n~(m&SAHX2)*fg7NQtibVsd z9Y!^J-LdsTGJC)vfVsMac4CjP#`oWF1aFJfaMv;ZS^gu~B!d-H^+#CF*5qW~F`yhB zD-o~exc58sJV^6_Ol!Z2ss5scY!5x3!@{R$vC_`KuTxR>_${rFicj^9Y}9Jz3L0d) zTw)w3B;GkJ!mnGA;$1%24w?&m^K)9UEA{xIZ`iOr$PvS=g={}&&RDkB6*Gl>1~7`9 zPiKOimG^rqfWg3W?q&W(xC$dt4*&j#h*PzsmtED;SU>A;x?SkUVQoW9ofGLc{3RGM zL-%f{8HC0-4g-f{x`7H!H#ySAL%!|umrEM5n^e`?DS$3AZ#p%}mu(k*MeR@P)JGY- zOc(Y~K>mAKZNaaM8E%=xWS6bNnWj2H_}$Tp6v3ciNPPbZm;Kj#Yv%PQUl!Qs)MFCO z(|f9m>~*W-J0@1`{v~j#p#{!`9P9!^?{(IfY+SKVlij{vMf0ATrO=v|38i;kZe`2q zDuP|wzlMv@Ja6Qgxdp#v9s1x*;Hf}Jr~s;K=$yq1Tld2k>hSQS;7clJzi=|^GQ0Rb zFh|&Cjs4)_*-RytHO#j$#v9W`Z}Gx1Zu1HfG)O8R(a{>0NHo z)*`N1q1qREKQVi754U@~h(xfDG(~a$erX~0QI7&3GnQSu4UPqw3a_5k@&VNs4^-8;C%pqtC#ma zo%sYwRW#zqd~@KFR#T~-U5E#g+E{?%sJ=rQ8Nx$u$Fw2R#SxyhfiP>E<&9W;vA-a~ z!9DLAgL6CEqHv!&SEDRiVL49-(`-4bAx2L6mHUc96Y7OvGrzTOj`5LM^Sf;y^4rocO(>yy_>CS5WS?o9=4ayUA+tpRfZU(Msf$ z$A6WU3lmkrE7qcq<`ep|21pNHYGVZ3u=$mn2WzW3;I!tmxq(%{F(h|kctY+O?u&m38pZh-RsQn?YcAp2u@Q<%w z%-K-c%-=Ekull9Q8^1zCI=n0=$N@BOW6fIR*%J7{vPd?w8NC#l;SQ%bzN$f^*|&%M z&uZoXCiZt4D^We+_6i0I=f>TUYZi$>3wiA|-Jvi)@iwOEsp@+=@zjzQi`-B+p&pYM zhuT`jhk|M)r}=c^u9SOkJ86e+x1_0)V@z2h6%RA){zbk?%LFX&U3_X`AsFZUM)V$q zHx7LJk`LIqwLi!Cc_>u|sah^--nz4EqOC=u!)9_UKPO#-fI&3`Xc@1m4_E))iBkNc zSX#5p9VIIl2_Ox+N~>wopIFI-&aqbB_hkO^o3crh`9*4M1s2Q@OWa5ovJjopUp8w7 z0;wvJ+a=rg5#cdK6-vqL^uGdBgMX^-a+-A&IL9I&_*31;*uq2#iATMQ#Od2sy~e~D z9I)ZIvCuNotl-8wc+cQ9Dtjdc^Hb>E`|anVp-PD_c@4JK(L%(cQB5b>O-v^w3;a}M znUQh=l5Dq&=ti=W>u1j7u#eZ2E2yge8YPJMr{ecsZR+I=kFhvH=(?uz^OP2iZAokI zY^?Qotq~^grX-;tsSy1cn4T0uXReSsH8Z7R7h3RI?(}qQT;}8C zxUk0iDt_K5m7Vh0yz;4W`QxvOo7N|irxq)pms9ZS07>0r-`pX3rZOgE;p7!c*Ba10 z^}*@_sC?kT`gf^}%s)DjrhaZOz;^*si@(S%8or-6Mz$lwH%Ojy>CG#B>~hWx)zoW` z05mSIJlXJ@8^e=rV941PjQZ8BpPiD96|O0Etr5AZH+*FfyPOt&t_x9}B^QN()eUdu z4M|Z8vZaV6*r+No1kHp%Z-!5E?e|ge@=%Kq!SG2zNq22VOD!IeKb+6QgU_~J?6u`m z#}`7V!@LT9E7i@c>%UY|91pXucJTDRUL=hA31QmdO{;O$c(HYU>hTL}c8sHUkNc)e zIzGz+ATf{PxGz94OWH#)E#>LR z9S6KQ5I?lq;gYYUl|1~`Z%axdx)biJMcyvtX?%ybVMQZb=+$+RWJ^+wFSCYlne29? zlefRyoXysXe?My#n8MxjXn5H%TE$hrlGpiyi!o*#Ez4N!mYIM{v493Fyn3UMA3$&W zUiFx@Zwn)x=b_31H|rJa8j+vxgJR+;%f08SGbpkUGAt znW1!R4KTRrAgkqv06wV!fm1N(w0Q!ieRo>@@gDGUOx^wdVW%YfXmz&?!^nPZ;$y`* zNdpo1bCdSAhGA{yU7~zY=_=xuE9bb}EGzi^nFP60ft23PauY~W0r;%7ql@25F~QN~9O!~92ai@Yg#{b>0! zxhGB(c8v9Ex{}=ch_|c3)1FqX7=#*$c@2Z*jB2*)TySJKur@zYufS~i6akD;{#ms! zEp|^>W$YA%SC#m_z3q=@? z$~zDrUTh|SBdX19=@y3W!Bm<_%PloX?AMaYfAlV6F!A%&W@8)u=umj9G<=?5V@2#7 ze^ar1uYjOn!tJg%5eWI*sl)!20&gw zLJp|QFh6vCRrf9esBy!}zB-1QUDb(ttOf)G@2mv;16W$j4%csc8HhNodvBC#hY$yh zbwo>ywr>TJpd4H>le?tle?&Axl?^91hs(@M;z9VwFvF)(e_YF#IC;5J?C*bFT{eFZ z9|x$6;j~G!stq8ekcy`aLf7ZCrJF9jefkXc3S3yN3nCZs!WNZDzV1QQIE&Y;j8q?J zKqr6q{Q_X(fdt`0+w%aZ;lHr70@Z+|b!J>%iu3~B->?(&rm2~THr2G3Xm?Wp3E(5W zauQ(JWlVgkPaG*@JC>COtwByoF(2r%SFBM@pm-+o>4}5cjII?V0Dw$80zS3k*(@5w+*foE3Uj9b&WRH z?~D#TC594Xj%{Oq7xJ41ieBJiusl_+S8JM4^7r8W1AzQr$*od)!5{y>d`p?C#t!8F%~C zNNxyOD7rMkDvs|vs;eR49W6|)NbM?2%_TST-IhTHO5b~Rj2Wjr$1M}gFBbCo4_Hpoe>tlX31cT1pcXws z@jO7$IT6q+;mN86skXU578DDofrHdVCn~an5C3cOQ0CrYu@qz4( za5!EOaMKiCGGDWo*px-h2IWu~5$vSM2H5_L_$L zZcJCl05kELcvT68PAJ@~&wf;x{ypOCL>qWAArvIZmPauXK& z(t`3=b?b69U2KaiZbDa4O=6tVzN-@_Fjj17w*F`~_D^@1;OZKP!lqp#Q zjwbABU74vLHA(1sFuCSAM9CKR9vtv-XI*Hq-7}l=7{^UCF-;WVu+w+eawr8F7wiaL zeM>S1uz>OvvsVk7VV)X|?^LshBfnM`E+0ia|ZZue}cNW)|XRR zz9Ux|Kl|=u8O=vT3&fF@H>JQgCx)&P`W4jqZmC-3a*Xlc1=J*oX=uET7!s`wy#mGn zvt*;TOBEF1?|10-9LM7)CV{KXE9pr49+28Xkl!}o=IYnBb3%(t=1ZUHAv!SdG>MYCfQzq5ra~2S0+*xf0K913a#dT>$4OO^|7H9^0xp)V0sVdmz&|% zL`!yvhag>#D=hk;V)mIXp*mhbLEjw4;(yGZsA<5D7sf; zldRRm*sZ2|MkPis6K%2vl5vp1aT0y#yw8k(m49+V>c8`1PZvIYLU$|s!RhIh7VKy7 zp4M1?Z1kDb=po;f;JS^}KfLfoA?hp4EN-1|tEyQH#VWHz>Y*nPW$&2%FO^3hYwLXL zPsXsoC18M;RMnsFW1xEV2~Xk}WxAjt z^;otvx(%8#D!f9K;m5lj?4s_gqOSo*S-*!y5{Du$heHHGi5{n+0H{+NbTPr}r6Qhq z+ufv0D^V47?h{=do743bgMWgj1zk*-^{e-HufVFnAZb`u(FrSQC>bzw%xAQ6o$?OK zQt-`Fn;2Vp1jk=?)#?g3$H+np&$sA72=D1Ku>)Ic#jjNBLUgsidcl*Yy*9lyR8sMD zh@sXCDLL=XbWG(9T4!v~iF}fz<8+=&p-;WkG~AY!+y**-D?2sS`PV~~H!~hQDo50X zO*KT?&lKJv3=z2HUv89yF4JziRa@Q(V!JM^;sEOhs<(anXD0)wb-xk7U>%-UvIlSa zDThTt4i{Lhvcup_;hFI$HxFqaBoAXuD*kJnYz01;++0CkwOxFo)aPsh-a z&U!3eqncHFzn7t3ykpFg#H12=Hq0qoCy{?m3xfRSwJx2b6lu29^gL4`zu z;;G8R4m(ap7f=&V{&MkQ3-kKas{-u}eBwHv_hC~sKkv60O9{8L4lkWE+iiZZ`Dyg2QNK4D`4{_69Myu^J3G^&I%v3!4eQ6U6>ciCQUJSshoOy$;~CMHbRL~0bq zYdfFD6q)n`V7~n-9seI;v#0TT!!}(U)r}3Ei19q+^ZHkTq1^>+wQ_9Ha6@_B8QMM; zd8M_<3RHEj^nbh`N^>1y47Mc8V9^hkUsbespwptJ7ex4O7kyIp_TrBG(%+PUi@)VF zc+yLth|&1gGRYB0}LLM_9z2Bf(P>%h#+ z2Yugry|W#!ikKu--n|z4_2F|<`|PSklXzE?O}BdaZ6VL1*dK@NJ*dN171;IlUZveY zxY$f^8XPRP;%yU4_(&@1#K3QN*~M{vGY#QQ+k$Bu@G9#D^luTQ603WdS}y=ii@1a;>@om|l0_p93}daI~7K_rdKV zRYkx?{K>kzi#RP__OdbDS~6O&aSfIt2mK5nhw~Dj=sxDJ>9!Q?c9U(Ak4Fb*%6^|Uv} zqn6iX$Dr3-pk*PgZ``|f6-k;!3Xw5` zdv?h}4M|J*BVVj5Zf*If}=^w2=w%Ly|)1}WYzt&1qAr3#fN z7o(eUbz5Gf3eE_TN9dVm4ZD8X?OE0qh^{TP5Ld4j&7i$C1!R8SB*|#6oK#Hf1f33R z>b=6AZvGBJ9I-BkYz*dBKWO%UNHMGN z+>otW$RK=DxpNd0`YJgHbd6YpTg3PSPC~^yW}rUBq`2nUi|Ou)Q{5y0>}4Q=luBZ!C)I{TVkh!^Y+%fMGG;J6YB2y6&pJ&jWWL9{%cz>n8w?hy&f&SaX!Pa-# zWx_r33lZ%S*XWfBg5~{!9osQi^6xiow~&23@V{RxSu1G{PEG+Vlr?1R#*MIKT57v4 zCpVz_2dVGQ>GvoKa>VBFdjNaztsLCl18xV&X)q6;o*k{{7-6?5^q=h3Q)Vrvr7+tg z)AoKh8`P4UK+q5f*xNbpnRDB7>yy=V6hOX$ZP$l<%64+?^Qx{2%&>1k>{V31)S?mE zM9FMhK92IX_6k&VSR3p7sLwg5oQHL8iq`{mi}2LhpG2hwo|mznwYhW+$Gq(Gnup14 z$S0yBxP&zvx$1o_iCw`uexkZjkkmeDkPYF=f1m1hPj_wjj*`YDhc4;yTL0AZB`>{E z0#^n-_?(QS!Lbb1h$JM#5^Wa>Nt1P}=vq|1Cu>)-^KjidaD1KAH+jkmDTjsxrx6OF zbyS%8V?Lv&68f)8hJLq0`$VKzN!rq`i+lLvU znt$|Az}0Md>T>sdrh34aWk{J=5Y&ef*{u7DLmGOl>elH4u3lc1cYg98Tf({_{ zmXoM2l|{eipy1!<)D5h^z1>c3#($a+T?9QGnro06cFqideet~C{2|C-{`C0VaKr@Q zvxK~k3Bh_C-`Fmc;d-*i@f>)#8fzmA1^n=O{8s2LI_7UK_!WC&bLIj=h&OO`FWXYV zdYpd4Z+dM7c@7O#{B(x|^E{U6`L@*ZiFnl_);K7IeVY|#oa6VJ!WrM`Z%zM4Pj%&P zk=|)w?bOqK48ezx+VH@-h~V}->Lz=AGYJLf4+@sK@z|5#IG-! z&yz{aX1##oB6@u!$7ci4?f+=;uBSW)>IJ;p4}g0Wdj=62hz(qw0O7pa1>gCUvKk-3 zeh2-|$RNRYJ7)dk9dn!-j^5`rg&4=VQV|16WtXr2xu>0P!d#`?FUP_#p`VfH;o_T?R4=Ymzw=K*o)FT7T zrjv7chQz@@7JJH03-I#;guVgV5;@Sp_v<0@z_|yg`vU%^5rUCReitwgz)T|yn4~UL z$xqXK_d?G#I`${TGc7EQ=cjMebv+zA>xp8uh_;WW4g3AQt=mg->ikQHY5C=yK|M}; z%}23I|1^oUiT9R+gSz)W#2I3P=E!G;N251^-ZL7;R zFKnx4O$aDV%5h(Bh`W+<^iSYJScwIj_*`eu%Z#8dTQP<_H0=SkJQSS&6EfiaOocQ$ z{CfU~mKUEQpp}m%^_NgKh>|O|TAaMt`KXtW9A(Cg6dRq-qkUWTzXlrK{~2iBI&Mwj z@BJs9rvh*m>b+*S3zg30Tv((VxsZ@hUE$NKr%a`eNTERseP1W-tTc+80!?wem|}Pc zE&@S1G2K=pdRVtqTAv*caoQu-i*5NF=Hl!?W8X9>Dpdn)jKAAXzH0yzEQouQq~E^(#H?{pd0+7FPy_)GuQ0UE`kK^VnEYtP|8Tq zPsjq-7X{pwSBW|8qUFGadAv!A{MW1P5rPNfq#H2dOAD>%QSG$nRxJaH<|9D^)ihrl z1^zIl)X9Gva{dbePTe>lx*7R9LD&~=!C~?Hp$2XmjodwkY@;(pUjo4A;x`sE_KEqr zNf@v(^TrUc*|_n1shcQK`#=fs{{>4zQ>pt4P$qWTjbko*Og8HAfPyN(u8I6_9R5|f z&6ZfGQ)u|x4c@0_zFvYDBtQ{q88S2k4ESwkSRZnba0}J)IG)9%IS{qsCB##LsD6Dy z(*3D*3z72tFdRhb_$--n{sA|982tM93Utc>1f|?Rpf+Ev?JDHsC%Z75bdQ(v1tH)I z3#_KyyaaE{q1?ZN-rYryccKbj!NndhGYepsVzT-IoF!^+#bIPq5ObFkg2mLW%9>`6Vc1@8`vfEz1+0N6f>-cm zt2fffa7a;z(TeX7kZ1nJ9Sz_4JP#XNf&PWL+X(N&-1>2|CfWYe0)PS4r`)VicXY}ip#B-3H9wf(-{xuHaeh1L3U)-Z0L zzwl`X0E6skYgTeU!C-)xyL}OAfYd z!Kw)D+lvji?Jn>p<%ZQG?6blgUd7)g=vc5qTy(5|RIE+%zupYv`gwV4Q6aP*40!yx zh97CE=(zY!0b`zIf>GY^dJS_#fOg?mdi;aplM&B$*+Yjsdf|&i-+E>rmEo?CndyQx7D^Q^|qk8sna1 z&3dg+3*hp*NSA-PD5}t!`p;!DtO^-m;j!8iU;znb0cU{bRh~c%-ec)AS$ zSWzndAA4#NM$@-mu>fvYTRlWg*P75r_!|K888y@&8B#C1OyHstja`nNE4?$vs6R%D6q}*uMr3T6yG;O zopAX355C10haj!%lriC&`OJcCf+ zjS(NGVj9K&w-vr!-ZhD5vq>fRvlnZb(ZOMQtd1ke@!EOu|{oYx@ zsJ$-~6FFfIL3BV|J{r7-eJ!@}ubLDAb5dVIBg0FIjt+wCjH~s1bd|G@>~k*nIw|)q z2O-R9pQo$eVoS>L;PY9oQGk|@bUBVDUlHNB5#U^k;7y$R1w7MnFby*dOhSBSLW*Jt z0!-j#{8N478b#Roz4z_oX8%B%@;(}`7-)K@&Do`LA-g+LQwvG)_EL(<^_JwvXU5NT zTLs%nTlbgy^(;Oxm6!@q@H{Zr2Ua_AwYornA_!0Xcg!$>GL4c?)^YBhR?v& ztFr(P8kf*EZ0bAkAoO_rLI%KCL(n|lxk^x83-&SZm#dQ!FuB@a_G`+%zn+~c7f@a= zVhk9CXv+KDDxR8Vj`OzK-`&G9cN#(68=UPV0yIAWv08b@c6O<{koWJjFVGDyC87N(%)s#WG>tOk@xuesLJHnT zA2>e4C3_?GBW%wvX-RHJTes#ltCQE66^qw4I91ydqSEqr(J-%DD-5_bZRRizd_s-G zM}R}|gWmiR5+=OBm~y)d;Jx$n^9~2{w5aJEdM@9%EsRBvY&&tmXoE((jz!woe$BftUCr^#^7n#%@v4a8Y4 zSz{D&0Z%yBW*3(=#_a;%)729$Gm!n97WBXiD{p(8V#n_E+Q(9Q^McMw)*ihAF2j9t z`kP*LVedZIGJmsQh&AoEg)_|#fxb-7DRqK}B7_ttji!riS0#h3j}w3YiSflkoO3Aj z^*cZ*lXt!VMlNoB!i&t893XvA`sxBiB0dy&2VQ~L9+$G4y$*$;;@5!Ut{(oq<)SY3a zJj1&LFvvFpzgu*Bq#UV1x$*IIDiL-(q0rQt7Qz2Bo5`Hb(Js%vK9qj^jmt8PY30)_ zVp<<>xrh@droFGeQLpzK4_(}2i3DMT#+GMc_Y*SM#f1ZYGPq;!+l-ELPCW0YD67uf zS-z!mRxR+=Xx^#Z8F#2fdw$=*T({3`a=UsSIUS%lR&K23&CEEYe@=r=uq*Nfef_A{ zw|&x)go_8BDtb2|=6$9PTk5C5=n&jofxDhp1~Do>kC)4{*cV@vSys%H+u|7ft%MQ6 zvLrV<92^hqV=N5YVu<-{&;Y}RsYtM{1Qc*B>OZ|$9=eV|`PcJj5H$m8?+-Bi0BcX) zlq^ypuQIqrOk8fV_>p|=5b6oF_@v*fd6_Yw9hA_0xTqY1QuC2y=x8$rVz3zKuHqma>0m z)d{OCN2UO)yctJT!R~G~>YBLK$$oK4(M^V6P3ux^{eOFR`Gn=~E;9&Z|0&nvJ z#iJ5^|0&8&QprV6?eL}^@h}9+a)J1M!QJFe{{PByH|%3Rs=a|sfEKfsWgoS-txF)V zrw*kCT6F>Gw$(EavucwOwMYwb56d;t`JWMogK$U}}MrlRcPm2QMA55}| z49%p^fT323&Q_h1Lwl5Xh!7$oJID1Eab1Av3Sr4^H-%ZxN~|j*5Qcp03rQwWMGU;A z-U}!H0g5~`-a1(-MfPQ8Vt(Y$Vr`?YE)vP3qRkRy)1K-k;kqv)IR!3^R(@|!O^$F4 z10`^1_P7UChbavs$S7=Q2l#Q@9xPYHx)|QiM~hd%K{pSpuMi)Be~8yg88+Z&y2tqG z5$^zzEnI}|DF7hMF|T|nz}c^>7}fbu@pcc;UoyDucZP7Pjk1A?VIT}l$bQC$arKx* zsMzC;q{zb)RwK+3_6z$vkkv@9 zAlT_&Q+@X6ECF;zr)YY;6H!Z!hCHxo36A$FW_E;M@|l8BQ$-QCnsnvuC3LrB0#em6fwftLDfx?Z);o=m(SLr_*Oj!A$5B42AlZ?> zkmbZd7k$HRKs61|rT*n>a@dIz+$!GGcQ(j}#VljehNe*`UrFzNYmpf+7Fed;YH2gLN*(uv`R=}n8nb@0~-ssbiXq}Zno@v-jYGN;}aJk$hC9u36d+psz-57uL#hua0S@- zzzJW`V#cW-vERXL%ypyD4R3JjJ63GOx4BFrzb2zv>SX??~{Ida1r9{=v~V0u$~Sz_)Oe)Ar~{kM(XdAMHQ`n>Ko6A znhx8h85n4ew}&(9TjTiqVk5$0A@>#@TOUuH62%^K~9H|Oc!P*mOhPM6Fo!zi>QPg4VKM2%^dKWgdEh%u(@#H z7S(~h>us7;qcn%*YRY-c-~<_}&Fk>Gm=>^sW3%-WDt}o~$91o7&cZlU>FxSnou7u% z?_E^J&U#^3i!#XN+m@i_a{6J=?S`bkHbVh&;Sl^e&L=_-Qf^en#98qgv&TuCouXq zi`N(+n0fUE^Bdyo$@I(1Wkz$s%|p@`7fd6H zLrSUV!9X|sYLv{sNB(;#attM*tjjr1OX0`d0#B-|^$yKq{yZz|FLCo(7fg0SA7GHs z`#((C#+~1@*NQ;A$#o&uAg0Bb-8bnmGfq2JaBdoe7kcu6_J!OBzl6(j5>D>g{|JQOAK}juMJPgG-8&b10C=}{U`F+Uwr7fBfjJ=0lURF zr2X}Z->(8-Es1Rykxv2~#XO08CA#2_>EguKEDWB7|D6BM3j&Q3LWRvqS(>kB{rD{? zV(hQR1j=VxEoY;YGDIGRb@ackaNsIzC$WZ4m+M>n^7i;4d7e5uXtP`mpFLn&R)kddovDISp%n`HM1we`t5Ep>^e{7rcwzVxWX$- z3Tjt7)q~2WR$WvcwsO&|R{fih%t}-j70}tNZkuC;uCLl533o`d)ZBD9Y0>yZAkWFP zGG>K9fjPA~A*H_PRqHray}q1NxNJn0k+F1(vkv$M`4Iu6YmDY*XHZLyD_`TuzVO(c zB!gV3Z)U5vug1S&Yo(q=Df+0G@ND+(Pb|kTc?+E5^?s@~HZFvfgORn;6E1K85A;xj z)fi$421)#Ws}5MHF)joFg8ApfRz#i~kns0S-`?R;{)GaPV#-+T93}zh8~Yy}#0y|w zZXtgywqYlR#>!pgP@G7&dc4$V*6$wq}?TV<@?+rAc!I;=gSt5vP8@0QT% zpk~p%%6}_fR)LI@dQUspXXm8*Ak@wSn48pTHinD+q~MUDGWfJ1e^j?#xcb(KTBBj5JWzFdN(P}{HSD{>i+NIp<<`w)e1T> zDcXM&d{b5znUY7DG){}pR<-AgM|~a`ln6$1S;FYf%hr!LBx>BMq-dOpC%Rq?1ZYLf zjl+K-^-K5hzK2uRl&4Qov?405{nEw7J9GZWB{K(zx<@8NwU*OaixX@w~sN#NTBmwgczocE0g)F#$ajAE5UOz}EPIuFE2f zxLkp_iYh>e_8kjb8fpEiMG?)45J6fsLks;qWU68g>x=B1*4p=o`iUZrUD!oq?CM_W zdWhy{9je7L89B7k2iD!eam!{O$O@(CfX;Sh(eDgMM;n~gJ`SHS<8>B<^7!us#J$BP zSz7B7FjZSa+{^7TpPw1w!V`miESAom(Es~n0<7xug{@!vv!A#Om$v@Vwep~`IF`RP zmMdHN(_Ry`t7(N;Cg^R-)ST<_WR`FSCe_Y#;IfBqVu4XQ-T<5$WTVfQ6L8SZ=_E{2 zXa$gAW6zT1Ql`Aej^g!SrZK?h1+w)ROTVr;B?T(MSDrGMuoRV77e^-b=fcXK`kOr) zIY+pFkFG%kM95ZuCASu*5o?XGJzH08n)u{ zxzKpch*cquLxto4Lx{ZA^15Y0YdC#rnzuGk0A!_1&=T&}KRp5v!D` zas?4x*Qn4g_aWaj$VlN4rux}FW$GA)@?JV#6P4hFJqvdP?7&MZ_~6eqab^kyy7Dr? zj*_*Y@6-iSi8$K`6kszP0Z>SewCHEfDXge}TvrsN+I@AAw?F7MP)8}?cg*cZc*2g0 zWN+rCQNSI2c;bU>xJWXfS&i)2x?9`HM*uy+W(sOJ)sePY0qM z;Qt~NeZH(3D(8KEuD`p~hu2oQ3TMjixxgW?L$l{+m%FD6l3OCIl%Ueh6ez4pA&sV! z_-C~eexM~)S$BqF$eqQ|-P?oQhZuD1+HIC@STuoA|v=Xdnv}qwppU=mEjVaMZ2b@i4f$zMRpNYc#DIsjAYoq z8yWHl9@G|tM6$q+m-KF+SEpHX^>Uq@`w%(ar_9&dSf=)&!6n#2$+kn+;0itk_8U)v zx28L#zs}hP@^0>fekPog2Ld2{wc6K2%$~Dqyj$RF3Gpgq!SXni!6z)}C z*^|Rd;xHeY2%3S>?L#sW1l{YO>~+i5ucbmf_Far42>hFD4u@wS$O7b91Nc=LC)J)q%AOU1?@aMU+aKRw~ zgTW6V0&_HN&hviN`J_v%M+}5TYc zsNB7y^H-SHv8AtFy#_H|xlJKkZkiCx5n*<1DsJRlpZb@>*WxdL;?QF%8Lx0}VO=?r zy7w27S3Oh={d6g&Q;W$;1T*&y_5Y$Kd-Se1e3!&?bif8w?UCKcFoD8VK9aw@F&&Tw z`m4h<#>O%V9jhmJY^bV@7S>h0!H!U}G*{cSM~16}bPg;f{QIoc>uM!}G6-fo5&D*3 z;RjPFp$svlU_{w*M&P~2vpTINa{3@)1uc}kTT^^bcrj>elTpWQ%4Yf`3WCIM+j>PIV8_8ifsS3YSDObQ^rM(ra5rXJ@opOWB#|LV?7|C# z#EZ(RbyNDsJPo>xaBU*VY-b1A zXqiG_p_|FMaQ%B0Z#C=wn>J&6rgnq?yOq@DIM=;@ag!-kE=43&Y;~+RN!hOzobs<} zbR;D2ynMe2s7e=Y;Dq2^Ipp@P(tB9JuKs4UeCStz{PgWZBE32C(yHPRU33|4>fi+; zcf&vi!^yT^TF98r!OpU>aKBBq%2)%EJ~V!dUkR{6gE-+5tBmlfqOspOLNO z>4XVV-lJj>gDvr-$;S*?iHbKXJ(`iF12>wzQe>^@=Yoz@sADH(xSdh}XLH;y`=qCd zn*>A_^xrWwE|$?sDX(y89^JLW1>X41-?=A_AewyD+Ae7jFW3p`7)n_B&dov!F4cXw zWNWc#@$DQB_365ecjU%Kd8f&}#(b7AL0bQU$dXDI@q$_}!tdmC#C;fiQ>g;t=z8Hn zejeW8_nG)R5daPIY5|N%|7=Huc|Z@^_An{~&;r{4K&&FN)1$(tBArY+)=e-=IJYEA zeH?T~4Ei^}6K%SP@)8XR?Y9_zG!AJ;d(Lmpl$$dkPO_fog~H8plz-rSStjEz?PR^X znYF%e6{m@0S#L!CElOyy(D*ursx$&$e8Y+t#!8$VKB7cJ-~ZQi5B47w<7$We2Pw8C z1yWo+4Jxb}5RHdRn#}Z%4KYf^z)A2zb=h9|oOq0}mJMgb}a<@Sw&e{wZ_JXbTdVpth8{Y9NiL~LIwZ9oZ2pD6C@RoN#B zG)n2h>TatG$Op0Oz8P>?vYv$5g(b(OsK*YSQ)jg0lua+U+;i{{`a>^B#L`N=97njf z!zp&o2=qpiaBM8`z${xxv=v3)TK275J;n0tGhP=B8nRfU6=PUR7(F`Nn>6@4tKLet z<1=yYv7gddhGs4#YhFbDHc}Lgu=17xGe^mx4NKHX6!}UggXkh?_xESnp=HO6($XTtX9(HGUZH<^%> zmX=`oXWyb!Yp!hCx0HDj@AnDtVt!h2CxKyMYW=gw-nV1WBm)0+U(a2xw&Aj|3GAry zY-##{aCq~nY_NmUOC5K*|CT*)rsR%+HIbp&j=qQ6*htUqJBNF^PKWXukh&C7)@4x2 zQVgj8%g_Ar)gnfgSDOZ(ZT|s_&JFq37}$-#?faS>P2D|V{-p>-wa;94#{GnH6E2FH~&sLUP<-f(UmSOK080b0EfZ^_7lH(qJj ze$cxby-WErzjrN5%|dQ8^P9}6$MT1^()=+}?%o3R7c={GuDhP-p=e&~nFhKJ+7vDoYB+_MdiNeIg)7kVX)t%9YytSkY8nqA?XL zW}SikCS}dISiaWeM%@_CUZBGQ0kbA9C}IX5vyt>Ik2cC8MV>5xhmN{gdx6xrvc9ea9h~xb}-~MKc-b`3K@A&AfL*J}@rAi>30_eEoPgO#(p!E%G4DBWZp03&E7vk@-QrBp5 zu;OYPm z5x?!gsI`z3>1HMc{~a0=Nl=&uvBI7poaQp@v@xl^T7CI8XeLp?TWye+5vj5I zTi_enmRDo^?K`Z-G+1|2+Btnl+xiW{JY*p$rLx_Cgjl<;IM+U(yQf=I_Q>3iqiySS z+jTF57ZQefF_~tfArOU_Kt1+PGC^d$*n>shUB=;Fq_lg37*;O8k^A$I4m^j|&i^@F zpAY;m?^H7pRtKm=WpYm;!}91v#IXG)SRwie<7tsiWhlw1ql5_5Nz%4)-B{sOAAEL( zYUHvtoyPxwrNAe+Lk2NCk-MgfK-ntR*Tcj5@yQpvxHA#!SFY^)d42Q&3|r zYBNn0Uy{T~7y_Glgar;9egB4qTW?w&bJ7_vl^I3xeAl2dsx&yp2?eZflGjxJ&9U*n zjFx{K8(FGVL!73hyf223U)|jDX|As{M}&uCSy1-we~(66Ok zKpaBAdCpBEl|--wQ`0U*Z{^WAa4y8OW_^m={nhZN=>5z}jhpDg&=cj!>GY>o-p6$;+ewQz?$GI25GMZ zOcLjxFRA*53jZxy^KkQS*)lIkP0VpyR?|^Z2n1Eb8HGGFmi=%!gw=H4*w)ucP$fja z-%e?rL@0!VrVQ#-&_+nJI|`l9XJ|{VFMa#iI>RKE~$8pbaci zmaOpZ*;)0PE;{9(EmN=9j5xTyAdE?m30gd7O@zJIrHKG+qFz%x;Y0(XTAM4AE%?J> zYvSOw;mxnaCgegH4tCV>%ov!Q$nwHOJPtKhtR^JyR~+ut7C!vt91CKj{MRv(C=R0ESL+yibuvJpFdbWF00%ENjOf@?~pip9zFmWEk z2}18E>I{N}Y_otIY6NBZ#H$ceQ~Lh8sgjrRNYfp=XkDcnbZ%+HtVr{1J~aF>?|EiJ znt-ke!=Je>=-{1}clvwKkxn8N`Rm8p{{NbrJLtOC6x|#L;qpOOQtrKz@$%GQ$qfEE zQH~n5(9j5AxH3>ejn5UGZg6b>GFf)=LU6t~wrh+jLf}hJiCWV)V@g@8AE#SdBG!rw zjwK!HCG*7bs;U(k#$IJ`6csK3 zdW;IFWPDWA-6u$1k?-OwCg7j!Ll_ddxT-9xD#TSZ#W50>lEsj5rHA2GsuBJktwSY5 z-P#Afq5AjSdED0f;!M!lI#+D-_A8_b6M#zAi{{+bgU@WC!*~B_WH6)C$QKR`)F1mi zRJtV41?0@M?@?r+z4}zCI7Z5hACt;Elg#{?LFS2Ix+0C3!bTfm$HJ9$8*SQW9s-q1 z9n=sZICBz&4OI{&Kw?eg^mm`fqC!uP7cJ z18ycyl3Wvr>CBNmN=7mG>&R>j!5QT25Q zpoYHXa4I#)vX2_ju-$#GN~G&u#iEhUec7^wZ3z3qWh$#2o940eY`W6(eMazHZMxD3f28_jeh6Q0stx8Vd#G9bhIVjQe1f2b zh4J=S`On5F_&pPBq`=kf<$oZNr=BgCeiMD=5m{IfTCQ0c5%T6K9t08uMumcMPE(&+ z8e=f&&lbC1sfd-za@gtmzi^efR8rDW+2iW$mtmpdvs~iyD|8w*rhi8DMGibgi=!?o zr(dv|_t%97bxZHj*)lXd&A~$!G0>cbsghQrq4&xiisYJTc&prFkEMbk5>2Rtg+BWx z84b$Aq>_Z2zENfF{7hbRjzDdr{UzA-^cN#)11=n)u`e5srh=Lq7-j_iw}+ zgh9VdA-M^ylsaN9I?DIVz7!hes@$oOL!xAiwAnQkMGlv}vT8amA_kuoB6EY{Xd&gW z#3L85c4jskT{fxkV9kCQ4vQGY+_3)`!_vg$+8HnP9{HrFEYHunpH-$%uX;kk)*-TP zk75^XQ&p3>{K_gnC0bQ@5PTCjAQ~jWEiU7TwyWC`=yhSAq3gd|oMr+y?*Ywlt9JlP zQZWgIx1bkX%cX|e7&n}wqi|b^UGNKGwlxm+5r>F(DZmzWy{tRQ2S; ze7_;Pz()-tCwaXI_WT>2+;f(%yXQXEab!>aUFVT4M3o0CU+Ws3-~PxEK38ka;^%pJ z<9lE?3IvAu1LsP~&egiqQ=H03QFDr^jpA(cTq9@N?CzJYT*(LIQ<5yPrHS-+7yP?p zpb77t=>ON98a%&NzhvuYvb30lnHm-&@3zNJ8bBV0e&!%6gxaKNv2D}qKRn`yQ`UtP zCzDFtZB=ZL{=Drbhlmu9RAF@gb55LS@#ntL$S`f|Vh9XIh=-A8y2lEE$wF5Klp<>B zqQQ)OelU3EjOa1kZ{?>axT>3d*!BTZA{#t0*P6uR8JzJ+PI!z46X6Ov!vawwBc&qv z;==LYqZDYfgv6IF^Tu=`KKr#ekKa*e4WzUzbn2(iuZ+H8VmVsy@mHT$CDOQUrxqNH zI0PC)BvDvbs7z2OsG8e&Iu&n7fhUnIoaaZAd+zR|`_Ifepq1u7l9uge{R1_?3KVoH zZ1^H^`ECfG>N&ZlsKuxfbwKJm^Hn(L!_>?A_s6wB3{3&G=EjZYs-SRqN*mLEXq{m< z0T5vrB}10Vap4U5(RXX2pNxNI`I_`3$Ty^E+-J-+=kV@n)7Wf4PpvGj)&5f*&uAfv zdHclGm)$;BiFV}fzgK)SkUJZQApre~`V(U2$yfe9M4Iy${*mg;rfN;)?;rI^y1OB- zg>tDoejWJPNMfz|rQgnJ`W+RP@Z=iPUxBR>8bJbhK8{%5U0^+&j;N?eUHVj!$;msft@Dxy#@2#!c;8 za@rj}+_8S%#%LJnCMSwdpjoMvf4wVan1sG1ycmGiFDjQoIBN~I3uQd_y{;4QZJ0JBvy(+qogjE z$+WqTui4VIgw-RD#h!qeDwdd_({~8Xl?Jk}%aIj-^8Kbi*NdQ9u&xQysTEr%A!0)%LSUwj)!FR zTWWmO$>&fdENRaul$iwxZWOI3`b00n-EAVLFs~ z-Ycf>v{q`6Tlu4}tRD#f{b?}i&sORUv;yBxI-xkP-1R4#^_?h)Cf%Uwn4*%+4Zjh< z+YQ{y%cY>uv43NNitC;6Zu4q6RI7ohhF(W_$bzYxN=!ARvSNteRkbkFZ0S&w(If2$ zxt3*=>^zT6kEmK)j4!G)npHV)D90XY|0)4W}f{Xd?* zv9YpnS$fB|ZD(R@c5K_W?PSMxCKKEC#P-Ct?MysLCU4HY@3~*rFX&ZIS9e#{b(RcD zTDx;nni=Wn$&Y(&*R)%|V|a4Sixtr>4KYLC zu=2ksw=&|%Zw>O|K4FQRHFs_EOQpktYLLq#c)^GWLHJ1zGrMtDbTASXPc^W=j-DS6 zumS;2zwBv5Gek;RNa~=;#RC;lbs+qbCajra(5aRBQD}ts<_Wc=Ljm6nZ4k6=ur-So zVez>={hJ_iJ<#()3L_<#ZX-TFAUpxH@j z9NNb?^BaJ`3y5G-pwgL+3L%NSn|`4MI3-MpKS<}K2zp4B=XX(jFy@%`jZ)n!b<(&I zIl`*zb1U9y`#}o78?*KwPUDButCJ%bJYNR|I>-5Q%Te62Zrqj1DD8T1a7eT-uk7Ibs1n{ zpEmm@<&mQ8US{!ec`at6#zU7$)IwB@DmA&_zTkoOS3c@UPx!5Roni{#D5psqUAR=O zk9{vYH5x`Phj@H+DPVHJ+;u2LQ8LWV4sjL?CP6_>oHWaHu$(Vu}u^CZpQOq5ff|ZMdiulz^P?0=VkHfP((5XtX)R3^7B^Lq9|1L$j)ibmHXKEWc&e=BMcc8PG~f)#tp!6iM;!^ zcFLP9N-Y27EYFX$15CfmO{veQKbS*zwKq%bBJ7mrdQPIYIO^fEY5;|s{?tM@zVF

01DhF3`w`P<-fG_>kO)IAz>#JYSQQz-C9rwJcl$I`XJt>iF zk7+^6bBkQQq^+ulaQKKyz;wI*{Br{=zDi+D?P$Bwmx@;>*W8e`M8`?TNK_~0`sc;H z$z*KQ0Yixci_B&dowxv#xyC_AmNPcly7<9W(z<5(dw6yy#0(v&%8JZ1Q!l?fm?~J# z_bk$jW+zJQBgkF;M{l?-S^+hrBC#ZGnMlhaGvCJ@-dCwWOY8rT(#QYak~181`d{6~eRD}8 zJVO>~t#I}`mx#HOwp|oe!Is(gUxscezt#p~PayJzRNsnq_Q^>qw5G~qRte0BT>zEZ z`^un{O~}1{-Q}8Fd0m}U*f!mVJ;4m6Qhxw`k{dNGjRW#rLNSinTLy&@fOrd=_9;8dS6)k^;*Q@~r=YvkE$+LphV?QjQ8&Q#kONWS$ zrW$JiB@;^8chnXNh_r-z`hkwj+c{uROUqaeRW1kEE;gj6MNUq>_r-SX6qTm>hF15j z=iih}XUVluIh`IGJyfW2kOhXPV`Cm9T3(h}j~{cN+M#kjWYsr)tW48&*> zTP7aXjN;qN2>S2VIuBgVb}9~*f30h&6Qn+{@O?$SevWOz{KaQG3(4g2O`L0x8Y8?S z&=ei@7g|7G{#TxrN{8rFZ`CK_kX$^kz32v|_CV>-*&%>k;_q2C27gx0Wfyi%+Q6ix z`{{tfWu9KqfG$IhR^}d^36}M?-JW6RVuhuD{vAh7ZcaoB>`Apnth#9$FF`ttSdkv= zEK0Pq94yZvLeW1QbGFkCq45Jb9#mOdXIbMIhAb=dM+++-GG?Hgl0JDCTTcT!~3d>|^l>M}RDjO%pBv zcL8U?gxAdvMdM#0mO)@4*R_esLtDv!=~FMkaNK0mP{WkNrj*~`j_WUV`QMxWOMUvfm2|L-=NgN@Y>K(s2~=Tpkt&O^AJtmaxNw|gXQtDT+q=M zyG)N6!A-IXi_vOnwhXLc=;2O+OD;sY+@l@^X-FAXe|hRqwQcEz3L7b{B ztz|SxWQ0AJIt?`c3rGkGmO@;=tTeDdL|1hUT+) zj-F(caPBH3`l=10Cy5fYVP!R<@FvU1w*ZsO{@H#$N#XpD{Ur>$r4@tUwnr$BvcPcV z+I*tal~b!)OXQZ_RNcRzASiLxXgP(n-=W|ff`VlPx?HzDx%s^QgcjUGMWp`HgDEoe zy9j4bIZ@%e0zBq4;>&BQg4u8ZthhIaX{%7aad;fofljlo{MpTg)joSO_I@|HPWt|CmR@*lgiz*+I#ENbXve8Mwdb-x>iMak^lFZ6mwpZlf@g;fW z)dVS{QAU0Z#M;m~S$G^18+1Z zU1rQiS}UNYUF)Tuse&@Z{Uvb66A49dO!ViNXMX?`k_~4`7oOsNim`*wPo5e~RC1KYL(69 zOWRFydsaEXjvrzPbN0ZB3_)3#MZJ0~jL(y1>SBwwgCER8a0i7R$DuBVI9=ho>oHV# z@VDmCn((Wh{KQ~^jFL3G)RP_3GV!I2qSgS*rOd*LhLB$KJlsr}`;fC3hgIV9S4Zn7 zRT?)?*az|9ZR z`4x4PqVl;`+=cxlgFOO%{9u?{=te{BDRs9hznQdTX=JzcKD2F)krm1=>av|<#h@1Q zF$|1axc)ouJN@gxH_33rs61=ZU?uO%Tr7jfD%8}Uy~0K&wwEy=>O?Ilyeyd389tMU z!s)6uV`W&u)buoRcdV{mhk%4JL56tqzE-Zt()OQbf^bCdYE_&kfwsM_vk-@o492LjBItd+me_$*fH3UDFoz(=hj@ zn9=vMl_VV|apK+EgzIVMUCj!Bc^~)9EHl7R2BJ^?WD>ewbDJJkPhaAc?c^VW-%40W zspfJ-AgbMWOR7IpwVG5dlkd72$&eMIUTa*#1`ZN++K$$ZpWn!lSl@)GFn5&(s7<7a z#4a^#sOpYV@Zel)`EaJDIdGj_sB0`w?4J4FjB(t<;IXIPFh7yFjJ|q1>zVlfMkB=D zJSj$)u9OV3b*z!c&~YW=v!vJnRJavlY50a|tvER3g6L6#nba8kgt#mg_@WwoL)j7p z!jdSByEgkG6KMw|jkgC^yP}OSBOu~e+2t45rr^R^pmD>7tcEM8f<}TupNk=3w%KoW zZjUHU@#w;a1iMYW&&rxe$)gcHFx$#7QZ#qe}igkYA_Vy!u6q>Tq88)Px2E zhl%fP2R47EbwNpgyj5?g)q?E(XLvKBZP3|h^+^}OuQEhsRlxbpiyh(9T#att05HE7 z@i#q!F`<=CgX%8f{a2#u&(|R9smw5VU1(QkG;K|!d~k=jw9>6FNOZ8Mb(M0rf);(c z837)QlfI29;_H_7TOrm=GCV^ihmwo83UuI`<0Sh|O9&LgK!HEGWJKktQsWi9DYvg$ z17R41#_}AjVp~b{u`&Z6`npT9x5scjY4NF;-)2a-{E(>%Ojd0dmVNUxDD~F_Kq>`1)x>qgXVXWzF3A814YF)`s9mb!W-*)d+^b5%z920s z&ir_2q-3H4hdUd_+IDsh5m+J^)<;H`m;k*%TGHq^)X0%Ltx$-CVhq zi4rid0b$syIZ~U>pOo@?sS$yJ zMRA<1HV;YC(~^RPHw=ZjIan!(pzFhgrTlIaa+- z@HYkD7G4}Df*E9zb|ZBsSN>B{j?TdxD;8b+A-deer{;qEt4Nwa+f%ZA7$(D5H#43C z`2vFjm@;0bV2{2GHREH|QsQzySv5Ug{nyF9Gm9LQNMhC{+26Vx`3ol-etYsPcS0XC zaa`slohYBKujyMpo!f#G6zagUDb`b}#rz_J>kOpvwmwiGq-IIoEixv0jQAKAbn!0( z;Agu(!9g`33YHkc;rrV&SIK8(wF>xLv~X!qGS-d;K2UPqov4tyfh2{NzxlX^5XxDv zf`O}ZlGnb?I?S7f_m4q%Rzx-T2l)Z9FEf_e0mrv4CFh`@sY*}e&bU>3t80weWe)vd z{9eciM5Mw3!DJp{m9A6PM(bY-1kbSl<*Uq=e$UPBAh%Zs`oIe4<_^PU`oNamJvSmN zOfYUSV79yR$s$Q?(5Qa)XF3GemCot~wd}f9G5J-k9%?{O4G$XxN22R9oL} z+LIb29tyZ3dPPpAoXu_gUIfOQ)E4;d&g;N2Yy@wKNv80q@?JVJP5Tc=gbHl4DkujR zD*YHX1w0k9pFJx1%gr@U6Hu!VG4m5$EUcVri4@qVzMc)+A(LAtG4Tu`O=Gf#W6T~U z&*iTLW~fSO`s(NW_;ZYP$OP-##!?ewY#2gi<`(&st4fwYV{(UtNhFaD>iCG(NxOtM z-Rm#H6&-Sl_G^ttu5lWZmRr%Hs$>rPY6qOB=gKATy=+Z=4hNMG?*tvEdxJ(IUV?lMd6(`-R z(5nGw3oc)aBYlLo6v?1mdX}Y}T$RH*?skzQVs=Brv?P{qLH$fK4iaaa!EYHUl{Q}n z?>vS=DQT0g=is9pm|bgS^zyi4lo=tBunYg3g0~ImN+zy1vC85Vcwjm z7|Lm2O3Xwrmui;75Y(g(qyub;l4>;jN8+N7`3XI@i4r?C{Ts`HF48F_*vFhHfOe=| zCtake2_5RZ7~OsDI{W(ZjqB@Qr6J-x`8K2#*QsMt@w#JBXOqZq1&F;R@8l2kIXGXv zU49JRCM!q#)!H!%%^85}NsgD;yjRrN`S49smT2&AyQB-1ShGnfo+jH!_7!_mB{_5U zj$@ys2IR&Z{8q|5ks8O%*ml5T5N_@|7|pPA<8_hJi?yK<6zcp-YZ5870=Pat4M>3= zl?n=q@HO7WH42_aqR6X*=oH+UkCUxMbL<)@3x$g(Qo{Oce@D=?n=40;wv#xzFFTb8 zy=9A{DrSICx9Tlk$A-MZeEX4mjYp6z)lKzqodKF!{g+50ik8#^gvSp@3LrAU<^^7k zi3WJ)p=*&QUY@jIxWY-^uqrbk>Uan`NTA^N%+`tuC`%kT2;MrKLNH`WNz>kUrni83 zXGsMwqPY=~GjXDHlD1+#=PA2_& zQ(yl}AI?wgzaJ;wxQkM?2-5JyQVqP%P8=1N zzZq9I1L>EEv+B8rY*;kVu`8vNBEl4j!Y5tVA@Z|^p7CXyF~PRboDJQ-Wf`x{!CanG zXzJCeqK-vfNRGvJ?jk{jzT)bsPiYuAQBCM5dBM^eE$AhQ#&iS`;+IF$hmNC;S$Nww z;D)v;Ci23X@4crXsH8@?M4{ST{cPxFh>!W{M9yhSVke8)nK8E9WA(2anl#4@^3^vU ziKPj$bqxH59paMwkM7l;5@j=1SHS$lMJ#Lipv#~3RlM-TI`&b*47}qf?-KuO2)x5d z2=5$LJ9s2l+-ka5!^#_bmFq;8>(xMw>rq^F2or@iAouE#RFM)mDW+5eh%6Z_Ki&Ul zpW>aMRNd3&1uL;^$0pvjNGvgBB}B5%h|;R2i@kb|SnX%0WbHOr6YeD@g! zUVMm|fhd!52#IN!Hk+OOyty&2?E$@5fy&E<<)TLe`?X74(;P5b>%|iWJOl`uPts5X zMXR0X$HSQq-d%(wwX*N977ax!lCKfMuSQO{mO;FH7`i)~?L>)-q2U|JQ!rAc9RM%S zJ($Bzxr=$#-0KKG2=3l*R=o>{Q(`&JsbutAAv<@aWEvY?N@YsFRip?e@}xumgay-~ zlg?MdAtX~E5cTy7$owPpwJ!be{I4Qd|Mh&7ezgG5vYw|5W69v|z%hZ3VMY5Ce}BE! zglWx73s8a$<{^Y#R;jWo{*Iv=@cM9rQjyHbMMG8=E~WKSUu9h)X9!&;!vVllCRGBL zZwN@;l{*MgbdKi~cCnqRpJYvMtlJ7?9?O%gIodelmV|uKm|Fsr4hOEV2In zf%l|i+TfFI1i85Ey?7qocA%g~bD#%GsQf6_HTPghCnBIzpEWli5AR}4Yf~Q=jy`v7 zjY#|CW5I1=Oej~^|zGa@roqB}-@?%{mKb+i_|MImDI1nZ(a zgF3AV9iLHiVA$)i=0mCjDcH4D`1ZuKhdAn_HE;3PG~biI&&p4!D6H!4L$|7&KQB~VQ;Lg2yO)G)iarI7q>Rd3KqiyO$6VvCah0$ z@C*8W?l1LV*576TYQunJ&UVt**X2m`G`Qw$K$WOzDsNNgmt8u@#5yNriRZ2EPp;fw zGmEq2*7gycN(Ka{;Em8R$B|hBhYf;O@IxID)Vwp>E(s~$u9x6ruTzM{fIB^Vq_~-&AOVGka-% z4Ti=p9ZNZv5DKQmmJkMBaRsmFv(|m9AgJ{>uikUlTOoKLrVW;zxMK>1}#jB zv9n4^XyOpy19WI|hj_PJLWZsu8-b3(c_J?PQRW@pm|y}(k-`JdB5s&uGN}t^%tNQ5 zur6U`2tqDKd7*#}zINkzz9-;m=UcelhNy(d*5&3{^$@rEgW%@5wbMq;=n~S#HA-Xh z=HV)koaDW-vmbxX$pK^7LEPyWJPQoXRP+7IqCFjVk(FF912B6c@-v-7IaKO7qE&dD zn7;{BNLu6-KPCgE*2XVabieTo4^V z1o$-$ntLv=meua9c;APlimFA8dg#DMLivh|2Ktcg_c$r|M}*QPGbR2L)J1PY2`gXfWl9Ml zldKVO{Gw~CxT>e@kAfUxWdeO!Z2l{Yd?DSUZ`2_Q^X5QX-Q1P+45Zh_A}a0#{&@?%z{{Z#bI!?4A$= zO-5fhestE5_?>|9=6;`WP85QK_J9JIZlO_LT03Qcu>DuWoF?Scbnb#NXtLwk4U25& z#P+psgF3IN==x22TCySt|GFNl)`I&llL@nG0C^L-ylMu z+ZU9wBx1O6moCi7^)0Z8H^Lnq z67<6=sabF6P;%6j3BDATe0*~W86Lt@=i?_6arLVKCJ6#EPsf7BDJ0P`e?f_lP9DwT zH!OhzA|DcVxc%V%(yQcY=RZA?{S6Pv&2q~QC)B?cryN%<_%!{BO7B5y7{g4vF@r0< ztW^(1%}h(EMm0fdkgt>GFhj+d_2U^djyXI7&&PVv>ao$ZO^dJM;p#uy9_i{ypkLunL!HrU1Sr{*3+r! zEX+G_666oboBc*@!7i+|jY`XQnU=?Npt8@2xWZlF7TC8JtfdT!Qd8dLVgT?mB#LaV zmC?8>36;|2FmOwzgelk&G2?#u^3(|Flp74mA?G$*hMvST8{VxBc(2osmHS>S+U?T| zE`;k)i)7LHHduT=p&az(ypFlC)Oqb{CUL7vn*D=2MK9x4#o;8JFJLmj=^QZ@YEv1( zWTj6{VG&@p?5F|kWZ*N7Lj}b{aIEvSuc&23w@H6lNYe zd}Bjuhv&eva^b5t0qe{8CV~rfqE)s!2crE|_**7YGYUcW_sEAo8Jr2Vyv-EKC!$@8 zJ9TiJSxHB`rhP{ThBySLtHTTn_iF)`-QuEe2{yJ8Dz~L~XT&+J~ktzEc4wuK>`6~iwOSh<7#h*ua!wa2+69x*Ieo`sL6q3IFv5g|qZ7K*U- z1<4IeD$mAJE+A==XSF`(|J-i;_}^JrCtuITP2*QyiguORuAoClswJQPbmFmHcy@p4 zxT6&lCRk1J-HF5W70$)*Clqu%r(~kJg08g#CmJzIIvRMV6;%!7EZSiu4K^gND4H%Q zDn?w}pWNJ2ZzQY6M1de?736afiXtZz{$>(=q6O$#7TyJhU0NIk`(PA!8B-AvBh&*p z&3aH44n4 zYvEe$^;F00DX&BRF+w$?rZ%|Q7pWU}MQ9E3^ZyvO4EAA~5#(Viy%2;6YtQNY+oN9z zDIHZo%feNQ2nj{}^AO!<(F3no)68Q6CXZRSY|1vGZ;T z&yhpEG6FvOfSdHX#nF&u0e^pFc5RriC4NUDdrcgTIHad2xZJ)VuYt65h3z71WEccI zo1YKL4R^Kze8v8k#7rGr>Iz3d$n~izf-*@s>hCxbu3UjeOj+7{B@2AiQzl`%JHYON z{&+IZ$xe_96E7jL+o``cJr@A=!~mH;H6O>~CJTQ6oxxfj#|88I$JrDbu!|RbtV_IVb5!Bdj@Kd-j=aPsMGz%Wn>Y- z_u+uV)ya?_z(Y!Yl5@6-8(kVWVx0DsHG7MvuNCoHVuwUNE+`I z^`c<0z+$3MB`g%ejpAHWMt+;2fA=y#H@UJ9jLJ9_KQ4t^lG2L9d3YGHBo!*Sfd+p< zulPwcUYvm1W-_r7An*7;gZ`cm##r|ZalducdYzkuM*f6Znta8Yf2nV;h08xpu<4YV zU+t&0m^f?L(pE$p z=xyX_`8-BSqW_k1EPDl%?>$Qe5{sb1Ip3-NMlly$MOuSuh>1We3BN?=e*e7ezUnyW zsN{g3SUvey_pDE}^osUd0v6RJn^j__HP7;9sfjJh>=MH{g!zI3l9d5_^nMvD0iOa<$sQ>O$dRY6K&xLE$a~5oC#or%B%KxB~ zyXUQLuhTHeG(dbgJkaXE;3!u7vuC2ye>mN!-}yc2?oB?62||qwmM1Ei6c?}Wk4azX zF2tA+2K7~>AHb37BK40}Lwk(*AWn5QZ;?YwiZDXS8Exf@Z@7G3KfTgV@^RE=g>=Z{ zIWiQ4%dAupF$sLaYF$FYJM{PJWy0T zOZeo6fWi;L{q(^4iv2a^B}g3t#g>0svHqACd&SBTWNv5br5LXVg09Gn(N)&7v7v*% z?{6}skz)bpxQCA8RKysZ=(CgAj(A2!VFPu(5q-vNGZ1C)K4IwJI*);_nbE&15RjLQviOH6px`zoV*XIRZzLB%N-eG=@ z8K_q!9a_y8c*|{$iSg5bb;hFDP4N;QPCrN@R#H~=?Mq8=S7IBES_M|OA6;*1?NDTE zEo9t?sYh!(3W3k6M9W-wOPC1N(05Mq61($ZbW7$0g*lG~-*pxK4X8gc5nST7yOcRm zdwSKR>!^jU6p&~5hneU^CXrNP)A%%`uHM5C6(;4i1)jQkk!<;6Vkqd%gQ+++9lRskLP3%5&-D9|a{B4&jj z*hFZPM4EvUJ99n9Gm-13hLGosuUX}ixVgL25c!>M()C<_^_n;_-a|OP)ub#)23J1e znpU@;zlJ=nkN1v3U))aQw$aY-&|VOO9m}W=)KZzac7EGe9%Q`jxWJLvwKIcMUCHLf zK`)naH8H8*8Ol2A7Iekc;ndBE954+RjEx_pBX7>`ByoR{!wIEy@jja`|JF~=2hr0S zQ45cn3|FWTwsQlA*f+EgoN7|baFe|!JAug|7`^8k|C-g?-XYF1yKG<1Us{uE5 zu5I&xinMzMgRN}C-4pgk=6gjaU+Hu#;Dm-E?cM6TT)}?8Edd!$?J? zF3hnm)gTb&=qmo<=jAw63By)=voF;|FS#w}U$T?ymonFi+w-Z6r$aw6x-jsIe#0rM zniq)p^@bzQADn*OcW$@vep@P71WH4rK*fQtZrai2P-=uc;W;fC9|(_I@i3sCnH|~8 z7tc~ZwnnPZwoLuUuZSY*(d71g81P~H^{Yd)$XwxF$RhO(+Wi@NvtNtKg43hpDXYG> z`OdzkxNG+C@S^V<;rgRN6C|iwiC&d1j;k6oU#^F_B0j8-Dr8GdJ(KHA)Pha8UIbM? z+sK{0inE+;y+u#j`a5YW+r6^?CA+;kZs=tetga8^qf_~3hOOf6s74r}jQFbUV3Q^v zb=p=?#;`vP@cP0LGTqVddBpS6-0#`ey|DgvZ8D^enD7RK*;NmkZU#u&%QDhpi11`^XXuCuGh?%JNZH83lEUj=KedXM}Yimx|%|7b8t`0J^X zR5xV3?@qVrqi?(^Dmef9hItBaFGZr0mBxOTVWUrg&eGbK%w5;g6tbG#&j_dA)py$7 zl0<5jo9{;@vt@=VP!CgSNggFiyaD9ypdo)BHYcQkPlxIa@ssp28HQN$LNR!)v66cp z32aR*tLmROjvx7~s;Ec=1z;p{(OZG*(FpUwMKY&i#2Gv_{7qf?@OIMBj{=(BETbPQ1Ep5|GO$1a9&X}7i3)lM=$bfm{OfcqI!8-N5@2F-*Mn)0&sUv=x z$uW-f#ekaWv+W=3^8N%?{s;tyDv|3U4NwzQcKIfDUs!QIDI#=8m&<;i$D1NZ8qaKi z-NobZ>~7fm+Hto>nuT$T}82fmfzK@ywZ4@j2A?B~X016=kA>dXI;1sNs)6MmNenk6kT%$mxJL z4~Ptybu=$9Yltmj_o~PzTG3T)vl@s3DW&eB-T|Ik9&|jyYF}I*?nZEB&rD#x4205% z$5Bixg}TOG5zNx+TBi?D@Rh#}mE2*bMZHu!A&?er4#Ll^$L{lK(?Mg%SN0nbZ@iB` z+YEnhx}89w0BJDxw|59CE7T^=qa9W#I_ruI~JNt5saZKgc|jVlH5?SKYzOEDehv8QfMzx1Vp2%KnYY;v# zheFb)>Ydvw7%tq(uXR7;K^e_+2_BF>-l1%4@qT|BU%SG{ycg2lO)7T0 z7aQ5=mCgx)Wn2iV6c3ucj49o5B4UltA?BSD-&(nPG07^mvDmOwu!Sy9S4mT$3kKQkSYCq9H_7Tg~~^Lcrn*yLz@m%i%%pzOxgMP=PaV;oLLkP(9$ESe%mo=e;@$ z>DXRkVkjc56&Ta)3ZB2&SzRp%on^UIg2n0(+E;fhU5$1{QI}#PwOlo=;|)C(OrNh< z{=K#3&h1isS>co*7ml(>jNlH^Y#9!vizI8R17O`4uhF;vV|VlKFFQ%Fyk_sYE{>g& z`ICbtEEz=k7_Oqw?!pZ!jGg@{Uq%SKY>0V{=K(y>=tXpPKbDlCtMm za9y%DOroM;R%TJY)Hr=B;A1+z_N}9iUFbFLX8Yy3H})prOT%CpG=X^fCJznT*}T1B z9Mi^T&8+Gz=m7q)>Pdl250WVh7~QRi2GvzJ;qhj7G@3=5i3i%NH~hgJtAnIs$rh~1 zF1}E`ISRqC`|v5 zrXfzpqruH(W!#p=1fsWp_5Rc+G5@?x>r&1)C&TBnfk*TA78%rqkys13m^(I>y6!)^ z-?kpZG-gY60R5t47%sde_FAsw-dL{!_xn~)6eo278k?)V>ys;RRVunii@1*c;Y7-J z8t_l*3bngusaud{qHs4!Wc80Wx$aCqzzEujd|onR$9DNq6URSgPcP^O=OgrHk6L(< z9s2|)VL3v#`qHBTwWw>pv7Kr5tNCa zz(H}X>16$xsX^!rSV$*z=8`gOCncFN?MK#bNE1rnVP*20TMx!CHHX?0W)0h#3~YK3 zAis?mD~)LeR<8Yhn1NLA6Vlg*=C`vWIZHL}T$Af>0+Ak$v}*%TH6DW068KGd!;Wf=X<}N? zXEvrm?DxGLT`P*ifr3a*aT>-Y6 zyKwG_23@2arYqaQ(O?E=h0fsMh<{e8V(Ba^XZ-#)&FH;Fj*Ef32Yv-*N7;d$dJKut~%KTiscV|s72l=C14+p2W8KJ58@4uQ!*&{;ohH`u)wHHpw0iMTlR|EFnub-bgqg+9gbMqO;UD)k&eIs>_&U~mMOHA*sVBvka7VhBXai0NQ9JqJyo&L1P8}>4_HPe zRXuxi!nq#Q3;9UbXnlL zLJ|C12=QSx0qUn4AJaM{PJR{siZ4^4b~3X*UFk&ShHP`?ZQ~6N_7=;jn>(WthQttp z^0megF5q5fwCr*k&Q5=Ll?uIu(RV+?fGV(Tp~&vswzmBwPGUL&_ran3#>3=JPva!B zf+8PdV+?|m9i(zW@60moG_p1iOWMep7{HgGaG59F=TQyi+pJY_P>U<3*%R&gUko|3Ok=r=1gzCe+^7FJhMhDlB{t&^*7i*B^VN3z+Okz*uSrKD`dq(m6 z<)_BgnW+1GqYeqf(pQd6 z=h-G%;PGS!wKw{+He4<(T$Xl72SpMF1Pg}y6v$HtqxfPq(fK4Qozl9cvw(~*W`1)&SjWW+| zdzw#Dd-RHNrR*7z{XAN#mrVEQr-#XD=FVOAIXcfn^X}#!>7pT5U@^vHc>gd%HZ&;dwz=Ab~*S!vKqm^NEiK!j^1_!;{$Gm5zSmG~n3#i5ciGetm%Ii5@9B{nsUb>BlUMeo zMrB>nWX8k;x_*__UW<1%XZ zhKAelOJma-t8?NGl%2+xUTFF;7Ls29YfkSSTTHb;dB!*d?cEZ`Nl!3uwNAGr9~xur z)eb^EzppG4R!P2I_?>x|r&nNJ^hz4_rR&u}#HMk^{YRBS?=|20$R9u(GO$G%GE5{L zcNF1Jxh!^(k$)9Ksa*Yz_w~6BnHV4diDNDIdbi=WP?(oMpj_(^U+$~HFflaE8-E|q>Nekiq z{*`cRZ^&3o#NyK3Ne;xUv5a*SpwD6&0WKUZKq!&9IZB~vRx()igD%w99A{@CepZLD zgAEL!Vv?{h`I>1=ROceeJ_4(#zTt)W6j>Wv;Pu6cO~uS9QAY(3u&(&98gH*^)kdea z0+zx(GDfT$2jEA)+E2oL+T+PF?kUI0_%SEbP05r9;5Ao;4A~pRODkEBmL2ce+~k?9 z?Df!Sn)p_DXE$%HPPgNzEc+g{oot64CswQ0?x&_hKI~L_;sp{Od}zaWdh_ffAAt`Y zHe0bZTIH|Kfm-g3y!Vz=djF57vtVm8+SY9#xVyWzP`p^s;uLo;9wa!yp}1=)?o!;{ z-L<$&f#U93E_4Va&hiy~7Y5;#U) zw;_pt;ihvWODMCbW849RoqRcclbyC|L8QrY;-Tq*xnSQ93EiCCt`)xulk)${9q$~q zLZ6euRbK~>P;3E1zz~gozr(iQfipdeWs)q*w;|U>Nr44M4nXbh#PKXm97(h7c2LRd zC!x9~%e4Z-?7a+Hkb;X&d-nc$DQ}vaeyDYygX}JOV`|TuTs9hr^I>d=AKIbogl|+~ z-(*AMR#GooWX=7FxG$6`%0S1Z&JMwqqwr}zS-U}We)4~P z6$-QG^>_M11TdxcOLX6hzAHu3<>6xLL^*-i#|imiN^*J!DGCoEM@|DMq_)3|_V1yz>gq@u1fNB+hzgP8AEqYgqW z$i5}RUj246bFpe%*wE&*zToVKsf4brf^}jXS=m5rdQ?s$yf zx^^cLEoKRzh2aT&M9i$lF~OlwRbA1K9^VIt63ph4m_;4)@Lb=CRi~0>^Ls&g`X*DfP&-`@s@-n% ziS@^*?~{uCd)a&L6?W<)6~n|CU+{qx^owG(tx3)VuFF}lZ zj*RdXZN=#$){0^j6%&J>{}S*CVl5`z2xAvsQ8YI!x~3q;MQX1eH46v#1)(F=4_J4k z{#!q4PC@EgW(;UfN4%*wVF~?s2o+a7?&jAUhhvR7<4{dg__6u&kReVR=KDG}3A=1i z_;~XfUo-jQ?=&l=E{*&fqkyO@C35~ZUiD34R*&OTkspEE2l0jw=J_}K)@$_|ZP+?=*}>wrt{b3S^ zL0{4P=mIlVK6vk&OS8|mF9F+D6xRd}kxK*4k}Miuj1BjOF;+4Wqh?IkZYT6^@TU5= z>7J$^e8$~IESR~54{21E1n}VR%{>Y3ci?&kBBTt*s5Gop|M8;~$C{uuM*+Pt>NOhk zJ@vI3>%|t(1^%`IN9{BNbM_Io4l!bBx};V2|;6M zlWbY9@!1QGX1D;6mjxe)<5$HEfFb#=y5j!y%_W%z4a;`^TchZ1DJ-Jvf@0lb>_q2q zC4tj|ex{|Jhpx(kM+4Al?O7+ydW!U!iE3wfak!rZYpOflj>!8N4BHY>$t2zv(7jNx zlqthTw*#aJD-!j+`VzCM1Bxh!?(OxKN}~dAHTzM1DEqxi0Omm6#oM*mQaO@b3?ej4v420QHI8S^P|X#)5o$3%ml+cNBo@m#(n_NI zsf~ao6Tx2ooAA0 zEfOMg>qi(@fnh+fIk7bhvbCOv*90)l0(?6c3A~aO3aB|mel3}U$RW0#pMEB_8|5m% zEgAhFY}OzNo(+|V&J(QBxH=}${RyW`y^LiK zFHff=fUhW%jXP}Zmw5i#%6$sRtRT6#SP$lY{Sm;~baoS9IFTfj8UgAFse z;4Z&D7*O1kZjh}SXPAZN2*lDvi80og4_W+r?5x|KL6PNMb;C8eEBe_H zod*V$I2dUvwh|gOS!(5yzjVT|UFY4C)NUBIe*Aep=Ak?BOJMjuxhA59UkH+6axkfb z3AfqJ=(&_w!*1tR>gGgG(_Nu?f>|bZ=FMp=Eu)j>f8OE1ZThGp8pOZfLV)^n$0)ou ziFhl{q4^kLr6VHU!+p`tdl?qh9a!oR_ESx1ae&DG!=A8;X7nq281F{~Tu7jhqQ&JEkSnE*f zmQ{Gm7~mf>iB3Br6p2uu2di&kRl$oE%#nn2TiZwFEQ?4cqNUnA8Pc{4Hh$*#uWD-W zXPJ7nUr*^n3`a^{@G!LlSo06azAqCu8x%|w{_Cl6TlMuN!SfaOTkzwJG6mk@@>ent zC`~dY?ROswdPY3g&L&zwgFJep$kc77Zptk_J?d-*&o#0af61qG zbRZK!5Or$^$u>En!|g`O1JSYqzMW?l5w&o}Sx;AwU~{^`07}Y-oP!>cu1~~Wq)^ZC zmE%4t!wy2u5DMDAsE8Q#sQ|HdP0K62ndwh>zhOKEr$?Dg%cX*0LTVAVu|ZWD835gD zv17cGOh#_iL_s*d4<&I%#CyAS1L~A{0;ysD7@2(>{Vsw%zVpP+8p7U~x9R-d5k8&$ zu~9Ou+8}u`q*@LIbT7hqiax-<SZC6B(BG_l(CO^yS>Q{`HiJr(}BpMQrqYo2{4PK`e*HTNLZ(nTG__ijE-f}CF=HR zSi+|0?>0$JiVV-{m<`dY6(*UVYT2J zx!CzY;3vHP-HJdWCzHW#OrUa+Zh?N_V|#s27>^Z&1ty&L|UQotn*3z963x6 zkbrjf1O+%}E)e>alA&)tyiy}df6qRHArE~^}XJ|zoBRx&HekJW!6gB zTp9UVY4F{%5{bINLK!v?vbphMh+Vwdt!xA?iAUTg!Q_0pu>86>*x(GiTqHR1tXuI< zqu}b8L;n5fHVuU-T=B1($2@LR_Ws)CclySCg+%kuRb8PY9X)4K3&xe0KSCh7EcL!s`>r} z86yGdAtq=(cH~wKcd{DZ+p4HWm1=7UfzcLl)}rq>d5!mZgS-LlS@A=Bp5(USQi};$ zU+Tej)V6qlHYUSU7kb8bl#SaX{%-jj`c@!GUSJMq)6QiwIW2;MIyMY^#@6G3g^_32 zNAqfQqdvaA6fbsZRemv~uWlT;U;Qv&b;RF;d-GxEZ{TgqvQq zLn~?{?uxA0>!we(iXn_McxoP9Jx57Qqe(8ZLVs*edzVw5DQpE%FxsvQ9N#?WTW3N% z=h)>tf7d2@*G-asjfz31Y9$qyR4{`QJK#8^AWMGxV~W03fvh}ytH38yKHF|HTl9H5 zH}a%rnb+cN{e3Z+_I)Wub-_n{YNoq-dy2#BI8$fA)^s^xq5Wa_aS$|bULy~fzt}RE zE+l~{s+aj=-AgCj^_SkSOo4S3$tZw`pI8k(ji!u|N{O#jwK&lY80Cj~NETN!jQ36Ns^Q29Z3;zNNOqV8;QS3!F; z;+$i}UKy7vNjw_4LMq7F$P_J8ZG~>K%)oWviqqsnvFAQT&inWdpF1K3 zfohS5|7C~t1(rA>Ou8%<4+u}5D$u7|a#n6Wnu-F(k7PQmx{zYE`AU}mE{O*i6?hJ) zOzk|7VVCXM7V$&BaYZ~kzJWYzBNl)xhdN}M4c`=&v^%ruyC-E=1G|lm6yq*m-MuK% zH6m^)1zvjLOZhSGC!k|%U^jmqk^oTx)=9VImp_2-mPtNGq>?tTW{cnC$E#qdmb;# zh1e0Y%Bos;4%K|Fm5bqF$F0%Eo1h;=J^l6W#by5BNAQNeoM`MG5*A0V)FXFm)x z%t958-@W+A?{spHVx8jRwwJaWUpi5X|3i+m!B+=43e>6fOL*BnT>30CBgQ@fSvWsP zEaZsk=8`B-)!e&S52%ISp9eE_}UNsALn$Z?He=dANh-PY{!3}LgCq16x%(rb&Q08 zpy)esov?23G{&7)NWF8xAYkP4MW3q~f3no78iLEST7MGG3 zvRD~z9vowOMnHof?4%!_nfg(>fA4T?%)sj?ZVtK};3*cXH^dYo3pb%8a3H%2gFS26 z4VPaoDqFQ*m^}?>=0Sk>aU4MYcp+|OW~)3Sz~bW_PY zVp)tBYYkMJvltOEVJUO1pnmMXOEmT>X0X_7lV#(MRi*QrV*4+b`MpC;SHg_#OCzqC z9&?$|Z#Ou4z6Iip=1JA;JsLzL;D2ZG`iFO49v_aCs6Ir^XZL!iO^tSc!d&ree+;Q( zO?@dIM1Pj>TUu4ThvDiHI4FjWcL=Z*>>*4kb4*zrbU6#?=u8iaLRqyNE%l289e{c{ z-0=#LMTMb}K0)3mlJS}xm zFmO-8NmYH}9V6kA+fZr`ZX=Z<>9B7`f{PI=rW^Ym;bO4W6EuMkBU~A{NZkY{-F_#q z;Mp--+y7^fW4c6T_%vW%X_C3u!imdD2Zh3h469EG$$zW!!>{p>U&|p6EJNpjVnh>9 z3!^`Llsa-gE?e5{n|I$O}r5&WXt`t zzp!;HXp!j&PRh5tbT?RyGa|!AKs_*_xKWS1Gh%)GV zACx2Oho;LUjC!FRP@>EI3<45VImt|AuD%WzuxuQF*{^s$kTm5%Y6MNwEFW?8u7Es} z5hsOl$nZWCgqPn>eK`+L{dxYpPgZCDDMx0!IJ~L+`Ic|RYM%Gys1)m^7kk}$Dx7N^ z?PriZ=d51o+^ma+oaTfW@+x8{O?;;NmB58&&n0^!$6#-M;;1?_3;+J6RXX{_uAQ>Z zJ&hr^_mN<`7a4m~7Mh5(-#d*t*-+HOv=?4F@7=#rarVu06nfB)PL~Fxn*3+)L zU82Q)JaMmejwv?5K)C>Z5u}`dG{EqlWa3#+?_u7WDardXS9vx5{~Q`F4d!;zC?DvkRikO5z`6x zVq7*~pTNbn+N^Z04x_WJ36FhIMZ;Yd>qd+!@6kz==~@V(Bm7b!@|rc8MnX$f@5}Dh z#z0C}W>!!lQUU@ukg;Wk6v0p0v-D5qt*+U?V`X;=0!72Urwmo|@!nPp<6<4u;bg{< zo!q3&GXsG%gd>L^V_0h@&#ud$Y4n6w| zyVqlz_hdz1IuK&$b98@;YzCeLnVA<>Re(&p5Le&h_qX;nt*Y7>teqV)0IftuoW!ns zBc?`%=mNPt#3559B>sN%IfG#tuFLT>i|^^;=%MP2_U_w1zb8}fsZd%W>iSACHhsz= z53vQ1uZU%d%pT0uPgG9o{JwKKb^;n^zt+8OCNO}L^WuN-)O?kb{RaOY3k4yk&GO?T z7#HaC`#ZxDk2l%-pXOhkRvN`eH37%ZWq_FC zN^Tz`(tSB+;oVlG6VFa!_Zt|kpwvz5+Y|4!Q?|Ev{i+4FI#uJ**~D+E-_jcgNhiE6 z%;{xqEXUIU!}lr8DLSD-XZJMHq+ev>eXLPVslQ7zpc`1kX=7R1VM>>`8k(IzClh>1 z>H<$(J!LFQPU^Zs8BLD?o8DY;lr>xlrrOHS`=b~+YcjY2x^jG+T1%Sj_rC$5H-VarOf znfsz&s(RXw9noxAHe6@ZyF+Wf8=1JRftT2>V znYI&oBeL+MRMXxg9n1W%m9n4d)h~A78n@Sj{)sc~IAF|<319k^^E4 zdHhT9;P^@}z?eh+G*Q}DSIVVqogtXsAt68Q*PT1i|1E5T?I=QW+YKS!Gm)hf0lIV& zWmr;bW^>{J#{k~?$hhYr3D9F~)w~tF=#=Gvaa8LUtn*V0$n>7}l5jOC1lE=Qx;*2m zib5sm>Pz6~5c%r5Xp8-vFF;{EzOdvm0DQEo5QH~h&XDWRsVxx-cs6;%8X@l$) zbiT&!^R>JpUngqJ(3{Z*r0JN(E43Z+pg^_o4z1yd{{D~77fiX{P zRNd;q?!0TMxF{M9IQ=Mo6VtP`Mc%=&QAP=r!&IzPBZ5J9FYonotBC6Pw||E^TYv)J z!XH@*4iTMx6f;O|)ABwF^aK7D)vBQ>T)*7wSbr0nL#?)PgrqfnJAU^)K2Bg<!`56%xM(IwlBY@{Bz&?SYW;>A_m#JN;g=fj=h;?ZEL8G#l7e>r7N4}#TA za_T@~FoqZqlK3j-t?+DTfW-Jov|^I3k^cgC8UV}S+H-CH(O~F%B%J7e<)?*p``68{ zV~T>XPf7Vcf{38rz4p!Po(_T#9$v2ihdMP?wSCO6tm*{HK6k!JUekJ?=a-x+qjjsZ z0wJg$6DB*^r0%YZZyuE;T&h>ckGpbE2O*bGGjxt!C|IF*&|VsUQ>Jpd2xw;B3S)84 zwC6dYkyK@!DcODBxyY{L#(mG&Zgz|Uh5cp(-l+MSN;Jlz{s7-|ZUov|)nqBpK7h~) zB&RfU{u`HPXX`Ibq3eNON` z(R`@+;4_*?YB;f_Y@-SnF&^LDPTtb(`!tXAWaR%UYp0b}%QV9nWCV!F_KG(}Ji{Mj z4^;ma{*mx>!PIK^`qezjW^L~Jm|ev=N<{wQ&Tqe8-~5cKF{VpXvXv#Z@e~?miAnJ0;Q07!gZ!rMX)oO)KD zXRB9iX`V4I$0_4w^H5;gt$hgh+hV2InxN4_^w0vA(!^7DyEm;5@$AYp^^#enbBx@_ zjWrlt3+H2urcB;jL2q01RxIi7Qp3_CA_93K0dn$jdXr+q&>c`=m%KZ^K-qPE?T3^( zZ@h}*f`D<($`zxqMMy+9oM7tA`iJuwsqXO4H^j2Yl;2lWpnEOs41S$osh|f8c*pcO z_l-D>VEDC)&7y=InaE>q(78@ETx9lC7P-sSHD8N}{x`*?Sb1tqqB_T}GopXKARD0I z^Y~zD)WOSuBL+H6ZP+ClYFyetY8E9IsVUvyI6R$kr}PtzkOj>tz*KW`QAfotlFPjjd*icu*{2g#zc@6K zxKgr8{G#=;QAwx#?9VgIKUKkGK85ig5paQ)ul#u|X_wt!<){jQesh8w8tB}p7}>dB zI{it|1qZ~?P2nqb*T@i%o}JdbeoF?}6mSz|QSeDh6`?$LgZJ1^B@&jiP0@XM;)*rs zMLsNi^#83f9jnFJbquLr)! zMUQ{{_H5mbZfCB;{~^JA&8o_BJ+YC1`8JIra1y=lK=2SaQ@b1_CB|b(h%4wA08{v@#askFUkq>tpGpp9hGY1+$x;)9_NdZ+R?p{bsh zcAHB$u*RxLBIFcUqSfEaT3fBA!Yc!wI+U5zIsWz4H8RLah@?bdRAAje75~&&<)1pT zUlr0p-3j^+#VAFY6Y`XPkOFz=ojItCheSB5oI0U5WXR_e%wTVCl{!xjoTJPFV_L-R zjDFbls5|(hd^A5%44gx1#X^?<`*C|+=$an5_pn(bNhpPs3nrNP1NgmGqEU^WskvbowFW#Zwpk5`<|a8}P1K*N z+X&KP)&m;s22xY_6h4Pt3z0>jZ6YQ>VS)A~g6BtniM#ieZQgU+yuRHx9CdB}=hF6_ zRi0_NCbPec@aYZo;UaDoVW8>PBQf!nbFHOK({!%D{6((z=iNgXZ3)1+GwXlyuww3(raBx0vEM$mKCEzNc$^1&{T2zszY)Xg!XVqoBu$Y#mRjB*7nGsY=?)2XpIC zeC7I9AwUURzKDZIgb1lyyhkn;8E6#vxV`cxB_xilyNjzO47${MDE5xaI2!y9$hJk5wj8JdB%j z!OH8e%76xodpPmlk+CN-)pqy4^0(bF7{gLu3JA;?W;6jMc(J_R0IR)Nv$7Ej;b<`8 zlMu3+%PQ*lQf`E-kbMY^wDlXDSU5DvlZ3Msr%~k(zGD`_)n@_=7;6O4Kt5&|(($Xd zkNguOo2|QrnTYLo!mq>(d(l1}WF}sx4bH1q(wuju1m2xvs2w<64l@kwk2w#^+6Rk% zen}HXpp9Q;J}%Obh6eiocFy}j78{SET zNU{N_qP&4+R`u*=1@gBZ=50}zMs2_Cf;LuN%$Z8(?R5(gPe%T;p+E*V zCBw8fy{MU1zE=#b5`zSVeAg?xP6Zn51T)^6heO5%@jwt_{RD>h>uarLcW+G(QtPPb zyw@K7zT;;KYJqPRJ@zD3^IqoKlYCgrs5$u*w`AcmjGv!x?zDky(0dKKjL)bG(I75v$Hg>#Oxdi3&+7f|G6Hxd@Y`BH^2;*Lnf+UUQeTseNI?il zy1W6gX0gpE(LZf8Gz0n!Q7cFaN};n%hN2Qm4;jw`$QZIhN{L2H&hC|s&(|SHv3|mL zlWB||vKlGR+Sd|#b50tsyhM7T)5coeh>}E&is2oc&R%=gM63Qz5t(LGkG+4=I2AOL zG;Jz{qzSoC5}1r)bbl3f!fjutlkI!+4gJyjl!-qx#`kym46jgSu~4r`fim1Fuav;O zff3L|S)wPMSYR*5zm6P%RY;ckvkXhZP~N`Fw$*7#KeDyIQw^wH2o zzc7sT-hdR7=1Iijsmm#YcVSHgO~g@ZeI6PNIlt`|%a=xYO`P-lpf^MxcJLklW+-QW z)|4q>9EeZBA8u@_Fpjeeel>_wN=`1^A zyX_cb#Z!@rR=*GD_YLAs0^D=7bDE3&DNvB(>muD$-+Q#x7WeRMvT1 zvv+RPY#Exg;HV>J$>HB5KK>Y_(hL6{!VHyU%D|P{ zlN0-3_|m3B`iOF#k6swyK)vRxwY&^IU<*-z7W?%7As~Y99(IGQ)AzYO(*HVnZdP`_zQ92jY_ZSBaP@gW&TaJwlCj%Y2pz?DQx0OP1{o z4d_%gE}ryu;|hc9rTE_B+vgPtt`hmjexu!{Q?V4qVF6)h?48>#S>7>U%`l8H8j3vY zO(6ewwtTTB5>Q1yf6iy}pPPUOkNFdoYP+KV1F~$-0gO%JHVcr_W8ZZhXAF4nFWP>a zn^LiMPh047M)i~f+d{JM>DGStomYF${Cu;jjhw3)t#Pu2-wF$i+Hg@nX9Bihwn%L2 z`S=Q#m1C4_CI{=BBHRsK#7^CEi(H zzr9{$<}hKH|DSf{i*qp9lBF2om6hV!Z9%tNdkqG7@DHd}7y-;;rHoAko9rv*-=3r5 zpdV=$Dwf6WDIo-p%ftLl;C&s#XOZ@i_(bU^b3T*@GOAg4O|^RWQSEj@b60=$k8NiYV9%w5dHdUPL&byBPC0iM@n&KSaYgdiEFRHzL){}iPx|0=Q7=tAq+(L40Me>giJsqD-$G>qda?reNFQh9PIx5+VhLR z)>x8J+zMQ~PtM|u|I8iHVW>8sULtgI+>*CO1EbbQ5jm4`qgH{w+Ko6=3dPl=5wlzo zAD&FPN!T_^|8-wJ-A>){aQe_{HBy$H%X{dOm}Zl@?^Cvr*NwANFTxldQa}r>F|+n8 ze8elttwX!{ce5j9Ri@Df7310Rlb^OZ)xSWnhOSRS!3B~6==Is8M2p3ykup{x+OqXM zT9V@pWsDg>#t0Bj-E`rkcVe;Xq#hvzE>eR|j71dnD3#^oSMqKGkGtxVdM^W|U#M#6 zh@W@IzXOTxI+K4jrdUn-z}|G?+@vz3ptn(~yx)MFREV%6EIcp5S0hoTC6|f*V*a-t zZO;CLpU4n!AV~0h&=Yl1Nqk=ts5ZFs{D`zVWpWfL%>9>Xj8*zok4ELyp`N%xcA=gT z8$L!F`>?`T-WL_s*L0B5B&y3titLd7hAYXcfaIL*WbR{bhMbGEVY_q>gaH}ETjMJ~@^|dA(`8Xyq=PD8O^lNz8bG@S! zc;Rk;qfW=CNkv8rD>+Z|q28qz9>u$MukvFxCgj|?B2jcQZRYx^6vLHMZ1e+_Cv@WG zMuI(%-BwB3Yp6{Tl@}e|v5Nh#w=D;>3}a3^Y{^D05C2;9^k)J)_E_Knu`JPa;E zzd0jw0MW4{a|#lv=@)WIe&1VqPi#}{&nS5UxW<1u9Ot{ykzWG#O(Ee5(!Jd(i^i_3 zwB+<-Zb686vH%LWhYbv@QQy7UyaJtctK4v}*kQ%@+v+blG36w3IQmU=Y_B>@lwKs5>)YZzf!ghC50p5; z{hH|~wg17ExiNiYQX#HFJaJjAtOi9P>s1bWT!-rEa4CjSwDt~M#k4axknM%II~u@o zlMDVg*;@^f_qx-`J&}joZh8K_Y?Q>Be-=P~kj0*LzAjStEy#$V9=U>nLAaHi2Sq&d zVcnnqZir;i-GHa5dMc1h*Hbg&>*V7QZaX77Waga~O_`?u?~LMeYiDi6oVK7l&5&+j z-pye5_Z4L`KXXjDdr?ceKodC@0ye)0SS<{m1xP|hX8w4y%f0`1B}1aRYEr5i!@5s( z*?UrVci#|sh!nX>3a5sl1HD@QN6S!J{=6@_vd(9Qk|g67OZ z_lB4qyCE9B#xEVRIWBb8hMCx^ZW1=J!&D70iw3aRc_z9dlrb$nGt7Ue6R6UBb1PmK z;%g#T6Dk%tFAB=Kbt1*|T9Nx&SA)l5E8|PMdy#f)ndk-M$^^hxTFA6_uJmlk+=vPB z7ucKtaB`TVKqj4e&>7QGPjs{@;%5mdn?{+SISDF`C6is8B}2|wV18)#tmVsg zu+=88^*Q$$J=a5J_q#m_X%)v{^|y3a47k7X_*kBu?+PEiZL?q#B8--4Im*Z+n+x)f zqUKF`N_k;bC1nH^c##uem|;$0s>Ww^5N(xFmN zoOWfggAL-+mw?{dol{BBLk66q!0+dug==U_V-HKrj$@2fVKD?M<8ee==cQ|VykcQG zWIiERyC153%Ul)O*hj$iqgZ7b9sr5<(yegpF9hZsNL^HU=u;chxu21WUoJx z>M#m;Zi{^vmkpaD8EeSaKgUVN)a!;?1NRpQ*tXH$gB&)I@BZ7QZ9G&?!{FFreWL-6?p~TFbwI+*w5Y!MQA~rjc3r8a_f}@5p&Rkg zBqX!(V<-W6?;KYTPrETR3hgCWSafK85)q&RM>H^KBoQ8qAX6WqM$mq=?zVJpRE_3L z>?idGu>R6OCyLobug~adbe-&l+6OD4@W;^;W~bdBqyqo3&L?Ng(Z;l0Yfs>B7f54< z!O3=dMdqRe&L$eY%`zNXr&3D5&xj+qv1y=DWqIjg7U(eFapi>bP6^huoT`yoE~sGF z1w!;k+1hcGBox5F4m&g*JdQR0;#1F3I(bAMCrTGuM@4im`EiiMqRg+986$_BB?MqQ zV#zLDLgK^~nX%0qIAb_9CTN4wNl+%kBhEm3j#1=>2=7LnP(rAv8Jx{xM1QPRtxL+a zDc&T2=@qpI;?@bA*`+HJNFQcB&1_l3^=`~^-elx6YW(H)j8^k6MDUsJ6D>QTm08gk zdzs!Ah01fPaN~9RWI=^Y?lc^V!p~B;c_?oQ+||mOaIS6drE2KpZw`9_4&C{VBeR-1 zAZ!q9;%WyJXHSh=>>PGXr;7(w(RW)1>UJcLIN`Zf*1(}zD!LgRs%28dV*Y2;>xyRB z<*)WNZ)HoEbwOsCrWOhRJ{6O_4Wg&8DxP9ua(8Y|!2DN%5$3=;xMd(@rKa zv(qUghue!d{E65y6ml*9)^`9lj;-qU_XE~;HnNrFJZ@@L6P~T^eU|E3C z!gng8H-tqm0=x1SYfJ3K9ha1MM(S5SfTq zeP~#Hio|zj)h(FW`ohld5BZq5e6inm7}vTj&|BkUXQWbUJF?!}P_$cV!|$_`@+OAI z^-92=m%TVgHi%T0B$e+kYK^_Zq6Xv%P1O z6|2)ScRD=zsgjx5B#lEDtT(v)XF6SFX|kRM3r>sqOL$p2JPp!_3$r{tJEIhBTcH*j z|AzP5ShQkZn$(-#Wj$Rz1G7{I{1nH1)Ke5;JpLCAhk7I4>hlr+myS7$$2n=H6#BWb z!*l6wsOu4G2W+(FI(-+Th@Ly1KK$zTcvN6)GHEmlIXMCL2jQs8g&q9^KwXIn`gEDx z-STwh%?M^;mav>!=P%Q^M-T)*%WWY*$3uy!U9W(`hnc%MI4TVk+$y`v>q-j;7bKE`{CTR|>RSHcPQkVPiViQR z;e@SfvjkCQQYx9(v8)sipMRV?2W9a|{op}$q1yy~?~`%T5-6_SZ5M8Iu9@KrWtn=h z&HDFy340}6K0-o6&Ck2SLE5_JvPvrOcQ_Jnh2`aYv= zIKMlzhyT~xJs&gU>U$uIB1`Ze;!(eoXu_N(^QNU8V>Y9s9KtGo@Da zmXbJIbWgz%tH75uZREEMSw9K;<3SUjV1{p=C$jOcx=v~-h@AOEi zfADH_3}v}&?{w%=m3{!O-NJ~-)B(O@ECe;$%j4V(DYnx3kM7?!nXeiN)JSlAB-e`xz2LF~Mv+fyh^t z@J7QiFTtnuO}c+XXBb?!}dzh;bYpPx-h!D-5qd?kwH+?^^(inPN2ZkQ#qmJQ|a;kYu-uODy z);fSOND(JTb;Nr{BpYj~H9vZ?JFYo6=|A?@b&|rlR|E?p6IE?@`bf9GQ?0NcpSe`* zs%lAkR(P^~u5gkVq`vB_tB6@c%h5C}9R&0q+M^v8i>&`HoC~WDoWDi-Kb4WRU#ER* z(wMly8o$^;o_W}&oQwRab(8ZG&KqSw$BRca{|h2I>M-`%c5n^;wdTkn6V*2}%|Oj{ z)g2FI1FL9WP#@dc56Yn>CTzpdDxJ#6*K2RO!MjnbNf<08{E9YkVrA(*h4!d`i@fQ4 zgRcl(WokGbU`)vYGUYeM@QyS!4iQRIyk!{mS&QfLQ!i1se?vh zFCL%WJ^$n6zsEXEWKZyRwuRUzyuA{>i;WwY4kkDv<`-S*Zizog_cAs2=B+cF{%E`7 zr=~hi)h|yyJkVa8mnTH?4jJEhXT01O=LLzFtqEpHZ>?420oT5Mzb1b7W z2O*1bYwp;H4(yC9ByMJQ^LkUbDfPikrd`%6xvE%`v<;U4Ju%?g&Tb@jmd+B_YPCYc{#4W(%-?IMJpz0^3a z3-&zeOdvsBuvVS%=_W!NT`uFVHWcG>HU6Zlj^`j8OxH;AY`>pLLC~yfuH^Y8#==5m za+gT-rNtc`0@&2ElatBnEY42?MIEo&CHC>j_&P>;jF;2sCW4Us)HRS|b!PC~s=>;4 zOme84|7JSnqpPGFVvVhh_Bs7$5gn1GS6k!uIsB_nzZnl?{O zag*RANTT)5xc+uD(VaZ+Sm3kJ)!N-&g0Pxsx4rLTesTn)d$i7L-K+0myW>9ex7Lbn zz^~hoX}fqn+IJ_B$lGRzrOxI0A$sDRK*ONM0*x`|gLFkwj}py9q8{oyxxV_pX;|6~ z8A?$temO0E_J^(gD&gu21=Al-pJHGL^HQdgl}OULOz*6Qj2H5RcBr!(=CUSqO|HDW zrv<`SXg*!$vPk;le4u&i)*uCc5QygJ$q6J(B};9Xx1us=(h&(00IZzossv08 zI5z7wI4QjbQzH@g$iD$@1&mjmUzdMSeX8go1#F1ck&Et%&*=kou)1+TWtGLLV01Jd zz>h}&cx2m3MB@ABl&Ui4&(Z1sJ|T|-cqGFSSz8oM)L~-zqp>h;zQ9F`7B$c;1~2Sd zid-RKyijQWCGTcN;cmDanJx)5(03=mO1u8E#GU6sZ&~8SE!SCTtBl)VwzMB4PDKPI+Whxl@gr3zJdviy|KsT_yW)zrX5F}3<4$mQ zcXti$jk~*haDux94-Sn4mmtAigF`~&5Zo{CIcMB|us^J^*P64co>C^UdR^Qtcp!LZ zMGE&zRj13PR?)Ee3My(y5u>rAKzP^CEp`ggN2h#g!nZFQ6yxsTEuFj+A}|(Hr190=<+n0u zZZ`2H=&pIY-KfxlZN1g?BNi8;3@f>i!Qpf5(tHJ9OKBXgv*T=7i3tQMM|FFet54)a zj>NQeXB4D=>q{0f)uW`$Kz7{y;y8@=(Xc32N3_-Jk-xa0lZZf!#Kt2LBgh*FPPprJ z^Ggs$_5r84HIPnswZO~5HyTJ6XSN^_^W!tFg^-AWT->p+Esnu3VOlioM4KvBylA48 zc1_i}s3+^JSF`Q6y0BanUKSKhR4x7PDPx%*PvTZZ20y#$$c;IHRngdp69=;gg5MvMxClpcSV+YobU%8$iEBd;AIvS?uq*z62=m#eGYn;~fT61|NIzB`6*fr>)dG#^+!sKK&rRvvR)}9td#U&`<^iE zlwe*VO47pWMx2G$aN-n3W$W#G+KwuM4O?+)myRBvelzIi&TkvT9T?Xk2DOWpAr9y%5Q%Wt{mm=bOZ)xWH>9p zT;^r>yqS!wghSa+P74<1TUiS19{3pfi8*@(>QewyRDQzS0IbvbBdn2lrsB4?S`S7q zpJQM&jHj5+ezUhpZbu(M?sj`FPzs!^Z$;ei^4DVfIj=lw;a+V{M1J;{)36WeGaof@ z#)|%fts}*(k14x7?J=aYwHvd)s@Fc{+S^C1{vA4o6C;z7e*U5W7z}JOHuvh4>HXtU z?A0N8`nIl7ok>zj4z@McD_Z7<9D1d(x5(;7?F4lHKnNj{>uh-b z-&JJ%p3~QiaE%;t=;PGFgl`E8*oiJWD!8yI0QhLc^*hTVd9;;C1?vdOMooL%7!=8w zcb8m2Z2kDRLa}~~|1x~1w@YzaVoBq13L7>F6)kPcAr+VQIF77_0*YY3i!bK?lZTzP zUu&!W)4IwBem|{+?jPUh(t!#61PmObsIDu_#^_88N_3KhgzO+dIraTQSce;gQ`fDk z}{}%}^ z8E>sqiX~C})k8^5`#Rg3UsrIqn+jXBAPW&N)XUizal%+#@Jtf!1X~aWoEB7rqB5mF zB6QA-W@cl-==}QGYp>hqdP9EEM-C>Ir$!QV>@-X z(b<6jwk@BgOv8WA7^S6X+&m@uJt)m~Zzh7o`zDa(D6o&U(fOIaNiGzGClB>~*kB*F z)OQ$y9-;U!16=O>X>DkwMHoT;`PX^q+&U9xC!#S;!KX||sHruIn*ue^RePJ@_zB92Xce4FEdT34gzU7O9JtIb^g1UtKBQf)P$<%yVdTLMa&X zj*}40DK=lA4#{bP84mzAtY>v%<(sy(Wt?`r6!NPcrimL7*vm6>N<{CPnUVZ~X~X))wjei1;3(0QS?V(+(4`bSj4*A4~`sWjX}y{Xu(r}p2rh%v`I~embFpi~B!2kNzgWYGE4H*d3I#oJ@ZgVPL>hO?Zr;r#yAVt!tvEMogZW<8}shqFb zx4%f$;Pz3c5EeT5UDlj>!6ji=8!5YTJKVcKdUbljc>Ahv2_5=m*|MCTDrWEy-ch}G^Z)8wU&%;5WY8YA;I3gr8 z!!C;BHLmB6W(lAJUrB&2Z_!vxhDsF)y0+j@&oJvWKBH~9@T%{f8f(em~y8A=!*myU(XQH0FP z>V8KCK*^V+7|7BlblzIW*ax&J`%p-GYi|`@9fML9Eig&mmQB7p{RN%IIyVd~%GfUb zP8>DW>>lG`bK3d{F{wo+w!p@~=!pt`>#UYIXSif$J*kE_6*DxvpK&(vovjMH4VV^8 zb7-GZ(XZOe*r#qKs%_m{ol6-Qk?{o+2oiq>jVTmWX&T z6OsXWTM})ez@`b%Fuw-&f?Y)1v>w6Bdq;g|`PahM&j-m!isHt9j=l16GJ@=Jo0bF* ztJDIIddv&>Oxm%A5UMMrQf9)bpf-VdOFt@AMK6|m@~q?F4@~ado<)YBxYYu~!~A0` zw&ADAX5Xx3`Z!x?6aSFQ8`FL%@)Z8RZm%p2;>=EA*n6c5Bi5%6$%_2cZjf z+a^HkiRDb~XP?^XM}61lah^d{;kCd>=s#aSi+*Y!#}GTIC4Z6sndD{D#a~pug&7Zx zgnU<%z!B$`B)?tfy8TCb(I?gK&aMrk?wYbxhEPYG%^Z$Nd|xHv17rTbN44(N<{xy- zU=Q^eAnq9*Bgn^=_z->eo*r2t9_XZArXxAu2N=pZtQ2|!N?c(c<}k$WYG zW3n?M%LaEYaU`p4386aOB(?t;{2kx7O)b7z&$wVyr2V=OA>9YSbD&k)etbnoK6n7T zC1gqDmAUM)c9aIuj-3gM7$Vj)UJRCMB%e^78!FX_$EnxK#c3vvA}x+@4+(*v*^M2n zz%Jyp-ALvAfX*Z)=5vTRJE_{wi{dPiigO>IuWs8&1?Jv)F~J2;FL%RpdY0mxzR{Lv%rE8Ilf<(vi zWt91S7poQ?WBKx1drIYghW6h>#R8UXcGziNlc2QS)Bk5W1`sO);sQU>Y*7hRQ`e|zc(@#*at(7v9r$9r2Mv6#S>g~+-C+i&yxjjM}x z;fuGm^K{$Y?m>{RnX=>#(g{>Ok1FEbSvuaJ?RQ!jJu_{ubtreHlcCF&H7H!e44<|B ztI_4A;xMAkj?crL!7=?X&>tO!*HqAa(!+H)Bre+_$m&WcpU1BpjH#n!Xu2`&Gbj&m zn+j|@p=S~u-p7Kx{Px{fJbA4UEa&D7k65$mcfhP@#kgq6QelxWf96)}W|0Uzlt9Du zs_p14y$E0XF$qspf17lW$6@j`+$g4Y-$@j)`#V<;F8T9*9>Xw)F0Dk6bnNfp`nGw< z0Lkz!&O$c;%ciu7y^D@;BO;uf<9{FER3{YB0?pJR7bP~eR&RBU-wul}m)irc8#tTYjmVI+)w>01_$_|=?5hWSWCp#x$|3O(l=SSO!#Sx!_{*Fq!4x@M`X8V-E)yq|FdJJyQ+ z7_3At1{=XWq{LL}?0<8V^B^jIHH(Bsv3TGEq}temm5ZTQdas4t&QMn`fngW4dL>+O z*bWvnSDL@nJkf($|3cq9t??{=@`ZIxQyCpp5TjHw<5@cve2S7 z%#*1tHD4ePDnQvMb-y?GJpaf4kDB#v>7z28acS_{;_CUz$-JS?oP@;v{NOVc9Wm=| zlIRk(CKU6UvRD3CrPlzEL~eOdG6@Bk1TH-5FIgT%V5jXwI$asA4DjSXPOdisKLP3O zwIo|hlS&G?OhnXC2x=o0$cL&lutBbyqIS@qFG*cg9vAvKy(J0-NV6)^q51@^%AA~V zRF|5c113a9D3(jike8EJ;9cOn{Z%?7oLY2tevf_f)uB9e47;fo>;u~vDj^a>Io=aO z>9~(B1X2@p?kp8At~1RpJuyESt&WbE%2`vUVKlZi$cMZRN}XnOTK$_WONUeJU+Wsl zUFE^A^-G!g4nV=E%?{(v+zP93o4v8CQ!H9rhK&^muJCcCPMYi$o0|4)CXV29iAOt5 zMH3#j!#l@3pO@Mu`tD?$x7Adi^gn47FfVQLW!FkfyjwM)o3>rd`jx=`S{eC90^eII zn09z5T0|i5J66_U@(*JjEC}IlCCtYg1IK6_Lmui?f=_;V#_ljzdBgBIrA@@hyAjiH zG>@D_uJ}-qy+`tA*409Nv3xP#$g9vkxJKYz>?+S@Xug!7xG*MGj1a@ZOsx;hXPxo# z&@bfoh9VR|tC)`3+klI2r7=TKm|~0297j3imTn*<42507Usih1lJ8Cp$+1gJ5;V|U zi@OkFa5vqCef*!&UVjyATC}dEa|zV=JIOnmGjI!Q$C4X*Ve;~lb|3zJJ`BTbFgxkt z8bLp5N(47z@;1F)*ZBwrjp0S2P0JUG;P+@`1Nrh8iz-bid&u z)PmOk)S~XkGL|j`N#!A^UUmu^b+8M}=;MS!_TlHEFcyO&RCq{Erd#SSTARBi?opMN%HbPox+lF+B( z7NGkcQSIwo*RYRdEN4RsHqQBuQBduKbM0{2#xokXhcL#qEF40+)Qh*IJ!g}KqY`}) ziZKSLjR)8VkueaNO6wx~9immNCNc?6c|yRpm_C`1ow2pG2pI^lASx-3SF!er%5ue`-kMk!jr)hQ8X%pIH2-GyCuGk*Kb zGA{ky`0uQ`K29tP?^Wce0DqT0ZYJ*WYiQ@%rah{B8A^tVtL0S!YMa-Gwh`}k^Phq1 zUAXs|=lSEy+;dtQpHh|4BL!?0~uOWJ|pwjUHptUNOk_vhB4fhsx%TH-yO@t-;8cJq^zWO;P``B)&8DKDRzyGO2pQVwxQ3sT4RzkZUq3d+JZDeA5bLC#3SFuu+u5mgyl4AlTRWaj|ZTM25J(3>4~=iicGB zHY6eb5IgMMHakMpH~*WF)`sR$A5`$-S|E!Dsy-%Q2n?(-KX6BEqd;3xJ7nR?pLqU|q3*g-!shu$xB&6b}$1of{sWBPP zs)<+k8~`)_qIR^=FzcxMoq5@oL;B4CP^EgU@r*nPJqYNU3Vm9PS}}~PhK^|SnV->2 z*8NUQ07Rv9#u9hy{v`*;w#7N2;fv-OuI;I@y~LKxtlbaY_0(HS-ReeYF76 z*09M`mUajc%zJrG`+V?L39%G=-Y3lx9&YM9h>eywUrBu zb}oe}raizX^--AKf7`2B7EzuI__n(6?LH3BGhGRdM&xg>a9l9#;SjO0qE^K5-_ynU z@#7KVdYnSK;ziUf;>6%5Mc8!8mT1qAxUQ>PN!TCZM?T-f9rA=`=#s*KA1sr^~5 z$k^YuERx2y<>w96$VFd~G&E>rKEM$|rx#RXrD1(MrW%LyS-b6{jm29Wb|;*;NBwlQ zTEuWA^9~UebHIOeu%SMM4KJOV;t3pYcb~3g>^=Zafp2)GDu#8icu;I1fo~+Dm<)<*ng2XC8Xq zp0d@rZB`AmsIVT(c%?Sc$aEZy^K02VdKy{fXHr4IfVXDxaF zOy?ubH2g%ymfLR2VpKvWV`sS>saQOK#?^0zi+}^vY(sz1)kXG@_6ZPorA>*U*6FFT+uE{o~umk>#peMNT4>m)4S=`Rh~L2rEF!unyC zIICXn^;|@l7eg{OhXR9qw#}@b2|`k3prO@GUH*F#k{2@CHrjZ<$61PYnD6Jne7Ta!WyCqKV{W zK{iS#0NcgMDoOlu2rFDjxA+aW(dFU1H@@K^>i}sH?{EOb=#$7wZo^iJ;^^BkY<(cOT$_+ zd8g8}t=fpP{BCG-uG(``;Hl3sD@AYB%@hOow^ ze*vjggzT06REo2r)lKH!)8ZOS!_$5o;U(-|^qr_pQdBzJklGc>d)~};SSzJ`kP>P@ zuE^F_<)&zlqtg+3SE1kpbQt+RW#GjYusFjP{OK~y!rmwqRZZ%j2ORhHax#1^W1wka z_igRjwOrlQ$RmsZ6k07jHm5=ipj~l zyc%Nm4V3({Lmf5 zyX5OIxHNrvL_9a|5}UkCeA=CHjvt?0p9^eu;39ZDAXfuuFVofuwm@ce4?uL2^NXif z@lkqe(d&zf>MU+xACdS!zj?c2;xQ6WsXrb&kzF$ryjEy{>gr)=s7o82U}E&XiLXdw zJ~IKJPaS7|O2L6C&=+$Nn#|7QEi_nda4e61kwkFyv5X0N&?iuoPpSeA`02m)CVz_> zX~K!ji|U{th4Xl)J+ecf*8ryQPq9hIm61~ z|IR(H;I%W(o5k4y*Ys;Z7NrKaxJ^1*zC~{lB!`cXm(CdwosexBGZZiL{4Y0pg^qFH z4E~pGQ1W$fW_|RF9R3g*5PdUPm()B(%*+nL?xz()&>uya+>m<}fupT4w(fg(Moag? z{rTE#Y6*Z?)v*r{KNG@CV$+5_9PIrH5*)+h$zvd+zXkn30LMXoG;%W;k>XXbVr_^n z*!F$#`8@UjLo%Gq&*_vow?cMYt{3o0f~BOUf&JSEq>K4wgo(Mx%>o>Y0K! zr4q`b?rH&#b`P@+iGvZj&!neM{f)@>T;KKdXbpX`C|3L45Wl4b>E@DkeGP`lyEX@` z>5b4bxS{ta-3^f8Mhru&5dRJ>{5`WJi^~;upo7Rx#sBaY)v<*h2;R3G)}9x0_IHyR z{@Ps-R(DyMtadvbn@!I30_TykgNyp-1K`j#Q}bWRm2f+#3r3oJq-eTYCZ30-zqK)z zGyZVlOSo7IMQi`*u}eeSe9yuzd(A=9M>jMj=1sK+JJP>3tcD2ehryb_*FOUrIWW!$ z`m0s8INA`A;!u;FjC|FvbwYrEKW`6&t`WVCuLxrd+hJV+D__)=T|<%TjOSnR+zsF+ zOV4BBtB6z<@p+zbo1$CU`ED0EFrR2l1EMa!VM$OkrrerHygM)AYcFWh*+Qz4G67iF z3m$n)T#bWJtZhRI&(DWS=yaWMdw7+o{044-J>djzoA>uI>YD*b)ZAP zYRmm%<)0oMsR{$@3{xUp!^Rxo7icfYv)?UfcB?fsP@L|`=E;;8T0)euNQp%FAD+tT zlI^=%Pk;OsD70luc`T>{ikBN zvoW<%$K95|XP@120?TTjIjb$XU`Tc+KPUY9i*eiZMU_x!2EGxJ^C5)`Jo=<;b5xW| z=%*C*c8}^gM_dVgx_djCqB}bylpvXtWLR9378>+h4-vZ-a;d!!b;TWu^dPME$S7?g z5#*`moiW~sEueEhgwyX{*l{(1(S|3i#cA0}d zTPdCdcGJ=-n3iaKURX&mV8Q-+Zd31p_vW-xnToF57mutmx@cv#c@10Z=vhogLqoT0 zW~0ktPwn@Ga$YY!l!<3ulHO)R;OP4Q$a*(^ z|3mBTbeZN1r{f+9YDVpn)>^AO1Y*QWJS$vgv#rw?RRb?!IcBE){`NIB@(PQOcv9o2 z3DfY7#ibP?g;6kUmAbN=SjqYFV_ z0NxKGPo3`ToI_E~O2V=m1B&GUvyc!}k474poAqY;d1MeQC_6ko`j>zpaWvq^$D&-N zs@tpksK@XRiBgwrQXB4RMKMOMJ}*PGN3E-1S!lVzc-KCFIz?2CG67~!>s z5KTA%QFeSn_0u$xvu^gRHJcmydS>Lhf?!4hOECRlfGEM$@qs{!I4~uqptR4WrMnYx z*ce}u%k`^R8b>fZ=lexA zQRD$Ow_I;hRNax8K%6M8 zIrLuMB_23jeQ={&4Y2#d+|!7duVQXG-Z<(1^v%R3n7yysde4)pJ(Hk+9fJZ7eW*hC zh~+ryJkH-&#E13&MFc+-aBaeG<2t;w`QayaD~(MNdJi1Gq!v_}&}GZqDkjkuumT~- zy)D7Il%VK+sSl6bLvWc)h(4h+boEVXlNvRoj`#yhiM3+BnQXBZ8M2+}{hLQDKFco{P~h9|HP)MTM$Mfej~)$mOv3AC z-J$(rtF*y^t;gS|6X?J?*J}zr-ODaFZp6r`7`}kf-L*z92IreEXQPEB1jXcA2!fx9+q~vWBv!i{pxbj&HXqG+ z)NB1})+z=KbYRD(BGTm~Hfi|mvM zygxYwSz#Qb(r<)8$G}8rA9~!OKhR1=@QprT$M+MVbT?^mCIQ);TO4^dv?cogT@XnK zEj&`(@R0@U)^h-p96sfZd{Z*u#~mgUXFQUixItuAuYh7=uKu1>9QGZtC;TqD63|_D zKM%e4#D!sxy9ME7W%eY}3sO3<3ypbmgrSwFVuT-EEK-L)F#$C>NX|y$!88OM$2ltW zlr!yGuEf;VlIF+1auL*6qwRFL3_spcZP9AQ|?boU6h!iS3uWMR-o!XxbfJeBuppl_4~ddsbgtlZHG`> ziPFR+4zsjEtnohTf4POHZ-32EvU? z=lnbPO9X+V0T+tE8P>xpNUIC%6)kD{ZmqZX=XJxjZ8!eI;S#`Mcx)EwVBv;^zXm2J z7!C3Jg)YhSri0RCi#ph#-I19#{;xukw%TD7Ran9ntGuARP8%t;5T5Brsdc%?ZXNMg z$c(qQ!ZW`uNC2e2auwELdaS+1*$16K)+jiwy?}p^|80w?i!(F1*a8|D7+(OT)ty~TwEtiXCl&Q{u!Va0!Umm7 zxXz1$ldBzWfK#M9gi8ozU%?Zaua+=@x;XcKj^rih-GgKDr*Dfe6pV4E{ZqljBEEs6RuYwjB-o-^42nM_oa^rR@Xvwu9|Z~snlH}A)W}|% zG1=OMT_}il{2IyP&iEproC98^8k7O9W5TrAp`=B>7r&M)^_KXhoz#SDv<>nW_oSe4 z^@Jm^GM0g2|C|?DwW8Xz<%fx^lh;br@(F>xdrtjGHLM;5HVAWA4k4j-D{9`-ZpV`6 zuNiz`jsb%(0{5l>jS$u%Q0*%`_c#UEF7}eYq5&51LgCAvE8B!65kI`qou#te%7~D7 zH;SyweW3Z`-`O@@QEy}ZQI+E|BoMA!_DAR_z$aqvaqh-4n~N92t(ENSj;)ep?|HOp zbPR{ju};S@)urTbT;6ffwYjwLW6rdFBW#4h$)dQeO#^cEpeYRm65izQHN?yUpS&qp z;!wlVgHq9sDtrb6TNABOYUVQLF3}Zg6};V&H?4y<1^f9$GKn z+mB+!2{sw{KiabVtXU?&V?Yi%8!Q@9Aay<^lbf_9N{!9Ac7(vRH(%5k=|L5t?cOtm zo3-!HDeeo;yO->Xe>A$IwmN1VHyb1;@RtY@`9*gNEK`L(hp&nTTqZAp@RsA#X)>*y zlPEJmFOV~#_~YvVxv=pfl}dD^h|Qq^(>$m@T0ugVE)U#dmUzrGlcWn6XL+iOv z?u|b&zV#QILTQDRuw=6lsPX4n$TGSA&B+er;P143?cSG`LvKZ(&BvmC`W;b?xZ1`D z2ZDtAn*Wlcp}$yquRE5Hd$WH^($Byp0Yu?B=2v(hG43naD}(S~?;!C+qe0sJyiDTY zuy#cLb(NktDCL2q>j~8Y(v3)s@-a5{daoNTJ%2<9<8rY$xRMUD*SM2Y6WTPfee;+; zmOqANN1B%1pnpwzHE#rf?NUHn;t<^`e)lVfZF_Cr7E+U9>O#r%6!287d$}SQX`p@C zJ54bn<%uO?79Vt>qVOB$O`;)U?@a09#ir?)a&+QUb~bjT4Ih^AJ9gL_xV@&|@^Er9 z+yT!YkZbSMu(J{VA}MMd;Y648xb)1WsRDDN+&>p&VMo142sq&fYlf(M`usY8VfroV zVAXKoy6uBR+6_b+TyA+j%auk9XKD?;*+XKw82c;PUZ@|JA8nlQB?!<1B*!GhMhNxt z#M6Qf;t?SitwO13+?R?5+}k8%P&e}X{t3`I7V7%~R?|>O@g)maGp0P7bKQd1Xt29T z!G?IvcrTIW!ZqwLmr0)F0?q^6O=@hGMsI*3oLe)veujPq2cs+;w$`xc@?HAkR z-=Mx*dP7kNyl(|guE*VPe|T1SJWROq+_bCgtO~hK=ztF|(v1(q=td6AtFE>}>P(o( z1!RyxKoe$cYdscy6U2jmn90(D4_9r|fG5j>Q*}e=rwf}wMXq45~ z89IxCF%Yp^2hH287CFEbL%EeTsX7AxN&xY4^H{xUM3*i^mcv&BeU+)&YND%^f`bFd zDeuT~mpE>Z0PC7Ql7UA-REIcO3c6Gci3l~+pRzguRRj-t5$63#mAiet2l3dKo~P=F4paWwDMaE^E$P!;7V;k|c*X16j5&z( z07qxew;PXuw-lW@w)fK&{qIfO+fr0Rb}*oFh+tu`tRK#a%TAsj`;}7!Nzs6@!}xTtB<%noj%(R8T(J|M$Irf>!%sMp3AMnjWhDp z_n870G5fWI{q7Z#xoV+&^XT9hF=iqm>up}n84HI7&7P`re|#k*P9d&wHEQ;pU+6k0 zsJ`Xzv}GkAqo z){cm%4$a6RN&#>V*LExk-kZ!9My~HKBeXfMCT(@6n|BTRzb}L&)+KhhZ758!pYkXcW#_4>N7RR9XyL zkc?90Siq+&YF?v0YuLr%q`cU&-2L;J*!lxa{1V}tgf5J)Ko=pXrsJrTOCeCCHUu)n znz_VzBC7TD5)RP%G}26LgX)Ra(4YDfR-QD~Zo}`_==ETku`k?@jT1Pt(=vPQJCgi8 zU`sur&{i0?@GAX`os9)c^j+aIdQQu4}9}^u_eo7qRAr3SLvB z#@4ojpvZUiVG13K`sg9P5!OlDe&#dglXe18UxE0v7?WY)nZ&}jlFIIMgXptSa`V$; za}v@0&im9^6XlF=DqU$5_qPfGp8q4HeL;Mx4FbcPtAnf0TqWokv6X4RY~^Qf+vab< z?dw*zb4tLQUcUHRq;*fAjH2Wn#xd3@^UQV;-@AAvP@3o-VcLw0DTi~LJgkKZ0Gexq z=|<7@lVDJHRCFL*Q^OWL5eCQw_Uy8s6~~G{3vsiDk3!F;JyhM`NzUPgGQ*h(?dZ=_ zosH3Z_TOlR1uhdP4tU}-tC39q{WN3or{NICAbg*MKe>+T8_^9fCRC+dh*elHJ5Nv_b zfyQOi)0C4bdzbh(9D?nT`2Dhbrk`DaZX-w5Z0sU?9@IUTBb?WJQq)g2H z7y9O5w82q^evYUyUCSVtPc%p310wMt(e{_XeTfif;)b)IhpmXK%lI zH`7uZk7~)#Wl-|HsHXCh_%Kh+n07O;NM=q2zA91@m+6sywt*IN7uSw&c5cnHT#63B z?+%DwKdz2vs3+>7{Ck7^s4EoKJE5D^%gjm=ogiyy?NUFBJcsc2`qZV_@BCUr`KKyf z{0BiGtS8${M(MlVh<31@G?c}P6*pU;_crC&Hb#hv6_#eHz?RT`J33}eIQid{`ldoX zY_f7)>bRsa7fZ*Z0@#j*i+;2J-@D)d|K=a)9B95E!=^vx-1W{diYeym(%u}n>(|7N zUpZ``)~#7Fzd!jri&UCy#}SbA)t9#azTMlcyQ@CF>Eidc91@f_`sv?pv7Eb`XqoFl zWJJf3+1%7W-%r&K)fY%sTL2anSuwnG72o^i482d>ZP$UdjK@VcPmVCad;7||e>yP! zDnFhfRXeX>ZFu!OXV}iTy~MxrF*j`i!W=r=_XQ}to3S?UR&X0Dw0plt`a~8~QSeq_ zV^pEh1jpT~C}SKq8B!$^v|EF}nauV8apXtuw!XY3JPCgQ&k`q0VeW-~t&bq6&pcFz z6Caht6iNn^#^Pwy~q3t;ACg8n|O~=5^BAU;v#H55? zdwRf`nO^IC6ztccMw`zw=6{(Wio5VPJ}u0@!nzRqf1P{eUrH@@1_?e#L^(w_rCPtK zdofzlcxi)`5=v_tVt62P!M-gP?xgs3*lVh_x~;*+;|$FbyaYCXRR!ozoq6azx~n%R zp&wrpa23Ak1G1gKD}z@Dh!rOS(*Rd8FGzZP&XQmg@OVH}AF8SJKCoTMPrKXy4ZY56(J#JRLc`yT63A9jsVp?s<1SR z&m6Fe{F$4D1OzfZCCG0`Nql3`hTPv?82t}*B z)#wq|6%voVfgcFNVY`7g)&b$_ztdWl*hHtEcKaH{&lWphLH}e7FW!G60O+sTvq~IC zLmi{8vyO}UQlwU_&Mzv_>hXrwZ=5)*&**+-%|1*bJASxd(QKA6E=!P+>-a(y20*Yp z0(eLDT@CbmVi zG>R%iXm* z*D#lVs0SS@qh93e?XZRv?R0-fjrdplxF(ELt#G*HZ~o({@`|U3v_}t6vuA;{hfy{^ zme87GC`bCM+kXiS_VZyY3S`pb<%KGZY!jXxtk|3T_S z_r0eUm$u61JTWdN%x>lU{8Q;g8a&AEmllV?;)_ib<#0-sH9!M zE=#}vVUI2-4IZrAWY(n6O8cc2lFIgGSu#pH*mK>NRvZG|si>(GAByTa2aLGuEHw#j zuL`bcs;P2S>sY9cxqZLBNkq&3>{y4 zZkB{Q?9kJ5A%&=Sfx~AghtXtF+2&S_ymWFSx{CkL$wTu;<)Hl&L%`s7uMAJg35Z}r zcidY~8f^66utnbFh&ElQYE~kh4_B$x`zygUi2A?)0!*0~jj>eP?M$EjP3Or99E>xI)*|;Hmm&B#ogQY@uZ%#YD%|ZBaGR-j~{otursMm3_V<;{{ zx(QX>8&KpGp-Uj0swXVa zDks^rqJ2p7o>J069ivKE1f{%pJ*)E{W=-Egt3b~!3=U!^(^XsB#C;#-=h*I=85s39 zJc9&hJ?#qBgEzK!4Ny+2gr-rNC~bQp$ivV^2G?hX^41G={koOcaCf_SQ-=B>i*<`&Tu)qVF*K((neiW@ z7ilkYc)*YDnL3l7pIi(O{txW9(%ZZ0E9D)`Q_3FF_H?+3-y1G;~Kbcie;fNptZWj4;#AkHjib;62W(N?kqc+DajaZ&ZL1yS2@}^LPas6>}0)Psp}gWC=r@- zsKtzDRm=Zn#1h8`M}1Nnqcm-wr>_CQMf(UY8qz`%LG>vT{eXQ&R37RMe%V8=gXX)H zi2}hEHY_{zaE6D6tCrV2+HcjcvVVKx_!QNm&c=i=Rv6^m!s4cIZ1-ziJ5jCQ{h!WJ zJPY(J{z*ZnC&E0LJ))TaT&Tsm`%O@kCZ-z{y|sHX)Kf{hI3G2d52HT?$C(u*fm+Xh zr7nh~6Ea=Z<6S0cOEX?_iEwCm^bB4Fq!$a!W$#%3t1&<@obi_Q0EFV*)OUjC2xvQ2 zlzziZ?t4^op)R3^@XYhpSm6j9x*YlF4JFYe`>F`i%EI`# z)IEVcFaT>nec3WjLCfyB4IO3qvMBOx(dtpS$Wg;gwV2o^+0J7W6F7ePXLamO-o8)M zv4HTUL&MnXlIcW-;lE>Ufi^E{4o1qs4gB}@I6iv07G-gn{7nL2QJNwWsYj!oRrJWE z&baAJEOp0kD@5tRrWzK8*cbUhAIfcxa!PeyKVDn^>jzBz`$NfJz742u|Aevl95*fNf) z-yxubLCyW>k~G4+^Yv%P-mx)8Ij0p1r;! ziU!5_wJe{cz@+xy&XvO?lw7`-W?}Y}X;4=FzoOnTtkVDe{@&R;H@T+CHg=xunp~46 zbFyu7ay#3$-AwIjvaQK>-Ti;Z=X>1O^Xt)t_ldRED`U0*Hvag;kM~BDQ>w9$(Tg5K z$~xh2qlp-Vbb6H?eXL@Vt%ir*2>R!n65dE-q2F>DiX7M^Scc|oIt7!sj0}Bp0Er*x zWH3oo_%~eJdQkDV;gc%aLM&6FH|34K^-Heyj_5(K1#ERxJ&OIwRGw}=R*OwgHAzm5 zBee-dSopokj#C4snPyPkT{RXud0pao(TkLa?dLT2d!? zk`)CDndDq~&gZS=bfx?SwfP0J%fMX#rC`??o_E3ghZ=DbobQAQxuZ}?k&A-_aUQk; zUPw%lbzssn=y;~a(bnson*Vus$>sU((p{*Idvd5QS?_>ne&5wpp@#@T7f$RdOaK&5 zTSrDk#Dpxv4q@ko`kUU>AItRHzfSC{G?+}{!F6hriA;xj_hF)AV?r{KNGN;Ph#}~F zz!-B)9rr||Z^PE$?3n5M>Hki^V}=fC4+qg2`3C~2)TDQAY{O@|fm!La$A%by=2|JvUQj0D^dn`#5+@58GRiPoaC zFqC9RW;Y$`nBolp;5`r;id4fe_s-*$G|K#BD4oghTO<-5%oH&(=8f@6BI#nh%0B!c zR~HhD$rk=au&M?SmlMx(VkZcFnc?0rxS*$BYVRTls6&Nh_`5okgL|Oxukz~9H-90R zEViYw_D@6eTBjR9*80h+N`R@9E^48zY#oF%=3jxo!q>YJ&QPcfpR*SsBQipmk>> zEGg5#usx~d@_0m@G1-DjmGDWoZkC=FDIyWZ zS6uhEkzQOps!wz7Ht$G%nOI26@vK3b)>eiBZ`MfkZ_MM6wfCfTFj>Kc+#b+_txSm*=OT*&d7IBWt;N+`9Q%%l28@PUOqpBSz70ZDaxyk#_{8 zE~`Ng0vcgKhhvAmw?Nqa;CCpm>`^EqUab?AK<@3BGnh+FH}q4lmr_GNI~Mha+<()0 zOcJ>#Hge7AYbxWeVPZwyRyk@k*hsILLHVc2(x>fEI78s-n-ov1tIy@Kj97eGo9oM- zJL5(=CF^zN(tGZo>v%Xid)Agh+8!S5-lHW-l2DQl-s%~?Dt1ev@ssZ{ZWS*Sy!qsR zIl3B>H*j{=`aLPw(wDe;zTajB?hw5UISI{-`E)1%#^zVyXXq-`cHD`ME4OqDe~~?G z@QRrQWd($3UjzlYTTwed(qU{_K4|n%4M+Z1mkYR)c=x-FDkk9sHBUksQk6YQj*TNr z$a|3n(PvGvj;YwqylhJ%1J4aSNwCJR(=x%=;xiI>pmxj-ryuz+DMd0f&N|7CYU&Rc zqK0*p=CS)TmPLc?$reTgBCY>d&8gRQ7V#YP`08h}9UZ5p<#i zqkF+}PfP>e_?$M{-E@?%E&SVI$NJPfXt+SI(J@1PfzZWDR-9HeXNLi4F~LAe{6Obp z5OJ$5K|T%5*{RkR4C`O7?wbPOuMk`STjTQ^GIo^we9G0l+IineW&KDxR6)Ejh&Y_Hc8QHF6`a@$%XqoX30ZNcsx4>ptMgg0A z4utZh_9_YYmyY?r-?EEtIV<_%F=qpxHlEk+6C%FFqg~~|P2@kEMtbay!$;UBC38&X z<%wT>w;x`L)Kn13rm>bB!X{AQLm91{Rq__!kTG$?t-sXPh(f~l>I)DK;^B!cF&}QM zPW`Y2x!hHD|33@j>xVVEh6BjNhk#k(Z!1h2nCs#?Rl}Q>#e36Z?c@y#iaX4mgg5RP zrIq>xKpf^#^|>wM!cZ^9TtkW{AQw-}x2Wm;1cruura{0zd4I;o??lY7;_>TrD0X6r zUmlzYbGgB)wF9I21xs^dx`4=2HfviBmk@2r_uLzQ)7`|@!=~h%Ohtb<+gxo}p95nA zkTPVT9MR=lW3)BH>#WJSdIc-#hG@RKW0Px68VG_a0j$RTDB*a{x}G3??{{8kZW!e# zT3ODER}6$B{m)V#=^jgL-`bz=liwUW8ART(BgkcPf@9jF9Vi|ByHTWKFW0yF;hR!3 zDp-8g9e6yM<$e)USWGP&D%wbrwkL53fixcY6frdQ|b?(Q#$ljVursg10s zsqpr4{sl{}xT!02FQBnG^MZ~m6kj;v@+;lXE82nP1TkN^eNxLJpmN~l&t`-~o2jrf zn-dG*;08Xg^9!dPzOR7h%WK8LdLCq)7Jic#J{6V3e26Wen=2aX@{cP$KloRntN)o-`80NSPzhB$JR8Lh7M@CM{4 zZf{)sxfJ5eDpP#xr@?d@x>=n~9bKNtTq^oNcE-7~Ben$V@q9iilGvKN)=K=M6AdQFd-q z`H6o`EPM#+?!5_-cY-Inz;E7U9l7m1dR7G@^7W?EKYG?OuWv~a*@m8WQD-u)Jb(mS zgie<}By4`cjwN`*G^q}{Bp|pNYXwZ5V)q+)st;I;xZ|jpHNJM$c zhN+6_I(RZ_=%7FSx%us|9USZOCXN~``F6sp7z#{4S?ou^F?H;NF;&$eHV?E&mcD!_ z-pj6uRX*>)Jzv@tI({7K_u*{|1Gj;QHfkFVGy*a=FrvDXem&qECian9I95;i@^GA= zZ{w`%x6r?6<`|`1M1kSupR96z`MSqD01QMlP4g zABQo{j%A6j{;Pfs7Bu&%(_l$SH@-|~?0CY9Lp0^}}oqzY1Pg8+nR%h+h;dcx#>tHwNRQO269~lq1ttF$LuJ zx|DTbsOx9m=+wS^Z4Y__mxS%V|Iq4L}xh7v1`=Li-S>~&bLmkLj z1xtiLBD#QLF8DJr0wK=@ZS^Z`NVr=Y0k`fAZgyXivLdj|zb|GECgfGz6N868FdtUZRoKRT_UV(zQZ|>JGVw5X@oP4~G6Y*5ZR34OYPJ%NFBGMA#2o9gf;lymiG{Q_1U}%!Ge}_}Hi#B1NWi zHijr*Tu~8u0!u)Ff!igyghP%B@~dri>og%u+-PdAX0MABGQV9f2jY)C2`COKtu2j& zoqGQ5Ph)ww&{T1^w5^(A_F-jyq{NlM<1FAfz7m@>t758MTQjUOkcZrkd%E`@xo3^n z6z3)p#e;dFr}?dk{kH>2X8*Sb z`M>OGGsp#2d>d;*!cG7Wo`Tu5&&Ut=mioY>&e9D6$edCPt^sT8E^Ltb0Th{gs!|ml zwd^tS%iW*tQvD(kd;svFhoz>x5m#rw4RKnFHiNQ;=qvODraLZ4e6EN3!m7}Ph)O|7 zt@d=cbo_|7*_@>V03}e!1_ok!FER&c$5?0X=mzw(qlO}TYj{!%GJTWtwIGQ_oSjo& zelzm^buI?WuAHl05N2ge*Jo}0hD?2jlals$EF?kO!hw1zHE)cNgtAeI@8++ICZ5WC zaT1{TjZ+6kB(~e?`4G7HEEV2DfBBb+;);;oWQxs$6WOUF*f7U(Xj`Ah%ynNRS+sd~ z?h~2UZrs1d_+yj9@c>(?hV9;gXSnTL8_MKGHk)rfhw6{$&`*U|L2=ap$r^@!QH1D) zvff`O(qDpFbY0w8V{jDMw@_TB#&5`ZA5J)V)$dcmI4aiO6*u=-%qff2`vePj8`m=h z_a5OYE2nY!XEU4*D|KJrzt9Cn*^zxcon^%zHt7n#O^FbtoGUC&(7hC;YSl-3j+ME{ zx#e^9%dJAly6!T&jM(3BEz^VkmnA>fsLp2rt`fK`;P7W7I5;W!(IZDcWLa(Mpgw-V zEU3wOAkW4$T|yr^shlQpZ!+>}B1^OImB&TM+$F62+I)UUM#%7|P{Z_E+gFl#9}NzG zy&v-*3O3t~zBWjP-n*sIMu4MQ){_+ej!yP8ypw;-+F0Ckd%xL#(1bI0A5)$`jfwp` zVmCV2M;R%*C%N7wBEZ9^`M)+DX7jBt`(kt3h_^b%4c}|dVe!m$8X?s@l>0~6{Slfq z?{0VXx4sfk0*M1cTygpN27w4oNO?bPk^Bu@_S6?8tcMy4+5=O;kEUd!g#O=hD{^U; zEhM;mlf}uE34B~;0g#)$VJWHKlAnqJ_)*W_QR2uv@m8m~(J1zj{ikj;%`jrVOXL?% zE-%b$kZMRH?Z}Q}FY;?kSBXZUzsUGDRW9M?)3!<@zTYK}tX6p;A@ysCqX}#*G>NXw z_(*tHBX5=?l?xNOByTRY&}X~@yzXUSBv!t6uP3|d1fJD_Dc3$on%0BP-P)S4#yD}s zVk7;_@$#K9Fztl}B{2@lixI)3*Frg_$Mh6fYkadPr_I5|iVr5@+ns(v@a$R4aaQr5!&O`h;MiQ$N(KqUa<7D2>%w-DoIjF-OzB%o=b2< z;!SCo1i+HB77%X5H`G?o<#ha2te`sz!JDn+Z0O6_bx$&W6to`hNF2QP*@=43bfLy( zf<6}JV)_ljnqbwzNLeRoV+>ZaBX5O~Tgvx67=yJdUxr5U>)28_{{6{;bvi%ZX#4;FP}N%EFsB3K$9*1`U56eG zQF|TqM?DPKk28}^zrE7a8#tI8Hv~VW)8{c9n5&nbw&-(|Bb?^`IrIOD-$=m<)0Nc| z-}{lR9?+Us9hebV`_H2Qd0L&+xB{g47LPMP4JCPme9*3P*=V(F)w!sD87DMq32-+( z3&fxWqn?1!BixLeEAaSw-X89x5_^LPe zTKfFgZR0}d-0wlUkX7M^O`7@!Sa%>Pr`91pm@rid)%x{U!DX+B{3`N~p-GMvDTTt< zCOh|IMA4d5fUe2e@!yDDd1aX&EH1~2E{@X3 zWW_>lAPX_XOltmnijL`?q^cyGr=@xfs4l@7PIr#3ID${Ut-w&b9PDnw{rj^HycUkQ zx|Id(13X38O?|1{@7L#6U&XCmLkxs*J0f-yZbj3_oBUT9TkTvL$vdk3=x7~^n72A) z;@y6P+FWg^CRZ^)cQQiY_Xm{zOc5Oc<6G(ou8xX2AO7Yu{xTnoZnu_jGXr#K;VDqr z!;arO_`YavKR-W#|Ccg!x1j0#ksjo*i1^Z<(B3O%gegt|75!?P zexpPjTA}{yp)cm8I&Dh*tDimb#)*@klo?@jU!qH^LulZu`o^Lkbu7yc#LO_%<%5-I8M(lp(3!Ev~}hZa+0$PI_L>^A|9I9y(10Es}3eqKbKo^ zZdM29>iOuE>wOKVn|Gh(^y1F=S2rf}887b)Nb>dwRSyK*QJEX&>wlGf$fkM88F0 zT{AVVr*kvhg~Z<#uLDVtYmFf4HEBq#mJCCU*pPz#PAmE-Hmheb~mMt7_cjOuVu4?VX_OOuaVaKTen1lUJK?Oa5t`d32 zht!redNFu(p0A$J_?GlX_9P6Eq)iCncqESlG;0%`spVmL`jTk__Mk_PdSqq~!N3R9 z#qEDk7YCm@WN%Z`1O8kZmT}ac$8QAHe6XU7zK_(8l!mr3Fx`)jHJ$H_x{qZFaWdq= zJ@zr)EtriDj{G3};m@OtwC>VS$_?gqz)4X~$BN&+4lc$v<{G%I>EsZ{sV{;k8vf`+ zeX<3-^}Y=O<4Vc4Q_d8islBnyBl=Ae%Ai>t(UJ3N9(W>hZ7MO!x&k{8$XTORmPv<_ z))Uw1EdqUW3Tpven(FC&gO_U?AtHD21fX$rfLCv;b%pEytiyr!A~KJ5wuZ>!VCFLt28-=YWK{jTw|g&YRMNc zhn-zyJbukCy+Gal1*L4B)QW&gK41PltVY(2*x5Uc|DV8;+1jFI2V2CXfPV^1{CvYv zMn4OdN%MSj;l&~Cdzu7AwUp&uFNS?zj=rv?cS`^750hfBGhepExBdk`UM!Y5U0n^V z1p@nQ|3^5t^Kokm0R{29LdLVLhaC zDpB^G-r*$^Dyy!`l}Uy1$?L;P&V#;_r?VRNO9X}kh%~Y}?Vx z5|v_#$b4ApXc8z#d*r}^ml32epW~9rXgs@$-&dn@V7PfP4`wC0#8U_ySn6JwG$^YP zDDy^ibu$iGeKdFR{$)7PV%1m95E#+S?;D2JvmZi3gA9ski-QMD}c2Q;~7BF8)sky|6$kO^8lt`VMI%t-t=F z-Pc%whxRVTGo2n1jxw@ya_*kYZSHqadD-QNI_i-1zURV2)Sx}2g&R7!ZS+$FOeLGO zi-mZz`nIRrw2=dZ~@KQE9)#jb2F+K8@`=K2=tY;ndMa%5Q!ec9xVdD4A#7y z@-tTc#^OUDZ0&^BS`1>OWLRbtwaT8XD0FK`^hwlhqZSD*fa%*xR*=W`|zW z?p-`oziDr_Bea6P>_l71&#iy!D!(*}`io>@^~kBrH&5vCYWo@W38df-PIo(vYeoRl zw`tOc3=I~&@HHL&w9|-lQy@iS-;}>g~N97?%E8PMsVlma(=wHGuj?#Nw!a zFh6VCA0xG5FR8^c??r>cDv@p6m`3dsm1ZQs75ZF0)OU3@&cnRs^uZjOMV&x3_$O6g;V(akzjQ%!p*wU zqe}aVvLr zd(Aj~BbGHrn+8eAJJwC4`y(nk`F}g`o@WV}u(b;BUXyrH>(!fc-fidY7Qbie$6vV< zC$+CD>ny6TayRnvfO0zFPA(=Ll#8fAKan=#D~`mgBsgOTX8){!h+-v(Ad9 z>1@eoRKdz15i?xWQ4!?mypUVC6o(R+i&YFTkXJ-xum6k4PiXEjz7yD7wqjAxZ-$*` zMrgjr=(yAOj1<74qNDm88@m91T>cK0bQy6C4T-#q8iV&#h8FaqtwJp{y{OQf8jKLx z%B}#w^D648;7Zy!D46YQ~U+T0Rstfk|O>uhko3M8l8@^T9A4+6-K(9Po6Rva$n|Lc=^CG^&pn0We)C50jRa-b zT$jfbSB>efuPo8RVUq|igq5@odN!)T$b|(LuSMe0>nd1D@)=m~<=zhZ9f#oZU z2X*7%jIq~9N-n~7ET;krZBK*ScYG98*D;B9eEs|*R8!>e!w9EtM(VnON^2H46NDEu zsjy%FxW$#acwTUbpIsdoja`|0#MoRNvZOc+A4~*V|4!Uw8e{$ZDYaI!_EHgxTn6U? zSBeJX$qcW8xBF`D z4yPb{u0mUe@ckHY?$Z^Q^k3P*Je}%7KB0p!DX@64@h}e95w4|s+edRRntoFj<1#4X?c6jhcXMds&WwgsO?n0b_IOi zCXXG3s$H6wD#K}Mo-xta_me~rG2xEYjF_iCWOzDD-OBztu8W}klwL?GlZk<`9qD=A z>jDbV;ZbHWLvNsPLu`-Xf<9Xi*Hz*|Bxf3#hY4-y!|U1dw#@b}ZkqS2*cnqtH+a<|04Tgpx%V%7GR}fdfwFuzs!gno36*zL5_o=LR;)T6`&j% zJB0H?s&hC#jc5Uw1BbnNPFCh4{zFhgB-wI9e?qsJ{LrN&2@ZrMITbYOF1h@!JmFUeeWTZ z*>Wa-eJ0>;)&)VP>BJu#_$}fPCYb1O{t=Fve0MqQ_I~>KZaaCId9hX_R@sOUYKBe^ zQ)Q!`xQAL9j%y&8_g)lJ4^q^;>U+iSISZNeg(IVwest||^LzhE?54*hs9V8|&iE*> zqi<*^G@|iH=Z9Us%!AxG!555k0W6PZiya`Jk0#ws;Z$8DFQoPss<=rD#GOh$dZXAA zXDzQNsWlwg-4Jxh;#cbLOPb6mhFv*W+!ME(6;rTpcf;CRZiROj>x?eETPic9xFGBb z?-CN$m2h2x-z?1?5M>JKrfBwQ)5&71CHe95Jv~`OCgDiE!yFERrx5QQO28Ulzj5M* zI7i;fofKg!TrZo5#9HKY8L+S{2(T5+Yg`khCeGvJ)`B`yW?2ADN{2(x!3Y6TRsj%O zy_Vm{8g0NYpI4SxqZeZc{FmEG-)*OtXP;tK$O^IMiahG@u(?rtNrP(YqYmhHX z>+yD15O35kT^*R6-)I|tX3GH9AqoO*jFpp588YF~rlphi1HB|$@(XEJxqJ~_kNNM% z&=Z@RT}C3h$g!vFZ$6Lm8Z7c^YUh}WN|_w9+dMZv8~jm(+(_@bEg?J=z;4j|$gHr; zrJUQ0Ugm^#O@^1(&6%rp5l7%E(>C&D$9r07ujac*ZE$Ks#?R4{Bk+H++0rh~9D;sB zCIP!l+$dCLU;WN3Yp}#2n0Vw@XC`{z+uhkdiI?D0gVQJ_!7E9nv z;j&rvam=9?{pXXC(9c}D&KECvzGXo1c}?k)-OeCK?+_7sHj0JOUi@C&Z3o;}62t@h zr*D8?>X8+Ji%<{p{t5_!tH%YLR&+?bmZ0JbR_ybVGU4{~{&LUz0~)N^827&&Y|Eux z`cUbIxrbLE0Z zZ)f+_t#w6&d7he-TM;NUISmcRCya=mmHME*VpO4JTpM5SzEIU4H8wst7w}%oj`c+} z-M|w#3=SyT%uIIef1+MPVpzeY%JEvpByC^Q!7`DgqwY|_M?A#BaFsu_6UlbgMD>z} z5L6%iYl6JEQXkee)1ph*&B@LaQx%_gQtg?<||8{q~r_9$7b)t%S%_qEka9t zd-jX?b|*_%krO*9M8Izr#r;sIATv)`c$pNfk$Uq-A;`#i*5iKuSGmT0m;`~WYR9?q zD(fQ&brN4aEn)*sdD_Vr7T3Oz=Y50T;gW2U zvUS$9^m2F)gdX_WtS|PJI?pB2WJm6Hnl2ANm)kfe&uUP$zxt??n5n)0-F@EmH^npX z;~KTm2Ed^5wbYt)kR88gu`cyXcJ4JuLT2B~WLnLtk3IZrk>W8(X(%p5|-Z6`pkqxgZISv1Y7V_5P2P_%5rm(_!lq?ye zfzUZyk}SR!8wDKs^Qr)}P#D5oC1B=(-q%JwtAA?$$_gUC??4DxDeTX228_@88PR_o`Z;s3)()vK1c@+OoGTc7}El8wJ}ACk{FYsD&lnyMLVKFfhpUskeu@Szd8DtowSQSqF}24h>RKl5hX z(L-M|_2}0$p!SjqIyoyI#V~d-WefZZh~L>j?~cg};2DInQB8q}pA^8>ADDl>IB#47 zf83AEDA0o&A-HMz$z6hC>FiM6+uqXh)7^XlyIf{X4i5&$E$6YCKTXuA{GD^kO+oX|4@ z*bE`37G99M#wSDvstRDUmby{wj+b&e>a2)3Gg?G8=V+uWu^+Wv1j?Cz&o-}vy#;&w z?g%VhMC+QlOwg7S+QWA1zn{ep1(Vxf6DcO@im>zCH1GSNFgqtDyrz(yBVG+>=gJ(M zwJ~4|`9BG-d|zN#U6F>}NOv0CZfjYeM5z><09$PGLH*Toih(WVcn3uOUYB?%KD1a4$=%-)L+_*B z-ygHhxz`9vcDc8$jkU9UVAUt&!uebiS`Q%8Rqn;<(-9n#{;=8vdvF3q5`09-P2S<_ zK#^#~S^A}I2>*d^DEDC5;t*xLEm`~;qM?KXb@@r(4ng49Bm0Y)mnJa@Yi_E$Ez~qw zeFsu3Fn&1wy*$!4@$YAHgB#Y$+@v|D6$8A>fUry5M4ooS<3b{i#pa7c#y)BEump&_ z=A4AJ`uU&AH0NTUVvw@u7s@akzwga&9x2dX;PWw0gp7d%~X}j2X)5b&?53H$y?)^ z?O$qo`r*$$7WB{W_z~RxvwB>! z;g~4SZ%Eo`Z;2z@A3*Ixl;wlt|J~>+2kowf2rZvFH}kGphF$}DV=T4u&1}4LtvPx z0f@|?5k6dmf8f4QX5{>*4)eR0UbxqE;2w>#yjb!yAb7{it!Ig9l*V`3#CMfhu|)Zp zgrpPqHSQ|TKmY!=YjNqn0fHUHVMF;Q2Q=gQ&lj{+lXKvmlHh`$$`=Y~OZ!XjF8+Cr zkx-?R%!bLh9uwaJnDn3luap-p5@EUTX%bxRE@UK?ht2krP+dZ`##BzS0*6_gU&(_K9+ zZz64j8F=fqB%;atwy#UUP<%btIM;S6@8Ti>_ZUB~agE>X9N(xybT*K#pv|fj(T@3C z;PTIq(=6qG8D>)$IlBorobz%lwFA&h*83vi0F63#(`DTUAslteVL7HU|)3VfQYoiQZdD#8~w1PWJIQcR`_2QvGY)~Vj`0{hu>*?4QVKgj0~ou zd}4U&ZnC@2Z#Cu@FSvc`Px?$c%s=&c5hw+J zG)IXaa~XbX9NQt8NC z4^FqDi1KPvHsF$%B?=-BK4x1+j*^VED3rXMcPQZxXypi|%@5wz`?G1JPJwdar!?ho zqSOn33#;Sg?Tm2JHE`9|g1#8|07W>Wp5-0{PM=9wL%bl0TG^7esHwu4r#?IgEvh+<~ityf^=N(>H=C&QM)sB zt?8%CIIe?^w;pcF87fkuW%plDfHDfNQo5hQ^#_JP2F-STvZ5|z-eeOqQ0W1A@@(jW z+Oysf#@^~qz1Lt3`i(D@Q!~St>s_VSTyiiRRk=K+tKAHWdeaq|k3Z6R_j!V-b7C9J z^k_73V@wkh@a9Mme8C3?D)!k&g$mjcO@&I<&is-%K_-K$bKwLUmh4RBN^WZx4%Gto zl%iG?)vh}yG9~8440ajt6|{(2i}msQvd(} From f833407265b8e78c7e9087e08bcb98a0085ee967 Mon Sep 17 00:00:00 2001 From: msec1203 <30969281+msec1203@users.noreply.github.com> Date: Sun, 8 Mar 2020 19:06:10 +0900 Subject: [PATCH 113/714] Initial upload --- suspicious_use_of_csharp_console.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 suspicious_use_of_csharp_console.yml diff --git a/suspicious_use_of_csharp_console.yml b/suspicious_use_of_csharp_console.yml new file mode 100644 index 00000000..0bf7988e --- /dev/null +++ b/suspicious_use_of_csharp_console.yml @@ -0,0 +1,27 @@ +title: Suspicious Use of CSharp Interactive Console +id: a9e416a8-e613-4f8b-88b8-a7d1d1af2f61 +status: experimental +description: Detects the execution of CSharp interactive console by PowerShell +references: + - https://redcanary.com/blog/detecting-attacks-leveraging-the-net-framework/ +author: Michael R. (@nahamike01) +date: 2020/03/08 +tags: + - attack.execution + - attack.t1127 +logsource: + product: windows + service: sysmon +detection: + selection1: + EventID: 1 + Image: + - '*\csi.exe' + ParentImage: + - '*\powershell.exe' + OriginalFileName: + - 'csi.exe' + condition: selection1 +falsepositives: + - Possible depending on environment. Pair with other factors such as net connections, command-line args, etc. +level: high \ No newline at end of file From c4671f2225c8ecbda32201f7a89df808cee60f9c Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sun, 8 Mar 2020 13:06:35 +0100 Subject: [PATCH 114/714] docs: coverage illustration --- README.md | 4 ++++ images/Sigma_Coverage.png | Bin 0 -> 216689 bytes images/sigma_infographic_lq.png | Bin 890720 -> 559922 bytes 3 files changed, 4 insertions(+) create mode 100644 images/Sigma_Coverage.png diff --git a/README.md b/README.md index 6d01612b..86f6f714 100644 --- a/README.md +++ b/README.md @@ -345,4 +345,8 @@ This is a private project mainly developed by Florian Roth and Thomas Patzke wit # Info Graphic +## Overview ![sigmac_info_graphic](./images/sigma_infographic_lq.png) + +## Coverage Illustration +![sigmac_coverage](./images/Sigma_Coverage.png) \ No newline at end of file diff --git a/images/Sigma_Coverage.png b/images/Sigma_Coverage.png new file mode 100644 index 0000000000000000000000000000000000000000..de012b86116691d13645fd7dac46d7cd4da0b610 GIT binary patch literal 216689 zcmeFYXH=706E+;>QB)K}5LB9mF3m!R07sgD6h(SfdJP>yw-P`=y7VR>(t9T;9RvhK zN+{B62qBQrd2di6=Ud+M5ZZ=Om4fKAwSd>lGGV zWOO7VBwN!I^)Ti^%zx)JuC z?$5xrMBhJe4TrbkRm!PVPCaHF{Ovc22rut0S zh2#gplhRrq3nek|dWq-nwq;oj|2$j8q&q&;_kNGRErFnULCRyvzDM@EJ0?!w`?}$k zz*5UmE4*z2p16_nu(iB)QCssQ@c9n9-e* z7GF>$C>ET(G~aW5hxUh~>1%t9FVE=xu4|e($zHxgEGzN)t?B1+^va^Uv8$RG;}i_N z-=intYGQ1nW@2h=>@DWgTuY7#Y+d;zKIuILC`Xs~cozlC=LX6z-a59M-4}vV4bBgg zbN(F|`#W%MfcPyzA)5CIQ)RtgB2pl1JU;x`(u0&=H*6#c1M5u3_Ti7P^FsbLoEiBs zE@>WA)EWKNEtCM*C3#?g0DTZ)X|dN!qOyb)L_QoZUBUL%*`46W^`wNQx#4yRe1xUz zNx{c5bp_fbkPy)4ODAz`z8rtM1ZVIuEPZVr5eDQdy3P`UK|McV4Rt16vv9&L3~314 z>t@u=RDONzT?Lm2ZU?`dS8Ve43EyK(8TwJ=6-yKLZ3y~1a3$~lO~O=nB#y0A&~R?x zx(Wf%*FeXB9=!E>$(n*NF!+`5MCbW|p$x)Q1!o9r#9hfNmi#Lf$?-nw`5AT1{QfGD z>gFFM`r16GASJ&=&{f^B{px)w@)`mNYkVg@mg<_yS7%KM0@|#>r$h>j-lfZN&PZ3> zIDZ%keE(t9^&|PKe??%ivK%67P@%NH1E5za8lkImNY;ZQrIs z<>yy4s3wPi7tOLjuZG zpO;qLZNbiX4&!)3PO9da0pGr74kbf{*{%KODSg-x1&_uha&nD4hl@w5*p{mx^|BWP zdy9c>lVTJ9LimjQ4g^%-SnKnd3SG0jJGlWZM?^KDYn{NhpEvf|;w+pz=tX`md;OW_ znWg(|M%F@%2zc_~~t= z2M}=fB>@3ll4y6zL5GYCGcgA8@^z2kz>QI(^v%}JYIk~sM;@KH$M|#4+@8Hz8}YjQ z8w?dLyl;yl#mne5=NoffyKtW06cprYJU>z@mt!j&D`_sFghAs)cFRA#ruOJh0~;CC z0;aYNfV;jir#suz1K%{4^4uQG-BCYaHa*%W@Fy?i_vk@`Fk5=mUeEpUt|{4&Z!HuF zbJVj8u@*91L7Q7k&FVGdd`9VRqjpq2s^~noU4JEVnHsVopWZyLmkfb{w&{L#p-PYUqOy6EeNno%%7j zP~Y6_(R{yl6&1Tjc=;fXvQnOR8kY+6;?EC>-vfR}{#btp1Z&zk%>-HHc@72FUAj-IM2d_sGpJ#~m{vd~>X3}!8~KjUv&QkRQOdKm83 zvf@zVkV-3{7%?TynEt_L4zv24weIeC@VJ|UP*j&Ax}}cOA5Z_esgyCj!bvbtQc~+j z5t9-h*6njoP+G_6<`2N{T{ErAj_@aRaElMk`znZH>?3f@$OJQ#%}Qi#A`;v`nq4;A)U~^}a!!+~y^``qWQI zFn75FAH#~&oZZvhFfWoAaKyXVC#mrm+qB^X3Wi-;Qe?`8=)|Gk85&uARP#9nO zB%NupmiRMfisy!Z+tqz~kIxp%Ss9pKe+SR*FWS4`@8@oo`bAG>XYXzvS-D<`QP+>| zFRQ(EX!M?R+ZqRl86)V3Mv#9?v=O&KicARHXIm38S-5>x37>h#66f|Dv8m|PMVrw@XGottS~Y{?f_4+$9+q#p>0)_@#TVH|c_ z;#`|ty|$d9-@VICCdQ{XD=$#vQL2~oh5e#JqYi?8iLhjB|bYLLFp9>LD zx$a|XY3Z8-JmXgl;%r(N#Pmayzm*wH6=C46=A={asDQ{SW|dPs`!F;IXP~ z+Jjx@sk=qN*^`LXM;zYUb#L50t4cBZZ?2Z6VaQ0=gBJtgn;Ra~lLs*tGHGzPhKKC? z8yzgqOIjXjkfxJ6b|X+K?EaFH90y#&(v7a(3s2+S^4=k){AV^NmvD{pA$9ptO~$c} z3!aey^oN!)^gWDql;r3OJ;HVqU9XqRl@+@^dBI{{KoFUNBWfMTOT?Q@M9GXuV#h15QY0xPK6e|FJIrIRfTn(tJ*-;BVd zJRQpD5Dw_CRgi=54cpy8NOv=kigUq}WJ%UJ?nwu`KOA;D!jC>Yu*sq@NV3@wJy^XU zeq*(&a13GQfY;rL!?;T|QY3)sbry5nY_E_Dkmc{E{qIP$SFO#?hD3wMjG(^Em`LQi zK$8A^BN81SL^gVdULzzAH8sE3^JI51uw|0i)C!YWJvU`;<|W{T&c@Yo&r`I}aM=2Y z7dD^s;Y!qANi411MK31IPfJJiMrQAYB$+2VBliLm+`K}r9sIhGkHMJIBb*P~Z|#pN zj21)V(2apI>icneBJoXT)EcBCM-}PWprECCmV(efrLM1ybUo>Me{HAe*jj1jX04UX zq$06p;m@W;o^iEc@miQh4Z79SGsWA*&?^P^RGoBC2S&~y-mhOiC&aJ;p7fuw)$L)t z#*@FA;bj!*>j~XhzO>+@gKi#AY}pxX^*FGT$dxre3Iul^zFv}GAaK?}s{buZjCamR z@ABZenz@v@Ta@*LX`zD}L8ZLkRVB4N*Jt%GW7V^hJXGA?Q+T^8cY7EO#YfwXo<*8_ zq$OC+*f+HfcZ>gAgjl(p^4c2X^p7Srv9E}gxk2t{X(qdRWCY|3JG#Ns1af;3sIdx6 zb~l~~>~D{~ahoyPa6_j{Vn&HA9}CM`L*kh+fdlWF%~s-rx}+eW7KUYbZhg4-V82k1$KNFV6!q?W>T85R=mi2G9YyGRd}bl zUSq}@=R)mDZLK8tsqOE8vjSV)qd%g5h7CZpIz_0e3~y@YlUT!&KG?Ll0=!wwqX_?Y zV>FW2Hphg9UlLv7wX>PE*YDW8M1m4k;;nj&)^FrFbEM<-o`1*Miy8NC?Z_SyEP%md zYL8R|{Gm?3rRDkz_nkZk+Ppl^OP!(Vww|Vi#gm2VGC zE00@QjM~qf0e8_k7fi4Aje{M&G)Rb#cgA(Z_Ue<7QBNFXdk@&Kjh`RCmFS@$zJaDw z!UdOx2p$&&RDJyY;={GAx6O!@mUrf4e@+{WOyeUxczEfH?d zs^Y*>X-*o5;@5bR_5{Ntd3)hDH1-Dfhj)@*iF>Bj*%$~MPFLUsXrAuj-|2v|iN9Yp z+gb?m{39i!MPu*n=$_@Q_23^2IxG6$%*n|ykE~{Vy=vl{xfs(op$Z9s-od%^?Gt0j zB}ADM2F-CeYrQFX9udL2=JNw}G%ngDiisctQd!x#S>o=-0noi!Lkc*Oe_VY{q(*Zh;jR3J+Y76ws`P=otd`g2?#?UgSTubNFKW2mZb#2o^M9V%t17)?S<97JKC`=OQRna zaKorN7Y5-mxT~HRZRynqTMn^}h>B;Twn;WEkiY~%6~(Cxe+ODk6OXNAH{&b{0i_5H zQCye8Tca|)Mhz+v%r?fMX2Xy#kH%nY1P)L6;&arO@jZ11Al|A{H5^h)AS-8gE{HOeDQ(`?qWJL zB_@j^$ZaVlUT4eMz(^~ zu7?oXtl1)O6)dd5-Ns)9+IM?;=+UFc#U6(o+$$Fgxk`>nNeimj)LVHqBgqq#)o_Q=`u9 z?Dj0ig&Zw-j{yN2f54fmE|vc)21sSVFP`H9v#Eur_BPS9R*l5L-(<10()cNbgw03~ z>YqNoVjuLE8+k?`48^&g{n%iED*K&;Vo1Z@QcDL0taH@-^9^LuB_4DlG*^B~XN?nq zM0DuM5w5A%eeU%I99Te^$7&Ea@;~HAMa6rqJP-*n3KFfe`+OC#*XR(h-!O|c(}vON ztmL^_Z_(OsBZT?`!d*L?#OsXN@@P1kUJRG>2lA9)H>>+lZU;nx_EX=tY-pj=(%mtM zE94>Kwe3shId;)MExUV`=|1_a$Eff2k1PQEI;hbK|J0~tJy*QZp&VXqip1>iP)~)r z(EIE;apW=RY$b&b1e;*yv-&074z1uDdFXw=Ns$BsDE^>8hhXbZ>FS9&F6v`*-@{Mq z^aDY8j&U-|ySuQ*Qm#=gl9xL_!#+8zxlo;c{FCd{Jj~X@0ICty=Z4Z`r?+;RLNAUA zI!1PhuykOmc@i`+Vo5?ha3or1q~_MZ;~V4y8hvhC57`r~XE9CgtlE2f6d>z}Hvrga z(D=)Ma0Pwm2Tqmcr2TC%8Fm7dXj!}rx&6nOmQXeRH~5AIlqkJezwi>S!>U%GKz!JU zWcy|-xlxRX)KJEzMXr1pNz|8GMZjXdoJrp z&u4*Fj$sSM@yW!pog9J~^wSpT5n;*g6%ccS=Sd^OHcL5VCK+fy$q4BoWoL9nLde9m zL&kwzs#N%e=yX9MRq$vPv}Rlqn6W;YB9G{M!-=-q^3BsO*KVH1b-F4t2f41~H#?`L zS6DIyHZ-KSChkms3xtPv+5&#nTuYL$IR_9x`x)W-n@4@gdg;q~LM3m{OL*n}`>Y1vL{7icz$@j)1mi>E=E|NUtPuLB{(@D-ueTXy}p$883r z+=4bj3`V~GjVX{X6sUQ>n-Ro6b$tABD5W}Kg=;ED!U3L5_XrrEVm)5^+8x5cLtwy{ zfbEOt{wxi2#{rq@|H>pt7`O=x#1WpbetbNY&EXpSgf#}AA8!x&-j2?fj?kehkUs8x zmyrXi5s5$6T5>nx312%pP$B_q-&v2>IK`q%?5jqQia+L$LV)i0z^Pv~gs{)=e>~uO z4j4%NJ8*nVUh?ju#gsKDGzT z<-7*NHgK5y4LN4TFgRTPibXcOriUva^hsE-iCkG`eAF7;d{$a)fW4|1RpYp&q7G4! zSgk84TQ_be$1_D zrGfQ$O#nFsMlW3$FI%2KEzK?$rv7+30le0v)C1{hr^!uaTLTC5p=w6IG5Xk5R(lpj zmSe#I?)uZ2NZ6eDeQ1LJh=Lr`OV@dtTYt{H>Pe0v$PXZmU*k%*ty~D)oGKK}#hSh( zBQI&B^<-E>uEX!Mg|o5{7vfVCDVdoZe;9LmZDh&4Smqfx+%onfpp#U#-Z}cU%9$l< zVArx<>*hl4jMiBJS7YZt403IkQZ2vxbUN zXJ|Al$hj1RsprwK2R%~jUA!tev}zY+oTl}JzAMa{Er`?W8C~6_>FzgZX{k^MemfQx z%3w3Qk*Nc-%2O>-E?b+8o*j0SjS}AA1;aA*N|G$*63T*51wFwsua99m7+N+eeWM@& z0IQ+okp?xXfgbcVEvb82N=5!pwA;hr4gDqCKfU^EJvc0!eVB8X*;)I0IN5_t;%6qE2uk; zef7apr%8cePl&kO0l=A#GQ0mrRjIpS%tLCDS{s+bXY^DfOB`nG_#H;=`1$v(8xx;~ zwU#VW=c`g~Jt?2(bP4EcQy<%1^EAVar7P_L*w_zgQrdIMoL~2l8I<|E*u>|5F9rt| zljZYYSK;DPj_U2Dan)df(sKkUtMv`1SZdRBgvsB2I!-D5xG{#|jQO-Q{)M|Mrf|k~ zF9rDFz@pyd^EgEv z_kK5vNjtu5J$(gP83l{1ajd;}Kq_3Fe2XGzrPoVgw23&ndgDM0nYgnwg!4q0y*fn* zd1Z8`L@pj4lUx5zAlX;)8s5M#5BZ&7T-jc8d24y-cuw?~nmk8Z`p2gV;W^{Qg>_2h z*q=s0wtExqt_#Y+0>R=>(fm|Z(&f)YMB>SgUA4gG+~6}`0BpyI3$>%`QWo-`HZe*M z9Z-sB$-mz9)Ifim^+;s!&REx&-1LRhxU; zmw7FQ1amQn549s%b)>7ui@*Hk183g`${C(evI`p^Z)bLkLK<{fFQ&%6gx94bZ*9yW z_TyfnKPp9)5+>D{fK3=u?&4J*sU6hXUVLDdr6<*c9x@~$Fg_jNzRTHGpiD53XDDKRD zV5Tm|&k5x#y7Te-=wj4Rh-j&2Y9h(dv#SJKbsV2xSSj2?cyQQNf!m}3RGPawoipoU0)$BJu$eibP3baMc zz2qVs^sXn6s2KXz%o*ixq2LvTTjRp}IXhKZXrGrXiQTmq^SlrB5kc4c{H7hl*|uspj_i zz&=Be=$I4skIMs&sDG1S?ze!`qN-UsD8yad=2tnI<*QvH`{WUGF9JhZuoIE(@~3eDnv%O58{iWK?+c5KzLjbN6s1?Ij8lx8`3Q8Lx|_+71JdG{Y+=uq_mr3O9ZuQ3nL6$5Nq8 zp}auMgR_CbVQ?nJFeaV=FgT#ewr7E=o4zCLArS1Tx)Z4_q{5g(r4CEEC@Cfwxpb^l zSnle_TGMB96)qLLE;B0pYrQ?an?8a)qPUip8?51OE8=26?fK`flJ6zp#PVp9WxU67 z1pspK=-+kNsFT;u&5$b_>kg%sb_#42k*4f`0n3y3^Y#Myg%&y!RH@VxvqXtHBwYP% zNJmtv*W3fM!g!f5YVw)&q06;BL7rvduBO^BGd6|Z6ka)wZaS;k&~E2|l}8-t<@}H7 z9hMf(CF{#p?9yQoVGos@*ShkaXjj=X(d4nn-2>A13rp?VoG8)|6AKHbKn$E0zh6Y)}TV7a7J>3#$=@0inLu#K7bL3eomiA4^|Zdr&@)^WYzRNyy+; zj?QNC7>%s$B3IKr1)g81uzd&_9+&=lKIu-K;B-Zl7by6D{UYO5}w#&j53+);M?>hg@& z<-)C%nRC?>1Cc{@N~PG@!;Ip+kdp4FT(af@xCYmXxzsV)_6?krzj%WF_;SfqkXm8G zLapZ&t2x3Cy{gD7vcyFU-;2u{c7g|>w zw6ikggd=3+2J5^^*1!f`fh%OAd8_ zW4sLEz8clmK2{n({w>fmOUEhE+-b=%A$4!np?qHeh|$DLqs^Y>^JQz`eAmF5#FpT9 zl*Mr4oCsq;v4CTE9kL>|sr16=;HYMo=)U%+K&)ra>^};69MqXH)LX2|{2}|8!e&f9 zms8X>gzO^dIEC5)ciN6_OcmTZ${$_;4oZ<4O6_PdQKwa6oJJ;hwn+m=LSJj3EfAjp z^7DuTx>x8V%g{=z=JWZUd<3V?XN{zHQ3E9Qw{g&c%W&dpVbB#_FxSB#<%3 z97i8oa4LXv)8&NYnbWey6PgZ`tWanMys%*06muac$_KoY`-P4)1pt#$))<3Y=FvxyEYYD;8JL;!5hrf%Ni>*(uF($cZI4?qH zhe`Gl&zvO?d_mTK(YSgRApCFbRCf6BY>m}M5)A}JGz0X)`#?6sm=t*w6&2RpHh;Gdkw8J^U!exp}AQjff7?&F1%zMTUey7Kkc*rbgJ;c zsYu9i;Cbd48V0bQ;}BW=Z=%Wn!H$mm8&JgVcV^4x#j>TR?<^*ycPCmVY=6}?D~zFr zWx`Vdj%*8rW?4!e29BT_n6e4}QW^lvphy;6M4u(X%*X^#G;C6w7D|5rba^v(AS4&B z9b<7-G2Q#<0_b&XI(5B~FSf2Rf- zF9r6!@acYv^d61iNLeUSX9&Mm*qg@-R-`b%;2P$XN|p8}Uj>puhFjwfy@Sx7asg=w z)SoD#;#q;d@N890l)3?Lgc>yIv!d64v55~*lZFAM!rZV$UEyHNUW^CzN_F{|-U^-* zxb^u5Y=$%x|EkAwfT|`L(Okq7$HqLg!%Zi=i+9z)p>jX=YsVVzC0enNvr$aT7^DeeuU*8^d}twdqV4x>XjpqMqD? zX$XmI9r(H5#&K85*QUOS~PDd0cgV(pzUhy!$aTpcC0GD3J>u+@WHK!ise<;;Sc6KqK49Y zxPz#WMRZ6^qF`4Y^!4SNoHn;!m!8pP`>sFy06G!Xdpa7YVXkSbKvW`ezC&?Hq2bAu z7WPJa_58xA(P3GnIWFe@-0uFvcp9DiMaEW6rZV}g2byypvmRpsCRn%4c>LC8w1s?Q zCi^JrQK`A>*I3W-VvHGC#)a$U#UQ?5@Sg@3z;IN~uoV!gy*>?mV)D<6!|NFJsgm|| zAS&u47VTFl3k-Vnnl8?-GSmChV541616^2i+VIOE;vRyE{&bok%Hvz^K==4UMkVn4 zerwg2qN{M{F(G{!LR>wNe;LJNbOr> zc(?-#?H(3EY~xL(fD*ZG}?=h6u|Es zA8G)Pe!5w+_2)JU$oGacpaQ!L)u6>4*&-wH>zzuT)-bz;nMYO~ z)9mWnYnqt83n(?PHOqh5Rklo;{rD&Yn3Fs0_$D|=A}FPTG&w5a##QfGb1Sv!Yo<|! zP5Y}U(>-x<-!KDZTf+uplNNYOc~=n)u1yrF0si4w*SI5i6zxJ~7@Bh22LdL23cB#; zKmY{#0jCaFf>MWe0-Ex5oKZ_XG`Zy`@X z-Zm5r2`k2iM;Qr$uY8Y~?UxdXDJ{-=sd}vw8HIuyTeox#J_yBJM9_A(cnc+l>^%z+ z#}t_=FGaZ*_n;p2bARHPa<&<3-Iuzxg~g0~M8bTf;V1C)3;b8Qr$PZspwIr?si&)Y z9m=M7J$Q|5RPgz$H2W;7F}L)tQ~z(helhv6nFyF2Stu&+q^f#5*?*!h(v&UzDs2n9 z;H2OIbiV2dc(NxVs+dj$4cD`yW!19FQ4JruUp7bq6LA$)eVEWX7?YBd0Ey=|PE^#+ z@~=_76Y(jhxS|7PAQ(eGNZz45+PiGwE}Q8iC!sN-EJnsbBr{)%8Y^R5crdF{_1<2D ztl;6}xt z^Ru|PqL;eI?Q|#R&x5hDsQfmhUsJ9;Ayv?74)Z8hQDgGv+T zRqwa+F(aBjKf5+emaTot-Yf8YwLpnv<}`M(b6_5g1RydxkuDyA0+TKombgQ(^*G(y zTQJHBKXeMA00IO+^`~!ds}TFPuXpWmBe}sE)d@rZfGH68Jh}~AKVTCe-^yeFdr!7_ zdjLbcjP13x#qsLX^Ec4Zcb0>b{a#kxs~N^JJGa$4@EJi|65XTa z9h{xZ4-_Xz{|68FWQ4f)?8r+GWdflr(*9oprXzL6aHBvs#St6W2M7=Q{w*!+i1u+exV)|9x&#Z>ugfRD|c`-1Vs*eO_x zg9!G4U}9l0>;0jTedAkRu8jlx+b&RiR`g{<+{N?~5o8U@BTU^=IrY7R2pNd{*$LRH zs7G!XpYy$b_hc{$khQ0iNbiyUks-`zCmEh;uP8yLe}g|RR&l21c5aMV$c5l3rVGI) zLeCGDBxa`@C@S0179N;7g+>g;Ju-1}~osNwVq-p6UKRq|}46Ze&= zgq^ufMsXr|!k!kBy$6-T4;Az$5KAFMpaE+K0Z06S}R@Nj*A3Ly)} z3q)`~((ZDsxKM$ZPr`oo6d48RUx`4X=`dtH`LQIAxbta;=d-|)e%~xgbFuHVnBoGx zqJ^zlHk0zB8CI93+(Bg-MS#N6>JH;c48xM^NuQD*hK`6cXO50GuD&|Nhy61Zyg{Gg+kC5aUcEl^ zvKx{wHxY1qjX(S}I2!k6*%oqu*}oR5Weq(5dO9k(Ak6Ox8DJW64bl z42@5?-Z?ZxMhj<{?-(BXFhe=g^;9Y7?LDz7(F!N4+Mx=-iAK6q7f91{HnWq0A@`pN zMIp67-)>0%IivyLZbaVb(-!Gh4h&0+naMH`*TzL$DpK+Mn6{v{aP z$jMsH`m9L|#_60RuG%V%RT@L-&N%55XJUX5T&7Xt&S-0vWqiJ)Ow60f`InAlOwY@6 zuLfT%J~)xrKAgF*{O`RM{5o3LfFiduEylIPEzUc$0Xa0=1X6>yjDAvw&KGjpbouwJtZl~q{aJMXHa!QmhR#I43Dn%M*BIY`IK=M z6e(%E&7kDbrVfof1#ttS7A~JC<{7{#1fhE1wOizsB1K&CCoCFB|Jy?jqv-5)V26>v zaHh&r2>>KGZhXryRmD~%5ciD^&7y{%Kza44_|pzXqUi;rfbS!j-S*pSd$4U-^nU1S z`4#BOy7Y?mhKoBdpxh1{#f;h7x*qH8pN1^4&aYEBRA|^va2fE|IMj>VYya0I1N?O! z(Wn0{NxJ`Hto<@})f+N6(??`G_hng>sv~4iFqUphK1g}WmM^lB-*{8J`nJ=v+7uX& zkVdl9{n zox^W$yhp~|5r}@c7rFDe?!u-AIT2qVIkDRP^ByyMBwH9$`Foes*FwHFDep%0vCIcWLP z_ywRJ%|ME55BC3?$~7rJ0PdppDcd`!X7_73r5;VJ@GbG717(u#zyl40ttUp>_*>!Fli8rrjkEEJtT-zXfW+_K+FOhmGi=*zXYg0RRZwb&nmC-6}k1ije1HY89mtl zs6XQTA>5uDwVoU4S+syDmm@T!BFZYZ>jEFBXvj2XZ)ra=c{fYfffAj;y$N4sX&Sur~x&&z9$l_``)=aKY)@) z4q?co!S}(L!GOHR&{-lsvqB#kcBW;`N5Om2U37$1rnGhqhES(~k5lP@H+E#%U$ z+F3=dU=yydV%T!O;vNR+Vk5N975Mnbv;~02uYj+Xv#4TMS#N0mIN^uM8RoXc0Ha&G zAy#QTRJvA(M6gFY)sCP9HE%9*9_X-HA@jJk^r^{*2EArpn*2UlnV}e>8of3|wU+}Q zVT>3!_0(5kDd@XL)t(*@f81WcRrC#*g40Q|fJ`#dHSsor3zr#^uH?P@aBUSq`Y{9< ztlFox?=BewMXi?t^wM`p>FN-Ieu%1;tB9-J5ptyX!+$=>KQbg%DP7#Vw3cUe@Pu2~ zJ;BqY#Q=_?90`7X&wXPX--e=Dxm|?|*BgJ&fZCgUIbHE-XZZSnhO;$gK6yk=r0)Bp zOVl7k@4JVdR+T%{w>b;vaRAs?CyG;3FnFqU%=lJlp~++AU!!6%Ny9>s%F6*d{sK;$ z!rYhQfI8?laZ<*5?uMym^t$0cA2T|(L8fm`xY#Glnyl**{m5aD+L5Y78{3w8aI#ce zRafr)#HpUzB6f$V)6BoWmxF!d4^V>sY#oRqgYFGY8JHJlD4g@rz9EyytV^)`d!T&7 z+3|0OHuyI%h=+;3=M;?6dqo5=zZr{rS9wy1SD&14Dhaj8W-8xUyPdby=|bP9TrU2o z7|RI!cz4j@CzjvUpcrIvq{Mp9L#7_Kryf^6^GboJ7GN`jz_vBZrUZ$@)gA7b&5d+D zk;5@v$l}3g`mK!7d2DM;Z9VJA%BAwimc?>!Ea{g!f<8SwL3UKs+&n~l1B#%(%P zN0Qm)fsv^+($lC17IYGCj*=yj0#QfQ4iI^@3RX$eN&J=R73o|>WSNU-?Oh&e`R_~m zH!Mjuf6wGOmwSGpeRT;aZIN36ZhQw95Gx*@?eY}~XC#`0)r=89e%pqE*RWrfv~8mA z|2Yfc@mB)- zxAPRtob~G|!kke9tt%i^YVpoMQHHF&+YJ;|F`UOdjwMtaxF%hXFt zMBqc`Oj3Zd*gmTQ5roGIS0WJCo*m&JGAwjI;)!AgK#GVY)J{gJfTK=_sTHU5le*m{ z#1-<)X`znTpIo{(Id9XYTxB*$RQV=7IuLdD(vj{yWFPlGq>uU^$uCP|+iTML`y6c2 zGW!Ahx}ERn62EJrICfO;M_H;|wtwsBvTr0C)`A|pzwvF~_}Oh!H7I7>o>uGnccQmp zi#8KPn&z1S%LXCVfn!udRQ;o*zrXKuxF8&8iAY2WT}N{4oJ|ZXO`xXM3wa%_B;sPx z&5>RXLzPUO5#hn3x8JcnE-IZPt*n?6)}k2VjPcZ__r&e26~8jzib>-uc&c7*6Pegd z@-aI_LzpJYpDpxD+f=VO?5UCxZP=@x785~x_!e!Q>v_ zZCTl*$V??MPGz$F=UpCo=2cSMS`Ml}F6l9w_TMMYpd0^g|0)N?CT8z>@ZG4$imI=v zdU2rj3>US6>y(54>u5RI3R$Pl_n}#0*WV?)|1x-YYom~%X0*{w=8m(ZoAiwU+l0Fs8P^-k6lzJPj-BYHnUIIA?d+Bg>P{2h` ze|_oX0&AL(hF0qu@Y(05OFcI){zG4haT$^s{}>uIFA!YZAMon5Rr5{(9QuZ zkBSNZHdY{lp~O7EqX!8S*6XSqk{tZ6*X{f?@IVgcu8B1#?RN&v<*A-bd8dD;yc-In zk-Apd==eT;ooZ;b2!E}~uzgEmCLPI+@N|Q~ILAP4U79&;?~%NP!%Ta0ThjQpiN$$N zp{1?d7wKy$I{PqfV6Yrop|CQt-c`IZ7lr%ou(g_N5SCjzpisEB9kb~93^vEd5b3JF zkB}btRx~F<{R~VC`^Y}XKi6%Gs@1ox z{FQ6+(0QMGrB3T$)vK6LS9A!&=49KCP)T;6y^uI`C&FAY|-7U zb-Hy0S*=7Q4{17~sv`5ntTHghPcM`?|HO^}o;Xs3D>oBt2sQVVXb$fQGuwpx0~^i2 z*KTfn{{eiBelud3!BajJ^Cc`Pu$fq26nbEYxwlohcKw!Ce_i4Huwz5Dw3IRa7bCN{ zk6bqwHuiU?QZxi$nA(nBX{^g?Bh@;bq)fS+hd>i|yJHXVhrlMEce5;FySkIDeu)ap z9?x%!Pq-vLIURd%(K+ZjyRXBE_OkDpFLB6IPb13=^L1<17sHk$Rav{Ne1P5{J9F?< zjoY$G_BhMN{@c{KxtttNi=7tZ?(dRda8VH~y9U3lEMHF%>ykH45uuT@2iaP=@8dd* zVeyI1K@V%+>wEDfbEX5arQmPk*JSp3dUyuGl|R0wM4pwyE;@kQkK#R}6PR~Nd82KP zem7Z4wFTI!*UrY;ij_EveuDsNq!XeMAd1_~XAoZFg3Y&Gm?fy@|=9g-QoDj>;K z=WSQaYcC+Gwpr)IJ{fb~CW7Pd?$l^;az_9*&jtnXT>*FNwrm?H_}_-G*N@_0ZoHS*fWyP>p^-Oz(6>h5mM z^IKbA^5t7~c*=8q8sZTH4po*-DCU8>!l?s~!WwRHk=f?0A?LNnL&F|>C60TE$**fs zS2{?e8E4~dR=D@S{xAD|^d2JuhFOwq@R;tM5l|9=T6CQ0okvIbuS*QwJL1U&*MQcJ z$`a64c2;`^{aEv-c(L`2%*I6}L=jB*cYLcSq)LI;cc&v-(c&p3x#Kmyj z_KJm-egi8iMIWF>_{qX%2~5@u80@jlAdNl_RfS-+H?O{*V*G-5s>@!DV-F za6k2o3wdbX>TUm^3IoFdK2`4Jkta^5%|S;%@A|vjLldllRD;qHy1ib3yOWjqk?hPz zVY4&{@X03d65K{)QssF*#J;2Jz(G{N0qSG=3s8iUNVl~)`15F5jMdAkgD?J`-+-F= zeNodGP}B&AveQ;obkS}j)lx_x^1Q05v2m3S!IYk{6|tx4Q>9Myg0KOn0dn6vRPYpF zXkA;5XOLm}sLhDMu920L18cOa5=Xvrhbp3IdU)(bOOs1Zs#Ud;*zNKh53in5-1pwT z3(J@GXL|>(x#vu4Gh^mYo!?pnT(D)kk^Nrs%=h{G%=o|``1ZO`6gCR2n`=|8eLB&w zr}R~WauRN1B}Gnknv>r?-!>mtbLwpkaY8HSzt zwO>WqH@?jRg>Y3QtE$}vn5=bq9+_cJ+KHY43^=!xP~6-aI}kA^=@Dh6b4kT3$GKo~)0*g**(BoJ8%Awa%2D3#CeoL|nd$3N_S-}~HWKd<{d ziK>c8G5F_&KIK1aWBvY0dCH|07UB~-S~Z#R+4U%M<}`tU0Rbt()v?~{uOx27%R$ZA zU-Vfi=0lZwdmZk-UXo?ieiLbsE1J)S*P05}dASEehYKmd<`d$9AyumVruCK{@ zOO*JsBei`WsVA6Fq5Zss$2zgPl&wlH6LjJBF(t)`~znB6gqlS3^FCQ2{WN>Z}P=yT<0a z{s-}1Usc^k8p2gJu`j!H@-!i}Yp@K@mGOzE|CX)iVgCfH_G7s|#m`n0tc9Z+lU})A zf5ik$@7#joPqlH;xNAr^UQXJM$s#QN04b3_w^Je;_ix&86hA&RL)i$3EWMvV$kQM9 zr_|05qEzCPH^w&?>!9;p2TkEY)>p1XwcfKo>8uhXbn1`Axh-Cv&Pu4e^IK9t%?5w; zqg-4v8s##@>W?EW22fGM%#VQ{!l`9k6o<&dgcV1&-*aJ?qqjR|i)b^6=R5{^V~umO zx;A;g)X_G3!;e*msFJ-~mr)2HutJ_Q+J&7)Z|JF8z4a!tHkrz8#H?wU%DdW;o=`iS zJW$oH@Nmar@1jrAKD1?%0Jr0Y%ZZzg$Jy5z;nE1o;{PtBTv2D3Nos^S54!oN9KcIC zs`z*K_z?LzRyK)oI)3L|XFy%mVk7XnSC6z>mKYinf?>r1Hy&HqIkH%|X~+~= z(!1RwzBEAKDV8?BL9B3eAyQ!sWe*THTMbQ!ZB35^k-D$YonAd)xW)L??qC6$A>v1O z6}-+#fE2w^!px(9_JytM`YK5h_II7;{$2TSxXsAl{_o{Mz1f)#htzwSul>ZvQf})T z#eiro$!cWKx7v+T9iqo%=wRKRSxM`!Xn56kZ}aRMmp=)6UX+hTU7Aa~pR(sSO5#~# zuiy3!U2ul_Z@;r3+8cpOt z&O?0F&H7Ok_xh(B{*-;%d!sB<)!fz8)ovEL>XMLFjY`ZQ$b`%;d-d-TAehI{o}VA9 zdQC`pv;=nB2bYsl31>Fl5Lqid@T_J%rgFT#W~(K1iKkjTa9kn-DOo)&+fF-ZI^_4j z#I-$ti9Z%7t(MI|H)yB7td zVY8(bHQ?qt{|ft4tqMOPx#%|gM=1J)X1Zkc@vje#pTlho_V{X>)2v5=qMWq2Mn0u% zOIyR|zX6_Ny7{Bs<;-b?Hx zM{es+wB(*d1MSV=uY%I~#I^fzl!n+>Lvb9uF*G~YciDVIEYLAH zb5Th-L0q^jhV5&)?+PI&i|#LNIZ&He>x zj-sSDyC|*Ixi&hKf3PJs$x6c5mXIJt9w|DDQ9xWc2{KwUNV1hX1yd`@9ALaF#Z37O z32stLDcbE<$9x}7wg?Y|MzPIuMYB&svGCiz`XQf)l`N*Q(l#if78^s~&Q=-{k zGKw$%n6&PPQjg^QHJ~y`rRbM5-Mss=@tn`5n>k)6Z)!Qd?YY#ZgC|NOJ#t>e_asZK~6_jQd8)YTf(+_on zF@}CxLHfPFIUkZtbeda1)PR&qb4Jh6+Q`o>dd%Qc$Ib>VU|LTvE#HSC{jCVoGy>hJ z6iXULOeek)v!=*qU=IW}m5mdRTo*yy0%kw_QE7$LsoT)V_c9=D3Kgt=MG6xY<nAS>eAtZYQ6(%ssFf_mNWi&{fENR#5`o83ak;Gzzkdlh$*`@H- zy2@_Da8R$&i0!H>JixumJNFFZdD!7m#xqMCqr+4xZy$yw?>?Rce5B^Hs}8-FY*c1$ zywtF4Jxh|`^P*#y1V|ceOF)o{5PUtL?a_kv(?ZsGV)*HB)`Z}V!so}29MPR!%6h6{ zz~hC%ig_AxO#ThpiI*x@?{OKc0BIMz-sBM)pxImRGqL=x`Yp|l>9_5 z5_{)EXHWk}knu%5w^tCcOddOt&KRkNG%PR@Lv34 z!&n@bZXZ-q-8Un9sWcaO5vz`osPumI7EyoAQ?jQ|LKhq5EQ38j<%?}!-vk4?+kPVP zd)Lc6=T=8Z*^mFZ2pb*$9Q_uVV=)vX1W-b2MWV|`L5#fNXjdK8U2BK52sl#&@`{h1 zA9-8XKcWt0x&!cl)GsGqKAnsHI-~zuUsW{)m0DESl?dPnpjt{!Q$0joph@TSCU(zt zKf%5X-1FxZiu+`BkLU8w5yKaMgg&-$Y-oX__o>S38On=~L9!zC6*=zF=|7y!dZh5C0mK5B`0JYROhW(7f5VRA{zOfo%j{k=?aD0 zFgZnIT4RK;2no}13wvW6PzZ|DHTupM^dsDbQpc}x=JS(}g(5TIcMZFaT_q^`S&I-yLJ#lx#<>tc!3H%>J(3*& z9nhU51(_2)4NsJ+`i#Z$bnViChXHVr8H%K3Hl1nI&vj3^j{almhleOTG)SgXD z50}j4^D#n8@wb4^K7MGI>XeTGV55$Aoc^Jj3Un*6RR4u8=}lYH#XFUcTWLb{c79%> zqf2sh;sfC87(EIF zu!M^MmcU*1S=w_^t}eTUm=|^C2_?IXuSGqjq_;aAxjB3>i-ikRKOYy6pYzXUr3Fa< z7Hhqm(j~*Bi_{PSr!O((NIs^to&LYwOp_7Mn%%)AW6@ zxF9mpoO};rI_r%TUb#6U&N z{0M`C4VFFj@~_XT@x=&WOauR{oU}7Y-=nFg?NtVk%T_>uxc=FE3!QbK0?dHPHH{R#D-Ml=M}{p6b^dBblf~j>8EV^-Rrp z6D~+j;+$}+(PJO7%eH%&+!O=p;EPjFxzgW7JwtA`3*jcKRFxLjx>|giA`MJV!3#a@ z3Qht4h4!#2W#NfsJoEwx0kb(KnOnBu8$)#d8>;mFdmUZ?P~skU)p`zf!1{{&LGDIE zC0qrD?z?1FhU-%WK%=v_JTjEfZyne*hmrTBE=i9V zcq#0inF7Vj_NP*`Id(BQ2!Yx0ycXTa00gX#V; z#;xsNjZmt^boC+cr54!*x&d8%{q~UJigM7{Rcg}nqOEfI7H@X`bLib@c+5b#yBK3r zIp!=p(lO(WO~?2>q)#^@?`dJhgHwOV@t#gW{kvSh&20&W_LhF}k85?$6zsd$f8%)i zrP9A1634j0D?b=DQv;YPRefonV1KLe$&{yJ1TTPM?`3lp-&2M+SQk>C3h0>60z{u+ zyUOvqtINFrCYjL>bL9$FuFgvM?aQ4I`yj7=*WvsetP0Q~q=dxu@@a)=Rkt&By?H@} zE}2*ZfeKGhBfq__a!{ z#ayUvkD!XAs2x+dW!V}sEfq$!R+;Mx;{m(5Il`6$_eJsU1*cU74**bW=j~`da6j0L z>sJ5G>0?Jq_(8^B*g>hn#|ND?YU(m@yP-jdNeVghj1=F6K& z1eu=n^y|JpHrfY}6%q55#V=R%3l5&eRt)tDd`tvI5yQh-`D+9YnNSV>&S=gl%7!*U z?ns6B3ud9ST$7?)aB88`Im_DAp3$~o^*c#O=KHulUzS2b6bAV-Bo}h^ThR#+I6@pG zCEu{aG01i{8`Ojo0LdFZXGWbtiD;Q>Ssz!JQ|M25*}q5aZC?>{M5mLm&>s>r`FQGa zLBg5Mhw!Kwndi(t;dw*JmXh9|v!9osCmuhZe5}gdr7xh#Wx#Fu+x6au9b2yxd0L07 zA50CNI`vRIy|7S8N&h2{na3c`;dG4n8K~;ra=}hln4yQGM3$cEI<)8@ZG4i?gCLLrNu3Q1^O$KYB1UtH(o!!k@@nO0BXTmA(6W;u~Oy* zhsn>+E|%q}I**j_+MH1!YnAI2O_%W>L0{p!&ewjVSC1Q%lpWm1lNc=5IzNoZnzD;A*EiL5};P*wG|AU13RbA0f5%_1Vu~PPO%2>F3ol zef1gucOSPpjhBE>_fVF@PjcWvMxWU@-qGC~oZ*GUErHdI6VRas+; zxVpxh&DVqPYlAl+v%m1B&N?IweOa8nCx8Md*Om}o+)zp^zn(yV3J1jK{4Njf7|8yE z9kG9X=Rm?XqPi4%CY|d_`afs&L}msZ{XZI34(8+|C1^q9hd9cC-}~ju&K9C_{&+$G z@Z|+_>wv~%ha7xwnvP2QYvTPWQ2pr^)zml7tVhCaAhvsURc+s#Q+@vJLlB7kW8kqt zmZ?@x$&Nmmt%Xr<91OYX?!OdKfmZ>Uf|;V-v%eBRx{aMo1n*LKmU>Pxu~DsEyPn3p zy&w6lw<197Jp!x)vEAx4_1@GuU~JDhr$sy=vzK02UD`c){DGgN*_pr30fYpau@HGLt8OzyfBWR891meNu(@hn|Qk)*EH;9L)O3jjM;88 zWVy)T3E45#HBRkCl)qto_NUGx&=~+=PI}lDHN>2@tz<2VNqq7@3^60^$^|5FgPh5? z--jWXK)l=)ZoJ%-f)vtnFR|qJl(y} zubfif7rOZKH!|fVfx|sHHdN#)M}`i4cCW6-xy`T4g;mMEdJAmHlB3;Fx6?ST2I$Lk zhjxir5CDFDUrPLUAYg9<9{q7w{MPNuy^%f&Q+>ag6aYz?)yrD=gZd>)QSw)dWV!v6 zyJ1a5M*U$bPv3>dI7Ej3&c;{ogZ$6Sg5~X}ZQCmw{SHLrW~keB5^`)S=5Wz;Xh>UX zu$L-VS}|YyywzH`%geVOXHGvdD6Oy8+w`FR;T}bl*1o@|Xr$W9AIsAf9g?G=_JvJ@ z{9VY<3;Nq8iv5Kbd)Z2G?(WkIbXs;~ea-pWtwa3v3qZj(aq5$rv9js>u+hU+t^Jq0 z$BJBgJ}XPc}Yl6FX9JPMgEfWCJ`?YrTR0MkB{vOpa&gnZNzK*oC$? zhny`b0Tkpg>+3+XHq~v}f4tAWavVH&8b8wBQm_6mH*WAw4buC3&O`79&bjU3>PeWc zb{Qr!Q}+PRqkpxc42&7`l3Hx=*|}6+#=^HpJO2Z!w~YzJ?0IvFT1zdRKjl*~q6Ffj z^NVom@GYu88w;~MGwK~lyy1U0#2p4n?C_FGtSa%0NjbuO3R+SJucyc({x>7QPG+*rPvTC50O zdV~oF2~&RwFW>W`auZv7khtk9y}C+JT(NS7G>2}9F(GeKumr!DSiIJ zE3wn?qb8Kb#nCTzhK!t+J0^E>CvFC(K6H^RtO`~wl{|4%Z4VYxQDAI6db3DJ_h@`i zu&z?7l&}U|6-L^Mqx=iru|N)Z0B`KaQ-EKNZa=PIGrZ)sPor>KX}}c~rMBERrE7Z3 zl3;VDqUZqkC)i0L)ugI2_|bvBg$Ku2w445<8<^)ujx;NxURpdMYhCd}gL>LP)_$1x zWwV03B15i${+w&EV!?6AJTKM{InH-zWatQHvfqmy-&HxXX^1~^@!0lDvb&AjT+t!H zwtdM@0_D1nCM#MiC3mej{xBL4d9uwxNyJYNZ|(p0{rfcPyw#_T ztvB^vmraT1jIFK5x@IQ3V_S5PxrV6Rg~E&+<)UTljpa;<>sw#Gw#C_X>M`x}JfsP; z2VL-;9$?JTVs2YKE{cLm&-WOvC|g%Fg&JFH$Rg|FkM?ijaJOSyBKST1O~Pg~&?@1d zV;;sHf**${9Fq7>_K|@s)wlc1(m>~j{p_wb7op(U^_Qtdm1YMPC5M^eEmoC7R&Iw4 zcj}E*!(OVO)SXM?)!dS=K7PV;z30Vy0HN zLVFgF{ei~lTgE09M3HF=#&0Hew9;#)*l~}o;ZD<{kr*Kn+Xw6}TYvoo3jV5K zgc3xmS(M6`wi%x$efExqX)_hBvDC?7vZx~u{EZ30kI?!n= z`-p63oTzqmGKWkuH>KodRD^rNHdl03pAXGi$;un+%JDP_#GQ2VpTm2OV>e1n$Cc^b zx4ZT>WbHJKtc=$6F6Qv^275U7`(B_Iq`=&k2yNJM;Ua(d*MvHKFt#H}1qLs)u9~)h zk+%}@J)RoHA*_Av$V8^8a%WBQNPCMV4E|>(t@F=9eIw(-f73fM{X0wuT{@=vgJlx> z#HylU#q+nK6>~eDMIZ82Rk#QCzct2@L=E~7Ijt^3F^8NG`~LjfwjDgu|ApN&?IOF` z-CNL)0wVA%>>4E-Hm8hyT}bY`p0?VCl`PjAs~a`P_~z8DZ5b9Y0@9r_Tn2JPbB&%N z{Sa=L($IfDtq1l;cLzL+zDp%tSzQ~e$p!G=L~>SkUft2jYVVmC7Z-VxBC@jal#mHV zG;VF4nM~cHo7iwnEPd~&5^>fwWbm8g@@y~Ynz{Kk1AMA0oVpl5lfC0if2yJ#chL|krLV5axD z`g^jlCSVC{xD&%>Q5nM71JkrgA-NvrQx*P>2(0|`x>>_7CBTn8_}~~IpII`v%D+#% z*P?J45XMyNjI(`nt*aKGvyz=v1Ik^$qP^+E{-@I|vSkMWW|n^afAe6|0W`Y@&314@w;#oftXpq$9# z$%_s#nZwvv93tik+ZpGUyw06VjG7%#Q#6_fZC&ifj*;U1OfNuZ{nXV7MwxLbB_%rY zJhQLyA$iD6pf!%g#}BEgXGmm=;)$l5;LW4y>Dl|h zPOoAL3tr&w`;-rvGb-T83+vq@TnjujNr;>C4il4yuxH_2QT?dx|ImyNyEI@uP*q>ak_`Dtxt*6qdhs@RT_!n8woHsX# zx)Wn+Ow-q!PMyukjT4tZ>Zy&t$>q1R8&W&(J)Uk{>WsR6ZR90jR$i)k?J_JtYFrIS zd#FYzQPz=%+taON4P!`vA?7-YYYhqJ z)^F-~)35vCr~O-i!b+x^W5`?!HnpCEWsu^tJ8~5#t4{eAY&>G$eeqaTk8{|ZN^ISv zzUMfzJoIP^AMuiWfL(M;Y5%Fv%1TZ=Xb-YteV_`v`mt?WdsV`$5vC%H)O{SB|1J9Q z1nrwU*W@)Z@lurkLf{u5AY4FFF8i~zvKi)7bs8Qh3IX$lzJG)Ve;N;Z6||CAh2MM{ z$RDBm*{^jgkK?dF@c6y^k|b{ z>%R=oMs~y)tGC}j>C_LKnJAfl>A5w53pb~{mZbn(1E0xv!BkM=sM}s}DVhmvvwFDRzv%^{qXBo|0m#QXN{N#;UZFxL!|fS{CF7Y~{6Qhpl?I`zV94 z3!rIU#I3TAnlp+EmdY!I@tuYmEX^8$fX%)^3dKxbfl_Uo2PfdByNT7|jCyEw!0bJs z^C8I>zXQG8l-Y_Nyd>2I%{9)orNZVcr$?Rw%@!5DHruigveN6XZ{^)@Z|5@T+i0>n zaJiknL9sp{$ZV;my#q!pqJ2l>C>#RJ0e;13U_uAArbl4R5f3F8IoVpaj-?`?;M>%c z)#4DTcGT@OU9yTRe7SzA1{yH)Zmd&zwRmPvg!)cPmCN7TDOZ9XZV=0UA0*y$6zjJ( zQIdF6Beb`$Mcu*QjZh!eOe&uF=N6sox~afgW>b4)*k=9I<))0EA^UgEb}$-nD)^mn zX5Xd{A{jIaZa6-WYe=jZHD`RLBiCAz)%>P0T{S*)bD|48L=`}-KaozbRE+?_XZP?h zzp25q%kv*@ckP4h+v&2Rkp6v9O&|f4c?4obVAqJgoPJnWlcV5P`PflYzy@|r8NXip zKozv8p9v5&3!Bi7$>%GIR67W9+nMiJe4B0QL06C)pvm;brNa1vYA#kUjOu9rydHB9$T)j9@t=0U-!y) zhB)}_+xZ6jfT}94$107hG8BQgft_f>O?HiGRI{`TQ|iM8WgCmxmIG&!&G7V8TD_-o ze55@x73MoAyQe{9r!(pL_kMhCT7Xz@<*?y_Q(tQIDyPRob74!T3A!4j=AlJvKr97| zyh1WON#y|6kN(*jjJa9*G+BU=r=&n^ce=1e)PL_3nFe~#LZpaw639fw@iIRa94weo z?HFPj)Q3+?MPg*T-|#eL9NIq*owgJu!b)Kq9O^Ow@I1Dsv`x3aze~}?-`@wFrU6le ztj~n{7BJ{t71Kn2zuTX*X;lKt6`Xa!GaY6^M-TCk-73;qa2i`~WhT$iS#vqpRtIXRPNB?9j}!3WdbR#l zS=lB5&h^jZXmsuT$2h#;82#dA;iTxCu!{fG`=cZMD>)ArT|HbC{E>XLXOQBbzc(<7 z&^9>)hfI8~TOptr1Wk3=AZSc^+;{E}bTwwI3CzITp2~HRg*;4XQCVi@^*M$fzi`Vq zMS!@&J$f2vR3n-iOJ0kaci9(nDdhvcOr4A z2VbA@jO8ovRD$K&xCKbfRRY?d_~kp}evB8oW&5BOoI)w?^?8aC#P(?p@vAY_jGG3O zE_=EUWSwfzwCX$d*7y3hixGj*6=!gx4f zFn4@>J_fWa(5fP12Uvki_M0@Jmbm~yja#0i&;vstsQ7Nfi=#nb+y|q<6Ca_XjJ|K5 z$>F8exzLM2Ka;`VfWUtY=jAU%x#s7}+%jf7%PY)RXU<9RauUy{rTNdVa0_v^%^LS7 z56^Efz&WY}l?H<7i<7H$+U=K->^ZbMli(uUTN_XBVi*o!+##Ea6tB>;#t8lKvb^Ad zW6a!bmVr^nT?p^jid*hHC|5?NJ5~7j-9>K|#Ew~F$%BjQ_2{W}qda*^Hy#Wk1r+}l zw>2n~iXHafBgGzVyzN+drEG6L?L1(~WAR6;Z~IpUui*Lnp9<2R&kfJ!xPTLNI~|0} zDWvFG&$PB_smow*VySDm^(tz8w(qN(92Xz@~EZYA4#i z>OMgWRJ}2e!7n<&e0KDMfKKobRa8)aVt*%-W<=1_oyr9llqXIKj*q zZB3~52o{eWsmlxgoH5qF+S}WIlujw6>FYWG;@&VY9$9xD{&U)*fX`EboGH<{(f_h( zHF9Q}%uG)5Wxl&p_i-Q|32grl*89b`kK>0UY`d-K_1}iwHbx*PC#xM?N{1DdQbZ}^ z#%k2zyu2|Gk0aRGiL8Pi^_w6vjQ1!GBLIz1@&O%UA6Bm(_~iyTrthj>W}Jz2wy|fG z{D3rjX7zvSMyT~~nIEELI|Ak-Tx9)95KNECZL`meBRggRTyayUw<}>v4Wuho zngn3>z=!^iG0$D%>)a#6?$5oC-5kC0EbzxxP+p;4BDvyl5fPvMK6^IX3!GQ6RP&%0 z&dufEVxjepcTQ;rTwN5-sdOG4&motSl{+zdi6kHloXFH74Q1?2Y1lAh0#^-W8$GJ5 z2sJfM3|_^oB>&H$ZQ%kXdxW(9`!@ggZ`&cm{?QjDz?)l^-yl_T^DyV(tB;3LLO|BB ze;l`{V-l?sBcGenZ07$g_U^0hL798-vR=(Zl6_vHVSz~~tH(#c%m(L^Z7m3Oo}gyS(O=gRgF0R+ONoNIQSp&(*~UcJxWq(03!5CyqI?oifurZKH&HGX zr5`=A^?Y)Na$^#WW09L@WSm_{ z{@}0Di2-qI=)mOfxv>JfC0F4HM{mP_37+i{%aBb`E8@6FuE&H8y2fDLIa;{a&Mv1X znvjeiG&!9j;QBgF9NA~?7JwgdH1Q0e9j{boulT-BbNo;67xwR9;(eDNDTRh4Ul0Li z3o|glHGbjwfZXt6x9UB2<#6G>BkcD7_t=g3EkUDf$h!X9!*1-={!=lJ8va(;MOYFT zcJhJ+mMY%8RPjANw|zf^LycJI7W zo`b&Yc=bESQ+Tv%=M9ylzXX4L?(2*1dAEF9w z`2>XBR}`cl{-f1713t;0{*%E7_DG~{hWU%l3OlWaPyBkA=f^^zf9rQvC_cVRZX$F$ z8!!Km8!()N?HhxSO8w6bW|96n_2UNJ_I>9)Nb=>~q%!nAcjO1DD$jjCUqsmM^9}yV zXS8eYXW1i)*vxMG`)-0hYHPf@Yg?Cgwxz(HuD&A@4L2{e{_;ZvE!pFo*jlaO+-^R0 zJHx^I<8Evp>|C?k{@u*L`|j`S><^|ZERsqnj7PKbRRyC%cpS=Xcp?gNEfvVXH85c6 z+xiawa~U@etF!4mQ=TH7-ny!Rb?kJ1O7)yx=u#_bJi6zZ9FU=BzwglE78ry2;~syX zYy#8S!~C&#lnqgSi_#jfGQH(W|0GXm$EmRbzl9u*3;ZKvE6dGgL!X!`e1@&K=%e>>i?)tg8gc7uMbw9<`2{lJr^OTxi)0aZ4 zPtSm1kOGqbonyDJ_|bH)zb)w*)zhAOz@c=~JU-|}$KAz(&fBp+2`X0R#cdMHh2S<9 z;_Wrj(_h=CBkF4l|cGzdPqWIkeb^lk+bO&7T^?i<{OvDA2Ki9zxCbX)gTp zq`|b~>fViJGGU!&Ssr{{lz6!GK8>)uLMruvGTC7cLHn`*BXomi$lEHvL3FniSOHaD zoFhpb#zzTSTKJB<@3gC4;0kd3j46??qORx9^0A(wC0WL<&xJ~(VbjWL;pzb)WA=wP zzAR)^AwyOI{{U>v9%jb&2q4=7QvMS|3@ErkCho`+d-0(~7b+HDSs8P+d|+c>!fh5LN*)`^-g^f@inPc#B#@}foy%h=|V6y@S|Avg`2Wc2bluXtz5+QF?sAtwwQwemSCd-IbVYknigB}PEwYv<7D7*t96C-^@RRHrzD?hPIk-Ks%SEP+?nv4jD=%)9%Mv^(knL z+OK?*vCj5$hRw3D-arvSwWJ*0=J-YXsTh9~4_C*j%LN^*0WIZ7vb?9p^24JkHfmyx z9q|Jhr!^fsGHz@c(otmL7HC~y`)Ti^L-eUKrIq#S{81lg)S@m?HDgnHtYo@!5?k}up+S8)Cw_>97?St& z^$Wf|7E$Nzo+uG!s{pU}66xm|qrLC98(Lgh&`^X9QlIV=!B;# zH(|WuXo_Z!7&;vku99CR7@QtL*%v01%29$&sG$?CA@bt+#L+7o)Fp#92}FoqY^R2q z7K5qYvD70hO(|i(&RphG{V5z1_}vY>=k6^3=O~JlDqIsEB8S_2cW1pI!N(mz5M{g)KB}pgWMGpyDw zQgoM^H0zacZip#^wzT-#R|!6MqSI7Q;(Xzhg>0tWfE}SawrXV-;FbsNf1)(B&UUPZ zNmreRJGXe)FfZ2_Mx(;h)<*{dWvUkxY4+>qlebEhU`>IAtZ21rvTsbbdcPg*n$K7f z1>ct`?ZGP3$Gm+U)}$*!*qr;&LKZYV4aWwGNC-Ru#kL~1l&DW4*s+FR%gr0r$9+l?tHY{rroe-|)qm2l^u_U4P`R})9&!+u&~`g%(oN;S!WAqWjAv}#F$57|qk<_t8I6rR3FjTUAp<4{Qk z0#L2RjGwud;%A%5*}A70&BE~BO~zhG#37JQfiR%V`xAnGTF9UoEyR>MRh^Ae4C`K8cc>(%Wy!2QZV%^UVuKW-U9T@+7~e_zeq$bQfbWxF`B&R3eESzhQ(J z(Gn}NvM%74YVq~)uMNveE-DUgVrb;EI1i>qa18>}o;6xK61#0^KP<`LrhDd6cm8 zcrUK!Z0Ev45nub7u`AY*81e#1i(62f@1Txd;|{kHGTm&&>sZy$X7a!S9h%X=a#f1$m3zeTgb7IjicAbcZ7- z`aXg89fmpv;28oHw+*c_Ze<`p)hzBE5lke-M4tfoWx(b)xWjdXYSdkGXK0DBv{~5# z*;8M}h)T$)Ji_64vI&xD6Dq!ptwac?Y`%)JVnY41&--qbpzYv1L(5Ake9WyfqNf1- zijWGc-@fbCagC21`-m#Z(;DTnw8z){!<&p~;Y~5^fj940Ec0f|FrHVSvZq7mN15}Y zWlJ>wo*VwPfii@82h-fBWmL8`N;a`+c0WZl{Eis=k7g+~(ji!VAs$A=@puF z-$3qqhIU;=iI)3;kJ;H7(9^F5RT%Rf+0?i|h$h6pj_+W#Y3cD> z!LKfrSVzkVV3cCJ-E~Y;Lfc3!Sci-Y-PW+W7HBWt0Lc-yVst#bs=DOz$r1wL`n21b zaV<)R6h|c(WT3#n8WgR^psjbkT)HwAtGARPFcMaoVBkqQmo}&`YEG_p5@CEelrd$n zX&>88)n8KKRr)0}JHh7yE-lz?D^s}2ec}S}1i;W>Tf>x~oSB zXwZ^=cRedAqsn^AN#ZHC%tw=MTGUrfuhE|#47cj&L6!GZXX`DG&6jUg*ZjmB%;e$5 z-kDEs!&@P%71IT8OV^@Prqx^{SEBiin*{@Cj_#A7UkJs0i<;D{6tcy1JP=;N_~%R1 zK39zx+M-_4*4jo;GApOw7aFh6x7j6R8L3=Nei}Q~*Hyqj2h_xy?XnUG$87z+2k#9x z&Y&r{4-bpzry1DU!dJE9xvItplmz-hM%q&oE$7ogw-H$7$(gO0gRX?e3-Ro$PtlSBW)%_JJc9Cj4G*3sUxsifS?(p&mNv>JHj zLeZRXNQA7ehX1MF*m?dOx-l>jAi2R3ShowIv90CILbt8Jv10kv2@Y6q38U|)li z3V&%;-mKw)Ny6xW8%0@Zy8wHEzZAO$d|*$lrEGfGurc`|3c@>&)+~fNGCf5Z3kGdt z+0tjwI-)_w2&%rKnFgUZKEw{8xZ`PQIqUQ@j+!RIQ1j0kz1Q2KVOpb}-!W~n6x zY~Uk5eGzX*F|;hHM9NA2+}5H&8yTUhj9V0@{~B9uhE6!DSznm2G_NTTM=I=Z2Q<9= zD~NwStyvCmcEg>=uv^TVM`P#si;G6Pnad@KBf*|&frCRY>4VC9;N)>#mby8@ej~nl zAk0-wlSvw;CKqg2OGJkGdvvKd zQmLVW$fnFA#rmVgc)JTFG`ly+h@%>{a&O}HzX~mlj}Q05cNix|k$Hi***Al@jk4HZ zG@3YFFfX~e=u{-m327MEt|0^01WeN1IRQ>Ke)KJ#W{Tu3LQQh@T1SNz7{fBGw76>; z=DW&x`l4k_~eLE(dWUv*CY+3#&+@((s3i3gSilk`z1gpAv=|xrn~d2pbOKcZP0?B6*Q}Sr8OBQjciTdXQ6a$0LxlW|;6gL&!gLTw z&0%zc3StzaOw_me0yotfLXsTeZuLb8OH@M5CN~p&p{qkQEXhMl#zc$ZrM_6UQl&ZW z|MCV*{#tlwY^SFmxcr`o_|fngYu~ zY>HFLizz-vB^+3aq7LaGOvI)t{jiQy%_WRMTU=OYT`-ZDx9WWZP zu8ex1Nze&-@gc4l(aFGT7*Xt(e05fl{!*S}#)Fp$KE?=X&84FFjXYsaUHXFqV7X+? zE%MxNi**7`M-d^Ov7N-4_0+WvVQKR*)@1KyP@pFQtG~p7PQZStV8IsX!@?+({)Ux? z*cf4u!-T%cIU7bCx6rC438ia`5rl)TVv5ekcFvLe=c3fq(-*ovSRyvY(am5}jvyrQ z3+EC{^AHAHFqX&MoDnXPM&~oD?yM?k#M|qGZwD%g;?JN%V3?wyEGhI625*J19Mmn@E+Q2tOTf>p6z^&2GOB!J5Zp*;qi$4BrRBc?tp z8q!(n$`cK6q$w^Kd6h^;kNZZ?Utk9I=LRs5!S(dY&ey5jw4a&?^%e0=8VV?Kc-TCU zJXN^3U2M8OGjpFt_gOF)=FjhGB*+Eb?`fn*vyWhvo1d;OOxl^N*y>}B_;sBrNmvTf z3{%Dl5e938#$J5&`>JfJ#ds;qn%^tYGoJ2ovo;9?YO3dPR5ULRHTyCTDs5JWGEH7K z74$49qoyI!xr&nwn&WF#aekm4>`-t(TMVdf4IF*-?R=u9y6dV$-g20>*pxJURKF)W zABAn65|lu1L<(aQNbUHyAtJa1fn_x*9J$p0qejvKeI-saBaH+?0*#CXx<_G)o8j!{ z=yx*f5)rGJ82sRA6l?T`-|bn32$51nhAA zi-e`_)oJWcu~5gXaIGF$TW}2dF=AE4sij4~NhWXaCU?-#9JR5_O7HivCSODdEY=;H zvheGE{7UgkSUxLM-iB4@7w*~BcY_X_h}KlENmyD%Cjb^dskwD(%!#D~?^T;^bS$)C zwQGq*!bhq1U=Hga4B9$pAB{V1;qj!SMR$qTT8wdFjj;1417{1%x1I=VJYT?_#KT}1 ztX-G&COtOEpq_k5ROW&mD_*l+7RMM=(XhU&WZ_?;qzHrdMc&$&LLR zewI)a78;E3ltORB`axS3EFG()brdN!?b_0Ey-Gaj1k?>WL#-~fLS20GNva0+kV4?K0KN5^2}7NR61pmGdGR#i%RR`ty`kXJAJ!CTu?AahbLS?95$k^ z=?I&vPb~rg>amf&SVYMsBt~*tCoSxuDe11OG`dfb?f+5J(W#9FjX=mvc%?_wsO3vs zVA+cBDqD`Tk+;K#0m8HNCfEu+U$vc6y9#A5LWQiX;we6knNILi12;5h-QY25;u|@zLF(K(3a87BEInY{EKN^sJjt_tL3aHUO_ zWT#{D6jo`=W~ud0(MuuX{j6gjwIhfI@_~dz=x8=I&p<92_kKvr8r#8M1Vea^D8Hw0 z_$}mR*SNIXTzK?prRm%is!0AX9lt;te`Y72aW=Ez=$>q8K#mn-$FVl;Z?GlL*twzQ zs2Qd16DYN5qJO(B#MUXnUo?bgog4E=^fDHp6YS`e^1&F!ihmNluBqD-AK*4qnF zjz2*f7q-CK#&=(`o3|1xDL>7M*;92k5GaM|MP`=w2$0El@R-%lEn02q`E_?!Ce{*y ztvC$_Mz89t)A>O_j8OFjElk-|t!s&GdAMe`0v#DENH9oUmhgZh!A z;A5n!?2yLk8GV|6Cr%H&y3!AY0fG%7I$xIY^Js6bE!ko&FNx=)cckAO!s>^`G4I{9 zK>63-=T6=0d$fj}TuSqcyoB4vbYDgVyHM^e?tpJ-h$GAIw;Zp{c4oH)E)vA~szfXM zPa0UGrGMKV9fLbM>9aoy+tVzjcX89lY5H=>cHT`l!ukAs#P$0IRk9=G(!_IKZxY2L z@Y7I&gMKY8FASLK6{vsv1kW+%f_(J52nd98xlyzv(+?2%esq|AC?B7o{sZh92JQCR$+(F-^}f+Tm^Sv z>I9zk&^Vo6a+9|Rg+O$7cmVNj+ya(TfX30R+Ww~s8`&tDl9)|XSGzK%=i zfjh<=tf4c*CWm*(A*d&^UL$43_8|62?@owkQb_Cl1B|N}iBgta_Y^QtQs8vrLt-Ek;AM?5EQ%u77N=A%dxKQOV40K;3|^plCuLyf|hQbH!z zs!dz>(|riPNW;!mqR-|$vw9!pgc2{1(1)oJor){Eu(K`B`REKN>{X|Q27JRWByA!D z!|HhX677`aj;c8xL7RcGmKLC0we8$jKKW>Ga_wmH^ST>r^H7D$fs`L*I|FJ@-Vz&3 z2{t)#lYD%5k_X>VrSlE7>d=8@C#&Yay|4is3 z?;x&w^maPt4vn{P5Wdl;F$Bw=r>|?GDkJS_cYJ1-e}FU|yj1h^5B-pi5?tWRjm7%x|I}kZ! z6<=C*%XtYPMQ;N+1#5?Eymxea*2R3ZtYh;5;4nTgZCyrboh5c*f<~$=U-0Xo%i0(u z=>|O?90|PPvn-j99;ey!_r6>%nYfIi0a(NWNO;ZK(Selk0 zv^yp+Qm=||ML!})&JBd71vW_LRKbee54_c2z7A%>8YP=%nro)do`nMRTQ`|*42@vA z4f98#wMFP9uT4i14V5L=ZrH+1Zig;w3;`FIJ!je)B{#tWwmOHdliwA@Y)XE{ja;mq z-jL@v@5I3JsMBCN4^4GcMi^GubDA%?_2#f#S0}lN3ZQ=sSU>zKORC+d$wi!(oA?pl za3g0Z%1mzJOg>s1S}Qa1sXpBb+c2L?FZ8xg3-*Y%k(;=kkFGP2ze*|emis){$A=VTqc8P*fnT30xOC))Cehhi70v=$&SkPkUC3??n1w2xFRbQcWc-NP0g=6XL=&T-PH^ELl)CTD(m z6$5yJev4_^>Hu#z$r7bX)AbDG3gkZxh8>RpZY+I_3K~z1s%%oH$vg8Lr#aqfmg4NX zAtS@UYjSSU{`xZs02(VXZ8b-=Z!kvNgE|e|Z}((q(<N@8`raN|V zIymOh+wq~ph?_-r&b*6XIySV$O5|Z4AuUnTorf4k}rp( zdCYsib+yf_@FUMxrFZHyj?r^E_2vBGOJS0o>hlnUZQj$O5P60C_1D>%Iw&ga#3T$# z+<~|PG=ng-QMCJfkiU|Uj>?Ca(zNW=qQpW;Zrb#fz}7ah2iOw8x*+PL@^IRlA-R&f z78vp(g6E=FF^>TMl+wVbnIYXSSTUtln0+%xHWr#~Nl|V1(G~}O@dqC^B}5q4JoZv{ zNJ`q)sf|cDL&LvHac$an;tjjQ^|Kj^mu(m}WjC%V-$ssFlcIQC7P^OAN(UWsS>=OP}X0~Lw16O#(cQQWvn+#r(Lk8SeNU43y( zvJ-hN%O(98Q{@KBgSDMrmu}ihG7obiDEZR2!3C-Q0<%)s@d4k> zB>Sj_^IlZ)Bej+L#0(Dn?VTjT?!*P=22n_p{T>?aPE%xhwW`YT5}^y`zD0hlBk{)A zRHP=Wah5#yQIuAR$SKAtG~m&JtJyC8a3*U}I=I&FW27!|c+`Mr9$&?;YqG^(VGa%y zjz=j-)t5acvu*Nb13Hg5T0tO|_}9lbAZZCBSoKFD{!-rD`wb$=l5H9M>f_unL)XbG zN)ox}(nON6yWM4L=^;WWb@kZ`jLdebzp=+k42w5n?fWck4m$`kV;U%M({k&Sdegwd z+p_yPwWXs^JBCT^?XTV4N@KX*s1K(SOqM_x2_;R)#sXAJ@ zHH~4DUKSJ|^obyQwxS@z$iyx+M7)a8s8buHp%g}8MHdn!igwI;ODm(e$hBvOU(H^= zL+T4;(ZRh7nKSHrDxs^FrPiv{#YE=<=}T)|O*|Q7XoPE`TQK)hwP1gM43N@=j)XE1 zvzlDBvq7JJc@hF~evq_lpupR^MJy>hhDYswZhUkv6Z>`>n~cUxqk00wyom5 zLh5qq!*|)526AEM_oIKCtCPz!)gQ3dA8@jmI!rLtS6A%H#s(h%#=`A)qJO$6#smej ztqzWeGo1{@RsWXI*SX_4@CN+#*=_0@-9B|#`c)4p+Tgv#2~ijD`oJS9OJA-=1}-;pm%QG{re?r0x>A74<;AMYC*uM#`hQ3$IzTEJUsP8wrg$jfSf zQd2W+s*^e!O&)7qzC$9FPk4C;4H~Gr)5S{c0s#N>(k+mCj>(Em^yUpd@Fl!DBa!z? zrm8HC(UG&>8@w7_%4@kQVN3#;`cO=ai!r~%$Od^c{sCWNkbu>U2%(LNW1<%>8?(zq z1~|pcgF5-ih63JuxVx{@aAy69>0GaRMGa-CJCb7gNS=BM8rt!`=+&i^*-g%6z+#>$o) z;ZyFG+1iSoAOMeomXCJ)L0fa0iAO_er!i=R%@n@ZKfM5Va`iGQ&mhoOZX#Jor^!n?=OJ)b zs;4s@y;hGN$dUSK0pR!+`Vo3^6W2yCh`;9M6)l+of5%O&;G%rrEgEB&Y4Q!fKp?*w z2!+PV&&Duc`$WCT9FH`Z#gHut9<_|b_@Jd^Y*+W-#@szTS3%Tmxdt;g#DSM{Ercqj z<-E=8s3z$<@*ch4P&2NS%);G}*{5dYHap7}2SA61i(0B?Yk1~Jy&E{4S#k;lK=^`j z4M?f|6o9p&pB&RHg?8LIG8A&v1eE|Cmo#SlayD8Qr66C8dG~w1vVk1KV9Ct)jzBmH%xdol(cn2^T1K{`4)JJM^!;%k)f{@3WT z#9o?vIlYS8lWn^udjk{})j8q_k#7tG$$4P|@1hdcPuv8*3|s%Oad@L^1`DptYu9T5 z75dteCX zrBLq^ll6p-GUKCf$Dmm!H-b4DBZQ{@>pUBjq(i%1DpfW$susP}Y1(=LVc%jS*{l&4 zm;M>BGV&3%!l8ZW0X6;O%=-;c7IIg3MeIredC27g^&TFZI)mWeH*Lkah@nka!PUzN ze%q&$4FkPwS??6krW)=c`f}3xOB{Jp3GjAM$?2v#p#DT(oVGGD+x2geP*Lzt>tXa^ zQJ1Wb8zC`f@j;wL4Uj<5`k{Xtt`d9mTn!;gOGyYP=Ao9XTmfiRLCcSy%&B9EiPEY^ zB~5~Iiil)nG6nO)rn3t7tD4xkPl0F0s!}v(_aGJ z0UnL|M+K}79+ejQ>L^!_csYw}%kO3?35W)H)tt~H7`h_KL|UI)t^5=&l{;WO>uYbO zU)#{Jn20|ydq5l6kvG@4KIgS_pzfyfGfp7@{#HuS?Tn%1{fNlXpX?koe4#q4VH&ctA?4_$Bmu}&9YNBbDTX35sla(JXjfvO*@RF)!)KBA;29~QY)G`q) zw4<`;#jty+Mg^$hjl_P0i6>I(@8!@Q&m1I$cb?KF3l z+L@>MAOkC+dKoa(5>%kEWWl4@{4aq8_-j^IQ!V(w&|t^*d~{Vl`t*LJ>S3iSv-C_h zWoWiitv*ZijkcA3ttL_S*BOyX@fT<)@?mes9ETx&PlI+L({an<5xeWHv zM&t|RWVJg+n~S-KJlvt(G0@d>t5+5JH2EMgGhVEq8k3fwVC?qUtS6&3Xzw;ghGjZy zku2Rg^{(k4qW|(86O7yEnQ6nQP>mk4!b0H>LH7ysmz$l)7t_Nakg2jc%}|GIDtoW3 zP;BnO8^-s2AK{qwDH%Hoc9-mcoE-RYgd6M&ZW~GI!R8$vtn}|z+1B_|fb#o|dcljC z)M!nG0g`W+q4PxT8KRoy{gD06CQEwom?zg~L5k{66xvkup=s#x0g^ixseGA;KgA1p0Ote| z@X4g*CAH84^kCTOK13k{*a0X=#?`Brh|(2|mLAI+M}tVqNnei4s%m`bYY<B$`pBz43e85df_ic(Y5F@ zAWy8NNgNG3Q{z;mvoWG=jWDszBY=cCUfQ!e(V@jk6ddphV%~tmnenL!$wnTZUGV%7 z^JU$@HN2VnI>k@Aw?=m#@vU1=#;amJ!OC0evW(8zhY86m^DbUehBCkiB_wn4M<9^4 ztWThnEEhaVZGSA^0geYM-vOtI&UysbHrGlvPu@Xe4Y&|4Q2Cj_LrG6-H6~0qWCg?O z)!<%1>k_G2r5%ffP`*VOiRo1}<3+y6HmlgyeY^mDHkIo6fCq}q98tm=*=NxJ!qb{K zr!XRC7;PJ0mLI8*qnM8_gd(lmx3`NGdzf9IWE1 zC~P0+Ir?mxtJ%ASPAU7(nb72-0|NVZ~ zRliRVD;TA!*}ro8oY|7tISaD@wRP4dAYiC5jAEudRT^Iok=g;l1u4IenFep?;y|P^ zc3%94>?=7qUW`Y&clOY=S*4&2id=RCU(`kH#kqzW^vA-W2!cZ{bzZeaI?dH6YdqZ| z5q^VrKne2*R@J|!+laBftqj@Kd<=k-S zrRSBnQgYAC9*2o=>2sxnIfK_`>DyL;`7jUboey^MHz;qo?sJ|MA~!K<+A5r?^&1f} znX%C!Y|niP&wXT>&cp^k!f6w4imt4LxADgk?e?l~cg0hd=_hPjC5m zx(MJZ>pB4^55z%`u^P0g@rnFOVNY2Q8GuBL=eqzU;=`b%ke?)BDn$CAy^D9z?fX0C z9y#b|oXC$lLKF**XhqNt5@hD2cb9_vSFCAk<91R$I@OGK(-EY(-^|t%q5i+;*DDdL z;Hs4wFcft?xPd>}Gaa-dRgR&Op)F+Zl6BRgWQ%>yt= z1uj2VN?FzEeT6btxfZ35`f#@lTcu7~3@QH{ZV{kW%ZTRf@Iso{+v;*U6>DXjN;pep;&FmhA=&V9+^r!Qnhy)Om@O!>F&;AF< zryqXaJU3?Q*lU4b3LdfV_JV?!hM!&IEgk~|o@yldd_50}&6sP5o{a$TFxJqN5il<_ zco=~|Y42aoL#rPJ*y}sEBWdiA|Eyx@zrhmDgp))MTE_B*s0%1+S_iAD!=)O?$)=l9 z(9{vQBPiDlPggnpHV3|HabFvc{wV)=2y<`cY91{2x_eVOvhSLpxM?UU19n!EaH5j4 zVcKfcV%GD&;Am8+!&E9YW53w_7o1EZnOdBzMTtG^3dju$yw}dlSqrOYC_|I|PN9$Z zS@~%H+@M5hlaQ%MCloR_sMsu)gBUzKlsOZyG0Ye*s*-lpS0{8VHsCJ>k5vVEpUAg= zM2(Z|WHY4fS$8WPO@;>2sL~+x>yZ3Ce^0up<0DHePM-dfg!YS_;JD8sj?h_w0&2O& zO>z*IjfnXh)Ps54$=v56@!U__-*vK44j>nhdtu7&bsX$8V*;ovblG@Si@1}J*m+5j za+p7OFCARy+G$X2B=$o}D>wgT1_@wpZqwQNqr(o;*?1BRy^CZ)*Hu( zVKoOqfigDT6r|CCi~M{b!sMm(d@HD0(Rqk7-6PAU0i7?)cD0p!OHj$VFvyD74I*L! zh%z2&hhfT~d>eiC729o$7ASjEl7s|m5To8g$)&P_y1bjq96|BmWx0vg0inZM=SmnA zC-O3vSx960HRxPDFwd#^=#dIBboh0Y(|qab1VB8-R-jfOBb{dXVtpMtnoFYFXx1EO zCy(Pjfn7&0eXP{zsadXsI^~wo+q`%_G3KavSsP?~eLB!CAaZ@PNCF9(H`AMHwfh1< zAaof5-P$d^rB+Xx3rch5pT+b>cGI72{O2!tk5cMH+| z^!Dd3`sU%ZKdQb;&pR4Q^fwntGZlqKux~n!{>_R5)o?QGw(*m) z@TC>0;+p`k2NnP?YDRjt|AiCzS|`&h4uP2H^NPcYd&>~{b5~Cre9$u+nO66TE|Ef6 zdN5Ap8JI>|?>mjOP*LRS#)V1KI7k5PS)Ez^46W11MqEM#(QNntEKrjIh;ccrq%q{- z7}!AWKd0z{L`mn+25&E@;cZ_4?MS+B_Q^#IUkzm8%T{6eOpP+@uDodL zORzbUr7qz|d;nzj;ZHfQ9zE4%L`V3X5d{`oZeoyPu@jQyRqyT`~%CM*9NqlRRp4+vfY|Wm?k&S_Y_+#cJygGP;tT5LGRNEE+4Nw*v z^ecT8+C^L!^UW|``pZ=Rsq{s(DFtOI&P3XL0-?mxf@y0K#R^bI?b0p>fk9{tEdT#Q zu4D7ZJs(8lszcX5y`LtVi24qyO=Uuycb+@silhj9S)-+foOGWog~pwy&Q#oL0X2>F zr%O6ZO-z#JD^U|_ zO<3}VabxeMr<-mZB_==LPtitpR%TS{V1SK_k(*c=S713}j6&w-q+XTQHLXjWNJ8om zQ|^`#Ra;g=Up4=wX$RiCUR}rbhep`X*YX?ENUUiD$ay(7MvlW{Kq(OiXeJV!`VL+# zsWf+|6702j#^h)-SZ!zMPN1OdIn=~}&RshQCv|32E0lD-tNR$)A;k!sV*!JaN!p`OO2m%AXbiqs8^YdP>xWSf5L;RVNc>Q%VIk%%?;0(COVm{k% zyHPXe>U1)x@Y?|7wtTcG9O~Djy(=~XWJLcnW3!Z@O!sY+C}R!oDLWMk076LX^`xYQ$3G&etgA;MN4>@P!QXOLK{C2+s&Ig)XlX)7qHaC)}@+_5fg_jym$ zJ=AdRgDVl@D!r)e6lylq3h>}cz}#5nd_2gb1UY3{@>+Nr_WCwiq#eog>8@JDkbE>o zI{Sk^$X9zs<1rxiKsSin!g`K80xwJiOp|vSG2wa6wG4<@R+*%RmDW? z`_DcIK`j4{6DXkAhu#7}1$<6j{HkkDHU%s%JO@#q&L0mzuJ8r|y;m6ui&iG4?s5=<6f2I4&kk2dbYJ`r5Zy#YAuFiOv2;QKe}PYUDi{_!Jq_KpP(__(SfM%8~Zx4MpK#Z7HcKZ z$n(3#_I+zi_WQ=V2JU~?*#EwbEb#x+*nK0f?;5-MwXtFWxwb~uc(X!XByI0D0ieGv zH1_zVE$)qdXb9MmBj8E!u~yFNbw0S)SrA`23t9j6l^3mzei#ri{^n68u{$elzH4mT zKCt4z7`Yn6#2a2+(2KxcBE-1-%0{nFL}LjiM~%>Fv)QtPcjzqEh)VT}nzp5u~_ z!Q~B3wr@Ov<`t3Yske&&(&MaBUMSF^mM;cAafDG?*BkReQtv1b9LUO6%~9itK2PQ9 z&gbxDE=jea?zRXJ+iPmJ%2Mmmq;87b|`nFky?yivLKwG~NM^d3LX`E_K~% z{>MsWz9UwRYYpyR0xza+zWDRk7aJ3P`=Yc;?v-v=`?Y_`UYP94`^fw5n`cFw-=-ugv6J zxTO}X#||Yno5)67NKWSk+Fn}~lNq>*C5N%Xqd|xJTP8Oh#qu6|0~2}5Ms*y7g^k~|Fyxfg)}o#Sobc**B26fm-2~UkMQBtyIbz8LyUf9k zqsGR5w4hG|^fzuW{o3cxpwDCQ2CwcA=s}aEluBF$60`%T)b4Ds9V9SdSXhx|O>f)tfW+)8ct?U)BY`-&oc+)!V>#9Nqw=}!83>Yo~rRCBcvhv;#)kVz}os)h^rVH(| z0~Noz2-QWw%6w-Ny0`Rr>~R5&REPvIT#^phu}>86Ln)pm3BbZxur8xHPxtk z;*_m%>;Jxfhw#ZH%S=^`BvK6vS}g zlvihFS*@UtNW*|=#oVB!{z)etWYbO$j0B~(WBo!;2hqS^BYciQiJDTai-)A?0DgeP zZhU2hKLBm3p*7Hh62Yfs`{$vf)>txDDp=s1&A6mWgO*qR`Na98b&a<$XrQ1oeTII= z`>C)tD|4|>n~A-ToG^=jp1kr@6_S)JSntM!EiGR9C(s!Nsaj#(A=$bhed3LGKNY-pI4=T*fIxO_ z87=2VFkY|^EK1O77f?g|b5r07tk}M`=P=NwHS{$ze=JX`eEKh0U%Q~mMNAO=$uw^i z37Q-}H;_GZ(E)NQX>*_-x7=sNBZ-%urcuFuKXt(>I$_Cl?BU?O0s^=%3kY!P!6(kg z#rIVgT=2mU+4I45VKz{w3shXkgH9gK8KwS*I|%oN!XC%W&nTJ7nHylQAQFFX43WH5) za6VPQbAd)+ZE|NU^x(l@uzrwI^B*w^(H>ao0eh8I3|127#V>Vl;3e&Otk)Vo`?03G?s z!%HtpTrSX)q$Kig7_V>ijXQCMG-c-<+gm`E69iDe`WkMU1^~dWTz&eXKZQ!Xjd`jE zHhWzMLhxo&2+pO63PJ`&gMetZ`Z;Z-hkL3dhjdhxEkh_A+Zz|EY=;)8oUy^F092^v ztwUmzwZ|?^ba=VfGu2h3bp7-->CqZms#8vPf~2$jCOsY+eW}*j#-TH94sKg5gpSH? z&i>+DSU4C|G9rAVU@nca|ar4sPtwZ7*dXCinEi!L<~>0ZG{>u z`<$YwQ|)V$=gAIeSJq(%Ie9^TyB2^~D{eJZ6(e35;-KeLPI6mMKI~jtQwN8-v1b z4rZ3XLRWD?U5>Ew<8a3nHa;(AD3`bxx}1lc>4#6eF%ol93TF7x83f)!M;GA+zp7>N z8UO_TZ$T;`g&~=gBz;(&$00s3@|8aFBji+TC)D3~i6VgWq=L^t+Kirl2sc4_05h|b z8nLN?+Gk9qV?)<0ED9b9>mqN2$v83`1Oc#VBWxT zhJClLY$Mi=n zpxO&Vrsw@fl#z1cCQ&W~;A`%9JZ~}9uB822mQmOttR1FNm5?J*6J2g2p)oIV#y|S~ zb0I$`&H4=mf35JQQAX~I;kO#u)H!kAhJ{7hWQ#j!~A_ z-?FI_t#@aM08L`O`U4r^-_e_5RB(6@@gczdSDx_T;s>T01s}T1Y%yyA3eqZOTyFH$ zwP&hnQ1X3~xs5gnpd!;o_92EkMpf-4BKa=Hk?mgI@oMHJ?7J^pVEnyw7vqHC3Pzm?-cR zBR_FcLPm;rln(Dvk!@Brq6CbkC3s7zX;kpd$ACKrF@82SIcAh4;~(`lEdi?&80;Rk z{FuHicK>w*DjixI46Nd)V6cJ`lG3;9?8m|{0*(+{HuV(%=LDc$>FjO{3tnL}6zR!` zuuHxVdq%p=+H*&#!adv_oC1^4Cxv&boZHnWteWV<%Mn)7j%vFyrxVh^nTBP1`8Eg{bT^NVxz7;gft4eY*H zS$33&R5>JqZ~=nrrU#G`@WTZRTTI-Zk^CehBgI!J%&GF`O!olZKFlYw+*fGX&-ZX) zqGe*Vd)He@gh!^*TyqR_aEBTtCLCz&+AeU97*E52Wu+19WP%DCja+-Ky`Q|x+HX@} ztXnr-m-+p!(m?Cow#1UNY;X?!AnzIg6yVAiZrrp>X{p%bwHm~f^Wx>G`^F|181Iuq zvZJO_gg%y>TiEwJiMF2DRFzUx#+uLUw@|4Ld#=7rvJ)M-q7pNc`J~Fi-F-Ah!J%_O8UF^RpIDum>nu~M6{^D7;q3b2jN32R*F z_-*-r-w@$Cy`IVq*Sh1tY6rL70Y}q8(h`Bz9>Rl71jsZ{&Pn<8{OWkM-%>ZRKysJ| z3QboyF~u--<-oP@&b+DaiFFJyBMF?UBHCq6k)~_>FphNN4w{+R4L#v9{jy%;VAfj`8c50n$k883MN#~{)hnC>--VUF9)?9I3USC7N^|j<|S{#jL98b!0Ur(qeiFT|9gaNpd*6waPi~<#Km- zKP|;722<^D{l@7!+11b@iN{X=w;H1RLWiyIi;O2vpD;sjC><=ySM5FAYFJ^((>(=w zi~yTAdaA0%h4hRGF@c^v4d=l&khVrQI0afMdSzM!9&@exVsNQ?$!(~s3?&DK?8wQ2neoU2V$dva=S zQlG)1`X}{xlmYtSuBC09i-LNgR8>hbZL?e`SFkT(Kd9`+UBQwGk6c>>MuG%o_$wb0 z`)`eM`VRp8+gL99o`O%wC{!tstfyb4KTpo4bkPm_?trk{4#{1_RJibapJa&{*UV)H zk4=6sqlCY17Vh(2bFcYzgU)UL#?Y7+3PJ z3qje0#YEOJyQ6W~JQY)k4Z5CRMDH{(ETM~IQ6pj54dBk?3sp}HRFjIiRos#hRa-mz zshy7nK_F=U2Qp27eNqHa1{7GA7O?3iiF=DD+qepq23Qqsk06GR4fO$)PGAm$ph%Di z&&{ENjNhJD*|!GI-TZVvHR(R=1&J0vVB|6NK8J3?8GgIaf6EcW^%omm@4i=)ltc3B z1R-JM3rmSZxw3m=xMR~h#Q9yhCXxuB%CtegmLJ`v=&z}9vyKGWs6dwNLK3;AlII}uBX2q(KLb-XJUQWSXoiXrp} z5TP3j>S?8JkZxS)*uy+gNm(?#kl{tjY~d*?LOx0T9|_qGk^Lee0Z||-ZA+~W?hXl_ z#%($$P7<3QTT6KYh__?+`&$SNWOWRZnz)@q=R&56W1MbW_jG0C(5qu^MtX+-OZN7c zE)*f~QtYH|&fiHn-BJNU@wSFa#$7@~(C2xVWd6)*Rl&y0P6>q~4F}?tDatZL~}E+oJ!qyz@E^RzZ0+= z4e*`y7%&)-0DZ~Mp>kGg;ksfD52>g~e8XXl7GO4C{@rmOupd7UuPIXcw5SKRVczF} z^JmTBQ-fFk{$cyy+DErNeD!Jj?xfB=yZx4};%_!p9lkOw>299%`B%xkA;W6JyI6ZK z{j&WQ^ugc9C7xA;k|^9&hnE`)e>8X3_D$#efyP+NcY6z$HEGWi9@)_frDYO{zq;0F zD}3x7y?JT4O$8lUVh*K{9Iw{&)fA(4o|^o#Gj`}>3E6+nS9{gA z7gZJM#oO7l9fxI2@@9i9Yhd9EkLKyjYBzp_7Y{Z0DrdK?Hxk#)TEC zIrW*IiN0!7dGmMf`sZqjtWK3$wDUjG!i~_2Kulx*cd+Rb=cb(?3fG+i$R-tfX0fgRgoZ4u_^syYeP^c=>-{4}Z z=4BRBdS2fbF}msz=ENWTtEkq>7@IAj>|ug@LK|c{&}-cA>mR(Y8jx7x$Hld3)OB1+ zqeETsD@*YjmaK3c$^LD>e3^{iYvwJ%EPmDju72!UJupT6_5;gj;e?atr$yo7@WJ1v zQ&E1RWvd!+g+PZIrMH=2IuOO*#^)C{bG{JSwm(J6WdnJM%<1_aUv`QqW}MhsW7Vre zkuI6~eL~}1J?^OOc&;fvAaWw1u8fN!ReP|aJ?$7h5+5B``_JfoykJ02uQV6Mb2(mT zG&%9Y^z;^=wjVQ>msBLh{E3mZw_H4$=cc67RqTC4mU7x9hq$UpS1aUD8QJ~fDO!lx zcw*jAmd-iFSTX0NBfxg+CfpzY#L)%p4B0IWLIvFnfkl^1IMbX~Y4LIW=Qj7_4l}rU zr(_#i6G~_A=R;!pkqLC1_EAt;2ITUZ1S?)qFiFVoRSCbiVu>s5#l)4p zl9*z|DcYZ0gSwBO94+@1Moyr^m*YgrCJXl)_cboc)&<4;59LO3$PTp)*Oy0?O8%YZ z73>1*^a0ab%@Unzh-rB<6OmqH-VUbtuz-`hUZc(9-b=iA+D0Nx?bOS}!Ts-=Z{x5? zHX0npmU&g3f2G-g=NiTrt*GHc&WCQz5q&iv`UqGw$luApgLlpra(oE;K)q zf!FQtJctr|h2a*SCvl!V6N@YDyoyAx{6r4v`7+C+6)llKV}Z|oao>}fLqnFzSafjC zGtJ{}&EWtB*AnjZ|JDtFn=8;Z`FtF;8089a(_vslwYS!u57Mk~MLIS&xD;8YbW?BDbH9YNV5~u;ioA(!|c7!jDbK>Nhjdsni9{3j0FwI zeMxeN7@Py&o$r^vGQDqjc`rOqitudfN^aWS=W_dvExOmbSgVYw#dQxJrSl)_PPd*D+no#-uIN=epk{pA9Mb|m z8+Ru{TDNa5s_XV$WFbMSO?NF<(v^XcqyuO8^fFR*dJaPujU;`}SY*YQ zQpzys;P^A{f5a&K1Qydd>fU`O@H4^Z0Cvz)xyHbDAdvA|S|4YrCpEh>bW~^HH%A=` zdgh$wjQI8oAFloWzVmQV@zA5hw~+?5oy3(Suf^u+hsI|;*VVWm>sH0rJygu{W~@8a zLq1GCR)-B_Q6!Z^|DC5hs4GO%=T|mvk^QrC9_1eBj^h;NdPGZ(MVv2_*JMuZPe0zg3Dt#y{SGC+lm3 z{SYLb5}ZiKv7Zdj;xPXAYtNg;JyT0^#$R_-@WMV5``cWQ6@lDw{dkxp_zT3j(so|E z|MAWLxhC%~w=gQ~tdNX2KB7lT3YIJ?M%FuP4wzzs&Th&v;mGfelyp`_x>j!k?lgZE z!cFWs`MloyJoDhY$>53ll>xD8Z0F7&nny=XKdk4*^?B@?o3<;7&hnS)Uc?{2u8yoN zy%u2sJ=du7Xr%CuE`r}o#OE$Ndn2V?=t`s@0R24$e!yN#P;?QyAQ0!j?}MBKdYel- z6V;&F?o|gp9p(_m*i8z8M(ceHY0A<3C#)93efKk6U^*Kg&z4a(=LDJf*Y{!&V(9MV zLye`_1!H(dS-;*zc?WX#%sFiD7}NaOb;hkf$2kcC!8E%bs!ZQ0bS|b&0q^Y$WY^tN zWB>UeOUcf8v7fMdr)|g`McMn5YfjSgVP?;`|BtWtfNHvHwuj?mK`bDk0wSPP3ssa} zEVKYp1*9WUQF?D7fQ8-z(u)d;NR!?JDuQ&Wp%@SlB81QrYQq2g@X`Ce_q*$3EsaZI zdCJV5nLYcQvvs?asZZq$_`zga{%RNJ&f%OEA_EqteWoHalGn8$+@{ndQMrDM?-L+R zo;OtrjFz4qjl1PVIsDgCnGXR^Rgo#dKCDb``9rTc2nc%PCv?sQEa>xuOuDfQABwyNs zRrgk;HKx>Wj=e1Qyq)(b#dzWlP2{ex)^1nfz9(A=A=9Sv1y&wQIV>q#NoJd`y!D?< zc*FRa_uTaPk1g8&fnIJ%>(LfNsHvCkWk6k6L7Pw4EFiK>#e`>#;SKD!(-C*k7~2T% zd#X@J6=tb@RvY>R*JEpX#MF!TiRGQ|Lj~!7YUoCmxCCD!40^WYt;gF$F26iC%NAUc z&Rj(FUAv{_rcgskKDWI{e&czXfDwYz@=G>i1oc&!Yvr332oR<&AHZQf-yFeNjE+^# zUe+SXRlk)(e&0cu^|Pd&u5yO)2NJC(_iS$8Q^IHEzb1E#0nF-xzXkgw%F)AYeL>{3 zo0-Jr*+t$!T`gUWUg1ble9&(n`o}qD4*L|VY zeXQUigH-#h%pIc!(M83upkn?S3Gpv;e%NFJ?U4_=I~^%~2@=i5VUf7vddF224^rjv zIw}T$<+@@03P$;c>8-UgZ!bi^jzO{*Fm>J8IQQ#>X$ZM z`hA!22MbnrXhs(kvu$&l*)sc1*s3w_>@+W!uD|ax#d0E7a?^wr9tj1+mQpn8E{%%| zPm-=N8iQz}2%-tb?j|7%Kf2=EzTWHuT6-Ei|AjNcumIj}ON8ztTFXkRD3rAGB#J~BL`EzW$7 z*hB}g1=(9U|9Zk+H8a!V8euN^Mb1gK(ez7eJ5yU-BpDY!>aS~m5D5ga{#{&Hl#pT+`kJ8H%P&r{+vwh(Ohy!$fh23Ix!PU*+04A=DW8WtX*PLZJ#PSj zrYv{LY3;m|!?IuHY+Qo6bT1VT7bYG9IUnqk3fOx-IVh~`V?`7utW5<>II3^?7ZMVF z9$aZoIs^BQFB8Z{oAAhC-Eq&(4?vq9U_Ifq=YlZaDiQcg@RC1}6IYxY~lRb++ zSYX^x z5+1;KzRIr`u>ZevAIm*biYZBykMD6#cJBV5g;=*_Ld`H^k;QI@F)-bg^KfA|vr6G? zA831){3U-v*a=eMNS?187k^$(*^=oB+X{TIOKgwR{}sV6LHfd2cN-b9U~KBTb?|uc z6Z+SgZ+^5_3K~5_&Gx3RUSU49h>>^w@NFA>tKG(2zyblirhxAkk}nk>ar;E?^pAx6 z80D)cy|t9;(PNOP45kJkBWbTL+5jnB<8x>le6)xTeqPkCB=u;5D*tL%T$x{7Hj+1; zLAP~WZA%90?)rP-Vem_1qQ{^S!=C5-0eN&`oLf$Ihvj<9%JAI9T=J?KtGV#kHV$B9 z@k?7vz6j6VLXD5z^d8Z!PeD#bv2palH!f}6X>lX6K?+xM>_>3tr=tHfrpiXp+5DupM!99IMmUo!dj|=KX_?t z=!5LA$H%a{m@ljMVX&K%8?*PXRIcWa%vZR+Huoe#LHtCDKDyA+q{mlm!X1`$)gjSs z&3jiKZkU!2231{%RPAl&A=2gkoJKoHG%uM6fH?+eJO6;@3JZw4f8hqX&9nwn-7qDq zG8Q9U9<4a$qD#XVNw^a0rIkCF^v-WMnSkosDlDfFGq=gU=Hp^MqgT5%3c%3Wa4KQTl%BRIBY6=J4gQZ)&kfpTX0=1go$B~Pdzc~Gud7-Gqjuc zv(kSbBcxi>P!!|WK84dd>AU%5p^`^`_<&x(xjm?7cuJV!`0Mm-Q1KAJgM#;7D^s*&S{yRO-B8 zzrc{Ip`5RJyUC?y)sLz|bA@P9;%48{1QEhe1dzY?HwClo0IE1x{3%3-3NK0^+eHg* zJX5paY<&u{Wy^P5i26Oihw*VEG)#M=dF!oy+*Oj#a;3NHeN8529Vywy>~w|woEf`2 zfH_eio7?f;X>$K(0P1b5FIMsTO7F+l6xU}EwecV|zO0oe&wHUx2<}NFj!TKujs3by ze$jW?nx=EO&*ImnP3)2n*h#~(1Kl9ByZINWdZFGUr11S;Ql8FGNZK>kzYXQFy}pL+ z*6c94!(@L}k}SNMx08chO{XujrpMLfH4rVI{5aC~H*7q&_AU`L65n&-soxMQ05Hj^ zcW=&lTB<2Rvs))@(z#|e5gqDg*v=qrsNQMhX#%%QL0_6z5E_BmneZCl3+vI@+_n69 z-^_JZz5L5os!oV$=6^zyz6BmvPo4C5J>+FQsIKrW1K03gZd8Z4oZIkrUQ)3LYcBnJ z3BaqdVmmbjj-{+~0w49uRSlq&t}==hv4aBP|Le87c2UB!ZNV}ecd-^<&mwWLYg0FB zD(KxVOudoERO4GS-DiA)Togn&{$wUv#(z1f3sN962`I6S2vx1oQ%boQ@eRvM2`AL} z{Z61YxXzy5+s_|7SDJZvC~CcLKv~p(4tc|Xto?uzWXCfo6IP(NeOni{y=%^1Z1rV^2+}Db zW7nO!+^FgAmHGFK^c(B!>o=p+2i*%fy(oRIjAG^z{F3)ABJk}Ec?At5IV}=VV|((3 zc(WiFJ}e%{EoGkp_6at@4SewxL_sBKM~J>aQ&oChZ(iDTz`8e__#HChzJ432*qc&- zj#%>@^{oPBz;k4W`6}Z%hO#ebP{TFt$IrLO$nTG-OzQ__9Jo6mYn@PNI&MGeliA@- zZ4}t}urqD>u)7h2RovCQl06F@$0gecRxCx9Udo{f#PZI{)P{A}J_d1dkFF`J^~W}X zC;vhQO(kTi`j96^(WJ217po5G7T0X6T%W{!B#SNIFLc+j_ZUUL!;UI~iwOc^HWD5n z6A(z3!$r5y0$LSjAGi`6mrc)rf06W)PVOMe=84x5)81jtWCpkQ1zf54j|wkI)f7ui zbbFD_4`wfg=y-5`0Ky)TP$wsdfdTQpkwq_$dx8}H`MuN!ZX{HX=jZ!(l%|{BwY~0R zbUS;lFNeSTQIw4S=XB&bvtP*Nk*;!@qb;6i>)wkSQ=+OvtHW)xZtrg)lbL-IPJ#ZC z29`YC8gOpwLQMte8NWrC6&DgEIt$aND+z5z&jQDvo%HqIT~o!U)FM}NC%O)*Jpp%j zfvsc5iYmJ8<(J_1fO}cs?kP)Mk>-xx*xiNBW3Nmrv%^iX$1k6R9L9%N~-&D#IeAbQfCvi{q!o*D{c5bNqzQ;QRFhK_?lH4Lht<`F@bj=P=XC#z$xZ`e}@88=b zTBoGno5Xmf`6_%XD|=O~szVLFxHaD^(GLiw-WTXeUQMY2P=SBg)9I+O71sZ+A2LhHzNOhfdB%Z zl%KgM6!t(8*ZxND(%bR6TzqJ4jY~cHj;#sVu{%!=X|DgXDtHW&9q2FT=Gc~~@SHb5 z8$v{=%HihuizSkDAmM4uei-46$=;1UseJ2sgQ`z4s1E*(?>{8(>;=HK*fsq8& zTzBAJqS<)h6e|Ie0st83VL?2E*Qn@PVhK8Pv1^yG?z>lqZbS4mZ-HI)`VV@gnEL$s znu`X8><~CE64i(oP7CZd=C>uh1gM9ywtineR9CGdaIK$PpYu6CTC6RTFBW z={&jEhucRVT#J3rHe=8!l_MlQJtXV~VOpZx_hP=6f82#`4ns|@4rTRM$Z~N2y#kui z?pG0sHF(Rn#6B54q+_zhwQWE*&z!7vw5a)pq~2n;)!f(@{K&6A%6B_ITmAN1> zQ1)$u?u(v8`CIa_H&e20`~S?Wnf6cV6F|F{Sl+rHkvkB(>yg25v)TiWuP&?=du|Nv z9p5>+bm$Xyf)Ua24?As9_oW_26W;nEcN}}x#hWqpb@d>lbN`&yl;%o6=n23p9cEGU z6{y);`xk579juydAM&3*G_bjrkP&GylqlspU%p;>=W2uXJyP=LVJ*-``C>P$GwKo+ zxmzQM^Pvom4NmkQE6MH+^{3>gl;#*n>T?$q=gN3);6Q5WsEQmGAwMtvlPE?xLkDK| z!m#B(dv0`?1u>)UqpFKIJk5c21MRKkf6>5F()YJ39gYwUcjKuW(|ygG5x>TTbszn7 zNfnyMRaSUi%^Rzc)XFt^xer-h_4dQ`LU|Sm5hF_eg~;ura_xuQEE=-ga(Bqp?#xZ> zml|u3xF4)7N>A*3v+FxsEX5?LVq%c`2Sh^ zD|_CfbEVmoYgP;W`h2{}Y|Vnq&36zdWBGLA1jPKqU|IJgj09#K;CgChP0H}ZnnL8u zlV4~{v}7|g;*yqYq(0)X3Z-xG#odeTI~G_EmEQNfBz(7;sML#C|jnZ#JeY${%5jc9WcXBV;jJ>|r>@nY7y?xi=<|ghyRb`V&F4 z4?(DPf(y~X#*5<4b}0f7O7m}szv0BP*ANZR5ou22pY`XtmhdRl9c?~YvoOIpu&Z!j zm_Nv8w1o4nK|?-Y)wa)KNwCb|+0+rtYd&2P$(4|BXkh-U4<&PSuy#`>xYSGsj=kD! zQ> zD-rDk1WBFEs))x0HnYGNkG{I2 z)~kzk&piC|z`c4m*eRmJxiY;wV?{ z^AYe!xnD3FfT~+WR1(!WrO6|STDd8d_n^cGA87aTn<$TVllS$vIFFhq=^;GU=mBC! zk0$8Zjm<2WZXe|!j)+XsuS9@lS~Sx2{Mdga=hCl?3hK>8TM4%U|0`3|QT6f)HY%8^ zcRmxFB=DcjJdkZz+8H3y&wt(A>{(!%fFk_$&=aOD2mWrF2;E-(-4r1jl?{6IT+dxn zdCY#*IA|R%hbE>0JFB^ums%c(5M@^1s?WY3noyfv z6hCwhY2yEC{nI`imiO_%L3eytLD)$Y!)O0R;y5+I9wh@<8N@wOUAxJpnF9s8V=Xm< zly|5#9JayP2K?>YgGHqZX20rZdJ0J_1ImQ(|~`J6q2|so|JnbhiYm9ZL{Pye%uH?Ipds`LYf`~9Ggr@KEwwA)lpTwbV$Ml~y1~ z%p<+QVYt2wQtypblRk5gALVR#o`=o$ml?0($?Um<4E7!YY%_c_#z*LkDVx_Ht_#b! z^6!+E6gI@@Ur(1^_2AUuYf{rFNPq1Zy3Of(DC%IzFTKLJ_cErC3@<~ z9)%7A5hl5ad*A977$h6K$jMAX|MgZD6hLrTLse#|?O{KA(=vdPbu^DzT-yIAN+4u7 zRz0WL`Vg++4gWaxGuiF}4$BNO&!^2uz%jkGuOAK8wKeaLI`F2#=Jn})WKrlg7l=Qg zlLc3E|K`H4hd|IJ5>-`*%*^&b{_4)1Uad&c&fl?GyZIlP2fvH62GM4X#5I1nAg}Qx zGuoU8I0jr{OKQcbP9oZ%;yZFF7+v_n?M?Q^(87_dVi(Wdu|$o$q*IlG)<1@x-p{7S zhO=eX%Dh-y=-l1}tPrYrJL*W@_Lj^H&&)A#Y8H+%>N!n$sX;9@9cDQytC|{d!crj_ zkg!EUs7P>Y6YOv-AYg@4ze#JSO}AFuAI1oFSNb~UuY>0f6~TRl<{vKk=*C_w zkg9!ao4w#4mPC2sSu6OiNSm}6FKV2{6;R~2dl~l-~h+8A=W91U{+>d0fS~E;e<(inX*`E=p!<2(He-;A- zar(^1ec6!6LBj6Z0+n*BV7=tx^5Yu_WUskR)%NG59%pFLUrkAi2>h+9M2@*ZDN>rN z88&f^4{mbv!nzflllB!jrUTSAU!H+?Q^41udl9(_YbNk;^|B^U-uh;DoN4G>;#rW^ zPGlA2;s`RXG%9*iz%m<8>^RjCK?}^kBFA3^R0Q$HIbY^~&0gziez}aKx0VU2RXDbH zA`42}L@xc!te@?{39GYNC3va+!+Nmx!sq5B=0I(z*>Rn9^7I`p4aC;n@ zuo0B)558Ob^%mmw^w_iG|86>qBhBX@sx=QZt+t?iMsje;+_$PgV%)j4ri+w?`#f32 zzWuo*C_F!4u|T@Sd>06gIOdjj&L13NhwsYrjxA}GUdDH6D%wP`gK$9Y*rp#>=ogU< z>H>B6d*9Kz|8AMn7VMu`vG>MIBN6pr6Zz2pi`zsz{I`8|-TO*&oo27+%?sr!y~Bls ziePPMM%P&wwS{6WY-6`TCh!|7((WYi zkD?y{?I!G;>~FzIH;`#)9D#5y$!kpTacK5YWg|Q%FU5Gm%?+{~Z9d8Qy^P{g|0h>&i4n@)`9u&Mrf>q! zKy=BS=xkS0EKYvzHUwc8j*>$ie+P8k&6i*Sca!)Ydznf1#@5>_t*XJX@ESechY^*} z?+vAqTnrU@N~bvoJ@PS&mJhW)Vs`^2Gv-^@pBFdh<>+hBo@w{-yEmOdrQFNsW}p44 z>4p0F|KBi@79sx+Wdv3><}C56c`D9Bv!Af1bYXe%AI%~dpAgm^)DS|?b>Z;wYt4!` z!A*8RLw(HYx3(_8ngub&_xM3*oBua=-0lS(Vu_*(d8MMPH?-E3sZ`h@tg_A(fvvG{ zoAFW6>y9mRF!~(W=`5pTw}W|>EN7@Nthch?N&RyA2Eq8!TY=nY@oUZLVMk1Qp0O4= z-ZCttjFIhHx<_5j;-oe-fqEJgdr^ezMlZo_i?9hGqSj7;t|f2exgW6!X{@y8J_A*m z$zkw~Kvm^>_UYa#Uq_41NW;hV9#acghpw$3Qs4?gWLjim#bN2 zws0}zBO(=l_K6+KKI?J5C zI+#FKBY*RG{Dx_la*(7R#01y?DgD?H&J2snpMrXm$KQ;M-YubM$o^K5Rq*_871`NO zgzKB7e|nd$;CkTyt9P07b0N_U1q3zpkOU2e{#mnd174JPb;MQVC@;!kO$PFAkql>% zJ;jyCV^)Mv%vu8)&3j>Y98LWQ;uNio))BY+nWlw>(R>R22E>D3n*I6`94PpL`ht5! ztmXG{CNw_*90{`%kPvB30Rv+jXqvjivUIHEx#u6_& zV*qzJ{KkBuX2CyrFHAK`Hl_a9v$#04=)>6T@w}@OBn9=Fprx%}-(pcN!y}6aslHPc zX|MXL9(YWzNnC9X`u<`zK`L}Mi?&D|&1=LdU%plLTz~A|Rp{XYZ7vX+`A&gTt3dn; ze&>hI3cwn*QL4RLC+2)Vvxo^k2Sb6un$OdA3Xx)wav9$l9h2OUwLkUG&`PwS7uX?W@;MQe4-g@|M zYgdTj=Kwjxi@!tNj)Rj4o!iOQG*^4%I^;R6OCrs3%yftH29QDJJNoOIE*Utt3$eOC4Jk; zn|s|VoN0!UvtBnN-CchRlyoWPqSM0Z)eHK$H>DpH6#tEnFAx85rxQmY#J9W? zA-Wj97I;FfzSSM)81%0Je41c|CeoOFFCtV8=_?p7n+5_b}2SC1r@9Zqz z(n>RT)%@mVYk?t5nfOTTzT(f6_OW;V9))u@=u8Ie-^fevX!mJ4vkDBM_>))z6$?pJ z%^`^@CAG#iSQu~_cWYEz)~~4(gphI2}pXXHed{%JF<6pn2O1H{sJ6;Uh#4@zyQZ|L(d7S+bc&s zElifUO^ar3R6j4bf!&81f7zH}3&|O*VfVW=)1Md{WYVFxM z4N`&HG5$zS8`@1ruWq^}a`|!IXz8|tEpgO&98OmP-E0IA%==jm{hzE~5Okdg?C=Xh zO@`=9BwAe6=B!e#G~6QI&HVx!MA(Q3IVJtZi;KU*7pk=`3dKPc|#U^{@8#SXk%)t8+eX)u=Yk$};!k5U6qd}p6aCkptQAVwEuegUW!}I4hgshD{O@+`$=zY`09Ib0 z{Wxys8Ujtg`1yXwKSbz;{`5}OI$2zEqv~>{>?r8Mb9M6a|BcV_tW$#b4sgJkOBVg| zktjgfMO6%T-N6tFOfuLR{iplGF5XyQ|4Eq-Hqonn+RT)YKT{QVL44-qY@?sU6=Sn` z^HH=uTR9E!jDj)f<@381O%Z3(Njvbd&XXR5i}6iSaE9;^)YAzkGgHh@r#x=*HY0pbA~|s>6qJbgxI7OYZM1`=bSL zp@ICyAiab&b%)#-fI_5=yY@Nc9~lxA44c-h|r7rfjdOhlQg{FqUhNRA?`a+_Q1 ze+4|^rXs*E-urv)UUo>J-`#UghJ9ER4pmREh(J$uA56BMvJN6BdpBl{EFun3$d-1? zd?11W&wu_P;&F^yVs=f8`Zn5}P_w{!voQQbPi%c1rCMU#zcr=nngR~Dd#6xU(pRKb zFK_`XH&X3z+ke7HVbyR@CGNOrZOKqt1fJPp6gMt@7nk=|zwAI{fkQX@883UyPZvj? z0Fk%*1-+|{nAg&}n>%x=J#uspueXqtp@n`9(j%BA*PoDqK!air1S_#Z0$I(cAp4%& zxbS2_a}xgf2VQ8jh=^z6&}RT`D+|*Lpr;eQbYqhM^mRV8bFZI6`rLEUC5dk!CE3Wu z<+ph8=9JTXS)?faoi`EnKz6;2n#FP2-zF|BMJ*a{6zJvQ8-N03-pbXGy=|Tn%IJ$r=)j}<(+b%m&JE6w36qOZzHaWAkRj+V<=_KtGjS$71^Keoy_cUNp_DNe72m)TfPW&vn(Xo&FF&}4X__%a3C+Zs-=FE@Vg3tMwiwA$9tg?8DC zv$9zC$9JH4#TS45LpXh4MF_wx?f@Kz{fjOJgs=oJtX$@rBdRey#nkaw&(~Y>1QI+7Q|WO>tzt1oQ{k^`r<< z;n=lJ#(0cbFO9l3Ga~zcN$FS|X?YEnPz^(*vAWFTM~Y<7@^vq5?rEb7ezfn7Vb(rA z!DeZ1jy9mD-h*&~=RDr;fb z-5$^f)3uw=D!pW)nHMU4V8Hi>(_4GM;?UK}^E2cMdF+zMe6b%tjZ5=onB8lUFS+0y zWPgxmM%I+9`P$clf8`iqq7n1+FR}EUsLFeGY=xedFrn{uZKp&vS0Sw zo=s>RZcaJ`_k%LY#N+|6*hgpq8pA-8B2Ny$7k(bTRl za$Fp(!2lf$GY@xY2vDF^?%H=(a8mF^X~uGne(u>q@2C@Q%8n+LubeJq((h=zs3`DW zuIegKyQ>p^3~b#K;8jVDdxR*a;oxv(hI$M;A^@`Lq!XstdXwHtWuv#oy#?p(pyH?z z-npl}=DpL{h;M#GHsIb1>8gd=G}`NF*m%q?&#J+nq?hP$`1w8Td<^Is z!K{MPS7M$^VaLs)nZqJb_a9D|Rdy5^UtNOEBc(4lPUuTnP?08=QoaWcgg={GpK{prA|R@O1F;{m?yC8%M* zDr)fkp&vnYps4#{vOf1~Kk+yB_>`9D2OsAH2Q^@Pj0lZq+5Eh>Ss&zrwjt8uunAN= zIia2ILNkSF4@QVesBT%&sx<(9k2C(IP}@n6u-*fm${mNtl-~PIXO_D^2ruHP4)!g# zqOI#pi$RIB;sZiZQehTPUfOJB1`>xh`MBFrz%t^)XTe2x{>28ALS&`_6o&G=_E;boOV zx3uteJEIaF1>>1QYmxW;z%i0HIX)5xffDDj!;3fp50t%iVHP+dk}1bsEqS4CVH-n5 zOvNdECg2Tt^D_l%8(GyrYrc(KPw-&Dx9&MKHbMMtVajvA>X-kSS=yfVzLXFAzfyonrCCZ8k0; z!8uZrRAhJLaDtfA{0k6ctGxZDpYk3*)p=vp&|zc}<&GVjqORi)x|b(N?b`7#oHZmr zzY_S=0qLSXfwbR_KKcbP@Asf0O*7_knGaoPSk!*F zs6OaX$POj^iFcGPg$H8k9~_|=_LBrT1nQ`9M47N4Y+O`9YPaeAXdduQ&MmRX=Eq%| z18!C{FpcY=APzVW9iHD~e}Y1x0^PEAPYj%@Z1gZCn?C5np1bnzqxsETKls9efNx=< z+%R-~@^GNc!?C-VX)wCo7q$SWPhXVx%&D^>j^hWF*keaFpBh{3=ilhAWrQ{FJ#nj*Lf;nS}&8y5&jDHPf!E%$>8xF35J@ZmM*coK44u05Is|1Y0f2kARx=iEWmQVftS#JL zKW`5SuC9kVRsDt!@eJ<}(ueG}79lp6T)V=ZZ(WWQho)d+85pvOv&_~Z~f#s zLS{aW?~ZI4NICzV4#tuL4Y2i3NaWws`oW%wH2doG9?ue3{RhZa&VB;q14scw7;nY>mTTdia6G1YfTOLb%KP-_1m?N-ti|d$aECe z$}VjnyVxUr%I}*b+;2a{Y-cxo*X<)ZiSg`V0UkbqCkJ~Nb+vAWooCWLJrsAJDFMxU zV4mk6M&k>#EQ9$U#l@SeBn}9bggt1TbAPxXw;e2?@?hc7%$S&1rLTN<96!C7>)3Xj za&&Xey6++qAG7SE*d(KAlr|WS<>sPpehjuzX(li*C=6BS4e9bL7F8Nh`&;9t!n;kz zTuDmIcQO=^2_h!~26cGg#_E?I3tpOZ4=8@o&viQwuBFSfzzqvP-wC6LJ*3N*^7q)C zJIX)c5wTHyYh>^^!*a#(%co5*0(yd8CHhn1jZ32z-`L~EgD+{HZ>^qMof(YW2|6;AsF`tAq4v?l zy>2FRx9@d7vl4~!cKS+=UMjsbR>l$F%wtOPh!u?aLS{_;)L}r=ompQFsj6&c^-sWW zrd^=}BaH7p3b9;eWwPB`(IHy#vL3e->#nqy$nkauA{a|5D_?ygJm(zQuq)kB>sXQI%`jDT2fw?RC+ue#mSX_y}8il+S_b+$Gg>QFzq7~(%0J=!L{F;&*$y60BQa$TcG_A_hePLkQDK}a$T~-RSQ8z7D@6JJBQlLH- zlN#P zFf8Dn@3}T;wf&UpG%pW-u=Rd|uF+XJYHdIMP?od1Y<3HLbP&mLIiG z!TW6zv0U1pzd-jbhDS+p>#wZ?Z@O+Qxe zI~tuT@g7eeLvEW52;2Ki<_1vXTkDtK;N|ib$fSv#hU09u4Ib;Lo2OvPz?Qx_Kc9zb z%b!QKp8y#{#539M-78#vwV@3Aoh^@Ur=X(%MH1h52*P7y%?x}v_vCwYi#Z#EzwV00 zh4jdIro0{}%1g6y|3;&h@>$o8RN1x4+K`YU z1xzmaE0tQcpyFv@A%Zk0Sy_8CtHgbH*pu#96IQ}e%5HmGCV{R2Ri9y_)1>0JwInLh zy1((>a{`RLT^Vvx@PBFo9}vM%uX2sCFs!oG`ROX|=qT3Jmob6Rd)qY*Tmu6W4cA5U+>khkRcN`@6XHK%nDg65#FxR(x2a= zw!@fFi*M&*IsK{gMy+jq32)nHu=K+X)gCCK=fd`~Ua+LMi=%J#MmOK&C#;R1(cL0iF~%(7L)qWLRG2Q$D8LWMq^ecc(WNm?_^d^tjOVJa3D5 zwjve9I-NSr+LBn5U8H`M-?t2%=L8xe2g})&DH7d!J;$4Ua}r9NzWG_IX}%paH?nZM=kXAW}1~Py{qwkX%KE`;lKLh z*7iC*lHzLJsbP?Txmy3THHLzWmNTzg1^SSY?|v&k$2L}6GY9%iSfwq;>l`ieeIDH= za$*$>!b7UOW+Hy-^QR}(-S7Fd#zqkD_gjy-y&#++Bjeo;*>}(o3nxP{z@AYsEnkn$ zk&(&@hs!}*XJFD1PVC^|+3%p!3n96&Y6f07EW|dIMJF<(v{Yalz6Tm9KW5HD27NOF z-=fmQ&fshnif{}IVZLu9u05&oi1sGAxy%LZhhtg^kD2%2?5)A+ag-fm+13+h$PV9J zPBRjVdyyk}d)J4gW$U>xwt7dF%B&^BP1%fN#+o%y7fc-T{H#aGSyrp~u9W2b(Qyme zo%`2!YjZNt)Hc=}x`t*7TuIT_9SlCR!0*H0R|6l|NB|f;;>2&5Kh6ZavFx2}cTs3a zroB~@!b2l+b4eEnMOV9SgROySRLOStg>0;cc)>#vl}b%Yz`{(y*rjfgV;=_tmwf#A zjD>&Kn->T5a*la-fwj`znUGsI#Lh2rlIFkE*Dt@o4~%2{@CgN92#)nx(m(m>mt9*r z)#aUfHec|t;vA>5YCW0#-SGA0oWv1(Hks==03k%weg{fa6EGr}piuX!wMtXu?TB|E z$1qC3S?t;Pq3UD+Z~?T5c6OB5@c8Wkd=I)BdBcq$-SLJ$De(x-#@7-{jK8V+! zL-~C$Xxcwo$y_O0{HDsgy~1iN8}7VPmfMQ4Dc@+SIqp8Sq@X~ESbLGvKaQaiD!&`l zdxQ`P!71Z?Ocve?D;Y-hamwUysZU#S$S_0HZm@pp(7us0u$X+bzfGYA8mm1|_o{z% zNa8ioNim~@dQ3hf*ok!3gO2zxUFu#1$o4km*G1=f6<{U4^Q!3UkdW0CMI&_&Bb~I30&NKNZCt&Cu1C1$K9fE!%@m9hGNfD2fj0R%xQr%J){Ofsk%Z zC+piaPt7#Fl3PKj@`wPj%Z6b&qjsTS%s;~Zmr9C+w+qf#d^nQ0JsoNay^uu3)i=p%qvhlZ5 zM-s-_0t)s2Cu@bZ#sAG(E&h+JwIk!#szv}C*Q7n0fk2fmxU=A!Ux`31FBfK{DTIfM zT9rKoHskopKhOm^OtYQzgKX6*2XCpGddl%KZK7sKJ$n3cE`w zBdV9lzyz$6eb)5+!hMia55l$HZ=3!wGpRVW>q+=!wHXp(;z<-5^TW#xNcimrgIA5^ z&387<)(sk}9=k5%0L*ITah!;j>vWkUzp|rz<8@}=_u4U0QlGu^6Rqqd~JyU^5xIuZ-dfu_ZOR-DB2Vy22>tr zKINmmr$OaB=Wyjhf39BCmYi3MXho5~%gIq}u*>KI?u*PqUFB9_iv;KCj|x5G77}3! z&TT#T11|%?5R%UQ9>VjzA<)G=7`A6ve)F&;-uX1BOGV8gIfv!CVnm}7tl!U zDw&@H7OXN`7E|B%nZ%8d7z=!S~rXoRl5y?t9KLsZU4x|(V+&D@o2w!ZDM6Mx13 z0Jy{ggge2TQ0yZ##+X6r>F`!c9W`-9*5YpS4FCi^gydfUxnSR3j4?7?R!dvIuDD|Z z%ot%0%vfE~_x^-?syq{ep<>gt&O$0YBDZWv!F%gRP#?HV8}IH@=9ev3Zk+Ekzic&t zh&JpCxhws^B~8lS_{!b>$x!N(jadxpOV?aac>j3y+Rur~qFuN9qgdv(wWeB4IVs8} zZ+KKnrO$TMWKCphSdpD?9r*`l|6*i}aue?=et^OuS7y5|nzcE_PihLQc8!b6xqaIK zS5aT(ydCwrfyLRDzVXpXIQn#K*x4lu=t|Ln;u|y zuP1_J=6gt$%o#@uP{W}G+R5>rmw?sr*g+2|S=Lb&F9@51y1{-~`fA~TM9EPsIHdcA zKZi6)3JKAY_nIdXx>KaMH;Jy92FdYnTYT$yxVlnh_%}0M@pratNh;$FC>7B=bz`YK z%XsU|WQ^T1{FeMse}w{#~?*&Eq2)%eP zT<@LX&&Opx{v*VjVR@Wuap#JA#7H;%Y5|`dJa)r#A1wZ-}`O>vruv52#|vRn7@8r-*RbZoG1n3Ye3sVtz-7-OvUjOL{2Xa3EpYNZMVk#NFQ? z*TB7d@4zUwNOl#t#ACf+3WqGl(_(oF;NFva;-JhRfPCBr7xWoZB>|s|OO(xWq1IJr zZTU6K{robUrp61+ewVbd`TkVE1i+(T+Ix6(bPtbU8R!SYpjK#A%Ib;=NsMRy|5T$0lGo#6|CP0m$8$*i z9^Fg@iBsD$9;byHmT3mCnO?ptK_Cl1N>AIfh^wjJm;u14rH1xepglTw=$s7Ap-KO- z)$642RB>hohSEzfHm2h=HHsujKi$TDZu#Gl-~F0ZZl=<-&`|6K_ZjI(&Z1(pa_>yK zAJtM7P6IjR$54JA$C2v1s=1FUHWpsKdOaPZi~HUFRHv|Xp@1RLs$q_+?nF2(&QiS2GH5^!1sKRK{qC~ukI)@ zINOJED*!|F7k1`wItJF@s&MnU`^<&W(Qr7UVcOnIHQ`z*;)0v$CX4Uml>o=RCz8|mlZTIEeRxk7; z^S&4>D}E3d~KGv)@ERWMSn_R>eIDefPB$(f(q1q24dJLEg40cv813w-e zVhs|crvSDt5oE!@mwr3A#L%uZExYcb^c*4?RwAWn1-+JA|KSTW(V3JST*MJi|OQF4(X>lsJ`Y129k zuu)%9k9#=*7C68?)H9)n@EVvb;QS@rXAjnE#$_vrllM#&g zdYSeTz>Mryz6aT)c>dj`9?1`p6bo*v-A9F5|2vbCT;AGve_H9-sSNrDp6(wOz_DV? z>O0oQigmMPZ`?B-zYmUc`tSa#`TRPzQouMVO~O+Xr?6jZew5R3cfx*vUT#g5*vu{y zo+oZ6Ft(8;^M3qpEj4MmHRI#QjqgD%ikGghUqJH|@V+QJeQH@6wv&^6`mynCA2gRU zh_L^O4G$$mCWAt}MnUpdc(MpE|3@q$LayC5-3iN`rscX$6ODnwUADPn!CNC)1e<93{^+HB(m|lhqpY}x!jKj3hkg67M@u=T zvh=VqEDFp@Ld))T5BNcVXe{1aOK}IK*dNKH^4J>0|AYtJBWI6AL?Z&{Kat3!#zLIC z!g|UZ^d?Up}%1UUaw6WTm_?T z(X9x*M-mW4GGTDm30?IQZZ9bZ=Ac$~@5|EyhUK0>to@dTqNz?U5s53CLs+lxK~rT8 zluA1I`06d^Pcfe*QBvdIF5{WgEjFiY1jXlZCIT7qg1J1ThE5Bw`}X$Mq@|3VX^@X1 zKQ`BIhwYNSrPS=(3I`(f1iDfp#WuRI62<<@R0*A}l>OQr_DBL71$d9HxVIT{-NBU zI@r~ll(megv%+0|tJGAw6_<=JNF{%oWy>*5=|{tvPy%P-cQ9~RXFZ7jOXpnZC$r?d4< zF4#S)_E}FGo2o|Z7MUK`=m`9t(%%x6?tkt5$oS4|z0*B(!B*|*w*VKW9^1mJ9y3VhYC@2zH^C1;LgGO==n?W)ixV{cA(u&MnC&W` zc|6Ow%25$n2t4``3}fj5?wC*kDYp4j~0onNm@a$^PY3pzdWpbzu+w!fEHLXL%1-~vqTgb$lC zF7a3nc)U{HQ()V<`lTUPkHI-L@dU#hQwh+!pK%V&7tKflZtpZg_2vk~I}4OeL;KVH z+ut%AtArSZf)yT`P5^lSlBgVTxP@l7maN!-v*Kq~bVW?^B+UUufa2Mkwm5wW&(6 z%s=@RxGMN>-!mAdpUDrH>L^bS`~{R>Iwsi+IkUY5d_4~X%bwT$wI8D7NojqT8HKKC z6_xM49X&Jr+!-doZxy|Z?|p-?WW@CTw_;UDli}1pSA$-B;KD!R)e&Q`;3Q?K_T%+w zN|Bh6I9i`c`v6TwMUX1ON7iE}`LZHNA*2pSegx2#fJb)A68nf4lt&^R)9qFoiH<_R7f^Bfo zX=YJJo>eeciw8am^Tf`iSP8LP6b?7~?XUWt${2NRBZkD6ER)n&2z;}X*IPL<8pYR@pN(FhmG_ODBTcTChP5jqG@jtv9d?xG(sYDz9BHeGN9T`(UPDj%+sLjo)!8u=b`;<6COfX#hEeAaCp2q0lRzE10P+|`@v6@~84p@4nn{Z1a z87cBAUiiF_-WaEWah$nK+uADHs-n8MdT&vUf5AM!Q_((AZvpK+8k?OQi~Y?y^M!4M zP`Bir@z4L-OUHlhrJg3k<^Q&q6sMB~BnN4u}FqggK zkf>UdCGxT(QPs{|(fD9r=(PgS4N)E+O``ewmT9Ckpz=<$TNGAGUnjqs+Vq#hdtav>h~9{|Qk(j`!qaJC=}#GZ)-5_6O5rkWOMWKU z(zP!0;{XYFsUN7vBWPM-9D{$SB?YRbC&Qs4069~+vnmsWSE0gC&}xEtqP$tx9tM)< zGyq&detP)z&%cuU6;|QH=|-uI{ls6sI6YnGc!Q@LZVkyw$%X87t7+(EM28L9GE ze(BO+1{JLqOJCQo?fkq~xwMtcNH_`4tMT~7)Uu$mlk)8IEr2TpYhO}BES z%Z$bCsL45h4d&Z00OWAS0bm1CC(8w)n}Us2g^*IhZ~tm}D6>cdZnNA}ky@+Hr~=_c z1unJ?@3-|qy&M^z|o<(+10Mo#4KVZDd_>*sb&cPQ?;{VOPOgpCCn zZN534-W#$DHlbz(a3X*J&Z~Liva>^u7Aa=#3x)j(5dZkD=mQos@)ZacUFx~l{p@%+ z1xa(JeQ1}$DA~96OJ$0*u~ID&4m{@F=8!qyNz*~`oeq%CLtJn*m$9vM$=OrDtf;RX z`cC?|j=w%nm#(Qjj_cXhof5WU?qFhLlVaR#^FiY^MhSi@ogLGCCR z&}jQVOZx!Erc_J5FL*68g+z4+qP&^N^Q?@XGIzI8Za+?>T|6q2I`X=!?%Cjq{bN3!E49k=T zj8>OBsC@LjUOE2!SxdHz{8%hKNDL*(mjKsZ z^p}JC`a2Rl>$Y7jjNB|{uJv2Cw;`X2+3ojOZ_=ZhjZWZdW8Vf{={ zLB&5n`CdK2a~X0%0)VV#f|D8i(P4@@c%p$Bdzo-8EHIGld@exl*tEhD7_&xGg)kr*IBkU(@uj)2X`lmzffn)D< zu0SNs^h7y05*bUO8K=ls)+A z=j|F-t81tW^2W-6wcBqmZ_4P5je+)|&UAo1UI^wpqR}KjPfKn%sCT7rjl$s-_lo*d z-u&RZ8wha;*L5N;)${Dp(TJZFMd(BbMhk{tdXxBPnMUgT0XHay=tbd4#~O$E;GB0%CLf>VqU9kpK|5s&SaMar`TiGEDS6iTPTl#F zTv2LOl#v;NoZE@-N6KCZhD(ZD87jC;w%z7`i^a-`7VTNr#AS#{h`1vXKG=qZ2Gi?UbR2o(;3ziguu*o09{sa$HgV~%WT)CGl*1* z7yvznYa3TR>;WCA9#%S;`dL=iM$#2&!t628xdKwB-O3t^c+hTsH-`)@q?!X>gys6~)SxXdib&&tuO|c`z#E${xb_0Kospy5DF*j2;Ptzf zX_DSjKw1@Q3yndTyRpiF#ISX;T_)Q88M*cSi8jo*0aAaA zgs>gsUCFxDV(Q|PK`E;o>-W#Ygc^a?f*LWZRlDrd-150mo@1+~sBI4>uMFFRgh2qJ z=jM{c2P2${owL*A9j}|qp)EbXtvI%fIrhZMg!d^(89Vn?NLH`)jW+}bu164Fvw>UE zIDoo7R=0LF1P=Tyg6C(}wgPhK zqtHnR-01&hR9~*9#ZLwScHIo*TP{tFs~tXnQ(>@>C}|!b9xZWdO=X~&MXK7_eBmz0 zbf}9=ThPMua96I;gLE$3ffiUZHQgkh@lOK*T2j<;i1Bg~%tfj;n*W^kBbilUIPB07!P_m)CreFs0FdF zDM*w8d20r{aUE#bdtd-T-vNxujlm9rHpHX3Uf72`{Ru9c#QDd8Zd{ilL&H^%f&R$< zsSMyYF8ybxp3y|r0c^$quvtl9N598URkEVC{C$CanxzB9e~>04+0Mieh4LNh*F0VkI;>jCCbTiEvA<6RrcfT0j04j4yPP&1Oz|1cw+)gRvZxf8h-lw}3R zQHIQR5LlA%({~qrGJ2Q@C$x1?=EvbyW@Y!v0Hc%_krEJ1agM<%r4J2j&n?jC& zycXZMW1-_^eeodS72q^7-a@^jiZO9~e{R-!3&(+Lt(}8P!kr|~%z^OMrFj6NDM7*_ ziRci$-N6dFXsRA5NX64YU!`(C`_6DS_5uai~OdHKzh$BgO4>w?lIC92kIo z=o};?KtUV8$*n?BTMIzupTH2VV2FqNG9Q50`V1$g{!kwQ^QnltIM+YE~_mDv3AH?z9 zy;bKu&I3C5g>Fx6t^0DZ zRG(1?F;)lK>}aC23TY`0t%{&3cpnB`uFl!I9HfI%&U$nWdB?=Z7ntb%I&Z~SaeRqa zfy1ED0<_bWa??sSX6>L&9R$|5-IO^Qn%3H;OZ zX!huLs;g0-hDM5lpH{jm_e&AAp9Bkl&8x!tSw2kYY$2P@KWvqEdtCIfHio2b8WqR)LA#XY2pib5;rV&t91HUSQ6TO^RR3On2dP1U#`>|G`b1Dkq#3^JBEyj)W(bPl-`#@WCG7Dz6qsj zPpRnRk7};CW5*N-aAEMAdVKy+Up?UwLS2^82#S6xRdaF zd1&!c2s%JhU?f1Q1;U(V-3PSjZ3fgMcRo{~@lXRL_?v)T*qV@e*h?YcZWX`3)ibY< zN4SbYS$x5ORX z-?LWT%ZcQ-=UPL6)XITo3?#(ynL>A@VF7pS1$Qi_-Z2zo&YI}-Z!ZA&b7Lsg(sX}= zYM=rwWlA^kAI@Vr8dFCLG$Nr?4wnZcuJ~xS>--}Ujk=N<0bc|yl8agwRbQ7EKVVhSbFK z3AMdG1il;yE=qy?QikY7A1<{z??2p-t_^>VZlqfivgZf5TJZ&SzJcb3bx}?Q=e(Ys zs0Y(s2lwTI?yLUs5lPAiOt%P{ZiO)q<8FohSB~ew0Au~R>FNpM!yh{Tv~?{!8~ps+ zmTNVj+2*GZZ#WB}#bSO?eZy5c$i$)!omP?o?fks^Fr>>9L^2B2PZyTJ0l(H#@c9f? z(LDAQjiobYavZd0xV?~i2-rJi;Cw*; zuwJu15~$cX9M10qZ?OCTW29y{+FI?4S07+}58n7kw08x${xGH?1on zy|<2{N-db30W}p zI|A5CLqj}z(Z>`l>Fy0k&CgK{%NF_<)8XUDBpq_K?yxCnV*hg-d=0`5G+a;OQVkL2 zjEYdn|88%!aL$}K6~EL{eFqt7esI^PQ$Z8jAVI_PKn21S|Lir1B)_=48D3poZSx=&#W*uNYjzCo zkNS+oegu;&(ZnyTudWWu1Cy(8c z(gz8@JWk8!vIF$Q4XG#2c3D?I9RdXvMR56gu4ATD)x{*wfrlTjtgfy$hL)0+up6(i z#>e4R1|b2us3A`Hy4vPm?!xRW+tKdlU}`3C4`0+dg|QnC;p8^(|G}ocn_seWa~FQX z$&XKicUofoLaeN;yi;Ni90BBlmPRg4I*|eg|D;U~cyXdHQIrQ&h?vcP8LuBLEXqC6hVfoxw|c zESBqNfiV@Z@{*X%)6+NIBHsdU2HVry2m@IOSw+8fYgv&W?ZfL=815D`ZjxcL8qyKf zC@$1y9R+ZVR-=}W7DO7;Tsg(lf8xk5MI09D3E*|S%tjc1ynsL)q$L^2KsunQo9&XOYf35$UI-X2589Yein1UGwj@s_x+=FP4T zXEKh(MP57jO;b?)VxOQ=jatV!*Cz@N4pS-pWmRdhO{#u&9SZ52c0O|IK2}pM;IwwU z;77u}8&T17AEF5}vgm4U*8Ha5TXWjO!ILjF78IPa$>oAYE_a$kT0Rwt#mufg5!AWf zNirQXh510&9tnA<8~@J#82k{X5QBVfe8AmyxDOF@ z9@;5LS$am#p6v@eYga0v^Ha)>puv@+8!xCcWBY`Z)Z%UtfA)4WnA5i_*654^i%Z}y z8f|XQI`J~-5$4K*H$}VRh;KtX*WON#+lBgwrKfa8uViCC!1i8wZLkpE_z%V0>>U>~ z9&cj*{F)hzeBGC;pcRZNsMCGwydA&GliBzm>`zGXg3%HpdC+|=CXrtSb&|m8JU`;X zfV{VuyY$uciOMFJn^=WpH0Tpy*wC=1m{%XM)U@$bIhxIviWZg*)cq{`4t${$~&!v=Jd82z~s32y)!|rtM7u-RoytnOADF#~#600M;D2_TvtO^FiKyui#<#(f|h~7}~V1C7wpWC+n89$wh@)d2h zX2Cq-pImc^$mcG~-{QKlYC7EIkDEJR7D6cy=hWl=0%q5KxIdRp-=fNMctU05nV`<6 z-W;Kv;Qws3l9X=zk6^LT@D$q;+J&~{5I*=b93ykDYWeRGL7n<+XPhOY>t`E*q*OM7 z&_^|er@;s1J*eAz&;voS_8Kb}Ton?5Bv6@xgLK>b6&sMmOtlCHFU1)}N}Sl*qwD?6 z>m>VX=QP3wNt7qHNUNSaVh#)9FFm$#axt|svD&eU0Mj+&EkBRwxR>H}YSAouN+pIQ zNy)hz6a-LkiwQ*>H=pWBAtXWJmYtDj;&k}pe*17-v>l2w(6 z#F~h}wegN$t8dqq2#oD%;?r2B9TbSalMj&>xHhkBKim{A_i?i$9Y@vE~3-71bdnPnTD(9!vAyM0jLZuKhs3H6 zn|E~(%uYnFcV4qY8(yg?iKPo^=~!3*=T_%gdaVvua?2l+e@D(&>R%u?MWaK`B6@xE z*6KqEblQuv1P@wwSWO5YVKUf4Zfz}r-he!fEd?6I3X6X*tI7dK7Of`#c`c*IN!xl^ zqVTlNu?3DHdwpOnwM5h!?Qc9)aRu7KNe>&sXX9m#rU1+DUNpJ+AJ@VF4Apzo_E1ba z_lOq0DmrfkF3z&R52tA1C7E;3OpB7ZC62IIm!K<@JE%$_L{6f;S*}aD>p)3pA!6(} zk+&euJ9G42&}VSOPa9v(;iSy&cdKJL<{5o=dkoFUE3fukOpT-WDFg@Y0?jU6Ur~do zh@2|T44e!nN(zkSq)ffZ9~t9_O$XHt+NpwNC*Q-Y!Ks<+zJiOYM5HNi8cP7}F0U~s zTn82O*4iyBeot{nq_C1-z(#b@0QZd}Z2eSVY}GsREC8d2iEY@#bH;0V4^%9U!p%ZE z={j8$eXfj;d&9|+IIFK7(paA_2lP7>d``ykC&On2%8(p zPJ8f0SK>8segAvoFyasFhPCaSQc}ktU1j{X+Cz~R*Rk&;`K8fkO3k~yM;3Nj7vq#a=ZDQIEPSG7yuIW#MleLJtzft{1D0B&0_#RW~hG=b5aadKW-%UP%GnMgXd^ z;$c<$r}I@i6<=crW+rr%oEr;Rs>kWO$Wyg zza}$R(Nm?&x54sdeARI6fa<|*FWY;8-v=sSRTXRQXFa2W^^(d;3J{l}`&#&(f{UiWzI@8GfDG z_wb3W%=%?t+TVB3jHE4-ms6Z}>Ew&rR~-iEH?E-CIF6Kf9$iF-(z~Qoi1mM6y2HtC z?sY}qobsF_Rxj|<(NW`ZbhEH{=g+4&2gTBP6I}Xl-a%38SZsZ>Wt0A{*&HC=>R57G ze_~^5F8hp!mMPN9I~1Q$YAvcDnRj?{iPSn$v{#F^w+AD)tp^T)~~iq zRtT-S2m-cD%He(r=2tmbxL{FxTvZ9AnrBWxPQG;D#7Ot$@9Jlv5GWnB4yoahviHCD zC~G0aY9Eeptk>kyJ2?4FLCaXGDGm7TH}=mYt3jm{;v^@WRev)YJ18(l!96oesS#P^ zI;mJzeU~mU`_!%-5ntxwEdq{ck>MWwyg8ytm-egyfl?7qzm%#k&bVQWQWiyo7}`X? z(ub{`1t&jXoeUB=ca+3`Hjm9#CLg%3hf+RltQ&}Qy=#AX<0eY^JR-!T_T`8Unc^ac zW{2}fV+~h-@?eaf8&eu^t(Z7Z zF7Mj;V7zomZq-H7wIOmy!@S03v;Pgx8cvFKR^=1%EzyzsNu@3&w!W`EZ8n7%{cm`d z@huW9gyirB*~a2yn8JtZCArA@4foXJ7L|=AYM>ZJ1J8( zBJ2ix+52x*5E`p*Q#uPmv_-7A{8}sagYUHeDD623`D*%7?lW7b!{1^?#q+}gG3jld z`bYfqBAX=7mEOrRu7anWeBm`;)DHKx9rJ7}$mPK}oe2s4_Nci1j=r@TgFIrYk{^~U zkbHR;iJMcHn)|1$bNC@*Or2TS6KQ^^jl*&;IP6AW)=nZR*z9*K;!O{>GU{2g>*ua- zw{Y2^0xiN{M^n8g3}y>okFY(rFP+LVqLS*^~I~!D{-CmDy$H4vX(Avku2o0z)|6 z6uXZE8s%w?=v}yp1DO246OzSkfRlk%S=csPiUS~f41(sX74L;|hK>6rfQ;Xroj)o{iuo*mBdehCg29E$qfcl(Um^69Z9=xx-DiY|C>g%LS>O zqe*tp)|uC--2_MJow5K|P(p{caNlh`6f>c~=m+nAzGBg`i?}~2L#iC@G(5@uoAdFm z{a64E!sf){r;`W?MbhBAQ~x)19CVPdr;~PD+#Ovj>;J5)LUf^M zmp(6NIzK1417V}Kl$ATmTzPNHsm5bB0kii_VejZk?gwf`#Ocmh?5p$yu~4gtlnOVL zvdtt6p3mbBgbB{^O!5e{O?aPU?n`#NbM1Iux|#cD{#)lmcVd`(xlRBV_|EWfznJyD ztd<+&s(68{t{_kH%GdF zA4Em@DRLl2a*CHCNlf>Q;WG}iY;hbTzhgCsioKa?+EOs%ivm_!^M+@A??j=4j`l3!^X{$ zc)b_tw@^O>#*~TC3KaPiQs)PaP!-RYWy%P-qUE6Ach0zwK%ojQo9x~kV}@;5KcVJ3 zkeGPSX-c@& z{}VL?+iTn6cFq!i{1hV;aUVae6JMTv1y`N_H+}EGfGqg*F?a=CY=;6kJ|esvL#uRG zg|_V0RYgLu3y8p>J6`%H7?WUYhnQa~Gi>OLuO}lt{f>Pzl^0fambou?VX@Cvls|9pGtpRbms0%4%jeXh2{91v!R;QB z%_DU4-JhMr_1)^E?cANR${NQj7p%18{HqyADhabKmQ9svZu+$PF<1jwmNx2p;O7^W z7(SwL0Y=4bYinf{CZN}2(d@c*?Fnrl3#3f!hx^U`Dp<9BbG0<|89i0Oz5u`FO-D`j zg&}12q}BHHdf3iFTg8X-uQ&9q(>cPj6LBp42bRh<&M)3D)&6R5I++_SxJkCo#svG< zE>|fcmNM^7Jzk)o@UHOuBJ1I@@`D@P?iXtn!s0c*gC^_1&`uP-n0a05%Ngs=V6}En zl6pi|NXc6>TE8q+SS3vU4Kd|ys8=XRDhzOYD11!BdVVFbPvnrR_4l)uVJ38I*uEov zFhDR|9p7x--qWO!6z?-Q;zz$27#+6*2(4SmPH6hX1Hz`fX0)Ff0K(lVb5S*@=_`C7 zJO9Bt`ZYvs%rI#9>~kHCn5ckeSLh=;4Y1&Vw>?axby&?OPXWl%q1Kq_QASC>Xd{a+RZNFf>p#)|BauQrSd64$LSkMM%NHQ0jd_z!vj5%SqE*P9o%JbP`)xN7*uKRlEfk=RexM?~_FpG_-l`T+yh!H`1}!ZQvwo%2c< zNqclPt(`KA?k~;{K+YTdbeJg`=)37s+jsm>6qOBf%=?ka#WQ$~C-a(Y1zzk&iPjhoh>@#Z28Uu)-W=*Q zIv&@-L73EYVCbuQSatK)gOsM&a4dHXOMkKj7yL_z-#eaM{|O}G?v)p+FV7uyZMs0T z!sKeAM!s(7-`@&38z3n@?JgM%4s2*~sE>9}3Nga?4@h9KXKidh?C$Kut^176&P(I8 zo0*1m12`8&aBFg%dwRrfto+;PWZIO3<&9r(kAs_RQ=M)@#x`+Wc}7q$|8WQuKY6HB zUUwJQTHG-784QY0?XmCqED7_SjF*8<)IrX`RgAfh)91F$TFe96!pF3ldlpx}x*~(= z@2=LL3Z#h@Lem9~{9X%%!wK=4B!0SqFNQJn)u2WG?0{C*Le`u0?yg;T15{7~DU&%p zV`p@#utn7&%-hBGXMoD0Qeldh+M@0NdQ|lc0wnVMxI&Cu=dW&Gx+zW6_aj0b?fyZB z{hVsO{eK0jNn15mBQ1JTGc8A!Cu2O? zU@x+nsdW_CxW(Xqi(oK7~dhEGkAuq@)I+OQd~fc8R5!P>YHHNzj-Up zfLNpJcJHJnJ`)Sf@8}|JL{^%?Ae%88{MLbl)avvI;oIQlt&51UHLM@I`@zL)1IdEb z$2Z(<%l%JS1f#X_uW>aTDN9U558OOFpL4P7Sf{tbq72cFSRf}ED6u$2-;@iJ`^`(K zPiX>?v1D_5$F5jyVbDXH-s$jh$VaJhM^JYK=#*AtMi>c#6{=7&e|_~Ec*%n`~TM&`{ml{PDWLevFV7BQASOC?B&l# z7V!^k9iE#j83`!Y$RlEe0z3C$?pHgeBSYCR22;FhtbXIXX{wTb3%<7wkb-xnZnHyl zLlkLeMLDWhNC#%~|7U-z{WXoiBN?Zje@i9XuKy1=TeVQPs3J@N5B8XNqXYijP4ntR zffaqF7fAj_|BxZnEn`o&=5%)OF(g7dh*6%Ye)C~PsO{tlwL)TFEMhD)v&r?1H?CS4 z!4iSxG2<26I#l)s>#rKb*mpp=vVA#{ZY@1tbMMP8&z~0fwb_ZUn^-@Ye*C;4co<=O z^l}a?1c|VOeQr_M>tZgxc|2K-XCtTsa_moHe0#zWW7bO#cXS18?gqUM{I?gNz+>bV z&P@})N4qOJwOx>2I1Ak3i4B{U)!1+TLB~pS+Unrs`_}6mVF0|A@JwByokHO`n_Zos z`m#m7A&|xFC@#pwlRq$35fLs04`jFEfwenwt=LoJ7|@7s-`%Jl!0{mP?^ZHUV%PEQ z0LkdqKG}63>Mz;l#T=s|fQU((*isXdU#sGXW!G$yZ1>;Z6D!TkVk;D|QF8Z4&T^yo ztT|0E7L#mNd*n>F=1lSTM=6)J@3j3S+tG$($8wg)@0~m4_Gzsfd&Vs9_;4jr2%ev@ zS&NlF=6A0{wnPix8y`4>%!=DnP|9!EbfDw$>NU0Wl+>i9q@(a-Zz2V3JW$)Wve)%c zQM8Pc=86oY-d#B}#fQDQzZ&5APCb^zv{@XVi*4{1zbWZNf*EkOv2M=z$z4?C`tDEoS8v6QT2K>HQ z&bD-lQ7QgwzUgHXU4b0~_drpJ``BN`iX3I>b}9Z{$ji)Wu0=eHWQ~GOJU9o-4L}Oc2eeOmO@T_`f+@@an*N%H}Lr4FRXF* zj5Ugv(OgIF#n#?ec~$yt8HYI!;w!x=NxHPIk>b#8f(O$VkuRK8B@TgngQ=fFEKxrO zl}ko%!t>TMLS`YP*nQ@Y&c8}E(-pMuapBgG#|>mT;IpteAeKFZg=~wtF|djjxMcwE ziWHhoYH{Sd9jMmj$WUdGKkR2$n^Y3l@S}Z~bAw~?D@W5y8mkzr7bZLOZK%;Rex;lk z>=F9FM9Db@(p<{A1aUp|v3LyMfuJn%*7ng2c6Y&kK4f}Z?%vpv4sI|M?d)YWSI%6@ z-dEF*e*-Z#4JYeiuv{V)Wc86@^_m+#((run&`bK1XI|gTFdB%lpn~;Y-4@GS!}+&c zglv9uh9QkL?;(;soLq}7M3%V?@>%&0G3>S|DcT~ou{ z!sRGTxzO*1yi{q6)I#lz%ju`e0_rq5)R!~m0&Qjdx#HcUi+2j9yW4$-qp*pskETsD z@q(LdZJe+KP5cYEhlIP*BKg5Ygm8Oj!_=8-uRmTbHpEkEmSN82JACYOAKg%R72Hfp zeIN`xE{h!w9wZ~OSp8t)(?&`#*Tz4!P_KNx0 zJWmtAoTpvOJt`Qv004w&gd4Uiroz!}Y&By`n<%2t)Cg4mSxe@RDTRb>opqN;0Q}8b zb6~tp8X_NRVrO;_4?0XraxWAjVM?AIX!-tV!L)zKd-dCnsO?XG!greF(s;laS zLRczg5GOyl8l^C%eE(Hsh5<7cHGs`TJa&WO$t}|8KI(^QsCL1wyGLeajc-nK` z{tNYf2zVXoKLS#bq!*__W(u*@fi3)=0>J-@hCyZN9INGd~o2E9;EY@NBF070D{4^3xJE&|%tbV4ILJ z`l5%btdHfgay;D7JM)kVgDNu<(%P=W3kdE=b-{viy_>H|( zs##MNwG&}ui>l=H6V7`wc6HgouBXd@{v;oKnwL%wF(yYuh9<;mE)&RI#(_%ivWp%> z@YIC?Y@&whxt@llJnUe zHpG|;{3)mJ$hEwtGSVCefa|`Yl23!vO#LzE=Fx_zl%azkmzA&Pl>`p<_0+&(MIv`= zXom=6U(=rjr;V`io`e_D52unGb!%n4m`KY*7I`7_ddInuALMEM*!$ZVmv-y6LJA0f zKElb}*wT*=R7wUqz3mp}O6U^ef`^MQFl|dNaudS~hut&Cs`3#er<~2;GWHEO;s$o( z?4r17P0S74ZG~AhT%LEsso`DxU0z)K-FyD_$s#2 z6QvS}J5{0obR<>82Y=zcycSYfK%8Vr{cHt02|Fhc$mc7QHr0sjyXiS+KqqF#Ysv@D z6)W_~eebx%L}UduYqxm8;LX)afRBu5vYu9@3+Y_fu^ns@$;>>NKigiRW=ooiOuL@^ z$={6&qOq^5eJY&lo%L(0O3)YoJbIzbHfV|V9&4FL31~5?aIvdrR%J~o3YaKAQZ*bS zs5AUDb9xYio?l!7y1DJ}g7OrA0j*GKv&g%r$Kc~Q7o30@?`|q~qfXiF<8{ZR5H90e zp06Ip3zmJ1*ty>d=m^V0m3&Z6qj;e>ILIc5B2m$u2ws|_P@I^Yz#9vhJm}FuD|6)# zd`H(JQ&~t{qppzOo+^GCJi48*NUYJ#!sJ3dH{2J&_`H6%!V=VEb>bKPVzlG?MKu6Y zIxY2P{XkMQ;Xk5_bk4Dk)@1+u{Z_V7jv4IpdB|J3nm(TG5zdtJ>dHK1;T=00*1H>~#6Pz0z<#);!*?;h+FCg86t?AYr zA>yJ)F2TL()xHQFciR-q-R?k=bMj&$Btx#{NrTsA^FVw1ia2Q7qV~7#_Ii{0g;s@R zOlMoYC*O*7?w4H@5G`Z1l|!zzJ)xO2ARdR|mfC-{q^8&R@60l0vi4{8 zG54Kg`B6WuaG`4RpO#=w@2=gXa+hG_pE^A&;kXw<37Z5#oe{%^5QfJsKA20^{lcq;MX874A7z z;lLmjXN|`(pip!Px?#xq=KaNiLAdY0_;ZlZ&a6iM!?M4-0S#1f&Ac|vMV^9e<`YmE z*#c40A>DIc!SRBzxp#G8?U1UCJ`pwVlvXI_+BakF`x=}%Qy+Q2^d|eI9?$w`LR`vq zqxX*GBJPZ-veJX0+QK@XZbcPf(0HxLzq5NKqnFFbB9RY3(U_pllT}8`u$XJ#AxkE${qoaj*y(q;Mnl{4j!VLmkFw?qb05E2u>k1>oD85wJc8Yi3yD^@ zo-l-V7}?;h3kqkmqRN30z^n1=t>aP%bmShhavMa$yX_3BU`n3Q5BF={_?{5Te7)9Q zvy>os6ex2GY4v)IR<9JONk9?^zp-ZS62)Bi#XnNGUPG4SHP)$UTMg_6rCDbl(9?(> z1=yrLW&?YE|LuHniH6z47Xr~Cg@gQGvx^TcvEomSd9^M$*>=|!q@qUxTgN96I-n4H z1Zp~wuf8Q%#2!Pi&u`bNJUX{r^4Y7{g!&r@(>T0v1J8CpvGZE;$hwu59BlZm*_dlHnh=+Dc(YtM)dRVmrP4+0>9ZWx?OmHZ zDvtn|0e}+352Ns>6LTf*8hx(hcz@kDxUo|MDutjYc414w4x^*;AS=6z!pTB{@G7kI zsPv*Q1JU0iVgGVMf;PGPkbTX^MQ)?Kwv;MXm8uw#jF$PJT=~bZL*Lw z7shLV0b8Q(%pNmQGX%rL;^gQ0UEmKa&nhAfp2yj9Kc>>o&&}z$1C+3ZirB4quP?za ztGbTdLsuGaN&%Ss0JB>(pr@z^ND43ue;Pa|=$8~9TPFM_MiajMb2N@i?VaBnMPN=< z_a1jaycsIL==(z}Xy+RM0FrDWU+oz+Gimmnu+M9{nH`JbpP@4J2y)S~e|(gkBDV}E z=1y+3iY5><46^W8f{Sp)@ycQ6mapPr@(K_X!58jsWdJoBRv6|e$~w(}o-Jr^p8f6P zvSXF58?qJ|v07Kyh!Y2oR`;RCnUBxETR5sAK345heeA>Vn`gynI{hIXL-x zeCdYgU)4h!y^R}jDg|-4%zgeJ$z7n`h3u?`N3S#?c<*jj@ zJTNa`xB3YDe?ng(t7j>~nVJoUpCQ|3v_f4%2%dhcCQh=E_Vf$X?0fLjQo5Ck+~`jb zQ(ewwCD&D5)<9V1hdupzhfysa`ooG!a7;XpHol*z9onH)nRmHCL)u01BCuro+YwPf z?Qz}OWO6ccC2+z5S%$(XfSJD6ti}wfRox&N_k&MxrFo)@LzKQusHKvHIvK8IE zbT{Rr&C?IZtvw=7=O)w6icPQ%YrK(=Sgjii!i27e`Xl>qvDdX|->e};e!cBm3b}(e zs-_J#IUJ=PF+_2r9C!|gmXKBUaKuH_6`b{E6RW@3h}T>?vTFT@Ntewzk57Jnctlq6*ylgMcJuTod>Up2TZz z5viYyUn+EqftZTkUNq0!|1;14i5ptRL7cG;n*X}#3Md{N+NM=Gbh*>*lBdXl14QbB z9iI@m$E&$c@+~B6E3G`4XDz4%roUmT2zw5K3+Iwk93P-d22dIx{(#G^+2crzrB`IN zqA@emQ`cw02+Sq4dUV$M*rzS8i30y1#P{TDk5Q)XQ|3(EHky_Fco7e?u(i@f`FViBEf86rGdabVteE&7E$RtV2gB zkB#M_tO)-=&Mko=6lT`ZK%^$dol@;q1r!$miVJR`$Pc2>vsuZP+kvT9fR-!JZbsFA zCaV>Ot-mZTBK`ezO9g@Wl-6(;0aaSS+0ENO$|}z@vUI-R#{hRwXZA9*Di&;ty`{)) zsRD2XPk@ri+rV>l9}VbP=L$>e-;vd77ML`>EtGkDGG;Z$e*dlNGT=CG()+r&%54Jk zK>|l$b=(*Y!Lw(m0xNr%om_-nnE?g8xevu5@!g?b!=XgWd7OpSOcsvIZ%J{_rJs-<( zulLvw>XCHN_n*JTUxV&>s+MJQ%BwxQj#JxjaFKj4*?IzDyADnbF7W4*Uh3{jv|73} z3p#L;j6q#nq2D?wuPONPOS~*_s;5xAtzqkGXg4U>&sE=NnRx~Iu0wJ?r`fPA0xYWR z=l{47>AuAM8K-?to$C2lye(wql6b{G4u6cez~?Y0c~1YUOXlGQpyDiOjQBhZTana2 zpF1JmF*nHh`?wBeCdn3sj?@l@<3@b@`wJu#$yh5M_F_$~B$3Jl^2J&~v-_Z#QdSP7 zH_$%<-vQ|ILtQyu1U?h!K>B{f;`I2q79(Fg)DvtbL9!kJeJuYi@Gu@$yXrg1wTd$q ztx9|(hMdpgh%9M0^d6{?4}1-x|0fvIDyPrcRcpavt;oF$$Sr6&eYf`y^hCs1>0F$R z%aM*hxco#sY#c(l>F0m$v^yq$$9x5RTSCK=FlbspK;{FU^8htk2duS4T&wc+naUbb z(y9BZ+SK+f9N~P#>)-%=A>@8n7(E)&>2nUq5LftD{Bcd7?#T!E@X0L<-!=4C6}j1M z1VelTA3k-XSZa%yR^_})j@QK<<_Z$2XG{-s{QJ=b9NSihP-SO}zob!j9D(R};-$hm zh+sb2LN`(e2V&LsBDZ*cv#!zj42*qY0&?*SF2r9fw~Wt0*fk+a#If zz$Z^1Q$1IH`OIE_Ib9NuyB`a3-Q5w*@TW6NbK~0gG=nOCCG{SCR1EJ6!u$SCo6$B3 zS&4b~A>eVqmDcPkOHc&6ZIGBN)(x}sj!O+41=A*d2!#g;Zk(*2ieRS9SJ8F8uaIg9 zk;JQ51+b~5TLJk3Fm|97(vl~0z@~oww$2t(OTJ4U*Ts|h1vRK=yg5v+6653eyWMu- z{d|)VgEKlmItWCS6E8z$Kd%#;XrMgFYr65+2dvc!&pAGJ?J)~OE1fPmQH|$c_ zx#CsfL#`{3;e2F((cnQ3`1*^nc;qnkk`s*|f%qkMuD{_+-9Q4-*?fM_F(F9e#({CN zX1F(z%>~F}(BQ!aFKCyA{5{z&eB)A|Fy~t(k|Bh#GaSP8sdMl|?pBPfR`9&!WUKfB z9cugY#jHCUL7Lr5(aSh1?JhxE#TK~f<>znRipXwK_=>}fI!s#NDAQd(9c-IGJUi=_ z&-=7>N-$2t-l5mRfX(XN!141ySUAM@A8k2oYymbNL2Oh7d_Mpi;~jyGE4C@h`<|r| zqG_k_(2-`%iE6iO9^=oL?FE1^(tm!F$xB@c$TaML1<1g_8;2cvfE(C?K&Vv%KQ$0! zOVp1Dx~$vhf8!4#gum$!4oqd{9V9wiSu5=)T*-O0;;F!4YieQZ-1)^roL+vtSJws{U;JNq)KH}g|F$y#Gg4@S zbGpOGjG7+Xc`d6eb=`VgDqZjZC|mq_cjQ3hcW_-xA-I+$Ey}B;=zEA%9a3tLtW7|# zt~a##m7=^8d^6Z4ex%a3+bm2Lu0^6|OKVlmEU?gbzQ2k{^~w2r3i){&w^VT}72=e+ za(dG#C1Q@E&oO2v@QWN;BNIwAf(PYqexywtAOAmb@ z5G_n!`yrA^~Sul9`24F)vUK#B-U>sC*;LdhL`bTM=b2^c{ns%wW*v2>`-Z=q!Jt@q9o zwadR{FA5=D_C@B8jO*7REvN1I|L&a&EF$wVk~_N^RP|MRlU<pyooPmSbT#{u?`!SEd;%T|wguW`^5gCU zcg!CZ!e?_GAsnI0!`BJn9@=MW;$TC4Jcfcs5!irEo>4tLoVudKjDG_}F=zJS)w!yr z9H|pP=)&IuS4pu=!L=F!7rqG8?Ms}7>vLtbhtiXWrZTe?BeiY5-d>h=XWl8bG)!G! z&fLpaQD+5`*Z<#qr#Y>u?>^5txl+CM%o6Ya z-R_M{N_SQG+D{vbS-(hY7u{?oJ9Bh`{rTXr>e2kDC*A&y(b?B}7~9Y^E+ZJFB;%~^ z{uD;m2#bp;rV>bO8ex}7>-$Pm@<6{6%tN+1fF=T9x}-H*JuL&{N1wBzSl0Xtww$ps zfsqDIF!l$tYK9pPwae4??u5SwVAcb_J}Fq++1P;fEcX$8BvBh(Ai4k_YO#q#-^w(k zMpRk%53}k!6?+*mS9>*g02XC1S_1RA0(f}Ci~@uYjKQ%=p`AZO4VLhHyZBr`(fJ&? z@106401My%BkGb0!rN^WG^e!5ec~eSR-}b>_y1SuW<`b1-LZ3MD#QT*b`Aa#)ZJSi z=vU8Z4(drpczTliV!b0^0)ucAKFJ6QW06tq=^{`2HJxWz^+_TbR@DpZ)*2#Eh)?IP z1BgrN?r#9EduP<$H<8$J1X0a2s^S1S#K)W5H^M;+pX$(JNvaknZmhBHE;c2n^rrG9 zXumCk5lwuRXrzS<8i-K^%#wz`vM^!eCXKd~s1n+KbCq^pDt#nY1YHH1xB^WNz-DMP zY3;!PK|M?D!5CJ3nV_l63U&7*a1o1Ux;N{>ds3jXbj^kxAcK28fNS@ny0tI~2$txT zIZf*}44Hht*hX5%*@A4JUvvlNN02yk-T=Yu-oMKSnyvfgljxalwU_U#NJ}>Xgrv}< z4$U<4*75C`Q;mfW6&-}x)|kPS+mY2UU*g>L+al-GNRc7t-^Y&kGuBWe8cZgRMWc(h z67cCB47qq(wDurbM0mZryBEOnxdKxztk6K1 zkxge}VdN7-4hF=$)2~h;jMc3wyPyqvV($`&?)HPmc$hQ5$c&>IihG_6j5nmSrVjxm zMRoU37(}1ys1CE4oPe?en3!S-Tz6F~C#I-*nWmt~45TKSw^qGQqRY7-SOEhb=5nw) zOj4F&N+@bJhO{@BkPY2x|9nO`WAhBAq}-4IF$jwTIx7~{8B4+6&x`7;)k)Rkh(y-n z*l8Ml#8DBED7+k(t~ZG^pfmVNP_F=p{~)L+!@AnrdjsY*!2QF3I}FxHRabW(0cofD zsJq{jA+a@xeh%06%59ZTr+3VOp`e;Fvw)f-+e<-xwVltC`@%s@My~eyL|zn$5fy`B zdA9+*$VGKy3UI-(DnPD41m{Xy-Pq3_I5xi(b~Xq^O5hkzb0M4==MwJ|!YK2nGNDg&&&B=!xWpC3>t4ivik z;xgQV8eygGkJZgiXN?0lk7^3Xn zawd8s{QWL=CUAK??KIVAGjow-gqI7oGlMm02CUap$Jymas^$yv+0LvNbSd~?LIxiM zQkOu?@j;HG9|mB^bX@HXLHx_V+MD_}?YtJ%gWx&7IMx9vYG3x<=*6HBYjE`vjH6jZ zwg)O8#O5UJ8@P9^5#9xc$;bo47#Cowj;65KL_0VWO+him#6M}{Ov0`K8Mbc{U3CD> zuer%lE%3n2q3uh)4sGu(Xfm0I2Pu-S_O>A`Uf__xjx-O5P5gj)J(|*DiUN;m8y~cb zrVWm+$lJ#RCqEg1Xgq?`_^*C-G-2$epq|IMn%LClTI(fGgKqo!z>JTlfnbXF9Dq^V zx4^(x`1=(Y7DR)DNmR#q5NO1mc0GqiIh@ATPiPzeX&)kbU5(h~m^9@YD00t4edGf| zXcs7$j5!EG4+NrspuwP{RW#ZQf+KOTSI|YZ!o=G=5C+~@3E&fcjGoiH?5Uz%pkT}^ zrew>W)cJZ^Z}YtXLOK$qCQNZ-++3cPvJw9FE=w!gL#hrI_dFXIpDE#~4XSDms`><1 zRVfpauQ#>)X?bjFK{B1SB_QzrrZb{2UB}8Dh1?9G=)7()vcZ_i(^+)m7dT?nmGKj!TA;Xn5L~Wcz<{-a*#^Uu}$*STPAhq zwl9o3!+LK3`-OMGtd|juxB0LGU?Yd$3VNR;xe%v!FkKYiPaP-sbt-_VVW+imQBq0O zmQY%bec@ke;_VW<^B&w|`x>+=)kxhPvw99NrLN!h{f_>I-WKV9Lh~aq2VC!E6PVYM z=prJJ3Q%@SpwUHEOj`GQLbP^tvt)`U(&H$w?)0m@6F{65u43JwTB)1WM|=@@m^*aN zf~35e`Gv?zx!C=bAmo^2o;Qegju15*vo!tc^;EM@cKyXBR zb4|Y5+q?;GB!p2>d*f+A#|EDfV%_d}A0hXdi=g31i^Oom;KHKC6S36cg@+u8&L-r( z4nb43bBgHVESdj-epP^NQVy0nqx;LOV0P5GBcvqa;5ebYM`pAqi5}gJtVna&9JKwG z7?4tq5B{s|k^-LaQtVEvOykAq4!6YB04Q}2@Y|qT3hvc{zc+42#v76fZnqbB+#9!| zN<3#}c+`Sd-TD_EV4O{$wNcIPw^sGcn>Tk=c;%G++V`|hxu#?8pM=}I~G{!uRqHZS9cQe;i?h5c# zC-;de*w2}eVd5w_p}BDR5J6F%?f?0U&A+7TXG9fh`(r^4OK@9M=h)&inwK@T#x;E6 z0`=%~R{z)M{Jq5l9IdSgt#hy&QLgVH;?Rj=XKX&}SHA=Y-M(9-10XszO#t81wQybd zn^Ya%o9*LuCYCu4Hm47c9t%1y*>^wrvBtbnKo!M0o0?Qt`1if@-a` zgND2B#n)kq7eKRC;=8}v8WQ_e@3_W$|i1n#ZCe=fp$|5 zhi?L5ADP5nNu*VN8Zsd}c0d2M%{J;+n^KixD?fQtmGbBvONlabAK`cUX-a}VXrk-L z_3Z!Q02V)E)2m;-mzt|g44xQkwoA%;Tm+$r%zWJ2xayIFvEC;4j8+;eP z;j&gyOflhKnx7<7L!nf;fIc#=Z3>F|zvajvE6hnE5$!998$a3&Ruan`lI#bb^Sh?~ zgWrRDV+*kCB*JTjlsF=r@fldANyPtxXXejy?U_4r#Eq1JP46No!i6u5*<3r zFRyK5#fNF!R-}SKO${CZp$1m|IKiPu-)b9z_7G+)scs@2O%d&$N%S#694*{_WbVV$i^j|bJ}IV+dB=uK@{Q1j&H;Hc4z=$TiZ14<)7TO3xW z@To}v1G~_CtwTmRF6M$ShW-*+;xbgz=r!zSX>6oe;8JBXm$DrU&6w6bhbXP#>=XE+ zlvrk$?q0*~i*p)O6*Vjt-9|w=R3RPtL=1gxS%zW#BD# z6Q#8VTaeQ;t2N1ajxYRWcHs`{q&-!_Jv?^{+CgVN*$Ejv%)8d(y#lTj^amJ5kQZVC z){d>?QAmwp?(+nR6nM7A+r8|o?AX7odQpy8BXF_4BvofhjOkO^kz02Woez>r*GE`g zUA;1S00zTiQ{XmQ)Ns^aU&U8oY=Q{+2F)b8y^k0LTIHX~vZ%L1Ml}bQg~4Ic)F`2# z!fEhq61_W%U+SZCAzK;1#HfO?_d;+EjMvV}mw^8gP=Bip-7G8u6nzJJWXGZi&DACi zAM9YP@h@oh#|D`Mp?+CU9csEM+0eC~PcY_aR(`Bb#6&+^RBL^U_R5!dJH4S4&N22XY@v+Z(LoCO!{3^*pWnPlA7g(_kBMW1~q;U zA`usnQA(r17S4O)FzHoh3TI;V!kSSSK1n&au+HWWQl1QxtWa7i;ps*0a|HK_VS71| zBaMbaXBFnj$gQ0r5s(t*R&IQsdy*poT*gm>!QKL7{=Vp|0}>a$dfOMAKe)}E%zEvR znRxn0P9zFC*5V1jRW+$vNZiw{n7K=QEQnRl3VI;p@`+uBbJgh=cCnfyWd-I0 z^+K=gSP5+J1IVAhkNbY;Gakj3I)m?n((xQD$XjObo87;`^W?x2_(^Rnq`y(^ z9|=d@!hJ~8HJPl{9D2_yMehecCBvq5XAuku^4V>@Ay7i;%i`CwU-6qH+F*DncIe*K zU-UwTI2B?R+WuHO1OgT(vi;FmW!UNiwBG31Kn(I!m!!Ol2_yeB>QrDoI1+9m~|9D$(ighB(AGS{;=*#3Q6BW9k~$2%n== z8$^IZq5i!94nkcp%$m^!NtM;Y%4HnWxw0%R_ytWtiJ23klu_9p8xqlMl0&bA(h%bx zrE4&t*XmT?^o2C4-(EWGxMg_`=+4~b3p z+b6X{AajI`<{B~%Z07v_sN+Z|BeZT0>g2IvW(ux0r6O|Ho8NO8HVkQd3<{Y9tXCJ| z25z-XePlU}c8l0_r~Oau5YrH|3X_S8h=ml#Jr8tZLA`|)b7qbYOHdbWB9dE7FCB-AsTj3! zv|_>wSz>v`bJ&y~wQam9(mD=lHpkm&KsZ1VTUaB6swfE9pS1eh?MdLboJROf$SFNp zV7}jWDkULlBtju%>)3r@9~C4uVO6Xp4CDBpfbHT2C#Z=Oa9Q%MNRB5EJ%)DHox~_0 zMFL=TAy}z~Q6`9S2DJ0OR3Qn^OT~35;+}ty`<{Zu?I~p6orRWcSqv%2 zI}qoK04#FyB_~jTa)>(6e_$e+P;LjILl)FvQZ1v-AreE8V}-CTr>(b)(3#1S?#Wto zWqERn3J`>JnC1K8K$1qHU|IxS6Q(EVv_FaKoG}ZNg8#I-B4h)&4msJ?yMuuAg_Y7AV@` z@2>0N&ocv3=eZioD;70QBch-?CJjwaD-ATWRQ$MlX0;ANVXK9O?C&TB0&hH;s%SA& zNhlvU;O$9`&0skIIY6v!6q<324B-jU;)CbNj9t>yu}&?c)ve<{xa_A8VYV>RvSRQm zXphj*C6PmNw=zfFBH*k+B9oQjiYPT&p_79s^(O5LLweKbIUZ$6XoTecJJeeoqLfU}pbtqCmM53b<;qleK5`!ivs9*#O#g}(s7pAnM}-oD zPjQ`&#EVqA`)ORLtG>&^t?iWSx{#kYQQPYxV`ug-mza>3M0(t}E@amsP9X=EaFAo7 z$afM(`Lw(+s2`bbPRhAmI@)axkm!-S%kIEkBlw2XAXTAz&yyrLy@0FQQm5(mLdO^4tXIa{Hivfm&C3m z_(!(C4N5mW2L|Sb%c5UtA1+u@wHVqe-8;XI62_8Q^+9DhnsZteBq9C9W#NtQt_y37 zx8t%%1X*}FQ!@#5wN4|^AxaPF?j#)E!AoAK()=ocHX$))OFgZqQ?P@1!xWb-Tx#Go zYh*C%8Y_b98Xn;C7`&ZFi+a$$i#qIcZ0bwzcstwwE7D^bVVw`iEEbd8EU2Tg179qu zlNZQ+hKi1Rtl$n!XHXMfrml)FgwlPJwe)Sxk&>==unM|DLAmrPe(`ilIS%{Q%mlxOir)oTG+j%9LE${4Hvgi4kns_OjSeM??&3FMz+T%(aDMf zkU|N((}Tgn*wf>rDFbSlYgA)YyIm5!pf5KEDhd0U9vLhZ+3s|d3O_<%K${t^Tz`C% zgQO9_bs_p$kIr~yD>3(?h^7fbGU13=7*URC-lZvQV>S~!Pj!CX31=uKIsXpzr}gGf zPWBNxB|MGD_SUbChA%F3dvlAcK9yW!+3SF-PcmqD5;IxHe5PEovA$@6>f=G~1EB)! zghD+i6JbxaNsV%-VjVLyTtijLrn_r(Hi{?EqBREx8)q(Ako(e3M%jFXOGQwMifl*| z?mIyCU6zG!DFz$T2BvRcQ`HuNp6 zLx>w8UdkKlhiqsGb+RsRIz`n!iJdPHxd?6?nWZ9RmI^zZinG^xN%ZZ^^&w_eV@fH+ zLCAHuG`!P;Dc#sp1Cp{_j`R|5Zygj%WC*3^S(4md_SY167`u2-R{~d)Mm*sZEs}`* zB@)9Wt{5~Ga7D&FK}35bv8>l80ICNcS@k}hP!6S#I=?Ey3VKO2zwONOr7~09z2i4( zmhfE|Ao(T?M9uaBkRtCw6#QUhFvUNYKJuWfB(RDw7@V{d?ukq|lCT z^*lOWFwn9lWb*U*d?Apz)v>5T9XM7%owYFmr&}&PFnXXIAC-BsFL4) zgSheYW|x7hJ(^GJKDx@Dl z@s`oC!BL^C)_6t1CZ|`s#J_s3QH*Xs4B0Zi<;bj7x{Ex?*52uPLnR@f3WkP*2<5Ql zfL6h=Vv^2a4N=4s`p8pUbx*&ngsV3(s8s^n`G`SXN>HWOGa-w1$(x{JFSJyy8QTe!#VV7W z{7(6;a9o)WmrLOO)t9poyZtx^ix}O1F-9kA=YDw>E9y1sRO}kn6yEL~FrEtTn&Q;5 z9fDkJ?-QD|=3qY|Pa|X}QQ9`iH@C)$H04a4$#~^BaUZzb>lQ#1GYg#J`ZOy%Ndk8D zqQD{4p|5Nyf23<=Te-re;yVu%bf9*BlU08fH;^}f$FgCG_Yt)5X@b83W4MD5?3mx3`<$gx=eY(%(R=AUgw_mA8ZBCDP?As6@@~6R5K@=!ZRV|pphnliox$?tzQTifqQlb~C`A25D78oaYrVVJw6Fr+!Q zAuMArqNhKf+tk8$sBHl#{NLuN~D>Dp)$pO#$+tM=aj4{ zb2$$V=0)>jOK%%0Xo6wNMVku?YphWnANj2G zSKZy00rwffZn`L{ABa?=(iFBZ`KcS^8IzFPeKKjt534bM(9R}CDKdIgP=$PsJO385 z!0%9pL9SB<+8S_ofG(-PDlbfp6v;(g8uGMBYWDnLt?aR8Pr=2a<5RdKV3kSpQl}OW)BGr7HR5A0S@n|}Q^wvARQEG_#F>hw}%(8wiN=K`_!_6IsBPQPt)^sKs1Uc>V6J)o$XdAgW>)UWGrMZp&xtiwJpaLUd{ zjR0kgJpJm?tz$!%JN)IC8W30JSoT1;zq^7go+GWOW1r-EmQiE09Im)Q=NI^DTnA*G z2Cnbkr6tUh9uak2*%X@ck; zwa2T%pWcVGX+3K5M%(ExM8B=fA!@F5Oifm%rG3&=?~dFuDiD*#mE6r)$%Q}&!yts4 z8l`vqFx}`@-`b$9@NjgbvBx22iuOo)Y&gix6buKhBm%kZh?+*!S?E{$YYnO{2=_Oq z-U!*CR56`r9^L+!RX;+yl*9)&2)S~jd*L-)rF;r!M-<{ShhniFo!l`e8;4q__NPq^ zrZtZFU%MYkPxVfQi{wq4Zi9Lo_ViCvparYFK?^TQ*3s~JHY2F|N8m zGKXOksfwp&@(455RW`;CN9io-b+4B!sj<%BZaax^TNDa21k>RVkC7!m7*rXQ*K98| zG4dj@&&&VC?Q5TWYCDs2zke$?qc2wNSPbXOl~;o^OGys5u&+}!3t%fcT zY~?Ey%U~PSNFx8VmlC7oyVDcZ=q!ud4JQ8O@_{O$~~j{dIn&zS1+ptfe*0EN|~cI7|MxsDXgrI6(qihtq?b<5DHAdejNX zGMDa#Q;!jJs1Hur`UThcQlW7HGbjo0?sw^01n?8DbjWS|=-MkjT zHv4FzSWtZXqKFZ?3kBJhFC6cpIt1f5$hYgfn0!Y@V6=0zqUbO~%x`~QTMIe4phG3h z-`cvgY^=Y{7X$+d|K|||Iy8=^eax9i)jR4NdiFp9edPWZzjV01g-+RJg*88JE0kum@5@82Zz_gkxu zg&II`jY$A<7^g(sYZe{d=+X12%q-{PiP6BQhMFeN&g!GSEq~_-)jJyw^esnCN!XTF z13(@#h@ow~-=0V8-`kxo^>U`pWTI`#7j|*fzJ~a2gIYqMBI0KC50KMa{w8O@2d&_SJK#g#wPcLB@w z8y`@ak>qbopRPR_J>Lp$(Ly!n$nUcXLIj(?rv*;1xkxAf>!0b~eT{AvrI}{FRs1SB zE`1q&dHW?IkPq*A*9RiRr1VI>I#ju{>iz|OT@z)EUfmKKoy+6O=b#1w6t|T908fHj z4YbDby$?Ni&R2i)VEJw~&4W||{T zr~5+oDdd#A7Tqs}g}&-Tb||Gw5(#ggB9^UX8+#e2pDr!b^Pg#M%J6G=x#W?`5;fHN z1`OARZYNaU6lqzHRjtQ=f8fU%U1|aN?6{qw5cwO`Y$|AjT2)Z0hMMi>JS~3M5Y*sWurv75xADk8k?c%=f5at6mCt&H zO)pxrcP98|tVNfmVI%L75dN^aO}SDn*R$mVT$_5Ly^4KP6da0?LayWLI%;1*3W=4V zVz8jg5;E&T{W#k^@?&Ik`B>mIa9ICmA)>4L9o z5<5Np+Eg%~TvQlWJ~x$Hyzvd4<#8)$CKRdR^?ObZdtqs-U9|3pa0u)C3bfcnyP*A! zhw_gip*-)ZPD~ix0Fy-(cW_guKRLkLC?I``Qtz&~@;!@#{VET8Y?!#a(&Og%1`NLm z7B=`;$W?Kx6cz=vq3#df;@nkJFcYjciN=!fw4qAe8kc(H{OPWQz3OPvnkM;f7wjh7 z`-!7|W)^kSZpWqE*#SHywuuN$A?QF>lx=*(&cRPwXZlKKqx;*)^_@q3S5ut0nPmv7 z$f5WJHPoS#Tv%D}T@t7WMu?})+-WZWv9+}{?DGDR5$N+xG2<3Oo?C4!h6WiN`FqHJ zagcv{vjH+g4BDMg{{cMRcB-gveP{F_t+Q!=W=zSvTD0W=+eIa2argSg_7x5X;pKaF zB(^!RDf|zgOS?Mr#|jmLCptqif??$lbb&6g?I?Z#jnGC-a~!l+mf6D{tJvNI)SKo( z+#mE~+v!ff8K2K1#kphuDjxL}q!76|4QejMseb>9>Xq-3@YmyM{bB8T#2^v2@tcq8 zgYAaOqZzj{MfaylXoBt$y>&=Gch;RdvNJ#sigf-%xx)8v4|NDI~ zMo8JUVQrX-a|7tS40jjFli%%n}1B9{*M`5r70X>J{n@j_=*L;GkdC{ zmOEe=+~Cx-9()BNMvH3%{#-wVm7p{q4r1UM!uMIq5Cl-fe|-G@z%rt}I78H@{QCo) zZ1=_vy=3#uv37Dzqi2;p`KWKkL#405`JEX>4$7zez%uXc2d;v5_H*Q_2*u(TeTy=; zA^H|t3e|*c$OIQxW9^Y#=ksn~kHdj4^=@)eK8@KqLV4u#r=VWbwbmn=J=*zc9~ceZ zrZgN&PdX?0d#+s!&3^8kxbG|JsZ9%9h8@T}C2)(2sZcAp4Zr@e^5t z`wgoAYF1cO>v(>zQReCXryti8Un`1(qT zj4O-8%r+#?S+U?RY2#N<9+5Pv|4RD$Jbvd#lX^GJ3#SqS{yrgBPwW%cdwyJUp4Q># z<_|TDj~~_0ST)z0NLlt?obW31^m@hoSDim1hI)g|&P7L@jxHG(QYt9v5kH(3-6Q9( zQr_t~aTIr;g^4KpajlmrVqc5M`gZ*TU&H9g){FrWRo5^1O;y=U6Cb~Vaq_P4PwcQ1 zU+3CRtZN70uAgFz3vmVTMiw>gZAQ*~*(oo|y%?*mK zuP-NT)~MrD%7E9Y3)wZIZzlM@p>|9C6iz!74)X3S$P>GJ5Vs>g{&Ue+ zEd9~mFBL4lyz715-YXkMMuN=T;|!1R*Mt;Iy2wR+nr4%qE*J^Gq)?VoonVN1;wb1; z%N}*g;U=&DYB5BYY7(-_W|nWilJvIlXZH1o)aJ)}e53j1wLJ(55^r{FYtneyJj~1# z(aGn>@Va96QaPjwY7qTUGEhMa=bgdZbqH7jeIEb|>Cw5V;^sD@oOj)R!YiaFI#KDI zPo-$?RPCGVT7HvrPwWMyjBB#Od+P`gd3P-aqS0-OnAQEnJwW4g-I_x7*sw;yhJqhm zU6)0?-$-Qi^@(IV`#XBEzpnCMlR9;oyw%cg^p=i+(-Dk@>h;}cf5Ag?;lR6|h&J@+ z&?;k{z9s$3+t4eg`H@Jod>seAeOZ||UE52ww7Ed5DPW%-@cP%oD_8WuR&14LOF(&2 z_NbOW(*DJy^{8ob6FP3tLFE#hy&du&+WK86{sMQY+`_fzvy;j;oRthtH%0hTQF zqVmA2YsE(-X0`6pm;CSXZXq_l!Qb8}HhcB{>-%6TYkrJ1sOyP5mq65!dkjTXgCK}a z_?GTsW05@XaeS9UV>nF%ndnGC3p{v0c!GW?c~b=FYHn{I&`HRsr4Oub?eDLqhY!hmdDqwA9PZ1ba#EaA#eEGJ;_u) zSyT$A$?eNdj@W2!3FdS{1fZPJOqO@L^!e|j`SQIkm|BUF#c|IWk<7-S+EgJ(Vv0_c zB12}8wI0NyczfXi)E^;-z|VDGIP(TWDE z;WQiVTX>F%6`{j%0r>xafMhYNIR?Qy>i8!2<51++xbwdE1=>H-sJZ%qjH)WJ4q= zT%?qjNOc0>xy?WxcEW`PZ3vX0mC1%EL*_h!==sIKrPgkMZ`Za~FH}(AkX_9Kq(X)z zfq*Pe7W(x_2|B<3$(fjki6;PE5iv7SbOtvM`Dtu5%Hn@&ms*kWBY4C_JIeyT65~?z z9<`kPdPKwM33}vsmWB7vN0d+<^w%RLMzQFTBUw$zn{jN$9FB&Vx(3LZ8R%6yE&}*>J_OLUtJ{>*B^@yO@XnA~vPK|2X+p1sCL0aht0`-CsWi zjUC@U7p#?1zarUX<4>a9khA$oG$q|A6No;4B&!U*lH-CAfN$P@1JiN#3t95nY!(w{^t@%S|CZdwrFqOX~yUG$T^jXe57Stz*{Bz^d5kL*wNt`Ol_=dUzWbxgc{ zF)|eG?YJ20QHk-VUSfRK`}n{+LPx_+6lvhhea>UA*n)Rna3q-eN1>a-Pl9ZD*&=Xl zTi-e$dJ{(cGFaXu*lL-NVCwSL!OLkJtkGuBamj zHz`?E1p4Jj6iUM(R;h}*C~^RO>x(~9g-R{I9@#b*TusayIJJp9Fay-yXdU z5W^_Cf1{q_II&iR)OoWw%V_f8Y_-t<4x(fB1FXffuo#2=D_j6Wzfe%KNr&A zF$2tiu?|9jSBq*culp%(7aj%1R;4Zm7rML94LHP=WeYFSG3u;?K(sSFa&Y#MF8EyX zw;gwxl{gfVcfba^4)q-)L!mhEu5*y34yF$WjcPY$IadK+gZ^d(R#;*Humu_hFRz|; zvN7lr&tF!+z>I}}W^vG15tO4KpQM(~%YU)d%|Or%__$EvCoboBaXEBG3(zeCclS+d zRsh}T`O<#>U0A@ zcM1Gxg7PWExR^d(qWO(>0?{ww$E4YWq+&mhM#UUT3x#!KHbnlq8h}*nS4(v(*C<1o?%CcF3(0FVHTU|O11RO$jKGa%^Cx8a1E$Ej) zq@FQ=cvu+Pg|S1k3#IaghLp4E0dp}1211KNN88AyQ-*kTEb$)ce;D>B2(4;%H)NRc z2#xa2=;$156LfT`9h&tNJi3AHuo0h+Q5FLUw%fSN#CY@Q2DY1}3$7fAEOb`z^*n(& zw#;T909ggfUZKlnzuE-vIt$)-K{Q+fT#4Dj}c?2fB zjtr5x6jY8N>V=h1=|gRbm;V7}G+3z<Yqf9{G+R4 zar}iTV1cPM8e77X1b9*a)rQb=sjy4@=F%x|o)yl;Do~y*jH+EoBdosiit5(cTl2A) zmGI+BS5Hw;YsKWx8d;KvUL#bHH zGR3fU=+q<<3Mu#=WzUldLog^QjbXP?ilNQ5Ysyw$dR#;It%1@Js3!(3K6pJT9JK5= zgRJm0Fo*OAZCmeWU1T>eDvZj+9Pl3~v@n{-r8$m|hi1&h$a4-B2cuxHQ~@sgWdwMH zh^@Bj0|~7L38~G0bA0=Q=xLNcu7d6AKcyY0?Q}1J(hdj;CmV_T7*Cptr5bc2jS|CNFOhSzdzQDA|v--c3k zq`r7L2~&HW_zIpwo>BHT7yCw@f(o|jl?ebrp&IO7oV2w9^~?W?_OZgmH;{UPSI2C{ zxa-s-b@`126r*4mxrDmBD)1czXncMJUicLuQs$&@=EG7UX+;}9$7kC@uJ)TLV~0*@ zEx@c!0xlSc_80(>{SOea^c{TIMQs2=>E!Y;CJHeL#gTa3539QBwiW}o1ogc#Zk>(d z#mnjwdkxM(JO%oU8SUXx6u`Ufsc9KMn1gM50usY^aLs~Y#p`e5Lc}ET%EPF zjtmNyYAG1}@f+1x=<9VbjcXI|4h!HeWCf}1?^cq!*}w^-$e@MxaYOJ_2r7R^SHDm} z5LA8V4=j!A$puwU(}L}p!(W@ zjD&&awV{$?5wF2gOwuy=FeS7bVv^kWNC0(l{c;}I`OsH zfI%VvxNPE9eB%BCWZmnDUH3OF>#1o2Zg0!@B$~3j2 z!>9Tm@&_xswm51FOkBXjGe}B~u`XdTdl6$~(C23m{uh0Qbx}!OmKjj}pm_Qvea5y# zBQxK9=*#*{`-p+`m!n%ZhX1JK_nYBwR{Hk3?a+bEcxey?B&3a)tuhi;6&eu(9xWB= zA{h7Or=Ha;(_LA80iza~)}?RgH#{e!mA_pNoavPFb95XxlR+gtNP*_}C}9;QNSJZ^ zkffBph36Rhe$n#J9lw5y|5`83IN+vQ1;M@t)jMqeuM^l>bnKNfThzg#wu{k$0 zv}U^0SEzsHPswL{(WwuV4M>T@m|72#ZVXKHLRueN!c~Cq?oNxT^$m{M9jt_~p--n{ zgOtV`XL>VIBJL?jZQF`W84fY2bRcahB2AWC1ajq;fYd_rY=>@@dk+Lp6&nTz-IN|X zRM@8K)qd2&w{2yx&)Bo_jam`6${=_JI7#Q|{Mb5_17Jy9{jlfeNfoYJwmkZB#c`@i za#x;J&wQ5wMR`x3L7o1YDMwL-d>iM6*EK2w#VG|-*>~>5s^}<9KRO!piG52^bZqc+ zwEUiLhbqyRzd-ED#8FJ`G*X|KYA&%_Tw?1_m5fIwOiwBH=Q{QG?M<&tpZPj8GngPG zI+?Sw{L{$FT~l`@lMA}vXbg;xM+Scys*PS;LqsYMhu^1O1MaANiA8d8*P6wBznsGi z^M*sgci)=wJl}KfUL(r>Ki(AdkJqPjWMGG!A~ zuoK>h~Mi1w~AMG}xlUEw~g9jqRzv_(IoQs`EpSnN&qqh4)bsqguLNO~S=+?-Q zjmm@HLR1e7GD4DBW$1HZzyek4;&vmwxG2amAU)J2h2ku&w5OTY!vP6R+27BaT4vgH zcC2wUDd;HNSN=(EpR)W^B%h_~rB1`?A`b~|C1z&Q{E{(#a*J`#(*O`?INg zAF;I^x>M(U-oO>diDAiIIiO~w2%8L5#fcgr|B;F4$@;*J37^>< zMaLLQiBqtLB0~QkUGD+a)E0FMbFC;+Y#?2lsEB|xr7EI;Gy#!bl-@xgln|m)Md=*` zq)6|*2Sh=ngdTboA|(U}5Fv!T9lYM}dvE;z86$Dv$Vm2Hd#^I*n)@68QID95ln4JN z0_&v6$o{Qp0T}kOIO1oHv7p4A`dnlt@z9=xqa|*7$n3Nzuwn65X-&jX9a8rchB)7;fFW`egf6( z+*RBahdV%c{}!HUz%|eKY{HCv;O7|CHW|R}_MIha{@B#~k)A_ptd8NVJpTG} zy*;uwQO9T5L2EV4VU2x!>(}Vdr0APw&+YBAbw=15tRZcYJrxT%s7srm*?!dDrZL%X zb7GyUB=sk54r+lfZqYng(1DwFbk$7Ny4N9Rs+W_fJg|hN)`z@s&;7)S^%>kZE{2jZ z{c2;kod7N_F22Lrer8N)Sa@+t9URFJR=8bd9V7iYCOl44=2eFSeytfh7>*BuT?G?* zErFu~ROYOq3vh-jS9Qo3PsiMfhy3>)@Mc|~!ho>F5FGcWn1M5(iJ$tg$X(trj5K7f zUUd~%b(`Kh<+%Eq*Sz@p{#c1BQZ4oJ6~uPAcoDpI z8Ic8lW`~Vb2tR0OnBIXi5Kkm^Up{hzxYiP|MaUd5pl|+Vf&X&Aee|;Mw$mPszUUsw zr3UN-fo&AtF#|Kj_iGVypqT{a`Ix(z z7j}22-X;!U@q`Ks^8f6N;vVbZM?wqP3?#j~-cQ5!R0V3?JA8B;(lE$fI5B*BQ@kUG z=1kHAnZX3^am+XO48>PWv(J3C$@E4uZH%UGeN4H{C>l7hM4ri$d&W=hZEvTc;xzps zK&c*&8M}uI5omI-ohl0@J~UusO*VAZjO}*)(6jwx-;ANh@ou>n}Yq>^ZapO&gx zoled%j7$+Gf55zUUZPKgoU_uJcON3*J;P4Z&!602Mj17(7dsJah&fhjDVI;-+uPB^ z;@$KnJnI_X3R#aC{rR=Kqxtun64Lk#DMhDfy~wNA>4kzq$7A^XzRBpO0o)5K&H!z% z!)iRa5v0y`S9E3}JWaxTrR5!#(D88m+n+smlYE1nn`CH2!SrvJ9yIKa-v`OTI)B1= z^UwkLb@g*hIVd(nYm5o%w+Y?ivh_|vNRuf8VXQ~ZY4t;ATk>vRul*U2ywm_kTL{!` z*Y}7MXVc#yq|5s3Oq%DCw6T*r?(;H_Jr11RCbulhM%W z=FD*EvV@AkKc&WN3IIHwGLqwR-~B%s!Gm1l9@Q)#!iyNaR^K0v#Z?ugq6q9Jgbg!+ z@vRW$C7GpA0UyFHX{ShX7ulUEgS)v#tPAG@avE{Ny+&bDv+rQ3+EOhbVML1z&l2BbZQ@4`R;A=Cnqtmn=0zB9H#^;0g?1U*Jggahf z3jT9wdYP5E#Kd*N&KHx!8gD4+#6ntBkU_xH@t=jr0hof~!7<2Div-+{CcKFdR+2As zAbWTZy`Iv<@W!9w?d#y{oVHU2h+%#Gs;Z(QhpOTHs;ZgwJ)B+qu)a&>@W_b7+3}l> zb`Qqrt{!_~j!m9y!b&4#xtXF|g|Ei{3`F5JH#AtF%g*$8_ z%$@g}y?k$2&(bLHF}M@|)JD9;D~=3Lz^vN3F0P2YXffx9)ht&{S5 zvHYU4I#IB8TA)MUl(4)=x+}^;Ezf_dL1?VWE_ucdw%VfA8@Uv!^nMmBBDh+FT2?@) zaQ;epR0kz|5qWzR^c5Gvt`dgiz|y`Rx>`$fb?TSM#WC&tP&7fp0}^YliWCXET|2!kH`V6Qnky;f z*~sbIyj<*xHOU(O74{1YGkU{D!XFazdTjCSSqew>4=8)Cyu1v?bw!wLGzy9^uD@nn z4keE~?}0Px{d$R}`GrIj5dXe2t7~W9^{*Bya)4VBob-=r=onIR+|IANK?*r3-YXGx z?*!N3_j;mT(sS&-pRF_OQx|$t({r;?y@zF0m?>qaw_}<(mkM!${Zw2EKJ)P3L6{yZ zO#(mufeEY`xH^R1u7MS#c(A+uzf7YPb<5YSUzUDp>^&y)9^ADJp2V&PN51jo%s(gP z*l%UC-t=_^6_VKZxx2v?FR}9&I4UC!GuJxSGDX>st+eG(UOEJMMP=kc$DCxf9 z>z7J$&i|PAB{7%4>vQyR64ni)tAb@V{qI6ni=EbOmt;x(N!L&n7zJOqZ%%t>*4Zst>@{-ld4IjLicZa zUl{mW^<||;Wz?|ljM30_%97(0f-)KV5jEl^7B!L$6*r3C4=hoc4h;S{wVaWZe73v( zTwa@pX$#gMB>0=Wr*UWA9@o?YMp}T)(`SJsmV2@_bMupCbi>yuGrrO=w=`33Ixj0M zf=1@|jHHK?9dwFS*`JoGO*!h8qru_*P`&sYO#6^iGQaJn!q+g81Xs z%2j!-f?9NscLG=V?Qzq{r{x`w0Ex!XR{o+A?^CB2g!1~25<38`?@E7wp`Lr-4D%Vo z3N9^8Ii?Jf+zZ9eyGdWPcbj2YdDeJVKms_)>+Q!8z*8?>{Vr2RcH;=96R3Z(m_rMr zZzp(}O(zNq2zVrvcOUO~-i*sEVm3HjWb?Eit1PG}HrNWynse1@VXUB^#&3-PX zh&SH+a)aJ)Dpzcsx=v2^H-0BsYOYwf9D1el`CbQuY}5A_ht|CzQBS9*ar18wjzk-r zGg3jH^Y5_Flzjq1HJ{w(Qs{C~b;F?!rArkZCo}^stUW4g*Dd_qPIw;?ryAAk6D8Ae zXk*s=?D~Z{RTo6C%FlCPG88N)A5qR-l)Fny9Ow4GYJHlbMdOE4GMh>1`h4(Ma{67W zB#{?puP^NgeR^jXFr1uNTKDQ=eXa(bF`&A9RlXyPUYhJ?^ajjTk^J}=>)&Atj@)*?z z$?=)h_w9ZmbnGYAWyKciCz<1?g^@3Qh~yc8dn3@Uxt`L`Xp?5PdGl|IxX)y|2o|QJ zZ2!ypXSrZze>&}p((!qPFLg#PIAq&DV}1|$MhwLf#MoBvkrz<$UML+WzE9Sk`z%Gv z-8|_%ZDRH!l39vT+WwL-jfhK;Ac5tKSxYvZK3K5>uwo^A4GZ^2f8y1)4Jl@=e;V-Z z%piUvl|{;*?^u$g0Y-hXQM5c6e4p*<)Jznw(b({!2 z$^@Zn3x4e&H)xXIFMj?iGw~^Q=at}+>W4)M;C{U&%|h6yi!wUp&C3?()9~26^YAPI z^@l14?TP3hrbH_1z=c1ybGJ~2^$ETiWG*i3e#^t+C5v#;p_&u+fT z7miNJ99*eNjAL;Hbwd8|uc+c6YJb?=OrtxY_i49yHe5DAgdEGrm*T?{qhJzYLky5K z-vUfAmh$at$A`T;O+Ap}biuJ&bbzz+FIgc{*~g3E)341!$T|PU{RrZBx}#_aqDaE^ zZ@Wxw)V%PVtp(mG!v(=5WdnU#H&*2Ksa{a+$e5qYE(>}utke|Ip-OoJI& z!(bpT(m2KzTz^5%r?0jcrT^2DGlP;tzM??J*>YI>k$$L}JH~o|em9rT*gh>!dE|?u zu;rBo>8WCR{2c#Uq#~yj!p&xY9`gRSaG8TYJ%qzQ_^aQK_H5Cnlyx=Khsin`zuqh@ z$&wD#+|=}eW5-}JTnAx^G)w9Cj1axN{5LMPT#`SUt3Q}4Cu2a2Yt82;1B&?t51UH- zC*GDQG;vKSNGgn6E^+IQ=Px&=a8;Hn@1MQeMGTR^{&BDpczVIdx@Iyj_is zeo;5F_PaKZd#o1cOL{Zf{Iyg-l_!Xsfixwgqw}eZhH+4tX~Eve5*{JF@nlH#1DVfM zG&m~X-z@NaSNm`4-dWjZ{m{*CXxSx*P8e>-VZMzF=9r{`MY9tqUh!4Y{c~LxV5#G}oLOJ%o$%~*Z5WQ?^BJ>e z3}U^CWjt!piV{i}C(mQ3n=kFK4EvM6LFLq+Ipi^!^Mb&1-xh>Q!LhpIsk8Good%<- z-tU`9tF0WHwECmUSs@=2mGnn3?J`bjIi1=JEK(zrHOQLAm5}+e>QaH5_rwR|vI3e~ zG;Cq`mZa*Z-IDqAkSx)^=I%IujGSIL-mWgUx?~E?JpJ7Bl$i<>y5mKjejxD)7(L2s%0Wg$F!?PjB6PWoen0 z;v_mweLIcMi;D1}>%E0u<~}|KMCFAELK^1E6<;T?rTKw1{pfcWX#RjSiq{KAn{|Mq zb!R(<$lv8QcHL&U-J6|COy1*bo2}XYqQ2G~X$-9-VKa&ye%p{CjnRQZsN(v-U@1C| zA3?nP^(V&8{8ve53g?u3Kb#+6?@83Iy$a8AyKX6AI&-UcZIKlTkE%&KX#Ue+2mUo zjl_2k4znbR|QXDYlc7lJc8c)+Wz?KytopS!)N}?r*oO=b&oHta5FLk*?CdN(; zr?hc}y3`Qx>AS5RJed(^N$Uw_xqbQTn$rT~=kZm>3wf%QH#Rqu1i(;VSN=QHTmNgQ zS`UI6z9H<}dA@q2KeV%ayay)ujgKAbt~QrGYQTSjo(l zke5Az{A*4a$wm-{n|R$cm+KhC%-Vza*Fv6tZSGAm3P%tsj8>CPu9U|ei~g5m00-S4 zk+X`@>)HLGXqSq-rzRO>NAtcpdTH#E?Al`S!bE#x;pHX9wkhE`9nK9kQ+jU0vnZam* zD}AD?!=vX_tA!xzpavy#1B`;7ax;OIDVzoTR&lXxGXYmW+`wiJ5XI(JYP$_qwbE6~}I?I6*l`!ayFBEN?Qa{62wks)J z63H z#WA$vmE&RoeSkY!;LWG?G8$t&{pA|MBLjVmf-4e~f3G^fg*{rdT6~U1c8Movr^&I5-7F>Pd+H@cpfmE!O zY)-GanEKHo%F=q`MJ4~bgW*t39m#I$SZMQ4Cq`Zy`zVevVoa@~n-5BB6)rXZWccGz zBGY4fKn@=+9+m&gCzrGPo_{7C*vRJI=*jP9TAr-0?!h3S=-s9=dEF|^{<UNDiLaPNUI+WB)~%gfi3f0D}O+fUs@g-~m&h+;rjaU+G0D!rQ}b z_`~=@d2G$z^z=KDDk6V7+gdDR=<+Y9>{LN|rj#%vK~CX+Lk$tFq|zr^9M zPB|yFZ5K`VP<#UXpIP*bm~^x0)VK2$;tyTuMQpybx8!R6N~(RX+mv`FnNK|ZJ=4iK z5Lnw4p0RK3E>*2TtUScNxoZqNUjvUVvQj5K>s8HxI~m7`A|;Y=VAEIM(t1a(##WZ_ zP0iD@Q9p1YL+$2DaV+gVHd;8od^_5VcMy#=nwTnpxPh$hFF{`Y{$|UvFrI zTI%#x;#GR1!?pe$y4jb&3z~uyruiXM91{L?Q*R%G!mhoC>@`acQsQ?sxgf zYzAt;?y6i9IpUx}e#mv^M;A@6ccdF{!D zB>qcrJ32?C`~`{kCHMeHY=*VA@ve&ObKShU6(l`}JzUjdZk$`^Xq_MP>MArLjW)fH zGHR%@ap=OLe9cVCH--6R6PxB^z>S<%Khi+3>t{OTHj}>W?E$6%QBX_>U=0@^ac^2+ zUTqRg|3k0?(@&NPg8hCeS71$S(zaohbcREQ$Nzikuf5sP9|!fIvdR>qmSJFZ@#`+pH|NUpXFTO&f1R2|jIZ4uM&*fg+Nf^mSW0ZpozN@R6fLr<)}E)8&VjfnjWKO=Nd46gJ#_xodg- zyxG%%pq`N1wwL@txqO9P1NMC)8C5=!GBtJy^+=o9{~yyk(cF5I^#}2;<+r@(t6TtS z=)7Nl;9X>#IsEGx%44PKRFPhEWUd1osz?Q`LEN|_NqVMSPC$=^6dEK=+u$F0Yqxb$ z!zBHN>v)r26`mX^^C?DG%QWIsjw3x{@8)l-JJvekagx3h;~1xT{PK4H|IP6}dGK!p z3}YgL5zSfOnWjw;FNivn=P$5VmM~xQd~!Fi9N|zDLp>0YGTk?^bO!zN}gWLE}#7$$|DI z(WcHN-5KpwV+rE?7xRDiTkD%J)4XD&-=72qm`zX{a_TjR$eEnM)Bl#a6j|qv%3CRFhv(ze@?B| z@f8i;DHhQVtEyHKQ`Dch7kG?E`JMlC@Lu~XelYphH^PrNAyZfM^}!hvmac1nduTZi zC>hiIdk*6k_k_39zO(sAu~0pNS1t`2EWFF*^ruT{_KUQBcBcEbeoPL8y{K?Fp^9-6 z;{Zxv=z(g#o>z{3c_F|`HDV>J8-Y+zL>$-f$f&9r6V0)9sW!H|0?{JUcvKKPoM!5T z^)e-|@&B!t74Ol5Q`8YJwJ~*X@^>eB1L#m^IoK}CdGdNbQRG-ymar=qny71k=@4iC zM2yWQq;5iHIZvzc$pC|2HmQG%g@LIn%=2wjM7d+>GsfP*r10NlY(kM;UQ3tpkW$0r z7hKPi%vN5vO=6VAj+LB1`pmVPswptSn~zZlzRi{SiMee*I;~d@hmQV46K}r0k$E>$ z(_Qt=13SPJg|(f1XFNvm^hhq~k6kn7RhKLna{R7Eoq#A^C_BZ|*}PX?7>Ov|K3xGi z3>V}mQ`)bmn83`|TU>1=r#BAmdsLGrj8v7<5M+8X95q?mH0be~`tg7QV3HZ+f>%KS zK-vPWj=eo_vV(lx5MEnP06u*1tO|X~pH6**0V2!mU;Bj8C6w-qSXspvPvPznZt7B6 z2IFu*&K7~E^jwpO%@Q~bfI1r10iHUH^ZrsI{}7tdl%z8DNnlWdyQj~UCp5yl4KB)F+1unpIhpADT8vbF9NUfRUfxx_b!B3ztjNO^x7x&?TE8($ zqBeb7d4?mEPOkBZHJOqCSI3iq4UkeL-aJ$ z)Ft-aMaT8Fk+U5HE4S6KC_!6z0lsry|2&l0@*u5!`E~ELZ1WOcrKXJ{w(AN*hOcy?;cYt|rjrJ#|Av!=`3R z)lYm_w143t(STfcN}#H=m$hi1XB_L)u-6X)U~k4ni%cL+XAgx}n0*W-wMO(xM9mwp z)R3G1fV+0D9aW)9N6{5D#sOl#41!vo<1Dn@l7fNl*92uemBnZOhbaK3^o#f1q;BHr=7b+ zM}C!SV=pqi8%Z`yekkzmz^_9@*c?+yGEXUn7!;VDu}dqjR9DSum%0%0PqTIT_}DnyivqZd_{|jVBy-V={$EP ztx%2Lko`JSc)N}h)CZZ=6wXQ?C2n1`g^oY4-hVI2Zs+KRp`>P!A<@HGkl|Ss4W%rjeGrJDiyo**eB7I$F3#Ery8KXhvQa|u*JQEXa7|!1EzC8 z{S^I`*bL3Y6V{8Gh9Rh%9P)~k8a)12wk}+bj^C6@`Q}nrW-fxh>5}et__c;>L;kDu zKpi>wmKTewt9zGxx)AF26&4v<_WH`U#5kl$rmKADQ+;whdhe;7J)BcwBOzOVWD$;% zFc^4JZXe~g6tK@i$O%2E85tZT-f^5$g$sBQ1qFvcT?pM5UVmq{{VJv4eupIh*`q4z zTw|880$~;&|2stse*VAPfuSnfJ`^g_kBd~BU#%BC5>MStxhG7ugkBc$E?V)DsJKmk zxphCa=b;#ky}Pih&&Og6CLG^e`$;bDr$+248}m@9hF@8eKC5nC%3Z54V#mU};PNsX z)e^}e_t6O=qu%@O8sD|)0D3=F9{ZV#qvMs;RU&rYf%_opKT2ktncf|V*g4&-Xd-n! zx~<~9+7H&A#)ihCX*?5Yic6O%!g1W6j`l3ax7@EC$!>GdcU@#vpjM z$p4D=*5>Mb?I-nDbJd>t|Jq9_>BT$OI{l0eD1}cZ$WGSUM{d`d)X3(f{M7oiK-q9h3f3NAVcFK#?k;N8 z)0pAYGu_b;X!nBLWkKD8Cm6(Nq;5|UoasTHv^PQVPC2o9{zzP70cjDoTM4zavB12T z!Sl(T$70|`o9|R*9fNtkJkfiu{n*7aU`0wT74m#JKLu{>9xxtMctW=VUsk+a$2*FS zPlSm^>zEqG-%zs3gawA z5#K+>|8l&^jguqhLgY|O-8Trj33biQMoEWohD06-Lu8_fi4r@(zM}LN9c^hQ)aj`21DpwJuD;)Ty#pX>0^>L z6lYTYI<~qpo>_Y;WqeLePfxu7gJWx;e`pm<6o#T#$2VqO%tqv1Sdl(GSXs7jbdoWSM4gJzevdU?@usx&DvP+Itw; zTpgD~$p&kwLnIqIFi>3L*m)=Wu@A~2+2|g%`g<^=iKQ?T1Tl8XFB~XM*lPDN7W$!%-|@fk z2p4=dYl_p}DK^6NNw{R$-3m@E4CAK!txcS$xRW)AnLNosQxQ2u-APtAOLY>yl$jnh zWit@oYKX_KE@#Tt9wpZ zh=ZuB--RQ+OnxD$+;mxboE~q36R}j{`&p*ezgG))nvrg;J}eQvTwZ+;+Ran0F+k&C zbZ73kkWPn=lzTts-S*c+toOYlAPjS zkN1!sE-hZ(JMXtj1m#3hWZ|Yy+Z*vDwyBMj<3#*`UH6tWnz;G(%ZED(jt*zczCSD(iIXuLm@slg%lm%yfHm1xIaIj%mQ|sq>^~6liP?Se1C;n@-cxiQta>U zxr!CTh}m+?Na97*CiX>gGycyWk7^+zxhu zN0rIK7~e~?2JPwaqTx=tMU021oe}M6X3oo@dijG)9VwNcV)fJQgE)W zc{X9Uq4pJoU@9mATLK)Spg< z!yngIqAK?RcJVe)x!p~cR7gBLoY#d|=}n@YfBaLBEDKK9Uc3nyK`2fi(oi9pJYRpE zneDjZnF1LDT(mN&%oEbDwC7#);#qQqN4Q9n25+9N?vJ*GK>j4v}aV`b`okT|zXw7-lCQA!{pjl8vLx553Rt_P~4hycCj)v?- z*0(O;0~;3n!aeqAAEz3Ux{OSu76??s#T87f?eDE%>9cz&2%A+|OQE|_#dA{b`+MI? zumolGTjvj*i&{^LieLI3CAGG+%h25fu@qbhM>L`%i~C`mDsq4MrK^~-i{N1iHpThU z;!lTD30ZXW`W#;~OUnTWw_Pwm;omU_t}>0f{h$*csj%37iNdaL0YyKZd!b z7k}`9E8ac1PKCub5jD#FaO5oRLr9gLayi`Mb|j96eu)gXmeXaw8v`sFeYghxd|Z-i zV|mbMg}5MPw}XCrkJaK}?<|F4-Twlkl7O}B7+7Hq7roimSoz$a^RWI^A4=XnRkTxD6(7a@o=jN5hTjT2r}k(Q&KI~nXxGhd-0*qPU8fwW1=6w$ zZU9;UbT;6l>fMNfpJo-sNkRizJRI*HEp}0vD+$~8u|{ixy@>t;OA&z^e{`f21B}#Q zxmC`Kl&hu?IyR2>q5|^$!0K2pvcJJapNGCaIqDj~1 zsCM7xGVU=Pm#UBl?hb0?Q1P9Ce?5!GBf=|$V@jrkKnizq@4#3iHVCSKKck?4kT0*W`9-L+-WRhC!WY>Gf{kb}LSH8HrRT(222}IQje1EyV)EqgAfvM)o?K`C@Dn zvB3~nyT>Pw=b!Gas=2iBc(@1dt6AEV)azS$SB)PlQ&I}M&bmz*r z0<)7WJ|5g0Sm%3Jfk2U`4L%dd9Ikt56R!K4wPsidI~# z9^!v09E&M*zeWXMl)qjHn<3n$LkrrQNR$L zF)gS6fz;^^JUigEQ!1x`X5Cx2ktlNNnx$x1m)A2n)Eu$tOda+vfVu)WR?BZZkdh%3 zBOP7Gt@m2GR(O2SI~9udlqM(97XJZCa)a!HBpG&cJpv4#xjTA{&q`+zsqOFr6kYIP znL4ZC;+d-OU0)!V+fTi(ED}cvzv7J)ieL79H8!Ib&Ak^qqIdI&T%O&;Kv_P-!pzT( z5HahGIA@l=+rV&W6FF=x9=1C@H4VW^3mDgVX>>lK3C)Tf5ihw`n`-8dj$n8NU6BG8zC7(RSxT(=2PJ- zBWqrTZI@SAAQ#dT1o|<{TOXe_H{OrR(g;{Yt?d&IVZHo^V(PHk;R;@xyKK?_Z@RR| zq5{(a*K4;&#{rJ)U}PE_320ttX)t7Qd&{NAWN3Ti zK6t;%2%t(|QLJ~ejB-PXht_?}{*n0o z@Jw1ldTf;vLOq=K<-6etQYGQ@6ko$*VO|xczln0T_92-7S-A9IS0v+n#mZH|Qhcy3|fcwG(RyUM@b(`uD@>k~O6 zX3LP>6-e$O6!&ETk{Zx(@4bK%?Z-j*)g z9-2R#-M=s32!DxRsXr~Tj}TkEBZ4>H`(h&zdV3k)4LFsQ0$X+)snHsDMdzlOBCAOg zX#noO@P}e64;;E+p{dTO2+Q3I1p78#hAFY8oAC7)tp~cC^iGiVRRXG4R(u4~*oqzg zPxwX=W^g3A>^*O;PMh>fDVg-CXuR=$nj8LiYlef1$wEf6s$Y25UR3rxLNDh#{f?kl zmgu^J{y>dh5losSP|a9fagHaS_L={HvoW@Qv{>G4_Qh)aIlVm(1GJ*I&9nEW#|^lQ z92lT0Zd9Uy<=UMSsD}-iy>S&&l8;^0$y;0N6tEHnkPS;xupmH~QS|WmxU*5X^44pw zvz^qmPy#)y!_{EOX1eT(cqV~Z6B(ZMmaU@Sok05JW@kJ5J}9?iGa}2B8`5&{mik{E)FQKtQGtVv0eLL6;?Gb2@ z6B796*EU(Ud~|h4W8}$$Qz-Q4`t|2S2(km!+oHaY-!*_R#jPY?JTizPKi4B{C>qKp_OFT2ywlo&YnNuF&sOXmC8 z@AT1JMkB4jAWO)6%JH@;y)lU4(?Q3mGn;t9&%VCFb=&_JotzuhQPfZVvb5s)!qq*3 zY$91;qJ*2zhh+vl6%L)Y2!3;ZDH`rdUa3W+ji2n7OIvq*AzFdp$O95hYySdXw=Tfn zc5+le>cyjPfpH8*oAPdobVigMA@;)5sFYV$JuUZ=w&{tVaU~^VLkCZsf}G&y8=}4U zU56O0!$N3Ufk-moUy&q*GbOoJniT}Kl5e}RTim3RK|b|m{SHMmo9?U+Z-1W86@_?L zp1PL~BNxW<*-XQ$zcq#CaNC%`2gIfz)#)N*75a#kX%?T``*U5cH?*RYbA<%F?guJ(aEG9iMm=*8nNRlXWeEi+z7-iPw4H{LkyWU(8m-7bD$oF9PjK zcw7b`lO2*Jfkh@qe~q7Kx(h*#g?Fb$!sU$1?P^4e?7V(YIbqmGCqbc`qvIomOL}CI z>HyjwekIG!;tdD_wxEU$(d)1F)pfbVE|gb2F=cQJ{@z>D#fiN6Y~F!oCaaoR zDY9um?8q+9UyJVX_(+)e)~P?Lka7LY=VAxtj{Nc1Q0ig~N0lo%Dd7z_zIUEVu~DRJ zG9lA6Bh%VFn03F_^6tbXFP@yG-tV#;>QBm5aCQ8AtH#qfYt(sFrs$J@n{rpr90MzB zs(WH=Fev6mXNZDQZWU0t_6{Zlr!Vb$%MS84Nv`FHuXg;)Q;*3C1KSbLd}}^t?I2! z$ZdvCf&Wc&fB}r7^O;|j=(*uO za-}UQFnRAvz;^-Pd;M%8S_G6sWV-0BI@T+42|U=YQgVgmiZKHd$18+Y5!>y?^+TQ9bOKd#;9-d$QUNwsq5$*q z7*o5lE({82?2r2Z|B-+2uH&}=I##)0$3MapEl{@$*ca1W00)1`v7}|wQXBK5U6N`Y z$*xM(@IUG8)idCwCBvjVsAK;P)`}2%dX^qT>DK1i1uW5;c5bIq{=X^lFabqaOG4lG z)Kr?PlC+F6rBhX#)>e}9>w{vtWDFI5x~`)E@$4VoI(8ReDpkX%99(_;MerVq{(+;R}7oF z5os9y-zhYTD_s9G_B+isH&w_{juNHSda7!p9uikrkzxT7r;)XKp@*rbk+uK#gUUM2 zvAriM-1YF;iISt3sOZ|A)6>sOU5YP0C&JAP=zI!_%OXc&dGOxylYHdOUst=K{DoyJ zHmbVxH0ShpAaZbZy1OJfPf^Z0d6_T_?vX+0j)LYZSKO>Ks7$DS6+Ouc;xa%YfRJZt9HhZ31kFC{^Gx$eN9cC zeY>_olJ)|)of7S&@6tn2U~Q_XP(&jR3r(BYEU3iSz4~&U3d=w`nF#;-Qlr#Od zdNO)v3MtlHM-u4GgxwBf{M%}7(cmOUt@e}Pn4f9mQ@hUn{JKdglQa}5#T4)4fit z=Prbt(EkegWDw?h)k;qN60nqXHWLG9xOx%X1e@LBDV=l2E`2!}EnTYnM6+$37W&1b zq}i6(Us+1~%(_6#P;j;Wi;8P;Cpg}|YBDA;pDiB$Lkjy&xHR#@EDk#NJjXzp=QSyNge1KH zDzLvx#`dKL3}o+8N2Biiis!e*1x#eJ1D5&&2}Ez``O=QP+3o5tX*6 z0Q|T8B&4$gyJxp=gAgy4X7!9Mnoomg+W9fIq4UdvSGa!8n1BjfoD(U`Dw$N44xUC; z!c^{xa4d@KSxMh(ec3BtietkT&#vS;iJ-}jc-QeiVBYeZtgw(;1ZSYo&*0^zGnLKA|?ZRHy$UbLpCQWqOJ=mjN(yhk4_D`Z=zhzJt-A<-WAGD-W_XwQx5|Db% zRZ|LW18e_kQhzjZknn7kXer zlk-(R1CKo1Z^oXS_*T0%LtaPIvmF1G99$qgw0KG)_S+|w)f#=XAJ{#c>ISEDQ>V9Q zdr>Q-N!Ki7pUsB>D+bc1R~p~82FeT>fG!*Xj((|<#e`fi2x1~mR#&*d`UN=Lp#zaN zBB@{m48nKsf#U`LHh5lNisn7)W!M(jBB?>YOy-7v?Q_b_T)Ma4M58}~lw4gw{jIaT zjbK*XI_J*e-xqHe?f7)o_s&q9{jJs8u1e(_^>lLE(roruSVTO01`|BE$sdcTlmgD02iuGcv7pm7qRs}_51^A}kTXQQ`nE6X|JMXVa{{Iy z)d>N11$G_wBxA9nnE%j&3&Y6~*w}}K-Rk=UNwL3_|DNRn2M@gu$BGv7V0T2-Za5EZ zmjaWSx-H_g&ILq0R-E$_iYILb+imPcJ&fW>@qX`J$+fOdzjJq} zIdvO4FfB`CYl5PTgr|YCiz>dVoVoHar=W=gto;7Au*lMf0u>9UASv$L+soXl?eQw# zj8=UJ(Nkphpv9#`_WLxy|99!_@D-#C*xlRYB@gHsZrvSdN@9I)GK{|@vWez+~PA&AWxyu~RH8U9RRzTq*Z(!kzVDfiof&ur|Xb*p120kko8> z=|)h^m+MK}7w5%P?YdI)D5XtZ!u@8u*9eow1!Z$Cs5m??x0^TS8Q8syuimgLdrc?z zJHUAlG%aGJV#}UJ3yFMny!S1Fml1Y4rmrvCi~P%1$OX`!%A1_Fn!bIGziWA!pQYMM znuYrDjML0GNH=3wDY`o%T_U7zNumrrRwW9_F#4`<=z2RE@=DHvhl2g1TR z@zN6>$dPSTIYkaSIjTpO<#YTA zMMY$`L$!HD(??^gCH!fn$+h0GTinTOV~wfd3T)>f$EIi+;4@}&A8P1}n~x8qy?BAf)*d9W5qo|&1=8KPbCgCf zAHPF9aHviVJV5Hyfuq{JaFp--Y<>I|99U+E06N)SuJRN=IFZ$2z8LA-ylthz(;$vg z+cp_IxBhX(aJ6CaA3ojMvy5f@Z(aH{7i{nW(dO6r4KC<@T6M*k59waQ@L z`HQsQv!g9UbsE-vLjw4eX96bY`Sk|3;F@vs^)t`^S(c@XY3< zQoM4}z5$-iFJd5I;z2ee#l9U`U5=CclTectBcy<@NSCzNgo2%H*ge7JT8 zDJ<|)wa3cru=lp}&zRH}iuoKeivA4nqQLE7Otg&g4GrxO5(K_KF5-!vd;htwjqPi* zz)@4cChlb|MU~#EdL1LmqM@&@E|Jn4^u0I}OfmsFSz*sO@75K`mcpLKRmoHNjfI znSz!S-sk=0th_zGLu-Loyj)k_(qGLWR0OOhn)N%pq+q+!`rf8)IaD_rZOwC4xjh|I zkEV2}*zZ0gSwJ4_MBjcucu?W~8ms5CfS`FcyktI4!?!w*0iW-W(bhI7N^YrJhD}dv zxS=x|jUvX2@5L{BzbfE43+I2lbZw)_aa8y_pJx+PodE(r?Z=dm55kxaA)al$a8~f- zn||Ae`l@;XAFDFF``BBQn>YEi{~PZAP8v=6MW^EgOj@KwC28mfEE>D#u-ort)I8jK zcADFh57T1x>yB{%d`p_V?c}df49wP(PlZ`wag`Qx4mR^3mQ&VVN#iA6Cl}92*@kE{ zI#n4oQbiqKz;yNU#~kNUk(z{2ZSmuvw3?wectM z1`q7}%hDuO?9a*oZ_2d6YUwZ0XwiGPl4uwQ%md(In_KK027mq9KZcXDkXk6>1;;u) zi-+BvuqXqseDE%zA~uqUgQH4Wd=tA<_squW=b9_1XyW5u+Qf6f9{H<;{E1wfCyx?f z_P;7|^wM@*nf%eKBKyx|pB(59ob7<~Y~EH!SjHDhXjCN@CdDqLLIbaCmH>#j2J?o5 z@BG>F2)+lkv1~k&yRWJYc0`C4Wyz+1WmK!xY-=EF9${6iz%7cvSk9>pn3l>@_b5NP zZ=x;7H2juyHTxru985B9{C6zqX=9Nr8uEHe+7asc$anC=*Arcn^s1`Qd!@(R<6z|L zgcOg}Ak_?1D}3q}IWjx_@9D7hQ;F=mV_;?8)F<_AzIz7)BV>zXUGZ7_OE3djm!|ry zjieYH)ISO3%b;>KE5^anoD$zTg$U=fM(>ZeMX-fj#+NH-DJPpOUE9g9f;i8vjB3$$ z?Ps|cgBt2*CpU|~7PU-S9d@o)^j8httiRS^kDcsK%Pk6Z(>W#sI$M4&R(vo&QS zLV}&r5qPMqCvq*Uz%(28!d ziVtGUbf!9uJDSwxc`&t5#>g0I-RjoyIRI5)Xo_^kd#+HwydQJpS!<4NVzp>3oMm3X z$yiwNKWB&B4Ai8yGB%SI3}geBKmm1{$6N{=lPe3!G?GXF!xDF>2sVOsYw0 zl#r1_E`8jdD(?DsR;vM@rNLj(_uBCS0<|Aq0$L*PAH@2QoMwFq!n|P(Ux7cKRTFMx zRQMRh0__83;|~Vy$Z!0YlGI7F{}Q3cbB`2k0O9g7>LpNJ+CFn$vkxi>>#5>N8_IS&iggnq_ty;@$DH}1Q+CrJ&(#uACSulR7-tI)d{o;$7udq zo!cFDra^;rv&GUH99KyGo+mWi`Hcddg}HL+(ny;2aRGsN_vTXRq`!r|Ga-~!u@(2? zt+(VP&sC^0kM3fY_r!r~foSxOZ48KkysDyxARCkw0 zs{``=pStIO);LM0^EVK&U$^vj6N7{%rw`zvsGP2MNX^aCOAwfLe0WI0YE_yo%sb-i zaO1W*yy8_E;$bGpEv%t4PZDsU)XP$lv#>4j#uefI{uM^A=Wls{jAy^{v~4YPAlVzq)$OJLyWx_JH^R$a$whgJJ} zi>^W|_ES}no0c6|acuW#rQp=~hJ!Kug_y8$rv7z-ccXKi3`!JC8oudek4u6UP|F@*au0aFJWVkIo>P;431t%ghvUh#3vo>)4+Mjdl%Dr&_?AH;M zR{H)^U^61~OIC#X{6nUOhw2AiU_*{ao;NF1vSVdQdQk-N{qRP`8gcH#H@=V2I_U~0 zR%;)kDj&4TYSknMW0b_klm$H;PKP8d@dWmfI2|kU{I-cZeX1(&JO=aP0+F6&BTcz2 zs8_1bt#c=I_)N(NS?!uJRg-!XF#}6m1?wGAKkBJ|t^p9Svc=q1sa;KPhpz{J1b9fC zKRE$W|KvuM*6ZIy?UbDszjZ+c3o!`4^Cp~wG_NX%Z&F?R@1eqSPE4l^H2HcZSBVy&YtL^ zw5$>Py&YQ0`f;M=P4NL%?F*o+>0o2<=zZQM>;3U0C1RHBLK9cIL*0SGYVLbg<--nG z#D4B_%RO1%n>y&#^Mn{9c3sX2{Q&vFZ0S$&wADw7?iRgEBX5DHZT@R)AW*4ZD~-ft zm@+j7%pq z!i_}Ce!<%;Adj~e5R1U>MsGw&)AJ*MwdfTVQp;9;KA!u5^b{22<4wZl=?;=X(447v zHl~&KCSq`crR9VsDT3%vkiHAFfr@VP74u2cGOZI(mudE&TdZwUNq$$p9xklK z&c0ihMQ2@BJ~LBqilsaW$@eTavUaSGxID*t(NO;l|_YcAHM@ z3Dz;);&s+l4r2)Vsd%S$|D!1ZeA5P=QM-Vc)n->tJ9xP!wv5m#Up3+s&D&hA*9xHr z$$2K;i@GWcdoR(}`!d+R!L$)jW912V9HYnE%aA>?>fH6>gRGD{aD~_LSBTreQlmC9 zFe9&QO4;YVTT2)9zX7d3|SwTcUpM6DO;n`Bdqx9XEW#^0I54Nvy)H_`qTN z`0G8WuY5oW>R}Pk;Ry^k!F$n#TkDi@Xt#BX#$k zXTQ^55{2c8)GT8vq+J`yc-AELa@mjHpi0IiT6f1w=D&eDjAa+rn7gV-$QbOG0>R+& ziTeD?GQ%*8A94o2Y`i`H<#pQqwV1G&4AAEjo0>y?wHeq}GfyckWje20@=4C?2sPHs zV1wYBavH=#bAQVNz2#rCdNfV!Tlzm49LG5z^6eEOp4M(f?`4;iNT!-@BfC_0_d_p` zGb*c^tebze>VZ1_r8h&e8fIg~EhW`UJK-r{=&yJ0%bdGqzzh40-2791uDBnz!p0dm z^3Wc&#zcQ4gW)gX)68kb#a51?(qjslIki8)eAHj*um>20_}_iSbdPRKzXj3=;Sa2X z>C$4ka-L0?koG)*cPt610`Imo<%PmW#3oX3P~vg(qQ!pSI2+JNyJZ12YZpF_UcTqI zK!OhGoA~EL9>Nu7L#~+ThUmmkJ)(qJzc5DV)w1Kbug)WV%XqinZp^>*s4kbX|L?AgIBW#4QI5?2YuCN}#2fWIBmiPt|EW>8 z&T*&eAMY_cM=`*>R7SOb^xwYhSE1jio=agK_jzE+4qD^STRR zi(GyJ&U|97oOfdk@_f?LF9PWtfIP8obvP`ZnIP06hb!=7+N+72_9Dx;`jtY;(aIPG zS}Xyc=Wa)pz3`P+s{x%XQLRbKKs8O8dN`7CnK*c*)-JG74G2x`9udX|Luyk-pAerH zIe<{Mm)b4s{rsSIQ}R%cU|?Rc1Gx!gHUusDF-?LFqg@^Ma-XIOD?~))t;@hRWZ*@T zXk0?*xa|L+3pwBQXpNQ&*p)PqXcHu(HZ532W{%#`_m7GXZHW8p>^hdt_~;5XeBbW^{fg z*Z0}Y%^Izg=M!4@1N4&<54ok&9t7K%MT46unJPDflD%~7epfwokw;c{bWE4Kv*aoT zHo9)+_{ej6Wv_@l$&6lj%|yR+S#V-!t$XoD{CmrHyb4wgU$HmL$N^oBg67E34OeUS z#$1+=3F)h2&q=LXwcM8Xver2Sl$<^>sQrZ3a7jzU_!@-m_Z|Z`Y5@ZL(BF{Pa~l9Y zetL5pT_@$&zrDcvsIk{W#)`F&1k8U96p_lw#25F8ygg_>uC0PpX$)+%MGCfPaXA=S zm?fx|*aXM1`6Z)A+-4(<(2ZQb3}~&DKlK}Uq@kE5AtHEjd+aJ zSA4)9fa~SGqiw(eG>Qe^FB^WJgB6~9Upf&i=ngZe%XK+bymdQ100xTJ%+@C0n^Y@R zcHCq=e9sZIctgLIOoP0eHFtXqT(`4mug;Y4Aw|R5YfMD8WAo1VmqzAN&3NCJRwV}R zVPhurr4pPcmUu7xYhvHKR{(?XOn`EM;&j@@d~wnJN?Xi;#;{e zcjFikR;P}p*}}*jH6tPLWWA(k;wxsPRjSr)pEa@HLVPt02nk?SAS5uNpG~uXYJFOG zJeJ*8BsWg3MdwBjuUGQ_RmIo|u}vqojPAuFNwVmzPR4XafyO6!2V!mC{wRK4=IeuR z0vV|M;M!TD|DV(|K!GDn_Fhd7wzIvCSQy*^B3fHai+2PK#hZ6K7o&0q?upR&7aa$ z|4yXZoG=F*Mc)1I3^G7u?fyUau3AE#teedHmz|=E6G~q(@Ib64Ts^feP>1rr#rX(R zzZpF?6ga(!S!N&D50Pdc%{0x#?~7#}l4{Zwvuh480ecUu|8DW5w93w>k;gkB+{PYz zhBy;U`$+EI`kMr)box=@^I%n>4}MGy#_C4sU}Rc5CYu(afam$o+0y_d+a>~t-1r?@ zojEdL9zyfwN(cz0gGmIT2qp*G85WBNIu;X_;5WL=Fs`Jjl3UrR6j!+T1*_E68|{Kv zP!Bi=w3?VU=3<4=jaOgSHI)^h{o5%cG#k^WJbrDpm5O=DOCRWs`oAP?XqRctZiy}Liw1hAEcxE0>lOilOx^_ ze5yQ3qgO6T(pb=^JizDX30mF&n^r=-SUAAD!W9?xmkHU_D9$QT_7DB%B}A2KC`~ha z=lBa%948m-n-efjj&@*|-Dwy_x1y@R+G@74QT+A1VHoW_l9r8hqFj73@gwummHI<@YWR_+{JK}F^S?`cMwxhCCF1C%`QsiOl#(fPb#S4pvh zpABkeH}VcXJt?bd+ia=oU4M~b7GhOCiT&t~4^+vJdPo1dJ-jFewBg7t%ARD3L}R~Z zxvW|-S8!pK##t<7=PF%fv=|@_t(~bQVNfu(b6jCK*;sz9!E7AgIr25`O#E*}+Dq_1 zbhK5fbo;GJh~ej7a^nwW@IbLgA?{#ohg*Vw`Jx>r>-tO+T&JPY%{MklcFCOYnDF1% zZ{18#g9ZLHA6BVVL`euZV8?8ba}6{kgD&8R!>4f(H>3c3@ol_;21qqIZ)$lVH+_s0LF;AU%4 za{`vPk+^eWs0@Fm>j`qUuxhWg)3DA4ocWBTzOJ|P=1qC))yCd#^>ytXbv|9+R4Ik| z*<&47qaVA`-sXtXngh(Sp9j%irtB69en4&{WXQEHZi{METvr|FA&C0ytu1uI;@I!f z$8iGtts^zi`T}UWZ6aQ$lf|Q<`iIgj0^k->r z^=He)(JTiy(OPU6lg9G(z7?=yE8I@=nYJe=1YEs0Lu!LjVmG{D)(KT%M;TS!)+`i} zQ0w-r>|9?BJ%e{md9wfHei~UZPd5p$>Z-Zz$uabmPfr6h;1OasP-czDc>x)4nH<~t z<6l9i#Y%&kU*<&u)72gQ$*QmOF8C^OIhqNqgHo;-8$u^cJprs?ygK9piruOVwE|1C zx;gpvqB*f|mnG}_42$Ghdb5Wu&k?`68O47ZU5ct`@$2}Ts-u-DK4bM%@=Or$zl@4G zxLC?MELt6<3d}$+=f4cXQ`#in;AD~Sbbv74K> zH1t30|2$3bZsc42a9DSsGkl@ZzpCo>+{oAUGT)Z^DMVOvk*Doy#+f!W=DL%0J^2$Q3DE*rBRM21>7c?S4 zVcNA3<4GEwW|Mc{eW79lJ59al$+v5iJGa)%O`G5M8A1Z~#PZeKqVipCP(|_ zz@x=0*A2wRPNvw^fUg&%Z0CmWuaiGijZ-}w6C)#yJ}N>TmBbE=m9%xr?4Fc4&b3?1 zG(XatWGhVbMu%DHKC`R7(yJ_&Yb&P%cZ^6f4(+Tx;}XKMUA>X zKI@ty$_QpwE6AZQ-Hh9&pcY@IdJ6}QLEJHESk|m0yf9@wTcd7V%&-7=ODpQ9kz0}F z#A7e05Kn_7%CVaFPzZpjj&Sv(T@bt4wgeak-$;cnuVxRVSvOX@>~7RjV4?iV0m$&# zuEYMDYwr}Y&#Jbp_4hw7R)W;yU5hREHuB>$jFzqi6o{`5>lLXL$d2uJLMc;t%rxnP zJ%f^v^6zGAIv&vU1t1HO4-c2A6jrwj|Iw{lbV_yY{G^y>?Z=qND|L>ib3-1G&Z&6_ zebXU1wo_s(?&xc3{$P#B<@A$I2$JAN?jRPZbLq~EX07nZNYYuY2C^NbqSVCK^;Ge& zLWj|e<%-CbBslSE`ppv)XibOD1OU&XYx|@@(+AGI)bwlP0>=2!N$nL03HVXRpATBtG0aVTOwxC9{m*~Tdw5i5ywVU zS4{F)o|39}d?)v4QJHH#bUe0~>YoZlj&jr!|*q%K>ZT&1!`MN;wLa8Q^iBa?t zwTSO3ZeThgu?TKqyU}VVkRbMCjk1*?V>AbU?|zJFxtgc3dvW8s&xh8vj_AlzgB=5^ zYHx&rcy2;I1(Fu0~1w!#+YcU1amBznj-R~MM zTMe%CT}Z;NYTMnt1;#P{ch-$*JTP!$!>iTz*){{{M=62g+}!RS#Zufm*|=&Rkcvxx zglSCcY7zg$l&W9!y}|D-D@xa<>_5k&Gx>sW#x!W*M$hk)sVfTbOnw=ZCz|H9lgsV; zD0?4nR@Xkqp}1JC;11wFRd73pjdw+a;{CN4?Bo#FWCl-g?3=89&MU#-cGQS3vPM}y#SQOLS+qNiq0Z2E3sM7A}Obv{TPVHWTVg0+ou@9l!*$ zI7i}rEae^k1o4y$H24hg-a9!VT;>zQ=Q}cWJn6MU-kPU=M#I2k^eA$@pTV7PKtQX* zX$e6=20f<_&U3Z2RCL@$n+CK}%>9Jh3*9!vl-rhFfxp4oo!E&4<2 zkO4_{>Q1b+Cj>}u_9Nol$H`vUB2a&6O&Zt>xqK%XiFHH0$%@G>tgI$(3h1IfB&YGq z@0ykPVbI=RR>f?>vYwQonyMUI>eeet>lT3apsmDgx9RCU8^FKS>JMfA^zLjp5Nz8{ zRtf}qJ7{b#>W+~;O|A)?VM@I$Fv>dJ%`kZ#wP^WMq>5`;T2o-pO*YNdqo);uUt37) z@>+kHa2A`o$`#!7GbBiQ)i7NOdVOnCvy{aU8a5@pJlD)e$59gYh2hXzm9Thf;gq2*=H)bOviiMil2QH0Z3ow} z5_-ASrO4HXnQB}2?nEFJY^q$+9mZIO6DCKS_shA1M509@T)|DY<2`0_CwjrPCIWm#T62hJsYt$L zY;z)7L)AERL8W<6B)2=vTTQ+>XZy`-@ul#hbaP@UZ^eV1W4OMiPZ;N|g&-KAbY_1u zmtYk{&2=5v?|cPdYq!-u)%ph}O!3LvVL(djE1YjgW>|WbgenIM3tZ)1K=6%_nwV}~ zfz67kGSjUqz&HQ<2yq>qbwW1)Og?+id4(8Oj8s6gaj3%NSxRSa8vnTd&S$g3&45S< zBbdM%UQ;b^=+UGEV{3cQ+zK#mb`gAH)CNyPo}wceF|ijSVE%^q%zed_3AZd;;2mE2 z!^P@g$A{n~zCruG8z+As?FnVHJ3a_38i{2Yq^f{p;0ki4^*w!u4@gpLIXU5xE!7?2 zFPflgJE?&(!YR2uO24-OtDASyY_%ggimF!5_ii1)+b)L&8tNy8-Vdn{cVF2)#`B}X} z;e6g1uHFzm-h3$3w^*=BQ_nQ^8gV-GqKch^S1hfVynUXY>p%RO?8vGAAHQaE_o33o z*~bsY_$Eh>%{K-t^acSHb5im1Ui!HutF3e2Ms{vO>x!2w#?Td=b!K`HQhoEfq&e(dE$yOxUXDtW4VSz6dDdc9V zwyxP)&th<}<`mmZ;&ThtbGVo)qpMe^g4mN=14?t%pz}hX|HV%RYyYDGy~KZns&xZ* z|7^X-*x5mX+0aJ8c~mgQ&nIB1DvD$#*_L`AJRJ5UaZTtN$ew_$pefcop0YFFh8$e4b1Ok1EThgQE z`stN==d{gU9Ayq!ik8%5ObXfG|9x*ynE+>!|`>(EfQn%*Og zF2tzHjICGz;5oVbXPGX!gTWf38uYosQ5U!_31m3JL^?%3ry`g(atNA<1usS}114(#>XiX0gu02I=0>4ih|=1#;`S1^Ijw+DO;5o(&4CfHDA{ z`yMu74=SBLoxmH}nzbHJkwGO-yd@uH8IS&=*-&xNpPZ1=r&UL$r=~k3O6DN+Y5Ni3 zV;btGFOn-;A$#=ctw9vMM-{F_rtF^L;v#;lg9T2tpp`ss4fU+a7sdktRT65SIH85_ zi}lV)oVBX=gmw)_1bO;SG!;Kv3NJ1aw91pjq*fwEY4W4M%urrE_tt`#|9LK5DtmDP zC|@qc|7KK&0Y=p*`u<&Yhsek+c}WI^PgcmzDqtf>`mkI(zu->2p0y@-agG0s`%QXA zcR5LFY6v3FXv_T3&2Os*W_B?c2Q%3scIdF>g6Wb-MNl)JAch=kvh_>Cx8v%=3CZT2 z{A?1kg0%=f`yvRa8i;=*@uu@4=YqNo?dy?tEBS72eV#Pyy*9i5!Q=d&?CIgZ>}i+! zWWryh}cZysl3GlmR?PvH0~p z?ul%_ZKK*>d(kg|RQhF*!Ox-^Nq9qfc{gZrdU9iOCTX4BHoS;mg2PS0YDR)g2S_oWF>52(j&XCZmBBTqg#aKq9dCc2t~i}NL-ynYG80Cs^OSk1x}3pV0*-! zJnFk|dCW23PR)QlN&a&`8r@t2+?Z2he?n>V^q&YV#CjY6(SiGU09y1d+QUu}{+Ap= z?Ww0^{a4d<1(ZJQ)CdzJptayQBh74<>cqSIEEm1R%}J4lTPCh> zUlt33XhmXC7LWH;A8@7X(&bXC3e-WvFBbEJ9W$*trD4;BpzlUMf_7#qT*LIBeUsFu`Dd8J9-&QBCHJ<+p*nl55dWTlw==`npT7~a& zx9Wzo!1{t;EA^sd5l~?|O!slU0FAY4$_8l_n|t28&Y$)oqo~1!YT<*(HKkhco4;RQ zHR1E94$^HD*(r%(n|cl8iSi99Q>~^OKMKVqr zHzrY9n^qS{8W#6M=16>2@;>`zr)5_U3_KD6dBrKV> zjFFVb0?8}fXUcK>zoj&ELNZ6|LKrwA-h&pb537P47ykN?Zc}R|y=%6==l0d5ehISv z{oR1SBM#v=5WO@C@L6d379w;~-(c_X)v3Hv;i{dQ?W&Jfm15MO(FMmQ7cTyOoumUNKKP z|5-{9c1i9%Pib&``44ExqY#Na1aPduWd;)2t z$W*%O{2Mi+-u$NM&L1^%EmrT1c*CqrEqGHF#hI#Oh}B&W2`cKE z^=`>@4ZC;VY#f2u8T?XLCCg*{2RY7o ze017oyad?V*6*#mj{E(7MgYU_E0s2|4$<(Gs){)4B#;=gA-CKA{IoZ6tx>ubI+N}h zHmIR4N}11IR+9s+SD{{RsiKDalYh;j^ynY?4b&u`Rm*bu4nR06^{Qh#zA0lTHk_2tvf-V8NE}py|zj&GvvqGrBVCXLe}48KeAS~H(fJXjJS9hg{xJYJorY$ znx7sUC~V9v7n@9TS+P#;_B|J|sIL}0Syzx@QT1uap2Snh={wrJ0%$%@*ZO{5gH$Z% zU?}R4MfWBZ9<~1t)Z2dtstp(@VX|{t)p}0uFsts!V86Co-?onhx5q6-ox`?@Ayy3H zD`S1ZLfZR@0xk38bDw4AY@#FOCCeLJ3F68sV_2SdN>zstNseie{qBm&sUXmC0$7(b zSh+?_=|`>G^L8iKBLa=#cW9)w0sDhk43h@P4^fS{;HTlRNzLX~nGu>~Zo3P}MtQkJ z)Y|YOqY_HX-iD4kA>g$iAHkXfO9C+GF&>2zn|T3F=r!}~@n9`dXc^8h1K&t_m7SqD znejMRZR3ELh}3gytx|IRbe(%lg?M*OE1BXOH8oq)T7he5Cbb4=Yu`dUzKB@MeyHM0 zbiTT!f(l*6w3ujZ*3@>&-` z_gSgTDq&4$UCLQ;$`dTkt*X_s8&4N!?nQsm`r84LEHCP<8&x*oLkf~aC;{pHIsOu8 z&ht>9wsG3sn2&R#Vzy4p#n~Uu-DTde#EW>{8dpwL2^82b*#4;SbYq@o82>Wr=t?hu zd?82Cww!GaK&EW~)$Y^{fX$xI?6V%*9Kz6a%pUC{jAz2BGw1G1X&EsJ zDOKi`&e;|O7f@DH37LU2cz?yTK$l+YG|HgA`PeMx#OCiyS^(zZCAq|oE9Y64GV=j*eVQ>jmP=#2YYPrjb%{QY0MY3m99n2X2fQc#pzJ5We zq^fy^nBeF;U;(Z*U#jlev`LGk#`Isrp6b8ZWq>S0u%sv4sEUeBrHpSax9nO=UzWBp zlQn)5W|muM$jH*?Ei=w|dT-|rAW3+=G`gETGz$&{zz9IYdFnrO0kH=l%3j)DUCLf) z+EA&J@Kb7vYtPP{dY?|Mocp3n^~CS2+keQTX zr|-rChlcH|GhZ{f5sv*=8BKTg%Q;8jm+@5pAAn8&T+{Wl`hGE<#olR1gzi_C<-Gu(5&$&a zn`(yh-F!z@Wy9EL&Oeo(rk*k`B3yUum|YYt7Ku|#Z=HF)?t(K-lSae4EF8z1D5UyV zMz{j=o%{1G283U8lV?#zfCE`Wm@%S2(dAb5q9JcFsKQwlHJjnVuq*l8hz&YwITu`q zP9IM>!;OYf{IHID?k&!k;fx67x1WFsAX#Xc&KDU(3~Dn2$SmDkEghz)==)d-wowB! z5f0FWGui(_Kf{&znLB~Eew1}WFRNM$M^y_ltxI}(o=x_tTPEu4`RMYPx=Wl>?J zrLXZ~Wbz=C5mACJn2a%~v#C<_oY9L)0u*e!KLFRE$wO4#DKij7-n(7;ImNV zeQ3|;+%Q8N{X^v%v-}XmoJtk7W@V+rI@QqpW}bW(dEkJ8B6!BzpT-iyktsL+K(TEi z*H2spe*MeH?!LIn`pAP9j^(&#Or{b7#!=mc$86tZ|11kwVKI-p5Pof_RbW&=U?{}6 zDSxx^RA>h7{IhR;K3(T#W1}LZ2XnemH#K~-?ZkR^%u+p69Llu2il}4NNL<)zd9suBUiFr@6R6=C*J2V;PLU7oZ|>^q zv=ylv%kSBgho3f09%ZkOxi06I1<*M|L|B!K>nF{VF?Bx87tr-!U-GL->EhDGN0Qm* zMhl+L*JIrDq9WZ^0wwl0`-Rg6Qhj?yEC?kqe=~jEjp|&BxqB)NdlXA_g^HW#yX;Az z=aR|P7Z3rynQP{tEpFgRDXgymnBvZDfYjmT{yvAK(g-cIA=+ zB6r@NL6-?uE65$D)g2ltxnb>aZVV36NE7*w2`V9g4tB<0$#Ifi`%$rC=~ovwFljW4N}9%T zOKW=FFP#41jxG`GfO8dzrJCBMg#(>E+`M(I+vw5~ziBkIxIG}R`aqLc<=8Vc z9_g258UX!rAWNu`!0?FFMPjopC$e7ZZ} zvut(qWH2^e%>#-r``j(~+iQ!iZHjg$Bye4g=G(*FYh+IX3+^oB8GHlosa59y=14tZ z?O4aTyu?uCk^gv*H9d0Cm^WH9n!^U>=SbhKcV!CF!h}vVb^P=hj%)cbOUhUTVEY*5 zgz0pDW#&iC?_wi@vsb%UG)JT~wwx&K^b_O|c5J3qquLdC)JejbKIFu_s%F1}to81? zU4)4$!l%$}D3aXoZEzO**QExPVJz8m!zf3PR<@+*{1#s7Spcb_4hwFezBm`*^svok zwahi7IZv>%cat(Q3YVF+F|L`eS`?njo(wkbpV@z`dzfzHsMp%`)gC-m+W9&(kRYwZ zH}06SA6a4I@VHFEsoa>=tgPk-XeBU^oIS~S5_t}kyokxn$p>MXM-0|@p_Jx{{Y{Ly z^Snul% zf>)m5&ZZmhhzRnj4h0prZ>RLkdz(K_wr2Ke`+W)O>5Vt?%gx3H*#9J!=t34pcai)Oj+$4 zEX+#WSsOSX{w{(MPW6tHc+`>YUTEReAXPQIUdxS0njYLjEI>cOf3@sZrY56AzUQR# z$26g4Fj7BM%O#t(p3Vf{m`HVB9seO+>XS7<5asb^hKQ#3Dc8vvBa>p57U%;GlyLwz#ld za)_scpVZgA!=>4$Lm=DuLswGW?y6q_AWuy|uY*!E^+_`-jPvK{mcd$yyj!Za@Vu>$ z{Gpb8@}X)%Y>gVzPTCaMInFAR&R++DSuw)MY$7Q`O$v$r2^@c~dd+ROQxdqDtI z@9>XG2G@b&Y949bxrxjW&Wfl?8b}%}Q|U}_MMoLjq_qKe3=bNNb}tRui8R1>@}Z2) zdsCJn7U1D5xyh{6_#KL5w>G(`EXAXz^TX#dLf^e<+R z@In=Obg24#K1BTB29k^<#wngNH9GouYf-D>J=U&YQXuxKIed=X94S6$(2{ur+G+av z6pQ(iaE}KQQ&)p57!3{6Rg5&(XX4@&VFd-U!WQ{NwDZmPF!!PPD`mL31g+&D966H^Fzq^J zx2Qt+yNZnnf2{SZpEVgC)p-xPj+Vb(w9=m3>Q$Uu2wk`IJ+1T#8?-+C{mZ1V=9ND} zgr|S~n|i+mK+F1(iyFO6!-gOH;Cbr4qN6jTOQHLE`?8Fvogu=DMaPf{71Z+^mjk=D zzCbbL6FX6ghml-@Ui^BgDZ~d_QL`T<0?|0d(Qqm&!#3X&<}vWp;gacE$be!6GNV=njr{ zQdg#voQ4B_(1`H+Ksy}3ya3l$$MXUxT@UO!w05p_fQ-(i^q=|Xa2D2&fIq%<;hg$G z#nW&6=hP9lKoZV|EH*PNu^DtL7Kna=t*C=|4?nbq;)u^fT(i`6v;&g+_YQ7VZLrH7 z29Tr0Ti1tS5(1lZFxNr6c;CcEN?S=%pwzq<`K@$K5 zt=(|skPrzLnH*DdV6~ryaC*CUm=#Z43$)n2@7u>7q_z?ZzG^dSgLD@Eks%J=18al(Gkt2RRaBES+s%|1#TGAP?0rg3V=9+>E(e2aOrBJBW><(l$3Co)Mp&KX!X__mwIxK}cLOWG zD__1mWDD{=i>V+*o+ z+lP##45F^qqfXZTGY;91kJmYi+XJFy^0)MI7HutQBI~vnc`=dJ>XWMbo&}MG?Fd1@ zW;}GH|2p(%ZM2CW$a$KuQ5?#`AJUo@IsPgWGrhl-X)5mf!qvwqd!Hu8Mhx}+ z971zNUK^F$RE>)_IBOIM>or|c<3hcL0GFJrbor`WHtOI_H@hL+<yaLFK}%U2UUokpinM1iH-6FDvhGa{-Ys{of8kmoi)8*ndi|@ z63&gLdum?UHtHjgLFJd9p&&ZGc?B53tm=xuUsOFo~<9p8w z7v`Xc-InjXy}#cg6}T^-DdFpB8MK5evcyan*_3Xq!$Y*V?xyEibrgvt`JkTp=Sq0Z z7^9U0@#OG5T2OuC|9cZ7fyHwpt$Mda&_mlO=x%>?-xsT?T+uc@l3>S>kCSnsaOklve|78CPGgNqi=VztuoW3q;$ zO(U}7*~k9dWJJet`ZY1!9Qg8?`)i_3zER!w0$%x%9N}qFH%)M^!~<*CqpD=nA$qUi zuFVQ5hz$&S{-kW8y0&o2P)p5++A>rpmz|Ay0U6KSA3QYubOme{VWO2W$#%vvipd?`VX9_ zQ_0Ob~cR7Ut zKyLZLE4uly`jtvGj49ZtiyWBzD2Aroxq&#sUH*F0aY+e?`L-RoFOol5tCGU6IrpE% zJuTynKAo#}fMXw%C6hGI^9>u60Kq%S_)}x0HdTyiu;{J4*)^WTb68Mi?w&u(US;I9iic#JTdE-vb*qEHj8Et*+Q#WbC?1u-V zcf~tsC+4ubrTLt1ppLq__~Ys({``J7gPwMa9mOb*bt%+qf}8vl>2_W)`#?ZSrHwV)y*qJYvAP(XT@u2NkDL`0CT^sdqg z5F5RTB1lUVlnw#ufq;T^AyPw4qy`8fVn_mnB>xk9*Zsb4erB9;#$BE~x$o1ibDeX2 zl@<0CqBU6PjozOH$eRUMz1%ajAKB_lHJ2!DP(sJ9CisuiY3HgBX&{0OJmwQj zCEw-*)Z+X~98uees%@X7A#p$R=NHXoh1)pOpt80$O`r}%(jMl2+!K}aZO{n zME3MXb*|Fp%zR6&@CYd8s8-tcat#jxn_3$gL0K-~Chx3P`ZP>x0;^WcPasOtzjN*4 zrXjPmtwL6ur-Rv_b>A$XkLc|~5F*^y$U~j#jy0K;J=Q)-0;)7lH@v3jYh z1|($POS=B{k_8u-a`0CbY!r5gYKdYp5^E`TJ$yJ$mJ-)CND8K%n;2AJq=s~EoQ%8jY9nlD;7p2}BAWp-T7zVS}o zBVW#84t!arKU*i8S?69f`yi|2>j+CyQgI+d$t1|>O!1H23Ov>dme{L0sg(H7GK7Y| zNkUOq(&$W`2_P6q{C>?|UZ#fl`FoLG%P2Oa)|}#NeZ9b;r7u=()xq6QEoVEL#4?rb zn+eZ~mW$Lz*a=HM%=`Is+EHy$`z6pfpz-MVPqlAw1jTIFJzC8+(!9E@*7S!Y^hETf zl4>yUJh@=4dGPt&IL6ab+uQz*7lf~IW{C=u@1wa>UZN|-)}d8be4=gsA;{atUmSY` z?>uWKL|VOOZ^o!s)WNA!TsS$$K3dxoeJ4FpSAL~y#>b+%n=cNB&}L$9Uz$vyR?_A= z_5FA6qQ*l_gx!>K>Avm`eI?{)PopwIGX*{AcBo)2aX3zKytchtOR-aA=x4U|tpo(qsjK>FEU||s{A<$HSkm!*(7zzts{{Lf(MVnClNc;CPq0RI z)TjQoarUHI!W4MBd7;TE=ttAa1zFjiNO9Nv3TtEK+;@pen4!9ht;i3NG*jT_tdg(S z;KGDB*8Q4B+AIbv0&U|nN@GRGw{|Lh!>`Y^gjQzcPt7FysCl9$0=ACF z>yLN-{UFqm`L#G7VN!{XKTR9$F$HQ?7Z-DU-;MtxhJu8< zfm>V@C-51kNw3bT^4Mt-cOR8`J7~YdEl)1C*WMr}d{Sg5 ztd7>=yK zK2rP6gQrAMOUUB#}&`0z~94o~SR@L~onO=mjaHoH$ zn|h&5P15q3xt2q~HIS=Mz%$mnOt-W3;dg@N@&6`RkEnkVEP!5lKFg!jQZ1wp8=xb< z^y+r1BCvZ$WX@W=R3h7Js63J`H5O#g*wpbaF5j5oJ(mD0>4H+4**9d146F>O{WoAdC^m#V5`HSUk74dv2{53z} zaYo%WU#6bVk)DG%*7xLEHdtT$Zb`HiOU|$JZ6v6-emo;KU9ur6S-(!rRD*u8m?@Kcy&9pKN1<(-di^ z$fVUNcN!9GG(ugqkU580DLc`EAo!!v0hJZoev?N#*^YPM;FZRf9epQiyf1Av(s#-3 zWwKDp(piHAKTtNUebsRgT))P{Zb;0M^Y}j+UDppVJEjH#=O$mrdY4E`6E@OUZQyHi z8iuKBn&Mkv6V)`&%FiT`nwYlmY|;H3UFWC3K=YfkC8weKKSE$@CQscBZfux1y9~ycf-PF zDQ@^rV<8)Oe-q|yu&<4XD%3#LM$-n*Kuh_{k?|t`f%gU%ey8SjM?Q(Mc3wyzj?~wt zEBa;)a#h^RxH)zfXY}F$5SeQ)2>O6U8+G6+f-2cLjKHx_u*?C+A* zPll?nCk*`tQMU_o@cq=H&!&Wi12HCigZX~|?+VA$)yd|;!PB{#@_RmlJTc3_%-C%>(grH9xJ62n} z;Rkhr$4s*s!%fy{4PmgBc|mc!>)zmCy4J^{bYM-kH7fpVdo>0@L?m09Fa*CtM}+FC zko|$!Lf+(%*yeTsHA&(ozyGu4ou%tZ6egdEDkL2S!scI`VGpdX;T{8Mo0m&ehw`9Q ziwr!Dl6EzD(hgaX;={DaIKs}YihH56Vb#i=z&{JmgH>m~JBH2%)k#a^6+o@dG0M6D zk}BqBE&_Y?Iqi5hcO4UIqcL%Z2KM#Qc)8|xl1u5J0o!$F1lDO-AA2ao-PvTw6HE^EWC z8*uE044VxisjcMhyXa;_YXB(pT>x;_VBcv)Wvjuqp{nRvU$Z)>4vB52UsdNO8}<92 zEyX|_`duXi098WN_^|=)jmf0wgiEDEp-#@VALlfoVbtC1q@8h1;P@)_8pF+X@Hki~ zfD+mSBz0{yih9Xl(6l_N(mUhN(fcmh_|b39l|@jT~Ec<91Cl zLj~D$=pPu$uFu1Jd!w&ZwbEUolQT%^?WoE5c=yb#WX2`}>SJfw+(NUac<7nmX>!|` z{a9qG&4|mMSctct$4o;pRA#Zj6>g_9j4Mqj-22(SMErF7gztS0gTK?>fE-HftCxmi zoJI{B!yo>Koyo^Br^;Enq@Jz!N-|1Df2EJC>$@#bVFYWwaEWnWrHtSl5e-UxI@h=5 zaOjcsUr~~`{FRm)zpu&Ah0LNSXDS=oNds0P__fHH$IrYZw@s#$sG`O(lQZZ&$qsgD zRVqa^o3wou%QPJ6U-)^hitRBP6&I)Xjn=mgo#H;px~Y>YR_fI zy#|&G9yuy3bQooY-?73cNT;eC&KH<@eU{leWqxkv(TXr72cF2Mo(DZP=g&`Xc`c8+ z`{Ati%QNK(_2aUezVf-{@#&SlZ~dje-%g5Iun+&REJ|3@%h`Nw9W4uTYjmTGw9-q+ zeJfMIGEUzj+gyFdLRP`Y%k@z@Z=YIww=~c7=UJwWZGKN1WZoq?FHYvJg@-G`pYG~y z$oPM|2co@Z!zT0u2`dCxha7Smy>;4hLxVsFAZm8TP$2o6Mti^oL+l#a0t-mql(}IX zBDzKs#V#kPzjJSk_{;yt=9tc`&DdUH8)YKs3?(B^$@50mD(MB`~@HbDs1pYI*lm)fl8@T7TUdtZS`r;0gCX@M+*xY4l`tr0OW$m`)GlJ!+$8apSwrr(7^9yk-MF) zx_q#YF932ftxSJWo^zFdS^CS(JAoK8-3n#4DOBCwOq<#iFC{VVpsFFqTOiHh>fM%g z&zgL7v`x^nO=rSM1+rrqQgScUJ~a_dCSLW0s$oLT@EeEP>wQ(8&c?NNEvscHCwaJ* zesl@zdN$uM?9S1-%Y1f>9W(oJ!5Ov<^B!Tj$_V7VCn9VNe3lGe;4yj`(iJmRKAua` z!jE&}?g${+|K^QEmxYZ_uTT4jw|P2DdUj?F3gfPh-#%l~L`rgmJXD$^abU~V4%Jj< zDM$pgmSHzjZaMqdlX7BYDQ7r)De0l6=R)pv4FN^A0U~ZjRv2nuU;FD!`@f@MEWZ~x zTonS~IiovUgV5L$qf#CKRq+WpU|JS#V*Af<>jUH`ZZ8S9h1Sexb@6u>c29OUaW{C^ zE2Dh;C~FU$YZU}H!oCH+TJG6S3dmnYbLE2=rze^SN`&ShR8aY9xYix_V6Snj*<~F6 z$E4{z{ZifPD}B;u59yfXSo|{G^#Kq}=VQ}MgpQY+8BkX+PoCirfVs%=25Mb^`9$_@ zp`$HpJTnL2C86iN?G+XzccNE6c5eklnA8=cWZ(g%g*F^vu7m)~)Q!}y?eaBY*uh5l zP4m!i$0Pq#?ksN=Ryp=X8NXLPyPFwjcS+bP!Dvd(pVd&8>uiI%Go-@ESoxf3ATDjq zqUBAz+pOG*`ENWn=l&Dmq#Z)^L9Q-Anxn+>ge!uF#<)S5R0b6$1b3#StAv2sc?i_0L+J&rcp% zF=GPnc_3i+(~jC^Oj_sLrq(k=zXN7Yva~7@cYCc*(dI2yTYP)z)u!WMtMr=CP)GRs z=MWkQ@NqTL5^h8({nGnC_KZsO6Ec8y=i)=`WWUtv4&~#3Oqf`tXA;O#C~N|hI_pqCELhi5dnlUdn@aa^5|t> zf`H_8<)P&GxS_WJDax}xkonu+9&8zYXd?%SkQEZe7?9D)1++0VC%i!GHIpaZHB=!R;XukO|7SBX%a7tmhRg%H0*vguHnRK5@R+a#J?^HOPy&6ATY-69 z%m93+0e}dS4J22CY&1Y3jqZ=oGse(y7_-4>ZGNRE=3}=lG)g*9(OH zi$L=GIR^_rFsFY*RA%0h+Yi(8kuR5Xt1L7}UjhsM?E)U&4(>#}6Ea(rGo0!1V3lq9@O`sc7 z<{($lN3d(-wN&6pDGbGkcNnB1ix(t6Y*5wT5w-AYB~+$Sb`B+S;2!dB`N!qiEcKej zfi141)y%+ggDE_Beln@&_i1evUd~ov8h$0H#n%!afKL{vE0kUj=+3*Hz954m3Qu`x zJ~$@|v3Q)Y+8+uGQDXLrJriw z;AFg&*iAm;@PzWD*zCK(_*&^>qlK6isdc*T;#5TYl2R#1ChhVuL^krc+p~%hb%PgOb@)LV(IGaEpV#brD zfZobAJrz5~VtbSDm);XYR_6|@sbV0AwFv2YgFy1 zrasYbWxXMCmP))@5oeTdX%^accET~>Rl_hf^K)gWm9USxY<@RF=jggl#{OCH%I^mj zr5i)P1B>%W^oZZLw#{1Va=P0acY)(TsB&qnnGJ(HFarl*lQf#l*g(dVRwJND4X#mh zH$#+GwJBpJcEBcX&Rma++->hrFHrQ0Q6FzG z|83NAD!{%4)!eO`8$8fZ{2j}&l(nYv=hEwlRI4$o`nLmW?~C)_$pt0M`m~HUsEsa` z5zi*yQ!aBGU8m11V>URtuNP8SE-igqSB*>MjQ@9M8KAGSuP@2MF9tYc;~%iJL7Mxv zigLtkgLbX-)Fok{pE=#pg$MS*1B-`GRH44c09vBU;-%Q@*ef-Uv}EGzp^+1`Zp&vC$7O_ql($$k4a{dCATn10VQ zz}QSedpu}49dbJzCkXCI^u(a4>wnps@uFjIS(+do3|jT?+SU~My2nmh&-}2jW8T(m z1dP(eQPmJ+i_?XHy=R5SXArP9+tb-(2%Pzqu~~x4Cx`dQRft+1!*T~bx|A^Nl+FIA7;sGd{`*^2p4`9wQmg48 zG(Pwc@P`y)ns2LmJW!+1dKm9+lRKwM=eiT(;Ab+xxW6XVnO{5$biC2A2kPcf)T7-( zhm?)YwRlL=t(71lC4WcN+=US?dA!K>aFpwttQU`M>K$c1jcrf0KmT8NWm?`G{T%t74H+MIhPE z#~lp|BXW(o;RJl{6T*A~h_-ZT67Hs>Le864Igh8$wrPL4e?x0At4aw}>1r?((eV(W zGdf9#dA1>xeqv|i#0BoVw>!E+#cW(Ocg8GRrlL>P)dHqJ&b`bJrx03g` zxh&9uV!ZRVK>2r|ohM@fVuov(0=JiEspk{K!p@J@`so98;hAC0$CwAqA9IP>hCdwB zMG^rNB3?#Za+iG^NnDTR=1s=?p@(-zR9mY$J=P%sQ1xo@f^SvPT9CMlt(0MRD*%p) znrVl)A?qRtdu`v$9(_>zMji&-8KRmtIVC+%re3rpV}x*8X5_q`8+^o<*Bp-YRt8%K zP+I9a0tQ$9P#0N5PW;78j+|Zq3R1cJJohXTgh=0XrU>=dHJs5j_mDd`?xaZEf$TV2 z-CwS&?2Xls9fus*$zb(X7d)bj)6R>{-hY*S0ZGM!s8m2S$7$Q8>7Vj57qKqsF6l+1 zbp*1%r_IO@6YfXUtRgm6*fsVJ@6)Dm(~^+0^j98#qy^mLt1P}koB1=;nmEpE!i>jM3{bpkp^ zRhU2(K(YlkjUHe*A>61P2mGbmEUHg$nj{7W+dNv{KK>C^U5UelBGZOt z&yAn|35WuWSk z3+A*F0*a!i@0FW>l#e2%>Exp_poH1=T=K^F2BwvmH!y}5ItWUo&0D}^f~PImvGjtq zUIC;p-L+t7;@K-UEl16z4K+8^%q^nnY=LB3kP%z+bVdn{qSmG(FIIPcY>(^gNRU0) z8=DAX?9x+lfqsWXx&EunKJ4$AWHC|zf@o}ZL2*;tjjZ%f6AtG~dnu0aI3NptPpaIA z+{}w#sdgZGOres$HlMnWNx0?PP5aWNH$4Y+u+U8KlCY5a2VSawx9j?;Gc@bUef7st z=CUhi)-R+5pnj3tUOtnTLk8}Xwz-A$+T0*Jz-%SZ78n)yBg$Rjf{fvL=*?Wm;PCh% ze*cg}#R01fZbtNsNC9EbD>=J$Nksl|D4OJLAvz~fy9iTZ%y4|R}9a!sK zRrzM~fcv#^?5xGNE>e}C#d?D4J6z`!*Zb_(Q>Yc~1+lf^*0~;2EewS4_QAj%C3Af} zpqNvt6J<-8XBV?s*2>AMB0T5)uuPB8*2 z#t3bHk?T2mAg{UZe&mR*|7;5aTP-n}INOj%OFUMi)&`~+3f&p6SdlwdCf@ovfL4N8 zg+)g)fTOLO_E@jov~qLMCd8DSDC>7qaYO}`cur4}sg{%t4>Dm1OYVL8CqFvxxzFWg zc?D>Z@PGJl`Ja2PUDu^&KSbK|lu*F}Z^nDG6^ZKZCBC_x0gcKuLJTgaa(!xy+6deN zfVn0eBKzqKe{gb0J4sq~hjRQwFVoq6E@rM7H{f`N6FCCBUC*7 z@wDi-zzIze^N8R!Yx9(K^HQ19CUxaIK#~W# zuuPME*>a>Z6=)VdrAPAGwH20&JMUe%u&GW!lTW?=5eokMK6rbB2WGR7THDDXNFDuV z%Ow7k_PPZC-6yDHL@U;~D5?Rxz<=e$0BNvispXB8NA}p+PrWbxoSxI@Z?roJ zFwE{tz@D1b>~DvFPN-+-Gnw0z$rR-|l=D;F6mMY(XpO5&1lrO|w&nwc|5qE2p9ehO z+a2j#`LVwC8NkT9>(j@{dULBv(4S^Wsb`|9{Hx5OjirEDf*T1QL;q)#MHHu)1GJPD5D;5PCP!id133}E*UrStB9 z*EV5V1)Rv($kaw?L*mv97AU#Y(e?bKPX%804TpvQ)t_MD4f@-roenZ0ZXDcbXTbcMIc##DXHehgxA-=d`L%q;X86 z5N$_B$(oh}7PT|}MK?9FnZ3maR<*gdGb2EXcay@Tn>u}qPc(WR=R;dTg))i`u*5tC z(pWv08)43ar`mD7_W>RdJCH=6g@qg9jm91lSb2}Cj3UNVUJ_NtD@xl4P-9hXThgtL z*91oK24kG&Rwfg3FMyNt-WB?{S9d^z-8!lSz;mHtVMXZmz4G*#^nTNAulJLU033r1 z@GR9w1dg*W9R4Z)lAoN|ld8Ws1u$tC`v0XY+57VeECzs&a*hSqsI+56VctnH^O2&r z0vdzh4BpjZ0EKzpLfxBsBmca$3C5sC^8m!srXM7;w;dJ^mLt#8jBmY%huwLJ{5C?v5ulP-wGMbR~F0 zF~_+qz~vD-HlBtthJKsj-PO2|=WzTntwlhnKB7-%SEc>g~hv3)1V%V#9kH zGU*)L3ShQCsMM$d!VuQ{v?YLHhv{R({IrPJ06@xyqUZsfn9q1}ZIzhVf6-CCfT1DC zv=xIq`$H8noJ}{GyL$nI{6tFH{K=1jzHZSMjf2iY-U0lB>)lh|b)07nLF_;Y(Tzxx z$GmcmVAr}79|PM_Ihbik(@NElttmWBn^MGhnD#%XOXumZ)d}Ju%-^4MHal)HVk^k5 z!-PfdFpydUjk!y;+Pn7u!6wTUPRBoaomhJ2>DZ@JvG;5^QYuLxQDW_WK~5t7Zuj1O$NteohV=UTs^p~0vo zAaR5;wQUg4bZa(-XaXs%6rzo`{S5sM=yJ%|_Fa&TV(-2#-`shBH8P6XCeKu1G=lqB-?zF;{MmZJbF7TJ!{ES%r`y8Q4){tR0uU=B1^rCvzszWewMuY}cLaY8XRrFjKSCMqmPjMr8Q=`Prn+X}x(UbsFK_`Q}aDT*kx~ z=LN;(EB-pzv|~VD$8dKCJwcy=41eqOI^`ST(e@EXj@m$%kkoggHCUJVxNB zt6bZEb-&B1!tCwoEye>kr$72U=r%yHcd=WN!V~xjFu3`r60O<9yEdq`Y?-hD4tTs$yGFW8u_MS7Fk**X$3%xXEcYCDBE?vE#SeODv)6f}fWR7QA$enka zV}sfC$oedR>LGK_&ibW|!}LTQ?j?7yy;)CNJ-uQ#TOT9mbHBlsf85v|ZN0S(2kFq8 z_FBo5=Y;jW?pCv#h>5L>)o$oXqFsMmh<>(C+e&jEP6IO8R=9Df1KR1V_kZ|*;%|`c zyfDBX6zPt>8!`kNUcRi-DObz+zfQMWhIc4^IxUCzCVdqsYZ}$UKU1f#20aWLWo*tw zP0i&H2&HSgz*;tso0|ZXbJwua_u2CJOsW1O32v=YvA+rWCjw~~*G)!on*|I#=J#iC z6d*SJSmCsb1spB!F&+3yQ`n@$PKkl@?A+kb3M8b)>z#L=_0Qf>qzpXLAVFl{(RPi# zaP`CWRra=NGIQi$Cu}SJ5cDQul}qQXyNbW=Kr>aye#Zo$1W*SVZB1dz((BdDckPMUp2jAfQvcqf)o~JhEfb@rB5GQ_^GEuqNMVn*>mrv?`6Q@)SjXyw+NrGr{l1i`1nWCctdu z1&`a-|9~%G1SiBz5stHb{_dL9cBG}WbTnq)EGe9;xwoD{A-C8GB?XcA$d;!qWuTTHvWt*`XM?apz`u)x&0L+tbDu{?3>m9s$aRi$jHCaA;~EQwilxz?oTXQ)6?fgmW|eTHon;pXtu`Y=ODH zTn!6g9f|mXJm-NSJ5Q{}F?$|s3xSdHEQBrzz#Xkq8_>&`kF1M291rj5OGFJRDw3oO ztATL~H=Jatc!tlw8~E2Wn2E)kA35ewetkX10rOGa{p#ubJ)rb`(jn5AB4Y4T;CYE? zBplK9BiMdgn-GN|znpB0>rs0R>u>TPy8}{*3O}G$6eVqtO;^TlkaX*JaQ2YK^Sm#I zT;0!{%Y$7meYMeJF+N7?pLTC+#eX?;(OAKP-!q0{`b+a-i6o_U=446`<;W85_Sm+m zyBt3r@+#y(MyXc}!>vNQssQiqKV!GVKHi<~MeFyTnwb0N1Dc^+$*u`r(vczoX*AJ95j!q|snYR? z{Yr~75va7bfaXs(5F-vh*MIbn{^Z$09fmJK`v+!b%dcp%u{+JZX>OG2c2B8nHNdo5 zPYRfvSZ!k{Sz3s>Ap_eG?qM|%TYe*MjMkoS&nzrP>?gaV*Gm9{9`X>@Z2k&Jp!oL2 z`TK;9pg=yb5a%Bx0W*UCn#X!vR{^IZ zD((DMV@d*Dpz*nC$(B{%*bxh`M(7@?}YVyW`S!4^N*`9BWvD9yT*1ws)2r4>L zm|2)pL3%vq7$Sq&``InK_4W;r}qRCo8|L;tq-pAARL8I!w!Su6{0g=g*c=8t$2?ye-<^^G^#2#ni z2U9W6hQ7QinPO)ROsi~*o@SDxsb++U(Vqi@?C%BS30KE&0`!Ruomh=u{%eXG&M>@yz{;g|M7R{a;3P{bl63(ZRqDx3|`Y!o1Vzar}Fc zKYER@bVYR)<(akVlT(7eIRAl-x-@RB@2Z7@07Y;1A;cd?mklmwZxPzL(j%zx^2n&& zaBC^~7kSLLjex$-{SevGrEK1N>jYKHZy8_tptEwzbH`lC{I=;Q9-Hp6`i=@__&8qz z)FN`+fHXJM1Ta^&Yvk%178QMmMp|0eHj#uRz-IJbb zV%&7Jq)E4uzEm8(7Hq#o#vH;?ZAG>omp9Kn8>|R|;;a`O&-!@)ii;M3zMA~^&T`a& z#U@rjYA)O7-#@UD8ow7gJu>1K;8GMh0J)eQ2TX!}$a9rdK#)_4Re|0OibeY}^HwuC z7@s{xH5yx^8dYCZ$DXH7yaPs+_evc5ni=z0Ng1`xfDz5Xo0)(r(QM#usvF!lE7F12 z%LPO{Jo2ugw773^{TRv#9}>_%O=mKdzjYM>{qdZ1HO2zYQkmB5?T91OZ6?@`SrqX$ zRQapfu~FIouL=hs0PME~SyGMyGhdQJzB8XIKZ*zUyL(;k`mb( z{+iLa?VfSh?Hdv#8uaOb)y-+YmNvFK94`LAm%#Gs8~{TU0Fv%WR}M}Z7NtJN@n|_d zTFph85w9q69L;hsS}clK8f7g6h^PF16(%PBL6^2(cpeG8K7LeUxh5GbmAg6^w544i zI`eTAqd_U*a_5$nQnCfM@HDxMlRj#tBCJVmV{X{8QeZ{(bYpa+EB^5aH+gw*cTiwJ z=hrNt&W_-^Z;a4gx&F$53qg@9Ky3ds5 zFGt9_Ml77k)7VW6XBK#*{>YrXOdAUY|G+olLMM3Zi>6J7`E6PODWZh@D|*QrNwLBN z^07+rSMAORy9|qrXS#e7BW+9HP?|z9Qx!l0R(DG=l0~6bahYB7%+eB*hV*&j(Z8*A z_F}EmEHP>O-MF@+70w@QewPA`f9P3iEgJ3BjSt2d?u5aPbs09@)He4VMXJlCEYa5j zM(vk##67R3;iqh-|AFBvO8Bhn{KWl2=N!B%91i(=s|vxc>U&@F;mj1SwB-Ey;-b{k zs)Ic)j+bf(0T~$DfoHvoxxFq~-*Oe9Na9aXA_zkXK@&we%$7CV2rWWc;GtfBYxVJ5 zE;s1Z-gp4rYZE27?Siu=9#)*)nbn#O$EryAh%0HgZEoj7F$U&y&mzr7h6~q5lfGUp zlx%n~Bs8!+YhfjwrRuzyR80nGprLLk=jPV74M#GyC49Ehk*tLw0~v6RS+=FeY`?>m z=tv?NT@*`cbJX5jiTAH>ja=$RPJnzvko6EDSX%`NJ?McP-7||{6)>(J*0nt{4@>y40=tBtK@5GrXwQs+QKG@ zl^vyfT4mj?0S8K*t@YHU(hh+`ad|jDKg6$m+_A&!o7S39lV`zAE5;Ouy8Bxb{wm-G zVu)F!MTjPMD$Rw~U_MrDkpA#+nKEB*O-Do!0q=t($1S`ja?W zIS6C-DUGt!ccy)eF4$U!>|MpJ3Q!0%_@<(zv?8onZSzM6$Aub6RKre)x==#QG3Y#y z0Nj*}Kkvd?cw$c7Rkz0hemlNzqFV+&S9`H01Ih30AOjr$?`)W9?@bIsDcm{4(gpg5 zRcT4>$Kmg*)7Br74>UN2`oI544H83m5AqGd=NEO+5up-x7#c0e(Kpf!x%O;sw^jR5 z??90NCgSmzI4z+iA~*nb#=D-RsjL}ZUhU=Z$=k#IZli<3zu(K3gTUC?XZZ^*vgYw8 zxzSn+-?lb;<;`GcrE9cM4Xe3>tZc~x+hwIqHE8>Q;R}R|$MoA0@jJcWmuLM6peO>W zmusPK+T7S*0)a-R!hT{W^d*7hn7=JlSq?;RWOd`qV-i+kLDh!Ysw7 zFIcGWlb*At{YvJRO3qL1z~Xt4L`177zwjV}@01#tbz)>W7ACoy>pEy4t%O z8boCEGRq>8;2&e_fYGmaGmF=cXy_inIqoT|HckIk7%%?fA^6DLFz|3kNrxi-*+#E{ zDL$);CWRM2(@wU-d(j*Vif>m3!J9lnb|`d1vwwNm*y_|4Rkm@%)v_e!8B&CFoG@5V z!Cwx)P947IKFSS8s}4gzQIuV+g-P$z`BnE(@L4crghS_NG_)-s@_i^RxdpL_HApRR(x;$1B#CC7fD;2wG5uUy&MT&?;~>o7hW_lKakni{~65Y?~8HKMOG_| z^>K%-%trVJtf6jB7f2CaSaIS zoE>yhahrDY3#%B8(egMrF8NI>0Yi5tJ)@K-65e2c$H_^mnT{;P6|$J5obHQ zu21k)>a#DlK|h8d{gXJ8VIBS&fz1ZC4{`5eON|cL$79AVgYs zE4<|Ulomn*E3S(7o7N2T4`8sKTO*ux(CmoqAVCAJ9Kfy zaa>?T*t;JcFE)3o^=O2mKr zzgYjQcd}9ue{|Bgf3Ov6KnEOyrplFJ9fk3hr2sQ1ak&O&f5*e8W1}0MP~q)qeMiZu z&3`0B_JIBVX1Wvzw-stwTX8W^oaD7`wd8&G+`8c zMPt0hN}54ikagJ2xK{wvfzvkf#i~?Mb*I@U6r0|!s3K{B0o9u^YlUl)gEZViVsg>z zx=l(Rqtn&cEw2%S9bLU+xwd_;NGS=zfa3hnwMCT9hqOVRs1+XMtgxLdd;9O2@l;E?OD%Cxb8GVwj^y1c5tzTi>ow$#KrguJ=8Q;+txzL9nbT<&}Wygl-v+D5^ zqb45yLpobB8SOVhta&fpjG3a$tl$Pz#{^M7;eDN*4pG!txX`(6%7FvqP-Cg;MJp4@ zdFAK>{V+#zgtK#IsIs8-3@D-??$_aui*{5Osuu=_&` zRFJMl0b2ZWy)4i~nlgHEGTU)aR=yYXS7EF8i=S7I%$*xjPr~OlKtRDq=I|F@WSacC zD?Xol2<9Ey9frzHixW$vvkd#lyrvG%qO|wERyvaKAR1h!g?J`exyI{Q#m+)U`b!G3O2c=#`X04;a%=wv@~W*V1)s=SGm zR2nC9MBofD9 z>tVHo!nDC>&zYf4aiM(c)#6`88!t{?Z`J9mZG}4rMRh+-(*_>pdvx+?^%2yZ+|kLR zdbSisO;(vh*pg?pb;}CTkk+B43#D#0qc%1$S3XgusKCDdr6O57^Pe^IIUBTZ9Tfkj zniUB=%x-%(CL|Y(zgI0U7&bKqC^alViqu&ZA}2o%6e-JisJF^HxTH428^{rBhW_E9 zm>+qsg#Q<-BuZDzt^xZ7-rnpFR^pJF9*QtNG6w{zoa;xlUbkFKxfL7|)wtrM5d690 zxrq?W;g*yG$AuRuu;aDda6u@Su~JLrK+j~dZ9dL zomSP>3~j5Rfl?#zCDqHLA8?Ww@E1~1;p;kCt%5C|=>_}FWm!-4rr>hwY}?Y{2CFI> z5mv4iaE^Nvc4h8WCr{p13>Wu+-P9c^2c+T73TA^bUDS!Y==uK_fk;PyQuc|2NsoiJ z0c4PThA$^fpEL}oe8`!XuGTYpacgJyjtTAK>Y>hM4z1UC-bQJQpM>iRVx`NS-Ve@n zjt58hRt1%(f7txB*4f$h>wtOT0{p3Obk}gEXxW0Ib1U*N%ac`;o)a(5+r<``_Gkyq zl1AB^qw49?$P{IFzm9fbPAr7>Ya&qys$EZm%mjk}%J9Y0rR;a&tc<;!ZneGwN>lT3%`ob^t z+aQmEJM&#Obs8e#fRA^{!B+DsaEN#z{5_3_xSqfM0=1}dJ3e+CNdR)?o@F28G7&z` zZEWNv1A9C4YjRgH5#fgtc#b55ff;`lQNLc+_1QdN0*kZ!dTN%T*7y+z|AODC?|B{o z?12z|@qKR|9Df7NCbyY?vi-n?7v6d}xoUJ6uE{<2BwFx#=%lEBG><*KuT5@IW=)iD9MmZzjSGo@WKgCM=zCqu5^F$*!425Ru+Gw`BM@bRleX)!ao|-t z`l0Vw?lNU8cW-#6)#C$|^?8nlj!vUU8}9QCZ~(O;F0sEZ*~Q)vc7duts16Oqgn=9O zwxT7M&*X4Li_gH9g~n%Td%k!f_zz>TJO#p1fFZIM8?eJM6Sb+8HFGPl3S~F(&}(Vh z%C08j{>V|2g;{JR#8(SrO^hyrOxA=uwRpe1^Y6KvGi$MTAAs0x)**J;9T^@n5MLd* zUX`CLU`5fKVI-$*455H4xYHVoa}o@{?{DXJyCf3og)er#A1b zcffXj_4Y64sx(jJ-t-ftnEik4y?H#8?He~d_uXA7g*%n9BxNh>oh{4Yric_$hzz$q zgzUyzk-G)i_oa-zM7(hVh=)H8a)k`91G{@B4h7=lPh=r_^=L zd7j7lJ&*l3u1n3zhrZEPyKXG?VOi>B`!tzqhfO_k`_<|G$>^-Vrb?Www>2c{Au|pNu;<^V12hU!t!T;s%z3(70vlqN`uw zd}vMbO%3$*qC#+@!p+VVudFOMC?Bs$nNwJpX**BgR>J6GZOAl}XPd-b4 zPcc^Zi-L~68mY-B>P3WkK+}b6F(-xUiJS?ny4f9q@kW_$HCZOe-Rto@5$U!VqvEq5 zQpqyvX@}!By4gHH$Z;%4Gr}7WUc(zBbKNYSsT4a?!0V^v2;DM|CQmLry^v%{_j&XL zA)iO}>Yu>pxgU40dFuR0&XW=6yY?XCXD2s@&f%U^+EyLY=hfv%CXk*}g(_7PeQNJK zD6BX3Z<@+-XZI|;J*`nXik8Dn_`jH#oOUU&w=b_=nVcRZ@DB8n5_YCnAGyR=I`X#O zJ-YQ?vf8v8wxcmCjwg3#{%;=efOzRyBnTg3QwY2@po-pKE zKeM)aR^=&Ss3a#hC#yW`)Ri<&B*|iW(A0UQwY&YojQG!u*ha$QZ*}2;<|MhTPPkX+(vEt22tNV2STs6t7cvCHLJsXI829&pd4!ru_S`TTBEZ37%n50Iw7#>V|byWdO@#eugwlA-gQ!4O~f&z`(cLMB*Aji z`R;Cf=}WeEygT{)t^;F6;h3z?Dl-zxF-~=2;tMJ0-o&Y_vuU+1(X#FxTPyLd!epu+QJo1>7kd0Qo86 zG(V+XjY%$)4K3(<{-FSe8o}tUqFe@H`Foo#Nl9TKd6qNqRKK~s!`gr~c#;sX&03J; z=c`V6YeCPZXdJd^{=R=V;I#vm;khpla+oF%BQ+F&IuBS{PU6i+Nh?6Uj*pG#)zzZQ zPoefBAARwVS5hIbsCDMt9)|F9lJnHp5pmhD-igP`jv$ za;4W3(uZfgoN6oAn7-VQD==APpQr6Jwq^v*?G788ls@&93~_A%$ESFk9iLr&jVVAb z+=DbI{rT$5$G7&9C#jjH`_1G`yT5jfay7`VRV zBdT2RUiP4jIA$;3Yu)cXi9Q$UF6Q-04yOO7KS-b*!^K9X~{pse? zpc}*ZbgsL73yOhUaYFI+G3Nt2UKf43HvyEu;`_%JpbW@-@U1gU4~Q;GLfw~6TeOok zlX{H2^M=SJYE1vM$xX-im_0)2Ic4BU>lSXdRSrwbQTgTRt>d1`GakT39<5@-Fyp^W z0Kw)9VGEgQs26A%Qkd37QPVpu3-72DEX@=M^%ZQcDyE;_(Qj$VMC)3%NOp%5fMmXW z6m}^*uW9dIm4sQHj7LtQ(nroWL_?{nOHWRuJ8W8P#$$2Q61wf;2Qiw*t%9 z5>z(Yb(MMt#@6DKtqO%A6zEdGrp5-@LTC#DVjS<%Yi5I-sR^8IyUw!AH33Z8+F6|l zWRuy@N%=Zwyf>jSVy1KT<8RyUv2kuzIovGtTzxCtd2_I~v;&u-Y=RYz7v*k=6lf0h zr*Q0$<(&d7m^rfx|K&Rq?$%$s@Ipi6^p$L$lF7BM?LySI^L1lOd%ReNHkQb8JS_n? zKhRBAZ6IX25EQnege)lE>&1&BujG+&sfRH4pKC;VZ(7(dR%btH;Ix`windlSr0mT* zGAZhToeP*u%JIEdVL6Qslm`5Hqib^7?t_SfxeRG?x^8Juu?o4U>b&CG1DXsvZ$ILx z*L=gmy^oLbp~7a?P7e2M+F)F?+~P|$&TmKM4r1UKB_(jBt7fKoEbM7hA8*(hdh_J| z%Og&ZYyn15KW};kQ2DS6e{X4K+A+Z>E!AOnAxHIiD{yr3$G!8Kh-){D(~bA(9`QEs zT;1-nFZ9*??Fc{j_OW7$nQq7{d(UqzB4ZpZy^DABvzBFm^)w~1_KvTc4({^gc+PRq zL@HjGYawOxg}dk2mjRGv1Oelza^dvdg=}0@8?U1yyIa9#vXaiQ6}_(xnXc96vsPIH ze&Wh-?&jn(gE6eXGf@vWJgB=lo>iG%q4hJdT$>1k{Ozctf)TIb>O)N0(+C5kmqP!4;89p39i??YYLWP7@oe-{Z|( z<^r4vtA%%st0p_U7aiMk6R||C@8v`GKK21wRu;?WGzn#z3atMUK{Pd~(b(o8bZw_# z$fJ!3?fT9_5Zrbq)%30K&L#~!a>Yv1B`o+RoC4$i9i;Qmr2~Q%V&47c$HeCW8_e|T z9&C0pq!AWt@U9viow%?kGg-`vhU2nlDWTtrYfvCt{ygrit~r5pYc6a@P1@uj(emU6 z&P}84)S=BobB)UBL6b|%kV91-WFDklcl$$c5OINTYMnH^2;v_C=c%{q89>6ZyYNZQ z;6Olv+KzJ{y(2B`4D{9v*FzwDaCs}ic@d-ZSNCNnC0rUW=TPGGu2tce3Rv*l2KH>% z)dw;?M`U$&qO|B|V=_2(#j0~}o)tYHa_HV3WZZQETAy4oKT|T-yaalWy3@Ha4+R>e zf`}X5)fjTlOw8&>9~|INoAZqq%YpR<3Bfk$qcrV_V0i#N|2@pagggs688-C0?w%21?|3E^d4_o zAP3SYeM1d9U3fj4A*E)v3x7iHou`F1Tam$ChA96@JC5yYqw+l zPdgCc!31CgbR)74ZrVTW#AUR3IbmN-7v33E4A3e%1aw zqss%gFh7v8%A8@spYVj1+gD_;gRz`GAN0=b)As?wcJ)HJV{QJL%L~RQy&9u@q`7TO zC1$Us`FR1gV4jaGpn8jNaDeR{M>_7TmOnK%IbGPyX1daH*v?Q?TlS%hM1MT*IcboY zx&N-vAL1aH*EzEiYqAlZydZ8d0n0jsOsi^v-QNDOya2R(A_CM4qO19@nvn^et#R4U zY@a3YPpK=Pd7t8jeBW;CH*IcO{;GG^MCiNk9~OKZnj)bD(AkUTgh#Wz=(lfm%`;ZL zyO}vR^U&7|=RX!)+l*jc%Ht}RliQ#Bpw8C+wcEwce&(~K5IY#FCb+vp?_bV>0w-sx#cWRK*xC2`1~StOgo+iY8@y1J70Xa0k!-9S^?w6-;He}K=y1#f4J*OjFd1COqf%4K%xAG z`i3dmh1Vg)_e$&6WOtFVyDQ9mexQm5IX(*Lz|QV&X3I(A4q}O-Gq*jm*U^yr_si0$ z*Ijv*-++Ul>P4Y`SwHV+9`{lN{Y^)j8iM>2)o2I^nbdAh0Nu-tZ&7xTuhMO%x4xgurpBcI?;4R8-%TZNOVOBXW0}J$kxMIVN-*M8 zrORI<%kZxXn4kpWK-|!6#^*s^K~LtIgcLJY0BDGt`WJePjB>mPyhJ7JnGIY z7x0c9LE+EN60p^Et;V*$7&=5S6w)CU`=CTY-TgB*1;?95)A1@hT&UWu(RWo|m|Sui zjBxZjGFjvM%<*GNw%W{_2D^fDU3H(o_37+?Lfxt9<>`OZqVu~%@tp^}&i-c|EtPzW`~Q8%%ilJ|K7C zj6;CG12_v5KC~hID!Cn~Hd9M2rSg^WaFMTZkYFXw_PGrK!NT~upH**JUbf>|*ztsI zN5;pQ90dUx$105ZV*LHP@$I;b!4BS#6fk{r_@lJr0@rp5 zt2VajGjPcI14{7L?muQNalw8urAgP?c)Y=Q0tJ z%5nAL#yy#F!`BbVM<@iz5FXr;(&x?PJ3HZI6rc6D1%NyZV1AmRVNPhln1@2FF!j*q zY-fYR!Jg`umVu%N9uU_r6Q2gi?eRY1|Ifc-H_|-+eoX8t=2?B)Bc;$2a*c`aPqjh6 z&r)0j6YLwyzrSV%3GKkyk(?@@QRcDc4KLMa-grtG)q~QC+G4Ta!nO@Z4KGkknVd2* z{CL9SrGJ5l%Ij6K0`JEg_ltH0n1h4xIA(1p{Y9Zx|EP5~;s;i{Agr{5L7|RcH`1u9 zro_#wp?jMtD|&71K}1mC*y?<c#SpJVQ3vts+EV5; z>FqfA8otKYAGGKq5^Y0f0Azx}kJ1>-qa6YXQDz7ezNJ4}D7o!|Y<;eVIj@h8HJL;p zUNv{sKNiwgb52eci*?Yd`)d8ZS{-P7z3K8a$0tL=eSY~QiIbe;ffdw;YGqTa^PsSu zKt|ROOSadf-b9ZsSa<&BhvqN#qfA#Y6TwqB!@vel0*@Cwz=_Wmpo61#iREYDan)FzcV$)tKg!3RiBj z%A|4R{>#IbcqU1hJTN~?4jFhe#0l&X(?x3u&3B%`Cx+`DZQS4s=@jyl;Fh6hL_sbT zVxDHeJW7{S6JA{NG5scDb&pL#dWf9+k#XyY)S3skIBxp3C-e^>Q&DUSJe7m3_!WwuIwXZ>`IshWzTqEir z-IGwg3dd!!e*ytd*^nq{=-xz)ezp9jFW9{IMxz&ta^mD6v~+)h$$s7JgMu&bW;Bz? zAT3GpK^^yXQz}_0s6Rm2F-hU{k?t(rSRT}!@vA^v`YLrV%};HIOlkwDH!(6SEsv{J zAfpMiW~3`m<{#i^G~H+mi$DqC;8Xn85@w(X{NZbcTw2PD2Uob8E2=4X%ZUC~M5%9S z1XoWR_r;x#x?-|JzWueuv%E)o71q#}*Olbu_x?(pBDDo7f}3O$T|ZJu(VNaR2JAp3%-Mk1Yz$CGWkN) zlJSX@&8drd%DI*#pD{bH@inSkz&L5xjl|&iF|O zzI^$7vb9?Xc$Fi@22Z~LR=hb&p7F~cjaXxMG`#$JW&{03roY>FaX70Q!{U8+fEjnv zQ1B$j(5Y{!mSkSE0^po?1r58y!Gb!HAln5NOawcMQDZDfJF@G5nN0RQuxhGk5wYtw zOHDT@6z*Ub=w(zJh2pg zXZqBQepLU)hYmmJUHoBZ8v~cX39=RG?qO*3d{`(!;GN^E;&i%X?cwFciRl3HUKaxR zZC!RGY&^&Y^N?Gz7IzN{0gu%_;A+DLdx*`wu=p{2}zQ&MU$ekw$eaD@sSn*OU!rl;@|6r|gM9XAU#{a5Dp6fVuX2 z(vw-CGhraH3OOW*SFA!%e#I3bRFn{Qe~~?oxd!j!EP8X8yvegE`|9zxAQmU)a*pbP z@+wP>7Q5+oQICvkF49%=A4mk98E0_FEGg`G){AdgYWdiUA|KG@G7|y$9f-34YC@{% z6i8MjqV()Vi=}XKMStN^rd#Z$#9v-B7WM#P~?7Y<46_2zC3fLQJ*UnLm4>!>v=AN|}B^=Bau zp!N+Q#$amT42atH+6mZx5MlM49bVI+loF-`m8{jI|MUYuB&v4)WgV%;L=IysI8d-n zQa|f@qc}YB=2Y4nhDgUq+B_y6<0>7;}b#NtXN&xgYEgKtXf@+3$P!T!j zF|REpvYQ0f5;T^-I|JB3&@2i52`&MIjzVf;_+QAQ86^rhPKoC_6$IM6l-Fn1JzFk( z-;FP0FpYPn!p7n}q4jtgpB%mtq@WYoM%jv(ala+HHS=3@&>d3l?eLZ&IQgLC5_q;> z9U|EPb?@hDPtU<5>kC0|SI7*BRfF)z9Em;m1D8YuJc-~#s3k3U->C!eBmyq?e@?QC zA0pY}-7e^La>9HDd=LeCURggUIlTi;_i#(8K^SW{T8BXUZXV(fg?>VxU@ICWf6*!7 ze(=Z)u-$9-hcM32S8DlTt0Z|n1TxXFkM1!+$m{sA?}v5{eFGsF1vxdrT8v4;p-B)= zxu3&7p>F{995Shir|6TshmX&dE$r}*NwU~r_BM#1?>HSE9A=*iF&{Js!eaM6NUkJp z=sOODY2&v^cL`T?~!q9Lv>kQI`=fc;jn zi9Wyo!IcXnWkhBwe{@P&NV)ltB%Xq(x0wJDWa&kcVDLPg&(Nb0uXA&i?HwqL6O2Jf z+i&dx{hEc~g`$}Pp7QEsYyTqhZ-~*61G+8~$p(Ji$78Up7T40tL0^KmE;JMPU2V_+ ziz?92cVrLWK+)spvk{=p5?q>M7)Au53O*Ipraz&YjpSK|(1C~PXp|JeFzW21>qg+v z{0Xy*b~+566(eg2ln@(yqxmj;V;8+)15j{C2!`866KYDT)&F_p^cmWSo)?ccioUBg z4oQ|*g7_Y|2=vni(i#JwcM;jLF>o4G7KneqtX@aAxnTB)NANeUt3$J^{z>OH0Mt`B z8wQoQA#pqV%MBe^B!FK8ZX}j6)HDLYP9Fg?SEB4MH{cNniG2`Av0^{4sQv30BpAW^ zFi1A)bbSY~cnF)2OeTn0)h0%04iwxz7z^$Y2&7EwpBoiSg0_LE*MhbI`0fV+SxmGM z$DpZdW9dDc;H!z2e?Vg5ng}l*0}>+Of6zzrEWG$I6U>?shkug0UkE1m=^1#De|~OI zKn;Qfp_v4cHT;5JPXt$D55cSJu)(YULod}qH-u?7B;gxxe$uO*3U4IhPw0lK{!iFX z!5NWYE4Vl9`!5WY1alf_E`-qSOmwA*Ab>{)-iJjrw2$EHKRHcr4Bk25R_MklLArtm zkibQ0gk&A<#!pU5w55-Lr`q?+h%DNTI@*n2M$p!P%E|!t{Xa(>4T1G{a5T(US!_Sh zMNr^Y%Y9L4d}+osY3u{)kYI%CAHUoI77zJe%!p?J`O&oLZbF<=8ynADgS;6)q3K1yk{|#)53?~Sx&U}| zPW+rUYd^dvS7YcjC3AiuUF&y10kFmpg~N%zoXvBX`GTLSL9)WG{X@DyMiw#+2+cT% z#E6qW&tCv`R1i9_&~yL!%MI9bMd%1aWO4uGe1yOS8olu09E$nD`N2gnk0B!9bDjZF zHMBkO0sR*6;vnM=UQ#U$oO9ZBM5ZW>TrEhcStS1yV7(rg!E0k7&7b-4r<^7pq~ACO z-}repiH7tWpamI``Qeul@$?&l@Qq(a(AI!*)xgsIqMMJ>&TAheDi(|`1we7FGCY&2 z79=W?O+SxAFBn!H!q*|bi1-VJa6O1Lr!=&1r+~Ogaq_P5jvu*r3eO}p@Im$5F^knd z^_VRm4odt)X8b$|d;&8b3sjIoxFHudG^A{#Cj&TpKh+K6pDeiR|U(!&_ zPKl%%JCzo9i2FGLj_#!)bPK}TB8(11tmSKyrd#tSED^Ycyn7}r7nRngw|y)5*d<~b zICL-ED?(Jp-MT#K_<1h*qJfV$&bJN}4t%V51K3fRhTkE3h}2TL3Q{$?&~?)HOMwQe zsxpd$=rGcpgLW__c4d5?LkqNL-_FE-t@jk zJKenTvLhy~M)Apm=HRt!hnQf2vv>gsoX_ucAu%fqdYx=U?ii#xeiR|>oRzuxLrdOdW~4+#uJBn`dC5PFBubaCG;XP7?{SA5*J z)z_-r%lmkD5l7!`k?g5*x0mT4L7k+_W8TsbnLk#>Yto9YoM{Dm0|nbf#NA{d(iRhR z#ugs9oF7fBu@DU+KbcSMpU8IFXqt)}Q6xn`f2;#NPZ4Xpk`cbF+?pwYFolYBPOQ zv=UNON*b_6aoqtJAh?>YA2LNySQlv`*gHPT0iWwJSb!E#Aw9fTMXD;ST5OygSo&^) z7XeN)Qk6FPAUygwO}k`@h^M?5&1k2=fD%!aAYpzF6D>{_tuotnt?*j#xK=jqORXjZTTK`o}qtgr@hcob}sSwOY-084^Pg zp5usCJSbPgk?X7tRb>gab~jmEju%$V(xq^C?I|yn@h%z zw|6aWGdF2OinJC%-rjCFeT0}e3Rpq4fv!!2>zHjh%jcVuW?mXKqil{UdB032ys{9ThjqpW{#mD0x zt@BQzB;M&@qa&5Q1%p;oql%0m`e9!fF>$*=jr3j%#R0Zao5YZ%K~^*A^q_!M4{nr1 zk9|ortCF7}MkOe3<_ZwM-@95+5d9X3A6wfC_~relsXJAoMk@F*7m9KR@_{4Jt+UX? zFL%EOECZBWX9{>!M3*~J)Gz$8elGv!LQzg$N#Ck2YhFAS!2OBlZw2pzsHY3jQiRbg zSF4J=Fp5~J9ZfbG{0WPx5^s7;2hhHiUrxaH{lNOn z@>g0g+f17E<1GKOFnPHdWqnTOWRnEyue9+Cl^q}hdFP!G86p!|d)5nK!SsgC0qy0s z73t8n_b#Jz1RdfAd`1h_OH|~e`s0E40FPn@4rCCSVSw!5-}vdmCxo=hi{Eq|)e&@@ zT1LIf)^F0xs1zYA*RlJ$=3gO!Mv+>U%QX0cg;K!rC#7T{Q%5|tSOny+E@&eVrrkPj z2GMc=S(F3{b{8@eqyfQ7ehPkEMfXu|Z|!9^NekBtnZa)rlQ-{#e48c6tN+9>M@v=S zJc%EHvM<67@2U3GJ?>It{bWW4930PgXD|wp$@>3tZq=dQU> z&)m?0x>LN;VW%@f)-4!c6vDNjz*}^BX;~swUdX#cGHe&&jdfl;*-X}q#Hkc+BH+7u zpmViNBDGO{IvPj_T&>E7IQ}M&n zUdI)TG6EbkcYhLCQya`X!Bn|Rt$P!6*;S{&g_? zTA9o18JTGQY{2<<45n8%Vj`(4ouT1*tZGr!+YL&zS)5Oyf(8iX7D~L>AQ^L$0bzS+ z#u)mHP~hfthcRQv3w~li&*kfjye2NAK^fQDi5UZpMDQ~~*X7xjK3VLSmy_t1rt69& z+6$fTF{_S2{%%LbKLN)*6V9A~U+E2)?A0#1p5M{t*v{KBa1awf>=Jv>I&iusb<@)l zStce^sZhy#4OxPX9o;S!4*47FBy~rgAs}fJ(!T+#iKu0RIL3}1Cs-WqKG|d{euUVZ zXBe%kTouoH#H`KkVxG5+ZA}FlO*zrhFOdW}ZmPUA_iYa!po0;{ZJWDN{M5JJxDbca zz46+8g&Ma`p%}W6?>kPX+-zm}os^q3rIu>{9 z&E>tN6E1jA*VbCIydR7T^U74^*^@}fhe2q}*n57s~ST!4c&!0LL!{d7p?85hV zU_%jzbSN*djb2))-F~Kd52F`A4?TAoX>`F;JYnVQJB`2*5$4sYOT||0+=fQp!WNsQ z$na~@hOJnU{0Jq`J2N3l+mkMo%m`qhqUYD@`;^DG%^^1}qul*OScG`?w?_~_lr1ce19z;MMhP?f~M!7PD?AR*ci>KK$3N~Ur#c!Tv~{42t0N*;ANXmUs=RX!UEbZMODK#5Y;iI7j$hQZ z!N=3nk&35LEpocJ#k$b&2xZ_&^vct=UL#mLkoy4tl_?g-@R(u{PbRmcoNkBJVg)4TItF33mK z?&V1}Hy4`*DnFmJIDW*t$ym&fvo2LTsA&#PA}rBzK?oj@9}AA4rx0roR{1>mjbfCL z>^qy0{;^PI9^FxpE-r5FJ3pu4{HF3%128E4v~V_45^#C%LB^^bLmDy!>GIVxU&lJR zd^cLN7aA*kuw3`|^w!v9r33fhG2iPSDL`~SE$G!d4fw(7K1~53N+;_oxpJHqtTyfc zIZp6fY)b8$2p=vt)B@h>_{$u0x;(1204-BF6$dmu{tCvn$WUu}kHnnOn9;%m%>>2L zhDEz6-}bjTI^D9Aq=Bl9r`-`Mi#MNkYgdES+tZCDoFJ1RLt~~24ZuuxbfX;1Q{iP~ zWxz}RjuvrQTQqoHKMj=JXXJ5T{7}?28MF3cA;-gt29K%IL+-Ap9<+KXyKQP~lGfhk zgjX%chgNN-WHDnCQ6U^eXDEQl3|qn}g3t(o*a5mm5z%y?Dbq@p{aRTJ7||(T+H*4S zu~Z`P!%M~^M`b7)#V*gJIGTdSigLKGI*$cq%;;1FG`LA&*1xf@4g=qO0ehUs*H-SD zj6ftvk)ghdctG=OgFxKk99=(TzGu1El}@r63Tk%?B(9inl&)$>Bwime+bOuXp42A9 z-OY~!PQPM}tI{-&!pWMUi`2PLEEAVeTpM_DP06t3-15vOlz5$^amFVpz|MPw>5R31Vt56QamnblAKzJ1 z^(dUhOqlS{C{-$27i*zgO}t&`aXdHh+xBlftY?_Sr9!av=cNi#; z1Jw$Uqm(%g)afBMx>BCFZFeCRX|eeQBRVqSkbAzLpD2Gii4|!lI3DRGfq!H1I@x8g zb7IAP6YPnFQ1f|y{NR_X>~&`4V6IYHSf<(z5+0wj={En<*`4kCUIh(LxCN5GloZV9 zUs#YB%UT#?Zm2v(yjRdKXV~bzIXU}4zIuq_-P=yu1T;;E6HpMV1gFc%sZ>Ufe9x!w zuAhmXj;@kzDsU_NJy__v;Hq^r*V$?CC7{`n2@z@X*QikNoYT)yS)`7Q9&lat0F(E{ z`Pwa1OiNWZKuAEXwGPS>fcii_ix+0^&z+USiP6dki;K=iTijK-mXOFTe$k&G%b z(qd{)2Pr!OGwv?bQ+aBW7p0H{PUv&oRXc+VZmS=XFdf7$Gm%#RH6L%~jDF87=(JVk zr)(skxe)y_|I^J|FiFSwpK1z!LUYoE3GDAjy`srOg}rfjLUnc&ZzxUz8iPCQgX@Z!$vv#G?MF8B^0(|)#2c^wiYnks|yVFWj7DHS%tqi z;I_!iLf7BLKFwd?6`(#}mQ zbP&i;u8yY|nufNon^GFwE){0JmB;ufK zUs7JlVn1vC0p;oC@yM~NsG+LrbfvX&;m-lN`LAR44>Y;7T!&}aL!aS%Ba7r~#tf<# zonJ488suKRet=67Cjz|0WMPl`i#%7I53a437%Boyo#lW{c$Fc3dI<2FtS$}5PwYk8 z_UxrAmpz#VT>1X%x4Per`{T-=mfPorVK8$2z83jcR#G*HCDU5bXE`9HZU^V45W|0| zc?I7BjeQW`2LDDHf6(er{eb@Bj;i*4_WiKpP0A(UYx3e=kZj)unm`L8X~&1q1$mG| zhv>(5==U0>n$#zqquS9mZ?g5j$EL{_UGuL+_Ecc|6fUoq`K*iw!|^&LcTHW)f# z${2c#T(F;4++6-j`^-5^R)3_z=TPREm=Xv({xVO#VQ8zG@KzDJ;J7}?(eYB{LzQ|z zn>mnfC@21kmm70H*{ZVQ&+osia{+MJk|-S+y%!0yH)65xI;XU2l{?=5Mp@9ngYW?n zNz>7_2SJGieV1;%g$FXyZ*&2M0x3Ma%B9zQH8UwC<@}1`_*v!78#iyf==$p>5S$&TdUeHGMF zppk`M+P^V=@!;kfFsQ9GSqDj9{BH_B#>`nn?wpzB&zO9-os=+p_=JDGm*=u=dlZJNkd4BwTbEiCQ)U98poGzw&T)W$Ka?Yr%p4Sm!O!DJhK1GrAc# zPLx+sNL`EK&aQDgF`PaexJ9hs|f^t^)#Kv8W1SFd1XEuPhB`7mWiaWIPKc{f?swmY&$8go5 zcnM~hk&1w)p>4edeul}b>-Ru<1yGuP8&4ZeOQ&e(xCBa%pBPnkix=Ex*KJC=+w4m&kxptw2YKQy#V6M_^al~20KEeR zP^|5kSP0_p(loLqj{>q8HPBi;2chzS@+1+#mUao{AU9;qK&THT4us|)P5H&W^xHPg zgyP=NV2F>B76^aC{LTYvUkX2H#}a&8^Ou4*fM^9yv@oBj7);N*vM{$Trj7-l^=*3A zANXB(M}T;Wo|qpzKJ(CjM{5(j|CRf*NaU#w65tXzvf(V`+i!Gnyw@c6`&E^-hxbxd z`ciV5R4T3h%5Gi{15?YkZifTwL#`lXGadd)i)3rrm0tBU6P2oxYtVD{Cl-UKL!;}F znmxNS-0^3`R9wIKKs#j4mURQ^2l#a8DI_Lyd3G1W`|1zTD=w`ofUb?K)yFKh{lc(EI$dk5bz z0Xd2>39%9H^fE=D+0<;EUdM3Fp_gk5%7ZzQH{QI}}^ zQIlw{CFc^Z5|owBC7#hYPd&RbaBq2iCT*}%4GN9oX~KN^IG^H@4Bbwu-U6OfWu)jB zj@P(#x{Vh!P-+(ERTgb8t zo3joh>m3fH$Syaky^Ped_7Rk$O<;Z;#mKZgC_gSm*JUJz6=PG_(y{ijXoT@*+1z&wStD_O%ZM;12GZEHX#{}jI~)<@>K)KqXky&DS5CY7L>(6G8EY5 zo%B<=@n@0xkIKDM6QRalDadit81Ios+!1DP!eT@R}wB}X1u|o6~%Aq9F$=sxJBb@;m}8Ee2gXp ziw1|d5kHW`Re9raY+U-K4aQwV4p|k?OKnyIaWCYmmVFq>{AD(|JsiM?cQ$Ncex4|sL zRu^@BjP$qR3#xhr4gf$-cWG30!7%8#68Pis0o1K{tF4c@RJbaIYvcP<@t2CzAcj*1 zCIwXGxj^7AN@Jl+p(+k~E)U0Aqi(5#g6bRwJD=tq;wYz=Z)c{J;iq zWSP~x(5XL8Jcr-6V@~twGEv!ET55SHyeDR)S~L3nqo4@auwmwCIF)-NWT(6e%uS+0+2z{suGAL@DdRL zhAw?|9jAkHud_xb==Qh)+mxW&MLA{|G@zlliv8xe`l%xhCLSs(qG@ekhzUnEuL_1M zSR3DpDP7>O1>FZa$BlH!y3IEiC&T^MdmRF2>1BKnZ)WN)wO4}VBoM7)@U){OT~8wV zy`1vnz^S-TOt^t;UJH4Kt2LJtJ~j+I^X~K!5`d5LxCG3mU0u;7>IcolN|%6J$E>s8 z|2Xn4o|e}28ME`N_{w;<4r3YI9F#uiD)%xv&JpRUVy{xs*9I9GdEY4R<({|GZ)1r6$|L1JoN=|7gzbx`(_AAAmygPG=Z zHT(FO_4qCZbl^Ox%;0gRpr=z69qZF|8?_%M3?3A&7^ zp!?w8Jws-;{cLGMAk63n;q*2>KLUgGzyO8-BkcIBiHeK^05^o;CSY(v;4LjkU3%C7 zEkW;JK)eFaBBe7t9dJGP2rcamYK-84mtQwWSN;gaqt-;mOADZxmgtHRSRXtyL&HHc zDbsfi%JhDWB0V&K-irdkVojhmE0KV;vDZ^ZX>%q#jdOu>~cRord!;F9% zwFsJq(8q#}#`GXJ7xJS$8M?6}k*1|HckcQ7N4Gb) z9?Zws1K+koKboSUnf|5m00R99yjABHzz?a>kMu}S*ncc>m$3xv(tj+0pi{c>Y$x1J z4v_(cd-B%48cuqF>`zI1r_@Efh|t> z|BDmM+>=Zj?YUg{*LIeRs0`g_+U@T|1pK}XzL0CM(}eBjbFg{Uyg>W4S~f0@yBh%j=4KK zsaI0@){oxOjk(bH@HVILuXG_)-_iQ0eqP+V@)HY?(%-`87dW=i_yvqD-uM-aEi|^! zpd+xQC4OavEi|^!pdqlu30s`7#R*$d@c)4neC?w>xwIW4KY>^NfBE`9db$+!N! zg}@d9h?ax);IRv4Gp#d!U;e)gj^Hxn>7&q|*cLWD)#2BQ{9m@it?g_fu!X=D0$T`d mA+UwO76Mxc{O^c>%5T5Vu`fRUOQI5@PV4N&GX-iExBnl<{dJE3 literal 0 HcmV?d00001 diff --git a/images/sigma_infographic_lq.png b/images/sigma_infographic_lq.png index 56922383f3723e3a05c9c96f7fcab71967b63c16..f19d2c06e61146712e58fde65f5f3dc615b5e7cd 100644 GIT binary patch literal 559922 zcmbrl1yo#1w=UXP@Ze6+;O_43F2SL3hsNC{xVyVMgdoA)3GVK}U2@6Z|NhT8_niC2 zeeVrMGkVoG>#J!stJbPs;fnGSh;X=Y0000{N>WrA0DvF@0HFO~z~5V1g$jG#FW4+p zHJvo&WVwNMHuQ$Zc19-jZZ`JsH~_#a;AU?Kv@&rbGBPoFN zgy=63Co4V@O*us(5j#f{A~t$9dPWj{I3iw0V^eNrQSpCue!t=)F?VvZ=VoAVb#U4-rUZ~4rFd;|L;-$OP_zk|E;5wh3WrcoIl8a6MuL2|2%@5q5c0PEGPH> zEN)}-U(5hGiMhNx?q5OpFDCpm07%u{-h@Hf1Z3yz2s9CMdG{XaUyd^da+}&Y+8Dm~ zx3DoZGhwi|HTw(r<1lU!J8L^fmG>Mo;Ui)Ck7h*+Hxp}3QH%E=fZn6WN5aX-_`jiF z{u9c?#r!w?Z-@R(EN5r@&dc&w&;Nj=L_`!F?MyAK-!YJ~gfNkmm z{P8ij)E{kSO>E7a%-?nUXN3QNG%Sq&ApdCg7ogy1@ou=`pN#v*p1<1v_{G}!PqUh> z#k(h%|5E8MNb^51J`xV*_bKovJ^zBf{EyIkthq%TO$?n(MBhK}T#QVdbc`HyOdP6A zT-?ko+{|orjO^V1a@fD6?HpC@?5z1ng#Ju$BE^3alSo8_=$(O$h*HiFXkq&&TdDri z;7>=n_ql3p=w$fMK+KGEj4X7FoT^ML+>C78OpG*)O#gYHcYj-$y8mBF%gJ$z+5w&a z%rhxbK9cwG=#4Fmx!FwKea&vjM90ZxWJJfxY|28%#mK_(ZW1eylf#IG#h8or9|hkj zq-;S>hPFVHe<&>e-&4E??Y*`cTK|96=1;*P;(a&ZT^~sckdvLG`(I6eS0NP>hrh4> zzO=UZtNi>aK!4;7fqy3p@UMs(|7F=<)#(pt@&CuTf3tw>Or2Z}9ZiJH-d+8Fp8)^v z?`m%Hp3VQ~G-LQ5&HJln{M$TxM>}I@pvk}O`y2h=H8VA}c%L5be`hBVrMQU^5i|RH zdNMQqos;h>{oU~&mHtl&`7f1t8UB?0e*(bE@ZUo8x4?f|C*Do@yX}4bd0)sF{=JgD zU;KM5G_ieO03F{~I(4Fq2mk=g-{QTZ{I^O108qv`$4%0RDxnVwm=5)sqr<~Tq=aBx z74(UxNl{wh7Q8Hv@m`CJXSjFVlgl-as4E%mECl@UtEyN3DmgsTlfKBvci?XM8Dx8q zJ^8xsDSw|0pRK7rH+D=g<(Q1}37)C}bS-^`rswr@XOK`s&igZJT48?2hVowD34MwB z9_Y8$tMZI$-UtP6<#7lZFFkLo(a}dcSdNOchxm(d`x0U-^iGGHpwY>XCAx1;i(z8D zn-=KmGe0;lBjzIWU`Iz`EtdkGK!gWmZ^pK!T1FXeG~`MHFnNsKl!hM;O(gfhz8@B7 ztEKThP3FtnDBaf=}&OC@yYtNaX5Rgjhq&rXahI=uO9r$4Uho1?u(7?3Wp;$suK zEJtaxcsJ;8lk&0q8F0|*=;K59VMBC-(yE&ern37;?2C+b?-F<8>WKsC8=ZSUUm1Ek zzDO@VtFF*mz)C}ocl0l!W@>$BSe~{i;sb~X{Y6i+q7{`L>h~=Rti9wH5C8y=_U8iz zNYBIu0EhrmqC%=}nWr7@jbsw;6c65U_vmO)zv z?=I7edE0y09NYVEDQTeZp>>1V&6mGEjBP^!F&manE2d39V@gR%N`f~gs(N;4+$KN& z8V`FUO~J##iTmr%UH@%@N9}wq0|x~M=dz!nlg{1-=;Z?(izO;RfCaq&1H-vFWa2O= zeG0)&3Je2uX|5glM^a0xvo~TeqOVYi{d5BWsO^53a_wPIaj!Sns(`00xmh7y-D6at z=!V?1O8W4#L-Yas=2Iy6Uixy+KHMBmlTX=GbR$4rM!JVV?a7#4F?{!P3KkqZJBN!? zF31XACD=XFhz3m(0h#Gk#0L~pZ^IT7O)0iXJc#?yfmjllt5r{Dwr#Tw{J&HrLG242oiu}cJ&U2eSz%RG2 zq|+G`=2i?_I-5H{!Ga)+u(Ll$UJ+Ba#SM9 z$}6O&1a5`>n-h8#4n%8H4l?-K7G&A&xOSF9jJxn3et$c7apU+1QH!kR@yw`WzFhqd z;79G(sRAI;_DL~{{;>Bi3KCn4-vm*HqLlW;_G<(K9_1W^hp_4~pTM+vyKr+9#pawp zk5nG0fj*vHF4e_#@o5y=*rd!~bePcyw}uM5iy~26$eqGjfO|kiI`<`~G-pir($N;J zT!2dwPn!|j_yQA_={=*_INn9IiH3d1SieWb@Q?2QwD@wt6ge#YqI1?v9&=)e|I=tAc2Q`bAs{nY=*43bGh?CE&Y&9)25pQDi45qFl*|EfbBT3!`F2DE*O(e z6fS^i+H_XDN|}-~maGDKp1mOwoNeIzF^Iy9Ma@R0DqQuXW4m0U?eGbOo6qB$;JT=J z9QLh8rSc7A1#l=cO^i|PQ`3*=o6~X$2t@>zc~733R36RP6WFZnVMT>VToHz(Wiawm zkmpldhl`rnWVOe8uJy89jEZW=o1{|Q;8tSBPI@c<$ec%3s`!Kn`dL6nDd#`V{;r%Y zfQp3C(vV~QAg1&^;B1IAl|u!pFz>2w0Y=7_%M(HoC`8UP=77*(Wf($hAX=4oogfir z9i-fet5K&)@duTZc_1Z8-YgG&o|tSAw8h8V$r9_|!i7c0zt*v_%E88NJva5&B)%44 zQ^2VDjJ8M9U@SXQ$KHa19o8}WI>R+x`$$JU9Qun;)HuB^xxay?&}iijks{)0aPFvZ zJS8zx!_vQD-bjNNKD1Y{EPn@g{!O{(cZ0c~fwdz~;&nYzy;@)}<-wk<{hozR$T3Ng z&XbBN$0-U=AA_o(dI^}~=^Od-((EWpez+!MH9#p>O>1~HCBUrW`w(pv}~40D6L^wB>tuIE-CaK znZ)Q0U$EEF!;(#Z3Ln51SC61F9%@(I!X4>=b2EOdMct{kAE({K>NHeG-aJffQjFjKO=Q_d3x95i6;Z(;1GJo0&pqeeKBL>+CB9}(~Z4DH;)8!I!aO-T=pEa_ZkN0R$^)q6=6!pp5tq^)^k zG+E)RQI}jTkTQZJEwT&xA?@1w9D0@oik3R*HsZik6@T*x!N%mrHRS4*rN;7Y z*Bmii6q=YPihYz&=hHZ3#>>fEKa9Ji=ue(UqrOM+c&ZR4LSwB`!S59%sPDyQ6A?7H} zf6X3!RaZPHts}Tb1dhAL*Zu^JF?Ew5Sfuw@76+Ht`nfmnr**5o7LT+*5)0(2JW8g% zTK`m2y#2&h42w)1pE4O{rB4XzF@^(@W;dmekF;F(jVL1&`I<`(EsrRuo9SKLH_yup zDK^?HN6y`f@Etw7K1Def3da& ze8|dTW2t}I|GZv+qdB_x%Pp<03G4#IWewla3DRR4gpBxA`J&eB!XE5R7S>OK=GNk( z%Eh^CIQftal8eWG8xOLLLDOdZ1vLn{tXfbUaNcQz7(tchgaI-dFmw+$VFjkAh|UJM<{V$#7aVtJq>bNDx=k>GvoST?>A|E$qB}pvQ4Kck7An-ky0iKt)JrDOmej z9GJr{_NGC>5eb0*^ihoW2Nb{_OFXEeQtjIWVy6643+al-_J1+RD;KjyC8pGytA4Z z+Zs~kW$<&Eb$8^TZN$xMV!5})t>jY=okdB2>0A!gkVo_${C=9j8D;9PQ=24)Jv9Vv zRIg)RWy=!Be&K#y`EO=r_<-Tt-tAGvKNWCFjPy z>*H((Y|v7QD;@KTj-8ftGHt`4;`C5EK#!%5tUTE@J3Myg`s~g zL|&?ztrH0X-`$sc03;txa ze(;_CRY^>XBb}&$R=RXG3YAvEh}f)#3)wBLSyJ+IstS2`{~e-@W>!7nj(Ixu@u=EG5@(3APYemzvl{R&pdM_;i>jpvy$Z#c&H^3DK;)O!<`^Cng9vYnr z4Vsk!4FN#udEZ#h{)4uXn+*y%5W9I$70tAKYxLesHNbA$ihnW57)m|0P*+gjh~iFE ziKZYXU@*WG18FQw!h@BVdpW^MOuS;Ns#DXI2) zGZpoaoEwsubfr*g4VG6_))gS!Z_iF@)y|mDPx9DqbR&zAv{l`8aE$l(G~*$AD{gm* z25KLRCC{%aGT;^2vzC2PgKN}YihA-lJ`dW&>n@@CRL??UTNNU##Y~r1*Fvz4{-luQ zk*{8sb>NdPt=hzkzLGKglp@sg+W%@2u5OT@f2U*ytlLfQt?yJ;QHvlN_Grd80XlbTf zlNfzlw!j$vrDvL0i3F1I@C^E`0zY%rH{avYNv}lLH@UR^xO0T@t3|~_((ZHtJbk&u zyAa+`VYyUA$3I6GoP&#;uqB!6{l4VeHrE8(6fJc>G7>Fc3%2ty6yJOkBAQ?;SKKaA|7@}ts{ zGUC|WJFq0tS`S5aoLTMjv341Y9#In7yEIMzEoESuK6iUKO%EAw%*r1e!6Ln?s<$-4Qv`#5 zErL1Tgy)9f6LQ8ay}6Vu;&A*;7QjdTu!DFT2r6uuvg!AFdKcG@9Zgu_#Bom?(p zmMX2*@T#`BqQv%hfGsc0TnfT+GSC`-zav1O_g+9|vhrpa*}>SzXOt^WHWQRpJn$GEanILz=p}aiRU6&ZRS}ui78je#9rdiP7FD&i)UpMqHKky8Vo~R~biMS)q6lw+!+9IVKW`1ofP_+51+8H8l zL5mzGGyunRUDlLEsYc1d{OO5HJDfJDom{%e+nUBH0i_c{vFe%5qPd+^a|mF#eo6=F z_r(!C)-#=>Vr$1L|Lde~!77#Xvxgc~I+?b=g;rT>sG*VjbO~MX>x=z0)VP0%0BsUl zRDu%yVuN5w;&hwd7=yImw*mnduH>I)jiKaPq?+a7Q9|{y&v^k~2TOf`B;yiKvM|VX zu|FZ=7}U|MUA+9gpn>Ze{lxxd(^;QYIW)kAeSeXN(5gLbVW<`~GJ7JNw2$0~eIs}A zzsw%CmaHJ)U{q}iiH;(!W&>3nK+sT6_2Z*66A!1yS;QNy)io{dBIdHv>sJz!Ww5qR zkHlfm+XPGbuzgTQVpK>zQZBvXL4}J1Y}5K<3JoBqWz{X$f3O-nTcAO>cUoD zHXOuX=M&6;tiY=mcep8bWd7zw9>JpMysVlCI>eCz z(jqL@k8pxBD)6KV%rwoyD0k+`@+*lG6t@-U= zjY!7B6F5aQsHBKTa?V!x7~n{Ckd(#3if-JoO18xsMe7o|>TAtU$;W9Mm4N~DVuWU# zmHcmFONn(%XwZu=hJLk@_Cepmtb;f|bCM815mvDIeno?!W$PgPjXX?9^38%;E_5C% ztGtHjBi*T}(G&Wscs@1(3T@6(k{^JvlGm?ZY7u_>fmg*t!am>F1;w z*qvA2*buwgsh`@Jq2PRpbynRhnv2KCg#1z(RVLCB6x>0vQ&vw<&xfK}>#|V@eDKqc z_EcSKL1&+0JHUPsZgzulF$Q&jRU>OEW=bbFt6sW~kBcEOC|Yy>Z0*FAjro&JVu{DYI}u0igNOGnUL?oo4TM> zVPxA6rHwMg5qX8hUf@%QjhB5!_NpmG@##&XE{tJBz0F8-)1bQ_XU`Fg1DBsSSgUy$ z7SiP*3oPl`)qh9y^a#1F(IT8D@$@+S!J@v7qnRyp)^4T52s zXqq7Dsz}|Y~c3tsXZpDt~T;o7aENK^1b_0Y}AxYl#HReJ= z*Tq~oNjnL{>&{T3Y5X(<6*~;V5mWq9ocDgm?;p$A$c&Fb{wdVy1X6~Qak6fg;?wPr zksfR^qaf-a7AIFQ5Bt&h!O>dA&0aIILHm~v4McsCh1^oNIUP*-Dno9=DHXqZxY zw~8n()vC^JYrl)^voxJU4agxHmX2|N!sW;5y}<%6Y`t~LX5k)IEmi?gyo1NE>IsLi z$y9~Kd|-&kw3{h8)dxcLh(I$C(2c0@Ck)Q>daBQ{&O=huQ6R8+c#+-4Op1^w8s-#f z^O)?a{5A046z&eG{nz($Mr|y$iQBAc-X=&3RYahya4i5pB^;|~;jmc5kU^oT2<#rA zeXZtFSE$7mVZ}$8ZWFDOJaGx0GfeDEr)|rR#$0|uK$|HpafC$itWqPeluLr{=_eyk zTx$~B@N~RNYP!%lT(FcwuGT_$d+gradk%qy?v%<5AAm7|hpgiLj1JTS+))=!|`tkPNWDntn5&Gu1$0#=&s`bl0aWtwL-mV?bGOVt0uT z{aVWRbv1qJpF3JA`*Csu-d#c)w?F{nW2|6r;O8FM2K-tQp1=J%?5~Fa;Z+M&?_5#*}#5wjJ8J_tj}p?au0$S# zziVIW@c^&FsU$G@HoF=8A%a5F$FjEkGhB>h-C6eT_Sg;z;n^pfV6c)+5Yt6Y#Fi?E z`*Ms;tr?TL1{QNagb^nON{ zrA_;plRmveltCe<5RnWjy{g}cBk=?9i%{i=W7kG1QoXI7Tu^>issX;=e#|oC(_ACr z&9eUS*CBm_J+Cf&^iC`(vH+r?)Zekq)iw1=t|dJ3hwceFH+li-d*}rZVlgDu|T>u&1~eKL+ikfcV9O*R{} z{3BFXgWG98g6CH6#FuM~5dpEpn)B!ZdZ{oS!92;~m7*FcHQ%=kDaT&Y-gm2T7Clu! ziYFK2t+1VAEKhc0eNK+o#ifhrTYHe+P3j7|tu|7O!r}cucf~zYPCaC=bU09J!{6=W z?Ay_l*W>||u^?$qg{iohA2zf4_r6r(A|a4vy?s!&0o9hIYkx|O02qF4g=}0DxtS|0 zNP~;xtQP4JSK`a;#r|VVwhSaP$hZ~EZxfn$5fYVj5a@uRw)^ucOyoqh@g_Aw7e&K8J22S+{dgq$t0s(V^1H8k%dXB&Y5iTc0kikq^TaAZ-J(k zlz9Zi(nM$o_2e9OCHtm5oX|iTH6$q!lbb&31Zxm@3wOC&1OwLDO3?W_J-onv7~IMT zFI`7augwq?6L}5;X~M$W!*B^pli&&V0M?55mTC9TOXhv zi*B}lKGe%CRbd@!6E1anCdlu56UpN6ej8tRF!FHhS$A@?w>PgnPU?iBc`|sUQu|87 zljonU@mWHLkzB@ni?SPW7-eb%pJpeSuSA*_%dQ(MU=9bS*xY6;3Z4+xu+5VWw!Hax1G1Txj2+kLFQP|Pr~g}b3Umj1X^REl|I8PPIP zE?{_CU{?GCWc_}2HXcCD=r@@SuTi4?`<5vph5qNZ1U>tQo+GvS(VEbBa}zmaGKZT{ zj*3JIVx#X?Y9=I2i*BxubzkY&)9mKb8e<=gTO9q^XIY6z6h8ohkV6KziCrZ@K4Fys zRvBeNihCwWSja|tXoay`h%Qf|d#3fZ1>i%4zzaG16`7h%sP6dvlOR^QM9AQR)Uclu zt4JR!5gWA2JIV8S!cIj>IS`yO_x4V*B7yF4h%{h81j>dX8EsO{FfgE@XhS;V{pUb} zJXv;A1y^!fE~uW*-D(c!doL9Tioct%%#4L(sJ7a2N=7g*nOEF7VgexeNHWuA?sMQa z+#Nj(zk}3XQDC-NQif}EnY{*>apFi!M7kgD59UOsy>85xDj-?5_q5Q8m&?TIzdSu_ zdfJgSM_)u=l=oLK6An$$QngW!ha{~h?Se-MH1mX`ww;aj_n`h>!r|8(G6QPRq7K7j zdd%NUsYrFJXKkoWp(DSTqgI?_p-c7P+}k>MDraWNLfjH5>HWdU)H;>7 zW0&dA>@q0+U>4Jp5fho+5dgvJlcCq)U5h? zB$#z%VYw>FL;{(%<5KA%paPe^NE!|HXr1*uEjz!vI7wuA;x^WM+xo$OcB||Y8cS(7lZk#Ca_7PBZs((; z)GS_(>g6orXXPRb$|a1M2Z~n!6G@x$Ma%NBQ#eJA{uPxti%hHT)@u5Pig0hQ`HXUI z*`FFpQSKaFH&O}pkPFT%7Z6q7kRrTA8HXL_Qjg~ZEa@nX?&9+Lz*N<2HFUA;MTH9^4qyLP#* z{RioTo94Y#_WW#m=Bi}os+WVR>niY^cJ#!$w)rDZdD&kp=`BEeS|dJVLLL?_M!%fS zuv3CV@oV>wT>5yaVPiQZ41&`_&S{D-+L#i_9l|4~yUpd3bE5~Np0DL`b#anOjS}MZ`rFpJa zwdmJ0f}s+!u=zGqlE!^(zV5F|r)S!OutaKgE=1&SUv#nGzdZjK*zT6}Qnl4sHy4TJ&+e#?q=F48Z|lgiHbV68W- zc&Oe9R?0Ff(6Qh(WX4XkprG(wPES7DD`O6}1)p?D;T}(F*F^c}w*ZnPTOP0MDSD54 za~B)FzSl3R4ebN~0K*#E%l;0g3l0Iyc(1FTGR6p9MZC&aJmvlaM3F>-YP2-z7}{N8 z-RZv1b4eaiT`g);bhxob^Ag6~s8E(_xWw2k z6deQI{))OwE?9zxz4JL?F}uoQNP9IJNwE?RXB6Z&NCY_drz7b4I`9Hs?3p*0fMs*< z{JEf$yOYT;1TJFj0?9%W{Pu_j*>XWRz8&oBVN{+?Y`;{LP0A03QdAnq2u25~v(7Ge z4)fngt%FX_21{IR-3$}XFtNLM2-Z3ssUEg;F*X9?r0PJ74vQm50)$O~AR+XJg}!1w zvo-*72hWVa?2BfSf@iqx&G_ahsPbc$0cQ(j#UmtQfB;dBe{FrXda%=tHheOx5clx7 zg1XB`6<5rhG7N^D!eYTUg`}6HWUBs@`5vUqa?08BlA$?pN%t)^CJNpr1q zR>f_lU?s+V>~N@bWV7a?Gf4YuRKHwdzmlLi~Rc88~5VoR(o+4KuM2e(P+DVcL zC|3QL4Nef|AZ2@Ao%7s0%7B>U+S8q->FPT?o@%S?Q7w%G9tu)v(k~oepJ*oUPsW!| z=zAT=yvB%#@Bjc()RBJ9A^}H!2QG@v=UQQVJ3mk8TAnUGFnSbC5=IhEQEXz;w~i*H ztaKkUnI$1&;D!#8fHV8cQG|nH(dB?%U(e6^w4?D^+N599uR1Y8n2|CHttld z`2-Y2071XPto4S9kyLF&^VFp?+ySn@Duby>8rn9 zTLDgTL7kckpSljtPZdMjEF1_1 zh~iYISPy7HNZ}QIK-wXj8 zpJpdB;cGNM)A%0+ral_v2|qpTkE&&oi$jwSh+-*YR`u3N zUjuI$-%rzN{W#!fb~h|bnBn{PuWc(_e5#=;CVez=4b3UPb)juj+JqQ9tLRdJ24<>U zS&Rw!SlkyaVOB}H2N|}nU7#nwz!J3id4_(IwGT2M<8JTn02YHTHa&)_1qk0Zt2g^S zGgNwy%=K1gL^LyX_$!oA%fc{cIa2v+s;n*X2fx17`SBos4@IFxr3D}Eq|V`$b8&Z} z)s(X8)*iQvzOKyDE{~Q=()4P~y}%YGBK}=fdl8{3OUxR_c+|iZ&(pxFF@F`kOUQZ* z{TR@v36t#7CBCsN-L1tkiRoHL1OD3N>@gZV_4OVD93MOW;GBHn6pt5#bB{C>o2zfS zQ~u3L#5KItF2cvq=IK<|xFu7b`dU~@KqBg`f(7g9_Ly@tW8MlyxG1uf|42wJ`sJD^ z&WWExXESAArx5Eo2rT_;{QawQ4z?RN0;}cgu%afb=9j~qQV{Ger~;i4qi zr6l261BTHy0>c9>v6`6As5QlZ1z+ORs6;ar>3@auzR6X<>ha{LxS$c$guVC*brs*y zJ$nDKTC={vb`Gf+#3U3Qwe%(7^o}?XZ@wqxtY}iRta8&9jO!#rD4ULuC@Ck3be)+4 zU6+$*$AtY2W!78%blb212i;Fq+iy2gdPTaFdNu(KHiE}^J#&?=7RYB-@N^PBQC+9G z%O!l;uwlRIpvF)XlII~8m(2NW7Sx8o|vrxBjrn6avw^ZHBZCN!xT`u7j0%V&- z@ChVdtJK=kg!Cgf92M>WPvn=q^XNf~R$FbslnWx@t?(4p$~w#pdTB}eqJh#Tyj-|V z4QTPvhzu52inWQN$#U*bL~s5@GzOGiYGLp3MChnNHnbDWZp&zY>e}QQHO^^nNP0g* zwMBnW>0M6r9JIE^Hf|kX#9BDKzMG3~2K!hK2WP~=slJ4`7EPK* z$xkh*j&s>soLc+%%cqr=LChcWuyIBTqjbg;r6fiFEhY~_hSvSq2ZdsM?9 zY%Zp*d31L@QwzFv|Jp41h?vuada4AfctVnq9QZ&?#AZ>(d&g=uO`%tT=3$*7KTdHH zOx0!>#qZ0ZvTJn#-jlocJs5Ujm)>t1i4XF}qyxFnNlvqM$XGx=zt|x42umtl3C?#r zWvfLTa^XTimw^jW?xoBgiy=%qH5CifqqqdyaNMM8QZ&m@dFbwldtqEe{s|KfOgS}V z#3frK)2!?){eZ&WUUMx|ai@{&awK?ffq0s89lyzjP6ryr0-*YE}DGeVXJ2@H$A3staoKL*h_x z#!8Osh)1rr+r5`g%zj8b)|GO1E1QHtk%(36`3tg0s?K838R;VE7H%Nx?QhH|irAB|=QA2b zg31aAvbu5Z3s8t5B`R0$UXa-T(nhIy()6XM?waX*BHYHKB3o-e9_4Li6jQ&RLUW|t zP?il%7YFIlWxYjgQbP_Mllks(?r8MB>HN6-mv2#x+TPcj+2kh((#a_9z_i-tm@Grc z*yaai=2K~3=U>G{2!tJaYWb)LHPD`Wy8^WTZx_k*T+0PxOw=@uNkv%+rmalVNJ zY;6ewEp!;E=3F5bpFg*x8Qg?`YgT+Sfp}MmVHYYPf;jtm zBYOzBx~cu8QcA$oixl9r6_W&Ala}!P^4mIk6Nin0CSdXG9 z5%y=MPS=4a#N5g1!cTj`Bb+MwN;QiZIS}Gd#O;Cy$?iSmMH`w7B$^O?G$}(h___~q z-n}R&O(;Rg7;V&0rb<=F5tQDy?;FhH!fL65h=X$O;mP-3m~E{zFDDbix~wGRFb1)a zuy9>N4fW}waruqVQx0Jri%?G^#F7|3-3<7H{1jWtsgk|kfa4`QLL?sQhDz*}ylvEB zfT{4lvhY&4>h33$*zdv55M}P*^*9y5Joqg`3`E9vF)4TcgFnMsPHbvMG>(Gp1-9z3^b#uaY zH_3H3W2g6}2t3?FR=!ZxTkZ5k9&AG4FdUYrS&ne&&neIYyKYwf95Q{7wFu^dByx=& ztk2uUVL4d?=oP!`F?PKc^KIw&rmrzS{z^Ekf(^fxWVJ(TQhv#w7!x_zokXvHU3IvH z#e(QGJhy0FQmjseUjj^$)TJSE#mAOzqK2nRQa}z0L!?Vy3s)DJ)?bxtU$YJ(!IB?$ zK6`S8xGe{n9M(oH?fu~*-`o7_)_A6n;t%M2$Qa_WY+;WY-q`~A1h~#Qbj$Kv?H#?J zZL*b;v`}V6V!1F=57SZoiZzx1fWF2GbPBlF&Q>tt8dd{M>2?J9y~T>@MHgn9H_+oi z{Go%6v-wkYM*aH>c@k5#XlTu07sb5=gK79wQ2+@Ex3%sqz~yU6^N$~hjUze@7kVu? zUY-dZ_CZkBy5+jpsO7xc-)-ax8V}X>&0ITQwh^`2QXY+XMAYH+9CS&SenUiaC{|xR z0R?vzf{HLC+vq#9PmZ~1ID#Ybger-~4t~*ljvRuA3@c~TXC)T-Tgi`w^^bv3ksnuV zKeXQMgz~`AG*0uimAkbiS;^)VY+nfue`fC@wCq3sq6V4B?6MHj-VfIE+iQB$85+82 zl48P-+2x-6dHeVV53A>S@a856H`^Bm?|tiN>Gs&OYlbC0N}enn;C2L~?`h8{?6wd- zEV45XzI(okp#M!nWARC@S@re2Im=x|_wv`zj$C_mw*%A=cCwSlIv4q;3Ut2i_}m`O zsV~g9q|g(KNu_P|r7{eQ;nJ-E9l5_8qXG`5^kYyie+Ffz4@sOv+<#p6a#OWOh_(O% zHsfrb>ShxZva@(uO-~Zlc&ywn8-G6B!IC*-NK*Vulo zmTJ~)7+ZyyUUk5NHe#f-5<-pJ>(l)cGw%2U=oyh9WhO$cQ_11U?Z02BbeyzCl&buw zAhPPHFVP=M0iY+X=O{0dr>cimdbG*!z4C{$A2z=yh1@T^KJD>rNJm?R=fC z&Y~`aZ8*pWHrMGqULP;Yf+>j0Yt8(AkBapIS55;<$hDKc=plNUsiR`#vCS@ct=Un`Wg9D8o5;z?~IpKR|c_9xd)i&o}^-Ga*GwTlQiH( z)JRb8!_-HmCwD_Wg3$Mz=W3(~=_{_CE%$SmV24evBu}9S;)(0gH-CIL-hv&SUz{Tk zM#@QV-XfCVjcuef3!#Z?csZ5Wyxd&{x8N2l^-?VAd#l|O~xeyn&fs+`+Nc|T4 zjG+qCuL{goL~dICsx_M28R}U+W}2F>oit-zX20`U&e50MK|I#?A}X~Rf%N-;tf?b} z;lLLcF#t>*hr7;6g{r%G`gFo0lH4HYk%^ar563~MD6*cf{l)59U|f+cKcAtmkJrmQ za3}Pvt^&r@CI~6of=u5T;3p%odl0keAI|^h7 z*c}Y~YR`IOjcCZ8iUNCI(!OzpHkgGkBVF8Nk?cBpxf+#UytRgB1Mg01>#zW$vOu#( zakgotMu*q`?1t4gV>C1YQ7iZm3Hc@4hiL#67p{k1|Jz>QXO*9CV2_s&fi!eD(37%< z&+@iE-k&vi*_6;={8~cbu;f&tgL(i-h+{Y=&qMVb9YxY%{ILDh)0a{}ZJ(_!k<>}; zE2k|wi|S80tZ>z0LzcYWOb7A~)@s*6)(-kaNGs}eW?<}B?!x4=WgMy00|S9EjcT-F z>Pu|G+S`$tjoa7S2m&de%x|}!VI=5^8MICbl!c0R+P@yFV(pW&Ljb-a?`Ah@y-}xe zn4D58<<&fBt5yhqsiW)=cV3|SwV4984Sxs8u+F1NZG`{*lN0fuC!>!i2?}@=*ph+d`f^T z3P!d9*B4bSkEmEg8Y)B_Mh3JD&xPD-5n~Pdtzs{&1YIdR)@7D2P~b#ybm(yrflZbO zrH10ypI_UB>(VuMbZS4wT#$JNj$)mvI`kgj@C~+1a!&->o91&WNwgK*Aq>gfBiS@d zK_F}jlg2%y8|SM=bx&;!(PAk&$0g;z1c}a-l)xVvOW!6>JyHrw2==AB$$2 zWQp2VHQZt@LVQ+l9&xMb#%6wAa9jgH&pBVa_q{1vqzNe`9O_)a^oz#~2^V)yC|)Bf zvtN@1C{q3hhudtqhHQk$T1R!gPE&Ku1S@(m3$QYNM#6q8_OpBSY7ZQ;W?Rc+otH=` zth#jy2Dz{e4Q=sdAZ@}pf}2ZGwhtm@^)@EAfkt#L3Gy}WjqwfbQUrWZaqwH7)UP7q z9+l)FkSkhaoW!pkGxCKt7~Di+t=Fp@G_f2R5I60I-SWN7t+TSVW(+?tSzIk-H9knd z$je$R8K$ypwfc0XeJNF#>UwN5Hw(sd^^Ej5bDVTCMq7G7R&L*ww~Z~7m<0aGSQma< zJtrlEVB3TUFKvCMGDS=)*uH@i7S?@YguD|bRjaR{o^zMHWyrbR^bh`4IvM?AsKRqH zfJ;(GWqEcWo~T$`=gZU@Y(k36$)-z;SqF=5;m`-77pC9Q_=pXLoPhS(#*W2w$D0SZi^_68V#FrA`br}KSGd<-7MwIqlCCEU0GY&_mwg2Jw($EFK2}o` z%MTR9|0u3#8#^F+(|3R#)ur;GPc-{UkVG!UMlE}-0gF{KmxLMLCb(BYj3sxxjVQkC z4*(b_2_iM6GGhxa0t_9H|<8wG)uz;UN;Z#-O?m+~QvC7j4 zlZ_~Snj|h1(=NWl2@JcsEA+&>)v&%Q zlf(hSI7;=zcgXz$qa^i<9Gf49gP<@BO}iWxl;{|o!4y+C;B;0mK`{E5o3tlOr-D1h ztx2bYAa*n!@Wj{ECd*|L&w~K-5yi(%!G3tCr_a|o!^ehH$2CozHO5;6dvS3bsw@4b zN4PIHFvH2m1>FqsS`9OM^2N~>|}fBrc@%(a&!iBw>poB~$0*EUjGlUdE+BeRG~1bx)*4Zu3mbyaKlSdqRnt^}Wr@-2vnCZEvv$?(PYq{g zP8en~W_b-N83?dkvVvH!HpjB3yN~G#>DL-3&0g+z^bjPPxk2AtBYawh54#~#=wgff zKUb8Nt!@-rlhXbe!-VNV!Sk_;@;{Mpl^v>ZR1DoX zoKg8R{E%<@MpFs4%EK>pxAL;pT`F}L0^IFdmlTx`CB;$9dtg0V?H02@dk7x1^J3id zqK}$SL1Qd^Ac2xP;G>iZD6m|DQ&nE8A(&=cQ?V>T?S{z~Pg%Rnwy=a{g7Ae*lS=18 zCnB6<_5IM~lsf(Teeb_}$)^#RMqLf?(>H)DTb9MPNSOKpqo8mk0_3*wifVTgbwS#l z75ZNQpg>>0)&J7=Q-EXJjf(dpLtG$EB1;+pMtZFLOrKq$2u$t{k&+`%ICzO_{o!yH zCseDP#IXcT(>K`4kJTeWWrCHw1A<^X305>D%w}exeURT>rETRo7UA{NG10L-&IxFh2LfhEUp)3ncpSX zV|xZjqlN$Eggwy4;W(ErplJdx>3a_u+~3I2)G402Yd|m-m5w=wY2otso@UTZmugT+ z!s5~qAWKAwosHTcWJSuJM8v6Ry?8ODvy&K7=o4!VPb`%@mwz4rH3}^($d45P2?Lf3 zC(I&U7g&-;i~tC_H_BZJ>i$=%Ledpqj}Fef++(xNM6Imz9z({CZ->n%Xb1o-n^dP^#E)S0e|%W^T7ox@Qo4uzb>J+Qi%vECGo&kVd~!$ycIrkjLyb z`=0NrIp4u(>(aa_P!l>E<(&Z023lKSZBlr2!kW$B4ghe`h+IBGm6N^^?pO~mH246! z2tIL9IioRaMVndKJGiA$LHZO@k1o}IxbcOyvQKK%)OmPoJTiMx%p@IEdFGYAGMz<^ z-v)K@$ilfGSY^gk&Hz07L#k4B=Lnh6u$g#M`tZ=tmh#V{SWI~k)6>lklN-vOf2*&?*i(_@4 zV41Tk?(-64<~-8b%eFWCt>?RP&92f968}ZNAk6lh8~&U_k|BzNm5sqBgAXh4L= zERoA>WIC8ocEehu_Q8L)cP3^_`(NP4)Wen5DoUdc1&Y>Slw!rfmb9>zGnxC~bTcR$ zlQrqgwh7dg$n6%#>OR3LgluKa3B*IdA>cG6!!S8YHIu51I3tAf`wF?I+S8j43}2H4hMa$#UtfCj_6=}&JbFVvf<>z zG+4L=$`!Xj_PLdQZ2pPHjGdb_Tqhh^z$Y&SHvF&P^XK7KQQ!aoAOJ~3K~$zq^25tU z2{Yg20$QQWRr&JRDg^Ei4s`Kje~l`pe^Rz z9SxRY_@1emwn=8-gXyZE4HcS47_i#fK_mFkhbbDKyUjeisuoJ2*%Sw`dw@?_!h=H# zMSXLfJ~(b}=ZpX^+2>rwc0G5LKKL!Jj#Iq1eWJhRtNjR>xN^e4nR8SR3A#hD8bn?I z`#N2{P_o8*$ENzGU3$@$Pe7A|vY@Vz!CK=P8V(J}^Y#vl{r5HT@l%Z+k@MI^@|5L< z94iZCR0D}j8ylWdXMlXBfK;JnS7;Y{pk_4vd8B9T7&R%WQFR2N4hSCt6*$mi<$>6Z zq}i@fi(p}!`SAe2Nw#}l{xZFT{ET3!H0Mr5T-dl)__R~#84((2h+FUrp38jM!QE^oeisfYJnxI>_j;f(mC8)_{MCiRMsOgN2Az_ViW8s|LFwg?}~- zcaG{SsFk^lev_Wh+w3Xwv0I4z0tndNhN%H4*xj@PMC7kvDxEov&-~yt$QV zVSUlVg$g#7O~W!ub)=47L503TfS|$rX9)0^1@clGZcJw<^mAvY>kZmBe`xpM@r&}v z#|B&u?8VP}0sSPvs=oEX&7*>?wot5AsltXQxP^4>s;Qm?6;p0kOdDe@s*uL~=iDb99)p_ZXHVD_01ODO44T^%EC%>L z9a=aznx#2Vbwz0x-Ly8nXESV!U#$dq&ECPGp)ZcuB&*<={nC*Qi9i=YAsILqcp~lC zRulsWEIuB-J*0*ZSq=yxvyI! zttg-RtAY00s-T(Hs_M;Ett)d8V2Pj=gPjhpTq3VLU_pI#e#*YQIz2UMZfUt{DR|nh z!IGq-Bq=u=j$nvD2$AJ9=?oP6LrfjX`Ht0BfO&#ctmQv39xzA?#=Yy%?@si#I~WTu z#DK9dwaNgZS%xaHI3dx#9zBdL zWr}C&K)l*eJxh5|Lgs1(ol?~*e3M=oi7XeoL&{Z2m?X{s5&5U)+mP>VZCRI&>HN5& zAUmNXx)PE1d7rh`ro}K?I+GF^W2s||w7CiplJqUhjiopvw*=eRF)HYWGtp_+~J=(G%2SSIJYmTR{u@))p26cDT^;WeY#DfB2%k z1Jh>_dVnIVQ+EC8Up;=2JZE>X5>)J^CTBsc6v+t$|7T(~@FL6ZGe#v77XPAI zIC7zmMyTER?kO+3XkzSMFS`PZczrzF69YHtYpQcioYy> zmvJk71#$l{&2-mpLLR$R{p=S_Ts$JbddX;44S%n6{Cw*|c=P#bW9q9V0x#G-teJNn zWw6ykd5r*Ac38MoFzJus;x1XD`FRxC%z24kT=_$*DmmeJLs;a&!fNS+(z46yF$_&>B_q9Eoxc&Y8p_!6z;TM@HlkXGzh2?BM9S0|UVhSxhffE6wfe)6brr zPMe|&y8?Xv-oZ0h9BTMfGs12aGcVhYLpl>9DigVl^F})R`N@!^8DvV^S*P|IxBH$S z%j?FKVGd1%l^;nAV0Mct!$!4in>V<^0~!z-sfIrv7sFpEX`<|UpOLp{EaWY287I(K*mA8v@P}%?FYB>8QS{+P&2rT4gn=^q_9VWq|O4J%bnQ4J;2%fK}Pm~vKO=^hq2{KG?uPQle+ev_1_H;`kO(EZ=;V>p zP9UJpccp3%MF^mS3;n4Qx- z^R-7I5n~znD`l-!K`TEN#oFu#X_Ns=cqlFsC(3dqe_p~}NYl^+W}w81RxXKx0IAM# z#x>DFCwE7k!pMv-S_-DHxEPlf7ds9zu=e&O8YBd0AeKTRwL_{O6P zPv13jzEUqsxnz58nq*~vn1?FR#ONvPWif397V|O9t>%UYBDSca($@~SKnDp{8H#&T zi>Vl9Z+C_k<0m4DX|}3KfA1*r+uX+L>IxPJzGD9{0QmDq$9Jq()D<0BAg{Y<;kpCC zmCM6{q8m*6=Z*{0KYn=YOj8Hr5QNtr9RB#h1>g1*Ci;w8RRBPc@VSQbJJ^~#Nnd3? zWQ_5d-@!s>YHi&+DiBKHkXQ@J+*2(KQfT!+>y`Fmul`wJt^1F9-071Eb3q$X}k={=&J*+SFjM9U76B z>>IxN!074~vOni9U%}cH;lzaf_Jf;^MGgYMb9WEkbab@jT|7pN`~b5^x$-{R1d(Z^ zp|aHgTi{)?vS~<@^H`EkY;Y{FuDjv|Z_-HWPY|0UeQJh3L>x2EV>QUb=tyiPPJ+o}ZqX z6lGUjB6!&XdEVZ^OZSbgS|$faMC!k38h{yHzd_j_KfHPC`NnL6aQQ;;=1UeX9R(gJ zymjGXwac4yJJcZ&3UXrcW+qE|K|5Y3v*L0Z_qpd-675XFt}_1Ft#YjSAy_f3sdTSJ zy^CFTrQa&y5t84{%zQ>Q3fJ@OY7X>R4W1d|2=b|*bou09`tAtAp%Ho20rHZ4!w0s) z+b&FR-=N>$oUTqG2?4~F0bDX7SFHqBFAtuuL=Fsbgs5p#(`gSPjw$=|N5-ExGutnf(gxHnK*hoA=n0OGLymO0jrf{q^?uX=0?UK6b1 zNP&FcRbW@V6kv=+>92g)epMzq37T&I+~}^-U95w&&IP?=e$0H0Hn@0A0phLzp1Lx4 z>dN3J7^94BP!_3@5MX6MDx}|3?8_w>Q}&^g+kbsxyD`_Rl>mP3=;A95jFx06S6de# zny74wEh(0(z;4OT5bsC@qo-=f*hxlrk^NQFnSgSVPvu3 z$7qEiB4a0-{Zq@UJ$IMHeJJ~hkbfs`H!;bQi-vr$2TG|?-+ zy4DKg=`kyTB?Mbp8G|sV;8e9!zkiBNLZwrww4$U0v9C5M`|`Q)ZO6vn-D*sCh1cvK zzTxQNC5uYetNO0xWhOTJ?lmqp82m)ba1<-07a>!_EO!?n1slkM$R0t;QA*Pfs~JNP zG3}mwy-_~Yh}fCVLHiBw?`K8UHO2>Um>3t#|I#yG%CltLV{F#e|8zocpep$_+ zY-~GUgU;Y-(@DxP=7(UlOL$w%de!i{o~|5;A71+8v5>4+h(^WX`9}h`Y9(CL} zD#K~doZP1GKED0oQ{zX+4GHHV!s`w#{M^yela>r*rVf8nbyVBRt(gyu3q^0GU{ zV=6r{4~~<*N{*VT#L$KNcM#nkVE~H)o#`&&tPVRLPxn#CZI2vPDtv{(I zO54fnT3oOzyVe=T*lp|6KYwKVOXnsRn#w1-E5M&UyzsL}7A_tcFHw%n&<&$8n`XC+ zr%93pmi^G$8|QPM`V%48BqBGj*0Xk3#+(o=F-#(xYoK^sCQFNPrHW$nB3K#^q185x z2C&F5*Ua3DYM}_k&4CY+8k1it)D-F1y6d1msCV_Wxc z(e0+PiC(%8yy@t|k6kn}%E+MV$xiSF0I+qWl5wrcgcX>Uf4wFrg0_wpW{e^t7hTBe zY>E9*VwG;>3I>(bRm*eC3Bjt5%F$2VCD*2i9yyGnUkMTxO9Ak2*>JZHR)~i7C08*D zBpOl%E(3y$UIF*w#IGJ5)4x1E{@|(YQ;l&efF~~x{&64#|kdZ+Xar-OX>$`YW!@Bt$T>V0v+!X^|| zyb!8J8Y7vzxZ9HkQ&^|$rt{%DA06MaHk~xJz^nxLygh?oxpeVqy9W7JBJEFMxfSIV zV<7-4db?D2m|mbtBrEHGUb@yFqD3Rq^%g52B#o!5SCdR|Go}15o>}>C<8fY*da^WZ zkk5>jirJ{(=>Mu|)e3Y#QcFwxCq-E(iODg4@pBPij4_t+?c+yLI*cPxNU~WrquT&r z8p*wEAEamFhy+)a3JWN6%-lMo!IB7|LXD}8S+H}kVVRnh;7<2uv1FZ+QjdE_+{!`0 zsx6s(wnq<`AGFabYo&QA239~Iq>WUSuiX9?&cv-LJGMQr{XK23xc9 z`7yac;i2vD3unWRp4z^9Gi=N#xOae8uLM7Nc=4tCip+wge8Q2CG3PN&n^qbiKrW1i zc4vCJ<#UuGE1Hh=3OCL?mD)gSR2r8fG`xZjaVOXnv`MgRuq&OnQZNt`C-F-4a)z4Z zmm+8O>@^lq`UnzsWmbV_bV>lf?E5Tp6O;@99VcQPvxU2^aO4vcTfP{qg>e5?c*}+G z(`P2PUue!IxJdAdrQj6@20wOS^jJxjcDcDtWyn)~XgBzv##?ZBxVUStsYvAcsmj7^ zxS!J?n+k>3P&CHc&;U?+Y)%E(?HQ9Z-kL*aOoVx8va33`+q%noIoaE_dZJEs>Z)5t ztXAm&uS!wZYGdjYq6uMDD88~<6;h;Hs|jVNrf}b8chYyUyjiwS@1pr4D$n*CMU$TGj zoL$31qk{cdN~AJtOtI3C-7$NeFPVPIWoqY*JsTXEe^^A06kN$ zKIFrr{xHZJ6YI#Se0!2lsPr;sDAoA#Lk6o;c5*`R-j71Sxp@VFCgia)fxndg?#E2LahFmlTpV<}oMX>yaE%lWqD){|bhmI$K zt;Bj}?Qv5q0C4N2U7Do}&G(*OQ$IgVK}!lhl*c_t@47IhXQpsr${v}}2e#-V>pmWL@pWyYQ2>TBu%rTsa2}HO)p5wV3AL_ z8%0e*pfznZLm*WlFhn%6x=@7T;8h{4IPW%Y9a3pn!HGGU7nYjkJ!%lF3SR0+LFNC? z2xyr9Qo5>|KWUqU3&f2SQZU(A6tXL=H5jp6>#I?S@+&UEN$mevqZZ-bNOvXAg5!K< zbB9G(ELB~aT}DOo4$<*IVgLa8?xLy&hrrS@bhHJkbPOt_d1!JAuwW_6-#Ghy8it=c z6Mp*a>-=nU-n8baz1k0Hg9W zD|rwWWhj*TmGZXxjD8dVQiYZ<05rXjqrp^gy-F+waaP5+x}-Q|eysQ!Of_&s@JZl* zVF0T2B|t`jFvgJSc@3GQ?6L@4+ZdnU7&9cuD2rYjqa`hl5{;(K)i>=~B3Q_hwJLXk zieP05VGNKOX>Mf%%WNe!+rlUd0oBCj36@406et{3E?-xwVeQvQ0? zGN1p@eB~3RRWw23w52)!bOynR?eK=R=_k)jZd;$6ny{w)tY87*vZdg~dxkGRFnZ=n zupCHCpHgHkAeMERLWdi@FX@%~wG@^kbc=lrZZn3wkXFg$Y=R;=oNh;}+3ppInu{Js zrEe}6KY4~0>RP)V{DdJTxG&mmPsRm1^RB;GJ;hx(J0cGu`m{sdqo4fN3h~l zt@Q|&skP4sf>mrEXz}W1lTZoKi33wZH}>>c2qAg!Glo)8L+pRxcTdc$Pik?8=? zT*Y0uL)CX^$r2#y`9nq zC-%YS*sR6VnzP;IA}Ww@C7ZTK{;eS9j1-e)*GNrp=DAS{HJUla6#zt9P>J^sB1XM8 zK)84WhZo3GR^s+-Q#Pis&DfX%08AN7qw*OW5k!Ci!jRx1fdxcqW>C8ehH7S+2j7Xu zPzvwe%2KC8EQ+sbeZ>`6W)<^OawDnY^KKap)QgE{e6@F%jE9P~69%&5pm#dvlVFvO z<|f5QwW-C)f;K~rlUYX_;8=NTRrxjLdd#U>A|KH+gDul-Dasz1$mn4CJ57t7F^t4( zOSm$k8mhDcWvvxI84(;2$kQ^Tz?4jLwG$CV(Dp5>Fg_(*AG1;SP?aDSXunJgY)Sn? z^C`qCw;`ojB$24DA10EMX~+@x6u^ICy;qsb(+>eay+NJH6Qg7w9_mnCz?fh)Fh+Hd zzULMbuZzr%Dx9w%L^hj>xaOby5dO7zSkkfX=c$=60wCnJ`N=qiLI^ z8JmFfe~4>j>Gj4>t8WG4>!pSQy@3R8yq}QtThjuC6;2Qu-C5E^C0|YOVLBb@0Sjnm z$)G?;jqPi9#$-h(36@IoQeYTu3XKx4XZ_1m-CDri_yi3}#gRK9M4lFcd;4rVn25HvE-dQ{EHB$UZF`@(q#dn#+orzB^4HV)E%tQsw#v6^R5lU0B!01RBzVN69 zhIYn}zBo=CV0n!W|E-3(Hs`l1%reGUkR6Ar#AfM@{PY8x+=HkIO3?2C=a=ecbDDL98{6ID~1 z0U=trWKBk{#`^kl3Nbkg_)k<)l*IqUhm@eUt9yJI(qsisKIh!t`OQbJdP0)z8Pn7v zM~p?FBFt?r_!144SM1VAb;gY_e$3VMg=zxYb0gv>Huu>L1c7WE*xswD z_RuPJBJrfL+oU><&-$o00OGJ3)z@BWn$^qp%*2y#u%On$oNr~oWhB)Rp89$+smaWg z#Ou_Or&fGjGNfk*NoI{luROu5C)L*&%>(^e!`TOPIaZ{VG_6AS>bZayHZ=u`2v&FB z(@Z;xSwY$K*lQsoNguq()*%E|ie7|7xL?Hj(PT0VEwB(JbH}Kh;}3>Jb0{AOJ~3K~xgOS14W)_xbEq7MOiaZISsE z)Gp1cq%k6{Wu0{cU&BO%G2LYDc@UOZYO;E=wCw1sWB^!rD6jTHoraQNHOfRZtd06C zHPrwMlCjwt<(yjC-L^JXoy8zQa3TmQzBtz&4+@r3cb?{4*TwQ_&gU}r!W63&`^|1| z8D z4euD~!e8ixec3OP?+InI%2Im}N0) z>TK&1bO&Vd`^~!#>y)W&?n#qc8BQO)?oZi3@e+%OrC}U37wLiqyW?1p_*bRA@C7{( z`NF5|lN*BEpOmgh@vgibWFbtJwu>1ij;D9Gm=yl9J-SVkE@ zoO~fdwe5i^$U8z*25h;G2aQzsH)ow`{XBwzKMm zX3@GYjt;ChG94AD&9MxwOkz&cVc-H;bGEBmdT2tIV5OFe%5#{fmibvx%sm;xKtjf2 zv64#q41dpM-cnU9X(}SbBGTA%Gg=PwpG!?Ye1nr;#7puum^LZfyjX$+NMKg8;NdG? zU!e+Ha7LQbv`hg=2c%x!AnE5cd6RrOnij)+`8oB8)|f>%(Vm1z$+Ht> z+i6pr2kAI3eE(^#p1dZh7^badB-)4YZa~q|AoAD2HzWHZ!szyZYX(JSIcXV2t%d9Z zN(XK6%+eX3(Q}2|nOga4oU*jMSCbX+Ga@Zi<=@7{UyH||gw|W!nV@*2x+LT)|EHoT zmfj0Rt|=M$Kv=BRRwaZ}fn@^!Sv0fxp5b)(bXFe_;Bp8TQwaIDND+Xcv8$3Mx^ZH1 zeZ8OmyRjyrAC2O=CGCN5r^jfa&hA39aEs-uG*9|evZHX9%Pny@1F-A;W4X<;y{;S}Yl`Uv*VU$^g- z)re;sG&}c=Uiwa+@Ac7;2CIS!$~1v}w1X)o5Wa2Jn;*OSHCAX_&#nr<8`)DQ31Qpa z@c69Y2ITs^5ElQKB5%5KgsdJ*t2cyx&i5fA27uKbTm{6u`+-N`9+oCQcHml-)h)Cr zUQFS6^Qys94OS$$JPZoxB4pyGD8Qtec(Ntb8WxTg_whz>RAWKnP@!IT2@WcwCcWUz zVex@_Zk{o#$I`+q#;|PO5yq@En=u9uHn)W~wnY*EAdGSkYhR&NADHNt8d!*`DzS?F z>@#1rYsM*s&;y>gRtJ8K<_HxIUzBbND>oq8T~RdNRdr%C6t}VRBUpLzPIRCZDE8U4 z_VGFdCGwl8rn_=$T;>{Ir=n(5S-c+0ddYQ~o$ET9`=ugu6m0r~1mjp{V^_%LVb?n{ zugSK7qH<<&UxwA~9BJ$ho@%hHpxTCjRLvezVK^#$#iFmOv_Vk?|EJ``TII`XsZx&P z$*d~hbc8r-XD9L!J4c6PdIdd}09Ax(9VB_Pcu1CHa{)#J}^3Qe2fzlWMP+QhNV=_uX~Zo%h{)@9{^EpEz-Rb7NyX9#cve78X`^?YiiqLq{(; z`h+Jw@#?Fe_QWfmP@xJ{Ynz$%Xp(9uHliUSmB!x)S6Xa8v67{nKNKjnz@`HupL(Fu zE3iWTs_;n720JoZMH5qxV^viEr1y8h?#61IjqMe1ZDV|XW6Y2sqYMcEAfr;}rt6s zTRLabKFQZuxOFz`x0;Uam8UvGnn~gbpd(oG>w&5Pwq%ejKTxDm$drHQx9<4+kA3v3 z|8(ZNMgGfw{6B8{<~Q=U{q2W7G8&DzHdm2x z4?pzKCqMCtuYCDSXU?3_yyeiLL)TpMvRA(9xgwuG|I|+wT=1@U|HZ+B z2Q9j1@%gbBV{iDGf3do{s=D~UzU4Qc{)}fvzw<9H$*PqZq8j()5R;{ zzQSEmjl4@!rYIRUTp}(ir8Kz&nQ_mj6D_)+ zI4u^^n7t&qNK|6dYYo;sdAMuxDglH6%bg~xDqQ-B)6I%4UzsYmOC~_YbDEn$j^M_B zKK$@QfBv@r@wHoT(JyLkZS50(|M5?K;vZge&CA~ShBxlryI1qZ26luePoDgXcfac& zzw{+a&ECbylPBNzzQ6h42S0G#b+7&xKlRhQckg!8!W(bC@io`I#$tiIt?*lS++M)0 zbc*8t)J*uky}d0RKQ~_g6^>vPDVZ#4HH1Q-8dhp`ta8qlev%S1D|A?6Go5(ZDb z3z5a0)sdl~wU(H>`;ZDAudbbu`HEV(w-Czloa!|r*mg24fvTd#H~>KJPc)aDBZ(s^A-6|Jv5pR{rx_Z~1DmLbOTgn(EKYse?yJ z92)4cihjcYmI94B32%9Vrv!@!DVtrqwuV!KHv@yo&$qKw&{Vgb`E9p$Kx_QfT18Mj z?|a_$&OiM9-y4s|bqZfyU46^{{og+Df%g|&(?Gr}O6fb^_O?HG>+fxBY#3LT!>LoJ z{?mW_jn91g)AftW
JKY#wb^|pPU3zd8s>%PU*&auol5Y9pS}NH(5{P&4DfPW&Ar|4=Gx|%gqIq7*t~`PMd)2V{`e_Kl-DO ze)#V!7Dy?5>sx>KbD#aJ#WK^9zk2h{){6yzd++_usgozo8l#alBbI~;4iJXnE&rr^ z98RM~xF5>tDQAqz#ony;ly^0|tBE57AkNlsO9hKY+UO^CQbLG+x(<^2vl*`#Q+Vuy zg;d8n=0k7RXhYqQkm3e7>KvUy1vi4mtd^=p!e|fYy0xGC%x6m3)$;Q4!Gjm=*}Iog zy0*G{=FI8M&CP=A-~axeKlRB^lwP)b_wK`ok1Q=M zG6t)wtE;Q$*4EaFZ+YumfA{c_!%utK(~a6wiW_gZ{+esAwOb|t+<3iQlT-nDrzk{} z<{-WOw%ZC6a$mjqrZ5bHAdr5GTok0BR<|_;@LaBr$4V{yu3P14 zr{jUwfd5%d5CFi82fGi6$~`4mNK~;=O0*GuNbIVu1 z`u89Eh{_E2M}PPSS6+GL<(EIkO1m}j?Yr)L?_d2@!39@8?djLN>}Ah<_Oqk#K*IS} zKK$^*-}uJY|Niek{=oOYFTIyi`v3jTZ~ws`{_(C|yDYZ(>tFlY*4EbI;-bYe0l>&U zSOBAy?4}!wyuQw#KYz#Vw?Fe)&vNZMp_=cu^31u8E^G^exK3$qJwb$}!Qd4Llm8qG z67{S%#$8hl_^g|O(d+5z)%zQ^AFKmJtZclCom^uvGlj(7db zH@xvlS3X(DbVUfc^2t~I)X)6vpT7N_*IxSy>Fv|$^iTfyk06_%$SJ1N>F@pb|E_Xr zzvR+O-|}0(^_JiIt!rQL3Tg6%OE10j)vtcdAO7JV|C@jFzpLoZ$&)AF``1MTt^y{L z$*s3k2`nhULk~Xq(1Q9B|VJEgST>#LZ7bwXN3q})+n{t7DF#yZVz;-ASVRTS*kh{AZi{Vg6$p?tv_Ro0x<5!0O`gw?+F`yBfX2xEb)B33>DWi#)ygE z74O)QL$#AJc&`x_07DEAgM3A*HxfYNXp-$^%)-23888k}QyI$)t$Xgi=hj=kD!um= zuYA>S{OA93@2=far{*Z850UNJv+G~~+OPfe&-|>kkUQ?U zJaX)q^s66u&U1eE_y6GP#JU&FvH&FgObEI5&|m$&lZ<|^G!GMp3VS}jz-3i zm#gWkK`!1_*8yC6`b1ae3oocE>#1h>aOk8}y7C-2wNo9wlDv14xJjigK|)AMxU0&g z=$4Fq7LlaYC5uj`F@*(EeyF5(sjrXDngqgTvbU(YG6{@i_EOScXvqqaZDHDtX-gFe zt`KNUAs8u1f@K2t8Z7L9n!zc`W=IQL3e`fQYKm{$+zQ5mnZV-ywF};VMJ0d#;o~2Z z-h1Vfuliqq;g`~WE_lG`-TlN*{NzhtdX4mgzx&V!n=z(LCX)}m?|ss*o_y6)e&av? z7b6?ol~+Fb-~al5kbV`0;YX}`&;!6NxfBL9JMHEhZ>n><(Ndkx-C!l5@D%AIdo}%RH-;we zR#N?3FUy%Wn9}SI)}RCkqP;|L)g+eK;JN7WnLE|G=wXEl&aZ`OkkY3`654sUj3@BW_BOT$mob%nr+uhlj>H7Uq(=|2S)jieS)ji#__5JMUK6}00mBUj{J@wSH z&zhz&&ob8GLx;9(+3Y`6R=6jEX&YO$O318!)e33W_p+cG3#!TzR@G?Czm+7oCxO)m?|vkYh#2+1vT-BVA>`~ibLY&R zM}D`Po2_M_1u?NF8A*4Qk=*C_89m1+b+MnbL?31yEWO)Ty^z3xRP04 zU!Qc>qbpag07;fTD}4ADHDPT4+=(XvXxrw^hYlVzJwNlTCDsBIl*1^I@9#lOTZYMs zo4iY~DzFc^?318lWGNlr2&(yOW#O-_aM8pwzi&o z9)Iie*=Iz3W(u-;^(xX@{L5HA_XkY~%2-_gqDz*YP47CS96ES#t4jqNYnbTP9xLv+ zm9c_LNzie{f8LBbl~=TKVUy(`U2!{nMB0j*!6*_5w&EjM6*Ii^X{sz2Q&Ze$V-G%i z&OGOE>~hrB);49z3D)O(cJG$rQQd)cYu0cN51zSX32~{wrrA}OT(<0N?(+>BHn>Y- zIeL40UwrWek~TkWrnk5E<(FQxJ~y2Mbp$Rw9u&`IJ)^pMHilz*Pd) zT0tOg-5g&5E*OK(z=zPt%8`|gR4x$}u*$;Su#aqg1hn!fJ!t}_AB@5Oc;#w|6Z9s% zTkO(I8&6)|2?K<%#Y#^zT|s~B*ir7cZS8FiAv@3gvu4lcKHs@xdzlpb}(LtoFGQ)iLS51w4_XHr2 z{RtB%ai8zszrSpH{P4;~&UUA!X|FozB%dLtQmI+9I8tLKlR0$g5bulfhaPlYKl9A9 ztk20k*|hGwH8$?Sg)`4u;@>JC+55*@&hrX!+UaKiKu2fi)M?XAf7-KW_wL=h93qNB zXZMD@A;P0rSzLw6N(d7yTQ3!NwJKt1DuwvAMiaIJ6Gj%FpN6BU@*o{hLCI|iR|8vb zq5v97SW4FFlZq{UlLst8Ju^b6^cGcTzZykRohr2L-e%vVzc}c74fj%_P<1+WEM!EA zOg{u8gV^+A>z<6J-{!dh-aK8ID6FK3XCPBb91>IZW;g%VB=mDO9FxB*ZVA}!8L@sx zslO}3-B;nqng#&C8mez-;D$Lgc-&^fDBM6-E|*RW4GnRfYEGUqrK!Hb&fk?d<0p*g zK0kEiFx@+2YMGuhb>a-(#@XS+hc|ED1WdoSZZSJ=I+N3g*5^ylKHKC5!a`A3WLHqE ze=NiCTfslpN}fh)@#4jWU%0!3_LleYS{H7rB- z#vWC6zkP;KIUk1R5g0k%3CQf3(h&x07_jCdVLC$Ac-iocl$2j{az!iaxWq;d0JKPn zH!Sf(Ma8N|I)*$d^?Ku2$HhUG^{-hPdU31>dRIDHSLIav<{&%#3@$-bVbuuu_Gmu$ zDFP}Ya-N(W_r<@p^9$A8eQf-M38sh6>vB5cOq@9Jq=k#DFElmVYQ_AsZ|`32^J&w~ ziW6^4m@ttmjP~~S*nd=}wRDahJ9XN$?c27Qp08NGeCEtq4j<~ssV>&8UY*P3Ob=UI zTjwuWkR2JZzRztiWhXWhhYlXxwr#8F;iO5ECyt*$lxB-hKmC7y_Z!m-D_5+z{OwoS zMPw6oQHg>BxPyz#|HVBg}O2*E6 z`vi-a=#9%SzvA-Cui*d97>S4yOMH81WMpLN(q&cwYt^ci@44o^riU6XnYkTiaqj-$ zSxc5`nr5TH!bCnV)yspc34R6d_M6jBFPdIWpE0woy}kR`G4_S++qND&a9~_lmv}@W zVBRKi?IE3%8~eWN^5iGXrNdRX?~4TJGa?NGZ{M=`t+>!!!Fd58yBkJgfM_cWu6#XQ zzf<^7=65aOD;uXMbZkj2`_<#r;8F6e?oJj(%OCK$VU$M9X`H*|R` zH1jXH1Z7YzsPZDxm0KCBA_sasRBg~o-PpCZ5C~pb=;BzViMez6?ihCN-0`1(KT-B` zw%L;-4ubJYFO#00Uhea@HjZa`DHMy{YY5qFcEW@S+)YfAn@}o=mX)!dUccUYZ+BZ; z+x!I!0KmF+Xo^K3)g=%a>)5el8#lge`cqR=)4X}}fDzDb%&;QlanvDj)1PADz9GnQ zC&28pW?m5|j`N*60ZVQ}_pH03_?hhjqEzWB^PH_od2Yl~HR>zwjoNaGPx=6DsFBS-pcwM8c_vU(!A8K^x@F5j%bhb6I~gmV&#zs*+WLIy*~C#08y0HxHuw$3szLfw8$XKdgGhR0U+qD7}-0;2En#?hjE22yRUkSy3jk2@}Cq!XQ2* zFajNl{;11mwbWOZ`F+Fx1ld}l8!QMHmNJ@sgVsUQnfo{qLWQ`HZZ*krXobWZhlWA$ zR(7|l6iw5p87>rEQqfpSoRNrQ+OS|0$Or&Ab~=~QVXPsf$vzQN7L)%f>IVhcV0z6i zSauM12*>W*QcqVUzdQK5a-gHL^UZI)%|!tJo6PSC&5fff9(3F@9u#{3Y3lS% z<{cMRz~1n|%u^)+idQRhe0^hhq(Rf}#M;=lxv_0y<78vo&Sc|cW82u+-q^NnCmTCC z^S92u9=?3(_LM4-&Idl5LC!(vB~g|DEjRVX{=|zv9UOgiBCv5Ql8C1LCHdP zX@hz~)iwk1fO-grq%>F zFb&1Np>9E#WxeJ+H+&)g_b6O81>hjgZ@n;i^vAKG)L8Ax!P8HY)>SeJWd%SX8jD9* zet!OO&h7;X^O2V+&3i<*Tq}X8^kuw*VRHH=oeBeLP57+bMASyS4VSCB1SA`idb_g} zY_Sn5dVKO~^$iHvg)nohY&eUJnzDX9zwPI?UM^({-RHx6{p${U;krpCX)WHvt*^m2 z2^VJDvHpU<-CpbLk>!_5VQT8?S(L6TBkM-NwOJffU-AeCs@(F`m3c_4_S${4H)#y6 z49Fx>$=7zOzupgK>GvJy_?bI8qVSJum7v8eTqsA%pN@%f_TyGS(0##b*gz&yh`zIH zeP^_6gXEeR{NpJmM`x2kLO*djUkZGoH#k4J!0_^Vy3+r;`<-j>)b-^1>5{A6=^U~M zKb$lb0NY!#wNdLACX73Z1;tQ3JbRqu^Z0zTKSfI3kCEVm6?=so$cJBM9CP=w279#gkL95;TrRHeU9>ZNB~MUN@PA1lJ_3@d`*I9oX%+1hg-6c>OQQXeCV zM+cSpR8BBOmR6|hvM;R4?RK`%asByNAVK{bcsntF-u-&Wy!G6BPV{zeAfIxyE2~Lb zm8p+dJY{9N=(KIOu-;ixwME-AH0FI_#h|0Y`jSff~RX7kjBu?s&Eep;#V3kjh@W>Ql zp`3RmYJ_Y?=Y-y`uZg`5jBX-cdOklq{5~pxz;_3(t@rpC#ZQhoP~v!IQ^rz=p5yDk zCRL@3<+1+vDR<1C*)1n>2pYQ07Z-29Pqul!^W~axQ`S@0HJ(41hmSD5o$)@}t;aA* zf`>nrIG{zdY@D!}^pX@y7508mC3-!kmri>=r02|=u$Q)e!{$}#)i@Al!s=4fhU5?* zhJ`^)IaJarjH%4ZpQ4am16%6Z3lDtY&%Yrn9xkxNXMFE-0Ujn%1czG?=Dd+T5@^Uw zAbI3FBLCpKCyQF;XzsZ5%}|@S!zsCczHkfooP~RO&&%tkf1IqBaYhQtEFHbyHi*$jI1w`m_Pw&gXVs-qPdY;}7-&k4_(mKmJ9ZFFA9@%6r<77A<@J z`)MLVZA}&R{n49jX1Ael$M8$BOeIOsp5U0l2(+-*(}yXmm2Tiy%;mZQ^02Gxgb`E5 zLah`&1N`Ze>-(&m-z8qm^7Ej@-;59Dp)`1u#%i^)1<@S2r{wY6`}_q`|Eey?_uP+)6xr1s8Dp@c~pYg#^lqH5O$VXxDYGX zf4*(~J3700QR}^sr_%K4R3j!OQ0D+|qnZtAOt)ig*r1~!ku(ujj_jK)vPu#(O^V2R zPkh-Tsa+A_-I!B%mByBq?sI|bkI`x1OFq6sj(z&)B}nal-C|$)K2HOkGn-|9(K(fG z6yPnSW>0>1WA2a}@iUS+{mhH`>wxOK`tRLEqvj@~BzwYTN6~QJrTvhM5TMoKUUlcT zKx9a5?r<)^hdXl2TS^9*IwdRzc$tYCEVdREgVXYdE0sY__ru6gswa1wq5VcmRsiqp zUs_##)wkTedv)#mw7&h;JDA#~BAy@e{d2VQN$_=~KOq4ZqifM{tL|#mNg$?LzhOxG zV&~P@!20H`he+ohV%Egzx+R^@p{s$5W6X+QN_#k#82Gtr@li4@YPp|3&a7w9PC~l{ zi1=ZQp_deZ2~n^bFRGXys>dQOjF`$7R1Uk=`JW3+MV{8C1}UY&xd44 zk0M&{|AR&KOYZ_snxy%@)+ zI!5&(&lkh4^SZw1=L2^XP({ZTEqa5i>s_^F(1w5Iq!{+cP{Cz7eRS2)rY%i;o>W9+ zlxQ;HtLXe*7`px<`o3DQh}umvra3rWj1{Iv@Nqy5fU*yaxV526`_0Z0)l(L3RW-@!67c>oV&!{wXdV+zr|EaR+f^ zh0@A<2lYJXRBv;|;~+2E7iVXi_2L-vrXx95?E6Qr*?2&m-YiR9Z-V(&qcIQl+zmRF zd0LE)`@ zb8`~}Mfj)p49dH^zg~`W*#s^?8!q4z!@(PoL0Y}++3_Lb!Ww0q%W3CrVR3BqTd&J{ z5WWl?>me3%vlDf$IXcdf;m$er1vo>Wv(3)#j%VNN^5^F#@crY4OV2mryb(T8_719Ych_iXI~k4;vucKp^&7g^ z)Q<+aRK^Cp>MFguK03oH?anni&bnimpfuSQ+b!Rd9g*`pA%Xj^&-1N2DS$XM1-LmhNNp(Z_&fSOIXIOG^nUI{4rxf9?TB-O-)Co)!$b_ z!Yq~}h%KAk>4ORVm=t$~@U(|>W=7h2HRXsdR|BXSI!>RNWC>SE=~|?cDp~}!cKF+?05p(7$7w%tx^o}g z#=!IUpIEeuq268FFI`xL19t}ELYm1)y&Y^h`j{^F7GglMM=)13JUbORZo z9Eh%nt`$=BWX^`e+=Ea!s09@x>dN3rKn#B3P$KZU7;X2ddvOXJ8@x&;in-JKWXRq9@;8$*d!i72suST~FwWNgYJ$YSYr+iyAm-)tV?pdkUNU8j>4-A4pM zq)NGhAEUsp_1C|^9^ZyY@e;-CA-^uGd8+xulNP366dt(eF?z~lERV~LHV{n`flduB z%$cd*G33j~!Sf5paxIXv$C#YVP1dZETL*})9KN(_G-MXZbpk1F+FbPmZk$XJ9BaVn zFA{8&lXyLmGN$tULfkw_CxpwQCiyCA#Xm3r=pmxPp_8sdIjX6#J-q}Rp7FY*k)f{7 z%+1X$Etxm9u65dI0)axE-IRNs$-EK5u#9|fwuu2y0D29E?)O`Iz)st7PE)&s+X^ux z?pdT5=yYuMtsZA{`n5-6e?R6%i1uAy0CEbh$UGL=;+o%(!8jh)7$$vqfO`Cg2;cghlK(54$#8m$<@ce(`x+>P%WMC;^X-o#u9EJ{wI-MCu1?TZ zf4}hzRj{;I9UTs?(MA`nil{>Zsvni1EPiQHIZ&as-)G7F%NTjMe3VV^H1et;>ilfa zzsY4droNZA+tJrB;EmsIzg!mUH&%9^-{(R1mx6%LFC%ZXkE!+5RUV5gz4?BH%%42Y z2jSJ{OI5sA0-?^@HyFq7I|sCCm2=6kjZQi4ykCLYm{EzZIMHx7c)i9+KSVFk2sjSl zv_PSTd_HM_p;1UlO2vlzJvUp4ZHfinP$GH=fM!V=Y<}=fNQ^LZu0gh2=t0!s!QXi} z;AXOf>F7940L^9A=2P1peQ+9a4O~NrC(RBxCsWx)%%-*wcG&s#nCn_NZ(f04Z)Pd< z8r>=m$2W?DI+Ko!OdcPvOs>v^QB&JM23|_h$1ZJyUIB(geWRE&Q-o2&?{in$3vNf?$Xe!egp# z14&lUClHlTRJ!n&lcon!QkU(cOc;t&NHOMyTI6B;stK)b08Tu}VhR}vS%E(6+8<6+#ui#8!rn?Ab0|2#fpc5w z@{PmaI_SQ^E7^3X{byb_ZC7{qsod_KSN_~-q30clUy_6%QmgQu{Qk(Gs`$5)?- za9}!B&S3(wnoMb*4q=F&gAUVUlq0w;mm68rC*+vBMn2{jtloqC>w9pzAK&lVfZhkY zLf7jp%z2(cHjLTX*&v3BO~7|I1o7)7_9f0-Q*${goh?Wj!VFWX+{V%}jcqwg6aw2D zyTj+3f`)-~xtzD!2o)wqhZHFnS=g5b@uFQheg`fV$oyocTX!+ubbyfk8;T&Ti_F^Y(|@qTCM=3T0Ff3pFid(WQ#w?OE*RqwNTnq??Fj?*K4$$1N)^QBmD6S7i@c0ane#!!~Ek+`4Kn! z!*8p^rir$i9C`|9q9+)cK~Nj1*#$KV4gJyw2) z;X6^Lgvl_r;-U<0G=-tnnv&HW545Ypp`Dk3hvkZxBqg5K5y3D zlUyWJV3n71J@*W_wq5&&Qh7>`0RU2VCo+SyL}~5IB;Z4G!;qP!%gu}m^O6cadnO#F$6mh+h_?UtBc0nrK>U#nw&~de*^ZdtX+83oe zR+29byM#E#_4BnPQHdw{?RI2jMCs~n_F=i}s~1EtG*{_XCF)Tnf&k*(_RG>Hm)_Se zkXytFLZ(>t+V88WFCC><;~ORGQeVjL>c3~!9kB-fr^T5L?Yk8QFSj5Qqz#GIReu}A z^9Lcn@2)*{KUF*Uc5ZKhefU&+)u?w;bj~_Yqt!!R<{5pgHR+MAf4zvLJbpJRncg|s z<>deR8+50;TFmH`T7^cg#o>SfO?Y7`oI~wV2{vb!N{JPQF0qWUur7JpQj#(*K)fpp z{FChAt+H1p0mIeA9ehJ|vr~P})8GppS?t66+Jfx1nTaTG` zQmvh50#1Iy!Ji2FDX?3VYNg`m@0wLV{49f5%J zLF&`?*ZA8tC=~aCfUmi%tPBKrK_nSSP<@^*Mh~5*BK}^zBBMzq4L&+l{{O42q=YpCNNTw4(;sfHN!{f64 z3G{wR9|CjxUSx~Q*T7OM5OigLw77!@rwhpCGH)>vhlVP{$)P=se>pJq>#eL54qmGr z)ql3LBYHTDty#yt`0nLB!|i;^=kf(M^PCXC{>@&ADM?a6f3ogW-2K`IhwOw}kCFgD zLMY}1M5oBU%HoM=5kqUcI^l*+j#3?ryA_+HVue|eK(AuVoRmLD zvN#H*A#ER3tBGHU7C8J8UcD|@b!X?t`S$x`pTzHjVg#nP`{?DLK!G>$NCW8VSTdX1 zQPbNPK2Y4{3wGMqPNqlK`DV+Odq+t!ZW)EfQ$q3hg($*W_esMvKN~x{sh@wwpVzT( zqAQB%Y$ih!kE#Yl!4^w3_(V)UO-GaK_L$7ovv#0`Da|F|DGj4}3k(}^^e}ci*4Sh; z1JC!5j)wTU{tZ@a-6&SOFlZL3mLdC}gr3)YkLx;%;VqK9_w= zO-6tMaXzo;&4Bdvfa?rJnVDCpA)2XsfZGfnzWhXdAnGC*1UKz8l5wH+VrR? zLyG{zvRRZ0)}bW{=Cobu5fJy9>kH9)vij6+JvngYwc`lV?Y6h0N~KiaiR%rNaHMcD zThl`=$Q8AqVu`zvNkOBb8V81_>d?RZamOQJdjV=AXA~4P>>{B&!I+S5`1io9^ z+*B)*DvU_O9lK%zPKvpvQwe$7`~z5qGC?6l|2ACs+%Hx@@WnxC8l)PfBqc$1D~M=+ zOZ&b*6rIUyx0cm*cf_n^h$*ttrmXRzhFc&$hvxpR;{0`~O4q>Gs6T~K_mOx7c(MaZ zp_wmF6@(&NI`8J@X2Q$cKIEp5!|%2A_od-@qO7JSHQ^$lgh>^W8vyoOR4j$CavcSM za5zCkQRtS`TszF`v9TtYzF<|Dg^eH+JayerT(m!?CfU92wiMRtXl1b##v*^OgJudm z#m|SHM?xAuV4W)1&0BBQDsVZvXbn18R)<8J&Cry&uJ+nwKfK!BAXc`=I6N+3@Kduo zpcu}Te>gn&Pf~!H6`B#O7B5|}Lvn;&|H1(R*e4{z=d3I1yjsh{(&J@ffc*>9Dl3-x zha=AFG{g~{7FpPPHW@fEcuKbKwQLWWxh{L$9RKZGye97W#kXt)3l#8_p$>m?STogC z0EljK1uuY63q-H2q?aEbm+b+Ewf|j9aZEud`71M+Ws)Ci4Ow0q#>AlurFP<{N>a6W zQtkx8h^MN2!t{&iig=IyBkE}jSp_{Vlx{P6y(f;a!tQ#}YN4J4yL?Dlu_=BWtZK-z z>knmk=Z~g1P1(eJHKz^C=Jg~zx~`py#TyBF5S!%6GUPAcl!f|(vK^u7-UwVd$Br7x zmnWA3Rr|vP&N$V8Yz805sCI;7V$xV^JViL9B^99DN9yh~v2`llT{z!xEPLP|XbX)P z21b19Wq3c2CIW!X|2x&aL8$ww=`Kn41B$NtUT;*ZTGH^>%k0`p(NEzrqe|>1fTUh~ zncciy$X^8>!x@xBmQ&rWu@M2ZAKT{5^rvG$y{OPBUzW-1cCH2xqNBPsDGFXh!IW8@sjKIb_y(_n@&$Hi~Z^=Dmgl43MFWyeCj`u4|{Tr(zdhbi@LumG8;j}BXPD0nR zA(LsP=YzKd3JutJiY%^ZnLTZwm1%7FqK&|9Jc}gG zG1&baaR`||Xi&%_iUv_Z5&3GBv|7SBl#m0szDTGNw%5-)lz1_?UP?eRvcc~)&+|u9 zK~WmZ)%eV!NG|-4K77^>!#bquu?}sq02T@qG97n9FvEu7Z>G*3+GmgzzTWUZB@yz^ zq+tM)TZgo1Dc6r-!GwH&gAi~_ani#b%chOy-`KHKScc$Iw?e`3X8&flaxS)7DJd6B zZSQ`r1?~$XIw265*k+;2*Lo$Zv8o&C0Xp+Vo-f_p?XMM$N z2o4kMCO(4wbz2JK06f7V9ASh3=-=WLlz&83BTN`8VrdLOY@i2bM4kQL+?`JKKPQkU zyw0=qsG@nGSDnkGl&OJ7zRQ+HjH&JT5?X88r+=cn;YFLyJPTqQcEfinZSgz`94@|v zng`PBjYV2xH21VV4}+&R?OQh^6+oi6z%{R=?6sctQ!3kR`D! zweki`;lvLh+rE#G1={fiQ`{8%TPFg)^$JB{ox>W(qW|q&MHZ*91^b8;!jKf89;&kP z`jJcQTG3KN;{NGVS&9M0WdP2~nQ&kczP$}ml?toDOBy_%U9>urLN0fTRvSer{v7&V z!i4L}@Q5nmv5PT5=}aIhm`G#*viBtpIHg)jD*eGdP^#W7=nj64*^3?IPo#(omuQkI z$B_hm;~#@e62<$|jo&IZXm?9TV*(YuLC?@n0ZEO0gSSoh8?837RzYn5i**L_2RhgR zeGw+btnds%GSnq6xn8W|p}9iiw5@n6fh?>JIU2SJL!{>~Pe+7fT$5h0%2S9~R{8H_ zOag<9vKVUM8elM|bnKlKePD%wu7J;vJCOltbEIBq6jUWh{)x>j#Ym*H3KcSaC`pyG za21u{TD!B@f_$yUd2N{j7A3fhY7GI|o=Eubn}&O6_cHA$JF;?S>ZtLRd@-&Pd2^V@ z;M{59R&QR=b>?~@G-_p%_zP4`6flVO;XjN;#Y%`71UdanQA!Zy zAPln&tz7X7cYMPy-b9JO=-lM@#K9++etR~UkkVO*ktINz0-#(7VEF83k<>D_s^XQj({_`+{534d*YQ;1`6!xG2^08ND9sw*IRJG*d%!eh5$ZPM= zg5iJe6h$YO9Gw;N%QZvEkm7hThuWVJ+?%w-OAdpoB0$1miPRQ{ph)3>1i+V6zf}Zw z*4XgK%6}YYZQDztbl3PwcK);~JIOaBuBwH)<=9ryjMn(_ql>^&k>1RD!JU5{Q^nDdI=`HmQVm+Jm|hGEnW3FTcxNcu;h_)9 zEsyhOH5EU-NNM7?9F?V*AHyW*hiKK@Na_TCq2V-Q~I>IVtD#x?) zTs3o?;;Kn-a49DqLyICq2Mr-|s?bRoecR}`4Jr{)rXVkV=wSM&zBY$uR}VNLaAo`N$Z8Vx9m{GO$~fvRXzC5B3*SK5 zohU$*O3}Qt+oEMqa9MRZZk2sw%tkwBT7VKGC`r?zU{xJZ>M2ixBn(7Au|CDr!j!&c|onnnBbTUu_B{u>g&x?!kbWR1IDgl=q+oO1~=?Ci_CBR@whb z5$8>}D>E9F3kO6iri6N;olOJzi}UAnvp!5YNYIAG8hXDRqiW&BSXyeP|f;qh7+DI1Ph39wFzilaQdCwj_j)|s|x#x zy+%>m&UE()$lydXC#tQy6jkF!i!KN+$1|}B=M|Mcer=ElU@6TsjN<57I-Mc#xCxKhie)_8=y0T zCX|zaog>hq7Q+m4w!gt}AF*cHu!bAqWEyiEZ-C$El}e06_9#s8TrsRub%BZ)9BK&b zI%s$s)msfS<2t%_Vd&%-6Nr*wGz_Gl{)4!>v@lXd8sScDghW<^JF;k^JtpF!%W{8W z5csFZjC@&I+I%q;K`Na~9oJgoJm$|NJtptd1 z&hwicGRV^H378D%F%zS*)s|)jdy_qkvr6{D@X$ZXt?T&$squ7@6fso2W_hGE62-Yz z%HiZ64ndN)nLsRQH%p7SWJ&ElUrRDImyBWeO9?!oI((>FJUkW0+Yph8scPnWZ|n$e zwpIEEM~KU(itnE5iOq=P?Nx+zX5XHh<6^oBy`~D;8gC)zc?060MPY=_5?PS_s|d|6 z<$}4gNbbQ;xkCvxh~FWun9N1vTDBvP8fvq66@y&x3LS16H)>ZgKZPOlkccHfi<7FD zcUDoYr8i!SDW+c6_QO;zBKj8}iUunGQH^w?f-s0Qz3v!7ez*h}_dPy1n24cacZdvU z3}#R()e5)C&yOq!ly2^wV>$Q;$-}Sq#zEE!pTG*lsSt(%;s-e8QQ+Cq7Nd{YG+tb0aV!|9=uj!(V(Q)aOp0S0h2DwD*wicqG0&O zY2o@y&8v=rrr^YH?}6eSAB=yTWjRWXK~?+o8E4w$`( z7`$$T{DkXbQDPPFSU6N4r=ZUb+I+Ct2^_X+v${q9W8fon+YCfxY>rd#4!E0Yj!H_K z5Ex*Nt6k_WV+~O-^P;)$g}VZxNQ~ZF;`rw8mH2Hj1<`3V_sGVDzRws!^;)8w6_&l2 z!0^HLkSx>fcvst;9jAP9c~6$K{)0VPy8L6tV?4S`qT*Lz#Ns{yLCTFU9$&0KqcDD< zs-^lBebkEQRKOV(JVb+8OQ)#(8j#j#qAleEdBc)H9$e|73pK1kcbT5YjPc+CHb4~b z9)fb?e|3aD9?L*&{wore-L!3e6-;`!J$pZa2A0hEp~mPjkVS#2FMkj24{W^qe9vv@ zC3&)9plH4_4Myaje%72@|hnOY>6ocA> zejvq#0h5DSy6w)QrgKiBKyE#7L|oFcK*PcGmE$I)>A~ACfh9-ma1Q*R_Qpv)yxguI zi~?toa%QAOg;R{3s2W+<%4yHD~2WRuslz_@kt^lJavwnT@u1k#a_uhliVK}Q!I7Vr~i!l0#?d0b8C)9dH>v#Cf{=l$W<2YLI~ zi582n0}=7)+4Q#qqHA2Q*H&6xM+vFd$B2i6r?3vGs|~jeJUJ6^{f!jf3Lc(@=8`7p zLl%PZ)Ai6hr3W+OYuwZ6-)HKn9MlH$33@AWwiP1LaO`QrFb%Imz3+*B z^8}r~Cd_Z&5Q1K8IG^ITOP8tqg*sMW{gLvhLD?8j=wBOvms1yGY2$J0hLw(NG?WC0 zI~OSjZH#3v4;=dmI;ugx__uhn47lQa8u=RL6Ab^wYp>KO_gd$j!~FLS&WH5C z1l{ZETQ_%?TU|B$(QyH<_mothHj|@KL=K_!S#f^@wzv)>n{LDB9siye-D&AT1T|mY zKZ50YJ!kR-d{kUr?PV01Rd5R#(()Awf9nLAEPOWw-k{s&Yhkb!s09VfKIJ-Kii3~f zO%H4&?e=bC?$J9}nXh@KV$96E&eQIJ3V&)WTr+4PA874VW%)XIyylHejla`**SuH&~zgl?BtIKAx8w% zL&Q^b#Ye7KztEZxM)n)u@iMibQ1Q)xYefBDj$bxbie;xELzX->DU9L$=;l08w z+~pD5n=7t}OtkyV6!rJeOpF~3(io1WL+Uk79!IHr-|n|5dZ{NQOQLh*H0?Weq? zZQfrXv6Qw-R9myrO=yv?{Mzd3-6o`Ei+UC@?o=DNYpNIWF;_za=%AmxR<}D`aZE$O z?r@5sOoPQ?7bx57`C^r9oRY-+xWn4r8_L+8wEr%nNkvuM*r90ad%dEg9pBX^@X`F; zN;}`{C@bZ_qm*MYQr!WuN1vM0-&!@o)vSQ$mwmeO*B~t-Qt@hnuu#^P>6s$cn$1jp z4alqCnhMY_$JpIa9^)2vgBMsncDFq5tm^qKRt)@&~s1r6(b8D`-Z= zi;ik37uK1pz5ZTCo!b+UqmD0%edZ4!Q-gvRMHn$p$|`Rb@!SpE>41b?8SYScT<;30 z<~4yX-zZL3*mr(khK60wYUWs7G)qOlNgl@0>Y`?Il9tpKWJ|K>ovX5FwzOR;!*zJ?DDJN#>YW)Jcm_5Wll+S2ZF?AS#wRdC4V!e(S-YXKA40F z?d6w;2xRxg`0bW&#|re_3Sx6u*2B)vNG28yia|1`1DWgdYEe%A>c5`?@1rUYn~IgL z`L`?@7T@YKvE=Y`#JFqhWc+Q71sJnQ2|w4eS6R}|$M@eDko^W%Kh)9z!DlTIud`=e z>%Xt)Z>e;+2e469jb@YCTjotMp zYsZ&7SSoyQfwJ?Em_*oS!Yx=V_V%!=+EsA*huXr;^ z^Y5Guwf;+fA++D+z)+-gjgX+S9&O8FUfn3Gy04#RUD$gC*IV&sr7IL501WidpCNQ# zvy15gIBIH9HVtMs!C;@WnQmHOYD1JwTx_h{0-%UK7-WLUzh)*i4XzT;!kU|NN4L~) zG~*eGu9pupvlBs52zAS3o^p_nz_tT0|1nE?i)EgR%Fte)p`|6bqWIg}pn z3RmQ57+S7ukGZ{7{>(So)kb}(^oU&dC0yQxdHXGP2-1_(Z{uq7Yi5KYvnKn>pQI)~ zB6QlEZj{sNOCT)5g9AuoQOH2x)TRFe(=sphp@SAH5ho>X{I8E zxLEXA%*U2z!pq!DF@wKG&tNB2p0#=fwA0*tsiGaOqjr2>;QJls`>|aYpZZP3N>$cJ z%7PK#YisNz{C>10qNAij&&5OpueRihVpEW2u|!D~c z%X%32Islxul2X1tXbXAe56^pUmGwM zdwDi>NI8M{oXc*rmB$0LC#d z;o6wYIPZwOc{sii8FrtDH1_drd4`EGl~0h8LTs<)ct{_80A{S;uCGpl3^@rb3)}L? zHDW5Q1!b}F>8Ua2VaLxHeTc?wg&Kv8@5Obt7Z+gP+j*Wz8l=3`r7%3;Yyj2xntIC4 zPk0o!$8C(~Sk2l%knNe*2pwzcW}(T|!8Tar9!a|e$@T`(FIg@Ulu3m#>|Ng7_BDf2 zamCRzSzY8FQ>W!^#L{g=gA9;zex~g&GS{)&iwZylGgg@j2I&unYkbp0<(l4fg;C_# znzzNuBdO!2E&i@*g_W>GV&A0>IER-tmNcIQErKPRe{lQXj^dD>E|^zo!WBU>s`pzbB7 z`tt#+bZ`EZ`Q1UNo6;+~P%h>Ovi(mLiO?nftR^mWerDL+5Br}h%52jWGZ)Qqb(7du z!6&yne^U-RhL;3cT0+$OzDQkDc^I5CJB}x+iAFyAQ9_yQEt7Y`$1Z57qm|*ruN= zJ?OV?A3FVlf>I>Tr;(7fqYubb?e+MvODa!Emc*TYqr69GdEhK^@>F>V!df45 z8I=}pI8%fPb(!pRohnek>C0T&P;*j2LW?2KZt@IjG_SB`eR;JNx`d@C4^uoLIk&zS z`y4QDl7kv9DvZwK*(h4c$CxeAx}2fqW^6cC6mCOusweto@^6Clmb-o+kyV?K@8UALRiv|N?h%K7SH6JaWVouQ2@Bj=}ii$Ee)dbmc6ugJ>Uj8gk z2J0|*=qL9>8S{9FrJPIh7T?Zv(NE5)IlJ6UVm)0N?ihCd8l1LmUH*%!A?JB-2omFp zW-bRjMV)l>P7o&+r{bsnLzw?^MZwlW_mLHcVxS?QxPQL<9n`jrgMJ28b*lbB6iesn zG7kVu6Hae7dBpw9cFI^03_L!mtUQ_aH(I`_?>hZysz;m+q6e7D2$K#TFNHOLCt9Hd z{^|Out<@DVuiiYRJgXVP0*^4R1_TrOmT6Z%XEI)UKX0r5X1!cY?RTdw%5NN60kE5H z8GX?Kso&RuT&|0oGlMOAfAcuprn^L1?70DkIQ_Lq1MXm8jtE%-&#U{~|FlOT-aj3W zI^JxN=|`OB4UcmpV68h?y&Z_q@AB{hTy#}|P1x4jLFd>T&wF&4+5qmj#cLsMabKv( z8l{O!`tT7Y;^~i0E(E|u+(-^{@mJgH!W98V_B$UgAV z{A)E6DxglrRYK~rV;E~9YKUq!q2xd)n0fl&k#>(uC*MA&K{qeIubBm-{^ghB7s?YE z$MkMTv1-Vv1uqIk;9C$%FQX`J?YKhu;<-lEHd_xEx&Ind&e>8f0rOq> zT-g^Vey!3By=}20HbhRAcl>slE1+FoUufa@&XTtuYj@4;Q@GStMSEUm!o&f~bp9`` zJbEI+%()^of-Nn~UO^8;kGw2(v0OQ71NmF(g={`ZSp}dyv(it6xVxsNaz8;hlbS74 zIkt^wo+NG6fC#VTF=Rlu*C z7HCt42c{V5E@vF?bdH1|A8Uu*u+V`%S3bglj2>2V6G4ZTC#k<0wY>C2M#oA7&$`ni zoc%mLh=C3YcDzk!ie+8R7BfLY9-4Zu&evAcZn=+oPq@==^P`@=svT3355|YXQMs9S zx(T^i12-PGC65b1E;`kOnvz9nDw)r@+LOP%BsSB86{1Kp?pB8&v_HOZ*itj87dkgv z^j~74KHIV(rXYUNpFe;Y5xz}3Bjod%>$Pf~`NgW=c-C49{mz-|$WIn-s@J6g%YLJB z62lwV%_V`H9asn0VWFp=M@32Q(~Tuaa{at5l%qs^|CvA5RyMpK8(-kAZZTd-Sd2O6 z4TWY#7aN{UWop)nN=QU^#nQQ152u*t^r_bKZAL@x6vTQW_fo7mvDVB48 zatrXd;Qg%7o-_@5%W!J?I>mQ#1W0;SS{yVE;hhQH*_q6ZXQ;)xV^@!*C&~V;W|XjP z7g|wYP7~g)>wdn=HnBNgqV#9)w3-g@Di`W-VgWLgmZHcjQg5-Bw2p1FXEC26@9Fx$ z94{}U42N<6S`;dQ<7xLMo8%o*u7I?-xhWeNo{hglhueOuAmXNLN>V;cH#P6^uaA@~ zUrjl2y0TOjd-Gx*!n*37AU6$=KcmfDkC8UIy6EwIl@XZ$cZ)Tv28_G-`%B4pt2Jtn z;;?UO8;Cd**7$nd>YbLah5Zce^b2EGsf_ z;~Fd|-|cK@IERc26M0ZJEjO2FWsiXl3Fa@|IeoK~+uW{;+s})H5(>cm@eQ&aXSNly znZh#A+wqy_=W?ccYU?UXOoIXqKTF~Xh1z8=Bmk>{rmS{Y&XKd|N z{V#7w7`AlifZW_U&j0RvXS94pj){>&AHTL%JFai#YB3H=6ZjMh?LGj$VQRih0V34od81^etDz|v^M z&s49NC0JyS*cHFSXyCp1^%mc=0Xo8PE*`rs7k>xqt5nMa!cPnO9PJc`D_nj*MLD$I zSY)I+XyPRr>f%O9NrcnM{aiwVJ@jW>4MCw}~zDxwkn z2ia{rDU0`h9Dg^@=eI{4+%JBiG=wSWr2%GSL^TI+>XIgWI|?*(o^LHzIL~WDQ~AbY z0WsYzz>`Ei=!;iRC8BK)!#~@z8aK*VK-;%~olS9&#RDQsKR(0f!5F{&6E}EFvHN(e zNdu|0UxXS>AnJF9f2v%;bKUz>)8TRH5(4STv6DXuxP2t3xqpi7 zL0k&gQN%ciN!EYtA;o&Vy6{s)BR@d_^&wf%X(Wm)S#)X?C3>AG;>5P z*z3m8;Z5<9l%LYvKK~9?B4)O`rGe|;FQCvu^f(J`N)HR@gfgL+-P#FOegKpl%|KNX zsHJ_*L3OUS&c04k5Ov)Bx&7evy8qXaD0N?AA8phD)aLe0P$a-x=?9dx_}=karWt6# zCYYViT^L4QLoNINHuK!tl2Qj<*LMf^$jJITMf*CNPDeJSEn%&_prfEP70N{3>ikFQ z{GK||JDmUg8?D7#BYA92G^n=loV(zN6epcl?|G>aa$Mgs{rq#_+e#1K% zO`*(&mKRC_@^W6EL$;~MxzH^_NO!sXX`<@ley9GUwv%wJa)Uuf{4}t5v;0r^OBa;( zWY6Vps&m({4YnyFMa5>_i2Jwv`}JG2tjI=R$vr4=_E@_Zs)GmT=l0u5n{H$UwhDVp zJYgDhM6dLO$uge@$h2>F0`Y7xmnBIg1H*FO2T^5-hJ<_x&pG}Z3m|*!XOp-2StE^8 zqC0QL??7caFt&_64RE0{PjpUqlH)9`_lexn;#d`-mftDq@Py`n9Y9P&C0bh2@&g2L zYn6S1zLhW%F;>MF00K*<UtX{j%diNJ zJ$1~IP`t#|QTto+pD&TAXhlQypLlj!nEuCm6%7PZQbja!!STv0#ROQqMgVEF#frYk z%h~_G-mNB@sV$@by0frcs2Ki}tMXqT)PH~f|2xKzC%-=rf(bad_IgNo5dPiD)BD^? zFW9L3kF?B+1ksp~#0Bn{kR4HQWE}qK`IsqbfGMsu#?dv&SqmsSjYm_@fV1IL8_mSXyf$z(5R>kIL^X=`E^wtMH4&^P9`X7jR*> zt~h1ZTH;)woZO{VAkBpXTmpW4ZJyhO@ULq)PkdpCu6qaM#=l5ol*GiHut$eFrlDOP zj=dC%Ym^kjNbyaH$UB3!ff?I6R6UzH19@_&q)vYP#Gtg^>!YNa)QVxcCz;_^24$SI zhfdF;TLC=)A_M0r*1YA0@1P*Vfgil4g-~qq*P7;dDl}b^nu=!m91yROO|}ODS27+I zdw{;A0usG|Na?(aip8_vZQM{D@R&~u`-a@^r9uOqD9A1y_YV!aitcxdbT+%^50nUt}jGqSm z#8rJjl84l~D(L#~BDdr!n%lHc~BwTwSK;-FfZHMq)uEU)T>?HKB>6VQd{cLoWg1HNw|{O zmc|o)WI~*C#FR7ufTNK8G13=sspa2u(b4cI>1J}XuV;L28M+_-z@Y-NzscF8vIfp6 zTSoy-T`I0dPb0QvOQjPiL^=wazo~xq2wz>RcqQ?QS1F9zGvKq6Og-MLm*0vJTu%H@z zN6}_D;h4GAnK%-^xGPwFQ#V>;J+~A;tf!Is?P&g5@MKA-QD{mUb1gXddoR#U=FYLv zLM1>?)jJc-*#l&a3j{TnY$>Fm&d=HSOiDz5fzA`j|&aL|}{#@dsH^ zmJOy~z0)4G#v1vs!V6yv{hq)xs)$qdIXzT4sKA7xl!b(A--_Y4>ohVKcb$=O#?V{o zXQYLU9b9&Y^`_C{L|E7!_G5-kON4@IfVO@K(LcrJ#qEz$5>R}@l`3@^A6=K4?9cxN zkc#|;YO&b0Ha(ageKg3O`Jn-=nMokJ9Q=~!$?xTU2jO(*A01wY;gY$91{Vxbn;URT zM_#|tCU#u|^wMK(^R78*P|XEf{_2|{xhJkUPA;=5F==}EaFo<~yF22ah_mUT#7GE7 z)o}o~`+kwqEu6Nn=n`MdARHr>aI?`~h_G|t)I+q5ec^b+Gb~KH_ zhI6ymP|@F?bn)EqMVx76V&+<*6=mq2N-zzHS;A4LH7qKp?;;~S0TOGM6W{N#`LS0H zq!;lcq^({Om$}D#s^Jw zwWW6vSJ;UuKr87|rqe*X=pFTq4fCO;dtp!-srEiE74Znm*ha2ICD*hHm9}8JTCSno zh1Pz!i;ig;A)NTSlWoj=l}XW4(&nv&F^`|NLr!wk=6lIR&?C5H9_0tQHHVv{#hbxuip*(ux~Us`xu{fD{^fUMZQxvG&)}nHEp>QAhcSb%2!e)x;B&DOOseRTKRTxEwG;4lj z>ZQjVnB;ie?yd02*=U8p6Ykh%a^2ZS(>fr*Z`l%R#$Uj$&;SEd1R^CMWOicvqrET{ z=XyRZE;rv2F4tdjDV@V=vtpy@h{%!Yq=HR)VczD|0k$>E8C=P0jW@8Qy6hz~r3eP$ z;drlQ2T@vmP$dx9b?3)RBnbo@T=QnW@jy>dE#EY~1{o?e=hgw6%U#clMC_zNv*FmSMWfD`Jzp(_KSq~noop#7 zd8WqRB0S1SuaQ;BNdqgZyiTetT9yL7PVzR2%l0t;ouRNDSfW}AZ4EH;$xRij%&0}0 z&wST)4$T&wXttYKjZ0T~I?h8Ka1s1Vd4icQ39_tZEt)>c=BSf<(n;-&Pw5sa^KR{f z+cfr&B=c=p1_J_r7zazx#_^QzTwpoTQUa;sM`2s*uj7R28IXtLAVQ|@ve;|xPvICV zJ7`QN_liT$bmB7kQK^7Wex&TI3NK9WZ!rF-BL$=so!<`SPWi4aQ z16Ta5WL9h3I$S$ko*geSD(IXwk5peU3OBd_v%LS9yabo`a<3NIwlWD}G!oFo{r zeMvvv7*@^{ETx7Gq?fVs2GTM`D1-kdgJy?IGZZxu{(xf5SQ$omAe6-h3car4h1qSo z;gzexS06}1*O|Kp5%r=6b<|s#b`f882nXk7G9V1-{Hu?P32u~1_*F|Wi8E|fxvfaQ zPQ#dMWw1{CiDjZU)kz$w=*{#se$?!{u4dJ;D^-25W2$HHyGU#|Iu`18$6*hyRE*t; z$y8GwcelAl-|x-8#XK?JNkxh*%!?CJFQ@luFl--;j;vkE3(frd&Qa1^i#%D~y|Qdy+hn3g;>n_; zZilY@Ex2rd=;PYlN8Jlw&0r{WSpW;z8~Q49EN z!Bf(=_5=Ee#T3$EmNVBwB3drpRb+_MTg-MdnIzbRKxbT@2IY!4sQN1t*^3n?vJ$W) zb+5j1g5KD4$+r@^ZoyyhNp%+u&Uk-jPl|-<{-^{LV_e z!Aab^C1Z8V`A0!A@gVCdvzr*y-#CxTmvl&zD`Lh$!y3;CCLJ7gk` ziMcV*7FZ^F#kFvB6&|*hX1(jsK#uPoWmX*;!PMbtuefr~{mMr@9jdscehTX;&bWJ` zNjIGKl&9e`0#zy0-qyHwp;%yS{$)7Y(6d5na4k13DO|h;rI}1=?I@Olt6ffNts5h1 zKkZS&KXcVXva(6`u=JU%?wtmJvn4uJ83XJ%M_I*SOO}JAqmR|omCH1)v~YS*bapr$ zyE5rU=g&+#QL4@>D&}rX*aw`#sL+HRW#dff^BIk>Djx!B;M5AjkI1MTw20iPnLDri z5McBzX1=)f5Y;$P6uT`mR`JExiUMhYsGx2zGye*W(3os#b7Ip3Y!$# z!X7K?EirNqC6o8UiZXD}uvFI_GmbhO`l)j=Uh;VO5kDJ3tT%CGPXU*8 zvr!VObvN8LkNO2Y>IoxR6lR}3H=8RKz83R%V{s!=d87#wQh^#l8QJ7B$kuUOt6i(S zEk`{5BMwA{+-Olpy$@G+s0R}n<5{9P4>vYdb z;hfd6Hg(lFg|Qe;{ff*QVr_M&Udm@iV1I#X5hqusl8d#6cI8vVtDMMP4`C6W!NvR_ z3tq^f8Z62^6f{Ix3O`*$Vesv^-yo9%~PWzKfZ&CCDW_ z0^cdWM?BdQ2Y6~bq`sB1_lCZ#@z)QRZVh{RVh~oTZDW6om!L;<=Tbh>Ty^qJ?bJ3cHS{t2YznDbw=Ze-S;b>3hLe%wtM=|Q0(WPL%s z_>Hd-wGcZ&trT-YQVvb8I91#=LgThyfWgFiCux{+O|c<=?vlrmMj@n?mI=e{;ln4v zWk=o!WQ_f(7i*uLnYuu6O$UFwgF!N(=}pMYAOC)y zQ8W}&352NQs#JU#3DEbAk;z#|3!_jwjF$4(#oGvx`W0Z*&;FO_CM<`19{z_PkLE(S z2Des6WNI_e&MEz{N-|bZj|K6cL=3csCDH0JmbMVKhm}_qw&eG^4>83$2ya}#Gq8f5 zIn`$K;bmaDivO))mN9Zk?sf9AE+hZL>YyE{5f-e-U0vP|Av|->grhk5R+-7wkQty& ze29k1{V!6jv)`4O?+!v6xd39tCjFF|AY-3Y91M*PE+Hy4$KcA*3eLdsFd}N#Q=R2A zh$};uT$LCJ8~;xq^qJ{FI^chWCnvnrh-$o>3@vvSD~gCAeQ{aMc(( zbI*8C(T%kiF4FIyDJFU`=3)=U9&DwG5+_=h2nLZvXd6$4XR=9{Om{ez;fWVQNWlWV zl;~>G%NKcElv|KZXeQf6E8fuHB2lVHhqzYNcReQhNDcp#2yQX-x-XpV(~=!k1aY7F zdc@%q)!w4+xE+HDERWq=JKE>rgA)N8pvoOWDd&Dn@Q6PSU?D_RPKbaG{+Jn!1E<+H zx2YSo)!$+^ah0%$AGyG?wu^PoVg+a^0n{3IT3M3f_z1N3BrDyp2xJxtQerAT&s?jF z0NXo4))BNqJ>d;T<@m}5V=*04Jt*+j6)TCf!;>65+*6M0wTjeXb$O!qM_BSpfpqzD z<}z}4g&L~d*LD5wq?X}IQW~W2=0P-Wizm4>Bl{$YUgHu-h9!hhwMyVqay=}O9FNgs z3IPRes6|8+O;>gu=I1Cdmj1Ti$7KA5fG{7Ta(?n6N$TtqhRP+Ke+eihssq)D#Mq%y zij&g4|2`Z7TfuboWTnh92vEXouIGjIdrmuV!91B6MOJc5b0k!Q-pnl~x)&F#Yvee( zVT$3DEto@Utj;q+!tSdS7NP~0F2V;o#@{39LD)9E@Sr`PYX({N61@RUQVAiA{4SMp zJy|fVfL&$!;nW>3i^etUQc|8oo_hWp0)xFI}8zrh=Dk2rhG_YYz*x zS+5RTFlGdi5u6M;8;xalmTFwdrjtFSY3{D(MF;VDKCM+xM(qURY zUR)gBdZ$j4-1$^Y$VoBa>n-o5j4_F3v1i-InUhGE`VX-wuNceGvd1&?Q(xPhwI^`3 zwDZ(mP#bSt$nm2C0YKfPP{wkCIvvyXHd@75xXv9oL`F)-ga%d6-Q{-o(ed0qY}+Z) zA9kvK9(k=w#C}!OD^n7izwZ6F#%7!~Ooo;iQ7q4q;+;61Av1L@jRe7tmN~mRT92JI z)2~3%j8rPHX{6J-q_AQs*cgeVn!TmQY>-<;9=j~}j!=75((C0IHMzl&V}M{7n#I>S zxVy=dKe&j^lfIP-%%}PLiQ;Ki6HE`_QRC2 zf@hZD^c$@Fi-YVQm?Hm6aRSI4N*rN5j~z?TyKtxMsir7N-IKBkh*KGw!f=$8GnlA&>=igBg2WP}~P zshtVZ+u`=Fn$ov?N5fryH=A57TReY>B{2W_0fm})UYX7X5=o7-Z0Ko5pGa#bw}=H` zyWo!`XW=JnR5amv`G5^iXwq4@-~o+A6!0l4o>mM8G+s4Ca>|y~kPM31pTSQbt073> z&)W}9%#2kOO{$;}mt2*OD6g3$sEL>@9*L6$^3xaznOYf7FVF*s);KuR_`7g3xcC*w z&6`ki8cKKL5S(sAss0!?tB{+a-oBIkK?l@cVL!MxhoZz$U@P|!T&NKEGum7u!BWyg za(O!cNyGo6Pn)1oKmSS~wTMGze`eBao@2=n5pU)#9EkT%4QNSfIYC@(GN@6Er86Yo z#Vc`$9EY}6)TvC}xE0F!(w|4n~4>12}dCk8b6Z4-|q0+iPiNQluUwzc%JD+V@u^elv7>3yn0DvMUJxSkk z&*$};a(p?-BiaYM&>>dX{Oy{oAE~S~m_PFdhnB`~7k*OhmQvPSN+NGD3E`48IY3~7 z^)-5s6%}J?aKimbi$_x3zmF0{w`6pGK>E|G7!&EUC6Gbgil&gZY(az6) zw5`>*!u6H_wXbr3sXqVU^h?i9He0LL$DD^SJVGnKj~u}hx$8H%!n8Gv3?;?`u!L`e zw!n;A1AUG8A<0jDu_g4Zg7@ZRN9e1p%aub(p0t$Sgdq&Q2m2G{&5Ro1GnF`vR&8Ed z0ww0FR2>b7$IuYXSxEuvbTuEuNQC+%c!Ecu6iaa-b+qitNc;B|&j`1Jaj)Kk=h5U{ zVeDY4lVszfzf!o!kkCMrn0sAf>L{+Oi$wvF@3-;o8k<`IBwX1~P#;BIV<_s2yi;yj z*%HGJ1IrF`ZR2z#gqvvX-(o2;LhW~Rp$Q`QQZcE@T-r{RWf`G6%Av%a-O4Xmy1|QS z%dwOKv!jlDsI5ubiesr6jF8)Y3{j!%A={Us3TFr(kQUep5abd)5NfWv!Wv}uq=6f`n1OB5JqA+xx>kg zDjeW>7L(aqPQ5m+NtW$i*pyx;M=CiqUaBhUVqTYA0!D%unAO_USUB`;YWu$CUvhp? z1x=CWGYfo=!t*k(z`g2rxX_>dH^1vU-lLKi_$rus64(%E>x@Wf^`}t*n2Z1qCr#eX@{P!upuh=!(1TOb*OMTja`Jo>*uVITvK2qqZE$aW3ig~`DS$H&3WYZ~u z8zZ2eeBtB8C}z``zA$&NSE0!{NL5^+rxPR$tud)r*lbo3qDN>lyOXBD9zK1Op&yq= zIcTLm3gz=Fx6iX0oBA^HN#R+Cl;a}@9w!QxHkIQb*E3lv%QxFZ+oy1~Kl!9ge_{hn zrHG=CDB43V|#@#uayq=THS9oe{wZ{@%=O>wIlsLTkE4I zwHDKWEK@X=w0&b~O&E}=zGuausW!wcxuP?NfJ~I~2ZEeUI4y#N-#j)`VmPT~7Ggc} zR^2~i5n$js9xlsRM`Mdb&@v&L;!yj`gC8@Y3_+#i1Kum8e2%D|C&7bJcC|{h#A06l za_OcnIv>4|bSqXYUdbx1T#&o80*PKytE|35Z7&T4Z>!3U|6sGjsnd<|9cDaw^NRF* z3c^!q>-gRbY)$8!_z}0dQH3Rmz7Jk8ss9SiadD4tY;nIV&De}#^K7^+$DSID>dUk( zEo$K2gh%}f3xh+M&Ue+?%CBrF$mC&V_+KuG(~NA=wBdNxq#bY#k5t1`dzEC&2_wHW z_`!}Orm~8%T{6vQSESLLs|GCTT!k;+l=M>` z8^&Vkiw~1rG!~Uor~zDXs^- zdC#w1W~XL@3}Y|!9ZWwP5oPR??ZRt~w7bYf&#;>X?Lz8%8oN-JAn>7X=Y4pTlDr7~ zUr$V6oH^wp(BdzL+^2qLzbvBkr8?pPYrgJ`a-Qi=k7Zs26_Tvz6o-=}=D*bolC-*3 zcQ;}Pgd|fp!=hNCaxQvgv~QPxqA$xa;yj79derX-1d8H3#j9?{clvd~Vd9Ci#H7yh z7Mhhh_}OT>PiEt5XQn+#aG|+0+oT~(&ckyNF0G^Bzj4K-p2?JnCq2PX5(U#nn)|ww zoQ!7aR14%@e`}pbF0X$etX1wM)<1)48#PA6IMJJ-m2I`SeZU}5z$(8z{Qr;+(#zkoIkcs9UKYPS2JBuX$s>&I>IdPE_Hv>7fk(^Y>l>wJ{!y}pBL9;{CQ0n!=*zj<@W z3jZG~<}dZdGT?675{gv{0_hZp=G_qJLOc~ko5GCqJk@2Mpi6f93)6+ZT1wS|(gIN^umZl2VpV zgTN)@a3N%Bi}5KSbdc=S7k$v7id+P_Ty!_pF-*=DYMR{#@MMwHxBO%+FsF35#x6yl zrnv-?`$pcsTGPJfh)QPI5D5;#A@gF0t~CQ~G(rua^h|8BFE?~hp@xj_ELxqx$~fey z4lzWXgaVIppcdWbh~~329%e{}i>HPRonnMUDefS^iraCzPNek8oT5oToDAN=>!LDd zYzY|)LO2lpja}cIo^4%{dgCQq$sr1W&He7)_?GN%#O)`@sidQ>*oMI`qix9PxAVmS zA$ja)O;&&ENAjE(co^nBrK(*$cMwyhM0H+E=X_kmCnu_@yF@tw-dJW6B3gb@6JL^F zf|wy?*moT=k*u6ljD$$oaH#Yu@t5b;2+1=K5e6l7kYpF~jUWkke5ZDXv3#0GMIB?p zq#+f@=9exBsA%M4U+Uq`vK=F@p0Xc?bOVf(xH*mB0=A^q=7iXL`Ax4KF~te%Gne=s z4U8VF8T`Q0hpzCY+L2@FjN3|D{Fs5M=y)XU5>>@Xd>IC$a0_`yGCHbKKRQt>Bdk>N zWfsbUV`uhr$^#>5GwWb-AQrglC%}OvO1@?Ze1awso<3*S7LYxAr(0~*JFg@#S9LZ} zLlrMSUye-G$VGv@IhlUKMcS9kL?5VRE-5q$PeXm~-c#KC5TiR?sp=Bqc^L4WWS)8a z&1>9FFFiguttYYgrwr|TnO;kkNd4v3bjp%%IY^)2KnZ*4RQ?)Ky%)>s4|&n*w+{qO z(F02oQ=uI0q&3@cx&5LsV2;RIz=tP99};bWv6FAeqpYwz9lt(Dj9L6BIHw zt;=L8;S{n04~Bw8GBygmjM8@cZQFt-ky!*aYVR(Ff?;65z?%+4Umtw4cA#!J!o2r= zn%E8cXRS#uqJ%S}x2$|5B)3QJYY%`L~sUO(}V2H1b~ z#!C0&Pig8@j#S84=5Vu+D%e|kelFvs{5Tm})oK_w>!5Oc*eR~0YZkMAm$`O@Pi+n{ zbu(J&rE+webm6_0jq#55Ly8Wy4qA_1ykmL3C6TVYK-QPyj@e%W17XI18MQklw+NXg z_OqB^(Hpk~>BV^R@Wb$JGZ|UgJ^rE(RN0XQ#yt71>@8j2BGNktmMA|96;PymV&+hU z75I6^T`;PLYL!g$`)P(Q#!2B<=Oy$vG)EDuE3hl>OR&H~QHNjL02jS4RGs`H~)g$kI zowoGs$$9PuE(AriipHnUV5#nqE(KV@hNx=?tTYTDSI7Zt(>tP;TBWgD_9N^6we#;hmWv-*tS+Nlx=E|VI%RI=Wv7dRM0X+nQ zDKLTV(9u-q3f?X)Bn_4!up_gbacj27D?DtGdV1}^5Bmuelsd`FAMH#TudD_L z`fHTiOg<|l%XC_wyK3sQ{xYSzrl^oqYkYzNdgx+$^FS(xX+|a-^Jp^|*DrX|W$RRY zUaNdLEtBNhfAY0h|1TkH+3nzYp+8kARA7U_I%KtE;n}7^?}&x=o+D5y+A(Z$u!|&&Qd-( zZ8T9_AF_MNSj;3_yeGt99% z61icejj<(?x%7B15h{i;QVJXQr>EuT$PtPNK0?lJBg$twt|r|pa%(!&Q>~*@E#nJo zr~}d^4Z1!?+TVmK}#z#Q3-p2HwqpWKRj$mA-xRO!d={8M#ATJ|+=cK=na`5cr+lVw7AbWauDgVI5{#sWQtzp^#V?7<*Z&;u{1oGq3H zkuRKA&cc?!iDNYMRnU=C-P$vwmYKsVPi$~bR>=yvv_(fDmmS=U1lFOdqF(`q#?P^@ zULeiLB(|Wp>_)Q0NKs(MB5)(urn@m;HT^A;_frpUnb50V6(J_QQ=BYvA2|KT2vRnX zk(z2s1v6R072~8+f@38pKq%1JkmR-=j3X=ce%|^Q-n;?D5b{<<7llC* zES~6oMp0Z)A4j0wqQY)%*wiRpO=}~&Sc!bQ4mA`qLSaA#;A~Yh1&mM8tR@L%LFP6( zpjOgOkAns*1g9dBFbD9UM@|Oa+2+xE#xyYor|tqxZ{nen&_Lg~05+l7 z$Z2lhXa{!r$8SOU1h?DNPA9cwMVdBu35OkWmfk*s_jc zzb}NU^7c={1m^UVz#=X>^-pU)&hDQ~b@)Se=5mffwoBeh(|K$kxwM#}pa*b&B4xzm zKmfvgJqIv`bAllSK_vrtwPX+d`J)^Ko!sG^r?S-8(a1m`q-as;W>f zLs2PRqq_QI6Z$^FHOtIkYXnwwh=kQXFon*+dZp&SonH<#^p& znV<%nmmcS>Ii&L*y6YrOXJ{K|NcgFjsJc#%7A*?7z{WA5+cFg;I>s?Gde5>w)1}Yp zbFHc?xKTzg(*~vTE&l=R`fPc#9DU=MLYUEJvI(uUM&_9#Zv9YZ`$gK0HWToNqLF5W zs(x*aO5sHvs@u4TCAxNf!mN&fz-W{t35s+&8!X6ZSv@F7rQj$tG?UhOi8oWSIRJ4C4z=|&`MR(M>c_|-X5m84A>-vLYX_|t6 z?p<{S9}2TiL3WD^B_=Q;N@-bzav+#fmPPg%K{;E-EC+AddlraKx7X(yaAegaAgkzJ zMh%{qxa|clrQ#Oz(FFw|!GkBI;B^x_Fy7480w1{G{$Yq0hpU zRHMM0iO`3~TX!jcKAZv9doA&n;F3pX5DAP3TkUQpQD3#&0PJ zfAK0l+b)2I9Tb6*^$;hEZZxF{6IUW$SUA zO=gVdM&ZIkgj`(}|lDqhLR@xqWvBewxXg-8M(vmpfEW>MZW-?(7y?_8B`w=O%4pmpT_RpMmbcbuMM1ht)x z=Quxi=nOfg&-k=)&%6t1{5Bx!Tbci&NgYfJ)wS0ZuIGQ%_5h#-E&rVI@4i`s?(AwV@UEN%@KrS>}MG_|1UJ*Konu>As2>V9FZCAB(K)x zrMMyj7+%81kSOI(}5{2LR8{Da!<3p zJO&(N(}C!g*{$WQeU+T5&!a^r+h<nUWBff27&D1uku-Qfm*fk(*U|x^@%~yBo z6TerH`;@T{A)LIdeUddfOEPY&- z-pGqj8O~R;3K9@J1Q5JN;DmH=z~?r9r$zDfy%xoSJZ>lb(^r|8k9NT&B+Y@Qcyp5R zg}jI;2#5BL1TMg)5~mG}gU}z2=UC{{S5mW!2~}??Nuy$T-ZFn-$$yp|+!NWevd>xKK^so;OoftYODaY*eeSYGOy1 zgXb3>)?Yc+ z-^u)}9@s&Yk(pAmlPP}Zv&zY+Q`cCC9B17-?QWj%QHjHQ=f1w(?$n=Uyah2Bx~`c) zbN&y{EuzHWq_JooDVdvRXBpR0YW=NId)Y$F$P?HQTsR0GCjZ(y!!Bv!XTh<=spaD= zgHLI=<>99_|GY+}MJMHqub8SH5EYAxn17jFL0cgw#P-?xqcYi#xOX##xWXAn)>y;b zC&DelT?hVrXXrmO)0Wv|hDoJ-`SB%KI*2hwJl-;OucAO~45G!aA^n@qXECnq-9g~n z=Kc1l(t2qULmOXnyQfcj^)Bm{d6}O{4CplV zsJ20xCH3wij`(BFVyRV{0M%KaUcD$hEg6wpxU-cao zjwN6X&){d0_n4~-Gw-nFiOwQ`_%2Cmnr&x^(sT2nLjwcd{l>;0wXu`=TFSPRbEw zmB2hh*rv81w0Z^DL5i6}D(&GE^r_h37Kz_+`+Zm}w`_0OHp>QtR#F7vi6f)1IO|R5 z8&AI-j`KNY;m0w8_^`GS#)TLzA)LW#J>RE$dA_X|p~6bGg%QBeyo6Gdwz`_x!T_3T zGmTJ{!X{N*Dw~zvXw^I-p+&Ct<-~uM2X}b?{f7LT{9;&e>`|RrNPC|FwY0rsp?~7) z#o-5t|HaACDL${em&?~=dFtHscii91x>JU^p??qyP94G~K)uBIwJ3`Q?v4r(|s*d_NMUj5_{Y zo(7cx$Vjra^=35!ezNU3NCH>r>kiI{VKLA>_4F%EKmOUo1ARkt7?LV+n|u6=HR`&N zITx04yfNznZM^o-#e1*DjZ{lAFGPwsC>6Gi|MAjpZjMit;#_V}mKxd4j8hf>itU-# z-1&GRz(C-l=G-V0ts&n;!Gh2sT~%( zgck95HRd%=13JHLk0Wk8-oFaX0x5~0pGBmKe`!OY2*yilz^HJP^xfe%7hF$fI071X zMwkIBe9=M4n?#!3N$f0LkSqv~bt`w2VKhTYG;zMs_} z^8~Az0hJ(;c4JN!Z9Ni6RCazu?&|++#Z(6rKeNK(taJ%XDw10)vve78c9oRAOO!W1 zu*b>|z*ZgsfvN|6LEooJJPR1J7z!H4VjLKYw9l~8%?j4}w_cRqhE&~-)oI?8p6){! z-$xG{-nzVP2@m8FO+tfC7T3<7&0^^#1X}-6qm2@f)b5gl6)s_9T11dHef%Rht-mXg?@t zN_;cs9B9Or>j?(v-+N;uE9I{ zw{~Yk;LnqpH$b2(9yU15`1UI)XMHuf&uDlvJAS8_a#2|BX}iC#FrqUXHXysaWjewO(NW{Z3k& z#`v%-&^Eg{KVr6uZFL~fuTRAHlm3b3`Ux)6R_@FvLg*UE0Bbx|+dfKBJiFB#s7O*w zXjs8cOBF48x6)zRw62hU)t8ln$)p)sh6rD)pF`-MJ5k^yP&%F(FT?&?~!_XXZ z!urVhSTB5U%ny+MU{ICg>}NwbTZR?)0)LZ{^VZ{hUo^&`$BhwjS>J-H5dAgg$2Za+xx|Zg>mG}k7PHe1`-T6T*^JS3O>c+` zkWbT$*S_o@eFPcCd^?og!%^R>HDCwe{aPd$&HDH|;D;H7C}0}awRP)yUh=Z%r3a+^ z&~4fdMB)Ga%K=ZhB*-q=P^DfE>XAWq8C(+TRP|K78fLON^2?}XrYj9+1gLECf2~q3HW8TnYU9GcC;4^#?CNVqc zirn`=8$3XNX5jZI-QpVjh*j>BuVcPL65YQ@BbvoA-jZ1=7z@3R{QX=B*9p8(?*=3~ zUcX$zgRui=^~?}M$}${KP&+7{#mwM`n*luxSYWZu#LfU9&%mN;>p&FDz68hx^vUW}qI3n2ZP6d$bHNv*91}c$n;d6~Bmm>t4!69AC23VMVLx zywKVPm~D^^Hgw4O>YZAMZ-rRyu0#{=xUf@>3oQhX9Lkg|H~*d1$`;XKLP#?iJw>a- z9T4zBj!p+F;u<DEH)7er7o1m^Hmm51Eym#JL-rjTyVs4Q{_ie)S3~*Y{+y#=n zN`KqP;1dkVc+pq7_VBqa^85Gk?NIV^${wnQ9x)^W@Ug~`c^06W)_wSO4#QtmZDE$ei$af&EYTa8Z! z)%XV#Nq@%w%TOTreW%!C1|&4j8D+*#2DuY63p}pufn|Ph&!*t+EXo+C+=^e`p~3|) zF5s=-dv{u0zCrmJha~p>JkHgxp@Dn-jCL$8-}he(w8O9fCuEw@sS&Q23`i1IKo_Hy zh!*O8Mg4?|aNsL{U|qB7(DuARqK_fi!95on7^yh`6OUWp`oX|zoMupq!6?Q$RpOJ1 zE5*C%*6`#FjVfk$eNXuZwf)zdBx| zYG66}J`()2u^d93Fd?e=Q-5!@G?885;0O%r6X){xIS(1LQ{M(6|1Qk>n`#^?+ls70 z#h<}6I9QS;vPx7?dRJYwq8Yl!IQi|Cfgv8oGC~A>QvC8%r6MLi6DL z8MK5yz|=69bt~Vp#IwIL2jK^qQ6U}jV;H&g(rut2_?q}rEH4sokKCt*uT0|N%-WXllYX35}mEA7v5EmtxLEf{(e0>C&haCOwR7!XSj@!R?GFWXZ+e~uE$#)a~ z?*(8nEC12w&+PR`vIzyXYcWpMM1L85=NK{YWYiR$Q{YuDLN`%?_Nw09GeF-(>iVol zq&5*OG|zn0oMR&BBH?=$&MvM&6^!DfDOX(OkOV#qN%-*e0^reUd(xCi``MZvAP6h= zlWzxG4F+S7_D$)};)zj$dp#3F4?#7;Al$j7SIy%1wgq4x?Wq4#l6e8Y*A_9#ex?=% z3DUQcI~LFvHL~#SgUk-~P_G$mLjOOcKUjuLy2aq?`7&-W*l5PtIi?|ylyOzK7mCf2 z{(=?T=&x^7C32ibEMhxy(IJ0*CA!krj~oR%Gl%0oFYl_*2U7o5FwTGbwbN^9h3uCe zR>Ob{u>sV55|JHlDTs##qtgw z=o$3ZzTqdj*>pTC-o30kQ;K_uP~EvYO(8wnOxL&3GV1mL;yMf{1W_il#g9_7`N|QL z;DuvqWU_cq{=I<1#3)<|s3>>(cR54U|A;tKEPv1JZ92^&=NYNIg6huP)3Jocd{>5T z9=#)YcE`{E?}xxyk`OamZC{hQiBVdm-ajq0kUXMbv2fxh}H2BgI`@% z%s;$l%o5G-9S=S~(OU(%#5=vy(d zqw6T6gEV|yhOMz1BcM__vLjA*B-c%^0slFp*Xl6``NT%p8??YoSn|CVijM}*PI45p zw5ExgT`t~FK~dMG*4@AB!(9u%zmg5!;>D;S-LoBv8);$%t(89#PMc#+tmh{MRN&S( zRQ}csy&W@kxT^-{RU#PD2z+P~#7{Ljc|_*n5eC+Ei`HYiTv_eY_-<}Abe|40AN)Gs=o+9(Bk9b?XAD?i9&;gXr0TRn(5)<+-nQr(eh-Z?_Hpc9n|O zpLmINmNlGyfJAkk!qf4=-Sb<)Y*-;gIZrwL`(XqfkdrOvS2Rl66DE?<9|j2u(u}-| zyp0oJ7QsUpKAbI(e>Mz>#Z|Ep&0PnfY-7yjF0D^>gx zaruj@K_w5e=J6+X#M~{0XQST+kRWagFW63OAg|ymK=Q|Me1!YWAe<(WrRYJ}?4O2l z6*8PMD4UFZ-fHU1`HyF*>IQQmjg%A)$DXXf^7&tml^6#tAW{}Wb4%y8I=ZD=h~$4G<=&i3WE<2e~W62dOt9*$LeL<|S1U){lc;&L!~f#Y2lW{%W!2Lmp5i#?M#2)W zS|{q6nGoKhoIQ4c=W$8g$rTw+HS(}B>|YLei5IZHG5yANRN~CKFp>crfT+op#%!44 zI}fA@peYjgGL(=U7rVXl8JDQtTqtg!N)U7>C%4dJmM1T{6I~LN{>HZc$VlYASKr5( z^Nc>QiPur^D5oIB9PauE_{KUyq(6~yWH`{8f{5feJ4D+13Eeeb@IlndYHN}(IZ zxNSo$X^V~1l}L(w{%uw0(HRvA#GvTCFz|5kV_`#(c!#%^RX`X#l(kAede{vjW?3UL zRDaIZZwOT{Fd2?3O(geLh1j}iU(c$OE*m*3m_Ei{_`W};(AsbHn`&(ZJ(A%p(tDZY z0%MPl*t&3&KySiF0L^f6X$k_A74x80tOury^q=H$pKo9sCNeN#_w@T0$~X9c_qVn> zPe$O7)}Ksl`6MSVqKX|3gr1=q+C#>(Wm4XfFo$h)YtfY3z0^b(X`E&%jC0bVgt=Ft zigmy?nY27b`%jE7{7!iwHHR`MCb7lsmzB;*?&v-{ZQ*f_>r14xl?>Kq%P1AkiHwqo zu=)ZI$$Di%pH)!cU)5qpFzSCxEx=3J`TOLulx?$6 zDud5ZE6Gaa&B=I{wHvJcm^a;bjpgjUV=Z}&(bwY@Ue;l6DtI9WaPe=PyDc#>ib=d=94Ob&bCFfAq(%=VK zpIY5hED)%`J!KGuVbrHO)R`WH`pJ27W3pJG(~$t&5p&A~*7a~yAnNxITRl;g~%<7VGQQq9+okyL2m34+f5BLAO{bi4y zA0a9+N?tYvLG)kg6Vb9mD-KfXL64%vW*3yabYHS^dAwp3bGIOYK< ziSvV5?4oxPg|CHAK!b3~vS2X|ENe#E5q4rn+1TmX60q+OWoc>=>+|;0&A*hV+rJk~ zEAi7(0Im7ZL!JE=+4C}jNTfdSgV7A9p#08E)ZT|Q^hkyr6S*muk2bQvvz5o$$8M0K z-t{8OOnvpQ0N#|t$<24Y(`CrhX}IznxX0(-;WTkQOJqGIs}Eozwld_vJr(rb-q z;i)X3_eQkzjRSP{r=t2#BYY^39)Yg%;ggrq^C1n%!BJ4zTN!_wR()lX!ia(t*pi3d z;E(=-_#}&JWo|fexlI~T5H&V})_s>0#~5Ulh)bg1V&qy5Hrjb&*2?f(DnU63SMw)C zM?rv5$<$CS5unAa;cb;h1I#7q>&xXU_v~&PQ$_tE%g%+Q52m0GGn$O|!%Pupd67<2 z0b}u7$8p$Nt9nrd2*lha6V+YX=t5IkdiLbio`p)wSGdACB>@2n+;a2DSWAY$Az7{b za6sTE0z>1>JeWbhRsH>vQ9YCFp{D)py+8S{JNpf(?8-U90eZZ=N8<+d zv-FMpq$lC;j6XYpFi!M^K|Eye6)mNmUTwC9;vf*%W-ge+b(@O=xus0ax?@HRUbHrQ zVm{I~*&-#7BqfZ{7{VP&iT7j|%u!9(*Rf2rC!h_oJvoK^6=8YigDJ3vO8^yxZuFJx zDAJa=eVA{YNLAO>Y>*EQ+f^R+0xvncH`~* zKI(yX!<<4R)^vLw7cnriqSP}*XR?C{`{|23&DO4FcDP9x_FQ}x>=5Ed4RsBkuJ0Ey z`J#XR;cPmJSmKH*FQQQjBUxQ3$!qFi(`E^*Y+Rj2p1w}z!d}uiMV3gs{Z`=J&l52c zo*Q_2zP9xYNMENh;dX@A7!iHruk527W(rmM;?did@XRNq4Rm!6w|d)Gjhlpx@7f_n z)*IwIjX0*qdobbRl4`YId5C{YgN-}0G%Ddme!3t9Gecf6Z;Rp?x z;xBDCx6S54FJ;y`nqdV#aA?N_Zb*`P$wcaKbsz3?$ybs=AJ1Ty$avUa=`Sr!N+=Rb z>I8w77YAQ;l75?v^|2m2IUZzKuEqzBGM37|5DA(i94`eTO;-JqUy&@|{$#OeQtwJ>-&ENzjptg)Im^?~0d#6>G+lzd*JZr=Eor+?27FTUqz-e~NTX3eY#!H!0NL zlMK$DVfmfd*%9b1!H)JZ2NR;NZsG?K?0R?u#0J~Id|WExc=ZMIojk?LiwV`s)+#O z25dM;>q0;VO@SRH6D$<5eTLFJyZMT(N#38}zMe&Vf?#}}HK*dALr<2bYt2LA{Q@Gh zHYk6*12&lLUajC3PqKyA_?**Sog@I)D1;f(7L~VDA*9 zyG{&j4kmb=f*^rQ*FPu82+2ddRaD+C=*~#AcBn~P9jKPWk6VnK(qecrj*LK5QyX^d zum@(Kme1jMO%S#WN$k$6Cbgc{M5)cCH2q-K3#T(6v7opL4WBQeMCB014Ouz{FbK)& zrF=5IEkPo}jd6ozRweGhl~nsjtXO~}=qa0`PFy;FSa&OOl=F1d4+Zvu5UsIp{EE5p z-bsLbNVfkvLi*GOtTV|8{nv)f=>O~x%1d##$!pKqPQ?(VUm3@U7CMnpo}Z$L zlk#=Q3Pz+!a>Lf^#88ZG?CuC2=qP-f3ROx{_SkDU#$Hp)8bg+#+r2sW`1JPSD%KXM z6KiW(wPAO(JgcEUdF0qEU%sL$+HneGZFtI;w^x`#Bzjpb16630ht7o!n;f9Nb+D29A|N-a%F_xQDV zaHtnMYD-}m{`WX^uT5H-{6|4p+$b*0Im_E!cUOMBYYv@)m@)KbYoqq^Ro>VJv)4d~ zYluj0hU!c_H=-<7uWYNgQ>pdhqXVyrEf;BozBznH8RIOpzky@8p22YhWphY<%nEqzemn?_TV#wXXz}%3PqVcGe z=3rqt^WV9_@gE}erpjO)iIocIkkX(0^O>EF8xQpHx(@%~lx4IOSX(Nv{;V>~vKxR5 z(5EcS(sbWxi}&ew11KXJ;?hAy{i?L(S#$8pE?A-PU$0*Q!;>`{Qqn}&d}1tF5HjBT zUXswX5aY;qJ2ZP*+I5j)t67WK5SmMU_E@5@Xsd-wjKfc}*%SXy`El;dsbiJoetZU#Gn6j zq$kf{X)NzuLxLtQ3*1a1#U@9RPS9+LuIuAeCMAAgtG=PMQE;X{%6x7ViT%RAuLjGQ zqKnHfhA{G79_Bv>`G8^>q|76>;~mAifFUTPPuJp8O;Y+&V&z?;(O!~%!iat%CJ?DQ zuu1*>BoKR! zq7kw%QCd?VmPwakQb8SdP-Lz;ttchG)ir@Z3SWk(LlIQM$KUx#UWO{Pp?TL+`CITZ zq#3t&fmr?=FGhG9I;tTx@Z;|HDgyZ>@$-%>xI|HdLo`wqT11}GCkJ;7HCu;VenNP4 z1gjKAh6!zgen^E1ldFVlk!drL+lSgCeUW#uQX#21H;^42a93_8WOpg$r8+L_OM1P` zYNbtF&y?wI-dqV?6IJ^Wy$puJsqsXAYcpvhkkl<|`pb{`cwYjMQdPr!nPGNTU_=yC z)D5oj(7V&>iRp-Up{$*h)H4)Em|Z9wUMRT&EjV-_ghaHymyN4<4wsS#jyWslu z&*~Qa&o`f=@ROkmBZLIef8%=K_k7i>gJ{Pyh5(N-_)~G@5@XA{=IS z@VlctSNzLN#L6!rN(@X5if1>`H*~%6Mv4}rRUD?EHE{_9TuG^4|LoZY-nC<-Zc;RG zG0#g*6Ow$C64LU{rMdsupuSk02qMqxp z=p)!Dr^$7E(vw(RpS1z>aXN5+YWvX}g_|Y#SiYz~zOSM5h@JF2 z`dfqE^&*39)8qEj_&u}`2unoeiyF#)|5DL?Gg}L#1nK_oZj;UEd(Wc;sC%QL%Rx1r zeSI=&|%l-P9R{3k@(Lwb{=c(s1rD3PT z&lSMlftKELBj{Gr{hf2F+}I!X`s`0lVQ2z&3(j-i6ZFDLmb&28VJqAxlDE}#yXLc! z(yy^YZ1Vi*Q4$c@#nm}^?F@Lx|1QP*KQyY5(chH!h_K?kPsOd@n1qduMZL7OsmUA^ zWXXJPboVaPhU5_Ub-~vaBX@H4j2AS zTHkgotghZ}tM&c-c&Z#Dm=v55pkgAbsG_XA+k7KAo!o<1+*4D3iya4VoJGbPDDBv9GQ-TWF_Gt#dI2_4-KXUU~9(URqJ1sEnfS)cofX ze1HFZ9eXdNNb%E9a&JI@xjOPWmw(KUXWr_*x~VgY;Afs|$PWLEd0~Er1Yp{PDLx#z zIHEaSUCs5FaSc3E5hefV#)a)6J1SNDtJj(LUkhfDBMXtgGy+Hq8~k41^q4;6q1gqm zn33}&bgwtfzC9-hix|{npeV+{siJ-g>ydWgDKWgwt9W8+k|-)FV&AbR0(`AnZs-fj zc*7M2vKDrBP`^e>N{B2=pgzH&(!Q-MO=TCLZJbgeh!o`rA5%Ba8q2DEc?enN|Lkhy zF%z(#KMkF{9~@$UY*4Z|;wM;~0r5)&fgWTYb-+Yh9;2GxIQ@24Z`mLw&Wz?VFG?+d zq^7C)e3LIjDJS52_Joj|rRRRIIhsuGxwD)MBE$IY{WPH+;it7Uv(|@NCrQe8{j$04 zJeg%n%3`FVd%1Dhb}vCrl*<2@fzKwN`7v<1=>x_VS00qh@a`5*o_ua^v3Pf+?>hL|XDzv=}meV^?7eC~$LHoOkY#RcEHn8*GN4`#V-Qy}+- zp){J@7ChUvcespF3YqT>O&?|m+D+vILXhD^=z71eX@9t@8;kZ*k+yFxtngYth0#@X zG|1;d%HT4keLSSYp`KM%RPem_(U^@1M6kWCy9}0pm53r?b6vAy>U6*AdiM>z>%0r6 z3q>Jh@qA#eRUv?c@SDhce z-Ufa?as(A@`S)eqN_Z z9#@8dZP|FOQ!uw2bAJ+a2CPT`UT^6+v9|`p!bKawv~*k%XosttXUREa)AZN z{kC3Rtz5_9zOusW;keNCa)rlaC9>4dWj(VIY`9l6-Tr##0sK#I?A4kRQ;NsRv0dBC z&7!`~cjdc(!|_Zlca9fIuz}sE8=0L~p_eOK+OK!#T$gb&R79@apf!(G2JJ>`*k4YE z83-U;J@4VO+5<-pora&+m@(kl%g4^!1wvo~!uB#(wu2eZ@iBt#o0pd){HAB~ zi|;MDHF10+z}VDYyCJg#nLe zQ#FlJdKI4(pN`L07TQfC0Rp7wK2;kZu1;aAXFCM1%^VH1Nc9_}*uxzF*sh4Vg+>*H zD0>_vS-;#&D{2r)U<_KrYH3LZpXfa>hkUnM0c9r%FW$S7s84WH*L}tFD*jxR zEn3FW&fbz!>7<0e`)?}zVrcUe>?Lw$Qva}d=StMs!0^ZY*2l-)!#Jhgun-mWmsqJ` z23L0tySXFAsVJ}lwV!02^r@N-5+vEm@bRtg?C#Tf@*=NXX&o!P&pL^3RYy8qsIa{W z(_k_70zrsnSQTkwh@N#=)?Vca(O@Fm9;CmCtUc~mT)fwpOZi^M9F^B!! zNi1MEUg(uVcS;1dael^grTM=Xz$(F~mgde=84YS}VUlOvDzmyGvvRCCo!9pKFm0>B z8bJ(j`IMRzrN6cSynr}o33w?WA<3qu-Dkk(W2}G3U6{`ng6k#@a0EN~MCUl!67P?@ z2BpP09?C=(PQ>!_Xo0FqFa4B6>!i+$Td1xx>D6bBhIh^uwh%!}1pZmHF!B=nf2%jI z9TV?rp4!Y0_CAliem{1Iq#<7#_%4tojjj=_9S$L3|E(XjPIS7;a%1s626$|Yj5O-|)dL|wd;R^JNAldw}Hs^K zD;z2@?b_4+;a}Za%YA&Oi8P0sv4MdQ)Pqj`=O;{EMs?%f?#m9aXMYVvU??)b)5Ed} z$)x0Er&Z%>Xbc|3n$PUOr^of%!L${=2LTW7>iRV#amiOGu+PC+r zUWl#LN?hxeCd1VR2B!&Lvz@(R!AiaR`(*twZj%CqRh!M0`**KPo|ly0z`dt``9rB! zYO!or^_Fw40*h`Eqn`84m@+@fBr$$s!Ud=i8Uw5D3V%_*@2Ri5+tUMx{qHF zr;8Pu9nQle`=bSNSuDE=%78!!cz&!qV4{?kRM=YBcI+ml4@43Rnq4&ahQvJW?V_%% zu0(U+6orS6IP6k-zupJX%$n*r%yTFgP8OAwth8C|wr~he3Rp4fH^S(9AK3F!k@|fR zIZCg@v0kt7xctkHJJ$O1z@k7P{q)`f%w0@L8&no7>0c?}o@pwO+=?Y!;L zAFgnm+hXr%8YMKo)KJ`Hf9ZPnzvz4Jn60AiV8wz>uB5D_2e0$>LEG!$tbqEY4T+IR zz-TXkNno|ZXB9!Y0J6*J!^3lbWZx{)XM(2i?}Gi+)?4G|H^ULEJZyfPE@<`TbfQ#R4ZpfawK{3Kn! z)L$p&uN+v2$iZ~i^$dY>BT|ICo{K;2PXX(h?rz}E-a1%_HLRA14vLhP8s zD?_dAEUNLDMbAOk(XsldrmNW?h59vWb^ft9cx|Emlo}#r46UzpYCnAhPEv5fTBULK zX`+g}?nH%tU&MLPDk6O4`B=ocFs*h>Q+wu{p)B3xr0(Ub}=I@sjsr!TvGYqIyWGa(VafOF-;*#Ci}sKz6zD zt#xIAxHqdF@HCD|ubLN{l#SjvD%%TtxkpB%svCcl@UM~d`jpS5CN>z4rZRLd0lAex z^oKV~FF`u6izGCN1b)K^ zKuse*Xd62=FV>b zbT_cBQan+V@L?jla?Tg)a`vtms;;pa8j zV8hp7<8_(YSlN8>0;mYCO`8L_<@;ckd(Yf4R#(yVt{S7hn);&I5wlz+Sxn(hBiDws z;@px$Xt_qq&;FYH7{S}NUQ0qg-<}s2D>Zs;R;!0)yj_pv_Zg#V1$I!^R*q;z$6fBe zO!C+_pClb(E?W)3+dH=COlKlcBtDmbPoPJ#u5Go3d71?LCt}vScISADX-xomYp(OULy^c_b`Eqk7Vc6i7?!&bSD zrvX87iq{6rn*9B}mwLH|!`d~K{ReWe2-oJrV9Q23guzo-EL}2_HW2z%ZGSB(Db4bI zHz{Nj7`t4qJq6@d$K|{-Q||DOVJ|4VrNwjU3f=J&V;L;S`L&hQ{fTs+ME)&neci6( zVI*H&$D=2~;u`Z&ZSC=}_292lM=QNRe7?HwB?J^4WLKAPAh-VQWT|?ER`X8FsomBC z0iQ2qFEdl;)mj;w87Z$jJP10ld(_Y4z6qfX0vqbr;%WPJ(kgX00heJTM&npqA3D`6=6M{gnsKlPjZMVq`nvO5{W)FOOe@aR$K~jR6 zg|ox>Sf!;_P5R9izd-g+=#qMVy_e17X#|8D9;f5L$vCykjISm))Idbvy4Q0HEm<7* zO?se#!rVmMZEmus&+#C!AUiN1Z#0Dpc!@pOqt3PsZ*zvWEkN_I=2=QzX&-jlS$O8WK>+Tbzgp%X1E74m0Dy zcV;9|M9UXFBo|$~!NKy++hJZ!=^pJgPbOY~QU7U%!E;6dzG8I)yAK2+gqn_#^f**m zCS9J)Bp9;>+T;h?nqeSbhqPK2 zglmRdwU`K^vBaT*0piaN;1Ux%uE!{5jB1{M%H<9GpAet``uE4JnqHkTdEJ4QA*95N ze0QCo0JNgrXhFl7z1>FJjkj}k{r4xZoBX$z$I$m@a=|i3WFqdPLsdGt49>g?_4R^J zr;q3By)iYQEyvbpa|NZ*>zoRwwT5pw&+16{J z3f>e2Z~6_^Tn`-2Hj;LN0ZjoJ97dnxAQ4}^X8GP+1L2&GhJlO|8!rFBwI`2D|6)#k zz9x4~G#(Ekh{WT_U(;-YgvZj^^F|4=H@iEqQ}e1Hpb!8X+MHXeGCH0Sg+)fQ?JcIO zKySmwE-zN2=@H|2-d^gZVUpKm96a# zj2f?%S|#i+V@i@iKc};QyL!Ic%^aob4v}y5PPldy0@oKx{oZ!h!^>kZ4rgQvzL;&HWANBjH2xhxZpm%jV>Fm0Ic_ z@YE{eSO*hW2*E6Jx(@W_sPZ&s61?+cF$CIo!7K-UaeIrM;Pt`F&d1Fd0r%a+WE8%eBAJRNB`n@?>?Z5$9Urd; zXBQWvNKLhuW>NUf zJx&6u&X&rH1B8%D>1WZ4+cS}FI40=di%!}GMzj|cUO z(bzl*{fE&~a`{gn>hK+H$H@!btdGlCS;7S_PEPx7ZH?;K`PSSP9|6$Q`K8@KJ#k~} z-tSvySJ#zu*Vb(QW})}!36#V^ad<`Q{86+GMSZ3x$Ln0u$BX6J`Q_g%Y68o1j)`KZ zRF_Rq;$LDbalEUa3bP*0mdA<3pF3nLJ71y@5b4h%0UMfRQ!0(#>4A{acc5^rqh>-; zF3)&0#Y7i; zI!Jk7$l0g4a}fC1SB*`D=a$o@Aynn?kwHY7={qptQ?Ya=dC`;kB&N8 zr%gFAx1rHPn|*HB$$_KA=n8+@7eSzTY$D4My^VacjK* z-KuwdrXuwvQ%&77;y@hGn|3<6_k`%OtVbbXRdMwCJ~A>I&`ow|wcBxgWDfW1#xZ8c zH?ZW zIqVSJEboXDFR9oo(Oqgg7jzAV$cP_J9o`=+jS_x;wd4D;xWL0$T)zlZV}vw01iC%1_<;0k^S(bQiduYaI!_-wB{M0G0x2Rc{80j;qHH;OGeB1u;g z1`6d!k2v?)iF%oEFO{&Qb6yw4BSeA2%S{T8m{ieX-QpnsVC3Hx4wD?Jnc$-AufHJ?POv_ zBA6<&-*gl}aVz#k7El}O(o{$nvT28K0YC7K-DMM${Bu}`n9P?(hSO7*qB-s0?j%~3 zw%(rmZGBO{Uw@DV2BghpmrHFq#O&~67+82UIS(FP?n_R`wcXe=ZNMA+>6~S)J8Alp z{2u{dqXkT_rVMH2lX8oycd3XR=B8z%Xna#&e7v|S^gl+ed^rF`iTU=D^0@?Q&z?K8 zS29wk+M32LDoi4;RE?g{Z)y7tL=;8NzYGu*co6VsB39>=-s3j_Ck5pPi%3sE^0aM) zHy>uAf^wCie(CbLLchI7KRl$RY2AC!b-dq1Z1}uvycc>E$O>BArBv(5&p@Cz<|8CU zAMAvt5$qx$z4;27%|rPUVX^*PvIjWxR>WkGzUjB?UKBn^5P($r{AvNU0sTr3OGff~ zJX@}^UFYa*xoAT=B=#Ar77hJ`yTIq0h8N*jc58vlJX+GM`*5*b>$|>U0at!=4)Jm4S@c1`ld)4aj262?{j^j z-XHi7ASjg*)*2NEAparL@&#nCW{IE%4Fc-&Awg`=$De0zDb5gUK=uiIJgwp>znmS^ zf2L%TFkIC*Pyi|gzc`5G_gc-y+Vg!8;hWfO`$7`+2Hqe0Uc+Dgy3=-iJw7((;;QZ>oEmFdqcl*+3ak;`*>m7rZb3u$4{J&U(&LOeVUNY%WW$RX+$3UBuE^ z&k75$eS$#kP7_L>HEp(G4UtQIrj^^&LbG$uS?@79fR&ML+^W1Go37EdV*^WT4I7(S zrElfJoC}GHX2Y64=!+A&txn^`b79uYLn%{X*0NPyQfTojno%}SFayWq3M)a z?mJhpc>omj)q3ik!>94B3lEo0EAV^Ue!Z!=iH@GA?06d!v9kJzU~J#1;Is93^7jIW z4ubL9a$(k!cgO9a?wH*b@Og(P?1L5tG@$#~f?c@X;(?!*fVtHXjON0*_XoR^&h2KNZOrRFnoSQ!H3;{3 zsoUzPX=IlCbd=-2Kn5?8H%&xDw0pT$p_pfCX*se81SfXuC4i_#qUf<#V*< z`=d})8ZtEQ-!YB~N+_Fw{a)5;L)kmHkyF2Z@cyM#ow5CgoL-}cHa<_)DI5%!<=W5H zgHNo*bF-tT_owQwd3ha{i~fkAir7ob%hTp{zy(M_A{K_*%T2Q?UGU+H+d3tYe zZ{YFDU0fBWis7p1i8FTM>zO$m*Y70}&ObY6wo>~kc{m^lH%kj!o&1Ws`BE#5v!^tB zN(S@qf5Z{YZiAawXlye`*PC(kc~No7EBQyKE`0Le1F&8P5_`pCy%5KK`=i+ZEHuAr zrWtV$eosSw?arjj{wzQL!b|jGZuSs{%bFis@dfiMaC<2#*Uxfo3cFEHkrNWW-==w1 zE?mpzHv(i+Pu#THP(n$Lhc+^b1u`lbM9Bf%lZrR3)+eQQ>cex#kb0uKeDc?|>|P+i zM)L%ce_F54n#zd&hbjRf$bsE^`j+1;(dsh5ChsO zi%RGkRjbFVC`Ieb8|))0?adk_{4r%=A}fiPME}ZcVh=Vj*hr5y`B9%ffFvJuc@BCD zTsU2>SOWvd8cjpMwu@#1^;RA6xAM9kFI4z6X_W)5>0(F)xLwH?8XNR$ zamq)`JDIcH@~Yv)jT}O+ zct(RzQ@^zgahWAQ}tZWLQ_k!1P39c?FeG8otLxIjU6d^j|?#3}xh zVBsuBJMZn;F#Bh>+J?S(YUR0@#^L5qVZ-amy)Zw2KDd0#oQX1Pc)8KO+N;(H8A};HjWrJuIZlD{N#R7LoL3Gfk zw>_?o{xd*CuzU%}wCjQ>DlA%Tsn&C;+Lo@0bc1@~IpJ(61uVxhkUBda&C`>b8G)|; zFXc1se2g7-ybe!q=CVp(vHq+IjaJXb+^U6dxMKsAT^y3SXj~zp^JaU};2c9uBptlt z7}D}jt_v}B6jX7gI(O%a1NV*wo!H3gZ?YV{fn0;}ZkplMXbR}eC&AV=goki$jBw%` z|7n6W+o3rHgcX~Lu`YLB29Jm5j=|rg8CdL{y+^yf*|lc6wr4wzrx9e;rWA`ZWUuTw z83#v)Pb8Sa!1L=XB@RrePB*9dqFC#5G7x_Cl~yHacpCRD#XIc5KO1t*&eO!Jrqixn z*V15unsMoCpdS~KR6~m)$ut%ri{7)asxhzS_i%>xs92EqrD$9i?PO1&Y+#9-ds<4a zvD0Zr`sM-O#a8e8&KK;jD}1bsn7=8w_;YDP=bQ{~!9a4sgyx}_uwUQTB$dYX&>V}K zXC`%hH9GM(I@L}6;D^^4aM)<7G@ZJ|cW7~`05JuS5b#sFemORwkU8W-@3iIz}5M!DhSnXL`58Vzok)CJ`Peu!5O|o`eqoiI7P&JJ7<3 zrc)y%q^;4b$3&5RkISt$r9+F}jfHx7I2Wwa|M2H*FkY6brVZn@;ucTBCm{j>-}@Y> zS06!RwOz__WVple_v!wAml-!@o7loLnE4y)YW{L^wbt!OhILf}@l706yTLzhMZ8+2 zVx0wK0*(JrNaqR>DRN|Ma^D>FuVVT+^&wE0H|F%yMKA$E9AofC_spOE2<40N6dDe; zaA*rjL{+RA+RwH0&zHgqXGbSbxY$)O{Dc!QC56Eh_lF!p7#Y2UmZs?YZo@U6m9jDX zR4`eXx-1iCXszk}4T@nVw1}av-o|p1axZd5kZ-l}OIi!-iy4ON^`Sd|q*nJqoYcLV0 z#F5L-hidsE+gnF-%>NW)Hhj2EB-LxSY+$3J&!4z2FG}Qn=e3v@2CxkWGCbgnANom_ z)HM{yuztUt%<0y6=ZA(CdW^Haf-~%B5mk-ULx##pBXxb=G0kC>H$;8NvC+Sr7>G;$ zEb|T7IlQjrAoJ}89;Xv85vVZ(K?A)KLD>QJSXN`S8-CS#LC{44pK!>awS+ywIRiED z;OOS0@Uv5w0%&>F4?G1{t>QSXbVeF9W62dOa;olg7&_c0_Atqzc)W_M7Kbwx8G}RSc@mF+m!?tl~$lI%*OBMhCB zzK^5#6x};hv{1L0fj;qen%0{&kpIeqe+4?faA@)3Th-K+(Fl2GJ1>#t%Lo<_!= z6TV}{VbImitO_7P;WOp25T?(Z-akKkENiCr%O>l?2>*C5szOTeYlrxUZk@1~*G+GY zjXjE3PgbegTwGIIgNS%DpH}n0?$ae7Kh%B_#=$#MNr0aQ5xus8#e{j4 zl25{YD-}sm8>Rjf{_}usPOOK9Tey+3sjo28|TJ1H$HrY;LVb_ zEgUp?{~+1$iP7P9S7N4t|NWC|{dntxOZA=>My$pUn|J@R9bK`SvJYVpF=W4#WZ>@f z^;NEOuu(HI_UeH8-&dh~EOEJ}0e zwoS?g>j($>USvNNNpv&S4r3=EdBCJ8N{syR;a#QOJ~1To)K?{jor@2TAsdcv!ZBw} zGYmo5X!CBYA=#K4e?9&#gb&3|)2woJZBqN3A0MCn8CGF|fAbhZ$lQIQm%(y-af`5* z8wrmoL*qJ%IEvSi4p~nMsAnuv|{2D;1m1 zf?X5MN=xgDUg_<34`j64aotzj^tG?*O}budvA)MxVAE&uxzUjFX7+6bvsq93$Q6i@ zLHXu~80O!{cz=sFOyu zT!Bsm9As!zGAs56n{N(wcJQrZYklCC^iG0ob=rCANjZp!aEw)(F4VlQTJuo&^r*Pr z@oX_Tk3E@v>G}fGgG3q=UYAES*Txqs!bH0TSm@r)` z8jl&$M}&ct!tL&8cexjN&CE*rw|T(9VZYef;j!F^a*R1e@%UK3#9TC)#?0SfXIQoy zWu-Zh9l26}4%{;Dt+n$v+emxAMGWqIWVPgIPweXXm?5Ue8Xj=ccEz zWkd-B*hs`2MsD=Ub#u+ZirImMNKQugE=Ef;Q)G$W9!WoyY2Sv7mK0g}dVldQCC)tA z`L($wMwgL}&3{r{$9SY_LT4Okx8+f9kRr6p6KMY?ng1~dVih?~%BLK5ciLm6zJ+pn zzmx@?6nPf2V|tT$JxLiGc;RR$wO$422uX(>g4!B!sq0rKtE3!%BNPYu_6WufO1##w z7^g)6zQ5=)20lEUG>>p*tp@Xmu!)?Eso)DHUCZx+(|=0J@Q;{l1#Po3777@q;lve% zp`6}~voVG2Zxe(Kc%U#)(9Ghv5w z=)|rziDMZJrA=gmhj)asW{Z)#|KS+}1r+_3*NWHYvs}JETZPeTL!_`7u4Tn76U-pk z>L)rKJB(FQ3ylZ51viy)II85DX)48TS%+f5v!qwH?EFCCLx<>ChhN<4+anTNO#M3I zs2qn!?*fCS{A9$+Hxabc`vbd(auVyH0`z3`0-4*Rc_pQUHcT(O>Sp%~RirX3F+{lR zxWrSU5N|4Bbf0ycB&%F~!H zmxs5A2pjClGZ4eckS+;O9%3~*;Wi$XWH>s{oQ#ii7rCi-aQqFb`m~K?TFut^o~hCj zRw&p&21R~epR@+YOaC?qKXeM&9=n&5!}xHlF`XLIRMp5dB!8i^^-fj>dnh;#|G(C2 zzl#=*(YI|}PL?sh$Lto%8Z)Vj<&#(IbgDHU-QR6x1|t$DrpFWd>^mPjpFX^Nk!%Vn zHd*uSt}m8xKABE*&;7Q0mA+7QM@;Z5@8FkE2gu9qJB_VmFcz~7yRyQkgkChMx& za}a2rSZB67);BkAv>L7qG46C&%;gCdkL=Y!JD5x#-VAM#1`1A{YO=qpwQA+c1v;G= zY2BMm$77Br&03(&+H{j-s(3ujUgn7l$^mNi=587i67POO1O$W|o!%XGr^GCHmGV19 zgV98Mp0@9sxqZLQXFXr9=0LTF7Z{vJmci%tQhlnq(ufjHz$RFzkQvVXdL>-vBR~SI zcDn7TD@PdNB=H5hL8xmvB*+E!+!gfGgg)M1KfGjhJOkZF8_C5* zzwsGdL-PZ6(if^1s?~$0O{LS4plG}vzqrkX>Gpy8md{)YoIf%(*}>1;L3pUv?a1Kw z_^CE10}50F_mlowQb{aYt*aGy3}KhoR@y^xgN^EEZVrxtOwLBnLwbzZJiOK0{V1-t zw;Au0o;|zFj0{%1asQ=yvA75Vw%)0!LvV5tMIlaO^MX-!eNCI&BIJI**r_Ne=zpE^ z`18f?$A;F&d89~@@&mur9HQPn)k zHtX>t7n_YJTz0?7{lSfn>x(xpW`8HjyY910AE&crtD(PJ(9n;dq|M?Jf3eyl#u)W^ zz8l}p#=1LLDmOU~t+z8_tI*szRL+;tzShddur#5?oD)q7RISO)q9wnIu0|z1><4!> zSV}JMpq_DKFavkBVe7Q&a@Lc!-?JQ_-g5St${_jK zyegwfs70?`nu?-%EwU)i6Jd%u{??_vkPvw(7Cj}3Z1@i19QHRMs?z0s<~B#TC99B8 z-8&pcHW&b3q&uw?aut^6;gZOZeu1mWJck1pugzI*0q0JJSr!Qs0@?r1Y>=Z~8>d8n z_LXpP!ALFXkSu`_9{3y2z@vVb|8X+bPcGr6GO1)V*Q%VBC!u&PweV-oke=ur9&t~o z(bCsa>$-2ntuc0G0w00#AVfYSGkSx!w4%J=#qa&UzYaz$Vd4i_HA2I7ry(i_N11-n zLv%2h^em=vf$8lZL*;w)Xe$$t{Y^PBX6RO#JiGa5e*k)Y%#3+-A)SB2t9^=FXqfla zW>#B1dk#d=+|90ho8=X!7E+h;)W51<{ZXA%d6#t!+l+OVI z2$oj7f=G3TbTE=LPJ1L34zUX<2~!X5tyiISe%t7N1N3sSCzFLVv#R0_f6agS=>S1m zsBmaqPKbe9gT_}nor^;4@00b*_TsO+BUh$Kek|K8iWtj@O zp}aNc<#+m|gAv6N^CgG8CIb!ECX_}b=p>_;Nj@$?-4$V!yTUZ3ySY?jPl3T#TTG#bpU z4#Wx-Xtg^P$j}t|#VxXH4F_Zkc5P5sFVphRh8@0+Tk1eN3oSXD{pgDcss2ogRTxCq7n9M2}>J6o@J8C9u-AQ=*D zEtjLb6Fs*g#^Q5+`EeB5+&p<>_8!jdP^Nm$2jt9|n~Z1fA05E}POp&L=c}Dw$H8BF z%3?yaz79p=I+e>IWCz%#Mt=cKuR#RI(HSa(g5>SpX*?cHY8m^zm#iu-^@=YegQ1Q8 z@tDo2ZS<0&QquD(Otsm`&1FUZ8I|r}x&tjn(x;3(;8Bn>8mHs;`ZFboiIKgt3-%J2 zH)5qWv<6^BhOT@h$JdeS+sUBp#-sZYXx??_=9-o^=uD=a{&hMeK$;~{n&8a7my!|% zelEf2f`X-#boYZQ6A}cF^La>`&p((aSUqfSQEQyi#5s`H!mtPr@LXyTptHKNaNsXv z68ZjFJkmrzFhz!$a=56)ZW8lI1zVe{rMi1!KE45qiEgw8gLXB)qYj5H!EA%CM6h2(qDPf@ZL?h(l z;PlTJpKPJhhyIW79WlWX4qIwy6^Vz`6|VT6aT0c=ox9&Yk#eb~7YrnF{DMrOf<=0m zh`iPj^}N@Rk=|m(b*2$`iTq|_UTb~ZsnC_9M&?3pRl%Gd=^Gq~%125q>d+(y4i0~@ z+I6t$Vm8z}kN+QoM4k=;y5vdh-MxP}*bM2?jS{zC9^IO=I!bR*zN3=Ijb^%k=YscK(ZZRw)Es3p^9Sge<^>XNkh(Cd`Xv6;>H%1yT?MTdtU?}Xf2k*F1x zsi70|UR3P~)qaDQPH&Fr^4K3gR`qrYn-}yaiOc3co~{h}t^v~#=&>dnN+E7PVifRJ|@3shedBdmYzViDNDN$-PnHwr+rLlG(oxn?|Z&9X+eI}_{-&%x( zZ+&^|aE&ADdj9#_PQ1#DM~%An=DdsUaOztxe+>~UL8C@yLP`qMuVlI`cDjuCMCc-R zxa8421gKUKcJWu3?*nM${euf7hgL}`lXBflOMfnAmj3L07xcGd^e4&U_gJnJmF**& z!DTyrQYoL4MI(mnE<_-|GBGxmf1kanQpRh~JK}?AF|D-L>v$@bA=tTotkh_ZT}&;G z@VsLY2SviJ$*sCP}U}x%y z!KtbiM~z%By@K7Je=Tq1M`7bv42SQapI1E##&oE>ZmILnxM{PBDSRCFt%s+z;*VJ7 zjTrxZP37`0GtD7~5lRmZ)QYhEnFFBq=0o}(GE_FKDs{V-^)g3DIqkzc>B8Z@5j+_t z5&>5?fkh8SX-NP;5&X!_rYfsLJ$qYcVl}L^19Y6KmvU_?MsftLg0wY2syc{4PAzI8Olr`aShs|FigPbZ>ab2qh z5NHW<$EuvZeTIbQII+3XkW+h3W9{se_+Z3wXt3pO3`Yll+j^tD6f6nBg;q7-M-~?;8x}Ke# zrkj;g!MA3RiA(xe8B!*I9y7eOwM4C&zkZ5H<-f}Zrx!?KUNPA7)!X&8mB=))fht^C0czBX1}xYt-jk-Qhjc|l)lTV&t;be&+Ctz$&;8&S?(AG+Uq z{ry*0GiF`R2fVIn0ZL>0(RE>iS}Af`3mpLQWaOyIzE#UQhcB27LV%jqtf?jk7__VH zcbCEo((2i=-=}+6dLW7a^TGFw*TbQ8mAP0Zi_31TJ!x`iYUkx>UU_IQSf`?!M!>=i zjO_wB3gsB^(8;5j_cI3Qj49;0-HoqDW120Lcbjj*2>ZYO#JvT;G@~4sC{RJdMFah1yxaua{(iJ}HFbS#0cn;k*3 zl$SOg<)g=46vIvhT~(o^K}osN2Z8E!uZYCZ;5Nn1Y$6Z6_t?JL_P6D!67hIO!@(tP z4xEvp(ql@d)~GMFYSf7uNV>jxl=@ajWu4EHcWs#V*-ui7Dd_0XzN=v#3J3?Vz?gTj z)LfG72ei$^wwD@D%_ z5}A^X>;lb9$jitC6xS*Lu=J1NC5C(g^h{{)&=S86n=df7E;BIJSBBb22RkJ)xEPty zj4txQ!+YZS1238RznG<&GRsJT%{mPHqaozYX%5O>ftVHhvGAa~T9az8YHKPZ9)+WE zwb+y>JX!C(pE)eBhoSx?6lvsYvudPjj!^C^wOpa8ot9~#Q8@q$eip)KBw+wv>QJ6e zqz-j6H*`6V^r%j8hWk0wpn%z=1>GbJ|Go_4nN>U0Fww%tNa<^|uG1!QQO_4~`#;m! ziW?ore@i7@ldV7Gn(j^iF;?BWegO1DObez3!EoL`TY#j&F5b(-d2fI3E58Sq{mBmu z;Q%2a^t1I?@j@-4Y8h~g?yosI9lq|j1wla}DE*cj4L$WDNW>e<16EB4$N#xSN3kdN z{_W0Q-QJe&L6TiSfB4pcjirFaSis@?U3ecn3PIH7 z@FliHnHn2gwf@wbOgxVgZ@$(+ZEym7tUxnKqiJ`4e8uJJ(G#Ggp`jF_hHR(4SEr*K z6Gi<&i6KsgmdMIDhN{-}UGEhp2pSs10ahBkD?u%-!)l&G8MfnIUoP+uAH3QQA-RH;U48tg_1^eZdeW_5Hr8+3m5bSL)ebszS4@$ zrxiT$h%)TRu4ArEi;mrX@uDYIh=|v-#rrf3^qnSCyK)Mu1OPyxRJ=jKOh31ltwBRh zIL}b>Ot5^f+(5HJ1mg$}*i5c#!rqIlaSqdPaUy%1^_NdPKF|=+2E=AQT`MNg{8(Cx zVqFVJ50CZPPe8@^$W_-KB^DJQa>Y{3+7cT4W)SebUO?7fKIc2<_tZiTs@!x>=9L-w z8nw|;VSj~piGX`2J!bj9pf94=;~k#VjPRvdvygv3^&b`RDjgx*7&$-)Nr_gEI^w`3 z7c8={TO(mD3wAH2T1{LOxKC$U3v9L)W*Yo71G^5||~ z87*yRYRvKdLy9m#V=*ZgTEY*`Hwo$w^IfVouGQAmIg|Ihlb4&g&X%4Ao(fU7Cg)=udaV7}G7KvR3@{neR#GG|0)vs)PKW->SBR2>NQC;V!@Td`?g=);C4Z zlyR}uO$aYfPjCMS1hQFQJ@f?hhoFG<`k^B_GBsK_>3?#z87G$YQT=G*`Q*~o+MS-y z{~|AKTPEJlCe8cRZ0rNzOT!u$3Dm)AgjKmFF zo)Y~7&>M&_ZUJjfF|xa=J;RbAJqCiz3^ZbXri9^PDk@!mN*n+*Bbf<4iz^h*;L?i` zW$A!QN0BO#I&r#MMjJWA;dsEQPn}?}N37@PSXD(;6izTM^?IipbB#A7Te|cwyR#Eq zW=5KFNME%tkM7+hz|h2q0aNOmpWi~2j(oY~2OIN74M0pyRTVzezaXhyh1NW+IvxSGsOWxVF9?(zjwvs_*ZWy+i4Hs?<*b zy$%pU(HzmGvn&nIyV(rR1>1C^BO@>ZNIq{)FRfZqz}uDn&LX7PZKO>BOkxs8K{!tOS6dpzMr`$v7z-DF(s7_F`;nvZSwk!SJ=ok zkIcn6Qi{Ebd)Cy+>EG`RiXaJbuLZFZ^EChJ#&*0~j5IV&i!hFpCO`(n*eQD6#LUSs_;zO|2>{v}pX?Y$Aa4 z=kZ+cipNjLXMvQocV`)!87Pv!*5aK=k2V5dh&`E^J2kq|&0(}Sl>Kk~<+WLN+37$m z#t3xpC4%zabHo4v)c&dA;c}62@Q!jkTo2D{L&6I_a9kclA(nc$^HD+=ME=9)Zp;7M z0h=h=XG@D9WVG^_SZ_&QZJ$mOYhwQzdR!B0sq*2&_l@e0C+m+C>Em$bI0`Y@J|yHL zf97Z_46%U{VvI3^`evJ@zx&62c#Tg(xsWMUp+Pv+=uuHJ0N6~>`u@F>sBal`s@Lo9 z3la8{=rnLHoqTcyT<<3;AGn(-q@L!7`ZA$>qcYo09zFJ>D%0`Vt&%bm-9Y##pghJ$ zKrg;%JU{;p^kU!qZm+JdCNj9Tj{e=9CY<|d*NIVLfC5(|S|4nVKF;6e(@1zdAuV3t z>uS+e%f}ZnmEM39%2|gy=*Jn+*qW8&`;+)oXnb0)Wsd*D<+bhVt#jt0*!9uZx7%Gh zjdi2lBUz*p8MY!hIosu_-;Uko{=Dc-uf&7nt~(&mBeUIk|I*cDN5-L5>%Ch5z+rNH z@aL@ePGc`NIfo_6en03504tc6r)P6+Zf?9t=i3ouKRHTT8XkOb$B3`#xgOQ)`;!B- z>J1miegP+BclV&WZ1-?^{a0zM#3)isr~SVExZgCMp2lL4l$h%FGz-^9<>B#hW7#{z z00ma~3tu*|%fFjZ?BU?nFakD%^%Go#e-lTTQ^|uneC`*Uv%~14s;~N~pI6X|oZO;` zcsQJ{96};=0HQugAZSu`=bK5k_})632t@!2|1rEj%?Y2UdZ15zOd-2 zorA;qY+-ri4lO=Rlhv*3o(A)qnTJfDEI#kI{};a^a{fxk*KCv$=DU=&N}GyD1W%gD zS+N~k2DkX2!@HLGEQz!}>`4e2G=ZkVOIK;4&?*CMJXblHPk*udnwc*?wVmr3jFNsQ z8Z0gWjPRQJl0H`vT@vwmwSv9bV$O@A(^SopXo$(jDoU)*l^`?vdheW`R-^8 zS=B)gjl#egi@9T|p@bk(9SYRDWrW_nbBzzRtr}2%JyDjQk<{-yGeRqPFz#kQWezQ@ zs~%~mnqtE-v&kX=AW{=Ruoyc$-TXcmgOttMQwNnzkHh(vzL?U{MX!Cbqv@fy8;W38 zJX*O2{(Se6jWY1VMyovx>Y^On`My_oHR7%+gv~nb>db2ACoOms7AjUaCI*^2|C_a3 zA8MJv3Nj(cNWHfj*Ap!)+*IA}WVoq#rGwJ;>fwd$beTEzD~j{N8Sj$i*A}p zmMwlT8yL zoFW5Sboa%7M)UIDz?ZkHl-oJnr`)W~s#q-x4yXNyBU`F8p$`(Y+ge=$TagPks619r zW5$0TA;2Vd=>{9yZpT63UWX{gHk!d%l{JsKuo0~&j@5{C3k4#wMpfTpXdl9Sj zNYp{v!gB@+VC;!MoE%(D)+<%xs;6+IUWwmbj9b%|SGa%N9NzEW(WVs=F0j*f${kn?0%5I2@1P(g0mOfNS6XTy0t0sz zk7HTy@jnbc3OvoOy!7!t|yd?JP?(sgmWq%1c zD_kD8x6MWFi>QYNM_5?IE`-}I}*g1Kk zC1J`_-_1Dwyv=%z3<>Jp3E@liZvS8l-g0W{QyH18(6-*ZW&rG$b+`CfUsFbRI_Rp^SbhTT-GrdxHSFC!$?0i zvrbg}-#FOF4D>wa+}@q5s$VO^UyAv=9%X9`adXcT$tCuxRp=}psLfOj{`bsnZAOZg zuY1LA~`xOuTy;aZU|;f)X@Xv%m^vEu$0$p#5GaSJIQ`CEu!M~jN>D{ex zX(*Lp$^8P3tFr7l4L|^^y|fi9oZqN@3OUC`8BTFW=kHQ~ zN5m0-(EWw;&HO5ae6-@}$-X zqF7r#3GwdgZ#+g2xsW=oP?y+*rEJIf19cay#KnI_`=oFdZ#RAuzbpHvsAVM1@~Xa7 zRgO@|u7-qC%!n==$@S#>?QAeV)3~-=0{^Pa-m6@Yo&T?wvC*HmeJ>PGKL|&tC+?d2 zee=qJ%P0Ryq)Yn_<2t{0jJHd2!2l(>x>>pLJUx5|DqJyR`8rok?8cMF(m3Oq5vTG< zz0a_MW>VokDhn`kM{bFE#NNiQWZ^EY`UoSGic@S>-<6+UQ%tXw?n;FpKzzy{C0y3} z%S%X*8Q{y`Y@NpPvt{qn9Cvub$C{Xsvjh!OzV5~KC7CV*pV`26J3k~bw!+bK*EnJs z&c^nqDC%N^_xLWHVL=e|Z0(hxsGmyttHa7aI}oqH{X~_FJI`5{&=uChgNO!%kq}2| zds$CGRBXpX9lcnR2U6~xZy@Tjooex3ic#DZW93TMH z8Wpl{jI$uRgR5|J_Jup-@Fg(CPDdc51c~*bo~LF1_?O{v*mAfO6IWn(D)^hW6>PCJ zBGw1~76;jnVUsXn!p4J=uYd!ZvS`clN)e!;D~I>y26fEb(;$u>kA@BbE?)SGgkW(} znjlfyh;yc_6G@%>FZV$5(X&L$$ixH_3qy`E)lwh7_W2&{(9YO&cc(i1LkQeEzbr+K zXcytzWqMDIr-mF!oN4I}(Nld-`1Qp8T}nlS7|Rl65o8P_k4buJ#p3~VcH-QZjG7sn~eDs^Q07O zYXzLk^SncxwC%t;ps|+aRa3l8F*VUu;n~x^ZH-3pX&h~}`i)MDoas}g267fSS{s}yhTR{?E zyjI)stY*1<6-CBltM4zMb(hX|ytq`nZSLuHF$Q(S93SCarRkqEnxE!ab zy}PL^$V43oRoFQb-y1d{{%$EBZx#D;D`b%OErd*8(C+GR#s0+9*R=w{#4If=ve(h& z?C`@{9SbJV|Lq2ZW0%w46GQF9!y3_;oQ=z?M{AGmD*{rcq`Em`ilKe8f4esCJ)vW| zjM5JLgKBT#KiIpjt zMz1ywV(=-*z``RSl%n1dBL|nOpPrN@JnuTNbAC4VCHdsf!hx>DO+9<{v9bA$^rUqz z$n&+!q_5!f?(5)p%}>{9QYKc&mmdv+gdC^(Bfk2&k(c%2lHZF*gN|}f4Sa^^)`-h7NOohc zW|UNh+Jk<7dc0nI1*Oy^Dpct)@x`t0XVwmjT(V8F$L+`Z07ef`y%wq@Lgi_}DE(r(QTgH71OlWsiT0h^mWLLrLc_x~odwlr6&i<yrxE?r{num4oXz%PqX}Sq zGv%K-2qvygWDWE3Pf6lIe9a__2%UOjRmZVp1>P z7QTjizZ0_RYJ-cBA~)II!-Y3=DAOqDDRX0fhiazC`*NZToi zV35q~I*LZoiYw*`qW^Y&sm0sak{GZFJHn-uUI2 zSZ2TNjcH}ZRt>!FQ|pST992kcbw>kmU?W_%z)7`gEY4+vlZx%y zO8iUf|ADPW9OtxTvp&W<>y$ln3NH!w672MTnu&!9@;1{D|GDv`^#r9V14)+&B_^kb z&pbCd=W1sE!8ayY%4w(R6Qi6j1@%ib;vB+E!O)5q^sTES5Q-89bhq6fb%iklY}+$n z3HU!eRxQVkDMK{hK&oQ4=mOd|j&ra}1>K3Q;PzZjOX- zveM-|3Wu8TIKYKk;kngh8|k2VjaiT9Q`WBt_FN8~A zWC1XJZSgg*L3Si7iwYeO^c0k>*3qR#fB8FUd+R?gH<%b6;D|m)adnl^~YZy`G_RMMMD93H-48D zfpk`rEaX0j@2DhH+_)c%?69^K^j_dXV-l}7shpo`exHt*oqiYe6mi#R&iVu^a8+Mm z9FE1o!FfxJfxBEXd|fOXO~mz=p&(X_W@2>o+3YL=kJTI*ho`}=9!ov-Tv@`n%TEZ8 z1+j3-G+6btY$J(JtOfhh={-uj-Have+C+wwa=BcVA84^VJv!@hZa_I-tQ55YQ!gZ3 zBXetgGov5?+Bea&HT4=8Yd9c$^V((?U-TjO;;Hc)*q2!U{M+H4=o1egKe>BzdV5H* zDw5%_qN3v2YTKvv(r_`di3xX~$LSysm$Qf2yW^$yXgNwA`va2jaW+F3FmD4=>37Im znQiwc<2%=ecV~9=*7LS-SQDAF$>OA<5thXBp9XJBsi+9KU92`fXN>Muff+T5XrkLk zcLCS^2|+*G{U|HYmOMKnA`>4t+em&np^DnkMIq2Cj(TscH__>GUurv51unoA>|?zN zR7l_*_)gotm=KgRT^^q*?GRfGVfrlod$4C~E-?avS==tCSZdXLnKE72KJ2u#jjBI% z%g+2cnNLqnf)NSV>!ep^6I|*9%?RJ~a!&7%kwF~6#d-tL8s}=<<=ui9>uh)T<-}}y z@_L_(lM^M1V7^3r#zZ#W0Hr^W#heC9QY?-Kr~cg7o+)_{pMbMMF}Vu-`k+<>3#+bd zTlxyaeUMIoyFcUex*|KfDFva`z#tbX&lk$Gu|se!S5ugi*nvFY2~{||R`94bKQ8EG zq$ble3z9U{D>U<}Xi^L&BQtodwp^+9OG@MxG5q`~o0Un*GD`|z|N{7#j_3aXBgIA5!EDxxn$Pl)YItkfT zLB5RLevK^BiTM=C^P8-g3}F5XW!DVhb{FOB_X6HaW|FN*9@w9x4IIO_xAaK*CzquX z9Iu6ed(_`aH<(poi=kJ6K#?+-Lt4YB_$pU;ZZQeJIW3EM0O+N0Hy0Cv)PTE96`QhX z;1w>o%JbK=EQy504|s}jf2yZT?)<9gCF+OdY~WFErjLfzI3luGe`JSCf#3+Bj^*3j zVS*m%ZED%5f;Mb6SPnTT2k#w=m)qCLhnA5}$L<#0A1Oj}F%rJ62Y8eT6q8Aug^5b= zq6i<`nu2U3^1cN+hC3z%@2Q$Mfd(P6muM1KmE3~h(7{gkdUp9#{N|Xz`yKkavffJF zY;@w27)28#WCuC85l=DUw?NtIL1VRfCJ__HnJhmdYPPW{0HjD28y-qOXcK#2;S1lT zt@Ai>-XsYQOjwQ^7IrrCT7Xv^LTF);^c07oxlh_c^2b1;Ye^!#mJHKdx73E>=UR** zf?`6*b>q2{utFJZOL6znn4!ot#N zxBtbpQXxDV^H;RMr|=X8WLmQ&=5z_;oFypm z?$6gc+;%j=Rlbgo7)>X**c88A7=lqFpu1XT4S%5uW)?*IHe+tcE+;C}%jc~f9qplf z+uk7HgSNXnP0PrfjKC~X>AOQ+J@VN`@tnCj%{+(;f(GzN%;#cjfz1c`KD6y~HtS_X zAc1Q0RA$N%|6g%%GjV1NSQD|3Fhi%w$1kNwmWli za7|=&#k7Tfj>MD2WB<94wZ{B!EFXT6o5PdaIBf}y+jK~ddW*DbfnK+%;Jv$tklRTF zHE?uqB9nDzX{G=izCtN)=nH*I@x<0sen*;_=>($zXzBuyGN_6NX%%PB;G$3zI|wTP zJLr-wqeXBn&tOGPD;F7fU@^*I-WTgUYrgr?=w64nu|siUF}a?ZN+{6)WVoHFco zy)WxlFo2@;5|yZ9JtL**zVEr=V2xk za_T?goH8y<x51P89npvvwkYXdC5C>=EMLpcS67MO2$b#0{|hO=4i^u_kyH%{%pP36 z(k#vwcNdeYDgRV8PdwTS--n6E1;DNTWBv|+%Og2#?@T#NSe}V&=D}=bh)RBk`{8dn zGBjAJy9yAbh61G1ni&XknI*`fgyqAupK&@SA-9;a5- zmXFEIIs^$ny(~>E8LxOCg)R8{ov@`p)+V4fffN2x4mo4qC`-hDw46^7&;uSotzD=9 zvO}PhAl?bbS#G(U8%>7IGtE0U7%YAbmWlM+_(9-$$L_ z0NraM%==g6$5l#sH0&UzpA~5Aj%NAw##utHH{jKeAMj1#@+uC*Y9~Ss*-i)j`p_** zl@t&Q2D)7^;DH03bFw>9QtJxGl0xPcOR)lu8*5TOmTV2QrL)a&U(c|p| zH-0c00zgjYHa~Gik);RZhA;`}T+aNnBQ*`{)UbFl8X*BF@e(Bo;9$MnAA?k-O0u09Vx4?kI_KmkBi6vkR|bLdgHJXH z?PX9>4iZUS$4zZ|&(^w>iiAN)_J-4CRB~3rpNsN=m}>T}c>_EHHy#vHGDmRtN6K59 z#vdr$^UApM!o6ewErWm z_$_9wR7&A9xqf&<#&Y8bq|_rqb#rX;5s_HwPJgQEL=4)I{!lEzV0BG8sRmSv$h9VL zy3WP6kt}*j#d|MrVh{=eL&4`{`fnQX8~dfR3{J+ADS34Z3-*ppWA)7FUWQwV#sHz; zx^o3Gh>@q0=aEtZm8O&EAk!__(LT9X+QP+#6I2n=v5iJ6M)LO<`gZa31^P zi+s5f9UUEyH+0hjcxDPnrtqHaXtw7~Up;<+`VQJTmgiASn-YcO*tIn^zCC)j92s@< z_CgU6N1EsS^Z%GM*Qmcy%VO@aLq)S%*R&ldEu~vo<*FnET{+AsCBl?uK>;3I=0AyY zXJMR+22T%6MQZ>7{}3oAGU=C#eV1zj8xU>v>_$O#C6 zEjjfdC%IsBGT%UJd#cmJ&?qQlDy`2bq=AkF?)AFt=zmo`5VkR&y6Wc+x$+8Q7-wsl zAXHh&j12qf_@{n(u0a~dj7BgM9$^{jgSQVGa$%7(poOfIzx4OY2w>&G$ww z%eeueIGJ}e@)w`{)?}DRtz+Ih%C^Juk$O)8Hv!#3b(D|bi*^7l+<$W@lwoDcWz9A^ zqecpT0%En_MzOTkRv|VIHkNoId_SoS1*yJP{tbfBMcMm z$Le9cK4E(VE`O`==sXBCtI?E4vp`^KLGQ?9A|B7WodnuwG~}f<=J`lSNX?ozg7(vq zL~%01zo+j#fbH9fdf%rwGN(3sgIb1EsdwM*W7TS$4^}j5m2a_>f_X#5 zS1on@hJ`xf0$|dgL(r=a1c@-AmUOi0AoJPM|NRlH9u6ZK+kw`A(o0}&rwegzS=4aR zjDip#_J|+cm{w7S1KCX$C@2;(Wzmu{=Y?`u*OJ+0%*3HT0y&MLZbHF{&h4vlhTfJM zB+a|e^G7))M{LOKy;-j+;j-Se{BhOcst4B+r@uX4cK?{<)|`3$+TO2IqUam;6N#uy zjM@4l7>&22%pI0m88r4tB~hnlI&F$EP|_cPE1+U@*<_rxVIJB>z}1yvSSyb@6Xt%Q zKZAF97_OL@&NP>7yojDC4jZGz>sBhaAl(a(&V0Y0xCi?{+;39UQ$`Yui2peAJGJZm zPO=@DP&|&u;i^R;_kf=g4QS!fG2JN=MIIpF#DN4Hxz_4M#)r1@EwGuq$qm@=Fk?cJ{)F8iM00Nb6TL{LHV5JhtdKfY>lxD@4(5cfHr zas_g7aen3Ve%O2ii5c%(d-D-ZqG}0o7|Qs__B(U4NC#&D`Y@TbPz4M{SPD}H-N>Y%@uUXOU!2V5-AT^Ic08O1Gai|Ic3PBZUfjkS zxNAuGoaSd^#6GXa@}Q~eO9qxaMRG$QMUm@i%<5i}d0_xxvCVAf(ZR0krR}$~RTooO z>NH;OO?LDvw1MH+A{sv9W9~~!WgSa?z&tyqig2G14y->(AnOc~cv73m(%)+Jm@Qdo z=>V8Ypk6CI?3wG*&7aX1-c)QMKXUY^9)(r)lCdWPZe z>t(TNjY-X+{T!$Zn@EAc<;u$pT~Z&r`8ktk&te?t2dw<#WRsm)i)#H%?&H!F9MmgE z(bQ9w9{I@~txZfV2xR*FK+ZH(-OkXyQPVS3AtR#Pm0`|@y-c8ndaE!BRc_gPcpGZc z*atseq*@QSxUA&$c$@ran8#kFE&SnOu9Vwji=OU`2uh%Ljr*K=dY@inz=)BNFeyFV zVOMYLZv5CsyD^GPTmV)8l`fmv>+Uz9CYzPcb4dS0r^RGeu5`N9MuXpxL4V8T3cJ;V z;bZj#9bLzhHzC351(>ayr82=z4()uE&F0F=cmZ7?BH-Y_4!zl0qs#nJ0dH>H^uJjE z6YPa`ujh}@AsHObi$({q>dq$!zRTK+;cn`c#jG)6@IKKwB= zleBXYv~_Wz=;4LKYj(pVoNfc)V2JEdd$ezdxpnQExH0oHz=RTVsx9||H#Ia3r{i0GAF~(R3E5RuAoWwi1L#-pPfv~MZ^dQ)^g6gk>Ws$A6 z6xoR&^0{7?QbWeI87R;RKS3R|gUXeEZ&0Cc6vQ|7MjvTpmZoLj6k1)%%v2xdI{8ub z&$S2!$eUr2fV^=wzKyBD!11OPZKf6%*RDl2F-`l06B6l_Thx_|;tE_@_PUa#_)k zJPHRPU9sdE_g%4u4;Spy#J^h%c{q769&;G`3(BL@-IlV4r`a$WL)sibBJc9(!_Z(7 zh7&ZFRS}A;c{hrQIr-q|opRG}szI2etHXRAPR7GDZhJ*0moJj#y%)J>88UPgG`!9v zLiL|HeMr2o_coFaqfGwYuaDhd;qv|NqK4Ngzu~7ClKN?&?-9}e4?`J9XX^{O|53Vc z@}&tbiTCwI$t>kjhjBjsT2%NAKT+Q;uC6iVa6$k=;Ai)~mr}&#F3mkQkMcpXm%MW_ z4wWJ?^^F3gH;tlU=byTYZVAeYX_zm{=0*}oQ8}Ezw8`|Mry>Vi#uTSt3w5op3GvE2FU^wNtD79>+qCdF5 z=;+i4-6DNNV?vV)-m=?`bgXBk)P_nwWE_6e>{vjcL`sB2?bCeyi>G`xsbMODE0J{8 zMlk(|0!hD3p!3I6Xh6iWsCtpCN;SqD`acJ2Nlq@+_ir9(obL8QA|K#*<_kZur= z7LZn?Q@XpmyQNdQsr5yIB4Lf!gFE9NK-yFEcDs% zTi9+#Vedo&-V7ACStE<}S~hVXi(PfqPLW?o2?JWE_v}S1e^)X>M-?)$arJK6>n0S2 zhw<+39Z)?U_BMBMB=68kl69qatzWaLYw3LmU{V)y+-coH+qVpy`B<)%A>=LKel603 zfEM0e!mJ*KyH?bVotIeDj2lVLYVoa}y{xyL;CtEil98yM;}f%3nZ$zx`)eX*{WmS< z+p2N}RsH@jWnWi|`+u|=Iy`&yLv>Cdb2a-R__BzGMT6@i9_~r|+|_s`W_N(7f$=$g zCBkz`>-Q^C0pfUY)|S6tq4K*O97kAbj!&p0q2@%{-MEnQYZk^3T$M-9x7(Gp^)I{) zqW)sh1Sa1CZU;NtiW%qbX}O86U;$3I+V6w5;G#6%%kZ{|!O@yp?N5 zshF(qr6gl3XPxt1WMyE`1<`p##G#aGCM_NYeQ#NfEvolkPG}m+Ncfn;cH&f88Ws|3 z$O&CK>@u(mv9s!ERrTdEzmaBlN!}Z>d~Q~cWKP0ubsXv{n)H9M5+VP45?RBq&sr5F z?f}WiIN-zDhNQz_ru9}C83ajUk-U+&)_qb--R>fr_!(fxyV}}9wvuWXpZyB$NgvlE zV#JxIMp@zHDo?d3?JFMYOOd4mM4e32w=&8vi9P)wojkf;BSYA@23msWcrI-c*KiQj z${ZhnUyVnPPH*eXm^>*9ul>7@a!eEzDg2;crv;C0^C~E#v2I2*4Mjl{;g~dZ&lfH` z#D}i!7Nvyl@|U@@@^n^dznxrk4c@BNiy3A3xAL!9#jgZ8hII>0f4NnT!sb!M=b&zF z8h1anV#hFEpU@GD1}yqa?}S%ft8<4{F|;rsWm@>Wncqk@Kn`IFw>)hT7S=>0vHu~a zv=c(k5OZkXg;2-w?TbYbb3kR5XPPNhAR%&3i(_tP!XDE+E4-{4bxkbQH&fVx>{=ei zcV}ZXF3XhJE!(d4}@+bR^nzG!5Y9vzS40fht6$1tPdfm%n!)5H~ zULbwud`dI;jn1>`EBIUHcTtlYdoSQ&=C$s3Zz*>64-6x?{z5SCE&Pu36stMVVkyOm0yq%3C^jlRI;xW}WclO}PJ?eN1f*zJtf*l1Foj3<-C>WsYz zDd=RxN|$us!|hrMOGQaA%&)}O+jvz_QLQ|abVH_nE>R9c)#`Vs=MwxLg3dHlsebA* zzjF1I*PC$)St`P}VjdOn##4ri{5E)BmO-;Qt&l`#aFf!OVzCJ?1m3XK{QyH|S~Yk? z&cCCvVlYHS9C*DylnOZeJyPq7kr|e1&^r$7?Mw6 z4By#bF;xx{@w5NBcxjWsQCi5Q)QGIqD%9*#lQRd8Bf#6~$GCt046>KaAtq--^i^W@ zs-&a)D%%4?*6(Z;t6o}^f!QM&bE2P`U_^`amUY8i-ap*g(eyIb;8J~U}o^&u7VO3L`radr?xmO5>egCD}Fos1{V$T4fd ziDmo^u_r`acG`%poNGaK@?)jERgLu*#vIDH#yYfrAP51aoyYs4`(p#a+Zn$nB5SN7 zj;<1vAkP3IBhUMlnQH8ByH`l+Or{u=^fAw{`nk)Hy$Wyp-pgP2K^leItZ^7&Ri3PZo~JzW@9MIaf~EJgNPv0dgVy zejx`Ie^JC`Vd*I<4o|#@uXDr4-5-d35>m$>RGQ`+ZMj2tq4Hnf zPRXU^<$w5tl5X_2+&?61SgmpG|3NZ^b(+$d}4;~r=~JAiXA z@H63<_DpuYv3jSmAa5MbMzkvt7qkk!5Rn&ZO7|7o{^if(x>+svS59)Cf0Invkz3b8 zz2IeJUjyBYBobk9*I>omyqCouc=w#I&l?;Cp-NYyKTr>IkjYANCSPp+Gv7N$FH#^A zeW`n`J|r3Ake(_m%%r$w(l_~m>HZn9s@eKX;oW628tLQ2MzL(0L3%au zv-5BLwvZV%6B{@1(Gs&=`<)s5!bRy5n+4V7T@vs^tW<1t>F{Akr-CkId08DEg8E;r zR&k|DB0`o*&ZODo_Rt<>XP?es92kXWle|wx|4aK}d~gyB!g9vby2)xbg|p@&70{4Hbh z{KL=G&BIGA3CxWYk|T4*fTdToZ)&TuOS7igjK|@4^xNSlz26*`BYMzf9iF_dvoh;A zbcyIW?Ps#~RceThS?sD#M|~R&TjPMMI$`>5^>4T_vIRYCw8`MBac7?AFl1qRz0*RP zTb8ciZH12H)cpMBZ~2R2qQ}OP)PrQ>MwR(sOQ#T^R}jgd62{qT?I@NaEm3dI!{uA$ zAJ$q&_|Gv%v7qmd`X|b9c2%7)%lW9@3S3q-?lM~3Vrh^1LY--xy%C&!;U1uv-Ke0F z*Ss`Hp>W+lqmZ)SU5B)0=#9r=8myz*xJzR4L z|Di&{%|5ukBFfY}!DlRI@3%4;iL!oQ2nSb(08g5pmcHD1()jUsJx&uZ$EO#Nxx;;s zHY;(Bb$CIip?a*Pb8JD0uh2k<@GlZO75_!=7;xg=iT8OHC1QCJhm&`KLPNsbc5T=4U9s7tKEADi=FI62%J# zE3UC!ghI5lk)f(+L|Tm)6S7QIQIvSxuMY{V5`JH?8h2`4&8_fLQ`JEN?>vGzDH!l_Wgx^_mI;I5G4~3`v?0Bn$hkkQEhLwgzfa)^ z@OW#vr~F#2#cRA!C?lbz_8P|{PPyjYh$3s#n3^JWo41qq$B04bKLaTeiaioW%zq)J zUUhJVx}gQ(^=UQgNr=Bw>MiAMk&Am|Xt(#FTbBB$MN6cW8eRR>=$T&6sRVYBRpSBM z$^ou$!xoMIs>W9zD7`E<=8_vXf=0W7 zHv2`AkVyI_A1}1)c%^CwqkLYy51<&GiD${8WE!fz#;X1Hi?nq6ac@BPQT*kUaoT&W z_*yQ@HD~y*x3CDXqtl^;tv{7Xi!XDmrV(E`pE}cjSNC7?-4j zfMS!XMX9ILv(3wGJBJw`(q3XX7AhxSB>J~cY=Ms*!_*w2P#M%yO0PKxw=~mPqyGVi zjtirKjNnfxX5J-Q&o~$QmwMFxM6iWKhKTXtBg>Ozkl4?WRVH;bwEPFgeAwbT);YzO zEvlYDTDC5KD)1M+XWG(#{Cc*5WKItWXc9`a#Ft@yeCzfoV9<;oux6JPs^Krn!2TVR z4U93Iyxdx@kI8y323qoZyIJn@MvbmB@NRILcxJNdr=%J8UJ0q~WFy>bU!@%+bkG_*GeR{ghv?KpDabI-OGPDsp7Bvq8Yu3DZf_L<#A2y!a?Ibk$`R?(&zZ(u1OIRHGFj}8&U0+g z;b1^}LY-l#MTHPFZAhubYS(t6x9}}~=28=7LJ1yE&F|YlC5kcZhq^(I%d*D{b+OAC zE%>=+eiwBL870&>^Adczy&3cX-Rti7%i7s5117|3wzpn~tjuWt?J`IY`e6{8S^D!r zqwV<_rr!BK^8fzm!D!gB@a9v~ZGZE)8=bDM#O{=?Opt2o=<~c9RF!BWovXZerVTic zOGt(jmM6OnB+c^R#TF~$!$sixX=-y+;w{aKHYT&fLu@2);+PvAJo}^5+B4!Sol0U3 zGC7xj(KVQZr-wxzXk_K;fKKr<3 zRa|#e$`i=H+|QGdp9z97bSNu(pE(bBB(>j7`ZiA^l@Bq<1Pm4b1O{IFd3hWz;HVDD z$if?F`|SGud&Tb8k4X4_p~4S#myKN$W6K1+J3@%i#f?``Y9;PyQIVx!c?oX#mA??*aK^`Qx_A&~phXCX$yk#4%xLBR zR@xoj2+4nyCv##~B{nWXv5}#_MBS<9xUmPfFA6U)w~ot)RaCU2`rr$GC_Fyew`>O< zd_0%#21aJ!Yv6goIq+0umjK>$L)bs@Usk`FM9rFNiGC>S&&0q-=3hAk4LuA6%hWX8 z^&7-K$4(1YPBC#6L#aBj%jyvCZt+eb4KH@C$7DOZsTqSr7Yzm!QAYqqx{ ztiYGBwLMC!cLwz5q&CBymBNJ$h9{4!%b~8bZ7!mVaT6v&x$ar4cZe9IV>w=k<@Mn4 zC!Q&l{u<@#;;_5qD)JB<0Z}k9Ssi@&84wa-K2ZXwnmaQU`;|!*adFKg{EkxjY8u5v zeAbiZbN~P}y8G$w>Hxsbbli1_>inmzM(t0(Jz=$sr1F(HPXq_GJne3ii|DnzvOc|L zSAQoe89`b)v5S5XQRi|YqhT5x-dSaFwgomPbH~h~->Wrq97)zE<1JtGQ0hE;eVZQ; z(T`@c_t$G{#m{{1&NAZ1_^SoO!kuHJ5=wPs58nlemN_j<>(6gg zb!;gYCg*P?B7=%~|)|)sfK) ze9RYIfD(m*$ArBp;B(1E>plY*zrctbah&`vIO6l!?Npf0qXuKVhjHdrw;1P(uiqa+ zAj9_AvF6PI#hVp2vF-r^HWGgKjkDY+64n}pH1`JtRNT-m=$M|>Wvy{#+Gerbb>s-> zW21y$yCYIA$+^B4JivlTjA~)Gd-I)Rtipt+xY$^|(zhKaICKV0o)(I7m2!;5Dz87D z&ywrWU{jrd!wQhSeJ)O4Mvau}Q+on$HC2rHLc$PTBq@xqHfIiu$i?yTT+0yM_8`G;PrbG@-4w{k@VA496Z=#DxSSY(XT3V_z?#Wdoe~Aqy*0)O8 zO%Chx>ED+!gnh92d7Z!P;ZEgqI`eRFassQt8vrxER3=43cweJHYWBeWW_KVFJW2F; zVWYo)kF9&#ySN1ZC8S+GdU`wJ`k!9=*H>(2MkU#m>F;fZuU>r8u>pSnNEYG;IM|eG z^9Ty5@ZM^Gf2wynlK^}1q2B;0XWOx^YJV!%RM>r|^>Jyec)qe&zd}RDvVZO2rg_7% z%Dww3=d+tz6v-J}c$c^R)6wGGgwK;xP`H>QI3cMKuP%0l^E_|DfW55F#Y@q@rV#cC9(W81_^Tfr+)^{jM2n;{MiAdVD-G(cH+|URYwHmZo~7Un$nVcw-ynV^;uqqiHolvdx6)wEc-$v}W~;pR zs|pkEFh~IS{SnxLyx7Nnewg~VcWwIBeBAnK_|QxtjpVEY{*R2_LB~c`mb9>ZmxJf- zpJzb7Ivi`T3qrwLY4T|B897oU7go4;kn#J6p2i=(D|QP{P)_4ZDcpR#HSPlr4v(ut zK*hfU2HAkSE37QEx6$Bz9KJWPEbQfeU++A#`w8Iml7w9^{|G-?&QSJ?Q_WR=So)%D z%m}s>ZUl^Yavpj58uaSQgyjs&<^Uz@#`*T?QNK)v%E9aE@-WrF3?AWGR0dB{mnnD> zcl+aIi>VhBGG3c)Rpx_fq2(Ooc;GA+&nNq*VH@3rN~;x+cve(2xYXbxnb+syB_rZbaOI&dfYZ3&E%7ziH+Ew zi6jx69$CqdRQ}CkaA~&BeJE$y3Syw7XPe5ES+Z9*5-${@e8s4B;mMJSbhr zi_d3y(Q>Nr>TpI8WN!$&d}BTY85u2X+PHJoOQTrSzz+?c%(+GrCO;8F5M^xXTJ1Vf*M+&%1<7L4STT(Q@D@_ijw1N ze|4WH>3boE10=L;`A0XRh;GQ2k@DwXoOK{!au^=}2B6?)@Ca2lD>1d`K*R)>!qHNl z;HSXLX@HpWihkB} zGheN)zZN+zbOpdm5HAnM%(7FZs#n?r#Lf&+zWU1vHbm}*r_IH(f`Y!)kT zfa?trov?fT1ULe2D*WEI;XT}w3x`E`T^lY2_JM7AMBm?gufL;qSF@yK@;TE^y~hs; zHdp%fB+-2aOTfQsXC2n*xUI&pp@JEtk>UPk#~Z2`n}q~i2N8(xjTJ@AcPl6Z(-FrD&fm)4B931Ot${z=K6`tu1A)CF*%!MjaA@N?c~VfKNxa z&3lHA89=OGfgkgd9uP5Turt{Fv3V7fC_`;**Dx02Z`5~Q3#_e_497JCU+&gMK$`4c4y1e2>?D(9*53 zaNU{=1rKkv4S9T8{KfHO)7W}9T z9G7rV`?R!g+u+Mu#`wLt3Az!8^?jqrP;9Kx-fQvIwg(SsX@lGI9hoM2Oca1P1@bDt zm~*Cz8F30RQmHrmTm2@_pJV2GZwBqkGkkn=b2ar2-o+Zaef}Kd3Rbj@$c27u(YBR9 zty4>AkmrDA@4z2qh>&m>z)S$b6y~$zZo8WYk?fGIiie&aGsI;+i*$-4(-Dl7^2X*% zM8w6}na{}|@t(*uDQD6#IvyxkB)&i$#;~vbCawNcF%h<VAs!k^&&gzvKP*}A<>pmV|cgQOzZIGwsH{CBq8k3tKL zI{9F(>TJA@6C4_~o@<^L$H^tOwv&xuGa-6k)D{MiK4hfKS03T=`DkK#k)e6lgTXaN za4I_Nb&iF3KY~OS43rX@xV{&t2p=#jVdCOc9G~78!@>H!;xAmK@ayCVU3&qc0_^PN z`IG#E1C>LQ#aTiz)k1RC)yYLMHn#iY!EW{8FII#4)-}idH(wzrU#;J?BEKIwQ`gba zv1r<+C-Zwu%JG6ulPrY?G8~MY663 z9-De;cRwX0NG5yS$O7QJC=+jP5VhvZBP-4E<}%eca-+zrt&4S8bpDSQK=1A@^TvwX z8Vd=YFHIp|$=WuMihCe3c>As8fN-C?_jUvJ$ z%&UHrVon$^*$RD4gy&B&H#Zj)AMwHq2O%jf{&4F^e>U?V|GBtwz;a$0l4w9XIX^uv zlDtHid4m!SRd1#!D;-V>=9kgmmY{ekFE79B7Aw_hE)oqw0f#)k)s3rUbmpxw?<#0( zzi}U+U;0w{Qi=0+cF#93+ocHlZ$Az^;k<<;Ve+1!9<<4{4IT)=ml_EIYn-lj`VCSv za`>c>J&7IGoJ6)-iEi0q*VOAGceJ=rK$%bkDRL(3f(PujudQoh>8`v{45_Y~(ZCzne!n%s><+f!!PLbbM`?+UqZ9lj22Y2@o%3?J$u z1o$0j{dtow!m*bp&=nz^f$;#(wT(2jo1rm9mROh@b)tAa;{+jLrmA`Jca5^W);} z>q07`HxH+q697zmc(MxPTYs?!xUbGb{djN)7;9%YU^_N+gsy1RXLZ#e_sQ;Z&;TsX zg3^errz?%m?H-iF44T6sueQ?po%lF8RZAzT%%|$T)N(<`$eJo#>YCB4zr2i$d;-YZ zM^m|q`@Jrp@l9es+^(zeu_2#|0iHGiZ#jBw`CA8+uuSaG{icQ*CbhidwT=*duUi!p z929uLyYq#53%HOD^ipjmCQc{Ua|JfGzuYzp1O*F2F^ci05+pq*Fag1X-?=Ylb|(OQ zrF;8i{g07i8qejnFjIg0nZtn1LH^(%YLmiDtWh0j%?I^D{U(>CdMnN1SkvuqS1eDL zOAAY54LX(PyMM_c=y2Y7w%%l7zN&C<#wt2B)pPG0*)a?KVBzk#?ctI%^Rwq;(nM~p zo-O!bbXn(v!WbMG&oT#-kc!&^bC{o;kWb#xxSXC`qzRdMZx*QMA-7vix!v75uWt>p zByd~a2eRzX9IlWKeJm%E;Cghs9n6n&diMexpL1sfJqPp6u2-y8I-4NgBF9Dzco?AH z>0Y--;MX!Y-o=dHU}JVb zKQc3(0;Po$n6}{{0H#^;xCG4k9Z)YVh>OEOQ9atfKc5UAF8p#mR4Y^iVP1#)pRAWN zUqkSk1zdJ(v0#SzaC2uwmSIq+kp`wInChs+?2a9`Rr}LL1@Ci9fJ=7{W~NNl3_Zl_ zerIfgP7y$8lB@PnUzii^7WBSK$^&QqbNr`ftDfrkr+YNW`w<4mCpC6KOL2s(=@z)# zHZ}(c4u73?SZdu-C2?H%u#YuFlJTY{CGAqheA=IGl3d0g1|@EvNqL2tq5+Rj$-mi) z>0mOa6@o*d$$sxhhER!im1ybA-3{VkI{(U?wy2sYX8U;L)X~4W>G2Bu|L;lCwht5y z&(o~&REU(v)6@4wz}X-V^e4=PZx33WE#fe{<#NS{V#lGy(~B9?emQM8AJ%>uTy@S9 zxw*t5;}`YE=pX9St;beB9r3$PG1+*_RWG|Rm)%^fl$7ZlXyJ$UXEchId^62|Ms_kx z&L&nqy!2T-WM1jqF{Ktni;g{YrDc3wGN5+)$Jf-P@k9$k;{J^MZ zw*Fjs|CEoZ7jekHpP;n0>{RagO4OIJg(y$;t$CcoG7Rhlv2nW2dZx*mQA51tR*SW- zT*e>-lB^_T{dzxI&O6D3(sdKZZ#?uWwq{4bPHlcU{DX9JH;8zfpP+!+D zQ@qkjlP#0Y=X&`mmv!lY>nz3y&(h+4Yd`Pd0Of78XnKPd)a<|3F9rG%0kLfIry!yoX zlV?GPlp~S&h_d;%oGX0t!@Dm&@+rT3=ib_c(4s&;oM# ztU=DBz*(ZjOLc3%A-3rEFKIe44i>Cd(qC91yV$NQ=X*7@hilA>9D3u-W}NPSF!o*b zeoYttRE>ZV3cnA_oPk8xnv;fsh2dbV+h`^1&CnxA9!sn?5)`>ux;3e)Vzf>AkO<^s zHwH1i6uY^{v$!``I(eJ))8Z0V>}TLh`EVDnW|=_p;$QEkQW>3^F)U>9G~@%}Q#k*a z!2hj?ThU(s1pXzF$A!erO=pIxv?qfy_Lgm*VnZpA!c^mVxQT*b#HT(){ptTPV`ggl z;@rKQm89oum7|)p5~S5^ZJ}Yhwd1fp5P!y^6q%1z0}s8egSSJm{B;hnDeu%g^~F(q*RMCj3BY~!#%Bzhgsz4GQ#foESxr73 zZGeJZj>obif?4w{H+mpj#X?7i(ame}_`^D#0t(u5rsTltx706LS$W?~AtkH!HEyR* zIwZ)5eb4;RCiyHXf$2ogKnO0#0NaVWjqy3Q>OV9~XPowy*7{86T7RY+IUdHwtsTpk zXSM7~FlY`rPq~OY4ZiBwvALa$Hc?aMn*r*kZ@v=9BzCMhCYI_*jx1antYY??l!Hx8 zbn@3Zwt}i7=h!jZcVZ4R11fu&dZux?gpcRDsuq*5&vr}b9}k{!anf*E4@8=unp31H zB*v!diE?h9F4E_m`rJ3qHid-+=q>Hc0la@UhdZAfBv*3_e}{ zIUEuj7`E!AA_3Z+hhZr~;g1@(u@6&v=Fb3qaW*EPro>=qxc~h8^k~Y?P%C1O)`DYv z;_6`jt)XweafQYhOY-Yz%WHMMn3T7sVzAFSn zh>-A;FOU@^whS1&*(7wql=RBB<++5cCxV7oZO zpeQkX!Mz*8PWki0ubxLR%DnswM2k%sQ`2CvKl7Dt;jByb6Xsmd&crXP6qiFpG(w4u zde`mCSn=lx%nu72iy{#c6=3XsQK(s7QL(rvSbwoISE=m;z^U?cI8FO&9f*9z-1N2M zAlXSkunAgK);q|&ahkE6Z3Hp_*med%YhS+5J|LiTAj2nPKG_cBM1U#g&xu_$qW_Tg z>Kp*ywb-EH7Q{<@LZHrchy$}G&LlaKo+--xopD8m5L{&=eyIA1y1g>s9IhX&VIsLzp5hy*@r0TnPhH+Hap@ZRAMMrTqm&^TdQ z!4Mg>L@gH27x5f*qP$^I;);bkgSJBDr7Wu>Z76(OUz}?^Wjg{ zKq6aL=RtyWwmK-S2>BJLVnoPXJ#S9CCNpvezrSv9NplzLYZ*#TN=T@89CH6NQe(Fw z_uw$T`0RO8V^at^$t$Dt9du<<&=Psx?_hzES*K-S$Vk$g45^Id*mBdUeluXiZ>asW zzx+%6BPDtu0^LFMCUxQjZw*WxRsuf9oPz7Ck^ZJ# zBFLQ52=!|9y4*a;otai1CoPBD!p)h?tCpYco8*k)wR-+#=}13paWpD?aD&r4ANzYk z^DuP&g#5YWOl}C(#TdhBTTF0dn0xg<=}_t?bJmA{6zk|}E*(rF&Niw)$9BDqkzQUz zfJGn>C!_!5Mk9GhlS)vGt;(w-sZ5Rs9c==v+zravn z5%TKx==$ckSnnAO+u@pDXT{xnUYem?4^_RgbB<}>p65YE>h*PJ}vDD~X05_y5`ENIiMNnd&;9}Q~#e~gRl z>uV=w6W*s=!4A8?My{I!3@6g(EO=?DNrE&7Vb(gy=nEMob4fYXf}Wy89CP6dTAd;= z=?rL3p32S2+k2A5^1`otvN?1_+GFyp#q zja|%eq^1JI4YZS%|q+-}AfHeJKPf@#fBS7#Pt>O<)l-z zp8s89T0Af4eg#Cq4Z!6G1wWAN1M~10Z|kIJ{%Kr)r*d6eU@nNcu|qp0F-RB79o{dw zqk*Fb4-?n(~a|R9pOk*_G@9Q}KE;m{%Rwi}XUYxSJ-flQVNT@a_y#FI}(18f> zkuL;Y8fW_~PTJkTQqKNlwv}4$uu<8>V-tIZuvY;X=|Uv4HFOlO^4ufrsb;__ZmZWa zUEoY?MnJ8;XdvqYWO5_5Tm>LvT^%3SetOhPbH4x}hsuoHAN2DLiYuVK|JUTL&reO; z%u^x7#-@7iw%-6$4Lm%8^X~L}8f;R5-%&%Rnk6dn%&Ns2ifJ6$^tkAx>>Q1z#o&mk zt*dLOug{^O`}gCsvR2DX6})e_!bA}V^LyipIrRdKXTA~p(*mByKdhq2Z04&Jr4^Qm zD;hvFYnEG*BJ;9EY&V_iPCSgBJi3 z_a=4!L+8FTXz>Op8V*1&O(>@J8qfr~4Cq3V<314M0wmEw*@4Ca1NUlA!_RN)@HBQmcg<#B^nvx z#-2f6P;VNvW%F9)Et36l;xX%`wYcCZXR$*ghl?oCS-!tpNzLR-DYl{b_$mJPRd(S8 zkG=9oU*fx9xhpw~y#DOsV*1SVomj!dfB+URvFzLYLm)*SRU;)l*KXj*U0o6Ub z0mrmF#@`m;tb0e8{7GY(yse1`nQW9?GeM<)nwXN_?ZOM^v;A-4BJC6r#P0(V5F}C0pa8WZ3u!zhA1O zLGe75EN|OWIF`CUPRS>gG)Is11v%3M@cCjgm@1rXk@b%rNU0C7zu4}Ro;3VBDRG!N z-77)KrP2qT7 zFl?T`Ohn&lua%g|mr-m(Yb5p`Z=gM7M>{{3G^IA^nZso*t8TVe_VbA3HG%_*AO!ZS zqOSg=4vyPODQE8;``MC^q4BCA6y zySvL#rTNZ`C&}CiWs-uxz-C1`9#A;~UVUgIIO|_qjR9>lFi;3gGndmA0If=y5!b`z zFA>jYbFnzRNGkkLf}y8ktE+SpRsu**k7k`#t{RgU);?aQ&dyE_IAtU@N#kc*ui=TC zMMP53wvUdmaP^QOT*n(fFZQA28WKJu+?X8EuCSK-`}H6vGa!RfCeQs)UbhwWz){Dv z;368TB&-Oe!h&eJTln4XXH##&zr+IJ`BLofq&XKYT{k9x@d6RH!SkfOm9hir(jJhI zTYne|`#jaohLmBDea+yhldjl;l!}3z7+2?f)}5#D{vHlCFGx#Q!=UlA_xAJ<_{>XG z+aN+8rV46oGCaor#Af>_2RO4N3tx5IUEwim&^&@@S`Uz$g$0j{jP_6cOk1b{Q>?eN zkN3N(3NDvXsyV^I>Ttg9-OB2~-7s0MP6Gu71`B$f?hGHMfYTE|_d6tGIscvNK7Ywv z|1L)EO(ykD(Pv6W>3j8xMw0M}ytA0dd6LP(KzlCxB}&-+dK5_PeU}K&5FL0(h$18y z^N@IWc}H|>zw>-f=`tEgW<*&CNi;a%PgruaU z=c=4SBz}FUnCom-h7Xx{-V>_ziOM?x;cj3#*c$(CxL9{{Koj!4bNxGA@V;l`i$kcG zXzKVnnDzE)Z5f!2oSdJ+`hp%{vB7Eka!8jJxoFL*oGC8cgf7c+EV`savMH{B9fDp5 zmtGJ|uCm+qe{FuWI)1^^IzA#}l+S0H<0v)up*Y=?;q;p%42ce%*>t8rP@MQA&L}Z5 zVTBOAf~f_}YNTFi+et=aEx+m%n|d$?QPEFd2S(ZFppzdQ;H{^nl6VpIDD{(IG+K$w z>rwI<6nI8BX0hiqSN9UPVD0tId9I9?Ts;DGl(H#5v4#vzI2v=*taTlqH`PpVho@BA z;rMW%K1}-_8F{urGBEj_`Hv@V(vAM3egKxg`r0VijmV%8KwXpMo)2T7wk)-Ik|Ev( zU&ze62|8(Q*pPwEvu7aVcoN>TxpivjaBou<`07Z|x9{gBpjGu@MCcEhfRwZX(R68z zvisXdQ;X9;Q^?-w>N76EbEs6mNsS>M42AV-++V&nc6U#XvU7uwkPA(V69JemKYD=p zJLz+CIFM&LYR)yObO3x0f&zl%Jzdp*7lUfCHHIb`QJ{7KNmETtSLpbHMbSphR05&Q zKlzt)iVH9RH3Gc;!X+ut|HzhG-fV>+18K?|7et3NhXMB;8fbT}f!G~rs14X|R}e*} zwCb6znu|ES?D)8fls}kvOS|NUgh*N+ytCA2v$KoQYW%P?uitbxS)e)-$m9O`b8O4f zlAy6MIc7_KU#(t=2*rvII5>=IdH>=|fecci zRRj{q&JUL8fbJ^v_&!Qs;%t$-x30~o3`l029OH*0&$EvcUPYcHXv*rlZtt}WVfz^L zjvDVZb{)haz(H?<^UYjSMG;%Ib^KbW)oNNYh4@HKvpQ0;W zLEg#z00lq(Xvu#@%QDo;v`eB(MzJCPU3mdD>E z4x{)C)9`6P;{buU6+(oPwfQp`(bkvyf@_^L?w*6xj{1+;bt`gE%Cu@b$~LD!68&=+ zNW`XoFw7zk8?Jy(GY4?+sE%6WNtPf@7d+O804h}YI_im=^3f9313c-1V9{>lpmeQ) zT(EZT(0pbG_@w{M2-rq-T$eljqdzdla#JKVG1pLZB&W*ssxdKeYDWEB#pL=S?zD_h znj?;oy)4;e=M`k1L(qCqalwPuN@a{St_0s2$eF!wj}I$=3%1acn8AwGbQoI!=(bJJ zZRBJ78!=sJ3tB~NED}yEkYImP%X@JTnD+`<%B#M?=HTP2D6qG{=97_Jt(u<>R;47Z zW1D$8>jL-aQP^)Ej#X$&7ddrDiVeBJFM4f2)QuiCVT%R^)t;(>7-W-uTDm&<;bo%r zQY$b5TM`PnU;p@As2PoY&qVdLw>~OMrak;fRCPSD+R`l+(~AuRg$Luc#i+kHy44ml z^)~!5TIW6OH$1DfY;#tLZ0dzrLWVo`*(xBbMd4O5ywfO1k8DTr^M_wICJW}6{$Dy3 zpjJbUp($>JfZaHe^z#r1*7x`ZMB5M35=yrXw+6}t?4@HsyuAMm&l~Q>mv^n#o0d$c=?7(2} z^-Zp{09lLrz7)BE0Wbw0j0oqMY)bZuW46B=5tID0yZd^#hrzPy_O$Cca7#NoIvy=n zrEE@be^^d6z`?lXJ5f_70h#3UgK*(jJ+>L4N6 zs2PG+ouAHw)e6C+Jn~4A&DITnUZjksrwbfl3RE~BNnK=3+g$l&qnwm~zFO8j@@`a8+ALkx3Zytc6lBslLgrY)<9CF6pR3-Ay(5_YunQVOsI^9- zvzbAz-EDqZIdQ;EM$NaJ*s7CC$mjm}^k(AcuWpyWQ#Gb(e2;!_@e`v7M$#?0h#>o` z<19vQ(e`$*G6DwL!Ht(!sSipg-Xn`cz?wb&sYbzWx(Ze6Ky+P&?Y z%XMDiji*BFl)Ma~N>aEh_{L>Tpb>XQ*~5P0jFK3xKSLbdhEg*yV#ku_j-9A zkD%0VLw()e0kaAu;tjman;N^N!QuYo7ISGZHJP#s^l)<{C}v^CXDYYh|LZ99ELisX zc?3RrIGa?~wLtgHuO5o;lz=VIgzz3PNI&|isk*aCNFmQLBhZ;s9+A-TIlk1q33ogB67s8ND?%;dV3p#qr z_xYlZKrl0G!u&2Vm6LEw*UJMihPwT`;2_ev}pef!5BnRVY8eo}X= zNd21Nsxi5}B5I(jc?p_uA2YLQiYpvYKNoe;)$$-KR41w^#a2f`S7tX=#CoUaK3W&!RKO z2b2N2I7ce*sORNvr7D~L3-y3%iOvEFoatJ<54-}*>C z-%|Q6S7At3X9;1100}Uen~e8O(L+>=B|ZZ=uUT*m3<-f_Z+`6EGecnBRht6awx8fUu9)w=7}ktG?RB1j z#Q==ID+WVD;j?|$fZg1Dn$g1V3`+9NhlAa?DDq_tB92KHd^0nGe|cD^FMle1PfPQ< zJeLlq6~_iM()acDAJ!Uqn{F?!E-w{8=jeEC_*dvbr-q&A8BnG9Yi#xFJa;F0qJTU8 zc@RLvxa`b=3EguLd(CGyG@L3FpA-YM78K&hwS8ZrcCy@B{Rc$$-iRfo-r2aE z1fpYG>}rw@<4p-Mkd$psZ&-=NIdQHAci(%lWx-QA^hNT+neY`>YiX6CNzVzK<=aNZMpzx#Qf zUwz#wAC?c4BHrlYj>-2-D8y`v&DGKNje=Q@-kB~2{a=^O5iGJ;QiCh?5dv2F;A}7L zWrlQZImU&4(Egj`>In&jC4J|&3C$X*=>D-#}P|9d~hn=7t<>YLj zk|UqFtrw3E6L<&{u%tNW00YKVd+!Zy+!KVa(50pgonVo=JIc#3Sbc=!lKbqlNGWAz zx{~Y4a`dfh4%+%rN3(BSOe&>R3CCwK4Orxb8XK=1OxEJ|9~WvlWSvdq<_&;e{@Lcp z3g%kOq^QsAck)?>&*|up4hbp>A^XYt>R$f$o%=VhuW^}fyBB6CzW}k=cm^M{>83I9 z+PP-A7-fQPyPelXGdq|geDB=^w4uI#v>}&T&GPfVmliYiFx8^t9HdKiyJvSmF7bSL z(`Us|sF*;j^vp>pIt4wa070E=Li{oC&+`xJU`-AiO~DATH0`<4z=SrP-!ryn zBj{JjT;Yr0YkvigKA7)gl3odUs--ek&i{uf)Dj9ZLMi2vn>i`(Z>PurQRu^m*m0c} zr{mSQ#<`y^dLZNKb`q-dEC?;aTdT?rsET&jWr3&&$eoBkx(b#n-X$^$fM|8wQwKm^ z0vFE!%$wV(p1Q-?bPmrQMy0~vYhhXI>jh(}r)xi{sHm2DW-K3jhc;f_;lsoF0hT== zm^0gsmx0FsyR=N6Z{1>UL{SZPL&UuGwkvIpEt2`?=jSJ=b5m&{E~g8Jo`#z#2_wMZ zMv+!?fl{51$aX3=f2qMbbev&^u0&Y*I~Ierakb}cmLN%ycK!kAO2Cvmlzb%EZD0$EeO&Bf%ikbllK|=rZ)_=&lnh*mdbd=UJ_VXTB~~ z%3`m}oe$+C@&>m$O*RYIGyGARb-(*Doov-q*@^fmWndtZNI~r}&+C23n`7Hq5`K$J z7yg@H6SvEq->|X)Zw+*wdsSkLe)ERtx7A>_F_n) zm@if^yABt&jsqfleb#Zll=NPVql4Iwil1;79#zq;go0R}Rp*SD-EZg`1WAP7lO&ow zuIlg-_wj509njlK0Ex}s^hr0nVRJS_M0f3E1s~Pt#}Vk4ADT%%YWBVwR>ZXBH6ZWM zrqp8dKJlaQPAXig^IZBzvnpQ_Y>ruARNwE?yu*spqyNM`uV3+*RwJu%D)fZ%N^@Fg zfd~^x(wn~hb1NM$u|P@U2vMZUi-xT47lPXprhb3c(R7_dh4}`oUSAepqwQqB02=W?TixXdjzd-+rQnFBl(9U-(7pBzE&;ydi1x;8vmDCrN;Lm4w#a?+KlLnwAKQ2aeXgfi=58u-V6-?0}a(E0$GY&NkmC;kAKBP6X-29 z)8XSv!LO08s${$I34{nQq{;%iQ>QoTTJqaOc<`bvXUo_(3Nz(0xx60wk<)c|_qXRN zjCOZ8+RC0MR=*9f$JE+CE+9jpqf3x{P0-ELsK%DBb`eDr0dbm(vJ*cKi+9u8ZYm@g z4Nq4vsvuaMtN3k!lP+rlScw!75O}|awWv(qq|uK`&I@YYY%AEFRajWPsa!siPVx_GOUw)k z+9?#zrs+P%{`EGUv=_XLRxQI3d6~8B2>Y;TJj$#cq5`~YIhp!Cp>%QWa|ew;T1%12 zKFn-MPqmr?IQSxmut{PZ#W75SI^=jH4h1rD6L}eAh)-D-l6fD#kA+T6j)Q8;AC*_C zPBVe#10rr%p+P%TyTNj3!_^dLXpyS96@$}5*Ahi^)yTVWy2-c+s?@4ya?(0belgZc zMUrsckN|~tIplIpR82Jc;Kh9$2&K4Aj3`~B`kMh}0xD;b_hF@UpH^ZS5^^gnX7Q&- zNJ%;8g>+V;LW!7-*MaoXc>4!zB_zhzc-*3td@ZsJAtYZuVGVGx3uQ8*)6*H|##>x$ zpFCQ-h5hpv#qGn-F^wQNVMf%ELnZh@SvY=*8H%-}ffgb)Z7h+?vF2au7J5mZEpX&z zIB5aPUBMk+7$WS$rmOpTSb#<*+Pdv=o8(yY%iQy4L(a*;Zkgb_s#hJ{rS~1*@7Y9^ zCQzaMl?fC6G!Zb9X}Qn&y?kvAtDRNOR1hwmpo$=F`M|)=ZgTk-&lXB)vSyblLA?So zk40XmVT6X1ecN5t)YL!-D#mR0y1dI5YOC<>lYxzmjix4^gz&-aYLus|7uWX5fm?F> z!`q61g9)`Yv$67zdOcb8bBRF(Vr(bu>P}lr4UA6Sck>ha8h!3>{vMa2TYRVssnm8RNTv8M{aytiSZVx^|aq(>HAta6Jp+k|}vw;vN zdiK=>NknV;sM?b1Nh|60#C{bmycE2%Of2=epcfkw354(QrzIud!n!>bCv0#;!%CeJ z2AS0@F5ghbea@(doo)`9`0*`+1iooh0;NuKr~=(d1*}lzu?ak4DU^Z;+DPX=B@DjrAAjxKe3+ zPh0lg&FrP~whKfA>o4T*b>&EY*BHJ1HdiC+jXF>sj>iE9Y4v;xLLqMQID@vt*K$N0 zsfy0Jtet%syC0hzGza)M;2c@b%qKMd1w4aa724NtQDA(Q(+FO2#W(*Dzk7!T(hKfn z(w6f+$59}TFhmjXz(G7b0D^@B4`H6V`Q#7N;rT>6`Rnv#-Uuj>1J*n3AC;B2`W$xw zcd5+UYN9wxAyb-4|!iej{c&6y<%g7zLB<7;-eED5R_e0@zuH%miFAPdFClZI0q@>qr zT)K+dd=}v@FHrunK#zGmOcCF;H=Uol)_b0o8}xQxK!5V~b6luqAJC)d{B(OND4*xx zfImC)u6%Y}>mtj3FXUporf9^{;^c^b$eGb-H&H=2^|H!OgoBQc(dIcq86$y-j){tn z*=fuoOeSYyVk&!y&-?9w5$1J*T)EiV11CAt`r$9e`}@~6{L8@+IK|`gFh1TdZTRQ} zkJ}?=A2S8)CfB?CgQLG6U`DIX+K14VD5K>{?Njy@%Q-#6z;v}7G8N)hr&utxV;k+( zghdu&q6gQT=P-5o%mr6gOo*&uCm!EYh7HkCl<+LbJ4ROo`GmGJ(k`9Vk?>R+mva}s z(z2Ft;P|F0rR2mmt82DB@c4Z}h142hHd>IEaP#p`FvBf`=~?B3RRI^ncPOaL%frc& zGDXoZeTbeXh4g}NgD{aG1MlF0<;QJ8kDv|DS-lqnSBxqggx@JCE<$~b4JSEY-A+?M zU-K?`szy_?+la(bdLg}0nj?&Fm~r7!l$^FFe_mB}xAsqwb=?+<^l*kn@4=W7WB-Pt z>QtodE8}$)J6JD&-5hb6+sQiDzr+Yr`^l!M66x}B?C3fuZUUuh)8gXTDE%k{{X|+=tLMf2 zF#91ykOUQV0SF5_PEHem@*aS=dq9kRbGk5>_k|T-ix={{-Q*9bQ-RFr74*~1>FUWs z6S4`D_EOy&AE0u&@~(7tJmt3gEB}c+o!66=mUMLK*Tm@Z=2)p(HS z)ya}~c$BTGs;au(`o&gn$1hvcYW09FCrj0)n>}`5Hb7Jv=5M@snOrC+? z5zNy2sPhirlaZUo{xOecadFXf2a9;MBW@g z9Wmh|wgJ5)=FQ)(L4{oF<0D`~;c?e}$6>9*O)!4%Jx~4-xTc3U1O{#c+fHGB7y-|F zuA3WykkSg>CM(-DkDa46T|T*gzLtPmf+&)+=JoRDIF*wsl6d>VN!&GYAil$SyC&W9 zLc?(f+#tW+c0O}f>V}HsG<7h#K3vzmROfo=Ji|>)&3#m+prDY#dY;PHx)H!)kdgF2 zC%`G{nR(wckHOVatKMw5z4_|G-R<&vZ$KGJrcI`z0j+j)b5UnAK3uci(Q;A@|zpY$6f2y8dFUZuCk}J zw-8%|5s1D&cOi0c(~Eo8h~M;%Rb8lm`svnXyVmR$20?3ikvgNj@) zN{k_fp6%NBtqD`jdHVh!#++rvveHO5@ei!zZ4wsNCQc}jA~L%{u?I!fGvd=gu)VyP z4NVd@#g!1D^!pxlBA{i#NoL(W~nw1nOQ`I zdc@-zV5b4q3HFJNPKOu*eT+n{>57>3u|u`tVqS4Y1rg-;??nvN(94{hoHgtZ>?|xI zsJ;E;A5S*?-&8Ym)H{C;oj4f~v0ZJ~TI+;Bj#7DnU?F5u|C2tHVBxqpAS!t*Q7UCZ)>pmGEJf*7i#K-KE z%xAcMBym)76s?B*?%$Nv@`*#I*`v!`)k@}hds`W+Wn$9k%H9MH2*teM{^amPOP`?s zA(Tw<8-?zqE8cIJ#p4270UjmbEzM{0*8NeJ8H3k_*mWC4{1^$~KTw^*22F4GVyZ4> z3>NJ8kw57dLm^GhaV2OdhpBP5V!(7l#Uc!!kNjovG0SnlR(VsQiEX`e9(C8dUEMuR zN|0&R{V_)KwlxbWzfrK1|GG2*3**i2TTv0N2yhapEh(Na&J&pGYi=YQo%5iE#@4-p zXrv2!xUuE0E1NP;2^=>{a}r+V76%ewp0UpIrK+@UAihtPbR7BXJvuy5`kAJSFT-S8 zt<|SoBm8|cUS6kRZqw0Z{P;b)=Zxz$38QRH;GCeh>xZ6 zz6R5l$HDhExNhE~t269iB_fp2LG0|l zHrqYZ2lwpH*3o4$J}vV=Tw~Jc(Lwz>SOFm)d<6ajG zWN&drhW_dECuqpmJnhwD#~*;HN8USt0sVbsJBwNpDfs^W9w#V6;+&8BGdcP(U`&EWVfM1NR{6~v zamelNDSJ;4vddQo(g9bb;^i*+nN2+M=|4J9@o!8>yec@cu~cN|cHPRbG%W})HKvp; zMQ3P@e#Y>mXvwQe&&rKXw>%*ST1>aL$QZl$3= zEa}-QeUFAK3aRRsE_LbiZKs+>Xz)sKD6x0{fB~scqQs~)#hzd_a9L-`#E#do+uAQq zxS2?E`E)m90DngTDT~-4c&Y8?GPs*fdrXY&=!cgQLu7Lpt{TzkGaR4^dtd4Z_Yqso zd1RNgjO+(Iq@EtoqAL^^)fKO>c9k*)PWy0v_*N;9$Z3+#C6I!pfhj%&T`H!)U92Fc z0O5ubC>9D0d5PQSigavT&dK>ix;+#8R_%i>_^#p;Qxp{yp&>XyG+3SD!+6-RLh_h> zOh}M`Pw&5v>DG9>yTU_`pdAQO`i{$GOs)0Z^X#z+Xc)BAHD!|6`Vu!U21iCKmug{PJ2ZX}6qs`lWz#Ub$rpfb;kF;mLo( zUj#y!%vL?f{z#trLZ(MYkJegTAcB!xz>1ijlQVV5xP~sC`Wu~tqa*u&{tYD_{B`|@ z#3MtvWFJeH=czb|#g|ow&QW27$Q?fQ#rX@H&=-~D(i!_TZbgcC%u6< z?!FjUSs}ff;PCTFPUiOSQg3sUF;^d~F_F6UX#WvaDSrBKTh6iX50WC$)v&Wlo-(mg zEtc}@_3~2d{cI6jmE-xPXwm+GSZQS%ZFX1)miOR`vN8>eoe$?L6G&E2r@T%?2A`9q zOi(1AA2bsxEJQZ%-Hy?%xo=QI`}l=l%~htToJc;z?qjKW0la%-#=j%czzy$ZC((nh zAEN)O0s3Y3Tuo1`_;Mg&Ku}cu-CV4OAB;~09s-1QbxUQB?p9fO4CX~z`MQJi8wQd_ zOL-$M#clg(j#6^pxt3(jt-qb$`;iGB_JIITszT$HACI-@`*OZz<1w%>1fmcK(yRhR z;)gvED@5IrMGT%z(=n<4py)N)5?0KKK>0kT%pXxnL3-f5pKMzww%>(L#!FXP4DJq27=qNq0za3amma~P_Sc4LKz%$04eJJd-@N}gX_)YX=FbZuKWA|fJw z4-1p91q?n82=$&x*{d3DY{Ly{OS81bvYeJA&^^U2y#_#JnvOOofIofm1DaP08ynfO z<2XZ^9K0)3cxh4U!?etPQ8D<}kUp*qZ4#3m>q3fOiG6S~j0m!Hqx5|)>MHGuvZk2n zqtrFC#`IR*tENL|5~CmbgaW$mMsuK=4-EDL2^&Y(RuMu+^}?zd=jO-@k&JS)d<7Ny zSo_q3Ata@kFg|MN-&dHM@E)?OF0+~B)R2=62Q}xF4?#r+_I(J`@2hhCn+CsY?YeCl zZmAUWv2RrIDN3@tgQP8(Fc1`Bw?1CGxq3}IVg#utCB$}2qx8Du_WP7NR#9QHAde{5 z++|WNMaBIo&zl_?i(!|C9h85GChy2F;$DrYHeMZVuWyOabNql|R;Af1vUC0d1p#e7 zrIH;1;|DA~GuqF9$$fuGOfo!CXo051>yDL5h>syt;Nkjm^3Y&wh`3QouO4%&;Wc*G z+$;#c=kv$a&8=CT2vbxG6a*EX!L#w0#fjEd$G@$v6GpI$)zHd0tfygt3DLJt1%=8u z*@?iG!V=Qxa)Xkrtg8ANQodCC%IEiy zbnsOf_Kx4y(rm!=C!=1gNQA7eva-ln&+f%Q_!-px$}1ANts!2`toJ=d9W-4*-K+}5 zs6D~^U*s{^(I5~y88NNMMZL`P8!yJj1g%(V+Jx2(Tf~u1(+EvS0b0z{!3Ee3^2R2t z;|+#Kx*4sZe60tTPixEQ5W8KK`$hM&S$l|v*t8@QnNvKHtjTCRi@O(q*WEFyf!n^h&tNx`{uu0zr=Hs&P znS~{Nf^x0B&QVALyUgw4V0**U9XLzdl{3GH^f@!!2)`;VFw zFDf70>+0*B2gY@zq$Ei{34;MgkzZ8Lb|k^}w)Z8|_dbiM5+^WUQFq6h{VtDTNiO$JP1cfNQm;o9kep%sQ92<)?ZBnj1&|U+2Udv z;Iw}<*CN+s0wWCJ!bPjd&Ni?%GFn^i8ZkTCfO%-J(q3CB7yqKMpRUCTY_^(qJKuYH z`h!+YPF&QXNgGjW1PCgY+dQRe@W8BVvDS&-VNbA~dTn_49%!~Uvb$caes4|Z5j^kkWUczw z^U`L~%P@nzJR*)1wWC5&e$9~lAh)htH~z7K{WEM9%{UD0Fu91nbn~Z+=xWE4pxUD?fXsU$IUem5m{NrWhfT7*1MTmoUTaaI5RLGRA;wnU$;))J98fIbv|Vt%fjc+h>yAG}_L0RjXJ= z7`zZysB5W&m|7LQ_eI(xA(gtsSqg$IlZ&pt_1nmDEv;wcXraEYwzjux!DPBtFZ4@+ zP*0He)8pOWc77`chK3BH4hHo`{c(Ek*SyXr_v>Dx#e+;R!nu^_hm#b^+-9poAyr_Y zmKKJzdw5W9b4Y9Ep7P^H{UtZJ!AiX}J9~fch;QE3Pdx}YI#j8bfzDaG-8G}nu)$_& zeq`VW-lQT5@F8d+#_(j}o1Gji`uww?re-Xe(|au=9r!hFI@AI0uEi$HhPD=G2qbmv z`s@nvE%HZPB4AnptmQa|M^YQ}fEE#SEinPx1u{@sFFry9C^uh~x9;mK*)-_iycr0T zN<_PeV%;5GX)sfh_vvU35^FfI`TnCaiPfmtnB7aSihAKzSe4}Dn5=pws&(8YVTGcnj6BW*?-XJ-xFTKl=RL2${o5-Y!AA+@ zR`}i7zHG+*$a7oE&B@}%V!MBm3jzcTdGf}#Gs43k-N*Fku|}q*z6?#9P=~p>UOqqG zU7YCfN=ZqTmzAlO-Ak#dJ)g5DT*UPOUxML{#+Y53(UpTL~Mb z0^2VZql-3uo{4(RSEc58S<6p9FSNR}m9E7cZJ>g{{LZQzZ+~6Yruuv0;y%)uxNLY2 z&8zv8a0;2aj4(;=WC>Z^_S-hQ60{L5J*BLmf_VJ_CB(P+5*jFSc8rzA7iv>Do?{>R zuEg&sUfkmvdP*LtQQG*DUoAtn4u?^ z<-3=AD)zkgDi17o0gKdGD@&`7ZkA{+jzmQfwVZMQ8MU7gmmf3){Dy{$gx2SRX6M;@ z7lWbJyjf*-Ff}i~LV9!Vv=Z-csLG%IMha&_uVAc->7NpXyd`UgoB8WV z9d&3LEnpAo?yB-ENn?i00 zuT9>=kGyj5EvXCc zF3+F2_B6CI?TP4J??D__{B69l7d%Y%Njvef`)n}>J*d1#-??TuSRv)=-$nK-UloPI z`dV^|$rx&9(-tfY_U9Ta&CSj6P$I5Z6}vUg=1AXHax`%QMm z0#1-JrgCoMcZ6%CFg4hsn4sBB93P1}VkZS0Lq|XKHY(N=O$L4C%MKB~SABB$n7QW) z%7#|b`47JbbrbMTOFoziCEV9A%c6k}b~eP(6mPDTJAVlNn^M5+;}-q zU}UGulAc4t!f`&jcJ?9eS}JpL&rU$mkQ*>||+(k*cKJObuK#t%CY$;rtb<4F`vXbuzO$I!m*g}-o$vF8mT zBjdxGOs5T|raM2qQ-fJ>z=rr+}|3w|L z*xlU~4+@^IwP7b^r`Y~MgFz;jsSs$NV+2%z1&pZSXV>L{rwBr*4%^camH^$p$D&hH-LEfcSRMC2FpD0=kzn@Lc)mQBJ6{)PHMSJ*ltOCEOro}kXLA>(-=T1io9ox0X~HV^K2jA&X?qWFSoK99c3UD76x_#1!GBb z#g?2%J>zNNjrLbzOpFt~wL_iRJ&P)?U%_k{1rZ)teaiS2u~@9#kMX9kStq8&H7K#gSQ?86_T^iUjk7RaL{vu_G}>H4@My#(r5Amh!if` zYY4E-frd!Y9oFGi2!~vr4r-_i16UYkR=%^8?9HokD@R5`t<2$+?t*8r_?W- zkL_N@UuTl`+_SrU*V?^6+2!JL$o%ydj=hdnE~GwE*3E5kXz=fQ;o#gk8=UCZPF28< z!0b=6H}qo^qh3==I6BrlTwQtj^+V3*$^<%c#)+XJZnsWj}G5eCnfEbYjJ!R$;ry< z%*qm^jKg(4|N3ng8~b$W=OKt_m!|w_>B6bk0WY$PjRg|E1HlxEm6a^_^Gv~?emV1% z0vWJ@({NwN#$Sk7vIHPyOSMDoo2|Y{dwbTYoB&c-@AO&kgn;KIaw@5bUugk`tV6~C z;B&dSz?WOy{D;lq;QYNB!G?i>0R^vk%+yW@j7>!o@E9uH+b zy=M2Lff72Fz-uG0YuVKCGCQGt-Y`!w#>V!`CKZ*Jugs1TK%9ZqBxvG6knJA)r9i8D zi|sFz*ZxxlIuF41wa&ZTYN2^7t?2?$DlE6VyWQiNtJ^U=JH}qj?S8RC^{dP2ocClj zP(T2pBncePw?#$~GyooDP*FvuGHGaOwSWN&1Qc~|;Su&$D!mWqtpNj=tVfufPAnX1 ziNp5x@$3&ZBe8G$Gw3UCj(!7wjm6s2zrf|!I+X(uLtT~wK7T1L24g;OsqB8^=bvu* zU*af#?v68lpaFhZ4}7-NrTBJ*sVa=V2G=9`#`iAl)o>*}5ad{!z#CSY^j1HFtK@WH<84g`Hro7>I& zFV1MkLOTK~St4@5DOz_#WMt$wNO%PAaAR(dlKtZ_AjT%9x?C>xIu9sggar9`%hgU7 z!EaBgQCy6Q|(@ujU(Z3CGAzWwzl#%*hUg^5(%M7dX)#?oKp4j zv#_%#e{}303JC%38RaWg@Q@J7Gy!)?05}&huO=qW1OLu0U#fG53rg8!$#{2wF!Mg_ z{M;FJKjYi~>-%J@+eV8T>hGsr8uAH95 zuI*Y)vF+M3V8MB&+|mP}DiXyuV3!)gRYaUv)Vl z;9|WNnX^~BKLgb{I@($jkHwH!soiAv{HWXJ?tZy1%wV##Bjb60rPpZu1w4xo6cis} zdQ3(xWc_G?^?4vF;_SM*re;`T0uJu)#K>4Wi<9PB`;(s^w34DC67tAXjM+qny^}SS zln#`MTA6w)-Mf9lMLkhr;h8=2cxWkdbfD%I(rS6U_1o$-duwRKVYNmx$q9k9?2H9| zGB8$`0OIqtRyPf0WwtK|j07my!alww){kaRU~eT$7i0)l-K^VVrOM#k-JU&-9jbly zr9cmT*6j$T{}i9;eLp*7W5Z7=O-pPKkj85Ue2T-w_}e2d>B~ey_e*3XNN0PKzkCul z5&AL+p5FcZ8O|>}l_}JYs`2LN6~uO}b$nU)G9asec{?0t@X~9o0Gzc{nu! z@+CkvI&cZ;?H75A&&(nqAg~wkavK`g(sDymv;WuCyIh;uAs+k32t}o}scHTFsS|ME z^TmzS5%OLb^mA-dW>KR3NP!(ve61&Ni; zTN4S$hD3xGAkcH9TAP`@0W%TL%_NEGDHfY$*r-)cNN2U^_d+?M0g*K_*!et~nc3M{ z;P2|U&QV`)#3$b0EAp0zWp;jERw=GepXrDKW!M<#XVc%oUG{yvy23x5Dtrs!YH8&2 zd?e@Lam(8+dVKVF0Rj){Wbooe@$Xu2kxLcfx=d|&8^Ad zoxM7A_EMgeX@MA#Lh)lvZiP7&7BaGozvwq;L~*DtOeDWo@)U5YcV;S;@7!~hTo{s* zwNR&nUE4lJM)lY~-Xy=|?oh=mDY3F*iZZ4P{AzgV+}s4BiHiNbzm3|~7DUj#f_m|p zdL-!8b+wSr)*Lv$o71&-AtJ}TswKpA=iJ!CBg8_G=-b9%uE>exv+wFA@&rdIoNs)_ z@aIto_-dQ{$u=CASU9GpHVC;Jy|<_<=dE>ywq^2G0O|=N7%ZzJ5v=+kn;uEXearQJ zb$S@jA~HK0P19g`a*+D{2NZ}dITbkbK&s{GYEya&H$Owf$hM+57rxdKyX7zMhwH2R zxl-(jOys`;HZ}$e%`#dCD(ZoBK>b;-yJ|G_6-HRNT69fQQ!}@<_3g>p!`=oAE9(W_ zj}LB_Co_4UXZ)b|&GJF4a;AWLO3(J!pCrlSK~|0k_AMCQr+`okDcz?>*ZrIAH&svA}qG67;aK zCG`qh7#oAoW>3RD>;;c=Mj@+PP9_dg_s+pV>JKMq1|q`#pUZZ-?e%{yXn){jV3)CY zE8(Xs-Kwg|!9hu9WNd|bvxnwKGBou0U;aQn!&1FPtS zaDIHyVPj_gqVo|xQfO{nS7lR2CB8^I!v9a>CdTAt`zJg+JdN2sUL2Tcmd>F#y93$W zOa0LImJx9z4nPyV4S6F<}^pmDO=#nfkkTXuveofhbB~+EO|y zgUE`*eLJNNkiOhqti@6D3dMi=v#)6PhC?}+DAL4ExMg}h0k3Kd z0@v>T`N%H)kU%F?qm##1Xa?B|F=zuQ#17WKyoPJ_u3(`-kx^*dF$rAsM@MUGXMt#9 zEQvkUoG|7Ed{I+9Z-yRYO+#hAgXsxV0SB>AibBB_Tu9)tVUIx293?fMABk(WpxI?B*)>B2^lt!~vaqpDZ`$>K?6wC*_IED~ zss{796kitb+8xY2&bhpL1WLg~5S;7)2*)IT`MbPNts!b|X$j*aK^~jn8!)kp9U>wo zW^7V|^bS<5;0MsiVhpmuox^H=bab(Qe(<*|n9queih{CSz`;%+YJ!;WE7v!8wNx!o z!+`0w1^p*Y1wt#Q;DJBDgtfW3u1=;d`Sa0ns-?MkeB%7kElPE|3)1Tzm&X7n@0WkR zCTJPC-#ot2CXSgt+(+D;5#Er$HyF5PXmPR8yWXXR?5z~)ncGc*XbeRqCGe${m05?7 z8gFC!PnP||S2*hDRNKWORH8wL?D=w{^Wy9O8ilC)&wiP9d+P~DAIIDCTRw<>39EHp z-PFQDesc0cA0oD-lq3LN`1sr~_7%xWa@lzsTl;4f%co`O@$gcDdM8i|x`z5*L2R_! zJ{7EU>1t~uL0*wgwKUi|Iy%%gEjGKkDG&5qmHvp3k;Z1w+FzaN=^D}y7hi3(Fcqrry-4ijALvf;mY?sIHe1TPE3)c1fRd_<-VE4B6(fOwrcqzr1L4s zoP~npo(NJ)o7olf`3{N_JrcFp|3^eQVd~gF(|z{pq9VAGNM}x4?TL{QGH*{{e5{}l zCDzc<(D; z5wGg;>bjr6Oy>uqZkDbnTZdb3K|LDHb-sdqEvBExT5?M8O%q21lxJCTvexXC|0q_J`^|C`ko$DzU7M*)B+E5EPF`40X2SiOrKz>r(b ze$|6I1s6A!oQlHh{&H%-7P`)S7mH!3xt_Pt*2P9vcE)rpL?^)Jgr9-Fe9HwfEC<^6 zx#ywUbY}--3CF*iNcZV8{B{@4@1g&a7;)Iraz)KR*XDS*Q~HC^+73^(~1od$pIM} zfMW-U3bHbHz~&k`>f_U(+`oFo>g>~pA4_$qT6K4!#||+Y*#~%d931taGH)A*a{=K{Sr7hzymeh z{{B8ykMQ;BLbd&2#rqyHFEFoPZ`ZM6kOfD@1r~j>z^?asSQ7Wc`ZIsF5ES?$kX!U% zbXIfcXbSD5pwRbX_RMi=?7DZX#hF9e1HeG*#d>^Z3pNO-aIdaLcKsi&;}a57wA4Rn zHv3Kdnwy{B-h33F{NOnU^LTv4Iz*hF}S#>UHK#kde89JZvMZ81@?GM%3( zeTLjzJPf+c+RuuI=kj>yu|7C|3Zc>CosU69?|(U7*%&>tJ)XqQyB_c|ygdTw ziImbQ9=;A0`MX6^fDpM>XVjA3)<(VNPg@1i2PY%=HrmW~Bb^D2<3AZpW_4+!aFVik zjOmqX&?m;lUDTM+4RX{h9APnN7UUN$EG{Z6kzSdpWYIs=_UB}0e}N-u%E{qVK>NRm z<{NM%TnIiJ5;6p*>s*1DJ%7itI(_&1gDY9qewR;1ojQV z%gsqSp*zawkw_uy)pO%c+Jidwk0~PaDTYPO!BPh)NhK7jN|F&NYCrB$7IoAud4Uld zAX9qWwEOo{QpOvfe<^;la-H*$+iW=){$A`F_HKDLXz;NgqtxubxByDU{K~{y4EF+z zjJBU{0B#Jg;vBcRb(2n$Rh z79WW)VmW>xC!*K*{d)<7%7jk*s;jE)wR64W`M(E2LOqr*1*qt8qs zsaCCpiJ^t&3p>^Bn|B?S$d$oUj=ST<#l=o8ju;Pu`DYb_7!mQ7^&3u%$jD>fC@Sz} zw2WMz_G0|y=Wd8-PmH45KHzl0dE;!l`uQIAy~kSwBtA*pH1ZWbhoU}Isk)bwl_h|A z((BfL%Gs&=s*Ofe;9#Jz@tGVsHlZ)tp^!wOqSmXYL=}eYDV_b({5L;WQL9IulOsAB z8sLI_=>r8bG*+VcM~CJIUSCTI%~ub4yp$KNt=dn?;WrQz>Q6BQCd1BSr50iG_P%{Z zkLk2kc`|6EIEpIzDtctF+2PXXdfRna>MGHw>IhEh-C>eeOCDpdRFR#+6|o3Qi%6;m z1e(-v`mbn}a}i20{CTBD&~0 zd&O_pha1=I(NqCIm?JPK*Z%r@(C`H3?~t)iwD#K(q_O!yP-Dz0qqW5nn!X;KC1J;O z*lrck;K9Ly?p5Z>qWn==@{In}CQJGZj8>Rzi6KbHO(NjjeBr9?yg!?rDDB8l)0#prYH56JpM%$arj{pOv;?`)-X2$m~-8(j(7QO_|6VX~uE>yLRPG|lCu3cWunXA|Q45hW-Ei(S$Wg}SJ? zMC9kVs-s5kn!c@X><)hAC z3CFJ^viRf0EWE3gQ#YMuT8s{R-Mz^DDnH0bezm!D*t#M1J$#XqAS$dlS}|eNAJ@K* zLa*y0Bnd`}LEu|OL9@K>XIKLWDek2t4YK@~*3y*o9#JCDH1m@kroKaq5U0=J^`jdz zdr|sUb(F#z0DGIs<@USWtddeD6)hD0?5#aPChrBdg)CO;6B(^KKU~f-Jnl554Ex~Q z+0P51l$ES~n0d4(1=9`4=q@I(Tfp5h`-{(`GIZ(7`g<#mhx5LRALHrl4YdTE zU&7kTJ=^664S)Wi*9#PCQhx<;a*80<(XihWlAxuHprq~4X2ve?s1v!Z7*t0Ruz<=` zG+*CE0wB~R8v>ZC#&)dst>iYeh@Vbmek24n!=E+pV{W^Efj^)F2ny<_|9}sXUl@=b zsVNSSK17WdRg^BDol#>GWK9v2!08g5)73lrk8}CR!=G<0zS+Vl-K8luF7msmp>!LXw9)z1=f(^20$Y(U%l|D z-I;W`6#4e!@W;h5b6(p9OPlEqI9S87f;_Yzr2nf6^7gG}q@P0jMy`50;9?kgd zvBlj_wSF6OjQp0%nLd74#1Uxzh{vkVp@H0L_-;!P% zQgOb9;AD|dNW-Y+GI59`y`G-)eUCG!>mMlZCmkZ%6H8lVd<7qA)EkhrnSl8KHNXrT zgRz(0Kb#{L=UA6SnzxGP&=>og#Q5mxxxNMG3oVZy5X(SKyk$oKv7;7-WLps4^|1)@ z8OPL`bZ?6e=}Cx;KPZP2G!n=KX* zEM`55WkJ;IHqgn1?4^%9@b9Mb?Ba#^oM-)*U}-aO&kCDAWzor~hwxW8?aA%8(?Nz= z#h%=Rv~^>2XFlP}w$g!>j|Yue#UdDDyS+6M`S%<+Wu{m63{RFT_Q5wa$1Y{G}WyiR7Q<5-Zw_c^^8}02n00xv61fJCrdT3MwXFE3Y78BAtp% zn(8YnrY1hZb0&YdB6GRc%~yhT!_nnyE9M7NNr~(bO(4bGv>%J-@%)&!h{)fC;quqT zHZ4njvmz?2+Wkz?@>mj%qKmgW`=ebTZIH1wUe_8eC<5hV{-CNO2frr0!b3sU)=~Hx z`UN24*`89A3OOU<@6ZmsT{{fe-^Nvt zI_1;<#N-{u1Rv=f{-ce*TULz9zrPUsfUK!MH477AgQJRicThsK%r}=q>ZG!27xsCZ zM@Qwdlg$So6v4u|(s)Ik7UsDho!;sb_E56d7O>;=a&EtegTWhWZXgynS*JTM5~_Y9 z-6V(qbop=fQ%jKjRuOqy&7Kp3;wxEMPkK@sG^yrPB)m;ri5X1b2X&0~??k+_r(W<6 z+>}@4L{t|oB9erq55Qr-gr$iRp^)N5?;jZ!W~3#61tx*FjFO=v6hw6jUB~*0EBZCR zjA&??(T0;sBxXOT91)kzQ?mDBe|sd2p-e8{i68KW4jTZhOZgf@cts``>P6{hnr4=IN@ug>Le016@TSf1U8-dknbz{2f>k3_|Lr@`2TD4U~eg zL*2bpC6PVU&H4`*ZNblU?j*Z6>frwiA#3VQ2OzMnOhqpEzr*G;&3QVIm#D;3T%H2; z5yrmM-n3|UZu9~2TP5XuRayjsp&?R@$OKbxEZ`@Qe4u!v-dJNU6%_HM+0r+%{3XX@ zPs|_y?j9Xxl4P|T^GhxofB>d&}1lm@%+zeoS2sD38OpG6$ z!%ZiuG;D0nNd9@gL4uQ3D=Kmm$dB?3;Vxfk^>W%)o{H*y2{gChMPpS}j|E&EoKAjZ z(9mF5d}BaLS`=1R{tZyQo&FV; zHcJfGZkQ1z!dK=Vo0^Iq?+m0FCxzhPlej%EtV>s#;~wh=?4oDEgyqExSxET%_wOK% zd*J%SfwpkpKjc^&aNJCfi{6q5x#JyeH5*Lpf|1wE_?pFP!>zsYyS$HeQ&m6sYAjHZ zk$y#qoJr}lI$Esx2w@G$gbk)$ym424{Zyr@wub$jcc$ZoEX4ZX{*$Kor}y&W@*a)Q zecP}LpbQp=hruAhG6N_9b{@*hK5oD`#AOi9D*I|JX!X~Y>c%v(WEJ4u<;_n}R=$-GW` zi(cOT*(%y}nPP$f6T;Y~@14qx2r+)zlOteQy%YVMe-rb6n7Sc;JR%B&fKE`-xdDGm zLhT8nCK~LIWddcBC7ZL6@%!{BUarY0lIse3G11d+oH_Jkfib%U5z#ux9|DK1LTd95 z{kd^bMATQPxlgRxMOr`}#+g|B3llC#55uA8Cm~8ctyClCYIfr9v)m9p4rGG~yvWQn z6QTb@n8FcJUhD@cVx~ypbiJ+nw$+|Nw>@r+CE?9a9EZg4qfdwoO@dZG#2OAe^?J;( zoWJ*maH;Y@-&_Vb8+M5Lu)HD=a3nn21H(0PQ6JrAXEdaVruxj>IP|qm=gafk5K0tJ z-MT6V0yXm7=kZQpZ_Z;&j#q$|1gI$@Fukeo-eF;5YpQGBhNl`@e0>3pMnwU2rf#cy zzhObGjRn_?6@TLJM-0Q;b$>8T1NG{E@k#f!rJoby!xCBgYYGq>b)qvsF?P}3H_-seZ)f8lc;dyc=EssduAUgFm zmNWU&c<1`M!56pt@2wA`b6Ha9RywVBS4V|$wGn@Ie!A|m!h%FGLOkbn7hB+k7alGv z__bF!@POQi6vDrH~aFyKefIKR>zB^&PWza0GEI{f{TkwAUd%#20^I)pRnR100c8IFxn8x1w{bZ_4Z1;@iBrZEF$#H z?m+~BkUqfT$s=jFSwOc44Eh2jlF1tqs`SjvxNO$np-4+ZK@k!6cHQU6jaNXe&dzik z+0yc~;(-_xU}$7ClJs7Hni>&8K-)!x2)Hb2YOTCambmtTq26tYO~?O zPwYcF5Imz86TrgusTlTBQ?guzShyJN9vMglpAwbPD7ZDZ66t)%utUUK&Lh#kj{pAF zP5I3m$amyhlyRtaKg6uwV`@DWzRY*-RPo@WP+6x{6%&cxkZCK_{FP7|AMdi%c`x_o zbpjs`(R`~@+b{i+BR;4tbTi9KwFCnX&pGVvVvfZ&4*RY?+2ls5u3qg{+xbj6p#svrzE7<-N2YNl z%fSI<0yF zW*0R@Cy1~vrp5ptXynRaCB1I7aj;nm!p|3B2Atc+uvwx|8v0YS7Jmr)1e6GZO&I z0GRUHe{p*H^av7g&7*~Phq1fZUd*ambn5F{}4M<6#V%W!1q zEx@`~zIrq^HtuX~6Z4j>4lgGcXJ08gmekxYT6R zti~L{D?2-ok^YiF#hSEQz8W5sbPpyy=bvz2%SLi+dKLJ5a+g+Oxd=P7asrn*4opaf zpy!)sje7T;?JzBiBN5R+%)NH%hfBCSF9wa0fHcUYkh26VjhCose_E~cePWrD1d`(; z%RT?qfT046ccnB6xi;|OaJs<@?ItIu^LV&<0xLNx_fg8dAV0m{d`lO6l~7uGe!Xk= z1a7}1xcg z>&*R6%nSp~EzD=CNMwmi$Gv%?2GS%DE)fwHTvJ^sMC9=LTiQQdCRHV+7Z6~w0Dp@V z9&8T%39S9<=R}U)vA&xLe>*_rA@1t=^F{rkMGtdtm^{?wZc~zr%c+BF8xZ}4IA^-L zrdsMnH8kEr_TZpCtUH7BzJC)KajPmXFE3qnhOF&vLxNkJz)!Z+zkrHXn__r}YmKH; z0l>~xTlP-r{GUIR)}0^i{TtA_)OAA1iZb36(Yh6wC zM@8kxQvS3*n(>I9#jAkz>r_lDm2*yH@y_c*>hR$eMFkH0noS<}oco5G(fN}>(hUv= z$KvJkE44@lW@fz;hVSuSbznh2Zl2Z#MXZ3;`6Oh(oaLXrWmRdU(`4=G?BA&v%sw}7 zeXA_?{b~I2e`Ad_1!M*w*R?f0T3|YEf0S&MnKdkj(uCi+KAv}blZh%|QDS8`G`Jqr zlz?x)tIQN9{}+Af2C)D;TP^8Sj5-2m;^%-X9Ha~JTM%9TNgBAi+dK1r(1roDBuvQA zFl#oAFa^zHwOD_kQI*8;>T*%1SNOxNIz-CZ-qsuC1yFal1M7IH~>E zLlr!l0#N@JiBX-++=Ydh!J0X9$4aB^EE@p5InaB({p{P)Xd!#yL z|7RES$lcq2JDq_Mr0X2ef0#PZ5&;yLxqI-WF|z!<3t(5hhd|(M;-7@8^W8W2gntqf z3yX^%ch??^iWnjUJs^OiAp&0OB_U_DW=0KX+(SK3yp!U-#i46#&_sDBDH#k9{bW8T zG9>`7f0mJ1Utj!yC>#ZWfSGxarANFhRz*AMzR7z6vCG=O(fdE$cMik3vX6aS|Q$IJ8 z99-m<8w-}}(cfKNVbfVa91Qc9`h)}}ZEev4_}dNgkPI;ozuOOhY6jS;Q*tiuDN}`i zWQ;(ey6CWbbG;vPW)lIFzJZ#(MIw618SRXfVZC|(N=wB&zX31 zbg;9vaepD%kwUZxoKosd=2P8UN3djb^%1p+9jMw!BH{E-G;0H<$HiITwz5DXNpU;>nF0m)Pk5E zxyNkxk+|LsVECDce58YN!|$n+GS<^mb1XK!TGh((I=ZvVzxLD zya<5fa<>t9t=r;Gr4)oM4$d-8&iC3)4|3Nj&4kHGF1#Fe;-?OS($vy2a=59YVhUB_ zgEOGQ%F4-syzN49AnVHkN>-2>4Ul&OHO!4#A2hZ&97a%3U4vKx*6g}Ebr~Obz!?J+ zpQ-50taooFsTO#74K&Hl<|kQ;807vKo12sG(Y!7sTU*7vr@32c1 z2K^Hyvzn3;!O_;^(V`mgd+HKwu-kETb>&SQcC@wzS@hW}*NEuHwU!4`viJjUOF?>+ z%l*}7F?BpZ=3Z##i=3-a83bori~Ft55Y@cGZ;PxI|5(N^EpBQrP?Y7Xr1Z+Rhlzl6 zwe|Xma?thu>S(r9S6f@#W((d#UJ5UicQ#%2nBKPaEW#2I%-B%dMmO7GA*! z0nKh4)9YZIp~T7I;pO)B_Z%EsfXUy?e+PN{W-2wJ5dlXKTpTQ5h4sxaN0;Aeq-)B4 z#_C^QENC}jNa?^3u|K)MyEb_ekdSyWy_-Prt!j-=$?Qv9UH{WW!xwdk?{5WzIr?kVbed1-4m5B;pAe)HP>;UiCd-6@Ap zMqWb0o$vki0zQ7r;0W;+*TC@d#z4&AU>qaSmXM~J8W)I-66>%L67n*J!RhN^XXgM% zi3gzM1HNXxn=>5^%}v<3kh7jp)X45sy&Y)K47(JxwU^sVM8)cb6-*qz!*c{D(bCY+ zcoMv0E)%kzy?C%ag$ zmiXQ~4Gs=&G+v<{&ci!M;37oT+aC2$AYK#kl%b0#D6#$X${7VVmmYs+d(lbI4wr`w z`cbW|lX#rke|qKo#iSNHTojr#K3c8(*OsDfdyWjg57(>XN+(dufT*v`kBEe!p@KFH zvXYW6zoJ5GBXmE<#J@bV0nM*~4Zn`KIOw35Iwfu}4$jW*mnzjx5U-Cx^Yh*G``+FG z%874M(o#Y70YwLp?nDH|5gPt~EwQ| zE2l=aqc1QZnDVGF=j7wRIQ>Oti8eCwEj#<$w=FqEVrs%rHV&>6S>ze|CEyw6n9bLqbAuaAM77 ziYlurI#`CLrtG&0I205x6FDs*2=p$~2b@#Q1b)x2w)X%0{3-MN0}WV1*%7h_(F_}u z&sfgk5xc%)q~l95nz3QAlAK7nM{oF)c+PXdkChfDga#b3n5;X}JMYdycJ??z^> z>DT$E1HtqM#=q7Wc<(#7=;`fx!!5SAanL9!Z9|YPQ&L_bP|%)j#KoWN)VJP{0=Ol1lr9|Kb5 zW}80$ZVuUppZbL9XH9<7#b5FjM6t<7R6emp-$q6E4#qKr{0#XzpvH_z&&*81VSBUr z{1}F4nU`n~^nlUrpwL*C^{^aH+{T&IJAMQudn?1X1U^mw)NUf8LtOChXpM zJ$}ZvC7Mcb0>63N=Ugw?IO(R|-?>cQhAI913p%UipS923y**8yj|FvkpF~9~?Qrk) zS17QYGfZK;#rW0pPG3oL+#?=TuAb&H6GpFYn99GIPBBMQG^@;ymjAkf*l#cVmsT=3 zW1k3zf13s!2fo`%uF|cH=7&nF$oftL7pB?IHu7PMNAe%jeIlCj4(&z+6a{rh7;7)# za0&z_$>CHt!Zu)0@<((iZ?nb1JV@S+!RQ;qpUf5ATPRx5`?WXV(Ebn?Ia{1Oggv-^ zIZ4W7fXc$N+G?dN%82i9vx`%gn2Ym}E zwF`1i=lN9J(BQJs(2EgwcvuwR5b<}SJJge+3HS++s|ty;Gm&4q9`0vXRM?(p1&88J zx0Exd2&M8~p6I6>V@h<=)6-M?!!c`CrHu<%aEB>|WiY06ep({{2NjJcWwD~(=Tz1` z;CS3x(GB=8EpBnxthc3S?PRS*Fx1D#=Yy8!D!CJ9;^X7uEP@*K2`Gtuse;xsGG_Po z-cZR_oXlwZ909#JI>|osR6$uyxd0(?zB*TOBwXZFcw1zPCt!bpE95d32n4_wGk-D= z!ID6%-Vu#+1+~YJ6`kZ|RAgkkkf7I7QB@WDJHrak&rm2u`dZigDzVJ#$po+wu`(v3 zVNp8O>|uVX>WWF3j!_2oBa{*7H^2jV5Yet?HW@gL3(3bCWL*b>!J3o!aSpfpo%9Bo z(NnsD1rFmc+d3)I!~nngd(1VE9RcIbF$iL~!nE(_QE+=DBm~^fowck#&9y(CR8#;f zVHW-M=#$kJqR>#+g!8)J+VdsJ^L1$$jEokL^V3Ctk3(VY$-Eao)75eE7uE?@0oTi` zw;cG-N`mxk6y%3}i?z>^(vnUGI%fQqylSAbAX=ze{^ z@{}SFJo~KG9=!)Y(sgGA1qCoj?nfulBMg`1n;eJPIGyS?WYWF69?I_mZ*2Xx07h6x zgzUlu3u+o15d@~{2Woo^JoQ&cd_U3f0*yz)L%8qO=O@3j83W=i+tIgzkdT6%(>3Qh zm!@$FMD%w;O`~hpG7IqtKM7W6#*mg8E)L_G5 z)S2jSA<)_W`_%lb!%gDWBy0NVL7SP5j@Q=uxfAi4hftPJsnYxG2e1x<+SaVs4KkQ@ z8=~V93v)|_c=gP4N0R%eK}p+U^Vo3I=txjyasQ6;+g3$3Vz^(=NAcw*8|{xDbHE_- zYfpGgWaLW$_Zxdfa%d=(3m4*bJgjo>mI7_M+uOI8k+D~=MKH|F632m@Eb))EK+w-x zD|BN1)9qoi@89=;+$Ms6q|cC5Ns*XYx8~xLiL<-b;dG%IX#9ci`Uk4dMl5*K%i&=> zUQb&3`stpDoGU97u9y2^UkdZ`fNw_)eF-K~@* z2ADzyjh`%yQlyZ|WBkAgl%Zh~3>*4T-FJ!2)7Pycu5z@y<_q)22h@!3H5eXlcH~m8 zj^>W{kJEDtb4$`;ATu>a6(uF~S1Io(8HwJ!ZE<)!(nNQM7DP(g55Y$sjB z<@c@|U}0e|3p5W54g#%qNn!5wXjObnObkdLbiHPB3rY;E2pNd%tE#%&!8{HWzv?_%K82KdS!T2ZPzcD3`$$=frMgW z;xS#=hs?S@eSaIj8+6K1sCu~K^s8MjIxcQB{{3gb>OFsc${9E5M<-^`VR8C*m27Id z?>7&W5Qi(}7Jd<_G1Zr~R;wMN=!1j(5vP|gylbByYpqwzLAM}Rx(4W4_KNERThgH1 z`ng(OR5TPb82ie`$?2NV@vP%^nXl&HfB*~x|9iQlyV{bJmCe?t^vSnCZKTa@HByu8 zHZ?VUc3);Y|N948xFvCl)B~Z~7cL9u=!Y@4tcd*h?q2j0<|Mww`cQ$Crue@j$&2~< z%;0fiV_|^~4;(QqDxCt(^FR`i+taK z>-N{LIMQg4qLMDdAED8n9><;`4G`d`tT+LbkX)8a<|c+>c;H!ph|BaA&qN-(9Tip8 zl{y;%diu$U31m@kFz^BQvs>-4-OjL_+bt^{T}45G>C7PyRAzaUaCpe@JpL8TomQT% zSGPYCWM^eHIGw-%q^8L0=JZEIL}|T$H^8PxQv|+Rt;V=h8;>Lr;S$)bb=*=)$I{Z! zf!o+t`>Uej`iej!BC0L&t5={iyL8r#;Y!@wE+%-w;cIfklw~Z%*pCEf~w-H-8vVv z1Fkk05e#~>#3|fSfNbm>?_KU~1p4?qJbzBMwD=mTkJqveEDNOR%^-kLcX)^cpXJ_- zuXpIycqHtYwKFqg)+lE%pfoS<51UtH#_!hwHmq!{Bgs6~ z_FMQU()4g5AZr+(02`d;BAMf-9Y{WZs@SsG@WAxS&lg!jQp2S`M8%$$NCX2Rxy63m zrz$R=h|fWm*9A7_gYj@OGbJTF1Y|Ry>DQ&!Qdi1%99< z9{25{0k4e}ig?i#BqjT|85i-(%nuAdIINx$7?>F+#z%tRE2d{{y&sC3W3+8~ObqFL zHKPyVC|z3#mz8zC1(42iqus3A4HBvfhk$?wG&VcS#Z}uTP0Zu2E-LzU{v5lGv%2<# z*Hf!)Jaa8Hj)Ahs!}(bd^u1ucIXWJ}q=7tTVa>7=-nnV`R%*v1ug&cgAty(JzO2Kd zqQzRPBO&WgN=k2_qN1YEkWgUM1Qz2NE5{|+cS<=A=%cc8EgpenqRVx6rNzZz^!yZG zzXH~NNhRpkKskDUvB&42=}?dXp4`h;GE{4=V9C!T1nC@-mUN!oVkld}A|fK=SXJCV zC`~S9n$;H*^LEbgtB^eot;ONs?p#a82ANq)x zbh2|*l$Gs|R(!b)Obm;%iysfaBa@YxA1?e;RnAj*xsSgOjpg*vX6NU_L-j(Qz}aHT zEnZ4$z@E3cAp^`P9{T!WynFl6ff4Z`S4XIpI=FNA1%WC?tHF7#{n4$)@d%hR-2H9$ z04jcnhMr#9HrYzXlM}|z;6M*tLfAY(;6)-~QvrkEma;QXfv+!Ts{_l^r#SvivVZh~Dg=j6wqKX!T@w zbE>CJ7|Tp^VIeEET9H^_{mXw9tboAqpc!`w@C{W}ooO+fEmSM9<|bTED@jTD{d;1i z+3mqyV&3U!;4)`#e-Be=ac&N@&Ae=E8{?T0cmeRA@#L6-jdMLuPhp^o10iAgorBA} ztY&u&Ev==9)k+h7=MA43a|JZ2{~Eg(9O^P_{8s;hG}7nwdNxqJc-@}o7gb?F+=Nes ziI{Nh+<4H~-bFV3EMY|Ge61Uz59td+gxkA_HSGXJWo5W`)qa_IdCKzgq*A@k%&0=- zd2W{p>w1I`4HIomP5C7{o-|WhR+iWkw_aLjsIlB^u}-j8RaFJrs{|w{o01axd;Gpg zqIAXZhqNlTAuzXe`=Y32Zt<0X#ghM*?J*r~aMjP|vNGY19|I&O+NXQqU)4`b?_omY zvH5Y)SO7{~^LPQ*PESiu`@*}Ig_$bKVf!LKt1Ajf9@@#sfDvlOMSVk{HXW0avz`#a8JHB8CHqXQErki2@^v#csbhn1qf0vU9g+!KR@s;ZC?2-^c?KB#~;V;Ej{RUQRfU0xuK zv&>TGI0D|zh()6a2F>^4ViC|XjuvVpqeH;+R(gt8RZy@2@$qA#_c1Xl0j|!rG3{|R zSTiw7@bI^Qs?-rC&9XpUN=r$(wZ2aNCd%=H>0@8Nr00zuu$*U4C~9hgO@Fb8jU|s& ze5dhkqJ+qY6bbRg_y-wUT6$buT!O?Zik0I1z72A%eDI@*!%VcaWQKt>7_w=1_c>Ww zTFQnKBUL$U4hD66^>y6!b)Xam2iEmDrE~{*=DXKrkQY}StjX5aPJdtD--Caq!VdQK zfKZ?f-u2#jwuhS|ePP}!lH*}B7NGEirlvWfRg|TqrK=t6ook=^>Df1BXUa*b(IJ=m zdelNDKdKm2hk+Nc$_pZ3*~N+-psQIdGWrP(rLFEshq9zZn5{ zi3Dy%4UK*k0g4R^z=QJiOlb(n;ivtc29C7sm`l)B3=Rw+Au0kSs5xw*+A1|B{%pIt z>?8bm`d4bG4g~4hZ0?Mvb`)Cw+TVRCb}I9#)7I7&?xI-K$SB~HV4|n3&0%*81PuV4 zufp9BisrS2A!~eWtSYz~D73UdK?MA#|HGIhI~R0$-|`N3Ppio3rV`2&78v)UMb+90<^Wtd?BVh4h+jZ%^^8F?!&gHIND zx`MpCJbMBa;9d3orP!5D?X-(U`rf_e(iyj_(`f%*h&gW9=$c?xxaOy^wbJYuoOkHX zh`Q#Yr*o>uz0uK}D7%Ph;lkcIoq)y3$dTxhKvk8)giem9^Ye(;koro=K>r{*$(kMe z1&eQc*}>R*W-cy4PN^>vy&$puH_mM`89%dQssV9!AA9gL0zBHD z5|6$t+5tMcr>{Ls2|~vG9WKWyIt(}m^HJ10BPlCo-x6Cq2~rmQ8&M!Apw30B+1=$b zB%9*#0bDw4Y^<;4sBUiVP;E;rlrey%0APsm0N0D}--9D<8jFT%&&uBua9U1GQ>v2c zLwE>C%BxJmEb=OoCdQ_*7$l(ZV4$XUdRm$XlF_rdZD5J8z2+O0$=qCq9^UJ0iOCC*d`!}rJj8D24 z?+162k1Ubyr_*HmHy-6xOSB(EOiaGlySV`HVjB=Ue6_T0WB10&EC2mX2TzXIjVfQs z_0qNap_Hz-!&v9XL$o#5(ppKjCaf+Y;@|eq|X+6?8az&_M8=FSj!$ z|BVy>apa{d+V#lD$U>{J8XsHbQ#P96k8Tt&r>!^A?iw%K?F%}uV6`Ah2G!J6sX{6@ z^_y_BgWVzBs=A8b+WjR%BSSy=@o`9S-w?9aC+F{lOdo)53pk!2L%^8YOD;LwD)PVtv!=uZU3VPfhE!FrJz6#Knp|U#)7+y;cB=775r;EM4LttG!s=YlN^!y$M z@VwL;O(~OQYs)JMaJfag(Eeo<7awhGBt}R7Nr~m08YY6kYEmuLAb5*eZqw-sl~q-N zk+g4$XEGmf(G=866E!!t_w;ND4x_iUB!AE^tWx?k%@GPdL#@!j{R;kXw zKN1UsFy24V(9ptBTNuZJEPQ_pThBSt3F5%RcbCG_G8EI$6}MqvwR2DZD0`1qt{ENV zhK3~Jtohx~Y|Cc3!%wdWZ4{NTWL~lYF%)S-_9A_SS*#*j(JQcQAXd1iGI-@=n+a@EjO%uiTu}O6dTo!U?yhnXj#>&E|Pw-N~i?%C6MpHIWhesUX zQKt>WH=}tcDUGEryZ|&GXDwT#He2I*z9=}1VWDAyI0R8~abPTBXk^)<|4+3!K}8j{ z@_CT>SI~ZlnGnUNjKIqVIs%#Mcd(Fqcf8-L8n~_ooR^^;Gtb!~<9han3Pc*T0{8_K zzPsaDQ&|d>d#2*uVh3KsQap1`oI3=G|B}PD%6L`_%1+EjcBDoY&r`9ZA2KkaV!6eU z>e@aO21+Wl(0@6{O1I`i{X>q$z1&y&-3C)xVN)9Fm<jI6G8k)-U3#pZ~KKdq5lN z_SIhwQ%Xzy)0k%U=QCc?nvY__>LZsuotPLTgHIYMU5gnvmvd!V#eXI~vMa0MOvl7b zWOA&v+(g7A)qWFNjaF+e{@cWOe_Nx)%4b2F5N?!8ZtkIvpWqLU)H~;TlF%@mX5{zg z?BZS}T6bJ}(W79Fh;Oz3Z9kNUE%!F;G$j0|caMvirq8{fdnZLl=dv~;S2f$l?LXs{ z&cLJj=Fo$iqs7{%+nrJ{GvDZi_Y3r2C&TVLT`6gFI;lf*?CI127|zYz&!Dh;kFAju z9wK)A2W#fh&CS67CU)gcC&bSREuJkDz{Q%(@f}E-}v>w6A~YiVK@$qW)7s$B5t448WPPs@CdvC(tg{C@ko|+sT#X z%97^z-Ut>Z4zKtpGB`L9&xacYMa2%jqL71PS_T^RN?R8&-{bj*`#RqZe9&XNj)9#lb2l169 z>L4?R#+6a=U2vFUhEY>H@?-vhM-hIVw%Z6FjPHJ( zC*|30aQVD+R!*bIt%ziA*ngq=>o}8iajGQ0CzHw-O(`2yDf_YOugLrRRrjkcpMl@0 z(G#XdLD`>@8af%6J|TI0cp$Z*L02{N;eR+SC`9;`nu^ZRUq9XD-k zSrIqz2x|Wk5b2H8FzRgWZvmS;>+Ov|bWrl4`6dO{x%_=G@f+Um^Flm69zJnIX#ee# z$Heo~-gK@NsLwyR9|F`0`TQRTJG($r6R05Msyv?#_mqOEL6=cnWDZLmKtpd=m;{<} zKN6nk*gGFtV{YC?ES$}q&CMb0GCb&G7~VGfoWszZaMNbz{WWKicC}Hb(bp&thpMHF z<+wSPxfuvt1-i15pXY2W7V%+)WemjzHYD1ks7RJ-x%lWSpP@itiM7<=^7SAGHL>={ z{Hq=Wfj6fwfkr9h?rp;jYMb7lL;wW90R8evdEFmCcHi0B+TY&`!zU7c)en{FjU-)M zutTTUX9y4%`e^wEHE2I?=Kg@xqpj^Hc_pP2p)vhAYb#n>S}2Gg|LI2IJd5^uvDVm0 z)u;zT?3Gk{A}H;oXqj>vQP~)>%4eS&rhO*Edf}e%cFx? zfkwxi7U%Sgf_;vq#qoSzOXK~}9h>*>OD86QHS1BM1A!13(r6qZCNX$+lks-jhx6qW z9G3t`+&^8TK$xB)2gfY%R!A)=VLG8tNJ*ihpiqj!t!M}Y?Ei@0QRyXk9V`rMH|3ML za^OA3C&W9D`4bEe4-*}o;J#+e=$Ixo1D#SR<-CtDD%KcRoK}jskyXz$YUlLVUcu7J{trXNvp! zGD(CyyC_0k-6DR)#v*vfv*l=fS*)^JUHjYq2>!`@vF51jKh{12*n-q@Xzfu6jdk2G zZQH|N7#SJUG_ay>kQ{;(*{PAdo11>-hL{V9&*QKm&e0fR>=u(wei6xe-D!zi@jPt2 zN@EzOBz1tE8S}CTjIl2ZV-NQC9<3H$Ieyz}UaVbd9pvPwr2zwG7ULYyOr2)Yvg2Z&CxQo)dW;O zV2(S8Gm^`;+a8rurfv(|yqfF|0<;6eGqh%t;wSALE983iErDSShWNr^m-n{HB)oQ4+oTP$4 zk4!4dsNK{DvWS=M=KTNdI9jgeSdH~8Es^isUxOFr4< zWMzwG*4aEh-s3T!1GLy0tJQ^`w6OYm_}S#0!V-v-np#3!-2anO5Ir5LLl}6#0|Qd{ zVIS-6*A2dQban!oO=WHE^WB!Ty**Yb$J@8@j9+Sw<{SCI!*%(G19<}lc76Tr0QTU~ z;X(x7``2Kuxsb?ZWi*_0yw2+Ecm0Vo(PQ1PV_h7j#(X*4X`?d`J(08I8vnSsboJwZ z#>Awq zqT(F5q|{g}`ef`z(|Q47vi=v0FWMZ#bo3%&Hlz4T6k3BH#PKiXvt9D~_WNosT-pN2 zLP;O7zunUh#M+ic3DITP(Fv;Af=s`&FJl96GdmF^C@9EO&uq&BJqQr5(@_A4P+~NV zztrbM4mBw$WT?8TrhjCB+l}}8#oWtfw~PI`d=y`i7Z5-?Xd{ThY6!(p2ea$KSt~{P zJe~h$BS&kGZX3QI0HYEUuDrb3!PW-eJ5{I3>PaSu;N2WK~PAtA`%>$X2x zidX9H79UhAotznm@eWUJG&Fjk9?-L;JM#kw!BG7_8{Np5u+OSS+k07E;OK{hU0iPK z+VmE$j&2c5KK&nDF+EjXQw}6e+%e9!T6*%Drlz3qBeOidu_*}wdilDjp|P<~pS6iZ zeo=$MMM&z&ZU4ga1p=%$Fe(Ly8&Hazo)QK$&I1JUg|8^^KoPDHJ)X*Yp9u_9Q6R8! z%+!ic&j>jB=HVecnVtup$_d?;!=?PM&byevP=Qi9ZjI=8qTBPs-@2eo30y`U9|8p> zr9@skD*Y>vHV*pUmF5#trW%IgqR`M#gADS1Sn1Z!1nwD8Y6y&)6G)I=M-1p(0C{_M zI5IY}T@I632H+y)U(Y}*8b$TFC!()^u=Gn~z-(H6e0)QKtAc)dy|@Djul+6!NRpN$IzP1EIsR5}0 z6x@;Pe*~1w%;=Ckug7u&Dgcq5U5=OLnRS|gr|^Fy9pCm}zkgShl|khjtU)cpW%+3z z468BZy@`=oQ|Kz1u?)Yg$>@pdWdx=2E=z=YW~Z?}xOERs6l@=3ibqWjz{S>thx=r# z112qhlZ4~$R6Jf`3cu{r`PRQV1&V(Et<5bMNL&HIS7c}kAaP)(OEyqtVFnBlpieH* zuOMJmySCUs)$itaZ)NNC(1vK06qnBokm~Q>&E804W!JyKI^VLfJqI(;M+r1)lCD5r zLa?6TXFYDV{u#Go>NxDv(Lmn*F)Ct!*CvWcNQk%>S|)kA7lj4wu2kaMWC3nISTxSR z&*$n~J5cJTu+iR|zUF!}+8@RT42w#3E8wn)ic6K?yvss0B<)P#D>f(rUS zAi|)(^Awa$cmbc0(caa5GNC9zJN>{J#v^t!_N0LRaI5Sr3;P2i6e?)0|NsoV5mX(cOu)Xzqi%BSescK zd?U{B31AB}I1FwBhv%q4ulp-huY>5A7#jz8XklS`v_v*4<68&WIDbU|^2FGLeB{Sw zm2b-`-|<;na|flkX<*T$D!`vnsRD9ax{^&hF9rDr*(%l_;>IjErCP}txNdsavT!1I zeB40W@ZT$C)pboQ^o)AFf-vr%g4&GyjevvE?QN>~ila9v&W0aa`=X4Z;Z9jQ2GDEQJBIFUUJ? z_7uS4zatKQO$o(=w+{Vbb4mdL#xPhS3o{H~-ubTTlpjO7nn5$^N$SJ?O<1g|zJiKj zA92Yt?yMphrCkN2@1i&Qzs!~fknrYZWgP;# zMP8P&qL!hdIV{xGBlBQ(p>96a?{@=Ex4XLtFvQ}+A<)*+V(6=DY66;7CPrHQ3U$=o z#3r8)-z9_7DnGQ$$3#aJG|`zj(SSzlL|XC%qt6kr563c#uv$OevpbIRp; zc3=m&U!CM8_9kHC_Ww(PzrBUh((*`~)G{K}>%P2iO$#>|92|{{jMQhr6FRu#k$=UF zL{pd-9UE)<{h+VE|K*-<5K)_?%Y$?G1SJ?a6Q^`mRaHlk2=d2UYcZfSX+y#`65y!1 z%~z6qe!T9Pn)(gia(ft?gDOJ8jYrk$~RL}Iw_ZLl;1!YLL_CJ z)r3f?e;$1j&UCyG41UN>{$y|7q~=CX8k}SOA%`iriB0_}j zrCDpR>Et;n;o9d(ld2!SNe=c7tzP#C&`gaZAm>{>yNP1u<>j?`)j2;Eb&|%td_#SG zINiI{@%u1kt-Hnp5vp_B!SNx*>w)nuD4-jk_AM#VG3xp9;VVESKvuH>$6IR^WfcI5 zN?|=+9T7l(d3MbY|AWq+-2l+?MMFc<5;y;4UU%-O;}IxXR*_0jpgRjtyAlDI{=erQQ+JKM6I~W_iCB{h=~-25IR*fUMhb6Ta$Xc?HZG z0ddRza0xyu%k1Z019*^eI9GiFLBPnCqE=l)1Felrkq1+d4U>ow{MF?2|E4Nd^qGT;s>ephhK71G(}S#5na9(o=FwdUvUVi0Jy@7V zHB$xo)tSY`U~cQOJ@t~=D)mSB$Uc4oAc1=PKF5Ora8*yE(>z10utX5Z9{}!{5dp+Z z^o(X^hBrXhzUKUJK7DW+rgq6XHokW^O`kYZ`gZ+TLqoyl%3jgM<;dH3wfcT9D+&;j zetwoo$>MKu0Qi&XDaQW*9PMfYKmht5fYX!T6}2MRg63P7`Qmh)cj^fIGBZ^slD&i6 z%*;f-U= zj{^oAFW%d?(uRIrxy-$Y2*W8HU$;WGoDY4K{wLMSJdlm}U0zYM2kf53oK0L@;$y0Z zLH#q5BsDQToh)dEQ~xI?hYBK$h=|G_m-+lT_!ow|!t9uPbdvkyzKRO=G&Rg zaZyoGO6u|uM2MDKmdCPj^hFrtv272BJr?)~M$YrwPV?D)`VUw$H~xr6|L z${)Zh)PzDgq|8=^<_{NplR$-vY^BhrOSI7gKLXzEagv5kXY-c2EiG+?T(Z`YQPIwNBL|o9sVN{Jyqcz01Mk;rU)(ScPCgWbSM?YTYqJB2D`%<4vsZuButr(2vg{~Rj#%gK2(5Tzm<@Xgx z(ZJ2vuJqL5O9}vHO8VI@v4CE2iI}*!@81sqoO^X71VOOAqCikk{jF2;GoytZv(+LR z(a1YW>P$oX~26;fB1^(?5Ct2h9-0k%^ubyI*z~ zl&h9#;M%Y=@K!XG9Q;ZL4;=DNef~4niO5x?{W){e!rc5t5B!XoMNbhASP;3tWw*Ds z0jJ5u74`a@xL*Wcz)MUKAtxt?UadG7q;ofYr-0PeHA^%abs|#HNU!MxIqv{J1I#bL zIn_AlM6`D>n9b>WedKm>oP0B<&S-JuI{Ea9T9KX9HDYKssktA#HAi&Nl9~v5(v6{oeaWov<{tW3E7_i!Ho44#E_YMzh>*ze) zl;2>}#{yv}0YM@lZcP`KV8FS%y8{ASt;M3LzPE3d)*4$Y^|QSpKuV+V~r}@!qfM(_5#=mlZzKIq4+` zqCa%uT;W7+G}oq*Kul;V36|M6bRW{ooB>QOIkW(qpgzA%htC;Pl%6SUk0jVC)AcC0 zC?zzuOr)51t2eaTOekGSCO@|tC~gxePA!GZ#;F&VDe>}G+r1~Qqm5~PV)8lqDQ~iQ4lHivZ675Wg^cA zYkCOLkE9(u7dHOo{iM`wGQ4UfeZlrT`Pgsa zgF%8}k%H%HxOdJk64y08&E(A0Xnv7V2+<9$V6Rw~w~QBz((Gr_nEE!>eK+)i>i==| zl~Hjt!P<)jg1c*Qw*bKSb!#6|+wt+Gukd%4>g4j9druDn7x${|wY zWp19I{hQ=rdeW4g@S2a6dpc;X&Ac<|IfZZpJpj2JdoqnzrAOHDe_%reYsm=bb!Fnl{fDSQG zn~GIxyt%d)cSYuRIY`V$luB-Ib@}x8!ddZ-n>*|A5+kay$aiHGl|}!ZtKZyZt~|%qdt%w zoBr&wgRq|WB7CLO1NlO1%GjBYib);17vOzT`}gDYFF-mfyiIOks2610{q@fm6gi#a z5|@ybrhJ|B%bEof3OT3Vn;~B#<#M9>%3pS$BUJ^v5CSCAH>ke45`~Zz>T?RLW9Km> zGc%CPKfWuLWtODnTxj;?O%y7D)dJ|(w4~kf#?q(MS3?@+Vt@5kvh@mpLk%7$9*-H0>g34?tMIDoOYO$wJ+Sh>NXXm5XQ0R~gY3_A2zd*4$~0)Z4)+_a2#K4Xd7 zw(#S%bk9k58-Twp5{QZQg1qeyB6Su!C zE!Eq!agcOQ14TjspZmJjA{;vwCMqcz9q-WA!SgfCrv-qGJhD713FuGjv7~0UEWJct zt12l$`kKmSmuuF0_9hce$8Aq$LYe-f~Gi}Rtdf`;g62tQZts(Pe718{^j0QS#TTdRHA8cihVH*5si1=L1>DhD73 z+!Ias{CccN02N^8*A2*E|EMsut8r!Yc=-*n3zg=SpxNn@@;3QF1^eljBN14PaIM+e z(tTx=$m1Rh8#|bYJMo&Pxvgz&WW~f&t{OFLep_rk}-tn*rJ07TPokEU<3OJ*yzTk$c7l-1PCtgYDrpa8IA1U5-I zTT{7EKrJ5FH~}j*P-{6kzLMP1?mRc2+S41oQV&0|2s}9P+}+($2o25qT3b`01*>vG z@XcG$bM9Eou_R5MQYr5UTl(aM9}m3k=K8U5N1sBFR(G;qr8~Ld6+~?^z;X(}uKH9v z6O}TzdH~XifXl&LNgqaZz#lu_VU+XEw~KK=7)u>;j4D$iG#rj#k8jCk?g+5oc}y+7 zt(%)a;bI4zB_4rV>5B3wfI7A%0#}xof5|rtqmBm5)_9r`?}_-S09j*BI<_-o@Jf^> zF5*CdhYP?2Jm;TToEdq3d9V@hjRy94QI}Wbs*}S{9R|lc5Ku$_m;-0;kVK$~M07fK z_@j4nqsbYdtWa-|d*&M(eTfOKP_Or#eE$xR1E~*Rt|=ovAv+R+&*QSQeIC06phZJ9 zzCBwbmX}vdW(jb(4#~ZC0I*_!eK8KeuAqgTf3L=8W^(B7P;hfU0SM!4KJW4}O>v(# zw>OL37LExfCJZWQAXmIQUvCAd5rCQZt|>R%pKocX0K$cZsk$O}8)zh5Y;??*IN+po zSN>-b<8@;4k^Xr1p~E+6P~(1kn&i6ESJSlQd$kK_Pj0k%|L4FilgW!>=b)&l%3JMn z(Knm`SV;hREa-AGgX_j*(%#YBLQ&9?Ym|>z0y~R^zkT!DYm)DxOZO#et_%WuFRF_(*|)IhwyX3IU>`$&<0jnasp{{r+E%Q|;S)$z}M zcxny!*s#5OB%l%yTrUa|@i<~Cy-&UK1LkIA0>3xgb+x|-JOWvpPgj$1#6h+c5BH1< zfU3KynFi3r0e`f!_`P~8EApEjT|Iw(Kp^i1l;Zf+bA0{7W%&${uPhARaKhav8+|4mX+etwOzcUc`VBpZU>iEFL0y0tJI z9CzRK(E@Ld0qQegLG!uf$KTnM3a#%&vk<;AMa=5o1ka2ufL`nT+#E`X_y}w2qy2@8 zy8505^h7|2l}6|N@+`G$-ac@nlfwBIolAOMc^0>t0unc%9Ip`Mwv^=bXGr1L&lvt! z6;R000j>zC>1ilV4?_RJ&XEPp3@sN6qq+edAUi*x&g*n{O&KCA1Js0>6?K6Zwl;f! zKs8y~zkVUfCYM)j0!;@I{^t zI^KXvx{KAanp`Y%adlD3!$>`WO67X!2YJ;O!>q!C-V@thyPvod7~ zhWNBOUKv~nyxB4*0vk|ZNs-0n*MdAW2@ zD$mbFMg9u(xqEqn9dl3g1n-3b!xi~!#pz^PQEoUd?+Zwd)H($UXm%F>#$Gkgx=Ko+ zsuUzj3JL>f0E_SvXbcc6l=sAFYN*F#cTvOII;$)IO+=jz&;MwAo+a42!U0usWHQF4 z#+iZ+Ja@)mKm{;VL+e3YO3ETOLE6*GQ3vpNpLjSeANzQFLm|%5Um08eJh&rEMTo-d zSqxO0bHWmo=I4f-01fw)N;NM&0h8%G7@$t$VkIr+acI6xRpvwK za#Sgx^?L=0J9M?u#swx}GA8T&a<9g&&uS6v{SlWLY)>zkNVTsrr<=Z`N+zdACNVxD z?^(gLX{H7TTiV;S$SyyY7gUX0e( z;?yaC-KmnYGNVohx~SwVzeFau38$#K@(&%&(Bjn8o&{VsJ4DwYSs?vR9su&ziL;^> z6hvvf*%hDo8-lX%dyRo!S}``|@U8`-3!sSuMVrQk8YhQ`xtRrTfX3^}Cj4l;Q?F8` zW@2r4a=u+sQV_JbgX2XE*sSar{srJa0D6im!MU&$$J6cqumFJI!R78xs#%|(UB%Oe zS^REohA$03X^&Z>JNy6>z_Ca=H&jpMA1M0@Oi<^+jR1TM_M@fySxF z=D9X~G81xCXmVVf0o(B#>^H4edp7`foH!VR&7>aOi3sNplra8(P`ayjBtR~w34bpy zWn*XE@31P@Ae`5s_4oC~2^co|6iIX_=suP}E!$wTTI(=)Uod)!um>{7jwGzfbT!s| z86#yT+yZUTXH~enhO+&*%*0Fyt|0jC3LxwJMBrwfaJ|8|2j?)NZ#i%b3#Q=FFRdMk zTrRpA@Ekrbc5*`8Ah~~Wgs6K(`B0=cpGq+k8$ad1P+ady19AuTqbWn)>8i)(G~wy# zXgVX||uo3f+<4SC9FBU5AVr`Kk$K^X%MQ$V24i0xvtqCO!h z>1qGw5IK_vO2|Y^?EgX6J6eK++x#JQ5mK0Rrl#k$+pPM92897qQ}~FKXN28V)lfY! zL$x?v*qx04N#*YrMCYIu2z)tA>&+U&MZg!w>y2*8zqYpOf(Aq?I}>L9FSp!lxte8Czj-mrBg>Dd^CmH|(hD`xn>clFOz$zP~?!z6f zEAplo$Y`+*9>tkNIa~L-o9RTB0l3_yK=VE+(RR&vNDfO`Sy=f$eY=A@`fD_8ey_?d zXrRH(-0Akh#PgR}w&_pX>m{0i_;(Z_!vn-qZtNX)4gUfrK!9>(UkfU?o7+X4H-N{P z!Mg?YBLIcI0a0;4w*rVX2#~Ziy%SPYJ$)Jf_x}Lr3%>z2)(BnwD*8OfR|R6h7Vopt z@bD49wfua&om{FFAB;~M6K|u{S(ujx$n7a^*K28oFr*8r>gaT+jz2#G+8?RQK6*DAG^AHo38FuMa#(ct76nVSRJpr1hiDG;>P^W*?9 znW~oozGV^X?!b69zsGx9b8lOl8bdSCVh0Qg>aACi`Mm__mmU=~G@d6nKTZVoa*~qn z0Bsx~mj|DoLV{Xd&e~kBdIo-F{Q5N>+QWGGkavulQ%NC4?!pUSLeB?96J(3(yKk+= zG*Uahjs{e||Vepj^gl#>8_ z#e$S1dD3E)T+XeA!{1e@?N&s=7=9v}+?-g)|m`01bF;e^0nXr^!+lfm)K ziJWZyOvkG=bzq}bqiEVWZD`9IMvY!q?{vVVHfEx#QUkOv(&WW^WBU6)1^xU|igI)P ze!2bDvCgY*Zx86nIN&h6nvPI(S19jtue|_BM-P`X)Pm%s`Y1rm#Mdtx2;Zi^p~FVe z#Jo&QJYY4g^7z_XV2@1#@M|>y5l<3@T}o z=IM_eTcRq~o4QEton9)}0p=MmV(Gfaks#I9Wj7SiP0yb_=5%)6g)HOxY+-I0b9u#| z`M+pxr2o*|3zeEaU-_(77XUpND=Rjy=bzK_SaV}2V&dZc{R6<(8in{2%r!y+0{U%g z4A_}sgQlNy&s*pvxg97TTd7#TL(VBjJZt2{GAO{6TlCt?<;^Ku_N!*wHJv(_t^v3V`v|b zUsUdUSLST$En~U!V>sv~egrU7vqV19s5tGIlCGk)!Kc35*DRmPled{nWZG=j6M%By zAVD{WV>2@g0OG)LJBkyr!?GH*1+<>SjU!wxc#A9kLOHRELJFS!b-;)3v==c?svi_ zi{Sf>TkpHm$Z5`K@Mj1liTZr}`cV71uoUUq*BF(ezz!W2U6SlvaXyQ_fak!t#kU%Gm!#htna~H+y82UcDVF03M##E zOpaJazAX)t%yslog}4OqMhp1`p=DI}Z!U{ZOB^t25du=h3{1e@QdVAmcx=rRU}tG5 zYWrsu=MRmIxxSw+`-@7u$#Q7VQp-{RWa#V6E^BU7DGC3^oaQ-YD5hMKO^SY-ApnvHzkdu1Hbey<=>@Kzm%5*ZHIZwLs*FUcZWd#Lc2agFFAfLg5!4D zrMOBy^iyp7Tw@NV?V(Z-iI@FHZo=KM&${74(tUZ!7!PLR5M8pz{VV*TnGx=C*V^5! zC#G^WF5>Lql8^UjtQZLQNh>b3Gy|<9!?g@9r1j}}W_bq;-)$j^3+o#&m&V=0xMKhb zVkySBASn^HB{v%vtRyGghG=}eZQxmlwF6;jYj0;#+(P@4@;MLb<@@yT1i(e7$g4tx z+7)O$DE8%M&LJTOzd>&S@$@Cg;7_{dxG*Z>cf0NWZBiQ867R3L!Lh^`A-6GzA#$pu zkEJItKCMF+YF-y8KBzxR54^gDk~91Vis?7fL(Qrf{O8oYg05ad28;WB7|}qO5SXZF zXAu#7)?YYYP{2>WfHIx$20WXOJdhJZi|To4Hvjf9`s4DtngK<#g$_}si~whjg-Jq< z_IcYhXm&<%e~YWw_|tygRsrjDF2zZIoYEh|>wbT-xe8qw3PnH^-r%KLf?>Sjs6^_@w5-C?x8pj+>C!)yK7FBgoAa|n(& z=}3_uUyY{Dg6+Rbo*@*N#ZAc@IcQ>Mx{q`w1I$a;+%?r-A!>iAZ1ltU@Q2}X)+Q;0 zRTXE)5&iQ4@CiY>a9u_q#Mf;q1Mo|So4zDjYvf*He#znGi=jk{MxiW>+ebm2oZtM+ zE8e)sNy}$Ohffu(vDC0(ly-~>pBzsg+*KfjB|eJp)Y{5__p;?HvWxq`LnRr7l+C2K z;`pF4D(OkaE>J3ZQ${)JzC8=PO1aJ}M~IH0s(|1MSZF{XJ|#0HxnRMlw3eR;CU1CJ zG!#7-%+)lHJ*r>fRMGP$_dlm8Vi@K2hvViM!udA6C6?hwbg8JdLWg`h&mq4V*J^p#QgVE&G}g;JQ^ zeAX5D@=66FCHxtii60XrK`+FD_#G_}ZkY1ucPx`s> z=WL0@t>nMS)sJEL@^J4nCiwEwRquK&!=sV2`CKl{>4cTtL2v>SWSLmQGT%F!y){u5 znEyfu^J)^sw=-!K$MrixopKd;g!KvoyE9w!rcV(8D%ZibF6A&TNqO=>QRH>5Bx%Bj zhb$e@f>lNFMjWnOg-a=PW?R=;9vyiukhD#IjX=+8f z4YbNKV~KCEt*Hn_y8}0_B1j2CLZ}r^=5<`r4o%4!g$ZyNuPMC>Tdv_Zq-rqG)WFPp zh-9>47>MY&h$64ZXu)1-5jY!<-y4K(GTb45RJs<=tgycK4R_mEO}xNQyo6_GFRRhQ z(m#bI*;eOe<03&An=7f~%O{H@7N8m9DXGKDCyOZ?#R}5-ic)hQfBbtmxQZv7&%6jL zZ?U{sw0-@xi{rQR2NmUk7jin;%*fEO5q|Q26A!Z_B>)Z53NPtu z6oXoZ&t-6ov1svxNdm#VxvO-&IaLyJ;J6q^7aE_QAzutEHG+7)S@$x(O4k3)FSIQE ziF%gpfd8uHhWbnS(Y4UKk(2F<)W`jNw_km??BXXpbhoLWhaYQeUTcNtSeh-ZEoY6- zZxb*Mn`&#{W~)BP*4So%WfuxGq@Rt^E&XBUoA|l)FKo94+ifY6bD<( zdS0s1BdngP^0?d1dY&Kyu3Nj__&*Y;7X-cRz3k+Uc~@0&+;z2&_>CHFEDy){Tn-&a zwd!^LnV#3b;G8gtmf4Exaqk4}Le`Jg=h^(&TPsG$*-Xld^-q@HoY9a=PHby!^z3n+ zNiG?*vft;<&R$i0CgJaR@0_rjQwx5x4EV4&+GoDd^y;o$#<@t};GajQuAu&XEMTJe z5Hf1jM~4{V9z5D>E3%T07Evlq4k%x9t4V}qOl7-$mUwZq*7RI`s6z5S%-Xj+*CP1(u|H*RX|hncIvc;S19#^3Pg2H@iS3Nw5Byh31yeWE+=H^bM7>O9 z8N9oZtJdDVy)ey|6b`|!z3l|=u;;ojVmNUeHP>mZgY;_tfL|8RblqRJllCpNFCzBkZ`P@Qo7*m$R3x#Q%>!fm=) zYQMI5!cepBx=u_@kJ~Q*%7O8PD`j{Jt_aeyS?i!C_mweauPkb`qT6T}>yUHC)2Z#S z^SZLXiuvnC!e@|xo55LnD>lgy_c@=*q3B^9JDYWXb(aByk(??eo*_T?tE!%VXh7|k z?{Nynv$jTtfx7nI3@t$T6Uq;_SX+1b8?Ndy`ta+ zQhB)VGXoZH&V7lxDQ&(nAxWq7XK0OtN!L$K{dHL>S?s&F%u@r6I3Atvv;B&1Vk;g7 z-{v25ogQXXGfWar;2x7Qt@=hrfj6O#K4KJi{EXcjca1q(>`a-j&T2lNgbVJ%-cb2; z4Cm@S>rDK*_>Z89w|Y*isLYkq^JxG|I-4KpGRy(E5Y-!_7R#TNUG_he>OZH5{~o`i zqcMZ18g;^}oH3!-`h#X1emHVAI}Y#iv^-1jvB*FArXm>Q<@<3sRZGr#gi&j{;xUtq z{o7KTGJ(E2)m2MHy2e$$y#;XA6m9 z3YfTrBa%8qj4J;xx@2ZNNurUOc#>5J1%-IYfqVDRUtzn=-oD~sBCMrxocG%MXp{IF z)0LOz1BU7ku*ijMbmg3OxRl#T?miw_Rzn3|a&FP@j17)@_u4cBGBUqB+-IYRTse7? zv9iFxD^@z|YM6*&i8f#92;G%btNESZr3riaOg;^RP_tjN>MK~OLRwW|J3VZhk30M7 z9?>@(ZI2g%%js`HI%_lm#g^4wbiQIu4*Ox2qV(T5%|yr?BDiJ!jcEKx{s@1(=??7iSXhHw8+ zX|waa>sk!MJJh47J!FhCN3l7K9-HBAs_J@LS1cNNq`c06QW*n-+#$!sK6kR|gqG*eajf!gJ>hPHGI~&kT#7jwPuM+imYv4w#e4 zm8BIzmGC3Xc_x=Q_kS!#?lXoY<9u497H2@(<3(;IE*1g3@)6Xqq0v_7hvG`-!_Gi$ zqkNPY4iK;iEX`lrjt$_rUs~-SX7NF)z}Atfc{jMOIp(Ip#iGx3)-1-OC_J6a%IUI^ z>g(tE>*2L7Rb7JkXkl-~jH*K&#kk0(otaFqOUFt( zvI3FeuwJApTIl-{6`ES46tm<&%G{L#kbDqXc$pAYH;WpRDMJ=bGvrSV?lDFSYQGMrZ-@p-_CMbI>M<|~Q^>Ls_&*9UPMlJ{ zM61hc)ufqzR@{B8s&xz};vnGvL{00tjitmMgSUVZy^chCIHqLW$W~Ps2V%4Q#ogwi zY3u3nXV&W}4t4>|6g2C(=U1=X*juSnvwSRYK$XB$odd_KGJy$>)KK5LuDPwJAqOjC zkeg#E?49CEzZs^F8LnZg`8a%l(^tW{&J*|h;_C}JF{v&sG0njAT%Jb}lsrK(#))0V zJ|ZU~*Q2Gwam`hP@@`vp%?BgV%s}oTW^B4;v{10q%vg>6>6%2Q`MmE8l8abZaMh(T zL7?<=26U4c0*p!zTFvyVTM%kE8YOgJL)abt;!14t;5w`_H--9}25})M~RQ8YUVkpOMScHiN4X#wsYMFPW8e)=3Iy;PFfwJh2#e(VY zL%}1X&J-6+PiQaEB3onHIZY$B(5BlgPr6P8aQr5;}C= z(kP%o6wJjTA7#9M${u96kuQ4cxe1~!h*civPxr1QHq2i)?S-rZns!`xjftE%EHkRSk=NK{cSfaWUOU%lQ7?8)gJG!s(pX5;%a>WcHO*L z66mou&?UG9%yc8B10sXG=y6nquTLw6rd>I1m?LJgb=6<34F`WjY)* zUvIPNb-C~c`{K~Ly#~9e{bwLnNw1{cXZ?p%n(3p1IuDCsF1WN!%cz>_ZyUqu(bk?||LWFm*#YhwHYxlooWc<~4Z+i%k5@ z^{8*Um;QnHN|s2qU)}Aws!JKAvcl+>VOy6)@_UXYdd1f=o_*GaTmz=ar+)@?6YX}H z;&?TL;sDGwf}8ta22P7b_w$H4r>?P)IcaC-T9uV$diI*f$HN23^RQn)2tXoq+Phq7 z7w^0Fcb+gKdP&2WPb?*BYJH_(Ecw(qcAclThF77;5$a~2c2+Wgvd*&~5lgOGa!@9z zhl{Y0^gcww?P*%-R_h7ozC8*E#DL1#^r_;XV z)B>Gz@EfgUu848Y@vJ5&f5Es(N4;d41c5Eh?d$%J3&kZ&^Uk%0H!HspbOo`NyH0N9 z(0|zFB#i&MMka{pVahwSG;}{E-g_H~n-0%Ckk?%vr+R9719l(6gpWG%-yoc28h`3N zl_Di>mc)OBanEWP^zSz!-(E^{4jm`_{6!fr7~HwST5pFDG=kKFQSCA! z>gUwJ9Ai~2&&`Y1qq){ueOr-D+_anZ9k}3p-g}obHRRW~cDcVe_Lx##?v2>_P}Y25 zu)A#kWEDSbl>S9=ZGMaT>)C1Xl*=V!yO#k$7<_D_l0@xyQ^d!`MfOTIiE^+DWCopw z**FzhKF?iY7wcY^(H_XefY0>abg$(DkzWw|3b(N%()NqNcH&w?Szw*!&>lPkj%T$+ zkv|!`&k((XS(U0bZ92_2Bc?QZu!hv|k8P{a>DI+>9cDV`YIuJd$Dw>XEwO0D<&up$&5*lTBFNB{i@IU%pb}l{2F2Ta(;b3l+Z5irg87AA!xa zI&SxGA+E!?!lWqSCIDm`c?j!pvu*Rf6l#_ zj1?7OGWyEPCT$w@_6IlZWY$GP^#WXkq{7Ptr{eWt8R&o0Fvh%c1v)Q!ZufaP<|5(^ zsaoJXe}?)e^Qy;qiQe=2xJrbjrjre$qJaJrO-#J8HaptG3K541>Er(I{2vLSkT zyVOW#Ptc{rRs0bYey3Cv#xPMKt3}G8XhT?{cf5h??iU9ti66{Rcfy6+9bZOh15g4k zyQdT4f?pIWkhWm1dS4&0PlOKCzNq=ihsyuME**V@1R24KHBPM*8c$lKv8T$_X++Wa zWU(C8sh87Ae2(KaQm$3tl|(j%_P2p|kdZ-SdYZA>lMc~*Ty^2*k>9Y4?m`#v{aL0j zrh15+!=H=IV8UShQbbL9EM1-0d)(uSr9ihb_m7~Vi#5{Au}?KGx3HCSyAWl8N3#lE z7|zGrVLhmt)V=Mqf`Xb}K_QxVO`W@vFv`Yn&#}Pr%u3?EI(BAwJrt zCI5M6qeW3a%4e%?sgb@Qa~3b-vE9QFXZ8QX0vIy?LB*FhUb~HbHk?0d6@vLqj?Y5k z&oxtm#s#y0@1cj)UzY%B8NjF}nfA>u3Bz;{y~Tl(KXr=^K)0KBbQMGQCpMr?rTkf0 zrO+@0x5{E*U#$^mmrEJNt^VT-<68fx#K)_Zjv2)nEr7+8VV@p&N zHCe<4CD&Lxc;}fEDw!wk*-IiN2eojU{G#tLudzg|MO9|z*Nqh^?eBsynP5Rw1f2$O zG&hxCDxxU{t#}1kFbmPm;4Ih+Be-Msviy|atJjM{!px=pCfFoZ(Tpx4flI-9;UZ)f z<2aeR8s5Cd;}+-1*HyjVO&KR6@Hs$_a+qnGyYvl~)Et_jjd{iVc4cem2wRdCq7UTB zOxTOq^_NS1qCI;;` z5t5X#X?Vu~hrC90fw?^tg3p7Vk4YE&16ARR!Jmkg2};h=F`iR zi`wr}f*C+o=Zb4juJw!DDoIe~C7pH(C?OeGPN7Ijl}+3VJwp0Bt4s^G)kNi}M_$TS z{U~~2y{f53^nc}|`{eFMSC0R^Q2iZ~f1?Qzp$t6^JukcprYN8*Wpw!04Q{YG`vJ1O zklE=3?Kk&fcg$NpDn6jSlD8u)L8bYMW>X|R^BBC zPA1V$KQ%dl6*-wj43@S4(~dfjDF%*LpTGFb4Lyl8_M5DVp-{D`REsHnrf$Obn9ON~ z(mhSu2#UiE-*>{Q?UgG-9%;=*?g)g9z1 zQ3ufYXbd5R3VzTF8Oy)_-7zefSaMb$BmSYU%N|P#1INC3eNTm=U}E0Sk|64)Updf& z%`m`77adb@06&Od6CB{MJPnjt9+Eq6DeG-#36k|wselE}&c9{H&>SZ8%IAP=MI>4* z4h^T#n}iw|?!Y$9{ckXW>GWb!>Us$;21l4ldPRQ~59P7SyQJow4Da=X%0K z_{VF{y~(ptHoeB8TO#CeRbMY1*F|j;wQZi~|NEJG^De9y_Uu-?^}9B~_XkPRwoYDcBTwgGpU=pr3I?YqW@aswcg%loJSDc)OF{N3Q)XoV02i1U zpdAx$3n&804q?9M+*il?*&JWyLU;VMi8Vk_DVq}8;gq-YWMH>sJTf~9^oPgP1<8Rs zoG^CkM7ZgfcHSphe(vh|_3!l)j=>XdfWu>goEh)~5@FAJggKORCh^LE@zes6IQE|L zxUhlW#WkR>58xVxYaD${S}J5(XnvG?@3{6TM4lE)8n-| zsNfa(GS~XItc(IKuD~liH7rxkynd&bTDIKl>2x61$)`VMm3K$~X5G{#yTg9ak=pY> zSx~?s&&Fo2%w@8}`+^Yk=V(+=u;ChLjHEM@a4xo=zc$lzhJ1=h@Oqlb{=?56+ga!E z{6JDyQm(-|>^k9)b@RN~DF9y8ec#vB(bRZh9TFtoOUYPF0O1fp6le-9{(w0MChKup>O*j|{qbG8;guvqY`32mnK>J82%)f@OQ#E5>g{~C!g2rS zP~f4t^KG>g2~;GLxdP~dAn08BM=-S_|8R#Ep#-SO+SvB( zy&r|&@gxxh`Zk}^RJ*%_S4D6x(^>=#@;tbG-bV5fSM_|Iu|E76)<~=cpqrym)*9V= zCx6Qqy{!-5RWaW30iyR~g}+Wsc0jx?=Sn2lI5+?cwbJY4MF0d0EeGiGD#qvaFUi|c zKaTEe$3y#tU5v*XIWYdKzgv+&CZ?vFuLoQnSr3^PfD34bO=ZJl1!X&s{}msqoW`OD z_Tcxc<@roCUe@&VB%tonV{>e5$px-Z2KeIzCBZMdvLV|mNKM|9_viRg2BDUC?#|U` zLDSA~FkGp~PY-UwiWzmWl3 z{9w|;!|%@~v|6O4FYJiCIMY8AG+f9DgG$*?2$bz~{TUPP%jiLmJIhE)s*4wyFZ1jF zh(IJ;Ko8<0rI#LLI|$w)k*(-7TSNo`Hj3vygn7MX8T;b$K1l$?XMB=4qdB?C{r1F8 z;8K1&-w3<-_CN?=sy|#eP7OJ)=vy#yU``NpAA58^?sPM#PXR%-!Du4Tlc;PTS=szv3G5-m#g9hKSR?>M=Tbw zNJf`6mvhwAha-lmHgM0?6|2Oiur6!Y|BVcRA^3a_5hoBgJS~na0w66HpvqeOmn63Z zx>k{yDkNPWwGIU{xm4wlQrm#T+8a)|GS%=Am-W6*sA>Vzfm|m&HXNRBk9#7xYU)1T z3`Md=mCrXr$bOS|GG@mg!VeA(UK@>LIM4GM8iU%`5v0a9wi<@JKO303JZ7z>Twd*3 zG9xgkec0L)F=`5`<5@|hV%zees_~QPG}!1%bsa=Exi;MFRVd1?uoa-UcvgC_TX|aN zy5uptIQ5SgaRO$RH`<`bEw8f1Dr6Iww%xq(^&?Lo~|rx6s-EvS(q zupw{)Cpr%;WmO%|&68f|!2AHHhdgwCya6}W8PSF7An==LBHsJ=htAFhp1Q;Zcm@m{ z6Fe;kg@v^_eAsz4x!h8*?1zW`R4>vpoR7LW)oJRD-YneRpX;l<&aQR`JDq*45jV+yo(rg%}4j}iJC&Rt~fw(?j zLG99WcMW4Eb1v+Rh2%$L2NH1zN-`%}Lu?)SX;|EZXwDu%r>*3YTQoR_=rd&Ay1wf( zhbx|NAz&gNKZ{)c;`7o4ZcKR|^ms2vO&NF5X|p_NNb24s)>WkTyqV^$ljJASvm>?9 zKL1#rP9i7h9lUw*b{@sx)YNJFxV*duqQ1eU?-$DIJ}@tLi(RvkW2y!JGd z2zp!|)C9HdghZL&hcDk1>N3)m0ADu~ycgV)ZW9qYw_lw01_j@*2sSQ1-HahHw_R4f zgR4wTOn$dr4ajBCOThite@O%Tn2NkxgBPjBiLSRXAfzH_&4qE z9B)$}3$yGEZ<|d1jT?<&3k*r&>9@LP$mfT<|B>pZjr)Pg=n4~4C6a{oLtDAvBQ3dg zrQCL_i$WivMFq3YLOwe!!nCcC-)wdqW%GVq{NnNYZv#L@{q1&ee|*7oH`nM<#6N31 z0=2Y&CfMl&evrtY^6It_9!Z(FPo!SBcpED`)4u9{QH9w0g#%C{dKk=g@aZq8k>s$bxYgI@J#MTq9skix@yy~)1s$$D=7H^W10X>L9zw}7Q} zpV2{D&dbJ>*zS_Cy^LnH zN-WEm8V#xrXhPOWZ1~TNAPS|`(uFK&kS-h+QiRTtByB!pi+l~uY@8c~*594!-!0T3 zAD>u88Y}fX=fV%gM{@Pz_jLD$!J4dVd@CugKO{gT`6z6XJou0x;8~s`+QjarME+}e zR-n(f`uBwZY49XBinsA%P-hLm|3^JHUYuMkdWj_#J!-| z4FcxWqCu}+U?gI^P7MXG<6_z#`2^azeP}6oW zK{PQxd>@HwW{zi|mUk8f#9-f8${|A+GOAzt{T*MP-=^JmcEcP6)KRna(rr%y>gZU?K(pPbTTHRt430Sz@OF5JyCHKq z&X6hpxaiMF+ zuB5E{%%H%14ItcT%73B`itUCNrM1vi9uN#GEqP03KO4A0P8O#wu{1`GX$@RD?)SOcIxUQ>mpRv8LD=bA)0E!ruzX8cAT&&|KqU4n_`FVr7Cc9!5lZQ!+u~4!`=DWlh@}%$94qMHlI%G=Vji)MvRZr57+b4e+{xe@3#XFDIP9WNE7!3prz?M zVu8(O`XF;3&7Y?&r91O7>IFteJpS&(s*8Adh-;J;Ezm|KIGKFcieyz#@rLlKe!_Fnj+pGJuFC3zP(?6$m^vBubBTz{j?p_rosIaDj_H^D-t&{2Q4dR4yL0L zk}EIQekK$j9oRM_Dxxt|56BJRE+5%7q6MjfOOqef)IbiI8vw|X z?uZ`jrTSGwn^l72A>suZs831iLn3I)1VPgZ!Fx8v>`>^NP|(e%3iCJP`HFc%8k))f z{>`ne;4itbb}V#yPa>>Sl7JNAJ5v}~Z%b;@!~hD7(%pw}1?x;XDq+&FFGz4qSO2U- z4oJ>N-!XI(Lu9$u{w9#jvt;0*vf`@roTQ(JPd7R_5%0aHZHQYKBoPzrjp)M_E}!Qp zebi!vtj2m75KM~(%c#?jHB9~SE74q=9-gQT;p%I76QG;K>0jXE$69jlB#R+(W~g%p zV+Ip8msDG97ckgu4V>Z$oO*ToW9?{u4_(ep894R#u3k}T2j9w9mpf+G%5_K#d9#0T zLwu&gz>py};gAtj(iJ>IRGkv8ll0Ig4GZjt!LVFIm60maM{knW7gxs)q6&`U2HQcP zSb;~bOj#2`G^qS7FXR`RJ|`u?8z+za4^3AY)kfEKad!#s?oM%chae%iJCq`Y7AfxT zv^WG3T#LIq1S!^*;=k1j;cSujYK9E;a55u#PGNS!otklW8<$-sS$U?Ik0RO7T69H@zfwH%Bx|$$ z=_Yg$P1@F%1ZWaIi=sSB;8)+G3R{Ptyj@F{;6FoXA|C*0(*|;0jXC7!R@^aX?|weD z4Y`W?hktar@+XmzB{CY>c6RcMZ^}KhBZ=V>Z|3{Eobo*fw)xMcmT;$2>t_yDYbx;$ zFy2U8x)l1_zK*so)*M|&61&@tA)W$v@R@~oBL2;wAYK+}hiz4?lM0iLT1egGxAj5i zZkQ26=h}mmaFMM&0_aN4q1Kfoz^>c>D!;ntIh1b?HM+BlzV8-a_U$#RU1kdrg$W{V zBgil4&(Qel{k4dQ;fmaN9xVgUn})^K0|P~i6#x_SMEf6qTgq|Yy0o=IK2UpFqnn#$ z1P_bv%)S3SXW zLU)Ry#1uW!S26^i5Jq^ z00NIbUN*ySW-F*`NkhSUYQ#;WP2CZ6+U+j*U~xZ&+7G*Pgj#V{OxL**yyKM4N`qz_ zHNK-1jG@>_he1`5wsy>nA#7op`|%rH_CxlTkZyBU7f)i7+|koC6QSR2GKh~v+BPC5 z29T!KZl-&U18bIPN6TD%D_kSs@j1N$LL@nBhS=7eAru}iJwo|gyA4_ez@q8zwm>nq z%l(TI0b3*%yCW?gGWGd`=!&A4&2>@4%l_Yi#hOJGr;#R3txph>pEZFRbA2ZG)LQqW z%gl#dkH}~A5y6xQbkjKl%zy8+l{Ces?G3J!#t%Pjy`ex)Ni(tdRnr}y5{#Zs+l~NT zJF>#anSgxmvPxEk%2*k%jb~&jYgLozapoD#zoGY;Op>gy1`Ty9sRk!eISl?iRGRUq zJaalcnKwy5AhyGZwHqH~*9TdC6`R!hyNppL%By~g&-^`UDcJ?e2Gtp18#)-oPagk- zxn3my@7EdJLh46<@xOys8iww0FJDH1g0t<{Q@Jz@pyvxz57mQ!gS!*?ZdbVWJ>Pbp zI48I6_%!gdUZ3syEXz?3;=i*Be{H+|CG2^~gMOQ3J^u^c{Ug$$FMr)3vg){Qnn(&N zM&fegCKMhh47mvKURmMky$ zriixq5cgZw)15k0%X@qdhoZv0i|Rm4jVGru3i>YPotQ4Z9|Ky%Q1=MnHB+T>#^kiF z7N3U#QqZ|_$0zB7m$Bv?%y)kmyo%pF{@!>N|AWYfe9q#%=zRZ*K1YZq^A9puww=Jv z;5IT_&wDI0)lXN$ROjeD&VLUx`5JpYb|-jvy+~PPkr}7bivLi`AYD|-V<8NTNR5j( zLvAn1)_m`+QUr>&#^++ov!H(sJE=LqujHWQz-9dG#S)k^GfoL8tmX2I`NXn|3;g%AA!B3RIgufb%C5(xu zWVN-B=C_;gPkwJK6m2L3#Ds)4n`vj{&o&X7inwmO#sSS$&n}O$lZ?iKNHCOO>~v>s zz=Uz?Llfs#GkNVV?0Wa1NI^SaAK%h~!2}kn2&Cd)$mkt{Z~C~Oa7!@wnZ9-J^Sywq z+s~Ej!1+(VpU)+Fd&9jh)^K0R+Rdy?_5WMKT>JZXUka&4#HJ_wGV)}eXTE4h_Ta^} z>)$-fOxzlu_in~I)aWCZc>LyC=Y94>rE|k2# z2{A(n35VYQeKx(XCt&OhUEMx@Wi9xRr^mUW%g^rLCK6JI|EO-B*YoD^I0IrVMwwj; zaIaC25pED#YCML7S--@#tuA~m;37^?|BRrf-WI5PhR?)Y z=Piu!$-KOjY_y%ue3L|+XRQt~{GEl!hg}?^{)~D>59$r*`nQIA#2_aB?pxT%*T)I( z-~HDYSJG*`@(98=1>uIU(@lptp(*Y9IDL#Ja>_C<%XcKB;oH=z2T@I24Z<6p;XW_}gl-g+LWEc~~q(>BDj$|F4% zJ9tBDAzpX0D=N2Yyxo@a`T{1%(@A_rR*R}J?Sf!8!?HnG=>~3gGN}`ZMb-t4yj2il zgIzpJ!iE|OD1H?_{@D0>&S1IObh{ib*?QUk9#MCut{xz!i#}%r*t|UY%)Hoq5q~-F z(A}X<{`s~ZKkWSbl^`y|--mKt{jb8ejksl8FtcC9x5!~fgUbqtu_Qjw@D0nOgC3WE zA03oETfZz5(~#7CCJf&B+V%d`9|YstxC4TKRlWN|o&$~+tio+IiwrhW!X|bPXb^b7 z_1pRFZ-|N66E_~ett~Z=EH~ePY**8=g~wV(5*#QQaR1SJds&xEl#nEm&+wimn`po0 z)e3&cGa#OcUIk~=yE!WB8hjMeBm*vG1( z`@NWHh39|oG1o2#yfhw8hsXT_XKhOwf2oE0K>x|>HT+xq+BFvO2f^|EW(DI+Q~~Dm zMws-xRQQr@*{39(AE0o5Kqt>`w^+idMA2`--u+WfIdDl5ri zo5f)os{Nezu0lS*{zbLNxg%iopG?L30};-q5Ct2-f-x?gVWhzk3DBuB$yPF85dJPz z;Mk%kG*v!q`1UPSI*X))SHuw;5TEOr!r(G>Tcr` znF>n&^n% zHRAurzzvqJF6jtJq(4XMeZ8)OX*(9jz<>X5r^C=eA3Nx@gSw?ah00$7h$*q%`U%_T*SldDFx+x zLtf;6eF|O}v+(Zpx&8k1y`}5-D&li|>R%0)5Mv)jB1N#0c}rfMy_}4F{CBzkWCnPr zjrv$hbk_apDmS@n-*_L&v!V0|={xoT>OM&f3AnJoOBhHNxwY z_qdcahd!+bE;Kw}(IoYK>vK6#@m8-1muU}s47uNw_4DZev!BpDAme;_48A&Of6Lb! zc>c#@zGQ1ZLHTEt{wL70i>XjJpQvj?mH>2djBc} zG0ZRE;G!Q4d%ULetFb*0Ua$+oAH9 zVSQECIy?Rx{Ku7^Pq_oYu4{e9rr}1loQGty#Z6TwqE%}B&Rc&)$u@lQ@GI2&#?bHm zm)=)8eg)Aqp)*k~Vy{SmvUrp9(}Gt+I4L$P9Q&LMyx)FXlS_R(>JlF0%Pm038(#gL zY?7_W&qsL{_~2qvkXwwNP+hq17;8tlPT9ar#tix>dO7p@%HUa0UQ_2?2yb$7)q#Xz z1R;Ah1aCw%bt*AxtP>kS^&Ax}jamk+h{1HJJ<640y9bfJCo)|9aeLmSu|lRo2Nbnd zVqsr0WyNB|*~bERVl!wDq^rhR3xt20y*6obz@DGq_xsDoLbm35FSY!&FfShvt#d8d z3ZV|Us2g@gBKh&DQ9CV-Et*qcS#iaf@dTr6FJ^pVnfpLlVz`H5>6NJdh|+5>FGY|4 zSR<;6m>xeLgwsbDK{Xc4F}mzkLo|Me_QPlVLaX{)!ss22+CEyJ94lL+DQjAPEmj~1 zTF#WQTu1;AmG9AxEC=?)B%ZQcimwO9>+fdN+9tHJqpBAIISWDD>`hPv>7c3}es z6ZMn@ro?1}!%ss&&T_QIAh$u<4>Fb{OeU~>sTt7U?e99Rp96H<-|odcb$LrD%gZf`PYTWVW?yJ0 zL1u_DnUUT5yKmNP6tLKE4%RGOoy#{7B%D3*4so-jy$c-&lNIl@`B@9$|4!TyZr=z; z@hf2#nnfaZOb)>bTbDDEkw`NL)x|>*W?%Zu1mSJY#Z_A#&ar?}@D-508AHQra*W?BS zze%y9bmoomX*2ytW*4DV8^Ge)l|M(mmu*$I=o`}K2u0^?!_%xt`_cTPr9(tgkr~0r zVHk6-D?~TlUHHL`@8GmACK&~1otS`q=LhQZCd*9=;*E>~OUGeA+Z>Kq?&9zjakjeH zSn3FbOX7PprBJi8|4Kv|Yxe^ho|rzIYEGWzB{5q2#>;!|vYER&QfmFGWe8D^M+h~X zclj#WlGCh03*+7gcd_bsr3+igMi^wIWrL+p zkaeS>rsQwzjm>h2M%*OB6>5abr2-g(3X=~f6-66XQOj>@z6o>$w`~B+buX6WNx^hY zF%x5e<{zdZb={nfg<=>?YD^o(70|Wc*%{`d=xXB#NmEU9wYp>}MZ$0~+EC@FR2?aQ zi`P!QcJ9@8UBgBT0@6i?fDeeNo?NH^P)a4|IZw6Pec|+;Z0anVJxe1cc1>N~`#5{NrFpUu+!$lg8j4I}7lkxB6g?-|b zSaxUE2awzjW-T{%&Yd_H7JMG_#Hnv&L?CP!7ERRp;@2O#;C_l@Q`%#f&7+*|KC*r> ztLi~V0WpYbn|u(3hk`97z8x**t-6C^%wLd^R`<#(RE_gv0*n{&c_E-XZY25|t@6kR z(0Gj4vqMfC#M}d$b726X0LLCD722euU!k*Gl>In_`}d~>FqQv99CF8s5U+M-uL(bE z<7Dly9H+x6XY_@MXFY4oq*llk>z5qs&3Ih(z*3!iA*&ExF3dJTQMugq*~`b+h5Jfc zJv!5lOI%+?9&Wi@_XR@*in^pjz3P7$m$e}qA3OKVC#BNt*duB(CSMU&b;(G24!NT? z;8UXKa>#M{4e|$iH;-!ox~^|Y<<+={GrVv-1dv7qNrw$=%R9;5!y4%5f(p0Pi}pzH`MmlKdFKBVQ*4x{*6j{oqU8 z@tvmNRz1L_4*Z<~!DuuQCIflm+3IWy*|SyGAXTOs!vGoUS}eINud?m(r-q`i)N`e9 zMkLhFsI@oDNH7?xImpP*xZtsC8_m>N+#ln{k{|9D{sX1_u*s2V+Jp_qIgf{v`iYpk zKwLdXqagojH=bKmDA>V7(xniWae z^hm}gm;)Hb*a!PkVu%Wx0bXyGI+*)xpxX5>+~J*Mr1iG+tFq`ntr$E-U@aspxm`}A zjbw;ra~_XS#j%kK`iau2%dlq3%Q8;@dC?@AJYn|iu$I;D&ROmRY6kun{;xcCuwXW{ z2py1Bx3QjEwnr_QuqMhzlPl)p zsxfa^qu$XoJ;DmXf9v?{2j$lx;;u^zqurzGI8x9MI36tj6A%MKJ%W-YiNxBGow}9MU&Qu2W@*I9LJPhgb9C&0S7gH zz*y2csP`R9?&Y~xPC$YTm00sPVLZ4g$TmlH-fd`B=ZZ3Go67=yV%ld~*kLqpj&)Rh zt}8yrj&d9wag9cVe#iu78pcN4o6nW{e}ngJ0#>S;xl@x5f=XN{V-u=zINm}OU9Gn? zdl4wx#sMJJ_5sFG#mWbI;2*oR-H~Q~w@lzcE-TgAK$?xzZv zy#nk``CE@fEx)Bq8?mIOy{%ZI&wMbqV9M@7a=6SYcKe1YP?Lv8Z#nYxV?jn!)4mw{ zh_#X_irt!(tfWOOzW5HQ ze{tPXsP}?Xzzddyji9{+xvzi>nLoVh<%v$j=l1@}vWX>=Q;_Z~Mm7U+cMZ*n14bL+ z5Qn*wNq^f#4f>AhJ`W7%4t^y%u7!-m9AT)GQaY62i$d%{Y(n=&2GSyYw>3$N9G$2M zEoWoXXT`BW(3KcF)B(c!d8cdetP>Z{#7u+?a7;EOT8W#F@J~_RdU*qekTP;Hn8!vM z?ox)4)`@aEy_^n z{ri0-JfcL+H+|AxPzlF$`nH*WR~KZ*q9C*+`>Cp-K^n=tzWb^)6Q3g=I}Y9SauMNe zXAI2Nz{oAZ(-cZ?wuDoQ5@%nfdJkpu#mE?^bBzaQ|$&ykiIZgK#qek=y_lk<{qnTBZ_eynO6 z++HSChs-p$z0N0XxaFq=4k_6y42ruymCG>GfE=C-JOK{=2P>!F+M2ZcJEI%wzBAty zDyo3KXnN|4Ax+>kScABVCbm-?fst~dBx@es2QqF#S!(NY3$BjB+$(qROv{k)W>y_i zicar1B@E|nvEJ|OXf8m9tyn_rUjkoAZ{?W_^I+QouR4=Clxf zHlmYS{Ss!BBgkXe^~G!!$|u+M9aM~F^97!myjDS&fI zv?t^PZ|XNh{&Ul6asv=>lxput^KHt;0-=8UJbE*eNro3^!L=$USui^i#D}&%j$S;g z12a1L$(KwTg1l_D_w;aKCTUjKf?gXu`ft9L>FB)rDbpp)fnFL1qE!~*m~gssj3eTv zxiv!bH_4XSEtdt1j>w_%HG=~8>sa2cnD&CClTl??WOW5Z%`EpDyqRPQPF|V;$5IB!8E`svTs`?y!^w^G>gyZo*$G#2{eXUGj zld||>hx)jU3qSJPjTY=mo6Ey|&WuVGn=UyiR}ffZ(zqY)D5S%UaJAZ+JpMTPtt~oM z`QLO10K$IXF^~q$j?|1LMd~d_7rnPk=AU!Qe5tF=F&Ss9F|4)G>h4~QiK}7bD78VK zx)Dto91SLC82iy`b>)!`=*F;SZpx|571dyoSI76Z)1x@i4r479L^HnN026c0kd)zb zt7hyqX;Aj7BapyvydmDE{7SOF&(KR3gU7EfEU*<2IiVXkutCNfuAuyn6yI>ouO&4> zBkj*;oXWbh&k*v8-^`sFd$~Mfh*O>__!@uySzf~3U3a9K5sBRWHJR|X*4fR3k*N0_ z2mSs1`zf{g2mP4nP^j&XRXPtGktw`ATTL!BD$mMn`uJv_QcAVqPgUa=Boz{*Bx9e_ z&JE;(N(sC7!b7l8oXKN}(`L#iQbV3 zDwVN{$S{L{n!_0mlCs##+DGZcbad6*zdcO3b@93`^G|AMG3`5r6|jVGlGsA7uHRB{ zRcM`HHeX)H4!{JYs<8e+z2_h1OV0w?{tR)hm`Bn(rO=o~0;+vCS3Yjl1WMYZ-<0Vh z>XcfdzgppMQrUL0SZ`Ta8ggQYPUTlNSXM_OFq%dsKo6UrShbk>IbQYC?#v-i8n2pO zFYfjnT3jQ=<3@^UAv0hP6TTEAW60c6W`XJ9hdvPW#su2o>en?L9tIBP=boK$6hxM7 zWsX1Z0{A9&8BRc%V_JOd8=A4`rYCI`3kB_*_10n!@ojtbT}ZH6154VtIWs0?r}s8k zqJUbSqWt^X(>*Jye_D#GwSc@9qb-qzT*bAOL@n4!=ks?DQHV)bL#AlV>m-v+KCiXE z8b;`U6XIfua2E&746|>Z>t{Xcdmr@IWYxA-YPXE@INz*gsDGyH4xsqJRdnMG0)%|j zwr1kW%La322HCrnGN_4z|9v;zA`7JM%5K6bY-ca^y&P1+Scxp=_QF{-2%?%!1*{n$ z+Nq3T=X2yBOZPtsPt3PrG3Xo3+;na{gk7vdn)%KFvn5NenX0>e z&sd^fpPdoJ_*85|r!tLVLvXvzjmHq(KK_=+k^I?A^j^(IR(Pd9+bHX zCKLWi&G|5xv-u!swXO0Re1MDR zHY)kcq6S_2X=-oO9J=_;VZK0d>zp7ONu)c|y;*T;K5*BJxP+EWG?SEmA&_C>-OZjP zIKRrskhp0)K<}mYVbRpxe?~Mg+PEjXKU+Bd_SkMu<%lP05ncrQ=pSkfz*_7?h zG@fF&h6NdOIsclrp!29urL7y8fTgY59cpSLp;ztW?3@D96HPz46M+c9*5_zRlb2}Q z0=l<83+HyZ>=jaOKkfTE*0hIEJh1xaE;r>-*cggKtRKn@ znG{}yq0@v$z8NgXRPvfTdYaZLJF>ZvzD5(#>r-F+*Qr;>p`OP^GCv7ruP;a4X&~<| zMFngo&=IM5H^n6=o#(4(+m5jwmW7^M{R6hToJqA-KtUeb_Q5z)s9=85Bz3yIrZ)FS zR`|Qoz_a4+yI-rXdxPAdR(z}0A1JrUK>_WBGjC@qod!&@HrF>EnN@#JiJAJps%3Ii zrWzS&Uvdn!Yv%rI0(3KJK7&m|OE&kcOo(X8?W^P2m$5#E@=0(vy?%h2{U!@|rYlfc z045vhPHWcOSA)j=WZsqOUN$GWD|!e~)Jb#}HWofMN)30%_L5Hx$hb)*&NwBNPsau3 zaP`;{`8LUSKG42xD#)iU3(JUUl-G!9I|Ff`3bRtS=1VHO6Ohjw#vw6lI78A`RrV7#q>A=mmIJf_fO^tAdSmpTjLV z8^*sFfWRRH4vg!Kx-IYNAb@#llSr4490KAx2&vMsZ;I9+*w{@}mx`M6Q(^itNws>s zUfII-(y=yXrk>+=w|W^7vpdJ9nsSUGw~$-eyONf;EM$#(d6&K@*v?JKmZ0qy z!4MkIJ*N&eIzK*2NKV&Elp#6Q^?0we>7`*O^H3`Bmj=;s9u55`Ff{fV-JISMN%`9S zLQ*-wk4UsdT`sSG!8Y=nRl?TZVmh<1Q@S|3E7CgEmjNyhx`E>9aA;!te!}0>h1ry! zM&A%;FTP?iRy=lPkYkUtdOt8Kt~zufR#D8-jG+*7np|L$En zBuuK>)mtS=w^!1F`YHacL%OG!VB-j%cy0GJ@D1mpW|SLRl|>V!>gGM6Gwoqd1cUD< zUv$y)vI0NXNPIm`#YenV;|djbDV(~(t!2L(cyW6D&8C^U7ZI7#O51T2bCBq=TOx2b zdN0U9oH;pNO>8_FT*xLP`Gvdu@WZmwxpt;Mx6iDh3dThEGhS2^`b_HP0c`&Um!&H> z8Q(3n0-v7zTO(_647%`}e9p6p*mk$7?(%(OGi>N*s+la)m4Fsq<5pgUEo;Hzgyjj( zA^SH%h64Z%qKE2aP8AdJH#v6AIyehd7KD7FLm5V<#HO?qu=La=Mrn^RntHO2Nz%yF z(-jF${D_2@+>Sr4u2vwo3@K4p5PR)2n|iX}BlT#qiIuWKgz#F=n2WI&gZq%*!Y`)& z>?j$oZkcD(hnAszNnt1W4~X|r6lAEa)4}8e-~-G)fLuV4`mGC(po2=vH?TI~J%!kN zBj|nAxFiInsK4l}JK$v*cWA@ZNsFzI&{X0gDv_1=+k3$kL>@~qjLUqGOfu9-mY;gV zDmfGqf`-9FM42&6lw_pE)FwX>H;f}k$ifG8HDSlbWVPfYCxBKFuxl|fZMyTuhaEb< zmq|(5%Kq^OuZu&|Mr(Ce?$Mpht*&!7?nx9W*IAgS+GX5j+3-@Ue$K<*I zmvAl@0fr(-fc2=ab;2;KqL@d00DmAow6rQ&YYg*vU!P(4MJwqCkh|l^E*Fs0KT!4> zNbWwdbp1)~v87&)hvWp?u8z{+W41b3i{)0d%_mEMQjK8x>69V?AU%et7;iX$Ejh|b zTLp{C2puZU2`8DrJ)s*8YY;ZjhvzebMk+JweUl{-buQq+tD;QwVEllgq0k7<8nlnk z=Tfg^*zRd}KZ2@|(X3W54DHPNeDbPFh{=$TRz>Dvh_Imt4-f7+dt^5IgYMdK;o7JR zG1Pid{$w86Rkpp~{9W-;Fg==3(W+$BkU~zhHCyztztpKt0AHBkTcPqUi>Uh_?QN{w z(tIBEe}W3NqUnuI47m16L~(U+CePwuU5;-Pc>EA@ai-aF#a&D$p~kK=_oy$dHby7; zrbRB@A)*t3&_A-fie!=fn-Do7p5ta{25o88%Y(~9w}5ghf4W;lr zQDQof%8NV!ABq*mstUx2x<0t;lV)&Mw_SN~fo6zSdke$F^cT5F?vSyp@*TgjCVtU0 zd3JNIuXhCSIMvXa>gibQN`UZyGE=$~P){?VU^llyIUcPfBx1C%59~QLixGpPs=6v* zI^CFRlajDfGp>_Zb(sZ`GYb&-Iz(`#cy(O4-nXp=`=hMZB8W!P0$})Pv;)X8&dy%P zi7m;><4!~8*GzRrwSNVl7m~&p=_EwB0Crpld>TWS@_HUb;{=tSjy47u=9;P$uUB26 zCM@G6NLeE^o6U>!uEo>_h-Oe$VPfNiAA3TOq$OYmQCzk6{{+E2St)ZnDCbMx$W#$p z&2hUduhM066)oo%CHK<#*19HT=do}0FC7y1@f_(U7Vzeo5~B4ba!e4qq=V~fIm9Bg z{)0&A03{l;wawbxRJ2Q(4GYEwX3_lAa2x|MB^oCyHuqR%2Z_~nnulJ4c{6WI*?(p4 zBuy*!rWeYVZvvyO`ZG(-AC8CiTcin{``7&H*mSI6HR4k&RJuCKrMJ;aVZ?YqAzs9@ z(m`+(X%NDJl<$dlW+SjljaADFQ8_kiZibj};#UyX(|-%Z(?pM{LOz{BG#Yvaea}&UO1;*Qp?)C)ul=+=l_WU41HS&CbK$ymwzYBr`_JdLGB@=?By-d|c zr^PK9h#^{s(q+@eYV6RQB@I^r*$U}k{XAC1eB-6Wt^9N&5*n%=5VKLBMmN{w_)=&0 z)Mz{HPR?ZF3`SOIf@zbO`O?zG5c%H`Y1d$@&rPyUW-2t{Hxzo34E0vy_2fF>Y?^_; zW2_7j<#yx;t$e40SAtzi(e?6`oHMc1>&t$Swz21Q>}&pVU!$E1tiaLPacWf;(qTb# zq3Vc2+zmkoSn0cSr*(8$NzUY@PYP%RMwb<2){#zv@M_E@Ds7PqgG<(`U$^hT(%)VD z-&s9m1gt^q4z&Yg3s69rY0Q=r6UlX z)}cKl@+hAdHHpc^LRYo{$B~|fHQ-wjd68u8E+%dA^qZ69q#mB?HLk*9%SZ2DtQ+H; zxxuV$OaMJik{BidCIK_hbR2rUuCsE4c8XU&>dQ7>tYG1h1pf zvQx4Yw{0#78~AFfzx$*)dg{?{3TC=g`qNn8_NPxgAo&&+G)0mXCZ1WTIhNS*d#HC? z#{P6Y8lN2KR6jRYQsx%nfD3>#BFu&~`mS!B{`hd}K{8B>2jgduZ6cwFIuN4(f~zZH zxIs& zLVs*V*}*mkdQ#7qblCxXqCOarxl+ zSy@CC`)?qg2yazzBM~MzM%qCbMibD;*8E|a*LB4HSzWa~MT^SwRi53a7&BsF(zrW+ zh*BbVa`{yYH}@0Yyr0|qBSjFA%0^$gcuCnreOc474uiF;Ea~vDl1S!~*Xz1lu^C9h zdQH|UyJTkPSC3cPbW1<-+{=e%dA@R%pPc0L6Ps+XzF|5=)4iuyCU5`iY@$)v(so$e z)#hOi+LD9`LD|)~)a3Ks${V;Zj-~{w5ON02k%CoG&IB36LL2qUNzTl|OL&5(@r8Fv zI*Jul3USO*`06G~*?q`q9y!ZuzJ+<_EWjGOAN~@eGj()j8+JkHFh(J$_vcy^WhA6| zCa^B!3R3K;;`R5~CR~c>vyiqWSE{!0m3W4e_BZ1t6&VJyuDaAY;7noH7xm|e@AxQh z;8`oGz~)U!X6Cz(YkxQOQ1jpGgi?*uA>wZv;3p77qn$~KXOBlNfijjXb%;2?S=vvM zJmrZ&-X)%adAhEx;Mo>0o&~OY7GcqZ)od#FDP>jFj=MgdxPkeari}}h#4{9U`Ra27 z+lOpz*)=|Dw1(TZOqU-%_q!|OozSykW%^^B>C{U><4?>q`CkRpLsHt7-JO}>F8p%e z@-dc##j0SYl&h}(=Nf0BQPxQUtk^SCg1-@Bux@-S9c8KCM~Vm%A0G62oD#+Dmw0DK zBa)x|?+FXD@eUPhA`l^|ra<`MrXEL<60eO8sTp#Jl{l})nf6)`7`%in!JS{X#+wr( zPNN}j%fA^Zms3cUL1KaTueMw@esI&JLnhbs1)9shOi6n4+dvz8$5Qtt25wTYUH`0Gql%z2oP*p!~{cH!EE$-_C~|Z3kB} zQ@S2D7IVt)Mg*5OT0f$42bv=1X^i%MS2)#8OtHJfX>@~ET;1O-1V9&ofnHQxj7X*x z@U)C>n`R%|-V4>{YE$ZP}hxVyQR4pJb+=z$k42NgzBa^(d?sf83ZP zF02a+_uz7)W8T@!%WV5+TMsE2c@6kFw~Aa{|wx^5!t2A}We z18)6TtF`uXT0xPy2g2}hjB!xif;UZA3l_*@-KIUgehS2YWt6Gm;+T7$_AJS_VH=S^ zK^%o0d4#(xIZOZ~6n?vNtN!P%;yFCymxTYq%T#%^kh59<7enouna#PMbwJ(Ti!$bf?z_Sencx=WK zh&ba2q40!pjv;GO`tgXG{{fxVD-OAbtAP?Z-$j9g*FD zkOk#{7zpM11L&EX;)@0m&&SQr>6faDPXArhjC&tA% z$xFyrOz}%T%08YTS0UDJt{fotH(~JHI_Xt};+8KZ#AGd%a|yz04W4piHVju{)LHfQ zI$U>881fe-#ul%#@9;||B93Jg8CWhHe%F#<%Kgp&1NfQw&#>)RQ}A0px_4z8ybt7O z4TWx`!}WYobllA%@XY)KhtHxStM7>K#`gz+u~2#dNC()Q`s(s%B3wI#$L(9%i%+d9x+!7eW=?@Iztll8YXSYR2`ffh%<^fm?-SDe}$Hf0O*iF!oCGPe` zVrr3d_^y~0{bI63nvdmA>0CdQa5_^(T|g=<2uG1!j!u8mZJ!5Aq#-Ky2@3<=$-I<#!@iw z*{A&GZ@t@pL}2G*v}sc6aDKzJikgGQafn0 zO+mF{=Yj#Dpb0FWf(DUArbdm4=GWNi$A)?`9e64Yi}<3I`x!}K#(h<)A+K308z<-O zy;I~PG!|!ax-<%g+TwQ#Yk&MWLiYN5#(1pEW(oK;R{-s8NxP!!l*#St-?=_(LIF%+ zcYCq`8COUGbji|ql0Qwwb9p);1rhaxNnyQhTpGHu?&M`bYW|$>QcZYVP2!2|gtX$h zv0;X7ey+jCn6*KOv4!@Nzur(9kiAc3JygDF8CJOvan{O%y5E{GJiYWw0_*-74-gkp z0IaE7OTb?wJ;tcU(GgKwLTi>&?2aT24WB|h{0yZmQh}%^Tb$dqA|s$ubOKujpN+cD zfKJ^`oen1BV9s#(Bc|db4hnr`0~kaiGa=RD4p$4p{g9j;R0ycFh~DvVBqGIah1j^U zD+9Tf#YORr!O{+X1%=8V?J9LyJ;8IHuNj#&qnDN|^VDyR&bZHL?KEUXDELBq(+bt9 z@l#)r?K=3lgXRuW?Y1NMK*<%Ls_`${7rPDkXA;b6 zRD@UZrAxaMvQ;aX*<_|~NzX)9@lUbld$^)<@$M)UYw-v)Y(=T*3hJ6Wp!tJYZcjut z4B0ALr*2p+I{H=`bY)L3axfk&Z6VQIgZn@-qm=@@pSUV4%QH+etyJ(~W2*e+HBZs& zHCukLbiVq9jxH#FXX}Y-I8o&}7m)LnS~twlgVb8XWvywWd9HbI#e9*M#*1q63XFUq zTF6z@0eP#qigKIP-g4Rsz92r38W(II0q{aJRb;>Q#n)ioe0mU?m0}$w8_8y0aYhwq zD9yJUta!mqQp@E|J z_J?h9_%b0SfpsR|yTzu6F$k~#cJYPUn9$H8(b*H8O$x9EnhD*z{@SUueF9S*V{U%9 z8Cdhb(D!&X4t3w?54or0aE1(OlD zYmytujU6l{i9Vsq?RQv(b-ZtRiZy`>9`?wNi>Kym<8e2FGbJ~R5>>xf>hJ2K!2vae zm3*aLMrDygGpMnB_;D76WCWj#>uUDg4;YJz3>~Va8rb>WE}M+Go!k?F6PQuRh5E-x z`l?841OnL+S%7+$_U5TUR2@=&rFcZ;6*^pFQ;65-O}a~^^DYVcRCxp^Y4lRc{8MhTAPSk}N12xL)FVVX9vdoRI`SYdlW)`%PeDOPM zg#wgHcBTZDR|}4T z`oIx+*&oHUKnfZ4l(`-6x9;wVsn!zPKMrMtJ!O}ZsoDxpxo=HAZ<(M&_IOOuCO=g$ z7A{B$CJiE0u%e6;R6UvOc-xJZzPe?|VcaBYNC5wQ8RLF09xkCPYvF^*hY?L)mKzzY zd{P2lb53ca6~YbJCOl`h)kX7Z#)_j8YDD;kM*J0e&GWo=MI>AI|9&{}tAKB4_F+wU zKnldkwNwJN^SE`+9oiXs9u6-p@ukvFV=VfmakI2K%4(Dtf)x5oo@&%sB_IPI`9f-u5L$({L zbc#?HeNMsRq5p*n!mWq9!*)b{6~7>1bd-F+{)#nA(YX91&X*imc(SEl8+8^nAnc?t zwvsKf_N81{C+9x_x=~{qP5NVJ9JdU|Fq}E=2hqGGMGD<)?~8a`Vshk~K0$$ytu-}Q z#;BUWPY|w26&keR41!u=M)%%JygV1iLpCW4i!39Gm}Q^Ifikt6TQtuE`Y~7y@DgQdqv(rGm#6-EZh{ZZ7nt1hU z*vK5ydBuI@E26+X*^<{Q=Yl{WO@R`101>?J(t$3{s+Me-^V~!zS$*bkJ2$L5*P$$;lRN(Gown9Vy~# ziE@v^MYwsYhqDX^Q^b(twk zVZ7iWvl~kk@u^ZRx^oJL!$4Jp{KXsM+_ZcOK0!pO(8%lv8>dx?z;niC$O!6xcVMD# zL8~=4rXEze{&UyNJsL8=rRS=m z#sEH;-i64jW_}B#oO9EpO|8au7J&!4?Z|G?@{2tu*d9_m=VQHB$8KRJ50`d5H-2j% zLIWg*NO73_ajijBc2I4{9$7)RXv#k=9f^`6xfT^wXT+gP5DRrkb-XEM1W*U?wTr8= zC2@*X6lpSC79ZWd>kAu5`zoKAzlM-%y15Z04>|r+OHxKdwmi&JrZ6W??tUq z+O!0z7q&=k+}InM3^pD+mb5*V2itMbaEGp7cghgOzaHYQi2#Hy9q)*q0S;Zcr(_!0 zSyt%3w0$Ym6AnlSOl7yJ`L&qppp0GK?Fa%WgJNu{7`H#`nmeD3Y!;0PD?EJup26jF znyaE4db1w)He%k%fys^TL{Uapqg1H!4b&T&MrM zcJQEP>q9(J719beH+r^58}aKWY%%4TojKdD+FuZrfg6Pkudwn|R% zyhw@=gCAP2U(DX&Y=C+s?$c zC-%ge*tXrVCr&2G#I|kQwr$%^PJj2@)BoSKdacr~y{n!wEt9!HTli^a&Q?y`7w`XI zLJStWWet;_TvO?d_9^_XwkcQ141@%YC2NgF1A>S^F$LIFCjJVw@*L1HtsEuh`3(_9*p`&k6e1|Y152hfODNGtPSoDR=0aMSOU@h=REE4_5jG6dLf*978T%g^ zpoH`K>Onm1^C(+9?YIro7oMy=%vRrXq!6)>1<~Kc;gwf4h&p1U=hCr#Z49DRwj!zl zB?X4l#Y<3k&C2m-P8LuXqs62EZpdcU&mp&jyks!eb8#GBl1S*-lpied87e0SNs3}l z)`8EU2dCq9gxjV6XT|2E5_^}+q(QhrJb$=$FYOzBOJ8na=86Hv0AT-SJ$IF})Y;o) z633DA6tLx3F9UA`o=>R0#sr2ZY8vI1`s8r7P=c8Vr#b0e$PVU8u7v>XVSv@=bf;e9 zlcujP3`za0{zvQW<1){;Sd3dADBCS~meBFY4SpMx-2EKnURGYh0I-5c3&&-Gni?qm zxj7(1`t{P1+*{t16zn>Hzg&CjAl#mSW{$(o`;Vi_0-QSnc2Q@cE7){?4SHN25w_uA z;Q`V_v|xw3L2f21cL8$==6cqEIma5Zr^eNyzKt-otuRW+T)mMDKpXXht0f_u>Wb!R z-Z)SzsiCz7NE7J63al~6JGRIq3WHdL)I(}n0nDN*~AVqVEsY< z{W0=t@N;w0WD`6DW&G31>kA;^>A}J3t~4%xR=NJb@Cx@iMG&V264Qpl(Fo!rXGU){ zAeI_|kcwO4dG3y~S00kosM7?9N$9LmrX-a8Dat#sofFMcvsvp~=~%c3$SGSY`g;rB zxG|$mDXH=n%@9J%AJ7#3WIW5m%uiG_NxMBuTK-7-m<28xkji+l z5DjBeE&pNgvy@lYvZ?fRBK|3<|uy9q>5aN=H9fk1JEk0|@`tQ%m? zk1H!_X@7?D&lR!K@c4I_jPgq2%zd*QTs;T-16?`ex~?Wv&begoBUDs#*0b!$9;To}p}C0-FS zF%Aq%+@`&Kt*ok0wY;Ic!RFM7di~0kW-a1UK~h_b6^22KHQ_I- z^w>X1u(5v#+#MbLtRKzoUiIJl_$DI*++`6z=#RFB+9))H`ugE1Y2c&OFe} zSy%A=L3_nC2b~4F%vz~Z-qbvWQ`A}L1)_WmQ8^s>1P7j;=eMGEWc$y+wuKh8U()UY0(RJ9~y z*$7RPoG3xstgltD)xs?k!N+SmfzuvD-g7TWsl0x?(VkU>lcYkiEUHl40>)Jpj<)InwJ{;Ihrzy{|#8wBZ9&R3eE9DF7e-QHZq;p(r73p0rn#t|86`)IP z8>g&^v)FOtO=kn>)h%>2!HrO4h%1u0fp&*-Gl}pPYqpghbD+^FsU;McpOm-zG=+yw zsTB1fjk!Sjbo_AcKA|j25>+@xx*V-SgaQsVY1}lqQfL?6r7V_4ij^cpnZn!{eLe06 zS_c3_Q?rJwgN6&G%;N(&tdJ~l06-U@#u6-1ZBEqB)@UeD^+CoK?4wxj9PW$< zmc7QwMYaS#j*@wka%Eib{ZMhu0y=ED(*n$WjN9JMj?`9)^B*}li9(L#A89;ju6%ga#v8g#=Uw;$8L(D9fBxX`$fE|R z?$06e6NrZ0xXd6(zW#2$>rLVp?4PIoDlc=0qKj0n^lO9C3yqMD{>sYK24JfEplxSb zZyT0xtgX)sQWNdS5>dDu;%o%RfbO!lg=x)=fd}dMv^i-1v?xW%SQ~<>sl{s@GG?79 zS)sW||3^Cv+m8H`kkP;I&pXDD_*(80K()`f3w5;<3p0^7f7n#w49hJ3-z>nZowSEj8>~*UOY8ag|HeV) zT~3Ma@Q{{rBMfPma!<$9bLJ4~37*s%`CjOlqq=5Lgq!crMYuBijfwfk`o^M~3Nfo0 zy9K?Q5Cz**^6~>+L5t;aU)wntEO$n7Ceag>a6e;${r41X)=v6mKEols?y ze4nFb4o8Y~@^2LmWnX1ADW?FX=YsI<)VD^nPs*76Ro-aG-QK7%s0y;0*iqJJ{Z+{u z3M5`m{YJ+*UH$Or?s|Mv_S#>kOL_0*g~5u>W88;enu;*sx$q4ngLmosv0> z$vS9;M&8vOX0PHWJ&lNKj|`p?ppY5qcYfTItm^Qru~d#jBK;XXdf$<36aQN(=$r^* z3GF_7Y{yIlnA}y&A8t#@(CyrBtip4VR1*e0pzXE)HwRLeIjV-07o{389T;GJ6MJ@+ zZ-9c1ls0mtPc}6-Gh}e#;LUO2f;#EAU7Cr%#C}JJNi<@3mWZb`h309m^rS)LJLooK zO9xVxZIXbA!(hMZ3h~^G5Alcy7S!Tah#1(VoL~9mwRH%NkHx^ujFxDRmy(I(4DFP|15+~Qur{tw z5|~Fte^Rg*k>_EGaK8Z4n1twdRbGNQ&r5 zQcZFW9uMk;xWkd_v0%^1mS|!I4Z$^ykL+KoHl;X_f#}=+oZ;<1XSfTODMoI~wyA@> z7I6EKH?N&(b=n{n&6ka2&1W;7AFNVycFvgdn2Mo>g`PU4jQ|%4qdMDM8i2S74*6h+ zoJutvKV()o@@`<FGov^;$vHqpqerv0CvJ^?E-!%VdUMyD$FFaSH9 z3o9TC!J$=$CuM0LX<_tVx~THuD59dAt0@5CA9QX4(m(5{s-;6aCTssjMr=BZC3s6s z?L*W1Ys^pLVL5z?jFI_aloO%ySMM$z#_;{63vk*3HKVAjB|smF|{!Xhr=RFkISsUmCo z$B;e`rC0!%?6@xWv{WujbxkPF7JGj|H#P#8oGgS4%LV&`SFLjHj(Nu?0SZENXDa)M zC55B2(2&6qsSON}oE?h{QHkTwJA>eSY{3A4e?7e2Q2D-WuG|w_LmvAH>EOhv%A&12 zVW{D({5CUly5@wX0*=-E@l@Y1-D#gbsrEO*hWobF}Wu9#+Fy1ke-|l9RAUe0p*+viVa5 z(!V55c%2-nDC!crthhHvL#-j6SWtCK?l1m)4$;tWuFO3ZK+}=6~yXc(i8`T|6|1XngY`xiwpuk-==OSoRDXvm>sllFv@rH$PKlc6FG6YQOG z%3y$iPqJNLi8Q(Lh@lJ_T{WJvOYUM=QvC?adM4{Bxm4)#>rVW+HhpIMm5VOw)^{X) z`G3G6XX5G#sbbt5pa@$CCiA$5@!MlGjvY@d%wb@m+EWs5(#c?JV8y^JV{9p3evJjW z!3navwe@tmoi#-ZzJZPMi6MTnEqq#0UxnNdlpVt)$KXLsNGJ;B>$mngP6iFAEdsoX zlp7$$$`jq8RL&nBml&F3^5Wz~a+Aeh(RSPsPmdc?T+E3Yfd8jT&X_rY;vAFVh>NMz zqJ?en)PVgycr9KQ?89foPD*vnXvV4z(VxXz6e$dpM|KSaMOt8_Kbu3b%hk( z4v&gL$`Nr}`lcXbUduU~eVATDTFBN2orN)N17+rbtBfs>37WJ#!Q<=&jxuwDh9Iq_ zzVVxV3N!8wJg--a-aJz-lbr*viSgXYEuj(8TK7s+GrUm6&rP3lRjn-Lyh5T3QWeo{ zUB^XyMmqW)pn-}JW-`ipxO_8~n~8U%=}-YT?HQ0?nfy)2a)BBIp55nCLX zH_5B#6%q-powP`a4BngAQ~9M#S*s^Y!1={U$eEpKN2=myZPW6DRTv>f&rjJ!E`dqCNiMtu5QoiM$s48kW$8VYW4xJh?=5isyJk=H zTrGex>h#QF7Z-Yq#?Tt$M4t>>YZ#%82fqv1=~)HM%RIh@!)$;KVrq_aB6N*zJBSN) zVd6+_>u1+1Eo6pEb;F?MVClw9U(ahJ_%LvTcQo~s^SqAH%~TV-!lf0RLKnn<-I3E> z@izIO1zq2jyE zA{hIUBUr&t7E;gYR;TD}9*&&ct6F?tp>OfobdhpKnl$55O33=Wyz4 zWdHosylSYLYzb>zxZgjkdJQYk0R|z#k%{(&+6LsYTAA4Qsn0<>9fH+FWRI57;6xBI z@53o|y|6#ksMe6CvUzCi!mu0#Kf6v!|4wuFm0Rwem^|mvO$|(NH=4QNcZsW?J8>ql z_q_2jSYoQQDcj5C#$b1e78Tb9^vcAJv&3%L zBY&xqsi_-=?*}v#Ziy#I!@;8mUS4pXEMPfOHGtXWz#?FBca(^FJ2OZnRs14A#O<0J z7=oMlrjXz>fLvTLtfuiV;vlGyLP!cP9W`X^d{neJz|x=!pZrS(A0d{okTN4%rTa@n z**sps?lL5tMIJVBD1>wRBzCCh2bNOW@~!4VG;HFh63#yiMgxO;98q>DR#^&mnDxjX zo^n;%A-2R?N$##YU1B9zI%VsyLal)+N4mlVf)@vSE7Dka&Ql)N*6?P^FD0a;;RNMm zI|-q-x=V*wbpO>CA4Nn%^x)iWT=M3s(kjKLq{Ia8$)f zDwW8^e`P$ByZEF+i1G6A%&vdsQIbkc0KcuG{77F)BiKCK#2@s>BI+uY0hyrgmL|LvIF@5{RbvpwjOMkAFrT0gFBWV zgISz*(m``Ae1<jrK0UUU9wriNC z2WB1(B1v?9ImVWGOP_iuWDZF*ocQB=np43vB$P)Z9v)Kgu0`OaP7*{(LsK)id zFPsKu)o-iJSlZtfYOd&6Z`0f}QiW55MPPEus)9MD*0hFRd2RkUF8_Zhn{D!%v5iTS zS9iPHWw%o{U3YMQQP3*QFOWRi%LC6~ffjnjeqPEF)G{`Yu|zX1w>BUXN5=i~^u*EK z_6ji_D`W1)f=@v38m;+mX&7#4Y>l!8`6xRHr@$i(M#lm(OZr2_eD~x826BUx5zZpd zEQJ>P%f`;mRV|)8gj2xnii0^LN+fRahRqZlLl5_uTP98^4&91iFv0MI{EVaU0DSiM z)WO^F&!?ca%HU;N8xA%pSsnt^&s+Gr6gMk_tCBI6?5_bj4#tSDd3QD;V%=Eh(vCf> z{HqV)AKDfxRUmRdW2CZH2zK=#UB^f&*}HjjBi4D2FW%vfM_IeP(Z4{`r;eTd2;0-B zzHS6w8d&S4dhCV;Jx_AU=yzn@tWmrVS^sN+;elL36;OER%b`&)rE|zvRb+Xi?WUu8Sr20s^up=Bd4t8;| z8HjI^6M^OH0Ym@Z?J3a`F+skND!ayuHoT3h{WBXjPkN8U$~ZF2Poq`h0;=%cOG^c( zfU7iL+%0UB^MP^*meUb6Q^eA-8fL9odI4z*4$nL?2hUw2&Rr7IDhEISi@4vBPcui9 z1LkPQ>W!EFQwzc-*Z*~hSAR&VLx@idZDSux)>vU&NVXzGQ^(lyBInc-QoI)+JWl}k zkXu?WpUzP`lR$0PpMR`5bzm&2n3*=T6T=1Al8ehBLPu=|i14=sW!H{Rz?N=m6iVFm zQ1caKTs+R;@??!Dg>9JQo-C1%ckE*h=1cv$YVc(jXDxQ1iHxN&K4mGk`#DH_ zHZDhyAYkg{<;6|k8}x15ON%CT6gJ7-Ypv$RY!oCm=E>4q9g(G)LLP8bK?!O89|m#+ zrgC}tR}7Nb;=8xP1f&5#kC-9WwwqFn{-+4~yjVQAoGw2XZyXnjYI7k=oVAgWF!*b= z`yUwCX{Vm`zWBmA%$E6s0WQzk&EQ70?oj9z6$)rY;aZiju-9h>}adxc4I40lM+b1-*0YehHN*+ z+}ZgCAyWEv1yG|2@nK)9r5vo1Hh(3)05l-qaUD>sj$s;@_Kisi-M0ox(}vB&!oWdz zczCqvu^hZ2WDPX=`o1*a(KBJU!06xHF%gSv%z%g8{xtqYa*jgA14otx#A{5gGU(B8 zFi0bAB4faAu}Y<;Q%P{e8`u@P!dJId0(-JXQyMXa)Ku}xdjxkk$T_J~1-VN|V)hMNLqnMGCm>d(sDXK`>bv=8 zy4yLtZBB_Ck#td?gRkCKZP0SzT`Kl6Ne=kSd(2C3E5a-<_7h z>C+#TPT5R%RM#)HeioctJ4aYi;ykzC9rTki(+-*M(DIU@k@pRo8(ZFe@%Q0LXK zbEf7t#`Tw5ih?g+hf#hk9ao3rcv~r4dG6cL86U0N?Delydu^Y7?wOZa%Hz_Bk&Yv? zJP7^XUcCHAuurBj>D$-Bc;?j&N^7>w2%LU9Cy0J#)qa}qJMYk=Vpmv2`?yl46W^~A zhlI=SkrLDIn-A~ZO4crd>eiPxH#6ifOtyB#RD9e%tLoF&_x_Xf<~}J;yWO?vTLQp; z($BkXRmly<-Ex;!`TfX=E2GK2Wy{8f=X;YrZzL$z;L^57cuCjI$bZ4|T4rrV#l*(8 z&b$2e#(z45cV=BJPvj|Rvky`-5Z*CpWM~!|8v0coGn+d3>fEYxb$yM^jqL#d3<#@S z`x71BXJ>TspZptu^W5u|sMTTIbUm4F4zo|6K8_sBlax)lhSRcMUtibO)_#9~=b9ui z!{i2724n>o8Cbj2^NbjauX+JIwM($7oMVG%+R z1gd{?z&tTEYczk-h^f8B1`e;RFefmtnyTMj zz0RJCCM##B)3r}8RG)6Dspa3dp3c5)y5HvM<(soXx$vD@Q-{Nwy1TpU>-Q~&pnU;= zgWBVjW2KY|=>ZHQulfBbhK?ln&orHN^?fZ<{W$M^O*G~cqey8Q4^Ef~qkc8%TNnm5 z=YsQ1SECm;XlQ5$0p|rx6JePP@w=7t<%6j)v|g(Uq{Kq(ID4RB{k(t_%oRY`(N%wq zR`RFrB6hDVEtk#TA(h16-=9HZy;w>UjQ%$d=~dqzX!A3tU*t;_SYn_Vo+3g}wCI>c znXlTw`DaS~S__kPJ7987(` zP6tLk*M}S9la-vNJOrpf7z-O38zGUoa?Q5yp3SFUzQ}zWx=vSZz6y#n-FHMnvpd!tsU@ulm5o?wW75d-h+Ukq69WAO|oP!Dnq3ZZ?Mb!4VE#4_&EjR z1OKOaO84QNV~xnwTsne0iSmfz3_t~Qhn@JBW%Q8Oup8@Uy!*NaBgvmK zi2)u5!cdhH1Y?YAHSP!IhB0KD%cf3Za@>1d?+RJt|rDhB5kvhZ^V%Qblr` zd9CpnAEVbQKR}lZ^n1Uxewv-PcIW4k(<}d4epeaa9$k!IdH?KIRaCrK<2#>$>t(X* z{+Rq*(?bMy8z>`UFC)u5p1M(#yTRKHr}5p{0apEkxD-{q`u z3Vvcn0H)Qh=o(et6f^Mofo3EYYkZbcwDY2m)d9gRmX5T5RY30z?dprv?fHM2kgnzu z$hlEg%TEs0b9sWgTKGVQPhYqK<`o@JdtQVfeBn;H*%ZO}q31#XI4G#BL@p++Le8eJ zlfyh|TembZGvcc`zIKTrvnIS?J~UeDstt#8b00H;uQ~1)3^|v^!Ol)ke#+-UVsKLl zs?#}G=49JG6pw*1bFKjVqlCfRT~kDX@eNO}pBPd;J`zxF-zCFk0r|VDB^)m?{HQ4H{ue7T_S-tklCngw#3KP8F zY&>rIam?OJiJD@3SF9$ZCBF_@EuFpI)4SO^-zcyQmo?E`3;M;nb`eLRui(#4MzA9L z4Kg1Oqv$d-_%sGX2CJZJb^n3>IMYcf7z`@LLb z)Ej!YL43DJY_(X0dRECHn%qQfr#3akQ0o>Zig&(416 zY;LW0_u%5Yb}JD)-k|IgUQLv2xyL5WY(aQyLhj&P?j<)*No|bT*2((j#R3fzl};@X zl8O7Cz%1Q=&Kg|fWU`az*ujxk=q9@vC=A)6RYtZDeU-a=fxrbXCR))xE?q`WQMBiqduVM-xSYh8ui_1lU_MZOw;d@Q>` zCM+F`gewQdh4|z#<)OTd>D|9+ro2L_z@Yl|FAi@AoOVTwXOBQbxYunlsZ%7SNYrDpEd4e)>Uw z1>#zxF*#?PB}CEh>}Sj6=9PFKqPI9SB<}m&p4_~BJxkXf4etjuqWo&G0Z5?@WFe5j-GQh1$dc3NJ z0nPtNM#Q&0kj!5t@QQnRVA{iE*1g{Ezu+;~8!EVyqzL&Lh6=C#gKp%OH1|ZW1M1GN zX_Th#$ElL?L9qiJ23;`ZN+o4;!0QZ9U+s+R?-#iSuB}B+&u~ow5y8>X(bCeAEF;+T zo{|JojT!E*2zPLC{z!_f<2#-eX<33Y#2WE7fAoK6pe z9oSwlSyTm629r{ogEr>a-NTx9+zp z%^G>?9fo6`u{3#st7xJUDfQT-%2x+nxK=s5qm4S{GpLA%HzH3JS~!+-(5ykHh2uFs zbP-PQk1YTI>*+5(E>WB2%^y55iOs&79C3J@p`mp^)It+iIppJqKL5dr9A|#YnzVJL zZL4g*!^7J7vHmUlm#N2x^4Na1lHkqOQ?mV!t*7IDZT)2=BxX=2?>OnP&TGFj?&>U7 zZC;*^&vwG$pNo<{1G0r)n@pKpE+02e9xrLhOP@ZRa;=I3m()4C!mMt{{r}AFU*oe} zKi)2z3pl?tD;KN$vV3mId@c^#?CrZh>{DZ%8gTT!@9s{9iJq^^tLv+~s(em9``5Sm zIxeR#LpT!x`HNm~&=srfN~o8p_)+ zq%!ZQ11{#>B25mqtGn_>o_}{#we=jMn0w-)^4QG@;|^Gn!Tn>0PX7VZq)Pl;-HOH^ zs6jMJv6IL5fq{XPP)=GZHzvEc59(zHWQ#77XEW{+Sk+fyDkv^VJ3y^YhRF?!&HD?C zz5>biV#FG~+}}5UW`OdfOb#psBXh>C__)aSw42AAFWfL6?{{Jff^F3(l;b}D?3(!_ z#VS{ah%Sh3Hm`S1)X{C>^I6=CfWfZ3;~q_LBU!j+SVA~^M`#MT;wTM;dA1Bw8@E!n`OVMjdR~u_^z7|`RBIm&2!(w@NFJ_#$(Qo-4n>~ z+^$1*!i{+6E>SX}xE=vh1S;S5i;GtY`}dcc=5iBRL*Y@!WM)@sqVW&M<-&S(!tSpz z?A5!IlM{=lH}w^_%{WG0YqP^!`6l!4y$geB_J`eF!>=fP$>)w3r1>ikqV{8-v1M;( zZN_!pZ6*DOjfbS=oU%~E7E$r*PC8y9M+7<2a4j*kPw7Uu=X?y<%N55c%J{6_13~wSzWVaq$9h+C5KKRj zfY*`S#r2YUR}10Aart%T?+koL1CFf=W zLc*&}$I#3Un=gtO*7~36>jcfm-ET6@;I=k41%tkxk1}(2BUNqKIAMlGD59zn^DDAU83G zKM2qy+&?LI2NoR4W^3>}jX1mQwXH4J`L(B~CTLx5M&QBpYv(rjruvtkwl>!iqW5%s zAuaQXD~mOZ+0BPl0|?ny+`2kDuLgPES2B%WB;9=%(Z{iw@He^E2XDA$hlQ@6@qDr=%|3o0IWa! z)xZ1Z>UEYy=mjmg2^Mdw&f;XxF8d)H8I^r@{d({;W9mP9~+qi-S(B8G;9>ub|6>%OBX)`d^Q7W=C*d zw|jyso@>wUoE+JAf7icWnq#7)o0^)U7cY$b_Qj@avH6R)jzOO&V#<&`-Fdrnqsy$eD{x6FuC#x2?$JON*eYsaF;q+qk!uX+sP5h2 zO8nx8USD5ZBW0FBB~0X6m?tmPW6RZAY36I`5>I)hx2rP(KBo6jx6<>X;X(%3(AG1oK1CQ(gyTmiqLHUt;; zC%Gm2RC6P4URpG9@G!i46!kDBgn#bjOR+K+qIDdf=^R5|^@$p`AHP`oK6YMia=Hh9 z8PODGc71pwwl|yCZe<=nrEhrv=6OSpzxC(}`94^*zjs2Nb-L?sAGdivMxB+URoiR1 zO6+~*q)SEl>fEx>6CS$7Bv+@Vrkq+Uh`jZ;_>T=WEIHPFFVL}>{Br9Y;bjWKf3epq zjU93NU|%MO3KsFbd$RHRNi$1#on@u#Kf3f=>y?c=xVbeqa&+H@+-12Pe7q;!-}S~w z%71@hRP{du+4Fhs`t>;VGhbF#*DFP9rB9mGCnSv*5)i7@zaCM}48%%TvJ)^~0O3Tp zw{fM5@7cr6p`V-k+Vkp^6q^ip^RSP|TP7ZR^grb)?!B?iy!~jKmAQaBAQylar4g>z z(Z_q$k{{8&J$lj}iD4;?pTITrhe6o}_5+lYRTCx@=y2DG#dt3GPy+YNtay<~)g*&Z z{q~Qe-0^M;#!X7nS+NlA%Lhmji6jN(i;&|-p;JFw9i7S~m=x=QBRuM_69Wit_cVRK z4Q2g0U%)xI8?BA_yHH%_Ucxf|C{%L9INO{(W1l8IY0kc z%Qyj#aW-I`n85AigoI333ns4DFy4GFz#v0;B)>lwEH3dY$T6^xO8Ni%AcJRe1Qt%mQ*FL&GAx`r-yGd-?zW4DMTzl z0{ZbH5pSKhp87SS++6>)(bdxQKE3OnFFtgAdDE)uh|>vpaS`t_*;gkNmU3w{a}ZO! zfYv}Wu|<|yrmi7K%FEB~Nnh{hdrY@)m$v#w{ot)Q{_1bsZ+N=5f1fPPDjrFSpJ*Hk zb??q^=;|t>AoR7UfR;!E@ugN+1|vy&rLC&=H{W82OY-}ko?D94hnRR3^Ctl zn-0nPG=l^uU9bTiE9-R|(U4Np%BoK0FYTglfy9e1wj>oo1{_IM*$S0Fv)a5~0DFQ~ z%O5Ijx+N9lg@2&Fp;|!hgjlU8D#Z2AsPB*t7s8z-tV{NQmsEu_@0X-eM9?>9FaUJF z&%VSu1E%TwGES8^OR&OoptuVcAG?7MJ+f+agpL(O^ze)bitRzdP_xAc4)(l{N1TS>08uoq*gzH z5U%2TlK3}OCS8%ps0*cfAdTX;+}&`)#&}qyozmKMs(Q?QMAvn60=mrem+NZ9)O=jI zJ9ImgvonI7)$eYe^Lsd({`r-(Fp%hl$w|2Co!y(2O-^QJW=>iYHQvWhk9~i3XJzvp#@F2VG%9fqxshZbQFZP{FR%(;c|>IXAzhw)1eP@UD^BSN>wmi;eC& zmN--HF3#l3G&0`dQ$ZM$g+*Tz4N_3EpSdWj#Pe4}^&3Y(midqT^?15=)1MgXda zSDO1C3c>xX)8Rs{^PitS-7_<((%@LnPfr=0KJ2gV&N#}-HtXKpFIJBZF26x}8+}Bh zOJJ&`>mKvGMi3FznPNe}j%q>9H=V5G-21>ZX`PW!k786hFb?Y&vt16^P}nvy8T(EZ zR6p|z=Edav2$E!t-w`9DJpGYYKu(}!bgk3DGHICi>?1QhUCLM3&!i%<8M70SevI5GjTI6sE_H~B{{8F5y zP1KL^nlX2oYHs@5sLktI%qO3>FWy%Vn`<~|G#qb4o7~7-)^wdr^6mD@^Pqx71zfdG z`LH2oRAB!&y2W&#j|oU{ct8#)hzEEj_J{oAJl^;^yL=?DAJzYWVUsDe`8=5hUTN?5 z?8ggL8^`v&{RrPqBQ3T7+Wuh-n_zz-<6b!{_R6vP)i_(j9>~+~Mm^fw{jlqH@qM%D zyapdf?+RCB(*KU2zdG8lYgHwDR0VD@I5AEIaUUDjBsf`*r`t_5``FO5=41r(J@y<8 z+gEkJ-amZ~i`RYZgxY@hUE6k?QH;BF3{Gt}b=;lZjZ}~6zqu(%yFQJ5$oqP_9|>wR zA~kh?l@8~ZJl^G+n9K)JJVHA3SXoxRw#FhGTJ<`NZm$3R z@P8sZ4fmYR7xRN502WC%rJ|Jy##?O8fYdE-2t~@_M9=3Y7B8K-jYM{!i2*LTK7q92 zAxYnG0XfT-Ti?vmVSSnRl3_?YqQPuxO;$VAF;wZ9Ip+&xR6NZYM@$*89KDlG6i0K)oCQ(yl_9gn)3HzXwUtK8wINx zK7xz_9t!ZHR5&^nkkR}Yq~NFb2;v&$^@xb`41jCTr6o&zDD zS12Jh(`a1(_4Kv-D{;T4=yhmGIm=MqLwp$77U!t@w!Yp5n!9;vET1U5Pd1V0W#*$N z^sb<+^lcWI>FZ_{ONwS%(0Oo?SMUkmHNa_@>1$w5@S7^5p1sbvp~m!RS$DgtqfOw^ zE2jE*eQi|#o#DRvGYQirlSh}cc`X0iuI=Jw$JyuJdd<4}nPzKct?lz^J;pYp@yhQ7 z952T2j%C_!ae49k#jhD!V4p#xFtGe#w*U+;)`Pl1Q`S<9~$hyE*6)!&~Lmn%u8wLHulGf8AMayFCmrNRY zny4M;>+2cY^KlQJx3kSr-h!BF9bC zihwAmalPrn81y>HXis_g`E73-83$s3>89G8Vf+F;`d1~n!z!@r4%(!fJUwu?8ixCY zHUE>GW?p~QojFzJ(<_#Qt#=|cu6;Dt z3zE}SF{t2y9u21)T>TGqd(K5-7Hv$Mr`nx9*1EuFsKCG#pl@p1g(j6E9RzdEC{hKI zJ&(oAar_P?yjwd+hl_BGJ3k_Y?2pU`X0XCVpd6O0bU3`YhWd`=LU^AvlgI}5BwrgW zsBiz>03F}yzLEb~#4j;nsW@H@ci-D_W(Ubk=cY~P@#St({sYC=29wmdIlFGteN92# ztuIP0E01*s*E^N2XY93L#Ebs+FQaGkuTr0f{^4Cfa^`Bw)jHEdO;Z1|&i2-O6^0^v z2|vDVW#g;d^~km7`AtsfdG4TMcIfWO+cCk%yI&$OslA8#@@2Pvw5WG~%Dj>h5&Hyc z2S#(|w;$gH66syNLYgHx)ed%b?j~Lilme>X^-WS9hnf+;zx118yho1R-p{;NrAs(z zPUWh{{O+?{&xhyOpKIx^J#vS&tY2N0kInhnmhXAdU8k==Y@N!BzR&q`!h`2=q6}9V z96yP~iPh*n1VzQm4RN^CBege%P|2AMBRZucCjG&QO^USI1N^`8rlWbOtszoXTYJs0 zG-bSdfoL=Q{#MkE*nnU(e6-Mu zuw|jFGCk;aMcl2WsdE1S#L06?!pDT4V|GN?;g`i-C$I(T(kF!D&2Fpuh1Mx#QQu*3 z1zNb74G40n^%N_UC5y(%#l7o?wB)BD(_8Yoo!`uTCkQ-z*(`B1E2lQ9T|Q~gMcLOU zf9!s6`gLu5a89jkjjrBNcb=+_Cx0k*z6RRbb0!+KYB1V9>%55+(-@7B={SB(5}?!BYMpFncK-R4E~N zi76q17w{OX#*5H$pcec$d_8SA@$bs-``zy@C>4P$YLd!E8DL|3@z1EYqM$D!j80fe zf>Mvi$40+BvRgc-4CP+EXPs{Yxo$b_BoCxjwLDY=BeavNt<^2I);z! zp1M?%ys}uLTu~Jpn!*0i$P7EW!k1c_BIB@$yomS?UpMwX=1nc9%R=a!oSHX8IsBjO zcFYe`?RpbvYI$S+kKsqoj0B_vf#rp)0td)3iz9&R&Owg_6K!My2R=;;IViA1tDr~* zibMWPL%CV05FzuNQTn)$X|wvvOIyIDQ|re1dcIh-A4hs7m*XCA?*zQbEViAfP1w~t zI_wv*?$qnSXngVS%>RlEc4ROWZfH9a5>if$TSy6|`w*}9FoE07tX*utyc|3C#6OwV z>uK%?K1fkSPqnhmP2Fy*BC(P0sj291z`AX7VT~CHy5!!DCeP%A{_5J=+W!C_LEygK z-QC~c_oiX>S}UemGxG)F9zeJ6IuCnrRf_OI?~mSww7I!CpU?e>Nh#&z$&J}`OIR^&^92|CWp|?=aB7Hv+V;1-SXa)`TWW1#}x6Hgdx)b9!q2UjcP2Nd&Myf3M8%*j~^{dxK$DZ2I>K8P&ec>v7B{-wXyoN z5K_#A_8+#ODqsXd0F2{lrnwp^qXs#zryQ9hT0)tR7TLZl*s@5cPP-tpEI0J&^1zV0 zy}e!HMv)dr&68Mq{CNjPu1?rScXL%J^g4b^VM~KuTR23hp~*Ig*NGm>aX68* z1)WSWfkD2%$FK)Y%Gf!ZB=ij}GLtK!l^c^l^Cm%KjB$uyXESqcP0irxP8t@8wMygA z1p2&`^cIBaxE^&*bAq5~{Y6itS!>n%zmwo{rZ|WH$c-!h*6!}EA2r2$n{y`7K$0V? zP}MtTaSUyc?=7A_qS2FFTr&*A*47sC1bpelca(;e$O3IUTv#rb zj!}}R7GP@@!?Ta5#DxU@jP8z*cq-W-HDf0VJ_pd(5Uv&uKBR8W*>M|OHw=TD#4M8f zmWaq?^9Er-Y06i=9Fi!7Ecdvp>KP(MAJdc~mrAE}*X1rN>GKIQe3Af5rCZnUZUEgF zOafW>QUM3FQ-XHNplg)U#5_~QPe%t3C5RZ+Pb!bl+&M~;G~C);j{JVKr7hC8Y3KC; z)p=SFdDEY!Gm^!n*v9cj-RoI^no2008fAUzMCC)zDn`2|+X584;zcDs_^C;b_`C|6 z!Z|uGg&S8wm$=|=Vs=Vmmh&%t*Y3)|bujp*$iYDMw00fFj#9%OskS1e{7OE_li(Qu z6J0H(xB)52Au@6=v5*}iyB1F=oj7q~Hk&OL3nHUyL@Zf^Ggpc4aU+c$V`Q2KIk)n>gm^Eh`^rlE(g8tu2l1 zOx-Bb*gD$vWXc~?grwu5tB_GSwWDe`KEE7#^OYnAyP%Q@&uqzMLh;_ri2_jM6YY~GCWjrCf zvJi2{N)tH5JBc=}VRa{(yUF1lhZ?w~(aMfj{AwCP!g)POl8ce$c?}?Mw0b-7OC;g^mzgfA(P05b! z++PNx5}9P;%1i+-mXgQSEn%ME%IBIBuM8nYsM9dM!d&O8#!0|#Qd&Sj7(*8z9EA-M zZd6lilgpu%$8vaDOE~CDDUJwJBue$%Y>MPec6w^(qm+oMghQHmxRu-DjHQ$k5(aCfs^xr(rDPSQQXcT%WV#s4Rjp|ez zr&d>J)jd!nszwK{%UkJb0%#D>IwI|l$|FFz6e1*F9)o zlN&-TVyAFSl!%MxZIK>r)rJj<*Q{)0(R|N2ZM3tvkJfmswCnMK|C~oLtPH zMckF6s}zZsmU8C_t5s3Ee^8gGiMvOUVu?VgBnAcohB(h}VSH)=<63L(np8x{`f`Zl z07XSg9UrMn;+?m^jvma!8Mj$vner&TDtTPpr|iwa5*|L~gDnyX$DnfLC|6S@;5bWm zekUxi`;(kwa4>OnbmY^m?3CgzLM~A96Lvfa!}~KP@Tdi#S3v=VmvU!74!^kyBA{&w zKf9-XNa0C@P%X~z@-7Dna~u$+QI{>txU3ra%q$=?x%vtAu8}H*0p=)3uq0bPCZZFt z>+>bEPnn)$>Bq^@d8l*1Y4@~pUK6#aL!Z* z==aJn{*y}thb$=q!vT?WIE4odpOo89lGy6dj%gg7;Ax7Wunw8^>(66XfRP;0>cV7w zaUpS)iy-H5&2x$bv+is2d328(u}UguSx`xiXf!Db`*wDAHa9mtj89q7$zoz-gW%-S zOtEEhVmh-qj~!pd6E;-drK^La?yR+XoO_A8%vnn6pd_NsZ9MK{g#r9sHBu7zrJEKe zlz$Z_>OwY={|Gc@8NyOO)uu5h2O+WfYytB8dpHo4rt%!fUgbm%6RP+LA*mWs1tScv zLdn+U(^{q~@ADQjlrv|}(9Fs%DhtB0?7Ub03gM_zD@SA}(M&mlC#HSKV*D^MY1m|j zR2VUS8_Nh5o{9Qbc~@lztdb%{Tyq;|AzR8FSURK1Pkh<&ijJ!ryN*jIh@P8(Arp+E zG9?9g>N?XVc&KZuhE*1uCmL%h_wbZRbgmUDp6CD&QxChtySn2fWSEF%)gtP%%VJM* zeddOZ6y}PYvxh1lUzQ@tBXs&0HOJ^6Z^xyKtAsy7dAmh22)-%eK2Bp10~tGx(k2*4 zm5r2c4e4GP$DFZ1sJw~I428|QQ#%|VI^NFVvGRZ21jy_-`hglMm6%-G9pdby+bwF` zOlM*5R44`;W8(5@bu_GsJO$1GVYGls=w^Cyd>2qDIgZC#xF)sQTB`?sIZcST(y=$O z2r~5;3vLiX83rBeiaPL4Ce9U86?zQCmD(3KR ziB++`cFV^mdUstuVNsQ|@~1UsIR5hN*|RDHFG5Y5SQ^rJS7E}n+AUQuIgW01qgBFn zO?R`>sdEd7TqJ@R_~Om!sS~FHo1`lDw`(_&1dTHN3JY|h>NAuo=ZuoTqbybdok)h$ zRmk^M4&v$a9nt8vDwrgWNWRzpYgH+Nt7eg|sfv$DbqNuvIkJN)e!KmT97sbRoc>&>S0sA|aiNK{A2CFf|USSMe<-k$Uu&!&AB{=@NDn)&(?4 ztF~nx3YJ2jwMfA2bCJX)ha(BLar98c(@l_&$4e=D`>&iraAe>C{>}p_rLC>46j3!` zwUiQhG@3XXXcth0g$%5)jMPvp!`2$EHz&@{&W^)7a8ioksvH>#+%V=CbZ>9Zz0HqUi7I_U?ST0=>lAaW%a#EzR{ktm)E2pKC zOH=~Q;s2a7S3UYSxI|lQA$<54uraWCGB69Q2?&N!b?xXY{u7g>Qa4Sm>sXhImo(lu zUFey##taUyOmJD6=z9iZlkgg)ofibFjZbm=uQbtO=fw1|y_?dJ?otmb-@=Zf9n(s( z#P+N1gqn5iwx7jqyS$=QHd(spwi>{&qhnVnPof9+FfJC0mByzM_bAib<#Oqn!?O7FAqC8- zB6M?eQ{xw>vPk>pJf;#!rH!tsB!<;l+&#Lzy^S-J#RaQFz#{2dbP~aN>YXo=V#cc? zj*!(c#9dffT*hl?^+}X8w&kobgIyRil*=!_TxrxPKcyF+p|8HBgK1+lP{jVG)iS&` zR`ci~eWeL1)Fqe3=?OYD;37{&xjv>!Jqgg!rfJl~=UT;t17#Uk*K_^J#=(`$U-wM+ zZ}+|OkP;`0!AxhWNbI&!pzF5sG@axbf|KYxD}h-k;bd`*$Yytl3!xz(^#GgvgR7HT zs~aksM0=Q^Lob+TTjZ54aq?Uz(Q9_aiPCafxn^>MfrGFVG1ovJR7DrPWPv11T!$sh zey}BW0$nC;6^io8LFcFzntD7P3067`6LoENmy*?H10^ z6flCNL;(IExvX+{d>jM$0X=w<%mQvJ^6%Xug`Ek4&m_Z>2|#fG-CFarid7B(LK%<4 zE2RL|~_Z>M~dVbVpTh#2%c(b?a=StGHtZ?};Za(Y3=|Bdm6Ib}SsA zECGIHX8964m%}LKNk@G;uv{Xw{HG@9mKB6F^V6UzwQ2|g=o z&{sG5)Txowd^uHYy5KDW2z32xuMjum6->)VA&w|^44%H;+buN-n6PgvgA7u;az%#-daYsNr>;bWEh66t*y&0yNnDA zH5_4{F2UiKXD4^y>!Ia-P#=3CGw4*s(y0^edUTLLY(A8ToEzk-O7OjZiCJzQm*SbE z1$T7igQ{^L&R=)GA!Qji(jdE8fXXn;=1fxjTcF7t(SB}}B32B*3S=B2MZQBE@~!Xe z>{Pk^Mq!Hk<`@Wz2r3>BmZjO9CEw zzR7O58wm;ziq9mM?iBPjF^8yb=2sKkpyX3Ig|u>f&;oTLERtlfn8l4Qcz;xv*Kwc~ zLql5G7)7hd^PDkSX0nD}D4u9lKJ1`k4{* zF=HfPxnq(x*%ov_O4Wcu2Ojg@dK`&|;IK(`l|cLrOA(#n3j+ZSbC&SyxtN~GUAcNK zF>AiX<{mq97S}4|>edKc3U}%H)P+Oo=&yai6w%?l6qrd-ZxWLjh9&$*{ybcrB(mf2r;J@aay{o=J+_pHeP79pP z)VH_-6$aDA?nB<(-1K{jNPFQ}79RHRi33xoQYX)8x{b{Vx&ZmI#v#WnJD(QY1{I!d zmA+e-l_kk8F0C=cMKQy143_pL$<};IETvi+=Q&;ZN)s@lyN4|Hk0eF{9xf66qm#FC zJPe+0a5xBAKS-FciL)t77AVz!X$-VgU$!urXm4kd>QJ9#BBx~0YA>?9k-1Q~3AE=! zj{P4zVdItHZO!7CcMA7Gx1VT|x<(I?b;3(URT6#debb|P$_8E_$V`${)p3$lMufKO zplS*~dJSuq?!0M5!-KpMtQYz~k`SvTH^;f?2cX~xgGtmuoW@X3L7_&ZHSw<61YOat zvJeG@RK_6%Es&E5Ak!tu1H(A>Ymi7X019gjJD*AZD&;GzEXwv4+RLkTbIwd|CED8B z@>C1lX5$@$6mEU=cKwb*_r&4hB57(K+xA)jSzwbA8E{Y}QVMcug;mUZIj%HrfkfTT zbSyyQdyBvz3j|{V#4U_Qq@+@@!~ISqBy&HYHwTY71Yunu;=IEeN9E)4BLz9ax!@31 z2W+ORuSlZ1G?w$wIfsowIS^92{nFwV9TLuQq<~~s&Q$Ifc0*>1YXIQ1DyM~PoY{d6 zcf!!$!qVA^EC$srWQMRV7cWZZw#Ez>#SF&)s~gx#K2vg}u@}>Xtyeyu!+wy)rZy!_ z9iQV>EXhTq&mTN#!^Z%?X1lPEtiV zurx>rkTHvVp8n+K=BB&kNV34ewZuTnQy2(jbV^r;Z)X;9aFTlfu+wF@`0vR&H!; zc$}6am6X!y)2ID2W z5kytu7=f<1D(9BLE{qW%t0QV*h1%cWKR7thtmr8O@&5ikUQ1xE3opkFX6D8uJg9FRRUC7D?B<=EY)xyAa`CYu(z~8X_vFMfj0F>3+j1(M1H{ zd#@Z}5G>yj${m`lltE5fIBs^x;xyq79AfZ+O1hjo;lR@NGLs|m(}KKZyKfRVZgNLrtB!#Rs|1fJR0jnAD~Z&;2P)T*~4{`ZY3>H8}zV_O++kF zW`ei6$*bYefnAblz9bL_naKC-uyrN3aeCP*mO~voJfSo%k(|(kP4hU!2l{vKwz0DB z=36O~#OI|nvGHv`5U`0kG)a&-flg5|ywFrEHnH`c+Ck6@dt`7}s6Np?{2z8YsmrRL+nWPf%4lkEW zLYmy-NOA=4p-&&HrU|xor(u$9z15@AI=oIHT zZBQZrpT&hlMKoa=RD`55Hpxz=8%Ps1uhwhW=_2D@7ZcU*|E4u&xG-io&g8EB=vEXX z@2ITbz~wc9W=s_7R8{22UW2r)V{3}Og~2V26AQJ#s!A*re-j!Prp(WyTu}O4z zB1!y8mNO1Rg#L7@PLY!iyyHCOl_@Le?5ZZy&MRk7GyT^Ms~6qqGYX}cg`R+cvKZm0 zlS)=XD6mWSJwOWK+s4<&La{0~9$iANx76|1V!9y&9s?+( zl-%otQqMVaNj500<6gI9D8L%x+*S({3s4n0V4WgGdkUW&<7(rCVNU0rogII7Z*LDJ zjTJ}v3TcD=pM*@@)x(mXNdi(g`wJSWPob5Sz4V!mjdawC14<-7XCS)0rfHs^E(6r9 z$>lI~UXei>!!owrN?5m=bY#RC&sM$(JVH+Z;M|GB$^rVA1SfG!okRw@ap`0?L}-GF zG|ERAQYp{S7-ly+TC=jK(yHqK15cqxr!%f^naBwB9s*=N6dkplL>_gWWY-Al)p2>Z z2f6)Fqis?IjkzOoCigb_bdca6kMBqCh(KX#X0zGe-rnKiVTxlY^n51Q2s-D0OY+#3 z?9aGG4XX@IyVb1;QfW~fO}b$W_*Lb?fFy~aJVXrW05^Jt`}_N(i8qPeL}mg~hd7AG zy2Dk9ZBn_Vo5~aj(pO4}D|c3|R+iXQI>B%L8N(83!&>AA_Nt%{uFn#_X|KU^T(Njd zWFB@2dE&$gq)?V5^(Ah0pUKT9q}0;&Qsan#t~h9A>v9QYjTzFVVTR+Yaug*{1<+3= zRM&fz`_xOr3QH9OGD#|w8LEj2R9$5f;L=gh#7kn5c_?fOquc}?iEXU^Y@C0^UsQaP z1nQzQpqL5IDV~Ml_^V@AV>LXN1exgsH#vgT4W!E=-NpdOCdbF<7(fIYhEj%ZLwul& zjn|B_sZMB%SPg`=tC^M9Mg1&fRPqh0I-6RUJ=8#@126Mi6nL&LF1q>_NxWGk8bWDy*@z@A1;|@5s`!rM~ zqQykV^KXhhC7|EGbfBQC!+&yc;K*Z;qdF{JWqX}CkFMh~?-uZ-#DRQINzf!Y6E!0c zs7>XM6U5{0eH562Y9yD^v;tM^yUed6Fr76{SvEOa076O;LX_iV$sp;Sm|5&kDMCYh zyl9{l@B%SHMg!(Z7aGG?!R}p}MV7^>y`1S&?wZMk5EkgFi3`u`9LBlUOg#Rc6}Cyh zVh;B`yD1iX4o_>6EW3JE#+eX;=WzGehz+oa2J3_;X2>={4C~UBG>H&r@vbog^&js) zJr7nJ`yf>um?YWjRH+(WwFgCxJ0{7fTjkO;Us^~>1_||R#DQip-*w88lBIMHuvwgT zULSLs(ru;YRGshuQUeOmiYkTsw zvYlu&J&g~lFnw?ftfCt-RvqN({?aH9C}*ND_)`Cc@l0$~ z(^jfnD`8=n+}+(>EEX2V3=hM?F153>L-N%uZt-p)3O>xtJvb>2hyy9IoStJWtSnZO>++qQ9hOOo z{RWC$#cq>3C3D0A;zFH85~&hS@ERG~d|yExc?CvHmZB?Lm0&E3n|mhr^W?}p;*yio zubr4Rk>1V#%5}QFIte)yya)%LfvR1%XK}C5OwMW2H|!Ja0erfZ&9=6-d`r;8!>%Ue z90xyZB!ERAuvt>YiC{4~#y`ab>(Z4Zo2WHrxHx7gXU?4Iv~ovEi){x?4A;^vtvZd3 z$s9RWj`z}Hf0M_y0qq}ul?wV70_k$?m_U23JC!>24x}+QQU%sgqoV--Dsfh_pw6zp zuC_5{mo~{++Rb-IbA2GijmVumWz2^m7tyYIn zBIy7F!A!-Mvq;R1UMX@nUrNcnOBVKq98oE{;B(~nVxd~B$sAsl7ACY7I-o>JV_?CE zd=yoDn%$Eo&|&4eW!CgF%%jMU7CYgR#r>g`DE`pi4sk)ASLG4My68&WRO8wjJVb3N z%&tSE-DhTpD2kO4e10-9h0g1U$?EXaiz(c`04#2IZsDQ@URYd#Jd6BWMN+!YBDKLx zE=wt;c;a~H2SH>wdkmNql4QIWS~(gI=^M?*<6k@H)0V% z!FLl^#%{zG)&ewv8$4hJ=Z)>{ZLT7z;)?<8rLkk)n`U?GDu-FivC*f8d7QnB-YVr; zfl2P?=6QG?^{G>!b#@ccwW5=#x<`4HWv{Jd@jB@%$b}?PDOGMtNfDytTHMje$&)8@ z1Xi>9yaR59V#qq)BFA>Jq$OkLnjf+khMwvy?b$=K#f7*FA=$ zuOx8ZLTBf2mgTrE8vfTVrIZ}9G`U^W8v?*NWH&Qz;;Ui%#Ar9fF*i7zsZV0Yg8{sI z1gH&>M$0DK8_3Q#z6v~COhu5dAnuJ(53EY3t*tFTt5_uN6FNIHs95XPh)Nza%c)DvIjkARVZ?$15NOx#hE_;mjh@n3O$(+T!GhVkb~JJ za%P(3A7|bju_cMmKze4e1f+4U_AG`OCR77{S4x2#0k%5ov?^lBCa@_@bd_?EO%#|i zgD!hrq)Z|*g-%XU(Gd9p=JWZ^&JG|% zI*W7(%$*xG83>~T3?ZO6yH`rt-rnBW*x1_II(6z)N{JCEJ?Roh`4D&Hi+612n4?4t z5H?iIPD%kRKsl^9-t8(mP|S=pm@V!jZvu>9n;Pb{ot>Q~er?2BmD^xQ&5%U6nM6aj zh>)w3Koh1L0ji9mhf4e+nJ+9NP*L!8 zV)s?{FfkBjF>8VHZCx%@OR6+6$j{K>jnleNko1l~|${9?U4(FKG5>>6t zp>#G8i)9jbNmmv6SQxjEgR}^SKo9x9jzV0bsVzZ=rbI}BNO%C&_oBuvxPk#l3uj8L)!|N!qTq&=$j}_<=s-YVc7bi53Ognp zUzIYg>-8*|yB!s6Z*Q0I4tK`@bIzQDE8;;ekto#@1hhzPs`zFecPE!95N8%Qy0mf1 zw@$cw=a+FCAm6}U7~WE#d}R-W*ivo_Fp0U;>DFj*c0oQ(O?+N8!UuIlGeIr30ZwXC zb?_@vk)EWnVF0J3Qx$Mi#sSFM2gcrUHT=*b#(>4EautVu_fwiU0d#}WWdBp+T)jp? zD1BP!S9o>07}tf;)|eq4xHx7w23Xy~;GrbCyo@8f^x;m1TCgl@Qn@xs8ODbj(VD&* zeaV?fY6ey%^<_8ZI%hf@Ug1m7NmozDC{w~|g&S-*pUff`1067t>K(U(a&);R2~=k-r?JXRVbv=VgaBm}d-1Od z1QXdcU5V?WrPK9O{o?%S{0rHfBnC3n!_aKtDj_Ji+YU zTqX%>h7?IObQ1R;%EoD{&$v9L8*GRzzy!Vtx{cmN!C+C#5|f_ee7l*E0gDMO60Mvi zMvdv7jc-J;Sfv(zCGR z!cL0Plo~dXWiT61gZ@Bvj5PGnXS_uEa*_)$F1qUYN$CmbX#ozHZbcGG4ZnoA#^D2a z#vRRWRZ0>Yr(EZ#0`0DA#F>z#-L2D&jSWwj*SUI}hiD6f#T#jeRKFXN*U%Ep>E zm0>0UObU;@R5@+Rys-9lAuzK#_5QE+CkgliqUo+rX^XxfKCenn+9dXG=E7afmXf0X>3`AC^|f)piNMMDi6lyuXozoYh!!b zbxD zanVkyptP}HAc+YIV5BVKLdx@Wci@KJ&LqKUi=0NSHMd4EO(kww(a!7aB*{nRf)8y9 z2&-`LiIP3bLfw7_q{!SfsG}43WPlkBx}RsLI&WwWn{< z`c(SZSPXU3&8S(%uswBViO~0l6)!4pWJ#1jC2*{Nqh7paTnLy%kSSZ@Hp+6gpp7t4#gZ&I5aQs&_1CGl{!{NhmW2c$z?d|!INsE|$1x5&8 z$jg_@xLDA_R+lB+sLsA~1(9SeOt5P0L%wyhnZ$R`Oce<~Vo|g(SH}F%J z#znPn60l_xfxj+Y=@@v887_hu$`w~!fngt3gKKpWYNs#Kb^TCR#Vwgcr>aok8N^MN zt^D*u5~DhmtC|6z=uf(w^m&~{CIEvFbkGjNWV(T)wk-C~uB+3Al$gq+T|M2qpaJcn zN*{U!1)O`h#!~AY7#Y~Siso3F&YzN zJc)_M7)#1gQ;yNt6%k87Q51Xc4M7E|3L;{ow+-yQ=KV3=InG!M&w2CR``!D!&ppl` zKHJUObIm#CXmeDBM7uMhJTVdrY0~yi*NFsV7IgbMoQLlf62^h2scM5!baX3`fmp$` z3K@NXX{9MXscM5B@JpR>g{}dGE~Z8|lwqg?$)ckl;wl#w8cC9{y9*~bMM;uuZEYd6 zTvb&l6RL>#DoK>&Fo;Z2Ns^#r9h?!W7wC$DW2L7IiWK}SiD+?aYim_iYierh>+7-i z4wyMHZLJ|x;YCKH5nh2wsld=7s}XPsIv&cx7Rx!ev9Y24DI^X2fb^({=y*v~h69SQ zwzfvAD%QwA-It!POtPQgVT=uj#XyH?ByBic`V9=qEh##|@qr#`Fc@HdnYe=y4hT2E z6ElfMM|?v>l7t1FH>mwc(N!V=I(STooCeaD9rH%bqNbXer1#P|efSe)AgqD3k_b1J zUZw)R8ZZR%$VG?UlAw4povLM7Hl4hug{4#hRb1!fiwY9Yn@?|s{ zp=GjJ3??`%>=z3+fO!lif!5&GC zD3Y)M>$ZX1pEZyuxO2*n7-3Ho6>vv*Bnk;#Lg?$xUZ*Ni{L{%l#6|i%>e{$vTsF?8 z2v0DIDBbq)$aM&W*og;0K|$5EhL<^HuT0zw6yfaC-7R#|^rfh#!*9eq11Ud#S%B95Cv6_yPq2TrslL~KP-poWl{1kzF@q|ngOJcYInwmM~$60`2e z7-2NJe<=WUgKG=@%jCL-Ga$qmv0}nYK`hClW);(B=qSRih898H#lS3@-{E2DcB*Pk zXo$wJ29wDIMj9j#s3r>L7DI#XCAfHW_F;cOIA~CntgWqKgVoj5RaI5=>WnxB(e6l1 zk|aT`HJBE7G_rVEd&x%K1@tiduc9arQ$>{_c+ASmiWWft*kacNyhR||P;rjR5dN1D zUWY_P(Ezm^%Gp(7F=|M>6oDz0He^JSB-Pi~qkh8#TQHNdd59sfNAwuV4X*f-ut%!G zpePBQ2~S)i92idlkwH~eqtS?SQu{jBnz1F4A`RF@8&}9;C?u4E5gKf0je9jGf>zeL^yG@BW6n?$I?uybyI;&xdz=i z-4A70x=qp<=npA#p}>{Mpr@(S&e4^o_W8x>~%1!P`}0SmIhu2)Tx$by4AG zDpo0r!3!d2{b-WW@h@OK6iaYUv~8G030-)ROyZ6yMIogzas{U=$K6RJ;T9#6B$Ode zOu=~9$Cu&)7)h`~J%Ee;eJb%J!hg~0B)zPJBSi+81e{USQi<`5f|?O=h|pl#L19jx zqzFtuBMvYvM`$P)6>U#RI*&q}zbXl?Qnk&tK~I&nmO@G?ilSga2h?>GMFBlY6$TiZ z?JbFK_^5e6avbupneq=h^NF0!=Nor zEz2^lANdcZdde#CG?CCy<=bo4BvO0~jt0!1XiGyLh`YcUkW_I2R2<@G zIB4VyOfYJNMC#z$(4sF9<2nq~N6jK06rrSuu82%4>2YRy7CIi-kbYkcCV=)zXP^vO zA_J#VRrS9tShBb_$t30)U#5y8BAi4LPzk|_HirXI8P`qC6}Ub|E^QKt&Srv7QL8W4 z3O2eJDjjv-DIdu3-@Im#OdKSm6mx>w*b@V8V$r$|YeFU~+Q zMi#eWJU)!B#nZv1B68!*XrDkX$;h=&M>G6o`W$;%hfBIt{1cV>W>M`L=D`FjMiRoA zuxemj4jv7PVOgYQ;cuB%;NjVUILD@YW|Fy0{Ww(Zg9k9+43~kgK&;SF6y?-9@@ohv z-MQlo_^)pKtEmtIbY>k}L83+wDWc{RQl*`pog#vGaI>5!k?2P=i|A>JelRWg-QcfK zfJzdg4xL|A(dQz26ihx`XmV&j0JRLz8*E4hQRW*=Zgq8aXfA@O&>}^*Zx%VEs_+1+ z!qI6UiTzL=ULobe!FU6aVMwsZ)(xV>E|Qok2EJVq^)q325MKpvG>hnd^j6c2s3ZoT z2|dFsvN0rKzoGtFG`Lbipu86ug3eZrG7qI@L;l7@J^|u3<+@DhH?V930-h;iAU=cN z13u8jm`Q$sM2yq8cZmEmlYmYN8P>q9&l@;2Q7WUvVOk@xPNKaUFz_z-N@tM%JDovs zc6Mfjp`&jbzf{G=ROi~q7s$liB5QpX_>9g>jgUo<;p7I96OQ!L5Jv1@I7hfvyTmo% z&vnpI#pPAfDkV5{d`cqa@;K3rs4$}_Le~J>r<#-QU0i#0qdTHP6ge{GM<@nxDn{^F zC0S93b07;9ZA)GJ6TS%dPAgYQM7pCqpx?{HB}x?$%HSkY4}x=!)!|iPRzc!nf^k!Q z&LA?|RZypix^}OC4k;QV||{ zATpACDwC3-k`U*}RhhQnI452V;B3hBU@;JghUz{bGh_x}us;dp_hYlT9tXL5n8@pr2js*)A1Ox=Y+h@#}@%!(;J32bbTB|!J@*bIytgV5G zJeq06KLQ_jq-x_^xmM(xOeV;sYTC5v=FOXj4I5@MnV|F{Mv$nYgg07}knO6fiWVRy zDnda33SK}J5@v||qS}U;L~G%_#M9F=CMG5%Bn1D27z|TkF>ZQ)h5yR33|VQ78#kUc zYu0bS{WfpjJX|&!z(6_p@y8#(_~HvNfT8+G*Nj+)Dgx?xC}>e)!IMAy@Wbbye-1mH zJbCi^_3J6Q(z_RXnW_XMIy!pd#ECiqrlVNIXF31^NHUTnjTkXv$BrG01m&Pqrd~PD zdF$4#mn>PbY15_;KKKA;gCjrXc(hLjf#(tmqb-hL?nPuWo0E; zA|amLY&Jt$A1(v5Ixe&X*a&b*_{#@ z&@u?QB2A=6gn@HHM7d*QtP)i655{F{6`exG;n%otFL=mxON&2nblX zaN*ITM`L1Q?Ck8`d+)tjvt~`5I@M${HE!J4+1c6J+PbW)Ot(ly+t7_^^QZ8xslz{n z7}uJz=)H~F7$jmpv$wZ*baZrgcjrW1)9G{gQjmF7RaJO!*bomyY z#kfLTKPMgmT&gVGnv75^VlBQ1%xo4G79doRR8$hCI(_=|MvWS6*s!6nuuv7@?P!|; zn7FvO04~|s*nnuEqzJcRMml7n1X4s@F0e6Bgu$cHQ7;bMHKisU(o*Vp={F7OA3nId zyZ`#@uj9v$$A^&t$-)rGv>Wo7;N$M-_=< z02v6GLbf1_5Iy(_4J8JTo`r=4DCks)=R(0{#8->(L@mu^GF4Ys+uGWqI}99x5TAr* z9y}3P2`FSR11KUA=_`y618a74bgZbTfY51^D8MU|5JpZq2QyI%O(r?TlCZ?6Bt9K2 zC@A9rZk#CJNOWdW#RnBQiB#&M7b=z1AmGAWXJ=>U=;-L;;)2A5n1l9UO1Yfe&XM8c zb&={K6#W1!+1c6i=g$XZXw#<6xN+lRVq#KKQs7wg^YdG^YDLL}6T>b2uUQl)V}vs> zAz48Amb3;=S@?#)VcnrahpAJi9y)aB(xpq;+1ZkC7{P!jJ)E_@|mr?`rI2k^?ycZkz5LU#yVm92}@O zNZPv{E|kVef5q(wym|MXIAjLv|fNJq4~pTG9n zYcHKj(MAK{Ssn-rlwAsG^wntjEj&IN@ASzy1F`mBqJU%iol9UVxSgKib60XNvf}} z&&+^iDkVg0?^Nr)`6mslG&UneDKDqsw(Q{lS#=?RFwh)14~Lu zwrtsA7R53^?Y6P8f#&gm7|843MY1rfARj}bmKwycN|N;5ci&lCTUS(6z?WWLUPVPk z4N31mWbjuy!(Y}J{@MLXCf!4EGgS0ajMU9y*2cObkH+OTJRWrA;Kf(f+HWP|0;lW@ z;iCHnKd9Os-E?N$7s`HIB<_^Hg8miRA`YtFHgDei>eZ`^m~Eave-3kk4IedPM${w9 zF;Q`*aHGG%$0k?o{EIWTM3z6a7YzV;T$wD1-=hdl1`Z;+3OPUzTO) zl!D7Pkc=cIcsEvSgc;zCAi`CVLZxF3jA%j)k-Q<6{(J38_gOdaIN%uoI8_($F-m}p zunbrdNW|jeVtP`Nwq3U@5+D#QnU({hxMjqk0_caa@K`wsTk(L73n4^+VAa*tU|y0) z+&vTFhA46C>gp;hE3xJ$B8FM`a}^Rk1(SoJ3nsw`ML2zhq|2F1CZGr|>^HJV!~=!N z&dyGjWmqKsl_CQZ6+S5|(-A4SCTnVHC`vGG=(kxo1ZC33Q5Lz4xJM?GT_)6bJn`b< zVo6wrC}pWy;}9YVBc5?C%m5T~7!heqcvL~Y;`&V{6Cf2D+8Z@$R8msHNN@$b1-Thzbc)DXf#0HwS$8OOz!tzEi(fWw-1uKT z|DP~k=?v^I>kR)4Cz44MDBL71-l*f_IJGJw+JNr>yeM>#c`;%ILHj>EgNKAF1wOC4 zbRrMc5eAAho!D-8R7`8nL`X61eTxwt1;Ik4CQdYc2RN2}*uIgyWoNIDGLq~SqU=$K zkX;!Wh3u6?*{fl`C1s|J>|_%fsH{>}NuiMVpU?OGzvt+9k2jv4=e~dAy3Xr7&+B); zRIDf|ng3Y7y16=+mX^kJZ)L2;!Y-<5P z%=qNV1Co;5s=+n?{r6>g;yDAKnu=?G_Rx@trKQx_Mh;e17v?5q-9!%LO9lk%sHmut zl9DsEUIh`6Pb#abI2C-RKX|u%|MqQr?&hzJr6qkIAOKzP{0NyW4qr>YnfA!ozn{Q&U6#{^n5)X1V_z!8$N7@b!JelP6E! z;#TyX9}+l(2mIc>8@{!$-^Bm&kI4a!Gj%?W!NCo&u`gFNR9zQb%8GOWMs|_O#BN3SKIUkB{$6+Q-h$ZeQ;!qNc{n zY98Ij$jhtdKE&TSmdJUS!>PW$eky$TUt`d!uOHz>!N3ck(0J){XJ3}o?%HePTfC|^ zO~FU*JbmzBZmi1b%(IKumX-l?gLg3i78Vv(Ha6|OuV24Dev^9~Sqo!^9QXLKWJF_D z)@ZhjQ%GoNk}l9kp)iZBM6!yi>gh6@r+{1?9oik8oQGX&ye78NjMX$X|J&Vj&9$tU%#fW^6}*{0a2cRo8T9Q0kwO6`ODX@xdUJSJDIh$u_4{bKYt!0 zjLVMcLH)VkF!xPEz!HY}-`_uZP_F8uh4oKnO8#75cS(HN(IMRl8HMb=K0)xxG>|uX;Bf8wlw61rHSW%a2SV+_0FdoQnIqL)HE~% zVDI6v36RaJeEH&=64R#Ob=lhkS%>TrZr&vS-qqfI4&OD=5I|~h^VY2vzd8E+fp=wR zvJRekhm~DfDShV5hc|ED0N0FVaEW?3 zGb4i=`u+XG85)vM^oY`~CnXIG z6&yRJr3F^A+_qjzhfKmPRrux0mj|t@i&4`Q6cl{<^5xO#ibG;zm{naAJQ0sEdZPNN zv9UV0=9ta%9WhdzhX<%bq!F_r+Z{9C0J?cIAvBtyP+M3hniKt<2$i~dI z=H_Oi6`;5m;upuOU0%e|MFe8OwOsje7IbL- z%EKY#YiBF)Q=dSbpLhZ9J!t&xpNvCgwh+<^q^`>OF#I%Tngai+c__ezF zXL;i4!ib2~7-5$_d4e4!Bq(TWXE$1Q=E~1cI@Xz3soY##I2n$JlKixb^Mh(h<2ikf_!86ZV!<7-|!gsdo{pO`z`>*?lU8mL6X8*VM z_4&sNRI!q!cUbIJc#WsZZ(B3DkTv)(j36W#-Bl7#__guVsfJL2JYsK8wbS2sp#m||NOzBMU$9Def=J+tz0>ePoF+9v$C#l zZ>~DNh%XaMBXGPz6lV=|zqtA3}B-+8` zJVu07RJQT2b&G~OJ4Lai#l;ueqA98+5%NF6>3{g}VKueMw{M?@@9yA*7$h&bI&B{s@csQ$9_7okb8{4X_8{6vT1WYvH8)SYcW>wGZSTzV^v70J zpOo(l1^k~E0F#H}Lo{u{JN)k%jQw6_W_lhai&LlMFOF5Z4&;i6hzu`9J$iIusyXyb zjr&jJk*2GE*jQK^|1Lj2Xj4-c_*2m78=%x(X~%Y$oE!($LbvMb>nG|i9b@|`gIFwa z@ZkFDDmHCA;>6|eHbFr_SaO8V!m)Q48FFr9KGb@{mHTIY`18klzl1{nACnWKqqRCW*r=$eaK$J$md2mV{rubo2YgxC_iC3u z;Mk(V!bA4WAIt5Y<91ls*v?{m_)R`E-*0UEij;yrJu9o$^TWGWuYPo=2t^2>r}ByG zfRfL&#;H?mmZc7~JW6i>Zra)$5x~X8#oOB2kUWsAi+h}Zt*`&XSl&|$Z2&sIebhTj z8g=lY0|)xLyODE${{D^cnn9BbHWL!b^UL3nQU3k=_X>6A_QoZo>6Mig+*x(CZ1E>- z4df$$Ro{h?{|G6eE{FBNDM%yB*jP9y2`4la9lwQ;KG@%%?xKjDGdeoj*SGXaeOD!H zTS4rod&$b`>IFo22Zw1aHv~8&T#^HiA3wf0Qml`GewC-bJ3lP661DmF@71eUVb!!b zbLI*d5acC5ZbyYWR^x*?=orE}o#;vtA|G`a!b3keaUX?(c3y4@4 z6B~=eY)G^mk?-C$1YEGr#JT2JpMTdDUSsSL6VF&#_1{x{j+}{`hY2bjkS99&7>3qL zQe*$wYUk^vrGI~af9^A*<>TX{r`L`BW?{L$vNHerfw75+2_6iC(1aubumM;e9IWK@ z4Hm>^852G^~t8ISFnbyt*sp$9Z?e@!q48pfJoUj)YR1Y10LYd)qm@wckkT6dc>le z!r~ze2Nv}Fa1jw<&gNd_;Td)eoU+2$pF98lCRPm%4Iyv+-Piz}`GF0L%@;Cv_X>g` zj{7Nl{5Wi9a}F^vJ3IRZyOffGLL#5~4y;!w?eao@=U~$!`yiacn}k;$j<3}-P|D?~ zmzHQm9f$P#Ja~N(NhifJI52Q+dEx_N!NG%`Sd~a_FRn3El$8ODIVI9@EBN%Li(>^D zU_1u~c;wuZpFjUwcBWQXe-WdK`Nm4ciRO24CAqohCu5Ek1Q!L#C1seSL&5f+@w80)3<$w!H!9V{}Ks z)YjIZM^R8v@W26@^6^9&Y*NfLpYr9$b#;N=$pVDWf8u5w5)$I#;)2CqVfVa~i!Rzsq!Jpbp zkCkZi@1LCDVl+_l6Wo7UeUJGujiQq`ZZIYxe7|}3PFGtSUy4^Ex8g6p-HqdBX3TaG zrKO%9o~d40{)j8%aKeH{96>tazapZKsQ7Q@8lS=(zdIiKLEsPU?Zf8=d4Ra5r>E=c z6gtO1uUe+O%}7go60r0RSVH=Uz(;T_7M8KP7dbgOF$^@+)Jli~ld{9RzUzx`v7_}< z({JB?j_KQPd=D_nXYj|wb9QEC0QamrckVp%{NOuy)azrnqOq~Ddgzwi4)?RXj102n zTaAq>gZ0A%gyw`}2*NOUH0+1Et7#K``?F;**U!Uuo2~uRqc1JKdAP9=_+&if&$8YA z{SQ`FaFqI$qG1kP5D!o2(z}CVUclILuv?FfS-D>m)HlOZRVX9c+uQs54LbG!_kiPl z*3ghEL(XJJ$*G?Tf-L~oj(tOP@4{5j5x22ZgNpR!d zP3xyjOor0M&Ee88H!}kao1?q^j#<>ITqLM*Fd$_mai4h5aqd%dy834-oZ;dw zVs1st&K81wt=9w!nh#hNw#^}&(wc%9waNSZW-i?)4ylg+=~n!*9q%>1qae`di$vlp zt*rbU$kThWk+WP*<5FJu&L$#Fqytil`tJ7XuV20jH}G+n7e>fd%rn0vCej{1-i4wR zumoH!D=Vv_k`hXkh_6Ro`#F%yjny`1k?UQbY$A~3#+^D76|u3VdHMY?Mac!YbRVA; z+$Yf{YEA-9PUIl2RWKUSb3_4vkCf?5NJs!E9^3782bytpb=A@$ar%afT5%yH$;;oj zhL7{Lk&KLtaC375We2S>&yR) zn*~}$+Io&+cTPo4Zmm6*1~$Gmc-K1zA;chKXurB&!5*w^wCjK zmG?!A=m&hbj(S~mbE9bI;10jz2ggZ*cbcdnD3jMCBf$vX78WRhM7Y8z7XG`lirE{Z zpX26#SFE3gR8Vqd9W{}UncpA?iBCUp5~%k?!x1Oif5$cM8N}Rov{GUe*G@#id>Z#} zX{j2r!5C&~Z@>HLB@O0KOpd5t%7p*(_!Bpr-c7Vuy7$~R-|NLMl^66=7Z(>#oH)UC zTz*l=48;LYgMivi|k%X8y zpMpU&YdoCX-2NbSgm3@sQX=W^>q`?R)KA#2)s#Q5z*1d; zuv*s~^F==%dA9?|e061-n7bq?DQVcfF?jv_|5PUoA3HEUj=md?8X6IjeLhVEX(w$C zko}#KF*7&sLL3eHH4CuwWp3_8R%B#kwIm@~(OtRnV^XzqEXzI&31R2?l^^nN$aikt z0*xI0=)WHq}Uu}mU3;P?PCRuD3}efYlsoUCfyF)J8OAwPwtVL!1W-N~yO9HXZrPUpi)6XoY9 zIs8&jQz#vn1d+7WOw%cFXIs(rX6px$OJ7JTk#A6=acTFdd{n+5jkJe=ErS{a;Gn*t zq4{U$K8Qe?xgp|inv~fFqD8~*h}YiUQu=s=Jd+~metx}1V2ZsT6!z>0ajzJ6zcDCY zXDr{dGBrFbqpm*1uhd^s3Lw$T0d260+f46GYe264Gy3J&5h3!7KEZ6BlfRV}6e9i+ ztsR~hco7r8vq^43JiG5Viq5jy$@A|Xb2?N@_5rnbUv@lRD)yFqX?uOt{u(VOGaDO$ zmcvH(nry6p{FwGPWwy7Q+bGJ1h=>T3OXvd;^oocgqs%Xr7^{s~gCdJanffUNOT~A*(KWcYL4zb(u(`13=(X_NPU>E zUj2)*5eUHaP7Kke<)c${poLXb2v~cx!hWjKku=bWGsSu1QJgMWAX6pR2G!-GpFV}5 zzIerPrry`Z(Xl|1nRLL_FDy)L`6QD^MrkR;l~borqZCTdm8lFqNJ4S(T10>MTM>N{ z=gYpn?Q=|iME?+}u_mrkJ4<((*B_f&55L;c)iwI&4K0T>KM0Hc``r*57Zw(<=MfX8 zLRRTQnWYsEA6~uf-OMR-t^@QEChGF?N3_OX-<|8*m{JDIzI)bfXsCFZiYIY?(Q;Ui zeyZRv>;7g-gFp|3{j;Zq62(GN3iw%)$zES%;aFp}rTs|5OO$YQf_R!dpz$nQkGbuI zuEOB*WjpB?03O-y2iju11{J+W%kMsYx{l%n%LMTe`KRalV%(~j@DB$2wmr8%KBPb+ z25`a4#pMg?ww#rh**b>#u{7+#SFiG^fsUMcfm&lF@$tb8qnT(+kxQx;hBCJYfN+o| zz!#wS%2NvshH_+NL?2V9B`m8duAd441bQ7EIVnq6O=V@oEHp&fN;-!!3SFybZ4MFn zts^65`3KT^(lat*<8Kl_OSXBb!^?e+pXJDslCzBjTPX&D(ANlAu5L5kg{_wV1o zbqv@X(E;ghLg1VnsnDK^y{{TvKHDFVkXSiL#Hm6er%v>+u$_3i@a}rDYFmx_>}R?J zc9Zi_huar9Od!0lDh%%Yu5AHX!vk6m&a*C zS6(n6p6mcUpZj8U^l0suzAVItdno?F3EjMTlP_#TpzWPylVQX)Dt82-2&!d4>h`*?yF0*FL37C#DkM2SG zFmWon+VS#9i;Dj_qoX$w+1BPwrKBnt)VFz*}BsO~F%m32>U;-=)Mq5xsT@c6XPtCS}uB3@cqTdyyT-ij&* zkL>z{v(TR@fWrxC4q9Pb8-an!zufA{YRqnU&i|*s=fLfwe=t-3{!Cr@{yt#!tD%Y7 zioOOVW+TuQ6M4Ga7NXq!kQ^;qwcFamelds1t@zhkBP`CIrN2j3^2-G_pLD)*KF6yl z@;a@2e58A`TU#{-gHY+Z+6i3#L@S#15UM#AVopvD=%SMH^5wUW*oFG(y*3RLWHhf9 zxl>WIsVXE$RHlHt9=xj@T}DDaf8VN%cgfpyL_$m~5a?&pTM6hOhe z!&n}&YsgPwj;v5Nw~=}d<~gwn0at5TJ5(#%y6O5C z602rsoe}hWqT5xV(}*8DNVc0V97R7+>`v0oR$H`J3t?*d=o*k;IVdrp#$H8=5Bmi1 zQ&u)N66Y818nG22VEkTRpMVx%Yx@y@AxaZ}q3NX&YSn$0mi)!U^D7nhEz3A-JE71W z_iz5dD2eOH*7EZo%zO6&Xtgr+D_(mRXE3&1&?MJb(%j5TlJ}v;Bf5WRV&ZNpuPWuC z6Y8I-16s3Sy#6x@dhjP0G?3B(fE1Navj<$exq?tGMkuzf&R>U3>4WsY143penBOz( zUualq1-;YQ)PzuLXj{1~C!&8sU%wt;28zxM_-dn4c@>>2^A>OKM~*pYxpt7Gq@|hL z*-g}X+Y1N9%e9`bvaNgK$V*Fnw0$hd;S2pfPv;Q}W9 zSzqUozi5Th+SD|~s}F_#{8Yk>EcQSC|YNO#Uq^M2+(RjDWbl#2 zaU3uXNd%Yu1C$F`a{ld)4$?@dw}6d-p|By-TsTKa=lXM^KeU-=>bxaNkVuu*p83L> zEFdp`d1rew{O^aU);$P%fAMD!EHChOrMQ2&>6YT9Pud_OK<$C;bNBF2bZCu;t38tt z2FY_1Yg0l(g8x+`_>V`Y${H?ze~-#0pm-A09%v8bTeqeuG`d>n#;HbK7|nSLZ%&Fy${hI|*vQgS;>$zpn;BptwkoPE=on8?O9N14{;hOjuZ0tdLGV zcaO!Vimq4H@A$5bk%)c=nTOrw0UZGEs;a5MnEwTm+5~BMqCNM}jeN3BD+rGur~r~( zE?l^sld~{CPnoa)UL=7fq4yoipR4POP)zN?`DbQjk;?9V=G&D{(b~4~?CtMwgcRfK zTnxSlI@^sKCwF)L;j&5AZ52G!;*vqfLwpnv5P;I;-S{)E{N7)rbl_cC=k8=w*N9OB zE@-#Lp)Csh1(vzBm6f)xE~pVe8@%kALxR@khq1kYn3DarKq3*4Dvy$!wDbyuTfF5* z)1R}5wI$KJU7#=s;vRW|5+#c+H{Hf5ZfT+SBLRg*OgwswM>5F&`%m2Y(ucKZNi)>| zb!QvS-)23Ue~dZlR6R1rG8fpK9jA)^m^yRUP#->InOZzMJ1cTB6S&j?kQgu;Y=kvv zqMXBS`SNluQ7GXI4GdI5w`u^@0Gcp$;LAY4U=!VXZm!c!vR}mI5)Jg9rO}F8iHWwA z4w_hApfxc@nlIb3vwM4cv0H9(9ihHA4g~~1b|jY=VKje8e=X8BJq&Ex(w8qs;Gc+Y z^T981F%B0Q)mpG2!RZ>`mOrSh{P)d6bKpyGPJYhLvk}Ck`5e=Tpx~;mF`m-@uMO)0 zgI$a9733!PFL~Pq$!6`+e<~;Yz~7hRu%kY_#yXy-^3J4e#!K#j^jV--fx7 z(IB!&9JmpeUY1U)vu7tkvY%}XjO_A6YMnVQSNavw1p&+BoA>91`~uWP2t#RjtinH7 zV?$9@wW+%L7gP!>vFhgL$qygS94ASvf^fig&<1NdXW%QY#lgn_Uvy)0$IcT%|cc$EpS_zJb^P{{VIf$h{zx`H3C7#3dfACQxDUYIQ~} zgvkIuuA{4~B~k!}xXq5wntJ7w-AWju1ze!GN65>-ipF=9SlQY4Uq3gWDs0yh_79kr zumUkZAUD==tSvz@Q1Tz?q18_XbDAY(uZ9aiP-SOj)od%q>gjzyI8I4zbP-PNxxG8s zz>^S22eM^ISDarW&zyQ3kp~7_%C^o2(i>MD$DpAa8n~(*vxn#d zsLU;FXEFy0KQofBxz8YX;4Y)d>9%kJ1H{Jj=Ov2eqD-v?_4i57OreYia|wk?;8my(ej>Dy*sq#u2zPh<+oYYaVHXfD#xS9JV%mJfZMoOE{lk)!1$XT%H?C zO3}05zb6qD?iT(@DSteZ>uk2oqUJz-U7|YE+0$Q`OlD%=rz$NQ<5s(z3&+O%TSsKB ze7yOwmFGT6NE_)xW~suo!TFC13jXaCezJ;jmUht52>L#os94ft;mKE=P85w_jB}UP zw~e(l{e7B^^vL1#c!NC_Cj<|&@Enk!>Ww^SR3{!IArTVaRCyNy8q|(mD4yV(sJ0&> zUhydTk2M4w5Mm;V4@>9qDKqPii8{1*Nt8_XBAuxg^L^z6MQMfxH5psl>h0DQFUF>8 zk%7aGNmc(Tu?}>0l84=R{mIjexi`(arYJIiq#tq5(vmD$BH^5zP@6IH|9JtpG*5ut z))G_NzQC-S&hJ(TEB`XfLOQQtypNS4e#5+v6%W3rUf-J0PM+bP zPbNLa&;NK&$n%75%@&!a?TS)#)M=kP zQPf|KsGPP*aMa#0QkT*ysvY6`7P!eKGQTD4WT~ z`3mWME{moIe>2c3Qzjp2XYhNYX+&i7LYHWeZd~l1R6O?+y(pcu3Q4ZRPGfAdbf)u{ z&Sk!M=-{|Q9Lq^ok(2(u{dIA7S^SDs@K*Pd;{$3%O?LPu_gw2#;&JT*DIP`knmmiG)%= zFA4kF4PSTU@i6(V<@VQ@m!)YO;9+W!cGt4!Zd0Pvbnkr2nhb|tk673W^~s~r(mLl0 z*rjy!XuP%b^86q9YfW^n{FlDyU##^~@u{)N*l@;y_qrJy#q=!Q=Sp7j{-H@3)h+so zJglY$;eQQwAJ56gARsL`c?(#%?&eW>iFg<;Z!}3t+#TtYqb8@`+gl78RE(irxn%I1 zGxOUrXU8BdC-S!z!k>0Dw9K^M62&k}*&^Nx1GfZKQYnWMD`jYiCi`%huQ#;~^8xVXM^QQTuRJSy^8|Vv}mhdyOcDi%ou# zzgIjIN3Fv%<);0p=yBvB)|T1#fn+CWl)f+D z4@yg>XhsE|ln5vGQ;R6k`u9E(yg!MD2k;7hQe>Cl|CjjY+IfnAifPV*ofEh2?Xasq zD();QerjxPaDP>3+0>vY{iICH1#i&}rCxGk?do^`Y2_Sj{0}bw8xeY1`$(4_dMR5t zPg__#IIaKEr+4;}qpU~aImWvYGEX`lmvKcd`NxhE9tN%?B z!!8wbcQEWg+DUaG8Kp$4G8ae60%mqaeqX-Ev;x}u-DRH@-ZUS)o_KC6;_-lx2Jf4p zx3TvFbxUYCWhT^I4k-9n9Lv2H3ogIHwx0P5XH?-#)FmnA;abKI&gb+rrt`J6U$M&` zx6V8$DVeA%RL&+4XFw;^<|r?A@22mtaPLV$Z_DeE+ROv);;Pg71)s@-1SLtmY8(_a z^-2Y8_b~#k5w7n)1M<@z3SMUj84A?bIKwh_IQcsWj_9Rp zGUUx3849IhXvudgT&OnE*SXc0!;+8|UuI#-VnV?b5%E2KHnGF1b@h#9LRX9}%|oJ> z>VwfzWPvaPm6lQmr4t>n@QfTM+3_nIOqxG_#7X}V_4L_fm#VBPf9uRT9F_QzT6slwW>tqnOP+6yNTY%Du|`K){K@oc%|mZ4SV^l< z?dljDn~D1IA9a=2m0vBD&$q7;6qJ@>&K*Uv5e5<0^0J+qRyPajv!b#Bv#Du*3bcJ@ zHFRq@-V@`!M|vSJ>v)d-msDoN8_Y z8uPL62|dm7A2h_Osw#qiRY%h_9R%9bLsZm!u&pEn{( zllX8L#_QL9FpC1-xoXvYI+R_xh!BS~t9$(TpM}>HrxaXz(^15ss+MMMY1igIOdH)c zJwNa6=63CwNP4(*#6(~9N9f0dV!Abg*hGuuv=~io*08%anZ>ma{4=e+WWVm^-e+_Z zn-u)|!d{V6uQ0L1K2eV>L#!?S6)HFw1wF^B|10L9dq`SOwYQ3<6b9+?P))&y`dfuk9S8-ad!7hyEUSs|)Ox zC%Y5V(^hs7te_R?IhKZ%70RLN*x!d2d86pGy4j=1zIm3=nb^hfiqt()sP_|!6C!UX z@d+xeBPAMhY-@Fn><~7+MaS?6Ru%Zw=@=O11V8Oz;uxpdsuXJ%6O768c*@p0m2%9? zLi>(pEWW_;Tw{+S3BiUvfZV#4Qn#=HY9uj7VpQ4*{+P zGLu|mvVTg7b1M!9rSLowE=}PjdivwY9c>Y#J;B11;$!@hyw;a3EYb_bVCKt=Z5z5M zkG?I`kB|$NAU;SN>*-NyPe3Z>agBCh2~2tVGys;iLviKjVGw1M=z6OEEwzr(q*&(0 zMzF&tADY=a(Xc?5WnABI(T&P74bnP8KRU_aGs=;7)3<$ic(|>N`2D5nwuO(esg+&R zym&ezS|4KQg>o!-DNOnb2VjV|G&H0uF-(Xr&Vk^B3JHr`vlzW~Scn=uB00tXwF+v| z=3gON_{dM4#HBralIvIDF`dACfOh-Pb=FV9?RjR&H{Wy0JSZ3|a_*0J*6}!=r8#%4 zOrXGY-#(Eu2`^S~GSDB;7zHO1ywhU>h;L2;iY}fnV}bf@_Ih?q6- zaqAGX&~Us9zaS`}J(g#fT*iqj&Pv$-j2Cf~YWpFgUkyKVKtOC@_?ECsGh_(7Oioch zgW|i04F7p~MdK2=iqx!A{7JnsmY>e&jy#}^-03w)$PqXs@ShNUiA@$oIdx!B&YS); zy}MS|J01w7=I=O*nr?P)ri5;8Y;2>k4`P4_Mq8S76gMO|C6O7u_&#$PYoHLAZj2BfD(7*v5v@ox1G>~|GxpKNX#-%k%hO%F>!O@Ic*LqNAA74f`pM%l#D9YxP*wNc*@fR&5 zeQvQ7v#1#e6GwQy1-1Wd=g5ux!0k=YDv-tK?^4X1=H=xL^h?%hrWAVWkZr=`T=wAD z(RpenDshB_Z2EssCWG!)@Lcp)48^7F!nMsOR#m~uy12lEAVl%5us9j%D2kRTUv{m9U0$tFN4QGY=&UEpC%gA-@{ zeG{Q;H&3K|V_K#>b>8WLTQtJ~!NMVV#iE1n_4926JlJnF@* zF%B!-P`)O7vTzt)b3+>ejAQWrZ^CT<3^g~xz5kWOs*fLS2RA|6%dk;TVqm=7+_JK= zx;V`BvX1JD$+)v=JvP(6pw)YiC54)1_~0FmT}}TsR_?Hyqb3$65u*`rd-<8kIcJ_p zgSoBui6Wxa%r6`_7Cn2|_A;VcuC8#|78yB1_grmdrH`*K2_02mcyt@>gD-cE-R8-O z*(eb_XTvsbkjRl%(h^tg?IWx8SMjj^5t2r@fb#bhtm%$lI;K>7tm{&;HWSI3V}rb? zcD{AG!HX{ERK5gzGcrmEL-SwS&ARNaIB!R&`h-$vep$PNbYM`B{_F{ArZ9JMq5&$A z8o?;5NN>=Orx0ur{Idv(Xs!+;d4IGGd$o{oEu>+0>DaDPv4p2jkBGTt=Tqy^L@r8P z5|HUM5H*LTBZt!Tv?c2xyTO$^w7s;fp2a+rL?(3*?)CMl)Nb9eWB$27^a^cpd!$(E zj^B8wB`EG9(^`K^Oj}1eOg>pK=*{nUj9p^#f?B@5MH&jP)ddEJs9ehSGfk7PLbrEl zR@zG*pd#5}MR~bH=w@Ofg3>=U{0MyGdDR3v-fzw0|8e&a*KxDU-s|Pk-E&RLjG{F@ zew2J@{ZVPDbWmnmJjsdR-LnJ#ZgIhU_B$(poYc$U%7@JB2ks8GKOOa7%sUrF?$1Ac z=XIj(EJ>Y74O{+oJyDO$I*tk1m21`V+{Z;Xg)BA}BD~(ky&qN=AfFyc9XS}q`(wG) z8oE3zXPn&JAutu7Nna!L3lQ1oC@i%BMRlCQH|+lS;ll;&FAEEnP;ZC_uC8B|e>8qx zS^^PHbpfu0MW{dcJ^ESDh2|=~{Y3h)wnTHbPT}6YM;&y7V=fJXK0N|53gtYwUXlI# zkL&0-wgg8!D-=5xM+?g&4a?antXl{;Gb8G71VGh=Nkl`l9YXlA=t;EN0l1;1i{Q%! zfA-o~{mY#SbgN_Pu4g^i+HYG#)3 zjj74XR-?@hhI}|EAP_*UJi;hR8Ff>uLzE|{Lh#h_hH)F9gdj{88goJCWh9RT$9 z`0(&0m}s%r2(I2C>=phJ1 z`z%_~Mf4X0r25u;5jx-eAwlDFp%38$L`@^$4*7QX$|Q~;f$cty?U=!e|2#Dj#TA69 zk`l3%sDo!470^Eb=a{VQ$iTpN*r&TdLMqN-7J_j9ckbSOQeEx!v93+KgmJHH22kq% z^wFW`#^E0pMC{RL-cyi$dVt~w`ud=+?#*^qm;)igqZSefjSGGv7{;GL@`3yGCJ)UK zb#&qMbDT6XI@=slue}(${r|fLpPtVs6oaD!jGO0hVQh~xfxgA8!!;3M6M4|;%$aMk zu~-hTCMTQo^Z5@QT82RwI~$tXzzqa4IL@BZ+}3bo3VwV6V2G= zuyLYU%gxnw=l2Ki#Hz)`^VXTjyE1Srptq3VpWOHg9A0peR>J{U!X&N+H1m&^-R1`m z+#ogL%ZrMN1RA;OGGTB5Wr+rbX8}v6^0&b8qK`e~SI>TQh7yf=jaPpGua6oBFU)z- zty{(*a6Kt4QpS?>MG8-GN*$-x(v@frro%Y6! zzwqWk86ODyw}sOh`tK;NVokxIyI0hJlAbKPcobAWF+gPvJzby#BIv&_oPB`g-$dx$Kw zwL1u1x68{nxyGPf5}IQrZg2hmuI$iC1aTGX7UR{`)%9dIJc%HSk8;w|u@mz#zP#k^ zKT${GtZ|-HXy5)T=StTud0q;=AMol$e`}@ljA*hj6^>Qj`MGt|L)%v2?@!wKh0^yL z)Evw*zSC#3OB50I#yNCeteCY@9IBDS7k= zklL=so$yp<25yDv#YH8@_85#FI8ng{zrnwMeyGF725&vw%}twMZ{z$mEDjSEm%%%V z1k*Nl!i|Ik8wB6bE&rn7Kv+>C`k_sr>jtg1me$sIQ2k!_#@H+WpiMmW{J?hcDncWn zdl!b=0tY3vxGlDe&X8E{-MiP?0prj7=g&CJ1AaKjG3y9BsGgsUbE9b(aSgozaQbT2 zEkl)nE_Z|K*2?Al8gyW#2pvaf>o*7@aDZ^gxtkzRK!+ zKp!2Qmr&=1Qjut60QND0-XETofv1s{uEfQ`Fktue{9B+cOUns_L?_y@Ep+1%`T?Pp zl$36@QSgOqEj+Lf`57zGKQR^hXM*66Dz{x&TH43SX>DUeUFd~&NxqPkHmpbpQeV&$ z>pyQI>g9wafH{F&>5rb|Cr?%}QvI&0=mjNufvrSP=%E!tbX5&piI9;;nnEn$R`M4U z7w?&v2!+;?Sjm{AVHy5(hoFx^X@U?5tO_yl0y??o1*_!;5^n5if=rB#n{BKUBrkx{3kV0ukES0X zc4NX{_w~`dzl{dRS$MPR~B7x|je_}oy8DRK-BGSQg8oSyqsR$7V<3$P+XT|LgS=$5oJP0!EIM{jqh6&3(` zWXjJrQ8#+QqKE_tNe?cju;1TuZrq@eO@et9iNgS@JW|*HI-E{fzU}Io!){lF=OQGe zvCSb6r4<7A-`bXcbk-%p`bZ4u{DPF@j9+8=U^%d`L{)rHWeCm5(0WkqJZNqX!`1`E zL+~u(6a;8#=%hXcg$_#^S=Vc#A?WH=2$AA~A-tUH1gA8*qL)G7R8}%JP~ms*ZmwaD ze*XNKPza4S6jcId;ppuFbQ61xmQTRy0ttAyC43hXMsP{55U7{Ut*uTpTYvfT)Z?`) zs>3(qrH8%Iy$K%R9D|cJOX0CY*Yb#qVcC`AN`f~7xBz1UZ=O|CaDbtqp^wi>s>sQ& zxLt%8RQs?`!t-|?nkwu^=JyR`atsLH1)KsGri|zN8sslbM)Xf+A=#90BPijpjp8t& z)`K{Dsw!mDw{r}$4Hri9TYFg@XJDpHqMbH3m$%Pk$bx=wtNq52;7xr)cv@mJLp6wlHv=?FCP0^Yv5qxi(7kB$F5_JFbaKNiZT7+)YglioWrUl$g}v4gOpNHefr z!@x@d#;*_rI)ryP@o;Vv@jH7{QyH8n*88B})$i*!Qq&|Ik}a z;lftrs8~jD4#G0XwrR+iu=hBOnp#;Yz>|bcjif@pv;;Q~${H`sI<`Ls&<742Vb+5)Gb_eg@j(!pU2KEN6c*Moj9Fx~I5aPd~SVI*3uO2ki-^E82 z!N0$466nEpz(r3qwqjl(l-_-_D+y{DQdme#SOghfTs z&c8CIEYN}24(y~~LclWs8sA<&c;!i6*}>EA)0f@$gHduVp>0IPcSJ9fCZ;x~Lh_wD z%WJ-|D6_TX!t>u$i5q4u^5^Q*bWV8aR@|BTKQBN}_c@O@YL22$+^ES*VjEOWn$IZv z)SbKO;?&biB!wyv`43mLG47U^a<;hbH*AO^Ly-1lWzDh5`{%kf#(@)AHav3gk1icNc<{d$wv=r2 zl#~kaKp-XH*o<22Qji^7-hc~ohCmjqsZM41w( z!rR-O@4+>3F0#NhJ{Zx`&~N~S98-hQ@XzkUMpcrieblckb9XMAi{IqWk7b1C)>nZW zX~k*;&QY<02a~Q}A8!s-9@s#Q&)8{!>SEu%3u1F*9$%1AQP)(WNTz0 zp{7SrB+7WEfIbX4Ie&btRl(UzPd(`ztzD6f>l#f73Dm_7{D$0|oceQAdPU~Faj2BC z`gHa)lt@tDDq>h#TH4HD(oTTU6`M>yP1N&aT}onIaYpR>S(u{?U(4B!>ynuers&No zx_$~5v9tm}%OS8mxPKr0wMcBYY(3%}ZPD=tTpjjJ6tlMgC8rtd;^CIx4<0}6|Kf|@R-9}@B>;+# z%8p8)`zQ}5r+7^K_3J&aUUji%rrIqLS4Q#T6KPFnz*r>xPAFth}!S>Zu02+OH=~xpEVDT zwBulj0>fN~-x5i&pYu~OmyCPT8&NNz;}9+AC`L_9he;V!7+G0Sp2*MGyAOP70hrgU z{OW1G>=1XRi+0!0hJnaYAgO0aggkL!+viE$_!8lFRN4g$P+hq4|$d-fX~RpBXj zK|N)&W~#RBWyV}N=dB{dAwYQ;&@b29aw$tkjcXsB-z2nNplb__tq7F7ioP-JCMvwQ z`o3_%H4DhJ-28VLee8?!xA;ZR{t9l2nT)@;b_G2vB5n^ZgHwbHGyhU-)U&nP@+G8> zy2vrR8QKR>l?bbvU3w&Z$bq|mGvCRV_Y_ngbw<8)659{VSswhynx0=#>S&>UdEFv|A=cl zpUcL@b)vXvPIwQD*}3wb)a)wXb#amucmkY9HU^A?-H0Y`94}oCoMC#P<*>WngH0G1zf>_~4AVJG`}S%U)vtSxkg<;6kpA2i%y7NO3ep^$LQmrrlzIx z=L!YVOdaI$=VNDQ55z9133L?d+?Yfe415r=m6wuIlX325Y}gx&^xvrCC3M8{{&B;XuLZu^nX_-3Zbeh@208%x z0~bz#&B7|hY{7DSh~?I&%X4UN0U3hI{CAGqz0D6(J0Q<$Frzrk2)k~WOiIrDYyjUK zhq)hO9wdCR_dSp?(X%#z(L=Ri0|sQYWyiAe`CC12&Tqx#jvQXKS8+T5B31BoB*nd; zuQ|ww1d0cT2En0O{_r7E)n8nM*0E#a%Je0gAwSH=Z8Z1w5x>2mTn3>g1sUL#zRule@(BHRc@uft!6_8mJmRX-5lmIKLcG z6+l(IO>m+T>QL+e^cSFg0o1jgpH%wJXLFBg+jQ;UI9&v`SwKOQQrkdCfU}FpRRI~~ z*T){$)TEPqZj^K+9BeR&9s*F>7$@|L;+}TDNQD>Ndp@xYIuk#X1SMNPcke3xLpV7W zCpKVYaWa;Gh)8V24xIT_QM8vS<9AN>8-K%T4{c;P&rV^}Op{tb8~Oq08yr1_Q~9=0 zT<6};$;iMqAoN0@YZ;1FPn5L6)s<@{NtqEIxnM^-8fGtj-6x+brWS^BnvK!>+9-NN9^8$q)Y;K`r+HaFL+_Q`0C-083Xmhw6%IOtrYD$6YH@B9 zGPUKYQ)XjzjD^sK6cnsZkI&Q}BsQS0($`i%c12?iNcisX{n~q>Z?P*K+r_> zWat`bD|#>ntmIXMZa-gN_^0ju=K!sh*)(Hnwx3i@-ES#IrL<-oc7)~S-_7`7stp3k9E9*v3P*IfKap z=QPrP^#)zz(g^U?YOo31NV&^=c@kP=2r2Ql36>)bja_KlaJkOt4hZRCpC-g;%sRpg zJ}LZF`Ve0J`62=viq6l!?7HPXI+ahueC?wAal5A|njKn#y&*ohteiPgc-bfG)xo;hdBfZB?Xn@y0MptC3} zz>$a+LxYU%AU`ux=W)<;#&ENA#%gRIC7R`J z)I+uWI{B5iBcH;Dj_3=}Lq!NQBH$xf3pUZoK^K&3MtipkZ6U561>1_tDvbd+qfVU?7EC%LF1B{P8{j<~&9d0?s3?XZ}p#QKp3q&o~JiZJPWj zv_i0ZV|gRd;49^VkfLG;FhW9t67CtPB7Pfhck74Hk$ukXd=cfj`61uCVZqm$`%Cd6 z|9jp0x>T85E|nUs+2REZg&WHcYra0ccH_0W>qE;;)5(+EH;lJm??zhulvHS}(k@~$ z63N{nCRH+%hi64t_!Nl01y(I(l6@{W)h+~LtM=?*5syo&`%F*^02Kkzaam%Qgxw|* zV9>uw_v=?3aGoGO2xV@>?%xmScbbu6C?=Fgh9E_jJ$qgQ5CByLboA%>_P_h?BiiBU z>w9@sTWHLYH*gvF8!Vi3t`^ez!rYq~Ky2xzA z9^(y>30^+z*eKgz26kOd);jxK96t=6^2YDOZ$U%yT8Ht-Jpd4Y{#?|yhWJ+H%61s; z=clvP8$nQ-+`PPa^@Oxc99chH?qFNq*w_Gi5T4j^Hmt zQH8$`Vie@F{?pvPIjaj^ie}}4w0LY@US7&LZo!{aMri$70F&s3uqNG4q@~A;Um$(j z!2csI5ScpTAw_{f7W^fe*|;RLJULGg5@0jXtCm5^mC!%W??<3o5JAYp&=0E&ioZkf zXW^Rx*quS|jbj$+T|gGlzbW{{b${Ra`|TTo<#5p9u!MgHVE*l@vL)=v>R?Y#kuJ$xBVh$!&M;M-FS2L)u9Vt{>2y*x;%jJUApJ z<%cV+Z~Z~D9niywRf$($Q(av`D%$0&PFqmNqP>l%FWmd3pD$11`F`KX*uio{~2UqX>C7dOFsAzFx(22#~%shC5 zO-+a3DLJYjQJcvntxS)D{d-&P^e;x4j*bX9O5eb@5he~S4fE$fb8;NWD8m12f2g&=%ty;1(QsF45bF)C zhkj%r&e7dJuiFuP>vH-pUOjAo$0iR#^eMcj$DN!A zB?3;-2CnO`lDuM`{XbP1$e7I4Lz*E96cY`A=x0HVDj=-{z$4b_#9(WJ* zgV4G3@4uA%T$_d;rSv+&M9m77zvG?m(JnlE-VcB+TD#VpI3WlTiv@>Lq&S}FAool)2-+U5I{Dr09rf* zZ+onZ(B^?jUV{mE%mryGC+ZyX^7G#U*EfC|^|Iow!czxZn)`2ZL1QRtJv77vNI@PU ztfm07iSKLtUA+rk^bR4PFd*PN5J>21MEB2!il3Ju{TFaBSL;0toEt1*wC18xqC!EZ z4;c$~_E6f9BwTo?tVmtmweitiFlQaU zlkkf_p(0`?=BUuZ%r8j>b<@Sfv47IPM?#9E(o0xX@6`^7iDl6!WbaL%a<%mQOSA+I zZw@CRuB2K#dcPHA^TVh#o>Q-^PbduDH!Cs_F$-y+BEIaANtrCTX#CA2L@{xEx8^^gZdsdmHCPmXf=`TrV`Nk&$M z$A?3c&q~z%Gv4=C(yNEQWV2S}M4P3|#}_#gyVfrC+G1s>QuUsY4R>(2218`MTu*#t zXLO=U$Kf%KP~cW+l1Au81|cw#tLu=7!C*@E-ANXCc(=V2z6K10&)wRAtcCKSwC=t<`a z*eEV*-x$nW?T{=HcPN88gD*d3bt+W!xXb-2hCb3S-mB3K*0vGh>bxr<7S~lZ-51uY z8}G$&{L~zewr&iMlHu6@ytmlJmL`Te+HBhRM1xwToIKTiyO0oOk8+clrI;j*XBvqN zx)hA#mSfga$(??Ad^s{NYiJ{V8mWQ^ZOwjr^uBTMroRT;ms{ST`kQgrE+{T zbAlcBMQ(=80rN!M5VPlt3~_hmRU00sYw4RTX`d);+gh04o~u3RylPI9mUWvftxMqZ z-faG-t>@l;4fr_fE=&a;vDw^F$Kgh^ zH}jo6nGYL{F3Ww=$&`>nlNe(ocUQ-a==y!nS(XodU^7~(E~}mLJCCyfA_`Q@P%n(3 zpwrm-eqFuz9Kgv?tHCdh%6mU_(slLq@yIU+x4awEbMiBn7&;ZNan-W%T&}Kr^aF*n zwnWRxG2y?6-S4qQoUNX4ZM|a7?3A`b^i8u+y!VJYzvbg5bWd*Y+Ek%Fo zGe48D_MbM|Oz`y{v9Z2>w8&R!vhw!~lTSXwMGO1*qXwbWU;WeX_)myV9GBr}HgZ*J z*bVr3O7t`H1F@(#X<x)5E{ zAQ($j_}^_Z>yhtsIY}N~*Okeb5(^G0WY0&6B*<|6s9N?GZxGKLj6ElMSLouwZ7WU- zo#?u1QV-s-$s=ure9`Ztn^;L-jnMqu3I~fJ-L^T0Lq^QCDyCKSu||RWzB|S`F?PlU zk+C-29~~-w2zQ*z5gNW_)1(vSz!Z=~`$5nD`9dVc!9DT1>kozewfaw1S9!-feGFuG z=;0zd^4fY;uy&3oW{(9s#q<6sZPr0orgMgW-ic`P{z?4H+B^}HMZ{>|Om*qNxbw5U zpZY9$564H=<1IsI;GCz5otB6l?Wnb{Y$PD`h?=Vidpqq5H<-K-@Qp9!9d zwxnwq7`Ks_BE28S@0G8wGAAq5beb=ar=mReDXAMLg-`~EHu$=@?yKbbnwe?^9x1mN zm_!$720R|_n^&aWASNBrto9zb<7v6YCF?I2xzb{8u0KKjZ`SHoXAM!=Rf$b%3bi&K zI4vUUsge>a)z?D;*6-^$s}z}=jW1vEG| z;p2azWiDD+qzx@beI!pXb#0Ay9KV$s$z-^Ag2(FYDKE>-EY~y49bfJ5)YnHW<((ek zO6$5M_lP!vp7;@QbGL2!uytFX9D~JYWk%wzKiiCz#t~WF0gN2v#ePZNDJO?|^9T5p zo%EH$C^wVmRer`%rBacV`qgShbkK$O4)g^dQ18F~u{k-Dlp5D|sNfBS$rc=ERJ&;R8X1>DkOjGZ}t(q}wE%lRTdQtwfy-<0zlgkozyE34J<<9Z^I1a67Yfui3H_PCyT zvZ;JER=ib%$)2NIan)!n;x^@Glq2^t(Ovp7rv`dOv%3JIQ1B9JaDb>r*51Q*g4xWe zfz9JVL;A%#I{>&}qAG&8#FFx<6uD4zEfHCzYWMX=k;IG)d<1GUL-b&a_376u|8Cv9 z_^I-S(;o;rFKk$%4Cjz?u(7c4M|@?s3=e|=qNwhFUf){gaINtbsaP7wpuA7{eQ^G& za&yHCYHgz!i@n_3RIO2`B_w?0&fRe_DXJG7KV>pQA>JmSEHPv1>72l!qNf9{xfvxT zA(sK$;~2Gi4V|5WAo0!(lMx%LWebtNKR^FQq0hMY(4B?`1Qv3BRqIj$fSScj6sr4) zPS3VeLL`f%%9X_^=51qiY%IwiTF>S(CGS%NRWum-uW#=US(h&BvP%7w5Wo7jSCiH8 zHIkpra=5LV9;-`^5N}3m?2!neEe_~>uoQWVDS^nt@+^@lhdJN&Gx-IQ^~T_ZaN;?| z_gD3uOLkRx7&bjR^9paQ&YFcDyH5N`BAljsVcAN&yv8~{=M1H}5-mkjJ#&d@$`-He z;R6?DSW8qT{eu6x>CPT9T;P{Vb81m@hb;a62sigj4;)y1LXR`T6%OX1$9RVH^^y;mIB+ zN|$Cr7nTQCf-zwsy|~LIRw(~4O?aqkk-uL?jn25j51Xq6LbPp5ZM{uolO{3_Rnng$%;{@%7; z2;!C-<(lZom&<)=<$gYeR*3b96Cqh1;;p0Fq*El}35qexM+Vd^9NsYP)4VWL;Wcbv z8ZOEi9Ti6Gsc^z8=1xWe)waQ z?a$T2#9mg9C+32#7FWn!`rNXgn>+Dd$B6WZ+lG3;{VD-I$>~G?N(($+x?E}exhURI z_hZLkaNn?t_gCRu{*I;Ke;9e!e|Yc@E+oN32ON&=Cjo<(n=2 zCA#Z+#OmX>M<4eylz0n$2zl*TLXrRKcqG*cG6gPYi(h&kq7e$Jni2gyJ=g`Xo7_O_ zu6o!h@xAuGD4pdo{xVHy2tcra-000Y@wVU) zQRkcMNfuInB$7{mU&l6~95EVU+VZvdee%sqZ|G$lTz>HTYf*Mfez0?qJ(O4{vAejR z6bXe>Vdmw zHQ8KN9ag3sNZ;r5HVJ%np;)^PhIY*_Ag5_O{da+h5d+og{Kumbw8Qt_oRYM1tI>Mf zA^1&1>Fu?q4pxUtT!Z6RRTV=%Bw5@cYO+%md`T@guCVgfG3p5rm47&W_;gVt0_2@} z3;nI|ZT5zks0wM-i7^~u^XEUdYIzVy8%J%nBr zSE!~UiK8vWEmbx(eTD)ws$EHxqP+d6&P0l%HxrvlpXg99%WVpFyd^2-f75!_8Dayq zbcJ6$RT0hX4l0F5oAa|IZjtt$aSyz_T3BU$OF3aR+T^M5RSR|o^cA#d-??+3i={{5WszR4b99%BfO35lUu?@alBpP-2&V8JlgN2a^W(>}`^s)AvWIq` z%(OnOqQd<2gV|S;mJ@HRbFU})c8GQUP^PVFxNzS^`(9MS3~h0{i+De4vEnvOAM2{0 zz%|Fo$RimZouVl|f-smXlvqg1Cz;mxYV zyTrTWydG?~90m3p$Cg!e-C3^ayW`-%Y!@D-&fXE{C&>2lmK15nrzQXGh=!?7y1A;{ zS&i^(2ERO3VZ6rwjf_wO90Tz-)`=g;R%CraC!s_)k0fRz6O(dVe`Ox1`o4g6fFcZv z9ccQl?>kJPf524{&IiYmRh7;*XLZ^)l~x@kVHK(O!t^(QbywY5IrIKZC>EgYy!PDlXG zZ3=Q4mIv4iGK!0j);2&L})Gm+^;eI7Y~%OudmONWetxRAnauz6Zoqj zDyV2_33^N%c`NFy#V=k%J#N5z`5t^$NP`8L==9JJ8W}=hA8^JPCMf2$<3WC-dQ;g; z0ND9;LC<;~Pl=BQB4vqJT#<#Mz_B&#J8<=iEHFJ^kZOklfq<2wYCxXOPhjx#WEiSO zFcBfk5d&g?#zXt?>)QwE=v<720&Z4wjK2rM)f{PO2E9dp<^7jd8$rb&ui+l#!GPlt zCm1{U4bjXGTsleY3_!!xFhyi^E55{i7L3Usi z69F>8IH2*O<;S$X0O*x*r$>HHSYeQyD$KB0pclY($92nMU>4{r3+}0y~41=rB(z2>S?}Ho@|i zft9;>6cii&)esqznqc-N~Cy3_#f%WY6aVlvh`%-!ZQ_#$Z4DBwwb&9 z$D>$%Z#2p`1YiHQ(?}sfp4n+XYTdVQ^QQvGi=N*$;mLd)AE^g^MQuEM_l5Ae3tm^t zNJ}g6ev3O!_bJ8V!8^8na`8Ts8=fi{Aq*lcFVKNo6rsF-(68iVXIDa>)Z434^c)~D zVh@kz$`GW5SniM=v_n^dPhPYCSO^aph9~}eVjLgi# zc(Z`yF&v2Clhe2|wHSzBjl~nE{jD+!iZ8IkkktHF<&A4HGB$>H#tKX*h)$3nAAepX z7#|25lJ}Sg+++}CgBi)K0#VThpcqOvd@Yd8KwdQT{5fb5+zhq|f_DD8#!fTvV#57n zWFNj=^l;Igplv{A!PdkT`yC>Wn<_!Eb(QjT^H9EE)B6oT zVnuicT0ATmV9$q(o)dU4TsOG4H}||V$5((7l(=$2RU~kbS?`m=nODBp>~L2IGqweN zfX@S{5n=!c%L)QyNEXa;WoA)~fCMJYrn9oL5)>4~XKfs0d`4PUHUL{NHfw@&3cx-n zbX+Q6Y`POlbb?Y+b$EMVjBwjvfDnh`hX)Tui=EwD>^~HAoS;wQ&<5(46!R)iAwW)FaONLN-=fkN_*BH-PCsZCAViixT zWO|@Y)pVht%3I}3!t>7$SYvYj@So#P6uMiaV`ZH4Q|I^5q0^l={A~jt-x;VA><%iW zvsRAQmG-X~5;?a0f-NPcCjM~lY!&ns^}}&zw{B$i{ct{(z2mA z`%RdkgA_32=QdghLvjI<4m!_`t#E?G0`g{1F$58oBA6n=|J05L@CLUS{@`mtpzsbP z?05x6hK42fiU>zMQ~bh!;|JCUVREOKm^aw91vecgKg{krSl_DcZ71V%tyk8fv_!y{ zm%iH&#+a>eXcYLrf5sPpNjvy%ATIZM_~m;TJ_d*{F;k6c4&(9gwF+LkiP>^Z1aZ;= zJ2X0oZ`H?{2~8N--aT+dg7ku?(=kg94dlDbL~0w?XY@6ZnbYR5$IU%)S3f zfbrb|L6Yeu#Q;S$e*Rg4ZUg5mPJ{hiwvOiurv$~{q6H~`gUvS2bLVb&m|AN~7Bmsh; z18!#2d5CY@BWZ_$#Thv{OY2*B4;X!ynUMh->k#87D^Q4pFc&T>{G0aYp0ML*MMd<# zWpiYn)PKH+;X`>PsH@MT(5U@VbL-|??5a>Jm^l}LaKq@hloq_@WMA8BIAPlnzc_2y#xRq++ z@VSWcneZv_(FiT!$)2#aHEK>7(SdTaA`5!}xOuFFif3hYpCL{o>=poaif`Nyndpm; zYqdGh^!hV`%AYXJp-LQ8pciY6QRRwTsmc?VlG3O1MdU7&MY!_MKQCha-7-aoGRUUh z0h=g0RE%%p{U)m%9tBq7nqw2mV{{BvV*7fJpe*u9#GNaXtoGmk#k1H{-2f&LE?#!r)t z^Dql1O171DxmAbUlq}+|t*P;Tdrz$SIm^V+`k(j?P;n84$XpOvap{4k0G{v`ug+AJdll%EhbEi%vr1C5LJj6-txA?*htKO%xa3*-3eEQl~%S)qfR~jJ<2h#hR9Mk0p|Dc`x%JUQ^ZZ9mkgwqMqr0!xIAEQty&oo;g+H zdvVjqeZ?beu_fY!l%0Za`Pp7T5^#&{js7hBL zo7o@x#t|F|_fwP0spne0g_6?fUHO>;bom zMA`@O;!_8uUP^H&37q+~BUiKfX(A4?MaY{6CG=`1KCWZ;r|%k4c!v6-9Xfo%d^6|W zKd;f7;GLqb+|wgF;Vrjmw2#36^%9{jCrSt|Ws1sRygD6{W7Elko%p&z@WdBZ&Df>6wN+kPe(QdzJm`aeo#0?MUkj# z8R@&<36*=Y)>yEbAz&&M!x{oJH(EHrc4SLrNq;#c9v8Xz=u@j(KwvA8mYyD) z^(Ojdx{yC(GRY9`0nkOyc0uhXq@?KOU;-palRp1U<&=dnp$w@b9*lxtL?@}KKe20w zn8+^&J{mdxHg9cFEX&`3#>|dyqpEL8-z?YjUk~*g0Bh{{nk1xZ2UcVWzfS^ zL;C^^^Ei3~s4}*2@unPYDSlMK%UkVA;+DPfE}LWRHuoOuQ7PG}sLrfw+!ga37_4k} ztR4OO#=w<%CYP!%(ePnoinNWkGRnTp^v6vty!P zDzKw9Xx}hpl2hpwlg5oN5v9OzT5m6z$#zG`KiVsCiQZ{Z&)q3B>B&FgED}fM#!Z$v z5~?WDUAMyJ18fbY=KHBbPgt!ZhcEo;N<8Z(UtFKS{;cNZqd|2U69T+J4nfKT1bV=oiycmi5>DhO!;v3Vmm>U_x*~B0~#8|EoNp+ zQf!0okypEqgJa1(&#t?>JBEo(*|+*qR!H{U{SN)(HV&AP70I@8&dcCtG4&C$I|_8= z(Cc_5)uLuDS!!q(q2>Aa2O2aw%>4n70dN4~Cj$IIPcL+lW;d6eCo6L>OrOi)(XT)M zzC{rFa;%>#u-HTIgUY0JXmRduSn=-Jnp|BmPh{+PdR7iC{(-PPz>B$`<&pYG?t0Wt z+m(M85$acuF{j$1_F`;%b84*v1_3}ALoWyMHWXk>Sa~O%F7$4+_fX%a*34A3wXo1s zy)GP|zZRwjPy-+NK{Qe|HNeP|vzkzfBgp`YZV{2V@SYjjHjl9A8qW|H$-O%d_jrjj zDvQMLdo(tN+hEsrd94+Ujg|jBG`kWv-OZtjBn);y*9#!z$yygJ;uqBP`U?)NU1jO8 z{9>QDc<`y_q=|$b56QUY<`lHTtBa;GnDm~EPE)?^I%@7yAK#thy&QZ8~;0Z*Hikr)tp;VVJ z=UNlEcf&gJ2|N}!gl!RDg02geVO`g6`Nk`{O~T5`ocpRI-7PGb@}!>jYq?ig{ZW$^ zc$rpIG>uan$QU~5+|^%uTXj_SEZ@fNhI(9!YV?k+e5wk7%CxRTIzzl76tig5)@nar z23UvOAQWr2y$Lg~0RgTA6~EZS#WiqRS9C<*bqQrkUq;n2PH~gR7F!}QOj)wncCqoG zDul%aDs$vA05c#+k)4E-*e+|2q{Pd3jSzfQm(h`muxDr&L6i(^W`Y_L24f;s|2w>rt(pnTv!^oI`mn9kpe z+VLn$kmzGoE192!OMvB6Stn*UPb~i{I^-kJ#zXT9^Z!qLfADK`eA<7VQdns~A~e5h zabW@aWIY1|omC1-O4g5?;ce*eG3jdy@^OOi|Jif&_H*;|D7r*9izYJy6SaR3@n0>b z?=HC(GPZPIq-kDfTh|Tal1-_!)KKe2UAsnYM;$sO5_|!l6RK>a{~TrRT3@!j54|Gx zOY2)%8JcP>gItrR4{)`R7{_GiZEd9n z_sFUKTzU?7hPfYYwlqplnAjVbZ|%E&blU3FEF)7-6VRlW*cAytOt4c89yrQXn8gVo zFj(>nN~Yr&qx=nqOI2hRT(m^@j#r2?cAi|PGMO@fOkRDZ#p%R}rJomhVFN{3i##fN zPMJvi)|eJWE*&b1-yIl~u!Rs2SWa%WIzWx=kKaw`w@4cwPAud7@?Ka-M>LJ%kt6@m zW?(HrhxruW0(9*{+0ILi{ri(rQjl&j4qzE&o3p*WNuvQ@^Z3fb?ID?Dd_G9yuu>*y z{?UZGxy?ZqIrsA-ssW71fKw6}+!ZjN=yia|mW$^us_lOPRWWp;KY_7VRaOF42b8O! zs%p1s&syqbkjy#juMC_CQ)mIYK`N|&X&He5D0sHu+d;t(J&TXhhsrWJKavwXp-rC!b>&G?; zk%O>GqbazIDKQu2kdTC$iGqv_jsb#YmVl0bz}PcrMp2(U^d4Wrgdqg`9M{*UsP1{> zC_dkV6mUG1T~x%#jcy|B*Y!>?!V)0nfi8xM-6yQ5Przz`wZ>2IUtleStnF7#@-HuP zHNouBGav_GL?}|f413c>Y*FYDAwkA)Slr1841wNUb2S@>uNwWkPDv2zB6N9#um%(h zjpYp{r2fpCJawX}f8i#``m@H-x!3#~k9s&kKYBf4dmc7mpyn7dt7Wb;m|@)3j>Lo! zLRc4kf>*$t03gE*sC|3(C_#GOzP%_7B%iQj-~flI9}v-3#Ki&Nr{>4oAc!IA+y1!K zIpqF7Er1WwTEZnb>i?M~)|6#Y#dnnVS5}f!PaCfJ>9E<=uJKBGKWs3ssJK z$t8!L0QS%%tMGSO0CYHHb%=J`SI!A7-OiskmQb^nJp268P(9BRJEuc$ZeC-J*;za$ zoD<>tX8wxo`{QjB-uzqE99r)ciYeY7^nKc)ux+ML;ca)~#4F^h5r_gYt19K9=jeeX z0U2Nq<&Zs4St#S$1wH}pF$B4<2CJe=G{9JDI3nS#GTc?B2&Q;0D2^phcp%_m&{mq) z#A5v`gjVPNX8N_4gr3lMg1$%n3jUdJnxhc`jOQjxC4}Vc+V@Bz1Ja+296)90QYt)v zz2VrG&pP;4;Te|0H1xu#@?R-@0n?AVwf@c>T|-tQQ%e@zZMePhrMLflWe>WXUmUf` zWu&|Te`3>~fV($7b-eIdW7$9;OssO^DVx><`uf+0fuZ0++Hk~UK~4jk zg*q7|3oXU?Oa8OnGHpoc!tNZ3n=LDwyItRgVth}p3#gd;EiDAiO~gv&4M3(&PVaGP zVs$3s>p!3p2CQ8{SU!Ms;P#nEvlxpBNWVy9WDS^l*2=%f{Du;HcjahAJ{CH_MBr$c zG_Ht@bGKVy57&$X_b!ab(w)OGjPcWZ^5N+jq_wwJ+48okZtT$K38n|N9kNFyT<$51tQ;3PA@11`7^CeqAgz zAn4eEh1M-JckGz-%gGZlXP~lfmUniDpE*J_?>>cF+|a>z^7ncAfBTpz7WhB>_5S2U z{50qe$$O(A9n;FnkZYA{_jhTSdiKr=KXa3}5)w%QyMwW2@-d2fXGEL&_>&qBY7* zvJX(Cxan^xcu540zUPVK3rl$+Ti9>2<>26!5V+M#niJFRn_(IH`PG+aN*{QD+{M%t zRIT_c=SVsJ!KxTPem}gRcX1EJ?b|)e@$LLZKGe2pG=8kF_zyoS)m9vMtjiJDbbCBC zPrTHZ_TFBiJ+aZze4MC_fS$p(d~5v8$jD6S<0A9Znwmt@KHC4Kv8PPzf5Tpp6`WU8 zwaqX?7Hz{dXlp)Qe(8{x#oAQfr!L-7-*ZzHr8OqM(`ae5MkXl#NIRw&NKu%Lr}4g& zp=+^0)nJNtq{=(@K~st*<^*a%mEK=t6Qq$*yQ2!G zd}ALx_5aPLWbnS3^|z>aRMWI@Mnd)K+uHj2xF`I4d?oPemzEOeeQzAAapY+sz9@L2 zLS4|$dUHt8Y??v%4aG65S65ovEvdAg8+S15Uy{gLrevGvzX)99>8749V;c+2LsvWc z5Wk6`ujhU4K_Mz+S{^ka5YPP|WyBc?^@Mi);H6V~)1e6=<^S&e9xPiMIhe?{5vFEX zcGWNP_TDdtJgPkU@5C1c+rJ8h$rFCy?;^|u)%#_r>IEJ5_IS2Gb-eBTtk@Wc3 zl0&0OMx^t3u81Quw>3(08F+_PDy|fZyfOkRrePv=+Z*=UG4P z6(`nZ8Z3YDqGdgzG7Adbie9l{o>>dB)@Yhmz7tv>;??kmua;+Rt?Dq6@m^pA$G_qVC`inwFULQvY^rQXviCzI5d#ZC7oG2gw;bdM;+ zGp*O*D!FIvTF?yRkgjIf=(aI?r>6HF(?!~OWePVo=4ka0k}NAm1LXwPkqDjMM|*b+ zw#b6Wyz)7CcqFn<8yg#)Y|t_G=UBW;n&8bG8UE$-4&{cQ0`o6Mq49&ES4zs1LZgf( z1FgQ#OO(m3^gQ->O&>*laHt^7Jg4qQt;ElD{YSnJ;~m6vJf-s3N4iKSV*`$PkNQkr zaS@P+?$ueVbs3G0(mPEWN@`vDA~f*dbvE_z0Q6mK^2=<3zFei3XTNvZ?&`C2YNzTO zeONv@=6wF`nY+QmF6V=|W3>|FzAZ?c$sQNr>&QR-(qn|(SX(AQESp+OrZH({*6Jxa z$I5m1pHapFXl4YV1Q#FZLk$p@w=izU?^|BS-3T##}p&q=i0& zsoR2IS3PGV9v^O?;rv_&1Gx!8USf62C}YX4_v<`5N=iZkONXDQa8P=k)Wg^v(tl!7 ziPgq5jG_jo`@Lkfs0xUbEI-8m7?I^(AMa+GTi@FJ@}R-kSZp5yKQrvJ>MxB?;V|1Hh(!bJm1EXcSt6DuhLp_70ZaSmC&m-wqJ{D)rgm!nX10a zBU{xJNfUaF{-f(Gqf=$p(>*Vq4D|3j_!^&b8=X+Gsud9xjgL5(YjWc@OI<_f!*-SS zht7=>(ctCZbIOxV_Pa#b|M@n&_T+1X`uJEz3=@TX&vdlSjNQ(Z<=*0BYpM!D#a9%b zi4d7EER%IF6o^R4HT$uOzr7)S(z4RxT>g*ctw}AsH{@f1){Lvk_SNV=$Y$Cy%b2WZ zm42KlJ=fbh#-C?gVV3g1e2PctC^V6CGKTl?A0s25e`d@Yh|>~t@w@1h9Ybs}B_(C~ z?FnN{KH$o%Uco_W6-K5~$_=gVmq*inG88LnX5*rzDm5N6`vs)81WK(2JjnMEQSWC1 z3-FDOT}hvsbmd&JagS&1K{-AtYF-QboPVsZZdEmxI<)M`_GEuLMnrx5A%1IQULN?`>f)lkh{52Gh{R)Fky)GQwaQmp=p-A>AOVWq?OC70BlW9llkRA3nBcWu8{C(o} zPv`|z`#a{9yr|Sed`W1DrTJ=Ere`wUj>+=aPf`ckbNsEC-`Y1E$wA*ef=r9mr2gkp z994V7>!KKw*QIzR`vkXzCeB%Y5tjBET#oD1bn?H@bNCt!ztPrm*jc`u=OiSXoTJri zABMkwDQP%cH5!z8!G9~uhQd$$Fd0SspT?b1@ez6{2eJZ-;>10%EtO9Wmz37bkpC{q zt1?;=?P7}3Qo6{{P3n|37^rzjQd=d8Yn@27#!fU)M&avmg_ofmE?L3iO3qw^ytOrj zY@G3R0xcCZslvN#9PCdR3sS5f=wCE^TT~%`g!oXGOy|3b*sEe@%1b+a*f}{3+cdZpHNJ~vvs;{gb7s?SzRSQ$<(bxz=TEBRq=nY5$7l>lUq4P^ zVW{ESw0UtM!f;8DgC^e4leI~DtAI*Vs%=!a-0Z`GebPj4eJC}!x|~OjvG$+ZjrjA+ z8FMrgc0Y5Oa{P!Q{*lMN%6Z2-NHFkl;d7E!%?ru2UI|q%Js#4t6lmRZq$>oVTS zXUnDQK0LrJH@jB*R7(5BcVP==mTe+?sw%C48Ql^}eus*e(M?L660arcU)`pOX1k1} zNCO{5O`)^b!Yi0$qm)Y?9d+E}{`SX+rY=iE8jW(-g`S#Qx0~t3D!XS(s!Ff_&wi?P zg)-Wbc(1qkA!jOxDD;aXsU}X-v9ge*KiZ&-AAU`e&NeOBl-bx{)-GGxv8+9CnNHV= z*_T75t2pwRm+pe1Ah*xXtZh}|eU`!V35$$b5?NCR1pG_2m@?IRJ^U2R#=nFL=D+XP zt`IWe7d&2}@i2N+$L}|d#hb&5?27S=)TX4JaRJ}2xD6giQjxbgBzNab@HG<_xuvTo z_?kWQg08-+_7|Lcr{u0w%M_#hQGf5{eDXWYPK>X4azt_%{6os*Uo#qLl*#@_`n2oT zOH29p_pVR${}3^Xun?VKAxeF1-B}<0{>wjwf4{|hMA&vazSuT`pTt}l)GU#YDH_tugt|WgM{&{L38-}j! z^$0t0-8iAgR?}S^{v5e5j%TN|;(Asv;SG=!Q=`vb4 zHWspvL(C`3RFN#9!kAOXc{I-Nq5Vm9?x`c%*+I|ZG`Yr7$$~qw$XZ=&u@82VODxz= zOqB9--{_uAquG}+7Sj~{g*a{~TwH>#%u4+89>cTg!4s@0TvXm|PgOWe#^ z_r&+K7b%9O;{OTI=|$UB$4!u__!vDVnoU<^NYg%fi#NV8;Rea1r`B>tDNQ?jYIFPu zdy#mh6LS~~o#WM;Y0korBPhr^d5Kqlu%@1?K3DiWqf|fTkyXfU2W=KO5{dn6PAKCRu*{WB=>JzKhl+EahS@L|H<{D`o4CKM4MMKBDZ7WmH6{K-piU4 z-4P{nT2Vsr=BSkioXjiu8S4|L%HjkVTL7(%-nK8>Ivd-K01?=vO{3cl6lxB$tv`AEh`!zuu(0_^%H-3i;0D0 z&R^Lu@YwI*oK>R6_1t|63UjV!ImVy3yk(1C{Ng;tMe=dpAEi8~+fAaj%^!oVrAWg=d^!i1l>#9gMi+~bYdsM2FKVy+ks;hB13F4`*j zhW#p!?L6kq7H)c(=4ijXdbT6Yt0*Zzignd;bS$UAXhNUz3|G|?aTAf440fBhId9i) zuPKpnix;F$O_Pf{nfz3;G=)#c3!sQ2sm(+;c`s2deKUuAK zeE+X>PN?B;S=k#kYR>xu3J(X$YD5*%mXH4B^$nq03SM$E7AK0!7kXUwH==Y>C2gne z8dunjc;4VE5hu$3G3|V(EW9T9?{4xhr5jRC^M6TA%JbWMCx1xts_pa{-_0DhOjzPQ zNy~qx{*7D_N5P@@o!xt>rIY*{O$Smao{D6XacLiY%1O!|^P723j8&jE`7a+Nx@gih zyh)4go;_`>dh}oERE0+|UpUe0Yu@=;=d)^&utfDv+hI>{>tAb8_Mg!rS9_{hErp%3We9 zrQsp1_(O^oeSPCx*KVD@>BE(JPvRcQ|JD-Po(!3tVr_rlNw@JWLc*pn zCCnt}il)#zBX{10jibV&qEBS#t9FHty61S*8Gq>^32sP!Hg@4D?Y7UKy@{Ugj}_ES zcPI}uZS2wP`jC1#llm@e#W5D!u=G0&Jmy!Ga}^n!WyFXjLMlqlS`Q5Zb*6?)b^|dvm{2HC7Ler{YmCf?OosU>7_OCw*~pKSJbyxK2@<*`?i zud5=Y4A%B8MAn&;uoz~GJ0CKuu8FEsFr#H)sOlz;HMXNYF<}#(GQg9RKPY05WB!$z z#dO9ZhM#j2Y;xi2_=MH>sDBB8Niwm9ZrW_*u z6!Ui8_EYPzB&7&SlENXK9Wsa0ldWN#a-!F#qt+NB@18uEJ27`VGU#xl5IMh#_jrK^ z+waCn19MH|v%T*!d|&i+R(s6kda#|(qK&v*+Bmh?<$N^2?frXlmU)I#n`Xmn#a7Wd zQf{4I!^x-Q_TI7ntNotEsaq%cm6Tjqqc5|>xgXA3?ctdof4=3Jo_f8=l4fNrK2Pr) z$XUP0n%ZCEAL9A{0aih&zMpJPZVRBk^%ZF09;|RQik@pK;{ay@I6gF$HJj1}@d<)e zT&m0GQJW9~NA7vnCCLnRfq{V(y=16l1VA$su1;dEp`n4I!eK>#Qj|&sQpeB%KB3fA zGBt&Sgb2m@WJ@D(0}*Me*mn5HC}S#UXegVRrZPUj3P_RfCbO(a1}t>?e(vKi6)h)v-t(`5Iq(4LRS zc*0d=vec$LaUayYsY0&|!=U`7y1I~#?ydo@B5MZ%Xav(AoT(7#K&~$GzCk`B6zTtC z@7-cF+qV0zG3WZK>Z_{mcAtH2SSCt91f;}Dki#VcDG^ZwBqAgVSm6?qShl!Cc8p1E zDUOIuz$kGPFajh{E{G=(v5!#OCLYv=C{q&y%xl+*9T$I zLXc(YP2(;BnAU36n%4>zuPu6P3RMRogP>!6`94e(JHDqU{9TJ^r<=~ZG_%yQ*>F%! zA4v5A|2rMRb}TOW*Po|pk`TZ=*;eX5j2T+u@?t=N7R!CdSnUBb+zm5KAAR(Z>+H3G zZcyPRJtphg2d?rLBiYoYN%Ydezw}K;m`FNQzYobtqYr~3r?$CI4&*gY79`6SeCXsb zubUjRxzgTL{HgftI%a8qZ%~TgsyViPodMale$d8`vvYeit>I2R}cOd$5MX-`fA`C*Q2sxEf)U>`NT8s1q zzJ%N)23i%h72O}H{A6o!D-q`wL6E!59LB_9Ia3EX!~_==1MbDpRWloj{Ig-(bY{~z zM`lRPqw`g>>j7LpvBuYY7>4qJzvSbfT76)4#6^OwgMd?Qf_Ej)IU*JXun-!}Qdo&- z>jlN>#T&~M>eE;I^8v-YMYAQo;>jsfyRmReuQ^-@I0X(#w&-Po*H(Iw%gS}gQdSo6 z=;H*uSFaT^#Z*hlC`{PThu|XAA*oZ0$wd~qWN*Bo zS;`jVy8ZcxAQHvR2GIwgv_u{bq+0H@=1gr>Gd@N?aj1R}pi^FEcXf3&=b`s%N6Oh* zMg#_`k~c0x5a)Qr6R}6q`l9yf=_zPHm6W`wgadc9qTHu*o^g{=P0$ShSf*YP#Z}C2g{3OeV@Rr4 z4H>HX@(x>%YC-_Zl^=V0pwhr{&{mAckw8k#!=Yi91%)jiv{cOq^rO7-P$*p8CTqr& z8E!>4PaIz@wlvbA1E0%R8+l2QDgDs1e-Z+WkwxlEevUGirJy8MRaTlY7s%c{&k04R2EAW>s|5(hMK*JC9UsE zy6Ii>d7l?^&`fzjlRGzAgA9l5P0i$dlbx8>0@U?|YG}685`!*?UIoMoJNnqyWWNVx zm+5WG17>&~W|%(u=p#ZFB0@*#!?vnxx@=O48eLMXDLC|rhM?v!u(&mlkgaX>!o{Ci z3ztKD?*xjiWivcb68hXy=cg}D(w6BMFk0xD$x{tpETZ z07*naR7|s5fEFui5j%&5CY%(RDqYznB-1gL=ymFh1f7`NG;my0kk^e&zGEYzYwf%j zxo&Q5E-o%qVNH*QHr8A(qc5cxc6N^;m0%mwcv}W4se3}ni@Dq8K49E?<^0?-Z7d?S zm~NZ%DxqRdu_cYHj?`t;ob$Y@6H4?EhSr?Qb`_=(Be5^;KMlF&{XB4pBKP@b$+NUA z%bd9$q8AROk02>#{BR4OO9M_D#7Z~-=5|}R!wyT^d(wJi%%E&k^M1cS)Nb5)3pWVu zp_QSNT*%1tB;(~w=w_n`$=W;4kVvBWWHEnhP*p6dq4gJt4VDHc$a-i~hNTKJ0??Pt z05^1x7i;hIL?sRO5^r>|6R-EIunZqC!?60+m|=SQ^eMj~!kQU)*K6;aZzixn1wyPh z!W>TATbAgW3d2uybr^85a;Wk(D-5OO<`uaK0?@yAG+(`4LAXzr_)dYhjDr41Oq`sY z$nX#e^LapFLkj4YltlaD4Wu4`%aAh(Lyq%nq^YUo&Qc3+%AAKaa~DaEI=bQvAj1h$ zHgn#aK_4(vL8W4_hUEw1thL_U+`N4G^5*8|{QP{k+g)5-M1$j!H>AdUke3 z2tScA!;?ejcdMI^u}DD>;N4t z!9u_^TXLHy6BJz6EMzq-B;UzcO2KMHS6NM<1n~@JgOVBiqTds+Rj=%IEuhj#k|L%{@s62(?AaF6dT zRCL-d^7afVBr-0NE1@KU1gN2^C8XpJB3)MN{gt8#aa0ijR#P{yB~%NACJia}n?Y;= zCYFq&(lg2_-!c#?dXusco4iG$0H!$2n*JrdJ4%;euSg#L=%bI8jF%$jgQ;&8Lq>v};rT8xBZUcyZMMAXk^Vjy6$QEEAyB0z+U4EewYQQ!dGh4(wiB5G%wkf!HkawM#Wi{# z+{+xRBFMfh3-+7RTNH-pUF~hEqH0;JHir+>t}7pGTAQYYNVar4v8G^1rqC={jc@21 zJ2a$(egYz}LN%gY-Vfo>&1)_zfEB$6QgJ)+y(vub17>(FW|+SGmhPD=Jirn#>VL9fK~C@SsChSmbPw_DC@y`Z&`{g+I5S*_qq!mHp?J@ z`~$*Q!6=ay0{0Nf@)4P(DKdavp-atfk^u@}GY{LHV|EhGP^dEdZxKW~ILv>6?w7Ju zuS9dwf6MXY`8j=n$jXvww3rL2XK)o1!;Dcgo0Oti6~85vSxVXO_sXS7`iaG?YbDJX zHSe^>eQHHt}vny@YU6oW^l^P0zd)$us$M8J|&~_Md#WZmRfoPhgDWAs9!xH3&5s;o-)a* z&-);$SU%3ZuHzw5q#5S)^pt&3vGQ6aK_8sEsK=ifWR7nG1}5Q^#T>XS1aEq1#s6Ka zz1HW{Ww*ct70bd<60e5=S${ z?P@$w^C0RW0kyO1HA`B~Sm2Ar4tq}`Gwu$eZ&NL8ehJPP7{+^uVE3wgT+u6%=q2rD zwM;=tMKzFXnkJn!X?En|{QSITR!?{Bxil-5t)pa6Ao*N;>qv*8fR-~_Z_Xnf&PA=a z(GG@_fhKEI_gXFfo|b_*A25TL0W)-I8a4;nZ2JO7`eP+A#Gz3gq|;Ve59|<|4$FI8 zkAI*N*Hy!drB5U4ulO_m@1`Kz9MRh?wnOtb*;RV`{T^qTi`|x~|2S|LW*CnY8Ksmt zk9RE=%7f91pUC6jn{3ih5fV-~mt+>+z(^r0vst7R6F95AC8k=$v~L83-T**=CmzEq z=lX0}77~=J159)?-3!UhA1x<;;nXXEEO5w;}0$AM9`PScxlQ! zoTyl)$9a|hYS8y=6b919X`6|`~kxYao&j-k;5e-SpO2++w{1_vIauV?uSOCR_=WB1$ z8|+f7CfSmYj*du}>3(WGx%9p&Z%ag8R;KhpHm-HgEyC6X-SDDoghSFbR;BcXH7?Fy zGRtu@KncY>7Ai8O3nHTAZnK&-RIAueq6~&)<^|R*D{xutQh{nY+}Fy^k!##dFTB5{ z_DPske7p~sfwePz^{Zc=FHd$)EkyACNWP=!x1wcU=-?xRCvqqe8M#b?kzncVX{iP zCy>+{vU=X~p6SxZW)e;mcKU4C*Mdj&FG@lmWN%Y0bvH?t+?~S%OMmTP^ig;CaDgW7 zQt@R)2jt1cen6Mjctu5iXZ%eh(Gbqw?RIBpXXoeVtu=C1G2JyU)AUMQf5Yd(8Qfo~ z+2k>X85VF;Ejxzq1g1=~rI@ywxh<+WyB+td17H`AZBiLTqA$;q=Qk%yE#dHpZi`}$ z(gxAG7V9o>^ckETuPZJvhkfJv;j#)ncDXT#zD-HHZhasHYu3$#yG;MP^!`EiepG^p ziwK!lf!e$asmZXlWRxU(LN`+_7Qi>aGYu@kx zc~Pm>DqjHN%wa@H)0AgnU|zt2OFFaEL-B()#IlzR{c$ab;C6$yKH$_Kl9~acn_&+Z zBI^H~*T|GS)7R1-gO5@*;CCw-Z5DmRlHLV!xq@8GUpd=3J~$zIO^ISy@?M&nE-faA zj`;xLhh~9FuHK@*331A+qrrk28df@J0)(2TNmd-?YtWp^mnV^Zlox3)nUo|f=dWLx-hP5!XP8qCd zx0jt=n#4DgT^%!w#YG~mGmt?rt~F4kfw1(j-WS@E@tUr#e7yX`MyT1<=5UUVVz>yR zLjBYXlW`W9`k5mpuG$sg#jI{T@66`U45H?aQ}e!*slOog0WC>mavuu6h zU~e1s=3jaPw+#E!6soGd{rOEN!@E=r58eLCKtbMWeeo4F^mgd*x`{WU)h_cTdN*o% zB4$f@1^z(#FrwM+j$pdkL?SqrRUY%%4%<_k)*HZ!;j2#1E$PyV)?3=8FcYVVHvG^X9J^MwC}Sg&3NhJ_FV)88bd- zx^rpz+MCe9k;?&>Q_K8k^E~Ty6`*h_MYcT{25}%Sm8v@GugyjmA`_W7)x(MRmWWN~ z>|}~-tpOb(LMQl;B2hh z&##Z-j&tB{eeMv-SWyU4|s*^ zfxKzY!;Do3TwmLF=~CQn@=78ncRvjVTl5XT;tCloUOT%G5GBVe2u;<4aw=wMCGMWM zCD+`l-_0kr&-|N&bFFA38Sn9qKsm-&%84ob2G3 zLq=$Letxb~hiClDHYT+SA8IEa)uAgt~v zvRHYuY$stJbo|bCXz6Z>3dpEury8^vXGn2*vs9KBM(W}qTns}LE9PMJms;b;HtqnPssYuSpV z#pgZQx7wE3PED}%djwu}jnA3xUNJ8WYm&7Z=o zytUu&mDXPnZD%>vd=`Z2WkVJ z!ekLwa=Y`)&a#O*hrnG9sU1(S(&JX?=R@!^2%JIF`>(@ihX^3E;hD8|fXHF?zgV5E z8K~DRIRzZ<4>)?B@_Y}?Ir>4MVZsD4hY5r*5u|$9wK6)Upqj0VM%O&RXWn9k-adEl zU8yU_=mTaLdiX8*sZ8$9)2;xDmCeTZ>>J zAo%EKwJ@NPw-ZY3)r=?tYLrr>Cg*upS|-)6+xo(G!>%1$THSDp-Q;aQEf24?-q-2k zd$LSg^n|4g@+-Mf_SGT63RI~ZDEN}8R+~9o!W>?U`Gc^B@ub{g3g>snD_0t(CR+VGSZ>XoY_VeYSqU*}z+j9@BU$ z&4LJ7Xg+F$2?W&YsCh`RnIGRJkLJS7fld~ukLxV1f%myy(m~8mJkJ>2&**y|R|M7e zmiMMSV20t9P0aAEt8%Di-~-s}P;XeYucfJfc?-AQh0wJ4TCR2JFf2u95wC|=)?($B zp$&4@x#!TAcPVanb;^{qGx1r!@}(Os!o1PQH9EXDeY-iNSvCh3orrItv}&iZpz1D* z6o1LxuyPL3!zoYe%$XmH)BcfxGQhr?o=4cS)+(Qo{yjN4QOpN-)ZADmbQiB4#}gUV zG4~m9qF+&nPF*nUzRO}3CiQl*dx%|Uw>+I*64Q8$xjL_ZOGe_;G~mG1lG6dG7wPy@ z-gEpZ)wbpg(AR~$c&_1!p}>;pVQ?Y~u-3F}dHuWHP7rFz7%7FWlaCvN(`*MCqPK#S zQk0s%q|?@i47)CUBw|>&3~Q%mlo)dg!e%O~ndp28hvk`c!2;(%`C`^nP_iBqg&m=K zE4~t)XIRTF1X$EdACN~4K4mUBhkD|0aWfuEe%B}Z+LW<_a4r^aFt8TGENNL^%-ajy z)|kv&qz_W!lRsM^JPQ>C1iN=nUtPTQ$#-;gY+# zxshHuJ3EteObVcpY<0ne=r@{~*3jHROlXN`kPkV49k_2J|{HWa_Of zWM^k*^E@j8sb=yj5l#7BIdqLb<;jyLN>;vPOdA74*FuC^t8kAXRIFr;>R*=S>guXy z@(U41AOrthWV&{kN~91N5=}G^^<3Q`z-!4=TbMU6d(a;?089j#Cc<2w%`T9J=FaUk zkDX3=)O1+#F8BBqjXq^oXpFMRndm*CbbF}0SwvB_3pWo*;I**w4}(zJtY^)8%}h<+ zb5~A-@b}fRmZdGXc390F3_%UCH&DsN7tF)jC)F^Kj@Xi0Z>t6^F*>JkG0ZesAiPtI zFX`%y-9K@Nr0-)X518R@nBkiiER+zee9M~L>^Cc9c=0Zk94hNRymeW(JFM_nojCA5 z4C@f>>(30N`1E}qy5YeGr9Xu12p}w%RkdSlC3o}uxoZXwUugql&KvPg+5_WM1C&&d)U>3e{0OJAV~ z(lQ!~MJqZp80Vt5C;;^3<%|f)^rC*7}evm*ay3_g0*}z5nY6!bEf=Oz~lQDF&N{UwPf#XHKYr2m=tgrPRzO zGut`GYBu;ttFsseakS+55APvD16C=P+Lv#N`SQYor?Wp%+BRtML_4jraUlkGt~{;;wQ`CNm{Tro&ODHS+hBH+{+St&eP%cGK&jLJh( zOWtN*?69E%uzU~7q?EkJM%ou}wzexQmLUn?5|&Sa#P=j&*!|e13jjdXq-W$TqifHM0h>8jEGdk2J1O1K_L~ScD+OcG#^)ldZo53HA^! zskOd*`BL+>+wC+9WZck!J_ZuzAQpZSgSoYGzuyCYf%v7AlamwKqExC~3-_!% zV20?&#WxKL)@Bzs7wVznGNNu7Bw|Yh3>~TmOw*eWAF9Wn86Ml5{$fbHZSCg{^=B?>+IN^2l64NyO02p#Ir|lLuzR?(Z5oVIB{SGY;ThV(+KcE7JhZC#zdfQODWjN zgsx6cPo;DTV^R}y=JCR{LH~=n|G-0Q25_>tcL}3Zv%`SZE?$j@!Ex+U;HIxg$gWwQ zEvdoWU!n}qL3@GN6je5`T+7?X$&?ZOda0QLx3#95ABA$LR>-gA2~fe}mX1Yg1LsA= z>FH_Bi-BLgdZkT5&GBaHEg!He%|MP=r*t10%VxpO!3jrOrqn+%8 zxhv+jiYIVcfPhv3W7RyXRV|1oR!1hCdd;$gFX`z+_vkOljZ~Wu3Dz?A!Z7sgrb^#!hb>sRz4hq1qTt-w?R7B zO?mK8qZWxs+TPNbbd#6Z?Du4~oKET~qx#n9(?O(fW1MMmDEpe?gNqbb&zt*ZmTL5}=*BMA^e3sd z+PORywHwBGzUC2EULWdQ%gI}0U@_Oy@V!?%*|`}f9TrWfvCF)1a3EVU>O@lcj4;>i zc?Ry~dGAIs{IssN^f9t+ORe0S(jG9wfsuBn2vr7G)FAFRdoy%p_^^KK(C{`XxcR+5 zaQia8y{u=#rRO1eQF^R>sC#eStIfh1j@-_I9$XotfZe{u&<63nn3qb04KzDu1*9XU z*-Dla=u%o9HKK?g&eBT>k%dd8X5=YmEwyrWbv5UeFAPfmw#+c8?*RcdBX~%9v}EWK zTT%`lP8Rq)=P@y$r1}gP!VOd{p9LqtMVyufrzP)-u9@LNW)Ia5{(xs(jfI8mlzs~? z{XKxNFqDQ~gmwAc%pHc=j{#CuP1{vTa0z3$Ukv6)y9o4P5%jZ%um?dik#~oqkQ6iu z2NKeLets^xafOa}?BwLcS$D}SS!h{3JogDB+_J0wym;}#7gV!jv%KrEbadEPI&_dn z5?$VG55vE;*2~MwW-d-v(=d;|PKOq~X(kTV^&#_^<0R0wD=p`}L6o^j^tJDmti}Gi zlZQS##EF##0iM!_Vg)S4s`05@?>2|62=xQX=>vSeSO^_gRFFu4@CiFcm z4D$gqv;&x7Ow%y1!Y!Tnl>K|_*VnbZQB}jk#Sp76)b-kUR~`P8#k+@9z|}ycVCAQQ z4+fDGrjK#KI5i~298n>TBejgq}g6#=^2?FiKh zyVuz3W+EGdS64|g>?OXyOonr|yIwhaB}qHir~ zyb?Hpfs_@xs%Gxpt?o7$>MWTVSpWKtf-X_vvhu7AeSkh}9-ztT>FJ|Kk6cI=Lx<~u zu#Q;2PHKP5=ct-1kX7m3KTN^9Xs=`ru?<7IHX{X92vwa(~=9#V&Mxu{VopNw9cfr%na_r9nmvo3I3~+ehmsi zy{YLrAhU;>(^fQkkU?Vu_Wez{wLfgt7QOa(;etJmNI761Ss07*naR5?#&u8W?B znfI1)+=M!nv{!{`2w016YNjw)b0$h%JRl-_PBNcL!R3pKi^W_pw4xEo9tM5rr+_=G zsCagPazLK?OfC$@1&?vcx~4s{X0RP*Lh5k?2GCRU#bHl*8-*;F^j^7cZgx+oPfhe{ zY3U8g4uyRx*V3k$-*8y((c7W*{nQ6^ALr{ZMVo+i$>CVGJ*BVatJxYH4=z){#rzVRnQ3I^Zpe6V2(vN*^TidtJ%{X0UfR zJF^|+?kw(-CAPLZL$=1ZE^jfyVd;MQLTwIc-feliVXpgAEc&Eaz|GE*R{NTFtzRt^ zx0xv-Y(ut&bo%VEM3bF5MCiCBM)&~v$evGdO5e}(EHxSZ@g?4E7WC~Jg=HMcmH-{M zpG}!0eacJg@SIYoSLhA#%6`9>H_+3i7Bfwi1S>2Dm-01Tr6mmso=L%lQL&t{u@X$B z$J3J?v>X83K%A1gR`KKVlNJjZiS#d*RF}#vk8wg4ek*CO zo$_vnwyXbwazH*tzu!uUE z@FiAEW$f(k#nyw%Fk{$#GGb9+`v=V6SE&XVt9J zSg4JG4{JtuMTA0yfR89+Y+&wMa(o7^+VA(;bF1<>v)j`FpYCGbK(7rFvFR`7wVW+s zIx4XC{x$W%hphhiHADa)x>3y%7QIhOzP~9GI@F9y^Ca4f-8fXu*r~ag@~TRmEr`5a zsAMwI#k|!_uA5+8TwtM$L|1s1z-I!5zU~-{&?lpISS;@(sEgI%+~U;^LZ5yzkWHac z%`fSt^t+Dri{9v3@(lm3;nDE0ukq6R3Vk6nWTt?H;4Dqg2OCwjz`L+JdDc`aY4pOP z#`^LVhp7@Mi~$%?P*%5qGrD4i#$l~(&WKCbO^o}#m-2uawlKp8uy_bYY-!V5cc`qa z$De5_D+sdw=8ayz`!jFU(C|EhL&|1z`?3js@7R#P2;-8K(S;iFh~^xJl^$U6eDnq? z>A9BiE=ykPi~Ylq7FGd=M=g^t0D!z>98*HVE}3km^!@_O7|20AgYkphPE&?tArlq3 zukiw~aOL>fF1>PneXW#Bu0o*je!s7^o}8S>zQRs=mlpYld9)z~$v745JS_%R7Y~WwH$Kk!VIS-O8y^%~><39Otgc^ z9334!fBu{&xrK1bGYYLWa4jbTN~TC%@;>jYt1AWV)ja($pe4p0c~v4e8#XgvK?h`U z>Cb;LI&nxdn^rS-IZ$IQXIV|Y_I;I6xvO3ui&r(&aEoZ-*UiU#y>GtAaMqF^0a9#7 z6qep|pa2iU81Se68Y|N;-wzQEOK)-aA#B36$fPaJtcf*~{P7s;tEP?LhZ!l3c6rC^ zCOvrz-Wcd`&n#FB`~fqpzuy2@z8Z_&OtNMR=ioQ$_h(T)i#}{t=*#{tZ@K<+i_!4R z?R6gN58@_F;xFc5X)AkmF`EJ3V^N6Jt~B~6S7a#4)m09PxmqL&C~C?pQ&6i;5LuO~ zg{h+RYMx2-SbH7XANH^MS74}_FA1_tmM(ng{FDa_o#*wd%xvh_k_ZNJVYG07g`TF} zl5P$U#f8WenxkWSMks`BH#LA8>dG(aAe)oz$UfJU&75Ljn%3v_kUzH^xDlBNVp8VJ zAm3V3>IC&u3EWHW=7rn1Iw{O>A|GNzh;0;RcYS@WST3i4TJ+1ym(15%Gj%?ISlJVTu{X-c-r1{@0q!*Zb`{z$@hY!Gtpi zkjbLT!oU!Wcxatfe^*BD((_2lG499RsA7TdzH#K7y-%u6g)Ugt6Isy;iDM<&FI zUKo1Mi$N~0ma#-Hmf@4qM{C@JGVoY=zzkNlU4&r*0;|Kj?Z-PTzUtmpZHIp1^DQ=~ zL$41)${#K(OXh1k$%pk0Nd=`#ixQfHP+rWDw^-DO9&lM-Ewusawpl(#6n3@CS%rk0 zXk2eRW%eDqhjs+nsD`k6;;>BcI;vFogMUlr6eX=Z_)Iu2(sDy>VcTmgSS=lV5V_@P za5bb6kq4n=mO>DcI-u_9UuI{};`pAJ5oPv@ygd-Bk_Xzi^m}@Taf5;eWQ*EmLM-6U zG)-q`XP((V`h7O&FnYxg&YLaW*JM%ia+ppQtJl)n6n&_^4i=DBgBpq%0(GBHK4uv+weaKDhOZlWvMLwEGB>PHsQp@% zyp}no2fmxK#ouy1{QY(5flZ6;VFqZ$kdYO| z!rBI$Od1Cg(1*`JR>s%&;y8U4+q#hC}s!`p&(Rf>M0b7uSNL z_8|qg(C(JzZh!Ia^}Nw5)lB+fH~_ndOAVf(s>S?G&9;~|1Duf#!+sri)h=^|yWFg1 z^ukH6keZUG`Sc8_x|?l1m9RVP03f57voJKGF33oU6{lscBTf;z$wvq4Ae{?(`tP!y z?g0>S>M29!$;pYJ5{f|Ap=_F`%(t}{`3{Lekb>?%6e8lWo>+5Yvt-ZRrRH* z`duI&&|#OCm$T(-AgUTwy{t}th2>sybkZ#1zNFzwzj|EDl0Kj*Prylk%h;nj!HW#R z#V)Z>Wo7Cwc}9;+0ZTgLTsaXpy?)&_5V^#JErtV1{xD@{DHhd9&zKO2SKM*jEPxk0 z>OX;B@$-5Z++rbXXg-jNKn4RrrSX_dR&oyNrzLNvUh=w3b^hYw0+t9n*pGUqQK6_M zZ!7XhbImWHDpF;tY3yV&f?i)=fArBu=jZ3D=jqd@tQ6wC)HgAhY;WEW)3mev1->wu zruB-0jhnd_{dJ#uNU>QDg%){WXwC&xNfgRt^f zS_Tg+<_a93mB2Amzsr;jjD?}`x#a`o;h=TMFu_eD;{( z;3>lTCLXIhmbc)lL#y;tR{Pp_edT=mvKEea?8fbNA~ErNAt2~K;vR`#(~l#VGFiGB zDjyWBOSeHfEP3}FX7gd^$JPxE?I-YwFkLcunHK$u4~l-$z`5Lz7S(N!&1z}7h>XRV zEa={Kn3TGUzqNvdsvOKj)|b3*krSHG$8XdY4iNrBc1NE=%vFdG(vt4H$m@Vyt+w3g z*DQlH_ag{3{f}-jsutXa+yRQwE1%zzP#*PGGm3v%7BWtey0d2D{$|%FPnkh)Q^K;k$m8`DTJUKW`lWuVqGwkLEXH+Eb0vMj=L z`~6<#F@>FJesMTXmguCIKMSJy^5n_rZB&e%MLjs9ogap>vrD*L%@;G~IUCeIbAO~mztTfz*tU!0q8Ky#SSiT$fKH5ucXbAc@L9#7{cMS zV#X>M!}3&%Wxwf@{=b|Uc7jLl||}S0Yg&;vlGvRRmnqtTHfjip`c8p$*PzuQ1Hl2 zKE;lRdRBrZuWc4WLWNJ6oE@|`+1V>PsX|vvZpVw=8x6IYL=GxOgl<+I^hC?3yTv?u zkstuQ(k#Ty7eeV_y)cacB~D)M*k01-SV~boEm#O}Nenn4=jx;qqRNsK5ej)$A2hC$ zlar@UpMLbwM~@yo+VA(O7JwCba!{SuXI$8h$m{AX2wl~$&z?Pd`SN9JO%VL$%a_bM zE5#`mz4T}XtsKhe@7yOtDLqCR*0OtVhdKvI!dni5+z?xOtLoHe#dA?P*w2dPs&%{3 z&<9A5(x2V>GUN>KS zZ9R7ZK(D31p=S=s#NnIU>vz$NxLh~tYI3oYEXcb^-RYIrl?#Jch&u^GA;abyC4{({ z>?nSu$13_Y5C-5J(lzte0iIfGFJ8QmKAtkJoS==!coFl_uDQRm z&_lA=aLe1Z>r;-YWNUB69ECdIx&Pnrtzs|d=mK2AAk)&NNQa%@-ka5^KVh|Bw2HIvGUM6J_AT9vccOFcc$dp-&Wb)Emv%(Go4W03ZR6laVo2v)X zWxcr_ejsL{zJQ?oF9H&mc$1oAwPyjigJE;DB`@OhrWK#-k| z&3UBJAtN>njCSZMLU+{}Jf8g3_jrC)ZKT}`$ORs99W#K=mT9ZdSS{o3N#C_(()?y; z@c@fcpEXSns7o?{2`7c&RG}QT@|CZA<*Q%)s{4qKj*iaH&y~|*o@c*CnjB`4aqf;( z2&md+`csyVgFjrT;tCJ*f(U9C($UIfaeLJqsm_6M>vj$z3~=rC=Wltyi!XWD!4bP8%PIvT^xCsAY8FVFoP`(#)IHq=d?;h!uBJQ1KpAh(Pld(Jyg($$Ovv!z_16}zm z{(N28?S~#B*CG$V`>wHNQOA^k8<$Ya^YaLI`Y>#o-9o^JB`+9ugdtRcM?li;>gvj` zg>i@jaBMxMM8PADr8uRwK}9@J(#u9-am7wybHZv;(%=E?(-_^~L8u30XF3RMnls5K z8NVnsZ(nxlFLRFb38xyFafahl?469Xt8pd(6BG%+q{cYK8Ma?%fC_9UaqBcqSe{hL ze!o{IeJVM@cXoF6r7wL+uD~geN|Xf6N+E`hytud^xr6+Sr4(*zVo-p4cWP^B)$E;a z9K}SpSO}UML^0zLs$a|^;;@D_;-p@SN`8HtY7(P2Jh#psAJM_2Q_IXHfH3Q$x z_Am_GA47Dw6^g2`FV^102Hh6(&<#M@C6eCKIUBOK5M(*osRG}B!n$kh<)ni|{@Hs% zZ`ZQ)p&TmjHDd}M?C3X9!w(>-$8J5OY{pp1J8h!z@TA4E_TPMAGO zHWJxa2FpsM23?kg2s4Z{k-A}+5x=)bt>e^C_n?(CkA{g^1&9;olyO|>hu&R9MH(P$ z9&})qc~Q1T0;iM+Dl%u43;@KF(R8yIc4s8mtffEKl@^Tm>eVZux7M1@PGZzl>qkdN zU;5IQ9zA*l6b9shr%}=$fBf;YXU|&i&lL(6;%t^7iIWiS3>_4zD_wk!)Q0^sdY2X- zu+I9zT>6v$@4R>iT&nOT#}t5l{urFlRy&`tD8}16z~^R`(LrSS2NoR`Yk+Jd(Yzji zz2>!7%$;LdmwRj{cA1XY1p=6|^=9D3f)@wT#CV5wJ%~8?^Bx1N@`n2BzLqzzV10U$ z-LlvD5K7&OFrfHajW?t=OP9qQro3YngB7L#q8Cz9Audqb%7}%Rs@TaI$%~!c;5OMo z>m{>fp`xm}O6feg64veV%@ATG#pcpBBK!m#5CoWbbaZrfc7_E7RKZwWo0dFMN9^)F|vY(J$G?f5YxMefTX`;zG`)C!M9qR->wW3GyVAVTCKh(5H|q|TR&{l`qQ-|zSP z{gWq8&d$zitrr&;7Z(>`np*4m`FYK=ilvn6>+5fP;~RwBsj3^hUGe<jQLane@)d!X|LeV}mM8G5a@`kAG&E!?KMO zFTT%#d!e2`?<@DdmN(^!b$Q=0!)pN6TP&MfXi;oO{&w|mws?D^Uy$NfpUn*)LU7nY z-i1Wy_~GHwL$0B;bnQ9yaPxVWCOhV{w)*I=j3ravt&0MtHk4eklX}>GiUp6O!ij#3 zlxScef_ol4dL)U-uVKQ=EnAGbW&9H|nkIxKq{6`~#jaLFuvQC8Fa525#jp{rgR$H> z<^{iZ3>SSx}>gwvnix(e%{4qgw zk(oY3tLy9Q7cX91U0tCp$%*CinvgG0*J7s`u#NFK5^wp50je6NX6eHdqxW;cIm5gR zrC1rh_hoy_>paZu=Dy#cpRpyq9m+(qJ&@h|u-Splp06JW3s+$6yR;eFVic{vdA*u( z(RY1Qp3*=*Ao^6>WC5m()Ei|pIS{a}jE=s(pq_@wlBA#IeTEK)%A4x+`;8giF~GXL zysIHOCa9m{M8@rl|L&FC{h34kq$g|jxn9HTcbn~usmEpa@W9Y#7c0{=ktfNuH9D0% zF(3)GrLY@${q&YJDDNWRc6K|P6cxKYPA6#%Nc)zI5MM09R|^l(38eFm#YzwPkcWR| zBhkCV4QP?jM?+Xvxd)qJ#A12gQL#%p4Sf{Rhsy3OT|NWUh8tSd^zIdlbC*F2&7oh} zyQ`Cqw<1>%i4PR|EwBqNlo3loPNJl|Z_#I9ibOUiCnq(}$lq`=g*m)VHP5jILLTb zYdtwR0W(RP0wt$R_qt@JN@jM-OLZW{T0^5;7jwX|%@FLn1&BB^-@UA>YPPQ%kP1!g z`h=*ZKlK7w(QV&rD0Zmx&UpT?eiH1PE$M?pkl_{IU^wV$c8{cr{OoLIs<|?EnRm3< zX%CjOYu}PE4$f)4Evoircz(r}=EyI$>~`_))Z!PUY;wX|m-ihryqB5WoiuMvsdrND zDE>+huzXqi1BYbR?EruHbud|#)h@HH+!n=vRJHUoVaJRI$DA8-BJasrn^=eeqU?4% zWyh9Cy}G*6t#AX*Pz{%tm(I{`QD_ztL9i;LaILVOBZ9`jLoVDSf-C0;X>VyIYPPSX zp<-L@=yynxp$aYX*`z;`@5BAmks9Lhi@j4w55G;-~Iufol=UtFecubApno>5D%qxLeLPH?Se9fr;$UBZ+ym)~C za6ym0-W45WLVNb?*)RRlFMaaKCmbLU1`Kg@EMsVXa!<39}#4Bx+Y zm$MdUVbWocK4F63P_Mkgoh1#AG;5(p-6h8!9UxNsICO9WoBm~4be^kOVgfqp2+6@s zm@9D3qTzVJlfLngks*BK`1n{ZE#KS#S!%6*B{MIwqn+}k5~e=%1ORSOY$Y>I%y#y$ z8B%lwv)k=XPfv0D5orYJ!gMDFHjQGjdj`XVyDU{YXQx;zH*^&{J{bvcn{CG<{kHr4 z9&?fZr0$)bo;Hgf12HqFU}9{L&{;4Jb6TX>xxBo*zP|qW(!&z+zwQrwBI-Ht z9Wcru{V-RHMPVxVvsxGiBhr(8dXX)YC_HCw5tcx;tTZl0*yk`)rAOZM$0^hLm=IrX zKG?UI-!E(_511j#T`gGO7Bbz-xmiP*;Tva4#QNq6bTJqGYA=S0VzvERcfg-#YgH`{ zY010cO5T(_NarPkK(TLm2Nt`P&&^j-w2?BAedJ`RgGwn1$3|?)T!FUp5xJ`NGjwi* z1Il=xBju*_$DBF3B7x?VhXJeQrqXA1X0`<1#c-bcDN083xOn9O8HZG}3{FzOyb>8= zLgfG~Q7P;O7*|f-wCFEumS-iXc6HLLSFgyR;hdw31)Ckd188DwPzU^y9Hu}XK*F9> z2`3wvqsW6}dPWfE<;#}>Qp)L2N)htVlP_PseE$6T<>jReV_}+AHTV>8_@HI5|M~g3 zV&tpci5UsF9aXCy@R>t-aR||7oA4TL4}&iR5e@>OwWblR*ZyYl<;*vOnP;+e@HM^g zhbo~e{vwOkp@c1S$v%4Y=xbm58d>;#0&mA*cs*X922J<=}7?CqPf-BPB z2dhU02KdGXJVcAs#yqkE@v$!!z2L3TE1z^fE2DBRjacOYGrXrR!uPr$jQDrW6aFQO zd?+<ngz-3KMfL-=9;;*24&zIK0-!Zg->}*eaawobkZ=uB`*M8^7fd)Zm;KE zBsn;6xk=3Orqq_KCpD2gU+!yjxg4f@s>O>80IOw)MzOT@YE+=X0T#n?BL}J-OP-si zYI@>CNla+7py+^ z6lW+gf3C~DHs?|&0@FGuW=CKEugT6QvQB-4uGjBo85WU0Uu*;B#c`5jlyzIa?*c1O zxpQNru=>hZzVaR4@f{Zz7XrkS9+}`7h!s*QRY-g8?7mM4Q`oqi35OA@i z7)%iTpDp7F*obir--HPeI!udBs@V+?(?50oE4{LVm%^fVWhTDTfvw z@|tg0?L6S(0GS@97hOCJ!hH~9iVpak8VuZj)=R z$>}Ej9sMCk2CIR~kq5ebcN zl|s$|E`#QnGpnkrx0<0&)T|oRtJBj{P{^_@Iv6( zJPxc2{gnt{&I6~jrA38jid|p;6Ry>2?0k+|fUS`T44$dI^=>g=Ezb9)w}Q94ACuRSY0YewPR3$ps`bqJXXmA6 zpw@}}0hW7=89qaRb&sj`nU-=OFv1^DFfxI<1Fq8Nwzc}W=+UD`j~*#f$G5X8 ziZv#;q`vf^kdiSvEe-qJqwKqF&<~@apFXbHQoYwzFqR`-K$R!-YAgG}V9>&OSJR(@ z1}e7Co-^-xq@}8qBC}#C<>KPv>go#mRI|EOJAxPH7NG+`nJI4-48saFeVtR@`zB@l z=+UFaF2lwyJIwMt&qqf`!m`*f$o?wi&(?vZGKu4>eSH_bhU zwN~AGts1}HC!nB%m4)wb(N4PUPPT|&?+-(GOPkH!} zjP{P7Jkf>|ipg^OqUeKXr{-Bj4OUTo7Z(?@HEPO4Ky@Y}&d$y-HVC-jLsZn7jw^an zu1F|}(M}zJ(=;wJmx4jvE}|tSwXN)26qIqXkUoO&!u;lX41K?>&U`S5P^|VoFA7bs zffSwDT=D~d`op)p#iH{keTjh*22PmgSr*Wtp)j!M&?Id41s6H<`v#`jCd&7g)m(T; zs&(fX)R4I}%x~b-Zn>**s~8fA8m2yGG|XtnK4fjVELLup`48niEpL3;^X3wLD4()8 zVfo;gX?VEisXA9?o3$Yb{L3lNrMF8`@AUNa z{QP{HCV9=ceWhet=aShwV@pP>R7OzMt(jK&7pU2<3%WwMx^~ zGNP+x#FeJ?^z^i3SiOMtpvwp2aXvY zELdN}ayu7RGwCmVk|f?8AVTe3OFRSg;mc-$3zG$XqiGy4)r?0bOkwFWFQBSvmlR6! z%Y5?5C#0`b^mIw&SMx3xmu`$YY|ly)NGpaWmt2@_tl4F7=+prOM8?QNIvi4tDPyHG zpn2oOWfD0U7>4OvM%)*3 zUI?S?cDt*qD-g^uWXB>v;c1#YoJ%P{iG>owU@lSsmgbIYggp^89bm>Hfw ze=hYl+xZ=^h-9e3YnGMw#CO%eo#<~^bJ5()Q~YCTV0hIY^?xX&nbY+-`!bqd?-dwTqn_u$bjMj zTESYy4#vAZQnwGe1(aVk(Wj@UO1{ALh(cGgWnu`d8MuZKqGTXExyOWZM3c+QOCo{X zQ>nK&!+3pt4a_Qr!mFhe(O-rCv+jx=k(*a(3+M^RI5HDQ^mwi%9LKu3MpuVKZn2vK z{Q2lnlrQSx`^{HaEWU*+X+2_Segf5NVqi8tjJh~`W-wC`?@emi11{A`>zApOTsVu7AxF*|H>f-zTf4+g7rl# zcUftJ!uEw7eFCl0Z%m8rL0ygyjk?zNZP}7H{ubM%aUBYZJo+tNm?0hSl5~s=7)U4} zl$zG_{9Ai(#elRTB^@3{Nl*7^JB)^sm@GMDq$pp~73fALpFw>fg+w)DWUpUvm);juyuKP`SRsU6f?ur>uwO@z~Ep_ zS<(j=eb^IzZ4Fjl%d4v^O6)Wy87(NeSI@4Vi&4oQQd62{ABrC7+C zc!Tv4wpa!zgZrCjSa<3GbLRwsOC4zyE57!9?)Z1$^Yt7(lzUU&0ARge2y~D>_q(hY zIX@N4*fc!pk_CA&2&Tam($ZM~AXu`5=@qGyW_$6rN~q0;;TDlWTv9n*Lj9CgNC(g8 zvHgB8>sQT#Y*2G}XA)bhZAv%ze69h*flqxK+|@RRcfwyVJcG36bU zk=Xb2^mJJkpp^jnZ09$z%J=~;Wu{%sX(;`NSJ7jw1k3d9e!s_HrfRuk$2+etZ*Fd0 zym)bOaUqxm3!R*t=zJxWFnj^QW=_&D5d@bmnaB0)>`dl5l5zMHIHL~B*1sGOm{0EQ zqR%%@uJvQ3?EQgZqMf%VJ3d^twsU+gwt;b^7>N5?CbfK*>v^nGt+dVL?RzEbufBQwbBTs4q-P`r!BdIcTG4 zBGB<3%5WIz3U?3&S=6Z9O!5XQR8DMzDRH(uYO3FpPPulcp~W)h<6e~hc3U7?^W@}& zh%r{#fQ*@lh2LR8zfOXgiE|ae{5LPo8J`kbFIrDvEkLthoc7&{>lI; z+|o8Et>MW-J$I2pojbd8$s1~BPD3~h6hK@cG}t5gufw9_$tjQB44WDM8@=ou1m-3I zp|&r;dtW{%%&>d?Bexb;avunPd~W3~OKy0^AyI6Jzk#7K9kmQPaaqs5N5AI}9{p4Q zT>a>)?|O)zYdPKeau@NWwfS%S&zFDx&%`hO-^I>(Nyn2H07$`+H^9n3TdPv z)zOP%MD04R94*eI;K*1que##ifFmVMP&gypeiIhW*6d8^U=%Frm!Xp-eZ)0Wp_Wp( zun+56$x9D~MevZ;jBNr-;d5Cs&__xXBgEC!m8^_&o+vDNwGMa)qY*jWRh4KGsetu7 zw@*S|&-a1-HO!|YyPYbBjJ4L&(^J{EgxEg$07al(p=(BH6aZ=O_)h~V4%IGutR15h+YU`$Cw-Pn;w5lp4_o}_mvDxvflamvL`r@aX z>?oo-qY!es)XZJTWj_95n6ea-WBBs)p%H7Xq+-_%MMEI-oEPH|jjqUX@QrT85qwb~ zl#D~AKYRxkY-w2}qE0;l91rjj5zi1@F+1E0)7Ds_q-d3$%S{^90*s0!8DWZbs*#98 zT_)rGftMKOfSGteF>TSSD8{lzJki^ARMxCGRCSB>YqBGvVRB=rq^4`Q^|rBUhY-Qv z-m%G&r}JU4koIAuw7Bc9T8B!GjX>cTQ}K*r6)Sdvq1t_*ZiHuaTMs1 zHVg}H68xdOkLBLRV0}=<)qM2Es!f5rw&7E%MeUSQcK`T4dGd#TBj5xDgTs?)dowhpl1h%1UoCMAy<=ev%DOr1OYr=9dcf%|HZP z*rmtWyyDyvy#&S+x>!E_asUz?65YeX_o}Gv(2MZf5KA;v?(E&{f`mv$o$T^vho`hM z9msdUFv;c$SNpV*SF+v0#JOqlxCd@xFvK7Gsd>%ZspkN)YnHD|Cq^Hi9yURdkx7f?QEa(E4?7{{Ke?9jkT~Ck zbN`GQJvljH%U;aOIjDr1u0X1N{`|QTQz@D)EUTotr0ngHk#s`f?lb9{cWa1Eknc`AHmC4dzq8i;MQStJr~G|5atO{1ltmMYNhMIYn5Q z+LG=z@4w42?@Tc}Ts7w@uj^K>O|p5g2JU3|H^gj(+cT}>k9>finMoc`!f$L`Zc>AgqAg(-%dmRYi#Zed=7 zLDb^e2~(4`KW<4quAG{M3h@k>#$gr!4$~ScD$|2^Ov=g02^eMYWYx^A#Z;m`tKC=tOJFR-*)(ueF&kAeoXT{|`1dQn@+)EL zc`a`jJ6_<7#FI>}%%wojLp%?>BkjeokPfVS#aO zH>E$UEb1ZD&pS2@Q>&8H51L#`|9ZZCs$(+7lwqk(U3(Vl*E_NV^y`W+v=vrfMc~p@?;K=S|+CEf^;=l4~`ta3&6>ngcY_ zYcus%Kb1^@=6bhSKup-y!a>F`?~a>Ym4@lpmVsr99gU=tAwAU^E@&dSzi*95=)RU?fs@{@_|n}h!zPcnh8kSW zbUz)Roc{6uuzvaL@4V+<@Pd89^=o91hnt{;S8!v2x_D+#>L4E1yV1ibWJlQwI_3dy zYe2^6o7pns>tW?vs&>|0*ZI|SXp)$~LBo=%3gl&j4!V+AzCZTjC9iTLf4%E1&)2U2 zc4ZtDCDoQN7Q<9S;40`QvO5{83J%|b(2@&M*g9DS}|T+Dku z{OVjy$hr3c4C*}37%{>zWS`|`h388i;LyN}?TCDgZo>3Y*UanYL*|2wi`618o#!_Z zJUw)92~eZ+R7I~IbmHyhy`#_DUzPLTVaX4zxbSinK8P(B3VQnd$A0?gyML2cb@M;{ zmF4-f`qjVda~{IyT(16`KaZ+r%PuF^Y`F}C!2BegOGe+*qerpmOqQR0t#xASAX~FM zpHpV-S}U8yuIKaPganE$na#m1F`ikfwZ;v~LSq9uArYX)s7CJ+vG8<8PPIlX_i-(s@wv{*lT}pCUd9GoSd8h^6=#PGMVg_M#p5Lur8to zLBcA<^0KNb*VB>laAX#(eS{Eq7J0}Q9Kz?pcI7;_$w-kmBF9Qx52FslbDQg85cRz7 zV;nT!8cgsFjIBaO50_EY=CX^a_u2+yp?7k!L({F#%fE`NO^k~;fG1D_p7WYsI1EH*y;EE$jLwP&-g1h|Lb47 z__IH@`*q(l{pw%)IrRD4SYG|?UqptY&z8KhH_VwL#gBwto2)=Ze8z>;EWmbC)VfB| zug&710UR#7c`SN_=Q@L5U6*(WKMnB!I83G{4lORrqUagyWP+RYN?Oyc7a$>5Lb9tV zrvvUh;S4f0M0zk~n9;k!H^4PDw;uS^rxI`+?6()YHN}q^dRI%@Nc?6@<^{@7Vap?^ zC4+vNUC86})y&qSu}^mA&l*$>Wmv*YUu#Xy)R_{&u05QYcgfN!}W9EBOe32t-n%S=W;Zn-UKmE_|f7ie4U(Wx} z|M~K#|5$8!5bj@bV~+z+H@DzN0}#08XlA2YmPJ`8!<23qT0#N15*kcXc!*+^z`c~B zC~RMhbEfmrU)f8-CSCneq`6*UT#+&3!$J32>wdq#xVUKMg^YB8(Q_dx5<9tJ`7@J#;9hRy0`d&>S#FORIxEiwKd> zhc1y-b&!f8BS6sIUQ(r86N$D4oGq*1w$0MEj883ZGVsZTb0E}O0&F%4{RgqHb9pac zzML(MEd&%X*LOL)}Q zf4$v%Q$A$O@WvLbA*soSpm*P+;Y+~9;cN423Umj38IIymh3QkeI!_F-GBIQHmsCdw-PNwH>k zeYk3wEiDtFV2E}8jr5*eU0unJMa~6AN(=U zmt|3I1>qi07wS-2(}@p2dG+d*dmAx*K@%OKq+@FR#fulrpkp$}pg_0CNHr&B&1+uV z+~V+bI2-8a4Ruw3TbP{v_`LKNL_+hUqod>FVZ9A*ov* zODi=mb6SE*+MR7aVD;Wa~5y=5QBYv+D@MtS^4*aL&|LG#BP36M|7n zA>3j5msoO{YQi$0YV0@-3D~L`oDQ4{i*fclf;1dKA7-j%Rv~@4hPI%t$XlWZT*CaK zGH1K&*)0==_BsG)*8p2#$lYnG?43LHF>Uca?i5qu(A3oLu@O6k&LU z$_Fe}`kN?upqYu+HvnE7-chF`&elVJzFF+7D7aHhD26Ow{m#?x{r-s9|0{oF{%b$q ze)(^+a>ZcG$Yd#J=>u&sO)$I$s~SpL3OO#yj-ur`O=#j4N3XV7CM{<_$l~0{m-KcM z+P>H2o(<=Y49g^9w)!L7}V2VCt}gcuU6a zAP0*jzN!|4>&OF&0ZMot0b29Mn`#a|S`obPJP0jAq#a|ax#Qzw#ZJ-fA)-i|dzv1c zP+|F#xYbx+o}Qk9UAV&-rBc$Ehvi_(Y@bvz&$CjxtLM`+>2{Q>tE*2w`9u~k(p;%d z-Np!IlvW<2k%qS4?+F;MnFE63cxPv44BY?9GAERV-HQ+2jUgyrXCXNwsk;#`E-sdg z6%)Gh8N|%yUxp=-*I0B3qt8ni4xj^Y6mv(l(6*R6wf64Iv$HdiJ$eJ!+8YQ<9m3IXaGrI6FW7gFiA`w$Ek>GS)7(VItsj zyvcy4FfTvLe?2=+A~ze;dG|IB^0TZ$EqxSWhehI{yyxWsV0{n;!8a`FR_pnX{q*kF zbjJg){`>#>>gRrT5b+;EK|i??a+TnUAGG8#G?-_a1+27;yFy~F>l`|u@0DxHe**6! z_oeUAOu`~kNRgu4jZbYA%3bVUYTZ!-c*4Bo=%J*MX}8-wdi02-+p;u(EUU%qlu~rD zF_{-4La1oYi=P1{iosGP=jZ3jk1BK5vMf4Xs9GbHj#6#5H+d2Flkytjc4>+%w24UKOxlvA8=Zr1a3t3<_VM_){?4QC{)c$| z=pXy-yWjYau2E6Tqak4!&WVg+OhpW~%9oX5w@h6V{!Qbq^zWRlqzx*$Mrr1W@U->|aRHLh?=wr{L z52+b|k#BHOHYhDOH7$82k++ckk!Sr}5rPI>)60et8PvjccdPbY82b)>8UWEI-tXY zwN^O?W!4hKPEJnzD5B^u-5D96Lxxfeex!;m7QA25ng!G#i@kuL^MgZyFznLOP0U=E zjH`=2<$72^_cTp{)T&&_iNlqfYY->~A{=@W5jui^sm#?pmE5u%z;ND;0SOJv@7;sP z1}Hfg`J9-(#3JI=t5>gf$NTRaZ=FB?!9Q6}zh$i?KiROX23*CzEH1yL04NE==t*82 zJoB#c9 zy!dl}JbJ_XTO+ymt}GvB8|(l8AOJ~3K~xr(CZ#^xy~{3Gi-ie?>Dtn#V;I1eT5-AT zu&mhGa$yLCdzTClA<~xS7P~Gj%ub_+!(v1t@0@{c{6%haQ&uW1+?7(lRpK3wIcE!}@>4aad<`VtnV21pK$P53xW(69*^C_v?dRPnN&--q&^ zmIn*gdtBaP1+v1A|KZB7&Htt#TZ2eSIzDf!~mZUcGwt^5x4DPU2W-0tYE~@Lq=56>9+1( zwGhVc`G4Ryoc#9R6Iq`JeisgXPVOR=BUbVO@07tWM5M46kx)zbmeK@=rt9x)A&wNlOY?bT~ad zeg6FU#~**JsuYiPc6N4re7xW9A3b{X0B55J<(heEpp&I?=10OdpVc&{9a z5l>dkUbXb$hOq@HFnq3yzrreD`FyJFeM1=uiAdSSA9HzeNJQSVf__zClTc2vgJ!kb8F=oo-@)2=*dRj8?0QMDEkejSh?M&$KtN)AIUW1kbcgT<@x{0)I?pw(AG{`DXhQ7@W=EGYjGb!VZ*Q%hgCUwwR}QlUqK7 zaxXE%Lk!lvErU?|rf4`ld-N0kX?fB`GrahZfAZ$9|HAMjm3%nsy!98|V2watH#0)G zF02-_ykwekm+xWIQOr*_TY@Vr1f+~2>|@Ysk$#p~fq=y_N`!?Lp{i%g&jc!Jc1q4w zojb^Ag?D)+Qcqx$LsLc%m~=%npc6yaKpep9ZnslDt!8KCYORvO`cCO;Q+#`9U`j+c;tLCH0S*3)k0E#e(;U9*6P>4YyZ99zaGd?j=%Q@uKw!( zF#pmox|fYg4vmpsu}=BPt;Mxgzn_s+x%BrT4v1<^bH+IQ#IM8HeWqSZfrs+NET5HS zqP3<2)t^!Q59Mvjw0rX7KQn#juk!CMfA%k4|J9#c?>^TO>fRSl4m!?28FNPI@JXu2iCz?}9`%i~j_GAZIC_J6HBDi=#(Zr12zkK}q+Ydp4guc_JN8I6T+Rgr!j> z0YR|>q1;XBzL?o^ijo}5tGc+jnDb6Rp)uFiDpO|H)Kzz{UcHioPvdGCKi*nX9w|@7 zBwdJ20=hAY!&w3SdvkLGN^6<@flLRuKC1;j>%*KUD4V$j*Xu?7SEL%8gSH-W3Pg{h zsMDvwVai%VJ52Fs911uxD}5G*X0d?O>~M2kHgO(54S)uE0?z30(D~Nd=^y^LznS>z z)>4j+&wlVHTAn_k=fqPAl#`Aj5=Aj^y~0B9-4Xp~)5VN519PRf^wS3yCb1HyKDlkn zaCM00_ph}3h#5XZ*Utx{mEV`rT08%tpFH~R-{fCj|BpX+`Ct8KuU*m~$Rc01?zBO? zmJDWhZ-PIAP;O>!36tF}_ZK@!?ya=Ee-PIp5+C)i?#UfSC9V&sljND8H{D1W<{VUp zq?*Cw(T9~_oD(E+rx>~+G8L!L#y}j$g06v%kB`sK&pi=?h9lKG<^73sW+;`8R33+U zo?pCp@$ttWLri%FF=gQul?PCUEB>W^0Wx_Wi#daqETzBf4=mC$%lzDDW^b0AoasQR z%M&`!Gnr0B2f$e|Pg5M&+YBJdAE*aHuc*9OfVn?8B$&ne$Twd3(C#hhYF*TAq740& z0pdi&@o)JZgS@(>?0)_C?0)O-bi_GewU!xGJeaIyJ`rH9B*1LvXWPmI<%D$%>ToU0 z66RxPq-#JnOkaF>I`saH_k)P7c_bJ4@CQ=_3%UM-2D^eJ7_z5`Dde2DB+nw8%*&o`vXGbta9;lk>6;Qx~iXH4&bEZq6 zttCTlmu0!Uyj1>l8H7;nbEbfo5+V`;OnG#4bbfxW>qp0Z%vp-Gq;-t)4$V`++~US=FI({{251=TG>zTEL&$((a;} zE4Jl52P|7=`4(?)tZ2STOm-tKLI+`6dWgA6&kslZ-oNqyus(=#@>_n#*}wR&`#1A1 z{;lUf^}}W9QZc!ZbzSap1NXSBRS3e)4`aLkYluvbRm_B+crO;=zAkPY(!+u>1EL!G zhEUeQI&WQ2CelR}c7`91oBF@>WzOvIjuEe~ub(}8=2&gYOreq9HxOZ1+|rUsK7nE~ z8b#XJ^nmaa-zW{3lBS9#%BP^9D-X99_}lOIr>Cb%;4adY^cJZ$XiNX0v*t(v^&BUx zmYAO9AS5aXC08Rr1piU=UbbdlRF)W&S?n?v{ffD0)91)%(3l2G=7?D7>;XB!$*qr6 z^HtD#zuwRXXFM;>%&5cn(XT20-uu?<+~xic{O~&Q)$Qf~XYbvEY+bJUu+{zT=ggeB z52VXQ2&3>4AQ>Sc2nb}r5<(z^B#c0SgoKQEh#&~a7!xH(4z3EZvCA&UAt}cgiWJzC zO-zMn0p=xvAs|-*u^lB8R06)}0{5PCW@f+U>&_p)vwrvYb$@%$oO5Q*%$&Q|A5(kw z?ytXotX}KaYpq@#cK0TK_1mqo2-cf3cx$v2+7`R=#pgB$g(i#VWI*tKN2{|H^yDCyo* z&gRK5qr|pT6(xy+r_v2#$w=KWd6UHPtd=$;AOm8u0zU;gLVxYrwQJX|nVX|DI{@&F z#zGMn5-cVOa;IaCDnEMkclOXF?DBDy4b>7G33P&RD1aff0l0@=7`$S!Smd0i)9LQ+ zE~8`^{GL2qjQD__yUApNXAxdA8jT)&@Ie${Y!+Zy@W3*dxN4w-J`zqv&k&~mBUR5j zTt(mY254PJ>RO832t2Da?rHQZS*}3sx>VPpEB&>opD#V-lFt&2Wb5zI%iY*SeO=wo z!N>i@$tzxWnzt7;cCRAgRCZftmb(R$r!+J1q;sgr?Q{p58M$clI4FGNj-?i}#b^|R zpylo9A$#vv+5)WmoZ=(Ty7sPrV1uWQi{{nx#((|I?VtP+mpVwdn1!Ifkd|Kv6=R}i z2^0K8T%{K3ITGQD!EoO)Z(z>P_JhX`6Sc`l1Tv{n5hA#9koKCa_SOIufRwV zc1P_WCLv|ky`Rw}0v%qJqoX4PrGih0sMIVP+&PH%7S~Qg`QgFIWCA-J&ru#79ijUn zg!z1abaccFVT6Xn!EM_<{`lj7lEdM!^;=W$EAG;H;DHCG)2SZ%L#F@-H5jW7Zp(iD zk!Txcyy6VM8u_wVi4-LhN%sN~6H|(H*C0P6F|`6s7EINSD7l%Y?|4t!+zKURq+N9Huue*lOr+L5eZtAYH(-xeE?Nk3 z>!NjGlXY);*0oR!3;*hD>X7zw$d;}UZ2{JOO*^~$@A>cJ-cxZ2Ip>4F_paj){GL^t zX6{4_pG96{`M>{&(M#rbAjKtF{3hH7TUQ{e0;~6+>h!_)5ViEFQCqidJDbgBvl+}V zshfNudpr%%&tkE-apT7I>(|ZU0$+sKa|X`WJ~Bc#op&~sHW;R;Nq#Slxq%HW(W8ra zb(C~p0C_Me;kp}+$^QO6E-+z;3=K$)-=G38cXV__eM#40(=^NF5-17~jW(*BGmU2$ z0i+~Fml>oL0;Cj-lrH(0syPY_>i5HiuwR>2g-$63zJ zDa)bSg1tFzjifi@D+>1Js@Iwc7B?&+WpAy&_^=M@rIg06{p#k!pR?f=n+f;l1W8|q zoOVU4YMY-*LN=yYs+=8NI6)G;X$?VK0i@Us%;F;|O!Qs7qqL=~Lfbr8_b)X~os{9| zhyKCxeLv5Ciw!72gYL{W%hUUbdi4i)nf#uhljVzF)d8e(Tx}sb?5qLt&fIDfc&QW) ze%LL0WIEo38)JeSxA=B7gqUb|#yf+Ge+jlsgg!gITrT14GdUiZJs&z$JMO??+srS> z+uPd%=3_KHo|?^O09fb<>`XalhE?&jAeuBB4iQI>NVVWM3lRq4z0s2x!9ex+|`jjK*Hzo8I#`pDt?iMAH3 z`<8a!{;uMX^ZXb7)%?eQP`@D#plHy)_H=dsYp+u`K&RN|7Rry0ST~xjFgc)@DssRG z7AVXN(GRZ`H6%IG$VL{PDHDs7iQ0fyj%l2doZVCZ6pTqYS5K23a<#Jyr~w*iI-Op- zb`6&XGVqJd4k5sm2`F=PbcEr>r8np@tXBAmec}B!2*9UJ0=H8$^%pF8u$G|N=Ks?EEWt~ z=5#Ri7n^6|(Ti0?PUFc!qfqdh6ZtwFLwH4b22ByUo=)XF7F!(_V4JDSL)T1VUH2}t zZ3WpIkac^PK(BT$09NSk!8TJ-Ok1w4!mp#3zH<2d7oVou6KU`lK6>)SZ$x)A%@vzr za$YjX7Kng}FpJhNT_8G%+6$E%`jZl$RTDM7DHdSSk~0~ZE!|7n0<5bqZd4M zFj*x}wMA_N{lrXH`mPw`d_F%sJVY=%unyqVbUMZ37!WiS8N5Kl;qbu+AG~($8Y-tv z3&VoAtK`mBb~A{LhaidJU%dA)h-HpT1JH`ti$ejtMg59#)4u0!&{Z$v@dHe8`hD!) zzh1BU+-D%kIUgJx)Q&>sz`8Ly%SE*Xl2}JIys$nQQa}we3%h%}Z~Kl7HQz3cUjMcB zj7M|juMAx~R?$2(OcOV771N(sOGvuxIXG(Otox1+I;#5i4YFlRSBthWSXYTox!88! z`t2Q&v0C2zo_FN=QEyebdroTYOJf-rd;bwdXL4dL02Q6NI%8#`3+d%iK?z-(JX}e) zu)&QV*{}bLehHv9%({{~b+ckpQlkt&1|zhB+iBPf0s@WeH+QH(VZh{raQoDa%tJ}) zNHhTLq0bSXK72VIkD0d<_9`=*OeTOGv)L@WL5@R&fGxBTV01JZ!7qv4?d|RD@9#4X z9mHsN1hea0(5e^x)*6jqL&G?&^aN?P3pFun99zyA9?am@4t>hZ;ESvmSLphV(Y*P5 zo~odA{T#aicKkkc!=yrAUIucnxgk?&ou!0W-?|W=@6{fKzU%pVJ5qd}e)YG;{o6}? zwVA?rGXBPQ9e(#WkhQF95mXRa+l|Onidl;(V|f*!>P9ReU8i||c!IN5U{h_a^;s*o zbopruuSIK6lAx~aiC7u%&Yx(%WcN8x>|K;|m&BAz7(p$|2`|h zG-xaLDpHH8>z*oT@Z7&R{roRk_v;?&23T7r zxSTZjm`}XuCR`1Qo;!!;mewzu(=uxOP{T$RuSdPX4I$tvJ>0%xF2QL_$Zkwh1wa*> z{QevoNQf=?lxDfa<0!_kYdlU58v0Ae2SAva!Foryi888e*dx5LkqZ;?6cHOCm-)Fl zL{I?&;^u7gd;0Y4O#i6KG8T&k0^0$kl1GLSu8l?`nB3F|f%XJ(?KOV&Ve}w2LPoa1 zL?1u!zyq_{46~+rDRq{Kx{9gi88p09`Avb5!W7lAgx4sn+L!Gws@0aS6UbTYOrbJ3 zDI4p*)Pyo|p(6|R z4<*F7Z@pNMgF|!9Y&K(f)?%@k&*$^`TyM)sa&=7f+(Lwa*)JswAuJY)*=%-rct|4_ zMgW0Fbcqsuq5xBQnIx7(iuuW8!WgXN5zPe0H*VZu(pM8j8|CZ*%?}uSmegYb#Vm73 z3q1{ESPg6VNbCk>Yn}Q?QK$Z@`dbV4;-TDU_#xHbY{qs)Rg>4f`EC+lZKinbfyvi= z8yP8kf(C}-v1DFjuQKVHbsd65Xd1_mYt3XyYOf11QUJJm@O!_%Kj^;f6lojezNIZa zMLB0G?A*OkuFycBrfHCpz#RG@NLd4|=%+(%$TDDE+kgf+g|2H-Uzf!oq^cdML}|~+ zz8z<)coiU^3_oX27NzQtxR73?LW|RKW*)DG2J>;`QfIG`FCfTPzIDRgf*25#fw3*S zBa&(<%2CAD6TKqx{rdIm$j-n{!ThEV0s;ax0(4TF@)99jq@x2!-KKD}k^3c0z()uH z@G*9eM<`I^-0|*3>jDk}vMA@#_!FlfOAJ0wcgF5P3VmF;rI+pNSJ)cm7d^|XE{dXX z?_#NcHM980vv%I_b#<9Dq|s-8Ve^SEMBh0zb);j_Fj6sS`Y(r+!&~Fs0)h3mkZizz zW8Yy2>*m$l(&eY^Y;9>vPf>D$yNY5_C7?>lwrz3x&${xFe*raMkeEy+*`1GoVzunX zyKu0ddtd8QuGG`8=(K)6AhDf#HdPa-piiFh5-n6i5x$vDr`Ejyn1&xz$nl{gGI}Nj zwVA;O$B{t|^u{6!XwDh1BT1sBMlzt%_6Ed*i+YyJ<-x(ha=F~!-+%bwhk4B+JIiJR z7VwZJ(Gt)hCJ`75Fpl}F^mgaqAv+*Fdsr)M4iSff*mO7?PN&l#Rzp4oM^$fC+Aj^_ zQTD4JWb;CwRjFVSG<}0(T;bAp>}>2bw(Z8YZQD+o#_sE7r{{H<-OIgU2uK~3*WDWTMJ|yx35HYm9Z9uXF>NoWfTceHrhYJ=E z?F~YpSji%^`S*-DEjkbZ7A|(m!ICc2_jLX@&~eAjRdgYDk@i?q8HYG z6fAtk;mz`lf3`g{>23TjBikNV?S@4OX{DY1_aK3Rhm}N_ zdGiObqckBk92&E%t*-~sE1L{B^9+{-fpQ2*jr}KZ_!RaI^*c*vuO z^FQ;y|GosjG*Da{C0KWGZ-*gI$h21Yv2flgXL6xIbFU^17I|V^oDz@fWF&N3gC5R* zgQC`EgWuLtrl$@!j|#D+LDfc#HOUap=4{Z|c4{*}gJdH4ZkNa*5r_!9RiDky)k6wc zDsWMcEnVp-*d3b;R1|%|#}=&|tuKcsdXgAI>5r53%>6R+#&+Xp%#eF0%PAjtiOvE5 z0I!}zQyV*=ksVhX7)k;IhiJ#vSc%YuQr)POau9*!$9Ao{19|VD2GGs^Y1;T13W3+k zTY%M?MF;$s3m9kw8^=O5uejO{J#%$Ay^fCP-{SF1XO@_DMGWpGZ;8H^xP~ZQfA$tK z`K4s);>Kd|5$-NSM>(B*pZ)3?%xug1nH#~^3n#!V7@;8(UrT`%nmd_m+NUC#Gc(V% zjab1!>x*9sZ>#OOlUHTCyNWw;Heq{98GpGccf#%+gJS!jxcDj9MXIdu>A{if+hK~* zeyEUvw7?>!fQD+~tsadZ6xg0e>{+TBhW7h}|e ze%N&u05hzSN1Lm0vKtI162gz7`Ckb9>fuTnf1dhAn%nN=?e5Oie)CfH^6ixoKi!pR z{R$EZrGiyamaxRU+W?-6JKCaVb|71Rih% zvO4p4LFV78dar}UHkm2-p29JS!F8OXx|j_>ZtBfVO-jLGXB`c6aW9+0@7Nq_lDRoC zz=8`74^m|d%weZwx#TXWk*SClL-@I5TSw}SO@Dag2{NsDZ#PdK>MlDBR3*={-z{5a z2aIqNeT_1Q3w>gIRHLOFe_JwU_^isrbQF;P`0-S^64@rHHA223(ZaW?x4FDr%-Fy2 zyHhz}Un$|=DGIGV0HKqAX}AoZ9XIY{ za$h3wnMxff!_YdtF>%<3Q{rmXpJW8-N9ZW8ZHa{7;uToS;nzzFTdD4BO)`Oqy7_Tq zZ^OTSeW$YJZeF&18pco}BqA#AyHzYE$A!`!G#;JGXF;MwyGc7@Ikx7QYSx6})VU8aqbjI#xbB}HNun!N1p9mUqtplcs@{sb+L(PT-_z(zzsJu%t>NOK2a zpPE#ffqS9IQ@4>aR z^d<31MZEd|%y=e>OCFC>W<#QrB~boniVr2KI_#@`qr}%$)7vx@8wE zC_0O~(ErYM*^L@s(+aq}Qt4gynaHHYeNtPTi`dkXV3P~7S_Lah)!o80^-AH1AdYT}Uob0ZJKaMWB7ee3>Ha(0}%68qI%% zSH4ntAsZY^72^t)Rnn+yHCZb%du9cRLj&1e$W=+v@FDCVv{(~+?&JzxqD-)f3k;2m zt13{*!!WYN{Z1jK4WzphL?l_#-|)gvA;@2H%GbBIe~hx{vl1nMQmv{iXetGb^TBA` zvh7H7#BtJP%m~C7dWbfvNr~;zwRE1l=?+N-O7>Pu-rv~5ryAPoVaMmDKc>1$ms7<$ zYM-O~1_*3i)epr!1lBj-ZhHS4m)Xs)jq~=OGsjZK4U($&#lm+%R7@$`I8w}!6`3gn zN3LGIS}#Pe_WF-!KI=B1OO@q61`f9i{ps!ic zx+S()qiq74Wvm5~5NZLjkO%qNF3AYin$@8~6(5 z6z)5%s5_o_3&of4*(|emNk!-QYVEF*;SEKw7fGILbzA9&SekzhWNF?3;bS)N5k&cL z^otZ;RPz?s%2sOki}C&s6w==GQR{i$on7t4$cx(+a3DMxjLR9hwFm4xQH0i=>IN>Y z&%UZLZyeXJw94iajXR#P&0`xoob^a6T|hOaqH-VR;@!B)&_osu4$qZkqvLBWs~X7M zDKuUfyx6*JDVq-glXRFRcvm%@#xxdjcI?Po!zSiH&2E^>Z64Ol)b)~G*UK?gLaS2p z1{huR3oaQCyb`N9!n3F?^Xuwq_o1JdMccykhV`?zK>pmxYQ53V%f>Om*8!CM7184~ zV;^5?wU-*}`x3C>yp0QAvdTV>7G5|BD5d)7Z5B=mndLOzaAiKc}6DYsp|Gcgqax*eEprSrikMUdl6#}PjdDX{vH%zSB@phOJrH8z_Qj~fPRUCpW)kL<9L1WzaInAA4E zpVALgKUM=yMtgvx}Bx=EZFaJ-Iq%@@7A{kL5U|5SgNPAoJU`qSBm;v{`# z;eSWp2qz(ClGt}JbH|IuNb~9y@@M~KKCZk8m_UVHvlZ6|4yWutineIlN#MFr4G}_2 zRrxaJ!5uOdiCNC3@z9?^cYVfSMn)6vNs7U@A^$LK&PM9J562QM;FAySz(p1hF1S=0 z`T~G~gy1*je<*=>;D*G;4-|jESJ-L0@)sPdl57>-V{}GzRV>lJ(FUz2)~7F zV`vqpNgCYR*^T_${F(x7Ak`cOZ}HRlH(Fmb=>_lmj}+)KV@8Yir62?aj7^$N9v5 zdE_`F=*;g((3AFTS*Xta%ebHY8E>r9qxChk_8tupHscu{D31#~5olugwKOJEDu9@( zXoNdtw`hFc($jWmG*NUQDN!kAOKhHaV?{gF%*h0848@mR|wuN&EQS zo{Ao;#~^8q{&{WgO_#FMW#$M01r?P{OVVLAGo2|WB)7sOPkjAW^cHlR^g^^x;4Z>0 z>nt3+#^|2?+K#)NJ&=k(LL^$4!#Uc~-rnBbz4^D;@chRJjOsk9Xy9GF@smes`s~JU z&!GPl6V};p;@VEpxH3RH9aS%Ypkgl~QnmW6P)-WgEen)uAU>JhRHwkKi|* zn3BL0E71Sd2;{J1Weg5RiJb<~gssTliH;(nEzSM@g49bf`6>``;+pQp%$en=B+%Vj z&pB->s*n{tC%PJs2f>#IU0hp7A$qtDiv`t>k$Xy10H|U5YfhRD@C<#|2nJg zvlSy(Dm`NUtRGAGTnJx5&)d?qP7vh({`^nJW6E^_2LQ-QXAlu%TPysNb^3?g&sL}0 znVy1z5``_Hfl{Ve>*{ypd$q(1F1tQuphkj3qqraE%3>Uo%u7`P!l#3v+O%ga_!N#@ zYUWn6E3NHc1#yDKGSMEgb~VzlC!_ZfxFQ6XsGC+rHm=~Nvk0Wuj^Jy_nO;XZ{$d8!l;g43*^A}K;ay+I)#O-0ESI0}}TQB!@AoV%;` zDyl^0g5`#PhPBjDwJ}YV0^i)nru>bI?jh7f#_?+*4-6biYFXf;2W$sgjn=Np|3vvQ zeJq9}n<%b^S986|>+NAm)EL{sx+<8m{OR%y)H8wVxJwBYia4msq@53=k3i9Bny6NU zM`O#oB$RHsK+b<}KU?3ocUJN(Um9J>Iv!2A1>(B_4|~8)t>xy4!{5oWLan+@Da7v! z<*wg#gV>I+CfK)D5U!J@|H{eX#N*YW_ctK~1V83H;8uZ5g`$<$uh3kUkXXsVHTLM2 zgUJ~cIKTX{x}&hG25YMsMd3iDH&2mdbHoOny5R$RYsaJ-hEfpkQY0%8G4YVj1P!Ia ztGNck>uD6Qv8+67bgMI5Ja5UtKYAnhTLmPb>NiO8@b&c-N5JiTGHuNfObW}_(P12# z#*B@KtfG{UlgcBHY~xQ?77E9xJGBI^8%xnAE)$Cj+~2K~K?*5JsZ5c0{FnNkfF`Kp zafAL0KE2RcMFm^@-BX0K`e`C-1>=W`!_g(qZ1&>l=?)>uxhNj&0Xl7StD08Q^7yKFpeGjQn4R$5#gJv~Hu1-I}ZPgz6+a)!O%NXpR! zXKl~&8|s8qUe+IxR82@Q_>?w(+=dXFS9`xRPtcBo2nAdu018S-$E`9idlBTLe1#e^ zbPN$-B(&N)6mR(~D@*~9%{;!mv`~+u-jF8X9iu}reHDxVyNo$Dlx)8ViuM_kcPO?G z|ETxX2B&xettnGK?3Dv>HVWubC-(BX$5&2i-JRp1E{wn@j{*Qh!h7R*h(PD=`!c)d zc#=-6Lxi>E`1$(Mtxyq!*O68#rtD-3e@|2S^=TS%kv5VKvrb9_*|JUFeEXd=uPw-a z+7R<<4=6+l48Z>#W)@xz)!-W>a0-`*I~lS5p6U6M1-n{=c?)yZ+tLX0hRxrY^ONKC{;|a1cgPLzU=bU=H`7 znVI|Gt0=>?k=fdL)MhuQlSzcKiu{ELs5(Gtw5ZHdBm+}k3hY5SC0E8&HU{nOHUFtS z26h~za9%*CuijORi1(Y`)-)~iKwMWVzuxZ1arm%8f95J98t|kOhW4uvc#DKijQLGK zkGDLy(imn$ricJ>9Rj%A@+QE*H>4hmq@)TZr(Uso7O+zBpYLz(t$n}C`@ttmEw$x2wG=+bYOM^ zDkFX-hxF%2rh-*F8W#b8!X|{DbmpQ4$Bxok%GfF9cL;GOi!eFDZXZzEN;^z_PF-56 zP3TPD4MG|b;`$>tysHNEB;G_bYYw6rgO~`}^%15998^vnZ?1du>BTp^(s1Y$nCd*f zmwq^Gv-ah7Hx_^IdMb5QB|u60ekEy(wqUE!rSCt{?L`uXRR=EWQim0{Ff@31P9sU3 z=YdS&Z7x7WZ*8W}K9Ig~;yPQh02jrF)+mmc^2R&4VL2Mt0YS3mJ(THQJ3PHq0kdmi zpq~1@7E_~8SBEE7CH||3WzoTHA9YxAJhHvr^{;}vm-%d#)VErK&0cK=5LW06>RIP% z9731gkz>yMZGtFl)}mo!5S*sKa=TqTYp$rALzP=`z9v?V3`fTb;w} z>PXfXY6g?2x~Y0oot3vUiu^PHR$Q{VWLIN^giMVLqtt0Z60Q3A6!&08z!3Rx6`jU1 z5BH$Vy=aB$<0RWdQ3d`muky-H81P^9f=4e_iW>qz`H#{9W_ahrrV9UsgV0pO3qVMCHBZu+>33=?1lfzVK+nf`M1AM`?LV{vKt*#I;eBq4L znY@v;z+T7VQB=N0E~e-Rxy8`b;iPbM{<0b0@YFEUVd1 z5bA#lbEBv`pQAYqS7G=B1&<{psaHnlsI-AESgGtD-`gZxfV+&|y^fM9eS={$-*}N# z?gRD4EnB!~u^Afj9PJ--X|tpb-p2PD?LOj{pI|r#$=m1eCpFLR+w01NCK_?C?kUm! zW+XCUgK7wzqCE3EwdRK|*wr6HKM%4?@GivH!i1rssgIC=4}LrOh6wwyf#bWD-(@*Q zk7O1L)oTbR=S@=-b_iJ&p1(D?Vs6Q&CIkC1Pvt8XL6*O8EZBD3DrU$zs)S)S_=}>m zumgQ-Yd(hL6LOlal{=OTu9A_;a)JecU8cm<);XDvZCJVFGJC*OiPdK(?|hNnQN z4ik0^NCFY&LQBa*jFoIlezqUGZxWl|66>V$6&i&IB?oyU+2e8mqu_GOh+ZD*xD@Y^ zBwHC(Ry8F|S4uPUR-aeV?eNU}&&KeNEW36;55kP7>;`cF z2&^J0&#a9@|5KDu^VM$jJ>Y}&B4=Q}wf&)rCrc63PgrfvFswz=>65~FwNstzM-<~? zIR1pkEanGBhsB}rVBj2PqNf?TbL%_T=W_YA>fVvzPg-*jtz%@CvCE`3>SA2D%)ew$ z^Cw*Da69-u5B-psYSmp5jv&#EH}dlGG9i6PGb(s%*`R*Na2<)hYu71lfqpc7s3nJxM3+uT>j+%F66x0>Pc5_Vt<5}+I!dC{sba86 zL;!febBXlhT;r3M?-k`Q^niR`Bc6_O7pI~uL(7ob677gs+VyY9s85ehpkbVV^S)*; z+Vp+ySLfofJxA-W1EEY5$K7Ti6b6|3ZqI-*s#FO{K>t>&kF{sERn9qnrO2} zw-yX-jZ0u~Nr5MR%t~XdI!f`$C>2Qas@A9R+g5@{(Ims98+Bhme~AZR54CjMM_8(f>{- zE!eI`#UqRMc`qEZT|mi!C-YQ5*H9y3)ehF6;Z^U=cU7IoI40i(8!ws?&LYr5ML8Y# zW0|I~IXoDaz(dF4sPVgY`8JvfHeIOF|P-8su|s6{k=f&2LPLDvY?vj5bHc3_I2a zmBUF3cnp7%M=ERxs%RPj)mWT3my=G;kU^de#!sfG?obGUWrSr3iIMEKTW%Ls-G-ZQ zudi#|=u}oq6A0E@f^!MC0yGUA zaikoeo^~27etwNEupxB${p>o5(S#W@b;-9_yR0SkRJ?L!A^^s4I|i6Q`&m_1qx-fX z)}XMa=k@#6Z4YfXN|ULQ6}(Av0{>#lr&2`4SD)!*`cb`gKPVVne9F}@&%<^V_rZ|i z&#o7{l+t#5zsVq*1JW3UJ8K-T`5qj}4%X0l4B9-{H%#GJ9EA{D7Go$<9UQtWPo9*K zVttjh_9anGrRaOBo0BeoC*;nUYU!3SnhF~Yk2eOGisGCRJ@=!wZGt%YbeO4%i=UQW zQfKcN8!r@S5jso|_;Hc~uw9OY(b$$Rr_fOaY7@q@@K4#Y*U7W-W$MZE4M46Q)96l? z`oxW{P0ylO}J)K zO2;~rUWXW0wdEAEbel;Z)lZNX>b^Yq@kcmP!MhiJ88aiyK>gw`m|JEUGDSe!EgG8O z@9K~A*6#I|*kb@o6`6NTPP`(iLyfi+4K2pgVc;NvAUR*6QIYc2LIoQuEp$dldj~Oe zvzF|xVVw?98g~-Mn~#!pth0_j`z*(~pe;s{B@3>dJw6YXv1qibDf$W}8<9hmq*tAG zMtj}C!af)H24K6+0*hV36du2Hb%d?b)y-Sd9STL|&oZde)ys4#PhX%VY26#n6ZSeJ7s_n& zD07%f%oXYp-c1FdQn;6ppXO*jGu0GTCc4IAu`Pt$yPbD!cmBTd*KRv>pJN#U-Tw{) zVdWbC`yV$ig`!(Dc`z^LykUPfGxt4KsJ|5bW735b8c96kH)OopFuS@{HLf^~jvbl8 zA^3#3Y@+cu+SMh{Y@V`*_urs$SrvP*9g1QQJE-;=OgcF+ zUl9r_7lIi=rF49JJg9lo>%5;EW|YPXL&7Yk#V z%*;?kd)@XFcv%+rvA!36&x)n5oqrXKjt0Wdn1phP~3C3IP1Djq5byboR6DCaV36z{ov29X3HTGpGyvlktWW>;;P0;8FKz zS&F4%3uU3}qVIQ$R0!LbkQtQs9P>BX<$lX8W2}cX;!Y)RM}|3qkY2)iF$aGGhbH`l zu|$4cLbi$VIWg2f--wBciHK%T+{g%K0rnAFw-j^cLEQI*f?p#93QQFT_%;I286G;A zF?nMUYdEMZ*2$-0b@9O&HM%(?3@_2%*bTBhrynaU(sqcVA6i&_D^5-=EDy0hekU#VTo~*iv{{cUP{(8-yt-3@+B)o;)ewGpdL%quZ;ussgvqm5t8Z9mec_ zMQM)|8Kic+x}^5Ff~nq$y!0Z|dPAA?b2{gc1;#JSy3F+$W@II9X`c3;aPC*{O{%&#cKBi^{f5=Yy7UMFhsnRwrk; z2!Da_LtC$<|Bd|8TOX_wZj^c}!sij@DYuB)OB zCBS1Z&=%%fx5)mV7J%=tPsH(8piWF>r57^JP}-3{r2qudPNvg!PtSzEMCUMd_<-|h0kUih@cFz<~>=k4&CmF;)DRhPdc0C68~#- z(b+bGbfumqK$H+ML~3a37)pX_l~DO)qKHV^p!mlEO4VQTXw0*TWi0UrsS*(p5iqmO z)}x_KH00hXaT^V2A#Q*@wE_ds`XfA%y_j09F=Nf&>aZcLtLEKWTudB5a^e;;3~q%R zsF)ay7>;X-tt(?sAR5U_{F$)RUH6yZ^t9k3&$2c0dhJLUJPfi*iZ#p?1(i@VOG-9t ziiWSS6L$btKDWAC3c%B=@>lIy+@*`|F3X6@#l)(UD4N`@&h_i71aS;W3*H#Z6rz-@ z>ZJ-Ic*)dsTP#7afMfuoLT=#Pf zI-TrkLe%@sx1iIP(Okxbe35w7C>aJg84zU<53?tF?Q00PP#L)VTu5G1Sfre#tEvz_ zaD_08N7Yq;Z1$J8XX$6Ch`-7+4?FH*c&go&1uBHqHVy;zY&z0fG4XEDfi`XtG^<6hbontuZ{`fn{W^SIp>Q6=15E_mw#!} z%;=Dtb`oZf8)t))q9?j)!PozbuDM4i`j(L}>0a3G@9XFZsp>C}WDvll`c?*zYf0B% zGGS6zB?+WU{M7)c*1zcHthPQg(T;jEw5fHa7jF$|j7!BMS+iw1SC2jGm8IA4H*9!) z1Lr3u#Cwldeekdy+sED+J|BfG3GJrh{j8g;TH(+kQQ7={8UaDLOu|F*cTeyeF}5A0 z2VJ*JW+j2O2PYf+pf~8Mj!lT|c8*wScWrpfH<2c4+!|K0w#Ciz$MX^f$BYzbLi>ln zQm0H9vw(E3gjO4sYe{VmHrJ|05#UaT#^oEhseUs^K1}0ay5Z~^aB68pI*GERl*xoo zjHxvL$|#d}Fq3NwMVFR@vdm&mqlSH_PQwSpzffDN10ljuQSA&RFpqJvey&cBE^+x|izv`PTP=st0&L#{>1I4A_W7;>h`eIFPf(K_48EoN?yt<$v-Q8hzx_?NZ3RreApD1dD6`Emf@wt1 z_QG`E#zqyVUvOctrKi!vGrmZE;=n|#Iu*SeorgAG@qo2vy^8tzo^X023IuM3b%}rX zdbdk;wtv>8biEobQZ40Kbm@RTo81#erfl*g_4?MjJ`|E{CU&kxyjCM%8*hvtYwS}c5m%w z`|+E*7qOj+J2@pqmpI=vO*1Z{jGZgypsl$XQUOoELm3+rG1GcB(H^oQ`PVLN6LBZ^ z8=4B>EL>tnrS^%qq8$6~*M3R6=apafByyCLGG-6Mf`)L zw-6v2s+@2?S6J+isRdZKa)Fm%1Oh9xr3`s@hBqCPalc(;U6~6yGJU93^{>8X-teqo5A$LLG6*GSl0kX-XtLnD4g>GSG+3BnR;*)L7Pu=o=6o7 zq(+F#OvMUIm?dZ&!^e}McQ;xW6Oid39OAz=- zB>61I*(KvSPvXhxM%W)y5L2PffBw?x$EY+Tpxd!a^Q8{wQcdy1cg&D3S%f<-bXZm_ zzd2K*GNyn%sfTB{IX$psdg%N;P!%MCfTn_rLAMkZ2p#urP}^*~f(>{%Hu78Cl_=m1 zc(ao%_{wMvt2X)<_Gl;M_p#Ym4hKWkpNj79Ovq8Aph&!dF;aj!d@x6JC+HN+o}$*c zrqzEavo|V(;tEf-0)Y*<*aO3cVF9pBK9un_>+vD~|5G@%y7PftPL_sFynd=xT6r8K z37FX6p?qHqUr}9YHWFz|9;u7xH0Oq|bVWEZ>o{-e=}tm6=r6*DU{tx=el-B9%(ko9 zibqLCqxb29ymCL4Xe3HKyng%p-CJ+bxacly8?sbubAPu%bHmtHTK%Kb&(B-0KYnVemJJ(&+Ed{saj|1&7>&fDU>Tqe?LW?&lE`!olcb4)_SClk~fH$@^!RpQJ$puH}81cy*=$ouE0qA!IO8nxi<&`Zt7=1rgLZhgRb_^uXoGI3`{zLj}mhBua#6N(HL# za<}QC1rTdRG9vpk8j*{Q<0dD@gR`ahVKZEJdIRy1>1wTqxgZIaWC_|b`chHW_t)JJ zkhU0<=R=FKvFS%6d9X%{7Bx277}c|*`eMbvDPTF_>k1E;U-rCp^YJ_7qx7K=w-y%A zW^CfNc=L`%i7xoYA0={AOv%yE*aa< z_0uJ0v!+041bD(NABC}&sCt2yBH?txgt38b=h}i=_8r3}|J3R->)E1H>+i&{yZAms zP-(6?P>Y-Es&d*g zMqRgo;1jGLOfgS#)WJKIRZVx|r1}*i(^u}dNe;T5`&1o&_39(Yyj*sQ1;yWwLa49E zpV``D+m^vG4Gx~fao_^vDkzq}UXKk;!>eH%9-9Zhl?^Vo;CW&mXtQva(a~t`;lKah z7x`+rz6x`^W)x;9<7zJcyCmaLJsS!`{4aPj;8^L4#v8L4Scyv>`v9!Vw)$>$+k=y5 zlX4T9JXWycU&a8Xu=R>e7YZH7W{VW~CXVb19DP;0e~{Jev`4rI%ilw3Laacwf^n0G z&bHhhUeQPZ^B}sG7vSOPr`R_-ZKD}mJqzQ|A{`Hb{*`>F%GCsZFGxsC%@0y=a@+_8&8Z?sJMLE25p&C@1ZfBQ!2@RN5yTn8Sz#Tg}sW(@kjgteWmZ%=(Rd0GjZklBZN-#KKS% zY*!Fr2fDzL__V=J0x~s|8qPet(cx<(&wiu-25MS$YZKd$)8wfz#Ep`6#``a6?G*P_ z#~qa`o*j;&bLLx}(D1pEPZECY1>&$*8`;*+cqv!po-!u=mo*6-k;K_%IV-AdY+t>X z)5v=QZKX1~vk3A~_r*r;*9%PlDZT$s4ZfGTPZ}l@gtvNnu46 z8yO%vxrG4zt2kW|qdaVmshfF7zhlgiX9^_AM>`A+>KuV^IU0b!$(uWw&XkxvjLq?m z2q8{ZB1()fW`H2k<&igz>of==!V?($$?2bot#(f;*6JRxd@lA>k6(w23KULBGc2S; zrLI)2Y(6U|Cvw@38LgZ#f5k?dNh%H*nJ7t7pE6D)mlu_KE@kT#XjAR<;#++>eKwIe5xnFE#sj7XTPN{ZdiQ=r%g4va!u$&5QfR#+)?xhx%Xac@6 zBvTV-H7THf`O7GriEn8X^JcqHQGExh(@1)`jSLr%;rO7Oyb6hWacfMwK&l-R2OIs{ zkHTjS`(Ow%km^k!$THEt=q?9~Muw*iLDFM8$*O#jHks48EYXLDL3~Z6=PGW;vp)=v zFh`ZDfi*f|SyPHV$JMN;A!d|Dt@a?7F;6-yf93^52eJm1nHHb^MD0-fXSco0+e;fj zH*BHecGIDDeajL93=-9J-TwWj&{bJ0qfY5FnJ-y3%ugx>Gb|%Cxx%aII>;aYt+u+3 zDVL_CDqo}CT!~J4y9OqcqNsi{sBqmre1izp?wG+ZNx-DZ3Q{J0VGi`>F`MnC2NWmxZ4Qks;-beTgtz*!v7J9I!3Wc z8)k^xqYJbY#*Oz%99^T1*6|49z15l%$I%M)k94V(nxdRl1oehdHG0zwDqX))eyFG; zWppaYg~UB3*CSSp&ItkKia}f4u(`9CITeiqLSWC6k<}xh@4D}*E?0qtT(~yM_5wsw zC{T{y>G>1{YfqX?1Lb7lBfzmzhjBq#Y81n&abxlleP1&J#yZNgjKg}K-i+@FXr@Jl z-pMC9^N0>S$J3YduW^*2`fDu8!Dd)~ZBVY<*k}2L4>`>h86cJ^e>9KnKo% z0H}ldTwQ?@!#qMP%CewV@vrBsn548qw^VO0bwmlnc?#0-ERB?!2b+C7|e!foa%@xrkm~9Xs=-lm~WOWO6W(MRCBzT z@oEeef5ds9P^Zu8QbzI^43*?e+`a+xsLbx~ni|mGYT1_G(P@%s$ydoEbPb)8SN)yU+b|+te?Y6|z{lY7unr;)tEnzMG|WPgQyiQ>@_C#BXjW|GTS5Y3 z?cLDKFU^=0p{7RAHLXO{?>SC|WiCs_f8_nBsBQp^mZQS#3d&?4kyUfpF@^DwIMs!SIR)=8GFAsWcXrkVetkcgV2 zUZWh)?KWfQ2yefbiZBQYFG3TRm|L&k^uCTD0M~7+$Z@@tUd?1#@>uQsEq;qaBhq`L z2}PU=kUE|+p1dsm{h4!2YL2$SPI?&Ko}`!pU1YL`Oes^WsJO#b@Y@20$6%4i*ccPl z;C=7lngyU4MOT-X!e%0#Za48}$|KXRxFN%_utHor(jN@!a2+mudBs&oPSp791E;UT zy=BcvuEbglAy+1@#`%)g3eK0H$qCK_e=SXsLUbkg_w>Y#jOSQ{(0H@touP|lqMcdZ z_V!2#aw*XxUtzHJv8XO$HgEz1u>mO#3Ht;eQ)eYvDH{eOXrxI^DIOz{8o~VIz4Y$w z&eI3D(yl`7@k9|ZVwj?V^o#+EUYqPfNbJ>Wf%mZ(Cp0F- zDoC_kiIqq@pepJh&=wm5GY7Z_#Yavx$UZ4?iQ97K9_>~&@WR-kf$<}>g1?jY+n8?1 z7)fve9*4}=iLBC`xBL6-O&swX>skv`qceMH?8*g%C6;)&dT{03KG=johtBFlOL27= z9uuzdcAO>U9F_*wC$qVZN)4(%gPMRwj}|4OkrXf1a0{ZH22S+@<_+8G0e=lBuq*5G~Qb+Q9W%_5p~gb-0U=1{s~~@itV~lJZGpox$`TF2%(PN zHNAlR)Swf2SkK056%qSX5Vq?d7KeewLZa&qOH6`z#MzGrENhJ8k;IZYE%%_5qo#JO z3V9VyDUBEh9M5xNlW&x6on$?TI{bM9vCLF;r7=m64bs(h64o`5W@2N85yEw+u? zpoyXX-b@>nZv?(MMDCkHP}eZ*a*4{MQ$QRrNGTnSRH@goG&9U}@y7(;aOW*!`*Ltpa};~3tay)o`!6Yew*)WH6fDnYYc z|JcX>nw%P3upG2=wz=?H5(YEP?*Fr8Vrr3u(NP7)?6RF?llF3JaSCG}*kPsu1J`>7 z;dB|W_|qn2;524O`WVWTeU2aDfOxFOYf>Eo)4mXej=Z+|@Jvz*5v2a|`h8Y~V;_zX z;b?4ujcAYx6f@GYHsC3vYz}1n!TiK@QsOPAlIf?A8l@Nq%c;gQO6SHWo?x0WC9J~) z6r1YYE8&x&_G!9drQ}7HN~^)E#3!^BLsg=}Afc`Vf8Dkg zWnYz{>Lg7rRn{tq^g-eY#GFyL279EmH(Mfn+$zGIAr%Oob%fa|X~vlru{FgjPRP;Z z2GaOu!-Nd{`D1wM_`(X&K24#)0GdAXEn&>KXtbnshSU$)v!vs;1FTglbRi6Ujsl{j zvM1BG`Y_6)xtQ7ow1tT&Koh*yHJovwVokb+Bvoaskq+!z5KX*#c2i`2Ysfn$Ss7Sl z&T8-a^kpZrwa}BBdukJjYi|aXcJNv5gE0#j5OQ93L&w?ErNbu^?X?Fz#vuGkU8Ix+c##e<^efFqG#gYy=G^u6*vn$ zn%eTkj%)Izru6HBuimvwZSMHz23~uHCgJoj4K=bvCBYM2{1OtRBx(60x~AZCeWp+| zMe=tDUqIKMvp*}d8}j8+?K)fBYH^fN?3CX7@ri=uAACd!QA5t%D`6Ps7z_@;i3Xpt z$Ef`Lzsbsv2Y$+jo%dhXeAR~wRiXT2in~w}1eud}-tq<`VE-iJO_2}pn=bEUjvL@P zQ>@km0`RtwgtxIr@KU!+q^4o*VZD@Y6SGgtOK4mIhUJg#iMw6a*HNg;Q;#2bYel>f zy>TTKIGnh0iuiZU**-up>3`k4y0Le!uik7~yCQ43pb58y`C@Pl30&wdPEDblcgu}N z1%qts-|DBcRY*|ssY>4B{<-3q11gHed!TvA0xhY%Krf&^j%i=MQ#q^#U;bOEk0CUl z&PIZQN|)3lmU@7;lzAR}S`igCK%e)A@D z)a^!F*kU4K&X(pR2Fe0s)d%6{X^3y7$5mh%=O--6FIVq@;@5mD;|U4|e>`76vX363N` z$Sb0y1Y>CJ7RCs9!}GOpEXbU(1bO*D4~RDCCyt{wVKV|8+b~vfRxQ)eN14SRnPNQi zb*u45In*aL2&4fqd)LKE_2wuC@U7K~R_rM;v`=-p^<;d2kwr-@45jl=x4|0fda&!j ztVoiT`PVStTq<=Q=fOCcyO^EFRO?^Qfj{0>OWO9FJG#4L9Ee7d|3-kO^PxCwDpFyj zsgpt>p;d&7Ww=T1UBWHvze96}5&gX?5I0j{sJBLm9m_OQk9;4XleZOv&mHl!E;ecs z8$Hwd_5D(4T!g^?&xJkDet;x&y6^kM>$+}Z+v?c1I<{>)>6jhc zwrv|7+qP}nJoSG6bLze>s`g%M&N=2lTg`@TTrvId1j$k@o-VCftH^NRLRau>P735wB5spxem;Tyer+I~~dG-|EKE!PR z*n5<&Lj5%CL_^V5GSE(CNT20QH6LiUMaKt=2}A2Fy1X)(!*A)f@d4%Sgm(^7-~%cUqDq1U?M((s8bR*QqqBqHHw<7 z$*`z`?Ib&yl~|L%2pPH7V6NlOTCeM415aImv+0lrF=kFF^k@N`!A~u1NOO22!5wzP zr>Z<_1)+8H9F%s(KZ1axjyC<2mF<=(@Eg{eM1rM$Uc6_4Awk-oPCP2#s6nb_B`BU-!r zMj{8jPRht8_N~1?GS(9a^U|X^DB=NjxLm$SZXnLA^(Q?RPf_BTkofq)v)^aAw7v(J z2Xnw_)NZ!~=5YiKp1Mpqg|Tlz$FMy*9RwvEfvH{OUyJ;WHN(&eF5oTogy|lf;2HEH zC&f9B|2tzEllJb;cjXctMOejH@dYx#64f|RszUE7^*}Pcwangsom5bAk&#tz>8RAR z$E?wnVy}wYHa6veBuAou31jEE)JemplB4SWHHY!mn>-ax1O<&|Xs?$?7UlXLy7XfT zqt=S8gf~Jag4$h#lplp23YSr=!X^O)2X#g#(-wU0a=UP^18SSJ!95gqG6pi->|MaK zH;>iZg<9p9osEx&R~J>m{UADsE)qL4J&nMdIl2Gq zXrAbl$bvAB5)Oy9xpj4La1d5Xwa)!EtR@Mi3KOuQ#z4#1(U=DlZZxZTDX`MKF58== z_9FU+R9t=)=QYHB@rlw@4i=V>LoIdha15bb0^d+f4q91;=hgu2GxN`$v6-FTpY%jY zyw+2?OE2SJccc3ZhY7#0_$|(n*sq$fET@M%hSA*TwmW4#oM!^-$^L`b;0xdF&Yv!E z{tt$SXbK^y#~aevPJ!hgtK&9Ez z{Eco4`@fTD1SDM!@$rt@k!_l4X4L|V#~cA#W21^oeOWbLQmx$o{>R+tOC_ipQkU%I zkr9kJ^Z#=J&{4}TQts9DN21AXP?+?%a~arpU4&1ss~KWnfnb8l$Yy3WM&0Xc_TV)P zo3(!Z`h}ilY=pI|t$_Z8IVUU$z%B4Y=}TwmU!POqL7CjbiXt#Vz^K~@%}YjmEe%ML zSTTvK!NB`h2H@fpf;jsiMI}5@CebYzQB61;cO7=sv5AqQ4TASLn=*j@$daQ5%_o|N zvF}R5+rE*|Px^rB-upE!ADp^`L4i1%xjg>~0!T=SQRFDiH``k{E+Q^zaZ81A;$A2T zUK#i^N1KGQm1i?ahSaW)VU6)+7W`kn+g2B3i3DF^ z&#*lOZ{-A3RmtS3hK0Om#<@E_YbzV#UQOxoRtGEu&E|YKe8;FSdOs~oGoP#H;@$lJ zDgndHjGsZyR^SS*UoIDU<&veV>x=)^` zqHl34>2Srr4_vHMeC4>+;6p0&Nzp@qs3xSF2cFzPjtLe=s4{gRO=K^P;PC)qTf|fh zQH6RJwz)fe06B)8`r}X!eg9r8L1$4$w9+sNS)(+0@+L?PK%a-aZ|q2OU*~DpMxql` zNZS4~ui?S!fdg1Jp>MWMmw@c=pH;~k3-Fd+aq&-a7AO#bUto^! zK;yX$_CIk}Odk!R%n`I~B}SPh4YVLxBbJ#>gP}~8_Q2(kn6i$}f}%%jv|TN5t8vmd zp*Rwo##RE^b0AMy-))i4*pZnBRJO!3efNp>r}^&p=sjWnEG21%D||SJ$RQ)PHO;Q4 z-|KcicK$WXbGOO0xn4Jj!zW&N)9u7m;q;Wwf)4!Ml8(iz|8pJ6@*3IM_N$SYdH|@a zcz+gdal0q*KasMPWk*qjpgs`gwjZZ1sIk50)OUr^ZtSm1Jm$)EAX{KQMaZJ#Hw!8| z^8aI{_WJr(!Ea<*$X- zfW5`W`UwM#+g@_0ZMd@m7$rYK^`klKs;hJxZs9uXlpD`B!0DzDPFMuaV=lT&6h~3o z3zc`5W7Ni5tu3T{5%4;D4*p{Q79B;_4|*%0qizjO;0*amaB9#GA6@*dBHD*4oJM=! zVv|1WwR^^E-na&sdIb>AO&Y}OQ0+gsV2SPtzR^H+I^tt?PM4b7l7>@Vz**ealJ3_kOvz^XfTZ z&X@6@HOa$U=bd(10Ur4*XwFCu&f+F6gU3ACFGVeCeOJcvccL3Kd8S{Z0iPU+k-j}J>rYddjpk#aTM)7~R-lS;S zke^DO?o{);@|^E7(%|%90yS9V%X~^sFhq_$gD0~Q&k!$s09`{S%&xNqZzvI{_$db~ z$71QVta%lCWGR0~=0SPN&faMbS#T(y$?YfRP6G1mK2Z}B{btQ9tL&sZl zd&;g5-tRCbxt`Z(!#XDKJ12cc&pGLO1pZ_9O#G@pFYBk-JDJ@V z)zy$xEjbKHDT;DgZ{(qtcCV7T>^@&B+uOKP{U+w`s&)jveW~<5uRT^fA5Ly;B9Eu2 z`ke1s4BYu+`uE3~z8|%jufANrvhrGRad1i3O|pj-pZ@a_`ag_z&BF?ktiz{#YuUf1 zn0?7mQS4%_A}qa%J3<~@xoN8Xd5>_g7Y$WEKcmWGUVRb$$T=t6t?QwW_cu=GDGOu{ zbLoltk3ChxG^~SOSW#i_Hb<<{oGf*Yk~tE7se_!X!bnbFk{Z1MEDv~GA0300a#9M9 zCXa#UfjcqU%Y&xn<1$G@zVg^7s|ymLr4nT#RN#>#7al@963U(|*h?NjswSUJpKas1zV%YK$X^Y`aC$P7XW`gQkIktb!LxtfQ+BrZkAr z5gI1T{F>MhDuz7J_X0UPmLxH*a?Ct<$ZYH_O~P@FZvCf$%G?Gl+nE=0t4|UfM7BZv zfCH0BPA+)KvN^)@V?f<&EFAXaReA?w`=@&;_lL^pDMbI<<*Ks#ez5fYjD-L1tErup z@8JiP@mPIR`_Z|Fwf*Jx#*RxU16w2_KeP9U=Q@Mi*JtkM*5k(yLL%q)`VHq@U!Qp= zE#H0B=c_Lq3MI&X!sXC%eg_$)+irry{f8et5(_IL-)o*O6*X29W)MchOuOPRIVdJ+ zn4s%}s4BQY!}TAK2>y!#UGCo+z9iy*-L+HP^P;%g3n=06%luo551ING={s#W++cE% zgnXWGZ;bqMyPH1ieWMU9nfme2A$(Cu>bMyuDTK_~$8^PR8;D+I+L{!)C(wGh?HMAHOLOyD+1tJWrpo+Du|4NRH~A+ z70w2qIZNS_w~7Go^S|q<204r&^#FY6mKpxVprjYsdI%L0YRmH#5Cr?(&&7N)sZFsu#w4yqbVE^eOVs@7qy;?thJ~ zsEt`LNb(vH>N){(B`uIj??U_H@Yi&)WrmE~z?(AdxCi#yDwip!{#uqLn{o?qd_KdiRdnlk%EA zpYF9*zMr|n1E9oq2n`Y5s9ghNrjRz#7#p`=DRRP?Vc0bl^lJVVsxzu454g$txE0M$ z8^MGdQ-=;CVb^d*cxD>`SnOp5kD`;X$y>$!3d&N$!?lGRh$jB5B2hd>RIRnV&(fzY z&gLSW8!A*@We=3s`PB|;^y6*(?PW^ngQz?uQbb|tOz3K-whL1XL~n99>b5!Vr)ztjRLlaC|I`3zuw8Ig$#2 z9Q(}W!N-pGSc!KeC@_1i?hhh(1bQ1^#$wYL3*u>b!zx+TYPN;eF$&a9INra6E=kO@ zZsk4_j_wOCUx4e5OFZ5B4`uW(ia^8-L)R58Vxt@>(7DpxlD_uiLHs`UPP*7HuX26f z23dsE&DcG*BeA?SC?%$KQ>H@F;rX7~54z-v?*7#Nf=$fsJLzseE3qtW&nG1kcMwi6 z#ceEhDu(TYQ%5)WGjs91qE$h!07u5BuzV^t`%j@vF*Qx&=4pqJ3QHy0K^xI#6A}4JVf$y!rjn+H-)sqggn!aSz#CbXf`lp zgh~2$wv+3vwBqaT$gbJ+4sal<{} zg>P(BUQKcHg!YF`!UO%pE*nIzb{hgiwmkNLi;>dXA38WskjkDt6$g29OL!P1=U(MG z)dSX#JE%k>KPM(#ta%cAhWkYXmc?GoMl+6nIrJBq)on?AbI7BeW_;#d0v^up=(Bl@ z_pZ8VH5yU>P&0k5a(j0CYWV9}WUmqNlW+&MnRgzbWmjOyP;wYV^?QKO8B3jb#J>nbXcR^Bt;9Xeg7?>LA#P2M8_ICwX*(_cByk<)xZkAC zV3d8sfcbpSKh(|%J{x<;3UL-@qF4DjL)W(b%$h!~e;_tU{%7J$-3Q`_nzJNdYsL7E zOSSu$E*o8!5HPr7ROzMZN2$oRS01dMF*?{g4Mh5CJ9BNNUB%`SEoPym$K)=96UMUHfcm006U=l8daiZe zcvW>1L_P;CN1G(ALf`WObA^irXgu^377M2dFUHYu)EalbK&Aks9>7akVB&y_5E}N2 z{0G$EA6HQfSTiXSOvrU*nkjt$^?1|(&%PvK6f~uRv<;=Tizq;(2S?t-5@jKqj9+s) z9ohggM~^<@pE|B_w^ai*SoBlkY2L}LQSV!r5O>7}@tw%uOjbJg!G`e^&CQtcO3<0E z(t1ci+EdG;ead`%vw4D7UI{l0)OcaM?&r!Id-QDZ;sH=wN1Qf<^kZOKpPcrj2YG^y zUI+l=%*BrAp%R;9f*yzLDe%0IkdIa&Kk8al{hFX1fNlMUACI>e8Z0TC+je6S{tBR- zO7~dPR4B*I0={y8hUGv@t>nQWblu%~A z?+T`hgiUw*cc*dhf8tQw94n1J8}Wd!S}Ft@!0*gyoQx|ub|U&a{)L5=RLIl5V^ zZlKemyfN%{J7$uw87MOiTsIs#cjBYyc8YD@(qx-^5BbCCOkxJ5RG1~`f3eoP?R!6h zxoW_I%X4B3IpZ1cvITH%Ub`uZa8xXO$|k2mTf;Eeg8vVB@}L(APUKdSq85%cS8ai) zpAqNk$|ALqyd$nb^%&rGtvs%>zeK+$cke#P zIgZL@NZQBopMf0!F&nh*yp%M(SUlO5x{!F-KCc-Z*?Z&dpq2mw%SFDG*I>vwc}^py z1b_9)6sdT>!jso#Xz-%id(-488|c6%0c=uSKp zugw&Y=44UnlIA#J+xl4%H|EyTE3uA}a*Y`9< zRUqv_!9jp-4h5kBOw3UM9>8vx3WaYt`Co-k9|`3@fbAn7+{G?rI_Jsn0QK{h#QzsJ z+pSL3t`|=jY-$6Rftwo=C)U9HcrwH0KLv6vSHyKGZa+$7mZZ)mUWJOL1k1E>=8mKC zvtyW=qgt^d#Zk(hdi?H~*7Rrg$q8%9cM*@=-iN^d9r>pB0&s!Bl7ee7Fd<;Vx>M+aOup?xY7;_$TpyV#&>Q3q$YH zGxw_+vMGfzDr8L+Yx~#d!<`iYRu*kgl3m#pchWE;+fq#$2@78No=)lEB(Ven?S;h& zez`SIm&}t^#UP8DifLcR0Q1g}YeFs`Eq=GMU8=XU>o+g_O$m%4)Xw4!vQz70C`z;R zTPVRDiS=?rjXsjXCldloTOMc(8!e)suP^WIay%g{giudUPelIDTbA6n$xwU`iGwmg z7E|Ax1#9jMz!V3tKrAo^+~`;d{TCpHkii6~sSqFm3tKYDh$0{xxR*9)yw%E3hJ3jM zzkZp%s0-~N9@>^&jzAm675?LHeS@T0cbb;xxdYqu@@R@fzQ&@b{vI*{rh(N0$@2pi z??no<(~|cTG)82n(?EzOt=;DU<6gVrXV-VO94RP^_8G`)`+HK$YRF7a_uA#t1bw&U zMHTVOl>w0~ZXCrOf}hQJbkaLgQjVnHc6%HDSKezf5dFBzK^)dAL?BDL43Gwu*l?}q zL^?ywM!_d;4`&WRx-`F*Z2^I-M1mB2cD4-p0M-fr9lyTygfP^?N|)vx(ps!jzGcq4 zhE4l2{Hroui(IM=fOU>EY5&9w$oOoPhK1SsRRP^S=A9A_GVd7LH>4l~?EvRGz$7L? zS((+1g9C2m^>+p67riBL%(Z}_4)~GTz=isk0S?{p>fYYN9j4yu-Z_oz1i{BhA4i57 z_y({~^A?`^Twz5ru4)nUClu}-;MsV1mLtCrSFDo0fg6mB`%KwfQ1SQ)IZj((Sprc4 zD+3oInSk-*GvP!dy@AmRL8>J%0_J~gH~gbd+6@0y--plQYI6i*5NbH^``>9rfhU2F z_+p4|^RxAbBi2h;5U`%Yr%y7d(!5SkhPh;thDkX2F7v^Y%Y5 z$a$rw&1PkxyB%);?-3uyTtzV};v&p*lX?xpX#v-PD29BAp@XoTZI9ENvA{@;bvGeos4G6K$$HkcqBVNtl*7(#v3u$V#xYN=TtnctKJk3pzge+O6l zWmv@`50Hcog1}qQe28aLyrQBwRc2xKAsM}(grP;3y51a^AF{r>9}f21-JZGrRa_UB zXC|lJ#NwXh@R;Xz?Zh_cG%q(U!@Qp_FE4Kj=gAwTc%&2qB@Ozzs9+K{%(%BC1sidh zCa^e;wIZduDkKLb`hOb`d5%%imHqu===Lv;qhxvqenHMZN;MUI?rLUd#ucCGqoVtL zhjrtn-|bZMcpTgyZHACCj^7vS!{;Q`r^M@;McnP@kBiOIM()F#Ire>dG3PDq`i$x5 z$a{bXyTI|^t+CcJhoH2*G~g;z&6Zm^xP`C&5`kLSg}Q;NE5@}_79`<4ERklE>;l8{ zUv8LwWrPF+TJY0r0oCT9t$?bN#ey{mKcOE?hW!fDZ4YHgR7Xe~ej3x?~JQxw`xJc}(zVou1 z-WM6jZD{Y&cLP3J7BgKcp9@iqpS!lc4ns46fS0b6Aw!Ofi(9c3L8S!m;p)1i1%TKA z1~}unFz;mo7hZhgr%tY}>e%k1XUgPeriXIuGKRf!^{>O0k2I&T?!(^1*r>2t)!{|c zg^X5)4+>WtJOGkXqC#-eUY&$deS2*J|L(A%P|(2PqT~Skl9py(N)n0>_(O<|@AYOI z;D0((_qOSN4uQN1;+;MHSnK&neR%l{xAqH(<|In2{~H<_N_|MgNe`pD`83w}^VxCY z`{GaH84OZ97Ms$C zG|<^n7nUQmVYuh$O_ojpflB6B?go}AV#}i#3551o z)VC<-_N3C+8HWwOwTU&~&#nE6NTQ83*A=^j1@bML zN8qI{Hw*qNDlnIp2N|P(`H98q;($2YrFT&6rrq`+_bbx*O%-wa&cjdfrpxo&PS5N1 zABnWtsuXUWmnUth6D7r*&9u51W$R2)cAZa!c9DYNEb zaZc{7wiLryMeS`|4r8g~*5MFvYq{6;=ZOC-k>08+5s+}zeoQvvt}p(sB~ z$SUv0GNc1=x7WyHi$2|Q1AHAs^?L-kA^H{iq3kj%Red(Xa!tLEtO7*EZTTQ8rMjye zz+k?ABr#1dXgm%O__2xwML4}ykC1`?!jmoo=1iU#uJm(DZi|JBtIZU}mgb~3M@yJ+ z=LRPM`5LS*(rGs>$9CJI#{AAw8CT{_WM<5RFHI7#M9&Z$5WBj4tEl?!?Vy=kBSW0p zDOC{4Aj8?6T=ksBs2a!c|G5Boz1@%L;g7-Ak0#R)Rj@w4g6Ptf`rHc6zb_OpVV9b# zu>Fg5w6%q83CTs2i+C3rT-orYd`6B=^E>setgJ>~WF8;$!ZJ4Fl8JP6Fnpdf6nzYveUcNt| z^D^5Lg|jO8puqgwNv|4h1s)=s=Dt^A-y+5ljb1(Hzv9xnPBn=Fw8f#`E~@G_*jAxKCuO5?t1qJNqe2;xBST;YWrq?s9SslU^3Kc7bo2)Kc= zfBsHM>f+*})nLZC-vAF4mBy%>haij##BZ5s4Nq8EB}z2@bkC_S7!vcO3n9<}q&)oT z6gLIliWZZZ(oh9vkU+n1xnjQ{-NyZ~v<|D_T66mmYhRSgaV>Q0-k7-&M;+h&>-^>C z)%O{@JA*`xk))9?GhLHu6MR&u|NIR|cFi*9Z62^d7fJ}cqbDO|EVbvf4YxJlFh;{)-a?_zaJk zH1zb;zDG+D2CxFMpR8uy@}-;L^z{lizi|-T!5iEC{84@p^<_0AC!?FbfLVrBsON5S~R2TT==K(#>Eg_ZIvE|lQJXdqyX|Ng0K zsBz3mt6TB%@MOu5$KdX&R#-c3#vMVZo|6i31u;U~SNy3j5_hmeRg6)Ts@?a8+ae~zD@pI=U*SMuNPgY!NTMt@)Xa=s?}Ci{FWof%Mn z7A4DC!$M#~ol(R?F<@d~{+_zCm6BBL##3e~iZGncaQ5Y;TDZ;Shyi24D^=s-V_PptXmsd4EuWYTPPd8Tx>j;|6K6XR z?4vLXCuO^Z--O$R7vTD1c#C>33{X&NrsGTXKKa+Qw6xrMSXsfYoV6o#Vhr&SgSe|I zq#zDA{TyJ!Td7R1O;sBPu&RmZg(|@`jEMFOxN@+w$GPQJ168pvWzj`^bVKTjMMegI z^xD{;|`O5t*1YR@>UTYS0+8-XZ{pF^~*(we<9v6F{BaddPA8QzZWO!&m>s?_6(Db~GMEO;S=6h#Zcpgpd!-VqlY2fQk8@^V=y%xx`h4~THML5e)Aia*`#2{( zef=BFkxFJzs`LS+cA!j!kBa5>uhXBbp8E{x+qztWP{@au9uCAmf4{Xd&4Ft>=pW9w zfi*BW@nO>TR)J{4N-e=1og-3^Eml=Z$XIa(I%RjJ-s$u+r50Km_!{UFLYFo?pV8xY zdlAD`fxd!3W6Kix;BL^++MKBmK|lg@R{+yyVO~oXHsHbvGgOV_$uU9paWMASs10Gm z9h;m6MAeaK_O!G>FoF>#kD2!;07Owa3idO*14|X=F4ksnv#7(zDdLc_8UDRRjz}4U z-|16k=fsc#7{~x5E+lNU zP6-nxBV>O}7hJ*i1Rm`Gqjr^9pC`g3pI;ouGJj)t{&Nby3aaSyvV zsB6f{O9{;rNJn``rib>xR7U+Gwz_@jzWwAkff@(Vq3ZSxwcy*Gf#&7;hA)J zsAV|tL-ljBG9Ze~>YZKG?Ipro@+(9I^-?P#r$DjTc~O%A!+AL5MI>(H&#mPfdlFO34|(M) zjL88k}+4}xS#lJcWZxEvNS4{W?3}83E>_-8d4A{6g?%EG}3PfM@K6? z1yJC@elsAD;C}e=9_4LfA4T_=^^nvIQ0|*UAbbu5?RooOyQD(42aGk71R}+IuKOy)Rg*@HM8AbFg(}NlM;X^!! zNp{20>ZHM1PxsR3&KTxSvNhc>y6H{oDyT!_#EW<2@P7|2;+RS7s;Sq!Ml@q~(H==7 zGYm*vBuX%SMDpiqhco2mCe26DaWZ*YzEbK`F752>+@z~CwYNunAs(kI_|zBR0-AO2 zf6U)&KXld63~K{oB3hbPH{YT6@jc5<-rwHLwgVvJOe)y@kn7t=L4hvu|KS7mRIKL^ z1p=oaoU#zlx@eXd7_&;cj));s_YL`ZjTu!oIz;Md7}Q0$QO3}w*-pIu=jRn+lgw-J zI^;d00M0h;w1^xlOhf={SAPRN;Yd|YjjgS%p3mD6O=`>LMCw9ZDio|gNL?=nAqt&! zY0e*4g{Coh)099Ed%+=if#^XCU6CZE!`PsiLPJ}$)l-;klaQJSWZQ&h82T#mU}ugGyp zj?6(-`in6-!noPm&JQ@M0FCRlDd;oE`Voo=t^-Y}_O`ZDA=#f|sE9T9eoQs;3PLnU z$NSG|KU}3>u10)wQouQG^xW}n-6}f9KxaUJOXotngm&Eo(tK^IK33DlVn! zGW7=t=J%hS#B~NV+b-5Zo}-lObF1b;M(NeVI5SRKn7R-^zLqm?saf~pAAw|9kCIbM zrB#HA6c2w~HhZ_{mQU0AS6nRP(v_B~sUHiqcZ zoI>zIQth~GnWpNJBhxm+D|@nMvdwsH7i%OibO0l&t+-eiE!0K+wOiA^4!Nra&>Ext zBV+?i5AHO0JpgZ0VJ-$8v=@0BG16LmBQ?vF&aSX1Z$)xfjtn`adEA%{NQ4q3%4bj~ zI2H)x{kRFnm~#P_3RKc+<8N)^T-i7`OZ z)!v>FKlWmw`z4`jEOqNO+c!7e2OZ5FMo%IfV_v*&uvegBIgkd}+8gQJA5TAB2SH5MkZj zp&Sx8?uXa(dAU=HAf_rduHIQtcs|DyVZV-xb;toYtVhZ*2%~5-EWfQAYdFi?z?N$o zt(|_8s5eL1#K5LjaPc(j8~pDbvPd|o*RuQ853So>SYjHMQxgA$hWxk^wBHqR`8P{2 z2~0czI=q+{_tr#Z5j(-wz)Q8pzl@QOmu=trt}nXJ1bLNS*yhtir}$pdALn|Ky@dI1 zv}inNRLP?;9M2LIA3v4oD;wj}S@*b3MyFo&KR0-|m`zh>bh>{Cd`E1kSEhz6!CH;( zX?C;Q4@tPNU)cUv_k*B}p-#wbKeMqK3NfO9eu`@H!ep?I|3O33hfuEs`S{hP}q=nIAs}ZHQok}=XXkOt}d?G`iWn%NOTXba1wee=3t}-!1j^FHu*NVWn)`v+^n#$g;ii6^=hlfKpxVcUMpy3JMKqT~3v`-ka1K`PU!8QaIaHPv9Nj=lwUP(oWH=(# zD?HNFCS=18AqJG(RFm>P6_Ryfw6J)~MHys%W znQHo7iwCzwg3t9G?(6;sMt^Ijtnlvg=lg&$y2eyVgE2kT6d147@;5dnXAB+-9;n}u ze8;Cg{6A*Q@63>rYQDJBve>=J_a4UPW;uA&MchgR>g;%0ZJ3>aOFz4EMiS@%V_#na zlpe+&8B1#$o9aIqcW#$&%CnTGEU_YuCYndx{A#w}{tQPTpM}_GuHU?jsD3xj+_KKQ z#zUSd)_%lja~-CFzOO0)6>>}nTxK}TYrtq|9fE|8#>T>)REZlgo&qq`&w3jz8yg!i zZomu1{FHWbmgsVX?nOnNN7?<+<%Ul6MJ(a?9G6Jd10==}e)Fv8Yt&8<9e0OWfVGdp z2fQ-OC!|J+7!-UWy?9~#O59**;Pv+K>QQnq1+}*$kY$GCFGD7rKm@w{l)oBg-h1Uw zbf2pJogy{pDF)Nj${D?ugRNXNf8Ic#EBiJhp!_b4%2|x^!+q7P0IO-a@k!dq+-TfV zeRWQ@GzQI%gwt%D=YPn230~l=V-fzs$vKSofgJ?)&bj_kBiT9`mSd=C*9(f>&>M;|862Ir>V=i ze8nxbOD`pIcUPlA5zIIt@M)tT_TL}m;yT?kPKB;3ZVoK5r%`y@wNh!AhiSp652N|Z*P&72=bEia}4PLxtJmewOJ-p%C?de zLpbz*FRx;L4qfAbV_X(d%$5Eo{oAQ)2kwT6MJQmWB2(Fqp8;YdhSIFt3=RUs$p1c) zTQgB;QepwnsVbIY=={+_x5oi|4TBzVUYhhVO*i7Zh5?*?kl<6VzNMfKL2Zi7mQJW} ze?<{2z_5Db8|;F#00K4 z7b>_gbLa$;^26L?S%^}_5J~p3M^uKRQQ%|}SO^Fnh^?uu9Vkqxe&$`4?ktev^E-Xh zg6*Xm_1|VbJFZHIjh?F;wQO(}x|C18SVXz#(OpU2jPkwLFP$T!gLKg+iRQRpr}Wm`C}r1s@8NR}GW;05c=3JtiTZ{G?=@P5qX_A8PNBO+ zMO+q*CK-Vnfi^gU#@t@C(u9Cdd}96eD!`WOTX(IfVJK#pVe)4Kh?g($ohS?bRtsed zr~rAim_Ve1H_}@gUIZ*D^ii|mL;&n92UH5`rqb8mj3GPBBEyV19Z&DCY4`Cvq&r*p zrr28}|MgFopjGX+D@4Y1uJk0R9&^QneDo3 z6{AxyQPVxFL?8GRQFx_*q++$=4=JY%m|eOt z!tTxWz_$zCic9oDdR+itz562bl98>)yquCqoGBOm#GB8a@wJ&f1i*<&ZUA7LzyNv5 zF(&;6>j7rhWdcUIZ(e+Rvg5PU*G`vyX}Jb|nJ+VgC_4t9Ju|%t9+w%X*;Eb_o(cp@ z3g+z}cKk|XjUQVx0gAMY7#hktVm8fD>7|}v8@0Lj>SciA!bufaHSmCLCu%FfW2nw#eRd{->1NdAvbWw0J=vQlZcaGD4nmfHd zAJ94hT)Wq@*~|u0<6PnLsVa3NWv5>Qy$vAm8 zXs^KagFw9OZ_6F0Ta3Y>Hj^c$N=2p2>@a1yb~eYq#0PLdTrTEn`_*Puk%UnoN3 z7L}>ti0f8u*i;Zsh)5b15!e#l1|PoG%H#H0-q(wtB*z#DHsYhjCYyz(c%>p05=)V2 z6)U>tk}Oba>S7#dd2}k#>0IBzEUO4Dk`p{GaVfW+dnGER!=T90B$DFO5c=ZHLBwxo z?={4|yV8a7Q`B@pllViA%0`czMjfj{9BxEk6TXMKwGaLq+{paEzMdnR;7Eo%Z2lI^ zePOL{bnp7E=Q+sdog;ZO$59Mh;rw&R&!@zEz;cy{_dY(h^HBavG{(e6(nuptR&Tj~ zk-}zBDj=-is~soE)9y-WsY8#vqe{aqw&`qcQp86zk9ZIYfKTU99lfotub+ST0P0da zAElgM1%PRlerZo9&=w;`@)*rfob}rkA%r%F+ze<629SVR+_|^V-v|hsCJ6y)hWDxG zAtrX)^1SJSsoH%2U~8pv*(m*f>ztgNtJ~WlF?}Rp>0-AfQ6mRVC)0b=f=>Wnnmjl0 zL4atsU%~g^n^#Q#vW8$1_F(8-7(_RG(H$mA5THo%h6VnnvZez80#gY>>l8_qCvGl_ z1EnynU86B+Fn+EZ9BuChv$eCsyw|GRod2t>txeqqT|3~+Es8c%$Q1zI3(sAN=(#!& zH|qy;2H1WC12?s`g=+$KiJ+$V+91edYt{g><3M!aXKv5uOE11$8FE0wLq*nf)JHP# zK%`FdoLMn8@D+YvL5)XfQC5v!b*eTxEABLzQ;y%&y#N1bIt#A2mS|h!?(Xgl1a}fN zxCUvQ#yz-0pm7Zz+}+*XEw~4FcL*UNdHdXZ-yeXndsMBeTJxK8ovmYYCmMv)p@S!R zt!H4Gw%umMRTlH9cmDqU3m8ndwyu8veLPzPBhvJ>Is%oq23|cxXeK>`2D9flr*n1BdVa5%zC+x{c`B4+NO#L~!;TTH@3PB{! zH5Ve68K$z{m-s@1F8|UWl+iL7769+5VUi6I>r=IPlHU8um1ucJ->m)jd-mP;lOT}N zEYONCv_*ifmdE)6ZwbX6@)adbxN$-!@9`2-I_6M@T)2yvx&ywafUh4jZm&g$F%AYy zYu&SD72L0A*FAGhPYYVS+@t?i*%-;vvJzb*4cCwF0)TW@nxm|FVdH zp`xusPg2sta@x*^n=Ix7snJC9aC3Y*g2Kl#BZ>S#vb)~HOtD}{%U=r`qKoCqpZFJZ z7AwKS{N%02@*e{{+WcF3k?~sO-_SXQ=~!_jQfnIBaW$#|Xyxbg^THfO1P}bb(iA$B zB)t@!?{4Y@auoi~Ith#s=#wm3g>(tgowHJj@(mDu=c=geCdERMz!K&*{pd=FqqIa} zZffrxN+G%2@Wuw&wYpswWHEI{e?DpjK9VbMmX^q1MPo^GpV=aeAnAuijtx?fmIX@} zZb)9TvGTOoX-%5s5VT<=bA2!IPUyW+{K*nEYGr_*ANe=D($z+|sL3rTx)d^Kiq@dj z+zJomMD-IxbL#a~WCbqtHN3$p|7vo(UmTwYN>y5adaZRl{r_12@`Rt8zC4rR(iBbg z66Jw#?U=Duz{X2Q&Jga1Zjf4QaX1UvfnErre9fPF3RVvbYwsdsQ;TPlCO(EcNs%SFPT1I;uD(_df@WN1tf^SNM!-F*o` z(4d3(7{kOj7o;Gv^SBmv0yyu=y74`Iy_!{QKW;&5u08u1eKSqL4fq9u9)3X#cumNQ zarEdv(AHAIG;@>x-Vo$3@0U+@RoMxf@2tcKxQ1Ndz>udxv-Xj1A6S1&N63649i5m< z8<|O)XXVFmlXI>#$DLO+Y3|JhtH|9j4_ezOj=PKx=cYbFt?ougKdQmuz%iKM5~4^QBV16!wv?V#yx<78tfRGt9VrgcV8akLiE?o{`~s1+x@=^3ll+irL$-hCcmE}s+sMqj zwz6djb7}}r7*#$0WG)pE1gc`NxcG?7S3$`L$&7<%aE%QtPjS8J`N;-Hr;B6U&jm1S z8!+jG9jSODvlXj#bHz|6XEW_ILPVjU&ZH$2J033?h0nimAB2po6k55`Y6XgE$aX2M zz}mfBC;gaQ7zCM1q+<#ico|D>RHMc%!TcvlB<0ctednWWQ-3&7NR_{Zux)+)(V~yF z6^^kvjj)g#mcu6tem_DSG;%W3IRGX|J)dhG>saix_AQIn{?=bRWb9b;%XIFqhP?$T z7m&|XwYamfu>m~fXJ+F6Y_^kTdr9sM&ea^Febat-J{TLViPk;XuC4d)HLZURE`6>8 z>7UU%-{T?0%AtkRHF`r)N&ZiNUMc-LW4f3KQqQ)*T-ngvSc||#yFIaUQ z805J9q&VD8AYx60UE8lHdV7*_ED%gY7(#Hmxcm7MYj=n=mJiTvN5kVQ#>oCf)s$cf zbXI{K$I!ylM*9`OvR!8YFC(dS6q8kf5>jD(3N%S6b<_V3DjxObI|L&ByaO7u_;fydwdNVO9X~BG|087cx+@&@}S5yYk`=?MqLaMsSEFx1_Im&M?f=P4m zG88j-#j6dfMDvjU+V4tldLqikeFICz&8xz3AWjI6K!jG!z7?Kr2%NWl&Ij{tnuGvEPnPM8_S0XVYvE=w1XOb=UGAU`vLXElQlxQ2CSZG-JivxIyCxxlUGrgP#(CrE(? zoWMywFE_h}VQ+Y*`FcB8mmP~v@n3t2v>)nh3!W7;sFp*cu_?8Psh>>q&@x~@kFd0< zeoa|&!-$Iw|2~7zVVHQqOpp~s1;>PvmP0@&5&rx2)mNsvy1IN7^Y9&70uk1@iVVJ0 z)4KT2&BdQ@-eMm)dp2)WkAdrkn}9rO)ebzCilq{D0Uu&kapx`Bf+4wlkg_CB)a5jj zmvedh22TIjCvzRifK#w8s>gdvZiFbN^t4GQ`;Aj^Qr`RWs1gkli;C)Xl%1e!e6@nY zlL2=Dj^HG`+qz9#{S=w&`O#4%bsi>s^kVHHL>C%KFX>{niIDWF;TPS)F|8OlEwV=h z8W4^jDoq8KUfrB>ox^mst723XaYmRj>^o<24)j*rp)gLx2n55 zH#Qg!!7XIj{Vrp;+`fgvKmwLMy56IZmz^$%6+gxZLa*)CIzY`dlEG1?AFWba22IzD zSO@#Q(r(r766>rSsgY2xNLF^gAEa9z)K2B3@R@m3aOQ?o$soX0-`4C;7E+%Ejpqtm zG%?k@6QIJf8gr$RU$x0RZk*!8-|1_+f91sfq?kM*<7Qw#^2b!AfrDQI(~bNtCb~vx z7?D*yvaC%hr-?DXUIL}Nk~vtQ3{R9ImhC}{IAu|ZQ;<^AzkjQ?77m(0w_Yx$?-U^W zWkeKD2J#xX*A*DBBbF(>qtARWI0oDmfPTLJ!F~?kBLlIojepZ5S;7{MyO3_oy?n7w z=F(q$^epm?21_N1)2}jz==_HEVLiFwl-9IFsd(6DO^uB_IjX!}=Teyx5|M}VT;JFl z+?0m=Ny{OR9%t(h#R-c+LZ(dkeJONx6006_i!gMBpJWiO*~qm&p?-}zoYMzgTG{ST zBXD-J!qVmtKUP%N_mKoeGJKvza-3t-RE31+f4)#$;r-*|oXau(Zk_Z+nPs|hkzRq893j@MCjpm$a%i_t762dVxbmZOD z;0d$~jRDs3CayN1VX!wyGre$)X9FXmF>552qDYH?dZUR=`2+p=^2l)Q+b5g>?R+su zC_83{A)2i=PlHUvr2B7LLqv*|#+zL4S03!ptvipz$pMc=h#ISH2fCX8`fo0@2n8mK zR^?}f(+s53MRNCJRN7x5k;NrF9GwPWrB9b=%XP%$bt}2R5sDi2Yhk z?r2FOET0~-+U|@a5g8&%SfB9j{|^%tf~~fTb#>f#2-H7wjpAMXzLukI<*{~z^d+gH z;3)x-m0Y)!%W!9$*sT;%vm_tB`vJ5RvhV&v>wQ35hC>HXQh=+?pFO>xpE_#YbHSL# z&&kn|HK*P-6Zo3JYh2jRA7rAsAh%3GxS{3+pE!6I4M=1Mar36#HwLufy|Cz#P|63M zuN20E`n6m72Tv8OXjOy@EnX)1;L7d9d6~mt-*ielW_^RxF#afa8&`!2G zv;yZ|JwXdnI-N=OQm`^9Mf93M86pB(rC;)yJs{yr(JmGrrvN4MCa=o@&VN;p@yypNt zDIuK5-#YJnG=K9S{qy99D##7-hVGKOI!t#cYM~=iX_o27$zg0(?sKj%A}KjI1o`6l z_1qI^^l;YwZ|mgW3kwhaZyGZRCRf?rONkm(<(j{bf=~@K6;Qf`B7K7%Lp6JLr%f?%~@%4m(Ts z^__{9Sucx);!u23KZu2Mr=F&Or_jY6cJOc%Spl6+c^X5nDnYV6uts~AX2bs}ghFawdWV|ju@Zf(Bk?nZy(I)p`CM!-@7+M)3Er6a zhp&nz0&yx6UNh1t)DLNH%);(-gk+WC%9jE;-uW|V)}6W*j{y#rz_dVZ(OHtFZN@Zg zY&;{(N_G=lXm{UVS(ui1Tl|T0!)EqXEJ1)4=6$|M`IsWnFY8-Xn4~w=i$NcSMtH{U zvc_G-SsLObZ&cjym@;VRDXxSe0rpVFW_M7mStD(Qg*%GgSk-swXND|2s+l9AOni2h57|n+@AX zJ^>!H3s*jYY2|wadl=(cg0A}nmv*J}23LD_dZ71sVf93GaSYW-rY3$1mmxC0&OR)% z`k0Ey_)}uB8GoK02KlG+)i=5mZB6C_*s=dEj~{}LZrB};EL=Wy-?%Yb^I#>JFe{JQ z6e;mpKfo&HPpz@J;|b`LaB;)YN!K(os?ypUV4+6I{sB$;&lM-D%d-YQ0n(D+>!YpA zu=-d*{i`Y+zEm5VFsK?Ri+^qPjay|{R6iR|zbgs3b90LBT1{K46!;9?5hkZ__GoUd#w_c~yd9~`^61oB^x zv|au7q>^8VP808uT520oA}52a3J2ntm#<(Cq%7JP8ey_)YHB2@r;3iv3TYKU4XOqu zA&Sm8hfWnkD5EU59O^eT@c9!YCs(mif z`&ir3{9+MWZ($w!CQsc;YBJ7Ts%6?Xnn(U<^OPG7h8_{g+gMmhT2=8APXGI0v07wz zH%uefYdPdFV6ugc)Gd?bk-JJ7%XkJ|lXdmA^fh+b_8Z;j$8Nm#z5j8Tq%mG+sj?vh zq9$(vV`kd1qpU}i4}?2+U}1^nhn0}(uT-LpO0;02krL~-*IuY=_{=16FTZeOh3kOb z+ZL`EhA&sDb35AgDd4T=JVqB(G^{lo)|D2%3(REimVZNZOP zqGfRnPr*F6Io&<}^z<}uv!v%`J?)&Zn@Vbby+(`}jJ+x@q2!8scWK_PBs5H%A}%@INT$*Y5Gc}U|gQR13_Nu0=F zz=|lV*HU$~4Gd`q#M}PJ{-d?p`YsWjb=mqlOVTy7urZ5z{xssVkFrcf`Rq?8X&Xbn zkRQ64nwsXB$Q+p48b_Ifa7Opyr&R7pi*pw=tnS-;Wcuo&ypg!2?oF1@@+y2o1oK=r zN1qjGf1BT?XjJ57UoT$xo9v_!f96SoXa3@zb7Sc~aNUQ9Op)2BdeeG`C(J(pL-IY-0x547# zWebsve0SPMWB#OLfZkS9cK~1SlH6hhN@Jj-{(vj0M?UE<-9@aOMhhZJX7ftv3 z#L0+qB?>TyD|rGTv|||7d%nIp=;c5?;#JtkEPuK(<7^HA=A+~_ik2TFOPC$G(ukll z6YWe=)4|P(-s)H*P4kwc!ob#W-DmJ9>WnwjvHM-m5lex7rU5N&X_6CE*0x&Neip7t za_l4HjhrXL43imf{^Rm7v*I+L zb6S6j7WXSPh7dgX%PwN8-M%JwfLW#%h1gR=P2^XsV{r%-S%$Xj8Ka2)Ve3HYpz$&T zN{nvPq*W8?OHPYUD9zEG9eabwd={fnydKnJDPbt0Ea>U9RNqQ)+HRCk06xfQNXUV1 zzwS8NriR0+z=RiLK+CN~(cUia5d%lpO|rvknQAVt@>g1Mff4mDCie##2Q576H!t(Z zy+3?8{{i+fr1ALu3-C(?)`Zf?=04KsT152e7Y3XPL-Cm5LL(gbPbI>pSxlo}c_u)w zBAZY9jOD)g7N^<#0+QG5aE#DBfc2*5l24!lCNj0K5NNAl46*x2dw$Fe;JmhM62%Z@Qo!&$J zg)+jIuC^`V+%jt`8DTgs$*vx|c9i%{1K*$_l?yTXL?BmYEps8XY<}f}h0}?kv-LxA zKA|gacAF`yeoXXl#8dA>m|)7Uz&Wrs(tB1FBGp^j+EbQLc!&);YK*l2EJ5`p>6`mm zkz?I2Y{g&UQPHnKhw&F2;{3;wO7vks$@#?e7Izc?^wil6aAO^gn)s z2+`nOk!EnTEaB4xB1*~Xg5}ifwT0pMe?)gSOj>wea##fW@zztuz3r7kxbqTgPT9@5 zfjBFFD#NuRk*dH?nvLaUeLysucLkkFKzCTUn@oXHjaXjq4a2$1>*(MhVNCywEc=5G zvwQ$_8P7~tk20Pr;4-xBnEF(>dzusi*v5KcX)1x!L1+!|^>6G+;)C`}e-p22+g_=2 zu`(VZKT%{%H)VM6g`8jv60F&ebb?wPV|Yw?oV9%n!*9;d*|PB^N)q1JSQgl;l*rtX ziiNER8eqTy0y$A9&1bGeX7(lw+gvHF$)CY;Xg^Wk*JV|D+nK_7Z;;{19A7S!JBCjc zCTGIvkhDsuw{Q*9ld!?<0KypD7!2l|CdWfDOntFEKDzk|y;a6kIunZfvB^Knwgo*1T+D~R8EkMN3x&}~2m4hzU{e z)w%;xE6a0`n)i@DG=3}CLaMr^CT{G&^qTgVhD|KyM%wC-md>Y7qr%Y4@LH!eX@8p zM!qfQ#NtI^3{ft01F`bkKg<&A1F-7Ucy}L@eM0b>>}X~10%qnWMc7`Z{})?=QBhO% zs__8W?}Fe#v~gC(c1I{gW*j}JhUSeT{j6fiNhMj_>^-Qn~8kypk;&um_8oASO%s}-598Jt`zL}FXmZ_ zlxCXy*wnQCc)V7e00U|yA^Qw!HV0bjbW@7wWuSv))d_z*$Gd&!=H~i`@DDT%j~6u= zV+T9Xaz+at)eshUSmm%O5z7fEgJr%<k5Ee9cP3>zFkQZ`;yE|n7Tm&8Eo0GIZg2M0ImgQfmhfhjf=$0N zE;?0lXkYWMK^P~sHlY&QJ~$ zK)Wb&X^cS4TxvLxEGRvkGr18UKk87+%7_x zT;8D@;Ix31;?i>D=%r+tezeL;B4~sqaTo371~Xe;u-TR-gw^LZvyNkcBZI|jkOx3c4U_~sEp@X8*zCV^ebR3;8mGn2 zP4g9mgD0V$>eQ z!b@K<5vvtz%!_mDECwHN~$vH8ou z#ovxmI#tmVhErlrjVZbIVprD$B1cIQHt7YxAU1lIFyEw3VI`3DNuNOkc(DM#V1(T^ z5v)O)>x{Za0>XhQfhedQsREV0d=Wq$`@1BRXOUuF3MR3l+^ovr%__-g^~)H2-}7YU z1XI?e%zM zG*w8oiv1?#+9U6yT{`ci=`O!%CLFBuEOQ%J&PYE8uc!b>bYuk+aUzQfT&A06!qT67 zDY+>qW#bKb>DHd4e$`eO2>nR6lT)O1W;rdlp~q-;N#4iT!aG!!>IiLl!?uRkcF9!( zp`lCSDx1_94N)Lgf?xR^%-^)1AoeN^=Xz?_)zFDha|D9fTg7H;Whb+t1saU~(eWi3@t zR$xnZ#}AIV4pd#qcR>f^-2bVG+{NFJel{HVj-^XpIPYQDtl$Y(u2XdL?D{G-E2LqY zuq#lxV(uGg&x6iNT6EkkXOzE(;OuN~V_B7fcEf%E5IukoxK;s?7y@)FtE)%s3aqdV z{0>D(3MpW9xk^48qNzvfxR19m1B9@1n5@+ijtakXnwpzqXM}(BD3m>~xMR?XE;7IK zh^Mm7Wg=~cNwE^Lexg}bz!|2rJ(Kt_Aofm@jw9kx{G47s*tXzAIcrQ;eGXK@pxCQP zOm4+Ck)jcbsDPT@IoK!?*73%x!|joZotaY0bYQCr{bDJ@W8kp}j5LbX(7THI*i?!# zPi>>uFVk{8%8pp#R(Qi(-o!g0?)I^KOEk=2gh+)5w6tz~|^a+o1DlhxMQgaHjjGWO4|YiCpUD=6H!D%5fn}YJ zRhInY6-KDYeZ}j!dbZ99*LUhguG2{J%pg%<>LTrAD3Z4$)pxWZS*E?XhQ0oCeY2KZ znd>tADHsvW=;_n|U3YZsw%4Q;E5L*K0B&sF>_0JqA?emcJnDy<6F5|Zv>3ykKch9H zs6J1+H9veN9GM{6@-txc42rG@5(J=C03k0CPD(|SF|1qo36|eWs$z{4NJu))G!J{q zqk~g4VnL9#XPA8IesPlCken(QGlcw*H0`QS`mkXq&Z?3rxJl(+lYW_0Uv-HHYCyMP zsbHRGpUUTQSZ(;t|B<$ae1vH?5TwKWk%8PFX4;ozt{n~zi@@;zvjA`isqT!`GiVn! z%v3lWw+Md@xw1DnNM zWrYb78eO4me_o|9uS=NZh~B&UMy$g6#}yftQ^vsyJ9fS=O+1*D4X%0PC;P7NPDj z799yc4%9loev^pu*X=w(RGDwgQl}z1o@-Sj>Rwz8>reYoy_lE=40C$Nv(+9a?4fR*_;4%-k{vOoZ26PcO12^AsVi$PiA zeRE5#&mQhze<-WjNZS1Imi`$4$3c z7PW*%cofFp{NGg}Yd7i_vLTGEY!HPT_p*OHuK_-Ox%4ujc6D&KLJgacG z8PB)b3P><$6N7w|_$w){v^NfxxpG!m4&YdA8~!X4*nGpjT0A5=W=R6?n^1=VdxxYB z?alG(C`PY}&1G*3W#U#+yfn(Bebvm;_07%frb$Zw68(Wm*Q<6P7$J5XsLSn{nHn4q z(=+*81$O68nvXKDOQRtr#ixBi`h_9*5A=G>TpU`uHfmIjsYJEOdI#pI0lMgM+tb-9 z)vTM(FZGcKwd%>VeCQ->Q ziT|An-0)z$Mu_pEopD+{>m0G=1%cJ=<3(#>=Wlal*B<(}F#Sv+;ltXMf zKdYJ8BvBy17cBSfuawfleg=ncQU@tT!dWD$+jKRBy=A$Pn~?PYa}*r1 zzeHR*8tuHa0CN!cVp3FO9NLFZ5XUBqYDrVd;8eS(W-jIhpM^vrvU=y^l`5JBJKcIk z3K+EB)S8|KPfAareZ$JdDid70vG7D&jdWnz0_IwDDq=I5%GG2cm8Ld^7Ir6in+0=PA!MUO`;#JK%A}fh@bps{)%<0bL`(!kEcXrA~ zg?U0E!+INfZ6}$AX=~UpK=!?G0RBE{b?~okLgSR<%swZj%e?F}ozI5pmZ)+`gurAYPgg{#|VH;VcVRuyl0hQ?%=TCR!J> zZxOH3#<`s@-ycIo1?or?=VgF&4b-KRt>uAG{z-^czFHovMUhcC` zvn{dAbNG;B42Wi^d^5*JvBdQee8qy;$l)I!HbC4i-`|DPcDzQsp`#`EI`v z#s}~tjO+GuUZuxy#vS2GaK{y&H!`w3v2*L!NCi`MH(G&9e^=IzMOrADuM@7XDY=%N zf$*$1rlp$Ueu@Alic>%B;gNvoitv$hg@i#T<>J+5hSga;nf#=ncflaEOmp^*(1(Oh zhOHYs{}~=#ULCaM0k4Ltvjyhh1q*Bf`(K760(dgUkXZ)`Hz7&xxJisTHu!e>C++J_ z8k=wwsL&vKDCM62V4Hgaxs?LFkMK0De)ZQZ5Y-s>x;ICV@1WaAxmMEEf;ApGk5w~K zSePqXPi{J_@HF%npW6y}J_<*1F=5{(b`RP1ophV)=GSmVE9-NSlefa53Ja{%qj`)^ z+p42sU+G6N#!yUc%d8&e!lN9BJu}tw)-ABM^NDb2mhU_%^Tjd04FS<<*Vj&r*r>i( z)nuq}*}o=BLA*o8M|$sYk0Fk0P@*^ zOMwvCjuVum2PbUJ(4y7(-QrZyVV{&y_{K!x%&_=(c@O7XAxF<21xkd7jh_!)%m>~7 z_aOYsz|9x-l))3bAJ&1~lp({}kwi*S!>9>s-5l1XuJFw4dGH#XxyASR+n87d&>lgs3;mG780?-ZmW_Vn8(vG;%RO~ACz4`g|p^b z&P*5O>cN37Ye|%42CFM2V5o?MkRB~0+Xz<#CxwSJ7*eB1Z*8YzJ)>Al)W-o{dGgP0 zvZS9@`f_SRYhiy}Rf96mWOk|&dXJA=TsTaiyXa z$5%lQ;*(73*=!g4N~2?L?RHr8?y>^u^yiVvjm;I1FV9Cdf{pu zi{d(3rZt|1tTvEm0ucUTsTo0QINTU9jj5XI{-mL(Ez8N``nE}xyO@>f&(#q63GiBo z&x~RLu>Yj?Q!ROqz=LCUHNbs6NGR%;jIX$LWw*>fAR5z2TTefs5=cWlZHqL~KvB@g z{MfDjtuasi1zD4jix?LD%CEu)RlQg_x-{GtR`2~{@*xcpZkyeE@|Rlm_z#f+&VjGJ zx?Zx3)F^AHF+kW;zBJ=pYjgoH(mRdnZ?O$QAc|rGl;HH>GgIdDO9QC1^-M=hoE>u>Bruz-PA)`Le8=6Ia)*;n9$VSi@2WL z49WH6WL*W^MFnN$bnROu#P@hz5WCeg86|@8GIEQ)Cn7#}9e((KvN--TSW0k2?{(d( z0<_uXbrlEn`i}>KwYhp4upTX4TvGRx3JtIq^$ zt9Aj8B{b+eCRI*YIoaw*}(;;u#@_BG)X%5LIedv z%sx)*V)tBc@&#-03aU(M8=>|c5uGZy`=Qnh?yuq{p?0-VDuf`vT$&#=O{3-wzNQn? zZ|e@>D6TW45Hg=ne9RkGVXB|MTdTqK4jMqTz9T}e_Q|t8nQn>0E@#SG#G4IB257Lb zO-s}Cl!RoQ!QtX661)7NZPDkLH=@Ii_8f(Cs26dkxP4(^1~C|&6({ELXSJ!}FObjb zN0NShhwRz9`LUyjBElA6Kqb<%GyAongAy5QKk}sjUtx@?x?_I0EJOj3!QZq7lCHfV z33KW)2lz1VF1W5NUTn!glzEUhu+I7i4Q52S-+;lgjk|5(oD-hWG&MhgLv^(tCr4GL z;hY&KHl41cv{{$-4eFx&rZbg!Q^QCS-VvV(Y3Q-DlIH5Z?%OAm%W9&=L%6YKfVZ0% z{8C$%*4KDj^z$J&*=6s4GEoq~klrpkCvbPd+}Ia`>!m$gJyJUaaGtIkP9Hs_CR7Q`HPvaVmxx zCYZl|BquB-{590WY_ZNbQw(2p5C9H>AbQRXC=EOuWqhrS>eunsi8a&=G2idt(%A}g zJx7g11gB=@j9{&P(R^u*qT(fw6Sq>Rt`gbUF%cP{0e!oWe*<&vb`28nSM#TiZ;oL} zhE>LY4{N?i>DD`w%xIWIdIY7J&k)E`Y=!G3W9c*}?%tsh*)ACoe(Y^Tv_LE}x49{0 z#3$W(!u;yDs3n9{DGknx<0W|HJcY44k3NdG?0hUXaz{$m@ca{jrWElw^!it%J`UH* zG(iS|iI;ayM?Pa=YoEKpuBOE~ZJ%kJssbBt z7e(|q1^0U+>=`NBe*ZJ$X+9wySkeD`G11=d()?eVF?$?B+kkZJWwB@$ znjkm(syGtsJ3Gj_3Tj&H4=B1gU50CnU=j}Atz%%JYT~^s7FKtrKq*~`jy`PB`IU#` zoS{b>6e)3(JD7>3Sql_&*Yjq_7#bQn^jk)6L)3kYryf%fI{M_&iqq&qKPgOG-lTEA zco3?)Td|`-iom!|UbQ9bh@xQnt^?&q441nUy!I0`V|NG3BIG)EL)g%P-(g2MRD}Ml z$^m)btpJBv2Cgz8qC~Xe*wT`N7+zwU`#mV?Qyh21!kig8y@R5Ug*h^_TP30ElfQub zeyFP9HN$}v>n`JJ*v02d(7@tkAZj}bonADB_7puXJ5K%7Wls)AWK=+{M6usXV~3QB zg~dd3vC@89J?gTPWV_BgG-;#MGfH3oY+?sney-I1L_xu(Q{h;&>h^kb=}FTT`LS$% z0vcy`@Bbhr= zOWm!{CTd!#`HG{ZCpu>qhjg#Lw|F{R45|xG=|R5mO^sND^mILzun3RsgpOXI^VzSU4@tRxxZ-QKb1_VY>gmKw;aH++_;c^|F|8<3y?-lk0beL(#By7zmtMMJKpKSBT z%*+hHgJ~)XZaNQLwe7?+`%Wks-&=oqwsvb>4*7%zRrc%~baSqSi64LeNs1x?Gl9;| z2?A$ezZuLCCMG1z;Ov(lYM;wH<$=aPh_^iwDK$_gvl>Gnu&XimnZbT7m^d387Uj1# z5QaNCyh|ppn!X3v7|#%+5y7z2h-9DEi-$R_y1KeBV-7CrX@_tFs`r@tZz}6?pr01c zwANGRD#YF1*jTSJ5F8KDnyWW(wB*B7-+ObW%F{BGnMUx{s!G<|B(x@TMTE+8>t^(+ zN_TZ&J(LY95+W}mCTa9Nfy9L&sj#@P1G&F~Anu%oIK0BBI`oj!dRg7aUGsm!f4 zY#Ta;MCP@`3}F^xjYU2nr>RHd0#DlLUe|;DavM8~98Lf1Rq`kHbH}rU86$XtI&9-d z>&U(tx%mfE;iYP%GzA$zvIkzpXfg24(-}4u`kBjOUCs&SQ?T0|8MVc6H?OrfuMO0{ zx&7bBd-uq-BG?yewj1_>jnRFS_J!lUNDaa%J=hMK^nW@qm_c#|k-`9HD4T;@EzXw& zClU-4v`o=vJkEjY(gN}#OR`3oIIKwN3?BENcF2LaV7cSw_;7T!9Jv6YO9tc1&pEMS z{{@}Cz_Mcq9`HpAmz$G-jp}s*1Q>rlk(F2uZ-wVSrUuagg^3c*NhAjtW|Yv3U^;R# zvJq60>(+Z-S!Mk1b=71%dE57*rhGLY0B|!DQ{&3fg)ayFf%~2OG8S(VUJmE2s)vyv zS==C$Ea6~M_+1GMM8ZNk3`j;b33yuG`Fph!Pu}(R{NtwcqIPt{5Fv#9whbUSxBMTz ze|RnW(0LmRWVg8G{oa&&f1l{pb7Az^@5c|WJayXBr9@3=mLgV&epL#B{sh`Dh^lE$ z2v#;}sFbYt-nb$$l&18@PMEeP;ZBMYOg`F=1KD@JxPf;$H~uF%UfZZ*(Qm-o_XI4Q zrMCGD5=LV)ur?RJskq06lOAy!%)UDjepv3?I2p9#)%oD1O?wjOt+X6&A1@Nyfx>ZA zpysk?{zBN1>8^ySB>R|_TN=Qq%oJLwr>(VN%NM0OX12*A#-HNUSnX$2#v>uz*4#48 z2A^Sx#be~9xfbS;3cbcbRa|e$DDeL}jxNL`QX>iqi3r(g^p`MO#%rKDdHD6;H|PEC z$m{x|al3i){%63AU!GcpTA<~j){)jRds~dJ_nNmRAsWy5YkLDg;&UEk__I<3Tg;@V zWeWr}@W7lC#q=cOl35#QbV5I-YO!6u^UnX3L(=Sh?@N|1Y@ql*RL z)vGW&bP0_x#(b{NP#&Jmqr*O6_2vHib8@h~eHZWLf6SW)OC(v1Q|Kc`1>fUQUDLwV zS=$A;b?X4jF0du4s&O_6O-%Zpn{mA(bGdZGdfMu*St{wEWRps7%$^g@zqM2~l z+t>&f81UIr074WJRkBN91rNrIKn9^KnuHl23BY^WW*&#V^QR4bz3#f{eV7qN7mo>p zWtvya-z~T@EgG`;TqFE-4m$+_%~wHr z4=O_<@%SDB^Cyl<%)b0*Umo15Uqa|0m2#%c7zjx%i;-p!a4ZEX_qJTp}QxWD=1aUxF`461{As5lMmXVpvvI~-Z4Pe%zevat* zS0Ebv0_O@iC*`AT(y%DO$(n~3?O$B1`=A-RE94G#0a!a(v`W-&AG*!}MQTRdO?y?i}* zGT6RP!w(8`NlD*J`fy47fymvBe+9)#QcnK3^aqaQ6=O|nzPGQy5_%?0!exe-qP&m7 zp`sOrCSq3U`qmal^y3hF_y5cS_^-R}MWmi(62PR@U9^I%<2xQU*qRva!Y z4sMJVuGWBw@;m1;40IdfM0u!)pS5*aW|Lf)8aHjiC2sIgNX(l>1~3~fFJDdwzZY z{I_T4H;{|jK>c;>v-c1=AZ^p{6MwlQ27L6nuS;ddU*4YT{I)K(Uq%JZy2Q>kzWSbj z%6pC5d5HteK)-t?lgm z8)klgSN7$#tZmDa9N`++ao6n!SYOIld!JjpVZB2e;nMLvpbtJT6?w0~L2#e!>~)m= z<(~P=eOKS_F8X~S9bwjQ`{BQ@LjPvywdJw%D`&^&AWqQOWrT3??6HXY?KErW&#_?7 znTlkk3hNPJo%cv`-k-zBmztf|nh!4_A6^QmUkk>>j=2G~9QXsPUE5E!tKG-^)W6rp zLcR7%x{fpLbDx{b#P?9u+V`VDb~Smx53v3BxvlT-Q{BH)xesjLeczr||Lsx#rFD7{ z?L80$Mhcdei5;<;JZYOe{WUE{Z&%jX}TBQkyd z98iCG_%8V6ZT0`rbQMrl23wcz?rx+T=?3ZUZX~2G4Iq>Q^)Vv)UuIm$QCKc`}QeI1_T25chrzzXk=GOZGa zZ-Aa8`pp#v+&2Z1CSGJTweQFUY|91Nf#AJ*`ITSvVFNQUN*HW2V!%4$=~aAuypeOu z&Is7t*9*pVH8qe06Yq}ej+4h9YY#uvJ{)RgdOiOh&S; zO8=`0v&RYVPF#JgT;FjkiiA!<=VEb4 z?BDqq$Mef0JzaM_H!eHB9}-@r4y9IBk@q{YIO)7UE)o4}ZwT(9;eJ2Ms}^`S`{J_V zchiYtAMP$etbOdk3^`^;(WpHtxTbs*(4tx{`pl0 z{22K8-I3b!r5db=1>j@oFQhDBG&oo?1%_E(R)M)X2>J~keH8S9P8=guYzz%eYinL! zP%M!oCo3~^l*K|l96fsqF*NkZcsJ)bXFkKfj_dm^-=kZd>!73Kru*|Vwmr-M>Fd9w z6QU)DW#uL1hE2}D!J5=q4ejpk`sFM%IxX+z2IfFmtdtq?9DY_B)V=-TcXjyMZF~5O zu=i64Tez@-f&zpL@t)GPPSMlx^&lQT{?5)0Hkru9IFCuIhu~3VT^twqi|^lt1yFd3 ziH(iKqzqX5aD6~3_WW=$DgOKr@OUSBK1?epC|EVh((i(ZM$~=nv-`<*74Qk*OTV`g z#XDU$q+Xe?f`yZgK%3@SD^f^(rINMcHpZqVdNoIA=D&f29*(H|MX14k_Un!CgmaQBBlNx)WKg*|0%Zj*+%MZh1#+H0V>}B{B zK1f8wd}HL@_)h^IdI*AoiVDfyzN9LK>JEREq?T?!P^M29e~)^N5QrA1!O}=xi`^a8 z1*_SEf!d~cH)*GuLQhAXH4rssMN9Sbtx_fh5fTNJ>2zvdJNBzhun(s|$6MyJ8BH6a zct1|$K7g-h3{qEa;FGV7&Cbo)R&W&trP#wTZ6XwoiO2LCa52C)lQzCd|DOi7Up#*r zESLgU``*FlvMMsSve|U8`=hWF84iYA*z3L1_wZz;#LEnA8BRd)^kROhxdQg z?G=ACZMEn_sFL0M)8F4elFD#>{QGm0#&^>WU^6Blp@GM~E!8OG%w6({GFm1&RrHG~ zmP7ou=Zj9l>vOyFak<{UZ|msiHzQz%N*o;?Q+bko5$I!+lM8ptM6+Nuz&=Vk4i5Og zn=ilmWt*FSOt`lJC_}c8=i%u_->t8dloa^UfQ!#-ao{V0@QDQjjN=UWU~oB?rluwp ztV{Do#7n>gZ{NKXI1`A@+z3+jKXy`1|0%O1 zC1=O467C4r`I8Ld^HNl(npo$dq`1@Zk7;S!J3DV^uw}l;ze0k8vA4H>{qCpCA7olC zE-rfd0U|AJ?d?`)H#cs>3QH&xd;)^Q8^47rllNDL@beYeXjAE10*Dx7P#T4L-%Y*O zJ~XMtT!H&9DTTez5c%zAwm;eC^w2r3b#_!%juUOQI;*Nq^n@aoxgE||@Vjlx`-9S~ zsuSto)sFY~|NaVlAIqe)U{@oVikP56IMNPh8~=8^zuvrvi$k+g*3p>{f`*MiC-qt( z6+3Ca07t6|Vtq@>j+zAP9cz>HNba2lCg+Y6tM@ z%)wAZ%qqi%(d0`BquNbL<%lL^E|s+C$Or_Xp7OWcUyB_~xZV2EadcjDnvAf_5e@en z-sZSstSp8UKddm86+P$OGaok`PQ{sdYVqNG>%)**)O%m&!-w;XeEoNkFABPh)|9k|5rY@JYPLRoZ`Ym0)78f@-E&l@{o2oTN zh6d!KXhn-}`O=Y%&c6-s<>REHaR{Hhqv0~LMelyd%`m*(kC|h;r<`Fpc~zQr-sHf zxUIz8s@`QShh;R`^&dD~OYUXW8{c0$J70htD{|J4D+~3hF(D3x{5;!_t)-k=k`XWK z^*e%T9UB{ZXXNLOo6T6D+2|O)7TEy)fq|!1oefFoQ9hK0lnORtJ{SKLu%7AU% z1B4?PW$brQtdzl8<3yT(l>lJXIS4x;?WhQ$003c%nSl%ivO^GatH%NN+wn{gh`y?P z{o01){~iAgW$^vhU4+=!@UY#lTKY~Q{~Jy_ zwS%9t^Kmm|3mpH;%*@Q*e%cEtNaDf4L8DV5xo{&05wCO^+p6xt763J5fe04~PBww; zpp~8LCm2>(dw(M8ST{PVsJJH`i2(vCBL@e_QF4hCvM{p#_i<|my^(b~fyPqr<8aDakl(PvHj;1eT3+tH( zcCN(10VL40zd{Ox)Y;j`juBYWFV#ReO*dPU8DltnZJ;gdHfknrS zhhT~zZ|KTDt?b4nInAFew6)c6jhbEa%lMAlFI4AjA!N3f`_s7rclKX|Jf-rdGP$hw zi*ta{wR#@)Zn#QG_4Z+kqx~R{mmNx^e4du06im>n(ESETMw8<&fKIzaT-Sq240TDZ z{{3C%_t;mb3bN>nut>b|?;K-qa~zB#&aiP>ZTHhbCR1hTxB?LGk#LXXA% zTG#W@_b%0<-WrbsO~=9Q?QM`OYTjQT4`u>itnKN7ODv(wVjz_nAj!m>2UZO5%3E$R$r4p9a^ z0J6qCNJmd^;xiB<~U#wDA`mToonnc;vA$B9m<+;iUDum79Xk4t-4p$YfpQmw1T; zUWtl|;-U0B_I=--%Sdle2$BqAKs(;$8(_)u->ePVnQ+LA4jb%HU6Nf2VbIIPD@i$2%OE{46*vt>eBV- zbud#b|1E@Fj+m{IQR$|7DnV?-#k;sZC3#{~)}CB0Im^B}#d^IA+)wUk;H4Dt6ZZk@ zdFRuXM>Mu61B01XvMYiV<(#Ia3U^mpn@7=isMxFfVqI=3>}Z>u(+Uy$WcxBzsHMm5 zbf_9AeOO9;0D>GG9016Z+{A!`LAvBAetEAWhEzXT--v*RR05v0Ug$HAO;^$R_2rK%~*~> zOn~lx3%c*FLno36ayu?ozu>KKLQ`-($Dq?G&LlXRDuG;>a|BGBiThnLin**bb8#bw z^sLw0&vrikGa@n>%mg^%5%A?fi@lupRrC;}g!1xoIm!=sx;7w$Z;zzj>Huei36=n8 z1%RPQwXe#bYOP0bkdi_|LV*2ei+EIa0Dp#tMOaS-r(*$4hgi72z1<%)rgbxB*jyd| zUS=2=X?NJ5egNMti_*m$9qJ9S6`%9U&779n26J(7aiZwIMUa3`@lj~(R(1s@qOfVZ zb1R+@7?d-insgzMGXRoDC-=rbg$nZzf?$oh(iKn2zx!zq1ZUd`vOK_<0s_QrXKGn3 zduF#}wyZ58v?fEtv7183)19pG2>VkD#Hw5!Ay9jUvvDi>QWa)Pii?dVO!45hADSle z&2di?YkUn&qZ%E8WJ5LQ_@mZgZYzAZRfLX@U}KUNgy`Bo+?G>L*ou) zncBQh#tU!Wk;^vc1zak0|M)KU?_>>gHtDM`6_!3&SqP@{R37vZ`FbkgeIQAqU8BLb zxa}zRtNV+Y0cV&L+#@495SReBg_|qH6k~)CS&{HNw}W^5HIM9x??C*LZx+vm5QB*O z1fJrB+k>^j2$u>3+EF}Lvb;4wp&&wk0Z$9i?1ysw0mMx%Kg6&|Lwc4{}-i;D57$+1%y+I?85 z)f~iW-ocSZ&Y=86wf(HhF^+@eAYWLgT_UfyS%Qy`uOEDa+!g`5XJN23GfMcYK~{kX z?uk)>71D1Q^DZ3I!ew24h3@>fgNV9VV}-p2EKeql%#6*bkyTKTxTr&dN*#b^OV6yrh#EkYj36D? zf0y;@-m1LN>t3g{^mG%@b(@#5P^v-eeAdS-;RGMh?0sUI=G?<`ywnhDmS6he?OULf zpAAudVhi4>w;3b&BDd*l3Y_888zjbnn~liB*q=o1fc~}2R3#_6uiyt1K)+&qo2X_R z2Ql#m38EQMo}ohygF>X)Wlc=WY0KPkwf$2`uLUHR)C$BpKquqk+;9MEXEUsC26;`$ zV;^dn>Uf;RUHQEs*LqDi(^^{5$1 zTLMW}$~BEeF%`+i41CKW7nC2RnH$&+R-#C5ic+kzmyz>vb4T?S)(G(N?K7eip4J_$ zS4gc;P*A9@Lwn4#vBamL_#Do9Oqc;1{h&5 zo)qzT`ukb66#YB>k&j3|B-iV#O`$#8fn&8vc@y7R%LYc(+}z#C=WQ}Jn9;bua3Ryv z)59X5f$S;V>V2{bLJk0G>Wp&$%43iVJpfU(0|-L=&MU**Ce0S(`kX}l=TtJ)^zI>@ z^b(9H@a*qb+4{msM5YC1HKhY}OpwX-1kXe~qR+b8X~d$1+1^H|k6ei8wozIAPA)&* z7G5f+#A_t2z~Kyw!6b(C^}5re<9G)Z}EkWj>3QtRa32KWTbWP ze7VCC<$%XCz*({8hskof(QDK5#MY3D8MC@6q9K98s*>L_ z>iXH+D^&=Gs)E|te}CMDN%kEVU1^cw0ZxayS+}7jWN2h;Y>NR{qH*0@^yhcWUH}zb z1s0auPH>?0Bku1El)GDMy}~3Hx&(5w?0eIe>nn%EwiOODQE*2WVQ29(lQTt7ukTyK z{PuVd;6QS0YfT?JQ?nR)?uFoR^)Vq-*YjRmUdYsw?a?_fxo9g^f4fPnN|G-n;*<Rfr|} z&R+V9koZbL+s8YGQR3RZ2bm7_9X~BCY){Y3%nZO`fUs|_d)##Wx$d6+Vbn8Jn}? zg9gtCnU3Rl3XO8r+&J7F;wR*AOx7I)S_uX{WVOSxpYT=M=k-P2)EKZ~Gsax?_pBTo za%QwE6paktysJo@xLZq?3!7otMoK8`-Hp?o?Acm+!|wQI=%(~^IBpnRSb|qdHJ+zm z1wZ*@=zcS_uf)ZO1dR$puIm!j`2dTl`7Q#oh)&Aa&1MK*ZC-!X8S8B)DJq?uG|ai) z*VqTi7C9>_j!xxEpN)XqY#G#YvOj*@^IZi9ZL(WvPlhAERGZw2F1!sH9D?}kR}@YH znV=g0(6Iz;+=E5M#qlJs6%o6zD8a{ggA95W2QKO?dMH_h=#WIJDTW?mULnT^NgZ?e zHv~Qh+_ZoP5V9G?^N(_2QuaDob$U|S`UqJDWFd~N4v0iAv<-+4;8q;FDRY3Zp67g@ zgoj23&`Kx}Ste{lyE+`|8w9kAtXO1K{L&p-l?N0Os&%yoi8AXXM3M;2C#UGb`7Ajs zy5{IZ>lQBBT?PIqss<=3qWGBTR#GAv_TX@%_oH-O(LEt~=@~~Lu|Qi&?1%0pXJxg% z{XwFy(dZ=pcsV;99XjAULjN)7IblFjw?Bnm3Fv2`ujQHqC!lnRD^24F*bJw5605%? zBPFP%G}a>#0s8={9LO^h)Y1`oVSb!MWcdX|tB4CdUfh|c zN=WI9)NXQv4~ok1Kx#`-iN*+FH;KUds&Qwf9g>vro)2V3`)Ge5f|Ty!4MA8Ep3zB3 zL>@RB0WyqIc7>(nh`+jqhB1CFOiWC6he5MAyMXF|jH}EPQ)VdzhkAz8~=F8+}vC=E3T7a&WR9m)*u@0a0TzGV9X86-CL1alAc1L~2dtjN=c!8SoRWnOc?G*2KP65P;{ zVRW4hlD=@t<+Z0qx1G_?&aDc$#5@wteL%E}c1lnRlgbBFl)6p*2u96jVvt&#BjZYW z+9A&3WZ^~i1_Dbr3K~KvE`uta%Z3bVY~Z~)`XK<(4nQ>3uh|ydmo%`Bv!5;q7o=Ey zr<5n`B&?vqIHycd~_VQdkfM7SOs1PZUESa;tn#tovbox1IsT71B_N1NW5UN zuL1h6GVRDp77pSQ!nqs^@dT=%u+tLniau~@M4(A{9~<9bzA!pKq?U->LCEz78z7fJ z7A->q1o|PR%Uger&YJ=~wsQcWhTg;y06Dazq=W~tuDtvZ2t95lO$7yD>Z?pm?6!#O zD}c3>{-=`8&Q(s!K!4es1thUY<43e$E^AHju2#ZUrAZq>bTD{&Q6QVZ26xxmjJM#@(i`24ge{8C5)pu5_< z2PSv&8WdC}Kk+aK3jR8|7QdR)0{`O*1SgPuxCDU?Vb};%lbx|G%T3u9I>FQ7eNO1a zt58fa0U!l{!U)h)$P8S_d=9sAdUWWo;+qf2hdzl1z7$UYIErzZota5m+7wU)Rseou z{5eadS=Uplniw?lV>u|bf!Z>bD*RtGWL#h)G39T=U+LBjqANLEXhIenAAcITfLe}c zcLETDJ9jdS*5A_h11$0bl8W_=YX$5BOQq}auS*k9JHLGS-RNXAClyP&+~mT+%q)d4 z2`U|+F60UlDxi-4WZ-^2=Rj&X`tKO9UjD4@)PIx@hP8CX>c#Q%zXX#z2H;D*mZ_mw{oR&E}E3gxm`oo{0RLK=|1 z4gkbG$QT-W?ep9-f(tfKGyC0uB*~C+2y@!h(v?3(S7|b}x5N zWUk8O^L}}Ky$8_Gz;Y|f%OizLK`ODo?)Kmw1`b$M?meU8jeBI=z8TOoLtoZ+CQ z39`hFo*y;?7=_lUq)LD5(<-`?LyTlaI>pK&cC>ECbLRHwYHhRFOq1A*8AC90J?y-S zib8A*Sefh%2%uPgsOK_sA`CGnL{1_jA^eI$Mn(qT{d5J&1wK^LxT3v%CH0j!Trv{6 zG|UvPuBmCl1Ip{utN--^NKRg?*Y(40n&oN_N-5G_!;^2cW}N}F=DzB?_Zpb)Clb&d zNYT3wF!JBUnnJEuB=IzoCt$rFK-1UhGKe*IKsk<=Ed+HX;O&eCk{hl!m30#+^6w8o zdGl%6r7OOWegnO>vw|XFONJ&H?B8Y=5bPgMfp39C4x})iUsLi1a{^TOO)yssbb{lV zTw5TOJZz_`0VbtyU|^uGUhTTk3#1MRsKp4>0!fP6XYxWekwO&I-u#a*ZVwl}n|(JG zWoOgA;EstsD06M>Y#nS6n}4$k$xca00filxrF!JGS9El|4s%iafTZhO|MoV!T)0A< zE4=f%e=Tm|umO^bASgb3?|Sl^DN>*+=qD$OmnEK3mX~kdFNg&n5eRC_4|Rl(&-U5I zO5;)0m;k=%^n;NluIB&tO|RT^r}k`19# zN&f{!TGLMdTY#x&!Rmo}91tHt3C?l$s|pap^xM4HUNNw+9D%Y^3s6a4%D$JEmz$fL zKn4Js&+>~&3c!|=V4j05duwa^(&D3%#aqM50@_l+MFW~k*lvDhb6cjRY|!VRvIxvt zgolR*$e9l}XP|P%FV6-NK@X4+{XqT%1w>GB1Wx(z@Bs9Xj_0R);I*(pb+Qg<_0u(@KXT$q=OO|KI&_<240XCURrKE59iKAIE01YpKT7f?~ad*j6nYq zcTQo`@y6hw!9oIcxtE~U0oazX$37NH_)8%cbUn~BFaWvU3;d9tsjm(2LGyb+a$m}- zBPsMR*@_OQCfp}h9nZ>ZkjUIyKv6V(xpzK9iBy4g>b@7p7E@}z%E2Mxf(N}>@lel5r`+zJi4zebQ@72 z(Xa?-i+lo2Nl>*Rvb+Seo z?b+xAU}>dsiyMF@z!xAoKQKh!&l5776y0fx1HuAW1#rRlpcM*qmiU7D$?ff}UAlY0 z<=%7usfY{MiI=Vdz*IO|_X~g(_V)Ht2HaQxPyu#%dWK>PDDh&T!vP?1qk20FgP$*8 z+Hn7&DLyrpnDuSPQk88L3xlqAR8T-R zjiGmS6dwYCukt!uQ zyw2LTgw#nw%u78d?0}3v!M6*Bc-CBV_fpK3}t_$r0t} zg33xXXU>n-S%_hE5;P< zYCy)GK3)$*cMeQJj|TeotK5sX?;l|Es|vjpxDwHqWou}@B5Weyy3AhcHHH+8k;dpq zI7zEG{8HS3%Ld|k-tMO*SoWxr736U+>_MYWVNDtOtf8xmfbEESMMNS>^+C#!X)!fB z8_k7y)aDGk)SG%IH6=wVAM2P{lHQuB@Uoii4X*KmimGZvEkp;W|JjH8F<_X)IC&G_ z=>$vkOo>5>3I~WN0ayyjjm%P#COA4*;%wB#8w`U)gU+1qlg{tRH|phsHihZG#e0=U z|8Q$!Wg&?NmF}M8AO@6hDG8COAL?#7VT*Bd66ay_aI8D6&TrrD0$iRaX0m`D*{3s8 zF_D7Astu!u@yo~Km6bCDDo9&X6KAs}(|6n!WD-syWmQ##^;b#f+KQYyS!OX(#66l> zJGpg;&Jb`YgHjD$ZCP&G6pfobR_UQ8EY;3J$im6C#yNSxf0hDyfZbYwST zRtYNJRzPH{l&z!`dIw4E<_Gncfq?=2Jps}X<5EBP3#eGcvBC7sdY^G~&L|~9Lc(_y zK}vXTls~A=-%3nyQpCt@eeK(_dSh{}7KYClS(d@uyurmNgVSUfWhXibiuf0I|Na6g z4Fnw82+A7^UITia z8KjR+L2eF%vlrTvXJZf)l;K8^#2HJ4d{{EOj%8kM`vMV#QcO4T7lXJJMv3$0B0ixdd^VRCxaF`XMx6$Q<%)f9WDcLvV z?+O1nh=d$-7XH?5rVN-^C`wO_#uxgU^|amvsVkTB3fy7mP=RyqmO z_?Z0$w1-4WTOnmI{4CcSsxqIHg{@Q?>~5|b7YhsO1nW5pQg9yzPW38Bu`uyDJ2Ug< zSthi(z(nAiH}H+jr&`+bpVoU}QG1~)g{_b7?(eTphDeo_ltPz3Q`oUmo7c|GX*)_7 z`Hl3&c@@vp)A!5$McDch+PALQq5D-!o$QuQ+z?dyvZh7GQP3d~ zWm!F#sm_S^k@6bw{FhQ#2D7aV-NVqiRr*YI)W@wu8?@gEKgO$dP|1~k;j9dkSPqiA zSbAPSY-L0K?hIp5aBx%>z8mB4hb-uxb-Zb zmSwnJ@}FjlrSrmx!|i4nhT(ezjVCpdV?^e+8|-KM#D-+XLW%KkbFqyWV#@p4=@IP+ zj7KH!AziJ?BO{1JnT^^>)?Q#Y&xug)t4AAV=+HORofS316$!ri_H92Pr)a-T(=Yia zk6OZe*k-uKJmW!PBI66XH?hZDopKC(#LU#x&BwqxDup7)QsChE@WUu(!%S^hjjG^|o=H;8tFo5pDj&Bh zt{W@$RhWxJlRAqS!o>J5DHh-|FYVJ2*xer&IHtpdr4X5=|^#*<^Rm>2EG5y09PnbyYCkUR(0W7{J z1xDmXWiNBjDAm!h#+UWDu+{yVi;98-yfmz#s0ICAIY?0wZ^>MOjm1{FA(f_;J_Q)WLySUJtsAX}yf9%q#}dcah&G>o>i`?1K_Wjm7t|J{cXYfFfV;Ypel$ zed;Ee9!ZbgPVlp(*a1rK8++<(`Kf;UG+d{?W=!&V?q6CHQ0UNwGxcM*I1~XG*2ogd zkt$SJ66$eE!&*A{SQ@W;e-5<`Ht25Fy$vglZEhR-$Uq6Z;gCFOg zy`?1$tM&sk6H_$Wm?Dz`CJEF4ZxR{f-^IqHUL=U0CN;?kNi7W^lr9+R!l0o`%XbuS z{{|Mh1SAtXYRnV@xHk?CtO08Ja7hRNj{@NXNNumWcHBIR7g?RVQ>Mxbqx|}%+fxPBK9@zrGk(3v7puMd z8ns;goMG`?*t`Mh={Y!4dx4<-Q$r>FQ*Cd=Q#6*N*ZelaUy)4RucT&0K5(Q7ea)fp z)SIWQWksE#G?YPXER_P4bE*TXX>+)(depJZ(pa zu~AASW{j+MOlS9B=*v9%G>xdKQttdJnw&o2fpV0%z!s^efnqL~Y|XB@(6^Ut7?IGz zn=OvfS5O~=h7jVA@&*a5qX!b95O;C;6Qk*er)Ws2aoS;wzswNC5a?N(v%h|w-i;wA zWmbDjB4{m;b1c-W^`mvbNJ3;myN^A=!K3e^(uzd!reeW&HuOJ^8{58{Og-DUpQdLI zqGyx2SWOc)`@ZQG4r_jWhIkvVI30Z`N~BBJ#)nL zSYf3J@w!Cwj6{uPXsM*DeN0zFQ7|{`R2g8)d?8q-k)R zHH0!Cz05iXqotO9MK#i0A+u1@1oAM0jOfnof=E*mR7n{b2oU9gKk~g)Ma&7;N{!eW zu`Ffl(~JEYP^|x2Bl+Bln(Apg@RAqhZ>56m0Q8ArQ;F3UFqIdk;KWaugRd^$qv}u* zE5iz=LPdK=o&cvGY^GvVEF1NjHBa#r+9gRN93jf@AUIFs7&(>jFy<<<-uq*)AhV0V zR3ve{+t;LZrg|wFXr#rD(6nkaW3tfj%%pl!<6=xh4rLFoo|KU6%CJZSt6m4wtJ1RX z3fvTXt9weDJ@-sD9LDq+ku_EiLy(o=cQ=EwN)%O3*|yMpOyy#}-P4ix$Hw0i9WZRk zhr^pjJqy+7c!>sYWkahO%gMl2^{u^y+#`<~?}%CUD1BH8IdhpMjJoTM=qZSKFY&HL*?kk=Yv)akjb1 zayESgadU1_^D+eIQ>xN3Y9;w94pJjln})*RTR9#w*mv_8e=b4yE)uGjGOQrzDNeqX z(dLstX!Mw5WM_ZdK9dTEXrxa9Fx(upY}SBmaVV+pWm;qQ4BWh0y&|&?PNjaYI$ycA zw~h|J6i#)-$k7nnZSh%DV>#Dere@Zh5BO7kAUYZ9JcZO(+8jhsCLkDu=S+GZW*pFN z;Fp3}vG+{BHPJu#j=&A)j#UdwCUI{rMI;t}^LP(00~FvX64- z3Nvw)rPAr)I$moGY*-%khdv*sup3z{@r~CX38+a3sn5b}42EyR|4M=r-v+(Y=U`6z z8zLU%zvFMg_n2dG$$WT2%cZEtEDQuEuER)vR7{qjgtZeuAfxmw>u8a=n1Aue3P6D| z1$i!n^3dPuIXTV>xA;D@T$mfKM0@qDs1*wgOdUR0<4&N~PrnKEGdc){kS;&2MBtBX z!&lDD5I1et+=@9ZCuCRE)?AbM+hh(JjKX*CB-bKVk^Ib=vK*kM%XfY0`Q{TJFgvtl ziP5_J7Z1*INg2prw!PvmBD#)Kq~^1|f94_+pQ7?2&I65Z_zi+<@XtAF{oEuquHVo) z9QA;?&Jo*r-~5e_>Xo2^nnpN;jdR;Amd-4|fKf+MGIrCGj?g6H+E*%x!X|;+W-?NQ z{U}3&Z7INQ&GgL}na}FbaYSoY_tm^OLuxQHk{^OlzWAy8(kRv=$kz?EdCz$Tu5?@k zs>dI-xu>R^e}3payH+THc~H9R3TSD@jTq;$>Q=}|+pVSZB2L;Q2`F1r8Op@g{t?A& z(sQ{gnQEZPPhkGWNNxsZ9};|C7lsm~CxMuP{kIe}cP9m$ z+?mH$U8+(W&Il(Y%5oK%LGu@W^FMD_Tw$)&c7G?9wp!=$8!~NJGogBD*lA}JvgIG$ zh{Z8HdoF?*VCm><XB2wecH6nvdWc=PI-$!`yLnT4*haWS4eGU?~@^ol^Qbe5^ zdJ$XoZgA$4HY#g#Q-gLUsKzKMPM2!*^^e6vWAe?p3B2oq9r^N(*Gj~EwQT|PDO3A0 z_l;m2oEoSm`W3pW#yHSr-doJxv^jHH6ijzGD~n0|&$~a`7^no#c4pQqpIH4lUg>T< zjABQsKc7T;!oo8uJ$0u;q0nAwv*TKeLHHW)Ibx1C5dlq_>lb@5SLE1IIsC8Nc zLnx-OuNm3ORzt^c6z4mXnDrs$UeXhqoj_qFu0UxL1i?wB;YX<%FA2TGrFJ$vjuwl3 zIf|NKZdtToynnQ-F)_r~56Azqh=_?iEJ6L`D%?()r>HmeUOR6}CmUy?q}Vk@Ft~im zN1k%fBrliV+5Nx?T+(T;{^s|{^*|JHxfl>2{ozzAO!4O@<~xSxK$ft>#aHlRIs=#g^4{xz6%MCk{V;+6Gpwk=0EfG zU$`^5$(twjIiePATN6r(ijE@{P1>K3+u;%X;+m0zjVp@K%8cR#i>zE_dpGDfJLq=REZw;X^3StGBB9Kr&E#<|5(nfm(AA&m^Av(~*SHPN2ix?PK?>j%L%BlP~v#1z0tlf3STLS`Z2} z??Zd!GD}VwB&p0%^U|b?J$OSzgKR=wIja*`xZsWP`u~9rIiTu9%T$-@>&)+6P$%M3 zKoDj{Ct>N%i}2yThR71u9g0jUsi_TNNQH2|4H~papX)6?2+=G)-6}|nRvT?~`z%~O zo*pm&p)?#tE7TczGi(z2cU}IsKkc@L+WfB>nh7m3uVXDX=yr$r4+-yJ`+qYt45jN= zGl)5=#UFNwPM21V1@5Rlb?k|VUcRt!JXrlkMVSRV4NS7K=js87ZNK)6-&~2`v_3Np zRL4HyOjBV>V(G=H`}P;#URlh@J_!*ZU8eo!{Eg%o?e?I#Kb#ULqSQJ}or9kq!Bg$w zw9~*h;}?F0sw9=6QPv>e>&Qz2TE+)V4p1UVw0%eQ_sHFlYke^1d8kO7>_qqQj{$Ot^q662(U8(Q3XAw^2JJLV?y+r1vK0;$#it}?f zfhu|T{w@J=gCJS`&x_pEL)E9%p>aXltRf=tPdmgZsi|jXY7br+VT&U9PzB5Q6#eON z7o2zN5*BQ%aOtic&sf+Geex?gBzS6+3W|9CY{ApSXUsoE zc3Z)TLQ$dhOVGBlg)FJXDpx9!*@jD3(e{+r-rRIIJq<*=2H{)ELEnV}x*hF<_u-pz zuNAgC&pbQ=K?V6?n)9h%3~0io{khpnQw{v(9NlMv9x(w@vgk?(ruv&{776%u1yA~Q z5n0FARop4?Wul_ZC?B96qRB}$d1Jn)B!-xke@@X?$xSW!!$z`F1t$>4j5VqAgM8x) zmBneZ5c1j#67Ad+(NYzGay^`-L;TKwU$svvo_jmX9}cBv$!?=Y6e9b-s%i|6WyS@K z<=Ec?d*NM}I+<0+iYLPJ*EqTgvK#REhm%c-^-VThGv5+j5Ur>5v;Vt)gyQ8KujXbO z3kh6Ew)?^|;bv&#Z%ykn!I1B6Xy>6MM_&j(ZxPpxbo^Q^`P3Lu zF1-r$CA-#DOAPeNmKk?FgsyD1D6>dtiWN}tlV!zk$bV(EOM+j*;^9b;670`ANQE9L z%ix-re9k9}gg9--D=JFWFHMoqVJK<@we+`VMK^SFY)A5v=b8@h%iT!mxJ50x z9jdBzT&<|w?M`I~@%}2Q%{x;GN>BP`KmDut%B3?yA0dO~9}7kQ6wBlpc20=|=kd*9 z&~KR7yV!($nyzXrFSDXIDr#Q?E|nXeR{9;1VMn8)cE9gK%IJDI4W10FcAsn*x2fnk zR-vY34*#wIMxngxvbq}VZ^O~c$nVL{;z|}Ca&FkHZ=xFe4eZi}rekfGhV~M;SuW0j{Y^w|{(736zH0mTa zuV21@2=}g>Z3j6>G1&g0Jk^R3kGs6Am?c25U8`%3pZdp&2CJSSN4pxW6EbisB=Ko(F&ReX8H(6W^$ zEum>_{YRVs2hSfxJKZgS)$Oe)til1y&O^&9%+ffBkKoNBx&~27F8JJ*PLr&}NMiIk zLfBBrrDJ+RCHsFHUKB%eFq#qPnTH^hf|u-Uioe-u&gwW;ne9rq!XJ*(o) zf@tUat77Oi|1`}Q?cK_5n`i9Ku4;BS97TVd7O~#H#5_BtD}wMy6D82%;}e-FJ5Ki( z&d9fVIH9-5qV-`$LzoDy_prMn->)%D=pfbAKfRu_*Yee7iO|qqcHj)IFAl;EIklW2 z3_U2~fpQ6%_ArJQ8KRBWB}&gzff9ZuCY?7pAue4OZJNUqLOw+83&kZTwG&RmCSZutS~g@i8ceDn4M7sG!A#JC@Y0@BTlu@qTRL{JksKvFPu>|!|AINGqq<44I;-Wn?!v(% zA}-~;O3rJ#NPzYR|I%l|;nbNsN`3SBZ{GQm}AVb(WI zITHMhUA=&GW!q)GKW=uT%-}j&!VO_lFMbLqP)q)1*kIV<*APJ>JMcTo6J{o|KN&^H zm@Y$xvt!XGY;x~twc{QPD(Y71Yv}9CTYy7m=Sz{o*>0T^INuUkU5O;xN60pGyVHrr zn=-1!QM14KvZ-!h@GDO;lu7IB&EpejBGe!;oS$#gqi#<6y9*tID7q3-VvZmn@JYJLce(e?5(%xuo7=bTEKh-B&XF}MX$5fz(7{>se1gYXD8=FiyI$0YaL z6~6u%arie*z3Ud^YSf8D|#U+SA%e(0>UuOclWL~b&0-0OELg4xM#U6=9kBkbO7 zQ8W1$TOaE`AC^?7?x-GWjzdchBm399-VHF>(E2h11a>Wh z&4_@IkW$QlvGFe`wykJ+3vCc#kch@h8;+v zHoO;@%xG$viGBo8qM~QvL{`Q+2{TdFXA1Bdh5oSF2IpmZmHKBpAI0aXrs#-#^Sc3G|_US#_Z%pdstXleSJNcG3&j>9FgKkpgrL9=mT0sxKuv))}@Eg zK#qoS6FU9|6h?EH@5IR%PO;K|HlKzP$U!sM8EA*u-P;2rJK*@NDrQDT{dOOSrKP0+ zS(Qd1LU0x~ysSI%93w3sOPq<`yr;E~QiYdD9(_Ma=28{br|G4ZXqsq`N z_o`O*W-^@$qYoWecu~?jxo|deYGeWvgMdJO>P@{%Dl03qTTp4= zXU<9eKc2oj9_#jf-%iNhA=xVtx%UU+EnbDOP@a#q|9*JF2k$yCY8Ag=-6P&~W$ zB4pqo^C#@k3IPWe9AqWk(0NlGGukC2=h?ls=H{bxlH^(9E)=)&1|=ZRf(-+>r1I)Z z0hWVX;>eYJb1Mq(^~<(gpUD$`ziq|!e^f(F=$@h63&^TL5C!|3e_!BW#RHI`G?x1G z_V3?+G}j@egf>}Ujh4)CSNzv|ey1f3Ba``j>Wyzcz|Ceau zZkSuU`@xMS_J`26_)s?JXc$SbUuJE)BfQZ3b!sbll*ZJy`{GP$VYK{USdG2zeBR^~ zy{Jb@+~e~beb#mKejRphv$M7?#XIFMi<53Cva*cp_;R;YOiq)3G00D^-$f-us=83! zy39zrD!Q2x&Y|%}=-ToDwHF8ZuU#%psx&%tgzJ3&d`NgKTV9X`ORU9bUgqyH)xycN z_H|n*!i_}6i%NT{g$lM@(J>!Io9;h851RS8iXT%lP4d?4E#r<%4>0enD|K*mWH_|# zshf4mXvc0P|rn$LZ2px5yJ#p(WRJoU^80^_jk@W1_{IM|W%|4|=;c``>HW zF|PIK);p6~M(Ju1R#Cm*;+rbEJ9-yY#cLCxie4PK6gzNbB9upw+uckwtnKS)Xcc3h zebb?_t?C@Lks5w`=BBB#s@c01^VaC|M7Gi~&wzU4djxhPxz;5%jY4G~UVpi|&3Yq5 zt3Sr&zMg`-FWG90y($9_w>!L3&bMqM71zw(p4KBTZMq=7FVc=+(YI$He)1+CMoeru z)be}3pTWta((Md)w@-H@e^X9hsC*J<6u!)w=B=*Hn%19f5x+~5u_cM2tB>m*7ukf& zEr&0~{f_6tsq)m%T3J)I#Z8}@Z)M5nN+T89oG}b1>E%Kr9FfG_D8@Ul`89K*SZHvg z#g9*0eTDkBcSO>(aoAYx8=OA|(_vj+ZDwyn>xsJBea(Ac56rZ+n^$VjTOB%@drlzK z&6HjBXQk?u67L}9sY`Kn)Q<$-dRuvuyPV{feATKr`a3xyTKl%BsB6_}%4G(IX}am& z>l-$12kX}~jCb5EYzrBiElg=3N!)TV^&B!f!esi*E3(Bk^|tQOYXeip@f0$bqE@`b z``S$9QpJ;u$@mS6oyzm}o?_j%^WJL-O_Hf;34B6&dY0BV!Kn8WDJe$`D=WK3&F^ap z_&Y4j?##i7K+50`Ym zEE<#3hfLk*7YQ-`kk8TTHT~+1LvOq?x025|)4Vf{?C+X?Uz^mL`rZzHoexzrlRZ{g zSg4vtX7l@I9OYfH^sHlUotVacax1;+iONJrKYdCIh4^hEOu1*SCY#c}2TcL=a%laL zbbW>^47BJXVq%(z6sXhq7@aTur~=c_7^0$Aul|0yeHz+afP|}H@}7KOG4-(Kv)kY! zgqi2-pMD7hFTFMrS%5YlY1;Cm(9M$R09;@1oI`^_T!)woRIVA(GkgVDXNa1>geNRc z9G&s&)a0Dxnw3(D?S%9%7}i|e4SAs_aHA0-92~X(ah~AU)CbE5$OK+3W~!ZCSX_)| z;34cK!2hg*DH7--aOHWYcefAnu72cb-@kt+O!q)B&G-W*q!Z`?V7g-dIv8ef%~@tS zC;a*J>w9f_O#7A~68{V*BZ7$x>4jke_dF!Xku78RpF>3;a!-Sg_!rE6*MjCTDpmja zHZEuv%0R)#Dj$Z;1(=!PX1E%Z{O4R8!Fzp!kF^h4f`nKp$+%z`vmtu`Rl^mh=h3r2 zA3!ut%&{h|B!p|bAozn4SaSF=A^La@CM%K{su5xh2n!wvEb+n3@n29J^xRfC4IR*s zJ8nvX^neetB9DW|Mi3oG$`nzK5S$JaX!xG@e(u8sYLJ-%Q z_57)@e7YNk)@qbOx~8l7wT3>%j&nu#7`O+I4x2cdKCnAxm2!im+$Cbn_)0*8jJ4En z`8_Mgn->|O`uSpfHS*lUb8C&|5j}?+Xm^P_Xz!JjP z_`~EaHNSvTq4pW^)@WzWg!A1M%nw^Gg_ra!K21$!*N|f<(-v%0zfj1^@Q78GD^}mG z^%eIaYwPoqFIajPu{9DEK>VG8`A4FH=l#QWb~E*|x*P2oNG+DX4v2FzAZ)+PP@t@; za(qWv_drUCXX$KbR}235^NlGv=3p#f@ZZ(xUVL;Y(8a{Xk>_sK)zwv>Wa5?|jgu}l zI(V>c&AHqylJjZlEbczSafhH9VXKWd4&XoD!TK2sJ;6d)`9Z03?AWn0^D@p2L9i^C z=(ySoE3VGYI><0sSy?qYyXYYZa?VVb&%aC7@q>BUw> z>GD=QJ7~Axcq=qwTui%>*@Hm~UD-b9B*6S_I!~Aa<4u3|pGbV_`Ypy+HK>FC;<;~w zofQv$e5`p6aV?UoJ?(k-?-LSaygEXY7B&ku`s2rsSIe*ikE-$sD0{R2{RqD?NY*bb zOm=ps?`jcuZzl|j+&hxmGKZlc2eTJiAt5`$KcqJs zP~PPgE-EIr$E*J+)Dln4!S91{)ihYmod5lUhpD+XlM90*cxgaZ_7fQ+Nac&j)kAQ$ ziN$(j>%7@1o((s&CbeN)USOnym#Z_{+&fnP6K-3#l)M%o;{NsNNe%ocY>%AhsJuK| z4}}y#wH|Maha{^T!eqEyEa7tnz??=yQfX>=9p8mB&fR#qhFTOySSUx3?!iy4+>i02 z=RPBxOxFLzW8>@iiW80C$0_IZ6kHPsNuW)E>~9XFG-vFz#&F8hSbv0zU3O)Ha&o7! z`b-*gjW3dgrKO}^A=yk8Hk5U4*tmVV0V`Cu`sH>>aWP?!bRnz>R##YsO?+NN0%-{v z(u%eDzo3Gk;B?f^iN6jkOTUwT#W-+(Ul_nE;V-VxLK>sny{{5EVaH zpWL3lSEB||f>6$9|Jyj;;kUN@>)%Z7)g)f!u0x`&VU!S3d_n|tSBM9o|b=1ucjpvwIOsO4ffp|Cf7J^TX4Cvmk$;e)6LldW)-C ze}}{)lOW}v#@hhbpD^fY&p;f-EA>w=67FdT>&qICpz=cs1EUYqg9nxGmB{bEh%^#5 zLd374Y7M+15V|o>i0Ft_S?V|a^=$bw6lW(#8u$lj(|p`K=z6~zc^wXVVOPvz(X29M zZMsrn#UlA^o%YH-Og(+{CZ(A(CZK6o-Y3O$eF5Wp6%j|T&`o4bI(f=bC-YnmOgc)d z+cS2$l<(bndV2b=@6TJQNvH5r7VqK@=_ZAhat{=w#^?)$JlA5UOS^Hyody8jp+krG zJHl@ig8Ks@N-(?XKi@0ws}tSr$f-!-p_Jj;5P5>f%Uqja;x20HJ=i3f#01g8A3U~; zvu{u0z#-Z@!S?~Gg|CTw+8tqjN*q#H$)#syY5LENA}b@bc7B<7^bCL?aEbqg{O=Xc z0i=+UDk>LO7pDA$VT($bf&s6wvbVo=`}T>109X{jC1nKx9!7z8g8#gSg`6+nbo7pp zoHVz?Z=VJ%MltfQMQd%ig2fMM(;Dy5$_HzFNlS>Z-|A)&5kIk=vaTe zH;b@{f(PXw_CG<+MWz6f54>LX0d>FuNX^dvhcn6T4spXDh@68r<~wkO*1>d|SWbkp z;bF&zjEM?RsC~xWN1POU`@ogCG3V?Ls4P|C!bgbLu*AeWS3l3I6|zCeq;c)Wjb*~| z%V)?Jf(fuOpfQ5RmR_lGZGGe);dKZpkF=azFZTc>ltN{q4jS`z_SHTgM=^0&IHQN`)ah!FG zN&4-tf``nSk1ckRnGT07sX0jfy0NvF*_C-sreVulBb=(xRKw~Q4r!aGP~FG}UHm?zfaeCKbEB_* z!$nwMrAi(mP&{lu!W5OT7#)k=0k6k{ueRD4{BKp~3bZ!8@X+p>dqT~F#|bg0p_7vn zo_T@-q4R-=ajX!e!&c-zSWJhR+ju#ol5h+T0Z77)tm9sG>FirbkznVfc&ukGkB@Sz zC~lGUm5HlghveV*Yl!V(_+~_pT#W{Q^u+rL54&+BGq_`JV(TLo3=9lFQC*Ld3$J?N0vl`e{<1Vecq3Xivyt-*sknN?z@Gw^HnpY1fx`2*XqveC^r?nKHF7Gvb|(j2lEN{lq2?rfVB3VZji>dY z+&#K|o55;$LYTPiYg(T)pB-GJ*zLp48bdan$}1cr!ju;@y@oq&y^KRC9{4`k@?+*q zo=%o%tFjCIkYW;hZnT^tZz9bV_LA!8Pq)lgiwNh!+xHxYr z%p%g4+cr{e+fkj=;sxWn<7ZyWj42CIJt%qaT2~>pPq0GV!bi+$l-qV@OD&aZ3|!vn zwA-n<9DSRpxo|a1lS0?nhSJ+Juro-v_iPh~aF=k~i@9~O`-a@e(*VT`CRnq1etx>T zpX*2^d}SWo#6E@**g*U+LIy%Fcd3kf4=}>!u{pS_RR;d{erAT9cpIq>B2p0mM?wmQ zFF3APCKMiUtwN^70(|e{ErZAVD}aod+_4R?(R!S)vrFOCMnH*goaiv zX^}9`dxIlJL_I=-guC@U?kAGgCVQ9{$}m4IXINz-JwVu9hV+En9Vm9CTU#95%_j0| z;Iqg~yRrEz^y>N>$Y4i>Hoq2R*P0|M;D!pu-%x15v`lm!oJ)S<>Dm z2K(Y#vVf6vlZbMT$A+_tJ-e^)Z&1#1(?26+L&CMxM8d~L(wg@2whBxw$zE>Yn4}+t zBNF_bo*}df8z!yfxsKq?;;q@@>IKY$GAtjb3(C6E!onFC0m2grkM3M;9(02!ivC;7 ziNk{4Tb~j8`|w-Q8;HsryH1& zFI#rW&s`s;5;KW=)h(n@(aXtJGG_6hfdGd2tQ*uIUZfQMV z_ST+Xj*@DopIP~`ZIsvO(@RL+e4fi`7NTTf3_06nij?DKbv66~a<2com zNs>a}y@(|I`>jGW?m$(JJ?y{e9%!!pIQLWFK8vg!naK}-1IBHiRr3xi@uE=tiK7Xd zoe-E{C?PtBZxP5)@?!l=xb4vHfc2qIg4#raA|Asv%f{sFZ09EzPC9wuYN-|qz6e*w z>L2j0J@`vg-+f+XTb`(CI#HJ33CzAJvBe`MZi112f0vJjj_>>V{&4}$AkH=B-kieS zf#bv_=hX8X-WknrGLU%~Q!4Z>5>NcX_m~#ixAPT1Xm=|rCdST(Zgz@q=ewE4-p@4wFXCjH|l2>uUh_vLP>5vr=Pm}KSc`{G|) zRo_HcK4siQA-Fw)7W-=L-SfXyNZoRB$aZr%+J1R|SDlh#N0SSYP30tuR9u@Qa8IjRb~PE1odN`cyO5|n65!7@iD-n|{RS!j z==DG0;vT={+z(tnSF3^5BW#q=$ik-_`}T%^t3idJpHvn+JN3^)Q_rS3Y zUT|*4EHCh}Ak&76DFF}wR(Oi2nWz9i&sF3gV|#o>v;_GW385&0H4crdZ zW8hLVaGQg_#RnJ*SX)zj&fNHxJ5)McAM$+1O3R@t%7mj8WTAbO`au&#Hu5$;k@B`2 z7kAR0&GY4As&=0>Sor4T)5J{^>oYcS_Bc3cD%38m8|J3-Yko9*oYpV1%8QMgqG~eY z<0KqErVh!eGH~rbPf4aq`oOfF|2)y+CG*LzR(h$uwqe&i{QSzN1BM3Y0>#9{?(uQ` zefZ!3tR?l^sUAHrVwi`!0)F6go&V8~)vwt;oIfJ7BIV^)xZ`aBuSb0`dG&-UHsKM} zdYk3cx4sX>N@@w zYw+t`L>r(0>j0*kDsbq?`uu^mhyI8mryBp{#U~E?3i2 zQ@?+#xf-zJ`=Rg>${pa!WN_EbL8gI zSLhl3Y0*);a=ZWM{zS$3{>jBhyNnGQ`O=GPl4z+X8Bd)CW`oo>LNQ^HGtpq|5Rd^g z33kE^Hjc%=_+^=>2Uo(3d$XKO72uB3C?K#dn?NVwsTYcT#}Uw`LB!r|=E4G!A{Uxw zI(ENN3)V=<&QXPL8s19_jgg7T_-!JC03ZqP(gEa)$W!4TO*n*BilDu`h~gNZP{zK} z6YvC}5Ugh6N43&fd@(FJY6lHPI7->ken*YGZHINu7FL7M`a&k{|Gm6}@L`XO6H2C4 z{In!AT+U(h(89@_UiWntHN+VmUJn4S+ zy*iQxxv>pWBKNsD*cf)waImpcDdh+i#t2&GF;Vu%8$~yLJzMbU(yP_K{vorgZ-;dT zpIYcT{n@b*b*XpX@$4gS1OGg}wYoO@2zK8CFk}G+q!7tb&wgzwrT+THqa&J0OnTo6 zeG=_&2NuW3{V~$_X3e1UjIGwn)lc}6AJe!Nv^njP5*FmPIR;tZ71< zb%YyVrNvzzZCBEu?q3kKaMku0roQpD*u^-gkOn+>AhY7-=bCZ0DlR1y zupPi5I~+W?NWsvq;K0r1+xlGv3vud3zHE0Et9?)sLubFF^zLD8?FusI4D3lnMFMvX z+3=^y$vFwnQJ96mRl(TQbRE%lz7wcBY}0G~jbv^yOYf%ll6i ztX1O3LUbh!gryDX7G4*^ev*M&>5%hy#1E4f9M47FlarHQqkb|;lLBX1Es2eR1{>*i zc6R8uLCIlPJO(6BgohuV%herPNtc8)S>|m}aib#(_&{k7g7ZsMN{^3|5YrI7?!K6q zm^d7-E~GYqy7xnwtKJK@IbW1IpK4BLiyqi&a36sjdHftnJ!C`GGt`rDjrPzgkE@4^ zw1V65@56PAh<${^1QP0VIHHYueB1bPo-KsiGf%;D3`v1r864Md9J#=A9E}%2W;g(8 z!)6;G_o%8F_%IcVJ8PJQ+O93S0lYvhQ0(+fJxosC1So`*b+HoaSmYqEkGhe%SGPBT z>;aNs9(UvuMkfeIw4jj@M2d$g8mkRVTHA%is*&jeMtqB;xvY#iGUbJi7g6)otYyKvv91%I*xi73)|tcUZJJEO}qF`XazvP?){KMyj~W zI_GNFn8f_VK`Io~qj{42(ZJ7o{kpWjdreDd%$X%;?UZy%Or0ZQPWsT)!Ao z4bmA6DY}$R?G%L7?g?4egk4G(Fatz^CTMwixl2}pdD(}!=zY|uVlSuA3$!JL4UHCG zl}$@c9WA`VSNHw69dFYqsOr4UM|HDO?W))+XwUhBztL}YxsNVYu7f36Dp4uuUC|-& zUAwkDCUe1>wP1r|c!Yt-Vcr}ksO!i$FD!wnv5Zos;m?N?sOCr{lA*WC0UjIvS6XBw zRCV(0!?<#-lpfmUOE1uWGHCl zkwXpP;J0|=`GyA^p0QzIRu?8$8g22_w$O8aJm(f1R3ep)>+H*QqMU(Wtp(@SW5<^J zO|-{-Lg)CrSI2vtnece!YUP^0Yt_4>$ z04Qt{0)}RB;luPnx<~>!1|W}#3_*C?@j^+x!Pe(<8 zH!!8ZNGHk12r9xFu%=7}_b3IJPNP-={BRsUKHN|Cb!EF$`l;v4O*e1egj*VcufmNP z2=*tSF2eIRbM;{q@@^;ZUOgKaxP~h|6aXh$Ipu)R(9&pc;*ZUpL!FG~7qb1I@Tvsf z8j8>}KR=Ipl(0(zHU0GkLBfuiDL9AaBXKWd>Bm*)`IMn2a?MTx-zU^h`Ny-ZK- z^N;wojyrA6EYkTMF^Ayji)-+jr}*pklIYa7jNQ8@ByuK#+!Hx3-ZUPI;3;cM%Y`;B z=MA{sT~Q`q-*(ClusyuhPkd-yQV z9Nn1Uvfz=yeX(|fq@xu~PmjRz0G7W`87%J5WI3GUJ163Ci?Fe!JizuXAjR><9+M@u z+aFRq^(hX1aA=xm)^oAy6m%Q0pqnR)VhBi2?LInqSB`;4)9~3eKA=5EY>ChOX2;_> zS$~2`LLlO>enLLgfOHmj1l+#g;08qp$6wY^C58#!9KeSW_dX&WN4EE|`V+c9C@@Er zxbt6>r=w(khEfxKfsVE|Vr6hZFpg*db~<2MaV7_T!|G?qyXxZSw6IG-e*+&>5h_3t4e<4xSx)6zH?qrvyG0d`VknGdW`;og~M zYoAGvvuDl_xet1g(_g-zhXOof8FM={rb*2C>+n!|bz9{ZI)_C61E&z69=88FCUE&7 zW}}LXaHjfx+u|fn2mbhevTF)rpzRcl6O60dPEzmzLaBqq5%t31r~c(;^WIWN1D*~3 zP5cqv$iTIuQN6b`w@-z`MUwPvMeb2}UuE0P7B=TCeEW__&c5(GNfJsEyu7P(=HNE{ zJ@n_sQLEsNLNokDZEY>8hF;XMxDF&{wzILFMdk$v*aGEZY139h?Omwr7<_aG8(fW*gNW$H9vq@4$|?G$=! z#FQ4I(~8*+_<&lQUrC4sNhXRj^+XeP{r9X2oN0hqOuWYF+vl6`FpjKm*u^+PD_V&) z7JcfyK%?qWNZ|;gl*`5q$mQf8ZmBF&HI|Usulf`&IRSX~#OxE4s)$Y(VPXjD?25GQ z*I0V5;8J5}XGcRj4}Trl47iUOYG?0H2LRakh%*h|CDco=vi7ZG?iqFfz0@||i`Zv4 z<4@4sSzr447(tG3Z zUWnEvHmJ;z`qb1k=bg)Ugl`&ct&>3K=cAHrHAG14|z^I87e5C=w8{ z>&>Mh(k>N$yE7tnqNir-PswxVWplokdUzzO%Q}24atlqZG_4z-ltyoS+QQrn6I=E| zCZ#5mX}3|GfcpXX*NjT$v8~--75G?9^l0JQ4;}$`12Oqw*7@HWxH)dN3I~y^KA<6g z3$Wi=0Cyt#Re>nMVQqC0Nfq|omkSfeYD7Jku+O;n_}Jm`6a72P@({_KXnrgsEiCMg zBoXrgo&(83771W)6G!ZUeU(&PFh>5s_h%isW4fF({$atvvzWg4Y|t zD3la?!)ML;e}X?oHZ!zym*7okeed3U@^SU5vK8yosKNS&6h-$=MJC@HqB9EEYZ^x> zly@`#dt%qW`=BFEZW|)Ulr}-#e;*D9_9#sF)8NiT8@EaddR#+by#5Aldx{@etwdOh0=J zW;(I5@y5rx?Su#PpW+_134q zlf5~%2+QoZlrwnGjBHvba(q`zxV&6Lm(?lbKq=cd({IIeO?d(x{n`eYJ7^gvV(Loi z^>BPeyux0EUsP}lM(V#go40D2tD+o> zJYh!};j~j@+oP-eUDky&#o(M@QA<_VD$l&LK-JX^wANVNs>HZzJMH1E>n8pxB4L}X=4u}6p8(2+r5 zlf$Z$x{!|)JoWl@z03~DFCo)kV=TE00}`Tsax15cn)x{P1G&!L?a_sjCPQPNnAkB4 zebxxRsD-NcBfmF|M$+0 zZW{sbjfe#5_m@t|3-pB_k+GiOG~-Y`r#mm`q4?@fBd5rQLT$PSe04usCU1jh5Z9H; zf}{FOi3)}D-($7pn5{)vW3OH%85_^Ho{w4y+rxi`tfBSu$F7a&j)1O9l=bNiZcFSx zL7uVf2kWW|Fc-G}B?E(Yywh^e9P`6!TmG@WUulkKUglQNY~C6*_rjWkL4i>t#({O+ zJ&#WAb9~b7!23S)z7&?>!t_of=RYA?U}jRV{5Ow13hBK#gU=QLl2(LK6x8Xo>j>CXb!CA)KsDznwtJ1TA;+I2GPc624#}3u{ zYgqeU7MVEeAdQMhg*fUZA!~DVq1^&SMuBqy_tF|{AWjS z*qO4|3A&jXGKRYcTw2MxUtD_4-IYp?RUE!bE~&kBM3O9=J+Far;)Gd__w&d8U|rPmzi%`vC%Z8E$nWf z`_Wq6ws7VA6J#h5xJbXW6*JO*BQK%zh+I~nB#48>RMl)>g25Z|b5>SGqMDRMR*%~b zum@V>+f`0!T=;JH?)>qWx6Yd>?l^tPjKf#p{M^HrQac*`iZ*ZHlHrjR3*$IHsQNE$ zkj>s$IeGi9;?(SL?aZ{c-oJz<8b;h7EcP1I-0z> zNahMr{dn?=)$GZM-tcIA*~H^%c%BsW=I$=C+cMqi;LZS?yp~Xjj0N-vVn)d4koA+> zx)bghCuXDzzMW?ur)lJMxLKk$xKa0~U}uYAck(W=*qF)RVvfF6Ax5$nZ7)j%8`E~a z*B{%%ti^p{w`}#0NzTGn%YE~ukFC_nyblT3G?KKrPN4~j;vCoguQw&{tZfM=(cfrM z3TTC7e&p~M($o|%yijs^dzHZ%$4=}K6kd*4^ zFtz=Ol;Jp5%jyaZ`>Eal1K%w1&f%i|3`RP;J;j;X!iQOh$O4C=?X1&yuA7y9PVU=c z%F+Iso8^dTi?^|dcHg~Pj$TT;PK-r^WIAmYTEh}^cTNI9!+D?{u8NK9a&pk zyC-3xTkLa%Ogy_xX=~JYdES3szPYIKh-F7Ai$tv!r2txmlz(`rfA)%wc31t1FTBTV z_{DPl*9k5@MaLkq=E6S*g$u8yJngr%v36D)u}hgcY|3ot7X0<;v4rrf>ef+;i-TZ) z9TAq{W`N1d*|6FAyXJ*J=%4G3dkGd#P9ANfu(AZtvZ=G5yJg|1f%k%cmaUZ)Re`OL zxc?P}$7fLsUpF1AF|wxiVtm57!kYEkHMsF>`W(F*e-B?QTLp{3)0D(63$Ipva1K#P zz(}n<@y}(6?@ULd-1n)|R3r|@uoSnaFqEV(Ox#WD;tHX-OOs^vI*PwF+59ZGP2s!w zTjtkGXNCH^{S-=`DHwkHy7AJU#hqqr-(X?wvXjK`l| z5lzjrFczJo>k;eXhti-M7p)Q6*hUp(4L(WMmXpl6dkX60%V6^udoHyS^nW zD>D;mmkN;v61`;fUSY`$brJeuFG$)|D-Gy$Lk(d7zu#k+zlf6yr{FOliKub-jn%1n zwj@$W_U0C|ND1*V4)Awyv0dHu-h`fwb#ls*UKL1` z=aIM@h^CXsR(D&ToupdIY>r@ca>2&7zJaW1>xcH|UuCKx!b6nsCYw_KOzn#0(x=sb zdk?ZweXQQ5% z7?!oxWc7>bN~8xvL5J#R{gP(}PgE}qFGRkWyl}s|MXE|vt3vLTuM&yv(tfMo9;6pv zaL@grDr4%4qm21PN6VOcl}CiWyDLTgU!%*fkw*EFAu+U^&)db92O1b_;Xs1@|siTaWj?eB#Q=9H#GBdDC8AUok)B zd!X`R!VCNUZ){KBs;DyCTRwUzQ95W@&HdwXq`?(;q_@PFHx$EnPqi+4zpZ)yckX@` z_jqn)`}1dsXl2)+G(t@q+E?J{&G9j^i9u_4eIw^!_f()p3zQdF(}U7M_XtF6K4 zT~~AmOzF*ViSS;@kfg__gMu_tc0wuyq6e=|;W^51GE4GE(Q=VlgZlvx^xm0uj8X$F+CpGHQ6Xsp(=h*lM~DG1@JuBb(_dcQaX^WV(w~6F z$j-J>g=>?kRVwK*RyJAWhqN*IZA*Lh&?Me}{0I3y*Vaq?bQQI={#a)IaEzv-ukAzW$Ab4JB8iif>dmx@- z(NykMNPn;k;pY!d_Pj=uzFXz&m`7*7R|yZxm0deeM+l$mqEV$hJ!Zt&6?3$i>QwH1 zrKwNV6jIjDtUnK5kwp%6f+C8KV^_-k%a5$Ba+MV5T)Y@gQb~QCt>Y~^zvA$BRyuq8 z<~eWYg?NK7YUe)A5}r>y3d#|OHm<}cdT(FU{dcPHq`c)QJ%kw=!pVQ*qJ=KJiQ)O+ zm+2zU%|K&uXeY8%o2U4nYcI$wGlr^r7WF41A`>r?%jiW>lLFK!Xj!lGbcPr0XU?#9 z?pgD{mu`jJm7Bq))RCvowlO_2e^SHtzWA4SyNfRQqjin(D(u3Y!v&68XSVBQ$JEE1 zKR~_6qu@L^eJgh%l_#>0n&iqTpBteV()}rVyXIUYB{A-{Vr_lT=Wm%Gl#2g3ek9nX zD60NNb{z5kxBBCMv$j9;XD{+@9vX8;;RIfwd=nBfc_+=~&E^!Wt^q)b&m z5XZnuQ@?)!6eX|_K-vBV0%kiyIQXYN=+~h@ca7+8(7!e~_;d7_i$eH|v(|&plBXht zHE9fYBo*Za&p-DQx%Z~}2T(WyeL!fFws{~SAyIbn2`tRfAVZRmCgGl}+o`DpIRMB` z9?=PWa`7K1bU*85=|^BsXk&9>WzO|K?#CUF)_@&+#dK$566s>=tQIN;kWm_bf$z$F zczea;$6iOvW#S{K>Np+lt?ep$d#~z_=uX;p?pm5dk)B;tSO2sYy}BXe9C(mM0Q+lC%sEou7Q>E~B;J0e*v<7&R*6vVfDMnC^b2d7?EF!#)nce^Ac z$PQDS5L73{xKH|im2^{il$lan@~8*o?UdGg~U2uZ=`uHCy9V=~JW zv#WR#vtf^&ofFMU^7~zR71%89Y43B_Tt8&C-i+b~?CTs9v;n4HLM26Y>*{IL&j8af z5W48dlj>jV0It4){RKwVH6t2%#)1~qxWY|yN|$po<3*DXElFKTjUN5N?=P^Q*R#-0 zASkx9tSn~eMY@i0&z-$0qM}oTFr*!p?O>*YigW*T!>ZVks#3@tK-vQd5dvO9(5w1u z+~efDL-RyV6xa$!3e5QH2Xt>^lFzPv`+`CJ3)jv;i}piLQw-dob<6aPqRA_EYHDWr zaQ=<=H9N+zEPAZfHe{FnkQLL+uJ49?>Pd>~jgk6hk;Q{4w0mFCGi~N^7N*R9ETn!E zYVGH&+I2RQOu^f5=ErC}e`Z;jeO%DhFwc^!onKQ+|Hsr^V5)mhUVTwLzgbgb8k zXH=U!^cVa_4|6=eXSj7S^r1zVzm%Q6%BJJCHmT}(i}Qc8PjWFMiDuy3KJq7X#9+*P zpQVATb>cCJSA`y(oaPeRe?N?CQnU*Ry>Xove0!@cTodxwqEkNe2X)TtItSVMsR#(Y zKN&U!xe`u%wnl*Ej+yykg5&dbU>cC)=Csy7f+wdfI0ybN%qx2^%dC4#^tQyl|K|&! zZe8jafXj#=kU2UI1HhW@%?`z2OV*w38Q6V6Kv{uq$Hc~}!QGvhtBP<3fE=$%jLQTu zi2&8m@)Jsa0frkGZwEiAf#%#0ypCYLik1lWhjL14T4wk(LF;n(ABh3{`_cM% z$Qec)(=q-oodsX)Hvfa+dCd_;(y&;@bc{AR0dg>w%{ zpfh;+58L9o*cfzl)RPAArojoqt1H619sn}hK#|^$(1*bYLtZ6M=2-o=j{rQ*KDx4W z#>)HPZeu>4QA+0ky0e|DaisCfHC8-2xtFCA7bJ`PwN>1Hh$huU228D~boE_fBqQ4| zLfRt9lba&x@8;5Pe?30#j>w*EB_@#u{c&r}y%uIX?y#sHtgCh)KT76;@eVzYc2z#z zWs&VKNk!`0$&k8JQ0A?8NE_Y$OzNli<($l`?QDbF&K#C%e!)=_oZGK6pH{vc9=&qE zHcP$+jV{piSI`*%RpnNCIwu?3V`QmFU&oaA7-)b~`@`kky4VVnQV)UWGgRRbuW%n~ z6k>Lx@Kuf7fI7ekh2VzhqG82Jn9GV(99>GVL?I#L<>Fc<#yE^Ig#tKg2ha@*XJ~S6 z8n;$F00lgWNAW%qXMm$vbHtIzD-*oWtSfTl?z!L$j1Is{$EEA&A4d)gl_^rk9{PZ%7;ZJF$;W9 zG>4>2Vm0Q`w`1W3qk(B%j4(=(8 zIrktG7le=w*tnyG%*GBcEzM)KFEWRF&*qI%Tf8%;;N|ejCw-gV*y$nRegJ3=e+N0W zoBlhBGfk7^7nx_wqQ(`MXtG-ZX&tE}S(25gDmB5EMw1M?Ko(ON#l;KIl!yNB19&Is z!pf8zLUTC&3hV%U5jO0Y{B4Y?3~e5$nPi5ClWBdI*m{Ers`nlrRkUp|xk3ZY8ChAz zqK{wm{-Jk;{1x)FlbGm&t_9Mg?BG8)XX}CN%%E;VgA6h!NFH`T#Se~6Ez%ue673mC za)A2$z|6+L^&d5_^Fibq>>9n*^6|&W^XJabLtAKjz&HxbH8b`0{)WZcst+Ub?XmgWE90ApHNjG?57X zP^|)F>=ERZK43L~-5dN;`JIeI^>-A2SK@<_%%gVzqlRs-WSD6gxaD2YV#T(?tXPos z^!M?NEF;U>hh>Mno0zMC_A5pZ=>c4X0|3rs=;o|57dty{=ZmO|P?!L9yUY_b{p(2DRjUiBt;1V|>$#v@G(>NhWNglDBU}u{4;ZbxtqDd@%|% z7Lv+cxYNvWmFBS0Zr7PT3D2unI?=>pr`Vlh7$!_(bugE^Ha{kn<}w?I9lpoWZE5wg6Np*~hXHYvkPWqGpn(Spc6B_L++QfDu^gIcOQQ^$`trpI z{tv|Og4+QGG@ffEW@F$=z|hVT)Ww8+1F|$iL4%B~!w>1sTMPj1@FU_j5CXKJ7h&&U z|2!lZ4GKhT@cF-jN{ZRWF6hC5{q^&8ZU-)^@9QDx1VcP#38J40xOy1gG*oxC;N(X% z1zz^{64`PVSUH#xvMJk0E4&Ae|9M;lhOrDAI7fy~ag}4~V!T53LviDB6VRDk`)KW^+DSM&G@* zbp3_!)k^O--q6H>Icot9CQuH@Kgv-9a=T}R{tb9{e){EYLRX3=B<3D_An|ez-8|nm z&71FxCMViT%Xdp#5OKhpvO+us^9PhS;u#Tp4m5QHufOrm8*W$_Bh`&&dO6(q?kGwz zzT@tMD%OS&TY!7zhlfoxu#o?)farunrjDSG?>C98;U_L-alKI)Sw{c-JYo%q#)KNq zLf9N1l@Q^gA$JS*3iwYa9A6iCRg7!K612CrKE+r$j1EGm-N4O`o+!a~fJ#%Qc;i** z#V2JMV?yp_QfGoKvaJTCH(FUvhcaGw*1W|0i{@sMUUmDvtS&vuPh|UPMfKmC2-6Pg zUAVC4!G0r9YYo$ zmh8yXo`KG15Fw>fIdzWjIQW!k(1UQ1r|$S}^X2If^x{2CM~Q)mju4Uv1VZ5uQ_O|r z`vh8WxJ)rQ=?<<6qzMlk>lW~|woy^wyC7rSk$1iPs4L~H4|?_x4{G2Jz@TzW?B-u# z_(bgI=>XMWJPXi>FQAu)zX^fmheR6hT5L6hez2;sU^O#ef$9w)#9|R$FT;!C> zI?O3M+7o>*QXui_)lkGEus*i_Y)z4w7OY413te7>o_{UoP^thDWOpt=u zLgf}2UCUj9qPxdBlWMg8()Wh|L7lU2Ik4Jr^_CiQ3_kPFZ5Pj>Et!|)yIImaUfR5} zY;w8w{xx6cLG6X1Lkjx-k|GYTji37SjPedoCvWSvC?d^>a+-Hq5m5l-(UpehxGzAz z1NCPY#*zbG!M4UCqZBTk{Ru1wIyZ1H1fSIdPl=@GvQIIX#n#;2o~aqk+d-+y!0irB z#npv_IEsYK5@OymImjdljt4PT*)9>gH}FT*J8+)qQ}8tBaSIu&UT{BvRU+tYNCU8j zYDr+@h%qQf7(;ct`=}9Eu;}#uLu%oWUIpA7k|Qui9y!*rb}OU73lvF5=fuG(f@b=q zv#aX^sCiB;81PM#WC^B*{>uTp)$x+TpUMcN2ujeDlHFrO(RBxtgP_P{FASJWHdJc% z|5j8$e0bFUXEnKk;Uo+|lo0%)?H36d^#U=`8+JXoW+0R~PY|P&y!w#|g7^Of6XV@` zz&u1yf=D+H?~=#eT>SPAaLf>}D;16b`9%2q)pwUtU`^}aq819M$q(;UHZG1eM{*eE zAf>~;C9bOEqSo`DfP#f$L?l@5fD_Qy;iy2WhZqfOC1RxfYl`vbHK0cNCX+uXygxGM z@My52*YdSCw<;;KmVfH|*Wy-<6|PS9pb^7<-mED8*i?n_9B{Hp; zx)i==V?yj2^$V%i+_QGYGP!?gDi)hEE(2=q^PR)7JbU zQt3Ag=;N!*s7zRnE~H*s(!i7k+5$o0<8Hji6H|-sDyd%j^FVITTQJ&i3?GASjnhLB z)xscTREOMH!ygyf70Odod(Uh?bBA(%^vlpIT>YCUqQKldcGw2n^7rK;>k`hN1V+`& z<=%toq9E!L(jshQ+&v2U^k>PdJztNbn8dZGtnv<94B0n^edpq@+NYn#FUmU^eAO6V zKU?ZVx5K>$Ju8%*FaH^w|AjKR>f~(?Z8f(Qyefs(N5skA`r(_K#@JAm)het5_cN{S{_svq-d~{lC_p#bq^7K_r&8t~b&~z|k zIJ?B?4C!UU?%D+9EQ@FKPCn(9w*(5i(^QXlSC}^qp8tdqTeY>SMs~Sk8BV+gqHpqM zV_Eci@$vNTngcARWTmE)rRsl<+Adss6y-WYbPLiZ4D%D#=bj^Hy{@Yl#v6b{7#z6J zfrBcEd}@%h1mkSt)?3PIvbcou9=A7+38%VG5vziMAp5ohrL#6gmTlZuDEb4{EBBnw zx92+}FR(AL5`P7&;+|NCD->fCvCbdJ^n8$NgI+DU%^T4#Tfv=BqKY5LxOV&Y6X?sL zW;$A1kp;DID+Vk~78W5kzlXuYuKgSKtgoVK^sWi+lsjzDe$z`ylAWtMidT0*r5DK3pSX^s>vMO{U?!dOgs zYOpaVedS5etn6IdX(sb4c5z>{wxzvrUMt?Mv^nV?byoDfOk})Va@Nti{wr`L&C##1 zh-pt5cF*xoeom>gvvl%hfea<5U;YDgA0HW)XwjY72Q0(dz61yeQVR-amd>etYAds8 z8IylHQ+6oGPeyNsa#rfY_W6%D~l|z4oGjjg5*f1+y1HlJX!(4etC-R z(1WCy8p%DzqY%&XABQsbj;i0iU+YLSJHZqr-x+no#LP?+z9n2FkSj-ZQw{0f-QB}? zX?lVGL2cHZvu(aPNRfbJOQ>nvODHS`mM9AIK zPB2pU?74s|4xj?=tQMHqyjJP1m^sMMZH6=&EkU$vJ_3$Fm_3a+6uQ!~gH{Hg2apjj zT_kSI^VnlZ=e7v=lWFCBqLT_gcV|LXmG$nDa=*YCJKueU6b{}cYOHr6NEG4P=q+RY zV75dkl6O6afDko3Dt?#GO8*CPYL;$m0E3CBl}b(mn8v@*IJnyo>`$Uvt9jgUXq9YrI_!?s;S( z&n0{yQ@=g_@o6ga50;hDQC6AvXC$*TGGZj7u5wvwlV2Xy3G#E6`O4>O@Ue-(J3$TC zhr%%!CxF9B)Eop29JL-9tt^>9k4!nm_NKmbT}rHqGp1Xq4xDgu5=b9MP2N`4x@cr^ z&I{B#h}37m(ttP|y>L)Ef5{iayh$GHWD9CO@`q&?C1yQ;CN&a~}B`USkImt<%BgW@bqQ2YJBsNDboMx$i@MV11*w`iA6) zAsN3h^6vSn^XzSf`%pb%ZsP$GX<375NnEq{Sy_OCx+>w_fJ-yv#KzZIFh?iLotB8c#ZG!S?PLLeS_T7BJ%gL zJQ7?*s|cbWRPmsKM%R0c+yW|vDjKcA9f-=f(2zSg0#`+aSX%dm_dvCr(=#**?s~V1 zgAfU9&lGUN%(`0w^eZK(TEHp?)i5P1D+D;Nus$!-6Pwi`x(+|)=`+AI`h*VQwcHub zZC$mrJtMUsVI0G`W5)<`ASed;G=o-f4HMfOa4@D>0w3aJjDGawr@F4C^V8THa?TBK zO@V3U57gxqGSYkYR0Bn=K1s-V0jYqbEcnwGCVIHO(RQHOA15E1Nn1!_r2&!zJd!-@ zj|P*%#|GcT_6!u(@FPU%hj}F-YBkF71hwPwR{!zYXJB9><{**SR(oyio^OmXSOfdG zjH!&i>5K65_Q;mKNud+EIAxT++dM73qLFuuQTmqsxz_A#7k%t^{=IB%2l$V)0w|mG zXL-cc@zz*K2}1uaW&@$xfIkR3!^ObBK%^ayYRBoE{yl7**9hKALIvU*3$3{}t6WIh z|AbALX)RUUd*jwAEs0~bE8H@(+Zlw`9#+;aa|pW)%ElE^v}yS=BH>^w-lGqN$Z#?r{^L2T4r1{q-15yNTlbm%mvuAtwK_810Xc6#v>4H zL<rW?`*Ch^>^!8^|Z!p4n3=teQB897%q zuI2wD>nnq*Y`bvjlJ4&Al23+h7wPVllx|d78qUo(b7s!War^<} zmaY4_W38(ez^|yb@ydZa1qhS60Za^nU_f%m9spkc@+pH74QN$FL1FuLGXW%N^UXpE z3R--gmqGhQq-R81bj6qfK%uI1uHo9t3YNOs30vg z`H^Ic$lHrI0q6pfxh}y2Sp-0(4j{om-2fVax9H8t&iTpPXYe+lQ#c07@(0kiykYR( zVpQ;No?ie4fx=km-?9Y=djZHYIABkg8+L&%$Onl2Rv#ocZ$U@B1`bTX{Z|2e0XU|r zBO9i^bi{IirWGufXMpPO?(Be4S__o6AaCQ1kpV-}p_IGW zfCS(#%L8h108PGC?yb(E0Mfqlc>LcU4wC?D1|$UYxy?kp0f}hSAle0-1VEF13}|K` zKH&$j1OOyKa*!!Fz5%%O3X(3m$8%pDR$&K_@d$bz%91!0x*P(Ec5VpM0gahwa&wG( z2Z5^6wU_+(Wj%e1twJ61GB5ST%JM&&8YR${K24G!st#A;;iCqEtMnP5 zE#Mq<0Y(Qv?r4J`A&}w%j2J8zo@Aa~%u;R|Ri{`i#K+}xxj4zP_u zL>^FxgMsl^0FfXN@UT@@o&uRSK*H}>3%s5ym*5J$JzY9`i}wVN8GP3HJ_iJe+ya?~ z-6B0JAPwa$Y!B1{8R_YDz&iA%Kmx!5yW#ntQsbzK)HKaMp!A#q#3KkR2u@=0^h*lw z0^+eq>%RH|(YjM*aNxWp#SO(7fUGd945JpyQOsBtT|m0<5x;=m<}J7fU~-flbT#Tm z&`gq$!$U((0M7+r>|5^%Y**kY15C(@$QeXSK{Q2i67=#6by+(sdeKsgXege#O4Tk^u2 zOpBDzG?*2eVje4A7xi61v3);3tSUPCJS6leRMn(kIRhKGRLet zt~Mu>tZ8G3QjgS@5qbeq4KnjlHPU1}b=z%e0UaFDub!W#ZIm)wU|WHcSO-Kf0PV?J z#0>Zbcwc~-1vppUMuP(`Y_&V^^)0Xh>>z0d2p#EB?>t@rioS(a#S8vj1}Qh#5F+qT zb54k$eg$R5o0&}zAlKltdh7}WP#Nf$^ZDInoN+m2zz1~)K)DV|9YSQ=D7!<+0h9JqM&vnd%YV5{~lR8PJ4#9**FdmzcU6hl|ZYDb_lOg=%0eS z)d~s`lKIDFu^;Aw&u^kv143chq0C`mlx(7fg0itty7}N<)>wME!Z(cCK zaQkEJhkLzr`D>hl!VG+h0f5%tiB$uYs)6$l&pwc>O{;_uCh^AXg7X02oVkEY1@$(t zwAAP})W_z({9i4=j=|ae<^n6Tbv;m@yngB4Nm#x6X0=Ef=P(ySQD){g5q$|&E6q&peOGo02qAW&S! z5suKGqE033|kaPg_? zL-qe*8iw;C$sITyQ6DiX&OuQifh>+Uh3mSZ?P7dIh*JyWXPas{eS@ktDe6}0?}X1o zd}lq43n9NT3#uH~B7YZ)16z0Ii)0R;2a$abmQEAk3+dIaiDl@i@JH}I$tlr4??pO) z&mKPILMtzI(+}@A`*XinK`3~*Nv;k1SfB=5a*se;e?IVEipsXUhgP?Sa7eJQlIK?@>}oK}+8@6X()O8KUQ*91 zj$fb?yFJp7>phB^?-<%yFZ|8*I)1Sr7;`%2M^sd`d|mjr`@grY9Z<(hS$NePE-ZdKN00np{^&jtR7>@1CnbD;k136NvSZrWDM8qmD`XZ z%(8X{DzG_$mK+iX4l5H8w?D`d)nY|lWrx}?N(n|^!XDY+a>9(Gz``{1qpJlQ1A{B| zG~+op2@DHGF#AHfl*Ca#+&YBcCcK-(jcsZV)E?BBS*^T@6&My5oY*jsVBFN#m1)wf z)FVg80dv(UrDUObDd}>OIT@)yjFlc*Ei=Zw?I$r0=RWDMf=Tm{L4x5Tu_Zh?oj&W^ zM{Iap8iQC)g2%bGpl+?H{HA9zah;(|z}SI$g-%fL5y%tbcR}2c2k7kBnM~}}{tOQz z2rJTw3F7Vq>R<1mqfNR6lM?9|@S&13BPe;$5yWzda3}^J@4BX) z8SLXIiG=Lx6g2Eoo0>`)J26FFpIEe3Hqu-m{X*J-07=|Qi&G15`wOfCZSmeA2I*nH zrP8g`&|K%@WT8bG)T4JqhCC`<-1nZ})lkileVwgqCP3*s5v>15hM9rSzI{r&v#ZZj z74u8{(yhi650YMICQh&8`L7YYmUU;KhygVcC=5x|;d%yIkssCxP z3>wO(47P~R2JH;^1cFeo_6U*G#KQg;U30(V*?wyCO=Gf1kLe(o!JkVO5HIr~D6mU% z+pS=7PsxfAs5(6`HZYS7oKhuY1U>IPo&;Q;6Q*Z7$c!Lv2?=R-$Iz8g8W8aEn|Hb8 z-O&8*Lr4)n#TPhM=(Qd*iSNc(Vx9STRPSZfm+8IlXx0|ai~%b=%lKJ2C?-if8J6&a z?F`IyC<`r+ifmhS!VxZA3GHFbT$wXzuSC{K>vL*spoSO+d+bqq(2xW%QB=rCM`Ivw zTU}rkr{>p2n;j2%I#nv^$k-`tkfkE}_q9cjyt+=v>+2@JM7QOSuOZa`D@CR}_yNX7 zII*tk*Rrf0h0~SeX5lE zI8l^SiRl;|>RqHK5TTpf**;s#cWeP@FBj8p(+JPbK1Jn2M zdCM>)@+lQskxX@V3&W@Io6SLq7y zClw16`dFu@JZcIn;&F=TlA3>_2&O8x5OC6^4h^sH(M$IC+$a}e;@&NvFm^LdWP^L3 zC=4=2h)IT&*%T1N?D$GbN>T^Le99avX$)i^J`hCU4IB4R#Zm?}VAdxZ;!Kb9_Ufwj z`ASq>Oemy=Z}x3tdfDjg|Al{!dM#RO;S<7Oz$7%s2eF@W9>;^l7cfI9-8^n%oKVO0 z-;cTn517Q9se@r5a3f&PP!(zbHU(&92=XB@eoP@N26GwwIc4sKvCfFb3$?@H~| z<;Gx$8J~66(k0M^fwR1Tt=x-s!4J6q(p;Xrt&h1-)tl8dk8u-# ztgeCu=PI@phgzd_>%Mvr8=bjJM{eg`Pb(j#QgAH(p}|=uww7Deu5JXgWc*zZUa~aM zu?Gpq?0&3f4Bc}c;hizbYwJ~K&Za_j$%AQiYrbP#qduT7Fqh`xvQ&&_Q_T5sN1i?p zITMjG5j5OU-w0kX*C;;^IQxxs~29VDs(=Ec$J#AmpQD4pI$>b3Lqd zlO%Rgq!*56IPfd?VldGn_uSt#<|o2<*~T}%51C@ z)tuuveL=W&%y^)#LW>>%J zPDPS~jV&e{tPvV-$qVt-uTZi16gi8r%11V5SeOEjzcyXhm|5%lvfOu=q6n;eHi2{cjen3j$%!^UeEK6q ze-ao~$GY7V*lr{?;c@}V{Htp>`$~(PG#9y|6(19JMK1GZ@la z_%h$fiH}TqRru}6dWOtRA_r>3_0GwGThek!WQ%D|jhIYWLkziIlHg*!{17XR!+DAu zUgk*5V6bM}R|g7_;|zRS^()fU3Gcth&>bWLR*wcDQS~N1)=t-EIG7g*dga_x6SzQEA0r{ra-jE`JWUI%|LUUwhbFP5Ht z$Pq(+*<4{p6`2_Mhf-`Lq8M2*^0drCJI2Lu>%o>ggz#uq-90{)eBm8=GO-K^3HN8q zRLNEmUEQ&E(zSjJc%Ex6a)J@cWJt*FA}$`s+&s%++D1e< z5V~)0Ip~0ZGWQX9zS;ZU@>zhV$_OATK=Aa27t@QrX^-EMs(|}6&TsOz`+3| z(9^=VhCl}hP+}14;xo?D+IjQS0BFm>ge`Fpki>*mR$3|y5{3ZogJyz6VhcR3fH4KO z{ACdF4iftv0G6euY?Pro8>sns!O<^0VX8%38C{)4cG(;!=SL{}UALTiuy96urJCX{ zQ2`!xM65E8Z}?p3PxZjPrgc}FiInG@_JMTAIKBl~8bDZ>NS>)q`b;5gJ@ySE@70gL zsgDoV$8n(VsB)DL=GeEe$Ix8!1+BP-rS7umMk~+N*0$U)K-AvVSi?0Q=(;wjjHfR? zmHHJ1&|kBP>@lolK*J}cuuWOctoNF-Q#NB%;yGG*)8Ony@wOUEK;Lz(PUckupZY$CglzKoK)M9|piW|2YavjwS2 zVuljx18n)SapMVjT84{Bmxx0_e@0@?KMtqKi+eGHWjSxg$aY`Z1%4DO^1#e$SOM<)A(9=q5D@XcTa^NRVm*Vrq)GksH1d6SyK0 zh>F$?Uk89{17YW%`SNKHb_lLWQb0BXaiT9^Wq|m+3qLJ);w?KHDE>m2ut2<(6@b5i z%B*^Sg5N+%39NY`V1>yBy0rrks!7UYuL*cH5LSA_1KPwukZk$}JOf%0khtrD85a#e zPX8t@1a!$8Yz@dxFjaz)hQ53Vtc(1~=~ z^ko7lkx=prLQ2x=zQW+8HcV8+C$oV(xn~mKjVq2kHOQ4G0LJ#+3i?Ax!V5hATuH z9Yv$sD6^qFrB%#4sc%?05zey22Nfx+P_huVY&r^yt{IB-b00(MJBqFNQgwAb^^P9g zIqc^9Ei~B)OT`t7OmSDTO!3*w#$X|I3~D<$DmhAKhTkMnx*mhaaR&J3*lp3De`*DY z<~VGf0YM0BGJV6l<0vw>w(rhCEH{+FrAKl>$6$mANP^fR{q=9Kh%hk}6@x)GjvmZ+ z53=wLBPuKwikhw;%pTRiVrv=8@AMz_E2JUP<2YAGMx_b4rv4X#`KI9n^Z-z((4vpx znfL``0w;QN2S^wMS!Vyh5+JkyqGMn_c#~+qDa!$>{6BV06qtRw&HzCp3_`GJ;!mfzgm9B5NRT}LJ-{lQ-}T$&si=}80WMhr|$<8NQ8@g09%1xpP~f82h2 z0YaU(q))($RgeL8|4SKoKfp+t3<|=0=>_6}w^0><#qFa5;o)GJ>4D=9fFw-+)81;L zTL1w338X!nygz(Z3V$H0dkY=df!0ko-@B7th$!=;%&OS*tzvG$m?@S{t9Dyf9g~EI z*6FRqc>rqR%shEMLUq(ew8Y9{c1eTg#I-AMd+9FEKZao0G0~#+HJb8e~TFbA&F{__nOaE)^Ry zmE@6PT+*L1vDgb-n1$g?Nsu|6Bp!M3_@!BhQTB!7b|2#^Jgi_`I(fQL@O#efY{FU*tQL*WR18Q_A0L4|MbRjUzXA}X}c7hcI1seC`P9a4-Zq# z=CbYA^@^Jh;J-j6?a0ORvP$q>>7@@cE=?RqTMz}<%8NnQ2ILLMEMxK#s*WbcC7y;B z?wR;NZM*hmY@rp)aX!5TR}W;(kuhof!ck1o104oe=upmtvdXml_fwZex zYhWLcK0tRl9yR3Evk5#h=`aFdULKI`))@(2{aOWo`f+s93ovEi_zWB-YyAI(oWOTY z38tt3x!0Sq4Oqvf2p;>J6^~9#Y~S3LmJs6tc;z;!HZ*Lz=XQ%uW7UiF7mlGSMa!P! zk3}7fKd7$_r9%GrnDXqnDF#5@^=M@EMpZ2PQ0*8LTO8SCpCjxd)P9F5xb!MjAnCwR zWuU$@?4lJMg%xici%g%>#)lyHkB%nv;r`FB3+{U~s};4KxAwnOtSF2e8;0U2j&J}~ zhKbLJeZw~A`-dVGLgNwhZC&Hzest(J2tsa34kRk|i-P`D;{Gnz>}y|$Z(sNqqp}U< z>Bs*1?C5@YpQLe6*`_SU3&t&Ocp7r$HJaHWlnPFC3y)^n$ou1~w9_1q?hB9B_IcKP z|DL)C#oVC(0QK`Gd#OcQIX^%FyT(knj^W!`GsjYf7%57@vDiUnpU?NKofh3-5I_Lp zOgMwT$OIiBTF52{)FDAJ|01BOJEf=k0vVO`@YD3n(3NP*rw8k-PV9b#_tC7<|Z$f z89?ih`9J;Rn_vqlIoKczUcY;pfm#Qyex~L!LjU>2mN=%O`yT7LmWtr%&L=gwjMc-4 z7odq_e9SaIL5dwa>?7w9vJ;y$LFa z_>ufP`!J2GLt6ag9Ba!Kt*kDqYFc-R+ES_(zuPTSRK0arJxbRnqJmV2Zq=BdhyT?! zC`O7BAj64|a_dN&fe+8B37k4uMDOa_8QGG)aS~=;Zm`td;j0nMsE*%OMZSU*0+4wH zZt2m{3n4TJ67J06%eK`j7ouJml4b-bU)_D8dF>B$a75qyO9C0)?)FRxBIZ%9S>MJU-0*d%FH*E+! z3e}pGn7I6{)SYyIe6%QOA;)J6Q8O77HpR7da8K?3PmT1s#W4lHNfWnDm3}XJzT;qy z{Sr7hfPhq~YoEz{LW_Z7Yc{NJF`irXfNxJ#io9O)+hQcPfJd5h4wDZ}>>Q zf_kc8QbZ}xVgSYkdD3wJ$GFY1f3ytU}T>eT)y*9Ae z+hku_l(6ky@t1A zl^r8>cRGh>5tq4_{fe~DdG~<5DTFeAAhECD6Tu^{NPtJ6)l8RF6NNux!$?6qTuFY@ zS|&7fh~n?bH`KIc9p5!57xMYX(akqMPr|K0e!(DSJ|#&aA4X`N@@2J+-aCFxZ1)dp zo5ijjt_@5mzgSsWttkWk)S6e?YDo0B@ByK}p{_2%H_J{p;9h%^HbTlOHIY9NqeaKX zNsAAOkq2SK#Kb7d$rbRx^K<$Yy2K_U4E&dhAjN_amAl{vH=*LOote?sd4Irw(LJ7!}{6WWK2TF=x9a<_EKB}67uZ=#@F;-wI(wiRr6$siIJ1C6Lr&CF!h2%0s0I`{5+v!N!h62qs%b?qq%p4$x33 z)hsw5|8vF=gMSfCQ|UzCW`r2ai=!NxuFCL$rSHO=7EQ7VM?K9WNT6Dp!7`eE90eO! z-!JDVqB!!t*e{Q--1uJeh7c9g)y*>V9-Rwn8HRKOfnzJOshdSvqHC|W&vN^RAx@YW z<#4JBey>RVYgZzAUgKJk^RhL!DpZ)H!$}kuCO!szK1U8SMy{P00!Jkz9zH=#Mf0|t zwVa8b+4maPLE#)jSVCVXhJ&aMAqon}sG4OO4>aBAb<$<2(4Ycnn1V>0EoOJ0SJ8hP zJTk4!wPywne~h%w9)JG1J`T@1hMeEZf(++ChQ_Be98!j%7>Nu{R8u836JeJ+xS6E* zzgmD^%Er)0I_hXqK5;qSK82A8F>Gr1C|x-OrV)iA@1aPScN{PudaTb~6s?6k{yYAw zQC@ep!9@0Q^>om^6j1%(am!!c;cH*HSk<)YueWq~|LxUXkN*-O5l$O22$@*Sk$qF7 zjJ}`3g6uji+r`hX=Dt$-%bglqtv1skCxJOdE#Ux5H3XJ%e+wrJz9YrqHL2CuwuhoD z*Jutl$iddB)@uBKtx@-r@${?e0r~~~D3qso>+kHjnjY<{!>rHWlU8=LZxa0WsJbtR zx-WihKL7gs`7_z`ku1>rWW7lUMen|d-mP^%uXVqicE1R3UI{-wJ_cUP23~`Crq5tj z&?}gvw*B_1^MpoS-2+zlgS6|p^>e1~OQy5Wn~xi}UANCKXRj}xH?H!)*FT8zC8C|4 zJc)-v#LK_x?uY8vbF|lUAnBmU|8EQkDOFytRRXu5$?k%|Z#4fSNdp4|lh+%Q*SGik z+-6i>^qUbaaOuB|8=w4JAJH2PQBTij=W&qi-G|JJXxa!6OO6{Ha0d9 z8n0rQ>hG0~`0-)kXJq_r*~^fVu$7S}HdXtg4k_d3UBA-)J(RE;-&ddi;-~4qdG`A^ z{ZF*_^wQLJ@sid9V>7xRkne}(U^yR7Z}bZ~2l&GmFIQP`-;u;qhtZKr7bs{giY{6x zX?{>t%4g_X@1b$|ScREqP!ocgF6$ZZVuObf$oPAjJ4PnvQVwzbG7t-#&cYMRrM#$88x>j#*);&Ux@-yLSB*Aa#lmAj{z-cQh zZj9*5uIS5X{*ydS>isO)^X%Ev)Y((I^L;w7`w4-$XQH?6qPI<=k4^6PzpKWZ7jPcF zB_T43UU7*wwYJ{=*?jp^nriYiX!2A@_E1RndO?;i`Z+7R;AueRX#ig2JoxOf3*^9< zJT`~tDlk0vu|4(8&d#<1#@GM+3z?9x@bieQ$YsCiQ~xesz;!X%Gnl{jM6!870z|L( z19T!67NY+wcFvu~Pg@M3t-XOfiBx5c)coR~=tx<_he8t%KUFG=!p}-JR|(tseJYn+ zGj*=b`p3_68GZ7^={rBr8s!-nSmswTIT7g*$V#@pZ#9Ik5RAsM=GNmJ#v#vlX8b7S zEBX)N2kUl$WJLYuqNq`D!)Tf0dQxP-RFdeAuX(~c6YEq4$Rs>uAC5isjr#sA{FV)a zu>32ZuEYuZ)f>a68uHPSn4mu?UbO~$rtnl?-~4>Y9_IGnKTAt_j82Apld3;XOWA6^ zp$$XY2vgNb16p-l+hUasR$<04<)93E@m}Jn7E$;es$s;x^Ur& zV6{bz7GTUy!9(HiS|iD{G(m{%6H!e@(A&@IX9ne}P7ED;;nMc)!P{{VRJd&3RxjE& z>!)oc^U%OVHvC*9r^@Q#7rIJ>yGx(#CmhqShEhy(F48@cA&U?u4}oZ2>C;2kKsIa& zgodG`ayTZ=P&UqtP-0wk(z@R}?r9cIlr{RJw{UW-^I_?LMlQ!* z9*-pF#QI+ie+@tV$DT>)oWO{Wj0gS3JGNlZZTh%Xv*bVr0_xnmi+#5lNvjHIR;kXn znT}HHn+6HpoKX52y0e(#klHSHry%1*0F^+bh)fYXR>cw|j;qFEd5 zUsCS)*L=r>aZa&>gRMRFb7Q=ut8wzb>Y?-x7 zSv*A%E-@swqFnE!K~gyi{h3^!j_i`B8^V{QswA7jq&}suQ|2*lQxOpn8$bMW=AhF_ zSZ)xrti?kqIV+PNRNEsfgC6R$P2{r5(5yUTlWNOD2{7&k=e|6-x6Ae)&VT7B4EEc$ zEMCSyjZ; zxH!ZC+ht^+LJ-s;*Pd#PDUKGu4X-o#RaQcw1Ck`4Sr;)WI+#|^3p&H$5_5N++oanI zxBbHw&K!DPxIl&+YE~aSJFFmVy^EPqKQGN1E5T$Hgwlq#gFis+ta7E2G@;Rv!XpqY zA!84;G$y$?A~ba3dIHq_O39T|>lkFYi@KQBK5!l((iJ{do6#D!^FWSqFVgug-JXj0 zEzTJm4!E)&@h|3ovp7nstdsdpo&s~F&3TkU>F^G5APd;nYfKYkhs_&v9c5%^w`KlW~S z-nF}_!UtbI))es8Ycf~`2EM-Q+In}*@3zVjKk+m*S3Wu;B!lZ+s1mnj-k{5xp>U)5 z=UnwY;+mS~qPaY7V-}ra_A7z9q?DBXP1U>VNX`f^ea6lR zb^aqhTyW6G;5ddz-t4VBV;aA$lEg+eC}eJ9D<$bc2<`s1363x_g-;IiWPFhr? zEqZ+Z#K*;K>3m57g9IJagB2LTN8?r5@JIH|my4+^?-OgB?H2@g&eXjZIMfzX2yOT8 zl|YhX$VfI^!vF>>VcEy0Xr&Y$_6CcA;$o^`w}I-bNaM_>38ipoj6&FV<0Ap`5}z4T`9CxSOEwaX5QyKM`YlRgvoGJSD)Z%vuy6ZUnqGBPG= zy!ar7|8UTpLl;8RMmA&QM}~hVTHaO|mNK@^B7zm{Ki*7ogIECqT8A0sQ@cKjF3xN# zMxw#6)v1PRI9yeZGb9fjPQpzL%MRXheO&Kl?EL+ef9NzH#j0Wj_=$oKYOI|a{iP5EgC2K%NMtb?UI^P zcFHMVR9u8CcM(3m9`3A(l%ej8yFD5#vCF1^-b!Y8M%0qxNH08Lfwp9Hl3(<3V_@wj zhesGn4Nn+$a`v|>e4qxdXNc?7;%d4*cx0g}{!sT&e_B9S!!YHsl0=VdZPBdQB-py^sd@-R zXrt0?T2KVKe;yx{hc^&0ER6KaAoA!(pG`Gqpc&?6FOj$jUpF?Ow(fJa3z1H^G(rBf z8ZXm3nG|LFj6R?`k%7WNT}7TXTpB~V)b^z`PCPiytH%(f&iE`TJiQloQ94Z>CR8wD zkFQMmc1DhMfE5Xioby|WhLasFrPkKk46srv(1~}<*co_DC48l>;37tphneB#aWk3R z*2&H@JY|-^gNOKX)ku=35qCLh2Jf-y_r0uRilLw4sb?=>3P$X;w33ZbcAecmQRW)? zJQ7mNktD5;SMIDY(F_63&J%+|JY`tUJuOao#4J0>e~gE<7X1}T?uIl7+ZCQcFT@my zfNdMcx@~E`T{2_~H)e3-?HB2g>W`LF0c0Qh5p80oC8WXbV=&340LEemw#3Lpe|PE{Q>zitGb{4 z+W*^$U0Rxp5)ARTa(>mSKR#6?c4=QI=IKo-NSJFpNrqFn2y_Wi%MC@^qTRNk^Ct(n z-8-tdph)BSf2FToj*M9hA%j^PM!$Yrb39T-7MhFeB8(9mVhbeLIV?$(_cg)N&)3 zh9&)*!h7ws1J$)zDAqabM?vgjU(~!D3Z^9CxwCKDjr?_L1ZV$xFUJo}JBLP064h4$ zskFIy_Gs(_lT4DsjQ)GRV5riufU&tm(!q0gTO00Zn5Y7 z6!Nh&#^bdLI?*YT`M%2$nt#^0vqef90ljv74$idn1M0ET!a;O*Rj+|gY8>b5$sjm+xsth3x!LSF^~{jmDkUiX;6kh*yf^*QC0JX=19cQi&j>tb>5Y?;^Y zH}Sl%KcPI53kG8rhCGacjqvxc(^Qs{<{+iyf0bWJ#zVy+YZ>J;PxSg!>8~6Via>_>I{1+dqvl}mzEtjB+s;{dcetzkGYUykkf7>BMrbcQ9M6?;$ zgLClYpGI_|IzFWL2}Zn1WrtvTd5&UgyC&rIeIM{4*&?;H&2@q~jD*>zupZBi@E*&b zv<5>5mJV(6xkPGx$XIe0tjZC0A?NSlAaruKD#j*jN5Nq4C#{ z6?^)MvenFY8uX-DS3h0VRimkw)*&#|sTds{92`D<(y<#&B^|Bgv5g&i&Z+u)cBUv9 z<8qm^I@k3O3biQ{BRh_vOfejY#!_RAe5uh&LRBV5)h8i_w3mYyGYEWD?cLpMlViuh zO8SjVG#W(@7S7Hp!f5p)+vmJe$k{gI1G~m4ez70Zxy9pcp^^wcX_30{N1$H1pFFTD~~i0?`-S$Zk9p= zAcwQhxWNX<&r8wRkT(yV#&3{Ylu#IsgzJukZgCGCKQicNr?(Btb`TqM&~~p@FC=rh z`ZQ+$eFR!oXOvi=>EejhdcJJuq#T2m$a4*c%?F!z6P#ai;1vN}$fKYS@>dM+`E!hzRSg=f#=MUODS zb9`!Q>O6c})vL)FpR~uVvy9iX^F3GOY!Nf2wb;uT3udE$HvBzy0`qWD#TjXfQ5cNv zMc{NqxeyaLW=Nai_DXkze(HEx z7*BL&{`9S`#QU$IS|0VO?Xd{IIKyE(rBc^zl|@Ce9{I}Lk@M>*C=m%sREDs^xaWQ> z!z&Ui&a6~!5EAk?p}G17|Me(J%F?D9QRXIvpdr8-{fI}`q05{HQp?oG1_#5YCKn(# zjP5EL9)|dE3Ut$vq=ZUn`%6SSWBmH+BNq^9zBSkKj{ol_|STu$q=p1pl z8GXji3X(aKyW*Ed%_RL4qqjaQHAZos%xf1teyb=k-1SW`>!=;ij>bP^s2(=yf63sz z&&`3F)e!!qe9NJ~c29AHc7askccRx{TKNvGd_&#Am&v}ZP!%3NOzhB=IIV_$_&(fd ziJ>$^L>7i1TEqEZ=Iaf&vnuGw{;2PN`t&Jn7Ac4ZF6J7G^Fh_-BE%web6zbrjySTU*;J)uFgX(%Dl}GM{1`gi6OY2)fz~iVA-;!u99>{Xb_2Ir^aiS&X zC0ZKiBxX5t_|#f5DuKP zW1JN@5q?eobM(X2-u?q1s(N1}@;rNb(XFWxEv*!{6GC=Wl1kwapq|{e_tg^uX{m;6 z^;<})RN`g6(qj3MGn(gex9-_PAMb!*>Ywb2-&9%p(euxFEx{OOvt5e}_RNgBr~ef3 zt2*j52pPE(qk9xk0<$?VvpCE6QL_hR6~safizg+Y=9MgRCv$}XB^l)KMr z*06_=u}dmWVBgsCotEZ^vRSi7v70qRkw7x5D5tb`22$u`VR_Kp)!Vzm8O)zi1SZ%% zum$sXL&va_ou=~zlmS*; zWBngF5cO^XN|PiqaA=`sKoZ#=>7n%~KCYl)o|UIO6&gCxv`x`Z!rv(dfwf1B=+zrr#%yqt9TK z{EuAv9^)dumZBVcuNbDBRU$=+IUygO#y zdY79#iT{9zu8hDi_cCGTPxgcq?HK-vVog(O9)Ak~b+;)O7aXF|4nFa-$yqtwv#=z! z#BQ@cv7_FXOqd`_CU41H8T7|NZk}-3dG(EIvF~QS#-Dv@9;V-MZnvzb>ll%uS+^xY zICO=l)M^O~uH{?%K(@U`qhMjusqiWp!DwcLyOA`+2t z<_gB($iB}NgaY0~mT;Jy)O8PHM9lqWTy660^$`DkE8dG{vL<)OSH?^@7fl@>>rPt7*NHDQS zSc52*(3=nG29q$mCHF2aX6im%r5azwRWw|#?79RN3a?#JzvY^H@HS=JA#TlE%30f8 zj?E}N&wmIVMbN?KQY}c85XCwx+k$&p`Chlma4X_|Z5M*ll=Q7@1Dtj|S^jyaXw=XZ zv;PrF?XX9N$#e0~MO**WPx}ET+$y0aIgBq&_Z>2998{ANN&de1&3wWYcHz-=Qw2wC zmpbhen&50Vws2gPR9Z|BL!>pZ$r^nci|E2}!#BSBy5rbBFuc)AXjvO}^JP~;98_T9YI zcU@asyFJ?kUXij8F}Z3p$ey+ zcSPI;41XrRZ_emxS|FYE*stJfN`62?p0w1)>Ir$Swf>pf?8^P^9|bDy?R%&Z?n-R& zQGrsNt^v4lE_IeI@(+c&oKc$0|5}nDR$A2UXk!Q`Qp;dnTh&I53hRs&N7FwYwD?)4 zI}9W9BATjQrY8N@QAs4I7)C<T!28x?KiBc+r^SJaVa#L z5uVxr{dLj}_IHl>V!CcQ8Hs`-g+2MD=bVz5l*CT6DyyUlGu+U2*Nq|omQy7vd$Mus zN26$teEZpvor_)!^*qX^@G)QPeO#koxNrQI ze@Aes-g|fCRNhie+lK`fPDAkm-kmZZo2*rb80kM0&GWI6ZhcYWZq0``y|4q-xsyh; zVSdDvBk>!y`X?~D95E`5D;nj!Qlo}7==*kzlqsW5yl6gFdpc4myb^Wh?=^z(Dp2Xl z&EYT z99^~sova|{LE(L*;iOgO)F+5NhHkYDu-cJ|l*-CAT=28gf9xYTrgHqG=ZCwOJw_ME zYS=p3A+F5q7#SI?+BTq63njE8+4yO`6#B12F8Aasyi(kRWJ6kfM<}hlThgv=H@28r zWMaJatsb)?F}l?&hRF3bW&uC^0QLi<%ApINh3$Y5kHzp%nUc!lKv|BufT*Yr zU44vcR7193<-=oyoHNHT*=}qVSwGCN%Q~zCmG|?Rb*_5jzT*dhgmtY>A7Upg4^8=JwNc#vqTUev~n+D6r(O^xsST zu!u~InqwsL@JjN5x2Z5o33cQk?hj=K?PA%txw1W7zrk62M#s!>!h5_@z2VAjwk)hg z+paacY=(ktme{uI++30d@*@iSA{)FI*yBK#v7h8coVT~P(yHxAVfvCPJYxuNn)yE<*IneM9bk{M2OqL6eQzrgX+C%my}IT`DM^Lc!mafCJm zWd`UFxnAt4B=bHGMhuTs-{w<+x$E7B^ob8$LuOK4xIF~B+&>(nS)@20aG5hH#aGdT z@%X(Ng5_=;-wz8i#_Gzoh@b58#S>y=(-5Dmlu*QUCj06Cid@NHsAcNx9X$}ZK{+2B z-@Fn@0e|p#x@(DbwBU< z@?-za7;CS6VO|rz&9++{r>u-SrKX*SfTP0ve8$7(8^VGKg;uR6S5`5U;jRoc!*W0V zsz|ITXLqs$^(67K&XBlR0oeN2J7wk3TyS6aKyJY@7y;=#GL5>+pXRA)Ap)x%99#s; zjW=P)v4mTyU2x1KAVj&d5-!_Bf2Mod*wn<}TTA z#Caau!>-#^=#i_rTU8CiKf)iARcG$76j?5F24*wxd32_aCDpq4X99hl{nGarhZoKm z4Q)P&$msaX(Wnciz-~=GCaZ(4=O~}1hpp)3r5EjpC*WG!1HBve(C^6}EJBnAKh*Jy}JzmC6! zfpF%PVJ!`{NHkd%{5N#6-ggD`+s;0{+Gy4dTc@^7y|$ii+L}`,#=NZ3UVF9VWw zYXTdv^E+m)#A7xMj*P}TzvJg;Bt;8HV1~y!@MRrBg4Cg_Ycujx{0UdhDo9|otnV&x z=3=XVgkoGHoIKqMw@zIcQdGW!E9FK!Xab$Mqf@J@mwP0KksbK6D_S?w+ilTcjc1gG zV{y5Mf+f&@D+RP~_LLh3V;!ELD_?L#Bk)IB&QSzK8f*egJLFS6d3MHs-gZq+Z7$*x zHC$JHj1kgmc~&7oNG&J1ia1>4$==E7i&P=eW`;iToY|UBr6!3@fWOea3oc0wZgew@ z1+>!`;=p8OJxcnjaf`U+XhXcu(X30_(LTdrG>{=hd@JSxS&SlN7GG)V8yXi1R=|fL z=fu&i7F~*j1fLA^bPbEa4}EN|wTLi)*;xO}Y>*zprt;D-11_73b0j>7%M zXSl)g7;-HSfx97Fgo`fHtzRXqRkur{=)B*UnTf|N2}+v&QNbG4U{O5zPaGj2ayVIx z&R6as!>QY>hS%$7`O-zUL3VJ{Q`$8N-OiDO@{bSIH{P1iLI=wvgcS9E9#&S;{yMZ4 zUS8bLlQt`1I@ohC(u@D}p;2@5^L@RE)G1-7#;2D)m+wrO(y)V}Ga*fVEs>0fP8)&C zOYR+^)Z7r#jLI30Qbg2}%(uMgAurB@w)S=aJ-WPP;;@?0B}>FNN#mEt!j0;vB zSz|jWbB$)DWuw$^I@l!R*?u==zahl-p5=&3{<;fSHv(8plnW5R%Pq^@H4{lmAV{pRytAfqk!wVCeUFIm* zVZZXY3W>3{-&RE#*>-2yg|-tyGa5Q5XKG0ng7hbB9%HpAUH^djUg=@7wlXi-(X!`t zhJrjVocy5{15%#ZEF+aoq{i!hwwiWOs2YzR=t4-&S|Xy~{8$vt-q9aQWkFR%Vq0m9 zhI1p+wWJdrL4y;HU^*#ki_-|6o^DZXI?=yNKC|%>a8FxOR|aZBZeHH=FsbvbgSf}3 zW?_rksqK6VCl{8_iX5L-2e#g@^c2Hgl`@NM zytY<+;Rw@4{}_#rl=_Y;Q|R}RWRsdRcjetuscG62m5?u-njxMb7t>^B*=@6#tdfo{ zJoyU34{N`?e6zjHK?YEG$cb!1sI`Vn*KjeD;zYx|KS8#O5326>{~KT8@f^|nZ+8{* z&dxc`h*oVu1jq5_Ik)Dyac5#}}(uJD=L-IT~p;{##FKB_(Fbf~8gtM+sP*|W5L zIB%hCdoHZ>O{C7q;q)JIg78+5(YJU~J4ow~m%Lo9G7ev9pZK#fEZGU@^AXxX!2ihf z&xhgn;)N#u+2)UILA#l*0I*P95@SXN@xsjS!Df_?ziK)WMGV{20DRwYlR5Z4e3b!c zMHm-@3ID2L1#7wS)~pR}%Gfk~^@7IORKoBT&)dz%$43lh0T+LN1+&@NSqn@2p=v$< z{M6nt>aL*iQKib5ZQ9b0PN6ZV2sM;bxI7hWZ0?@_$+jBb7IF@X7Y7N9!?T2A0xTb4NLTbQx{E zoa$uZI%m0(N4KFI{+Yp@UmjswyCJ>SR_Si`7C)s`OR0q;a?Ju0m2gkW7FJZ2w?Cab z&(5Cd>8d7CUH4{La_|XBI~(}#?(RcD@)pjE>`+%?GoE&(+q|w1hSX2w`PPMpR38Lxq~9<|@bDPbSF z)lU|+(0aQ9d#Xo8?9 z)yI9TR6s8oma(2*v;Qe$M-b&?Q|**C9S( zE*?f!p%2NrQrGtWjkXj3)up6g{%eJZi|gxn`%spqTVP=#>9ne%W>CeYHck9WNKaYo z(?@(US9g5%6c02UD5Nl|gCuLOYb-3o>$h+m_&D40iYyRpI>mVusXv6PgTJQ`A<~%x zEQ#Yf+mAr8ey}fzlwU;C(0)=zGAkZXoxu?v;*6aoD>1yFETJcaeJRtoI!K9ssp!Z(}P7 zF8udcM1XSjVt2KjU!a3%6*X-*E$xIvrVbV!=&x|<_k;~r z?&wQX36qH<+Bmu%Oi3Z7gIXPVaKuR4(I84%>~DN2Sj>d?Qq$^WB|@R>x;!Aons=HEm)Au5T35#?SBD zm*~pKG!VP?0WD|gm|J4DEgM=PVwSQ8)tb~Yztj)w()%E69VT#Z^*?>?in7d*7OMD$wg< zgx}UO!IgiU6pGSaQ1DWXiP>Qr#$^_!^Lvi0;0ZPw3~RCn#0* z)rK=(CdaFF2xO_xwGw>A6$_#KoVWhgtKm>Ji7i~ZG!hH~h`In{4EUs`rluj-`TE>l z0l6%>Ywyc%#2YbR8#+X|4}R*zV!1Ceb$ zmAlVKA>&e;c%8f6tmU!lWo=l|Yj1Bqz&hIG{5`PN_sBi7Z;3C@ zQ-R5T^gLZME-8z(2$#$sf(C1B5`K85Va!47#Zo{$Xx5zNo{}e#KOM~-E^o@Ya@RCE z*vthw8i)uB&2CCs2*83a`uRna%FQ% z0fA2;`jNJ^GQ)*XC_8hjD|)paG9yXA{haYSVdCm#XV{q|7m7NpEN_o_9kv4H#t@~# z`#S!s<+VOeC4#`-3_V@`Z8;vuofoR4$|st%GJlbMP#NFxLJR1R*#m>ErR$(-?r;-S zBQ}Wuwu4AzaQdP`j$?9rl?9P>Ha9)fISV{p*-$)9t zrl62xGcbxHgnxpm0Mea%%`Ce-=8`83e6znj9LXhm6TC5#4qy@Tbl6QBZzhLLl6wm@ z=>*!|>~+7chMVQaxba zx1hu$w?QJWi5VB&?+dKk$+b>;3TiJs;l^iT1oHRTt@$xwdc=_HlXlQ?w&N%c!rIE6 z#bwjM!TlnBRb}$_hK3S!BZOn%ugwv|m9Py=lMgpbY5-oQ_x zZCPu}z(Aw1qfNl4`1n}HOYWOpM>o#~cWJ1Nnw;twg=x~);`X^TSDI~YD1J$j=(hRP zKbxCaCLwI}Nk}G{RNSWSlT^}to&Kefk7{9@i>V|7X?DoFp0R+#9kvCeMW08~rK_Et zJh7z#R7<=isoQ9EsI(dF!TEWtO%NkGhk!z}!aPTr#i|D%KAzq&peP0|R4@7@&+XTJ z3*}_}_!_FytIm5I;R1(k^XGO9CV$axe)A>|z35-4P`L(}#y)DO$*@1LuiwGa3t@DP zqbDm&@><`?a!SklAdu&5InSSparO%J)Bq5ReW&67AeL;0@_SgeON3sbz)1^2{&Oic zFyG`j#a6+VpNq|s_>+*MDFj$ChK~uzL!^RZnZb~6_c`d$jGA#1Mq@61KSb+>Dl`}U zuV^BU;wSEZv;N$jx1s^7v9VcP>hUG55Gd;%@bB^E&x}+HS(Zs}foR>?gf4;>DY~uG zAcc0z)VNnA%!Q7E61qp9vC)Dm_#<8brYI8RkAdaPs=Zj7mJ@m!@+;iO{sl^;mNvR+%9)1`H?h{>0*hmvl} zL7@u0v5_`*`+Ldjf-_Cp(5?6ya*AwA38{=Nj2QbDgVG_)|^ z6dc%ZI5vL>ekPOXM;C9O#Y8F8yU0B*APWu3ufzgR#k6&&omj zJ@`Cvnr^WN-y&Tz@~s(8waP}j=|^XLRy+68Fmn97-4~sIne(69*1fx9jwd4*nY!20 ztLllu6sDp}#J^~b9VW(ty;4-NVd;AM`)@o6QsdT9WOZbw*^`;A`%lRJ<&@fm?}fVG zW}>(YhUBj@hWr`vDg!B1jmMUku4A`MQdi_Qb6d$=nn*2H){d_vAeI~FZ=#=E>Vgxw z@%QiFO}0G3d+hFEqA7GFE9W zd+PmF*Hk=1t5{N_bWMhA&Vzjr|F&2uMj11lD@QoJ`_@~&*#|U)^i_O=Llni8QZa=X z96}@4$F;}xVa>kZ>+utE8fDPH z41`_9(-)J5SDf~*Q^ivH@a^{>0HA@$aXYc7%h$T{;LEs5&yW`TY8~;Vk}5NLRHg(T zs#0{`!VQ0KoJyCGlN~EDY0yA6aNLX`?8uvB4D%FpyKYp!3bbNCl){Ifu++LOk0w)P zh%-?Nw``8WEfF1oFY3>>EtYV=bFSM;xm1{B6jDlUp%oGi&XLXHI!Mt=w|PvC?k0?p zP?`#n$Md-_$!YX0-&c-Sl4xAQ!;G)q)H6-y72erA`Rtq=eFYHZ*z<<=! z+)T0ZHLEapHdf#P$YBTPd2^eQnucb2U(XahDizgU?|~bTH5A`kK^(Sity<(L?;%0% z#BVEY5Yg@?92#|1ayouP;7)RHgyT5s;Zvxxb5ae2AxpE88^1qD~^23j2%8Ce4( zHYi)3g%#`uT}YfGh08NN-iR6n8Ev-WxdC8B;KUzNr;-b1{%VN1*Mktu9=c59Tw~qe z$c0d-z|g8*{`e4z)UPRdy=G0yg(U(VIdRZ`UF25`6KO0tqGYhZRd^69`sS>Lyw^R; zZ75$M9j$^07Kh_n52=>-Ue!7YcGR0~_3aPlOyGp`FUT6gKP-i6TohOSzsOLyR>3D! z@V~F=B6q?#A}_YsDt79@b57L)`h4!J!VbLx!NcToffowKyDaB##HyX1|Eu6lOn1U> z;m=%lTeTpMKoeG@#IkSAc_h1zC0&d2hzgz z*a_I$nU=0BS#V`!Zlb!N1=YcVpPpOZbtCN_?C+p9fV6Erlll%w^_0*%pG z@*NOPp--|1Uo+x3=jEM;oTy-Y5TGRF_FZUzV`7i3|3uu*Nis#!iEHPQ55qLZ7;EMi zK(uCq`LBP|#kNGx8F5uXM!A))KO-*4T}7U=!z4F5L47XN+m5pN&yPFj*gxy*JD5ZT zvkJ8)*f27mQv-Gl_J_xZtjMB2gO}0~zKqAG6KaldW7SafvcUfH+&*5^8CQ0owam2J zM|s$%kF&NF(aCo7#?>ch)Q~E+Ny6&$*9iJ$$n6wAG^d7eL|CHh(s)OT3YFErcUOK( zHS7~N^3;;hrB8+K1fYSd0CYm!pKVl`!7|ISz)FSfpz z(40HYD`41Nhk=d9;D@1x?h)Vog$l-YISi#$8*#mg>=$rx0W8d=-LU% zM-KiCAiV)z^F%{`7Yw$d?^*cYCxOwp^? zfKL5*wB`wQ+CjSNod-fCncwo5Q&b)b)Dao zf*Pv1BOC+RJ?a``!dQ;G99#7OoAim?r9aO>a2=x}Cwc4NMlWm)8#hkyf0Qj>H`r|P zUcu(;eUln{uJ@TdJ>dCn&0%Mm#aG6YaptLT)Oeq4zD1q83iGChfH%rF3WgoGqbdJuRfu>4brCE!26 ze}Gk+I{ zo%alATQp);(lR(+Zo<)Nx>ey#bx>!u7dReLhhqiz`wmmi%qKJlVS-@GnEc9@ZJ{-4 z8%@9>ht|kCq~tI4Ku=%FJX@Bm&zZJIjhT)Lt(c&g=!N>?Xe@2^8lSp;;MZ4AZlp)3 z{l^kw3G&bl=GYxYI5`W9G(ab+K~c;5rJHT(A%zT(HTG0xrSwys18 zyUs*g5K~hnmUDTiQEK2#w2p;{f?Hl!oO&~bTvE*QBpCVWwxQfzlMX`)^ zdY-8gqrNQKFmeZNDUB+fpn%eQi~(hFFdzR|+@l;PG8(9`#FQs(PjcUxOu9oniX&ek z0iQK|LMacjeohCRv}Z=X#M0TT)YOwZiI9};(6)Hzg~uEB`iOnw2#i!YOP~_ISXgR< zBn8#|V4R9z#?BkxgD5lH9m_^N^Bp%BXDI~~wKcRcerSHkHHIGyeI1BoY#VxoJ8JZ? zu5e{J7&AdoZguND+gyXMDsCZiQS} z%f|K-OMAWd5oG#Q$yhOc!e>nTfo8^k)ChEApXx(9zktn8U8cqi&b)D~{oA)z#qV>1 zW*xnLu4VR7O+j*s57~Yy7tuUJ#KDOkIOO$eIMi3JZmge~=9LB9lZs1Li>J0NbSPb~ zZt8LL{TS^lx+t1gxs^#jZng$Y4;_BGWF#dht6>wpGXunL7?zvTM6iS&l7LgS) zV3^R2%S-7Xzb1#7H2ijqGjo*vumNCfz@mQ3a(W(cy#G=lRz0Lo*J)LYd3nzeS$QFKc!m)bWpV}J1 z_?!)ot6FCcqL}HL{Z+B+=d#8Sn(cVWP?7)Z2y~<8BAK3NUU$hEiOumdg^8C2O5cjG zZbvWRVU$DJho4SF*y~WPpiGW3OT*#Pif>_h0OH;|{pOj5>>KcXv16-zQ-0 z_=?*5RS)jqD3Ar?UXrwUqbk$MOhSexc?qptnOIYEm8cQ)zU4aO3VzAJGsLSp$S8U= z&9t>K)_7cl#tCRcEe4$ZCvJZ5F1S3~S};Q5OfE^mR4k~A^a@x|X0fms_E~<{<4VD% zu&3~pGgouadh$2m2F{r#zoT{ErQD_$-gh6Z4dQxGvc=9{aGT=1RY&!I-)synlrAiK*Z*E{bqP%QJf4)K>Obr^I_yr?oK&_S@DWn?)R0GiY;dh)~_ye z(E+Qe(#xUr@+_|2Hld$}nmCjdb>?$%Wjl!bQXCv|tmV1Ye(1jvJ5%@z_VR4#va7RZ zvuEy|R5d><8^J-+bkb^dWo$IKh{}L+-L%cMU!^rn&%wa~u&Yy7yH)@z3O#W3dAc-s zA67qBs-%2oqnAVeEFUo?n+uocHzxr5kp-haryT#?O{9V>{*~zB9!nG6_UoUWw5l!F zPN@4;fTc1nWF&_scXy7p?D-`wC+UNh&4Yux(sX6Wej_R*(=@%?T&*S)C&Rcd+xP!* z0gm#wEm@@761kr=O`%ye2`x{EcMxH*4ShPRr&eoq-S0}lCyPFW6qv%sWPXTf+B{6r z9oj#dO85G2u6}{}i`f{bq!NdwR@}MyZS=R4^1tJ9?MPyOSuTeS8owj4tFFlnlm}6S zp_k05vyw$etxi*3BNvOk9>scu|EltV!!}?ARGPnPj513&Mupgy=!g6 ztI0i#Hg&8ALP&sM9;-E*d+~s$z%!f_@1x?7n@d}M@*>pnI^fP9L6JzuYJCl&DQweP6L6A|Wvg zSh$|J=aLBU@2sL}{Bb$~&jJ7xY|j&q)FsOvc|ZS*j?)&-^9l(vR7?(&3EDw`~xDIG9v; zD?02o7ExKjnQ}DR%{$4$#|u>{Lbb3CkqD)0^9KU{qn^e()Ot23AdIUqSgJgYSLGm% zEbQn`M>8Q+@cjP)?o8?i}*seIWiL7F_DZ#i43V#0iRrg0gDbcom_3Xg)WW2I6 zybHoGahX*ci`E~zo-`U?b{VY3Zh#y`r^jHEqjlK9$1L@~DvoGeDqmAYaFr{(re9=) z4+M;~&$}gu3)xRFxG*8Og(AltQsi2`G{NAdm+$zk)706%YMWbR4_N)m1m#V2L#UZ- z`F-3}l>CF3C-HNgu;$H0q#sH^|ZhIc=cd+oaI38-*I5O=i?H@f?lPy3jMD;!qO z90MkfDCwJpD|AP6#0s?VjHTn`Id0fAm92m*&O5RAZBCYTGKsAeGng(<{vW^_uGOlp zJG=Mj)#a3a2CwD8kfH_Ku#qB>TP&2JRdsL6UzV4!m`MM6@l(7qZ4P`!6K`L%^gc(q z){^U`MS*>EmH8G+I>44w%7h#FkcO79a|6U0*6N;{-=bb7B;r5*K7s4vk*ZQyhSysZ zLrS2q@0JAe_mnxUHICw33kyDU@LwX?k7?;$$27T_4u%eH?z;}tT^1?5aG@SAlg4oYW2@A4ayG_@hBvket&PTJp~IrB=4 zWD6UoAh^l=rzK;Rw~Z)5Vrs>MBPndpyFAJg+3;X|k2Fh&nS#N&#Ik9{MKx{jj`+Uw z9(y@A>Y@)@qKP4{cu6PT#dliUA5a^=0n2l(-Sp%z>~xw5Dyf<0`+H1R2q(H#HC~9_ zsw98T>Ei7MLan0OTE=-B-Xq}NV+IgoI>C^Fy|;M<8cU`_ZMy1G%(_wP6fAjvY`PyS zA}Ht%Rh3HUkGv%k`Ui0W4iv~JC&RjHtW{kST1{8+!Hg9x`R z`Vm&Z?=EQ}tV0n^SQVCj=mHp?4(O_id=cl-oULmoKC%WFg@)Mzku zvG42X`SZ?K6Z>Y(XJINgP#e4((K)uWIkO&4GR0cta^{MC=mzsPeT}m%o7bK4^ z^fNk~oov^p{hTa0(;W$=orAhGkZDRjRnTPer#0O)!I{_#7rwCm{4n7u^GNrJ!ismZ3pGH}Q|G^HEA0!gg}GUIT;Go~m9(r7napxQLza+~{gqujHHSZcJYQ9$W?d2!|1e`c3$S)^T-Z zhzg8D4w#q!+&{p8cvScQK7^h3Bi}D7;QG(-@jG^Y5$5V8oV}T0vx{}nNV-lbQ^yhF z`~G)oWuqq26xmAOM15YeBGe1BH4H1KegK_Xc8@>vhb4tdpu0 zn~RfttAh^meX+^yL75{?i6!Z=lrODrQ#iUPBGXI9CmSu_*su?Fym)nQOg5#kwg-Xm zYV65b&qiTY0Kh&5wC(W5&x3Z^JAAUSIrAnqBS9PO0Ojh#>Z@(j*+L7k9`{Ep@i}f|SXgSo2 z^T#4H%t=L3y4J$XnB7y4G3JHuKdrOAb{>n!%_z8bEr51sB_N6%)z`L%T`fZN%}T^j z!>=m@vqN&+;{A&Tq2!`yP6`=&_;Z&;%kDNe#!{?yZmJ1>Bu|8Fw5$m!gUo4tScOIEn8AbyI7Cz(+s-rgF-T zhXAKP8{VdZQ{P%YEi4{LB5&6A!Jh)$*4e2hhHvxdvD<%QHyPKRC8Fc>ExSki32ght z3mdHp0>L>%eKz46flU?8;r+KOADfcDW=z~)wl>r0|C^k1U>lML@avp<)(g7qYsq~U zV{enX9x^D*WdRzESdDQ>;&4fo3dOiC3*HPlXKuj#{3xX<#lEd?nT_|Njy4@#Xo&&i zjII4sbCUC&vRi4+h%onG(5R-y6cHG?jRGzvo}6>Ob2j)-8eOVo`{ypg?tSNaG^+o? z-GPkXC;%umSVE)BU7Y&AmE~V?Fiys% z{{x)^9~!*oH08=j+||UbJM&skTa3n1Cc6G(=}Fy8NTd3BGXX1i0STzXvzZ3>R7(7C z6FO;*L*mLQQ*)_YTV#~>oOvQuk;1>%n^OeWdY5U&+fjyD@T{)#1tE&HGtOC(CjlSa z)R7K?4SA@)ak3Osl;-!BT{0h=S`RzBv+ZqTFR%6$0F|l>m^=Bs#{-C(PU*pLzK4Ci za@40t2nmp*jj|Q%o}y-u+3X;cpH6oxNKqfBg{Vn#IDzL(Mzlj`Ur4HW~uj(Lb)@|2_5` zga)pU-^W*M?3x1OuQ|PD6k3EFqzFlepfpUiRt0fywc!VrpC2cfsKKvCqijx=Z5*+R zG11U`K6yu_IxDV$B{3aerL&MuIKyWZ_Y#Ng#p?^XdZ=2UdoSPT;Ew6{TN65RqWRv8gFK^OGB6g+nc#b4WOe(rgNpXWA zlFPn){9iYFhOtd^xxIqe-; za+UTEE)vmnarR>4=FDJIeW@==Q!cR-i?eo@7%(wk|DuPD2ECwub!#=>t zPI`Oi=3l!5k}fd>!NaDcif%@ylH_`V|1B$D9@wT;L3zB&39oBwQ-=5^N9ah2!E?$* z@O<)J#jok6RKKx<{u;Six*4| z{G98OImQQR@ek)QRK_+cv2B>ZToH{3`ygS{fNUe}m$uU~CG3M@y(l+)ic&4$Wq#0p zoCm%VVtu9zpu<+T!Wd}Db(vamJC% z+x#`&BzF0!CBKwR~CQRVzWJ14mJAqpYECcJzd+6teqSh4O8n?kd52WFB6wEk(Tw0r9vF+MVreQz;d;|u`S^|m%Az@{ zbN&GVy*h?eRB_gE@Bn&bY|aLZe`lw2Mfloj3r7=#`iBL?o8F|wvUi@wRa;NG>&5>> zXzo7ToFk==Q(J%SfB#cioLY~>$WXV=HgB90qI*jbUbB!(KwexFKgt|^y5B;fb)N>b zM5J}Vd%C=cZ;nu#@bD?vsn;J5+I7+BWI8CivcH5n)lw`e0&93#ZO~Tg;MS4gc4D@lf8)Q?x^(=iEY-WL(R$FIaGuPCz*-a7 zTxA22rbGI-k__)VJWk^?{i=Vdo;Xa)5$Y7Z@HLC3P%KyGr49X+=IT51xhmgPIUEYO zpPOa?^?^lezgfVngU|PL*a5JUB$NO2#7!4Ci&UySf%_J+Cywdr^G7| z&N!9{^YTbF260>TYDb+XA00)@x+lGK>-omTb&b&iPg!?ifmGayy*)Fe6atm5I-pAM z_WWq5OoMw|lD0q|f?FQJ^R%Uc&nhuRK}H@OpD-K@Q8e6|yxaHO0uU55Nnm~s=PgCS zf)AEug$_^TRql{80yf^#)MeY!81gl+`?H4^KyXaf->n;+XmiNkkoikkHF|oQjE%IS zQK9p|wG+7CIPtPos~&s)Yp|z9(HZ1DU!qh{B}H6r%QRDG(^^}FOX%>^Z^AInY*}`F zM@g3$s$X(mT@?143ZAJa$mxf2WC%gF!}s4%6dZ8rfO>*UGRx2(lil%6=$op7;?!af zvd#A{F^{@8rra1$)HBQFT-Ru7Z$|!pxI`P3rZ71D<=?bLq1Vi4`G2aAi~lxsKozpZ z33A=+Q0aB+R1ch!{>Vr7?-QoH3AL4O`uazDVak!4Hr-bQy7VVavq?7c{84aBiLJ{C zLC(pKWCW*kk&jtFrlE6Qp75)esQ$g!vsRJ|_}^FOx00G;0@0V{OBvIAh|a=CRwgn_9-Qy3sR}9W>*QqwQy`a-kYjgXZog z)Ra2dDgci>G->!Z+hJ|4cBSuwstl&Qph+pkN8HJ&fG0La01CnV??Ed<=+KS4aVfzOB6NM~~wc(NLlJ%+_Gmgd)mzG)Y5-02>u zH#{R4?0-sBHaIWSivKEV^vZS zMYF2;Hg9Z|ZteeJO0C3?4qTX@+8qsTfr{E!jn7i>INS3c&^rUzt4kU)J^)2Z8&EZs zL50<&)*6Avowb#G`&t8uXd%vZ$0tzy*v5b|($jSBp_pb0i&#{)8r*#XIR{6`WFQ&zn~If6+HRnZEdQ!yRMNw9 z_iMA_@@UGyzP=lJcV4CCV1vk(mPr{v_X8FqBu*v2W;HshbMLmc4BeXjqpCVtOH% z)PO_gfh(YV0C=j49ow31F3K`NL#CnuF%$M^Rd zLRUfTe6`t}unLEXlo614$|ooTlODNiA@C@E1^uQ#jTHR>>>YBp^+R~gMR)img|1Lv z?+$(v5PemhWz~Q9u8&)9-W>@Ot$DY#2cx{r;duKoG2nDVTtGY$yV?-cp?o8mk-tsn zgvmkd2UfLXUbG7G>GsKVU=#KNIgisd5J7d;3$ghQXjsv07$VgHOVFR1uQgv>hTs;XCsvGr0*AC%4Vl=UE2c8w~ht}1keS2hw78D5rg z>Ta~PP8QUF2`H$Qi-K+-MjL2q|31854_lRT_j(*D7W@gkJUZeIR5E0^n_;_RSa?+0 zGAtQki!&1xyi`^`J#i5dCQ7(;=)JBFKPn(92z2z{>3pgG;CR3Jg&UvH(-s$x1AXvP zCIw*^oC63lcgL5aAAEcDYP;&X13&vl#YQDe*er(d!$n2tN{54kcp+r8tCt4`M1i<- zq1PH*<^p25R2B)$cfe#wp1F6}nT2HKthEmCg=NT)2WM6!6BLpdt|&}Ulia@39_*3> zxfGh{XRBiGjPcH$_TsBX!=ZVT{uIK~b?0*XvkCP;HfWHw|AHmlW8QWXf|G$qFDA=0r$I^xl4c1gW`P&)>WK$4z2#V;Hs+JR3RE=zM%n zJ0~9>xyp0+*);~i-4WT{S3UCE6-tYOrP&pmoNetrSRlIiWIZ2|-8t1)IaPdF7#@O} z#;53eKbKSMu0G#zoOmh$Ke zoY*xNH2&R=p}P2Z_?7$LbbD>xaeljcyS=QPExE|6rcdl*av~~w7k{_Al-3$^dHY9F zEBrXSK=QFQa`k=x+$(@x7iF4Lf-~6+aSESk{1_1S&<0`&2^#FTyTi!m-!6m=vB0HA zc@T`<0N4cJI&^$|{PyPGs)v-$z@h7HP^(Eb4$QB+`B8VVMRW`$YZ!u|_)5TUgI zND8^RLD5aTPOJt5%Ss2$7HM}xa2)1s#ZIBT8}w6Is@V9|#WN6R|Dr-jgSD1y8xj?a ztZS&QuAjS#U>Ol|R+yC8B`{_H#~_w{wX z;s53HVMo&SZ#ht)@1Ipd(JEsFlPz&5-v*s);n%IUl1tKjF$ieFz@;HtJhV}qetC3COyP2l?i;H#bT;Pig# z?VAe%hvSUJ;bqL8C6A4gi_r{unnhf4dN&A99NJvOS8`=ViEu%b@I{lDa!5hw>SNA!c!<>7)d^z!txjnW4(nY<31peh_u`U zcLPMoUwEl7>b6}(>0g=U1H_U8`w?K&lbY;WdO9qXKRKZ1;ZjFVeDgDq5Dfk&5h39Q z@J_^*=oa8l29ahT0Yv&LW#sOLSytzU1X5J+XapP(x7s&&&cdbBnuo4zt?Jg+dW;l%xt~0%}gvzvxemQx1Du~f-3vbB54b=5{#?Dc-%UBb8Om1fb$sLn z`hEnyIa&R>{{{SPg@ysOfwtcNaX>hK{Se8b|KLTIX%+&=l9lt|&2Z#fX0MI!H*NL` zD25X<&*oIggsA_aI$%^Xgr2eIPD3Euw7jSY#^ltXav6i?_&36bk(v{5m$v| zV8%uOYVB>$-u!f4oZRB4=n-uxP{~b58y!QHcM)oLFuE3$6|j!7M#mM%m{wG~Az$Xz zOyG&pYGt*)T<{55&|dQC@4C~pZh__EQ+%)ZFy=g=ts3JBr{^8tHV;U=4NX+#gdVIO zz%4!bI;%<;OvZ%P>bRoeBLAIR@%Hll@#KVWGm!&J3jsx{BxVR67251y+nqA!fD5il zE4U7&KcNqb0(FtVpmHXDQZQVW{pf&wQCL9fI@8RQ1;Tk!Ms9oG?OFQY7ZUs4GkW3^ zuTvKNw?k%<&-YK?f5m?TOGvsHGt&M$OHNCyrShtDAlCDY-t!am{LrdX_w~=^bLb#| zq9a@itB1#@QIyUGr)X6Z?<~(MFj!2d_XPt*U=xP#{QI|-oqVKTp5cIm&nqYhr0X9p3|Uaq zn9AeQW1}vBr;Nv1$WySt?mZ7-Vz7lmJr?C%-NU5$UK1%f{p06G<|A!SnVJl0hmL~A z!jo%_k~-oJx8H0xa+!^OQHq^T2h@1x=(>NeZYOfusPonnD1qPRfQK*21GaK;jqshG zXZsaOJeeo0bT`vGGW29we;8M2Y)*WivT~pTL>Z-Ao0@#y3FulvEX*s~R;!Xm2fOoT ztjyP8=J=c}*`X{>w-fqvL&oDqtfrQ|ghG>%WOnEN9~a3#T$ar zS=UAVTUYIqKj@kHqxki6FHpVUb>HmYu|sEmy`eLe}#_}a$2{)+Os*n9Q9y^`_W!)Ld$y5PG2rPI~D(`#~`llR}1?$6dYtJzX3 zVJ71uT#?EG^vY!b9o@-o;&qpYmz9s(t1yeL_USsmxR|)D@cY*xf)fIlm0PS+= z0iWvEX>6m79;Cb$P*uv@QFC+Y-|-jrKKOT+-}D_NTs$97$vOAWykqfieMjp1_3wRT z?g)Qd9$mS1%y1(CR-Nv>{Gv*kMbggEgLh(@9cxOjA*6h#i)@nM<0uuxaZ__`RnrtE zOULuMapofGGOL^B_nS`$ggd|HDI#ooOjo36$%-^rR867zTVM30yZ_ODzWZJOarf3| z=C{2bN_px{TVMZ8-MjzN?#0Oy=f^L;_#%cX@{uO9E(vHVsR0I1mHYSa-@kuf$YvZz zC8L)WPj7hk*=NUbls!&!1{)tM?fm>)gQ%Bi&UA5RpIn7bPEIZ^E{>0nbzpPOd3$?X zIUsz72!ti0a8gQyT|NC~o|8I9se)g;Q#6u~$@3-Fd zm5aafEyM5s&iL%Vysm0|rj={Q3^x*BHCN{SGXH0@2~%n0<6Nw;OG_cq5ciTJa+q*Z zhiBa`;4e>`LPH%hZER*XlFU_|*pAWMdz(IK6c0*Ezjk(tnP=&|qV!+%WqW_)zgYdX zzwvlz_Saa-lb=0&)n6XJ}g}@`oa3(9Jb`v4Ov1q=`>v*}>8zWFxW=H?QO4 zW4UarGgqsXXdxW7avU-!6qRhaQTh6=Jmt5xwv-V-ZuJ@$kxYVOV$|e@tO3KjEKN;#zPd@+(Z@+g82Xzflco!kj>?vqqL@d&-%L;P5=3y02vBP7 z%n;+t`yB!zi)whnHJGg0evI3^hauqS3x~eqaT-GJrNCIsA0Nc#iudY6EY;lUHkR^P zZ{Gjg|LxA#e&a*`^s6X&wYUA3|7t2_ZQ;+i<a`HEkg zy>HsYawAPpy2S#5{Dtg;^-s2X$wUBy;ppeG7BwRW=dbHZn2E|nXzKWyddbqA&o!L$2}iP|-<2az_5-CqF4Ku8WHcd3p(pc;u-*fuk{$6@<+gDIs{z-rk;QDzR?Z z-4=_5@;Hcxa~+A-JopLkK%Dx=@EjM%rdpw*Fh1(<5_!DT1AdmaZV+lz+J!XD*3oPR z1m?O(R+&=DIjey+a-F126A~!g2s=x=%GSHSvj5_D zU;O$%Nf+nWU7a_6xn9h0^8l7Z#ikb;baL5pZJzS}^6g{J89`Pe&d4QB4wn(!JMS@yn5G&Tp1h+_lS3pmATUk$2%C=Kf<~mFGbmokWXc}( zTp}9Rw*<~?`9jO#Ka`D#Y8EeVpdlLtpU-pF#X1fnN+CeGzq903JWB=U+uUqvQ*$>gqJbac41ux*1b%nyqpER%N`qHl~d^NaqT&JHjhBf!Tcbt6IeXR%1~WD3t8Z1h2z#S%&xyMwK> z^#0vsv!sNdonGF}&R}-+kPOVtOZT~7aPXh~y~Q{EyAL;8%(axzfnH+ zyY+?VAq<3Il&=9eg+|ZjMkC}TXDMZa>@3lL3O|^XlAP$}Uek5m>FKGGL7;KFIDV&u z=@|zpDu8WB6qIgGp^_c?<9}1)5IW^($#%#f{_-Nv{5>h027oW1949|~^8l#w=}HtN zV38%j3ri%OcLyvLb%JBWG$VQ){Xn@jMz=IwmB}oL{1Y%&!(7W^WC*B+FI8@!;a;~C zCPI;*3M?3>8K;_tkLK`KBgGmoWNTE-6MwYO8M>|-i9T4yFFMEZmUn{pvmzwsu-pHS zC~LNDe1gICO=I3fG|tOqO70bv{%!9({5$_$S?#^{SB)=gBNKZ_D=v`98? zTtput7$K;QIH!~hmU{-y9BN^V_~#sv(q4JrS=MQ2l9VxTAX}y&m$C`4Pxa36>TT>a zpAG)GaT-9h_^aQ!`s;r)O}+Wv2xS=7|M2hEfAkN|Ui>o++-kK_Y6iuf<;WyiN>Sp+ zI(0D8Bf~Jr9qRP-R0l0fJIaJ7hppY+-C-D%mR&PM-t;1tMsf{i;m#_wL;j?WB|ks$_`>GG|Gd_P_#Y9<>5i zOwbKac~Fl2Q0nESjr^ZO&L{z3TD5E)C z^Je|j2t>c1Ce%1*$;mTsCI~pCS2Dji3Dg#%KTK_-D_K&waAqzjtZf4xZTh;&=C7 z^kw}QzkBO#?@awGPJ1*y|Llu@>#vW0`iWQi;B9%3a_yMm<^ilL78_mZD>+T~Rl3tf zWV*zolMODys~W}4b{474{<4uuUU|-#<6_z5@J?+VZ&5vsAL))7QRqV7yTS`m`dq2T zPTe5@YbOQ*;6>?EC@jK@bgm$b9Ui)Gqb=H)7{ z_PWn|TiM-zM0FUS{lv-N{b2ore@+((_o#23ApnjvGzNpdv$ONW6HmPG!V9`tc|;eB zg`yCOrLwHG3jGLe93LO+Z00czQe?!>&dxfE$x_6YLK<}%Pcj85*RfKH5+w+VHP$x> zDpm60;zF^FkTKHGV$0l$ghFjrigUD{_ycKGEillp%Xy!M3uTJ%gZ~r28YAh6FQq+a$-`S?CvmCH>y6>-+In3A8 zE5%H&pe%Rq{JsCF`|PJ5{E1rY`v3mbvk(2k*{}TX>HO^FAGqYZJ74<^JAdU{w%+;W zujsk;AN<~nKk(Pm@bYJD+?H2bt{pSnB!HEs>>LgD8|u_pHh+X2Rhq)p=1z57XSo$> z?B?a^Qp|5us-@xilMPiPxRXWn_>Qn?Y_Wqx{A~>;t5Y+9KjMnVYtsGy?7exMWyw_@ zcp~oGUuM?QRo$)DhW3SSwS*)j%YeZkvtt7T0|UcmKnSx4&A?#9W{?cF8H5ekM#FE+ z7z4r#V-_O|%Mu6yLZB73B+%AsNxgS8Up{6a84-#;J+H_&uF&Ks-z_MLEKuq&u>dZ04w4(Fr|?Jl+^$ zb}Nfm4aO}O59T=8Bl3WPP8hJliPsOuEjKqe^=u$YBZvgY7<;Gklq-vI6*TQ|Dd|S5 zl16!-zdm{G zZyjJ3(Bh`Y^uFkS?tQ^mt!~g7zveebulg4U)qrDCI%Ldnga8)TEv1-BRm%Eg-6kuU ztW?}X@B}8d;vE$Dz}RGZa2P2}aSt0f<3s7tv3gdoGkpU>xOYinT3 z?(Q!B1jLmZFC$o1g8-`Lndf_~0JP9cj@ zhA>4D74TN4(?R%Jj^T9Knrtmx{URnB(%S9za5(ICyXVfG1M*OSLMVoTfOU$EVT19d zMZ1yiF^DsQ*yPw>>^(3K`4c0-ITf`u1y!8JDy*GzgTcUizq7N$Es%4LK4tU~?tYV< zm5Y}>wB({5^|FN!n6rba#X>w>O!>oLIGW+%1jigGvWsq1N+g}dXPWNve-kXFzp?}k zLO58M)%ncNU;p2JYQ={qum9cAul_>VJa>Q%Ao=TW8h+DDIxqOV6`#NG!{0u??X6d% zC7;Z6=$PS%1-YAG#sr6&9PwMFko?KS-4N>jH5bFDD8Y+(3{3@%kC9I>Fz~DvgO>@X za%63?*H>|7^?fe*0WLPUDkS`@p@nXUH$*{yWN!qT~%9~vp4+S?yG)! z{A<5hzUwW;19t~8yo0yYF5s0D`vkkJT_6*R>7;$n$7X-|#_4PR^Yo4X&6RWisK;Gl z0KR*|(~BqHGX0A`s%BH_erhc021FXM7hoDN6SNdAgR5dVR3!WZOXJrirq2Vr%sE zOAZ)hP5US(v(=9WTGKg?B8I&K5Wq@jVs_HKM2MmKCejnlfZH*M|E`h<$OK&#_4{W+ zwuSZ4+P}!sOe<6&q3A)jxe9tT-rqTQ;>3v%4>01GMOl`BVtA54oa7tfFHL|J4OEF) zx{zcFoU2tm0*oW8pYsi#N{{4q6*#Oed67&Db-!dTk#uk`gWPa!<41qdb$k0hSv_#? z_RGI_@&~WB$@uc>+Lyxa_UzAIH-G=T+s}HzDotvC>ZeWq@VBix&hvhdbm*Aj=m9MK ztQ}r)S$a7&lmC>Irn1}Bv2YGqC|s1k+>)|{yl|C1pi*uHN!nJ#OoNuq9xd5&@FY#{=+MG|J^I*Z~N2o+Iii6?q*6C4 zWTfb)$i8?)Zg)G}_SV@Syt@3@huw+O{_KsH-Ew#RO|7SY+WgJ04|_8j47hS&q(P<7 zsT{8mFB7!5k70UrYDYjQbQ$4U_*Id&a}FjY?>*wy36j*hX;HZ{eu%C*KsOZ!)Tt)t z?7&+lXQ%B`9YY$JrBfFkK!#hXp@=wUV`Bp^(pU>dRdV5@)hD5@O0Wq2O*X^gmImp; z@*H3n2T_vlD&KGCj`(5#mij0ZtA*&YYFLBy(Y#a| zeEoNIZvFIqAKQE1yS9Gh+scoBYnTZT|BRj)SyoGb5U$MKJ5jKd|QR)?|bLYD_=JLtzRzh{D_5z z`pCd-f)yW6L9%%kEdfD7*%B7f`@^6m?>&N+tSo0A{@eK<|JT`D-{c?hm`jRpRq|(U zXx;MM*`L3zoQzRj5igU0^Q+V8@X|m4Dd!x%FN$I~9K!O%Fm26KFquqdv)On&reOvz z!np%%1Z;uw;TuI2%pdDA_YK^a^Z6VOCTe<=M)Rs#k_yTCQN+W5{L4v8vErf$WMgB4 z$J2 zN&pL#V^UkZCX@ZszKGRHh=8jb!$DQd6Ubj_YoQQ1dGaKLBR8N$QQ+J@#2I(+LAHrW zGpOqHd+u~O>P}pTiISk-&6?&}?a3Q%TKkD#YCZlb%bBx?_TKxB(a-<0$*cc;84nvL z9Aos7i(B4A*#IhWi?0IRq8X!%w-LL#DN7GMxy^Hv*Z*Gm{@aSjKGC1N?lSt~ue-i; z>+`37@>-kkb-P_uhjB!Ewzs$G0R3 zkc*-~o-mWJKecdR>=eKeII0pw`w4Ja5!0?>iQzON5r)NGir(JC0tvQ4v>jTL^iVtj z(w&vX0DwfK@^cc1W@hbn`{c=!{8Aq_K{j|7D6>_^3PFwHt#8_X#Y=2{&Cl!Y?M>hG zhwYo6TP!uPyI#M#@9y%$e{;>+^+`g9h#8I;z*5ApFR0Al(r+ji^qX83c!^y|Hdrdu z_zkesWHL#F2*YE&9NV^f2-lJ>y>=!<0}m84AfS(tMrh=4I0QFf z$3o*_g@WyhDIs9q0GNZd29*NO@#GqZn^vWbjSV_0U9_YU4Dl@|djs|9bh}*~n04Y+ zG&yWYhpE*KR5<;IvEzZnAZZ#15jbHI?4_`P79E`xnl72KXnGieNGo6X`5e>Wp;jM=1AUM012?onO^u}b1e-SZH> zI|=2?MGd*9Qbj3g47V)MNv&s-rb>q1#h z-~2zipZz6%FkDtdyFGj3YYx0&pUmVA6*C+$fVB!Gy|p?A)%~v$N=1M^T-8$@s<#W) z0$AO7l*z?lWFJq?Lmoj-@DO_fhIB0T#8A?HN_^cqCqT-gEj{riIf=t1mt42M{*$k2 zJ?06Q%H*&&8~=a5vh%Ngu)O_mofrldk(XE&%e*bh^AG|shw4=7Dj+RJ_?9u*kHw&V z6jGI?yYnNH|NdWGw^uyz>6a?Ii!(R0p7zYq8(&k#xN;XUocA6kqHec4o6TT_noK5T zBzCIZZm+Gam2z2R2myvGsydCR;~~C&zYp+)e;KCZkFyT zb-odNI7#wO-dfxPz?I2N^eh2b0cJA=QtGV(c7(oH#0mE1%agOh#LP)^9R?R`4LFbK z8;YVpDpy9ll`&U^HQo1u!f94?^|(L{Ya=dU$4$0FRXuo1DMa6ym#g>S!{yXX7ABq< z3*a|f1-p^^5HGkbgGM?cv8>@QyOh(CMdhpgshqw@3qzT zmy%V|*Dug$ls?dERXxa*3dux;ee!lhOo0s!5r}>BfX8T89H2d@a zVdb1tGf`%RWUr?7JwzB#<*4IyF&Ya%|jfza}HTOiEQ8uf|rNJCqfW-*?`YzY49<* z8WeE9->0W9$e};D#>{Lso9*uIs(DF0UwVw7lDM28DIb-GfKvnzWGM=VMHW>ktOw9h z16X1VV@`G#9a2072tly4%wtEy5XoR?cN*-oyVYk6cp7``)adH{w zi@guNr@Hea*RWBa_;iSv;S&&GEqQnee4*@1{!$>4twl_TgdA0v@rcQG?$D^2DJ zykbO00lAo@%3cCk!(@)ds}S0;lo_f{FQJ@!H1W87P%D8=Nl&pl6?Tz zItg#r(NTSnjB?&<@=&|LaSxJh-|EZ9qHIZ;n#)zzsG>l{P8sjIP8yc;;WDWAMPJ?e zlqWCxHH5JJQ!lmAH4JQDOyyl4>-~eTSoXlZch3L%FRxj9J{jnerdd9>@!|3?!w~~m z%Q=u`FWN^Qw--j5KgB@on>6lD_8p_(qQ{3}Qks5@b+ucqjeG9!xBpFe#`Ek_5~%veJkfW1;XQA| zK+_-u{f$gfusXmaQ^dsFdd&;7!vio8tmEoK=iFp6fjf^V86)n!Ut3#4z<96M!+aQx zMlhP9d_=?}QU{TLMv6xP001BWNkl7DAwnQ$3P{!GO{I+BG(e<*U3Z%Mw{? z6Z;bzuM1GWH?dVGozh9j8I|;O5fd(z24DN)B>`CTzy8bVYkt$}5&f4(SB?n7gZFp- z?hE~iQwyKin@#`t4-UNEPg*)$%y7g2){5k^J*!0_SY(M_D9BU}I@$11z*Q0n3rUnX zL8xXZ!K*A?yNmg6=$CO4Z^6;^F(m<;njj?YudiopZvW%X9bb zyzE=|ZhKqfuZ0{dt0c;bLBWegM<=C8q)QZTpMf!p6ASsnfm4HxMGIdpPw|2G zvszQgMLsJMaY1=Xu~5mS=_WB-Njnqq%?}tvENWK|Uc~gXm?cXw94)D?exVlsbbmm~sW^LM z`)SWy_;U!8KX^4hHtyAr>1xnb!VC+Yjt@_2#Eki4Ij3BmyaYUvYeAfVS}bd!c%n=v zsXXPER9$OpYlLFdNes)SlH(Q=dKBS4EO5~#lDIAJdn4<@#;LWHZ<7F(_ujelL*G(< z{C3NRfbcP?U7L|BKPB}Xg=k7~^*lo+V9QAk3o08ezl?W}^m;u!@KEg9y?1tg`uqGP zUP;k;(GOKOKH7Va`1JXF-s|;{PLt}5T_|FT1Q6nch-`ceDWgI~4lOfdgYhEGU}ek* zH5!d@Ko6`aW7Yt;#;O=unS?i)%o%d{#EBF5$;E?yrDU8U{^QV~E@WOvM$II10WDst zn~Rusix999|De^uN|1!ex>_l@@_Eh~sDQ>Y9ACs_u=)UAhb5A)ELX$YDn3SYnsW{@ z>3IvSX$kNxG|>Uj>>kO~l~VPb~atKc*d1PVP`K!w~~miG)f- z;iAcxgAz6A=a@h@_xMs(i$$wLkZm7BdO;|kW%67hqgE0AOs^CFazh!iWJQ#N48AeJ zE~@a58AwGoJ06_d_`#p?!}Zm9Uf%W5(aXNo&fTXxv;4IND zc(>E(Aeo#}2%+6>4+ew$l|{q1oZNl}>1yXf(tv!nTuTZ&+e?0RBAi2}?+&-+N0D+K z+BL)sM+{&sq6A6k_sR=Uf;>RU-r8juM6Djbrt9BDdxJ{nGG>v+uP*LB6&>sLG|?+6 z;BtGrlh9Xv-XunqLYxxNd*A=s?`S>s*3}tX-tob$fBMaCdsF+aMw)~b$%IQvQw64c z*4^sP&Q1tnKA(@rV|JvFLja6Kq2CY)pePEMBFdN-U}tA%Hk(Z*lg-V|(P#wSGaiq( z9z3`6&tJOt&Nr{lhvE^B9(?mltLWz<#tnl1n24+2@4FbE)M~Y0zjQHUmg-bM5bynT zIz@1mbB<0%d{2a0RTU!hptnM_SWqK^%9s}v+@Mh4-F%kE-s8dGV9Lgb2Qt>qyQF8eHynEqDK`4QhDnkN`9HFab0@Jq~es* zC6DqsMN7$H%U9Si{$*?N@I2n|XmR}#AJZhp5!W?B{A%^nEmmJXoNP`KU(s`#$RAEN z-iBGlRQo}!rs$=6B68xWF$=lcY4Izr_QPXEynfqDpihW~G+a1y zF=y3uvi0(plpp=j>fC65?w7T1em2b*SV(XhvPqaWNRH)WJQ3__>svqP%a15QJw8fqr1taxrl{6e_Mnq-hZSVvm?5mAV{=0WeN2797e_ZsV!s zJRrMIcP%5vEN(v(XmZ3g>Wd|yb{-fkCC@m^R69yOEm0<#N@qP-r|2ihxm3R8#C8>; z@rKJG)SYNLrTJO+QThyemmJ8@2MWo2p?u>&Yv2?(0N9#mflsjSTrM)_L?!AX#8+9W z!cF<3qB4^#N1}^@P>8)YKUoY{YkU60o8& zUT~&^ZAH<4@yl|2vxuq(?j8O3i{0+FuP3k}Y+r<~Y=JCeN0NV`u6)ehiZ2m$M3AKQ zI_HqC6W#}S$KZ0M#YLk=EFLY~+1a7QZ?#&koR44rJ=Oj9tjG{E>wf2tRPBqA#c=Jp zXc=;nNo8wm%fj5>AMdR@pGXz#T9{6g- z8)ICwMqn-#@m@dFb?VfqZnukv0lbQ$01weG0tg)u)()m|PNF;Twe9Wg?e6Xpf2%RF zhU&OP4RTe$wBq<%Pq}0W$i)GOo%*{wdlWJrtWBRU29D?5a)2C0vluKEko6R(D zh%P{k5!MlWsTOq%FN|UzlfI+Zu*I?$sE+rVn`kT_Nwr!cCleMO6yDOAvpTIVGcWJ? zW4Z=(SeW5R0xVL(l;ty<;z^MQU!>5tsE?f_7}One6|bsw5*rj`Q>ae5qJEB=5|aW{ z8x~}<%YO0Sxm=;827sj3jpi=rT=xsVx>z}5d-dS`+duN{v-|EQB4J}(OyIPH+bTNw zE*dr*4o{yx?du1%oNTO3rZR;%9SRIcqJ}Q(cg3jC2N8B4HK;{IYi85??%w**7gbxE zE3(C(eZ=r$i|83xiaV1aMvi2$>*uO|m<}J{pE6m_i5paxzsp?J ztUa073A|(5a@b*lOSH9%kc2Mh1V{24CMeOjFfkr{@Imldvz02JRS;R-c;@16O&1PL zn5}sAs?{+H-*Pb;Qdvh1C+jhha)ggG?otkrlH&`PO^vc~U()e9rlU^R7&9DgfJNdS zaS^|gDG_ExV-1%4L{Yf=Azav5lJC>(D)YTWf2oPxEM#JP9GN!f^|Bb z$z(E_OaKv_SPoippRv_(9tMSGp@%jl_k4W&r(S9+OK|tXuW+ZYuj*;Z*nK$TLJ0V4 z@qEK=`#QI1>h%Ra$ z^LOyyhsH&q6`>O9I(hOWu&=9I$U@A^O1rX2)RYP0adMdtC8;i6PPs~A)mi4E<>2a+ zZ>~(tT9t%vs_b&kVIi1A>ge*MF!RX{2L7b|mN;VTNnalY=F8d&vWh|9VMV3>{+9Tyh>og6JmE#yHVVm<(}=Dtvue7CA+TWu(RbO%1Tw1k%`bJm!9JXgH2UR# zX?NYx$YIqPRo#i%*!bk95W?>6?mhS1L%~WA&}y}y1ua@lEFO#^vCD)MbkF(dVeI$& z+;Ftp?GqM1s%X_s;37|NV;0u~w`7wJ&CVjVd1aDvAOZws`O1hcsw%id3DICVgF-?ee;E_61J9LZ z3ENU3w>NUsc%>aifmaH$VcvV*hlsRWKIXavGimhVCmXraOt!qcc=fj-hb6y+U+r5{43YqLDP}KxoXf>vs~!V$uFu$$6s2 zW#VE?dLdbMk_RmAjJdT_i#Q=mh(|rtv1@f`#eWfXt`%{IP{dQEMBXl*%;4))j6YK= zAcGuOk*}w6Ac{)Ff{#IC))YK?u*6vk>2W1gNg|SiXxcGdT{=X}aFphU%8Nz2g#0H0 z0u4mv2ins4n0}y)C}Qw6C9I|irEZ{1EF|NR#qB%3fk~sPDxULNah0My8X6Kp;OXmR zbKjC%%-T0UyZd)vxJngfHvO~LO<(sriKT>;sFs9d$&>k)2|>?M?`qT$9c_@mU=)Nq zW3DTSBf;QKr_&1;E?B&9ri^#qfxKK7O$!HjwfB4fY407Y9xCj7))(}id^40i5J|h; zo=&HyPoECa90J!KEKg=O7!11IZol6*vreb8wzd{Rc;JBtMx)W0GiSVnt#I1VjMV9L z*4Nkj{eB2xV`IZ4X$bB=CZD04ilX3c*pBBQ&ugV@11GYfc;-Zhcl>D^1 zgme1@y2F{4SY_C94qu3#XcLQCF5)=}6^mFsZx;7;Wy~e!>ZYT_U8vnecd&ejAk|S$ zM9VSNL8oj?*0RDTHR4hbaXzpY`l3z%A{CfRljjeLP(FLjGci|4i-hDs(NzMPpHy_{ znBgb^tVRZLsV{kvt6JBCzNkV(C6qE(WjeG4!3~MKVORG97WMS&Dx(!#>y{|T)D)VD zZfksA8#efc?^(herSiVJCcpTT+F$~_1@cjACI z;7d`@jYRjH7q{u==4Oayzar*pVj#1L=VknJKU_U{--?WCf89TE(OAOTA-K_TSgKf8 zS(XShx9DyINMhzH%q51UhnSRsU>){0WCJlXBx^7;fJinBF;&2Gc$d?R5Qhdl7cWId zy&PPQg_rc-K_X*lBjmCwVpzRNdMy(J579=EB_<%|(+QTqG9pD*jjnOCh_{Gubmg); zO!!{a6KqzJC0GHLmP0HO>i#vWFTEUa@LZ(TeVQn09xq_f0<}_hr;v*vz4y2xDUtq_ zcvQKv&<0{tRS#9&-LK%4hCrX)8X}hZ9E(ZUR0C;6`1LBGD{}Gx@k&0LSA&iL z)|JztV}`5l@V=^~>(<1em#~$;dby=8WE*Jgxyi&LUVX!FD4|^3I665z=;RV#Y;z(@JhIG_j{v(dURViB5?86qk58 z!H06#ev5|Q5S_WK#ff)`zcOMS-_YWfOjJTH2B^6heZ_h!aab$Z3KD6qwOd@LEWeD$ zUD+x2R4)iunS)h8wySV3K|Dc1#8{@8VMLsOU@i(>n=TqD^;fM(J4M{Uje9Fzk;HM= zDiXoP!Z`;h%^+HR-Dk?}XsDYCmeA!%o}>#`PAU~$+@&12HS4OH$3AK48e@hd46yRW zmMr_mMVJ5=mGxCj&4)3dePtf=g;GW{w%Vd}=6*UvPl5WUOmaI>R)%P@PDZ!e?eaPl z?HbV=>ow60>>c}#O4q;YTUX@g><@pt`p|n@@ghHb@G-W@d#^6M6^AAv-SxWRM*HSx z^QT4Uu-*E};fWLH&z~>qcgj+Tb565f3>kqhuq>=Z;1xfps&LNjz5B0bZ+uPX?|soK z?CN~|chCOmH$l91yIo`orA-TQQ6Z+{3?cOUeXtZDj12&MnayTJQ6T>U!Lj$g*XvEE z)5&DAzP?V!4IH3wdxa1%F7$(pMkAa$gb58Z2c_W#LpAdd3OI2ICF#Pe7(QQ?CCz3Q zJ=7Mj!t@f0kZc>Q9)*+O3_^h*`$fi$Sv{4XLWB_Wvs-;z>FWDPoi-T#2)W`B^ zOwfRTy*T(1K}2S11Gvl5N)^CS*5_Ryi(K6&Xmw?;Dp`A>$DMR1!)c&HP{uS6{7ea> zlFEyNQkPQlm^LgCbX=bLuooX|ql72xE(v2@4bn+?h|M^r)#=(}hNI*nG!aZH7L&!y zhZEtba+$;jD#>^e>UY;rMpQ8XnE_ZV*+t(LHu^qB_2zQHI0J@4j~jpF&qwEyj+hlC3t{?yRot1gv!u(Z^Po zahzR2!qJko&u@|s`PvE5=#^;tyh*f%k`j5Mb3U2>$r`*kNwTB{N#Q<=_i8MP&9-{d zGVNym41U504hDnd{A1EECm7D^5{Bil!~m9M9MSJ>vGP{#P&iV+@iQNQShxBHG05q06iefCDfxcp z@j?=9n2$NJXcbpkhSP1KevXFEs02@>d?isDR#!HiPG{}wzH>#c?*7UvZM0)%xS)o8 z36c=fL>4P&$YINF@L=D0az{D5O2gLH));u?W7k^A_6z@!i?;!)^9$$i;9o1t^8ESpySuw+%w#fYwOVUyYY2_U zX+9{JR;z_1SZI8|-yaMHFhOl>Y;gK<8GA|ism?eUt|pTSn1)J%wsd~bXL6;Oi!B$E$yJeb)-l1D){-pwWM=YVVl}Rs zN}|o&g3T+5sD*F27>7rEz@?EOCv8$P^C@Z)zEQH%zL;zYEG{=aR!MGa@+uR-sJlBK zz2|JaY9lWphG>uG+2>Cx4fu`f8|^9imWT^os`)77w8}H9lb*}IBwB=ojuFzsiVhJo z96f-wh!WAGl<+qZ=!pnm2?}Kx(yLhzm8T}xsrvd!qDl_CB{gyg^?V{PGSlE?s}G@N zC`X|c+F4$AgS&Yp^VR$Vw@u&h`#FTt0+oR|?8|jY(#XVlu}Z5z_uY3NxDC%5GmZi@ zSd8^?Vg*DMbY@Z3@KQK4)&Otiz$aB<=V0o%E zda1meSj3A+Neaf&5Q|F^fl$$YTy#xPRYf0SGCee~T_;SVIP-GNi(0KX!L8rIJJ`F#@Mdxt*~EgCGypJk9`m`g zzfQ0e9$++<@UNnTCFLYoL8T!@6$|0>RXkvvjD(lS z3|g%$Cb@=Y#YRw%L8%>{UZG_8wb%LB=Z$ZF))%hG&(W)Y$;EuoR4`s*O^Eq&wUIZ5 zZv_ea-~lw{_9|_A@WBT)_KWsH-L)6-@-+sudGE*Lv5$^gP5#Cg%j}vw6jD{y__uy} zm9{zWyD$85q)xD?REU*%?28(7GMP-LQ)CT*v8~_lqlINz?(FPPe}oVwlL@%j>2!d% z%Cdx?l-3=p$>DIwh%3aOp-FfV)-qMkut=$=2IGR1SEZbCMPHZ$#_ArQL?4?V7?yxj zlU2OB*w>GL@-4Jb6*hqsfR`4_m7e3aN)nms>bAJs(b|1H0iY!Z*$*VTJdrIS2H@u? zL02MQQ8AJ%pCCrBkQu;SwtFW3`G9Vq35?WMM-XWd%48D$rq|f=SMQ@h3fopiT0U z&S248(TaMX^ChdWbpFu~?Y-^KELz~SzZUHQ31=z^6w4c65o+XhCB0asd32dsJ#Bqe zRZxvczX?Ab%cS9|l>Bd6g1U;>BSMqeU;NR0wR@mjpZgCVICqYjbRtbU+`EkO=$ZLFLmdwrv&2eVb}v2E+q?>)d6}H z)2Ifqgemd}@q!?$M@q5rdg{l;6AwwVEn9$Aml(R%5+RcpmAtN-C@*eDLYW|U+Hj?? z&HT5Dp&mt~q*860)eT^3Wyidw0iIBXJZ#l38B{5OtydxkTnt`GkdW4h2D2`N8|rxF zth*ABblER9lI}5%>0wTXiy4j*!17IT5-KYb8MjD8f)?=|MfsRbz@mJ|qN4GD4k?<} zsRO78U5uO2eOo2hv2n-Ahv`0`=+R~;;*y3XB}lIJQ=j2)c;qTv9l!dQEDB$hu)SW7 z)oHXoU*z*T&&W?6qsT$nDyfqzh zTV~eP$>U?RjkpvuveX=IBRh zu(NVx^BUEgM(n5`@YDA8Ho38g`3DP|FM+sml=HNH_S2>l_qV<^^ z33Sm4?Sz7u%9WdyoSb4C^j{Z`cR>pKdI&;@+gZwJwfXZ_9PKrm1f`gF3MH(VYoNUA zqq8@^K4)54mWWkK+#g8?8%Zaw)q@Fwm?c&x)ho~+XU?3#6){ze$l*dl?SL%P=~NT$ z103Tml*W5eoY)dDDB*2yDnIt&RhrlSoG+Qjo1_VO;ecCTUte2W1Ja`Uq|eUG8l%dP z8OxZU%ZyhU;_e-|8i56OcX#LUmT@|3=JPp@N&wrrcw08zg1lWP$Q8mq<|0vW1Jj^o z_Jd?4THPOnAxlg(CaLrFGHgy`0yV1MDmoS|?kJdbOfkniUdE^G)CP0Os2`25CpbfA z>0$R$001BWNklh`+1+!-#CHNfE$LxAuMF4PMtyydLSy=K4BaN)vyK8LR`gn%@p&bje;3?PMaFe`{!e7xT}#E}2p-QAs?9hk>BOG7;s z0-2NOTKxdyUn0EJAi?biXATUaT#~3|Fc?(g@>5d>4NFcEpbUpYcv^G#QpPJ#)VijB zE%SF*Ri%mYlcQwGyX-ql09u79NTZ}f-AJPaV!jbfDBrluc}5{=vsRs~FHZ6ht*0T{ z)e?tn(!%7+kOh@GL96(tkRJv-8G#~0igh!U^)Ucy<=GA@B96oo0{yJY}+;2u4!l6lQr44 zZQHh8lP8;#IpKbPzQ6n5(|WLvu47+V>$TR|2SH42#Cm_@J{9H&)d(`f8CgOIc&ju{;OgsFoWFc7kNn|pfnhBEc05E$qqAQ%^EU-8?`M8Eg) zJbmMVtvCsXl;tT;ct~IZ|Coevg60_b%E(A{1gefyr2Mq1(gSe`QrYeciLSec2TTx| zJykO*ukmmGK28hY_PfO3)50#5SFuELz-!(Ik#cf;h8u}Jp-twm7OQ#t6%(MJW*CMj zLisfZwQ*vtmA%wjH;k4&FT+;2i%WkIM%K{ObyvnIhwy{Q9L@Z`xK$V-Pf<8LnYsH~ z|K7rVsV(S@c{H{4VQ%QAT`DyY_tq$o*o2alh4aLM1>Y|kS#pX->W;X_<=_BY)iER+ zLyi7Kr%&SJ$O04meSye9DEhU}d!_bO{JzHi(FLOe!@n%rH?hlbpWYF(ld z#UWU#fp+9Ezf>r+YZ)db!J|uH?W_iCClGLn$V~ZB!0d7Gdlag?v6@-;XGPvCz`nbM zqsnzDRAt-tK?`^F>X4~>O}$pXg>J^gh{UA^w({~SbpX>-3g^e9;bAHReZ02MA0j*# z!08ugC3JQ@)TSL*YY)C%HvDyR_W$RpP=2rpC2MKffu)*y_Y;Ct9xSv+7Pfw`LS|t! zvyD?^r~%ownW7aM^&3gNOrV(FuD@EBZMb}Kc#{6@Pt0tZ{BZ8`vGKU{4afK%cwIsb zO;Ve0ne{r{`c_M@8tW|8BCt`oHS&eXaZL{|imyKl^HeFaYp=TinsU;$v%94wCDiX) z7c);fPn2$}YZBWL;S*AnEpKI ztzH;=Y!rliE3bgB*Pm%uD0MoTO4qA}EehV1h~r!AiuHflw8IXZsqf3XvnSobBdxbD zNBSYFp_*%P7l-;&pZZ!z zR$!d*{9{ay{`&;AN&r%#Zz9J`4E41Pz0-P{j+hQ1|H6toHXq$`vlNCt358Xsay-%R zv;S~O>P_+0Hjxzi%#kZ}<>J4Bhw2SKhEhS_OJ7I_F(Gw!>@A1+}6IT0Ag+U6NCsy0)6< z0S#{){^MK_+sQa-Ar9qoImAeCnF_CkB@XG(M}|f5f?~-k!0tZYu=cnTt=#mU zF>lGaMR40I+U7Rh{2-NTDtnLouzfT0rG1duJZb5LPSKKB3AGQPm2)hE$`Bg=77|>x+Umw5#Y7I77Nmr}p@GcGu8Okp8JaHC zgwcuRzJ=gDwg=8;%50jYe-9VrIgZfI$=tusdfa-!R-5?--88$g;$Oj1-n?OVGJd z69|?|;w4FnHOG9AxPvM;7Fx0i1FF2PMLkhZMNV@DM(4u4XDc%aPRNS7(T9(f4&mfjD|bhF+I_ zvS0cyv3$8VA}d6UnqQH*tiHdb0J?blv!dqA)9fbgB zvOlP)!0Ks!ROa$H!KforDqAzY-ex)V8Fq2P7DjPD0jp5^`;`ASKDO($B-68d3*f=* zVi_a$fba^ne>}?&{Id`xpzLq7LedWh{%TqTglBPPAOTV!38-7+&u7L^u;HTcrQps9 z_6g@aa0MVzw3^P13OsVu49*cFEj;{76PGkJlCApb+}C#j+C9TrlQQ%%ah5&unX2EX zfP(C;vD=f_gx68JFg$=Pj5fbpB@rNSlal)5Yj|*4KxAJeb1Fm-+^opd@ZtVxC`!Qj z<1hWYg6LdenCsWi`FRm_8cgxy-+FbA3+h>(OIJ@l&(>9&<3#QJzWB?Nn5|c7HCP1j zz+)YYegNq`Rg9xf=e*Kez}&RK{|;@ZpjI`(N;5yiDTYr9>+mcT-jb(}%k({p_dyf2 z7FL=YMPx2{WpDWcav%mp&)Ey=~ zAO0LmZbijo$&c&}ED(|{b2I}JMJC0ZM(s*vMMMt$p&%m8J>tBP>egcmXvp^FAagou zN^CJn{5sUwk0irzhdG!Ah^g(YX}ZVuzyj#gw5vA(vQ8 z>9j#c>`P5E^GKT?*OYZ-6N@A`1cj-N1Qz3A9~v#khKhjI`ieb;`qa4J?_Z*ay}589 z^j^YtiS#^PC1rSG)ngnR$9wvNaWJ&nF=3B3s|MfH;s}0Tq^A>iak z#x2WSn|O}G4j#3?XFi{dT3>Up<9DTBQ+8Tp;KhytwumGOuP>|e9T064ks=*7!@lV` zzB``%X=fLLVqc4d=Vu&FKWdKs7s4RFchfFa&bTYDKxL$kN`!pKDKhJYy9X>NVl*PH zHv%TDfj(YhY2{9u)EY8#f?9&A{zpZ(v-~OXNpD93J$e|v8z!n(@b>k~0eQC1mw*T< zzb-GKLxgGvX=WjXb{c3lnPF8FvCJ=sk1U$3S!Gr_>bq*vi@G;uqYrvFleq>b5sRKv z=n8LBwOFz4_l8^tX*Hw-02ts2Hi;GFs`bMp!IVV~ZeP{5ELwMR9#%sOC6^!(x=*(F z5t*Z-4p*rOj|{;S!6P(EnBVvdicqr^>Gm#DS%nqw&HnZ456?>Phs4Uai^;whzRv+8 z{zUQgNr43i+_NJ5z;dDVSz>-%_iI(S(|ChSW_9Xd$5oQWksIst-+Y?XP4dtodatidO(FP@Zg zYf;m`F;4jJk{X#zSRN22;@`zEqW&Hoj04Sty62pna^q+>$w?A{iJ?b-dwR`~O}jG= zMBJbL@us2?s|@{$zV;4K)nGLhFOv+1_GhB?U8IuAwHf0irze?*rv+tQ0Dh8`gx}1Y zc|KhJ!kmJ_EyC$AKSAjXg3mqn+v$0#;s=@hunU(>*Bi*Lt>=}laed!8y>{3*w+sH;acggGb6batDym__@T_^MkHiO6 zPO$S{k2L*p)TKsoxqHIy__G89J0szrMfGPB%-E`pMF(iRq~Jsvu}nw#;cQ zqJP)4=S2@`qq9GMS(pCa9q;*HmWwJR-PX=d#EDE4lQ@;u$MY2sN)}|&aSJ+kM0ND_ zbLA-8K5%z+iVr3nZ~BPCs5BU>Hqct8GZ0O?qrWU&7C4zMl(k!MQ#CbNN7 zU_tW-+2=^EKNB&{{aa>*J<+?H}%;3KS}Y7D=f0k_17P#IjJKo2FNm;;UAdT)NG_?vc;oRG6{?c+~!B zdGce%p|0EY9h%t@$>3yoSHmlQGd;YmM>kwQ`@r$H_;dxg%Iz`&@{$Mzu1Ek*`@(OF zO%AWefOwegcEE9@%75ly0T$)4sQvr2Y2`ed-@}m^=RdK0+=6|8gWHo-1-IDnStx~Z ziv{*e*d!vHsRdnuIF#;*GjE$V%vobXSvF9Jy0Nr+^>n&2*lERHVKj#m%_uC=k0zC$ z5Oz#828(GmWP-(peXu{aR3r!Eb~w?noS@VndT54YQ-GPN(9K z9D&LmnB4ig7cU>6&EVV5E(ZX(*%J$%On4FvTuS2s3Kfp%gkWzGEeU`K_|Xw1ffblW z(>2TR39vgncmi_O0w=Ab$kj~F_g`m=G=3j?wOsf}AVWz1dT_W6ILEB$a{8M+KpyQt zzQf6GWGqRycR?;>1kHHS{_3c?Z7V(igAW_d;GRiP`b$A3eNiAm zo=`>uY$|43^l8nRc7c|$l8wC{spIyu`{H9dY)$6O@=41az2}9M?9JTXu8g*U0kAt; zz$Ag#(G^`cf-KK3J!`A07Oj7PYUDC4LtL$~udwoa=>|VVM?uH(D`;wUAhD^-d}aQOPyzd{&~;0>+47w5XAf5vtdRd3I!JU@T8Mt%NfqW8=TJ6(I0 z-?#6qJfh<-kuCl|mE2#)tatb6x$b1e>o}iOMLbQ$V}Z0^eQ0BwwyW+KX|KWI!P;7P zlLDc_h;~fu_1F0CFxESuOR}&3gT`v&*A+sei!0A9V2KFXUJg0=E-Ea9mVR0_Q)M`h?M&3xCY_;X3Z zN!bW?;<5Ze$b`I)6kd8)W~)*$3Qmm!v=)s)lW7u{UU;qQ!yUVpy3y)Bb?S}deZPTU z7KRrgh3brpz!T9?GVOoG1%;pg%r9&B0^)AfDDu-!yFrthqi!zrDZ(iQOP=d&sq8Kv z{(o$EEx*5OT5rGaPa-2c_Fh+x_TF64cXC2DU6m`&^~_FPJ@*9@eYk2zoW`DlouaS| z&O>Uz_0&(LY<&@MzUh=w6U>@APE=AOU5*RZv>yzejfke63D7}NTTFCLebCmIlQV5% zd3CQsPPRh&l9=vL|F!!aT+O8?#o5nG3QQneVHWC<02BV9D=B=TU>8<(ST;DmJpcD8 za7t8E*c=C3!qx%bVjSqA5cmX_&0n#O|AU$o!aPFQLys-kjm!Y>mgC_3?7?%c|KclZ z+Lk~OCm|T?V{yVk0hkrL*lsE7Rsm!r_6_1!lFs`qvNg=1yl+N%2?~x(sj_`jto`?B^66hSTc}d&D37*A7Py~i+k=!Vkw^ftS07o?dFE!P zRBZ?%do}Hwi>O_gd=Zh}P_+)F(OrS*jpeLkw~uiwW6Ecbn_cf4g<(&rg+_Ox4G5_n z?U6S0pjzIRSN5HJMP~04LFV=y=zRN=i8uG-2`l*^#Jak4i`RGd&$q8U%U+7sefq{{uUX>d=UgD4{aneo!Au z;;#>+@8;`^`x)Q&RqSI7>}DQ(ziA)M_H2Ti)J2^wdd z1SXAO@cD$4n)5s=LTXgR|F0Ga;4{UWyb!t9lI}co--z`E>$8%oczz`mXyEbGXxncF zvi72a;wRK3meR)7x~6Rm3o|q+;M8zps~9J~k+eJ2{J8{raztx#=GyUs?EYR}vSi^G zmP0HKU%)WyP`uIy?UYOg-3~|aemAg?U$-*@fp!Ve*fQlP`M1Irb?|Q#N=1oSO5mI6 zuV9GTgLq&qiIw=slHw&1^&ysXd0pTOH9?qmx8(;Cc+F!FoowY$rA?KR;gk@v4z!w~ zLM+euCqk+n?jmfR9*Mb5hcd{8OUTuEOtco{y_g?mXq?rDq+5Q(}|M{IV zoj{H_gLP;HS?efCNaHe$ATCR~y{YrN_aqU6N6$kWm8P7g*I_eVwLA5%Wb>F)`2Vbg zLZ~`+C1S~JwQYU|H1lw=k;Ei!3>3JY-NBCi12&)~1&jbXf)gZ4gc7DS+$BaEf@9+S zdT&|z)8py!k-CkB2%Yb3c)1285R(#l)3$(u{Cl%I0>kn3JgLRaxJdvGWgk5r67Z)u zo$FT3z(r&-m!1~vs+(c+AwZ{eQi)&e2T9im&q`!aeMrJcH*eI!AVRuADIi*xZ23lyQ0Ka>YvaA}=4>6f<7)DOBbf*vNFON!n)X;(GB0wV; zeJh%sAC4y2ToZDkH2bEt=`3)Ei=-3Xtqe+yNBbQ=E~kLiGoG*9;!l4lM5Po(TPqerE%<^&d9O|M$KVnsmIm_-YBF%Iqm)AJb64bJ(YNM$9);NuLST4F(;f-K@G?WdE!HrQt zP}_oi>~h#^IEJ%MSPYyF9-Pv;oy4( z;H7L`x-uw`r+xDP3mBW4GWZR#3!c5z)PC!7^_|{C42H6Dyr2+q$P3F0t^DnDg)nwh zwIj&1c;jS>^CT1{ww=O58iO=#3Z%QjU!M0hSN6XkOc$j!e>(H}8U?z52@Fp05NB7} z2!$iPe%hO3{0(xs5YW8A*1$-+Q4n` zsqyoiPg~Xps_p*a$9wd_o}Q;NRE|Kq7Z$;9(EsfG@qi_2Z`B<}Eo9-AY7hU8@6DbP zxRb7g#T(wJ2SezC>giZzQR>`I`e|T>SSrI#LS+ibHg|!4>(D(As}b4^4k@a3#ndUb zVe1)B6#vO2hLSiu&ynHRR+950H6Z&kIkI*0T@f`4LV;k-&EH|A1R*;Lli+m$bnnX!c^;ubBq}Go>4|125gcb z-pauv(OpxbiJlbr%N^$jv>jjlFhn%V1+wZ8J=M!=HF+Pu@BA6_6$HmYLZAcM?)o&sOCIsv-LaZyNK_0%K4zI^V=;%tfe@w zGmu```lI^&|FHmIYGpreyBT&U1V*tHe_X!i~gf z9m*VTNT<-ey!Cn?X3fX>r!Mk?r1wKNd?UvmLbG7SyT}#(9G#(THE{SgE&G1SU$P?M z)Le?{fZ(z3qmC+s@N$>|WxxNB3+kqUDD{$q+|3eAQSdX!$``%BaKu%;v4Khjo{z&X z{SEZHh;pj#VZ=GTA#K_4BmlSNHvrI%>nvQ03NwG$0*4}4>c8Bbu!@z(Em~K_`yp3? zS=MO9N4U#2@m7!7?l5zfN362XTY2@Z%q|!`)Juav;24fe*O0mOaycQqRp1U4#|49M zpob<(`dq{rXf8t~6ebO0m-R@AsNq=~#mXgKr=x=M1QYqt zz|r$6UDXxN5-uywsa*gqF%+^W!b*C#hQ`Ewe2|1qf!<@41AJLr@!XHmms4HhUrUh# zj8>xJ8DP1KWG7r*o&i|(5$RB<#7i=N+-C*WS8d`7`iNhVU-gpXoa{I=PbJa^=B2d+ zBPH(=z``mjP{!mMy+EKSeKT2x7{btt&Pz*;$B~EtS_*(1&H;dmh zz-@yb^WN5MTyGD?f#ffWlMc`E$Uci#lAOJ%BXaDM4`(JK3}hOeQU<9Re;%BwXcs%4 zp3MyYGrI#sAWj%q*{0o{3{mh=+N{{GK9Ir%?io*m=NKE|pre7nmy8DI3+FlvvI^TJ zo>4h0wUr*w51fYrkAaTGAC~ebRHcWrN=kKW2nbTIrY@*SvS8?CqYD)k0iuGZmZawz zNisNuv+Rx8+3$*zDq{9TvmM+wVPv8ql&J_qj^;*NQJ@_4?;U7;Ruv}=6gfSWj(kk^ z!aem-_J-IUJE!HLG&8cyB&_KEaCYpXOWt>yJbq4foqnYO=TpDC`R?xzfY4w z>6m=l2X3YcXlHZ2M@l{V^u{Iz5^vq36};07S(`+piGFUhJ3WVwfJtl@g6fc8+_Ur= zrAgGnSLW>#=4wZIq)!yd(Df7(SeYfJW#@SLR0i)shX;K$$ZQo%HC@U{45@Ot)0D}8~6%NY;Pk9J-=CI8by8;;i) zV|kKR7zqT5#fCv zrbc%e+j}x@KIdD(8&{o4OVSkOF*w^cvQLK%Zg!>a;1KO+%Z^WmBDbA=k?N;yEdG^tI|wBzzPkB5h5J7s2OGBde!Zm!vc^jeVP``)>KHCM&}Wcc5wqWS*?06G2+Yg1b8 zsoa4;ps@3TN0%8AwJB+0V#*egEU#sT_%wkMk)6ZvBB-G`fAKfeGsZD7wS$L>vcolL zf%2upz2Q+}1-aq&jgsWabaA>Ex}*>Z1%A9=*K&JU#~V9G{XCM3f7Px#dEjsksjV@k zmF@KsE$zUAIN0dmeP643|GrwCi@1Dlwmi)_5andrB^~I+a8fl=Sgul#Fn|iix&HMm zJSQ$uaprEft{QjP{9k!Y%2I1WxLD&m7TAl383h9AZC;pM9>TsEhTx04TsAb8`26{U ztE+3*2KoSEC3-Gn5koRXEJXf6QD#0(ou9F6*80NF+x$_IY_6h%e_UoG( zlH;uL;YiwbgO7f?Fy7Mn;e+Q_FM+4ctsZRD49#Yb7^}X$ej$XK*z{a5Ym1pCK!N2^ zLUB85@^e&L6^^#A-IHH>OQk4Wr44ya*U>#Dmlo4Z8Qeud@o#~Ryz32XwRP>>1f-+? zQhO4G0Hl`X0cCGOm}nxL-gXCuHLrzN*;eI@h;_r6W3tRLiQPM24lT(%t*oX`HqO;9 zCui29m5)~p?*Nl;MK&fCQ5-~bXw*}5ZSqh)v@dhOeWb<(eL~qYUnG<=o*?fyN>3%v zRS5dg=E0LCOq_XtPcmrrbM9XP(Cc^(U0u4dr-hB!onLWu^-(!~?(6n=#D!w1$w{F> zmY!#=f4&q`D@EI1H6EYjJQS23t#>g(i}mg-2P^*nR|sO(yer4YTNLU<(3m%Cq{Lwy zW*I9G7pTLdR+JG>5Dv-HLL`cc(Qdr(zzr1NUOQgp4~rumnkxsCVJTPqeR=+nyWh(0 z9^ZUdt{zxndZp0DiI=xTYMI*pv^z{AtrNF`$vrkhXRcmq!7S_87rpzl#miO6OEBGE z9T0U#5}x2XuVP^)*VZ?$T;^Yvhtki&Z+A_i*Jj_()J>ei-uanR*9f%kNQigkuknN` zIY8C6rPUDN!*~V#LJj;n7EFigz`))E5D00q?>@ff=B0pb%J1=CGQ({7>Iq=kBan|u zDf+p!hS&|TVii5Fl=d90^7Dt(=)!(}4tv9=GMUn2_aCJN-!NI0qb$ z<@r0JHm2JFq`tGmv6&h0`WlsOk4aEhMPn==cDTv6`%;u-@YQ7~5l7AI1W1-5 zeBM0$LoZ$E`L*5i;Bl#)t8S~G*7evr()&W&x&tFkI0Gu7@cNCXo_~l(o{ukkX$`GY z53a5;#rTulHj!_nnIY+ylT(D(7JE~^19~~GoJy0jf3Xleg$MTaz|g(yk;{iz&E}4X*8wL zq|(shH}fJqNd0I!HyQ0joaeg^x+QTmfmee6`T4n7OLMchviPhE%Fk>CATpLc|MQ|v z{0&N_suqlQ?7@RKxQ(&OPGO8<@HV~b$ndQ=A5|6-7ts+eQO;37$eJrSFl7W)nJx({ zLDpW%HgZNd0z$1HH-{Qdj!jN#icVv#-A4Djg(Z&%T*rVAU$}iAn~q)96r9u4zy8)P z=l9}Ieo6J_j%7uJo-=JOz>971X}AI3@J{h!nC0giv#|l-c-1pKO)w5jo(6SSc9H_9zA?f zI~WZV@AbI#^v}D5(;ls{$~v5+mEG~AHhd-gZAg2VOwcshwdHSbCM6wvRO&7<4Qjkt z*lA%zTF|2r@9))w271))zgdu3tmA(KGN*yqvX{X2)>e=GZa^$7U~1ownT|J~+7{K$ zkuvVW2@t`3NU|g6dL!Hc(&bPXkbDX=AcJ*xDnO?$ye+Fb4&85`89`NFfX3_Y+27b(z(2|Ke5k ziQvV9KYBffAS(U7Pk_dUf&o+|0ioXf;pcDOec{kKVzA&}(|ryg0gL1zjmmwTwEyqE zz>e6B(uM{<{*Xk4o!<&gd>3O!-|dw;hASva&A~BB3WP+@SQfy8n#Mgpg`%gMLZLM? z%C0v7Xv7Jqr;BUrd-Ji{#pQpuVj)w3lVji`G>_#2asJ0(xYp356TKOTnCDm_i<<=p z0T7H0n29?ev@#S*xtn1#aShO4BYSfBJ z`&g!3hb6$e1CwBnDgj7a1F7o??2wW7gEl;3pEv|Zd}cQ7C%2vu-OO+yS2fmJ0&9DW zjRn;YhBON|1)Rw^VOC_(BQmAVuR6+r{j8*12qD>v&``S2DOPRCppMoTe^LG=AQ8Pb z+&j#*nU;`>-QOr#M`vspsc5E*BN6dc;7;c{UAhFWj=-8>Xvdqtfpuu=zt;9G!RLrW zOp3*x!}e~bPl~3@d~SYJPU79Anj~GDrzV!Q!qTru~5eU8al!`S%6`!+t9 z62PEDa-{Jv^8W>9J%1tT8xQ_M&VMy@ezpe}PkZE3^tHtM{O-}#WHs}0(*qV!3Wqx< z*Q)hT6#+h&`YyFe76FpG6q zIcquh4ISfzxbCH-pq}ZgNXI$S(mg0D?>H42DuBXfji61s5Tb)@PgBE6Bz2Bdcu}bve=PvO zD^e(Y+B z9X&Nf18lcXqBdJhPORBCzINR3s0TEfDMW{W`UD6E9tX5WU=aAd-X8$z*To8`Ouw?~a}PUGETTR12gL7sv6!l-9M>>~QpizK zD=HL2?iCwO$UXW=M}ES>Nv*aB=Ji1xXOvJB`}nWQNU-9FS7+|5Z1;O4NTWQ7p^fCf zrEMQNgc8OF-M$5viwkB9^n0xz_ff=mQJ$-QOT-vH%}7G7B)Kcah*#x>uJ5ukC(&ky zmVlUVa-E^xq~=VplUfA}_S1t9ZPr^}dI4&G^@h=`dUx)g)BizT=s9BM_1#pcAQ{G< z?u!0*LniE-puqDN2>^RGWyET~rnU&kDs*t5lHAU1Sdh#me!z85Oz4sX@nLcX6TA7V zNiHwiM%kI^(~_uj$u_LMbbeZ4a<=^R-g4|aI2!@w^3;9XHnO}xMat0J)UP`k&N`80 zoyW%~R(Av2)xaM~QUJV<1ib^q3wo$`!LaWH;m(m`diNph3syww{)vR%8 zmOSn5OF^mh2vyW#IyINakl59Az*c0@n$ugnTGkd z&?78^$;eYtO?iYY`Wgp9z5Poc<1-AF--^2ub<}i{!^{83`e8_6 zTLwgH{Oc(o3-UXKA}i~eLE*hbO(kDb$?_h$rAXv%4_b35JVocXM;Nf}r~P zRowtXqz&haGIVG4nN|YJ`Yw;j<3)mIt-IRCvMJo-qM*^NOS{L{mnr{SO>^#DdKP>% zamcncp@MfB`>fr($Q9$mfr5gt-Du-$4h~QHBD30XS1KiKP-4zaFM_z0s(~2{QFnv>T!4@i5biYpCLg1O028=t|NPnbbmWkN0a~{g+baHBt!LqC zfz>IDWvZ`*s-x#@V*`yX1P!%;A|VNlFQJSPib~)z;*g~->`tI3{w%h!<~-*SUko0v z``B-%X5<5^P0kF4u$IH_)ymo$%qpLw+K-K z{sG*i3_4Cn#nKs|c^-xpuV%*Qw9?EYuQDFX8K9cm9kiE_6EbN*iR|W(iZ0K=1GI~! zWNc)Jjaaovr3vlumO3()C(PdyuX`M#9GB&c@L~G8Y0V1X)dIgKN}lF^W@uT5wGjl} zTnG&>ouMg6+IbMNN$EGX`)KG$RKG%shH?7}r89J0%S1Xs$(bC=_V*xP<*XnukOYCU zfl{JOkruL2p5-+O8AFr86hd4=RTjBF>#gX+t%~EtjG(I9dbM>b68>{by`WC9R<#%! zml!zxhx!sNKKDoXlSCv6MkAh5KT(;`MfL{CX&;<2#&iaUY=H_559Yjd9K3iO>xeUN zwm%o4N>NDmpBf^|=BifGuy{F}Z>y&0Yzgf6|2*pj8;F-FS1ZYJ)2j7qCtHF4GcF-v zjVkTn;Glt^WvY#UTIJI2uHiMgwtU_JX#^M}Uxm`$ZTQ%i@-9ENwUQv=Nq6`BHj3Mu zwP=Y4ol;Tcs7%7>yOldtUrP;C0}N&yuG{)E;e68c_M)nHvUN zbivgQYMGjrBmNX4U@3ktGVw_aY2%K`^&wq%j(k&br1p6YS0b&)vd0aHZ~)I!rN)ZD z{#|Js&XMs-v$U$Y;BHB25aQEdfXh0XKbf@5wdnTNXGWNKPi;g&08OY)Y006SFdx?^ zQq9ekLJvkd)}m5QY{GdT2NioX(OGnwldV8+8=apjan)8XWxo9AW6N$Hh;k78Ed3BN zL3Qh&B$5xae1N=!a_~bemB&%BYv2%Z{279h;=1ciw_MQ~qYT zR;{ubkrQ9zK7=$Gzte>#30+}ke_hxR5{j6k2xFJRj5@4xq40~nK^G0g$I;2%Dp7JA zC%oGEbDm~_o5LyubiVoeWs6w+4)dW9j|wTN%n*hS;UC2lUuHPEU($X%CY+WxXg(6m z5c^#DZK0S@ySv7B$!K5lFMe#((nE{|1mLhxPviaLCazXHFE7mr7bk#1W=;8eg(3Cg z^!F~HE1#tkb|%`d4`Y$|OL+8Z+#j8&ro)0uvt~7h(zXi- zEVd(Lg#DyOxBZwi8{;7%Q?Gx}s+$`Uska!=X0iIspeu(Rx*QKDcK`P?Kdxthlgh}*=G{)G*yTOEIi<~hVg`)NYBq6y^ zFmi+K2FsIWuAtSpI5)bry^-L(0_93MWf5}aUieXAvIDD1CS&);1ujtG7Tx z2~9v1&6$?~6BNc^qQn{XD@ySCp}cXw)#NGqVd$r?Ap*Aw!QZev zq2A_*#Dyo#`Z#fb1Rfw9D{U^L^Mjj^P`b2eCnl6X6hDwM~}?LST)b zKp}OenB|yQx!!QZ4zAonoVw`YG?ND-H<2AAXYV3Hun1k)D}1wxmS)1Z9#4YiPp*Kx zK4$SP(+SU1G0p%ytukkd>ojQ?w)5vUXL?8y74rA%pFU?H+Tt>Bmd_DHg|N)$nnsQ8 zV&ROI?Nd~;UoAf-Ug}J6!nko?in;UE_=RHBZYwqxpC~Z%7w464N9A$NP6YixL7Aeb zHVZMgTDLLmJy&U&H~9~;uCkRBa>m8QQTj1-ai}kYrldPih*CN>s+hF7#VrpdW2$UD z3E>Go_Zf5@j|nU#te>Wk|GHUZ|Az9)!O2jB&ly)Jwi%T<^_vpKil3b{zSDEea(j@o zU4RnV>AS%qvAg?i+HK?UT2l4G1O2P|pmgC-QsIHc#%F6HL@w9mv>eXhu$DtZ9ceP` zzW|T*>8B3p&X_JCAA#nB*oRUM&rDk6d0f6)9laTKExJ*XYr!a_Mnf>+e{Kot9zZnm z8KJK@S-kjvEP%0KkrL=SNX2RHIhzuR#vBqosUmP3rM3)AW~eW}Rn*n!QEjS9m3XU; zSVYrMUP*fRcuaV0s&6VPi=Kh-+V)`Zz0eoI_PY~-iH?Z=GrgnpvqZP#pGMxfrsWo& zhe6U}YAYsRgZq;0KVWPw!;16`9VrQeA~H}c8Tg8P3tv?l6fm_!Dz_{=SwwTe=_%G7 zsTZ5+^SQx;Xp-mzBa2X`F{lECzcFQ0_Urz#=j;1r+7xQJ`7%AEO4sUnLQeKCKg97T zT#F5Dvdq68zJ2o?`i0`?L4mZ_EuPXDgV6)e@yVg8tYn#;WPQ{a*nSqNaKdF2PRm{n zCL!4f;_=$d{6i5I-$m)T5ffi^(Pqq%MWK zeBzM%NvNS8uxrKa2rg37FBGz`PWqB68jGtn`dyd5b;OCDQ*EE~-y5t1r0G~+uGeN8 zSq7#-+pNx>l@c;X6epX1q4*Ju_9NzfU_Kx#lsic0Y`TryT-vOIMN|-2n%lHC^yCY+ zagQ-suG9@EzPhRDQn6WZW`=>B&EW$J7$xM2Gu(l9n;=Xl9|D*an7Cc_<1p%JBt1Y z8!uR1F437Jbq(WpweSgD6y<{U&-z41r9tXUA_XbPdw`S#W=K#qIc|(Knau zYF}1<@XcarLE#y1*jrDpe2_eD-7Nn^$|$;K*Bb~W2v~O6Y&9I8>Mjxx3(@J2nQO*K zRtev5Fx60z;)$9rjOu-Zc^5>Tn)3ylB=3a$q`m1M7kM03l=0$ojC0&-Id~I5s$|Fd z&Cg7tNyHn*HbhJkU6D!RF_AZ2B+vhl&kwADW`B%r&y#y{tkFcB%$tM@A2rD8UdSe0 zbjC0TN4Umsp+xzXoae2|met+teUpe$qcvV%Kk76{q0#5ErsWfi(xCCenHQ}ZUVnJ& zr{aaE1OBA6`%t0zI|(Jadk(JeWOMOO(iyx;(`{5$F4u^8=$E`imIC!aXWwQC=gyVXhPC)cbyfChX?}Uy^|>VJ%etBw4Yj z3!7gih`Y0K89%?CFC{qa_~716R94a-j=jLV>iZ)lnyqG#a4a?<2>6E{Z%I5HuCc8M z6&Kg?{>&)&43(ypou(iOy<){Wth$)DEX3H$?7zrZh$we-PSSvGVB;bmoq*Si-*wRG+7bhmMXuvC*F(zGI54LS#XAn0hLOEVVbz8FY`n z=qbcQ{mRhAQv*^aB4WQuu90DiKhTR4K=S`QVH}&#(p-4@WJ@?IZOq?FO!*N1hir^T zI=3OMLk2isssap>K@@Biz;0V zqu0PY2>Nrs>iQvecQP(7hZK%XI7XA=0q4u{9dbK@=+TUua0n-su)Z>n9`Np(l}ss- z5Oxp;5x*dqW;Q=0CdXxXutsZ@(VR>O$-4t`-9|&SUQ?){bHw>VwKULY(;9SDBKv7$ zTq^*M$=F*3+bOEa;=^&_KGhEgSA)v7tB7iiO~=mfLD9Jf^RL$j{9;7$+#Ek5l+~n@1%5F5Js3Ut zOs_^Z7B$CC!HM+7lBYmF!b2W~I0gleDfATy9#Zyalu8zDc`e^Hr!^OOU>pwT^9mFY zohMvpTMXEcFCcT7SF81D3njS+W?2hubRbjEzN?tmgkRtf(VkHrL#K?Bk3-_xofzcy zZWLoTVJMFqEU75+H!z5c=dkZ7dx;e%%3)9C?()RQRdQLlnrI5u&I@zTJ;ukd2@b`$o8k4%4VGHV! z3Gcfo3?xQQjxRxmvf%Yx?2457~thm>k7@*9i+E zsPN=1ZYSsze-w4LUiE*%T;OHZ4HG+X_#o-NXW|!4V^d8ge$rsBX|o*X$q!Pjh>ZmCG#VgQVu>IB@KpSiw-Y6DB_DrVjlgll*`7F z8be1)LXtd*iH0_A#oh1~p7M`hPI&mPAjc)(oPY^kn(BS<8t|KuY`|}q{#l9rHF!Z` zlRaAG?aq#<$~&F{L*Rhz#`&tlgR99VzazkBfsK(G+|XWYP;M1Au_CV>q&NYri~*G z$tGI7vDRFQaOhy4=Om}}&c{?-EwZoxv;AiTSe!?-k;pRF0CdJQG!@g6y1QNU-tjS$ zAovl43!#Ms$Ie7t9j!1&(!F(2UyOVUE;lb`Hr)M!TVNMyq6Rr;rm zFRNpiXwmfP6RRJLM%>B9JZB~wx;{Gz%uP}3UGNTo_1Ionikq1OjBY2hsj4<+ z$<|FBz7O_PoXjCTb#%D?G&!_w^W({1eqU}>>DDD2crU367`51^-V~&;u>XVzC$zM* zns^X6g^Xqv2g%==C#9a5f(6t+*AF1fc0hjA%7w>9SM&BeRPHi^T@`2UhfR0Q&H^Z0 zA`v@63-erC(O4EdHLFXuBUJNP_b@GNg+H9IzR5-FgGIe2MxTa>R?b&) z9xn~Dxk_8N3ZDuPbsn<&A{kZYX!+Q;QWY^ioKrs2j*2$UI#@lgz^mmwm)!8Y)Qq>$ zKgeBB{G;moYLWsQySa#@tZ%H;+I$x`2`tuAlZkYL$IydwGY zDnH1;q{_eQXpS3W(Kib>iV~>vw3B7Vfl)E!Ej99H;x30XcqEkjS_Pl z!wy&a?k+lRsS>TED!;=tX(kKJo6)T;x|85wXqUs}>SC&m0knnGedE`uR<1YvFtO%| zmLd`{(D`0F6{Q+@D7!*|iA6nCe61{B%Ht3@%)h;7-PTkaSDM&zB;k`3gyhG41tG0V zfw1Af3v6dpZmzemLH-pa=(i*?BSeMadciZV-+!Oa`r&myb=*z%{3v{D3Eui()I7)Pi|@;3r4w*Mm{;!fBA{c1}l@%nkojtM5l z-|T`3WHRf+HE`uvh%_PontyyhqVri#uEI}6+G8{(CmmF48K$dC69#mdV(K1$7P&Ym zdoSKX6ZblHPc7YDTSm$9W#R*nGi3~wtvT(Sz2V0p+_{XHjPVMKmGdbGX;2qP( z_GWlv1&KpJ<9>AaH@#147|D$WrhyveoquTD!L*4pxSUn__3!u58?Gro_J4t~81eXaSwzj(zNy^CxcV$*`@uL&G) z^CJYM$_>Jd#3xjVq=^*gBY-;d8SQxoDKS($9Vwi5HhKUt1)Zvu!I~(oNV%dtQB!ju z<3qY1+6bbFYgCUPLHC+Ief}{=6wVzex*JT8SW@(t_4qX-do{<+oN%wb8jJvhZ&QTw3x~a*n?Bq`GE!D#}m1+vDilOp9E!?4d)heklZ}JJJd-iIHO)y z7VmOsVdJivpW8#2Jle6En`?qLpfXnK%&ey7XDd@*HKDj2njESpT$v7dt&k@W6hftk zQ(v#JBrz)#9W;l7kk>RAA*!3f*Mo0|gQ+Bcw87Vw+_~6n5fK2R_Z{aG(fd&#y1q$= zx;~9y-})ecc;B#9q1`Y?K#j;^I5cCY#ODkq)0SzO~euA=Iz>z2~qWa`a%I+)X<3sN`Gm znwDCFs-Mk%w^9yWKT)yjcJoUlWFnS}@n%%?im4P_ow*&L!OaR44ddx{6@9|$6~t-0 z*jb*_^XgE_(bV#m$#-0EWunijce`=iR1Lg%TtG+?Z=`WcWA4sdLYW!c0)~2)4TYW= zHtRKa0_VazA_{ZsVBgZtgKl79fuecgdSrr8q zYvK7&95z@SlrZ16Dre~U!Fh7cX-`=wvaa3sa!;I8xHw*s$S1@+c3cPzoiNop*(}q! zBVH8NNHNE-X7zlfD(7)G7%<|o@YB=J`QN8rt0GF0CE=jOVT~pLTE#?5xVvm%l!n!u z5|{%Iz9mifKTSO$PsAFmzSp~#!eYd4Y|eR*N2(D(3qwm&vX8hu%xoKWewNVGnG|b zGY|tz>xVbNHzWzWQ_RynQklotM(W2ulc_xrK6Da(SlxPWP}33#t%%8VsKSH&%G*cT zyFWI<@m}fJ{ro*pl*N8lOQ`4Xm=y*%xxgYCG7bC6(q|_7$rcmU?KoWE zorvL&XqE%hZ zK^-j~PBA^Hzb0OEFiH&dZ|dvAb7==Q49rP*Nl3FN&d}VGI{>WK3U8H!wV+cv4m$rD zSo4VE=3a;{h^C}l8ixnSu8zkIEmK08Y@LgT<#E9ZqH77Vk^rIF)RmA#~F{lKI z4K7R5K~UNnp?eI4l$|x3wDTKvWim*~$*_}OZ8%L2$-I-8By{suz<|g=yE4#cmzZ8J z(A2m_MyJg(=Bt{`j92d=ige!Ol(E>K|;MDVcZIBfF=~8pJDcM1f zbpV-ngoucEL?S7j)v`ZiGH?O^bL5zc-{J6MK{hfLEB)?-5F<4aq?Ot2b5BD_11F3_ z#F9dogjvjP0x_)TOtXd0%E9`i32oX41h`h*5M*>aGN5r0pJVk}PQ@VWDg50^4aQf| z97aeM?C>eh9oj&5wX}iXDAs4G+8ZB8g8r(5bdyK##s0((wPWaNG=7bq`KKIKOxLy_ zLMk3|TUuKkG!d%_#q7{PCT~hU7&FKWcAW{Q%SlE3-a>K1=rXw8Esn_tL4H9>CRXt|NEBt#_v3n@A z3O*qtM{m^G{$R%U;0_O=WL?ca!Qw3ecRkB_S{1EhRW^D44AW1O?3=I+i6}dybEW%u zgRoA?G;w1F=)}D!a}A7>HLJ(jzh@@-xA5y;Pj%8gueyd9{&H4-B}Vvekz5K7?mkZl z@0zyU=-#pfs~*qhOi{;Xw{Z!cSO#K^2=zUOeCQHPke8RIKR<&2BC;FEBlbe`f-OYb zzNHZujrtHbf=;XJ!1hTz#S7 zlAuG($x=(odgSoEaFyw%+O(X z8%H30i|dL3M40I$C{`#;jwqTSh0)@2ELF~8{lu#9>O*j^f}-6p2ojHveOAW#uVPyu zxP&se1n$*kDYJJ(@GnaihMDqfkmR(f(Fl`Rzdn$!nl$f=-i5ox-P(V(V(PC`C1Fd# zhw*W%s_|M3i&p*%z^u5^pl%89|MX{jEB2v{YZR^9^Y;5vpA%vhgKkJzVIWO0sK=37 zgASRKEREpeqreQ~%4YUbul|n1`@YWk>q8RXNx%BtmKSi2|D<+;!i$Pswwsf3X(ugn|{>NINGbsg%Yj6!Y_?jj`<7Tbs7z7Svnj45Vy)+B&!;uh*?01j7I~4nLv~zP*U=;m*|T(`nA{V*iB9NG#)7m#Y7m$+RSpt zwXwjv9fx4)5^ypr#27&@SRg|A1@C1vDGAn|v<8Y%e%p#uDMF+X?;9SUZX{wypx&HW z+Q^%NTgoqt1`oBvoB2tmr1JjAwdtd^_EDprZaS^Y9HB`O4 zl25E2wID-J8k(BU$WOq=rtBJ|nJr4O#dCyu;*V0}py}Ke%*>_(R$BT>Tw183EkkV$ z97m`L7eMC4y?}kjav)I=^`to#3jItDf4tX2y`Z;`1@1Hl>*LXL7+dMZ|6(Wh5h`BJ z8x^4*`_%F2X%ThoLD8y-?c~cr$P4u6h|ZDldj_QbA8tPepM&O2Dt7rUB@)T1hkETH z@=Kd+Q(r)URTccmg+&~3@1?xO+G|#3d`ZW>t_nX%JVYig5WFC7I|3=yqttq~u6n+* zjjTU_aUiX#H=W%`wK7`cpHU|C?~|c2TJ?Ba+A3v9;s{82F4@ifI-<_OA*dKc-+mg_ zOF>JHx`>L3vX*YVT16a!>ej3<)5+K433ZbCu4WQdb)z}Kt>9#XLTby>0G&NLJp2uN zUEvnN5a`n|4XtNRxlAO3n9~#owJ#F(O^r{H-WC0wQQW^ZhW(a^s;}A&*Fv-^ls@U9 z=>ykp^Sg3AV~kw$6!Z^9`CfLV-_p%&pBzA6AbRirfr>CSri>c|r4YYWxYzTYxgu)Ap%Ab+r91DPZp)ZhLTE;jr8?Xt9frz- zuhDOU5{4jE)4MFj?}}6+(X6)pdr?OOK94p*IL~BG4cissI*6u`K;EmqpRbrLK-pQij=&-%3US;es`X|A1WoLS{D{k4Y9T^^qfM7 zE?}>U%pADto_vxvC>s^Ll9O?rL1RD%yD&T(`i4NOBN~(qxJa z&@fMC@*z5fv&C*JoLYzAlJie7PZg>s(Px(&MoPnnxjY;L z5Sk6~K^2FQw$qXliI!jqk9cDYFy!2J8Qee(y|G$|S)g4S=BSk!*NJ@YI)~KS6(eWH zZ(Zoff7cOlr6e1^o>i)xR#?Q4xC-nunUjs-m{FoiVw8+FX;rB3vEM~}EwjQt$s7S_ zj>>jxt15jgPF^g~!XN!XCxmVfss#aM_8Be{8f+Z0w~JK@x&j0RW7}+qSeGtphZ(3Gl3GWregn2ARIg{SFQjG z!}o%a(?noWA@@DpdkUC&p6CC20c6>VXpmqsN4=3nmTqo1J+HF+Y_N7!D%b2=>dnqY zH^C@|4pv22Hm30>mSOVAoVOBc_8iC^l1>>C8%!MxeHfUSsO-A-$Kh}4+rxy2Z!F*u zS+Ig^DTVTRZ9hh1h!tThM{39IkJKh;fZu9`4x3&T(~MixQ4Mv+* zJ>y8OlD4i$E-Kuf;$^_~Sx>`(2z*YuE&ahJtns=)L1VOfZ|4rp0)FHzV=b|N)uN0| zO4_en^G=j*SU@k0O;J>KK|ATIY(gGTe^tIccr8gvA?@b#Q-|WL92%xQ=`0wi%ERuu z&4dGAYx>GTS4~P`@MUyoL|u%3JH)X@%y~UBYv)zd=6Y@PEt_O=(mtO#Ka5*hMVP(# zxWn`3CSh((O<%wS!p@ui{ZIMFkXn#f-(B<9e8YPA(LsY57Vne;+*@^=I)>^m;g)%| z``1JIU7j_LNCuw?@R#x(Uu6%s5o@oWs){<=8f-pra?U&QuNW79eE+H3 z>m4#G(>H81%uEaSM!MvJdHuZ;exE&e0TG2r`laEnT16lzz32;hMcvgn5%DEK%{=lZ4`R!aDfZn!E= z z?Ct2VfO0)Qo;38uRedb5J(wY7%-MJvYhn?(zTH=j>E4vi)dz~UZRXZxK3M4)~>wh7cJKtqFU51

W5tNd$ZT#!JuCoq z>!-WOMBfbfy^{;X+pus~RaFGGs@bGs&sg+08tRH|&_lyWNJo`@`EdrF;COJT8Hman z6PQ}^DPevJ02E`!!RPl7Tz&zpnAEd~%7UuDXfS0>#JkGKa&sX6YcA(OrIpO6fwQ;v zge4jnyz;uE|30&Z>$tdoL{j!|ku_J4EBhm_nkBi*L^K!16FE zL@0iLIH^u4;`vwuudEC7J2H0beeLP6$u)#LTEmD9;+9Q%ihRDAJDK@Ab`3QCeYfp; zD*CXNn&%VvdU|(LX5X^u$UlNlTbh4@qmM!hX-Uf5@spr$lvS;DV*9Tj~{pk?ASn_PHs3DL=97GFrrW4^NpZliin8V`aSyNhMHr2P1MB`m9c&tY$@pQVy0hIIB<|g)V1i@eI#^|MxZrp0` zU7m&4_HyTIVS`~U4}4lQSgz%z-(j2AdETrgw~#PobL!gUVdQIv&YU!t9yfJ=s?vNi z92=N7jwm8B65S3)k%5Z!w+mK~!Hrz?WHPBI0(3_`HPINC{6q8VV1cn7syr$ex%0I4 z<~TUqjJQyCJSW230xW#f6O1jy>x?l@ycNhW6AFEwRF?5DC1y;7w>%?MYzeMkOQByPtCws)atR>DxlQ z8r5&-%(X46a8u+yry8$cqd)-P z^XBE|hPg7Y=^tf0&|P;STeIg24vIU3>dSugv>~_XPT`s;FH@N4$*N>qX8%gGsFg}t zs)Y%g)s&rqqGYv8V{*i3Dw%E&NM~Bh5@P2X5FZ&?IBII0;}DHBB-(4{hJqq69S$VR zoFwW$5|XV?32^aUy`!NU8ynAocW|kWc%~4>f4@`U?26oH{cUr3>!jjBtU({X#ZVF} zm`78Ku=gk}{scN{h_udew(ljHWEAl-K5&xf-S(7$7+WmbjCXo3ju*N)_k}oWtiC^ro#c{Bf}Ij0SBrwF-8b$ zfB+mkyi5fi`aB4X75r9Kdl(vC*FvyRX8Jw(ue^l{+1P_`P91X07hX6nU*ar2EiR#- zT2(6u2nYr>X_rmoYBcjWiJgiNvxAnXu>F&kE+J$Q5uHtgUO6+=4{*!!S!U@t8kV)g z8LN#hpiokWgg_<+HumCRIpylvW+p8Yie=N)A+2`$9>Bs6nW4>^owP}#g1(WI-ZbUqJm>;%Ft$kIAO`xC(O%ejnds=mHZ9HhJb z^S#4i_M}&T!@mj{RN6V?x#HByb1k?Dkp!$B<9~Q4pCno3j8VqCzc_c_`KS>i1{ddG zlHofw`gjZ^q{54UjNf9;F}i*qcjhYQ%+3eCDPP3IK9h%9I1_^MVz>lniTmX*A7i;r z+0Q;P8~Tl2f21nmLfAfCzvd~XtA5-_uAHQgFb7DRs~}30FvZZB!U+r;#Lm&%JS7af zVI-6DISO$)3=?5NAPEIi<&#j|V8dZ()LYd4;HWR*#0ls! zk~dFeAj)OXRrvr4+E^-eS1_t(_TdCSQ4n=P`}j)>qBRJMPCmA}u999x;ee(b<&b}S zZm3T9D_dQU`PVoOmF7JL*jP;Rw+D5ZieKi;b2aK>S-|L_^f*VzikS1lHTf;abnW2T z1I%!~VAuFB3R%lp88dIQzq2cNI(yDN zCaJ=B2-oDj@2t)R?uNuGyJPz&hwWR+P;!A3NrJ`91t^G#B_-U9Z;ASH`47Jxy+-74 z$+1G1=$EVS9XJxPYtr4EIFcMtwx*^Mt`G~UV~asjAOD#5aU`@vNEmY%TX5@w+^c<0 zG^*enmO1P^Z!_-CWQX=dq9cn|*Z0HSI7O2f721+k*&ZNhsM_*-p0y}Zx{Jiq#k!LK z@7r;XP~M#I)sl6-&}$WCCk$!+2z59$ENmP6oe;*yd@U2#Pu1j=sGb>L_Qj9ZJTF&E zo(P`Z_*5b`JqI=toM{B_uJ>YG47FJ1P#<1j(u*OD_fVsH(*a?pD>x(sy?o+dMu(Vk zmBZB9!jy>P)}KEYU1u{+`=B9zw>>nm(&eP1!_*;n4B4QIi)8sJ#U>D^%G>`HGTSXzwC6bd!9A)}?$xQ;N|#WY4oo!uF2uA)NL6H|zgdW-1$&0v*N zo0X2=Gi*^{yFG-jYuMu0;~~bvGjBRh1+Q^5tQe?~tWo&AeR-csh?jYLN`jGQ*tl1+ zX&Rp)K@BgAsoPGK0aPIUr;nf#2&(A+lp?a^_E%dFNfRykX!_>}dC2aGL;ibYf=ue6 z?(Z5+Fm4Rz%2$!t7*vfbva1gu4|ul=(MHFkvYnle{T0j`+rN@YKcWA9`o5>k z&YPnm8znjRn^L67kdm?K;BzupGi*8gLF_3nig%EZYH95u+A*A5^cjuv4e|lwkvXzL z7)j;15I48kUbr>)T$r}RIc8LZD6z#+HBFF=Y8E|}14{kqxmf3t{H)OTc3nD`HC~+G zDm~MK6%{Ec>ZreqNhwIWp0i%6FsIc)M(q|JdkG^|y!UpOrBy!^rsxVNx;Kx|1I#I` zhguB?nNdEpsUWy(+i^N50n{K>3UGfsW0;Pfi!=aB$PeYi;m2}HThDr+A<9xl{A5RC zctzfwuJQ!^!ca;Jh`74qn;RReddw zl5n0A*Z%S8WDbr>`sZn=0m@$STSp2v2~2E$s(K`$$vJI z3*9-CTcRB=J+rZip`L13t@PRPu-JoHDaTP1BYRYM>twLxM<(a>n2R|~_!IS2-*O~X z|Cma$eVbgOzkiSZd22T;?nxPDf38qo!3^1c3 zlPi=|x3m;6kNRYxsTN`BDP9Cg1>1E#1pc`)M0{HtXkEy@o1B4)(G~0aT^0B_BJu{I z6p8w>FVy#7n{{ufoLxucMwG2WP?h6fXVvPj5(zoAlSB$LZ)zLx$<3$#4HYk!u4?T< zU*vRg;c^P*=jr%fjt+LWS=^4emZ0J<^MMF;?0%B;xZUAf9`%IRx0nUPG&xcygUmjs z&mP~jNV?u4O4;Tu{tJ*k=DGMc0CX>(EhIwO`b3|YfB z>Dj!3#6GCXJsUZN>p~T$TLFXs!mJrc;34i5sH`F{Z-KIJWt)23{mwANy{8i`2;j5v zkC@&2v={Do$PtHXThySO^+KE#gsjS)QFi-^ zHP%380u!*0w)bNsPaf~YsGejVzgtejskLvP1%zyB6!wE#@dU>)x-^9D3hpYhw%cft zPAiR*ix&%LQhbW*9lkc;s$$k6kl6bn_=0QH^=CuN&XePx*>6uJQalL>xe}l57qgfd-J0ZMM!by_DW;%?Ve+KJ~#VeV}0zyKce}9|>FI9ou+!(gOjuFTfgbyE;cp)*QIuYAl^v_0*{A>cE zypUrr7Z5lC(aTS=u^_{wqf0VcfF{gOA^PX1A%KG!1^mERo;MvBJdr7To~$)Pb|3mQ zOBy*=pB?*_(b3V}2zsHR4b&m>=RcI|`6H;@6M4b;qBq9KJTQm-(XS4aXK1;b zJel5jQX^;-2o{!BA$gTukQoilfo(JT+9r=4sr;ZU;jBmG=jfHL%9+#x$M2hlXQ<`{;b40ld~Hn$O%J-57Qyhx70q{I|m z*9pIk+T#A6mHvMJ?i4d38s}OUDZK*`M~Imps%G?lSxC9gGb4PztGet$9*ZeK*&2p2 z#Hj&dz)F#GFHPd@B9$aRSL-*$aY5WNwzf!w$j+?{cCI{%gj~I7jAd>_oO>`b@EKYq zM2}kH_NYR|nZBgA!ui|QG!d>LJw_YWT^o5%`|ffGxiBPMkH1@Xp0!REj&>J)d)T@5 zWKzT8oS2M_RLtaktDu_kc{K%x$NkB(g-zaVU$~?Lp;^DVhb2Eg`2HZGm83eb%%(ud zc#8Hz$qchbmX<=#($PqH@Z%aSs^xTxm=oJ@4C|7 zIcb3ySIZq+`Z0KY=O&40^UvQzw!D6Ddp@%L{BuQC*8o7IW>(?@9l68TtI4dv+%dAB zMIz2b4u!_c4ZZaAB_$<6(wWwpPz({0Y1Jml(dCHQwY$#k<79dH80U=J!)WTL5&26# z``@Qk_&tOTft=OmO33cQv$-fC|(veiq_uJednrKaDry= zGi()xa2aE@)`;%VV38TpNvKqepW6__{^FGV@8T02#+!rF)byt&2@_LCkY-?VM-cCg|HO5&>gRsF1N3s=PgJ#_qfKb(huG`Mwmu*B~>rO}K z&)=y|t+D*;w);M6d?Q2B5Q*jK*+%%??eS)%@9K5V=(WmVL-@1fF)Dt$xDSE5)f<^{ zxJVHl5{KPxiSj_InW74$arpvox=~Dy#Noq7g&Fs<;EhWL@|qymFSc1f?EZtQD~x4#+5+fywX(aAx}1SSL)&+cX*v=yN4oNU%Gn)ImmmN=e2g7 zPszJz!4?TJ48R`Z$%BM~C`#5FI`EJa@Slf#UG9{u!N=jD+L6gn5E+!X^O2zx>7n0Q zG@3>jp7_rea%?C?#VGKz&-$mWfs16ogdba3$RK*@t$DRwSdH02K@@>&bIXqw*&QTG);yxpjkKy6W-3Xms#+-HpQz?VLn&_Jvaw_$%AwpCq~%72m=tKz zrJVC+E0nnU9(Q%D%L0UqowsX9QAF%x7<4n7#sjovKG;yihy{T7(j)ixLWBhB+a~qN z*y)MUI;-{3&%$qAfog3xK&@!amGlsaT;YHEh7HtI@rdb2XbI|pw-AnNC9;~c%tRAH zhS7WoTD_o4d-~WU+N^u!?1DE8d%dm3HKTI)IxpdrtC)>uIYPhdv@VhDHYHx-K#1Xd zvWiD{(y$9zY)?#?mkeVhaX3rM%zI0;ImXnh+?bY)0(LzZx z$v6p_3z{JFfg=&7nRFZTi6uFXEhyupFIt=G z^I!gP2Z~iw{FIgTwqSxNI1B9=Lpr47;39%3hwzq@$Jv=ydfVw#Une^&pc{I6M$xGV zRV4**BtvJah)Z|oF9ax0SPP$fO+`i%ckPJhDg{+-92SllY@NBwK}=9`a-tvC{BXTt zqx0b+X|Fw`6{6zJ&KYYN{m*?21{SgS(=PfkOSm)aQaC=8%C-h!Vn;ERk)+Lzl2mfy z8S9del4={z?S&%CKvsc+rxvN>4)RnuLno1SvaMnM!;nb2ox3;11>p)RlC|;jLe;^h zJc+;7J4_#fbo^Gk(b07Ql84et1bO&?27rO;$eYoOO8v3YxEgas(g=P4M<GO?1h$E*OxV~LBosrKeB+hUacs}h@VO`BC6 zod;+frLSg4*I@tC9Z^hxgCA&RQv(81xt&WBoMBy}665W!A`Um5);~yOKQg1)?^T!ZTC$jZwQSj6Qg}B)o%`~D`aI`C5mHxIN zMTCBZnR^ynk(<;IFrGZWVWt_SN$}4&v_cZo%eu!w87c#9?Vdnxsp$S%QTx;qlnzOJ zp}wRstVl|UG>m>%bRCyOZd>n+{AK7RDgCC15BCfiI+9s56sG=lOn4-$<=EuBEtU0H zJl-(62g^|}AJL}4vp0^aX3de$eERS`!*&pdJ0v8l$(VtU?So<{OlQ|~0%nqGnHO+R zLH=TP#w60z-Y7f8vnWx>+))aZ_`=+*Voh%?1-mlkpCpWp)r3)=uPB~cDvRJ^W9`A( zXJd>4t=;v5zyyoh2PE=Uq7ZViMsOy|AamK#!0N@IuSF2pB;)+yzS-cV6LE~d&k2v6 zIBF)I4ZA>>6bl;*Zc>OSJ+aH6t@fQtbaS>dM6_oo+OcQq1`0XavH_6mxg{es2>iv? z;53gIl6)_ETmkX1{~7`4{fz^Yq)rE!Ls>z8mc4U^g~~hZ?UeDGX6c>S_TW5;yLg0N z7-V!SCOQKa`M^rQTZ)X3dvp))w=LcC*q4c3EdSa!5f+IyaOG`iVj^=+WL6D~nj^sW zbK4Q9E{7H1pqL*One{!Osx>b}l_!z4 zCHTbqq(`SH_?>wGgEtp(rET0sCGrE1C~l01qRux-JaMn8}{)@UU|(o84e%=~#BqI|K^ zSJ|8rt@1KBQ55<EFUIQ)TBv?EJ|yuZ?)#ob?q06Z}Ay09B{kg zy&w|5tX3s!j?e3o%L2bIianr*H!+@6_3Z=&kHI=LT=;zHnZ$qd>53H1w2En z9cAQK#Cm$wS?77RhDfxZcv#nCT%I*kaf@yK;h4`*1TP~m}+sbPwwN-Z=36Dy?Y=AvaKYKWFN?8}XKdTV0Yo@$1O zK!1`nV0N|mZCOx~qJ;r<z66`gAkvNmB1PlJLnPU?^moW3v1(zM?eqzj&@0sGJG; zl;KLSH!BIf`&2`+&U+$DPEN|`CJqi|EZawtC=H+nvrG`nCXxN%fT7M0 zVHctcQMO3A2FXQ-@MLOO>jCyy|E{lR(7p>Qe`83v`i9C(NmE`yaV32;jx8!ei8=Gj zzU)kRZw-A_)6ZDe^5fhv+oYY*lNdg7gEHbFpSmu)GXGn@>|m9CIDjtYrRt#|OjEkH z^0v&b@Q_Pyy)!;fB<*sK30^DOCv}8iGHcWu+s>A$ML|$J+z>Q?TkWoH>p^NefYL z9v&l=(unQZMPusEPQ)!^$!T(8+mNvZEJc|LJNQ@{t$VGgaBU#?@qN(oRi;R!?nF6JU`lTcNZ!&hES8v^#F{i~6kzrsAcwK8WeKp?e(41QDL$e-ZvcYCf~@F4H1g*kusYIX{{UZ9qHe-dZIwZqy`nXx;|CpKiB z?8{s1GJ{p}m63aC&@K$oE=w&6Ohr#Pz9PTgJU(PhZ6ZCyum>)IBvo z;3BsA^MR%R|D)-v1FCwSx9OJdlSs4zCtyO_yjpA?q0hzvc~s&QW$jh>Uz zXc=R?CXT}XjeccVQqIvMbE7UgoZdDUC$I3>!!hL`2v>e5C5>MrK0a7vk$PRklXUP= z*DA8rzyK786}jcr;3|uNKEsYQ^6bqB@Cj$CP)a7n(C+u5>g>?5{uHp$iW<&7Oo-SlD=6P}A*_{P3x{iKA4bh2S- z>WKJmTg^iI%-t}hn&oMwB2HXeOxknaOsbdUpHhjMMVV8vo7j*y2wJJcdwcqi-Sj*k zigc4aBm+1;PumnKFM5<#&vwa|`}p~$TG9w!%H*CKzM$AyK6A_Tig`rksd{%AQV7oy zCCMjM9e@LJ7NGc?fWW7O#g9P_w62kkjiu>!n5WZz^pjxM0jMA4WbrEj2URWpp8|We z{IqBnNr-jPdgZr1-h3BZ=GHh@(&wGB^bgi)^?x!rB{bS1mC7jCqzgB=aGA_?>ArnQ zl;-Lhqv@UQU0pjU{{5-f(wK(rv!=pV!;W}@sw?HPn!l2TH>C5*ym$=#gByu-59p>c zYO?8CZ#Fga{v`oOK(yr=(-MB}OZi;5Q7pW^O}?To0PTMMFn z(k(eUtW=h6p#Q5SRo35wTQQq2yqm1FyT8LB)MQI%g8knZ#Wp1{U`1=u{pm%U zmE&wOXxx!84~qZcvX6r>Z^k(HW;Pkas+Wf0fQj^+}#`L{Nl5F9hPqJ4b z#JMWvvlnB+=yrVsUtsyAJMiLyesgLc^rSiurmxue)kf~S@adpOT7DhV776V;&m2w< zrrw$P-yZ*I%;(I}`J2 zn{jgAv1r4vj%ZUvm(vKor!^|Y%Oz!qK+N}IvQ$1xV&L|%PdFOJT-F7(_smV9B|^`} z??6`~ci6w`y-Dl1!xy55F^5Nd`kyV2$15_XAEIb#^+Iq$IqDuMD;vOgY$5Pgf5}J) z%Tpx6!@=?B?QU5SrKjE@D{_`9+(cX8@A|y;_~On$V3{zxQDJvm$e?JhVOrt%f9Dlc z-u2@N2d7dRIB~06OFeVSO1AA{lDE|&liCf3ycMHguS#StN7U(5{MyXjKb@fOppC;_^mn3D_U{KRbVz-x!FmSxDjQ85oi`{maVh9q+m9>aJXXI9NqSUS?;;P4^4Ks(Z)q4&QWV7YMIh}TB6^BaVM zyu1H!%!)_+lfF-z18iJ0Wo=-AVwVr3w8s4fuT@v1exuc(xNfgtoX18WP+>t_PE@-< zARO^ktSn2h&*9)L)i>m>w4NZ78QBBb*UcVq#-T?UJ04a;^~O+%!F-w4iT}1P-uKqI zlq&@3_$lj!=w}L)r?VB_PlmSOcp7D@6Gd4fe91^l@481OsQY!Oo)T*rDuK8j6Vy^MZ6cRES^ zRB2o=mgK{TawtZ5E)DKvQ=wTKOn<9YFPnx|!+nGS|{FL;f=wJvgIPH&Qa$E z6Q{YoscoYYBRs+WWvt$B^Rb5`%}7@0yJA@7n6lrelmwKd8Hy{xltG+51{gIgc^}xs zeD~Q5<?M3UvhvElj6#+GWN+i(%m-uD2i#TSHa1 zYNv0ze7BL-_H1CuOhfuvU22@dw+k8!bnCFin;dK`DHiAB3Nv8YRu1a<(f_456srxp z6wOMi=^Oc-&QUlnn`9yswP#Yl6`iV zn&3AVUVO$*O{`qR0}CCUDh`=n<;N8^&~8#9FjH)`nE%MzHU-z_3*h1z^ReYocT03z zx*CL&n#IR`RE=V(-fPwxhSXz!OdL*TA-G`Ia4Dxq z-BqJT`{hlC=6T?VYV%x1(epQ~U``mR@PE4p7hsWbD-I?9$>!2&%|zU>=9wj$5X!}e zI5j87!IexXEN&B=!t8A%Cd_%84lO}@hsYa>@0OZ>7)qvgrOsHUSDSV!i$aC<9&CD- z1Y*c-D<`_ORiBJ1HFIU1=cGGSv~r9The%&j9%PUe39<~O1^@l{ne)uHm7=aHL!I>c z;~FCgqWpjFfVZs^N@29AJAPY(<4C*T-B(xK*L=_W@a${*aAyp@zy61^Jy4SR=XpPo zeaH12n%`OQj6q7moIeAkri_{#sDn8o*zvF9G%00()SJn$>Ol?#hs1f59iG%<9b9=5 zQ9{q>ad>yzb9(kk!!J*3FHh=P)!_E&*k$SrMh}bgTx&j;Z@8Dwkd1D8iZbldv!9)_ zA2Q`HK}$B1mESc5*U@D&27w7)#dYI+wnGWj8xJ6lVwvUncbxz9@ovKZxoz#qZbhrY z-`d4RowRY)>#!G1SU-!k{j3L^^z*uB&`^~*B=5Kzvlsfe?7VY#F~Z8)+?d9MBu4z| zB&i|R%!z>wEekf~m5qxw<6Saj>HI-hPHX0o4MZvI$~ zj8rzQ-v7c<`nJnh-TnhiU()*)m&fygtvhCW&ymI@yN9!0G$reZ?~1z|*>|J6!Y_AT z9nWL-ewQt~SsBxtU}a#m523-iH^JNW;0ygyb*`mP9KYfOx4(*2wfqG$a8*2`)t07c zJ6CZx87A~Tp7;mU8A7OVDfiZ!x8De1KwJ6Vx=%6wK3}zpw%u%oHq16ZaDq8%=(OxO@ZIlzzm$5ox8R%iAM+Fgw?F1s6U7Ay zk;?nQ4MLM@N`lv#O7J8uli*|5rAod?oum$3kQX)J8+tCSn^xSmh{yR3nLJ+-vmeD* zkD9k)rQ4rwmi&**$l8v6jGX*@IPnIjF{kBN1#cG2)L@?ujb84Z$9Z?Zfb|Cr!>ij) zS~o{vFVu}r6nEt}e!a>xv1Tx# zyI0DEKE)w2P}tZu5$c;YP?-VU=Gyh-%@Fm)AE?&9m30o2H=ydQl%LtAe&7rtsuGfy zXo97`?yW&AwG!$q6bw!p`Vsnay!Kov07eLXadzU~>D~K=TRbSv?<)V@{z=;@sI9dq z?d$g{f7M`$=64hdRe6tUdVxZcEqiRmfMpdC{v`ck2r8<8|KlY5lxNlFT=W2Bnv?jP3CB9U#f7 zm;Ub~U>;ub$)4ztms$PqMx;nwv7c9fw#0%J>x;s}V=^~3UME_+?O$5G;c8D4_J0Ol zo6z|7a=8bbHgEk|RcFp?jR-940$N5GW+4HjV#C6WNcaAztjv709=`qNkM8SwB+<~qVo~B}q?E7ttu7RwzALA$!dS7+_V>>5RM~XfO+dXb z{l2V+p|kVOZe)l7dAK}sqs60=#x!t*-f^QR)c=y(pK=1s*`|)=_Xf~dLNfpS`CsRY z@bi{%2s}&cUS6UiU#VgB{NXjgna51$@$TIW`=7i*FB@q7R?&aF4l6q^zn>lf!IrMu zN!GJ#*-5td*&>SLJ1B|sf84rj3j~Y#0Fa>V?r+A{7(hr|X5A|QC-Maw0HJkj=C~vC ztiT)=e|JlNJpc-DBLnd-{oVoij5mOp^NXBdR6eluXQxua_bQTF69Sjfx6C+bK4-Jl zemHx;G%)KmemY)kxHw%}d%gh>d0A@Iuyo8=)hwFj+3ht*9=7hY2>`ic-q3ra*u8y= z;6<=$b5iS zNDvl&afDv{)sXToGb9;ByR2E&n|f zDIp5&yVk?1HXtbeK->o(%wlJ*6=bNoapA?Ex7;{3;@Ou=P=&sTX+%F7ZxC@0y_W?@V~NV z=o%ol=l*oz0Ev6%qYFSML*MIJtWkd#m#Yvg#Rbc3UsRs;fc!WiLg~$~VyN+97Ik;E zalZ0d*#IjkV|h%c@+7LgX3JL}R{!C;psm?fcdXuxyXTDqWS!4gy($88`k=RVpWH6+ zH`Pql9rRJ@eB5E(F#*<%!t+fooyP2Uw?%8P{_pw)fQ0}i**$fsOrw1Dey%CY>!8%* zGD68mw9zOVyk>i9>U=r|s<@?K?==$$PkOtTAD2g?(?oK4d~yNj0BQZZvm<_y&3cqs7w0t zj?&6ho)3uh;?t$psA6q*_Ys_zNR*eZeel#Uza6>jpqHzx6=)lZJUiZJ~|>jcTul zrL`=LY_m8)+z$tNQ7ntj6M|>}3|~hEeodF=kYgD724VYDgu|#=LtSLqx*mjF)qWxC zY1ryQFDl#)W-ujezT?ET&T=Aom(}k)${*P7?K^-l_nUZ~+64%M%lxP9m#+W`a*5IG z`T6-T&!;bbz_bvWRW#&Eg-(*a+ztR9Gm6gvaBBYNO+$YwXxA|u**I$>liu|6x{@LX zatmUlU#`L!h(*?`ULU(H={|sA`2ws;{0I0DFgGc?RbF`9gM?_<#w-ld(b>Pmu@8&` zxKi_B(#2I^$}!!b(|SD4sP~2X4)_;4WLW5XfY#{dHU_@V%V#D5}WY8@# z4?}Jwq$1d4-K1Fkkqfga>&rJCIr(w*;3FM=k9i2N)FFKwbq2^ZY zQ@EF4_aR!*gHp8+(jlG?9JsV;K#J}=lP1MKhAa(Paw}Uz`KzpfpV@OogBL+TwpzLk zze`LOh+=CBRrdxD=~wdH*#3J7IMSIn-6fCCm|^6yT8O-zh0F=84^Gf1zQ% zm&Z$UpQb++8GsC|3r1_d@*98{6%DtKn^CM_H+k)xD3d<0ruuUW3;0kWqU|9te;Qo& zRT~}q9ot>@rz5zU3sSg}AZ&f#3Q63~0m+F0vI5XFMq&ei!cRc7|4^CN-tq-3sPPv7 zfj;Xzvk$<|qHwGz`SZ!*Ddac+tQn}r2x0sLuq?Fj0N{*Hz15Va-e>dZ7GOAPzjGUI z+UYmg;6Nlh$F7_?AE7_8evNEL{H(?6J7Nqwi|!p)g7lWF5hoYN^w%b{fVo%#d_!6| zs1bgO3qju~Iz*c!8+vTAKxDoEzuZfwTxgP!E$3XT+F~Am&xR9d?z_OLFmL2tRGMLj zRHx|mEJf@HLot{M5Y8#}b(yt{d^uBfHqB)AQ}mr8j!5T#Jw)Y~zd_oWM`mrWv2}!v zal1fobYBT?NSHHYfSkLR5fc-0`YCA@CwRlw-(|T>mEsa3Y4!@T(vASV5weW_wa%X_ z{ji)*0#e;M*bD6ID_3Nd&rehm;yt_sv_{zt>+fiq^Rx^tvvy4vzVp)OCSdDO77hXP zMsB}w9@Q$H`=)NIZ2xgaI_FCeEK*KLA>(a=hUwl^pNAqFL7pz-dLEO82VBL5!@{yF z(n;4dXbc-r)%*+nk3)9(8*z2C%5|F(HUp&DQi>n?I~Q&0uKZff#;Ag7R)r&_S@gzj zvST*woLY~W=`@jfXaHgi>J~pYtpw!FRT(@0aM52S^W2UfAa;%xFal(Hf4hF4M)mvz&sH?s z^l0eWFq8wH2ygWg!|L+fxOAO9F(F+Hj!i0w5v#9frumUAvc#z%pVfqsVhlaTrWhSSVyoA z4|d9CTUSdKt+HWAMIE9Ui@Ez-H58<&b9d%}lS{nJK_Bwy%r@5zPsVg(w!5sMWpMoh zzwdouduYa-$i1!z|+;t zcnkQd3S-nJ;84CA6ZeiogZ@+i2uz0U+Ch_}*}`kOOLk3RVPXDY75;8J3{j_K0(-o0 zOh`Zg8F|0M>QA4l2%(RqoO}?eTl^(A-Vno%y#uH0zmCTng1jN4YfXvRMbZa{JoTi-HX%&ywE=RO{ zYs^yrR74`ZYw9=t{5zAKIsjWO{30<^=L2M{=L&|vwE#wPeADdbr$0Yl{Rhr!&;PdK z5SWqrUa4e#0TB7zwtCIN>u{Ni=DP>jh94lMyA#=Htl_Ujc);|jm+birNcA_I6&2tu z+-`)GPXK|pWMBqf@2pLO7CKNEw+~v!ZV&Y{iVwi!V|aO<5q`q*i95KyzgeLhkFbpX9SZ)mr^xgwi+jF-%?;L$o{Xxsyp+ zhAlR;44yxMYsnKb3)~gCMzIh+L-elBr=`xJPH^N0cpgiD<=vvRC_7Ta%SBHgMh7bM z`S*Ei>u6$e9dwzIq*B(0q*1|bW>|`5sNw3W!b2#er%}CU)rnmBS{5P3v=bh1iSlPi z-iheH6|3jRYRG#B->MtjW7`y%cVs{sK0kSE6`^9^@$vAfNFXaB*MtEPm9h zp2uU-hVXC!ZegZF4`MhI)-<3 z@WUVAJ-Bh!!USt7g2kf8WPoFzb8|m!q4A6krFbnWTqzyjD%MyDA>UB8n z$nv7wMeB5UUHiZM^Ut87+mJu|3om@zz4o-Sw&HU+2Fw8H^z!_0s#Q#nvjbnP8VJ|S zlX$GKldv%_R_%tR&4~}s=C#hYM-xEkNE{av!|r3kfseXpPA@#)ti0 zo^#1z24CR38f9FS@e`En@obHq1YH;bjVQS(YLpyv`h(i%)FKuRd8baaiA*IAryeRx z+#iA)Az0h5PVt9KJW?auV^Bh$rSsA0ZXe9gs?!KFIP>#-)6~TW*x_p^K|_$t_i74g z>J{*0TW%I@Upe>G)YPkkSXN$jzfCLb`CCQGwd40)EdPo2kB>vIH1Xl2%^vt)V3^>K zJjeAj=pi8H!P9xXN$4 zCQ35el{*hDeJgD~wL(?LA^zvzaOh@2o&*E63x&oE#t;Lt>D_8JjOtnrEsv6o2s_nf z#d4Cps%$;exa5@W>iBpG_rKzc(}M`PK3g&)t0{hs{AfF5NBfi<$=|!$<(4=T$1yOKp6D$Q3rYD$il+y#y&OPS}pjpXZeruCw z&Td~z$xv4!Gc+N{c}1v(TVRXiKo`l&wv-;;s#B+^32KVA+tZy%z;+{Xs1&^|VGji* zFbdR*&a-SFv>Eg@ZF=L2bSq_BqMLfElsR2ik5{M!^OVJ`_9hdf`2(?_ol5P7tV0>z z(>h`di#TD8@^W&AzPl476+H`i?ylA`J04^ilxQwspQh=XKe7|`MdM;Lw^Fu387O3Ps$SZK z+>wKrny^bOxk)A|_IJOHhlqB5SAP)G*8Hg=zOhf7JZSR?qxoynhmB_$6Nx_iQiLH` z{s0ppUiRMRvPcbiUCVbgaM)X6Y!ek~82>F*y>ZeNW*#~popbmI4}Ef(?zad!D)WGN z?jOgnNRTnZff^Y0z3j4sKe*RBY`#rz>T53Kp_h<5YlfM8pCw{J-NhvkpFJ*)DB)xb(x@Q$E80e2ylTq~& zx!Or^lMFr+cTr|!^UR=fs%&~1h+fF1%P*QnF~0_ffFZA&vJ$x8%TF=%vi3VGqc2pa zuW*sU2o{OWg(9SrIt+>YDy(uw{rjHS0*h5G{te!kMF5*fgKp9aU&i}K@gb`Vla~^2 zaJVF0%Z73Cqol<$?fAg5YDdWO?T_6WiQK2H7t2$=-tv;hn=D>>S{MX!^6A9MH_VXO zuwtigrIEi*Vz8l~F$6h@U|>tAbO))^i$r4Y=fM<+?R}RgIGK+K zy{U^xBvY7VMV>#Qe}2kbBvOzaA>@wk87xB#KqiWDMH!OoK;OZ}DTL0G zbDN3F*5f~`)+0z*K14IeO;2~aD5A!(cYB9%P+MttPeQOpU*$MpAFR-+(qPsnIdKV5 z6z;wdh9zHBhZvC=Me5=sJm9WB^|2GMu(dh_W)`wczONLIzyxiDbKq%}vfBNgyjEo~ zi($1ypIIswtUmga-Q6En^Shrgh46S@P?5ad_~xI(134$G&Y)R=PfEH9oT%X>MsH8g zo!#BFHg^!ezkID^+hD83?syj&4~Q(ZLAbN7= z(6~tro*SH!vKttES$mlBZO%2Y5S4q+ zdhHp}uq<#kJV$n0-v^|O^AOspkKoH{GyDIU*1z>tSO0xj-Kp65niRoqOhFTEz1>b! z^142t4w06XwfXadI+QxmP#ybhvv2*471cYE#)RLf({F#fD2WSc-c4QjK%S*Ox!zw{ z^9}idgPDEA7We;@N_!ptzvl%beTc4Z&PyXOQH(xS_kkjVsVD_*l6nUl1 z{iV_q4hH6Tg-&AC?r2(_)l?pXMw#;OTQFzuKQF2yU|?ZgZbK&5xQG9p-`-G(w&kKl zj7*=T))iGv^zl_~gqKLW zH+bVP();Ib0lY(Q5u!*Ij4lWW*xy~ZK8I)D(uh<^dGepBI!05g$og;-yrrq88OUir zj4{wxcfZsXj>T7dra3YX;qlN@e+`7qxQx$fd+>BHIX0F?r_;~Z&~O!$;3d8Mn)y*`yru7}fQlCoS@lW+OpY54hxcDc`*h*(1c(>Zaw zv=yQ~V@zy$u#q1ACPmLn169}8*Z1H*duBfHc8LU&x%si?+3_9taC+*+<)xA54i0gK zZmY{aDhVG7nUD{tLqAOkVxGvz$hN;r;)zp^{V?w0-$#)*qegoIjDt+e?Ng zdbHFuv9@M}Fa_Qs;>ja9hfGbho+$50y!wwK zB03xi@~&TGf!A2}A{|sq==N^!zxM};eEph@OHIebB(C7OagNnGY7&lwIP4Jqx5l}J zN1lc_;);n-0V*HWTO2#E$)N*8ZXluIl+!nQ!$1|GXkja^4A4tqe+^8Kg}M3Ek{%G_ zCi^v@>38?{LS9#U0KaVKtNKPir1k1w1L(6&$Hm3fY_c<``{VQPWF<8<7{nW6{?X$i8sZ<~NVGU^_1|9~0uS~s)fS>y0MZd4RHk~FdIXE#-431~ zov);1|CcvJw-|n+2;AIFpsv*Q(H|`L<&_m*A0L2Qz}nTYoAq~@UpL9x*c=2x!&_B( zf&{bUk00oH;AvejFfmnIoXj&7NiZ=*_YS5Due0J zo4q^(y|co5jFSQa%efo3)2d~U|@mZ9h{XgJ0{X1PF z8+x^<7#Khy`3*hvxozh@0Xv!r`|rQ&6wCrhRzwqUgltqy#8XOv*i=SUOdGpjxq6kp zCoscr2;YBQ%mvd1dPb_Ks62k?B^Ueh2!as(p3|b?z|{tN%}7CEdbCh0p#uR{6ZoE! z;7|ANApF*eV<2;J+_ZKPTcTBM2pm1oXb+cwVE>o4KbB)U!i(btQ2l8MfX=k?sUJ>u zC5FPt{19Bs>;CvXU2Byh6*74Ucbnsd1g#7Z7W>qT71w9iDdSQ_>6^6 z+p#4aU0suSn1f`)VRG3rP^*80)K7{NqY}nQ5sT+Zi~cj%O0yaz9?Hd;kj?wy5ObwZ z{A@#vIaqwl|7e5=>dF^W`C#W7zwUu}Dl0pf%oRH?M>ho^a5ZzX(q_N*lQ|@n*O_Kg z!_MvmVCH!sz+K;i-=&yTIHF%wCx(Vvd>^>ndSPH-+OOyIA{E7ANd?pM%fryfXlQAX z$w9V=-V7O#g-fs`aIM3mqw@0d;QXYNb+eV^L)FP<+`YFyyXmGITk&_YIvmfjJ z41O%#cauR~=eg>xmXxOIro=|;p5zREk`u)bx}#)-n`fN$qZF+7Q-Q!%QaPSX<&lHW zr9m9LkQ5t7a?aXvlbo#?P+l;D4XYAX-OOA3#RC^~~1CkDnOo$i{ zPpb3gc&Q1nbC(s6QU=I7$(eQ#6dZis!fe>iLq$~p#scivGYH`9{ml^x2Bh&pJi_CmKAwQh2MngrlTWVx(xqPuB5b$8*+G7G7 zK_nOsum@B`#K7Wikc^dk@B`=q7=tV~K&^RTUBT8Kn)mPPf$)HVjSdcimTW)p)JQ^OAIDBH4y_o6$n<;%Dn*svFYBlJ2 zz@&C~|9kD5alSPG{1@$7Q;AkIm!!l*EF2t(1&NvZLb;TlltzHDY*kO1LlYBW!jK9` zk$J{$Z{hDi_^cHeebI1m`yPL(SmIo3-I;oj{dagZ@;X)eEuvr0$i)Fqj}G4jlnUgt zI@zIt>oPYoB8Om7tDTpZM=Id);m`Bcj1qvHby!AOs@d2K;-6>8lr-zo;T$F|*{10; zBv8Z)GPFDW^ti)F@Gp)OVV&V8SPtZCo|GDt8o1mtoD5!*@In0VF~7p?^Xi1=5wgFj z#=aq=yEl}!P6_BIUOERc(Or5@q2lHORLq+y>-JA&zVeEtXZ_?RkMj$udD=C7SaK72 z_dZ85XUJ8Gzz028Y2!|EyFJ@*xdiS7SO-;X*zGHj^aM+ul$~8o7ujc;#$l=W=~KmI zrxbnW{mw|r?)Z1P?|u(A$L1r+Q%{)GvcRb5sC)x4!31i#=`jKhi%cHJAg>!hSw0?Z zxdQF>-3Z0oTLb^y#1!Dw&F%SCZA`7@L>AWrLMMV7P+S14=psEswx%KKu=6uK)&=tx`ER2z_%jjidANVk7_(Is_eX;7!m49)mZ? z)HWWl@1KC-fqP!w+$1|><?72+- z@@u5jn$S_v;ZNX<;6x0Tb-zG7kw0>ab2rS;8e;<~8+At%H>{Lm!aFY9;LZ_k_1FMU z*usoF1o|?;(2gh^DHT;hN;U~ufuCRnWfE!Pr#=sUB?m!JfSKDoUw*tnK*-?-G``bu z>q{@x%ue=I2>>3Yi7J6Pz&idX|K3xEM9-XhcivMFBRk54AT(@87~hP~l$%u)q;ucQ8Df z-DHjka7a*zc|QCbNn+%-n#|eEehQY890ZI!A{IQSsawnOp~72`kl(&^%-$ESpOOKug_iZm3_I zIBION^u7gz$oKZxtCamnNaP8LiJT8&$o* z(fjLXLL6q(8MnxM;#vY|8uo@LIW0}b-Kvgst_b)L?>`F#b!B&%);(lQ!gJ%@-5t&Er`uBkI`C07JJ!4)^y701~5Bfkw7qLjfYn>-Fsh zNA@cC{dGQmUN>pQ8yKuq?9B?5c}_N1~liY+H@3Eym4CXKhM(W(0ISi9lV<-#@tyTd5NWR z2<(239=E!c`Yo8u5$FB@5CIX^1nw4y*wmB9_MifG{KO55UaV?D6oa1UdHMHo9_;m! z#*vYh{-6dDC&=k1sfE_MfNP6vQz>Mk((y0Qw7eR&@N2ml$E&=E&)xf*+()Jo{Qv~jZFYvL45^3iv z_3#pZl$8OJ-Xp?YKZ5p*o|Tnlmzz5mu0rV~REgesvOE0!n_`!10q;E(NJ7qu z#D~{?)zGU}z-v0!SZgwnRRwtBnV9wezA)O1B8YtAGgjT}?@eh66c&Wp=#0y!`xa zs)e%HkQyrAfbY*c8X`s<+NX&Qm$c;&Ux{yOeUU+zt1^S!zxFoJ!k$qDe{AckImXR0 zTCtvo<{4v3S72Eg2;dT{Ad;|8`Z`cy7JM)WK!8N3u~lXJ8hAl>^C>arGx_`eW6&zGr!I7lKo!*c%VLe1gL99X#Uqwl{yd!fxe)AU#PEBmG1{ldE= z6Peh3Zy8ZuehAc#4a?KR12}@})rKT{44j;FMdqQQZWW^>j#(!PNHP(;VR8Qa`Ii!$AZFY@ygHCgFGc%7r7k zy|V+k6#C_h-9n8CK=G}CxRlKE7*U2uIxGnl5T)Wa>qm*yBM+ei!J-czAaWVW#naxI z6FZ^!Fzo97$sJcCPTOtn-_%W1<0rlkSll>@%BzzK4GleGfsZTPtAC^a!vnIp1Jiun zjSnD-fx*hk%AJLL)$HV#gkn4^Gzr?oGb~xrtOx0UgnWwhz^c0asg1xi4@!sp+$nGQ z*-$m#c6ut9Ax>_4iVeD=!h(I1d-1v)jL0GV;YdpS=W_NAI#KM`fEJt(buK(!lH~q3 zdbJNOY4SzDIZ&~3YK1lm%8N9qfGyOox56lSM=svtw1Z$^{_&%6A_?CW$XkGO2VfZs z9so90sTLyrhyex31iiU%^h_CHiH^G_Q{UI5{r|lH5)ptIR#UQPi~(O1ENrj(*5ALl z=;#nGu2*|gQ~6TC#cMSty;u7)chQh8NkBr!1|^3^Mga3vx3OV(;Gc7mwylJg~$JzQ|JSCaWnFt7xcv5XXK0bnNz04qZ z102W&>oDz$j3wb`(XM$5bQlC# zOlz0h-0gw*1Dcg3;Q1py^Xs=aQ@m_Wj?5!75E71k0X@=_Qfv~6^zpoGZ&s;yP~^Wz zBMqvl-Xw_O_!A$YzQu#*{@_X&HCVWJg%e5j*~R+G z^B%-r08b$z^1iDPc01Arp@3IF0E$>xRP+}lvsztk!8e+im~dE(c7-Q3%b;-e*hnND zI8w2**8&~@oaO%RV0bd%1txZ_c6blOk&%&-j`ubrlY@<4tF>kWU>~?ahZiRY2M0g@ z!(xLi@DulzTR5cZQP(g5Gism%4i0e9YJa#6zZB3xLPGkx5@cRX;8=H@oQ?aBg7CIj zGu+Nzm>*{XaUa5X{!T4^$VnjbJjF1&%?G~EU(4lDYf6l}&_S)Xjo44Q(JG(pz`5gh zhJo4GD?}tXTB&OZ+e-cM1WwMbt`g7`AxSk-5>)Ht?=5Dhk9vQoC8;Q=XIFVfd$dc4 zQmI?q4kCZa3s}vm^PDfgiSLi@f{O6WSUTdikVVj25VKiTBdiONjgzKShTY>D1zz2prush#-feULFV zVk~-RKKwXq?l3GY7wvpchLLpa#VABDwg~fu4Wpb1s?Ai1lXrAd+eu?>izdXu(J|LS zIp_~X?ncdce|Ilt<5pzaCAz4V#IL8Exn;r<(3-29(FUGGvKm4i$}2~zrVnjczN`Ub zmsgy0y@}^hbcH+}6-h(G)!BK=HRVUb(&*kj5Zzpcc z)fM-dQOUk}NU2mb;Z6)|JDJ4g-G1##?S8u(93sYIsBX5R;r19`drmT^#^{IX5UG|`!vmSDmQ{~$Y2sHYz;)B}C|4uKvCtmP%ZOr( zff@89UAuN1hXvs&BydCHROI|GCr*JT5sU<_FXR{DWqi8*LR z{=2N9N$7R)@bE~t0`TCLcs=ci$rs9oh%=@M$Dg zlhnB=NqRQkJ$; z4>378HFkulk^miwtIVQqkgXLY7#yFY&L00?b&avHG1zY#PCyS zbohAT_fDORv0X4xcl6yPtzA=ms@X{1dIce?pSXw)27Mb#(rFSS+(g$UN-)qPFotC8 z*`FEkdC=jSc+IMFCEGg-uBIn9_h9CUX~``SB^=|kHaVe!*flddzs-No$hvFZF-O0b z?(gbifPF!7>w#RW_#j9()lVEUwZ0urCjOnxxB`Ui=oRnEe+?P)?hGMnp}7>N{+TQZ zY<5s!+91lO+2Y3O2Yu!;KQl1sg_k{8$ted|8Y(LrH|R!?2cLv}aR9Oy5O*_^`}6IP zhn@-zjR8-cXh>RH8^1kEC@=H5#lWiI3Av(1m(ub=G4F-M)-p7qrpbG_ZcasCk&?5L zP@7Y1^KItnMRhYbLqy519K^sEO^j|9m!<5+L**}cu%ZjiWf>#IMfS!HdWY~(`#HoM zb)e>V9bItE3$D7w1>7*kO&H~QHCjj4=Rb5*)s&qPA2Gl8Yau*FZT$=m(&4!4Oh0*& z>=m17QCbw~p;!6|2LT)9hxfYULGpFSgOV;)1J%Ov*lBZXt5e4aSxQxuQJw6tycg0! z5G}ey7}M@L+;A2&4H5DdDrYdVD8wVaSr_Lj!gQAN$qme040ha~Pc*+QD&9R`{BTT# za*A5QHJRTU>(O{eK%7fRJ*O~3k2L!%E}R5wrR+jS9|pc=NRu5;$D9=0Xjh0vbv z&e!yf{w9QaF?$PT2q7G@s~d~8v3AFkw(LeyV~Y*<2w(g;MtTnk_U{!fq0Uq;^ZL61 zY7dyyex8MB4dtVl0D)R#i1>dEHN`2Dnp_W7C68JM3TB|uGu$(ia+`YerX_SS58z^0 zV2LA;v}PYswRRtc=Hsb+s_@`k%++zU(TQfTxPlu0qA}c9q2U>OS#e{{Z4$eZlT8QN z+1arINOo%~Dhn5yK(?d1!7fDlrbKvSRq{u{;TDOM4mzg3-D{dw4huEsSaGj<$|q+0fHfRF?$wGM-9>2%RV9Q(ZL}+Q-mw z1EIxD$O=W-j0CBAe{#&OKNPZ!e{t_H4JVAuE|A>%r{XyDg80N3h%eNRL({|7em75b zo%6muG@m)K9kLL4b*rDek_|Q5TVKWqhA_l%Oe`_ST>hq5;5^UiE#s7yDy8w;b5owa z*8md0=jX$qmegmBqd*KTEf3xujBNk=7GHrHBfM~-qZlC)}^&#gm zQ+l0x_jighVLbBm85d->$lfqMcT`>h5=k~9^b)y_tA<7EPE1#2`80{0?3US=c?{l5 zksfc&VPXkUYtI>(TL@;FBS`;pzg13aO1^q)&uI3=2VzTTKtAXX z9b}TnQ0YTS3!BUN>;ejrHSby9+18Fod`O3ex(aq=?fAnKVol}+HwJB&({MJWz8nEg z1e=wRpON|ax+nr)>6eLIOeM;YoOOi$#}--TqqyC~`l!j{1TJ6xj2d^W{yK!up#!zo zGJAG1Js-$FfXYF3B8IwSLVFb7-cT!R;N0#7+?I*ixIItFY^lAjeZzli|1tir@5UgK zg?wB~)^kq{b*hN0ZYi>NHJ-`Dhjp3&*sG8~pXQEQ;M>0s@OP<$jXS8{#r2~c#EGP3 z4ffR%(?icx~y4&egO__Vi!iB3U%{CpI;i_&Su~U&dhVCc2 zw~RuV>?LbXyPLz;rCkGo`4wtWjOOjzT7G$_3Jm!HMn0%uD6TTq95IOjJ}yCoW*agR zLlYu~bEHJlW;qJH_|#xtp|dk=czEdv0yUxkN7Hx5W7)s&+gtWX_8tu+*?Ws@Qprk@ zLR3h|CL^KDjO>OHC6O&Ft4QjxijYDfmGL|7&+ql^k6zCcZufm%=ldMTIIqjx!F#yH z4fqn@FrFjs(CgiIx?@2zmDoM>g2{fHmyR}WiGe(K**i$3i;|mv2}~D}v~&)sN6Ca# zv@YEdr@rHqzG`!&K&oWRq@55ISse-kMosK#daZj;3Fj1!ee912zLdEZ(`rX-=Ur!e zyE6J(w#2mV@R);^NlA>qyUagh#^}$?fwZgI+00YcZ{<*`O`Keb1UabK_uiuEroT$_ z>&)B%8#_CLFIJcZqFJn>H&v)R_2No^n_kx@ovT7m;M;mS>9jvdc%1M*% zQrglhWN4>4AF=(qsERG@-JVWY8kcbXVTF4W;w>DXo2PD&$ufU0E|;8~jeC_h+T1n0 z-Jz&kM$Q^lvZ^b-G2v$MTM+?~PY8(Mr<`Bs3+B#FpMTB5D`1&d{PYOFduW1!-;{Ac z%OIP{pnpZNJF6ej$v!emM$ZOXbXLHBz&MZa|a5v!4WKN&yb2v#a7q)&W>QmTh^B?W5SQbNLd`Dy80XN1 z*3icJ%sojnhteFY3Mgmqg}(9_IK8UZd_CaW*pl`|!Udu9A=zKDMO~mUqY@#c&k`zT zZH>uY=A+=J&{jc45}I_oP$Q@1DZ0~L*0jO8tLJ}`7g}vBQ~+zYl()c(}=^tFq#F?htu5|vV4XLWWSQZmT#efiYn z8r@f67Jhdb$J6DJZcPOc^YfPcYktk`?X4->vQ<}PI(;-D!&o9gG4Jh=Lc@P@ZjB?H zUeSw0r!&R`bhY&TvpGjO|A;Le|9n@;ULkHck#=FPLq;L>2rWd5%T!gK4*sQy#IC{E0;;)bKT>cHh8*2M49V7&8bPoH$rKaZ{_y% z%BjkgT3uka)4u(oR%S_4z}I%n)BRxp=EslNegR(+p=Q>#cLmpJ4#=L zh|77*q83Hc7Y1WI{WDe{x=D-BvTvm@99EmyG&3I~HnK2kS?ce~{o1!&y0Nn~97EpP zcK%Bn(Iiu4vSY5|c3dRcrB+A%wKO+Azk9EAS|=qx_DFKlcHCnhK65bB)PqYuu`H%k zoNy^v376t?Tp^LpkU_6Pt)@1oiR2W+3d@<^@ikHz@ye35hi=EMZs#z0Xi#as`mW;m z+`FbKJDlOzU_-N+bljzTWUFoOdkRlS{Ger6*Rzkfe%!Z0XwRlX5pksOf`KDd>|qU_ zRfS4XKi+r3cH&daI~GrV26!1s--;s(ilYBhO3rscygd1==EE7$kemWblR^_V)!Wfk zpX=DHoepZoG)Fjxe$xu16Yf41FVK?9Mn^GSY;rCCvx`Nm_Id8;c4ofY%qug8X6EDC z6yoJv1&6HUuP@6)YC7$^RggG9cF8yF!1c`|k}=Geqa{UY6z=%LH?GEM%mC-LCZG%f%T1hM>HsMDK$$Ctm1Cn zG6sc9!N7Y8xDIp;Cb?=n>CJE>|NWcDDN_Kdy}Wz^s)pr>MyMaEKX^X2ujP_;?Sg~( zD&(gv?^I-z; z{rVwn!hpFMNO7TxB74Mr%dt#{voA|E1iWV>$_>w3EOPkmrPr0@Of#!&W^`PS&tM$X zRAUaB);IFi)S>G+@iVdYGpD_kuV_?{;#V53fYLbci#(o;{o`l(fWD-?t2X=u0_u z-K84@s=2GV{q3+&6LGO`E@Gg+ zpIxf~9uWX=Gz<(S&;CNxm5@{cViO$28Uf42HjN_^m+1{5$5V#`91Kh_q%I*g-8nzg z0SF$~Dn6EBVP<9qwh~)bASwhgW16eBJ#eD~D>-Jrf4?Z7l|b|@iPkEzkThc3B8&9U z=WwkUz)WgEo8EZUY|`e6baokIXC7`gw%OU)BiPyij>8()miA4ngM$NsOx4nA#nX4? zOfHPqEC8$oHQ8;$l67)2x@njT@+vk~R&OKiw;8-s)Y9ym_x|~@ z>?ewkN=|muxOVN@<-1?wT1H0FSST89bI~&PWaXsRCj?Ml=&Na8l?szENSo!{V{aoJ zS-!wK)4@RJ;FxgHF}0Ia-_(GPv00yEFrMl9(3`L@5=V(h-II(;>#gDBW|uzs$GNUq z@MdYB-M5F;t>m*vbkA28-o!r*PCoh7JVcz|=b2(t%g;3J0Oth@^AvXpS_OjY6>`G8 z>cI`&u84Ih%VN5mCY{=+GA~P9FV7wbB}r*Eh$em{&C5hj-kjh?nMc#&_$RwrCd0!k zvF_y2<|?ih z+BZWE>ax2`0)>nD?DJw-Zz$Ml#z<^bMv>c$!moR{|476QLr*}< zad7|X`qW@JS=ZOsi{kq3tA6b05IKDKX=UZ$n>X~*OjEJ1Z?o**pfrjMq}JPK%*v`1 z_MXF->ONFC->FBky5c+TX^%pOX~xR#f5 zzq?`A1|}Srws?3zCFRbYpHLcZ{h;G9g2B|xY>?n>?>*E+CD5OvOb`&b0Zva-Q&rst ztI**(hWiIPYPgWb9ohucf}KaQ%Cpbod>?kC+#MUU6VL%?we!i7mWF2Ml%Gh8sFRo6 zbb$<$r=rwSZ5`tb9FYb8Bz?77=^ic?NK5SBzqYc%NMJu5<8b!GzDkCK?1H`9+6vkq zv^?3AG~x}3-l4QN6OqP(!DP2+THdBK8^O;%GBWb!O~O02F6NFYt37=>9sIdxO6jwk zwQEJ+iRdyjA7e5~s92B+uDdEARlq)2Xmv=-JR-%P+Io&D(vhW$eL1Y&Iz3-M&ZS+S zR^LCSC13ivJjU#4vUYxYgFT;#JOZr9bzjd`3jEY-mQpxdu)t(l^~e0|j}yaU8d_7s zZeDvjE5xZQik%NhDmz>Jt@e~ZiDYkSX?bMs&%NyIW2D0#wYYKy8%J7h(_e1Oo1NsS zB@Numm*`4+)z>#gutdD?pP98aO_Z~Imis9rq%lAJD{pv@kskILkgPn@8LQ=z`mCof za*f90Pfd+nv@a7E-%FO@T(cd&@87@Y;I6%VDrr=1^H?%sO0lH4SgB@JH4)mfw)gL! z1L+^$j){rM&dvs#y8Gj@(ri*pN=x8y>%Almcc|qFxhkWKvsG>ClAk!xxT$> z4550S6 z>xHE&F0T{UfBjO1eiY&psJlQxpF}o=Jd2=XJaE8-%Bj}=BMcs8mL<5bxJ_VK&q4m@ z&vSYW?;IBf7lTX2nNXZTwA|Z&q8dC`j`FpGXI^D{{OvnDa18P^DBqu7`Y$Y#%)kS8 z$6bVbboCg&jj0A+<6+*9V2RDb(q|$t#4GY1NEg+PilzToy}U zj=TEemv(*f#0|n|Nj0h2uR{lmPbDXoh~8TP*A>od|m+oS!cpN zv^nSgq7gai>AAEx@-VjB*Vh-!;7MFE5Qfl>{0Cn6be(rgVeYO$&l{c zQ7iS}=|JQ<3UNkdMGO9AII=tQX1HIyo7FucW)$JUNw-lS2^lLRN_8avuI?E9)z$ zIiS&~sHxpSG{azkz`24rK=%SRU-|%^wzJ%{yHJuF@uM4-ry9uqextra9!ikf!IOc0 zS86@-`SaiS3dEju@MzHQlQ&cL`cSP)rFr-}OwlL~iECi&9$J?4qbmy#)zs7kdxyAs zX15>Y96>*D>C(aD8m=SIWH-UZ4>9cOYgfGVlP6Cg5(cx{a*GQ`2CX+PAQT*H40Fq= zlVYZ!>xD&#Lai87>9JS%Yvhn)!wK!aW&BCQEI^V()1b5zF+-GA`Q#8rH&;xbG@BIbU^?6qKG~m?1S1TYrK<1>Sr^jI6 z0mBhqOMPpl?KI3J<2BtK9YqKa!ZrZHYBZ!Mtb$s`QjU0h_So3z%qXk>aLy4h&+)51 zKKH_wQi28QxSACJVN;1L!zQl&5VOY z?mS2?cvDD78(3o_opB6$qViKOejdp`WuRgACpbFQ~S-B zocQ;B?CMnYoT}0(kYOoltrL{v^3-^k6)^gLT7c%n>;qF1_8Js-))@`RJtJE8r%nBl zyWW=JXv6!XILg)LA=?rwox?l{ome^7(3P;q9(8O<5uS-$Px*aQ*cr2GoGeF#RG9t} z|9Ty8BG!3Y!Op3j)63zu2TsRztggfR4n#|jO2ez<7ZV+*^$Zm$KR+LwwyCM<6GSJX z_R#5iol0%0A*eub9FR-vFlD0GC>ZI$iNU&ze`^aV_wT>D_z{*GOgDK-R~84OVH|l0 z#ivQO!YYO=Z?gx?@S7oo9})yYfq{R~6e2U5kRKEm=Vzwnp;0iF{%>UD3T_j!5mv#y z>Tm|Ro&j$nBE`bO0x@Wbkrh%`XnSGwsY5EkGZ}fsypWKGg?-l-t(|T|RERhH4-2*y zQ7Io*yb6TWR?7Ct(x(?sp}54IhJY^A=OXkicyVY{ey^@VV7`KC3!$~}Q?7Qf{K)a| zO3iVSwy`=ck`V!mD}ul#Z~nQq<~dZ*fjs#q{MD;h$TVZPbkI-1A4gDzWxdh6bq@7e zAHk4$)Qgv!I|yzCRNpf%ufB1Tk@i$5+wXH4$`z!n5bRih`zn#`iogFRrZjo4i6t_- zkTl5fQW%}b8ygz#W4$2)>GX@s~bZpj;Iwudc4* zj6m}98E<3{pV}wfr}_Ewf9uC_j}eZa&+TPm^1*e$8B8kvhsG98qOjm{NDI)wQyrid zKzTcbaS&22W1??pIEkY};J`r*J9=^450PSE20aV-bb{vsNzsf|L|*=GaR+Vyk6MsF zv{8jF7ziLn*g=VG@9eZt#POXEQ?WC&CZnW0>OSlW(Gw*Dub+>PV#rQIhx1+~zj??c zAhbnn2@|ZZ1t%;!=2{JT4=)2 zsN=N2v4h*1iI4sd`$`AytM)#A5?26m<;Y1WoG^Fd(vfN zL&J=tUiZ6Q1y9P4Q%(wbU7avOZN@;6efZp-8$#IeLa=+`8li6QWo4~_lpir~|9BLk z>*Q#rZH<^juYmtkMT8W)W0gpG%M+uV>ySJl5I=f8L+W|#(5NIKv4B>1MD9BZG&)Zd z8wnzUTUBj)&9c6KU?5k)#~JF!!VgKk1S_vvkX^Zz#20K;RX>&~SB8*9fU#)RT>1|- z48+z-3BEXC{=2Dv`-ZZPKE zVdLYNuYeH1R0yy~NJ{D(y1$3!4+wpSwN;d90LlL#7n=$P6Ap56a-4xv@TAxZYuIYV zKs7b)Des&09|S^3TKl-U8<2Bg{6wXb_jorC4+N535EdS_xM^BhKR*3(12r-~W%KVN z^av0?+Es?CYn`Iv*fE&{{&My#u)CjRNS=nq#?XSjBkca0X^+M1X7UzeJ*pzBF6t!x z@uja{#ptH@RhqJCMMOkU3E)JKT>1=&Jhb)nd-fzIC4J>$8W4PrD{hjbR123OYWyM; zTsk`Kc(2rxRHuod&Szz3zX}|UAXzlN>xsU?-rhbiQ0ZrPPfx)oTvhRiIvC6rVi9u^ zaX9KORd#449UOS=;xG%`m9jM*$?2}MJe+YQf><~I)g7};)JjwaJb?^!~HUD z=L|kI48MJfVk8$=CtPQxn^j@~w-nPm&HY&KW=vJ^FM( znUl;{E;XvavDCnWEcIrJ$0vqkE|2n4!wbYQIw=7|L2#f`nS@0O&ZiqtvdNuyZ(w6* zpQyhgB`oYZ`RYau{bOKT1gAncZpY1zptbqro|!wSFZ>D$=>`h2tixA;k6pd`EGdb> zo2_-xp~2sLd{&Zk#*d1nY!({;rL0OBd3fHO6crL`bFPB(pbFs!86a9%V`F2X3Y`c| zL)h?egJqoCVV*^;N=``$H~o5Ge*}NDpS88`<;&GipR%y9ETDb{z-*HH5^)=TVcg9M zH_@5suDP>|3mO{0lVT)x_(;m$cw!CBtW6UHyzt-z`uiK$w7z@yj^NP7AxGr{{&XIA zG74Q`R2cj&G=Vx)(}Rya;K@d_b^@UbO*0cOZ}7L#1Jn_Uv(&d(995~2n5#RS;fBIM z7`*z8T5zJsj2319RtEWl2Y&#}06e7%BOwNfBPO`6xvAPXb?{=``q_iI%N6!+tXypK za<<$@{Wu9l=p%+YRJOYZPutgC3t%URO0iY?B-#kRqnEOa-GO!4!cRGcO>|`zi4+A2`mluXH`){bwJc(eC?oDwvICczs@L&usQ3F&uHRYIi!bFrX zceC%elg1obSt%``V_`9jqbgZ;tlyBaH`2cCTm#w~B!NdZk2CMxyZ7+n1-Kp=qk3kJ z(Fn}5@~0B}F}>H$7M003hI7HH74&zZ#I-JB5$f3*`^T6*f{~MvQ!?+~eTH+4MCcy) zg=)zof`Y9tN@OWK-M7a``cv~!k9_}?a=m{XMzP%lTVU zJw>&KF>N2Q{uHzIwKlCipQOdoN5uw<=kK22@)T9|j_TwdYcX%};iae2F|eNc9{-f5 z`w!R6;~N+}hclg&WAn+*7xlce@H z1{SoHDf9;c%2d}mO}KgeB|P+=e)xp5fG*n>y#uT-<-u}d(G6Pq#u^3wk%sDex0y*< zE@bNUG9N!a0E^!fJoD}4D-kiV3zC3dSq|BK ziE<6_v!dZ=4;p9e-8z|d!}U+8P?dg*KC@LcICP(?b zr#xZQ_|lbJR#t|oE^owJODn8L>-vR_o9t}Q!jqmnt*%Djhd<|6%iXz%-^9n$J$YjF zUo^E6sg*ujm^W@OQIe5TgZ#*Ry^x}R;f{1!=U(Nw6HfKqwQNKAr$RFFE&-Uqz=pE| zreG0fC3FW;C#r?5uH^Gp>dzCCbSX*r4V-1p^e~jWN^$r~0%Pm{?9VAKhZaB8)zzVc z_74bvJ>M6NF~L1xU@(}zee3Cw>~k{)#$(|E-iI45u+C*g)@4dRm+0Gy4vBR7R+^BL zBJP)NU8*nBA(VP}qm0_^x90jq&s_f2SmML^2epp2|Eg*^%3PoqL`BV0^rF7LpvLtO zsb0Imv#QPGnZ++&ypX6@-@E?ERU~yhg26xDBbI)K$0)7nSI0n(G6xfrrqJEbt$BI; z*RK7>K|ufcN*;%1T~NsN2&FGYs%Q(B<1cwrAt!-s-`!cC0x2vK(W2%*g03 z+A6|SkJ&VVQ$|o#^#*2T&S0VkVT!ag`lEKyrSCs}JUL&u?sW%DNEvQC((JEazg}W2 zl~J(q_Fh5q1twF8VvG|oq?bMOtFOQRRq(b_@^*-h&13s@U|J2pBhchx8O|5JzBdvf zX4y_$I}QY6PfpG@u$#}Oj*gC)htQnp?h=4Ctr!Ft8jYOR9z&_mXxq?itc;0KCGtn` z+rI=hw#D>hJ(3Y&TLxkS$rJ%eN0I9?MKML=sn3Ri%C{9yhbR>?NNCGrpN) z<~d_n9^e?k(Og>cbf%Qxi|q_GJwjn^@jq`Q<`;C%r~&QBK-4lXU%W{E+u|dmMd^w= zuhR?=8qS9Mvd`@wvo@Q#w2+rdJUP>JADl(LHf2lQLBYEQIQ_A&n6)}&kf2GBsJ!9m1CJ}oVMKU=QB^!?XgO5k=^&pz3sk{hw5cplC7CPzH1fI zrmTNHraw?R-kf_R>kW#kR@TFEE>>16J3IgH<3|>a@`aW$0OQp72L?{Oymm-R>Q>f@ z{~5Aix{PBH9mIj=JmI0ab#vX76?wQC$& zuu@R9+1UK8$3h3779EOK_V$cVU_(c%4>K&BHe4>nGBq?bGz6#-ntU`?iBIFRZCEC1C3*6Le@ z=#mj8Elq%nuqzn2#m?i%WML7Jvltr6%efl$vwwc+=yu#Tou+M9H%GsLv!e`PrJ*03FohPr$n{ zE+g}UA2YLF$C!|VQ4gdRM(ga1jJ?dv!&sn6%_0h`K?O=XSXC4v69a>l-@h@SKOX#j zGZ!NP`ffnp$oL>eZ2)Uw^4oxZpO3Gi`hlxNkGNK7U_d|ux1y|yN)WCiGJ7!23nqS$ zoPk@LKAW;{JrSn97zhX{|NBQ<0`APh%nbhy@oQ_&A({_+`I~bh>;W1RfZ_@VRg)-jCZLu0zdhL*?h$0ODXJd1cP;&>qA?86M*1hWsC_7`<^ za(Lha05jYm0ziua2qv!kKylFpEiEn8)hS$h%(8L2$}H(6{Vb)Iq*3R+9lblGwWEG1 ze3aZ%Zo;REqz9ybdag)Gq9gNDtzJfh5~9s===yA-*n(z9MauRt7I!GQgK2WW)h&<_|j))nBW z&0=-FGHNZ*USOWsdVu8+9}9G8#~JA}pCXCk$`P7OU^Rq@!mS`+{-pcWwk4G=cJCHl zcxCVnz&5&4@HK!=)Et{bapgN+zrHnj5TXW<-EJUGfwm_!srj$u;dULcuQ4z&xd^lx z^LV_wprGK^_BND76fYEU2eaLM-~EqCm( zGY7U=rJB}wf?*f~K311hVMvDg1Y6Wjy|^r*{!&_0bPfx;lVW2fBp;%ixrYyoxFht} z$mKu-CT{#bz4aICF4oX{yqMkY`V-l}62m%>gUn45w65x`nR55@w+1vCBfXsXz0G)PVyDDsjzHp|`>=N0y~FvlG!T>(@xi&k{R%vlfjjC$aE~ zs9&&73U99B(2!ndjdQI|>g)eC-9+NGDx_AI`F!EkqCb;?LjMOMqk^r>A7S3eX=p~U7z+I>0pK4s z-@^sS9Vy4z*_n`F3UsKSe%K-u@8t)-DPZ-13oxr>4^m5-yak{%f&zgA2csY= zL2_^MhzCq;K(a${13`4*csF7K>rbDk^Kn713%CJ(Q^Dv6P>jCcO5RNTHs<=+uzj)q z>nI}M-PSEQSS_-Zsmb`DLqmF6TJ5<3-e|Sjee#~AfbM}lq4mW}ssgHekUNT2;|#V{ z;ayz8zp1P5;wGb?Jt$h>ZeT!lks@sHM8qBz<)M*Doz&3K(58C2UD}_@R0ldHjJ0P- zgO7%$R9~@E8JUQVD*2kCaDVojzsXzgNBctBsW|HH%+W+?@0}O3YPwCH^5u_qG~1#~ zLf582Hv60W_T680q^ZAX4iL$TagUt(x^ z`M0YTy`<5|jrxm$`^5uu%5QZFhR|G9kh8u^){r`ABLB`tTrzT(z5Z(9Ig|aa;%7+? znDP+&7fO@z*{3tO-PYh%cgnu~#@yN(jJ-rKS=7N!?Ms)Qz~!^K&*bO=v!UB?_~wPb zLsR0^e}{^_n4}lPf_^P)xg?KvKj2<3;9+ifQJS;BR+FYfr8&LYnaGoslJa1&iWws? zpokkQQ<}O-4mWv<;WkKBr;xsuJM6b;{{XcMWg!=1O zFu9z9AZ+~AuZ$uO18RuM(UPqSf>X6u=jqpooi)!F-Z9}vweFD$2*{j?@`%4|W@jeY z%~iCpMHzDFS_K7-rgK?yTq9|1rT+EEz#ty8GlPj?x)iNnq}CoU0e1(>XAC$8*{0(3 z%Q>t_1mlQ&``E6k)l)u&LbghEEAp?CM8w# z%|e040}LV&nV2O8WkUCdCOMi7rhU3e{o{P5DY<|_w8`(GIZjjQ_=5RSjWxA#_VpRF z^ycV-<>O?d5eL5<2u~#oFKwD~((Bo$Ovn1nUE{6h3$i**XSV7GoNWIY#_$Tr5$T$e zFi1Mum`tvQj#k<~_S0Z#A(z46At=_E{|LgPfwJ$PJF>*P-EBleV|)iDI2s z%(}a`Pno9@yx4PdK+t}GBa@Qq{rK@Eay|~J;DBzqT9kNWvYCQX>W=-oP}^#xQLZE} zvB|^v=yTzVmaLH~Bt!B3v}gX9@hf={OQi(5*7S*~w-4$CZ(XA9^Y$+hp_|F+)*9FZ;@-Zvxb)2_e6n3CEs67}& z2=Fe5WlRfY~w66WR(|=`j%}nppSBi#6$5E*tQg1$zg%Vwv9@BNn>XOTm zO&({wH0N!8r<7;ktrNNjl|ym4whlC01f8>1`N{C#)4`$0{deV#2obUTyx5ZtV_A8#G7%N{WQDr{sTxD0PO{_#NR3GzZ#$lM|);nFs1BVVJ z4bt)Sz5e!azJ-e@ZAF08D?eGL^3NO*m%PqVW^uU%85Q@>_YKv{xa4@9xT-&tm1o|$ zBa3DYQKze;gAswS3=r5VAh3b1uDs`=$BM3y2-pWLZ24-Z+vFXm)-3oPO9Ama)(Lvb zzct5}6WHQH6h5;Jw7t>ei^g&;r( z3ak*DDAPY@*h*qop2uqUk=-!dHKJzKGxIqmNEZ_qen4W@<*teJN z`|il5HWySix866^;F=;DW=toOAbxbX{9xo?>eqwq3YzTwGKI0-KW=Ab-CD31{!Mf> zm6|R_OFbxDT#BFBLd8n5K5zR{<%Qe!t*>rOiRDw~G1pfYUKV_H&tsV};mr-#zsUyp zC{{)tW@9&{<9H`x-wBU#jFA!R=Y9U~(7NJCF&4~cS5~`Q?YB%_!`ZoEV=BdB09IfZt@5g44(CV zUSeV1-~8yyV_oeWC63&~)3#wrD~sAs^L*Jv&&%}d{H&m8bEr(<8a^gjPIcn&kUAN?2&)K6sZ0ALcFNX z_qqlBN|wJwhWUY;dpdK1QYaAK9(KcRw@x-H7$_LjJ^%XKL>7`%ks# z9hsG*)A9;^4?Pi6@wXX~^H3*FQ}Gqo8ooi|h2et9VTnc2t`pPOt3U^kG_K+ga>Jo)hY zbX#2VfcjQuh23WJPKYqt>l?e>d2^++)N8iyUY^H{L#QUaTz9pZ3j* z8Y7AmkrMk-cxp(LQrQCkPYa+xmv4E984>`x8Dc;3EycX7?o92#d!wVxf>t}=9U8Gy z7;}N|Tps{RtQLf9@$^%-gw7={Zf+vVJpc5%n?wph5gW6;XF0Aa&^6y|WfVJmRyG3? zR3N=W{bpW_ksp@i{_87W%$H@m`l`A$arbbQ8M)ST<^qd%3(S$RmoMvxJMou`#wfj7 zC$1xVkslE@9o(s*73`kgo5az)|w zj%^2)htkt;_2*QW_wQ`x6lgH(YqbVvbeQ+M+`W6Q zU~JzF{||-s=apn0j8%LUUj;3Lw%o$f(ohE5%|6(jU_NiTWu5USsfnq6vN(64lTGoo z%O3JYS(%W4K(bD%@ll<_6(2n3>Mh^KvbP_>I!YnieGy~DTHqdEzkTZqm0i=$U#Z3_ z3`C`2om+$MISG62^c;_4xxc=4Fs0E_{nJ-Ay=Td{yQ%5P*|DxX{D2j%%kSFJ>w&7NN_nFi{xJrRZpO=qA17n*ym;{l{v18ZC+!$29;cMk-`7XS z>JDBjBQlcw%aXOXx>g>u&f_>0ml&NpKP?+{2h3v{lnrQ3*%h7t9bFY_^6W6jS)C&X zS6Hb2Q(#`*`giUbfVr3u`+(6uGb=0Jj=j6Ir>}q7`S*RmC2H3%bX{yf&VR40pHQFX z3zZ$6e6}8yzz2OUZ+4zcSa@rHC_tXhQGGVH#E!QMj2&ol?(i6f+#uEe(QBpOK=wBvb%KKz^9ot%N6V+*Jz z%xlE*ZaK$8bJ|@^7jpK5O_>!}0tIuT_KkgT@%oAr~Ev0-(Oz$F{W zG^&7>ozkPnK8W0Yz;9Y$u>VDTUQjld5Jk-3;sBrX?#;)5IdRxOq`s4W@1Fka9q1lF>}o8W$QvL$aCPxv1yIWR`uae8 z5U7VPU%h(wEH*JItEe;-7V1>IXW)`M4+N1w?1IbZF2g4S;zHO7$HJ1rptcE7Tpk3_ z($a&Sopb2ZN!6tt@7=w77rpuV+M3+q!@b?zihlEEK$`dWK701;|H}j|%dCouiZIjR z!ZGTu;+b4GJ-e`U(=nbPBZj6?JBrRJUbE*FS}ZdkJT*n1UneI!8;DT@5DkbS+pa@g zsGVk13x%yF<9!H`z}ar#3(uZyVD~IuIg}c32q;?_5S5{!M78$Yc+jAgt?dQ5OmsMZ z|Nf;3GqbbXgw93#Eb~pu>0LZ!$>;LruuIaNiO^U7_@sE^E)Ne65K7uY3?DS~^pV`Z z{qkqdl`A{7|J4)W-XYhF34Zg)azfPVnt4l-nw%q>h4*oZPML`Nwwz>~0;^p__T}Ws z*&3_|SPu(aqPTVVaNpmX#o|MQ6FqeoSXGVZ*8{Pk#h;2ki71BXcE|jbYvEu)`I*#N zqO9|h^sy!LIt4c=_MH1br7@M~$Sxh!^63*d12ZI}fKYFId;A>m@$}4$#i>&bUXyD3 z_GQ60@Ed^Mqen|noS9LKVPZlk64rQK-@s|W#fQ`@XeL&yG+_bKAFT2rC~*O5&kf|N z1LqkZAID&rk(D)o{rcebfTKPvEv3Q-_hSI?wt*&TuM4E4E5E^4L9mAX&>>iEmj4m2 zjAvPaop}BIZfYu-*%H1EG1QOu6_Y@#LT_N>WodP_MVVD*Mur4^uTsk*>M~)`8{n&l z<>mZO6}QM*(jdMAaeoSL`QgKdE-o(E$SKTwUJyL65OC!KxYufj|mwHmAcBx+cFdkC#sw~2oLv!rVy%HLd95_ZbK{(q^S6n zdtHDU(7G()AEmP~QejCc)Z)7kHA2-yDgSY{1K2U)X{QeO$(b4F&avfK>Q2JrC#tKf z32z3VA~+TxWg)l#UC;TRhdBOwDcu%QlcLNUL_R#mr)0eMzka%3T#n&~zAr7|Xx~~} zgAro|jsfVSiv$J^0SdB|`?MJd|7FJAnP&&*0gUTJU} z2>S=nFjp>Lj!R0il}sZ%X9;LH=mcy}wsvs%F*k<;dld?{%uKF%3tW0IiRR`*xYW}{ zz(D~XQce+_xCAxT#!3ZGzmIRtP01EDJvgxF@f3d|kek|`EE&SG(Xo}eK=aTglv zJCB)|5MW7M80>LM!ao7AzzQ>H9D|U-LB;p<^cWc#>6p{e&|oLI$E8ac_Qg}pEgz16 z?mzG4rH*}2&dvpCY1T0N;93)1Vr&E`J2y9n^>4sJW0H~vdV4RpyAw33IJuHiQh)*A z_&R;+6s87x2XOgwBM;QuwU?}Wl^~=yYK;l4TMj_P28Jiv+z(Id8 zkN?Q3m=$kK)Q>(Y8=W7r43QC4De1n%yt>y#eD^)+qR&}#B-NmCV)tXKzSa}fshk|4 z$F*Rz&_cb+;t=(K<;5~<{nc3Eqm(y<1kK;woR&7HB@frt7Cz;5;es-hJckZd;Avl= znsDzyJ3*SX3JM+SRHU$#7mpvCJhnk8+y-6^AP%k>zL2e|qM}*s&kF)0f(r(HiN3!6 znZ`itA`8fdhuYeNkT7Lsf8u47axOuQgf-&o*M4AH%WiDk29pDw(>^XPgvvQ5CmAp@ zn2kHy+fnf5{gm)_@PfGIt%+mEY_+xPxXH}S%zba(a2&9=I(ae+JGc#pA$i2bOf@A@^SU*RS+uxJMRd)gW3nRzCC;I zO#gk=lV{GThwN;j0X)?deERMz*dSD}7f+u2K!(Op2G>jFvuFL?-He zobWo4=la61NGT&1BO^SLH;|_u4FwH*$F)0jCzKfD3p-z1-Z~NDpY?m4!qI zZb~#z=()C6rnNO0!3#Zl^a#^1GYbo;ErE*0`(4=p=?U|N8J>c+9tf@s%@^cJo!CAb z)zlOc5TK}9n~EHkmIki5{q<|wu&L$c5M*H_NvtLnR#rZVM?5MkFXP!G=Qn{zPw`+k zV{gpq2Tz_L&s=d_b-#G=zv{DibPWMpT-iYP0^-aIDG_?NyldzSaGO(v4N>OG9zFW> z?BYJ|RY;m&!Kejy7QyLAbH{<1?xLP=p+yS2> z@mh-kyp&`IHMAF#!pKtT8XpfS=+@fQrHlNy7D+uy{^Vfm5wC~|>C|I_yw~e)2wO~> z-aXqFn89>e;1BD_r4NY}bRREstEGa2TrdbDFj^}fn zM~x>atSAXb8j29UXkU&VJ*uCpt5fRT0#}ffl$1Io$b-gb-Q2?JPcxDoI&=ucHBt(x z+DoXX_4Qxl4C7b+`uP(={!_NL&td$YcfEXB_MlbyrKP?JJjFnR!PVKh8Z=t-gZL^` z0kn7OtL-cj5)wdlhQ6(Xp$=!lT1h%CIdN%eZ={Zu+gRADCC~xd6|$~>|NiAdcUe=z z+Fze4CWh`nOia6M6RIA|HNDS)0vufKkr*GPiLm}D#^_dxLd#>v?6=QsadYp{=fu6sA%Z? zRH1QJbTs8j76Rtx(VyarxI3<4ebW8OKL1g;JSr?Ct2sjA zb1Ui_cuI^-YXtT6=%~#UuQ^aEN9%|J?mNP#n}YuXmD$olyw1pc+^efjl3f2kxEIaL zh;)!1E32wtKjL4xR%Ed-J4-H2Dxp6Is_emFsIAyE>@vl1Qxo_8_=zzFktB^ z{=m)9H!0h=_H@(?~flpe*5+fw@4|T)Jc;*ia4Aoyz;sr!|b;{RUiHE5r+Ii1MZr# zZPt4-1tR`OxacK*ro?zL(m#nXY_X2uiYYD@-6T3$fr%i`6&ZI)C*oaYEb;<+5KM%Q zXdBVapmLnJ+ak`8en?1&RGa+d$&*)9XJwTje0EUVWw<||wSNJqRiaq&)}VNA!XHH znVXpjODy-7sfmlDse9NO+oKVsGl)>8R?xRn||vSNt{pH)YtehOgUg)E}HxiT&vA&ZUoTiOplPA+uK!<^W4MzwS z2|P43{?wi67_a%MP*tqBM&7^2w$sr6FNcXg3@X!nFbw4N&C5YCui~mJxEn@pkXp9jFNf$UGk1A z&3rFIGgInCyUgNe&qkq>EwZ@DQqyJW_24WGOO2qbIoDi{)<^cwTBiqS^9NbN`i>l& z+7}VfEW+IK+8}|W+@V!-+Ea_v>q7FmU-#(Q>`9LAqu^*;BGS_B74nb0`HJSr&B&W& zCx~k_?-5}uj^wHOcli!;4vR+j+xaeOuF}oZGl}g)UURDU7oUjM42c;iZOb_JC}C`G zvh7dJu&Ia1e(9$Y`nmX%PF(%{tN?L6P5%aGAg} zhqikDc$2N!iMbP3Ln`3+z~lVT@U&x;Z*M0Hda=_>;T#rB+O|C0tuM%=n{@Kt_uTNk zJG#W||HXxT@;1nMeQbp4=f;ru=Xr)vHzT|oF&|;tg0;~X%S+A}li();%96Ch@LMZ0lKTbuN1=lLVew?MR5OO8OL>geu%;`C|y2^Bp~aWS!y zSFa{|dmlpg1=Wwog$u?;MuBLSAcDh^{s8Qa34Hgjv3BIon7;ZqLtaAB!ga$?z_UUS z+X@?ojq@OeQVa*LCRvVZ>)Cfs5Aiyau%1SWfi)KjbL{GP>AxyCMuuqoh&97lN3-@d9e@Jh z3N#t5ZEY7k2rP_?lhe%|r%m?rQ@X^GWEoP!rH|4Kg!wI~^U`p>+Aq3FXCp2QG=)?A zI7{PL{4de+v(^`oUUE^fXYtj@+lcu=D|bag+4@xH*St%5{ACS!zc@7|INgMC<{bsJ zX!tujIzk_s&X{MD*gD7-jO*-5lbxfvLrS-PJZ!p~EVXCKA}UTwb%0X9+nS{-n5&qE z0sY9$B9YalmGpA$x%EilALe8n{1jSg(sCX(t>U)HC%cLDojuIv*_4W?KW!T9l7Fx3 zJJNzy7>+DOSUbwf+|QmB;Yt>9ZjX3Q6}AE=Hfpg$oi{Nz4fe^0TON;P7|M};q0x37|JrxTY?%!>WPV2JwS58ln>!FyOJwdTc8Otggrs(0}5%yQ5^j$j# zuyf-(t}ZU&gM9gqUC$TpEZ5f8E8&%5gg5z~0qJ~`tFEr3^cO%1;(b8%cQ$6e+!svk zWZM+&WWv4vpLUMOwC&2Ye*ZbB5wiW6)~=-VwBDY{CVifpg~YC3+THyIHD8VX`KLb5 z_Wc)beQ$3s6zBjOa?;WwiJz}s)nr6Ze*~}}OjwS`p&zlfwWUl{@GlzT+>07@i6&C( z!BFbGdzOB>$}l3K!G?|wJ2;3Z@~o|`b#-+SB%`CFj(qL6lK=I7@)?_NWM17US}S<~ zJ?sonA2?hwXdg}MA4!*kW_GqP=svs_BYpPTa*j zf;N)yByH$e(G-N5_KuIkK9U;@BTqRohNvfy{9y<~&jhvhO6iN6y zAM0E0=<3%QC$V!!^V{8x$LHu?&xN@F3ERV?y!~70)VukB4GB4ELzM>)3@n0sqx7`1 zEz462#2l@{^MjfGiZWiv(SWV^MfW3mrQ556Edcyp_2P&`#f zE_{J>#W_?chD`jrX5Og4x_oV--JJ7 zbb+h0Ho7q_AX2B0;h?TkTAr{ri`a~@(bZ4sfsGTm80EB~EmXvNRT!;e2TxMMH+u9r zQmzaRJRpOqlG3T7Xx4_m^d#pwtu9=6=umOo#N>*%H_<+k+vj2DZGPoV8}7u!pkm-) zC$_S8EgAO~`eoSxc3KImyp-mHSZ*$S$&=@>Tm1fBLUwX@e{ucylcpwhXIWRKslLR? z(2=DkR;m9-(|3Sl-M0VRD|-_%vt=h#c2+_nip-2kNJ5f5ZzE9@vNzeOr$JV3d>O6$<6#rD6dWB9vhPLt}Ecwid3!ZJ=%cEw2F0-hKF1Gi(fi{eXU9eL#H| zfL_(oo>4)6Fy$XZRC;>4A`HyH`JUdyNzW@n5c43ACUB94bP}*!bnFlx^I;(G1TNK1 zP6~7s^$uam>(fX~049eXKbb&?kz)z;Nq?xEcsH)0=h-uP7_DGX1~DP%gx+kHj3mA1BEN zYii_lN^zYTc=3XAKaRk2;o&4Dr+@wm)|48SiaqQPG^@a&BQUfQL(B7I4j?dwuJ` zl?O(}`vMl|RQdyj{b!VO1zCrMf3YzZF89cKxDFS6<_nZGx*Y$Qnu6DAI;n{6hVo!e zp+fw(;qbQhW(WBNX0H2@j4y*2^6LZ*8r!RBM1-DAD9!CE6W*8Z?%TCY^q|TrF<_j( z@1nGa(;;PcEL~K$<9e=c*sjb)tBfc^f^5qAL$64OS|iz&nSr|{ykyooL=)O{VfHOL zszXXTLZU~$-Cf{&B`+t(X6*Ce|7!t+r?}?nF9HX4ulsWD%o$21ZuSKnp}@RJX2ZcM z%majG63YD>_gzLoX+D5FaBOIZoZ`*!Z~%^Xucv6#oO=PY1Oajb6lGz-tYG)ZX%`>g z4-6!(!y-T<3M3RHI>h9!acE+O)jD^*mWQ$;&($9?;e4RMS$ugO-6Dg%6m92G?rP8o@INwD6!^pH9~R&|v_&Ay_{ElLP<5pwA+y)_eEP zBg+l;W@PGA=H%FWdoKY-f~`S{oQomWv^47MSD3a@+wk|Yva%N6r|0HsU-=n`AsuYl znVAdA%Zyh0bSePhKEe2+yO1>Cx4=VyxR)Qk-JNiZLgJn<9dKTJY%r6dFbRTC4GH-H zo(tcl;Q8(LrZX_kMN0EoJD?n3)F(7Ju+d!tPzFY4VFA?9EI_V=I=|V%it)7qZO%_* zaXRZy*IoFJM2_}#Q?o2mkxBXaje3jZvL`&Emp`m=l<@0Cv^+acQxs1F8x^@Q=a=1y zHsUc`w^kXt66%L8Saj&q@f~tdo^TWCX-^*Fus9;a$e?X6W&54`ekuERC*`^`u!_Zr zf1t}IGE(wBisp&z)_kdR!Cm9Hh0fg45fA&g_9HsRZ6`X+6Unm}GPZVb8HYN(H0gV> zN4f5*A%iSu687MMwSE;+e1wTfqG>5eh|9=Xfb}fv#*MfiY!P&|wY8vIW*}U@@M`}( z6jRhWjL8_tR-%;407`@o1CR0!x+46NoRp*)9BGmL9Jm9BkM^Kw?c*2``V!K9|DXc9 zMa6h=9DV*lK{Wh&A3f|3K*X7qH3oj@|579$==~g67R$or!H|c346D zPa8ZKc$1wUumPf0R}T6DLlZ>ZMS_T|jEwNjG2lkOKu?pV1R+!q9M2K7?@z7`@Qjp= zEa{lnU{qFD*UeMmQy%`4|I*$(5j@R`Ch(ts=RYm}6{_K=fD;0JR})Pt1C9_~G>61p`e%#qfykol>F!n6XDc8M{CBbV6RCt z%YfvGJTzvd$}%MlTLBHqed)ma4WqQ8y9I5Qa|-t;F12-771-#Tik|bH8THvv2zKd$;DBIu8@c)gzm2S?>zl-$1z@+-K4u7(p~GwVoOt zjyh&b^`$k+i_DBqCis}+NlA*W{K9mK?mD8=rt?O6+n&^X9&z1J>qoH}p5ljESbO&s zt5KGu-``^Q4bPE1P379IXD;@g({xcPnt3n9J-;E^C^_2Oaum|Vd3t*}*>_E3WK5{* zPDiLj-7uiK%J5}{>XuOZ)q?N3CCr zGzXZS;*1L|L7UD0>`~j3u}!1l96>?<=P_T}ZJZpMdCZ;Kg_NQBc8Ci_`rPjKkmsUM*8oy=}kXBzyBIb0L;&P5F< zFsJ2FqG!2!)<{D~;6G!zLpEmQcBWm$yTs;sSsq${KbfcDcT%xpAkr%03hjZx*UAj~ zGcNo41a)>9yHWZpiLDx%aVzk~WO!Zcikz31+EhGP)qn2VVlriBOt@%N*EgBqN`svL zmUIqEm{6Q!Rj`;oMb^@wBK(ytp1ezU*M+VQhFB;saK%#WRy5UFcp!VSz3s2zTu~%v zXQfR>ZiSKE++Lz*93y`j%LG}0=JOuZMEQt^P906&5!AnNxrtlk15OB*2baat^72#n z0}P3Ab`h=#9~G0vz4kkEd1l)$)>@QbH>PUHFCU1{cTSY#trRzr$zo8~`1ubxPRh#4 zjYUOzeX{zU0a1}+KILI1eX`W_zw2WJ$V_C?RYV*=vVZgY>1Oe(?awK-$mW43f3;lW zu4=dIb&CYDzcc#Be=czbBZ9a1tvD);a(Gmx!`ps*Q)yJs%%r&Xli+@`PlF z!g{9pe~0cK`sTJSps6r4Sah~I1GqW*?cBUP5_Jf}4!DJ~@^Vm5EOI~B_fhbe8NKQ` zwd5!6Yg5+MbuoGu6$OWtc!c6*G{K}X_P9TaO9wa^kqJE4&a4UE-%dfSS3O_SzJs|a zX-BMtF`dTWD59uZktqVbJFgIu%M zhvWtA)4Dq44Xrh4sD(r&7j)_N`ZEb9Wre)`41nBNp}lRN$->gaH93Yac}%B1nPiA_ zz6s6$NWV8PF_E4qJ{WAGeVE2Hu$?a=O*gWNxFo`=EfP9%U3pU3PF2+P`o4s(M83D_ z)Fxfc3}S{?WFFd;TANHi68vC6c>?`QwL#ETU#)0bC^+tE7HBD zCV(^ona&grrN=cOC9XzT*=AsQVrkxt@NxZBA1t;CzPq^+~ zU8xzFWihNV7swKyqj?izX(XKI^F-=cid5S9^1$MIuzJScnLb8CH7@ORWTEc8aDcc| z_puLCa#jv13ahI&GS@jX31k{weu0mPM$G~pBDej2-D`K@W2(&%r)N4o8B(t+WgK{0 zuP}nWRYTBgtw;mKT7>*A?Q`B0i7qNSrfW~Lw{_-P=}X8MoHLUvw9`%I1R|x*T7ED5 z!Lk_VOVl`}<8$r5Tv=lpv4U~~#_`~r{m0Z2YzAGpMWmlwbRVwP_^OdO=(#M;Os*BJ zYW00M#6 zyyU{9zuSpSpW@Q*9&tK?(yBJ4eu-Y;pqHxG-I$hhE-r<()t^6oB2#t^EA86hJ+FXE z(ffU<%e)$l%Tcz4w%^zP^eSbVO6a&ynGnQPBXwtg8fXskMaK7bJ&N4#`|r@oK`NEs zM@CeM=>((L49cko?K`t-2oYr0f((|m)>$n`>5ZqHR7dgPK{To92U!PC?V+gUN(ya&Q0F`<;Vil$K znRBr>+pQ`j?#%L_XjpPwH5#o%_7CP}p22Aryhla#;0E+QNaKopy=Sz&i*CB>ei>)n z0fNx}pMad1nVB`dN>zR9XZUu~=91wM@9W;7v5Dbf_LF;wPJYjI<>=-e9tMAd0wVGZ z!mT!8v4TD9&^sniuWrgEG?yD26Q`go;=RT>v6CijR$G+2WIIm5D)N`3$QiPR3Ehm{ z@YsC>`W4vZd{fxq4tq(H(23m}8|l)D0h$KP66{(##Ny0?ch?Bi>nI5|(Oi|D8CuJA zQhuc!Gs&Z6^oonHwkPooxrE8^QsCledA~h6iwDIi$c$yyGD|dqG^HLaIRA^%Jjxma z76>vKppWf*q7xO7;he_~xBch;kAfm1@S~1I?=;Po=(vKUZ*6whe(e#JjI=)kU;vj`zI1 z9K_N#iEEb%8Lcxif3okR|CiJ1`i#Ny?;n*n=$iHPFu!}(-y`8){{?aUy$)3uhx6<& zg7fK*ks@qM@=~o@Y1fs#tT_J*^S*ib1KR|Zbt#f$DQuO%GW z8$~}VK_~uJw9#AOma~_fiVs7E*tHDi(6J`ZBLLv#n${5J3g{M*r5~YmD%CGIV@OP* zI^9;5Q@Fu!D(Mso;fWJ(fPoT!lJaE1)JU+m_yRxn^psqq*=yQ$WS4@v4C5h5tGSTd ztW!0Ju^ZHFMJvcf_ zRi~ZcK$fbb#LYT;T$YtA*P#{&6Z_Ec>|>7m)fze%dgJL0ol$cN4i;R|y=AGyn9~3T z9SXr-MLbY1QQr51-2=N%S;iqb}r*9l_kKonApM(_@%HEcdD-cNqebCF_weJd?qv>ec1jnPrO`KOs_i6cQI)93!^I9SidO$7G>3WO&`F8g4 z3-G_cC^}&@;_-XWB(neNhP((F$$x*f{xk1iEgx334AJ4MYiHU!S*tKa8BX6y)?K@k zeQTjz$V~e=5dSeMBI*?cDu8Z} zr}!+C@9OWx>0Q{9*7Zm!LeR~KY@5F5WBYFd&rQJfxST@k#Yz~jw%cRH*|AEiI@NOK zre0x1b+vxp^?pHL-Xkl~9~3p8D1Tci&FoQ9jxxZT66vVvPyRPJy^{ZbP~QJ*AnmN z_#Y<={7ht`KFIxyBXQHNBjq7$zO>&RnFUE@yE7u+BY-Ho@@2&O3D zFbGh*T~Fg2xXPhGpX(pF9o^YBC?x-lV2c+|9AUb@)44uaJz@&aNSP(%x(DC%iuZZG z9+%#hLG8$$REOQ7gxg)gJH*wA7WV{G3p4ktrQ3*}RyN5%pNvQ$98&J#dc`uDIpxi) z35|T?^k1}csslEDk$d;9vy2^sE1XLSx0BRO)qWn&wv(ug?qEDDZ+uBp^pl_Ip5mja z>+W6u886FdQU2ZGdFHqYge;x}-C6nKte9>7rFOX8?|9t1Eh zzuGCdNcKOQRbtvnGmv zvXSD1grm^RSh1^P{gk+vs`=YW;_T-FO9S@VW#fn4%$8horrYMK*9(6g9H0<8n_5LP z#8Y_xKA%?FM>Eck3}32dbbSt3bH#S4`6(ZaE3)Uf$4I9~wqM6Qn-hyvC?@&9FU5`>+<+f}`^CF-jo>#sc%Ql|oAf@v=VULGUv5fy=Mdnkw z{du8t{1wFTMLIgEqt-H6M17k59R*g)X}!^YY+_OB%nAj!+#+*1gtUW&)0@(VloI{V z&{^vjT4vwA9i3Vq&GRuXN{>)IzB)_xtRSwqYsZGp!H)doDSv-X)BJU$&{iZ9WEpPC zQXI0;;}uafve+@nVHCFdPwmYU=?AW9N|Zf}|J2&q+x)wXEmWec?IouM-|I`2M357y zh>oKo1#29x&&qYdrmypaF0q^{Ja|Bt7;OOPe1tdsVEEwK<4`U z<&bHJXl49@RvVcU)5udml;i1F`M{lF6<-7UkahE>{w@%2Eq=34aR}G}aewyg41W6;eT2x(*2}#4X@(Zr!As-D84i942;aoag9BI zmfZP=Au8^!3DF7WAQU3f4Wub(0{l@J z0sQp*H?8bMUVMjrLJjl_2q1uQj`)9NW%e7}pkK-?@<{l2p2f}ld{QnZ+G6Yguvd0Y zA@8GE4g`P5@xZpI_oTwO&#>VJ3{5E5VkM!25GNET2to&=KTg3th123b7qpBh_Q zu7J0P_y*;+xTpx}t`T0ad}kx$6FO=Io|ItMKf#$*E`Y`%978Dplq ze>~FBo4?#(pmfgWoeJ}%^!dd^o_+2rpNP6)5w5!L$$XCyh{ide16}UA%qg8*5xw{4 z;;O@5cKX70E4q{CX+uhMIA{o5{uyj4y4g|zEM7Txs48rYSgGo_I?TKuiJA8&ck5<8 zr;9V_lsl|LyRPp^@K)ttm9_h>eauVV@ZHPcM5FHL59$11e`{@#`0^X;lw{Z>4JQ6S z^8?&0WSLj%E&1GVh$Ht-Mp~LYxdel8pzeV092^QV$5ar`(^GlMW29fAmEUPYK~)&I8n!Dj<@_0wJfQA;l^} zr2}#M#NAT|p+q+_Yfnap$0K)~xU@una*>qMzDkUgdx1?EbmDbnu-1_t1@WpFzSwgrIx zC#*B@HV|(c7*H+W#GZVQvDVz&3J%S^0|UN@D1lTQS|O);XI-50I3;0)#+QeE*@X_? z&!{U<;6WGWPz#hTH6a1njWJuKQSvBI=wx6}ftYg(LLBIi(n|h*yw{UGdp<2zE-Wu? zDLBp9%Q7O)yy?ZMYc<>EKm9)Ki^PD3lOGQx#I>rgTea_

NJYbZLmE}Uh^t`XtG zu6=yog^pJte_+;(pF95R71*xeNMaV!=H0myg8a%MFT|S|Si#{ii@_Uk0zinEla-|g z6N!>rH7sFLpaVL+{e zzeC21e-9!a6=WTuG+-6O4dvuEL{K8Swc|ssh)=k459=2AbzpNm-e#o!yH@Wc_lRWFQnuc=i|Md=Pe6 zJ38h;7m6gK?d@%ni$z_16NhA*uHXIVUCxJ?rs|g~RanCnU3bxC@Y*eqouSMne;&rL zcEcC4ViH1GEu>)lGr=8_8WaHEpy(<<|T>PUiVj{B2d@fXLuzF)@ z#1k?&(7~h|yWh4*Z3Is{i*r>eNdh_N4)*h0SC0;Z}M|Xnqhd~VyE2Q{CSP5%wFQbB> z=73eKw5dWi7EWq(4zExzfVpGiKY=|FXDUhv{@I0<6;wDu4i4xB;2P3Iqlmw2c<2zW zrX;a&syn!|ca0vOHsXOX z11lqU3ixsni~ErI82_2qxcHbIk*^Wyd3SPmeia;;5_A zmqWYR^miwPJ#15bViX3%uxhSpjeu4~}rz`{AF>H?Zi#35=r(d22+RmJt*X|G_i` z2jkf14Jgf~!Fl43?>N$4v{yq5{}CVG<$rSH0jWkgk{=IB2(nYqspN-#0{F&j&eF>Z zZx#+KOd%l+&xz0|n5Ot%HTG$1=IXAbFG^9Lxfl!~g0xA(5{Asc=n3mKaLiB3%i1Wn zPmsok#}*}wC|Huh?(_osw-`oE;dUgjy#+78&Bax?gH5dE(x}fxjCLZKEJ2}0vmzQ; zRZT5cnFrDcq!VR$*jL)zxOwv~mIZv77*wEB3cCUHI=YVTK=EMufUQ@O zRwTvE$qBX&=1=~S>lC%nnUfhjUAJ-~!(P0CkBJ%wh74wwOpks0_e13#01rvHwg+-_x0|cgk9Om(Gen5 z1kggjfOU(VL9I*jVGb1@zdLbtwSyK;C#nB^MbJK_Exr=(>)xj9QJ1PG9$9bnVe?Rq z)GVL>wI!net+r&i^2gPRvW3)s(;dJ97nXg{t3oXP(H1Q!q|Z$=NilMiJol4gf7oeX zUuI*o1-9*iy%eSVpCrt1xZ%@o$oPK{mD6@scxLI1JJKd$Nm8|fjL3Sn5 z=Fl`DMjwqEy0aa*3$R=05?GAJl~#lF^k%mpX9Q_4k-_E~fA8EIntPuA-$o>RpO61ZoJDlZZPHLGF~kDcq>jw zYmq`{Yj5w390?m6Nd2I`vO}?Qa$;8d4^6#fk}D)|_!r=6g8&7EvD8uuorjBfJ+B+d zR|mXoZF(2UE2HR4X43=;mSkOoJOEZr6t2%7KYslBHBH+c<;Id-3~L!iv8OTg{q>HI z!+u}@87xB)KOHRJlXSVHhVO>l)RU_RW%3~cg@v1!o0}%Q8r2M~0rU7SB!6A=_<>6z z)z3@zk+l87Boq^{3E3op0Rw+yAPb z-ahekziN(IT+q?i-qe*#9dx&fy9~>uR~=+2OdfVIzKvWG7ukye*%o9$MyfTrNoy%h z2|PrNYlZV+z1mS^JhT~HSA^YNcb45?&Uv%F5qbqCADlSN4(DLD!ntaE_Me|o%w8zi zmAh$}_^Dh!jN!TAx+oosZkgUR6~3ME@Go%(na*af4In3An_GjZioKS^sYHVulW7zm-zzQCnjzxA;dqyK3~aU=lrs} zJxwN!=pl7&llCM5?cjQ&VmytmkeDg|3m0H+q#W2WSB}k9Qv~fy!Qn`XzSV`QDjDe9 z>~Fx9$m@nqo%RM3?@j-&tenkWZ7u?;^L1|1-a{{6)?$e^HnQ^^!(N3=6m>xN@+n8h zlrusa&Zv42RiORDtjD4;A9Q5Qoa1YYSJs)0*iE`TKSL!msFY`6hgK7gyWc$DSRiXw>CGx)#i~@ClRdt(|fkA!!a>!g_v`FUHcA2fNG#f51Y#nYgW1dhFV`IOduUF&MpN(R6x^FBVVk-Sv-(HlhSVTuDSa@AsO^vJn zzg3c@7?*(fm>A3aL43je47V>jKr*F{JB;@f2jm`^5q*F4%KHZ*@VU)|&kY9z4*z}O zzcn7^aYvu`@u5&)*jWfCkQ37_5wHNzwMga%>#@c_b~zLuu}l2nJ)Gb|!>}blK|J($ zQi3xc5?x@u=rPi8<1jOeE+7|>Cg@diVnAEK;dU0Omk`WA=!VHN4fXX%W!(ENc%CWr3Q9MbGsX#s zK5!+x#qcquO=z|M0z|~VML6C}c-yhapE*atLZ$Oe>#;F0lp=Sh4A<(c(brf7zDRqc+zx6X ztEds9a*mHis-p@rZNC)7`l%C>&lv75KOw$_9ioOKv%OtM(QRes$u4VZ{#x}(EAZ|a zrg#-Qi98C)XoS$-D0ai1tvQog-1%gZw)^An#4&?LM^Tbt8MSTFQ`5!(Vg_ z>g)DHrgJ~UJCvvc$=LUpPEJnJnUro!`{#$gc*+jIVr(gp_$t+tEyr#^S1>V(wn3#^ z`0pJ(h2v)YDP`DVX}XPa(R@$G$GI11ef6mKE>LPr0=98>CIX)#CCwsj07&cT__(R# zQgh1go8Qv+tKQL#CpD`_@|S04hsuxa5|;kHJNJyydX%W0HAR<8SoQEoVb{wG$60BZ zj*H$^j*-<>4$P(4b>UihFHf7V(W^7sBO7u2(yM&sAGKpVgg;n`#S)Jb$!k}y_rIcH z-}14R;>>m;PdIWjUMKe(mv(V{zNCHZ9$h|~SwYpqocVl;OxYIYotH)8InpWI6g@gA zt`5=$UePC`y`{JRUQANlyVHtc#!L)UqZfEI7ZXvO;50-crp8;!su3RudRoETU|~UB z>2<2_`qHpPl0T@@CngDMr_Gaxf>t>ZE*zxYen%60bg{o}{=z{`#tm z9;O0d4i-~y27^IeMMVKiq(ppFPL&>?TfqddZ&J>1y)(InVALt;mhR_`XVJFeqK0*f zT}r89wJPv)GW|e3KeUJMrl$$P@3$NPTcIU`d(017V@TYY_>`&I75uiL;X@A>@t9&q z-_91u%b;89hszi@LkJLIj@BR3PzTgh{3h~)Be!eE;h#N!{+&nD8TrS%zrcX+$mQr6 zUaK2I_37@J_g_5hxLc80#$v;|MVItzFPW`3$4^IXDWK7x;yQkzc~^FM%~#h zM6VOo#Hlw8)N5FhoGQ@o<7yj6@FV4eq5LC1Id!Y(H%hE4VQh4?y&Ka1JyKHb2RdoV zT)>S5mMXi>7YMp_U9c=4dDhc&BwKM7;xX73ane=}8P6urd#f~9i#QG%jWEqbzdiKo z%3;Dd{mGHRL9(8$4^2fTq z1HrZwiPe9cx0Ig#@iWsq!q3kSY6|uq@)+{=sFzYN8XanB%oOs^iRY(LPDPoPKBb0u zkW<{tOqXInsVzgv77WA36p+m|@(EgWn+5mp@1qhWUiK(zCtHxD(}Q{yK_s^v2%I8D zJClk;YucqutRZy8*$4qPvQhtYeU=1!3mtD1dC=$ab6A@ot01#hz*wU3+BX<>_l$A= zw})%!o+tfI#Cuv~rZTg>xU-_<@cd=2YmNVb-ey5vPJ!J4;RaZs%L<{@hW3k6xM)P_7iAWTN{&u-ylAGMHt;%q`UaBWVbnfnk}) zvqkYmBk`lsQ$tw}Kl(~FkMOWe6RU&SoRvp6_atT#+U+QnkFHuzD@)&}T<_ql0Y6=6 z*d zxm7dhzNI~; z_!h5@x@ezw(#fU&yFvXp6l`>oXoC89AVfklM zQ!WZL{1q$r0-go{SD2Ct&jWaN;57h*5t-dj+M|F+;f!c)X#qGjH91K|O%0l^r>jf2 z(~yb$002|;J9rTYl>Y`tg+px+?tfSs{j1tc?1r3%iz_gIz%ql$(Fplwxln5(18p$E zx;0MsXM;K+f{H`!BgL46hl5$$Us9ptBb8;k{_vW3A0GIgt3S*jjsZZ2DuX(?W9WnO zw=Jr#4N#in$C1iE^`Bc{X ze+8JVCz*u#U$;^fJ#apGDYoa(bYh#V)qK=t2B#zjNoxO}H`*9p_V=4tk3k1BXs4^X zi%372<|Rg>f4jZ*bips(ml9E2C6qxd-3ezM7KE;6AK~I=Icy=qcHTBeOYBofq0oY3 zk(6GeErUK}+7-7y{AH{T0yiniC*7RN^zXxtj_>J80hH8*e^~YDHOR-Wi~QH z`yQ2+N`RFpg_8vQ7siTVeRTgXnyDFVE(Te1M_@v z2?96E$ii~o%ZnG#B#sGG-;vS_lLwpjcQZnenHgxTQLkX)9J4niMk%As>^1$#UBYV| z>g;CX9)TTsM|b;*8jCT+OP8kaDd=~8C?h}rhW$y0km#8*8 zCu}@?K_Y~ETzp)ds04Z-Wq^huYah@f=YubX&TaJ%qFq`XRxpKqt%G(~b8|CtrF4ua zyC>oA#}OBeFewU(s_N=_WPG`~rQD!s6w0L#Hbj6&TexhnJ9nL#Nd{(4){gn$kHSrH z94a#&o_MQZ!tu;!7JRxOTv^%Jlpqmy>5PNzbjX7&`7Cw@z!ezsZGPzbJ7BbCa6~PY{kN|vJaoes$r(7mP&%VO{We4 zWdLUI(*p@+y>7HgU83!rhsvaIqIEgT&I$E@AMSKGSP@i}D9WG^r@w|IAfyT03Hgu% zAs#*)>jL3pA3A)nJGb#{5Shnfg^8e_Pl>dTBuEclcw$@4#Ke>bOC5s4NF_UgD6ivV zyc6>_RKYX>s+@n+SU5#79%gF#95pSX1m6`<*?Y-5VWO+UqwiaxOiFYQZCt+7Pm7#j;tvh?NC8c1r;EHUe8Jf+d?Gv?HM{3N;Bt|LfR-*bL_&Y*vSPtYF*ZYA~rPhz90<_j==%^Qf*re zBn4#;+JzB-Wbm-JI0yn)$I*so1G(mo&Ky2B{5Iz7G29{W4)8KQV_;Mi;|>3ta$O0d z)|lJzd+5+EYFgTZ7@vfy4q92&jg3XNKy1_VU2n|I=qP=Vh z|LJoY+B^}t3(aFna`M{xdM>^ZP&~|P29ts^gVe|goGcJL zq;mk;0tC=q!HeXi>YcuF{TfcC1MtJ)8t??hFbEm2#w<)tm6J@Ka`W(zW`dWOmRhj{ z>X_kg+k=W@i~l-}J^yRt^A@IHq3U55tad3sFe)FxKuUEDjbLO*$z)XlRbk$AJg|Ca zM93}fU@RYUUJ|Yt%J5F*R|@xZ%sU1jFsi!v7!fkv5!9km+gv6FWO;_-dxv9%zDax; zHl8tzl?rx@V54>2RUy~WBsaj3`g+k&gPgz_rQ<7m;U(2WDa0{rYyU=hwDE}gOsSh; zUL|K0Fl$UbHy6)Sz+gaB*iC34RmGwrl1$8)J7!pv}^lkC286j2U2%Ac976vWmp?3C$T zpFXmqcSqez4OL;eezksK>%?!+sNT;=e8ijEjC`5XHU>_(nW!^GY4bFA|6rdLi%L#)m$P@|IsU!E zy9v(Xo-FGE3$)YJgWM@Y^`WS7N+LVz_7ek$^t4AwgNwmz85$XhMnfTIxJ_pV*F)PniY&4Y$w~g45;E2n~QW= z-79&|74MccN>mb*Wbbl+=6_!iazXBN1Kr3;1!FRL-isz=)Hxq@S#y@YXx%ybHU8z_ zA9pqHy$OHvdMm8$^Zi#BEb^)xFKX(#e<)?ndCY#khaomv|X=S(P=Y|l+PlHog zYt1vdwv$#T*E_CT)w^gu9n`Xqy{dI-w;i2MB@I1m+Jf&t@pt>=7&04!w(U0TWZtGR zc<=^DN*V^T8zemD_Iz8(n$%-IM^aprvJr3US7G_&F8r| zF7F|{p4zD4d=g5e6SA#cB|3f{wgv1ynITkW-wvl|P@Vo{{w?RQ-l3iQqYI9g4Kr5# zV2(DJ)~Ac3ckW%T&XH?Tc=`4i-(M+9waeW6QiBiKPVeh?*JILP_@d1I(j?LEwCypI zQ;nJ5LnC#^hNZTuq?Yt{&AHE*zRj`_z9p*YX*8g-*8bU%y7Gs2anpLjqR=!kQL95O zxytZ+Pc6&%+0XCIS01Tve8_C93Fl@#e5fXo*67e4e+blm>sy ztu2Y_IJ7C_lON9%@0b)g{DA4_0`DQm;Oy>dBhPlJ7)3QTLkkh@sT)?WyDv=Cv_SjN z;q0syJj*KYbbjXc>xRRzP2mjXDHOg9ZpDh>_o?=`AJDgPKlSpb$t}9er9WDvx5a^??YU@&v5rh}$cwXv>>p3c?Y>U)(8+mEv8J=|CH zJD;{}oFP{^t95#NwG}n0rU68r^Lj7rqI~u|6}$N-LcTO%Ki4x)R?~v^ z&&{0`jHhi5Ypv_;`!p=0(dO-O@QH)L*)<)Dn$J`Q(aw66af~(aK zm~45^KgtM>h<3j#`D$--&xsi_FZF(9JKmd>zZT-hBkBBYs45@zg)LoXa*h>J{1kfT zq(@wxcHYguiiL_snG*c{*DrSyUiJM6Q8bd_d9Pc4HZy~&KVWk{_nb=JeTM!@XX$q` zRe2Mf5}wl(7r51$cuxlK*s1BLl*Tky&_y_Oof!^clHVOwbl6W$Q}yH7E0zUr1yq9q z+Fxl05~EsAJn8-HSzQpBT^ATK&}Z^0Z=pdc(Pt@zlg4t=s$yH%BwduDo~D3!H_7RW zTb;I%V(@n@J)bLzMSNa$Vf0yXHs5GjIvgztJ+cXRU$(NFJ-cA?t3Sa-nld%zj=it7 ziTH%CdhB&=`XltQony|vt1nf>FPCOA9;t3P_cil|jd+PrBm)Rm; z8hV6MmLqLMho9IO$?~S9o{AqeA*9#?7*to;YLVW4PNt zoVB}gT=793m3>srEWe3TUjTvMl~4Sx-o!VbS2eE)%p(;isoyT9eL5v^KsC);nlr%r z_7tUTp-oMjr=|JOO=8MuUEZ2C!b#5( z`ioOugnCt;AG1CD-|y_0XmA>;6~87LF-Omjk>ZnQe!bgz`!#&8Nu|HkTF$Gm(@+B5 zd(h2#$FO|(FkgGN=hoXx|9*cwIHQ_!OjanEO^vdbJn|w4I z7Zm*xPUVoRyr~kiyvvZL+OK=?zdEhec1lERkKXycAcgzC<)rtIsp!UxZ#k4Q zubZ7Ixt4c@(EInn4YF9yM$B&Rv?HLLDWM_J1y`!${utIe$y+@ZR*> z5@eB=^X3TgM44QQ55xis*%ro8dViGa1 z?)N*bd^X~~GfHPiDm`_Zyr1+?^Hbet#@t!^*#X}9-rj`D0CVTh?^~5-trWb94lfa^ zwaWGEzFzryIc@*uaiNcwx%ke#WHjQ`J}jvl^MG|(Hfqu0rqS@bH?2?$Hghi3eXh|d zwfO0$(fq)aav!6bNh&|O<=dwZ%L`U<*xk7}X6>_V%(t4fnI33Vy6@;&ugf6M@TDQp z*k)jN{2kX{UZJ!5f9-UNomKi2SJ&OsQ@fV3{MbgKcr80DZ97JT%NEWK zt~un$A6;^4YYmilj(d16+a>))vq;N&2h)$-v%wZ~&X$jg|5#deRG-h`HZGQb<}ky_ zF&)*Y*}$Fo>u640uX%;hphD$=qRy0$*20$;x5RhO=VaBb>&FcTeK&e+_28mYM*P4a z$LOP{*QDM>O~0wQ+s*r;M6g)0yXM0_mV9q2zoiEQQNoncZYli+k?%TsO1zZqZi z&inqia@ync@>q$E#J7My*v_OCfUtS*nf?$qv-i7fhx_!ycN=!s@M|Pk$Mk>CjNT&% zOs(dj%fv;>nMc$;D!(IdE;MKqKczU#EcQM5Yf{U3wH;Q%c>`xJE;WC7@VRdA@JEFN z<)~iZ+5J^Z;`JHsOg+i#{>DtB%p%9rnIAbv#91aYXo)kuPtBLQI9xrQuuObamZg2h zT&_p9K}5f_KhDi$Yv{;)qSN*MGWr*XIosBh->VC_@#>3cm~jGmei~Il$mT9QBQbY( zB&9Xx*sU@?=6Gp|>esirentH;+H|u|B81GQ)GoZ`pi;Vf{QFz$KK;m6L$WFIbJfDt z7yF#D#eVp=Ix9;ZynEp8GRKT~V&l@e%@9{tii&fKd}2tp|LH8ZRQ^(U>JBif)?XPF zkKR6fq43{iP0p~Qy1GOf%?=@!!$Mj{)i$kX-+fa!Io1-v*D9#O7@Xr1`8?o~lVo}- zjr}D(E&f^xA3~DLrN?FurDfMAnM{WDiVqzZj^E_?6d@kW#;TlkKws$YW5)LZhs#eL zDlC~eHJh<-PwvaSsXc0sc#T7|J$_U?vaTr$vbp?BcH603XTont_PO|;tT=MTm$$`P z)4MuuXkU}~Vf}0BRk-?A)12Mw*IPl^`rqFlXzh7-=Ec4x?IfY z`9R``%yXf6v5RuO;rhp=5*X?)**6;|rs>GM(EZWc|LRQ5_dgg?QxAKx$g?kqN=|6$|O^Yy6PD=b4Ja%Z`@;&ro$|Iul^m9#bpIZahCwoo|N(MEZ zzLJxtp2nZbbbE(Z6b&&|gLh8S;{^3|h0FT#^O5IgiG%U$#p9F-9mn{XqZfNNj(bLN z-cOyo$xvr}ERDQTe$uDst$X~l?R$i5?X2g2?*FMgwcz=Iir&SIpXTv?m5(*Q4mRGr zT=1{m^p|y__dDHR6WjsaZ!!x#*_#g05bmt}8o0jYuSaG7UN5)qW6_DWpA!_P>E00d zXzGJKYL`qU-#n}SCN`Gh=~48y?c6}}%ZmNIkEy)fE`kT9w@+A7BD3+N(!`0t1%}MFAxCdT2a)uH~+qT{rg4h-M3Vv^pjL1opDT3 zzBl54JHMD&%ikiTq}a!ffzp5`-X90lufg~Ofx{+}f|sWK_k<253te7rc=G$j6Xaq4 zuzT`zOl3f0KEq6*Z{NYK`>*yR{2louwPoMV|NU_O3qo)7nfEPV7RQWtd7e}yY0@UV z9O^Okm{j;=Uhr%1mkW2aFz^^+4pO!b&1=vamnIx9y@l@YeCWt++q#oKTJBzX`Du5j z9zH>DVZ0EE$$um$X6E1DttVTLzUDmo_sQ-_=xgut{aEk^)(7?DJ7?wZO$Xr99o!f_ z>U`L3>EnT|`%v*sAqEDb&#RkFcdmRsG1JIynb5ox3pFfaT8vlwKIU#c`S%B$!};*F+cUpE>_wcN5FW|%2ChzQgT`FoBfkZw#=W%GjE^wR^&Z?@(o4iW>Bf*MLszS>MZlym#mG*-;am< zy?!M>H}~YiAtj?DZ=b2u?mxf3>{ZDT3yam!GCK=#(Io5{uTdRaoT}UbQ0Pt%_HI4ox9>#nL&v_D!h#U z7G&Fn74vKK=#fgtXySvU6CaSR9|!dsQhA8ob~@``pU2> zyXR{fq~Vcn0qG9u?v6uuhagBvcc;=I-5k0bY3U9D36(DC67=2YcfEf<%Yk#>d(W&{ zvu2HG7rjzXFlz(nrr7zb4b5e8B^f?^b5fmG)y7NIT=c|nxoM20xE`eDq>n0kH>FDX zbWDC=5gh(BBkkZ3ss}wT0A)v0n3;E-pi7ak zpvP~0Gz%xE6Y$;hva=t@^?JFvfPHkv7k>bmgTT~KWkjYstabhGA^+b4?DGipjNcCv z=oL5ueANt`zgTM9e-_2DbMKb^*9qF^NdYHT;?IZbU%)SoPfYB+NO1XXlVLIqhQXpJ zeGhCn{8nL(RPEcLWbfK7%5%Mh&f0&$+^kMrf`m((|D1INU8dxBpEORecODc05*79> z5vlIsY(AMi&S!}I_L&g|o}j=bozi<7UbtvU!FM|Z6?Vp9MZn+Zt$zUkwhDsqLj^(r z47Br4S|tkZ!TjmL&z&w7z@8KAqg>za=fFs65H(CZmvl0W-Nt~aS0Xq#t=B ztpldb_H$rc`y*Jv_jdxs6Ck|(`{#EMFmMVwkfv&+rbb$=w-^L;>@(~E0-14nj@vl+ zy5OW{R6gkundx3ud6~JFhC(*QhD*CF$7y4cCz1lC_G_H~BIPErt%7Y2e8 z;#udn0eTTG-4`QodJa`xg8r<7KI%_EqWggrW-dMxMz@=Ozj1=@2bUW}Z@>NeMfL9< zSX8lt^&~6Zdwjox{sEJMe}BPn`!k5IW?*SHi1wFrNrAj0_uwv(3}b_o0tTgy$+qrC zU{M`Nyqlf>M84_%;q2nK4&3g$fu;xu!C~(jyvZ3whFt4sc@<{s4%aC^0966KU=ggM zyBI<)vM{Rqx<}9trL=aYz{(X*Cw083bAp1ofU!jmuB4nVl|$U2E|W%Kb?i3$0G^dk z&5?{aFrO#YUr4dcGWmq_Rbs(yBwpdCxeWvJ8>**%s_$Ow&M@gY&3D&9thK7QAfLsV zJr&*9!Orhqrd74a%?pN{^D49Fqf~9RhR=0fXPvM^0W{P59%!fjvb?<_m!q^9U_|TP zhLG^>@!H$E4G`w>UUazw-(Mg_$EFbhPVnH0*G1C&g9>bOAI`BgLaV}{Z z9OeH$gJ$Kvd;XvA7-siU!q&cEu?zS^eZV*Oz*F{7W z-rFH7#_kDnC~24j>RNzJ;BT-~Ri;qr<0dTa;4XAaDI{|Ak#9 zJRMa8_0haNZeo!Ne||^j5YMQRo`4rF%oGO~ta~FbLKMjVJ*+aQf z`m11s+T7)ZNc*W-e9;$_X3BXMi1IC_JW>q`X#HN7pMRm7xDYJqG$F6*&wAzxrc4ew zit0>|v|(@m*lw0FHb61x%Z9QDeQ^3^q!nS#CiB6#CAp&%9i5cFcX;WHii)a@m#@9_ zLNv{ZPu=v71XjEfuZh;QcD0miw9>OpI2Z@wIsea05p4n_pH z3S^+CVUEBHaCkoJ%i=7K5Cfxb_Q1m}-pK=yeh$ z8+oVUyINHUVLbg0V~RTBOYzEN0fXjpHr$UBqKyL8$nP;!riz8Nq565(wbE50gx^V& z%bPb`0T}8%b#@U3#}?+*3|sPCzM%HHH3()O8HuY4JV-!HgvINwgQB?hCg*k7wIQhU zj!?6_44A&>WF9{O8^*v1zN1YNkrHRimPT;7go@u*oh`rk-$m3%onkPQpnZ`W_@ z2eG@rv>n*^VtNs)Cjzh)U}IF6U>FRRSm05~T>)_`erzz~JEm-EDGgYH3-FUC2^d=i}A&FEz6-*Ww>owpSucZ-4 zf2?*~p<9t)?yl07-{2gh{ov7+W_&~4RaVS^S(-Pvb^F8UM-}y-q>8pp#rOL=WE6(t z-l+KRQHnfWK2cc~PZu8aW2|2|2EYvBfv}c>v}U7KzK=>%O_`U32Hzsog1S?wHcGL9aaJbe*VZjxsAHYSGjz0rv{c2Vk zr{_SHqjNhHQQcM(ekqe~s zNO?<+&gzBEUx~th0qPmrIe-&hO)US!P5b+mU}9b~0pmjJDQwCcw0gS#Z2T4jduXN6 z03z_U5K*^1}prp008|@3Jj6PahbaIBa8pNNJ??ZbIjfYYVT@ZugJV0hQZ~HSPx|{ z@8HWz!ugk!lmx4x0)lnkI}9@vLI~5W58o^e>G-4lO!_H~gFTvT7h@y1L*spS?!Z~CJEH4LY5;9)zGg&Fb)_gE&1AEMJ zu7Ldf5`Xh$2<@5G%FYfQ*VJ-K*#i*?YVkMG)ema=dwfqS!CGYS*raJ_*x6sghhv}) z>_RH)$vH&pzLFd{{^YDFI~BEZx4Xz@Uk3#%S)r?XHsd*Rre3-OIQmGZ9jgDK>bBab ziN-FXHG*%B8+yv5`!zDag@If;ALs|%z=|z`8hvIu_5UVIb&5xxb5gf~0frCS50F1B z@RHqIZ%Nwm1ku%MUj7;w{{Pg4e(eRBv}3@8B7JNc+D#YsjVE8hm&U%v5k5Dn4OHUs z4VG*Dt!YwOs+rz{uT;T!1B$_7^VUMn1`m-m$Cq!eohYBJrx%qAnT=i`3@Ik(+Wmuh z-NMQYkk)R?gC5HPWcK?iyg8S~t~$>lh4z`>d0g-_v=L<=>{G@>@mL2(Z;BUQD2Xh0h>)6ZAxdO2zT@>M_+D`Ns zly&#tzKZdKzAqsC-~GcK07|hMXs9e5OP&5c{ivsCzd9`8f>RW@q@x!AiaXeEG5hzp zVx+@Rrr*KRo<&!_^Dq=rxDgtmEGRWO6j%7_A?*U!tGgfZiY&w`q$rWz?kU zmg%Hyh1QSYza1F@A=X=arM-7-xog#eVi|vn{$D3hs-%qC*Q{CwAEJEnuzBbA%joN= znqS~@D~FE_E?6^*DJ5rzC*ya7!>QN z{F)i=6%!x(p4gJ9dw{(tr1V=HmjHD6WPRKl@C6)hfXP_=px=R&@nnlrMk73hd1iYr zG$P+~o=^mcbTret!1Vn@s5!ewz~}Luy9nhvg8h0dY^{MZZ z8So4yN@KcFAdtDcE;Rw|m4@xAkvgb;LV(T#CrbLQH6WCuD7?&H3IxtJ;ldZ&^Rq^0 zOk|T{M*%swDIh?AL=8-hU7Rqw0^b@imJ9d+u)NC;%&oC$6NsPIv~BtV@Mcg+gNbR1 zWDAc@Yluqae-4yxKnD3(RoDC2y8fUoyEHTtc-sWCV*nI-aQ@UVLNPPGjhjv)q`<@N#^9j(jf5#mX?KF=48k#1 zK><>V9a|p{v=t=~-)7(QD!H7z#SJrV3S+o-@5!-;v7@wKGd2IoW7Bd#?Sky}o6%bK zuGORd*G$rNxo?myO>1+mc6Lf0Y8N{~FP*b(Jv^E((2cq+-Q4CCu-dsk+KIjqeTTyz zsG^ac_J*rPEf%XakbdT8qmM%gN^Fel$H9VG%+))cesO{HMi*$K*k`lZXq-24ih(Ot zmI}ReRhVauhqP^?6DV@UY&5n9t7cZ=xbJ#ymVq2I3|ok?BWmf%x(!5Ya9ho88#DTk z0N4X;>&Ydoa2iGEoU^B-6QofH<(UgsLpTG^x$1O9@*jx$zMw|r+NiMYN+Z7Rmey|% z-NBATo;)YxLi}>b#6pT1(Ah`f?ddq(C5DB|I^U(Lzo15W1Y7_q35gHTli_q`U(u!m zi!qQil}#^`!38|N3;cc8dsE{g$%u=C)KI9Zre+G}^gz>n5p>=Oq<~9K*M6Sg|5yX? z=fP&D>H=@7Qq+XT&hqo}dI3!C1!K4{#%v#~4Fl7bPB?QzLqk`fb^%z!1Gvlp#PJdR z=#@AMS4Y$>pnSGK!3o1|A588VGkPXl?T#-;F(V&erpO!smGj&_U@U{~qk>>H=qX@{ zI06opS>Ct&;po^&*6Y1Yqk0&X?|qnZ0sK!GxK3iAjGF;h5mwGBcrs`fwmQQ;C8PJc z6clg2K_&MWb|09Ze3@?U8>vFaLf6s|B%h4V?T!zRG#%MBJI=h2K}yL$HI1i_==OZ>;jj>b%9cxaNFx=GDfT=6sa0KY1n^x~zM7cq~%pWMJfdqxR~lWgNv_oXrUS2wq_!W z!O3thkorIleWQPL-gc90rRsBOPP_inI|JPocVTIC6O#TK~)EXS~_|ro|``VJ)jlZgagpu z6I6BoeiD6Y-$_1)=)Qmxrk@_ro0Qps+wEq?Xsbq$a98f_0b^N%B@RDuh)%DuTmmC;M#hNWSl* zP`G!9;-eSQlGeq=zEaE6s9X-cunXafwUVk6GQdqMBy!h%#t=-+j_;A;QM%JF>*oB} z%e?bxBx!b@a==2Mb8ZyY>J;93m<9(8Jcc8{stJHJ?H-eQNQ?<%dUL@N0#JUPpo*P` z;0^%Z_VOYr=m}(F{?dn1aAZt=`>u3tJ)Z%sC3qweuo8XquJ_LKry18~4~#_yUxpHd zV5-08Q9w<*=?;j>f-vmHlFRA1l6B*J&t(G`p#qZzgQ?Y~YTiG32@|7keekF-#u3J1 z)xd3!r(p+ijr^Y$fMx5t?9KCP{_`p<hNf;p2B%z}UVCKE` z{woEHm;!ZU6Yv+$xdJuQ2LK;{^gK*xW3)r<07hsoxAorifYv9Ba0AVBnB`5-#<6L+ zQc6AEf8oeSoo53W95Ct`0Oui)x6OQZ)6DJ%h}1-HAU1%ia&x0yUSAgrz3`ANt9xD$|*daFqRS|T*nwk zi_W3IB46pz3y+WbtB;{ zTsSE~uD({cWW~WWv#=ZLfmJTA%PyEDJUFO$nBhbzYmC=5eBkj}3QL^_6;94#F;1!P zRNj3=?XRYYqXN3>B~RdE^(`kKLX0%df+K(T!baSM!3R0^q(!2bwae;Iu;8!kWl
FRf*kRN*C^$CJ~YTKF$+)8H(90K<8Ichvvx0P+xKdtTRh z1O;SikwZ2ZfOFdHegGVsz)Afe_-`=w1<*l6@x&zu4Zh=6@vyo9RzJM~kq}mFfEV_L zA#F+MP6ZPMaScX%zdil8{^gnMv-v?@?JQ}XT&t^2#+)5IPq=d*=7r#lkJ`0p-)kI4 z&*+=_wXg@~u@^-g-tx>Q&d}?$Y-Yi-u9hi5@rwdd0xGB`4d-h%P4Y0`p!BI9g)+>l z9UU*_ezZd5ils>UU+lh6oekNwWiSngjJ)?rr?0+LVqUl?`kFUo4r!UF;p3-ylPBOr zVLx82kLiBy95#u)KAZV&vg1rF>~A5&HU0p`s)Oq4WSjGN-)QS`S+DyiLC}p}Pz%5o zFr=_z7Sy8(G_0^d3+nj71vTNR%%+QHCYdr^mpFychR}A?P}JdMs*q4T=Mp(M>#yI} zBr49P)Y`@mbd3vH;YSbtk?wVQq)RhBKqWm)KO*?Ws-moJ&@``(Hn5c?pVU+TER_2Q zHhhtUH^#Ku>*20TpS9vGC^6HC>(2(ZAoZRgr-Vki0MjMbEO7Z9)s7;K7=VwI(_h)+ zZa#bQ)fX`)E2|bvz}>8WW{THI?=Y(0oD%@v3o{8i%_dfY@=VrWt_7Q5G-<_inTmLD zWXU(MYUGcQI4Zy+sf{OTE&`+Jp1QQbQpGy#>Ruo_!W&u;OjdB3PJj5BaGNmpy8BZJ zGb=BuHp*9)RU%EH->!9@eL0DY4Lh5?x|i_D`+th(!|Xm6;^I=xTBP=1?;&actv+-{xO$F^*YwSS}=bQbHv*AUP0K$5gAd zMsFelTD`0OV-3Z$r9}rdElcXu15}Cx?AYYb$s%%c+LH0Sze_noJm*<8UfKzWU%ZMi zFzEIWsy#qcHwf)*xcml~NgTl)Tny`z<^{Dn|6LZaoXQc z?EpQI`|NxIq}Fd>9zIPISp!jSY{T5i$sbY2k&Qxl$BFOA+=xj1H$t~NbXIt1Z1?C( zwy*#e@di=&thDU7;ZpAN?V4UOw%x5*HJ^O5(UN4 zXX~+}c%{`N>LnYYlDC@BPsnpTk)@491v92&2rG45O*AI5lyez#UgbHpx(JZ zT6h_k5^j9tE#RL>Po<+2R`^60-{ShdF!f{$c~S$f94@qVUC@_gcU(p8;^8W#NHER) zv@=k5H%~-emq3(O9s}quJV>2NO7eOY4z*S(wXN5rbrR!w)9Xq5mkp9cuY)BA=#F10 z5+EJDzMCabuiQuMDK6V!AHETKcFxj#Nv|St#AW5Q8?SORj=J|p){pb+Wh{!MrwprO;;sXcFVh)?Z29j2=#$V4o*(hpI#j% zP-R8wa(zKNpV)~I4WJ1J5>-|QiPVm9K~O6lv0-(uxv{qS{~ESf{{=R-3eSkVeJUa( zqHPq@z-Io_3lT9z6mQ^Cq=9=)N@Gc8+aiZfIW1j7;_j8F!+&mQR--o~A1Wj`%chjA ze9Yi-i6w>guNXe`>q_Jxjj&MFs=Pe%ov8JU@NxvY(|_d1+(gi5(y_1QS84OKs$vTB zDlCdGBi|-qUw;+*CX#(c@J4aJd=7D{P%)XjfNst`vN*qq+`;h2Ktvo1hk2y)5aySE zf4-=HSR$Xtv5xekN;FYncRk!Z1~(C*>-Mvt__YInpc)%j_O_qm<41!isAJnJ z8TJHA);UFbWvGXQpr**H3aP+XJLOm-n+T$#k1urA71GH^q^UG*Z8l~aanQKWeUqTu zLLXN2OdLf_^LG38M#7S8{lE^T$;oW0s#t<-vBsPWLGh{uX#JM)Sa*=2dt#_Vi&azPtkcmFy&2Dz zu%`CWm3ntCVbL)i!iD{0pQ}`4^dizw_V04>y5zL7b9SUQ;R)GifveMt(uUaDC<7GK z2GZ);#y_&SZ+_L*yN;FOGJuy|V;N}+x_!)=kN&JPwpxTqKdBbDZ&nK%Sx{)D1_F_cGTIHx+p?jxACVHOM2fp|s%N9bX*IA8lJ|Dots z?nTI*qi?^QgA=!IAgGzfMjQK11O1-$HUY0d(Wiyv3$P6`5KJMy(CAHQ%r7NH2(Hea zI-u4UED4q2j8V!DEPfNt?Nsh0{Y%3LHF01*!}bEYHmob0t;J-nlTCk?Bl;Rc#l@Pz zFx9=^GJfy}m~UOah2V5!A~nqr41H@tYmlxy{K6G>v;0zshSOb(Gq+?ySh=+%~{iz-$PP|3c1h!bNiUes(^>_NmM0ivNdnQhK%yZoBwodhIil>V(mih z$#QkYc+3Rt&}&~CeBo;h)9P7E3spK(=*udnt=SX0zD?}cv~QwDhtIA1Ris6a851;} zyormn$J>!Hx9!JLxy&4shE#d5J3n;P%x-M_9-b%KV~5Qu(iUi7ICB#I^U;>36m6vR z?WD}o)Sp!(Zp=%RN+>=(dDu1cY}Ec)N{W-F;rc@6t}N0m zzoRA0F^o2)S{IKpO-?tbAZwbIHGwJte}kBgBf-i-Mh1E2dk&FnD7F5$k|gGi$0qe! zcVqUqV8>pm%IGv7;zqUIZYPrP!3R@hqXhfXI~F;u7xN8viqB)oO;pHYq*cF0iM3q%5*<*QSL7`(JvJ_>;(7fYPcHmLOx^~9-<%>`c(PDj5J64CnV=NXw{b=7XwmZP1H#Z`(jM&F{3ds9Jt}o&fovdW{OWjbIUoh~T*ZV{Z{ekJ;j5Fwh2R2(-i??yWci?<{d z<Ho&zZW;ffVB#NtAwJHEt+DK>aX z3-o*+iY}VMl|2$IE6Y8oaSJ~|R~w9n=#scrwJS`>TIly*-(_jOP(&oGVW8a2akda* z*kx>}UX?8Tq-pYQ>{s%~41Sgyr2|z1h+TK~cg}pB1?4Z*`kgJcdpXYQx%7JQ_7V?~Jw#*io zmWu97N=t0QoK`Oyk>N>F{)sIasb8X0jKI{owZq~ys>zC?n^8Jjl~R^tda=N5DC0YU zA>)8=nXGv!tWJrT2D+zri-txQ7O?%od-RTHL)4}b& zItbl6G+7fAWO}3L8ojq$;z^qq)9t(FHWGp_WT5GP%PPrK$^@w(eii+6?9X5@w9gi9 zd&7WI75Bx50jw_(yf@7V&~Yi2pfVY`&?fx$_n5?)6akA%Zuww!W{w9ZL=`>|+2-Yx zw??K<4OmZdYTr&?(OtqC&}s9JH~S?f4|DC*DB z7Q#hp&wSuTjX6S=tI@L48~%7@s(GTzn2@unv5`XmYD|5c;0aniao*HUoU*8qu*+QE z*$(X7hP-aEo-lt=$MC6Gwp=%7NV#Loz$P@^-0;~fp3M7&jl&F_92r7RK)FYbjnyFg z!C+26j348_UuF$o*-9s&BHJNNZJ!q=&aRPIn%zai$s&tU# z?12AOQij|i!8OoVY3y~(+mE72=mu2`-9bb`js8wJ;jfesQe>yqF@jN)QfP6x!5Kg~ zEok(E3r;jVVp~HPom=})LSTW5BzX_NWCA2{n;`8GtJLPlmLp%IYXm6poHKu{&`3Fd zilawM&i8|>_eJN%djzYtvKaXo{MCLc#3v*D=V!}wx9#joK%(SMJS=fpss+u4oHpI6 ziuVaMzo<#I3JpFx2qgNWxDqWXpsu~0CeCa%LiPuZH71VI<|X|axyEhR@Cj^g)Zi4n`;g2m zqZej1RlA=o(|)3issC&D;N;IV4)s9&jh_}58&$m#9H}#%A|8|Hj}K>(D!mN6V?XmK zxwYC;KQ9f|prbo$-?V;W8=OO&mD5pniz?=nI4D|lzu(2@MdCs=DqQyp90sq*X7c=P zaB0}S#kHPI3a4^_G`_LTy7Re*&RgMhVH;>myOcR!Ps4YmzPkV@(}qEVy$Sv|WQES=*UMg@pY?K5L*oBGeHiA&tpt ziB5M>N0SI{B51|z$_;Cj5pt`-vD!AJalaPY*vK54prKMmSxGIY+0u!P zdnTn58Bx`p8aIGon~B4-2&Zfl|9Re@<%Y4nmqnB%ZAzgrTJwc^kCc~Yy1@8WJnE7* zo@R|nx=u7U>Qyzqte&=kKFt_DD(3XJo6oG+pJQd}A+$`~k6yWkErfJ(kW_2Fbb6lL zyyC~ElP*nknV2rFFHVHoPLM1uvWO1c>U>fQC;G9n*t`R}(3!obiu}Lkt1AnNKVDs? zrU=iQAD>Vn>-Htcz;(b=myRNuRG&|1{TdUCT%9D+;z}|k9jzMNw>`kIyG2%_XF=

_}E_nx>1z2edtH;s><-&XMC9B0r@ zK!u!pRBep$BgEO2p$l32FupKqwN1Oia`LBT;Xi`U$ancSS>;-vB~P@6+Z+X5*{(*6 zL*w-cHI~ZT4JyB8w1Tnvc%T#*WLykbZFU?rvm1K{XDWHX!%2mrb>H?Wxf& zYZ^34Zg258!O+tOO@LsM*kU(mn;-XQ{J& zIrpr83prk2!7}m0?}u-rXZn{gkbSkFaFVdI@_{m|5!)m0AJ@lD1HxU+O|;~na9s=> z*d_~m(|c!Sjs-j867Lv zsrlj(6r%`SduTI65Nx}?h7_BuhHzuG%UL>%^?_nMxwQXOh#Vx9p4(PRNcfXLHN%x z#6d@8^^NKJDS_Xf7`u5S5M#pXqr&ntpV!wf?QH}X`yhw~9+aJOOlcE3d>gXrl?ul~ zv|WD1_-VD(#wtO)!33?C2|5)J%~zASG6r-R0Ld09r9p7xmlXcucHIiS=c89N#TG@? zKca8`X_cRmLj4H~o(Qtfw`$q3%J5)dl1udaY`mReP(6>8Tm*T%`l zNds6vC1{4BI=GuVz#{M#iGGvs#8j?n!OvL?C`*d8X*geYr z<&Z8OzcOp)p?*8$?4BF24G)~snq`tcXtZlYf5gxV;`;T}zSXNWLesLBoDQQxa&Yxj zW5lM>Qc`&iwj{LIbgV}@q3-0v#fXw8?kzvi*eW@+I*$)u>0}i3H8NK(D-I8^W>%(P zouW^K=I_H%RkR?MTsbarBv=P$zvE_=3W~=@K}s;z;hWx;o7gt|*qpSTMeZu@ar~VM zrR^Jg$q0vVYeZhNsm$lYzBh1vS}4=Wo~aaPuA{Y=FL)&tFz*qNn-kSa@jTEU<7*5} zzeH_6t&hWR5`5d6HKlqxayK<6U%K^P{ z)Yi>MiNI=WK$5Gk)(bxZC1pWc!sim5DKkfHU;#=0G*Fo9MT|5a&0ecnCgq-6%s?yL zBK3P<)bYh~)4PSVO#jhR+JPukLFmKl82reHiMn<$q6N>x3+OBjoBmQ}>eQHzj!f@s zIhl9Nv|qW!a5mcnYL$c%6{ajIl*-zKv@V+Crc^JtsVmWEJ?=bIg%Z(SkGv5=pH$f@ zM$3~>Mj$F6gVtz~#5XkR_frV!c1JygW@`2cBT^}F&2K9<)}#(MSZTo8S@BBG%{* zU~42caz;10hlY6kv_#4nbda#%DUCdJ)uZE3cckR7Ep#AVA9FdYI-p^j%~Q%s91t?E zXYF$5{UbSmeqThVG+4T=6rs)%OH^)>CSM{h8Sr>~gx4}T&hUe(Yw8re6 z*f^6?YCZnn6NR`_x6Jb$RGQ;XrKwCu!UE@mhc+pWp+S#@d}<|QL4(p{)I+adm7djW zVMD0GOh2IsS0v)}wX@rdQAG4fm*6JwrWmYB{c&>L^2Lx&jF0~o!&U#LDaNdy9}}1i z8fFrwIEgn%7FxzrH@Ml5m4$h?b!f#avk)k{7=b>id*Js%N19yuNB-Y07r32LYb=KFV4i5Jqd!+qYoVLHBP0jwkl zcwWlyLTC%^9`#(BFce3gcx{wWO~M`f2X7sz@z~r6D$Hb}pjf(yze<@s(<&+ifBO!b z{Ph2m!xDOaq%?+NV5?(nIbAr5ac2AVM6nw|#XULIJphSs#aE08vmafe9Fx9f5L>tc z+p@6Q=Y_52`6?;OtEX}W`q(XG$wn8}zHqjXMa{|hY0XPdI$hlWe56QkWK;HNtD{WK z^)I{w#LlnwY+T9)9fNp;zHz4ss;Io*|3UCAv&wRfnx#ZvZT58j|Fi%_?n1?K4fB5_ zH7K^KmI@K$h0>X&W6TnyNLcSp!?(rCTb-wttl71^X_dc=M0X9(HmQYJ6z{zF4J0VW z$xQ@O1t;aF>`qU_wx3}(fgx1zl)Lq6-qcFmNTLmSJQUZhDQpy@4h&t-HR&?x;g77F zHeKiTh8SV}=KlW140vKQjpILg=21^7a;8>^1RLyVuFb?g;FljXnX$h2k7!O^fVibe zyLE8?@PwimZB-Y*DW}!+*x1^RO#i^{MHv+|YBlB~=Of`Q&Fp2_FxONO7?hO8etKe2 z#gu(4kg$0_i_>9O-nI`MK%V3#HBuci@9MDibtLlf2yp9VitGIQEOHnxHc1e=E#z*?@=#=B(_*_3l06|j9T=^O`Fr7r50N!_iF>qcr;zct3?Bfhud#LrgzPl_{$7zuPrj?%PQexCoAgKJaiNHzHnZ@flY zQVO4VZo21niKC7NB2=rOk(%Ui>J5$o(#9-f{!p_?A{%v`T2Fn7zbl@h@DzyO30sTLD!8qasRdAx z4RLBp{`5^~T4J0o+F?Q|8k|I4BqLTM{wbmwkI7rQ;Lj_1x41w-X|F}rVv|Qw?NmaS z$&6~LNLs@~YP*^w$gr=@lk|OS^eh}Eda!r<>iTgp@U@;vy)p9*!G{ZuSl+ZVu3dIp zr8FJ{t@moUF=yk_sWf=q6f!IWz*bJ4AZ#GKVraVR3%{yW9>il#0(*1XGBT9K+WdnX zs!nM!XHO@> zchwxBmiAofY0l;qm`SmSN*aG_c$KN1EJGGI5^`8>(oFk_EHq+qYEJUU6Vo-8ySW~3 zB{G>531(yKZT-B3n{|9@^?Bk-)srot7roomLZx6x>lIIUf0&r<5vDj+cQ68rrb)7# znP^m_QWq9H-`9edjEu~d4VJb#Z_#uH;1pFi>!Vc{SWP+?G1*)ebD!FENLO!d3M*I} zAo$Re({B!Mhx(5D+J=H(Yj*;yT%f!wjF0^?SV0HM=YeY~0Gsgfm&i z(v9r8F?_rCwJ3DWoU=elI3t9vDwE(DN!sdgSzYPy?Kir0%u_a~;)C%V0~&E`@|3jV zd;f}OrnhwKKzY5bf!$CQ8~)08oJTU)ZMarMpGnBZTt|$cyt2QZ+D+CgReT$BM2@J% zbSHG>$J?P0qH!MfQ%SZ`l$%VY7RR~&xGJlN=n@*4lEk4%JY6ex3O)U{4J?H`jGDsQ;gegr#D4DBDBp_U{fzq3K~n0s+}sBcy?TeZVN zbHc*LS$P}cv-BnRWw*uORMuN~kwo^YYLkyk>Pv%4mSloCRcX9GsH5I+?P_x8L-^X< z4k+myyRRYfbLpexWKu;!6%(xRd(gBY3vyXUtJ%ox@+8j5G`j|R4n61R71cS(@P)tG z8&f|;<)kLx@(BtmM%d%h#oHk&+Po(5ic`bh36>Q~w~oMisVy>eGW5Wm^Qg-#j(;GYi?)Inkouh8e ztv&BRFZsB0ZcbD9?DfN%6|kyy4@8@H6`+2MSe7vhl}Q{Ew+5U*}qYD+N%VMBuWHi3(ub(=)BNC)U42`u!ApRy~e? zHD5Vb>T|Yw&v^03sLV|f=O{(TqM!;{B%K&=y#0Y2P$yW?_(vejPM8ZrvY9HBkRI-( zbwdeMC*Vkvy-W-v9E&}^eUmTsKbhG^fxpEi3{_I*-TuXuhTu)cYb*dLGT{F|{YM1* zLLo&Fa>#X>qzX~M&sB}u^yHmhIN84W8g4J5*qZgG+ z9T+e86p4k3n++n)I~La$-GA;+hn1SG4_cHX_kNC8vYfW$E|FdC)qT7^sbz zmPBC{bE(SIxY_QvFw|d=!g0G3_Xwomg%I&I7RGl3%beRK?`A7`GOAVwXiU#omULh} zmtxi>H7EPYt8er6#x!EqS8-6EJ750?cZi72t4z)9^V8kyU&@Bdq=c(0kWHpmc4Rl& zb%T{IYU=9irkYismwdf^lJVtL%s`_$Y029(SJMw@7)BdMJ~g%9k#5DzkEi!d-^DVM z%NywUhE?5=gI%(^&(pu3rhy)nMfE&XcXF@byJDWmQg$U~?^gt6b%v{SRlia;F0x0{ z+~p(X7CB}nOLo>Rn*_Kp;b*T zjSaJsxXP72{73%Ibctq)<6eHUOo4cWoP)YtgFF#(EH$w}WJsx5s#bcJBH+mxNX$>b zAXND4#n~=)4`U#o-5N=myt58reDY9kqHjz7BaIRJ24}=~-A6_R$udTXyr7mU<{!}V z_LNfMXtwB$2(dCt$lG(dtME6Cet3H64$fB>na{`He-n&*(<2lww_Po0PFladn3@-* zQ2S+rlai74lkNOHZ6)Qs;NoA|t&tgX)Uf_!dS$~II&DqO$U_m{%1wdf$|gHSh7ZW{ z9CGMn>o%SvY(IpQI~zPX(kRPf5m~r2U$5Y}B1}$dH}LL{j|d4fzwd5iYU+ZtH@nmq zUGf*(_dNOTS8nMS94JCuH5YinB9*Zw)h_PbiAN_UzU8RZRRd-Byv$7M-0zN-Ks;R3 zP0ZH=Ojk?N@tqtxza=)j?YY%DA5M}|AJCDMIM1Q_9%HMqsk<8q;hx7G0Fpo8!w5vs zkk7O)(*m_$7oPm*QusbaH?I7+isdhfLTQ?kCJPI*ALNK}{JoJRYmrx(qxP?0$!7cO z!B5_rHj+g$h6eMzfu6fRq=d8{4SXIOm=3Twvu@yZ3f8{eFQC2krZAPV=9JdI))#7O z+gHZ(2YglFR2)fOW!Nx|WNL3wh|eJzvRna?hi3&X-BqNE#<8kTHL7-za6XG0lELzE zUG8r}$pM|s&Y+hoEH0d>NQ-m4dyoyKLntXl7d>PBMADlB z{cMM!+GtI8uL_HKWNco$5O^O9qSh3DX=)E=McORH^j)gyf6 zH~q_epQl@ra5ufRT1zm zAya0V79DXwMr$e3E_O z?<>Wxm86nb@mj6!b?wY&V#`&j7*rm>1CDyy$fS!?q?+kf$%ZXf!t^}hK~m>g3Pfeu zpi-{pq$s{<5VKSSRUUIKXi|>3*u^_p!<6@3D=HNZ37xO{?pMd2C*J=y^06T$f^OH8 zQsQ9jmyl^NVi3NM)U0^D=EMdAyQCTsvUJorT_mMA@I!)LDSoYkW$wdTO3S$4Dchn@ zBbI#!tE*$j78QuWVEIKtf;haX?Sd zuIh8dN%69_64=l6+P@No+s{`lu<|5B)W#j1TbfzA(wZe#`q6xMSfzIk>8g5h+2zrx z&$>{Ar2U8AF=f%(S3Bm>hA7Qhl*LpnKDAmcr7=QtUWDw$+aK_Iseg~_3Y%4+JS(s5Nc6JuMt{m!FWJD?%MbFTKM_HTmo4QL`P*LXtEI&&J%LPMPex#o z+enRV^|}-Xp|whxffta)Fx?X%i@TX(h$KHxhvH}*devG}@)0Rf6kekvJf6Jg$GX6R zpq18h*&>tZ$fm~l)+27aD6XD*9l}%-UoOew zQIxebay9;$J2{hr>1RW9vURQq2VW{N0#C4tl;V?C^nYT7C+Ur!!kYvuy(q?=nPNRd z_d_Ao1j<%3-{E_$4u4PDV8`OOKJuk{b7jb9LmEH&z2;X6)Ut_9cESUgaWN?|(NVEapM^a-lGni1Msj^hp#Blh zYA->OZMKBz6tU9uOKBJ$GcO_J7E77LTBp>6Ez48_%Z8$JO#$7Mg{is2F4@Wl9ZBZk zzyE56S}WCg;-vN~i&+P0mZo(B83p7(0g*61mGgH`u%vvc`Ku zDb8xcbWUv#pjC1=xNKBX{;@t-Trau5%A8&ygvE;&Pft&y+Q=Qm+BF_YgwAtwbGFX_ zjTt1bt0@D!P@B@GS?VpZ*|4ez5M$INtspDr;cy6*VBjoJfcI)Qa84t_@K2?nbx^!r zB?VCpr3Gp{k3`jV=qcNIuP8u=sc$^fku^Y)Jl~4dd5RgNHD#WzSL9Rs5d4UGhJb!X z{W5oUVv=U$0EQ^lrVoZv$D#_N#Bty~jZf*F`c3Y^zO9JZZ~dkIr@Vj}wu%{^@nEU8 zRn|m?^|5(7*QaCuHZ+>LbNLmmTCFBcx@bZF=F(TcC3YMQGn#Tp9mUOvj)(i!5HIkI5e=L zP8mrO=54ah7+mW-`$3gH!oYOLvWzm-APtU?M<3*D7Us9=6%36Mj8e0^Dvga8{JkU;a!U4yoZJGgDDuuEkQvtKrlRyMihGK7a_SA79LD797olf;;CdL!^a6Yb>I z)yKd~%c>Qr`fT4DNf$3(JRA-UT_sOzNGTbW8s7l`3+eK-kxaFjnVE@+37bv!w5sSu zL5DDQ7E`JoR(?Wb8cP_8VnUI@;N>n29Wr;FUqS2v!k$Vm5wf6!V)KNx6W#3!uF{#} zEkXRIs!1S)YAqG*T;_wOveshgsW_YQfghBv&(dI&vju~!7?maHgRTk~UG>tc{p$N% zI=~P>Zev9XpDVgjEuGxYs(W;*o!fUNm*T35J;DNJ zC^5q`IarWJ`=pKXeMJIoTEEoKs?cc!=?ZQjgP_qMDoj;y5P{U&e&bcidGeN=rdYP_wNco| zPf6m8QF3dtoCZZ%qt5fItUw4v>&iUtRHm`3s$xP1QrL#QZ)xLo& zSUaV>qQF)*4I!mL9E!Rx4?~;%oREr3gBYYJOEKC^lDeBpH>V00)UK3!C#Ov6&Da>e z*Rk-pUTTtK8K&%{xS}}-i4pU?*)a1_MTdP>b0J8cT-&x*N|ct3F$l#relB?M1qr>? z4j?0-^IW1a>}BWK_hjK@*)fzo9;%`m9f!e(s#TbXAR2=!2#Dn0*7uzN-<1JEY1g|l zUriZ+%jQ?7CW!v5=2wTNGahA$g@-$oy0?)Odu6}SyX+N>XRXa^GWcvavxlHR(xyyN zRqMqgo$UBYrIRDd{`pYW7v#NBj0G&JqN)lUvUlRi3zEyFlXGM&ZIDc0bV;7S@E!g4meOx8FCiMUH{k20Ht4YHCXRuV&TSw2UY< zT3HGeYENcnW{CS_!GdO4$HvC2=r-CJGUAF0;#&r4B=`DSS`6+17?0CSEO96KZjnZ| z0tN9d*v*yp2Qmf;2zI{3vXycho!1xZpCyRy%X`CGiOnOSSo`_@5CChr_Y4 zF?w!%2o}t81h{n@XD3q`BoqiRYJ3MqCkb;|Hg;G~$kn4VRw}b0=>U9a?W^5|ygUmX z8cF_r%eXmYO?E_9hZ2@wjsDZpT7nWleytJtjE&F1U$VgPi0W)v8s{rIF1kSypT`QOREal@-G3Wm!)(N@92I+LyFYaYMN$bWW>BX zAX*w%?GNnJaaGU??oth|yrDD5JXW0C7qqG~^rtIhAB^2dWJtR4sxAy{O;LCY2!>@M{>LO29lZaCmaJnTLsVMf1M1QnNwibtS)lLh#P^gBqEripQ zh(4ugkmYZXebLqdU4f|zP;{jo>m>a)3$(8^k*cTQLA}OPlq~U&~!N962Xxz>E zY<;jCk?gn=18FJM5R)D@p4!p9B9fBJJ>iOqIaDN@c+(->U)^u<9Hko^Vi1+h%5{tfXD*v(eRFa5c=Nk;^Ik+Ks=^EoA+kyu_BZk>MRlx&2(fw@{Z^M+rgqkvC zj5;VwjRZk9!3}L?iG$ewR4%uI*nX96gcNScTS%}~B?+#Ds~MMGG=(%Np7@Pd#ZJ5; z3pNb`c9phF2V;jyTe1QSjXPr*n^t|;NCI^zaWFm6f3;;bsM!rll>7&s(CV{MzIt6K zF`sIfZKw8c-vxqMzzq79c`?H?mE5(jRl8g15Yirc6s&&bo8R~=Ql~Ri&B0bQlwQfV z4)IifEL-Zf+AU48juJoK64PKKqr2Y+a)xmzRY~V5DQeZgBAvuXbRk9HBf5{Y@f}#I zD691!bTBW486mt}D7&$-F-zFW4#utSvvpgGOrk4;M|nc&BQ=wmydr~E+%fQ!b7q$! zP!-4C4m<2n!6vAuYv}0KDEW~WbAB>flH@15&C>i0NI|_$ssrderj*F8?fiGm z&sX6dhv_tf^dGX(vNt z3MJJ8$3@RopYW5;`@A}&@*3(-3O-;77?m|Z)!>$)S^lJQs^ArRI6NSA2_@C&w2OLeomfd++|@T2mFk}UuvOD>RRTa~D)RLQ%xLXwNW??iSBmJRUShie z1CM4&QvW)-$!uh26RmZUzoMHO?0zXym+x~7^I(Yp1K^=r4(aq+t#2==c!I=$?VlrQ&UlnH{pYs zz{a3r!_b{;P5Byq}KXT`KA_O0d(uZB&f7S_`Ff(Q8ANu`D)sT;xVVznDId(24T zg09PBnSQIXkjr%V)=NLotc|EC%Uk?^Y5XW?&o~4K)k%!o+PAFsAi5PmGd@1f)EL}^ zm~7F&FPO@(FU)V~$~r(v&sK_mW?8N@av~G3Cip(VBrd=#2$Fk%)QWYG%1)e}DuCR~ z@UvhkMInu3cU2;+QygWFf-0g$G6i)Np`59J2FV4Hz&24bwCD-_Nh#TxSE1CaaFH?q zJ-5bfqC=^BX;z8Gz;!HKN$QorUA!o|4>j}U;KTh%o$kmuhhORh?hMKK=eH8g^Dpg(z` zrzZ4!0zk1`3nJe0s+%Cf!}K6msDMWHylDTEcod@O+$es2YqOCQPTV0%4Ffl^Oo>Pm zce4k{@8cSHO={KkAp~~VMM)JR9%mRR3UUHKBtNIQDN}mQb7OxkMrp^MFen@nS==_L zBvQvFCMN6~OSEr%Uy`9KYuO5X2l3V*(+~jdgEH3B@y&TFSWEFGHYd95+!F!cije-ESMRJW5hr{9G#fxos z0<7NnrUwdyD)>g}*!@eEEHM<@`e6Xc_XNz%%`IBAXonqk7#|-utw$i0lP+Po*7ML+ zK*$xdF_I;QTx7?2M7mix;x$AT&?HQ#szoxNvJ|at{Ja5P7sNr^%610`s1s2s8RjL< z7iz3jQ|>vub$)~RuA<-%9b?sju!WQn9LZT6HbJy&1tqICtClNttIVdX%W6T_rTuYf zu$U<@zT!Ak^mgY_=HOZ=IOc{`bS{(>jc=YvzGWc@jEJ)SWY%b8JH%L(S?Ago&9mKM z1`QDgS)*))Z{~eRpR$$4iKYFpN0eBhlv@>vs?Ffrqx6O-E5huK9L+*i2?5zugwwgv zr4_P`O9tg$X%qg{D>zdQqzoo~uF#V92dz{&uJI?ua;ax<3h35&qA1lR$kiph1#v8B zNEyi_-kRu6xY5y30yKS~VBKhB&!eeGLushduIr|!r)gPHNC*K39swXTmZPJi5CO!- zWSPq6%Yo5&F(eK62BfFAKzhz9fEJ`qkF^Qki7y-R+e&QEF`Rv#!oc~?zm!wkoGja`|X{tfo8?a~P4t}ErGrVL)stLhmbR7IbI*Lhq;xLPJD-BOvN-j@+or@E@7 zHPdEVHmNDY=zU@2QXizk!7R?>N`AMiE0(K>xPTe_>SKmy4tqwzqpa$-PU281^eqvW z2GJ?dqWZg~H!`G(n_~$@(W(qM`%$ux22TSklImT`H0(LTQdVND-2-*;7W9<%pJlpY zAl2Hr=l`$POi}#a*2yf1*rr*m@-^1Cl>~4blp&Z#>R=^5WHF9+iQq)nt%jPR``9EBIc>;LZ;c zoRh@z@bj^>&1F&uV3Z^?=s-aYOfoElvQX(`2nK&4uQC91z-B9F#-7q|wW%CiQQoFQb+X>fD}w9@(-GNw$zE0cX>BfAv}kN> z41UmoCpnMR*n<^mH9#ec(kDw5U)A=?RCGRUmzPp9Z`Fd^6}L;w@C?Ax_w}2om~UQM z{Kkvhbc9v=O)nQxd)5D`Kf7vlvoFm7A8bI=1!54%XZUJ>s~NTav(X@zc~?P_br8`Y z;eXIl@_l)&ALODyDmzZcTVr!ptyx*`;$|SJNV{YcAH2|%**`0K4rO$A6=b(&Z9kv^ zBa7&9Mv8WZ^P$X7)_Ld$X)y$b>&tTIO#_nH4oL@IjNazUtSn4ifed=mNnm9lhp}MM zZDXd5E{LCrN3tyC+5gDRHm>X&DvcA2s+h*cgR0qmDnY6s!hT3>Wqv|=FlFPF1sdPw z7bUi$qqetKo8auyICbc)x*#KsDF48>DJ6~(j1uiNeAD{o4CW<-VDZPPsj1ep`Z{p{ zV`y`k>yuJ4x*0fQ$OEsY5qr*BYje&|($L+hsdR@hF4(}(CnQQ`U{UE-`AvgVZd1Bd zPlZy2s+5J^J~h1`4-*9$;K{lw@f<#KfGgeg@MhO|b(vNq%>(ZK9(xh+v(8!g~( z<+XqrwvHJJfCX!I;w7d}Fn6C`Y8$qG>5y`{jtTQEZsw(q${s2JRa@!DiteVAV`U-X*|I)fOR|h6x?C=Q z{P9PX=cCpdi$4N|hYlknd=opitZ<WX3-{p3C&8{yuah11>GB<^x`Ebz*Dj2YqxjQ%r z7-iQ|W5RJyW(2Oi9a1j$lpK><|E($VYY>*vz$&DED>K+pa;b-lU5=v382o&3(5>KB7ghtSNqu zXI^KxORs6SGShVAZg8tnv>1J>vIk{bAERFoV5>!YU(QUCK9p#Q&*R9gi!^J&#&cj= z@vfoVng|+NQ$(s0(|ysYg-yQD-g`JInihp*lHuCHdr_7B&~qa_9iOx-zE`ifWmv zwJf0H)yyehIa@BC8CmTRF2x^qC?|B$apju+stKq3@3E!yfq~$SQ(5W{4-fbE_wgi$ z48q1m#_w{u{Q2jfD3&%CG{Pwr^Acf11c!Jo%B$sm!>(xTk=x1`5wGjHgO%lt8G}ZU z$IqWXBT!&Ct|EI+TK!dxzmvUOQ>1a>Xr?mxGSgAI-vdq{; zl2{e=A2R~uE1o=*4z={e9Ayk@tZX)3C<(_l6^XEe{M4qxs>LK>rkW?8GECszZW@4A zOHb-tA$h0vf8jDq)DO(?CT2LkeftKz%El{owoewn<;8C>*}kkd6?nVD?V$vXTC5a` zG|Sc11C!ymv~<0YM}mIonXb-NWF`rz7HJkNL`|2&)fw`{lx?qdp9>*Y`M2pm(~sLf zf>vkl+Zq{ei~ii+-bM%+h1ImPdLetsMA3LrochOnMHGfWp0ku98dx$^)D+2%$m7$~ z6XfdYkEyjjJw5&N&p#1bqJ^F*^LWvUR4vddMi&Y4L%aYbN_8ipI@yt zGLYas2hOXCM=*Vd(sE0NSs6QX!Ju&CMYC<*^p1zm@=xWCq8Rk4`tl~)VmQxvbMk8! zV6NGl;>Hgw;f*U{QR% z5$CP*^5&d(*IPkFZ59)q}Cdc3#-iZp|6qC-HI&8)sq$caC>|EGM`2qo!M_z zrB`>kPA$S^Q@r)s{`R^Bl+kz#&VH?t<)zCV*n4+O2E&Z3p}!y!I>u^YZy$Y&Dz0)I zhL&R@;#(koOOKb|=v0KFmGFMQB!FWR60=-4Tlt3h`~5B`u+yP@V1^kp{2Lyc$ETePLbP3 zUA8pUp2ZZb(NI#RNzvn?#1(scjHd zfkHe+3kQPN(TRMBSJ%V}O`8lHZ>5vBx3^Sh9b?3P$)~5MK+@>So0}WNw(6{;nB1s* zMo)~AnJH)${{sF38K39*@bEzPG#gGKvf0Kb&>`lw;v;kEYNCAZTM;jWh4b6Im&Nm9 znjFg2eN9&^S1^(zn@fML`V6l2mJTq#Rj7s66-67DpVI;VJ2nJnYGcfb)?ijLyqcbP z5)t_!Z^5ZECE=WrOTjV+aLb&Sh@`|<=e&~u;_zFy3~zwv+U76+l{x+Wt`E#m-op&X z*RNmcE|0c3Xj-@R&7wixy`Vx#i5eT8ExDBOvS!f&bvxW~S88;12$T9<@pBtL)14VY zTz^tZwey*K`=9m;4rnSpHH5^WBnd7x3joIRY-gZ9=t_bzR0aZ52LKAobkPy8_NJ6A zd>%ldW!eXJ?tlOL-;We zxNX$D!0;O@2j8}I*MUSWO}0;lcQx@}IIcn#T9#}bIuox`HVR>?ykOAC+D>0h6Ta*Ycu52gY-1*=I5yHqgKK$+!57Ok$M z`gX%(4xm{sE7r0FZkPGk+w}8@F$!e}GKVo^yZfmcJjM|CIe71(D%Es}4A7E*gZK`< zlbUD0lr(I;_xt<%@J5_jSrp=o^uq;UBHgMfj#Dy-7FZ{$SPhjtIP&0R3|>(&<(_f6 zmi10Y7N9?}5U71Nwblqtp4y`acSS#`B0**tGXm-G^Ihg0YLQ{qm1e|!d~z*4e`PzH z$j^I@S~{Q5-E^K#nxy7N<_@Uc6n!faUP~Nu&D9mzEE(n-I;Vx1Ex9-wi7)%SUE`vi zTn>*0g~Qjy+pWt;@+-MH?oi4OGSYj$ySw}HZcd?_q|2bFk3ti!YrP-F4LcyOgr7@vy7TEoM{}Ee7Cc`W%I6=^0}1%RvN3_KVw*h*acEU>rIsO^fYY*3qyN*dmD{J^l)ft z2%E)5!b{c{9T^>q`c-3$DBn!NIO|vLu;?tgzrzebKJ~-H0}e3O{YM@L8H9>~luXSb z;AmZsTCW+&>KX7VG8k|pIMwO^I#jLISeG-pMT1z>iGEsBG_AI|kFujzUdqFbb;~#z z8S!zz^hHN^yZuOzvK^`!H6Ge&adUG+^44M+hbnnO5W>eyQ(*T)CmhiKLnU^R+?wa3 zm)xKi^+zbT=9qh#4@)UCBC%FkZd!qu_kP8?RIU3_N2VmNSYBG+OTzO6l{xBHXRNmT z${e*nVAJ9j7L&vM5K_1fpCSO7`~0NM-pz%JV(u;~nd_c2G}^>W94g?)I?7AaCI?KJ znZW|f->U@tEibs}12epf8UD?|LWd3=)qZvS%aZq9O3^-_Svo9qyh_uN?pe3#CCk$O zyUL=b2Z$$eGSkkn?KLR#ZeFJ3>R{a~C}~7RJ0#Er6R^VTSy0OeNh2e0xRYUzJ(yj%gF65MV6q=hws{u^NaxvoouZI(VF(=;EzPFRjnG4 zBb3IMFJD5vyv!#+$G70HqGJyjNIXwqml9=&#wANAkttZTXU(~TM;>2Yb0uJgjP|Vq z>xLDex%HT5(7*i^g?Y>&a)Y78qSP7CEWLtt7hM`37}TO>>ulIc#;>ow!oONN?2-E0 zA~rDV`tAOJI8>p3SiNRFJlL!$AC49X@zWG?+B4;jYndZ@VxM%G%~rXFu>U*P2WEH| zGaQePkB2t0dM#-2rXlnFGPdQ~InPhh)N3nmbUNM||H{Mm&#!jI@)@rq73NS{#+X+y zMK;fOuChy;^9J@&n@}|3XSl+0*L09nrQ!xPY)Y||91;@QC+H5UNs*ZK@bGZxP`umQ z+nOGl=;7_{?Z~{Di^{BVF5%714JprYefsn%JYGGMvBKLFo+q`&Q{9um;B@Fj80ilxe8u?*<*PTN?JMEg}~=E0VCcX!Xv&p0D-({kY$g9Bp- zREU7E{Jp4X=PupWNLJHKH;p3@QdtA1f$o|~q;=9_o z=i81Jr=%T9U0+@VX0o;0X@au$13M?d0VCsm?tD|S^N`c42zT?OdmHUzFKcGCW4)S6 zZN>Ak1FL3+6D~9^zM`(c?Ya%nfE<% zZ4p*;B&Z5vM!G%WIT(Y`Cy0|F1ULvxP_l4W&7j-u?QPH}@}mR2QNW_=s1}eA`A-&9 z*sRUFRO%cH^L#Z0q09-pL{PvJJ+-h?5D+Hx+8TO}TvRcSe1&ouO8MkTGZ4Wg!CVFTH||ohf0maKFvFFOeW?xiahUnvSuh&sB>PKS|3wSNs>QI@`YT zff@4ijv4+fG}^Q$e_6P=iAC3#)fV|LvuG{y>5Dra=kl=C8G3VBW0l#|`6mnYmp(&B z&oS{b<6@@AW{Ds2_GJ|KoEE*wgyGNVSrMwFf~Ij|F+J)b{+jy+uiaaXE+MrKhwKFSB;?iKPGsX!29Kv&+XMjZ}1;PTD>b!in;|DGRZSWPo z9LBP+`l7)RY}|M@Z#@(3M*^m<+#~wAAh5PM@cGvsAnKFBFlO?e@n5Fn)Uks`%<;pR z#F3tcz%)dw+q{UZb1~APpk9$C4eq++8O(NrAv?$dY7~$+#<;t?J5_qr{$S4|Q&UwG zzy#biK1z?NS>}3IeTy9$8PNs=7+39YTvEFZr5P!W&t6j^ricmWulBK7bM4b+E-wi$io^`6K?{r-gd6e+ zl`ZUA^Fj+>=He?ngW7_JknpPHlARh&?g5W$k#G|h=XQ}wHP@Cz$4oW__d?4=STOo< zX7)F&vDOd&O_&x^yirU??h3?M@@l+9CHIl>RXD3kDREv()p@{?2sPxCGSnlAbf|orqR6)r-(JK`^!>Nk(s=2hWTWgq)7KeU40`5`XEdAZ+bm$@Uq<(hVKm;Aaq7bD#j`%+-S zT68CiAL9<%by2x-En;5fI$C%DOl(yd4fgbbIRg(NHTAez1)dDlSi|7GUI0X$vFU5` z`&(Wfe)+%*Z(@ey+qZA~2zSBrW!8U9BP`^&O8Tq6s0?gKSvm|Y zkX!d~Q3{q)9;2>ZS3IK4TePgOY(L^61v~zA9q?t^${g0Adp54i#FyMF(Ntyhl85DW z#dIKG^sppW>%GSYtH4!ZabI3usA9?{yC~P$dw+g@jy>>^fE8I;t+gnaeq;g}_OB>R z6HR^k^eGG;CdLIKJ!MzX)7X@R)3L@QfEL^8$KIXj3Puvwh zjrRtJhqsmEL}L`O>OjvjuAx+G^uS^psM*Wws+PQO*x;)V_zp<=wHEvn#_qQVQ=M~8 zH&Q^$V_T7rtZlozy={Jl{TXh$Klax1q9vk-Za=lPIi9q>rNh*Vf6<8o!68RjfNCSNS7(gqv8eRqC;ziSbM56nT&d@CC%UNvn-@0G{1nA$9raDlOr}gi@|L)pF6+5lWm!YXy69m`_XfhJS)LH{z zg(VB;RzxJ7U-jwJCxBYf(t(1UJxg2yIEW1u1&oGDx(A31?-YTFrW0~%!lsMP9|ZJJ z+k#P#`GnW1x(rNo%;1^(&tG0%;=rOv1sl3}Z%B)ItBa1|i;5oj0$aw-d%77)s*yA6&{n0m!D(R& z?Uswr;fnA9J~7?qXCDk@p=0js{y}T?%)W>CKoe5dn)X2Kc63*9L&d|YTqAqM5MOl$ zH1Gpoz2?5!uN{Zc_=2wZ7LegrEVdAO@++@iUKO2mll)ByZlv=?~0+-x#C0Jyd77`@;hC1Lr6Be^#e2LI=+7WdR0>_ zui-PAVqb_a^zy)(yzcLktX!MIomhSgl(LRqIzxjP+A^yWT4N=8D4oq?(xuvz9zL>+{*h@P+Q zj%@P#^7chnSoyRp@c{MAy|iOdf`1nNj1m|~S&XixbB@VcV28WcX5Z?mOs`$!-%x;c zvq?is;qoTBdQI!{?XF>PFd*i;4qw`T<62gg%LilbBCo&4>zOSZ-sNI_6+cH<2>3R6 zwt&S;p}unM;Gi;F-$SWa)=P^K^(>EHFz~^@Y~})66j{*lQBegHe^^M%nQ8Ul z4}20Bu(;w^-@ku9bN6DPEA%5<{7{Y~JrMNSVt|SaU{Mn|5hEyuBQA__yDdo$TFYyzI5PfEtV|HCM6`Lrto1td-hVBK~qmtQTznM@l zdP%*{K$^}~G>`cXY=)O8!lQK3Mg>leej@&$fB+h;Pr_xiSVlrjz%Bkf{9ncl{|B}uea4jl ROK$)G002ovPDHLkV1mbL_tF3W literal 890720 zcmeFabyOWqy6C-ecL^Tc-CZ{>!QEj)a1ZY8F2OChLjr_g!6kTt1b6qK0luAg=FBj2 z=A7L7t@~$sE!Yp$k5vEasp{(LZg!-yk~9h;0U`hZK#`RJssaE|qyPZo89XewBt0sI z4g7)ND5K*703c!g`hfssX5#?>ybMTTz)*!oe9t%EiphWX8(P zL(0R)%*MsT!^y))%FfEh#lp(L!okYK&cV;g%FoG8`uB}o7!fQ9I-6VYs{*C|9uEAM z5cz9YS4Vyp7I$}dW_J!|2WLwbHa99h_ySy}#*k-6DF zY#iO3ZU3s8xfu({7GwvqcXa{VvHeFo$JY+74lb`9{)dqN*!@2S2Dgc#;y+^l$NJjY z{m0NQu99!S2>y=rKU%t|dpd$xR6#BdZq8;P$v5Cbq4-Zn?`mc7&&K%|Prvs3k97xm zSp5%XzxMpi?5|Y#TMG$-kCk7-8D!$>;H>W8U@QE$EK~k3grpJ@e`OUZt)hvUmHjWS zbb>7ZZuHL<|EE6?(8Lua49-YiCRQFMHXe00K7MdgvU4%9a`UsYK6COn&42Tu=wNPT z;rX9@aPqUUKKJoV^WS}ddyu(_tI7Y7m*=|A{Fs~ZTR1q|nYapD*_l{^SRCyw1zG-C z_)PO3dBrc`VC&!vt`a7zjXb~ z{J*(=r8B)>HMnw|80o>;O4)DlCg3DXQ=11%mwG~U!$2C$mw58|7(Y>)nB8M zqlvQ%=vSW;BLA;W_m5%hAEVSSo4@)lzlqte@l4q4SC;^p3$px6=|8LW56i!sS^fWQ zz`yx_X8u3NaDNT5|KB>)-(3Br^*=jtajKa6PB-Tlo*J-y(Xh@CVm(8o!nQ;QB41=L&ytJ*V+o`46t&B6_ay z2iJ2Nzm@;s`Yod83V(1tr}10)53b)Ldam#X*K-=bmH*)SEu!ZNe{emg@mu*1uHPbh zuJ8xfa~i*u|KR#9qUQ>Ka6PB-Tlo*J-y(Xh@CVm(8o!nQ;QB41=L&ytJ*V+o`46t& zB6_ay2iJ2Nzm@;s`Yod83V(1tr}10)53b)Ldam#X*K-=bmH$^UOK zzpnNQB-VL7+!{(vxnZm-%8m+X_lHsliijvHrqr3C@hI8h_~sj!;)M;9OupV;wRu3H zdO-vr%{bqo(aWnk*RnTF(((>M$2idYacjAThBjl=KgiMufVaELilB|L?u8^ToTN%S z3lX#6tYfxZxP}osNnLwc#$M*ii&V9Gt3_;V?lvLq`?{)*f7R8gGL(DnvLKKwSgGl24l^8E_^36oh zrTkNvs(O|PC|nDgH3B{W9RpwftKixU27hY*+qnBjQMk5EnyQKc2Lh1_KS<$yKum0l z8KDoJDsCGYeD+@v$%j`|=oiFdd_)MD!ryp2VvsSfQZ7_!QCF<|8 zbjZmeNrAvkQS%Elub%YG?TumSiLOeOS8NksjK~WWdLKZlb4q-*9;hlE)OSAjr42pF#qK(0-VNTaWOT_XbC6&;5mVDD;WaIiXDdMj0)3Y{1OTtHM~ocbGxqj?yFmRBCJ^lQowt-~3JZn` zRX`9mHoCTFG(h}EWK~ZDJ(lHI@UW$|mNv97*bR82hp|<^r+jxQAr-R=YaYV$DGo(f zcUA1GVMIidLtYs=gDD0EhDyW(2suG~WsNEon;IZ)PI@zOb~t6{0!ab{mP1IX$AG>m zO{7qW133vqfu&5;=;DBo!Pzc;o*X>(Irgb8X*=CD*q4jRw$-nvr@wJ)*JA~6Bt5-> z;jRXdUED;ciY(nwBt2oAe2$9qD zh=T!}C^S?Sh_Av$g#P`Ed7(=h5}?BxKsr3=pSXwLaM%ih&c6)QE5y9fhh~Kj zh?$VWLrfm_u+!e}btJzajvxYvX9P>53aS(UsO3u2gbyjQps3A4b|+CV6E)Faha1hu zhDkbZRWtGjh<}0)P*>`0I zRr1T@o7CeiS&k0D&OFyA6oD`cD0S;59cCkj^6ID*fBd6y3=9C>3Uxh-SxR7xYJk{E z>D+?#aQx_tK-_9uMXf7hOI)waf+=C99G|U7gvMe2$rT!M_O*Pn_x?CjLpfdW5DEJZ zxQHgCQBbd?u>rf=uQG2dkvR&KgJRAJ*NlPNtWJqmOs*qF-w5L>4r)h#zN@R3gN(mf zDea>H6zV{P(G^q;ON&ERU6YjZP7hfMALyM!%TNo+soG(1NwiCmtcU``SS<_#H;pBz z9UX@{Kv+0SWXj}Oxnqp}7?A2$P>>q~8au}m`#Ml;h{V%!TzS=0$qs}OHuCcZ!nr=BnAksG~VrvN@ zHD1#YyIQRHcX$Hz2DWe~6(yHFv>PD1dxte0&v$_x)ZwQp9`}k29 zQD*{_-u*y(%k#rKgzei1N@A}uBq<_K<8~Ow(oS-(=8_d9d11RaFvNT<1qke?7kBSd z)o7Jp-ce^N&jH9FiYaH}?bu?=AZ8HJlQ(|`_0_mf(yU5$cJ7kHeso}s`Ua;n+r0Zw z027lyOi51%Z?bv}kH6m|1t{i(&x{ZaXD(7wmz`%^=mMoO7Z9#a#Io;IVSM;LsWBn5 z2p+Lhw6rXQOp3D5AYVfB#u(&PtVDp)aTCuT^f#uz7>P_ftVYP$qmnz|y;b!OBSM_C zBsW8bRE_j2vwnpENviV-`*jZ{#tp6Ve7g6T3Qfvnx|U5a;SeGR2@=xDy5-(gczUtHzMHh7bt{b%Hj0$h`d_a{nS=Yy$QT0T=Vdk-ja# z1nXYNR|m#|lk`ugcu$7_@;1L=Dan-%#4i^kHI7)3Xk91-tMhq zN^-I?8yIJK-jaZ9*sn|~P@T8!Q@gQKu^P-f$0H7f^yPH$jg5pjpT+XaxUD_IQv^EP0jiSB)UCKp~xs5$nf|Ap+yxa#eDhMb@0B>P_oVTj3@L( zRT7<19+NAP8srzB5{A(pDZeQshmmq=HU=zC9%g8=5A*@EFidHDvzV^Yf_KA$BLMIi zDi)UCkc4H*_cu<;S_U-IvBiE;0C33R=&wbnM0WsDf&oGH!r=DEI5hroE?lOo@%~#A zstpAjdO9a=+|O-kINb3}f$djt^(|P&D!ffWnNd zi3iC6h=_)Hg|n~RQ3=!S4H3WIi--zq=lOqCS|9iC>36uoqXE8^lx-n$^25Ras00f7 z@-P-$%Y=@5aKja&Z|Rc-exh_K<_qm13D!{9QzR8#(ap z{=Ij8XgeK*R=^hfiam$}> zcnx$&;tkzZ_x4v!tuKT?#XNc<70R~`cNrI8`a*<>e=Tiw?HfOk_6px?CwKIt$PxSX zva$dq84w4SR4_0qk~QuML3rs6v_Q8b?>+)fv^~trg&hiGMMc%PHM6yj!w;DFC?rFj zwy4T8G==suqp0GTnP%BNL;(CESq;p9wQHRvfTVS8L$N)_eQav{>xA5DwN}`+L6^(h zjjKS6+#lnadIi&(z4*xw_z=tOea^dVsoqnl_3{ft0*bO%iH^-)J}EKR9>w%B@9~7h zc}Rh&CB>^fntmm;9mTM5N+~XHPBq+&o$+8|^j1KMk}NM#KP#2xiNlg8 z(2eH!oR3kzN9o&P$__l9kIf|wp4z4*Qq7^|9ZJ;7%{lT22F%H8YRdV~=$;XnOSFr^1lyxM-_>Gf{oV6P4yr&?X}z z**iKytk*_xyX3jm9Oo#c2zJgy<9lmAtk zHbsi&lP69cV>-h4e%A{owRs28-H_JB4`Lz1FlK3!=at|0Xub2&4k>-OoJ7uFxy;3U zdCJ$7a=NV@d4$m@Ku*f4BL2>R2BgQ0(m()+uc=xPTuxxNgayRYq8D}|+kTSr=6)#& zq+rdx=$If0Qg_UY>IJA!_&0_j^{qKfQGTz0n#<23`^LgTFL5DW2#}ix43^E$H}R*8 zI07n1{7$hQE*rfcve8jULwvXjX9V&fsvlv~xEUvhJQg!x>G{FYj-OP%k+~r8U;Y_iqe|Tr z7u`Mev9s}<#wlWUBDQvUdbzAr-r_cs)q6QDaIDEiDF%DWDrBY1&u|CXJ0QQNQcMb_|+_7|G%vP}2@aNuS{3TGqG;hK&mLX5T;QlFU z>;T9(OhlfqX$w{csB>K%M{mlmE@G+U()n~!cJCwruz zI>7*uP#8l-_$CTdL$G4?t1($uPaReSC9!GcH)#p!h?GhS$9`cPKVu8*YdQ=Sd;ql> zM;!4Zkxe4h`-g~PC{ZPWAEvZl`Ho656T!p`4ZakR`v`Y2VN!n4pzoiK@rAJUqzzW~kx{Ed zGa1Okm*ceM!u5WCX7Cax64Ev7zUv(vX#t{j2!`Vd+iW|6{O1+FsT>Kz!)dZcMd=R@ z`RoXDPu#$Gh*G^c#9bp@=?&uTvT1*uJM*%Y;Dfi1%_N=>)q~^&7%t4o?%iahT`qRU zJg%ZLx1>@B=bwJK-AdGDgU)|K>$#*-6?G3p#FHstXie_95ZHs_6dayhSLl$mw1E~7 z$c6iWw=HDKvT_pP5AEM~-FZ#BQ+wW;QAl-O&y(qDOuD>zYp7vjDSPN6LR1-`bntbl zYrY}{=V&GE2^M%YraY*0M^9MJ*TKcv{k@Bj_T)9NcV%Q1AccP$10{oI= za~P{jBIflS?*Y@DMb;p-Nbri>;q(BGlf3dWRp|--6f%DG9Fok0F9f)qa0Z~16Jw7i z4BnnnR5mAU^A$fbM{(huoeJmC;r2V>tEZQz(~fV!smeafC1QkBKJDtNP4rjU7@^K1&RC+IylhV>_38K0TD}{u?Gzu(2;W9u z%R9~X*e7n@?G*V8$^PxB%79B<>ry;-O*>ea&v{Tp`KTzvj*;T7_>5%Na&$>8ghOVi zt9bcAJChKde@`9S6&s<^O4iU1z*wWtm&)TpyGf1%REM+Z^c7oUFDi8>pUs}3o~J6D zu_15+5WIg}xX)+!cH0`Rw1XYT#V)%?RirzQEe^u4?xK!ShlgpPMgxI5DP%m$NP=m< z8^RAx<}>UjWh0rplD1GjCLWQ=F^TBk1)y4*Y2?bHx{bU_XqR)YspV$@zDFyD3PJuE zcIqw_gj><1YX@MDf+cNMi{LFqqgpVIsqfWVR_Y-`#_MFdaH^cjC+(3g4r_plXdn~? zGxBn`3kNn$VOLuwYalS>9Uo~1ZKB>=?tI=w9-v2zpv-w?zRP1*U=4*1`7)EoTRb4K zO*LvYx~;0lOH|n-rbz-{z=1CtHmNIYK0kv|+if=f%JBWH;a!RYn(oEENffYaE7G4h5&VK?4>c0u=uUNP%k7`>0h z$4Z~c$Jr6R{)h9^LW!pHOU0R?u6%LL)V7{!2q*~fF|Z9nN=R?Pp6+Rqlzvoi_4YdL z?V@-EV?O)#*n6%xE;r+T(~R{l zy!gt_P|ZgO*C4qR{U>jUCWX3}R?Ad#b#beF$B343k{Eul^Qw@f(87>i(wK%od&-xm zi9p#Kx^VKYNFgJVe1&9wV-*w4)*%7|sw@QX|E%it37;sJ>#y}8gE(c2I~kzke$WP(`p4DB2`+~*!)h_WD%1uK>kEtCs@MPn98iE1}UbkND;z6TTk*#1+77 z)5GLpadn&y>JpNNgj>K2Us%$M1?@3I)kg2fm@Gn;@YZ$o*T3&}T<7iKQ{&2JU2bQp z2RmS!Iza2WFN^Vsh$g?!>Q$13vt7+R>Le~$bGJzff7(TyWbR5sCEiS{rcWzH%P|1Z z@Q}&?dXXW@AOUCe;?sZ#c)VH%R4Ey4YzzqWWa0@iAO5;dl*J}m$J^|#qiD!BJxFOU z9-_~HCE?3;E z{hlfWA8_e|1UvFWD7O*l1rcFwWH~6!L;#LhE)1yWAuy}@xy1B#qGuzUJ4j6`tUH{x zw;PKs$G|eR^09NTpF%6DV~uo&gZX_(Z?!z6(cH@Cchda4i*(HwgZPg7EulvGHfwJy z_qFwkH2XcF@II2UWfjAT_3z0i(ZHWUkyePw-hnBa2=kyL7+eRfCPGgSW zum_^Q%{VTngvO%4GF%`C4W)l8Rg2IfBc&XLm7{Y>_DbB)#RAa11kf4a8`9jA5rA^l z0zbc0$8FwqjgrYlbt9mW>lHaV$a2r&yeOv%G*Ar8d%3szgzDxvo+N4s{j-IN%&AWw zu9+ELzh&w(OHKLOrEHkSH`)`uC5^6KsTOP{bMfyi*f!(&8E}Rv(DOg@BVZdPn{9bW z4FRgDgy>XD)ppof8y{QcEf8Pa04~!ZkX3_J>g&|E=(q1II@TtRR@Ko0>H>sd0QY*3 z>0c0jt`wlwWStnx#vCJ@m%#S8Xnj4s)WB8BsbkF*$2Q+fhF4q>Nii$blfFF4+^qN3 zm6g8LC$1cYdd!`T)q3Klw7j7Z;~`CjB<)}e&PJifN&PX5Bz!R(bg6dAIdJY8 z)eM2PT7dY5wz%Sjg@%$Pc0s-zT34CH+o?bw?NI&zCr~|IAYuHQ(;NvqpC?DS_@*Hz zr~p_vrL4NsAaDY^^?&aFxR5nk_JEU9s#X>3@c2j-P&h2rg4yAX)8JDnxSc_<&Lm;B z6XN02$t}V$0M)OWzTr050|?md?5vo)Vp4V*Twf-+tmgPL1{+Hl)g9 z*I2PT$-d0b8%IJTk(q8qX#wqG`8HuDq}8w@;zK)x#o4CQpI_awxgln7QY}mCMx9Tl zRVMPpe5)v-&BrmgCF7X-C-(SSTJ?qb0|Al(c+$|K!-&G{C=c0UDGP4&4`)j~#D`XhQG;l!(>)`YMnZGl2J)DlpK9WwH60ZQ z5(&u>Q%|N&mSgT@V;pI&YV45nn)4p8`DD}b(29Rp0G+EzDS4D70mZ9|TvOlDY*YYF zpBt*kK)L>TXq|%b6ZYE*m+iKl2fM>i=+FgXz10Q&w-!LNiDKXV~LUSK=p z$Vv-fYK^-GE(9O!dz|Sa*|2l7DLA(zHXH7R`D@$9~K7 zNB1)$qgh7I%1CCeOidG`3L~ReZXfen@Pkcb;6$YF8t4MtzpnJl4OiGyKu;Y{*oQ=y z4D(||imcp$5&me2-^_y8Bx7r)rU%)UM)hcCM0l@<=`g3=v%o(tiR!xC1WQtf-69912}1lErcZ zUtzoD9>uZxg2TBHXANF!p@kinE?xyyTlsxc6%SsygD~akLl3c!<2Cyg*11gS1z_|8 z%%fRnS8iIDcRca5W(5xmoXE|UCeSCIfGe)S?-JKIkcOtWe8&|CUz{qe0aw{EK7=VL z?nzk$Cz`D#u7TJcwFQ8)O`{~_M1?=Q7jSPm_v{Om!oTN4wLp)rbficU>aAGt<^E|- zF>Io~rA+Onq^G)W1NZ%A^%!@Xc2f=k{kD4z)#AJSO|;oSy;}?&i&)|{MBugW)~v}{ zB~gh>fMm%Jh7kyjY^OIOgv9I_mSxT=zT)dr3CO<8QvMj!V(-7N4?ExwpR)G{7`A(l zd1}$JFC%03J4QI}%yHyZ6=C zph!)8*@K88isMWdPs+U>eWcg@Nvt+buA8JjHit9wnOWC_X-n@<1uo-O+ zE+IRu;t5>$PbpAI76tl27;CJ&&=U@9q13m-46+8{P$vC`w_F*}WHbWTDf{^|_F z6})aLWE|oAT~C5j-JK^kCLIzDC0}9_F?pC=PtU>wSLSBA%u4aB8QZc`g{0+o?AWNf zvdl!1z@S4dCB?py=9>WX-c#~X2%#&7EviG3(kiv6=jQiH4bx42v|k^xcsrMX_RwLP zGx`M$cMIbJ>n%0rX8r*rw`YxK3I^X|;>|vV-OrszZd9zB2_+^3eHZoBWN$r>krMu~ zY;)mvebRFuZuy1x97M|lq;5r(jh)i*RwfNnR`j?=Hlx(aCAOt)Pn08Lpb3-kmthqe zPEm&NpxlFCLve^b;GaJGt%rU6;UFycfvpw!Nz7j|$gjfcXVAB$$9A^0w5aYI|HqU+)Iz8Gd93$Lh+H3?Dx%{e zo~@-3T5=8Th<{I_-P3KT4kewpp3Enk?wKUa^p~kO=M;8=bCfi^4!YQw=_Gr`200sA zvuw7+MJ_E>cjJ}ua9(Dd6^A;fXr;^=v?y4{2(v{I%VcB6SD3e(^f!05nR4gst{1f< zn#ScxfMR&{ZLiYf4V1hJEgf#PWnV#{q0Lg;13bUyq-3J(dg?Waq!ClUPAR1^{KqYYe=peUCZP=5|wTa^FM=(=WIYh1DKz(6a&9FKS-IvD;5=5074Z-_K zG$Z-|gAO>)IP*>3gI#w~Dsw-s{7;WcHKECzJY1JGk_FCU0CQ+;5w%8q4Xux=TN&>l zGbCi6`fRZuQ2o$xyb+VM#$yW62+j!(j!U{;pf)-61OeXpV#`Y}VE&qt$!;LOGSDdX z*u-W(`UIhmO~EjQ*%L+bJqqk$SJ#5{gA< zLf&gS6DFPGl2?vqWgFM3<0_s&O)aJ7VxEKav^!?BoPi*eTsn7Q>g~Ij- zX6f^QLpN9`>mDIv4AGBQv(u71;wcCd${9wzP!=ON&PsAR+2fh)*p+Aty^geoHJ+ro zew4u$A(;l=s)1YF%%1k#80#%m)z({!0e-6#FP2rZ8&14ZnV^Snu{7RMjs1McCA`E+ zzj_b-X!0t#E4<(`nS$8ohcX<~zPQ8UW65n+kAw`vAuVuoT!3oW9#~Lf ze*Cu4SOUq3QWle2g$20e!~2v=RMj`{iXB=5T@1Y8Q0f#D;ynDp1?67N8;AzJJmaIc zduoJeM>WZwPMR5??rNrA^eRh0`HI?E?jnx~x#3Qc1bSp5JL`L3TKu4$O+~cRwNKEq z%|B2y!1p1Bt*Vxz>U}^eSDY29f^*oAZZm0cA0UqTw2r=zrPG(o4UU(c`d7!w(ZVsnD)d;g`ibn)UZjd!VNhn8>`*H+2~GFS9EYuqqwQ!I&MSl(n9cQi8yrOGu;|!3mVU;=djvp>rN=krqP8 z19wsJtCNlJwoM1p%CrlNSy~!|R$2;CB*I1`UX7XSpbN37SciIwv-iPFf-{({l$dcY zVH^GUxhk6I6LOvPHRSshQG|0R$Hk=Y(gwTc>fE-?AN$(C(qU z+oS3B+|8}X2}3)?8+oVTp!v9W9KHcd7MzU^*i9JW-3JuUYK07unZ!^{WTWJf?N!Ad zqEIAdF0Z|nm^*rRf!nLM6(!v=DYnDlhgxwuOHu$^lyyOd1cm3fxqnp99`_*v0MHC^ zKBjbz(IC8HB$J~jrcZqru(ZMi3ortoY%6Z#zAd7`8Y|{($TINeey9j*q`}vm<=xL# zG53zQH;~y0T5P8TpY`kn-(;Fe(t0Jo-5lu%oIa|fsb){*9BM}n$M-W!X15OBUzQb| zUSSG*Ws?is+08^6FlA28d@of~(#)0Qog3+fP{h3$1g6VqC#n&^@4 z$Lm_hnS_5-xHM2_%8NZY>CNyvx0b_97D8p%@mSACE$=79w;JSS_Zh<`IUteF-dBfl zAwA;(FQSO#*lj#g`R(?t2XBA`QgrlwqyI14#G2 zi2xBO!oz9u30k)Xoz5Tm$FzWuF$8q3G31PE-u4^P;RPxM;10=p)qKTB3<_ni4Fbn%QkD4hCy;M|$s zV4q=UG~mU(-0&EV3AG%Xar_C*V?mrO$lzd5-$v&|E3tDM2mOXSrm;z{4Va^vAYA*4?vCFJ7zV=6Kt9NbTuoeOgAze>h!(D{b`bfs7 z63WYB@id$trOGV)IChIzwJl-gGDRk)PZFuEC?F_egLf>D!Y|zGFEzm!T*spFKUh#lEH3q0s)*0%vM7G3;{3Q*VE!m^cE@+DtZK7 ze7(k!=@kTJ)KFtC&C-KN8WL|LjBp0)@wcMy)vYp6%R}lgqn8hfGkb%GEyF1@`|nB; zT09Ga1=zR!SYb!CiC$@UpZ(+luS_MGX$(`wR{?rXbo}x^_hOy3WnzAbp-M=9*ZV3C zUeM`X7lNh+e~~DDz~#Ntyo1|=tKr*1-t(Fy9A@L->;%7XXZ&oes^kG8$U=9*BwSHR zB(zfWAJ9M^(pIbYVkhyugM78qKg+O498wvuQtG04V7~KRB$v6pB=?AwWw-3T6sDBj zRhC}g_Y5q`K~7Z!5Q+4k9fFq}Y*Irv`k7|59}jY{l_{$mu-$8mnI8~V$NEsyaCR#R zars-khdvh#FsY*lLD#gq`@{LJ92BPted3fYw|5DM>|SCK=YJ=?jZVL9H)Tc?ggGzf zQvfKom7}cpQb%c+3$-+A;=^;q~PJ{;*5rjiMQBk^!&k7kf+tZt*P+>l_!l zYP=WhK8KO%I5CA>PU80iX!Ao2cwID$r2FIAvG_wT&eDud=~1TnZM1*FA8&JpaLI?-sG->}Catx?u-m8cn&F=ePJ4L{|g1tpkim~mRxY)ufmK(^R+B=7%pitRhi z$|Cf*qDMN|7vwk@$#pM=bX;kpWM!G5i*Fz4`VtMP*RR0PrW-3v3GDGvvGR|tNJy=F z72z^Ebj;$MjcX87O#T1}0bP)32L^FA>2T#M)vi+eLZP|lO%p(I&|3mIwPz6prRGH| z@@f~9CQ7C{K!KHNM6C{1tUs4OI0=H@g(5I~l2gxokDtnl$FkH;$y!>6AulcW^Yw>V z%bE%eTalgF@ZRzA8ZT}6v^vYL-s$qRM~cO>PKQAW?1TO2H!=q_amMHTp~mlEG@?{$ z>4hUh#$5~oaqA%jONmP^&+#+{Vrlun%eC*NVUjLCZ6NbnEq?yq%;`9!z{EZ&_%xNe zm7vpk+YD-sG)^-G__^*?bv2~Co>*4-7-r>6JFLxA8=;Q@fqKlV-KbC=v*lK@x&qxw z=_!LmtDB3SpYto2yo)BoTnpVFx|onKcN8>aOTN67ClEDwj5`poe}R4^tY_T16Vj{G zStm?JP1J&?Z&}6Lnd4c}{iASuak_f#=k$7YY%u5rS#Aauf?JJ2C z0w0fq3K|XCtLyTQ(q6jQkh8?GaH7^RZruahY=WK|#3;x9mR(L8M78r1U7-w2Gaj5L8?F^f6w_bgMAZO_GK`4E_0x7A zn;CmhjVQl;!;iyn?81rolK7#w#$o{HBd%u7xCpcj9=bl?Y`>Ty?^;7EcYu^Ezqyt} zEfvZ%y>6#>)(H%k^;Z_@MKd0hVFX#7!e+hV{?UhYXzjAN;>qL2a6fLH(qi5DkhsAW zlvhY3Q61kdPt5H*^fTse`Qicz4G*e7u8}p7_rQ;H%*pcGd@~(J-20;2;>+P}FV6 zz=`D9nHlLVF)jLpn|vseE?w%Nbu445FBvoCYk^k&e2cNvHTAu0<_XYeE-YYYo0wmw zCpH`-TG-+%9`q9{`A9ue4`m1dDJF#_YTJ4*nrnqo4L0tW5gZ-Iu{p1dY;c|tmPqxJUMFKkaQ23Mg zuMAC}80_6oY|KK86t$6Szw?G!))EB79}BR*m_#+G1R)64Q95mi6E-utI<8>WdAA1l z*hRuXaAKuaq|VJI;aPSOa&w>VMqZj(0=Rkba+^QI5txBjxj>7Z$naEmGI%7wZQl>?w*Z$#zh0&p z^_t8e3K{-2owHSm+M=@ki;5ef>-MdWp{FlxbOOV#&6yDah~UKz@f&j{*iWtoC@hA0 zJ?2WWhao8~zAEc9jduDxE8RkhfzrB=^7v@;xcuOW=Fw_KJ+2?9DsTw7UOSu3){gb( z=LG@+q@x|>zBjf20Y2BN#0&q+@A{trBw1;~-!1;C=Ih|CiyVC9&hI8d)*+~u6ACZKT!!+3u- z_4uB~md#rJ(uWaowGvME*Fr?SrOs=Saa;M-3eUhDCV3E#0E0C+-PH%;DC`#7%xiku zJE_=KFfu;0NWZ_krc-g!C7gAlK0l}Z7?nNLO!4v6UFZO|$5E4U-!eDrP5|QIi)}Gw zyWY&M?I9!bo`AT~eB`%@tHDKC=Ho7&{)vJS6;MX~xyTx@FI5iK44S>6oN;-f3>!X# z(Nyhj^XwK&>tg0DeD9TZ=Q&eGUF|8+d%-{V6*~%ZpsneB_t~8yN|A|^G^BU>#?b}q zJVNq&&T)#U?Zn1`5F-y8{oL&(fgvFhMS;Zu5*NN3I{khk9ty+9opv-{K=c(6M1pGe zXIB4GTBeKk_kGFyy{(AaDk$Gj5bF_n%nP5Uh3u}u&vrU(CkcQIggLfXQk%UcHXjo) zAM)BEVmZLK(0<*$s;bya?S5d2e05^C-iXFx_93VC6K7~IaWo`S)I-5eb76;jzt`VIX`&VaG>_ zQiNH7;Hb57VRrD%iTT@aN1`LdK^kVrFRGfrvlbLA!DAE! z=gbosp9f>4yp@%yG+UDJD@J+7=uL0hs9ZL)HKToGH0G=w0Q@|RzY|ePu`~V){gA$` zO53>IeKljsF7!Ze{#+8}W?|X3rph{vm|L!lSnxMYog}N|xoHipPkm`by}U+nB7sHu zNw9Z586;Z5BbY+7?a(B6nWfNRoX3(FzdMW8dzNcY?!`smIgKJS|H>moC#UMdzjFdo zxG-C_aigYf4Mwonrf$PaF%_18Nm$?1FaGA0u;bECx_L@rItFDmrjqN8fPONgc{pjyUSCBI>vO><=S&w+@~JEqQ^ z<#lhVwB7?>%{+p}+20U43b201*oDW>;LHVujBA6|M6NS;IA!Q2v6trGst*g;4JPnh zm+SKfOUoF}_{@-KZy8L@p3Dd9k&&44R3;smD9!Izqz+O6RGkp_gUM9Oq&u+!KM`-P zMQPotx0083>KaoFT}SCh!;pEiIU5uh8SQv1R1kdo`eW!}67@7OJk9C85a0e*91h)B z_f9LDbF99#`!vDCL>sd!@qKtdaGE`8Yj))4AN*khagQDic;|F=j zyp_(FlB$~Q7Psi$az0L{D)QFrK$#|7C;wO2u!s*M-Y?#FI-l7&ALFoJ)}-)}nTS}4 z!K(-sqF1qUeV#$UGP4Cv7z#I12EVS6Kq#(l;PN475DFv4n>h`yw6#}p?#6RG>QMwltzr);>?feOSZP_C#;AR$&Bpl{H zpj~2D2xKYMW9TGOcyeUSxuTShC{ViH0`O=0N<)%rsLkVGBXgLtU5wuj5@-=>P&W-y z?(kx#NN=Y85UdGpU!{m$y&!L`ypCyi!fh2_LMt@`Swpnca5PK4e#3Szu4 zk-CO4<(<6?&(Gq);I+W%49@{>+K3oeeLtP>zJbJq zXdkN`5%u^qCYUOxorflA|DJ^x9uaM#AON;A&Z`6YCiiJY4Z&=#CV767*Cr3O^TheB zz3)#ELYxgEdx}D%JinEyJxRFgCf?i*IioUVX~-46xqY5aj!0^b#l!wd9R}V3Jj>UJ zF56>((aY|V(KS1hM|?tl+XydBOd$eo6Zu|&47w*2*@iO#G}(3HkMLA)NN@3$9wZju z1i;<6!{4^&3X@^xbWxrDh=;rjLH?2$dFhpQN<0mJQ#%ODN#JLI;q3g)3rBJh2(TwIi9`aufIcJeG{pA zC9`@@)!HF7r)(<58ZqdMR9H#ynU-(;LvWV6X%-JQ?Sg1*E>uzpp${9ZQf*O7M?d&v zcsD}}<@iM(t_}B#tHK!u)@@edGUpci&x=`fN7wxdG=Pqs6!97 zfwPu>Ui{kkcyb8vnzMF)wINQ*91r~`0kf!$MV!01-S{Rdd;J973GV6M>RNXfV=1dA zN7gEmx9j>-7aUbDgT4t5hN)v5p+KX~R zz-z?S9$?ptuCnodnSc-uVI!RP+~0!U#;?9?Kv_~c zb2A1Y!z@ace37w!CE-?XC_;5SyCuld(8VcTUkvxM&p<_s@OAI)*y>7A^~_6wFC5ik zGyLEQq~l3a>x-Y?`+2FY1zG1sDkqJwF_DNHw?`pttz)E41H5m|E51*(c!5%gf%qyB zC5TG=>9^brms#;I=hWU|K||zBLX+xb(^CyoK!*S|Mz>+&g_blK{2pfPobip3JwUI5 zW_*n9cxeMJfUekO7%Fk8lBaB=ldln1m*1hHHjQ$=R?9Z=ZO@9R-Fht!enf9uY>@zp zn_G(Q+NQ-zbw=}5(i2;zuN3Uv%oD6EtThHPoZ}GjZkZ3p8j`p=_(3M+gYj^LqxZYP z!)KVW@PHw#FEkKjpd2+4@H-fVeF5>txteEhs1B;b2|b``bTU=ztC4@AC2vVDK%#NO zEQIl!5E2kESPLePhJG;u%(dI*%C4we;%$Jxe$Tj#lv2R~wpxUXJ?2Ez`^Yrc*7=3$ zopwe;!TkpfJ1B~lD7fea}_T>2Z3BFnK4 za8MF;?lY{;Hf<%7{jZNn^E5BOXHrWyNLeP)lOpvdI91I~ww-*Q*^Vam#{v zn)0OaaM14G+>J=b9vb!hk+SP~Q}`Elb5~XWl>kUd96eh|lAid)IidAK%hggG+!u1? zHODGf_Q+~<@(AfGx=)98eruBFj+EHD+%dNNt_9$jF^-ireGSZx3W>WGJI2lZoaq|E z;J>qfk@?bXPM;A~dd4I$608>}QMnZUUxGsfzZ{VA-rx}cG2W%_iW~QFuiY1qexX;P zf>_BuA7-U!b@hU|AyzuU2c3+m;cxf0P>%sw6u`qRiH@Q6Xh7-qmd|7dpr5@pfkt{kXEY~FJP|!>VPh}3HJx7uwgd7GqeJgKc!l+!PBr=rL zWAYxa7opWvD=6(8<`_?B)N4xfq9hybJBM}hG z+GoT(FrqGdZ7?TwAjHkHih>X}@c5%_U^ZV&#E^vn_!u=1LI6Yo_(%;lyh@Y_w?O8w z`}6GcQ8f5)Zh9%JQ8~j;d798gzRbi8Xri_#fqjOS-(?Iqc7kJ@#!|E`A+h6#dEr+V z&(tEFl_a26P|tu&x;%*ge!#}8DqKthU)1Nrl)bM-$x5{*)8gUbAeHZe(X0LxbRZO^&w?D}QR&3)SHV&BoT}VhPd_M)(vg${LKKRQ zgIfs-7Oz@Qc{V)Pw!!VX;(0sC=Eno8nbYvChjbZrQ-MiTKXu)uc1`6=Q%W3enJIsp z#u!eSu%I#h13x<4hH3a~TZ7~HNwr~TQ6Z1iRXLk;7zdnGh3C%ZkU`~*iPFng9KVb@ zlH?3P?6|d|>mvJVOLe{B-g9GLPi1LTBRLp%o{aKX;MECA1QWgg=0k!$-0OqoR+(rp zMjfY^B1M0RXoV2;jNlHkP8T=)v_r6rKDe;X*mW`YDMJsE_y8*g495DZot!(d$jDU&R z2P3T=32XEhJeFb)t=#r3>ga|=@W!^qEM<9U;UfoXeTJ^R9gL@wnkMY43iMOqfeB5tSFT=4$m}awrn9famK4+PQ17IX}wHw zU8>E`sBs7Z7+8T8D{2gwCxbM+J5@%{ohD0G_g{W{lj>%}8>-Wl3VM62H?P zOzGjlaCJ;B-C^uR)g=nS%9%vv6=r=f2gST;_JJZhZdv`KE99EI5n6B;3!wEe)F>0mxvZ>RTu! zn=&Ez;4yz!24!27cU93468K2QyU>$(DN6%7%0SZ=!_!yQFs?EC{AWknIAmD&_mwq< zC(Lk6@ZhF*c{(O6)G73A0a6pG_G(n4!#vhocY&KMy2)Seg>n!=L;z%@sq95*y-LPT zh!+)^Ul8auxpZJ!#qX|gHJY82la$LXLIzZ<2LoV9^Ku}L9piYa#yp5aErA~%YU8M3 z;b-TqsNuNr@Ty-XgwUGR=fVt1+gLSfJ1|jZ(KID%Q014WR z4&kIz7ypeGrnvHOmh>f9>+5nJr8o!W2Hi~@{VH*p2s)yax?i35Q6$s)bm#&f08rx$ zQ#G@W2F5LhUs^wgwGAr~kCUvyWk=e$W3dC1@W+(J@U)p4*4N9Kw9Er4I`#iu@dJ$E z>B&gF>rPhZnM<=4JAZrp(h>6QoFhx{EDg6oOh8B;3PMb=Ki(n+J-X&$2rqDZQ~(^da0N&e`Y-Y@)=)H3Cy%So#0Gss8dopd4l6PYxLcI%(W$c zHrvL5mRXL+sS_5?oUZwXUxlr)iE`_dRnB=x3GdOizfL~+G|y+)PIt(S3?oroHX=5$E@88ocv1S@&Be-Kd zWx#&u_Xo-7SKIEIDOxD=5lEWa+9O8+n@k12Oo@xswf5>y5?SmMmAE}f!cW1gy*HGD z4+kHMa@OLkr*0azBsSK~keMg1uH&MaT4sLu@l`P3sF2t`+rmSJ_5L_+oa6B;EKFI< z*!`l)ezO2wOEx{ifs)0nul-&w2mj8}cvea7nwGhb)-4?yvA8Y@!O97I_|_9=q9h{X z{1Kj?Y>FojC$no=5rI0dIVCzM*4T85F)6GR_t~2Cbkzw1&1wGEy0ncSo7j@KZjzZ_ z@qRCiH=|>alc-`g(*4EO6Kg7u=*tab3?E`Jx zy=YG7bB1okuU}YOL(Q-<-bKpmsD_M2=?eR{Axf|0&p$itIGHWiF-En|^c3us?mU=0 zK`2Es5CAC+xlToR`5jNa;A0Tq+busk{KFVeq+nIfFUXnpH!{rkNB8*iblAKo`uFsDX1fRF>5Fla^W%xa>#^ z-#fHylsvDhbG&3-1CJiJ3>lGd9T?^5$Vw>#_cnvR65P)BmBhNEEFr;RI@nByS{UuN zX60GfQLr2Ve8Y7v2wmG2yQz!9Ia$`->+ED!UrhJ%B3erjR7Z4Sa|K`F+6dmjyh+q6GkSalC_f(*tOKb7xyn?)}XF~76YER z!ou^`)N?&mP2;Ml+Gi4J(v_)*hLaCYKo|aM#g3Ioyg8HROxTi>e3QGo*V+akjZ$(NkgNePNo~yVoXu8ZCORR>ZaQ>3i#*df zw~cYUWc?WKU6Q!rXj@yC@H%IB%v24p-8_a%W@@loU)WAmx4%-bKr4A0c zvH-||HxRmp!{d;>0u-wBtMr*S8*#c=Kl3$NKYh6`uv z80X;*S{9x&#_;3AE&Sgj`oL5gnzR^Rw|NYYnXb7G4Wb-ZI3nAkRWFluNW9RdN#JLm-+u0dig)>Vb2IiF!9>p~o z;|$MQU55qWQx7+B(@}Ld2b;z?Uc7D$&s$^RhI zuzaNfAd&q!6y0uU6)4S(2ko(|MZQ8CZ&aVyWl8Gx8URwh!8~FGzuzqI%@d6|O=(O3 zn6!Xrt!dzxF^>P(w~QYjZsABf{oYyM;CRZaI-b9#fitE!RtF@yt1Jh*uO;z;U5iFl zy#jzItf=7)n;V$m)!VCnPE#I^ncp}#>z?W->8()}C)E!ac7NXuvvK-2`fjrNMU@M4 z(g$-BC~FO*Li)SN01)Em_xb@80wAO9wCNONJ-{O;XI4QU4AqIxgRznPx{T$>fDSWh zj00y)*YNve98XZ%4#o#a^C;Gvm%Su2&< z-(L_C|NPJ*uAb`{75H(?n1$ciGKQ@UYb26J^LCzsLik20K{rlc5O2tg-kYra8u$g> zpc4qm06v^R!~Ul?r@15`gaC-2Bd-blYaO%9Uy-Ec!Qj8Mg-oe%P=jth7^9mIV9*hH zggFrY*QjJa#q!Eo_x9qsYq~cW4=i z4&B{1RQY!Cjl+DQc*mAcW-P`qZ2_lG)o}V$4ZkcUgp^nivY*_|08G`ml7@QWCz-+2 z6cYcle;J?Ow`^42$CL&9`sQ&wYfS?aR{CBwRRSY<&6l|cP;ovF4%_@f)1vl}Zm?*F zE!zzhhu^7B?#j02Vfj2|1uO(WM$oCF`OB2$d3{{bjMW|l>sGt+-h7PedKKZ2BwVpv z-jd{IBkVI-Z_$#(@^i*8ZK*A!5M2RHgo2MBAMW7O4=-W=vN_;moC7adTgQvn*0HKa zrwyj)ohpKmpqrk7UXcBAt-+ruKaa{9O;8q|50&g4l^hVpB&75-CQ@8uII=2x?_JIX zh>Ha6E31C*2f(+d2M^d(+^-h2Bk@e41IC%}CR8EV!OnLY{;N+o_kRvcP}I9X|vq-#Gca4i1$nV^Qz)W zM^F;{D9CJHGmaZtP&}n~@N5H@W|BQ1P#cM~@rZ5tD^(BQxY zGj;s><}sW!VP)pKQ`hNr)XST!o3}jYt~maeRwkW@sYN&B|M zmD8$}@8ty8K?lIj+l{n-BLNU1Ev~z&t9wAz>5INTALTT9GO&()8RrvL#VWTlf)%Of z?>Cn;RiSh`Br2YtRxTC<@P&O%d}-gZQN2Da20Uj?1HZ9l45v=j5*=TpaW>TgdozkG z6bY_^#!$3g$>;s<5aj%CA$WfrIx0h!sU&Yw*)K;H1_2Obs4S?o4E;V#bUK~R#2{x$ zx|Dra$EX~;-o^4Qa}4TMo+rOe;Y*Qx-@h#I*}cp7>VYO6Zkl6y>kN4D`Z4_a<_1oh zsAb}<%6yvg+>*GX)pM_k7r|RGGPh0sCF_f*QfR+U6&R^PUl1Y!AeAS^m^SdC$9c)# z=fgh0^4#~g=n+G6;X zjbr$gO=H;5;7WK*;Z@P^G}c;UK6rc%36>sEb0lFWYO%@6L-b$(!^ z{HqfVu(Fn+kCuPYvnkwTsni|}mh~1S$pKTGy}>bBp<4t%a&ll)RH@-~_?C%>9Y`=R zNZ!3kvXyHU9EqY%0>c$=HLuj;7#r4e#*3=7l0^pMG$MPrDexbAoA}CsWgJ)*Mmc(? zOxEx_$Bg5`nK~vkieFcUpwM+Lj{Fa}@;>}986c_v2SM|2_S6zNcE9e9Lzbc`pS?$Q z?9KlC74D`{3_hzV5lF5tY^A%gLTVa2`i=N)!XSlc*G&#iN$l45?u7L22rR|OgroOI z_6-z_m7}n9u(+#CR#j8d);m%A#)2sWUlzJmD{R%_tcC73_O1cZuVJ&ifg2rerCX(j ztL>=MSuO#QqKs~wA_cOy|5<`(CE;~k2P0$)DR#{cYZ;($TO!(t2@8VtX%wt-h{Xkgp8m1=#$WIhl5?s8CA z+Hso|#8EUD@jEcAvOUf|KbD!#CXwX;Mnik5B;CSUgX01(3kMMo)2y-uBR9Ml3n z;y8R|G&0yAc&r%0h&3EvvoK();&p9y3kU4KW zT0-JL8@PM1gRAE|*m0zdTjx8NH|WZv#(-^O9Otd9B4YU7rp9o)It!2?SYds_lW+5&BZdQFmibryXg1i1vZAu>@siPm)`%UO&*Mz zYX{P0gOZ-e#_0(X?)Y(+!4KC)2sL(I{n74p@WX>0eD6>T_bzp?D7rTwZ7Geq<#5s@ z?=}*A(Ygknu(FPAW56V5uo!%u1aIkPZ@*A3`X)Ti))Y30w9G<#m_Dn?e+Tz{H`~g zln3a*VE)DB>G1bh?C(ceGOOQj%xAyH=o2#N{pP#@;(@((p#S*^6n!0TBMcCCz$>$hoTEnUvDq z96KrmGV*<*4?vRoyk4K$-##eX*Gvrjaw!LZKB^JtC;^au*GLTjgz@ZGd1V411GdCb zkjbk6WpOZrx{;a!Kv<5Tpg7~HHgqe^JYpXnXne0q0OF?~lH6u335h++0#_bsx&7hrVFF(bO5kqy;=`yoSe4b6l{hfios8tZnfAXa{pm4nW+F z1=qg6g1g9P--oIl@np{{u3WDvz@+#pS?K|YUVh1#Q2j5Ebl(HNQLI{AA41h4k zx}P%~fcO~$RRAPvk*fwk?AwK|a^SHQP#)!fS^p#>?mKg?m!2~)D87dWFJ$~W%H76$ zrrP-fqOTXCdRF-T-OmAMjG-fe11*6E7TdV#sKD(~IIyN>VQm9AronOciaJi7u&`yEVcP2d<+I zKx(QssnRW%!!D;HggL5Ejg^d~D~xHh`B5zJs5XE7Z`x!oWpvZ_Ad;NCcK^RS_LVWSU?wjF zc;sEhif3{RRdg!Pa_biV^CG13iGmX0F>mnvZ$0{qK+p;0zzOKCQ;h)|8oQh_-9da89fRu6bnx?2#DIT|yEk{|x zfpQW?fDj&%D6dLp{MV(((_tP<4t0m<>ER&{0a`ruJGpQ5T^Z^)N0o6+q8t2v-{^%< z1p%2XMK?SXP2IB~3~b~Rf*B0*{YsOn1YmJ)RIxi|gvcb0P0Rk&F!9RM+56Q*;GP?}Q=^Bj9~c;<}JHE|ikZawk? zANoL;*XdK;OCZo$7K5^xMf5N5KY>f%v@XdFp>w`r{Uf@3^5La)exE7T3rWA@9G}Q& zz)k4sN`dPdEM}Oi<^+cnGKi}FF71s@j)E{5rqIG%9sjBF#8lM zOLuZ65-((&ToG^iUG8zvSiinJ_f0-`onCQIbqUG)ze_7`7Q9XYSF)|LR%q|nljl5v zOmss&7-K^xv^tzo$(gIHvcLQYrA9xFVPY!Y8lg*i0AQ$cMVsua_t|{A4nwF@E^bB`)=9qbD>xM(;C`AQl<9<-}||QA$b9bq&zSe zX7~?LJ!iNJ!11AHy8j+WS9j$o>^8$s=Z5w7h`T;PHzxg?HKgr>67K*cdp{Ab3>2q5 zU~-kcjgznCGk-*K$P2Rl`)~~N!IKo6u|v9BKEe+Dm}gwNZn}j7&{)3vDq4ED!yjaQ zo~71>OgQ{X$KSvNNW4i-o%835M>4INyi}|6YVSibrF$zqzbVIu62u}lM2uy z?nnWap+RBxF%T8w%bG~B0LZ8cjq93_`4~7RVIFHl^){WyFei0jbsBAF5~$f$8HlYtO>4TADRg7~Xzo>6&9-oNMR%#=6j+AR}#IIIl*G5$r7S%;_; zf|Yb1i3;-}69CD*0+!5nn!;1gF>9CevVehMgC--rDc$zZuhY4d`F6rprAW#}T&w)4 zDi@kAB*odoBco19vHVWwHAz2)B*i6kIE-=TS`-Kw%vrh;*JJg$V8hAdETVLFvPAQU z_bcw*VG|3cg6||guikl9QMk2|to%vowM?6; zlE#ZRg-PpRhe!-gH|ZpyOyo5@wqqxIeLN)B)3c!Kgfh>mSpMK6$}x@Z)GbQo)D`LI z`pE!uEI<;F5GO~ZE33#1LgItS;c%iVIO$aeAbxV3wsvOf?>VZyIc2s;TTtXUh)NDX zyfvkjZBiMffRiCV$$%Q7`y_}kq#n?pBx;ONil}SYvM1=-j#iwtigFH}-HC@kE<@C! zK4on&?sx?Y>?ffbL{>X@!Py(a3g2rP8>)H#-gnXh%JZsvzyIksPqn|oK?3)6Uj0r! z!vO|QIKOa5Ebe#w$C<`K&pJ=Z?L!N19zZ9SOnApUEDN3fGcC`UyWfo~bJ=Y{ zl9JPL^-j|LXY;268EZ^Mf}5b+h+Oo&PiR(DPLK5cueh6vMcPZ9^Y`mh;_SEKH}|AD zPK-%+PZq=p5g*pSTn=uWI~nh*hAXMczJ~PjUHEvV+@l|y&06F7z@eXGq6=&pGN(AC zAu~!;=n{IVPjL~M>73IIR@`mRGj0DodwB%CJCFBA-B6?jZX+pm1+iq1Kad#M~e)Vdbx2|$>O~eQ=RY2OE!m3aidCp=Fv|?9S`Dl zwJy`z<$d!~Mtzz^Hc5Y$gN(TWQE^+5wWYkXLuecUF8e8`shc$IxKzxCz(;Xo_J(%4 znmjUQRQN`qtHjDLA6yQ8RL_OWqGi~56T+0NZ&<}F3rra=qvsbCQd?pN#l<_}_|Y#b zIRzw?rU{=o%b+;gK zQ|60nvRO1=sVQMaazLcUQ%BVTVxQ;;mi-*3+SSPN=K<3?A39A-%eP?OsXqx#>VVrZ z@2YM-3JpD!dS%v>+Ys+fNS^OiJ!k(l5?c3&(~jwu?Ljrf?0IXZ>p0yzKj?;8FT6@- z>$8rD>}U#qM16qMtV3<#*4N55!99^p`$6_;tfRDz6Bx#m~p-mqrq zyV20;*=|Cj_ESD#i!8vX2uGg2o>L%e7NL&UgNND z0aU)T%B7Y6K4p$kd-_L{PBfEZkaA9Eq*I#!%Zol)Mhte9Sbt=qQYxZ{tmPIPv%sMoN!n z=|#{FEn*BzgcU0B`(7UN=e@bjx03g+(HwQaWE+$d-a;T{|?Tl=%ZE@p$AbX8NK?%&UX#<4DtMp zF$Rw46E5L3C{lK7BP&AXR*XI*X_RAdrH`?Kb^F^WSA21t9TW5+7zBA zlEH)-Uj9!q0Z6|{^JE4x$SFwL$3rK;aKFz!!5x18EjQnUZ+`u2xblk2(Q364y>I2p zmALTYOYjRXehD^i+LXG_ho5utr+@T^xZ(Qi0-yBX|MP!nG#Z}ysxd+jJ@_EL^X+fr z(x3el2M-=h^^EoF*W+nVdpe%;+~;Ba`t{1!dUkdeuYT1lVtw{ApZ#~NUAs1yJP~i7 z5Gf^I`h&&UuFQ=g@JB~#w9hn;?L|8D_3?fUEPe3SjzxV=GoeoB9@$Lv*7 zxf>8lK=*ebvlfeAw=e9eesL` zg|B?&%Xr@No{v|)>eX1WVnreI+Ijg-yx@5+$W88?;aE4{bYm>=kySUO>7Ks4yc{b3 zJGWoz0U+^iA@VqJW-$*&l8i%C?2z1qlW}*qax+Q<6IIjK_m`&qjW#`1ix_e-FR++i%YVK3uy<2>j>=-^bhD`es~q+0GpI zZuh5KGBw+V`oZ_Uhu?b3oAJ{h|2Q-Fa8kS7#@D{~e|Y=b-hvx$xV{(wvVD85&ZRRk zedmtt#_ERauDu3JOG|-&zxt{xW8VszW+$CDHQ62C@|Np0VO^Bvyaqx~A_8U=?u5=0 zC?D^Me36}GbtqK7WaNt$+c2K7zxTb|W#XnAZ^Yc(Tmf<@ zaCrtmDp<0$PTD8rvYk6Z|Gv1mi0iMrHj{of<$xl+y(p%_nTqkVg81yc0aFz@5j8XC z!C2LtYXT!920(13$tzwZC*MYWOv#!=DP{j^SbFj^c(1AoQ#dc$uKK{o|9<65+Q;#^ z&wd8~{<+U;2OlcvWB>F|_}W+hHy_9=1U~xF595bF_(8tMEkfYR%P-HJw|CujCl2i2 zpKa_3OEdTFR)oLW>2z?_712C#-{5f1kAV9ojum?7rbmYsqbF6_1P1hNRJ9yh7Vx|7 zk6ko@G4y{%op`|Ss?u<@S~(z0Bn}fQ+v2Gmubv7PamQK&?^%jDge7biEelZ&Lza`J zqUZU;?|(lL_?VoW#M-s%uySSwLI@n0oyEa}k6>|eG1m9L^ripCmaSXy^rt^V3+Pbc zp#1lLeF5M7&bJeNXT^#Y*tl^MCML!qW%t%+cJ?ri961vE86W-Vhp}KkvkA=a(Xm6u&<8(&fB46L#`N@b zF7v(inr^cI7)x&?n6{`l`PZA z&n7#8sCrwFtPHgZ08!T?Uv)zY zgVyDf|N61WoR4$QJ0Bnax6j~LU;8?obn+>_{XID6IQf)Q@v7JS3O@G9PvaTScvk2$ z+wC^~<)8nlFT1Abfp)u%kNn-=MJAhX*}4_)`B{*XyXQyubKW1j z4!am~7X`Xaq-=q=`+wN=kJD}fTk%+6y&fPu;3u8~+pU(9T$$N(;+*?@w;OZG81H>f z^iCz5KiQR)lrk{EvilJk30?-VpmOMkAv*ksXUO@8myF33;dpOswuA)<#;o3t|5)NA zx%St?XLX&=)tT4gOg8N9t?nGVb=uu~8T!0uJ?FW2_n*86Gt(T-Md3S^SH-99v}Yu zf4~`zFezIP*>d1p4wiE~Mr_?Ea)%*PT8|UzA00KpB`!%cmw&$qp25TUn9PqJ@j4^P|T>x60eemxA(tSR6 zjcMSUBwKr@e)h_EGN8j<`o?Kbv-%K>%c1>d|69cND}3e^)E^|Grw4-=_`s6K?*WoK z08zR_tDP`j6R(=Y$>EAZ5(J}vaK|NB2*F(!1Q)oS6(U;JX|XHGfwG`#yy{xnm#(#a>E zf_MG?AB29U)9K*)l%=Lxc3FQatsPPyEkqAFrl#V!xNQ;a`F;G?VnL~>(=x}w`# z8Tc5r6OJ;Hm4jJJn#6zmZMTIsT07;`({So(r^j|e?W=RI13Ni6iDy6OxuM_PxqZ74 z>-7EaeK+*)zx1+~Vf}^;k#mkquYA?3L&40EBS&&=P`I<#`$A_d|BfB{*E&d6!yFU~ z4ENl5C-&{#>-+a7U2tLGTBQLk)z_cAu=i!*Co`-pZ_%<5_x;26C*Olz0v}}sAPT^T zNGZ^x>A12=%_PgIQJL1?Pr=0*f1Yzp@~%7YxGnVWkA2+Zl#S~-&v|a>*si#IXW{F6 z0_!c(6X9-?;Lwb$mxgUc_!tS{%fK!}d;D^(yQ ztoh)D7hi(MoOQPE-}dd@i@P)4>Ui_RvgU-0I%NeRRhdhcchSKj0TAOS5(j*QDbO+s zd3u9TE%2exT`*tnWieG=bQ!SS5sB8PoO*g9-h|QW)vIyrv5yM;`-8i7Y3(!~hpxKf ziqOhePrC5Jepy`ae6#4Vi!Z(;^zS#`cw=rnn4O))%{SlFpO0#JpPik>t+(79EJs|e znRF&cd!2hf+8F>qEX%@UANP2icm5MXz{}3k>3}$3XjB1E{`q^NR5DT~KaPOZ2;_i- zDYB{yMG+?y!&Nij`y(Zw%YI}zEh#!)RQH-YWxta{0RqM({BxUluL72v4jz0Y95k$1 ztpt47bn+>ug#P{h`|d4tJ#V@x+|j?_!iy5=x43l18E2x=Xaw`+{`-_VfShw2cl_~z zf8XH=hf@hcF59sq5ai9w%wWsbtvNb;ZpZq;2Y2DY2mMO}pK<1yn4Fx%x#yi9GPkJE zvf^_PbynX~r6&}?PG$Ve7AT!cDvjt$uC}bPC=|dF_^1#7;k1rMPzPP(nWTS0R180> z_{Prj_QKnB)DWHcY5WcObs53ZzxRQBbDziSwOQt zN6(C8-0yymq5I?iQr>@e_~;p|fW-{zw&7iTzy2R-u6OO;AMTKtxOJR`Z>iEag6jRA z^WSlo zWpQyav@zZ>#~zCnlT(p>KGM?WEt^CCzVE<(S2&Sd4xQEA;?WaALW%b8-;X=*ykkf| z28AHT4NbJGYz5Ipmt5jo1~_V8$8j{geL@C3e+GR*c81(woOj-NgMWvGVZ}(W@Ad>4 z-m8B5NEcWM>q+G8VPxA|Z%&F=$N4?e{Uaf{-z}|5UGLU=nL~;gOVF*$->we&Yem0r zz)$ItT`s#iG&N@!3ml*K{ey8QJ46cu9*oJD>j&2w+WkP%7IAUOC=-zA_?D)RCxzUl zVZD9wf_&?|4o;t` zamOEzd+)i&_wPHlZ^ua|ogCA-i6;+NUVb^+?Y8gVR;^lvGtN8{t>xuZdoGECw4S@!$XTdEd|O+_3{M`{h?=v?Xk4@8lZd+jBvgXN|K) zk?KFiS9^$MO5Tg9MNEjwMYS}-K(#N-*=)g|mj;x|BjuDA2r-2ZS;w(v?b^`4-+a@J zIQ@(>69Xjgzgh3}?aarVg)<)$CyYtt&iAO!=UW1Rm@0bN%U+I`z3k-?40bznaUFj@ zT3%kpMHgKh2tY2oY$ty0wXX{VpI&D&j&m6nes#fx7lCsgaRbu5A?P}W+(%y0JD@vu z2H#wqf4)2K@l_Pd^2@T`p< z^K29uC$BKgSh{+GMJtvJfVT|(0b>lK>Qr+b0;!9n!q?^#6PQmDpPAJ_WHB4LR8BnC zI`6#Zqf-919dk_R-?#t#=dSlf^}O&aNDwFXK8oLY#LOQ!us`(gn>H5bQ2K?lWUa`y zyu2J*eQVdQU3lPu2LjhO>ARPgmvPmVR|W%+i!SPaE)U(|mC3O1D{taCV=Ocoedo^Y zO80hNy2Yw+3%;~G%$Fnir@Y5~e`@|23QA1MQz@4RlvDsx7%3ZkWCbB6m+w;{ctu~0 z(sgP1WJcBdRgC4d)56Q_-hcmn_}Nc?l4;M|#S%>C_u<2{p?_b!dQI_buJF07RtsCU zYzYl5^J^IB1cOOH$Te4AJ(N>4;O%Ohac1|XEht1wCkQ!s@E~rx?N;B)rC9ip(97a0m#hCl}7Ee zto*TaEiSs~;=s@B3~9=j6of=ozv7(7y8UqO^+DO`^hGQL19o1vBXIvd{_*Gf=H{Gp z);WQtlW)K6R^RX}a*9gqyydVi0~rk0oBCx$t*=&ws&AvP?>I5UjQOg0mtXY=ePmi0 zK6B+$lur4jY=di z=jWa8A8Iu=HWpe?A?%r9E<(3LRtH7&39)+>#nG90>(o&U+Yc(qOF)%ChIRl#LO?8y z<{_0R@H#?WXGoM(p7Vd_^Iz~n)a&)o&+OT=8}Izx-^R7qTodjjgv8aF-a$Uf`3-9n zm`q>sL!9pNn$~61BcJ-f#ov=H`6=wr0&5oOb#d0Fdwo zM9qGfo14RpH(c+}U(WHk$2~p-oCJqq?c8yx(s>k-W0t3GGoe4o5a>6|VJ+$qhZ;tY z2mrC`3QGnENLM&iBF6dj4e|ZHqfW6M&EbsdU~+I8!eeY;0S@7qX8$C`9uE_Nc_DE& zmt7CKtE_lp5R&yYoOA9-1m$q|+Tfn^8Z|MLexVNTtJ>~QJl&LWOj3d~2A*S8kVGcN zr%#8o4tP|ZdcW@^HP~^UAN9Q9{vOijHX*vtM;uzWem!3Nl9$GE)ZX)+Kfy;n{C7Bf z_^>a3B=7cF@au8V?ZFatlB=)JM-)Zn9$1#8$O#gGa_j0bg7BI(zI_@vi`}cn>FkGw zVMXLK#7T_5VrO*t6@btZyit60h9eG#`v%M16_;NY*qQx|GarMgsTJ_{>9Bv!JO8}E z5#4;#O*nGoNMzv#e_b-%%STEUs3&yw8j5;u8vW+4CoM>BA?&s%yGG!V;~dgwp8vKu z*OCw7v`;}t5B44p_UUAX_rv8sxc!^qccqoNLCB;C(2IWdY_JDZ^k3@tqVw=kN*Uv> zQS`iAM_9a1@4mQc43T|A@&+J8L?)wm3Jc8t#LEesbkR#+{>ymuamUB{?2mr*L%iuX z-hj`3_A{8Bopm|UWhPx6xMLZHIL>Lz=L`;L)BuoMZn+tU4|zEng=K2$7Ee*I_2xt-+1Y=FOXN;)y2(%H(AsHyBZKx&5|VaWEhu+Zlf4 z1x4v}i*(46^R(4pCoC>5;`(cY!wSy}DYe`GOlTO^cCFyNntR1;H_2R{laEEDaA%cS zxnyrxM5NN`A06e*E5T>KIBea#+q8Kz{_M~H5>r!CvA@%7Hu1wBd>?=C&UfJLZ+

XA{(bur%S4gD!w!#O1@8;Lu&bn!$P(-`ud{#QMHdA-(lHaN{c=Js+j&{w=k4Z$ zHra{sdD)(;uevhu)@AFqZP>D9YveP|KQA~8>-y`i#X_&RfeH{({bXdG+kUHxJuZ6= zA^}N)_O!qi;B6lK9)&eEX^!5wTitZR2`AvM-uHg2TfaW>cX#c20RR5kPvech{%iQN zKmB7|zH>)lY`rPGHX$+IT)lNzR8bc`I)aEu2}qYn2}mnlg0z50ODQSc-O@^kv~-Dr z(p^I%jdae?L(jkfGcXL?!}r|#{l4Gb&%;0S%$dVEd+)X0^{%zo>%$LwJTS~F3Le@xApX1=F1M%;|o>^R_UZRstkhND;H zn)ALt@QbJZ;5o(C1G&F1*@V{WdOVxovKw<`+h6Ey4rSd!8(9nz+-VHGYJv7sLP6YseA6lCh%OME%@9c_X{Ck+kNv(IRAPU^h(Jd|9DM001*bhaJX82_&(yVL(U+ zJiBa6)AYI^nNN^i1ALkID@A+iUGt#N!$*nGK>go_Vdf!NdPJ;N@PpeJ+|u7) z;tW&SzHNUs=F(1SVCtt=_F_z}fk|6ii-~2i3Ox2;-(c`=z%$LQ-)n({Ve$0g01ory^Xk|EOnNQ0Lukh{ zH0Nag<8xPU6@$~9r4W+(QndGgC)K>pFxcmf2$m{UnDU3^#<}hZ#&H=U;bd}m-z^2C*Ai$*3 zTr885zbX1c6HKt$!}iz;dat)6HkLpN(>&f2EpviGBV?~Aa&Nk+**hqc-U0+MhNk0e z)J0d{C!@pmQ+H1HcXBhoKFVsw-71njYP^)IGyUziV7`^CuQ`&R%FS~C2vLn$6Wd+> zn#-b`$kazXXDV8A&eOWo%QMdD4v7WY;3s{eP4Z)7Odb+{lw(Cg)M7Kh4xSp{NRVW5 z37pD0{xy!}42Chny9Z0NzkMXiL(dPm4lp)4p;^uva1Vo>!cvJvft4f4Y=0T+8pOhEFgWRGBQGyt`w)=db$E`uoQm8!{%)5 zd6GQna$79Ij$C$J0>hB)buK>dwmW|OD+F^FNQW?AUPPk~x(qr_*?~ob{jQH7t54Hb zWSSI9gk^h>*x1-u1bNSex4Hs^*j5An;vet#A7MZY6{i)l2Mq-KELck(Z#TBRNHH&1 zGmv)O2oz2CCW*P0ie+31A87C!rgD_r&M?%>$no5J9V2~ng*?8vxgv$aM*$F=mgUl& znJCUvN_n)G%)RT9Q}EZioX>jF7g+{UdIc)3OR-MQ_!|CFR6s9PF{$<0)`!=8O*+C*?Z}am~_5Y|MD_}bJLnX6#T~=%v74~UiS8D zdP=uMt#YKf;-8D-fxJ*4=V}=O+Ual{NXQ1o{5^Y9bRXLn@%+a#{sowocO~gMK@%V* z_=JvKXzje{sRGsPaOZfnd)l<7LUM94x=1#NROYIHblq0=LUk1eU}eNDKo}3WCVY_m zrQc8tWc2Rcr^a#RhtTZi7aUmz^p7qER}`tu88Y%}Jq8lwK<<58>G(JVE@$O!jE${F zZ4{XEBjPK}T*oE&Hu+`1jBa+sH@l&C8LD?PF*~StsXp;fAGyf+A%3ig%Zy{XRkWP& zq%BB_oIs4;gkQMdKb$H?;+I$d5GsjJB9oy-tbQQc=)kJ>&GwuAiGh~Uv3a{^GJz^L>aX0%@mBc0sECuW74!%q)if2 zpb#w||AAfeufI}``umS`G9m_%| zA{G!Y>576#$#;>+*%!2EMn&1A#P$BiLt~9KCxX}}zcStpX)dIvqc1tP`q= ziYXCO*R@E)S{sek#aEqg<{Sj9_>!iEXc zay=pG(W0K17XMOnExGlep5*9YPPeDXrz^%nZPVJMjynauFAKF-_!RFvp3!uZLXa`! zdi7f}Q5UKSW=^ZNZvr2yXddF6%D0X91=T6j0@UzA=Tt<74uj?Ex z*9G-h4<(O&)OAoWpA1O5{T;wM7`FR+y{{Okz-Q_N3<&^EwC$u}&!|UedinqYkx(ww znPzs_?A#sHc{XQGJ^w~X6P=pyqTUV)X>Y<*tRgx#w8U5n&DEEah|kY~)e#Tm;GtSh z&<@7ioC2Y1%sp$rb~s-Po4vI&87*${w3+7<$9B&lJtHhxAsJ7P`lqtl5A1IYyn8rt z7-{wNst#-wBfVd1X+&RRfqIE|zG5*@DrtKDobo~i>Wxcxp^dWO3vAiyEX*MYF zT~Xc~vHC-_Ym|@Uavj&HI11{MM+Nfn43;^CTavYlc}|JLr1(zZvNyY0rdVyq)h_Pe znAuA6L>(>3QIrdiD3T;$5CgHidLJ{@A5ZT#sme($5zUx>&j2j3J#UHIrEGxO~fTNUJUPZ^Q2P0nR1I9 z44CER=l%Sw^>Ta!rz!k05UuCuc0TP|hO1ZNn`1mCS#bnyfv;43pwO=%B8hH6CM*G% z+VZfv%j^r&&B4Li1h~?WmZ{JhwNUlEBp^57sJS2n43r581|YuPB$S7;FirRSIDGq} zApg_*XgLfBuf+wHpE{#c`6N7d9s-pA?CJ|y_|^Sf!)mX{6zPTz5LwA+?Nq|&+I-I8DP2T03C8iX?Y8j?C1R&~9X^7O@88P~+_MXV+5sWqb{S79{qB-WE0C)I+%I>E!Twz3 z0Ih8{EgGd+8h%@y!&*wnM}+%W()&Fu;p=udwfWnfdB8NW>Za%TT>CAaulT`aS!gz) zK>iF4h2s*P?up1glq;Q|VST3q9HiZhOI{zc8!2|(2qy(K0SOyD)UszriIqDL~*y;mk;u1Fp2TN;8Vm+bY70;=7^uqWR zPnOeS9RX*q=i6!!+g%0?4UM(wDa}NQS-HjJQvnbT8unvzhEhhQq1&H}@>in@m=k3X zW4k#Az(6{#_X0y|l`+j8;ydpdsRKcs6uD?NfMV-}LA+p$^Vi6{i_k<*kE?4`2fZOX z0Z7CN5?3#?^7rs!YesmDOUuvxV^1#-$^xWI&yJ@AE4wW<9!MWp^;-fnYX;8>o{fx- zu0`!vl3rmfnQwdz(@Z7F_Jv2_L$=s|&cZtjCeAM$t zQqncw?54k21LpHpu7;z_104}%vkd|4G{@elM~ZHy@EyL%-$FMuC+Qtmlr;48gjbOD z^(WT{(jjrJM=iq19@sDxSQe48`~wJkGb6)Ev-0?Ty9leDmKr9;gOT*+1F|*tTzq}lHn$}iBA`4Sd(i*gTD(w)^z-Id$%4AaErCeC=(Nh<1& zsWfY+tGt+*iwfTEyvF*XS|MS#b$}o1-^J#FZBfow*OI}cx3y){4HKyH>l*) zJo9IC@!MZ|B71YYK*2W{cyAEF5ETl_emD3enR(;TC4dk}$Iq&WLtDIz*RE9EiwgG7 zS&s-VffrKIzWu!uoaer0SCG1@yIc6vIPFmS>!V_f9;8A^nn#mea`M=URS(?r3ZV{) zh)KB@&$%E*Y@%%1rhd7c|E8L{9YKwl2e{hP*5Tn{bnn0oo{N9a{&6ZlR`jSDb0io2 zYr%27pWeAs`T9t~cQ`8;7X|Uq+NlL19W&IW=;qH)e$O7dpD(~xDJui@HYr@%x2W2% zPA*;MV0fkLjGjSM8b6i%>X;0ERvIqbA+(m%82m?g$=U!orq<%-Egv6l7 zZo7Ltl|*u{g7F#ID@#(`T{>XCOrB!kKvfA8;4cbi1}Ovxi4C>U0xoM_?fOmbVtxp?S( z(A<8k0bX#q3v)u04p$@29jh;DjpKk#1-qrvJepB~uC;`4`G@N<4sH?4DCk;o42r%jp} zX>eTlM4>4qnBKngnguSlDOrZO*cg}QufLj?SXf|}ZkvWvxcUGch)bus0LCP;R2obB ze$rgVY3W=2K^KCiSy?vb4YsT(u(FX24PtAao8WhV1>DM*d3%4Z&(CJMH7LNXO00dXcS6E#AX}2`<@|>=%Q*Ga(GZ2iVBoF%WN2W2n@0czMBclVD5x{;1z}uXg{Z0_JZZab`4DBo_n@o8-tggUVz2=N0t6HGXJN_igtOxX65os zO-*KC#YNlnAO8|%@orGIG#KK$-gRA>H3~;^`#|@z~4n5RCmk8 zjN;42)sBmErZ=~(M)G&lLryu&zn1Xqiu|s8IU%`!CILZ0WP5~jk4H@AE?+CqK+1FYOpy0aZVXBxmuMNJ)kr>hypwVX_@&3V9?>q|b1PRVH4T`aHco}7H^ z_)ut1uGsP1J_Vxw3fRO?4Xj^qhjvci(+XZ?9aUW$N}ci@&%41hyV#qHIKMwA57YyI zFSZ+3HC!%7=O5>Pd}CZWcPt6U1o-Y7L!$uV=8xqG;l+Bea+?Vtj2oPfC!|s5T_xU&s}w z6bg?&^!-uu7M@Ja=@d|`YaSYMou0VyODpJIVOFeIo&TAA+tHkP;_atA&5@H_r9kic zbRaa4N7?>o{hBa6-~b%p!Sb2BmBA_Fk~%Kvs-*;GSNeG`#d+wkb=UhFC^1u)l`3Wb zw38NU-uuIyLnE{0mj280IX#McjZH|Z=OnM`tI4QCU%{EzSfk|^ zn7)3(8zN7n(SCLB^wOOUF%&ZwE=aKZxASd&*lW$8^)^$4c_@S8B5Uq*BXm>4~o-u*Wo^Y`p33 zh(NJ8XGWly9Od=Ea{+Mo*%t|*5zO}J1H8wYl6q_))t1teyN@-^`;0t`o`T3d4V6G_ zA)vP^_h%mpAHI|f;8u}MemqHgp97>E_pw9i4H4~UHno3PBildraHWv}@dTgsq_v!e zNp=6iA~)XTr@(p8emHgwx%I$Wu7#0w+tgNuE#woib9MJ#b~KkO=Y&4N)2MN2DQS<4 zTrBflskR`QlY4i{kV?AZV?)plq$nW~5P~ZI&iY(!_<-^B>Gc9A7$KgESa>Ecrnu_U z>fiacZtNNx=ZM|(e55y|KQC+;;hbQ(pSg2-`mzHvaa21)_M{D}-|4cR^3n7 zAMV>Z2J=6}VGHX^NT0aZhsXl@h>W`N*G;3yfDk5pfxgs0&BnQJM=mQ!!gob&o2rKa zudL6XlaT=(iwYk|IQU7ZsP-qnX!btUEL6??!bC0nQOX*J#m*nIlbshU#Ay4vN9s{A z;jM^kQn+b@+fGKb>X=2YD052=8Jt0xGO&tlW&cN<7F~Z<;dgWH4ck`<-xDqclUSb}EKYIC^fsGt25{VGmEq$=x`@ zvOKx20IJeq zAW^cUg%ow>hb~%)uZTSiQ5Y)vx?ZyOkV`%5b0-zp6fWDZZ~JD9l8cYe>8e}@EoFP) z;GQA8ew}FE=()xEjL!8o*ebU$N1`5F#+UWhd84`pb_<@$BNwmf`l|-%(^RVayIick1Yr zc`44b!b}4y(8Nk&%#KGVYv>=me;W*>|Ms-->m(C^Bfy*YNqf=N3Q-;EZOZ7vGP+ z`$V7DRAb-eMMb>ctL#@1ef%m?66yKY`d(lBxaJ1KB^S1g<6_anQUo2dhM4RSN-l$N zvXy6BxiKNP%MatUpW~1vvB=<8hsH3Ztv@|D@2NX3u^XC~=Bm*;Z;?InJtQ-B86Z7` zxsR~;68Ud7#&kSi5r6Op`DBT1j(vl*ao|5oWJ*iQQ%ZRMERgGw+^d}Hd~OpvdD+i@ zl_!>>L+N>#^(J|KoDv-C2TTQhHhXqoRr3eOA!b*A;@k>tSmq^1;rUfhX+=eb{?5a~ z2jYT8$t-$cNfN}*cLQfnH`bohG5&p3JziwkRZcn!^t16ddv^DsZqm3BO!wYHi*Ld* zY8YsQ``{ygWsub-<3(|-!)9At89AlWsIh=2#kdZlyO)W>?+>XuI$#lOGv@LpF2d9F z(fz?idX;+QE?-Pn91X=``N_jO)IgsrJZ274E%MCAJS+P?$#kz4$6nDH@mg}t7jsYT zy7o0=A0xDxz78tI4a_(a?Txt3r~Z|i5}Ugk?A~tB z>ipL^e7T}6r(YFqYh9cWfU>e_2YK&iSk6kLajJ!ol+;PKvP;vI^ zGq?EoYy}pDB7BeKkh_e}hUV(F20wWiNQBRz&|we%})=Uchuzs_MEo-b~CeQEzF)|q=Gt!we8VA$PnDVsl$oePu^vwt6h$|kP#}T2H36+1{Bs{d0EO6ug7N~slv*9YT zQ-kfb4RpEZngbGO*>N9&b#PFMQJB`4Q>3g95PPm4#voPsHIXn#GN zsq*{Sux(=SYMa{h-KR&T(nf?cpfkK-bb>X z*#*K^f6T~aG(RKU%wFw%pHd}jiD^1VNv@EP^nD1^>(M=1UgfGpc;&qFe2h5}f38oU zQZXzL3wbB3QL$fzySkJdVZ3q!4|$ryGn#?N*iPE=VmcgFGVAtG;hmBI8Jcfb2We8D zLdE1>bkW>0_Qa`!faOH>srSf0usQzQ0F^W-68X2Ws@zg_Q2s3Iz5`?s#G%;KzN4!0 zmE_^;QCj;s&68dcPUpO@oj;1nu*$m6!%xqZbXxhtVeA=TE$Z!3tJVV7sEGwexZe%< z@Y>$at2`ji&1JOZ`hA+&Dy9&V`fN&NKy*+ObIW| z!bir=J{`|de)Vd#h9OIw13lsQ#F!HC0s5Hu&iR93{~4e3G~ApR=o06S-?CE1TP)9? za4KbH@z#=LLfs&vClfD05hAbe;8ZBA4uQ}lyO5)lZCm6aqS4-`}7uWX> z%c6+5E4kSAwk>|x0W44|fHBy9yQT;an&j;Tq^u$g?WQKP3H{RFZ<&(TZ)}AHx`A~! zAIQX8DFZS4<5o;a zRR{8`w~nXQ@AYZFd&LJ$W!}Y05tGL^%Toir;1#3qJb{%3cICv~b!InzC8#?~7$%MQyFCJ^BuW+wZ<)(83W9=7=E^3*CP zeJ0&|*CAOi`hz!gRDnLZxu<@4riRVZ`Od=}x!|1>uH{SlQ`lze7Xe8+gW2vU%-Q1x zGo)-s9)@tqoarFX117O&Cm!CULX~_YLNMnW(%lRAX`pTrj{{PnDn)uCV`tIKFab)8 z?!|?0F-R*|b(hoyM1JhSi|D%FNBvT-x!{D3jsM{w?)-k5vaQFs*y9E%HjCqLr%FF> zOpSsn0-Rb-IP#0aY@hA&e?0ugBt_Y-97x|}KO6F>>tzSz>BBn@7v<{gUeFLxY?pWY z`hekZw$v^aiLPX**2H(gMds?x=#l&KhMkE=V?v4&4P&TnO7cwpCaR>Z=Hc!4FfSdu z?@R)`5gBqS^*{B`2xQ<8>vz@wF#XRcd^_2g;GpZQ>4_`<>i-OY)A&CFbf4^h1^~7H zI||i6U(HzgY-dA0UDJ6B#*u8gZjlW}+Y_ma{FG!UpOmZYxXf=1ySpKzL;63L>HJ-q z;z1&dm(rQ8LqXv?ms50s_APgA(enR0hT;K;{y#Sb68rxhbZ_+NSO72a-w%Yc4+3og z()xeKZ9MVc@&Eg&!7s%rvFmeU|46*;?e*8=HK0YrHe@%Z+zJ!_mj-i(`%K@ z&hlu&|LfhP&;uEU|K9t_P`rKbCo9kG;z-*{rXF#f7mg0DuMLTijIrUoVSobtyx?57 z772gRA#w%mcltb6Mn~(k<7OTlk$7NsaDyTpGl|sG7ackH5lI5^og=H0ubA!#z9bTv z!xuwFHjY`0*G!0T@T-Dq8DoKdRt~Tw^!1vxiAUWbW+AV4yc9_m&w}y#M7o1b|f%zT}N#siD3@qq){jLyv zZA?VS7~9SpwnQa?zDTlml%15HLi+N{wn?ETx9<%g4MbfbpCuCLYpW(L48M^_FOmE3 zdbt|8FxAQ+T~A))_|63((Z`NF2vdH;sm_4J%+I5iAfS8Jv25vRXLI)r9O7r<-+Lns zmA0h3?SU`ffw?YfvZ#n;&TcNdX|*OWaqTIXkiN)F)(4&icoAj+u%zpdJOSsmFQvbU zu7c@1*BW|zhH)gfZ)I&cm_A-s8f5&&*QTlTl*z+wvigxwI`-VP--?)ipTUb{#E0$3 zd~dbvLZrj%XDlYGtLE1?A5BxFit##oBUArBv~~k}%JK)I@I^dulK^bNU-(sDwT|!6 zUYC!v+0N=5L(N*T`8&xd*=3PTHD|cPgSOL#g(NemnCD(Zr0t)*y_Pet1U)K++R|FM z;lb+XW~$)lt#JxYwDywF*8Qg)Zm!}J-n|9J)RO2_$%IGTc}8fD!6Aw3qo&mUvx5V>z}Vf%mtzS#z(p8?J`DQSQH6=y8Yqgu+@(MGJni0qxs3e- zTMd%RGqo=tO03t4-3a+jraD=jVr83LnC9+GktR5P39G`euR<*5u7JMyA)9^wp zx27hc(J8YN3^(pBMe*U;C<%h#(%y6^h~O8DkQjm4<<{8-;(La{Z~DYT-Sn3P73G4z z%ZByM1(uU!yIjQwS7ysEMMdS}aL3nwp!_n!~O&aJ9YH zuvAH(rV*G~yy|U7mY6qNY6|IYJwRGFKk~nI+uB-2Q!$I0xpXFLQBg z>9Yx`pYyabe{H}M&BKl#O&Z`L!j!c(R+gf=qM85H(FFSpvt6&x|1$g-&~JeTx+$Z% z>15yOSkBL>IWLILip%(%sI^Vv2crKyxAjH-AP7V>*+nplX}GN_4E*U#Da?`X3!|=} zO{?Ur05oo@?aLDBLg$=l23p_dMp0{28j41RNZOTDdhEec+I&Z8u92Ix3{$JkCr7FK z{l`BugiaIwB*(_jsL#b09n~6`H3$EmJ~2u=^P0pkNyk%PiZup5?+^9Uz9Oq}zR>N; zBbBZL!NeiJ*VoW)Jcx-Ss{v?7V18^snna0dUfV1mf8Ki_4v~AZGcTAx${-qVCo}(@ zyi*V9bmi$y3v}eP%wC%&ARIT6j`EU*S8;_&24qRb$ke(J7>q|3ZLSRG7}D<~^pQC0 zx|Wq%yoLv@K4sdq>!aI`qLH@#5r!&h@5lI=p0}&d;Pq_$2qH4N1DYFe~}z2 zHQx&e4L*Ais~m6SJGOUE)AQ-lkCd36oH<9D0g>nevu~ZEBqDBrWm9#z8Bt>VFz$RP+OgC)}GjMT{7&+Oxk3&?@?y|aD?#=DGblEQ+ zPBMH12z9>zbkq%^L`B7N1*bX}bY7&71ftQD=z2*T1qEu|lZyUO=!!%vw1d+`Gq1iZ z%;U$m%rXgu)vgg8gBMk9s3+(C*%9iAbqMdg>Nb!4Vh86Cuq~MnUyIkOgv85G_hhDM29h6JN{F%e584yp!@$G zx`9G4A4So=#k|MLsPPT%#C7Z#%jyOx|N8Ca3+4R?Nz@o|kc}^{ca;ZU0F8Ri9cD3S zy2|DtD*VL-O%C0--Mym2g6!xUnTg&d5v|qw1ml8R>l_j!cCB|UZ15r~`*S6e;>SaTq`Vdj*{yO?|u&q+SjAkGX7eW5}CtP4Q=>4K+6t zHLQ#_#))34kv)g~q3w}9GGbT{%UcfUf!In4y&3z~|Ch7m$7z5M;Z3s(0kfnV9@D;n z3cs;v0uL-aeqImxM+N`wnc0KFQQ`y?ljNbhriS(9J&+UwjaC#m|kx)U!_44#9g@vuUw%7ewn)|45yi6CoCLw7wIP4(TXqY7(o^4?Xrc7^y*y{a9oQE)$l7rxA0_%3U+~%R6%jIvK@F>t1#XDD96?kn| z=L;%`g7334G?1GeyCSkJuuR*1So7K*T~CyMAX(rPM`I0uCI~~ChY4l;Pe7}+m^1`E z5E$HJ230j|GmYomDSb}fNos3ctqIDhs~$VHAdR`)$wl}s^2<*4@z9a>9aV1 z*7yEBFIg^Np=PH$WWByS-Yj@oh&upS3=q>_+NnHPc z--Pa~x1`}W8va>RQ7Njr5D>6geCz-BUe>x3dj2g{yJn#5ls$A?YPxB(u3--LU8WgO zpCdj!b^5{>I8!h%+#%C4r`f3W5F=Lwn^W`bq}fN|R@+Trik1`-_eb7a6=Ep1lWSdN za|M;e9~XeE>M>TUS<&B{{8%K|?6qFbxxik}AOeg>0 zS$(jWxpPp?T0K3-+ufHi;*Cbq7lQo7!@J+BX>uEZ%C_c_{r#C=F7waBY=7J5n~{Tl zzLW7nz-~zRHmLAj=Vw=ay@IaXBTKTUF=>&o zw5l?6m?nL%1SM_%03I-{y9&K=8-F50;kJj}SV-gHT({oucOAB%HrWOU$%1klC&1tPp> zSnmz{{I;rz)HI3hqR+S?nQdVRh<7+mm~{SL$4eFIfDDqJz#&YRQF0Rv{cbz;EVD8VWB z`!7Ry!ddki&KNJB|$Y7erJ z^m;Z5)zxMS6vNU**5QY{$`12G-(dQB*+6So!{}h z`n{R5xj6~@Q7PPB(T_OLBfdHoOhzx-38TBYcy7^StX6Cr()X!S65zb-gEBv>Wwg5d z3P(u^z$djh%xQ9vx?e^X1z5HI_#>TaNe`ixm#1e_Hm)-Z z<+veZ*>!<@37zV&%I=yAf(-RQ$WNhtT^x^G2+#5Gu$_vB4LIp^H*sH)4M5 z9bT8*Z9&LaP`78_f&Hv`z1%d>-^hUfE|~$1t6X2B_>UO%XXtXX-n%8}6B|jud`Nnd z8mXM_R>04E+AnL&33*31Z5Hj?Qk}+r)(fk__8l3}%mOye!f4 z1U!gx`Y0`qjTRqB=FXzO6DY*>M*C_IS6M+TP?N3^Q31H6Q&k?*!3tFvS@bnJ<5$OP z?6IIuQr^v=BjL@qs!T}#>lHoF<2e0yL;&;xQMRVz@p-V}L7J!C!XUM!_F|?itErh_ z=IaQ-eiM8=t*l=g2BL8r!=ma1of-^OW1|HwFv+s0i!1{q?;)xG9&k@(D>LsN8xJ%?S|TL zxngQtJD7G{T6Q80jm2yqA5-X`QdEe{h~K&mLjsNT&w}l!`H!3z6(uCVSs3}L;BkV! zhA6Xxt3!oh^m&1`BQVo$ii|MLIYiU0gotl~sAf(T;s}WR5;E9b+L2;5ug5iJ0A$(A zMUhtiX~0-Si%1WSC`$Jw_XPV_i5KUCul|ycWoNsKyN8hf)0XCYA?Qf;J|EykF^B#&Y)rK;O#DonVZ6jxQ{Usx=22U;Li1-Cbt{1)>Y^Oq$&9 zZTy~l>a_o;tp9#VKa$ir*Xa zg1Nt1MgO=+wR|Xuzwv=f{osv4mO6;}v?L5@&AEQ!T|B8&U8t<5Npo)2lQy|6z>*G_5QbcL{(ChV=X`$p zR?ML+D&FhJSVV_idYK%(*JT4f8Q`Lzf;8E6>xp8yc=ipg1sM{wga31fLluso?Xsx- z7DIOIAXfQ!A=%)ZUdRnJZbX?IYJaEVGZzSvra|F5`~wluZd+jwXpd0~rH9>X@tRG) zdnwpLbl=p$g}uJ#&{62$9Yh~i;|hDU^8~+T7@>3)TXkm)S0ik}OvB%}TGs1F7`zvh z4JqEt5<2Bo?UoD(39^A(039D_lc_Yn(}0#75*m)fA*w&-qWtu*$l16LB^$Fo--S*5 zXZKt;Vw`{N-ah%0pL_fJ$^etYJlcRLg0wjQ6mAP#5d*;GW6}=_IcwdNUUOXDQ?RuR-a(T#}jg<_x^N% z10zST1Z-1CmNoKwyMi}Tz7;KLv3_pg?%-+;st)&oNXqKcTB?tru6A69DZRIU>lc3C zj_if6NK!BQj;L#y&fI^dL8J6y_E752XJ=%JMBwD-RrhW!#1*eY%_fSJe*^B#pYPNe z+Z6S5#E%u1Hed?yj(xfeSte?Htv8A268BLFyIR6-wimgq}R- zr}56c9%e~G)Vq-m{U+_XAA^u9^q6<#H%+!=(Bn7<^&TSQay1#`x|T6cZLUIw7;*e? zi;QBWsea!3lwUL?gNQk$NS%eVgc6uX-0=K(i~>}$EiQmzWyFC9-MXOHmf5(= zM)m1UNxfwdUS4Y3Xc5371pa(_cS2(Vm5Xqeo&0>at06Eq0L#+0O6B9TV_RweC^tJh zN~YCikTSU8PuKCk4TC04dDHi`b3ez*kw@?L0N7(qaFsJo+za^SbBez~hY=JJnscsK zz7o+Nzu|)4db$UD_B#Eu~0xT>K!c9Ve6BL|`6rorN-@yU$JiJ%P$@w*z}5)O;v8W;2e zwZX!Q(22nAv%D~Gbz_i~tYIiG{hZtp;7bb_OOsJ}u-zdIpV>lZBM^zA-r|3ew=nMM zuGJU4jQt00w!;AwewDqIqb1sHdc-udsu28~zdOU*H}?VlP;8#+W0mt*KmTv9ybMV7 zw5l#S8qV|%*mw28td(@3KF&G4{1uEnKBT;s2Jl`R_3#ZlVPb=uz^1z2Wf<%4&VKa z_tCsuNTO;OuXp_b7jdXyJsu}3h}AsY*5J6=gs_`17Zw4U0SIs9?5kmbIzeL6<0_nu zX3v6dSqi`dl@7dKYixXN0ZXECHu-27qAr(joVst6do054>K7%D9q+~D?_fXm0{O?# z@43;|)bs0%)8MH&AfSG)8w*moyE69(jSYYu&n4y_4Nwb%v`n-;X6DZElF7z{52M`L zym6msIhgwnI~EEue^hVVhxi3v^-{*Fckj|n0hCGL)!IvoY`oR+gq;3z=e)B+3nrxy zaxI$`m@d#iY_m%`kuUIl+ASNvf|#j?C38r0Ei*jZ|7G`vq2|oeXlR9 zr~$>D!qk772Y^9}U)g-|C-D1U=46P=$>P=)MI5)@6O~c;o~re?u`Q%i+sQd=lZ6cA z*Uh&Bj!)Q)qrPrm_a6Dys$MnO%jFJsgWXx>M7K6CkCQjQ8}35fpi+>V_pZ$^IY$X& zL*{E^WZPVrv@cIwmDd3_#DdReeZC{@*19K_Zzo5$-8xi&Jzo8S|2?Kio;@^=!EVh5 zo~hn`FU0*u>WJ{?d2K_#Nlsc8Ir?2(U?H5rz6I@d(p2*7)$u?rF90zw{?gwAHF;Hs zn}d-m97SmA)`XVrlTS18Z#r$bv2$S@W+AYo&ieDA83R(0<1$GbjHrv^vGZI_C!vdY z95qDZ3;&Ue(kB<=eXs?#X}|Zx0Y57VpB_gB>!|kjTchJXrjnGu|7fX>E%f$jv`QVl z%abREN_Ve*4PEXSwn_zk(k>oa4i)2hADN0(QwR7!m*xPH+c@>N9&xs`UeByx0>N0- zMAB{aPIj5S zjrDy1A9qns-}K&^ku!d-3fQD+EA!I;Jvkp-90_MO>vw#;^)GEjs5cJ^j!?G&gp^vM zrZ^qu-@pt%2tFHjCg^OXk^}%NAyj<2_w7AF2enmPQr=ZUOgiG~g{7EFOO$e=aYh5p zyFyHbWV%Gt^+$R@7dQJt4fV0ocEnaImsZUzXt%{}&dJE6gZC`-vvATiz!18fwS6a# zkd>b7{?D7NWE@D=pLSc1h@^F>8Uu{VF%TuHX;z>b*<{cYIM*ZEN|%WVncc*VqxR)C zg)$dZaz&;9)45XS<^}oV?h#T8s6;KHx4UefDU0w!yzUeedH!fO>wdJ) zkt8XL+{(amU89mX0Q6PJjJihuq65s3yk(DFP;#Y9W8vg8CQ-efK4GtHL8Bf)VnRUi zo@k}aiKx(oZF!j}y)<~+hHci=?Q z0S?C#ib4GSouaG24hQg;!LImw(Vuzq zIhCY@ZdSZ?>9$R;>~uFbwNZD(!Ml+l07%W)j;_Y3wUI&R}#}am*gG&bZ zQE2E`2u$_=%IMuzaQ}Dw^#3RQzuCk4akr<6|2xW<{;%xcZ5{gm8UOn`F;8D8p5OUU zW5AjrxN#5aLNR`~Go#!|>c2@%?U@*$@KUPd|KaK@qvGtLb;}f5oWWaM26ri5+}#E% z#VPI-cLo^T-QC@a7k4XKin|ndztiuWyY5;yzu)9dcAl--*|Cp?=izx{>-+PiW6R0m z!RN=5#jabDx|6F2EbHz6wf}$l|BiBfj($j1OtKC9EF|T^7SvKOL6$kvOAcLq{nO>- zO>ur1{Q70UOQSXB(?ngQ3hw>q1$W}ohmKxH3Q-}J50iI-9ppi}yItShKX=u*ni81R zeI4$}A}@^1t=BGTtJXF;?$@0h;t5{fO%<|3Al!#1zSzo4HgF$B_xkHz@-BKd-bX4i2g!5X2947cK!FeD7b zJu-LvxCS)M4189@!6=6pblk~AUWq$Mue%VKK!&TU3j&*9L>-bSh{^b2CGS?Gmi)w$ zr5j#@5!=9cmiSDC%S3k|JH#N66ky*!DyDa8j7$=P=B2)7K{QtVKn9AwHpy~z;6<*B zCxIa1P0}fjO2N`o1`nSykUV|W(W?;ul?n)H&8bZ}+}=mM%$xc7m%b2DSR?H_<@v8V zQteZzho^*~Jr7f@1g9>XAMXORVB7EpqRbL&F|cNlG4gG!J~|nr6!$dCA#*X-jjkWW zWmk?@C+wj~X{Q}3;z@!YC-1{xNHSDWL_*e~>?4~5nSgL144F(xI@2g3k-|9>tTv=~ zd76$8M-^mx4R|hG=iR=pn3QlL8^;iRqfw=n!DI2cgq=^Uz78I@#7WdTB1ume@z$?) zJq|-$$Ib_+MXP5DQImprHqB{L+xChS@&4An&s-|y^ip*pnrv+C+RE!{X4-2{*_Z8{ zb$yp-WV=c;gi4m%>}@0@eDgwMO%T|1fYu)qD###q)zbRid2UIX-*$echdt9eVHF{6 zIWuSN_50)j9y_dB^;fy_+gD;z#a8SR@F6^jWm|@E!q~;!xOXEJU)AZ4JsQgEYBg8% zzu4hl-;j;ax&9G}D#@ek7L*J4Om15CVUXkxi8jeB{Im->X=V<7G>C>u*js}>W*gqBB)i7%hju90LtvR-d7Q!^mSWz05R^{9u#|nM zKGH3R&E$Se1i$NfJD<@YmF;q6kMp)36*cbKRy2aRa8gHFZ3iTjc_e_p`->@CMyWTR z@8}*5efo=C(&EW>?m}JiU2@PULnc2aCJ}WRe5poBE77cqlA?T{=5QiJKk@n-^PieF z!;B)OO!Dk7OKk?@VN|OgA|X?O9AVLk1ID3P&D6_o-2#m^HIt9m^p9^69#x28S$BD= zwA^4>sp~tie-wSlkHnS@gQN@$@Abeqjqg0`+PpfU8Nj!@v8OhOvFOAVZ$U8=T{?ih$>NL1P-+-p4?kX|X{cv#gHDi&mtML8~9T zLBjta3@ri3`d%rT$CYC6b;)kv$i+2pPdM_qY2v~1R8A&<>@=+CC=BIG$KvxDC||dR z9e*kp*iI49ONTK3lZhiHtj<()$t`QsYo#| zI!lHy#9H>uwJxAmz#~Hadx!MUlz6F-F|FI z&AwA)f#N;MO~ZeMGb{HM%-~siw)^yH?!C8ct75oQ{Na8mu#l*(Q>})_N%1Di{}+~j zR6{+i>@H7+(?t}M*2kNhz~Zd-u$Wj@USbcWkwU~I(v4AU%`N7^zs{*)b&#(JBX0VF zS_ZM-`L($)%p|}QatY2Hkw>S8TQN;a(6r-^yh^DKCx(hzM8u3+6aKY6ljx6`E6=OP zOtFnUIcu(rcen3V+PE_fvUqJt`C{KQeSL9+uD&=QZu+k#Jhv=%oi3rD)Di~r)7W)| zvkGeO2jt}VkZmY>WL%oT4Y(PZWplhE7mt8&9~_~$AEO(4nZIOQPWg~cUrZWViu-mD zYUHZP#`+Bs>4qtH(b&J!?ZE>#ug2H3`9W9JA0+9DBJq(Xm^S!1Vc6M#|Y>}WE z>{t;>UZl;`Ad&YvUD=ky@N~~OPx1Zd@;yQ~`d|xfyt8;Vxn8%N5#%M`*6qNLta#7p z?fb93^DW!`C|!Rrh>fK$80%ieb>1NI;)|Om;S#ryf;S?O_1v5UO%P1vJ+ng)&kSia z;!l`l%}nAm=>g@e+UiWjE{oDW&E*FeL7?hyo3IRbOc)x?6a1Bz*c0-dDH8S$st=+V z?%{*qAX2|a3g!)rq36$b579mJ$Ua){i&csVt}bJM@M4fMRCx#Rx zOuy-4IS+;s-K$W>vW2#lc{OAL*trC)vfbkftmcpvS|=Dx5%C%7grw($qr*1o0&qPk zMPY>lKAKQFVDTYs?B~wX)0LFXOK}GkyYpBVU8?jywe`Q3S)h-_NAP0oogX*WSI5M9 z|NBQlNF_DVL{zJ<T0Iq6W!PyLdx&I6Diq{7u(QWAqrX2G( z*l)sR=Xa?V%OkGRs8^H(Kw)`0j-}WqueVp%e%l+~q5>}Szh8T)+icm^I~{RJx|38z z^Ega&gOA9IyA75v=l>Em{z>n(n)tOKe|z(Ff1pw_RW9}LE8{zs5Kl?ytmII2lPf{c zZlxppozf~AB``Br{IE)Xsqv&GdS-}~F;V0Kq&j5cbrBp~iXM8Xaei@n4~KgACmHt) zo@&&Lu7zRigv%_P>R^nJZos}CuuAnkx|_VdV$go?2Af^bpy7*A;Yug_d%bezd*VA# z$jWV})7fcMlBMc|J{vjq!Jz%)`rznKnn8H&KtVc}MS^6k0IKFlALHXkspl7p^S|a^ zA2&+f%w9kH2mzb>ek+h@M+j<)B1*WBn}7U%Uh9VUtkg`6=XTSzoBCw{GQsRmd^<^x%`ij$nqZLXpS5pI&pTS?HL4 z-~_}WkXAP;OY{bSmc{$&?OzF_%Z7?qFc%>{r0yN{CAbW-8f6tC`Mu)5{QEi0zTDUl zmeXcm@}1RV2wpgJO4xOnLRK-FSSDx@hz0N{PXMtP(r@~N2SXLHWriWXn#B?7JM+Dh zQ@9S7v6_?7S6fHJ>W&H$>y)nAjwjxdPZK<(A2+;?X1(hYE|R5^K@=31rR?Ndkbux; zdQ<|MHel<^#7sNAOwb{sQQn=`?NN-a$H5==t9QdvcHu9p4xLIdyy!bYVAbPP$)X`{ z$})jBo-{=n16GM5-*`JP&(nLZWj zF4|yIfe81S1Z$y6Q;mC=1*9Y*2)Vpo!}>6~!4_85x8Y9f&E$9lF7n zm^|`KR-Eok6zf4RfV86Ro5IGWEW@sqlKH9e7=s!CVZ~$loLfnUMquC5!c)ioq@;@( z^kFY|GWrAs>qRi!Npm=vR9z!d z)($&GuvWS)=~cI(^_0cnSK_acZ#T9LS0x#azi5rsFyLw3O7E_=w4&MyuO75mL)92# zd~=_`0`^HdRv|~GUufv!KTG+-9b9%Qo;EjC9(R8EdP}y~p5dW-?H|`Rh#UQvbn}HI z#K6d0K0?O+;G`T!zUNx683V^|dHNV>^M*?%cMW^A{_lBs|Dyj`KX#$FJ>Vwn_SRuu zB%~7qS>))E#6`NmEGWb~-$byD9(@K)I&=u4T4K7J%tbRfSW>Ra)4w8!2-Pb#7BXg* zsp1eJT58KLWsvl)T5%1Ry=+FF!^H{jO}eQ7 z=dkx#J6_3Qji7buH;|G%9Ph@8%azP!oCrG8fYFl=wWx}=4?d*An5CnpT%HvszZ7H+ zrcVi$_YYeThSh}d5Jc50NqPI{ir6by;9}zVSMr&Ex?ki=3+|u^1aBsm=Ov&xshA$z z%+h|exJA=_;M2rPm=%P-dD|-n&qiyOZd@&K^G8tfi7Q6QlpzLYbpV;pKLv_bQQXzg zoqp49bsxqNAVaw$V^3EPf*X;qQ~mk{tN9G&x5*)`Fz7ju1W4i$EBNrIfR&fBfTG#y%fg`hP*az953jLx6tGooWPhocWUU-VOSl2W;_ixL$ExF0zO7exEA z+Q0vxb$aW<7Tw?py5nb8KMfnhJV zw-861l;_sxKI={Y@u!&AeTTbnF_WD?KN#^dW+Mc+4Z%*#9K5IdsKWdElB2Ie)Df)9 z68eNjY9W#7_~q}dT=^-L5>And&vRLILk&HD@h`nN7D-OWHxPIsyTSB3mG3_M<$60C zqMEL+ssN`(5$M?6^LEa!YO&U+XYF0vxuQFY34y+fdmHc-sdLiiT&kI9Cmvi(>^s2r z6wY9Bj?Px1@*BrR?|C$V5oJeiZ$iGMa>|@@HD9X)iNHvxLU9#3Cl3gzN9}CmQX!i z!mqAN561?E<73}?LL7@k2hW9!U_<&m@mYwg8!l^1T8of9*s6c^ql4+uj^U&HGy2Zy)@pxy`@` z2;>u0haJNo$V`xhM{&qkiLRn$Y2>KAVB|!kx;%>uvV}v(tMyZvtLwR&X%u^LQM%eS z4f(k=x$&79ZFN*^?Wpn!=lYQ>3;udh^`u=6X+mpP-P`Om(bf+A;IL&2HC>T|bl}Hm z7eS2_`ZaO*X*{AEp)LBhAO90JT(I9*uOB;RmZ$X%K^U#}Pz1efb#fv%Q)rm`p~=oNjBR)yS&?)owViB%Ih z8|Y~R{N5n_cTE(_Kbj(eD>*P*V0GvFa`_v3a?7FhtHc*`h>8hoq5n`y(uTKMu2 zf@0~8=aFVq_q7t9^)g$JeP9CYb2#+8 zFxab#?6xoKVi6$HkE1?^W3Qm2b8z8HkU(RcFQq$sz9fp-bw4P84!VNnV zB+=8OqH`^unL3cJx{?c?AcX9%r+P080(`LeJx8zv>v^-pVd;YbaawDotf$X+YaRC| z=F_9CacjMQ6DCL$+`$J0G3 z_PewA5YfRf%aBc^qF2e5vBYM?H?U~caBnOvt?hJ!16X9k1bnCM7Gq|1){aK_k&+@$ zAVHAuDP%_!++g7%J`zU-g^p( z855DzWBs^Q`uDZob@f~U{7mY*mY#V6m(X#mj?+Jmg(IPyk+VK8G=24934+ zstev*mhE+xDph@{6N3I4p|&E|fQP)1N$zh#;7_KqqzK#LgA@NeP9t{u0ROixG^p=+ ztZzaG+<2~CmEL!v^BpYjAcy&?DThnKr0rGkXEtkjPyal%t7na&;~)YgljW|P@*Now zj$*c6n1KX?$s$5#lh@k$OCO~uyiU#=Su)Hhtl|saO@_?PUD!odxt5)vbV}`%&97WJFWCtJ=- zHc)d)LdggS3Vtkh`7*k$xx}iN&TTD|Fm4#I-^;5pCt2o8BoJj?$;9@B5jBy6UyoX8 zxRK~;*}#-nB35}!3STu(c}sk(SU_gpRb`NT(|;CL69=~5_+BvNIZ?%hd47`^Y%mHL%r)3;iuD&3fb^qG`EgN zwR}kFnu7^8Glgw&o<7siJLWGq(QRHEw|qNW8$$Aa0V%2GdibnN;X6X-rauPU%2}2u zJ^%0}0#a)!)Yyl%LT}{Jai-x*AKIb74koFyI~&G1l=p1JpOp0BC;W{_A{Yx)AAe(+ zXHJDt13}vIO$Xfmo-S$u-jbUxB7vDdp$L>7m=vL`Z!CneLkLcN(jy&~^LNGu6X<=fq%)pTeO+mfSPTtb4tn^Mk!S(C5o z3I=VVj0a4PSr%k*=eO0a6yxHTYM&&Q7=GWLt@0`j?yH1a(~vvD5Qu3WCqw>mK_MLE zXc0HuSbFK*(DXzhb8R70fGAVD3!vn))7z zX;=x%Bi#rg&A3oWYjytfZCJ4$BG6w$=}gT=RbIngG&E)Q3l4=qUfd=&;E!)CUbrc} zGOd3Sy;k}r_d#b7=O@*#5Kx;<4}v0aOPnlm%2}mGv=24O>jHmhHe@z_<&_VtAHs3E zjDIe%5`%qFc{Hd`#29%a}H zuFR9d%k=P(@NmmZlh&NIcGXHFNa}fI(7zba^*GT`$#@m?US>i|v@CI=iw`@K-?^^7 z&nBfKf8A;!(=Wg4xr|K|G6glXi*i>u#p>wq(xtvF>rYb$ECk z_J-0IAf&B}OoA!>4Tv48Y&_sl7Fqq!4`!43#Own9783~F z`Y78h!!*6kkZMv@h}o}RqQrVxzgwY6;pBs;ipf%|G$Db#tF%>E(k~-@7->T;_{%Qq z?3C@aMS%Dsu)yk0w>utQC-IHNVMtx=Ep{<`=_i%OhL55S&IZD@@6LQ7{y5F#do z*S?A6016VhEg9qeKA0bHkiTzBLe!+C{%tN}8eaJYJKSGg zHe$3Q`nNzvKy!_KS0|jeWdjTVqh%_NAb>klmL40a0a5ccC>5=BD!Hi z{WiFqQA`S`MZvF?iv3j|3M^x))kI*!G54?L~!orfhZDW~o`uKS%>uK$HrP8mhi$g&TUui&heSj<{q(T8=L8MXO>du`&*-rd=7fnfuECz8}?}~ z$=JpzcbP(uyImT~IZz!my_OUtTvS}>1jGlOK;U!Y=^C+aC9@DmhHcTmH=c;IJ`c`TL+RO7tO2KGnmeYK2ms(pjr74CA zDdcg+AcG=SR0<5v{!Za?$$}vB3*H{-H;b#pvj<4#+MSj2WO4@*RwF)k6nkOo=F2RH zB@6w;s;9S^$v~OfBAmyhsg^*_^|C?I8^_P0|9LMau1gS#4fJmi5s*P6e0Gy9RgsFm zQ`#UV^&hxuW?WK^(DsK9=Nt~NDb8nszTT-DFY{ne<_Pl%BgWuRjsZ%AWT>n}Pb>|D%K)*grP9w2*%V_ZSJ7v`fTA*W6kdXmD>P*82 zOf}EfwN??XgiSA_$Ze_>P(^1n6vYeC$@JA0HW-VOrgGwu4rAqsdNo9~s0zcTX--XK zRwE-7YIqUBY#Gh5q{@%2^1XQ9+aE7_sFZq>A6}tJ#;<@L^Ms+${gpP-)@fmup6cnL z_FAcZi)9?4Wa(EVVglmxpQT9Jgc>KSl6wZzf$9P{9EZatYkRKWDbB%(f4lG72nLsd z_qUty;=(y#vAE4IZnHf2i_o?w%aX@36-5UoWpxj!aEslC@=Bj_ZOrTFy?ez+Gq#31 z>1;muW_amJa|HksCQS4rLL>@;K>e;iC@M)Em{}cW!VzyVB<%x(zANg(eb7fKgJ4)O zeR8`0!soAIu>#LD`?SfMtFGhnSkTsv1rQTP1j6|zNQ^FT$Oj*&8#}f2IUPH%87es6 zt5ts1c|dow!Z%Q5plQnG7W-woq731|1Omi`g>w!-B?a-D(kdA`Za5U=eDG2Sfo6h+9&h8NooWC3n#>PLq=vP^Nb~da2HPW0fjnjeP?*>x_1r*DchD%Z zX`@Ij4)p_)0c8CCHqKz`6Is5}O87gR&zSkE7QPcbvB+*PEAvOmQA!T|M1B0Agoxq4 zOX3TN{6eaxFD#?y6ajxi`%Px_au!uoDkY;33mexw6Fa|*`d~v%dT>Z34uk;3sBNPm zgSDw8%)bQ!n8kY=JkoWFdqMls#8B)Q4Wz<@lh{o~Xx!ma;f2F5ydE)OSj%Y?ySYF* z$A*7Fzl+RAvWySIu*0Mniw=5&DgFA9UU=$`$f3yX;3#^izcj>8*b&}`b21x79EJ>1 z(G-JELBc>9@_%-~=k7DgzjfPAX)zj4qEHMte~2JQST~gT!x;^WSfZ`s3X{S zI3-JiZI>M)uE%kJodhHW{MVRd7eQ(91ymRora&69$~%9hfwyT*J!0aXFa_~^9%^Dl zl_o7LOg8qwAd^Es{HGmx#p7D= zP%tUrp~6!L^N+b|06gnYn*h>-T(DPv$lpEd%$yKCfh9VDS`@hCxMO`%f2L9Z`N;+M z>788D3v}@XbD$Z5^+K?DFMWK^5PGRkk#&kU>3i7mreIs(ZyZ5ibDvZ8&o_LLJDLDd zzXINbf>*^vaR7&Zl8EqOsH+pp876|?(ilLLY~n_9vo$#Fq|;PXm`Z6Gxd3ht#sG*h z8dqfSDKh=;)+zH*8-P+JvNT~b2&G%VPZZ8_zfjKNqK@BEUhwjfJ>p6kWJn+|{Cv9p z91VensMKnh89IpB2a=%PG%#jQRG2IkA|I(hRw8pl4g^ZmcViY%8af5@umQ~v z6#~Vj0JxX_Kr#!tMUV_~3S^7QK-3M9Gx<(>-VR6i@Jrd4)bdeR79K5z@E5|qSBCMt%nf-d!o=Q{ zr}QEIfHaCp0TS!%X^@T0D3Orm4E@w@mbIF9ovVjuE_YGMCa*%<`CLL8>+1R1au+^O zIw&$&^0J&Ybvft*CZJ$Ph_MGELPj9+M;1Z2?oTn>wNgQ9C@U4z=}D681EzP12~}06 z^vzxPEhN8iQs1Gunw8KhwukazEqnqW02;2V3A0tkP>nXnbBo)JU{^^cFt{81ik86qj>;D z;X~ls5@OkFz^|SlkFsq00uPFQJYUgSdBY}zyv(e`Ss%fENwcR({V6kXe+YCk>G=r> z4y%|p7K>Hnj!!BSsmnqWD$T#27up9%YK7<7;V3P3f7bC%F(Xil6!in087eyVd|bHhhuRzzs0a%SFaQ93-xTS{V(PGS?fQO+-!tFq7Z>t2qQL!v z`o|~_@|=qM8v*bjvOisW64RQy(mmg|x16pmi=f7N2TU(tinKrfS)Pe7)RWHZycNtosfH#fbI8xn|d?|L^ ze|{9cXm@QiZM5LPFHW11E~FLe9>KbKDO>)_^>U5^z1u6kn_4ce-n`QMCnf*ss-z-2 z3Si$nqac>ZPi(q31o1fRE15M2FeL;3&w)aeRFTMv`td>6E46H^)8|7T0o|xKJECuE zE-$;oBQ)-tkRgt8m-pi$e6c2>EAOx^{wdC&hlp2fR>otsDC zbeWDuc2W49bW^ls1r5>5tz2hlT-m>PTbB29F@C z&}``X9uhWdsI$NASmWl+hRPOU<}e;@sp1qRHCBXL&c7b8KEFISP>@Y+!-Iaq(~;0Pfo0FdomIBG zp?~{`v-}>jS%=EH+NG=F-A0q%Z{Fjm4EzsmEJR|Ab67F)1|NvM9F{QC;I|}ZjkmFf zSIN=R_bA1)%jo(-dy*y4mzL8~q%(tG^|Eayxm(g6oHCaKg}(BNE#S1 z-`a^|(PH{kLeJ@83Nj{-Ap=OJFjunbP7WU%9_1%}(Byw0@u4?WYc4#-1SMA7Y*Vqz ziH|p^cyM=Z1LNjVYXs-KZJg-0(pddJeN~CQ2@mo&$ps(8Ia`$Rj8&)}fIv7l_*YDg zdlBMk(uH|`P+tm6f46_=fcY3meLQJ@=T)#!YWb4~dMI_*WDnHV42)~2+$pK}F(jN& zBHTu+H{~sfkE)rt^#3gl)+^MBTxmAoYc{0Dlp$=N&Oj$L8c~pB)d-~9p{f8WO1o1| zJ8Q9x5H>$~lymgjiBH>)kVC|TgM%TpKgc*wew_8z>Wfog^GJ6ob@jMfKs#p-9ZzBJ z@dJwZr#UJaBP1`U=+ZkSVfb8p7+V2>=CJ_r6uH8pMHE5+w?v;52s7@9wPu=XsoZYR z??zorzmhI1yda(IlT%h$3W5>VpJp~A#`&A;*G?Wx%>PCJfIen`kvq(rp@j?KWHR&) zo=j2-((2sbHS<~Y*~O*Au^B$qoO)L;F865MKwH+8dtxSsLIKzcVa8N7wJ9&0%<|T0 zlS(qsyu_hX?&i>p|7Dc%!P;k;Xq+^ICXE7X{sQHIL3IHMITx+{0ig8h?Gu7{JA^w& zKoCHA))uf<)GYi@OaOrZ&@;XmT?|e?&Upz!n!~5?GwIrj^DGBUi7yQe0tCaXu@}^t z=ewnd)ZcWroc`egX1NPdL07GtTeyp6^!!S&$XcXBK~Py_XK70nw^Ln`?y*`TVkYGAsJ@zQJ|?wg>Z3(pHVLV^)@6xVPWRJpJndC+PjRArrBLDCJ${~&Z?$V+O1llOaXKe6P1iB(;3EwA6hMu|e0e{+i6LR~bUOw((k)H1k0HGW1 zq4n;R-=isZZT>AVr&ugP7+^1+308tEhSKnpqTCb@T8QT~F zB#HxlVxmH36M@K1;ZF>TrHnRoy3-hChg+!qlj~#%u`o?65gzRUAP^-JzbZ5zD6&8n zihl5fVDX1C2gcb>iXxIm+8bIU{E`+H_hWqcPaVMY0W1s=wCLHV6vj{2FT1-f`9uxw z3sC|nfFq-7f*qvsrM>%Lb)i0wWFsar|3enc3O&LijRbz^j=TS4)^-;>r_fGjE=xgr zrKbm&eoV;EU8TSRmxXVhWil_pOkG$*j7e(z(fsB-Hi75SA;Xfh@eXkpLQ_5p%QxtC=%7Uz)vF=`d-x1JWKMbpkBIK|bdnh5zZY&0aaLzF&BlG8Vvd%tl)z za?v!gjM)WEblCwT8iUxeiZtsA844l`S>%WxZTdj3|A9Onxo{evrkLtcz)T~`i4-J5 zWy!XWUO=FoUUma`;`x$Ys>;dB^CT`NPL3CfI5HhC)Ad*=PJN2lli!%_Vjh=is4i>g zPevEp!%EZUbDk+YA8m&zssp1$PAU(SK9JG>aCadrY!?2ew+E@C<*^fisXb0s)~o=Q zLi0OE@Ppx49z49N`^(ul8s)Cge_S{l_|M}K;X7t{3)L`?E0MnIi$J3i?>6o(GZ>sgDT9jxH*k z?2&2Rf%fzGPy!hKM~za%oNVUPA%WteeZu8Vq?< zN$eg6E*@)&prwLQ|Ci8EJMt(`?wZuP=3{-oh>hRqPubW+ZD9&o2 z;b>K-sQy@$vFVQUpEwjJo9hp`&0B@s^KJu8RAN=DKT{qrhY>H3J(p9vK>C6^OIg{}v`34kWAHebKT6|M0Bty>#t-x4K_|(Sq^f6xkz2g|) z!G^W{!#e4*LD-f!xbciCCH{KvLdE0>(AkGS6rOGNet~4PbVSJ(8alVn4-3aC?)Z1O z_>@`bc0`Z%u)V9Vl>c^#V3a$+x)Z^q?J zO}tiG!Aa*W9>FH&2j($svRJr^iQXezPq@y~|PwKyrTE}`%cTEftvIih;ia!KDBE?> z*V-5Zb-6nEGlxfm|ME5T^H}@+fgjP*5y9>__5!%3P4TV{sUhc6Z73tlFCI)oXEe?+ zTI0Cx!z@zS%$n(CPTUC9e~Bpv(Ck2QY^J zcAVhkFixhK?9!=9l7d@obPAPeuaV=zp)^v;MW-Z^b){)$czKR0Fp&Li@+F{B++RaX zC_ebWCW5ib@$76OEu~+9@k4Cs&JFWNoCCm7N^#=QOzWYW2H{&mt4!S+C0tYV#@~Nx z^$b>~hQ~htVKS;gZje2nPO#DpUwfIAvyT~WP74>y04%C&ozMtp{A9N}L;t;_{99+? z>^E7ycvHqtgoVcjvBbBELY)1AaE3*yTJ z4>Z3PaW;GL&2R|Z8eLtKe-TYJ{oM9?dwMgRTd#*Mce8esP7E8WH&PZMmgM&^cI@<5Lq;|FiHr#PXyE|Z^akOSBjNp&jvt%Uqvi>( zMCP~vjHhepB<8e%!kLis*#R`wYfobyl4(0BN4T-ukhAL=hBMPfj(xLmMr6-SdYhHO zk!wSDrSWN2u9;hp@5swvHa$^&G{01uT_i2jAR-X>29__fb@dFBRQC^%buXf#Jx8#o zva2)H3>Vc5mDNnpJkw8{i;Lroxg72rdsi^eM{SjI1GVloORL&7i{ad&A@a}0u(u>I#B`&xnUM9W zXoxK1KJPdH^wsIc#^&yHi$fH9)_y(SN?e`urqcTOoVqfQ71wKN2yi?p8QEOqM^^ za^HE(!6(;S$p2T621JFPD4ybrL>eVsz|99BDhEP8ji^lE4(nx9KMMwz zuF&>!MP$nlZ|%i{gAJ)8qv;}=EkdN+hN?7$eG=hg(;ptu*e%@h^0QEo8_b{N<*%?B zt}h?$$|Iw+EMs~)+yC(0F<`0*|47E#z-8&t*N>a^(`3B0tDsYE=t8;fcsM_J4Qtj# z%GNjK{f14yHaUk_y}wjVm2N+7Zq?^$XKa?)gZl~}x9h=JQFGaK+zGm0)cxEMftLPh z>*>X%#D1;|47Zt2^2ZuE`9-Zi$XAnE!t2fUv0|e&K(FRBg#JDmvMiRT+XcPn`AL5 z_?>Ci^N1@h4?k5cSy5YVgY4^hpB2GwH53Dix@NB~Q&sP*=Sla~^^6U5@!`0SFGQc8 zrHA9}&vt`f+}*MUlE_HXQXDAICTrtrxJQOmd4!4#%p1OvR9B1V1&Nh4$j}B5%f|Ha z?P6WaBZJ&uoWc?81iA)gzr$mf*o_6X))@{ z*`L*)kTH&(+{6=9g3D1FXYJleGFpvfpNwJ-RbXjKJpC!oGAMTX@JIPuU~HdkL(k|V zcinPpFKsbj>jx9ZcEuv%pSL^TRi1B-F8G4o@7Yk<-@gj|xuZTmynjBw%k~h~+eobP z_9tMHPKNx@uk|-cZb)I>lA%P}o67Zl#o(%2hK!m{m?@PnUYJ)maKyLbj78j_AeL~$ z2hOI|^G3t^e2rBSQymyMUblC7?4o68V;`LKBwvL?r`LQj#0kFU1;=TtF}#PMGduM} ze^T_RaA0Cuxnjp={{;JAPBK9i<#5>`ognU+ab!=gCo#!+BBk82c0plta=o(E?FQmr zHg+VLj2WcdRRAEDq01>Gc$|%WbD5e>uWjR?x{r@m)^~D26Y=hkO(zY3&GJH=ebB=7 zKorif*!g-CLFx71zX-6(Qd058VA#D+t%q%B7H6)$iM z?fZ{fwRgT>GBK4>VW;yWOLI6c?sStrSS{EdCBG*tMr^n)H7jKk7gSCRZJn52Pgxv& zeM=FtOQb2s6{HXa%hkOU38_uYz3S4G&cYq9Wg2Jd%a_hVM|}ii@#IC4g@zZF#c1S~ zXEi1pgZMmxc$3yti_b($Gp$_z&^o=l@udgWe0E73ytxmH4&guCH%s`E5Gn_%&o;;o zs^7ZxWr;14IN<6Y+%(4WkeApCjAeAHdeCyu)vxp-w=3Ig2=!e!^IT(q$y=Bqxqbh6 zKIVl~M|UGIdp~P9^DFyQfiiypgXm^sdb!t=8meval~%k8EE)=t)XDVgliQa}Gts+v z@B~)|NH_#lUTc_8uJjn^s8Dw(Onvv^dWUxtwH-`KI+QHe6sF;OesdqQ2zO@3a2`c%p+-b(fGWgO%S$en0R(U? zzf#LxPnZ8K8})aKO|HLzv5WVW4jS`XY|vcQ>8VReMSbbhhN%y@AW?V2hEh1X@65nZ zZzZ<9X%Xx-2?m^Z^dD?FYvz~9uVDUWzOJXIc^$S3uF~j@&uAj}kX>r%Rb)l`Vyu}8 zJ~?A!`(mw9qMW(?uJ*g#VMXRD&n#%V@oQk_nXs5Ke&Osy@3cBEN1XS#`U;K;n2Nd< zNDE6lS=EF_y8-DihVWcx`)s&^kc$t`^``*&j#pl|L9YQ_^;eeF88}vq=us24DZT?c zhuS*CZPA96hf9lP7+7>0BNci?0R_$19QyRGknAoltxW40K6kThtIwZ7a)Y?U@`AA? z)O&;!$T233#yn5jTk9K{c(#YL>ktx~9w}J3YsmaNNkqs)sGsX-W`gJWORUc~&6nwV zJzDS?vT!2nWx4tOPnyKYdZFi{0hvfx;W0rhrJoc#m}hLHNQR0OGFTl~?9EMc?;$lz zO>!c==UgE{;Baz3TCQN8V2;L%by z#ken9qg8c~FuE9^I#w_dce@(g-skzr^5uR(FKYKiagS!3a37x>BT)qzH4&v|^-yj| z>f3>+-WITHa(-|fdjsC5yw2%(*E0K-|B#ZF~~^Y<#YSygF67FD}G59_^)mbYi=bi)8UA zN5iJ#r*xArQnr~GIJ2ZIe(Iikb96k$I`>1hl34pz2^&T4ZJXnwChZzBxc@l}r*7dE z{F)N%ri&2g$9+5hkV60c*Qmg6%F#i{2x0y*(p7tHPWuFn?_j_M-^=yG7n<&^mHH1v z6g_H$nSC6e>)k3{xsIQoPM?UoS!mhc@w5aofGS@tda8Z8K6gz0eE!O@{|)i8EAIV@ zZZ`%g4fhD#F#I(ZD);b{ zDmIVIu0@VM_KxRW!;1-i}#nQ<`Ke{ys<@)5p&zWRcbJ2;uD6m)zIc=MzPWN&rbJc zV*~nl@8=W~DKf`WbiIE@J>#YKc>iI7b2`8NQs$no)HGO~7pb^8x2pZ5VX?PB&;R%r z`J48pA1c$EIrCcUdo`35hB;`C&%2g-e-ncg1snkYB$4tlqfhLR4RcmU=2H6_8FapbJ{zAx$%UtEjr*{| z+K=oWE#y~KU3YJid$WD9dZGz8#5QeGuw&a1jO9*@I~XHJ8U)Zjssyt!PW9LvH=ur^ za%qZ=GfleJLP&o|fC#5V4rs^A!AO`%@-M|B;%5p+)$p`!5#Zo?Tf4 zJz)#7m%8OvMI^2@Mtw`|kN?BcSw^+hHEp;+TcibwyA^kLYjJmXhvM#1+`T|kB*h(y zI}~>-PH=Y%uHWH#Ki0}0AS*j3Co^;3bIsmEoge}_ZQ^{m`wMIMUAvMEU`zf0!}W{N z2&%7Ze5J`yF7^A6;&->XeVx?#Zag`@3>vx_dKVt*T9(fR*8Nt0hBlmKfEJY0N0sNd zVo4Ng=q>yUqSTWH^mn%bm#k8?h)%86sm4XhCQWtg4|vr*37#XBIhZ7zQA5Cyxs{tW zX7PRoel2fX7DMDf+E|`lz0c;Vw}lFBluR*&!uVfXUC}eLa*dtq!zi&sg@Ft`NBe{4 zw~q3pbcG)NGBP@RIz`;zgy-iP3O%>d#3KUo)!RNUK4SW+n(hk65bf?C8D@eqGP!Tn zWzn#zeyNE=+l-8D+fFwLj!5^}Gqgf=&;TPVqrN>T*V#2@Y?6JVEI(60f?Bjr)x30c z@N@=6h`CN&{7x2!7uJ{-xAUG+JH|!cIc=C+%`=wyIfV^mEE>%YnP~a)>UkwfJZW{M zWn&`!7YBUF9}yv%7v#uE=$wJ^U}B2FTB^7Ucydi=gadpBdfKWV;wmaWe`HngEvPg% zhzaDs-lhWx0l7`12kw&5GezPl?OQQ6))SIatGBORAe!@UnttR1i5uPW>gw+(@3suz z*4blgY=3T=L}=}c`YR?KxHD3hD78NM*#i|_iTQN-Sph%@a%EX*!%hevSIGyZ2@`T;H4+wW9CN{)SEF&MNeCRh=J zpXjnfR0M7=p6sAVM*r)7{0Jjabbf~w)hZO$kdPQzOSD2kO`3$6(UW&SR+?9!!OMYY zTdC#V_vG6P3HTC%)qU;o3A~$DOXrp|rcYnI2D5;*X_+r8* zYPnZqz1*cdg5!l+|NAtvk_j0Sld~GFGd0yz1WnQ{0!wG&kDu?gR8c*7d&9J8f_D6x zr&ThxOpC*%eCOHjSyOEyIsfa7Y?CiG8SrF>e|kT-pE92>R^21X0xi+X98?We@+5?+ zCahBYYam-5D3Se5N7jyGXW0ue5ZR;9u?|hQ28{&zQ{0TXD4gKtxAfNnc16 z);$H`w`8I1AbZ^T8ju>=*71_8wXQ~6MPF9tekSilL@%=SAyO^g@vMUUZzja%wyc(E z>xP{Z9Rqqvm|C9Ope$QaPewi1QK#TvTnh!Bpzc42;e*fFy2=fK-q^QvMcUB6x%D<; zdbij&is(k?Svb*rc3SesOTC%{o#cA_yjHVG)qJQq>iY!}LT!&5<*z1v2bq{Oe{hA^goLtC=Yb_ za)J$ZvMTUCvcfZg7Vsl&W5ZS?kg0bL7fzL$oMhd!obgfK=|p~rk`rj6ZziO9lEVk= zSZ@EAH-O=;7aL|Efn11#roDd z9baQ)N8KX{jo-I==;~O_Iqp#Ekj;M{pOg}qW2Y~=MF{gP?=kT4^>?Ggzed=OU3Phgh|qwP@dS>91Ln{F{AL~zDh&lhqNj9+=mTD ztaKL{TN`&<5|k+jEjeH$M}Il|-BN54lw!|yB9C=Prxx^8TEj1*F6qk*%~4glMnvA` zZM=q2FWb4;A`y-V`S~W3eIoO)@+ihS+n`TJ+8A{7vR;C3pTJ^S2TO>)?p!nW)nkp5 z$N_5)18a+NWs@x>Ix34+{BA|r*qjS`dDbPm_UYd_z)MAYVDsOt$G>h-+(e$InO50`cC3vr_tmY#k*A$6&yuH~UKcn?tX=OAgE?|!8U5u} zUalRawt~yc21)z$;-HKCVaU%9M~J?3b25{KPg2r6Xv7v}{GXFpeVifP@mFDPDMxX5 z)d2%U&8SryLYQ^}7a3c<$(0^nyV$H71zL`?4PttEv>QjgiY(Pf1xz8jy7LK?4{ky! zRnVOkow08=TNl?M?c0VE3N@_n%MMVOtpm14tvy@y^)#MRJhcLN958P zsupwAcRi)BG%y?F>hfZrQ&@j#9@rB~p&2l$8ugf_V(zze^)PZ_TKQSd%WFs?&?2vD z%xi08@>F}d!Lw)k7L425FQ6-8|&+B(H8)XF_&@ofb+?T zS%;JI?VOI%9Bh)vu3Uab&z8On9jo8z5IqIzPIaP@tno4=fx6+(#GhdTEzn3+d@HF8 zA7@xLq*F`-dL29ZTq6jBgbH!iQ5nL+b`Xk7-_{z~klRF7mf~MiN&`a3=G&>#<_Ls@ z9&ZjOB4*kDnb5;^(9B9=>TSZ2Ndj+aEbH167hfdEP9CuXEFX&AagTkFBy4g2lYWys+JssE|huvDpOoBhxr6M*dx_voRcTub@hGPx*MlmmKc?F}f3 zg;7^eG{@6U6&;IB!o0l@G{0!edMRDN;dv?Yp{0q~O_|ryBK}#KqeRatq&Z%mIqLgQ zIQ-_`!bK-LP>c{)prxe~kxw*ixNXGyJ%}@A+y(*uq0hkPZ?U*(w4-w3V82)MQn89& z+9U6x;pI`0s>;1rh4R|MayvB#w>z8ZMM>Xg3qwRVYG7)u{kxIz>aC5=lYm3RBzz)p zYI+H}P>3pU9F?frs%8!!59?(UT1$@cea_&!-_xxYn)@^YCX`8$T<2(3k5HnMC-3#d zkx(&GKA!Ic4YQ7rdi+`4OtOwSNYVOzoCVNflW*s0zt&f=+l55Em)wi=0#>a5Z*4IS zk2tWZ|76iT{%W5nE8E;GH7-$`?=@drX9wxYS2oQ_KG?}`d|#R8$RCYVlsVKQ zFcEm|REmb`3kbk6`Ua|QEdHJ4ax*q1`&$8`X~G|@Ih-9~H&8M}p>5W~k->GwQ~Z%$ z@HxMe9mLJ`tVy`RBadj`c=H)-g7A4!Z<5HDzx6XOPAld+gQ zR8WP!iwH1QPlRVRpm9Qv*%`AX7D)Cwh>unqeI%sA@bdG5d*EAPX@)(&RHO(@97t#p z@uYa~bA&{avUodiOz>|mZ@ud?M!#q1p&*s6WQ9bIKwLsA@OKAHT|r*D_rEwVxi}HR zu{cq%n>`kuS~ynZ)__&|B3Y>*)X(^ZHcng)=mv#LR29-8_dy%dENXTgZ&S7 zwpFwnU(r5E(ZZn1Idaq>B$_pp*Dgj>_p7)$&~tF&moSo-G6kYB{Zpra#=Xg5pdDor z@|7>ghg4ie{>$(`CY7X|+n`*m+Tx73GDws%x1CGgC~?R;pLEn-J)}Po-sae8Sx=Is zvd-us*_TDutr!R@s0&+EAOt)yy@sY=ito23R)*8EgAEDE<%ZG$&Y!g=OU*+e_ENcvqN(2y34tGlb`h810BbmKE`#$M81RV#$=(s z4=+>c%WfjR2(_QYhJ7gC4IWX)oZCc@w3Yml_IGKR~QoE7ng<=n+sQPuxzMtl)r|%so)^v@HznZ>@F+9_BVR z#dX5?_BN}r;`4UIg{)865~OZD#L_k{E}akLHP3u1A*e7k=b~Ep(SWx8LZ&K$i;^_K z{u69oF`@!&gm&4m1RYw=4jPG!+}j%3VVuaV`{CFx(85Xmo6 z3% z&wR^_r3>dP`%AV@+}UFFR0*%6K;Ym|uyINxOJfI@85~v5M@!0=CLDE%UyIHY5}o|Y z3o(lLQk)x9eZo;!SI(E<`ydv?u73}_NuQA<1B}sVRWzXS-Ir9Brd--R zMz7p1fWy1baCZkSC1`Z>S5-v>%`6QEAUvZn0#w3axCn>GO5E*spqvex4C1yNG2>VH zb`0-~D^<~07tU|6ba;a=ddGUJ)Xo$Br2))XNgn^P6PqRN`(6SfdwC6InQ3cZz5QA#1*5ghfrSob*~1#$y{YIR$j~trH4r2gg)+29Xp(KWAU*7!KIB2+iCpnDG(4}nnpV%CH z7x4vy;Y`N*4qGZ|x+gfA`G57#D3ABx01D!op0CWiJZvpMP8o< zppt6Y;VRAoZ-dSG6$1vohDy*SWU8@*+ep7<##UZ;_&lR`obc?$vr+1ESl;%kvVoiR zTa=O)OKY+FbQs0gk&0ixNZ}<~lhU`cf`EC#DzxEKF+&cA7jaC|E^3MYy~wA^cN`h< zwn<5-_hKC?1V?A0QSmeb>U0_2o(D5M8{}9KE@kbAL5)=Z0tN7$(~qtl7T)Sc)vRtI zbf|`W`Hzu?6(hYvkQ_F}B0)ApVG{afa-$qPZA(~2JJ9y&(HGfxZP>gSGBPivR_w)DH2?Z<*0d4k)*s^gBo>e`30H8=gz7IxbJ67^ z^nh$;1NNqdnnl4boZe@5X#hjkzz zBOd#k={T2h)$;n{bx)tqP-iF3^l3}XzQdk3$g}MxIc`W?7XRV15czD#OJ zqOFRIqM5DtL`c7JFwgsRlPuUXiTAmuNcirGOuu^3Ostb+{lb?bLIWNPzEeuNRgBWL zXxR!r8h^v1Q`lkJ=;O_F@p|mA^RLwvZ7bMVryt;&_ZY&loA8;yN}8UKMlFX3;T3y_YNUTN$Dt}09#u=g{2WT z!V(x51kj3OV7MemOe`mWSxO=}QbKjM={ak1RnwZ&4^0M>+tO+&H7i_HX7i2|>tgHw zO{XMcskOu(d0biG_qvVg{9E=HP~W#%{v6bu*4F3ALqX)Jr;(~?Rr{Z;Q84~TZo^XG z!%U8RXc%WQVMjuhvdBWEG)G8l*t3d#OQ#e5_&yNV`>1(Q1sg;97AB1?NcX>63b=74 zkU|>=Ovx35(TPg9e}0qw!>}tK3cMAo)?2GlYRo}Q{K?0H^%s*g{wyJ>-E#u@gcf)(FPr4N^|YjYY;KE##eJga}xFh)b`-K$1r9b%)|w@yV1;8odid2?ms7zN*JmVQXukwZDSfzqfN|LW{H; zEI2)uT;Xu!gp*}0vbwu(Rz^!w=mo$X_Zu~O(10{0ZRK^zOA)YIh)=J`o6n)le%p7J zP50HZMUH8VeqlcetCy1$rrVsoZ&yzr9B`ahcrDN8N`!TP{I!-tSa!3~aDiUUIbP$b zdIik#BQh)Q?TW^p$p~a9P#4OBdX^SWdkuweWK$`|WiPyi)%!$EcMDx{`v-e!1Z!@M z9hrE4{jCP7z()?A_z#PC!Oz$AV|WaBza&$sSg!`Ar5H$l^|Sq6mb zkrU9rRlZilPx8Nhlm>sfY%F(q5562HQ-pAg&$jyW3d}Rs^w#gvw^e&qX{O?8iF_C9 zGYoj{gnMa8J`wb}SUt2i+6l!mZh&~*-B~*E5WYEr=*o$E;nmg6M*Pr`K>S+ixB9`t z8!Lu}yR2QNd-#LT4YsO*M%bve{9+EcRjH+zbD9ECMppLE^t5M>h3aOnCD>x+;gquW z1z+@pj-Jl*?Ad2vU|_A8z+ruUGfwf&((81^L_zp2FJjf_8B~b=nIkCCOFMO;!GXC@ zTsdwBoe=hXJ#C1O%{)@H+7$*IJ2YvWx_&DlITVyBBTav4BV^51sWKF(3b0k+b3+)kP*wJ{66!@)8)Ezdf0VN9q$Hd(> zQ561+C(3-Qx{89vojyoWd0kRU3Q?E@{Z~M8eIh|a3?cjskKnjGx;~7}>|_^35j^@e z3bq>vl-?K9Q@DcegkD~E97pxs`giU}OA23&jgvyd@wZyqO>LJKIkgzE$J*9R_*{?n z$Rku!dQMjA=;_!qGx^<>wB`#Y?eOcbONJ^k`BnS$q!8jL5E791=Ul%7>I?9A?vN7n z1ZSdTaDwGLf=4WLyPH`i$|!Zo&t>xk^A8(x`Z{kpw}0@eNK&|Q4`D*ESZ^PHC;v9h z5IK(uC}kN2FkRyfnu$j%b!t*bgB>|F_ngP1#HOf{E1&+zM)w0$3!mdV%WbCTEk?Sd zxeWtHqk`a8-l(L^Pz36!L8XIk8c=^9(XXVR-QV&5l&m2)Ffe%k#sBNqMS_C`;|n)+a#W2uW@%7uSM3s~47H*YC4$ytGh<6&!$QJ|NH9f?CiyU zI8^&`cwFd)&uBjI`>?=qBK+y*;I4ti^U{s><>C0AD<2B~hLnQvAt7+tC)n(k{$zQb zj+;#NU6D#(o(dtMkeTP_U+zQVp-jyoC`Xx7z(kzfv5^}hoZf<1qPlLRD<={LhNbtEtgzx-Hk zaW`pz`1OqqJG72I)T|g^9jNO$ZP&FvZn)TLHKeva`cldBhEAIHd9`=gAL9#UaEHqi zaQ~j#$MZi!7|Ze^wx|J_%i=(nrW8%;w0?41aslg>D4aUKJ_1hNSch-D8Pjcj9>?Gdg|q}VtP}dk6Hh% zTe&}GBagPwbFrGZVcAuXV73y@s872P#<44JFhdY3aOBPp-EAKq7k-k`-uFjBf;f)s zvC0Vng9owE6eIpOb{ZA8nbAybF`5RxS>?K1E+czYdanECOYT!wmn19+*F=0Q56d1! zHFK<2wd^3rN3j*3UB>o@YXXkyuarb9m(P)AvG6u`QKRd!$BDFtFFe_~hY~6?lge`>w70yKvz9 z03h1>-cN>WF>rn)$ zZf(KBHQ|Fsxu^jPh&J+*sBI>aKD7X%-n^li8|mYi=y=n3z_Y*jSwl>aKSEX&$+1 zb0p9_)y0+GHBv9ZAboU&FO;5J6OM`C1#1QcTXUf)Cm6Ish0JgF z`s&+rbaQ@^X4YOglGuQv8h(Ufk0w6ac3# zdUi9Kz%VhgIeFH{`83QqnihTpOjKVT>)gd+=P-!FPHz?yI9OcW{rPnD;JY`FjGewF zMl!ue&PNGdc(5H=)Qm=2njQpb3qe!Ow1*#0wO3e6^R&T0^Oj48=oQ7P=K~$`SxgKU ztsAB%OM2+s*7TvNW(H>$DtB`djecacDRwPksHlccGkw_p8lv1N6yyHbFgL8HXSVT& zf#|*V24I<@9u*l&W}?@Ro1t=_3rpI)%daNpr@hC)H?heX%Mj0LT=KiCU0Mbo+L?zVEha6i7k zza;ohA>DelC|jn}6of$y?)qs;{l~$9m1H!%dtH(!n3tUV_al9P;aCL`KacSR=9?_9 zBjx8iAB-uBtbXNO2~~A%Y5CaDtTrF`$Ln%UL#Jh%p}`nIcUYh08@`Q!+`)kXBZqTh z|HpNHf5ZBatTu1J`1=rtFMm1bDs_k3JeFnB>yLS!%4+cZClI*G z42S!nyUu?D;SXNe`d{Bd!0C7zpm#b^swg0UDQ=Zv!~{|$EO>Kf(&0e@_3#g;TNqzk5vYv zqgzCn&--Bc^v0L07F?$RAdT4Y>9@FT#;0_!AAN_LB=~5%S|6JqjpK9_vN!W_R;Z!&0qwS48?$X4C1PRWU>Xg!%ao zcU#@4xNJvnkdQts7^-wJa_bEP*#yLP#c_Xm+;0i?7xU7_>qh1K+1lzG_7SfSSn}4- zNmJg_u4p_?3x>OQ?_OVJru5nDVo=rZpvJLN^XG^~9M6Rnh4cnc99Mtad|&SX=>tuT z8F!sivlvYnx$+Si2Hf#FwBEDzXR<_MP%CEp+z|Ud@Av=s@xxQfSMWUwe$1$aDYWCo z@oBVyb^R6tSHP79NG;)~9pSI3OIlT7Cqz1VaCCSxn73x3$pt<I19@AsRcK+0`dInVJ#Wf2&F891!IG8Ml$J`6Lt>M-Gp5*u~sq7&2 z=FhE7ulF7*?jHIgbH~6CRtNj`4^>|Gu5(PB({AR+(cOn*js>=m!A=`7~Chba1xR;BC%QS0+^W`xF)uud! zF`e6GH5irMVyWum8NK9ZMV^0ykpjw|rUCjjX&QqW(A8Ch~;LcUmbuwf@b@q5)Ha@O1{9p zVqyRtcU!2jKB$ik*tw401aQZ$Y|*8JS^WDsBD1m%n0TwlH<4iaboM24;il;*i zG2fn2A!yP8*~a$ZM<*NO=}4IEd-^#ruFP5%V&WG$mH2LRHKhM=F#4@My!MgN;keY? z*o!Eb%~j6EbPIC9H}| zcHCCi+ESVNgp%?hTF#Z7%XfE8jtEGvyZ}_{Ls{2a*N}Qje^ge*H*cfKBcR(4$IsBJ zV!Pdso|jd(I4oNJv~9W0?P1gRnbtKd?SEHm2ZCkNCdzDAbpd~+$S#JeevW^`~_INBRb`|yIK))V3r{CI-tgW$NTht`$fMr=TCbpnf2F&lTwE4FzX8CS^xb8Wl%1{mDBn7vs)kW zT)u}R0czHcfS1wN$77RA<83uP5TpM7?$8IMdpMC7hh!{%@W+q1JRw-aY07HTfh&IR zJ%901Q^&s;xR6&fuzL=`JOZJvgIRZoow*}S+QH~-!njPkEowE5aXnzO%DBxI9y@Z0S)S=H%q;3Fqd zOtxq`jDcBWw}(@mmwKe93F0$(?l2{qJTBlr;*TuOlxo$Ru_jZ2(H%!`R=k3{y114c zhl#R$iQzvA|9pAgh20tR4?nbTo`Ehi>9;uds?T{o&mJNRT-}mCRyn_egGbqTx>;Gz z0PQ+$P3Gde3p+bE0Xg6&+m#v{yMBw1L~tVHq!m7QvW~!v1-EH;45HOx&)AK^GeNC- z(+nVN6p=1tf~%rCl3tlA927Qi)IjJ{cRl%+Qd|h$zZ)CNglOMAoD%wPDQDf-auLie zyV8pvL*OPF38Ry?$;D^22~fY=%?dyh z4f6uim7F~6IFBN8lMSFOv5Z zc3jI%5T^~qd;AfozX8=lJz4BxiG-xr&JOI5Y|G`N(2Mi|;@PfAQiZhkcOBlTH$~IO zzXm8WTvoxcqZZvpEG$spRp(b-;xfj!TuJ!OcoV-vHZrS^Yq*&)Nir5o zjkEMR7j(W8dF+8|d=1q#{7*Lp6e_N!9LB39N3s28Ad=$<0B z@{i?@N>m#+R_Wp=PcN+bKfK@ZZg(*XOPy@;Rxr@)w7;=GA(=q|!Zr>T=(g(L7%)Vd z>*Bi9(cK0ApifOWTtYPB26o516&D@)L1|ITexa>RgnC-rxatO!d`%rTVdIFAuzD>` zzwUEh432+SN_W?CNdR#$vIJ%256z#&w(j=1iu)r{MF*R_SOtrrW+eBf!{(wPg$j+G zYJk9Ctb3Qx2FLCOl&{0w_7^RAi<3pqX_SpeU^?sNIYUdgv;FUS1(=No+VNhLTstig zPp`UQppd0~_nvs=TXu(bH`)T9{i;ScjydvnRWaS1D+_dNMJGOjZTRdg?$`GVdv`E{ zT|KYpNd-wlw&*+Jg>UDz{e}67;*TyZjKGGP%fy~}x>U?ZRTtSULICbr+E$JGD;tV7 zvVK4~GJQCNVu77HciuA==B}%4x10Xe>opWgb|lvWv264f{%2KH5Pk;+h`QPG-&E0g z#_T&Amzs|NF`}hp(7z0^5jcH#2uhh(XL>G7(gDs+$4bHRws86q7PngRYwj)kOgE^( z7lT2#BdR-IAPSIwN%90-XWc+0ai}PKag-c?afUH|_o>O-^>8**So3*oGPhr4x+3Dr zX6}#a0~d)id_p2?w_AHIXzYfV*K%-_B7F8W) zhHC1E!bYU4zE|%+AP}MVE!x)3cIc!1Q`-TeVv$dsjpi2A1L7|Jc-KGl{ZN|`o6BzL zFCw-4d2xe5o=L` zLPNt(Kmz2u%vHdwR^pIc*`=qaNq*b+CxJbR1tOf5we=q@1{g4B>TmbM6>_5yd#w(X z=-w{qxIi!Pz&cA$O7aterNGp9I){G~-l)iT;IwBP4xK%$tUicOA%=myjYMS@Nd|2{ z=+%A;&Y{aX*IEtlVE*9C)Cyr^r;kpe0Y_UwYKn?z_U4(FJHUWc4`JwU_lvw)Mw8O# zQPa{f-~D4tB!LKkNX7|k@Z81_Q_XoJH#R!S@eFhVK>h-w&^uHl0D5aSgzn)wwiY)Q zNDUG92FX+s`QqVP&t4cvm&f-TXOg7xe1=fE3LTI%+N;x7Fq7D+!lq}?&$_^OpI-a8?U7TR zvpBXN`kpQW>BG>${OZ8*o=M9F8p)f7BRYs3($i>rJDsjwdyWzC?J0iu-aDNmi^h8O zuI>;3ek=Bkb|x4yfiv4od;gJey8rDVUuN_2F=V7KAyQt5_~8{9>dkg)C)7Bl-{8*2 zd%(whQyMHCwhq#vSPK#G`+~=Z3p=;--`Bw-l6rOgy75pmFU@b{-4n!DDvUm%N7H=$ z-I9O!>vH&)sG05Ds(%XTw!J~Dy1m(-ix+yjpKKSU-Wl~zlP8#Ce_RuVZTGou!g0PK z;&wT_(rm(p*WTGvHU*qe-yR>SuOiD{$<8gyWAT8l+21f+X!0XaS6448Ie=z5-i`-U zZcL%>Lhqxlvn|70PF#I&lS7eA<5hnVD5lJzmtm?VzvB)>roFc-TB2N08hKn#t8X6^8EUo}~Y%$!zi{V}WqKGAw5j?9&L73A2r#Stbt;2{w%bm^7Li}db2)c;!6o!qeiJ1eNdNox=Cu&MScpU)1|L! zUF=LYpnh{j<5r|RN2ar7O+g}ZL>6%3yaPXI;{=_x9<#GFkH49 zF)wkX`T04dy4;b*euFWwG_i{276I?Oiih?^T_jm4u&o2rLt&H)1msy^iT!X)$9z(C z=Jf5dAf{xsW923O$G^UoF_?5^d`-uAAVXG@A{4J06!uJqPsRj%7bx%950wB4#K~UL z5=Fk^XFGL^wclhToBA1XYy2pObLE{Hy2Gl> ztzr4iQ9(f>awkMbTHhkZ;mS({Tu=3FSDQntFyc%f&oKta2G`dgP9pEUscJw|1@e{$ zAj>MicW8ZFVsE|Pfa>``%iC|%)rs400&F48DNY!1oAaC0N$Hv0!8gmxdj-QIBd!=T z&f})Lpb$Dbz^cQQFG!I54p@EPZ6sTT*gy)Eg_e~DPBDU~d@awoJXS1l@W=(Ntuc2l zyJ!Dg#wYS+HNCG+FdBazGq2xl4>z7>O9E=$%-lRNIhnwP_xaJ35_Q>w8+ew*hII0` zxr&Gs`c&vbKZ!U+0kVa0A~?qgs$0>*c;zi9=yPT7s%v3xsjRDe$SP^Q2XSsV8<8F( zFD_Yn=-{7kHvfPTmpO@965w@?g#M9EDe0*0}ZN4dQ;1$uVos@3Xu|*{vbSoL+voY(R zcJ@#!kwW|^dqfAS?g40wgHMUEfbe@iXs)APUZlLFd!EqiIPai2Fe^iLn426?f})J! zUnpbnDal~XpIHmnI2v~Rr2YcXGvQ|6n%Z2b8eE6ghDK+yW=g8^>8A%DiL#kLEc37V z9AE+=(qaMY)88HS>HCoH=5altLYo1Vy#UqY2<;s4#Xo~7~_fy@Y?jeOFxr@VG42@X90cT%`s25wp5B3~0=2{i< z*|O$lKL5uPNZ7J$gTqh(@?oMm$iOcM;#g_e@?PA@q_`pn2rFQsCr^Bb-D|rt!uah~LLa+GY#Q=wREe(h8|0ax5^RN~I|w!j@Seh*vAZr9Ux?N5#* z>7%I$tjX!={nJz9Zx9wG-snC*;gt4@hGOa8zwAA}i|Ikb_vuj!;P3tBO zzix2@7`g$eeERuk0@qAyUVUD@&@sWVs|m%Qmo&9ezEuImS-V4fm1>u^o&%!mStWDn6{A#n> zM8=g(z(^7*mYXX_<50^SBND%N=p*NF#ehLJ&^G`mdcJ*gjp=zfu{3UAB$U>z$hMC6 zZbp#!v70k~bS76stsS;1sz4=tDB7p&3it7PYg07C}_r_ts|lVCFUEJf0nM$MCwtdU=ID z)_j8l`(MIr#tXBWp@bxc6Loe~cC7W;yc~Kl^Ye!Tb>q$z+Ze8Vgcs1wTGbuUM@bU$4P@9U%9 zj+f_dc))lX80Z%8e_II1Ty6s&P$6+Z2zk8F`|$3;O5vA*)pV|lX&2_u%Vh-dAxi0u z+&kzk&?D<35l)PWk!#mK;{@(yf4KK=+az9K;J!`OmyZu7bQ&2=tYzyt4(2QGex$X9 zgb8ark1+$S8Uuf!Qq8A*(Je}8kzA*3ur?sv^;_IcAFk~(yzfCD@x0$ii{rE4PzVnO2iymCaNBQz za10~oQ`ek%g!k6aS}!(S)HKv4nq+aFf$Df?EUT9_x6iYSfg1nrWOrj1>eRe=BqGW!=xcK;y&E{uq{pU3fKl{j7V6>yLJr{IJf3RmZ z;V2W>X-VR49vgg0cl21;Hi(r|yQrX>IRe1jwxw>)hxPcWnk^!G29Qa)R0)&JnXiV) zsZaZ-5iwOL zzuWEQa%=VszqPf)X0ha1km2tA*Mq&Lx^eB_@K0_Z?AMY*(C22otY+MNJ&1YJdMc~! z9x$eESRBR}viuI5-rNH{>*JS}_&9%sUCDUj?v9to(QxR_?>Pco?q{B{4F9-Y=y|^) z1vz{2xX@ihKe6|l+)1$x7`Vor`}A%Mi*bp@s7lW8uDvSLg*F@N%GO%};CpDl?Bh69 z?h%5C4))~$Umx?odiutdrQHUWmWQ*Wtv4r-5iox^l)0Ir#2qAHPRH+Yw6=|tMM+Mc z48$s@W%&l@E3B9E1w^pdb7<@JMf7Von$YzO0r0LCczN}FHW^#5?n?#k*Zf|4v7lZ3 zzd5V^`DUvI5gYq__8XCa!am=ZgnDfS`mp|zdu{X{I<#}roh!e(g@P`Y;~P*#;exWV zACEyI3cs9@R130FYj-&S)fvs)lEGVJ;qo_N;{@NAs-0sEkJioK#_3R;=x2^xKN7I>*lG2->_C!)+**4q;5H~A+ z_s(M@(A)b`X5aQ*!#JP=Ut9Fd;zKnMzpR0|3I*I|Nz)+P^qDBQQ0^{k>;Yx3uYZW@O}@ zw?#d>iizfJao0(*!{$BXjNa@@PmH^S;&TkVN24<>=G*hkMn7F-ZjZ6G>d)+TB|~ZE zZhGeqST6V5w+S^LxYV7!;Mvpaxf97`ZEJWz`YOYg_9obNM33iZC?B|iN-lK_?@`OR zpR`HNX$+z^xJ@Ld2bqkKPMtrZ0(EAD*kF2kr-cGec*fjV4{$;={DWNnN3Evt@Pu?4W52L(K3Dd`9)7^5*ZZVrRvG!6pW<7bNgz)XX-@xFnG3Dg;O!j?1@aSeleut7;V1Q#N$QtW1rp!crF=U=hy% zm)w=zsMMsiKzMMJNJ3*ukpDexhVvqxoZxYcgud`}9f1PeLC5Y>ruS6A9!lAg}_-R8oq~B0_>E zX{qCMpLLbY2Mz**{ghCQMxKaV7eNW2e-5ZWoEO#J)7Th;6nm>!Hw7HuS#^TcO6use zIm4+syrUgXv{bZg1)&rqM{zfaXeWg9Ud}Vzk!c=N-gK+LOag*B~ zjDDS#G%diNQ9)(QCJe@aU(7PHv6wOa03SUa-A+aMYk(>KJFOvGV>| z;haEtGH%XlIOprdh~YDszRT_v3MO?r3|+)5BlYe9N3g(l%2)!fozo%F&DlDE2De=ed?6o*&!z0mnwibzxqfqhdf>Q3wUqt___ z)k(N3pa9_!Q%Yq%9~rftZ=;{U2HJKpU#covAaJ;u#%;piyXBY5IiF{1 z=>nbqxJ>0T#Pf8c!S5TqoQ|w5_u_KWOUm(ch*Ex_BtO`oJkow`f6AT>-GC=EQDDn^ zbcX;ML`qw0a*qiDfAnwgT9Jd8^pjg0YEL4e5P5++c@h)q!Z+uN+~`V{(-k*nO9m4x?ir*a^95h}Jy=*@F;5#e%UQGHb2zw<_uN#`4fbA(f zW=H}Y7k@~X-5pl;U|8MIgElssEVDL*arD24dwET?BM4QXLw##0Sd))@qLq5rv(wg| z+7|?7$k`c(1LP&yg;B?3@BNT!(TBr#oOH6Yr4K!TvHp#hkof)BB4>MKGq8H4WSmZ8Tp}YU?94M#MW>AdNmegeU-%Q`6uX ze>3|v=IVp*O!#EE$B!HTnK}CU`}{L@tSxnLgD46a4aSr05hD|jS1@hLIfo2u3D?nN z{ysGLl-UuN8%4NH{jMTFE{EYmTs$xXFJZwJ2a2-Q0gy;a@k7Up#=9*9v-F>er zO{3acpw@!TjM2t+5taR}!SVGX1=N72V4X13hrs~YZ3Z4mtyUw#8{}wo=jjTZ&o_8@ zcmmMJVJo-hFmI`LSeoiaHPL!`DB@%Rb!YYp>a_sHJzmrHHGgrP&fw4(b{^Ll@^??) zEETe%FMPQYfxwoVYf54S1^587qq?EwWt%3>AptwFjH_p62&4uJ?Hpjh0hl*=Yl2Ny zQu29l|KZG&&6QeEz|zkrbciK$sk_A+HYE{+cLCjVPrx9Wq3cDkC3K6X5>fq(P^wTU zy36=Ecg5dIpGs>oMwN{87tTzOXFdf0YCas9v`b;~9RydNx?=&y0KAF(g5N6bfuueQ zxIcv?emxt80R^pPKLGpJ8Sr)3&E{cP^({BUu7DCEJ(ggOTpIo99(8Scs&KO02NmGK z(hPWlSvUJ!c53m6(XSRHp?8iew#42WyhxDd>I%rQdqwM(NS^{v9BpCN*gx@(^GSG@ zg&G?iz#%8}SrY406zHV(T8cY{H0>X}ustn7@d6&jz|L)enPjWikrkfhi!YsYyZvx_ zcMz?(Q0GETl?+;kk6){0FHBC}l<9&FN_rSz9@(-0lx&`T$22nbt8&pcV zyQI522Bf7+y1PNTyPKh#bI<#ocdhfCKU@oRoM8>m+|S z*9kB=tDW8s{`3)0p^&sZ#h+HN0uZ$mU>JroULE`y4lSCsznBE>V%PW^`UVHrcI30T zH~+E$xog4W4E20(9ME_!pfq%iJ(%w?P}S3%i;hX@ z0g~0qH5OIIXsv^HwfSN{L21(<&|v_Xqu*NwpXf0xU16)$*9L0l8zAN0pPtFZ#vSE> z;Re7p5W%qXjn$?ex9#5BlDbFH$ECkPmhTu_!8Niz!Y4LgeK-Rs;>snD5HMg2Dz1(v z=67XTZ-mv<5qY8ZmpnS|y9gdPH`I0-L;)oBZ^v`fePr`qNve42R)=00HVq9E@qREH z_pi)N@3=c|8u$Zv7vuguGr(`ASk{K8SkysQkw^}17EMbVJ8PEdR~E0fotNgT?deKe zZdnNyFGyTkpQRouKWSPtrh#JbUz02P)}Tj(``x9@4N$>%^hBZUwj*UbHM-7ckSn*6 zt2sKR3hNF;R#rB=j|XtWY1Sp%E^*k{jW@T2MQTvq>NyR-#0(CeF})NoQ;#@qxr>KY z;D99l#+m{vG^JBK(7+{oWVCIrQhFOhSK1T~<~{NDrqhw>x~;K_xu7K|r=eheo}IWy zCou7W`uwMyppQtmq{#mR>uC@+YG@6t^Rse0>b>7Dk~OU6uyJ<95_?qkp9~2Y{x4U@ zc^wK^Y-{VNpkYK*AleBqRYFy)8PGn#14zBcUb6u2=M-yQ>o4_qE@y27;D0>3-8_*i zjv=TPcI5vhK!vJm&&<|Z)KyYIPhYyetBqsgeX@D!k`xjmO&FikK`M2xyuRW^#BpF{ z6x;l_x3f)M!(vIHg8?!`7@470s=YeYq>^5=0K`ZDlCXSKjnIj{uFeb>N8&WM$4sc= zv~{W;j$wul{h)hAhd-DEik7Z^d?cyD1FgwX>32>3Ev68@ic0^<_)jg8s3$kAT8{^|a5K~;q;5@)+z!v75 zvHXhK{$a%i`dD6N*n0(>&D13fc?&WHsF-ft%n1ma_IzbotL&SD9}yW%Ee!{C4QB4= z%EhT|osqD>L<-j+$Q}nN;_z?T6hxbU&OzJUx@>fBBa<8pjHP&MCQoG4wP&Co;MwN! zxa(R!m53Tv4)qaqsWcbAH1{@)U0tZA>fYWp&Wf2;*x%S)#KBSJ2Jx3Lf~I-CC##v? z$f7{Ms;dt`8=-xZY!3Ey+b%vs8jQx4KLXW5P>TLkpWPD|Qa89gu-V_VDBE%TLv0jtJgIUM;zYSg%KHpH~iNG!}){0XiFi`wMp~dKPUMDSW9` z3&JQUC{AZps$5szA-hXi0n|cz%F6E@7hEVbisN_L45J~Cj%dJ(pOy#Ymz01*a2>v+ z2B6Wz&MN|lsCfNA!_6KxTrXr2JPS>`RSXAGS|ZVWwe=j{IP8dFczPTF-DeOG`hNSM zuU5(ltYx8Z*-XuD|I0Due0;bg0dGJUSw{dx;mPE?bZB=W6PwAoT5dWU78tL#Bj`e} za>GDN`{vjC5D&eFxvD{~tLGKAHam004RV3&w+BxMw%MF6FP$Uoqo4WA{c#K5-Nbq?J}LzoRL1TaJUQQEuTLm}Cn4K# z!!K}vRoFqvMZ<`t3{|L}9?v*ymfa}yB8WydX!5=}&fMION7Nl3@z#Nn2cXPrbUgj4 zfE%ViKTlq5#veh~v#;Z7c^?D!!U+hNJM%4qs=BW5Td&!`R1DVr@LDt@D=Q~~vw!Zd z@qljO<3>z`zy`S4oZMf|f+W#}a;)0R+Z4412M$}K7BLH1Mn%~q{C_p3(?wfecSnZ3 z|GuYsY_S)q(4~7EknfbQrMEn7Ri{{5O+IZXTFnr-UGDb4#wK-7t781m-JzB(!u?f6-<9;y(msUTQFaI>GN_EA45q4IW+4pMHSvYy!({vBK{a!14zN zrQ-ozluoCLh)qf|oZiE0+1%#4PR$Cq?AW+CR@bS9BF)O=0AklMilZ7czzRAp_65br z{utY!ajRT0O>^C%;c?uRT=sZa<6$rPqAByK|UW`MUZ9UgobWm664t^Hiiu z78B=sBb>_1$jx3oh7}llJ?C*8NN}95I|ku1q#AZ zGlTRv;BcZD>k~M1(#W7Qb+?YJ4$CEiBcvUiQR};au>Q=7;cK@Fk;wqof4Zj18>^Nu z&XD3A{h-P@T;~EK95zms(=Q@K2{oK7teQOuM`lNWlhZe$6y4r&whHK~OyZ>y8(E`u z{dLXUeH z*x92d4hW?lR1A&|eVyf1$s}|>A(4f=iQwTqK$LWtrjce~KUKS;kN8t}x=d@aAMK^+ zhvYC(yLB+PBIN3C@YA{32&YArx7J*fgVoBAfTHxWe``S|&g}GdaR|byW@>G9RgFKl zV*nfUhcn{cFSnEkG*n6xyZv*$!}0LD zbT_bFS~>;v{9-pdqivN%5k!JsM#P@69EB<@KX<;u!KMy?`0dpbl~>dr0*x%pT#@S9 z)|Iwwe>ervw5UzCY`ICsqLK-(dpLcCvhyz^Yd`R>BDKra?*7dI_@Lz${f+HO_eiTg z)be!%HEMoI!N!C7vDNvX(KMGyy`uy5zvk271eSG+U&xWrhzH+qkDQZLNWEiPgXX2@ z$!I2sA543~O-?Egx_W*@B654VKV6amZ~#J1s4%6(4={YNKzxA{;#YUv($m`!v9dPs zIAXg9<}G7+^x&`WNIXJQQx_1QV;c?}d517vOn8Dq6iiszbUmTmfae=bp7bo&AGPGW zIe7KgI_3!sI25$CyB20EpTFp>=P(7vBD`(w72_;D~nEev3O9x>VvD z*i@e07&^LicL)E9iTb}_S0s1VYt;wMO>R^*P&xJz@`D7}qG~m~wEWF~^bBAWvC8IH z2a2QKX-Vn9SH!5sE}9hPcC3n1%4GxYi@>#EQ^gAEMyPTA5QR<=iq^f{`>G?GDOy^l z^Fa`LNz|f@FlFu`0o&lfn$y~P=BnlO!3B@wHM?o;y{=T&d|RccIs|y|Y^w0n6%)aj z1_sY!@e&-BSIiA_`kZosqbVZJp?dZ$+K9;;Qb2s%fYh#0ZXSRATHzmHIs@XRU8|A8 z1B}f>0mYo!-0VGc1i3ZPN$S%xo(2WkIci+mc;fB2&)0QmD+~g>NNp_fUOX~=l0PKX zq_CEcqREDHHp@e32&P8c(U9U0d_BCLNJvyEWmZ(hlW$$W=8MQXdD;ykZDDz!FyfH; z9tfLx@HRJcu2`zh5WbQkYpVcNBAz`Ct(oCKd2bDD5W2!*s>`q(+i?3s0^i8#O15Gl zQ|{9kGNRA%h7oHDXc~Wb_BBVMj1d6B47k9Ut;h7y^P?$|n{-CJI?%VkAVXOGtv@jr zVVGz~fuIVj#b;L!-TK5Meiv4Uduu+s5eRTdN*l6ymZ-Iz_=wdy#NA#w9$pHbzUhHD zVLl+fK4ED(?G_3kl(f(xUS`l*!5|g%0Lgk{gc61-IKci94om`_838xA!I$Zg59aNJfAY;mJy?KKA;eA7H!uCQQuA|=3QXZ z!1`BZ<&wtx=wGf=)ZPc6WIS#dk3+nvSo`Q7NfGiY?nPaRd0O0P${p0%(cN$AX4w!*;?yPpWi@)@H%AfcW94VpAD zINX~oGT;z&dopjeyuyBmL^N+$nKW2LFL~d6xkB~@ey{4sjZMA7{t*UA#@ui12J-Z) zIc#ibPcXJumWcdJnFkS;TUSaUgb%N)yt?NL&+Ud!h*l5r^8@^R+7?S&ozWDqbh z*pm*jOzdA*mDIkf^mvH5+$Dc7W>(G%gA0oNN141%2}C-%WhVXEXpw`N<}jeqII?H$ znB5ncYMJox@}77N3=MTy)F_%(MMp(REI-1lU-Y1K%WwhP6~pT9FQQ|XpFE|h*gPN0 zqlx)lDqN>!4O2ZcOvQ2?Ni1p)Wd)K1Ban`pV^SBiWCadihvTt*T+zV~^B-Lg-^_Bh zrD3AW%GM{Dud&$7e5!T0Hl;269M4A0nb6-KEE*JHmBCV2P~aBWa`ga5OY3&54s6}y zyOf+vZd%uS1t#DFTC)Ug`89HGG3E}8mVhH^ems2zyR_=BcKYhJb%oPC9{!XRoYIKl z8g5qZ6VQ$J_uJe|sukfB6c)0i3@tcJ^LrUgAsxY89*rjec0J{WWN`C{*OG#hGh%$0 zFJx3NqU(qC;Y_O2*jwP34g3@>Ke5DC-J*Go8uIR;|I&Q^PeGAgnECtDnUaEnb1iB& zf*V8H1WM%hy_Je8D#75VWnvOM+HP)sjG>Z4rX>%VtBE*t;V9XMu-|O_Qe-~f*LEJV z2gACA2*KnLP0Pk^Aqr8eHotfBU)6A#kG$ZZ8iHH2w6qH&GAF0K6``295z*K=1?AHr zJ#rL8T~eByG_(@Ge5~W=OCDe>Ud>Ik8aCe=MbxzIbC8J(YuN!(`spyWE#S`7*(D+F z+XSy1owZ9wR7Zuq9ZRo%Z3o1J+zul7<#E-)B?%vaB#$@3Fjnc-A}= z48NKCFnJ_?NW?)H5tBf2EML=n|LQD{$|RR}u#Z+T;lHaOlWB24XMq(*36I*?A6VO8 zzA1hIGTDGEFh1~yOpJ~UJ{fmAz$`5EMJxga%6kWFpBH!)z8u2pdjUr7=}V1O$$<7t z9G&WnBhn&^BUw=I5O7UK#!$A1rkpO8{METgUC>W)^%QZaS;K00Zym~OL9RZ_&FApM zFRx3%)`5*dgX>lL=Yv?@_;N z(NX1L#aK|rvypI9iyx@0fuJM`{Efn7trUjqcx|^SZ zzA11TM}IoW3R1#3JjOB~o_zZO9H*c0hCa&FT296^^C%l=zbwZHnbv2YhMzX>I-ECQ z7UxKfw1oM=BoAmUkI&w(_-O<=-fn%}RJyV9WO$n5=^O1`AjryBPx{hD->`>SoLyj5 zuwe|(iScUTIIgRXpb6v=fN(01?UOdp4YZA##FV&OcYWigk#TA_G81E}!lOOLrl!yi)@DIaI3&-xTNqII8s__L8;S{|b2cxBlNQEk zI;em7z99<|DU=Ydwe4}3D%I|&d#BS*lLrCH5y|I~C3kOs1=OlQ;8g@Z$C2R80XGK* zFe?ScfYDAFJU2OT2daeusBM^|~eLFzyw3|A>ct+(ab z{5$?^rpD3o1QOQB2ZR1v?yo7Na2~pA^&-yPrt;);!3hc!t<#&KDTb8UN+VA2e~;!K zK3IvY7mVybV`Qt`+bf6^Zu^4&(A)VB-oNr@+4FgSgFe)9V`F2iNlY%?bk~jtfPVvf zEh;x|p34Hu%jm>BuYXy#sK5DS2Bv7wUrK`^0WO$K&~tDAD>;Y`K#%F`TwC_IxJet| zJ&*0;6$`1keks;`;LtEq6;H3x+1mDn89ywImFa$K|F;2J16E=}56m94m$3HZ+=U-h zEE@^wp6wILna#Neev`@9<$XO!KZV*-rF8;wNmN< z4Syo$RL~PiT0?cNVrNhGmTLq-Rn!&Yadxv9Ka?`t%Mh=k$#=jc#K%O$KvHOh=1)0>4A%aI8LeB{ zayM9QM}+Dn^|YhK4=!;4H?W$fhjl5VRnMh{{bZxYWW=IO|2XcKOVFY+w`(-@b>j;1 zU#@VyrYBwVhaLzD168`4qK=rs%dylzhd+wik8jp(FA_KYxo15WRGs7gpx6US`)0=! z^}_wwQ&D2dTC z{@tb84Y2y)hfsV&R|@k^)p(omi1EhfAyK=>OMUKW-Nzx>jlT{L%`UuoSq<_rGjc!mixkP$@$DaR21tAI#*=H zn8MbObx=mRML8?5c)b<{tlT*vb-D{;l?ok+Cl|UagrBn9cs(5Fa^T1k6 z2uxsuFt_nz!?8Y45ThV*Llrq8Foick>(bK$ZKuR|bq3l4J({;Xof}}XIUx(EsBuDH zc6*46SpEbWZam9bP2Rc(XyW8_%%SH-6jB%F)qN^18s()ZojJ&8Sw zt|7=h>7PVJ5tr$&Q7UJppS((5YL5@6wGq`UbZXZuf+91Qiha*^r( zVL|^FpQ!xRn&35cDti(*2U^`7m;3UKQYAcep0zOP_5&FRdJw|IxyMcDxd3f^*xCo= zZX3=nicvO2q1;e56 z@C;$D9bFG7H@e^>C4|R5Jm1V~dcaEem@zI}%@Cfg6N ze1BT89uO}s?u$M6&fw!?sZY`)RTy=>0yAX+5y<3Uja!;+oS;hq3rQ3XmAHWCH{VYb z5QX0giQ~A@6U}bcAx$c|Z*iRp#BhL{qGF`PN+~=I zNSV^=s!LAn{*tG>7ee41!B6Bn#;Wz$mvVL!c=lLwh&vUNA$Dp#-6OJe*s*0J`b-@T27pghpuYHW4Z@(2kCt!{Y9h45o=fH1T za`fhV^p(I3Gi<(HQ*6GueFgdDkag7F))P3d5bKU-JT>h7C;KMd<3257YlMPHFntxw zqhiNp#iCY1D|62-2}+^Y9q8Yfaq+mEn8%G$_irA8V)DKXGoJyuz^%sWnVVaUPo85rp zn-ib9jqP{L_bV9E_S@XhS!)8ea4-x$8GALdX2-R<s}jhKtk}Jg>B2^L|^9oiVNJfiao*5xhHBClrmBV_j*pNL5Y zAzv&khyO@P$F&T@SU?=sc=LLM5=rWIaRYh4SMZUXj|Hc`HT#hr7jPPr>PhQ z4D}Jsn|Omf0{qo10bOl|A|j_l|EFgvlQVVJ zA%#ydizS?v#arGER8(90NwdS^LE5W%D7>&}ACH#)e4DFFd`5H2wfr>oq7v(qPR3V? zuiWM2L7vYTh@gQXod(vC>iB$jHyVX8QjaBT(d1ZH4)#H{f~JI8W%;aB8DFzn#~bLi z)b!UH9jGpO-@@|RMI0yCQ!;-10zqXCkz0-P%IJiGl7uPSPxO~xr z8&59s-DY{E9)0G}miYEyo4rlYJSapV_e}Dio@5c9SL{6YUBym4T z1EPYFT85i@_bQ?!)MRG+y~306Lh)|4HT4_llwcI40Je1Y{l4w_Z9%LS7l`kHiq}XF zJ5ZCq6?fM+rEJEH9O&RRb&IA#c`59p>SADhxV0A<)vkb$Za*sa{_}*e%Qq)$57lqf z9JItG*d4UiuN)Ljhf4un)Aq$*^j+JZpg?gwa&Zo$<*Mqk%q97vXcK?o_`&aBhSmus^c@*Vm0)cUZzlZ5gm4zExOgGOvFPitn{G*9JFxC}jq(0YY zj6*h{|E`ZEpP(NS5ihzFp`l8nVhqdg{17EerDkKgmk16SuK~uyQTj0G<$kHn<2f7F z7urd2uq;^6ttRr7VOrOovS+o)m^ul{#C)Gt^opNR`r4@!k4o@yDPERr~@wnV_;DDuXDx#|Yl$ zS}v-Oy0KWu8^lK6IDBP1yW0dlhj&(C)^#q;M6m>KKJuvGQr1>yC6yv>oes5X*{~}} zR$mnX9C4Ii@%1UY7kx5mmGy-|LWRSH33^*3L7OM2g!J~@oXLK?AAx0=feAm`#W`CoG=3hCdKMMXRbA11yr7>_ZwbSSbrrXFBfS%+ zkri{Ne9Xdx!$pHrepXY0U0m^KLsI#ynSE2H_zIP81>4!&kQWQdV6WEQ6qV$l##(M#n#cLVlNT}w_#3|J z@%E$o>(2X|L+MnlZz~|3A22c4?BtVB=UYQ;hv&OUtG>jdK{N_05?}s?xO6bOt`F$f z%mep0t^|tX^4C|gKFG6uigHF1iPlGDC4Jb$7lzUoxzhQcz4rz(#7XaN;uhTIArl(K zX|GSqf812OCv@x0Amk;xOhs4l-b{X?k+Vh4h^OSigx=|I?gq9jQeedBV`&H_VtIjF z_3l!d2wpuWsn48QsWw^rW0zD)*o-%Mn2zC6@k+Bd`kxrz;Uv|11|Vd;p0;N{QwDJf z2UeREY9Jh8rsPEUN*V-`LBIGxfOgziHQisT>;RJ0*r-%{GSqpt>TFeE8@t~tqY23U z8h?-nJznXbb)Scfm=*_4lg{5*Zz??tFcQ0?ecg5N`n^OU9upLa*FR<4;ZQL`lx7pM z_wDLML(qSnp4!N%+$iB1$pSoqsFzd!N3p~3o zZ${yci_Y`Cvuw}r71XyeNLKnM!N#rO6X^ux$giJ!lEohQLoHPCB*Aq*|Xk}bA5Mwn`il)h5QIB5)SEHm`S`qliJVb z57fp1ed`3%gtK<(`@=FSL874JM*_|gv1rQM3zF9SJh?2*E8<>SF6B5Gf~m8%)T^0_ z8< zg&a(xqh8$|PNzF>1&KMGjOOhuXV8u9@;0zp3gt~&&tQnzbpNe< zsEFrWxwCBf-lnQsf0UFyGGo1-#ARHOXR)LQBP=VIoI@rHRpjO6k8B~fOtpc~9vLvN z5=a(|fDNkuH%AGFoHyS0cU*SMfBxvV(=?;N!}S+>oL3;LW$QkK35uZ%LN+&trggrL zccbd->$B?5FvC)}W@owK{s*W0Z@A$sz$ph{IAxSr#9GdFx&bs(*ZHtmJ#D{OyE2)( z(g-?|8}^eO-=Byp6>l4IY&)XtdEdtGSa-Ws86mg^{ybk9Qa{#XO@d8>Yz;?#th-Fl z?1AVABk2@b5GJYZ-MhOnn6C&tIRrPZ<5YkNh0`==h!8v@bagn~YP&ny8l_HOjeD1F z1d_+V%*dy(q#+IT=sK=9?|}je+qfmzQkr6PA1TZ=CKAT)c$%k`;7cZFs-I6I>({bG7mztoZxe83g?WJ( zyf|4^)^-p;mnJ<%y|K$(SR7@6hzdZJblQCA<$n4Kb#igOB;qHu{YGQq} zHy9L8!`nLl%<}`XA$x0dhO^eACAKyy{;-89r6NT+aKyvUn|`oPkKLiHt?lis)#5+A zXr@MdMW=;)*l2AW735R-7k1DUL)dn*r%%j9h@R$EIzSj8%$Hvn2iw;62;jss$twPt zqRr?_D*wc)Kdr$gyd%fu6>Si)_gW9F28IsGNNi%8JCR--IMi}S6=nG!nb8Me`6aQd znVbWQhH4`R)u-J{hzg$n4dk0XaV(AzbC@cdqZ3*MOP)b}$HMg`M8^7JSC5w=P2a2Z zy#ELA`{gJ*l%UuWSpv$%OvvAARl*Xmh@KwgC#0+#2f}T%sG*B(Zz2^wrSd#saJ2 z_A;$5e=LuPyvmXO;nhE|0UZEFNQQf5T*`)rg{X;^VW0`0>b&OT2ZMA?69||&w6D=3 z@rUAXoeynAL2wKcuG0<{mbiT~@HAxAb)%XObmBUAGNnEQ*$Z2~VE=#P273&9FP=Uy z96dM|QpO3-?n$jqh$u<9!9S{%r)u*$g0b>j%5UqpReV-gL~pCj2Y_T{1R8;vG7F+~ zH?9bHG`>JE__{n^9?`B@`ZQg#2n*|jfh-@EDhZ@yP(jLScO<-j*62?+oZ%jl`gB2+ z`{7v74+7V}f~MvGI5zw!2U6`$l@dN&ZyGH*uXBh-@Wulmg9Js zrI}`T0;zXT-L=pjkN_~Sw6=JE-QfuGsc3*7?>oTo`i6(M*3ku9zp*2}uWWg|$FgjG zq}A&V+xC?xIUROB*5+|p9Cv-a;JiPiq^!d1zEu}W>`E`2=W_@^LXiH42Rz_FGNmSV z4+J=l^=W<{n??Hz-~o09;Ns3i-76wqhtJB&TO;o2Vf)joc0Ak{p_M!HHG;3eLFf5& zlLEZG-S5f47r-#=^&JUqdjs5~L7?gBHVNI$IeZ4)pWN8R7M!7@ubB6yO)qZQP3gq9ysXNO;*yxIjvl~e-# z57@J((>)G=_`IL<)kGlRVbil_SrV|@T!3*QWM6wT1>zU)oo%^Je*5$d4Si8o7Dzl3 z@U&bAWagA7ZP1{brYP6iT01Q%E40U+rMGeE><9{?_tJfm^tomMX{O^5hO9Va$G->CEDF>+hiax`8danD(T$px3E%DMZ*BO`pDuvII;SM`(jgd}pD>vU0HCEgos+$c>^ z;&TdV_$itU#OZmWW-bXIc@J`;65kfJU9Tw1<9fSZ=TsxAj?AkglG6syHVb z`)7$n>GtLPk3uv2!a~}DBn5>A+_^E>L_Qn7{gg!xtOn7~OW!Km4t@J>8y&Tjff9@9 z)n(D`VGxHt^jv?isc>7kUglS$hO|u08w9o=_6OoD&@bGckK!!lgFZ&or5@bHRaTUX z(uJf54dc>oRtyl1AVdoSkp!aDFZfuK?(TtXLDIFE-^1J&Qbb1Pcv~L!sj=16Sl(1A ztu$zAc*uQJ7#T72b{P6*AXQ<$(4-?RQwhgyd$gy9VfnlEbN{$J?MEtnbG=1fQ3_8y zDac&EF71hsgznbTr1j^!9Rxfg!Vi9Y&bE&?woAMSpPLmu*@u5Eo!=pcek9d4V+OT>)RdrZvujdZ^(JU2^j6?Zl!eMH2{!i%g@G*dD zC>aYAUs76{Wq!)Ad`;<(TA#ILOzu#=W+?{kUDKrL)Y?gg&%xpYr%X!K$*+moe@&{E z8db(d11&D7vJk#DFLzfW;RQUIWR5(G2gGnb(}|+4s4qw}m3NlOA03C-I5_-FRZCC$ zeW#88m9fBK(SS>u{bj_~;VtV&-4!-B3P6fP@$*KoH5$)WxAhOljdPZpGzlf(PwhZL|MxqJq1euxC*AXb z=$V&S9cC%Q+149E!uAFd4{vEhSK+;h;)I7)C^Wl4tr0`gJVI^g|d$mqed590!Q7H zrCKc}9rJ31f2hdA7ksujB?W(9x|_@RLW6c}pGmT`g+tNK6ya`eNXI`-5f8>~IU-#= z@M-HzF8a%xBwRmk`lnG+GU83jx4~b-k|n$PU71|)$FX0}v|@wbLtQ2?y^J!I-X=(0 zbEp_u>ORv$i>Mxb94w@K4mFG-+g6}qOo;q}AyF9^8X-@H{UX=UI3jgLqUB&b5gbbr zhNj`Xym|IGV+`c+&#N6h?i{UZqv1%rSzI*CC%5uod97-CuH05_ut~qVVnsOZc z!H^#KgeSFzN*^(P=4>p8e|uA=t4GkF?Y$Y;>T<_M)^~dAdQK@ZDl+eFDQBf(#1O(=*JUpKHiV2sUjR<~F%^)|4OD=9PNBr#s#jFm3o(Kuc>)*c` z(QnYrQE9j*+RaUc3qnSIfq-OtJ0Zb^!25Jhp{d~r86J&gRGeZIu<>vEwlWd4Zg(`b z*qjyV8J#z2!hLnDUVn7}F*lnu{r3yhcHgQDFGa$Vt86IK@Tm0RzOQ1y#nQ(apC*ic zJi1+NAr(0Na&o4afaIRm4S83Hl=ReeV8iz_>YP-5d^!Lwzcro^?R4t$LWsueu&<=$ zsj$*&@n=qXODKZ1%M=y<4i0&q@vl(re5&W!&*cz%6V0eqhTzQ%sZ9&?Jq3*`iXM-~ z6ZsgQhUk|fEO5=vX|$+T>qq<5A%0uWSf{AO>n#3$9Z?nKj*Gnrsw++774vO2|C{4H z+NZRY+ZGHb+)GKBSUmCdj`_G`X|wNRa2ees)u1om-ZbAQS>!t3MGhZZhLAjQW=-wk z?+axq-6FlL%hS8+I$s<^Rqk`1n;@gH(aVilcP9(Ov)CY0kjI6FEB$!0T0PqTzR7RM zp?%*hJPzCD&Nkl`9}DkAV{#?EPIdMNT8@Ly4BR z-B_uryqh(i`?t3zrNe7~Tvfc{y^4gW$BQFPFoG)5Rd3k3gi|H5^=$lYZ0LLEaZaq-12zawPo}l4=AmDFV=75f)ZAYY5RX(I6BsmR@@KyxcjcxLY3#;xe40dAnVGgzwidrfv&n+V zy}X1Fh&AzL@Zr2HI%Tb_UQ)#%Lu9u{aji?_M4J{N)D^*3Oe>o{0ls(EzxZ3$vdUgM z2`xYcKCJ0{W%68^J@TWB$dlFRjF3UPnMtb>uDpZd>PG~u99_MLiTlQD&7Ewq75o4P zEm6XPcyFq;eb0QmLh-vin9r4rL6gVDbhS!el!mRH%gz4Fz#z&aeTlxNbS2zA=IbKK zlZA5`yGk=so=q&$s<7vd#Pw@3&<~#2qgd9Z=(VZp$ zM_2qhEhqX{%e(zCMYuO9zCntb&Z99)Po*gQL*0uU;g#*v$IzD8BQ^CFy^1mRPh0W# zVtwx^H9O6=#qSRczqBljTB{g+m-U0Qz+-5%VhKZQvuXZtD0a+7!|1+Y-14)??vp@~aBHrf|Ke?Q-wrDWC!>ZMYdUYYa~QVfgy`SNzxo zDSct{?2bp*K6Cc_ET{S9KgX+tg+=RAbCKJy}3gojS??QWQe8H zT}|8H-QJEMeF?(Uuxq99a$RU>W_wg@Y%p1qUdOqcIkOrP**n8!|J`vSj^>L!U5>cr zMQR?Tx<0l|ciH1+YH9!S<^_QeCW&Q>6ph0v)*eM01S-U{KbuO!A2uPJLTI- z-A`;U1uqLSlt<}dErT%5plgX2B?QGk>CsDM_HS=~N58b=iwkX0S}EyEHs5^Gi83i4 z9r~7jphrK^V`veZhSVp+td4ww!IkC8jL01J;GU?}o$iCrc6Pj1Yy5YN{!@3^NjviS zpLeSzef^EWUS`tlHthW43y0ZLgRRU6%1R2dM){U9Rp``Xl_}j#>RLlYS#foa7vRSz zD9mYe7U>|0iBr^IYcN4n)FN9=#&Tv1^`N2OsPT*$tX}-nc=AQvleQq6K7_N3QdTZg zUEhRz`jcNF)@wfOoJ_Gl-nezXpp`I!^jqs3bJWvnRNiNO5UBW+qoP=@fQ?4NxAFrG z=vQ1e*Q8Y@(<07AS! zO8GgTL7|uK9G*MGb~@;sw|3qagZsK#`R|{dpKfkiRTg0yRnKM~?~Z4ClSg;zmTl^^ zWaA1ZuZ^a48NFUSbA42&2sc9fXx9UIi-MqBpt9b&)RZ_>!sHUtRrxMTqd3h>Mnx>1){zKiEbmR-)Wn$kN%~Ji65J^>46aU6{s+ zzgtM{Prh-y+*$S}lS;@1ISps>WlyY!a>#rGMdg**N4SpDrNHrx<2tDoAovO{`aA zRJKU+iAvq z*`M3%>9?#8eK!8Sj67SaveSehOy7oFmFreiI|`|*d)!?GFG+$%%0rf1n8u6L*bup& zCTHU6Y&B+o_ufscXIKd<@9&n`nMb3#zF0*RV;jmGVxM~2@177OpC>!gcCrpJ=xT%I z=}cq33jJ#`9)A+}QZ|jNdz2yo4qP6xCAtmXrKQX6>P^@$yaIb)$`T6> zk9OcWKX!qzUfaR5K9%Am-hI_HBDQ`ZUvhGa-O)ny;`!=4$w?D-vkBml*~*&U|D#aM z1FER|YG;a37M4b?M^EAe>wo`N-L8*>1w5XJ>MsubN=r$o!-+O)h6rx%_m4lQG&+?O z)~T~N&AePnxkii;a7mZdt|yO^oUO2i2Ym{766J_~cDIS2Fb1nR@tnnc&Jj*tf877# zC%f@$VxEQdxSf01G&YaNAfU~#?uL~9`I?d0LpcfgX8+(gs#W+wyiDqytq^pT(05p7 z0l*jyMn&yQURD;bgx(P5Vsa;p+cJGSdftFz|FbBQ;np@3B}`dgEI8^L39_6>ftr=- z2&iblZ3ikDieHT2kcWpHBjH3P*`@3=iSc&0+JvrxZc=!e`8{W-3YrP)JFf8TlpBh! zPTNshP@IE48G{uWzCBKBT+?Y=$B3XbM+d!oY zjw<0oPr31#P#FnjJj(3LT3-4fwtpPLZ5ynQu&YYh$4`=$#NVGT$wO?Le2dj;z~iHV zzAvWF2OCM#Rkixrtkb2B8b7y~vh*TTxhmuQJy_@TF*2^au8m&&#A%&8|r|d$z^$`P}lEJsttkuKpMB zhu#}noN9~7Xp5#TwbeCoDqc1`h|5Ouf-dw|_vQJkX56w>38%5CrLCP;0zWn@-ruud@CutPB~y7Y2mSfcRsK8x{b2jDIHmCl zy4{OyBQ1&rg<2PB*M%mH=Rvz11!t(#+fclJ&B=9{Vl5j?F$uD{?_IqJ@Exmjb=>1H z85~Uaw2S?|F}|L7a~9$DH2F?gRAe+uPS9k!q@(-7lxQ0EeW9FZwb@c@ovqRCzkCAH zRX~**bdQW*9~F)Sh6d*vr9Vy-XeR(2vX+dF{4-f?86N*sJeb|M%jzq!H{G6RsX%zZ zuBngnRgMdlw4P>n5M7VtEvqkgYjjU~7r_SiRcCTjMH)g@ z;x8}uIJ4!Rp54%D`US^buf&X~RaglKJ~1Qw8Z#I;Z67EFDQ2}4cHX35RZtVUa<(vP=NZtf3%G+PAV172U$N^jCBZ8Sv)d4zf%I9lbB_J9}xTe?7B z`p$~q{5ZI81LvkW=Pfjjyea62V`qAadnmHZqUi@5aZrerm^jtmXve=ibN#azlSo=u z4Q59ru4MZ5F-Ee+b((Rp8yd|Eoe44v5@$an?nM+vXj(GqrExlUN7cZ4NV|)dxf0&j z-z^MJaFG2|KJ{5K0-`_N&bwUFMcN9wuFk*nb7uNRGTvS)UaV8K+9Pw^(ckOHnB9r|(vBa5<#b%#SSG-#>3w@DhDw6&3lwUBXexP-oRUV+`># zV$6n0#|BH}+`lO=ZjRti@5e?r+v8A)V%b)7CKDa19Hn)8|9tv2PJHJ+(ZhD^7F zbBX%GM%Z{n#%!pPteWac-@bJdO_!g1mk5gi%UsZpnH%|-u zEc52z(Um&J^L~=-6YC%zN(C*=%g<;rCrwdp?ab@F+~!wG&QNb>LVlY>rsky39Xqbu znJ5Z3fnAE`^pB9c`a}*~{U5TvI;yIu`<4<>kOt}QlFo?7j9{bImzdW>=0!upNHE^nK78`jxV%$Y5p` zH(~u!)})I^_io)a;ajWH?@MSWW2vgQj#2P7SZCBEXP&LbWo6sP%x=f6re;KI!Uhrq zAQ8OzRV>7)MA1mVt}bgJ6=5LQoOxtFx*zyHiY@hKFj?hal%APNg~vb7slUH+7a0p& zM}6N~lq>%=J#(Z!-)!31_8WjJBGG9w%%ih@_CahXC5>m&Mjp4^Tx>N1#|vRVP}EiO zZ+=&s6vVP3wfeUJgERgYzB^T@jZ!b#4)!z{tw|Y?#!1h9y7uOjJ~Un1-m>eS@hws2 zj{8l%cHrmh2l$mnVtc7E!WArTC7IIA_Y!g~5*i{a0V9p%vClnL7r)m1M?@R21ep(e z2jB!`Ok<=|zCV3=Yl~kJSaZJ?_+Elgj65FT&O&GFkQhkJbptFJg8yLySqtpCZR~~d z>n_Xc3X4ZP0GhE|r*B zVB0>n@3}MA4GJ-1d?<=eYC{z$RcgNzbyPxRV^s8V6F#D*E6fcKQB&4E6#E+0W|Nc9 zsv0pAdAaDjg2+r{60afqS(EnbX%hQ^jMoLki(i(HB#=y)fZFe^%-4%)&=f><(@gZ~dt=D~?K@(8p7)d>kE5 zt-KW8x}tdU%uw55RCV|Wo>^sYVv*>%gPRvs02SljxPRLHNct-!s765M*|&am$kUbV z{!gjq#t6SOQFQ-wr$fR1gKW&A)9txqW!l2=^}6JYlUwUQor$DHCq8NM1?sZX*ff0I zQGT1v0~l_uQ{|6beI2mw@I)pLWyz_!9RAHN7aiatz1&|(lcL>Za~5K&d+5l7-$+LX z$(un*bY=n@sH>g&YrCO3YFCuXCr+5mtQ!mzFY8ST_6k2o46Rt0%QO-M>HdceiK+9@ zNo7>D=#`8duel|Lp=2f$7^^>UDx=3jhtqzvp_20j4jgA+Nrq}c2C-&>^#)61*D-5qfCS$V1 zW*={;5`?$r+Ik)K3OkIom9y>5)T|$fhU`8;8!Hn~o*=ss^xwPL<{Z_2i>zHQi zdf9P}<*I{&5qZ>G{hybPWh+qGwJ)t%_)9$G|M+9bp-P~Mhd>(rN75#WzsMm5GH9(4 z8TlDcE$DU~rT2axJ}eA$=Z0n(nZ0>2!(ZD}JSYBR@Z87+lR~L{t>xhe;%tm5 zf_Zd&!~EO8KAvsxhAA`*p?d?pNlp!{gl_T>B)y|Zqp(tzv(R*?`k9b?npM3KHV|4oY%zH^r}~GoDTlSg1@IC^EOIbCOZbR-UQS~vBOTbaXQOCKB(V1@i2sz z#!t(bj&as~(Z9VnQmc9wOa30NrU1v`{YaivaJugo*#Vlou9V{9V6ML;ib|jJ;!P4@ zZtn6EDNjq==a=c%m+UgZfP#cRhJi3Ubt{P-2ZR*J>$XRqgh5V5n=} z#V-kqEi628AQwY-}ri{=aaiY(&T)B8KcOJkI_ zB!$~GwIir*zhJ_2{9Xe;>-}0 z7-Q@dCk+(g)(@{nrHYarq()nL+16O!K(f`~WGKD8i}o0U$oWEB6!w;of~B(EdGd>3Tj zDtzZ}fqu_+hE<8-gc25u|7FyJ;WM#ivlAO-TyRtYg2U_TE>m9)03PQ_g_9k~a!k-_ zeuKI|{&b@5Pz||e<3;Qo$y1q`;k-1B;Iti>Xd!z+^^b5$#1~MypHmFUMkpqz<@KAmXC##HIRyfKZq@$NLp3u#6As?{P0Af09AwZVHz@5&{7$|Tey^8Rx?rG0lz zBSYb2f6TCi5*bPKp=GFG5EQUTGEpyI4{#r|{MHZ&i8$Fw=2$``?N{9C=AWB-+!8t> z%LrQ!!1($~VDVu`%u&BrUr)LDoXzxH=%_?7Kkgcj=EL(fcbxMmEX>=D-ukY`*|pQ$ z(q}9*bdqX9c_l}&M9BYuoiGb=5$XR-OLz7UUXze*qED3kyf(0W0TH}{{r_0fei20X zhT}F{NhpUZLcai@64{g#i5Al@f0cotnTc~QDm22=?~gv#&&lo_8T;^ZoFdN3X1}ce zvX5GUI+6bmq^k%|QsNH|+Al-z@Kjw|s+PJG#q@r9aS*%dh2N&^cmgRswqsVXM0V6t z2#VR43+~AF*ZKvEOP5A%gRO zn~VRqf^0SLs8Gq1>_PEa{5ojWNz}jpDjY{5hK(l|($A6kPuVKaqSocXU0aIWj~E2H z-i2--Tsy8W=P##@5~lg>u>&@--j`2RcccMzOG;@z%tyrO8Svb%7ch#m$rF1Y-Jh&u znuvW3dYb%UO~v^~cjFd3P>vh-+GU+d5iJB0ZMXV`>j$q{p|#)!<}xe?rg>LGm;IsU z{P86RbqY3ozr0oN!cTS<8~kTXE;Tv4Q_0T-8e@e0l3=%)<5QS<_&;Utd8t@Q8e#2X z{pq_(Q#pA6D{9AG!+?*xg1lRrC2&e&%;P25Abwi~yN-VT^Ft0#*wJ}^V(Y305-Rao zWSoJESTZZ3$#4S2W)f;+Lt*o^<~vS&=k}bIfe-@IvZU3XD!Kws?5B-Y2F_gnE?Pv= zUU&3B1w-QFO2mt890r&C$EYfbi|r%-X+a@0WPFk}!8}2bM0R*VUbk;U6*1 zQEC3^3?@1~5{08C@d~Z@7hKmdZ|7L1x-9tWWo!KQw@-nqhqA(m@b*$2EDnX1XWH-m z;|}W&70{UgC;iH|uO0Ri{F6M(S@!4QMoOO)M>(lKbF!l!UnNXWSbK0?B#n3J|A2CS zo2aTsIqceE^nVI;1=eL%9~bqT-I~am(83h8fh2_xNn`XKoZ_DiTC&%Zv_!fP8A2b* zzkgLo@G;&I$Z%mWCXLZ*j{Jd3dtD5oJypV)$r&Rd;`+r)(ssML=iy+|Ziz@mYCkGP z@YcVVx2ecJYs>tY?g2Rc!bCeA|M^=G)x42O^c++VbKI2UxS}n~Fx%L6AKB-pjs0nn zUF()ZU8xcZ7exP)r1{LWNnXTJ9ceLA1bMp6-d@Vb4_aS_Zq-UR&^kq}0>PN47z6a% z-?_|o2`8J;Jwx%@yh(YPN@WE`RiWOhJyA(UY9LyjLTq$7b-lQkiCt?;dKSauFIZd{J$l zKEVBIB#d4hh;`{b^2PA6Ac9C?2By1toV~J&At0Xc@;<7(Qu1BMzb#ZdW;lfYzbmG? zGqC@j_+~$f=e=>C>B7BTuq&T~AzIuV!jei2W=*Oo|*%A+->+Ngd({Ifxsob)jW2IdM;Ep_Q ziC!D}2o2>{M3O2k{6if5s7IRzx`l|%W)vXgg-IbqNsx%13YPL>*Q7}GbXj3pKWI6Q zn)vdYorSv-qs0DvdtEK4XX4F#xb=kVylr~jj(*aCNho2t4H1m*ZNzupQ0r;s zD;zHeOfrc$(mCjp_*(AIDwW)wI_ME#<^*dD{A%udA_+z;3+|7&Sl)ksE!78iPc4+M zQR({_ND6!BsnZ%H!4M%y4$=3{R1)-lZaK8(PtU-hH`v^XA-~xBmx9q7wUVR*WUot& zE?=hqB;2-KpKZz^5%YiDluP1|%^sysZhlGGn@-+Fi}nmYdj(tzJ-u)<#E)BG>)ns^ z1wF47438I?oY7P;NkYkhZAMj<+ByVs_9^S)!g;~R!2u=sfuEq`lH_D@(umt*{V96W zLbcUwcU^*MC1uzY9b-MD*{R?}p8%yVoT^j&Af-I#SbG6W6MmD`dV&K_MO8HpxYPp1Xrm%-Aat8cbLc(lV$oipyn-%gm%ipcAfEtP-(K zDR+A6WmkTkrR#jWH0qiyl;ay{;G2NvJzP%{>vdLt;9?EZ%+V$b{Z5N~5M`lpgSJE=M0p#E&M}Q{=mPw)7E#U60ZI z7g(a}f7qYjxpZ`N=$3vgntr$$ls9HgNprm{e&Qj5YCYzku=IO^(_UDrhZx6F(^g%^ zSvv^A&8)Dt#v5Z0)i)FWnfcv+a2tkzbV1Ff$|B-kM-~4nDcws@iF;o*U(zI=}^{yWSYE+q$MajvrN zkkwTKBFT%(UTF1pdeQ%>+RXSlVY)uMZzO3hH+aB)1veK4%=6QCI$Ejp<~uY?nuhSz z+MWI@g5cgSBC^|@igU77SS)GPJl3SdZx|0GmI;^ex>RoFjpvpd99e@-R`91Pl~SEo z@F@5)g%c*$7-iD~dkKR#fSCb$-@&x%>Cgc|%8iNwP)P8EMTyKN*FufbGKy4WWU)j( zcV}I3C7?f!L^u|tLDkd_SXj443&%J}o-LUVu&njr+dYw{8$0FB2NTnI@)~72TR=Cn zK9DB|8l0^5Cm&MTt&oLPRALWX3VJ5WoiqR)UF`09YuIghd*o0XOf14HQJ1T>1qNJsT2Pje{~r8?N_;PjjSh58_a6x9*8G+5MP$BZ)}a8Nz8NeMkQ3@9yq0B=ZFccs;cn zvrp7nuu;SwWUt;;TMgY^z8`t?!qyl152*YXEe8Ps$@nRK4tVb(f4yEwK@dLVb@8|k zh=P)qlQTLh*5`3I5K=EnIK!f2_1-X-O`?TJKVKBaF?_CyM%*4HO^_{AttHCI#2dVI zdS<=6KOVEJ26k(~CUV%Mas8SVh8$4L0@p~CatVeV_;x%K^QSLn5!!>p_%q6d)9lu> z$)ue>FmN#8+RAgJZZ04wDNp;>iHy2KD}IMvQdE!-YAsghu0Cr%Iwt4z1KqgdZ>ZKd+6rbsnu zja&*H2d5AC$<5aJGD00UKjxPl?)}?*L=kdWv}47)-P|Sy4%0ykj;ZogV5aGiKHoD1 z3+cDNC-z#k7IHwd9wWpbV?`IENQ$Z+AZY z7ho&kX^M{#5)u+lB>24?l9?x0d!)%gb$78d;zjJ+1#Db2n=L8lFPtr>iu=KsJYi|+ zK0i+~M>mosFX5$^UeS#qY0%a? z+#7P)nJ_?%d+*ow#1E=ymL;AkiU{kzo1au7aWG*u* zp~nw_A;-Q3kq8At!5cmac>UOv!&c5QW#n}`Jc?Bhqt-5WZ|C=2XbLgY zcke%a1dYRbr+ZGw^EEGMUS4j;ar^91Ji;UAJMV%kasLK(rxWDPMbFnow52Dg+i-0% zN+{PQt;TtOoUM21mtE_ff2ElsoBhd00BQEu`;Asub~^^GqQQL&d(U(-qFpvwDkcSH z^M>^s8+JBS14I3L@2BZn=cDa|{53ct;B`If7+WKkmX$RI@9@IIENi(ZN|422e^-DJ>5^C!A=P=|9UOs6KVRLhw(bkJlDLxTF72@UOo6>-( zPsM5}+r0waU_Rz=KyHmh$^(1{{{Npr3mEZ}>mi9R_v5SOw3Yo%n{Rfu(Qmc-P&qBI z;i$E0OnZqJa0K^gy?typ9-?ft3qO{ln+zmEZpz6Cc)WwR^*sZrwX5NOnjZ4@nXrPv zTr#yl%;c)%h)<3?Jkcb9cy~n{4XLJ9BG{fCC+B}&9|S#l?7xRP6x5WJPQApDR~dX> zfOlML(Dl23;99*zJ!8Bx$lm^05RcPVw0ylAng-m|1Uiio%u*|La4vW}medkv=X*w^ z>a;kAfT6t~_6o~i#t5vgq6*%)#~K|>muRfSNOp%NKp`L^y2AQAIQWq3s;1TiRYk$L?GxKouqe5T%uK5Uak9bzZ^}6(?!bknrZY~V8Q^^o0TpU zMewGNbk%a|cYpAj7+Y^=VH|>go2pSS&)qMZ#;aRTsZS+Z5gJs+p_{X_nu$z$8|G23 z=>$V(y|ghU$`DTfn=wl%f7295HPH9*Arld456+gBwR{WKV>@42YX=*1i)d$$0<`($ zFLEcpjCODfX_PA{q>zb77&#KuZ4r8>>66ASs^?rKjRi}Gy}*SXE!GeBk!`;+K0MNXZeRyDZ|Jh6 zua73FmHfbunu-FI5JN1b!h{FVh)T+;$XV%9C#jX}0ed6J-JXgF>X6TM>xD95)k_SP ze#AyD1<2Rhz*&aS1~L=qwA(~BJT9xA#W^+}*Nb2?n6BLw4y);r%Xtu-pt*;}2_ET2 zF@N%AM5=;!eS32rbvQQ>91$_h5heB-#s2<^5&m*N*wONktL3qLC;ovy}P}VRgrJ200Qdxt>C!5?MH1 ze5_EjC}7WqUKr5^ghgtlbST9WFn99Swz1fvfqr{DM+(Z^^0+hnTCCEPF`2^&UMiB{ zm-U=uI*-$jqb0Ap10s{E+TaLGjS}^DV5-C8ccNxb)e_GL9k;YaQo8x-VrAu;Z7Nd1 z%w)rEqTe?(mPCcDJ(U{YU&=W>_g8&6IRX^fy+vM>vWbrF?dY$*0oL4kd)G{|kk=2f zuk2Q*6msvGR!3L-jBZqo=E{BW0n>?`pNve~QznG-JiiIq!)kJ}P^%d}APAXye?-*a z=ixHbl2^7$(OiQGc^X$~j{KZsIF7&%&~lGUO#C5F<&>=D0kcgrlY-FUdkb(hrg#R zK^_b(Y-vd+o5#99=OCF@keln?VSo0i;QM!XH99QtYpIHS1*O+NrAC+8ZI;QDI#RH9 zQ=MOm6_8$5JYr)Ke5Yc3rHuIo>1~tQdU9fFssaV~cEa2b9zK-6TIYVh=QAdui>6cO zT$?>7n#XfpGn$M;_nCfX0A=IVmh~Lyv9oUPUhd&v#!ilS~jJ(aPY5UN@Xg` zrsNzMWS`?8ak6%67S$HfK<{ld9L(>MafuMHB9KK;r4yjJeK{ zi_}*j{dl2>gPg+fg^Q8Knlh0mw=j%FY%`%xfgM|s{^oyz)%vM;d-{VcTr@%;IwFZu zZM~wc^edKg$XN!-Y}w!)v~pGSG*-U(vt(5q46x4cKHo-ohbUHh;((gPNywW$X_+GE z^7hx-+ElS_uMJv`k##;sfl{XZ0jD%tuv^__bvN2?y-H4Su&%8KB95@X&QU&2G{<6A zjz!LB_^F@-ybXEJR)9VwX`gk(w{B{js7-+^W&`!Q6Z>q@n3XhCoi*IWcBP?zQ|^7C zc5Ayp3>ey{2o}s(zGZM^sB3yze-l*>HS73a2MqrJv1C9UJ6dc}NQ)#SjG5b?ZT@<= z(zu|k4jt3n=mz_-p!D#1H5wJb6rh5vxkH3`b9x%7wf!2`3&Q%7 zPS0J=C_3}%VxJoHc^gxp*M4tMKb+U8_f9$A9*IR;!!J&jho{KK%2QDQF9t?-DA-}$ zdCY82uFId=e3W26mOEliS#o$C*d&f?yi}oAhuTwCW2-G_o8hO)_4}q0zoL~(JSBm% zPo{3O;CV`4;bFSIAy3S7!=(+xaAnyK6>j`=uCn(EX}V|zDn(vI+?b*_lGu$_tYhhh zU>}2kV5qIV=A5*=yjFL9GVk5ttpI~@7fCD`KP%b@+rTcC&3{0X+jOfyf*Thi76G{8 zD;)QlS)*${cm&KqLe#bP`~FtIAMKZsLGT9^F&W?UY){0#hR3|`a@%JpwLwgN>K zgTB86hs~WGorSu!L}@c+-9l|yDtUwUTU~ElpPL6a8x%7d%fV^keK|*cLHHqfXU9;d z-Z2J{8YT)>Nam~d+cdI#!u^Dy6jH0(tXa!}dT1b_3>@sJfN%~N5LvfQrofGzR<(uz z+$Ph@flcp=-S(Ru2c5QX;di{Kt=|gnVwz1)R3?O|M#QmixY+ zGIO^eA|T}6Vkm)%lE&LRcdkEHO?Cm9@N8+1a!{^=$6+x*yx_Z?l$AdYQnJMcmjG}Ln+xj1Kb0X=49Q$U zS-!~we`9h^&d-e&{;kw)kdfE~{aneofj@3N#|CDa?K3k;5UHpNk4gBJyCbjA_snY_ zmhK;G8DAnCX9|cf0=f;CfVU3@RZQ-N3+uAHc8^jEpw}2}?H+llDj* zx5_2iF2%^^SkkIagczP1WIzJB**WC-`S zn(W@cA|(|=vat7zBvko0gnTabcI)I}XU^V2)?GBqzUMB>88=iwKifV!6O|(s_16R9 z*>dYk*BzEb(lPFuCL=Eo9ug072A{Dva%VGG^6chQ!N4Y-oP#G&g;LI8ZT%HCvzBxk zrwy%{5Z4rNci0-r>>m|U%8`NOFV;H+4Qq2Ygr_A8COO=Ui8MGL{wT{LZnc>U2b^Ea z>b>R9qyI_dL05(r+OhRA0-sE9GmV+x85!wqzIcDE{KG27AGM;?!}*3we8;s#o=o#4 z-Wl(n<{R`%zm$>C?y%@VEO4&El__`!&FJ?#(-&P`Zayjrn)P>hFlaZSHtR{LIU|AV zh5#Zd6fm%RXWHJx188bam~SbkEvF22PKM5*A=FJ^Y89ept0{+Pb0j*Y9P3_TK}ZPg zmMb*{GrRTT_t-pHmd9QT^Xgr&4>Ag}d<2!83e!JT*=U%oHSxS;M*nOUawaW6l|{hk z`MtVG{o^kc%G7!uX6Uh>U&s@gKZ|>D8Q%cUs2;G!=IVS2Wn@AC0yUANLF{>XxLud8 zxa1j*bBUS8S#0)S3Er{K4NI2yjc-eDgjUH`#XoysnUR8|oVzMy%c#b?n={6tw?Jbj1t} z$pE->u{)XMt4K8FdAS!r#TZedUHjK(;drW4HK}&lHwtChYrz3j5rlOf5MCjLw9q;0 zd;l^uJ&#j=|NfmvHs)6~k?VJ-7nlVsGMb48{!dn@lU4BIBK{;=Xs;GRvkq5ylBH$d z+Ii{pMF<9GX03fqKj>$jNHQj;7fqbjY>y!9eT}g~0qOuVeY~vJ3hvl5=gp-(7K=uW ziS3E5D=|pT{#)uYBdMs9U7!T9dNK@>)BW4sgu~%Xq9k+=1Bl8l;ZSA_!1-{=@7Qo} zl!ugMn~oM_{wI%je>;a z>-R3W8rx-YaI{3Evb%U?DHcGkOSE?Y8uU#*Ki$faxocmU%;psqagCEIin+0X=;1Cw z+`97j>(!c<{0sD*U_ifxAp{@r);tD72;TU&-O!@-{z-%N(2IRp04VQRhm2N8p!;P$lB2^X(Eo~m}Z57VQzYsI6d1LA(&VPUM zvBht9axlhP)k9QMa}^}wSlj+j-q-DiC@}*^Ps~T+PqINHOkpekH(i5ASKyx}qPcI3 z&x9WimFDMtNPjaY2E(s0`Q~C#)1?fzgo^Eb3*2t+$bth0>a)qHlxsm8j9*?H?dZkX zVNm`1E!L(%*BQB50y?a9LdN{Zl{m4Y=yv~t6mKXEpH^@s2=y=+{P5y=3o+zpgYuH5>x;A zJlMM9Ida>*8;5irU$3zkAGDUU0;>I;9)}81SL<9oJ)U(Y>C56PN<2|>$l|Z_n(To3 zyTmgZa{Q6_8+hR^asCNwr4-VV*v7+Wfna#wdi+2C<(v^~*3ZB0=h383c9h*UT6$uH zH6bX*lE+Gz;=?({IAd=g_$WRXFaIN!E?8wi4%dW+mNaUg0!C$=P1$hx+fP#gZ@rI( zR0#eNH^H|FlK+MrX9p8kbWy_Qi8u<$d)kd*@)01hNu1Q}fx4o1dj|0EaERE6(Xd3ZL38-n+uW!mjQmms_93 zbSK?`qtB-3Q5&dg$}ZWosM*$?G9C|)33 z&_3Fuz-9)Y%a%V~9qW8XvF6Nk*>u`!%J}L*BC>B6iYhK-me1|Ui(K=<`MU2;dgi>M zz52mZxyurZyRaIQrnz(1ls8?Ls{h~;`(twSn~w)97%r{AqaeP$|@?tkWf%mMenOr1uj4+L_=ly0MM~Cn=RIt;nr7i%o<8` zrAifpjEwAjdv9xf;HM#JW+7O#>IpxDcrAT_J|HT^Qvbcz;mr`eAm|aI)*5fO3*mUA z8gD`e=#Ac07tNku>w|&`olrF#TI`2vrJ_yk40Ts;rSqD%Vg|ROW$6BwzBQ$YJl$SJ zps!#^Ky@+1@Fs^2gbtZ6L&`_x3JK>E@{yw^*wsUf}salqzn#$^#J| zi6~M&(L%q@@0jQ%tYj?I0c0>g`3;kb3kOh*cBS1TwRO}JpWv2`3g$k z_v(!SBHZr3t_G8vT$C-s}g)}V;YdgLJkGm<*BjN|RzVqddta6TWO`_5xDvpe z(qe7^JNN8p2_RWoeQTXTA8;eo0CZUnz6?NK4EQQf=ctKK&%-}6Xg4JLxjqI)$xDV| zE3q2iAk=MbgUofZf`IM>@A}__$FItIfc5SI_bJ@B(VkQLz zd%U2}{dlQZPzU)FN{CB6MictDTq4xo{q2b*3kT(<3eygww-3<77@_ZxpJ-Q;v@{i( zd~SmN%K448N4$`xFgn(}rh;OmEt|V}0k@{648@4-)6~gjy8+fM{d8X~SM@C`Y}}g< zR4Nh$20VbTSWZR1kMV9OWZDQ?Qj*4lPDP@2vY$fRI`1RG-+C=n?YIbUU$K2@tB-a5 z+d0!!JTc#8$v(6sr{+Jgz9@_SOYqn`*x4lVRBNH_9aGx8SGg%V6P~nM-EH;@DXF`g)@JtLSMH~=!}3g`RDd{`Y6{J& zhW<^?6Vb`Y#afP~-X_Z|N9{$}c38A4Pg9y7lNIh<)VIzp;B>qPZN9VJ8DH^)^uQGe zz9Rc+l0&a?-tp&!#%Rl4Tk755M`<`kpy7IueWjVnetyEd zY@cX?9E4U%++5=}5sFhcvOP`iw`@#9FPuv7M9E6lms=;}>Or}O??5a%Hux*Jy_ zV3v$mb;mJ5pR=Cyd)WbqabR_g++r@D&@?Osf2M4_MocQxdI>v3yknv45v5*UG3#4^ z`SQb?iHQkdb%#By%^w146|j}UYRZddA%A4O<(#F z1x!mj^Uc(GgNY`SKU^rfdR2=Qb%8m;bf}3Aw;ytK88c82<>&?}VlpdtIQR)0kSL_h zk%d3kSdg=s$rtE7!e8KXCj-WYlfkoIwvizMN|gOnxpPXz_aA`{7bm25$T(eXq@Csy z#XKM+7i%|%&b2BQC`0lucDcTuVbP!V)|5Ov&LC%6Ps0PXs`UY(>(lLPDP-bY+oijU zBd)JChrH{@$D<%x^ZfN=2EcjlN?W^H+2=4&OgWtQxLh4QrF|inRIXGfta*IGe?OYF z9gT7(>LP_;R2Hd40rC}_BoM};0i=se5@tq#zVjQjc1 z;3a?$<8zrWR^dX?Co$)NHWMguW@1J__w{D`Shvb*B_?|8piyMS_mR@?@aCoO{1W4{ zv$JoU7LGxE3KuBao>rzHOcwJ2zzC_FcI_?AUN7R?s^i%=BB;U5PC-Joc96CfpZKzm zF?v3CFCFqf34`E)fWu~(QV2xieGENPPy&F4R=#cXoeqd+!NJlUot+`gMppL#8u(bP z#o>8#5q50<@+DCBZ8`!hw+BP1hK!Lh;WL}>8u%-nO#B2{iAy{VZnq-> zQqo^dJg0;}lPuh?k{8o&45T#lFUT2~t_Diluh;<1jS&mF0f370!Q!hF`9w2cOMQJs z0->I#X0JN;Q?h{9DEX!(TE*J6iD2!X1K6F-a?0Ftrm*whN{#)~1CQ2x?folR_ji2ifmk$RA@AxpwqL{_oza|z0`nm$Z)RB~w^cz4xR15TU!C8iA zGPCyOz`Nc(rE%0_IGhc$@J*#sGE5-}cUJ&gLlDjH-?1t(o1Mj)gdh^Lzl$E{lkY!s z7cfNw!S@TA?2`7#D;L&89NoeZ#K@fBRa2)+ys3~18MbZPghwv zF9;~Oc)uv*sT`v7u%TH8=<oOLre+ZmJ%ayFG+~sJkyt& zf}fm=cE)FIR;hD7{Y(eCfq#^EpV7*wMXA1kuM9rnD76BFA}pA{p&ta)duxozOJGc# z5fUp0^hOOG-zf;(c76If`xqVgGB9nlhc~2Kr@AxRQNu|DkjU<~!F!~jDc{D37zc)L`oFhM-04~be zMPEAs?_Z#iZmdsFlU7hzyPGa*x@evGZARU=N&m_4SjbN`Ps>HLvqQ7ln-+A@lfX<` zVq#(nGPM%DfFcd1N{de39}xtH(q-DCf}rV){8!iMZo>iOrE=Gq&7i4L>3k~sBZ@#F zjG9fx{i6YDmd_b!^Zk{SiT)|_yLXV=B)$H*gb!rA8Ht;NiDSU@sYl>B8`-xN4>~4ZIvwNw|SIDZ0Y!4fMsh{+rBvCrNhbLE_)t+s(F6GU-Gb}%Hv^+%NF zfQWDHb4$WoEPCY{9iB)co*@v0KuxLPKGDLaT;xi);mG4;`Y2mV)J&t%(j-OSFv9J$ z#eRQvu(fNJnIlHMFyK3^RlPfvR|H9AZh7L=4v%}8LJmZLDh=|uy>5Vxk*Cmj1weQZ z33(hIxbLryeraU+GF>k>IRpR(onFQXFNftnn4jfoB#~l4Q9o_?7XEm?yx3zM2fR4n zO<&tHr-%QL^=MGzci-5z$JtgpW^m!oxsy%ZabO-mALSt!LqnDz?cucE7wv;T76&x$l*p1>A`a zuLVgc#$gS%;LCq++6F?$$(b04xMlPK=OZ}xkFEU?-r;eskF~?5H0s}9 zqv2u&s{Aru$rOmE`-Jy3;Qm^*RYZ&eU8aTw9UEKnbiL-)S9D5Ql{p2U6`yC=Y$Izv z17IAn3C^&CrRLtl>ZsHk`|GqD;+0n+Tp{6&$)U?Fe~M~DA9O~tcw1Oq3rzHtOCa=O za4ju`F2y~iqhG4I{u$>j^;1k_aAFP=Mrz*ykxBiZwLd=Brdd7mpAzDMh#*Nf3`k2%dm4@~n=o_Mfv1ria0HXA z@heEx)aMA^&i>To__;F`4wg9nBCknh57mP(U{m_*JDDE@3pwSjD8xESW&u9o2MTN$ z>*QmUnrmclYbo(lyxE-O3C5Fenms=NtYeiJSA_|rk%u}G!p z^!%KfRFLT&v2QdBm_|I!pHiC)Y6$14l-ulMFUU4!I1>ms2hZ}=dRX=e*LE$NT+*=) zY#s;q(L@poz_hhKXG#=Ivp)6`CqF?@=BTT0xB=nIgglwUYI6={`$<3!nBu70yNCLX zX0{uAFb>nw1Gss1b`B4y)^$Cv9KH1`)eqBa%`%V=e*{Uve4NlD-ma06m$r|tPJf|6 zy-?CxT^~Rqt1F`@yMEFR%YWY?2T+q!BPkn<5}yKcSYW(oGy=$#fEu9<9s3@c@NdjC zwo=W|Cz5(}wFNpi9i8GZsF2V|*WJ$FziA=~cn(Z^3vj-Phzun^vBAP4XZv0K zQ*%x%#~zL$4{{{9wyehU^Lu7kPPZ0iq(>&=ZaZA4#ThFwt66zCG+N|w4UO>Ik{1o| z4s?AqF3grr6wpMQNsB|sMy6@Bo*fDVi}aPZO5sI52( z2;*72*B9}h+e0OW;yQri6y19IdNJ;d@pFBD!gnZY(n-^3WV()rey+i&YMmMDqa6Qv z&vf64>DH|jwqZTvT;H?d6#G@ui@lQBpBP~16SUF*tiuHB5*4GP+AyG5BlFTM)|thi zT;~*0kgepA5LBZL%PTngr8@*l@rWmqJ!mDni&!kxsdp-Q;7;Ho9!%25wFuTb>suIM zjn$NI?M3(XW_5;RSJs@_nnkggaxJoY5{8N>InRqc+%B1@AO5QwoBfx+5F7DQY+3~` ze);iFK)hYQFrR=BbL#TaA$|#W1Rs_zMBz7r@Qi`S6^}%W4?*ZED)9(pKvl_R7J_vl?g%S0HeT?Kkd=Q)H);VVsjm&Dh_zKLfpB=ywUtiVt@T3_^b zg+@;W*|2yhkEt)fjQS;CK3M1koyM`;y!ocaM+HI8d&VB2`zo=&;W%vn zzFfs;W-0=T+lvni3~oEB&7@-wZitQsVo6PqXqs*1Cm)B0=inhxs#nlKHz$~>RqXh4 zh;Qlawe#jC?Xgi(x|sXEY%5{Itnbc|xItr-{A;3427ND;YEPFMnmxp4Dkz!*?j0aFeMpXDuaRywh+$a-ofpja*(YtMny9JDVJ zs?-+hu5+6wIq+Wivi1c_O~p2;^>@1VtQpGKO6P;ebps8&`bDlbz(Xhqg@}Te_lJ=b z@??RXkg+2V7-0RfUOR)3$>REdtCsmf?`=MLg@~^!Hwtmr5mk)JeXkSTw^ga+qdm2z z-WYcs-;eoP*@}|K!#*!l61dHr&qAlt9kux&^C3jOHD`EytGP)<7Ilx*|S zi>S1h;41s~TLNzaL%}%)vR96fO=y*cFYaz+WXlxUsBIc#z$xt^(HMh5)ozz2CtgK@ zaomXj zUiU)!Z8VY-i!#*s(dYh6{@{XR?DoCP?`9dl)7L|dHyDFUPo)XQd&*-q0;nHwz4Dor>Cxvtw+rH^Gel@?~wP$|&!i6jt| zc6P>W@%07N>sKPE2vNbSZBITgY)`Ffs~oj~^XC1Jnqg)rd?P_q!yf!7KL~&^%d6tp zA;JC@e8Wej;OHj%k49TRsUlE`zm><(Eir*`DsLout^1>DM7xD#!u`WYs=^d&*Y;-?akEIu1!xIT@;k%x&6 zkSl_qiuRgNfy0_eV!M6wjpI%)$_MwxI%Wv76+eN?Tsd!h+a4UONrK8UL+RFig>MyK zLU=(MJuP;O0ha^2=;6v{FQH?yJjpQGR>NexWx33V0apjrlvEpyXoF9?la2p3V4$4( zs_*yqHZWD=Sb+92qezjMLXU>wkqN-848}b{gB#i5$3O*AY+&D2!PMRsuPu3$S_}$L zw4GnvaxX@2{Q|8WIE{06ol*uOdBPJ6WJMSkIuqIm@v_PBN|lAi_sQ3Bf<(Ski`_@( zQ{UnOj)hh?%X*2p%Jd-zyK&(}*91PVk@EFAf5aDkWYI8m*qV|-f=?4LHCA)3`Lw+U zYB*or8Cy%VJ`%4~Qh_-;e=wvp$F><(2wLdm~s{O;Ppm=k+(W`dwnDp1L zIi26j&0bu+{QFbYgz77g*G#oG4Q`{hKrM5#QOUgXFNeB%e~OYSU-MUWkm#?UfNhOQ zuSceDYg?w6gd8qb8dNh!B>NIV(xJjklQSp0IFg4H5ELd8YP%Ymg(C* z>JW0he^wVM-Quwc*a%+bF8E(`y>(R8(YNl6hyexy0s;z(v@`72fo%3(-?iqN^LaiGF>oExvgbDot;k-r6c00qMln6BOf4^XEg4)d_iOHf zbjiy1folPh-iqBy|4e*R$EUb93Y&cT`S{k9BFED{a! z@*hcNwtwEv)k7S1l&Lr zD$?)9O>cU`(fgpOXQoLs^_?)CPg3Wow7hyM>vln^X)AwzHdwubgwvbkrLrY<`87~j zLd4+EZ~5cafY+$mzTM4@)g38_)sE#c#DV`!#daesBBmX7bpn{h?&do=_(!i>B zV!ja^&;c6G<$3q|5JGoyur?D1UYK}xM^7*)FzO6{2p+nNiu#T! za&Ih%2i$(o+1O%pRause8cJKGhjrV9A{7NsT%x_Q)w`;s`~^}Ue7*OF4u;gX8M43uB;A*=pXZ&uRZttr^{ zoXyJM)q_jD64bEOSM_k4n>+haUSv)%>fYMCAdr>|5$sGJ&-E^x9}&>T%FKauIc4-(uYr2ims*Yr&9jv~qY?y;N6U&J^nWav;!!dzhX~BhS?7^1ce@FCeTVCR%r!#D z0OHFZ!@z#V-zKU4j4+1top-PL-@|>~rYdHa^W{~FNGdADT(BRK5r+!zl{(+(&o!hQ zt}_OXTLaNl877Xo|EoO#vA(X6G*xs^aU;}an^6)!<%~B*^ZUO4Xo9x-vDt{?4>`-# zxv8~7r*g>LTe3P0Yk3$f*Xy9)xQTc!VR{)B5g`n|77z;lu%EjMGC4zkD(>XOZlaKn zBAu%2Pkv%Km{D^u&BPXE0{*|k4_BP<5_~l>Qb1x9fOkyY;)hKR`a|_9TSJH-LHNU9 zG_t$WZ11pnhqWi8s4o!St8&QoA zNW!16Io*$AH9J^y)6~@DzFc^<(ihjXaBIJR{bO_U;}jUVvZ4K{yS!rw$FbX)HX4{! z1mk9Vb#E+eZgv@Jy7bgk7Ar5c(|t8puO3L3Pz@d|Kuau_09)g?ZNEi5tPnExIg zl7bf^BqT&_2xRK%*S~n-RYw&Y_V(vGA2+_ZS}I6A|MdIr_!|&r?jl??6>wKHKIbE!K7@;8SnDLn|6DJfVkQ$W{t$S1+r=2zn*bk(H zGM_xnBk69#xuZ9$&c&o_JE2fUle~4^Yaj%K4`5$a{c%fG)!v|?(M>^AH=$Z(MT`x< z#|Jw6@a#VVV?j`m3Ijo^38)TfMa!tVuvBf!ZW(q_pCn3<*Q;-BUQ*qzb)ES~FX;Pa zd8^dLRY}KwE~m6{Z9lW-QHl<DPX-&r2&NrL;$v%Er7OK$lL|E!23c_Dcp` zYSrD6cmUkb$KEsI#7fhVp^W>)5oK(dfHf-B!?uU)_7cG19!?aMP>t z@%@L2P!lwN?!sS@yWeiFf@tOGplT)t%cS7GVEFY({IjM_ z=6aahb=($AIG-&-wBIvKXrd|M!_O~BnEyl6GK;IEQIZ)n;*&p(G_sc8t= z1OpI4t!qr?YbpVEhdY$sXUTTQ=6Z7H3bXd9s?g(|%z$H+`gpr1gws?t%wrb`eS;Oa zM2SHUOhTWazhmna;+>UKwin-f#rG{Mp!7PL1PJmIkL`J6^P^J%u0E`lI>EEz_FrKkRDHU=U|M zThaTKIooJBl@dc*`dXsp+X(im>k|m5?KS8R(Pq2K8(Kec-NbP^*l?9vNckC5o2+uj zuuxfUW0~_Rhi^V;>$>XXH(`r62gbt8e{2NFZ;_X*UJkKIe6`&eSxp1oYg8b?_<0{s zOg8}Hbk?S8$#c0lr*_{gx`p|0U*36yff2j7<8D58`)yp=mj9m$DnBFak|di+TMAK2 za&D4^TK_Qb7xexz@xjiLnja72KlJ@<4|@4u+D^hpik|^QdS$s=pH~cI^L$EhAQOVw-h>`aV{UcjbO)G^&CmGKrU*>a9MB zg1sSyM%U*9Y^Wa2;>=y=?XJ}#&3{(8_ni2+*g|NlFrFvI>4|)>?lif*_)mFANl1!C zjc(mBk14%Sd16VM5!1C4E`6in(zW+k)S5DGWPMT6<++kNe&+L3Nk1)IBFqe_QM>Rr zktEKjTo^>X`qVyLbrdRF$EcD?o+E5tpH_riro}i`RS5s^_Ms`eAdJ7&!5qkL& z!z`(0Ll>LGE_D8^ ze@qLmdFq;m1E2WHN@v!n8@1Iu5iaM48&~bY1cr>~1!vRYjMIU&{2)emO6aw^M3*Hi z2CZ-O=6|yt{JRne?*(6tyQh+61kC6bu0^z&_}N;lJ*75ua&))g0{n!(5E}O^8HL(( zo$G#`#LstMLMrz?ZO=!0?ue2w?$z4vue_AdA}ouhv|sM%DW0e%atV;ku(8T^20!pW z9z(W93R&?A4GBH{wfX%t$1gLqA33jHZEc@1n#7~$-*tQq$oa$3A%r9yE##Vg4=e4= z>IEZGp*^8wt?s??*>_g9T=n`?f10-ONa$I|>Van-E50I4gmUN3YWDr!)kmCR55CA; z-l606gN5qNy|UYiTB-Q>JXpY#b|p}J3)akyy`Kw<$Fs@SBOAj%<-^nNt=MdBU<23~ z?~N%6*uiYn?2is8NAuJgzU;4tbm$G6^@jkn87yEoPX2C{17nytO*GnIxhSoI$L4=xr*KN2gRp zxl{*_<9b@sS_YG$#SdYij;>+kZ{Mt|qs0ONLY*+E-&y3c zuCuVXy>}s&{|FDe1x(Vd1i*r?J$vxfs3(@qYpdQu|0--537i}B?!BhaH~-9=p8<9P zgf(uV#ee@OF81_j%c#q~y#NC;nQ=eWLJ@7+K@7&BcVJ4FDl?UU-}n?oRK-aDL~9c|4tt%h^2bXkyrG3*vh9UC)< z+BO1qf{z1y<}+0y4h|@g0FbPhRM(zXrZ~WJebF;W zDpmo|gNA?5g9L<6GM=?F>2Ju=i#LQH)xw3O*0?D!WFiKr-nUjzV3R(U0l1o}I3qos zLh!^@wG46!u^h~)v1r3B-&tsHn9(>7bqBEr`N|E##2#{_u)V%ymVf*s!nBLP_GP-R zS&`wT$nrxsT}gp01U(;W5;o`l8hRo`s1@pN;o)k73QGgeo(mOuDUKd86i5Rd8tF>m zk%zvwSDGi2omamC8R_m`DE%L`tVIr<%wItpyyA6fy1em(|C?qmg=gQG)euGGRx7UT z(6HuL6=F+@nPyhj(hoE`d57KETLfpP^p!b0>QdzU5a)BmYaKugtyirLvuC{wMBZOs ztrO)v9~No^s$jiru~2IM)@D^N}lo)&E>Z znpEF4*+a_W16OYoY&XbD49!c<6w23@@b+y$qXdwWkDE!c%HfjH- z`}>O~gxl~m>|H#Ujh|Hg1r87l+BZQMKagdsTJ>?0_x<}L`7Nuy+V;tjR}-hJcHF1a zIGpska!$HrT!IqWX{8yJd&4*FeYbo>K+1ZF7%z;V3Xn7U1)JU zI>l8kb|U4t8t=`}tXQcA&lL_`j8y#%FACW*YPd%u-~<395)5|4|0Mq^3SOfNyY0Ft zY$+841YLWa4<+2MXIP(dJA8th10sJ4ilPR{J@~0uf5Xkq&E<501RR09*Subovgy70GM1g$-efk*QXRMpt)%cAd!81T8WUAR)8oMgfwhH_abcncm`IL&J-M z^=P~X*K_!0p#IVYUK7DL_vGN!Tkc*s!b6%b>EHzeH+uK&r=I+t>q8cA>k=P?cQk_o zOmd$*ap|ypcK#r95uhwSzrMeXrr5*#DP4@SQ*-?SYtA8%WovRM&(&M)85Y7L2B*iM zd%sp^6pa)gAEy`&&D-#At+KkU0A+NnyI8Pcx7%orVbDdK)m+X;{csPuxV*ggoZAoQ z23@BWx1Z--%B*e2^DmSR+$t>r98PeXL5&u9f}2JxOf|3SthcSGI}CCfhF1!00OhUI z76sh26ojEnGbn?4NDq>;b}Wo4zn8z4-{OyZj^{imP8~cpR2I(z4L(zAzuuWwavrV3 zMKmq0&D##e?I&VJHL8QS{&$n+gzx-Lo+YEJquLVU;=x1Yu1FfD`%QWSm^4CK)N$4L zjH_IXxiq3r^t_O&;TJrpFrR_Yykc%?$l-GuHt#+8o=UeYFH={QNjhSh_U?N;*%f0{ zD}i;cp@tbc^dtK!c_kxNFllKwAMgwE7-@oc=AqmbGY_CP2cCSm=dpVB* zn5#S)>_EY$PJOYb$SB{9ig6A$rslr92WPt<%oheLv&~v60Y&7aV}}(Egdvcl^}|yL z=|HO|bsu9HYYr!~P3O)C)SVByyR%QR4tn_v5+ulA>*4+IGj|pQA-#z}+wQBs3i^Z` ze+R)_0rTQ_qkSACaQaS3ug335NJ$y)dY%S6<@!p##eszcV;q;g`Exi3?}A?RoBS)I zk*Wu}iM@XmL9A1ExpA*tpY8t^#$@!C?Lj6Uj2>@*2%O#<{n=8>Za%x604VnS)o2Yt z`hBoA;SXY@afNeFPXu@Zpe-t;n*|m-8b>=bO#sb$Pw^Px4qI#sDsrDA#Jz#}_;EJ@ z)*LT!=zE~s9BofDfiNb#~=O*EIQX(_iHpQ=ZU0h{1 z$KNSgSiF>)>cN9KC$-g)0wAb?UpPjj)W=1kb1YOar$e+lTqKo4A{(APr_U5>C_XC4nlr-onO+%=U=CCK z#F-9WaT_1>Pa*y9fooD>y&ks6VYsVZP5#u(iJd)nbXRqKQ2*}TcAg(Wetvd7m|ysK zVP@v*i^_uReDVlzKb`)42Gw*Xv0&d#*!l))2E<{r(vv8XUA9Fbot!$wcmamO+g=UY zqmdqr`d!dE>j6228j7$4tK;$=Al1->oFM%Kd=zw$e)aVQr_-o_zA0>#>pGFm3nEzC zz#6rPE?boUw6*2ONP5bMvC(u%Y?lQijI4e6?>t26U+9Q3cjs|Cpg@u+N}VWChVbb4 zhJlwtPm!DF=Fok)zWP4D``O!Dw^T*F)j&?}@tuc%?0*EfU0u;u-=CkK_fg*V5Aa)o z3EnN^o%Ww=)Qil1P2T7;`!@DR-A1qz@QBBD!{x~EoQrmwRz6$d=I>%D@_}qci!Ay4 zM4G|M-w$-6Z&kLPwtrwQ9_$daqo{3$z$F5WeEq?bb7(;-J+OX;e42qZILR$Ksfp4X# zmc`DWS1z7G036xe;Ih)T;1$b_YayJWT(b_rE8LWH2!|_XzZaK%3u7aE;tDb5V?kyA zW{xZeU8mqvE2oDh-4A&;jjGue3tF2$(chxPd8Ha2KoY~Xd0jKfeUmjH&&&;h*R4%} z1SFvAmgyVOg~u_(BrZ!=|3@TZ8KbR_{rDuXwpVkJp9&`TYXpyeOxNQFnZ| zntGsLvQJVy&uy>S-OIyl#Z%WVgDWnZZxz*rG2&&oMI**Ngd=0Ro^M%_pWj8s^hL=Y zIZ6;r;Z0N6KXNA07X#0Ib!O7$9Bg_5TiFnj5eO$|5G)%8VA#lY7cnM8Mcw|b@EGOx z?a;8Wu$R)0-VI2`=MoO#y%4KjJhC`;SRX-!GRPA;mrU;4rW>pu+GVAJU%q}#-RAsy z9e+yitbPo-hrKd59^fF}?VGDc;>3K7cL{Ke0C6(@Et1;_ZA$;38<=S_>x1U7Wg?}f zl1$Ziom4o*TN~CzFsxV;Eb=`(W(#)4U>Jj&{^bW-(o@gh!r5>8xQMmhr4$BMDr!0> zd~ig)oCA92#LaC-y$yN{o45Ot4#QRM^=XRhg5;H`>oi;o69Q+tCIwR3wpIds z6`5fG$Uw~3a`J?^T1MQ(iYeiZ?Dk8R{Ib5&4vf%oI^P2SNC(;3L%RHkK^}2Pro|hu zM)eEOO5_9o{b>g*B{bU~LhVGjxXpK%q#SCsZUF5dfC3_*hBqXADDzy|%k*5!zBo z8-gF;^TWcxSP%VKjjI>3RinT*V$AI2{lM^d$Pa|!C@EcXewE1m_m(|Rd*!pO&zg`< zIa{|FQu+|jT(4B6&+NzLJx;L4y9n2 z;@%dqyJ4eY(IGwR#OMMFlc&R}7z;1yS!7zONnM~SbeJ~p?N>45+iaU+$3H#)tAWZh zOS|25()CSkXFqjoe+lX6=x_Ln#^(Q!D5x0WJl9pKDC*xsbc3EHZfjkyUQEV{=S?L? z(`hW3|9J+%WoW;WrrgM>$iA}9x+X=LO(H~1Z7+5%a@Mf*Mk)k*RFF*P%9sg!8Sw*8 zMYA1z!#=J}-!gM@VhK}+!e7pq88oz3r&oZWoUU}8+WK*5dbG%Pv1L^2#c#@i-n;Gm zPMQRS(LxO}p!S6^c=ycsxY~X$khp-+HCJxl5hW?ef%8gZn(R$5k^L#xDCJg8uxLV+ z?TvA>Ij)XREjn>po1?{!{gdT}5iJ4~Q1i6`4l6oJNYqqExy-6=2M7D^d zhe?)Vphw^;cqSlAK4i1kaq2l6@lvc^e1~X+ny1ZD;0NX2k1qzO883r+NT^k44}Z>B zX9Em~i9;sfv8=F7E+`_o$<+p?W;GvNsHq1C88R$xU}r6X0qkD%pis8zhN=_TUA34dPW+*}eIMAi!@R##UhhC%vy8YwuC%cKQWaH`1=rD7hZBCV!D zOA)Ed(Fp5sj(i*p)EF)^j8aomfr3Rzt5NZ5u;m`2^dN%51cSH zSPgm>&v8u0lVL^A!IBv_EDd)_5Uzq3-j^UA6uRPK&_* zjJO^Dh+c%6CL8*A!bol+UhjJeU*~trH2?Ey3=C1|#wg)ukdF`p{@=Hi%345o@8?W> zG_}kBMil4IJ3L6;;%b0M$9h?b`+@JnObe|w41d%m1q3zZA#axr@PSGk0??adb6+2X z50D9K{B*2QR+9*Re=DUg15(m8B05>lFaoq#f2okv zw^9dB;J@55T~Xx!8mI*eFh`>>9$akD@)5Z9@Ooy1z_Gv%sx2>AM{0U%w>|iPhsS+1 zSGgrRNs2F12A&S)S(kHl@6$2=MNR!PsUf8rOK$5g5Wi#E(R@5>2 zxsRqe_(Hh%$44wg;bhF_-o|W#W!k6*6Hpfv4|iJwjf$9+H=K!z)od?k&}1!)@Ced$ zpg)6B92tpvyDd*t^03CJWM$$gaiP{^U7UKpYhT*xNbsZyr@pZi%pbj&@7;p^sbJ&gH7ykduRt33DuW$24ARW2iiO1@P4^xNq@S-p3Et}@v|KvNwe3rr?6qMYaAB$3QsF)UQ`6^qG_5R?Y1-!%Cj zIV;Jo^#mU=PL2$n&2cbw)!+PdF4es!%EW(xL$cFIWihIbjGNEz8MA!cSk~F?vdzVe zYRy&syt1v%(XzOLV|Vv^%dbT;Zu}(iD=CTg;#Vg&Gg`~=XZ|DhE#VS~b{6k`DEIEa zWkMK0Lu8Y$)w8sN7i1y8(06kO)56|S`n~6(x>2pW*@f2R=-J!O=XV=#@&y0Y#Ea|I z=~0hIrz3neym$BmT*u41w=H!4F;KV&oo_4z;{GOG)_@T%dNNn>&XX$gzDn2QIUFL# zxMtCa$ePJ*TreEne8vF`v`V(4;V1FSua^g zv4&4q;2TtuzHH=bW@_h4&GF2wNqkk|8KY`gfhBxWPl?j>BKeWrSXJFdn#6IUrOPyfxf}+_S)35r6Rr9V( zR$ABGw~selTJGT@A&|B2=MqgPN(zOeIp6}T>2}8O()<3Bmp!?Y%N!sh*XOc1G9=^M zaR-i33JdK|Ob6TUB`eU;?4`!3I3^3sh_TYLUKK4Yp6_sX{YbJJC0zaWaeZ_bE35P0zrL&o`jFBBV8 z{Rmz%;2DHc$RuoPt|5R8u){nd*5=a%gaC?Ywx1KqEP0okJNNy?kDX_cRO)P5QXn-s1kAV+_#zZq!j{9|(tpOva;!4jllXj_C zI6K@VoN>LJJah?eNPe`MLQ!|GhPW9qEp5CPyeeaXv=l%XJ#KAX!eVcBns@wflM1#cH6D50>ty3%VI!t^@ow&^T@M)z`6q%-y=WYqO1lW z^6(S7P*|FJ95pr?O;kMqNfziBivW?WkgxXe7ff7>!uR%Et`5tCUL%+vC6wU0tmY15t&OtCpo3 z?r@)+=n;)VBrXh`3!O&LoDTkM-4#@N@_7mmj@$W7I&NKnY1ACgx6w)~f$YmeGDCOV zClt~9WlN6@3u}y5uD1qi?ST{5NYg$p%@XDA4U{U?o?Dr9=oW?`Z4&7hdnUQhl4Fuw4=fA6Z4nM>qzUp_TE z8{Nc0^z;}Q7^v0g(ZdIXVNSC?oknnPwMTzyryh)qMgS=g3?%dtUooaAvELyib3dk0 z$&G69$1Mb>xE>>3mtua`ALo?Nbsh=bvEFAeC{^K{2m^mV+nGlGSTSGf%S!2r6fd^)dCX(gExEBY;CHX$n!b9@scHUH@l~H zYBmRN!>DfYe5YP_C5H_7ZTX&AO=jVnp@Ys!CBL-#^V5l^j zb4A#Q)|s>({m`CQt99{RA4-RKqP9%DRxL)L`RW(b=)|W@tO6$_b^Ryk$xx52#8y=9X z7q(}Ye_hpbPGm8|7(2=J;zf%e?&`9lX4418qVpYfwR)$>PWkMrr#d+ALM`e}0$}hl zX#eYZX9Q&ze0)lU9~nS}y9hs!q8h9LF}w68tsg-tAP$mtX)1Zz!W{`0 z1R;4aUH#nDQ)@D!1Hn~5l$qX>e0u?t&m?_Si(9qD2>!S(q z@LO*ziDW6{L(GH@aU84pckPr`I6G*@YSJaIqOuk9=?$if5%WxdYzGl?iv#B|Q=#@Y z1Zrl8jco_Hi9kXFJn>K1T}V8i>s8K0gICrD02hAP{_~Z%np%gQk>G9NNOC`X@G0d1 zi~#n$3>V7~!$tl!Q&%1U5U!0EGFj9fJ|ve+ z(CbLP1?|y+j3fz?9!Q-)3`t??>f>|Q5Zb9Aq87S%bBWvdlGtI@3q6KK9}TXXR(%u6 zlhH*yxojxD>wy$jjx0c$9t&Ep+vq=lDN52zUSK)zGI-TDtK24JWvhJ>`@o9zc>~P{ON$>B)f~6b(uP$j znB$|OCWZV-@9tBKl=BD+{_1? zBh%@o#oyiC5jVTjgt4w--)=-Tj)D3TKB8T~H8&K_#??8gg>tP#1rdpz&;Babdj1=w@Kt zYu)yO*F~$#%Pqk?E^+40wCXj#pk)a#A~qCUxsh7F7SZO`)&l5L7>{K4MT$j-kofZQ ze>GCHh-0z1@hfoidhgCYTHngFVE<0>6Pjj09G#hkx-s zf1K_V-PODZTG=Sk$fgm!8hY*Jz+(vq2Z#5xIh;s;d5k)qCm7%- zg?5LcEIF$D0HZ3+zQ&vH<9YaZmFUg^xAW%A@rT)xF9U@$&PN7wiF3+zA2Bpt4j&+G zj^>epe*cD-X3v2NE?s;EywsZMpA1MK1Y3?5r{Lpm+=p}}GpZnG)GV;r$E-x{S_N#1gDa#Cn&a2+)?z<5^V)!)}oUVpetqgtxq z3q;^I?%UMBmKj6~(QeYrc$GlJN2SnqghU$LF#>4y!yuFgr3Xkh#1~jQh!_qmy^xcCV4}eS8f4B z$84@=M=20?k)u}WIa6)N2s9WZ;+Mn~c3VVb5{b#7h4`7;QFjOK22XpkE$}Pxf^h)_ z#ai=IJ6cGDa_0@?R<^e#La`Km!>^|4{ltC4(n^{&_merD&mI?1Go5X*2KJ8m`09{~ zet%CfUW)M3**>SFjD-yewAJ3_<-r5H_$aq-VG-fB`JXs&4%14I+HQR3)zd?vTUg8- zdz*BD+h64@yjFWYBJB>06c6gIn&VO7a9hQ8Du!EsFIhDQe#qidDP-lSZ_zx(^vlmD zy0_AkCX~+&LuMh1q|dbTZ`>8I2}|9Yq7QS35Aj*_20R@>Uh)kJaTWc^$5e7pzVw#f z!=~+ymCZn^a5`n&-QDd@JbhVgc=h4q_9B2fkB(S~#o&EES;$_Wu6GZ1bv`PvIah#B zUmQ3ynabH^A`2O@hCs1T2mOfC94@t7`x2S4l#~>-8QN+pd2IHYtwbXzI(Dk<28-lP z{BUSm{c-6SO`Vsi=1u3S@aQb)@R^-%0n&cU{*d5xGtcu+GaTizwSo^wM0EOgssZ_j zIy*btUX;T%H#HR(O~5?Lp&7*+75K_^d5;uW)Ul_F*D>%<{9v6w7io9zsI{X*L|udG zmX}v(q^O#DLaDv>eB+llZhxK><l?683r)r(`S|%WGi`I_@DII6L|PrWKW;?I4r@d$Q&&^@tto+v z61lSceZ+`iJ{D$Xd)8B;BC~Q|e+s3yu<>mZ5<;sadBC2QmKN#rXB_RdzoFgd`Yh1q z91L5s=ROe*PMxm8>)1}10uLH-Fd;Yiag^UNMc|S1x|}VcepgX1`?<}KRprjDU1T+* zu0GOS&6y+-)7@%oa-uWn0Ijt3febnbt!Qp)@)7~ZG3bd-97ltN!vyxDa^W6VFreYL zw)SCqdfHMxI@=??w=apOc>O_IguLq$f($?6!&z@#il>-5Z^=lZybIM<2KW$EEHN)^2JwIDiIY{FdMNX#1UtSrr8$diiLg7vAKrc?%(rm^`~c>bfC8s`S`KK7^_ak zXy3bPg*(VU@aFH7U~V#!VTXrN6qy_O51+B`9c#Kq^i)l)Xu+2O$BJYdcm`RNkj@p4-*aERNMc1BsS@+mW{K)-($s*T1)MjDgrF;PWi@6 zHPU#)zGMVh*~YLh)nOMif(BP`KIGA?)A3DAEG)>KLOkLveRF`8salVm-&&O5<3ol6 z(ur8$CFlKI_A&xGp4>Oos%2_XU74VM&CAP!_dzf2Ctesc?3B0b*gxmj$9ML$LtNIM zz@&P|g+W*a9$uPh;Ms`hu=$$gcHuF>+F7Nm-M+*o z)QDUl6)mu7dngkoD=aRas^6s`h&(FCL#1auGS_LmApM`+_5Pey^1bh(@*}g}m(Fgi zm_U9OL8|cyCSPcMketNR);8r0Jnt0wIag;pEKHTpQmqonM*C56S(rij`HrbfCBo8g zm+SNWh0vKED&lM8vVRx-6s8P+0xF~`3-;jDhDDShI7doG_Kide@Zm4X$OLza0g)9R6C(_2 z7gNT3m}Cn_{>?f$IUB4rVePVz{Nf1)SDAdbo3$Y=S2u1T417?USgqyr7!Bps8X?E^ zo~EC1=hS3L+3!q;nkT8C$kK*|IqF(iMrqVq%+z#1MSypB!~suL$k_w@M+$YG(&yM{ z@6wyc;+;})?aEzF(cqO8n5_1SpJ%(CKLp{@w?G2c{*y?>fFttQSH@csE=!SRcM)Gp zTzBu?1;Dnx@mO}>H|#E9Vd3v!W94)``#fiFnqm2YB4yT<2wh4FZsBcTZB0tF4emXr zc)N?4_T=>vb7QCCbKtNQXGrZGC%OOLA^P=Y-w+TT1RNR~tM{%n0Z_|AN;?%j0*zqnt*r0oXdPV|HTkGmuU>y%0t ze0yys2?2Q2#A8rWAtEY($Y6awnk&wfZ1Q`1TQceDX3X`bn%jvTd;V)9K?sp?zq0yd za(&VCr*gl<`7si#C&TS{Wd}#cp-eGF#7(v74mzTRuC2YCnZ#QpFvFOqQK`de&dZBe z#p24XjR}iU@Kk7!-^GO!c$O>@-&o*&U`fb*66|&7Xb1vBY8QdP_NzjQrxngBNYhdJ zSVu-Y1VC3SE88@+N_se~#i8JjVLdjii@U-G;t4q^=@dzu`H6%!L->+>B zkYU#)dfHw1Qiwvi=yAFE%wanV8%Z%=W4`?KUg_mXi4hYHZA@SNwTA9+oP~ktkxg9A)W%sOKJkCHzZ-(J=iG6l zxyw6VcgBmfpCQ)wPx&}nF6WyFLHzbiZC7*VkfoIsDU_LQ!9>N{TU0B(r@j`~tp2^~ z&Xzm9&sHuO@1aZ4ePg!h@Ydzg?RK{Krs!Qhr$0N*2IGZ4lxlB2OIy^(E+s`iIf=zB%9+5N)H z$if=eY{c&VBw40bW-j@oqrnB@zso9SGP}zmHu-$z3`B(=r zh{w1a<7-B$*5lqQ+M1(`bxSO&`}gwK)$HJCeY}WRO--e@-2#isGX52b+If?N75Yi?q zg(p2cX%Pl3gTr)}yVBo&7R&SvM$?=nb(|LQ4f2e39!pzW6Hk?yr^8|76uQXRxgQ$7 z@G{$xJLk|8gHPb?+qb`*-mir;4~r+}Goq2)e31fKfb zXQaY|FPTyX-L6)uvY%3=BoEQUi-zlRLJW0rsbAdn6(zOs62OU+YkS=lnu`J$Tyd2oGYC^fyJDD@=In92&V(QwftbI{|c zQ+#^pNP*Y{wYYq^o+I;ppTLV9JCK$<8B`VRE{?8M6_GqArd+Dw=v#KNPC~Uu{6de5 zJK8re9u@ExMJe8mb8CL}f_v*nf@5h?%YxS@_EJ!kxmj3*hk`IcHpLvqq8FEw;fZPV29vKVS*M8!bwc#{^L;M;&X?0+-B@zg{ ztq@q^7Vp7gpgr>H-gEhI)kEjZ{qOlj*-JoTxWiFqY5)Pf2ZZ!KP{CO*&Y3*ru~vHZ z*6nPb193R_&0eCSp^*_U+~(=~<`Eu_1+J{V5MeaT-%9O9p#~Po{qbij-scVRoJ3`q zFDgSzUP8WVa85W$hUv=7_6MH&G_Mo{we8I6SNVAY60yQ2wxY0QzBc7$<&#xK zhD*CIqjbFf_&}@=U)#U(M{GFGo&X8!wmb>#xD?rHyn z!nmIdJ8 z3g>KULbQo1HSecZYBnk2LQkr@bCB2H&C3`xID`_MW0;y8zJJTEtY_ow=CkUDSjTS@ zSBOqC3$Nf)bvk*!Q!ErrnC9#)&4+8)+nlnSkq?Lfz%m$b~)e=aQhZaOWl63`f|_xpKr4fQ+pCuCD0QaGqlD zGgX#ivmrqkD|MYRWk9{jTdP|acXVr(n|s)OU0)_Fe4@aP8Dbur#>UV!=a4prO@3uz zi#dcok@_MU>3Brqr_ND^fr;O#y5rV9=l)D@G+<|q)$;B$c3TFKyWO_D9S;<-c{TQA zt||7r@jY5MUWj0>p*YejN`1%)4q~p4SSfur)Jm-S=M%FyZ4p7al`vnJl7IZrb#$6B`d|4Lt=pz0R(bxU4X^FKgwk?XK z@sg>?boa+aj-%)u>H9z%hOg(rHi>H|0&Ha57|JrwJ4E$FN*A&a2k&8HWLi#jqHt{P zWx5jMD_>B{P~UIV_bLi_xS)3$ORyOzp#}xe3qTv9y|s zpT?u)sPy!|US<+lj};_6W~3msp?Te@_M&}#>qdu)`eUa>T?+2!Gy#Qr4w`X~h>EB; zTMK*lF07Ws_YQl7e9KD^?{4h4bff%gu1We-ajLlY3?(&(RMYamlb7|F=6NiJgK{)A zMM=Ek4}P?W^t<6zL;5nIApyd5m6nYk^SlmN%c+=1*w$Us#YkRbeC<}&W|1P%6K@R+&$v~3*MNi0FG1 zS?hGVa=7x9qBpG*6Oqcfcv)^;ptj zeyQryW9sN*)Y~SG6{#f`$oN-zY>F}lo$H62Xrb58N4rLw);CQ;BLA_q$RW(*&*l zr@Ns{G(A(tQoZSsj}aS5fuWDUXU_ottIi)+tZkZeQOL?KR>e8?MPWM|e))1YboMyN z{IcEDruM(i8RXcy`h8j5{i;L$Y70`_&Gof76`B_Xr=~CVBz~{UFIYZmXdqi}| zsGlQOa)|6xoOWhzE`LNRn$DA&C1m=d9Q;mw_XT7a^)Sg6oGjo_sMBH5` z2J5zBxD9dbPwmmp${+nNDxyk;6h>p^^tLWuXJy|nYE)>JG79<7&oVZUKtN^_MiDP} zZH(TD9~nhL-d*@qFYRigLs#eYGWQxRSe+m9N#lGR&9{`lO*QftSyeXjA!<6Umr*}7 zNW=B8qsMygB%g{GHS#MpQvM&R-ZG%7w0j>06a#|>5flkQTDn6dq?MAA?v(Bj3F+?c z1_41D2|>D3Lb|*Azs@|r_rp8iW}F!gXYYOQwXT#vx0&-?`iDW2<7iJ?7-rZ%u;Rru zmY>gp^|>uy=}9Q+f4^TDiZ9-a_`vz&+oHX4+6CWpj|Ki53?}1m#89oQx<<=|bw!33 z(bAn6Ad}QjKIr=ITEV0t$gyolNtA(b zPHMl47TP@$lk1*&c?`$@b}la@Obo#$t&67j7~^FY2l>C`@?HFC$#?TOXDGZ)@4T(R zvWa-K>~s44<4>AtV}p-gh;RMgJ>>cCu}3ZTiJY$fR2uGY=R)6S?3~;*B%E2hFGH(R z22iloiZZIzm5Zp1<=PWiAW!U>3{ovru~3elsLlCr+^R_Ka;>Uu)Tms~*; zBUfX}`Lu58mCW#1GBygI%c;lAG}p?LFQ1?d6@)W6!Uc+f2^?|B_2-D7o9KdeF2G%K zWS$@VYrH8`CtfHk!#maNS`Ko7PV=c6$A}r%b4IOwd6D`n`i2I#%hSdkzyMr}F%CD6 zM`W0<+x_*rOsV<664%wP!{1r;~%6pILs zM!B61(&i)>hO$37i$~Gx#8}TA7ySjY>F@E=pB58A_x@~c=$G^w3AVf+|8s{_Na=qo zJCk68zvoDv2|JiKluC6=kIP}3*qp5NK7XV!i2c$tRQK6aiMP`Kwv)I)c{0C3oO)87 zkU+@S&@kCpUsw0p*0#s`s!*O<`SdRj8Xk4)x3CP!(Gshu&+w6H8B_%cA9MU%-fX#B zneyO9&mlRinMp)PX>X7vB&>p)E(R3RftHXADoU2)lAi$Zzbh26|D6lHPl zJA>MfCCcJ5)fAsBvW14>WIv;tnwnml_{o2;+&$kqKnCMsN=1QUsyy`?uV(0RmC22o z-c^2-TCEc*xt~8S%}}|F`xfr-pv(fkZvi;m{A&Djg?2hqhWV*Stg zom&0%0yyoLAA&L-;ivvm@;Jk^+6oB@Orf*;$q+1T+yW|!5PpsK6$NNr}^C3eYPh&$^_|~ z+jZj02P@X+hhmVW3H9Y@h(6;V?=Z>5gu};5KD7Wo3J8Dpy8&&4L;@}aQ_XUfOqsxn+Dx5=DWY2ez8?SkMK@0Vd7(-ypoY!!sEb90oHueb~-Dyxndq|o* zHI*uT;G2@iS&%g)GIp?cgseH_a|B_TaTwSa&PX#(3$_R(RFv2qO~A^EiRL5i!VW+B z{_5OYUK8P#81?0^j5=!rS!5|eDSy`FC?^{2(fRlq>dty=AvDo5#o($nZYbx+k;O=M zQS>IC%dQ7*SBw?VQZV!11HIXpXoJ|hT+8X=8|R>llbwMa4fhDVr(#Usic!@XT;ia( z&1z|14_IfbCF(=s*WZ}*I!VQ_Iy&WR?6-e;b;wmib_(HW$xA-^U}}W|Myp{}cq8s^ zjSZcyq!e_=UC;oz^e!B`j200RIpge%v(s>c4D>t+1%=Pqf!osQK*p;m@lJ2=z4d-A z1XQCO&1rqk5G zS@Q9YGRUn_^BBsJVYF;^(C>|JnHPS*X}eAi{;^AFZJcayI6tJaXk_(Y=}WoQpXREH z)Nr-!Of8>#4-Co9<5fny_U5yQ^$vpJnH~BIfH}$Amf`fBPTlO@>ik|49_J~Pa4piC zc7{3-|IWbX~}G8*{fb)<_OFJ*E*P z&G_>cOT@9wCfq|TJaSDz7kf$nFqlC-ojgaHXyG!BS-w!#8`au9+jXUQIPW8|M?nk& zquJnXPc*ztnOOv~8UhglrAAkXXyKrg6n>c$p5nfW=L zM?TsZldTt#f|NP&CDl+ zVhf^3t1K6|=zDvC!5v7z=dLvSJ=PZzGwkewcX>>6adIgQ>i@O=yayy{B=D0Fm|%as zC%3docIb8#Sg%cdwMDqi|B~D zdo+u^NpZX7koQ3cBvIWO?$0xUaTT#XYAw}4xaf+fo#Js`)%eorB8py8+>h^jqv2}z zr#1~2jClma(3j~SiLVbA`8GE4i!19xiLhFOP1tZG&iOI%J6M?~>UFrsZt6uMvU_$9 z_qG2<_e4H;knt{zbdu1b<-7uttRsHTxP~k)>drV{(5b1Zt+H#rC}A-Zm$YGNyyA+X zkV=@JTkCMYxoU@dpTlt;l6!`sqXBv?rhS04fiKwh`0|>YPPKAA=tG9#L_RL^I^$?0 zx8^SaAbG@X;D2*{9*}RIoP2pQ>w3IB-2yd3d7p9~yF&Sc?MCJ4>1ih2tEy^D^$O~b zH`U?-nlGSpHdwJpRW4mfENWc2)+Yu09a%mM0}y}R2`vxs0^@+#b~=?GKl~(;GaiH{ zww0h`-MDo)G1ylRU6fQO$E(BWR&wdI*K)u`L%q6-t~Z&v2U)MG zb*?U}<5>mA7a$qJc!JX{ni7=bk%@!@gov-b=p%!pPQAdh(*xR1_U)rRJg)m*YqNc+ zhNbf!#wDHzqWhA`9dmnod-C$pPjg{JK7qRPRS?VI(t2B!n4G1x^{rncJwa61d@Jiq z640eYBVk)>vxfo{Kz3Su;>RNOw-?h0%FXE%gIWJd@^h0Xl6nVsL<$L6x8cjuuKt_R3Xm~u5NAgSRAhtiSq614({)hR}M@bfJASCJ%d zuH8lG>N~8DMf|u@3WW`LX@G*=g)5_q!SB+{j*Y~lbq_ko@#*d{M zj=Z)i;}PSjD$B1ygrm$Zts9d}PubnP`R**Oho61_zF$>ay|B2LS$_wi;Gl_S$j~cL ztYci4GGqBJnU#v4O$IL+Mf9^W6JDR{3nGAr|(p8|#?l^>=(;5~&=x~;w4H-a)46Bk#w zYqSWN!*Y}3WM?|VV2obmXn${S^rF@&=&62)d)v~vZnYZk2iG-H7^~_I2fLh7Vrb-| z`}^NZCvgd%Z1WN^%}420a0TFJB9;z-_Y{S}tRVf2UnI^-YqC#UN1*(z6?rKhDQi-foS5>Ka+fd=4nO*5DXy?Hr`Q@wclaMcs8a_)L z+}v`Fa}vWvvmOjNlJkdo5ujY0Us}?$*)##(Z*82h?xt6Dl8eP+!XH|;l_e=&iVbeu zKp$f%gc5?_wCT#(-Y+CX#y(IyQr<5PPG#Sx6-y+zE^ob)mR<&}uoKG2 z_Y~WWfjVIcL`i6h`{kR9;Aay*SL~acJ55d|TibqP!GR0IDl2u@Y~QR4iL?qImUkib zPvepNIxgMZ4;tsn@6CN&af{Yz_%-;k5B{XUG{m`RO;_TNj!7W#A6j`Y)FzcAe_&mz zsK(*?5;0^|RoCVe@u}{L93Ae@E6dB*%%*T#$AcbQwpyG6K-z3LjzA691PfI8)N?6b z<}M^a*WWb4`*g_t1!Qt-^~&%w*&j>t5wK&r-ynfT49MTxGT1^hlZY$E#wJqB$X~Ek zEL%Yh!=6x{T^3U-9HR*B@^yMvYik<@4o+gQFl7d#qW9mC-|#e?LM-y`{$aXa0vis4 zqUUO?A*c#!IZ+oC^vc_oZZo89XWtal%79GjPD```$cy zh?XwW6Tf+NWv^~N6$_awjM|HYcXTi%IG=@?KRUfQ!^X~_9#f1)wy5x4j#Du-q!kM% z-=n1#H{ryYCtDz3P)?&2`yU5^{I-~)=EWmWig_vI{>fWtKT<4+h=|~{-M>9zJS>>@ z-tbf8bDmQfhV$rR!bp<)g`nyFX)a=Qvi+>SkJb4RB)dqxGsNV3#vcZKQ19Vub!(VV zeRPcet{}&}{yD!}BE4maVm$>SjB>8!E|S+rxh=VggA00BZIUkXmoMWe1dV0ma0?_s zs_7T_?cXH-&8lm1WTbAm(ky5M;UOe+b%Pja!2q1!?PFu)9rX@#Jb9h++S)o0BrP>& zteO95oz*p>orv#{9mc`a`3;NJ;cA)@lTmq#eQ5(!U_zZv*4nQwPL#?%f9cSnu)7xLfukCh`c` z(DesV)-F@p?xedT1s^F%NjH|_S6}Qc1_cd=VwDES>?2Py#-5^OPbM)p#w8t@S z;Cp_3UB~}gVh!mep_GQJ`*gBi-@XyT3H1d)5Xc!OtY2`S ztw8iR4&?69uo#|V_0rQLt{f~A2B3u)tncj#QrCil$hr&tN&m)@5{4iRqt1V6EoD;+g0TRUI&^GiYBGyG_uvSZ5)eS@OXgkZPq}*r-VKL? zo}Y%(*>rDxAFX6C5;N)TldJqR`YP)~m%xrmh}|M^r0*#4zSjH`kXGZRW;8Ht<{O}{ zk5@kcx0&90tKZ?X*B+$8{#Y=BgHkI;rV*jBV3X6rz#-~pw0-XZ4wAt}4RS2Y**@qFTAj+GftBKLgWtok zvG;dNPZHEh92~C6Mbmu}3?mgb9BX(R{0-gNlYB`H&*483fJDIRVRW%MwPaP5?qQkC z-@~M%F~hjBrBj=E-O(bIjzVI0q!)!Q!fi6w;r*mWBnGo?7AyyDalavXdGGjmR3z-& zwwE?yv1PjDYo3N{m#1Un_kUv=p*U!8{QR3n=MxMk=d$1Eo#wVbJzAM?aB>&CmrQe)Pvq)dn_* z+BhzFqDFfN5zV29Q);2FZEr6YU9!(o*-zF}i_AwZL;n$CZ<^vP{}vJghfoZ_Ka6IR zWAKC!C`Us{vCcaFkWzyS)vW8qBP2-dTJ9=oWE|+LiGJ$cQ3-F^At=fQZM{U7V$osm z@!{cOfklJfUNb7KYF#WogE}ZU5R75EV^_3((8}(ZD3g7!>2mj_A1w5s4E&apL#ZKi z6D|Az|GVxUsaf?iZrg0{xFzG%$kdM|4MHL!yF)U}h*I}V9d zn*Gi1ye0ed`B#l+>1a(RZ!68{_Ozs*>~H!92NqKroGDwVHJGlG3hp700VP}`3s+RM zq{ggG9t*t+mF*p-cS5hB;B(%DYm&-(h6~=$v5{Pz@j_nfy8!8pRgok}6AH0yqhq z`Rnx}`yX?Twy4p0d%X?#8Ea=5p;7_%(>1xr?ytJtaN_VbIopwN%jnuv!+NX6?f902 zkxBLPk}I(}%1nK_6e#d>o%zJS-$y(q%%vG#1p}%YesOm^Y^us>_1<{AT9PcGQu}_J z=(&&XcOk!U_My!3{cq}~vl1HD7X-3hG7rOW0TjiZ-xf#>LFBSLIoR+4mt{F@eixyMdi?Il? z-!^%A=YE33N2g<^PT{Zt2h|~z^w1uQM%l8%bMb`Z@|W73HMZ}VU()~su;l;b`|)Lu z-WN?1v(!f$p}pQ-sQ>9)T*f0%h3 zNvpai^`fx5f8)8z8UlHJWTG^A6#N>PZFFQ3`$+IXA}fI5Eq#v8wpd( z;ou&!kUrK&yUtSz`U~0A~v=qsv4OB2{^gz>IPsvy4Y_%JE%LE z;kMbBjLU*rZ}=lZGSS!OQwDZ>b!9aiUCnN!1Xr)?|Jz;8Zk5LGcf)JEwctMzd);la?nt zD|;O#yv+=GH|4!kIRB$Q_8;tzP#gjV@jMTEQ~80JMAr2fJ1i_IqY8$F3jU0Oby zTMtyqU4{^&`L(BTet*4jBENeuEGQzuM8b?oyX_C~=tsGwe|Z|$?yP0=JXRxXwP#7ccr-IY&lOX1rv zX-G83e3kV)guO>beu|t|om5Qry40gkttNK*?@#2{W`hn$%>@c88GY^L`oFDulQ@5e zVv;GdSkV6@B{Q1JB!CM*0qcmlLoy1Cke`H_aX5Qumy3eo^;RH`vV9xJ(#K+ZuKwipj}yLAWL?@r(yc<}4cNDlec zr)*jc>6^#ztNG1lYvP>kcR&LC23}dP6CeSDgOtea>{HSh+kHsvrn@xw68<(GwyuU7 zBR0?|FU_A>gMmCyL;t1~G{Cv4jmQ}@ZZYuWG(l2`Uyxrm2&U`UtZ=@3IoGA8UZ>KT zarXsLDe~$_1vU}_M^rjPn_K|cv3(x3(emb+*B_UmsejC8!<85tk#XE;Ie*Hin-yNR z)cl0Q0Rf>faVk2WT=rJdB~$^V-OV%zC<1L z`M&=$Dn-DT?Db%!cmH}dQH5D@3W_r0-&WT=4j#bx zfH5d`yWVLC;`%b|+<2DXcKUjM$hR?4EL7^v@I`mrxk7&ha@vqKmp@f|*trTn8;(yM zfh#=u#I0Omu2bVFJd#{Z#Gh@9P|!bo&J{SA)s_3IPPSt`iU#5$(Lczf$o^1byz|&C z3Z^H*s56N8+TA)VIkOx!1sQoBBtBo(Xp(?=d!_HIJ5Vi>86V?cua11Qw6oKPaCb;6 zy6+*wfA+*9p4EiW(cjoyqrt^bPa?+ZZ2u*22jWqm?>r_#_)(>Lyh068*uxvmme76KcefJ-Bk-6>d^<-rVl4S?E;UrHyi7a9N*1ZnBPkOz!~i;D;ZK$w%@iBxx1gUCJ&cg8r19+iGD zJ{NHyR}m02HP5_h|gT+b?f;K z4i5gC@45=(-l3tE)E7@C$U-u}79-+R04MUa^HH`(IWtW(z5XP=TQ{2&6}TOgXjArQEi;@W)zHq%$Hly>4p(TTN>Wtdk-a)_e}vR@8o~B03i+iz#naBAaBD!oaV(c33Igr2Qv)J9mdgm`8JB&w^_cnQOhv>5 z2&hZ7UqTiw>HYin1KoC>DNN6};j^>bBQ%REDS>)z-JG{k@0wiLuV>z8u^0#k56^te zml0U6ToH)&+C(k7))I}?Nv|2et$*R!u^RG`TYN))wYSH}W{G2BVrr4l z$@iSVRpN8mF+-T@K;7+IkU$8aDlnTmr$&|eya~`>)03|N4`3wxN7g_W5}jW#M4+_d zghxc2EoLyX7+<0hyB~9c4b#Bf{N1$`tT+yo_eh5D^zg)8Tvi;MbUj)WUMlyE_kwgql22 zs}W!R&Gb)%5iIr1Tj0+0xnLy7kV$C(w`dsmPm6N!Ie<^gfW93W8o+ z0Y)Yt_dBgvO9Z+$VC>TkXnKm zipW=Sm7cRemP6Ro7jiMs?)M_VctFULYVB5Lrn!0CuLFP1TzF8=DTL`M*N%Zjm|CG2 zMF3{jis-MP;shOq*pNQm6Ru0!EnD$u>fe+)e40DkpCDmR_`SN*Q*P6ckLy zLzdt!An6h(HJ{RKucVVqC{;{h&RbzhjeK_=7F3$?r=kYqC`5+J8nc;*#uxqVXqB zga*>{c`@Ne%@FkVpFF_pPLYAzE{?^~Uy*#YNHrww?VWPn4(&FX*j)Q0xZMsmCz#t@ zSfT;hELessgXH?NZUxMz`Hl$CZ$Bnc34Cx>qClIHUwU{H*cf9({I>`PK8`QkrV=d z^q_=6K-Uj%zXRmrD40em7X#efikQ*;q%iB2!eP5MQ_jw6GB!YVo(*CcJ@6Ig<*28P zq{^=`0dPMzH8JFbLarv&FWDsOJ9P(NJ}hgVOEFMzy@nqcELiCS&b#~ih}qeH{wPDk zS3K#{K?2yn*ZpK?sN|!4hIM^?JyhX=Eq0>Z86VE0G^m>30U>}+d$4S}SAGM6eFbtr z?KY(7naD4Hy^DU>Is6SB>Ep+b;M#H6U%Zb*8BDx#edT<(J@Z>=`Y-}hu|S<{r~z0j z4kTckq)wi+TnR&3XXPZtF?M^1<;@JQlkJ8n&s`V!f>SulwFW#m`!us`0&1vd{*B6NUY!9x;3DFY(k77apUn`Gbf89uwqCrIE0W8QGop@*SN z2sj`qrdae!XZoj|cZaM5p1k-^w&#V^k&RJ`n#}Lsw*Blc!X9*UWgmjSx98DW!Xu}Z zDPKP`Jv9}}Vf%DLv1Bo3f*&4P2nk5v@p!X#{-wRO^@-ozM=q{c4#hJuT0wk+F3HLX zwADVc^>e&z^wDt2Ak-+>^S}F6%k_IyKhI4mH(XogAD4?q6}*--L-h{{xRq)hV-74n z5H76b?ILg#^;a^}D=PeKdMm#uA3gLZAthxgp(`UJWnpu(@MR?|6mJdLTMB$T1_!W;Jt`r-^kdb0MGmI#P?_ztKActg9sg^}e!8$fis+Ly?+sex_-4Q!p~ z|A-Mf61eEUB$FW?kC%mn6<+ZyH3y$tQmpbrrnzkp;*XXRWZU_-T@AOhr~ylQV@B*No&`&Zn0f;?V(oN=1D=2{Xk`yL@l#4BrPlv64)FYJ7;J%30Bkhc31lVB34?;7)htvTWFQcnj| zeFIXbroVqhLw-12oPxa{S|`&0PR+l^W1MDSRQwP!+kw!blB-OdkxK8$G}CHybiRNY zLQ+jF@p)KfY(GsIUUhR{Ukb2Ba9|JR)mq*;1iEIh#ta6(x{khb17^qO+t6QWKD1jJ ze`ZRZ^KQ8O6-d4+oa1e>qzu8dDe5i+zk@S`*~D;`@1fsI6%9#VQ{Pw{%0aq)7aw7y zhc#7D@a<60`=u?NBui%Mu`bmsBFA_OFW*xAh(J;u=yF87{R)JZULEN{{-b903P1xhATPm{6hfeRigst(;ac5^jKKE7nIHs7OHx@SS``tcPw;oxQ1 zoO1W(AA)OA^akQKU|q4u$(EGN{PPy^!Fn`-ac=t}h>zA?ljGx!?FhuF=njj_=ed=m z9SiMDBpP{HzkRFHveUq4_~3c`j2jCdUo>&DOtfUCr`o zsm^fmr*;8{HU9X-X*Hw24ZH}{vXe199h>UWzrL?`p}{!Ia3Fp7eQod7RO$3;gQU1P zN~$8=NYyi*Q{N8DF6#RwN_kj7=Um1GorSUvgyIu72!8qRJIo}pr+raI8i8-vX7OH+ zt6dE3>QRJGrbM~&;jiRro&YCtcm||~wb*RCO8Y3U8CMAF2&&b9aI;B#~#A1@T;va@NV6yk2fc*ud81hC_tCM>urbU2qYs|M~74< zigc9ZERkSo)*p8-qfJniqr5ctL3oSa>@?o-$tQN;7-;`YTj`=J3bZ44OkKjW;l3`%962 zhuiE3I6jxn)ItqrxGTev>>%MGt~z4{aHs&~`CE1ATR+;Hp8 z`yYlM%+(rufxBNDD&a5sTdCLCdLQA=2L6JalCm5&U7#=%Y)}(D@qcboOOO}ceL9P7voZR$ zpEND8@pCfp2~4KrCQjDo%iSrf(>V-pK-_UPra{DQ7x^J$27oSa>bW@<(^ISfJi0|; zK@`Zg=W)A?g(O%xu&g6Si+qKG4>{7G+>$OH09qDF_c0hY*K(^Rw1yk4JHn5SV`Cpc zs>b>8M&IS^^4!{**w;Ic9FH#vK%tkTdh+~-(a>n2^B>v0FwBuYo|12-3ITbU2a91+ znNPcEW&Wq0RZP?FLc@8*>LSyrDfLbd0GFbD{@M+azd#9bt zoZH!oudJgK&HfrVxCF&l7!4JZaaUSsT~ziUoVVzF=aKhQ+;j(QyP_XtSVm++-=h!0 zW-HI(6=qQ%k%yb%+TL4LQ(JDmfoHcf6 zb`Oz36F)*jz-Wa75hefS;y`knGXFLDd$V5mm3s6an6ceOe`7SkhyO{=KGPxJ%Zq$|*}^JLb6*Q+}EeV1Vq{5`+^w)@h5 zsvSCwqUcWC`)Z_3)rH6f7-63+cbK!FRV_4^2_uEu-EWyr6$PFS&E>v}sFH?Qf6&Ix zjpQ>5Nv#%nhlXODAFg#R_aszVoiRP*&SU%S>m9YyWu#GRx+V)7PL23y#r*EEp~f^r z#sy0njRq9R=+GR=$K`Q84g_(+%+0^I#$&}9_G&rONfWTlgkfTWwr79ad1okJL8Uk* zq|L1xP_^-&_UHv4i=ehGwB~4is6@kki!sIRm=o?i-K|O1d`lYT@DCOZQF?o6Z$h5) z?j0TuFOyIyeSZNzE>$=nTCq{4h+wbNr$8o7f-a2mKTLa$M7W)@lX1`QPdJL0Vz%DL z=qM-WySB`3WK_%*+J=416;Y$D)iwE&2``_%%&u#FNcW;fx&KjAg0QjFU1}Zw=D>rp z>u?rPTEjxd=;*wj_lX^>4^Mb?qr7xq-m1}>hJ|!(D1%0a|4foFTS)?g|EUxr^}_My zZ9pf>&#Sg}RmzB5x$LXF*PP4Ig`YEfY=tYAbw(#+ct=fmZn_Co?<3Hh6xU;_p@#GL zd06OYD;`m(-x7bD{H>|Z7Cg{b`Y4vYJz+3UM+Y;5CWT$(=ieM&LH<$( z#>fM^&e%LEqf6BKx`H1EB3v|)8HI6L*W<2&;()~mKN*7k0d)Wt7M7rz8jF8@k*;t?2~4cVg{<@|ZLw_pf@L z5rfocKa_bAP&bj&=+Oi}CB9nEe=)3_o?C$Z1{LQN_Z>FjbF{AQIESq64BeOL5m7wi z(T<6Qi(3BceS6D`y?%+tNC6u;pa6>*zWl=#;~zR9t0Y-ah|)G$w3 z^=dD<%)4pp4{#+knZ2CxQp-e<#cQcw&8Me+Q?XgZ+oqtZz9x+_xlg4AVk9?S5`~A6 z9uwaw@oBxE6xV$j9+p41+35y!woEG7O2^w0GOh@w8qq;HSvtXr$oCo__-`Lkq*aZl zr>dkxiU0H@_y`uTwW)?r#U)HB0OKd~)-W0z(?-nRT%BmtU2OkF&>o1@&tX8&Oi9hU zeQ|g0?GKAF5kiqO2sS?48VXRLIoe5sHGt`|BJFT>CJLKUeqtRP8~f~Rh4bO+Y>b<$ zGxoD*X8Z*r;YY_NN;R5VuE-Q5_ho3l5DDZ4cq(4gyF6L%ZMK>r%3tsEESm{@Y@4H+ zN^?|~WUb(Wgk$-ke|#)X%X{jqtctRr^J3S&ikLs@I9=mAVb)Y)s{k6uL$q)77~k*s zIl`U<%kUaj^=9!OQGWN{A9)c}_=?G;DQ?oBvf5O4&^2gm2Qb^=s)EFHyo|Nw;Yl@# zQ1CPE&L0eoFD72_``&>xla;>~IYY&toP8d<265Y)mjhP`$QA*=R=OJ@j~v)LYu@_F=Bwla~LWEpYfz{|Krv`)IZYza~qI^^c9cV>7u zCoABgZtP(sNl1vsP)HO_6S`gKJ7_Llx49r`+lS)ijPt9}!?l;;qqop43xlT)+_$!Q zq!q1RbH(YDQW5z}<6TJH_CgZdNeZ8M{x*o)mIYnTE*UZ^mMSn_3q#Ob(`(N?(=$k2Qu6JXg1O#BEmIB%?(+k2XH~YV)4&xSol)HVOI)PS+gW zd-O=JZ>P}&^_}9k?~RR(*L8mWq%U6g=N3Zq2Y4#XtOt`u2#!*E+CKIU^+jw>VWXU( zCre{7TyPxthja@5+lp*l4vz2|<=PkffF9gResEDv{+I_p8uLqCh|5a>a}lBMrh6!) zP#EtahrG^a_$~$cmgUJV(hD{=A80Q4yxw|0vMe0j0RtBQG!dKuozBh7?3wEr+xAQ~ zqS%j4r6TQZ4!sHr^IUld!t;QYC0=TNB#v-*5L(oCbp>gVFfxW6nJDg^Xxw$Y-XuVM zfR`?Dk_>Wg`I2Oq%JsUk9|2Y%S8c`7qE77B*l1+s4hkwfhSQ)fFjy=vOLu`r-0eCL zL00Y=EFiDW77!NwtuW{>X!)`7jNi%2qT$@rXx2q0u8jI;By4*BnJ_4WGY}?>N}^lp z&jdTdvycFnrve?CZYyC%>`7PORA3;YkgSexUF!P$;Kj|wHeo{wW5oPR`Rxyk>-&(@ z>{BQYX-rSPsy_pgCx1Uu{3X=<>E6uL!`mV2-9S2|1}TL+L2+TTqXoS4j-~)HZr;{# z7EK8}<3Nx?=xj%dI}u!GN-zW=WDYe)t9}s?of>u%;lC5P96i}*Tmm$fyD6CF?*RU= z7{oq1TH6cK{4=XgUH$IF-wgbHbNjyo5Y`w*9sW7^A3^g$A42U3zApkcm)jtx7)^Et zBL@fv+oHN+!pQwP0ff-}CjdF54|0!BZMFveLio=j5otWz)3pd~{b*mK?DzL1wi<=n zC&kZNg+%3GYp*$36>EthTq`um-Q9~FxU^P?!mYQyutRzXAUzn(vUr#0zTWMQV~q&F zr^mo}^6un0uh9e-9p@}SvC8#UFF%&3HNo(Wa9JEy%sJ%lcxMIRTW@bFLzi1uVv5`R z{O<=aL=9$$GN`OYW(0V6AnEs=dBd`j>5Q&kZAD;UV9=Srl4xEFwU2)~uqh?cP?V#U z8_fY*GKZ!)|L^-tc{-t?yYSRJBHADl?V_Neu06DF&fLC;Y)&TCRe!}@2zirc11p|`j1d-%HV_1zdKCMqcR9R zQZ$|F-ZA$M$}Z%Sm6}dq!GTmD#Wh}Tz<`GHp4V8^{gh83-%GCE=@ATVJxxdNZEhW}?nsVvGbX#};ke7-zmh{Qb;Ka4$Xyg!=3NVfG!Yft|PVr$@| z-K$6QD8C)#l4!KJAQ?`3VE?0&32`LfCJ}+dxPzCRoc#4wKnD($O5{&SJ6+5q55By@ z2Za}Tp`b8~MyIBmhJtScUe5=yTiV*LEc)q4ChrmqH72~#eE;V9dgDb`G;OL}jCmwI zqNlRtyGsWtm>z7tk-`!44X9Wq!#^gV=YL=4CH|}XeD7{=B9|DHXi|M_K!KE>xsz$` zT;&3`?dRLZd!<30b93;Vm_fQ!^SpN>qrq~B3zvENhlF`;ow&oZ98i)n!smbqcYdew zda+;QZk}RB_U|iZyTc3EFC!r!Hz=Wi5YR@wd4rVQt-zFfXlQr-UDwybn12hF$_#j# zaOmYZuJ-v{Qh*C%0>KL)KTF`NKrF!gmn;Fmud!K7{;FXuAow4#J3m?Bju4EIA@3hw z?3BB0sT^N7B!uu2`i6useEIU_Pg(b&k;dn}W=E%!Et$N*th19zR*1R-%gE1DO&gWA zb0Du@LxS<@U=cS!6d9>CGd|{u2(~VcBMhjh{!%%7sO#+8jN`Xj={18#1VQR{Mbj@A zFl4`889Q@usIr6*UJ93M0=O>@ntU@pP)C_gm&Jv&yR{x#G-S!=4NmT_+^~fpG*Qb7 zGP}EnshVkmNYFsdf@rmcgeoXNUWWa-`*e;QnzD0qHo|Y$ogH%{ZemyG9Z3(AYkLvx2#h{<)lj64PqwzW(PCD;H<43n zw&ChOmb&>&GLa+M`vLyK&Q4#Zm>eQ75(+LY@`bJPWM3A&;9KOu*KPVinD#;fg#wQQ z?bRyQs(1_%zThXJ%f!Hcq+%>bwrP1K5B9|4f@H9i_c+2}A|K#H5%gGO*`BSJI6PPh zgit_gU*B8rYt>!1PX4l6G>gr(Ug+>CmL$^T%D+rZ2xA{_uw}lb;Tm-3kw&(D5%k;F zqF_KM9{96XfX@Yv0FulQvI*i87L7yjd|AUqgULt?Y+T@J+|5@ony%zU%FCld0!vE( z`>dme^9(2elz!^tf_5J40_zn<36 z{39xl;e%omU?NIl9c))kRJ0g%$L~R4ZnDSx*4A~|({Vf%fnYKoR3Bw#Y- zfR3t6H6=&jBMYx)aM1AS3oDu_>^UCbP4-<~U7lSY z$gGW(@I&${5^#rmM`N=v@MK?IEQIjSH+w%A&Xe=qU+P-e-VO%t5O?ILSN+d);dWzZ z7Or_1jgY`2)c$@^y)B1{c2r8Ot?y5sqxrctnIGP_(wRLV$Kw}Yly&i6eS!?qSTvHf zG=S#Hbg$vMO(Z<6Fy07DWX_S^1^Jg_g}VjtNyDvg(%yrdC%E|UI{{4$Fn)}3H|TcA zI?dnucPJKR($N+4)Ih0E@D3hokN6eH^?!KDegzLKG&>o=Q2h; zzzrl79lJQ}&7*<`Vu9zoLEnzZ?9GXQyNplq>HFybd;nQj-1%MlZro01Rxcsb(|Cu> z-QB(D6#6H`5@g!G7SWKD(ev$>je`kJNB|j?_tvLXqE+!X25<@eVZ8}GjbBPGt!%zjfIcZO>QTJ+H;gZXlBAk5Shp>dx3GurxD5&28f-+>IK0`cw z=FPI`C|PEX^z)UFE9WZ9D-C!hgvG~;-#=P+5%~uGorwwM+S%4kU!VA4YCWAHm|SG; z(a8=|Um>iWOS_-JOE$8~t-;UlDy}19Q#4+sgwXK)`uEYcDsr8O-(A5msn(`ts3ijS zb4Z(~5Raj1`Ho4}qy8zx4I;V|62kQU$kbz=K`QhFsYuP%FfRU6FavArXv>cs9;MG?r*R3_-zGe5V534Vv6Q1D05F3Ruk6^MT8vU>&^9$PxlCK zTcQ;$yn`_)hn)j)(7e^td*C)$*xCw8u;WqK<6-fntap7s8h2xfWV18#RU}A*@tkj1 z;4&e82T6zj+AB2l{a5@(A+aP^-LFc&SP6HY2GmY2dee-}1udK*i^nThsIv|69 ztig4umKrSwR)*$^g6ML~tEZq?ke-E?{KJRZTlu(fdh1_n9vvfc!B49=czAe=4!$4n zk*G^0mR&HNfMtfBLa|R<6R%V(M-AGkfZ4KPBh+C!G=SHHA+&11^ryYuSAJ%-FXX2B zW4Lg{%!1egX2HOzq2vNG{j<~a@x)ETLY=;3!hob)gFgB6q3I-fY?=WyWn7BB{}EO2 zpdwsM)`E`b!&KRli4b^@4+nWrGYJV;SQCTRA5AD`hp#(}2^V+8l>CaOOE^23HGvH9 zF_WPz3H&^z((qCw#emw=Q;q~)LKhboC^v@WTMRrr{k^kmH|l|n`AuybH}k<)&Xuq4 zZM?hwQZOlH`2M>|Lx65n!ads$yIQ&2Ef1<0Pu`%IJg0m?dWN=$!&G5rd|T`PmcYp$UnDaJJ{owz;ix_ zRQv6>wzUfMPniHf#ss}oBd}@Q^uVU&x=q#-6Aae^t1cuW^tmT+U!bBS?bF3$YW5er zAF^I^O6e&>EUO9<5vR+$om%*jcTyF5CiRbWR9tZ;-FpbI@9!QSW`ZJ!h}#J#OZKIr zo-*Rf1Cjor-0sQuSPOtT1CSyx3VUUq=)wd6}OGj9v9{*+p>@94}w1MloBV96u0 z-QH{{7UkioFNsTNnlTlly{VaclCH_##F6+2#kXH z2IPO%`Dj#rJV63W8Wh=wzi+K^G?e6}gqL?N*7M#kw=Nv_=7nqeJPzMO^B(B*#!Ibh z2Z$I~Tr%#KH(zoZo{NfLB~+vCbD+KJr}-1qgX`*0{vFbzs&5lh`VFLQ7gFuK)zL5* zAhCO#6|eJ3cjQ8?CH-)pH*U|V-}!EyBU`v^REk7zgNbfKsRxLInXCxpav2l{ zr{?D@TsGU{P;~M4r#S`5n-qbOqA?GMYb|qZaY7L4uydbo{3CX12Rhb||9EEsCj9;a z8Gcx>F!E+z&y>q(sQfTC`!GFeFCWEjwyx`Rq7Z{m&;-p!Ktd72jyl&x6# zu%P-!`MBWSX0|%(e7A@wG=Ydu%&SYz-x87k&Kqw)0?HK6X7OfiP|sAniG^P8|MTD2 zcIujan?#szK+P(EO>dUHEOO<;P-?R$2tFf(flMZuM+=PMuvK}Xw*@kC<%BwwpTklF zxwkKAX(btGKZ^kM`z?Y}dKa>_Z{N9X1@P13JYiM4z0*CN^pVjQS+Zg_k}Ob8a#svj z;1}?lT4d@5kialEwug!n!39&u;MsMnmYIUI0LoR;_A0lTgFym3%G+=y}*LPPP_Cw^VJmCLa+K69Yt# zjMYCn8x`g~EhJRH<27F_?V>RlP;N=(;z*giaX&9z?zZVqq%e)AD%omJg5p`UAOjeY zT%6YIO|ZB8ck*+^^WxN8lqI;LY2T?Oi40_3iU4rf4*aaZtYFpk4q5-fPjC_UWCFl ziYU#LP1mJD7)&)*x(B(7LB0n}WU0{t7vvIV#SkKtVbCZ*IH|+K%NxhEWfIMx-VKzq z*#B8~>{e5QUhCaQ{2>?oA-yu>q8Kez?DU6aufKW&6r)EjR_Iopx#ur zNkVTA)En{FGo7dl%gvFw|L|eD$;oq@oe9D$U9uDWTTFy_cx}TB*`+QMvJL-_uD1+} zvJ2n61wkpLOF(Mq5|EOHA%+yByHUEkRFIPHMv!ihE|qQp>6Y#oI`^9Azuyn<-pA&H zhlh?M-1ppTUF*8e^LIWR=!y|~TFq*XGo>PZ;IZjRRcD!Qx90#2EznMk28GjTv%O*5 z8jy!oIIJB}gWi=C7z~B!R(@=ksW1S~YPh!OT?k<20^5@D{N}3XYQ$9S4QF-O+3sYu z_NLz@d|4c*nsGoIXVQN9yHm6EBC@-t=47e%5J)6g+1-_&bK3`%uK)ENw-*+-|8)#d zBdqM~$N|_vGXDn*`>*82Jh-ZDKA!pha0)O&TMj-{Ux^qKKdl;(-B;D zN;%vojK!WrMpB-Xb;62k1vltIinuG@s5WAGIji{V$(K+w*hdIU%!D0v@shg53vI6H zz!J`1W*QBpB9k~f&g1eA>@d|YZN_pLt7h7hO@`(@NrthI$0vEO8d4=Hp3FGH#v6>b z=@-U0l&Twq^uOLM>jUC3fD#;A#3$6=tIE!lA;k+2*@#YSxeKCSUvJ-BKIu1S}?*6XFG$2Ii9tS`C45+g62nt`}(gjE9izAray z_Di7rs&Wdxt*m{8gwokJ+R!NSeL-s>-D=nTy(3>%Bmei5%l$hiA`(8+)bj**v>44b zRiCgkko9nt36V-1nMYA0>3C0EDj#{bshGj%zQvFE1qKYyC-5nQ@GHm0uL|>4bVjPe+yKJGl;5cGo2lCkMn!t0=`N88HS3E; zio~q%zS+8>hqCEaa`gvfj-$NgDE>TrIO+0>E0ZkWBDd{PUt~8J)7$#mKbuRqyI1|L zYpFPlz2arw8b|k(nCds`fZu5UQc%^mmzP91zdJ^cSfw`Lx{lhB)4i!Iz@s?dU+kLK7UhI*dNN`(yf?h5hUCV_Gn%2k@KykRD-b4Ju0jz` zFcB49yo*vXq?R7i`EIks+N$;8cZ$BW#Y1! ze#qY;A|{gukPtA;=1TP^-M@)mKfRDo?m*&68$6q{&|3^Kmh`+?xB#NliGL!m38W_p zDVp{bCzz&St#5PwF3u@6?Z?I!^LWp=SyO3L`H|LflDU`lwPcVIP?bC+sc?_A#n~|X zn1@Fuz+LVck>bcV5V1dfB@9$og+(2A*`sVPj&ZS z7#J)9NqUXr!izZ4=#dP8A+T{U8svQUE%!?PU|aq21Gg^)Q<`}S-g96-B3ieulv+wH z)^zI(w%~5zr7ixYtc0$vi>~z!PRmCdB9Pkfr*k5f^-_iEBShP`R)Ol!#0D3eo|yO_ zZTs&5*uS~hOfc{y&Y(8pJxM_AoSO><88d$>RZM|*sD8%v`jo79kaVdA1k8YbV)?}a z06Ty{mwd@h_QCsOf6_#F&%G}Q68XRFJ}!8 zTiM7e(R6Tg{08t7EpJYFKq>m@610kdY)t|f-w{ISgQaE}kjO;BWrMQLqV|Wy5|G+w zoq#TV1h}7ntdn32xG%lvs$8iUZ!=|RJ+v6Uqy$gwzXE}F914mdge?dVlE6W!5afOU z9rRm}Ns*H&V!pME)WU1>z3!`|{{yg6urzpIATGbl)^sQ!RFH*&s=W^+N>4XmxPzAi z(V7Vs$t`oO)s*qIrXeCV!7ru$5dt+Y09xkj8GJG)=iY}1^LD90W2`T*xes$_d_`n_ zXzb5|B&n>jold_j{}awfJXVut|Kf`tff*FYHZyGSTE_sUUO=9S16#Wln*eC4Y|PKp zU{Q*sQ(6u#|N8v!e)@=R(f82zIr;QRKOq9ckq_KA(ydoSKmqj#DB#nVK*J=CLCu#C z6bMsaqOyU+jwl>^d~ouO#E1c#^Gr#dFKG33vQq{J+arbA%X_JG)C6o{Azh<1tIQ6C zj>b54hNn}5zUTLEK%_aCb;FHVT3lwFUR#X?CcS9=6kJf?S>dZq&%>jB*mbyOmOfOw zG7tf5;h2C+m~CFdJA0x`F4%tt!kLdIzIj+U4Gob^*7$7G=+u6YS-O858Wv_U1eiyS zJ~12x{!z`%R(aGQWfSOkpg^4eeyNHZP~9zR%|U1d@cu@F8g0~lnF=&7s;sWKfZVrN zbLl>yxmmC$lH6i=kP^5!I6zBq1ppC2p5Y@74i1onWU02X+7p$`*fP=uAt^YLU4CrvB?6fPwf`JuGLO0 z{R993{GLdsjlWD`1f28}Ks(o8Z>XHBI9JzlJ_|A|e13v)^@qh4R8Y)(_$T@48QD|~ z;6ec_nKZDHHJp!#lHcEO0KJ|hsF(nCISc69vR+U0F@gzY1~8qE9pxnf)c9ktt$-}_ zZ-_=M*umESEcpY!wk^U`^40;T{r;A_BI<<{P=^Da2J-Tf_0%OWq5zd$;(@R?!hZ#h zF3CcELQA(tpEVc}Q-TAI_E+!!7@4e^q}&XQ+#UuWUR_+bV|m;1hoXnxo(zy%+#Wv7 zSGYqCc(^+fj)}qjN-lr_Ql)_DrXRGBxCp2`#UWZZIx{oym@L4pU8Nmd2z^L6$;qBR zq|W}_v^dPlx;doFXX43t9t2pJITGWEWe$$6<{haM^OqMd`0iV~uhmOPuFjkP7OHTM z!~N3)gO@gjM{o9eW}MO4wf=;lJR=bbgsqC01Aye|!5k$R5Y||sqGA%}sHfEdry>2q zF7P>ltRuNpUh7|fRzBRQ{~vA-nWNYFx+9Ag_;CnZNV$&q_y!v(SON^LOhtXN0Qh07 zN?vm~OHdxHHd`|cY_op>797F*h#1ff!G!ah$cBIcm9hA_)7w%l zM*zhuytDgd5BF$vH2uuU`DB(9jUvLbi-zBvh5nE2t||7h~F0?^~#oK0ZKeD-=#>(Ua%TR2E@z3yO<0~jcKzx2KaCc~o> z7R8Xz(2WAhw)HExWlH8;t+#T%-`TTw?bjMNrVRzq&lrR(Dg_3FQ$@71B-OLbW2UN8@d`pFqCDH?{osSRia5 zL@ZyohMP{i8;ZGyb0E3~Z2t|O+;{Vo`6GNmpi$)j&U^sl zE?KWcQ7Z~&fp2Yf{IlEbq3+JU)U`(J-)gX#zB`~jikdLR0V_TbxYhu|R;GxrRYFhj zGP8Cxd9^PlJ5rBiyAfX-D|KhEST`DLwvn-b{f?Jl_%P0^P@nAvCK#SEAv2!FHyUcG zuu6+7u5$fWx&5YRTy5VzePYtjFP-7I2M%EFjWzT-oB5wJ+yy{tPku($7QgKYbh?i& zNuXw`xG+&*wa6?x@9BhE4{!x$WwqDcf>Dw4%B?_K%DL1F&I-MtZxs=;^?PYCF?;iE z5%NjwM@PRN@3+N#MQiES)VoOj?=R{S!jsrf0AI{&J$c6;*qC%`?FPU>H3aYhL8I4^ zo9k2kqNgUA-^JZ1WtHFli~lpxY{wV73E@f#eb;8Tkecw7?1B_*=cl_hWj?@VvL?HKm5)PAT+n(x5J5)jONobPHR)?~*=&J@5E%26Xjb_x z=xl(wuh-cQ{JNL#hc|Q(mr@`F-eJ(&VB^@VMgtueT6jAKpaW~Kr3su&p~h9CT0ez6 z7$FvkCnh@?9=xK81QawzDUV_xOcBEGc_S_2v7vVvkb;gkSiD(QCYZb35Z>X-7}De3 zrgxGPM^>fAq)bdq(r2o@Gqi7lBqcz*m<{|mw7}zk99NL@R#qCNqf%ig%=ZWSw_}j8 zi9y6_R?S{4%Hv5l)*EL0oyy*x(pLM6$2qHAW#dUzLDA0s@@ z1mpQi`EnlW0OukHx&y$C^eaDNm+eIy7}OlE$0IT}O~8L8TR z#18CwvNKM`@jxH6Z@jhgD*yx`i#p(J4yXSsptOADy%7bV!P*rHiggD&K%U)d#SaX> zr8>2rviz=N0J#tsbeH2DD#0obyswEs5ppuHrwzvRnL!}-Zf_6750fdT)h+}293njz z)Ga4hfw0*|78qXHTwR{)Tpa?5lVv$#aT18ms#7PVZ=Dhqg^dyP3BVWolb*>Z?K3M3 z>7E^u4w(Z~(UbN!fk=;^I&KV-`T>0cqFE6d_u4m4ZKUQkA619KW|O;xpL??$ww$YI zvD4mnVsQmShw18}$yqp!IoE;2n;A+GG}i*d%Cs#sr10!$BOgxeutwRzYYuUjkf9~M zR4Hb4BAmSIk0lX4Ot9}8Mme*mPThbYdc~EWYxY+Wn1FvS3QMyb15u6ix3`E?GR5*a zU{Rc35C+(cm!Rt5+)e*~m_zDz)Y^Oy?Oc8@t@c}4*DD^Yi6>M5&jj#Xo}d@_3l;O< z{%V|YBN&U)0IplNa;gM~BP_%-AT;zB4d1=+CK^DPT>L(NA)l^~lJviWfjT5&qY?u9 zFKo0F)_Q&BdATgUv3?Cs$@cz_Xs75U2{;UZHRKJjh7{DQf`CKdDEw~g*sXcCGW4?PCxN za(fQ9IX}Dtvw=AP)9G!WDzEmudo$~{1xA`i`R2eNM+r(Yt5eUIoGyhg!Kgr zLxgyRS5Wb-hOOGVX0ckz@+Z_QE34F?p9m{Q@r1`6(8Yjk-UdQo6bI_FwW!B8zz(zw zFdSfR(EIP25R1KcJC1?>vIhykKKR|wOJ~-9*e-o^%<}tMU(d&}YZD(86=iwqefa0Q zHaD~S^UamdH{?PNR10lDT)_jvGP8YypL=+EA+#Ofwint+K$S9HBZ2m*0hmWK_4OfW zjZVhv$8h-gB1e}zK`xk16Axzr`JCk24;Tp~nOu&@z>SVDDfjKbJN|AyCQv(^nXYwy z3UIX4U}BM2rpx`l7f0l7i&o@r&9uq&5UioZmc!{5U{xGUKE?;?nSrre!2j7?a9_;% zP_v;{t{3za`+oK3$GaaYBjGbO7S-Mt>-H1*s6SUPes186iw9C7WhW;*a0LNH2%2Yrnw9den| zz`%AJc!^W_^7={hv5>mO;^URbghOKf|6gyFE}=Pi$Nj7gD@feJ7?$Ek!?_?#MQ_-E z(du4dfgQ4u{<{5DhcH#XsQSK2pI7Mz2H~)8bM$$?EcU@|z7)!WpQKg5>TN6*AnR?$rf&&3v{0(TuuRjPFS%{I>C7aV(S?ny9k zn8s5QL_wgB`ao$E0k2(783;qs=d0PB5Fw*m9BT|f#zV{`zKGC#iV3hiT4*IM^?*P_ zYO7kmlU1{pxck394`6g{`1DCldveab?8aN#MFlnKf5nq{mmdosGOiKtTIww zWPgT;sH*L-WUDD%<$n4d^=+<#(-cDDx&{&h0Lmr4;_b)nrMr>u;mQ_qLzBP*`0L7f z^U`L%lXVHF?sxaIU4#ksOS#wiZS*MJ!j-;Huf_*j2_LjIjBaB1G99%DiqoSkqO;{7 zRSQkE*sZU(jBf)m6CHl_D+I{JTHO++L|>%$szj$?YDnAusmL{F*OFrrMl!YI63GjF zV@BDy|0#jYgo>ep$s7)0>S$Bkd<2`^=&o{=55i0gV1GjBvYLStvnffnnH|5<(W`a; zRf#CW7l#MfB)l z2b?Ky`7J}v< z)ik_gC2{#8)#=6MNysoK32GMCZmm#AUoVFCO}(mWcKp~z2&?=PXXy_|rmR9PT~D?6 ze$;M=aJCo@W<8`te2yEwO^7JBJ_ONY%g%lOnn(}tqPZ`{#~LF`uQjPZO0bDKHF@We zwlPygbVIm{7@bGK&WGo+3gJ2qpS0=DcFX6 z{n#IZXt4uw*IwcFt~||2C{R=?o1S}v9c(8^P;I()*UO^#N0Ek^Dtf$dO(md0&I6-B z^rPO#8kD8P)9=Y8ao{#}*6y_;(J17JxkcZp`=F9)L-&0B`kkzrv=t~^S3T__wCsim z(W~YlqPf{MpD5)$SBi0J#HcQo^P?}@zBAaFyu?5Sf5$k?MB@X;Ek;NRRrC$x`bOt>6B^wn z9IC63Y>be$2|76Pc2xVp6JMEB!pZmH$#1lYeNB{Q50(f1WyU+<+i@U!J{`K#+rr&q zej|Z~gGBAL*SrMIweRdgv1Mp~&6xlB#ELmh)`Zd!=Fp7niI*Gh@pd#fU<-{}3DEV85#xXU?@^3hk7O%L)e(FN)KPF8z$l!om;_x@bNXu}_CU*uM|S zi~t%zQ<4MxUdDV!KPp+zAXe?>m%q=LeR1;%4j+M!Klzi?5J`5E1N1dx0vC-}ickxD z%IVNfKsK`^;ou?9t zcUAoz!6%#Pm-fLPZ*}%=a4H}Fy>PRTrRE#OC34d3xG1)JV{1<2VdIs)aDW;Tu#O*Y zqm+F+YsgFMY4y>RF{I4#ZoWo@QALhf+*}T&&&0qoTs7QVlZp>#;{e)jRP{^qr{AmU z=;mqcf7u|hCMs6P+s4{pCyji7^jn=z@+`J7i)L#&Mx(U{o9=lbQ;Ef5D~Hp?ZK*7k zx0h9D3#9I29Eu^q1px)Mks(C=lcSW>dxQUOAC-%KnbZAjk$`kMTrSy2SB;t>C^-IE zY}%O*WonI++oS!IUQApQ{jZE`>=FkU({#V*Ge}5S^{P&G1l7@^edLn>_q{`Y z{U270J%nYbKQ|^FO4c=d%l)iEOFzmZuC)Bhx+h&2o?RM=!kH>D8s<0D{l!v-fbs?Z zdgWfFtD&3*BbDGkNinK==*4%F%zx$_MpF*zvI>m!dT12rCYH)X#$}4#647h=DzRBP zY-9&luLj-N3nbUpZ@H4_9NRIb8JbXD+vsca4!ptfzU%*o%?|_C!ZPXZ2 z#X*=G?*a`$|42=`h_BH=iFL^2-8cooL`k-L4?V`h?PUVT&P8-w^rvi6dc}hY#6@~x z$}3~xYBYGNSA5hH%;v<-t~rsKNLHRi*>&zn$e3tz@pL5mof(pxFd=!|M008}i0dh( zz&?HKnhRQTdIFiEYvfo!y4j|bUBs5sM!Yd*&bKW0-|4FfDKD*yIoM{tr)9WV@Dzj{ zw2TdMcU(?wpgm$RV+)UmFtP2Gm0n2|@nNg?Y$s+lz8`XM8|X$BYxj#)*H{`a3C|xP zsNR`P(N~@no!R-<@lPN|ySeNe7Z^R*=H0A9jbr&{0hNK0N43J3ZwCfQ+mTILxIRV2bw2%e@U@+g z;|=ZSi{c{pHtNTG0s}lk`l_jZQ?hSbWQQ|7h=_2If^}nt`fe#B1JkGBEANRO84u$0 zmN0H_Kr6&z;Iy=ReuVAB;4uyamFMsaDv_NrUrtn-#Id&d%lTg#AmHB(fxk~0h#|0bpd%{i*!q(vSykiN8I-iSq;wm zbB5m-wMuh(--amhQ6SpD%DuzdJul&z9MOe+Vpp(-2>KfRA|BbuS;*~HFaHz$@G7$7 zZ{e0qTyV;k?2h$KA1@ZA28wMXHDk_^eNvOqPPxv%8vJE zL^k1`tf6L~kv+@~9U1<~h>Q_VMhuROOS6-qP9Es7D(=yK0X^$H~Rbi&rXVm;wCv68gDR;IQiUIKGxQ?|j^#NoU(smcxUUZzFf z`U_cuJMV`bi{FqM%DeAnL_0`GB&v(b!9JEcsE(jZmB-1|RHVVk?O;xFd{bW_uwuCR zjecI0@UOnJch-NYzD?x4A77mTsW8=9fr8}!>nVFV;G|Cv=#>i< z+i59rVDIES0&jzcb{x%JU-^5_5BG<**w3mz!dY6PlOjrH^JV;j;|c3DW_v^Yej^Mt z-@UWLNn8X!nm13n!0p~UJvHMFP3cb1iG>h6AwoedJb7KXK>kC3@B5Dysze)H8zj5YJ3n}J{n2HOjp^8EZ!zLFQw3#)nI6?g!jHQwT)atHki2P>pSO&3&Uy-A z-So#g)YrLeR!jBjzf1e(tP?n$GxEAlgeik^U?+G&0ks;dIva}I_;tfCl1(i0JENz( z4S)R$RkO=iG?6mT?I_-Fa?Do(K`~7c%(*58?jlUFuaomo$|B^%HRqXsV0~qyq|>@< zj{8ZM>H=r0G&?LfuA`1ag$X_xG3~P}XUZa^sB+>5C5Jt~oyKrgc{@7Yrf;-$jd zA@(!yKHhX`B^M7dONzEEz;@!|ZlDP+C`Nn6LbW{oet&bi?RNa2(|JEgmg_yHo@dPO zwK>P<3*Fr!G%penqA7H5+6D}PJ1;T}Y3q8ng3e%7u0>}WGg;mnn(@HT%eH^XkI+Q>WP^bDV4fpW9kVhoNMe7 zs~47z84n~;U*gu<3#J=zO03D;>=b71EB?YXq1t&Q^OF-7{ItcNrQ5yIOU?e3@pJYH z1lS*R3)=8r6=$Lzu}~#018-ce`u67Ns zaLJWu`m2P;(9l{g2{LJ#vD>m@j@hizXhB6g+zA=3*zbQ>d&raiaLi5vwxW!rjfvOrC4tWv3+1N zo2Y&5Df${I%ck)~X52r?;Yr$Is;42S88qL-Bx3Bg^cQmCxfo$J($SCaa#NHsTFOv`GK5M=RW*bdJotQdkbp|BY;!o%6qs{oO5cCHNwd6-LUXC-tPoFm0EE_Q2j6 zi6%PYmpc_-QOh49T-)Aw52D_a>0z4k_KX=TqFQgZSAxOihKF)`zu;-V4 zwp;p-EUWP1ECB+Os?RO_cFzsq1f`}LZ^BmzZ;|2BA%clOcZQcCB=<>d-kwgH+S%GK_?> zX?q&^rho{Q1*9@c6(%lBO8SsrLsG0h$v-ilDqL#Kl?0IJQHz}r+nA$QNj18~K-n2+ zFtoo>I=xwv@dIp=fejt?!1sPAD5YPmo->MV2z!Ws>UGO3@yMj9=|z$dfIODR2(IpVokChw78Q^G@dZ6x}fDS?ihyz>!K7w<||JcAHf(b zDj~bEWEr>5cDA~TcIaU5u0*S4!qlev%dG?LD9p5rk_u?qUg8pM21G;DBcJN$*o3{d zo);YJpUV4|Qm;r2^BQPNIScl?BebZct;sqac9h`SZi_vyzrua@dXte36%-Dv@;j93 z_t=WU)!gl`R}&I^D7U8s)j2G~=nsSIY!qL)Y<|b; z-)$6!-p3BEyq_7V7g2;TOKFLo;JsvExe|P%4K8D3x&zRp;vh9QBc1G6wXmHBkc5#2 zrPp^${8SaExmKatb$E^0d(9AP@)l0TE8<$}ShU7|{&5X9Z1xK zZb1j$Yp|i&O}c;@h=%K6)*$=#Zs%%jRV#SeSytbqu5*z$NN0#mmVvbbWwaj_11F7PHeT#|Ry>`;8GhWyE(rpH45TO(4o(8EzRc93kicm zWm4V1F;v*t!f1jbE=`{fE=?!}HnK%d$Y-gO891vpmetE{%F(_br_NQoywG;p<>|Au z^mfNMf(s)?Emf@2R!ki2M2el-A{zCp@Iv(I_RHS=u7H*|?XFUvCb&CvdA3ZLg{qg02?Z3k% z@vGCAb5i`JQkEaM$enhmvVPPPUqDAiAk}72n}qaVrTm?3su&mKyXaPyWLD699UpsqA3OiU4^4|* zPYo`A8YIU1-+wjSgSi_lybQH*io}eLSEDPiUs&IZNYiWfj1#Q4JKj66jisEIl2hn? zYi4$tPl()kj}r3TlwoQ>lG@UtWmK0RoG!Jt>tu|IS(;xsX}8C{D7Y+J_=v z)<$EuST|FGmjGS$Nhq9^b|lfJl*h1;@tJIGRpCJ7jnXW+th%A3arN`2yZl*N>O85x zax!M$8AJ%U=yM$fKG=ut4U6WDo;}+PFc$6iWONG@-b1hIf0ai|zcy&_B}GrGNKJ>$ zQXvt=lRY9>j0gpB^@h99kxZ}~$nBdM&8tE~$=e;%;J7h*Q7v8m_4c^FhrC5m_mXmo zRo6BBOmb*Ajjl45EfS|LK>!abY1j77qCeJY6<#0);N+y0qX#pC=Y_JKKItdpemE1;TDEIJ(fGYM z)WaCf(^xjohcPZ#nty=;7&|tBfJ^fB{^p32p<-#xX-yHRDZ1jC>tUCN&!M6N%SB0_ zeH4nIVSZtIWQzVWXZ?pq%R!BKbn zIIo8~?U7$X@*Y{D;=P85PST$A-)SA6ttZ;OA%PpNH#&YU)MGqeItAOF1Gewhc6!Mi z-tiAJ&MV^){K<6KU-b9L;$I_)fHCM*h#iPgH&NYuA0Vh2+C9)ZmnCrK)_JQm@07ox zQ0(=&S~#?+Ma>WvJeGFdmn$4vE~sIEL;bt)bvJKR`u{}(=2dbVA3aYUrZ>hz| z4MWh-a1-wLEmF`_ru^qtQ&Feg@he)9;GdNg(U886^%@f$DCOPV8@JUSFN>Hrqi3M^q-^>xhjkdmNQj} zZuDgtcYiL3>s6X0aLH9^SXv@O{y6G!#=$>6iis~~sI(Ej`Ba9-gNYduuv%(2JrT}k zT@p~8z7cEA-Z-q7?4;td=1Y?(lsmNl#8{uuAzqj&^!KH4aG-|7_R2bmB20;BH6@8Z zZR=Bu*GPD+q;8zCHy-tMBF+s>UQ-T}D9-L{!9v;*{g3H{RFR{R5YDK5{9$(RyEQ0h zA~-RvX(B}n6W0%-HwmoIG&gW3WawAp9uxNV3u)>~ly=wd(N+cpu%U)jf|vf|E(vbd+T<>E8XM)xQ2B}??f^;_zKQ0xw2>htAXYeumypL(^x-v2t;ZV@O| zNSz`p|EQ25FfBxVQW;V>(@gbeK`V>G(ZULeKX*t)4#xMo)OX~mqV6*`VXo^?Mu?zQ zxR?es?!l_PHyh4SdNNvgmFXWjm=rglpR!tZa z_fWR5<4bk33JldU9DI?NG?a7eX|A+3FKam|x{ZOY?OXomf1*t zc~`xq1=A8iU|#ngy~up_!LtaW9ao|pC(5Rt)vOH;8sG+@nTda$emU8PZ!%$|aOF5y z#tOCR8wis659IsP0K}<_WkOCqDQMG6?C~hedI?C7YX@r8G^XC;Q+uHz-W!qc-TR58 z>glL4Hgx1A-|{8{E{#*&e+Wu6BpM@ukCo#SSM$a7d23u17xo7Fj*|;h-{aM8>;uvI z(rBP{Rxo&Hjsu(#>*&mCVygssI{9Ya-ClEy(E=;sFf&lfoL zF?d9-4I4$`RB7`oe~xa6q&nI&R|t}iJp2D%BsOV`Pt4jH(Zx?qODmt+@cT{G7jA0B z?e(BPcY@BUdA)1S=3l1xvQP%J^I4mw{xm4{R*zYs=*2?R@1w9f0b-V1F8sBX*Lv#C zy9HC%o0+4F($iel0mkURB@c4@9wp@^m4)_-+Bhzv@215waTc!So;+A2A_>()+mRI`^|We9)~T`RIdP^~TQL z_q}I`!NQxc(P3-np1E35E~l|07*qHb z@i7PXYNU^P^r>~PlwXA5c=zGQYO+#jr;vH}4YG#c{7-@&;x#uPSLl7baX}g3Ye46d z+C;LBt`bg{m!SUKDFS8aJvb^+P&PyZ)Vhbw$+5(YKKxdP*4#{ux94n6Q(QfdyC91D4 z+c#lpLtKU2-&USt5CLCgYWWQcYc&h{s!;B0rC129d)#1o9@BWbnP>6gnoT?8*+P_> z?O24e*}R6lhCiKr)Rf>P@3oq0zjUKfb$w2m7!#8UNogdD8J!%=_^*F;>26}qpoZ=k zK3VDr+$1yl>kf5+R{632nz6HWJ25C!f$&o7dsYFU{E%UuM z(nmJ^8U{1U%dhRuge*NHfr~y3ABTa~&W;Tgn0gpc);)bk>bBY}wwgwTNb9RAqSAc; zFrrZaN!w%NgQlIcl*FtnHYCQkLWQiO>uNFk7540=sHgLPU&#M9Hq2_ICJ%fi{#c>@ zY0Qw7HL#dLs*S?|dJ?{Rx4Lert>aUpCx3+|@BGL2805M!Ow#`HWMcHL`H@HX^9>Pl zuG;e4oSiKRj6O!WiB)*Yugu&0#t@RBkdo_UNZ4ZcLWV|>$aHFH1jT*0BACR>9_2#%JMe|M(1PDIH~5K$S_c^6)Ts=ApYO{K)} zNZ3swYrvaplN#33`PgF~3vDjap|0s%-MSRE4$Yj>OM9@0@;+8z=qDbr|S`SrE2Ugz_Ls`v=uDzDqeq6V4?GGFku!M|wHPwXQ~ zkiEb9=GW+SSLw6bCw_GuDPKLJcWR?>Z0Ox#DKeBg#3lfa^B;lK3bL!8jv z>G-)I2dQp~z4zQ46uQ;|AC9y4znQDH(ihVh9rHA#HS68MRGYbhQE1RonAh{Btd(Csa{L4c!Gsv~NHC zL>2d9`RP^8C!Jy0?i#?P_%3v{;V82)W^UTOXZ%_zBlvadqTYscPc5YaTfH60PnJ_Q zB$UZ}D$}8}Q)if4#_L_mScPqo0y*9=zeTXtSdDfH)nr-=ipwW{w6$2OHyN~y3)oie z^TOvz{_Nso|7Cl%Q%Z7m>OE`RkN0%^SIMRNt;YN^A|lnc73A$rGIFa7GuTra>)cUT zAtAk#PpzG{XN$>Oi*=#UOwzu?^%^&A=5Wkwp9P**%rrC{x;lNbePkMLeF?k4>rtx@ z^fV`Ld15$3dCxNr=Zj^|wb%R<>p45ndet@c=^k#{AINSOKvL-dfOCP%${>0b3ZA3O z<EuWX*)D8+K0-M z{klvA_v)`?nmHq(r?EY3v01%BIab$#1j+M!#!~l$-E&*skU5yruOTGF=W4(((RFw7 zO3b~mvE;Y-?cnd}!e^VWcG4R&=Uhtr&d@{0hheT(Q(n=NLUT~@YlSG|(aWHB74!L6 zTmASV9iwV%Ed{|`c(Eb9bR!zhxUtPot+>*|T%>4}A0v^%po>l;(nU~HCOyH^__aKF zmXlbzgh7@@Z+mTaAQd)V{cnLOc7i08Q4rzA5T8eg2ajiw$2UK*9>Wh!zi#PLJ>PbF z46be3(yfKSTC}9u`}eY$zUSJFo0;Bgv(^~0oJ z;TE0YzNig_9<*Ka9QrXw^nP&{%<}X;J7K>%WO!m`=Ht@*sjHO??{cpivRFXW~JzP{Q#v=RFj&6}xgJ zuRb>~+;a8cnrN78bBrmg!r}KViRK0C5_3=8O87?C6`!HafE?uEd|v9LDEL~cI_z=DfmO>2!&gJuD0TaC!Jhu1`p@#@_8IY0=@-#rd%y)(%(g4<|A#fE&gdDGp!Y@ z_KlXGAv7n|bc6z4>h-q{`<3Yzr_n-cWql`3kP6*VHvbye3Kvf`Gx5~eV4B^Xomgz2 z<;N$d(JUhr1sh+;{$cDgZ z3NqYMS#^HMBDR;$ufGTrcPk`GYk}2;NcwqY4G5m zzxn-9<-<*XzYF_wZO-ixAuYwV^nxer zi9@+3r?ND{Dv;*$gtcV#g%hy!r^8R*o;UODxBga$kb|1NV@nXcmRS#vde)oUfp5R` zFyk0X{)2xn>vl@!dcC@~qq>El54D*s&UzAi;KORr)|`9S$(k$;ZBefwdr2>GR=bDl zh}+No%yCiTx}B`ZtmDH%HRkFG4c)$7gNru;*IT(YSxcUq87CM14;Q~iZ0i@?P9E-; z9^wuT>;x|6o!7mWZZduDb`6ut>KAo*ZD%2pl9JV4XI7-7q%rMa%}eq=Y;~W#xZeA) z>Aogp&?ZSt{?qZfWZnlkS?_-j7!-0}NEBzW+LXe{SiA>aUIxTl47Mf=MTs{@5XMG+ zk4U1N{0xctS`u;fGG)ZOaP*;h=9ugxQ0Q9IGg_x9qalVtMJP~VORtT}P$qzdME{^+HF9rLaR0}+~;_q5o{kkRw4(N=fJ#O1br%lYt5|`fG!0 zT`fMk@lR60dmHZGujZzXxgFW}H$hQi_vp4lUu5Ok`ZdlEsl3}3*QW&4nWT#AHBqPG zy~+P34cW_j@jF6G$tpMme7dGD_9t~?DZIPK><^f!xb5I`L~Iy*-^ocxdhhLA1vCY> zzsH#+>AS^P)iN7i{w9XN@DN)I*mO41?1#&p_iLxZLVC-a4|X0eeL(4y6a0YsbK|sx zk>Y{-^Rh283eT`-MrluZn|ttie)Qgmi`cx@fm?defDZlB7gBNOGWGpwMI+fGox(CN z?pBu4nB6BGzxH_l`C4{0-Jrn=D)7`{;pDOR5?h;Rt6UclAti?UzYu@_{pZS?POO%( zfm^hBrv)pPXBRYg-Vj)rD5an#9*i!=Wo!ytHTgB^&8o$$xi$PwOjjt9buzkn zI*}#+vAvm1XwJUH+j-}+BS8K4FV4~cE@h2A9?+P>Iz^V@+F!44aiEOyJa5|g?Ks{Jl))EDc_ zqi+3-)LxQk&dj!s7Dx?q9 zbNGeonsvCpKh%`5`@#L>u@P{F0f&vrm2vv4xyoTntznz+e0?uD&uLs&H$U zZlpmPhE9=g5E#0<1eEUXR+R2;X^`$NL3%)1y1TpKZan9FKkoj$XWsqRTI+dMVZ|m* z`SZR>A-#z2CMZl#Ux4|`R8EWT)n50zUf4iV)yB}<38Z^AVv!aObP{J~0iTa8yo(c0 z)}V!2Fk+DsE-e}8nZAGfyCZz)+%wO@M}aH0GD1pbxm_dr5I#Sb8FVt&qSbNxH^65r z^aJ0?9;J?epHij1ZtRk`oUkS82vF-YHhvY4&{{Sm5*gg5TKNnZO#)gNx!2D(orVp| zUe>h>cdy2j6sc>1P5rc{({c08D>MLFMh)%m7H0rP>GSh`%uO;*3^yAcd~GMzhKpF% z1V&aWM+NdALz;~D4T@!OwapcZDR!LV!!ufF&z^9VUd|I_#htROdxGX*O>aXs~1PwzLiYYQ^;= zxet~myHA%l0>)1~hHa7+V~vy{Fnd?u#*2-{-K1sSArlX+Bq}~1aAQVWq`RbHNQ2!H zzvoTs3JW5sOHAAC?{`VBwn@XHlic3XQR4HnpXYu_(dKODbG^Rb-PZY(n$ooIv*|nU zR1&wpp8(-i@Xl9;+vab~!%biy^xc4zFz5u3$RZw5~EW?AhhN})50#Np)e zEp7Z-A}_YgL*(OlNug8p{?!yGpqzJJ@sHh2%$XU%E3t zdz-FdT*Qli-b41{-(F{m-_~68>0#=QLKO08X)CJTKGf)ajhWP*>Cm^C5;g*%9*sTi zk}SSi*F6uhMwiBij{>Jr=oe)4^5F08!s)}OqmhvBX!dle!>8NtJu=sGhEH2qHp~ay?^vv#yZD8c$U^bmh>N-Yj?4f5x~rb*%0$#MT~-6W{U8JNcF}ky}X^x zw`*nSXmhg%0zAke>3Vwe>Mg|rXHMx#o6}m=uP8blC&tVmB>*eW;lbGrkNd?w3UOfyS z-y?A4R;*!P`$MOTv`Ze|%+2@7SIm_Dgq zSS_%vZajwBY8>{Dji=W@9~I!y)BD`~|Jh}{gMU}R>rH{G_MAChID{wr>g$VRlNReY zvd|Q%P=7{3R5H>;r(lp!l>3Dzq%C>hf3Qs}4D7(%i-@UHehHUci7y;XIHAef+%ZGB zRVvyQtV1BuVURFtJ3X5|IV3Z5fAm~c#k&}$rkS} zf4To!+m;yOK1_&;#a!vHy^>d>!OSOF3_KfbLKKrrd$VOJgn0TId7;%ISr{7VXL&ZX3P{MqGprlGdCILA`_zK#Tp!v{q-^D>6FrcG}wqGoIX&GqP6 zG*C~gBFtjTdeWLH{m12|IbE-IhB*8c!+9Q^v+Ah+GifRo*qF_qJ*By)Rp&~Is0~*v zLo*(xVlu9#{zR;deHw1vbRN^A?q8}^dFE8VKu!z34lBUpbJA!$oYP98DUhC-Rc$T@ zaIU|XwA}%@ZTiFGt(&jYF2Fookr92S>og(w^tfkcEDg=_K zv|NV?1z2JmR~l80NgUSa41&!CqXH&iHi@Gsdpe*Ev>BTpO|$+Seicn6#)SbZ>?Ry36$t7e0g!*PP_mv>kLPoIeD4txI8>*I7;kEb|35%Tzr>YNj&QJ-0BxQJo9FF zI7uC#Dgk13R50YG_75a9c7ZungCMt8yuf&pTf0$_cZt?m;3}%UBAXBre{LRPQ|5ZU z#tl@DVM^N2ycxhd2zK6tJp$}jVP(4`C4jdi-!-IPMOO2Uv)Jy}=*_b$&uG<6Fmn#s zm}jM?Zq4S)xNuYGaT;D|aa=#^wtd)~3g(gP#3Iqxh}tajW=@_YBaT7ME|Hayuv<3& z=Cd0JIgcyA^XwV2)8R=QD2cuth85?!+d0A?{2<48erN$&@w1ZlJGIe}pnh0HB>PJ} zw#PUqqjx>9FU#C{LY_DV>;r~YPwZepfiytmWw$x$fInk3JO7}4xw;Kl+~ER|8dn-D z)0kp4-=1L&YQCMUGn)l_5QT;TxciW z3OuWC&VL2atntL$Z-#fsNOyPn4&g}FLUT!>uFs-p<8wpWHU?Gdc$3Gcl~bcBlTAq#+TDo+Gg)6+LwEP zVmTQzWX906J|9Qq86{t$ zWgvH`-8TDT+H9X<|8+9#SbzUzkmp`p*rSiJFUqJ)sW&xNtiOjt?Nr~%PGh>1>Fjb` zo2zT|qf{_#>$lHxvax7Is!fG|gqv(D1>a{3Ad>%0&^TJEa+F|Q@NEW!nZez_*YpJ^ zmaKc}P9NWXnsb0BJ>Q9yFzC#cQ+%GJC6x9-=Y@7m7iu`P6mf=MOPv3c5%IPA4gC*Q zv6(1|po0&xqz&(Oz9fv`%1CDh$uGQO^mvS$;TK;U(KmYIH1;2ts45LKWBVJ96JN*> z9g@mR6>LT!_3GSoC5spgDgg1KMipwKpb{2L-@etD-XE}x`Y=Sh>wP!DI@iIJWO&@3 zd%Q9;D>ypCFk>iJz=REuq}F)@_v_V{rM1~aLo(mdia@jWBuTU7yQ4=pZo1)}OM;99 zB6^9P3k_O;U~b+`{rPBiQTz^yj^YjG;=H#3zG`;Ds2*&r%ql;_XAa_-H}!0G@r~&9 z>K!-o8Wq|+%mhab@&;}Bs?wriNR-e1i>rSZ*$h^faRv%?b)zjRGH~o`+T8x3GP4;=bbNoq3gagRr|z6*3=D zI(t^gxti;bcBCiN*Db7W_%y=RVkJ~@MwB@B<~V)7=sl2z*v>icBoi zsPo6u>H;rq=1e9aeO*uTH}J@j7p-PyAskV2HZi+(-D7&5 zh{r!I+iiaqoc9N+%(*4q``NtDa(LOS%FH`Ilm^KS$38m#K^+yCt5{+K(b+FC+3U_N z#RS-tMYjLeN;q)8{dumj*D9sFOv(8gspGBrk*P^?M_$spPB_$HH2UGem-Uc zw`~h>yUhYje(+DO*V)lk9LK)+Iw`a2=v{>#Vm>_PJ=JJvF~7J6|90A|)wuiJhc%}! zXZmog9krAzl{Nb@P6RDtNa!oqU35Rf=E%pSp=84N~@j~^Y!#g zG9knZuS$ll{5Vz|(5J|y-uY?y=Kz0m{!%`tKO0e{;RZN`4wto(ZfusA#AO%>ggK}U zeFgQcYxrcggl=pTFl-j+=|;K&|)qJWVRvo$;%|IAsok(-!iYV0uQ=6-9CG6HKu(6Ey(dA>l%nP z1=U-NN=V4|UEx4sAhoELDBKt558ZKwpHIgn1+?CeDM2cSW(kQ=+xm-Tl;llI0nYwQsm zyCmf#+WC5{y<@+}$7cI{9Vvn_$dg5K3GH}M|CiG3?!tQ{;Ry4-yuk8J{0^I!dbGb& zL4Bl^Xxw^S)L*Z?=ACkdx!f_ig#{aWW>-}q>4|MQ{B$41teUYGPeq!Qw(7*qU$6GJ z?V2thqTL$!P`U95f*Mco1;9+H)M1o52FXR4WR{Mv=*HPP4DiG^*UtcWOkg3%r!o$+ zqSXOgRf&1=eLY(lEeLV(c+cLh1AmD>Ai&{`4(VGt2KO>#3kpmAuTWjr%t{zGw1got zMRQW7>-;5iIL5SL>gKHkNQFCW%8gcfWn^rcgEUnfr zzH4`YoA|Ex_A|g++z-b5OODx*o)`7+`My|?1(l#@P^CT~d=u{fhf^*f83A?8o@;lP zqS{OWdUTvSE&=mjde|V*H26kRr{?_M=KlL80BAB&c-hj%cOoW3ML3M-kp+`DBj>&3 z=v2%h^{~$j5$PC#|1by;{y}yTDL>+dOC3u4Ebm?0EMYGN_@tp{^dGj2H~)iW0EpXl zE9QHw8KHr#@WQVsrYpB^c2A~27jW`GvX>I>!ud*2{0nfvT$EB%?nzUq!UK;dbUy-3 zmyQy%aE5~>)OPZXUBk8#=C^mr%C7kJ4&KE%JcY-<`QI-&U@mv=bt9#v>7sR*jyrdW z40`_D-lBr}Vit8fHzqLut$>|c<2f8q1R?I;04*L`2673LO12(O=Np@rU)b1IEKocB zHBX1_uk6zE{X^F?sCbOSclelx$Pj)KsRY2ce1 zqpC^XC`=Y&<%%6}rtKoL6Mt-(_hVaH)J0#M-_l*CGpVq#3K~(1e%tZx2Qd5$Oi<(`~EZC_e&vlR^ za@O+LEz?oU(=U7?bz(u{W^nm;(w(u{qmc*nvA(#;zx0*}_MYuq(gjC2 zlZJbRx?xn`ieuxSD+2L13k(#)082o(PVCx6(s&~Dibk9HkW&fZdLiX%ArUvosfGtM z*K1DyJ_>sRn@I^Ov5vLK=qD8YiuVVJT*vyh`R4~M zu;fmFig&Ou8>0{lFYbiR@A(82vSwd}3ItMq0U&$5g|9t|W487u57DH5m3pk=8f=9^ z{tu-m1%{Rpd`SO-hA2`_oSb@sGqFsaPwM@3wQW_1ANjw6XLLvy&JGM!IO#li_e_`o zxxAnZ$YKo*nM_S6BrW}D)qgi*K692{+<49(Y$g*Do%s6qdIG6ZqKjs@w{>Zvb?5WW z(D@7HO413|?(@rg+DG#YOVic=P7n}a#QWo9^~B~ntBp24aU<0Q4f)LXb*8`r>;!bw z0tv*FY0~O^c0VI6#tjsEwAj8h_8;cZttP4%8hIL2S9l{Krq4X;$35*wF`sA5Tx3ug ze#7UPkb4u`nO$7+FzC;kIpt0}?{4yDr*n>P;O17k$f4Ya`Uls6wU@8hM4hJl$s(PJ z7Zk@EAK@gg*Gr2EAzDi^L8zD` zask8%)Mw3;&bbpL=z%%eoqafl&D7>jlQ1ba@AepeTM_;{2jCQ?ui#$0_*4?7Y4#o4P0YEt8k~NIpdnW&J-qvTa5H?pAW^ z>%rzzQ@T@cvAj4LbrA{Uv|XY7cI4&9K={l1Ol|t#fk6(D*LXirJ}K%(=ey!^!W5Rv z0DInSa0Br;HTM@@Z=j_-N;=M0Df#0IMm>Doox1q_`ZHTvm2VzcEelg!A6lpAM-X9_ zY>G~r5v-48FdZGaqpYZMoYXDFIRr56z|5LeG}&;LkFpzTznN zbo||&{fRtCaxC1Jzwf#8&6`FSAG(gB+m<9a^Jk98>~~?ghmE;|qgR~Xn4B$s8DaU3 zCVmyPph*6d%~=&RrBos&M@e5OTIA~cpv``c5@L+@(Z46tH+NkF${PcL?IM>>;0NQv zx}J0z2jj7{Q7i_9{XSib*?Mu@UZUu^L*oCeSb2TliGc+B{2psC@?(BH zs~g;U8(Wcz{|&+WBiC;zXqSn=t>4!z+(tj76AV+`@=tsF@%oa~=a`>>{?beFP3-@U2xT+`{XmdO>Di6s#QF)yO zPi*S!+mA8a3+H)usIb&rsM_Y~K^9X9&}AoqqXrMc{{NH|hv}AEQ>aVXTHo7&v;e&g zG=`)gA!nAeQ5pruDl@LLGxt7WoMHLBMWe|9L1}5qxWvvPO;1j>_8DsL>JbzBK;_E# zJ;{stoCBT}@yG$V>$TN01yC$~iRp`(`*xIG16lw5S87`Y;R(J2)X(wVx(Tvq-du6b zTKyC4^ZV6~Vy~n=x4=o$+gQ7Vu5cQ%9!ZrSFH#93%dLNkhHZbM`s8d^jn#7z1Mxgw zF{A8KCjP_)Yn{1WQc%+m3G8^#1P6|p_ zx`PSA1bE9my|?+Ntf_BB1UcxuS0EXUlQ`8f>5FtS*7ssSurOb^Aj~><>5tEaJkq5o zn+ujyVq=TbtF6Z2r7(}x6hbUU#UQ}CE_w*vKM{{OFc#0oH+o|uG~r(v6#q~ zaN6QytB58Kx&mImcZR*zs;_WsuW2@(4bHqT?lM<2v)1ayBEiZ9S|639TAeRDXK0e9xr6BI{cg^F~h+O`L1TRfp`psp8J47U%R$mwrbG74OF@gR*v9zlw~o=Lo2T(PAl- z=rNbVSufWG=W&arM%2GOPb5k$D}U5)WS^a7;*DqSZ|o=5+wIze?>r|t6SWJU742Nj zps$szp0naCvtccb2tAKM&Ts@i!tUJhl% zmGy2^0YjRG90`GzL)f`JYQj={(nNAF_~hFRABNB2qvsMouJbMCZ8zJ;lU^U;{IaP1 z3x)UAv^#|=SX;kp_X6jOVP|9o7(E%9FC;TE{WWK)ZN<;AqN6hj9RGzZ8@)r5$2lih z99guca|y_{;wAVnFOSL6mb4?v!<&$!B&RSDwe;=?MstB?x&)^efi~HXuh}>H!273l z0cjptn%jnhm05pNYBq4%9rb_)^ORn-0+iTs5;*>8{+=yGZ+HGuadn)STM5;R+*#OS zkP8`}>ZjUUhmdO2p81sfz0?)HDR2g?48TYEH6@B|_^U{^L9Vn!O*Rcj5z7j)@vP!a zN;w~ShK=iz_E+Uj&LWU3t zkg`2IKx`G4JAv!wXQ2=k!^_|Zq)_2;FBwyuFvuk^B%SPkTNQRzJPlS|&^$|Fmp|vf5XnXDx2G zvMU^iK*2z0NO$EdFw+RKL&^{Tac*->R5SZBHKTQKJa^2K6PrU%kVANa&Mus_2vl?* z7?cIOv?OC7gQxOCY@Tgy!gz8NP|iS_8)<_QCZ#t}W0-D#vsOi1zt%k-RCPpL6V zh)r_hg&yREf;a4677lM-ifLq;=G5gn#QVI{e(M;f&43Nhym%`hS3cIswNtoW^nca% zJglxvy!}Uly3zqNO}E99znhpHCs?*s*quozBpzDp;?toS#$S1I%vOwv^2`-fKh`GK zFwg3T!&ICYc)x)MkNWd8N4=r<4Pre0g_B?(QYGI#RyA%G0IEgFq3v{ZKIqI zsq+WxOEkIN?~#&pjz z$`f`ndB1=5M{dLlIowT7!x+xUj4Xfq@J#|_y-}a$+?>47{1Tk)c;Ow95pWBmU$rs) z)A1l*+157fGc3m(RZw)Eo9@^V)OT6|GTqj6)|hsZFo)4Aek&;op?IwMy|`$%eO-~+ z6CHb6L7tnr5=*VjFzC#HCWv=BM7#j!%@@t7Am)5Wo7pL{gDiYqgt*bjC@>jZe}}=y ztnVUV3C?_SnalLM*bq9t*ab{mjDaYj5jLOYj#VMNDsogxGPiG?4kCE}e*a~d4z8?owxo%wqi&U2`DD#u?+ z5q;tX3i`tE@)`zl8U%hxvNYLcOg6rGHi(NV`6M-YKoX;PHd<6!pP8bsTS-_1swbSe z=(8s9SDJ8J^so8YaCWz@P90g4+_|Vd)*-}SKoHp63?=GiSZ^UlK@pbgV;@7G!{Pc2 zz2CGpr_6qBaPYzRAxZ_eX~$xsi0dYuNbhsK&$~34oBl!r< zD3v(+%l5{<=8#v)&Ksd#PYaSxH0I#cs^Hwit$6uZ(HHl1why*6f<)6|(WqJ*jjimG!A<emKJIszw{o8;qk0x2lpeN?9=!H^&Q*$xMaFW;UF$$reS52$ z#@s7R5MI~$`mx|A^W)JCw~Fx8;XCVcw8zVtnpZz#SKumfG3idhQ-eP5$O;Km)?T5# zV$7n%zPDc;Re(j&d`9!WT8<@g?YO^X2M&K@D*3y98E11-a+pRpUUjp5OlcI^lnKHL z^wgu1)MH+SWC^3u8UO->Nf)YO`{#_(#Acr~#N3ySxVhUTuVl79WFGi2qmI8S@e_=C zx6>c)zq*qo*pI4SMkIk!5hS&4OTiaw8bt6}kbM*pt&5eYnpWeDiThdakL}~sedMhf z-m~|bqKzJJW@kt;5m_|TTz;(qzK=kd06_#$HA zt3;chJxqLmId-0^`A9KYZoQx1d|DiY1Ejj#P>-l#tKwFt9Je>r%!(FWX{VMp>le4P z`Fxy;?y)IE;(EErZ)3`XLf5BEMk42&*^%Gi zN0S#1=D)e7mT?l|rVUVU#TS{T5t2u-DFk7U{hS45u~RVUl9y+tSK&I$OT3Fnt&Mrp z3G+?0=T7NMK0@L^k>anRXeDu6vnSW@GqG2TGN&DR${&^BvMtpLn2%)> z3N5eQsdbzkzkg;N*B9X4ml0iDKaoZql|Jx|HN2_ktC0HXu1|ewukz6!dHC$T9$f0l z?EVp35uDZwXZua=uQLl5^xrb&-8d!hM+a|fdz)Xly*qYKPEQmcMQ*G^_4uO~Yx6sJ zuzmflj9bd+q&ZuyN2n-jeK1F7Ptu1z9n2s{juiU&gR!eSItnF%Y2hXKJu?bdc1Ok< zG(}E)n1!=TbW`s-8ua;w`umZk5m|fZ_J0U!A?mjBBwIClXAaD6i-bz3%yVzdgjG9X zPsn1k|GtnmVcs976cTedg48Wu_&6IhQ5C1wG94H5eGIwbNnhccJK66gQlg`%g*shY z+!pBC4SGn8vQjLHR1(-~WYT_zi)-PGo%G3BAwwIXrH z2Rh%lU33DeE(EqRr&pVIA6|@fJEnq%JOR=!y6>7nH;LLi5!wK4#tC^C@y~8=#$4>< zsDaL-ADR%%rLRe+svD<_N09VukP&^lk=P*GSf1kcD|{m4?NinMOl=67>4VNt}n;9EcI(8u;k-faTcwip!hG&(NnkD1l>?cof1 zjP^yFRu?UNrAzP{ne7#}niLt%6Kl(VQ#&X~u-+PaCsXSzcZ1&vTNpR0&!efz?pWX{ zNr-Mm{ONcQ{b!&vtZ1hYn=%?*c^BcZv(ih1N0_z2z{&qP?`^m;%Rp=$eP#-bNx4eF(E80LlYW=0&I8OrL700=;9AbGH`0a_r4!_I-_>1vYHedab{+G*rEfP z_ySzh@vH1KFZ>%G@al}?f4S|WWBU+}oj>gfLDrHNE9%s1q_fCJ- zSt+{w;SotJAQ#cUzqJ`sr_hPe`{z-^cdd~4b1bJhHW>SBhp&bBRz-GS+{DTEH~XQ* z0n$PDzoCV>lZY*zY@FIfX`lUbJHK9USkMG~NKC&spt`rOb%8>FQpiiTC^f)^+{C8b z@9eC@#}$s>KGI$a+&!~$V5sv3C->7Zkd)Gw$l!vz4d7&^2BffgJpBhVE)kKT=ZP*Q zQ}?da|02>sPX6F3h0+65;e+~&+u1Y@76WAex#seI0bLaT20E4OLxmyJRXfLgc>dPP z%HlhkGF48w3j!(Qhe1rtkjYSIibosg11d$cz}+Z_4*Rq4*IN2nW8=aBA3?t-mx-o| z@dqxzES~Tp5lAGX0Ix*OhM``&!`x;#y7!! z;&U@w2P-Ltyq8j|4PrQxaXR?hezc?DtcXos1kZai=Kp-*I|Cqjv!jBEh;y0UT1OHk zCZ(ko))(g7#&C)IYqjlF@`Z(2+1Yg##OQEDfCZylalfz5E^{4ANf|`b9el{PAHdH8(5fEG#*!b9YJk;~M{1yes(9`vA%FTrH^$A0dwHa; z;J#epj~Zzpk8-F<$g(-r`SM{?J$B3(cauB&+BUcU$iu6{3BvzA6(uEw;ae7{ifD*Z zD+U6k85+E`hp|;erP6JUj}`vM7a!WYBMO`R(UYXVTN+u|eD{L#TzzwHCq$VE_kjrd zR`Lp(qnxOCMMOu*mulUhuA&I1JY_Jg#_X7hQ>)3mYz3p-6z~r;^8nWk7?C$7`*4TN ziCt~A|J*BBaOCaU>ca#sBfR)+s&08w;15i;S&>H_>qoJGMCcB#La%844*Y?JkO1M@ z!W2s6?z><98@T1ly+Qr1w5UPin^d?T)^==MTU7F_@xa@(trc_^C$%!qMYWaUickjD z%TqIuav=y61;BB!AYL4rW;6d4HR=|fg^`#nN4LbMc>h6E$y(*O9gN0oqzC6gT(Gd~ zvGI0I`+HyAcpE27E&hiIX%w9D+_VJA3-jp$c~{nQBPX*Td9bGw?HD{@BLO+Hc6QG4!pshlSw|(Zq!*o^9C>g8G-J`=Sv5Dm1fs+4sFqO6 z#7*J3ISV1_mZ-<+mOHBPwHM`ryvPXPjAq_a7Wcq-9n9;>SB{Nsj9szLG<_2_;rKQ+ z3Ev5sd6CCIY(N>|x$h|PbE|>-#5f*1$9^Ec=4{R=h5(EVq--uO&d2C;!Vpm^3*+$p z&8X>F8E5|cC*(u1CQRiD67RvuLAyF*B3g>x@{7J9e2XxC5zoODMy!ZmR_=Y2+2D^+ zrrGeIu)#BTUXZ4`$gc}Rkj~`C*>b40a)g8UNY!u0-u$t-W*LaJuGc{sq)n`0R#vZw z519EHoGh$ASz+$=U%EH*=I-(2m1=YOJw6_|GkY3Pm*b!Hp4h?B zr$_oIH1rSa4?+}a(|D$r3BW7wmv*wORuVBCZS(cN*P9<<{(g0(ye5)sLSd%CQ-Iqk z!@@G?V7YJa7wKTT!5pgyl~}SX$Xf|ad#lA_#UHYteN9YyNeq+Pzz(Eg+}aX>Cs^Iy z(rb*IE0No%{p6LlOYX%8y^NZTs-t0T$7+#oXTIF~k?iTcd03ya?QlQSZaLFEJjGK= zgH=a0UC?*_hEb2=#lHI2UcX|dcUTy1w0wohih?JRjGWT=bj-kIn2F4)is0S=fd!0? z6Rz(1mKv-=4P^ZQi9`FM*l}nq2947C9As7E7Cs;89%cT#t3RzDQWiKX$r5XZ~EzRAuM7P>4=$>o6;8Na7sPDq+;U&9+C7c zPjXBk0Nm`*mvtZNBU}VC=2wdO7R_<4b>1Y^5?r`U$YtN31MRFaQ0{MoN2g|+83o*F zKeiu|6j8qHK+!D;vOgDNPby*t56VRGGexVeVOgOv2!+i?{qArXIS*ipK`e#?0rBxf zvzDZbT23|8KlF_3@yi#311w6{x{%9XU1Y3+hDk%X&ue_!FYoq+R}OjgI;}&ASDjD& zPIrMg^Dqpl<8jW{O>0Oo%Sv+b(VvA;U0LNJDw3@<8-u|l)t7dK60h?n<4d? zT#wl3atNuUwM%7nVoKW=dge@Tj$us9msasB)mzQTI1m5KUoAkkWdXQ)Q z{1P+*!XW~SYLsC@uV?FgTncZS^6=NZPtXXdV9?=zUhFK8=1)|cE;~VTRnJC?MJhNv zedH1kFq>=@p3_atoysr4=47h3Vss_N|75#;7jD(%5k2Ng8UZ*QfR$>5w+2r%#1Hyr z%PP8ZT#-^zs7Sbp85sF#mTtI(j2N-N;!;jf!-OD3g>QTOl=v~8#&|DZtJ>wfC4m$fUQf<^ z{-?OBQ)Q#`58vk}KNYEaNt4)goA0Cb%^6g{w)Jf@Xajz_lo(DJH_AWU#QUN-4-NZ> zX`Yg(BlIz!RD&3_H5Fv&C%S#b#qtN@=2&3dQgUfP&7V)r`mp^w^;y&Nzsp3!^Pe?q zI}Xe0)vC^j)wAKp*4>N9C!z%p+}Ipe4n9A~F9w5;#Tb;qQOI%@IjKmv@d`{R=1Z_A zor98gWtSZPr`cGH)<0oI%*pFmOxXwdV`!v`#YQT#hylDIJz5m(i?_-<%nG4yYdqgk zn1PHhL1SZ~SvSwC~Qx>v*d{w?z6is-XO} ziHQc)7{xZ5ZKbA@ZYU4wSsbVIf*jX6gF7l?SAn#Jg~b$r>087P;IhiB%y4AeCHTOuhIF!scsd2;);3>u`f!IR zQk<#=FKip{sNd{2Y?%5r(bZG+wqfG3*iQEAH_i6|G{-h~blIFbBb;NT!EXHBjagVa zi^D9^Zcu<1QU;^;o7hORwz2qFO4j6IowWF^EAw+)#{7CKp|UUMk{d=_Tfrf)v&}(J zHYEM3rPE(lOreEKwKGu{;;9F>QCo9)@`gB5>n(jNrhP%Q#2S_}o_|Jeg05rnNG&Aw zKk<+0NVqYtzmn6%>PZr(3 zPU>EIiz%#$?HMqVMqrgl2H^Tjh0l~Pvt=ZYG1$v%-!_Yrx%kYK6v}^VnGNpXaf#e3 zZo)fC*UY!$!hv6R+`8(a?)zCPwk24K5Ht&A2s>Cjt@M2ir)&Y`<7+TKK*^^spkc?x z5M&sx$HQAgU`R?;Qe6EHyG?#GDCB&GiXQ9zDW^|C3XXMgbp>p9c7Fb}rEF|?_~At~ zER8J80k-i8Yh7Oy<`}z3#F@s^w>lEg=#}OSR^QTY-&1UuH|`^7!-s!hA&8`+Tw6Ex zF{sF?&T{2%euRW!%YQH91kubGpa~i7K9>=tnH`vy`F_6$vP_<7=fpW;27SsY{#Z+$ zG)ugqC%t3~XgC+Ey0ET)ZZ|+dT0>!$@xv&n)p&8@27WCW$OOGL#q7>fP4fDENl_{l z^u;V8jP$i5E&07bPfw33YjS~Vi3y`JAms>^$G=!2_`LnSdWmse^_|+CWlotXb42zI z1q_>FV$s_VB~x#f3bg3HRifSiY~iZA5w%JSy8cN#nQVB_=ekNEQxu**f^-dUg0p>~dK8Mbvo#kIbIUvRYR0fE2kL%MfPBSU&h^LLC&!@gvoSD>xly~| z{ZBcr*s31sL&8=PBgC$i7)x>-zVFMp*zwqL!)7=^)VB}2^eHHxHtwpW*|Ui~l=Q7l z@p2Ay8$y2GAOQ>gY65WgQ0K>5sTU&{vy1lKw}aZBFpEEc0{zVkSeYQm(9Ae^v|MP{ zmn|szVyhtBVsv_=!-vI(G*TD~8O&1H3;p{!xj0G4nKEhMR8l zC@gv%YbSg!-5t>J28jr!HE|(5CTi7%6ZVD0BH!!n!YcTd#P&gnb(nKVv7{ATzqp1~ zMCHUDYL&f7g+BUSz_FJX;YT0NK5F3*zwp5!}^QdmB3t@3#c zgbbqgKQ39ywOrRBxou_eEqwPX5^!Q<8mtoiW7=FSf^_$fx2-95-}9-a@JRE}z&HAg ziB7*C+9b7U`DEfqJdyEWH#)1$)2W02WA4BRBE~^YA)zehT|oF{DdYzyQ=%Sq2}z5Y zv;;_kSIm_tl7A?80IO*J8z?X3O+ja{2r3`Qp~Ev$d*{2Wf0N&t!MM!0bl=?n?jffP z5-gkCOd_(JbYBgUU=C#{l5dvKBVhHfS};hx{~;ZhUqMgW%_N1#Y=po6#|H27fp2h& zoHKd|9(R%FC=0oAUj=XQu7FAcAw&{>FMB@1y?fDPbv$z zwDMg8debs26}!S}qw#hHo-I1{7ZWTxrf=1AeG$xzM$>kux<*`#njdQiX#5bFhIMXi zktrQ?jV#(uy_;5IUn}|igCy`>M*OPMyRrmiRDzGDRN^ zjwlQH0)OridG=TPidy!Zclx*LpsLXjI$AjO_wc?#B*BYL9dx3iNsG!<3o(vw$6$rq zTlcbN>&qvwH+zEWU+EGQWExZ)Z7e3*(V5g=;GG#>C7N#$-b1Tt)858|)-JE11^;jl zM*w(WK`SAPbLk`l?M}36=tod@sif3f3#wff5c8uuJn?>W|9l*^ObtI~IdQcp9}~Bu zb7yX$;l#6`1N`&(E~4?zG_pm{~Cn?Dub>Q!F z?1r=nFlBAUjBsI$HIq#uNF2@@zI=KjBxuuPRC{}d1g%*bXkal~4HP!-d;8;a!gudx zqp$=#$F-1%QFJM!GF^&D+D|Az#+QRF>a#F6xBBV8W}w=3*mVfa8WHFVIKZDVt}Th# z8OxF$WFbT4nA;C6|9-h$HCkQ~$-g z9&$mr&y}~)#Xg@?EzTaX6Z1bKT0u6fD>ji^J%83duw3$|@T5%p=exg{Y`wTB$GpqT zDyW`XcnK8Rs+A&N8B0Af!~3h%8Vj+%30~uOnK@Lf#^z~woKWhlN`4%!E<*UqLmTvV zx+}Z7myw{u*y|&Gc_Dzj`!WO?s6HSEswc5EK$T4MbzrU9yR{RP_k&=jq}Ll%vJ)jY zwfcV)Uk}4PtGz$ja%!&VM26vfa@Q=V31GSrTD#<;v0Y5>kri4O^hNN`>7b@e zH9eMy9t-()x?9jVHR^E`v=5sS!4+npz1m!i(Pt9Us^POzEKGlSl7sML#=Xku1J#y5 z>55#jLBU+ePgj<*h4tDpl}*5R?%A##=Bg<9AEDw}r=Z2n0|zxlTYA{@PE$P;rG!Vv zl{&t8)=a%l?1_u{7Z%L)Aq@r>XODF7mg{VFmvq1uazk3$8gDSai*s1`GAcp8-l}w9 zvScJPJcBQ5sTyZgd|_T>M8p(VL=VuCwLc9D&J%4v<*(6HNFFo3Xs@~IM7I%tf|+){ zvMG2=>>&}F_p1>;H9ZKFb3zXyh~MMGzRy$+zL2z3qr?gydmH~|sN-~J` z{@j)Cw$@}!)Yr|GT>nF8B%=#3hOfdVoq#%DXUr%zZOjA-6-Ez^C@G)WdrW7maIOXK zI52RPq+9T%LxatpLH+FJ{i)<1z?|Z+Z-enXL=E`CO${CH)baR0!k`K=ip0X-HI7Cn zvu8q&$R^DrFXR1w^-kIi6V1t`U)Hu7gvMMs@}%7Kfyyl#gTa)6(hMeGb7(&+YIf_M zXjw`VqDVDiQ=qQHAcXdlIPf#-u3mO^1!SfBA+QnxD5T(1vkw27NL=x_KM;Nr?LqX& zbUXZ#l)a9wrwViQ3Ugb7`GL9DG;)BvDKCeB-l(Z8Sthl~_gM%3z~nlc+t5oO(ztB* zB9(txzeIi(E}LEb?v5W~?9lszv_Cxkkg{uA%)|Qmt;a>J9u{Iar{h`^c3!UI=0M2u z*Dr3R^eN$YK)g>Z&|2Afv7KLC>&wkpyH-lbH`SJ=4#WddTzTCqvA>PoFqyaQ;Cd|i z&n!>|398f55av4Wa5#!EVe?SbpyTeJ7&QY}I9TB$_(!%Cv!6|Cb93$GI%cuikifir zkt#0$lXke1;x}NDpayfcbI6QTfDUB8LLzWnf4fLfw_d#MAEme^(Ll-7riKDReaiLz0v4(JNou?(-~ z@a9A)b5}3v4?<=FXgSok8y?OlZ{R-Z1MSCpe)pG27BJBBV^GFL%+`Sv!7A@)b6bub zBG(>`R9a|ShfIo!Z_{23aAT25-s2rDDc81R5?bI2ZHfRWuloPdbd_OIbzNIhx?6G> zxI$P*>kxGdIs7+~9=V(Ck zz`~1H<*6!WRob)SR;Epuvh(2z67vpl?vXGam+3GL_#s2dPOj6c1w5fgae2Z^HH=1&d-s|D~OohF0P083;J4Cv67lWYmQwT|*u$1Zx16(f!}$HlL+S_eZEujJ}A zno;ahbW|j*(9BFlE``5d7KEW*SA#^bR^|5coMkq zkhnW2{h8g&oQ_3bBuqz=nC>iO4n040?Y4tYn~vO!(K7qEZ!Gj~&Eet~=r5TiCjM(i zuNJ>lH4wlK|3T^5FIst@?ej^M`cBSwBc_u-7p3vfF@-~tLW7V4=@E1u$U)TJ*lexL zn+*LzxL|RaM@YwO|jv#0XpE|gYcBNj}+QP_UJ*nQ3HE-ou}&q*s}Qo#IpSpP*V)~$51rOkE0y% zlg#yzmBc0GAElXZn(4xVFI!`56i=LIpVk&~;~;^q_FA#&c-2*&t*dR8r-&888}|c=5(Jjz#xd@u7Z~EPL(+?E zJvJf(F@G;8Mj#`47Tm~0uiz?*VzYOxId$DRp#jMXpzl93jM1oxDsi8^`xq|d#GSnY`KRiEbSl=f*4heKfoGJMom5H+n`rITWsM7 z=aE$`Gjl>V#EK)^{8%SZnQhWqTFSN)(6If!6Kk0;o~h#9JF{GI?HYeL9_Q=+I-Ue% zne`6kn?^MdArf-Dj>spz*L59P^?mcspZFSU`^2Yvs*BpuNN0E)O;3gcF;X!4#)uZ& zk~Z06gEa5eH#H>UsG7wH*^&^qKQdJC8NBosRYu=z>V@d2HB+qAx@PKHL$%CRGiZpq zss>OAv|t7%rcFoOjDJOvvlob9S9);s|9KFft+Ea5ks(QL>FU;!Tmyqct2J}q=uvOX zwh%{EIlt`QtBPsM&zzh%WGE0IX+Jy*z?`$Xi(UrFCUy5_(d}B?sw9obn04+OBoV~R zx;JJ9iQZ#jl=HHp?qxU0nB^MTajN#Obgt_?QI3kr1xxNJrZ0q8pv_4#Gtv0Pc3P?7 zyE6-QT+$m%byxkGm%d|Mu_{W!6j#p!^#(H&nSQLhmhzfJ9M*d2!N^U?SG^q? z;h5WuQ_(%{8YIdu`DV0PMY3j@WTI}A5cWk+8Lg=*6LVc~;a_q5zm)NrBS8fpgw6ih z+OV>S%`qHHm&<^Ia(mrWi^1$z=t&f2zPGnGh*3rSk+n*di%m|O?9&>b;NRfmp99W= zb0)Nrn=f9i(V<}vraP$!2L2sSH$_HNuO%zeQ+o+kpp;i7=-jtrUb7t$^@R;G8R`4M zq;YJut5jan8)$hN7Rg(bYYq1Wshf~J=v!OQGxd~kS4Y<2JLuQbWV^_hk}V;g3Cxka zYiJ%kewTzEY0pV%C7g$4K60+;lkw^E-`?bcrO(x2gL#2!DEg5;hi)^wDJ^P$J=^V_p{*7=@$ zE6X&1ToiQz2TDS0V&b3I4?;B%sWi`C4SEGoAU&C>bgK&I9wTp9&TDsU`3=_2F7f@P z-W+Wo60Oj6SO3lM%I+6D8YZ9e(;cQm4$xdwT#hb)S+9;uHoTErG390^rACAMm4O@n zmjVXqW0T|AIi?R-NZyJWgA|IkD~>iKym&fLiysjml z4%d3(5|6U>jIflNdsoB3I3d1wwT~68KK0akTBtm5yr9IH#^vBn+EMZ#Z7mzAW4D1}V+|!EF#fP#e<~%Tk&GHb)bySn z>%L%@*S7$>+>7FI-yf5`0$rWpKwCJwrU3Hxjd65=?oK8wNM_eV>BjA1rMmEaxGL%8 z&02z{is+^gi7nR}^#*F;ND&$U7XHI@__mwb>_fMl`)IHi2wo7{4r#vPI4oAT=?|6J z3_9{F zYA8oEFZB!CLg+v4+Sv;9R{jah$15&Pte(XVbkIQ9XzdO}mB~XzkDB2}I`~Mzr&>oz zkUjeM!MW64mbs=Agr)Scsv>|24f3fxJgt7V%$GxCTM2cVyb~MM@o|57RWuY1U5+ZU zv*HW0=tQJ+j-G$5d&LWM@BR}gIAWZXuC}1yYFpQ@eJfI`A3Wx6e9MSvwSIO|AaRDu zez%mt{byLcNDM?mb~q%Tw#CN9wX#4*s2~jiv2 z*gl*Xs3L}{WyYQVn}_p{i`St+)bfIi%aUA}b|g0V8m|I=+R*!())U)h_GZcrM^*OF zMS{qwsVjccRD7$VIN7Twiaxh0OMQXzTZg{GF#Y!i6@~WIm5m0X>*Iv_n9Kv3dl@e? z7|9?yW=LPi5A6&0mO=myB7NzX9)*!=f2LAFIz09}k>L=hR8n6~aAmX!mONYGn1cq& zAWBK1X)eFFY?7uWUitIrd4z3Hgb=Brc{@cZja<<)@^vQ~J}KiTk{cXiJN;nhX<9fv znmf=EMN~m*E2U-lJ00ygwX|>a+ zBhPz{b`T(>dJdNFK&E(YyZTo{G!v#-6BTe$97^yB@XKRYQ_+&bEq^N|*lCV;XKJ$f zEhE|$U4(px9LLh5YNe8u_;Qb9d1wo2vLm}RNu)+ZqllDm`yN{UkZ|BJ@<6T7N=<_q z7TKZEOQlPaf$#<7((hwe^2PhxIMFn8KbM9}>tN^|eqyHJL4Cs7mC6{A%9xe%u`Gj7 z$laa%EFTN081@lKQR4RKzTly>rzBMQvsvBUI${w)PvtGEXNx~p9tS~?JB^F`o|~-} zJoLZwPY9QVJMP0!MkQmG%Utk=d32}4%b~@{>MZOI0ePsRF$x56;||FFgJ@s={>Y3K z#>zGLFi=|J*WBE!w8fIpg_Ymzs7D?ohzdGfvY?FtBTi-3y_H2kmupEN;zpB^fZ<~! z5760{Z;|gb$;I`lu^G92Rp!`qNgnrIYo@4ZsPaulU?zBPTcP$ehnTAMIgFU0bKSAj zw}|=imjZDuC=fz2FR!M7JUSY#YLl8T-P1RhdB(t__ zvg%3ycm!y58B~jT&@m2%nfa(b=wQv{o2YH_458VDehU2ey+8}*KZD3}Qf>1QOBdcu z?D>M@y@1z3dHQE1d1k;7qN}^~N}6jl;GDa(9!En#`m9*aw282N^!uUA04=t6Jw+=Z zbWaE4sObwzCo3Db?j!q6X5+UMlrB7E{Y+iP7iH4Dw2=oGjXc7}{b#|X#nRmFve2MQ z5-kp8W+yX`Us5B>H<_;~0$2i?Nu+EC<28E2WAclF$NG>1?`u!2q$V&QD825h`y&13 zoRl1ha+vo`WK1Yzq*J_K<9GQ?F*gU;X3{T3iVjDg;Wtbui#TVD#fV>cu#5M=M;Di9`;&)QQIBL^diRV%lbZ{rIh2ek`4WDM@~-sXR!`T9&$!yHqozh*N( zpd;!fXl-r#KX~u9&UuwX!~>-=v+Ne6_W;aXR$&LX<27_q+JywXh|a^@wfEek=Wr*K`g! T7=cC;D4o`m_ z=*}pvQ%kg9uT=578lXmKq-;hZpvEM3{~4}ch0i_Av9k7pmPFUlm&+aDQUC8>DC5WG zFw3dw5kHGcOWt_t1QHk@E%J0CQj~NAcR-B~ficP;5HPG?qYx*AYc^*Y(}2gcb^O$b zxX8o?uh6ARnrW6X8V38|H(xsHBgOu`Z21c^0ftun%ZLJ>HFq6qW0=CpxzmxLoP%WV zFb2=wW8(Fw%sJNjYlT2)Csxnv5t!(2cFRvQGdf=Vh-OL1Z&rk1`Ii|2 zZdz2BNFQJrv`Z}|#%%i*GX9bT!z2hBAJJi?{4?E;LHOuw zHoa>4N@3G?++__NUI5e@oUyLf%ZS%%eHruJX^2TN+*t#!oyX-l`w@nN6Ek2kJtZ_% zejP6Rd7kcnMNj2)*{h@^UgPYm9ijd!tcTKgVG`5(wgB%!(*s7=U4J+E9(WCdhcHLx z{ro9>FXFi_1*cT8T!Wx*KOeN}mWV!(KL`&00Hw&Pew2?fs}^Is(^+b|6%>?tSxK|+ z(baCBPZt7~;J9RX6k*MXh`!WXOTgni>AzRQ3xBa_v+&U)gyXyAWtc?Qua)kl-lo!~ z{Lvose&~>va>z`!A$_z+76j2zRR2x8(Du!*RK$UUfd1h~f07Kk^baAMp+=`vbb+yBY~}DM^{n;ML46YO=a=QJoe~_djb}~ zb@xYlMH};0G$h-lW6Iucy;qN7t*Eg-Wtql*cZ6EIP(DKYdN!fA;Esz?zSZDWx^SV0DO#!Mk(K^^zfWS@D+- zuB$fApjnO?RuFwD(vLt=WFZKsOr_&aa?b1+D8^)aveeb$%$w1`L8)BCU!w5hEcgMn z87C|o`yNu5dKZw<92ORKkfREDQT~yTe?+P)$k}}G+ZzPQH-l$A**T6dB8NNbx!bCj z>9!h;E69bW#N|xLz1a)&32T;J#nz&q49-ChIfBrleXiN0enC4*w zztm5#v&V*|5<3iasmU3ZE8Eeu;W0uGHB`QaEa5vg*tKrJM8l5BsaQt_2_B zh77AYPCk0*oNg6zasL{Y#p{Phjo0!tReAdBn1pK@3n)i!eK28SLc>6gut z;yCR~nH`ktk=4h+?}E~An*vzeT(k*H1o6gAJK&P2H_dVvSgJKJFH-e8cackqW?5bg z%i{6sMeZy`q1i=)IC*~p#l>XEYGSyntLv6UhwiTbefr5l9YrLG3^4fPpR~Y%XS==1 zH8jY1ClaX0dnFLo@z$7z*yiGzH_*Rbf7(?Dycaovq19@7+!%;Ax+hD3XVcM}5lg(u zY|?p=8yC$UXi0^s+>J;6bq+g*1tyBbfvlb0W;R1^(j3Xq9eMd8DaC&o*HfcOzhNde z&`Wo9p66!gRIPI0|cTu4wpXQeC3g$CUR~b}Ocd^^8ef@4{cLtDV4b4>;LxqwK zmCz!vO;W)X#P$lnyd}MJm0dd?lBSfAW1HzUk?Bty(>Kb-SLvi95(8)79XFajL~4I~ z@j86mR+E*ub_dCq)DwF9eCeU_M2e|*>2cXRrl5%d(fRQQ$GionWBjQD3x# zlxQYe72aWX12Mgjj(P{QLu;Stnt#oO;|Sk>EV`IQt6NAh{u@0>_FaN($b_e#4t@6X zsK+^Exlxeet2{L!axjFbDS$ejQi;5ah~`l+&}JD4BH^HP$um#By#E*oX9TYs8X7hw z$XA@RK$~px@cOPtlzF&a(Gdg#w-xdUqAgA?;h*$bT(t6#BN*8rrqjw)IJ+jDA5k&z zKW;$1aWc}@*47MCDN76X+)5Ih02+-*Dr}LU<6KTYmN*MHktUS4$=$AH&!yZC`PaA) zh;j1oUvpr{hvbiT_gTxQ7mji{{>rs_Z-%e4vw*C~N)k|#7}@QLq9uwM&jMDM*PLfH z_~BGMK_m^5P<05Ko7oKujJ2uPBU8q3O|o*OP58T2;6PVw0S2Y#1kJ6F{(ByBggTKU zB^4=a9{2Z2lCKI{bXY7%0zSkK*K-uL5i9(~bS3EbsJ#jx!C=$bdICY11@kecvQECS zS0g^8Gnn|lAVz2-U@FV5N+)4QABM{uP?ve8fcEqs>}-_}QfRHsBW!#aOMMZhe!u=a z4*i13Co3}ATztsK2f5RkWp&`%7E2rI!6BoH%iRQ96-mA zj407Wdr`hXGW-+9Di6Gy$)zQ#!-xQ*4-bA9c+Tp)cHZ7RX2cnc^J#%Fvh$VbW@D zrGB4;jA%o^#4v_{dRRWN*k<-=4g^dL5R#Uale2VisNzhGW_3=r3GtFrFRn77qGv72 z{4mI8Zmv-gv=$ogPNVhGYmtTwZdnuRJdCeYX8B*0d5wwa;}jhxor!%w(QjJ9Ssq;@ z$U#2A{z_+j6Xg$F4^OGF(bb+I+#gWKvIAW{I_uOAC1NQ^u{HuXP>of)OJJqn)Y4K0 z92dC@gOf;_77tL8Mgx#gJq~^3y8QjD(6xLA&FLk7MKpw`@m&?==cwkZ?5-g1-->{i4?Bu4Daxhkh;OIoZx>DXR84Z*D?!N@wXx`O`H5d^d9A{dS-H~%q}!5_VYfP3uYd;`wm?U6L+5*_a! z^mILUplFIU55sb;5jRABk4^5*%dWkz56dR<#=gn!K>0$sD^M^@r6i%}(b}YPzRrvJ zWDY0593Uk=SdR+z5;egNcJ%?a@4$LwWKOg)#rUH)(9lWrYu(6N{TIP_i8Xj4P7_rH z7A(yD7l@2@sqwu=2FQ2-<#1hPoTd+mFfVd$2^cn;RqT z;tK+7bWD;BeW#4{1G|}<-~ldirb1=i7v$|>qRV%psj$!<*+H^`t`i{{6!vASB#U~@ zB16{1e}Fw1Bh>cQ4t79YJROyDo4B2KSP#Z^LK}hslJdp8Lscga+a2* zc-KQ;K*amjSt$pS^xUqPU$^!4w@=K&?oR@r<5x{+X|j*|Ir>Yj1XSLQ(p;Y3G=8k8 zH7A!3^eH_(qzt6~%)dG?hWuR?mj3RzJWlclGS==Vd~C@^)^3DS=y&c1F2UKRColbx zaPeIVyl~D1HfoJYAmyUE-wIHU7rXl|eZ9gk$T25>u}R;=SBd;WGaEQ)66L9^J@>uk zPMqzapdi$(CN591>z2p2%f-z;WuT`dbzSQ&yK=TLi8;00XLN6zI6PK5b z0ILk%+1Y9EH4T0q&b&EIyIQt1g*3=<7*!wqW1MIR~D-iO}RE_hH zc@v4lU%EPXR-%`MJ|i9M|DXX;4(BDld{qU(x7~KuX&G>*1j?vZZStjeug&^RlGu88 zx^r|jmfyWDYR~1vUp!H%ERGb_(j#r_INd3k3~m~t$nGE_exyQS#^8MYtlx>h9ZFB$ zSv{L>!^zu!y7u7A$U859)fp8?h|H;DoO2xwj!^&0&Om3BZ15*{MV+viZMGg_gz8R9 zTv~G+m4ChYUZJH|>$3glr;wguEr>@$tIX3F`kTAe)=9tp75SPYa>G3J1^X0O=tcyK z>wKpW%v|1WS$)Xwo{PY~>GPwHU3FrQ{wIdSrR%R3H|?Qq_EAoCv#?Mh| zYS9Ko5(un1EEBzE_W-8*)NUF{Kl@?#7#ACR>q@kOlr3;@FSNKDWcXD@h+mVEcb~^Y69CMz;z6u~yDv1DO&+_BP zBF^Mg(X<#%DsLJ>QVL+#1g78#80y=tpYMHm56-y&ol_56 z7PoAp>DEnAL+>a1EjIU<4kkB-wrUcd_Z#oVt~io58Nw89n`ySTCFhn;PO1h}eh$a` zJvmL8Gx|h-9!l3;TKH7;0v0__U2R%C&&>r3n1H6?W3s zQDT@S`qmt2vX0}$Ib;6FO7sova?ul5N$=!z&Au$02zM?_Y1xwvXaDDWTNuIPKJ34u zfX9Bo7=DExp0obx2`0N|KqoKl)8v%R#nDMjJ?vWk!6ew1-*)Sa&KQir5DOltm^MjB++f^u7=kUtg@GK?m{%Mr%l&uxfx{FCU#szIect8TUr6v$cEe`y90 z_FR^Dpg)h~K<`D^-@IX;IMa+jYW$gS<<}(L8f9^_ugDPSxZ|VmwJlFB_K4YJW{EtW z>ZJaPVgMieQ%|U^7_eZ`*r_OC*~#gNJQOwm%Wyrxl3yYC)tsXBR#N=Yy&212A3S#~ zn>TO9v*=I1&H3C@<+t4Xz8&`)ffE=$e`Oy*Q;$^0kH2U;&vi9VdU)uM7x^I@zaQ7b z_9O1&j%Y3SSK|k1g%>|=FBIp*7|#Aa|AMP8y$4o;>82)NVMoXGPj1Dx-F|L5$irP? zIvXx!(7UdSp0yz;UzW`wJz|=mzE{-XRCMVkCP0}Lj6^XJqP!aHBmybTO}6p4`$&Hv7$iSZB!kkZT32H+JqpW zc?`hHf>oo-Zpgp?J#%Npm6XJZe{bd;q8wLYpizr9_Y3YqVTU_JS@jFws^V-IX1p?( z7Y&O@W5ZyV$JsLt_A=196qD~ste_<1iUuYsmlD|CZt+dy%O9_G8d_>iOwBUhFh3+IKA%T7jd0xO~d~xZ~Qt zdA<6VU%u{GvCp?^#F^puqYSA1UK2Hw=lHUQ7`k9NwwRKi^(YLtdSZ_U6R^#4FudV0`I3D%s=8=Ks zjkvNDFnrFmK7Ex-PknUa6)I>yGv1(W=*U;kSNs2dzZ z{38WeP{yoiXg-ZWg<^n|lFuudMU>Pd6NaDJpK3PLYF@@nMu0_Co1*~*y3mR@44G(o zc*&=3qi48Y;Ods@2uX|R4E7)@PVLp2BHZEOe`IX#dXbRmT}Eki^ry39B%W~#+cc&y zpRtF_*7rBJ`;J{_5o7SOLQ=v^G7X8t`a=$DV%vDV7?SZa^NekN(Z?O9=w%l-x4BC- ziODVtoT=QZ+hiDSq0(*?b(FFcFl)qE#ePH5U2A?q12>A9_S@=5-6e_utG;^E{QDk9 z_QVR#Vh-cPm4?SO=}eyzPQMnQ@AsptYDsds=oiswsM4E9sPi7N`??5=`*6VTb|Isj z%;kvslM6xupIbr#`(^Op&3r5jrs7iGzA-oXTzQuNnnk5=iW0tp9k`pm^?7+A#yBwfp`*j7s=ffCGOJSr)JUstYPHB}Su{mHVtbrQzx6X>q#V3oHq?baxjx zI0%9hv;BpSy{9D97%;PBiFWy@muyrC6qJ=_)l%Brv>K?J1<;ndg}ai_o}L&1MG;f| zKdW(#56a0U#n zh_f?JC=j(y@2t+v+g+N#$2Ua-T4RG~vOv+{#l^*@kUbB}cJ0d@+FEXOe;sldT`O?={0bYiQdk){$H!$W>*LM_6EkGyG1sF?C5nQ(J0vGVIA zn=#Yi2Cn>F|DU`sJNEfs`YRczD28N8Rn^$##4^vlb)D9f*Urr>bl$dYZ8h-)wGufj zN&gXhpChBlC?+h#+RbmwHn?g+GNQ`$!?O$Cl0)f;3L7Q{Kv;N$t(^hW#Idj754(zc z_&~+I#fGlXA+vn@Q{yc900kJth zJ7AIGm&BoaiPl@UKO)+jY1$D-XFX)KyOqxh($fEK+eMo=r1@x%I}zAi06yhDPP_GYfdRk3lkLYwurRsaj3XwYH2tDIH(z8eJNnhjsQn@xSqK7hEf;T6M4;O>ecVf-E1b=zIKb$f9rq4Dqv@d8XBO+ii8eCMQFW6?m zoe`)`cH_%k7F)u*3*X*-@fNR}mm}JU?)5Y;qmqZjF{^lGpq$S;bBmBycXYR`$-_;@ zYvCwzwvF^c!?NcO-y?B%eAoocK;f&Y^dIiZL}pvQIA*a*?C??aSEIRp`>@6H^!Ra6 zUD$iu4`TgiN4{kV=XT}yl?MnoXN9mfdDh%qXw!ifdD8=;ysw{g(ilyDwY0iOkfa&5 z!1dlF@hz^M4qJV|Q?sBHZes-(!zbo;HW1X~)|8-p-fTUU|3SmTrHo7FmVYj)#WF*B zV@2O{YYk-O2b2&Zk?T-WQzzZ%8z+4{_NgO8lTNgH<;uZdoMF=K8Ouo40SG*mH zlBRxAr(%(1U;^VWYEmB5#FaT4ew#I2dr~I|ToDx!NtYp=-xvcC>UkCHBp(&p)TgQs zP5MpMB2GyqJ}_I)tougyFvx=ddM$|fL6GXg3Np_78H>2040cGC@h%Ljl*O!>f`G zWE7%cIjeNti5tFjsD{Fc%osH@azDGrU`Fxjt-~RElfmJaU&v^!0T2NP*oE6`nebO^ z>+W=9+eS1gz9C@AfS^&N?c;++vzYLa#ch27Pz{C9h`S&MNPY z%a3CQvyBct--52H{Ltt7#iO5b{Mo%2Cto;BxwkgbmgxGWn|Ng@$|Nr{M0g^B{L;d? zl9Vc~teTEEtDoNhUfzUlo0XVd%9TM@m?^d=csNj2q;o*6kTx6PeH8>s_SWD0T^MLi z^7jeE;Y(7t0HKi-yEHp7S0dW=huN9wGj+b7L$=zOS~70a`a>rvtwhjucb#*u*0 zyqIs`c{*vy436*@04Mg^nV}z|TCYY=6{9cI$aeXFJ{?~dDq}pqOSkD7Hr89yc=I6C zR@4(RBr)qo`x}io%zOyVle?M(IkE1<6HQ}02tfWap`}g7pn@dsM=;kOZq2HEsUV6}-sa@#rV3->v7KzH?Tz zfp43xNt(#L75UAAmGX`RkqkjTv;hasZvD;)AmjFWS;lh!&w{RiB7i^XD90tL@GAGy z+3s!;zz_7-sob(|mc<`rWoZn*BK!i&=XnAYVJE!d{Y99^QgzK*jk6`7TLPh+@r9AA zYO}9r_P~3t1dDqr8KcHZu<$X%Ana$<1?Lb~a55F+VCp@%`R@Kl!{@*1@xBM*PNIA+ zT!1tJVTVgwvr27PJ2XFSeG^x_U95z-tj#ejS>qP}tw{zl59F@JP+G#8jWrQ0x`q@l z<{m4JyOQN)?0`#yTq__)F<3Q8)$`6VQ3z@WO0^yqJUQ2&; zXaZG8k7$D71RU}G>vl2WCxQd@%${x8>WWh`)i9ZUxr5G=#eu)Cq~0mXQx|rh3fi&= zoV9zYHK%PX6|XIwc~guRyVFT7sYsa?fM~~F5~_qIQWNcqvCA04Sc;C06kQ3UONmp{cd%C-KxO3}Bt z8y{fVcB2O3d3%y{xHv=83eN>1Ec5$b?m{Eb6?J{E6902%62O4@wUvbU zaLeq0?)~!o``$3f-)-B2(XywfCvIAwXG5sx33bHAaYRpb^ifTNbbrfx5M&|}=ZTH{ zb`XUevc>&X*p~y!IyfLO&K_H7OirC7EzOE&DfK!N93kC3Q=R%%{K*arjZ2rY{?VAO zo_?9-jS6k9K+?rlW#Vqj{ejI7)es!aCceLF>U54{ES*#o6hojecRNRpIlzNBfI_(= zLttPql7gheShl%@pSEV<$>F~r%9P5jAlsX9oE9QGh@L&jK{B(j04IBfu)No6&w>7d zB&cG?u2kNMP-=d#LKiN7tpG({5V>31c6YOJ=Re9ru$KvEA@ao?yyeR!uw(%O3~VF7 z%EP@n`;SFda_7&)5=&9JaBm_Ros%89OAa=hps_wtKFNBHbl)BpL>a?{@(-`3uc3LgK2w0(Me2ZpTtwMpjg(&DU&0$j!Z8Gm=QRtUN(Zw69nt|(P$)%Qsfih8M(j93=(kL7HLz=w>==WOvKvE0|pT1Y}Ac zQv@Y7!x{^DlKk;%0O2+1!2tz!u_@QC#eAPf40t+gIQf&X5*S>DT6 zx%+})_u^@C@gHXo92GzWhjCwvA^zqy#ccl|VE^-HG35n|bH6lrh$YBm#z05m1xa{+ z(AOz@_TP)LmYRk>T=&4yMm)xW?NtwFlh_`D*!A_U_+DX1%@R%m%xp_ zrhPa4i{U9XgA@h*k!lvuyMZARiN;(h$mWCKfld=3HuQ2E<6xv*|&14Wv~{`uwg^?UauKc}|5ne2$D%4OLh8c}71(jP-| z{LMe}D=XhOyRB&7i8+V%&^+)Lvm3>i$5hNwClW8epH=wzm)=nL7`|kCu}=@aJ@899 zb9VbR%knl`X-dOlM(Z}}lU`P_sIHnh!~6O4uMrUi?-GYC$vy7n7(CAZFc`M5@6e84 z8Ub-%GqLQDdUng^twU^yKT<)!n$WmVC{Q+<{`K7f-D?Wf(isaA6Iw;#t}%K6El@7O zk9n}8gM%v2gWwc{123}8eYZ5_Il6nJTd(c;oGO%$a(ee`pLxP#)={k{doL?#<7L+1 zesb_Aic7Q(OV#YRp0ggvw)?TEqj+0?0n}@A`^WgHom`$t2D-DyA`}T9^6K?=Mso6Qe?-$ zxP#E5J$gdZ1H6&hRU|h>r?F#(W!JJO4_!tQ1d**e-h!q}}$THlT>F`1He@X<}dY3>;8@hN8dZAJ1>4RO4P8xu1(Tv z$Fze3C;?L!iYRp9y4T!XoVu5cMk&J9eB^AMH*tdRTCrvAcXJzY^UJ!pCNCiUd*6%8 zEc4@sM7aG{_iXoWb9vmSAaC8d2Bp0n*d@`Ix6UF}Y*|t4?{n-WA@JKghYJ6tv8)pU zw^sU|_Xq&>#n0D;GNGtWCit)DztB8*?up&F5+bhw-?h_~Ut~{pUZo(^;_@w2a5WM7 zPwZRq3L7BARTSZ+m3OO*7PER8VRYIoa(e$48#?<42M0Rl)|KkZe);3}sddkj(wHls zIUXXqj{7Jd|AhUf(IO=8WeYS%AZfEIm!bKNXIl96}VKVz2`Mx3hY39A+U;iLy zR?CUc{FVwfC5RzA>4EMVaLKOVO0nvik*&}H4R&x0jkDX@EkV2l1y-XK~CtPHSyndo`f4%gNSq`k4l!1!d` z9bNJmd}B7-x;pp~=l=MRH*woinV7Nc$90-qU1OH`1+uKhF?Tj6mjcn@GHdKjkzB5s z`WN%&(+E4{2)5-~UuB|520J<=sQ$>k&uPP}o}fWAXWyOn0`B1G)=6yx(U!xhuo|^? zmfVb8<2jEfBDaj(RAv<+PwZC`TAp_uMG1izVCW)#DsgMs1)~!G+HS%O5%e87$)uAq zmg25c3?5?5guS;B>+@Ai#9g>T@|h z#*J`Wpg-H438ov3NDf(CZ zcIn}V3=vpQw~l)N?&0I9_ zU~+5?2^UgX#4v_@Ufk1f#tECDY+%ug5klKM1N`6j67pAK!2C=w{vbSd6Q(ci>($z` z0W9)Cb8R;{R}$MH0v}MwGNHtiEivijl?Nk@p|Amicuv>Z%L&wV>Zy@22Xx`FX&Gjo z6v7`)mbxE>U-Mx_U|=vXM|9U3X3>b2)a!9Xod8-ckWrdsqbWt#7DT=Xa92x61|Q37 zVX}8I{Y!4$?hSR`w`c0xHs8xH=-GZ*3^u%p`_bW;YfIuIzLS|t3ZF?i@!~E=q9@8e z`Ie6{b4b_6s@BNtp2Mxsf$~nv$Trt&wPGZ@cf@=IGvgJy9&#RYZ^=h>M**6wEX)ND zQ5`OaBfWApv-z94AQ5cdxV5O9Ts%2tMCG z6!ft-J*yNy&M`6g+zozuytJz?hu}M6WLPykDy;WYC%8P;5`3<09U#%?zm$vxKGPnn zbVkQ`w-4Xt)YNCjvvVgD3@R4~WBOcK#trI0f-{p0s_ z!JjS$5}4b;=}{R0-chG&!YrYg&#Z*f+dSg4O?_%D}^6993S*?pQ=iTOku81OTNrw#W-2@O8Y}-0ARmg+sQ30sv?8OKDzwNyM7C=jcRf0 zXGZxf52y`rU^B-VbU}cwwH`2X8~Q0KS$@uz>Ai%k-EC7IKsV_<8;#%wtp25H&4~fQu&H`rTSoH2E*sF0eW1>-vye%aq>d>zs)p?EXDGcmF;muuac)^Q4uMu)VGz}@XFvg^hMoP+AIiUw3fEQ#QljcUhN z^Xz+5?;)OlxGZfwjJGB@>eF>{FN2O;HB&C4!QFx^iL7w*F)sw0YMc^a+m@UnjUrlDJu7zeDxaFnYT0WizxuB7GL5nAHJbW zCz5mde~!)zpYvg;6rFCYc|_Qjkg$`B2Rm) z+sFj;zL(K}U{&ylwQF3uwGPEN-Y#-^weI%hPClCqn1cEynwU>VnIo(0xNj zWH)!dLcmqSCh&>-n{)eOw2*k5Ht2>Iuoo+gyY3*xX{=6{5EXzdK59~1Oq98;_|XUF zJ`F-O&sx8ME?4)+VrWA7UIdK`44^xup}q5^_Eb81>-tcWv^&*dB?qnn-16cHNP$0@vutimovMb$F-GlHb@* z6vOkU+8jaWnKIBZZ_y;a{ECZ{i%Fp+`?9rNU&7zNf&aAg-*MYk`x+X!{^Vhj3+&R; zdP9p1&jE_W&D~uhsAaTaeqn*`<>lqAkWkh--I=S}&Tw0$O+>k_U8&A}&9b{`UItWB zAddj|=CYeD z2tn0_1p+x8y&XPz`ex0&>&3_UQg-F;*AQM9D=q5~FGi{5xb-J7 zNpgIdT1@F9gG6=6G0Ccx5o}0kzo9dVR`YhN@QL0$eqxG1BE>~FahQ&6yqgw6!aCuE7FMt9y&Ge*oc|2f+B>ekXi zs`QA)b9j~X<2YIA`(jXBDS%J_TpvOdi@LBtK~|=t^Gf1;!mlpVm6mLw?*8E0o09De zLg~e9CWPbcY@0G$^KgaxxWIO3JCUZrQJvVw!)~e1kN}A@o3JBg!MtT7Slf8uv{p#{^~^+>=v9&A#iSGowMo{+{ou1v$La6VaFTHt$_H-EI%!;Ep(mvV18UW@Wi%eMf`u9dU=bEj!b(j(E z*07TK3J$do#&y1UjPJdQ<~M zyHZpkLnxq2uX|@%SZ?U@?AzA55`J>AM)K`uQ7dL#3{T;<1TI*pnpt56j&Yg*mdCFJ zi}*&q`95u+KK<<=b)q!CIza{f=DE3(SQ5jVH1K%*5;}VXHqd<+j3?}}nS+#~QXZE( zak$-G8C*|7IWVtF?kQFh7_7!dW>s-&&uwPAmVSi}a0DU~mD>l3>_@s+nuH+Dyt%_3 zSVTOBvBW4J}lI_ zzf|R@+doHa3D9Vmsi^?f8s92MjGlL7gO z{6XJeAl97UK{GT2v?vSXw1wI!xRb&2T!N|rm1@i{6L|N zDU*UOwu`gtQX*hI0nT?RK^$*;lM6Oa_|$gE-Vj7LN1D2e$xpEBwAJByN!4LTSt0Mb z!*;Sc;QA$+Tr#Xppmves3~#cqU5C{wqVgeh?^4bsT1w%%q0Ji%n^P`i+bf>v3UGz$ zKNHsrN@Q`r&oLQ&;H?Q3UA##_g%QNt^Uj>FMboDZM7Fx%+$-HNWR@4Fj8!SH!E!%cJiwe_)(;_IgDGFv_c*tg2U`72f^C>)-@z&^4JNw_XDvi z-a&_LtXFsXMS>0~*AI{#Qd$L?S#AYQ@4pXJdW?K&v4pWu7kgqjE6!?#&0t(u2lm>; zYcZk@`A%r?HDwbFaeC(>iJ?muz5*EmLDdRr&sa9JnCs&W^wKOg-|0m{$8npF2O1?L zk=1J&;iFlHa!+6JYIK8j9rex6(UlK>0)kQ|}y$B2~y{)*jnSVpg^gG~0Qhs$1mJmC4b z#X^DU#8NuZZv29XN}9-|&^X6ENjT;z554`1gK}4{I2=yQb%?sn{xuF!wwaZl}6c0Zh=x_`SLv?CN{ z8C|!C$+jJ(377ADbNZHa^S1v*x8s_Rbr)i0iBPyYhWK?TDj!yS%Ufd8o7g9+)d^7= z_hZoVZ9j`@7Fw8t@c>tant4y~vL$323uvqh55OU|=r1;$=%VNI2vR8}!g;7)Hj$ao zZ1tmHgc_b&4bWq2r+J+Id3t(V99{~0BCNp*F5y&$LqX)E^bjR$D*o^jlhj;`|FXl%o#Pv`t|BmPW(A zO3EeQzmi|9mwFyuvlJ(oip-GtFaS+WUvdA_R~9;1i#p$#ikF!zLvnR>PRFCc`Pl7asPQ%5tZ_9f6OEAv@!z zH|%gG!Eit8hO^5!14;d;^g@F}KlKd0AGcR7a^XE=;Y_p|91!01x4pjYpbAArhgSGD ze%{nOUC!6+Gq}n?oMD9U%c^&3`r+Kyik)=;P4{a*`~y$}1pfr+Fvy11x%HzZ>au3I7uAW! zTqj=jW-sg3fze9{l=mU7Knw)m$?V`!`Kc0!Hq1uX%gf71O-~bzb4vQ!xG@*(4|Q48 zRH`j6Fh3?EhHiVE7&d(qZs1^}Okq&?AsoqX;H`cbIDcZ^IufJsr$Sd4`T-l*<~rT> zSj134ARW+V3O0&^8~erNR)IzU+#4*hLn0WnQLDXk*M~_sxF>V8vXF2XCirI!9sxfa z4rg(7>k_d(4TR9^T4Cf~O@b2Jut+xs4pbB4=#0fGeu-s~0UdnfUC3#3lItQ<`JQHFNF(=W zavJlz@N~v9(=6>)ZjljB5*jx>IZm7#9!UEj6a~sd;7BN4LIQK}b^F2HV^9QLm>+pe za{)AWJq_qw9Z z$Es3Ms0Sb2`H+L&lOt3&6WtMQJz-F~i+{SH=vQPbKRn7laG%rv>bt=@JAHskTzo?I z8^FuUs<%k{HCr{hh~zIk#qBI)jPOZ{hVG;PVtsn2B2R9W{U{!KtDY+p`X`a0N*Iw5 zL3w>2TI)V}dA7E-UW+2WxKnia8rK@vi86wQT6Euk1=-vcFrc?t!VK^C#BH>~#_koW zEr!gX?!sBH?G2l!QBc|FrfZnhF|fZa)v@&8@@cQ>OF9@HD~nn z>2WLsS@~vFSb8I8knl-6=ZEhtGO@W1@yPML<4ZYHJBEClh@UCaYx>2`r(1AsK6&PuEuqO%WRb<{&U@cmKqs>mWtS;bdPZFW%7 z7b%KFAv9AHZd<&)wzYu- zhK9DDer?%9g+I~#n1r$4n=E<@9ZkhK2$OVN!ENR~X-LqPt6tFV5U{Z+q|*@-q1y4i z7Hw=1kjGO%+#(P4uqW=W7|q^!10E`V>kptw7Ot$ja)-1Y*bM#5wtS%xL~P=k#=H{K z?Ai5SzjChQ&0$#utYuxwqw@bsrw&d(&+#U`(9Cu4(3~qFu;kti+{&Czo28Q>RdhSa z*acHeaw;dF`}8)BM$k!7d>HVc!=2D_gJ8yMhc-oI9O>I2=nOT?^c`AvxXc$;j+m4abAC95C=7an$RadN#Q+p%iElHzpNgXEOA~f< zViW+nCG3c8O}PQ21v(C9XfS>3SAPp0p=I5|wPtw%cIxUKjXLm2F^2DkFBe(Jcjn;0 z%;n-HUKzU2YfCw>1bASAcL1Ij(wXiQjj4G_v2~-)fDdj+QZAzfP$OZMgQB9ME);xV z+Ria<9p{7^P?*<78P4z&daR#IirYy^=|=lNz*hC=*}JTv^%B^~BZK-$v#;1W4qpPmEocHFrE1(MqEJNMOY>|2zdDGIKrH$x)|*U z4=96aet4-bH5Zp0+M+DQQrphA0c7~x6Qyu-_|+ZR`^a)+`$hG!yn9U17!S3gG%ksn z+q3T{rs1=`QIIN5uxo>X9|))DAD{Kutv~7zr4O8aHE4-b4gVX?w zat@pjDeM6vcv>oS1mwfEA!1TLc@BX|WA7W*>r&Ul*darj(HSZ-&Zpg*f;m`Hdm@r! zSn~*EVWR<7BFuzO(46wnMjNy-L@O3qcT>;rZCG?SFw}}o%VMF*r`=OP@P-C{kJI7h zz7EebrG%o+Ry1K21UHr(a(rItMYxj7P!feX02x6#fm@ApV$snPZZ^Eur1!viB0Vs> zo?RUZ1AX<6boE7IjWT_Q6KIT(k{en1S|5zQ@Ik{K7ZF9MEnz_X%#0o$C9BD&Kp!~J zGqlQ#?GU3#j^m@{H=h!(E1t=@)l+2|Y$!hM{H1LGyM zy=8{2xn<4T9&QsT`pMxKy7=(@FO6n9$s@a9LJ#C!F6{VJ~zE;pn!!2bskrv^qO z?c8WMvgsY%e)vwfzMCV)bKSGh*-f0CWMxd!>=<-K<7eF7C0F(o?UiQQa;QU;iJ_tD zL}%jK=Vj&0fhG&2q)up-WXx$^9DnDKuovq7zSy$AevxnDsHr48qas*aNyWirq3MS7 zCZbw+6S6sj{F#ttKz)*;b6~bekO-TB?X8t(#y&h&!RMSWm%dhI)wH2&%naNF(gQ<_ z-~Wyk2T06m5@imk{nN?y%7&ybOCI{pZ4CKh5)f~?$1q^m*^=X{QW3{PFtD&D0m#_M z#>IaC3kz%C9yK}o7#$?tkV?*OIqXh!kFy>&2}UW6Q?O%gGy1(aC8r@Svn=< zPe3hU1N2axKVeie7iR5X#a5_HHO1j@7>v4J>pC@jEW`vMo6<@RaPE}O;_x0H%ybe@ zKE=)$i_r62ApRNNjb->Sm}hkv z5l6k2+K-O;mU!HC5-Uvg#^ti~twY;)lMe46zQ#2jsIQdb$zVadWy^y`;v^eIE;4bw zL!Xf*bP%CT*Etb2=B>siGtLZelA!O5w{~+WC7Ys)*D-A>uKjR?1G%^Z+PF~Pn+2=b z@3uk>dV-Py>N|l{$GD((lI7Tie5`Odxz39UW3&b@P6_*_EnM|+TdkOgxw(-9R~e8$ zf&?MWTClS8VdRlKuzTW@d1ja0n}2b$h~xa;#}pAZ+i1ml!lI1cVxPkzh*bVcRJLaR z6+5Z+^BSOc(#I8=1w=_?*0a>mlms@ETQ|`aYE>x$-2is|R^}QLsVbv{UNa61dGyW` zArS+<@8ib4weXs$L%1Tn8F>7O;KO^{-=V1j>=XwmD8}RmB>?UU{4mg#_-`Eux~YK% zeWc#?E$cJG^rPSz$61ZZ1{mRNHqM3UE)coFK}KV}4aq~=5}5Dn>_Qa(E-4K<;2@$l zR_2rI7ni`7mGfthSkja(;~xtTA7BX@?TBv)v|F1=0JTGuSBv_g{{rY(z9>Owv6Jk2 zowPq97@o*me?8%|ottfb!w6-OUP7?@h_DwHF%uNOVyh52p7d>>H^eD@$qeU$8)XoF zE!BYy&OUc`%wptQdI&a@N%AX0-xQ6QI_gBk-nhf0@NN+S@)`^U;^29UR=CVbsy4Dv zPr@su`(&K2C`9dAs4Pai3i3CF;aX=;LA(Yc8rmOoALm)P`C1}YNqDr`WcGHt$~9w* z{>I!U!1WB)B2Sve3I}}7ax5F#7k2HqM6>BL_>#?c z?Omf2D4{4jS_ zyAF{sM|w}ckUUYcyF&wW^v-(c$k(#Hsmy}!ikU(lbfBU-9F<*SB&v+Vn61z`4XBl( zF}ugP_a-Db0v#B264wrGQlPDBtw^MXh2R})6LHc+l&+~&1X-QGkJI-1#o$;vjx~mC zah0OK)XValu9kDL>wUrpL?&r#c5CLl8F=`_pY`*8)&W$LydNU{i#s2tN%zBw1=C{S zLXqgDvh@eG(jNj2i)2aFbu`TzqHa^I`*CBj_-Mx{5SxlMmZ6+i-}RwT4a+I5mZr0$ z2`s9?-13oW7~FA(@ajrC(oiB!kM^{c#tZ$|1owj`C`fyN`xZf(cXGCw8?L~MhO6YS z0bmaaH2+jP(Mrs+&cZB;PN<~Y2|JfIR#32f*Dk5}xABif!;D=Mx~Mg!3At3yx2f3H zF48Cd0$xY;=%T5ZiSe{%I@`klZrfqDo3P@eXl^uSG>h3&&hU$>`Uof;TwYC6*yPbj ziGiIkQL?rbcT}&rH_4*_{dKTednaha|q~qy;!lR;`=^*Cdp?Vm*FJ z|Gy^?2b!KlczO6n1*93|k9G1mv4}_2S|hvR3%`YA;ylq%EP1L!#kFb`5%-Nw9$Y!d zQn546Mt;&vnFU)+p1TDgIm!^ldJxBCZgvf~B#z4be^Ay<~Qz(OZP7cfQw^3600pEeC|JYtY%O|ffb`4 zK!nrZD2Nz>6^bS94Y>?0fkT1FA`XJ0U=DN*`lc|CYHiwSiBY&~WmysUY8Md#&BCt; zd`hW;gB@g8x#PJX{sdK4xFmaFnm#YOCqwd~|yme|CJF3dnk3 z{U|KJcFkxco!$^>YXDF``zBR^0H<2R31e~vv4~)C=@Ptj9J`d!^aNIf_jT(`q`3z zTjOoKUpXKfSSf*7_$#Czr)64qT8gho&$aTdrd#7)snb86b2 z3($Xj$i;UC8P|GnIV9$ojnE`l$qo3jYzu8qg_B3S&LU7a+(D}j*h{S%Bo(;w7>?`{ zD){><4Tmg3<}uZyq=IAfu>z|cvN3#pc?8$A%IAqis9e0G&B&1D9dHm#?Um?mS=3Ef zVjl7Gx!y2W@o*4usV~?TAhu5+T;Zx zmuPh4-dJ1c%DU}1a)f)rHDrWvTsIvK2%!gu68wxjWhXi*-Uu-Y{*Sl1&K`erI@ z7SC72#W$HCLb$H@2&eLZ48@HpQD1bSZ?jc!we(?B;)sl3NuoPG{TEB2fH;#@jB55R__cFGFZ1ajx(UM?Me$Yz z8GFd`J#A;J&ML`+i<8i@)#m+S_Tpug4r?>O`7@kvT6!l>MTp-1oVoroO5c#k(bbV5| zE^z}NsJTCr5wARNJ)7Tqee~sz)u`SXvtJyAghhx7S*iD7Q_30cL|)A(?t1>Fnc$lA zS-FiiMfcm@{ED)$DszB3Q}QY4j`|JId_V@85A}vVu}gM5i)d8h+#unbEW9D%5}Mh! zQ{H-2tl+;wZ^8|2jTUW_+-K{MtaJ1GpeW#o#ZqobC6 zaX&Xb1z)&FxrKNBp!fuzW?84h`h8_3la5`?THm42SRbou$N%cN=_xJU<{KA>zr^YA zv=os^IJ0})iBgGoE;!5vv;6mwcu}?vAk6t^;R9@K`T10OfLI|zrgX=APs4&hqao&; z{&c*aUP+p78OGESw*+6To&;7ZNnHNHySB+J4^6BvD;!kI?YpqD@;;L)=A4543pjcD z9Bpc6s!gWo*~tmb4wnkaVU2kKFRT$t3QkZu6p!(fo7KxTh);yf2ju%@Xo0c$6ZI4a z(EQ}}>^j&p6VFYVXx&w${?~2zXX~D(QB<RfQ2!EKDtk7$7U9B>(YEKA$hHg279ovBnUaaXX(xyBZFBz@U6qi69p;#_htR^@F%)$APCe}XeL51ew>GyyoBQ@z z<;50ZmS_(4-ZMf9_$Jwg804`67ri6IVjq+DGrxMm@D#Ol%O-r6$bJ!=nj#cA>F{HR z|5#(eSMF5FN}4Dv|4u_(wOAmC^|MtR)nQ=Bid2t$MvzYZ{9ai5-8Sytb!FmZ^vDrkfXz2I4Qb|ns z!s;~x!kXutp%@a;8Z)}s90)$DU5yYdlU)?7A{cvZFd+6(Rp z4)o|uH`|;*vW+`#l|^NqhX!)b07 zYI2$Zg!j$nGtFkZPK-+c#E)N18zA@1pr9{5Q&03iVbtSp2b6A-3@{ZCceP){x6b^t zC$41*lQ;*2a%Fve8x-%LUMS3ZBM~|GG*Y1Afq6j*g9pmWp!cw-ssU)8(xVb=r;27v z6b=E$Z9G<32kXb}VO9CLa5g>fTyrn-A{;Pg;TX|!Vm%C~dt683z5aHIk8wEqwU?k6E$|J_f@Y;o!+?6E|f zEBJS%v3t1VzWcab{PO|ci2WWAi}vO6qQ8-k%ITB=En?)d4D4|jDJGUdZ^g_pYHvQy zrE?d)#p^C;3H8QsigSalYa2cpIOd+Yo+XbYcif6I7L_*$rUGzh26Gbx%oFzqt&oaz z#-Wq&KaPj!XanSUL^_Sq4SI@1*d>rdvyrA@A2UKs71r-pU5$(qHPtk$QW}<&%H8#K z*8`JDn1tyDQ9NC~2G7@j{GPegO%y22QyKN9S9go{-i0m^DjANF$ytKp% z05A>U-nxN-u#nX^vun_hzz-u5q-;n)!ggs491ZF}b(I7srB1SJ)81Lus&uhNAKl`> zxW6P5o~;Bec;Sm+rtz7|%CIeA9fbNlyU4|gq8rE{t-T+uUKnJCHGX#<)$`{$P*x*e zjqS2_=Z0g=8Ke#`Hgy3_)*;N(TzwN+f>YGWoR}Y3>hO8Z4fex0sTnBgVog2-Tm7qy zmf1uh??cOzV0f{xQ;Pz?4g9Ykt>4D_KHQ10;%#ypRmW%KcDIw*Qh^^TPL$sMb5Vdz zfAB2kCvWLZ^l0sDAi@<5q-Vwj*4PHcBKHvbG=5K54I6%&mLRgMpMdCtANeE-$(NjJ zF+CbIs50+(&`nzJ3PR92OpxWr_m?=+nc}jz3pbbelAb!0uXtBma8&pdE(jD!paFY6z?aE^Lxu%S6)27)oBgD$ zgaSfpVl&U8fC;7$UYP~(uH~|gaI})TXNO#O`lEj^W;C5LH=WYn?HDWnlOB8bvR?zZ z#?w-Bh3Yl8r+y75V`ESGrw)(m3ROA6_QUqGDVlbPzrTNydqb5*>tbrRRhc~f(?hSc zr@(34P;4L&a^q=u>ce@JC`b!-;&p&j?0S2hT{_j{i}>2$c3-HpGq;5>4W!=5EZce( zwo)Now=~&88f<+09yL(bTXbE9j18&80Q+$hE%2wDVi7noe~!^_YSkSjWh0x9ph=iS zKPJe}J$6k} zUNjDw>#`SG(iZJRSJ7kmcaV}E^cYn0t%`!KUwP`H{(R)d8S{W&2VyEh<3Jq2+63#& zTGeQj7et?(ZeGEE0~J@+V*{y`z6{PWJ2=?&o^)UTm1}~{)pokG1C_Y^Hq)e=Qga|n zm8WgIBs^oIZ^@-g^7+%n*jYp&xLyq~sf_@bF&P8!&?`=^oh;jly6Pqin0I(zquW9R ztGzXsV^XE_7A{m1UJY}I7xtb;L9$a;xZFE3ZGzh?C+{uuJ*j?8h9R#!@rA#cj4iD9 ziFo`$>g}1-qox0BaS0;bJRnm7vF#2wYxxWFFU49n`esAl6M*#OB3H7F$^C*{cBhpk zzd#Ye!wbro*UaNh#-=2>=58wSOIjt_nxAGk02_olk+!jvL8pDrE~&94S+a zu!L&ezAl)`sgf930-j6E$=8OzoaIVB;+RXun4U9h`0@ZgEv|4b?mbgFQfDxVV=WKn z-s!c<=Q!Ltr}KyFfyA~dS6)|Hj;WlaKkNi$o4u5WZS$@> zgT4rI$G@$v`U8+!8(@e(TtT;8zhG&yX$@T4;mWWbELFp!PFzL~!^-4?*EzKY8@Z5EVJHL<+J&evuK0@k-4>QR2&-C5Ij;d*{r!ls7MUE3>U#?G?Yi+y-=36G zi(RCgf!muKOACI$Jqze7T6dM55pyVxxy%1CF?~tv4Zj?5@}a>kWwRS7sM3Ie_w8Xy z$Za&_VD&a@T^4EQD3g(R1K~-w67!jMBX(hXia41R`BQt(-4`c2KMeScQ&f)eX8Q4N zbuC{Gw$>)M6VQDiA(X`%V0rgo41|4%-2LO!pYJGk5*k?}%C9qZAk_w{gIJu3qLY7p zQ~2M^OxsH}+Ri8=YdI5FJX3#?J5syx;9kY_e6`jXL#8bsb(zmuN?A-bXNO}ay1*tx z<+*6?CIgwS(c*)9^B9PyEQ9sjZN(mi^}qxs-p_cg-yOMioO}j2sK<~+ecRG5OWN0c zs}2X837bl6^ahAO5`yrotBm=pi<i60Uu}Vg8wvD#2uQa)>NV);5W0kVICZcic4lrVMDEzjsvR=u z4E>#KW78y%L;Zgv%@})v-^K1g{^<(|xgCxP%a2TZCV+{`&=0drk3hNkns#W9hIPj& zy~h^t#TU8ybptcUl4gBs`%J5p#hG;UrjC^cjg?M4W?+n9IrHPdKlAR6`p-`M z?_Bv%R?6;>z8|!sFc7D^Cy-PG)9^GwKhPB0dpcQb!u4j<<0kwy+l_Qs#aX;2wP*3* zS(Qabs=3<&%$P4fk2f~su==_tU@s$Vi!onfglJCbjRZ)^Kn6a1boe(h$k1t8>chOP zLCbEM#r}Q6RgIxW4Z1ff*6}@Krzt!8##!0HT$orT`Y;pr{$pkz|9VZSI4=osAMP8Y zi{YOBZk007w2$8NY=U$z@l9lt*X$2XQd)i%lsIfssY^E>dONt*AH!fxy6BcdvN9L0 zn3CR%dmQ-zmq~p~hKreXuaMZV?|lgM{@M#(CT2)4Z!F}Kq2zMkMxjbnw^p^knZWV2Pai+bUml11ShQ?A3q+rB`W9}4 z;9^i|>o^RxvZ{hCd~|+y&luG&sWh~)*WN{@fY5bZSjp>&5uuRGuoMXUA>d_6h0a;4 zFc%++b69n7BO0%KrPqJ14Yu7L=Luy-uqnDv5|Mkzvjl}C%Qat*RWl9gXsCV~=%VlS zB0}3_=1Htr)^dHJO7dgg<4d!T+~h9J8Uv=~j*j~Ovk7Afsanb4idLp4Mcc9{r+D;F z(Z#t=Q?`?F54wxP8K_u`lx)*{&3L*rn5W77Z@%jVi|S}t?)}xHFRDaYR{pU)>JCas zmZ3DL)1gOT&iF?DQSD1V9haj{)7HKu8h34CPKFj{BGdf=3Ss0{T<*27PrXp+@FuKD z>8cN9&yIKDCVI9KuCh-vd*hPipvX9h5J80bBNaERxu+o4)jkibC8$M%uS65qhc5NI z<1F^c2C2*2BP(ZdKiPEK&Bw)s1&c{CcR8#-ZjCFb;+IcayHFul3Y#j=e;bD1aHyp& z^C15RpKqPo&OkaY!2zV2uwmq&G1TM5$-nCQu_9uoBdXT70r17oWF5|123USA(YW$~ z9U;_g2~A-kCkzk%V`OBvX$}J&5`w*=AbNb1e%hdqxwd5FGg0N#dgmZ?L*^e%WEA=b zuB{oo(hi*=zjPHM(wmgLdnz+F>6zhG zoT9J<_lrGfl$vaTvsMD}IThWvEcRbjb4{W6{&oC>@Pji7{bgBp?qyZ60x1gRztVAHc$6n}{V@pD= z&;Dn(MNNf&d(CnohI?C64WB&81*n>Z#`|5@DE}*YkG)paIthYTT9av4|e169_Hrb+p-6Dsb-=l@8DWgxN?dfO7vn2dKY5`KhqW?^axGh;{}cA_-}& zp9bVzq<|*E=Z79FHu{X`+Qwy~*LZv1%Wn}+R(dE!RTElsleU?-1ze!29n#vGX$&v=pTx0KcLwZR&pCyjbnQxfxp>>I? zMM}+Xc0WXCJM-8_qL7mipGd?ayO}6>HfeQK!i0Azo85laG0Q7*W%n@tIs4k+f2>`Q zTJZO#!VT(kFabz@b}xpoGqHiya|ONcegDtgzoza>Dj^$K@!h*5$JNFGe}S~nVLyvo z@|)ZUv=*To>)VTd8T$WzD{~$0EfRDYP?NoS9SqY#a{YI!5>1O>^G`;z?i;;saZA!&b7?jJdh z`nrb)MY6iDy}q~hj}5O+Tt0t(Z5R_@nqoIeFumy)S)R(^_>>fIYT>pKa6duZdx7Y) zo1##vRb?45tBfLJl->k|zfW1Va>=Gx$#UVTEeGkcrpE{Knkm3d9(m_hG@RIYc<3M@ zA^p1#W#W}qf%O-Hp#g@(z8iqmN*7wACQah3TEHczQJ0Ruho5PL_!fZ2E8Bw4Ab(`U z_uR=ss*jum2Q$#8H4#bG%1cM{oZyq&1n!@k2 z$?ebY_9?;M%Y;*C&~1&$M73^BGyD^8!DBpN<2F^UmgCl0_h8xg;V%>R(P@e>ZPy zsZcdk>gA`)6ei5#EP`3n4Mi|~X_l_PIjEaN#u0O6MjzF4hydAcp@+3f9Rr7Paw z-6{X$IGF+Nz%B6-E3pvIPtV=2ch0Z>jGCM67RpaIzH9{g`P}`m$>VRG0}5ASD2IVE zCfG=Zc~L9P*_u#2lK#CcI-<7f+=)$uq;Nws^KWK?RP!Y|mHGZjB^y#BHe?Bc;vKjT zH3!InXPvVF^=tmu)1J`Bih@9q3etq>Nuk!UEyo(giRyV%XIdxAyKD_6GPs)y(ikKsiBA%v@gr`Mh5Lp5PI02^IB`mo?4v4ruT;T1Vr@~ zK}d+HT_%8qUvn4SIvYGZyxvU+`ccyi`oKRccSqo;Tsg&Fd0T$&nim<^F0Xd;6T%j0 zXVp;w?9?spu;RCs2xSQ70Hs0Cmq4D(C81>~f=)$I>_UPM2p9~+9#{3Ex#s@CYM05Q#``&cZV3no#`%cgte9od=Bi+`IwKc!x-uTGkZlV{$T z&rlk1{nGr#0AtR>b4f|b4`_eoBLE2hn|{x#G2b^2`CDGNXzr%d07HZSYMd=(!L#bi z64*f4BC7}mAh+E0f3>ofIkX#v-5Iq>Xnkl3R=^HW5g}s2#l}#@m*Nr*LqZsR@R^E> zaYx?M5hYG40oK>3RR*JtAo zl!+_wGHwqjUc5$AlSI#ie2!F1SZm%l%)Fc>2tt`F@;+w!1Lu3@*Rw8_eD7^kpA&-( zRzT_EHh@Sx{x0weU-)tue=k`UD}`QZca+>Ytz}k16dnx386^tullbhhnXmvFvqt&n`NyUXM9nNZn{rb|rz@a2d6a)SxidqdZV=Z7)LnWdmwNRy1Z=vFmTVSJwrvhMYY&S}mG|z4UD9 zu@phimsiK{`}6^mu)Spi=k$i4my^$eZxbyZLS zI%CR8csrVI7t`50EIK;Z|7wDkw%K}`?D6?Pk_#w2Uzr`2Yg70gmdA6TH;j5s<`MsG zhczZI%D_T*Kp5xUn%71^ z`@c~(0}E=xB1xR_AlE(d->W~mo%>$y+_qzwCV}0a5x9=HJ?;VK?9A|4z>ci`cSrKC z?2O0>d*}1jl>494-B0f_jJ(!$C2oqa3FWipY zD5^PV1K2V5vMdr)j6VJV0m&kge=n2V{yrW|W%E0ff@>yhB(6z+0Pg|GHTx!A&q|sA z=fxYVjUMw6G@q5PPzGSB)zliatN;5?ckX999H-5zi{I+}_|U#CC%4;uJpv2NQoDQ!}U%pMdPB-txTno2{qjF7#vDV2tinLQE>O32JiR(3-69!2&} z`Hsu?eSf@vJn!?k@89pb&g(pn<2aA=x?6Rh9vOHUs2K2fzWox3sa`Mk5cYqQUe^6S zA_mbv>s*Ee*T4#=pCs&8Hr~k^IadniGg2yX5Mso3FdmJ<`lkWbRkdZ941PP$ADom@ zp!R|%0E|Ra`tQ$6RnH4%_vg$ttEboH|2DG-Bw;sQd#B)PpJ>P$6snV2sMvK$@;?Pu zyCB@+Ub#@PAeA%y_0Zt`U5d{NSE>qwaBp?t${_z>q)lyQk$b`wf5HN^{!KqO{4*bL zp3h%mJeyN}rhB^1nll)(7P-;ReQ}Rp zoZ%~2)LlD)2%bPW8vGuic?Xa7-(NQdQ_I-`120Ld&UZOaj8&5bNT*K&M0{WkVD**n z(^x=fRaU{=5kfkKtdN2NcPWa>+PB^2hTiQ4oViATT0iK>%}2K)2Mk*L8?w;He^)iM z{5I+R*XCkX!>IkJRZf}Dr5AGQD%n>T6>?^3B?eh19K6U|PXmTm?KO<_m*)nKUWQy&17fJ6)D_I7>p5)joZ^yz+chdk_UvA&y<=_oOLikGS2??T9@(wd9OnjkhFcT!b*|$! zYYQ$%E5(IF8JVn>ajsywDdp>Sk&b;F913iXFInt==%m^Hys~zVu?uk>wv88C#ZqRh z@EMOERSe6lI_BUE>Z3|nf8NYpQSfK{P=0>?bOonh#X{k#D*>NjQfqYJ>)(ZLev&P4 zw3U_LsqJ6=Q@DCaq{|^5S2S5THAW1O%)I}6h`zHttJj#>>S*CVleH92f+%mXls|;l zZPGK%sDVQa?>@NL@Aur_pH6IfBz|urmj2FCq(#x+&99oaQ%QEP82P+>e`w6C4i>p)y68K%;5a2o;IV`C_5-?ykdZ?|p zSh@F)Ib`Ken%~B|zM7PI_;M`UI%e)^tDNZr#fGOf`5UtzdNdk|elOKYz0AhM&oX}d z=I#xuSKiAnnf^Dy_v&zJI1R%VRnvgM8%a%X^9J_w`+L$#t7y%>U^oju1hz+V__kD! z2bKP(-wi*q^NL5JG?N>pKDID9y})oE;|UC6%y|&e(r74+m$Il_aM~3{0Y|-7Rw^a zHHv%vhUR`ERjk2wWTYXKt8#X){#zid+qznyyaKuM z0C@|7(WR#zU#d8g)xj|w?fhO6VU#ve@aOBhtgdiJug2rS#l^BY$bYv`>I3XXn=2U# z7v-0h>fHHAO~tPzf0g;$C{uY}d-)2<4g=*f|5CweWqrke@i^AnL~~|!IhjN)+-!P# zeXSH~P2OWzE9T^R*0Mqi^6m6JhP)Hzc~ht9=p28WXdjwzD3=%rH+f%KFi|f@8+;`5 z$4R%Di0%RFHg?xpCDlT=e3Id;TW>wD-2YsIBdf#uscA>HlGfCd8x>o%CfBvvx0?+T zCBo!=>>|1uYxDZBBE0bO_K|ahPU&lX9@Hzj^c&=epy1O-33*=@^W?I{O z1i^-QCXy6Lo(MUNAD1PIHs5aXoTM%q>BXC*0Fs=A_Z3-s?!LsZ1Q2q#`|tRjL5MYG z)SE0m{T5z(YXs>xT<uD&s zYe0m2AGzG8wiuO24nTShPmt0%9nb!kr^<1a2zE)z?*d3Nw5}0qsR-DAe&C&jYZ5@P zGFkq|{VFtK13O5K)(1U(4k+eq-E{rNEf2Q*GV=Ok$YN=$|Nd0fxy=ib>TqlDYjCTL zSy!HFCIZN@^pMtnE!yt+l8AFvrh4f=W1QqoG;AB>zu|@UHHe($uVGUol!i)P#oWDk zI%oM;QhMGTIlcCsb~o?>e7PeWIZ&SlNkp>V=}>Y5yC(H-Eky!aeO(%k;g|W-TBqNd zb}LQ4a%T<>(lOe!fFD;cNnH=%@@HS^*=Sv|U8LgfMmC;}thUcIT<4ksxE`<7WE7vT zlp9(0k#zl(FZT>dgyhf@Xig9(9oUkgy}-67mX3reZWf z&qyk14YNV5AjE%wVCXSm?&%^b+6n}Dq=XF-9oBFWRE~Qqy|nJn)}D(qS@!C7+{0S_W@36T&#t)+Fl{i)RPVm$!xEw5}d z51BWH!2C4<#-ZPbEGJQ$_*yjYM3G^h?$y8DRY=i?*KkprNlGwoi>ZQKHu&$)L|v1> z&0-;E0wdHNm#Vb+M7mwlN%hXT(-ER>&YR-Yl%!9xC7~?^IQCUgI|fJM{X&d04ie1t z=uzIkxs>M%dBaj9#?Jts98*m<@X71lZt<)s=|&YIT>^M#EvMMEXbuv-4E!cWP;wQr zDld|P^m2pWS5ln`Z_#iZ3?_7B4Z_k&%|0WUb}jYT#Qf2qqZ9l6v2lRBh73R@Jbv6U ze>#TsaR}C+anlX$BScdPR1`l8rW@g}y)sTh`h9lamZg67RUX7LmQuDA>3=Qn#rz#J zT>H9miLU=hre4D?T5}BfBl2n3t11L76;TV;vPnzckPtbJm8<_IR=<)jGiiDMPGT2M zl*(EVE4&nUT1&3MH?(;1?}DL5*I2Jil~+Ar(BdK5EO@l4eYfi!04;UEaQ1(_>}y4A zD_`~r@{}Y8+76q!cV#6$?k`d-sm#-ipu(NN?L=d+1 zWKJrR*L{bZ-_O5#LoJ!ZM3b?lHanivWRFcQjaS8wD&yV%RC-17_>Sf5h@iC#%=mn+ z!t~wak_Se-3@SbyD#kOvl2XX7f?+0)fgGd(5>`Qi;Ya+e9zk(RQtinl_#Q-e>r!i- z+W`*zjELQH7Kfg@(_eO7(vRhT!a)ko3ZT=cm$$KEI3u(DG19lm85E5%YkO`1FmbytVPS& zY&={%aiQ~$cF2_}$vkIR%3HUN;pmNlgQ^?u(w}aQlk(ZBos5%7BHTlJGb}3|Ei>s+_na0d1!J{aj9wj7V;c zTSg0_hN6hD9MZor@0`b}=Y18)u_m@`cp5%ex0yR~A321irPKNkhvL)VsP<~^801C* zt8Uf(vw)gKzzsMFE{o#mc%TP)5#^gnri&t~z+e~Wy-fwXnOD!KD2!-$Z#MPMPAQrNggshXc zi6fdT1NaA*`7m{h{OfCI9AxE?_Tpy-qSe)X;|tnk#N^*bh#vVQuCqJWj@+M#!a@=y z)`;0*ntJXSmt$01w33r2LegEoo#n3l8hmJwywu>ESJ7X`<<3?B<3Fn*_u09O>9JS& z>n8huj)`*mwOZG8$4mA4{_gkfQ}*k_xpp#dP`9S0yBu)tnKzH@h9CieEOAaf<)hxA zWy!D4C|id_dU939Ri@rH8i{QDqo?&dOL0y*i`nk9TVcz>pGA*x=Q=4vuePMO%I}=0 zrlzJQ9VA5^Cikgjnmz_f?eEC3k$+K->7YcaoE60aPBF2)6NRhN*4EY^Oj`Ipnzrsl zo45!J<$gzp##mQAGiv`SDEk5yU6S;B_UQI~d3-wT$i96PySNokVZy%t?e#+|vyGPw zF0o2F>|l3W{BIo<6&(wUH|o!e8!1|wXlPE`+Y9UJ>V9xpvPL=E+}hfDAnCxtYvLtA z{{DBz#!ThpS)`nfzrB%SUdBqX=dg+g6cG*)5e6?B){}t;F4iZj3RZ^;ZAAbHG6|bL zs*_n|f&QbQqx0YVSgYr;TVH!J+sy^nZ98UuMQ|Mjt}GN*jnymn)%o@P&7-GJOTIkb zMM?2zVL~B7*o-_ai?jFIBd)W@B zzHx01tAss$Tzme~Py{|oj(p`rx5ZF+ODv7zty{Nx6P{}w8@5(dq|tJnyMEmC#}0`* zCDG>R zKSd3eLwXXozi~lwTIc5GCTctKtY2gE)~zMa{*#+TISns*^dkZIY>&*!q-UxfT5JwT z-~Issy3KO=PIH!3N3ufy4i67|m3Yx|9y_*kp~HqY)3o&-r-E+}^u$Nr-d}o4ynF%LDvZ=LEJpXvtEFDl3JVJpwI0|+K|Ws8WpUDCUHjZh1NJX6lmAx`wo9SwuY^J=)ZPDzyl(#5(*s(hBHoh5cgb!O~AH)Lq+od<7F7e~bVA zBJ#pf$DHMgx`+XvZ{r*Gr~@{KZuXA^M|=nnceB|RKD+j!^tVvvCvGg zGB@CbtG4iIOI-Y(MSJFUIWHRdl84)^mS=B|y2Qx1cj@pTuKWsI|MZb(Lp*){{CN@rWu@`@ zgV$c)Jdtp5IiNf*HkQJ$Hd5BWAW>DjBm43R^UIfa;9yzK)QH5Bk1R;Pl5oyIll#B{ z4o=PzC2g*S!HEgK&``!mal0)DdEa|xHG0h{c#b}#r;)adL-XUEPd|S?Y5VK@W@cg2 z6L`HQ$6mwd0>Ry9zX*tnGs >xn*XA&tL)5n}V0=PNE!_Xf5gwisCr{q{$<7fJzPRY{(Wv2bgQ;(! z1ScmI2={A^oMTv?ZTsjC24BwlBAY*+J8C&SaF#{Xk^;x|3wA3NEfEg8b1z1eRa72* z{CHgOz=H=547A>V8W+b>e4Skqb^n(aC%k9Rp1#iywip`fk{l*x1a=)YC#WuHLfA zy~UC+egJWRW^#sg^Pu44$B${~sP;O)aWrmtvEhB;Kd0(Yf%uB93l}d66$h|MIqgGa zjkcsHT)7euU(t5)q&h|9`2Nxi!!eI9<>eAD3azZHjK00xyl&k(vca5(4{w7Mv7XS$ zq<7+2Nl7+Ztm@tG->)e|T|*}B!RbeC%&Ragt(_E2J7q^AtnbU_^yZT%Pd*C{eh}mS zZ!h-#bdn(KSKYUFIGor_q*gTYCm&(!^c&1p62~J$)@QNA1`bk71bJ;F?X+?SDd;r+2AF^ zD>J%wru@l!furom @YqR#V&A8u!Ui10OS&wN*5@MkE(;;8+YN*>_DkT?>D?f3JO zk;c3#QZ$F-f8yn9qa^wvmdGRB($UfN@@#ARD}mLk&#^K5Xx_;L;C?4BW;mwtZ{Fq{ zS}K#(^pifKnjmR>PV-}rfzm0@o;@2XW^({)>OkAI%QT!zj;BuD_bHmN$B&8`i1GQ-1XC8*gG6%xt>pkgw$+$%ZLIM)gcn zt4(_rmzH|b{-bHynsdo_z9LjXUj9EmzFLp#>c5)jzt+^0KG}V!K1Ew5=!p6rgs%c@ znv-DTstGn`Ws&7V{QR`4s;ZMt`I~5Iy^v%4FLya3yb?FzM8uyFSAX&^qrdjHU6`Qq z(T3aBt*h`PirNf$)6qTq8y*z2o&tY%=XJ(oqxe&#y9h;ZInuNzv|kIF$2yGm zt5qJ9lw@&U7%xRZe>x_@YYgVTAaJvYV)l1C1FiJpzD%?Bhbe{s+Um!SGk&{!OvGvv z@A%M+CjG0AZ`BCv}nmD%0;#ltzv&#{|#a|igU`J70i7^&^isIH3raiFwf zA@-KO+14T-Zo@C2xAmi}?6dhbdhWrMGY2W|VUJ=t=Y0l~T*;=l)X)3VIL= zRnqh~2LuMz{4winoLjWnB~nv9@Ml-f*UnFONIIgT-c|&s3pc4QNcw`M0atD&wfL0x z%c`j{|Nl@z|S|ty97l>nsTHZo=Tz}^6;P_VNUTZC`jL1QA>->mqo1aM~}vL z-YsIu@4x&xH(ewaA z@=P&GJnrO!Es4(>%g!Dd?;&XO%$ZGBu3Xvn`q0(H3;rg-yjQ7_yeq1!KfXUQG;U1w zt2wUq26rpcX1Qxc_6$?~^t%_|I4RVI?mOQ#%6A+;S1Vk0fII28cQQkWR!Cx~i^Hbi z5exS}%mApqF>cG7w=(dZI(Kf%X+Jiz*8=9l)DsGo1s5WOw*#3`5qt`YyB@+~%p~*) z(Qqy0*Ow_R3YHFF2R;}#9n{FSq(rY1y^(Y2Hqx*Z0X15UcZi`Fu5loYXW344rmUJNL&>3qUSheA!C8@IM}EjG)ALl|>Z3>%dK~2%uglT`JBEvfu0=`Q zp~*0AvOe_^<7*cOz8zuepK^E>8u|#O{RJW;8xjnQs;IWl<{ZA0@0)Wo0kGxOXi^nY52-w``)io6`s(&B!B6(TPukjkj7zSZvp}PdYybYe%ez~gZ|A7L zE9!gtDIz-Bd_*<);Pqo(df;+jpY!_x>jf_L=KDuSkB`vBG2c1I^$}Chj~+iRMi%#k zSf=x5{uH8UJ^WaI{=$`es52c<6MYRc-U(t?k;eLm zW86S$idB2YT zNR1DZ7~gQqgo(SDq3e^kf?9_0gO@M4SS0L|E3&6m#<~mHiwd89zeTg*!ns7n#_t^? zvZeWa+6CUD??2T}397bawuA{9en4aGzLytCrJwFhP)}OO(*Nyq{X&y`{Pao;&n}H8 zcT$ezG2cAz^TWY%O!McuU0J?m!qQB4Je#l4)vOLbPTgI2bYJ}yy-ZIfW^vau#@lUc zDw}F5O(`nNd~WgA+xO%&xlO86BI$MoT<%KNtRAywc%kMSBY=5^k2_&*K z6rfzlFxy8q8J0(dmiL;7 z8ec?em|;NKE#zjLLwI-T(06s79{sX3z_H?D>VMJ10(14An+GE%w~lj~{ywgwC;1Mn)#yXb!@JMA<2u zrB;d`98bQTzb|_p6yBgV@-Yr^KazSxrLvGwJ%whjZShD$ywy~nyw|S8blz!J*iwqn zu6PJtXD1%$G?-TIor!U#hDPUKXfuBvO)2z63E>P=%`{cbL+j#4uH7N&)fJnhUZB+@ zJ9q7}8mOSVmZHT93j7)8&%3PwmOwvrU#S4nCDE#z>zfl3KhN%W8^3>l{lMU0 zoLPG&*%`nV@jK(D89GcCX6)|WyEh5L%2xCV<-q9=-gxhgq^*au;w#O7Vo?^Ci>3!T zd)TuY(Ma8_FeV-kUM{XL#dTe&dKJlIth|#4?4A$*I)G}XPPViOd6(Hb%q0LX`BE`u1~tbUmYp73*@y(W_9UOvT8atiscDBrWJ(6yXNibxqz_n z9(dDAV`V*eKo+CgNVD(Y!7cE2l|0zW;LRm25|S=vPL3p2+6pxG``hbPZFH_PLp39f zuV|NNe|p9%_`N_z%|_dwWx^5WX#eo=C*alp9X+~(L>Gh||Hw%1fdPHU@O$MRZj*&E zjp$V0yJ}-({1A5RXo$(-6H}3Ka87#x&QF5tTYdb;EwL}bVZpET6J@3@y}Im{^AkCa zPLVWOl-zqoedlj4doasfTF9wiHE2DaHFEc&arO2KKdziN?~2pfmKzs4&hduR%rw@{ zP?I&TGsA?T%b|a}?L-$VLE`{`d>Yvv$h$ky)DmF5H+NUa^v6*GH{l98ZDhm)T3Y{F ziF5W>(^fB9_Oj)<(Wj@HKHhonSkC6Raqr%}ixBUR8rAR1TkL!K$j67^{)TtzB2;5x zCD9=v4~Y)wxsg_QBIc;hI^?b)rryRY<}Q{aW!GF*i3|j-O~Cj&&-(T2dlskqk@!Ve zgx0MrVPoiojK3GXR*JWr9Z^DabqnarB0`RQ86Lm$_ujojWdC#yBzk>){T^S5@uJ2{GCs-4hgl$hLP;&)%zYt9b&Q&&_xnfYn!2C` z6oqZ1Qh88Pkpn@wc!zHGxwhM5oW1gJ^s2q#BwzWVRXxpSXU(T|!mA65{tq;pcqw)_w34xjC4^Y+4(>8;W$lX7`z%{EKvP|;o4 z_793cA9)N|iylJ~j)>moC-X16mD{?mEo7wnLn7bgAA`DRAADpV&Z^L;b4RunBYs>h zXDCk2YZ87goiC5*9I)=BB0<>F!*TPq`o5vt-1kAE=92L=i2p-C1U8%@nTOl<-oqt= z1bN`VA9uF;_VR2tToXq@K?$b=m>13@4>8grL^%*^?%CTSx;6g>HX|c7%-5i+)}a%A0YQpyRZ@H>1F3 z?_Pw-6cM1i{g_2)kiAa5QjDsOwCK!jnk`XF)!l%_eTeqjHe9b8>oX2Vj8~2I#*dS%qKgg&Ehbq{{R9iWEPD(k7K`_Kpf zf=D+D4@+GiHN=+o;;y1j)xxji2^5?HW5V3`VuER%qA2@vwrtsQjDDAhJY&vkZ0tUT z+(5^_OtCiMU5Tkj=y|pJ^D4QLbe*YP&s4Ekm54n)Avh63ds}&Or#!#b`C|(m!Po0p z8CFJLh$?I79rPM%Kkv6WLOJJM|0iF1VdL+ckf6)7|4lQ1+ZE@%g7#?i{WaZz3!#_q zC%ygos9;Nme@BsGZEEr8yc&ajX%~ zp6#%a`lsmoC{^yimY}&WCMBbD;Rfou>S<|d+p-^fdmk_Dna-+LUs+l4J}QSF!S=V( z`(tn@d*JU8iU7yy>BA>CY}>ZYc8oz;II!m-eXn5f$@`q4YQ>u6cD)~}!+17Li|yB| zmT9!_I4z<3tV%DA)k&J!(OgWe(nrJW9<6xp$bpA(bxOVAqsh;ig*;28JM>S_iSPNt zZ+|6ewPJZk1fMQtK+R5xls9aq7PmBzhFCMZ-Z`lJN*XA5P+M*+?_yy+^hnb{{gp&q zdjD%yz3rbD)s_$Qy8bmhMk-BP@uz<%&dyEmezd$3EjQbl(^LKK&x^!wBcJ!Gx8GrH z)!k9rbCSkNn2+Uw&5V&*T`cGA+!NPl`o38H3`#$8aIkq&{t&Ivxgb6cT~!h4y4)UK z2?=K4x3%mHkrNGu@9)$Z$bp@no<6GcdA&l(iLBISO*6;wA3fIe7fz&8TXt-}LBsY2 z*IQI=^iWb*i-`yU3Hle;Vz$UevxAK5OW;C^4Wq(7o-^Y~(L3E_2=+ zZi?+)J#t#nfwYd%3W?XITw5a#Cl*+JRA4!(zFz57LWW?G?=X~8ItB(W80$ni7Ri~z z!%RGy{h42~FcI>uKHt_<*ds>u>RCn}6Shyxzt6C<9V_qKanw%k(7`D!9YdwD2#Q1I z2NQlj)<0+JqVvXQhq!;2jA_c?hib49i2qj6Dm!GmIGwL1%}%Aaz7}hfHF&b?kaMN< z$A(R|MfW2_wrmQX>a!^-3p4PznY8(v+KPBZoXNe9HTL}`>HTj;nQW!DcPH)PuuR&R zO1a;SP4jSVw?(|;ZFxRNwp5w$_n%GFHwM{KiZcAHT1J67ZEpTvFF)IAvDDXuIYm%q zT~8=?N-6iE#QL$+#)BpoXZpkhe;-hP>u#?8G$Cd6@P;J%2`y%a7Tc2xw`?;+US~Y( z3=c8lKa_c; zin>eI>6$LyeEuiEQ~40j)Phj~4@1(Y-?z1{vTPp^dMkKPjagH{XD)iqLGra~`T-QO z`v3*Cv*OR{P&Mj!da}j3GuO##|6*wqOJhAO{D4zL@%_7bISJc5n%ROuaazhr92)ME zFBXp7QCm7===No)$>c=j`uAJ=UZ+yn=Fo=R3wfQM{9k2ag`Mb@ayrd?Ek|0x9l_4u z6a$qVbpMph`$WW?i+vE0Io(=(Gmuq_^~`4cNS2CS zEAEbqa_Ic27V~@MFw2i#lPR`uG->ZLPt*k-;kmNBTvu@Je+B+0Grp#5`?N182-`9} zvN*?3I`WzRpNPUcp&#jX9{Q>$qW)zi#F(Y&=kBZV(KEct&?8sm(^tZ4Z{}iatHmI5 zyIv>ILw(QJi%yr59_37(LxJ_tDS4>s9IR2`(kc{C zP2;EDEGseTyD^J5{Idqbv#^sq)zLuPle|7AbPLynKYOfvdLgn|%N9by1Wui@@#Dd&t zb4yajY~GzIxl6m0mze!CcKy?{Mw4%Us=HVma|c*TT-|JVwsk5f{px&SgiDtFVN*Ig z*N`@&|I7`uFTTCHF>+QlkvZ#$X2aZOm(1JFFU{Uc8=BIH7%qp7m(T1!con@d`LVoY zy^FjJ8$N||lpnt!bz@qvOT=4h@t~ zZA)utht7?K<@%2_iWxI1)6Ql>8$c8QPfLIRe1KCVD58e$p0no=6=j6P8Y<~{jPTj$ z(Ks)*&uBV(p@YK_X}u(Ap?2G2_ntjN6_Q6^2gq30gD%IN_F-Ct1*|^b`3~oyrs}-&ar%v6hc=q2KZ!&8;ej!?NFFHZO#H?s?`fS0a`NYf( zE2e$)#-FM#3fWOSsgr`<0ijH1WpQexJu77|JM~*9sejzebRh*j;j;XtpWF|3&82sK z;1f-i?--OyX8PQ4F!9T#qCTGIrY;vJcEpw`sa@RAOP|8Hzf)d?`BcqtOIZe&FcGv+u3c!ecIF|4ci*p5mwN%j%r* zOE2QfS#q-Ew>YrmT#l5L!+q5p92}R?h~O}(JYCs$M#Ap~T6#*5hBh|I-}x3I79zll zo;Ju18el%0#TtuB@uvyl*#uZx!~?DbK{~O;Q@NvF{^NyRH{&aPHsuIJ4JEYChvsEL zp20lQKc)LK#x{pdo#kJ7*fp2*Z=GXg@dB)JbgK3Achi0m-{Dm0l&R)j0 zUy583!&44BcJ9;-@3*o)J5S^1jE(|fP~Veo)TO?6ti9*yNw<6V1N0un2a;~pJ@E2k zE|(LxPG1hboHAg!ee-6k@7fjr9rV4IoB`gWpnSh>1KXw6c9%uO;l|6+Dd@X|3Y&#n zMdm!s8Kc#Xtt}gFk=^t&Q>(zm@#=`h)u6t7`n`J}S5%y7WR}y4ahcxCblj+ikz30o z{9sbLm-(^q0&&AnO7wGfwtjm%hreWMnbB`?qY0lMEd*Idz8T zz;h>&7{J?TRMHK$m-(_jg;uEpuMN6y&y@<(Pm*yH8Xi>VY`D-%gra`81#&PQF|&o@||t8 znaYs9yldyq4>ya~%}#W)L+Rtx)zho7Bi&_UQUZyx_dW~uWC^kljf)U8l@B*%{rRe= zbJ1E9Fsx;X1cBVNxCNxlk4@^yTLeHq_sI?L5qeEWK>s6g!Z z1|7=RNVBeV`}F&>+qO7$dK9!r=CIa_k0$(4`jMS4EYH;5*6Yp4u8YsKJ5|`3-JM&^ z(m2_{A{3T%F8H9BM8(^_-*9`ZV0u8f`;dts)CzQH9_D_TQ|jQl*!)pc@T8T$6s~)| zIgY{N(d#cmo}G6+`$^~1?#Ooi_OLzr?N>9$p7^|Y zd-svgm4vx}8OeEF&oiCt`}s!0H=KpB0;U@ecT9t4TlTKga$C9;=uhDR31b7A+Zp2e z%YT+!zS(M6h1$`pHVO@@!izBW=%KSD8;iK@ChUX)K)T$~hpFof?M%axzqPp6ZsuJx zIL)Oe7|qJQd+KJ!?|ZEMc&lC2ouQ^*6?-qe=g~8Yj`B4h;rUpTecL$DH@xlJpm4sO zu(9=tw3b&f*9$-DKFYgM#OYj}Y1B2=n(mK=4=jk?7tGOBCpi}>jSXV>u?c?d0!f@R z516s^ez#@3#vrQk_t!c;2Vx{0cftmf4U;CT&>rg;BtCgKx&W$gd1sr~mcEe>d3YfA*p$t{aJ#&Z<^Zk_ZuO3(<5H`!KHT5-P2Gx)vf%4uYAT!6MQ&9o!kb=j?Yhe1p(97v0*Cpq6$_&FmmAZzZLeHgAZ1O3q+x^Jsq&Sh`!g%{$-RI5Fn@gtL9PS-$z~f2F@ngkgrvvgK$N zzNj#;q>31Q77{XKx!(5Fxn>2Zd{0lczf^t_pVW6@ymULo!le8pFrQbxKYSgheIX)rXm3tn<`{2ORJvGLrWzL| zMc)Y+>No`iQqS1?ns_nZJSTVE?d*bM?Y>`XqI)cN{CeZFMThD|?#95{mF(XP`E{nP zvRa&KUy6n%+bE(63ab5F+({q=1g7_ikMjJv@~gpNI}OwEO@Ml&YF@AsPpQk!7HynR zNLv0`{WfvAEt217|Hn`d{bJE)`xK##<;pE7HtJ^h9DKv6w!CaMn{*}5`FBqz#k(^v z*iX#}n>|!i5HS;PcInTohz)5=w{sZaxz8wiWaH}u`p)sNlw19+CUaXwDm9LLdb8Eb zv}+%goiEQXo;SkZtZS;PFIASY3Y9uwMjbx?z0`t%qG!U7s8H>G{0kpV&xUcedz^IAoZ+C z_-=*0p{GmBRA!<9lb+tC+W5k}Gq<9$viQB`r=wPVr^q=iJ4#^x&v0TTa1J^oCjL8xRL zyu6z!DJdU4dGZ;vtq*_?|Ks7QIPUbxVTyyur$mPO@4x>>IzNdxp~D4toHvWuPM|r$ zNskgMr&fL&V=yrxLO7NKO!W^7dyIwAX--x}O9Z%=63aJ9`trcOrxwOL(c{>P#-}c% z)J1rYS?L(U8ehNW>44FNSZYwOtzar7+XnL`5o*zfpe#x*zMdc|9hisU zx$&L_u8w>7Gl^f+qT;{BwbpkRc_SpfHEPn9vV_KO24H-7kle!xg;IyaF{(VIiVa61l-aA~=DFj0crV!@!h>nv$EJ)M3|5ldD z6wklBKBjJ9aDYq)9k=LWfz&L9qw@f*cbo?%(gr|zC3{59k4UHOE_9T=eL@oNW5F4Z z-lTv##1An~lx?g@8TNS_BSNbLV;3Ik<~bW644{D#SR&Bly?J9G7o#nl&pkzVsZLAP zG5E>Am!57=^I2jd&y(3AkB)3K>_BYpD^?nL4oD?*4j40OKvMXR>g_mVt=!BmG#4Nt}lW$5jkl!Sd-#8c*8pe}!-rus4bwX~$aRO;NwS z_U0av4r%AZZC;LL@`uG~s1FNTjCsl@1ZPJE?I@!92?)_SL@*2Pls!KB-#w-pH8dHzO0eDKzxNi-i>(Yy8q5!%PcM?<>! zq*;#slb47)-W0*edf;5n?ZyKgm;wZAPV1$czC*gIIKSoSI!&Qb5;g&=Dm#*GqGHq& zOiDD#?r)fRe?96rtLI%a@CxDyA!!Iu=nI@mN}vF^Ovsa*U@QbHb3SSbNrQm3B)RrM zBPAz-WIWUE0#-B+NE=2e-QXfx{TKNN^p~^&0ek#lpMls; ziK`)OPkohQqot;0^G2sTtokZCsgp>+q)~FLvt&tdET}>Sjf`~&R>6(-a5X5sQe?%n zC>_3X5rZGzSO>ygK@h=8`AN4d4+DtAj>5~PiKRntW%TlLz#n?O?^zbw#Jo-pr$Ke- zU0{Y@jN+Wed*M|qLMwD`-rN`MIJB3%k+$pHZqk<{5g{bB8~$ADQ=yoMA!c-F!c2=8 zR3oi3I3wawc*r^Ja$j}b#xBjWVZ#RUZz+pd1~3LAWBK#jev%V-czB9j7dpLOMLTW5 zj7v8w?@!X>!@NTo5jT*mw*g$h7(guw>_>|&H8}(Wxl>=h{ zBOf+j__>JbLXt6wfgD{BY6={)2F5O&c8onyp&cd;g+l;s-@M7sThSh*hbDjd&6WM> z^9-2tAPz7z;7C=!zj@aOxQ)5sJb|bXijFP{i0+BZivnK3FJQI9PuUz=Nd;rKpG8CpjdNK2H63L5{cP!^&?E)6~QceOkDB+p$Y!RjtNVkvSGVj5xp>J}3 zR=3+zcsK}^BNSaHjRue*8wO^Y)#69yRy4>Yo008Ehqi5kb_NV|knz`rMV`ZP74R^B6QpqH5z%n~RD zN6`iJW|v{(R*XD>e+?*e8Np2&q%fCmAcq`X!`ZRcU3HQ(+x}tXZ1@-R*5|TAY|`> z!yls1{)bV4=lt6C^o293Bvkt`^z<3d@f`qOFz{2Hz>nXSdG94XP@VCPoXLd+g%quP zl2!F!{H>^~D@Q(1LLFJb=^#G)Ec4EzPP0a2*lS1}<&OnO>8RbWYs6|wY{KYJYu^_) zd@6kd?n(edOro5ji!~fIII{X&%w-~ff%x5#i}pbZ#Nw5ZUN(Bx`ve7d!8P(3wc)N| zv?DbGzt$-TH6+22Hg~9q1skMFPcJs7O{9~GsoD>gy(hW2xNd%btwihy1RMn>^s7lo zuacNS>g)yT6ddj#wVu>V3WPmvET|PZ!31}bW637T2#4KgIOd<+%m5(KTb%3-m2ws) z7zwTi@{c6rVdhu+m(^lXCUInxf1(s`>MQHDKfircw*Q(>4Nvy&&p8R4c3%UyLmlUG zeNQknO|Ca~OCGNL>Yv|{(|MW94;&Q^d-Mjqf9VAIMfKuvBTv`C?^3h8e55ZzYKh_^_&!Q#3hlD*) zWDi_YMsVZDb&V|91io#gU*EOk#(RxoIn0ZZIg3IRGX>O>Dcpq-QSpr8DS9>JZwO#P z6}Rdsq7<|z6J?min*4tC5^=>-cp!6dKm!9ZJ>FnSL58njGapbZI=J!UDaFAYWPjr8 zW`f_V6c5HagL}lr9&J0*Je(L|{u%bC`}jBi!BU7>D}ksa8*6I<4aIqQVVZZqv?W2Q z1W)kt@=|!fB|{t;NcRsKTMCYc{V(+jQJVrbaF(#4g5+*6nuH&Gl3-XbTN z{OR7R|Fix6$TVX{ZJ2^dx(Ay|qej9+Dc{KsX@gooKmf|vUDZqQMGE_mU?d{`&P10{ z%X?Om)R6HB7Pb5Jy%^UR3|+qGZ6k|el;*uCxTGvCOFTlK9!pcwfGH!thL3`i^q;m2>^1L0>R zq#jU(OiyAr`ta9T*5eP>MLd7*1)-P1QnV-Yr0Yc?l!h(R%OjlSGus%CQlN4XDY0gO z4N@VR8dL;RlGzUomJw8akyQb_16A|^nZrTApRl%0vr4XwmU`M>?iZ1M@z*Y)xmj${ zB657qUTsuVRA8yo^oeeNmsJYgq?A*%eDd-n$2vbTU`I}BXlVE|?WgzwV=55@YRgCm z7!U+ep!tTX&-3AR_+z){F~?fmll3wW9cqqKV$Tg1e8apg$1yQ;-DS<5104=of0~~# zWnK%ax7ELCx;&WaY@>c6b4amm>%f5vhYMdj!wl8j$+Q5VOADARk7_@O4PdU{uh#;( z1Ef(G-%b`Ka1`)Sn((6Gx)_oEmOMurObYFN zyRnckNescLb$q&$(!b=`Z&b^lq`b+i00!HN+FIc&pFaN{qSD+}0b3UdD~ze>q0IT} zTJstW`?h`-NVy!hPBB{YC*!5@;8N3&eKYvlNCiwVm5DlBa0cdXgTE@MK^Kdk59da$3_3ai;9Y;F}y>^(-VETx}~nN(rWTot0KfbG!rxA(8UQY40}k*<6R4Ci1% z@PM4aL6k=%7woArL9kE}P9ug%DTFSEKx~m@zAEN;@o~IXmboUVc{e^R`}BXys!CFPF7c+ zw5J>T#rKHs+gCJfbLRIA9Cp3@#Ds+Z;Ic!d_P{Wo(vzJxlmDby+6bv{_mlkey>{`} zGT)r2?y%6iM2sV#^}59kstrdSXEB?YAmgP+M>cQYE=0*0^|M~m*{u}Qhh^czzlnj^ zZACO(*z5`Rl@w5dyo{TZA4B2K(cNVwJzxiFq9CR9vnrqZCH=&|R0ok0B0-H*@t>?m zKL+@8Cmx!%yK`0KjbK)7a`_FARv_3nSIa0u}4sBH<$O74Dj?nGgc@GSIk7G0d@Tt?M_dLGv^hGVL%!&um zw1^a$Yy0ya(gQ&h@>^o<@}Ib9MXSF)nOh{l!?OvE1_M(fw?G-#g^Vi))W=H4l~X{! zfM1_t0Z<^*uq2}au=jxclsw+WO>{vr_62wMkhK1hO^Z9v>eeiMmpV1Th6+bK?;meB zQls|CIXF1bC2Um}4^CMH%8WIvizZ=4G!UYsJ=_?Lqz~W>*ZgkcVuM8H1*6wYbuNYS zJk*+KD>war1FK}DFCwQy8^c8?;4C-&STEV{v$3(cIQ5}=3S&Tb$2&j8I4(xnN`|>{3|U8gDc{rcozFZ!^lX2^ ztyTO{4={;5v?MDOK0V}T72JRrx0o6gAVsd*5P!*@L#d;z9P;LYaoa~;GWaU!H=WP! zGD%4$4u~uZXk1QoIky!D;!8&p9~naqOz7f#2B0&bab}o8>c&ha0jqIL`c|{tZjS^| z0a+E}iQSn;AO@L?g25^l*_gmGGCd7N`#8*a<$ml6*pn&TVABh8ksCN! zz-|C-UQl4fYxlXkyW<$EMubl}^~{Z)x0F5fB$!{D4a;k%nWb^(bC?PBE?wG^&!2my z9FAht50XJ@Mb5#xUI=_-AMnM5azcS+UB{@Tq?A~o%|oDzb0LyI{o$95%%!vdxEEPUoII+&)Q9 zLAV_m9qV#k(41KzBMAs@&EYhJ`N+3~t>nfmGD-(Y?BNx)<%7m47{tx+#2~KZL6M*5 zJ9RscL?vvLyAf6E@QuUm2P2$c^@l zU~BbGeMgm`%+_GMjnrT)n)G5170_OnRW?BKIk~^v(+d2sAlwyEvIItr^)VcPi7mT?R>m6_jaxY2CQH)g0wN(&4=mcgcAT}(@>Kqw9Wb90B_p-?NI3%D zaIplTv&6-XYejxhJdTX2zv6PzKUC0=26V?0V?=wADvlDB2#-oZ=I>y`c!n+!_)0(O z;ij!y1)b*A$`mO=PSra~a~&e1-5fMv2~dW~Ua1u_Q>|F)}iu>nDa`Vk8$d zs6K%zBmn+NhE*0JM&C}jgl+^O@ea7ZhG&Ldn(x2K4RPl4jV~-+$5d*?1*s{k!Ax zR!n}BV+4rYMS#582bL&Y2kXlNa3LLxml$EI2usB_X}Mlt$-$a?R1tlRK^*ouaoY${6Gdyni*q{t@YvLhoz zkxh2lTcNVYWh7BnW=6KGvNsv2?%#3t{r;ZkdA**0?myJ6>-v1oaUAb;EC7_CB(}4g zij0$RS`d^6!A3MF(+gn9s z07e6~kgSta@#j*aQ>RiJ6mig#K=vC{pd#eN&rb>(v`{d%QNR9a_2m_Rh?c~iZq@D? z5_%z7a9|*oDL5nqT}YtYcdxmD5IF$O!qIX75K{%-AFRmrl#{{aM{NIde~$Ja5Q=W5 zXYrYvQrF123xdIs&s=ZKcJkI8kyNA7n_slj#XL_OuWU_OpY<86CcgGTr8zrkWqA6L zFpg_tMAfu0bT1Mf%K^~6+=HSFUErvFMnDBLGeC@bMK)&XVw0!1#qs4M~5!>goZyllmjCmPX$^AbTfj`7Wv$8 zppqrplNrB~7tl7PW*^)s<(t(3?kHxsKM)4a50nqO1flc`7WU0uk&r5!I^z$J8fpL$ z%?_2ckn;puB5iQ*MxiSl;QY}4N=Z_1L|4{Y+zoVe0wBiZ5~M#sxhQ&rjF?yvZc&~3 z2R5igqll;#b{}fIWgKePpCt{Ry)f3V_p8pJpaX<$0fvLxpD`$;b1#oy=MuSe3w|HG zzf}A*5Kpo0GNR&Petv!%q5~{JnvDKtgx%`Tw;R!4?f@CJL~CH~L0H=)&}il?t8jJ; zkeo=Ud;P$kfw~qz14ufPxGt--Bas>jnN6>n*Ui#yeoiGc|T zF)RT*zz{&ji!C!ivo>g1qb_%!LhC)qJeuKtL=*(;P0pBKuq_85gasjZDAi_PF!e^o z;Y3A}zaQWzQ1hcpC`KI08fpmpiG(IbGBUyDF;twPATC2Wz9{|%ps!gd&4J)WH7i0H z9)mlz>WQaCh#(##v4zByAr__0BY5U^GfnS5hjucanT{Ea>{w_)n9tr)Kb(}`nqhmC zWBQpBHwI$jd6)jcX%>2`Gtwf1zs7CMr?<!s4-9ZBAr~!jL}Oj1 zjam)GAL3olo&vBQ>YIpzKb!9wUzB+!pocfaTk-MubK}23*K~bmtGR zs7)^g&fHHVTo{fsPPR=YUp#p6TwnLrL`YH}cd238<7}6l!gu`c(*!iME6ZgE%W$~H zA`}mR%}|#XDdYGXkT4_$b+Y}hC!JeAbfi3%$q`ui{rh*8ga%>>YerOv0%|O_c!iVm z9733Zv)YF6Rwi@5ol}sRdpfqmDz5}JPOycMk`h%(h{HwA#pbnZ*N9MtlKl4Xy?(?k zFo?P+LOTziAq*jDkU;`|ezd*dCzyaQP;FuYzJZbPR`A5-%-5bbfD*|1o>90+`6Gqk*R}%FiJ)&3yNy&=V9^)Zec)fqbn{ z(#*q}DAF&X2WCX~CG!>NMxdQ)hvqmAieEsp^8Ai>k)sW^8oIDM=D7O8&2A1p*UqSf zmxVYNWK2Q=0$6MFuo)577d?~~7Z(5!#ymtkeF9K17S4xM%=t4*aP%UT!N}>-bZOAm zHN&k};l8Ae_6p#9C}{?~+;#*M-z5;pi(;g}2@N)#JfOO5xtx_kofOaqhfRZ^CE(** zb{0AYz>c=i)8*~zt_6)Gs~5`T078BqFcwH;(xJF~#!K;)nd-=6cxgRN8_2>0SFYQTmMGmR!Fn%f*T$ESjr{-b2L$AA zr-kTZO3z2M^Ux!Mup+c6^OYBXGQ0*%R1{#OIZy|~Po*JQcjdabIpBw=(Ll9kikMrT zq2oOjF?WuIi4RYnSYt5gHUv15@A1(b(a?8ifM&0QJ_x}M8Q>!ac3L>zPR1BL2>@yG zQSp7_NfWLgoJh*Bq)?R&;k}*lHPz$(?{BuAiTC889DsTg@e2rCf{d$kW$zE@QC$tK z5{mzM_|4}U3YjGGR~xwx3mdUD$WX3JGI_j4_yA`X{6+EzB8JtA_6&+_fI={G|7E$j zfQXJXC?^`huTLvzON?qaC=k%~09EoQ2z(C$w(k5 zwS#^&7GPG7mBCX30|PNzzR;l{#un6;bR9;0<$wk*Kz-Q?iJT#*5Jbk!@hS`jSUw>F zG9MtIP&3S$KT8=H+E9d;HyEP$fayoi3VtEddLWJo`d?6f;Qp`w7;zwg@`IqH%ktfR zBWMi3h1z~$d!qcTRS4|b9Qd_IKx#6Lr@?t``7!v663ZA`lxTAUYKQaBXbd78ItR~{ z?uY+RC#@0Tc6LBNr=aEO#$|s`(;8edV}3dnTTh{3eX2M45)EPo7~;pht$dB zoHe>DGU!!~gkQ+JKclm@o8=_(ho_8!$Y7&V%^h~9xQthx0>h*-{FooKz+noP8=HW? z9uf?YcGNnbm^}kUvGO}}Gr%HHOXqVRK+6iq{#+2JfuapwRo&lTYda7$jgpIC2mGVi z;W0Mb+3%$Rpihq^!cq`i2oO~}ltoAcQzatv_s9y|j6_h2DgfyNu^+)e%H8|c=mVv- z(g@QYwa;&0a6tyJ4g1>)5+P6#9|=z%1-OCVqblfujd9Q}6JXRJH>F4B#7zu*v=m{- zB;BWmK!yEZi=d>}dUKuI0w2gtIvP?z{*Cg3kk$cG*@XP8nL>`Cxj3fO8Z z5;p*D!{R|qhp!gZ)vxsC=C?%PxsbF1k-Jb+^a_Tbhu90gCx87EA|%064O!YDaQ0XN zVF#c!5ePh2yhSF>YLq;F93q)3s{9a9jFe9B5w-zfMIf{-Sug0pp*Q^m)>GmQM@Z8` zSg1d}hL1l~6R6>d#)k%7q7j}m`V-T`-#`a`skG5Rf>J1c#b7N`h%MB_a9)f5R&2MV8i6s3qJgjyDr15nJ+;Rb=}c73Ae92A8e zAQS01?x2&ejal&HF@@3<>BxNdmo0~zac1ENgmfDr#AE`g$=LjXp$WlXkOAfwzXtD@ z0lg9+@Qhli8*nd9YJ6{l7B>I$GmLTm}ZK=0}c;fg@76usabM0!D82iPGlD%2n*r4_f% z&?$)ZHI#(t1_WJO2=vKT%>lUJnIML$5`~)~R+V%qV=3<3JwZW1e&9xtDhwe(;G%Z@ z``ZVR&43Wdf`SSin^0oV8^hcv2b7lO4TNaV7|8Z4frLfK6tJn!{OY6W3znYY%TdNb zl2b}OLZkrVL`OKHPXJl2u>3^WA@u}8Nxk85L4x^je88zYfV3!wn^wV`$A7%Skp0_x zk?qnY&_8fhyBVh%<&%l^3hoJ?!9IU(Ok`cV=GGOdce^2o_0ij@kgwS5kE0)6x3?&G zMI~xayk4gv#>=<(Y)`O$$3vJXRXEqPKoQ@eV9ZWU?ek-BccyKQ-tuOTlqzQ8?Pn*{ zzb;p-(yKiT4F{6Jtxwet`4Q0!b-i~;3ldW>B6%h#(PO-XvARmb6Pe&4DJhS){C#it z1WIA}THtz5WqCv>ra3d%FoifWW&ot|o!}plph_2GxO{4sORD*{lvcMurqX{~-lsj~ zSB>lT1VwWeK4k`0Na2@hh=dX|`jmwP2VVl@H2_nZ_{CFmswJJtqV}nb@%KpaF$sZI zDgmD2nw=9*k0pmZy9VZ9pXJK3U>+9tW?Vvj(gAf&y!H@D-Vez&ELL2k5u(>Pf zu7^ty>s34Lv7cleW)xfbmrs)3H%`18qq*wdu5aCS5}97vWman=;(`0Rz^XIDbc1ej zr1;qnK~L$Fk`cLcu6E^%Yh1NEGd{(~l1Go6F(Pk0?Zs~y2TG0(Z2Ra<`LF&x?ea!} z9<%M!wf8zxD!1T0s77cdJc{gx*&jUwk{q%B2TXfcD*8 zE6=mzrjT>kwe(|*X$!PxdowEDfOb55syh-=6d)s8BD{bz(5LPj||BY$@4bmSpN zkVE}_!>~O0AE3Nn=*7js-Dn8?XxnYrXW+{n{`+mQp=oyhRkpU={@z|sF^LBsh|NwN zK^@8jvIAv2lhNKzdYg{$C_d*vI>J_?g{)Wn^>Qg=QU$zYeFUN>8&S#&QJg&e7?bc-6$oy*U|yK%IqB6j7E*_oN0Uk3!DgKyZXP3@aAJCrbV6$< zN3Nx7$shalDINh4QTmpJxbB9g;O1;IT`c~g;atVw^NUdYB9a*P2}&8&qLzfj3J}%& zV}+sWdEra`L4iaSw!YVP>66>Hhu`|?HNE+*@qllVg%z85MY zm_P{`;fCGvsiGIY1RmjTi%Zn_{gn|@!Rlw->c1q7h6ov0xn4ch=(O)iC>M}u?IQNE z8OQXcRDGNojaZj-BxT4H8BJu>etCiKvO>}*t&01x&i9|JVb?Kls`WZ%MtB&C)%f((1 z#h|#^*;$qcEm9Yu4lc;K``5KSaOh`7=EBl29r3r5K?T*#JB)<-s#SqDJb5FAf>_5v zu{~e~TA`iM%9otX5QsIT(b?UrQuzLsTH|5>J^5sFDCy~Or<~rMFMGxP*UZvgs*OZn zDPSLEoT*T9`DyraBaMJ%s!zrE5Mz80nc8W73QdpC&XTN$=UaLZqKk5>{yb7!q6{FoELlLXgUk}3v$$ zksXbK=;o&b64XOp>{}eXs=2QrIR1E((}pX34C`G=C|jrW)?>n8)XL72q;_dEKwCvc zd^ex$PR#sdmboN-17C#Rm|tB*F3p<|ZH3C`rG%|`wzSrt58Yp8SDo6G`J7{y!x8d+ zy{_|Nm$XBvBtC(5t-Io=msrL5%T}P8#YmLz9jQJ~J6G)!^W7|1|FS3LgD0rXO=ypy z80x!XeCd#bG?|cZUCQo~1^(YgeH*Ut%)&2XS4^dn67IyCk>hcB8r}U{mY=;owp?1S zIX;&sWVYqon6INZ@UA`Ce(u)5T%IJJE-<7^3NyWbTcKGQ32?T&t*ysrN|<+m`I+8=A`dO@ zDqSzLCx1LWmcQUaT`qjckxER+^_ywkqJn^Oi68pJmN#G0fAGf$Hb* zpUe!Jt;k^+)czv9mMa9F0(9A;a|Y_7o_-bM>JeuHiN3shcpuf;P#!(p-zC?%NKI|~QeXT$+aXU4QwGyL zoa?wu_$0Ca>c^c#{LXB59fUP}lSYK01)v28Xjq2Tpt>;#+fc~M}dK>pfm-5c z&ceDbo|G<_Mz6D}m2Fl9nK$}aDyv?*J>}NOmwTT6-eO6&m`#=XQAO&D`cDH6<5=f%avNh7m$2x@v>ep@i9<2B?j zm?*y2Hg)QyA9l)l~`y!DO;>|$S;f< zA6s_QrK7=_%&Yg+^dz!1{$=tcOsWt(8Yn;krSCy{i_nKjXnOMU@_OVM0P+Ea`7J%Y z-rU~I7xkx;@>AERcjre=P5m-F^6`9QBrC~zeZ|L8O^2uWIX!ty)_9&<+Wo#+5s+9F z`Kk@y9943)td@#(68Ow)SExF;*YgfTr1?B_Kd_aECCCsr7cr$_?D40YcnRIHKl>Lr zn$2aK0@Mk;jk1k7xA}zS9$H>F8|LzcZJ0Y#d@jgfh~0@K##^b*#t@FKV?mGx8HzG>a(0XCnk+8+i%KC}o)B<6k-*pr#59XhT0d@t~)Y)_olC;O& zZRJLlBS_ww)K`8IpBKKb7dG#dQ9v`MC{yh}U}(9ax^lSs-a7yA6cLeR(Uaf58%3Po zW4<5m8cr*X8yv(Ol4GPjXIt1tO)0aa&Z&>pE$n7NS*v2suH`(xHPS*OlWgeMvRF5^ z-1>mo)i#oeFH^4eYj_>I{;Fn}SDeRp!zh-zxuQX?&ihaP2Q(+F^I2Sve@EwTx{OJj z<1D?buJ&?$YB1HM5`(>6kuF*+-icif4p3mYmQw%IrO}Y*gC*YJ zm5Fxk^P{f;%cWl7>4`sMoJpjoxepFrO^qY&Xcw9Dpr#v*QQ+yWab=G_t zas4w+4a{)s-l}c58r!k3tlAe~+Tgr*v4D2Rcd0m=NA}RB)n7P|l86^nq#yynv1lk; zGa@u4D9f*Ju#*BW3gSIM1(&Mfwr(v$yX^i+TPxcg|B!f)_7Z<)M3srjwbmGs51@#O zr1~uoYc@%jq&Z^6xv!S{{LbrJZEpw**#&-;kNVlx^BVsNTbyz{DRzF%{cA~|CO1$* z^4ipe%>0DL#hPCUy@6iF?<5?`9HX5U%rm-@qd8gwRLo; zye^5S-S=?Hl%I_0XDqypoZv$Ldoh?rw}@LEg2SDmpc}_kup1?;*<6;?Z*q zu8KcDL2&ai2w4!d3gaA*j4lR4vv2|jSRSA^-Z1Y-Q^W$mKEyz9=oc@GiHW*Qg@ZSh z4DQr6pu-WUK};urj93s^O9%q_U~sVHfQ$BxQKlYXc<7g2H^y=yCOmpapeNGz=dh0<~8M1bW3FbtmGrKvEfvJOa=}LbpT9e~$pEzu@HV zpD?)wZxG~T|1NmI;BcCOAwXWTp(`5HAEq?Gr8fYgP2@H}^a0Sk2#^aKc7k$=A5gH{ zr6zPBCusvv3^~5>8x>gqP5lL^CyF*-?9Yw`j*^~S+@_0)%d~+CsW}g)0S`t9s`p0C zs4M7vS^nI7X*mr5847{}u;L!bvq$6=dqs)hXM_l%MzTIA=#hW!5+`T(m(M_ZgagNc zGC4qSD*!Qz0k90k1FkUS1G%yQSR|6ifHf%?cxVeibz^?=dd-2OQVCQjnzgIIz951g zsolRc`9InRD+&0fkmd#*Z-C^dN)Nu)yM}yzNB{##mx$)%x?7GEqR5m8s4YGYlDFfa z+z+UrMSJ^DFd)ucG>8B5EKadA3{h+R0cr- zl25@FNKsDQokIU8a)1ETP0S!d4De8`RTGLGZUie5JXgfTDaSBIKy}FiXgw-Jfd7vN z12h1YV9zE*Hg#}AQNZ>=iT}X2%7NmxBCL_bbuuqnGsJ_FnL7Q7|5Kq}jcg)DyUMS! zW2@FqOXV(Nom3|2`5XEQHlJ|m#q3|nrsF-Ax#7GoKAGBYp}w9JomiTQ;}vfB*x;#L zTH2cvkqYaof=BhI41}08CG~wxYSfddC9d~A{e3_mhf0ZA)BlQ!iVU2Ugk8>K_6VjM zu?a5J+R_tL%1*k}nGdk`5o?%1iaY6zDGarJY=`UtF)O+aZ1O6QJG~P;HmqMw!>)S> zP%4r!s{r4G9GF1wi(9(`%N7A7F(R380szmJ=c&z`4mlpqmb; z-;tsaE<`0rP)8#`KplSxj19=s2+JI4>=CVxxLx2&7#+ckC*chfj1V5%13)$!838(P zL0Ryb;9L92oMo-xRhC;pGI>$kggiC zH7!BCfqpp>X993;1viNjOB~`2kp3R%DI^?2XE$&a$h81`2hGa%M4g)z8fFCFzZD8E zWJj2SiF0UIp(_c!54a+LT@plzxG<=Y8npK4E(#^P7z1w{$)%756dCRiYY5K*yoXAV zS_-lGJ0SN)Q)3{cmzMOR%rjU_$m|3oobH35CrZGT@cMchzatZAXWm676PIb zT(oEeS`lQTwZ~rE3gwL;2koH4#Mwr|BmcxEP4!p0JLPdKW3~;7?Wb_mF8_ zS(y;5Q?Ve~hR^)D=MXmQzjY)n&4eBhxK%^oicgCH@sx-XTy0tp*U=;;w`)@@yQU@I{)gNY|LWD`l#XF5LLf#q$cb z=xsp}Uv&S-g1W#^g52<_m8-gKmHr>73oIn^37s1HDTmaqx_8o187tnEG?A#XJdwr- z-z8|*cfUO-5j1GF_uYl8Uc~P_9pvFQ13t$^*fL&Gso}Ax%+XAVRkl3qu z!3@9}Xf^)LMFN*6c+-QSltM;en6a|>C=p_sf#$@+fp;7Ryk;(N+lcLnPfQGgMV1fm z!fvFP?%znKBlwHYdTh~efkh8$>^yj&cVT8}?j<)0P(@xxw12*H-$If2yPp3>NDg1t z8^T|PJ6*bp-O9=exqA^c4|5s#DL%si1^J-);0uNe9}g!3(n)|r7D#0Sb`eZkaF4cs z83Vg0QgE@bu@ORyxDs5d6p$zcp{u08hO+H41Gf)`rPQ?*)yRUk<3&>FyhQ~NZ_^PT z{5E;WSU^f?(5eBn)G}bK6ch%_opoNu{tqOU%^(m(?*YkD;FBWt0!m;$ z+XV)CJE}@lg~6GYk`{m-DhhK3O?w4Uy+~OAR4GmX5c6sBhoHh3Ye?uUR0N69T?l;7HVgZve3( z763VeHUNv)gVMC2PCQLa+zR%4Bm@VwmL-&nh~$NzAj=rK3LyrGo8>-786enbgbG_X zQrsZJ8d4X+%@ZX=G5n|%EPJ5WWHUzb*`U1|%cZP^S(}J|U6eop256VV^@+TVMdlx5 zQ0WavFbHJ(i=9bgrX%acE0>jXxi{CVUVpa3B{xp`CyNI z&Tz>$g)BXM7Oc65?~5!Ve=V(+!Tydn?hSilq9qs7+c1&(Lc@l{y@?Oko|RT9H5_O@ zj2IF7RKioR|8vq&_J1=J_k(CU9IKU-otWpp@|>Mic3O8t4fDFDTa^!oyTv zsto%Rc)ThsOjjzF3oF^a$v|q@gU(H`kUvvsDTAFkw56~rc!gmHT=w_CM$wMD5VQ>3 z20$Dl+OYvMaOFTHp92R6s1<}@e2mufZg@e+UIiw2gkHh=`aC-O^{hd-Ix)BQCMO(p&;`N`+6q4bNBDh#Q@f4G{n+R!WP~9Z z=L!D=0F)l;;=pw-ACLJV&C(Zayny|GrCTs7jfKoS2 z^nMKJGm%z2JSGMqL`>?|CY+bFy`kI(Ne2kk10gF@>=)rxP_9AeG4hM@_#upV0hSas zzHnSD)O9lo)(zig@jtTPbb~PkaM2=x22_R@=n~;$AZIu1JCwYD084bm(%ol>D=*>g zBe#F|L;0uc+qYjF?sBQ{;C$MUXylzX`&C}6WH{{`arEZl;Ne2(sUw-{=Z*UK3r)Ad zM)NO~^OakE8K3I>+A2)=?pUX)P-r>P!xu?vAHnHkqgX$9)Q(5#I`^|=<$((e1rQNS z0Wj7D@9K*_dzs>GRNkUXD1gj$izinao5%HF-4HcMb>Lt|K`JbaW6)$-0jcm$=5SO3P5`K& zxmhaMLQ|qny(%|({=7~{1ga$_2@k&NGJuc52G196?6+LD(0hARtwM;`H7cHPZQ#zWSqBAptr-JGx zc#(|K7YM9z`J~T!=R5kC7*o^()(PN7I0!)WYI8-Ks201b9125EG{bue_VIB8&@}~0 zFfPj1Nt#a!bkG1v_>i(th@ny+1=mB~)wI%%MAm1&O_*alhUpOBfeJAg zwi&I^s-09~nN7%oLk{&gh-}b7szm$~t|UhHu7j45e6SPYLD|nidFI72Sem#J-dB4* zOd9rtpCNS-auP$2A5)yPVKL+d-}zsF37o%-95%ODlYn^v|Jo%u&Y@y$MyE5#Bzw|D z$)FWlhE$L)=;+~ePtlAD;4S68ck<@zhP7!(SeRs%?o+ynf}OxVlI>Rg&LyEAA#%0G z?(cxcfx;28PH3Rv;N3leiX9&ZRS8Hp1VQ^PDC-59j5!qUjf@vmH%@MS*!g|W*kUdw5^&fhbXXVb(T-`B`teDNsUnTCTJ^R6bGpbB?C^?ouZh7W1FPmK?=q*mP8kAB&R?R3kH%?nDp#X$ZfFNO#`bz~OWSkZdGj;LGxBT6 zUOlf&PFeLV08%}3_fMPvQ2`q#GKYX(5!swW|GumbzSk_yz)D0AM9x0}?1(bdxBupF zfq(~ux5)0m6ecc7lJV8@k53a3;kOLAFVU?yNPh(-DjNqUQ@i+!Qqg^o<|6qscsA}q z#f<<4Xr~a+)Nz^B>WySgAy@)gSn^bdpp8*Y^s!7ekH{LYYce7f7Z(01MvKQm=eHt5 z(V!s3&bq(hN^1CG| zr>Q$^gM;@l2TCW@5JF&40CJk3F&SiJyp(6Yk}Nuz7J?r?4)zSZbvQSBa(mh$jhpCi zRk&$uX(>TZ9OZW({>zlAU>aALe-m~dk{p0wlZ49{ON?wTfFh#8a$&jBs?{r$Ny-Nc zeFQD}RY#@G%djSqR26)02rfj^8bRy@@CV9}K-yDit&pbe%PF4^b_{vv$eq1DM&spY zDo%5%206Vig$ZSFtJpda?b9W|jH3}0`)Rr&2i|O$eM5-`6Cex-v|i27AGw^J(3ro= z_cKTAO_=fb;SrO5{pYI(_xSvT1Hul&OST*9lpWeGOg3B?ZNTOJ^QThOllrN1A>oRq z`|$ghV>@#!h82bPXvP9*CSS2%&tR{(ki5p0uK8y$RZgF2DE{Gw$HbKY4W{^+#eb(I zJ`BN_I{5>Sn(tiQTC45aBA@Iv6snRx zQ?aHivfg~!>sUj_FfA<#OcJORxpy0pZxd=sHyGCP_L>Pa1aPvTh7u4l(X_vsqXP@2 zp2xypy8HW8z%ZjzW+siCXJBn=hOR)%P2w<(ob@6ldp`<^XKsW#hZj2dI!kw}Ak3^Au6e@(Y zKgfjv{l;Zj)==c35Edv-b)i=!@&+|>HSBZo( zNJpv&hqD$hr6C!Vwy-M_f*RT>M7}Km_KC0sm!@M|%?vRL065y<*B~~!gSo%2&&&Fe zQ=}AXVPLnT!5w0%VBhL#fD*I=f+tX(1PZr;wJfq`4YxINIRRdHKXTZnU#&_mv*rs{ z$LY;=@%jN(o4#YC-^}9ffd1h$uO~xc4s0=Phr&ohmY`b~8M9P4yfm8lnvq_mACdsf zM8Qd#x&=X??UoO#IwTbI6OxkzA9njv(OmxeVJZ7F?Yq~@%Y+#&eGw#=cCxOkIY%}T zO}l;Tm7BkGiu2bt^S$l+oZpxHKhE^W6pvjdeGpMHYG^$EskpkWOHC@PA)?3_+flM7 ziBa?`A*%J%`PCrtOOO5ApM@P4oJR^0HLX*RxeHfEaLY>{wnUpvw8;Sl&<{w0O3@>{uTXjy2CI`;YNVYm)@>G(0rXp} zP~gIvQh-In58-m>4FOS>Kp++xz=v93=*v+i1z5NnVIX?U=BU621ff9F9S6lXtQC|- z#rCLuK*sDMcE38N`N5U%VEVHAl7kE7DJc#D#gLhW@dqq5z2DQ|D*z|UB}hbof=uAX z7C>llv4ug>5ZY5v;(tU5Lde01H~{pJ0fSutfD{D+A)}{3&g-F3*dR(!eW2h33wWYH zpvXaSJy4*?A{zp8&NY7S>4PJDd3i-g?Y&7NE(9+CVe_ zz-Vx$dS*&qLqzq zePOL3!7ERte$_9YE~t}`=T*yQGvTrpkRX#Bx#r}ucC1S&yRIx=p{waht%*mjIW(ke z^v7?v3a(|Ss33$-qO?Q!rk_icY;Y;lKYikrZ^)wo{*&uS#}7sj zR1u)KGq~fK2m{HoAnWVjU{%mu6B5$~04Ib{1T?s`#^FU!EsRG9hjwQU`mhcFHIZ{0 z*uyzcddmYTo6jRpDv3)ha0pfoRV}SHG+G8>Nj`|3L(~j_!XsjLkcSO|HwR$Q*b#u6 zP>>*O2RX78e#F_8D`tVe`JccakkNmmEP*CKh%~s_k<6d*QOFOLb7#-~3ttCs5(22u zXf)U(_W(U9AhZUt2O8@Hp89B%>;_Q;h-*W+D|+r9*{30g2zl&LIv#SB19UV8)1%}7 zye?6CYg7|WcDI1W9{(p`ee)3g_zCK;OfxeeIE?u zUFxxn`y#OnWQhZ*@HswpXyA!gtDt}Y%5;VEl<21PPpX)UH)0S*h+Zg*CH5Bu8gn{} z1`L&3eu^wUMk%eIgh2P8daQmw6AnuRI{}W5a!BA_9XGDL=|Qc)NaIiKx)E9;`qaZ_ z^f}LCp3llKop1pjADTUd&Sylgp=u4m`oIsMq)yP`z={1dbt~Pa0gY=VzyVZ<7HaKw z(2k=3K71SqwhIL0iX7lzd>nLRL#d982xyQdoGNHQFB?M|oVdfo!z|T=(>ePN4zjef zM|m9MXLV|T9Kwc9?PY8HQ8uhIfuOkgR57*7T-_hevKq z-dJ5~6LIi2Myyat`jVZ7_=Tm^@zO2*a?IrKG`-T6rjpl*+-Y;RLe(8k#>G9?tgYUV zNibki$e7GudmL-RiT*EJ4GQssltw^Up+iNaR@3iY4Zwo?-1;+i7d>07I;LAv^?1W_ zqm#S8RR#E|-FN5D`eJ>hgnPv;;!;yyNypieIb=80z6De$c%S?)2Xb!_Q4HMSH-B_ z2el4FsX)x_+Ol=Om)>UV3$?N1cxkr&?vP-tg34xm{ig{YwNRZ+wIVCxm!59C7k{tU zEjJXvS*r3M)%YHk#nMav;uo8)tBc^2I?_+s5lcw6|2nz) zDzHvEj6`Z5`RPA8O*2s7)x;kG)R<@Uv06Ji$io&SYL@_kIrqP%19 z1942-7r`0@Y9V*;8pUfgH~F0vgREYslDqP}e&~W_^`O`c=iG|_$r5>c_c5WyuAmQd zlL)@?Vwyw5P2+t*h)WL8fDzmh=iGEsvbh{HvQ^r%FMOVo;OVBf47ks!n0&Ip%p+i) zVR`Rbl5?#7h8w=;y2WxQaS$U9c9b;#F=;wSc%Q@ePhtOCd++K?l^5HU-G;HDQ6K1T zzk6NKIaB#J3iv~nC!V-EziGV zFZpw{LHhrd$2ScsiQwA^W;Hd+iSiB`cq}`xN?`kc2{f5Rm*w-~>39Txw*9_;X^oH{ zTa?EA9y3(CbUIhRb@uudeA7(oM3w<0Q2`DF^)?9l9WFIxfUvt3P!?KKS$piHb1RkJ zk@d)>#+R7H`?1WSBG@*op)15G=V}_bnR`iAo#hbk;O>gzDnEfH|EtJ+EC{O$Qu90{ zl1^h4zlc$GpEC3P`)W~sQ5T0Q=n;2N;VYw>o?^zv1fPMk_tFHrbRF%fJ`+X=y5t31 zjn_XWHPdK3Ff1@UI2WYJ^UHRY*NTCj-T|jT>#VLMrwcD(^MhCcY*U&a|Azc#>LWf^ zuP`~XGSBzfK26rr-ONeCeKVkD;uyue4xbeU@g1F!|;87HGw1s zXWS5*sU;G23-2nU>Oy_8XGy;l6F0_F)Cc;x3-wtA+xE|LabGUZCQDrYu<=7fw-|I$ zhdV9-y!ZPLERBQ1c^wjks-`vFbh8q)!+DQoMN?(}7LWY(lB{+bkPsD@BXntKA-?G9 z^5*oe`(n2v`%RMPDb%lid<{PL2Tcd3&WaIQ*%}NZ`!BsC$Wgp{;;D>XN-XE7mG2A1 z6;EG2$klhEmT`h}jA`#haxy0GFJs_~>wFk$Yeqm-V7AA+w{m?fB%~zT#68l~(h`=k z%pC!d8~qYHXn`t{PARG_$}O|a)1FyQ7QY}t8zlDGi|_R8Ckfb^MK|1F3{*qHfA0O1 zZfAvR5mUORpy)u9a?sMp^w1u2 zO}*V{S-odyWS@vo)~J1yn!@H+IFH%lqlKFGJuZ^5l%PH#KEqG*}*Ob+vRS}h`$|Ut5YI%2xYU#^`(TlQM4@pJb z+9$kBGj(TA7OIk8H#e4wr?7g-4$bbnpUu1#OfK}tusxuSZj5^SQN2hXo7vpCpgPYE z9{;&F2ipH*W_tp7l)0zib(eF~*tt}9C%wnp7cLAk&Y3UFnMX4V78W>B2r?ATBvF1H z&=EDoFtu22FY8xZ8!Jk5SubQx<~{S>vwQD0DZGDgfYQx(bG%5v^^26gc{~@7hfU74 z_?uphF!@a)UT8J(*C~Zh%)FXT+6C7*S9}E6lfl%5T?5s^Q}VR`Xz15 zjg+Q#%62Jg6UUEAALTz-2C-%@bxL9SzCXm1`LX>XyDBlqK2WM)mzmDoYkO?K(ji1! zaIL1zQB#z{x+87$d~9Ly)oH!Z4#mg)<4Q4<;|C<8yL{7;tZEYZE!wZdD7koYn0U>q zKpo4Le#NSlE*5T7g~9~4;WxK4Dh7Rbo5XrD=qy!kW~Cmoo10J4n*E3Ub8TM-tFZ3+ z`H@pwu86~%Xr4}-bU}O+Y>%_jShdf*V2BBqLWiF9&3=sS_}|y)<}uWL9MIQPyoU;{XQVBkb)|Un;Aj z?%mg>HeZ~owX3rjm#wyFlJ{Fg=k*Ft+U}*%#EMxXru2c48%xrx3oJq`sl3LS;U$Rz zh1K?&MbIzxG^r?rk~Bs+msWO60v$G@qB$)W@89GJjS=1MiCUG!2cg&1!x@)L7Ha zp%FjnWMjf%A!bDrYk~s}F?~n*gpEdGGyERH^=la9(p3{SSE+nau3m^Z` zlieL(dK3D?=k8a{{4=KSF50NyRe4F%|{2xr4X&yQ+7D>AlY6I~1c037^|Ks+O*mGF8wpPp*TWIW7V0_s|t%^)U=f30a zD|TW7d_F(7(dq9dKIS`V160PfnB5EB4<5yqRZTc+PUB=6&rqZ*SmdiWTsU4;b`p`u zvF@q49$XMRM&CGI{%mXpFomzx0b37Mg_yPQ;Ct6zb)0K;8H_H{U^mNweEojbMIn)yZ=hGSHx1iC%i9} zEaA`57iz741&>phFHMxQdbJ_m@dCdbstTJDnJEHt~DYsEkI- zLo{PF)>b!xE@6TJJBO7ntKx0EDcp%w<8;s^)Vja0o*sSns#gN5yA2R-A3uzG@J?UR z9<3fjr;nTj*cQ!0e7;iOuize&vC`sNZ zd?)OqIj&bF$GI^kf@2js6E=+=_wmgP(sB{M8 z>ZoYRQU=bI3X8MP81BrD3SF<_wXKel+7 zf8SNk#nrX^Qz|)MTg_!4pcWqm1qEqggQ|qN+OF%`zSNU2`>@W|ZHa-I-}_6es$SU2m`YDFqGg+J0j|Gr&S&tZYxNykiv@ zWemjP-m9k}6&YJy^&1yqIQn@9=S@FF7DFvz;MEA<2~zJ`uApxhv9?&O|6%rg)>@9H zS|ume9R`6qYfXCS#4z03{h1=u({fR3$36eSs_Z4q!uUa_QPS3&gffG$ZZ_RI&Nx-A z`lEo~Ucc`AgTYIKp5CEselyhLTQ$MlCE{(+ZB<25T{7FfIQQa;ywx5a-RwA9JI&V3 zwOB{BuL)d2#tnuvOA`_fNyB5w!Fx`Ub)Ex^qPFL8T2jgWNSnB~aA;QYoicF@>aj>> z-NQ?|tF7DczWa}cph5)Ixgwj$r;4u?BUF8hT$#>{W~f?9j5>GvueCccDh;Vy8(r=4 z;_K2_l_E$H)Cy;z|cRp_stdnHJM7h_n_l~l73 ze#YDY-)FirYAN{D%hZFM{6i6S0(_NT=VTc^kyRqe7q`}XW61Q1t({kzgnp}N&{dtr zzwtpTN-QfaySwI6!h5SWcCBkeGoRaz{G8q9g~JEsh?}yg9lji>W7KQz0vI1-pY(Z{ z{@X>7A2MzhQHlIN(x}a6`wZMZkHeNk$; zqH4fQ{V7q(-Sa$FM2BaB&t~R@%==U@g`-aJN5Qv>JMXoYfFYURa&_W^KTF& z*~&bYMl)*BQD-gd^uWr6P`NNr*i?=zfuUE~k(dVK=l3~orMjf7I6xaSA?6~2->u6u zxi@yJ;;P!6lRPzkof@TtDYo%ZJdTJ&V1U#`FINpPdo$VRlwP=cBwb9|IxBmaJo~c) zCsEQ*@Mae4OS7_3F&ajnACHpycJRLZU=9J^hxG=AoLf5v$6D+DoD;dq(;DC4;ndU9 z%B61~`MZwDmNG%m9=g3O<4PwUkVH(>|1`AdqEgu%v!DHBxa_dIzU$t1YrCc2gk0z11+@eg5#c-vb|0`y{?6L3a8@X)~uD-30r78HL@ ziTc#ZlxkDr_C8GL=lOUXm!8*-akSfZ95jb?3B=h2C3eQVht`RmUrp{Y{izYAtG0RV zbSYpoyYX&@Jidzgbaa^rtHpWka&Z-xeHK%yez~Hzy|T~0|8~pgInMjNE%P8>Zrq{T zgCtkR-T59xnr-W>iKuq9c%poX4Fh|2A{Vw)cgX$fd#U|D%a;;L&M-(;KQOc7C?L79 zOgi0UXaCCK?gt)J^FhY5>IZ0xUF$+ z&82v~*tMTVG%W30W$M|Y(HmvLeH^a)Mk)e7gmHjBQKBczc$@{Ta?> zQ)T*DgJBq$0hVuX4WS+&8`l!K*)7@q)1xaxiO@-FPN+oZ?eD(@0-v&7+Xu=rxq(_G`u( zr{S)BGZATS|1eq?&`-sn!|iV>odqNAV1lRTKCWe7o=bD9=*w4&ex7+hYxtd3@eJMt zIAs-WGFU8pSy_(Y{_`^X(}-qU`^6ehHXfd}*`&y?uWd4=ue9w zt=qHiBHmuIr*e=eA&s}XwK~lKf18r1>TvW++VBU{Dspmx_K&Y0vOed`JdO(&+M5wB z`tm5~_`UoNMH=Nr2b0?7F1ZZ30bQA6(%d=Mf)GK{;?3uYi3_f8uB5ZB@;xA-)1W)= zB{a4Z&rfB;MfgZ$Tpi?sFKGa4!}&g!}n`2}*64@Yb{m`9l^v?ydPB^AA&i7Q;w zy=k_F4T{O0EFf$njnFDEz>s^FzG}%0KfS%z<-0(C88-#VX=E6|oTbn|Ox=q+lKIA& zC@bb!71O98shaNtJKwl=8t~Z~Cv|!qbo~zh64vMXKvrII%I^bLdg<%j3EUsD0Wycvf48=_ z?mKZ}W~Kt(n7v!~co%W%xx{6I!~dCb`7<^$()Uh~YVGZKlDh)jpJ6QyH{n`(`5+!UN!jr*{o%}?PBk_vGX7} zIq;h3er9V=E$NiXN+PV+so zpqtj`CZp0>>1E)TAI&KZEgbTttJl|FTA*a5?QV#oUp)a~COcZ%$lvzr`tq~W_wd_2 zIU^mV1iQV=c`&CY)#Vwa&KNBYKma=1cO4yNjqfi5!)kEUFuW>0WaP4Oy)12T|9$3{{=X0EpZd%k&XUQuM!AvU zlr8cAJp#$LRxR^X!k5Fgs`m8=E)DY*s?puZy#e$fBT0Z0ir&JioC@c3UE+W%0$B2I ze;HV=S+y7B+u_~m&7zlYD$MyC_V$=(m8j;UJbRO#4COGvGUq3Ung)Zb%kzLX134R%kkwody%(MZTKjJrbk}T(g`$983JGJr@g%7)>I)xRK~U9uoLH zIlN_q*oq(~xtr;7f{6wDWJz<{Bb=Rd@j}-jo*D`6j`OejmU9QvR5_b`wSTHuRHuB$lWE`D)X9ai`#gvy3}BW&{q+1-TvTLa zVN^@fT)kztXAMEiV(re**9w#)3%MG^Z)b?NJ4-|MoR96v+Pz4^eQc-CPWeJ+`#hDYP+%&o-pS)zWK#_6h9Ix9gS`%2c;)d1pDJh>&8#jFTWCnl_%HeJ}O2f zZE?mad|H6mln7xkI@`bu&x&qbEAi@>9YtC=w}d1){upeAbtVdWgK`^`L>yoq(eV;w zk3TdF46l$8DuA}Hb55Cl#FIPML=op}9#R38B0%GG*pY$%SxrW*c$bJ2_B~TpZzkU; z%keQ4ly`(P%C(AK4qRlf|6>z`OgojxB5##fFCQ;xFgE1>Ecs4HFce1HVmA{JXs_= zyT>$k%sNpi=&b+yx7wR@VGrJjxLBduE_5L0WwB`CHhutcesF|^$@^|7sg-kER=mL@ z^iA+>19#ZV_%{(cGO`Qb_WIi}bNNmcZ)lo@rPrfl!HMUWfJ!^kIdwHD%NtS*=yUYn|oE|GfLVGRI{Z?LRD!v`%=XO&`%YxwScEq zy5x8s5t}cJ1Yjx@b)RqC`j*CvMHd}7nOzTaF&bJGwZEK`I4x{yD-6W_p{SOg!&SogWIFdmljttPwh6n^or?YMo;T?5SD^luaNQpCw7WGP^KbyhtG6u6Im+{}#V zeAakmt;Zd8k=5A@KWk31h<~m-FgYj}4dFSu6d61e#zZ^7$j;k148D>0&Bbx>JM{%6 zb0+IO#yymxha5XI$5ZS{A1pK<0Dc!Xo&R1${~sBIYVS}%Bd5QD-^IEj&WnCh=a5r| z#~OXxz23cs|CxTO3sZ^OpV9%{{6>q-U`*!@aJt4J)r7v&8gYhaR(62?25pLw1>ezN{81Jf8l6Tg0HYU22HB++M0yvWxe z@|NN%9sSb4_?yB`bQ2{P0in(m;;2AUzH_=8qMyOf{%39mhB39|J`!7_VhCb*z82%K zwPe+qsQo03I|gzs<+nw8-Jb$D0|h!&`}LgkcKSnq|ty2>dTiOD|L-VD`dwkmk{TiIF`YC zIS6YApN(TP@g;1(uK_PI^VH~!Rc=}|*uU-~$5iGE@3%WVtwnCDrvPrW+4RY@e^ZG* zypC^X^>fK_jd~>9V^D9iJy3^xXRGsquJbHSMAeydGo%=FVfz`a)rZrtniVWF z|7MTn#EbOH1M&E&d@kLe`G1jvPXL(ZRcnpHs@Orps-YAsW^V}ZNG!b@Vpm8hezox%{Z!wK*^xB!c1mI0NVt;n<->Y&Hxa>UzwAz^>pSgvJt_(26mnQ) zxaHEzU{Z`UgahmBS5cYrU&km2QN=5e>Ci9gnXkR%S}=qf9Q$JF12W}YkjFeSMtvO{ zkA(f1Bl|d|qD;z%b2hm`u&UXzTB4;FlSVbC0EuB5H{CYyg#GQSG+u9W%W0@Eqz~me zVOjIJXg~vmI_|jKt_vB%>OZ+PHrH|O|JEl>r~x`C0Qp9Le8fG7-XJT#CKiV8l<=mo zk#PO0YpbX6cR8RTx!-kY1uZ~&au$j`qQ@^kB*u%1N2{2#2zZs6YQK)91~bl|-L*M2 z=c8O&1Z>iwnR9X6gvmQ0j$hJo3G%#0LLaV;X7 zwTUebwo@?}uTZ{ROw2h^TWRqY!OQ+(M;f6?t%~dTXdAW;kGZC5vB&GvvE8x%FnSbd zzi~MNkU4Wov@%uTyEkxCElKs2vOc7vjsLG>5a1wp#KQVV-O28jGEMMs(JI?(t0ybh zDQ=u+=PZu^w!=@4pL@_TIGq5uwRpTP#wRMR-q}XuYz!^_L4}j&8>8CJZlcf&{?XUe zEy7!!9QqaA%J9da;Xq3>Jv{y>g{((#@qqzvU)ZY470E$5+Hir&r2;y>cD!kn9wHeJ zTQ%{5b0II(>{xizU;4jodupmhFL9N20|T~Tgdh2sd)SlZS^uO`_g_v(eAtzmg7Inm ztRn4h7KS%s_HSvxtpJD%CiN2Socp>D18==DXj`UxXobfpKm#kH#0G&^-icQWeVIiT5-@K~P8P`(bHfB$xa zV(Yd}o^p37@*Tsj9PdALlOT{bu+sA_%o-y`P~;R2k^!b%5~UX|sWI)IvIDRMX(JT` z-EXB)7$#O}0hYiabouaf0>pgkK>VHesJ!{Lc>lla=y`Z=gMy>88*xIr{b~rQMea{K z+SGUN)Dm_D=TJ55fb8tg%(Z6Jtfs9JB>F@~Z|AmM$5lIfsS6D^_pXTa*fv(D3Cw2w z@~Uto?hM&zO+nrpvj#FY?V03O#>+RDY`tCFZOd6_iu;(e!USz1UmnP?B8Kq4K@oll z*iuhn2*RAJURz}hm53*D;hW1SQ~Y@%w?vW%qSDCtNY1Gx2Sff74N71wCpV>h;)9;s zW%@*K^0*HUA5DKSOjOWHR%KF(=Yd{I!1mo@;FLU2En7#duX4CjA4 zSG4g~ZxujO(s!$ZcP_5AL0a>WZMtRBm2h+`JBfP|Yt0pO5#?y@E^niDi2gbUvg9EO z%Qo9bjFz9P>R*b=x+p#Ob(FBvm<86<-1rs!_T4HZa%MN)(5ppL^_5IADjI{Q$FpbXR})!)MdF`oOtAcvKv zpDfz?fqp9TdCn9%lrEUHx@niZ=AL}ov06PCXxf?SV{#kW-kTQF#?2f-+3AQ@! zItQ(n_JPr0#siM3F-2P^K0~*b4~+>XI5Q3j1j7U%!?QG_cd`-Axej}gATS14wz#IM z5%gOYEVqW(>WjBZCS&_ZxGvV-`6F-Sjxfy*zl{HX;EMl3E$(s7f4FK#F3$X2<%y<- zO38tvnoQSO!zdv`ez4&734m}{?B8s()c^ygc)5%xzW08)myc@MR-~_K(8VjpCrCZZ!l|%;l0H#X8t{btNwU>dNYq*!E`kKk1hk7B3y3V$d+v| z@T|xKFnE=uzIrw#w_=ehK)f|SR&`+;cWs=nBE?3G@L~Sl zM+Jxc@r=G8$~)r~F_46fjL{lJ?PwEs!okhngHuo#sp^#V`-^DKRlQNQ zKfG&pmpx{#;r7ZjNV{BQGo&*PzA`;qN*rx>2zII!fDh(B`4JE|R(JY7vqrFL@~m<6 z5D!}VEQ%2B?;pYHe`DN1zD}X7)AZ=?Ubvu!rr$gPBE3@J-m_Kr(Qz$5p)f{+^Y%Z9 zO#6ty{wlzOD^B`n99O^n;5=I7vEaQ~CJtG) z;G`Ysojg{fi)Wnji7FgStb$2(Y%GU0IVW$ASaz8PY+PCHU`OoaYNyrn&(9+v$>yOY zWZ}aSnx)H*obSylW5_TF?F`E(_r@i#!IC+}zt#gK1uv2e&16DJk#qT71hZ=o>pNGi zJJI}>&k;}r+W4Dz7BjYpd!1-z92A@7_2oD|ItpXjr{LAR3>~H7|J#nOMm*^Z+{nUT zof5907=dLC5Jd`g1Fe7{r4D6r*yH5d(=9cbbamg9PUf~Qs+5mf;WpoD{=W?H|Bx8K zoILpeTnI$9ZxL_fr&B<(9v~Hb|Hw2!yD8!UXA*9E@6L)`dFA^Sg{~Hv=sak+N{7-; z-C~$H2K&>*zirkcD*B;KiV~1dObV z%!mcW#JG!MBkpz24X>NWA4NA|!0oml=M5+1(iV~(+p%RFWs&GR=Uoa^74Pym!#$E% zbvGB`2GR<8G>Uu;Sa6tj`I3m&v0j4aaL+g)dW1?MGwYDF2=0aTw6;p+&d$Oeryqw{ zRp#)0FwmfKtsDGouCz+@u5piPui_y?8+$IEa9RgoFRIPXsjp7NL02>p-65|7V44kE z;&pVpJa~TxUV1~~0)mLCrSiGB?i>9nVf_UtxZB>UIBrZso!r#*i=RJ19djqQADcTFKHHzzMTAS|c zy5*zrQFvdvHdCYf?`Fbx^eKz8YQ$YKW!VT`E;i_M&9e0&_^ zndpZt<9)QV_AEb$sz5)CZNZ9k<*}w8#@$;kX5NBSwG+6hxa4 zNqOXx(jak>k!)isIo>vKJQq>6;rw>~G||*jLsOMQjR?FKhTV~d z;ClgA)A6a5@+F?3;J75MCyB&!vH!_$PJYz#HXy=KpG1GfhSyG-igtv)sBrCctXc=k zb(yS*f1BU*B;HHfEG9ncE|H4UQE2^LT0%kMMC$IMk@^jt58lE7b)T^P`sW#ITU&1X z?$h>sqU##0g`LOX_J5j0+)HHP2vSlJ6NJcvqoeFi%-{b2IowiY0itov%{SWwp`P_( zfR;q61k77{A}`Awi`$(RRM$QL6feI0Ji;KCP#Jw*r*2jy;~hnmKxH~{_0GBqH=&5E zG6z=){_M|p)KenM$bUCrejw@tBc$3tl8u~tm5bWRRMX#+%@40|yp46M4BA+3cL5AK zpf^N z)z!whobgQN?mKXM=@}V9z1vAod1#|59C>CO#z!6*LhjuUmpOp7Po!f$blo>wKILM4 z?p{w|uPzjIH80Y2{C1)xkmvf>nYdM*eV6Wfxh=)Bqie#lNJ;?>n_9HI zF@UGg>+2YTbynbCp{Xg!Qc>HIMU*{`^tPm3OLJXdP2umTEF^~mb4#R#Fbp#9 zN?Bn=3953O@-fqt@s2`rQRBN;ib^Fs6Y~M29WiqWkWt{apdV4$)5-i^ea}>0w5qSHpIGZx0y1iIFg~wY$ zR#-Nt{$q&%o?D)~t{Fqq^c0X(2yjp%j)qmfgwXXI&w5^y`nm z^O_e!Zt|AMGwt-fx@@?)5r0F(bnCwJDg{pcfZ(MyVZvX*eqeKo3sxc>w`^U97)D^UI2KRq20?`i@AKtinf@K zg}St(3bYU<)eOHQcsi5qgn{=)Y!5_?!(LpH=OW5*rIaO;QKH;Ej}oGUnq7YzRj=m= zAo}8JCJ!=ZCynb6K5H3kMll?qyk&;&6MY2vM9OOf1awzuZIh95@Xq-q9gt;q18ff) zh_fpi#?RCmS%X6{u^v8rM`@$(9>Bs5e4^<57LNTxEh>sJa}hDI4Ser7HaYNrue(ee z1on5y@;yz=+Ay~`#AG$#Hh{{Vk4|<|s=nUD;cc#GVcQn;KZhO!v>V3|yARbkr|ZKD zWc#tK4em}Y?mm(J71&ddz*u@7WiBr4%c-;P0poNd2WC=OxN_XDnvRuCIj)lEgUi;p zwZ`M^5^^Nhq=F&I3Lj%v83Pf@t{99wHOy{WK;hxoT-xC{w3 z$pY}4-qNrkJdgUIq7(O0K{z}4pYfG8?OLyEi2HmJm4VY!1oPDUnWY}mn*;vZ_PRJ5 zIw4I?0>l)`7#c%=1H9MUzJVsN1Th;yK)$6KkO>5YxdP+Ef!Qj_9E?kxK7S;)xA%w? zF5i>-65P)LvbnD42B&zyG&;k410Ulr<$`sjagy<`W6QSzJHD+JQTA8{9@k;vh`oh} zTG$qhybe!5xqAm7_aRNLJgH|@>%Hx9*p(N;1ng`3Chmqg%oN8}n48REKst6R+Q=Hr zcW11XU7~^&Iw|VWwims4L4{U3cUJwl*mKde+aUudFJI_a9=!ggjbuRD&-0kE2Um5^{+KE7ph7CyG# zMuOd9mSH?f6&kFgnV>c@y{cvu+V4~GL>yHeJ)tA)^JR_Cm* zGr>(v=jRO)L{}KC0trdx0q#A7{^6@)5JU+cv2PmjuCA)<94tIXLp8h!n_D`*+W2Kb zrO=hd5O)0tH{u!|Z@nhEHMZc-L5%QO# zeN_t&Lt|p)gC#J4_L``Rj29@#ymvsD=0RWri5)AVY(;|rn|b0BoY=WF z?7z~aTK&B? z3l#f^5?DmSh}4G8#9{I4)s^aVmqzEpwWgD~DkbkQg=^QELeN7Em8ci&#H=)y+0)(2 z4=h_k@U{d6%~n?uS3mL&%aIVInSxg^9AOxyzyOMLJFiD0hhAF?M<%Vp;6?bH3-+xx z8@o*WP#g}?K;xHhA_l)cRwE0(W#%{Hmf=HlHr0J=!JiFrr`AnxkgHf`$^v)>@I<82 z{R}AQ-AhjZtKJ_d^KGx2kVun)#MVFNuiLgI;`c93={{@zwieQcNaceX_A5k6F->x% zYgy;E)FKUpFS?^eXO|Z|h{00{))7)jB=)u`)F)~G-k$%H!#v#7R>2n$1j-4swq`S* z0Gyi7jB=-=9_6@D)9w;A(pEQbx#$=9Ir^ryBSzqR-b8YGKBJNXIZ`>R7@>rR3q5T@VU1HGkF^i!j06vKk zqvJ#O-e*H4&k<_bXsLjX-U1>>de{W8AkMWX^uq zxXI|a!bh680G^UQnayOF+H?+;4nbA$PLa2oF%}Pat)r@Wm=RqE`OpDik!Pn4QAJQ!*II}yk z)=LSMZs!kN{Wc$r*~Ob_d%V;+k4VF%dWR>sAf|5|gFxrUk8MxOCEIFY$OSbV+DaeT zKJ#OwXSoiOTHjB33$?PVtbD*j3b*GLUX@;@`!2wD0K&DgOR=poY^E;0vg&d~#8-cI{W%er6rD zNSOyyn^>lJ#-U^fY3zSQ?zKpAYKU_0mD{w!HOoY)elw>5*dfg z*HSy-Wf7;JIEjr1{Ch3cc$>fEu*a|;40kA;KuS@Op^oTdU54f?l9H1Djg3ikFVzOz zWM7R6ZAU*Iqb~!{o{EZ!c&mNXR7aAr!NFbCM*+&^S6QBjCa{mAdm06x0MH|^JMlk% zcb1>NZ{Glm8IaEmUyyCkNcn9K)P$T><2b03@|7{6Jy(rd4cldJY)#Y89y(7!Eo4N( z96PeI)%H zunVyL#d_2O#mj!tp)ix^YP9(J*L$!q@%?weE|xfD!M_VE1!Xqg121L<-cFG(sdCmT zs7AVB3Q&v@&xVw`Y$q5EoI4@cX`~BO+p*kQ|5V-Vrkj^7;B=$UtP~I zdVlXau3){k@-+)|*a*71@3iV)Pk@$6L#V# zslg>#Z*duv60RjQ1WXCv3_JCI!Okj`yJ?Q4@idku*h}x~5y={pKRpWUsPwSBM+uaU2Cj3Xlo=&#mW?*nOy&zM zfaca#TrY-(zRBY7Dm`rbAcOK`Q?z+)Q>+e-vqw;47RW;F5akWV`_bt_aX@X$=;9ve z_9kkABN>@-(buf@QYRqJHxZxBe= zu{*l~*-bI3Vt+-<4Su)`?oChAq6=KHk5)zvOrqoPVlPgQ$-C^f-TG`-$AJ`2&N{f+ z4!S1BY$R^6t)|j!7BZ`wxS1C2ZdJ?u7r6^v_J^=+$%qGg+z!$bV&&SYD7)=@$3J(!Qxd_<^+8S)m%M3%h+ z%^%Qs>=(!o?@0X96wy3U2xfjIS{O?YAeQ_k0%Vf7s;A+x0@-~*ISwHr>$(?F#b7;T z=+dGdqk22u)CxLbZf-q)3%H!(fjp5Z=2D}u;xp<<+hz!{#_6Fygt5tJTu&hq|OMj6`_s4^D1p8;#EQU=fdfv8tQh*b&=c3QPXu>PCTf6X3YSl|lf}zyk z4zp1kG+d)0-v;3hb;W&@brDX~KXTJ&#$WSG8^sr_s?fBT@#>+6q-Fj6I5; z)-cZenPeXJe-G@Ry&Z!BIT^5x0HxU zq>ebm-WFWN@3W+RD^6!{YR1!c;~dL8p&op0`*MOv0$Ecq+E*wbH|Ia%1X*j*SlolM zG9!ds4X*ouD$JTMtKY(oi&m2ZQH?0!R#;9csPl`3i~@3pyLhTIGBUEne==`1GqG~P z08S}sLGE)mAT|pp)4X@kZkA?#0%j8=P#RqBNIrz+vLS4sFk$3!2?jTCgX z0(z)B;gKjaeKa~eKXaT^l-mWefANOJe;|DE63a1q6k`0xHkk;`o6@$;o*?A&5Xqn! zP>$m>a7+}vTpQRcC)F*CYH;0^_HLZzS?4I@fh4f5oh#^U#lfkmv+XkaIClI@%6nTi zf>earKx%3<_}1XMBDh-+T{vFmj}JP|?>uIi&Lu563fFX{`*oNXuJ=@hO;| zH9A!JGF~bkF7BI@Y2N=wQhL~pV?fX!k>Tdh%Fm(5K5HxD5(oID=g<0ReChZ00JYqABZ>o( zZz;a}q564JURz9i6TM0rx@{TyjQl4py@}s>o{ZSztb=57n{ZZ36&CJZuu4hou=o1o#rl$!;z)mMiKj4GIG`1 z+Jk;l^HUvj_*{X!6{h`F&uWwG?Ar5T|=gkun=%$Hcvm~LyC5I!=f+S zzi7%0k`@*KQ4Cz9@FOP;X|bU!jtgN?yBR0_-id-OQm6Y?yO`Dju^^k1=b331EMtFJ zmu8hlLDWMjdIo}N{!r;|QIO)XscN47>%haW>3-$3SRif=-jMf_*Y)l3@#|PJ z2EBf(8JQj84bP}e;nir5I~v|kRz|mmrd}xSioUnVNx&4AnzN62w>?Ll1QgC>sdM4; zf8KT?9O2rW#aWldb2m8^91oL&hx3t}tmb>^nLh?ZPA)@X4kg)~g>Q%U)yzfKF|tiH z^Dv1IjjSf+!M4sT2}uG>-2&OSMDw#g*)>Zo?5m$=bkU5joMRS#doCY$%$;j6`mAu+ zfpD6}#?~4!z>a_PBKw*DTAsxeoK4v4e(tKZU%~VrTAeb;j&=IKKR%-ulonw;ZK@fs z;oo=NpdOI!_LcAsSW#L|J*e9V3_suy5O}e^x*+H`+HP}?t8c429S1Cu9Kn}FRrGAt zQ@>J}H%#QKK7S~{u@ak(TM&OAxg_LqNORl7nP3?qGyeBCH(}d{^22=RCh^PN+K%EF zIP5B{t|D&3zh!bEc85G0xFxuiWKc>UkS4L)k#wOwp+G@i+Hb zq51i{CJu|ZzAAH;Hrn^_{wH1iT|8V)CP;FO)i-||=SzIcjzc^PAtyw%Q?euOUd%Da zFuY28XQ$O#!26iclX-LkJ)UJ|VOuumBN>V=Wux-_RoJ1xd@*M|4>9?( zwn$Y4KA4EZK|?ow8T7KhWPS%l3}_DZ;f@=(*ZoLLT3V8uxMAJf{e-kUMXk>qSvxsz z_k~w|(aaPjWSInmdAu_9u?>G<>6g|#&;3_hJSH+TVyy{iMu(b@1G@bGFEy=Sk<%ux zU-K%m><+XHaI&^e)$CMv&is2U73;ueM_0mD-L-`pe~Fr1sMgXKD&k+P5m1;N7);a& z0?wW-<6;GsIQJ{X9cooHi{1j!={SPHcbG5^)FERI0+9dOb14(G9_4Wly5U%H+lZO?e?kArfR{Nd9 zdTUx0Br$vSomKvQ=Oqak$FS8GLx_l!U>`PJgIW+J;HrF`=ML1Hov5Li)K;j-B{dF~ z$woH*|9|+_Wz>;3)|jgvwT!)(qvtI}*4HxLhMHx44O4p(eSO` zVi9e4sHv5vzqzx*ivK4bq4I9u&Im5fKK&VlcL8(#aT(%jM{kT4(8dT^Zw-=<`pszp ztfN~dX5AmcOagnZ$`BdZ|%;!K{ zA1LDJDg3kJXsF(s&&g3z$tEL*1WD+Y(`nn_SqL{=>sqkdt`uO<={3MtW80IZm8v9C zB~SP&b9KZlV_p699Ui+P@_k*}be?KIl3xFMcFUjds{G4w>8WPx>EBR}>jXO=KD8*R zmf)8z(;y~2JS8Oei>4L(n$-~+A2_MJ>=2YJcb`z+=bFw&8MYDm*vg>s0}g;aJDZ_M zvv>s1$2-7|^|VsZVk@cCPoe}3R{r!!>xpOC>FVcWHU-z&Qlt*YrjH_-$_iOo#et*aKB7M?l7@m%AE zBX8QcMXYo&aD*-V3MR6it`$adsSbgGJy{(CJM~4y%<1DqDqDl^mOm9gDzKx8sK7ZR zM~4r5)ACpQ6nFTk!ieSS;*NBa*m#~p*J;W#-U{EzNja5d*jx3nc7ZdI-olyG8Dcwn zU5}fSE>@>Q*eG1OZ+j_6@y3Et;2(Hx`#v-wsn4N8bU+G&PGV<)?&0Ys+?6KyShVEv zObcD-#YI|dbiZCsc^NvY?zBM0yy-7;b2$XFFR&iu(D=Gm8EWuH@bbWiBQW^Lb{(w7 z?9FnOti#%fFf07NGvyMR*zRJ57@28`)}-7`E=V0hj3o{e%z@WcKD3XQos`z~orsJa zHDbW)ykU5Edz)NYS=pA*6;}8jqkc3;7^|9(@5=ay)@1Nd5ed0gV>%CJ`cDU3w!(mI zr>q)zeMvTdD6P)?PRnfSCNExIhsK$Zq#QL1tdCX%$0Cn*mEXnA*LGIt>JO{4 z!uh+#tF`ce1GzLM^sCG*^-(#&D$Vlf^VA>be!?GirW>vhYGqSqWjK=iK!+yj`WB1x zQ03am^BxB86t7gFZoJ zPoqKC78p=+RtK_l;U3=)FktU1o+GWI7A^k z!8T2Yd;&AK((XKS$)R#-|y za)D!|m-*dB5(Dvb|9^#Nns&3Rjx6D9h`JLRJz!C4lRwQA8W=c498fDP*Vs$V*pQBY zYj1WaJ(ZWFsE`{}^2^ZjrzFT-Wo8=>*&jsG*Z$3my6*(GcIaR`yjMOu3?_?*{$4#{ z{*oi+U3JmC`Jqn0r}Z+4Jt|BElM!}zw&UMbc{fv8IW|7S4Jk!B+6_)xoN)X+MI22N z4A{KxJjtg(D0^}mb^VNIV^aS_BTR?RKFM-NQ#+l9GM4id4rHT)2siX{;!3)1k-NOI zNNlJ|Bx!rmTj=%g9uUc=Qay{{>FH_4k*SH@jr{B5{)~?FZJ1e^tN9xu8lEucM7tDn z&SAqtp_4r!oy&O!?zKEzh108nL$>wr=v52G{fDNjzeHpFhRC*AJ}8asBT2?AhY4Dw z95N5~8*c4}81I{0J-#KJKg<7KEjjhRKGq`TU2sES3Gk?BoKFe<g?786(xYxq`$t7TMvy-(k%V1OjssrXU$qMSKpa`AMAxw z$DzG<(swtWd~T;K1i8%Y4h@8NV(qiY1s`NN z__pmbXUhb6I8VnQO{2*M26bX|Y`4;0`CGMmzh2*K7aZsB9ww6LfA@1|4xIde^!+8r zo_UnPee93MN3rcNVd-igRfIU#u?k6BfwIK?sVQZkkn1gep@~HO=q+4L5jVW&wVx=% z5REtZ@#FPaRT#NFPxj)zpBA&)0V{kN>Txbn1$)sc7QGj`ydhYtFAAyMM>zW?H#&J% zR3Z3_%}=`|mcWF9!W6o(C8q9pyoG9vpQD9JzEMaEdGF|>BI`Ml?$Iq*42-S*tsJzs zF+p@xIi?9eB&t5;{BvR9+m_=l3$+lJACji~C+e#5{gl+^Cvdo*ydLIYWvdFDglYeR z4tqe`2jWsYE2jDWKSTMZ=^R|BCgG5_$Uhj_xX?UdkDpL8`wE23QycV(R=t{Me@km{ z{pV%*#9_e{tn1L`hI!;&?@7K^lH*8ia=h>!RtfQwGT}Fx%r1_Je&12(kyI3gbaZfS z)Wg7$$g|{obUtaLF!Bt~%1C%(?M1q*ZCx$@GzP2l=>)4Vqq1J#u$pLc|q+%v7DOtDRea~r^MB{asGhU*ZKh51ke_YTeP9q_naDlgVKJr6|C6r#? z@~0AXuq6u5yv)whpLoT}wl`R!Arag0c4ugvfE+7YQt9VD{q60bnSquik%b(3)4uI|5Wmt2{X_vR51P;dWJ zPguC{FcTuv$qYnjf(zLX^_Ao~%CC(Ijztgt6VPM)0fuixv%aQbsb`UwqF~@`ew_q8 zf}I3?54eDV!t2(tkuhn>o;_(x-o17)WX@4h;Y_dE1B7O25o%~D)b07_1I5R4c zeE%UTO1%e)ty7|P)?x=@h0VB#w6<4;h6yZSbK{WUr&2Y?LAmcExfe+jEOa3Q3nr3LOg+o0HP@^1Pj z*08=0;v{uSw-Ld7RiP`lYDte%PrrmloN)#mpc72vhLz;Thn$Z_lQNez%IvO9J#*gX z!k#P|9W`5v7DAOA>^R0MoGle|f7|)3X^6yj5C{-=nht$akh(-RSK8S>r)^ZJ_UWDi?thi-q^QqKe^@59ah&e zOMYi=^Ev&SF8(nlSB(0uSa3{>*IkhsRuCJ`B{Al+ScZ+2^cbGsKK>+Xn?gH>;Aq^> zU^N=&R>(wQ;D26C8Uz# z9gYtvXa0l$#IkbV-fXyAaeb@uSUA08fFw4>gtdTugcF%!ujzPWLpjR#o~?=|Itef&r75}#}$98EIMxPsL(}H8@*qUe(1IabN-xaw$;pQo+qs&S2khI zj`KoJ{wYpcYO&7&K0!SY(YQ=(>>z;jt5yEahxbS?CA<7aGk&+^antl+Vsx@Q{uX&m zW(Rq=GWnjm?i=(5-G5wrShSMJ5D#q`fi}DA3T8jd#r(1mx&zw@#5tmf$;*FLatrp= za5Il5_TnR1^5J>^V??~HEHbOA;+U!d2BERKs9{?C zh~8wJAu*^}@%4^03C7antC?7o9?y%+7re;)oSX%*{2`sitbu_6ueG&Jd>I)TZZ%j0 zSR%U$FzKgH!#g|QNXW=)5#U(NCTvMU-#;pOVV)stQnMnLm8-J#1s)MPt795cXqiox zNS!?H`{GVmG?puMd1o*AB9&*d%2h<{a+oMS3;?>&MlEu&b{g3rza8g}=@Hm|~T zSUWLhap*N6F1EEgpBvo=DpEwWFL!1ahWG6JD)_rAjKkn?E@pQ(7!6@Z@qdEFj~;Us z)6w2#Wlgl+z_cq4l|+TBG8|c&hs`Xm*(U^U@(XVf<>c zzjkg)#k1Bm4`F?^I(4|e8XJe6tHdG~iEAHkABBLP8K@<+$|@>V?Iq-4bF=3UUc-W$ zSio~0EyqIMo{apoJ*}{?Ql|Dt$+nz$c88&FPsYR3^=4CRuWzUyhWU0y&|GO^)BfP* zrcvp~Kjb)Cney08ztR7+DhXMf`5cb#Ab&gkDIh3V#r>Q2AzVpiG z$0Oe*g1&SoqH|(uD*cd(y>j_|PdH4-ibiSuj7DLMuO;2iu!1P%qQ(KQWUxa=1jc*$ zprXn^!1r?sUUs8qY3wLyuo9Qep0Z=@uHGtcLzidR7ysRt#d3MauJ7IUa1&YM?N|-s zYgM1%yw-np7OwKbakC0`*#rN~-sGP#@G?4fzZo!tJB(R*g@ciwve{^Y4Yu1VL#P{9(EYjE=ed zEWUm0#*VbAq{SL1x|sA1nUK#1;m4TvSiNiU;m~w`hYN0~Dxwnb$^*@xWR-`6jswTc zV4^nP9Mt|gEf)EY_DM*Xw@7qWaR&a25eg$=9{76eCDL87dHdQ#RoyP&hNWYcxC25aQ+bqRZq_u7)hd7IM^CLrTj@&vR zYD?eAw|7`psc|@np0QG#NH_?L98=yszvEnJ_JoK<@rdKm>wGbV>A#sK>eUr?(U2JH zsXX!FBdOJ@FNsZ=6?+lkq*PI*5*v%D`R zC9jr2pXwGk)2aQkUNSyL`rtf)#@dNPPqVlWBO)T~QcW-UH47LnsJqErlw1q0#Dg9R zEtF1ku5_hFPrOP3Eb;6n`QH>Td5tn}eGeDo9Kd*QZKgZI2RUUFOu(>~nd8nGW&6&morV+4>1&Fb!LC>2(ZM zBUAi8n!Yli$@lx4Mi2=F6r@B!O1fc$0!mDBz$7I`mvona5`v^KN}3TPBxQusH5vvI z(mlH4fBXGC&nsT>=H9uk>wM}Q(?uosOcZwmxfL*yq`UikT!bIFjh|IvtF4FSv73@STr<-~hGm2BfiYA$^nj!sWzL(q>`-H9jp1tmOE zh`5Dg4odIqZLkQ+FlePS4Xt zKDfRxJ>brDvHV4l{)&tiO4VNk-LCtvr0)r{s_H9w<9F|riQPga01Q=ZPynAa*G0o7 zMk)XnDui5adg%h9SlbghBo*S8#q(2l@j(h63%XQ{kREE<)-U6Gr->qzPBX*`>)I_? zj3)(j5&w3Dby^EYV(fJ@s zz-s3Q9|iL~>JCy-iZSI=oX~%V=S5H4i%f1+ULCDaW}hzh!-Nld$4f9qk#-eWa|I6D z%!QJsc%JySH7q3w#>ieK6m=?c<%B$i3<^i2-+xH;4_QHtaou|VL`t$xC;NWmcQ&W_ z%zBspX$%FJBEwOM1u61IPAh<2I^Fp9rRpYQa5kO;aX#Do$bOr-wMwhPhI0NhyMsFz zqCdjNV-ANBsj>HEC))xh2nGW9AULWEJO*&+3hW>PEk8jVze8ax@7g+O@v+1q32~O# zKFD=SH;YbqYV6{YFH-)ZnbwP@XJrt+s%SuH6T7yxK8uE{VrD(=o7`sS>TL4On&8!p znCbRTrHIPGY6X`hZy9cRJ&y-{sP0sKQ+9vV6m8bNs$~2)SmqXtNT?d_ziEtDQMzO? zb^rX{25BVf4_vXCerTy+d3RQbV$ykq&ef!oH?pVdBZ^%^#j8LSUuU5l9} z>rZ3I?KvG><p3~}=%mac^q!5R-;d zrG4CFSlKRjg*dl26y27n7UYhq zf53g5xL%XdQy4BpL1$zciYB072Mem-EsWa*SX!yM{VzGuC8&2?pDjlwnznr3u?LRLwp6obeyys?Da z7c35s{r;NzCJDg+9r~+NWs z*H-NxY3~nAviZ6@=46xjZPg4uc^J2^R&NDLJzvA>(CG8f));5nlaa_Z5v!_LYzuwG zW%1<^o`ixlZX;F`=*Lk`pV;B0Coa5qDh{C7)5|2A+{?LjV@@xPA;myOdQC|q9XG*| z5$dU-j{ zWqwR=O6Pd+J_HO4OYh6n>5b=5b1u5S3bE-Wuv$eJ%dgT)F~v?=hd1x~KqfAk;3re@ zHU)Y!)xEo-iP^MjbzL=Na?|VQVV?F|e!D8#;I`Mv1HGcSw}$i4Dg*7tlAb|5is|>u z`yX-R?8`;8hPBtidz}9=W&OD~Of zIXHMHf5H4QSJHDQQNo8%yw<>$&zT+VuO=q*gIW}xkJ`=3=Kctw4QqSN3 z?Xm-59;m$C1=GQS9|t9w1u0gQ8o=r&miKm`^*mC~2qls%plCFuGZP0*-j%|4q(*q>;4!UY$rZv4u)Mvc!m=yb9GxJTQ)q{}sj zRUCWs6m8TXJwsC!>QQ)jjajAClKJ4QuA8ste#Siy5}1kvMy-4xK`MG|PLGLd=3YNB zeFMd;e1HE9XdhT2`F?hY5~20iI#z<+eY&T-dROZ#b1w!qWC z&P*JmiD!D*G7=I#X?$fqQv~W`7QP!mz=Eq8`L;(A!5G=|`1pzJ001CGg?6CjCx4*BNIBnfN zBJIuk39{nA|EdSugC5`T+15Phr9om&$%sOCEzsER^)};;<+;BvsWL5GNey&KhP@l* z*9w+R*&k%hn&|o3H@5t1(d;0&Jr>u~ORF;V;9Ez8wby5iP?a%fPe@Ai-E;@o6*-^h zWy9AG3&wQK!@fasVH~;^euo~42@VLz^xm7`9gSg`aO0lplVxA#?mI-Xv z(rjwAD2z_0Lt?NrrDyc-a^{l}QgAgYRbRz$5Qphk&E?nHV<7oDx+VnV6=%IkTD%!Z=OFHf)$K{v;?1m9T&+j zPy+LiFK6}|j9{oIB)I8U9#%6jTu#)+Vf(9T+}}CEQjVdA&lc$jpF%XoqS~jisXkg!S;|^)LKgkV9LiDkH|9IJxnY{k)<`BFTr`&(x`by6S>FlK*j!xMA zlV;I)-K+)eGa8_~+GMDnF`UPE^EGKdZxd6Z~qAui`CQqv2Afe=k zw=6L-0oQ@H$Q!BC)760wB91N9zq8PTZm%Ag3zYkNhr%&`QE_w5UbKWu=B>a{be;BR zK_uz%o<(ctC5{SaH~!n34Z6N&b9iJVcZDTMVQEh5KHBGzUto86&q_UN+DOp+1w@-8 za{&|z-D_P)gD9O4G^p{~XypBXjhlk1+0xQu=@Oo2emkt>J>L59+Sd?6`bJ85W~qu! zVBSJ#<2B4pB_EuEbGrT%Or7Ps$TJ=WAzAxD!b2^-HzwKbCx=jKtK>u-Si zR;qMoO^5!1UX-fUSCJ=`OttTh;}NCoYM?8hWj{13ncV8|lR*yeANfGu7jY>Hi8aQ$ zUN4;bhI%Rqxjn(tsYv~(SGM<$j%v|vAJl}=Ln?h(lHFJ$XQ|C z+YP&S26a7VZ!JeJ_=;JM2(3t!U(QVyT1AiJuv0c6qsB%{8-G=fon16oL<50>YIt{?6#Z5sC`n`q;oYNLt>8pyA;qwz>`;;)R zqN~`=Wxh?k$L<4T!8}eNw2+o1B!a$@XbTUL5W4!GNDi^tXZh^Um}kz}I(#Jy0>uDW z3nDj$Gsu!*cLJ11$Rh}>i25NFB-}(^o+t?Vmo-k42y=cw_UV73kIMJnU@cf_XQx@( zg{DI{x?{tKN|TV8&Ovpu4Ci-SMTiIm)1!KUgiKs0g`1bgS({~}f5w=%c2ird7R!(Y z{T9d}bwSC)`j2V|ogXdTvqUa~IjPqY&RL;qN)1hQ&&#Wh!>;A8q+42iM5pQ$4u6e! z!rBxjz8PyNxPA7Zm{9R`tnEtn)2bygbmB_3+25rhm76A+W};XO9z?K#q0)t8&QCX+ zXM8)?;WyR_$Vu`&5EFTAlP0vagjyH|3*Tjn55^&ir<>}nYGP}l)BAh?bA$adDr0wj zbApDMKEZiI*>3v$ZqbH7Hp~)Ypu(j}U`I*|P^Dl?HS@v+W$?VDlV;%&9p2yVnV!T@ zg^dyK%!~}kS{Z^6nUp9(O3hzSv(v}+Y4-K2B{rX|&Ji1_BgVfBuFl1-*=P8n>Vs5R zqYo^LfmShtzyI=kczP~v6lNLY=jC6Ia(~Vj8ClCjh%<>hRg;fGWqjvULRg?$oLgIm z$C=^b@H7mYMI6Z2hmrFOojwn)z3zlz)z2}tQupYpmb5?>4(H4Z!=>rv&-4$Uyx;o@ z;lA=72oYnRQDcjqAIICF#TrN9EWc;m!FM^vqAi(+v=V%1v&Fv+c%h`~m}7>S&zjex zPp2Or;NZPNYVfOWV{D17Gq2ZRX(D~FR_7P>JoPMMmM2XOBP)W?hW&7JO`i1doGk`2 zBC36|wXC&X0rRI)Nk8sP&^dFCf_Z&CPz0o<(Hhq_fNTZu8vrpj?TH9ZUxnj^9NeRd z^Q_?!vGT1@W~MaG4f?LV@qQVnc5#kLI|ik?l3*@vuOrvf<39Yc(*3N-R89~~-l=2(Am1Xq z-H^YPYumcUTV!YEatj2VNSsBIz5%T3Vvg*mVX@nub(s?#U!h%3dAWjb7{3!mN^#c* zjATT1C<^kUCZAucww@z{tIEYLRmw^ukM&Ukm|`ZVZhE#t_AHys<#hn0$27l}<5QKP%Mz<*jZK&tdH1VJ5^{F!zm21n=~sPQMy?ONRlVMtRW0 zC5uflogO+{`uU?1EvGMsH`>p(ZsAkj*i)0s{_3pj;ZHNMir8z}JjSyZ6xcpzjN!0X zeGkbqi-G1$R6o}XyiWTAUJ)n^ZaKlDy1ng?Z@1<<51-iKU*|_unz%m2@|Ci$ zvVU_b13n=H(|S$f?}26SS>F8PPvYdz=Z`>wS_gPu7)w z?nD^xtjtc_ zF{^yDX6zvY4MmOi=$Gx;5)bHrIFsqtFPbcz?##c+%I4|$>)Pv^RyCJrA1%~dg)PaC z)b5i8t}|DEX$`u$g6%iHKe}q64Qf7h%T$6FIrEQ0V=tqR7nV{2WMF~Y1H+d=dhLV0 zO{I+6FJebqZq~FsO<*_O9ac_w!Li&33;6RATF0R`^t#G0;Y%r3WltMJCz(Of_iJ-j zgC|Vw^|;1FV`uL|NFh(B#(V+-j9unQv}C4~^E?B5UK zwlN1$EmWRGGry1AodhJ6$~G)Iue+9FBM_*gcq>?WC1o z+u5$pu`4Iwf|-j z%xf`hLAudquC0Ejq#4RKGD%CpglbVf{OS+IWEE`QUz4ZRPv%mXix~MQevZ(@)w)eG zooe6fK`^pqd>CwKE4&(f6tIeYcR9P+awRKpojd<%SdQB|mcy|ilf(^UuJ?`V&a)tQ zet8)YFpg39xKJuN4nu{-5$Rf+)$Urq{l&E6PQZ0pxI-4)xNU!+r-Wvk`-wF@;Cz4& zOjw(iF7Gwc*blk>va#M?(X42@hcU}aSZEPS>*w6`sOsDxWe z%qvL|!&ssXE+{0k6|N-P2GEo^h+Sw^jzrp z*d&Wq!=H-yd8|C)MpSwVrZE+wrYg7yhE!|Owg6)yUq^W|9}W9c2C?;n3rsbdP}5NZs>PRBp7O={WuGPnb`9;D+XAul zFaEs6x#pFQ+9?0kOd{l~-%Gvamu~geRd^)sZ1#d&(^=5=HOZs9>5agkyr+gcT^Wl2 zj5KR7>;&2`oEDjssvpA2WBP|_5x?I9j!wk)Oy1FIOlc0>+bMLy-#Cjyr_qFzwqVqz ztVIFY*Gj=HPG@@GVL;vtHkb?ni>p@`*dfBH$b43(iv@H@MyD!l7jcb}!yFL@>uWkU zT$Vd^8z*t%vw#U_5kO8s9@rqn#y57!I1duGlg{Ox@2iXIVyLD}rY%6W?!7E_( zA)sX=g~&Bwkc9p_!-=TAn+!`AmB+>k?Srbuv`b=v>Tc-|o4<7({cI8Cox7RvXvOYZ zkMyH`oY!08in}T8e?Art&gjc*jJEB}^^{Cn=O3I$U*YN#IyXz>GY~U5-YLBGmBkAz zID8mrltihr{=v{MTF_gM)5!AZ#c`AcyMXZjMSG~3Q&;^0{%`4E!vM3y&rBQ)!%3sV~U;Mn)h-9 z0%%eRd7bm<>I5AfWpdLYem&fRVlT>Gt8#NFjfO2`AwH;?)koa12`m4$cBG(-i^8O< zxU)^aJ2~9G5#5>mPe*?Yh%(!&`Or+i}ayk7b4^Fj-r&~cx0MT zqY67<5PE2lVtRaNK@-aL?&!doK9X4NU{_p9)B=ZWN+12yTG*f#E8Mi$9U|{HBx@6D-@arS_~IHC?v{!#J+OXdoWQj@ zCP~ynca27VjUR;Ou=qO8&i~$U2H&qW{<`1Hp0&2CVPac=e)d7N&6xH~il!%vibyYS z+db1OLEm6g@(jL<1^9DVC%*t9fhx0RVmBlgfO)d(q?lvpM1abc)iU)0@cfj>SV zK9_189_yfu{v#^PGdMYtZvD@vSCm^;S<{u|_ieOPE$~sU(|Pl{%)!|-b~SJ}wgZE{ zc6;piXRQr9{P=hA$M%?LOB*LVcm9lxWhs%+$1EVlbgqs=N)3;mcb*_mQ<{A;_s~eK z#?{ivpn&_(r;S$XBrHZbuEO-=a+0&1v(-U!&j{@8Ke2xT0Rks=0YSM^uI4{h&#dxO zZf-6j%x#3Uta#jSD*xfgQvM0YtGrGTJ9eZMpA9vy< zPxJ)y%WHV2b9o?8*oP0Q_v76as)Zqn`DQDI^vO=;N{H#buXIM`Jx4FJ$q%-F9(K(} zJCB}Pt|8|8#D1In&Q65O#GHR4fwY8(^;nI-p+dqd4l8lnH+ZEo;%AmLIRGLBToVI3 zPzjT1R%QTRWEiieN;gpl|`c7tJUZ4E;4Nyb+&wcV8e6JTpZ_~fj5;QAOv_;6M& z*aJ2szV`VfHSL6+euR1qa(ae&SPJUtk6h9$?Cq6S?*^A!jZQ0?P!k8wEiL{i zDOkQ6Tzbl|A#`<~ie3`{{62%@2}1cYQb?|K&$-YQy0dNQv4Ud42Ph|9QW+t}%DQwc zcj9(RJ!&>3&}&D?Q}*IP&S_gq!y^Wb{$HUiEp?8f91=DXquc_ExWa^NRqc_)_YFf; z+B7H3la9;0%MtPD>zXL<84KPeUh)wl{kENb?7r9 z^b7>~m1>Fsj;JJ)C#8>T2_5cIn6pklX1^=% zk6AA(c6a74jR3^-4V$*9TGsuHHPI~^{D(va7;kQkaR!ctuVRFteD_pbKW!q^kIWP~ zUYqE*zmK^R=YN)F{XIGoe(QVvC}0>1Mp_<>2l7ki?x%fa*@&Y%?we$Mh#9(-xRrKZ zGW4YRIdXx(!IV6a(Z!s@&pQ&snxYuHvs| zG(3n7)NYAI-p$_zP3H2n{+)_xSwB_sy!FWR_unpliyfTUAIbc~zCWE?7WAX5hU6vFm=)k&UB4}u zr_bfPns(2=Ix&e#z}`%YXMwdB(nN@AyH{?~`ys6jak7~&hD3GZ`+?Dp4%HIhUNLnlHI#&sD3ML;T5T5WN$j3^0)AG|4j zq-qJ79j+1p-Lm0E50L3K>?eRK8WV_|EJBFBCYU-_wVwB`xG}di zhQ(w}kb&Gzh6|wG!Z%8v{P9&3Hfj2fT0Y3cJyP3OnUwEMk~UBo9G9t6K^K;|iCF%i zW7)ecWl0KR=hS|i)Zgs-_;89nkcxs@S)jkX=dyQV?zWkkI#k`ueaUC?_6Pd&uIijs z*=c`El-b?9go_53jD!z#!kiR6x?C|k=>|>fK|Gig{Ie6=1z8o z6<~4G4wZ52$3x}`dvy-O`ABFV^;g&~r1~Sq#Vy-8U+x~1^AwhgExAb5yGRnyRIk7K z#YBM@4`>j8>sbURKe}}Av+a8T`5io@!WldJqLd4`ZN5l(?&{2c&y3smVgP6^Ao%nz zn$y-MKmI4HA$3dU=<@oXPlJxNcPK7q{U~yeDT*iVg=IX*l{Yf&Ij`Z{G~9OurMje< z=l*Wog~Ap1#z>{4c;Vf!s-AJUT;0Z@stmCXWc1vss%wsWm>?Q{L8p>*-%~>UIzL;bDoZ`fZ)!cxq-Vle z*WBtvacp8As^PF|$g8~c{XzV2BBO9lVvc;Ah@Wv% z|L4p%@M9~Ao637t4gP}rE_j?=RLggiKlrm4qqcb#)J?^@@nv$~X}npYOPTjTs`q;( zK3CJ_USm2SzS3_o(oVp#d-Q@5to<_B_Df+oWJ#QXoZHi;`SseO4C@iOW`g8BBAOtM zyegAVA~4k5=sxL>7M;?S1^guZUuuc- zK$$7Il}}uRzo49Mg@z^SQ735$w>MIY+YbZFsW^VbxSo2NbaS2{2*fPWcv9U5oraCh zmj%17zc#?T8*OAfDBkYe!Pc*HuWqBk?ABL?6uf_)vyL941&`?<9CkyeXclWz%TJ~} zcUg!+X5iTJ@FqMIwrv23jx_S|YCLqmnrV$Ybr)tSsQOxKhCHar2F%$=JKEsaXAY)O~> zn!FfO`zxPQABp)6_%WKRgOyXcE(2|@`w$Fpt|u62``DBEWEx6K)Q|5quYH?@7{{YR zfwpkUJH^xFa{LN;+n|3lM)6R{c1DALI`=$#Gbt2?_Y%d*P6z(?gdYheW9WsZuC-&9c<*|}Mz{$U7Zw;628pGo*_s&h~P zaO>&bb>z5K<$R|#*0hl#mo~7^7Dx~%W6j&;jZJKhw=pA`64lJAl33J2kbeBuXPzRTtz;Nob^xosnm1?WHqI*@l6~r!mykCnY1!eU0ut;w z!j;gM4@4Kb$Uj!#38Q4E3Rp z2QuYq($vvfA!itJQbW2vv`Nqu>ZN4H+m)79c88lR-frX7Bql`_@2KWLCCT!iV`Ra@~KsF#l+TteYEm>6$;W z9maxiA0Nl6j7Jub8q%(Nh2E?kNTUDBwwX#^tB7>vuV36NBfDu-nIAJLAN@*$#PA4|suwJFZP#4HnHj0SOO6$O3E^5-00(6# zKaBZok(0nFW2ov=;#qX7aQBTM-F?M(C1C!_eMr5t8XS!Kocz78|IawPP$%qa!&0`{5=RE8SM6II_vah? zI|{KlYT0ugTieg5{(Xs`FXE`ZH%xFu*n$Ry>Y+0cWU6c4CDMC&M-Mt|x;PF}yS%=vFI*UO9 zzk`m-+p=3D1tf2`hf8DhZ`mu6%8MEkkH|E!(B9+@2!V7;>K z7S_S@bR`+a4vxN6LGsdF^B_+{jZoLuvXkk$ze1D59!hk_OUf|&gStDVbCY4D))!YE z>i_>63S_podEUeh&r0df7=F23uIt3`-D(L$b(0w=d0J--VRuZi_}sYUjY3PpPNHaQ zYPiL-jI_nah4AaIaKNNsCJKjOj@90#qBC=h5YKcb0x=rJ-ma4#u)IQsOgb zWi=^@8Ro&yO!T_OBSEq!b%wH%!j3X6Lbi77haF#FzCF$$9KE=9jr7 zI*Dn&QNx0VbSw)VduyjZHZl)g$JhJp^ZHC0E1CS?{;}RUI&v$cU^`5A=2vnrD(&hB z>}T~OikW2ZN*{n z?yF7isoU}Q^=VneW=$x>(^gpn=f?UbnRbT%8BwPh5|9@YI=n77xq(uvvPYpYm})IL z2?Mv8rMcKrfpHsls0Sau4*5cp=kvZ3$tlV^l$5J>)!V#Du~leyLOx>yrJwtx;rJxO z-_~FJwbgptqM0NgpIa*0^Ecf*8%?867o$`OT#i6YI@#L_qA?UzScHWfp@*B?g=E>?dgo+4>kwvpeUT+-jH-f40f!7BH?w@LJoVZ~zVv8fk-zk85fsj7?+ zZl$tLuJB3zjX+?auD{*s_Np3H+nbX3*hg^-ZJ$Ln`WhD#q-fv{-lrqwG1hDqpNm z#Dq7^Yp_W-{MT7uB;e;253bauu5`%@Hm(ec4a-JRV7A0Fpn*|@YKthGendTCqV^W5 z$NA|a2*8RR$%j#jBBBR_8Xcb?)Ru9W^gaoBJ{sc(Z7vTcGdqKqSE>=Yu1{CuvYyaC z9*?Zr412D6<)_LX)->1uSsH(pAnNGp{xf;@Vt7ah(H>^3&V_Hwp;+(P-A2C{Y|DZ6 zzn1kTy*vUnzc(jvRfhr{U+Qh4g`mNS?3SITSGDzAW1-W%YiG@(nsh zBxpMK9#CJs1drjOb+hwF2Ig0UCeszz;nX) z%&+SwpKcr4@K(J0YO|bTTr#hW@BrdX3+Yz@nSrB9Z$)09_p0Cht%8#YA3<%&ty~cZ zI$?O5;}PoH7Y-J!2F!)tj~? zRu)U2wSAg*;m|88W?A!3y+1pvf75ZWhH%@3`$*S{X!Df4z_>fA2$vCp5>Vg#FmUGH zw5h<^6ea1K99Dmxl8+XX?VSM>`i8$6mZ9yLe8@a+cc;;-{mb>Wh5?^BrX3d(+yE(p z9T!>5K_62B-%a>&*tr|s>-pn?`fuuwTXK~%YtEW?-}>hAdaI+RpG=28)Ae8CE?yDu zX1&)TCLSz(B4NSBgNN{m@u3qOg5Zgze$IeXRefkRrh+X>kP}qQbtC(WuVmZVtPcGq z`tnXCnA6wP8&j;cFJ^(~BK5F%gla$fus-Mrxa1&VUKC@pIa^wCQ$Uc==UbL9$#Zl5 zfrgfQ&+ONp>OmYzZqbXGm|s(FgW#lt3cNGkupZNp$pY5`E7JV;Mh?nrDjm;#Dk>r@ zYu+ig%$wNNuK6lon^k+a3!!ii&zneJF4whf0jn2^JLTnH(k@U5f1MUiRWkz&vMBZd zB(+*G)c7fw{J@GQei}UzZ`+7;iZ-e+p zsIwyZ=A4jkd4H{J7eSHz9gkM6-ek!-FCbHX#4-#oqF%zZ@GPmA7NT_%1Oj(g9aBj% zLPM(72)o9 z*55VdS0X9q#z2a0v;mLoq>6uN|!-s(biNd24nYFFXzwy`3ZD_6MdJJ`SSj8zvKd>Gz;KtcJ z!kZTt<2>?OsulBVbjcQjX>D*F9&0d%`;J-+6!pWbSa|Recs%xb6XI6p=GrF-h=W}&$zif z?AIT5$==5SpQBlmHDBt}I4^L9%EQu9QOoXkq-~#`+>S1>Cd@noapON~6xFppqL+*~ z6k6dQbV+@UD847 zJ*p;UaTeB`d90ocXOkX*GSm9LWEISeP|MiJl`lEEns4K;mRvth=XjI~osCmzp~}0S zA^xq5Y3g*REym%*itdo|ZPbjY=;fMQmY++s$?eaq$(qXB$}Czb=DqL50)W-x#m{7L zu&y>`m+w1L6;*j>ZJcHK9rmw;GC%*{Jp=qX^{+TLOiWkntt5E6%q-uiYLolGSy%U8 zP`${6)KCTfWAODs5%|j%fg3?g?*jLkGo5x}hUM-rItLXu#tT)-p;N%86{93#s;aRo z*uDFyj3rpB-Z=HUfwX+s=(YtO$MX+_BuCNC+KRdX1Sf@~HZ;;qKw|wvLv(0psMpc( z>k^#bU0)`7SX3>A^r~~bzlTr~zC79(YI^^wi95d`O_xOOfXO+U?%D3{E|7wISK{UE zoar5L)^xyB!k#@vz(M!JUiCMo^IY=q5hjta*(7udCFZ~8x_a)CYJLO>=-qbvFcTD@o{Svt zrM`a{cjpr` z9FuTybTx&Wm-fX0%H1V~ng$$kC9+=f-DSCVp`uy?- zN^gpburTj!Ex-k0kG-tH>o1;{gQk~!c+%OEJe*~cUvYoOOBVz(T{1p0^?u3`gU8t4(D-$*Z$swh955=!Hw+ZLn``32 zZvt2-%TucfeF z1sJDax6en72i{O@0LV`C8%uUjNT0VAO@6@~9dg%FUb&!q{8{0)Rx6ZH6UhxZcKpDK z1eI$5@B06$OH}R{RR0=BOoQ0Sewjw``Q7_ExEjnMErY0g1a6FSmh2yPSF+KjXrjl_ z8Hef}PlBBa|JFY%kSj6f?xn20!8>YBRn3p|XFbaJhsz|V0I+-POTh~G`Rvw|J2HS{ zH8npUTbLEl$o?Fdme6V#G~d;l??97nbMwzknpj_l+Ht74+_2S4Y)LwQf-eP;vNkO~ z%m98lr9?9O^tWP<$PoL_I)>INVk3yF$$q4-CQ5v_YR&5rvwFPO9Mk*Nszt~>&-d7k z!_ph|`8I$in5h7`j3=9`AN)q1e-Xd&clt!WiWn_xA`bmUNCy%=)IKn+;mk&DqozCS z>l9WRACjz`SjWgAXTRRxu)wn@@-;om>euMcLF=k{fH<0ZW>o%<%j;UqimQr%mf=tKO- z`0<^iO+UXs9gl&TJNw;FV*%T9)P`GQf%Q_%;9KI}w8i7*HdD%ko;-GeQoEGV#?dpw zhR7qf0TIID%}Gj-s*bSaxYWA2Yyu7oHmv+rx=$LN%7)5PAKLaq2`p#_O+xXIm4gru zJkScpsnR*-=45ujt4h&?`)Xho)_xzFZ@Ky+Por)MTbd`39qv)o>R%qO5fKte>o236 zNM)+dm*!qwo!81c>Ha-I_gRMk#bF@(YKQXQ^F-X%AgbvY#}=e1`1^q81*Zf-INr$i zY4=$9kr;@jr~@sF_XS?Wmda4!nr&1y*(NUk!-w;Z{&}NXZ4z!cc^bc@^UyJ@RqKA; z-0z$K^7DXyhLqW#o+Vhb@$lXCQbfgu$X3=+!{_ikoM3q-8!*|r!l?NxarmGOc@NrD zPRYiED3EDS;M0lBU5HDQy0TlN8hz48_grgvFXg47G(X3=eZAl$N~5F}ENCzI>o72- zc`4YcHS6`iGcvpuV3~fEz#KJ*ynS~pgmqui2e>O;s>6oAbF9rL7EANX8(#^T^L_QT zmTdjy|HD{7nrvxlal<6G+T>ha@fB(W&C1%ycXMype|dk)bAaeiT9p}_I*zQh?Q1?# zEcah87=x`!Z6l{~r#dg)2bbK!mozQEfnX{v>|yaEb_oL_H)&6;xNm={hn#VCe$e3> z1f#qi}=!eXx_AeZv;@|wwH z>B;K-{%PT}VU%;ItMMTqfC-=gK3Eh!Xc+uA^2V&PNMu;Zn$0L0g5;_2xRJ&;f(3}M z3%}G^SVVs@UJ5?4%xvjT$vesf=5C&BJNgPkEHg(Jo@Sc-!|hi5(SHGKz;OE=S-wj6 zfQOC50@>t)vk9^-l}=0>tM*MGWCHi2Ks&@_OJ^N%^dZ7(~`v z{v<_Lhr|O$oqu;#8Z8$Cv_doAge10qMK7dewnbDB3>vyoRA$4Y*C9De-98@AL zUCVU_rp6w-AzAMLN9iAo0{lpS>H5i@rSz^%?oZ{_E*cY-+6&|60q}PyG0}wKPSt0L zyDEZ0FDXnJo>?{>+iSC}aJv$)%bmu|`D==YZ}WABJVnjPzDg7_st%DRWVD~A#d$dX z8GKIq>jyz)g%Jda#&?JdMbR7$vHVeVeUCe>f0Av7IUX@>Z zNRYI2H1Hy&rRlayJ?;nSj{N!+8h(iAo3DMV1+MF$I}5jPM9_?|cgmGTEv_5cpehqP z80~$+h&dNGoujp$D>>}~X#OP?uK;`B=$38x;?Y`wq?t?^V2pF4Fw*qctQY$7L?H`A8;YuY$w z4d>K3hpmE97a4jl(v^N^(m2_!N}Lh(V~^&O7z(b_RU?gN-c$&_8dS0+eo7DmHMbKj zCzwe!EX8MpJXqgqQvpmbpV~|{hS#b8tanFWDO4`46>a`fx_(=zty%Ww&}>w)p zR$q;xxO+(Ekq!Sx(^>qKM@fSMN_UJ_x?}Wc6h%^CbV*7Mm~?+Z z8b(i)uF*Y4a~{s`oPU6eYtQq1;(p)v>$Zaa!UcTe@1R0bFN-{u>0QFi(%`1p+(A)c zmrSxAg3~8`CPebq^zF_e53*V^+R6$la^@V#O_X)RosN0+)IjmF!iA&-8z%DX1C^1J z90mi2J$@-!)KwJJDzfP?x>M_);|d2aE+{sw$Z8NfEfQke>A(>Wup~DC+&AFsagD5R z!&JBj1eo}x+hreK7erb+I8otSjG|Wz(;pDP=vg5AiE0j7V1+87cQsfsyOUgKhAqG2 zIJOO6docatzdg(b#viuoL4BoqYI)SW5WtHX?(7Y;@tntoPuTt|(Fu^YI{=f=Wr-N( z`B)<@re(C1YpjpC9!R%nPjG#xy&Dw0gGw&GNK_fdiN%lFZep=zjFND^to3J$CQ+pC z8w7Q!WfVv}aO}b;hwIeV>|=7y7cR&MzpI6+^gopte3D|)C_KFrH?}=_wM({2kbyU; zTjr5wMQH2KzxK(iqV!{xy;xy`%(uJl%)i zj1pVZr5% z23jFKAO1v1hyU3Y?c!7b-{SL3*k3ploKAo6`0P)&0n%SodF8iSEMvW`6M)b_g)z*h zL~~8O)Jt>Dp8wN$f70*KTK0>!PAGqv>q!CG7$Pi?-2=~7PZ`cg_N6u?Y-J$AS$X|J zxGYpZ_}oNU-@6B(6Y8Sx>WlsmgXghGT}7$$?Nkv|IH97$#?$OolW@U9|7|JFM;mN zxwD-=!)LeK9;Gn+7A!U=rez@Z*GjrzugQVQ!ti&Ux`uU&L~!|B#t9aSi;H3MZk&lj zimG8iw1wZTWFWjPWkB>wHGQ6!ChBis{9Cb%-}k>V1K?^p;8&21SyTu?U7G<>ZP=3S zbh35}o?=sb0N<*E1`h8xT3FDD>CyC}u$1mC_{XX{=h>f=^Ng^_K_b#E+~w=W6yeIlS-?%?H{sL5a{6tltX-gK z|1{hFQ95f)OIW6!9esoE(QihiO6$9S`XlLhC*{oJ$m0LWw)s*_EF23j?fYVS=2GAg z9PK>)F^RA=2_jr|!soA7ZBm5ah|?7|nkzoz6#nRnpZsTa6PpkLO_Qh&uK^@%+=a&+ zg=J8p@vF<#GbvyK%p9{b|NfbBXm}3)nlE+Iy-CCe<0-!tgU(cd3yqo7tGyNJ63-3vK7#r5|`Kp*H!NO`xGt zJ2W0QmUy`k`a{;lQLn%FrE!iRN$Ox>{X3`=WY&&;en{&VETOsn)hyADY43n+qD#AN zM2psC)4aw)3#g;B=i>t1Oteasue&=%cxNt=vKD6Y3_!>X;$f79)~tOEDr z=W^9i{n_`&Qwdl$q!Q9NYh1%RqHkUh947q1yh7Uoule0tx24|#FnID!N@gy)jyc;J*2!}^|M9+?Wx^B7gBSvECk|;I+Q@%Jn6?l zfalOJ%T#9&OC92g-h4`Uf*i1x!@B#A^bzUVYlAzEL3{o#LblXYu88EM)ld|6?(3%c zO^(PO|7JEYJs-2ZsU&Wr;S0Xn@0l?UTGM_Vc3g0o=M!~Yf0besR#0FB^LuKoY)x>R zi72#ET-SJ6P2!KSx@15FD%slxzWBFydnXbx(uWASGb4Vs6L|k!>9j$?yW}(zLzPDu z#o3`cdtOcN$Sh0)f5R6 zQnvU%T9xR;k;7)U(qz6%vurLKJ=o96$^yQiYNHBZ8cJ=xkIRUDj?YRYiI*g9U;~g{ z`(zW#l*KgJoulN411UKC%1YDcMFH0%8_bEp!20biTkBxB=J@FoDuns(&?B}NGQ^+K z>}~X~htk7ZpP8ZR)E?E`mlVQC!+w4)cjM@)bl=4I1Ioej#)h5a{`aAwSC@O|3uniU zp;^$_r1YX@jkZC^kbA*qfv1{mi4E3r`@T3^OKcXw*2BylE=Wj^UL9sHTjIK$ol`Eqs z0al7u1j+Qi@u+a!nAEJ(p=#HGk;D-OZmE#NMR}XRyx8jcPASe`oXut8b1^Vy&oncw zIIHfI#_r~7)Ahu>omIeD3m}5;hQ0sV`pQz3xo2}*e@CzY}t|P*Tj%+9hHL<40=HSCYB01LIFK^pbpb`&{KJ2D3 zkqV3+tWrUf0H+og|C8Vw!9?8(owV<{^KZSR;cjOEN8e2QmB~xEczU$A4FonsdD>fgsvg>+)F}IVh!BF)AerA%XA;SX**;kXsP;{%{4D6kAj

*rhAgsff*&*d+1Q(LNQ)s`)5Z@CK`c20GfznAomU;cPw8zTz#crt_1W_Kw)%% z>v6bb7(2Y36Uw} ziu)PWn}fz}xwq4nomj}e#adiv5%&a)qeglk1ZQX`z5%P^G#F(P(>O0U0iqkW;T3hf zv)olH&TW}CXQOgd2)_qP>`}jO3-~ng0miF!z8sY|8C|B9utb z=|%@!@!**jwpz1GMjR$l=I6pjjFS-82bCD$4 z!b(2sFCRlKC6QlnKEt^7p<`Z9LRJVb`+@ZVYtt<7Eh@;Y_`I@sx$#2JPKev&6gM^pF-&*ct`I%i=otwwDfl;2=V6z!WRxUc0MRQd+S&{>Zwk>UR!y_BvH zbNXS-IMCESp=oMKN-L;>$rt)K)KmH|r0UzR+EcxmZZbx3AZ)zQ4ikQ}upwozbKsp<|AFtHzQK@gZUw*#F$PQtUr1xbtMGmx zA%(>}_=9ba%`*J8@4aq)Hod7xqFJ*TGEYaKpZy9g1^LX?n!<<7RM|p(uqZly85q5v z$Rj}AX6QAB0mdVD9_;ggHk$XZJ7%puZbFi$>evu6*y(=hvLu#<9O0odXR|_xCbvfB zxSusj^Dm|H^%Kc2<#Bw8ed|wxDp7APW|G20G)7)KCmx68EloRdE1nxAn9V)H^*3Po@T!ew~y5|LZpL@WXzgKIuYA~V)TdMW%A%BAF9Kf z<(X-<`L-&*!Z?4J^oAcVoOb{>bm0}Dg_lo1*>rTa;+Xt5F1pL3!)>7!zhm*OBUBG> z{J-vFRF67Xw=Fs8D_e;fu^z$Sv}F{aO#?Ta(hph3ia}3KzUD@=T?$JIs(z#ERit;e z*1-gaG8jxfySL;887V`BC$ZyEd2E2ajusl14JVr9n5p%3J?9)6Xj#>UPk~Dz01^PE zWWZ6`k=`Z@p*9sqYGEGne9Ec?Y{Y#B+&TA8%YE@6kIqUctE-MWwn*xzCWr$3B6yP_ zdr<20cH6pG4!!y2oLu?^)GH@qOeq7bC{YB>SIoO zfw<=5x|f|>4;R4^lTzF*C|1XEAMwxg06~-7BtjxrMnCZJO#s9pl89m9o3(A(Adri2i zpEf%`uZQ~mG<$#K+4jM=vBjR!->`Sb^@iWQ+N6LHzA!l6LkDFRJNJQ)fy}-yrjzMcd;gQr50t2reXT_HgJllIN^%dQ-bf=dulL$Ll#pLLPC> z^SVN(9RwfHYp2yn{owRCjR~1$z;PB6ox+t{h~ZQbx-(E;H)!F$ z7m25@;^NKwCm)6NXTqir`&af@|BK9W4;O6gN3W#bj*|EMK3wX-d8tD-whe6Co;g$P zSQ`^!i9K7l3uMr9zMIWBR8QXO)MAF3u+3#XlLOAOb_^?}tbzAo3~1%P1m+tuyF)4% z&61g>&n zAlbI#0#r`?fEiP@2_H8rH6fjp;Qd>W<80E3y0REyK?Y@KqXS=tIyigmXjSBk+sx*`9mLHvpF z)I;#!)x#CXEl4E2NdN8Q9UY5~-cFSM`C`=edYQ46W^PjS3+3fkDTICG`R6$LD`jP@Li* zlp@0stduHIzi8)TZj#0g*4MBL`^gd-`Xj`k$U{MfLQ9`6Gdcb2DMzEH`vhXcLJWT_ zNdkisE%|nZjKijX<;pVF?*tCEj(K?h#w%)Uu6b}~sXRh|D6sw?lv2VLX*lzO{!mA~LEU zuB-=MzKkH0qwBcBcdqZe4F*%QYv)Y$30FIM@k_($rB8N_(0lrWA>mPify6aVS^UfM z0o#jgWmS?pTi;dGZMJy9pYy434$x^k4s0J6b6W^V1dls;WKT(R4d^n7-uaUY9%UapJy0XEdMKu;Fi6cK4h(?M|e|KkqFvAOZ#Lv2JR|l7~yi zlm$rtd6E-TcD#=YjD6*VhaA7yMK!)$3niORr*Pe*1g$|NH za5p0?XZ%t{yOFhjj)!7#yeGY^P4VCw?Xz$*`_ghxx>Y25ep^9{l#oi-;Gg&Y&`(2B zf!VIE#D`$vIGfbAcB@E6{im%pNyD89n*dqJ*XLh8YCho)hnUfT_JX6lZ##U!d!;F* z-<==5mn(#yL$1=?>dA~CTsX(F7SCyWy%1b{4*M;tXY(JZD*IZR=_nQEy90hv9ZnzG z2JH38UdRo~Ssd24WkhbcGOm>;YJa%Z)So_bGoUOHm5}%y#>gM)>^;KD|Ck7e6-mey z=7%G1DXV3C?}|N93D^RK_rywc=gU@S)QFyy6Ffe!cLD%Iz*rSf&jCGMH;n=mK7cdF zEhx?mIBP*`>i7cz-kE%PvcJPW^JJumx!IZtu)Yd)o=z{iE|f=e5fT*&x0W0>6L6(p z)JW!=<8h}6UKM4Nk%MZ!Wf^2Bv-Bm(1Cd(yAa5FU?-#()>suAIlvQ60ng=Urd?eai zN@U$QQ{569DDB+&3`rN*jJ{E|rIrgcup!+#YP-3zNz&MFb^s#R^ACDj^g%7;e+laf zwC0m`XW0I>^KAIo4;MjP9b8%$7FU9L#0KS4eyWj6WbDf+aystaj&%64>2ZL2qKk8I z8Hrw~O(moAgCk=86vnVWXiBBGvgX((9*8FK0rG#6OufF6X3*)HS6CY-mywgnK0H}% zlK0p{WRDt1!?i1N4_HNKeOyZDrO?tU)O~tDBA3iLMTB1DoX! zXVw=vaf+S`o>}C^Bs-bp8Mqcmkj=w3qaAQ%ab&tm%aIpTi{#ELh=6v&h}CBMuQdO4 z4csu-=!s3Cz1c<`NYm+15a+)E3(iC*>s+0LN2f6vfwV0$^fJ?;p16Mda-5M*-JCKh z)${)Y6i!ZY3R#=VwV`M-qHu>X)E|fo_Svrv*-d~a0~mgQff=ep5*^89u9~Y!0!AzJ zYhSCPf0HDKoBPA8kh#<9-|!o(>R$RG=J_irXO1AMIl)McM@pp?DEys6&Am@}voXX7O2`V8Ncm{#U8-!YUI{j{*l)O!{y zFAY&&z>rk#*Omrt9bd40P1t2*WtG-A^JVQy#Ayq*(c3+>JKVblwvG?-sq}fm?gEG$ zTl#{b&XdM;L$$)waWR>V{7A~3YYMgT81iG>5r$8Q9TTNw&_BbL&TN(_cu8JB;=7la z{FlLfL`z=+1@N=2H|t;FL0EWjI1V-|=Y-ZEI=w|`guVL&w&q>FPI0->A7tRc1KTxpk)VecjFKzw88nw!k z+E;2dvn>gZzn0MXa6Aw(K_=$SifGdQ*o*H*bd+hEiC_)?$FuZ^qWY>o_)%H?4T>0n zoC_4U3Eqbnv~u|;Q_)p1bm0u5@k(@!UR;^^lP60@IZ{DaBn8}bM#nEq9UPEh9-_1u z=s3|cfHcG00)2rOuj;)6%6OCLxzsBC39DV_@Hc>ua?0#9U@o^TX^a~-1AjyGOow&p z`94m5!O^&oEy2CUCEp^6L49k>os*m|UcS={a&<^tJYHmoN2j(|cOXl8!Po2Th6_3b z27Ef36}|c2?s3;9rKE;g2IxAi^!ugN*(Er1>=qcZ6bi6webIL zaAnayZ9h@tl*wfV5tQqWErI0-p%R`_fEse=afevaq~g}uHe-zRT&WBb+hCXn0zaSS zE@KW`Tg)rV3$fXmnFUlSPFaiCq@N*~wDcV|a4ojKRnB;YtHsqN%b8lQRg`sSYG1vm z40(lrnGESU975XhIW&;?ICR*B8*NBB<+3Ai=@~gu?Vy2Tn16pWF zDygHP!tqKtL^OJ}>oZ=8mxLwX)cIGjV!Qo`j%KyTUWvKd$VLMpd&4cq2+<}P=1U!D zOVz<%OnFFB%}*@evdV))YZdK(>Je%=dR$TF$^X?x)^EcPbEG)f7l?6xUNf{{^X{7n zgy-;1&z!j-+~(Wyr;6OC*iNfx`P&s`M8h6v`${_YxU-E8+cA?mnLI4wtn%t;j)5Qy znp68(?Y!d$9G5T>2jl0ymH?#}PT~i#OI|bh-O1SIWmc~Kn(iZin5ge|8^^>Jm28-= z$jlao)bI{y13Up34PGv=PDs4NireMIT7iM4p(>di0OQMfc7P6bc-Nvq7LidCUH(<5 zLL+`X-^K((AnIvoQ&vOzFH2OHBJKwI?}t6o%E?RUTa8$?I}30 zznhvMR(QIJNjt~4U7;30jBZMfA~9gVI0f7RfJ=6*jfp9H@0-VknW6-`O(-Cjmo`Vr zqXL?N;@2#;%l{i}i2{YIkUvM%HvZ~C{HIUyrfzIvp-3*1B`up*4UQ#v!|C4j%A16i zTblqyQkMa$6_>eHCAugiZ3$|-`oSEXiu`z`V9x9wxjOvYfqJn0>bm;MIQWP6T&c8M zCE1rQ;94ro`kLX}mf5in__rP$fc(St#9C?wZQn|L^nYmI6mTjE=EdZukeS#_bX1?)cg;?vf2rT+-a)T;9@6` zs4#cqvwvOwj{+f{1Mk*xH3u4O)!PVu)OHlh@;+Pih}0D|0wyKyhw(7QSzj(efn$fy z9c3Xrh~1$Jal&tmn?>l*&ioE#5to40Ri|qSgl&RFLI``a%)HYsR&`$o=NZZsFLun1 z3b24sP}H(?qv*23d-QP=AsfPIUugh`F%aSL?D&5U$7Y2N71h2f^Gup7Nlyyi>ouvAL3ZS-6pK`tf(6zAP)xoQ zs!w$-mRfcJ`PvraH`9X6{ks{fHdPIH08(!OXiD+zf_Zd*%I(cYEB4a0g}ChYz}4~) z-7czsyJxPq4d_xoOMN}*7iMNk?Bdn+PQHB#b0Z2-XB;{R!-hBd0njC|DaOInhCrD- zk?qme1iP*~sHE@us_758M7@!jbYsgatti_-t(mAM$mdQ_VJ7Lxv}16Q$q>$JAB zVBISTr$)|GdWzx>qqi&+VK`rLSOxKT=)W}@eQoQ450~f^)^G@R+t*?I`~kTleNh6R zjUMw=C>(%J=WoUb#rsM5!k(9TG@uB}s8(-}&yQn-@k?http$q8rR8XlD#%|qRiY7r zPw~cqG7P-+qw09|_K?4TUrmkh3;jo=z&0jN9LA8W0+~d;81ZpceknW}s@^Ravz6!N z9su$ugVlok^LyUFj|pO$--tH4*;0QmVtKCe%W9!r?F||Wy_BT_u=1e z-rbzmZi`>fFvlF{+l+(A>UrZ<8J#aqYWIv=pm1Mok7kvKf`3YDBbcV&{#oI`8yYJo zaUcF_k&<*LNEWzg!Jc@2GEGgy#`x(d0F{fY-Bz#hrVsJ1$~``fF`BU;uMAk>NPA)f z`=qL{ea__!u^a?NOKOOGvPp;`5lMP#s~;!(H-~t<)==*-H^DL$m)fP^A_In(94*DM z7PxZ#;gOEfVj2duoib>>26^sJB({E`DjZ!VCWSvd5Hikb!t%n=A1FEy-ZW$29eACf z%gf;8fA9lo#+Nd->B;q0o}TUKiPYCYP!0Wi%VYOxF6Q_IxWTzxq?llyEEM zTl?Em;QSaskuy$2ew`Rs4s@CMn~Euf+1awnJv89u)>{(ZZ@2@{)GB&v_?HYUQrB-a z-L4^f`jNM)Ptte<+Xc%!j*Nbp0U7&RDRbD&lmj*38-M;BaLw+5Pp$5urV|?Os}a(7 zAYNr6@wuOyJ;fmT^(NCd4AUn38GQk;bI{>lOle4xvUWq>MQ9*OBN%ZT6Y0`!#>`v*!eUTj{ zgC&U|=oX4oDs&+E3;x0K=meueoePx1l+ABIeO>8s&W#cYaWWZM*Xp7p`Z=^^34z1{slWLjQ;Z7 zi+VZC&CI6*G2lq;`^Pi<(4Uq?>%Vy%(}jOLHnggo%+v|*w5ZVNyxqlhnHCySWtVH5 z*i~jM!a4{HqIJcHUftoKkl~_3;s?VQpSw9};aC0aInjWFSSNWLq6-Qi&yxm*ro&rg zRaf-rR%5_|X8tANF${a^`?g^Z3e?yD+2ykGD&@SK!hNAw9!{#1Yfe)yzu}J z%|l4$S?S_Cz*Wy4OGR3((a+75mc~<7l+E%nu^#zBTjctppX^{8h5qKf>8Zgcm079a z&mmQy9K^z^6_b!|y&gHPFKg5SZTH1060)d$H_{RLBRb$5;^{q6LoBWX<~qzoEauz4 z_~)5T|9)0CW+_6)A!60*es@ykN~5IzKDHBk`>g$xyEejggf5mDT{Q5HRhptgJY=Y}(=}@l7Z((1m^ukR=fBW5f!pCbZv;68OYgi9Gqh zlmSIGgV6(zgvuqwmFv*+u`;@;&dQ*^Jvdf~yUv>;52ToIf z?HrIKYt0DAr|q3KFY~hE}1^bfLO5B-RD`FzT;=|%(uRhVj-&$1pjj$L>H>Du3U@Ydfry< z_^{4QJJ)!SP1cZdBJ{!2qJ!ecO-VC6dWQEhvo##Xu5mnK<7|;NEZgThP{2K8j3jA( z9%Cn?tNHD#FfD}7CXc!?xm842m@g&!*{QQt+O;+f66R@AnH=(4unw?{;5{{4I=0pE zWFLRl@WWQ}7_e~rtA&KnTM2tW+m+?J0TSBzmxIQYmPx_BdD>F<@9ED9`LOQ&zE?x5 z2{d`gMP$o4j9OmWe21~0L%$`Cpp-1Rrg|iRx6b}Ck}Bs64D3YHLz|N<$VuCoUA9e( z_M&!a9$fYvZzPT{zDJ3&p3as^fro54kzA7XaBbE*O zW$B^|-Gyexe-wiTGR7Nmz<+K;X@i(aUwUa@T<&BQYOh~mr2uBjPGUz+6E1YA@Z2Yo z<6Ft7_`zD8%me;=_al=6KQeWEQK;L@Sc1k|9lw$iFxm_`<;sDpI8o3qVrcUvU8G8l zUdABt@hE41hRX^|&=h%Wh6rzym~B$VHl5RXpbvJI=QWK_ItV@^sJKNfsy%QD>gw&m zI2{hEKFP9?6Q^X%6zp}QrCMC_Bqz!X3e>$`Zalmo%q|Qm{6?TQ^YdeuMHqUB^jAkd z^xQ5Q{5yY^>sHew)NujG^x|5EN*Aw})U%b{6B7WYoVT;##6I-M3wMxNV5ELLtE-3> zdCS&+Tf-tfWvnY5MZ+zt?Y|-!wD1_xHo3}Z$X-4zhlZfe2cgFt1OwTD)A(wehBf9b9hW{(x&_?gM9}gq5|XC8-dX@s0IT6P1P_P_Cus zMo|&dr2pF2si(msAe^+UW*No`Jbi#%N(D?osmc>d%=OJqA3h({7Mim{N(82_DG(|+lufYc(T_q;I!c-xgoW*Xux_w$^(o6GXz3E+R$(q z0R{7*vc2IX*0dEM)om@-xRmgBW#*~AjAxJo8O921Ka%i4w1Rf(M=N`}2ZT1hF$jV*#atI>Bkq+d+>l84n&q7>;yt|n)wcV zEQX&~6z!u=*gP_I16&+$ed~QDT$Jxyh&Zc**%n00oL;r6+Jjc+Y^ezFev{HYW})b7 z>?#%gXhX%1ybyA(%jPu}oNVr)j!&S&fik@||21aP%kpWV4eI^olrz#HG>RJ8;% z-ox{p^ZbTxeknmA3bU zjPOHnVe!4dN0XM%Lf$BS97d|bK54h%9g>>8uYUgLD4K6SZKC3J5tuNtCzRoxw(t9t zXKHbaoX1V0Vt!pvHs(FHn45F8sW~?LzeP5tp(gO6WKbeFybAw8De@e#(O*8~DU=WR zp@`76P>uKC7`boR)LG1BtO3dAVl4{*UyP){G)UB`%y;sWiRjs88&-ZCqyz zlHC-au|?%XyfuQ#hLCgKb_Ge6Bhe;9Y2dcf>BN7GwLL=7cl~%M{r~p1{sR#`#`FO- zwW)8~*x*E>0PijpDz^DQ+BSJ7=itqGLD#nTkFAnxJZ>0rbm#dK==DsC8@qxSL}ymm zg68mf7gB#!LlxekxE;c6yKBEE9Gh^VYQn0N9)6u9z{uEj(aL0GrIli!>(uMxV9k zH-TsNd{_SdW8U96lm^=~fB~lAc<9Vy&H^Ehdc^SdF;xPs#v`-RM@iEnc-ut}v(Qx) zjRrIwR-Gz!%&^mn@;9p%&+x~yDNwWCkH&$zB_#vm9TGF>iqgr5L2V;aOuIClLn-%i zjoOEZdF$a=<3<2&)NiBxL>UQIcCXm*?8Kp@KE? zokwaTzs$ZQPCIl*5XMVtBfnWCz8IXgf{`8R!n~%?HJz|;3K9|$Q*4l@f@}k&Wu7_x zP=EXt>)JZ_7D7>6HJNY*xQ<@nXKpP^bCBYsN@0g5GqkT42F~{P_W_B%vLjZ+-bT96 z5W)5S6(vhN*Bg2**Ga0XQHTgbOsS*Qv7e3N=9Wl+w9?b@qIRI5`J3**>G-VbqAGF? zAY$!B+9{h^Q^ZeTB1Z}jHH*Ngv26^HJnjKjs2ZH z^u-`|hIVEB2dk4dUdjys9z$@|$ik(7PXM?j{v}``XBe`UyjGj~toEc~CzQ`xT+~!Y z-vi4d)JaNfU~Pp^8_(OQ%k2XFhJcr&VuD!6j+MIK)kUA?&{ zU2_TF&bunSAO~T74gGt|D2!&XHbJbb$gq!zY_RafkEkVNw3QO)SytO;<7kFHEYZeW zpG~43-H-sU_4`hzDZ_LSe_kxlC>EDBstVvgkNJ+zCrY)0y_~A$e6VY|PEBL;1t|Oi zBoSf%e*jJlpj30I?1reLfS%;#r~AI|0K1EDI!DR-E#4o+pQfJ@N|DZ|jP<9+5C!KiLNsJ~fHy$XfI2s& zMZ*&yaIY-Kn43S?nsd*DM&dNB|LA!)$=j-qWWrJq4fvCJRgzepscxj%)TnNgp?N9E z{Fxf04`)u${TayC<&~*NIc2J6cG4O_$a;kn|FK&D`yd4+@%G%O5&+316H=vg>c(=` zyj&|nx&RuXOSq3~bUZ{S$>1A7y`LL`2V69o&|2il$BJK?pro1n9qXi6cVtDNu`%)jYvob!@sVl zi2MOgqJ)%qczNvAMsFYG%Z4(RapQ{rBFW%vGA#YQD@fapJfFqW}EW z!4yYgDYzQ&o@6{5tmTYiUDMsyK;Ht*&$LoDI>>lwsq*b<+qrd=YDrSo91k8=J5q+* z+HZ4q?WQJjdFH9j@k`Dxy*eES|DDY=?u| z6&t%A_H9q!-<#`kaFB8#w!mzQ3s0O}3SPRrnSMv}WAk@8FOU15 zCl#pi_?9gKbn7Cut$}H!fvi?&!eyD2V=gqvF7p~wFs_v@hCiW8{}J;=#?s?+sN%HK z-lR_PhV}koZL9q5k%PBljNO3MvF*(KYRFh;U3hr;0%!iiZ+L%py)7}5%?fC0=Hrq5 zfNO)EQW=x{ki+wpzZ?T}4|xKIz}1tpl)_O+R_-rUniikG-xjBaO)vyXjS236rgV!S zhcv^q`X2(!m!M^@nAARA{a!d5LG7O8-KOOjbU$IR+^^?u)R(xPfYPfteO28lx_chL z<+F!?Mfzu9=&{@|NI5OQnG-RkyX+JHLt!|hvnD#iRv>d?i{36rcJ(FnR8dA}Uy(*Q z5tPq#pUXo4zeM4@NuS7&!eSbnCIFAMDz!$rkBt|thdSFFDUvm|i)P5U;3<|e;gcOz zq=Bj5KgvBVatkcBGtT~u5<`s5!%Q>b`=QBU?6{<-(O>J{Fuj&z;${KbRLSwegU79? z4DZgFy6v7{Yvi{6-i4$?eA!GbG?CJm(y5%;!#2Q(*AnQE2I?l{gr!&-*f>7O9ls@h zH@kZ8FJTbE{iX0Yx5j+$YDPXbRv;A;e1F&&POyz8Gil936MZA|Hth-Eb+r2>J?u^# zm;L%ks)N$J{Pg>LR}K(J1}thwq2SNOaL!ShIcQxT973SQ!oHs#woyQ(1tEsW+aN^H=t7 zXkhJ5n%lUL>+0H*AqP9!G0yG6w*miT1UhwGS{QSc2 zwj?b)M3*4V{x`z4O?S%Ug&-|UZr(INK}{l#q_%wtu}xDPtBv@+-=oigFr!5gDA$)O!Ie)-VtzA zHk7)_+h{*ZL?Lf2Wu!)e*O?WtGB?e&?i4Yg<+QdJ!-D(9AK~z1q(&a_qKD5+}@ZgxksubmK`l?UuEL+L3WSxg+%`?0!J|N$NTdf z>?f)Ck9`r77&txYOh#}+77w;IU$S6uO) zwKDkNJ|bl1d%Df{4^NClHPvrq;P+m)I=zw2dttJ!rK&uFNHZYjp+%pw>6d{-Pu+Sw zB)BcL`MNI35OaqBI`t=3H!*Igj86suUBABs#Z@LCa<{fNhMk}HVz@GaItn6vDGm-{ zKLl#^>Z)acgP$gf3x8xQ4&Kg`stJy=%yNzh$}Y&Ux&Kr&<#>QLhujQ~lp&IAt8BtX zG}}-36#hE2W%-AFJwS1cozMTS#rOL3iNSEjjpMwbiHvvK8Gyo-XwNIU=?>9e7z~U? z)gA{iKcQtlbRWB}GEhV>dhf`~qn%wNN9KIGNBFN)Rd1ITqNBQs%Sbr!SI67>ZKt3e zlJ5T%?SK6mRXooNB&HMk*n7>Y#pUoKFgts%G+s}}Wp+DBc3?#Dx z-R^<}{AYicQ%_|uh?Si$w|^PbM!4J3?tRg*ZCDo;X10}a-82Bcx_IC&sN*^+GGiY+ zDrNbL6B?g(o^;k5L@AYs9vKE7Ki3ljg$v;EoI>M8U}^&9Ck-VRVy_%~h7P<=aQaJG z{>t8eTr;%dW%`raq&g);4XfV8r58xxp`oDxtXD?4sLu0~>9Y^4U+7>~`M8IZB`o)Wp3RJATBds3wXb_pdtWt=D&k#(F`g{Qf9AwRA* z;md((lK4bhWORMl_d6O_7o?3+GK#F1ggTrLlezK4tJUcf7Ao7Zbv%OREbB<3^k)9X zGn1$nR1-5pDKvAjtM`q^G8JQGRa0!1<=tp=k@Fg7Dsyyp)eG=_Fz6+qeqRbn zBdn(iKkf0(Yg4Ff8U+0F)7wWH8;1U~nVHxw4Ox3)>d*?Y1pZHI!+>XY`H(hyCSOF+ z&Au5K!PhN{k3^H9^p}jF+`Y=p***n@=Pax-;d1qZtSQ+K^;_gk$89I7GeUa-A+J9r zA?*F8s&=L4{8qhYND3~A$QFrE=|JZ;%5d9D`$$V9X{Fpsj!oo;G>vKgq_^G2jccyL za`5z!s*mq}#=+&f+CstNng8}L?y$mg+OM6@+T(H-*#mr5}%6Q7kMlW>VxkOJYUC7 z@CQN4+m_<=J9`y7ZaLvmOV}$5PxB*b7(>=-U0}rr^EhH3_2X?%aUj+DWN-}>;d*0f zOvqfjg(MC#JZalT{@ybPQ0d<7onFrvOz{!V+ITV>yF?o>+=JW;?m<@$AD8=ZWDI7n zaz-*Fo#GmNbi5nV-)n)cSozj(mK}uhT=T7rTPqs2X`W#(d>TogBgp49OLLn0lceMP z(O2pvq*^bsqJGIz&_a%^ON8?Jxh;f%h~7Kvu<31Ol>r9ELRuMsbh{P5*C`^+Z*YD< zq#oukQkcM;9s0aD?Vc0FBsH{LnR1gVymzA`IgOUWFF4mTm8e6nB?|ijRZ!|B9{4{ccB*g)MJf6x+&cXQWspMEpL>^Wx&@uWP1oa zsFB{lb^YzWWk|5bF4%G(Xa|K~C4Jq$Id(tHkUkyX*2OC9(=;z!v0GvzY4!di0j5!< z)4rH&Ch^MUUgc5X?6h+;!XLT!CFn#7{-c@sa`V->POvZ$P++qW!(NMtX#>x>i1xT% zHEpP$iV}NvUM8$i44jv{w3;p^9Q#_kzYV z`|)hO0sxv_F`C?z6W+qlrU!DtW$u|X zetNsF+^l(+p<0>2 zov5DQDl!K*G-drkC+&yO)qfq^KZmuGFdXilW z6rQL}C-?O8DtE$%S+4vGdQtPm1@?Fr~frSV)jhx%Blh(`*=qi9c!%c~fI} zUAPb5O;Hy9z&etwhyBl2F36nU~mQg zyqxRbuZ5~TDwrrxW%;TYv_nC`+hcE>-VE4v^b2kpj%Y$z&Swg2fnuP6c#Slb!1|vN z7t(Om1n;gKooC8yVWqz`Lwn^o8Ba|Ezj>zd+#AOLRYOLjZ~5_C-w6p4;w33zoXXmw zX1(cS{R@@Qm9HosCY|u^%N>xw!*8APU!WFRpJu*EcJ8aZ@&TIkI1~L?`n+Z`#t@}H z9?+d-cX_4sKQoUq{WyiCW=(uQwYDu}eiH3ymN1~OwF?+TNTshaW1%FI`rG|hGUC7? z0$EPEk9{_FxpHgV9Zo7u)z`N5V5MBfFdwGH8b`btlJ`bYekZ8!odU4poo1F-Nbp1b zRB!soyEhzf-O62LXqs~l8^;2%*rpRS@W&z39Qv%a-1~DU%A%+%Hh(=GnwI}3%k}8V zroVRox5bp=IU@?5f&NO>5mD@>Jrn$qCeJVGG_YB7m`uM75HC3Q4}=}E zr`Ah%xL8HXAdaZdj^Bk32^C-h+U~D|OS<2Nps!ix$vcqG;@JhP*Qc}4tuv+_>2idK z9wveN2W5G0=JK{r6HWR5CryIU7tFm&D3;mjkrFx|d zbOlt~>Et|Za%}ON`_=!U=`7=-?7puLNP_}Ow<3+CbW3**T~b3RjdZJYcO%VE0-|(? zbPQe6AT2|uz;n2N&;J!Kc)^Fct~qD#wb%YGYNlfkRjF5%hzfM8DUs@?s}mSBajO@} zuvNGM$(jA@ZXx_joIJoKjo3U5Q46?jtz@RT4JTN?oxO^S^;Mmzx(mIZ*1Ow}t+@J} zgp^zr-{apJdpW!18@+h7trm797x3nnxxX5M#&^x${7mXz$xSWBKKaR#;qnPpuBD0E zZMY}AV|lxc)p%Ef6Y7{FRcV(mH_8tw|jk($27OG$Ex_( z!*LxN?%`;Ov=*XIKFRRJaEBq48_mHBVRSOylXetDC4wK=Kxk?Wa&IN)33*1Z-?ip^ zBRHzZLiv`apb|Dbh$59__dd4V=j(0?GGp$E_Sslg9%T(u5C#)_{)*olH@+G8gKem1 zxFhYjMoUeN>|bnyo&=PXTGc`w^6e<|D8uvtR3EC)0RHzMI3--bn4iNfsm@uT`5%M zce{+ytclbY5s%CKDrz;}OzzlUO9`6$hk`qP^)kK6WSdrfy~9p#dVS5Ff5z#2@^ui3 zqRgOL59nE%FvMkM9CNV5yRB57aGL#OglU*ESZTN+U zq7_knE5nUL8(j8@$wAMmW0z&HQ}~3f)W}MK9G+Ic*IDl=>w7ZpJ8onq^YL3bU>zC6 zt+*OG`ELJHnBV(`i5hs;jEb3%XS9F84A00RDI;ySFOI*XYaU5)&E%4 z=uKK$w7$qU+ge-8=eC=?;x-#4)kK*iYTnlT`{L>T<0F>_CMfQUG=dU?9El%E?WbbV zAy09IJjexV+dsETzt(V5A2z{acy07K%{3(`azaDkLwb5f0OJ;WZ+A$-yCGw=!5Nnk zDKQE%y}qO_MPv*=H_X@ik2m1|TJNHCItNSqKe#!FdjFZJI=HJe=+^wnvUHfs9B#~? zehIEM*)6&NpRD^0yqV2VtqVmz+01|M3^E{K4voIl>MTa9qQ5*So!I7VMPS(vsr^RU zgyS&%Zyj6cuEbJ(JL3w~0hRP0JF=j4LNe6{p|skvYig^`Ga;+F`So3zBzuPXm`uSC z!V!KxULICsl($3j*6oZ==A3^;@$HJOWaoDxv}aySg>D93`<7H$MhcY2pnMm?;GIDH z{abl;1{64*=y~5eqKa+7f@<8E$2uaHWVrGIOR7a14fei8e6pOC*m4Z)t135?G~~~p zn(>h4vpkDt*%94%EiUfC0BsZ4tjNMwB%g+3{k+H6l&r9upR>wVr{VZhYo#_!9 zZ>}6)qHy*!>xv22s^92VxtyA$HZTy4*?hC+^cmafIVf*G^wxF+2OZWk7HRMLTr47B zPi((Sv9D9bGdby*uS3jPsj*w@G3_zCH^pFd{5FF`;+VCq zGR?pDTk((4DFw9i5s#5wE=6HW#1%Xi$N7LtoBkB38$Vq)pR#A3-C5hP~ zww%WIE0&R~a&*srIY4m{#p&>63~!~Ue(ESgL8sC#i0|zN+*ZJJ?k~(g`_43`Q=R(y&R zxO>IY*yQ?(HtnKb(xUoCVj#0B{z7{%$|j|PvnC+KO$oj5+6b+lKHC#9+%K?;t2o!7 z;;Nui*wDj#xbn}#${O@J~YJ;!B^cN0tZM^CXBRJ)(;D15xxU>+eGP$Z1>Sg(o&gMm|M;o?ys2 z>5u*$U5+}wkQtP2oc;xb4QZ2crZ_0PUD;%zuDJ^UJudJ`4ev*5XP!4)V<7ydhx$Ls zv=M>fgSV)UpN+Y!!aQ(H3}d0lx8@EvU=xDa8v5tuaP`=b8$}=p1LLVP$TA~9xamN3 z;*wE}OMY_bpxG?-f+G;qs}@@&P)K@d_VTkSVRVw79Ir+c?< zP$Vz;`G(Z??^>O=w>SBb+I{To?W195m6@MAVDv$YlywQU9?IL?PDvFes~*L!8|&0{&Pbsl&C9)8pZ2Dc$mN- znb%j5y?Ny+64P&~Iaa6*Mx`dnFGkQ8#&h8!a?O@kv!xMf-g0A;ky@G{_=Ip5EgdO28dVU7P z>sy)t#_Mg?{NFwh-mf3i9vz(o+&y!4b|K8}zdI`p_Pt~+IQi8q-SSu0{_-QCMrsqg zRhyD1k_utgckFS1dG2iH*Fh^ULruP|(q>pbrPfV#5(re@DvE_`S~YTnqQyh?kr8=5ttXqXMKv&|QO6;RjKx0r9|B zG-Bvh?5w_`%)hjgF~|_8oGiQ51?J{s$tQtqPVJ9+En)(pIAVyTdtq? zd~0hfIYgz}0_oQh!D1}%iryMoh=bPwDZ&1Hh1an~%;#GCs)lr^q~0%r%sYatfh4BK z0eBEV`us`zNxMnr-hrDCm-jG*W}_WO9PZCn#3W?t@@hZZg>sUw9PB4Q$RKB*et!s5 z5+g6d_-gs{4Ru4ga&i(X<$|jP6~Jb_dm^|pg?{{QI^7$Qw5i>rOOd{`Ct}MoA4mT4 zV#gJr0i%ENfEiY!QI&?({JI@=VNH^y7%w9@XmUv$PIEfluW^}!Q2J4HQKF4H8nA?% zAV}^&#qRCxtyiQ>ZhEaYCnqr~kgaM@b_0555H_>voR6UR4~5GLOBV+ZUw{GIWt%zQ z?om+iQo#SPma>0#&%Eog;|^wk6Qf6)h&p4cOjBCDvp(#baHZF-?U(t~K|lC^l!p2W zG32i(;(W7v(3X;ll(>=u1w8({!RZe%{P#L=oFb1pvp!a{C1tqa&yQ+4@n5)DeFRP^ zYZ6L$(|R&}9Uh`ngtDi%6ZDCUXLhj|F2cjZU?_}=X7~K}-?#5RU$jvp?QJln-0$U9 zL3oY()z(WI_uH6ZZ$M_G-oI#?u)6!3Wux4}v0gvfU!EK)=+^r0uaT^hV{x}Q<=@uV zJ{(BmoCQ2u-`a{@^b&oG|*q~~gcOb=y=jqDRKxal5jLZY{VP$ejdLM@E z)cCTq?bao_wSzg}ngLL7DXrAtO zLuSt~Yko-1IlVtckv>HptKXd?3}kq(AWDP1l2!ee@O2DTG}hv}jJ^x+jO*>_wFC

nSq*i7B<5McmHL$087uOR_m);+9#?&+K)yNlERE%|70x6Cml z-Y#HpOmJ@A>t~yt2j$i);EAn2c3rn{%~q1rRMgJQ;A2B$M`3a+AXaPp{a5Gl*VDVv zMw>(L6<`gTH&=p_x2CW!7v3y1xtCw#o>}8Z@kmuG zH{0lIr%cQW2+Yi4A(caA?I6c*<4Hm{T#3>^Y7h&O4>-_Zo1U$A)0KvhqL7&qu4RBw z1}8;Edf@>w)yg7Neku$6fdTdSj$GOJ2XCRwUmyyn#6x8|g5tduNgIUFA{EHd*;V%@ z&J-GzT~#8WP0L2@-27f6YOS&-!9;W{m@Wa&FaP8e+Uvx|^<+p!ZYJ?#oaj&6qmDo- z*KWsn0z5r0hy1*%@xl&#+7MHw6*}btw>0gnBX@JLGYLqr^HEdz6NM?yVJ!6debxxm zo8*R@vs?;j`#+@_^F?ak`K@0vCCvkV+Eo%OcA8bRoh+D*aL=~~>9c#G*}8|%j{jEsy#TNx_# zOML^i6{b9y{4&vv4YKL=nVv)UyZ1)O1Ik|gj~A0Zc?iX`n#B=sASI~GF6_TfJ-@iH zpYzvbIc)@^0f410XK+K;K$*=5IS7#&RU|XCPU$AlO^$<^c)tRPxStA98FEeG-gWaG z*b&g@w>%3D-st3A9VHK!rD%lJRYk5nkAYNx#h8!~HN&8Yuarf3(eHH_g$q z#cdBCXZY+B^)GzD>N~y7LEa>-`4s0YSaq;@FD>cbcW#4dlXBy;hLdxFoAqVF$bh>ENJ#b&stNVr4BKg55Rjnhs(`f@P?Oy zM?KH%QD=d!?5segVz7_nwn>e7A@-x>e!XzoPg?7JKHWE^9h$krdv09F)xJW3@Po== zGCs*?3!F^OY9T|u@ENO;+|qJVgPi*X{E0J_ILh);vc%^p~} z93z5|k*qgz-qZ-S%H6BlRJpBNv5j4HY7!Cx@jDNTBb9d6|5o0f{scGGG$M)YWQWW= z7~X0mlC}>P{;pHo#fjVRA3NV6sz2~rUe5CqAB927ZVeWdhHl?dj(XQuJ{+MjUU4;m7hWK+soxn%D>cs>mK z4_w(j%3D~sh!uUfK_Q94I|j||>yf{S*05>n+K-{ENTnT868<98Gq{^AjZtLQ5R`>S zA&PnxIbNSX7W==uCeAxyI|5dC?wfbyDLeC^5ZbIQH4rkj-g9pSd3wBo?d|QRTBYL% zw@UAnvnVc&yp!V4u#R(3AMw7K(9=F;_Dj9ykPj-zs>w%H~ilCm6JfKR# zpQcR2M=lp=!N@`oV&?HQD^&=qL=q)~QE*uaR~H8!rOu4}>V(HG?-Cu?^|51H?RYau z`!S8h8DpDZ%6%?P#7G?xE?PAzU&1y6Y5pkmU6#p zMhg;x7qe(7)#pS;MuNBkrQgY`*ff#t=l3vhrRPo+fMu%&S;VSrr5ObIBT`F?$n3M9 zfnBUmGg1MvyJv4RYsQrm)Kp+aIq>7svw7Mwn9PAlt_3;qxRi8Y{2ikzkxO1FH4C%% z+0CthkWfTe=|+S?NMCJ~(SCYho&ahPadoIlw|8`l`nM$;%7#t+uiSGT5?a;S$_!H; z8cW)pr6YzbsupnE`fU^Kt{LvDzc68QqFOLoF%q{#-HxlwNqln zPmXOwO5IbYs-mvD_pD?@a0W0r({oJ9Q}0Ae8IY7Qb*pu6`y>kIOW_JHDP*Jqz94-VzWz3C?8Vkrn&@vP>26f z`*-_-p)o2pbWkq!mxF<|6zGSE5K97dZ`ipu`U5x2oLlf$}rB@?M-w2KU=P z?~c&7MUj6$f*ONs-4_52sbG4wgsH~+%H>DBf)9gwRUJ?fjESoH^SiIy!A>2B@Pj-m z39Q&Glz0VUKlMR&sHWsxi4J2K9i_A)vH;8~@TJ(WzuJGe(*Pw91$|%?wmMzLJ- zx^`=8DS0A)+xqm#>{$Myt2}W3kE@rlZkj8Cz(bd@d(b%Qif0&#CZ1sk92kmE{u*`e zo?hLb!Of4vZ{xSAM2!oaLHSWX5ZV)GB4`qC-aX!G;VTX`D+_G@{a2P!jA{aLyGiPI z=@@=M;@6eDo4OOQEhl%;jUd>%KNII&!`I;mr|_k6<=j!o#Fx$ zdS`4omS=c)HMGp1f<)1p(56oYJCfUV$dYTX>$C2dY+;Jj3awpuY7y4IUwG5?!&@hI zN2YAV57~6!paJxC`%S2}-Pj8-vo^n+Go7x&*7fSVHWY7=RTbr(=v3hxE&CR!Px1;M`(syKgQy;SZn{iqu!J zo2S}V(9)(!jdD8UVPKaRKdopBc18#u!}=ZuFuWFi-y4)9t4A40$bFxnUd#NwF!>;-|Ju>0kQ+SM1rhv`6yS|ivf zTGiWG@v3e<$#k;C%vuM6dX9T^a(;f!;-zW5o~`(T_RAGhj__8_h9S|Z_NFaZnsEw& z$eO?tg1tZ_Uv0jjGXYUiWQRUna4JzG6Na!>3%XP5=riH4GJsHxUQQTFPcn<{X`X1* zYeC2%dTy0&j$2J{<}Ce6PCn}&(Tfw`hCxTQR?_$-lD*q;tI|FSRPI?OK1rO$;yrO63B z>+&lV&krb;J*}p9PE2p%&Zp72G{Pm3+oG&5I&+vb7Df6-MJGsY*(Zd7>sI$ddwt&z zj~dtRv6f2+GJM2^U`zb^$J&~f2?^Cu^41Bd|Ic!ZYm$3qqXjRYj9JT1T|A2_Vl=2( z^cfZpwghg_3O;lAEazOrt$iNnkic`o_IBsKD077f!+Pg3z~LXt<9ZdTKqoTn;}8PwJO<53>`m`=jjqXMmsxxrtx(nAJ0g5a-|LA zn`~^nd`N9cqHtugmgp|F5WB}6N0r6;b+*7A_*8H4_wVwv&?9^&&16k`Ow(S8m?XBc zwH?vO?*Fo0w9AzTGF>GSn#r{?L|pux7G1j}OX|5+e=>N$e4Vp5d{3MQY|smTf(FNc zKCSf`*>L1uX^+faIRbfOexhiJC;q@zav=Y%RgcZw(Xm>ScXA;?p|FGJqI>FZZ^6ZY zS|hhTVBao@KJi~?h1pS+Teg~TfYQF)4)4~8)Tz#e^hgyV5YBBgLZIA8$Zu;*0B`8F zM`$H)02q+B>G9_FDTb~c6^-9KwEAuC(`~mXt>X|{r1!0@VAxIjAEJQU*dK0_EOf_F z;PIEA$H%juV6(V;D7PF?qNkNca&Ax9sG~d5t`fX4Nj{KuGFvDh9>Laa=q6-odHCLs z1Nv`%IKCOae0}fKV~Mmgiw{yrhprA}-F?n2rtYj|j>st^KLw*hqxkONubUS%ZNn1h4Vd2hOMcOkt|hffDyWfP8a zYd|rpD@jgTMlUBP$D2!l@(x0X#aBk@zBQ7)+o*< zhG!@Ns_m9tjlsC+1#8nhb(KeE?vS8gKwV+-VShqvAvORX!ZF4dooIt4WUE-ay!%VTu2vJ z{zKcwFxP^3sb$Apxdh48k*CoZZSt%-e!fJ=8fiwmOGpVxd{1OQF_h58WW>4-I$e(E zW3}%)DreN_?t5vQ`z#3kW~iACCzuCmcam(a`2Rpj6OVo(yFbgR$HjFpV0Kxs?9tN9 za7qqLh^cK)$>cQct!+_5;VZy?$&^`!Hbegbt)Wk4lVR{30Y5JW`v9BP(&6dpYxGL& z>0~k0`yRYW7W|~9jh2^Sf=F8EGK{S!D1Jq0YZ7kvON=fE7g@(UoYP6eG>r1+*<8lf z&<7l4#adl6**s-ht=H`2fxC|IsyeLPDav3qm^fE@-bsEFNv)qR$Bb$RLmb zZyA^AKeuoF&YxIp)Z9~t*3yiH3*5HfU1jJ-T$d9nJHm3lQ$*uL z#s^+NL$v!rvo3yElFvhFDoQ&~^K197WAq8&erVzT`WQT&h}+)aRcw**9i#BS1+HfP zRoSG4p4O;st3G9uA)ZHf>QHWvx#3qbX;p9G2?4KMeEBjfhC|b(Jbs>mTMoUx*mxip zR#>_J)lyEO*QG$x>gCO-EJ>~(C+ROR(-FD5T(4jL(K{vb8ctZjg0If=11XS?BY;6$ zbkyjN5usC_$0www!W^`$Y?h)SIv--A4+iP#8cDBXvqRv}sQZ%Rq+b+SD1T(Vu)h(8 zVQn{7V=~*J$mA5l27&R?{#04FlC`{1R^#<~J8Ql-TBUK$Q6su&ma{o2W0+UCD zC`l8Z_xF0Z&0lr*=)LqF)z_~p=~~)-MT=T^b7C+6R4;1j(0#1+b~f2~P!3N1%=+{V z|2wN?{4K*`O5OZd4?$-fksgkOXoCe3cYlY24{|bZ`%y4v-d}8wN26s@`kqmbW1f0j zEqzPhb|2_*sUzVuuVW-3R}>mpoufGZ(m6=B{h*F=?5W8BKb8=5Ilv$Tl5L? z2uRC`P?Z5Pc?wyYAb8914(@%VnkA5|k>+A4!CzVi8=bf+W;l;k-aR;s8au#(DjIhOZ&-2qsFV~y&qz7ud5#z#$UI^YHM;^vD|{7c({qGP1Iuu(go((b7eke+rm03 z8k!kVJw#ufrNQPcNp&`v zMiAfGXC?s+Bx#|jT4ii8AR>OtDbu|f{j55=JI6Up!J@O{r!Bv3jiA-Ll|jMH$XxnX zsfY{KxJP&qs44dP9Z+NVPFh8tG*ZH@mRo>02uFq3%M(S0J>cj8LSoNjyp9K`zl!pO zp;#ijbF+(!(LgOEzsTAQ&o3JLWVrsaiM;Oo*j7V5|E6puHb~-^@bH5C#M{x0+DepG zA(~1B&2?8YD|$ga74yKn8Vx6K*@TGWiOJWDd#X>TaW~O7D(K7_eNJF;@{R`2{=%CW z%ovA}60oSU%QrD0eG4-mze%CTK7BNLal~6lrof$fS_n&BgP1z~$tamYno<&{O`$pI zAG-~2*DX`u@zONo2F)-iu9C6N_y`W2Ol~@Pp`g7&CB3ZBem$&o5Vkl=MQ?pS?~!3%4k9 zbu0b7i?;d~jTAnCR-N=WnolQ5mH!aNhS@Up%rKXJi6_0UbWOB@(Faiv%kWjW@{mA+lUT;+xJB#HA?T=GljOJJYw_;lyp^8aAL?;t-}OD0ma{;h z)$IZW7lOdH3Uxm~X&gXh#S{_{C`Aip4*n5N**a9Kzm1pOLFK z_0O|opVH7DN{tR9ES-KSQYthvW=ODk=y>bzoTQT`vdy*w zjW<4bbTFg;gV9dF#^Y5MiC{inb?OqKW29Z(QY@kz*tSE4tQWX0%243j^i%rF*b?Z@ zb>cx}`m~^bK2sAA5VW#xfB#LLHgSJrTEVP`)sPM1(K;(isZ10mT1NN!Cbr%%(!MNl zKv>0r3FkyOkjLj`%i!w83DNDqSe$Z34bmC|g+)Xv29VZbI{!Svd8qoShwfIf>lC@ zymtr833oRu&v@Wt~ zhla;zoywz^Ar5^MI>qV~WfDQeHj3ezeqjcPrF?GxP_L3dR=#9oN_P!D`q zKGd_GRVPH<5u$_-MeB7?u;;KTjHeN|Cioe$B#NTWYqzi^>G1cdEvMENR!3G*ePWzw z{FD~_i_b8p5rDx2sI%A=5$r|Ix)Mbf@eT}XNkiE=Q(BJO(`T?$>D)4;(2Hn$S{Xh) zB4=A`kLU27_}qdS+ka=&Fcs$6iL+yqo%_Nz?z9tGD;O?Ifhq^S3FD1!QvHm_0Rl0j zojtoU5|{>05mQ_5srLi|QMZHm`O-hRYLQzQao+9ci94585nX^VXyzlJB9~{hFBA3tP`-ay^dWc1o;{l;Boem0%?rBmUTXY_(~OsR9y zaE6__v`R~<>e|ly{y4{ZYTX<4XUE{60ab>-4h8#Emau} z(~p~(8DFO?I*@dGJ{q9bJ4c}OSiemj*T#Q75CwbTrpgd4Lxc{|Ic);|1y>T?JPCNz z5Z7X6eX^(7o1o~W^cqHrGW}1Jd;NZlRPr-YjV8!$ijG>z%6mZ)+=*pruReGpL&##izA;{9&fRm?$f3{{aRR`U|!TA*(s+Z zXs!-B(fuTS6BSIzP;NSIQeyH2nylB(insAC=8 z46ilX#N%&e%|VXM^nXI773*K1Aiv^EAUeZLG5eIR4Us@iDvgo4tKd@?$cs?Dc#NX_K?uya zN%~aO9xd^j+49s9e->hjl>CXQftF56!&DlBt~D&7eRpw`RK3k$X3eEmC;&~FTn-i+ zZXzS44m0t}>sVGe3bkNI8v1O7;whx!)13@q)Tx#Jvvyr>&uAQNA=___-d^FvNxOoW z)A}X$dPLZ2WXGkl@y%}efjBF-(ajt#oElHu(cut#sqAU5B7Y`a|IEBw-xad84bRUw z#2T#^yAVI(9lIK)@pwN|nw{Df;1+NPUHf++4BN|4X5hWY!w^bE?q?S-_u{z|T_$c# z_3t?AmT0~eXupZkyFKQZo+i^lC~AMhRjPmY`M)iu-^~jAFC*7pJE;<^At)^gXfLbx3@`JK>~qzZxo^EJ(B%oY~A>mBaxl&UhAa z-wsG051G(+cm9uGM|k*O1I1F6|`6P2qoH>q-%@`Fj%WE6=*A<_Fi0>M-O$gS)47+HaL zfIDRPE)l#-lckj2_ijSbzkfK+bkqj^GOr0MC@8@GXoGv&vF%!z<^}?`jemGf0Oy=t zN=(>*q0AjCxnn=B{koQQ3|`|ugCwsMT$W4&HC5H=QhFgr=8Q2Pna&`>ytKd2wFsTLT{^m~K3nGr`I}wbw?x9W_&0!v6Qb_8hcDVe9->OAf_nMGm|k+g@KTN@L~h zgOhrg%7)Cef>3)uPVu9;XOt)DO$*7Mhz08z^E0Cw;u$g5+m%%F^0wcil@^7D-+DBr$iawkMBqijoA53{IfLGOZf}e z{sPw4+}|(U@Tyj|bmytZDNf{l*(5?XxHcqlR6o#WhkV{c&CWFR()yGnh~U*h(q*AS z7GJ=bqx$OSj!+f@@4s$BDs`zS(rc50G6o$6Ghg6IGap~?&*^bIY1B?TH6Ak82v;&Q zqE*179&Rj6%D1<~dwgRke_~cp#V2BAN}oM2M1F%kE5fQ?w)Y~gu#DU)rXNzG82^uY z_N5Y|;Sz>5+bnz?o5bO|x8e&_(oGfBn2^aST>pJr)?gDu^p~Drh;R%UY}~UJrjEk( z`h(|NS;3Ol@H1nSAfU%3bFd8V%)7U)WrC0$JF!yc95?9b7Xa;YCAegO9XJzF-mZO@=C!RHhc8eocl9!5{v%9l(bVB z{JC+|g|U74;LGOf*d8@V1&9JAB+;SFHz`{rJbFH{8#FSuSFT5gy z@0EsM+AE6K-YJi0*#aVCJ{Opc*hQBhbE(8ooGvq5f6suOAD%q4_(X3K~0V z(6M>^Jf2{x=KWa9Xu}cmxvK@AlEr{5WGf#U`9x)yazB2(x?3vfnNLiuth?gxTJKIV zWHFKj{8o%W-w!#1Kq6ddbcGI+1V&G0{IEOSG@2513X#lC?BJtVwau5GfAJUt%?8b_ zLEss#*Hmy`?+k4T|CoJf;Ae@cM-*s^P1UDLW4FZHkl;W& zNg~nXRO)Hh!Yz$X@hPliZH+gdSWLAQC&>%z@4-j}v{c{}c$j`e^4$*%#K{^G@_TQ- zAhcKB3}lW-5$PJ!@xcC3mV{c~G)yz|!cLa8tJlS zZLvvq;nwLs&3^g^B0Ky@7ln0|T8;aCWc+{RFCbg`J`+OzTpn%XwA0x6uGG=)5IAy|*%33e!N$wO>!-Y6BB-D!1ahIF(zq?xoob}9L z_zT0*i)>cBQ1vkTtleWeAH_^xrt(%OTNXG7f#tpIDVJf-yJo&BK;anJ3yQw*j^^_@ zD-9dy_NmOl;J2Z&Vl$mmx4V5_C(a7-d`V`3JepYl zgM`*X-|e~wpvJRC+zf+4S9xfW95zRArAVlI<9ms^7OwsLSDurGwv!gB1y%Mf+ zWI%`I+b_E5Yw<@Lo|uU?E}h6wj=iECJ?_q=PS3RU?*wtUpFizWwdfWH#h1!uM0V4B zx7`Z1?Cp~|H8$mW2fZux&cuLhIIV5c94P3MAl+rrQM?k`VL+rq|G~|_g&zY0gLiHX z=)9Hiq2uNkmfxqXhJYUrY^(kKYF;U8M!e#`xap(s^ z4zh=C7aTvGJ|F*@buL*Y%qp{~Fxa_+=%IOs7n5$4k9K;t!KGzk7gNc7;h? zRmo6EVC_hHj)?E~bT6yvfpRAxf@f53#0k%2+GqCYx=KunYM?X{C&+Hud7)HgP~ax$ zTWLu2`bdhCRv(v+uQ{w8Oi8whGFuQbq>H zCJ)YeRXLYonmT#BGCO0h>ve32nuxW0RXwo4{|>fNd+Vh)8eQv2-J7!*N1uPe<%AtWcMf4 zCp@kDJ4OmWDxqaFwoD78>F-Zn`>1Uc18PgU=(Ld~t;$7N3x|~{$gCvmFE4Ix!D&79 zq9R&07vXCQTV~)!9;(L}M>Fu+nLlrt< z<4`SMJ%C|I+AKiAWkpHShkR1f*Mmu7p^hm)By#;kuzzk_sz3yE6a+ZjV^AxF)X=z2 z=hTTJ_kso+6B4>5KElIY?*zYJH+IB9g^erawq$lGX4tKVuKX1#%703kjZi<+^qj@{ zDTbp{BHgbsn(wU3*;hjcQJX1%TR!{Y?c4AHMiOLEeO0{&RUc8re@43BpZD!mUFV&V zYfPo4ff#)MWK7hB(N<`n&O^aZ+JMz<*sgHX&th~qB1BjEwcPAz4%yg_JIE~r zwN??6oHyNtf>>%HRapegM~S>Vcs{I@{FK+DWWu(-cSmr;_n0~g!gK&y27BrT9iath@>u7VpnoRCgo?e1k#jM zl9%RT=YCmW7f`P1ZNq|rL;V3xCi;A!3QJq-Pxy+QivJIXMHsVr8OED~?fE!VT;msd zdB!u<V=x6pPJGZunl4PGC@KVcF4 zN$x~_`SWQ#l9`V}@Els)HjCfREiEmP2N+r?bE?=;F!LliO*b~Ik`Fdhqk7+m3TxQM zBxtGahIiy_R&DU3S?VL3O~2OqIMzyRqj{(bAr~wyze*;v9QHU@7R_Cf2zrtr@hZH!)f6u#Lsiy#x=!{kZN zTZvS7O}yHK|0zoTAzl_~6`S^SX|UYxk(PDV5> zH?3>`2HGz3no=gq3<}V2OwCtb^)@naR-ZsRN`8Gj$E^#rWqM zE_v354~!^kspBf1CXKnYEPu-FhT-M@NO+<7U|q>MJW#QDbHVQaqy>s|$!VSbLN*2U z$vd+l?x#Xo`CYiEG;*Xz>N_9P|aDAod{ zzb6`k)Yv#-6R8<#a7p;}t7Wx6!F#q1ZXUW46^Z5Qs6y5q{Eti&vO?HILEpZFDdura zNy*$}28)dSz?8+LGvA z%S4Y_>yPXg$X>eU>RjSgy>>mv?u-3vouh z?M<|@w{+xn-VyTnzG8(dvdYyXA{ttyJvHWc?oZ@MUDyYrFNTrPypqtZWv0ZHke_su z8F8nxZ^0aD^7CcQtRwv@r=ZQ>1gJK7=2Ps4U7yi+5AmDp%v{c~w@He>9B8sbi0 zs)E-v+k8Me3`O!H`Ad6pPHY8Ka<6Pkr>H6pP&$>G~8?wy{B^~)lrT5U77 zBvDkJr(3zx69sXl{4I+}d~ex?w0)CIMff8F>G?#M2YYdwoLPKehA72C+IH1GnFL?C zAXP+k32fS_;9ORD5qd_|IEzwdJ)~&2;HiTBrk*R&v?|aVM1JPQ5mB0k&2hY;q1NFg zwJB4`kWjiv62&IB5G&UYDN%B$tKBMcf$JRcqOKZ|$O~!(mfO2R3X~P&FG6>r6)~P@ zLCE1Id&k8~S{>LK%_WKE8_VkyuW|`6R$BN-PRw|dAus$fb_~5`zn!a}r&(-W$Phg` zkgJN36^hbwWP*-B1IL>SLtK2*ea+Qkm5Q4+U-U+ImMV1!KTcD4b+sFo&|fc2Br$NH zxt8X}JEA|HAeaggp;)zy25Ol#9zDu0_n3eWjYd=d&J~$EQv( z!kZuR977Ui7Xbp@<^9Sv54LlCU}c|c=bx1kUb7|tqRY>hw2=}9reomUVg49aKj@ck?C%6`D_DQ1}_7*4Yw6`I9O;aH>01rAkk{&7N!A`FzrF}+Y~ z*ZrR2$CGc<@aD5tl!y;3FeQj-suO60AZ|Tl{HayMT)-Qld=q#Z0|qlT-)q^VU-T=R zB7(r_33ILxX> z#TU&mAI8jCw935oVrpC9ZvW5QiT3hY4X2Ple%NxHSF2?9Rjh4ohx081gLXM$Ayei$ zhTk^1E#ML8AzrDao2~^?-Y_lAf+l(OrylNY-3hPb%D5yEh4Lbbf2&J~X z>#p5^NCXOM2!3&%A-pg_?DcaZ_lVEQ2UkB)6Usxpeg=Kh^NZ0X#4LOra5}`}yzYnN zR?V0#z4tgBr49Y&%B6LHyKMo3FGxOE27Sa*((+Wb#F@+IZ}Lk#k$)aW_KmtJ8S4*2 zk5rK6&VbZUO=?~G?{gAv04c2}b7CZ_(x3zNW+X!$bD@o=PF5ym5of)67{3a;xD_7S zi*H=UL?}R%1ERx(%CTvV#p? zs?aLTiCGOZSN1I-JG^j{WvtFV>CRkczGcq-_h3KhCP>3iO`jwh!@J};3u!=vRi)>a z&9Kz<-r?v5za^4JxFayoXs+8W4Fu82Oml*0LZ0wt?6!?PdXq!BOJgppCy~xw^=^`Q z)CKD;@L`!*O2CnVDBmNiW#=;45+ME`OG{B^LwxVH>~4*_Pu9j&6=4tsmj(op@A@Pa+*tp?djQv3~xrRgEfW6 zwc@`EwQKm==t|MYs za@y{VFbWf!|I46a(Od={t`L(@r4FFS=`oFy|3;8~*Q-gCJkW$FC&|hZ!B%3Q!WJeA z3w*munWU9#6u$WDl>_b_Zr9JOn`|<1tP;ns>mLwpA@zyL`LwdvRPO+`mI|WqQX4^()GXLD6z!GfR?~5i8Y)(m8q+}!h})JnZOUep zCyN!C9o*n3Zrg?}|TPpsn} zFc?OtxC`ZmG76L-DZAJ?Z5h=#y1QJU;b)KH4eagPpLk#w*q7eKTrI{=Rt;Y>8bz3R z+A)u%&3mMW)58>8ZhT6FZs*VMWjLV5P(=-@>LwjiDRR-rR%hk1w)ehrx@pP|m%|t) z9Gs7%5JHO{c(77cUDBKvB@=~I=4z}-8h6YyR~xK;pqCiG?}G|&7(=Tw%v~7@eHN+- z9dx@oWE@aza%N|DC3?G4(Z8`CCXHV*+2aJ z+Hk^aHB|w34%l>vwYGc}=jE{j%ovv=0(L2bSf(8Nj_u)8K64widLuo32YK`6ObKt9JQVkRLj% z#`;@M9|N8V?kAVuhe3}8f{K3wN=Vm=Z41e{h$>I5gcUHR>R$9d<|(YB-+FEk}!@DP2}kbea~5uEnY4`-N`^ zNXqV3ZaAQz+loyGOpy>_M1lc=O6oVa+Ea7%(eHPdZ-1DjF>%>i4D@8VeV`38ZXV{G zGQ<=~H>LbZTF!NzPJ>2*szwp^nY@<&t*qsA)vI96$e%Uho&R!4$ruD>`I#7et%vaw zk9%o@|4McSut355TbJ9%g;v-SNHE-^8^)#~Y({=U@y*GSkz!npI$5i)Cu z6ZYK;XuM*MM$5XF%gOIc;3Yr2zVu24oMSK_5|c(1nke5gAS;3Vz#JT?lWNU0vpE-^ z?+d|o0vx#Y8k6C*hx?LB2f~$tQ+rfOy#3_pe@^?f$%fffT~*>oiINU? z3%VFnsOJymG&HIUz#2jO=qL}Dhdu!%{ZL6nTYWx5nGDl;bW9#RMa_>gnVPIVvsPT} zA_S|r>mv_-HE{EK(9~F?^l+z;@fZA>q3pfUW3|s?kG}|h9QdTV(Ml)Y8aC7!T95@^ zP3d3qomDc{=zsEM>$(pDZt!gGh(`uyyQ)(?dWFHWSlG_U!%9j^cJX^}{syd7Tn=O0 zv5&=BG@mvX;ZU@Y7Kt9b#RU2uB9mr3V#8jtf8jiNwG)nyEzB0ibS6C)p|0ms!!Iay z*nFC_*4X#~Un6%jI$pc~-=_oi0bz;m2c`TBzhutIslYEtXFV%*qJYM~5lqmoM0aXRiq=M;1PFE*L+EpY zje=DzhAse-<~dM;_vT&#UWmsJjq3}_D$vE2E+~3K#Pr4)OSVRU%aMDe=mSrf+O*iu zu?6$K*kVh=3KW{m$ic8p<(`O;6kGf4!AhbsaV_z9PZXEf`L;R+6K>Q{jS%+XibLV& zWiZBL-^E{rSH~6#ox3YG#-a5LB*uB}ZLJk5?uzSOH?RZQ!u+jMq;;rprEW9OI|%dg zkWtD4>xq8e|G59TYi=DwSj@Fq40+3-T|B26ATGhf#Q5M?<6HIOmw*wLKH8jV@1BXh zTAt=)Goao}+xs;)uzE%Rt6V>IT(mzL`UU}%@b#?5oJf(vD(Da&gVXen8d%s;414S>h&)a!=B< zWCXh^l;4VQ(C_fP79-E#fixFTV??kzvZPs!W!-)o=1d_gulf~ru2j;C zK9nW|*XkNxakjDm{Sk;Q3|pf-`FeYP`t<6XwMOE>4BNM5$BZ33ni!06?#&|F?n-Z@ zSgtHVu!#gExS=N9| zV3;@cHV7DQn)H&kb)(2}(;+F)*nNQd(I!Wz78oI{mb#tk`bT}8i$= zQf`UqwrQv+E(-I0T)ueZp)8#1s_W09l1TU=#on}@ntg@!#1lrzWlztscG?hO-gJ+~ z*+4T|#oo6@`%AW&0>>z$5c9sUv8iOL(qH&|3V(O5^?80WRsKY)WIOFhwEniA32xmWMPN$ZcXWXhQC3h!~`gnrk=dSL|Pp(Id zF+`D#TpsJ-GlZBbLCdidqHl^jAM)hethK%AyAGAQic8f7q9z)5%WIM*QYvAPC+$Ta zXvf_OE$ilu#%$VS8~^>6#-%OWnl$q-(t&`uG7!_k{J)wb{gf+#c2*w8MulPVc>ipj zDX^>Fm@kl4%tT9l{gdbx+3cl|mcVSfdn^I7FL?^=r!k8&4L31#l_#s7+~*9!G@2rP zD}-<~TCT&i#{kQ{q_%9E7Y04|fs1%Vau)c?|4ps9I70o2;~gjTei6CeU*q6SDZMlf ziRJ7^%)P>4DQ)+KseBUPlOjZk{?Z2)8z+RqSp`VDyuo_&JS4D;fuX5Bql;vjT=*x5 zYIvOq3Wy4({Y_)UT&>!-Rep#bj93!mwE??^%2Lrn@Yk4NR2k0_iFTVRz{+VJ(FWfY zVsm+$B+gXPM18Ee@Db!y0bbSrw{Nng$6pz|z^4O@r zK4~xxzx-EP_vpkFSch@|`G*OHj9sT$?j;YEnz@57;n2__rvG^0*!xPH zGY8`$yQCczO5c*L4xC-} zuCRFst@HbNSU;$GD>V_DiXp;Y4Ey}*soCVyB>7s4|7)G+AIDYus!2F^S=ytxr4r72 z_I)yQtea8vgTi29=^-wQi9s7V2ZgokkK%O3i>Cku)yl|-+s|?Pia6zhwYSMAM^MTO zLn5&gwiR?#mBk;=WamHZenyMu!cNsYLmYtVgchmHc081LjnmG6u~dXgmLIZGhUhH~ zbCryL_TJ*whW+{I?W@nb+CGeXK*U&I`9_U6oELpf(fVil0oA#=^@36Z2%OCaTroiG z%O2{zo}W|sG8%WrYlUR9US0xzq25SYf zbEj!g$OK&kh?+R0S_kK&8>Hd5SdNh-b|vX801a-3OG~hxCG$9q2aBLcuTUuJX#HF? z35MpYIipV9fljp8=pCc&)#E-cq7N!wl-s>Lg2fWTxQ&+9*H=j^3=E9d2}l_6%mgBG zD|dP5S$+X59hxN5crDc7#6ufl9cc6Ez1F+OOF0Z@Yr&r$MQWKYFKA>)tk+#QU(Unx zCh!{#M~!{Y3w-+@rBzT|zIYuH4yE_z2eAg9bea0$X?@N=i@mi*-o{Ssn26HJM8eC^ zRBiZA>H5^CuuWOdB@lzD>B%@`5$si-^0##!zBF|mA5>cZq-9r3UFKU36|p2Ytkk$% z#iOzJKJ%@=5B+21512>##f2gPnIvo&TpFvUFY1ZZmpui2lwla!Lj;@c0Sy{&NQ?dZ z`RvTA{s>{vo5iV@^gkP=6M7qqKJqsNWvXu=yM5Ln%X!~F98>{3zd9bl|AH@&1|Yz# zVqQsfQpm!2XZUsHx@Rql#eiOTq!*sj;py$U8YnCqXB9)$SsG?M@2=B_2k88(f~0 zj20TLYKgn-XX?2v^of%06PBUG)WCNj6X|>bK1nCf0%FSX*m;OT;MbpBOmQoYS zA&%?kh7uV!2HCb1L9KzsqQ15o@o@1hXcF{)vw2d%yAd)Oj5v*#plYKP-oL|q@c4c> z9S$LTVYsa-IO=pR8}{@MBb0I`|?>5Xgt*|ay4`f$$lTs`eN?I zSzF#4A^y|zyfk_py;7k|zs=4aU+dnOPoKP%mVCbTzM?3gd00;CDHAfvdLD8qLkfYm ziix<~@x)G@x)>zk1(DR6cj@{{D?*1>FF$9{a=3@-Q7O*X+P&$ss@fswLtB=!<19M! zJFXwH-?6Tc^9`d!$AHIbLark!aLj>uqci7r2FJPyF$R^9`wt2>oNs}w3+Qlw*9pie z^v%hG;miE50)AL|d z0dbkXy2-brSWw@P^HsSMh38X5sbd=w!C&Q)Tqxwx&=Oy3RP56ZiS`p*9D3iLD5aE6 zG5KBkUOnx7UVn2UW30O96@-Gp?(|~YG%8KP1;s{nJCK<5>(Q=lF4pgW{7w<3AR--Y zE6?~s37hdvH0QfW-9G=4rU|ZIAHqxx+KD4k%94q{;ua}x?-oLxve#beXX1-frHWww zu3oB+s(?%$dx5!NJ%LbEnefwz&6rdSEC0vmpjW|YKRme1A8~sy9}=)0L{$^?#M@R* z1}`q$SZ3(YUw%?0%o4eP{gXhb^0hQ^5pbRH@B~^srkZ{@S=){C6!3I&cKj**xoZ$A z{;SEJYKnhKE-_l7qoczOGzw*MHSxO0oDvB!uF|(|is?pg9!Sq$> zP=9#;S|@xpGqx!Cv@GpE~@@x`i;b0*&wbuFqv<3PR5mq?i~Px!rvp0`4LIMyF<_JIJ4zE#B7*=gVL6{j~tLJU)FU*m5yvPTDy}ClbvXcYHgmJv}>$NcDyOTs&vL(e`@i z>_9pq4|r?M!hAEb9UUHTm=pVMt4+x~I4zk)$0~|<9X7@Hb@*X8F+g3!?lI+y^jCMH zKC5ANXPI5`r~ubYvgz8;36?A^W}#cwlIDwY&}>ilVZub=~^zjPB-Swh-tyls-Qs~|L?699v7^v`r!V- z?<<;I*ae1(LKlnfA)dH7W^3(=d6{06afyjz{{*ax=wrHq^v^RazVRg3r)I{@BP7FF zgH%TY?TRfzkH=_NJZ+XPFiplv{~OBVTkn#`siJizIY3#B%CY&y>@B~Z7*?}U|2sbO zauh+$E;@!vgz<`t2Mp{KD}Bz-e7JPfx8ypts)=)_8dT$6fyFHE)2J1bQEX-9q{JO%^ z>H?{}_#4~0s5A-z1;cKFO+4cdou(b+8mHQjT?mz5aVCY^lZEG zpb`l66j}sN7%PcV=QCrsPX2b+{M@>FH>Ravba|UwZ7Bx5*2a_9)`EP_ShtO^gTAAQ zYk`UVsNd?Wb`U>HKCI&K!fw{<*y7Jp$2q)CUS#hY z*8!i{KD;L}5jwA*fd#grKsZN+%QMIH1cpOB)EwG=&wOLZnjrD0Rx3^eo5CP8ur>;R zc%kjS#_e|fRe(N_hxDjRNln1*!S12@54X+>84ahX=|N>rsVy4x?-?WaC~3iJ`#d$C z(qJ)MM;VrWDw6+P3F^H66RbFbzJMRX&r>fA-lTK5`h)Hv$;(H$Ra%oJoqG?o`RBIY z#nWrq@*}rSPWAVG7}?HfFwa*~`M3LH70d&J(ykLX+z>P2+41p@la+4{T@;#vZkOVW zMf>f#ExR(~Z(GN&LACcw^DaUFXu{{hv)l}pGuy+lCe zm-5u+4-OlOs-v$I&|}l9HUo`dcX}CawW=q#^>;h6UlW^LQi9kb5{q9`c(&4-?u~T& zeCr7VV|ojYAY7AfjdW$Rb>_ckDG|^eJ8w(}BzQuyNBrF_-u4ug#V2DMVsn>r{;*^p zWfo>iGEQ=5jMrMq!_r#(^r1WF3jq?&DSNA;sCtoGe>fzr3*9l(tt(){`gKmAVqX~j7z8N zMCHe<2O(a8HomU^$ritg#=%nGK;So*DMHeMWyQi*+Wy7yC{Ob*ItP8Q9>mO5R= zun&-={%*7;OQ~mXn>0l&5VEJoVZ4fsTd|Z!s@*LrM8PX}e&4~g@ST%|RHKL~%CUmK!8g=r99_eV;f8p~85#PJXBXOJ?i&Hj3} z_kPKty}*C|tHlr;v{mr+Cl^QRMT_84Un!`cmjBHdtab!LTx){LM48o{%lmecM>JFa zM&l2l;6QnhTAvr)`ZWZn(LtJhq00BxjlLTRC`d#Y(;X(yyBTwdeVu?i%NqISk2QK7 z-lL;sGj3*#xuN3gs&1}V;1MQ$ik&O>J5zo6(ug}OP=L&{^+VeXR3PbjPrL)q0n?Iz zwFu$Yf)8mAyd<8+rGI|sokT=CQM~f~|Esh!tYuem426V!EoeHoic$ZPbBR{ck(okO zO-$XUo-qRECKPDD#AUdP*wBb?N-PEPG>s&L#l;^IPRa-Z5hyTNqR(BTO_L#K_29W) zXb+}8AVVQre;{lRhP;4gXT2==AMdbm?H16Y}+u0siQgFzj6iv`*aWKmWIJmv@ykV1t z)lueB5}6c*!E)mjKM8-Ss;agr@0>sH`&79cYjvPBJ$Bu8eO;dDht zsrZEcWB{*Em7)^k?RVKM0()ASxmrzx?4!|YgH8ky9Lu9;R~NT9`&pwL_%U}k%;jt7 zLr)J(t`&pyzcGxDc0D0S>N(uiBMo-gj3JdgCJK!^WVEge#tfOyrU)9+Dz-K!%l!T( zlL#E91s>Kmwas>wIa6~8>4%f_aXKeyYcb-mT!vJT!m>~@lm^E=!$x`%n+}cklbH2luvjdo$$nZbQZt9pu3Uz;Zwx1y!G+In7Ea+hQwT!t|*7n8Z zlr7%@M)w*?BE`;LScbBVvad}sIIj;G*(6hSPR0SojlqtBlC_e)( z4rv(!rI7+cJun7oVl5%7Hx9iVJ{?#-$O_Jmr_aGZ8SB}z>6bXMu0{9^F&5362xyTh zYTkpY;5#@tz)0f=<<}~jHuqq$FLe!8xMU2TV#eX}WL(Z4PgJMFIj$hx{I0iEd}&Ai zllQ!dK{Z_Z?b@tMDp8@SII1!3`AW_&CrG%UF2uOxiYQLuvV-SxfYL5LZ{f&mr)(vB zcv(XKaoN_a5WQIITA>lXDyQKnKJ`yg2F6Kzjr!m+pUe@gC;I+F!$Ku*wdP|jj*7xO zByQ_rCv(%d*r}M)L{1JVKs2xa7j3XM4X0Ctjg4H!+%8#Rk)>YFfN#8R;9wUgmQ>m&Ct{M+R^y zYW}PRXStb2PuI0*3^+gWe~Zc%@%7t3`d6`26Fwolc|0Hc3sq89MkOq~IvZ22 zQxRTjNX<;Zrd9~Ys97F-_Wj?BPr}OnR8bsttugPJb`b~n_;R>jOp{)^{F0myN|BnU zH8(whj<+}OpRFyo!&wH$eCGytSDN`zHK3rT%QgG@kzv7B(nf|?*Nhai7)m9rv%tt9GxXd5ED)#Q(J2?df z&Sx`zKEv-%hM}g@T}@2Fy_5@~GFHu%ZC&5zeoc*U@VZXYcg+hgb_NnFwoZv0)5bf` z(t{YQf9EI`HjJSG`&rFKZBNZEmKW2w(bhXI7SGN>TP?@Os5Wy+Gg7t0NGn3S zQ67b&IU!7@_Bwb*E>~UANxxjsHdDIApK0m~M6puA!@)^kSs5b&lRRENg?6njj#M;& z|K@bfz!YN*Wu3?Wr$`OD{F2RQfBBFw^$y3$_nEp13egtAb_R0?bqspWUP#&GLW^eq z3}A&(tdGHJA$kRuKjgV@4)+1{);t^885vO=7e3TbL&e9-j0*i>1u-uB!Y zn7Z&8$Da%H)!Hsrg}k>l9Eh6Ibr-%&&pV=gkvVWOZiSIe^YYqqSP_>(t#*o3D9Ubm z>40IVhHvEZXOyl|uWyfUo0khLj?i&kCsD(sqB@Xt%rA+XFH2&42iWQ?W7DB&mB&8mMW!gV(>z z{hB8fj%H%rD%499sq~g*R^Hj*$&+%|xT$AVNLil=7|1M-4=+N8iNOpy^}-R)GGM5^X&i zd9ER_XQj9tbg~PLx{P# zIb}S#*eSaL*xFLA-wg3>iNR+h>ZxFG<71FurOiU=`ST%;bvarn^FsBsCLW%Ph=ff> z0{MMvVgB1h<{xO7n0!yR@b8?D-cy}GJZi_LY}40>9CL(x#z~yPN75U#R6)N>W6~MC zI+)?Gouv3NFi;@%`E68eEcb2iA3rDBpJ91~NTP^2@?N6I2m)oE58Q|1=LG>y@JSUF z74U^m%W_E;WBu9VFk&fJ=zOwiTjGcz4gJ|{@l2S;9rSv*-u(X#&msC>yanf(VL}Rx zqMU6eQ}N7U10MH?-pq}rtsN|vinWqH*^4!;_aR8Zjq8_JqNww(eMl?A@pQ2MPeI1p z1YV2f_ny0pty*)9q9yhuGdR#1`=uE*;`R{qjbYilcv(O?@d(m5s}!lW|S&*E`&DJdyvWSf;=+K91)dM`kCw4-$y zVVcArA+yy-U0t07Y@B3V*6l5&T4MCRc^MlYAN-X<7c&~Xn1TO|8DU8BY>h?13I7q_ z`on5ZSyuUfS&}6n8SsCx8Tf{DGzkLwxNNJW? zP5qNE?b8xaa6)k|z8mt>R$gD9sIR|Y>0N6zl7-1vHj}~4-Y_LqvgOUGpgdZTaQKU4melw%g6IUX^Y=%*YoOE;TNNbynRv zC?E|473{MSh!1RMf1#HAaJC}MrTZQMTsvOWF7K1&*Wc7{vJK(18m6G4f(5FG{Sd9n z^AWc1{DnY6^}ZZ9Ex+r-a8Q&hvL4GsLPeF7kwF;G6H5TkW%}}TzYE2p1;LrGF)}c9 z?0z_8x^xjlNp;)#$o1BqF9|kyFV`OfpUs$iDdjDV!e)j|Zg1D^Iw};sUIR5*z_~={ z?Yck4WZ($Px6PW4)A!)f)oKg{ip$EjMl-l{>&@YV?tUYB5MU)L=82Ma`QIWyJzeJg z`!ON*FIJY!7Y?16R|>?~8pF0wr7Ygx;HiHsHQJCWGjPewRqDw8dwHJf4)jlD(!l^< zrPcG`?R>3C0*LfvHsjfD!EJ(Gho<*`cXsv8Ixm$y&(=x5Z3GF~&q2b~ie!Gr@vZl; zd|UlPkOEHs4O{meCDi85SCc^y;?c0|7HUXeBYUY*R-xsu7YB;ROEELYBctC8uqAD72ioCFiqYwko#&Xz<3W*O?T&MKTHs}e&MAJ1EglDvN` zmYUF$j%w4_;}+tKR`jLFXz`@{{$k{oqO7HW(&#nny(r?vpPSiR56h%~S3RL3yW%Z; z%u#>j;#fAps=v!+|E{fCuxvb9Nl){<=Iu1x^KyVHsjP8==mR}?S!YmDsT>m%6S4{l zDE13Aandn(865ZE+pt@Y5^Om}gopo*Bo7kb8BT+Sa#*Mtki-8n)C;3VL&$7%ODiwA*=3S3y(c#__10gpPj zEtxIL3;V^occF_{lK^0DHyp^r{k_?8limJY<=1*6 zR6OP$fWoF4tUgFdO9N~J{i>r-rPp}A;__V}82whENG9&QOzauiX{ANF&3z{^Gcy{j zVBFeD5R>WfK4CZOgM;b`fkk9@-4vHi?3A3=9NjKK}{(M8MU9BI^_WkKC$R4tNrlzLgb8{vTpg=en z3`fO}7KzNlI$LkTVP2_Zie)N8OjZi4qq$9`s));*wLRE-E4OIppT$}b%{UCd&`sLH z87afs(9obrofCfSs6H^;sf4>}Zaz!Pz<>-g5@4{!TVBBKI^F0$uK68Rw_eX1yuPE( zyFW4Tg(sb_){x2L(C&AByXt`{lR$Qo?*oU3Smd@fXuI0V@o;;V0N~&|US2$4inhy5 z4C{fnMu;MacRKj@z`+z4clqtllws!j9WrDK`~Hof931Jz#Sl4_hzKbI0|S8=Q2Phtn=lj0ReD_94)bVX2FF?sx=)=QXWc9H-LH_{|Evoi76Gm216$XBz+DKX4xhH|k;M{nmG*QlRA?Z2 z9nSXtOrp9NW~wz^YOul}Yc-xJQ;}V3_d-36EMz_DeC|VKGu{4~1aGX-=5D1~V@N3C zez%fpN;5em(UPy$Gv&%_<)8Pv zO49IVi5MBn%B z$N3RJvXLV$|T${i?wrQhmW&_9TXfKUjG#&)fp zr&J{`9=OiF*!y%23$)3FO3e!O{n-j^;CcTOI_t!?7>s35l^U-EP6ysm2OP57f{{;w zPOb4rP`s>jTH)pTPNR_810E@!E-zr(%taxMF&tc#0@(yIU?MKihe?9%Go?zB8{L7V zw}ut!G@1}iPKv5f;VyQ7;FjhUsNv+^mMNiJl&W@FoltgdT-c&F{4}}5XVSc9JUR@pg(9wPX zxGlJwp5BME$bk=696b{VN1meY9v*JL`{4UsPJyj~;j=fgTjju$zvJMTf=)H@KjGnO z8A>3R_48}jJLcfvX#IFm2%G+Tq$(oUslHx0x;O{RwjJ^K7%ijP8#phC448==t4aT8LwGh^W9bB@Cin09& z&^W{~BzpivHoB00wpTonP6Frq6b-mj!N+9Wd(*>ZE zRq)0@4E`HzY>myJPUG4)FRxdm;KW@_C7XYWpB&sVIXOAk&El^nK}+0(HvmVyJU@=< z?(FRR1`;9gryU?Re7qdv8{;AuaR1@c=$a z=`8Q7X(f#%QT}Fwk7@zR%AM*Mw$ua?)V2jAOa~apkV>-3n?lnmjuKB1vIIRS!zj3A zL2XUlwt)Kv4$BtUn|LOB7Rpr?OsQ*KPm%ROu9+9Y{t1G zlZUo?ixNcbgT6Z~uy$UK3n7sB954P4B8G;AseN-c@;sVH2LuljCl?oo|BWLY0)qKi zCXWm{4J9QE2-uwZ&Gzt6wks_xl$4Z->FH4b9u$G-_=*QcZ$&Ogx%hofvnA&wgi<@M z4eE>Fh*-e7K}nF$PS%-8USw-kPJJ#$Euz|SFb=hYrAsVOEHhcGQ~ux<&xkt zclr$pgt~4XZ)ujEum98<(NnB#=}n2ql61jvTXW3GNo?#%>%Pe1l3J+K&dHHkAt8#F zy{(Goop{z(+eNs*&Eef*Bo!&~313kLf!EE+KL<}GQcZNIa!#D1nbthQ)+tK)>H^A= zw4)GZR)I0b?gG7oKAbS^T4SUA`>RPwOhWlf5K|Si`QL~=ox=hS5DI8_0jxij#1ZuG z`SuMsHsDF&;NgES+2rwP2j#MSWBS^TAlc{pIG$U)vySAs6yK4hA3b^7rd^{_IK+*-Qtb zap?hhIsAns=Jl87o4xVZ176dez8(Oz_B@@&uyyxV{qA0R6Hbl$(% z;zSI!S@PAmuOCwkZPVoM?A(On1#vB>0nCi-)`WB*+M)WMndJa`@dS zSq)oFql@nU4?wO|YDrB{+%OxbV^2QDo6H_)4gH*NA zTFD~&HN5~dGf_B6sNxNt+F0O;MsL?(sM*PmIQwyFum%2wy{7Vg!!Y_nRFYF2s>Uz3 zBZaCB0|K7JjS3H!1(wA>7y;VWQUbEeiSbABjSxsrQ6Ygoc@Yn3ETn?|Kcm&7`8Qd- zU&V7X(h?J~03VYN5K<{pCTUl*ScDO5|9+OtXht&{3JPbuh?s2SSW{V*$nW$E6-&!v zU-UdBcs5&y43UeE!ZJ&zGPS|MP_Lf=@TH8UW#50u)?z%)tBY{KEsjf}AT|5xwgF%n zU*7fgf{DfHYMXTxAb_Jma$*Lm73qRrjI2iOmZy5P-`4$5>6EkCJsx`z$thS_$IT`f z*f%dep1(YvSpdXKyD8c8IL5b;e!J>E!h+$Kn}hE6a=)kK$_z4J07N}HOF@>2goY-S zBj}|H@Mz?T{x|2G`Z;7|UrE9@S5*L2*9s8Q*aRlXLSM7U#pc*pwAU9O>?$TE zc6G9{Fhy0$t`IXlceqe%vQJ*4BZv=G=dvN%`FEIUS9E%M`W(3MO%SdzAPreFDOp)D zukd&l2iLpnVvv|tC^r@zJxG=t*vPXwqI<8Nyci`7DGMW(!o---%_H<3q|nv{zY;1E&% zyBCGD?wcLY{}M2>J{mP z$J;X>oaDWo9YSX=^oK&}nCR>g0L3#V%C#!-Uem|d^xX4c8h%%TK{X^Kq$c@C@d?&w z-H4zB^Cy*ja}#DD2`%{PrSr439XA(%z955U`rD-i(R7oW{wwJFm-;O>_SogyV5hbA zxk;X<=V!HgbLrU{qm}wypVQR?Rf@(6T;bpr=QVu_t?_c|I2?)px@11qL8OkROFp=5 z1l|^aj2pn2yOoU>>q56z9s?-()!R-{W{dc@h;Ok&z0zMGy#rx=>|yt*Vmd|euXj$w zsZ|_?+b7#IqO}f`z7zVSEGl;@JNIURmYnImx<*t#wwvDt@kxTH`aj1-^2cWBKS~%B zMgl5Qa3WLsw{YD{M6{CrhoW)xxuDkCJ3>vlqOJZ3jWmYPPv6kcDm0zrh);5{9)u8R z?nFh2=TbDC65^9&hMb0`Ti5^zkmZIjS3e4T*!%Y|z6RCYeEt|*@iUbEitblnY0Fr5t z%5o2^(tP;hx%P;Lp-QP!3!(nIH#C7sD!7ehxtYr!aOVpB zF81juV76SX|LHp*(H4QqThdJnfIEX`%@-1Cj}LzM4$uNBH$f94BmDqlj6VO(t~(h3 z5YY`7<$EXOT3AF3{_e0dw?~nQLx6J#v=pl`p@R|7i8cX6B~z(gt(e$zVop*2%CUz3 zUdw97_A^8Gb+iw!HZSV5>Im#2GCjelTou$R|6{|^*Vp&qM8wSJ%eJ}MKXiB!eFCK= znY0Y*IPt8OHY+;0sX7{glLZ<&I{Z!V4!bliMudlvF z?`7FRwrR7?cM`ZYe@V^DJFjLak7Ywl&2ql8SXx^82Sl>LSEj4kL1(tw03QH1aQSTK zAh_VX!o{8sR9>O`tJTZ8V2d*C4QySc^Hld}!xM2|nlh0u`LEYV*3qD>sn4{yu?}-E z4DT*(Ir9l>(!EC=zixKksDR(}KBI`Qz)N(n@vN5D5bd1zFXygO-@Fqlp>boYFef}q zx^`sN+DZy`=wevVx|-T|05dgLpc zP`M3AN8yXD=5|+>WIO8fy*+e@%NP~mF7z9>wHFdoQ#E_OIBZHR%!9p**7mB-+sDn} z&`<<+rfUh_`C%6BC(ArT6T|>FfpCuNx_Ja#+@=j9#I*=N116KB`KaZpJ>Z^G(C5^U zLej2s!-x&Zt>~7JnAl&kc1AIL`o31?fx%~v6M@+@H?`+%vXshNJ9zUyMb21YFxNOi|lyQ(RpLLUL zVgajP2#Ax9n<0p=DC1+7v0^$qG$1s&F=XWAqJFLK?CxepRh0(M+37?|J=!b=x^vI; z*wk~8A4VPho3mZ{TelFCxh%6hX5D%*zP4}T%@PYX9s7&hHVO&;tBTAQuFf%1Lo{?C z;df?yuEgO%kSEan?Z2x2SH32~?LI8p1${gI=eGq|=xUpe&1RY69_mi#-OGQ-*eI%>e&X;4 zK5z?q?wbx)0(vU`(!{Bog|z@3X6-@jz^9^rXWnG%>Hd-yd#yr)?v+!6XOCP4B#X+w zuc}_o+kQ7oHgV{nHi4PzyGsbd37)U7Z@GF23a|6(ol9WQg_j5LWe|koI@ZD)%f+`D z&PtzFQQT88tEcGTZS@!JVM&Mtr%^u2od-7yAz*jbO+>7bL{w-1i~i3Jtk0|va2tWc zBB3YGjacPn4v?A8ZLQF^onaLD=0W+MplPC$)wzR7y6!p!NI@YsKd&G$N6U&DcT zNHFnz1UQ@DV>fn5D)aB|UITB$8!;s|hvl49x{|bV&IBi2I>q$h*P=*4Bv~I|@)UL4 z0DlA6AmT_`YHB!;gMzTw&{megWm5<)b9}j8o@n6tYu%Kmcx{@8QZVqrGnK_)zN!|m zuf)K`dlo-zZEal~)qc-BgL~0()h$yd#lEmz?-a-ldaxTZlc!-6>L^yC^a?sIH|X;F ze=MDMAeY_y$BpcjjO>&WqR1vPGP759_9kV9%#3VBWpCMgOI9e^dlT6tgo^UJ&hz{J z`#j?Fx$kqXbB*`=bq)!CPJQa_{Rkb2;Q3~6`ZYmTR$MfwfTEz+8>U8ElR=4zi9de( zM3WZxbWA+0Y~%GS9TJ_BbBbDb$UXn>VZ`>&-;Vty$?6_1@?bfhlPI-%Il5=Ux1jU) ztNvJsZ_?+Ck zj6zzwxKp>#6^KLh$`>{!-`Jjod&icp8k&3Sk z{LbMx%dj(Vwm6!G!NLD_LJ<1r(66YRdcYKe2fer2pfqnWx_!Tu+`jM!#kv8ozLTF7 z{G89KohES(u3SO&Tw)ms5MmKvHQQ^M1X(Xkk6)#=F zDJn{jnnkGr@1OGyD> zOtu9-Os+-?wTU43PgdJfZ)j*qUB8aZVE~)kMlQht7ZS$Nph=Z zJjaCZI!QTsqjMy$c*>QgB%9eSe4!v*o!HFg;e``sP472xahTAo78Y@#007>=Y^8M7@>N=uj3XpWizHy)p=O7c(+8CM$W6SPbH> z6~;acrMR7Dg@~E%OisS?{@#Fx0QoRZUEJM`K{IOTouKg`78ceI7`ZG$*G0z1=MINX zu}zon$1rmAC_quRtyouG<>=Jk4oM^QHmq)cf|d&3yx-X~3oEOo+8HNa4n-&0-7N73 zjQ2$8)1fqiX=mn>l^z<Eo2M>MraBzufOj4>L6q>@^hqWm?dJf)9xYqce zvJWb0cWnE^P~HZeH6b`mp2OEp`oQlr0s61FloW?^YQ}zl-DaO1&w=)XgH<`nb?#61 z(w5)#`R0N@{*<^FKTT>@Zo9Q__jf`!#AX-Y+ku*g&@A&QF=1|Q}rrgcN+iPMoC|FL5kN;+KYI)1~U&?W_Stp^-k2X9~ z4pnHQsMpwOcOO@IJA)KW{P#DCWnw6v2sGcRbUt|aEcgY*_4b8@1?|qy%X`dRTz#2@ z7ieh0sJZkrq=E@iD9UEji!c(#bIORrxO(drSf)4~*7+S5}A zjqFj%9KEdu1D&XSqB4zKMNlpY*)69o^}qha zvH{GOLJv^W3O*0&n&J}@1|r>}Rgn}WOLs#F_WGCsK|ED(JB<=r*cr zQ}%Lra&X?Z6J>R8oZg9bzOh=BT`~RY9&i3M*~i!SMpwNzdyCANCc?*c*)sCD%DtDk z%?q^zL}KZTs=OPyw>};7@=BJgB$Q-iFh36sO~w~Xy%5uF{vGy4M=!w+g`)_2V0BTF z>E}wenJd+vS9i#1fr$a22PS7v5RI94y-Wm7O}&II!6tLq2~9YDEk3rg&A}z zO5KPJA58lUM_GM4_{|Lm@Ie(s!LKK~E#1&^@P{=i8ejFR!ToMpR^{cR+|ha1vgUB; z=)U*lxoP}9thku->eZ_zhnr(G0uD6LaC4e}1B;j~1HQsr=tfcBG+cLf;&@OR39(f8 z2>&E={b|{Q!9l2LU04E^0u@%;ddYJ*kgKm2QJclT%u zW3^#T`alOo7g}ZWPuCcwaXgwJXJOE)g6COnKS7G*OfbCH+-9H6@jT8e#H@Ha=ESa3 zx1O8arWGDiSUD*nP3A4P$v#O$7!?)@CgVcLBe&kyAT7%qsj62Ije2d!T~2TB{bJAp;=CTK3h&sjtR^oe}Q6* z$8nlZ`b9atI2^wdNPq%^@hE7nwt^}F&Wd(e{3IkD^Ere<5#g-g*4E5n>7wpEYU;vA zfB)~#mgl!PIpPJM`S(vJD=mrs9PLCvXvu&r^~3W{SWHYe%uDv>JQhr0xrAs~V~4_a z{#sHukJ7ZkEE%HbAt6_wwQo@CfJ7P28^hPIxAD&rScH%=hQrh{8@^Uv+}G(EdmgB_ zU}*IAieFtrO)|w}E|^*@K^Lcf_ru8#uo`B7dIRdy`X?)dNJTR^sD_3DC<%k)BpRaG z+fNUnH-b)D82*~V=SAsQma2wB{P&MRX#>`p-VQ%ny}#*lc#b#Z1u2BHkQB~6knW_K zO`>ST#7KU)MQ!9}&${xOpke-Nc4vU$aW#+rY44g^d12y}-1hv@io7Y?nYWl~^fGGp z*3Q-Q$_YomytGe7Fv79Me*Sbln3Y}HJDUx4e?O6Bw_}-=V)=}bk*!an$XqU2DKyet z@!hv$tQK_if}X?^Vj`p7D;Qh9bpy451t;`*p$#qz#}7J5h#5sFA=3Q!`a!smDIJ=n znl7Gi*l_y}6Bz{j5U5;Dp|Dc^O49_(bkI54Q7X58^ zYlvaLK%l_r=HWEexIodlBKG(@S~U>gM8=s4%%@#m{8bTZ0R`(@NKRl|g~6(zzxED3 zDl??HNc{rin`p=;C}U%5*EYOxzBwIUVu*kbkDC58Le9)^D)~dupi);?M@u4(MXua) zZ)uBzq$9D2@6CI8evtbm zbp5}-~aUX~ursax1~R z-s*@s^nH% z?wWAJ4xuXA2OwZWI6cGA@D7M;rH>7x~9_fkd%&uY7xp zXpB(0ZjPz$AbBzcQ7n1$`^<%e?B8@}h77dh_I~@|s@X_#36H@SSv46m(+^Y*B+@?l z)ZY)gF#q$Xa*wd+fIxAk?~oWn+*y695S3Ydx#>gUtRu{=rKF`vm@5*fl%~I*F?>&A z9}c?B#)glcNnYDymX$y}PI^0a+TPbUbYe{f&qloHeQ{GSGpY_J{)%igu3pr{tYBK= zDB6~7(csX6l<>v$6GIqJW1gIQaZX85aw+K>-Ri;6=L}LmGqWsAyKOn?A2uVK_{6Sr z_B${0oP^VTxELd0Xd%6@{NCkXU|=AO2vA#?kOh!X#bhM9M=r?CWcO>Tsl{TR{`>bYq%c>HYMLqGij^aFD(Uwd zxS@Pi+2*Qh>8YtvQ14W={1(eODqq0E#xXoGJec-;Wxl%S*(;WplS7G5y3X`1^Ac37 z+x%k`hf}omX6a0Gca!)V)nn~7g zFa*K+?qm?0JsqI_BN8IJ!z*lziHQj>OkPFh=HTc^AM3?y7t8onoK*BpPiFcAPK}*+ zLu~(Ps(fx?xo8MOhq-njWiR`$n{L&%Ibxf%$Zp`!RXn+`Y@3dW!+LZMQvx;v3zu?t z(5ocK_DLV*n%JI;Oqcnr$i$%U(UxAI#6fm5%D8EW1g0XyVMHV({LDJ346;86%xc!> zpk?~$y+OQA#BGHVlfL`#tG;?xDJ1PH@#`0+XJSYd2)O6?-*Lq05HWT&u4lrJ z9IkPT5V&7X()d^HoO)nGuaFSFQsvA<`HP&!PAB}h_2eB(ewQZwnyss5LaBqW)``Te z$k$Jrv0Uo-enrVj&N*nA9-F!BXm{zY=}!2IgfjSPcWc<{$WAw0iqC!&6W~s^#t?g} zbd!zaqS9c0`ZW-O9kWNp*K*#t@kMBVIzyE`9@uEn$1a8&=Qd8Qt*q$i<=#nc?daC4 zT#wMx*50r5zKQfP(4w+3l7WHZcD0p%1K#>aXfDtg$jr2I^0uUV-`g75-VPTR+-RJ> zqtQwKQ%UVm=ER|zk(fSZ#_fswYc2MoU`v^wkp;%hjkbmar$q{B$$y5CCI`g0ITE|1 zxmvcn7pKV$R=RJtjuqD#9pv71c_pN6u+F+}*3y!{Js2fIa8`HwO3U$lc$wMztq_k# zgm@oIq)VFj9$Byya72)1?XUi1ejt%!tH(qasb%k#xH}?W=9^y9+b++2U9T;8b73Sg zGtvUOFPQPua|Wpw#7x}UZu4g2xO4Os7zNh&C+`li#Z!+Qc)L~DKO$#Z6~T4?sJy}F zzE>bSO2fXA!eKL}oHHbttoZR{adOM!;OY7x`PHq=F9X_}aU4Hvj$|g@BtKDx{q-Uo z7Y|QVqS`9GIwo*<^wY!R-#)TwiF&ks)RQU8#*Q+ zPC)8#$Qi5&k3kO$C2S-Tz(Pf!TWv#*CiUFXj$uYE@A~CUPc+kwg7}@{%tU8wJW^|M zt~s1!SWlc4VYE!{f#U6q;6I^`1Ga6D*ojB2bv|SIA;utE3YHArB^;mk+mRRzhlKN< z`8-Q2xG8KKh2#nX7tM!aK1Aa=qYo;%$G!Tu!dVPPTcD_mmiZVIuXQcq=;~N#-|4yp z0GcI zxRG8rgy0uau1`+gaMGZjv9`2q+d53*j2l?vU6hV+slj%E{(hRzzQS^G0*7|by_}kY zBoQ(OA`xm=t+#r^D!VYpg_3}$<}Q>((BS4iWa9X0r#Vwi&&M(0+wo zOze|hy@i};!L@rhczhR@UmupYH5zQ{5ykV4)FRAF-ds3z|(D=pdl)Z2AWoY}qWakC3RDt=yBj zt9(0r<$(_bqf_THl$xbf-sg4hh~wliW~7}k`vEcwUOylA{#-1p6BAaPAbW`d zEQSYIcjn({B!Y&Ef%L+HoLbk-WsauqnpOvD$=4#`?rqm6FgLt|16)fF+T(>Cu1n_H z9P(~37tEGgJ*>xdjcMek*KCZQe?_<1{)evKQj)OhzSF?Ato4(shnprdTH^FqjmyH~ zX>pl28bh@!A9SaCORWXtr6`k+aRyn5x09(+&Qd4j)CF0B#TfEMgw3D(hdG}BHbB{-Kcscoe)~3eIf4#-H z9Y53;Hro`=_Kl2cmC9an{8!Axrf;aCCP#WJ+x=WeWTmZ^M$_@|3*=eCE5W*_-MI8M zKb|cLcT2J?IO#|>16wMiFWpu#MZzDCC*l2Q{uX8)?fJUWWG&rc?~3dXg}<^oXM9xp zF3JX-Ro>)EE4x>No!!H|`wPBTOd+%f-@{SI3oGp*~?S*xlbSzQjLM>LD z_|pa}OTO>|LK+4<`c}5Hbd^F4qj+~4Y(t!@ijt!tv9*69|CK~1C`%3xxE5uX+giGh zj_3>wTeEL7JG+Q)vn9;z&Skw3FdE9c-5@Mf%UMw>?R&FZwJEO1Gnig1SU`#Wh5n4? z+0OWLEk?(tQi&6QPDBW(Zgo|U%T$H->aXwGo>Ut@H*cMI^6)lBPW*$K9SC=<_dhQ1 zu2V2EIekb^@2sJrrM2}{NzOV{p1oTfY~Gjjoxg@6g(5mM&_(Q`&8-G2n6X6}RXD1u zb7;5V5s&!Vmc;$l*Zx_Vu5hivQEtw$#D4URb?{u=l=#|Qc-u~MVcXj+s{QG|!47LG zJC5oc9)6Vm)Fb&$;&|Wu2K%D)(wFKU28Ys5w}pj;*|ZDec|H|us)@TGfnl=@CP5n~nJ|XDg2Lm$ zZY_4nhCWa;lb**oE%G$JST-yoWL>DARjBJ_J0gVhP2azWK44yioj4NT?(*IA0KD6_ zPIQmI`M8ksPv-}3-m##ewX6;G@BZ%SES9L-pGr+RVq^1Fd?M9~S!*L~F^XT}lrg)9 zj-Qp;%ssM4dU`ghKbJb9Xe28m+~wPzr&69guNYl}&UEbe`+fNApT-*0BuW96#=L-FfV*?biR#H=3*a zL3+?AXW#oLj``+g{U1bn8s$bSDv}GHkiE>4Klz-5Cp%Z|uYXO4KUw-DmzFG-%<~SD z^hD+E{S7mY75WPomNL{I&+%X@_+L7I9%Rwx>*m#|TH_j$m=@GSA9N|#JL-dvo-=Lu6KP}ii0}yWXYMo@`_qvlGP1|%>w0)(PoGH zm^1P6IBLPdU)_IXlygd&dIoqGbK@146X(u-JBYF3+s2TB*`x8`cqm-%w9Q9 zr!dMEJo9lnM7Q8>E#Y~hwgg4XgUxFBI0{EWG9{?B-+KhA=B*tr5)u>h;gLOUi8L$x z#!7Ziar}azJ+=sc^qq5u5^5jPWh;IQVtT^)-Edcc(418+m6@xx+S`GxW$<-v4T}|_ zmfQFE@D6O_0-JMGr%F)_`-{h3&3TXTC8+{P7T&3ZIXT1KI#m@_y!t^|T7prsGqS!(`uaoCX%@m5r4>bqD)oU_4f4%D5I{N}r)zbulO zsA$lzufb6?Cp3)9=iWkBdSBGr3J-%%)6P19sOizOqph*~ z>(e6``lidK5#*FqssF^x|2<5Y`lYJ*DZDJ1Y9&As zQo7^C-?o&7Z5IkKd+pd%-!6Q{a$}-~-~xpjX=|?6X=KXCr&kw?3=NoYBO|B8*tFWh zXRUnGW%X#OlvPv&WKtsuZ|~4%5y}8}K z0-Mxn&XP!!a(mCYO3cX&-|6VHyAWm0#vgV4m(wzWxx&eRa^r6G^-hy!9yKi{J(;OX zxg?S?eI|p$GWvV0_Z_{A3a^3d@J=Ju{Kb=_^Q|*&1R7L{*Yc|FZ!AFBe2@Z}U00$h zg>ucK>E$5O==5~B$L6w;PQe?fxuN)#y<$-Hjw9LOOOQ)svvHX@*AJlbDh=>7JzY5T zucznMzKnNLL+B%<+IVTFH$@}RvB0p8FQ3;+lun=1UQqpp(&$&&v>Er(9p-=;-ZS-g z%d!PJXA0e!lN%^kRsa>A5VMRUL+FD`}BSn*k-{<~tI_!6W)_Pd>($}|Gpq5ebnyH2a{A?4N(!@yqD&qLF8~7r zX_fmPk ze~1x%mb*?6UJmw3@^t>e1HPx8$J1c9$^TXqN$4MpHjhMSpGHda| zP{&z4vZ0U*cX|H&`CH;z4MCvFN13-CKVfi7ebT(89~~Zk+dWt@fZ+j&jV-SliBEak zW!}vAo$-)YcDy_DOoCY9I})+D-L8)c7&DazqmNI8cZ$H8nNG-NwVg5hk^jeYKtCn9IhFp}BGi3m@)_ z(Df{{Q`^C(N@aBXCihM@InGv{b?o6U26xR{GhfTIQ~nq>R%m5E47kEbAH~`Dc=2iM z7K1&ekgc6obyiib9*gW%w~-6$Qy9It$>;o&5{9G=Y;oS_TXcFa8BVL;acuA0T{;_U zFfls65}43sCVE!@M~Y~o-d!l|)MtM)C@@gT!%b|k#>9Bbn60cZb#P9EdP``gN8QO} zp`W-RH+APz^E3I2V?vc|-kQ32mV#9L&zh563zc^V|Mp8u??fp?MW_WR*Hoq&e+ZQ@ zOvtWw4@oZww`*L};_2)s+;cl+u)@)L+L@QQN83QQoknceotU6Kqd@zxl>I|UKf$q_ ztZc|v(;mJN2=qyyWj+zI~QF4#^%AO>1gqd9nRzHcLn+QMo*P^6%-|h8w;UV zDjl_=zj!>=IWEKhX{4d@p}l6rT&08l@w(34tUylpzps-?#+bzQJuDW|9fRh=-R8na zBCvd&qNL|+63@!8#+Hg`cK^LuoJ;P+WOt~dVtuxuBe6Md_!)Q6iJT^RKZ8M7?4EE# zFCVv~3K=f|NA4A}JpkJ1prELpi)2rk zPPL}hxg9Ub=XlvzXi8=)Ub->)MD$mDe-~TXaP%lXTlr8}5f;YIngp<~p4N^?I$Qe1 za7@}*Xy5IKYR{#-(dU%!93;Z*e$hpAI9pvIS217HawKx}rlIOaA=~-o*PUvM4x(+r z>UEcsfb*9}A)aGw0ZO{8@yO_;Q_;NggQYXT)OtfhL zf5CiW&t}b|t{DWL!yo+UZ_LV%XK;W1ex~BAznxFHJa?u7F;$pZCO48Of{%Lq-X|u9 zWZ5hedF>d=4BNd*yV?Uamhz>xE;c&JyJRLzLOFEMEn|kJ!o6?XjpSoCI^6dO14}GR zqZaUgR+Hh9X^N%nt zO?TfdCw$L3MVjmA-POt+pV;WE;3<%QMPm=&Ri3)SrAVez@}iLypB`Yn_}zUms}7>?U&C#%Tvm4l}wJirO(72WCJn)zU;w=Rq4 z^u_12q{g5$@iB%b9E*3>g$)KxtE!s3m`&sAxD>qHS8=O_-Y*a6z`zIoU6_c|H+3el zPdk4v`SeLX^n6e%I|p(3bUUsS|Aiy*<@Z$M6VklgUN>!c)ddeZNOCr&UB2`;DSVs} zDuZc7>U4Nua$nglILCbP{+d)Oy@;LwnPI9?znX8kaL z)vxTJ%+2i2lp@KPmw?+WwCQ0&p`;VU5dcF?S=m|RiR!yajyV*aS6s(AgQ0?yZbM|$(&he*({ zckJe>>)6GMTvIf?V)L!-UTYyAtHFLbOs|m^;q>&>89a*EHx=XAFu}QlffNHlfHa^1 zi7bC;reenJpzPy!j6+Y;kuSdslogkyLo&co4^=89_-gz??STB-Ai$FZ0}wLhcW3rk zYjT(LhXtx6bdE`X&Ld#+AIp3Ghfel3K^K0{ja#Wn)!JZ z=Xd<&n!{Z;#~UTRQ6G@B3FgI1sUGufV7x)vXy$!Ani9#eSMgh=uEMf*JA9=Y@($N- zmC#>_)xxVi{nF)#t&)w$Z^XJd|gI@3AV#$_A6xg;vigz34!@B;P7C|hc(vMjZ z3F>SLc1G8KHOa)!RbF>GWON$R6XWAc+Nn)rn{XJJnXROlHZ{&(Ze*fqxGwW*$WuF9 z)1*}Is_08cL8`HNF{jj_ge(hDog|qmdsQvpmx&aGy_OahH18C=uiCy2G0!Ja(4K#d z$vo~cC|tD>YsV}6(ADRyo6fa6p#KCNf(dxt{*x5HQ@sRE3wm(5uulF24IK*zgz(6i zIGNwJ{=Nmz7`nv_(K*Q-_L^7`FH389S&#l81rICeN|Aa3Z1@s@Vu%CV3W)wQfLVja z)l9y>OdTf6+djqHOGq3?J8Ev9&D1Jwu^)c;c@Vxiw|rE*nP1TH&0Xwh(%chtjun97 zIC~R06DSJeEC_@4;LH;;#C~S7|U;pI1#$ zX4``QIxHfBx4@6iC2F$hN|@|~w3O81p_h807CT<>WiZl1m6a!-GVltzZ5S2QH+j9Y z;_fr$`1}LIClc`e`m|Ti++~?9|zD>BB0|6#Ene&Mx=Ohn6a{CdLEf^ z!m_`&S8WtGDgv%|EB@Y#l(icw9ay`8@p9X`7u>gT%5y3Dzw94bXcWflXT?88^~;{XQKYO#DqF zI+#vKTUq68?6$G`#tU9g2(KK12^fYyd}k!@1|$Z#{FT&~M*%$nV0`To0L29jn8{la zp$$Me2&e&0Wf=>LtK#6A%gM_VNfFj=$o^IaYEjUEGET8*NGnv03Re{*2-FPpE6wyr z0L=;3RU}x1abS^t1bccAoN!>V#8VajjjnPf|MmNKCV1EoECc*33{0Xk-(NplqwV7_ z68J)WZ76WM-D@NNpk#?KSixhflQ@a-v;wnb=N{Ez;u*na0{msf|AJ3=1w_>f3JMth z;GF%Bh5$~?GxLRq$fMQS1oKtFQ0ylxhC+2xDuOG7qGsLlX^hWwro)u|zFJ(MB$pV$ zRFIc%1#K9LKfwAiLsm^tAn~}at08HgRn}P1Ro!gD*YK4tT)4pCV_?OGZ^l2JX9AXU zQ}n~2R|gxgZ8*2%CRRkz)4Rpqi3?3K;oWTNk^AL!RlMFXWK4 z%i-Tw?d~tV#N4_vfd6vaA&TpBG2tEf_Fd=K8<%v!sDM5BYc}WEddjB9(B<-x;v~~7 zeJXZ+c-vNyaH|BSB^%fJxRidNNN)Bdv-Fm*&_fQ%9r)f5In95r521eJC_}=nhaUz% z#frRenj-0Ap5*6t=bPke%x|d*CYv=bi_`Qbp@i#&rQ6PUZ+zr$t0=ek8YM7)<{zlt zXP93eP+Cih-}u|EJ}8EtG|m^BDFUXa=`5>Oe? z%w3gG{2-yFXYjDZ0eAKChsp zcMiR9+9Bk>-k%2Z&Ey?%+Nm18h5?QN7!?CZ_(U3+0|%>$BgyM zy!E-v+8iq|F?2Y;zV&cEj?wv*U@gm@j6&q*vnIwRr~PF2ZoNABk{QelK8d>B>Mgl# zU;f!5f%0Kv8jgyd!`_U5?`}q#`epYxUJ8^~vkdqci%9BA=We2;O+c~p*3ZS9zk~de zKYB2T(-j!~NOQ}Drk)^{&(3kC(a>)P$nY$f zf1N<;Yyo)zIFRx2@mm2_!^mL_qIkeQKKXRKPYdSdNb}BTO7uO4Wj|%>N)Knf1--f& zg-PKjk?4}}^c2KhtJZg#wmI!hjlMW4zGM8PHsz?jIVEFwkKC_I1CWZHr=|{p75V<`-^p8kduqGU`~Yw`ToDqY8Mt#m4B}4o17IR2LU9Dt z;Ycd|(DyeEEMI9I9qM_nEiUAz0=ac?knC8dG~TS=*4z#KC}Y@CKjAnm6l(Y(!9Sz{z(Ek>Bidyu+Lr*7iR)aO&j>> z!@#vm2J`O@Fb440k8?tBiewPJ04nM>P!Ik9A>(pF5Q<7rs?B2C(m5D0{z82%~Fma5>;Dz6D0*htvK0 zry#Coz0h5JjY4Kj$Ni6JS`*vMOsqu+(HV|0YcXb&poq) zM(ebvxXAnpGD7D8vEvN0&hUEYum33%;mD+A8AY$;=~^o2AuF?!pMmHTncyh2OCFRl z&3i7Bpc7`Y#{Nx1*&Aao0?VHGHceGA%al5h$1Wiw3vgo|gANs`e&33D3&4JZJE(ll zgQ5O91~Mn%U;xGiudMkf>GyZYKNbi4{_!GtG?F8Oie0zLDvBrV+@|}%?LOJ5XA;oR zSAM59gl*t7(Z{Y%pM4^E(#_^SiY=wxDU=?$uUXLZy(~ML`tFFk)#1YQMR`YNq72$S z>+yg>k8|y=Qt`DLhh8Mt6gr82ZJ(;-j!j;nOp;l&9uClH!;4b1#|V{K-<;%q^%?64 z_@t#>mj0LsutI_XS)J7>4F-%rTz^WMQRrAPc&b9u0q9WXJ=kjiQji1l0>&aj+W_AM zrd)msAiIaarxYhrhF}Ijd;tlskmnC(tARAfKhfV-Rx&|O3ly}ANL39Y$ztPXy1RdW zz7oz}1;`k(NYvPkNtGElgVZd%`;s3+MMVWdKp?)_&+l{ekg!>uJ({Y_ZPiPH#SGK| zAmcEBZXAh(jTpnbnY=;S>e`yGp504>4h-<9OMyn8(cbT1wGUMsKOh-h2J|36bP)Oq z{7lcE9;})I7!GYGub=Ayu(6Si=%L@=8tF|0V~_(RO_aZT(uQ|{)E6Fw|T zIL<)WjR-{1-n4f-xe=EZeNu?gQW_c;kfIw=SYR@WI2VYk1qst4{Had#=zwHsg0Qd$ z{i0|Sf?z#))V|JX&KYPo;FL(lj*nXh2@s-qAS~J4v)`)7MF=sVi_v4&v{e!`k%d|X zf#AtA2U3^r2OnWz(E$5_><;kQ0B}&4Z7nMyfdMfj6g<2LFlz(#7ntG0`;rBh5o_nl zTlk{5_Yi&tL?0cX7LNt<49Y-3`K{aJ&IRu+7}18ndXFqOzNdR~XoW%*-3e<&9bgBX zdX?uOG4BW?XZi7wLUpm=U7D1Y6)VbW0Ww4gWQ;DTVFMv+o(1?CNIkoNw_@r!>xBb^ z9N=f^w)l#HC&v^caNKqB8P_abKl#r?$gf#sBU_D8I2gDa1IQH0^)abI z5s0>YV7)`wK`8jti*&e%>G<&f2T>*Yv^815f*3Cl->-lx9(|Jk(a0{qEC`kUOn#@2 zIf1o_N6H`pIKm&T*ksK7{8VSBYj+vND9|zh*jg6wDZ`?paWUdK^)A56eh!&8SaL() zY+`|Ef;J)`K%<$&!r?^2`}CC|61D@vv>Ncdc*vOv%MTRiL zUEkSW+JMYt@`>FM+{Ec^Wxut&XzjPdF>}}*wVIpwlRZw2t6EHnu9vLvw%416KU5n_ z|K8t@FKH)p|EQZvtC6iW7LG@LR<@N^E!7u0-7H$oq+G=zBKOBdFUX=c#D__g)$EF6etAg1642TTyby{X}0*bM)HErISP z?6S%X9tw2u!^$rA*fr)fY8;(4hwz1vpQnF!{p7%;`U9XsU%{Ib0AU1?@|xTo5o`y_ zPvoh=ScF{T9%5I*c}4-Q#r+{?ki0W$*!1O9hA9J|QFa|NjN4@wPr{Qn*s zgB%@2XJ??A^`;0@03Xt3B##8S$?oiZq(I*-&2x!BtIU`YmW-^O9S0%^0HyPyvqbHq zg=iG_(J>5gH4F?`YFHTXIERFo;n$+D3fR^ntm9X)vHmT8cOId}3)qObA-%z91y2wo z=?=1(K)lR?H%BApRZUP&^$>a~vU{a1EoXfz{*<}1UtgzHvQUeJ3E)U*>Lh)yxpt-{ z9*0Ln=HqyJ&&eI_Mj$Eyd7S}1U&z3k3rz%KvbaW*f};ka9E9Xx>-1;TQ1yNK^r;nM zFgY-UAPYmhTiqJFgwL@k(trsS_9fcfd!MhT3uR@UqlW+}3lEJOL}w1O_2eJ`N90UU zhYx`dyW{T%aAH?jexddOdk*WS$I?dv1W-&XJX5tyDIAPe@OGBN zQl#MbMV%;sh7{}9^!UF-T^@*`Lhjo%P-*`d)l{WT(uZJ;nDfZgd9*!6nrO80=n*jC z{|g!F);Phngu$uvSLKO_h|q%j@5{l7=CBPXI${Ut);nJY?_wBi6U4CMJ!8+AOS~7CbX}()dg_U;i*YSP;+sccM(GwfrGrIEq-@luQ&tw~dnFgzj`30Sr7LG^f^f+7gcEIxp#0i2W+qsQ+d;J`3)peOqkQUX$AF$`pIVh!{L z8f>-0)CD;H+rSk==x;1akwF^V7gVz%KetXlA*YL6FR@7F<8%J$7^Dq zr}CR}2jG$M+MfGN9Bw1%Y4sh73sB-S92ys=4}aitGW6}^n{pr5@v7oguT32r$a8)! zB74+Uu>Y;N+w2zU&VCWUfWC_?Va6QU3vUh4j*$v&x}0$FABTzsD`Mri+n3IMg<|%? z0VxOh(c{%#TC@lRYg~Fyo1wT_ZGvbNYT6N!_~8yZ+9042?;Jz#139>m)do(Yq{B4W zS7hS9TH`88(0{Ib^r-SOhBJI)Xz!W+`hlK=T)^R9U>7sPa)hP@0*oSv96BQ33cIkv zk-awkyb8Q@{~eEI#v~X*&Wrz%xZb{{fuJ{9yzu<_Ih1vya~u5eL#0Nd)s8dNWOsgG zR9010K)^y}03uofc4rZwBv`sB3kcx|IhstefMYqV2&_@c={K~zR;LD(9KQ2FzC@=# z^teWfhv3Z20=GB~w+V*$$u=+gU4WVjdi-C#^(PU~WUc>mn<3i>hCd`WCSc09flO2{ z84f-fC^jGteg7kj&`MM75b%VLE@MFCrw98q_uX57ZGig%oM^Dnyr5bAJ-yl;<=}TE z+oe^7ftjt{tNSw<@(mw*YF1ksY#Z7DBoqT7DR}^8sR(n!AmoezS~A@Cmw=U@X@-q~ z(jv$PoDVm(51vj}MQKPFQ*n8mc)%SlH2M|E; zvL<3jEw=?}Hg5o@?SBa2TijjX`nw0mG=vv&u*Sk^2$th30LV@E*(VVH`%}|(eGn5G zW71InA%8j!5w%db72J~tEDwLcMr1*HFXZ>{j*s{y#7l-gON#ij>7kZ;M6`Mjp1|^| zlJs;&d@guQY=iMphFg%_!ZJy0WH30|18^T{qHc1K@?e|rkUrVm$H>Vjz@Wivyu}>? z>Z1P)(Et-fV-MKqxAE#Y3~VsD?0q~3Up_L*Q=&}~aqA(^9e^eiWSV^eT_?Q|YXNxr zANmO56si#+^7p=d@?Q6gCSZy!EG!n`AgkZ0ok1KNxQPHCjuA;%FsOxE^_~Bq5-Lsv zxC6hbw2~4rqQe0W2%PQorjT;LiS)}co;}K{=geb zmaj9glC<}rY%SCXv${}y{5<)|Yk|ShB)px@uU(pJX<7vOq9<)NMJI1*3BK!TUmS4= z`o017LzhRr=ehq342&d|!SqJcBEK~XFD{UBIOeS|_w)sM_;k4vfY#N$R^KJ8R z{cWG%wBqxl>ICW}c~w;pf3N5|5rOH&nB&sgJK)y!!E=lf$FtAodu36i@VNhNNe;HP z^)q(Pb~gpl^jEKf5HI>`doVEhZlKo(SV*AXrL{uwU_Ralxg%rrG#pRF-FI18yTVA; z(}4yD=<)u?m!Oyi%I#dC_6_vcFG0SDDJqkcnpWm>2EU}-_pjGz(E~EzD@sE0ya)E? z5MF-FWc}2%DJ@1oDCQ4g-R%Nk3Tf(a)&q>FuAB*WU&1-XK5- z4w&3NHMm1lUmd__Qonz~Ub)rkcZ+zEDp(L&Gw3xUoGWCzY(MDIj9@Twuf_N8;=ymg zb$3Y>s6es;z1*C~66h~NFa0Z=gJ?Mq0W$_}kI1(C@*06c^oUvnlbl+1As=16Q&Dvr z?OQHFpiRrHJ5iV&%x#;|bM?4x@fD|Q>S{&fz3Az_(EBQ|2HKLRfUrOwFDa=&;d^>Q z1)D1I^VbsEm-iN-20;c}XJ>9m6qQ}^F#xFX_0X#V{t+sBfXDI?s+*xaWqOn{THMxB z=782I%wHg7aOOK45oZAlCDeFTH)n}x3MKz34;uJ>jB z1F~WAdNCmmn(aUih-xs%1Qyl0hRr;4OHifP{u$ssAQ5$8mX(pAJzuzlqo1QV2uYF% zpTp!}+kJ5eUcmKP{$(6E3su}@Kro=d4xOvPe03I7fx*yZeWB&9;%m+qa3Eg+u%D3e zbWUuD3dtpJo=JuWT;kA@@55lrzb-%VkH-Cs%7A6=J6E=g(@52}Rk)q1gR*;WtxaZg zs?J(tW>Chay*o@)-t1-`C?2wWH|Nr^lGQm55t(qeh&&3~{o1VV^_uj2cf{@ka>5k~ zUh~ZU_j8G9l$B7lNQ-IG*?{GNbsR}Ur!FdRVOb)w zJnD-8#1YUD&S1;MT1&Qy)NP6dhybjZi@J4Af3G?){egLiGk`PT6;UCUIwV9DP*7s2 zOhZu+2u1kZy*U>bmkO^#yJF~UVK6_*7M?y^^;)Byt+G}{1qh0A_wGHHzNTFDZ~}YP z@0<%d!@=N=tlmVYY5jnx7~!_~bRJcZaON|+f1iD!S7k+8SeA-I3qD>UqH&qK zbxo7}w8+URF-*FzI6@Toj~1I6NQ&FWef`ZHE8mB3p$>ab-g^u1!a%ZSmc;=hBh+Yu zgGayC!S)Xuv~b4m=}<9LIwx%S9TBVHlcY{I&^vFv_vp;?72>|>m;8<9^Cz}PX!Cj=7=bl4>c zK8i-f(8n3Tt>C56+Bc<4pdZpneqyg7$AQ;<0NcI`1C)3|<8zQp|A_HB#YP|yaL024 zKo(h*ApwuZmkuVR`VW5tr8R&#+8`LCo)Wy%M!Hv!WkP2^NuS5VER58{q_zi%GG^|5 za2HVFn=~%YCwHN?NaC|yQlraZ%)nv{B7-^!`d7%j1({4Rq_5`CCx#n`IKU?k3iIVp z{)11)T=<}`4L=DF`iWZ5PH#5XaEAF3l={HE1;e{Y*X!d{$N-@>VuooX)L3YPK_f+} zFRXOsE>^}n=)IwiF4P$95PT5E7%(?N;xi=|!wvk~NImE9$K{oj?g5=DyLILRxDxh& zy}6wH=z}B_4m`f6o^VaV_~pVjd+7Vq2tTI-<01#?Gw0xv4wg&AxgfW5ag<%w8eUA{s z3s}n;up*&Xi)(@e`GmMcvG~!5Jp#WnQTlaa1~e8>8Xt`>*ewQC`{CAvAV0~)n}*!% zet`sB4%!mAcih(L~0PI4<18rZ<%skh_`S(?_)=hD7+6yuXuWdp|J!_ z{w(uU+q|pH%ovajNp3~08@y}y5g7#!S+dxzl zCf>$@{2QTP8QEPqC=0MFfpLQ&0S}syFB>Xd)N%qeIM-lMpx(9QKrQH0z=?xq;t)+h zF%@FBG=6#mT5E_@3^0js^j;8PV!9FlMSPFu8DNYd;p$qQO&#j59FazlGV34n{jO+W z;jyJAt7}vNUw$DUPgaRaSodDV$$+z}t!((q$~(;K_>W0=%&m)( zxF;nCdwMgzvt!v>U7NjqGleYSbWEjw*2UH9_U+rTX=%|w!g!TA=#Z-%l+|pyDoG|Z zw*~8al}UarOS&V=2Ulg1Q!712lG(BFb1wn?x#5jr6D5#^X4~dlm4S3XsYB38##Q|A z_s@kK4G08O&{W{v@+UQew~T-o(4G_VnjL(+4>xgPW*Tk7{RBvX0bL&xi1^U86KM9S z52=r#(aMyr@H_LxIMZ0Jyd^90TX3KdMmyB8ze+%;1ZaKbOKe7$K-mXf!MM-gx`4or zr4u}q;q>uxfldh>(hk6(fC1$;BglmUD6XprZGM=w=-Ju!fZOCg%fj<-Bd1#ZtvlIy z&w&nSb5K`r4Gu09)JcS<^+$-B;jW&e^G3IZoro$y zbLDw_yg0W+7rSNXw6i`YIyz4XlXjDMJhJN={43gpN@SkCrFNTDBSM%Ld6`mrA@ZZ7 zY<;|h9>LcTTnm-};!r~0)8-o5VG5rR81AS7 z^;P;V%kL*|br zs8POtgJS(6N~$5b=sU1^V8Sm831?nL9RKyY*(XG((FFA{tz5#E*#FV=9pGH=?fol*Q4%FNq97#M&Fn~)kp7mpcnaaEGhXGaw^m-h8r zL73W;RrVb)v;+rE12n7BpHuUM*_ip)N7&NPlmfKeWNH8zT@jTnGnB4ZCz3epUWb^G zRH$ajy1*#F20L@pwNqw=?vj|Q*r-95ycNZAF({q!qVv-;_Y}g~G-JLsa>k@D2txK9 zvyjmEkSj>SVlM~n4fGS;?vOzB_PsEJ?m=<hmASqNVz`>*uBu zl!Nv?W!sd@x(bauA}=hhdd#vj=?XQ5XOVpv8;HuIZGEmOqBN=Yl6OM!l@d$~05p^n zV!{n!RL?v#bBJ|@6Y?eaU9kzEr9?tVG?54r9(jUEj+`B&f`WrtpyfaSJ~jl!LyQy) z+*=Z7$7Psd-XrkDW??!{YhSAL76kUSLd+3t2Ocnh>KDAp5B5wWz8h(z6RzMl=PHbBHrGHnPTCv zcTp%X;K{9UnQ!)pY#0Lo5!o6=*KaqM?&JyAD}w$Jp$f3uYZw=TBK1*ZJ;4yB!;A+T z4AeD-Mi61?pg(g2bhs;?j}Q)URJWqq9Z)7nWyeBbJqk|(?h!lu+#br^f<}K1Uc4OS zTz-VR)%$p>1B9q)=@tp|ck|j&8vw;CTG-H^qSFzLqd}31=gJsP`h>3u_ac}G5EB@X zV>eI)_VQ1V)gFfGE&}cIl~AX{>JCD16&wV3-i#oJfY3oi2b?Hta7orB7}YwT|L%7t z_8TUbA@Bgv#4MAl+B~c+m|A&qZ;dTVc6xYW%wWUixI9*c z;hb$_4ly2O^`IOpol@9w4U?BE4P-@Zh@+I&Yq{$hPb)14vmV1`0U#beiVO$bbMT$~{#$7ILHiK~1!xLPF+jWx z;)q-)%1Ng!zA_pG_XBOttv_h@=(Q24OTGMW%fCe$=^dhcAknw*!t!gyTgv5YI z(t$={z}iM;c8Fu&4@&L8Jhdoa5*3n z5`}xAPl9F=Mp(@uiOI*utz8Ge`(A_sz#uib2B5Pkmr;YUdXKXCMZk{{k3pc>G+^Bl zh>JiTq*4Z?G_JkV@9HN*B>fYpC&cgtJin7O>B9c~5~E`FXL{#5)W@n?_+n4l1N``I0jbVz=>7w@Y^Y;xl3h0jRz#EId)4B(nqc@4vw*!kVhs&x&LGy7%)-DbmlTNC_Hs-t^+V z4zG21ZOJ>GWsUSdHkUi35;2NM>&UD2W>lWu_|08Ma&J9&~chgZ)VzPu_Cc~?oJE_?%(r#3L>#DL>xI>riiFnuU?JqVxz-;W`73^ zsvuyJ1SkUrI>qr6JrI^WCaMtlKq}6;UizCfv#hk=6x!Z!VhEU(h9IIZLEP3krsUA} z!nzM0%&=Bj&&D&_G2zt^X_-us;i2NF>iUZ)X{3t)x>T_C70lu?0Yn5%Ws2<^e-rf_bEZ3GuD2-<=3@@z zT$8GOw)ka!;YUU&|Jv7Y^0ZQ=S%*TYz>z}C5C3cgnWZq3V)yFfEbnnhMIz5MOTCEuAmq9E^Hu2Sxt*!YxrplG3EKh`J+Vd9H6QS=%>)`*Eh>Qkif z(b>dt5IyIyx#dt!sx|FE;9gM@D@;I-eXCS6B{MkRHRAeMUs0QDI+LE-f5sn#B^Pw$ss}H6Mi}56!>v%0`!e06!d8EA_sVwPn6q!Z2 zH?6@9-Rj$Kb|Hma(7NeDcfsajJn`IwscPjdx5BSxv^XjAa$Cg0eXc(mU7uz{MuVJ- zq%e){k(5`~E=T#}sbZ^lU{++{*JjY`mUXcC>p>f_xN5Oooh|Wx?RCYTjl{xpe{>_AdbW(@_sIvIH!Od*fPbol2SC=z{Cr!Y$vuhWO5y36ATTd#R z56ST)A;Ophfqy;14evb5jwTGmbbWA*Yox%RV>4%foPkVCa_6;dm4`de9c!ux>mPzG z*bL`EQ3ZlDG8myK5J6Z6OgqH1{s5H>$~q(=lP$uN$CcH1;&bJ z#WZZ04Qwx^M3g5L#Ar2#B8tA6Ojsz5>cC<1%GYXJFe2p!!}Deh2H8Tf(x+OK^_J1k zqf7z|fbBu!K~SILxwrNT#5yqFgT(Lb=sOyT7M#k$25dBUf6u4TFk5qZPQ6P5zqN~+ z?_v6>Dq-`r+4v>xz5TfE&%ifQQz_Clp`d3cQI)PPBa=2{IbgR$5MJ(vo2Y2!yN2EN zo2q3?twZ0^du7b=q0@9;Y+#_59+pnBD$kp#^fiT^ji2Tg(MifRqpN(FG@&LI^D?)5 zwHD*I(YZX7Zc$clte41`nK2&fPUOAG<6i8YSVS(2u~(bLkkxt@U%sraa!}FImLS}r zV69;`OCu*vr`waFGHLjVnrA{@=J*_DIUj8&ipvHn@E?)rI%x~BwgO2101_=zK#$v_ zN*NB%D725#-!rg7d>fdm^k7(|21S9y9UWKRE<7$fNohZOuMmPt-uQgU&=l2N$jA*3 z3GoN=e#ioJkLuL-g~NLnr2%UEOYeF;s|*->JAWI%DUbq`jO;P<6X$0X^7->`0euN& z8;&zx4|V+mO6W*Nnq$$ux!E5|o$qnYhtK>VeJO797`Jo%jIDu!Z1z#cN!$PiS#^J zB~aw2$Ip)}-Yt7ZAUnn`3>i3mrU1O6? zS4wz`hl@+2dE+kKXglylF~@xDv_z^1r6puN#qa zDwV8Wk@Wu#E+8U0ejEZ-Ih2r{c=fz z#T=mD-B)t6H|N4Q=YXp;n*k00X&exD389w!s>ZmxP<#s_J|6K1;82q7^#!dN&{#wu z^%asMyV>LfTLP(Bb?n!kBlSH(^UQ2`!+tC-27@3W4L;=H==)hD^ehy8#gA%~i~NM| zdz)q6>H9lNZAB~zNFmb8c!R|ParCfqmBa|Gl?96m{8aN2&A4qYrzu}#aFn$f4=|(~ z+N#m8{OXFsODAud^K#o$VzkbtIX7C2E@VOnr_MfDc66Ot!r+Yl;Ry*Yzdm7?=eRN< zgGHf^>Sk^Qr)w|vNuq4Eg?e;l2FG=0HThoV=3yaoF)Y&SbRV4TYWylT_55VbA3&yz zYy0Z1aOpc3M3D&dsrYrs0<9;s*BgsmBa*Y{JHzo;wU#Jyp0F~ocYEf4GJ?Z1H#k-O z-t~Tx7dh|jH&}=pmpuE$kPZj>+~Bfe8qGw`Nk#Cc?TMiawH|L3Iju8P1~**A0)?-L=4i)u_CEQ^37dIG z8>IFy8S?Y&WhwzFc*mmBB)|PGl;a~^w$|>={ff(O9m$(aleUA z*K+WDxx9jUsJC(;^^8aW8C|pwNKR3;4%*nqD=Oz|(T79+>pZ~Xcfp#6qu>o!0I`e16C+&mxS2;$eFHH?BkMZzE~$V@y@CbO(c zFVamt&dZz-pE^5{_1VD|1^o48Na`nylsJswak?_Rn&z8{c>Bp5g)Uyue3X(|&Xp-R zEq`xNE3wR@gn#;5BWa=$u1oye%H;t5;F)#Fk91af>V@xDqzWEgl>y^#s#Jf;toW!6gKg4Y zs>%fI{+*8J5d!Qn)}v`9--FG#Jc=s|7ssr%RLkP`YT&oQ2F3{F0JN{3nLXh>XUz0F zV@TDe1>gbb%F(Rz?s`ie8G|ZsM$H`6A2_&FFI7Vi7^~(qj>IZEgML5ET(C5vJX+Jd zLVPp@y3-CAZl7`{*x3}-6`a^sVg&gduaU?N5W*X>t%!`KguJ=0o3+H%2?6Yi2CcXI zN`C3vs+c^dHWa-axAN#?h7Wp#cAj#OoHq zGyufQ{%8#*u4pgfo_$;}`_7qU;Ep@j_&`RjYHaH4*gN6Ojj}L&%036hDnNS>Kml-s zc7tcdD`qn@GZWAv0)z4yilMHPmp~Z9!0Q9xQ2GJ=K@%p?R>5Yx(Z21AS6+s#DuwCu)hcwnCm{+O zA20J}sW^z`; zEprFfJ4w;Jd;@lKcvk8*ItITnaW^KOe=f4`>nYcjFYpSoZY}Z{2r1Kh?=q1B3joVM zHMG=-j85~dS)2JI0I!5cAWsJe<;KVB&JN`ZH-U_xrfzg2Bf?6q|-zJ;obBGpDEUz-G@4el<>1nb3M(b2K;I^MR z7129_)F|GF!`$r_;Th3WMz2QoeQm~_!spPpW+gDEAL(H6B_vYt6{~kud^CUK+|PlH&s<5Vqv13 zswyOJa*@J}X${NPrFm*C(3V_dK`WpjkS=1!`tvJe{T31S%e0Rd#KE|crxG8b8c)uX zR{8Umwb+oOsr@UsdJsGF(_1K6S30F_ruaNlpgmWteNCKn$LrQR%Rr!Jr_yQl8ZWw$W;n28nd zh~6&XIfxJ@_oH~YWXKWv$@06=V}q&n{OUIi2Z!Io-RvinmqzD5Q}VxBIjQmRsC2V* zi`H<+Cez`o{`ze+9&eq#AXL2z!(!zIbjGPN51W;e#D)HHRONb`9mOsGs)WpY*vsuu zHxb;E@$iE|S(1P9*mo8XF=h0&YHH-acoDnoZnR39NT5ZpLOx&`{KPcV;n z8N(9MO9;S*jXMX6sTIcIbz^qR7cqvQ#9xrcIdm|%8AC&jQpZ6oiuC9OdR09XZHo&F zX>jC#GJzhAi-y&h4nQzc8zZOuY~SdT@Uk(7ivmX?5cEiE1mN>Lj02Jd0tddv3;1gm zX;N`Bbz>9ZGK2~&73O##zYsDTA*nN9cK7JximXv_hK%NR&7 zF=OEqkT6XOLIu44{y|?Aq|vC%qnXtKc{nn{fVk)$h$YbeKv4e^)ipd1*L30azb0}I zchB|=ozj)ZiRXuC)I47icTKH5UoW=~8YoKcTdFn_JzpTWNNc-zs=+9+pGe#@H8j3< zNEPGyOU6Gxj#-R1w*PWp`LYmBm$M|~GwS%oKYK*U7fCEbTmF!=%)t3(&DnvF^M&$9 zk**g;?ba3EmGNA&o1S-J$SJd>(y-c=WDsaHV(3TiaL_L_16$4QzG;jGBOnDY=o*n^ ziJWW)lKEGQ>iR(S44lLj$c+bQK?m?x7#K*l4sRZnIwmki#R6bF9yE3z%X<7I-B|Ca#01A>EiKM-ob z91bcNf_4otATSwde#UD<235vR3yOdpo=09pn4J~^YzQv6V9+!JP@dmVPv~&^421x! z_jXu9pj1FJ3+5oH7G~R)p37P}}YxB`*QZT$$Y@)b!Vr+_4OcsX#Z| z0RqV=5Iw`~Cz#WU^j7Gi{2y_60Cj0s+`^vXaS~*O&LZCu08Pl@j$-sd)dycE?C&u^ zwsYuf0~mDyyiaJtIGoo~ii%yt)5(VDhDR_x2uiL1{Rp^nE9hxeN}t?Es(i%C0WR6K z3jAL%ILMmjT|VBj*gJ48A4UxHrqIA`G(s1d9bh8fns5<%oycwjoPGMj7wf5NN5obj-=OD?1=2zRD2KWy z^lX7VsU3S>eSXu&^26 z8kHK93I|>TMj%mbS-7mm&J|^HS+n|z0GFCun9>X*N@b^){9{riZ3BrNx2B<5L zIvC{Fo3M%h4NHI#H)v^YPjhH~S)4x+gDJH@3SVmcyFiEZ=kUp}(D)5{JwgD@G=`P| zIVIt7ezcwBN52Mo*kDPF0u2g$W-8o^7SpwSFl6TyNG(}}glOP!LOv6a?OGB2g?ld; zjhz7Oe1Qh~um6#ILi}VM%dlsbCaX9h1_h#8QJaY>e>5@IxEQ_(A`6gQ5Dk^+MS9DpW zmEyP|wHjcINS=l+Q&3A|qq7B)r<{LJ(ZDr|Y$jj2aBy%^zy^q%bhYCK z6O^50cK35#SKKG)z17aj%|gCsVv%}Z(|Z}#Q=;}f)+0q5m)%Qa#WYa|gm5K(u9&6M z7H{s9t@))hj1D`dr~lsm+g0{4OF9v|dt!XtFf-eVUw$#x`gH&^aVS?^w#){22teDy z47%4Kbf$sc<^Y}`Qffo@jt{T412l^m7>J)oiXAu=OkgE|z~v?)&*2qc;pQd-!!5Fn zpsopi06y&2PjD)s8xLue(Qs+F3(=dIgL_O0e3*d$pzH%QW)s9U2M|!=czggyT0b^& z(*f~}oQ_Dw1NKuiRE`T~T= z#;(YK6IT4}*lBILjtWE>?Z6R&Dr)Im9>8UaiNcgfqm5i5zzHE!BfM9{48olZiu_=> zS|KhMCaZV3S!P`UU=nl-(tw+wwTDU3QE17668Xl?sg24gl&$E`pb;jJuW}KN6k3$l0=7})yaFHz8Kzr6YJ`T8p$r{_ z{vhY_;F1emyJ#dM+VeM!8tIW?4rC>0Bs0v5Nr5vGX`7Mg1KxW&au>l(1cn$>HXHax zw?T`ppBx+>g!CHF`n185((kB1HvoKXn>9!o0ofQ)_abH+QB9-*mnT$1SMJv@n_-q)H|QNDlyXgmVzK zGc~&r7Bj#2&i+0O6^~8t2;yHD=wzcZhgI{@`|mT5YcRl5KyDzAA(BD(YltkAN^`)O zOGD%VCh`=zgK1P1R+t>cQ@EEvyqcJ+nTxC=AQgp~XNZsnxa%X1&40ii}U0k!5tONX~YPx1r>Dg#-GCjT$`#H z^q0Lfbmxz9M{pF+ub1SVcdUwE*5+Ad1-Ld)K8ED7@4W}nv3twGI zvsPCuq*A@myPy9g-zRycdBPxTc=>YS{aiiTDCW+Qn~`}uCC&Ogt{EZ&EfA6}P$8r* z0EZAlkm!x!S8q?^#{`FX}r_LP|&xRt87Y7F6u9 zKCU1>KxG4H*6!#~!-GZMF33Pxr~%z@1QPwh2?LtdK&W=1#D2UGTPXrPD6EvbU*57J z+FHNPl^ALRm;2dId6-z(zV-#I6rx9KW$1z6;JYKK&yugcK0Wk_TE^fF*d4v* z-~{g%DQD0wgx;asdMYUwtO#)GU?cY{TuWFO=mG;{FRG@Y62iwoKNGhZo<&nQXtd_x zbeEZ7O72+QoqOnaNRCPa)F~W`gM9{4w_2dyD|z-y!FdI8S0HSG{Gn(7@bAd2gYE|m z40Pr|G5OC{4F4{MKQfzBzef2c@DTAZ=!Kr)0N^JDN|o-01`zZkhsTqiU5_2bTQ>Ue z*u#LBM7a-KYEz(9LI@uki3u@(#+`4jT+45F@qu3wO`bY(ujBCFy3ij`#@j+Qxa=_L%#7FSC98n|o|S ztFuSfXTdB*?#BdkVdC#a)wV2}kg<}A>s^8^l#ciqPe$ zz-pl#3IaQ9ETmsTGo&hRejPr9NFv}l(UsSI!U)21sL-=mu%qGBhc}F*3Lw1-fXIK< zIVgS7Kz#?7MWboM#IuhuMcjo=X*}WvBw8tM;PG8sxjguI2l@puPhOZ~W?45z0;NOabXeRK8(5=KIVy0uK(uiY80!}^@-*7ote`ECa2QB3~y|TLRri4@e1(%#A z2{d#~?_F0YBXUg)FI>nfe}HAvXk=|`)8JY`d=smx?7C~vHJB#9W~6rhynJkc61-1( zw&O;WBG~%vl!ew^1@}g`aeu!?Jku(6xjjDaRd)=vjJq;~W8~7w5BD7b(LTRvK}vJt z%lN_hnC)fHY^W^Wx~zV@<$^AVq4S>Kc7vV~PVCH$W2E?Rw=8m~XLS*)zk(fw4>ulaejbW$-3$2s{>CE`z?+a?(5&af zE9l=C;5c`wuY|wDXxaQ=}%lifhW~29+^pyK|TJM$32WM8bVjSJ%qiTWQmMht#3$4kr_DKTcFf zN7e}!#8bj)b8TLpt5BJtBO>_5XkMUwOv#9Jq6U419;$)ioe0-%3C;O zQ`8#D1EzW_?;891ibJ1;YFbph!^w;58H5h2P75pKF9tspLKzT#4l~`*20P3C8pSZ}u60FVa~R)!m`Tra~-i{fICrxTiS znylss?_ggl40H#=ZE!n9_p`AsAW1O9t{=i`)+VcZpP2dk@mXmu&g~o180bOW;6(dBKtPddm@Ab?pSC5Q#=^WlzHNcOn!ku6bC%_me~rp>=!_H#)j%Pr+V>S4_VA`qHW3O0T7tL@M(<52bdZ7&#C3?p zavHOY1tVIhq8A>cM-0F>nkG z7SI=k&r5lwEk+F-Pd%wT>&!g*vaTR6?+?_RqGCA9d@4-X&D;bW>k62q(3oB{kP>P$ zRFXBV8p4kZj~EVgtWvxW4IlEmp$~&~$EWcT64@RtuJ7xgwP!NitF-3}L!{hp6qVG;OiaIw5wNk2ne?0do~op4LrF<%g+-dFK=#@E z$rHg+oSSdU2_1(+tTo2heKDvnufXX5?r7w`el4~ai|KhN3J|dzXgy0@R<%BexRJm$ zj54)AG>M12m*D8;CsZR;hLO>07>37x0n|o#2lCgpsN$byQmX+9_dnl@G<;w9jTbv7 zsx3Pw>0Ycb!k>2Sy9;HywSRn~_>h??EwOqBnp}?xTG*5*JoXsmyaxb^I)DuLgPLhzKOKlFF1vyzc?|rBr#smasUT6mb_m&E=BV>W4;aBxa4W?3iv2GL5ymDr z!^qS%J;i<@Z zj?8>~PL{!XbA$J;CqWHGHmu}z&+E;uSC6tk(i>YXf1HG+ar$9Co#N)L&V>z7%F**( zu#xSoCDY`Bp-;$VO*x0JWqITox1W5GaP}Re`tqOGuO^+N z&wLq54|J-Y#9N*u^JU9ytw>Ic3lRq)ha?1eAaDUCL_jw>5BK&bgiHZ42CHU(`+M!B z`{tUHX6D?ss^kKPw>oyAJAy9axineSUi&R(tK`QkQ^?bVib}9pbRYgmhUOJ^(qI?& zcYq{B(76ET9WH?m-=zKI_NRm20<^=o)}UTs`j@rExhWEPzBdK28bCj^0e(jKB+TyW ziZ{SLpfTM6n5A!nfPml=^jl=$1wk`H(HQdNvt#pj0g;iB07~(xfTd#;qccKZ;E$-l zGY=3uQANLfYvP%*Q~^;6XkPpHq{_ynvZ2 zlRTue~J)Cc{+iF#cjiF8R&FVQi&}54+7D2kqghAy6BcKjtC? zW{~OS1+)PF!i*r;4t9kjYQXh0t-kYTs!FX+5<0ZN}2uu()v6f?*nsJ>?e4L03l7$S)-id^o;Ls}65{3czH1%)bO`1eFX z%?n0a@;u;X0l%64k+T#J0v1_7*U)Hj)L0)^lQ&J+1MhBy!?>V<+9lTsK)Kn+rO@p`l8a z_*~=e|7;1%4Ha^)LbY)(ltR&(lrTa(ce?)&FY}6H(qF|rYU}lvjY&<5VlTlA!N)f| zRKWEhtFi}%r$3Qe%c0Jd0&p9kJxRFL;lw7RqYHy$6`v3BeS+K|0CAooxBZWQsGP-4 z;rgJBzgpBmL4p0iDI>kLaQ#$1%IL2A5Q(>_%|iwWJ&{}B>CSNUc8>rPyu|4N3!s3A zBtZc*P_X8{I%jTfo(_dATqUU0@6Uh48H^FcZ!t`CVRRpGNYrhB>o5hluUG;5q}HOb z2Ct#pzOdk8c`Yv*diaKueF(dRlO9R!;dexf5v^&I!v+;tEWd4hsw7+pq!3>q2i|V*yS&G$Y*|0u z`3lx3I8l&lb#B}|xedM&isC>qhHxk!06`iKKRO*wTX1WIrq=fWF@qw%#SfQQ(65R5 z?rRT|!V%&Lqy?fB5I4we+CJ6C^SyI>s`D3=Qt-_H>hE&)?}cT#Jea)&AN2#ecI`?V z8We&Dbm|ZA__P8Xr&?yFL_{xm0Sft6$Tm}3WB7*}w7pa1QhO{H5^6OwH&QvXN6)8b zF1K^eN=G7<=TVVU$JuUHh2tPd>j^zHruL|6N@4 zWM_~XeB%IN2E&zru1jR60WV7U3u_1wf;NrV=SR#V!xqHSqK5!5v}`FD+8Q9wfCHsO zLSKbUFn}nX!vkIlgyTqbfbt(O(f}8D3278$;J;}DPwFcG08Bvkgi`dBC}#d^E$@gX z=|)g0%3lC93ehe6He>%{qQIUN6i0q3X~N(=_#6_0!zt{rz|~+48Djx?fTI#k@iyUu`DoZ12iR_l^!+d3*~eJye&zaOiGfa0$yg zfQbtt)n@mH`@3i{YlZ(hd+Kz^nuj?_e0th2Mqcr`~o&K4KSQ?q==% zXB{vvl_@A(<6P>jUy=Nl4b6uc06xa8t^GW6A*2{}%OI$bN*Sco9|WC>IR@s~8xkhB4ziJn$bxKpwB#`yrDS z!UbV`CPL>BbO7!YwPsffJmiE2A!Eb%cTh|Ko$mcFhMw*7!-o$${(lTAa)d*8D{2kk zI3@*|f&;EJ|N2+PFbEBsM<58??ZmtLo{Pu3MNmhh-VDVqyk-c#ax0TRki~u`; zG8JcU0V(_4_vjYf;V+@&n*&`LilOE*>!OAg+`g0N2>^m!weo^&@}lP>KnhhWtTaW> zj<>I!gSZr(e{HFN9X(Vo_{qIU_&Eot8PYY7LEa{m6OV!P02z%-2|nN;22CLA`$_fi zQUAMaGNYqK1@lt6$nk!sh|P(JR`*ykikwo4>;EwX>Nq3;3AA*Cw4_iy%VFkp6ONcY znfR?vFjlIp8NEPPd>T~9+Y_Jh?UZ%F}#Z@}l za?AUa=0B2^!5-n?YyIHt;!j8Y@^`#aL{gD^cq!#s042eQ^5?-tQ}U6oT*t0i^nJSR z)lFt>EvHt*q8D}FONFg^z&vGMJMG^2bm2^mbb#~almd!a#d!k!N4kM^r)_RuyjCHb zh;hqsUUxA53hpldgu!rn%?c!X!uwya=zBA=`HL;q&R-VYG#0obo$p|96)%Y38r8o zc@K-Fss29X5CC$XwTJ9T4u6&pEM8yDRB$Zdl}wMaED~F1`E>L{lpQy$x6_8+vM3`) zt^Iu@q|i;p{~=d%Yj2U}WyxXb7AOV$ zb#O%y&j9h`&MI1_1^xHewZ81^EV8hlF)h#*}NR# zW}EFZu{3xvaiWXK#~=$DC=#zmEe0Bwf}wF{-1`ZX1F9-=!4!0XMR0gT!zkN6t7@&z zd~@2Qq4(ge2MhKUR@O|(>o$=*iFmeH+2yomk~!4rJx@U6)~a(&Fde6yc;dkO0~IBG zU)PI<;AlL{=T}{3DSqbT+)S1uoOkh?(2+MNvzzicE!@vY(HXtT@E~S)L|%B&UyM)C z&6!#L+ra6~0?z(JvPf)(%fh751|#D4^y|DYnO!cgM$t?CQ&Gw#BSw~&{GAH02wf!u zqle+hm{$bm)D&MkIi2R3Z}Fbm4J%n(Lt?d3aALKHoT4SmaK~ zi5Ayf9jGu7c%d2k!qvTMy=HPe*E}WZL3GrplX{{agS1H5oLR3eK`O_8HCv-+)A?h6 z4@^gaG(}a<=Z=nfNG9F{<_-k7j=+u4e0_{!SnT7Km;62pj_1yPBCwt!P~uZ~;IANU zFSlI5rNv^Q5nFnMGp6>!v$#@fabvAB>CeD0=9P0S-7-{Z2?VdEwc8_%>R-Z)>Ti(8*}9?WVv_a@Anf0 z%GU9{%ZSWWFwTz}F-xQ;7tl*l=1!g@{_NOO5#;Y<6q`6ukgZm=<5V#tl_(zgRJJS5 za^TwYJ>5*6PiZa*x*Z#rQx*?@)b`)R+sDHE7;3qBI^;M@zrA1EV;dZ>Z;8)tbC}Yg zg_2;Qk~9IdR+eL!@We#JBl#G+$-;@%_%qzzSpeq3b&-7hT(zOfHf_zoWltS_P?f zFC9dYT!i;Y@p5Mu#|uoyvZcd@Os=$#q!_(gtNU*p(08RR*|YWk}$>g;EXG+3Mj zV{zQ#cRNZyn*6=-_&N89uWVgKP@A3Ll36xyXhDO-(DJBQA;}%TB8^6HaJNcVSw`~T zQuD&G+*Wm2T7F`Ac1eJhv+CNL4=iS^ydP8h-MeY4haa)Md~h~mcr$)omEaPOu+`#D zL#63g4|P@!VHVdy+)d85WFT=V&k-y!x}@ta`>N7L|Hc%tNRg=8uboWlJC~K0J+8k2 zM?476XgujhUnX`BIjLJZdUA@+6JYbmJe7=Ic&uJc;8i?Xvm81uBZ%$?hSRc)jbCas8Qu<4o+yeD6V* zu0(22tgzvSGDsnk8~JQ_#LuQh?31~?Z1_m`R@vQJJKF|dm&Re8vW^e)Uu+(r+*63( znQwk}TjOtgkFeFeZbh=4kL#LE`1FhZ-;bV}bKCPic)UI8M=I9V2t`vc6y4OQ4$Mg! ze}vjSsGiUO9Z<8LR&hr#R3M|-*?sr@EW3LLa{NVfA*w0){xa!%wN*6`MPC{yL>)*b+ zHn#tn^cNQ6yw8mY6>ILDnWbi{DhFGl z9A5QXAtUXtTn(tsHg-LsZZr?=olYB77*&tqn84TjC}r(@;2nRyGHj(H=tb{+{K>4( zD<_k;5hyE1L$) zC3p**1sy9*TlpS#4Ezo@#rC|lw@97GP(JKx^NX<|c(wnbuRZ>5S`lb-(;;?y;W$nG zA{Eu*n<-*KLI^^`0YFvnGWL;N5uL}zS-#F&G%NydDx6$p=-yQ4)$wH~kvSW`$mx6G z?S`yh%h@zpc;e$9ITUKJKU?0N{k6EtTtfJ5I@H!SSUSC$|LNUa*~7nf&RA8^NsN2m z$xsDhIRDC-Y}Nv04a^41lB* zcJ0da0R>hy^INQ}ZBIC3X;{t;dS$Vsj!P%(7txU5rs-xB>fAAKQaI{c%TTjFN4p8^NaUJSH3?EpysWS^fgd$-E76V4 z-ReogzOAgig#YHY6t$D8Z5*@p%OM7J3(}hPW0jW2(<^R$ZDZ8Qyj2$$EO$KDRIAl@#aXQE(k~aix2d7bO0E zAnL#-BbMwSFYh8@Sxix@mfm&t}-8=;|TFc>U&uL{wUD6CjhgAoN z-i|DfIn#=BCYmJ}=0pbXReoH}TT{F+D%f_*M(UhECa*AlhSLBeT2xutD>=_@9(XJDWY3j*q(5tyX{7fKtCpFCFbi>=wN#1ZgZ*(U3eszzwcggF`Y=cMK&)VYR_Zem!T8Wpf zIe~O+3w&O1{pIQ(Y4(IhVJ-L3t>3x3nC!%|)4hNF&1cAxDonm4hSl(2FvDk$7+c-t zxbW+3?ac@3j3Z^KhE}6B?t5>-UI~28d-VKIwc#rrBcs<55fOrdf+5gzGZ3c8H>9P# zrE4q^xZ6CCIVo>HCoSpuO60AGW=OMALh6%iF7epUadzJvw6}V7bR}c)1<2q% z#=4Lpz3D}hViqUPZgt**OnbTFc}q%Okb|KI6aMnGuOX#1GprBG7A5_Mayf|(D=RDW zYJ43WRQiQ9`10AbP8no~&*VPGg#}IA4)o~DkL}8lvbCV2a#Yh#Tn6~)xQUJ-e#mcB3$X1J5){)5nn z8qmTBD3Dovx2XKM4Y%V*HB1j=jCN$U0;%dR19ZdWHtq7Lenqo5)aWqNC~x8PfzjcB z`_bfgMyA8Q;JI&2$KTSY?K&XjtCuL5Y*W`OQr(-?M!`3E$s~zD2aj z8%K>BVO5YH@3>l6)gESaJU4e_cr-EE-g`3DtJ%B5c{<10ZhyL9-|lz(`mCf@4npv^ z=S7;fMdq1K()}nlJV)#1;(EQ!ynFY(A9}Bk`r6hn$#8~J)z9LVR8>(GdvsgRNt|S# zX-sd}AGh0wKRkHxFr@e(v^ZoDhGA^IeP5q(k-v{;zs=~l4Qwbi2jj^n;|H&j4_=`! z&b{4$enDD+X=n8*#}0LLmmd@Y2 z22?uLdy2Z*4Sv=TZn_93e)Soa3Q=sWClg68bXQNy5g^d6#_)NorRZHxUm7bmNJC3{ht##B>9o14u4y&q0T zD2H9W`G?+Ua&ny7dN<#vImKaBsZPV4vq{GbG7=$9;i6Vl5l4AO^m;e9`IzY;B<^HzWAN~9P3oC_tHyRZ_+{iJ;uA) z(j{}Lqdt>WK6;{yLcOny4qh6CxYf@yY%R%22#c?liQkwxUJ&Tm+jI3ks`B#^-OYU% z@g9T*TQmEO0*w3B9c}+s`%pR~rNkc=2{oUNY`??o4w0Fy$b&7Wvn}^er+we(czxXY`g4cxT1WdM@3u$Cj!X{gyh(pL;o;fN!`Dp*VND@SMkryEBmey#N&EHJi)t3) z4@x7^^>CO*y?I;|EN`Rwv${qHlM1#GvC&^J;G9rjSGj6cvXrzLTTT-$PMpt^_V{Bf zjy!j!=ld}ioE4adu!)kXL=QYU0?%u_Ym`xu;kuuUt@gp4)7kHQd2EadYj;BW`TAXk zX*;)ex`3gJwC|VC<{I8PJrsIKD%qJ&)t984%}pDTH~R7H^Rg7MyrCy2C*Z_al&NvL zg5kr2tv4XT*0G|=V1QpXrtzn<>)NgeZp7CCb*Yd)MSx{YjhLTbsv8Zuh^vwC?tVrf z|E|F%O`lutr_^4mr%HZo-yYO5KdDeMvlGx{du&KMCWOG|L>$jXY%j~NXqUWulk+9w5Hk1GlwHpS{p}S zi;us?DrawvR5ez38eQV;5`mTI%kI1A=6fBO?Kv1t^2!{3&=&gXCk6c$6dT@)A}q{v z;D(AstDepGw=q`;RntM+7LUX>4>}}k5C5Vy?bWpJHNWV0x;P(1XBPt8bUW$UCTU0V z@t5R#_de6jYz776`05I^6>t9jH9NgvS@+j>KGE!5+`%v(J`a|&GGD-Zr(FYL|AAKo z!WtY@Idl=SJPkx&%^U~k{#x-|-ybJ^AGMp+@Wa79T&>Nf{5eH-Wr$YHm%&oU=npR0 zxKHUSo=ey_vo?g#XqqJ_GHTJzD`o~Yx$SZ=;&gQN5Mo#wvh@u%^pBMZeCB!2`%-lm35A9Sm&>uV2q=b3TNdojv!46dU)V6XeD8Cxk|6H0DKg!S zcj|mM?q^VY@(3++;>6vgtaBs6zU&JkpCV6p>JRKGUx{Y)U57>q{Ydn^r8HOrT&C@P zlMZP>%de?wB8^#h>Uv0?j}tG=`kLvXqTq@0Vj9Qg4bv>H;nm$daU5}powmnq6>$8( ziyrP#v=*`xTern57om{&J2~7)%?MUO5U?)-tzC%?n>=P z?TFfxTXY<9Qxnaxa(dja|H;ZJw08u`J#q1a7SeWL^yXHZPFMeL zkwn;g&vTc3!(Y|LWx7%CCFEY^5szn@L@W9Kc>2n)Cg1mOx+J7iKuStLMmG}DJrJc7 z*y!%jh)B0EQknq*0)C}Kr3aIekgm}+x_oYb|KoUGz)Qw)@4CJWi>~XWP z15h+lzI@IWJ}QzCJVU9X0u{tPHH|z}jXzA1kG(O8bDXcxf&#nhEiX`B4aMEwB{KBN zsRBZ3V^AViU6d=ucOnCy&w9k33N5+%4USg1)k>m=xQPUTx-K#hwFK`0 zm;}w`R-?vW%+-NUe$8O!^w8gl49y;~4y%SMbPt6<^1h#}dWoS9Px_EWhL*k1`ZB6* zqQxS+Sje_dE4D2b^ygsm(V^jSCt1+9hYq`~r}?Exh^!~+cJ^3(Bt~`9vOMp*$tDZg zvIGisc&0AD{4F1IFrno(vVzn6l7}qsk(ie{H5^-_pQtt0^yG%v3jHoZXYiZrO>JC{ zI6XQ{&uux_-|zkX+f=7wf`L4y-+_s$(cmNjE!Z*#yqT;pg5dr0Dj(B*KEoHctk%T! zBj{bPB%q`I@ZoZW?SAF*SB!#>i*@MI%_2P^A>pz9-)+T2`i?EN6doBczr`J94+!k|>qKm07 z8*WyPZ}_%65guOY>hXO>B){QD;01DVbL#^x>DS`x)i{;!&4yq`Dc#(an&QUdU#53Q zDk&Y49>^KJiH}h59SL-AFN`y1!?&%e4fvQp%K;f=6!COR|F2h}6nT`e^A=7ctSl$s zcKxWQWK#flh6*(;`9$G0>pZY=?Z2S^THYfrT%pj4oYysGD@F*{rVMToE?PRt4!FdnkV7Vwt^MHKK`e_Ft%RDU#YC)CoumpV6%W*S);S}}yYW`rL(lvcrhHgSxZ}M^6Stqu|LU+G~3j8b8boQZU{W}58 z|E_74>_BovS%V3m_iDURU(4`l)chMy|K3?Bu3(QT@MKwHG~aCbwb8~DoPH2gvboAR ziJy0Xr=Hz>99)GYF6cer;H{vOmvnHgoDKBWX$Ym0{NO$9q?X0j8+ryDZMq~^&qRw^RK(dMY z2u-(NPR2oxhg6>9_3zu$lhCduMbnlwmQth$2o1mWGfiD*VHZyZbA)uB?sI<`Zb2sI z?v4Q|W}#hSf^U96HSV5XGv54oNjVUy&ja1zRqN!z1fIOpQJ;-#Mp+!{x(68tpP7aE z0{h*5$}U}v1|V%&sjW}At*QR57v82{{`-yt)|i(VtS@}6>2q^)k2^0qgjxSy_V;H6 z4`%(Ww!Yg5ID{>|CVkf-)9&EQ`G@&7;BMENt?=(v;s5>m-{@?P3Nj4_+Ru~kmv5|= zy#bv=9|jmKF8_6l|2`A6_Mz5RjsPXD`!%8YPy`(%opD2kBp%38zX{C=mtI}~$GaR-#m)nSUxncOplY@bd z-E-}SAUl`C#vKP?!6X?IE-}^>I;~E4IcIES=JxZl`aSjPe*!O4Oc0Zmd5h&F=?93; z3FXAi2C01<)4YnCn;UTV=OO&Y@m9hGH(+Vp7-_f>j|Fy2t)b#X^O5-^2pvk|)9yd0 zY=sNcY$i`RFN4*6O0F`w{-KjvumErHEujQtY_a?M`&At3tyJ8tWkTgPnzm)j@3Hdk zOsYs6I{7ZWvQ9`#ofm##epHeF{T2T{Qvq^*R^vQ6VH`8{c>HrEOP^9C*}l1AS{0EK z4sK(vU3r^7^Ek zErnZ)e7t9>DFXMNUBBk9irB7;F01OUt1jD7H|@ZydVGJ;r5Ji$5!RaK{`Y^k{kZVm z_~kr+W=O%#|CjG@ECAdB$MHbJ|G>C(=URRfpLJH@?@3mdoP>nL>VvMM2PI<;Kb--z z=reYi%p%}?95Fig(ebBl5 zVD%rS^Y5fR{Web}9I~zb4=Gx_8ujn{ca$$z0U+q#KN7s9!WNg+v1bpqcl51Eig~&y z@2dVT)HrLTSR@|I|Dwe!ji4KpxZc#p_M&Z}R;qC*;OypZ=LUa>M(kH9l5i=pdYx>g z;2};k&exiRdaBhSbMvp!7az-`T>dLJB&&X~xV-1qU!&9X+Px=AOUnoJ69(CcxKwo8M{!k&d(`f zC@a<(6B7fr<)?7h`|VwXS`OxV6t7G@g72s>K$01HkSPSo8bnQBJlv}N{JHnw;6UfM zI*RE=m0{}_`Z>1j$Z|W}l$L2csF^i|2jOWr;SStaz)2zz(~5(~d0E_=zjv3L==e@LFYaFuTscqa#U1@eoLWpvKYjt#6CkaAB?9*vEPwEWgJL+#HKu_qW$nZ-$sYwSH7>8|}{)+};)nSaZWX=Qw-Pb_O}> zh86xKURb1Z4-bieUgQvCb76NhG^~=P>n*dxA%IfDy}T!b1&U*Ro-MVEa-hQ-SlkL7 z5uZl7oSHY~+kb1&DI+unR?HZ&i(-v@;t_ZzLl&pFwq%kd1I+&x-Xr251*%0P0##fX zyEKtD&j%ABnz49m!v1cGIS3@>VK+69`N3xqF4v$$2pT2zlX8=hOp2EcN-t0)w!*e0 zz$MiQ{CsNdK|um>3SM+Npvrc7dN2R1X)v1eyzRbjm$ z7E(*vpI+MPlWfn;y#j=on={#34>HC}> z16s}8CA5)>IQ0p_!!^>m67WPW#k>t~`w3NW(X@)=mnrBM%7K=fIT1W6qUXM@^XxOX z2eZmJa&9s^uAVJAVfoscMwH%m=6nHO{=7fi-} z5{a;2X_IGw1+vOFW&)xZZghE*wd!af9UG67GoR)cZgH_*J_FTUz#jHM97d*)%gLWm zpnQc23w3iw*dm2IMQA~3@rPB_Oo35Xqac>c-9^pY9=;%w@kbx*XL-Q3mqChz=VVuN zB}f^BL6u38dI{W#L6^ECsJuI21XKDZEp$yOtw$ht&GJp0CUqQf<*e-MF#OX@mNyh} zk;XCs&IOe?%RNnP{w>~|76n4-H zV9ZUf9oz8AAOAEhI%B}y8^ve3{_<=k}3X!YY1OkAqF<*xuE7b@JFOrN4kZ=^3*_ z2)5^AY!Jjva`t3IQKlYaK4Fp3Quv$UPS2Jvhq9VHhj}jqqtn9smh`PW(Vy8_ z1df|qh83}ZJ<5{qqj#ip{cjmlWOl~b+>Udmg7Jl}ZS92?aePGaCbeUpLe_lx2YI3# zm;$<4!Hc{F!Hcb9dS-L>9b1oQ$iOITHK*`%1h;S$c=?NrX}=2FVJ%L|b94WK@#w6y z-61d%D^n_vTZ?c>yYbmcD=4~XZ)w5pBHM^e;8C$OkzMm~VW*1HY&8|@V_BOg+&cUc zqr|Y|!f>oa=E0gVcAdqP1+Cot?jY{VJ|Pxpo;;riubTDl=40>{g5-i14{fGWt?u z;`HUoC#ZF}31(|m*P2v1VOM(FM+W>CzA1?-i(_UPKk?r@+=`e8N1JJC>>@Jq0jU?4 zW%W)Pvmh%gYoCKyj^PQ1E2{cY&J)I`+RD^0^r=PF>h`Iqsm^>&>Yez`N-8>$`K6cc zy8nb(zw~V0pLGkUiD}jd^7O8eq^-`--2M;RZ&1o>QDHaZIfV`@X-z%w%t;QdSQq7| zum{?sxn4^(7LMEqMq0Yhuc&`=5d@7pU6EQeHJ4xRo4723z|O`i3^*Vj;g3 z;Zp9>C@V#Mgkk)3@xTYfP=tkh__#w}4yGOVVM~(yJb=vvVb{HNk!kL7*!9pgnpVin ziF(5b_0_u2th2Iaa^KI^)|M0KbRd<^*Lvbburfp2vbb~wcU#+%oELf2#h9_I_qy|Y zhc;l{r3t66{9*L?NjWi9qN1_iy9HpOEgu0Cz)$_NnvbL*Sxe{9{g`c3CL6)J9z4yO zc>3{q%(G7;T;1}q-$}%)$w=EZoxOXd@8$*CEjUF-8Hi&-@G2SVBO!BVeo zIxM=xKIv^zx{hbrU=eq`I4TLHvt2Px>5LLC)3#+*)@jklQYN!;Ftoi$ZH=dx^4u1+gNnQMfb0PMQi^RYu zd3~w)rdmnO`yJH~&IBt{dL`6&d@Ej@pgfd@wC~_#iDqM&6Zy<)}jj8p;#(Hp>#K2!HUTzPP(H zmCCxU>AWj0LwV05o7EU_;o#28m4)FSZPlzP_=I(028);Z$FCh( z`+E!Fh7erhl&gHC)D-^XYZfCrJOZMfUQWMgHk5+r#89zKgv#NQqnh*yb)wE@N~Z~X z-(D0-(pdet)WkmRKfE_V0dxE32_}x}d;>WGeCB&LOA%xsd?vy%we}WxM4Xv`7F9W^ z48x_P-WTHh@zTW`--J=h8)Te^_;s5iZF%Bh7$!+cNdb0#_ATFD)(RPn(K&rCt^lMiI_mU-b3$kv@&@ z$=sBfikn|gB0CNG&ruY8CsWLy8aKFXt*v0i54xfxK+vs68ziiLZz5MY&7X#lrl2!V9@oN>5;q>8MmQjP|3m zVidcXM~P1vjzm^8q@I&9qDE3BQ|@rhhC3P+usJunlV>awC{$w<#4R`ceY9Hd@*?o} zsnak0TF8_g(DKkOK3!e_V|fK`2tuSERR(blxIA7`(K6vv`AIafp$qEwAOMMJ*h-{q zfCy!Te(d(dSd~m0u8JCKc`6cgnYn14CB`Uv_q)5(`KPSw8sNzWQCMebW~b3Tc9RSd zZ8!SyY+0T<@%^$Q?zaMI?trPwtM?-$bYVQNlBx%e6dZ%`)qQG_8N){j_c(a^@In$$ zJt;#&XE^Y5UcY`#E5)g+y7p5?szbrSbf6mqQdnp4!X^xJYgAFr+3dCvsoc{3w+;w) z&;sRA@|gA+)vY6;WQP?#%>BDvTdVGB1j`OQK}Yu_P4IWDZu)4LC3=T3g$mcj?y{71 zfr zrTEK)6dAJ}!j-w#Mw2abJxX+WpZ{0=8QT9?EUa!2e9t|Sa~R0!8tmad`yLhF`d+3} zc$iLx*UWDsw>e~01eULv2jTWvd=Sx2#k-V%$JZ zIX8s=M6lH;rKGVdsqefaw3{o%Kh=g4nFUjI#CSE6OA&G9MXnt5B0mfZ{0On;-~hM` z{PApMNID4jGZ3W+Jj=XPrgN9_NIghG|C%T8QziMXq0?#JR1KB+`?O<-^~M*9(GXLr zbD4VjlXRwH!jUxQ2f#dn&;Kqje@fHywKW{w*HP90^C)0$yDGJE{C(Qh-LovyF zu<$`$WEHj*W*bLHaChr@?M=FDO*4w1<`{w^^c0z!<&(Hp3BuA?MoT%w z`fZ&Njl#7>I`ZI|Y$WSDK`D;|`MSZ(pvqbOQJ>%R%7vs7c+?-D5qg7Hd0_fFEfL%- zwOK~M&-k5$e9EEeig*$fe=v7vb;UQh-uf2{)uTAg2g0L7G6ejnyr$9U1=LM-?cy_d zs3Br><-IVc>ZoL-QiL(~_x${PM$q%|bSXlU70QkNo~FnT>LrwSpV7y6;_a z=1B}HMO1}}amGlGzPwFA3}1aU2#FigB^RO~Cx7ejf02C|Nw*f-WsR+B{UF%W|HV#? z)`r{WPRRU>89AZ}8T*pLj`LoerrGq?osGgxhmRp!Y== z@fus*)B2}&gF39#EZ0Dly2j4Y4tN&HG-YPE*Ztq6^qc$SdZ3_C`~m| z!*x-)b>aVJ-{sW>T6}>)kD%X`O%4!6e>aQ#qIl>ZqMdA4dvonsaS5Kb6GIyUfjeL za`mmNv|JZ@V`s-!X~O#cH>CArq)CYli$98M+9aPslV%Uz>K)=nh+?xXLh-S2>Tl%* z`18ViY?D6#qKq6$5#WG>hV=Iif$%NRY#5H$f~}F)jQhm4Pf|-v+i+7ngNQZ?o!Wzi zrlB{N94h_k;dgZPcq17-fS#<*nDu@!Yd-F&5nc569j{uIDKAkwkazcG2=6ANeRW{@ zSBLX0wA5!u96*4<(Hz4jH%v%mNO@B)nw$E?FZ35>>$EvHA_4j!gj;OurgIAO_y8QZO?~plEAt3CD{A)F@EOIY{QMd z-S>X$`@7z}Pc#jXC|@QczVr=7>k1jlNe_(0=JHpkMqhpMIwQL{(cllF{k}_i@}T8z z9`C_Xra$tRMgF*D@!FX@ridBRTF-sIw*Kot)j+Q<>M=MMO1n`F^Z9n17qFTwNfPwo48vH@#m>+c!GHpe z3bvP7(Cu$+etwEy8ayt0Q(UQVYwlOb@FDOa(%UEViK%Ar9SbSJRAVl-DZxHo*1dF% z*zx>~_F4oNuE$}KLAYGLo~7yl@idvn0{XIeJ030i zAPtuk;-)!#w9GktJMrY_lySSV#VMUD3m&73kbU?Ha}2I7p&2HFR%;}^m4f^sTGy?D z!@eg<^716vyIA|yg^-Tb#txg33@dOSkAu}l`+yF?slFM*yPc9~`&=RWYVaMw>-FOC&U)_(8QW&VYNSe5=EW@eio3+o(4}&s` zPHm)g1&j~8xcSjLptZdo?7G)r+zMn$vYtIxmhriuNCa7~%US3d_+jOP)8j_4F8f9t zV-Sj~uCC53tscj7@%4`z_12t7L`g}>*2RtIgsvpGb_OSz^rZ&lSeIJ0XKPYbP*s)2 z)41g+=CiX-fTrXG2{`59C|0?*#2KpluFq3?K-s83sB6i7J>_>xFtf1u`Uun1Tmckrgy>2?N zMNm|YD^IA8|3R2A@fPxp{O}ftw-nnB5vNPRV@>hs5+etqei>HKG4%RG?t~xm-?vPD zrY8uFOL6&`ZiYRQ9tbKiTXDQ3`M5AH_Jq4y~ z=U;*N;~9nCuY;kKUh35B-AD;7#rCSzrVPRBQK^;Dz)`JOD_@W3{IueaLF56Jz7eq# z3k;t`q~3PDGaeCD%TAbkeqrmbp4HeGTDu(OM0+iXo!u@tx9>-rEpp_c&orLUKK(xP z5w;^?5RL~PO7!Q%o#zj|EL>la4KRuO=I=AjPKoN7daV?Mo_%ESv&dAHY+16$6jJ59YtcZL7vUz)s@<^&YF|5K8_4vpeb&+6zKnlDqcCzFOZ@ z>NwXi`b_~j>oCmlDg!WYL1|{)1wPqo0$vy*ar#Mmb?(F9z{%a*SHJB>yBY^`>LY-KMpe))=e@87eJKtR`bp@0a6QHG-M zO@*&#Ey&~TMl^PE-u&5}$^NQ$*{A2=$MO$$C{uNg`ufztz2g|ZSH?hUU1*o0x5BAF zT5MIM#rYkt!+OvfPi|+YhwBkZ+(Dw5BBPz7kYlK*#=0-!Z5ieaZ8<$8K20qWl*H)a z$q9{;Llns^>3A0kZQ~K;NYe1V$sC`yuV@_I-RIpe@nxK9)e7U;Z38;IoqzzKDpQAN zXnn^JAWpsASp?ORN-gZ*fvEG#D~Mit!J`uh8i}xAX2V9n-0B-v;lel$rR%xwGfeq$>V>OxlL192uzZ#LJ@u=#?rwPx>?Rbg;#(a$g~GO@e{9hm+AbB z#m?pYZ5!qrM{*_RW?(5Gc+DZxH^lQ13)}QoT4-tFnM{fPy#m>RwXb$gFG~}Tm>5g~C=#_T zAm+_7U$X>(P2l(K@C8NA5?#AZMW1M%Wiz_hK93^95JZT$6h4cs+q}7-N?PGgA`C2` z{E5p}>~e*e+GAw5Q8`#CdwH1o+Z2{g5L;c;+`U2=e(M&;0aoG^xoMh(W}6X4@xa<=`8w=rY==w5^(X;;F^nsbJ2&6z%(^d4FDWO({cM}1-8r@Ude z?+?CDwL>pe{E8`2os=Mo(Zjmx*H}xg0`q;aZ1|(({(hSLhO~A?|LfOl zwIum=E+BKrq3rN);zS^sYE(xt9rsO=GeM4Tp(+Ju{xCYGuV#Apk@K%f(4^b9l0W-> zHX_-GgMSz$iA_#aYlVp?fErZm$Vgjjewq0Ct0{Hr35Aly*sp1y1+$#jL3QkzW9=ta zRF_Akh6pVbEPJH7wPu%ND*YcA*snrySa6M1T5FLD-;y>EM3CC0<(c!em-4TNzhX}% zcvry39UVs^CYb9@&GBiB06Fx5`SmdjJ_0!(KCFP*+nF1Oe2ZeDc-R1`FjAKtwz+O5 zekgi`v0`M(u}?gn?aPvmgOClI^E8?~=IAf99V}oyq)%&<-^kp)`2HznY2?`CS5Mpr z!e*lrBau%E;T;_vfIJ#W8Zv+@HXcMoWx1bl$A+8)pkWB8A0$b>5toWiu$4Bhl}LYXcDUNNto$SwwM|&uoj|tQif(r&aal;rTN=6P zvBJH0eq6=OUFNG#gFIm@H7u;F5L+DHDxGc4QsvT`g4U(*cb5|;pdO#A9AANd)fOUl zDgvvW(deL0KA zV*mw1eZ$VmDNP_p2EWa`P4vz) zJX0i3BOE@xlNh_sixC$pL7+_DTQuQBn4r{0A1KU!m4|(57*aX6EJ*YN3lnm)To^$z z(c4x}gv9eK>&(n1ReIvE`*UaS1)Gavh#JfE>f$d&pk06VS%;T{&NJ_5;KwDKygmI6 zVsSvn4-l}RDH?3c5lgV14;w85pGu8%4aDj?G)1QT>ZAReQ};6pk>R?VP{5o6s8&H2 zZZi3%8H^Gv)#F@BJ3FsCv0!Q{gaV#8RZP&q$8~^=0uF*g`0;|?`;wO`P_2vBv;Q(- z|B2RIDuZS*`dM=JAR>wCAlvgD*Ms3^f6@N+Og&mz6Gs7xUw<2fIH$TSYX*$LzvqwY zV&a^MdvAXGD0Up@VWMsK?q3w-op7a8LyxabdTm!DFM<|dBY>elBe#USKN#GP=zQr%GBxp9;DO zUh8Su2O;ui)r=bQ_`7wQ8-nIfMV+Wo>BKD~&`m4z^WeWC~`aL?rUJpO?r zBeyz64mvNtp2xi};2do<>V>a9WL>sn93-{itw-^{E{pSBXwA>Bt9yZ|Li^tQP-$U0 z@i^2r2j`duTsQ$O+aazIzw}gQptjIznF5hNHLA0#lqX#})cY9v(L98$Q`4T=l?R-Q zkGp;g-8h#aq3Jj)eQo`wtP z^&IB(fS7fMS0FE{){cvPe+h+r_cxDSt=;q7{KNC_&i3FRJtXK7TusHo4>xjrQu=s1 zGWmMoh-@7mkoj990uaIpzxGuASDsIWYv+p#5bU4<{jF4CV_G}vIpl(Pro{uZRI2|h zV!8b{(PVd+gGnR-$ZfHCxPc`n%A-*}+nW9g$%A#esG&p92yJgkYv? zkcBlv)8(PYF+cYUIqdbJFdrf4Us?fp4M}qk>okPG6h0}9OFU|CojfCq=7~Q|El#Ls z{x2wOp#5$t_x7$`G^gM&t1RSX#X~M{)R)!)0D7V#{LR$g5s+$?Rk?JF!bKr#cQB#` ztr6I0k*#;J@?uh+OMCGn};1Y;lJ9#}~gB z*GAS>bOQ}e#)MXMnWLYzk$HF`)~+6(OOfpbCI3ez(j6AGVsWk6W|>IS#gb@aWp;Ug z{_FDmp$*A;Y(v_Z^r;n71#!T`yveaV1}WYdKF@y8wuL{lKXscRCfEMGys?D)4};}& z>GH<6DpzKPtQne5J`8lCa64Q=C-a3-!o$lSC0<_;y_w*v8`HhU3ldBECrbnRoce92X0q!6MV{7cJmQ(!+OMa&P|A+v)~ zWQ%&(L;e_PEZeCREhU!}RH=%&C*|@-%E#cCh8^xg!m|YthoXV-+~-sb-a@h=@m?bq z!nfw-{M5LwOyh$)COR_Y8b=L#$SwbbBpu!QBxn2jue|qbvpgfX%6>Qx-E~~>&XsR` z1?w2^-3xPEFtd)TRl~$ljpSvKDruM_`I~A~>%aG&#l-pPt=Kk1r7aeyu3T^L8gDOt zp@J_=s8xc^FwJxK?DM(*?!c9W-eb45CiQ6UA2ftSzJFhzo>o`hn?T=zgl(IrxF znh%B69a(#f*Qt=E@o;+*`xrRVA}(v^Z57d$eChXX3tEj!nSN+yPZD&}{MfE8{vtlm zxb?zjtMg>mR;kF7eM4)SE6X#)43H3-R*QqC^XPV%H#ks!e8M`qgtc#R00Sw%T@JaEyr^SgDOj2&@1wBZDnG%(YRd&MHa9h^_V;#^panwU5(!vp=2d*ZNA2aPA;wSvvL z7D37JQHta9Qcz7o@9v$5r-zh<(%drbG9LH0S2KX_X*5=Wd++X-bVHTV6HuE5)^~na z9?=zLaugrtb~$9KXQ;4NckK`oRw~p=PjJDQShx8MCV467v1l|mckwthYr+hKO=jJ= z$;WWbYEI&0$`c6y^LYvYSOinj(t0rr`E05DQ@I4=)1moW{HBFB{rTfb`*Z5%Q1KfhcSx(L4*XX_Y4HMw?1mTe zz2#-0rolw(rwPUzvC6RyUV2$$;`JOw;o0i3aQI`;8hK~nh>l0|PTm3YcF5jq1Em&V z(&U3Ds+UwXtf2UmYpY(>KJ3H#L@ts=#SHgEjLwo-Yoah@9}A1F#DKOOq3OsX&L*B@ zb-aoWfTYH9WCi-=L=E5WNUt&t+UT!UiK2Y? zVlqhi@MNzOYOh^(Grl=GL|V;sV76l6u$0|M_N=5t5C<|J{Pc!((YDZ-lw~K9%1nTR zVQ^ksnj)WILrW2-q zByM-q;gi)d(Dip5-wP1FBn?PW)+)ZRP9ZP5s7(I;XyS^L3b}K|_0)(~-c)dMEd_rA zP~Dtxdm5`HHuB?<*5f7pQ#M7uu>NyuHEO@$Pmy5xJrgsw(CI5oD`wyMkSh3B%gt8| zMw}o6Gg43;=!0W4b9*%*^-MYS%6SqjYU#pRqMW8RP?c5}BBMC+82=j_PX@akCE3}3 zXVd=1C-wcIT2H+97-*-jUH-Z#IN)$tZf@>>pgeO$9ZrLWUz_s1~JFT%#4doYF(#DuGN7{Ex)0$_L30;L{G?>>s|D{;OrMXLXcz}06)1cE; zQ0Gs9f9)uOi&P3nHz0$D_<0$RKCLEtUx6w-B>ZFtjKL|BCXASa&$z| z3Ws#vif0>wH3W{2-MaMv_325f6fnnkXl%`)M+--E!UOO!H$6C)5R* zzI?=9S;8#CyvwPe!#Uyo#E^)<<@y^J-{dOp{tzr}+`RN%g>aNz5H`(4%BQr=0- zXFWSmJTqg`C8{KuH0slM>qu!5;URL}v4*8NtHAxR@s0Zn^@|f#swhpK=coA={ir-? zP{~Oj|HB*a;0~WI%KHMcOS~!Wj=%PK!@IwcMqn8JDsUHG4)nEEaA5J-e+PYn+lTI0 z{Sa)xRV8#M$1yJ&5Zyu6c>QYr@}S-sg#)9T(?iOO4ilSZEdYW8@#d{5 zc<2Bw`e%Nb_2(v1}a$+JKca*{l2=@7-KnOqMp}afjrfHt&(*nw3o*PfFhf`HIe&4{nWzL^mi2WBTBP zPMc@HGI6q9+|NkF5RMdPd&dUFnU?$S|Nbi)!vN4p9e&xJk;jI%_t(NTufn+`FsUGY zu7%6Y3d)BO9^%n2e%N9ztbW*%lT1i4$4i{nc!SOjAl|Yse+`7=m1Fh646}+bHO1QZ zt;ej}?D2Ld0S2aGFnt87bo5lj*-B`86SO;mAEgN8j+l2RP+<%+PW*8YI)bTKg=0x@ z!|?ThLnsiGDXga>~^FPN7=uG zt5*QB){e_V=@-Nge-HZg^PU~?Vr*<)8=XfFcll2i0UceyizP|Zj4j^6?SI)rDe#!l z=0t%I$5-pAxA!oA6NwQG*ERYk@BE#?X4?uXfUe$-m}XR-M6SMTw7NmTuhUP&;B5C8 zwi@wiJyQG5kvpY9uwJNTc$zp>E>F4f$uTScONW1CvkLZMK^0c%DJIZm&_3~p-^UET;U#eZSb#I#o z@V6bszD>eT^Z1W8SdcnKmgO)w&uI;GfZDG8Z)g8+zEe4qWEu1&;coChO|OE<(E&eJ zY*7C|4Pe7?%X{A);TKJ3#=vLaq-CS}mtG?~E0N=a_p8{hWW#D)Zi?XB4!7~X!_D&F zhZg`dZjzBL!S@x{+H2Pqg3b_5Phj5Hc z2U6hiwF^NWj!7wlWBU}t=v8@wxMGYhdT;-eDz5;Rk0uI>!aj>}reQD_%_$-Pbr18K z|Eags0g%y}2Jz~B-3hc$2~=AZk*{FjXdiWOD8o90#KlC~wqE~L`lv9jL)uuTG&`(K z)T2iAU7ZTNH7y=|#OSNV>-an)-A{`p%1@u=a;{{Ty8E}h=gvcG6xX}^{koOB;jKcd zuw{9U%ZoT#iV(sc&iD$GkiA`Na#R(xz+V(%yvyd%Tk>3A#wRzjJNr6(s23~gg^70JvAsG>_mqoG?5lJ}o*bdktfz9=? zxgGe7pQCAs0E4s-F*)&n7KqqMb^ND`m>AqwyF>Hqo3j22p+HKqU4^OXEm=s6KK=BDBi*n0Gnf_ zx>lCnOHcWv>RQn9RKTv3gI=oBPF=L771b4$se%FN!L4^QL16LF_RHGRf!#DLwS|J_ zn$y}YNs!}HcwGV4uNEqs{UQ>Mf7h1A_qGZlEOPqa|y& zS@f(Xg~*PAAPT^&GM!r+R%FlsM{yPO>zzLKZ{XHRNXtZ0`sxFd6tZ}8ik86bfNH>Y(d8yWz;#BBoc}`Q)s{^a~>2L|~}Bfu0BR6L1J2 z6R7CZ>GtB^gy9_G%YWd-`*iGu8U801@M{ByQR_Z$k!ZCLoo1-o87cYt`}2h_%Hg+^ zUf`cr-&mCBw6STA1J3Z_dNwBKw0-xLbk@RftS(weZp9>iWMm}HsyTtgX4|*mXVsq< z3z}D4i+E4uKNh9Rr^L|Am;#)}acY9U{v-Tdu8*f~7MZRz=Afjka?#L+tTAmgc*vrG z<2zXezbAa&VUUgUPex;5ydMYFDtoTQT7p%N%hSL^)~$LtY^>(Bspe`+5ND@=fqfje z+dBGCxaGFhC_}LuPXzC<4C6WU4#nBo2O7z+1iZHh9nr{%km4+oY5_Ta99x3)9om%j zD%6@^+an-=i-ZX;pwh3G0l^1j)h77MQk60(fsc>ww{Lx|NRgBMJ?I!5QX^N4 zjj-`JK+pH+AXBie%`*m>|K@e0xN+H4-)?p&B$*1%DwMQd8zIBu+3}$_uUI$8&9kghux|bBfTP*Dq}ecu+`@m-I-KT53Gd`!j)rK8IjQ2ZBKsZ~ivC7~&ZJn_d7f?#5s&j(Hxn2! zz+e56ODOTViUVdkGp7C@3FRaV2%UiRVPHMc?ne#|XL%>56x*WxpM?fc7{1{#iDuOg zzQ)NWTp~a*6$#b+xf}z(#?FYm%o^FW8x1$D_EytUUyd6+v|l`rdYdNQe?@r;(xYpm z=(aP0P6Tp<^-ByufK?*D*50W)Mf+K$fBb8X@Da==-OaFZG6{ZF7=U5eIW~N*lglM) z%~5Ljs%yi(&0f=BA=_Kl6x#pXHSmUIN(1rjK*xqaIownBMf;-FTDD%IdNWc|6Po_< z41;kge3t4*lMcL@%`&rw=XWLa1+W*YBQA(DqiC#Kg51za-|4_BEjha9fazWU-qzx~yfXii!B>T25kOFSmD{{mvY1v%O4F2h ze-4z2Q!@1s7${J2kCju!^b;Dxl+mt)TsJ|%y)`Z$Kk@-0><=Q6_3{gL)&cFQZAg%c zws1Cia{CbYbS=7rZBnK8 zS41PiL61{KnRE21=n|yr*WD~{_iQ{@4h&ha)URt)pX7=t4|hz2%bUC^)~&sLD}H@z zRoDIhI=`FUe|G1%63Wjd;y)l&G!6B-iTmY~MXM*9WfONj43?AV3`9u`tp})zTa8ws zl88~8v1;rnMy*aUAeXHv*!xF6;=b&?mpej1{K}P>E*ywy2XTGUoUgB0lw7m{UUtXf zoLZ*knT5ErI5tAmf90Wdt1jDj<+MkjsZsPAi0^GZ27^+>Iye(&@YGPi}tnuiKIsM9(4 z*N6vfM?kYu04U8)+A7rs%NH2J44Vcx0|G{`p*(t;H{R@XkSf(8BFVGC`pIU4#c-PA z|1ufg>45S>cm-Ew1hdoW?-LsM+4#WDq(1p-zeJYbbBi6t!>Oi)u;jQWE_J)35Zspp z)+A5H$7!tu{|slgay{njo~Sg^hWF+^ryMvhj3-D~JVf(UKRcL--g|vFv{7pPCq9Co zqDNa7+xnbtOKy>iz|ga6DV>nEpeZ3tV>$6%N~Q8-7>T7U{Pr#HNxCvH9s@<;p^R+K%%d%w$ZzKl{LkLC8)! z7YpUl3wF7@3_6c-b54JibYJ8k;()!J=`m5D z@V{h#i7>(&^_dw!W)cF23~!4{GFL0)06>%GQK05)apifO}F zmBHz&J-I)-dY|!|>VUR)bS?mqC-HVI1WGj>>x!f(kwlqIqhdD>(cY}_3o6}Q$ zmVw<(5ey`)mFv3Rw`%TC=Aky+$lomOg-IQve_BxV45HmpeA7F_nETIGSaK7jtGzbJ zX^cAm=Zl_2H!I4Izuo}$EVcFZAXI&L6z#zxWi7o&tHi|-$ov~Q4;=zlWy(U$A&duw+64Q zySqC|vIqXUVhVn73G@Zjn$DtGdK02Zz~ieIy6us9UUttXieodC^CsBa+uNqzxxomS z6BJC@1Eo0@5IQ|>J(6H+fCB^?&UnFoZMgz>eS9!R&f}K!?c`DQAxHXBC=~Ar=>w}9 z98%KkMfuc3HKz|qs8)EZ{W3D$H|~OHGetAkoug@=`aL@OKlXU-QTqG(`KM|xm(%16 zIb98lMgG~!P+C1J`+o2+&!2j(L#K<)|NHxeeA^JIY#lu{q>`O#b*99-*zf$zGm3iY zLSc1etyT_@^DArPG3G(sf!A%$z)M`Uwi4p4p@*}|fNfQ~5xQ?;$2z(t?@8x(f`am) zW~9pav}mQ}T&tt@&OB3Nn>P{GqG8%i{P={PU*A7?e}Q@=;;<-gGxw{xWUNx-%g7`F zS*{{)&WD^Z!OIKvo`(rzGRK=A18tPT+2kzbe*XBOZ+$(7m0zM5G0g=C{L@#aY^;Y@~yB;~36AcDBGG053USt*t8kp}5#Pj-g zg&-6u1L6nOtW2yr4JhD}QT(n&$R^4G_}-VCECaN8sNE>H5vk(FWWz_^egx-R6aGC!ci@i?PMW?drZy^L<%%{k_sR z&3Ty4le=P1oc&oc?xut46r(RBC3DrJ{6%s<%73IpM_(Z2M*n=NTyk$_z)F$}$*n>q z!=qcSMcv6Ie-)soCjBzs@ta&t#oOcDnx^#4P`uiLd*yYdOb-YjR{CtY0~11SqqHsU zyHlNQ3?uy~&*5h-h$v$*cqNF2Ao2EkD_b>%8YVRy;eVKHU}XGC%AsT73x9gL&v}M)3G9EwAX$26Qv$gS zn7$jlieRL&f*q!!eRmx>enR&JWX)6pjw^S5@Gi?na?gcDDguH%V7a4Xuh1BAsbW$j z=A1a>ckkMr;B?2h-)^~QB=o*SIr&~#UM`r6z{ysr2Kng6ft{dpSG9xC@PRd#_<*P& zH!WZDm=*t0vEWE=&GYh%9J7)KE0c_$2Gm4eg_qHKw4LwqR}c;JCu2s3;RbE9A#-G7LDQg7)dGw^^5PM#Fubet&h^$ zj)#G|gu3!XuaW{@lHb(X2-43T%jm9K*kr26tGoVZ?&ab_xpv$LZx*JH<*r%2VVf;I z&iB&+fV&niX?3Y77M6ewk3AV+!t-Pz*pj4ZE|xlrNNV$o#bdfvf4A*dEt{N5)drIx zTnuBcQLavMd~j^|cWw^awd7JfcQv zmAV^&(Oo_b*vWl)R7_UC9>Kml^7-+Mm)X$5me<1?*qQ&)HI!fgZ>l*rKKz5mmmvX6 z!27d^JL$BH^a5`Gvtpj5dsV;D5NNd{s{qsl*jo3*fRUS9t&aSk7sdCHZ_S6$>1D6! zI$<-k>MwOlTNB#i2c>W6{tnkK^H&rkyoQ|#G`_lDZ1sdo^^wQb%{QIla{uK(Q^}s5 zHn0kG(dnmDGHc0;&+rExxBBi)L$2I4J7<1w$F)i*70qRqG3yA^ecJa-+>&kBJ!(@vO~74aMP!#%h&Y(5fKGQ&o9|Nq)Zx{ z%qAWsO+wU5a`$&XtOV=kOd0fTlglv;0%i0(B!$LcsWK4A&gfPi>^4*~4cj=_D59^C z7yXdu88^5t6y4+Qo$kV2;Q}grr0PXpteh^wWpi~lpHgSDAA_g3*owY?)S@!UVet24 z@KxI7THvu-`p~De01cmbF2kKXo*_=5W!F9*(V~g)U;Zq#FD2foPQEzf@%a+DNP@S0 z^*}_VLg3Zh9B@n3n~FI0F~0E!+~d7;fq{W-1)}dbl7V?RbqIBjJ@CB;u@=bL850mF zldm@J%Iu&Mq*}JL_*q-p+nMet%z#1)kd;k=3YzZLT_%T%i>987SCuO+@6YPWKCO@3 z7)$BykG-!?Gz#~#_wx3RADK$ZG+B^*oiM;{LNu+qwDR>cQ>Rs+DwDK7_K}^J?&vCN z9_VZ`Ye=paFmJIm8}ZBk-ckDs03)Pf^t6bR&F+6B!aVOMn>foHfjf&?l8)oH;2K&V z`PP|U_I^=TqFd@&zxd54CSF=F)mm!z3Q`AHESzat`S1$vO7T+)v;Sd_qeX)rH^QF3 zP8PwnS<<*lf&5t5m;sp=)!d7)u~%$;fa^1OaHW)(Qw?!}-V|IVi6VgB2KcXnSQLZ( zYvhlz7c8y64QwM$w`DM*&ciB}>u5!m`6**YTPvu$L1+0;N@}ZVna!G^@y#M3=_Jmm zqhMEy-1jXNyti)p(`UAhsrxgYWkUJBDmcF@Th&PW){ciEXMSxv-i}Js^Hk(9Hw1tH zqP(+Zv!yDsBm`O(3Kx3tL&OYlE>gd>&At1R&8G_~rK3V4NzbRdw2xNgOg9V*k*$6#8vF!j9JG`@Z|2@Ic|=?U28DUoA7 z7tS`r1b??;6W)mvE1-P7;IRUx)W7ESa$jdQS*oZSq}U7Ms&w6`Hqj?Y{{8K>)G;n0 z+Z55ROW{C}WLHV0cbIvwr5=^a1B7Y!mzpox} zYmvP4WhSDA3oYTFW%QdTJSrLFZHX*}WISc5C^tp2$Q8xZadQy(;yKUN_o1x6#9Qtf z21HUew(=tx4~b*Zbs{05IcRsQXSBJv?wz|-k{#9T&}rVso4ZB+00B^Op*ffR&0YIu zrA#$mp@Jww2}(O7*g{L1i7a!oSQZLSRo}U+0Kwu^wk!PWdcYimT=T=!iLyL}qk&=J zrmNG>lr{hU{)K;{B5Jx~y3!PHt6p$2&os1?Yr*x=aR^PoDgm@+I|0%euHN?N zZH=y0HvEcyY+RxQL(S@k@kdb(T=<)~^fU6+{F>#FbOGp%WyBn^2$smdZ7S%A4nf!} zwG5V#GELf$Pw&ClwhU_C`DOG*!KzVflA9KcWc0!vCL%G5JbPg)vIVZkdD*C{Nripf z*y@ew)6=OlF1~-XcM@JZ3Rxz8pc)SzrRiqx&@?IzqlF9=i0ceXv>6CPA!%K1DBb~k z$>J_{4iRM!CT-S1vMv=;Que;{X8%nF#%j;8{)Nja&qN7O%K^vmu3du>b^qC72Cw*X zeoWgzifk#Rc^?+x3olK?^e{qd^ zCV@jSbHzAx4obHGr)qqC@B@GBP*8X!f^VqT`WdA<$;qJY53YLexKJ`=w88f}Sz;nr zwRO!uT^Kvz5<_Z9e5%Y3x?kPpmQ%Ih(Sn)-=TwJlmNmJ0M%5|v2VqbxQyOQ0u?oz> ztN|nP=kj`vEo&iRLz=b+1i+lcwvj$FOxOK591j$Tsa%16DXcMU{wjVTWNjyL$Z4l$pJ(vEBmPwF5(Kw@ zH1ZhaDgMa~ZfmXgR$r}k=@pV?#vAX|s16bBT!6K8#GF^o6NJbIZ(3Swgba^Mz`;U3 z;C!84S{XeIXk%cvA)lT5i)hc@JKA}-DV;mQ1v_Lk82@)F#XQ2K2GF~N!X|EUsCVR}ry?#ctL|Ux8lj|d9q}@_r{)ju(VTJN7gyTf zo7_U(;a|HOHywd#0AQ`pQ7_fbXkPis07Rv-0r3lFm!Xw_&>29ydXAFv+Kx{Hzx2b0 za%rT~0Cl?89FRiAZr}Z#qQUi)GiU9(x~~qg#Nanr{RX9({YPzNM3eUp=9sxZyepj; z{J4m}9J9(sqCXN|*}R3zR~aU~QzSAMEOk)B9*vx)r~=)bl)KNU{D|s#eKP z452En{f|sXY<2- z^~#2phYO~^SN>y+4Ig8SU$vEvY1kHj;Qgb}bLBw15jiT}imVcEbunOE2z>J!v-Fg> zJ4YC^!=gLqN6hX4rpW`=!JwU2d(^HJ$Uc{j`MoX2+!{9 zJy6K+K>Yxp0*EPvurKVo8=d?}p;?%n{a<8BMS?5iDFz_;-xVp%Q?e~k`5?!#z?}KH zW+F%5E(ca-=+^&CVMj4QUs1q)@Of7w92AhYpz#_v*#LPhk@xH=?4v%eOxD4!j$Q1r z{a3Mk6zKhm8_CGNV3r+}vpLDdFGDqA|3}R_XJSQy!At4hC zAivju`1O-hdmQrZ-=a`pK5{~RCyR1ez#s%5`R*YpA72#{ z$+{s()XV&OZ1fE*S8ddSd_|RK8M;uG^`Ow#<(bP2TIIF#^2&D7>VIwD5B`;q={}UF z`P@{OjH8^I;?){*6(X1>gb@Pb5=+saHEL7s^s0xnhr_*lZjU43>j z2mh>YPoCDI<33oNoc~mq4de?YM7+9>BbBix4OQbv)gYF*7KWinBk1RqpK7xdMj-&M zud)Ar!8FOP^pW1sB<4rdk#4Bm=|&u*j5pX%5q%$xb=wAQmYqu$EzEuTAvbz3HA}5B&Bo zelt1u;kVKNV`11yrLFAocI~vi!1R9wm&#j{??W7e+6hVJ(>^o_47?*p(rnGc-AV#f*z8B|Do+!tz$b!ZLDMf3 zb`4>)Bc(F_E9C2ND-nK^h&C~7klNCPe=T+z9MgU5Ld59*nxEl^ubB!0xBSBi(SK=1 z?iGM0=n{pjC~@;%qls7mu3lHxlOP~A&RuO&x6=WrnH@m7Ky7X9LjZ0L(xV)Ztbn}+ zTgrg|pFi+a0qq4K!W-rNOezFe76>o4zZHDZ`d)Yc3I8y`;}fQ_uG^Gt52H2&XiU-| z_Av;1*Sr0XL5YSYi3N@N!e`pkh@ws#2M3-XfOd}>vOGOp zhTW8J1(ZYQD>Q3<_%)~$13xy$S=;n8JdblA!N)s9xxneCE_K<5r{R@NNo!pVZ3hXz z^0}R__}kK{c_{ej*AsKK0-hoZdllTn^z6>*{H!BF`H9t1GeZw%T;DqPjh**U?qruf0dII8M|0|N9vB33$at56wE~o9eSC=J1R&t6Trh&KPOw? z8?bZvrctH{XN^R?TCQ;{OjLBTIEJ51tuug+a4TRHqJT*Tw`2tR{ZXyN_`4pZ zfg{EaZ5&onYGMUY{Jq)aBnTY%E9YO9$uR*hYlD4G6+=$b!D zl41VLxe9c}X!`gu>$OBhB?$5NCXoNc?ASb#`t#nLO=@o#wUdWobu@lpX{?RYwydn@ zDS=tH$G4;7twKe6V4D`Qon2c1QpqJ*; zA?^3_jDF*s$m7wD`HkK$K>L~jU!x4BYk>hkwjA;WQ+8vo*IbX@`RUrZ3D|QgzEpJa z1V(J#D@U_3h90d#>{+}YxI6tT6jKEORgZzO&0<(IfA+d-a`9Y<)z2m zivk7a1-}J0F*5ZCl(|lz-8%^OgWbpDUZ+uVje8P`%4^G?a10NPO>A^d+s14?)a+-H zrBme31<{=uUC}Sx>SXw`@C|i3CYI8^xlC%UF;#XJqGrGXerBgrwYL%Reztq$ySrmS zz*9K`&XaA2+c$f+U@U*!L37}jL4&^6j}CL`sVl8blNa{(zCxDUzaKT%k!IZ*3(PI} zF8Kb#CvcLkIy{^tb~>qQ?m3Z>K#vZcf1Q+cXAr@Y`g20Q1RetAOUB>r-?*Wxy_I&Mi0IxX2j(F6mW9a8wOslf#KpDk!u4^j*P+Qn??od3*`P;K z_Q$goIOTOYTDgou6ql7o{@JH&GX9&LEweTAyCIf63I%#oVCi~S+khgpR@HI<-x39$ zRBcb7<)4jA`6<0Q||&*QiF2aGX0ek9943R29&a@A)--2zAagY@`J=~`8w6n6=8 zqECBl<^Q%a>|T6{$EDyZ$qpwt&#qU0ZLOJkre^hBzsfUZ>D*Ie_eK3B8L0|)7#Tr! z8d5$JR>;8X1VBp^hA%e%cqHyh*x3fb-gb@4=<9(h{P=)DNbhkW=F4>bN zZI_=*`+B`^-=50uMi+**w}(I4w3FQ=8M|RHV;pnry_Is}68%;UOke|RfC0gMxw>Hu zJ69g%mDEn>lJ(!bMZpx-?)7A505gapY8V+tOkOAbiu&G$L~15s;NyYeQkBQEv5(ta zh4Cc~zw?K@Fw!hPEOJ^KhfMakjUeK?7CA@X zg}WZF_E?sDhOTDbrm0nK7NA*yQ|7LK5pDu1LLM=nvAol!yUQXY6O;Za`-t~=aU<=3 zLD=`lBi^_&=j4EA1P}^Fuei_xQYySI0F;x2bME^sq^JH2FIyL8fxSQT8Biw?dNdmh zhwxzbA9Wo_Ju}L_;;k#OFO7cqxnev;Ima(du#2xe7b=m1eqvSdgwA=^E)VMWD2$Uh zWU;35@>!FElSPq7a~JFrt-gL;$<-rqem$LqR!n;~<91YE!D@2jBE7l8p4+TQ`ZV zeWnO1IlOFoJ)KUtSjBC6--mpm^F3F2`PQbp87$^lH!V{C>sNykl7;(;b^Kg_iT3kj zl^6Jr+eSg>#cuu_B%@?cX5=Y^>);S&sl^%P!8bhOG+!oX{#B|N8+98G&N5u68iLJ! zHr8tE#m?+g?P-QDOCWD6 zqRh*r?Vxw|`U#d*5_SrukgAStxK;WN-f(|LA3H0i*mE~qprBclp~ii?K+ccrv=s2f z*Cg$dhy0P5Mi|!v9}g|M@5-yQ>Z9e~jfPy+N(h>jWR=2=u?P6zRv z@xoiu+CLjGDG=^);{Ve7;TFj3jw^IlO)PKf;W)8vyXWx+ur~$FQMTTGj3+LunyTIF? z_dlSwkFfq=jP>=DHIdX1i{H5_J7@a%nOxW9(Yi8(ogY!-_6KUB=OqN%I2m~1B>f^@ zj7i8pE0ltJGvy$E!bF9x?u&`V%ya<;YDUShbW>+5b4*w2#cG7z>U)C$b-Y|XVu@S4 zfsDP6rkim(e+m#5q8>bFdB(CyhXsT+0BJQ2NF4*h*5J4Eo--yOmJe`M;D7)Qjf!P? zk0hXry;C;uMdRM1UitqZozXJs?Ri9wlvrUvao*cJ^}NJowNMafThahM_Xlfe$SN|P z)r_;+abCYzce?jv7_uLG-6Qez3R!AF!k2JeICbu4#@gShD-qk#&0B)h_c^*uc4Y1M)D8a-i*G%vSb_G`Gbu>=FAtnl z5fdO;to%Q%O~JJX7zF_lwz`MqMpXMu7ZR=$R&u(=R^Xl5+A~BDZ!_%7o9U&@dH5;l zkE0@rE||{4r=1egWp!t-Pw5t0DI z$|QV_*<>=O>Y1#3&N}R`a``JLoZ3$yG@tl(eR8+q>Ve+9-{oMyF>B{hIxhk?bI*Xf z5TkR8&p+egKM3Y1$LkG=alq+_b~;?dc0sf(g#;=#cJEcE(m7Kksp#oD*CFTEzHU1b%Uf8CQt;Z29=xwxymf6_+z0EwdKC9z z?I?~yFW5pj##XfYf@zx8Q3;tW3j&%+PsaVqfY*Sjy9=oKgAsp-S^pV>=mwh~>69n- zb!kSzDz#JG7fjle7(yYc<&Do&t|d1U=j;%U4%d!)HfEigWhD^r@@`rY~Mx++~4CvKkthFz9`0wb*LI zy`rnfG*eVIavuE`)`IrxHwc5e;bHEqu&n?n3BIaGC|#O81}boRY)NF?#i}~Q305rTA(>S`cnlP1HUMxr^Q=u!d!ijA6_cC{s%G9OUK@a_r3mSE9ms`-uP@fOCW?_%bTo|&RXfP?EZzGfAwI$ z>z#5I2xRSPuX*J}cXQcmI+K!HZgA)l{zU$O*qe#}%{?-So`lXnc- zMZdvR2cCopA>zJD)nY@@zsE+se*4hAN!I%9Llxeg^ZtW_f=6@h^uD5pU+wg6pHVQ| zH2BJOjMh<>6Y1}R47WICTcUe&coPj3q}-bE@gqu;lN#c8ck+_V5eIU!fSBTZzv^K^ zpzCCRzf9x~L^M)gJn>8O8ofkUdNN$&A5K2j6C34ih-ewmt-r`N%9OiNM=vUsn~)_1 zb1tHEIF{Wn%6|ARug>hpqObMmrEQkKJTIVj_M35|d7WTzMP@=(5u7$>o22dx6C<=a zGqvpj&r6git#}2s$Wt>8@BU9@lV3c~^;G5kwz0>kDWNyz>d0|b$eK-RaXTwVeL$P< zp8#3EFma3}n0a?*$>Zc^d5iOW3E+_XPC56kpLIMI%rPEA?E+1p0#XMoW~6c1ICNEZ zgKlTz55h#VJvcYm3Ix(VG=UWaUP7gsZlCv1+3RA2IZ>%@6}Ri5@w0R~E!VNOM9oe% zo%V)n-dCyI(?K>8Z1IEF6Vo7Z7o|V-$Zm#%iNu(~^n#CitqmHmIAeIw%kL zIKzQQGK-x6M|F4jIWq=r-3Z=v0(E1x4P+iqkqyok4l(XH?*;lXM`78k<>qi~eK6}?!!7?Qw#k`_CCj4P)MvwbG2uq+-w5CmDSV(QwVSj9exfOYA zisv}*gr-2)6;YUc>VF1#d8B!Gv^in67I1($*w<8MAG!%RH=AgAhE&g1X1dCu8sG=sBDE2f zrS6c}(Zji`{ZJu^zTr)X8Rh~k|{YqBWIX6ZdzkSmN zNH4ofOLXeEIp_AVfkpWL@@e4J=_{CbHzE8)O}B&)Pgl*=x}CS8z98ngH+MZ6%&?CP z92__g9}rjSxW)Ef{Ji~#Z-LhsG*MWHnZthY0Ph}VH*yR4^&t9=UIg2ISv2rLhXShV zV!YMF{PbV-x8Zy4JHrh^Yy8Ap+>yyioxLB%Rc4n5V@)^gMM;zFe~~d&516=-X!eV| zVEJHkj2I?Ye(iEdLQF&;WH?cTRik)~0^S%uGqi@qx2bk}cU$buVcgBn+y5A^x3eq{ zHL#rY$z#J|{qJCgVBANc_@CZu`EKoNo2)g6DeQ6~qNa6VPe)4U8Dq0#uXglb2Vv4J zPGCX2=gThqe`WyFq5Y(l5Y+Y2Oa^&)x4pXR!|3nqdXlXyFHtmHiRJ?b+W)H zVojM)5rCWF+1(|R%K&1bZ$Tw;pS$|ofVjWVSF)I9{t;yp9=-f~pDwTK=uCHvfF3I8 z;-fG^;Q68Pk5p?A05NM+TMH65L zhbmVBdz_I!8pb}#xj#GT*2RdT#7OwZkFTU)wppuI%~KY8=yAgI$-eeEjC z;>f#${V(ij`-LC2C-@v-ln!O-|L^mC+3LT8m%z(?%FsUi$^fzl#Pq#OmK8S?g?14W zkEw1J$Zn%DTnp8nBLqO3gYcL0ICZhJ<#>QGABGmv^4*p%yO@qu@&G!iLX@wWtEb#$ z@%>tK^HSXL;jQ0Z2TFsdfxh&k0-$lMveRlnDQ+XdxJ|Q53bM(Fa-@3x4-FnUSYd_ z3(*zQ2XBGa9OP*N%3tY{%ALlX_(P?EW()u2Rqa+g44^*&7zf4D@mA*eK0s%>3c##) zX3RU7xIA^KidOUROk}_*{9Zb5bHuEJ>Fx>PuH$m!7xUV#`N77xTg}*8(&sKuBp^82 z$fs@+fzP&sWM?Dlu`|K(z0-3W)1xg;@j1a5lUnroPw6e6Qefs35$k+;TU@=ed=3Pt z245)h_$~s|i%wvAA^eP2WGnl5_bT_Z;+d2Xw6yopBN&3+C2+#~NDIAC)%i>5RkJi? z=JiCSB1f>-p>J-LB`kIW!2c*zJiWo*m?J`m8NlN@KT-P@~vAke?=l`F{Pw0~aQmgFs3WqILhP z`aKqW430SmVgG6$&SC0*_7oppHj7_WbOgLz&grHIWZ|g3`DP17U5<(S2f6ar*HR1S z%tLema<~r~x3i^mnq9MHJ3qdP*P&W1fjail<$^<>eD$U>l1w_cN*AUGi#6s3*19ou!EFEK`QqH_}&i z^z89`Of!p=Bc))mlHj93aoTvBR&s*ols3Tq4Xi^1@fkS{Dh2^we#DB4_-ksa{m;<( zV;@G~xC8+3dbP`tNWTIWc^1PZ0m-b<(9QJXoiCi$fZK#x@2k1)QuoepK{12mk`gy+ ztk)Yy3MYlRf`W%(#6;#r6L(89P;a36{%Y&QnXd*d;=?4{0_ZC7k96(Cw(e$ffeDvp zzCtZ{4NfyIl8c^5{k8+oXCkoaQsofY{mzz7nK~}n`}}uTm%IowbPR3EiteYh z*20ZM+qua4b_XlzSmNwPGA#tBGnI5ID>pAZ)=)o2vDEU1^!vH()HNHPee;;SR2^Zw zyGvpydjCEOr1EzT3^cw<$G)`qj`@Qp)4f33u}MAVchc8$EFc(29V>Qdz7owGv6-rtb73>*X)-#0yX7~<3`j5IwD=T| z65`?+`6eW^Jnz@*<#rfk9#aj2wt)TiRO6q0C@Sx{^S)AEk?K`o(O}jAVViDiekO9X zQ(l(WkB>(ldR<8@NA`!YX8VdR~ygJq`Y9_`lAVT|ktxEn-PqbRY-Efo>|h|poI z&2!NdDu|n?AVKWV}8Ij=!O}wXOu;me+a_ zs@2mYtD`q3V2?2!*g^5X*cu7~d6F*nK%TN)fv6Or_2HfSEZj8(G38Ys0nIboFqP7z zg_{Nrs0-fDK?oHF`*-K5sI<-^+>@xofqF={L(3CGcJD$W_qj_mNz=9Z+A3&G_h%)X zHI;kh1^34$GUxK+m-n?9`-Q>|QL`pa?17cFh>!pil;yT>eqA!8>FLof#wCnzq$mo#T8_eQYG0Z*DWq+H7We+TzB$e0L(MOtcASywSMslAzO-Sac_rgv?01XEbKjI*$lWg2eVI0F5FFu z`2CYjJI=q_%3f~L-Y)X2;*224K26eANB~RWil{I2bzF$Sy_37>mW#0ft*Nli0sq)C z-n;zvkXK+f3YacEp;-5d3lVKScPXYC!$%)0X48_KX$7#p)p}>z|M#kTx6alJ$-~|&Fr$zJaGh-{( zWb87fqhU6~#M?3^c)z1EKpr^M;A;yy@4Aehf8ur3u2-Cvmk~n`mv&z+^G7NZ7695M zAn2f%p%WDNuznwx6(hbmtwz9DQ-I=!fxjOyd=r+Ay& zda>A>pRKYS!1PEMc5!N(-Ew}y%{n9V%t*t>h_P+Od+i>Jkxd|8FP^n-^El(QF}0_n zFqJ;ny-LN`+M3;D0y1s{IKYaS>|+$w6G8%yjm3op8T~+)zwy!cQ)2MwDBW7AY$<2c)WZu^>t7kuf2HF0@g7HQfbaJ(4wm0;vBnKy(#&rR$e!> z{#D8fg8P=^c#u3^kCmAMOyRr^Gk}gvE2nFmb0_pxSY7nwJ;MZO$XQVvim|QlHug2z zr?#Z0b9c##T}zxiPaSH9U|1?5@1vcJLkoc~r`|isY;Hx;fzf8(UNA;WAc!Z|SGCpsmu zJ*V*OjY*fXUE#U?m)!=`((rsOT>I~J{8>unx1L__>$l%?FRzD~uwy(ytX{Wg;K;&g zbP0Qx@7e*nPi$;F@EIp}Q=|K1Z$lgJPhP%KVmMNgl2MI58hcov)HU4Pybu0cFW_(> z<^+hZoP4bI+E(;Hbb;1w%5z7K9b!tV&FP^TVs;?aJz-Hj_ES1i$@Pvr8xPT0?qsHi zsRRFsc5oREUaDxWcP2&u)UgwCm)GYqy!qq5FqVZVfTRS<)|Q)*e2U@N3VO^GAim|v zogx;6xhh;_To47KTgaf_&XVz*2 zDXRgvj8HWm%=JOcrUJ+$%#VxAUuOZ(8$p!e09+v(3H88CQTzlR!rfCb0j z&-xfez)xT%Bn(I*v+`qnz7E!FNfW1iFYgmLs0~S{2@+WOY4i<{kxgyBb}2x)7t=cV zjDD!j>V&#YE?2a(|3&zAZCD5QcF*35VTHefFT=PXKb?kKL#OK(`a*&k)8CHPje4}4 z?-j=L^cjC=2u#D!4(mDtMe%6IEP69O7-3!UT^PLWtZ>NF-gGi`M;Wkr6$?6O~k`?Z_S zeA^5rVmbY|e8r0PJ=pj8$P_5%~kCnBFL6=Ls?|DpGh+p!5$=2%^nXaNbmut!w1KS8{ zB?FJca>MDsF*F>{rIMU`@vQW2PRM)ucX|zW6#`q@5fAk7p2Dw_GvsD?iTf?dMp9MB z&?}oIM+mlPzRkc|PHkMdAR*>1@uG}P=C{NEG%AWmqUn>4GU4DzbFJi3bs3#The?zDmgm$7V;0M*^8Qp< z0umHB>34y7>V*%Bv>1&5o8P_Dk%t>s$+>iIezprd!0xnx5Fw-Qs0qdkFCIW!C$@1882L06oq(P}-3;5}yQ;;Ug z&%Ihmx%Bs+G=jWsqSDXaTr|PCH>lEiv#JrA!T1<_kAqY}jz>@Ej;2LY{YZpld`Dr; z4f0d?)hE;6{uSf&;MP|+5%d^pKWmZIxaXQv?B6ooTM3IHdB$DhYaJ$UtF+>dV6Dy+ zdN~QP#?3eQBovZ_8^71?kAv34X}+nx-hA)SfNXcVj)KMCbX+7;70EEho$WfsOeZ_% zVt*AD(qcD<;@P?X7bXc9ci}uNC>5k<8z~)Mm&CwaM}1|a0hl(zR%erWiE2UQJ;Ne! z+^Q|VqU_$(#N(KWdII~`5xs$Vba8HOPq+QE@SA(>alEOYZ&x4iJ?0!<`MbJ+%}0AB z*Z5|vg`Q01A|`7I(m>336mO;RHRM*85PJB$obnYTkP^rrL{CMlWCcc!QI|H zE3wRaA~2r*J+GEjR;JKLhq%@s%OCZ^!_YmHodX66h{P&ASn*&?E(M_tFmBS0a&sjb zADCrHKU2O4KsM$|xZBt;fs)^;kcV-PKFo>drk#_1=Av7pI7kCC(|Wjbw;FmF!5t=>k}w_x(-N0 zHhaQQ&g5@$<5Hub^``22WI?4-s+PvnfXV$*RQ6z@$iGbv)G;R`>nsF4x^ zj?sU`k~HN{3Op125gj@FTBKecaqAOOZ@qEYgG02J`T*M_BOpnh_P%xzCdzt2A?p+v zOxA&MU^{3p>}Nk$6Fdwhrcie-&-ze2Eb)Ilon=&%?;EWN0YyquLO>*>acHDeLPB~7 zrG5f4lyrB9N=bK0NDU0BbV#>!hY~~A07D3zhyOY2@RE z#k?(nKZJ-lT!>Ia$Q$MZ>c9V3ivC@?2^aep7w7CfRo^uIuZ$^jjQ`_)DAM5C0YArvhVkgTfp*+V{JB)DB-w@htRd1QU&DR7@E1vv@cLJK8=fUqG`sRLl-vxWY zdx?xL56Q2<<=EjMhLG(8$Zi$P{G;bLTXXOCOOY~%S4RFFit;xlEgwEDwlj|hb9p5K zIAIDt8dhZh-P&OK%dFP=me2sa7O6{lZkre)>WSxLfFmrBUcteq;@hPqeBSca&wb0rA@8E4S* z)C1)oopY`n^uPB|h*k!{#n_FtW?t=rFO{oY#>E6)BDMoSmt8#L`NhpCIN0wtVS!s) z`&|DZ;t^CqInAr+*{}u4wpg8QwM&v|(u;xlR(^Qp7~agVJ)ne4GTl^f_>C+zAo{w8 zFn(r;UBguD(0p`CHrDFR^~KWH$+1k|0Sb!`A4+pzhjc=ywFkd4A7XRq%8A`foBblH zfz-QT(;TebEZAybqEn1@^OMDOT|e&a;5c}Ddkb>CGv;NEj2WgHT$+yFr!}X^ci;~n z_#K<#JbGaGei~PDNM--cAJmp)k;~fG8CUj*@MD7VzV>H*A9;Kt`*0o%k2=5UDU`n^ zLf^PDvJl0lyCpVF=EwW`h|x631p9KaZN24uoxmd)OsZS^l*TxgrL2St?rr!ZD!#by zA0NIin#hxBhX`%e`yKARbsO-G12jFFfN|b*zb93d9p3w1Mu)^w3w z5l1=+Z4%Q_BbXLelKsZrj$tj-zP~!d59xVk?l4O3J7xTSo1^)Js}LJ*w&L5oZOyH} zAN(=UnDGS=>GWF0q#|n7dzIU0yG@1Ypy;<$x!~c`J~1_G$)u1X#jzv=(*Xq#Eicm= zaH`>t)T91**0}6xZF|?2f+x$6_b93C~CrJmp+xxGQkCu*xjJl!H&zLDaCBS#Q^XB2YR zyqxyIv$~a6j+XK zSZv9Ym6H;%7C;Gy28~+^-6qXtjaNh%NOC8v2PLb#h|{JPrZrG5z_Qji3I2;uaghryhVGB<+z>7UrA7P2TaJN5_kuZ@jexr9JmXYDR>PjFJ=53K2w*5siL3JG%gehiHTIebNR z<00fAFOlE~Lswidfho$G>5wf3q?s~9ZV_Ji(R2GbrEmnS}*b2=620UNI!3u2iMswkC0_Q}A?KoD$5+-3!gZT+nIYocr+o z^SOmF;T0L+eOix3tU`JmTX&_HT)tzrU6pNmqu$2|KejpIXLD(ki1my+gIn_!a;4x| zzk@lX6*<>Q+FKDHUj&Tr`B&KpkUGkNCfH`#DZSI30 zJu9|N)eNGQN^miiUgy!ul@_$EY83G)^t2rz2W|uaUdx~@r)}C!^qmfYx!Eaw=6QbO zTlu+oCSo$lZ!98DFu~8Phxb#rVJEr5+>h4Z>@<-dI36Hf4weaN4SRdRSdS;{o@K__3LfVh$!8>uXVXVyA zllH^aL|!k~nhqD=>+9LSqw73XY;{cZged#V+RTA7OtwLWY*^rvBAdOFoPGAS&+&rz zK|~j|B4bgXVpmcWd?yW4>ZXQEA}XKFpB$;!WKX)WXEp}yRt`&u793dw68L}rWG^#s z)>pF2NA{$s)V?##$}$FSJQw3;zUN;DqnjS;zXQoNfj+z$AaW56EB9wfd0hM7t! zt+?wY-~`8IRF&3=0w*J=p`E}G+QP1+XL;lu|44oiNvpst-DFLB_xHwE%<}(3Y)JpH zqGG0+w)-Cs=o@QM zg5ftfeu)7A257<7fvfuBY@uqK7YvK9l=Zef->>Us1KN-%Xna&nOs3@A|DdrJyc}f{ zh)Z#5zEQKK)LW>Rx#q5{Au=VdCzzedsdWxV&$!DL*CF~6;5{=xmuI|^1cyX47AT}e z4Z0RCAHViDubB}YiA8GYTCDH;3Zkz5NMWpBD)b(CfA`K24rxo(erDvA?)({(aA{D4 z8N{P#Bt&68U8`kc?WRsTygB@O4ug@?t$^_1&v0v4*z|Z zkYBnhvP(`RCl_ISI{fz_^SPQ3bt(T1fuMn1W`T(1f(lg3LmD{0pw2&W$nZE3)WT_l zTb`!QVry=+(Iul#Hmxm!T#;1e;tmM}*z`l^17y=x#d&#wL9YqA7xj0)$N41c&-_ho zU-t<7H!v}O*{FO}PLuJZDD`$Z^l%Z+XNwr z*|6TY3KTp%XrQ8mZQHOP4w{op!FqL*BD6B7QBHkZt~pM0!-BbaUb4N#3HxlWsJIk9 zrwqQ6Ul!wJ$UG_iw$B_`j8B=*P4#4Sv3tM(gtu`{au9bdJTobEE9a$h7VO1G(e-k} zA@={6UMJ10+7$Z8mzNAsEkrf(f6Qth6%M3odzpB0q>8Kz=_?Lr@7nJ_8?L7T;_+mr zkF!wL!7+uD`SY9g=kNV%;}mun8N|fU{#iow-`_ZbtU4XjsnucZMq(5y9i^yyq%n@kgX{Ol#E!)?HEO5FkNL%Uo>awUl=1~ zcEu|&<8VdbA>p27ws6T`&R;j{#n}gFbQEWeWUvlxhQUJtCq^(#t0Qa zWTu0d2UF+H_2sDD&nQoxgPVWe&dyah4!6Iw_rO>6?vKs&A=!`NBDnZ?8ieE=alH}P z?{%$M7gUx|eM)w-sJ5>h5*}BG)Y$rNv_mS9NjJWeNMDky7`7m`j7;!0`;R~!^MMUtHI-d$Zgi(DBE4v@_k?4f6{DEJjxb1{?bbo!F}8+1B7sS?lcW} zS@R_o3*>V_x|7iD7~0(!+6CU+McxKGlOk7{1_C|$*GK1?PAh?kFOtaLfR4R%K1&g~bnJhv#n61YOH~tc^kXL``q@IIPO-cQ*YH^>@eg23 zh7aSQJ(nsxMeyN69l$p8oPr4E)a&!b(=YWEkp`7{@%!w<<(5Zcw`t_XtbfR4FdoUd z>dk68POdijH~8#osO8;poUPwL-; zq;s!1IS84Eh>F4sS#yd*kDhR)Wy(VnKDGaspObGLx!%+amt-6k8-D)#z3VHCm~$Nr zec9I5rs}G&Uy^QCVH|Ci#ztPd=^^`f#u8ac_Aw5UauP!}Jvt)U|22WAOtR;{EVW6B z=%#|>0a(gvEbCAItjn)wZ&6L+*HUVsrTzF4O&=JU2j!@I#!wz!kd6{!hU0@@_@K#SiJflN$GEsTcE@+5&x#5ZkFc0Swy|>g@HvSQ< zH2h_9EUUo>wlNy=@TTSFTOU3gGha1CvY|qr2DSL!^|5^Ko8f8gda6zFvp9wioEs~c zQY5k)blEf7iOhLX>tW15D(>w=$b$Vs*2wU+CBvQ_zsUoy_VJ;9%x^T0l@Y;r!dUt4CwP%pP_^w`!q9N8a^)1fMcStWB9BRRRIW%<3gu4s zN4f^WM|@>jfGaii85*L=9;rM1=EZsF1t8$a^5a!M~W>JkNQSyG>9 zQPv4Vh|gE$BO+qPcyUKZGn0k0wr2$;^nXN^KahIoy}kNv`}BC?!Tnv=+r0wG3b4vt z`e^(QjM)PNHMJhje_V{qR5W2(e+K;-^kH&$L{8k5rZTAFVsS!sVj->%P-;n)@BzBS zy_jo&Gc#N1zqtT&>h5q_&0o|n7ZwOzHuJoLJ8?(UF7_r@RsWd^sG-VM5^oW$} zJ9K^tl^GW|4r1vk^m(XFfF7iJO+y^6lf^UV;qWIj`5)>AEoU}%5iyK}Ob?9PWWK&q zI?e@%gj&p^x0$>9PYDcgP=MtVFx84-Zbhmi=LU?-^`~H520X~cy0#xa0KkCZ-Gz)9GD$ z06BNhD@xEL?7% zc#MPzloL|xcDFy+FRNZ4ysw?Xp^(w!n;3$5BhuejF*E+A6|%ysm+CY@t*6#E6i(4U z@iVVa&LPp_qVm&;R`6v+;+3#y$Lv@l(hs=B5|jV!A!%^K5!h1nEeJv({`<=_-P{%5 z796`DO^AiN$!WjDHjd05<(As_ik60kG%uF}G}r7bx4-b|(iL3AWcb3__~GYw zD6RzIAb-3Esh@QmQ`HI_Q5o*K_%=F(+ine1kNT>v>J^1H$A&F7YJdEozTGv1_jY#& zldr7GD85L@j(ZmOX0(10V$fR~h4;2ounl=>;obQ?RTE}_j{}wMXrY2f>)nw7k2pNq&W@=hk?Dy zdV*e+gluP1978%2nl2ovtKnL+unM48T@8_A9%D3|gNaY^!~Oh<-bNEECx&7Me^kea zC#6u4Lh-7jx#Mxp|YR!G1eJ?L+ej1;NstftGC*5>JJQ2YD;@n6pmk=Pg zIWP4D)hg~St6q6;-g#K6+e=4(^C+UA^)b`mFbQG0L5;)tv(H&vSXXrmQABoI+=oMz#|S?Mq**mgaSZbow|*h-YU4+FC$Or3V^vCk1f_~ z!jsH&GZQ3FQjAGY#s$(iQ|}q|-LsQ>(aUPHcJhbIrJiXV>i*jhCxm43yiV(Zc5BY1 z4i2T)_rfjU&2;`Uk%su3LwQ{L;JrdOC!PT%*1`Tso-95@g?!%F^C>MpEO0{7`jxIc zClsno+i4p-Tp310*60*pWKn^Ws)?v%j>eAQsJr!N7w5;X{FA6swWhX=PTg>hhV+ID zDJISD@r#~$Fc&}7Q!YAmYQ71yt~Gg7K(Q~PHYUq+^m{VltBPo2Sst{zPFo>)&7mmL z!;D$fJWwI%Nna@p8;iybM-iOz*%@+NvMlg8EhZS_#v>zxz(pxvL-*bBq5# z^`!9gM333#7n2qNm6zo^F9;vJz`|9*=BM2XU0gNLR~BuUl)f37FD)v|zZAP_*Xz8# zTxvQN7QVSabsD)ZN##Z%w<#A?j{!|U3(5*M(2~pt!X;pz*TcSt`u>!eP)$c_6b`!H zb&K^NqhnX!a-yU`P+C_=AhHw(hi?1!HxsB9hJoNy3}IQ$_bwU6*oxxL#`<|FJt!%A zVQ|9;`uP;T*y(Hpel81M_ubQr#akA#9ia1-Vjit@2!GGTe=<$uP*=!6E4g7gk=AT94Zljoy^o(`KVqcA~DFo?@ z?GqR5M1^D{g*H$kNJW_;^ZAJSbOiV1(x=(9+XURC?u`?-2MKE$jw z+U&)Ah8nZ?RVK)gx)xeZDMU_2vTys=rIWjrN>HSC?A|^C;{;*QICWQ6`M%)-y9SN$ z(7S;%H^j1?P%w}Zue-5Z~;X$6a_<56_ z9P`=R4NLd;M_z1+@UWxK8TB6Apf79}IE<2f{`0Um5@U8ghH2%L;gkr! zG}{=ONB@&nE*5C!i}(3ddD2r7tyCa{ErO9fCp{@ivx8vItk%1G0!{g`pZNzQZ0a(!xs{yae?;F+F#xydDk!9gH2a~|7J&N(WP(+63F6`Fr zZ5aq?dL3+~q6CXnPW213Oc#S|d)fjZxsG@B#d;h}?l*N?LFn8wODdaP4MtMJdK@@T zuQxDBq-Az~ez)req3$g?E_n+Xt(ocrS+yHlHkkSbjxWE;6_qh>+L9n+eM9ArOBQO6 z#xp_nf|CV}KJ+(Bah6`*U6L8?_DrseQ?WCxkizOykF^p2{cDo4g$$3EOyAGHDT$Ti zq83~>h^tCd0=KSCaKiu{2iYKdqFtv~`eEnf_oe68e7L{y&azi z{ii`5icRb^+zr*PsS@MNP1FetDoR>w$dc0bm7v7HqNCeTDK_Hmfc0a46qPOVy}7?K zwsFy{GuuQtW1;e^1#uaTFvF6tTXD#-(R-GqgqU#w~Irk=yV zTo9`hQMYHm-qn0i^TJahvemk<;3EW;i9@aROQ@@FhddfBn0~R0Q83#I9J#i+?jD_* z^g88u-VNAYx1vVX0Pp&qy}@4F+fmscGq?scAZkTG_eA(VH$_s&2`$ zZ>GG5r7${F)XJ=A@hRsqKspV2;q~J{8odaQCu5?xQpLP_k>2nl3UqBw@MxVI=D)$t z&^r(_NgwLj;@T7kcQVk#DgVNm3W2yW2P~Q0pG%B1e1^&AK8x=PUfn}ziM^uil{iQ% z-K2ZM?s{hXRG?o((`1hJwMBNb+#Hwq=;cKWRKjCO&G9Leu=W~`{)Kv{uyi0hgBu4* zz6nIorv{7nNi`}7W3nzK^Ru{#f2-B6XRZ1$Mqp*L!mnh1x9E0nwl)lokq=Jrs-YQo zv=f5r+6X7EzdNRf>vw{WlsTi@q+_%vZrdFFSG zoy_e-d5tk=#4h4y*`0;tG<;?KK1*xPXbFz)_ z(90&VNAdv~%oFlBcMGL12W6cvT8t?ccEc-vc)|{ecK|bOq|V07*Iu$ckY;yluVKHe zIhe8vJQZBExA$83`nOEHKqzwgmR>QXPC_>aAl%S0QnMH)5hzHKFYz8>cEPJWFXA|;;-IceCOQbvtY|CT)@=cz3}iw%P8GSJiCe{*Nv;Tfl3UI1msi^KO+@t~9 zdwp2+Kb+(pKXaKU0o=k+h=9Wi!lF_Yr@m2SB%;zLMn3?{%}Oo4tE-5FL?W4%<_-L6 z<0;9_@nFUEKlOK87pdw#3Ji_ACxXkGWjjEbe)f>)J&;?0Tn187a)1JQdz=>sh?|bi zaGH{461-K0B-K9c6q6t}{P`&(cO%eMSiAD|ISflI>t5gttV-OBL@9w2&(Es~6IFZJ zP)s0{;$mgcq&wpmc_>*^K;!@^&!$WA`T+qanqp7gd2WIfMKZx@gZC^H+P|B0v5I7o zbGt*V|23wh*(AZ&w(L@-ozB+Zm{->XY>Kl-pKq*=r@MP=v% zK6ActZLFxQ#apkHC%KpMCKS8s7ZLi~#AIPUJHqKL?!$%T#UW1%(>Fz+|##VTs*W&ESOKN zC207dzkiW!%3=YRKe% zzDm`W%Z(PQSFOo^HzB-o=Lh5{mK`RNGNpD8HZt$R3)~VDbzrEV@7>MBe^c%|5ceKn z-ePBsOiYlfxZ--WtfQ{~ZqK-2#CGBk?*(;fp{(8zyjwl~#jpF3yBt{F6s3=19LL^> z-j+XrAK-YIxV)WK`tsH7+^M?|-TwgQc|bLVs%>B)Q3_C+tKDIeEMZ-Ja00eYyOzw( zOQkX4coCo_unbFNl&t^ueqH8oZ&2)1;HA&&$C0Q!am4UpW)b)c8TS*$s0}Xbq&=3P z9ln&cfHJhxl#;@cZz~lV$A;~p=2QCdN#*iz9G>BDBTj$QN9?fvmxA|RTGQi^K1@ft zdX4ywh;~dy-DtT;ub|c69K`6UPv(Lw63C=o28vq^4ZkCTOvHFvm?M46x0v@*w_6Qpq4xUl$$r5NzulBO94}%542|y1 z)3k%)rznq(Cw~FbaSuGHx1^gPv#iGB+BY|6kt26djq$F$31^kdC6v_%-zWnbXTvye z2}bTMX!k@mU58{mRRjAk+SR~K0ZNCJq5V}w1{0Ak)VgFOcAn@_+VB&OdBwVw=_1i! z>;%e^WFwl1Hxtp|p8~tm+dBzYaU*{~u81nYK~3Vy793-5_X4m%+yXdHp8fv$^7=7^ z>6j~A5BJO#=2Ai4orRh9e&Mp@B319^_lbYUHV5X`Fk`DLC63rrd-3GJncEnysxZ1d<-?Z`Lf|N)&Kq~m$Bic8>6A2^DCm}y(~GDy^p5h#iD&! zuJ=9{duQ4BVg=Br+i8Jjv7K!mMw_Cfb9yQ9=348#<#?f)Q|#vqH_3n#L}mTEi=S_^ zIIPhEwm5M&-Qw!x+@NbvaBRxN-xmN4FDrwiJm;P6@9eoT_$*5avb$V2HGYcy2)h?? zww=)C7ND7`s3$@8jo`I{c>k)X>#l7Ch9JwprFh2U6=zElmH5JbFR-A2P^$6XFX^p{ z?$mg^L^(lmfaxI_T0{^p)O)LTF(yJ^I*aRsF30Hg9K;xUy#zuwH zM9(ONBF(yZVs1@#PieN<=&@pDmuf^`bdd;Hv>{P!r+OAbs=6N`TU(Vg4pKA*Cn>E} zYGIQ7rjTzjDOeYaD@{t?*hC)W<23H ze|JQ*R-M6*N&j_O#TivnLbk`;WSxt5VF;zij$|cWw-ix=pN&>^HruBw8w0{n*Whd~ zZ|~?=w~K67gEloOtf>R6zSAm~SIB%Y_H-f48a?7!-39<>#jYeCIy=?DSr` zT͇IaqPsPZK?Nu&mA9lVFgj*gR5Tjin9`qrkDq03&&kP-;lao>|HY?1b=zI@MR z;_1BFdmi58xp}x*c$(-9c7x8?37Qd6&_-6F-WF`Fo^EbB&)rdmwT@)dz?>{?>gLT& z2v;`@AWZx-9F28D{=-tsO074IfjWPspP1$9-Ef{#xXHR{uuO093)!I-n?%+<{?UBH zVfLZib4Gvd+n22WIfw6oB;Hf~6qtuDBmajmgYO8|xm4jZNc(EmuU;%9WKr=@t3BJcDv8W17ezH##-VO6T@Z1snsEXUDIv z{njEMJb>WLzIk%D; z8?oVp<7aDE@R*4^l}_elN`sd>_m0INN>Y7<^lIj)uG@3F^2dcyXvtofo&i}lvvBTf z3;InU5kS}e3i7YRd zz(5}oPF{6)G_X;p=&$TeyLbf=B?Z_t(zbesGOvs1F9O{yO?MHbJB*DLCPoC=cXX>K~22J z#iNI`%o9D_=Jf=-ZqI>?8r7QwIRHVR+sPzY_;0<+Qhg;Ud1Hl3AqFn{?|K6&?C~kB zm#LYs4pJ`L@#2nL&+f_d`1Z$<;8Bm(=`DKoXZGU`w8Lq{Wf7q_`){-hVWT&vviUk2T(ul72(%pPwrg*{+46c zz-f3;QpV#0jv1J;_r;R;B(iJ*am;f5cw-GWn)G_jaDs{HRp6dP0ea_goO!YA6H%-E z7)xMGsjKsRpK)nM6?7R~I~tU23$YS+Y8|?8zH^kZoq_ijXPbz9hM=99l_kfqn;@yB z6+QI`_jqSclj1x@5dOD|-ag_spAFZfgcu2C(GOnUo?m3{_=ro#9)io;?V3(o9D_rq zn{6p8_K+xNZnq1l3f3?9v%Z0zJ-%B-3GW|JY4L;Go?#W4T4bUT+$ z``xmz#5pGev8b?>gs{nRk%D{G{ZEj4Ze>|EHZ~P*d$YFz9|YNg1;Z86r}x+KO8uur z0ttP6=yQ;Cvj#~wGr8nI8&0Kcp>H2@9tpi09BLMg!b$=K^T;TG&y~Xg*i1teLHmcOYUVpIsB>R z_O@gB59&9DChhAgc&n3>Ie7K`z*djopD|~8FyggC@&4xE+7Aa;a53#$cJ+e?iVsF0 zv>HLtla>$1Wc=qU#EZle&xxLnsoLL{$+~*C)Z&A;`p>n(e(DKUF_stLJc7Koq4S_H zm9VnU1^8|Nul;u4*^OeidE326Q7C|_H z*nLlyz71XtyN2B#EYsue?h+ZaTnxd|qz{c;eo+n2duBj!HHRpD92go$rUM0K;)IY0 zoT}Fe%qn^D7pamJnmf~c z>D5Y-p)Xs_LkP482j2N#c2-R8A%4$WFhmXtf?!<>P3{e9Y0!lGPgB)Kx=;Cr{_P=? zpJrb~eXe!fVzTm0>2bY8xYtb@uF(-f-#j?yRgL}AK2?d3k2AbWA62BNQpD**{r>BTm1dLf72Q#s16Q6G;_0j`6Q1f10!dQ?_?i>0NO}>>$_8J&;Z?RhXXF@|NAC+Izkx!$(e*Nq4 zfp^yb3Qg@dgju|}czAtt{h_0D|G5JFK=Es1O>LPe7HB~1D%=QC)+j5Sd%l`RQ{Q#v zzDWLzRuRp~L_@#ykDpq%e(P$GKXkKq) z0qa&rLjf07QGc0*L7Bu-c*L(b$FM8GO4#cuD@o`>CXeNOWv@viLTkkPwATu*~qK~G@sm2LqZxuKz<2-3i`69A8)<-EOb^`Y{B1A;jk z6WkV7sF~WHIirWwe)*>>n9xDL=C{r9yrx}pc4pS#Ge=i`()tX(4z7G$Ex#YdGCGRI zxK=4+;%zbE>S7?Qz-w}0jNcI+P%-*xbLdb0`TmO;mSKv^Qsr@=lEt5fhHj;dOhE{P z_0mxFEe zuI76mk(`>fC@k2+>u;7fHR_oy_#`4Z=Xvn1>#S?dUAW1~l~pbM z<AuwO7$y3q{rqha?$uSqS7!&Oc)YR=cZ$w?Gm`K5spUS^ z!=fv)F8r!>zT_&oF&U0bYI5d9Mxo*VXU`*pcJ)PHS&c*HoM zBccpN@EEK~y$T_ZHI{?G7MCR{D|?@0&+TDH zTEpXK1zlMuO<*jkT<`DB7uYZ2S|(l3QGwW^cKxzARc1#@4piLN5%XtS)Pu+=s7V;c zPKh)+cSK;Jc01=oZ$CLJ?Ean=p)43j!%}|=4?{wPEnJ`{J+dPsBbtae3jG->4e#*U z_T0+qrmbs=Jw-txld@^m;+N-)-B0*NQ0mGZcftXKP3`h;TX+kdGXdO83_+)W(})_% zC|OT2oGqe86`L{UY1>UlzH0hUU`|%ja`j)5a;Nk|b6t2I2Xt z9^N;T#3G;qtw;QPJSQZjugz>ct14B#MyHrxjVRVSIx58VL335@VM7Udo*KrUe>pI= zuzsI;R{XRj%0N}(Y8fyra-Z9$-7{}|CfzWVLT<3xgVS%z)RemIEkV*S_sp}sgxbp= zZN_L~5yI5tyTRHQ&5efuEE{IPvbigpzVw!(G`Z-<_y-|Z1{mLInP|&v1&%mK9A_Fl z zJn!Kzb4Vz_==PqHvyKL+Uy(;DNiP-AMYohT8xf9xE2lxgRHHM-W}&&$Ja=IkfcIxk)~X_S96 z)oIa=3R$1b00#)3FBaNov*wNSp)U2{9Bu~6&jwd*nQ7q00byIVITy9hn1d+^;BNya z2w3YAL_dSmMGE}IgkTs~EnN)P6P=|#$OS_6NRTb2|HeCdd2spSm6Cb0J^1ND2(Y{t zq8r4L#)lA5*5YgI_K8x^`%Vz9?GYzbue!5WG@O1*Yc+p{@h5O z@+V)~88!O8_2Bw4MJbn${2}jXN&G_6ST(Bj>t`Ck&83R2@095$;+3d1@Z@rCnP%ubaNGZ7W`iv%Rj5@Gc_V zRK~8f;Kp^`S2Av#Zlt%RzWhureuKdFPub4YTWBDsO1iar^n;|=*hgb7ML5<4D{0lG zMLbIv`9rsrr!dKkPp$HES0p~)`i44byo02C6D!;Qsp147Ab;uSA~@PDYv*5$(=*t} zt--y~IvL-Fa>Dl%XVY)XcUMYr9~9_2^4LE?M2qN?Cgv;-ikD`BmHuttt-B^4^^j_|d3+Mi;JE8eq9yltb$1{2z<^ecm2(K*( zbpD$PK5R{nn>677@8v&Bz3?2q`$Mv=Rs0o>EEwCYK>SzK8=dw# z^oH9?JFyjyWxB8*O})Q3+}75dH1!(8@@CDUntnSCPHiGUKrgT6Dxwe`5HeO>=)`bm ztLmr-zNa+v{-FPSe3O^sX}O=r!>J{QS77Y_>=u5QMbmF8pq-yBR5WC;ERRC&XMro= z>COyTFn&cKZ_~qoWFE$+pib&bKwnVszX}yDZ^ZtgsUFfbS0RJnDtb=k|ZelZWkO>^FAb!K$_U#umu_r7vXX=Cwj_$%hDzk$Mts|>i_r+u&owNuHEHB zw1oCuqUEozV*JW`(M)l0O&N(`iT|&B-dbS)#4BMdp&wg2KXjbC z$ryccJBBlE=i#Q`+AJ^K;iFHRkwY*N;L#8c2=Bj+`it&r&4S+bg|YwaXJoKvK{bg{ zcP!mBYHvpN8L7>UI=6*ny{9A+v%*gjwuX;}yS9Cn$qF~W@Fg~YNeyr4BsG|rFA4H% zmsxG`OW=@xqL+jMC348=Bj6{R?1!#)uJ7xx{=IyBPsP;VlO8k317`@PM~?eZXd-HX9=h@GulrEX$VcyL=nTN#kV6J-cm6A z8<_doF+vq7H)CdDwJ_WctzsxNFRSOH?Q2DWDF6WOSe&iv5b8m#MA8xvd%v<>&8q&Q zqQQQ*M*W3G`ZZ$AYKL=IaTrI$c`wvCd)6 zA7Ywg$Xnq^ye#x6O#h;>esC7G+(QxuoVQW7nNQ#+Z*f&6F*SD9L@IJ-ulc%H@yVxblO+7BCL&rfmWeif0kc zC*OB=VTBc1!}r>^wQY@@Z5gjoxAG&@>@<%ZzwlzGwJ-amJ z7S-b_%s-kI_nDQv*Hc&?%UjEa8IL_hgAIpa&z4_Qe`@ieBF6rQK~=E|IXuQkVJ7U$ z^!d-FM>ZLDbclGILM>#d>?Sys0_+dasxA`q`JB(3`NOZ=uM84GXf_6l|8uQhtXH3? zQ{$*fA-1^TR29fjgI8`49ap~)l~}NxKj>MbZolt7jD_vXv}Uxa{+M}q>ru&FExj=& zn3w_f>U`uSta}COO#n~Ujhp=Fk88e#I`1;m`LB?%o6GjrHfMl1NHx{ z5-HHS)Cy4O-P3|)3`gKVj0!LpmV<{U%4XU)-N!0LbLDb)F1f$R3;8tzw|qn@!#W$A z1p;CCU(uHLX*;%RaiY z`Mx#1tB7$nrYw!R{P=&%ss1@k9B&*5oZhVZcb)+>(s$&|LW*gg&}UEM#-GiZFrkkA z(vR`+%UeM$T7L)kuX1P)$6&u3K+nN#7V1r~=GKQEh%l`O=LbI57?{;7^v*+H?1!38 zZS3WavRhq7IB!-*8f=lGf#ezv*r#~f0b$`a!Qp1i$3I%$+O^U}>No6t*T4LI8I^%s zHOOZAf^0t_;L819uOnX$9(VW=2jU$X$lDS$*aJ#uJp#t+WQ5F^e3IH4ITlC<}ogFWE z+_9^%;gco_b$oHUT+l$K?fcue4jkQYeb{K%B4elqr07GExZ7_KfQAu0g+AaO@qm~j zP72Db7J|v}>=#ukzj$BdIK>#ss04=jl?iuXd)%{4ob<&n(_wsv&ulK`cYUKJI~Xt) z_cYZ6sJ&V){do)LwEe}eJfC>$);I-*m<8f>mBmYaXgR2Qe;|A#20;94n5vO4lY&_^ zrEqC}lArvy)CFNg89?2dVIpGQ9z6Dw35J@ytMOH#FL+)Yp{^ z7a&U*ICTozR#v&nVoX+yG3W>w{Ci9&q;4LXmfAwU#&ad|XmTSx-sZ|N88fegn{>&^ z6inI&un9gi{Z8SK*#B@4ybrJe+&?<5vJ5x@Xl+JpuXmG@%g6%z4Xze_?;?h8^|9}F zZs%%G(^x%5VZjUs3(Ql_^X1eBEq#F^kFYFVZW%tau(hm4-&m(!i5h)Ngja2!eq~>Y zUaP+OW|=2nE?Q`#FqxT)4<2jTwR*%Gt$e?F52r=Q&N52+d-V1GQxV}~*UiV;+mFvM zavy53JOF`x7Bi(Xlsug!%(6KoX1vk!JKSAJ0d=3>Sb^I{oyEIm2HF1tMgSF&?o<_s zQ976(rUT2j^sKckcRy;er#VYA&le}Bkl@mB5HC(6svM^{Htf`Br7rLdK)zn?$)1?{ zB{=%b)w0W@2`+01jShjn^HaG8a^cJTU14IG8r?xoTN-WU3j%TXcF)uO$iUgrvIQZt6$G6*XQ{Uus9I{uS`PqeeJld5r$PuQZMXG$sW1RFf`8FBwav%=*1IP_K zM8!!0K!L1=M=jj1ftauYd7%=J=@7luV+<|0$StD#_c2&l>i4py5Bo!^sZq`e$RAV=n~mseHEF zzCNrOSL5E|%ik<|Ykdnpx$c5V-2g&$a5<<8`uT!j(p+#2!@Zmjync(2*+N)y^NTr9x_*J8@7Rw%F zU&Z7|cz=iS1F782`(Lxn0TDA0T2*l{_|MU_0Q?T8eznj&g&oD==kD{>gOU$j63T*j zMG>i$S#AnBx*o;fvCFL&o}DVLh?B+9<}QGD!>_MiF9$gzWkpTC{@r2n|rPoifqBlZM1@jt2Y}Rc>9AX(Kd_YX4Le0>L*q41OB;bPd|?Fv{ycM zU0uQzZm>J;Hjey;C*`(OW~WE1IE|`%=xU|OxLq~NA)fTEF$KhUsKqS#o9T_J!By^(`-?B?GRgs|uG==vdqwX73yW`; z1BvphNIGL!_rc6CWla6#%yCum502vVw@c~9c&Mt~{<)LGz`V%rBBa}o0y0jKfezpK zDE~aqz5O|D5rzob@{79yQTP&M zaR#=11Q1sN#y5~$K`{wcD;NfMG~j85j;iPL=Yf4kjO>@{Wg@qU%(m(irja{Xn7nHw zy_vXOXgn?^U0!&aZXHt3)w7S%SHqX?Htm_<-}Ib2eo3DpRSWQ&6%$(NT8&)Gsl2gC zNtefG79nxnGtut+b)&Xw$fN*sF*b}|jqcotG7ET0^D*Y1$gas@VX|96Mjbh1w@bUv zV8M+0Z!P`tUuXeAsoP&9Q;;DvWek4pvVveT5e% z{p_BfSczF-GQ?U?vLb43y2zU7#SMCd(X+~YTB}46BP3Hx{RN_P1`BFl7iXgEp9g3c z#(YU#pUf9WaeNh?JQOFFiL=~qgRF)ek77nx&2ASLMYntL9lZIKzoS=Q`0Uie#@ipw zAp<=rV`l%VQ(~O^J21Xd>L0F^)7IGPiJ(=XYv{D0Afivf7XxWsh#4_w)?5bS4qDn{ z&PQEWt!vH{RhHJeR6Q^(=0NNd#A|Hf)6-vbx1OvwH2PMFUdH)Tc8!Jeb|ta5BaHV0 z67S&ti6X<3E}?I%*BhnzRQGyd*eFgWo<$siyyGXA;cy`Bq0r^xBDJ%#(Y>pKmvRms z3)mY1Cj44)M9m8lOrbH|F=3uMA7@W=JT-M8Cmm0Bhg-`nE4qo|X zaaT!mzbA`Ia&9o7Vbf}H%|-cn#FwE_3jXE}DBOys_sGe)5q)$Glt{$^t@FQtP|HDI zM-R4@a(<++)r5&#lg*5@vBzZr@zHN7#We61@mbB9I6JU=oJQNovHO=}HwoO5D``?5 zm8e-bGxnT*!KHWU)v{GeeK#{U{h^%v0RlcTIjzne-1>&2;$LjnC*x_L2w?&d3F`$7 z?lfp+d_BIeoyOReAT%#A0f-lsu4J52V^(bl_O25C`kQ# z0*=~+3RxA(K~6$IaGCT z#?mr}-25quCw}Aa3j9i2Rjm2SIaTiMKg`uU=fA09%{@8pt!W^{3;X!p^i71mwP{JZ z%>FWk>;09Dv@P)FHW%JM-(3j-w%-_vUCq-zp4k2G)a9&^kR^)RD9=3aH!f|qh!z2$;}lR^n2Se7?K zJSYuk$U4k%aIO}ZIQ)OPXpjT|4JIr~DwMUrSZRaXq_UWt#c*x7}0w z^Vhn8t2#>`5qy0y((olu$-E<%a_;XKU^--{XiEEOj!0=ETN?MgXixiG7GK_u$1yox zY>o8sv0c9f|DKSP6U?P2Z6el;rh&r@P0}gJBwu+yQ43G4|1 z`EM?U$HL2KAm!1Ex&n9Ubwo8eKr@rfQ9^?5jwf8V8gEetNIir-20!yxHufkq0G#g@ zb`eO}-1wCW1ko|3L~U;emOJ;6Q>S&9H~2jC6ox&%Ppy9%Xj8;~Pj-NiKvsvfE&iuv z`sYsr?!SP2k@=roF^E2KrH|~rU3JHv}FR;nbG3e{l5RXwNQAP(ozeR z!iC*pddN9a?u3x3Cs^L{c=y3^M`C;Xf84{M!Mz5c3OR-#0BB-b&eH#3-_T~ z_%*bSe9+q(7cjkQ#v-b-?~wL-mIxNBVRxRfeyqg$KGs?1kl-t#_|+ttsp;QynM(rj zDtgWSA|&&Eg6Qah28NFQh?KdZ$wC+kCX~?vAY`Tp5mKDL$uYYz75+kKV}u*SDfA~P z?+4PsI1Ln@f(|F~YXsvgZ+*+(9QhoqMRf?Zvv82|6<0P-u&0*!J6CLx7SoCaJeD!wmtMb-- zZ)Go%emtE-vy$Mrz1E5A$BA=j15Nzkza;jpGmqVjnMcB_iX{iY$uQS*ReVdmds}0^ zu%9qO^qt9Kb$~+h8(n#f+zb8?HUkO*>u7rd^fTOc;y9q%r*tKR=h9fyCMZayC1h(ZS(<*J%_Ecsho zE6;XN5ZnS)ZPmM=DdA8|Yu!l0e18{0-c&*W@HG=mlL|j&023=^B6kQ2=05%JZyo zYoL#ho^X-$+_(RIU$i)mK&cW5v+EX7Es{YuI{G->I2$l2O|@f_fookPG?-U&gsex?NzgMu07qru`$fr2C~Mrs<_YY%g%#p$Zi8kxuwwLD#dDEU6=*ZXp>uX^GO|G)Km?$Wxki!0`liL;*jx9{;vPX@50+QcD#C}oqy@O zjEZ0Fx~4dgoxVtXDm6k>6Bq9TxX@-!sq$yeSi`B5ZF^5SN!Mz|C6Nyy0zdfPVBux| zkP^|=Q=FDNQ}|*M?FZz6ZrvT$)Clioh}*I8Z9+40W5-lZ?)|S*g_m0zmb(SArXNBk zS-m`yY02;@RqP}(S~W5MCI=+gM7^scJZ0U#CAL(Q1Ijtc-Wv|(`RuW(JHQU7&?7N! z(XJ6t+wlp$y}+i=93@qaA1D&`xi_@#?v(mo_XzO%bZdv$43Wl1q$-f690WNoG$?J@ zheX81W1?U1{PXVwl=uMHYj?fSzUVoUtvP-O)A`_F^=nYU2F*!SC?{#`X|8f&UA~8f z&8{=OJ|qXV3eUBET|cj?>wgHw7BoUxo-wP);qqF=ww!1q%8iLG`O)}5a`f&E?}+ww z<;7~bUbw~jVWu_{9F^WJ_5l*FhKBJ|sOSWs6AubLSNb!x`PDe^cI);hd_HC|9^@rN znD&H-j8PwY9?uGOTt^*0dpEU<#6eBsTSZ#bcFdPJ-IxiqvEJ?^xt5f@gQR>;wD)Gc zDgf-&Bv&QeNE2pGRInH!3$Kbe$CRSqYcA7ORyU|C8u@lw>hclSIat_`G9)FrVf6!E z9yq8X&U{^nHQkoXKDh-}FMA$e(k3lFEX-^z0s#`S3{>?X(xJ)3TO z<%3trFgUD^NYGnS=gs@zhDm7^qZDY3KYfo7!bT<3Wi&z!p^pI8xsB%fs zLwg~Jib{d2eDfZlHsXHgU9>w%`b-@)|rUS7z}%iuLnRXEu+Y0PB>EiIVir9eiN(qLarZAfRR3PT76X59}lWtOlUB zfO$~iT>30ZU=Ge8n9y+0Q&;|26GIevGqh!FOvY; zua>vcmU;I-wh|I4s?-s#*8ETfo2dVUDXPoULu$|)a1l^MjHgV_Q`y*PZ(X+N64tT; zO{+iVXs`g(vRXJjpZ(Q=O!-Y5xXxprv0C|y~%^&y;2y1Ez`DZ}~{it?<#`(LrPJXmrnWB*%xx(RzA^pXt zJQcm|c<=dOFvf_tD8eM=EF6`b;^l9l7SH1hiZxMs^K+P~sTXw?5P#Z``xx2JJVE4J z#GR#W@RKj++A47H$2^VZaox#q^9-JnCl`fV*gW#%^N&#MlwS$xb%5&Ld9o;vM3JS; z@96RA)8H$d9eq-|t02dtR%TR-&FBhtIsuL=So1sd*f@SYtG7eDZm2#-hjbs6>)KFe zVNMOd|4?K?C!)8c5zz$;W-a>iGC(N`2cV2!py9~un*l1sdNdbZZk4(gh}~If;)qQU~71j zy5+5)7wtJDYH3gwiutj{?-mwyT`$EXA84GNZvL?Rz8@_5d0XI59sc11%N0y#di}{L zoP`Yaktus)E5TQHfm*UAs6~ymwBd%!fXnz_cLM?*U8IB~1sjTn8EaFh>(!zqRpX86 zw{t14NaP}D`;z#&Di7jwwHmT0GVapXJ;X_RI&s4(=9;@$;#jK_|NFa8gr35T3i&$8 z=)Vz06C0$3oZ8^lQix_sV3QhFQtVL1neqLJ&v<0D&AFuCd+P#c&5AJ_g>rg2YpY}6 zy*=L=65fUxd_YVlVWrui(P8~PZbAtr^1!R+FM(kr)20@b&<|LPo5bhJV#!&$zU&N_ zka}tUEyY$wki$KD z@=3IPo_^v65D~ zj+q!`ytsWY@0obCAr4vgv=4~4V4E6lUVt!p(;{$A3wEgR0;TIiM~2TXy?3SLVaBT^ zam)=+emh_frTF`W#b0d6#yJDmQ~0OYM*Mbfg^@3WvcDbhUE5zz`dep25yE@vExbi= zPq}3!c=m=*r~li3Z~!)z#;C=vvwUV5S8|-tH$!ClX=qm`Zu0a&S_-j8&SmyxV?iWo z6|TgsGxTr`cs0L3eAM~~XX{N--g7x|EPVaMPqh+PaF(t}1KB?jeR1BZS;WT9a>7<} zc-itD%6x{fHO1>!0^toDRu8_Fb?nIFh#Zl-eDK1@%};M3S6f1+CRd4jPc1g+DJB?d zs3H3wxT{51bjs;T&otNNYVB~EzxihnMEoDVe*D$SpKn$Rq&Qsneko`ZEwD4fLohV47@c5@$R;)=`q~16 z&S}#|Rh3H2wEh|XDSH1U&nLC!?{0#3rnk^g+ICM!8xewmoMGNGx0TL| zag{d=Jnyj4F_~U(V`-sOyJg7NeBN)pH@)~X-7MK{xck%pxovA5Fyni8%daP5b4lGi z_RZvw$q*HPqww$&`gtuSkAg zEj$=zLfZ{+vjLoePJUhXX4Y1Cm0>+&d?x!cpHZ7_T0nERDXw#0!o0A{6I3XNKVtbx zb-gS3s0+efs@H&Pkvx!=W^#~CNoDx&!yT){)bKn%sZ_NbFZ#~qT6=14My#{y<9c3R;IA#4xmhrVV74nw(eHV zU=HM&WL70rgwu^+TghQMs30c(Jtzt2o3zicxWtz1aJA;3FTBVwB~N-j(c9XS@PBLJ z*El2#L846~o}#9u9r!iT|FaFi%Rc^sw^fnnNl*d%hP&51=T9?COc1_+Vn2*)Ov@7O zJUAW*e6KgkcJzepb?mN~VgWo)zcS9cy(fBk}$MP~j6hC*P8 zWD`W16MW;hSAR>_5yoyrqq|0EjTa001;K z!^qg(6+z_!fnfgFoqvia04?PB9!1;YbQu#FkJ2aQG|$=enRz^;TUeww zMPErP=9V?mYaH9HMyD#_tky$S?QzdRG&5fKrg8M+Uew0{*o~1UK!b+7-8scPo-Z~g z{!kO^ZV6i(Q0a4xdA(yT@M!_kqzLo=WSC&GlXj;LqCm*PlQJ zCXo9*Y2+m?)Om%zx!L4r%YR*}$7KI)&r|2-FHKY5s^op^ro>S9)av8sDlgWYrjr|8 zeCNnJaB1b1%M-aKrNh8Lliyn8aqqtX(R=^DZPTriWmj0}OkXi|Ay=nIKGuFL2t222 zKyJi3p#JhzW7b1>xAa$`h_Gn-!)`mt@*V`b^%@rs{ISL3Y*Xz7V8JdfE&@N5j+yo& z9i9|qfBFVU^M-ZFtrfTsR#lStj1|Rr?39pteL#kf12KhpF z62j=6K7~{-5a5EhV;6EZ%<-ZUPMr*gvnoaju}UQi3k%oJJYtqPhwWeDY#R(ei&EnW zSIi-W{9@`caGh@*$`pcR?WteH3uj=F$(sp01&t$fOOFR;I8K}?g_uFxbwiY)PTzmL z72#^N7os}(+)kCEXA-8t)~`};0#Dstj~$$u**0-pO2jI6em!YVHYIP26~B4oz_c^M zRpb+}Pxe;XO};MGYS1f{cYn*FV{wnjia_!*C8D{X;mvT>ofLWm2n13KNOhFskCCD0 ziK=vx8Cj!h(mcJ_UXApbjFr*ZFkd=|PA)g4i)MVQs=~v*p8^jrGr|=(X508G&%fUR zbFU_;5SA`2_@EPQW`@sU{qyE?Mo(O}hSk+SIu8KBXw80mmlw!E$|6Y?_R&Tke$RIif54 zn*nk#lmBPUY6fP0A!WG8Txj%XQ1@co5$k)cI`w{Z*KV;nf#2Vf!zlc$Dqjdt(W!pB zoORAJ-v4#P7;MOeLQZ$jaB@ZF$_ADEW2>zCR1#%5iC6j>A zaOLT=-Ytz5`)KAY_6oA5FED?fr2GvgpTt5c;(Lm=Q@{N4~*X5~X&QUb+@aIzp?^=sx>tqKF?g61htUQvX;!9j-3-?99S=#UwIsf;7V_JB11`&fj#diyLy1Gi*%q(rf}8U(v%U>TCEMo zh3EKEbDW}iHxsqI5<2uQjIcd9*Qz4)6aQ0j-5^!5nwK7cD zd&V&-(fJ-+tcFwBCob+JL1*P=xy?>ed3culg6}wbl~`RCMv555Kf)ZDDC~-beIv~d zIH9fHdfUN42!4Jr0|f~hqqs~}%P?#yFrvEE>vi~76c*}DrN#AhO5D1p8}Chm6#XUs zPi1syxGV)1@AQ!6=C?;MmGl%8C|3wLInz(ph$6?1JNslWg2qk%ojJ%u=p6yUDn)y+ zYbww1M;;~%)g!3xRS7gxoJ5}eytJ}!WCRw03BE|o4aTQ7MieU-CZX{V%^wres&=CL z$XdW{z_#WWP}z{|(6RPcnuo4c4fPM&i?K#dns-|@ZrIJ$rgd#>)6T`Ph(q(D+n>b; zoIRF7$d;Ex91LFv*N;}3*5c*f{ zB_srdgoFg#6hbvf33T6U08zTEn)wJ(By8p+Qe$Idaz;kf=H}-AzHfUGYCM1_O}M`g zT%%M_S7C1D<)y1O`3u|}ErdibuVlsk1UAbMIj-eoIp=j%iLZ8@+EOK|BfE#Bq$mkL zwq+{@f^^Rk$qzE`jcd2o0|I*Yqp>tqM!!yj+O9H2F#5 zj2)ZfRloL+Oo>~Xb7W0wORGWuuuXlgnY z)tl=>(kszYQ^3qD(I!$v@RnJnj7!_=)tb>*pBg_L#UA?iffUswMHdPv*yRa8<7n7! z?kP;hj#}rIYU+5lt$S`p)!DltHK$&(?srWiTv*pcQvCRuw6phKEf=@bY#-~_nGad+ z+VlqT;|*og%|jAmB7}*@I6FH>L`U<%GC1<{va=na z$t9~KZh8C#=@SqGc+f!qxk!0Chf#)x3O{^R%U1kz1u3a823l?z5?N!bwcbu_ymVxH z2)2hzl^^YKCh37di@d=V_?uCtCiXBIgAs^4J2|b_-nq=hc_Zq`%jfo?*fKQ^V(bPG zm>E=X)<9y0w=V|_j5_?J{!ly}flP9?DKJVjtynJtRiY0kECl>yTdbRJQmEv={IT9L z=4j6<{Vdh2#)`GA9byle4>b&h-pvw);RQy2< zEn`x^YO6zvC}_5?stocEUOHKqY!EU$5pErd9eVy%8W9z{sG)=vz$QKADfGF}Lncy| zHD5L=V>ijj3*U7XzCkkK&B^OSR9JCTl+$nG8nW%WlNki zVEy{DV@ey*@opyZry@&Wy&WWK#yYRK@yG@F$u#O#R`6klIx(tS1++Q$Q$`YwO6X!R z8bO8W+843P@lGXeyQRLajzGJ}FK)G_-b*5Y?apaNc8w~hX~t-ZG#oc=XvThz@u);8 z$f?-97qOy8Tx^MH@=N_$HQtHB&Q+S6u`Y<0DSmiy7y^4SdMK^LnNTlpdyx>pxZ?4l z5?0p@id5`0gLTbD?LNFMwyP8!cV>S{sREu)AhYXwnI`Fp3|T^XnzrJg-{`*y*ptd1 zzBff|bK0DCi*A|^QoDzeSz%xMmMdjeYZ9=i>q7Gf?qk2uuN~$w!1iL7a%Ib(eNpi~ zd3B2yk~Wm<#j%@A`>;GwbEl1ZDC)dXedOZi#sjJfVoGoMW(pEtl-kr&QGp)6t6aGS z+j|6gUXp^Lkr7@?HvmS%BIEo3ZTw0X10`4~RI7-txG1|Y>@ZyYL?U-iiJaX$bE?sL zt;9R*`e$pEizX7&s@etHQ&@M^se`e=L$?|H8+MJ4p3s_!)jGvsoD-wDs9t_2cEvm6 zq6O-|Q2QXv!*nGsCp71$d&t&dTJDEx`dkdV@xkfS`IJ!Ku}X|?(+`ubYJv(uVBzxM zL75C}(Mjr;-mT)yD;_usDD;F+Wfc|{K!c)ybh2BnvL_lJ;8=ifC7Z;F-ikYDx2a-+ z?brcF2&`bvfL=evm#bvqU%~dwFI%>G=0AU3obT7ONei(&T8*09H?>*IgjBpD%JrJv zu3KbUQZzS$NFFU(Wb1J%Vd}2$|vISW811C=ONoK1<>LiLW7VlIIKQi-9IX+tK)J6F4(=-I?=UZ zE2RxDD`S=GA7EJPa#46&=VM}YH>o|OqAnOK-I-WUjdehySrCAA1iE5jw@~R#EgLI8 zmnjSKcdggy%eXeSvxC{H&ED?b+{gY1ZLkxoYOg+5{LtP`c?eVKpyzv=H|g<$|IDZ^ z_xz?L2CqRE3xUB@_Nw;xAHi{@V|8*2x{T+l0@d;z(`8V_*rShqRPtbwSH86mih2Jg|#a_80p2&`nvS} zyOE-T&-~3=0jp`2p{Yje&|mmf%0KK`PR+wETbOn@FvT^eJ>Z@Zkc*TaHYiv2L_G|j=E7=7Re62m{q0FtMZ?IfTdN3>Xq6&<4;m?QFxqgd zy?$?1px-M6`vUt>wYjy0%vel19T6G%hR{C6XF}pd6votR_IVv{)baiNEns_2g$Zxa z2)|Q%tSol&d?UG|UK|DHf0KnJUKUg^=T*Fbz=i|$Rw)|{f;NtgsTG%$P^^w=;u0Q+ z0uLg_;+FD`>z1ak+#suImuvALOd)JOeSwB$7zh2gaQ$K6Ft>gh7Vp7=PQ^%XA|1X_ zDED%s8Wzncn{y)3?mlg=OTXGlFYr$7P!jecYNVq72yD5GV|)i<{DD>i2nQLGlbr3q z*eWdf1P3NI-jWXORG2_bg-!*N=0Pi)9ztg(OBmm&F#eTGC6X$aPeo$J!f2jXtNW~i zjjwLEqwLmh?&YWtw7T-jPha@k5B0VkWCnn5*X0v~-xT(#SRu~0a;dL%uISM_DeT+3 zm$$AKyvdAye(gx5mIw^r4`qjLMh2bwn6_hZ93OGZEfmp1{!B62nY0+jz9X$J-gX36 z;gD{26F0S3CB}o}2Q5M{*k`1$iP=w(8e3W2ILkAeL`~R6%AL5~){>Q`TB_`V%eFlz z>*S)j%N5`PRljAE{MpuZ;oBqDIv_CicP0HSByW?NMY-;aolzSo^DY)^0g{CqXN}BD zJk3#M=O!nMQ-=4JLyoLilR2ZYulbDAZC{&Zt$b@RGePElrd3%JqsHsgsUV*2)cV|M zgrq-$iba-7RW8wuG7w>xt053$4%Hk)YVy-odzHhH>`bsvDfVSF%VRMk%>)P69{Ph? zSS;DjOlfVAG`t9#8n?7i8SrW$!O)cOXLlb($J47Sppty|Ww#Njl1$gDM&v9&t`7vw zh*Sm2r%%lTesyNk?w(Hd_Z0$P7j+LwFN)5hZ~`hSd;Lt(pEy>%L*v5wwz4>-h3y-+ z%9SA@{vDV$<|Wi?NzdC_j2&0}g}i);!|l||BRw4M74k~4pI{_AuA+%R6MILiUcH-3 zni(zK*tg&OwLtwqEb6rEaOzY{qi{~NK%5CyjdA4zv;jrDt@OUj04LJNz#?E3n@fFfzyU18wkEYA)r>g_acQNLx$@eX;?| z?OmyNmq=n9T*Y+8yNS|0k(c||_&}RyP{66V>|7?-u!f3qQEOUXd?Iu0#7<4J3rU0) zk9=LXlEDVi&w~7Te9C>1V$_Tm1|u5&hgf@|E^$C^WmnR7KA+}?ywb#HNz-0Pr%K#_ zjB88QhNnAy;jTuA`-EIGb;hr^T6FIYp0g8zvmK5uz0S_g!myIg94)p8f7`znr}46B zYi)^i$`Ok#)}uuPK@&0S-DBgVO=^O@xSFMcC@n?|r4DN~OK|KYwEA8N3NEldD3+A7 ziL8Gv#`37>(t0OnV35gnq?|}+*I3d*3k-K(HHB1i0kZfc9&Y(&^qZ=VeAqW_-dCZ$ zQ-?~*VWJ6iv1<(t{K2kOz@r*dcq|L{0Cws)IH#YMf9*;PRHYC_5$*$ z|3+NTXPh6tcojxSo&M*KiQ(>=Gr6@c#Jpb|M|73ap(CcE|W`TNu-Iq|u?1yK6cj5KcdKxSrapGEtRnh5fP%~+p6y53!D@!Q*$40BOl=qW;~p`bHyHqm&}f_$l5 zFQ++i=eCuI*jUou9$sGFgv`vSm>8TQGkSbJtriyk@Q__AEpz$%$X$}t*IXv(azYv& z!72t>cizQO|j#m}qYM3UC{& zh%z;OQOeSoJ)nagjfreulUy0YisUc(@B`%#S0rz zbZ`cURyuQCy@QyaCxpXgDpO#@kddoZ2PuttkquNVF6g6SV`)hqEn4NLk+cmK7nhz{g9wbRy#d_FEhbnhbRb3Hv5 z(eM;k{yc$ACJ7kf&xV=Lfq_FF-!1+JxM*dWxlNCSaPKt#D-uOiqy^qx&RSINal9A zhN0H`GKI3Z{@4q8t#It!L@Z|N0_|38L0#Fi;~gE1U;jWbViCHz#^D#fl!NNBq8`*O zBrGFboOZ9K_IFivRjY%fCG`rJq5Z)I4z>@R{L2$SaHjRsHy{DF9wpu&b7%OU?^a&cPF+toMp;&&OL_6Ga zcEVtfMv?APfi}VjvPQy>6wQ~b(Gg;9IJG&n5u5`xo*d?Ot5KE3*h;3i3^QpwQUkev zmR3KwW;qD^5`f!r#6Pxn`!4!ML`|k~oD4O2(s0LmkwMCb4GuBWq82(>Y#Fw64eTU} zd7IgJ0u7bRn~_$`=Cccs%Eo=Z3%KO=^LMqB)vWT&wfNvHj%IiomQi!uVegr3W2R#9{l{uj*bOOd`tE`lT#g>Hf9=0fdlno6!zR$kN`|K5?Q92su8yj7f=d3*g7T9w zWfwO@_OIOHM}D24_P^KmZiV9eDoWTp%Iyp=J<6MPz`&$ghkdExzkJ162XrX1+C|+<y zUO7t=b=YDRos-DdRy(T%2@s1IAq_6m|A@v{P*kJ}Mci)z=apZ0i_-@4Uxdal4rtxT z9NKE~L}ERIE_!x8Q}hK+5M$w#foO2!L5%`)%kFI}z#J^_Lrmu<856$f6-_RGg=$cW zOl2jJT*(=F_cyw5SaAtow%o5McLC0DT^C`o_ZdrC&$Bz)`{viOXBBJ{NwHfnLV**|wm<;Gw3 zmaKd5`+M_@x%Pc+qI2CzC^v=7ypX6!S54= zjFu^D9+PwFnv`5#E%TZQk9|?4L-N-PyzpLE4U_Cd+R6ESkC~=(wJA@HJRUL9j$1TY z%nZjT~z@>zs!a@X@ z(-xnrlvQmH@+e210??c;N?wf(GlygF*8;9a_#~Q#gNF$g_-{SEEs5e@49Uh(Nx{Me z)}VzA0IQ(&wt0TViy&2SHlV@!XJf!%187q^0n755e(imj4Me zK{ee@PLs_v6h{M}6HQUlxMo*8;Ip%-!bz*{dzjqW3iA5`+T!+IT8+3FVxo7$m9qGm zj4yNNu9~fKh>%Q@V}e_i#*8ub!-?@Mn@)#hG;V4&qh-U|graVd74hkIQw@5!szalG zthDmYkZA}ZC=QU0Q!tO`wvY?)~7cQOSR zgVT$3UNR+j*28klfdkw{IT5}1rCLCySALpMEiRF_OhU&NR?4yWgDcG^A*7B#DHOK1 z*4!A`35csWx`^aL+n(#(I_50@!AYmfv*>5|PuN3&$(G*-^o@|RQ|yiIlX^}R4{p}z zukM`{I>YD1N=0ydv^JD$`7Nao{daQJ-@Ow8pQI8kmp`zK6BZO`V08n%PxsE}SN=~A z3hIQ8wi~)H8hbd9*1xpHUJUg2zY-9bPp_FfP)^ydtE-El!vbsNm*{2s082+*4YjQgs;AwS!0aXD+`Dx&N^xj*R*)@^{)&po%el}!}qiS zM|9_$*;SL$O)s!pLLFF!RbVU6kxp)3aQ$=>)^K9hmHClW6aJ9h8CxOe#Ij?Bf(#Yi zz+5rtwzzZ4eZ|J958^38)A(0M+dLK%)6+dx;^_`xb70GobF&$DH{!SjL<}Yk5R_?- zX?Z41eUc6G`PRBHPU}6>;z8I)(%;!h1hsoJJBg=#_Q0)ktWlVQx_i9jj;FFI{D*nvT%*c=5xOw}Izbn#9?n5j=)9;TVf=Z-^u^!r=as6;m z*~M+Mq1>7HGFu;P)d>K9BprP{Pp)OYA|(oAm%m1-I*NNnS|{CD4`E1hvWR_&bzUYF z+wwc7Aso_KIX0g~bHaW~f4li25Siag94?cj+f5kuie;GH|8v zvitYoUJ7DLt&!6WpFC@)zccEaJVdV&R@+eMtLBbf!!X#!#KZ6zEWSsXCT{_E8QNe7LVtk{Ndwau*QOXz?wtvgqxw_d=@cVv!&hRi=TJmpW2(8vGkZl-fR>pKIzZT@y38(-_Imrr)!*p+)>x z|BJB6IR6@$n1zV94<^f9`)^Q#2&E!1XVywQ+%qE-YuHF-Hj|9>k|PX^S{_(vgqOJn zEM!t}_8T=nOu|6l8W3!3f+v195$~(+(!n(UkEyqSin9COKmlo_Q(C&arKF^!yA_mD zx?8%tluqeJU}z8!kZ$Q5LK+;Jd-#6;d)HmdwH!vAdEfJ%v-f_UXNS5FJ}Y#vkLf-w zcP&%K_T={MS2Zsmte&ww|m z0d;IKLMG8}RPd;TyS!_tNuznKWgW!|hU?^oB4FW_o__J-c1`?>m#}$>;WDH!*&c%6 z6r{iUFh~Y#tl$YTY88Qo`daa`9_B<6kvjwim;@ES}XaWs8WhN(cXw;|>{o+Dfu~T9r=x*4~<9d&0j@cS&gSCX3IczuiK| zy7W8H^OYF>WTlOyc6gyp602a$9}9&KtE611N#_OPB4-)-tDsc?QN=dI{agksd|wD1 zu@Fs}y_Vp&k~W3#T9YDq!4We>&1N3kok@`>w%4&n%Ev)c_7Ja-DH`KEp{A|7itG{n zBBBj1EGgx~#cIQigtO(ellu;q4d1~{Vd24TGZS3or}LjJFRY@$PDXkp%bGQ1gt7fn zjS>sIPgi*BBfjaqzoNZ@&Uo1HFI+@iOl-N3Z2*cxj{rD3#17%wM52#J-SKpSmFNlz z2O2_-CoQ-tu0`gjheRtk-zX+uXkQ@{kcbhgBcU%)kbWF)^Pp5vg-PwSOuZjPM>20K z^QMb=mbc@jcQ}j}&`_SY=po1mk}fpK3javmy3S%#u5 z8M<7$CWQQH1db6gF|uIPO+X}yuGJ>LT614G!~W@(CqI?8y40W$4%=3|p_sPBsb|$W zhrwq`;m-o6%>w^g&CHo9Yz|AoSzkp}jq-+jb;0mlNe!8!Lj>`G7NxAEL zJ3M-LNq!7S@ci_N?TJFk&gKY|jW`U=&!Dunm*=WWGF(Y4$x!TGzT#*;vcj}%$#~Q! z`ca5+@^FJcnKtqUfRq+28y8`WyZiAax@DpIx@JctCZr|$mX8pevT6_2!I zQRp|zSnAMQ&%D}CyxQf&QRoRS+I%qAxtsaulnu-a->YA=xH@&>#c!FE$}=)79{yS0 z3`}?}LS)2|RywQ9WLr~yYWxc}E#I}*@Jf`#didn!_5Hh(D&yill)LslQ97*vX`8%X zj)w0@22Z-VBUSnrpCB(9SOvu3AeZu(Z^Oxs8eQ9O_M~36Xjp%u7@1nD(qkPChEQb( zv$k7Z`YS6xU$PT~qXyYU4eNUJ-1~4C?4hZPaH06*%Ti>6x8W@6L`Mvt*X;g0e7lUc zC@Sh|@?2gu$-HEh(rApNL)&te@uIr()}Tbx_0T*|!n3>iO5i1f_Dr`+Bgc^+s{^^j znUypA#@oh*#Ya4c89TVlXyRIl*z?k8iM6LvN+VJ1Py$P+q6}Bb=DmiUp52!3oo3hd zBEA|5cd7&;CVu)h6-p47Aoi&AV18iZ4UUjr3ojd8C|Y zh6?QOPn@iJUd3pOk!A$UdkB92FA0g6J2^~7ZJTsi>K%XW_0E_y=hes8##Q8N6EcRS zEG(R;1xa;9Gg;ar0Za0dV;u2l#3Z{!?;bo0MS0cxhP$+@x!>;#$SKF%IQ(p`8Vya& zMqbUyNT@w@zxq-2xHy#%^WL;=-;L>bYV(w2Q%;0KkDSZ6%L5ZrC3nV=MO0x#X?rmD zWl(Z_2~F5g`RgyKDx5jQ{91FdagStrA1o}W>FN8DpY>D^5*wN*CwSAkrrMNt3Vm^C zF_L3XF+05z!O)=#_$^V({DJoym3!rpW`bUmR3&ZVGLbPv6pzyXGDqFz5?ye0^sW5E z7UoqPIqHc}DMS+8T#pd3&^6XYXHR~eCf2Yb@hucjZ)!k8H+*b z`dQ>Ev{^$BigGax>W$B^MtCcfY#%Ux_?^lk8NT1p& z@<24Yd2XCqY?JXY{rsovl%qOB>fujql?b_M;gNfgkmm5he<9!)S0Lsq(bGUIgk@3` zWq=0h;PHOlVW4OI-`)M#HoR!9*J-?Guurt8Y6Dyu?tvpR#wfUY?eQ-x6Hk!`1Lz{D{yAcFxh%*@RFfo0*S zS*&+CBG_59e4eUj2J(&zq6wLdv*m>z5I?oXSLI93OOJjv?zh*RE1Xfnb5|LbFd4a$ z(L$sMg@&~xUG~nxS=6o|htS^*1QzthlHgKKju&DZ2r<@I>qnea944L{n9BFiPm17J zhrD7*sfyLsu|XSl7;bti2?9v-Ht%+PoI!lE54hvpex;f1T5l8Ur8rDk^toLt5)75K znIg3)zUCPE7CWaP8|DVmH|-z>Sj?Tj#^7IIznx9k-Q6V*E0Cwtc%yh#YlIZ_sNyW{ zu@XW$1|}9$Q*m>1hjs;`6Bk5mUWjW+32Db_be^~5M^%1jF-WE!7saUJkRrC?m{4ME zn`#Ux4=AnWB;>G>{*Hj|hZSPi#%<&M-H{WFT;b=^wc3nNYAxjKD+*%(%Je07WB1OxDnl~`9gl_XC zr3_88{loIltrfHmwNiL5B| z=Z*WWLe5IWql^i9%S*{SILp6<^Af81SQC_@%F*ldx3Zr3al|o?_&(HE^~ds=?zJ;* zb3i1OUcO%sc#Fn2WeNE+JN&mob#9Uz{l|dOpx^VpU(WnaWZmiD24i7Zl3 zBkWe)g~;U|$Oqu@(l@WD@mwW(x@AQcb{q(<{(jtCb^tdsKBXxs#}ZA$E;BUMH9V?h z7RtIN&z(B$m8-NiaUbJ1$1?HeeYOb3*CTrosa|58ELNe`pNx!>f9w+A)e@*fM0gYr zyyVSw@eI}s&Zl{Mq)~jtsX!WJbf1=|FkOHoRF0`ofktH-PhOgQPfU{&$=^?f%fm^y zJyuI>r7Zt*ja#J$xm7!nx5|fOFC7y)=FXwW-w&GM4A_p-%zb;&RMSaJX!3{$Z}u`Z zoGOQu>Lck;bzDUm^I7nIOn8R4IKg!KN6Wc)4&Cn8mqpj%*Hc%`sth25&Nag?a_thd zBqM^5I&c*8Xofb1k^)_b{Otx&o5B+sx(xMw0`?YI8-W#*WmIbzuMrjBoL$Gb`^VSI>|Ekq>J6G=dOtciVTu{@ix`^ct z>b4pFrARTs2i18>RHg1z8*|+fLC8%A6mNOBBGuv32$Lxfw+WW zY8!Z1AX05<=UMAASpgAGrlATXlxzU(Q{~B#>oI%+8-Wjv!mNVvI>9L19zvex&;&cz zz6YgJ+346~+LladQL=6p7E&R~Vo3%1*j{YC;fmfGQ-WG5LHP)K`g`O!eC<59Hiuje zK^cWpCwlhf`Dssu-L}oiM$sL^I-mU=iL8u<93ix+%GVm{HGVnUi?j!Je1;f+=krDEO07_=N)A*n6i^OgZ!!nZef1y1kV{KYiZ3Wk{n&1cZFzse}K+YTpxz@JcAvSSmpHt%J8oGPE!m5e$Z`bU8psoGVN zviQ!0EE5gAr4YoKn>04zwjQSvvM{?mOgWao7L9A)5_qOk*p}=`qG8m(#_2c>5}d|{ zlN&OTKsJ3@E0f?t0$FH?Mr(egZX!V=L60N``6QA$W5(%8n~mUebfM+*yl27jB7gKMzI;w*04rRz<*6Vm`BxTT$+Ey6))Y!(G6p zh9XCoR*o24*epVkP{Ts8&P*vJEO+Hs%XSiqbwoP|Lhv;&Uh<=ak&(_KDhv~T;o|ZG8ZFw z@tI7<$bTycA3JUM!=Hj4>!rvSXwu3x2itN?xY~QQUPR2#ll?i7MFiyfv000O%D2M zmPggi&`yVBRiyWB`=K%MPtuuWU};b=uR2X*!0ATB!q*1j_OvzvKL+@FwS!?b&_Pap zZBv8B1HFXxfFAo1jE+v-a;*F%towJPkHFQjX>zF+eQHv{O%WN6qU3jFEhv(H)}vB2 z(MlpBxQ3|oPG@KJ}wCxkqDwyS-LS; z0wjAqgep8Vohn>!Pt*i?KTr(CkU;-tPH{L`i6Oh>9F*l7v=^8;mLzIbYAr0GM=R}9 zxv)87W59Oz@DvCq@?Z+bK{^D*UQm~jHH9;ck(|tFn+UqRv=v{vgI`8yfu9-~OonfD zN?_lN$HLI3nl%nqQn*I-BC3O>8$9LHGvlTSqdipx z7BZ(>**{mC^l|Nk9qQPfK%)+y>qvNQK>ERK)|U@fp5;fmZzbjI6KMV`7SW|ax$`j! z)oMpYmuqg+{@zPb(PijH>@le5ET-ISrn69f-v(lhx#@cg%X;*W^hrQDKyTj8p|Yp9 z$u0lQ`UQ#A*w^N5!;oPegaf-TpE}l?y@-ob;Y`if6vfX;itQl+PK+}kq#RSLiij!Z zf|O+N7E~~LCt^sgZ_J8R7b% z^#lW2rrdjcboz^Z8_v{qNSXQj_YHVWd9m&*MjX072g643^PdUm2+Q3GU8?pqYr5C+ zVK=v?g@&saWvXQ-*ybt)NGlr6(AQ6OI&SnPP3|#Jf4)l4d-f0^GjG?T6hJrAcM#%J z>PQKaZ}h2CR>+KbE81EizR_g#F5X|NR;@{5ZlF#r2+{iMN7z5|y8Bz_&{sxyfm3*w z%sQ(!$dx7Y6+yC1AZY7-Vi$=R3JO8n$qU!@va!l}D>sGkSZas0-W=Xc%n)5?-DjG* z&spY?@z@ql3_goA@){4@B~}v#oLu|hBB3R^1{vyBcD1McE^3%yO{E!CF!>`uveOQ zz4`?`2f=q_?w9hF@nA=ciA&78RlyWsEa@NkNN2`$@3W3-d&#rV{exLUG9j8fHUf(KVX-Rob=i$v>bNV!v zN!@e1Z@h+pw6kB^iOIZx+o_CK`z(5^bi7nc;hk1;mIe|9KMB+DR$;K0q7y06hencf zOVm_yR`$pXPi^^$6s8|^VylffcKMow5CgK;Zao`;As-aRq*jF~bQ2Xr8`P(2zwZQW z(I@`;g0*{qij0Jb$GyexUYLo=-{iRxL8l;p8}2Pr*oLoS^T{Ez9&|AEtXEiUydCY) zAD$5(Oet%Q%u@NP%4qi*lXRa{kvaUCkiuYMRn$dm%L3K3cShFzxz{jNBe<8o*3q^z zslwQTm!w9aDc z9ZBshn9VF!Gm+$<#%2#g!u+9FDb*SX0-uWlBzuOW{wx(yGrI1Zs?ND=-5>dgBbQGH zQq9dFiXv&T7biKN4?b-5cP__0wz(6Hdf5^lDX>ZyR*LD^zU;&1%Zc)qzP|Rv)hS9( z%X+BcDbWjwaTLY>&1Id04btB6j(5%n)ZITIFo zc9)~DmdDMIOl@m9REJg}Kra3oamz$r?;M~QW6;rau)f%IuyvRZ=(YpRt9Euy*GXMH zHk!(gDtP1N8$&9brd$qQEJt}}>vPrNMCScwv6N-8Vv*$tcIIHEje9%)xs8k&2mq+z ztH**y3V1lF8!Sawn1n{BLJopseWq1RMujX+6Qjt){sP530+DiTcWkAt5JMq) z$=Anm#Q58uOd_laqrY-#HM)25E8WbS%0Cp=7)a9`BJHealKW_`qx+fik!!fGYLpOk zG8nV&ioZFZDm?fY*0%T4>dJeZP-k0`SBpE+Ec^45!t=@l2Ep#uppe=ebD70F!rG2P zbgkdVQ!GM|F)~TAj_&y3~o0 zsBuY`Z-^uJvn-6zKu_8sS10f2c@W3VwW9#gk`!Q;q7&5e z<+^JeH^iaxt;YKo)x9`_kY|v$ESWTcM%PRlu=ha%wg`C9GRWn*6dVg^#hJzD)Vl(D zb`uHmQCq_Cbncberh*;XPAstK-5xgAb7?^pS~0)RQg%)9_&B8sgkO7cd)AzJk|E?S zR1=O3hBgGp5%! zr0l2bvzzQ;^}#Ki)A*E(fSENJTeV+*A!y7d+Wx3kQK}P=fJJ^3J3P2iFf5Gr!`cG+ z?XfWZIz2u86FrR_!Y5>m&zohoM%*#6mkvL%T>=bsF^%fr&M-B;yA?==Vdbi2`FfEz zB`dCwLFS!RBhXP2!nNt(jP0Tq{UcM(bFcz?a4%7{8(CZDI!KR~%J4jdY(tKYeMXsk zXgx6tm)N=fZ3qN4AC>*7;=7J+uO}ACm1% zf1Cx#A7rMSX_a`F+3dA0yJ-9&y(H_1*ySYpgJpgGSd4GzTFGeQWIIyXNb}-{&DJ#&kO?)6W7Lk`yg@GnwN%(4 zE_RfuvMIv55-d~9BkF_bEF;X~)s+G#YVs;f{h?~NGj?vRiQb<-eX1zkaI3i{#mC35 zyENtTvv6nM>~p0*j(|v9eiC_>sV%R^H5NHKmCyTc{2Nvtju6F-Z%XLpG%=FN1>g11pQv|3|HGwsle1sB2=X@#}teTt0w?+Z^Qp-I|eIF!&4d=>42 zuCRXhgMFuyK=a9VLv8ahENfI~yRlMk*N~zueo?vkuV06tJ|rPK+b&xA`_v0QOZp|2 zmHkZ7JpSbC!heQw1NaW6`{YAYKQXED66x&VXVG-!k>60VlqDg}Ch(LuO1_~H!cD*% z38LS50-6f|n)N)BVkC(pObN&u#p_{g*W&*=&~K<8zBjCffmQti=Tkx*LV)mK8Y-du z&Q9^i?L4&a9T9|T!C`^{kZ z71d6*cgC!q8gs)}ohCbHDWn)8(t(85gH;JbHoi3oJABNkhC$cDF8QQBW6*s3buF#5 zS#dN|dE4hP$*8W6$^9-h@qZk$2mY5YDYxB7oG+p_q>zh&%1Oc5PVgZ@-7Jg+-T@=# zCt?wL**=7vOFb%)uq$_U9Xg2RfhrqACnzluIFtPg?RrgFd@{qq?o!DvNu1S|?66*K zKYAJcRwcf$cFO(OB@|_tqK>VUg^SKG}dHez2V6OAk3!c zM6Nn#QQz5BRQnt$nGmtUW0rcg*xBhPU`LSaDa;wXc*&%b`;KRSp~R9t`A#5<3&pfx z_rC0W3VnXk>nZ(1?)kCFF{iX3ZV`#L^=Tf(U~hqk)$?iyd8BS&|M!E9)7^mli15iC zx#KtOpUO`%)DnBELq>SNLpIw$1DXuZrg>(2-) zGR`#gVrXJpxF}YpMESP?h-Jzw_Fz6MZiN|~`uAHZj?$Xfy)*VL*H~3e-=0sBW65#2 zT%zv!Xi8BgY7`b?(dmat`{s1-l&DzCd#RK|B!Ft-Y#7pU%Ei0P>qz_j7`xRi^?wIj z`K6RXT8&|K-Npyk2n6%MX4@Npf zs%Yf9iT`?P=@e_5mWIgCUWWJwx*mJ2l-Es3=?^$BddO7fT|5C-2Cl3r-zCMF2+Abj z<8Xv=DzZ~Xy-OG43ccguTC1!|4Z;fJi91vrq8jX|lBLXg5~SyFV;l(4K%w%o+5ej( zL&LlzWe`v}NUm&>6xJK887IxMM#Q$jnCQy&7m=scSoQo>Vy>cKQ!jn3Pway8sNLMH zQFLS^IvmFwp4p5ij%z<2q+cj&wC12Tm=_Ahh796+)6?4@)~Eo&%@Gtdp@uL2{V3SF zFkfde{r}$ngzz4`KD@C(Lqj9s{rLQc{c5cBRPlOo zhF#sOzW+WeumOug#O&}-<9xFt?G5bM-u>yT@Nrrf*w3EoY*DbtxgIWeCwi|8JN@pJ z{WlwhtF~vG>`nRXSI9wGxz%_sd?*$L=|5osyCo~pTi!8Ib8L`_Ibt{G8WkJczi8hX zLuTKG8-h;QGtAi;O=j2pa_ji^y}{ljvNg8}U4Q;^CC4glwzZVS~S_ zs_Fn}EmQMhn8@ex9;R1k5wUDNr+4nv-al5Pm?AY-WgN50`1V`y)OXdzEQ_a`jBEfc zYcNdxu8U4@1CcQ5KF|#w7MG{|w?<%LT9LnjF0O-#^y+mM3Jtb%Sm!$bHDQAvtcr` zCUO`yRYw_Y8+LozgTc90lx7k*yxp@qQSemIc^d*2KmfjWamG$O2iqHV#P0`2P07{1 z?^CNWd%aojebj=|d3T2K@pt+=_jzrbG)~k00QhG#ek*3*Zp!vz6U4`?-@=!Z!reW% zG`hQZUANV|6f@CwFK$HMb=CSs$yvs9`Bm$cysw?MgR*Wf9SaLfu2-cN@fSb2&VtdA z$Ksm+qUuS)lxf1oI#P_u^RTlA*Ey_h?*yLY-AIdl^Z|YT@{TEEPQh$iL4zz2SG7(* z-ziHlZPnvyJ?wOdwL17B+xh%qXDlZUv^reO0DB@e<|8y3gC6 zJ4b?QvB`cQmf{tc{fg+t!Q7ZrQ0MvRtJ6MWQ?rq8{PT^r#D4dey3r)u2(pm`gX;cI zdo9QRL0G5KAjG)U?cGe7_SN0_*hGW%RD6d&7-jlm>>t=@U&~U<1pMwiHq)Uw{^D!L z^oq${5BIl@YhCaark#|aIv@Uiw%O5~fJF-x?CUP@6qQ#^Ys|hl8kK4kHNgH<8NX7_ z6vE9AwC}GnZms#W!1J6;;5iaH0cuH=Em9fXSwa$nuPN*W%1v8hi%SK9MVXWsJ7Q5e zmg;H&R)DjE?4!c!%rdJ)D!xcL`oA`W`ipvzSUk+V>!NdmW&0ZUvhrrKq1MzJjW^;w zFOe5sN_R^-GZ9wQ^P9XD&-4h{bPX~Zbkt?n0G^$7w8IvhHAC|gDd?o(C# zn$GWP9p%&F56s0MpL@ZQjTgTqBcq;Y9}`@B_P&XA<>Sb=kjFcy#EFL}TtGuZgHg-q z&j|cy1X*Re)v^0CQo)dEzNp=S!se`)mCAY=TdhK3~r!Zg+ z;K6p`@#} z3;(SJ4be3qDe*a$8R2O>+daYfl(S~O)R?s_n+wbu>F>2C!D(L38(CTF0YqPwWti*M z;85L|nAF{i`t#8sc#m>-vQlqUH~-9wV5bORoRN_n2RB$JoaS}U2mju^B?nmU{1bw_Q z1ZzDGCZE7zkTOzPj%IQ@QP#1lzOtES!oLP7<9*-&B!HG5KC`vvZ`v*1r9z>Ms4oSPr~hJDMC67>#O)`r~iLHWW93#mN;Xr zxkXD)j}(SQAtfgl8W9do2OAT-+B?w}G(WoXrqLc{G4i_(Ez}emoQqd}ovU#20Ny>E z9xHZfq38*BrQK*P7wns&St!X!iq)fY7tjTFaNY<~<`em%AH(0KA`06#<5K{VGz1vLZ?7YKc)v5TEa^T%= z@|;qX!iy$Z&s`TZw_$oHJo$W=1<)Y#NB-?6A7II~|}Bl-dWMRdoL_K;<88&}ftQVK~)l z1@x3A7k&@1XZDE}_@1-0iQP#fJ~?`lDZf_A_{JxnRcW?n-;>o;Nx|a?5e~08!j9*Z(_muhp{qYn1DhdN1xk&hcTGxcrO(#XfTuA{?31at@=~Fc=5tP zh+N3)f~n)-#&+`Yeg$Te-Shl5t5rEQ4pBd^HwmB+6waXl_^n3 zKlVNDRT0+cJ+8J?o>2%j7s5)VdRR1g;OH0`&Hpr5_d9~KUNcC0 zdVAby4xDcPahXmMXe$Jk12gWak#WqHBSg;rPXijQTr}70E~t=fJL$m?a##y+e4au- z*ZAY}BB{jjQVV`>7`EW-HYh9wwutuK1gZ@Iyq+7z}27LxDNJWkgmEEMdpucNqo|G;ifm*hNlUx6*W z#NeZ2Y7I~tdbYNf5f-R0pczn=E%;xq&yHQa;Fy@XvZFm_y~y_LEG0>UGb7QB@Phw7ZHwz$8cDzf=;^^5P#&7aOVS!W!T z#EOf==0KcazbTkWHvs~Msnt^A!nYX$OyI7`vBLH;f!&ez@&aN>nDxm0<(z4sZ!{5l zp)I6p;@$!TF7VmypjN8Fpm7Kp&8;5oDY7DqDK~4hU!`O>XpmfnxW3h?5cj>wRZL;o zU?_j@W4(zs3UOQSL2~3x5I88Wo!A#xHH!&F1iqKlu4z$5@+pWsb9kB~^AwCLrm~^I z&DXpOVy0u6%w=I_9+Z&;zE)nuNJQjIu z=#4JKxRPIiCPBCE^6$bF-OK|B9!Z9LZ(+v+k%X+u&bl*b>M&st3(zVLZ#(5FrE$m! zrHa^17Amyda7f`2H|zW({~vT2=4A(2dumkbl_1Q6GgJJXTJe@L4kd+EH}*>GX(5YO z!Fk4Wh(>ou|4t$5F@AM@vff()qROEZ*6;VQX-!omF(~k^F8>X4HM{f?>hR#^mcOTvR}fmG5m6R|M*&`6 zTP_t2vbDbUPI=$mN-VuGBq8tra-qr`J%a+7v167Kgh^Uxx)cVBrvoB)53 zk*p3f#!s#`<1!Naq^+lWU$Y{W2gbgMCGQT!B!j!ls#vHr6om7KW{vmgcT0Y$qbmbX zgui!)ifxbIDEB?m^qwO@Lm15mmTe-vQq$9O#Xjuo(+kp}O@N{EFv&JTP(4f1=mu=J zg>$bd@D$K>TIoobv>r={<=$kv(5WF5H`vo*6Z`l7^=PF#)-PE}T4JEgV|lkNBM!4M z_*3+aTL(6kCymmpnURtb0-V`82q%^u?>)X=U4$-d*dIPY%v)Z+wr(~VR^yV~x6 z@KzNDyDJ7q?vf34X1I&p~BaSWCuB#Y^i9dOcKsd8K;TY z6ATg9)QU1Af+}NV(ANfW)LPpiC0s?iLn_5TCAp!Zi?MQu65T`hzU1Ni>bCI9ve58C zGX`zVG=hd*-zm}5C9UrpE4<~KPC@bVgizXRpM`|m7%i$3FQIOym=f*}z?PA4nMuMe zXs=T6S;fEH^Mz))=L4%H_Z|j<&f1S7q)UFchj0(0gBqbPIzGlwNl=2t;E_>4eohhq zyb%@fM$!>@^vdtL$OJy24hD$=7=E!oGt4D$d9+LhfF9wPwP5S^%tvp@zp1wD;69p` zoTBzjug|vMZqb4@1RiPNbaNnP%*6lRRWlXd`7W1R(S0@2|Wus|5uGPh3DUoBm{j@KiI@>~L!^Dby>~CW?q%N<$;@^!D!h z{F#j_cpk61@IKMk?gOX~ylnbPAMjM6iS$ay@@6{(T`!Z7qa3 z4Dl#QoHGe<=s#W0x)U!r7_k#IQew^IVS@)LC*HMQ3@SX$b%gY9_f1@3}7N@oC_81ietvjFkxJl%GcEp#-i z_vsLM6H0tH4j+GFDKeI;%!WZXDu5ztd~e;NU+^MV8a4^^glfI=z2Osa*$v?AxavV2 zgn*z&sE7_4c-Gp^aj1XzjlLAjBj5rTf)HocLZ*@8WZct& zXu#Z@Dk)m+oJUKu|J6s_6iyAgLRdyXsOS-ob*BJRs(#bk6R2N6zd@+XAH9+>diyg% zn`zwuLZl+)sZt(bI!N^U0AGdb6vh|=LBi#--`=0bO^%s3-7`SILi5wxv9=fj_ zo`WFj3_!vlA{lVm9ft=a2nA#H+dOK~wg4{hfi1gloKpxpA%cV54`42uD{U_T{niUWL$Ji-9sc0p;1g^E@i4c~m4hZG6JX*v z1>S&E(bQ#3w|YZLV>q^o0=$5&edTooA%#N)5#sx$A^CA)_q|zQKNbCSjZK*iCcF#pW%1X5 zUo46)pLQ1|AK9m{Bu+*l)6`i_fICS6!@6MKH0nBK+=611%KcDNrD-Xu@xP9@TQa{1 zB}1Xx@M&C0c%n_$MzFf;z~ynhL__}Tl6z=V`fTFlyBW+3Nr%1~3+W#pqS6raM961# zho2FMD2_|`?~wjlg%eTFVb$&{d9_XL5h%pad9r>HM?VolP43zC`1Os0SdJ#~&ZO{t z*g`@X=J!c=x*gqS|FM|c_+MEZ!6QT9tJs4#aJMazR)e-aB%#NKDw5M9ys!}}dAgt_ z`yVKPTpaHGDNRG7%Tqy@8IOtXkuqb9!bgWw)S9{#l6T+rScO4074lY{Q-&#}W3T<} zaZlKVGG49Av}7#?kHiZb5*T*j%p4(+PLrr@rNb4#>?_Dvrn3&J_6H2~FRKZzYiKYa zH7v#$MI0FZa>mVtN6U_QN)Z^3`tI#!ff!Guag|EF7+{YLDXm1-SoN!eN|E*9u?G!t zo>MEVAf&Lqe%ym=b1^Yqm!fFK{J6KBrR3jn)nPVT>JBeNA;cEP{7JP7;KXxj_em|qFB z>4NqqzxYL}K4N??tL5ky|E^=sd?ZTJjDhUpB591G;@K^VB_mZUu0%<2D7EiG`c5Tr z#cBtypgYGjkz(f_hwVDEQ`JOO7NG_ZgeSN6e{2;3R26k}L0wI(Vwvt*0^?p7 zdQGqA_eozln+I9QM}?ZDXtQ(qGb{%w%A@;`gZ6|rQk@X7z2>~lm{D4r{`6}=ggxRS$}m>jrYsHH>IP$ky3Eaa8dbDm z6J%;Qb!dgIiX>-?M%_t5VWVkg%Cy(%WI5oT#CDFCXV9Y)T`7+;zcz#3w>IK%m~fZyzAux zAx>@fb5m8T6{5}@wS(?E&BZ5j%f((IG0W^uA(M9%7h<_kbl!p2*i zE#bOA_yK5W%>sdF7tTD7SC#VVqqf8>5!;(Fs~IZGBhd2*xtL6x<`^=;e6>8Oe!mj{ zQ?|eQ3UNxbK7r>Z(Rr`S{g5Yq0${ldPf$6=qEitLpi{mxbo7b85^?*RzIi~;z>u#| zq}YF4@FuPw1iBGm0m)JpfLIaC~HyC6e7 z*TmMuPbCB@3?V*yZSa{EOmT6DJ9PZaH=QmOg#z^Yl{59bEIFF*89iH>(4N!J$)=Tz zdhAO27R1v;`Svda&zxfpL}BU z$d@9Sj}?;e_9AMW@Xx-rRn@!gi#~72|8e9;7_O1cQ&mw=#mOwHu!3m(lFy5iFG3{w z1Y3b-hUJ|hdedZIJL_=}!rg`V-t|oS8myvxi-Rz5vj;ix8!n>;;5&bDqBYLv%J8|o z3|~OX$lK!4*Y=rf@BLfiJ0U&_0<0Ei=*c~7mCV0fr}Eo7@`R45|1p?wk^mAGt7NgP zl=Go@?rN)`lBLaV(|z5sS2)%}_uV>(eeyhEDL8>oK7$p^UkP8X8hldW%!A~CR7M*o z8n`{2M&=LtwMsm(N>f!#6$z!DM;(~fAs>%If#=L)d(@tK*= z;h3~aaDaA4a^kD_=?Rw7y1Z_DlG1=e0tfdSOf9E<6Z;e5dVqtE{|wG*8Nv@Hm7Cv; z7Q~510?r-_?gS7qh?)3sshp;2ijVgT<17*iB}o9X{3_GpS%v-4emm=1hG3gGzkzZF~# z2EX*ggF5g0?gqasoBtjuvEt$%eK~&|_jd_rN!A3M4|yr!=&(?S_j#k`0dZA2@VbW^ zU2{WTRLUXB=++y9+alX6q%6f!zpZ|y-+T=%osheIgKn7+Ku+&B9VFLodm(mv@2AmFW2SVyn0${K-$1V&pbqT zms^`o7XZ3&1Tpxgcm}_1C|LMBaKf1k8kk12#iG~^f0*r0mlnI~8fS!VJxOPvRk0N8 zXjvT~Y!6XN@>g!ppJo?6QMrICK?)|4la*bMeRU*xywa{-|M4vWhY<;2`MbeNa{*dg z$y^Z>fP;*zI7%_ET-SqHCSwTS#>R%j*_Of`(8NI4{jD~8>hwt-djY!x!8nbu@C(2n z@KlDiOyn07I07;{5AcG`09C4&sJ#T^vWWn<_p?I3p3DEi=g=Kw^GwuRs`A;+J_pK9 zK<_%&jayGJnvmz2g**&sA16TP%LgF6-|`8K0SM)M@d-q{{Q!Jf+^v*pvjW8l8SvF_ zTAa4m9E57@SH+cc#3}F@lxxIP{v*Ju?sWhT+k}GXcd7vmK~h5l4^UcPUhsYlk2)+- zFBmV?WSoN9HIV@^@HJTKiB5li(VN|ZVvB*yAD}306WBv;qU$G3mCEPj%U(LL&U05S zfK3LDCmDC8NL+Kv9FVraspLd7jO!H2Ha6e=c!fmNg9}j8L^}S6^;b%SzpP1!P{u{NN=4b1 z>c+mXT>7aUh`+5#wL#yFL_{90UAG7c(@+p*7gbgilMqV{%}}4rE00uZf35=qb7wv) zu6&=h^E+lK%}FFS=Ha?0gXySOr^R|qo~xDas>uh$=E?_%YXwq7=LXvtHzjKQIQuv5 zUhDtp$7b3=K9V6Q2xkU3NJqd@PhA~Om*S%nb9}lu1%hBS|LL;(Dt}^{HY?DaB8fR; z1wQ{VJ6dY-__tuWet!Ma+wb8T>NxdQ5D5+nSfmXw?d53?I{y2suNgj_Vc!t}Z0ENQ zO`tnHoykgr#yX!SKwkB<9(Rzf)p8jAU>izhj{;L)%hMykE?h#Q?G)8L&KkzyvA}h@NykyMlE-e)gzj+O0Nf;Qb!~#+BMNSO4Fwel2v<;9Co|9nAlc8d)zmvTA^F0W{uUz-9vn z#FJ(D_;5ep;>`G@cL7${9Drka1qJR0zr9KN&Eq$5lt^&kG!I<8ifKX)0FXN$2!X|8 zM=elF_SfnrF(7||B&VpT=pFbNA-}t3>zDR3WrUPoyDvZIFr6hNB!DHsdLnT^dn_3c z9sypRljJ|<;_2Hzhk`pA05@y*2Q_GBb8VeZM5#er)(K6BB~j{JyoAu?e$-Y+P3^a| z5S?U6ITg*e_P84FjTm}|C%=P2dsx^T$H1pfeE9gZUUCGExf)%fOTn-_899$W>j=>k zzwO`{@gN!j4SrinyyD@!JUVTJtGjED(a2;`sv#0AIk~_D$~_b3Z)r3$pTX(3S9ab7 z^v3fO9Wemv`?-};*}B(z!!W582j74~a{%7W3|L>e{S61ClLA?6F`Oj;bT~ zV3|4uQVG})N;yd1z<~MhbZ&+-K)yMiti9GuyaO6c>{BWRf!8dEwc7suu`T9@f#<X6DG+CKHbGJ9rY}K%9YU3W%Vpzl%0(nSfR6GMfQXx69sSAF|;8EY0CR zK>u_dT#{z&kLO9(I&CXH$q^n;(HxL)3D^zz*1SP@&K<&EY1~TmwBxhfS0aEDT?2C? zxdcGZrKpW3UKy14J>@{O0qwBZS?u9z(`vOt>`#+@9BjoK8yGu5PvzMvW7|95i`@yh z01)r2pKTAr1%Tc2JnCZKg}U0G1#h z$nI8iRat{btKiy(#j^l|@`NJ*C20mY7NFLX2z*LEg@Icp1pZMDB($i5{0ne25COM{ zjJ9RLT!+dq*{vWp9GOWsO3maW@ zNDG1pNOvkN-6g^zMMMb|P?40D?oJUAiA9$vN(f3LDlQsdMY;r)mJszD^L_XE&iQe! zYya3=-LTg4%sJ*5cTJC(3n?S?L~(+HH;TsEeP&f#y6;Xg4?ol2D#F&rCu4@U%kLGf z8}oe=sf*#JkH5O*%frO6@Z0d0t}gNZx~0co#SWsXKQts8hU;3~QfaOoAM};&GuxqL zP{J`HoeZ$&DL9W3r`KDzjm@jAhxRW=$&b}u{@lP1G@KQ%&NPS=ha++p@T9uU##h0= zik$k>ZPq`a*#iE&(4xu`+K%TGf{g&+TN6Pm8BKN4;pjV*rj?O0T2P)O>LjriLVYHs zFI?9cSZB8L>+q8WI12jp6Tlg203|cj>hA>_h=Kj70`&+~2Fw_gZ-aVB7qFM1r`HU5 z{8iIyfF0yF&8T z?o01a^78S`uGPJkJ=x>D?WeR4C+-kV|M>hfC{3)Vfj_SO{@JdMIf9H<2aexCkfBV5 z{QX@j!*?z)_CFf!@(@sMvPfUiP*13a=%o@v=GI?7URncb`D%aeSf-$9r;`E}Xc7`A zr7~&(mX;@gYjrf3Y=w1qzED@;HiQ6_=2$n^ zb0(GMLh@`hs3!oOT<fZHJa&B6{VxX53wAC+Aq-Fq@#(raoq( z;Xu)66?KYD?z4zFyYYzypRat%eF}awOYK!yQk~> zfX@;fJqr2*M^=$logL|uzwj{6V>>H<#Jc)^@nHs9KMv`IV9@1u@swxN)6;`y4%Mzwf+v6D%o9&^~B-uNPIaKbrhN27`=l z+y994{xTQ@ffczs05$Q&Ea({3k(vVL12}MqKv|gZpR@|bFzTCLZw6j~D55J6(H#Ip zlL12g*oCKncs@VyM;NFgK|utp-|{ACi&#TK;JYFvUV;DiQqyeoDN$wF7N^f34qDuA zh6@5CIEq6v2oJF`*GLlm!=L_`@^?@mJAkk+;mJu>e9ad2Lo~Org~;gpd3m2@XbI62W~hs?6>Z*sltDbHZ+r$Uhmk! znM~NrIp9IQcyV+O_dF?JT(pDg6tm^RE*uo4teRF;B$qOH^y5_y7LH5ZQb_*}*A8b=wJT8Cb}h0gHV^?}4~gTLkHRI9b4F;{X^3Oh68{jyijuN*$MNpKO5U5G0v zP=X}}Ay-Z$iwYDiT5DIws{99tg}Cx!95++zub%K>UFum&F5lL7HB(|s64)}ss)v+n zMFvRYxD$@@DpS5Hgb#?&jF!;xvVUC)#g;{vY!mD2e^aDzs!|YOzrl3(2Fb^R{fsyB z@Hvy{PGkJ$;slHoIABbZY?D*`OM6-+5s<;4F+}Fr>7Wlmw9CBCT@O;aclX?9|Q}s^!XA<55F2`aqEtZr>G+nyON2IbmT+;9PXT&zy+Qq-08>NKQ%V`}=24HN)X85v|fy>|D+{ z-&&zMZtG%P8T4Yk4j;sPN4th#j)$9WPPb3%udcG~u3AsSr4opbIXys>|Pe1P4Vf!xN#4O2LN>`kpTUv1?j?^(*n_eL+*g)4@Aw`ai68 zV|ZQF`mk=&EzHozoq|{Jv_AWPtb3`Xwa*biljrjz(|B}QgNZRnvIXeR6Nes3ASJI* zWnuegE+}nAR(#Nd6YzW|4+yKrZr!CpfY#5CjwxJRTm(qc09_giVFyC7bA7May550* z3tdBCzWW7q>euo4w)8ML%DI>AwRpasXLR z`b=C#vgl{m;=JKZ18xq82Lz}P?O&SnoND!#2a+^BBLh{};_{-d*>=Dz!fk%bSIqPf z`JA}HPB+NZH6N1Ua9A=(=~}V;T+&aTwDHHKi|@xgb{;hE=3R++x8uJ0+!unV47B-t z9Fu;MwB0v}i*!?26@E+h@NA3I4!}XglU+dNre15>nZMOp{Pk zN$WYFXDrX3!KtMHJ#ELEUB8vWm?!?**E4*9Lwm_O0Cds!+?!zQkoR6mbvX-h{@QR> z2%DE*! zA-#=B-Nc`Was!$jYUux4xcsS(9+_q23*5qOp;jSS!SKc0Uw$EYdyS24Xpe8P$Yf1= z_l$c==AkX$%7|k#u735{qrF&5yX9RK=jp9M(aS%M)jaBKGgVxV(Ry0lUZ1s_AM!Z5 zd`P7%_|)6yB{zwW2~qWQ6`Z>c8l+Mgo!x%`JL>kA2iiGf0t|($e1_T5m2Oo!UG@=Q zo@L3I(G#sEncht1KCQ2>&wouoaU7VRC@#(D8JNj?rvZsefvx|rRskgVXl&^{YsjIX zf)}Eo83)&B{0Xtj-^-hR?*GXXrW<-++KTh?^XIg7PjSLYn}GnuC3eNO{=$fPcrzP5BW)GewR0Ti5`T zMIrDnNTPtGsPKDW`Od;Xdgh`p3>FoFg-+HNoX6&zHY6z^F6#%msCR?h(!KtIX(V`1+6l6P@ zY@3ICqrW<~ukODrUH|;mo0QKITf-FK_UHAeL|%~f;@R>I?MDVoWYLqqI;ShNJP*#% zSf*%OS!pw0XHJ%u2ubPCpylHt0@y1Mm)?p&wO}3&iX!35aA_)FpV6RhLYM>Sr#Yda zPtDGbhB?*&>OvE|XKH*+R;1SxnV3I;Fwsl7vjLX0NH@gb6%j=3xcu85{Qkez^g?eKAxZ0;iEx6|g9|?r6erg(_Qy z6duaO@BjoH=UnrR`10*Uhkgmgqc<*_PxbV*J)iV;s7~Xac@3mwkl`N;BWd&NSF_pmC9YxrxrM}uX zee@R8WLznh?3J)gUc&b8*Atf9HYmUCsPI0i$-mG4!ppNm+1ZCu~YY?!D3chP#pWCSjBe%g!uvMrU1p>!Us{rS2?N-Sl!Wt5A3H zD+z3x)!G@B1GSPx^hQ(NBt-Fqr+#OMlG3d^B({%?Z4Xl?zA8dK7C7 zxr)@+u*-A9t-~KP7=H4FcZATKIAnHhqZj(;imnY`N>r9cHt$6BLn|d|lPwMXS(o(A zOXWI@GFIiS&$Pm;iFtVO)B?9!e9QEr7yNM?dK~$0`YN`Ru=b?aa%Q4wk=?9$`Wvq| z5QWU-6piwpYuE0QC&yna&AL}p?W5F@6|T|}wvD^x$}~z4LejuDSI{0x_>xiDL+ zGh=#`b#M%`Cr&FPAiIevXM%jlKhk>vn`X`7suy>h_EfP}x&e_Fo~VtP-Fj&{gQ4Ds zn!G{*Oup=eUji# z!i;6Dw&QkVkBHoM6)xSvrD1aQjtm-bTYGbPswWCoRc^u(PMFgIVyO}>`9UHZ;Go&5h5 zQB2s*hiY@PT8`sQ5?D#kSqVzL!ydh=r0B>hUh(CnC26aDyIWwOPf5J3QaDy`p~tu@ zY4X6D1Vp`9wX9_W6T{cU;ezd1)sN$Y^lT0(pTJJZ>6BaXwK#2{U%SIXQNC)P&pY?F zW~YIZGnjUjt<_VJk6fwMAb!1UO5`xu=1Szf$H^iz3r!6Y0(u>9n#CJ*DFcVojH|*! zf#+V`62cu+pEXz+r>OAbJAD(&a(Yj6lTP`|-pZcBo8{j<$F6NXPYL*jyH}*Zj&&n@ zq^i`AntbEyr%V>ay$7pniu2JQ8*9vLU+c~Nzrv9T^JkS5_9VuF0zCj$n?^wBnQGwuYOtd zd?30p{HxfrJJVSZ+v#N@Sa14RN~`%j(V83B97c&+{WdPwZ`*VlhipN{9%*54 z%aR#^wSEIv4k!8EPlJ3%w3q+WBsP~O?3QALa)_OtxK4L4T;!wE(xl(_v6!dGYq7rd zWp~t<=}B^2To}ZmneffEXZ@*NwJ%>cts^5#%3RsNHwDm;Oxki}GaR!c)5MBnIXLq1 z9b&)O7!B;r*>G!9Vtlf#(Pa3M!uIor9Km~&Jh)?5<_a%oQVrD?B=nc{d2G035!Y_h zY#h<&k92n3ljkg**Iae1JuERRPM>;^btEpJrAVv!q`B^427~ny{=za9^@EWL>_%4%qotm(nM?-(goYVx?#OTkvD9=tAbExP|9}~FUDp;DeH-Rj;=hcv(x9Dr9 zkT))DJd51&t9)L!wM&;pT$hr6P8Ea4n&NK-=>8zrQ?K1p&5Yof%@qyo+qCLeO5Y-< z8?zR%RuWpmCgq2@RbTYtT8~(+B;Q$GFNce$cuUT-7O7A&`>d5kPBR zl0@m|&QLUdN}n&O&L!y92EN>eosSoddjA=Wp;e!3ksz=Zd0@nPuS-2nyfvQ4N8}w_ zqf*u1h>QA6A8~v5tlMYKo~5pXcP!IN$i`wa%tKFzpubysI-I#rA62xZW*^TEJ(@w=aW%TT96IV)6Ydda3WlB#h zG^y=h+|*j1NhP`{vYE=MQtF~YbK%4C@L&th{*aw!gU^S*LZZaKPxBWqw)S}b48D@+ zxuuM}hJ_Q>%P3B8<5k9of$2gmHSgydes9?EjdT9jhFi4Sn7qFYDd@EwZ{aTVel_CT zvxeEk`5w|_nMMUV|7+q#ZsM2R=dBhDpT1d3*Du*Nb$_4r80Qe`J#RTPCCqCmoYx0p zCvg!>fl4vv;k!@RH5^>Jv*>4%uHNw&%nAN>en+yj#dEtNygi)#Rh^HsRLCqk3;RqN zI@h&tuv@Nc5cnEMn!8c#a=X`&Qir6I3t0Uunpn=h7(l~bm}&mR`L*eAN7k6%D+;oR zokt!UZ?is??_RpG*l57tm>#>RI+Dj`+*;jA$WUSC*k8Fs{`ei+3hA-O!vi;jY!d_J z<>O|W_0omeNS1a&R?laQE057K6fOsMrkIA5$pm{xeyZ%HrMUNgi}PeUf;x0uDO2FWC%|JeJ_J(qWZjj5K4CRPk*p2xF=!jMT1tsJ`tS&Sa8F#eiL*dwp8y{TpH5 z=mbf34b5%VCW0`AOa1fwNir37$JV`!Ni(IwnOSi2Rs+;3edT4Dc&k0ir-KK{LS>3hf=W{u9)gL%rp5Nn%!gxGCmFw7^Q7AN+-bx0a z31cGUu13JtNLA_O-)0vfY8ooyPs6BgGGP`sfVEW-pcB7u_)r@E3#)8+{d#F(t#-|B zYu#4`$Of0am`8Z(@|k8{)5`ouRzdg487|ygvb-kj!N$Zy0+}*bf0q@?xl);Mi$s0< z%1}^JZ@B(2@LbdL{J{IXb-9d>FLZG2jS6{oYF2o6TXFm3(QRu5{rFmcMnzBNj(61G z@EYY|-|BesVTG=BLrRHxSDTg%Ng>AEJBx>eEVVB>6K;6C zD|YI!>h73z2lke9k{16Um2#uPOGxs=Yo0}7!PN6!#C}XS+&0H|MH+t!*Ab8HmSqRz zcV8e#VI}eWayfgh{d4hBehbs4vE!x}d1S>jg` z=Lx4MK=ManH+68YK!oFMUvYzu=N-0zw7J#m zt$zG_w@k3zzs$Czzj{`#(%=lj(BF~7!HS6Dc%?L*|SG*coq&CIV(Q=KZksl`eeN%1AKFk~UDOAgOHJi0%zIpY+cA;)@8=hwrZ6ttfg zf_0Z=1q>%gIwtg7M2CG01+eXHewnEznwpZdS^u{O`UiTxq?jLiGe%Y`=OMsKG{Z9L zBdFmU3KK|`lzpC-Y&-x^p z7hA0R8b8@^rqYeVA#At0Aj!gLu{y!i4>lqfdk^B{gYec2oGT2*G)wM$N7C!37VYkT=3dMwCn$O5vHJ?mSTz4Dxb1 zD;gube8R@nKC|YTbne`}%Y1x>lgE3#K05#1?krRi%422mdzIGmV&tpzIE@_+TXQMi ze8fgN-5{GW+hsSu!c>>_m$Ys-O%LeQ|84TGJ@mG|sOkgPLd4r(_zdM68w{mBOY=gY zB5T~>ut)mXM;Q1=T}(JAX&U&Rb37u+vBEFm-yWZJc`8p`Rge_zDCCa!vJ$jjG%&&{ zAG>#^$lJ*ztbY6>!J{_!i5x$p#xDMa>x@y~QaNXmk>OlQmpFuRmkEkbGih3M5 zS2^g7RpjZ5w)t~>Ba(xEaLr*S)8%6ML%lR9|2|q)`N~^ZawtnGX)mL=;)m^}QrTN+ z(@XEft~_ku*uwezJJ5}MV@q9oLJfKbfMsOv?EzGC_ZtgPYjJ=o+??<9Dy9Zz8ZXr&q zWb2_r=qBu>7v^jbKiY;}55;B_jrF)(F@0e4$!c^&O>DJ+Ke{Cb9G@t30-60^9c>wk z+BOaHl8LmP63WgONjJSIMkWpM=h&*&At~GvOU=6a{OVY+X-dYANy-^Ak;w8Y-t*Is zTvuBfXkyH-J^VnwOQl5mIQq@to=6yW)g_~yog~Ut)O5=rP9S7i$vpAZP3>IoaW`>Y zku)CzQa(H}yKhJ9B_Jw$KyI0G=Gt4Rp$?!Yv~F_elD#uU1^1!?=TQtKir-?E6#|R{ zE~J~w@f~k{-DDNXKzgW3`?Y8-i!}r~o3&x7f_r7#xj)Ci!s7wFuH#I5SZVlu^O}_L zpQ&5vqrRhu9VEzc2dY)W4Q(tskVMNp8E@ne-FV6W|w$k*7I6oX_z z-S`j)jx66hjZf&tcvQ# z_D#8sG+&NhU%dPBy#9IvEkxE5RzFQIOIS)>F>moJapvIe(&uA3mU?Jx;F-l3I~qJh z{LQ5IOo*j^g$T=onN@owqm+!(myL}#3|r1y&k3OR|VdKYyAnJs-Q;3Z$R^UK+*~Kzs4YyaEj6vdA{Eq1>^@H zmIk??;hGhS*3AuRp~&PtkqezLKC4(Y3naceCVp;!f?VQf|HLI@2i%6lkFks;3clAc z2KuN>NdTw*=Dx&fP+M{fU;aw@RHu@UmzNW+PD3PgBHk4Yo&Yr?6{GdD>(roc@YVj= zhjjCx3PmX>?jT+?ud!ibKX-1(h2p?FMTBdYQ|vx=QIo0SqTH(*HzFjSuJoNNeHNOZNUK-f1I|T zyJ9<;_?d&j3@F>M@?J}cU%e_R`S`qtc`xzZxCFuV$S`^(Xp;nqzznu5Cs4Wxuq~31 zp8{>|{G$&!QeB*Pr$hcKBhu*;G0xA+ZETS<&8@{&J)Y1#%lpF3hbC%J0J zFPl{rYrE~4p%V!8cEB)e_|Sbj@}$-mmZjJn^#?Y#*gw>BAzRKx)m3rGz#zI z7zQf-Tc($#_~n-l3z}BXb1t3bW8l`8Hs~8%LwZGi!za9WVWDmJC#O!GI)(vyAkW1S z?%&i=(f#M?wY1z^*U@H^J#P?LXJ~Ig;c{T1T&L|{t!u~7`p(Wgh@KTxV+5%@YHmtc#_=v!2aH^RdiCB~!{4?W1u0&bB5~=7LisgG2sH?O*W$ z=H54@_GGtHMSW;j+paXZcX+B6tmjj*YE@RORUt_LC@+7+JA}b8!xBhy8(wWA)qToF z5Jl1=-v>BWx?k^ss2F%w(2(P(2mduQEce!20pEr?NaK*8++ky;L(r<04biut0HwkV zf`r)n+edm7{smr%@wzK1Kw!>+v=*dR)TA_Qv1R!Ilt}7J5gP(3=Z_68$5kMGD3rw- zQ-0;O3Zi^~8kh(93oZ+||4RNde~ulN3nMJ{#k3#-fM+d#&^KFDY{A>)8cN{SxRN4kK? zNkXUaY-be9xx3XvcOc!U9kpqoheC`GKc^0bCI|qA+5&x%qaMn0FA{Sgj(XzN_ZOd$ zy9)gUq(-%)O%9)fRIktTW|h-GR%fa=LqYms`k{)2q8aa_n2b&0kN{QixZ~(}>9xhf zs)%eRy|f-D1cX*sCTv$Or7Ip^KPO%yx@fM)^eKxeE5>#xeq6dtJ^jEU*!c0qD9qMo z`!7T8@9CSGtfyC}KuF{c>Tw5<=|Ih^5}MH8-9yYVP>k%f$~&npG+#i_29A#Mua9ak zHPV2%lglpfy9~-D0*+V>gx=tbkn~zII)ae0Ue?S958|HRoIrG0bWA^lV1RfN2^B?~Fe$(c&fKg5;7;Ml#hL6>Q7&VX$&_f#x-5V)70+DzOICw2^XsGeJYMy0Hwbd0;b+Iq7lK9* z7KSLI<3w#5$j@GXFFCaix^YbVN4eLBt0IsRH@)*4Y%pvVmF6ALY@Klbfdu$qB}Y~j z5Q*1=;0j20Qix$7=o6Oci=b7Bg_Xhrg{3)M0d?&;IV|3AB*0`K`^69{i%E$A6M80~ zWo#hG1>E(nawBXog8g&ShR;FuI8#xU--$jtIG$LtV}YriM~PpMCMXFT95wLZH`9UK zgU$D6@iXvzkY->I_QtTu#CFOkar3=!=0Q{ar~0!@yj z&#E~%*8j1_RYbXi_5}${ktG-Ub_ZyoA8NU&bVLi{28 z3{%kBB2SsXh5SeeA%X)HRSkR4T*QJ_3%J~Y zKoSh?g*I4Sq+oZl$-849Em&U_mBV-DrFytDdRx-aP`~AdSsbH_O)v3`cBT= zOg2G=_N-LDYNY|6nXL+?*Sf;(dR-QR`WbUW&A7@#Tgs6+E(dU8+dWPv`}%1$SBW;} zo&XO|*TPUip^7)v#)8W(6_&(@gH*dMO8Rt^RZ-dao&3i3elC)uw<5(E)nj80X?nun zPfy)gz5L;!94!PlN!kT`<%3KxGE`KNlH4RA-0sQ3q*9kY^6;2Q(OD8AlHe8840##KDR~_6{&+6X#Wd8yOjy z>Ye%-(DH(X(b+|-ng|c6t3dBFd}wr3NrO)kN_j7|0O%jWixF6GCi>Bnr6d4HFshm& zb*Pj7}Z6F7p)>yj!0d z`WprzX_W}JC9?Rs1ib>UR}eH5sKo*GMFdRngzzYBctR-Qh!V+%tXj~4smp4dTOr@mQH27ya)4tj*|Zwqz(tA z?}KD9WYRt%8jBn(u=k@t#|FCjq@-%l0HO%ISHFK=B8o)LDfpV&aLAz8$@v2)k~fa3 z8915T%P+r_U7e^)87kIwgrn14@zKYp*N%Y@ha+f19VOwQOemP!2rzK)$jQo8?tpm- zEgO_dxHA1(wGzyps1pLI4N40E3kDO0qs>l2*rJjcPC>{ZLASg}aVX z{|EpICkq{2kKdJN1JPIyoOe&akTdj4O>7>k5+CrQx>}T%m$v{8A9(mmU|n^@Ou=up zhn%e(~V$>E=%)9As22OnPrp93>2M{0X@JLW#bZ2eR^c_sa9iB_1+zRQnjVsoF+ z?4{2pcL>hUEK}f>bfYF77WnH?CXTSN#U<($QSKa?GvwOILE*q9_Qo;SiPmZO^Y)wD z?e(tjb$!1}#weFbdCq1maj3t;W-Oy1xU-*(-Ktl|P{SWtaDmE4haO1THK1KX-~MPl z*SBkl$mZGU4HtzG1^hBL4Tju*69R6vx@gEyG~-B~<5`COG>@D4<# z{0>Ox=T0zOsfk$cD=yn-7SCG&b+5p$B*ufJ_Oi?gEp9FQD zTo{X+5M;V?6crUAaTHme=Ed3)lB^ey$pe=_orLj>TK*@z7vu~frDlx;W$`8MH5i} zXweCVI(Yz3HKCmuEW2aeLaFyWZB!- zG45d2A(BRFIXJ(e(gPW+4euP#8lw~Q0Kv^fpK_C2?AqY9WAZHGVQ%<~D@{hGQk47& z>A7Ht(`q2Er2gH!oZkhJPVm^0G5APsC20XQg6nRa(d}&UWM6&7{G~Pu_>BP0XwC|PehW*)T$WWv)avP%d)dMn%XFr@BtDjU>Qm?S(31`%$+6+kUcO>S>$Z&rEw;JTi= z*q2ErHH0<5ca8+~kNxifJ_PpgcMQWxcJ?H&IsYpWMbI)Fgs1GXVHmkm6>@9x z9xm>m-L(l_u$Gy=3i3xVGg3N3q%DQ$_MBV$^nv0en9Ir78r;|Jf>Ik0Wef)J@K^K( zI$?Ma$wMks7)+JNA%v~dP@*joDmW5#TE7Zv);Gwh^fP^;Q>WX}U~FTBwU{$dVmqqx z(42nFyZx@8>i2_pR8@hvr)8NtCQo&h@7jK_3|{hVrV7_lmm44|TpklTXCP``#6f<1rK8yti9s8 zvuDl_#tQM#W>R_XO4986pJ_ScgyOOLy({W%3Ffz zpzS2C$wDe6AOg^^0xb+J^3fu2J6rT(I6zJDyQVmev~+^V81>a$2HQZ*rGj6Tkum)+I+M84&@HbRq#Nck8?~x@T~F&Qkk~Y~ZUzVf!eSKP|D&{Hgho4DIJM^TMXFskL1M zgRMYt0nArnFvQNnNd~7687y3*_B7Wmkz?hA0`YWayEtgV9p`aZQ^Iv*bQt|q;R9my zO&#yRaDjdoiWUN~xBXy&I;7TOU?yOp`_m=1HF>FDk>aEF<&LSCpzf=?pK;>AKa3F;K)-4x0ogDy3w5p?@h-9pu1%>hD!mdXc;f_ zC_E_cj##1)?0OH_N-7+U%7H&QWo5@rY9MHYRKW;*D3KJ$C0&Mj(SeIrDvFQi5lBj| zLGKexyr&UHgK99El*H{?V*xA7U1H>m^nT^elbT$v2Z{U|{1TqVp8&M^cM-#YfkxiD z>r*u~^jPREP-~9bK@fE)KFN0-bV@tOMC^-s*JEC}Oh>2nX?&OKO4ac1q zRCQknKf!1K$>WL0%DUqZ=^rLwkU0W`s`myYeVoMkkb@Nr(;)R1td!i8cL53*S~Fye#e9cr zP3AYR!g?Z*VTB$Uin<9Zv4HqM9AC7qVS0QPgPV^G8~hz|&_d!L$|^vo$`i0_Mtp0r z6(=e$U$Ara0G1kxzD)HhntUO$#)(o68`aX3SG77110gq9w;@`QW+P9qj%a|%WQulX zT~g8Kw0Tk-gWRr)5Vg>b~W&$<{mD>lVUOy2mt!4+NRgM#nA`ra#T>-eBXXlr5dgcJpap|QSgMzWZv?=Au#vA?h-b}{4}(a=R{Y* zl!VF!gaUPUYnelJY=2fxMH}x;*bdM*g76r@(cG?Sv>c0H?m|E>bZ1aU-N-j`Jl5qO zjSTN+vEuKz0$hq=@efvTK{g(kONXj2o<+mB>Yx4MpC6I80wO1o;~JG~Xu{*38=F@_ z9}gj^w-4U~_-5Pe3I9U3b|xMuC3`sbV&mh7qg_7#>ltEoRgB7;yan$%2NofUCxrta zEmefbBM2SF(FpI!DzF`o6E7V@S zT)td@yAZaG@G5wsh=G97%Ds=>w*Y7p2wkBde?AlS*DvP-xPjb(pf7?x_uuIh^6_D* z#^Frc@G#pVU=&Vp&Of_#A+x|TM8RqWaL}aQL0btXC;)$mP@+Dt6g)CAOt9AwGU#e?{sVN>5#kI_;xC!KkSSQOAFrPeRXA+)mj z(gq_eB7soe1Om2Uz3QSl9M&GFKImYH@e>w(cn0@oAYUPijBBRLcQC1lm0ozvLDwsw zFS0FFsb&v@H3~X|NQpv7I02BgqQ6)t0XuxJVBsIo{hZiAK|E+J0$_=L6SBi;sX5nX z0cr#13JSD9lWdO6%@Y7dMZ+Hz1OAVguO|V!uK#9Az?6y_WRz$EgNStIi3;C3aQGsY zN(y{zD2NJ-&&L3njex}(pEbmHhnaR{Zfn$=4FdbVpq?4r@o<8WKxFSRl#UF(%F}6W zey~prtQ6J|H*Ews8P$o0w*G+4+Y^g>%yW&3{QQvv>L8$S&W4Dw_bSViIP0$Vy=ca}op< zk{abmb}$~NI%1FZK?)VsOxt)_ZgQcURBY6XZa=AnzPXpl!veYF)lNtT~Qx*qvA!gm7$AxyM1pmqQJSRAV z%Rga9k~iTpyN*piw`9kzxa?BSEKv3O@1Jv!3ljyHRq>taSMX3^O5{Z_rejd?(ge00$6)vjBtQv3s1NOVe&l5#3KWCg@V@51vm(RK?fOJwM6PixA*;X4D9n_IJi(C3%x5ui}!{~$_VLd z=i-lkkJtiEkj)}|9p>QZTfw+bfI}f*3E9=p#CQSEi}E))0>4QikO!qY0Sf+Hfd?c` z?XZz!P<9S{XOts|z){e2$l;1&;VhBTvUEm?`_Ls_Ke+rb=;J_+BP3&7yeqe$To=pu zS@fa}kA5ibrj2q2BN6_!goR7#_$^lo3t_d^XhI8`^utIZ9U3)x_p*X$fx_YC*@-gF z*l}%>!Ygmj7RjnF{#jh@JS|IR~kxVwkS6ykNr3>&8GpKMS0QC zcFPwxqQuRGOSQ>b1ZT)*;%5d^1uIq_uinTNJ)csRPvs*fTxIy!)S{wv#_&-JGoATz z=?pfB#DLMSJkxw#J?X|O$qX($`3}>M5?4jgCVD3iZ$1P|IEKDn+UCN?1b!a{XKO3Uj3P{NSfcuUaYAV@`1O^Zp@ z9EcNUR%~{DzFTgicM^7uL(X_mp?sX6Wy$kS7H>LdoT?tBb0ys@9QIPz-e%fXEd|&n)ZrNxzS_sq~-k z?`usCb-KK;*C(RowWZ~=RUsD@F5#M0_Skfzpt?5X&w&7Hhyj0efUZ0?E>0cBbqE+B zOFSh<1CAAph%KSTZo;9_7upNfmcLoxb{wb>8NB?#cMT++_Y)UR7Fha`7*`xVAbdv| z>(@3Fn#x?M)N{>8A#~w@RvI52KvZrkeg0N9L$`lEF-fg?OZHTRG_(2XL8*eN6!Wya zy>oRWMXhAUWh0p)#TY&&&KYjPOm{=#+yM0z>!kz2RW{02Y-q)wAzNw#?ut;t@5=xz zclY+PYN>~rjIGB@54(%-t+eZt(8|qo(6|H_;IbLSd{kRc3!cO|UQuo|_+$At5GZE2 z0E-;K>(COTd>dekNFdMg=0bXfN{N@rm;2lk-qjU<$9{XzhBovLd6}%22H5SM+=O*mt81#{$V4-kbU}KQh73mA$E+M%}TM?16!^geqB4@Np zjK2OV%qKFg^?Pk5B6^-}>Gyd8(eJc0!_80Wp5HZGPvG|*X(jE?#jkmmHw95<3RNub zbxfB%eNweP@aX}G!$%ZjRy%E8GSW0VetdU? zD=I@@KfMb%>5kQ=oqcWmZ+SY8NBajK*S-ai0oBG2P#?Ko40>eRER-%6kgp!?GRSPd zDZg)elA7@!+#3It4Cf9#gFn1ab-+7X3#FI~pbS`}bU6jfrBjAKs7t$}gmWv_2cJh~ zm>qJI`)0o~>o?O#DdEjeCi)Uk7kkUC5r!DlhojphsDr-U4W7Grj(F`8?@7x-1Et8m zNDtFNkch zt;KY{(H9p`mzH{1wdfutZ16-#4>y0|O9o|`*?KPFy@1n7bur;;yU(~!kDhCPoE8{3 zx?eQzRAD1)kx*oJuH=nYKgR%VVR}=hNhL}HpgLi>42#jQR-0nK$#eCRf$#PH1ThGnp1Qo95|Z z@%hH4Nr4~t6*ZQXWTN$c)qjvg_dSZWUVpb?H=j@QrARo9iv3`wJ@8E`7s?L$$XdglCkMwO<%)O+dC=)TgbfrmfYY1Iqt?cb(<+xvx>F^DE+0Qdz`2$YSS;u(~7 zZ!wNm+!VU1-=EzgL1O?kz@(e6nv8qE`PE&M_E<=Ai&i_;5q1%l8@ zRU6?hP&(3S6HuZ38d$cFoWb#9z}zv_5Hm6;a`p2^<)F^9uJy`LAe}h!rO(@IG?!u4y`R5+{D&2ds ziV`(H|5>Yl4um&=JCvz|jmR0{$(})Hti-$LF1ba&x>tR|{L!n|KkN<^eA2ViZ{`U& zZ6758k;DUWGB8R={+R;60A9|S_6&`>emS~FHzEm*u1VqSXlkpws_aELHRNtT=i2@l zM7iKH$15?eBX^O~z&t1JQ%=@m8c_qBS!i}Z?H`=uk^wu;NIwJcJIeKi8><-TIMk~w z%-Z!dPdkTH&W|c@Z!qQty|0NG9qBsu*P}$xCkes?kR}Eehg{p0-Fu81C0dbvMP^L= z*Xm0{qr&a%%F~ih(%1^lq_z6&9LUoZt>2HiXHrMcY*xU~w4=Dw%==XHbyvclp^X~g zug&xrN%oXn9x~9;EHEh;1L9N>D3s24`t%+1bW38(G}gti8K;csc#qVI4;T892wUSL z2NlX1vuH8jY%xUb)P$#IN|W_E`{b6 zR`!WiJH8>hO8MTlKi-K3fhmkk?FlgkeV40;A9nHR zhMLo*Xi%kCb)yRWABZUgg6RmX2))68ZoM5PQ=+%MDE8GlE&p)BqLE)L<)(}phUf&!~6XHd+w*? zy3X@Ej^ncquG@+I7oRL;^{{DNs`dBi*@qJo?>=NsMv+-zCit?)PtVa@} z?v87$m}iXl1r9hPc%$;usdX6eiwaS4XI1#asoe889|( zDm}UKnvpk;!tXHME&k#;hja46Jcm|ACNs;FEZ+3=$yeq0zs5QHT?}-7-ZotLW-Kqd zIBfq!Q~F1D1+U(~hUA|&{q6;vX5D6^HQ%z~)6Yf8>km5Q+^`Fqcg}6s(Renu?@7Z_ zXi*n1+-&p#sEeUzwlf(Y8ol_LnUnsLs(IrqyfE&qt)0O`6aMJ5`t)mgXT3b{2(I;2 zPI;m|@$qn)+?KaBmENA0`Bg5S7uoA^bh(^e`or1E9nuTTV_*PZx2aNFBD3Ox?i0o{ zXLX;1uh1}IyJ@2HNj$l9UWSc&-R!+CD8_jQ`*78vz_mAT-qbp? zqbaj?{!if)=WTxP>s%Sj7v9$Wms)xUqYD$g3u^i$2O_;2LDJv6pOfeJdRzQ&q0*jZ z>&sB{?%p4fmZ|&Y!s?8n_76esG4EO=1xNM5Jx{cmo?hPx_&Hqkeg2C}-GZT~9p>Fw zEEaY8d_bD%;48*6d*|uubpfVO5;>Z|mf02zT)iJiy&5=Q&%0Mr8jMVU7Z%M6pX%G&cwN(JP3i#_zpKgf500 ztYaWpD@pS`vcI+?rH|NcQlTOPmtyHxzPg8hiGyN^0Mc~*$cWzR6hw1Mz05U2wM=)kwa2C9wpl&zV^ z1%U07sDyN>nBu5o6AL^Z!jUWZ=Xj>r7yvcZ5YA0XD9oY&7E!I#nQgHEoQ$1rT$@;2 zsVV=_!#7ieTK?JkG3KXey8q{C>B+j5xvzFGggqbd%xupg5y>WV|%UK3Cybtq7_RtD>?(kcx63;?am(5rR*J?K9! zV(0V3$%=|DUaCCKKtgP21>#6Y(3-rQMj6IH=!}DQ7cdse>M#A?sHC5BViC3UKsAW! z1wJQy{E0HygfPklhptf#;14Ccvgk&J1_$rLe`O;`y1~QJn)HNof|AZGa5xwG{+1%14|1Uocn~`g3|NfOIyn2*f!4y_ zevZdL)FeR$IF!YGw+W!^KaZPj9b`U3U5~c_9CBP{!#qP^Ce8*Nk{?LJ0(v0Jx@ir% z9UMfglT7&Tu)_6+^(6J}OqDS-T>342@=gb6(Y8zDq5KPb} zLuF1ntp78ff}5dKP)e}IF4Zrvznv{kS2nq0kTN=si(C*jExaCcJ|#SO2(c1y?k5}O zivUT*7QBdv*aUpLIeQu2*|md;Z-?YF&;^i(hXi=A9+cx3y@G}fHpf+vDO7<(y9O5z z&Ip>tQVvFzA}L7|Pf8+`K_rF-qBQr8!9tUY7J61wykD|r(DDY!N1lpy_)I}pp9pz@ zCxjB|YdIJ=XT-O@b8FGE!So2C%1B>;hesYSlIzmL#(73_7P099iR}hdFH_oxMAqea z{Nw|`NkL}WxkOByLhwX#4?4nTOv+g7SKg-Uv9V$J>K{8e|r1 zjX^l!=!BcTl2y03F2`MbYsWukSZw$-hK*1kh~u_On<; zHs4aZ#K!uJyO>t=MXn3n_o_3!zn+y9gj{|t@RE{+FaFNnXvUtncu zFK}2*7cKTFv%WIv%1HhPcN(o;NH^%uP;({j2w)+_EuAA!b@!4p9MO&-MhF*9J zSN4Jn8b*cAjHn^DRvd=>m9+IFPX2}4Rcp`)Pl(7h@;`&6mfidrJ!1tG1;7a?)gO2F zDl*wr8W!VAP=GO!i@-r<{m(m!tlG=F1-K3IFKDCZg{Q4@#)=mq#1iY0(Z5e`;?Jy2 zSAiHU8yaDNt6ef}mKZs54Is*!w8(SDu95do1)z?U+MI*G!^i*!+RLF_5*9MCux-b~ z&BBBWU@cVN5jT(h%_aeffZ zY-KEd06P8n>RZb{W36bzMNPIMJZ9N*^>{|B`%YkEON*VtjQeuXwKOG_oAWEkcXQNJ zb6?$OOr=HHy~t?83zOKX_}HW0LdKmpJc=#|PitKHB;p1)|JLwBubc%B_=R8cude#S zy7HT5pKisiw&T|?tVq^S*DN3CF}T-c{h#9ZEFQyU+JQ$Vc3#(g64}Q3VSea))dsKl z8j+oQc17s6bN%#ae#f`>x@MhD;`|WSC9mw>wRR;mNvLCPiS&Wrbrio;JZM*CDu$2YK9Y^;*$x%ZJiv6mJ^6@7|% zJaT%ptj%P#(rDgFl6l))?Qji`jI<~jEtoSbAeP`>?aP;yND+5_wPS%9C_DW!Z&^%! zTgU*^avp}M^SI{4VnRSNllQJ&OmvD-S3{2*Tpp#h(%*zo0t)?w@XAB_`j>G+Z#%`x7*|lhNld&)xBF4D**@xOP1=gJT(L9ukJOu-|D>isHApG|Vc648d^}Q;T(ur&D z#XhD38?~19@#6w_*P+qb!mjXf8Ht`J%GT98e|`|DesZT|fCAT&B})ns>z(k^@c8ko zsA>7}0#@VH3ug-Z_snzamaUgx+`jy?@3F0nM5~XWu5WC*dPRSA&4%yq7no>iX^rHP zsqovkZ^9K1+i+QMC>f2Ek*^5N7?-viLoce3knTu#n^A~Rz&c-oT817M5igpWnpt>i z=Jd+(vAYMU3dIq2btvvDM8!1nfm%tZ6$GSiv%$i?oS!AO?w00jJMCY%0?gf_$V^wq zx#{Q`7I;l7hZTm-C}Yw39rqsn>r3vH9N1V zLC}gRZj9r=F2f2p|F;lv*L1q~5%FGv|th5ZX{X zMSnO#FGzmhGvl`rT}`){eYQ;1XL)^0e%c)nx>)C2p@-T%$=1!yd`BX3Edw{s@=pn6 z?+-cShgk)!5uL3eKb*BUnTyXKsQ8T5zKFq zD~1nB`-EL}#+fDoV-%D;Ld>tfI3Z}4te}m%A#{_Gtc*-tMuvFw*ua2QYinyD(^IlB(g=zsr0#bPb-U z+&JJXA=mEvy`gROR_J6*2(-Px6J^y6`P&H2hUO;tU^o;6dU6Ld{u!0tdFh|`Y|*O? zHhah3)L*E(?rmJC@~H99xgzga)&jA97uQBpNEmv1*5|ol8PW#sVq9Puw&rm^C%@=da9>WzZ9^Ul`nx31O(r%ZU?mUuR zV-A9+9Toosd@Uro%MOTKY`tr-a%*3VP@Cb>ab)20L!Kfr*?syrZ41?3&z6!-j^Wo) zF?ErMoqBqDqT@Me0gk9FVJl5OAu^?78dk<*_x0cvDhR$URHX z9Cflfu5t;piVON?j`&~BXvr-u@q28?J*tgg2uEIiv`;X5r%EL52^_TCif%R`kxQO0 z9+d5L{8Aqy=lW{%ON-?muIj--L5JYS=3sPfvrg)EPTa#XAhI`Yc0IRqG*d$34G}AY zP==|Ohx9fv-RX?nK2^Zk*d-vkry$!xbFsBrVH*n~r3j<;9(lqsl=jM&az^RURw%)Dy1KfG;3c8y+iL7AFpdL%%tv_g_*1p6^6yE zTf0kNw(^fxyP7eA!FSB(JuUnCY)gMLb}6M{k1bTQ(BnlFzLG&$SokvQZLMXyHo4lp zY}jPoVX}HmFTeWBNFmygdOx%KCHkGP8#h)MIX`2@iCYd!j?mX9 zgY#)bBH0xo_zFeI)ekIXw}pie{!?XUNJF(kuFF0E5&txM!uiv(uADW>)4azwH%Dte zpfy$x^DsID-}!X_0o?QQ@=UQMYEMYPk8nn`s0sg|hPL9TPEoOH8|IWB52hS=&R@L9 zLQNJiTri|eMBXbr^> z@O!i~0;N@j!QjnhNB6o-4^0uEP>sTRP5QhW2dKzS>Dyah5&^%92^{y#n(djViC2bZnwOpSKR*J4F~Z;Zlgb?`kVo( zLg5e0g03nU#$=l=GWKYVVt-y|mnN4~wpIR^Ssv$_qaHiGMn&9%&qH_Jm`Kav|!37boZ!|{kFW!3mOe( z9EwS1(Jj>t!lMd>Jr^GxpO$`U<9hMu0@YuPgalFfg|&*q-!{ZBxmBv%y3yPcxv)-eEd2?A2}yn7I?*%r&o0NG)zzxzFDIBz|+vXqdFzW zQx8f#8pQ>ru|zWenQ+(l;bFV`EuZ%ky{rxydw^O=OiT>Y)?M`z)-^4Oa(+5T_4GJI zL_`G7opb8vg*cb$H?p5n`$V>`f!o$_`I(ogzLW?sxyZ9WOyTsWamN)s4S)XGmOs6+ z>gM36*UdhTtrx#)tUh8pzacn!JbvZ$nPaiL?oHuvt45bclUdA2<^H4Ppv5<@*bhz6 zHeSY5m*vOov(-kPppo0ItEZ8L7Dt-I@UE9PY4A%Ypi&wK(nygF z?SOs~&X+@iY=!_QGE9nyiV970JUx0x)62-XL0;JO)rUW?a%Bx&0YIEzD za}?0>C_1x{Jz|bT4sEOZ zIXNpf#yHQTSx&(jYusD4=d{*v6qaIw1tROMRxKKwXxqkt4*@6jDP5<^(2>G}LA=tj z2bn&GhK5p_0`8ml+-FjflNZ9i@tl$j(idbVma3@gSQc*Lb!{&C{hyLfX^%{B{POLM z8O})|e;RBo)Q>#-a5+!?u|h)Qsiz_nc04!mE|2(BN!?^APXGPDL&kc+Zl(6F_EX(~ zoWiH>UTNk{|GjRjZr)gS(q*=cjv`a$^<5<%swwv^8~xk*FXcAG3;MDDHy+*Z$1%Be zOw!n*^Tl0$<0V!$hvKn`AthD{3J%VOi|O)k1$)SuNXyC*g%b3)s0jP7Ypi(&7>=I$ zZdnVtH8XyzHy-&@cS1_r`Um-hjf>r`44KOu zwH5*Evw)RZ_VCZ#moa%ii}D^N8Czx8Hf8)A2~T_F^V7V(yluw<{#H9b z*Q4xX7stQ;+r;{IdNQxJI`F&TLb=7lzn1j}7^;fi-@NjhZ`n3R3RR#JcGpss zRk$qX>ZSm8Md1kr==8k!ygptp#OOaskS;XbVF8~r1G{`L15Gcrv9mi>qUuw&5B_I= zj5(*EkjrYP^+gV??;yRy%(uv=^T#uH%K22IXtykmZmi{5~uaB>REfew3EI*OgpOk zN3lV9SFfhdle}!9F%4yz0@JyXRdx$JGi;lmu_FsJ+F1G&D z8y1`Uv7eXKi55&b>$dJY=oQ!>|8>x$@6q3e(_^gUIYy& zLi4SG|Ci`3slLDWCOslP=zP2P<+^(Uk}ahbouC{QDh4okXI zfF+m*`qx*!t<62UujSP%f5^nm(a!}>tGAzSK)4R*G0{f(ezutrYgMN4E$&(5Btk4h zkbgB!x(iqu0^mY+y1UELjwkd9j(|gK`kRJMFmGm(qi;=q2fx{AGXU81t+6+kH!HF% zT@wPY;!0{2>Bay@M`s}*s-3AtIbkht6=pFex13H?`dQqll8$2lW~lMgVD4r~qw>}5 z%UiL-lG#NxU=BquS8ttY=5z9a!=X$OS@Hm#44b*R_a`0R)cWR4A1x<}8m;EBUVHZd z>GeHn$_$FhRh*paVu*byvEMTQt;GfTK~Qz0+(# zXl~;Eh})>A8z%P&gJx~1uqPWz5bO5zmeq4X)zSUb3)3~*s%Solq*z8DCSi!O;U#?t! z#Hgu!=B&^09Xl9@zkCtermW$^QOX;YD|t9@gSg$`<)XT)r=FEI3rATvi73sOY`IZ? zw?IM3H15T*F}Z4^KjkbDiC;C}m@R86 zJWoE?n%%$K!qW1=F@ee{%PCvNg)c>%*X5V>Z1*uXHr_AU@HIjyOms-d<^avW{>2OPeUxaM=?dpGa6~jFiPZ$`+hKF~Lu;HkK>@nX_;O z0!~|Mg#A8yZ82c?c2w1Oxj}}wAkwE>c(YfFUNbnz9erVn^)$}$$}TY z;&zfsi_NjVYGUM93eyUnTZ;IHvbRY$G&JD2zEXVuSbR~P&G$mD4t0*9tf!%2wI^@f z-NkHRqIKwNov}jc>gtl!>C4TIt^Vev7GqLedneic-t8Z=Y!Wg-$)Ux{m;806Vmq0* zbbYEb(=BQjA9}PbRytAf58H;Dp1$$F`;(1;)rTnzaF67?6i1z_0kuIE0Jgq_VDX&< za`}v8>nBS8{d?$o$-|spheJ;63exval_>wMZ+@%_@l_R!c_FGZeM`kR-cHQX9DU6e z!MKz~gRQ)1)1B_rX8p}f6?g6mU976AT0VH^3)hJBh-+C!56gMaHHD7niasm8S5zI5 zw++3>mHx?ZVe~oEo@C9e6zO4(@!a7X3M)86+mb^&*+;D$o4xKVP24gOJ;8chFG26= zzBg%}V>tnJdHiCRt)jy?@8&M~;F8PB9+7HkxOnQn>_H1_EuS0CL3e{EMt|N~-dpx? z=i-9M5qB2N4qHjnroirzyn(^N#I!Uvlw%CbRgD3-)dKF5lHDE+PU%I%e6TAp3$2D?n^25^($Pk5%SDvE&`1 zX&ts$NiFUCVEXaZI<694%3p?u4Ii^S{#-oqPK6~VqA}c$6m=YEFVitoQJDxQuVdBC;qX#Rtl8Q&S` z&F2I~bS}zW8eV35Ye&)785N^i+e;7RtaC4`GD(N|=l++h_Kz)2!ZdG6BF-WxaPJ6#lMosY$OT%mGW+6{3O(Uc=Sc68_6dh!4 z`5?bIe$}S1&eXog^^9k?a9uiC{kl3*sCfT%^YVvz`#pYmmgTtGGBh$gc~K;_{$fe^ z_bAsLxw8j+BqXkV+_uX84mxb1htH&hH&@o1wrtN;$iJm`;v^^gR!x?*?Yk2E*+J#DTmGXx21~9eth(ji=lx%WxBUjoRvELs{#|z#{$*q4o7pU){dq5^NIT{R>oM*fyFDho z>VdiG!=FnGjd*xhH!Yr;4*zfVK;jFNaN!p_SY5uW{7p<>qP6dokeZvyt| z4D-3Pus9Dh1V$h2_#*$u>`Mi^^Ml`>tP1KX*}HDu>mFiFxp6}6dGv&N@m0ko@2sD( zdyNLAAK?DpCCh5(zr8J>ZkaU0iC0zHhHpySl9dBCCFyp|IJ?MZ3f!>}pM3jwf!x_x z-W69fL&XAI#OqGfT-(8`^U?E+UHIMOO{*j`ofc%O{1yMASDB)dpP!%oCueMnu<&+d zdhLJGUVUy*E3s++=l+0wp8{UKdWZ>wZY<$kY|tCZfGqI#x5nYa69p^C{{ zxr)F*_B?D^UX_}cw+fXE{`!>@4hGK}zTVBfeTy+CP1st~;i+NEVb_I)L-#(}G49Tn zQD>HZuq)|mhab{Kb}8Of2QL3HDtkIAUGL?uc9T4|%bkA!*+t!m>o`%u#n~pY`h`bP zT-@4IMjd9R3u1FaO8gqRG3ZRJ#-raoQ%^2|f>?$$SM$vkTnVXOx4BrnZ|`SW!0)z-SXl*2X-V zvKiQQmutZEl%yR%#^*i-P0~+PlnmsyS>JW%oMS|tw|%^}YaBLQ95j=c`CoGytOn(*tg4a)@#ITWT_G#i}`Pb_ArSv$?@@wKY#vgZudHO50#;3OZwT&#i@x| zJ|D+kf3GNabZ~H(Uy;9s^JT8*DRBj(q$L6Z7x?sir{{lW07CEXnsW$$-EuG|{J}T99tmN^vJgI(;g2+bbISiznR+KZX!&vc>(-#t-=DnLyHGayySxMIWNDM>S{_~* z75`m%4+`#Q=?`n`yowk9=)1PF>_RK^s*npd8w|M{{PpkHPyC5EJIIl=Av8d4@nXhr zVvpag0B3sn#9GGQ$fq;wsa?gzezu&d*T-LS{bJ>&UyodEe9%@~|8_e>pxGc%pUeF` z`)}$jab`~I8w{{d8|1p`A0*hWds24v(c$?0%a|N#X30=Ourtv8yi*k&8=TJu|ECzMI5X`P zYmv$Pu~cBmj}ArMl$F;1xrx~=IPLh#s`L!YAWL3waInR47pA!V)|wAna2}*fsoUQx zeaGyo+W34lTX&g4t7rmpvO-rD3BZY*!geC<(!)*!i7i6p7rW-l#Tq| zw+|r(rc)+ZREwi+&TX~+6Qx9_n^occmD;6JU?;H<* z-rn&Dqz+i50;m#>{Mg2_(P(qy?MpbW2)quu7~PDcCb(HxEY)J(!pYkOeqv0P>{}L_ zk4I<8+F88Jdy!ty$qIe!{?txYlU$R^`hr&m@;#y4wU)yI^H$Fy* zut>Bo-8A31HAFSi>&v_R$fbw3L}$ir(;dl}u|6oa?&gc$wx@q(Nj?CD8IVEzJ`04$ zRZ$~P3dh=$AB#R#)_2|a{-^on!}-_XYK*);KS)ogK+kKL8qkM|x(cVlibrmevQ@{n zV0>F>;8C{+x?*c|68E}1Kd__lEn8NL`Il;T!&`>=ZBd#xwe8%xRe-Bfk|Lln!A}Wz z1R_Dvr!sF*tNr`;@8pz}Aj=I=s!poXhbq1tUA^X1-y;p3mTg-nqk&W>YbP;sHOgGz zJDT{gL)yjo+@x2#)g1?t8=cM^w>~8krSw2ltX^+)y-m?BOBQrFHHMA9b5(DV+Mc$@vY=trtr6EH zzPZvTzSO@>4ZT@*u}va#pIBbOgxR#<)R+x$Hr7O~gtqFifcXWD07T7MH3v3#aN8`o zK5Ds5BkFZ|!TC))2imuSqQ|Q9R^QfZFjQXM^ER;|{_sT{bJV1kV(ZWsW)7A)_B^LH z`cwYThRG|r@rL$I`I`Hi&7%db-g&#dWAM~fAr@uqxzM{OgN_xxUGK&zF>di-OVU|~ z%OcH5exabgV0Jf5i=Q|fop`;n^)r?ssw148o{SAL4{kzo-_`}v>zPnBW`ufKVdYxjCbp0&EJ(ZvR7 z*E|LQwso@y1{PeB;*B1iXib+-sqc@tcTeDjdS^a>?3x547DWhCxOfg{_Hm!xayIgB zy=d)`fcvYYdOUr(JIlDs+ho>r1$~p|TD9uA=R3YK**MGIYKEA-7eV|fN^K^s2c$g~ z3^z*TSC=nRGiqJaelCN*P2q4dd+u8~$->&ECJm_cjG2YDbUnNndr~XPr?EG$s7RqM zXjA&7!DhatcQg{K#-}7LF9-k2_q#kAZgv5pzb*zu%uh$(>iioRyDhq4<1jhE(f-y(hcmoh`N(q;7uUFjdhY@yTt`3~E(hGe{!`TpTl+?^ z@6ZXQA04bA`J6jcHGZeYH|YuWy*Vmeb*XHJ)+O8Yc{*{eE3G!}7<-{(cepcz=SNPC zRE%q*0wtmWY@5JTgbzfl1P0UC6J-5QJXD=s1Wjky*C`;r z&+$WHq`o1d1Gz!tAA+}33!2yPxv~+!M}I-e_31yqxtk0K&M}qm$Y<^z_R#>Ak7M~AihKGo z#F>OjH_9_%kp}S|>xK@JQeFv1n)`;`C0iNDKETXCQprN7+MA!8@li&~h$j>j6P+hB z)tIB9XRC?7v?i#oP7}!%s{m5kx5^M?R6}19l9|;gl?Wb1eWZ=#o!SQ9@%J7Q1pn>^ zIhpyqi0A@SQ3Liq42(V} z_2SSBUd30M`F`&o&70ypN6k%f^D|=}|zr$ z?tXWhe}H}FF`%=NC$)48Ecirr0tuHRpo;3?=h}#m~8J^%6LX@(lE2+1 zcWoAZ#=g$_OrCgc?3=%%KZCO-KJ9d7KuL3zwWw(6f|hsThHXI3ksC0y%&MlT8qNy~ zKzz@)oc+De2ucL`FKM}1z^W-jwGdOH5;sSTsxd@KTeHW4-2=S3HX#sfuOrdXgz^*F zf`=_Xn%6?S2F+?hW|6cXh>iZoPiMv866d~~&1K@bj^rXRg-PV79W{36$SD1$iE#x2 zSOlKapC3}T>l{C#t-&AYrWi`(0ruZ60|OrM!rpl!$feoy;4qC;Kpno9P+kzo?O0MS z5RUW%(UlZ0`*C;#AB;Zg*WxeY1ceZUnceNtH8)WMSrn8PHQI%Uy?(erDhVh8+e0`B z@i5t_6+V9Yq~PI0@8PExcQ8$@|$Y8_jeUou1ah-b_V%geqG?lMKb3;l^)Lo9xHWKgW8ctW|R4K}5$xySo=8<8wN*@F`94f9`-Zf^Z-334%9Y zOl4A^L{iODYv7$}M|{}?nglaQi*TCziF&nB#0;$fh>|W7Qvpoo8KuxC z%RH4sA&aYN6FGY*pB>i^@!l@=k~OAKTR;sXMgT2wpk&}9DKJQc56JVc#_x$NWOq=3 z^29|R?oV=R6E_IhQ+_x(F{|Z(5-Fx3wA)I_ee{7L4py_YTu&_G2)4(s?lC_u9p@sP z0TVdJ=j?ZI&N&Z1dYF)r!44H}H4Z{LiYb$lTh5-FxO$?iaqx$3TI+J+DG+9QFwHPa z5@$bmAh)+)#)2=DRRn}z`03WMEQGp|z=`%5p<4H5K5nEqH8AHhLf%biGA|&*UeGWY ztC5}dIE~_ASe8CW&kFaj8WMD}AuJ|yg`~4Gs8P!J;xck(q|9N^tV#*R?e3ud=Zr-( zXn@FiQfbkO1@pfyLbI>u$t=uws9RXdqe9|g#%w-lfRjiQ!(-`*)Ci` zX~f3nEMMxSSIIetIm<@k6!se0JW^}poSphF>~@9)JCkU!%SN{&L9eHIl9Y+7{!%Wr zd8FRu-Ws0`8QQ&ULE4|&8;@xP%oc&Jp<}l6Tb-!3&eQ!H0^a|fe5{W|+rQ9G0F7cK zVO~b@u*f@q1gvO4Oe!rw02O5>)&f5HB{7le(^X~K;P-7 zfB12|WI^d49v>px=2oSkzrT5dYOnc2As=E+BS$ zgG4jRr=Coy5UE8vUm{iMW+|l4eDvrg5<^iDM%E9|a4dm=fh1jW1hGQ|S#ud~_({t9 zmPBF%-6wRch!+nD(sh9;8`a1Ee&eDEO~hb>U1ei{rHKa+h%?@@Ik<3A+8@%@y?~*U z%jl2>Z`>RtZXe1=DJ6+`zf_}T6bu&#p@)?z(F9_!~%x4a?*1b^&lzv1($BN5IS z`?9*xok1RFcs5?qoI(iZMLL#gvk}!dfqnadCUrpRdyeQj0`GV04WuR{%p=u5iQ{R} z1KpD!iVJXVkZtQlZC3#~EpOQ*P^}tLFq2dq*MdB@3k_m4N3NQ7mZ^n2r$TATm0n|& ztSFybA7yR38MzL8Vc4J*GP&Q>Y5yjvHEoJ77VBy*(0KamgUz}v5?iKg78IS*S;EKN z{z_)6M$K)fk)LU%S6c*|NcluJ1!}R4LGw=XS5PQ2Y}!?Y4XQ}yrZhGZlFfl`*ny?c znKT!o6XK;{M5KUnGLFEzIw$?v)|SKQEs>5t!(L-#*o^o)sT^Q?bheXjLoES#;6$as z-(@6bmd(qt=?AGzEcTqdr@ANSKe>lUb_5YF3-v;Oit5L~K@u|m!lPthfUEvFxwV+~ zO`Zm+L}eR2RyvX-VW9^uKpzxNO3gg+4A_$P{OjR6hs701Vv2#ryQ@=0vwoiVe&fKy z=BH=R;w>prMx~H#7eokDHxo{T`6;v?k$e4L!flE-+1leN#14@k(iGQ4UwR51F9n`M z_9J;_+Kpsgr2D6p4N8BB&)1@jlrcwxrO+DDR15%2E)W4#@$z>1uHxeQU(}vgUQ%gN z0LxptO`y~L0F~r3V1>}kOCZD@Y+f&PAfam0MB7v4!0YsK=PC}4c$~oWzNmO6OD@!` z7!nfwGSLJMLkx$()Kska(ulr)IP57dPY43wT&o6}?vwT2?+;xO+N;8Y&F|o9q1{DJ z42X~s3pp}WGV(t5%m+p8p3|Mnj|iz1#1^gGYP~(Yt#R1OegS?UQE|b6PbXcn-X4pH zh)}!x?DzNy&2>}0&5o}(Slazua>RM$=fh26VxcGE4N_WTR=c{%=k{|P%4tpSez;8_ zz@{NC>YaGkS2soe=G<_u1}!Ov%vGya#X(<-%8c+PyXMdPG^H*i%tNj2t8#LX+K~T6QHXf z8d7Se7|OxKohvO>274TbiVlL!=lCmEVH8~jEQyRT0SykgmdG9P{J#_@)B*O7yFJJc z;eU4TqW8EZX&2D-N)v{t4}o4hGpg(__7mOr>K(t)74pGGDqiS|cRNl6C4`C3V5s{4 z>L7+*M7wC90;ejMhG}J|jiEAep)qeLt*#4cL!WaTVyI?M{ejJ>RnTc)8F>G-p(MoE z1qLGOe;E8>8jc6R1KDsc0wLRnTyeWNw`gruyIlwRkDA?fL`_TBzP=x-{;006TZ?Io z)4B74*X_MIr#c@T{aq5Dch%$WKukCK0 z#s&sg3qhrCn&)f5dby?a{$S-vkbM2M-9+ok(Tx^U#kh;q**Q;7T7KShl29NrE;!@tX^(BVnSV+6t#5 z*7C9W<|C$Z8^ep**v6wYE7&u+b~xGE?!asSNn9xC^y!Bo8=?Q4i?2l3~oQU2N{|xRQ3TdhO03Y2FEJD>I3H#i~vJa zfHOQcy30ZN;a#Jmf}L$;a_;@}c4qLHDJ2|kdAIPj9hd%!qbDzgEN$wq;9(9f{bFWn zu*&0n6uYIH#Mjg1Y8@kPE}<988l{$FuSnLsS5h7|0rg-#S*`u%N#UNJ$y;w8IvcN= zlIlByBkcluRGWiQH|;yv2c%q^H{3JxR+p?jWOqwJeA0L_1~y*p-Jf%tx&i8B0jJYw zc6>q-Hel3LZ<9(gp(r<+yWpJ2$9TDx;g373ICjSBF z9O9EX28Z(bp*2U-^p|VjC24GQ_p13JcN(EO1c0b7$tZmpq6N0I)!`SuX)qs$NiEUW zu)4A_;1Sk|d`jY3_-XSKScT^*78Lh=gxAqoO5vaDA>TrT!URn*Ew<_gEv!mZ4iTCvAPM+Pz``MkDT zG%?@odE^W*2mJiYP8FZXYx_zG$_@5z$=hoRE3eibY>9@vnX9EE!RedN*4#pXD5z zTv|r$*Agh9=?VmY$HUQl$5j{2EIkw4Orl3KLhQnIwKDL0Ht5-hZ5T6Kz2(l?TS9MD ztWW0Q=P>r767~vGesS-fgX9fAZEFfBW<@RDEF(v#sZJnG)}Y>lNP$UZeNBR_D#D16?U=UcG*O9yTTF`7cM$Gxq!a zsqo{Cea^tN@--zpeeg>cFu+c)c4954Aqiw^ADwLDy9MQ2VYMzlhksuR4f5)FdkikT(m6K%_P>4hQrxfeADnbYiL3o17vzijV#)F|6bGM_ z#DW@`#$!>+KF$c$MU!2<3R#k4?b$*w$-l4T$r;Rmk!H3OO(L!>`Z)V{s4Lk?+oa0xp+OI2^u?tDVKg?FU{~>y z5h)|ziK;>zljhrBe~}p3b+r%8_YLrouyY5wUNL zJ~czyohSW+?{r-6ldaP}lgMs6|H>WC9K&l3Vxo>6C+qtNu^}f3Q$LID68nxn_Dc-- zLljoC_!_*{-(=7^)O0ehs_`c0Q)#V+Xo2Wm_078@#`DJpdbs6|&#Xx;$r?+6<1R)} zeEZ|y*~O9%G@Yw!Pk5Ax|Cr>x`6<85)i0Hevi~Sj)8gMr539qV70a`-%GU?7s zaZ*sM66wY7&5l@SyPD*B+damuw(_T~fk1v55W-%Z;k$4b&?Er@e&`w;39+@aBm02d z!l;ArG{ZtWhvcZvy3r%2@DR*t{%loH8oPGD6Q#5FO|i{QD76-k4XpR_?>XUVbgXHa z@cOEf!t7h>Bl4l?aphmi;zAQ;>>jO2IFQgI{e4zU@Oj+2N8i)j?cX@2C~m7W9$H%jk1jPClw3`PXQFF7)+tn=npr^xk3dI*XpE)xO z`aQtR3Wp`WhpWq5HdaR~xwz&<3_j!i=<*}j(n&#jJ->kW~xS$=}e1xk~ z?m>38NmKip=(+o6AJOMoieDTN9g1sSt`nZgi8pxfiIj-nF$UkiE(J6eOpoXpY z&Tg@Nd!+fLKchjo3dMb7a(nkcPvg!9SGXOnel{JDc%(B0e=&Lb(;GhmrqQn!zw$nl zaeje9X(k=%NQnpYB+R>%>Fb`uvk(%WzVLbl5Qvd~!%n zFOY^~-uV_$S#pQHM{MDP+MPYda(|x={=8Irs7XlAK=V_rRJ*Q=ByNTrIM0*pRMw&c=JjrupzMu*@TvxFw z$@D>1#{<}y1Sb$UeNFQLc{uurSn`|9y=R6LGnjVE={w!^=v+kp5h%NfQ=hZDVrQVE zr%?+1uo%_=3V)@^D)BKq>)Bl?OI8y8f`iD@YtATp43w7QQt`*XZDq2qM@Dj~3=(7y11>#O z07k*ujzpIbhKB018cbX;Rm3ROsrAi<`LG`=AnZhF#F}SD-ifiZ16!XyL#`byc5^_O z&(~ezTd~*LF8)Cvh7krDt{Ia{vm8zG!6>NQ{ap94+(e4JgCq9^CjmANM zSLYTr@8&skz0)69&g~ba9+B`I)Dx4VS(6X*v*<#bniQ z87lNNLi9emabJl70kbO6Jd~4UFMIv{vGwy(O48TnQnbg{hT$lXM zBSrxLJHdQRVAXvf`UkI-aLEstJW&J3+SRc$V?Ns2x#_n7&=c1n|M~t++9ve$aoe|> zUE((~wQ5XM{5%s4YeC;-p|Elw1Q-k8%{rHe)a7&)MX}nFkyf5p_36#exHsci>UTQ( zXEm8%XxtPn1Ee1WBH``>Ht93?n_LO@o925d?(Ob}(>U0EJBESH!4|keY;0|x9rXLQ zat=#IXdC5VVnl=~-i{<6JpaoSoTzGqU^p8`d_V417wLZ?i)EZodM8c(J6tmKZZ!92}q4-PYq12NXW7 zq9z(_hdP`;NS>0%yW9OU(OU(iiu|`)p*b|<`Q_y_Mvi=rd|-Kg0b;qP-<0zRa`+OL z3CDBnAs#06)elYQ=)#~)NanfVw;@+c10~;1c!wcezJ39?Y13?1l`OlT78JkMZ&ESw+jrX`l z{OQaoVuVQ0PGi}rTumQRw{oLsA9zkj@E7Nj=){eKC@hMhCDs-AIoQ6+|Fc8^L-xC$ z@N-c0pTc3y?`#?Bhfm@_1}zu^UXZ8@Tr+}y^R4#ba!cshj5onYSo2dn{fu2H4bSkK z=s?4CYK7=Zvj5`zTk7{S^|+ebT_AikGZDXH8vzJZnMke|a{N}Ke5zpI{$QzIGmH8q zOrdqpZ%ZT{Kv>>ppL-ts<8u1a^~Y5}G}@OjPK^4!a1{_{CbX*=bgDzExjjvL)^ z%j&*osa(Xl{(h#@`zDKIZJFHs`iF84YjfP~or+>FaTv9KmaYksmOCQ!L3UfK>y@gN zg|#g)OYbl-b=nJ+{*lpmg8PHkoC~nd{t)TL?Vw5V9j*Xv=OFJZdI4HO_gifFVDpxT zxA_0@bk<=}ZtvG81U#fD-2y7zT@sSgog*O(Fmy?Xf}|iI0@B^xhzLr92n^kl(k%ia zqVL{*f7kn$*L6I{<1o*&W8I&%7AVdjgT^v`#RuiLYM#OI95gi^0ZL^BEHY0d*-&i> zW8v^j2zK~ouuXKNBC}osiytg~f(f!CWnx;*fhFT=E>g%1Nd?|4j_pwDtS{M^4LtK9&$v4XsRNe!Pn05D(zFgc5p zuxlC&*WJLQxdt9w7Xu8J;Vu}=03wxVLV2}Sn@Xex%70{p;m zJPe{MAV`7#`p;jt^`nEkFP?zgN7`|-o2m36QA^*aA7lu590>+*dC4@>Z(8@JQDsSF z@#jA;Xf$lP))fVvZdMwPwudW5v{iNcjQBg!Ew&wDEjQ4iUsCYRw!vX4-1dRzaGYbV za)QYsNMf2HNj19gXCueMzMu;@;R7zPhtLgP%a3$TA*VKGPGm_kz2AWv^4(hCHU?P8 zTM~o)AA@UUWLUfcxr&CkbcFrK;p+kViv=%K4G(JF!7MNiBfgZKoPr_`#DeE>yB)Ju z3oml+HBgm|eI%jd-#GVhCPqF^{FooFzldyorl7;P9v}XyS*EzC-*3pjL1w+o!)q}r zaaOek&DR2E=z0$rSK3TKDCX|+!o)-v3)vY)(3rkH)5a?}`mA#jg#lJFf93U2B@p(kdS3*&of|q$LE>*4F~IxTwGkQN{qp~qm#I_5j>gCC0NiXkl|b_ZSAGhWWdD;OlkA?vB}TG zH+%)WN6#F90HOZTTrxY|#zDUZAZE~e47*Lh9Bh^Yl)o{Nk6Gf>IbGrXT$q;OltMOX z`d-zYw9n$c6*0`k$|p#px1Fn1sva_&JLxH5d@w(bn?_@9qsU2ei*3lL)M!zr--31% zfASe%r+a}Km&>dZ*F~<@<#~kdewTE@jJgc zPs7H)OVy_7>Mal3^y?_bnYPD2j4dd&$u+@y#z0~oCi0eou`HxLdqw;XzRZ(ZTS_=~ z0`$8vXBfj*i~;G*m?1>dG+T5!%`uH$+1u~88%dJ~%E~sYW3faF>aho82^l*@p6{4{ zrxCeN~(f;od|q)inb zHKpVH)!dW0r-HTvQzf?i70c$dmZe`eWp3W(9<&@fSRzY@&UP>%0hSBppv9;{jhOzk zw5x^1>I?_kTZSvE$adi;<~N~Y~mRZuoPyQfI=SxCB@zdQ*8!*V-T2xmUJR$t&# zxZlCs(^_epHCKG&)?^{E9%8!eY`Zw$A=72W`cA}&f%JSEMzn~x-rmXITio0CJ1{^0 zZ=?}AH-O?V-n0n&={0bFTyC=KtDqa5su9yNQBzTzL7PH$3`?P-J(>BD{PO4TC5$vf zR?-37Vbopu7Fzq@!!p z^N$Qe0Jr&Ae<(*pYVk0hcnHgZL3?^~esb&k+2D~a3_WLKcIC!eVTldZb^hkZ?+rv~ zaGSYW%HpLZx42(?4*MmwF<@nY)IW@q><=K8XR9klO$WscOgdiO`jq{?I-}}r3Na?v zu{p%g?X!)5bqQQETBrHFXU;BzE2qrw7T*_%BxPc)qXIMr z>rNkPD=XW^TwMBDq$F4or%m$BHXr{LkF;*e+D-D}5#w}-EfKHdYPLcnHEXeSdB=xN zjSvkcJscj>MRIL$0EKs01e^w!uhfG4@LI}pLs^f!w7o48%ertvP1)8yi+Q|TywQHf zCQoNYz>V=IRm5hTO<2$8XS>x%p8oAvF81pAJV~{Lx@gQCC3$i(zpvtL`nmV|C>%4^ zb<7h{{TkT9%q3ZTAy&da=>j*gU*spvVgZ$Tu zf^-Q2lB`#P?`p}LNDeuk8*4EI#T0%0q?ATwe3WKjBLB8sm@mKKKK2&f)wh;Ae`MZ% zTd&$)utx`_6~F4!C-bD4#pTytW4L902;UWe28eHKHn+O`Iein{g8kEmwnCLRtrVCNsN zp4zV2pl!YHXLY7d6&{$F(xZFLJy1dC6F^+} z1dfo;Q8Ao;uBCb%;1|scLMz1{n1-|w8N#`6*!yK?rnM%K9~rsd=I^red%Y^=IoMi@ zLY|yRdTsF;=LaLcr8ll6h$Qx%;7hkM{Cb)&$FGBDCM~#eH(<0xyIbFZkY;~*tI}~k zpb;~-XVB|5uffKoC0n5)3oim!;bM<)Lz*N_l$e*zo2Qk`8U%j;+Cm&K1Wy6ISXsyQ zl$z?y_YFQ)>U?F|4;Y#ZF<5X*YTQX1T7#BvD1hknnPdgT=K0~+wHi9_KLL?|;8M;D zP73+MwF}14rGz`O0(@(JBFbGDQJCrpoqC(y7%!Ca6yoVgu2a3%XBosRl)zU@UEV~2 zX&=y{U=!#v7z@L4*RSG}&&#oQ*=I@wX#^S={wC3L1-98`C;B9_o|JPamKi?|3eO+h ziLB2YwQo_%ZDm&We&EM7w4x)~5p|dAQTZ%&^~`*|YZKyqJR;HXUhzy;OucA}a^h}< z=Z0`|9ia{w;|LMct%$rf0YT5{BrZ2UV`9m;iSJtN_6PBOLa;qw8)VV=1a7 zz4!K(HzX(!g6i+q{ONEB5kuLrrCIA|gmjjcmt~u-D#QA;x6?GnkG~!2-Qn9`d+hl+ zFw6Iohjujk6Diz^yWIh!8Ct|=wSt|8n>hq{x+%4p~7N&|!e=Bw>$xWG~Ap(OkEahx+`y-T)bk*tg+ppVcKkqg$a6I^4a+mNy>bvsg zSBEC#w|?;Ht6jsk`EWlyU@}QGryad!%fj{jt!A;!_9;jJu>z+4%Bd)dbyDvsf@_eL;!#yS+rXC%E-TSd zVU;B#53qhd8{hVt=nG!A6IRHdedv;hTprrt5~A(t#DoTJfLolAAt^52HxH|CrcdXH zqrvC~{8L4V%viYT-oXea!6OrDJCK{4dR2`dqa^epL&jx+nWPbtFf zd1xBf8LpcbxQLk0dlVg}RyLru=jh|ARUdj%4AThH(7!o^g{v@W&S_~@#(EnWM^a7J zq21ecq}@c*v~c>>9Nee3m%n0F$I5oFVXG%;O_WsKTc`X^Aspjs{#XP-L1b-v0~a+H zV;oaRRP_RXecum5ij3$R(l)l1V##0EVTV3oTbQK4@3&mF?CZv}i$&?6{;U!#zL<{z zj;1uK#FN+Ue~htF5+=@2*SQNhhWW_ZvE*SOXf;y19!Go%>;-%=t;2_TX%CAqJ9XHs z4ZikVpj7=57kxW^iY8Sm(oS`+B`Vd&+Q+mBYo^m+KS`;Z`Z)T5 ztlv?ZVEm8RNk{yBSNam0f?b~O;&tJ7z^B%|(YN+(=cCT@ru$mbKyLhFAIO*W2h^Z&VPuYxux5Y;5lp z4bz7IHJ|QT_SHp(rYRzG&qOnNiDBcqdMi(4!`*7xM<@ngVw1KznVQNTl}dh(m9yju zDcDiGRF%9d$mKzPP-wT-$swvpUf4~K=1p?g z&|?80_Qi+~Z~PXp)GL&)`l6@COTgr|{|KxY1-iXLx&bhRI^X+o)9hJA=Kj+vzQCC6 zP^Ug=sYIb??{_~`{yQV#9a0<-mAVs=XE+voiN5ij)sH>(_3>)(V~2-Y&$CI?G%6kM zJ;GV5H0``awGm+D%B?S3aZ1_3N7fpkWhlt!Vr3doV!dm<> ze_btn6i(@G|H|0Bww<*mzyJDHSN71U8rSq^Z&G#Vy6JSXYWMESl&QQ&d%uqZ%UWKF z8X7))99wdLLP$CVB*}N9QUZi(08)_Zpzk9lA|%u;@hJK2+orrVw|L1X0~?wL71jm2 z3hY=)sVm}qBlgsEu@dwCV8b2FvZ3uIQ^T&wxES}07Q|E2sX^CmF5BNjhZu!)=$Lq_ z6aG%qrAEFGO6Wl5X7TRv(Rx<_Nq9rZBd6maPLOlYGIXad(WmFsFKykjFX3W`L%&1d z)9>GV{j-N&2VD8K_v9tVj%~84%@eHEXAp zoanU}FLOS2YfjP5m)x=9*jF0AvZE5OTlxIf;g>jT9K`^0sMs_iIDZ?sjy^PrxZ7JZpe4|1|3RBi4$LwBzS(U90wGLFUIn3BQ3qEq2zc5d zXF5^gi{@;IqCnQ|~&T4}vq+CxdvBd--Ah>p>Nr(XN2KY~90cvv$ zyeT)Kl>wKSE)v8_LQU)^j2#15)jt~!p#6@39u0VUOQqSiFq$P+ z3=1k>z>Y+|8}$KPYG8sS2BcZmfbh`=4GKWpf|MfUNxvN}fXN7i1VIyf2vpUfe~Bed z>ZW(=y0jaR<(8op7t9_)z>);x-eJuHi}o+ThOPlUzZ-(3@LvbWB&<{oC#H{r_n^FZ zh)sgOq7q2DtOc%_ywcMDV1G04S8taXh1rP#vK+D}VC+T<`C^RaXx@+QVDt}Ls4?Kr z0=h8zdi?=14}at!SH>s@7+zrB49r*rh8M`+za%yFe$d+0Q=U2&B9Ahk$Q`@N!w4-E z&)R6+SJ<7k_Tusx7Cz~Wc#(X2{gbm+-K#QNEiQ##k5MN^#4#{c1X&B-DziI`euAzWJb3zT#)8gZ~F16VP1L`R5VfviDhhR1%{~(L-K( zh;-m}uB^)-G@cw?_8iMQQ!^PCm-ev)Ke_`Yp)a#%L2*#lU&lj+s;aLJs8dg>D z0SVKoancZeeemlBPADD@7e*;xKA1KR{?Pw`iVa;8a8}pTGIIb1%|C(24GYVG2b%&g z#}B|+N@pAvqrk>4a1H1MDt!$gBv#?T4hB#Gh+f%71i0Yf>`2a{)}69)SpCxq&~P}6f~yP&!-gePwb$bmnP5}`IR0CLY_FedjDI5m_XZ~w;0I0n z?BdHKr3ns(U0AFQSP?*4bpq->cP zoYUAua zbM{)b9zE`7Ns3L#i58}zGLXx zG|h$H(rnL>3poM?C@TtfcvU3Bqyq^D_RcKl$Q~V6SOjW>~rUNc<#WM@&h=V1yd9vj1&P|wen4XP}~IO(mz{& z-T}}7*dv*C{2~8q16W)bUwEtS9PEFc*?)fA%kbMsZ3a{5uPQ$FE zaKW&jt0fyeF{A5;z~%kF!YTN%VeB{?0q|#tWPw0$!!}te`$NE^z;_CoGJqje5#R9B z&mLabt_B090INz1Z9%}j#00iM@H75rY6oxCD!8^Pb0l@b;SeP9;lPSnK>%#lki3S@ z%p)*0$Ho9`-%;#}a zRppv21YLo=-@Rqh6bl;&Kx9N8>Eylp_ZcAt0$p5C#I1S^M&f~^zz_*Bd75{ChNpuQ zdT8{$tq}g;({%rF{)dmjUki6aml5169j92ux32jSl z<`Z<9WBrTa@DcWvY0z+N+}G$?=~%Y%7X;Ymu^XQBn9t+HNf5V1v7gBd8ps>Vi3F+O zPu4M{<^DI>?VvPJM~J)E;FnKsH{a%QZO+~_V|3*Y+upZ3wwdB5%cH-=x;kvuX2~;o z4Rb&;H_$}9#TaPm4H|m=55V+m4bbeJaH0nNnggs~L9`_-w!wgLr9BYf1nAHT z-1`AC16ooB`ZxH<(e|#QU%hUDAqlBCY*T>6ZNMt!4S&2k?EupdZw6mC2aXhYTmp_rumbc#vI9E!z%^P7gv-EjIRF7+jyiXuahk|>)gy`P;jSd=g;rO=k`8nVM zz$v5!?Udb-la@c=#GBG&iL+yFUQySzD52+%JI{Ps0Rk!_5u~=)5i+8j1jO3?#Dr z#-)V?y1>8Sq((Kr3++K*_pgEGLGWbO3Z~qN@l-QTCnks285uwXHM*SRCXyJsvN*6x zmx`HQVwaF*EBP85gcCeFtr;criWEG!GA9s9{afMn>h;)l-W#z6JHBj+@_H7nkqZ8! zQp08W2lN~*+r}XllHT)|kj(~Di!}gv$HZg zAdDQYiy%Fk95B)VlfVSv=;45<;OSuW1l7nt>nVs9umKUFa^SJdb0VRfJNd&4to02J z<1dI+ZfZ#vh#pX%YSVl*d${;VcYFHAdML__ip$|E-ox^;eVh4q*=zzclNDvjI8>2b z&$Sr`YrJ&5OQoch{zeAN1(i1+TuwG;5Nj^q{ufdHiY&IdT<9Fb+8-a=sVLo@l>hIm z{lc;08KwCrb-z+#gd@G!}iE_%Ml}Av6}l{}S{>B7Y@!dDQ!lo(7?kiPu2=2Hx zU@((`$6pvJ3N6Xte*GtU-0wO|edzk@cz zCCp6&_&9Jr#Za41(i$!2t?hosxl3(^o+TF68IxBSva?ru5dC-JHD`(dAIjv`etM_p zKrlwa$HuLeIg)4|Gdq@oL14?v51gEsAVaMJP?GEm@eBeK!9+XNsanq0JI2wPt*Ijg z(irqWJwYRGCt2&Os@|Nq_2@RHC|o3$XJ-dlf^VZbi}ER8Ijm1@&!j1CXx|tPzEx;c zvv(((b8iCVvi0KcR(`t9`7Df;Ze)igK#(96%v|&#vFfj0& zrD>7)gSL^6YK!9iv-98sKA1fL-r~kL(v3?-hKAOl0;skn7gk8jn#nOx?5zw9W2kOdyO6oaLyb{e=d;d@-Y+%AK$VIEM_Vw*tW&oM&yoTLDcn zGQYN1U?c)*C1mpLeoA`pOmKMj?K*+>M`)59+xGe~3${Mc&|qJ9)ETcz@|bT~;6?%U zt;<+2H3A3oJmA-Z7zn7Mv>BcRSPZjw1!NZisS$-wC*CFwT# zs03Y>Yj6nzM`}J0#|!EdSfaj{t{DK{OIT7QxELi1-Ejp zwDQ-t|9nf(g2~TLz(!nqg&O^?9U@qGzclbT`CS@TEItTnT`h{As);v2a{2{oI+!#?$TJ^SRZ5 zOcSa|Vcx|M4onx3k*RAB`|2#}57$o7CU}OuwVRFVZ-=B01-W%e6kQeKEvjO4n5;Ir zl^-V2^q%+aMg-9MP6OjJWTF7IBK9`8L46Qp7-$2}1~9fVHT6jXQxm+{g5R|_&_|&i zPAVtNh(#PK3v{Icea-M+=F!DcBgzQ6Q6$i0DjXL44ul@l@652@00{QR;yR^!nRya_ z>yF=P`ww9RwqzVjZ@g!fawNxkp(jsqtk<%aXMjfZ%$mNd(H(d4ZeN;y1ZG^{{(9Kq zY2QfC=G7~?vN5g+g_y?Hha#0LYK!HdxYE3yE2P3JktAFpm*QiFme8z2iV z655|3RtN_B?%)p5n?ZujC^ZfIZhfHUAOz?r{~F`K0rqPdbw0((Nh?@4t$=a@=|;CP z)q9E&bHLVid>`EHAh`=`;=nm;wXD1EBGCQ-^PQn2 z2aX`BoY=@q{mYyR^Y=Gl2oAJ#f;e(Ipe@9!7bras#oRKpML@ueORUeL!7N3Q3&`rNZmq63228MfS(-YP$(pO2Tp%B;Ms=Fcknp} z4Kz|EQyb#U2*yyScuwJ1L{aEDBV}B9D9@MW4e<6-<9v-X@3PV{`Ewu1cUp7&>%`Y` z%-_%WZO7hg#Z?pvWurmZ_yqgDa2D6mCmM$n_}_3#spq$sir7-Ipv zv+&9ZuE;G-( zIEfW$x!8R{Q=Ay>_FZE$4|{3a^-jXmQY zCa3*TVrna!d1Ugi4XH%)#5mHDEQ-RDBaLJp$V9811iak_MiyZ({Wetq2fPE#yDR>) zuK^1PVP>e{KtlZgg6ItjU=BNIXgBa$mIf&d%`i?7oE>ezrtb@Wg?4yz;5e#eUT;zb z?tOxPU7Em@<_1+l=yK8!Y~uNdaY| zAK~qs&-ZA#M8^QCc#x?BQ7ApU&yEQ)zzrRqwGZ0P5nykGR~&eghBPXS(t;g2z=87b zt`6UFpwr~7_T9hQ)&kG5d%5suCB5l65LO`ygTI?W9M%yGSN|X6F92-qGlqB!dWb~L z&g@HYnze>aNH~<{LEw(j3gmDY=>Uh_4Rf3eM*q_7p_&fUv4EBhqIEi8um?==M}>0y z&xribWAl*b{WS=&wtNaGMY+2AYKHfPY+m&%q8;Bg+~SFoq};5VBYmx-B;7i`jW}Ss?RPqZ~PHWM=7xi>t zt0bLyhi*XDzcL3d0H9aosS{yiNh*L+q;1BB<21G!lAQr~cczPv{JQ^&M%_Zw9>#;E z0sIV=G)ScTEY3NRxK0+vXYrH0Gx1ht-xTdlbW>>)wrBG<%kLfKq>>b6I0To9-!3cK zDE(%C_Ih3Ey^=C&1jaFe>(?qU5A;B?9j*$$e;&iM0f-&~#|a>nm!V_^@2GH$02*(({l^uokx;)D znynh5xIl9EN#Hx`|C5*g@N6> zK(Oha`Uw-3Ao&jGLQt#zJ^lQO5|sVYRgMDr)Ep#fz^9l2oH@4m9-k5weXYqAGNqEd zO{0Nye68qbQkGcilSXdI?T(0E@JlmDkZRwow6W+SOi`%*;u9GUE#BAg|hvx_P%}AW%l?SK{cq!PFI=4a7zgnxm*8^`zUgpO_UpYISur zWvyem9Rn{eyHW#p|F>s7vNfym`n&ASD}^F{-{z>b z;#HFT^~E{_I35-kGJwpB755<<0B{X!0z<6OJwU^xU(at;ylJr8nu-XJ_F z8Cc%(6Y40n;`Helu8*K|m?>|vL%uvb=t^;u71%_$NdGb)ZhnwigJJ&~2U=ak3Q+GjZlq--D>Aa+`4!pH|@q@TNdv7^MLBRJ!?%n&&G+HoU&gjk?mNQ|F|2cw_CWKDvy*M zaLnaW8`5M|9^>M?sVle|=y0wB^8XXi>uETDxEi~52Hli&_Zg=Pe9xlN@g3bdd%sRq zir*W&K=yTV%1j=7nqyMG7}^K{4$~p`Jisjjg^MFd(VsT(#~eJ4`=k4Mz@llh#g^;uN{6KD9zQ1 z;_qSzO{XWXXRHvh z9d)Y2US4DX@)Bqm%?Eh znNXQ}--oQ>=aMIx5Z`Jhj;VdMMXmxVD(!;c-iO?$5AH9lVJL)+euPV=(qVt`>R zw^!$BiD#b)u9>;l=dZ@nuG0xDdWan5|E`no*h?$vu2E~mp{_}?au1M|X|vGsUfxh6 zMRnZ3#;^X!!iv*3%8om=Af-XVr1?1j-JYRtn7$I*1sy%IYQUM`^ws2UcfQSRu4ULP zMVnq(kkT_hMk>W96s8dKXHe<#`bclN9>~AX7Tk(|)BO)o*N3SU;2|S4VLNSZ4YP>7ARyun0+d6t$L5OV?|geUGz0p>NL;iDcRR%)`7*>cSnia&trU~X1L?FIfZ z%?NtKyKl2O>(Si$*A3&~S6Q|`b~S2L^NNL4;CR|YCn7!HOra{5R(a=()bXKH3`$$u zcJo49%(y$=iD+=W#CYjzVY>`CuktJoRaaDiUcTOZK6~#r7blHRzWcM{@_Dp|<4fxA zN9C6Lxr?(2x%jp;9KUa3(x0hF->62H6U=gsjH1texrQDnzAs+<=|?9e90i)-8woLG zPW!!orz~xf+n2s8PY*{i{(P^W%KV`1xK0rl%a6s8b)MOgCfG76>a=5|vqn4FiC*E- zDYn^z%bId6|-yr|s_a^i<@^<1K z)g9}sMAH8hy`={9`akQ;CB+tw8OfV4el%WDW#@Ck6I(6%@t|nFmZhppF{7hK{9*Ap zD3gm~r8B`znRe(md7PFXEYxVw++YJEP~yUk!zX4e1G(9a0rnf7&A@HMTpqqeF+ zkI>p)COKW>I+tFg_2*rk5W``u7& z`6xOk;_Z12tydj}heLlU?&1(I;;$_mqkcRmp`pDKw^=S)93e$Zic^<+P>a9p%g^?6 z9dm@4T5~iUVAX}2@=Dzgt-{2fsm6@7l2ua1+lEkm=aCjy*689io+ip6j>8kUSUznD zcf6(<{a=!19%?XO+!x<+qoIW3+U`kxt)=CP;+gnRKM+N63$^V@^E?8C)jA!X#f_uU zcGLv8*D7pX6S+m`GH$PC-83C>upAU@&%n_k`lEfNp`v6utvWV0?WC*w{DrpZd~~Pp zDIcOtD*fb8ICqr>r>NZC>Z63C`sdY&rY9IBSM`mb8!#6M1~sOzY_R_TIjEMo7XZU4 zX$b>=zIz@oaQ3{aS2V}&(igpCDEh(29qlYhi6=Os7mpv1DPr63!f#0AIDksUaYJD< z{;$Zr*mS<{Eln4zve%GK-q~)!Qq?3w;r_#=eM?iG-R0xfb7XoFKe&i=9N)XV{7@5c z>a!^AKVf-rax*XCNXp(a+BQ=dd$2K#=E3)%w6T>2M#AwfW3C>(Sc1v>{;@7#F%*EK zCx_*)zXt{eIuQP9n4tqH;WXuJe0DMw41+ti?8|FmxejW7G@Uuo_;d^rQlI zs-Se3nU$;AYe)BD1LalkEg5@)@C zhYs~Co&>2i_F9mOP$EUQfRxKHdn__kX;t2ICF@rd)+1aVpU8Rid!?XYJZvL_$yzSl zlizKp!-qP2IVWA-SOWx;?mF1p;+O~tk#q&pHw#3HZ|h3!{dDxM5a@Q4D{*0e=)^m( zY7b`&$tb&fL_xLK9cu0sKYP!u@HJ^x?4t4}{f_ABPCA-qGB~Q468c`E)CV1!PQN57 zeW~MH79OA!owk_^vb__t^LTg8Kb-2SU4TP9n~R-Y&fT3KD8V+fBu%$Wm-0{Taw}dB zXnlX`IrK{8=C{*jRTuwLuU15>dh)$+n5_(0Y{P{k?G1FDiQ49AmGJ>PXZDsOYocUBBXUd_l#vcIQ1>((Bq=UTZ~ zZ1|a$e>_WbKXo->(vvR;xw)7@#$&w6#xU=OU?hyJynNq=guyi2p~8o2Oc623lZAYD zzHI6LrU|HyAuVt79nP|4t!Pd;e1yuA+O`=kI%>Y>{om#$!OJ_wA_FL@&pz^*tJ*#a z}&16&Qi5oaw4h$ zJ3atE1Fqh@5vckdn8rUXd@HYXqslcKu3WT?;CqN%4C?Ee?v;P4a*WxL-4#*t?xHn9 zXN>~u{Q&a(+sKJE3#&RzWF(;(H=uiGf8ST8njI<+f-6m6b*%Etf1 z#TlM_-MwBGHcq$*N=5sN#JSZ`E5skt?%GOFEB~Ef=g%ro$`BiCUvfPZt>Qbx*^u#M zHOhV@zE0y{Wm&S|SM-T$#%7KzgliE==iYFBY&Ep2!Ty*AbG4*tdaFMl`>xL0sZH7I zr~Ca%AHGY329VNe*$#i1jHsvo{WW8je;`LWv$lmQ;cT7o_19usox##$ zd&RxI0B=^c@d<^*OD!r{B1IyFp+984HQeJ$;fo87`|-tWz3u&;HK}%GmJ#9`GzHeb zI3z6x9!{r;6_(cqp1;ucU*w31yUg~zocz^Nf_*3+C4t@<^vz>8ZLPwj^$gO#Js8at zpr5E6v89cB|4Co~91DO8mr@75BDFAgMUUm}wyW1dMFX+h9V?jW+O@Bh`E@?}U+)iX z)smT!%1N5|F_@q28_yUwm3XbQ)nx;597pla;fWURG0p7QP(ja5ONq4XH@^=5EeHH8 zl56V|{#oMXf7pJCWIiow0`<3ZH{xOo=);892Q=}fo9ylGur8Ggv``c_EfN8qu2v~_ zuf{F6kpArkmz$SdshkK;7DMx9P|4oC;`{_=F+@T>>sq!xU2^3xOX4;GdB0zPZobfM z4hqS!R;5OS66VXk^~qYJ$(#AC{7J0(jGeN*bVg3uPua2#R{w@#QCPRg86Tn5W&qcluPBow$ zb7vx-9_`{b9Nd0zim$^c^su8XdWLkFDfS(*ZeIg!HD$_p<+LB1JL^9jR6CcZqOmR06#s>~L4#idvln;&DP5Pg;Q)3kLWJ#!bE}gINUJ~h72OD8 zCHLb%PChj8d$g)}ZcrQ1k>?>LJ$ZxIqja%s+LQSQVVV4!0)cgQR^Nz{WZjdfw1i*5 zTlE}Y6(!OBtq&$ckvX|bU(h|YN|Z75vV^{q+aoHhp3JG%xn7(H`W4=H(U}#va8y4H!+k2hR@q{;~ zokk-%rl2&497M|n1q&aYrV4c?6gV@M(H|2&c|%G}?sb>^lVe-BnppWsl{X1pDZX^J z-L|oT3W>n*0=x10;c}4?4ShYbMtI0Xa+uC^BM*3Pft5g~OP+_>E{Z6`)h8onP7llr z*VF{})y`vasT(kpan+ozYAb6uR|NCG+xF&~9ezgJqx3QX9KHIRgmxFd*?D+e?mQ+n zt#3_ktykZVeHYuxbBgHF^1RlDW#lYWwi%gq;vaq_zIuB1`sv#-B^2WIt9n-9>>!qyr2R)OcSpiaQWymeQC z2_Ym1$YeY-qJW#W@&u->{Sw%s>(3k;x_7Ua|2=25m!{E(yjA?Y5Fx>-@75QsqBqLm zHkOUjU;N-}!&WUl!FiiZ+U{A6sO#Lz6oT%H_ZQ1X-Z!;AYTMH9dm4+YWL_g_o)t50 zc$*(dIGo6PI4UHSM19E>o#pV&ShASIIim2nxNc>TUVaN5roL&?_c9afHyuKZbvq@- z{F0Ot-xq89y;U@N=TGJw5a-d!O&Vo5$HYX1=Dwq}NveeGgYM1|FVL@lS50>XVK#d_ z;btB@W!@lkw^6UO)gBG~{rh+1&BCFxJ>=a0l;Z5hE4Pi219n*F;_SIPq+?Y)J>?DB z1vz`z5zjN|znSv7V3l0zp5T?V_$XMUCZg zkAiEQDD!oEa0!4|zE8`;7n!W_?R2{cXU$_{f_0FT- zl8XgIk;upWiqVn;RjQ?qMw*XBea0v{imCmGwe1a`TI96L-Wz-4Lq7KVDYH zSB_=oEc;o>yM>IW7^nC@_D0TiLw;wb{a1^&O4am~Ni^)#jPoho!0v9xdvbkK-mmEE zRS5mS2|!KF zr)OFGr)a03Q^vZMoG3kdu$g;T&1sEHd)rhmjYLnO)!Ml71OEWib3DoD7Nooo#<0K) z(u^o>G^Ij&VFMs={Eq!a0yXC92c>er#!7=f|D1#N%LJ3BlhDtOuqzJK7mc4n<<=*b zvGgD$ z+2t;9Dejre6Qu4k`sQ1`Cs^!sF@HBa-)`!z#E zwl9B}fPvq`cmGS;+<3A#Z_I9F zLPnXbaW=L%!#-?ylfIwDSFPP>|4bpS9>sTuULx0@27t+X zuPF<4bLeOkwD!Nyi6K6jUoT(FyE6WP1ib>JR|9po7oLQiNBX!=F`MJ+EHH*Ryk01O zQSUU1eV2lTm5P%(29tE*+)5!-HTnZ zL*(~0t#NqiN!2i$6jxJK1?;?i%hdpP%6cZf$w~p4!yS zWyH@!{y2>xh;<6(F;wM>i`i~sC7FM^5w#G`tc6JSsglGWWv|dS#kpBwIfv+)m5afz zmu3ewQMNfk3Z=vp$oGlz-4lWbxmMI~psE6_Wo6v8hmD6kz<=iH={Z3*5?w>f^tdl` zGMY+iC%0IWiGVHiv6gU3rzRmf1Wz}$Dkqh^Iv0q2_$1u6(VM zm}%m*+_vHO=aBa z^Sh54iqwrJ|KgkaBiLZ+( zziUgkgcW0anr>;`L!O*zv&>YNKGSU6wVG!bZD7H_v~o zbTAj0l5|;a8IgZhG6IPF=F6yDNyFWD$T7i-72z0Z+9RAMu3_o6=^?_G{y>T) zm9?Xxi`yl6T}U7wr~LL#Qu6)?TPzlrh5@QqhhU%V2bD!+rZU>6E@W5uhHWrz^)}0S zXf1j*uq(D4Q`GZ~nExOV5qC)EZu^eLpp_1O+%&1#~hGzqvzD;HZDQamIU{`ti zi9I8Jzk)|The$grtA3urrAECW@Z+iS_s5>j2#uZ8OL}`trOS>ImQGC8XC!E9O1ucN zj=_)hYcvCPVOz!G_rA@0OZ_jgREH=sd51{xo_F4ljugC%g7AEjt!-pLxN+f7qURu~ zjArFsMJjnj#giIeHCZ*J$__5Qhe#{#(_Cw|SVM<=>1u~J$<`=5n(eyt6^%P4!?*N#ELY3<&iM?|Kqdm-7ZnqFqR zo$)<)>vI?f-+%OW>ZvO)9>t8X5pkBPQs`ASXSM%vrlyPe#&$#3=D<6HXfmC3U%Al1 zx79puc$FRhSY{^JduVKzfiTWILIJ*p>6((@cW;woOHo zNq1C-R6G1W#q_)ymx~M|^l|d3=WMRFTa`%q;iO)(&Ol_chW`98x}u3`g2;rNO8Cpx z*W_t$gx_iralig2Fg!A@W<&b{dpI$N?~sG|Ntc|6_qPj4eeL$CYKjfVlUY{wan>{k zO`_d-^ivRAQ55{dhQs)Fe)(c9g-8ICeDp}`RxOgLaVwU^&;LZtb5x~?*!&Iu8NUC7 zm|wU;u$>Bvw5q@;Evl0KI=NfGn>P#BxF!@cm#WKz5V+ydZKr|_>^Yd^+}B7H*Du;3 zVdQLvkj)v+rq#n$l@udiyQRv?mHJW+GpWkC=EagtaEVv_lw9!&r85D=K_j z&|jY#%@*cb0SLp zl^7U1YrA+@A=PbDChaNqt4j0M{o*K%nn1m6{RFD1Jl~-$fh0L>cCaadCL#ikfl`~o zzevd**|{&@J=$5XQAou$k3GJSNf?%tIgvs>IFFfY)3(69Pq37bWy0l=LmZiv>B9(` zLE-E$>9iiViXkjK#A*kl)~n&b6(@|4OZpf7^S4o?B_3~a_r0=Ob5ss~o$bo~{|#oh z3vJj%GiQl!X|OB#VEPE(u#Km-bz5OUgm*j#op&>u!ANVDO-iOpS#ZVP=%$-a%^LY1 z-*}Y9sKd96ZShunV{2ivZ$Y9&lu{lW?c?Ew7ntTVWJ%y)i^TeRevQP-@MCzdW6qYAM@&h1#$jK}R?wD}X&kq> z9AncT-q2`i9-OA;>(61eC|GWqF~#nShdu3GGxlamp;YJHVA$Bu4C#cm9FEO~6IHt? z-W;3OLWcHvnl2}|rzNTucuhNEi}2g899*iBY`;er)R7jZCxK zF@b1@qaAB`j0c&7MLX_CA(_|~=Z=((aWS|)t!W&@S!@PL`x(!8%N@6Oxg=54O3obH zw&}w5-P8;|KHf2Y^sA?P){@m7e7v+732Rpe^|yie_wkwWFUO_3@MP*UEm{kkJ-)xnG4V?U8wTKF%OH zD%g8L>8={}EnN2#;?^DX?DfJig_eWdG?FG0wdj)_$qBzB{jz4NnooN_R70aMo$fIcbS7kaWl9yrg9?6+tE109T3)GVMM(5)dtuK14C~gMxlsq{^t3zUy~+?9 z8ub!Q4Z*D22D0eX!OzFfF8|#W;TRhPTZOdEVQBD2*b^gGYSf;1=<&p=IB=vHh>Lj? z%ZRw~^h|9@1yby!qk*TxGXpfu7gA>Abd3?e1n9Yg1U#Ly#3cb9Yx z-Q5UCcQ*n8GDz2ef^oL*`+nzK=l{8`*?T`b*0a`q|L(;w<2m?|CZsr5dU^M}*Gs@{Q9a&*7o7V`4MLclx~b3p8lzaOM*^uASMbcx$8|A_O;;=s)g@ zDd$|ZhJQw<0yB#U)lSpbX(gzS#R;?^BiTOG6}@zke>9lKABY!jnbIZ8wF)D5Wj)ASWbDsZzE6v&IwkAO79-dnr4X z$S?xOO-BOiKk{s-a=vgl>EY#SJ8a+Nb=F4#9k#w0`mk~qdP>}iVP7xsyK)v3mDX(a z-PFS{Lh>l<$r?^e5YA?ceXw?a^8nAp&n%ruszE@*0_5_@VHeplw=b6gMqPY-{3PmZ z6!F*Kx2I`+&~eg+3{i*Uxj$34n%~2+0<41Y_3EueMC&w?4d6R;pG`v+0M(px$G3DK zo5!*0p5!#HUp7^7rdJ(suOu#85Kk zHyu<~G_-ckvSy9HAIj3Fca=-02;NvCcUvCgy0>q5jA=cdxx!sCuOge;wTYUtef7V3 zjala0&1RNL8P~rt-Tx3unvYI~!BY2{dVx_=Nv5t$cAn{~sFX1g@!V8rH}9=~UiQSTb@WpZ=X9~} zjlj40<9Dc4Kh#Uc|fskaUek3 zj7Lf(p#o-d=!xEzx59rqR6rCuTvJ1hX5ECsf zwT=!6pltt=B~TYBB&V{!MGCPCCd-cfRB?A$^C68%<54+ep*b<~DKvYc6|Sn(qL;JObSTdR zk*wV@KmUpiO-75+J=J-;WhH&L$>-+y)}k$pJOx(-%yp5OIx$$o9q9Q%oCm#d{8nA7 zk3!4}CRWB|5|Y(FtT|sDB(5Ip+-(Gi0yA_lfnlKnbKb40X~qoxOorePiu9M!CVB=P zdb~GR8UpC2v>KhZ{Hlgfy#3@FBj$0*_tJ6C8Gk#UqQ-J0^t;Oz`qA90X13StO?H)!H^=)qV9r24z^lwkWCZGndje#zi zXC2Vh)=KI+HG9YbNN=RTzA=*+e(NdzC0Yg%_61}HeSv3~E*NAlS$+K(rE`7whtdCSU*kbFsTF-sA?d-GQNwQ)gBL~bQxLx|tbeNQ&Uj@GRD562C^RLlWXro-vi;sVkmpC)@6;{c0PLRc~Dst(0Ya zd$0xbXm&7oSwVkKo@SdyE&7MLW##8md3KOQ%-~Vsz;POxyD+?nihV26IMy|u0K=;$ zu0CWE7@%pp+_`Ak1+eOiHy)N&BECy$GnZT;AVGA0wZfVbU*C~Rb_c7Z-QjuZYdo{i zyw6ea6;3XGP>u6Y%s0P#R0oX%n(Zw=X9f09gGHF#!y-ieD9!Hawf-h|ehb^akAx}{ ziK}qD*nj!d(B(z}>bbp3WGv1~-D(fVkjD3r_3xYIW_C@@O&xZf-Cmz>L}FB-;2_W; zM4)9wSaqdT+4Ty(`1Fpzt>wX(ko1uz&X1mJ&Qz~`yE;j}oJ)&`vKB5JRb8jG6au|D z+$P(?P6cm6qe2Z16^N*6Hio|pk#g07zg!K~WtK)`2;df%s1uz%Zl8LMH^VV*w(a~s zb$9kQKn?HDizplNQKF+piR2M~3mFyq3=tkV?wcCtR`SR%gd4mUo+z|4X)kPUi_abD zu$G-@#w-aAjqYj5t}Z>5r9LghSdUR$>wjxqJG@0>5w8ki|Irq+K4G zWj&;^5K$_@OtS(_AWY*7Qs+zsq3}&#x+HX(XK)5sr4HMh&$Q;Nh5Iz-z9RkOkr^5eb!5ktzG}2 zNiO;LnT$cXPh{Q;F?T`|?mIE?>KH{fH3K$|=0e zh*mm-IFc6^r6=4@aa4cyebmhS)xV(7|7c?tD;9Q~9XUi4^9t4G8N%9~Z3^%0K56q+U}JI``Fz96V=4_knNvDZr_tnSoJ^}7zuxi7C4bzy za*^gAdY1|kWKDAiXCrv)swEM?-tDmiRv0qvSg?KMse~9U8S2MC^`F5tJT*TjxtJB8 z|0o2ot*r81QD|pr{YxctV4bA+rdIjeOiZQUtTyd#a{94E`mf)=PLwa5fP{4SbFu>e zq0RL$vlaXh&=kl8t2<8*;PDqlS=d7IOxNii$?aoq3nQYn5SQ8 z&9br0{(AQ+BntOgMgW7@`7mw}kAYz?_gstSak)yYE`WY4gL|V>zcRm817p+dU%V zEe^DgXJvF<6RwdLo!Zo;@i8l_GZ+$in}Yeh>wZ}kW#qG$okk|PY3nrS&I>RgM{x0; zEP?tI+?pURNY;Ii0h4*ncHl@pP#n!lM_$5(B~E#z8G2HvoF!!Gl#PFWPLZQ;N9#cJbHcBGT586Gj*5P1aLmwNqT>qx(sxiMX7T(Go z*S6J6J~&bBIQ3DS!Jh!esvV}bF7w55?U;y2w=BZ33ex&=QI_2&K%#{K=o|nvab1kv z61_%wGno|Pqh?Cw@4oT@dGsI*e$*3`h0<=dU*+RtSQt(*xaCoR`WeMnI+@85{kN4@ z56y~-91`^4;h1R$miVB?p6M$5+0T05#co~J5K(>q#)sXvla&fZ@ua;9-_6F8kXcW; zRFMxmH^t;c{$aBa_YMjUYv}=K#8PT(N@;!de*`hlKhjcw`bn(@wIU3~6V71rz3C~aieYbuIGp*Dz~QSIaAZ+NGZorVDj`^lh_T0Bw{E)tNZozqq-3ru5k^yWf|_`ghz~;QIYe2rzh*=pS55I5wjP5VXw^y1Yrg%0%O+4P`q1&khuo)^ zi}ve{t6p<(QgZLd?Q_}QzW8I@{w<{4Xg|=F2$q#$yXDL}k))yZsui64mxdYIDZgt! zecCFyIP8D&%e5x#5xvV`$=#RLRZ2uzd5Wz?EdW_Qx}A)u``B^WsRgx}I+*Z1;WTra zSp|MFm3et>^i76LU$|%@6AS!nO+crTj4QEXQpjiaw(r@*)m7((_R6~6YE{gII6542 zKhGmp+f;aWSIMF>Xz@NV5s%9rU$V@Ajxx<%banoFCc7ejt7cG;9F~CmG&3=5ZTlhuJ~{y{f6UK3J!U9d1cw)5dLFXxN?8~ItCw& z&F%U`wFCJSV%|5txR!%Q3<;W^nMrU;Jo(ve@f>@wn|IbyIP+;Idk#Fu_H8OHIPsa;BNm*$O<-#+}us07yXd& zjAUtV81=`4#^>9UC2QaRJ1#2?F41C-i*#%|VR@Tj@7sOjZn7Z7DRC$-nG)S5gBfxR ziM^ zH%>&nZs-SApKl&M3#E_2YoZW`T3f9S-G^*kB*+6A77g$q92^{^fm{ccxT+hL_$xu| z>|7}<3w`HF*vQP#yZ4wa5CizZoe=nq-&Q9%c!_V?+i{LY;&o-@@NXL3LZxieb*P9$ z5fsF+zVE)*qrS*UZK(KhyXg%*LtZW$rVy=`h<*Nd+LKlIB5SsaiAL7zd6}*I`+NOn zZvAoXae55tY>5r*QnZpxR?K=;#I9~{l$LLj-Ij^*M@#rz%9K9;3>u%3&2!!QYU{6S zN*Z2KBfJ&XjXv)MDD_4*CVU-kodV>a$silCBS{Z^weAyPyL0(6i({>`mb&C(q;n{i z?IlOl;#GGiBVnJP;5hvk(NHtztseMQ4tvWnjrdFl7wy!)Kqo*onLCSO?BR2nz+m~# z&DO(9W6ygdt|8C7=p_&}@X=+?gV6wlk1oOdM8t0|HV8z)%}`bVFx`YJ87%oW#Q!u#r{5}B@@=Daf8-Um z7}oBp%y%USBcnJry@I0`6cv5;Vv#fsL58kMi8#^R1zZd-L_bXRUmUR+=1v|TRBK6L zO|{xhI-+n)_1x8jEPq`mI;FlTyKvy5_tn%B5(;+`dwFw}Rn^dM8=?J;*a$N^SIFhc z(b|!et0dNqCvyZ}zeN(3UPHyIV#f7kNjgXbAgojAjQH|7k!G!=tTC9Z zWjWS~Am!-*X-Sg7^RryWLf%m&;1%N=#uSf}F7{;T!}>fU*faimUDruYn{}Wn>T9r1 z+&h2!*5C`x84_35h_i_lI(vBCxNjbR3}}0c9(CW&-@YqS-T%^iH#HgoR{OC9TT5`g zod;(FdP$1&VJB%|+jlI%$VjCyBNhtDcM0x+-{1v)+!`+(sSYtPHQgN7^!>HL!e_8h zKmOXlx|S}DDx=~k)=st=(Yl2QqKk_c9Bm7?E!3sKfG30(nAP&&eyynDXV)?&y1Ut- zehQ(`Z=aT~0Q_Uxo%0H=t>nV%RclxnY*?EuFo`;7*9dTHQhJ3kk9ljDzUuEG5H2c| zc_jKi4`B~hXs2nRSld@WQ$@^?Rv64q{59Z!d;<#|Ug<7poE1qMFlRz8?GJ z%XA+^D0gUfrp_n{0)B^V%u5bSwUK*a17=7juBYv1pk|$2>s5|)xo{*qv*Jo=-qclLpvna>}9$b>8`Kj5~1T4gW3756hx71U}MXoIA{d+SN6R+ z(ALF(W9$zlBkp0LjY?TzmqouJqHlT^j=8?hA!UsEG=C?H2YA0~RTmce{P2;(yYrJ}s#MZ921#K=~;(Pq6G^HmNeC%|#glJ73(2zl-Gm?xz_Fsv6*Sjc$WL%Y^? zzEk~7M-PuZJvDW3Sl?ELYO_k1Aw-WR0*H13EL(?vs$C;RpiQGMxq|)7T7JS?k}_7@ zW)DJh(+MRSZLiHUzY*FS3RFIUZ6+!kD&Y$WS1%Z5NDSG~(gW(ac7-%kM<$(H<3 zf@d2~OXaA_0mhCjAW#-IH*QJ;W-*`9anL$^Vnw&O0Cf%MPY!Cwm~Eo?V#eh!tn6Cz zvEljH-peMzBrP_-YF#rG_yYSYqu!UgKWgSwy-C5Am?h?6(MmrBafnuS4m&b*eG+xq zXI=^QKiT4<{=NcZVF{y)rms4p&fhjpC^M4t76qe6IuGqK!VB$-%08DMV{h#)*s~co zN<>GFr5MKNTU-9hovri#2g7aJoo#Mp1X|rQwv&iVk(@w9J-_mCycvx-X-0jLl&9vC zFU2;A^svBr#c5E9^Q!P+9&^Tt4`Oe`=W(nQaTO3M7F7ANRy~k@y6~pgTi5_(TFX3J zWGi&Atd!ZGPp-GIN@=(v^_;xWI`DX^4aAq8c3JLVd{G@h*c{VVi3Mcy{sFco*5AFo zrzr=8^3CBrhhLFPk-iTjTLajc=ms#}cB1XG29)|ceH>fB(=30!f{=bnW`q&{K8EtpUP{uiAP@qjfHq^BDIbK9X3nS9GY=trVbwDKj$U_d@ zgr+M|of{DL$G1@(;701kwS%|BQl3&og$?e#IeB9HMCP57#`EW%XO%t6S-gDG-=c&= zQ|o0cCbE4@Nc^|_P45yp6XS8Y@;ORkI3mdvIf0HvjX9l4DW!)Q8TLkZ0}lG@xXqwMJ4%A-)GS*5INrBYRBx`i`Mse zo0s7zG@#1TkOEJNg3^eUsTliwkW>$b#a7Taci9|ev4b8_wQZaRj60o`d$=i z-uj>B4wxFLfw+DLucVY!@6W+xcBF-Zl`<($wJhVGNTlgASQX^SGo_YV|8|b8EqTyB zelAJ(EBKYMXC6dRE9g}Xe)u9yHRk8@TjYiAmn^F&S^_T_Bx@Z+ ze-UOQmS`&tEQs>;b+9nrrpy{^n(5ts+#12<&rSVUU?Kkevs6%=w|Yo7_sVIni`( zJCf&?H)zthAsbcPw?<_>|r zf#V25LzAk_51-F8I)2mt&2)*RJNh>Skv=bRF>;^Udj%zzLl?5Yk#scYdsO`$={&c` zvhkVYZ7CzCZPMQr9hJpbmXS>zf0h=2TFQd!ZABa6@n<0Uh@Zbel>0QX88}y zHwhiQA*U}SYPUKpa{}tj@fKLY(W>S7$!yL$m|8LsJs=Zr2vS{AF}fqK76YfD#^uEb&Ctsla!LZG$tDJ1127aF=bJW@1FJ+x~~2_PZmj5>NvC#R@Lxps6# zn4~30x(d3JXU?UKDr(NdjsGF+m&wSuV2^;I0sPL#<)CPxceb(iQ+CYR}%*2qxf-Nj?_7V zojT9d(&6j(0{GqFoacdaRcq&!q*r$;McHspf3WDtm|d#m(>EnZ2WEb?SMVV?Ue=@% z|MMxq0z5+?VU-#4*=a+ecKjCb1`~_~?72=$k&_P3Rm0}ju@FWAL-HMo3J?F{gr}aq zS=Xr`1yZHv0PL8S&CP{Xbf|(+J7o%fga~-QNUb#2Z8_q>+W{-^1xifF)*_ul#CYGi z&ibh(M8}wRJQYN*0U?wW1&D}9c_EsdAZ^6B_PnyeV*FX2fI)o&Bd3tE-+uWEiB)d- z6Z!1PhHrlaXqB9RAjB*YsBuZX3vHYNpqp`a5meJj+xIUN+c~G@-gK`l|2f z=$8^_Ud%X7->wykr)c&>ii3WETbHL;;bs*mBV97CD2y4=BxsGWNk6n7f<%R1IoYII zRrUAHp0A->5oZwT@w^$hKVUZiI+Q>@LvZn~fEsQXmQ?YN+2y#;S{my3Y$Ez|=-Sh* z6uEQfm*iOnM5WIHvpj5#AHC_;<6V;a$Q+%sycC(@UkPbQw6E@2$Kz#PQc${uW4MUl zV#WXXBkVD#%e!^5$sR|uQ^ASzcY~>@o9g5*_gGa-9wA3uI*phM&`2kH@X-B8$jMt^ z>l90;tzXxl47i=!|H!~)FE*Wc!bOAjP9jQ!G8=6~*f?pNpH(~eoq#|vi}{HI>D6ID?P-%BaXhnZK~`DbIlCYrct5*k|1i&C8B6CD(j* zL#?k^dd!xxZ>Ng_5^VpTbf_Jz?h#bM?5N~1UIL`4hS6Tp>YGN5^@60J;x8(I%$bEa zCqJJ71m+y55*-i5{H1y;0)tUNGwI@X@<>uFk!}UBpKr1%fB^UWRZoN6|dna3hu= zI$=HG#V1WTy}rj9r?J0PPshp!{|A@rZEW! z&cnKWuP?XrVE=r4kq9g2gk|;7;vdp?_1|~ze6z@Z+R=-^*MJJv!P!|37_#4FE_3zw z<)B-4xx(I^G-YRHG3~fqwVb4~(@jam5Sk%8{Dz{9w=Jy4q$i_$Yr4d%6fW%r6NTO+ z5GqVLU-nNDVCYn}*XJ+?Rfm>Pp=CoSq8mu|yi5*^pPwbxz+-aRv7U0GJ6qSGNpOsp z(6xCngvN@TyU?)xd0WSrwIt+rFueRUL1f`tRmSKcWR)6t+@o*H=pT{W>PzftA=};3 zgYs;_lk{#FN+!&$2a}gt*rBH!+guy=F8ia>3kbf$PfEMC5lpvPU$xK^SmHjM<`WnB z+w3`9!@>p?NX5#ZnK-z>`)f4GW&hIMpAezpe#O{ANVXp32>xC=!M8VV$y0&$C+l8i zV2$-Z=1tV2MOY6Wxn&V+ISKU+>k#e1GEXz!6rytO013@({eNYgVEGeBQ(E^>;nfC(}2qa48JZgH_6*Nv?FY5^Z96)ukd~Wve7RtZ`-g zdC;z6TbYwhi=c5t!PSWKW^-F~8FJ=)1@*bH*7)6YpusnrB}KS8w#0N^_y_i9Q`ku> zV_PwijUK6Qpu4JN3LsWdN|{})%Us`$FWGfm3h!9Rd?JQ< zX}~+Ekthwvkpc*!p=SQ}czUJEnr zVZZF~c%n95^_A$99V9)?3^2`*909O(a1G zP5tB1t1>xWOvLy*nmyh|lvZ?T;GJ`npmX#sj*?*bzHjaB?sj;qI~6MA0>QRTu=?EE z0W@|RzdKjm?AVrt2?;ai@$39-H^AF?a<VGA5+Q)^_G-_p@L?>L= z>YAjo#8Mvaz&E7hk%lMa~qfvE$2pNssc5IS50^{acyj`A)yNbQTYU zkiFIA7z`An$P{w3=C|YU;%d}mp8Cz-E>#RPyoSA+Pte}%oOb+^Zs+*8WLQVUeF>4* zUhCijVm<}gO$n{2o=#{UX0;XRf3vH!BCInP^`)I_8SMdy zRZnZA=}o0a>9+m#KFC;quYa1Yj_izLfJz?ASbxDLK5mUg?^k1oeP{6_-qsn;%7Rn{ zT#MB^n8K1&S$jJrFn@l=ViBD_-siL&c9#~1u7U|YP-_wdEUTWMd^6FeC|#eNZwwFO z-I<q6BHVL%(Na$FX)A&xu+epfUkoo8LJH-+8!Nwk?Nm1`ytk}d3B zypi&N`mqcd;Qm(L6olM0Ib*Nd>f(6hUh~)Is>7?Hut_bX=5)sYo%-c4*pmIW4~ zi_~vKI+Pd_Fs`Td$XEKX>`Az*3JIdnxiQ%OL0e>udC6@C{%L|LFdIVIee_-;WpQ&( z0~gkxo(An)-eX&T>{|e$N)a|M4aK{RK7`!lE>6yBD1tH;n zbpqPQl2Hcld3Moyy1 z_q=&`Tjf%_9x=*;Q=zHxh`gkcILA!9qHZZ}ZU8jhm^d1`5<5Fld(~8h*YsvYeY|-; zCkfw2`k$1!uj?nBxF_XFiDI&Exss#FOoknFb(hS;E`~oWx`{Luo;%c|pt-(eLI_HD zL*WFQ8D7}Ca3rp@dqSEMHmtees8q?Sgw0l#hqAcQo{^NQjG7?`*Qz~v-%(%;IQ?KT zi!>KIR*o*L!y>GBSwEUYg6s0c?;t?o9E*DL^|Q0YJCJcrJjsGZhWWI1ss7*o_H{>nd2@G@}ZvLk@;(o^#z*r`{)Fdk`32ycYIPDvRZGqvA#0lI^8<)WVZH z)w4V13}vJ-7dP=-gt2x{On7sh@_o;_n6{}i@p}?@c`W(UGC@6^7g!TP$tA07A635*6<=<5$@K#kBrc$XD2pL&ZMh z8;)mU!YoIVY^AErGivuP^Y7T)%XmTmZuq&8Ut-H^)pEzo(h9I1-dSGt4W>rW8$u#X zGF79w%lY`FEtxBJHsk$64lV~_m26q}l_TJ6DHC$@bM*?_gHnHQr+Q3&-#G}|+(}5w z{g;Jk-^Lnd`q#3BQDLZ2^)ZHz>mSg>Khz&OJJucEu2)U{=THxx8gf}o4B^VDIekQM z!)q(?k6P311o9O@#v21imNId)b(pG}%Da*~?qStJQIJ#~WGSNtSs5_jHiQoG+uTbfLlIy;4B z{e)~c%~Y{zx#QIFi*u|~6$QAHa}AQ+9a5|vx!(K{VP+Vw_Yd2wOgyw@K^b*0OGwbB z8yy%+&aCZ<*gbriHu^0Yr_D8dag-qWhTF$wHLa#s9Ux@1{m(|**_j%0*bLj%E?MPdqB*+9zMcHJatldnEbtWAjTNha0D`|0l z`vYZ6Rhsu#J71-`!V|zSl z4?0*HFZ^2)n454`U)*gwIvud%X<}ar>o1gV1j!rTOOOW;w7##=QNWT?;WiI0ez=+|CL#`w@H9|B^x zIyNfdj;k$48RP|`-$h(zse8Nz&ww#pYbUfU!Z?2$1(WG{+=wm!PH54egM|z8lZeAW?R`_PLG=ZxYF@r4cXrVB zY4!Ym3_FOBoL6ek4uTCu6Rn7>MNI_$vu*+@xxgq1n~lo)T%nmVj@cmZE`^1;H1B<@ z?&3Xf^=zmwhh5x>9~HW*cC!?d(s3rUvvGIIR0=BkPj?6I65RLxdm)BAAyZoSQU`J% zxI&&@LxOay(V^lt)WVh%LzmWFUp$G!E>md7(P!fvbTmv>r&t=1zVY*fik|T7 zc`CZtTv@$#E$d;Z%CT)m^1ux)M1%A9MEv6wwYBR8*k`ap_pUD%zUhd~-Cz>SltVqq z@R1FUr;OS>cXsg<`1DSptkK=3Oiiewa`s!0V@aHQdU&pe7n2M&W8DYWznRs78;mq; z)6c>PeiN173MLrGJZmg;0aZ1QowSzZu|%olu|&``9#QYt0rXPvq%Trt(ZZZaB55%zv}j0>AKAXi%H|#7zHVp_35IAlXMA&5EqW@A~&~ z>F@dp5dT7C@lU#^V;HGATSo^REuFQ498HQil&H^LzM**xrsAr~4lUpRqIb|X4jkdT zWnzGIntv0O-84(UIG-|Tz43kK(zl15^%W@$ad&s;8q*TG+6+kNi{V~B{~2&XTkk;_ zVuJ}yU)x~~%yAUh>mRzrs{{#7qDAJ`0p=pWxiF;LIr&rbkGMT3b-7@#I6RP06l3(H zKma9=i~`LlH0>(Hh#mk4Za{MrDZkb6HYE3Pd@9D@BRcwXizd`3z)0C7Yarsk-I|nw~DeuOb*#^B0=lI+? zEPy}GjNJpUa@Vs@-Z|>3H{qU8HUwzP^G~Ppw~RuY$0L&M^wtV*gXxWB5o)|W!%0p^ zL&ph(aB~Sc^TwJri~;9KO~SS1v6RW8Zixgq?FA-@Qsy~P$pE4})QLjU?b(q5$vs44 zNhLo9Q@k51jJn;r%nWq-E}_tv)Jy{6Juodxe@v97^YGK*;ze;@de<^TH}by@XTk0) zWwl*qr=wvE10@oKCv6;#Z47q+9a&^CL85b?u+9#hoG}rl@o3hS9`p1fWt!HKa3e*} zo`Xy4bdyq^zqYR0&r`guNk@L;0(tEMPvLk*o%^IDp;yWII=e z)%&g>zS2Fn#aws-5Ht+{ql?VCyan`l5HR z!#NnU0(Ktl&N3E6G$}ljO={58<+b?}GUB`l9Ccizrvyl>T6PXVf(8(t=atQMB))fod#;1I#`$5An7?MN0rd4G`%Rdj z#8^@X5YvIEujem9^Y`RS`+~af^c5B)JAWe2vXrSuREVR_89+b3<_dkhfU#QBiL(Hi zb@pvN8+R!|g*wt7V{lej`GLiFw^hPsC;q>&JY?k zk}C=F^K?2LE4D6A`e_<*gZjTJTYw5OV_|HwEtFt7CiJ=S=bo-{2 znEJ_XZ(^LA+za_c>;oU{3KTMwiGxP$W`{QF1v(%FsybDGT8LI zk4hL8Y*d@Y;eVp)G#GQ7p{s1d{0nEc+2_f*7FJZXcJX&Vj3A&_a1go1FmaYK*|Nf? z@Zh~_AKq7~?bImGw4seQ4vj<(BOuN4^lR((m`@c0X1WMjxUZkp}( zY$8V?IglGMIS{ow>0ai4MyAR~tFLbyQ5}Mt>y9oGz%bkFH@BfI*S?-@7odpmj#4)^e$y zg-WN^QR$J7($G)5crZ5G(}GaxcKhs&c?zq5j&DlRqfl<@B8;#cY&waA+j(-yz8kh7 z8fr0%E@-Cplz0;}0$nO0sjoHR7!%aAi~7^B?HB!_@We1uyj0zS_qyRLX*Hm{{o(s^ z>3T1%gDj`Z!{F@xAPyX;x`PzxYoA{c zzy)Fz2JJ5_~Ok+xM~~ z|I-u~Qgy#}6ZHYfIg0=KzenM%D*9OUUGC&aI9fl^jt!eEdNqh1tM6Ly{eI@FE=+08 z1#y$aeZ$Z*p{J|I$bC?LeuP_TXueR$->F;R>e#<4o1b6`8y0Hj6}6cbaxsKgpbWFO zZ#pN$)HUqDc~IF#usNGa(tY}HVa;8dvS9+x)4CZwW#BN$=TC%uNOn}OZAm?&?Sc;uwZ4qRw`9{p-Ex>$l0*NlI?_-S$69a}!ZNe}~UceySC^bg`osG~WwYqup5a zar@iB<@2pJ2P664)nAXCjxZ=oYzwkLyg<9ZqP-|2m}q;ND2P5g9v^|6Ena`(oYH>3 zb|@;k<#&~p&TXCL0?|I+lPvv{JEim+s;V6iD}lxK<*>%t9zdsUpS7Da+%LEFl!*=| z&D?&P#M*pw0R8o+%VV{B<$bm{Bk;%n@0ruA{gm!QS872osGd1D-l4d7Z&n#*$CeSD zs)QzrlfyGn5cY-V$qLo}?=HYaZhM!iD|c?o^MgKF+AL2fU3_`!=GRf6QI87iw-rAY zvdgxT#QWpmZPeIwzygZirDJ=s?Pd$*MWk(Reg4isT~V9(Z}=0ce^-@ti{o^J6^2$pU zvd;6#m-Qop*@34|F(p#N)09`ULD($+-zwa{^0Yl<@cSG8zD$tjEHIQQgFe!s|9ez&wws@BQ#a{sjuMuwF|BKU(%*9i8$ov@ zE;@E!6^3JyU%j6~^!vN>zY%#$7;(qA)f>Cj&8Vhj?hgwyr&@P1 zH!3rZ!F#_B{(o1ew{Z@focd9Fd-g6uT4~%}Dp?TIMNiZTcNWKeyoF6+@s4@n{#xfz zx-l(UnhcaWd%jr)^N@bl_2(U-HaZefgZh7%`pT#_!=+o?U5YytcXxMpDO#XVpt!rc zyF+nzDDLjXDXzgvAV_d7J>R|OyFcP?ftX8oj39PL~VYrJL! ztzs2wU{h^Y{oUW|rpCi>nnYJh=RSS%J4uh>;Oi&fZ&h(^(s{VJ`r{wl0Y3bLpZq`8 zsyzR@-y0&aWE+F|;n#)T**R|K8Njw6R_iQa!1YT%YJkk=fdRzV_)3||{&U=m8b!5` z1s@RKU*j3MRrf)zQ8i%fb_l)PpFaQ&2KBhu3U~1NBlD$-C4*9qmNUy4op}hMf1OJdZ|5_HG#_=k>&^pNhnKsL+Ga zcykbMVsSAzd17B~eaG;9kP@01icb=ZOb|1l8%`b7EX<2FTFl%EvED?vqsD`ap%q441)|lqxDgXa36carf6o^2PHq1?dp6zzBmad5-86_;C z8O7RVMr@7o8S=qmu8MGa@O}AEh=rR|j-lB*rNeuO%Wj^tQlxL%3BNx)(V4VVF=iv^ zkj_mem$_cfcvTL0U;UKYig_8Xkic8{3vneiMqcfw&pC@t>^4j*zjSD#vRgz{66$8| zw6UiwoUm4Y@d?vE11vp1rknmZRGka*$USRY@*sz7FOKVH!?|-n+*JL% zi@+9m?2Ybv#UlAxx+1i)oG=~uVhCL9?OWI9Wd^O^|9J@r z5N`_xs*O^oSjO`%VUD+zC2ue4(C^0KN{IzyS3XlL!$rWz**jO>WJqjS+tE{dl*}D7 z*`&-Q8f|2{r2b1Clm16G|8m$9y1QHxWEY0@Gs{wt1UPSX)JLv$;3p{76nUSErM`?h z^>n_Mf}(spWnCG{ea1SE-k<<&_vI-#P%}k=@IdPvFv&;WAPq+!wvx9f*~*qrb$S=D zre?)==o^6dZ0i^B{$n!&uvv;_Oyo=_^fRo@qLAb2*(a3PEB_sJqT3tIg48*+=HtKO zNn_0T=bGoDYu8uAvB2b}d7bSJsBImic1#`3$x(KPiH}&7TcKQ0(IefPBg%N{M=CbU z7jR?MVmkCBRpXGIV3Jh&ZVHTe*Z|9avrqyPFjX_9xM7};L1_?tL?Ju$FVSdrJO4+U zZ_ssiGdC@mhEs5aaou-p4D##2zAZY2lad=9Z&eE^8L*q*Vs5`R@iA30?Xsq^u~5Ln zTaz@-T6h@)0p6<2SLbv~W{mys8ZChVf;fk!q50~~4D=Eyk1%w1#?6*RLJhgh3I#2f zE5FR2R%dMN5FV7xhN7!h0sb2r=vb4-mJR-Hmh!WfkO;IW){U+U`JBaVL|_6Onr zbZ? zjTBVfT^K(}QXguMP{7~z4k(-q3%o z84#j>uYq{Z>ejsQ{0uyO@^SD<&((FZwZU|@@4qDOkH+C302(k<>k#?j|IdBopxH*YqKZ$1$d}^Y-JfZ5^_8oYU(owsy07J*Hm#V=38wV05-pj`34lXV z7IjGR3Z~cFbtq5K-fK>Ny}_rrV*>;s7$MAkTSh`xut9Qu|>%exzmPa=mtRY2FkcK~=pF|UjD1CPP%|?&YbU~2b}hKab%kUhzPS1_3=pSy26-Jwy&3%$KrfY(Sg?9RLxGQWS8he} zKvQ#5x|rSXJmEh+k71@`G!pI_rD4W*;77OLxd2F#r;kOGn{2{+zpus3xj#{ z%@=#!Kp}hX%?O~{?!(U`_hXldRMTmYl}BbzxS zgU7rXESJ4@ECI4LFWhRQtrRrPuqp$}RMCj!G-9rWkSUD1$xWtYvOM%pfZ(Sat;f4q z{uiZ{-}+IHb+hAjw)_dKGC$&laxCO#2{M5kpaY44X8AQ3H-2N4WOL@d*1O8PS>g(E z$XGVTfk%PCf4-0oWAP!(s1H3NzaqCye8{yDRMsEh--V3=WE(9-QnA`%4D|?p={!}f z*qB{QH{l)e(tVI}!1+%`1F!fltt|Jw*XqR2U^ACV?ddFWXW4{HgCEWHMzX-(fcP;^ zL=`s%cta}q4G)-$aMHU>_hI)5Lg2p6g*W;fPV}AK%QyE&^Am!buewE7cEQI+4BuTQ zMh%+|I%I^bpwAifd5*?b#$cY%utp<_uevjHAKDEOcoc->+dF zjiP7+RC2v$tvbE~_w`RWl^W(0)Mgpes;#J5y08fO$G~&+wRvfwe-+|eIO=Vqln=Jc zgWI(YSf$35K+GH_dX+{d3H17;ORb^#%m>{c{$MUI_92I5cZ58GTD{F!mg&+1MOP=S z70I7h{<@i|vFOy~oYsE!Y2S2R^{*P8uf-ERqY7Aw@9{;%l~Q)xlx=*7+x+}mtONpJ z7GI3Hpn#mZYLC36QQ;dxpcKPEcV9dqdsfOYe{5gj?D8H=QU^@ybDjMCtLFc6Z2}l{0BWJTxRTK6a}UMy_W}EWQE)hp)+)Jt{?LAi&9N=a zP|_kQXZg^3PiLU00wTS7YHor7TO<-$XbQI5s;3UeSd^AykZ~gWV?&j5?%wroEX+c+ zv$T>h9+dc3zQ>z+`Q@0$Mp;0JnfKek>F}(YhNxmju4C z8^P*CHO=Th+6cQ|RF}f44@|dMRX`~PSgt;&N*%dV!AsoMSBdkHpa&7pg#S9i12g+9 zWm!Hgoq#IVPr$FQ+O@R{zp)icTY$PZ1map&BF$GSp(c@{VZHEkBl%~tL~GZ|Ex~^ zvED8;@<{HDwUv5%py>fBpE-2eL$bDcVwGo)?ld{{zfsoQ%9LIA?*^=@w`$)_7Bv}h zjdyq7HFKumye`xaG;a?Yrni8xmP%Mi9(+F`C6<*=__)-aIo_!UH?-To67E@LxH7(i zSoH>=hI10neUFqkhw3A%CkS3S#2@^MnT6zMU4e}Up$+?eY~cK_-lHggkp+YQ-nd8a z9uulXIQ%t`1juvEa_-Cp^W>GgX!?-4zy=w;gc)g!Xz245v9OOV5jV))F1{leL>M30 zV*f%zSiv`3RYNq$JSr+xlF@^$mL*Bo=cK<=ljR&nsatFKPvTAv{E)BjXv}A*+*G1P zN`K%J-dX`~rKc*|SDljU)k(F;Z=WNpVRgD(Uwagrto47i1{RaMYF=TJ97c*xb&D5W zhBrQ*-RcKfhJX7moGDEs7MCed{Dqfts7vmN2i~lgq4uB)F>~zY%kFxo$8JHEZuh>} z+|WuOJx={GV-RODG&*#)B8&&@%bZNIM^Txp%t9b%^3l!Pw%2mUEOJ-1C5Jkopt%n$ zCNH_>G}BtA{MMn=A$zfL;Gl6T=^kZs)s-NK#mDn{@!|0Q*YS5gAFL0SeA|y;$oGoB zdf8TqoFyE9ozX!|pkqwKw37VhF2C*#Ev}+L$oHTX#>Jw67`!Z=ksAuom$I1CjjF)5 zL2j*A5aa8xs!jY(--zXuOGuxBQ3>;-k;8bwe_MsO>-x9Ss)!YLu&joJUR*vt{g!aw=eU}QG>aOL1pO^ z4H;$mn%`5hVAwkW4gVE}26G(~;jvJyF~@LItsfXtVl+D~a^hRITAS8ydfCi}A>Er{n7(UhM8y@24W!9W}ZY z_(UCX_2!G}M?-NFB=dVuY^$%|!g5_J5$KS-c9NPKNAQ609D5O*C51N+_C~WdfIWjj z`s25-k9c;^pO-?0#)7H-3`BBeFg@$p$4(?Hnes@xK!#4bV8*1q-qnuT zYEhJqFzuIrG2ZFnMCgtvcJU-AD(g;Pg?QX!$@Dw(FZrY|=unU_-8aWdE^*68#jKFt zEeW1=r~3Bs?M+CR-t@$JP58b7+4;)Km5X-0AhgS=r`KVG?;l1|nj8HGHh=>a0|>Xd z@)Mk|`Bx}-%(`e_lwSGq2~!xmt;UV=c`MJbTI4i$yRZsTS?C53fmu@03Fj}C1+BuQd(rpdC zI4PKE#4%weK2Xp!pA56H>&#G5s&;YE!qrDK$zH`O_=c}}C2-51pz8tqql#>{%@A4g z;Ba?iavkec*L+DP8F*!J8H^N=Vp_U1KmKDAf4})xO_=Jsa=Kjpx?hwlFTg`TQ+&*A zJgNogDRy?#LJR7g5e&y-8JPb-wr?bg@E-`>lZ=|$<(ui8j@jf}TTtgBWoC&sEe0(96$1gfj&w1iRk5PPDva+LfmYYAZkVVUw7NKe7m5< zC7qislBD@~+5*Vd;+PZgfVS*YL*u@3lyZ86qoC#LAl*1<6hi}UqEb&)C|f<}qNpYy zKlVC5{zQw8sUie2EW$gN?!c?IMt6BI-?zWZYk!#xZ1@xja`|ETAS(a2U^E#6 z@<|S>keZpWr0&52@|TTQkDcB4+^@1(Y&D>YCs`64%@RG~uu}O8{2bo*TwVkXwzGm9 zz=@}SAcIphLzU4e{C-IVphUng(}uuKwi6;inOiiHU&4i1z7p;|6Bs{U*EU6fI0ExW z8iU0Ry>kVTAK9Cp^V|xmG}}i;VDRdgPd(Rj$uzs-rHeKJ0JA2Htz$Liyk-zBhOe~b z!D72bn9_0F!+E1>ZM@v=JL|puzbG{jovh&kgpm2X(JUi0W;J4!Nc}-ixDY;b<4XmM zwsPYO!#sFAPjWT_W3z+(Qc2*@q+(6C)IV-PLHL%E(M1g^^c^5pqHI{hT8Ah-Qd45U z8vOp5BZ+~bNGDLM7y`Pv{Ixg>3SRyy(_X^1YnA|6ZG0Ovn)UfRM)B$@mzLHQA$AwgW z*w+3K#y9%i1_(=<X>EOw%^&%4x`4Ejgu z9#H8lwIyjpuY4o1a)*V5}_S}UCF0pqZ2bY^WAUa#-QxO9oKlGoL}c3j}nx`EP5 zf@A+R8qe7{{u*9*xz;njAq@8<-nrz1yn`Gz97vX32-uSC`k(HoE<0l~PU%`d+^Uj8 zN#02|cl1|_t6?z(UiE>&hG-I*CnyRiOlt<1S#BBSl8nJBtq7qm8oSr$97mE59u{n= zM!@tg0XVb$rU0Nn?boMfF<@rM`)5hNn)71peDTC4DqJ^Gtm72*cb^Mr=X7Fw+`1Fu z-vrUeVK6B7DX`ECj%@y;#)NCtgX|9Ds_~q5+|iHLh%FjegAL`)D{q_GIF(a&&xe!8 z43fwAZ+H)2MxpqqBr_T>l-pimFr!Pb)EKn^{C2XVv%}o><6uk0RZ8xpE+lLXH4rvK zPN7$MpjqL4g>`J>zZT;+jY$AV4krb82>5><)K4aYJxcRTqSXK?dO?U1$VJ9xfT>5F9(tWJ;Q1 z;z-UGR>n3gGmcCV11m@Gz)05!LZ#2yb6NZl9O z7o;LeUHg{IlGv1>qyjoAT!6KcuN4*okAkk@x_jH-Rood6JGGX^#pb$sB5b2p4fpHm zIOU9CWMP_&%R4R>6rwetZ(-V-i*%`BO$KXz0+?pe*40owqtod=kK0 zz72D6Imjj0WRm2yhbZb01EyP)fN&IfPx#Z|wJxBV_NTWf*KuC32A3xElWg3(`ZQ~- znq2t6cgq=>^5HR;1c3Sy*0(b1dfS4nMK>OnloSO#=LPQOuR-ZXt^egXx_82-VQ2(W zaB@rSk3u|kR3vEF>S6O{l-NW(n8l0~T4mlWU`ut%!c7u6B7rz-DUA#}Us0@kkUhC7 zRMFh0Z132rIzkIS@tJM2JL);sAQ-#3t{}}26KaN?AmCdln?IVO)?S7SW5rndrC0nC3+IG_++t)D#jp1I@ z`>txX#DQhl2=`h)N^7EvQs`?r9P40|RYg2aMT|g!+_GZ~X1Y>$7YMOogPk};jlpmZ zR~b4p>{Tbq3M?GHu%eOvYwInSeX%B4dfKkm{&aHVvZVtG32yo&I5$g5G$|r5?-vqi z=6Z4(K4kF_x8mcdg0r6D zHqqE)qZs#zTzml|hul%V4M)BHd?1I^NOusW=#7ChKcEY%aR@9`R&vFbG9IbuD@d$@M(wdu4k`FB*R-WILV}|q*wYc!jXAm9*n@Y?WFezoC5CD0o&Lj<{)g|~-aw4Z zr($2H*`nt}g!Uk&g#D&7bLr--hPRC*z|C?SQCbfNhPYqIa5%X2#xMRG0^h}hZ2YSv zIYdDtFtwi?qADcy8vqM2{PiK);~IsLL0Y;fSYy@XGyvW^{qf_;P&i6~(u1DJ^MqVc z(8M63z2T9mO^%vMM~?bwXom(pMdKKSrdQzs1^3sU3}o$2k9Ut(B^>SUFL}LItO-cv zN@a9$%#t(^R(v{Fkkzq>x~c;XZ@fq_enqn|4%Iebd%xA>3;A-1F>XHiADdYXzgbsI z%~PZnvlv!71$vwHIadx>3N9Xi4tl$R$M}+R!dW673oX5};gkN~ zbCbGRt-Vx*!`-I*$$}fZRv&yIk(xSoz&18v9p+U>zW>|v^7)ZF#(Th2(}pg`H?KEQ zfdi}Cb1N@3)Qhb0)Wkc;HhNf6@B5hztG`DT?nKPk{E*dAtOO!k%!bR+ITgp(0Liryx6bIC~sl5mM*gMq9$^0pJUVemz`(k!LI(wh>Q*a-hx3;%;HeYn{xlLM{%cO=yV zlT0XF8_dF|Cmo3tA#^mH2{TnO3_&SrsjlAWGMPN6erjPHozR<|h{|V0fl#){41W!> z75Z0oUSxdLR-(yE7%lV{b!3v;`0yO$HJaItQYKMi$0|=8DJ|v-)j8;wIObabPJ}_m z;ZoEoJ<=HD)`cC48V~3v_$Q%k5}TAV)>;WooLV{Xb{y6LJ1&VbKpw5!vV&%XRG|p# z)jwB=nqTDC%>O#H$AoF9thrcvdzXoy<)NqqbG}Rvc-K9+(4V5GJvRY=v` z^T{;>u%Dd^#2$DG1&-KvNV0GwOI|h&8n+F{mcYLKDqEw3C)u(<%Y}Vv)Y&`kqA>8S?#3;4gv~8A9C?Z|3!&*t+`Z61|?f zl^R2uXQ@Tba`pv~kk2|kc7m05xaP2oBSmbQ8cQivC&N^UI&IOdVGRD+D;D^Dmm8KO zIl#RG+_dPGKe4pQs*xnwk}7q%^_hV#>HszXRZ~6gVkusoj=aw!pY@icx+Sx%dbb3C=v4#arBu0$32yCUqnzJ&*xd*4bS z@*VPvXcj7ZKRy0y5!>uaU_bH_BcaAad;7Zg>;W${B*?_B3h;C4su!VAY+h~AfcgL7Lxtl6301#U9hqK9x_m<-$U3p78vl-l6gMoZo!wC>R2ZOgOtZN z?UDqUy7t^rp5`}Ioh+?@RfBCiAxnX+Jds4>v@NH0@Ss1fee+y9zzi*;O0mJ}gS8)+ zl6G7a?I){T^>IgB?knMMM8UN_ut5aVN=Z@1;Ro>b+=*=v3buUFQ4%`F3O8u*TA8!K zZQ{RaF`f$J9w1Z9@~nYwz#5QoyV~rB&;_OW=@1~*MQ7kO^Q94HD2XvPpj8K#y@ycE zx(m1qJ-G%XVb!?d`$Cvu}iJ=>`-0it!eS{6vdabzgz z-3h7{3iCQ#kgQUR7fdt&bX)^VLObaKMSV6%dv7njLFzJm1@vdfAdqd&+KhI?Ja%4OZv>`g<8y4w&iK%(GR~l0U6ZxJivK+vk{&b|= zfO;syGaA$tb;$Nz8a7Kk;elO0M#`XFi;%{1X0-F_ zV&u>@H8ilXs2Pa}i?rNxLadQy#KV351bkUdrzq~0bvqnbG(9_7Py-RDC69Q$gSJV^ zh;=I>CfY?d#K09)b2OKFJJLy({0bQ#Z1?Fuw)=rO&GX{S`Gh|?kzbNM?~yb;?GCF< z+mdu?sgBD7mJo?&^)y6fd4RK`I+1;@!iN=K#}_2T0O~e8Vv7800QVZx7|2WJ(fr0T>c*yVAtOtF@W&TsC*&Di(APH7=XKGdMhY7BSzU}dQ3t^w zE${>q5f0#O>JN5p`)(fWh&Z%0MEieMHh+?Vg3x7ls{J2n9 zmNj&X&84|&A7e^N7-^K^QlTKV$Gr0fi=k*4INa5Jm>*s8E?Gn#Z;HO5b^Vv{<-|rR ztb4tL1{n=u)A^M$1;|Q&ThJBELYRQBA<0Ma+OHEcL#SBvIn9!af!sFDi_v}>*`Id@ zWzB!b((WJ6{i9s3N$KxjW~U%Kp-QFMS}0Q%RMuX|C02M^mX-3ALGaAD1mUW4sE&NN zN`<$}wr9U}^;e2g>yZ65q?1bs^ut8=B3AO~!S5f#^@clN1)&i?8o?*e%m{}Hm%z@Y zPuefP@@^lxe;F%(T$5~j=p%!+{|+0lpDx^eT`{%F0`ZY)aE;y0jj#PgLBsUMH@lcT zN!weC|AJHST-Oamfy=Z1+m@*J0igrm#nn(k!7L&9vD#kKsKS$_LCOtNY|-CzG^2aR^)y9>@?DH6 zfujx(mFmJ^50gacbSjUCH2Wn2`theZyS*`HHuzUX$Qe@sG)3KR_(b~qX%^4{8E0Jd6HZhIw0|-2{*r5Fa%1fKw ze#AqR)<;Y$=PT?Me{do;64L?Lh8g|-m(@+Yt(E~t+lwMYg~6$Yg=2yvU?FFX3U>NH z*7oX)!WTgKuLnUenKI7k#r4a92ibu$73{>z%_U!dg0NF`++{k+tx zs5$E(InvAi9kc)6iXmAe{DgM&KMq$PsD`p1Z_`W7cUIM8YoAQW5rrbEM1A(tgKk3p zZk#O1+lHAe&|a30A+X{Qr{tT$8RM(i>D&aBl`7P2f*wAxLhoXyq5lt1tl!O`{s}=?3F`QIEj51L% ztE8p!tSXhxOAbMov7=dIytvb9;d_>z1;}|H2cK*ht1xcmr`SskKY7i>ND-)4d#bQ0 zz2QnQ-lfbn%__O$GdY1tcBn`L9t8T2DT0^hx|(Z%!^T*eP7`_*x(xy6`@l1*aW`JH z*E2dPA0akrYA-zxp!e?pRqnj*&H|D@xU_9It&l^MAbxSK2Db3_vf}ad%8IR{8*_I+ z`BBN<2z9sYpH?J1>fcWWilYi(_2Th@O@z-P#Pa3#?|LkE$@wFHt><`{$lOEA2(rurk>Neg?^C^5x;PqsK^}PS+Mgx&YK-Rbqkpk| zZhjibbigmXt*c#bAU!o?f}=S|ZKypH@Y(848X{U}LT3$T&_g&6{Q&KivNrwdukx^n2q^JVB9aiU@%+e5>i7EWZb&Q zgN<9+Aeigo3|D8=8ulOzMp<&iGbrWUSeV<*&>P&CVR7h7mPV=Db6WV_kt(c{$Xht> zV)yPgnivYwFV7#rZo7T-3Q#_Z@*Qpl8{}(J%uA3y1brWS&zGD|A3FI?O~VF_jBfrP z`@1uEAVd^^I!Fn4@Zou^);6*QRXL5_-K9a-r6tb`)2^PSFfY?D#c!DxrTVUBfUFyK;!6gPG=WR2pRoysJQlAds zHWkxn{z>L1*3~8A$ouHe;iQw_380Dvf;U5zPTv5jt+P))JCF+s^A_>H175e!AC5B& z2WdKg!}ZG=T3=y);FaUQ&wSDSbH-b{K4knKN#Y4bwaZOA9E@IaDIOwTIh?JpDN{_UO2*88OY@*<)Sd_!b@(HQBjo942z!KLZIh7Y{bgL6_@G1+Av#k z!r)pJrsySJ<`JzCf;TOe?x2oD+W=I&ofwn8j zWmGReA0PTb6x{pxb>jckJ}#agLu^f5LP9q3QM4f|!F@FfVf6CJ=v+E1P$aj+6}Un; zd2n2Y>{@y5CKqBqh6*8YHJ$sBv*KVoKn?=}DcLz}s1`KZf|w9-0#5IjKVe}M7}6w= zRZ!9`Y`D@<2<`==)6+at2cQMhzBvA##4pj;rLfKlT$hYPd*aTB{WNK*l6>F8O>3#^ z=ob(3$b^<6+{a7o{xHpJGGeven;`1D*eNGvXNb_x=wNt&zSTau(-&|BwEiZdIia5u zhVNUhV0GE`sRF(swkB4Mps_Bi9bCM~Eps4=MkwTG$xS@~wb_LAQWwM6z2H{0?YVTY znsC@1~em`T5<7`_cL72tU)Z_quxJ9=BAbb^~)usVH(N~ zt*dDclhfYY1N(36b3$ni7(5$1Ljb{!gE(#?kg)0TAI!}^D$H{h?G?f|BbN#jt!NWYl{+yp5?S(0Y0o6nI*OsZ!z6tGwA5llM9Ph#~X5;2M&8$@S|@ zNI5J{U%T<~0`u(Wkn#=Mk_ruu8QNV7vesR7v9vx!BLCRa*fCA~>35(W!Ak=6Tym28 zAS4vJxx3`?&dH7Dk?$wD-Wq>Q&w+<6ooxyD)e6PDGlw`b7k~3bcOetjce;^%yufdc zI6-|b?`Hn130*#Z+X9Ccl(hH^{EetAn5n7wC{bs(RlV1}l7=zy?aD6a+l#$y99))F zDDTMQliCVF*9s+9ljMJ_8J?(O#SS*DsAcufYUS z$1v$qm?&7K-P^SYP$N8UChg`c#TN}SzsBzB+OhqbijN5CqJ{9K`6B^Pl$t^*@j$`K&9E+87&;XEn)zVTlb-^ob$C!$^t`}-Mg2Hj2xNcx zc2flJRzT`F0Bto>sq_gmpCa}m{kkMj;DywJp|K`LCd zjXd@)Y7Mr2HCT6Zf|r7E4?957;V%i#`%j*}ha;cB7qCK|%(UjNH??g6q0#tec@76;JLUetCoYsxB$srTPpm(LF-2EBI@m=$3Cj7ok8m=(CUlOKV%--U)* z%2kVw&|Sk=UE(>1HZMLE70rvVsL(KkkrBBdo!3{rYc`I5g{-ap6FT64PkPUsjjE$l zFJ;_Pqq4KmK+ZVjy=U=yp7+-wEl6G?#+D1k9Bv4(l|zBA8p_0T6_$9O9^_g6Fk)-uZ_?*w z2=`3pQ%M4drJ~sB!E@xzA|jRE{TUY@^}xA_LK#@^58&>;ZkW;r>%ajMpErBnj;O_% zIHH*y0g{lL9Y`IVY%c{XJNz<`h#`7zUd+~%jj%SsDp~Iq=MRdx#Q3;B>q;|5oqCOYSRcDVZU1`*YF1X z$w!!-IF5%$)=K8S(Yy530S;Y*H12aqcFk!9s{cN_lOW^$yF!7LxYKs9t^+-Xy@q^6 zs!d$*gG2pUWR7#qZEdwsaZ>=D7~`^?NA+P@VMNXS1t@VRH(B`ebL(W9;7}1>l+uTk z^2X_cv=Y4p#niOgux_C|ddm$|y3X=OX!8L2z#mIN5HSlgJ=N4!ajC#y>;@eL{uw#+ zbZ8W++2&!#aGM7!=0#vzD2?giC&zMm3z6%?k_B=e?q0~D@6lfLRNW)*Z~8=b?7#Rh zsk;S-G*kUY4L`$Pp|Z9|vUcA<@N#QVtC0wU1$AlIHyG~XAa<_RvT|Sch;$yR07m25 zPAV!?fpa}K5CMO(9{t9K#vZ+5Al~m9hPcmyHye>2YBs>-9JLT{Afr;=F;h{7ytJ(+}@W3~os6(gp5La>*RN94=n8tDqiG#6rY$Xq z_Oto@sEl1ziPM_tqLbKh14x)>{bCg|9ukX4kLAkzSN8`-?r4(TWem@NyjOEU@4(5SFUbkCno(F6f38b0D-}p0WKc$x%h?_7CZbnP)e9p54PCPV zF6_PG>EW|wkKgmGarv<~Gn||>PiS)>11y6QD7MmIz4}{I*ZdSF1iTr-AJx3Qu&rV+ z1Lpp3Ju%Hp@?^8G7z5vzJii+klVssv;+Tn#x z*1dz{a`*v7RVJE_`3*vT6LepaBlI5pH1~Zu((Y|b=vdpI+ipt;cs-HlXd(_iF6iwX zNf7B6Afs)1DronL(>2uJqsnCeBi$mwfulvio-I$;lw_70MD%9oh z79Yc0cV_^zls=!Gy;-~w>5)6iQK=Z@Iv*67Cul<5n+S+TWLqOteDBpBsSF9B9N1*) z07eqq8{vgVSH*sd=-$zj`LTt05U)>LhAU3S{g?lM@Q?LrNXjyV_V1{}#|T&Ebn7)> z?ZRiRkP=85YMeT`0Y|Olc+WSv8LmaziF?8F+9)_!uId{PK5Gr;Oxk)HN)W2trOs*Rm)MDPRh;I@ z)O0n{A#>R}3!QvfNytQ9%0-;q<4`q4X<{d!sGMJKBavq~tajlil&G7kZ^CEuC_V+u z1hwlAp^S_ly_V&y^ZmK*)9;4mEWy_yv8>cc|7fHeLw&?6QA6XsfcEa^=73Z0h=RV( znY>z^zyQ#txuHGu8^)vezc3KvaRGd(F==lb+35r}RFn}NUUrd+j83uEUhPrGJV)v3 zJPeb7-}2B4c6Ae;2KzOw@*N_QG#!a?cN}*p-V!p5X6FuWfPDR|MjQLa;YNs8wdkaK z3REL*n}3i*4%)WB-p>Muf!*%PCO0oJR=ta40X89huXU1k>@__Sb`mMwcAe#~En=Ng z)D9(Dc3&&<2C#nk-^v^P3_G-%h^mguPYzV!uHWIoy!nD@rvVA2HT`{vF0G3U#z)+7 zztA9EsEzKY($Etrj}k?1E)Cf_)9=4qWz(fBk*C&kfj5SrydQ5yl^4wWXsHtRBr%Ln zAN|a2d}Nq&{(K9e#mlgW>LqHJ*Byp3$71leh~Xie!T5lK0{xu)J-)=pzMDC5c69m} zx`{nu1(XKu2^8p$XR>o}Gq(Wk5NTOUsI^ayrsTT+vZYO1_IQhk{cS*5LcIp{F(w6J zFwhX&vC6q~{xbDXvEV62ORSDF`xExlAlqq6rsxh-jT!#BLY(L#&7sy0HSK9&P2V#$ zaE~Yt1x~ea#ov?6f{AIena%{Qx5_A(z#Ub5##SNCYP>n_HOdR&5YQIQF%vKSKOCK7 zT%=zc$FptQ#%6D}v6)+K)@IwbZP#Xdce6cVb4_mYGymsBujbQd?zzu7*SYljULIki z{_+slPKEqqjU+#hUxZ<=u~i+eAD)b5nI%IA>!?rx#Je6*PTikXaz01n@-Y4XhN%7i z2{j~InuNsH4@2<0{Pr{+nKjxjc=k4c{n!hg0L?@u!t3Rx$^TSl%fd~90PrOU`hAwt zKYOk~y)7Rb{UsqP|NUk%@Px5@3&2d6g}fLb!~J{%+XV}Sww=^IPK^@Z6r9#aP0T@4 z|NM+GY~#$FZqnqVV*iTzJALf|#q)bD+#2Y=3%$Wmm_x5yw1feTtCW-*b1xVh`0zUu z*YD>Pu!qgG0=K+<=&!lP!KubBSdn%cXJ7Wj;w@Tm3?-tUNgkhvg*kNpRwG7vNg%%Z z(dF9xvo`{#EpH0q%b{;cRKDW$JR|iKkz3QUS;JnnOByprBmaE6AS9g>6-e$jk8KqE z{TEXGPuua8GV_!H>T9li+F72j5l2CJKs#Hr9U0lz0p=?qDp>6dcY@Ov=dTks?i1H> zGQp@>gY^OgzYeWayUCMH6VI#Jm)vx?`Ao%7R8iSTy_3%9NDWe5vKu zB`|AVa<^QL?)5wfB(F&rD6lcZ!o-}uA4xNZ5a1Z)%?# zY`LV$cqkLkT}sjYuc5j-ZIOw+bNd|(6#dXvP%_Us7YPb{9fcEnxW@}T8Rsz$@D9(s z;OksK@PRG3px*Ib0N-SSZ%d2B!t>{0nveERPdb)K)ylK|s3XVqs2Wny9y^%}8`1L7 z%9em%Qu?KjWWNM`Ue`Q+VdT|hV9>n2SLuZpA2iG3!bAkRKw7beLU&ak!$MS6OSaIb ztRgU*@^H~D+0SgyiD9y-=|S2k=4xa;3G`=q_fNL9yGqV*q_r?gg&a@AftCw<+dYBjqiN9#;W%E6frp>SlT#z?7lEg{^J=%lyHU(DKM3fk-)v6 z@&9DbUN)8c0VhReiXAF7(3rOI#UuVlWvzX~iA_zBKz+)z%*eDqmfhvcqu0u!J3e2+4g ztk=rpu8ua#(yZ;eYpcFlH74DEMmlaZnRqy-j5` zgS##MvjbPA!l}FK=@@?Ei;qo104ZTjF@Lm(!6UY+@vpJLwrZ>6;uJz1#r$4FjwtI~M7Y&|Cq@#A zTRGpDI{pi>@qlcIldqkjH})SD;CmD@6ktC_Pj0yiklhnmlY4(UCyXBa_G$d)8A8!i zqEc^Op2Y+|mVKqP)lBhYHWj;QzbjVgg5$@X0pLJv6{;?af;L!bA||FKu1uwv0xX&X z{_bk!K93y z-jZ*VQ$rviot3?t&|J=xM)hHF^YWJgD}=Yp7k$Rid7TI_JTO!QHl9^c6?<=8sKJfO zEPB8t8Yjk>^<;H_`=-^t{30#5q45bWoj^!E0}$~=EU^SHy6HXNL$t*cj@HXxANkz9 zRT7J3?C$W;Lk~G;CEXHxn&Kc~y)5BezWc-j;tLvZE{yCk1Yk~Wb8y}NINaGUZs#FA z77iCva3z7jRTHgg-qNoeu4_%YRUFD+pk140B~y>Tjq9P|G;QdlA}uqUJ^x!tgVNe^@c21jzGJ-F%)3Fx zdD(%zT<@G@*%FuY?(L{sxF{$nbcZuKiG-rG>Mvb-^*zo;n6|YC%VPJef+p8669}VC z!F-hAfpE(s4lxfeDKRKT(mW-F;veCV)=CR4i0EL4+9RR_**P5L-W7tKc3l*nCQFbz zaT%2CYjI~@OAEQhbVy?3sJXxVyG>(2QF&&BKkZ8UD4?()7B)pBm#u=yQ!=<*Vv3PHrH>4=1IWdiTn1VkyNzcSHuxZ*B2#qI2kJspjjN{D=~ z5EzA}>2vMfyhv$gmFez}VW?q$OO(HmQ4J-&@o+|p+Zv%oH{lp{*c^FR>zR_0sxZ~U zlComYXNB5~A*CFT#&kQ2B+m;-KB|e9mnlzr_~Ax$IhXtsZl9r^M3%HQ;c`M({2)dk zn$N=^$h*QRg*?gtn6I41syx)CW9k3IfSFJSPm%2{E(l{X|Hoo5HE3qH*xS^#z36uI z-diqG>JhssXxm>^)OORM@xp#{>?SK(5_ZX!59XWPT(u^8X2Kl$C!x;3ZqBB))gObL z1~AVP9AzDr+-IPF{&}5|uWV1Kev8-0ULQm~BrC&@e=JpAxc{@Pg z2#-{9p3tQaBM7Z!;Z6)hlq{f>(?Y!Ba`dgU!Jo>6>a+QG-V?^^o~Cvek7H0yaG~W|A&sH_gfuE?>K~qZp3p{VA1B^V-+Vko zBwM|SWkj|~^e^AC+>)oJ>u_XAa7~_%ems$3=B?|>w$pIj1x&bQ`P&nr%#~lHCx1BP z%k99?;-p1~(6X-3qNcs&N>p6pvdUP9q)wrpD#RJIsf?j-ZYrIsXv4SHtj@(~*Y&C8j&bZ|MUPH*aV=|a!-)I?>>KfEIW=IUn z69%IHTG*GOv5@)nDgOHH(3^455uW2;#50uXK$yrMz5Q)#-2b0RfYnlzeUDboQQXsg z+@S?NCn^7cY*Zfgx9UCX*sHHK6;9R#@}rI+z4S>>IBi<-aLi%DQQcdOGwz~4w&Qae z<;-$qgK+_VqFK~QAs=-&iI_E`Dw}>$4swnw6zmu5DdaHqA`ov*8CbOw}-F(gp8G7R>UB@u*!!d)8%y+&ihHB`f32`wK*530Z=H+S8l8DeBICOU;pd7Fyo)$HrOa1t5RC;byEiNx+#MfhU}GQM&px=hAOuCOkI6jnSPu-Xamzy6)fOmBl323fvtn|%TC457!GY= zsSIsF>|f?kEX*5*tJc}2AMhA$nw2fmy{L4CoUAVD?yt5xh5+;yfE_F;oAjn5Vw?Hr zmINj1IZTD$Nl@i1UGkz7bGNVY@QYo9WAXqFavDzrns+B&p)Wv8H1YL9^S8QUB$6Pg zgb5M?714_VL00G!akrUS|8gltjpc2ucrq)hrJ{=p9){?Jzn*GWbLEGOQI?buUpYdg zP~z;x{z6XWMb$GU>=S7H!kO$alUpdUIlAH)+Qb5xO`mlh!Gw=Cn;dg`eDPAXNrA%6 zwW*nrV>r)hA|TwvY7qviM-H~U*;iUo32Y@Ey{Dw2U0KSKrj!LMaxxe>r1+#ihr1Je z5HmuCcYFWqCInCSv$cabDLwMEpOZG>u<6>A41qi6m}G>9R5@TMwtsT5ABJQLN~GC! zC>+?O2~cX(tDL!U=`M&$A?`@wbkVx1Src0EsU+5t%I+0ojny@ieZu3<-ThB%$0@s{-QKofwkCbH!y|v3 zLb09P3!@=-rXFd=sU-Wof$zdAb5QQfF|k^=TzLb$UwMwDxZ6V6fmx+Ay*SrQw=`qz zp91W`6Urj32VLF0R^U3FTzU<%nia~=dQ?)4LJB*^n-)E^{ItcZNL3EtnmW_?1D0#@} zb8Tc*qG`ydBBJ3c_(NJ28aP zS(_BMIW1%-J?@E`fl^rn&Vv{8Kql^vdDh`JbzaIHvg4MVY`cnkn6nxe**}U@2Br>M>;veqY`k-Q zdXUAHQX5#=#$1^mRB8!MApskW3$uP`}_z4Th+_B|Vvk#3&@Jb|h#Z_m18`eQ{m zpC`U5n2ciqMK`@V-s|th3zc!d&Vqb*zk??Y-HD$Lvbbk0LA~G6(FRC5fVfYgf3O}3 zOzn0RPBr+t4d~v@4E{Zyl`x|^ngV?IUO*I{{{+3pr`sKlv^Bb$0UDUKj0Nc_sdO0W zr~PxF3GG;@!%F1St>$fq>9t5rq5)rE+wt_C7@rZOVyt8>3#>_hGx=N*(HeTE_V8F( zWj1my@ML3mca=%XsG>av0E&`}`9AVxG}_Gfx!`Bs;4P$ekjFU5gW|RE#&phkH{L!% zb1jS-<`f~To6#l#uv7vrT%crc5ei!A;2MCieEQ@HxU;ZrN&6()cP^rZ*><})V&{`r zIzd7PAs5G(D<+iU8)p3KR}Arys72k5Bp>;v+9GUQi=PC1Q1?vPIz*%OE*R3Ow$kNy zj1Xv=mb<@g8YW`YjTG=?(21r+>8JmS2G-;(w@|^p_!7|O>k@n#P34B63OOXm((^*{ zyQ!rKClAS5rX@LOn3A@mL_IA$<&PH+JEi=t(977fJS{=<_`=8Yfm>C(ECfs`-sGU6 zggdt1>TgbQaj4hC$4Vo~8^1Bit0_63D5I@_UnxtFlkFwpUjy(?&x_K(=b$j8Qbhhx zc~OG$3dj7h_SMZ(z%}I;<7$E{!|Q2%tmo3H9sWa!v}+_G z=$&PmZu_AJ1-;6qGqk2xqq@dx|1_IVIQ1{gQuG!-wZ%Wn%16UvLDF_MCCIUoSEiEsaSqn1+eTSzm$K`AF(QR5jmW;5OmUJm-epcK05X!NHSOvg6jcJ1u=-wa`gr? zEn?DoyQcd=!)5N{oKy^&l`ft(mDkh^bxf?8C0V}x(iT6^JLOr^W=Ihw?LlUw z+?!EEouQJCEQEe0p=r*+?rPh_MytT0X`oVe3fk;Sp^GA9_<^KRXIJ`_$&``7x&Xd5 zq5Yc!%Z->6oJwTe>`Z_sf>s?h&(~jEqmhrHWaaA>d$-y~)(MnS`mP*xFZKgYFs`Ob zFLgb5X*DDFeR-fUDZPv`{j?sPlwKPSte&S~hRfgDfefBX;|&PA&_Ji~EiOG4Q$0RT zPiGjrbF3jR1jc5iK$2+eCH%J_vwDX5)O4jiX@Ow+2FNM|42m_H65d^>R4mNL<-JcQ zBWAjNbW1zUVeI=7*gWU-lpO~BUW?q#@4wfDGvUK%br^^v6dDKgwUXe-oBu% zwq#Nv`LcoWlk%>z>BUjRXK`PecqpEqzh(OTN#aByUDaeDA}#;fAs=BFt!U1n1WRFd znCN9ONkL;Q9#PqaQDn8?5KWYuZ4M_7P^KFZfa(TUC89l#54LwTFzT$&Y$>hZa!rkE zmhXsrG#<5Xel5X2+ zsZGv&)Oe^bl=nMosQv}9Z1vWB%Z3EXjH_@dDTk@)gAZ%&F{N>WZ3@BLPRp3=lXU)q zRpjOz%1Pmr6qR>XB!(c#u`{NDmzBzl{IyHL4g+^=lFuw4dMILrAXK^7)Kg4*VfveQ zU73PML)dTOw3tx8V^fO1)>9!6Ts30fu z5jGrEjOAook?1q-K7MU+lwEYR0rMch|FMhHj9+OQN)AYH6irpc2qwcO2o6U-Ugosl8>wqBVk@`;x;qW%AxyV& z>wi2xO!}I3SLg(ZdK6rI%OzShCMfS#)tWaqJg=x&jxnXxk0Rzs{GNXF4PW+OODex` zstBfiYi1%YUc`WiN_eVvPG0R-eecdHfT<4LYpcLU`RpW^0tY>2L@0k=NeTZ_HPU)g zmi8NWzl&q3=49WDh0L9?*$k~fY=EkdSrp#qub1=b(x+@wl^H8|GZZTKzV1pxQCVAB zwL^UL5+3GtV-t_ALtl8pPHFh)AdtQp-rTu1xs|zzl-?CJHME+Cz~jyC%2!!da3y+ePb(5&B(VSjZ}-V1=~D zcMd&Cx|~>W?W24~t?*C@6=}KLrmftxPQC$1sl7%`%jmCIM3%r1bb=tNqo0VjZ9}T1hkwz&-k#}@KR*PZ(PP3 zya`E@4kYhUD`ggw;`lhaYR!%L{#Q@x$xM@5b?UckxdWX+5>@pUhxVc?fJR9#~CGZW8!BG5W1Qb`=jn)apkZ=UXDjrUj~OE~zy3xCou zy#M-z?(MmsLb(p+3X0RwI;39|Gze5&rDC90rx)i0iu9Rs_Z^PvMeCZCd8K2$5RmB7 zRIthBrmYE<*{SRfC;&fbB)s)~=$Huw2&i(r`5-k1FdmUk-L<@s)nL+5V1=U{RSqqS zw6-@GYOc1AxKqL@<>*#|9D^H%Vo*cfTX48GLXz!@HLig8#8aaW1uHhGAwCAB=U=?D z*;nq2j|C$N(tf;RR=L^UwT52Ojsz0dP0utA*|-AI2R&-K+-#Bb&pF&>g#IjR6>N&nju+2cKzZhI1ixOwBG!Dp@NMF3Mj-3&e7XO`G+ zp^!X|k4yTx?Mkj!-|~2xQLaWVJ$cPTk$;H{ZDY61rrb)`3sx;!mS(hD9L*tBjTBHF zY2#&?3Qb5bMvZY94Z@;JRSu-~D7j~m%d&>hjQec%5@8`COIbNTEGPfnm}DRpg6V>( zmzQu0Z4U9;H(VxUYf`w)l&#L4PyW+Z{o@%;7j1#lv`P>&8zITq=gkzd(VCzF*-VrmdS~@B!uA`=wb(g_RzQuUQ|vlR3&yLFTHryVNgNU|Kd6!V%dj%Q#)($L(jH(`I^hBgOp;Y(Lhf z4xGrI&8H3x<@zCXuYJ7S=|>gHjYkRJu#>)py?$JS0QVflVC6!e3ukwM%{LUt#*8oB zUIUanA{p@2nmaW#t+5off!raI8Gi9;HS2TKC|DH&b^e905h4ZyhWLCzkibv9&y+MJDi z$51hgz$_V&;BYs=4pW0tZO{~hWF`$6wte-lFM@S-l$=Q@SA27CfF z`X#M_NK@Xvv>h~_2}3zV?0wTbbZXOrNh3G2`sDDpyM(JJ+&eS?k4Iwb4)7Zy&S2Sy zj}Ye%k-h5*+bVa(AKIS9CM2y7%^FTd5Dg99s!8f_o?$#*?Kr?0GQ*bQij7cpbC1~O z7?RXiZa2&{DBjm>+fOI#3?H=t4SSzy8auR=cy@EH#yXX~Ras~Wdi^b3CjvBD#C;Os z-%*VbMYNH}#_bfxuV|2iWQdEu%^JDyQVaU(+3CVU5w`1>1jO?bQi{ACQj-g-_^AaL zkF;~&rQr&ZYuEHKc4;P+Xi92mQ%Oal)g5e=kXSf?Re!>@XnCpnbvyoOEODh+NS|8w z&KqFJO`+vZ#j5}rQ0S;D_EE?lr;g%^iux*TEimM$N#F^wpWiv^niu8l)P7StN*qeQ-5 zm;yYl4pwfLlJC{-k31~ZsK>G!K!MRTby(>7B=QpL+KTpUsf~o=y&9p31ZvgDiXVs5 zY=*WTm(s|NTL=uNH#gp_CjtpekrhuyM92?u=Oo0|5eXtw$n5V3SO@v2f@#Zn3r}CP zNS!=5O3tfWa--|Gg|fQC+e%y!XJc6;qr!sXGMPBhq@Tm>KFW$%~?_ACRth)OUQDiw#Y$-`fryJ zsEnuk4t?LuY0_1MK1FjS8!U4`t~a4Q*7ZW68E+P+?%;eQccSO!(~)9U?ar+Bad35P zU1N8Y3b}r>y2dgvyEA6iDk9=xEG{QS_YY=G)5?`D$8ryRGEA&Ic!)=POn;}iG08Vg zW>)h;l#AbSx!H$hps&%6?_M z<0N=>6YkU#;p96-dynMzEYyI1xn$~>c%NPFcZCt857_GRv<#jBcdL)rI&M#p)&^Dj zj)6s_``|9faUoUe6)3+6c%z|_+^9yci3dc1zQI7ve>!edl;N)Mx-&M0Q{X{<~a_gwau0i{3s~FO*wDOh^?zd^NlF>D;l?aWw}A)pLIep!Srz&ru02*Lrr%FV6m%M~XzJ7Y~jb9B-f#^8r3oae=>;?fmAA;6dHK=r_a@M(fj5o34KAW8$?t{p zDS=~I&e?)HNpC1Ey$1v2VTT-rmQe;iszqoi=D){Uu4b5Am=b(gAE&4!=J&q2BlWru z40Q}#aPpIxY(i4OfWg%eIO}9n z`@73_lzwyCLF^y#6WK-ItQ*?D%jmY{oJzn|w{&fU8DzRv(7FzC3K0NV^neSXi}-2Fyrvg zy+UZ$ryZ9EJ>;U}jpQC)L&l-Aoet!Mo)fTs)BdaT2+nrIu2>b0spbKp)zFN6pE~0z zu(Pbi=RY)>>_AtB0@j_`aky$?`2VRadY;HjFah9p-NJ4w@?FqyEGXg??S@;oBlJh2 z=6G{h(`xg}pJ-}DEAHr3rfCuqiQv$(UcB$l$&Xt~MkkNjlMR5!^Uotmr@>uc077F= z|1?%@U0Qo))Uo;mU`J4OY$tSYH+!=cYiB^yT5h5tzx!|ptTG4(K)vQ9upPiK5_hinSBKC6)%|plOJIjE1Xt(MtTBpK>!+?^|>3 z3MjSXVo!1Br$dm>jdz)*QqMFH3=2Sw2Q+vP#9#`#)_Iw1$p8>a=P4L4PC4lUWLo&1 zPm>M@UoYZBXH zPe#43by!JVEP)9oLD~2xpVPHS%OU2#vMqrpfRReY9?7zAU}N1ziD7&xO_0HTJ5E~b zdeFT6U#86cf=VZYe-yeE%Z~vSu^9Y!qf2V4MlA>2Mp`MUT?x@n$E$dfq27r}Ik`Tp zD_9}N&QE34h6YJ39=4F+<1nTV*NZ(Y)}wOgmy}$%=ZQ_Z8_PMgFfYG(l#nK0AYu|~ zsn=rJPnMssL+m%JJlv)?=M(J7NFj-v5>E*)V6^Xxb8dKd z42P1g%^sV}$AF|DcJRyJ?|5Val$n?(4%vIvG!p1_>+Za;GPL+_argeqFUA~{hE!|P z0y+uTG%N}UBhIic^g7oiJq~F67Os;ZnKq0QT-u|EuDliw75+c8Y)}95o`6-$zH$P=POe1!PLhnh-tg zgW$IJogywAaS6h&v|U22E=IGw@*LRj#I4Dqo05(=WhGX(143XtEgnFvi4 zE|xVJ!pgj>!}~7Id1#qMLL3yM27s53f^s(ER&+& z$Tnb!pMa$c#Y_(3yhAuq{_UfLKedFSHeTfiQN7&}8XHKp@3Bnqv zvgnLjTD5zWFr9K`TyD*{F`$P0_WzBzDY}?BM7WrT{a^@DeGIxd;S%)-uK(=+h?_06 z3tTRe+NU#e9zsb?@2aupsyDRKjT`+pVHt?by?7 z0KBt&o|A3MnWW^UtSab-x*(eyU%C9~BBmG{hO6+e(6urzWq-xi#is9Gle`IGilO~R zmpnrDn@yvpb}fT>*HJj~nng%9NiEA8^l~!HgV;uYr}8FE1%EEZV?>Vdqh5(WRW8Z@ zmbXgbJrd(`fkdm&(-)Y_!EwEr$(K~L*TC3W>@j~jw}9PoUfWCOYmlW3Vvug%eMCa; z^&zD&Q_$Ynf&Gc1io|sd#S(Ran6ZpO<5*hC!X}h#qCCg6$#-QKsWfUNG z`&GEpiq?8uf*#`~2E_3arX~M5o+pzp9vG_F35~h-YNKGPf6wX_#-V^B0z5R}V93QDC2E@RDdFa4v$sbVLt`}0^$0IbDj+*DoWi zAA8WUo$T8a10Qq5*9oa)Cce8Ke)Hh(Y%_R*g!nux&xC~dPx=cc7I=Jt5Ir)Fo$Wb* zAa^mVlJ5I(j&%xr;@tVUfKHl*@U}Iv6$bV_1w}8u#)`Szk+H!HS@%CPea!!1J6J^% z0*e_M(Os($S3jq~9rEp9X`Jf&L*>mRFW&1*0YstaG319$_W;_6X2HJtiL z$TS*1M;Cg#ZD;-H@MQx$pTjwcUEY9YEBmYyoU~`5HX$b*PK6z4AbOzajFba|Gv^Hf z3YpETV`Gdem@%d+2Bhi-)a$x@%G{jcn+!*ip;XSO`X9za1Ofd(1iP;%w*4RI19SVa zK%$k2%|u_nKRxI-6{Tdvuph$?ub`41v}^c)hpFJ%AdeRor5>}Cu+O)#6;+JX~qBRqOk6>W!vFth=4qs~P? z0N{05Kyy3#k5v@-Jc+n6#e7)Ue~)DB=^wkg!0o>&pE&S2NC`%rOgO{?OadlRy{F%A zC$?Z9Ko=c`V~wN_oy_%rbj#ZBY9mQMcHT!eq9MR!9I+2fzWrr%lD$`Qp>QZrS7JY+ z$?c<^*Pe0c=kue#;SZSqM8CN^9#Inu(?+&1|1raQg{S}VkvQJ4g8ywtnI$D%PoPJD zUyJFi4k5($cH>|^rPHh?Tu9Kez+w_>4^<(N)#M8@jOJ-3!G}Pu9yq9UquH^-qBC4J z(_MjCO<{c_U^o~eWRGB$9kR06v2Qq{Y-UEjk5PI58*9pE+L@s%0pcb3qHP_{OG_;{ zkGzU--IwR(_?=C^f;Ns#MniL>_{cm!dlRZRvX1%(%)qW7Ft^I< z;AYU=`yrNn4}7=qi8)7U!uFpuK)>aKF=Ezz&p-A6SE#r>hkr0QVA=-`_L0CCk=yPy ze8A>^KcY|uY-|#oad5%>zTuAkdo0mAzQ%p97GI<16F{5!UkCvrelnf_^Db_>JV{Jx z2l=-6u9ZF>k=ge=4Gs5%$OOl86NUcMb_d=hKnn-51I~d$Qd$7J!az*+b*JlT@OIKC zzlr9nySdTT>HKV7EQ!Iz1+6Bc8AgF;A;9|GLCb=sQ_)mCp+!F|z_fs0;5SJOwh$x! ztB??l-45iR7goC0-cDUH9R-ixPH+1??0^BXpP+N_Q`y4ov=dH(z)K~1Weh94GO?BH zy9_?6&$R}^-SOcen=-**^QZ_i%8YpRU37{3?{wdRnRT&`#D153kz7IApWm(WvuB7W{Go%K%#?j!-TvYvUqdY@d>IZAcF zgFNtXoTnemgqs^PL+hxvxh{DJQ;pp8$muabCO|=OnC(tj_*hXn_n`6&%OIpe;Kgku z_6FS4g*5p&EB&?$W)o?tULQMdPUwn#Qju*Ljx>@!h2Q?Q)q1`GYpa;~~pZG58*?2Tyj*^$0S>V5f;lroi*g7n)2ljn++M|b-_G4i2ITvs7K zcEDR{w*UET#uQjv=!rQHu(U@E6dH9n4`Ls9h58srX4_ZX5&hfYvIpqP5J;A3<7-Ayw)RZjQC2;+liV&BKzzaV z>}!vsM=CYiW;GdzLl-Xl0j`u2-#F$%D=gfJC{6{p^77K%U=$LWWovVm=onUdL;VGD zdx5^@ox&}(sF`FpA&x$!;Br@u{m$xm^Bc9AYPbc`>VMt!+WhX#eBFU80hZGdVKfYjc`^{m}fqN2To|62Dc2 zG+5)m5L5=qwl_7*>j*%B^fI4c~s|Sp#Sp63TRgfz{5@mmAh&Tysp`N#Dw&_ z6l$cbs0IByH~8;W7Is;Yf1Yg1K9lmCJ`cPEQ}_B}-~2~k1opHH|MzF0>hsp_X*>b; zNN%XQwjkIyovv4}`VtEJx?v%D_g)}8eYW@T(48jMp9>3i{!{D5K>$|K(QgjO!Nb{h zrQYr$RVbi(KdMIlTQ1;$S-6QRlWgJVN~OzMVsBy)B}KrLM5t%M=#(INv1>>>1pAiV zwKq77S6~L=Kan1HJ%Mu;rMiIgtDXYHo&Ro;a(GlQdF|Ss#rZjSLgi*e6-E1D)d=YP z$^_5^KRDPRg@KP902j=m9QP#Mmo40aKxHSl|giEi|g=ebLb8&7Au9tFaBZb^hj7 zkyUi>H*k49ppyt$!vjB*$>T3OekG1_Z0+8ovCQjacrbyfiMYH@ z+lA60W<0&w+8IlB0KvDz05;*EN(CNTi;GE+Uccjnn zZ#Z6|`v}sm`zPkdC3dAAE!ir%hzk$c|<1_(Sey z7F2(A!Girf-)!9PB!A3GtpYt}8jk~eJBQEFJG@@yM_ov~z77Oz;fL4EzD!rT5d48T z=K-@RGq3o-pNfH}YTS9fn?*ME067XnXHED(TSAY`^pf~Dp2qrnp8@wUV$b(*@el*< zeSd0D-XI=8@DgYrNmVp`(ShamYN7Gyt``!z zcunV5L?(Ri5&##tyRd=3q^~O%k$9N+zP07L+b=FTe|`+S#_)O`$g%se+CPzz;?8oPPtKC#m^!B#+(Tm*gz+O+&oaE-TgN~h?DbZh}1jkMwJq_sm z05>FK;s4^t`(&p++)C9xTf}Tw4DA0u)jT;(1UfD2{&Ms_rapm=7_9`%?&DhZy3AZxprk#Mdt=Ia7V`Px3VuN{s2u@)*ML5rA!|sdLgtteaIBtOTm-MQ~(N4TjA4 zg0<>8!T&`DV58LgsGo`cd{DI}1NfI2`TE*bn`=Js673$?*eOg?B{@j$Qulqox)bOQ zdQRsBRFS{Y|El4S9&FzM2$#0T(h>)r&OpDZc3k{>{oDe3#ksF7AdYSmI~NtkAsq5u zri4?!UUs8nhgvlZNrUPUg>`%2l)IAy#>F291HV_7M08Ob*JjJy$86P3F5y-%7$>`Sv{%UVU^KxFqm)}tsZ@mvzW(f!g^hpG#+pjjIdOu$93V)u1gTly!Q_cLN zqG=^W+CDpN9Tei(U|cLQv~u4bI&Dr<4#MePT6*T0DIrDj&DKdK%Y;=+f=9WzmAkJc znKvXsCagDC@WML|c1`$srI(su9M}GlFrG4V`u?&KPk|XrFiLEQ3OPRqkXJxon^xk zuGI${aE`c&h7h**yG&p4(SzBMb_xLJXY@o31EZwSa$w=Sk_hpNkriJ+}8`nyUw9~&* z=F9u}?sNBfas$S2Ef;h{n!Pt`V3O*~2-<%Nb&Ut2sJ%qYnSt@Cb%yKz9MWeyga3QC z6GlH=1Yiu~U0m5s9um$$*6ckYii3GV>C zmk z74~$Gb%^r2=Z2hnJ?g(0)M4FUMSSnvt?Z!`h$8$>^{ognlMc`qBg?@Lv0SEneIpMr z4^{0pi{JGeArf=*2>p*&y8AFWMUid?WSV};U3hm$MF`5)6fKzi#@9v}_y}RZb+X40 zY`1*Ek_G|RlaC<1&xOJbcsb-EOpbU4&QeQOo_HGnxOoP9?xnQ!KP1mrS60k&-o~qm zqMvhC5Ae#raLgW%NX>b-&}&@evZM+}eU<8Ma*#o=>h2)kl=#7yb7SRd*zxRcLF`Nt ztO9=%=J4`bdT+(oQGCs*k@CQ^_=oPYgUq_%Jq4%Jn-+B6_S1OKj$T4!8kx4}knr}S zU-@=a65pY7rm+v447f{hVf(yTW;J&Eq$E4Xt>urhShToa*3vOum@ zwNj|-43UKu){qDL8ls;{K^q-6vvK-A5@%*}3PL~jILM6tN7Gp_wApms8h5wi zR@|jH6u00G!QGwU4#nNwEx5Zo6!+q;Encj&{nF>W=MO|CcV_lpYt6Ma^Is`1ViaZW zDJK~QV$?o2D+wnW$P5y>Jau0kB#5osgzt@+kNnr)v5`;>k2zs z)4qiW>9F-bV<>#y;coaZT)WU;a@jjOANB>JV>^zt&js#JjW)_A;y zV&R^?-#`E6?t);3NxpoPQFesTES zNol;bZ%ZzqaqLi3n6wPT_`uU|ulqX8PG52Nu+r|6+#SaarzW-~ma}Q1nYH{0!%=oK z^tZ$THsK2)#{Sk+H@qo5LevrSTBr8-F=z*71v1dMW_(x8)rS00J?xyY5)q?WFxvWE z9JIgxh^-=}{*0I6*I7bfZ~dW_dK0F6y|uzLbFdkA#5+YZuj8HrH{>%F7=|fe6Y&fG ziqw{u%v?0h?+L~zuxqxFC3X0{3Y8UNVs>uQ;|Pm%$RH@be9^?{{!4?A+de}!x`^Y9XTDBg876F%TZ-d!{{X^Lwh3!P(8t@(n{UgvBZ} z2#&&g*}NhPe7i*Os>>Z#usScXz5hXYc40(V|EdWO(N1n-zB1QNIU}h4(`y4S-gvdv zctl{wej2&oiwq;-K`>1az-l=`q3hP?KuCRFuQ5JY_O(!@w*d0af;Xrr`QoiKiaZX(i(-*1}Na`Vz>=VSg+S+d7jeBY^pjZlroFanrv=2kN z$hQi%bMJph*1!rpy)8Nh)g(0H_gYs?KkqJ~eE!R-bJsv2G8WXe zb^yUABGuyc9I!}RXFYL+wR)mJ){89g^xwL`u9>Qa373zsE@eAZM+97lrWMGPX6F*z zFXbz*#&y;h6OQ2E)ut0gp(}YLP}B;k=OIFHmhrT^zXu^s0w#4^iu^%bb*Zz+>%R8f zUCL-j3FIb-cZmCz11oKRUj^Yw7qX8#Il?_4f*VL``5mQfKLQ8WqVvU>wxKS z+wI4Q>0vsUnj%e5s(~p5=EjgFN12Zm$^y0x}Yhf1UR29pcQImzv zpNSv{a^ydg@%Hbt5DDj5*gx)<@<*fQy?rf++y5_=lK8oa2=^2G=aUMNUPvnZeF9Qh zUQ{Bgf2WYMQ!@6u`6-Sr`E`~Q>d$Z7%Ku8vNZdkdv%%cIg^79ld!Jo>*&KfYoi|^| z3j?=48wK@^#6H3PxsAW-o%4fII@}AUSO(3d1ZtokUx9%|VMizY>MTQCfC#YqT zKmsMd80uc}#3n+%a(>q-rJoVUdVgH5dgkm@6`6F>nsBFt_vhg3=voH zA#y2m-9F#NpTNf{^j(JqUf=6J#gk#wKRPMHf4~sJcsm3v&b|i<{&3Ur;sudnLzbg{ zb9gVk-{n5vn-UvZe_NaD(ZKl+gAHa1{9QGXn-Ux{I78T`y1@N1#BR8A$N*#f+Kc*< z5UJuK02OqQ0Q-GvL!jBO)1B;=2lDoX{&r!IkMNIMo|=CcNg+D*B|1q^cffb$;6sDs z-M}^o`j`0aX(7!TATdz2Rz1!D;fo0%wHvo&-5Z_wI-tIWc%NNM1Ws4SN{RWihxlSkosEGOm`BK z9h|WWrMB;y2aYb9e-<|Tmmbj}9KQo>@3?`hN-X*Bp{&G!Oc=c+SQ}`I*E&0Ql zzf?MPd3(I6geJkmXyi9g9Sb=(cPp0ggj0aXWak;3R*6|Ly@yVHk}IXwmrQ_g5hM*n zgElKWp4yK0BSOv?fmyFTCL|X+j;JNbOr@IkcP3cW& z0<2d`l_^Ce$zs2xU+HhRqd-e0R0@A;4g-Oa)F#uQvUf98r3^{A&+3xmHSe*XZm0K*_Y!%xUw z3Gs9d0wr!+Aib*&WCxz#?T&z?+KPUG+>o570jLFKn;tw z*5C~ltHW|j|NVa#kNFM_UpM%Ki?KnZKiPO_@_qE&xoSg~DA`Kt6OK==xWdIQR}-Va zupI*xOyP1BWk#+qoe{uWqOI8EcZ6rZA;aa-5g3r;*?x5fL1UI_KG~teB;Jnc46=OH zVEt&{$3)a8gH)^2&vvVnbu4SdYJKA00>F+)YF8Vw7%n1neBC$gR}aWpSZhn7rEO`k z8jO?Jg5L=}$9Bol5y}a;|7_8H*pFcQq)I)6MZNHgr{uP(OQgDkw0x>N1G<2tlM>Ud zr-qXMnnxiLNI$-hZW#J8>zmONc5zHZHxJVzi=R3iuzWC8DU!O+Sm@U0ddr|*EBS|C zKZK0g`#z0Q_&Zl8w(RL7Q~#fYduQwHON{Ac*3{l7Zqb!Y{na`mW?XcBB*MigFV5{G z(vn2Tm%L668u=1Od~esXa`2{i<1iPJk~DsQvWLj?h8X*Zax1qi%Bi|gslBL`24}!o z_ZX$}+QZ#xRcS;(8}E_aMqszI@{WAo;F?XYi9uyk0=?1HAfGPkZ5V~;$NtwL$#*}1 z%+{lG9U4HZ5}O}M(#;PCzsAI^>xi6KqoYwN;Y3zmyyo@~XAoveuO;CS6B>Rm+Z_!s zE{|4TP;b0=VKg6D>D3tz%RX{#DvI{2DVlque*wqV2S3S2ZQIgdN{*K=bxIpfM`+f{ zz|nVuM9aV-;z~eCI*#DzuM>w0Ydf4?Osi46oby;^FeCD&&S&mS+8>zt_r45M8)x9d zEw4@BMyi@(QF+n8I*!ByX+O_vYprdfNc2%&E2vXV!-895VKlk8FbuEmMd(L9PwTGM z#Gxj35zb!@?L!ohOS`JiuD&7C#rzkwShY;=XIMz++`au?eX4zK`uJ>;-BaALoVJEr z9J+>z6LuhX%B&AgPh)DD>n^AI#~-6vG`h}q7LxBnj$GP5w zo5q4`_*Ae!`H`wV2ZNgRtTPs4MiB%;bV$OF)rU)DOhFW!v@>UvQLDimj;LHKaoqlO z4v$@{vfba&K_r5hT_s^1HpS-OKObX+p_b?g^2|$dhTeT}CgrU0_uwLS+ObPJVR6a$7IX9*0gh(dpH`u z%W^x}2oiJ1Gq&FDVFeAAgHnRq=Q4@ZWpvae zs`uSFsW(Wcyyh{ddSHxF)T!zrT*@=oblsdDSJH z-`~s&No(A^7^AN~qG;9P!>19fRBOnlw9aqtwKB*LCl^S{A^XIt$rXE_GETNhCx_V+ zbx|zf5Db-0-PWY--;%?I3B>s~I380PJ{&Y$1bNxc=BZ0Bqd*59a?7%5&)G6VwYJ)R zpz&A{f%kl+^@fhs0KtgOiEx)ml4h$uF4ds3gZr z*!1EGVeF7EW`(37kL2-#)x>THLtachX%c56D4;T(&T(Zo_2hIWf0Da<{wEmqNr^YAp# zfe?I&4u}98i86pMALwFv(xq5&@xU=z>E#BZZAey}KWPuN`^9TsIDquq7Q0ytoVH}O zk`|P!`ooJA@HkcOR7r6=ae~7Q-79lHnAjRT7kF3hzTsG9lc}ib&9}4h6Pe3;X~#6h zb1;Au%lf1Les5##Ki$3ZUWF77BYgEuI70!IBL7b5_kHt9-0~))O2p63?M6Qs=ER_B z<+EVIEktRtql2+g)trnd%pi#cF56|fJVH5pH1JAnFv?+02FM~ zEsL~ae2C~u?Xy)Mwk+G`?KA#(LrlIN$IHzwQ=y*v{+9$Q=xr_FT{N)}-feZA0*ESww>)r`kk?R^sgolq8f7=8J@fCwVBWO z7Vx_oF|rYoWV5J5CSpOpVPr9;?hkse5%7^d^9np;A9k6#nEtr?e{sk&c}*l=lOz$Z11xnDSTjqGZ3$(B z!f5^Zr8WGeuwvhm7FO6If1kb&Lu!}&BMmHE%emVL(2dKqfFh(w|B|=5&Aw0uHOV&c zOPQEOx*{sEzMLloLLZ+rGGh2mCpK8gdN+~&uE|&-XuMxD?EAM0#&o6X9LgH;D~tQN zkr|_6Hp1;u>}zx6$PcMDWr|N9X=xDPFYH+Z-i*R@@gEk`YFjmR%(3AWBG8CI#1m(G zlTbGrY4yvWvD)T0QAchf@r1X!8r>GeNhZJ~co#`Wl0D0BU5mHmGV}HF_H#@wy$EPV zEy^^<%9R!>yXHE!=-FX{J=6Mw4)e|9xcep@=p%y2Wk@ZncSJsV2M{QK+2_@i4``}6 zK6=z<(_Z6_LeYW(vffI!f|fyOAnRWEWqsBj3Vv7^n9UD97#-?#HyIvI^62&|AlH0JOh99UKE`lBE7GW-o`0Jp7W`8tCVE&U&4mlan6c1J$Yp<^XT8NNTeOtsG=p*h^=kliui`;$ zHl$}btNQ-xxsE0OUvWIwuQ%bGWx$-yK}moG;F2?}*WpdV_pM)PZWSmE9vzJxm$ada z9h~`<*W+yp!(g6nY?YD4W7m=LYP!0W-ft8t`B z{r$Ce`CwJ;YhOd_28paTT9#m)EDBs`ntQK;jHMnxW1LM+7ULpWKWSM03xRv)35N(8 zMiWi;PrNc7JVnk&%B7s+V@ZZ@=N@@~c~x@#2NgVhpVTwjXf_(C3SBgn7&y_r?NmkQ zT6r{i{qn3NuP-#o;2+MI!&r)rM^G)e zmq0!_rnAK7}%T3@B`;e@!y*pG6@%7o1WxkY5;s6L4K zGHq1dpmkqE>-^5;7>8?9mi3ZJ|AweF!`{SJ1v2}EGGj{?VSiP%53@R41NL&AU{ZL* zAeU9@PHaO;IBMk0h6RJuH_8yrzC^||g@P{9w6NQzqN~8fiu&&R$FL_-(^j^EN9O=X z$HnefC2Uok@8i3OxI>O^%`=UcNOcVRh8GWlyWfcj4mKkzP72fWHDxV1*KzEYi_gOJ z6c&gPsjm35*4$k6lFID7{ljwQ08*b)vsl$GCW}4NrpWNY4o-E$475ay8=q(EXLImZ zi9_M2;4>XBTj9u3Q)I?t3Ie>Mw=&AS^}+ei4$9-fcwZBhBtf4Q$Za z-=M`15#QosBq}un(iG-Z4USoPm@-JVEHd`wk=5!@WsKkNc zOb1feZP(eZ{QS}OdE1^V&E0({llfwP6}kM{_hV$WF26d?c&H4I0uRaaE-A^Wjs+GQ z{mXq#F{cdB_d>XNdK0dPFkbMJC*dV=rgy%b3kp|GiCVDFCMWew0p(Cp1-h#rd{GGJ z)V8d1W4xf4t`w}RyWLlJ_vaL{U*nE!rUXDy)C*Icg*hQbzmsQYWdIk(8JRa#Tjhk^ zOw2@23b;oc-r7aiu~laHG^y);07W5wCu*M|B$1$9ujbfyfr34*-2tpxNRaw^w8v3w zN8QLORGw~qh3OJ=esVG$ZAt8<^Ml58QckMv(-E7pdB?ZHyUTlSQjOfxd^79DH zeOvcarnU({Y)T=xrCIdrG5Z`T(jlFf5>LzrnN`Q7J3<)1d%q@34=}|%68OVQ7%tLM zDW7i_?%6)O7hX7Gz_PRvhHdOd3osc0Pr}Kl=}J8`-*A`GU4QcJ?TJP!7k288UG*-! zyLtp;GurBWpGn9v*2d43U1w?cW>YN>{YH^IWa?IqEZFhOLU>ti9 z6J}*NVjTgim-Nn1I#}UEw^9x6BVm;q^&grOYjbs3WdRtV0Un@@AU7~h$jZ5`%ACgsJ#Yo z6zRYlgw+suF8H0}M$J*}-4q#;{U)v6btvVO{yFiL3PxjoNqAo9&;-9)j4Kb@kx&Y` z{bJ|a-lwvKj8|)#%_7ZryKRGu5Ad~TGmu+EXWG46C|bpKL#3LV)rY$o^dm@Zm4Y3v zV}J-Ei#HSD$CBg})tW2>(ZRH|>TZ1>G1Ae=o@755<+^SJ+1fAjDQ!m4T8aZT6=Y;D zo0Fx%2OkAf$40~%Urgav(wppdDgTf$SB$#uncmIURP>L*NwWt`4}pr9N;=!i`A5Vf zEG+R;JYcWF?-DI~>EVpeiv+w`n**x>)bO2Mzmh_sPQk&|W>=J5)3*I|G7(ZnusQis zU)}*?TB)qIZXJw6oSCi~GImtB`7R?qXCs{SrYY5)f?$H0$Y8A(8X&kBoO0Vj-qN9W`YNS-P2`{o3Yi?qr)4o{EdTn{5j&nLXVV%@{u1dkl zY8c5%_IX!at^F9tZ7FaxHwRkL@_n}F1)Vv{upR=@r?adu6T?j0ID^t8K`bLFjR+{5vtd?yI_ z3r59(IcIW|bHw~amBHMXc!$=_!+Bz^9U1bw?K<8JXGVnUf+NWIrLQ`aW7$;?f$*1s zCQLSl4PSJn7Q5u;yOM292$+&gjfF4OJXP(XDbDjZTjJaJL!GKi*;b4g*6RYCCC|(w zoX744x>8Mt5yZf{7A0_NeFUNLoTLkKe_50Yf9JOzkE~k6LyT_<$d&%>7%zRyMR1#u z|5(#H7)Gou<%Z+0JDut0nwXVl6s`dAHmH(hM$>Ppq9NVg>Z__zp#!?ed9i!Ayz)7R zKhuTq)wLHzYCldY?%z~f#B?LdvW77FvsnE>$nt7J$FCJ;hMQ$HY62>ZK5|RITM?jB zIIOBA&4=1i!6L?Sxuf+h9#Rt39F*gv97{n9{8~3#Hf0nH)XtX5i|!8NS{3Yg<&kG3 zQ44(3je?Us=pqGGdBRA7GNX;D>0J5V_`>lzo9=a~L@!c4Da&B-=tO>{aT=|PRp5%H zk^0*9)qPKxAm%57WsxW!qNkQ(aCeT1qcJjfW1ajy+k?eW)5ol|HFYz3!XAAzqBsVv zAmt-n=nl9sCd*{kzjDLSPR6>CO>giW^UxZgCXc@png1fXM?I5P1LEE+tJ;>>)`)_@<*2SaA(SBMwif_IfVb<6E=$^x7|Gg6|2<5eFx@Be? zs8kGK;AF(ekg(Iz7;~=WfGxk%h30XW0@v0a7V~oTMd+rIWq_~zU0u{umefI{()Jp$ zyg@3+(uJQ5Y|Jk;Jc@x%Ofs7m8!|3GH0ou%3B_EbI8ouY@Ky-3c@~6WXtUv|j4K*h z%jXacKz%aTsBGA(AA|=%hHi%+t=Wq0+;CJeD_T>MMje2B#CQbwF09W?yxOhvBCN+w z}c5nmvNc9ieM2Aoq@xjFBWcO+_h5Oo3zG!S1#^A!rHfJXkTb?nLd?y5>pM2^T#o z;=&(>jhv&;;6oP)|JJycnPSSKGnBWtt+mkwN`9nGrU3G(oQ&)-y^3hL>blKI9Hny{?`LntV z!~5V6QFR7iTRs1WKu*PN__`Ar8hT|l+SGUYRg3Itq!y+m!_@QZ&?&Cnp#MDt`dc=_ zvBriZ04t+i(ujJ3qV}qzmYNVaEj-0vxjv{YZ4(t5K;$$LD$cciNoCh54DZPe1Z|zZ zJ3Z@KO^vaR5>&HD62si>M}|ls$Sj zgxtKbqHTXYIgnKsy?$#URZy+rBg@B0LK+h29i%%tOxvs{ZGdHQR^R{?Jj=)lU&)uR z9>u)nbj7x-I@#n^Y`#(T>Z9**`~Fb9R~!bardO;c)$eMgj}rDC6=d^QNj=7g*CYG# z+0L+xKMz28^xE)qTJIjv299mv6-vegj2FA-9(`wQ)bJsBaDLea?gzWoR^+NTg7`{r zUUh^VyrU1unp5q4W?@5 z@?9j@UErD(IHSQv@U7Q|)M3&qs9QJEL09c#lCLqMNn$svf4BA#9w^B_3(f0w0P>2WUK)_7Z z+oRm{&0R}gGLtX5SI?nQFo%~oIp5SpCb-5Cu+5af1_o=#GPy`*Guq43`aC@(7u&gP z6U;Ni$gQQV4DpMdRHq?BNu?F=j@`(2MHacJuuruZ2+V&LyT;xH zm{R$b*G`SL-J(%ez5)SWB_mw#aQHbuk~_FH!2_umNQLMg_YS)kFBmO2*k)6}SO4~* z4b7v4OC2)O9BjXldIeJUUpn5tL^8$O^zsv2(P@nkV(pO;F%U0xD=Izb$|xW*$-)5< z>Jcrhxqr~>V;A2!q$K;Azw2735Mlm0XZGX0rj8LTrlmL=x3iobs}q*xaJYeNYQ6?s zpv{tK-8T!{oY$ixQ}?vDhb|~|56ICp@7$cIins?TWH6K$kk>owF7%}7S>2p+F+%# zg7v;k+dAGbqSVyHrE~zq(dmVG*VkH;N*K%z<8MvBl^o6}#puYipHb3DirFZ8CJ0fg zd%Avy!nn@A%e%B$=Z2@(T*-xQ+&XscYB`^$a=IMH4`*tQS<$gBn&&LuB8QC7%SHvH`e2KGU&?NTxs||!K zi)fnWymJW^04%=@SjQZ4NTPAfjhdx*%|rcV>Ji!Tb7Mi!F-2XqKM<|Vck3pHgYG9n zxfFolNjfD|hs$1Zml1G%Ri|OWsQA}Hkva@X`Az(D^Z}9*;n{#IUeYLa0uu2!iYg+F z4|<$Gop#<``Z$Ci&yASBa-qw2)WhKv3O0C^6m(zVpbP9TZK48+^*lLp`5ceBr}I9t z&3!$)zHHPN3zX2>)*^gS8mIU+p3THo2*Nj4(wwtCHI^&?`n^GfM7mliGa$1N$1Y;o zNxj73E|G?|HX*cmmsa4r%T6b^SEyhT*j!K!-HGVtZ_{Yce4Tg42`{(#RhXapC7YXa zd_*z!AuozJSfdx!i_ca|&BP9~xKxZ&v%1a|f#4Ie?>5MLL`3L2F)Lr$J`EeamH}AP zVVe#=&%jFKLenH7i*HD_2N_>g@VVr^x73flqJK2o?~3bKz-z8+I(2T)D5gw$BDh^8 z-3t|~G!6y#Gd6SoKrn6khYCDR8Q*?_vE?S(bajKCyLAhSkiOMivuFYQ2C#fm~5XnO} zV7xL%n3EcGT(Z^Uu=FUzGz7hDhO_O1#e7?bFQ2%@!?`zEfSpSU9J0v_>kg3R&0n=G z&p-tpb}ON2gkOmrvti?LW~j3I_2&bVk#Om4f&xk`Wy1xiT<&Kjn(%KT6>#qVf6KA8 z&ov^kYw(v| zEoWi8I(*TSGpM}{gFrluDIo3oUHa4yoJ1HrtT)Ns`K_vDW%(|08v79i6n-M>!kVIs zz2A(Y+UIa)tEYI!lH(|!gmOR9Vj^H4UICLwT~?Z#C$r9rnOLOv^;?5DAy6&k)FuV5 z@}iVIpqycF6yrt91}34=5fdvmXbfF*TlXjFF9pY0#V0mI=trzh8?LYNjJ2}z%J^7x z#@|+rQlbm+rgk^Zcpyxuv!N{r?at?mj;WD`-VWJIP9~{vIWsBDSNQFevF~7>wv~Jgk6p8fE%Ui~ zDyV}=>4vF+8@S}~AAs*9IgEvpv>ZS$g}nnruwmW^)hffsmAy|HHE4X)=ww6LrXsUp z^)@Q-*=k(z{z!}5=N{5=&;dL5v;hXq+Dn%$^Y_+lORuRncMc(aJN!K!S^)yk3FSu` z0~ZDWWCT}GA3-KF>}3sNweJNBYKPrgvnb}<_>81mYU3mh-;popEHPnoV0#fHn8qLL z?WdWD*rE8$H3Ax5#|ZacalUfAQolg7l$(dE-fz$^3 znk~Rp8w7!wAl5a#dI{V;tMG)l9U-YB7n(LY{n!geBFv8!EHm8!;^TmRy1g8^OC3M9 zU=q;|;okaBp{YoDRc2(9jzG}&nG1fMwKOQaGG8wn1fm|&Iwa-P^N=Bo#8gJpOhHEx z`7vI|v?rV)ac*ID?igGoZK<^m$R+VsLGZMr@AWU!m;QLv%^!I&7t)NuA6J)_$FkYm z3Df$jwT2%3KH$>F9mxK&cE!%L@*JWyK}x94YAOzBCb&AS)4=)Nn)} z19)}2LPwmr>EYlEN}!DBeY45VlU^TcnNvF8O#lZ=s65Pb1SbJ2yBAr>Dl!(o@4f%W75#1DG{ELn4AMIqY4|5z-Ye?b- z%70NT9+5)Sfv)cIb%(mz($|wwsZ0PriRgoXyA0*izKBgxKujZ)7d2M*Rh*Hj{ODl; z-_xx@w<}vA>F7=)Jn=Y^ifNm5VLu0p?GJa0J<&JMq zu|uxWOk{zD9Lac6B4epOA(zg8x}kBKh3|iUi~3k(hw)%^xMX6oY$s-SQCYNCKgATz zW4%8V?sT3OWv5M=qRC0F8QAJ#vkn){X`GzF#Mj5w6^Le4ci%40@c}y$oWOufzKd8T zA$o6}XHgTERC8X$&9lwz>>++R6=gAH1 zUNfYw@6}`>3IFW~;V+xC~>#DW!iGLTE>NG-b-w`o6YOENC@XbrL`Ml*3D6r71tUI_d=V& zGk59$?RMbX?Z!9Ws?_*usT6)+327cS?G5;L!E{2S@n8M0&5#l`-@D`IT*;0>Tll6n zWH`64>=`8pE&DqXVVU}l(>Z+j^y&KX<&JKbgA|tHR*yPubk9*fa&}}8i&DCqupI+~8!&od8R1#jPM?%WF zj?}_7vfDdoZS09m1)h4FuUwhL2_eXSEbtmpYtwLMH;RQKbR7Jmzc(o%p9yp-G27ySpDuSrQjHEG6XHM7>jX zO~7kQ+3OA4N|}CGTtooL(%p&DH%ibY4D~!oSJI1+ERCVP-?dr;9QuM{+2=*IVml8o zIZm1qsflJrkuG*oCDfX~F`F3IF{3C25ze+&&V&OUpMQiI?u0-m!M+5yhe3D|Kh^9j z9W84>sMp=+6*HvsF3JUI)?#%BGw`FAnnH5uv5pyhVjF*#P5yL>`=Nt;j670Hu8U`u zihJbU>5w>ujf#1@>;27a#}t7<%ME zoeP`+T>3r`i1C2+vBB|pRT9J31=EcsC|=`5+E!)!RgXwMd~t@^AnNoEuKfdPHJjxR zFQ!DP$lB6&9GWGwE{$n$=`+7MY*&X2edHu`TTOCd8Hmy|Oi%z7k7Y>m0$@9rQ_?g1 zhejmYpWrSFGd7N7_tuTEjyOZ>F{WZmEnT-;oA;1@95oQv@Nt<0lj9VW8!pd?Lv5<2 z9|3bm!W!IsQ;fF?ik5_-jOhRpSqm+KTy?;P^eML=svGmke& z;@3?d=f$QMDKK&dE3a1gL*e^lNfP=*eB+9&RS{1c-yu`nwf>d1?WhAE+90#x?ReotJq`v@Px*E^OQ-=0WDq4uXxsm` z6yp7sq2QH13gYz?C#Hlr=~X`&;>Kq?74G%XkXpwDQkKSda3(RTpcZqLW%U>GmJAa2 zqh{@(D!f84Xd?x3Gw=j{NGVEY`l;Av=dTHy?v)`vleVIj|I-YK6Kk~TL+w<+McNAf zwy>T0$_n$)hcXWb0!34(whT*^4W|fU!nvJ&hq{+znU-!9xz!&Dri7RKgzCPEc#$N( z4b<%e(=t{`Z;7pT1j*&npS5Kk*g6xGzDfb;CQq1tCgDlRFW~E78#aYInJV)SHYnrX zl*!|6?JhSW)7PU4{Pm62jR<)8dBx}FWY{uOelxxb9Cc4(+6|+l7#~U&ayU&PMqSdX z;Jw;5t!`_~?y$JUigywz3g_5-w_{*vPYBUEiuWM1tw$sZ`%If0uGp{q*N+`3p~Or@ zW)9n+vUTDy-|iA;gLqf!OZC3G`LC`b`P`Ij9M3tlMtOH<`=w#|cxDOLVZ)Y34_{i# zPpk)tTUF;;+zl*C1yP#841x`WsljdBUk}}91B!ffBbyUcNweNRl1Y2ws%yf#@PKVi2Hc2H&sFqQ0{j%KZ&4`m?mIrT<5Qy zrT6S=B_dII>ePFj=tqVta~5rZd_kvf4Np6jDdbI}MH((HR(3Xr2r?FvMk25zy3wgj z2kk|#j%D5cMi~M^+*ifkEnlK0%JMr5gA)t|=aH+L zot)+&2Mmh~eJwz#Nx@$13!%{%T4MZEEum4w3&$*p)2z(@Y61WtAi7}1^-&7Q$Clvc zfvYollnoGwm~&6jW~+6zldo}NyNjVf_z2*g@7YBack0OtEKFi4=}n$(mA~0na8kPJ zCwwOJfO@%lc;c1espl}C`F}s`S6_CaH-H|hj4D@MACe}=-H+R^pLfJMgXFRec;y07 zku`Rgwl`H>O>pt;iB46D>;)5GBluNawwWR0Z*k%h4l!h1n%1np?#M53}d7ra&^Efv#YWe^> zsi~c?ylGu}rHM&6dtuM-1>HRa3y|@M1#WkxuE;uz`Bj9|GMc9?3Ru827r;)jt`6#2 z4$ber;`k=t@t)Bk&9{BQNh8oqf!@cHKi8JS@h1JQI0HmnB_BnrUC&5xefwG-Y&C6g zJa3`3cQufs8$*k5^WU$x1MwUAOM}D&DIxZ2UX+)9Au`y#(28gohCprT7%!V(DwT&z zbI}9ghHyLfAbzu&D1ZeP#dR;6bDPVF-xXnw(|YieEvuRso)wpHou-a>5|wLu!lu>e z)C8%3K@}~7@_jtB?dlV`W3x+&(;cY`fhc&CRz{@l8*Ih(`nxHs55?$X$*jMU#&bw& zk=QDKL|APZ27MMoQ`x+U?VeF({f__un*Rh?qmo$0;%5$HiTdj1v78@cO=i9;ibc5a zw}TDSg=$2tZ!@F{kc=7zmsz~fYP6k(OK#aq40V#JR`v%dj2R@sOnxdubuK%DD}qBl zM^+P})Z;LN$%9ZB&CT9sbMy3UvbDcXi8uq!whaqkI0j^K6yupyBtDb@QwYw|g2O{I z{DVi;$CtNPSQoc0JL_3&Htpbn8Gro9aIER4B>2?VtIvFTK!%2_L%Ogfpor&;(h411q*+CW8At3q$oVdCnF*ecY(vbbl8T=!;d)c>N z=%62+A4lEi1w%3xMgdTeT$$YtUixn~L9(6GZ#xE7Pdf#HPPejQh8}5;Z`UC=quDVV zfmoyyi!(UfJ4Z99rA~&W4`=2_f)!qha3QtzIk#P=O?AHkZ+uti>=vst!TJ@~gJ73j70~9|Gwby^jO|S8Z5hssetRBs zCKtI3Fbg)J?rW`Zno})pI;m=kNwgeIiHW3^ITbfc(4@};32IV6&!UBo{SSb){Q+gG z{1n~*YJs)fEr}*hB`JSJ@KES4ZNxY~`!WN@=skVJMLUTLv6*#ieB0C;N1R7^rqb>D z0CpmBF5AL%<4*g-_%%Ae$(i?4j4b2j?$S_h`kkwuz_wuK1?lxs65v5tv{owM9FVkl z6ISj^l6@bmySGyl-RSQ&UQ^jNgoUBee;*^R=OWIsL4LZXMtTs(jKg)_Hrhv$7h?+l zWuPo=mk({vK+Q`LzjHT{?HV0>krv)5qqW2IyuZzYd{bj#w}s0fCCN#8A;L6(@W#9p z2#39P;Sg4I6M1|hg&&|u%96~KR#lpSCaEss@0xNBxac-I8q-t15J@Rf?%Dd|lAuX* z;XRk~z;E!=I3KNw2)LG3>~AvgQ<#_NfFzHU(@Pb+McihfFsrB*(<4uc=YtWG`DD>Q zHVsbxd5rB|y&R0h!1*dJ6Zs^w;V$E*M*E;^v1zET7*8yc+)>Q4TI%#Nd86Do*tolg z3{gHHw{LdZJ)vK%kbTW`_oMC)JQ=3C1G#^+I`PdrB~`WA%FQ_^befNT>XhU%D?mM1 z%^gN-1tT0}+2^i?u6D7>P}+n#ret_T!9?J#;gG(_h$`h*0(Y$1uAi+nTb#&HtI1z>dY|cX z3&aGOiqLkLL91FyaDfzx9^8JT;ZhDbH8MCl>MkX02igkkp;6ua{>qari8K4Vj(-Sc z)lkdJ<8!$AC&>GMEb;DhBi?PXqvDt!jKkm5Hq)XlqjimceoKHL~(CS zSeQ&{-2=o|nv2cf!wp=r(o`n=#z6{JP8**UlUhnXxURxdO+DKnP>d&xwsy z4qGW9MRv`SBpk&lnKTK+V-r7Olm_Lw5nN>qI$WfWp6!VqnDx`rA z44E1Rda`^0X-n-psrZkG(|pfrKHRd_@=$}@?8S8whd_UH{vPF2wdgu=MYgN#ja;QQ zS?M;xpKJ}}&$2*1-Q9k2GFN|4N$D%nU^t9dGJfAiM?$$JCD;2QY3B-ImtKY?Bd1XZ zp$Fob800J@(B3)~Cv5LAZbo)!Ph6?3D)z$g&NgYyGq)`=M@yzYJDrx5@|J^m5cCbD zS>W7$Xo;f*5t}$o8f#MKUdc&jf)6tsYh>&+_io)-M@h8|mZTCu)bQxN+gFOf#o(-{ zo83l~w<2a>__gyM*<0&im})n3blvnY>}L&ktF_I_9WbiX`xDoKE?%H|1GwqrZG7d*U7MG1 zV_7x8xr}3~RyCJl7akHd`Bb_uYY#TmLS`Lwmh-Gt^$Kz!1sYwd9&>e$1HM4gr7dmt z5hWz6Cy6U2WHu-jwG1vYe6HqzWG_KoB&7{P34!6_L#5Jg*ie69n1gc5vc_(r*?S79 za@@tS;@hW=f?eZ?jZcPv7+j?r>h>6KV;e2$5$uy%lEJQ6(w8?lN!$_h7T`+cCYm9a zyVGHhrcgjlQz9mN9{iI=z4Hl=Uf@w0XEniHP~g9QMOJ zyO7G;2dQ&%LY^FUO<71lhHJ27ro%waH8U(DvwOopTTh#mV4PZl?z&VRxsXfhJT>Wi zdx8>Kha#p<;9d~y2ZOT-PLlt^R!5S*hk)81!`({jczCYTP#~~ia_l^wX|RV<&CGtb zmXbW(X51w&r?*SaUnmjeasTi2~s z>O2IQO89aYWTR!*e-#9Mg8Hpx{P$K$_+U=1XJQ#k@LMfCTk^A%GI`_}z!Zl{lUB{^ zrxp|z37piuvX=3_A4|OZfsJ?DxtCH45O!80wQO;sQYC?Fk&2d8yjtrg2S#CNlY5tE zUs3W<3a*H;T8hq861i)jl^~ucz?|%-%mhbp*TTv-v(+gr11hb+rKHl14yeG6P?~H_ zs?Y8^0^zaYCOan@0VS!F@6BZ5I=fFdCt89QnB;9Ehh2DC#o8M2idMV^8G;sx2b5)T-Nqf=MbwDOO7k^Wrrl=U%IHrc zNF}P~z*R9bPLx#XSL`KuTcxhxsg85vLJ*v)8Do}(3gczjwV3f< zAZPQ_SXS<|0$Iudt&V}F!5Zw|t=nN_UY-+|nqf{Kr3;HFyHKr4mZ27z>iToVyrxXE zbsdYCp3z!{Zl=K>M9V~)tNiS*(z!`%9oN?FkDZf4XLs)0sd4L|)2V5yxC$mP#dXhB zM)Uo-^P+cM2tnN$-t!VWH)kzzv^|l#koGss^Rup^xa3Re-04%|%zilmqjNkLvZPYM zW_S&MA5f|tZXK+~)Yggu8K2jr%obpNOG%whO0zjWLl-jo2QCR&;@uBSyxYpmmjZ5~ zP&+El1O?D3G{?7)oZ@AXS$Pfm$n77k6V##$cw}a??J3)mnasCl%I9Z?x)UwXrs$2M z=G>ea+T%&je&*%`gPeJ}9bUy0v#AYXTa3ic1~WV%{H7Q^{=HJ=Eh=?1VJDp&o$^ww zvTg}S&2`rjqn0Lb?@Nb~>>lW2hw1f+*%rLDts3fcTV)q#K2>0ofUB9loYupg@?$cs#r zv|Q=FU}lAIJkDvFSb#3XL8u zQ52Pnf}(zS&Ak#83s6zGkMaQu&jtMS6aC;uFCyVSQYeIrh*E_j7$D_2IlEYE&M|uX ze)QgYe|w)}%(ZsC_TIfc&w2LQd#yR=n4{>uy{)zPeNzG|CC8v9bp{?-5MA(EI#MfD z$SlcoR9PP)5K^CoEnFOtOkOzg0qtp1P@VUv@YVWe-Gh<3h8;|bxUAyUf*qa;B+RX1 zPE9w{PGJrMOKS6GUUbq>&X{kiq@u$#Nan<);5A^I7q(@trZXK(=7-R_Y3tUysw{74 zw5fM_qy#7>i+K&@G2wwnrwACNF*q%KsK#n6*-1A1tT{WJcxeU7vll~EtV5P@*W@Oh z3tpy>)#>p@tu1a`$D`%Drz79(CnYZHRAICv zn;Nl^RIN6HDmg$!isklfT|uqq(z7{PM6+5ZGuTntbyZ^Mr&?Or)^+CYgj6F-S}8d> zlvQU;jEHao=Hdz{6|p(#)1&+>S0&~=0^)UBrfn!3xl4K8`Wma28u4{&TxLeXl1Z85 zkqNE&3lo(+b5LK2#EnZ+^5du~S0jB#QoU(bzp4@zBV$zkw*<-jJy>ySt)zscx?Q0| zCd_sz#UyjAN}h9wpk)D>tfDYkj-8%eR4L-cr&g{I8a)u%(Uz#X1a+691{w}CDmXLG z7AEc^ndl@s%$pF}=ooiw{De$(Ez01gI*Sv}h5i3P&xLUNnqAE$14OQva|LNcsldd} z%4;9U=c_n&Wt|j9bMo2bP*XLYtKDPtc;DeB#mjA)T-B5U?I_l4Jmm!0)U94TdVlHdroi|#~hUa46vrb4l;9N_`SHJD+Kg68cZMOgdjS}rkK1|GFPSMm6#ulPROqEsIjXGe?Z_E zT9-;H&{QY4JQdL5=65?I~FllRV8F%@dQdYY_4>laSIjtuoK0&Is*Nhb*xaaX8Y?BLxl&RKQ0yH}Y8*yQY zQEO>3urSXDCU|P~pxQ$hW_>lur7AMfe58A!m-^n6bgoUOpJidq|6wuVzB*1Mvr=vR zjtubX1b0+TgygxT-)_#Xy5Bnqm2%rmi?NER6jtoe6MPfs^uq6E7OtI(097Pwg(%(e zygQjzo6CREG^?#Ty)hJPqn2ZUQ=LIeR@V{Ob}+t#;>hRwfPHjO$wQCSp*a(8fWt}# z*^^opSDHNn5q%TK<&w97l)eSaXlyyqy0qT``%#(7x)~R}DN!lTc7h`xc_6g5tCk!9 zo^9sQCp(_b)Z>8d_n{8NQcP?@lewisDKxN{*gOZS66yqrzrJp14Wn+tSUH#v(4y+O zMJBFH1sBy`fr)M~s?PIR?WuG3w(9mck&}6aIZS+JT7&5rYE>J)uctU%42+}#dRv@D z+1|e(xjWw@_?K|kA{Be8ec#3o-NbQmqUfme+r>goF;Ys$%!agDol{oxV(>9kg^028 zmT)NLOr`3w7J#R9L~dxbeD`$ayZx?%;PBNKm~+0Ks$>=mCXoFsb=I;qz10e=9L4JqpSoSHRi{F!5?r=sxb=#0?|3R9*5xynXfh}Yf~?zU5)?fbi|D6OyqB^ zpquo(YT->_<1)@_)*`AxNs`tLpr>~NiTtBQRGC^xb^-U%xX{j(jW~5tZ7O>^2s)A%<<3%1<3D_F zu^@%XvSyx|BtpAwu8VjwY{ankK5`ny<$NWTI%vtQuq0ruB!gXbnL)p|CxQ#6$feus z^r+jNo~h=aud9$1$ly^P9+RpQ>8ZWY#@ZkyxaM;_wU?2v>KGi_d&TF;cymMK`!RRrNK2j|dzlD%BaIAH zwM;f`&rvgxrLH0St(YR#sM`uxQ)-ot3M$qO8XHcyX&|KKySFyq?N5T1rY@YHY1@Dn z#jSaJWV0#N?M1qqNk;1Gr9HeIN_}seu}mW+QWE^;DnXb?)OD);g=yYJ(Uy|(JMk>J z>h?{*A6SfVSTdl~6=EUBU7lSWwM50WvWsyYG%ltiZ9t;)M5Mk(&y^YjyU`Y-Qj!Z-_Y(>il+ce+g+$IOUK-JwABZ01p`i8VmWDk`c3 zxhDDzbe&|PTa^gSG*W0_?@%>(VqjZ%Vk7|uN24{C03A|7-l6oHu;;pSF*#JapW;ba z#0UA}sD;aUxDVsFRWx8cj1}mk=y<>H1S==W!0kx2P;9c}8nN9?wd*-*Nz^sYQ6D9I zH70mIO8c5*Yw|<^lA$0fqc}6$v`yF<;oc;-jeDS_*G5eqzN|Vqicxo*M7H<7j`pF+ zuAXcs_gXz`^>~=Ww(*&#=OTUP3=pXIx2b(}GogqGY#Z*?`9Li=P;?n-?<&TrF#TEf z_oJwI#$qYqSZA{=|)6xYwx1!>@&*I6fJM~Rgm zy=?nE6zY$3u3YPW+*A0lr-#|vpi}Z;b=B7@r&|gG zbVhnePz_KmEA~21V6D3geyd_yqFtF-;H7G_>5N7?6Ck%Vnk(4pCT4@#C{1gypwj@t zTw{Sin%t^d#dF1DQ^onw?VHk)DW|3R7pm6#hOW7bn}03i=9Lo@P4~%uWO)vBb6B#i zRmE?N*^ZK7pirf1@YvSKmQszPzF%#F(pX93O{F8Z^-**3H6T=qos?wLt}?#TnOTZ~ zK?Jh--zcS1xe>xMXCqX#`McDl|~lt6nTOPkL|k5F|tC-ItZ#v`j;)%ECTq=`*a`-w3uN9Sw7dk5wL0jm3MsFG!e zX`a-S{H|c$XQ$2s>Ouoc{1!6sl`>XomRgPg*TEtL+{w8(YQb|60$fW+GNzLKX2yv< zyckVH`D`YEgbLtr;fsM5SB81tv~FDCJ%Vgb=qkX=;6*X*kJRGEcRyObd+YMuoie;N zM3RZNwL>Wd%ay>o(mHa5b0R4nt3;72c{0(y%&x4VJ=Nn&KuVTPAKIOd+Hpp z(V(lYaaWD~us*$u3HT9}^HQZq0MY2EO!Bn#NR<%{2WT`5)THrWBnwi0C!XC+txVaj z0J4m&mubm4b8J=t22u|~MW_X}@cXD(l(_==;Y`&$ax)(^ORX-XB%^n63`(o=gLR-h zftpTA9|noXUyfSwF-s&(TL;Yy{7RHub5>A+RDS0CO#8Q1-th6d3@BwvSt*V`hl%Gk zIAESY*8JB3EbzF-T&ISCTTfd4o<{Bruy#aj^b-rdJ!ht-V@aDy?3%lElCmX5Ek1A7 zeOwT)V}N2*!BOmDIb?sAkTgk>7R?>h&{5cnAas*FNhIBWJTLDm&}butO47gFtt~o= zk;opDyYjgRMtWLR+9iRu(dT=0&}n0@QOg8@6MvmZ&|R#Edz6xvTfPun{nT>gV&B>K ziiHvyBW2YjE5LLzEtSj3k3VKy)Ew^!czgnd9sdN6916k4dbA=q}v_}on-LbRiY^a?^%_oN{7-wuI^|U?^5f}l=Ar8 z4y0G`8?^zDn;9+Ny>Eq*m1tKO-?# ze-T?OY#wgw8J~Ed=g6)y(}t?6oa}X=n07xl)goWDjD3A>h|sp-#i$}bdP190jXQKg z0D?fwNU957N?BX0ta>6<7Bj08Qn(7HD73AkcmDpm_~caDpKqp=7_?%L)9 z;v6RJPxq>?)JRO3#|V#Oyyq`_EyiCwLPtVTs-M*0ZB)QVPXyz50l`etN6^^C z?qDyGD*`ijQ(W@E;I&YrTSke}O&W2E{G)hAkBCSp5)9!AqpA4wRs5`t*J8Y8A$eSF zt-uO8KRy({6Px*gHf&y7cq1HZpB5^Hc;X?|GT-+41(UROyZEzJ#a1FYW7`Ojzo1N2 z%d7A0XOak4f#kX?<|p=~T_YLA?^P8qt@Z{__xnam&|dHTT7hxy)Jp{v3-v)V#S~KC zsZ|GoO5! z*&f;Kh-Pb92j02^-Nf8pnlqQ}aV5|~n&#xI_8QNm_e30BS!F*aA&AvN`;a~=`HWFw z*Xy+Tk5x<;H1luQvL@<+e$Q7UQznJlRU91qcSo6R7r(rd@*d-gq=RA^xgoZR4IoM5 z=;LACsEd@OE#pW|4BQnawO(-&Q9R$(reE`IMkz;vKmc;C+6-)unONd#Bvc{d zvz^<4s!w|^m|1SD+OCUO4Ck2QH{DT^Mz%npuO6PRazkz9((;(-TN=J30bWV|{$AlOq*WrJeh( z{5~>sKP&AG#djuWa#VgnT;Q5}|4zzk?lLA!n~G%JQ$K{=wlS<56D{98UHNX$?H^!U zxq*qKIzd>o0~_e7x@vqUB`P!u0xhNTY6((HC``Jtc30&Jb}b(^vO$<^w|}S9MwAu= zBmH(dUG=Q1szWtrH%8t=z0emA0sWAbLPk2VY-q%-GQk9&pf*LT#!qZ4NGC{=Qf=U) zOy9J1<)D*oq|4(iBBeUlLV{zmRGS$u2z^zNIE;x)hhRF!pSP5fU%^hBV|Be5B-GWn zo%^j#Lo6Jcs|~*J>X2<0^(o~bN7Y#Fgm9OI$0xn!h1yrGeBK;}c*Bm> zy2jG0wOJIXnrr~pOE&a_=K0}uTr<5IkTu{TsY^M=*OL>Y8z?f_4ECRAU3pzhN!ajk1#lp4gjiSt&Em)QDNo3SN1e80_|aTSlpzTYZ7 zTWfN8XH`3UW(REhjX0TCt88(DIv_3IJvI4mFB1!ZR8KiO0na@g{BX1BoKy=ESMa@V z`#fm1a}3Ze6%DR>?i!KMDsk}>ZSAcJ*8~cjYl(MN1xYFr-rT0b)ghM6-Bd5=b-Sfr zZ>Fxgt9awsnjxN$maLsA{lvAd$<4eV+kAL0<%Z~JEXP{fyf6c$mqQvciSM&=(IbEs zaVBXkNSVn#CplBo`R&D&xFlAC%aJfwRYr>BR=7)m)X5mth`ZaHJI{Z1C`ZW(f?Hgv zEQvSbb|2^NFN`sf)NSIIROiiRLoKo6@7PggZs3tT0t=SFdNPA^)QLNc73__c{E?I} zXs)!25Xb;k%_lZj)&!qQC@|4+aMebFxNwdWo5oZZCEb6TyM*2K|08jA>YRBMOMT)r|LhJWq zgP-I`7+CG9ajpT>sipT`I7z%HPn|Y4#Ow%!UH0=L3w2>;oam0s?lZc(*Sv+F2h6uHZ@1A6W3ZNkSeP0%M}|N>oF&FyV2G@Co)|9;tC)t za+0U^`$!vZJ(^=cz@+Ea2*g_BksMi)9LKdbR-uZ=u~Fc_1&@slgCy%9DUEQcaTzow zbW)JnSMi|I3^2_oYwQkm$YU@d2X$B7YoUr9D<9;i!Vb({%Q;a`)e4R8Z~yOUM9)bW z^>MY5T9L>p8Rb>gXU)n(z0`|v{$2)V%0#4OZ7Th{XxS+#$m+U1k}@TMSSO5I&#P?z ze!VfUYE7!p(?(>+VfV#G%j!7aKjRG8m`W(MDilb4&SPb@mmt2dCqbsv)=(P-?2|HD z9+~pg>bJ!C&}V|KbrqE=XA2j;_kJ`cG+9YeVC4cR77e3X2}o#JROm&pi9D`e!n3&V zB;L1zUb5H7WuMpip;~V`1b*ha@h|xMRQIuD}%7ngd_;URoyvJo>bZ9!>TA%TDh6VRc7n z#CEZ3O1761wo#|S%t%0Zq=c=j0Dm{JU+PTJtoG6xCyHt*FF|RRh^i=uiS@^>t#SRV zqi%W4+LzTV+ABe-aRt>%Be+U1e08#z zSUdHlr`k|f?Y8;0L{gqOsh$=hla}?>q6)fj_08vJs=5paxY8n3E1nbUy6U-0DiJ7E z73y)6x#X;?$eBE=S6AnJbq?xkucO3wU@10An9VPttKO5%=zOKEK5D)mn+bW@F?I_2Bicot{T;lYD7vkpDU$%zr(ibh;@{l zOs_+!8dMpcvAUV7N3)RU!97aZR+~fT%A0|G_6z7B2@KX=FDVI5A_S%c7svS^>AB^x zuO5MCrDirsYeA1Z8nuU@?sQ2@2}(zaQ{gNf&);G6%*kt4@FZDB&d8wUs8t8+>g4Tu zL;yZ%JWI0*Sl!tetFa0D9@eE*+RPVH$_Ecq39OWR7pid`nHaNT(>p63)M`?f&St!Y&tU^=E5Ia|@flZA#by7XMbrG!ovl>a0YQ%*r&{G81T3u^Pa$Cze zc~IA2%gvh3LBXw{Zq^pasJiETq8%k`TfRqB-CoAMYeRdy(~^u2Y;(?Bwby!WuIM)k zfV6z~^yIrecC=PyW+9lWI@X)BNZAq^F|8{+byIk3x2^dG;YB)){zy5NBvl2auH*|< zH0G*bQ>`qAX>%2wL5$|)&2zupy-0~18(dKZR_MDiTITj$NBoA;V5}NjA%c_)@ug8Xnj-4f6EVWAKXeok2o3T|5r29D2KG2ii z$JetG$~qdJ*_abz1=1l@m5WV8fl)Li$##D@$sHeaB=20l-)*yBI>4(G9g2>w{m2~( zAURG8$+(UYgm{F?wKK&l0rp%ujw2ByC8eUGQz1n)kNE?>;%vBhqitf}BAtH?iLX?k z!f9!cIOVgz-MU)Bk~?6i2+M3#q?J@8QGH#BR|rR=0qp?ntVX#g4}q9n{0|Ybs!{tn5+zT}S6{B*UzY0vaEtrQ{JCsVb6oZzeLg z5v!>^OPoaIO!g#^A!}9zH=xY zEKhQ5b2pGqbs)5?Y>YG(!*0`D?Q&X~*PyJX73OFas!W8pD(TUQj>$MvQX8~P-i)+7 zCqc>cjeMR=-c>2V>QdEO(nGs3a1jaKcHYLyl**Exg=AOmF(xT2f11Eg>~3txS+^5l z4+0;nuRhLN@`mLq$94O+o+L{<7l_{Wd~B?eYFz|`InK4sxJSUH$YUzTi?AxMaWfXq zd`z-2-k8P}LPeX+=#oTlW!flG&bqURfqiCJFpZy~$^U`Jt9%47j%JhB1#w(Rv-)&D9+l0Fo ze#f3Pmq_Wvs7cLh>gb*>ymux{J?pN8OeAYOs-{%jU;|lSfgY}`@_JDlh0eLYFQn|& zP5Gi|m2A!J|5KIdy1H9;gske!ozZTB!&i)pY3VmHHoS1%!AHw?PfxzvJ8T;+$wbT5 zO(41{a;a8}Ds-EWCNpz(I)N5Zwbi@oOAl3o;_3IM9`d>(=}%Z?U>DaB+hianNROl& z&9io$mU{DZiI_~Z>bP23gAWELT$N#xv_1kBL}*+uv3YzkJHR%uy_cgLpxh()aReA$xk)+ndU}GbEMQp`&2QT2hfp;4Y->OD7mLepiGl;0VBb6#f~CJp1lp{tJ@k z%*WUnV*UrWL2a%S1mqAm=1@hJf|v?AADcM)zmVE-TT%yTtb9Idg&v?BnebYTbdGS}-Uiv&eU+c_kt*r4+>9Lt2(0Js=p3A6X>gb(LnqG>0_Q{3V&}0(OL!eC>PR-A zTt;QGK7#5^+>{m(xb&2~vP#p&Hboyh7Yypjow}3q`WSD-j{V3h4ryaKf)>V@CU@FE5|6+KVisTSC%#}P)I zb{ps9yx!1i(rIlFSno}&8dxZ z>h#$9-Vs2X5|HrZQeX2q_!&|yyUoUrGTzjjoAt8xtwP{l`W=dVZfg8SOOL26343gh zQKzJJrn+1kM7Fs0X!-8x%6EIroZz_%N=-7GYiCU@QgVXDlV`^|*}e&eN(IGQn>8n5 z;j-kbVp_sa^~x#?<4oJB01GoC9>BCrphKR=ic(IVcyl@O+ttL8s?SE46$B#pAV`U<{o7^Ltq}{vaVa(k z)XFzOps5p~1R^w6U58{M6+nQ-E`_JIAuBl9_1VOPJ0;VVN#v+uraL5&;XExx($DN3 zTM!r#WWv6Ume}YCgU#?fgcLk;BFtPa+&e%>%#v3~8gq(30h&njO!Uvso22V&)whF4 zM&`vMSNSE4Y*|t}m6&J+4A_vbHas#*MVVO?1OgX%IJFqVsPi(NTVofsd?EqRsnLvM zD{5T1uQmxe`ds4u`myJ4){C+&mr?p3JMn zI2KByR6L@WK!=u_o1<>nTDR5WxLfP0@vJS`NtBgdBXygjcG2xZ9@UxBx996M&M1#b zB{aZYAST`WYOG?=?R%Pw9$Q4_i7M*U_(JV@!DgGxKjQmbbcd8}6{Z-qsmQf51AbB$ zkSg&y;Q>-(cvo%q!%V_GSM?oHIyq0BFF!LPQs*T+2B{kON8`+~u(FwPbIDH>qTMCT*+fvfkuxxsXFoCPPK)n zuW=in$5(rZdoSj@aI`Tva9XC^;)u%{QNc3*^RZ52UM1 zt+-;}30Lv*UsB?$xr&=x@&Q;$G;3HJNjHvXS@$C7`pe`Znr`FXu4~s#!lZC>ymn!;Q)#0eS%UX4u z6Bwg=mDee)Wtg$8xW)G`t4!4$0w%1Bl&|$C03fxoox}7Pm(Y1AKs!puay=%Qb5eB? zaeM;JveNZ;uB+BlL|#_2t8*7$RkEif>Dfcb##tGRgNl97c@VZGTP)=|R#&){{d8*J zQl0Q7$$NdH<-4aV-`(nf)N`A)PlVuj$-v_frA|}_9Hyl=r=-E0lr8D0&1k4*Xiu_` zUP&8oYBAbHUP5(qPa(*fIOyn0kAB;6QmPqamKH7AbCvgokb5Vpq`8wU>4}&SjP!8y z)sAoT-~9y9NU&}GG-x1^I}sduEyf%$A?s$F)7t06nCF$*(bGt`nE)QR7<-O*C#oet zK_30O7{8=a6}hLYYNIkn0PAFej3vgEi0WJs%#5+34VslyL|IdWf>BFYG8brT6h*TkVJ~?M%SrkDRZEFt8;jA3Q-U<| zqg(Ue>GNcJysI83tW7rA7;tJmDLQ@Fo{O)aTN{x|&a|kMJvd3xZAn<3OYcZldbCkO zE(~a1!%Q7*tTwx`O2GDK zg!t52KP5>CR@RbgsJR)w?0-WHb3RZsnqrz{yhD#|Ur;6+rm;tP6I2Vtp&* z;E~reVA{8$#r5lew0!s0=DYpYEaS}lqfC7G+?Uj2+FesrFlOh8o*I9Wi#wS`&^5PYfnZ`omJuKDX+(Z%#5s_w`F-nMM-QzOyraLmA4Hj znyQIJgTv_DEM=n1T$j3vVNSmFh=-e5Ji3YGWI+kHjfOGDBXeIgj>b(G4Pjb)+{_ql zd~8&OM!rq&WUB(gt=$^Xn3la%Zo&Lq*?nR_&17O1E-M}#B?T{(s&2Y1omxwK)|FhD zSg4aqTlH}H6I2f63O17CD!GN?4VxR1!C;@d1CpL4N7vk3Xid)ABy0`Lu3V6>Wl2}N zAMLn~e0E}9tL8B&I`>v6SSzrMi4Kn@F~9{%)w{amxS7z-x6kWnoftJ2O!!&7JZ4_c zI$lq6ZMX5S+AW;BwA>AF*zOY8I%j;BWD*yBfNaw))<2X5ms%#a*vptJR2@srQDF&K zTkjHCy#@qRn|VFfqtli6xqWy_ub;c%EE8*P&r_X~sf4PQ=&X4QI+M`wd^&XZvo=oL zYjro()=UOwqi$cn8k9(txOsA%PChO^%fhqb9;%M5>Nfc3qPgOr1k12%yLKT&BKv8_4XOIZmuKMIjd)*EX5 z^i&ZFBSUMi+m6vFxe(kT8R&~JxmYTY(Mx&mHY7{8piw54%nc-O^Zk&t0rjNFVAU(@ z#(-o|Z8Kds!O{U2M@n{2HS$$&BL z+_mc~C$2_NW65aV5T*>o6w^+wU7hq#RIh5~lBq;baRSw=376S=EpWQ+5Nq84?tZ1k zSTZ=Y`_Z1`KB|x%#rtifb7WO|hy1J_`T$g<0!JhH@$ed$IZ;`?%6woJQjX5~N+^TX zuIer;G^lV5e!CjT_k!0Fd|DOSq{0X4RCLsRQmPU=ROHGDFjb3ou&XaiFY5$=*c#m- zKjaEj!UQAn#^62U7{wFi|v`>!|QQ z$b>&ZH!~8$g*cWr9x+Wa=Ji6W@vEtGUyOqZ3dOE*hKMgaD&Ymlt48p&x^J_86izIL z(c;SP|CaBbj(oSTr7GDmv2LO2F)bKi+MRW70i2RjoRic`N+S~&)z7rAc2zM?LgZsW z&`U`OoKvURy68H8ZlLAjKQ&U|rxrF+Z2?LX7^}i2!mTg0+3We}1X!fJxxE?h#q++d zG^RURj8&uSxYy)iz?Ib6?Rd~~f%g*?234wF8c8(Xwd{*x^0jLMN5)+V+y}{=8Yz=p zJMWzchM2_h&+I&HR56VCd@W;VXz<~C_wj-(1UQUe#0ZUxs8HpR-Nbz)v>!wwypP?B zUc(NYWQgMkjTkwbx)x(3+>g*$_0v>s*J@K&C}CO_PldhC6TlJ474@t+ zo=qLC>v1_6#_@c8CmHyp*udj2pmm0MPEN8^ZEX^F@_Gf` zI<1lvN1ZC@_VY4F(w*`_+35V}##{nd3#!yf)rf5_MR8qp8t4^129gtce#V6gd<=9} zQn^G|*DQ$;RQxYDaUSgcVlHDEcayRztW|-dYgplifRC2%o}PSnivu#(&bbl<1ph|>xEu6kunChR~CbrRIQ11!83t!Ns@h~*&m+zW?n?jvTROCB~M}S;3(sNRF z7lf*##h6O9Ffx%fRX?Y$kK_txJ>D{?rb^^6;gl=Y_u+8>s3qj2Of=z1VT*o^qMek- zY-3Y<@p`XGC5bnT3u7q<8_cW1I8g1}%dWN7eOb9Y(_1^8TGuDLYHP896y2kE{yG3h z8Yu?jU5Kq7!kTNfmDUNp82249ZJ)ElSCI*+N#X+#^IHjO8l?2x#2!d@=d7U(So#$2*V`bFcEA}qQ)%?1v ztTTyGeGXSHkH?KDC1$7GpWRH-fjB}ZJCZV)=wy1TLi_4^OnD@5$Fv4!Q=g$#B4^L0 zV%`fu2$0miFdpTEz?9g)l*fv3k61`0`F>fKqvGMD_Y)ggZk>?p87<#ECHd}2rNZ zfFoe$2t?XgPA`-k#?QBT`!Qatq7$IpN#O)cOR%fkgyG~xfXeKNbkL^~mEw1OMYNxI zhER17$6eK%6K+H+7rGBmL{MzWLl?Ug)>UGU7$A?@fxbJhe+ON-H^Q^2v63Eu2~18p zb_35iiPu}9V=y2D-3LR=_&S!K)y#9UYu(8n@#UfpTqsxqtQl}_l} zrd&Wt5@uyLJ4o(mjXJ&Vg4UCTlxCfvE~U>%i)#ZO zE#Eyo`EEb8Ae@wZGItQV10kVWNM!;w)+bj^cz3W$%PwM&qlE?&m3ZEuI+~GpGJQd% zGBcVY>TS)6lhOt+YU`OBIdu=|&F8pjwpPdq2lw?{%#)FT9cBKlEq4anMn~GFV*I_^&ZLw z_Q({&IzJ{xa6}`C+$9@ydc=T7zZMe(3-0{xiQp)LG5#)nk|&;4oAJ6WAi--3`?$=F zGt`@Qom`F+pvhOGr*laW7jsZ|cXWHy0W)J9wF*s9Ac&RDg$TS0<9Ey{tn-16lz6Zs zA*n04N_&DwX;Rq{*iqfi0l3h_oe!1moWnkIO+_cwZRI;Q#$9rvrKPyXh;k%#Q>_bb zN9M`A9nPZ$Osl%p-(`wuf0DJS#qrVd-P4ut_I{>aswY@vCKG@Ywy|ooR3x_5NtUU~ z>J=Q%)a+et<^pVw=x_zb*+@gBLgQ$GhR%QIdc#Qxvo9ZtIRYa~jIxe06G(MxL_*7R z(UVhcJ)d5iw$&pET#4e1mDRQ!B~}BN;MCBhD+_k&iS<*Lmcm89vRYDiFI+vo<8 zI}K?Q_GG9Qzeq8h9Q#Ds~RVq}WNq>5stR!3 zYF1Bf#Ffd`k~l+aEk_8sDqa(EG4Xucv)R*lil10dIQj0X`&3R)P3|kV=Z-iN7k$2d zJ#{fhI#>gWsT&aAZ;ZftL^%WQNUE3@aja2qhlH5UJ5lrN-$C&EGt3zot$-rPpt^Kltmi7m!jQt2CZnPXn^O)fM z7)Y+XkNl3rWvup#8sK5Zzr$7E+hd#LZ1*W|&N>0ir|$E)DyRo==!4m;$o6s6`|FfM z_O5C#f5)Nf@}%y!%kMo_K(NEKmq(qiIBWwa8wsqN0c{LUj}8JK!0>YHji9 zoNgy)m`O0}>OHDzvQ~g&oxEctskRw6!xXVJbq>Q{I_i!cX;f>AT{(W3H`S)Zyo?Up zWZN!&fsGHcxu)pV0}xkoq)bt3pw6eg*P$=xnGGZ!>2?xd%=ycLMy7RlKjM z0!P>;gx4c=#q*6)A&ph;Jgtx1rDgA$;#}#~jRv)t&pBJZdwTNSeyYMJm7}rlsHDh_ zw$>aX+jT?e)P{h0b%D9D2t7foxc+`z?Wz-=LAP7l><{54(5hWTPMDMKH%iyu`gmD+ zU@wl*jMQbQJ0=6BT`*ZXaKyF&6>HH;RW)|xvEYy$wKY~f^X$H)d2WqzpjsyrD93F; z3ve&MxlVAX)-}k-xgR|&j$)@l5{L>f9#DD(baB**lS9+~7ui-9WAFpbhIp1JkCoz& zB6KTeh5Voo#&%{eaRyTef%y1N_TP?Pen4n!9`WEE^;5%x~=p!#=qHlH(p5r zzIh#>dsd`;4tTzl3FzFtD>{nAXV7C7@m)q#c3uXZ){qwwbgE&N+ukRhM-?Sfwh+%M z1H_(YxinU6Q=&(_5{=J^$!YVr+b}V9RcsV&+(;F1Gnb;=gC?ADnW5Lp1j$SnJ1{g z(`#9D;q_B>dmemO@=}ar$oBV0U1r@qemgfuKBaKwvCXxrJ6+>U5-649vw_i$fMk7c zitAT#KwMS)7$dK3jA{)me{IjmfNcrpQAXNdkT@c)FnZ zfn48c`R=XFcl#;Tj5*1zdRBH90@N!&hjW_6lWwrsMr^fyyG*p-x$1+e5>$_AxS7hQ zXepzoQli*eXMe0JIGlWr*jC^vP%u>xk30(1lX2qQ+H0AxG?naoY?DcS)s8Fp8D`=Y zEBJln2r!A((RUnabMLS{+bZ>#MO>txFjF!RUj@19T33*n2-wjmg>B}GMCeA+`mgUL zbD(C)MKdB?MGlFNAC%=oB~@>o1BS6o^n!v|=%k2At(wON-4{H2JVH|?a70-Z<4tM< z%`WxTb@$vBt>%TDCBZRi+{BI!AI~Bt{%)c}AXT@*)YDw`J0n#zIt1XiNI)xemIf_H z5K14BG66=F96KrRnVRgz9wwGV_OwVilE@*%$W3&W-kUWQ3OJB zr$JzqFiF?Vj(0;H74Eib)k*bQb_BeJE@v+jq7T$j;p-BL6QMBUb;2YN)5Pc0#nov~ zi<79wObI^J`(BT7d~E7HMh)wmR%1DwsQY6IO_(_jH?t3GC0oso?wCo2bf((rcbpeY z0NruoSPL2LdK_e?i-l_ZgAHpF!Ihp7-YZd(Lyt zWm0v!`t4^>uisJGQIG?3tYU5=Nw}Ml+ho~5p)m+NL&LXV?H*k>N@PAyoi-tPYIBXbD2zSPRfJ-#-OF^?lM*~eUUV48oyYgbT%y{g=yDY zAS7c(ST|0Gk&jIY%Ye$lN%je;Dr-Wo7esgZUN)B(TMH(p0IVC33&@!=2<62cm=_Hk_ zdSe(XP{7~SzMH2xT9YtF1kJq&76@Za8%l&2JX{{D=Sz(zq^T|5NiGZwO27`=Gsksj zXj6?t^(2pKDm=^L{WB+J5f^b5r!cNYDo*G$FaUv9UnR@+Tz*GM>W02wKQq2lZ?e1= z76yjZKC+9CXKUh8fXjaR-Wah>`b2dMb=9$}0IXIc5>u*NvI8u;iG;&rdz4pZ_V|M!}QP zyiT%zke}%0^e83rg~w6Uq}jK*KXpg(N^`0fyVvWM@1Bl)x8Fq`!_1#@Oy%RaO?#^~ zq}$ryyY$yFu}O3?tpdfrJ7V5td2Y;NPL(2GTuplRtTa$p{25GasKpAujmULkObFEt zGzUCnVuMK=k8a=myfKZm&=-k6f+|y%hSW+zG#}qsZ~B@+!h$*`Ce_RC?Yv@!TYN z+{*D=WTIL@otA}@;$F3LGZu5uf<9L7Oe@PpHJ}Z&Fu7Vsf_qOyY3qCqafRp*K%tM> z=#uW^jVhF+hIz!r#)t+o#4EdPK?2r^Msj}`IWm&`P~F5vyl3vqSS4+i)b=v{ycAp$ zOP0yG-bpqJ1dS?rzq@_jO+1tJ8s(}n4(@!|{j;FYL;|}KC43_@$7$>+Xj&^q%^o2- zQR!w?9ziCX_mMkt(P!}k`+cdBCqFSl#^;N*-Py0?tP8#}Jp_lUsgTfDYfZhO_pD)0 zzBiay1Fa~)oVazxnK+47ed07>T1m}KtcyC)apbNlaAh6>h3^rv7s?jTPmZ7W)*Thu zbly%dVp6N-9B0VsPgp6owYR>uHRpv*`s&JU-A%Fg98gwd)9+}xz7G`u?ND{pG!)0u z{ub{=ky06JsHO>cV!-SCHLzjk%4L~YtM*GQAB~ih^pXkBAi$7DydtS{O^Ki>JaN^# zo$Hl!642w+x&FT z-W&0pnC!36cOU73b7E;FKZT~xTvK&?9l1AM{8=A)2nLkGtbTUo&SN!NJPTHdP8&Fp za&@As!BUh1b(m0%J#ZJo(|rBZE-~pjvSV|aCEZHC=glK!)aZ>tBOzApTt+071TL!Q0#ZK z4iD4~;*pyz3F%70c`6bQM`x1aW4h^@ zbvt+yH|tL3QLyYl)V2D+R{I#cl|**68Ea(?Cha+1WNkb}%8?N^gF1}k6+OLIpNO)V z`0c9XAekxZ_5DpxKh?3>t&Pp^|Kzskx(hrX`5DTeqSD;Gw- z)*6y*HaZ#!AR&SXsVZ&@n6r3~vqEuI&$B7MVs`Kb35?rl-kB`H%GO<2%=^2&y z-NUP=jM@xX39ZEou5ibn4JonGC?6`=kU{2@abDocNK#d^1bD6GTDqyo(q4f*7djv# zvb?X!t2*OAal#d^gZb)=)Y(|Yg1{4_=9yt+E=5J&1sZ(>2I<6KKFS}S@He>o-J zHqWiJ$fx@wk78L8DOx6nos`}VX`BRQw}e~LLg2=ZH;e+&oG!BB)1lY2nGBj8&e<=e zexPkU$$*sbc!$@V*ulCW1}cK_+Ndo5YSO5(RYe$Lg__66>Q2)}HOP@hmtJ30zkM=$ zB;JIt5-w6p8ch``CVwomdM3XAr7>JP8%IzLRd`8Rx}*v_C)JiLX9>@2`X~|bnC`bC za2kvUFzB{xDz}oABvyGmjTK~S^`UyE9l4>R??!DOE%n6RB#E!WL z8?9#U;{hxo@S<7PS;}z|CuVF}$*9`*lJNRL+5aMp3)V_~#t&G;`+F0=lNl{)_1!U1 z$=fAO>1Q_Jx#(v))i~yTq#98uJUwK)nz-v2HhOglPwfRVm+;`2qSr|spm%|`sd;lY zx%5@C#7SbUerL*nETd~yOZ zmW%YnG=STYH?_Dr0MPQ?(~-c(W|%-=2QSU8J#lMlL<66w-7p% zCz&tCoCdU?SvXN4P>@@*M`^MG%;;$aIMct6ERH!_k$1q|vQsUo{)3!(^4quG(={ELZ9tT4l?eSD`&)-3aNM$2Q@n^9M z@!_#F-z!EuV8l_O5w0jDoT}B5cms%Xrb&tvd1JclgU`a!Wpf=DcSkn#S;)3jrvVv8 z|Hcil4uf$=tWuvk1thDx_L`2>60>B$#np-gCPUJ;)^HB&zFNiyV;$$96Cg?BZ$hd~ zv3pZ3Vw*TZG{%k)s?B)Bw(+E|Dw!SmgK$!ql!U4o_HoA=a%9G0bpJV!v~A?fFqriO zBru`W#9+Ce_nuN1ah0i<&?r`4yIRA%WWxPt*S4eM9b>ZIQTL9ksGy&vmVMQAJl6?^ zcr9%lvF`9VluAE#4IE{OBLe8O_4%?_ETdeu2>CmZKZu!I+Bl?ftvX5sHmM7g*Owky zmKy093?Dp7CdWhP-J<8J$8M%jQ~yqVt;Z|e>$)jGK*n{L80*1Iw_vXD)J=5m>dODF zQK?-jVBA&k*j@RYOWvlAVQMcMs&gT+d!;nC9=5Jq};>Cdq##o^tpqvkihX6DkH9ylbFnDaW4(=;1WTc zs&oTYxKWtvMS{9$x(=LN1;3LxYNc5wxY*2?KuzNSVN5QQj+Mt{;(76^`0%LMi`BmH zZ%F5DFOr~#C=Kc;L3GG|5G>_sm7`H|1wC!{S{@@R;L2POK#aRp0IRt4D$!BNM=Bo;4^iai&=uya}{+%2Q9 z!H1*Nb{EfoxJPV^Fpu19c~eADiB0S!9Z_eGO&wj8kSlg4%)1m}w)O|v9wWVyq{l_D zZ_l;YvZ_B<={(6^$>W!Ezvm~atTF>0bOx+orgPzOG6!kd(H(LV|L$tgM{?*aARs!S zvPE6?{VuGrmwhf!c^f;lf>z?!Ng@7FkZ`3OtAb9?&6~JDEz4VwnZ8Cw9)}U1k=|xp~q#xxXnA%~U08>Os~zIh!Q1@nv6bt0BxUS+<@$gSRm9Ip%RC%%9j)3TL`miQbptEI(s0@+Pf5d6gN70OCFZ7wxM1h3s! zN1a$SboaRvl;Z+^rutONn$^3?T$^_5HJEmLP8|&*ihD||SOeNumF7UI&Y)!=g`<>6 z&`r6C9RN%$#si&WOXfXQDoiJyU$=}Ira7luOVBFuMoK@Vs{IClc%bVPUIh-JGP~!Z zYF12c7IC!6QMK72k8jz=F%Th3B8iu0BMX;tI#1To8Bn@~I?2G!#!GAi3+9HUhPK^n z163q8WNK*UgWUP*68MoVt@(8n8(6sV`DNb(JNBATs?@#mmEJuA%6hgtnfB5B=Xb0d zy960n;?h+KgN^kq;`f$ncVXb9S{iaDDd6ZMP_HRg8Dj%AA3<*q!JgO{pB6L6y==RB zClxBm%4$O3+n(ux9KcyBdZ3fkOW7fF&iFpl>!Q$R#)??uR8=e9cfDj^n6(c{+zo+Hps|;RtBq6(!g%P`zY4i%Joy_Yh zjJtGuW1a*p}FXkgt*(cO;Eatxqy*jCJ8zM7vp zew|S6nVCmlZOnXj}8XN22vlF{ctg-%>q;aa_F-}y_kLwZ~ zSM|g(AfcN{L~5_4B2lP#8NhCHG(DzbTN{`0aUUsyYLofg&rPEP)Baq?*S z?&-;QdpV|hQ_EcXi3GMLz{v>~8q7RcdcxPuEwH=Vw|=U9R*`g+$iu+4x!zPemCsX; z@?y-j)6xP}nQ8H{b=7gy7m&w&yk;k1ML9QHpYMfKF6ic3TrH5GL<6iVi6!Al;U^xGIdq%5t$9{>gi5}t9*qd|>4+w2hofS2M#jzw z+1lr%Y$@TrUF3|Ix5dUQy4W%4ZQKc=LtzA4uUU%MMqQRpk|X?K{9Q+zV113)C0OXf zm~?R`NGWO;c_kUNDJ^bUeaS{-Byw^1xpgt=v~xYg>{-cZs}n&lVbp68M;~~!#zxiH z6Q7gN2@q1kKS%g8Ti^{$n9XUF0O!7LOKjw1`Br`fv$7$4g1*)Y4PR-!+HO{In z0sL>6JW7CUs;aIh00fDQOl#vfGpcdio;F7ool7c5?CvH^y}#=2Dy-d8yA-oJlrp(f z$8OL6TIZ|pa~+~9H8W(zx+#}unaIpt)v=ozsi}osc#2?2YCd`VQ`7xw&mNED)c`4- zbGlC#Q4+rHs0od1b~5i!Ej#j!212e4e6)P`bmY7JF0?oG{C`PCr z5$3=*QCVoHI0|D-WcH$$ft|A;F$)|>S@{~(cq1X9?jcDXYMFdUGOxhSi;L%J;j+~1 z5S6D~Bo5n5e=mUu>1pFy0!eAAFp!HIo@2f4oNFKTK2pyKeOdSO{v;?(!@U4@hlvs}wm7RrTd19OKwrc$X zd0v&@hk@~$I(mxo&*T$B54a_C0|_)hw?`%Hb&KThLFc3D9@%J^A)G@W0kM-L%L{XA zCz5#=!F3;JL`awbrexDz6nK7E*S}dK%+08B-7H%*6Y8<+A^X zR0}q5gvKS|bCC*2j$#pK)a|{$_5>NLE^;m0!F#ux7;O=`y3SgQlbdw!{YCI5-xuBAH@0vpRhGfHFXp3n(LKn<8m__sm!2$Zn1lE#q?4xswUehD9xj` z+UO`}@4W(-Rny3mIbA2W>R5f=bJ+zuRIIb%nODUS%>o6$WuJKuoTRLbGy}iTzz2Jd`!@iR%x{eibn@+|#X-S9A`r?XAIMS6(y8x*h@Jj)8%goY+J;XbBw) ziw(lUu23u@*gNuB*~j=lW9$-wIzolthvrSo_*tk58`*HN>^Kzjx!aILrhhD7YTf`78ErE%#ZSxVSanr;TD= zJ@{z(?$zhJb!SDfJ$_Z2HZljaUi;-GKl?$IV~|_z9yvvPb2}~+s^q~E4JJlUsgfKk zJ$RKZtf^T))~N?3&2B=v@XwW9$l8Qe)## zrmkaByomGnh`fxaEIT~9*Wn{p4o_VO9$t2MWYytmOLr<3$@i>1e)aNzUp^f1%ZDDn zc{JkJ4##w!M1sujSedFIKb%)pQ+=pw5d#PtVNR zE_7@zj2itxnI9fR=JRm$uGevvtI`JCvb(IJX*-+8N&WN|}SbCl$Z74^v zQ?RrSpepvAV51?a+H>J&8;?@XwyJX5hb|>|shpI&gN1Cb*&Xtzj)BfJ8YAR3Ph2wl zU@le|IZ+5;Aa)QtN}3#iqaRP4c0c1wVg4|g?5Xp3nO z-16O%=eykuP;+(8Q5`JvhWUK;a~i?*iJiI_b!&F+MAdBiK-odn*u%n;LP{^BU}<-h#Oc(2Vqslx@GOLTTgzfq9!}eTjDezx0rj_ zXow|=l9IShB&m*c{<=82blGRGi9s{}qmRUD066kAgO4DcyYD1*EBcrS+gyD(FM*da zc*O&~!z=Dx;<Lc;G+zxCB80<>?~A@ah#R8&Zki^$((>V zIya{KQ47MG(2Zr!T{5YRQn>YO>!?+`Td0~y_i9JohK2Ebkog<-nh|C4E7Xn#0qKF% zIxGpWdyJFZ0N^sfQUV`l%GX6Ot#Q=P`*2-M>eHUlK0Y&MhN;om(M4djCKRR7E!>_f zGv-{8xgU`EBg=T5)*8Tvb&0H-#tXn$Ee;)lCjPlc$@y}H19dPY1I> z%%h=pzi>gtMg=#DBp@MLR_)Tb%Z|-~*EhR%i<`KHD}bX35OSh%8r}UGn(KTNRXA1&;sh{~l|e*3UvWR!*lw73 z5Lxn)m3Gohzqz?bXgz4Yd5?VHWIS!@@Ns7rc=17pk3GA%Ex^V}V=01<+VAmE`+f26 zzrFVO`HKVopUVUO%f$h|dN?K(E%r{?D6r7nNwTW+fRLoxsFY7iUy^{2RXz?0&kZ;6{GuNt-4ipw{zDaB*q>yZqLzwVW<*;^IZVZ zPsEeBW)Tjm;JAyjtL4QfY&-!vWF$OJ+!!*^Ex472KnLIVk8laV<`Z6LhzckXkb-wide}^k*wb^1)Yy%lzkt2L9wBc|v2k#rv3Bd#i*##7)s<8EIS&40` za$5titF5N%75uy&13qwqk3ZYvC1-lP^xOi^-S2R>t=geuvchNGpNmL8ePM&2zBuA% zE^P3-YoCCmR_AXDaI`MS)ptQ!zI*lgu1<80gbIXH$IW|ADi)qZHmsH+tmVqKT#;w0 z>T=AYcibFYJ%XVV2vtt-K2xes^~rabCgju|gj)qdtd)NfqTq4r8UBPfuOZp={ds&N z>ctKd#v_TGN;Ba$A`_%=CC%Os3M`8hHD8D4AM|*|xgM`Px4{MB_195Uu5+$O=?GJF*WyWUy{sC;flK?$&4-njU)psr3y`5(X!{cCm_oNX_n;W zHO3ThhOItz*~Qq4j^#ck@M)11mU-6P?TfEJf~F3Qy|<9@V>m7?WJc|~EaJ6X`+Od{ z$n&vr$4g0|A&4({x5|3L2LYNaGSCH^eRZqDvge%-*=aQhg{dQN!r2f5U ztUA2vo&{cYuE)ooS>P1VHcnj;>5ccV@Wu#8e&cAwJ09QQM?bv5f4Ml!dN4Hbadpx1 z-K)=cnY+YAIp#%r%**H3z-H2jkQehQRD`N}B-QFwx9i85g_D0KJ07Z<eAtJ9$4XX9$4YXEB@mX8~n!)5BR^I z*q}!M89_ogB&SADS4s#wl42bqaIoand@5M~-Y(ICOeJlh-e@V!Y9k_H9#r6*W*OL6 zs%LF-8*jn{7O+IxReY0?xGYBWR+52b)iLIXq!BjReyGgX##L*XNzYnW!`2Ilz}&hw zN*oZ0@0Hx08Q{fd!^PK21Ud#1kD`(ldz-AIlek8C=`&rpu9xGe;#d>mC98TBT>+9G zwt~T)3+JyBfe=Anr8K&-*LCF6Gr6%*N5j^F!enq_)3gyeUvW~D?gJ*Kk5xq;QjLh- zLJ(q{5Cf{U4!_;gbHyMWvtFMh;gV`E^b>n)omlk*TBr7qPdpz0$7|0o@5;{fwZt=4 z9lrF*9lrF*dw6_M{Md)r_>spq_`g5AnXIxm5OQ@Lke2UWdA{p0(S@rDQM*+Aw(j4T z{OkwS%~Un`gmcA?7y7)xniA1GSxRTnqQ}XcYNskRnEAWTB+oj7O6!)quP#_|Bhm%A z_iKOuEq$0ak3Roc)O#Zy;M5v^(MvJ>p3f*u#T-hH3L`Ar2no;nBa+F@>G*QY{$700 z<1_AC;#2QkHqdbc;>at$^LaZgojmQdPo}TPv3W&f1IgBlx zz4*DE0QYo)wE~X~z7T{MkJ$01Rukaa zi$rz0#qX%2a=^B2s63q1rUy9AEKLd-n+1Ysork&vJ+-|6N z-~oL4eM@}mJxjdwTpx^ITU^(8d{q3<2aoXf$2Rz{mxf%hK;wX1Nwj?T>hs-tEvWax zIW9?E91#W}K-t!x(r@PzI#vhU(dO%SoH*T4rN0tx#oRcNOnmXWb;OlXesJqT=bUtH zt(9D+8WP;&vpH zY@8Jy+4AI=&WmUd!NO(r7z0Q49)s637G-OdDFdxF-=_)^QeATC8^SN(qjGg=tCR);0KTJ zzK!1+M{IF?4%zbEE6;bi7-aJGTiza+pQfq1OTDW$Q9jXghAH*GjXICYumkDo3}W16 zV1$`3#rp5{m(`ii+BK&)ckFz@TkA6>Isf?`Sby$YQp>JRur{R6!^nCOXVgFAz9rsp z-x4o6)3=j(3*z|)J)VEiM|#GhLKouuIfSadqXcy%b4r#D%!YQF2-o!*vgZVwkxUb{ za&VnkFqaZYv?GG2#*`8b6Y0H9FTQ5<=Xk@Daw8A|ae~}U;V)XdXq&^kBd|1R?wlBK zC?ruCbXC4GfxI2PT4-P3PKlCVNGFo6nQX}~hWF`_eL|)xhuqyN<$besBr5PR)!8Vx zKLqU9N2BiW-OaK5>387hbKX)Y6i)5;0C3g`KIPseKKFqoUUbmb>{}7fTy^-0r*`<` zPu;`MT-e|TKeWNWdu)wMzGWr5qUF2SmhaZbtU9m$g=$?MtKvlfAW~`LQ}uele9LGT zd;d6nTT0)~-KA@$z#Ey!_k(?>^eY_q^{2Kl=D4d8{0`03>$= zmI6jrbu#59n|U8p=-HDjEghAjlBu1`BYkTPa;=@j`zwK;+?_$SHkgT}{oS0yjYMbF z9DBH@);x0%?;to7EyfOkau97_(zzzL|N0)a&|`k>XvOm>pi4OlEjL{K)+dU+};RufK1((?z_+ zP276{yyWZxFFCuw*F3zBANrMcsZ`cGIcTP77?R8nL&4c27z+L57=h*Pa)l@W31=YrsT%vZlnf0c0VY!9G$Bw zo4@y-CBERn6+X6gJ5F^xvg+{XpMHQp`c#ka|G*Lc)d!9c)gcR#vbTj$%XaDzOCu)V z%Z5aQW-kjPXPeZnDPA!!aP;4xf#=|yB*Jp=012Pbi(nN;vPR7SC8={op#zqk?Ma$g zqsI&?7j$o*8%+R}MyCu6j62pKb~mogo(?sbY>I^U7BWV(8C)Ba>ZMv|*$0E(+jtZP zMlMHHtdZ6{6BICjVQO7RkppmK%hE zH93>qOrgso7$L6cX>_rC&dGaHW1@t2h#deUX!}G+*TQ>bApU_PgH7W^n1P?jd^Krn zv(eJo9Tj=c)40??V^$-LAt@#3J<1u~^NiwgzW3Cl-4{Vt&S=9hkSRF9adqZ>kNdZ~HO#+* zNwyt;PrrYKFKxi%wvV%&;ESHLhu`<$3jgMVNBI8tukoJsn26}+;o>NHv?{;NeU9`D z^Xz>eWom=bVIWeEnw6l0lGt7ZtN3$IV52AVO7q(oDozrsbu1)T^V!Uk<%DfbTtd}fnHjlj{OCZuY` z^SDDLdD|lp)a|<&=(Fp_BV-3%korCHSuns109jk!Mx&CeH<84(0tzNh0Rl?A$@g(= zEdj`CAL{6L*hPHlf|}XT3P_XD3Gn)Rmw5A&_VC>O#*n$)<5_zh{@O>J!B;$GAK(7o zL;RZ$9o^MHq~*KUp6||ecRG|@kJ@!zCeB}9lVChmkeKXZub!F>ty@V`=x6Fg=~Z4B zCSKNv^dt!Kxc9*czDENf^XF$Fz^C53!k0f~4^L^pPt7 z{|LW*~`$MQLD8oJcKIyT7Zq(G1k#d z%j9_j&_)oq12|O0Jx;LivZ3O|F^oiQd{xbl_y1bA7wg*iQ)v$QFsg+GLVlL3w(+WD z>SyG2DS=h`N}9P19wlF+B!y={B3h1ZrFC6HSIXpfmvrna$=xj=m<4V~X^cBaMs!!L z#?NHC>tXBoiWcudw?`4iO4({kRmM;Jy}lRP2v&|ScyJG2@}w0WYHRi#7f)X~eElN_ z_(M-#;UE0YA%6I=^<4`$POf^$6VkRAwK3zkH7Hn0iLzjs%Lj{ECl$h`&anP z`&RhB9y`K!z3&LWel%w3St3aP2oDpa9?@-Q}42{}O;$HBIM{ z5bqvSrX$CpH(pktDA9I64t*eDGCqk>j#-!4+M}4`kyra7)}6AG%gH2It9Vh1b@XPkQR4gJpZ7_ zKY7kM{D;Ta_&e{pjQ6bXq6eYnyH}m>x{3G11Sp$wgrE8j&Nkw1;>|oN^Crog;M@n- zXse!y_LwHPTy0Fvv-y+VgOe!lIHY-_z{lVI+kYExfBW0<>}NmwwtS|)=XvKF__&*a z2!PLdV1nJY0s zw;ao@bHOcQ12!UM^~?Us=;yn{@F) zGI?@9?%J%J;GRDG{(%bygi99yoUf`@4q=>bY3G&KdLr4wl7BKF9HP|kMsq9Pe&1Z+ z9ZF8jNXO3#UOatgV|hL79OvuMJChR5@4t?UVfC79Mvw+9>owk#+eVZC@=9a1THyzN z;0N&i-~at^u8l3Vxc%aF_bl4)}la2H4`w|w{7^Ie(wbFSdlO@N z_0N9xv+<@ky$R>eojdVsx~{`#e&%Q5r7wNyb@>imBgC{oP(%94hxYM*eAGR7-95{c zurg`c%nGfVZ<4My;-fLSTzkdf6=MVt)^!*($i5zW#bvLFAF?2|DoF0K4D94xJ^Q@5 za0kT_XzM&MncCdQSzF!s8U~6MvAf`s)>pZ)S)$&__6BChVc&BT$?2#73|HMy`Ce>v zyJF=k;AX&JB@z;H;)3isNn=hL{Z-ap6Ns?$?c#WrCH|KDCw+Y>0T~}t8f}OGVy0Sm=y6Si+*iEf6cebKf?RgN@;O>#!`Sc zKY0)T-;X|z&wXHZM}OCr?_OKJ>#NV4`mXh7aBCMmj=%C({>toY-tdMu;7|YQKaID(^{sf)lb+O8;TG359$q?p z<1^3T+n#+c@qv=h1Fbb3Jx|tE;KjVCAdyt;h(Hd%91(;>&WI(uAV6Sb>!nl+EM=v2 zg1qM>d6sY@Z6j8;_VprZY-u6o`w9YYWbN|?w~&$~KBpPaYc7wT*|-t&Yr+Utc4#+u z_)9)3f%S-P=-}@WRjs51R(vcH70T9H`fBvi`P{D9o)avcWWXh*jHMEoFn}^ti>q~t zSRUBNYq%i*IT9GbM0JrthtBL@SGs{u#qaq&zXt%WdfmQ~ILVscqQx~8LVJh5{PY8S z_w&x<`FE(peam;RJ>Q)&Vm#?_*8s+CAvcyC)A^aQsn*givzDnZd9|tlIN_Jx^*bk3 z1DLycu4gyoS~s#wmo5PSKK$VipZGNwFJ24})@Fml!^5`vwzwhj@n?Jd)90PXAAf2d z%SwJ08oU@hwq;hiUF$WI&x_}ecm!tP*9)+SZ!%V$k4|!OtP_h!^24a4c#BFIDK|j_ zz;Gx%Pf`~H0bm_;!5lFe?jet)ZMn$m_C~@Tg_VnhecCWXq8>Uz=F2idv5w}6N1i$j zkwo7|r}`tWNxjR?rM+$wc`qKCxF18jW*hn)O`oHwTVlspyf;cO69ZLeT{xD<22Fs^ z?h_~5uNhI2^zGU(XQn2-PipjELm_FkTH$3cdl{a1;t9O-o$tg8Uho2Z>6d;fKIxM_ zsXg>9ZtM8S{SM#p+;jNqr|sX7j`uC!y?*)buH%yvfSaCwk!294X4>Yy=-k0xuUnVr z$F8JerN^MUlU#V+akE{IxcAD% zP?>)=6Uj|Of*d|aq8~>zBqZ6_QNsukyO-B9#-9|)bkWyFIjQ}oElB>m4 zz9M8Q2rXOE4331}YbeO~k`j6EBgi4yTjSF7@tF2I!G#Dibix_l5_d!utabdig_CqW z4kJN*A;G)E`!d0|FVML#l4ZP*VazI9D+!}sm%S!Zx)5Ni*LSHBf?7V;?h)Rnx(GZ5 z-PY!xTgR_6|ILed=N+V$)$-kI&v$D<51atBOns-`SE%PW@`)USXt3iTj=PY@ofyC4 zef0{C;Uurs9q90Sazc3g>MOqDEAY9W`?>he@BB`D&-Z)}0N|rP`lInp-}FtmaNz>J z@C&~X!w?pNZ~Vq@#EW12VtmC{d-2GGkC)r z-hlVN|NZ#tul{O0_~3*1#&7&aT)cP@Z+g?4+KSuahQ}kT4*&4k=kNm`IKtom?aR0j zvvC6jaCzjZr+M3vl5rPDsWevM!)TRYi0u$t;6~j}T!)yT_cHyw+vlie0z5nAGH?Ni zWG&g?uWmOF5lw7-uH;*1!xK^3h~}n71?t2YPsIZmCCK8M^sjY@YMGW!^2n4UkfIS- z*~ryFCqV@(`nb4s+$Lunjw_9gMV}En2gym@1-^@QiAK%FgZ7$*3%rYtd|i$_uz{j? z(?*Vt!J3qu4I!gKhYWT&iQ;Q9r2=!c)N$)tzvCV6z@Pu~e;%Lw$)5}Wc=^j;j<>)4 z?f8Ko_yK&&w|onnbNGF~@Au*LuYWzB`qZc5vBw_6kNwz>;k&-;yKwpP<@A29dey7& z`Jey!c=XXnaddQqcfRwT_>S-R4!q|*@0m^zox>M@@fYKhKlzjKq$fQIAO7%%@ve8h z3*YlS--BQHg9YM!dVW>}V_-#jt2 zbC0J=fp{_g`5+!IlNi)~=1~O)$`bL#BY%OCzXdfzIv>to)fEzO+xEJir7UqwW3VR4713T^XTXj%T zSQ~?6O0!iatJLCFz5cIW4d#MlJ7?e!Uta}y$7fR2GW{D_Sqr`(Otc#+?T{3mL4L{N zofgxe;<`l6tumS}49){$-9pg`W-!t!Dn;nqcy>u1ikKo&8Et1cfOS5n9%e5kO036{ zHke!k<)wuikQi(5E$rUqxUfM2@{7@gnir3?hQ7p7Tz~R~JeTv6b}9k~v~pc|4rg3j z`p1l)U4cO&Fc80eA?Sj6{AO<$>L!_pU@zqP3{vc}Q1#GS)tBzSn7)}PN7l1DmJZzr zeY^F+$p@zsO5BANJpcx~phcfZ@i>r|b-sl@$R$GACV5UYKKj&sq@Ke5RuR zlg`}_B* z9m^J7@lh@hld&hDqs#Qdbm za2D4N6Q!?wmy(i__FZ*1II|Zz{>BQQW;mZEAl7x$?{V5{cXVqrTM(;(Cwp1JpOw+a zBevlFjgB^PBjOopVaH;s1sIR_)^Jj zbW@vd>g4oR?0H)(&XnNXVg1J8t`qVg3hJJGKAGJ5?G(WEd?@x*;x!d*^ku$%kLP@C z`@hTms;_s2fmiWck@Pv;Zn+Nze*a1W1#fO{&ck2M$q_)0b%8gN=dZx^RY4ke_bvZNbOI?!w7`vT0y&n zU4yv55hs=aAYonKZNSe+C&__xlJq?&^% zW2{%J(l}GK28{!QkPH*>yY2>>U!EVJ8e-QP{DOkL%*OYMSN^#{!-02iUrhHOx~_h( z4G^!LBY?V>*PlHfx7eP|^kww3%I;PWKixgV=M2c5c#OdH^W*Z$x)XTAHRh4tgHU`D zcTRpUmU##&+#xFpRKrgXlvQvF;8 zA4n%H3nlG`7dKSl_bAeo`q;p8X38rXXZ}k|6JNQfPsYCED@12vJGBRfK?2Ua z{jMC!QvUCVOVGgAUxxZO24@jRQD}H{OLD@Kak3K3`ZBz-b2fHHan}rpD6;4N&--U5;H)d8KKWaqzNI)EQwy*w!@h8vjx+Tj+CG0zUvgSC$ zAU*tma?iw_$>3V%9?nLDPprNJ;c_1gW7rjGp>1z=fBFp0eb9_3H*+FMl$xFKJ{$?8 zu8`{`qx&8Z@CO->HP9%2C9*m!`ImYq(zXk|Zv1qP8_&KlMqI@Y6K!;QO5@@LZ%2xQw0kQkKjd2qcO-+v0f;mwZ$ z^!So0lIQhFfp9jT=~ID=`TuZGiDSN`!`cla+<7#J8!M~hoC1Hm|tyCvis zFW18`cvOrW_5C@>Ya`O}NyF$iZS%$MY4&=w{uX~b7qm>)#OZ%bkqg-Y)AkwzkL5o^ zB`>0yA0V7B%&T+b8Yu215|9_9edn2ez(n54lw_+V(Qjq9rJNTk(8S^DN)ct!B-|ey zUL9;gwz$aq8g>^jC!zD5+7~{Y_LkajjwyhRF$U$5&MBMl;iQA#(aKyGUv3~AA=gj) zWIs+k0<*b$90?TvlN7rphwt~V3N*mgunhp7Dd2G^kRktU{^cfO**S#FCffUqyh(;$Px&he0iKy?czdSBKLoX z&uY;9dbs4q*ILG5U6j>|& z&>9rOZxcU&5)j0>l-QLN!B-dnH;F|8kr^$>1sinnYH9BP;49F6UEws)1i-Y7{BW{f zZU0&A&DT))ReYL*R%>0oZnwUEr&Y$?PF4OltqBYtl#Znp>9#`+had9oaULQOzwHO= zMop=f<0uP*U6gHbgb0fFQT6Q<>b7n5~L(G*u^MB2q{}W?NRPxNEs?+uASJUC-J-naKRF z)E~D4ALF5bwLmm}xi*dmw{Mer{kAg-ZR$96xH}IQi*ehZkdQuS?z&+9FWkTOiFJCp zaT?MF1iJMf2=UIn_10lc*LjcE>;or^fJm%eY{C4NV8C+07 z#%#gB?}+);x_+)(!N(Tkt_Wi>5~sFpr~jm>0ntb1a8w{R-vY0`OESG=;B!$MqTOhC zx2wsl=-IBK>J{>ctXgo!f0JC_QOS3=(2xj2+tkOsJAcd*utgsLD}I)g#r+>lad7e_ zZol<9wKI;Myo;H%{`EOpgLrZoa-KaY5+5({cOS}J@ko9kmdD*zXF<-;_U>_G&Td-X zE_<+stu$+r6edclDl!n1LIIO1#Ro^59K8!vb(5Z3{T(2)Lp3F93KBmdYCefHjuB(o zaVOoZiRDh_h#^>0Trw92AMr(mVt|-g*qWEK9$IDu|G?@j`+gCkrij6XWWLLqOmbr{ z`)#6dqgN+xh65zs&YH}Svmg@szUei zEAhNSb-MCfMKT3PhYBBJ<@N(97{`dE+G_)#tKfF+t+cq^twElQ{0^kZ6&-GuMb@5g znwqql2Rve9VFPbP(t#qHbIM@Fdng&9mweh8&j8c0d`2=v{h}da$1)|d)^?9`A;cv0 zzW2$mz_o8%t?{Szu7atZa=fsL#gJW4Bn;kyJjb&=qppD6pFgw&Sn_+}HK-=F{lZwL z7EdZcW1=*tzADZHVk?@hDdMpTCzS<9b4zxDR#ARN^JT&BRQ*tieJ_cc>7`EIK@n_? zsEA>~p6DlSPURYs`@Ms8F?nb5l?21Wq-2ZOTVIhv8@$GEvz^fcU!~RcPy2-l2*U&5 z1D}8c7drE{v-66!L$B&y_nM@A3|tFz*9X1Qf9{VxhPql%9+iVJ5NJg{|3NQ9pEJ#D z=DMX!Be=8U|HgN`b%_rC_&3cimOjUes#K%Fddf@?57zIr57BGQD7@=ljCB`Er)REH ziJPLS2P-J8?LKhhm0U8KUI7<e?v0M`hrtjENnU17LhnxcKm882 zO1(qKh|F@1`v{#F=1rR+lSQ6?Cch0~KZt?k@?7_%W8s zYV?a&`+Zlh`cQvk(rC?rqY_l*dk2~{5_qh*HDHaAQZ)xCHlr7-+sbG_8{S(X6z{sZ z!}s?GpA)t|{gSI(v%L9CWzzCBvp^;qk53ffFW`3GPt{4NXf>g~5#l_nEBfnd?Is4E z{cfq{_V8D0TeUsT;rCIJssg?Mwyz3yepcJtMf^}ai;?O05f*dWZq~S0NXLE?y zN3i(T9WMP^y1yEd8&c$Rh}tseb3ut)tNI5;^>z%~0hUAL_wt%;TbCyD{hBQ_Av_PN z($z6Zoz&b4SX>ZuX}VJCka&3U?R$bkKWN^rH&hGTbiR1#TAjmws$js~uP4;^ZqF)v zU{OO^1+Z_iV_-tR6G672oVqx)(m`ZtE;)9nkH?qq$B{%XA<52ldd4hz_09jh4j11% zAG%F$_Jk=RJCl7tQFxCCmMA((Y994oZ6;Bmj1CY;>`EL86;zDlQ$T6fT-=J2?!fRs zLiTd-LQ-79XT@naC72h53tRe-M!IMRgsX+FNM#>I3d*Z2f{Niim8qH*7>2#qn6yPo z4X&vc+$0*C;)fh*Tz=;8)%8m{n@q99AjQFJq*Rl8OM`na%Fv#Id~lZ zif5xc3aJ>V&OjF+93{qwAjO6#yHtc@pGN2rgnq zgpr5lfg0QBK z#zzF!2lC|~_bFrS(A`DnMB^>PSY=NV`ps{5#?P=Bja{Y?OD<=4pquL$B2a6pg9Xft z{56PyYcWv0nIkoPyK$BT>@{Wm024=sIif9w}O82fN<_h z7V4{kpjvEw*G2Rj4;!qrIE@xo#Nb z{(tb-@JH$~z5lY0=si48mGO9R*jYK7jhqgl`~92^*|k{%sr3-ys6QAoC$(id(14{4Ed7R) zy2Z)lU_0jG4B>TJ-!C2)2%iy1Oa`4$*T!Xojt?@rMv?@%PD~4G3TtD&eoglWk%$t} zF~tU6=c&9)Ua@gQGK~8}DG*Z$O&Dj>ji70AKMTp=z8qC>w|o1sdk)~dQnj?9t(tlbwMcM{yOqZG2=izk@TfsddB^+6h(f@|*M-mSkrN22S5S zsGQH|y5QxyPr@4U_?m!pTC%G3W&DDQCqhd&$S%7N7@!^>nHV_uz6iZ<=_psw9l?_j z!aMe2w~{P!N8n4~kQPPuO=p+r^c1?S54wa9QXIi}&0e*M(|zKUD~|6ZN6=g#UBEgZ z(&V5z=U-4x=u<|#&63`bmA>*)@s%e6ZzM9!`k_nLnk`5UtJSn(P;L5DZSAitqfU4x zwUWM91}zPJUH0y?o!a6>qwk&k?f{v0&pel`Uk@{o>!EzX=Z92+_!ZWk z%FzncX<%nK*`UDtL@rQJ;KKq@;b#FI;!|BkGOY`4s)4gj5!wS%#n~bY;RxaRBB0EG z$@CI>|CJ*C1__3ITa`d(LnXq4Zvm%Y{=8TGD+q}ppIkv*iN?#3L}oH>W0x}FC%dI6 z6KSdKx2SaLdoyyFL0R0wba*x4-r)sH^1&tpKc{0FC_}F-ZZ;ChJC&jY8nOayc}P$! zTi4`9A6QSGory$Ukr1EwCu}B?8n27;R=2`I*3WPz=SG}ztxYVFzw^-kk~3xfbN%|} zQfR8`YBCQpTvn-S_Yl=oOAnV4V&P#luOp*{6>>?6Y885Ub z+%&jijq4mx873kUV1Y4^Z^wIJCAkdah`_m`;@^g?Ub5D|1ok}(EddCPZ>ma0s{vcZ zwgDLkDI+b zLL=Eehf0XF(FoIpX#3|%dAVQBvAl}~6Dol8U4`00mw&2@_>Qw4@RsdTW3uCPh~USu z46nhmj^1M=#+zklsMKz5h{Jo)9sBb1Hq+rq(3!DHqeL2CBDg^L?G2bTYvFyVnoDqm zEjOJ5Ah>J;DlJ-R~l^k&U6nMjqs8qw-n?>XYV^tOc7!Mk_RQ!>n{8*aAp5Xtza0Ja>Nt7W&IN z4||;ac*x6ttRuRiC7rNJ4&^7K2`Y;=Mz4hRA1AD+!;IW7{oDS=h9y8NM-&w9ZCtL9 zlh)HWoyuew0cld-kmpg@U2=&D+sp$xf%IMb-&3O@+w$GsU;wF1A!SoL+&3_S$W*ZV zf;}DCeTynds>r$Ptgw|~W2E0ClxEow5{pqhcW}u`xPz0%3b%THdil-JsF+ZcuxtSr zw$&N*{K_h_QwbLQGzNAu=p6f8t#RA!As6BkhUm%c$k~ChUUCY+i!4^m3vjLn0vrE9 z;jw2+w`Em?xE@4}NM3i}0taUmU7`1T)NDj;U$1L3!uyjB5`ki_ZnY!HcaA65UkhZh z)47iCjc2B$b*(v<( zRsMEOjN#jG3Otj%e)*lfzG*oR4qsKFn;du;uWhmhk`k_uf%t(6RPwrVXTy?Ah`tud z(!?EZr!_WHTWN#FfqR7QM|h#HnAyM6m&Je({EKy|LNZDlhYa1m-r7Z|KN!dFvd{`z zZ<&sx$`QsmKuLRwz{@MzX6vTqU-4ZWgp*$(xDIWlAS5Z`pxffLKH)!Kz~^p@SBFJZ#=%^G9JO-$OPk(WyndB{4bN8Ai#@R2{2c$jm;y2@DIGroywSst>kbWbn; z+#DQ_$D$&)c|e@&jX)mQC^kC;aGQ?K~fVkt-}29K9(YnEm{nxjWF znRrCEmTDRcD7lw+m~w>&BrQlfta5=^_>;d}Obk5Y?Bd>DO37lQnB+vp)<&)v^x6P= zvnMgkCvyB=bZ`6+mJ;wIHJg<;7OOu||8CxtDLdp`Pl2Ddpau9HKP&QBRJ4TsXE!r* zJn*c9I2mVziL~PP>|-^jU~Srwo}Xerxix;*%7a~}0c(|`)DLfBqe7ogARJ!oAN5K% z*sTovt?Wh~m{Z+APxV5c&6nST@Ag~I1%UW2QP{E2$g{oJthoP_{ZfjO&=TS6XW5oK zj;0)bDzzldy_c=YC8D*tbG#-|jI0eOk<0fvwfrK4Ccp!%$e@-_AEVkrP|uvGup1hm zX9ou+??b`Y2sgk+k&L0Z##5gr@k&@<$?a7l+h`X%*wKR{sbjqh>a{+I z2#H0Ko^u(u-Gvn=P8E%wcht!a?8qRYpm+^4*ptB?a8qd$ND*dD0~8h8phhS;^ZTqB6Q zgWbp^7m3!+(a!@+@X*i;1fXxO2ONK-ilTo!UkLN_FFLpf58c#5f>bH_XZ2M1pC|5W&PIGk>PNz7)3)7OBALAAg2$Bu{*E|_pT z^D1PFwchG_zdPbH@NZ43ptA|lqjk)VaZB`Wwy2dmobswTn_+>}YcJ;R4 z$Bk*gR9>~fNf&-3-ujL5wL9y+odVdg#D5-_Iwwj zS&gT11bEDMmbSs5fV|y|R3_&s=9_GqNHau}xA`~)NTl&YR0#*vRu))20D{r+id>`J z6k+RU9T_;#rE(9zjx-+Q;F7ED9*iYyxYFf_G!l|y`f;C%^_Q;^IeBPU{Me4FSc&oW zcxxYwHEypKcTNkEMo4Ps2;7x=0EU@ZyS#w{q}IDssd%TC)v>0XOJJ(MTjxG5M*zX> z2&2#x*oPrVwG|u*5R$60V*m%s{yeO4b1rm@^|Bv6H{kP`T8COOwImT~tsKP+`82OP zhoX!pY@){~C08UWhY-QQKGCq5J;ajcTxz;iiv?$+dl@NGxT;}1uv+@Qd)K^L1zG7Z zPFi-oKQ8Rg?e~9fYScY-k{NWBk@Fx1S@i6%FoFz}qI;!6Gc~}T(r90!VwEqr#JiXK zso%B7_ir9x3Ghx4Tbzc*M<%WWQ^1hK5MJK9Uu6plvhjvklIARxkBKL!fRZb&zX^)i zwN@E<2TaYK0Q;bN?$@|I&y=Hnt{R&A|Gu}kqd>#4bUOx+%srJT{Mj5eO*IlC{;fP1 zK`CP%#a+GEmNA5K^c>|hgw($hhHzVeW(_emYLUaCoi1;R77S)Yf?WTz*^3B4s?>De z38ksVTE)i*dMnlxhXev9ZqN*6c6^8#GtD6(J|fboh4`O2pDzG_vi~2o`qk90-P-w` znF$LwA$(GpFc(|$zb7%G3HT`S`K1%lxYfon15(W4FW1x)^@vq6(Z6E4{td$fTw3?D z8In2uvjPZvgW+vUsD&k0(d&^L+asvqU69%i)8hT76l28LdzFF+aPo4Z z&P-l~j1iN1Ws_}Gt<6aB0qP?nQRL{8Qdd0hKLFJa~k6gpA#Uj8}t zlYXRL>vv$?IbOvcgf;$;VJ){r%3wl_sA6{?Ps?5d|#JE zW>)V3tfwxROxDp=Sl!u?cCJ>Y9xWDyON5k@jAqfA(yZ}tBnz~nE9h-HcF-`;A(7N7 z43~oK8WxTR8pnpF%BP^uNvDCQjxBI^J=tVD-d`fryyyfhbcTB8(hM+;P-`J#c$r|u zHAP$as^%$Cy|pB~=VGQ`hzGe)UZzSus316ptkhVrE8fbkLQT#`4U+lRy84MB#tn#o zG>_l0iT>SYCSU4ui0=ZX^?`y8#$TE;;_@YVv_3HJL9q*0$Gx@Z-Kp9#m; zBWZ+#(|wRs$+@w_#gFTyAKkXJ){EdSnc&EymJbjk!vY(&M@ zLoC!+XTONr+1iM~s?8*1L7R1NkG%^58^j-BMEg0UIca705M3UKzQi}Gt+%$_Ycgxy z7rDnL9&`kzd_m+5>)UqZjs_jCJ7~WL+DoC|mP>vuT&xnKiCe%f@)UvnxBTeujEN50 zWul3J1nBv^=oT8@M@MV~(0Ka@M8rpZQ@6&hM z<`UrlAkRrx%9G_I3K3=^!#9dQYocycZ(DUS-%_STCjWFrlWlAzd5-HlNUS@ zW8mE}OOQoW#@~ds>&ULFD>&h1=Tm9GA%$)oGKaGT9zEj`e#;e9x}yCAom9K+#`{xA z1SL$A`%(nUH;$vD7{EebyGL$DnyjM8C7CeBSJiXlJMxaLHH{5PUYOU11n2^m`up(S zoUf>gcVQzvpP&E@5>f7MS*TxJxl5tneUdaU&DnG|DM>?nL=7kOJIF=~;cJM=!re1v zbEWU>^si9PVD-Au3|e&5qos3xf}(a=UOlT^CrLP9irEbnvKnJ>2gZNdmlD?H@2fyE z(V(vDW>cRl3Sb0iAczxTw{!gGT2p+}|G%&8-v9}GDEl-T{uBKiSJg_#pA_ZGW1lUv z3|kGw{vTA*$)g(N$pI=~!Y$6^ENn-F;m(r0T;JTLV$TQcm;+SfP8x{@CU=Ip8ZNg% zU_H42QrECfbeae}53Hm)N}0Pb1u-{k`>;Cnlm$A5riWem~9YI1Z# z>=m5o7mFqa1MI()!a*sE{N7$RSNG#ZkRpye!Y4O)Ac1<59=;R&&dh_sg(J-8qK@pU zrr+%1$}WOZCO0Cj!fboWr>y_(?u}Sc3Lox5+E%qA2L*dL@)~i-cCa8S7$nmwoC|(L zV{ZRot=&{p`UY!CZpms6E5d-Fk6>{r{Mhv%bnM^m!NtTHNxFa9MgswI^ zIy@c2_`3dSWFXvhn5LUPb z5qkaF7UlMR3^lbQ6mv&>bNpSX1k?+jHk}HSW9unrhl5c$2(ACti2q%omY~Z-MQBo0 z)7Gz?#`RZB<7l>GA7>9lHiV!lX0N}?_gkyVaNmLCAUT_`^%4|FEu7r71HE+D_cBKq z=S#Es?me=~qWR1HE^wgGl7TFy2ODV=+C~5Jxrz6=zZeNs`#l8{L_^|IEgDLwM(}9F zO;?h+RWxb0m2BnUK{z{Jd^xC@MaS(3-aS< zicre7>R_FTRvA2I!fax>uPI%q!oO7U$Y1!6ca(cPy%Yn?T2Mwx@-4{wtdZ5PQzatw zk$z_}O)wv*RVlI3dl~&=0*@(1R{nrAHdGmS)z@y>VUegKh4cW;OEoa+F;J}qf?`sq&iRHi7>TKowft2;0cEn4gEDck7yr~&!Oo&MU#M?fQ;t*9fMP4Tm(VGR6D zM21nk?X1epjp6BJ>|~c!i8*ajWnm^kYUUEn{pAeEj<^E=g=qsHgSr;@>%in7o3XR& z=vPNQlph!s1V18N#S89LoP@m7nkukhD+v3~e=kVZcVF}v1q*N{%;BVbwr z14HsgAQiLw3y{Fx#W$kcoy9%?U!fu{9T=Q5_~3L>2e?|mQr8=%9An>Jg}mJ7f878A zLtNAXP~hgK|NAfe1bTF>qMv`HWjOlD>-mm6V}IIhf@Wh;Zob{IQ|Jev&kg*hG^s9a z^vf#Aq{cK^ATI+p@`JqF&;a%m_b0sgeOFB&<%`DRMJeUiWtnnrC?KJ#vXP8E02Q%s zFOSCvezV@2HME_J$l9E#Ut*mHVZO3*IZG6hKXJ?fkt*^qW4f%SjJ0}^RhaLTC9=6W z0^U}Mz1F#VUc|pk9{$NOh5YKW+7fk%SaLJF;aHbtz0p38%ijFrkA%17XAlx+)% z{6x6p)f~8mQou-gatU(ZWPkTVlz;>T>H3)Rvu0iH@JBO5`Vg#G;vf%Y-YIjbZHD>$ z`S)$i-e|vNtAsJdG&Ia6O~P3CKH(aF^_R6hLj=2mxYWl%=9?i|?5ZlXsjMGq&B?Lz zXmSF3;C|_gg4Y0TCIRFi2Av_+e+P`gV}zsNV?LX?dIZK><$_Ob|*S_|+5A`V_ zCVpHUH9LfV;8@1J0M$qf5n>Gn9;^LRSopeU9wKaeR^%*c=oB;_&TiI%&A<^iBIwF1 z3qLWGIGNOvxlrI@wn3Y`f{#t(lg{cU_5RS9zX!9)6hW#{J|4bTXUev+lQSVH4HLRH z0shw!=@xWUmz^@*64xC+eP4SyL~RjT;Ou0T6BRp42-zuB0`Q9MaR2~bmbNa>j5lq@ zmUHL)_)-gaJs>zpon}@JzB_PkHA_sJx17@J>Kzu=uyFU>a=sPF;y{?)`jDd3A z9&=cszN~okLGO|Pm?2x9#`>V)%(Iqs6O6R1z)3*JUG9IVS{u2VNER%#C0*^D)J%pd zSM~`?(4H3AP7f#Xsb`7GZW(OK*$MOY&W&uWtS236E&PNA@BHOi;@~OBLD!tJy2p^| zIN<7IhnOMT!!zc_q;P%wQ=>KD1pg)J!gOBbFL&`f^Lgl10>i-;5$KwHUkk!j!t+<# zfM!%cU+uGdRp=nRhk{`O@N!{=@U%thb^gcP+MUIjALA6N+r1-2HfIR%e9j8U_oHtx zLM!TS1kCNJuWGisQZ{Thsk$s?##5bLQfz~Yw;OIr@|yW=slI1UYbU{eP0J3p{k!AB zptM3*q;mxo@nIyL68bWM?dw);U#&^ek43?iz=bW&Wu!olw91sBV79hXp=3^hfQw`* zQ-x1*b=PsryX75?SHfcy2*G9(b=!X957Z4tK}g!EdL-n5NBMJuPE%X;L%9)?hjbUr z_EXB#!g_Rvp_2eZfY;Ga;Cp@KBPucOQuOR|aL~AH@Y{HzCB z3o~3Y6glWQv0T~6fivN5TgDjGaOGZjr)K|Bf@_)!9X21etEg?H5hYOk+3){>ysjJl z+kbm(o@=CCZB(*!Vu0dv3@I~jvPI+;dlYYl*TBa9uiUv;_pRdV_xppF3ZTYOz>0qm zsqb4bJb6FF_Ae9+*u(=FxeZ#Yhm~2iEtc+;jy?!yym;Awhq#JsGB+!f<`ckOn)QsY zRfHU@OUhB+1=A$AN0M?R)^5u$sGoG&x6>W2YWc-$(R_Z3MN;8UQBr5#(vlnc$RDGT zxMpq_nz&WHfL48mjgCShOQtMmuJ>N|{R+qQA$<1@C0VA>)ow$nWq{DP{WVZGqyrp@ zPr_Y#_1}`OB;w~+-L{LBfRl~_$+LtmsBLo4KVp2-u%Fs;jAY}QuCcg13GPM|`Z2%u z&cjT&-*8MB`Lrv#rY|7~u46**tt6yI{e$C<5%S7UNe4|7T7hMfu2`Ke`jC#F&bV{M z8{TFpx`X5#w;pitjd3+_&TRR0X7GLw0qNVfL|Codq)-{Jt8tJl5l1FLtR4~_ZXHSX zdZ|T^ss7x2zUGn{yRMr9p2|5rF%*cRmgzbl8Tt0S9saW})ZcNRQu~R|^w+Qy(E%66 z0<>%W>z*%w{#?Q-^8DL~(oVa)=Tn)o;5xe+Y~imSM|{}dDyY{KMC0ecZCmL5$jGR! z4r9R>5_%xhORYeP8F>g}Qd6KEZa-%=(&C|>^~XD+tH<1QT!O<@B=gB*+&FUE67D`^ z0o=8tMBVSxWm?^{O2YvZBn`;uCWKsL$?M&DskD?_m8%KjEh zp&PbF%FG~M#;;;zr9cpPY;Dd18`jpNsZ^?TWj3G0l$hFHU0t#tPNzL~NG^3aiG^MR6P%zNTbixBt)H*v(CCB%kbAGlFTn7vIT2qr(K6e@Md zAK4Qi)%6GLUVyo^e#Oqyu#kvHn&mdL-aM82ZsGECc8C6PslkX2#-jWyC;C}#@Qdd( z`UZRTvUC^j_Ll{IL#hL9ii_kk-L1sWf`D#0-~)p<*PM+tD(pZ-Zv zOiW-N-bgFr%%y-q+reUv9}hGUuTdYsjDlF5IFpCWPBH zzhO_aI7YH(t7KvI$Y@Iqn8k-5Nyx?|;bnR134Z;C{#JE-4Z@o29yjSBxH6e|=s_!~ zP{P{=MLpnCxAu*^*SJ#SDmaq&qwweysl0y(XVSjUbP}DaIW%P*o~XSYlU#gklY(HBzd8 z^E2G0{zNLen=|*u2DHN(rxL{GdtoGm1*q8`6fw75+sne4uPDumgiv@Usiug^a$5oc zp}ElPnJQhD#h_iz0_;NVbeps;g^6|>g9?Omxk$`PhBu2{a12jMSssj3Y!($!5@U5i1PD6IRd4^%)u_$881`g6gW(K&yG*Ood`)zWIn?L1#s=)|6 zfAdH}kreD0%KR^KcOVBw5@>0Z*@AY?VpUt3Jj8(I<80yX<9YQ+7{>@MN&@|a?{}k+ z-XVO!kiI~fa;Ppyp_yk=-P1PBA?|(oTCTXuqXY*=OHm$77atsCp5s8i9q{_JVOPEV zkM^wr0j_9V4598SKcR^0tqe7#5oWt|oS*Y&u?QBlhfdf?i)-ZqL>P1-Rv|XuRM&K@ z1^E>62by*K{iz8ZR6`L083^t zCDA^OFvQ=%E3c@uqp-B02YiM$l!?*zpJxDJ5i>7iqh_9(`I*Sb{RN-H7_B_=acW&dLRFkQao!K?xN~J;o33LF^de92OOOwB z-k8x36#3#OX|!HG{jhpf9|$ zGCWm&C4-kYLha{y{~fT#mIk1L-+r-znJn5a9J{~xi#8US|GH*VIREsFFO&Y}M<4>W zIFeStc4W11wTD&Au!CV(Drz8^jHDp_)_a9$Bu~7ZJMaNlO9#G!UqZ*i?g4dIVf40@ z-K@!4#0Ks(CDApsq z!mVJti|RJU^$r%$@anslzi{Z@fJvj5q3?dV+F$~KTp7}jz&e`>5n0_N*eVg~v=b{5 zrMR^VG=Ff^OvTVB)o_N_U@)(0m^rE9zRHOAOfsI%Hbf(TR-Ynk_LU5IA_95QJyI0Jm;0<{6!>>%(~ZPt|~{X=Sba&#_m z7McvpQ7W7;l3p&Aw3ZT}V)^DnbRQyp6ksYHQf$=65K%>ALdFhHeQ*-)&+=b@X`@P- zY-4D!BgH;8Lqk&3%j926#SY?+YxoqVjlS|00kQvu0R1PX4i{$!){(CTCUw%2B$_hP zQ#PN#Ui5gRGI@nOd>jQ;y7&0ix^;? zsrC>4kd;XqI;G263Vl~)LfONzO6kn|+S-Dc3kvmM^C5eY9LeTrx=9@ya@v49$)>_u z>A&T1H!Cx}=`?@T#fHse1y1+xU@JnxzjRQp_Y1bte@QN|-ibgDv6H$>zG*xV7oL5+ z%RgY;2+aT0-kjtxb)5TIZY9xAL;z!rR8;W3MpVU1H+NS!an%X)4$R&PWKM9Y}LT z7M>2$OuN@*2ed?3vaYQjfuFFv?jj1tkEPWWiJ1wJm!O;!D6(I%isX4ob~qX&C6q63 zi5qAZnS=K0|FZ)^Y|F>z?N2u`d?43wIqFD;{@MMTO-SOHz(G|r}7UG6Q+Nf9S`SnO>e zcv0n?`L!WI8eUHxYzAOhK@BG9Am2LrhY0-asOHCE4w3x199hC_#wav8`AXOek8i}Mkh_d z$mgn6N1()((7G#^szMfCTn}yY;b$m)6#N3}`Pq%gCkh+-M}PyiLvAnPz2P~Qz&h$p z7EO!ES(HwR&5XF`EgB7zhO8(#X{;UcQy119KCItThr@5j|CZGT4(^<4Cjzx-Y|rlF zH+MOeGy*#iIfIZIc{^gYBD>TpQW4bjdrJ!(QGa~yfjg#BtOJd32loM3zSbLc#Kmn`Mg z^?|0YjX$bkJ&ZN3)X@fB6v6%LjKD~t1-3+VLThTaYVyqLf#=YmTBQ7^jgPSO_L>aS zuVD79n5Rvk5V!$DgT(sLKsmCF4uA)iRH5^>^eT;(o_0-_z?|6~&p38Pt%OmYP`qD9 zY=$J}oRWNswXKNNabN7M3U!8y!!R}*9#~`I2osl|4f@B8u~N!>=oNNHhqnfqkvZGs zY5s9#)8vdAxeJ4_Ru-V>-=EaVe?fyk98@+hXmPO9U0)I)*d*9IKWDjQ2z5osdNGY^Eb%HB?=MsA1K%cOTGq~&b{bW(up>7tDu{jr_Hoz> z+sv(kA`(=kA7ej%GZOj?=dp6gFjKE4_`^;(Ja^&0qy7Fm$`v5EBssyhG;!)7?g$Ri zH{JIFhu&JyN59%8|HXcr+F9EoN;pR|KPwOH{Y9R^g}j0|*t$7fS%)u2M*f`3nFHTb ze}%Nv(jiGOZDSZN-CuJzs>|HO3Jdvq@PR#ynK+q~S|U>Sagd*|Okb2pZmqM6PKq@i zl%`A=(?)3cn8WKjm_y;Y7Sq)8IkpszX7?wtnyaRL%ZKRzG5+Vh2I#!EjB4zL)xI0Ec}wCea2g2|Tbw-%2>souOW$|i8Z)JdeXp|zUlR8x|NBSDIChQS;m zi1`*z!_2I)!GEy?(LRD=MbdkcgAv_?#i;tkBZD^lAW1@gY`mX;B#Kcf5G_R9@Q&_& zQ&ZhAl}08)TWC4xcRUEit>Avnoc2Bmt9OwK+*- z>KN&FDL6K0kO!C8ea)dfjVNI1F$>mF@`;2 zRQcPwzg1pe0MyXsEqnUAFFNYSRLIMTOIn;W$tR=eNu{L7egwz{4JjEsk_}0|w**hz zG1LWDdI;oWUhJ6+O?L2?BJ}(RlJvVt+6EWE%c3J={V@8ggsPBL%Ez;BDpZuBm`hqb zw2yFvFBJ-5(JjOy+zC4YL-O`~YF6E2i6{i%4@oxE@&W1H=xTzMfhXVoFXqZcD}DT( zN)QFO5BsHc?+Hjl8WICcR0fh32?fYk3o}Gm%()5^S04NwSv@g_^06t1;`q<7B*zS@ zRQl~c2C$H<)#cdErfKDtLZh~l89(v!B0<{7Ql*G9!8*OWof%&kjYm4x!F$7-Ba?52 zH}~??ACu%t?5{?R{>XKr#A`uY%tePqTu8!t`X72Ln&#m90z~9Eru?W{3z|W%i{Qe)$et zoWQbnp42DlU#wx+xj>Xr?}8?|T;W{KyC%Bs;8G7=dQ-xl$wX~5D*hP1q@3=BpWQ#y zIr;<1&GC!Dx|HLsl)QKxRNz=?!W1MQP$5W)gxp+8k^-ESL%;(gwibP|U-f?+;?RD9 z02N=-oF6HOH8CvlItvI##6NX!w03D4gJ%740ZvyQ;hM zJTJ4E84q^wEg5!D>dtnPOKF@%L~;^=M;MwP2Cjym<<9tkD!q4mQ54ssPb zp4!Ky?SO6#+To2)&vK9+1PslM*Dg?3(pzXwVH9PALAiWch`!V$+vQJ$!Sz(sR;-Uz zGHpkqZ81`6Hgu(fb%=6fqaa9CSYHm06vSJ5p) zen|WiA)DruED3eIGeUT0Dg{%;UWm($9Jdw!%D}*h5 zUv13;i-KDIT5TCk4=V#b8JAmYu&p$I!rcu_jin^5@s^fBX;=CD7@RF4Hgl}TN&cxqfpH$YKi%eXcI(4 zg2v22AO6SERR(0WbX~foyQPs5=|-dx5R{Nk0cq(DLAt$w(jcKocXvr64G%3{kJ9Y24O<8)9jqR3l*;Khw|Uq71zHb?UCW!4Q(q8SkaPyP=Q{6sh-gB%&7 zu9+cXP*nF}KG6xK;<5yi@%or868q)_472=*DMoj0OOKP`;;l$W=q#<%MpK7jD(|oD z*o4%jp2LCcgp}uj-CEiGlT~1tkGLetD>M0U8H8>e>I3o9Zu95jDL#a;9^rlE_#F(t zuD@DEC?Y%#cCusa_sUcYOqiD{eK_k=h!UIBa=1Jkju8xYqgiXXrWp}n?*j*ZCA^H8 zSvSMXC|%mgdVZj|VRStvfe?dJ5uEg%{%zXNLp=dDHH}0m`QXb0RwQ@ofX4l*H>J$$ zKiV5cRx_7Y*Yo0$ z`yX5}Ow1n>`o55Ls>Rmqpb7jB;A=776kkCF>KYV5s@;j%{<&6cSVo*3M3r!@eZ5V; zEzJl=lXe)jz5%y&^>lp=4DdLWjBT}Jk(duN6U|kIXj&Xl26~kdIHyg8BVj1WWWBr< z1O+i@PI=X1=ScfRbnArdigP@lG>Yt=rph-I`K+@I=uq0~$@9rDeo^7)peAU?S2>z) zrQ38gn`ru3S@Yq`w^r9gCeJwEV@79JgPQr&-t*I)89(M&Q%b``|gXFDpH&EhOH@Da z`{T^7ff)rA5wX4f(k3Wu!;fYp5jx`>AGXP?c^ilcqDjvWFM#gLg1C|5BGTSVPbBi8 zD#g+z%|;*W+hD~zmw^xUi9~LKCsk^l&sk4IR`1c|7^2b^?dgaDROWqBZAGzWP9zCm z?|o$} zw$76v#CB|`V3fliT&1M@i5S1YOS_GVcVeGh4=!^(rqvT(TvlO`p2np(zwAy&MOr9&S$N?>=eFp@QP84K-G%)@>0p!CVv0?ew6da9}If?`6_U6|5=lw z7)3jp(QgD9IR!kp?Q>iA!F5UmoBjr{E|1AZlZCGo2-7q;k5Qj62iLl(^#*snq9l*} zoTn$xCX{%sSSCc~LMBF5a5E7hD_1(EL7uyt44037Svt;j8=W*+;yjh|*)uwbxNM-s z06%uP@o~iO=ZuCqX^gWT!Ph?E((8%=tFTiC+>ojHoG1@;uHNesUW;L~Vg}lYJBb8y zN*ZS%(EWz+pI)^Au&f0MJ&rc8H2t)<24n>r(+tib%@n&qJfxXAyp6nN^jY@FStMi(p_+bfC-%&W>14cgd{6 z`ic#Wp52oIgU@KlRF)`b?=jp(0B#hWDutiTcNdv4NcK?Yk#eOp{TUzed@&4GR6hb2 zPjs`8?r4AP%uX)eZTw6fr<*tL+Z(MI=ZMXXMfr3>jB(DSVyx&2VbWs zBN1-O&3ch^?L$RDTc&+dPs*dI2CTE>(5-KhRhcW>=!O0rSB~}QigqOEh!Z^TXA!OT zU?6AQF~Aq4IlGD(xbNlV((Zhg&y8$v6!ibg((<)PTC+#kaF4PoomYh{oigyVN^#8N z7`-tOnat95$_Bo13U&$Yqmo8P%r-{OXGq)p|EQub4lp-nZTG9t>6SbmBhkg64I4O3 zYSMbJ2P0Oz$PG-fyXupEui;mk(3|si_0&)`*RB zZIoAQeuv)2Om!3ImH+OdA(S+}mI_K^WcotU5%-utsP}o`nT?0$O}6$jk$F0Kk<1WJ zdBZlshzv18S#6BwyF6w~sYge*BawjbaQj%hn)=bIfM&)|<5)cl?Si@H30OfZ%p!4sGopJYaow)LeV8_uS=q%M!4@tnl{O*#s6m~?9P-yH8hVpheRvv5k3w`(M2?(f$GEcR&h#@k4osX}D z?Hu&6v;*J5Uga7|XhK^dmi^`)B7+xQ&oWTYUtwgPpG0Vv4`R*z`@7wjU;s;ZT40CS z=ab^IYizXO&2!Ud%~WM_Tc5N_aHNCo_)j?*6Fg9~12su-;Pr2BIjD`v@%D11BEDN) zUZCM7PPPnPX7o+)|GNF!7MW2f_--6*f+2{NX=EO!@9ollyrF8SO{)Q3HbWj)D*8s4 zo?Vrl`R`DMiGLU~T%N`F#p|u$8IEf@Iz%v|@C&`G+O)E{0e4gJg7suV9k;AMUPMGd z*w1KzZfBmeW8uhFYR2HT&xoPS1hBqe@Qh2!=iEBuea;*ai?Q8?5v+1r*dH1S*FC1L zMLusy16%{GMg&GPgx56fTL-SSio@NuyN?EjMhhILr={Nmqzy;KQrN>UHp4_}>l%-x z5784v)aGWBrn%D0tdpjf=a0Lew7C>nG(0{zmphqwWx;MlUu;5g9^yqzyXr~8Yy)d$ zjkBk~SBgD?*Q25O?*FWxb)#6Lp8FMge?*=xOT0-SM&=R#pRUSp zG|gPk9#SHFU_M}J!FHU6J`EH`==>BczgauZv4mpRyxXqyUe%Epd~CrgqUYmBN5;oe zE{4)D|1s4oP4mB~_AZQ7dD*&(5)?ItKxZwa(Z!f!5kgM}95sFqO45Yl&a{=HeC7Y> z`#0x(3e>OwE4KUIVLvu@_}jrM^wd1^zz0KqzU_wm!ETEK ztrOVJwM6M|sv{NPula04h|>2^$of`lOqEqXCa0mW4stVK?r9Ul!e=FBts9KK*p+fA zgzn^sB>Zj_ePa+Et2i&SZc_6-i(T{4k9b8~p`;g<$17DDk3T-5kN)(9sSGhsmOHM` zhrQJwGJE0HcaTr;aA*#Qk#EI zxVJMteTIOm`TA-;hcH=s5syL9ArEu0rWg2J7eR84Htw4vGH--F;k|ucd(I4!-6VFZ zNOEB*MtHd@lLs=Ij5z+@a@=@(d5XApuelDRJ+~lbvV})N#(cisw-Tc6-UzCx6Js)~ z`dQ9#BI(N0c_lPDiD22|y#Iwp^ELO;0|(jG1%!S#*-ta;OhO0~U?11la`HLCmy^d9 z)GC|^^Bv8f;e8;oD#K+T#zD=G!;p@AEBK6L*=6kIqWhFjnnM5ln}W5?DeQr*iL6cO zLrnT(@?>p8EEfhc_JC1@IqAH&o2X`nUyPL1iRGLWh5G&_w7gRMGuW)D`*;ZR_<_P0 zU*jG)D79+!$qW2ts30SC*i8}f`ibn@wwaGHL(tKhuib@mCt zid_D~ke9++H7~jSyLk_7Y`p~qOabz^G^$XLO zwLZ#MdiRmN1KP-_LC94L=d9UQI-geHe_qPZAbx0( zh0-7(0_p}mYO<{-T)OH}{`Q%ya-9b5ytDlH{m*J;`a=Wi?q2R${7kqc!!mi%=FzM4 zdH4}aU`HDG^1Vx3MKl4$DR8LHi6ncaG?r0XV1oBsLh(h$BVim$1k~A4S>^V3Cb)@G zcx;y52Q4$S^@aa~xUq=zunaAOR$3rz5Ppqvc z_M*o4THt25?NaDLKIcK9(dvFbOK#>rfm!359^-Dj+cCUVA^&xuF*h1ouML6+WiCiT z451y;OI*`$JJqk4vpenqPhT{TUN^tK_H!&WZ<#{~X+lDUi*j?mtasmV(WoBJ=SL!b zWD*!Ku5?IBj$c0h<6g=qfR?pSDXilpA(04Df3HTy*M~p!$EbNR3$(!iTKZw@OMD;R2z0O)Aha` z2dpxy^*}C<`sncbpKbys#t{p0I=_ouz^7IhUc6qq9Y`*3Xk-Kl!GFucA3XplO{KRC z`&Z)mZNI3$+AT&zFuuQNu|<^R;W^i%zoRxciGZlh>uK`;~*`rd?=@Kn6|r zH^1kW*mA_UH44H-JGx|GpZF%P@P2t0ZvBz>(~LbD`>=C^VnU0)5{5@5h&DcI(HgiR z%A)w%!_8uiDAh?=hSpD4mj!bkD{;D}@$${Gu1Z_Uw<94?Z!?-`Vd?>%F!++jJnYh!9Am zE>3XdJ=648t^s*wY}D`2#dG<3iR}I!2v^%^Bs{s^5$m(s^7I%TKtB7B25ZqNJ)v9B z{3^ml-j&T}S{Vi`#4z%!0~(WP#8)GJ)J z)ZS=?3fNAs9D1~g`NPQq2;%(q&7BvW`)E$usw!W`%_no|AK#s~wf*N?Bys2*mv-T` zwdik{?rsId?e1ysZ^yzUiO+!!o_o`6hF2;2qS?D%f9m;0N?wAT9y`rP2JBZ%|tetvpu1Z>7^q1Jx3-kFj1c3WZnLDkA9S5&czfMDrrx^689 z&zHWm=}?r~ZBpa$EC*Keu2xy(!C$GHE~)OT)4ik5M}I5g{5bD?PIsrG2;-4=4Dk5V z+@qQZclY%pP-{9CjF3ENbTk8N^Rhono-8U`P|qWUp1I|YcoG&mga*%^&L(x^6dE9; z$4NZ>i#TLBAn8i|LmnyARz@}>q*#`!DR*IBPMxB(y7)PbGK{;gg{b!Fs0_2XY0y;n zgDcHdW-a+-Wvs*8o12=L)@#jV_s`I^kUscyJXP__WU&ZUX<2UJZ4nD%&sjcN4+PRxx`}}&g(h{4Ll(ZAC zniCGZ=Q!J^KThh-({}}#F7;yR>|jCveD5)y7Y4!#ng1%8-h#v?Z=6kxJx#wmqvM9D_>GuAPwv!?gWnYR6-)A33lM% zxwuXn#wxL+RHBiWzu&l5+LfPTM0tN7t{{$72E@L~9bk?4)LwBMWzB?E8E&M_=Or!` zE>(ThE;tXa5Y0Ez9!h2u{^bh=^@sk)^+$e3QC5=wz6kGpOJbo70Cs#akTT5_0Iixe<>QUc(SS4#Ml^ z%eoxWM&h+;g&dt*P3)k0TGFxg@}2nQfI1q2-E4V|z+trz-+YRZH+$>f|H{Bz!YhJW z2Uz6y@9fk*`xOuGS1A66og4?vc_B0u)pwn0x!r3kBdoZz5es;w(}-!;r$@q<8%faU z11hjQ*TuWZ*XliPGlnywOFM;GvA@-&Xb_Hn=(J#|dru^t?HZ&Nbj(?0#Z-+-Qq36o zaJ{p#s_?({PIv0W^z0442zx*E>u~Y> zk3Yg8vCb%@&&WM!o#a#Gbdx0)whF=HXi>J!i+N1A+xVgcC34-utX8C{^5+MHo{Jia z;qslX`J8X^89hgl+*v1s53I>`kDIM=qD7-H8w3%I{u{Fo>#H=_X-F>MdPDDKZbwl0 zbloDlr};E8Wv2W4bEJP9hGk1pf8LD--2H>!Y)Q49&f6OOqcre^_aFqC$4R)4f35gz z=-fkc(akCuG|1hA1GdQL)K^O@w9NMp2MANGL3?FwwAk3#!fWA-$6!Vm`KV_vpVJMz z@96xlHFV-s%!|5TqJA*%G=R}5(hS1S?}z@I0WH;LwpaJAWhJ| z(@D5{HH-6bN+YcCy;>Pg3EYE60MiRj%)i>qrCz%1|NZa{WNZ)1rqe)4|3EA zalRXgS+H7rDoJ1oYd8N!`!p|k}D>A`jUtZvDhqxEX4Y^@WUryHDU zm|>H<>HGIsK=s)W4k-u<|M~oyl!VS>tB|Yp52XG0TvmARXO+{R|8x%Be9NhS1_WM2 zAhR$18EJD=`M}R!VT0R?vT^pc>+sLc`KPT}H%Tes{smVk)#p}KXca=|eF1V>ltY*{0>8~WmV~oK_n8~G&so+3EO6YzOVNa^_*7FvRrY!LC&5*j~;-Z1C{a`Ye@cE*P^I^l*n#iaZuA0Q@vZYh4xyn%zn9*#wyEC5D17Ltw1`7w8w$y)SgjalAM3wX3E?ueGD;0AS9JR z-qTDi#CmR6+}I%0A?4DPhQ#FLv#ag2P5SiXch!5UV4qk7INGAw#E%%p{f3b9ZH=os zcWJcAUfW5wQ$S!cY&(sp#Bo!fZ)DprSrPHFAz%ag~kVnU(by$Ic@<}=AK$X&pu%f z3ZGzn%G>6BOP(&Gtc&jHYcfMuf;$j~Yo}sr?{12XZ=a}%{2^|>=;8U~;&a~Ba5}B; zJa1FD3U+u$R?4FTm271^&Y%Ads2C%)7&(q_8UIa8sh-YnEOj22BU^={ca+gd?zCI; z#aa~nYNm}=ORMILS4t`lAPedgV}Fqm(LGKen0eGrpg`@MR<@@g`Io>B)_5w|gFe`U zdp7G3(A`vPJIgM{f0|7+%mxBWii}eI_ zS7Tv%3t3*9UoQF;Bnipbwy0x8HdB*{8vp*{fJ3s-39t9(dHblV`sXsh3H#g_%xrFL zng4a3H4Wq1HSpbioz=M|dETI%2tA$uXCn^84((2UU_@mL{>5 z3JVLJ_bd8(_cmMl!lZ6Y4P3|NR5Fitr;43BFB1Gmf&86UK!C)U3ODQ`t?e>R_zKFy zZsXS7reQRsqaKbwO#c1*=XtwlysRwg-9j5HaW+ee@HbI~yF-8JFDbujm4(~b-JzY8 z6+h)F&5@@9ho|VuP`T7jIKBqfY+o*m5yCc=z`tMUH7D}KtqPK>tXIT$fujCujR>gB zUtwPtq}}pwYm_%1f2SwT9@AR=*0|(hYV5a@9e?AVk#74N9uv!UGpZi12zetaLyDl#L9_S2=ioMKvri zpugUGa^h<6B3ANhTTapqav6}T{hCTkSm=DH=q&V?;H3*u7G~;7{Y?72H1YY|GUvgE zT(bpjIP;ees-aRBAEl%B5tuMgYQDzUa`zB3|&3eGiGwO4{rYV&49@U2opq7 zo`)&}O1;iN{QR)u$`u&ss#}?l;m;An4+G4ed-}_fAl4!Tb?n%v`%nTSkUYu3lf&wS zk{C1yVr_O31PCgkxXVkgbmv|QXgM?)ZDyK4YY>{D009m9T;0>Fxl#X5tdj7ECd++M z2wH$LhVG$i34;Cp{o6-^A*W!9tL7o+LBh6=s07=6;-Cx*?Olv{tO%NVz}4?{_femv ze^72+|NL4lBFbJ%>tb6$DiTUDyoh4=H~-+^kCcvJd<6o1Y&c>&RBtU6L~cTn-yq=j z6n`otTkd|KhZFW9 z9RP0L^4V$|BLA!3SxcoA5w|v!<@ySxyRgU4v!CuyYRD;A>CK9w67V3P7U zsF~@#hbq^;?}eF>9VUURPT`QN8DCALI87+AuA1Wc%qE652(?`f*Y`;rBEIW|_<`;O z1At_14;eg7bIpZ?R~ml52;uLs=x=&@&4BALje#Pxgv-D0ZiXm2S`9|u)}ew znF7IS$!p7Wrqs~6!V5?ZQzhXccy2J#Mcn@jxKqEmht?-Sdw+l1b{__E)m(}8iKlok z0R53r`RxhqGbCZ&1*Lb`;TAN+MK2GLHN%zA=w^+q?uRm&u`h3}<8mxEPxI5(yULW7 zpP_Tm3kN|%ph}egJEvW!b9B@i%{={SwF<$E?5p~B}FX_wFSyW6W%Nc@?qsaR;)_n&NSS61KtR}=)EfXhMseP7lr z-w(Do?!X8yfN?Zi(|Dd$Wx<{#(?C@WY|n@c+jwa4s?=va33B3fh>kh={`&Rn2SIBn zyInx_1hdVMIsk;T`78`Khevk~#cAf)BGTlB{+oPRa|{`8+x%}C>=U_T9gX|Y2YC<& z;D?!n;rYkR4tPra3~g0}>BW5$?G)FPJkHLJ*vxYsW^|{x~Q-KI1p*;&36F{OhMp-Cm;wNJ-oVRnrmQ2q_(2xKum0-nE zQq|jV-=7Uq_gy0bi3{5a`sYtfAdGQ7?6T#zcLimJD1Vn0BRo9sv5#wxy-W8FZsqzt zdv`|XQ(i}Ls5z{Nb!j7pCd3aaD#wH}kxJ|&wQ?^h=sj1%2Gkn)35 zja^vhl_%ZPi#Ur=%wto|^WlY@?FQaC^E1E0$W>c&5Oi=)z&=tW#Rn zQt&a2C_@|(^=YaLVdZC7@>cP+K>&n$3MEg!OO#?lde!H1mwHmG>1pBmdsn+)BW)7y zzf}7}C93dds`(nPLo>Wr;!31xQ}wUQNP~pCRnw8!mJ@`899m2J-s>2;kvvp7eNuP4 zwP0&EFsgbK592QA7yib1cm+!>(R?I5cz4gijrev~W|1_3&+Oz`Ck@ zZ~fN3AO}z`bb*>~Lax0tqRp$-{Pli|$kMlETe5yHg{u^ zu44PUlP)&IQICp@9OJYU%e!W=H4pxx{4lMC({fQRVPdbRio}`1ltyPVR#gHr z|J`~?`uNPGNt6tnr9)QNe0N%AjM6GazV;Cr){A~QGfxNSF1NZ`IuxvBoZxik=3qd~ zY3V<4*c&!fiu&@$fR(`)1V)>f;YHfl-kqg1-rG3|O3KcxT3V){$RgSSLLA$KJ)3s|l}$2rC~0JRrzIXFF5cleToivIy$BnCHE8Hyw2Q|B@S#^lHpqpezLu@Os#; zhBNgWi7G62)5(2iq_c%jMpHk8*eDcO=lZ-JjNOT`zk-T- zl&DBk4z729DcPd6--?GF7Jfsp^Z3-FTq8*wATxO=9Pi81*B)&5S~UAiX|9>ylQ_Tc z)X;cw$6dC)-a5jw>XB*1NFS4v*W{a3_uSl*p8l7**EbFR5St-&|4*vz_cYUy1b6F& z+06vct)?xN*!%pfol;~nBhOWafL1`-DUO!joz)t|K_i}`Zm9Xze-xK?f}mdJ_xBbe zK6*DE5ZE0wb|Eo$@xvh3MHe6|Z(iJr_`1h>q%5JEI)`>OckT3F_l8$faj1%=`S?=t#dw zP{uexMclN$W6b#$ROCVPc~+Tuyf8<^j>HkHxr(6YA+GW%3msroq7H)u2AKnZsnjHf zNz4KNyO=(exIOv3Uew;%i3AN#sp%ziS1@ua*L&2V?%5kolxpz(5yvH02?vH>hZc^6 zIU7Oknl!&+Sl|qehK2uoVb1icd!S;+m#0aC$BAa8vsiFvKf9(vXs%u7P0AjEnx*NY zY?k_4_wyAj6C11R$5u}2=iIK9{G*vGAu39fgY^D^+0qD_J~N|cPj9AUpW3YDeV5ys zGQUS)X4XBy+&=`9f1AVqgZ9Vhb#AIiflzqnN+0MUGhRgcPUm+rUJr)bwOP|#3|UEj zEDN~ZgWrQh#|QC*J#InaddqI?RsMSbbWnivxMO$s1JHiy{_cDo0vX4ES|R{|eR%Zt zwnQob0Qk`LSTSzWv_{^9Lm0MK6#h1T#$!eCGDt|LEK-`xcrU7I0=2@M+vS z1gZl7R@SX~Pl7A9|8&uNuf)0Ip^yRADG-bSu|jK5$o|yz7>s@Z1!pJ(8pCM4*&JFg z!4*g;FsWq~lv3M?oUGTs0Bv-=8lmoMh9Y?fkbNgK#%H}KFBXtw(F5HOHvy3i-CeY2 zPZtjyJZ!l}tTMe=)WqSki@yJcFJ=Jc0*h5#1bZ4MeN*OlU|WB8wWk3FUjB^_+lL!v zefY(G0dWS!A0O;Gl*bnlRC7#%j!TQmX3&qhnJ>GYuQV8PwX1RV8{tbY*=ofL#bXIbW=X<=K4I zejFZt9B_YhAA{Ivh`!s{3t^5`$o0Y5ewCxtf=Iy>;%C)oz&wedMxA-*DHPlwHqv=g zL%|drIIqYx^t&Kt+~*|CrxN-PxY!+_1@R8SusCx-71!VV9psZc9JN`ud{s0%13&yW zdKjx}%YG99b0;itddo^bI~axT64WT<&=5H0SS;~}UA+SgAzYg_I0mf=sKb%$-UX(k zofq|GE7wdzVFggC{u+Pb#efch26k0%w7Q;HgS;D+7zbf=&*`d6lKTLN_uz8$QYlV* z2KXK-$L0!>z&QE5>3h)pxQNJV+9^m|^I&BV2cT==XdrAJdUx(!QYhG#sPzK2#N!4` z{9y*QYA;{rca!Mvq~nJ(fsb7j`DYJ?a&CcF-hf!@Jn9($L-4g#?4TS!u!xr*`UNh zYr>NKkMviBIquPRjhDi2bh ze#qbkc{{KYeA284bK56Kb}DRX!7W6qnj~<4 zN=T@V?a~tfym!nK9?F4V})Q*Zr~tPePaX2geS zbmsy0=hk1}4Fnt3w(wB?@$}%uwQwY){pvKNq%;)S8F(DRBc){KuP&q{RX6r@O#dz3 zW>w}Xr#QrD0G`njqCjVxz4$O6U|C^;U()C~?Nxir2Zm(?(!qreBfzlK7 z@Fq}b1N|E)FhN5r;TL^Uv~55Iw0^;_1-wEB2sq9V*E-wkCk9$9_=|uj>jIsWm+7t( zN>Q}|V;^Zlpq}*wsF;GGu8R=Nl?du$c%Qzf4!D6s;4liBvE6x8#x&T8Aia3bkTY*UJ2kswgvv!-q0Cm^_NF8p7aDj;P z^78UPhynujcGpwN7(GV4q$?*U{MnzAWW$rRPv5VFc8Ia1y)o~NWspQ}@2?6RCL(V}c%|RoK>fNe?>*co zIYtHfA~CR&AiXHtHl@Q^-w;M+{KK26M&UEt5k@hors``PEwbofJj=W%`aB+ z0g}|Xpi8Q-f{5pdka<>J2z#fR1NfzthhGehVcX*c1)1C4^eRLl090fl4)EC$>oOGi z0t~LXTTV3h7aNEmu!>B3jBo?ym_3GODw>GXZqe zHmSsqA~U$8G*jU@w4qG-*<7-mLeBsisg=*H509V@#+=fD-`sKuD}KQ&-m{R_we5SH%)=+x)^DWq*Y%# zW-?3-=lGgl)NjIg&&_PQtEOu6OzZM2xX9e_Q6Wk}6r;#2N7`Ja<-&b!zT|~|{@ zQe!Z6_|C?T6{0kr5jWy7Bb#Ghs31?`=BZJi!<-iCY*M~`nmA*K4c*z+A$gmx873#j zyCNto;mTPbdSETO;-36ZtN9bREGLX2^_v|Cd0)9{&`HRDrsiFVxQK=8 z428QZxY`wGJKZE~r83FZKAF=diWZRDPQ>xs{TN@!JSRq zZo-HajwDU&&?c5I$4BtSAb&)YgSD?q9JDSFcFPnAi`O0UiKQX75@nKZ>OvL?U~s6r zdPGxpfW&TJmRY4e%HkGdrz2O^#KIyJmv-}U2pp)xfpqu*ZnYGP`Gq@YM-PW>m z6}S+1ukV7C2(6fz{`BuL(e<;XnyejnewOd0ueZdLm94d3B2Cy6zzM&6$#T*N>M{8m z^LFY9Sg}tzO^qYFdohwHF>(mS=$c?n$&}@r7QAGO7rgjtccTc}Bq6`hr#Yf(5H!!3 zqE(#{0;!~Q`gwbiq>q}i_r@8kHa1@R7OB=6|EWSP5%aDEJ=r@v=SoMRJ`JxJ#R_>_1L`QZ1>3dWsgi zhM{9Ai>Q#P|5M`^c|N9^@i7H$XLxAfeX2XL7`yZMN_;dYe?l8&YkrNQF^@}dkXJ#Cl%yb0`uF5yjsU935g-FEJzSum~7R{3J;Ue2Fyd%JXe_ zvk`pTGoB^(u;yQ-6oPE{NKW~EQwbcW9HM9>O*o1tb&uQMQG_XHjjQ!k=Z(QlVq=?G zVML>k$LOvRR;Irr(IDD><0BM(O8xv0ml)3epAOb?dCdEyqVOEeBfY@p(=@|mVlA#Z zbKL}GGJ8Qz?5C^^pHM}Az?(f+C-<@$qL)5jQ6uW${?EzsqvS=FGN_N9u~ZqVQudj> z?2Wxp%dIq%-cFL$YCOtud7Sd~%kOhROVeVI=D18}Vkx5=Vr<9m#gMK(hujc*!dSBl zo+k4rkG$xj=C}xSCuEC6jBOZ3Lq+Rd!LR0cl@XLFNpOS6t5|3t3 zb{ZEE2Oz(8pL-UubEeRYZL&u0RM*s*x+w7_g!!$8D1CE^kiGg##H(|y7t6Wi0ITQ= z*4T!*S=j!F)_Lb3wvA@G_?^jw>G_#%?+?9>)>tv6u)J4T`bb!qy-Ar0+liAyhYyR!BU5#e$ig{SXAacF;ws{>Z@a;Lfc>h06moX*>#UL?|&uCsTsMs&V?js{J zY$9Ib`qaNNq*S~eYPMQT>?r}pJzZfhU~Zcc2vZ}%_Z1U7|l>O3^=9;b9siOR1B#J4l0SpDMcws8LW6DrhHR73E z!&r6^jkNmN5w*vR@8&~oHeg7T6IeF%G%2y`1=9l7VsJK@@NZ0xQ(Fo{^^YH1Y`S7k zfws$1_IFF!I*j{~cOAk;bX+0K&Q^?-12?2~l5@d+Ric*cWPWi1#9IA6ZsVf7sv=ic z>)?-$T3?y!v)mCs8!3)8H`3!!_c$}EJTJzSr8YME^g@%OZZ<)_k&XZXm*#pcIqr8G zHUs|z$@pkIVnWL2&$Co~SW_5-T7)7ml{7qK7{qi3g`%G3JhQT?lwtW^J{woR?R*tr zIx>tjk&(mE%DoODgXxMaF3z%qD-aXZG-dh-m4=yq!4Ca(Hcs$W`&%yr4HVPn3|r&L zs({(n97Kk`(?I=&)*1QTq>GJ2z9#WFYhs%;JKVm!su@?Q{{_*bQF~@r%a)0eKr`9! z#0$FY$em5{pBWUg@Q%{apQ*fwM89z(o@tTDzZw4+s>Q+ngM(I1;5kwgS>E&QZhqaN zY8jTCN|_MDl?F>!#I0NnU;}4%GqK4$s7I}l9+!gDL_P`IpE=-Ry*?NBnU(GC)9L@e zw8jKS_ACyP(%%UT5vepXedZl}@(e=?C_mjpcvoIWch38`x$qW^gN3gMH99RHjt zk~hZsTR(*eO`S6hm-&<@H5`x1u4E<1(um&*{LAhjkgr2p&=OTwOw7MNMVrit&^0G~ z998kJmz9r4TiFBc=h35uRDX{e1O8vYvvN@^zL2t#|E$FWzm8Fv# z$#L!H`wvlT_~u~IhkgIPU_uGmzR6mLnZG{gg_P#k-P>k$QQFvVL?)9xRCGv} zvz_m%g)4%j9QqsUW{*+r6@{BEG1=zHn?S`$&`H< zjMC5T+UZ>yDdqf?eCP6)xK0OqQCr3lXiF#+;0mjhn< zPD+J}XJv1iB#K-FZ2^`}E9@XN8-?q^xRj%t%BYQ@|aH1|>X}pl1V5)fD z%tB<;ak%M;BEzoqf;ek!GUC-Qlm1$@Bt}6`oJ;9Aw%{Wb0!xb|{%zspeD+#~5O5Fh zYdPhUf=?K;240Kle(t~;x&^iT-$vjcmU(&*_BePnl`@E`Dw^04Rx(6;xa6FdlD|K zs1z-Frq^5f`A!h!-y+uH+m8Vu&TMhg_rXgTd8C!1_zCSb@z3(IU27D;7BNjfyv7=AzR;6=aaK*|@E}aH;ZClpY>_MVd%G5A^ zX8oS_`;i%PpV(aOX%Cbu!`PMW$H>^v3bYhESEVb=O_H$irihiKkAh+;AM?Hmz5QU4 zYGzV!_NxEIbETECwQr1sX9T@X;;cgoe?(&Scf80D&?+;mvbT^5@_7s&$&BGu3}E3; zF15J&@gqL5vkLwl{*^^*+N$_4+#fIh8ui;=kUN7WeYAmw3S7eXaC6>VKLfIT4p{F{ z{RaxZ^@BZ6505PPCLij&w<>J>CrMi1Vlp;0au{aT)VV|;oz?q3yE*OVTPK}RLrK&r z#w0sW4YG4;q%(|@hSZpJgah6 zi&zRmw!FQ^tm7#OTvM0j3&m2@?u4bmiPKY5js$^1TlqY84RIHKiFE^^O3i|H@xgyq{a}&k~yguu1uleF_Dac*}-6lPpzw#Rz zbM;?S5ei~QdnnKoxfUYp{!lg@jC$5x&wpFzR`$gC?pC6qPg3lMN;P;(JkYh0bS6*0JYkQom9c*&2N z+CThZ0s~ju$HGv|{8q<^_CH$5FC*?T<(9py%+6v&u*C|SLe1e(N@U@`q6mMQYo9nAo-NRCgQ6ydfcYufr<@-=d1g$Q@{Ig#qLKnmA-`Nus#&pM zP7eP?`^CuZ7%KFJciL+Fla2k}_he&G@Fy(y_+GCYG@j+Tb_2&+2(-WTH3VFY zHKhsEHYK{(cXk;k>@WYW;s+a_3Pcu~P-JNOh9ebTbEC}8`<17D`bu>BGnN$f*AjwB z91Lre{E4*zAsrnrBQ<-_N4#&sxw6`MFGh0KK3^ap8s{FRDAFX>m#3_$Hq z!FaWJbMPm9c0X>oJ|#9-9vB^%he60Y%c`^wZ6rVV8^KItuIq_`qMWy-xG+;!R zOFioldmJqs8XC;I$v^UqQ7b>NOGSBIos#+k#rSoZ8lw#;9lI_-Q9|ZV8tDZyIX)l3lt}~YjJ|R z6o(dfx8m+jp+NiPdA}c!T)TUpojqsH%e>O=$gBqdm(iN+gbGh|p?$I9~w^i$oL|o-!dXqPz)jU|F&*Tg4w<1MHw+SLJ{ITvN8+zx>fW7*NQ13J^VL-)yc8e|83dGD zt@oZV7%q^Vp$cB1@7IHJpK59`B`EJJ-FIQAt$f?1y%!O)s*0B~mxh0+D_ztj2TR|G zU6$4fQ%GOOagiuJVMe+K26ZC?dqs#^?uX2UP#Mlm2t4Ti=fteDCP z@;5ihXlh%HP=tRFbb!JfYgR5Ynn}Nss8VvT+je*aJ@FWe1t z(3olaQ=H5aJXT7-nTp4qm38(VyB7(0 znl3mu?qKEpueASVCWBKOh6=q|uxO*c;(GXUZreMRmMr)=D(;a)1gqCmp4 zTJf_bokJHn>BIG~4@BBpY?~|2AAez;UhoTT#t4{)j#yTyIFzhYJ;Psogc=8pb+Xxv z^|HnOR%PfApv}x+ABUqv@!^AF9f|aXsG}K95(C?XLP24xQYuyPthF2-w6Izr2uPwb zphf491^tX7;E;4F=klwhNub*kBF(AVa8_tQDD(pGPK~46mWVfZAXIB5e_2ptJ1`Pf zD)1FL=z}jTF5XDFn$la*nGjqU)adTHpD1O*xV#4A{0o*|hBNVN(XG@0SjE zeDPi7iJSS8SPQ%qe0nkRJ$x@iVVm&$f?ZruQ@Z|0>7E_lwlL|YGBoswYS0KurKlW&yP8?wAnHe3GC0j^iBRm>Q+7#JWa-#gC4TX%=j* ziz6nqp~+m{+?DFBq?7T3RLndNm+4NFCQfG1(4ttqcF#5&rGD|r+y)mTk6!mj_^7py%(e+PC#3piFB9m>sjl=bl%jCr9-s8E4xe zd{?}z@C`5#=LRVtHb5=C?HeG_bDZb>35+oGdO1`Lr_!wMVh^fmQB;g-uA~mV=lQEc z!;)FY1z$Daj8Uz{n5fvoz{C6lxzyxre&BW=S4!Aj#`r(jR0%kcUYiVhPEr-dc#1O@zvmVs`1?hG|UjT}60(^Qj zl-l?_Y77SVniPOi6^VOEDNKuM`N-_lw5M}P`qpSQ?JWBa6 zwH_bu={Hv5FJPbF%50E~{f9lTo_X>V!%K?aWezb{rwycH1$_VF+>I-@S+48Dl z+3;-=R8~K|;baytp;B$J7CZ&BBcK;!b_tadJ3Xm#KPK1XG>!pH+Ole{flJLE9T#E2 zTEPdXe1ZuVT{zy+rJP)(oXmLPiYe9}FMBVIY@4c@w$Zt#kHu^*mX&8vX_g%1r~Zd+ z)1V{VU`ihc>4`_iMtey{>i2BTsv+q+F`A5#G}{eJzlSjvIwozSD#1v?lC?|e-9ugL`xj?BB0i8td*AM$03 zv2sIkQ@xg0LBdB2Tj{ksNhsnJMpt#fx%GY#WP5N=#{N8yrJuk1RX<&*;{uVog zObD9Jj|_ini?+SEx+LpWg{imX=!!vv&2k)o8D`XqY>mktN17%k6yB#%S`6aYK*w5G z78!5^!rDk*@A7klwH_ZQ4fJF{)$ZF`>%XGs&r}-cqRNyKk~NBULFgv|m_bScscDWZ zR(exROt+;k3+mYLdS7=Rbi9f#YoD-6y%+ZDcrk2bT+GY307fq1A0Rp|X9N;q}W-m*%FCOXT~)>-Jv^|ZJrqg$nbET;z+#3$L& z*pg|P2&oJfq%HK_)@+J6CK08)a3i9)h7T{AwyYP@B1I$x!$|T|`Uszx>GdkC01$~` z>oIj>;lmGqK1X*uPFQTMIYeU+wdiipk`U@jx>e-R&t8SD?S|_ij%Tr%&_c`sT~kjB z=@Mc&uyBk;nQr%KuI}9m!MVaqra71I^N&<;Qh=BX=BYY^^7qsq?JBru4YyPAv<&sn z;~xeB;Fht-1HTCUZ%w!!=fjcpcGcZGN#j-<%cDuXcGqUUz9X=07dg6 zNT;zkM!Ss#TE;BhaS>=w%!-VqkXdCB=6Q4|_Y{sc@+?0+YfSX^Cr?zx=)>N-D zIoD;}gyST8gpCWO;q#1doNWf?PJ8GP-!MsIZ;Q?fAzDU*Zkc-|x&!Qq=B#Vj_X+5jr|3moc9z#?EQ>A(DO5`~kV`zQC3HIm|@6|+x}uo~sJiOkZ_D>;2y#1#U- zMx|!qXcQ36H$wwc5j|0#km1~r)%+3F6vEVKLffdcda5@KH%{q&KE9JUr*Qq4iV;1W zNg9NXmc%5+5IwGBrX3=U)HscHSd5qWTFb=abQ2a{c}w9zBcsa0z`4DkX%VK5IoiH3 z!fZ0y?9HM~O5~M<#X(sIblHNL7al4nSEL<|Vd|1{n${=k?_RK^U&ifU>;T2kd{t#Qqwk)EG%&Jab{e zcuFy3FpQvZB{`V#X>~@aa;cS=GLc!6LQ(Fjax;ue%)gmcwr;c(qv=H0=6DuWH_x(- zCO=^MRl>zHN3TQl?>RmE9JkR%T6~c2A6xj2r#QeI%y!Nx@HvHdWZpwtUrvi8f zdF85qSX$(rC&<$g*{wX8NE<*nm&kqT1}5o&0D{nsnTCq7NZcxSDS(%zzaarm@M@L( z^j9_E(xg;}YRr#PfpsJK;WHI8aAt31d{&FU9>0fMV@*Lbz*R1Pf;y#gXO|E(BRJGP zQ!vtWel{bvaZAQgGe6Ii{dwfxegvz-#6>Q)+$b$e7lYn~`RTva5!F#JQdTH4p`^E9 zqcU0heI8J2ymODAftOcYG{YCM51+JZfJlN}i+Ywb#P3#Xteh(XAJJjqZ{6x}eiQCu z<%gXa?~qaX;_}CkNU>_cLxWcq=?p110v(k}Ew1p@7(dAr3x!6QdGXd@(2k*%2H9IkXSJ{yVM?HFNDjS8%^ zct~ie%ptFD_f-nmjV!0MP)=PW#o-^Xgvhlu}dR@`^ z-{=R3TkZbi+4}8`of1B{m>OnFp=fnsG^tl4EPHSavel9hRV!&m3)vKR7v!(g zXSi6}UKb0T^qp1bfE@%Ua1G|u5(JH|lXpX8U)32mNYva@Bf$Hl40*{8qzKxA#t$|y zhLOCXHj$$A3a;cWblsV?a6ZLbJ@jf%K2}Bg1kb$-G0Q_>y`#M3BfQNe`mz(v^2e-> zQ1~vhSeknhaRt<6wN*WizTRYBu0`ir230|0ky-!*COP|0hw^n&s>6Tf)`oo)JIs$* zvx&7vWz)MqOCJYAPgq>Fn(yMV^QvoWV-wzE<+YdHvor)=vvch6)0jMK$){_0SEY5_jT@osHg%S--<_MP5A7p zf4Rx=Kn>&a_JX+ZI2A#?Kk+!soI&6FEf7+X`Lz}%0fMO;_{A_c3!k)x0PAH+_qhopjMclOXL{Lh^qRcM) zBe@m{osnrSxXmZhD(PA)b>)ULwRK}+fQ_&P_LhRUP} zQgXDSI#26?Xq?OgE9A?ADT&h@1A5XTJA>3bmnISWgWETAF^Y=3Et=U!u@t|BB8h3# z(Xa8&Aqc;_d=(v=iIv}~H$OObfAHHXgKUk%z_a1qMq|BYCp9c^om4KS2y!}#BFDwZ zz403**2NqF7Z0!{ngxA{QG`8$p4D8>R^ZoGSC;P#$EI&J*Nza$l!`7h1Ps;GQcTR%-mQc>ZIxnwi#1Cs?NhSEl~bS z>XAAnmlEFaq1ZX`UxLAd_P~Q)_;ZpS#5zz}oLxpZyo6riMl6xS%2`azRd$dE4G&p0 zKAy$THqfrsNYe-&hA-8=^DBEQ>-w(0_oQRN7)?}!W#)+0JhTI)W_#+s(8cfViRvq6 z+(nzsWleP;lkq2CQEd#VBBhvxQdK7GNt$;DtpUSK9~)zoh~ z<)SEtW$9_cYyoBX`_2C@R#5jZy&e>)|le>1}sqe&vF_R>BNZ<4rq z#ICo{x;d;Fm@xVT)90ua$u!9t$oI9`dMdz_dkCvjS)_Z7&y|DNS}F==zzhLVjT&@9 zT%Gy=g!nw zHs%FbBDeF2U8Gh_W6zXi>pc7#!N5X{W~0P_{ga9fWW#y3XERg5n3&I))4Q3ZYm{jn zR;{eG*B9|WIIm*sRFOQ59OC{N@GQ-Y<55o|sgx-9U|a85ikFuOTMTbBMblY>80g}? zI&O>8I6mXsUXUcR)M3oza2BT^?%4LSo$IqXWdyqZr076H-G~Xn?=a3_agoHkL`3s4_X+8$q zV`7z1ayzL474hRDn44eX{^_Rqn-X*b7TCA7?xGx+t@M=W4XgllXChflx#YuC)Z@)v zupR2|J5(cQlCye>z2esgG3d7YMN`E5M4C__rIb%R znmi-D7DuYphF-O*runBiT;6o~iW8l0sU7;m4FWTlnzx!_mIqc~ zxem06BrU&fc^%C#4EA}2nfREqC`2*74i;1^Ypd_(L@0cRLSHkOIK|LWK#7jiP*Ik- zGXtU!qUW1nLo_tagM+5}Z0hKE5~b1jKW=LEQ|&%cXZ+DHT?Pu|0!m8#osk$B``&N4 zRybdu2etcC$oCvHEn~IzapPY|d*17y^q~d;UDYbGQ8-_Jm~MUQsGJG54}MDdjl!aijhz-5>Z< zz{AD}!c5*AmiFeS!$50E8+aK|5}fHXR!oDhA|4E{=8a9@#~ABNI`P)1QhQh8Bzq{4 z_m^`wOcHicG{Mj8;PAl&tJ@Mxqel{j`yGnm{rd;mOXIl2YG?!o`ONpv!^(L0ohwAi zD_GX4TnPcze|#3K};QYMGC zPkD(QDT^x;sl_dSv&3x*a+8-wnwZbIp6BvDyY6O@GEHM&d4}8ZU}u%l09Bek@14&? z5OJW)pz_ODl1z-4O_{uxipQ4Z51mqhuFBOysp4~Q)|mG8uma=ZNH)2wb+0gZf|I}y zX)p3O`mBBFhOOCQ{U)Q(&-)JLKWUq-cYlW zvitmmutamxMboUEew^m0LUXj;iFoK{zj_HW`+EA&K*7+J3@iU7R5(>g&=KP znaoPqt$uB|d`W~~0S&}0HJ()hnXw1Et2$gNUfMNUwQ|O_o15lUTn}Yto&lb+L z5}P@|hDMvt`Evwe?(Ot3s}{t3Yzq!hT0bZ=Ikg4kL886uhhUIpbp)`Vzc31rFKShG zL0_0X+l4+mZhq{u|@D4Pc7*e<`PS9H@LZ~)Grv9xW4E7Xvd}=BW*%YdjW9Tr`$qcS2 z;kp)02UjIVK0QXduS*w$1VY6&>!b(ck;YgL(39R*5CZ;{`d>E)oZkI5WYR84vS+HR z0%kucTM6I1V6rk{%VRi&iu$^?y6`K^6mv9+Q5A$BdUfUvVg~w@4S<`3VAud|f3xoy zvTKXClATfVF$E?O$k%`(j^z2*y+D#C!`Tud$b-?fiA6%;dLc%|hP&iO#qznyl$3_2 ztoVd$#mW;7=@}(n=EfIeeWm?@B*n_RQEMSAbf`JT&f1BCWk&*rh3z7&DruC(TJE1G z9dPIIT_?%OP1Jtq8Sr|$3HU<|>nOP`U1W~_H8{zkb(s~bxmD*C46*!*3`*oEf)vsc z)}!qQqn6SKdX){d-95p2_~7;+FS|5g9rmtY+mYTjYI-+ofK2R^LQ8Bj7N&PY^Df)3 z)r`DC?Wq89PYs{HH4rYCVKYAtBXg282=?ntEXh4L*WBSm(zJJrH~!NeVI#=@Gzs3h z(D-sL)R0lICz=?qknN)ciw&!z`xx!C)Nqh?tXzH;sE8hoVPcEmS_#om$@#=V&|iwX zJ^!=hh=4vhxlVa_47yR9u=}+jlVD{~{UqiE`J1MO_9DrpcG_)WuAvk1QA&=j{Tc*)}b=sCl_mno6}S6dw$Ynp3oz8X++IkM=zC z_LW=q^nW#y_zW!6dnb$aQG&WUE%9)cxl&vD_%}I@iTa?hYhly|z1+=_*gsct|>p@@};E$(B2`L!SN@-iZ zA(CLs|M#>Y0j!USvBa>s>#8#P0TsUM`;#-9?S!J?T$J;PRBGr1I6lNxWgPKc8Y2J4 z4c;NUCTWXS=a&tx%$n-7U4KT~J{Bjn(bsJRI_MeN^{0iVsHJHPyx{E2Pua9~_SqbF#gB49GA{K<0R92Z8xw@v<9frk4*<78O5o-V z|7=^qq(&)7fwsTBRC?j(SeA8Zl9xvV+(3i&E@KwF779&+emM3p8}L{~znCwr#;Ajx zC#09lK$4iG%Q6E|*%VX9jEJd_uU5inp+7sdWD2N!>D{ofC-7_N6TzX6_<+q(2{~Zw zout)1{&jDwDHF@cw*!8Qt$+0%RQh&|hp@5dmyUsm@wIqz-|E&@)*e!NVn6{C?B z+vG>bwtp{tyi1B3)X-oHH$)JZrCk*BqUbIR0%p<;w65(F{z!${8y>X*)(!-mq^ zkWd^@@N~?&f96yO+6=pGB4Te#;a4mfDTR85BB3gzTqBs$dze1O~=DFTS41p7ahr0I=A*Upv|PSW3q*NDWu9 zq}ggAb19IME}_(Enp&8S2x^eM{XRTsoI&G69QP0Mz5Oy=Cu$k4M6-R8U_XRLS(|r( z0cyF;DLhd)=AHQR14?+L6iDFU-35=exCv*$?MwoDyq`=U4fKt&yX^QcEi43B#_3lKY#ni2 zi1Aw2(>2zili)Ig7A;6*WbkS@rPDq>xo#2Dp^|>pIkU`VsFEDljd@JWJj5^69Z|7z)0~#Ii?pjHrvpmxxnA*AzLGWN6_&4ID7y8ySv?S7>El)9bssmPf_ zdthQW9H~!vZW$Bivj4;TI(~?hn^EE4WV3DuYk87UuXf?&71nG{*<3EAhg<;W%l)?$1B5^XgfJq?mRjL$7iyh zY4;_lf|g|k1sqF!Uu3O()CZ1N42DYK-5G zyqhCL_~(CyN<8&HwOvmmw;T0dagG9lA;TWD$?lQa$bop%-bKq}9`>qFdKyK5@{Kj+oYX6u^#>YWx`GjPh+Jc+ve6` z(8Oys&@insgI|2j`P6+!Yo;Q_1l?AyK7F2IB5z0+n0oRc<#B- znmt6UH61$+@6?W*u`~D&BqEeG<`u4dxz-8%EyMpheX;-DVmQf_a>44|w((8hJqlkT zw5Gy6*%pa&XZdHc2e__wHtY3~Ss;m+?3ofrY+5{1(ldws4Wx#NYXeCdKUmfwG^>bP z%Ow_dgvnL68n06iKBMa6-QmmGz|IOPJl!lVz9u|J%tvjTTby6`BOVlcT5M+TWNAlb zegrcY5cv2$C2rp%p_J>y<9^vC#bPA0d?-I=@L&@$80!%XaaPr@h{~h6Ssgmk&&5kv zYg1?~%8wFx3x#7ESm7_D*bxO{UVp)+-j2#2e`f?c(fVLHp#DekNQ9N%JzWQuF}gU?w%=&YqQ@4E^Z5{jYA)E@0HN1QSbGzH z6FJwXt^Tz;05Z4*Si)OCRRWc!J2vrKzQT?_ypft6OtOf@J&;1HdS__9^I&hZHd?@4 z5(!(7HW&RUSO}WYqz&5ImA}ulGK8bMOF8LTk&hD9c_36Z@R++qtwX9wY$!bD#6&=6 zIH|8Tk^DXshxpJ@@L*bmb{YLo$6_GK4l_KY@;3T$S?g}?QvqdEvh43dW-FcSKo+TD z-aU&_Z-p3<&uPhxV^65e=S81K(p{*tP_F-+ z9l5)})??idtl%SUKhS&OT;Fqf5Tmwc#vUf`q5wMd9nY@_!W`F~hOh((xf2j~BA(M$ z2t~Lor(1aZdz|9EY$@&YN+8*1hUtpe&Fx&N_o~E)IREICepuXI$x$Ed!yW3uI*$(^ zEqkkmb5}#`@B`#b{4_MC=TZ8F{MhoE7K7=#F#fgA;#g4t{*NnV0-j!YmfTT)u9p?u zB2rtz2FW=nK^AXskhsRTIVzf+!66%6vxIMnp#n$n4!1lWb;93|VTq@dor=BSW8f)S zk$@9s0WH6l^hu{b>vp}3Wzv~`M>9{r3G9*VZkCz`T#@td^?C6SRwAe+GRD^xkDy5X zO&h|`4r<)*&0%0_^>WQAm)ps2Rgv!1)k%k<%N**ey0p=aW_lP*mbavNbjaGLNUW$q zR!)KgyWovVGuQM|)MgRQ(k>r9$mT-MrqPZ?2-Ye>qFAMuunl_u-U9Zg;cr)gaql+q zIwCnSkr^qF)>n132|X!7-^d_yh<~XnPJay8+Po=@k7n}WWI1Z}yQJd{St1#06y?Pk zAp0-lYVfo`1JZb7REr3Sk=W%&T&TcEIE@tnhB&R1hE1u1+3n#!Sx}!@C3!VP^arz6 zkW@k*^`4TXHD5mf+fsLh;>H+b%(#yA+2q1IEjxg3n2IbO>B zB#Lk%mS1y_HcT=!F(mL4pF`ie-&ny4Q;PU1&2KIuZtng>n;H(KN0U^l-l_ov8r zh4S%bsUu(x7MdbD^9|VkGbJ>Y;4-Poe1CMdtk2J=0-Q0+^#G)*R>A}9wS z;Lfml4b|Qukmh(GPxnRi{OG)FK#olPj+nu@&al49W9C1}^-IfN#6KcC{@BcTn2v!o zh;HHW8GlyBeZZW>-Z&*RJyr_T39XLa5R+-VlV8LVZA22u zZ;rne6Y9vQd%P%p!r0^MM!{}~1@GpwVq`;-bMI}ORlZ= z#T$O^0m~rXw|>8U+W2<1C~Np2!_Mr2 zK7EmtqtxICZ{a=wFaVzK8~T*-SyT4fyo(O?7g#+KIK1olqJhF=U(XtkXGZ^rzjcu{ zU6UbxcxL)!B&C$#Qgi(u;i097Q5V#Z=d;7lvece7oPxlO@A+furT0HutL6v5B)!lz z_RU-{;yM^_*!@Ce*G%gc8qHMfUCE9Ich2g;`$P$-X(DB9UoYs3ylTPj%}Po5FZYg< z*!xhonwFA4NO0AW=4<6Q;FRJTVcO>%Xr)=^fM}E(Wgv)Gf1mbcvmPqFYGR%5&k*aj z8m;bVLy;JCpUaUQp%4i$X_(pG$hpn6ZgpNFL*Dd$qo^el^6=LDHc!QhDk`d8n#9>5 z)8>rNiyV=p{OtpwNn;wr`$B@nqO+FGeDUD-{*ykhxb)r@)phRn;_erTD@;+A#ANtC z6Kw85z)a{Kxr+7${M=)QUm9XHTXMjwGyX~yOj`F@tY@iMx(&MAD2)eYQ-vSK3HMRw z?;l$eB&tTuxk4bRH2s?7pnopnt4nh<$82tNFF{0hGUHBy1hsjsY@9Gdl<*9qrtVob zdL8hl0#By9e1RP<5#)y+gR-_=MxYzl@5!#noMtbutT1e|O=2iX9kTu|Hq@n=Y&dm@ zS}7EOWtO|Q;(DrGsaF}ChEj|oi-gQix|HTVLnXV|k~~O~Yg^FU5d;}SsOvndG|3xJ z$LjmIC6e%MLO9bCBxs`BBPrr|;-`%jGq(Awc82|DCoi3EWzr6&FD)Y=mQtO+V$HgP z?zFla?RGubJN_sH+k8!|y3Q=A#`$xi0g>NF>m@NkOydH{zH4a#my_9(mmFS8 zMg=ENJ`t9R9&WAjg#UAsyM*zrt-TnEb={w_?XF0UVjBiv1==#8K{ztKU2{Vf_m``k zX!G-<3p@IuVq?YQ14Rpa!6AiGJtZ~)F;EwYsX|(hueUb#X$F##+vEjf^Gu{&O>B)% z9^-QkJ*Fnw2OY3I5-X21GYuElG+G0slLLi9!4@Ua;$oCkFgN5SOKBCpTgbl-fleh# zq$;g-GEF{ERK^|cUH0D%7NNne+8!t`oL{=5Zk=4T(!yh`SPWr>s|Bz<)D?*EBO<({ z!lJI`c3>GN2)7CDRPZ>q(r>G@R)6ydP+)(LUFMAt_h$v<>QtzaUa&Ri0$X91e zuI0nI2pMhQ;Uw5N?&x42)+c&%q@sO(3Q(8Qv+gpkUC0T2Y=Q7QZmhPUrk13l3E2YC zk7>Ok$t&;%&a1*m{R^6<6=!+gVNz)D74FLOR?ri+;4)#z;1pZNygV;W@djY~!Ezb@ z*@;%Vi{hNfr*AIw_ohnwDrHZvsj>*re_%=!3iiKb#{u#E-d0@#Id+@)%-6SwU17+> zDX(!p*Ln_}`PX7U9fZqnsXK@XbjL1wTJCnTGy(R~4MvN^HP}jxrHd77a8sNtc?^cL z=tSn%47NKJq?C(ykJSxkAJ4uB8j^?%rfR5i1k7!$Xud4GC33mbV`pGe4aQ~`>75b< zDlL*BF7ex%Pc=dIH93x1`b<+Q_WoeIwV$#5vg??5rvuANMW013BA#;ttM~oDjGL(- zK)^hjlJg;Plk5-j4-5Hk5n0-o+RO+x5#`b!PXHoK*C!$hgAgihlkJd44o}cP7^BSa zX((N=HvdfB70C~P-_7j&^XPbM(fO9pyPI!q*t`eHia^c+XB0<3#wY{fskNaI9D|in z<@5IJ(libKsQ_9ZkP;|oOJ6pK;oc^;&&0rj#g1HJTH~qNl1I0fLMRTQ*HN;v5}eD_ z1p%Hatn3)Wf0yU^vdYda;p)er+anp}KII+uph~=9X$mdf>&3`#jqFzsP@xDQ=u`dvDl==^p+Hudw z7ZM1V3QzGZIK*fKWz!Xt>njr2plX69$)M0gJgj%RMCHdv0a{32MYgpQdJT;cI!In{ zL}7n@X{z$(4jt_jh(V2xw@Rj2$kCVjR~4nGOX2lEw0Hb8+dp*~)jQW6tGODNVY=}z zWC%}H*1ZG4Q8BJmuoo({vt2rcXLJa5X8Sw0bnZvtBwBdXG+AUx%jUGg%hq%YJM1a z*de%jF<8mlPuCm0p{ik~-qW&1M>6!%y3TI@(euQ`qdIG@;f}`6%Frvmh`}-<^i_#% zAE9>8P;;18BVfQhDy26LzX=ISk+4^AObb4#V(RMI{xOm|b-LzM?gv?ed=ymr!@>qP z()i&)AF*KWYCsw(J~~|Mx6tnU7p|v{LX?R7S?;+O>QhMwL1a zl67Z|@}aXr!>})4Ud;p(o00SM*BTJPtQnQ{r~@5`D3#5K11XLw+%<_36nh`zIRTjP znRgnn_(aqQ(IR5v!^mJe3Q#m>P8l5geAMt^+2s8^*y27FQ)<|(Q+B9Pal)h7sRgoA z!L65l;Me1^fZ?~a^9IR*wO3(#&K=w*3)v?ZECy(E$K@^ zc$}_Flj6o71w}`tr)Oj5!gz`8__XXc$T~RR=?9usqSXhHUtR0IGw_KiFGnp6huTSa zt3?wZ{qGQQ-OGhd84OD=VU&KS--qnBGIcl}R%m_9aES1G&LOgWf$jE@wVVPtCE_n6 z(Mjbpy9afaNJ8hI&VMuv@tGBjMlul!dQrRwk+K7W|2%iHb$RVcROW_R8zT#8^Q(7z z64|-F<9v-Fy~}T?vN*q`fYItbjM@$HG5mpbm|atwj5s6vF`WD&|wQLDw+32AP@yPaLtWjA2%!;ACzN zG=qb=>e~@!+v)*t_k}Ndn6JC1RDVxhtCDsOVTIMd{XN3v^RZE2JeU~9f1xAD=AAof z9W;FU;TO%p*;+kP-}rMDB_=FIS+k;mT#Z6G%-96QkM8$K>OKiSHoAci=nw{WNa|Q1;zj} zG%w%A=0RhvuY^^`#g|=+LjJTiEC!3&6sy_J>Oo=a1U!$25q4o+(1Z%70&(`?VZ>i_ z?!UIB%9w=p{xn8jD*0+(^b*@UP^ax@iNwQ7V5FJ;WMOduh-|n)2=q%Nid;-ImbdLH zT=G33F2$$#&rUz3`vH;o#N4(5YpgPGhX?@jB9P%AB;=_#2A@i)#q4qk{Ive5TJf9b z)qfd?15Dh&-D^u+OKBT^M{%Vd1J)1zjz+qbjM3$9%H8pi&hL2BytC=jq@57&J|G1G zXE1o7r^hK9X5_L!ZiJAz?1A4Dyk-uE=gn%+Z963R1G%opmKb(N%H4d{ML`n=c=2hE z-PU7#W!Ukp8N*6M#v=`nu(}_759!N?-{JUNDKPE*1C4(GS>GaLr7~w{vh`TR*Ij%k zYu_r}NZ|eobm6|i3eLkN;`ipgD@y;gQK=MO@P#8ZG|5m!ajgrNXTjf$&_l<_>P>21 z(=Z>2BL6joxK~G`Q)PZ6NUQSK_LYIip0?*I4I0TQ7+Q?O0A%7Ae6epR!+ES$(#1AU zqyJTUb^Uv|uAeRAe|1ZF-h1PnceN|9Du&{Ui}b2C)ANY|P=7fgDE6-$O*p1gCX{2L zrLeN1n+IM4-92^u<1m&Z2^KsWvNxvnRJlUe)j)$clMzy9Gns+Lb|*7PHTAT*AhqBa z^Wku84{LdP=U1NYXXPeJfyZYT`qz`iCX$%MT;x1SbY~Fo-bAOx7A=@vT~*DfJHgyX znO@q6(2n%?tldgZaMyu}zcBVUh%|mn(1ccv`-al3;^P!uL`^jN-;79en#L&(tnkKEF-V~8mEB&wZNoWe8Mu!nlSi%^53Rz zF6Uq*2xK{AO@?nO45l;zQ;X=?P&yk@_fSo{8 zoNM`DZrhR08@Z+BnXtj(4@!QyXn$33$SC>w|IlC->@UnhMJ;5`!6%v|J7mv^BKN4A z+dYyWDC52|#9L9v3*PPoI2FqKD9i3J@))MUkQr}tcK9VNrYi$i zT(eQX__QsGbbOOEgDufG8}ep@2i3Q=WCvduT?TvLQ-OhIV=$9hhvzrb2kr^F4I9*Y zlNZUX$j1TjN0xA|$Pa9S44P0OA_4+h{PqPF-W--NQWn$f#l!d&ea?RQQHP%c?Y5?B`uI&{PYQa^*S~~KFiQI7(gg;`^6;|wm8t0=r5H?kC8#H= z#6^Sz?qk?0G`E12AV`qdArHL3{LQcwn%jds<%%O%U|YT}T0Ufz$7+h-mV77>pRM02 zt0w1;!!M~mp(ii|fIF1WJ0Es>nZC9+U6=PmA8Z}dr|4qh(#q1ids#42vGdf z_0rYMK10!Z>G5fZ$Q=qk9wr|sk%^wCX9DAKz{^O!!vG%%mCXwTq7@}U4RR~d60mY> z)zQSU*k;L(B~ppOep=6QDy}>UIx$$?2jQnH618P2u^zY)*kgTZT?(mPMli4s&hx=> z<&3ff9MV>)yq+{v-Twc&O}kR=EU??bI~jD)D8kpa0Yb~I=5&5 znOpZuwzM!iLGM`9qUUkhxFzxbv2=~`aerTPW81cE+i7guPGdH9Hn!Q=R%6??ois_) zsL%fXpXc?yyZgQ8o-;FN2Et=}yOLYgdL@(6szc*Z4c0t0K!h6Es;DuKFa@Cn$c4Qh z_<{c@BrpF)njWuw7tWpqDF~fIE_>N#10x?xZ%$H|M=dSc1~23KtM#vv*4!|e>f@+u z5YX98T;+bVyUytWwBDHRxTiDHZ_6`#)I!ias{{0MHU=S;5oQ_S+kl&xlTrd)4xS;$ z8jf+3Aj)tCNwUr)lgN0{%vpU1+rZw#Qq{uCUVdUJc9EYvDrcvo?CNV#nR;{gCmbBU zk|2@6+MwB`3Q@2NWDSG65{m{lQ4mNl=XzlfuT3Zr-;EUW0cqVWaedl2w&j#N^tagq zaS&`jD)~O^ooI2>bGU!hHMH4Fg2x_EAg;(WCX| z0&}1}hY=I~+x6-V5Zd^8Gky8>1|-)VosXmpi|U`QK>dgX$7+=*&I688(j6FtN=G|Y zmz0;eivvvhBaX57rU+=h7VuwoVX`jDCPX%88>bzTHng5UK?s zerFZVNd{=B0drLdg;LmLiv*-wAi;-$Natw|Fd$Y%3P30T?Gm1mRm+Dj&pd(lehY(@ zRiwx;zeH58-yQW-6Ez~(bcj~$ytCiWSOwhwC0Y_TLQfAaK)!~14UwSdbd#^=zJgAW zc}~%K3naasb09hpBEUIxPNfuOf<;G!*;0$__l&0?6rsKUD1jGr@d*Ca}XiE0TOcI}wWIUYnC+Rf3iWQIWu9KzV(Q`cCfZ9|0R}RUVBv(P4QJEzd+NNVlg20(j&3EdC;oL@$Kosp zdh9njNagM1ZZBCzk>e2f`*n&Y*e8R+v-sv~#8mX!Cxea&6O%5;@@Yb^gu%mWv}B|e z71<+3&~|Fr*CPlt>#*q?_|2nmkSI8m=t#1KR091YU`UWTt6E=4CB^J!x3c%`QrCcP zrEQF8aY+BR4H`v%X^5qc`F`myw6*ZQ3ZUQl(;XVL$|o44y<>@$@2W%cpNK-hIXmG! z`+J!7o+W;Q-kuED{(CdluGepHD*_`(aBIN7vnV>jy9&D8?&d-J`Yk9clK?UAfrTaS zr!L~v3}l{of{#D76#h;~fKvKRpb4g3Q5JCJ)n z!I{EU9Su7YDQJ9oa7*lcT{T>U1waX)C}|-g0;0j7^ER!O3Q8y#?wj+f4*OWwfl6g+ z&G%zGuJE8LHD3<-n?@fJ`q3pI>pp9rnp{YUiPuP?3S?f>$35)X^nXPnJcEQIKCaF;AJ*@XT-KjK}kZ=vBtmcxZe-3vKxH}1+V9G z!h%MAbsh>f&UAvz3L69l47h95DAOyfL?@x+$~dZ+@EEH)BI$q9C${ij50*{qR!%1S{{l_p1o{GgFuC+!8p_Sk#nTz(X_5zOiZZZkD)F)N2aDfI4!Q+ z*)T_^`}C90blU~j*cEQye9IgN8$fAkUMu`UM@h{pLMb31tj=NNwL?hU))pxu;E5lZ z=2OnUbRVaw2=FYrTawdl%VFkn8 z!S3j|3)lg6e`#;!3hKZx%HezN^6gz6_6}?#k?xK4rI{wz>N1VN_B&+|UD|_(K*P{K zBd%D`_?ck1Hq@MuIXKdN`NSt*qMU+#4PN9pV8= zhYrv2S%cxpJXW+{{G}kkf~AIYy1N9G@8?b23o@QDUdO)h&CTd01|2ua!>#-jyiaB9 z4%vMHBz`N8>w;jO?(=hbW2F{7u7M1B%VVab(V$HT42&uhiFb0ESUIMGOlYB%5&Tsw zG-DNb&psdXEIe-+EIksKyxdLaGi?iXa1PM^{LmO3H2Yx%@@gN=0kcLiIJhad99!yd zaF6l`&e$lD?9B_Lki|-cwI%j$bpZWaca6|kk#%Ewa=gsB)epZA6e-OcP+BZ^&xL%1tJ#mjl5kL^`7ZlDlhkejC#ueJ4x zyzo3ua=T%+VXAc{VmUmZW-w zu4qTx2wK|9c9av*M%Ao(BT3idbjbk2v#G(Yg(IpRb6pp7y_kRR(>>@}i!9{*^V!zVG|AgvQ+Z=Xx@_f9YD+V0D{@ zqLnS)Oo?~z2ZM#<*(B3bkj077o@``77*e}=8{(J~Y0podj6+;a_A79(n6Z?7m|+rX zjKgO1k|X`>6cHCtImc+Ie)$g|zAw8m?>S|zc5%1LoM?mTc3R#q;AYzYFyx9*#JwY+ z?VGUi;vBrxdM_;J--#wiVHsNDwc3A68so7VeSKOb6U2yEyde#f@1zf~FE)d)7QL{9 zW6TUY_V*!|kgdirN5@dfxsVSCJ5w>dt2aQ*V>8!<&1mO zvL*cp2On5UlNX^Dw4Kdsb5QgW*Y~adD$w_^d%2zy{UbDVUE|8vWzZJ#ML7APfm6P0 zB4H$5=U>IwGMJ8jN5zdi!)+jl4!DM0 zC03Vd(X}^|mh)V&XKBHrU|(sWyv~wh;-!-W2B6|RCA&P)QW6P~#|6MUXvu{fplKBN zSuqdG7=0$%ppr6bqjEjXE8?;5_ky&TF64Em(_ZvQOL32Xlm!YSDJQj}U&Q75QM@!? zYp1O5Wn>hO{v_bGq{cT}LIiC@Jb)TuP;+LAi2eMx+8@9B5nboSz?CSqF0dh&~< z!wg#+(H>P7-wu4JL=5+CbKcE+`%PH5r6H*Mi73$0P()~q8uiD0Had!t;bCzn{vTXS z?-2K=Kyo)@Jr`y2Ku5-jGB++I(2uD@<@e7wSln7j#Eor{#v%?uOFT^bo2pBjeF&GU zlZhjuw0B)0jYnq!%^LEq>t>7x%Z?2@3hXsh)8*BJppA+~0@32LHqsHbdz{d9wiDT$ zt#Lk16U^@+6nIyR7D=|ev}t}}vks;%)(_pXoi%YLBlllA{GHi|KFHCw6H(%|(;@a` z{lO21B|m?Mf^-QtEk1LvAaTsc*69H;#HPdl*J`tYOD*)BL%#;f`d^0YrsrG~GZtr} zzUsM^4!%yY{T)C6e&T7TpCm4ux#DrB^1hqsGcqqM&ZH88ZV$p=)u%Y6pjn6R*B?&t zcEfHdckEAe-n0r$M}Qi7ajNGd&~b0Ruo-zTV+P(N3V+8>Mgj;oT1KJlvJcP0z-T;J zMCyR!dgZg#7Q53C+si?uLII@)3__nd+7ljR2+BbXVEKK`5R8s7HKY0(84lp<>y<0h z7WXP^c||C2j;&B3sM+rQ=&_fX%C?7AY3!El^}zRE9Y+xtRTl&mmhMuQ$vXy}TUL#YGd zw{r*MY!n1>e=PB?qlwxF>iE(pk8~qZ^e6-Y_bWu^oQNNjUBn<@TZqff_|cNS42Y;04w5P#!XRQ}dSRM{+#SAI z>ps%8p~9^?u1jq_AX@>7Ir_tT=(e@ciqWAttj`A#C}KKGH{%bu*^GSi(DH@kz397r z#N4RDtk;4!jmWsI=J?a;QdF(!YQq1!rZ|}~*3jetpTl(X7}rhl{y+HLnJC}ZtJ$)< z_CKMlbGIw8h<+v`?Ri6si(wn#-B-^8v(WLOBSTZSbe>4uM6BTSOcR0KSs{0`GjOwi zO^p?AcRIcKLIVJ%W0d`XYFV+k5W2#=U_0wKni|uBW}0Cg7se-j*64>>6;@VBi+mh` zLPe{i9RX=UiDjqg#0jQ4IYpOscBKwWDLpvwOWua>*&pwqw-182wJza|Sh&CUryF^b z+Vx^5{@rFvP{GVv5`zK54ma*vjE}!j(0KYWHLX`OZx`E7G^#S=+7li-2#cLLZ@2_4 z&n^V~sTT!|qD0m5@}ZGx3UNgQR7ECint(p0&w47~b84bxqFQm73a0?9R-6c__hh$v zUMg7M9p6;`tZ+07L<$`+9*h*YjRN5J@`ujET%>T*`a~%imj8HZzk;`{%^Is1RaHQz zCEe1j{7f8}>PHz z>-N$BQ9aTP-q8e$GlaH-3I=+TOV+(`-WrPQZu-Yl9Q)Dw8eMvP%WNrn*z3XH3h(=- zg&4g@bCrX()wE87OK1-dDe-V!(Fqt7$<F!7ca6F#YwOub2+ z95_2aD3w{V;;>W;5pXuA^*TEX|3_bQ-wTLq@tJ68B=mmHL}AciPY88R|M#=e=iYs} zoMpmQL3-ZlH@&DK#KxkAb*`xs0bFCqPP=e@cHD5-ASL+uJlthqPP!;*`?>_|X4<}} zTesu{ouYWFt&4vD<7^{2@-SeomfSJEP2}Q@Ie~j9om$B=SFJV?JoH&0MyhcK{K4nK<&mMwUPs`g31% zfH^}Qn+r}kF}!YZj4RlnFBOj=o?U7(rmUGswIS}@BVkpl9m4K6Dv&L%3Xv8XD-9xN zHRXoNWD7btGP_vZtX%>n@B9PSCz_(1rh82ZJ}jJ~a-fOZcPG$^cGzgg`zhkQ4pIEP zANSxx(^ZOH$J3Vv%`imh$fg?hloLAYywlvo$dJ^dvVngPgrRor5yYtsJNg>T)`75+ znW#xOO!2T_U=k(*^e;XuXync>BXQW@Qo#>M=j!>*k#bi|FBR-F11trt3`wrw2XUZS ziuau^8;m?YgFT(y9crfXE!!d5Q%c9jkS*`w3*BfKB+Uskh~h7^*nZ}p!(d5@0g~0h zmsvy0hEhOgH;#5C?$rek-)A`K8uzplG^0@IqgN9lSP$n7v#nFyzoS+x+6&*n{#K=t zM5lIqmgpuG9U6!fKAHbA!v}3-G__vmaG3jBxZQ8GQ)%hZ7w%-dWQ^4gf)Q4o7-y&H+ z&&_Rh;}i$6-v*HIZdVS}WgarNTxo<(m@&1`VmTzJ*d!Jjj1eK)pnq|^)6v~@ivgCg z%f znM$o7jX@ON7G5SYLe`lA#E;vcAJuB?G-Q1CaD6FFhknW^LB_GP@}0_axlZcRt%+2d^RB&Tln7v9JQ{dS3XGE3xP zo_OvpDP^<^OP+!yP?GHvsAP>7&m&%O(_YsT6`8<+m15;V!u2J3EtK&JF}5U+sylM} zKkC5yxS^(V6Ht^_jn)424F#w+!Scjq2Vl?d;=TOWVJw=LA4T0ElYMzl76k|%%nKWR zKXHiV_8#wl;kV%=+I923?jj~`ZHvq>;OaIz4@Zdrkt87NmLutMI07#)L8&v2EQ%=*ZmCeWvI#y?nvjDmGl~WE@g*42wO3%aF znq_BsD)raI!3V>uTaR%;QHtgyocxl1$P$rDfrFw|YoZk&3?t2++nlzfaKN++SBLzf4eI?ocydBj zbWr0EDN}oO0P3f_@5;kjt&V8XIW->jo0}^wTre6h&8mgOPpab7snnp1Wzh57E%1@w z8-l+;aSI|n{xqu@Vc*U!hcT&s-LQlAED<`ui8KAyC8k4*nFuwlRpagkmrGm@jF@TW zOusvu`9hy@F>6+5_Oepqmq?ae_En}@SiFsWL!c2ZW|PFAf02cqusjei{+Zd#1|hWi z(Dr1Y47a3t9Z2df4$5@mwT1|i`bR;{X!X7rgcq6rupRd~p3bxhf>l6fOdu5##WeSO zo3ks(u0GA=uxA7R$1hjmKH!dasPeiph|n2UD<_F;q5gNGEcLEIz?~p ztcLiV7YeCGgMK3RVzwqTvjkO8lh8@tm=!uc{tM+XU{I_HtM?2q#oG z8y)$-O+JA^g_(!$ne&RY64@O-s!a5}thHNtP7`+Vgy9Mf|70zx<|Pr~BQ(J{BTuKOQ3J1mEw$ zm~-k~S6>Qozu#Sev+&yC)6_Dnq8|K2;1c$o0tYn$2e97bm*_wD+?YUcNnf9N91Zd2 zSW(%KRJUEvQ8^z-YJ>8l!xTO;4OttR;Nw%#t;0e1Nli)5@X!mGJJ|aZp@xCbiI4|0 z2crphdtg?J{PQgEpapz9%y}MOs)qg&31lMfDj)vkM0^-nEuYJ4Xfn&u*Afu-quUaU zQ7!=r7)9sK$>4Ox zC`?TW#}#>dF^_PS|4=;Ha)Q=XfxTaGWS*@+N1?s$MGMqHev_x`4-d?UI*iK1k#0mM zgR_kj5w`URey^WY@Z0!K`nPujz5sOFI|UfLcYlm^Hec^9ktqoIS@oRvBK5L<`PrYa zwM#ZzJBoRKypeMI9eMvvfhSP_J+I(JcaGT3&cM%Zu^jqlgxiH<(SOD{f4-F#4&gET z_x`OeO~#d$82o7lBPqHkN!FpB2V4Qp2Q|)@1|(RN=YUO5t!q*k{N+F@LBE#8!*k^Y zt}IU%>&UTDtOCTr`tdDRSvB=_uI2H^zz1=GA<+aNQ<)^{%wXraI9E^yI`&MI@AnE& z7A#Fz>16mGxgq7o1)5vqKtP o(;i?5&^{wNV#(WD0?p4cu=o_60Cd4l+f2@V}P2 zmX6Bcihsnw{oS8I;H|s650e0|{jKd4=X&TK{iEk>6IVkUF}J5{I8<3Dmd8jW5~PQd zS*S?8JW@ry57LC%^%&F>eE(t1x)c`kRdd+j}#>-UPl6Bsu^KMGGN=xGas&-Mc=|w-?80Y!9$QuZ;h>Vvm z4q+9|742?OtiJsdF1~!vNPH#SL_QK&<|i{=w_U8w%lrIbYvS~7k`1jokcmgZ9`_)~ zfy8Brh){z>R-+fBy0!b5+$7$0`6Qg>6n@KCd$|{(sY}2`efA*fv^3rL$BkSLdYqq2 zUb!8{{Ja4--jX$>?_nD%`0Q;8{Dk}v`54pNcmwsp7LlN=(PuQ;eZiI(2eHDkeQx~p zH`;Iu3F}n^_{kH{toRl}ep}3O^Gn^s7|idyo@%&8(WJBf%AKoh71n{nI)(w0*`DjT%L6HEQ7N z5y5U@C10K+%wdH_9}El+kc$d-oFhc!I!2R@52PIePbRJFu{pP=pcbA)mE%IF1opEXj41 z_VnF}Nt71{v;~Tlb^XMLar01DE8u4*pL1q_ygY?k5{qsK6I2FD>1B=Pir#4P8#Tm@ zoaJ}gm6PmXz0oS)!4N4zX>&WP8ai5_-L>7~v_Bl|ie>f+!Fb%ucspK*dyNFgiXQ!% zIy<|nTk%^QI0s@}Kil|1V^YkJtCqkGFpTdmAMq?9oXdI_VlTJy{w5D=w-L>|zY0CU zNdJ)S>YcYZ!pTJyZXB85blEqQe_l5DY)2*ZUHr(Q;Ts8A%F6TqeOGb zVeFE7&hSESNg&6Ho8K$e9UTKSw<4lu@T|xBA+({qoMsYQerIB~{sXFm z^S;=#T>uDkLBj{^?WzXf5d$CoI-2I%>Ce3G{e}M3Qa-%EjY85frz1uMXeZa)o(TL8sJzM+Mf)+QJ>mb=!v??qwxV@Fe zR#mG&mhw5p^C$B=dRB+^2WD5B?s9z1$aQqSi zSFFfYnEm++YS}Eb@pqNZ7qKXg{_?pk{l#E&=Bt0$gQeQAOhK&8e?0t)LOjCR%U;yV zP3tK#?2~K6Lz8D=h8R^&xfD4O}D@o#f&JngQiaHK1|vM_nZy-Kef_cPg;cp9TcOD4f1}U32lIkmY|xk zW^-yEJ`J(xQEKSH%lm=rsmS-j(K9|J5B=cd(8*R|{MCUpaw^oVA)Cd)str+t&gCwm z8HFQua)5pcNrBTU(;YQx<%yWduM4wr8<6$m01Xo%xBR|59ARb-dWTPT5X!ba5pqF4 zn&IMM*pNs5zbxv2EK^8Db%j~6o^j)I-ZZTYhe(Xn7AZ4v^7;V-<2lDuw17azm6$}G z$7K<;5TLAMT`zTpr?l53BXw6$#bUr5JOO!pgspg$9&3P{2}7qoL^Eo*5`IoyT;Q*H zzN@#LWbnuzZ4Ofl^w7-t2w!i0%~*9hHpn`bj{yNj2?kq3Ys4~nji@;qMP>-fQ9iVQ{qQUq3{V4izr{q3M6 zzCu4EbyQz+-io>5An@+R5a+pPeHh*oa9BhA+kYNcu*CgkzyHTEB!HNImin#mBAEPN zWb+(Om3V6?LP`cJ-X6s07q@?2&;s}gKZ*GJjfvao0}}<( ziob_sns|lPvWfZF0%ew!+PZ$=!0r@}Y9!;^vS2Uw83hy(da9|=&X2BDL{)l{J%7q4 zqZ$grQ>ww0P1csZ>k_;q_r+<5C#SbcnPkIFq{Bjyn+kDmG-Dni7XfFJpS`zX}Gjs@u7>UluwAnw==afp^q>L2=P>uXzG)@jt$UKhIw>Zr<0AOAyv22z{7AE?`qsWnEaCUO)7hWq$ zv@~7X9w=FujFK!~gNIB6I=$3_v?W7mAVdKNlTP_(xNfzYm_%4(T!@;70oL|2KX=h9 z0n~ABRGYw1@a8~Z03-In<4X@JvNY6P#|W@DitC)vgcQbpcKF z_1CyZAnPx_-QJX=9W05V?rxamKZ$sc=vyN>Mc@{Boi}n|(o{#P;b29+C1@(qQ3ZiU z5R&XXiD-I}2*UA0sqE6N@*(BfVBZN>!pN3?f;M+?$5F~tNkO@{_hCi@?D!++2+U#T zBN=*YVq%qTT~2d3Gg2zlVfO)e`LOEA$Fw8mWoPcNnp>}VcqZuCs!D}4&giLmNJj$A zSbYNeQUl$f4;4geN53lwZ2NT$vnY_{8YU-M8wl9BfU1M0L;^zuQXL7m>8?=&Z{y(g z()LF`8h*j(uKVn-B>7hGm>Xw>jSBpd$=cvLC+lb2R9i(Zk=z9+xOK>w;6MHtL1S70 z1b|hnFb}D9ClJQC7mi=B%|7U5UEOiBB9ZXVZ-w#8TcRQ)4HL5B>m(g2mq))npX1Yz z{G$d(=*m#F+z{!Ar7mk^>aGdiiv)9Bi{mTcH@MM{HO<-w>h6MaH^w!eRT`oc#gK!< zkBGeXcz}l@FTa55OCt3fqLL1SJVj!y~YyxpT4l(NU1WDwbts4(^gj5cAG9;wrQUqg0=<)d4NJ4>a^ZVJR7@@*c z6ttACgw3AGyfO1D?1PILc!8EAi|~HNVdO$EAL2|R-#_Em7cv&Xfk>ensR%2#jjFK5 z>b$JD&5DI?(i(~1`DwY}(&snr5S&eD_0Y4Pc0&(2L3k$`5(1DEDzlTIdM^Ip!GF3c-=4|x=fOKzK!b`3nNA8_S2K|)$X~kA_S)6{q_Og`!}HknSsWK@ z^?B-SDwS!hJN9trd)Y4J;O)iO^?QrtN=wf3g?EUR&#a0UKZSO^yCsq$vWmN_ljK8( zWagR`Gt~J0~aZ@&XLf@#wUUaTjaCtgTi(H^)BnVo4bq2955uC@Tg2 zIZkTWf;{D=wo-|MM3EE(e#t;?1<<5J42aWMq8BGQ2hJI>!7p-{U0UBRwo}$@HjN3L)e% ziy&0fj3?Vxi3RLNUqBw@BkOv84%K*D_@k?n=GH^&{4X6+n`meick0#@@xQ3 z)*g7o$;oUo*|@9Lk*jDhTqNRwO|Am3T4Tj&H?Bg_ zfojdy3gX$yW>Fi6CL;7vNwJ;ZisafRf0mRIvS~I&tML=P^<4(hx@BJmK2gcx#Sky_yDnq;_E(Y9 zkZjztc3ad9rpK@?v0B+B4gBbKh zJ;U7nhj@GhrGICU9vp@T=ds~Skb}0t6}Vhh=e(V?@40YE}xWHMFw$ zya<+8rg2rylNn*}`Z&_|CL=G)!Dk6nMVz(i@RY!T`F}OF2uF3~D@W~C4A0IrIV7t~ z^TDZX;vv2B(kH8`EUIazKA-`Dayn<(_VEd2br{TvrIy z5rZTg%D6+E1J!s;@z~%EN|+ZCr1@R4^p~eI36n8h8&#nhvte3oW99rt~*{C27=se-vI2$ z#Rs02<9I)c@>1l?O<(-4y-3|=!~ZJn`txk9YJG=u=H2jk&$n;3;$qACmWdwV#JN!d zv?=E45}~+gQkb}Nl1E31+|P*+-sfALM8buW>hKgnpw#sGHdh^3?2b7$MBFIcY;4(m zbj`6f`g+**V8jNOYcE9+4$if0^DeB`h1lx z#FpYU45WwXT%2WfOnE)%1;M8+q;jSAr7pEvL#I9!Kb#t6-N;|CZs>YghfF2Gc*0faV_?1)0?By` z!nx?<#%O=E5&znE`BfgvYE|0BycrCObxN50%rL z`3HwmUN)-edz~j?yOO_$iT9RoIZMMzpln$b_9??Qfmskp8wr}7?zr>Mla*hEAcOlI z&42Q*XVx^Gc>ie|{?9$@fXWHI;cQjo&nenwoM_vBH#4=Xz7OO1J2o{yDa{$lpc13M zi#LH}G)tp~X?g>qO!@aQe^)V>!OCANERJky4ZmUtFyP;IbuVvFf zawitrDx3lO3YsmO#ljMvGBpGNCn$@zpU!}OF5X~20_lsz?H`ViWNE>&3`?7zE~o8< zzu%1-NUHPP%Pn$(DZI-%PdM{S_KZV!xk9$^V5x^VMA`XEc48_(q&2HWsOd`TeR2?8 zdST+4BP&tpH+ZbyMQ6N$$6!wm=!26a`GMWxaI&Ud7Hkm7TJVbbh|~slcM#+ZonX=)c&!*W>tzBjb64E9!M<2?zY}Tx(-3SJy#?w(E3qu=IiouU< zJfNCH-0Uy5qO=TLn9^SN@$(~L(H!tOpB`>NCcWh}FdF5DdYAB+(=m$KQppt|?Y0!x zfOYe%&1gZld@EV;{Ujc)+$s)o%M5a5T$6(EAgYa-KyHW7Mwni;lPU$w2ByV{Vn;|_ z(kV+>-yzzGEO~6_AvG`v*nMey6F&1pP?zw`-4bfEJDYbfOg$GZ+S9^Ni>)H5_qpks z&BGBds8t6wgR!+6bNM1J``xQ`gk&nHY&9LC;9-4zoUrkMM~UGE&a#KblYA_sHVa{p zAtxRbtQB%C281DY=yD;Qw1veXzr-e zo1`jEC?rWy@N5q#*exv21=Ge);xK3&U(=o441u=E8xyK!Op72XDjZ4>E>WkAb8Cgv zQp`p>El?W+59zx+yvc1}5f~GHn!c=*_6VXTMWM1O;`HKs1f>!CyxYIL`{t~>Bd`<3js>%O}N5IKxc zcyx^FKD72aW8hr4fujrg$`PP2ojfju(;Ts7bQFzd&frruvX4}&OldvepW&)7<+n** zPZ01%ojdqjskm61r}i_GY{0xS>LO^-xgim#*wN;IPBrK*remn0klbp{$s!)A2c@sB zvizZY13oa+kEYfAB+z)2{N_hN=IgCezBl7Zvp%%?;_R08w{2bRO$EG0864xY&~wztlBB6BFE5G3W_~AN>=CU_P#N zvo5usi>B3FroaCq)iK53dB6Kxf(W0ma5?D8WOIY*h_dPB^oj>nSP!dpo5+yul zo|arR@+urvy_q@v0MtdM>4n(9*bg9 zQK{#l;iNOQ`(8!am71H5AfviR?O}*){~wU+;@z*VLe}&Nu@afeFtSY4k?NZYKK9Ft zL2UjeLXiIj0U=>)Q&rV{TD?EiXCO(!kB_5+?MYQlBcSKn=SQ~y>cB++6QSk39MJ2J z8_2ZgDaYMU)aXInD@0%a;?cuxWR}XozGE#>iF^}xc##rI_<3BJbvkth2x%(+f z5|$k|pPQ(VGfz=|sTM%#lu8?^4TdQk+OHkG9G7!Fid7rvC!%YG1=KUpdQPVv)L?tU z$Q-n@SpYAuU)HbSf5(NA3sSJg;aUVHCVV zGWR~IU9UGn^ctaz5qS|R3IDYaJi?pnPm&>y{`Z>juYXMB%N5XX!#TKA@bwgGr`U54 zL2w^}(_^x5WxrN80!Nb@Wc=^hc+8ymcji{>o!cxQ49MpOAF$th7r=5GaOX#Izjj3I z<#Om(7&OaauMPCNi}G%t<~cd@6Gb@UTL%=h>N&Q8+hIICK>}0=MsZ|YyJR3`!jd$+ z-WMn4H9J=&L$)@~-O>7ckzn15E&AqJ%i}^iH3i!C_SlWnmRALArpHrn@NJTd*8w|D z`{Mmo<|MwCLOuaq0D0x$LG^obdb0{m-?V1IjrlLwnkeBEzH3zt!w7Q{ z_&Qppi}r*UX_$%IrmBfh%5f32jOIG!MNZABTD?spH2y-b>EiqF9vuy0I<;}kr^(N3I$KG_vC-TOYjbq# zEuW=5;H7Kf@7^06^G*^fbxfA0L+2V7viDL)4(z;4zSD6t9C}^Tv0!F_*9<*$ITYY} zQ4-287OI8&M}i8&aaTDn7Lo>#Qz=0CYzZUS&39|tH85j;I$iYeufS6!o6 z+6KW4bsgZy>O?sI-5vsQoc`Jz$K?r;l zJZ6Orr9r>W}_C z9o>9VJb*Ec4R1qvBuw;a}%d`!WfAFKjf{6jC9 zoJjYvsTRm~32|*Zm}@__jgB?2E_9Vxy~P}v?a2#%C6nDtueex~*9Gnw*cMOGD0qFO zbTVPLBbw|z5=*4VA17$8jiK`Z|C?aGQRKZF6vR;OiZMZIcfqPCFgR~BM~ku5)9`=> zb-mGZ_Iiy(ID$MWYU5oUC4nL35t?-%%cAJoD9|IrCf3({4MFk>$SxlsizE!u?m5Kb z{dzrW40!kaIF}I_#Ob?-616{x8y7N(1P*gk^#!wclSnJw*tKA!H&VOcP z<#6hGkoLb1B^gfBHj4iDx8UDE{nusvVQGqz-pkdeYMH$U0m?Bc8z{AlX?F&0937`u zKRQ$Lr)~R!3C$?aWVtzW7gV1f)H&yrB3fz9hLxjEnog56ELJtp^L+X_3a?oawgWf% zb6l&BtHV|`>+z7Dk1{hK9qMt^Z3>QIOT)3rv^9y67`dOUYzR0yRtF%U4ohY%vzKRO z1mtU$;n^xkKEPQd)5wOWb=-^xL{_yDXuJr3bz1&f%+si%cO2bKrJ5kCl-WuzO=&E4 zQSL08b*j8_KaPkC@w;x2)vh=UdmtN0*nfMY)6 zKk?YMa@(OyV+{G2IKpvO(S&f`s$<(C{-gvB0+pT|G*~&JtiPA~Gb4SO#Lxo4;&~}| z;~{@Ts9`xT2wUXu#FSt*emE|>*~_H^Ra)LFRXX^ z^7VUlHruVBSYb7SP*MdsD;ZZ$=i29ZjK{9-uqyHepMNw@R9`KE?FfU#(ppu!XR~JA*@NGp@PqA>oiB{|7sHyjzJKC zQwNy+YR$l4ID+dW-Oqh%k#{_&t_x~Hw`n%s_v_|Hs~P;Bj}sOcK+i+G^RS`UPI!(} z7o1PN`9v}m@8{D}QR}GouQ$zY->cerJ@a3mFGD%IPt^Z?=}q=12b=cwBmX}4{vFhH z-wqxhQ-UfUj^GKM@_@b3Z~W;z0k6V4Awj`wBLU}K!JadrJCM!Rw+!ZyqDbNx<-o_3 zj?1cQR=*bq|KB-#?svUkZ&$9fd}jcF@N=c|L18HJr9j`_+iJVZe~0>ortP}dUO@Xr>l(bbcz_*M4KABmU-!Y^+ZHbJ>&TZNCn$0*QSn4|9r7%9`XTJ8-7g8THv!b8><^iebKcmQW8(y6bssOtRMbZr zugH`^XMTm9dZJ;|FDYJ<_UIVSS=RIAi!7lN<)(g!1%&NEot}(-gtsLyUB582ZF8$s z!+(1aQ|3E9?isI@ebi_LO9(&$G^mpJ&`eOk9oPzjx3Wn4VaCtCTn3HR87W1bWU|LN zGcbZ}{vJ#sRmY1}Xjx*)o~XJCbqa2_Sf!Rpx-Hyt#ublLVNf=8I<~5JRY1!Tqud47 z@QhZO(ZR&5D6Q@o$_H_3ErhvQ+LINvdl!xY74OAg-Sq`q5&+xY&V%W$I~-aR8rz|w3N}IpIw#r_UxSd z-1p}^-+PQ_5@*t7PDlN(>kS*MF&-Y^k95@r^?p)8X9HO0E3+YFmv23w+lefBtA#sywk(J+i8z8!pAehn+b#7h?ORX-PzCw0m+B+_g#yU0K?v3u`C{o z6l#y|=N31EE8XBo91u*?MDp{x$g2pO2GD_TB9b+r_+gi z8=w4lS1SQOz7@8r*FP4@DU$=XJ2(`RKEU0Bd-FyT=U$C%YgEdHVxT}8&UC^k1R5?5 zZEdvA&}p`*W$pEvpDBOK&h>@THR8VRz8hCoS04*}NlGJg!gBMQ48WTOu9+OGP6GK= zypwG8XDnc9w@1*qv+jkhurhWL9jX|0!-J>0H zy1(3ZY*n>c)D*+gznYGk`PV&LnXO~bTMN9;)Hxqu{y1SkKfhzOZ}yP;PiuqHzOlBN zk&=E%VYd4Z)G@*|UiWm*2O^*108`n-GGh0+uEj`NdoWh4`bf6`;j zBZ+eEJ&bjwR+nSPn(_vx8wC=?aE?tx`}oJ=rpSWv2?mN>RtYHO_t-F~K(CduVyRo- zagfvJ10)JF&^%7oBj^?|i~GVef)|0v8#YfiX5yU_N)8YqhloYosE!J0P$ zs(}Ljan)wQQd}F)XueuJ{$1MLM3$j6JIW_nZ~FFEIRzEfAhKelkoWvl5Z#Gm`is1T z>P7wAg=)`19M<9m=k3x&?!ozT)u7&b^ZH#{cmUSbW@u7qTSuy_MHTdvjl@~)I>6_L1os0sN0Lf-73v@V8z$3&kNweSW-6w zglEe(@3)cj1E0pL%kKnqkytN+iAG5Lk55*bL?+wKgU^TCcT>baTMnRhKU~(2o_4`g z&dk6 zF-m2(K8ZX3vpm%d$vpa0%~B0L_Hr;W+sCN+6d&HU-+HZo1`kJdzHl;3x+!QhyiO_q z$vVZn6h5)O4x*>N;C=)43rkk|iP(~H!PEUh292^|2C8w3A>>AWJEUxulGy)5O?nPh z&dM~v4EE)3Pax>Xs-&?)*vrqGt)cBz^T%VY|M_5=aD*p@W8Em?rZ}Hmm|xRSV=a`4 z%I*!AW42fO{QsO=yJ*8{c(LCokzeIYR?}|6_DO* zuxNO&0vAWS`&lYUSbVV6xMuCRKOO2M*v#L&6gLbfD{RY zQuoa;4Yv;^ z;b0;3Q@UoUtBZkqhW18Uoskd^Gf=&5agRh)oa3=`U$%D{9YXvNsE835y7nx!8#BjK zL}ZYjr=sykDTDzVFi_9O2JOIq4y?tv?cBR|L@_-Q&T%o;Dji0fM3jF9_85cag^s@r zPH0UrjYl74mz?e`5T*W`pws2z77CxC+2-JkqQ?al_cyzo;I0HX9){`%igZyV>lD^%XFb<(mj zgJr2gj?LY}ZKybbrsI~BztYO~hQHT-kcEZCujzxK-VdC_`Y1CvQWSG3j`a@Th^Qv0 ztbV{pj+}iVRJN$na?hOy``F|Lm{#d_#+cp@JsB1H)zPc&T?9`}>uH*hm_5I&52X#g zGzf+Cge=2kmffKsocZQ!V7KEO<2AgYf$zJs(3_XE@IzylsT=_;WI;3R3+cJL-Osj2 zndIrC34ORIGFyoHxb9A9TF`#8lh_sVP~-5*Wuld>ifoYw(`i39KY#7h(z~FJN9&>G z6~y|Rm*#O*M2rx6$zEREbuP7+mAuj?woQ$ss;b@*<=Z~2qA1&iPQ_Y%-fj$jv6<*; zq9BZLSV3MnvCr!pUADPTL$$g&>Mvi)9zj^txq$H{Z1sGs41Y$>Xci;U!K_C=77EhX zmUd@1SC|up!*d1qQ`$j3O}eaF&5zAdn< zjJ3WKYL@*{sG9gnF|)|DNdm^yy=rSwH5gcc!b04m3_5lr!YBDbxpFw7(hBxwf%=*O z`m>;fbn}bUnEOrrZp&`qXex^Qz0%|a$oEEo(pXS*pju%%=~s;IuB5EW)!T)fX9??c z+vh*S37PP@I^L;()5qcSpXEau-Tz>dq2t0#OfOY1`geqTO!Zh^>Umn+Z0y|GDVbpK zfsfoduf7T^Kv-VS`HkY5c=pG4&)TPMG)%bVus=*68X+I`iEEc=G5t*cn`GZbYb3fS zvL>XYt~&~P-fYM2o_!%4{rQs(Sv@>TzWuVC&J}{f%^GcSo(9sjfZb$d;|d9TDoNA! z#N_4yC8K!1et4Z&S&KqDwx2p+=;L+hCgZN>{rTwbi^ua9uPo64NGD7IS^R4Cf6__b zY(=8cdOY0U8n(JpW^o!t%myC_tlG_Jk>k2H{02W28jD`>-+-~0qkjhMXk)t+UNTx< zX-VtRZ^R3Ps}5*?f zSdr~gPw$mF_tT`Tv3Qt6N=DJA`?9&@`NOl63vk@^a@zS&R^#ycMFP}GC)BFcYZ}9f zr*LIJ#+7B^RPkg@Ab=kW0MwxrM!5yDUg`p6W!#;ZN|aGTEsNd5(Yk`D;XxdS-<~Tn zwo^;cDF*8UoA*=O3-8SW@hPKt!>K2(qpVWDw!*89Q7fB$w7KYu?QYq{aJ7cRhCd8m zlxC)LnI75ou^Cye;uncI?No#@aJX*)UA#0K5X37!;miBkv$oC|Hsb~;5&A8~zj^OJ zMvfcdV0>0vYisl|6A#k^@Q~?k9U6kmqhGZMF&Eh#uRI@%Ob7IRE>3d|B9@Yhf9GdX zX4(?FdNP*9jj+@nk9tYfmZ6+F1Fas4z+wv14hU&HLM!=!k;wuZ$@JcnW`}ok?S6Uj zz>AO=#WO!crSa@Xp`fK5ZnT>`OSHHzU1lzNMSXENJ6hnsv2wW~(!EV^gH+nF~UQ+X214U^nmmbZxgn-d4A&aTrKu4u;Z*x#*ky4-T-bvM9^j5 z9Hyyg6Td z=a=Zk+MF@MJy_D4P)%Ta`L?gLwVKx(ntd6u@4d4VR>Dv6q{iM#^zcyH$Cm3vHnYa(YLmz`o1NWg%@7c2{g|rxk<5>&a zkprHgj`@fz-{TD>JYhD0u9&2&}u%XD4k%Bi2quADU}T zeJ3#-9W6z*Q|_mVs-oLbA_?tgb*oD|Go398*hzO^>m`tUj{;}s0ThP0+m@Pk!NL>O zAW*5=L4)H3Q5PTfUW4xWkMAm20)#BY3rb|Dj>{8rW>9EzOl8gUv2(2n;g-_r zT6NhSYCEAR(GPMnY{YD!coQ-jVp3_(L2gDju&pnvItusFe(4dT-}}T_w*4NLU<)Hc zB4#z}4m&SLY6EF9PQ$Rrzx9uU>=pSDJ=Yu5OiWBl>F7R(Gs6Of=lH=_O+~{3MYmJE zqlWFC43d9J2)B{*7)tNI-yXZGn-9YOg*;cwHUQqwBBS)@NJEOSqA27g8MkR1Ncl6e zq-{MNETozCd2Tdcz~R}(zf*rSz-h-JUGP4Kg%>1C^WBlI=xO^dufq(@_ha8Dr|bMj z^IwG?^HEmGbDVsy5y~fDice55>TOR-&(#k+kHATjGh~qr$~(j{fuXW4og@*WcgOkNgD4T5ZLRE8f)jF$bP(tJD3N3pk3JuAD_tgYTKQ5O1!;9ft9k7JBmd4&8WxCQOY%uifq z%@|_&tkCE)hV3#+)UERm-=othEV8ZKWGIwH{P&anxBKfImKIhl|x)W2o3%|}9asq1f)>_|nx1g{VH$Z4!5+6&5x$p^6kWuY2<}u2D89I`}mq zO3mC}p_OVg$-Hr@dMn2>&ac^h#krQ`WtTpAJ9Ns~$#T9DS9~)EWbpq>8=tlRN+H7i zt2!Chy^Rkw5U%4rKm1$%^QP1C)w-iH`X_fB?G@DhAHG^AZwJ9vUJ(jABU5M|sH92|Vd8(fiAdRTDQWaJ&GC!TmD7EJi#9`q+T>A8D+;(Ydq)ooe z_lbZs)gLYM42_FX_cma~G;Yb|o;2Wfp%K8;KI@w4N3V&lL=|yhc2u5s%T6EI1t$o4&t4oZ`@HrProcIA0_r0m=qLFt zV@%rE6CKaku_xXHbG9v5j!)1RT#gchoQ&&q3k&}HCQD@yahc0J>(ZcF6sONAjI~b? zIR(gJOl9Z5Nw4@Ah4rjDpB?WZ_v}{1%7irXJ?aTrm_o$*+6FQHnU4u=PV?nN z&c3?dLiV4kJw+Pd@7khAl^?A~nhF$c@UG%roq-m^%5&5mt35)q;z+TILT~hDM5>UM zC+5*d?c67Nqs%3qf_Q^gvCXz(Z7vp3E|k8a64g6NQDXi^??OWjpk{)KGc1|IwEh%W2~EK0Ey|@Wp!2udP2gjkQUSw4PR-WCWP3 zU7MhStsHL$Ny$@6(47=gs?mLG#v!O)RU?$^C}M9{4{I#0e{=qfr>?ur5{3Rf3hR)H zgi8rYJ#a~!=}|1Z*0;lT4!NNbtWIqlSlm(v&3MbAGyKm=D)v@as6>L9R9%T?2~wxk z+9&ob)zfh)Tm*ZP%w_JtL8(K(rj>mlP5;5)FD9K0&ZW=Jq`f{7(ILz6!n4O~;Otq? z;z`3O9nw5|m1;-H!pb`5-e#6JH)(#w|5RCZ!AKywb!9NyKriFE?GhsJoMvb_9NDi; zP)Z2o;~0!yKkI%52If~rA1Q3R|!pxK1ygf zj1^gPSXT=zIq-aIKToKjQlmJxTk{X3cX+%0)?kBwr9x2&$nM<5Znfi3c86vzk49uv zkgQ9x+#AvEvhph47y6feK`x#UVouPSFo9(lw6tYhj20bQ9o$vSJPG+r!1`2YX}eov z!a1FeC05s-HmmhY0Mshk5mO+hu?ot^&b95ss~2)8Tfm;brqT2zF_>P{9jIB@1RgnG z{f1JoNIGvbdCSwtf@>8%(Bfh=L5iLqTm{m}9Hdi*M}Rs5cb^$j7@mF5}Bq&xz2< zhtCDk!+Tl4Sn2r530NcOj#4eVxvGpWgJ0{l>JCio&j${)e;p~GF(GGb&5u)2I(|Ct9^fj&x zC26ha7%G+<)?5L1_Uw!U4cx3#s%;+V{F0I>FCNZfZ;+!_!v19TN2Cw1WadBo{54JZ zQ+|j?#u;by^%>Q%cP_tGUY&M}5joRASL8w0H;ou_(#UVe{@8xcgXnlX9}f01#upW# zk0REw(4n1~$5Z4DIi~MZdUVwO<_ktWBgK`{P*!Os_riOYO=mcmv6u3$J(8Gc9^z>u zf$r=^n{B@y~sAGJ-{0$MsL+>I>syl${~p-H0z4966kp$ZK;S%i!^6cs1j;w!LkL8OnOo*KPEIQmW!j!1KgiSx|)SNPJWJ=f;>NZJS)m_=V-#L~URCVcgW=*c|ZK|%+Fg%5u!;AbvuK_!5G4vSlr zr-Y$M7$EPlZEFG#BZXp1B7;))Tlbd*+#`DKsgP%*uu*sywLSI{h}Y3>`ghX?g7WuvirVG#57JL;}FedE?WfkelE&4+SHDT#=__tXBkM zGSTEwN*eR@X=wM0@4upf1f4QwjvGA+rDCzoS5?)?m9-pGKKYJd*#x`OB36F{blVQDO3%IgPJ+IZnwY-QN~R1HJ}b8nQV}!l=-L!! z-jrimE$i$cq$B~lKPQGVVq(*xj-|qfxBXs^fw=}+61;X!dYeA{Ot{WE2xOmds2ZPN z&_h-8mrB5mmu0ZQBY{$2!VpvkDCZg*JalIyq~h$N@`gy{h&aEJ=N z)zx056K#xDl7N@#cF#v&jNWZNhDac1j<3eMc056pDN+vs_=JSJ{(X0}Gg6Piwnj10 zc;q8Vj#$Z;evHfW<9@D(34H5FU$xWXLkM$~xuf=_bPOUof5>hRzNcD*ozs7A@2C-7 zs%~$hTDIm`8Z2hUmESF}Er?^~PQIZ`jug@jm@cl$eu4t_YVs*DBULB6#u?HXty@w#?Eux z(vDH9cH*?Hk{L{hek8Y+^>OIh#Zfe)M>$BdEQ>W0H==!y%@ZS;`F)P~fGLr?$>i7d zCLYz=f_~TeW%H(eVJK&$WhXg_@c5G>gJ|J(bH1?#rQ*=4S4{zV8I?sHlp2 zN*~@q%d=i>=2@B!CgYQaz4?VL^=(3i39#u~tM##T5TfhKW;EgL@&0_;Bjj6PV7~97 zQNUtT;eJS)=e8`3_ZY*64Fa}($IP8jV-abRljL+~12)0w@o((+l6DOU=b?qmOlV?Rp0tgU>Oq?&4UFv(* z4%a-t5Zr8GNnry-AMY<3khc9AGMsMzS(@m%>eg1W;%Yrtst|x2bdxhQB`I5swW%fH z-4|#7;Gr*qP8zVxpUjSQRqk*d+$SgPiKFP)4c(>Q>=)@hC-{Hp0|kJzbi{KqKGjdn;M}7LyV%5vWZt?A~^R&Elw)g~W#n26Ae3(`-{S7s3_!In}!3Xa)di z?0J{WWZ-Jz0lOLt*+2XNhw-d)j4#d`DyENBVJ)Y|H)k#2rO}L=c^;&WEBBoeaTuRVqL?)!0x@Y5{T661uxtFp)W<692=^%vV*D1S3BS( zJ86yON5Cz9HYk?2aYtw9B}h z75R4_n#3QYFu&rz-;*FLWB_7~{U#{md|6v!!vC_V$15Jdphka~C##DixfiT6MLsb> znmvS=npW5YN6}_NV?5`-p`x>s)N1F{YNaCfy}RUjP}v>MFwt&JffbDk`e8wiw^cy$^|c3KLITofV=RJm&Q z&YI6`G#_(t@8iSW`94o5Wgn6eI&XOYZYrGUKeR&fc3cycEwlSm0@C5#o)VZH`qARD zK1&z4_x!&v1u|NH;x}3o@h-LrLzfE(-74aH(f^8D=jkQ=A{SRd&dj5DA9+PfYBq<% zmZRammp#-nAW&3evWz&w>AWdLDdE=P#9q?Yzo(prCy1umwOTK)bFNxKfqkW_9GH&i z5mwtWKNS;CG;{nF%pSkaLLo>q6dDfEC;=Q`R%ZD^xHdO=yf1iy4$wo9*+J=$_25x|m!`*AcE+rsu##2~1bNah5c6%V6>88{|B7ezW@? ztzVjZw{6Wk5$y#MOW=LD@^~amRzxE=d-J@mAYC~?p<2L zX2<7G!O`|>slU(lYYf9(>N+r43*G<=FKZmO6FBPnkvJD|e#qZnj)GKAC{M`0V+%BZ z`JYm9D{E_1Btczal{A2i8mwvj*SwzKjHjwukF?d=FBeVDk$DmYPw+P01K>imj?G{y78s$61S#vXKX|a_JZl7JAnf`UQFByndF%?tItP9L^W> z`Ru)~au0ue;Ca$W!MBqZBTrcbyleUcADTzd>gwmskUOiz8l%;HUvpNLa2VOtf7qB8 zGEaaE;1c&&Y1!Twr^iPw3+=7Ha+;6vyq5CB61Hy3XKnrdH{4eEJRQe$y4C%=-U{n% ztt_OF#CJ7_E2v4}?m`~4b5b^4OO?Mz0apJaL8OCH`$d>1Cphfw+L~Sj=IN#ZWP`yk zKlc;0={U%+Gp!on%9i#s8Z(k*%Tx)q1BmHDL>iHc5n}Weca#pxZC9$l2f#3NGjW$P zz-Ayy1xvLP9z3bFgI5S&Fb>JjX+`H)+WS-gID^ELeL(37rUoz#nnZBWM8lJ0+*@(s%m^UNJg5Cd2bTUZs`LTd_c|(NuT2n4 z@OYAQtTsOHV;zc(3ac-fHifF-2!YjL>UHJ+hFo9@M}9R~ArG8;JK7Ci3|HZUO5CEO+ z$3)@H5NqdSg;NecvU6LVu5|#yAl3TYNaa?5W_)r+M<S zRW>m+tj%075kh#0_U6)RQKjbCq=OYE?Z zy}juJIkiuz&X?`8{I!XT*!$|$0WoS zG%Q@GBc(1ISVgFuH=oVn@6uNV44DCss(CgrHxX$UsM7YVr#SM6I?`Ekvqj8^-DY2u zuIj_ss=WSXU9h`~rOBB+6&VrYgCoamUP-$~hGOO0=N;;w#kz!>gst9J41s>5m`Oiyek=dgxDmy)b}5fC}T)!)PA;*0PqA|eG2}E zq-Kx6RNie;>bl5Kk^(?eBp-tgK-NG3`zbcRgQZ$DzzMRIE_?L-0|1`be76xZBfDhh5(qQFRtV zUzGNn$2C~+6ueQ(LMy~>Y*&3VeyCG+cJ~mUu%{NHl@>snAk)2C06V3QNn>jRm1i-f z7cV!&(#sPEXSBEeZhFz^CYBJq)9%v7xLMMfd2m?`!0oTmvyxzKju`kzACFW2K7wbJ zEX8OcNX$r09xvGyW0%%se3JmuV2fa@=40@(kc^5)wFlt}0Ha3*5Y4-Cw>zKh)GwE7 zv2WQ5S>-)x+z0sBswv#tWXE=YZROK87~ax>)T|G@G7n^cNiFyt6M6ZmdovR8doQ2c z3Ozg=t7|uSZmAIw8|!&WduQr=`N6W$QEM%jtak*y0lFQNr{iA8uV^^R`{E6*WvuTA zxIBnPmAWOve@(fgDhZ5{Ren&4{)*D}dp}~RcFaJLL+!4zMiRSfFoME->@T?b&+v;m zz9_}g{9b+`5S5`h4y+Xz1hY` zoV#K4S!z_RBS|^HRP2vck4}Fi?6)9-g;ziDyrlblbWgbuW^R-a^iEv5QnsZ4b~s ziy7uK`-=QEjn`1-s9Jhi;`>s)OFEbY{F{b2lIHqCjY%anF1BL6`=C#fm;8T{xf)lA zl(GW107B3%+ZJWm9;VX7ecIzkM}F3FCB|+8^m_eaj9`VAUpf*F2xf@BZ zrU)J9G9X~1*YlbG`6E;7>TyX=L?|=Dj1dSSsngmctNSJMu;sa=O^q7F$CjBSGKTq69qD4NBfi0a#>H#t%B`fO?T)M2Z#_CsSjC!Lufp z;^xA~t9K?-dknW?5I}T>Gr(?ut+%3&er^`ydYqy*pQj(6Ty7EARs=U;s&o4po31OO zg7M7wWUb7_3J#97S5|2 zJ~o_HN&E3e!wfYHFp~{U)1A;o z{F^v@+t7!rZKVDURvF`DLh8JlfajsXwvQH!u@7@f4`Lj^^;u5RdgqQ>#uk@n=_Y4S>Z1BD+ht>}hxJX~6Q@e0RP5M3z5E9)Vd2;{Rx1 zt&;{~rS7fP0uKw?pH%R;W(bhOpzckWz0D3%M?Il5fUO8TZUEqEta=vklqgWp(P09D zk93Qk(9(0Ha@iH>yCvATo$=p6Ql(#{i$1paL5fyA`e>2lRR9voK^`{=n&7hmK$r&- zZ*KoHui6lN>;3dQZ*E4VQsBXd;^M9wo}mJ$sT6#h>p-MZfrV)m6-CPzz|4Mz*wu71 zrU{-UPnov#KS)!Jr(p?Btjp$XsWSDZd;W&|slXGyo+V~HnC{ua?2wYS%ueBA<7R2X6et(Jo%|Q zx6*57$5oY9vreXTYH&!rCj--l?oHX!?9MQ-1N?hWM?Q)EGSwqzj$44aKBjlw=eTXc z*fH#?@pWRdZePT6_iK=2SESC$Y0MiV{Wn|=Pd$xAiPxSApqAYqf}Z`VxyJn2@~ymC z68PTf-BZ(6GI+pZMXWqrN+>n4TP9+?{~w6Cy*MDYd`$jzb>xjQRevO`xI?Vdtn&!>Hhr{YuFwvq67 z{rFIH-HD7gS`#1nkRq8t;!te%3GY0BD2P76!^lya`mivFn=a^tk2P}gJYF*x_35;h zTz(HqM`G)o+@sY%_iN6z_{d)BZ0G{tHK(w*xZBKhK1TA!jpW!SGFWMnn$ErP%4XJCV-^ zYKvnB>2;O~Xv#)hKci+!=M~l~m*;A$SD!e~wn5$Ziw8LjVoS40Wn_5P9i9El#+HdH z?UXANtMK}5xc};7)E=L0X}umpdMX|f2=h-wrMr`!#V!5$6BfPSq_}x1V!!%0H8n+^hJLDb#R?*}Ap%+ql?jl{EFNpm~q@Z|O zlzHNUMK8bWn(h4a554v`M6!6?T_^m9Xb7aRKzV92=17$H%GHYs^fX9`0UD8Z5RKom zm0ACG_r=VYVRDP4Jda+=r~RHJN&(MhtJv*&Bp-o=`U2qj_g96SOY#$re7sou1-bsy z;Jg6lG;YRz!h=1}hsk&U9@jtR+}hO(pW(fCJIE>j_LtBj zUhW(~zFisRIy2%tw_bn;5xCyuf-gUQ{!4FG5t#j1m%(cUUgacAejGZ}ZSrf+7Nb7g z&I1bWKx4U~AvBDNI@}VEa?{a6NuY;O^NVRjz2P*FGyWb_cO@JY%G4BZf_fcB>2v9{b=qdk}U1?`Tj8l~m&hmy~;(Eg4eGLAW5e=cRr$fe@{kAUP33^8_y91P_1GHk;V+UL}rv#uA~cRj!*A zRV2NAzD6&w6ExrfQ8Ux=h^B1zm>L_^fbN-)(hy4Of02aC8Lu>ORtr;-UJRuAW)=zV zi7m6jTs3W~?1g3boaa;ZKUm?Ms_V9fp!CPljtLpDOZSIm63{@3VIt0fwx%W9F0X2! z#8|v~5zoiZw;LR!?~8)oZ-1U^w;;1Q9^qN^J-fPF91VZ^P@c@UB|N?{g<)MObrh8TawzFEBX5~crSFAp`C57B;XxwgSt{5F1`yI32Ca5)*eXHA z=xRi@)RedM4D#bbW`9apCp1qwNTXKsk?3+|0(A#2g-jS_`8_O}X)D2N7F8#hoFTCj zP7GZ5Nc36Er>_{uRLy3EM`0jHQ>@z?8wKjm+lm3D{ZU3_%lcRA(*Xd$S{^RBx_60o zfv+3d>ND(Q6}|F!iDE#^`u4^5`ZpsHG-~fNr$1uF5%! zR^d6579gh;nyT(=)WT=k8wFRHfmV9yHosOb6-4uAs!Kk+jgU?G@Jhu{JCPG$xf95J zN^qs%MUA=>vc1^YXbjo-pti#kKxVf9mcx)H7GMx6gGGTcAP+wKL{xwb|R!{;z(310R3b7sPeDFMM zX!*!1w77rKg;n&wX)oYu+QVRQ?Pgb9XjpTJ{!>d9<1(MqnOM*8wyIn_kmc>L`g`i3 zIQhCGapnmF<%zOD!vLB$9Q+-)Xt&*HV$59y?j+)sX1E5Zm2BEh+e19hk$`|NC{;<% z-!5YG!$&53nikPejS~VWmsI0IynlJQniu33(SZLadP;&92rZncmXGYArm|rNUM70V zm9ulZ0YovOdtF}-2V}>cb;KfCMe;tNN}_bsK^=|`{kTnmDk)mEkhWq#&`YFt;#Z#0 zfHsmscRoys@GT1RwuFEP%=D--MMK&86nMhH%<0+y3jJp1ra)Gl9O=wL>Kx`;RiNK% zZ2r%hvEBAL?EVk0fzd|s+)236s)1k$p1p3%F@xvfh=s-cn&#Ax2MxFjh_J@NFIx=A zd+9Nvzqe-FeWG}u(vE!e_D>?x-`QkZt@7oWv(ZtWC>$Hg%&jTs)zxkl2apI$f2q|a zAx_Jws!AGf@x15G9zqKR*duWbLOV0#-G{kSj&#qT))%TT{x>YKdfTnYf>Ryxci_}QoKr**}8vGFhIm8^smH#sLNDWhlpZ{#whWn0$V44uNI zI~(_z@%$c@UB?ZeXUz!Z&6?(2wO?-m;k;aPeuvGpf0iz?ClnY9a0OcQOb~rrV^P1Y zrF|i>1V8q!VaEs>yW`Bvb2|l4pc{P{IfpU3cCFIa>DOr)VJ_q0v$sE&%|gU9_&XL$ z|J8%6$Zb}%aOH%e7jmA5H93AvJDga+)f7{|^{$hs`{<jEA1K*@6!GT5$=f*BX$N z1Ts#W(Qn16W?9(zcT%tE? z-~fu075SuEDv?_FpLNQV=g7o3FBLvA*=R-1DVX^U#Tg$(=EJg*vi|a7y8Ou)6^uK> zsUfiv9O3|;iLKF;UA;N{PR8{@`K$vG6qBHhP|Q>eqr@%sOznGST?2vS9S0EwquP1vnsHR*@@DBSC?n-RB`FQQJF~QrQm-+P+pwGK*0*&jUnC93 z5IUs%f&(eNuJ3G!*_lOq?q9&r)qw7a4e47Hh4%x~jRtRM;1B$xX z#bipPQOQH3M8NJ_5&=C9qLuQYk}4v0#XqFb2bLL?CX`v;TRT7yE^PF<7vz;xtDb5( zCXCf`^Qyz>Hl;P+8+2rUw2s08wJgnGfB znHS+Go)-aR^y13+Uf+j;8gPKJ#I>*rdBB{peMG|nNG12#%QlyWJc3&y zV^ksd+C>NRRU$L0ykkG*oS2P@ndB6cFyGPy>$<;uG#26=+xPSv+418gMp;@vXf-%!@D^+MZE1C3h#kzx=B)g>UWJ5_fI#gc+>_ z`x`e~A{PJzkGvS167XoiXiChC9ZIoXe?VccA(wKk8lSDmCr1#Ix@q#Ly;T%&7RJ;_pZJOZZ`T;CNigcqJ`Fu4Z8|oZ%ss>#eM%O>>D?x$Zz45TM)1>X#-jN0* zsV(^9n{K|^T8u1`+k<1O3h}1IaN7myD%2fXbV40U)e|`$ImbEQy$ma@O~~l+@_RL1#*Uuo)L1cv5iLsve3_?)dmryP!YdG40^G(4`yd^y)xOK7`y*}+FrwtjF zjRY_5eJc{(Ncqv0#uuq7 z+gK=y?I7-Q56T)fDg=y(p!V~k%2{VZ(wOG{}GV%qR{nkDU!;N4P0`6r66=HzjIO-aPQ{v*k(By`pzm2$XMK^I?jLlAqg zZ&Il=Pe=xLtb$EGD}l`2w#^2(l)T9oGl)sW+l+5F=&07;{b_tdUh1mMPiVF#1j9l6 zt7{O1z4{nk2~+Rm$E4Pk%0)1iOu8kLY1e5Q7`ZaWD@=bQh|mo45c)95m$vU1h_ z2wZrDX*g z{+6J`r9<)Y;g@qX-VyWB5?M=XiqF1jqeIZ^@p|3~^|V|>-{`9h zu|?Z7Od6ZX(UCJLMsfD1-6_t^g>SzYD^Yl6=*g?Ir+Z{ta8&Dey&I|ZrDPG$v{y>! zN*>5_{TJ<4-)GK4v4s})-5oVT5|NAI&md<#U0@QKh-ZHe)AW*=N=$wuH_RMh<5K9a z6lruJ*wzAl@~vvVNggmI>(`ws=>4mtWXi^(lK7GmsjPK5YHNEp_7S`mf5iG?7%OP(u#tN!gFtweDi1bsSoyqmk6z}^>{#S+PU2Ae9u3s~ZPYwH zQ7eL9py4;9lb%7Ukb2Z;Y~Y^78%N+m;i#3lnx)kiSQ%kqJ@Bl})eA%Ut;d_+`0)*@ zq`@M-$Hm~C&g$BQei;6m=R-V!|GbyeK7i?Pk#3%mvc1UKeuejP74 z!m5I2+^OEX@$t0=-`kswnt;=%n=fddwB=;5|Bn{S==8TGL(B9T$~@Uhs9Gi=Qi{FT zLS@(My(=>o37WZLU6wmM7O{&N?`ygnY@#v(kT&|B3p6-<&{Kc<#3b$sC_ z_8upn6aHm8{U||kfxd3nDG&M$I||3a9=$KD*$KCiOw^N32YMEw1t@qTYND|Q?{h~= zJ4XgPN8Ejr`BsUg%1C3}LLXEAJ;v!fvPEx~Ihs(lNg+^miB9{ITr$YJQ{ol>)?fx+c#ER``ZZT@vb7nO~LD{G9+RC5{uFZ-x#Im96YR zuivK*-V*rk$k! zyMywVyovZ=ds;Nx1l$Yh@_g8bZj0o0EW7=(PpXnpc{d%o429aGy4w!=q>$_(DxkC1 zbXledny6oiL$Q@>$7IGV3&XJELa(W>o^SO?gUCdH2Hj1TH5HX)eR7|L%6`*B#;CZc zmHsPxO1@Ud`(U$!ebhjjbY%1X{jzS4T7N%z`!JR!?afPzd>HL5jP@=iel+PRz%5SDN;&G_^U_%O zyVVTEctwKVxNK5)8oCT__0)+lH-{1nWCToia;@1_f<%WUK@r07hU!+w#|fO++zctd zx)G<*>RaPfGn=BKkM+A~Y4Yh%6?N~%+%<;DPxG;*Sb!j-Ai}TJpOnIKkfXm@WIGfq}}YUd=Tf%`Da)mJ35DJsMO0E&Y46mUn~I)m6e@G9{g8H zLkgr5{w9im+YNi6%s-D3eoGv+Bhq718L>9>l3RK$$?NyA41Y-e`cW1S;6n4L)%BFG z7rc>X*qd31ncxtq%dA8h@stdH0=G8q&Ow#Fk>_LI-57pBM2=gTKt7f;pbt{7#65gt znfHaYH#QnP;2;FcQYGY~&}shXlN9&oyp77&gp z{^i6%3zTw0L4)~ZKD}}Ugh5MQRXtC7u&5K2$S&CemgJBoTkyb&8LDnlf1(h99YH2u z*2haR$t5*i!#Y-nIHlnZ;_Jto;C&5US^)jgCn502TTN`|^r0`^fB;95@`GitT*LSZ zDqI{_=X1>}UnW#tsO2?hBn*bgH7d%l-FIS(x9QT>b*Asrc5)kMMgJ<1(9!yuw4^(Y zn6vjl6#qr!@H4*$fzC{NK>;B#BI2OQ%5a-K3G+Bdz{rc5h6^~*ka|#6Q;y^q`;_$YS;LX)Cf(H z^5$(G4gXVY4g2Y76J2~G1Ym~Zxm~~uO*9e=UN3(?5K#-{+fDgIBYiOVC0O`N=>89F z3UZhbp_JmY$2a_o!rAMMKQzy7QWH%pft!`-AJ4HTun5QB;sY`cO-Yh8qLG6`zpPIr zGO-=ho_e8x-~Ed%cWm&KPx)*E0UIdsoR6j=(8ItU8@1Z@{n%h`0Kj9j&Vo3+7s zK*GM;g-ciVxO|@VK8XYWsDs!YE#&imbPL#S8sZhwBF@bFU5Ek+dzewAqTPn}OjxI4 z89DxXZbc&`kzDtGmJct8yX-hN#y^qpm7gQp{55_sBi@|8sI@3cviN31*2gN5gr zR!ni#gm6@Cs=&0cYfs0V$; zvQ&`s2e~f#B*B>?9i5+`vEv9b^|CH~xg{H~x?JDu;}%-E<4Nbm5Dj(9S#9Ww% zhbuU;lPkYBTH2d%N;wL_3{(uBaWK8c=k_TgI%Gz@CnUR_1@0Ric>wW-|Mc&a#gm|V zGeA3zvU25N=`1MWY-JFcG#P71>o;BJNBg=3Xv}e9RR)y?gK7(rSFA-_YhtLjkGO=< zQSK$y5d(iy6iF#F->yBSfnj125F^oFcm5h)VBk^o7p~cn1oSXAVb3*aeS6PFb~Cx@ zr!;=qaCqE4w*=fh8-@ll&te_kQX;-TX{eCnGn65tIWxE8dasHy6!%xs?;1HiDF~km zz-R;@}`=8r&kNfQXgtae43SMnTHoj{DW^1n2Az@ZV_ zZul=*cd-iSTwnxX?&l*1FvL?%l$|WolLfg)rTY?}o3zRnhAjvpCUc+<0CmA`dU@yq ze%hegRVHbS?zs5D=BzE2ZL%n$F|IG6*$s9>i{E-}my|fR&11X|9)(lvC)`4gW+`9n zoVe#@{~?FFv8c6Xo|vi=s= zFiu@3o%v~pysu~@q z?@IYMRF+$pK5PbborGpCcWNiIOkcH71#JX{WeyeJRN++L)n8rvC4lcH%G z8tKv7Nu-%np@NYUkSOa3fbdzAK>{%`w^9AN<0M*8Ja8!G@5@U4$k{6cJy=20*V1iUxbt718oJ_`+=VvUFRm@89ihc z74)S3ez|fCda;z#MMwFk1HK1y2k1@F*qr7XV&dNsZ6+YmS>64QY(F{*CKPX+@ykaXcmeLCZMxB>%ue^ebq7B$-$eS8S4z|g&;$n<8V`| z-5mC#OhE?msfm)Z-=;w9nh1wTQekp?oe?<@Tua|5O|pbkjK9V#(30q{0#|LeAENt| zbN>+9WKbVIMc*g5jf3t6%6Cw%k1Q*an)_cL^UwZ)vx0XGX zEW?)|fNrHIb<^%i07XFQU<)Qr$gWG|zGoeI&%Us)gj-A{d%7J@)E~Q%9~s5 z(~(?|B~?5qCkek|K#s{NuYDa8<%*Gcya}82O0)P#k7dCo^iIL)0-rKL>EkRV^Bf2}U44Nw79-lDeIr385XwxcZxlA)IiUULB+ zthis*Ef#kME{f>Jx%&s}eY)Sm?Qlb3{de;x61W(wzY!$pAefTsLg4FH|1R~hy@m3{ z5B^OS5G8&x7Z@ju8_b8#3Y&9(P5bbSyRJqjBu$oq2N91}yOm(D_ZOBaM;-*H3dxOV z;c^l}OXg-zgNyOo1CW8T-yC|EiTT6~QUT*yM^Mnl4IsIO18sA%}>uthsg(#sN_b^N11cajCWzOoq zNH*~*&HpJ{`-;9KXdhKNxDI}Z3%j=#>x#;mud`q1p6Suv&%VaaY4Y077xsj6)eKxR zRWdamAzY?VNBC$@#O62Hm)-s!Gl*qu@V~Y+o>wG}gy`f#hS6nVUFQ%r*NyoAB$fO>J@KlM_?r& zA`(_wCX)6(;r7-EreJ9nJQbjq`a%XBwHVf|dqy&?{r9~nqtu+Oo@MEc0w#sDMjBz~ zBy!+U-{+gHtK%}gz{wWu_cERZ$91Tp%*%kKgP*!yq}L38CO(Pp{=pJC$89iBCzL$c z?WPmT+&KuvkqQpl0%_TKY={L2!OAK)<}HMh=^EU2`|2dR2O${y@?vPeMQS{n2oOJ!bgVdW$OEdJ=oLEZcl-Lap0jGd=Pk*~B0^ksdRGb0> zP|vZ0=l56!Zu2~|UL?LZkKT*LFh&PyKN~7KwoC%1fMirD_q_rJ{&xa7t0e775(W=< z@VQ4%gAOT#!;du`+bj1nYn`75prQA7QWv_tv_tgGv5w}WijX#fLVUn*$u1Ov>|oI| zje?%3UbqPp4B9=#ze-Up2zeUGct{^#t$f&qG|XYjG{;1xS;;XS3IFeO0g|?Q^R5`d zcrKN_h5AbbR0~9%7(wRQi*|W¹SNH6rY`>H!6=)82@`iMg;hyXgXK;+S zyZETs9V#{2MeDf>|D-f6jCjgKtAC*!Rtn0WxXlj`26CQnbl!Av#SdNVI$*|V8ReLH z3&tv#L{Z-}WmLNBL4Kk)>vqw{|5YAW?$m4Bsg7wSIfFeICOSSEngL)X<_7Napn!>B7%riK-|Ows`I}&o2rJS$k$ElCT#LyCll>F**i~Sp_$hl~!hagZ* zY~hmSojW}5Q4V|r5>*x;dR(0G&e@s2a%{T%DhIAb-_AGjOy3YoHFBM1eXZL%5# z=z&!hb<|zOuC}DPWi`bOMFEneCQF8o z5OP&a9D`m%@%OYiX+1Ai=})<c@H7y9qh&toz2N9|~3Hz*G>|T=i?U{;q7dDR6+kKI?7MDo|IOv18S){WV({ zIz#iW3hci2Evg_yW$SP+S;JpSr?*F9H#3w!>S$SAil{$Zcc8hNSl_5npCw(rl-lRZ z)jvF7T9I7O^=_s0ylNb$gcOtf+FjKyRkA?yx1WvqD0vRSFhRY5V>f!8supX zgDQ6B7z`hEDYogn^goABjrN$v_FkfHK2M-HN}^w(&H4tc1IDU`SnWl&Rpn^!gTCW0 zJ03_GP#O&|dU>2(m|0Q37Qek5(q%US3pK0_UZ`To{^w}y6 ze3X`L^*mE6iLt3kXUKN5obGhh8{(ZxmZe(;-xz*ZX}?(<&_|iof$aMaX<*)pi{mT9 zI%YirwK6XsiIGCNh<`;Kuqv9tu%Ku>NDK8 z4^()6d_i8d$;KARTeLkCj8_=8sp}~nzvFuf8bHYt}-(uE3roYl*`AqtR$a0Xi@i8LZ| zk*ZR+&`;y@WxJqFQ<{~Pov%vb8(9@#8+JEic@g|eML1RFEP!hX--?ZqOI>&$J{(mP zSp7|?hmn65-WEm>`)bEs!&r9AD2iNdibaZZN)Q}E;byI{+!0<@Pw%6w$l6ZHa$mlq%ziJ(L$|_=VF4MSRiUQic{J9U7ZsGD z=x+oAG*B4&b-(Kuk1^<8S+i=N3^PEwZR8_nG!8U)agThHNs;y|Jx6;Q94E{-===%_ z6cUFH828OKbc^wL#Wrt@R;tzvoj4Vx=3C!{Omr1AAn%%=#~0nq{WYk~&zyBOJqMQEO@bH&kTwZq zhfZzw7Ua;Xq~)e$jlX^?)5!9uT@4C7f0MHr&~*KXmncdBO!fF8u9F}kY|MX|sezCM z50QBgI5`}kYv34%#29){ifsOFS0l^dx4s-y^JG)qz_94xn&$oJjbuByWVx3xu~*`Z zQks!(Emk_e$HwvUaqOQ^Uv4%fQkUr1)M2WfuC^%@o({R=l{3k1TT3>X0RHM^_m!Zl zkK6%GWAh2*-#NA+O`;^FuxmxbwLH1+7?Cx!eS}nReWCc}{pbby2ziphJg<;CxC?$C z?&sXvop>I+rx=Z5Y7wKUNKjNYc)lO75Bax8z*X-q)b2;5r=nc3DkMi4AkGNuvO>b8_W+x^H?2QZgA$+a?$h@NlS#fVVioUJ8!#+&-ArYBLY>8ixE zK1C=`c)7YP8li0-iF*=(yZfD?jt`kNgEMVLp8j~&id;FHmiJp4EDCct7$foKIX@p@ zWpVzvS;Dpzm`YFqTt|LBQzSCyzF#fQ|M7%I@0Pv)=e>A%|-R;Wj|8Z@yN4pvJq?oK0h|WZMVk@zq8Jq>$l4RGw9DRx637 zUDonh)=%1fnhUbV3fyk1MsN_+Vy?hbx?k%Lfj9<+E`Z}0366pjOSpKM;}YxfSn5c? zn~H!Z9tZ0wU*-^a{wi2N5?MY#= z8#LV^oT2(#gk20#d!}w@$|s(OaHS)(rL83LFYEL&XZH6%m561BG?oy_I~%QpY{Hg8 zzS}W#B5vjI7qiDKp#rL9!>{8?d%3?7Gn@N)pZ!8+BD&O(>St1z3dpLw{ThrCbDQGp z&BZ6J#Y~VRYr=H2=*8%FvY~sj^GaV*7aVkQXKRr)6?oPt#1V~H>U`d;)GxBk;;?+( zf;^EBJE+OU4!Pq+{!v z1}I;>-`5S^@33aFxkuslO1*lk&y-CeFwV`eK{zeZ_IeK{cE9O=4Ie|(e)G`gG&e%E z{h%Us?)ql*>Wc5x>G&!He^_dYI0Ss5`f-K&YDCE8w?~B|&h<7Up3Wb>o_6dce{0e9NNCm=jreUMFti}pzYS8zHi z{zBM~TR2EQKJaYWb~qYE49<1<>Zbf*mE4>Sw;*Hh44!vP-BPL%^JTLeo3aB5U<)dQ zakiGsP^s&scHMXd^?IjN6~;^-RAzjeNE#R$3R+w!hPHtp)q~)pINi5HXSMV!y+>1k zWZu&)YF7Y7SvjnjseTMLBv)2{rFJ_+&C*nEAL(RO^P#2CbHXG>+5G^G|N5AH^VnZ9 zbWV*}#X~qT7VSeJ5yjO(xpazSCPgk>bBem}mR4`Y*X(8@?&x=MasXwvI8=vN^V{Jg zZ{)*nrVU$$BJ3Tp29u#C{348ZR618tFs6sEnWhgW~!X2mSlx0r}0{!d9IgCb^Ou}ij^EwdX^;^I1^NzSJct!Lh z0$!o!qNiac;WtySfWC;A+md~_^;gWSf%Fx79e%(>H~ji>KR+MKPQWpI06@r@`F7GP z2o!G53p?*18=siiC!)6J-WX(nuC{PM#+BF}eS zga4!Zyc(Xm&pS8%hd_f50Wl3vviHae`EQo8SV|!N4OhVs&Y8d`GZ6E_bTnq`#p%If zI&Xq1ov8^3O?|?zWIFHHgh5GEsoB z>3ZhpsAz+))vbRuDuO#e5*>xf|KxC#L zsCxlD_)xSPEHu)0kxHN`SA)c#n-L_4>4}LL?Hiu=@4ZH$D`zjbbF+C!@8)|0&zkLE zNsY3u`Fn6j`Z(N?^J2NffUgpC}eXx-=0>&P!BL zBsn*JE}c^klwa($A~B^mm~n6wUt2O9rqLta;pFTqKzH_h={h>FAbFvS*O*u0d7u+V z7oWVXw&5Eg!EQ)`PNsYMWS-+}E$-U;h46L%UxZ-GwvT}0x13*<>ZHn7@B_Wi z_a-|gwfVW-uxbzrbG>d2g04MD?-`49Cx0J;p!59LD?0HNyP7I_@$+e2l{OSvZumqD z&aC&H;qKbWTL@=$n#*6he+LH$a~9u#KkdMy#Mqj1Ns6%hvQ0<`Iedl7dJQ}}{r^~- zS5M3Kzn6Oiz-7pUq|Y~Xwq4gZVU%7yhuIH86RS?wIk%Kz9x6$A(n3)iBoHd8F=3 zD+xt;G?#4Sr28Y~x8>^sni;(tW;cx}4_P9D^tGaYxYIy2FEN*|y5G8cTT0Q~PYnFCZKEA!iVq?l}~U3rJi52@1T!^4Dx7oxqf=aH6ByTVMb zyEAe+BipT;$C>V^pBQ$s``@WrAr>JPK3TOnAesua_mUC0qLq`XE_Jm0QmNV0ra%NfbU-?W-)9lb`1 zzF!T#U(_h+pyUPAwTLf4UAC|7!PhJAb0>S-cUr}?_^agy%pHj}rR5TnUB5=Nge|xv zVJ)5^dL{bp$LHfkylzQwFDJi@3@+oy{lLBSX3&P`yKO;!{-{^GXpUtN#j9a&wosht zb>vc2j#bj@{3NAVIFH-ri<{qlXFp<%>6DL-fL!g!4RL*+ZIgHM8}IIqR)xMr@9gNJ5}Rk)o1>=!(^ z>^V=40`Z(4*QQfl2o&jW`BxJ_uvqhq&lA)sEQq*NhzkX8C8PlM)`f|;w$^xFb@pGX zP+S}$$7DD;rbPs^v1oO`?j-J%BYiL3v}pm1qoU(SAK63*!yQZb`-6skJT#N|xo@|C za{4G<-Q|~N-f7*TOYNaf0d&7V$iy_FhT|aQ!h1TX5;^cW1g{gH#!i>&u1}2z-+rPx z<80~|m`CRCRD-uTsY*gz5V>0&{D{^2TO=Pxdjq7=FeB-uC6bEn^kKl3ow9wo$ku~n zM2`S$K0#0oXIw{*{G5@Po0&Mr7A`~u4hFm{Ku$K#4Aibs?a;36Mk%`+W4_dF&3>f) zHWh9{reSp>U8`FnP`)=jR95ZTmzz$7>H(26R32HbM^+A0H!b}DkYeZW(s)Vw&A>n? z!?D=lfC|Rsn2piH&W;6|FoK6RQ;XhNLT9eQA4?5r+gdJtqW`UjVOJz3;Ta^)QLZ$d z@08GyPppT}RD!m zrt$1#BIlLsCiq&LRVuSzs%^jeYLjSDj9j2ZN{_!D|LdP8XSSh>-wQ=7DarfDZxG3@ z5|*M~K}Iwu%x0!aw?t|Tka;>&mdAaU3Bz0MQ;cb7qP+aHh+%Jwf9B;;b0jB1-UC{e z87=cq(1goIQWj}3_3T{w_9)9UVt=<~Pic`BkD(b?ZXD<55brN9u*$ct^cbLIl*`7$ zav0pvRIFAp~| zf-Mfr%9bQc_(vAa5~MSyPFJDWiHBZ`fqAplBBqWkEHtx(W~TJEMKJLUy4E$pTNQZ4 zIQ!})9YX>GUw~5&76!UM@Q8kdHijeGmM4|qtX)px9>z~!ve#jT56oiK>M!4zHT_z6 z%zb9;8B)_hN4d0@gW2%vAz}~Z%vD8R4(ksk9v)9#B7RL`u?&O&Sk{fKLS`vyTKvd0 znXEf{Q{Mk)P#-(C`pnOy_wXyrX$P*UxNxQrNmEsW--YHtoi6v;*|KR1DPU_U%LUKe zw`>HfdVgLSe$jDOheW1p1)Ey3?TB>%IjT+^V0U)1wsh&Re_Nj~(ntx7ijIhO&$(p0AMMm%O%$bQP5>|C#8+03$ zQ%}TWx;DEPzp4{>l`7oJ;>)Wg&(WD79COhQ7X(u!Jt`&_32ax%$dZM*d*Lo1l?r(N zMqi3VBD?shu9Ra;4HpZ*x4aGVZzti|)MSL~i=yBJalz)bg3IR_a zKpvR{4N?*dzX%;*pS$&jylhkh*tpMjwg?8%;3u?)WS@?5rURQiNk*IkGZp+@gm#8- zzF+RS1_EB{f1YnQDLE9b82o@l&sLyBB?yEnO^OHbf$MYFVAu91?g*Wz10G``2gw|Z z0KW&XuZ@J|(?PsO4b#yWon_oUZ5C;i;ejMU-p7~2{y{(#bluLM*W`b<_v3cYRExzZ zgAeRH?n3sXZKW~^ctYDr(3r+`N-lc?H9U~xs56ki&tgb(5uMPIad2f&Ub9h;!I_X_ zt1^swL$cho!>)bUBqT`eIg8bIkDdf@%*g$(EKl4UZlJDyyar71o!)nz zmSnP*aK-T*ojw2RiHY41;wV1wV3Abc>k=H<0$&I3*E1{*`|D%Lru{x@|Zav z0ebf>Q1oai+QgfMxG{&RkJ+SyX9;dGq<*7`Vx7nSjLbnq@{`_r>iNcY$;=CtiZUih z(;{SRNS^HUYX>Nl^+XeH88*G8&mHyTuzyZ#RyxHXpC9mjwN-{D545@0$wo*opLj{ZdYt)j z7z+Z1;g~lYHoK#KHDetl{J1yJ2;M;$i2@Y&-jP>^sJN^K z$@x1=LMF;>``_j;92gpM=-VpQ=+-#0r21GnEYSdmlzF;Qgv)-8ovUUUX>(Tib!{am z6&4L+<=pKxcp6ZikrXo=J_($ns=<*wf_f~2@>(~=RALY*!jlZW!{OnHWkh0x2o#07 zRuZV^g2D6=D`Kfnpz4i9|D!%R<69V-d@LIi6ue8+>>K0{ZuRIY)uust0E&c^w z&BJKVRJ(H6zJI#Le(%3vwz)mMA46>4rcxf6b}633`T1kG0wJS9J`kfWX_5jSP(7*M_t~Jo@7mzY&qfo-%W{XgntxY7#Vun~o-?8s zdvu;!n`IrqIn;FX<0N5&)snu@LJd9a{^2*~vYXsWJuJm1qo3h~0wxQb4Ifn{iUe)Q zTN`Z6`mJ~n{csN!=9CIDJGXgphLq;zum<$X>#bZ6+#K+Hcw{~Hv= zxr{&W$$XP}_lV6ck{tA3I+i!D0a!jQ1_9sp_3gdu_Z`N!>YKq=OP>`4Oa6^hAPqdv z{WL9#KD(23EXI-3c$mi=X)vX?qhyZtg#ia8&xad9F}_t|D61oYGk8k&5kocx+9|B% zP)eWj$V_2X`vb_{C_&%NsbWY6J~di|)(a&>L7J8jlZPopgSuQpHH_J(u6E9I znL(yqzeiWad^CtVT?9;=eB!~^Zh(i1fjw?`^LqL@-e43l784BAe)7vm*U29VX{rW0 zmx5QP69}gKR$1fZijDHOJ8E1g+74)0b-%nQZ{4yH?QI!HFQj=dYh-}GTl(zEO0`4mDwmhHvRF^vaNT&}-EUMR4fNT2(HgXuHub#k-z23a)n zue?PcNdXqrs~F**W!uCVxjg+ReI3y@^)3r$xQZThUpS{J8pxgLayO()iXYV*+-EX8 zjqbx@KIgZaQXb=mYHVFe4>nh-`E68d_A3AYATMN@E_vURr0-nCby)YwXU3=|;4ob6 z*S0!Lm~U^>ZT%k6cf~Z^iE{SIqRP%D@JT7&_(un>b$AG2MhUIGKkNi6-e=LI!5gus z4WJ67^A;Fnpje5y5le3Pn$K1BghpGKHE+p-20kh2zka1 z;&Yax52fh^?$VpH&~HCQXXP`Fp6X}xyCVoYP_c$HWFeBLES3c z^gBWIy@-^{e=LmXsYA^l-?i&|ZxPJwc0trR*7FT>3C|r^ca*NePR-ceF$hKD1ANUD4{1wupm-FNGFjO;iC?yf?zxJIDZdh5CBE zZ)NZM3>!a%w4$Ad-K?gtOn*q_ja3?fz3OBz3qjHG0e-UBj}j9!jPJ7v%`0)3nrboh zN(vpt?~c{cbe_<5c4F{S+vJkZc}_KUiQZ7dh^Trs1=2UXR!y4KWo*)`-)bEkiLl|= zsF9r-P{#4w;QGT_|>A9oEUlE z=@4Fwf*d*X4}AI9V%}%0+h5&Z3J=GFu%-rW#O=JArj@+G^=@kFmg+TcVqoCyVngijPH#4SbCE6fA`C2iCW0K~4Q4?A$$6d;=5~ZDO zf}s7##{Vhvp`R#2zq6|anDGx*)Pyj9t9diMQ4XL=Y$fawLGaFa!~Wq4lmFoIRI?b} zm6)!fWzlnrAy*s<^d|KZB;p8!s)N*~D zsyu4x<_XU!E+4%}nlmm>SP*_eSyVUsld4CD>@k(dd6YnZC!u@yyK$HpVrAw{xTH#~ zl1F8xxtQxnV3WdKB5s_>U8UWbr)1lbGG-Z9emgCKL8^tTJK086O+ZS#kqd=i-%B6} z$kXy4$$bOv$=;vMV$e!ec{Y3~8qHEq!$%_L2CfgtEG>m>XiPGyeu7fgSRnR*>rq)n zPGkNIWIqz-lg7X#Oj@v=- z(=9Y@=^y}&-sh1+%eNg4QRdHhMjbxWH11a?hgl{xhwyF1rm$s$PbJIbUjqNT8%yaT z-sFC{MSGt*dLvJA)!cKDBXvp%fx8dvXjWZJd zOTwzp-PUmOIYnnjb65SF{@SvGZe-dlxDeCt8TGVwpBJR4kzP?~txBslKAjZP`QM3t z6f+s`bnVDLL`Q2LWVMW2ygDa!wrdS~+cy>{^xTD;=r6t_Tf#)YlCJM-+(P%E20V@d zpjtChouB$^Kt+y?jTwB-gSJT&{<_?alvQl~VbqM)`vn+hf!Lo^;fE4c))tX8Ip%R2 zem2lUf#ruixv^XkIBCpfI5WnSMOghEKHVR=_n;cR(QWzqx1KK3BfMIQffRi|{mhZ? zBLzdV$d<_#Jam&{cIs;+h%#Qvz)7cEgg~XU0+^jQQ zQ^78H#}YDL+8|z=vgw>cyr=U<^{ya1a(21^HCR1-(Ht!*(;Hts(zO<8+yqOh1|e%W zO&^yu2Y-B~#VNBdfwl%}dC^}N{(vJ^Q&`- z7Nm!#xdR%2`wVi<9reqY6+@+(P8mX6aJdpld8ZcSY@|#&0H-p29+{VV$`%0^H;eDA z3=tdxVD5<6M}OF7_H~PiBGKZzBFV@!d7r~be7Xfi}^v~*iVAv zzoCTI?rKZ6q}@};S}$}v6@8UytgD##!<&689>wjQv*U< z>O%2&Dr3JYc=LKRJm|J(94)x8{GiU1X$gj;bv9@$BCi!&y^k*WfFS@R zv|}~8bwWleqIN`_<<6J7zItjKdfY(5k6PE!kqODPNa9Lo%7zp)H>e|$OzrbYlfs}d zZ6o>-Sn>q+uv1FcDC?08QK306pP{1z`AxI{aPmfJK#0Gqk|o-ZHC=wNn8E;%vX#Load+e>2?$kW4@9O(#Bt3{w8MZ^FTKhXL`Ps5KxScTBz8RP`|JavQe5}rH>|ZFkr`AU`e3uRj0=GvCP1q_$`%nO>7hsLYH5U~ z6l!C!j6KZwZf2BQB`^p$|B&tKIEd?gl^4yXxZZpsW)<78WXx$}M00?b`9m_h9!a`? z-a!YyucYdIINO3ab0$?lmoowAR^AZZ<_q_A9WXU5iAMHhy%_5~QNy!F%JVywr30J<_`t4V>- zb*(CaziZxZ(wjY!rEV9lDw`(4^0&Jde4=^Ji9+e%_nPQJIYM=5`T?%gVT$QOTA=xH z?o5Zx%Ro96AohW8kf|xRyCav{qLr7qNBRxk0|>Qil$g1fasXGd#DFo=5mnD(O&#)U z4MY#{RCM|HsFu0Zw+^f6LPJMvRI=n;Bxx35LJMIQRYZx@HecHl`E%i!ee2C=R(V4k zLA#6kW^xqk_*^O3lvb>+O;?Ry29t(yfo;sNr~>e*2kG5m&s>u$+#k8eQGrn`U^Y51 ziowX7M|=GrJa@b&YQZG5Kb{Nz1R=2Prdrm_|61Awk=Bl)ubWJ5#mf&H4qf5Jo+j^wp|ZjG*qT)ACu9f|S&nm=$sy zCm-pjva`ah5Q3P?r1VhIUGoX~bZuT#N&IQQY-Nvy6DBz1)^P}vH|8M$f&v#zZxSLi5h!8#oh7)T?&1|dx-n*3Z5sKCYO?Dr&kirv=F{im0#s-J~BGYIXwzWTPz%nGQ4X^!2 z7J&#cQkx)sXUeTH1I$0SwZFdOl7#%|wqbuwG&+5LiGz2Vf+U@GftD-RNK-l(|hEas~&u6yC;Kf+n^H#rjH zOk+OQ>qtpW7W2`HmF0FJgtms`x{Hq;e2e(c8YwrAeKBwiu@Yi!%Re03^kuFieZuLg z2^jD zG3~(|*6-$gT%>SCrjxY!W%hkFSjYf zBV$P<>*3{F%CPtF=&qq>FeH1)pG3R`Rg+jX)zIx!@6|>sU>1STrDrxqHJ16AUU_Yr z=m&~Qo>ni=1=>wj%7By$R%VqdY~N?7T`9=O#>%Q5RWJ`$Xg8YTGpSCM?IdBb{jJXx zt^}1mIHnbq^POdl8!(TT*6gq^I3tnR*Zs%5^tUqH-!LrJ(DUXh*m+;=TmTg6f@IWrWVwn-jb`b-t^c(vI4p;`X>{=3)cY6ZcrYBIUG z;2n*Q&-jS#;;*(`4I&v3>tiTi&vX!b*LNl$QKasdazYoitWhc5ZYWAqj^y>(E4JOh z((c4ucMZ|##G&r_k&9{DXCWa}{o{*eqe?q=GY{JVJ+^z?uF{&7bzDC10nJrTDqsmx zXaQo!3!2UZfGh2|Y8R;MfTU|m7IdgYi8qI_Vd6-ipuH?yprOKc`Y&wK%h*WPYnm0r z3_F*^(1~=9is+`dM*s&Ga#P=%-F*Me+1#;<8sF#ox74xZlAZ&So~`RXfYF;ThH5@g z8nL+3ASee7$2nFnGo`11&y`D(@x*c+d~vJy`@P_&=4J$)aSlH-JT5<~Q9G%pH29xWvSdhmj&q zA{WakAzVd$&!RV!u21{b>Sb#5#pWSG)vsj_##v;Sid#psc>}>j;wrz$ZcO(dQ85KR zgo{VWiS`I0E8PT}D*qFV`9G4*IxMQLi{e9fOGuY=cehG|z|b8^NJw{wG}0v{IW$Oj zhje#KOLu;E-tRvj6&{##?z#Kyz1I5aRrvn7sf>ECSArP-i~Faizqn|_(DkId(z^6% zdx!?b_20MWdKvYfOHu<+(*y)a8W~aKL3k+D9YplNcInHL7G;x95=o=lbRUas7VWRn zyz3;dzGeb?r1-ipejN_I@8Z@@co4>Gp52%}8}1>pLC|;+ilUMrdAA*fPv$8JQ}C!u z=?I_CL|KUSy9vMvs`s?nrkJo03#*nH<-zs3N|fu8Ye5qw<&fjDtzKP|P|f0ltrprq z=WK|bn)xiLK3;_0Q&;?8HnK70a*-5ekKdOwC8|;a+4v3203F(4O-P*wl~U%Fj?BF_ zhQXcp;LpyLm!je*2A)L6Bgxe)XF8CEXmO691KrYAe1yz)&JP~3USW6Y``_gYp}d1^ zZcrygg}0VULzss&d)|lFDezr71W1l~uhJev$dAvGPTcutkH5<6Yg+`4Sw=tbYE;ge zKcmw%!_&3m8c<<+49%wwn3D?C#2pmWVP8rHC8>z~MFf_lImkJCAVC|Nx#)inVeVyte!>4uj zh~c6Q3mX4%Pw0J&El}*BoNSg4A)NCyS8Q?`6p7RK$Gv}x@ad<1$Vh^<=B&gNxViVs z#p~abZOLCa{>S@(?tlxB-_i8Pq@MO4yQ0D`R-#rgxng);i>%ewyn+w)hl5#KLq`sjGWY<`$W=K>N{N~Mo2y*=88r%7e;Pk_ zeYhNK&W@JsSV)OBr5gAjP50|3$fFy&RO+uOuJ^(^({Ct;zcVTQxk99LJQ*3X*E`hR zFK&pB)F`}&2|pai)NA*z`OCU<5&S}xYPvbLakS-hgdd5@!5&)a#MVd|3YjM>hX}Hp zkc!d3#*vBMP{ho0^pB;TDl=mahPGFvT#HPs+K?VD+%^xI*pso#BNHSxu#$!&ssXPU zdd@uj7rO?N`3|O^Woa76yBJ`)7G47ler=(EG_` z+?%`r0cvMm6UiOF`Rloxih%n|$li*EdJ~ zDGqHSfQHdffF5E5lvbjBMx(aILk@>^<5i1#kUnk}T^~mv9?ObsBja|6HgUEB{gYgr zW;;`&x;(0X3~iEn)gN<8T&uqgQ6VVh)lQR3tsGe??GM$ZWAP<1~+Zi_f;6`bS*sx$Z(zCq4#yQ(7>IN#ANWTHuEiI4?GGN;5XG z3>}2bzX|>~8Kw@M?0eGbD%-OW0iS=blO9*A^M`V*HHC(&YWGPAyF7zL-?_ z&*6unZce7;jvR&9k%x#R#T#A7IR!BJx>VJ@4yPhXSYnT?FG<_-FMDslQQqqwSj6K9 zQsC=|9>!HB;%oZekVeqC3M(8pkky;K?<)h&3hQ=ZR&Z5!b_pY!K6|jN>DD~#+nbsa zB=01GcRPdbRQIJ#7%bt#?|@yH0z7~bgrnusB~k?yc4X~Zi%8l?Y7h^O5(hmT`bz}y zyyAHCQ2qD=-E0O9sW+(9QyX!3x^(S-ZY^Pw-$3*de_urBLLf--`(m>dXe|uy8L}-W=E8H9DlY zj8XZ_AwNVoUnkIM^@5UDLI-*M;UCnbPb!vk6Umz1_@!n<c{HxVSJORG@&@fgZm1eV?j3`nGKqmujS}6MSmqnz<>_<9+5oyxR?6k!8{eDG7}i7^8eY_Kp!mLs!vTe?*IF zxj6r2&M0tbIdr(5EX}zVm4N=iyJpIsmZk%iO7a6f=)B#jYCq)ChMI{iGc$}7pT;+A zqm~!UEGak^^}Obh-KV2TEzz0JtBKyFo+PE%5v+)069C7(qkvF^sw%aq$eim=0BY7L zso9NvSs3~jjUPuT$c32wv_oI*`cD_C15^S04{oR+uGwcovxokh^wW!uY4>lx zY7^B)m^_Q#c_xaswrY3M5tdasEjdB?BWGg|E&k0`sXmweN~#>)yBjg%+}+eMA^!9 zB)YzP0mFL**=-L%5W-skm1#dQbxdkKX5zM!k9O zBb$9+E8N=9pi&h06)Qr>gA|5u2T?^uu8iP$EdkGQj>rvVP!;QZs7Zj$A%sRt&=&ql8?A3J=(aX zK!4)c^8C;sbR~a@ijw=UvUA>>Q0E5f?;j?1&3{!4yXMt1LKrZFO@cqWCB>&sC93@9 zpi=EbrT1Pn6WjjjAx7VzZbYR;LSAWIk%*QUYJ`&hlY!^=1q6$3!DG9=M0F_z@7h7q z0-H)N8FzO35fQCA;Iv25r}INc9aY(i#ydEn6;_QG?T~?y5C+LS&xU$NP*280{q%ve z!z^!kg86ZIYf0WDQgF3Fz|nc1W-nsiH2N*UPZsbWo<$0GS&p$QWSBygskL8lY&hwVp}oyUc>! zpUwxM@WxhvI^GY(o`E{|#9uwUZ(G*;N{X@~gijjbdU|^9_CJdM_h+N~VJ!#Xn;C!o ziazdpQ+o~&&roky-6+~`>MEgD6L)}&eOAEkgVOOZTRCCZPz{ajudDQ7#T31osJMjM ze?l}%Lug_}a4DYmKdz3y0{oCIITcS_&<23AT zxlHRtQf2TQN&BfV!6mTU<=X#TddFC)!5qx?2;&PK*G)_8)3It^PlpJ9(fCF#t-JaA zKKkxAa4^928=Z0mo0N;FeZw?f!KTCTh)^Cw`1xe0y;g2dVj^pquux`7w>2b2xU-WP zv6`>1f#x2MCAWv{)?O@B{W(V!%xYX$*lJpxuw$!3WpW|Z+ii}Virya)n;jqmW`c3#P;Y z0@-Hy-c9lJ`90730iaD-5EPJErdx*^{h`|M8^R9MsRCVJD3orHCRV0)u@~wJfP!1r z&e@uFaLbH3$RGbTPyj{@Nhmn9@o%!;85HFJmACs|{i4`xe>`!j%mxUe025UC>8eP) z51`S9OJfSc11D_u+1hP8A%KaYXdX*h?gQlR1W$W@FZ6ben~1=-UJHojKomrJyZ$iO zPzAt7M}7(u0vtayW$|Zc{cnBv0{b~ZakMBEZ8y3|6LS>?k<1m1u(e;t`vE#h_-v`x zHeh!mW^22eif$&*L-XHf#9agunpP9NwZiXFQt9yHN-`Z#NY>Ck`e2(iYX36L-I#AR zRu(<6gP!F5BQl%sosJrht2H@4F;n87Eau85>>W_jg2SJa@f zV|R4eh>&*~r{RKw^DkxmN#4JVJ3Y2(bT({Q%Lq_}t)TH~YQUPi?|pn}WkQKAPIZ$G z*XQkA$wpfL2nn(Xh_p96H$cCyY2L4OP^d~^@XMWNX#Gs*bof9Dzm2G2b73#v3OM8X zpgMLmwnh+rmOFL(f>0p$d3 z^+i_yVQT?_Zq~f)SG+Gr8v%-|!$ts-=bl$D&c_Y=mtFh+=o&SD*m?lE3t~BM*27HE z7CoHL5V&na8 z1`O!&q=mg5z&M+|JlzBSH2~?cm+6EF-4^zWuEF|@@hfKSEln4z6J-v%2@|E?V>~4^ zioIAQz=RS=tSB{P8~81~hd@h6*s;~y5H3Y*=>i=Q{~lf>N72wDMWhxSsX;i4rOrvk zT@=(?t!8^q#{jMc`3-xC<0o7+ z)!@N4s@CvV3cNxLL{LIg?Q?_3+OfY6ezQrynt>3^w8Fao#g~AA$=TtIE5`&)aA_0NNXAS z)ZM-S``GJM{J5$||8bJ?=?B0bg<)XA#}d2CxorU~j^Oq^{7QEO!<(9v%`xHA-ckPb zDClw6c-~KP4%ko-Deeb9K7Fx)6J&utlOW@@Ru6#11He#Ez5p+AL{OPdEg}etk^Jwh zgf0VM^=mQ{dAZvrabcbNJ2R`+R2Q#>S9Avy?V;ZD@T^1A#QsvUEm`w$;8Ilx z|1aDf2YhNtKR=9VvlMyov3VLL3ZOU5X5JGnshG_@yeTxSXgaCOYyOeDOiu$ZAJN>Q zUTOFlzEdW$Db2GC0c>q#axJNqnQ;R1-7`9X|BlJBA@9UIM?SpFn$;T578i?FN&UYw zUgyit5MW1Pv3m?DRLvWDc~oxJ7d1KUZ2_+-AQh$`1d0`VC|-U}8Q2!s48}VHR)Yli zZ>-6zdZ7SD79S{#O0_&T%)|lUVqcip6_sWA%IpBl}W% zgmA>$pcxSD3(A35$RnA%tGb1Y!^3@!Xfh1+XH!PJ&bsXR-Ig*xMA;Ix&v~<%R~~4i z;4{aPzO`hDz~j`7-e&c$4FIt-WIZ2$*#`D-_mSakbA`DV)Vd3RpsD~CbSuD*>xI^f zP;(TP$QcNVW;Ov_A>|?`z?t$N?P)LDPYeo*hT_8Afp>M}ANCH?goK3RS!+znC%`Dt z4Mj(bY@(=iir%gSdA7wsO9caKO)W!@cffWR8Oh+s@;Ygv4-E}HYgvEB1f2n%SF>MZ zCT2ZE+b?4^Ww;<)+20K{TiWcoA<)Br!8=8Dc=)n^1>m2iALeGDBHVaoudt#I1w8HL z{D4P_{{Oil4b}7*0^NI?U4tYT1Y=ql;(U%QJg!9i$nK~T4vw!3A$0h{Kgp

Ku2z z?nZ&cP_#Q`O17k9`;k(FK)oH0^dQW&{`OqSg~GpsY@^tbu3MF(4ocH2!a&b+$v;r(G zV!)@JeGWBBbpY?0oWyS6u5bp}T5$o;_Qi*vJ^lSq>uOYNEI^q&=>)zY0(v!o(w6wh z{ZqT}#*~I)&Fgr$)c=22SGmmF>H?`}Oz9PbzYZg9uCy>yt-nyR#A;oO*?=fKwiuK% z4PsT~fMZ)uzr8scOO)f}N96swivcLQa1>i-im#6A_mpB>poi=*5$r50I5Rku97pZK z6(aNAH*`fHrQ8?-D-x{M(Z)nQWg&X{!;&7N>+(L3dKzwmNYNn8|IXKt8TNidA_iq5 zBe*2+X#2-_A4nr053;Q(*spbM6!t^IJA3?u7w%*1Z2g}v1=9!rz1%ni1;d|jma*z| zG5FWLxdH30vgox&>w%JeI>8=?<&&ual6{B$GXWgMGauE3K;3}18y?h#$z=@a5-m}k z7fK1;C&&VPE!f5SM>IBrb#T0a0)xBn^7H(8lemg8IIOu-^7A{FCf3Mf_^y?h%;wpQ z;(-&j${p$UB0IMpVU2pTbJMtMZP|rC`Gw8l5tzs&7mqpA2U?>32=sm77Yg^eK@FFr zpW3NY5ho@Ps?&=bm<1<(QBRtE`unnDxKS{FlGFW0=y6M$wmMVqv^xkAVZ+i9ba1{{ zfe`C$DhA`uv+R3IkfbJXzmouU-M@kEmh@3N!1%=vg|;2&lrOv;H<@rR8?ReY(@LYh z1L9mi54x3XrJlS_7r=7uD+ip^E`xbD+H^4?p6(u9K7ZLTTFn3#yAU9z7}{EY6$wD2 zuxg_1_#7ZHD!=Cnd!Vn*8QW+L3WoFO6H)7f+t_}07LE9>OAw8TI#*XK1qNR}?#-CZ z3_T;(Y$?S3P5c0LEDn>>P<=_1r5_~iLIZWmyYffO`nG)Qr4hJHoR+}NhF(?p}WhRgS%J3=Uc&uLN@0ziV z;a4$7F`i=A^NRSgB)UkdjkmvzR)L}}i5i3~p~7xa>R`fm)(4V!my=*jU44rXeyUd2 zf2DC=^GeB-^qB_|O@z|ldDUt=c&*fj>d8x5 zL8XoQ)62%ip18$_h_+Dbdyx-OKRIvS$~$bx!WPJj1=V1Q!(pJ%3Q^;b<^1ItnArLO>BR@wUaf)cj8sxUwO3n-{6i8kLri z5DrrHckQ)@Z1vB3+TB)$m z&tf!8@m6JA=oi4Rd<+mgFq-^A9t|_I+{Azd78Cvxzo4!rS$+Tnh9eLE zvv%Sv^QUo`-@Rj6l_3+OKY_q2qL$8~^D_CyN3e8veO)t~-b$lTNW}Rmg10+57oyB$E2fPTSc@?e1db|XUrXE=F2F=Waj3NfEeh$ z(`rNDaJHO5EmvY}-JkTq2Sx1rAFRP#^*k$dIEbhKh`08*rZN63wBGr-PlIB1e=FS8mg_XbVd= zJn|uW1w;2rSK1lx)ge)mVn0`v&l_3|YUD!)x3J_x1bDF^E^ zM>(FVnqDSqAgT{~H<+dZVqn&IJ?QagQSC8vPl9Vd2lU5jTFgpSM|_u>{w^QN6*dI;kV*>y&8-MG}xck;=A5cWIR*;}qNzlVf!=5UJ={Db7P>1#P7#Ffif8Hnjg#r)PAMcl6zG9bLOo0@!}yla4;Beg1b!J#`x^%L&`1@_J0D6ilX z-@E9k@MRjL2)-)JYeaF#z|($=%4&X(gW*VtXGJ-LoTDRno#n4>9TN<415t?iar%XY zed(^T#*?B}rV%@)98#s2(tt@8y{vcCR^sk z)2Dv2=}&)qkrwq^W-1^VnRfl3MKf^)KF)}yevTyTu@`FvnBn4p+orhh1ejr_|#-wsox2j*P2Rxuv|oc}fr^jx*VSIO3Kidk!tz0={O{S}`{E>v`>pBTKCVjN#zie z9SRyJoBG>izHh6c&3j9eTARi#4J(UzaB@3*pS8TD9U#w`jc!;s5r$UpZ7U6mAf08~ zcPzuZGo(ZIU#y%PU>b}e=D%)qeQE{j4AI?|%@yS?{n9sahgR?sGyZ-%QaqMK8ZGxy zET$^iZ(#t><1}N;+fs1+H7Sv*1x1HcgA_r7?Kc}R_rBHCezHeWWDxFDOE~PI?zLU6 z>Z-hAJld3kx|sgX8;D$_;I$zSEQ`COG~QlJ*%t&iA38$|LsSsXd#{58VB2CyMw(-UAr;xtTuTh4g%x$%L!V{FYE2z3WHuIT?V|(FPlb-7|9DfugoW0d2?IWwUps(l zzHUGF=eZSg%IGVpc-Nlh2&ars)Za%?S2NLqOp99a6pgXkE6_i@z$Q}!L8s~*6w7?7G?wH@{%6Vh$ z`C)XdGS&KZBebJ>zrEsnLyD5Wvz19lsX0)e^9(Drr-|tNVd3NX_ig0#T{_7 zj)XRXp)mo;>_#!yNAqUS57)qT58AT=2*cGt>08yw=BX>FVTJFFbi|=4<;fo` z#W`mcueBY@#d_$F(;!ue(N{`M*$<57Sn6C7d^mEMDiJ^mvO5{kP>Tl#I~-QK4qm$A zzdQ70zt)cREEmP~c3;m1ut5WNT@V68fg*B>K{5v4D#$E<^$NiP?cAhkyD+$&d5=MZ zlm^Es7s{IzeikiwK)0OTF}!wAk0tZ>^>KjT2*-%Fr{J(DBANbN8xEv6VM1pP&=u%O zjaJw7xJby3+7mtXfHo~uOKk;n>VX9T_}S}SP#AKZ&Ai=&*X_EWU#9bv+<&)go>ie# zA8&8c^~beahgq3!FJRcYz9*_3w zEx6&H12n|EnZy;IjOkzjYJCy`MX)y04%A5103;*LqI~q2YI+6=pkC4NbFHvMSn4R9BX4 zBX<*T0DC{>q5xOa5E(`&xtnwmX4NCOcq%){^O%xT79`KhT%mhrqXyR0ZTu&nyF(~3 z5>&$Er%WxlC&&_Fa6^(iSw zJ@!p!-SD&?8JsS$2;V}-fMcS!`oJ8(x;AV3e1IYrn)}hyli|i`)a3Y1>|rwYKeqd4 z(Gx?je<8pG=~S3%CcsZ;dO>1}-*xcC&`VGRp1EHg-%P~MC<*&~MUqMg zIt&llbp897LTb~(yMw7JuOlBwYg0_Ms4IXh6k^|ZiWS0CDIo)km=HKV0&kfKsN&`4X=qNtXFcbV0S{#be3qPa)#*rM?)|(SwivRrX4n{_ z)pIL808=jjbWP4mRD7%>1F=B=HB!gi+VOxM;XWPN9?&T#9}_w%8^sg@Z7kVT_ARg7 z@B#B8(^|62`enPGjPw@jqI-6%1eqYT266 z$NM6hO*JZa@t+)l$-k&M7NgGo>6*)F&@f9%mltqTE(o+x9rZ#U+I%LMFkI)~an2cV zJ1&Y|KXUT7L#Q%buakr4-q4+4N8#z}kPZ|AxAwzt4-Ob* zVPlJemEUYy0#)(Hc0FE-zx$^{Jmnx{+l{`12AiA*7Q@y~a-MY44>e}uYo%J1{Vi+P zZ2ErB*LwfBDS**VE0D0Yx=&Df>i7D17yEh_8@*eAj*BIFg$;ZXEM@vljtQ|Yz$|Yg z`{f|Jo}n=VnD;=lj-c^T-#)Jm133!|UJU1SIU`Kk7CT3fy_+v`@2QEIIB|x_?%1kw zV7IcF2;ocm3lL?!GYMfJtz79R4HS)}BH2n><|l)|lA%45 zYr2n%Oj;-sigKtQLCI=h+YxPq8)pu~wlQ{TM#AF~FUHq9BfTb*A={{O5>{y-x7n$b zwn(G88cJ&=$vD*<%?88L)EE4=zC)TZj0lEaxExB9QrY=xUKu> zJ=apWZ@_r(a%V4Y+yX6O7lG5(%lctKv8S^hci`3+6doQPE!Gc!&d-4~GW*&KE6?{u z(_KJ-sN{;*DS$^@8~%1YLTtUX{+3G=*CpuiqCpXNXNNth?9L^AaLiiu;tpLk9u>(} z@MCDXrm|hKrxpeu4-Vu(pNvJ*WwyPl0XAMjJ#V${@(;0#85_G}xOz zGsP;R$yfKmUoqrOkuHnZ^*s289VW4y>jEcd|Hg{bcpoq+`aL?fStS0<2+g4iFzNu( z!J=VVGyYq6vD>C`+ZnG~mY$})tjP28^K#era!oXf$Ay83uYB7<9r)X4Z>^dh$>_=; zOK)4OVJ0DEpM%3~>|g-JRn?6LjR6|sy`M^*s>bLK#8tKSpfhIAIvcC%R1c8+;Jg~B zT`~JTH@uA%rP8XxHzx1w9n-6=m8*-3{gg9|JYwmYjsm6n?T~DP*>nq#x66CHZI80R zud(OXANgKeGr#uINdnHr`;$q*4O9L0buPL9<-m&WBq!e6SKW6FT07yc3^b91+-O{5BFLCWl5Pq z3&BSUALq>I2DK>5=t|KkXSTnaC%8_6`BQIH$iiiBq7gX1x~6;=tbmLb$zx@SN=v2b zqi7eV*J;ECH%BnTYG@I4_v*=SA5sctN4Nzr#vr{hAB6P9dyd?1X0ioD^L#%}YP3SH zClLfo#pT>$e$JEc$VcYZ2|!qOjUZClCEWqGweW-x>pmaRI`* zTHh|lb*j3@a~i>i;5LHy5DDjJ@)yJ2KFD}l2GfXw+lo&xkJ7h?gQ9IY^mmacM$1Vv^Y1y}5JvEQTwdP_6Mv$DW&;MqUjL$aMuyIP z_=tFv@S&4thuyR<%7U7}>?=z%vU^3t#7=4RJZdGTT|=E(IG3SmTZwNH>|eO$Qszqw zBTtuEi3fJX#)Xm4zDOx0&*k~0I9Dpdh5IIlUU8w+^&XskUro3k_$+>R-4iawT_oRE zS+Z;SQuY;YF0>?`8xO>W?qC>H#{LXZiT9d5b>YTEKrrq`B`$^$d(4QfcNktl%;HI; z?5~ggD1>OFGkJ`5Q*g1Evtc%|M+rq>zFRLKC*hhg%i2M`{ap-C0PS+)MFt7FO;1{1DJJtG9MRkm<3Twg4PloIp5QzEwnS zE)`J2Q-o3Y3MdO5&^{fg_z^F_I{+e(U%!32P|6Lgig-m`n+L~-6dpZbZPacWiQhkp@0(#g2?^|+e+2u$>~u6#y~01cAq zT$xU)9l%I?t7*Oi0yU`p;6OY63mGk!tsz#ME_e;QoKrOoz(LxYD+9WLoVoTN#fS8A zU%`H;Fjwn#;#vi zCc*V&zwd(>lw+)xNLA(F`Uib*&Dxq;SRfKR3&7eK;U1UyHR&Lp4Mft4Js+rS0~7Z3 zoNZvX>U($8@p2Sk*r@^nGSrY?i<@a8*mhzz&LV?vEx#3FEa?3sMu|68+xDj z!KIN^01ppzhTb{gv-rm_6gnpNDP`8RX$2<61Hf`62gG^-!yh}mfPe#HFD&{&fPkK_ zZyr{oKAlmNSZuCZonciBq7cMyMdah2an;aY*TO{(q%$BJ zB}<-E24g#=rtROwXECWfe_dww>4HMdyn323*`jM&mqnmXzS-CYq%jkq5}QEW;mNqr z;Vd+2*F(_#+nR9ONKr%vN;}*nzLGpGusDrB-uzkl`x(eXrFgy1ehmjiXoR{pnLam* z&<)9ds14odkD3bRihofY|0Zc+J~dVPUYDK&$AE2>oF3y-kN8th=RYZEnIFx+Ch+&D zqV+-^8-uTn!gD{@y@zCt+qHCXX`Hnkcm^>vSXe;mcnMWLdmG{ z9?`fARs6`GU|7@&CMMn=MdKPvE8H98`tRVHQs0t`At6eY#qi2Hs##oV^@Ul!h4~Gu zniI5bYbk|)Lw=jEOh#J*(WUqF;bZduXj-W?i)of5<1om4(3f#w?LuQ*KHH$-GgpZH z<{)DH;rK$X>{#acmo5I0Q+J0LPqj|$;`pLx-0BH*VmaYWi0`E1zFuHDhJ~Q$`j9G* z)^5!)3KB*s90*ynci+pO2b5CecMX1z{F%TkRN!tSi2p$VnoQg3af#?@E1pygjeMWe zvnSgZX!%!9VhBjD>?S-gv9Rn_!6uL!8Z&g?r)>%>XO?o_HK1g>-I=+H;2slzqoJXJ zYrCNrzaK(GgX>*r+<-9rsiHHjQGSp6r(8$gLBO$V+0yc_YXf&i95GW9nFQk{^U!|I zRAL-_QE>0xo`w>G)_(a0{8jSV@g9m=K~5kHZUN+e1wGZ=))H6iea`VBNjdz6x_W}& zW698!0yzpot{6`NdMpWfZH4^xTRn-cMykw~G`tO>pn)bVrHvmk2aGUnoVORD8baOQ zqjLV!5l4~_{1Q9r{0;F(zj!Pe25n zeb5|JIKMTXiNCDC%&{d8vdZF_Uzr(02k!+weQWwPhuj ztm3S0AE%Je(xqF_L$GBze`+bU*+hLI%O8hj+XmZ7BvgraHKOtEltUW0co!1Fajtpk;sb>WK?5r6V$(~43ymOVRdVF zTwX>rNSS$d6I#r`h#KmwuHIR^vn~8h5ME}P^zz8d1GbTHr^jP zFWAXZ7&=G{P!%@hX1@greXjM&AeU-t_|L0NCU#4NE!AuLWY=SU%Vha*pL_OePh~f#M@leVh zPx;4fBy3Q{ANsONF+%kCH2MOkab}Ypa7vdRO&3GWOMt_-q70L2QVJG37Wjzj53q^Xzv63lCyN_r0b6OQ& z5MQ^z5{shC7cIaO$uJ2)>j=8_f3xY#d-;aezMjoSQHIYBGhgVV3MEon=4n7cKr_%v zLVp5$4+nBd;zspf-_p?`9vMOZw$&-T0xzbrm>^;o!bY>dkoe0m2TRiK7$X zk{cj*4&58IPC=Ry%ZZM)HSevI>{Qh|M>I@in4_!_%7)6SfzFUy-1 z_*W;cq-s(5kiVBxQ!@k#pbB9M*+roq4n%PUVsb^m!YyTwLIm=HC>gk8D5Jh}c#Grc z$k+xWn&T56hZK-J-1xSf>Vi)*-tIlp&~T|_Mh%WMKu+3b8@8T&F&ZFi{M=kzTo)c= z7nv9*YL-jS3eKo0qfh7$qx(@b@IdV6xL~3~G>m}~f%l}4(pmcbnO6YYMNZr2l9aa` zhAbrk3#lI$jV=SXM~PiL=T(_fVr6Df{KapSi6J59;*a+?ds2Z8hi>uTcqJYc8_7-g z1UVYqU+S93cVw0;4ZP5e^ecZwuM`r%nRRYftu`|1^|zQ!CcfePu@@JzHw(Yzy|fy~ zNymTPrQosnMCZ^kn;FP!-cGftp)i}F_-_(WYXCi!29c9DI8(`o{k~6k-&Oz|!?I_^ zKY@PJ>eNik6k8kDS8x!%HEQ7VuAv&-j#fAajrHq#jujUY4_7H4tf!B8P%&Ia_2{tI zQ`-f8Zg`*uYOC(~df@a%k$LJZ6hDcUJly zFgTK$KaRq>cexBW+;6^*{aTo>$d4w_@TW$PX?vBkwe*)8=Xv}LG3zD9A)&z(on6$* zl@sb*Rofq?61~sOQTxeJe2ENW4n?g7@jRF7W(eVydiKN2{vK3)Jma#;oF$IG z{nHu=le81Kc9J|V&uSToHvM^0;$P)?NP~WA0*}YF^kk=0SRTl1&HH)NpZ~49slYg1 z6SljBCDLUIh8w8xS!?xtT5M0L-Bk|My8XLf;M^Du45k(GE}IRu3KHdMzvUuEfSb=f`#Uo&$NX5-SULH)K~dF$7U4JrqbL{ z_G`oI%{twy>*XlFirCmHQ1G+HiXu#SWwF_OJ1Pergv;>`^(eQmU$gIe>CePp_g+`( zdCv;@+pI3WWZ(QQ`l$)O6Nobpi(kxx>(Wb~SNpBnvUNGlJ%!`R9D z-{)G&MS=DUwc0y7K5tZ!Okm3q6IaIG5h1)$Kfv(x2ACeU!>NxszDNi^Ls!3uY+hxv zub!Hj!c;mh%Zr_r3Ft*z}qj9Xf@#d7OU6XY-W!M~Ef z2(xt|IE7TPNzWt2U8s(JuWA6dk zi7dPkl{C%I$#F-z%q1j`Jx&UCHt%}%3+F(PI~`C5O+__}(MvGkH607nxc-z_NHCL6 z=p*`+(56c(c<_TZrZraPA@f$?5cX-o=bS#paF~)+Y6e{gam{xbF-E7~e#J{%lM77; z(~aZo=_qE?$8CfkfwIaA$aLV3mq>9z6^ zc-jwQzW?TZZ5>yUK;EafzU<_HaMm8plAN0J&jJ@M9lJ5p5bcWBym@cz*NPimr?g&*59&|Z~!d5Fzg|i##C}!R(<>SMO3=s}c ztMN~slqMpoO^Oovyra`Jl7COq-z?%4g8ye*l+S;2h7Em`zj=*WB)~bp$}5_#pyKmv zwv20)mRWV6taZ*txU8g)B&gh&0Im(8yPXSuW3^%Y+^EC(&Br73NP1ysmhBGjgZ-%; zGp?8+^-No&4TI!Uh8W>Y#cn~1YP3iHUOG1hLbgIB@m`@*u|Il2zoFNqyIG^>*`d`A zm<^y`$({vB0qxd&=2);Ppc?Ie7!8Oqbq5*aUKXRsjgsB-Nbw%i zd?dJwohR+WxGan1{T#;BKkm25Am(lUqnFIAB+N|aMk4`Rica$F>CG*crdP~L3+h!y z(+MgpuGibZ>GUOad+QPPWE#q!K7W~wx`0BK6dGin(BT9qDDhJaJsEF~7r7r68M9&h zo7c$6;vng3i~@Z1ZC*u$&UOQ-4MNbZKE{TU{5Hu9otNKATBZ}xNpJeouWUNFzu=43 z$%yf}mFvbce=bdewnvb|RXri1#@D+0;}bFmIF&N+>gMl7G1M z<|uMtC8TJpOQ#EDb2gckB8TF`q2_U)pvAwzy^dTrQ|h6d(}+9#`|?t7O)Ty{csJ@RzW^<@?Fgd>Ssp}_LA z;EePDC(+y|vD!gjm>fodSLkXNOjX?cTMkoTZ~I+DUI(5K$sTVgm|XJ~6U`(iS>~ej zOLO{JeEwOO(^c7u7@r#Hw^n#n2jwyEjNODM31c0-9B7=_guL>-IFs?;4j&Bv__Ffe z>ZiS1)z<>NO9x39yFbr~)l^%#er%kpJ;OBYg0#MD#fz1n0E&!;vP=_)Q~Zvi zgWJeO41Vb~7}pG&=zue~ZUtUIzv1V1s~;T04)he=$DFdbn+~$*DcHRh|0Kuj|I{rW z9a&b}cDUM~WQBRKpr-tj$!swYLzeNhXwjbxlw7V>OM$IRZ7k`Q2tAHS8_zFlYNVv@ zZw;|r6;S2EZbNwy4lvTrCQ;sszEy)jCT|A`k>6RMT|a9eU20@~L*FU8{Jr%p&Cncg zhxS^nyiqR2YI>uQ0wKcVx>ahSIXWR?CQ`ulA3=|`Q95l^Gk?iFH_AkDTf8rZEUr!P z2z$84`QB1hl-6ohX!ajQ9gu$p0fEYEH_p?!($Nt0y2S%)YQXpu-;dbprF=y$uCbG29e?1mb34KVIsuc?^<`d4D3PUecgV+U%sS0Su;KE%Y!P~eTo{g6tQ zb0)MKdk6Rj|8|W(4P`%}ocNr2oi2UZ$&A-Eo_8;Ki;2X4s9wKZgbKsQ+sV#I%apvG zrJ22kz%wi-)>cwa7I3y#Pr7@l8NP%^e5Z2~sZL@j*ZET|M{28pacDvt=iPgWr)CQl z0)wD#?crr2%P6aV1O9n(*aYckY!T7o?~1HGR&)?-n;hmbN!ntii%~I7291+fo+W6J z_xrUQV`X`toJ8fcpYOUnosS*~7&Ob_m5=RXw{9IvOkwYO9Tt&=eV4 zw33hyKzQZhynGdd&9$_nodf3M-29RFoJU`7{%w&{0`?4EU%)u!!+7xxs2#Tc0t)`A z9XRcZ>02%(P=jaG<+ymqJc7^SIh*?L4zl^yk%b!D(HjyeIRm?wm1a|ilOPz%ulq=i z9~=)6Ola0G*`tQZS{!#wd-&EKb%Q=d@GnfWV?tx7kGs@+A+DYttb4YX7{cv*7^xSt%tkQIdZ0ONL95YM00vGu^ zOz=aYmlfNaHR*MJlfJJ;8m5X|BzSXf^-*pvw{BUcH z+QZ#z2D)(2-rUwa;4J&LGx%d@T@a|t&m**2O{afWoO+CV0i~A9yg|cXo7S5pn+EvZ zTi|G_9T)S`8?Pgq7s(i{FSzuqx2iA7k+{$xAWWHwOL!YX2D$!V@WFp9s`+`4say5q zjZoA2?7q4G^Jyf^sZL41A%jB(HDMxXnKKXXa;DEPy_z^-Mu6j@Ar+z!-OkWC(G&-p z3`?}Xov%jY%(Sx7FNcdgx4NIwqNsj(8!1SN7MWpy>`=WmXX-UJ_}=fuJ*3Fcg{ZRG z1mmN!S<@QEpSvKExw9SS|M7H|QB`$a8$NVNNp~vJ($Xm1N;gPKcXvs5gOv0m-3`)6 zD%~y3;n2;ux9=F=563`avspRUn%8|#>@CB&o)72wQpsgfnZNI-PDGb@H^b-4`(ZgjO8w@8|9&*O#GK#yaOP3bs;LgoY7AmPz>DB*m^sO6lEn|Z zO5dulK?0sLn7gsD1Q@^Ip#rrWme5l5Jaajd_baNjDSq2%itjPCQVK0fpNuky%%TJ0 z;iqa>Xy+&4BsaX%8le_!HYVd-^5@5h(Ui z3vDrKq(aN-#yHD%i04N@B1zSLeY1$)LXi84p?7DDGj$1S|v373S+&V>eN{ zbFjh*svdhicXGp4yb^PYrfAW&78=SfZzIembzZGDj_>>pAN8aaNBb_h2wk(_xmBJ1 z6Yn#v!wRt}VPBoWdL32Sh>JS)az}va3lR@3xr&kO%3IQ#4s&PDOCwhz&qUGljEVJI zVEI)+S0ys=pz*tQ_b0k;9u#ggdocpJtB@cNx%r8$bf>4C>aizI)yiu0j6ikMT|9XI zJI)V3s-G4wK3hgCJji#*$%l%m6wZapFRp;(i(_XAahM0_A!0< zOGnNP!PyorM~0XmJq_FiLzMJm+FUT8E9E~o?i25?k5-!O*9WVFq784)IDC%wHkHn! zDa%<5{HI8BE?UGrW-zUr6(yW6gi=tw*`sl1Xl^aJ0t{8?-MB)i36T_pv2}$t8>fh% zzdGNOd&Uj9hvAOn3D#&IS-OhHr_ZZx7##_kgqpRzfSq4UwJ0VaQ1wr z3;E?0I2pCKjQZ zEERULw0l#;PT7C0?}%E}=138y7ucfbZ1#d~^6mT}WS&abUQ9EJyYZ@+d%rM*>+?Y- zZ-$R)yI^gqsV#M1=Z@Kb)`e59%57O3+nDk@e_}(w)uRVo*yWsDMJW5ggY{dg0ipD* zpy4@>VX!99h9EW5=*j}jUttD>J%AYTZGO5tOcNOdVoyWGN_)>9yqve~o@Bw$+Z=Ou!xJjuWRIU(E#xBi(&1|9WP6AqEXV_|B1XRT7RTw3ruHwM?_T%yy6age zOEErF#^4N8*=arOj~(7D{D@n>7j;KvzddmD*&8a0ie7H7_E@8EZom042ou&M@9}Rt zA!ZY;MV&QOU=dp_LC@~dQ}9ZTe|?a7qola9xSfi(OqL_&g*v5DUwf?7emKR}ff~Ug z!}mocJjN+n>%H;Fij%4_6O-FI9Jxv(s$UgWyHndSv@g6!r1}eMd z3zQ%dVr>1V@x}Jt6K5FNrW9~N?K&6is+(Rm6KrYx5TfD{XnL53o}Kn3UnP*~M8q&& z-gon(+?@Q6UwXd5&C+^MM*<+WdikPmUP!*<)^V+1tW(Sb@xJ-kkG!(76JU{jk&P|)?_!S5RYv%bG{TwcZM2hxN}d^Y^V=-Q*>+)tzZv2eVWRvvOjozbEnyHL%j~CVFsS zL#|XL(AW+Aj$)Z33`DWRk9*wn`r=|=DTh|+nUtk%OpIQHl`2W!4@rvz0p}$b#xoe; zghI>?$gFGppP%q}D+h&796h$k*4~wUxd-hcz}*{EN|9VX7y?xrn}OnEpXR0_-}pZa z`jeaSKgneKKi%F`LhmYNE%kvTMenOLy`Z%A?N*K()D)BFW2@9+Et>5AJ***;eBN-43?k0an70zz2yZuC)N{kS_e~ycTosQAv?yQ_O> zJgK!M^~lHnRSx$v)$brHz4_I9xIZXLRRm7k>r^M{TL@v9IV=!|)zNi7Z*;w8V+TLk z=E2CHo?OAewILT!bpdI^W^grbHrjPWt1j9VgS;+Umxyq#Tvx9{V*}%m2W!;U!I!h& zW*pXTwY2FCsh_rAb_4 z81EFG(suc}sD4_NPszK*m=Z&LOv+6_>OEW6gH!vSBztB#A`*m|nb~8yfU=>C`+K_Z z!Kb*$*|<@2u7}ZyhZhDR}`= z@2%B_|E?h|QY-xKRlg)fwcPLq?R%_xO@n7vq)B7_Zf4gYt;Z4K8nMkf4)wRFwaA4# zZkna?Q!rprQ6)I=rAPbvY4uE}!~UVgT9J?uu?-ovh{u>;E?i2^=)qo!fZag*nb$Gb zW;@5yl{5HlA`18ZC!JrK;|a*Wd1x&?;EDTZ^GT@tYFteiDpQDY>JJtW?h<}6o$23_ zD7#r>ss7|;Zi!S7;apvTU#;j5sxgKp?6-PhCwdbLKd7R(_v?_I=aKX|dxtsg7$>Iq zUsu;T4p`1&K7#BYsO~p)qFTy+<8v~vW49%BE>|gXg=sEmnKa5tTK5uof`u+8HYd-HAzn z4goM=8~55@Oa(m#2J3Pz%iFnf;RUTo*4+CkSQE5pdRlkf>exe6!VyJk{istHaS`Z~ zso&Hrug89Kv($U(fm|rX?EXoUyd&e02rv9+a?lxvN+8<(9Vav~fBevdiJKe_@Nex& z_>UkX!~Bt@xk}?NRP$Bj0JEc>AdqfqRdS>y6f+Ga{jSHbnoBxFM9h|~JeGp|fm2v^ zmTEZM*a~Y$Zyxnj$J|EsIVUl%5f4@2-V^4dvUzvmOQ|zh_QAv8OsDQxq}{sz{-={n z@+;2-EGEwrr>5oTWQJ%w_FYEyaxE?EUU-XdQbmtpSQI?~8)B^0R+lA*i<@)5yt_%{ zw?UM8AnSBFqqzkvK&yXRr~v;Hc0~Y6E%CoAfekDBIhCESIgPM-0QX%DMX*&sq1^-U zY!~hFxgSh&-H`I&rLCE9;3SbBi+zOPhhpS1KEH71&%v!0o0tCnw_ZneQqmi--s5x_ zPgGt$DBp|};j9~K3C}2(kXv&HA#FCWENewHlvZ_|M^uPy`CGk^$L1l0h&nhuU;kg` zj$bZ5b#yvO-~ITI3A?z63iNco0a4=H9b-ghA^Vm}0i2U)eJASHzB0!jqBba@V!ew^ z_GkErNXdfY@(ml{P7hV|`a0f-#c7O*vzFOT=1*1tY_fpFquLc^oj=zg?!-rA4Yu98 z1d`k!F(gv93j`j}2ynhGPP<#wk$@+O?8!S~+aEuEc&wi1gb90JZD-%%FMK`jHaWI> zCFf#E{N5$FH5_$Pc_H3AL;0Ao^gLjMo1ArP|GH9OQ=-OK3IC#K@~nz*|AO&RSQ!4pl>x@2RTFN!lpEe_aZ=xuE*GU} zW1 zMfyXv`W&nGz+p(14b_&F=B$>Nc(pp2OK&|(m0H;T*{`= zs5C1ZftR20`mDGLjaZll<;y#OfpH-G<5>Gu;aZW2Txal$O{dus9y$fvliv=%yXE1+ z!%7}Uj5@~Sj>{UsWcE#{;Z5k5nk%;jkmg@|I$q0JR&yAl1dPqL02J*vS`s62K!^AB zCZGQ~A8c&xVazk|n-zSI?`f;U?K#&cEpqE2hI`Iw@?u$}`%E?ZO}6hGe8Y6ACY-yeH2GCn+TWKjiV z8;M?si-x3i9GQXX(5A=vIL}d&(=h*=FtBiP<8eB+_k8ca|9eaZQ`R4Eb*w#}glTph zs1L(G*)Yt-PDdy9DDB}C!hg6deL1!&^yNPZ5!;Gx^B1QLR`Qiv?~4BHrc{3w*x}ra z8C3}oE}}K#MH@&vUKHw=<72@0q@spx&g{$aa`2UUfjA8{ zbAFH69ww778&8H->lr{iTw}FUMC!}9Rwk_S=Dm<>*o_wE*H70Kjek?t#hB83bszY%&G~8AgRgP!H$*!X`gSDW<)*Sz)(K%F#A4Wfy#_6n zQU+oDOE$@nQcVL0x>`ZKxZ;Jmghx;&Y-*d zw3v1mg}x}B-S8lSR?_73rq+-5x$J6GbX1H-CkO z%~+hsa$ho%kxIabsMv_}_1KV%JM(3dmu?ExM7Ak_vhV`ir^N<1IAB2OYzm;h>%yOx zZJ_&A4q)Z94xIKjznu3}EZXq)#sMQ~1Na2(DlFE09lV}#Snm!jigg5h(>B_=?%QC{ z=f|!=z;7jm=qFZP0Z-E<6=zHdP6rt}I-fVDLlLs~e}kcl?Lr4blv=Ih2LeU%yM^~1 z_TyWexvBwUYOhl9ZjBqW-f5#FW`>;oAadZv87V@6*tx)c|1$??j zaI&rY)=Eu>kYr-V_pQnUgzu^l9M8#mO2HU%dHeP*kGPJT{qx$MNu`E<<3MHK1JxT~ zjD-EDY()owgWmt#_w!2elP*Nf*FS3=gg`lQi_-XGJ#UYNDYn;O-JWOZx#QhrD<`2*BrVGLtpJ8 z7iWzm2_Gs;;WBD(V^?J4$Q2H{_;{#qYeoUN!; z!*L>XIur^^eyGz$$W%9OIQlCn@fl{ppYd6DUYWK{a3OtT_b$(`*(>eQhzc(W=pNfX zn0g5v8k^qi3y&coxyHGb@pLnp=>7Ql62~$+MsZfRsL;tX>jdhytQqy0@e3uSXn}K; zqNfd?hU&HBYWKe6*hE_;p1@0kB(10aG*Tk|Hb!E_e$0Cb=A8W3B7_CWJsC)jzM~FlSuD?6 zD405@b;S{Q8nk`dWuVq=w6TO&(N3mMmJ-@uuXbq8>nu^1tHlZoQ1Pw&`&zQp0Y#gp z=P5`>Te5|rxK%7}r#KD2*jF*(AO>#S%vR7{Psg}D3(lmKeJ~=PN3l%l^Y&xffq{rC z+n4RmSh!fN-{r_dMY?<;GIl1Z65 z=>w)LY23;W@>dHh9-4xL7tX5Ev&lAnEk8^>%x(mWH!ArYloVFuksmJ4%P|vJbsOvT zMVoA|o%0elD<~iw(@-O8JoZH60Ae*%!9R`s_nkDPa9rPc$wkykMUd-@>JQCnaaB7; z1Ru>BjxbzV8p2=u@e)?ZjWH}9Qjb}V9NqXBf~>u{V!qs_tx-KJ<09=?#^w#sR5Mbz?kZX1R1dZmB~ zd>PaLM)$4x>SdqYsr5Cfs{u8o+x_^|nhboRTj93tmNzgvn&>&UA#cuC`W1z5ckK7> ziY!)Ncb8Ea2D;QU7uOTuw>o>|sI_VwJSi}qDh-DkL#Sy!Kx_}LBR%emql@Tv@;aB_ zzBIzdh3Dn&5|>w9s^SC8M{+9h?-NWTYk$AmRmgycg>cX!d5>Ih;dk^Qa*p*DnRUbjSO>mM=J zHTmOyP$>ucS;XfOc>S3ak5^39@(1&;X^rF`bZoI2SXoq7|ZJV)q&`MIASZ^Ykz(DG4i76+x z2EKK%*VMqYjhc6@lu`)FBykmc^;edC66!ZD~3sm7NnIjENiyVG~7D{&S`m<+Jn z6MVUxGVO|-3xBGDu4GbZ#?mieiD!#JiSkqEEdz&G8_7&b&6n(x_umC$r$S6#7SFtA zVZly()rR;fMl$OK=G>gk*CDPy36yf9C9gX@MTb1x6)JUKQp)yaWR)IQQd5WcotVmL zaC$g8Jp7!Zl--{xN&mk-@UU6&~`m%%Zcfm-&d5_rSXhdRS>t7hHsV%5@)lO8ukG6w%ZQ)_6S(pmo2 znhxs5)Q6lB|CD1qn(T(D{HHszYJuq@N9qS%f?L;{e9KQvD~-HQ`>bUpZ{^$9+Ie{K zgFkMLu*gcnN`XjPW~PN2?yc&1maY4SKK&{?hcT^n=crv78~|gqDiLUB44F^gvs??) zX;zrQCjv`Jr+(WfKAi)4gS%x$HC$Kr%MTq#4PgyRkP@0xBRWVKJz@;5YPY>0+#M(X zF+);7x~;%??RmA$wR0U(ZKJ;88Bp8zqjGY^s(^ zEw8V-)zbT`XdJsiPc7tdMVZO4Zefa6L;iyV7#poAzeX;x%s?CV(53oGD%r~{?%>W} zA-Gv^&UeL@%4#%}C+t-g|9eqi&kj48uXbWXpXZmnvmT%(lGP^q1)hi!w;gulmfeJ^ zf8_Ri>`SuIC;p?Ld7ZT|lNLjb`^TxW?3?evUpn;>pEzVO$D`*#fB@KhPj%SK$<1Ed zX&LvUO}lR2+N9xcLrGJiBW>RvEnDhVUbQ;%CL7YYcO>gI!9I5cu`Wt93^_x*&_wRe zym2MW{gKPaQwx3B=|-@(EhIpz&sk&1zm3SZ`?N!;>lbFljQp?^Z$L1?mQjDRZiX)s zFe0pvfR76{J6RY*H!Qn;j-sX)Bps&og-S#Eal%6c_}*2#B@i5(_6n{D_?2xMU2(~` zP-(5~8e>S`^)t9VSneE$|#S~AYC+30+9%)jm(mFR1QrPZ_xL(n(4&X_~7VFJh+2jhs ztpd78G%M6^Wru*6!y5P~dv`bi3+ib#^&XL=Y-VYdUPxZoOB>ca_&6>>==Rcb;lw3H zEpx(+%DHZC1l~c7!7|3C*je~>z?T)9ioe{r^VPlkUuql&P72f^PDfg;CnhY4iM;&o zCX8-iT(O8ipJr}b4wJDdoMT%jF)zz=5%8DOsn(Qnak&yo0@ zS1y(Ag@okg6Bn|GwtEb1Bzhtye!~lQ6R>l3SrPyH>)goq-gP>c!0it># zp@g3lJev3vx|C|nu#4a6B!)>_X56vb%KMc7FeY`d)b`{rm-VpT+Y5E%oaU5aZi= z3D~Ae1|eq=F!rmntOR)L!*VJOltptdUw5@dtM8#dHznmM$}TOiq%TF0$PrQn&KGL3o*+UJ3`vdjPISkJh;RtjkY zN{UGO8(rqh@|1%9aJ^&o)@JZKv4jbld-g7G8l_N80Wl&E(jMQKZ5s*u%U`O(+Tu-o zGYM%?>i1bb+Ud9-In|Y1wFC5RxU@twG)yeGxe*%~Iu1;=(YftY%CQ2Im}tLs%j1-o z{Y?Whm(tWc3DtDhi8FP2G=48us>1NF5Fgv^Q@#ysYXO3O;9vi?I`IJm5##;X0|9(~l8 zgB`gZHP6L84f$iN2WNfMd7gMkFD=Ho8ndx7T_=;kBRAjKDes<%x$;qSSUF<&&9q{j zm5Swh7ol474tU6HK;|Or{@CFSr$% z9U~gc;{CiLrb&0o87p_qdF!rY^Fd^UD>5k-Px7TIqB>D|Zg_pCO$pVind?!_MTfpB z0xcEG-zUY)1fzftR-^8uY;TS+Ym93v?jB3xc2L2&7U0jXfy92rnb<4xdgVV1cr!T9 z(JXGBDsMqshFOdw^FJKZ9(G)Le@&w);PY$-iNDBx;3?Qi88c3O>Gn3+sUN=oMF}DcuQZIRl%*L_f-fJZf`7cPfK8X+E3txk-lCve){Qr5hXv= zJi_W14EJz07WZR@?e*r$iSJxobKmTrN=pe;js@PHJ+JJDgjCAHKFoxE6N4U`Ue3xP zr}l-~W2^fk7%9fc@E9+$PWT@(KH2~ksHybYjt8;*BXKNY2ONl#D-*i#{kPWm8+6Nm--}7tS$XVn+DD^ ze8cOuV&uNAA?ux;(wzaZd_J)sqI+rW8tCy|0Kj}B;__}T&~&6R>sUODsN*q=www0N zmmM7Xib*HV?={9V^HHXJT0m-*&n?LI%8Z;jF*eY6A2a)4XDyb;Soyae*38=%1gF@; zw^&8e2mC1qAGqK(6n1YZys^T>Hq7US@L$TKt!Jq0{7QvY_O+4IFm~>(l=$ttbm}{+ z=FR8kdiZmdpQjHIUExE&FTag$=0IGh!WuirOJH4MYs99~M*NeF6ly?In$~vxW;kXs ztihx^l-64h-DpMIin}q1orTuQSn&4|@908Ad~XL=B_^|2(!wUW4X^JfkuU-Tvc@XJ zZHx&MCO6*q@Qt;E1Am=H^Yf$j0G5&&cCxP3Tvc!8HZ>+AoX3eBi-(xWN3c zjtl6;0@??Db3Esbnh*xcMB>A*c4wr#bze({xDN+P%>#aJzYh7AnU#=nE>FY6*zLCT z=aLyppgF^t85d9Rx-xc3D?^)6NQCI+OjXyKEu~y-&_xx0N?MZe8Cr~#vN9<6kc8Rd z@2O5+Cz+>d)ULfg47qU$8gS&aVTfL0@x=ZTabG(Xv6^0@-c`VNG@Bbp6Y$EPck>A! z-+oZpCS(zZFSsEUMPA`+ScJS-oH_wLuqV_k*`sB~OrQ4Pf!gelb<>=Qsxo{U zIoD>943m|U?`8!7DjkR%NsO<`zAx2yMpM+~RWrBx^X~Er$L7EJpl~v6=j3}j)KDmr z2A@{qG-lD}ysn=|)sf`=o_h!C(naHDgh#2016yl~9(GL?V(yp}7|2c#-l7 zh6)yH)JHfB`Dn8r+wmv?R*}tSp4rjvs!^(xB^7Az)7%=oX{nVwiwpfw252NRNI#eA z{(u*&5i^7!s$^mCbwCJ7NPty_x!iai3e}Pb{Q9u)pD)8~2~BDkYs65*$CBZN?axInlyZ77tAieVmI(aOE;Jg-(3Zmjwdysgc2*4}7gucAYMS1?_ z)zj%Mke~FcuJHAX!X0QmQEj0^k12y}Z1wwL+KN3>n`J6zQVn2R>V1O#jIlc}cHnCI zHHD8LFJ>65A55+Q(OWoa7c)kEkbV2MV61D%b?~?%GuxpP52@9or=hRV&N>7hH+8V9 zU@8gyLRGt6Ol(Zwt4QNf`-OzEQgZ)5m-bo4bvn>d9z+K>{aB7#-af2a1GM?>wIWwTj^J@l_-&Uj~}1RpU{f7O*V6ZBAu5wng*}-Ag{&%PrmT&o6J!$40XcVsAhhL1JUmA_soa@`|3&g|#7ZgcI}wa|!6Gx5X~(dXJVZ;}{o5Ys!ZjcmrLJBxM%$$F{-{_q3d z0G_e7>S`uEJ_BSm*0%JaUPPUMyvbN3cPj{kt=rvi*L@Sb)(10x>vhjC(I;u2%O8fv zywWBP6oRDS4FMjT8ZGY4MlBoN?gpgnOTNm%M>6unRr||Y8GxlBpSt5-OWo+#1j0F?$0|3c^NZSM2K8c56 zZLI$ce&?_bp#+9aL+&Hco-y)lEr^40R45S8%i*2VHmb-)KK6z<)g8{iK?wM59W;)@ zfF9=qQY>48aa&-imglFnXELzeVE|cD_&5rb<%!${Kr7(cVuDSxI$#-)=FLcE2Qb+} zar(RiYZHQo(C z#NlN2?YMOdHqtNS-6@y9Ouh5*l3p4K7O+>1d>238{4)yyMK{5S;yijSW5>sx^j2nt zSp@AIr>zT_fsMAO@g7jK17TC23{_I)TVeXI978aCAR_tbE#xASO-VDdhzzwIpl z0{5f;kry8hPS)wRWgHUP$8IaSR3t%ixEIIfeIK&)mS3PriFnrc@Er1Vx+&L~{N0PO z_n`v`USr;@jWoagv{U=1v99-@@IgTQv^K5d#hjtPu))Q5q7C&bFLh{}=%uRYj8{ul z+lj!#uc`-hyN*kZ_Va9LpYqeTGIFkOA01^NQRiuB(!fPcobL+&7x9lQ5k9t**B_A< zz5BH6GNm|QXMt^So;kPPgTXGLKX)@-A`)649oHE0_jIEdq}#xGpah`q&*bA^$2?y4do%tqvs@b_Y820li zb~9kv)U|b$#a=$wY+i8!htu-&a3DyasJ9d|mo8@x4{4l}dOdZh{w%po56vDf3iQJIcFP(5yt9SV`$ejziVAhKu|Otf0_YH$2E$<}65GCB$yB zYBDTKs5B<1G^;%5ZbPkVrOIqf=AmPg?YPHD^V?Q$gF^SSyMxK#sIt1c$DrUU9K_>5 zH8+w0D0%QE@+-M8U?P01o%2Lc*Jkb#esr>KDVx&gN1YLS67QNxe028AyTmxv_=j#t7ZvR&-S6DzXL1Q z^A)H$SB14bh^F1$hERtqWqulSAc*J{z8bLN&M%!GS+U3Q`+(spUi1=Kx}Er?8ZiVA zT9ZHTP~I>0mtefRyUrcY<^q3~*bd1lC|k0K3ly1|$IN(xaIsNH^I0U=Mcl%<0t~ zJNqq|r8QU@f_rTcY#Ct8kH=5~Oqmv^`6=pJD`5cAgd&zi_{v&XsW2wy8O3iM<@D*g ziwbye3csgae@ei0jI9$!)`j~I_^1H(OV;-bXpMFxP=R;$d>$P{4)BvhiYw?Ui3c<< z5d?(bkKVyv`It6p?qHQUF;(cP@7lF*$Hc(d zqpGDy*WHh<$bWiOuvx(!1mF^W7g__1^G{~OTRG5}upe;y`uuMncsLvRw_X6)AO`4h zgKR?F_ILV0%i0^_7yhPw9f|#mwV2Sx{a^bhb00vt^;qZ~Uu*VPZ3(tDxI~%;Y+IjA z3L-`yx0Rnvy`wAi&fTJ)L3u1t+GK7646i^qed`xK#)rC@9k}y zI0pHD{AGzr2iNZ-{7V8}V&X);pjR5j5GGp6p_Jf6YBs(Wnq3nQa>Mf+U<`Vtl4~u= zl-kFo>ltf(g3u4JO*t~{x}~%(w^%IhBQYHKN*aP3dm~1T*<#vdA*Eq+AMt`Xte1_gWr%yhv}3S7?mYg&djJkbYnk2fDz^gnbrBX zSdSP!IRRgWfGf(WiRhJyM>hgx0BE{!v&|qH(a^wiw9>}+?koFH+MLhTf<@DF=f+nu z2cQ64$K&k)nLT0vW%^aIY9=VN*aDtma9>x2&F^ta4H`5F?Y+m&bg9rSgM-UNO$V^r zV@nUveuQ1zrU9GMiyF0%r zsk=7rj8*aAm<9A$1A~{h@4F6J1>$!C zwZ|O)7~wPiZZPcpx-Bslrckw^_>E2!8#tyQL*>p4O0U-{KYzXZT)Uh`hk<@ZyFxCz zLM>V&LZpO%b;z5nLvW>6qp?*tsOCe?W~$g(Cr0Co5NZre6ePAh)qtr zQADa0>(1t`I@azx-kpzfIqpr;Jj~iZYGCy7@$#Mm)fjQXH3_mV?YAwxXp#$7V*{uz zl)Q+C8}9%7Z`1sLf)fSO&F4GCCpmZt6xSgIUE*Ls!5jpL1K_=8{zLWB68+1r2qUel+ zvYQ{JzzH!LjMCsQ+s-TGY8Qh}A^Vt$OXmn&WYQZf#Tz|^24*0H8rjtUI4^CgIegkk z7KrX?Wouesc(M$@TlHSuCVyR%JN|YR69t|KAb=`0_D<-Ns)#5U4~2q~-*UxHX1}QngjYWjvQdW#lC8YzXFTYfo;py zcEkzH731fp$7aBw&8VUuJm>(;1cL;$E$^^-Y+xAvTcrM3ZU7+@fqTcHz9TR%SqK&J zT5-l&;^1UOS71fg#wxnL~A(K=l)ZgMe)s(hbtlKD)r_ZT;qHrR(1P1^}xB z^*nb{JdUjmqrl)7pcnzRbz=@NF97%}IHCK6i2)#jhch3jF&Tt#Bf)gOx^p>`)&ZT8 z0hoV?{9~CsfO$wUZDw+Kb*S?W@`Gz=rXF$$1OG|_gJAkT1S#jl_(_zSscCEq(UQ~3)haUjT9@nh`kI>G^0yhr|4x{o^CT3|Buk6lgL_Q% z>?SbQA)qS==&l2jlCYSyn;0+vBbBgV>%1|303L+<1XRoWS7Flebp8F&QWG||-)S%m zJo?=L8_C~QSl5njClaWk3Fhm%9s9?O0mqjnOfvt262Je{apW^NkpES<1ZNtkcsd26 z0c^mG5)J}x*#8b$w)Wm+PcW)yT(B-!G>6BKIAsvvuo+PyH{&*1*4VakZ0E5!mGc#Z zG(A=h4Z`dnXYFmL_ISO=$jHcS^&|L{Pl{uoNhUmyPk^;`6A1o@vB=*+tXaVVj{hdC z-zI~fvHT^&lG&W?bo0?9?SEE9_XyKg!Mkv0?-4>wM^(LQvqsI9vIpo6?O$x$&Aj+i zrY3SJ;qE+(SV&3S#3Ba}Wu(c?-=(xdFfMjn2ESve4yX1pXU@-~g+!)NOD!ZMz)mz^ zl@aZ0dmFg|9y(RbD;3-+BVTA)K8aiiOeZg%$^>9yLn4Qecb>fuJiSk&uIICIGi?@5 z3a_61c8H(u)`h5FAY1Y*8F%&_mrk zX86v#Mbr@!j-NFeS7PnmiuQURbA6X=$+Vho9mi9T$G;dZl)@^Pc7r|tij_9lO-?+< z9^)}W5@|`66h)k}WgA&L+!=HdJouFKvub*DGOKecm|Bbao)Pv-!+frar{nspV$r$F z-l(dz7<)@}^xwZnxW{HV!BA{h2Ck4}vNekXv!D1R>x1H4@p;jTOMX0F_G-}C;1}vH z$j6nai}eaXhc_}|7ELzW3=F!Bg83b=)EEue*A#c@AKEkRx3p&*V(zp7-P!%DP8KNd z>-%;ab@|O1O36OK+bHX2aXV3P*jK#9B!@FP)7NkFWbb>JJIUb1t^JH56WmCE@a@w_ z7m;Fk-<;DXVl-0tD3cBqpBP1uEZ)?o5C2_h6v}nb9{;o%V`LoKimT!C`bzBA+DOcB zFebeLv8~tFrS>Nv=y<2H`vyo{xxa4nvx8j)lNInc`cYNmRweqCO(7at;b_h+G_Wu0 zbNZougN}xX>xPbbPd$2P;mz@@v43KbMRm1B!BK7_Rmq9m*_<4({HO97Z+n3#v|4f2IF%*`Rxw69;!j z5b3}6njGo30V;gV{Vt#s-;=xRul#?h^Vt-wQ#gKTi0e zD=5Hb;rER{M%DLx91kCIW2%5u&nakn(L!GJ=aNurt#O|%vrHu`OTVxR*?;pY6ncUm zz6H31Nri{@F@O3)GoT4`sOQ$OsYDC@)Q5&JXReH!G3MsAsUN(eh7eTA+U}3Tdgp1c zgODM`EAXNH^mQg(8ief0oO1kAJTR-cuLk)lQ1(&WATM5cqBmu(btJtHB!SBTBm&vd z{8ezHwoOFG7Th-jqe0_R<`Q#O;dQlovedUDRH8e^7Ql1HPn@IgtxaV!t&2k5HP zh=85GDa{y=C93sx>=AU&(`Y{wjJ3-CCq$8~NOH(G1DPh!9tUxxfg%`hOt)i^z= z3=jC&LqXlET9y`)BlClg?1boaXh1C4DACKAsjut#Zk;?=*kGsRjcy~wmozHv^)tGt zpI^j<*C`UWjbBg~yF918A|T=Zwz~f8ayb0asGYefXHHEN{v|43?` z){F~z?GBzgE-G0O`1<6kimJH05xFCMVUG`9RCeyy-OHi#N{#L2eMbpiR&u-DIm7CBV^XfhCdQw8=;C7_T8CpVEwsOZqszR>Pr?fIqvI;4B@%F<80wdcc}v6)#l!RH-61F3^_^yfp;+ zP3mhJL;HoNk#qX@fKTkV4p_EoeB-PJNf>_suPfXuZ$9$DRPq+L-8qoU3-EG>EwkS)6%dLUR6eCFc3$@vD_YW|1 zf8Vzy66PZS%hG7GWR?+dWCU35bQ$vJsMge)35HIr%h$e<0GI^;4@^ZHva7AKndT>8 z)@@WZ^>-T)5Xm*GsROF{{g;F162OA`@+bvm*5Og;`gZK!OD!mcq_eGVli2zvTpBiYiFRz=O%@qGzn1^bc zS{#WovB{B$-L>nt7g=6ZUxx3qfIlV4o*&+cp-#TjiM)xe)`C~J5$`h!bJW`1FPLfY zYolhzBpabUS()eG5$gYMwEPKBG?~Gc6E@a zrG`Pr>e?i+Je$*PxN-(cji;>p^@JJ6`TQ>=vf;Qf#DFU6JP~JTD;>3)mo9)m+@~4g zC0yuzmTbU1O|^2wgdLJg>`GgHm;D@ZakRa*@*^ka!JGFueDbM#h{EpmeYcFYlwl&d zX!4CV83CqCQun6`NKXfiF+#WtwYCKvPsOePH)D(g)GXA``XGs!5WiN2Br98_D4W<# zR~RG}K8Q2VG8yMX{Xy%Elfp~Hf@}mwh?7JJj`D9gNriVGnw64^Xi3UY(Kq^v*c55V z%k278BL>|PBk&gBvYP&nrmqZ$s{6iX=q~AI7`jWkYiJl6r9nyQt|1+|TYBgcq+2>f z8l(}BR7#K%c*p1We?QFUx%ZxP_TFdhwbweAqVBK|k~RHrzkyr1SI=ID(iDp3miZ(0 zJ^sU9BX)y2__VwP8(@4;|5YJEN((BZg>+$zP0CcjQ8ucISxV#)(S{-$P&;DHCdH0a zQ4pzfA8_qw4fTM@I-}_%PSF=46?Gd72wndb@-UlJ)Q%o${JEu#rkiqOX$HHQV0@E}kYlY3A zh>!_mj$>=$NL9K|%6+2d$_itT2x)FA0wm>;OS+RO5+`jy3u~;iMvMl0AKL1+Za3Pl zakXtr{K@#3DnS%Si$(PxrHqB43td#|X4R(Bqr|DzIZq%idCcjY8xRzm3@+OJd>0Q* z75CuBOc%xfuyfXSwn3=)OpHe$}i^Q+NI#vR88Dyz&xZ!eND1=v5Uj z0NIv$G;~f^2Au2TMP=~**#$T>A5UnPSev2ejrT96pxPRJ%X3}n z-`bR({>N}3_E{-Ld%D`crh`(h@r};eaODOho3dFt^h=U_pV_W5__lK^re|rc!ol@^ z4~0oq(9oHllaF9OX~4g7@vU`_CN^Ae6C5^Iwe5fWww&ZlTk6y&4QeNOBPn~?D(}@A zu)!|eHWlv_>tVumpCyMV2@q>85$1Dbl(aiP>Y*FZ>a6!O_nNBjBEv@aW9jEqxz0O! z!k34?pX+G=s%3cYsIMmrUG^juQcz5`toRCIKWPNSa@l9;Qpk@fS{EFUWXF?MswM5#m{d3n&Ben*Q~<|NVb)s}*J6{g2Xi zb`kb3nJzQ$%#9^a;#Ayg_t^-q(e_vXA<^BF`~$j>T-#=I(_;}3jb0D(&ap`?wC#x? z`;<{67H)hB83~ZmUY{=TD-#bQDDxk8pFA`D&>ntKb!^Jo$piA%_RC95a>?$qJLm`2 zA&b0Zso7U-h-s8&ZDO}a#9{%!xDWEbPWMk<;eJFd?Hnv&DEKr3i;Vz(+!pfEybI^MJ$A?!RQ3;+g2j;+;HMUZ#%+ocWXT{EV^TKC z!GS+*40q>E1<;Y;+`^_$rF_a$bgKN-^yrTo9;Nd2kp zYCd}M&h+2WpoV6JT#Igcj!I%jTFb5hYeSQX@HBD#fUr?autpg*vtFhjg^*JT(Sukf zunf=x&{39Via}erz*eiV8?M)Vfgk5kB{3QPt@x_E5lqPKE~5?Su5l|Ht$ zhMwY%3)rgzFBaI_!SxJgq`l~9(WuqJs2oEm<9IXxcQlM`Lb7}8^8HziiTub8$)$`4 ziWLdxZ;}sBAloQtp_Hq3LA-O<*Qdh~@9vBJYdKjvmHyPHE;;cG#R{@<8@ym%^klKi zXYmAwT7>}YznW;S+{SxuxCl+s8z0G^pujTc1`5=RTfcHL=F6R(JGkg@n(xU3~A7PQAED`3Hwmx&I1H`)tYaE;DY1)G(db1 zJdp!1xOKxW)MH-!X<5^$4#PWVff&!(Kl0-Y<}I}&EE6btxgLK(l2vR@E!%e+SXoJ7 z->nx#QFsQ}!BRe^^45<+&E-NZTCkywQylKU%+3nI%+{_t15Yut)P~uO2zh;(A~E0< z+-zLnV4$6%RxiyJFjDXa^)6w3cRm_u?F);+2uU=!{RHT&jN+?sk(`(!fglJ zZtE;fnO7IMnrW3^|I1`6TH%j>uATfIHBD$a*N$95gAm`R!r~y&?@Q$!qRrRDx7Tu= zfN670gLbcpE!AWNNCsUX-A`!Ciqmhfz;KD5Gh-DS_hSMy_%A=F6s`!Pd@q7UljE| z-c$s!X)Lni30uCW!~wwYsERg_jZ++l*2|zs8~n`BH$tfh9*7?VE*l|L`b5TrTcyvH zcKfdzX^ts6))?14JQNHgRC4NWn+t#G%=$iSUVkpcM%tUHH3M5i~4o;{DJK+zc zL=1>B^f>*!0g7^6{4myb!(tf-N{#YSTHZG8?Q3ij9@bEwRZPwbZT>dVxQJE9q)Ch$@-g=c!bQER0cZ?$|m ziy+2~@T}t-;s+j;F%=1x)6hP`WohLv|0UXgaaQTieclp+RQGpP>Slj@%%`H&dlDh6 zK6;K|c_Miw%j;^26Ag+Q%HiLdR(u0F(PTex==ZXOv*SY{?2@MSKDf;jY-2k0p*k|3 z9V{yhYNJb7N$;@@_<;*_D#;mSLa{NwcLj+EDU#{6B8EvS3wM4bRe5pS*vNXbaR>`N zA!H@f`L!5X6l`HE$iElX@2?@QVIPMBrtDK`oV>sTD}-@hT25AiKkkd_mT7*qLFCES zWe>bDp4PVY&cwGt7i@`({?uQ64w@B6cV+&m)%y8`<#vs!=)9i7#ICk+VEux{%Y6gT zsZNU0BqX}KX%r7bB7xA%=!U~6gs!=DBISG(vUYzzFT!rtkfL!8R;GLtLbAN^%ufL4 ztn(dLl9PA*n0fRg>0Kkopv&6D% z@zc<0R7^5JijH@q_RRgGIU5~!)r``DA2f*2ZaeLN>9r&HY7AM%bBc&2drgvZuIDZ~y<%zdy z#k((0w`9S?MI>0TgpOZ+TJA*+a_(}$bA&>1yKX^GPhbJE8u~_9V1>=pVL3@P0lOR{ za`XGd_ki%GoHP6-iJ^Y~9do#}6EVWL!OG^c+tiZr)*AC3rOUI*lQp15QQIL*^`wgak!UKU+wr_*n_?9^rABCS}%bWgqk5gMcaJ-^;N zgtqZ~pBrkZ_nI;ykx8sRJ8g^Et`G$F-7o6d&INM_$M~=dYdN#5gT_$|+}pVm_|3;^m?` zp0&Kwu}6nNpTv|xpv_q!_PrHIPv4}(D5Vsmu_s+3`>h6q@rBnGK+`Py#wuLl59}=E zBF`iizPUduV(s^S(=zcZIIXK$zi`Lg`v(D6eDxp-Xk8-1{WrIMao0lC7cw23{Ucv& z4gZr&r#o#!pF>?%3Fx!ZD-6atD9E@~$5ERL94(qjii&gEyY}%l1_w)b?cMxyJ=X<~fR~-8#|a_ z2)QB8hhTmm_U=X<+4g7`~?%4-hDKDKMhEL&uCuD&14RktvJn@>toeDU}Uac^VC&AiU)QnmZ&oO zPV?-!2TK|4Jb8x4tKT`@;g;nx{DW{1xxZpe+Ou{*uUbHi*X) z(3vaFr-!E#o%Vl1rSbUmi3?|LSGJrRUUuP?px>8R928U{bgqP$@7q-$W~WcU^f)W_ zSht&?xW-x6J0M7JS-75*3|8(eFUz-(vu(D{l#`4Vs7#Oa+ad*p&^ryaQ@Z-9^*CX} z%7#J}oGj!2YH(X>2b-J2XenKBzeNlTcszc{9=ebe<0si{GaTlIR1Qk^zP#%Eh;_-a z?98S1KMbiU-@41&>f$#-1^jvH-}9&R?6%_l{kf>(R;uR^7si7%<`h{Fh^1(o7&xUl zQG6AtmcgQG-%Pb+eB&tpVZmOzPEwh%Py0n|l#*7EggMa)Km4oQ#H$q2V41AUig?ESNPsZwrGWg z-K39NJl#`O#NEo|OUEsrecV3p!eGRBqL@?b3s(eiL>~M@lt-c)hH{Pwr%LpdRXO0Y zU#O2bmD-rLB*ol+_Wh^`Sdp~DKDG{|A=Ttw5$*H{>|JOe{~eay(5X&ItR~#)5p^U$ zRm$?-c%>Nlp$ACbai3yt)!Xhvmn{*Bi|g0x{g@zUvBIWw8$CAtO38PRWPNyV`kJ?r9t|)sV4a4P z6rUJ$$QG{2M&Vzgr?U%K_G~ctXr0>AIHtnot@R?;I9Qo0SJozyeEwJ&^1-q);(;P2 z=K25@B2Bzv-=|>pobb(3PnS$fQk^0v&RAhwjp)yxPb7a9RLyLhX-O#R2gkh;-J|@V zNup%uNp1=xZ82AZ0{_pOX(zsDoYE(lL zJ0=k!vE-f3Frdm;;iIT1JQxJ2Mr$L-k<2ptL`cVie4Wl9$s`uh9k;Q<0 zpr5HQq0UIT`(S)#H73k`B=V}3QH)=gTnP2BEQp(J(}+pgC&B)SeR)%dmqxR<%q_Ck zqG?^bV<+VxWWPYT0cfO1via9D6QGMgTt_`nL2Hl^q)oTq;!lN6iQ6^Q9YMTnf4-59 za{j%|cz=O-S5V%TYCjCKQs~&XiLscKzG=yZD@t`K&iHhhVvNPHsWJnjzvAi~*-R*M z_AG$zYJVG?B8lZTalr=tDgTSKC)|s)*d8=LEL6ESmL1siktSRZ;^4ymqc(iUR%@&6 zn>wfA86nECg64@3jPAImgh_#&lrMOl;wVReEZA9X!va)7zm9Q}8w7V0hW1*97cgmp z!uakPnK-5E645;t_8y&?z1X|^qN5LtRO$lo@X_ut;VqvO{=u@2V#uj3^M;TYcz1Wd zZ!DS5HdkI+dA|8On{aX~(^lJd*-osuhz%a;&d-ISVyh2uo_$V^hZoF8aGmq=j0;X7yC+htEfVOMe&xDfzOX2sy3dojKB`?seT%u^Q;!_d6K(0(k zbc9l-Z2CX}BFiH=PudQa4s$OlIozUh{qp7;T6S69dqcRRrqD$(Kwexi+sx+>AMrHcz zN>oGTpiLBnlsbKhbY&)dwZaLk!*Rl3P4_lGM4nxiRhr%@wE`;+y(~UNL6NxQAsT3@ zO*5I+Z30gz{#($kOxHoiQ2%u=tn#d!#|bn3*aMGwc@j$}8=|fD7+7htt#iewgu5qa zbB)s|oFo3G`i(7HZb=l1(Ck7HE!Zpn;Og4Znxm8`K4kD~@uoo47@iWvE5t2&hoD3R zEXPsJjwLm`T$L1H+<02cut1562rVAm2nhn0X?f)HUEi$;i|$dnpTc5PsoXCAb?=M^ z*CM+=8Cs(`R`)NjQr6rdm|OyUAE6JXxB8Q-`K&gu+3HA`=(= z-m`L4JLW)XDZH88fPZeJIwbafG%kjJsKmST%@8(eEwa^6y)p$_+&KSeiCM1X-R_cq z9D;lRH_oYGSo5Jk`A;)?Q)2&in*8Tyg8WapQfey!PJ6DdTm8?XAEP5kZ(_5BEhCVK zl>vVFH(S3QU&u0=htCD$ zd0F7$VGGNpZOq^yoqWYPU6wfvNRj`8egOvxxbj1BzhbL(kQlCSfk1*W61RnoEkB z6V^@j%f{4|-8-v|9bHRT5oYC=|GG}Z{QUDyyfQmdkgz<&Atkc)NwKzu;$lUubOO;F z;(m)by}u&Aq1=%9J@x$gesW`%n1^?J)rcMHw@Zbn@6jgB@DzrNeK%1c7M5l)1N+D+ zL9Y4B+|UoCij3zW9+5#5vHQz{C?`BrJ2J0u&JySgX|h06=$f+~e}koDx{$V}Sr$!RM|ESWQT z^u&|9b<~6f%glGf8Zn5eW?p5C=!?T4E2qB^ax{gKOGAkO{V&FDANY;0;%20ve=MtZ zK7L!o1QHLH5iWE5h>*fWyFb=1>yjoowULD^y(b|7oY3swDFDn=QTMv3_@9O4`F@_w zY9Oi9KwOb6X#iJ0RdMbel$xMsKG0>GLvKB!;pxUV?>|4YVmG7>Z^lCXI}pF!1Ot74>%Y>%%+{oJTuO{VD1_J|Fz1X%8OpL>$$Am-kQuOSB3Qe;cq7~aU- z#{0=IzZrelLR#!#E~a9CJ)I|3#sHjn$?3}T5JwkfK3rI{{zFAajBJVo%?&1u#empy zDfh2KQ`A!rmq9SN$yd1~NTa;^DDjuLODyo3TS})ome~5HB`X#VbZ(SIuL(W8{ubwm z3$>)hI)`^E_hrj4tao;GAYBUB)svx)j(I}*RNo}QR4;4i4jd!BrK068nY;2%>Q4ly zm>LEvulGuUa~C?3`m&Kk!eZo4e}!*K9R=$6ROJ6PO+af7*31CyPQ>=u@0MymP-6jB zlx~>wKiy27_)XTGWUGiXj$Tf_tv}4w*O!fu$Pc8;curR{07eax=L8n*EZeB2JNvLn z^_^tCN+tQgnX08klDN!)R98yZ_y#%`_gd#04ggc?dka#6Auha#k5>7m$t(BaKT~HN z`Aj%U*0y_5_f2I8KO4MqDa)n86Ts`^$u%{EDAe_ym=}sPRwc8Q8o#vE4Zpzpre5*3 zlF&McZwaIq!eE#t2UC|)mnYS0M;-vWZAj{+(NXfJToXwNj6Sx|+E{>8Q-LDSYmiT!Bc*N+|-Duy5zp@fkeejvCP0)e#<0RgK8IrEI`GOf^0>|Fkl2UKyDXu z)L97e$$--LKF~@2sii#an5&&UdFl9f1EKW&tJRz4Q@@$|z?S6R&+XL%+}C}&yBoe= zE~4|68{KyOPnPqe9_p$7K85Z2&2v-ttUr>8vNM!@4kmAe-Q>(nSm=_13Ildzja01? zgQva+nF@!ZTZOqgZ*t$;)t^AQ!beAyQa~{zB%j$XE4*Uw!7L z1kMr3$M1~RQ*xh2@b6FmK(~vhZj!V3f4C3=?B8y9x7L4=E3tjtlY)=rh-J3ntP_Fp zOHM0H(Xjp;f@IGLX>x3NlI_P`pnLd`dfs&-^Ww%MrNgE*=AU+V7{;%SIF%1#gP;1m zK<$5CaVihTKSrMm2V(y{!1=SY^T_@JELYYCojJ8946bTFNRQg%&Ja{pW!Q z%hK=~KsQ7r@5<}W=FK_E8tN*>6_QzGP+q+Vu9!l*(S6j2xrUN-$WxG}>QZeq3<8P5 znKs7}QoC0jL0^=ItIYK=mY+zvHop2bYW92`oqk@lBzB|3Rg#^LW;RRvPf!8~w-vLAeib7N0_=$jEWd(mPmTy#w-fA#+^FF^IUTki;MT|N7JOW72MZ zVFWbh+g13an;+OIvk*(1rfKL$qU&tvpSJi& z(9rSSkCXM}*NTN?ID!^~1W4+d#O3Wgqx4(I5q#a%^rk&2SZj`85_85y5x*>!Is0?OByx& z{gQHS!s(@a`QCjISPE8XqnR9BjPN*HrK1Dc`kIg?D6s9gv&C?q#Bg{mlXZngF@Ock zrW>}XcBO3p|EK)&54!l&>qT<2rMJy~P`~qV*1784@U@lcXY0gHK8DEoa@(}~T6iO2 z_*0{DXa=%R)Y#Nb4Q`M6Fx>LmFa=Y1fmDsm-q{{sQH+k(JXzR18jilAfT+ZFRroGWS$wG2L!*A{U? zC1^KxZ|#l~SYZ%3PD72nV;w2fZ0^opvQ80Lp>~yIc}AHnFBb9GOyG{Upb~*3GutVt zir#Gw+nPZUUASzrX$0AYJ@l&fQ)3t)_8`zx=gi|Sl&?Wo!OYcb9x)j3f_jCin<6qOnmOgl)5--5TYWo{MmR;nPV1kh z_$lFu?b1;YagP51KV6f(?dH2}2y)6lV?Y_NuN)zJ?`qnY9eIpp3`UToJ#53;HeQa} zy+1(mm7)!*a8m_Yd*ojJn8voGJoRniVbgDMpiYZfNXb=T&=oy5Eq!Ryeoc-&m0Q?Zh)@p#~(R7~a@VuGP;fQ0}r1 zeDWo$dYKR@Iep6<*Pw;ge1Z= zDk0kgJ|_LYUhkTj5ByE{_x*pJMDL)J9KpZ0Vw`?o%nXrN#+_Ne;v15M2D>Ht(yaFz zi8wbjD3V?TO+3SKYcc5QK==2_0~PA-7FsR)I&-a%P#g%PonYOo!jm9%EuGT$Z|Xf- zRTINai4>aoHB|6ov12&t@uV1O=6UmRdMG@vax~|w%foCbDFVNaB~GSbD@EN-H~VTc z%AfmD5wRcR%_!%H>`RSbtwEjNf%Q2 zf%!zoHdrB^?+?@swRU9A55zw2@hO!;Hr&CEq(e^HMYI0*wlR^wR-$&<48RPVKCTjj zeGVW8*}DcW3U0(H(5;mep4!ePB~y67WgtJzZr^H2M_8MG?w3y{?MMQ<131B|N8?U# ze8uW^RlClYrloX|>GJ0PM;*w`yXgyjjsjG-Ak&Nnvdmla329yGEfemfr)#ofJc!kV^lSa7DlK@A=5$khl7R5N&;A z0j>`u%!+UoDOWgIFrnG5-^P25tuK%Nr1uad9Zy?C#_%iGjsAZ>gg2|rSJThFg~Eev z`C@}=EKGT=Np$~sqNF?$lB3tuFa3zr{f+NjRpo=IG-iZNt_iXQZT3s(aOBt|F{?>s z9jOo5m1slXK@R3<2iBfYfZhr>Eaz;y)h$$o(uUs=NtdVREadN!_vrb!4QX~**EAav zs{rs~p$30n&)XC2MN9&M!4pWP(k-0MxH{`7At?D0R}+Z)!`GO z`1$T|aE2%SklH{qC_`u347HeScihndCyDLQ{&3lGg(a7mz6`NhJbFb$h$&`gf#jkz zk@VbyaojW-lOC7B4j~==oR2zK1~aBaJG7ai_AZrB{b|ch1pGZ2{`as_y|!QobPpYZ zYzN##4w{lxeP!v2RiATQl)5Augw{U1MU9vD#spnAwZ&SFRYo~Cvr+$TJ6( zW_OlhU9=ncyGwax_k&+6fd z&Sb|Y9VoG=^4hhyg3Ep++8&Qh=O$zL{DPK1zl=B$gH%wVay`rI{rOyE(+6V7Tl%00 z751lM*}X9XHU^0>(zx#g;azJ_XTzY2FSOhZc8HplDK!$Sa{52N^57Wk2+9kgK=p zQlw0}+6Cb4+#L~Lnc!oYNMJ1ZKa`PgH64cmihq`M$|;1~xrY?d6O~{B)Vy)CqQ(Sb z7izAH-n}E+@oYLOj5i-AX)7{Uf;wPPAsk1%o7Wq!Dj&QBN_otx$xxl6^y_f%ak>%- z#Z5$nn64suM8ki^>;&Sefa#Plvo(0J`&3Gtq}q;cI2RU$?#$V99g=|`M#?P5@7fZH z)UJg>&kQS>7@l4?@U0V7L?$)O5-I!6H@L6u#g%`o19Ww1VgU zZ0zf?z`%SegZqZ$dA$AHKhWh@3k`yDWlEGpaeIFmkbtPKZ)?_a3(ri6d##>pk34!t zx8(xWUw`yCNWXuaP)=}KatgBA*g=>PAjMF8s%#Sv>Dgk;K3S{y1Tkn5_SP)rb8mm^RRvKL=BR>=G(G_}sWL4p(V~z6vx(R1+DQUC64IT= z2CJZzN?^4|)eX!ya)<^QLHk@o|AO%8UC}Z^PQ4G-ID6(n`!4sOCh6uH7C43b)q=mh z|M9s>>$|wA;JfTsG}+6dd~LUv(ZdLVjQZC#jc(V}h9t8CM92+6f-jVci5HHo_3AFR zY6OcuLXFi50(kwHyT1_kG%}Dk9YlZxoAO%X^-1g@5XY414P;!{y4Nv^Jk!?(>elNy zXVd9VsXznU@wAxO!Dc2rSP2N{5jF=*A>Lua%!u{4^^XI%!T9CF1RuF>&-B-)14VX3 zNn(KhdVL$4e2+8R1_M{*KGElUkx}T^T4QAI_YUR)YRHDDL3fw4KH} zAcgIY-`kOam;G-)$D{f7)nxM@lz)7R_D`Tbh(94G6LDT>w|eLP zEs6=`cU{F5BIH&1JY zWW1Sdb;;C2h}r4!7E)Ap`IL^dPPXY%iH=A^9MLazGVBeM=@1t z*h3F%QAj#;H6k)(+P19(!u5OjS6%W(q&@@4R#kl{>ug~Vg^>mnz zrzee->Hyu{qC$S(Ur*+XhmK6Pw5p8#4$fMSZyk%9ZDk)>DnNQ|11JKXeN6s1GnCP) zJ@)MOBlgT?#WR7tq;N?DV``x>m!b@2f9qcpv;KREp}hPy7Zc5MhNijh#KF!hk1Bqk z?47?g^R!&}hlie0`?B{~(d}zBGs1-FLmN7JyH-`N2nZ9<%DS7CWMWxw;D&eDR(gv5 zwN%BjfS79(CAMZ*v^lTMvB!U$a|C>9&+53FG@f&OMV>ED=;?86qsCi;YJ`|>fH@{4 zKxh8=rF{6I79M~Wu*N@D9XSB~~NE z|2XiLSvwZ&_&$AqajT{JS(fWsvMaYw-r1FS| z|9K1X4@f0!adhVz4^=pJ+%E#y^SvzA*{8-Pv+n(iVVdz$#P^dda`rmicA*ob1PPD( zf_OcuONSF=F2i?TB7$%b`p<>`LtkO0Qe<=l*euW*+>fIn_0&AwZcbowz zv$El9`7lbe4O?2$fBfavN#}_XdK6Nj?+=is7yN_?q9)*khQ#h|HEf(t8@wHB+qjN~ z86asGxTo1puOHh?tK)Q>!A`P=tL`2C{$e;sJG%D*ATx@I4&ACVLHBq6K)M|iV=+_m+GTwf!m6U|@mX=UaAv)<$}hdx?WVG97ltbz^ccAITT9}EA=k)i z2IDW%SIHl%3rJd!6@>4jwrCi8FAFB87fuN{@xM(dnbwFA#5OP&lP=4Y@&q?1lTUFB zeOnXe2{d+l_K#%K&lFZ{>3ds%3+a1P;fBF5SQpeN`QE~52v66c#D=E_OgN@SY+3R0 z$9(z~)Y~e6Lk)gI=Rv@nqVINs{e{ssb`3MR`upV;J52V=)O}cNN!1O_7?$6RjUEU&Xu`G|TtE$os4YWFjZ4G4)cbN|20^$Hh*GaXiii)45;|{iU_bpsl4Xo;!4+*!%AB=pO2=-K! z-ny)eo2pc=Mn}>#RB%*E^l8%zmZ0}HpY&ezk`I}|!>DF>nDC=9HSA$gaoPHxQt7vHcSf|tHtLsg7%8hZ`ks?~{&NE>La4kZK#8o8p+ z9*mw*d$^b?sU>vr;`nxx$|bJW9~_o=gO>6`@K=H>yaHJ~jeok%Hh8B+j(g-nk;Q-r z!DGZMgHP=RyC}IPgS_|#TjtgzCbfB({%^kHh@fW(muR|t#*xUJL}K=6{@h%9$U4qi zuu%mS;4vLtwp#UiS`(kk%Q8!Xj|6~gDpuo$cOCSZ)6{L5rVWkIP}xWx$kZ?zNGoMu zr_|_H2VuoU5}+M-u=BU;!$>J%IjbV|CgEP$t@khPD{Mh>7tA6a%(#=&Jv&P*~wFt7W_CUpI<*MhvZSX71N4%5MxW_cYeGSp4VZYoDUDiF*q;RQ?b0fNfaN` z+h2Ch5-%o`rK)Yu2^$sYgI6pqlIF^vDVrw@xS$vDmBGD_&sizKGp!FP+7WQF_)&-y zVvi@bkFO@?9Mz;!8tiRdCpkQAQ^&NTE=f>CVxmtTY)HuU8}ni8kQB&HVAdD}zOK_- z6I#(F64bn18_7D9h!H^Ck`SP%8M*3M-lh;SaU93t%$?3JbV6RFHwX%{kwgjHE=PeK zT-qH>{9%j)Q0QvmZZRsei20@B-q{TU-^&H8+D~^g*!iP%(qDC*!**OeJ|}C`b_Cm7 zY>iO1kVwrlT4{JaWJCp@YrxvOvfBr;8ALfe^GMP?k*I$lza#xsi5GdLR90CFq$^Zn z{u!lwPH1B?>|<9G7uOQnK35zf@=fecn|0d!iQQI#wfv1ITDBujt$gy8ZYUsn>7*bZ zqfU1C;FRuBcP~8&V_=MzzFm!uQct@Ck)Ud+gQI++isjBUPn7UA9>q z@Ym7l+Yu{|h2Ib;EG$W=z7MNytDfOqPnj@~4){Jy?PXe+IOIjdfiB_AIcXI@+@-H- z5zigBCU(hnw>1TZvvw{B(Nn%+b_4@DsRToN$_~w%0H+0{jiYGTroG>7)@Jkx1#ecO z{Isy9ej7p8LO{X`zpLwOyjRDBIMjSavpha~u%i<9bnqgmqB+n#@IVZsgoKOD#zgkW zedv(%DC_`L{YY=W7sE7-=m;xIvkA6K>+5v&17ueht#l}yuJoC316Buiz{({O_~@2` zp&E<1Q2vYWW?n@tR%G(`?kl%Yb33n6#LYb8m~y7vLq~-KZj`xz2Mp_le{l=rGf0S3 z>D&1THrroYmZ$rc9QzV0-B28==8_`Vf@HMxL1%9zqe{CL34VHFMNz4Lb3isz9Y9A* zS~+a&rPa;FmSs}|NT>Nz#5R+)*J4jH(!Ba&$j_Lt(~@g}-SF<(BF?MUl%zzVY&ioz z8{PJmPzP%I1f+|H8p0sg3$lx%@O?EMS+5GpE)iI;Pg*8zr*^z7H;&xLwT;cIr5Vzec1mHE71z1d3y?vncCh8KVCR=Lr zJS}lrQjK3ewS5Y?qXO=qcQfm%E7}HAxo6KEE-%o~TBXfuu+XZWR7Blh?-nlRKAa(m zjn@8oq@zUi&i{=Q&bBgf2rM+8DH0Vmn$z3|HKIFKy@9|K#jMR0(jaLuG=(p0;(bgE zmsJ*SR#zk6nMRQ6)uDa6IN?VB++lmB@cETZsz?4UBN)4y1QDMeU4 zqsu~IDo%;Y$|!F>p#hSDmmhBIDYM7{w$q*BwJQiIhL!|v*H)_YM-K$csqmvFU!%>N znHDl(E%^U@8(Ab*X!r@J8adODRGI(UMPjqFNR}| zI-NS!iOw1GLzrxo>R{T>mp2aerSVU$iRlPpA5ArClbiFHCs1Ap#ZKg!XFTQqiX)|6 zz?{3lS4t*^M*JVS?Fiyb5qKe-DN-@uo!#iGDvGp#agtowwg zf8z)ADGjd)qVx&mvtw#&0kz}m>A~z$!{I-F3gcm} zf3$*)GHljFq9SERmT~XxC-zeSoxkave#$A`SHzh;f#!>>R0M*DnJH<*kv?P~&t&|d z16z^Hr54peX0t3esz`W=3vAuklpHg-YT|`%*Fy^-yUW!Y9kWhQW_|?~Wv9iVMv}RP zGWBP6Q=Kt066NGS@+7#E;`p>^DO0R=5sE968_V&=2f|q`R5(a`C4eQsofesBypEsi zt@-GJB#}daiH-{T3>-V-ou%e#2@|Q~79*)$itf0v;|J$&htGzcO6E9dtd#{!9>K;c z$q8K{+Ati(-kEwc-hKwmvLspON-v#uMB~pZ?L7mq#rRc$hMW{@lx0?d&OKWqD}sjok)?-u8B9~_>zH`NjM?tb;fH$Syp&{aSv(tww~iA2eXipD?(sd^q) zN>>SD#s+JQCou#L#GWkYa^R)UFFG9EYphHsJ^GRP{X$$0E=n|;T%e~FlnGP>Cx#J! zCj#p3GI-pUy@!+!j-6a>_L%xNCY)YQ7I&s&L^U1dg3zKm{mcBEUU(n9$oPFlZXPm^ zS6lRTRH799o9x&|6NPU~qO(KEw{l4=*Dj-SN4*lDS&^NQ=gPHY`*O*Av-Ua9q!bl)3e^xM8j@Ff4f$dixW!#@{Y8PYX-mwL^ycp%S-d;a7;ng zIV6=L&Pndsn(RhGPwx5WCGNJ_2C1Syy$|)jA&m~7zke9N*6mtvAYMrI(0nZ=%DV=B zMZU;pW)-3u+2JWW=53m*#o?R8SWAU)_08Oq6%|!uBSJ-r3hW0bd*qm!lr&hk>7af~ zsv@3d(4S_eWlt|G8{3pWjv|IzF^aGttlVBC&u817gF%eUySW^%6G%55it@#u4Mkqj zX3T6>EF6?!B-ehiUm$7OJ1=EG(hkss>uy&FDzB7+W_y0Ft>>EVLBb;Z9GA| zvt_gCotX;4UZ0L{1WQIF*dfWVTzi$_{6FPqq1&WzvifP+6}1lm-c;|TKGDe<0)x@& zMDkFG8B0NOc(}yGtvolcZ|crLs{7%A9}iR&8TH$Y3CZ%c03f6au*GbCN0)N!dYTH4 zVgNYo;~SN)0RL;Q#)9mw?ofh5Z@gr8hUy(Y58Wz^O@?%&dZp%p*psxoKT&!yj{PKE z>EzMgM;dOL*J`?F^5tAMH^)uD~_t#IG4M|oQ3d4`dS)} ztM?DJ+Vf&%j6kBDKNii5v4`h650`)@Up`R_)R^;u*#Q@#F|lTSls949ic<>gK%dN>W23aW zw`PNi9@y#-(@w8ym6pU>v7uVMy;=z^_U>P#??GANn*wHtZjO8q@$Z4~Jtst!_bQdB zB8Q_uq-g}xJb!Y0p`>O}Kx^rnxV&L_fNtM}(oRsbcZN7I11$s2X~4s+dnSW3-_6`a zJQK3uJmHTHn_Yp&$=H@Ic})zDhJv><@K1LOUx|w+3Vr$fD#D$=ns$Z&<)+9wojzhJ z;c?*W(KY&}F(FjMtq0oY zdsi-Jybwgu3ePdbTp0!60*}8~Acact0mAx<8nRn*L!!JCsV95#KKVKt3*S3|gC>OC zdgFHPOSx7M_9&^u?~LkhFC~L@e+$_)U6WoT6riNEXDQUX%t0eOcDebM!xTOeP664a-iShfSwmt(0sXpL(}fGm7zd_(p|>xn zUNIivceM(>uwD`kNeBRyme@w{n$K@=<5@4Li?X!ODp62WP2$)jB!vs*Wv|t9?AN`l zXE2WJ6k?uM+_`F|re}vs*IJ=4I^+9=c;d}&U<)gh!n)O4cmCA7uNMdaOzBz7^iXGQ`un9UrQx=h#03{(|YS8o@8>Z z+ic*~cOGTaou{&0BRdEYfLe5a)@gPgkgQ0#T}CGR!uk0zUgKs%iEBfO#TmEw@pNW_@&>&Gr5!Nk^#(w2tT@OqcULLwxU(6*sVk zKye!lk^6#-8U%Y20fmzb_9}LMFDONtT@zK}_8FQv!m%of(me^3jYKQosG=bmA05q2ik-OGXgZRllZOT})kvWLZY3WxpU2KNp5jI^v}zaa$rSB6)3- zSUcWKP^Z?_%ArN-naSiMTehv?-Aq7E(9PJ&cX+_VBIO~+6rVK6j-?+NY^~2m4A7^D zz?A4p`?GK42BD~fL=LaIZX0>A#D1^S%3`%D670zW^5A8MuA{Nku9wF(LV~jvo>n7( zw{ghAinJUL(r4=a&Qy1HU*uZ}1+3=x4I=ZNNUg->LB5RMtQwadgRXZ#?ZCK4#lG1f zi)c(+y8?!_9Z*_u=V4~iSj>BdON41|GGCwE_+`F-Et(%nDOrC5XGHC|D(0Zmvjm@V z5$LoqqX?t~+y3`PDNT9c!N6$gfx9d8sN{Oc0hvB zk{a;pQwL?;Rw;V9SdoI&i%1C~;fa3*ZdY^79`ti?@8n#T6h_J*##f7!G#N#Os0;J; zK*ucyMA(0?bSX}LAF+bq`H0<$yV$lbjhIhKUYlpZ%M&+q*Ek)z9kW2=uvmA4UNHb$ z-%q7^o>vWFe?cg1bH99FpO!Sadp;A+g#z66e3A25w}iZFWLZ#Og55_tN_5c=1~79h z(-Aq7EfK5r4qLG`&i1(e)06CUI6eBb# zd08HbN(_;tF|vduKGTcVC^f89zXK>w6%Ry?VzP=z%wHcu7g9rhZ!1vJ?f@GR?)Z zYJ5jwqe9vEO?D2q>i%g0DSJj(q4wn0#X{796v9I;f#$*yuaf$n`XMzre_wS3&T@Pm z%Vv1e6I;vXiO$Pi2w>?`$YlM51dyexIbczQE*mXM5L^oaT&SpwX*)-AOMhhF3vwrw z_gzM$Jn>m^>#?%kx~|l7Ar;k(QpxfPPgcn$`!&2`s9l?dN~J2@{LBnsn4u?$(OhMGmy5@NX9Mo4yQW(D%CSTKc1NEHH0-+ zWIh-5Wi^MXSNdHxqo#(fbnC*e?OM#U+|Q*VS*adwA4$_r1r{5BNnxYeprI#1>0X1l znqszW8SgHKcQXMw0c!|wA{S%*Kn%hc zu}(?wgX);Z7I~WNB~p`(iYC6=)tG=XosDc zfttF8Yu+0zrC19J$L%98hQi!&pN>&kZWX)=bRK4?^a$&Sk?s~Otu3l|$Esvedu;v5 z{CX7uv#vm` zBnfa!m2P7>lz`TR&_|_YLq%{{5bwv*7B-9C4V~xO0aoW#_BA&C{HsnGt(|{jcP*+x zpf4zg5Nn{Yxt(ACHTRtafi$eD)zM07Ml2RtbJ5o32qJ7%<4z#bn*~k%Nu`=Q8c~;} z_tBscC_?4D0!`{t+bhHUZN(LN`&2?gNEAG2@ljGE$Uk|7GPhTh{@S>c$@NVbo0P8R zz8fEnf)k!_#COG|+%;sL10^#?*f(Q?8P*c^7{6A+Mw@dBtQJm%4~z}JpVizdZ25i0 z*MnGe*Vp#raRhC{DwVuot#yJL#9{MCf9x5BlD=~PH)21NH7+{ZsoyD@c*_BvZ6`5+I8XW(O z1bdPI*hs`f0+ zh>O?k-{9t)g{L;C|d51o|k9ypKM;h8Zn@HblMXhX=}%6r}pS$hj#5fhOuy z)2x@5cHdj^>3hZ>r&CMweOPPnMe(kjU?yniqb`jltoixaX3+LF*^o^u z-Er65!e23=h04w=$3aMMEb8nR=dEqqsy$r8RCt+}qzEFVMG$vWAP`1VH6nJmj?$mBvGgl|# zJ@`%k5DwX97Mi+M5gkoBZ8E{_Y!D<33htYiyX9W= zk04W2sErVi`?qX%=)0^-04h7UcgJeHzy=7?@q(TUf_(UEsyGDDMyxr#_E``mE4=QW zXw(RaP=PR-Rv;{tmh}!SBXo{D8KPE*ArOq)_8R#I5j8^$r%)>TcvPMD4YV7Y@*3ZjZN-np0N00Y){DAb&r9*Ht6oD zB$CbbaJyeh(jg<+mK&1P)KWCEwsWUMw#TKoRcL;OBcQS;jBMU0BSUiTD-q4CEw}gB zr!H!TL5Z-}iQjWq3}LUKwh`ovd>8oU^J|uS%>Y|sCnT;*0DB5oA5$|{T;zDojmILa zjhj(N99c$H{5|G)q#MGC(z|~gI7Rkb)0VHhgv9$KU+62t@K#R!F@8u2tNnWjUD@tT2q z33P?#@&Z^4Qc7$>d#Y7)I3uDrKCPyU1W=o2T?*h(sK$qIpY`clmJ~4MPP($Gm*8%# zNPtQmc(0u&cEt_21~3D)FMGKj45%%bubu3#?`u&5D4gPxBzdel9TU21_J!pTfSTL> z7aV=|3<#x2o2s4CkCzrMeCHDe3IkZ~fS>GeF4fjbC)+Di;%ergCk?lNyCGb1jrnvV zpzC>3vqJr!e5JcVB=Y~Q0zj?gX&{Rn0;K>Pil|+U2Dq|lkjDb_&ZxT{LYUIj z$p3QN5#AFcDe=mppA5Sq=MDBLMqvT(Lfrp_Q*K)|5z-jh=W4OGjfjjG1uhGOy;4}@ z{rhHo3)|)Xue*7fCDxi(dV+|m$%s~Pp9HY>wO@K4GSb-~uEn$s06QXGh-Q?&VB7<2 z@4;sd`{&F=Q$OpT1OFWDacWkT`(+nd<=(ybWWQA8v*NJk#)47Xu5f%+$_J|=Z`sR9 z?!`gsqEjQQnA(&ob|0#P?YP-9YY~C9jHshQ@9{y89Tip7QS@ZwAGs(!TgJPa#k=L{ zG@+aELh#7yCQmSfD0_aaAC3-_G9r}80WQ_7kvrOD4 zd?dW%Ga_uj_ug>P3`ahUD2gp8>`CE|St0bIw^1XPS6;Nyn$EK;$7scvN+HbN%Ym{0SamDv8{ShZ6s=_8vINfZ3!O)n1H~~7z&bArW5E=Cz~%inYK>K`hn|9z z8Xo~^8X{6loP7FGqf+Ea9EbffDD<$SjR;V?UP=*Fs738TX~L+aj}8^${x2MIG}NWA z$=Z>c8G8-2ifHm#Fa)sa^7L6fNHw{%E5ki$<3dJMxbsf4D>jGdX6_FudssN*i3bHCnf%pIxsIC&=L&hf*g2 zJVTdiSc2Q=vh21_>IG7&G+9X+jEWY?2w}>xwVBL@j`BlFjh%+V)L4cbi|@CK`NHGt{_)jktdTN zFQlX?^>wErM>Y|CF^CtZ2MSA?_;5dJ)b=moE-$|3<^}9kuq-$7w6akfL8LbzY8~sXA7+ zYGbbcgQ)A8?dHyZwgDf6e135FueEKf8H0610Ct} z(KW-uJ1ovCiJx@^%j8sx+Nc$|UNqPy#q9XDdjXLvX~>ec6hdpgO1zXr2`o&&iDX=|wGp7qtcuP5=YK+!boe>n$7+k$rXK z|NE$wEW~e$t-TT+p(YN}31^PP9Ui4o!ji zhHb{O>JWvWm&$s=L~TS>rXtQoWTb$92B@7sAEjQ%lrc0B*9|nyPQBFb!pV@cs3q}f zm<)hSS3j~)TNO9vXeZr`2cvYcx|zp18H*lE1_)Om`i1CO-;cI5Khjp!lc*U&mQ zz|E7#(noFt$g4$)o&~U0bD+uwg!M+g#>WH25@^+uYLU9PB8uyMal5Q(F>Pdw+h&-a zeEBrI5?vAT%oS>P_pLep3X$0FSgc{E^kkc7pcK-yT|>V{Fra9gDsoR2*m9Rnw8xK` z!@eslRLV$@9H=PnLJ0u)+M5M)+t;Jr1KpTP0%{j|@^kIgxK>Rk)xFM)65X@z)wD_? z%!mVV16fBibL*_KopRZ_ZRTW^2#dCtk9RCI-(7Q#lbKtbvp`z88I)0JRzB^|uhGgK zqZQ?F5hxjzA@}_F^iN-8U!v*DBc*al)Vau1t00Pp&UsKdVk2wt^!v+-dnMlkH4;6z zxZnSWkkzoVWxTr?ynCl0AT+|tVgPbNq08;%qh(TQE&OCzEs1@+a< zr0j4ZHZotM!frgW{)Ys3?NY}$@Xj<1*3cH36NSa-EFwd-lQZ?HP?bZYr2u1v>-uh- zhusR2QoARj7oB5K!y~}H2ULXsKtXdyboa+E*0zUBJHC!2RBF@k-t=|L*jqFawU{%& zB9y?D{V#kDLh_vO*97#qC4nR=it^2oRfh_5I!`|RVN!u?e}Ix zu9l-yX!C2=E5Uiis>*i6tOB<^ZhY#|+!2zJn&)gGy!3VOY&HMzbst6BT+pS5QPW+1 z!vYK9Cgn@kF1aY-9z)n$G@tcF_|kE-&ygixm$tB7O603M-{MvRmVJ---R7r!IH&)L*xDS9J-kDn3dq{4c5S}~s?#h-epX> zVUsrl10+BesImi77Ks`Mj?{3d=3x+C5)#s-sd0^6iR^@a;^HiX4f`B zE@B$#z;JWFu_lDQW;GlqUaWT ztZj%K9q&DFYd-{$Ga_Bed+nLRXLP}#`j?E5`E6F+ixG}r)&)mIV zcd0z3n3EZGH5f$P*4-HN`-R9}Ar*HDZw3s*)TRQiTeT)yG7ze6%^A_|-M-IAD-0oI zVtt~U5o7SqhDJJ>0vT;WS8Kr(?(h2xY75tE@r)J@)ca?2#VuZ0FILOFPDKoLQL5jM zAR?E3eOB;$N%ON$YxD1~rqN_mR{|BOmXS-ZptWL}NRe^G+EUo8P(~r8lf*>cv8;ZU zLJL+!ZF_5zGXcq#@$RyCx7-O6JqAwg08rhG0)+(QLo6|N^QA0iEDfkot0xw^iZRL5 zT#PL&pY9{W@3Ija6xh}U?z%vGOv)EA?;!WdMvS#1@zOGgr#)GuRTgA{ZK?((C@iM_ z102+WaQ`!Hlu5kI*DMDhN#=U{b=43F4@9Zy>dRd*YeAiCYy)ydYK;TU1v(Gny6UPf z(*lifv{%*A5v~@bqsjH|wUb6kc@Ekn!-`IzAA2%xR|_bYV-RQ>T>%#^)PM|wkjug>T5&V)Dj}h z1Xz}Z%uvK=hAzb*nB-36hw;;T*Ld^_|MhR=7q+3bVhAg;At(4JFsSMTh zt?1GjORu=*Jo>dK8U*Y&gjMJ5pSy?3dg3M<{IQI*Hk+^~e{ye=lD)oI*$86c>r&*s zo{6+EAAOLjZvHcEj~{RwL8;hnHlpb#i+g8J`vX2Kt;{7Wy^SX8s05W_D$e~_W=p!my&-S zVtr!@P&N@-inWWE8=3Bu92C>4(60AXQN$bUUy3^2B*t`OH5EE4P(?iXsfddHFE(GX z;%}QcZmJj@f>HaIK66@)OA{H4JcJUs>aOIvkUix^@F^b_p)781(~uhbqBcPvS1K1- z_Fmtvn6o=~r=U|QV9KKTpa*y>fCCRsr(b}WRp$i;!gQFXSiJ+$3)^^%J>aTbs!)wC zZ35hHxK@jot#vuw07QjErwqm1fcS*~-MS};FVvUMi4h)9s1EY7eu9;!K2}Lp-=CCYJg5t*kCHYL}t{x4D)scb^35jFAs3YC+oi0v~Debp>D;Lzw%B zjR4zL0N%F9*w4M~I@5dbJ~M)hQMg|i6;k)dt|MMve=lohtUCg`;^uvoy6DP^>Qf@s z%4XDDQ)Qb}nX;`b==y?q@Vr8OP{$0c7Sw{+lKSrn|D0BqL56~8fKO@Ed(f&OtU0FU z8{m-ujh=M-bSO{G+a4O+rFF^lRuUV9S0Y>YidAmiZHVsbGk4FM^rcSRfCZu1W4Z_@ zw`;k1R%X;hFBZ0m>a@{Lu~usq%3RdduGDDK4w*Pe`!mitG3T&2biwMo+yMtN{u%OdD8xf2)osXKjs|9xg0_^6iByOXI$1P*V zp^{>)11%bv<9t~qPw#j zMK;*0_MnqkU7+(KTi5+r)*`R~Z2os%`+wnbsT=hx#=PdX$XbGRUoYZiUZpyPem)8i zD&pX}YM;ZwLV~yjkJRN?gHVbN&oy&UoUbDUfb5ab_Z-%oSf66<{qrRY!XXN}ON!S3 zRoqE}w$HX`X z>WKUv(>!AvRy>0gIyn|1jn0#2Bj&MUoo3M0ek`2&T&qaMT^$tK=ZS(Mce!8s^fFJT zYw@g^wqAl^g-RMTH$~WnKyK{o);m7B7XryW#?8}0tcQh9Wiy>}mM7WkqGwQBTO}GN zE<}{85G1N2K0+c|?X7hLl=$evhV8C<=F+z+H)c=X_7?_RTg`D*U>6!GbAexAMPhfJ;X`9|rh^`i%-L{Z5v4gRCkY>VNBG<)2rt%<^ zXVpYmruE2ljy6&wPS}fl$qw_}sb3k><n(&1^AnhuifeAzLSX5KyCbmuDOw2pjCQ}6-_(m%-G{1VBRy|ozq2w#PcHmFk6AdzSyX#_y_sXt(#a?cEjO`csU+Dbt|51_U)yes(j>uHZ~ z{>fdh5BUzQ9D!PAp$bP~`j70PQ@fd&xz6FTSz;lGdMu?wrdFgP3O?F;%r?d8#ziT- z#PtR@%4Z&&dj+bQTdy2E3r%WdE3+#^J?5@(zp3Zq;Jb6#kWviZKX0BGQ6$nXKQEg@ z&Ztj(rSn5Z&r0Pc=y#FTUKis2qy-zL@cJ#&RXoKE zeXcJOYD!uyhlGbUcD;nY-aSN-V6bRK1FV=wpA?WMRjkR85V0l$L(I5Hkds)Q1}26C zDe*m{NLK6~nE}F6C@)>CpMYfDl{lV^IB+CfDH%Tt3DKcQ4-lrKS!z^jx`(anHNo6H zq+Yg`1b8-)dt%&xiq^}=f#;cBWQSY?B5XX?^sw+fNahw;H4SN5cjTz;aUneB#@Bm@ zWBRdL2S7b=uGBs9K*xfyDhfj(QgC|nsEX5r{BPm8<(5cLpxhxnz+@;WR&5&_iUV6W ze}R%5y2gq=9bd}gGIh#8Xn?&w=bkGIwOuhzOZKMk)GNbcD;R<2B@`k>&0F zzSp=8^G=4i6!!@tg2d?8V)^LK%+*vJuQ}K!1A@ZMTzG=9aQA3ofkQ%?TNiroGu?5$ z#4ucsp+)U$XgHWpuLjoCaW#|3Voi`sUn3t0p{_xuuQ@58(n2X#H`qnOQpLJD-Iu5@ z2jG0 zUwRAM0rC<}q^f4PVrJ+4MpO6UBWx|uZ3zXpQq+43avj)xVLG*Ass-6xQQgXY0e;as z3A!2MR$B^;EEy4 zx#{g&###_sbu=F-D@5O$%BQ@l=fkHQ8tT6bI0m{z zY8wznII|ko=|wa$-aT=6cT)r;#qv}21xVaL{Wq;D6a&S&lX9iH2M={JH50t|`dX!G z3rlaDAOSK&AETg>%^KmE^e-e*^QpsDEy$(5x4lk85sYM>=r`13MRqjPMdZblikRqd ze(Yf=knRx@>!u#VS|mWBjGh#cu^9?OmoqP|>bn+m2zYx1|FY|}To2UMXXxF8MBj^! zU~$(;+pir8NuHlypOWFplJDzLao2l8UUT7cT0H3Yicx;8toUMcw=2wuuwlE@k9A)Z z3(>SstlRE6=k~Y;jb~NM;#v;ZRINxGBb3%`K8{-s3cqUs zC_Sl={a3nXcTUn3T{rhy6nDq?I!>Q*IcY8H;1 zloYXACk0X0 zY*R)^=bluuT3?8#n6B%t;RqcuI#O*YOw%$hVzlmvj+`57MU=&Tt%!x_No!qlu zk3Paxa}&|=(IZa=yPCdcO%^1sTRc}pebE6H^+lE1vtrL{+Xq2PmQ$#nmF@H(AQ|tT zIJ{dfdov_sN_C=60Z5*3Y^xX_D`2b7SC1S&75<8)5|LVTMu8bwtSr5HUZz!g*%@8o za;3*EB+HD*C@&&oswME|eh#2y!#%mRh)1SXA&NX?K?=yooW|x?<_=q=6{})3ANu~- z#6v8>mHeYs8udU|6zM(8Qs3Qj1K=x8t9%9EM0m%bNSqF7O4Wx#gdcUmSBbFWvW%t_ zuJE+WA19FLcAgJE7TRH9f}NfUKUsq9-@FW z8Q}pn6oy)BRe!+bueHnd?(G%aZ}3>RsaMSbTTKu2FpMCxtxT@y@E!Iw;2=fH12RJ)NofJKP@P&>Zj_OXD9A=9(;M5np`)LXS};~~ z;@8V6b@d@loj~Vhu?YLC%-oulQscGj9nr2CA0O>@6jovS-w?9=gN zm-j&Z1x=@RPb{p9#u0o2P{JP5jH7nXH<@mZYNvR$;fRVxkbo}6x=Q3SM(_U?a2(2lI_iQrzRg6@19t^Tk3&~<+|I12U~;R zp;qpQoKKITPyk$~>(nC;c#O5i^2=k_Xeb2I;4oZF+*eGJ`M$b9I%p6mLiP}zH`{vM z8<5t%JcP%;;=Y%6>VnsvJH4mhs>C7|h!7>ieF9+<_h07E%0CdtQ^i;ckf=eaNReNC2&KAA^XG=q#-ZtNbwvBfuQR*B~h`S}C;Z3sPZFK~(e_H!iir*Dd&* z_7w^};|u5gt8C{vDcdxzE`oy=AhS~`qP7ckE15}gHK^bjB2Ui9r8~tXkZYIL!Rlrj z>Qpr}DDoh)avv^*r`I4X`en6mkcf8qjW4!VNJUEIp0wb8H`n$)smPk#mkfo{%CeE2 zOlMh$b*PIF*SV`d*yChe*)?u6uA{V%H1xc26sC)`#2sD3yH7%)gHI1E+BL;( z%~Iu_7Z2tkqP3N4BuTC*-v+}KTyqea)>5{fAo(@Da5Wcu3t+8o>M}f`EgexR30N?} zw#`MUy%!rbx3xTejrtTepp#^#Hrmv^PxiQ8AwG%{Q>cLh6-JW;_5Xx;jh>A}$}5Dj zw(>iAKQG-Jwozd2lNB3zcS~@{!l^S8`<0j1?w(Os8^#=TM+c>A45dVPfw0GxcA6Ou z9TeGiCb7tPcZc9zS%eAYbr@nzP$Ai%AA?{#7`ZXhb7T}7)6M2$JtT%$pxz+s#Ep>M zfT2QOLBY4rgBIRd5}T4Qbhe2ww~d5$Wg%>viXy{o+!ahi0YCrZV0Ax8rL{1JV3@hT zIobqaF_F1v40Jx{{);A+dk7V-*0m<2z-(J^D8t|?70BNsc*QAj3%a20flL`FR0v%I zZP{C)5DoXN=rbWb)jA}vi?)0}gF<-YETL89DFql@F`;~~_o{oXeB+KAKoA`;s z^@SCoPjbpV)D^UQ>E5oGjDpm>O4ekc^NxeMD3h#fA$6ZC>WALi`zt(<90Mv&#msMV z#y2aYzTSAS8Mma4TMFU{ixHc-v%y`-)axSu0m{~`BZ?NlgQKu;}MZ&Q7QY_wI5ghD*uGm*1gQbXo^ z;dHkbaVzOtx=6&rcC{&Ixf`>=z>%sUFMC|NS)1Y``pOVG$=`xHvR2g|WRoLIKCOy+ z#hZSA^`wCXku6<8xm2X8#GbGrB3*OGf(qxXSmVCJqF;N3RQ|#=(UCEb9jh@R_3o9? z1DOxM;;yr{UBS5#sVJUs$h}t9M3zEK!Z(Mk{rg(>Iq@>rl=f!BJ^L(PYBle=3%{J)gf=czKN<56EL)^Ze!-_m{pW?*A!&W=5tYK=K1yaxZMqPm` znmP#|kyv&2dtp1d(^BZ`mx@rna7gnG}pl%+Ll{mAq=z1at(nmg%G zLrr8u0&M0`nMXdrMv#J;h_-ETm#*oL%L3H)Ei2Tpe8kKsDcxE~{rYH2 zNnK0Fk~*?1(?eO2Prugo6@)e0rAf_g{N-t+!j_8+_$W(T2f|_0)Yr8X!VBjkJnOD; zW+Cc}7VPIDB$+dpD%B7;!b;JAci*!Df>hLQp%}66l1gFFy(n01c9rEe)p91}Yi-*z zhy$X}f{dBq<=(964cqKrHHFRtZfy$Nc+%g!qK70W8p|%n|h?uu>IF z)~%H;(k9;>mP6;BK`ut$sh08X&cVB70RFh|p+@8)gK!gfVVYRpzy7(7Xmb~;=tYi2 zf*`p_Qne3Si6Ev`9Ft0`#X=%P`cqJszs6F&Q%rgt*_d@|gl^WN=ijFbv0}28`#E|* zys&)81Er%2L!COuyf~ByEvA|yGUBOYf!1^^f7WZ?qn|_097?EqPq}gF43^`a(R<2P z)b(gE9#}g?l}aGWio2poR=|-&W35_rv}UJRwPMh|L_IL}1(^hP9kYG<1-H%O=0eR1 zA~nP~52^Q5uxd0`yW{&V#RWQr9SDzm1;Pp%6(Y->d@qZ2WmWo=W$yK#@hN6u+K*Gv z0ttE1E_J7CpvHms#f}hPT|dyKjydAq)`PhFDQgOX=S4&TAk>HCGifOFjxL0H2dk8# zu)vyvG%#Oh(5ib8+Ai+3@J#pWjHm(avU@vAbugFK=ht0O+>cHP$QMe_TrE%l0J-af zAe-P7;-0RW&QtHB60#_tL_LnbABB^}_31(@)J0QRwP5j)OWO(~a9cNF+<0nq0CmBP zbsGXfNoc$*>f;c0Z)b4#EVHOvQnKQHZ>SMUAF~=yrRth|4!cZkothGzZ3m=ZWxRXJ@opJQd%=XT zPcSLm&zsY^XdLkr&l28vnOb3lXU%Yb!hv+R$y5;zw6|L1yd&bxDG;XJ$RbZI)7i`E zW2LvO(03@`%Dq~QTBw6C_Y1e7WCP`~S!|*tQb!PB%XWg-z|Tc2FA@=w0kN2oP;ZF! z`ha**6=J~{q?!rN2=|rNlv}^F?Y$d>*_3wNaYXi=}%uM7kM= z7VMg3kKYKE@fYti<(0T#7e`;O?tMIC0YH%QG5*_WP2 zA3^mbSw4@RaLkpmm=S59{(kxX75?7K+94g)nW;U!a71<8a#PKgWBP7keS-9`F z65Hb0Vh+8sdmOQ;+Y~PEx#Tc{DE6z8`yN%})6raUel6a2vX)}uq>>jt8i!C)-V0VV z_ntAc4LOtPe8GEHJZVg3mJ~1? z^E#)z&_kWX4MJH~Df!z|Vo@8s_BtRYy-OVGV zWpnp12OELtAySEy3E5%XDz?@Yhc+YfIp%u}b@Hp|*ul|*WF@gL0DMk&?;pfUk_C)?@(+V%0g0q z&ZzV=hX5nB*U6$%sS4JSqE0o-r%%qUkW2)JSGq%rBrUPb4G~NIXDu+=wx;oU9XRs==Kg# zHvn|!Bs9cj0S?HAPk&o6oyT6Ut;&()4OcAh74xKMMA!esfoMl|tgDHbnND`wqHFB8 zYN(BR5phox#E3D-_eI-HUiRlmH9-(0ZNqY~f68W>(t%;n5IiH^KP7odV&J&#(*5SP ziEdS@=ZqiI!U{l#@ZGH?=Y3O8-)pB(fQu!O6_Fv`FwP)MuY%YUpi|2*T;!Z>XONJL zcTX+eEmJ8wDRwtxb|UNN0Y+-nODopK-9(g=Wd5=Al&5Y6sqk`aL6y{Xovj6+u`bPr zg3vSzbtQ5@sj20#YNL|mf;enC);7Q6c!3|Q5S}jbk=JR(FSI-_XnFFH@*1R4tE8t& z%FM>%l`;>r(7MvpftTJxB-CguI<+2*5G76cNDv^4_=XTPQ4}6I+4CUq#Ce4u7lkNQ zr(^H2t<=C+==U4pjqo6)E%rv(sojHM>GiiFg~p1plX!zt3otn#fPpNu=$I`x%;x(P zNLiAK!nK{YnMK5jMDZR6{SjD1%u-DYp;CxqsSiPidy$$Zb6uIc{tsR18-;0s%Dd&G zK{a;;;vLc8c5V1HIV+0uYw3Z~q6KQ-l8xL}C`|XOMG-s+!r~jzEnI=K2Y5AnZ|hE^_3fJ3gx9$58p27blr*L@in&R$u8(R6CL}6HQ4ysa&N_8oFiK*zmFUDoekH;y;ghsic7nyxhvXl1Q=Xj6w%$@ zr}W9^p(Vo1sL`nadhrOk?+1=C3ZtL0W~$nAaUsjMB9U`ex{KAeon5`yK?&TULukQAS;F z;XGm%owA7$FD%&~K!(afUU|uP zZuecDSE#FZklwD=d+VNc{db?PodjRh9=u4Nvw_rwX)B5^eEo+9Zs5;j7h+WSN33Pp}%!(^u zw(7m&=g+@DA@+yDEwoA~L9Ljule`u6L>-y#_A@J-LDY6`7hZg7>aE}+C(@H%qLaQh zE`kO0g+#n_U~ap4DNY;L`yKVSU-$)pD?Uw%fWhbTvPQycBOY-y7UXEc>R0GFnnlAOFN~OmDqLTGNM2QNLhRLC4dOF^8&Z(-set*vj(c(|_Fa`OIg!``&X-)vg^@_=XZ0sLoCg#0@M`U1iTfTyj#b7zk*!8o)?4GU`_= za-4!()x}mV$mqT2Ov{qCmm(!cvRZ)M2+`81Y8hoRYwM_L2{|z%j@9ngD6Y}2<%v0) zg4twtx7uXUF>urON$GfChjFtN0?M@gbdpfpXV1n~B|0)Flq0l;ltnd~P}L|*XGrFL42CF$CP~1b^OTW< ziZ~^pIyJaDdGe+UlaoZmIojxnWTH~$((}168&DKN2>c0~^b0;$B0jw45%D>hQs_0n~M57NPM3SK!1J|bG7sSYr?LhUb+n)>n`v&MB^W+Z zDmUg~vcl*mlAI<$VpwhfcT#E0Nl-?a0LiK`iDRoH0tF1RHhZgme|&YjF1G17trq5B zMmsGmJ)X`~p(#@hvTnD7dhte~M@x2g{Ec)$#10LoW2win31m{eDD{EkGKYh$s9M;X zv$Bkb$_~o?!(_Irs#N0 zN=8@UPUCP5>kYS3vEe&va68X~=ZQR{j=Rymx7OkfP^xkS1rzJ`J?T_P11OB#LAtx8yStsCL%JIT1ZG4U;XB-WpYO-~ zg){T+v-jF-t^IBVDe@{clyV;j7C%(JCh`Hpr7kqr10MC@@aRjn>268d6>C8}#axxB zwCV+N5p}sm{%xgUNlSc)$vi|5TRBWn{^utLuOVg_M!CPd*Q@bg^mE9H$T-fN3wL|m z)`qxW)$`FQz3q0D*>KD;u zG`N40Q^j=~dA?}@+ulFL`?1{@ysSem))AIy+;hXezE2=i?U?!~k^8s8f%T)wH+@;$ z_6DCP-U3$lhZ)0mY>OPuraAbci28+2rm~U~cUpqz61(r`aND2dZg&*Ypp_42Kg2|A z#GanuAE3Kci%{sly%CieTd|L|Y;q%eISkNw;Kbq!LD(rU>y+wu25Pf*8tw2p%4D0+ z%m?VNZ>6JFM_x8=$+ggWn5tUmt`Z&WGmi;>6J25D1&%%=?5ExJ_60>fWxQD9{Hcvi zxr~lf*<0yS$A}5PhNMV!qo)nKMJVQte$-=@N$(QI(=?CWtct|PiH@U!-DH#sr3`Kl zB0Lys#k?pN_KBjZa{+`bZ#SQ^nbHoK*3NDpjar5%`Ed!i(c{kw#~y^;09+KJX9Brg+nNJCZ= zgW*-~K50u}nr-bZTx62CO0q zkfi>Vs+RB6lszVVnQp_D*AI53$WJ@L4^aQeG8f}<$dr;7ljryE)M4&q;hJ>)BPb>!KGBIgzNSm5hp@!mIZ_J6f&w>|lm|%-u?3>=^&w^oV7f z?o5BfEqa(u2IMcyCN~v6gtbA71;Fu_D|f##wXs-m{J zL7+-aNOd`j<$Z-l3_8amEl0R1euX*ASciqNFqT-EJ;~)VEQQ5qAuW2(L)Ge&YLX^*xm%Ncao3=N=c=lsJaus>$nsyD=?4P}M+_ zqaoyKO=*x?9(VQ?enNZlsfS`zRvNh1j!Ym)yvbyP>7yz$d|cj<^1$`s><89x1m40E zHo1?9F!-P3`D1Ni=4t(J2Y$1mv!N5llVQh@X=4mZ&t-O@Q|P$)lXy6-SP(FRb+)A% zBhlyryN(wnYcN-%r|N9=)o_q(N{}dBh<5$J3XMyfO;@{21a#+CBECE@Su(7AT(0R7+V4m~nvLzyo zQAy(TV(!Xde_l87vw++0Px151n3Qsg=9cR?@rL^?JhHJ!=|;?H+gcLR-BuXxwxarH z^wB!1OyLfg9tal>ihhILRbd{5v{e7ijA<5)BoysxT)`{Ku9o+uS;4%7*^%%@ZyF@Z z2A(^~rY1*9R-*~8Zq9DSxk>|Fn%)mb&Uyp$tJSIzc5(zOW>NyQMUt86 z1XgA^u|4B41TLB3=~^2fDeES!3iWtpq1tO~ZA>ZDkxz_HRPSu6qHUvkwV&7BXp((Oh*SvitBKAe?jD(ST>e!LXw(|u zD1&R%HoEw1yUqQB^ZS;V@?2Li0uB}@iKxE5*RBB3=3!at*1zNCxTNMXA zZFAf$?YKx%kl!(?Ma|x(2|DB$%~hWymOu1$Qy);U)e^T+{2`m1%!9sKfi)TKQFPRR z1I6>-=1*4CkQFQ-yC^*54u#F1E^(GFW_D{v=)3y2CED5Y z_hqdbz%rsgLg!P863~6hNZU?>kyY@}!+S%Bf344AUU}==YCm+{D$=T=CgXC9>+NIZ z$l@~96?`(YVR(;4;3b#IC(50MIrPeq*TslKvO+A@(~CW&VTapk84jL*!`byIHS>y= z&c~xv(x~#YKD~mDGI^YqD7w{Vm)_nErC_XvZR1-yZ&PG?3m!TI0enjqHMqH>PJC(U zdDzC=-cvJzb)(Y>#Q1w?<}db{UkGUG0jA^y4*EsiXLP7d%IR74En0`3E{n$Ar9`rd z>lci%>7F7IY-DJQj@`aH!(G_2qdMWE_pUyRLdOh*wxJE7(sHg ztoe0l$b6B6W4{Rc7bVaO>nFO&YPWE6l~!VAGIWMWG0c0VhJF3PuK1d5V0k&*<1L#w zQ&vk-8;bJBwm@@F)w{*bZS+kVMzr*oaJ{x4{R8_G@CErbM=5PoxhYIY ziVDF{wizacEP%%$m(}RIe1Gcl3ID?UL=Zs;GTeSz^hr{zNx8TT!>bE={wW9tD9(t^g^8*5ff#Iu~6wWw-MglSP6)R$ru2^WouO z?>bJJX@w#8H{-l_Qy7xXn@(YCQsq>HS)F$=xe_1E1S^kHuTzpvdp;QAG3%nihNmhO{rgu%{<+{9CF{v1Mv_XegrtIL} z_73|WAY>cb7}okr=iE*7R!a1`6;3AezbNvk2J&y zNv86>1Tw#aP0r0OwY^0tJj57%ffU|X-N*9?@q+vVIv3g72VPT9azZ8OFtx&MT6_*z zZY%bIa@`sW!W>^_)c2-`q1R#>ZOh97JzWK3UC+Dw;4ea*peUxf1ZX4=cgx=! zz{J}ze{(Vx@;DueKrh>19g2J@>~Xv}mK`^3g~xd%KrtUrhpmiLlhuhBdmr&Wo$SB& zRPA+j@|~0!;_11+C9CVSOQQ`R%MZNC;_+K_#msq#L_J4^dmJ_5ew;d6`wSN^BK(7o zJm<61j`L9W0OeLkY@o2lk2@{|sK_6o??bUoD0Te3v4Mgb;dcmRxq^=)wBw)|`KYr9 zSQg%8yRzVWf4gSTLUaEdy9wAoT|TE=IN&+Xq5Dpe;2jB$J{v6TTROD=02kA$`^-L^ zaH};cyiB*_Uv=uW7e&2h5&RyxHS^=WgF$=MF8&n3`3@8&_#Y59B7@ z)<~$^Lu**ZpwqXt`FxyTydM)8DO^5>gi=S69$^KXUORMO+7sM}pwsD)?QlkxftEKp zv17>`v-oa9g<4_PSAu4R&&N&I|9N(TWP~mMS$t;X9T8FJ2aoR=y+PF5i2dEeponr#u`JkK1Ln04sm=6R2D zQ8e;`*SU?oT;sO7io?}JY&!Zcwybdi{@!DCv&Qftg2sRt7!F47-QQB#8NZ2x&goQt zUU-w|ZV^pS{^cet@@b8cj0HXLCdeQ3RAT_TGP(q5`wcyD_C7%Ib(AseKg0wIcJ(U& zfqtA&4Mb&>NuMp&)^*|>Xnlv)@1U2H31!pWCvL0PU&u4_ll@Ni5Lw`F$kg^>xC&ZJ z-Ca!2?NTg8pU>%AK6_p%1gmtLZIjy7TpgxrZSX5 z<}XTYuccN4rX(WVeHoZ^oGYoPGT-VZ2fw1d;hk|czwFXy9Mb-pQ(0t7^d|da{*0Nt zA3=y&1?yP$DCVj8&?gQqQ#{bsU-pV6r=nzS`VXR9oMe}-YoECgV~S?R+;~H~Nkzn@ z-l#+6sY8k&B5|a4Dx!p+*VYy9r;ZG>Wd)tVIUPuUrh5 zie%0!%ceC{hFwNg7-)qwacASv!73A^ny=QKDr6T++nxEW$i}Hq@5@8+gkih1kF(_5 zhGI_6YRAxJYK>}wu=LG_*avn3(Bc6zXs<#b;9;2;2<4YN<|NwF|G>vA{1D;M{i~Aa z@u~v(iH?ROyk?Q*(O(>MBw$Mxk92^YRKz)`?JUV@rrRU)47h$exbW9ruU2FByP;QuiA9a*!bzjRNa(X%zsk`H-d z9P;;iiH!Hb!qZ1a4Ix!!$SqFZn4$Xr#KBrw@ptikvfPe;D ztPOOvCOP4r8hgzB7UiRW|AJ{v0+wkzwFsYyp7ywJc}y`fW}>aOBlZm!f$&p{~ic4gS~2JMt5UP$$mo!t>uk|lBY*fsk1NLUV*bR+ zk4}}qTXagC^+Q`hL5k}5FE`YLp>fNStB6jtSh--2aWPJ$=7ElPi-T69#42G(n-W3_ z@q+#i^T?MI-ezibmgO8hJ{&o6xb6pAe?)$Bx7M}^fMUqm|B>@HxQ^*6wXwFWSr?yo zjEGN?AZ9bA?4-KWgK02Sb4KRSM=DV0acg7dSs2Dn)OBbbV)yygJVPp@W69r%mq}{X z{;T!a(lRG^3ENBf!@P1GBNBePt+unJP-LT6PB~~S1N!+x;dXMZ4OXi0EyF&yTqNLl zOzUxLkK51c7t!NpgI>aN4J>W$8^6=Dd6hq|mlg$OE>Aj>6+lR)gDz zIS2Z^4N{)g9!N5~9youKXGo@vlw(!=FFgPh98zV5`uiLfZ;MdlV3xj++wDc(r?nHb zSKCr;4uxjhJ>mv$rnXJ4x;s2}V6d}mAF*Dey{Vb^w>hb}CcR!U7q=tCWCqPw8G&on z4RtiaPe8_;TfxA=?z=Ri6bW5BIzzl~nV`^|`^(&I?p#wIL` z=pqSu$TY-r~foT1OA-o;q0O?@ifS9Ns)hxj>Ek!j6Rv|5=_e=sVWo z^VSNoEsAKpmJDV3wDFhx(YlRRf}W+>H@54Pry353FEEVAx~z3xJ)YDUFh~#)p78|ORDnrF z-GH=rfmYXRMS0M(xu)-P?tROFk`SuI-U>S;x?VF2?E9Z;Gn^QNRaYV{>dzC+X1bbqw zS=Enai1pg9UtZ2Sv5x*rrpXZtV5}>m7y@b(0F@3#sR*GJHA}wZE|bEW$fHD zFJP~0jzS`+zHv$ycZhBcH;f%ezA^h?{F#aiW?g-+A);4ANkWc zD+f#?MRuyM6RUjpnegPG>2m+@`qs_I$n%l>Pvt9)Og5Zu`bd|*bV6)t`$<%SWr{jn02JCXfoc zsOBH!W-|Z-pYxhM#P36>yv%SKFSPE{W3Bgt7p|hfjjWBQ#+#|(qw40)4^ARYU)}oP z_gKr`g8tBs-*zv&5p7(c8U5%kY_G_*386mBq}!F?`DTh3AV#cjFn+(b zIYzoIgg?KuepfJG7n^W9deMCnfY>+GZ(Y|s08?_y2UTlM^rT%?tnRtbc_JQCw9ona znRN~LmrA8r8Q(;gN%X_U%v-1w4ZDZ~&uxhdT~l@nMlOvp$4nqh@g}Odr8)1vY17!I z(6GFLK22h5dD?_rf%h&{*quAioi8ZSruPF)8luHSMS<_QD*up|WX8obQ`^~g)O=!} zPslXy-#XB}zhFU!X;L+9*jr-w!J{m;j%+*F23 ztZtMSL-6emv*$sm3Xukc6!|TNyINk8MWc&3#Mw$dbRdsfVVm#6c_Gk4?r#((g-YV9 zEzrZcZx$0?thNLZ{p!U+Wx1xCtKCCJ8#9}9K#p){T5zL>82792UO+oyz^Wa1ZUg8*8NBjqIT7xvNg)!j5mVr+#-MN$J`Q zl@f79gR@?a7IEC@Kyc~2Nbv_SU%%cG(X5wCVaOV+Q<;r=V=5~6xgOU-U|GX_Rdsbv z97izIw!=Z?a^^Qr;It}UQgs?DjqJ|3Jg}}i>g$!n%t}`{7cGCkVi|S1)?9xL?OwS1 ztW8p~zqx`L2FbPUkt0{M>FS0ydtB7}-P5?J9+doK^3vYZ?x|~!B=sWdt@mFXTz?)q z!L6%#+xvk1)5eD7<|E-K3hzBHDu%wUewH8l!jRFng5>zAf3xV{QhuK|UK^{Q)4$CR zPRxbV?WTw?{a~N-0fzEoj99N5DbUX+5`FpN!CW&)jo45|W$*i0hzZ{XZFtRO-K2Av zfi;~26a8GQl|=Xs?-aD2NZWmT!jn@Cpgwa<04^qiQi7&B!dCZdses4P5N+7B%bpg7 z*q)VI3m2#=GDSB%TiF=T?-Y$=8g&wID%BBmWasy1Pp|rUPD+eqvcF!K4!S`SkjOr3F|a zpYQ=;un7YC+=?Q#AnbeH{eD5gg z!3<%bXNni*7(h(JBx6~lx!7x>OGLlGkZ>rXk4iq$&a5BRO0Hn1t`2`sCTJ<~`KaIh z=IYq{4BSPi-EDBlOTvpdU5X`zh~tDNnU1Ndu-|gf6wGD^*=-&B?v1Ih&6%Zasjs#; zgY&D(L$mg`-lm`CRr%uT?7aloR+{(OMx)Mm+)1g+6^J;7pD)x=zIr5{yTB&TBk zfJVbDH!gQXUNS;7T%I>6PAVaA;ZH&dl^&VZ=O+0`}Gk*Cb*f1O0R&)=4XHv+Sz%4@N;>-c|Whc$-wrzZj}!nuKVBb zqJ!k}NcE)JjMoed?KzHqioK$Z8=owRjAD_3ZXD-9TVNFIlrRWI=B^C85x8Xy3uqnR zoJ)LAy+c1?FC&frUNBKy)%qa$+ExA(oF$)FOE;Fk)uy*6vQ)Dt9waXE@Q1*#YhxQI z;va}hQ}{k*Ub!|}0R@H?Gd{NTqC)b-%Q3eNy-;UbTlA0nq%NzV&fRd#tGl~jgE+R1 zLdr$Bf4!M$jh%tM)VdhV9OtyRyuSDCCJt~)&@qskG8+yJ{JdK1D*oFA5F8$l+dsxZ zi?f!(=jN>GAM5VaGENEH!m2)i=ZdHXBdi}6&(>~p*9;iuFXL)=iPP)0A+=j@2rP#i zq^IpRpKg1p6+nP6v@UD{fqYai6$z9c%a<-dp+9XMx@>?uNEY{{Wx$KND|#JTmxX`Z z0FZZsRobu?Nm(&SXG zUA1bfs>hns8W-Mx%5bA3sUt(OmOBz|^1leD85uxz86wYnOj&bk{n?3~_)QoZPaO`| zrdR*wfHM{AWq7r+R>Q}#+&wyfs=hf#9TG@I_;%OC zwwX7FuI1L3R41m0_x9j9Pvcf)YIMaa)4quIUqU0iC~(ar!R;c`h$9LvX88k|JRQay zNwb4M)!)K8t?|{yom!i-W27$G3iQ|32qIW=dKjt*hrI$M2|k+3Qoll*%?(n&Q*c(J z1!q0|M2WB-Bu5d&{VPd``0j3IO9jr@<>=K~9xSJr*=VqM7@neCb2kx{4yb{#ILOLi z7{@3(1>u{b)?KtJsWQFiof;AYirag{WbHxS(dV>iamFQ|Myqb&&jak(KfB(V*g^~+ zDK=X+BT!5lt#hh3*thsl5O0r~v?x0zzWk|VmZ-)JO($PNfivV{Ls{G6t(vjhGg(}_ zcq$D|&Z~m)Kk5Y>C8E-c7|-&H{{;9*01RW=;oTi^2K5xauZ;>UPOupB=`{Q8y!9Qy zNo>s(q4#(jpKpp(_^#8V`)L^AVx!vS{pWv1Xf^=I0;gY)7RJbZT*eWgMSFU%3I#ZB zY&a0G^`6Zj)pgj#nRHuX zK0Esa1KL!Ew@cnpfTiFF=Xg$aDs6oZD%MQreAR83(i@cr*{>57qzp(Gy`nu)kpD_@ zmczf?R!a+C?GL*=4@Ne26p}6>F1)fx7Zhq5UZOMSDr3g{`5edAn>-xC5=2XRC!7GnPJ*~>jH#qqI&@_2m9Y0MP#?KFmdq=K0>FO}Y zc5a;JUdB<~v40F2%!%EW$lR~l`fI+SO!t@~iUl4p8GHBj++KEBy)d)#5};psZ-D*c zNI;{U7dTFLxZZnXbV|@F0xbr>!!yMe*j3^-PEsSrsEwCb82aF4zZVI#mQC@s+mmHS z4C27fch2)Z&FwBRpSN4yHX-b~q&qG2hs%FsWXLi;&v9?|=?!snAnt*FyyyXxTaL~b zUxL%O1irb|NmS)N=fz?;i5cubfM%o@x1Fv0v;S5i?c-Sma&0c(mxc5{3-91=^8gtJ zct~S^9fO6Zv``Iu5cq+Y`87Oymlf6nM&!lgNalR5UqSPgQ#KIkisAG|-C>q8pl7S_ z(CeV4tH7?Fb)>%vY@H-OFZptk~=M$UkHV`k8T5w~Im`K1Ll z&cIe;!;lJv(LnYzOFg~23jhe0HhECryl``vH!;u_pv)S3`#r6q;jFD8SLYG;`P!5A zxm=MLy8|D$rB_&p&wDdSWwzi;$JLlhDV`u9J8-;l8{iwa#+vT*Llz6Xq{GG!6YF_4 z?%uNx2cRgoCqlDz1X5EKGW5^G`HyVnmJ@4K8El*_F|bKqj`?qfsbn3>{2j$1fY~_X zz5~b(WVGk4Oyu6vB1RyX@hR6TVN$-}+p&LpC72I7fRvK;&-`(MpbB(HzSiz|4huTK zeUZz?FV?}NDy+~Zo$77P$=fasx0FwyU4Q|KKSL=ybvL4{(>I0;-KaQsni_s^y*&&~ zPBSL}X_GKj{{4^8HC z44E065p7@Cc9BVQuC&T=6z;v6!N<{M+Cw6&yeChEq@R)R6tD4|H_bC`(UQG}%T^Ln zR_SmjcEjmD`;8DOjjhrNLg$+jF)qe$wwI{Z9#GCa=A!Nw+VW`~dcyUVSY?9;Q?46emIVamQvKIu$1e*}ea^M35$bIhG(D+_=)$V&X`ZDAy{mLFY~xmG#xz z4vJ2`&V$PDwQsvix=QahM&1=aA%1R>6QEAlvsex7K&`A>A=a^trKUSk;s0mtl=rQi z{dg*r|9BDX4z9#Icw0tlqcup!ny4^K@i=QvjdUHZ2NF#lJ*6q-5JH437WS9OA_tt* zOPttmBC+%xq`ODIVSGn?62z3s=I2|lmaygk`Qx9B)q7KH4a)`0U9I0r`GsAfaE_Qy zXh3HDIyJ=eMwvIpdaFH-vZEvwzsGxX+Y(|0hy~PS81)$M>>NMDIEj52aEq@sJ0zxD zu7<6X@~Ls|#g@HoUuy1;H)@Ru(HGdZHtw7K7(S@`(vAurG+I6`1JpcZ1*7&-S0(Ri zdc8RcLY}$1hNI*{bsN0ze;s~8TU4%)dv+Nz6w?sE#?VVXOckf@< z77heV;_4`pkO&%^f-#(23#!j zW~_R<-?jHQ#d%KeLx#BFTa3DaF3KERWoHJrKJag+$K$O3&9I2&8lp;H0Ajq5@Q)h` zy}=~v^;YQZx31L!a;nFv28Tx|K-?TKFV&wBUu>2`*V>$Dtvm?YauQ8?E%8*^LFnw= zwph;%T6^Jb4m$?e${$~EdNgEowNwbn?7 zg;4u3zi&|0>enI5H!U{x+e&17VNU^ercZ=h<>t8Dk7L*vcF}DU4P@lpR0#8V z&QARKdfaGyv3uTXljc-IpIA#j@UHFw=jD7_G~m%xQ!>u{`rVX!y+X^yhMxE14*42r z^?*c)<0 zW;6gCJ<-7LZ#(zKE`D*bD7UrW=s@!Wt?jT@Zi0Zz>zXM^+aoKh_utPI;VwJz+=T5f z7$ztWD#ZVB{{jwtHxn@EJ^I$|E`~!WH)ik0{cfb@n)%;e@8e2Kr##R(NcA5;%!t*M z(PI3#E0*Okn}5^2%YRw|kb>!tuD{3^VxuCFMjrhxr6-P~C6avSGj(aFs6W?0Sd_sD zJ|FtG|JsJnmb}uGsT6-(g;C;auT3n^tKqT{=kr7Mz?rp#9=5MaY&OWsK|!Xk6rtr| zLfS^d>T!6lM zI@vH&R4wp>C=L-N;0;2;V1M9W_<>Bt4dh?ayONPB=3qibsZe!2W>X{0c{AAkVE?Vr-U(Y`P zcInb4)vPMXFFRdyxruxSv98*vuh-`ejI6exZmg&iO4z{e`#dkSgm+f2@&;ubsZsCs z53U95dLs{#+Jh^BTjhNn`Xz8Xu9!`dF`@0O<#GwMzB;kk5nQetD>E5( zi{$qd>k)z(#iG;>zk?LD^dTh39@Ae+7VT>MByv_G?UXS?Tn`t!SpNF%Yh_(^kzQ;z z!D`LPN7V973YZ6xzb||p^!r>$+dW}gOX-=69vxYEpEA1rVIoqgxk{Y0gL z4f%e^#xZ9U%QjwlOJaB3EM50+|f5P(1?ppy#aakQ^_H3g1xEf zzyk{Trx?xp0=%$a@SirW-qR3Kx8(b1);5UENAt43FxfXXz{@GdZ&b}nf zeDE~Md~l2ddng|pn?m$)kCT2b!=WH(Fqc{`BpaFLfheOKx7w z%f#@N@sjc_{rA6FOw#PdQ?yHJwEP~)OQgA`ph&_$)5<8(^z9Es`G|vi)!{U<7=r%b zed9{iHNaYeQmOA@{FSrw!+tDqxWGHWAWB9U%Ll5C zsU7VKCn@*Q_H+oOcSisP2(XfMD`McSoE-BhGK9SkGoDs5uwR`V-#9wL6lF}!Mk3}c zD*a;x8?PLo&Acc#D{=V5K;++9pO^XRthVPc%H52i2Hb$o)s4YK!ZR%pI#8=9 z&gp6!TW-y6;afFr@>;dM)nMGl{gv7&@?kX#iy2ZM+ALXkIacFr~H+;0jf@#98+?d0Jx_t)J>!#w2;% zBAt+Hff)idIeRAMBl;N>IhKSH4sbPs_dnviho5C6n!X2pEw|flGX@xUaq<+kGvGZeuzd~~; zFpiX~Ml?VEDnPwX1$|QnHYXdI^WaD%soEc@qUq7BXGAdF@7%9cyKFtRZ4PvSch!od zS*IK2s>R%*#cWA+$Hue!STkUL!02kfe@}wk6;hcn-NTeZ6|Q}y8Al@^E~A@1ZLbNj zbL`EApGb*gRU;uA0V#iU)vM~U{z(2Dnm}IxKHXy*c;76HE^@?bC`srlo$^tgOnr)~ z_;mGGLD|0P0#%n7e`svmXaKjW#oUoj&33VXN~Lrz-n}B-`&;pKFYs-HJ0qD?7$y^W zePvV4pEE-?vkQR~{sSRFMth;9ycuWmEGj z=XTBnmkZbHIaAAXJ21y)RN2V<6!egY)#Q};hw;A3HfZvsC+kMpbX?(tpWNb>|9+Jo zKHxi!Z}5pK(ePkPAp2hrMzPoVoNn{esv#X}zh9~CCpia^(3W_+XWe!Hb5+nZ)N{l) zJO7HN%n4I=1$C2Ys&GRUAv8CXD7dkOTOOJD@#vr*|E_m|24Sy7CfM^a-`^csM;Y^R z&8jAeCweq;Vj#cW4;fJ9(VYZa`X{^=?lWxE(*O2dHr*7%LkDW~k*6KJKAKx`&U7S; z|9VnD-nKE>3kh|v+@m4(D{u3%WTuNc?VUub(8i6YV=G7Wsm#IV-N!zTHZtl z*Ls^M2XlT>WAM~b$yalE@;>Am;Y*splPZtJ58b zH*SrQ0USw5azbMJchP;J*RezuZtA$T4=eITJnjkqKotvw+Pt^7$qyF}2XR9=N+nH_@A*B#qNpeQjdMAcB>viW%?Y8h z;gadyN@EY|QeDud3T4Y*h1(Yzfxiu_K~!Ls#YM~wTorTk{Fz7K#|RLl^yn+GUhFZTr7zu?(`1`(&E{T-lQnxMH`jWA_Y-z6 zzo51w9otIKB`huZy(fJyPk8v$Qd|!%?VLcO)2L~3;LUcl-NI4e zXz6`B#S%2A+3gysfV1@#d-{aSd@IA+S}yte?cYmU_jU`TQL~m2`7(|M*&Pu!4RjmL zs|w!ih(l^L8cTuK)yUX|=pp~oSftkfFo-v~f7B*QC9Hqv>538g=hwEGnX<0Ssl8G0 zo^Q-xPdtG8<)BdbO7-PfRe#6t^+&NGkd#t0Y8u1Zl(uBNNVJ zZa>JT7ffV4H|W7NYUjD!VNe8GRPbG!bUDRrb^Fw$@2gRS^DHlnoKyaiys}7stfV4% z7^vwC-+SW>8`)vLiG_KUy>(b(q6s2HyCTu{7#-OWKi&o5!cX`5Ap>sg3V*hoI2Ann z9A3XucGYp=Lyo$_kuBSrSneY9pX9Fxg(`w{lJ290zNX~S6O`2_zSo?Gup#N2?($#d zZ!+6CYSjqyPrbp3BY#5zZvUOEmW%h@*dl`ia@Q1cQk!=NsKwj_n* z%VBs|^8awM`%_=@HSqa|0_Yy#8%|d+rn^naUmU%7Y>v6xkay^2D7~O*G@uzK;F}-? zY?fHvk5k0G0nbEzpac0=!X-k5-{`aI7C4+2hIhQ`^oG8o0e=DDRWIpk^_ZZIcGsU< zepMcH3O(jVmV(w+kQYg%8g+8nIDkp5->hha@rEh{GD%;f4PYkls*?_nJ%lyqjyA-iGL?8b?5{;au7VD{@H2c!u zT%(~%WEk>mk;DEuA|Ox_A05>t*n+N1x`fYgNvQuZUSuQb!XRe(vL}^M?4%b`&+Eew|ow2(X>rk3WX7|I>bxxY0o! z?OoezytpuJ|bJ~ z?w^%!f#YUmPQq|><-BG7c-&sn@Ykr&sHugZatLGcz7CSF*$KDiz|+QDnMRjdPLV%J z2}CMVM-^BHyidDVrV}khgFxmBiMP-Hfpw|e-8h;++w-T(Cc|JtOmOR!_xQ+nVY*40GQf;z#MWgQbS&RByBkrP=z*oWFnQ*oS;^3Wj=(`&*rF3AjNAwapU}bu{s8zJ3thr^>U_=$Jq%2`)h*ZpY0O-^h$LQu#`U zSWFTE+h1?!8F=PB(YGTSiImsPn1iv3qt9k4S;oF{SE#H`a#)h@v7V|3iFU`bJ?{$g zRmLG>6{>d0=bC1jP-xpVKVa5QXH>!;+~K<+Bada&3?PKZ7N3`UShUxy8}w2nGhKND zp5KK**o;WEqds!nc8+TzS=$&%xd3;ZhORZc^0_)tEl5!ElhPFFymQ!c8*Lx)+#U8_ zWy2PfS-bTUd^ZYV3Xfw3W8auC!N3}qss~^0I8C|&Lx3RxS*A$}f0ig2(*A0`oa#`8 z1(9g;&a>TP4817q^Rk-}I&)ktlJK%<4F;<-p>W#7f3#P=X!UiREn^BAGMvjB*Xwk@ zO@CujQ)mC)Fb!bO0BnSA>>C{KR@zdpr5U>g5Nb2{Ukrz&DwD~TyO|LU`$72~OTf5` z)X!S%^&AXQI}YBgIBM!?t&z<)A>bPIg|F(s(w9L%6Iq+q2HfG^gU5h!6y>(SU4O{n zV^hD1D%!k}CLI@Jm?S)iG>)5b&K^8%zzpleyIhXCf;+Dy4h-~(t6LLO<`)g~WZP`C zfl{t19sP=%%2ByaM(K~rO73B4^YUrB?haP^(&p%3D~(A01L^RMphGL#qR^f|_?so^ z%o$hU=I-~LK{AxlEU>W*buGa<+?mXaDGKH=gkp=*ooKh|442Bkh;B+GOd1i$lgoOq zsnZ{U3lK!e6aF_nkd58|>>LhGQ-I`gXXMb#?KX>O7P6PwR#DyeG_HJ#DOEwl;MyWK z=uGmk`YN@E^cA(yoHv0kGeLM8YQyRHN3yZzIJiKGS^lg9M4QyK>hSaUqL_S}!PaxW z^u&iPLjjw)oNoinVl{=t@yE2`o|5SVEh!DZ{`&m@X)4kDPBlTk^oLh`p~O1YDS;&C zU9Ef*pTkX-2)L~)N%8>I$EQYi!G}iIT)ry3#TjEaL-ns_`9KD9Q72NBsM}{uUw!CNYtB`kkNO@kgJY}93_6?0) z0hzV!KM(PWuzxb8x*Sk3Q9ly)z6;~uIQ-wegl)v&wjb(5zTr6V+~!s-L3<}jo*RvK z06GQCqk!ya^Z_*Lum(EvL6*i8yGsPT)d?+c(n7x7eRJ9voJ@rv^;51pvDaqvfTm(e zN4r781L&K8baJf9V+Ci@UKWN3o#G~tMiM?B!8d8}ilH`77k+rjTYw}0{R`MD4gfcB z#4~>^yB_IISuLR8q6034kL?g(My0}n)&Hmvz4r);Z}iLk^kJ0(D7zldFp)Gq_BCY|1xr+J*7^Dyo98YC4oz#vQO zch$>zosJD~)M7nu5q&~EUoWp;jO0T%u`V|Ao-Ugp+c+_P-f!J$>BdbFH;#+#mYXk* zT5wp9Si3oColr+V9(&%d-F56N2Q-Zv6Yxnp*n0;fx6+IP>^K-;oB6d|!YB~>^MN^U zo!{hpm0yC(j5}lUyDahWzov?QWLmpxKOojo#CTl(J`UQJkGjf&)y875cY0tNe^&} zlwCT%*9)bljuh*7Hh$d81caW_$=l5M4x4BQrQTq%m=DU0o~`ApO-g=}|D)-gumu=l=fwtw(s&b-i$&&*M0~rk@@s@wZ)# zg1qGse8{Lfzkz+A9XXzsc+(aq{u&Nv`5Gi!Gxc!BnPXDm zj<`B4v~`h}meP1tK#-WWSU@i%g)-Jxvod(~9R;!8P!Mshx5ARyRM$!cLXLf1zUh#V zBQy*9U@h5FS;PPCm$kok?Y;%v7@D!x8o1@YB5Y>?6*0=<9MLE_i9;lJIaB3T5lrgE ze=WhOW*NAYwI&P+%_Sfx0C}O2LmG8RLggf>8c_8^b^9-Ge4=YXuQFG@rT#t5!&7s z8E6jK7Rne<)Vvn^N;?h#QyWs`*CO&n({9Z<4vH|fe#SFhrcqq%QxvvI{dKGfU08BR zR*)oo)+q%^OV;{6EHxDAAo_J!COK8hP4KSs+d?0lfKACD)8@|zoXzIYf6Xd;RB^Qd zcu&js@QNMX@?cwz&aqSm-q?bk7uwm?c#0ij=XxHv~ba0bctIZ=b)p${ju2{RIgF z<``*0vXsbAFYg$ge-G#@iUsz1A^p9rkrjJU41R`u1i*o|&wu^8UqR$AJ=M!VxMlNpb3?H7;)mqwY)AMDRx+F<4XP?Fwkp*|ga2_5lxzuWLz*ErJ{R znUMN{)2E$^G{z#(P8*l~jz^r`e$+$s4ZzMo?oaM`5_?iozzVtz(RRPjVAk>RjKt~p z#4hKh@1wy`t>`uf{$(;~i@f4yAF=^j+8A8b`*pz2?gAQy^MJP_3?J+x^9bbZae=cv z^xwBZLP6(KR-oa>%1FS+e>IHscB;?j^Q#XI=s2@eUZz+k7Zm>cp2U`n-1k`2)o}rR z(Qw~8@ECV92}8Nbuc3aN7y!eN_7wd3`)ke-aL@!I?t=*l15tGb2nVh^w*W6X#bI-e z`1X5};HgBH^T+Q18~}Cl4jUByT-k(w?7+VYaqnV?@_zY##XT7?+~iS zBo``am9l&|WZ%SiH-u$jkDAz2%%^`TZ@OEZ9+O~AiKqE}w$A4X@Q~CE z`bXzdW1rhF#gR6O+rPgaqJIEAVuLzz(ucytYbYCXpmn`;aQ#7yz0M=NU7W&mux&Lc z10l_5r(cDAVa;b|%jS)bPoH;*uc~oBZ=8|)ZTmI%11)^Kk;g=*Kq|rv69?gy>ul;m zA@w6Sbh_IECV=i5@t6_<15gfA2kDQ9J0lSeHyUOaZR2L#v;oa^iMPblBCtoSVYsjx zR|6bdEEGguht3`lz<8UG&+?o<#rAucKIdruvQGnSR9FB5{^R0dHM{ytuFC*)Y3y}E z4YXmiWi-706^Fx_h#$b$GY)PuX7I&1Mxdd zmFK^T)VM#xSVt0Q)UUcU>frR-Nu+oiIBnizbh+=!!ur?(Z{h(^_?K4oU|Dt_?kg4k1AQHhTDSq)(p3fNiC5O|~k8`d<>vT${IJhSO@P_DrdV9E7 zzxnp|3>XoB_hOpAJ?QFX6p#P-57yhOMGO%3G5w9Yc@&yf3PD5zqHnXG^1lU+R?c35 zHKjGhf}Z9ff;<8PSqe-_V4f{19YLoPwY>ct^WYyr_J5wuL85ex*BpRS=E@?pgZ4AV z({{Trf`fqS5NP)U{__B?l}%JSR(q@8Z@ibQcN;V%fl>v$hX%3XYoDr?=34}?OaI3} zIsVeHG^-5q2;}2oz)+}IrOxnm>+_9+U0yX}_pgO#?>tr5Na?jGbgyi#b|~=;}s#LW34n0 zYlGEYh3hy1PG5TLW{J9f^nAN?`d7lq?z3$X>cGd|=Rusg z6A+X+%FDCfsKnW2(4(9*Eh_R99*p5b(i@c?7-zTq)Zc_wn}MBQT&xc5tY*A6m9dth4ZP7aE`yD4!_@q~_Tfa!t-d9{Up5slR4^O^}jQARLl; z-ppSBwX~~$p_R{~57C96w!BCl$8#O4tsP$r`CG>r^Gz8#uDtIMY{J-#czkcWzPk6c-`+PSv$(Z*JMRR%9rH@i1zm0} z4&d!VPzcc|MDW`Q+VPgIMn4%g^n@Co9=~3MQGNtIRy0*c&I>SK2CVXC0W!`3fC9uR zj737OV2LUSEKeEzDo@eLP6vHVmIkdWCuXB$a31FvF2N%+15FX)nu6;0=E#sMVrw+Y z(aoFD%y~bPl^5`0yksXF&oNU4(NdK3rLdg@iVe;5sudfN!w1C3P&f7+FO;nKm3jKF z5lDMnl^lqk*^=CLx=NaJ!L=Q?lLG0mFF04JqS~s?HKjqh1V&L@MH^vwZ)q9<@le%R zKIn$A($^bl4Ndzws$Z^8s#HA>c4gYd(^R3+JdrI~Ri9mq$z&{RW8^HVV#Wj1 zCdZ5FG&qutWrfT(wRl_%2lewedaoT*l1+>+v=WN!+&!n9g$>YjT zkD+N|F(zfD-^u#$%TqngLFmKDb))Qjgw3LtCx4CsoLuE;=Xk3%@ajuvh~#JcL)DL6 zq;BJ91fPupT1n!Qh1!@j@0*=ix$Kn?MT3d#|+9t|0b2+GT#Oh4yeybg_jS4wJn=#Q7Si-~qcD6c9(UO9tFst@7}&A^%n?Z-C3+ z)pqrD=IhlEIZE`6e_Tt%2ifUStN9e!1?)l+F{TKgdGtqu0*{7F!{(b5LttZJ`RU%K zmVXoM*N*Q)>{SgI=K{AsQxvA%kG--lBvoq3|IwC0dlCJTRgiYR#(eRcBOcJN zh0=D+tdAosfIGL4+nk;^6H*U^F#*PYC1<}F4Mj4PNTgNc4FgJ7S|mW}23 zNpYq!lM@~u>y+)d7dYaW-%+?w^IpMNAJXHxZgwF1VeN>_pR>@}U?Nfup5IPH6K)_% zS&N_NVgp~p6Wh2dCYDdsq!J+%`V#VKjq?8nQLD+;?P89D`s|7{a^i}Ikcq{GaSV~A z0~KTX8FzyltV~J3SmS8zzo5z>`HPeV^e>FPaLPb8x!4`Sj?k)sQ4-|_4Px>3_J*YG z!IAF~yBZznl<8XxgBK$$*PK3o{0} z5B0|nobR;w*ZIt-_|MB`m=D#1-{T5rw^7p|kZJobdbYppV75HU1>BzWKgp0yA0TMx znp^=z2B(@2(s1F^_S^2fmU{?B6Ur8juZI?$Z;tM``Uo(gte8GHn=8jwu8zE*8o4*W|a+%0Vz(Fk7{ z?mHzs2_ZsGO&0P3+Yyr1a?Aq34W51A;#b}^dw_E#*JIuy&c@|=W!DAxAYic=UT7c0 zLEQLxo$i9bk$n7=pMs9E&eu<%z<3=4GYrUF(6+h_pgfJ~mahTD1yIi>mrE|EaI52r zCg{)hTj-wPZU;>GFuGN1iGmaXpY zUSL@XO$l-w>8ElmalxC#KFO*E?>(+d@!aiNz6Nv(b*(N0Elm8xKP^M9+N{=eF@Bcy zx!!aJxhJ+;Sc%XkSJ0ISXVvmY<&V&pcP!FcRjcn-6=O~fQ3}bLx$>moQ@A>>ybvyD zqgp1n8F>aFZ}huCJSx2Aal3rKOq{)H1DOFhrRAP}+CEr(Vw!AYa|P4BCB-fGyo$^Y z+=74oPwj>5aX4$dFFb^{O`BQt^Q2e9EBRNE(Q={dSIl_EY{D{=dyszn3CEfzP79Dc z_*Pj%I}&!$YvD7MG@uJ6)tW_+J83uqzqG#s8F?AD99c?vFx?r9I*)z$wC!Fsr*n*p z2j#PoTReNEPHCP)1+sfWpDj3M<!ZgvKY{iw;UV5qn{X|3ZGtFDHl(VJ6 zk#mtwda)<|<`>85Ub=pi8A^GqGUrrqbqtd_QGcZPz}bid(^}rEwordKV2)6S3>Ocl z`kMvw7i?zS~#Fs*LxTIl&L1VY2>wWDl-3{%u4KiVAQcLh0kvJLfT zEu^%2udf01t6i0dL@?ic0mvIj=l0mDrMs-dp?U5J*0m^AhFuVtvZa%Zr%yuw((GTfo_?{>?KIiJMS1p#GE-?_qs_u_B+997rzhmAiWxgPt_ z`~hE}hPtXHsx0nPyhpTX+VdUI(65$GejM`ojODUWu3g6lhF#+A=LLJ=vt0)qf&&Elt{lIc@!pjb|oi-p<8o#K#;SwG&txdy1x`WZcdtDTe$J-wCvADNoaos!s zfqC~;_|$$7k21?&x1!-9WO=dz?Zm>mEv~+8XwNm^$Pe@ot~JY!;5I~W$G4gc_CHV4 z1EG8=x-@GaL60W&P}9bo0=z3!vE8@mYuw%z!tA}_Z^31HEwRfvdOLu#K|y2VYTOAv zYwpPmwbT&dq)N4;|da!O%4qH(`Z5H;iT9JaK5N)(FY7 zghKzzM2^g13}9d_=pt|LVmBq|E8Hk z0V2NMN=1UmOvFa#945VybRdgLjI?#{gdrbG*S7R3Sh!^u4h~T!$?zvu;w@Sm%Ce8- z;mwe@uo$^bAu@qBn$=6(!(?AdNq>pOOnXn)_>9`}ygMjrj&=(}AVeuV;6cr1+T zcZ%Hto1$_p3hxcUY=a#jsr_H<{1HGl-Zm?s44l_BmeiY(nKPMy)pMlTX2YXm@M`-< z4lX+H*}zY|fVuY`HmnbCR+(XUP!A8!2q5FSYPZVt43pY>4NjvsuCaQ?25ei=AC+te zzEqJG7#)`$-#{nab942W=~1YOTw;6G-hev~3|?`|4Aw=H5?a%uoa zSj~=6TTI-f^@e}N;D?rDvJ9uyZ_DU6Z>-7?VNOBL*;Y!%@!vz^iEXdaNa^pOTm7b3 zatGOV+ACl|@E&QtDUM1@Bzg64*zR}G>w=l?aYm}+7Z_Mw+rM3s05BL;pMN9MJE>6n zz+E1oG?%Wc9t{Qzvu)*}du|J99xy|IBtH}wH?O6)vzNAZRK^nK`sNEg7x< zrv&NB;_!PgpnK}#vuJhi7+#cx>i##1{vi-@P-q@oM*-?*fL!d~eZ;*6&)E{g+ZYhe z`QR&=wtqsA?JNTwkgH8g6o8P!2jp&uvQQreI_~u+_uPE-B#duXczNb9Z#Tf##84dr z7jeGn9(RAfY1!gM-*1o({2U{y0B*Z2U}Q+xvyM&d?>d6$|8;`vB5@K;?XbbYklphH z0F1V|hJo@OPIc^uAa?9(@I7N5OcXWN?Xn`~vcR8!QqFqzm;X0UG=t9mvx9!>^!ol7&+ z8J(3?y+@DvoI_B57-yEKK$T?a5!8-UM6HwxzfR6Mg4vE(vhBx(BCjko%=picvEafF z1)#jZMZKupP&tP83&nJX$bt<)C2|zk;5_B{;(l{;o%yvT6%Z$sZ^B0Up=T$aNzW}> z+nlhs1vUjp2c2uSb8XUa^fU?hvDtCS*%^)Y340m$#wf0_WnP5j?6JE3;d*<^>PIvN zbQ8k#A%~er)nujzDGWu91Oe|)=Knud1cW}4uG{=w0ZEnt?FZU%T~LGXudgI0Bv7xt zZ#(%^L8rk?*56~V_A~?(Vu^Bh9X7jxnZ>Uz z>Suk#oJN|ntb`;y^R zK%8rur#%R$tr}}L@dNWG$W;6mHub!L*XyH#f7NOgS+~YF?9EB{R;O6K&sA#><)Y0m z;CBI(sa~$pKLki-7dLOZ&1(V4Yi*sg%nHyh?LWx*AA$1pGyt`v52(`f^xrouZSO9P z2ZO!6O=kVq|2i+AK~AoD-m_O6LaG{dlqwlRl5h9h)LmYxl5Sfiu@LkNYpPo+KWAfU*LU2uf85Vnb zau3dH1yB?~KBj2+1Kwh1o73iPlxj)>{h{T12qe^XmS)X;>G`kA^j-6jW?`^g_jg`m z|6-z!E~wp={(WHY2ULI-(!2A1^N{%*>DRXW*Ps~>>(ci2w%Khmw6{DS`oBKa#WP95`@moHJ zITz}9W3V&VF6$~@)lPH*tuFV0J^@VwNs~k9a6`&4)FMr`)g>^&jDQoRZn>0GKkUFb zgI#4`-4u1=RMZ_BI#{k*pG19YXX44mN^z2AN-c|r2OSG^s^b_!A>0&8aBEQ52tIiB zm;=v@&Wi3Ktt?!llQi7DhPYaF9ukzeI>hKlhNN?Bj;}Q|r$MB;cIlcdvT=8tmX~7P z_oD(H_Q$4VdD@@fuvnX94SlDUs5n%-4WeaI$#V&Tyv0K`dihN90S70|rH~OZ-%ZDE z75*}W{^WroNQ7vdUpa=freq!G$&h(})hMiEmX>8xl70c2&@*691&Y-kSG$vtn1sc`&hlLDCz&|cZbsOGDDF2M;80c>O z-ckbHt^}XJ;fAvvC-lnvIT@znb!^NfYw?xT-jOO0erZ-KX5y&KZALu2^5_OZMXc^G zs@+jH6ML+mnP4t-BFlD{cnH`c9SB$*8c+G~%waQ5cItB9w=(oC35JAEjFLY2>bzCGLxBl<(kaum8s5RUaxx-Bnic&GB z*kt_7@l+@Tz!+0Vdg@=@?3 zzWvc4E%Z0khQe>ZlEY^{Y+6j5Q=YXhr3Kx5ip<-g?X1eLc5PL^wv8Q%meX5NdNbF6 z=J~e5CKTn!`0~goi+uU!=&W7<|KOX2v?b*WOCwRMOk1%H3Ox;VOi=izhMT`TchB5S z9y<16?i0;K#Lv|hT#8T0?*GRFOjGHOo5%U(+ZEwx54}H%Rq%<1gsy@$5Mw}VYLF~G zVmq7jQ%`__4LsbjGo#US4LE&HOKU8NrXeIiq&Fw##zdRUf@gCQZ-m#)d2K^Q*w9owjm^ zX1LnYI!F`bDdn>{{a)zCbP{+XR4VVp$^dco9X2SFM}^V44Z56d%+;g^row;6=hJmN ztmn+QeGM}};Vhc*fv*zG4UY8$|9kLMJtFwLZgf{##r-*tW93ipv|(E$&@>-d&2+Ll zxMm2WZ1vr}`In>ZihMV^Z+}={fmy5+RENhVma_t{$SxDmr!47{0%lPP{zs(Cu0!w)`7lfoF;4!xtInq-${(9EvYi}!v;$I7IOORYTVC2B8XrK^EfuJ zJ{*pj4DWLy68GiRbw?&6vXt}lZRw8Fdf|obwNQzAUX#HM_`b*Y?SH)%F&`Sf55jkS zN&}#AyUL)tuK*s#-wW-~{a&Y%H8Q;2#&Ws2VbjX(vknXV8UGDGBG;^c9?Vwuk!7Pz zV3Az8=x3EGd0P$-(Wo#`At69Z2!pzC@Jd3qDmS8B?>6R;^r)p?#(-M%7K_E$4K zbnp0_x1=!o|78;tD0-MEX7mrFS`S?{m(0blPM&6C&F}hYM5waCY1|cB8@XuVh zxT8~QWhnLs-lg%nC|BYeAxeFCYdVKyns14+4(EaXyV*Q4z&uYoh z|4<;;AHKc@*fUr{h!>~p)_6kOchISf(TY-dgiK`^6c_i|nYR*`r(!K+c%Shov6&L` z!U{yHHdZ=7xuK8$`4_n!D<&NhU?fVk;1iMsqIDv7yT~-E;bU71h?Pe@5|y+(pq`4; zc&^b6o-o_d&k4%W9D>9-C|bYoJAGRJR>a#tTmh$rS9ys*L6)F4gJq`f0q$C+lPLXp zSpnX7#s-BoHsj1(!P0QLV-51x2l7t^P@zRknR|e=1{ZA?K=c7Az<|wFCY2?vc_IRF zID~CMpRN>>8_^Bnj}#;^jr)+6&JldpO!+FY)YnP&!1W0K4+v_A2s*SS98bR|3JFg+HsS) z30VvE*&CuWQ58yD8nmL=NKrqSeDlq7g++!L)zs^oQ#L>S?oh9Dve*d_kVs}jnN;p} zOBM2Azf5@z;rCTuIwko2d3O@Dj783h=Td=;T+z=7ExS@az|8~Jc7-N#)+SY!k35%S zMl09`WvHan))aeX8p!$MJFeTsy*;t>F;oyEHAZ0pDt^&MEzgYGj4cZFq|I!)JZC%} z5pdrLs8ZFuG4iY;*VA5re{m!7QB2I>?foIKK%u_x_<4_%T>4Yht70M( zlp;yfl=-_B&kZA3aeAZOD<=&d^+h#zjHbpG{}kk3{K(bv^O+E3BG*yB-I!=vg0Iea zICu!pE#K!ASO}hoET<@@)WpJ!Fh%Q8Up;i+n^bbdp$&|y^0RrWvRr!gjd;Zc`oF3& zQ4%=Z1(igHSe02VMtVy9=%u5!K+ClerqM&!#{Jp?4L_Q@Hpziz6#u^V0%CbAXf~J7 zS8;*Osm#0@zwtXW{Qr+gsykbQilGv#>l7^>4ZXGWS0N(@_U4~4ca?U}i4_4e3K=%# z^io24$CW%Xl7xJ=Yom>e7oz81BUB^5v?Q&muFW-hek%i44QqA*TjZJ9K&tyGui_YX z@-yP{*r4x+8R3_bpUo=TDGv=p%WNg-{uPcK@c8@kGtj{evCH;B+-0;D6ipFf-0@5z zLdxf~O;4^Nfi(-3i}>S%6(&k(;m6gJh*+^5^)n!jG}kl`3yfMGgHL>$<-#B}=3tTU z_X`|&MENH?@qpBcHraA`>mT>XLx5cH|y>kIB;=51kH2zq@+7mVUL2Z5%C2EpbDcij zb^Z^Syse!&>!(g3Z@|m6MK5{wwXDo2A+?9!C>O#8EoElrwm7b# z{2i8iZD_gTK_LF|1T|d+giVgLcUSxs+R<0~a8b?kuJtJzqGYM|$f%VnFj}gVr9?}t zOn0(CC(l!#B(&;o0Pa~dzX0k;nRwP{w0;(Q9MYT8n=|Ueg7k?G zd*vD(zCor7C(@aoh+|j<>NqjQSeSs1?AaEbaQE^M#NjHNbF}nHw^gmQ>4O*RSflTE ze1C?X7CqEd{i^Q9S;sn4%cR(#Ik5F9=|DfP6c8d@IM_F>yzV9XViDoK@0aTS$Vd~G z60|XL(6we*-u!dm%QMF~w5RdCJ;=w6m&wVrqc_=+Ioxi<=Q7qqzHN%D{ubFNoQJ%2 zKdFWU>Z0(Z+LDkSM@px%ZFotljMRu?(!cu}{JbS6BOtK=F7G5lv7D0P_PgzN}|Eh zv0QreJ}r~KE<3oxnzgB( zTILyzf;TRi7o?~R^*u$^7nRy^mOg4PkglG|Nr5Tlj}pPPdjz^16a`W*wMf(N4TwK; z;q0hdTA}PY(S3y1aJG>z@Kgc~RNU$@i#e#9=CjOL)0+|(F@sG4glEjg1PygO#p9A& zy)2ENQjDU0Bt!xb!LAFB++Z(yaIatdNCKTRZbRJW zCiP*s&ohkdyEQh;GH)d;c|4`2iby@Cc>`ORXQ;!jUah63u00R_QX1PaB>(b0K&s@> zExO{`qn-|4_w|M6`xr3jV%(2lHC*$Wcvjof#8OQkMmoFM(a$BoBtMlQ|^JGqhH zYrQTZ6O1rgpX78qG`_!LEm8!yM~QJa zwtKyuyE829e)M>Wy6?7=7hqIm)s)qi)NompLqeb3LJqS!)sQLH0C@NuK8-o$GjW|> zx4DnFy)xooLKUfWwv+@=E5#;-&~Gz#`oYb=y9(BQI8p^>aD5EF)y$Je54CtQc!Bv) zJTSU@I2leDBbIQ#@4jGHvTE8$<;q}#0#YD@x!r!}gu=U*(3ZTcE^er=@zI8Z3^oQv z*L*1hkC6!b1t6#*vhfw3@!Ps+?EfsZ;c!)|=cyZ<;*@r>fCzdj0}XhHzefln~prN`W>T_ zkIpmyT6b7M*ll4=FJzE1V}8SpK=ziOzYNkSFAz^_#Hfm_WGuP(;cC9=3Mxox%-VQI zk3+3Y!}noS`9S>J;@A1?1Q813bw4e$K5UCjIS;ez?A;tbVlRI7HUVKvGWpT%V^??szrFz~W(Y-6w+Z&nP>4oJ-mgwvRDnK=9E5} zCi}hblSIRxOW~EPAcQ&HEQ37pPfV?wz&TM=KjSx_iQrN;%1~r_j1t=+#8c^PQnQG0 zvNqaymkcL2*S1#WXu%(0A{5blt`f4Rq>AXMXxc$SWvNcm8|MWP-)waiS#TZ=iEpJZ z6FGn4-8wDY3>7ji-OlOFBYwVk>@}(;#*en4NRLUAtOfjNF{t?W`d~Cu$?-#^?u%3Z z@pxxBcTMd1^E@Jmpe-O#z98Utdf2$NbVve3>B4yOI5DkKFDq@4TRcsj&O18yG(U_M z)<`W`)%faY(__~Gb-Si!K^B{nor>IsNRtU!-&f@VkO-Ei9z~Ol)0lF4OGqO3CDeNN z`ms&Jw)+@nVW&0TlXcX@6QwgSqEz(E#aMdv4^NqO-XRM}-}1~uSnHxsz8c#3k6x2n zy=r0#1-0|nOrj}-O{`H0UD2_$FS2$*`2~vmJF{lT4xJ9F&p(L@px;e26`D0+Y(>S+ zB`Er1;8%c(HBQEDB21*k7AA70obn_cQ*wW}rso~s=NG<%RrqB^-ZS*&aNNM!?xa9{ zaj6|-Yl)7!e{VMbv-Wy0=9)FVxU~OWq6YE!}+mJtAQz}t0rBz#J zvy?hmlmN~B+_J4yLYYz!h%<(;^1Zg2D6=0r?_JaQ;*ls5k{Q4g^H8u;&3qsiv)Hi6 z<1pN-;hh8TW5Y013VwvY=`xe2tE`W2 z9K@sy2JV6DnqL!{Mye%Je$bNGOUOKk`Hh}8;3vGc?1DOI5N>nohGE)~(K9wgtP;tY z$BQ63h)cu{6kRkDarWX`BOe*qjnHSFbc1w4C__V-PZ)hZ=bd2LPdR$B>bYqXKTVP^>uC!Q7srzEV7M&PQ#@K41JNJJT|fDO#rh>xVj`v)s4*( z7_oM}v$ip%945M)!X^FCWGM70axDMeD?->2lXRziLL=-lS@qSR2KKwwzBmO9rGsfo#=&Zks2}ea;21bXuCa(U2SlTLqE$R zmU_50l+(GNyc3eimD3AtV5xHr2+*~ncqEmka$U9v8u2%hvF?v=dNul^K9izOZfh@-Ht3}g=028=*S1#wPi}i;tV<6t#(;L zT<(!G})gurc|m^?}c#n~h&D-^Fkno+ysf2nSeu zz`v(r=7ep#S-;_%r>nE{8neVy1h2$bNR4kqo7ro;aW9@WiJ5h5pO|UySf>!Z&U~$$ zImTO!>`W1PtYobtTE?*R*G1dwL}+;Ds;M4?P}j0)w4A25L9aaiGhtJQ3o*iao45Gp zF4acwRY$#;A%vG6&cQ<15o=?N!D#17qfdYHHIPLY>P4j-xq=WdqtEZkZS2R(kgxm7 zT^UbdqMAsuqxmzVPo3$t1b#pE`~7nr{CT0j{^Qm|4s;J4%XkX$N#i`O?1GXjLC=Al zDVu6`OJAGb@ECGcijf;G6ZrLnXXiY047+)!Z3r@jvd@Jabylq~=_NYk&#lu;O$~w@ zGfQz`v#MFqx8!C9GGe9KlvJvCkhVe^`9Z>8-x=CPt8;Fu!K;Dsgfxt6GKo<_*Qri6 z(KIQLU&zn&+OklKt)A!8-$E`WO0wM$zyU+PlJET|n+gns>=kRs_8FbdBC)||tJN*74q!3S36FNidp2M3-TdVlnK_|Qh~guooe{Y!WNF#W zroO^iEwbD!q@_tvTAc`oma`Qz$e}v$h4_U5ouqh^17Bg+vURU3Pq)0G-e=2wu(<9( z-J*X}6@k@U(s8xbXYWA?39uZGG$8l5?!q{EHMnnoc;#Ax*dhvRFV|w@)pFb{8%G_V z&|A~tSGYYiuDbuukNw}Rhb=`MY4!(%16w;`Tk>Qn{3XVm6_{lj8-4KCDx9NI8;pF< zd+#=Jd%DEG{8fl+LrubYh{bSoF>^6XS{*^EUC#wV(X2JR`V38DVG0Va>Jmxx1Ts~_ z*t{g4(m5;Wf?nNBz{=#SxNAgYCFmBtzZq753qE(Upbf{8!wA=YJyS^+Lwpc{YK9Gb z1>A8!d?EnbBEOk7a$WI2xiQQSXLAs-l)4pkB~WuLQHmh!@7vHwpdl?4iIK#r z|405ab{&&XDCXw59{!6Ee8$X?ftTnBns~}uqGtxIpoC^Rg4Ky~3unVdG!Y_dV{V74 zsiS~yuxKtK(HBWIXM-&4j_+S&de0jR6?U#sd6TACL5u3#$r7YaH0sxt>Y21Wn7$`^ zC&dPM*4W7cpLb(Mo2I{*mLjL}G@9sAd0bH6i%I2D@fyagfk+a~UPx}xczF@w^LNNQ7if(GLB2Vn$P_%qNpjQf2RDl_8@j&9Jlpeqn&AUg52Mf*v) zKMUWvfmnB&wsAwYCzvenSDyp-efXL5N)bv?tnj&z+bX`;W%u9P{~Nb~h2>B8<1KD3S@`E)^>amAyYs#g$q!MFOC_nejGoP z7cEIA&~?Z>o<4$YwBdY$KC+q%8ya#Oo-H+5$P5 zqYOyVjxf=o96^&dh5jvD)B=VT-3&0SKezbXX$8ecQz4t$dPC$*@{yjacN4T|=Xy(p zNLqUbewZL4q5N`vFv8IgnC1S`al0~a1Rl|EYq18G2CZh79fU0}{=gmUvCKm!DzcX> zx1TM37%4=`TRmWLspd#!>Ox7)AE6oHNUtSa!7j!`Nt8`&ui!R-y`dR3zo}!nqy1%7 zx;Vvv)GeyPYwkh>W^wFv{rq?lkvc8`4Szik>5 zBqzr|scDxzqGH=gSJ+(b#3Y>R?oGA+gDLg)8C5bl^--apJSS)I7|5B94XhN;e|TfKRZW6=?~h;UFzGaMNaSroK44 ztDH<0skO$~;JNH5Ij()wlL&EdFp0tmlU`cHO|>?_k$U&jGnre3gKu=?i!F96Z+6G9 z_tR^P;0T44;+A~LZ9g7IGZ2@WJYoObtK99JhT1sk8%KSAMqOf4!Rz7WaPp)XDOw1A zxzWvgV65ySs3oQ6tuEffOoY6yZ!zx_JC>eV<&|ebHxS*umzvw7V?OQ<%Wj-Q?OP`p z2RVqp&U0X_S3FEAy_Ue6ddm~UBUu_1?gBHTqp`NtP@{7k-l;P=HO#oB_R}TtZcS8b zrBiZ}R-gN}lDr4>U0@|B~C*r~dAdVV3!hR<;MSGG|k@R3dMQ!&GsnQb08>O3(r zFL|0@oX`}n$AWD+vy>{_D5TFrLJ{5Bux)^dAK@%tM>IfMa!GIH2tvbb4117u9mEL83C7 zfi1Br3PZDz7P8oSCo(3(1x~RL`swn4Sy|F%!gx6y%=QcxP(grIb~@(FnaNUJ-;(rX zqna)9yG!Z2d{LpXx^O8XjaaL9#Oy#J^k1Sjki;TfkzG{3w-EfvdeAm7n_*c^K_w06 zl6+z$4o5Fq@kEhJZn13%AwPq@*VZKfe5$5e9FH6J&tp}cB0)Mb6to#H5@&{cMsNmm z^fToF1gK*gC!{)UK?&T%G+Hlguu{8END-F?E}bbg)BaI#b@Zzc9CH(IyeK$8_v$6#cvB%EW$9Vz!A zR8$f?mZ;V=mem}nSQN$5+F3X~-h<$nP*h5U z{1odX7VEMJ53LTk#zTjcMhl$qC38zX@s#FX*wk*eLC4gaGf%jv}By`rmEX~;Y*^wcSpVvB0D5a*qHWUTmWtN-e z*JN~CSpriAo<&7G43Ar`u7E)-62RI&DcwRzGynY$?r?^27>sBJ48Pdam|ZS%g<9p1 z1~QtLr;(9BMwkl85PIIU=={YxAzF=+wZN#F9ND);A?(DVg5=;rh-MjVpVGO7{5l?e z6&*M%LHNShYE9kuJ1sP8Qc;9y-w~@~J=jgsip3Z!XO;|5QL*c9S_)Y%6(vfBjP=CM zp~v98PinN{&=m&KT+lMu>d5m6fJI4bRO-J}93{j4;QHu-A>U4* zc_gYJkNBh|r9sq=LS{FdXf{)o^TJj>S+3FGEcy%m#op}hc0qd()e1p{ne)inh^`RN ze1Girx|AK_!l9#g51MQ1cpb5VGE<|MU__>bq7yuv8Ej|rDh#v_6ZP^(xKS3XqJLFy zA`m_jnUoOZcNjXcl``@qKU1H#BGQ`OGH>H^NT`%}oGhJ9v_!yX9F!~j@q3~C=2p(} zN_pyyrVgF@MxI=-SZkYxwNdG~*lmck;L_)k=_7-sQ`~Q}SV67!7@?lB(icz1HkOQa zF;m;ECM_GO7aaAH8crJJ8D@;48ei)uvd=}M9+APFE|W2C{lkC3@y*SJcLR* zH*n`iMoW%ACNSOG^wI6{=--D+d9b4-rE(!QqB(T@*s2fgo5xZC5;Ii^H>d(9MS>M& z5v8%tz0xEXB|(u2lAirtL~uEG~{jkAz)!~MHXLmAAS~%Hu%kE@jwQSqAZQELIdD*tDE!S#qzvq3P|Ka-F*L8oHM6p-b zvI&3A!&42{Snmi%{r@ja?FptFopm-;yfl&u1j0^T$SwR zj;^2VobEjL*u(ssMnC?_5WoEQ1FUPLBFaaFDlj^M$z`kM5tpa(P{}O#Zj*a|GEst7 zwUu#EhY2O~{+h_-N0hpjr#ViGTAo;WL+y|%x(WKrRy%7rFWF5tyD)mZgDX$LSZ~&?=zeqab}hQL^Fnr`2;`DIp$@ArXgL(9Psq|^nP!LO ziL8_@AkSXHEj})hDAim#2mcFfv8XPn+?l34G`ik$tRdBvc5`Xk~@=qy+;1*%; zy<(H;ZqLNcMMo&t1)6C@4WGX;u>;tCa-_2kY|+#rHPe1BvW|gr(95Um;J-M4Uywkn zlg(U|aZ{neAI`=QhERpMTwr@HsyAoeAvz(cWp9$FqA#af9{8JQ={F(%6Q;RY6&28{fk!*R` zO=lYn>&jkJP}x~wCp}7ZGOvBB7Am}}%iUF>(Ap;kS32}t>5&&KJ?3Cdz+-L;p%N{7_kq zRFgUmyBZVeTsf-lDhKHX1XbP2hF zC$m;A`8Bs$YwTqqp%o>i=1REJ!njVvRf+8VHh;t-kn`*bN;ujAkNO||2Yn0g zZ{4LL9dx}I&ZN?6mm;E=I59N?xiY!_bX*%*^f}l586bio2%1G966lDmWu4%vfUwSo z9uh86+9p{~m?d%8PMEcon58r0g_hB(c%(?6vz+q%$8u{n|EmOn7+YqvmQw|mC=le? ztVQX-oLIFr>du6J+sk>-jD!KEpJ{MXMQa*ZRu-Bj+!0LY13_i?`X|J{sJrBR7>Xnn=Ds zElE$QYJHVMla(M9Lte_tT^668yI0w_HA!HI3vd*mk4M3+LlHmD0EWd(Q5IehuLAV* z0(DNPIn0nRVhX&JeJ2n>Rd*#+6JDYf6i)6!TT)#j_&oq%1@C&}^-q^+y<@IU0g!sn z#Tqy&6K=N~ReakG+-!jhQMxMtV0S6mzgk_u7RTc`F#yq&~oMstLp*-yS< zhO(-f+OXIRMG#Lb>FNP1!6{tFEg|;lyiYC(hYiluBc^n-h$chN&_maetP~G)z&#ZB z3bh%1_m>SOa+XruveTf*@-1%U1@)*mVFAK-L6+- zt18VC+Z3rsTKTXk?B$2+lpbqI0AksoH9-0xi%%|vxq*iOMw^A zQWbxqBCHLGOt_f)gLT;{-}O5*exxef!d3Nkl2`pqe*TN#?j~q)@)*WD{i~!1Coi^r z%bHzSW>i`v5(%194<;}6))CZEua3#<8gf+R+uN#%^eM9;=BkKsCT%IiJtbUX#JM6! zx_CmF?8~52MLGK$f#0tug6W!Gb1X0FF29~Z7icVooyWJWXVk62^Ms} zUF545wu|yO`{R?;k;&=~%mctmbY?(rZ0!jxLPE0uszsBr5kyO!#bIuAo^y|}*F6f9 zWCd2qNE>nVG|YpftW>lsOu{?9K%a^xU;D5;7z19WL+SWfpHgpHSg*C3q_lUjX&WHwTTH05 zVi^(Mpc!VhCyBH)Z$B%lS#pPA8isSN59N5ne}g%b^UM~pmye82|K+dHIs~XagI?3( zqyqVGY_sKw?)7bfpwX>=cKf|KP+}OnC`%Ow(r_u3a%?zZ5 z&k#;cyP**i>lz+0WH4DsC!HN)$7qecc6Mn{`SYY-QSi;cq$*#$m6PRW9`bPJ>iyOo zy*ggAG9G>8_e;2t8Eet+TcpDQ{FLf7(4qyZqtPFXC^n(tnvPXy%(=WGkR4AP+ ziQ?SRP)zqpviZ<}#|rUQU4Cg@rGE0JS^o<^m@+v#;hSBYkSv3fj8D80NZt(x?ViQ* z)eZ3pGbw9Ksl;w{6n0DLn`K&~b%1iB22?9%<2_Yy52@}>`e6em6-?~c7>ZQ@4*On3 z%_+{1@ybb_?=Kx+3v&}GLlW&4SM&&{ton^sP|L$59UQ`{UOlhj-LcgBmm0|9jZ|1w z!>f0!@Lg|VfZ=t*Umk@G_fOHcG@$u#$Zr-3Heh>0VZ!+Oh&moU)#e!^#YR{mQmg*a zfT&1vXwYMcOZ^x{7-iZ%fH^d04WWz$)miCv2j3Twu2tz|lmcNWkF}}@zP-d*55WC_ zI8R9f1?b|_s`Gk8o1i8o1s@-h5G-^~)gGl_?@-21M{rmyjELuXg@bt7+MapJ-gi-; zA=3hlt6h~Y-()sIr8twvt>)*rK}3(*~H;Yr7)*r&<1(GJk5 z_NLAfbJZ}yOh?j@MH;ny`G2(8^Y=3;WpbRqMkqRbEIuhGnxGmfB&`i)>y>7xbf{Ov z+0WptdClx@sX#mv#XaITHd{6QMba6eG>lDrA2>b_$HWpa)>L|0nB zsW*|X#4?q?{!wbHbZMJ&OzSr_JnFhH>aU#tTN_AUfKtZWg-N3PEv;c}O}SJsCjc0f zYGjmt@@D~^;l~e`)(JQP&L`dV^)CaaP3oQze1>tIJJR~zR}WT4ftCSt990vB{8XHO zm@;(u8bo#iWUc3tD+&0I8h2-Tt(+^o+*W;~JnR5Y1vbHmB@ToYsO=!bTGC0aPPi>s zCRns+&r=R1`J#3173m(RD2Uei{z8j?SPx6XE`Ok}QGSDz>|*xOim#j)aB72=^!zmu zNY>~N26sc1X^zR2H6^gV#*JLKQBpc}{TQbu6s_kg^3g`eignqPS`?{pA+7TzCqI<( z%jZK71zwj*o`V5#z-sLtzc zN@9s&^Id0~eSVnmN&+=G_9SDPt`Kz$1s1&u7j2$;I%yix#BkwvLTJHZ`n?9Q zI9PXZ>m22hj+dszvA8NCdJXh&7`&0+YNcnn619|pODE!L^~Ln)<7#r|au-QkCyAJA z<*LG;MfW=AM98rl$djEl*>Cc6!jQHDLjyRWvd0~t#H#93b<%N}d!u&#g4U~go7Bfz z;s2#^Vv>K*KHTAuH^Oz%s2?=(E4!%t}Mf}!ZG?Y zT9-(E3+mWYQ`stlOoE7hW1BJ=qHTefHA;Z-(zkHwulq9UfA!yqX@0Q9R-VNQ>M(6= z;x`TO;cglvo7%4-WOxN;FWHyNzv*lG8q$g2mhHjO%2>*T(Vs5!XYt`*ex zC7bkD1@Sydt0`tpu8w`h{h9gd+I?d7!eyFBS#4&K;O%fBi@b z)ecec(w84Ac&0n8s{0XC6B!U1q%vwG6cu78UhB`FJ`|`U#}tLJ2Xc`1c`gDArF?%_ z<}I+B7p_-Fx8|n>sZ{U(E<6q$A>rQDLbOTH7``V{59Ckxy4&orizeu9NG9chiB&&6 zJ-q;i_U)MR!I*U76y+UH-f&bEDHkaGm1Lc>;+NwrM-N$)0-**N1sO}7uCRGfIvUU)lDtx5;=2;;|Vxg5tOknl(-oZ3m_IaOMiy7T+twr%lH zydf&7)hAzQG155s6Mzx-2;j&=0jyM8`_s|=s_22cbqm4?viQR%R4clbaZ%Sln$AkR z!2D2o8%*Xhz&ZFO<++(sMsQ0ga0Zwxd>A>?7(L;s7=5Q4KZYo@>Rd05^ku?Va`5V7 z1TL)@+SNZ!6br6y5H)Ae#-zHnm>({PjHJTtm3Ra;Q@m|V&zij0c8?TVp8@|loU0}l zMzdA&UVBgem&~K7G7N}K+*h50K$&i>#_^A!Q|DDfmU+(Y0?jv{$xMT5H<1tL|Ggn5 zYS_;KXiO_nV9O;4K zfX%WrR1j?N?3J+zoesbkF!GYIdb%U$&~m=Zm>|3DwXol|>X0GB6{QC)ZY*T0QBFUY z)E5&hngAoAu_q1)C`>Y{_?v2atEjG6KSioA=|UX>j3Gi+6x|L^@XiOUB6cJa!h&SX2uS9G(y_fhdQWnpiwdJ*2iQ z-II^Lc~-33ldwZ8bTh7@S((g|OVj4H*V*s~YEB>aETzBAc~B-*dFntEc4{B(dlv#p zWmVFakCcd0J6kqKLYA`%LRr71A>p1*S+R>yD!n%g2Nmt?6W!A>PMiiP1|#V>34x-e zp-dK5l+Sb3Zu0f}9-^a7G~OZ(oRvl-@oR?h2Cxc+s7mcmMbQ8|Sm@_LNz4FM-7sxP zHAXa6jv`7ylBRu-Y4ilMT7pjH8$J9k|6{_Ex6yY)i|NGNXOAZ8IK|bVMG3S0w`io`acRZH5&KNglEI7I>L;g=lxOZ&|BDQqE39 zuYl!_s3x!tU7D|^BWJt5b=EH$y^eVh5K%Fz%U9(M{zaad}{mTV>NDn zE4I?@8~@G9e>()@CXGMw7t5_bpVZNTUbtI5=a8@MZSMU_A}GLMmCblKLHZFyrV5*ct zFKQiarV2>)-JwG(420`aa#^{PY5>1@AQ$aD83A#%rygr?>S9A!J3>r_Mwo|XTWxB9 z>rmk4j%Zv6=v%f7!;trsuciDfm58m(%R`cb0!T|^`XP?5SeT|F>50E>CVDcf#XE(a z1+ev!@WQUL6Pa2 zhKc>n~AJ%SQt5f^?lhgO_d6W_Vd;Vds6^Fm^{ForlDQknW_c ziOcAmGoJH0I)^6#7|b0C7Xuo>yf3+gH&gs-CI{`g@IymY$2k)T3;E`yT8{>AHjF0{ z+4pPXwO3`M=F8IbO~2iFwsx$O18`Z0Iqjm2fBPUiC(@{oRH0@GQ@{zJeTAmQh4A&9 z4^bWS-1Oln*isPsSoptJB1hi~Tsb5g{u@BJO3hA-f8xgaV@R=D>AS*%4bHIfs=(++ z+yqgO37y`gWwg5yTmU>(2pC~inCCq3cjdL@oBBaM;azXg8@>mkT20WzkSklG%2m0N zkd>N}ii(s+m@Gc|5Pbq49vwRNr-|+12flcb5C5Yn-p zAyO{k5V}$pPB%tz8H5$nzI^6TQtRsnDq)&Aj80-mmFq^J@_=0KgJG!r$ejan4zA^ z5WdnwqlsXa;#Ti;IJq|vfR}^RiVh&_q&srXtSo59bzCzH4beK0_i%cJ++|G!rQCRO z;AGksr#yd4Tk?1q(@00C@w>7X0%j$(6`kTSbCA=e>d}-xn|wf~m>^3^;Bi5>2KsQ7 zU7eu)yKl>P*_z%^_^)KL&(sE)QE{`Ll&4j#R9jqoRFZY{P}pz=2MJX_Pwn#jB&S`X z-nS~o(bOTrJ4d;0&6f5GoYj=VlY$SsRo@(HJ4Fbb7LpUVFsC~-5BF|`m3-o^U%(%5 z{2dG%*0miwb8V>`?f%NyD3iV`ltGb-3{n%QIloQ#WZ8CF7F*d7hoy7T+}>9@h0`PB z@kh=!|HiO4LcF!m98I3+jIO z;OkjK;#Eb5gB)?GI`nW}z7W)ZbI zJ%rWj+35J2Vz8e&J=#=vZ71vbEf8x(v=?_1Zf*UvLKzWL6jP*ZpG$OwcON48kL-?W zN?*y{o;LP?XaP1RVLJz6;6CxFNt&Zu%Crb7eFz(L4eu7|QR^*q6&v)MvauoBtFMm4 zm_}aqWMJxrK&O1b1l8}~kOFd?$6r9(DZ;mg(0#) zljE2>ojMc=bxye6*M`Pz@=KhduCjd)R&P|oNY{+@oh>}Wh>x- zxY>0USkyDKqh=*ra{Q4LJs(99`Yo=%ZMQ?)_K%~VixLAOdE~-wL&4$(*?>%fo1BYW zmYNgA%7$nlHW)8=e__&DK;G(_Xu9=Vl>RJ~Vv=|iNB5vJ-l|9^X_8vYh&8J9i)Nx^ zsR2$Q0LKcIqB*xLsw0&Gm8oZ2?WZq?w^}!%Jrq-E+F}Hq3c^Rr{Gvz8pVJ;=pPcZH=|6AjF2g1j;ulbY9r;YA7; z(tB5GosRlEP|T zEXNMbC0eq$87&!3dfIEtQ#&_Ez^^{AGX@=3#+w7AF}i>w^@Tib&QK!0E&))zgV}25 zTl3>ji@hL?O2uc$VwRuP4vODfMvu1>D-W+g3TNPy&vfuXwew>cw z))mjm$R0I#qe^|j&e%QEE0A90C5++RD^%&*Fmim-E$8k5qIuvF`$p)!`Gc|izq zN0+CD(T)N%TgEN^Y20r?>^KiO7*v_phBFd;!Eg@zLkeB>icFCIksL7|ZIiaRv2JW6 zvxSdvk^}ie;`l0%v;7v+dhu*)i?foa34kU)d@+JqKf{BNG2z0^EJ2lI97Exi4I9~^ z_p|~o-H9>!>z0?35fxl;VG=@xov3Y9L@pMK6rSst&zQ;47S9j#VoBJKP^WdO^N7K0 z$b6;-wBI}x&@I2JqrBbGN+Q&tWRSih>qj&zSoNk03y=;etDx7BQW8}!VS7R&IF%_! zVQ=-fThTb_7S2Sxs^lh(o?d=yhnzP;zm8BlH!c?*J7*I3^@$2I5ICG! zNyt-e6xjA(;g5C`goidF@SJ8Oh(8n3E|typux4xFkcumuBJ>lDpuUbIZ>zB(AE6Zm z4^)6mST3gk-lKXk!;62NmF9m0vKJ?7*JC1@q-41?+5F!A?2s^*AC?wrl)bP*{hefa zk}t3!s&9`K^dRbbAN~l9{5TCN9J@}v5Gs()EwJ;wRGeBawjFMR*{*`(S8(`NQFzray8-DBd();UM#bW_;dm|nbWzoe{Wz?*JWVk-Ejom>U;pO_8r!vxu&f^WR(*T z4UV)Um9(thzIy17Q!6_CmATu(A?r%6P-MoiLg?0YkZ4xEG{3-4y+5DHM`L{^VNk1E zpu_8*|H*Obw;2n$m^XB)rl@QYsT_^*R|B5y1QISy_I%`M+s-UoaiblV(P+XSwk?B) z`T|SHP^Lf8Xe^K?Nf@k$Gk%b}hI8ZE9lBp;7%p*nwpXo8a}{|Fj<*Y;9@Ks!xlipJziIu6y?D3WD7=_b}U(c!DqJR2-!h3hLHg!}CZ(1@LY`2sL(1R(cINZOyzd{Hrd zSV5A<90LmZ{i+Vq0Z7^ukz9v(mnXnz*P5vMyS6RCoSJ-fLE!~eBvcwZBq^}D4+c|) zj&vTfKo$)1QPM?5S^AmV|I>xMMYWBDUfE|MmlRby#V*eyY_Z?J^tdG%gkGg1vw|yY zE2r6jV5zR;O~$jtiV-<{6~^jn%XUdbjpTknYU98qZHs60cY~LlWdPu`a94&$Z%H)Im<;`3{Tw7E%+5`@@={Gq^0Vs+L=Ipv&tZIxZjL9V|=)JDqOTM6X(l_vMcpBsBxWaFyApzkISo zUobJ5N*m}LNVu8zp)}G~;@{hI1P|&V}QeA`>`E z*!&hJo?LBmgv++E>tNX2OfcRl%4X7H!aY6Ea^tmQ&ZbSmlTf3}WJ;BgN@ALfl2iQ} zG8r;^L$6*y>OgDTen|UHR5b0AFegG~(>g&*B9)wZuX7}^?hzM*DUHBHup}{8H>1xP zbr5K9exmq&6Al|R5{aFZ_Si!R8O7m7+-8IkaWSu5p>Aq@zHVaObtaFFtiQLUhdzS= zrVKPklc!%+7ebkVLVnJzAJmWGJd~wdVW{o$r|gH$iW`?M?a^u^CFKqyRq)=P zMj^d!^^4gPuL^NkP`Ih*%n?Byy;t7b8;gTqV8It1{;CCw;LuzonU3b>J)iW=yjHQ5 zPo90T{R>0#?}G&P+OeD+e$U!NzaOgIdrLa**ho;vQ(TdAxttwbtg5b!ySN2Ofic^1 z(x$zcf^%@y28F;rU$tPIWy9%TQoIO{cKg5c{r{^5`)>?H9>he@r)!a~*|~*JEY?)Y zD1}lowJlkvP24(=f@c026x9rQI#&{5YRux<-c(b%H5zrS`BwQSs)Yf+r~`g5?iF_|w&IC?=HJ8S|QxFLwTA>k5S*2oXK7q3@(>PI@_J)s@je4s4V!=p9FBx*(C_KE8JD<_@xuCy;uk9+_xBv-YhWL>+;2%|D8Yy1CESDQIU7yB z5l)`K7&U0ftXM@uwZp#m)d6LzL!|9Y^Mge0`z_zC_y4$#y`e5jHoW;@*xZwVW2m6Q zb00ev=W~jaB&Z=k@^|SvMgMZQoMom`F?ED+0Y63iONkMWO77{LAJeU48cwk(-*p~_ zd9IVIoQ#L~6A0JT=EBy`381f+TxIsjaKQCJZS$oWI?5^YjOVhjyp*m62%S1Lc!|&~ zNXMQ42!14=$VJv3kqKDoAUC*U3q`WBN2R1VNqB|5QBMe(fvIuQMEbaPdGh)VTFj~T z11Fwyx>bVgpDbQC>peMQ>fkrO1}b}JBt@V^hf&-XtrW4nSUcqad}5T740acbBQXq< z6f$c84ey%nSDPT6k|EyrOPg87F|$&k!84}l&jgU{FS*8Oxj3Grxb5U5L?Q7m8 z&INl6J#zl?kF4@S;`s1j(kBxln3kqv#l+i$KQ& z*T;VN$Vu-YS|zb(mB`;p=in_vOy~do`NsF}|3)CU*vr_I$(Jgi6^4f|J{ArdIeO;K zSB&ry{CUV(=L3@f^nX}pxmPAyRUdd#rN4|Q@iW>fjmXP=(>1Ca6cR>#`n}1E$gZ+k zLwth)#B*_EpE#)`0c!HK^7ntN0?Lmv2gvPD_o4u|A8~H2qu09}!ee^hc)GRA4>~+WwF)|q4 znOy98Vf~S~B8tBZf9q7k3w$NlDKi#>G0ygb(8U(XZ)H16VwaAWE140+!=Uh_>UHsg zz`zSW@tK;KA4udWi=sV}kgo-WoKWfuRQ7*%mffB3n(cmAdnetMk+v>NWrnP4|1cQ)s9 zGt0*JhkNrF_zoz?q zViW&~F|Sjuj_l%C5aWQA!sEIHdyxEdQ`M&lPzx%AI?WaBU)iMyWdw`z@SF>3F1R#THdlHuv$}^1)9pz ze?vvKFF~!4Q&I~jkouAor%8ISKfn{KN6o1Ve?*HHF&K2lTuCYFkp;{f(k)EYNrliPOwbU-|{qMU`e z7Nb1$Ek3;|92sPEUr1tSYA*h4Qr0CwXEdU9cI7i_7$odzcsftIn6kYM(%Ty}2M z%q4I5Id6zOQ2LvE%w`t1c9Z_(L_2@loR~t7P&ac6k`#W~pZaCEgOg-sSNgzF3Nc2% zUhaT9g-G@6#DS8Ofhiph^uxJ*mW#Vqt`xkgErtlu2rw#&a1Q!9;jzjOCM8a?5L^S+H`{8-Uwb%Ua3G>3s^}3e^ z9pAlVxz!V|Kqbe@JzRV$mp$f&*}S58LuY)Q>fz^ii>^$ow!@w50(X-Y!P=ydtB=Gt zBJi|WdmhhB6*at}mmHHBFVoB-)UZlywXb~oW>|MsV*9+Pe_OrcDN3VK&-9icRW!^D zzY00A&>*Ium*@`zdjb4W@#=y|LvG+>eo>{$E+uu+rTCO8?3gTEWjq&ISY3dLa+)?v zu^pdi8%$?sQ%U1A=llt|bJ+s6d1+Z%9ZvnTv`&?(H>#G*B%6aHooSu<2|a3ixg0g~ z8BxJaZK0879)D76Xuw%qAc$4p5bLm@@=9y8TC}T?9lto?a>}>-lHzavr%9`jPc(7| z-aS0+w%HJgFn90!x?@7fPgY3H#I-wy!v*K{In24xpiUDB`XNjE)J>9gLoMf>PE_xE z1?a2Rpc!9{tHa8@IYpft@WY)?Pppna6$kLU29HjYU z!D8%MoHl%X++WtbXWtJaSUp{ALScflVLjMtrV(9L#VTx6+SkEGb1HlKo0FTf*R<2| zo=)!!6ZS>2qR{`w-~b0f1pEbd;c2O=IDd1wlvDyG2M0l&cS$4yza)PezipV9g4O2; zrct;aOlfOFec4ve-@)cVoAn>J!pEqsa{~f;m3A1ev(Sdg*hmc$;f8fkn)edD*+~bpKK15vcm!tgZ$rptkAIQ?&c~|ixSzl7%S`I z_2`>79OxKn{|xZa(5M|LZu8$=xkB59c7Q~$Hm0XI)beL=tC{`2gounCvJg3Z%g%*Vwiw>|`7QTXHo3zHy?9G*`^cV$UerY8me%&1eaZ#H37V-J zI`VS_n6A*<*Mvv1psqtwSB7D?9&QDE(!B3-A9X_Y@*?19EO6!b;wpmWWz!9oe~M8n ze5+{h+dmw0xv#+wKOX-K8tRr_;7|7Hly8frxk@_~ccq4Z-CF4ge*XWJoD*cRhFypo zv9av6YlY)Uwp|UDYlktzrvhI_sM#TlolsOnO95OpWGLoUZm%ay6cT3aqGcbFx->#z zFh0)3WA%sv1UuEln!aVGSB=eiK6auDfCF4!)T&`U(E>8IMq0Z~b<#>MtG`hY`s@-+E1jnrBF(P9y zW$7K4wmUPJgJNj zfgM&=J!Gy0ZzUHkb;OY1xYG;n<^J|4miCHE~aaxL)U$!-4)7^$}E!6*wnvGWiC3492X(@ z#~^CCZC&0DMJgL%UaGj`>Oir;(Oq;Qj&A+WmsO)%_n51h49MdjS7Srd)sp|sR42OQ z39Ys5lxQjIZf$Z#Lgi3i9V&BbJ;}O>u!~%I`PI4o8|-hhB8MOx#X{n_ROj7*waCMi zi|!mb>+VH55k3eM6H}U^Jnl_2TN_Pt+@d;zGg*7Y8av_hTN#MM{p%RK5a(kWG#Vh0-X}= zm(*SwHz*ha7FC(+m@b$bd6o=xlK5*}t@PWvbt%ZWzA-9%BYvx^6xkpRxxutKj2ui) z?Mhs3x(r4(r!Ihz%@ovZF2xm?2o+&&?7&JQH{)KKo3sWQ9ONn+ghR@CkTR17UR}hH zl}hxvo})E!jYM|^>{&g?iqej_%Sk9Leg{J}ZGMm;dV|R%4kAm(DUEv!!9i>ljr5|_ z!^VAAywA*wROqX!Ei(6B_(P$%drE){aOLe4NX!~KItOYg!PyHuvHkJw*jf-Gy`w9s zmq1j6-$#-zdAr_jpUC{E!{Lbc`&kFwWCzc_PgPIHUG(DfvVc4dRjRO*vy!UCEIE?N zcT6_ND8P?yneHJ3ReyIZEd0R1A6r*Qv@Mf#Yn~|1mNqq}|1KNfUQI9)Ki`tPSoaA% z$*IgVJ7*F?JX5I6T(0dx8Hc)XwnaY|v%ajmQGhGerU?}sDiII=Sm^_)dQQ^Qy*J@P zC%G!8ONz#PL9-^GJK^m$gS3BKRN#pp{ZB+K=XedADB2}4=Ew%6C~_h&M4-O(6NE^8 z&;D*8#^}rd8U$ZawPrs&{c{`$3iY#Rbh^>px)aOrK|5SCt)Mx-rlV%XU zsj&SZKif0`o9&H8m`h?%g`eQssU=|ADiOxi+IXjyc$6Tv3Af&RB|mm%$V=wqxRf|o zoGW5=v#H=`jLNz*g7*%kpNwll5Utcx(4R{aj!U6&hY1Iq&p+jYUa+c=astk54nZXe zeZD*vBLBX6udGwF#Tm`7{E5*PQNwbCHbao0wA%B>87$6Vx9<3)^=0+87Ql-~N;c-v^du$7E4{ z^Wi8)CP<#bdU{_#wtmn4{!Aw3{C#fB^iA-+3k7S1xJRPscF55_7l){xc66njl)3xO z`}g%9`J=<1HD7*~6%2|b*YV}sc$w!Wasb~khY?fF4_v+q4g8FMt|4OJIgBW7z^1oM zJD9;_Y#(}q+13_upu!e#o}p1>GN?A$5R`fiBfsQCAhFz6oBf6_QAV>P7>NIuPk7Pq zOUyR|WDJs83`i7%1!;eb)_qRWzl=*V(#Nu-TpxdP`FrT)u3iaqqsg|2yC!dRV1=Y< z5O0PCrHO?vwoo~kxTe-QVmIlOH`S`Tl*&<9h@2w5ElLz5w$+Q95>Rrlvgdzk;1uZ2 zIYRcnF6*U~#3m+_&xRMn7_`qXqx@xuh(~$B+wzsq+ED)YH!DwHGO>eKZ!e`Jbk4GH z&L+UqrSLa#t+;-OZ72g$$y^fN6TWkww!8DWW7O}m$Ri0zpA8eBZCmW`cy`b&BnglC}O@vjr`?Z2;T4w zfo3#0chVffe^D@&gJdSJksY0b-#(s-N@`bzW?Ey9no4x8qzF9>F)kLi8DXY!qn$mr z`wr^Itp!U0kzlw70}LAnJn*h@Qw@uDNdBRFO|O`0QWX(}%|aB<>)q%2B-H&MQ8ytR z#%r7?_F9}_#@00_mhzYPt;B}$XuYC3FkgjLykAoFr074lFaX!pa7$NR2!BSr9vIM5 zUmb^^{uAAtGQv<+uUw?Tds3mow|tIinF`kJoq0%| zbegU&bfxDk=x>J%Jr4s8QQ%5w=e!vxVwekkGlk=V}#b;$0y z89O?)A8&R6EW!95O9O>?%JcL48zquIZ(u*em;J78frM1xp_C*SLM;iHQw6(wDkLjN z==rfT1+Lj9H668lVUF2=kHfmrwbn|~6{?P&$r^LpDx-_kR+hH2*Z??j>)mO~Ur>tq zu_gcV3cETZIp%oHvNuJ#?$a_p5-)t;wPAwL_txN?BMZkMzw7B9*joi8WJZ#isCl4t zHu=|Ysv(RJ*;rv`!~%CkP4KuVf%(9^cJOf4LLV~ zdZ9`6-=pyM`x?_V)14b?UX zxs&PK2TbeT%yssw`9L+QUR+?YVzq z^lb_rBP^jVpNw!Qq&AQahvq-No)faUu)EJxb||FQ$*gU@a!2X>Yp%eJI4fRseGTL# zg;_4>z5#0^7|*}izA)pRXHxgH7nbpQtSIoQqLKeik0Ypl%S3?%oOj~eMmu6k_XzJ& zv83xeHt^;3+@5-bfPKZHxaDbwl+6XWU&ywME}7o$U<0o(FNXLd)KBrt`GV2kViCKV-PA!NDx05ey311iL{z? zk9|D-&Y4ycK(46{jr^%$%3@)M>?3P&jZ?yPA_^jL zAHYwbHQvrr@arqikZ%^7_~Rn?aFFI_`gPx4=LfsvU6PW`iu`j!`3G#@?x%9aRrnHF zk`JUH?r=vRCMU>~N2T#_STJEwFT!XVDxSUk*r-`>gt;yjW0XMtr40PrniaeMf=rB! z$Oli8B;{VWx2+=?0m-JNY9YtHx}~DXMWQcNq9AGk?^A;4Q#%;n?Ql_pd!@w9y*3|6 zQA{Gj9EHP*_ug%tDA_2I-ee6eudk&aU>3qlT=v_u&sY4ZUV`_pr0w`7HH06E#*6D5&U2)L@!mu7h)PA@l!ELq+n@O9&zPr$eEI~pZ4pB@3Ui)8dtG%S61^K zvl4~Y2UW6)gg-tL-|2%Z{P9}fG zT6gt*qNUvFh2!^CB&~Fd|BU$hn8MX~KL`K%FABoV8F@i7Z=b}~pI`Zyxq!6zd9M7c z6#V05<+}2483X{{JCJ$Bv0!5DCRc9OB}IUo_v!w3rln+vPZW zp1H&@{bL{{AjqqQ68ark?66|t(BV6GP+mtv4wD&go|aD-*7MqLN;d>e;8yvqdyLQ{ zgg*(4BA#@W-)04(wPrbT^~Rux;%iwd-8)r-h>lR{;{aDtsFpTaYwv%@jUE6{gHT95-OQy+w&g1Q$;CIE40(S=7N3=;1HTB zcqN;mz@Sr;qs(j||7j`g#APhG8m1p|qsqWSsy&Xyd!6D+SO|*RGf@rbiHJ5}D9H z{_T2Z_qqNeN&c)eI{+M3?d$;u%A#k2fSv8<-R%R57@RK1Ja&Q=C$R;~H)$=qUmMg$ z&YsVyC|0`-Up71by{={Be2&1)aF^WolUOwUeohaBeC3<`7s8nk^%6KKA1G=|L5!UAOb>EV$^V^#!Vi4Z|&B#;rDR#bKGKj7yfIsn(|(`c(#l zLeL$e)v8h@$_3Z>L8U>@;;96Zvp5{)Mf+tC74(e_V#?`^h37FT*eG}emewc~YF#__ zue}dmcMfQ{M>5>&1`FOUQmp(aSMPpwsnjxU9hbzO{Hq!gbbhS;V*F|&SuyBD(u5sHf4nQcdwJg83iQ>+g>pu zfpkI}5AJI!h*j-jruQVtS5mPR-VXT9sI-Be_V$eCoa6Rxx%|yS_Q)$%+*^w$$a*xW zUerJST1C7Mn352GPd3eFBiZB z3_9!ZzOEwk2jYUAH3_PS-)uwQ89~3ZeZlC-a*eRm5EKz@Ojt7REE5@xH}k{ahUQ;+ zKY3Md^-xcVn_zj>06SX(=m7x4raG(0U^}~jHL=hrS{0b&y_X&WC}0h1 z#lUv32O%i(VNdVsZpJ#zW6)7_jZdYSEbR7K%)x-yHZWwxh)oPPoS0Cbo|)^_qHCj2 zHE|%ges)OroP%mBOjN0jH@zptig7JWtSJ4jE`kecUZk5@poOeYn;%5EvKJ*s`_v$E zmbe>Qg7awB6w2;1^1=Q+b2ls$+w%G|s7{D$17@3um3*N;oeR3)vagHkv_1{CKlGA1q2yy9Tcz2WtqYy?#p93esk3(jEH}O!sjb zx5`NKB^v)M?(=8bPeS|}z;&4Dr3X0!K`*@f=iuF?xDg+UP@+ws98_)DFwyrNh_qb5~{&&@c zFx61Eg_(X(p@%SCX{0p>sd(6j263NSWU90-1Gpv{ClDSJ6hw)~E`7I{0v;s-Mtx84#iVD-W)M+}k+p5As z8AHg>{?(6EtuXpf-9eu`@Q%tb9D0z2uzLU*i!B}mz`Z-)bqTi7T$|9Cn;-l&al40j zozej6>Z*8y5AzNq`^5oM1XeeF!3z`pP^5I_s(0C-V0>5A@G53QESi+vEq52@7IN7f zzl7+YOMSh&I$J%=*#$a&3BV&Bh8a5N7$`;!{BqOKNVBc%AiFg8Bc_|#SwgX~KzOC) zZLCg{gr)}mlNq(*^5a{-2wa{$w;v%Fn&%@PnC1EFTDHv z@$TZs$ORsxL4=1KbBaTW%E?%U=(%p;*^Nn)j!Am5f;@X2dg6Qd?_{3$51Eh1BYt5d za`L0RO^!!jv+meu?RM$l@FCjsmMM5Z8@TgAT==2}csH_q4c0?~q5C(ct*`J|vIAci z1Ivy!vnVZUmEQTzyuT;bMawFAcOICBMX&EwNspYtqxw)nhjhughX~$dYPE$qi!KRah zEpS)z1_}hBc?AkXg2ZC$ME@%>eM>!1@%vUOQIF!f`MMtOGVf3mjRHQ_>5i>grfyel zozxcU2Z57Jdr_naXd7tMYmB1sUXZYiw5>i7t5Yc}Ua#=kZ#+&o|FcP(o@6&cGNC(m zc?BpkIl?ED29 zY;>P9=pRuRI5YE+zX9@xjwOB$^>D1cKFKp;M?mw%Gl`{DMrBib=P>Kkp`9^KcId`A<;m; z6}n$U)yYJVj-wW)R;+w4d(jv2o9%Nf+#R$`7{9PP$R!q{A&ultOw2uFq4M0hC14jK zDv;5EEiAs^bi9Uv^Iy;zq$T$E%`FX4v_*>A;Pdu3ET0xbF{Z=~*00u+|v6v)o6( zBBMPfg7HL^_x>S5Z=e^!NgslRH8>!Ky~DclX6uW5b`eNF-%sZXxSgR}&aV6F0Fc=} zUwE`dHK6sDxJ?-Cy=xa(dnJP$Q5(=TCE6$g3(W%B>3E>ui%5} z%-O#0|2{eJQRJM?AwjoT0`L=ot#a^Lj?OJVsqh_Uqcq*PPhWA(e@lIzY|~8I>xYIS z6DXq@iuDWV%d9c6;AaMaYRwVTo}pu*(4KCIcq+qQS={fUPOY77vY)OI#T1~|&pA$f z;oaYhcNcqCrZ_%bf|5w+T=`GIjgiU4`3xAAlM&Rjo8DQl)6x6OqzXOiP*o}p0tu9lu3 zOq97!y}URT6THvH*?7(EI$4H`H61b()&^{lg1Au?fhW!2$nG9xrQlUe|LcfOB94ilc{*iV3EBj z`E1{plP)d(-8L!4{B?=`|Li<{CNOU(Gy;&=OeaVNJ7uH!F_w zJ7TN&%Dw_m`(8G!ur6|=Cn-Q#fM$Yz|LE*fNLpcVNkk9nB6j1nKoM0{IOVdV+gpyz!s<53rbH0bm9N=P0Dd%I#ek&)jHXAmAD7$`ILAp zS}%#Uu#ip_gz1&7wX0^*{DXVQ8d0^9HVR*H6N#(kudodJg*cJ@CUtFE+B2@J3-_?m zHVF#Eup6um6xAc>${>6C5_m9%0dv@_@Rqj=?M1?VZ$teQuIUo& zJ7|OaAc3N7?;Q6POHQKwRQ59f1SjI@NnnI~g}5nCp>yj^`b78jh)I*TFa<;LYn3RueZRSP?}|We>PY~^9phrM1lzH_{>c!cw$yH%ui``U)jZu%j6Z~Vk#x5q3EH`f8Pz_Vhh zA(vbCaZM_fOR`|@dSd!-8WLC8d4q06k-tUP4(hYvc3vfk* zR;t~84{8>;RyLMhQU#Dj!Kr{_&ZW_WWC-jlG;+`jii8d5$$qV8*lDZ)T7i>nd{FFM zZUF37w+L|(Vd>cwRQ79n*Duo(!MRH_e5UoPfw*Y$geX)8!8#XT+a7^dg>_og4R-?{2D^|Oq{i%-v{6RHOO|GRu0 zwB(>MK+qII(+2Gwt;h5!j%=99&MEWSGaD}~W2pJ5%GrCA+eZe+KwErfZ%4>N$ zAJ$ZYXB0mRY8-!L&9Zwo3%X|U_!*I&Ca#D~4lSNp$Nqo+dEwnZ3-2xk z9!Tt7CI=Y&3qK?lp3N*{e`O5ym76(;xt{34d{(d>iIUDL$LKX@Rd_lWx1~wvY*yW# zEw-;d7(#nG3{rV;D&ik>>^vqmu+)>3jq5*TikK@1oH*h-NSKUGTKp8JMcLe8xxkv< zWCZ^Sfd3WfQw1HdXyh!jfg2XOD!<-z8VlTw6|95_y4=lr66{YGCQ3>f8FB@H1CPSu z6YaNDMLs1A${_N#ZrO;fTf4z zy=%5hO>D14sQ~~2S`I<}$?EywynhZ7)oH?AL&P$V^r`{^YYTEjnwo&P`$M{kf!P>a zx0Hg0L6pR71zOhW277&t0;itP-Yu*xP;wz^Hn|&jI@QA5ibX7}7>WZXZnmKY`WEil zJ4AJjrv_A|Qm~-QC;^aPWdu;yMD*A?#W0Zz6SU`7Mo_j(8kcxad*(o$9i%q>V&5gj z*S2DoN0I#nY+`pVIkeX~lrNrnM|*stJvETr8Y5RA(#Ztl2oQ1by~yR|plcftRNe%ao)J{px0%^e($0Pf#W1wK=09{tW|E62~? zsM)o6)}^Who02a=O0XEpCqM5q_v`Gb$d2-W9CrI1|DbLXgiHb7dv%8q<`D=u@L(FW z{XM3i7wWDjrVGFcQ-%($Km07|In!wC>q)&xS!vT1Mcb?CNSdfo27#gh!40|v$gM8! zAVexw0s2=vY}x4qAS8>D3?1SHe#a2;>^zNexRwn04oC&meay60erjp=%Nr%2kw}69N?g-vgLRJL@qvms zNkA7Gr>-0ADSjmYnHXj`b0~ZL#MtkJcmE8$yATC}JK76rW=W|>ohJU97L2#1{mQsa zzVMzz&r_HpPwvlzJAJm=jX20h6s>1Bq|XYZJea`A!$y0aeKgH!A!iDPn51JIoRhQ9b+i%DV{)Sys3^OGM9#QL6WSlgj9cww6T+jC9MCSp2 z5`d30uYW!PF1SA&1uD+|yt(^;6PZ=wPI3yuB9og)_|9*dV3wBA0)eY6`&^fV&j#qN zlAD%p?mc&wt}s3IqWMIl2tK)qN|L!<^Kh?te4Qb&{Z)Y+V!IdK{r!0Ne+K|+ Date: Mon, 9 Mar 2020 12:02:04 -0400 Subject: [PATCH 115/714] sysmon registry events fix --- .../windows/sysmon/sysmon_apt_oceanlotus_registry.yml | 10 +++++++++- ...e_security_events_logging_adding_reg_key_minint.yml | 7 +++---- ...ysmon_new_dll_added_to_appcertdlls_registry_key.yml | 7 +++---- ...smon_new_dll_added_to_appinit_dlls_registry_key.yml | 10 ++++++---- .../sysmon/sysmon_registry_persistence_key_linking.yml | 4 +--- .../sysmon/sysmon_susp_reg_persist_explorer_run.yml | 2 +- .../sysmon/sysmon_suspicious_keyboard_layout_load.yml | 2 +- rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml | 3 ++- 8 files changed, 26 insertions(+), 19 deletions(-) diff --git a/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml b/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml index a4af84cf..6b8cfe86 100644 --- a/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml +++ b/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml @@ -15,13 +15,21 @@ detection: selection: EventID: 13 TargetObject: - - '*\SOFTWARE\Classes\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' + - 'HKCR\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' + - 'HKU\\*_Classes\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' + # covers HKU\* and HKLM.. - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\Application' - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\DefaultIcon' - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\Application' - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\DefaultIcon' - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\Application' - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\DefaultIcon' + # HKCU\SOFTWARE\Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\ + - 'HKU\\*_Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\\*' + # HKCU\SOFTWARE\Classes\AppX3bbba44c6cae4d9695755183472171e2\ + - 'HKU\\*_Classes\AppX3bbba44c6cae4d9695755183472171e2\\*' + # HKCU\SOFTWARE\Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\ + - 'HKU\\*_Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\\*' condition: selection falsepositives: - Unknown diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index aee409cd..1b3c4afd 100644 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -16,11 +16,10 @@ logsource: detection: selection: - EventID: 12 # key create - TargetObject|contains: '\SYSTEM\' - TargetObject|endswith: '\Control\MiniNt' + # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' - EventID: 14 # key rename - NewName|contains: '\SYSTEM\' - NewName|endswith: '\Control\MiniNt' + NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml index 62012fad..79202088 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -20,11 +20,10 @@ detection: - EventID: - 12 # key create - 13 # value set - TargetObject|contains: '\SYSTEM\' - TargetObject|endswith: '\Control\Session Manager\AppCertDlls' + # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' - EventID: 14 # key rename - NewName|contains: '\SYSTEM\' - NewName|endswith: '\Control\Session Manager\AppCertDlls' + NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml index cf4805a7..59f53b15 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -19,11 +19,13 @@ detection: - EventID: - 12 # key create - 13 # value set - TargetObject|contains: '\SOFTWARE\' - TargetObject|endswith: '\Windows\AppInit_Dlls' + TargetObject: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - EventID: 14 # key rename - NewName|contains: '\SOFTWARE\' - NewName|endswith: '\Windows\AppInit_Dlls' + NewName: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml index 3ee5decf..65d99b28 100644 --- a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml +++ b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml @@ -16,9 +16,7 @@ logsource: detection: selection: EventID: 12 - TargetObject|startswith: 'HKU\' - TargetObject|contains: '_Classes\CLSID\' - TargetObject|endswith: '\TreatAs' + TargetObject: 'HKU\\*_Classes\CLSID\\*\TreatAs' condition: selection falsepositives: - Maybe some system utilities in rare cases use linking keys for backward compability diff --git a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml b/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml index cc2d5fed..e5786395 100644 --- a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml +++ b/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml @@ -1,7 +1,7 @@ title: Registry Persistence via Explorer Run Key id: b7916c2a-fa2f-4795-9477-32b731f70f11 status: experimental -description: Detects a possible persistence mechanism using RUN key for Windows Explorer and poiting to a suspicious folder +description: Detects a possible persistence mechanism using RUN key for Windows Explorer and pointing to a suspicious folder author: Florian Roth date: 2018/07/18 references: diff --git a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml index a12d8e22..35ffca37 100644 --- a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml +++ b/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml @@ -18,7 +18,7 @@ detection: TargetObject: - '*\Keyboard Layout\Preload\*' - '*\Keyboard Layout\Substitutes\*' - Details: + Details|contains: - 00000429 # Persian (Iran) - 00050429 # Persian (Iran) - 0000042a # Vietnamese diff --git a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml index 180f7b5d..042c1477 100644 --- a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml +++ b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml @@ -12,7 +12,8 @@ logsource: detection: selection: EventID: 13 - TargetObject: 'HKU\\*\Classes\exefile\shell\runas\command\isolatedCommand' + # usrclass.dat is mounted on HKU\USERSID_Classes\... + TargetObject: 'HKU\\*_Classes\exefile\shell\runas\command\isolatedCommand' condition: selection tags: - attack.defense_evasion From 09475382286b05b978a6077daaff947d675f8da6 Mon Sep 17 00:00:00 2001 From: David Szili Date: Mon, 9 Mar 2020 17:12:41 +0100 Subject: [PATCH 116/714] MDATP schema changes WDATP was renamed to MDATP (Microsoft Defendre ATP). MDATP also had schema changes recently: https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914 The updates reflect these changes --- CHANGELOG.md | 2 +- Makefile | 2 +- README.md | 6 ++-- .../win_apt_tropictrooper.yml | 2 +- .../win_apt_unidentified_nov_18.yml | 2 +- tools/sigma/backends/{wdatp.py => mdatp.py} | 28 +++++++++---------- 6 files changed, 21 insertions(+), 21 deletions(-) rename tools/sigma/backends/{wdatp.py => mdatp.py} (92%) diff --git a/CHANGELOG.md b/CHANGELOG.md index d55e3d3d..b072e652 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -89,7 +89,7 @@ from version 0.14.0. ### Added * Index mappings for Sumologic -* Malicious cmdlets in wdatp +* Malicious cmdlets in mdatp * QRadar support for keyword searches * QRadar mapping improvements * QRadar field selection diff --git a/Makefile b/Makefile index 389d7973..46803959 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ test-sigmac: coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logpoint -c tools/config/logpoint-windows.yml rules/ > /dev/null - coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t wdatp rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t mdatp rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala-rule rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ala --backend-config tests/backend_config.yml rules/windows/process_creation/ > /dev/null diff --git a/README.md b/README.md index 6d01612b..e8ad159e 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ merges multiple YAML documents of a Sigma rule collection into simple Sigma rule ``` usage: sigmac [-h] [--recurse] [--filter FILTER] - [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}] + [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp}] [--target-list] [--config CONFIG] [--output OUTPUT] [--backend-option BACKEND_OPTION] [--defer-abort] [--ignore-backend-errors] [--verbose] [--debug] @@ -125,7 +125,7 @@ optional arguments: tag that must appear in the rules tag list, case- insensitive matching. Multiple log source specifications are AND linked. - --target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}, -t {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp} + --target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp}, -t {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp} Output target format --target-list, -l List available output target formats --config CONFIG, -c CONFIG @@ -191,7 +191,7 @@ tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/window * [Kibana](https://www.elastic.co/de/products/kibana) * [Elastic X-Pack Watcher](https://www.elastic.co/guide/en/x-pack/current/xpack-alerting.html) * [Logpoint](https://www.logpoint.com) -* [Windows Defender Advanced Threat Protection (WDATP)](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp) +* [Microsoft Defender Advanced Threat Protection (MDATP)](https://www.microsoft.com/en-us/microsoft-365/windows/microsoft-defender-atp) * [Azure Sentinel / Azure Log Analytics](https://azure.microsoft.com/en-us/services/azure-sentinel/) * [Sumologic](https://www.sumologic.com/) * [ArcSight](https://software.microfocus.com/en-us/products/siem-security-information-event-management/overview) diff --git a/rules/windows/process_creation/win_apt_tropictrooper.yml b/rules/windows/process_creation/win_apt_tropictrooper.yml index 6c0c932d..69697511 100644 --- a/rules/windows/process_creation/win_apt_tropictrooper.yml +++ b/rules/windows/process_creation/win_apt_tropictrooper.yml @@ -1,6 +1,6 @@ title: TropicTrooper Campaign November 2018 id: 8c7090c3-e0a0-4944-bd08-08c3a0cecf79 -author: '@41thexplorer, Windows Defender ATP' +author: '@41thexplorer, Microsoft Defender ATP' status: stable date: 2019/11/12 description: Detects TropicTrooper activity, an actor who targeted high-profile organizations in the energy and food and beverage sectors in Asia diff --git a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml index 57352b80..35df86b9 100644 --- a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml +++ b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml @@ -6,7 +6,7 @@ description: A sigma rule detecting an unidetefied attacker who used phishing em YYTRIUM/APT29 campaign in 2016. references: - https://twitter.com/DrunkBinary/status/1063075530180886529 -author: '@41thexplorer, Windows Defender ATP' +author: '@41thexplorer, Microsoft Defender ATP' date: 2018/11/20 modified: 2018/12/11 tags: diff --git a/tools/sigma/backends/wdatp.py b/tools/sigma/backends/mdatp.py similarity index 92% rename from tools/sigma/backends/wdatp.py rename to tools/sigma/backends/mdatp.py index 92f46331..096ee829 100644 --- a/tools/sigma/backends/wdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -19,8 +19,8 @@ from .base import SingleTextQueryBackend from .exceptions import NotSupportedError class WindowsDefenderATPBackend(SingleTextQueryBackend): - """Converts Sigma rule into Windows Defender ATP Hunting Queries.""" - identifier = "wdatp" + """Converts Sigma rule into Microsoft Defender ATP Hunting Queries.""" + identifier = "mdatp" active = True config_required = False @@ -52,7 +52,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): # (replacement, ): Replaces field occurrence with static string "AccountName" : (self.id_mapping, self.default_value_mapping), "CommandLine" : ("ProcessCommandLine", self.default_value_mapping), - "ComputerName" : (self.id_mapping, self.default_value_mapping), + "DeviceName" : (self.id_mapping, self.default_value_mapping), "DestinationHostname" : ("RemoteUrl", self.default_value_mapping), "DestinationIp" : ("RemoteIP", self.default_value_mapping), "DestinationIsIpv6" : ("RemoteIP has \":\"", ), @@ -137,17 +137,17 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): self.service = None if (self.category, self.product, self.service) == ("process_creation", "windows", None): - self.table = "ProcessCreationEvents" + self.table = "DeviceProcessEvents" elif (self.category, self.product, self.service) == (None, "windows", "powershell"): - self.table = "MiscEvents" + self.table = "DeviceEvents" self.orToken = ", " return super().generate(sigmaparser) def generateBefore(self, parsed): if self.table is None: - raise NotSupportedError("No WDATP table could be determined from Sigma rule") - if self.table == "MiscEvents" and self.service == "powershell": + raise NotSupportedError("No MDATP table could be determined from Sigma rule") + if self.table == "DeviceEvents" and self.service == "powershell": return "%s | where tostring(extractjson('$.Command', AdditionalFields)) in~ " % self.table return "%s | where " % self.table @@ -165,26 +165,26 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): if self.product == "windows": if self.service == "sysmon" and value == 1 \ or self.service == "security" and value == 4688: # Process Execution - self.table = "ProcessCreationEvents" + self.table = "DeviceProcessEvents" return None elif self.service == "sysmon" and value == 3: # Network Connection - self.table = "NetworkCommunicationEvents" + self.table = "DeviceNetworkEvents" return None elif self.service == "sysmon" and value == 7: # Image Load - self.table = "ImageLoadEvents" + self.table = "DeviceImageLoadEvents" return None elif self.service == "sysmon" and value == 8: # Create Remote Thread - self.table = "MiscEvents" + self.table = "DeviceEvents" return "ActionType == \"CreateRemoteThreadApiCall\"" elif self.service == "sysmon" and value == 11: # File Creation - self.table = "FileCreationEvents" + self.table = "DeviceFileEvents" return None elif self.service == "sysmon" and value == 13 \ or self.service == "security" and value == 4657: # Set Registry Value - self.table = "RegistryEvents" + self.table = "DeviceRegistryEvents" return "ActionType == \"RegistryValueSet\"" elif self.service == "security" and value == 4624: - self.table = "LogonEvents" + self.table = "DeviceLogonEvents" return None elif type(value) in (str, int): # default value processing try: From 6845fa21b335cd82c3552e1ed16be4cc2a99b094 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 9 Mar 2020 17:43:16 +0100 Subject: [PATCH 117/714] fix: fixed several issues --- .../win_susp_use_of_csharp_console.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) rename suspicious_use_of_csharp_console.yml => rules/windows/process_creation/win_susp_use_of_csharp_console.yml (70%) diff --git a/suspicious_use_of_csharp_console.yml b/rules/windows/process_creation/win_susp_use_of_csharp_console.yml similarity index 70% rename from suspicious_use_of_csharp_console.yml rename to rules/windows/process_creation/win_susp_use_of_csharp_console.yml index 0bf7988e..906cec3e 100644 --- a/suspicious_use_of_csharp_console.yml +++ b/rules/windows/process_creation/win_susp_use_of_csharp_console.yml @@ -10,18 +10,14 @@ tags: - attack.execution - attack.t1127 logsource: + category: process_creation product: windows - service: sysmon detection: - selection1: - EventID: 1 - Image: - - '*\csi.exe' - ParentImage: - - '*\powershell.exe' - OriginalFileName: - - 'csi.exe' - condition: selection1 + selection: + Image|endswith: '\csi.exe' + ParentImage|endswith: '\powershell.exe' + OriginalFileName: 'csi.exe' + condition: selection falsepositives: - Possible depending on environment. Pair with other factors such as net connections, command-line args, etc. -level: high \ No newline at end of file +level: high From 398e4527ea9fae30cf2a1cfb76e00b2652600a4a Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Wed, 11 Mar 2020 11:29:05 -0400 Subject: [PATCH 118/714] keyword, analyzed field, case insensitivity --- tools/sigma/backends/elasticsearch.py | 168 ++++++++++++++++++++++---- 1 file changed, 145 insertions(+), 23 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 4450f77f..d4b8d2f8 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -35,18 +35,48 @@ class ElasticsearchWildcardHandlingMixin(object): provide configurability with backend parameters. """ options = SingleTextQueryBackend.options + ( - ("keyword_field", "keyword", "Keyword sub-field name", None), - ("keyword_blacklist", None, "Fields that don't have a keyword subfield (wildcards * and ? allowed)", None) + ("keyword_field", "keyword", "Keyword sub-field name (default is: '.keyword'). Set blank value if all keyword fields are the base(top-level) field. Additionally see 'keyword_base_fields' for more granular control of the base & subfield situation.", None), + ("analyzed_sub_field_name", "", "Analyzed sub-field name. By default analyzed field is the base field. Therefore, use this option to make the analyzed field a subfield. An example value would be '.text' ", None), + ("analyzed_sub_fields", None, "Fields that have an analyzed sub-field.", None), + ("keyword_base_fields", None, "Fields that the keyword is base (top-level) field. By default analyzed field is the base field. So use this option to change that logic. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("keyword_whitelist", None, "Fields to always set as keyword. Bypasses case insensitive options. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("keyword_blacklist", None, "Fields to never set as keyword (ie: always set as analyzed field). Bypasses case insensitive options. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("case_insensitive_whitelist", None, "Fields to make the values case insensitive regex. Automatically sets the field as a keyword. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("case_insensitive_blacklist", None, "Fields to exclude from being made into case insensitive regex. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None) ) reContainsWildcard = re.compile("(?:(?.*", value ) + # Escape additional values that are treated as specific "operators" within Elastic. (ie: @, ?, &, <, >, and ~) + # reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html#regexp-optional-operators + value = re.sub( r"(((?])", "\g<1>\\\\\g<4>", value ) + # Validate regex + try: + re.compile(value) + return {'is_regex': True, 'value': value} + # Regex failed + except re.error: + raise TypeError( "Regular expression validation error for: '%s')" %str(value) ) + else: + return { 'is_regex': False, 'value': value } + class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend): """Converts Sigma rule into Elasticsearch query string. Only searches, no aggregations.""" @@ -81,7 +182,6 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single active = True reEscape = re.compile("([\s+\\-=!(){}\\[\\]^\"~:/]|(?]") andToken = " AND " orToken = " OR " notToken = "NOT " @@ -103,6 +203,11 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single return '""' else: if self.matchKeyword: # don't quote search value on keyword field + if self.CaseInSensitiveField: + make_ci = self.makeCaseInSensitiveValue(result) + result = make_ci.get('value') + if make_ci.get('is_regex'): # Determine if still should be a regex + result = "/%s/" % result # Regex place holders for regex return result else: return "\"%s\"" % result @@ -129,6 +234,7 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single newitems.append(item) newnode = NodeSubexpression(nodetype(None, None, *newitems)) self.matchKeyword = True + print('FINDME:figure this out') result = "\\*.keyword:" + super().generateSubexpressionNode(newnode) self.matchKeyword = False # one of the reasons why the converter needs some major overhaul return result @@ -145,6 +251,7 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin ) interval = None title = None + reEscape = re.compile( "([\s+\\-=!(){}\\[\\]^\"~:/]|(?", str(v))) + value_cleaned = make_ci.get('value') + if not make_ci.get( 'is_regex' ): # Determine if still should be a regex + queryType = 'wildcard' + value_cleaned = self.escapeSlashes( self.cleanValue( str( v ) ) ) + else: + queryType = 'wildcard' + value_cleaned = self.escapeSlashes(self.cleanValue(str(v))) else: queryType = 'match_phrase' value_cleaned = self.cleanValue(str(v)) - res['bool']['should'].append({queryType: {key_mapped: value_cleaned}}) return res elif value is None: @@ -229,9 +343,17 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin return { "bool": { "must_not": { "exists": { "field": key_mapped } } } } elif type(value) in (str, int): key_mapped = self.fieldNameMapping(key, value) - if self.matchKeyword: # searches against keyowrd fields are wildcard searches, phrases otherwise - queryType = 'wildcard' - value_cleaned = self.escapeSlashes(self.cleanValue(str(value))) + if self.matchKeyword: # searches against keyword fields are wildcard searches, phrases otherwise + if self.CaseInSensitiveField: + queryType = 'regexp' + make_ci = self.makeCaseInSensitiveValue( self.reEscape.sub( "\\\\\g<1>", str( value ) ) ) + value_cleaned = make_ci.get( 'value' ) + if not make_ci.get( 'is_regex' ): # Determine if still should be a regex + queryType = 'wildcard' + value_cleaned = self.escapeSlashes( self.cleanValue( str( value ) ) ) + else: + queryType = 'wildcard' + value_cleaned = self.escapeSlashes(self.cleanValue(str(value))) else: queryType = 'match_phrase' value_cleaned = self.cleanValue(str(value)) From 55bf39a2aca5b6b697fa1a05d63925fe5489c898 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Wed, 11 Mar 2020 11:29:05 -0400 Subject: [PATCH 119/714] keyword, analyzed field, case insensitivity --- tools/sigma/backends/elasticsearch.py | 167 ++++++++++++++++++++++---- 1 file changed, 144 insertions(+), 23 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 4450f77f..6f355706 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -35,18 +35,48 @@ class ElasticsearchWildcardHandlingMixin(object): provide configurability with backend parameters. """ options = SingleTextQueryBackend.options + ( - ("keyword_field", "keyword", "Keyword sub-field name", None), - ("keyword_blacklist", None, "Fields that don't have a keyword subfield (wildcards * and ? allowed)", None) + ("keyword_field", "keyword", "Keyword sub-field name (default is: '.keyword'). Set blank value if all keyword fields are the base(top-level) field. Additionally see 'keyword_base_fields' for more granular control of the base & subfield situation.", None), + ("analyzed_sub_field_name", "", "Analyzed sub-field name. By default analyzed field is the base field. Therefore, use this option to make the analyzed field a subfield. An example value would be '.text' ", None), + ("analyzed_sub_fields", None, "Fields that have an analyzed sub-field.", None), + ("keyword_base_fields", None, "Fields that the keyword is base (top-level) field. By default analyzed field is the base field. So use this option to change that logic. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("keyword_whitelist", None, "Fields to always set as keyword. Bypasses case insensitive options. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("keyword_blacklist", None, "Fields to never set as keyword (ie: always set as analyzed field). Bypasses case insensitive options. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("case_insensitive_whitelist", None, "Fields to make the values case insensitive regex. Automatically sets the field as a keyword. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None), + ("case_insensitive_blacklist", None, "Fields to exclude from being made into case insensitive regex. Valid options are: list of fields, single field. Also, wildcards * and ? allowed.", None) ) reContainsWildcard = re.compile("(?:(?.*", value ) + # Escape additional values that are treated as specific "operators" within Elastic. (ie: @, ?, &, <, >, and ~) + # reference: https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html#regexp-optional-operators + value = re.sub( r"(((?])", "\g<1>\\\\\g<4>", value ) + # Validate regex + try: + re.compile(value) + return {'is_regex': True, 'value': value} + # Regex failed + except re.error: + raise TypeError( "Regular expression validation error for: '%s')" %str(value) ) + else: + return { 'is_regex': False, 'value': value } + class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend): """Converts Sigma rule into Elasticsearch query string. Only searches, no aggregations.""" @@ -81,7 +182,6 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single active = True reEscape = re.compile("([\s+\\-=!(){}\\[\\]^\"~:/]|(?]") andToken = " AND " orToken = " OR " notToken = "NOT " @@ -103,6 +203,11 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single return '""' else: if self.matchKeyword: # don't quote search value on keyword field + if self.CaseInSensitiveField: + make_ci = self.makeCaseInSensitiveValue(result) + result = make_ci.get('value') + if make_ci.get('is_regex'): # Determine if still should be a regex + result = "/%s/" % result # Regex place holders for regex return result else: return "\"%s\"" % result @@ -145,6 +250,7 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin ) interval = None title = None + reEscape = re.compile( "([\s+\\-=!(){}\\[\\]^\"~:/]|(?", str(v))) + value_cleaned = make_ci.get('value') + if not make_ci.get( 'is_regex' ): # Determine if still should be a regex + queryType = 'wildcard' + value_cleaned = self.escapeSlashes( self.cleanValue( str( v ) ) ) + else: + queryType = 'wildcard' + value_cleaned = self.escapeSlashes(self.cleanValue(str(v))) else: queryType = 'match_phrase' value_cleaned = self.cleanValue(str(v)) - res['bool']['should'].append({queryType: {key_mapped: value_cleaned}}) return res elif value is None: @@ -229,9 +342,17 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin return { "bool": { "must_not": { "exists": { "field": key_mapped } } } } elif type(value) in (str, int): key_mapped = self.fieldNameMapping(key, value) - if self.matchKeyword: # searches against keyowrd fields are wildcard searches, phrases otherwise - queryType = 'wildcard' - value_cleaned = self.escapeSlashes(self.cleanValue(str(value))) + if self.matchKeyword: # searches against keyword fields are wildcard searches, phrases otherwise + if self.CaseInSensitiveField: + queryType = 'regexp' + make_ci = self.makeCaseInSensitiveValue( self.reEscape.sub( "\\\\\g<1>", str( value ) ) ) + value_cleaned = make_ci.get( 'value' ) + if not make_ci.get( 'is_regex' ): # Determine if still should be a regex + queryType = 'wildcard' + value_cleaned = self.escapeSlashes( self.cleanValue( str( value ) ) ) + else: + queryType = 'wildcard' + value_cleaned = self.escapeSlashes(self.cleanValue(str(value))) else: queryType = 'match_phrase' value_cleaned = self.cleanValue(str(value)) From 58ac26e5315eec58528e6cb088c174b0b655ec67 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 14:57:38 -0400 Subject: [PATCH 120/714] more ECS to sigmac taxonomy for web/proxy --- tools/config/ecs-proxy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml index f569ab47..6663a268 100644 --- a/tools/config/ecs-proxy.yml +++ b/tools/config/ecs-proxy.yml @@ -18,8 +18,12 @@ fieldmappings: c-uri-query: url.query c-uri-stem: url.original c-useragent: user_agent.original + cs-bytes: http.request.body.bytes cs-cookie: http.cookie cs-host: url.domain cs-method: http.request.method + cs-referrer: http.request.referrer + cs-version: http.version r-dns: url.domain sc-status: http.response.status_code + sc-bytes: http.response.body.bytes From d212d43acf944793c92f0427346589e5f0394637 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 14:58:25 -0400 Subject: [PATCH 121/714] spelling --- rules/web/web_cve_2018_2894_weblogic_exploit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_cve_2018_2894_weblogic_exploit.yml b/rules/web/web_cve_2018_2894_weblogic_exploit.yml index 4a2d6467..cad3f297 100644 --- a/rules/web/web_cve_2018_2894_weblogic_exploit.yml +++ b/rules/web/web_cve_2018_2894_weblogic_exploit.yml @@ -1,6 +1,6 @@ title: Oracle WebLogic Exploit id: 37e8369b-43bb-4bf8-83b6-6dd43bda2000 -description: Detects access to a webshell droped into a keytore folder on the WebLogic server +description: Detects access to a webshell dropped into a keystore folder on the WebLogic server author: Florian Roth date: 2018/07/22 status: experimental From 4b572f3ccbfb4f2ecc18dd87a3bc2ed34c943e6f Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 14:58:58 -0400 Subject: [PATCH 122/714] newline in description - typo --- rules/windows/builtin/win_rare_schtasks_creations.yml | 3 +-- rules/windows/builtin/win_rare_service_installs.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/rules/windows/builtin/win_rare_schtasks_creations.yml b/rules/windows/builtin/win_rare_schtasks_creations.yml index 669c5373..bbd45c50 100644 --- a/rules/windows/builtin/win_rare_schtasks_creations.yml +++ b/rules/windows/builtin/win_rare_schtasks_creations.yml @@ -1,7 +1,6 @@ title: Rare Schtasks Creations id: b0d77106-7bb0-41fe-bd94-d1752164d066 -description: Detects rare scheduled tasks creations that only appear a few times per time frame and could reveal password dumpers, backdoor installs or other types - of malicious code +description: Detects rare scheduled tasks creations that only appear a few times per time frame and could reveal password dumpers, backdoor installs or other types of malicious code status: experimental author: Florian Roth date: 2017/03/23 diff --git a/rules/windows/builtin/win_rare_service_installs.yml b/rules/windows/builtin/win_rare_service_installs.yml index c6469c4a..acd55cb6 100644 --- a/rules/windows/builtin/win_rare_service_installs.yml +++ b/rules/windows/builtin/win_rare_service_installs.yml @@ -1,7 +1,6 @@ title: Rare Service Installs id: 66bfef30-22a5-4fcd-ad44-8d81e60922ae -description: Detects rare service installs that only appear a few times per time frame and could reveal password dumpers, backdoor installs or other types of malicious - services +description: Detects rare service installs that only appear a few times per time frame and could reveal password dumpers, backdoor installs or other types of malicious services status: experimental author: Florian Roth date: 2017/03/08 From 4c94906d5320fac44ed21c3eedc0a056bc5efa06 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 15:00:42 -0400 Subject: [PATCH 123/714] rule should be wildcard AND had a prepended `^` in one of the CommandLine conditions that would have caused to not trigger --- rules/windows/process_creation/win_susp_cli_escape.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_susp_cli_escape.yml b/rules/windows/process_creation/win_susp_cli_escape.yml index c40ebfd7..019d2fcf 100644 --- a/rules/windows/process_creation/win_susp_cli_escape.yml +++ b/rules/windows/process_creation/win_susp_cli_escape.yml @@ -10,6 +10,7 @@ references: - http://www.windowsinspired.com/understanding-the-command-line-string-and-arguments-received-by-a-windows-program/ author: juju4 date: 2018/12/11 +modified: 2020/03/14 tags: - attack.defense_evasion - attack.t1140 @@ -20,8 +21,8 @@ detection: selection: CommandLine: # - # no TAB modifier in sigmac yet, so this matches (or TAB in elasticsearch backends without DSL queries) - - ^h^t^t^p - - h"t"t"p + - '*h^t^t^p*' + - '*h"t"t"p*' condition: selection falsepositives: - False positives depend on scripts and administrative tools used in the monitored environment From 4cd99e71bf71c9dfd9d2cd3545602a7abdc88942 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 15:02:06 -0400 Subject: [PATCH 124/714] use the taxonomy which states to use `c-uri` instead of `c-uri-path` --- rules/web/web_citrix_cve_2019_19781_exploit.yml | 4 ++-- rules/web/web_cve_2018_2894_weblogic_exploit.yml | 3 ++- rules/web/web_pulsesecure_cve-2019-11510.yml | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/rules/web/web_citrix_cve_2019_19781_exploit.yml b/rules/web/web_citrix_cve_2019_19781_exploit.yml index 8f4cc5d0..0c814d10 100644 --- a/rules/web/web_citrix_cve_2019_19781_exploit.yml +++ b/rules/web/web_citrix_cve_2019_19781_exploit.yml @@ -10,13 +10,13 @@ references: author: Arnim Rupp, Florian Roth status: experimental date: 2020/01/02 -modified: 2020/01/15 +modified: 2020/03/14 logsource: category: webserver description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt). The directory traversal with ../ might not be needed on certain cloud instances or for authenticated users, so we also check for direct paths. All scripts in portal/scripts are exploitable except logout.pl.' detection: selection: - c-uri-path: + c-uri: - '*/../vpns/*' - '*/vpns/cfg/smb.conf' - '*/vpns/portal/scripts/*.pl*' diff --git a/rules/web/web_cve_2018_2894_weblogic_exploit.yml b/rules/web/web_cve_2018_2894_weblogic_exploit.yml index cad3f297..5bc8b193 100644 --- a/rules/web/web_cve_2018_2894_weblogic_exploit.yml +++ b/rules/web/web_cve_2018_2894_weblogic_exploit.yml @@ -3,6 +3,7 @@ id: 37e8369b-43bb-4bf8-83b6-6dd43bda2000 description: Detects access to a webshell dropped into a keystore folder on the WebLogic server author: Florian Roth date: 2018/07/22 +modified: 2020/03/14 status: experimental references: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2894 @@ -12,7 +13,7 @@ logsource: category: webserver detection: selection: - c-uri-path: + c-uri: - '*/config/keystore/*.js*' condition: selection fields: diff --git a/rules/web/web_pulsesecure_cve-2019-11510.yml b/rules/web/web_pulsesecure_cve-2019-11510.yml index b0124716..ac507361 100644 --- a/rules/web/web_pulsesecure_cve-2019-11510.yml +++ b/rules/web/web_pulsesecure_cve-2019-11510.yml @@ -5,11 +5,12 @@ references: - https://www.exploit-db.com/exploits/47297 author: Florian Roth date: 2019/11/18 +modified: 2020/03/14 logsource: category: webserver detection: selection: - c-uri-path: '*?/dana/html5acc/guacamole/*' + c-uri: '*?/dana/html5acc/guacamole/*' condition: selection fields: - client_ip From b575df8cd7d0f9adc92aa682a5a476fca9a6d35f Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 14 Mar 2020 15:02:33 -0400 Subject: [PATCH 125/714] use the taxonomy for http response which is `sc-status` --- rules/web/web_multiple_suspicious_resp_codes_single_source.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/web/web_multiple_suspicious_resp_codes_single_source.yml b/rules/web/web_multiple_suspicious_resp_codes_single_source.yml index ea48353b..e6c7a474 100644 --- a/rules/web/web_multiple_suspicious_resp_codes_single_source.yml +++ b/rules/web/web_multiple_suspicious_resp_codes_single_source.yml @@ -3,11 +3,12 @@ id: 6fdfc796-06b3-46e8-af08-58f3505318af description: Detects possible exploitation activity or bugs in a web application author: Thomas Patzke date: 2017/02/19 +modified: 2020/03/14 logsource: category: webserver detection: selection: - response: + sc-status: - 400 - 401 - 403 From f0c83ae3b4df18bb280ffe78b38359342592ba81 Mon Sep 17 00:00:00 2001 From: j91321 Date: Sun, 15 Mar 2020 13:03:20 +0100 Subject: [PATCH 126/714] Added es-rule backend options --- tools/sigma/backends/elasticsearch.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 4450f77f..8c86fc5d 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -997,6 +997,10 @@ class ElastalertBackendQs(ElastalertBackend, ElasticsearchQuerystringBackend): class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): identifier = "es-rule" active = True + options = ElasticsearchQuerystringBackend.options + ( + ("index_patterns", "apm-*-transaction,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*", "Rule execution index patterns", "index_patterns"), + ("execution_interval", "5m", "Rule execution interval", "interval"), + ) def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) @@ -1106,15 +1110,8 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): "filters": [], "from": "now-360s", "immutable": False, - "index": [ - "apm-*-transaction*", - "auditbeat-*", - "endgame-*", - "filebeat-*", - "packetbeat-*", - "winlogbeat-*" - ], - "interval": "5m", + "index": self.index_patterns.split(','), + "interval": self.interval, "rule_id": rule_id, "language": "lucene", "output_index": ".siem-signals-default", From 4fb42ffaf7ec0d70cd33f24e60b5fedcdbd10e22 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 17 Mar 2020 20:38:42 +0100 Subject: [PATCH 127/714] docs: changed wording in license --- LICENSE.Detection.Rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.Detection.Rules.md b/LICENSE.Detection.Rules.md index 9e98b776..2b801890 100644 --- a/LICENSE.Detection.Rules.md +++ b/LICENSE.Detection.Rules.md @@ -8,6 +8,6 @@ If you share the Rules (including in modified form), you must retain the followi 2. a URI or hyperlink to the Rule set or explicit Rule to the extent reasonably practicable -3. indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License +3. indicate the Rules are licensed under this Detection Rule License, and include the text of, or the URI or hyperlink to, this Detection Rule License to the extent reasonably practicable THE RULES ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE RULES OR THE USE OR OTHER DEALINGS IN THE RULES. \ No newline at end of file From 8454f60a8ecbc5e177ec5c7187994725afbbb11e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 17 Mar 2020 20:40:28 +0100 Subject: [PATCH 128/714] fix: reduced level due to false positives --- .../process_creation/win_remote_powershell_session_process.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_remote_powershell_session_process.yml b/rules/windows/process_creation/win_remote_powershell_session_process.yml index 26a604ed..cdd0ce0d 100644 --- a/rules/windows/process_creation/win_remote_powershell_session_process.yml +++ b/rules/windows/process_creation/win_remote_powershell_session_process.yml @@ -24,4 +24,4 @@ fields: - CommandLine falsepositives: - Legitimate usage of remote Powershell, e.g. for monitoring purposes -level: high +level: medium From 1df5620a1450bfe6a13788255dcd273c37bbed3d Mon Sep 17 00:00:00 2001 From: vunx2 Date: Wed, 18 Mar 2020 16:02:44 +0700 Subject: [PATCH 129/714] fix cleanValue + leading wildcard + EventID Intergration --- tools/sigma/backends/my_carbonblack.py | 221 +++++++++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100644 tools/sigma/backends/my_carbonblack.py diff --git a/tools/sigma/backends/my_carbonblack.py b/tools/sigma/backends/my_carbonblack.py new file mode 100644 index 00000000..494b456e --- /dev/null +++ b/tools/sigma/backends/my_carbonblack.py @@ -0,0 +1,221 @@ +import re +# from netaddr import * +import sigma +from .base import SingleTextQueryBackend +from .mixins import MultiRuleOutputMixin +from sigma.parser.modifiers.base import SigmaTypeModifier +import requests +# import argparse +import urllib3 +import json +from .. eventdict import event +urllib3.disable_warnings() +import os, ssl +if (not os.environ.get('PYTHONHTTPSVERIFY', '') and + getattr(ssl, '_create_unverified_context', None)): + ssl._create_default_https_context = ssl._create_unverified_context +ssl._create_default_https_context = ssl._create_unverified_context +# parser = argparse.ArgumentParser() +# parser.add_argument("--eshost", help="Elasticsearch host", type=str, required=True) +# parser.add_argument("--esport", help="Elasticsearch port", type=str, required=True) +# parser.add_argument("--ruledir", help="sigma rule directory path to convert", type=str, required=True) +# parser.add_argument("--index", help="Elasticsearch index name egs: \"winlogbeat-*\"", type=str, required=True) +# parser.add_argument("--email", help="email address to send mail alert", type=str, required=True) +# parser.add_argument("--outdir", help="output directory to create elastalert rules", type=str, required=True) +# parser.add_argument("--sigmac", help="Sigmac location", default="../tools/sigmac", type=str) +# parser.add_argument("--realerttime", help="Realert time (optional value, default 5 minutes)", type=str, default=5) +# parser.add_argument("--debug", help="Show debug output", type=bool, default=False) +# args = parser.parse_args() +class CarbonBlackBackend(SingleTextQueryBackend): + """Converts Sigma rule into Carbon Black Query Language (SPL).""" + identifier = "my_carbonblack" + active = True + index_field = "index" + + # \ -> \\ + # \* -> \* + # \\* -> \\* + reEscape = re.compile('("|(? Date: Wed, 18 Mar 2020 16:49:44 +0700 Subject: [PATCH 130/714] clean IP subnet --- tools/config/carbon-black.yml | 28 ++- tools/sigma/backends/carbonblack.py | 368 +++++++++++++--------------- tools/sigmac | 3 +- 3 files changed, 204 insertions(+), 195 deletions(-) diff --git a/tools/config/carbon-black.yml b/tools/config/carbon-black.yml index 6b034c6e..fbc71ee4 100644 --- a/tools/config/carbon-black.yml +++ b/tools/config/carbon-black.yml @@ -2,6 +2,7 @@ title: CarbonBlack field mapping order: 20 backends: - carbonblack + - cb fieldmappings: AccountName: username CommandLine: cmdline @@ -15,14 +16,34 @@ fieldmappings: Image: process_name ImageLoaded: modload ImagePath: path - NewProcessName: process_name + #NewProcessName: process_name #ParentCommandLine: NONE?? ParentProcessName: parent_name ParentImage: parent_name Path: path ProcessCommandLine: cmdline ProcessName: process_name - Signature: digsig_result + #Signature: digsig_result + SourceIp: ipaddr + DestinationAddress: ipaddr + DestinationPort: ipport + DestPort: ipport + TargetObject: regmod + TargetFilename: filemod + TargetFileName: filemod + Targetfilename: filemod + SourceImage: parent_name + TargetImage: childproc_name + NewProcessName: childproc_name + Product: product_name + Signature: digsig_publisher + CallTrace: modload + DestinationHostname: domain + User: username + StartModule: modload + Company: company_name + Description: file_desc + FileVersion: file_version @@ -72,3 +93,6 @@ fieldmappings: excludedfields: - EventID - Robot2 + - TargetObject + - CallTrace + - Imphash diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index a0a27e4c..ea376a69 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -1,201 +1,166 @@ -# Output backends for sigmac -# Copyright 2016-2018 Thomas Patzke, Florian Roth, Roey - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. - -# You should have received a copy of the GNU Lesser General Public License -# along with this program. If not, see . - import re -# from netaddr import * -import sigma -from .base import SingleTextQueryBackend -from .mixins import MultiRuleOutputMixin -from sigma.parser.modifiers.base import SigmaTypeModifier import requests -# import argparse -import urllib3 import json +import os from .. eventdict import event -urllib3.disable_warnings() -import os, ssl -if (not os.environ.get('PYTHONHTTPSVERIFY', '') and - getattr(ssl, '_create_unverified_context', None)): - ssl._create_default_https_context = ssl._create_unverified_context -ssl._create_default_https_context = ssl._create_unverified_context -# parser = argparse.ArgumentParser() -# parser.add_argument("--eshost", help="Elasticsearch host", type=str, required=True) -# parser.add_argument("--esport", help="Elasticsearch port", type=str, required=True) -# parser.add_argument("--ruledir", help="sigma rule directory path to convert", type=str, required=True) -# parser.add_argument("--index", help="Elasticsearch index name egs: \"winlogbeat-*\"", type=str, required=True) -# parser.add_argument("--email", help="email address to send mail alert", type=str, required=True) -# parser.add_argument("--outdir", help="output directory to create elastalert rules", type=str, required=True) -# parser.add_argument("--sigmac", help="Sigmac location", default="../tools/sigmac", type=str) -# parser.add_argument("--realerttime", help="Realert time (optional value, default 5 minutes)", type=str, default=5) -# parser.add_argument("--debug", help="Show debug output", type=bool, default=False) -# args = parser.parse_args() -class CarbonBlackBackend(SingleTextQueryBackend): - """Converts Sigma rule into Carbon Black Query Language (SPL).""" +from fnmatch import fnmatch + +from sigma.backends.base import SingleTextQueryBackend +from sigma.backends.exceptions import NotSupportedError +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier +from sigma.parser.condition import ConditionOR, ConditionAND, NodeSubexpression + +from sigma.parser.modifiers.base import SigmaTypeModifier + + +class CarbonBlackWildcardHandlingMixin: + """ + Determine field mapping to keyword subfields depending on existence of wildcards in search values. Further, + provide configurability with backend parameters. + """ + # options = SingleTextQueryBackend.options + ( + # ("keyword_field", None, "Keyword sub-field name", None), + # ("keyword_blacklist", None, "Fields that don't have a keyword subfield (wildcards * and ? allowed)", None) + # ) + reContainsWildcard = re.compile("(?:(? \\ - # \* -> \* - # \\* -> \\* - reEscape = re.compile('("|(?]") + andToken = " AND " orToken = " OR " - notToken = "-" + notToken = " -" subExpression = "(%s)" listExpression = "%s" - listSeparator = " " - valueExpression = "%s" - nullExpression = "- %s=\"*\"" - notNullExpression = "%s=\"*\"" + listSeparator = " OR " + valueExpression = '%s' + typedValueExpression = { + SigmaRegularExpressionModifier: "/%s/" + } + nullExpression = "NOT _exists_:%s" + notNullExpression = "_exists_:%s" mapExpression = "%s:%s" - mapListsSpecialHandling = True - mapListValueExpression = "%s IN %s" + mapListsSpecialHandling = False - def generateMapItemListNode(self, key, value): - if(key == "EventID"): - return ("( OR ".join(['%s:%s )' % (self.generateEventKey(item), self.generateEventValue(item)) for item in value if self.generateEventKey(item)!= ''])) + def __init__(self, *args, **kwargs): + """Initialize field mappings.""" + super().__init__(*args, **kwargs) + self.category = None + self.excluded_fields = None - elif not set([type(val) for val in value]).issubset({str, int}): - raise TypeError("List values must be strings or numbers") - return "(" + (" OR ".join(['%s:%s' % (key, self.generateValueNode(item)) for item in value])) + ")" + + def cleanValue(self, val): + if("[1 to *]" in val): + self.reEscape = re.compile("([()])") + else: + self.reEscape = re.compile("([\s\s+()])") + val = val.strip() + val = super().cleanValue(val) + if isinstance(val, str): + if val.startswith("*"): + val = val.replace("*", "",1) + if val.startswith("\\"): + val = val.replace("\\", "", 1) + if val.startswith("*\\"): + val = val.replace("*\\", "*") + if val.startswith("*/"): + val = val.replace("*/", "*") + if val.startswith("*"): + val = val.replace("*", "") + if val.endswith("\\*"): + val = val.replace("\\*", "*") + if val.endswith("/*"): + val = val.replace("/*", "*") + val = val.strip() + return val + + def cleanIPRange(self,value): + new_value = value + if type(new_value) is str and value.find('*') : + sub = value.count('.') + if(value[-2:] == '.*'): + value = value[:-2] + min_ip = value + '.0' * (4 - sub) + new_value = min_ip + '/' + str(8 * (4 - sub)) + elif type(new_value) is list: + for index, vl in enumerate(new_value): + new_value[index] = self.cleanIPRange(vl) + + return new_value + + def generateValueNode(self, node): + result = self.valueExpression % (str(node)) + if result == "" or result.isspace(): + return '""' + else: + if self.matchKeyword: # don't quote search value on keyword field + return result + else: + return "%s" % result def generateMapItemNode(self, node): fieldname, value = node - if(fieldname == "path"): - value = self.cleanValuePath(value) - else: - value = self.cleanValue(value) - print(str(value)) if(fieldname == "EventID" and (type(value) is str or type(value) is int )): fieldname = self.generateEventKey(value) value = self.generateEventValue(value) - transformed_fieldname = self.fieldNameMapping(fieldname, value) - if(transformed_fieldname == "ipaddr"): - value = self.cleanIPRange(value) - if(transformed_fieldname == ''): - return '' - if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): - return self.mapExpression % (transformed_fieldname, self.generateNode(value)) - elif type(value) == list: - return self.generateMapItemListNode(transformed_fieldname, value) - elif isinstance(value, SigmaTypeModifier): - return self.generateMapItemTypedNode(transformed_fieldname, value) - elif value is None: - return self.nullExpression % (transformed_fieldname, ) + if fieldname.lower() in self.excluded_fields: + return else: - raise TypeError("Backend does not support map values of type " + str(type(value))) + transformed_fieldname = self.fieldNameMapping(fieldname, value) + if(transformed_fieldname == "ipaddr"): + print("OK") + value = self.cleanIPRange(value) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + #return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + if isinstance(value, list): + return self.generateNode([self.mapExpression % (transformed_fieldname, self.cleanValue(item)) for item in value]) + elif isinstance(value, str) or isinstance(value, int): + return self.mapExpression % (transformed_fieldname, self.generateNode(self.cleanValue(value))) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(transformed_fieldname, value) + elif value is None: + return self.nullExpression % (transformed_fieldname,) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) - - def generateAggregation(self, agg): - if agg == None: - return "" - if agg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_NEAR: - raise NotImplementedError("The 'near' aggregation operator is not yet implemented for this backend") - if agg.groupfield == None: - if agg.aggfunc_notrans == 'count': - if agg.aggfield == None : - return " | eventstats count as val | search val %s %s" % (agg.cond_op, agg.condition) - else: - agg.aggfunc_notrans = 'dc' - return " | eventstats %s(%s) as val | search val %s %s" % (agg.aggfunc_notrans, agg.aggfield or "", agg.cond_op, agg.condition) - else: - if agg.aggfunc_notrans == 'count': - if agg.aggfield == None : - return " | eventstats count as val by %s| search val %s %s" % (agg.groupfield, agg.cond_op, agg.condition) - else: - agg.aggfunc_notrans = 'dc' - return " | eventstats %s(%s) as val by %s | search val %s %s" % (agg.aggfunc_notrans, agg.aggfield or "", agg.groupfield or "", agg.cond_op, agg.condition) - - def cleanValue(self, value): - new_value = value - if type(new_value) is str: - if (new_value[:2] in ("*\/","*\\")): - new_value = new_value[2:] - if (new_value[:1] == '*'): - new_value = new_value.replace("*", "", 1) - if ( " to " not in new_value): - new_value = new_value.replace("* ", "*") - new_value = new_value.replace(" *", "*") - new_value = new_value.replace('"', '\"') - # need tuning - if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and " to " not in new_value): - if (new_value[0] != '"' and new_value[-1] != '"'): - new_value = '"' + new_value +'"' - new_value = new_value.replace("(", "\(") - new_value = new_value.replace(")", "\)") - if ('"' not in new_value): - new_value = new_value.replace(" ", "\ ") - new_value = new_value.strip() - if type(new_value) is list: - for index, vl in enumerate(new_value): - new_value[index] = self.cleanValue(vl) - return new_value - - def cleanValuePath(self, value): - new_value = value - if type(new_value) is str: - # double backslash convention - if (new_value[:2] in ("*\/","*\\")): - new_value = new_value[2:] - if (new_value[:1] == '*'): - new_value = new_value.replace("*", "", 1) - # need tuning - if("*" in new_value and " " in new_value): - new_value=re.escape(new_value) - new_value = new_value.strip() - if type(new_value) is list: - for index, vl in enumerate(new_value): - new_value[index] = self.cleanValue(vl) - return new_value - - def generateEventKey(self, value): - if (value in event): - return event[value][0] - else: - return '' - - def generateEventValue(self, value): - if (value in event): - return event[value][1] - else: - return '' - - def cleanIPRange(self,value): - if('*' not in value): - return value - new_value = value - if type(new_value) is str and value.find('*') : - sub = value.count('.') - if(value[-2:] == '.*'): - value = value[:-2] - min_ip = value + '.0' * (4 - sub) - max_ip = value + '.255' * (4 - sub) - new_value = '['+ min_ip + ' to ' + max_ip + ']' - # ip = IPNetwork(value + '/' + str(sub)) - # min_ip = str(ip[0]) - # max_ip = str(ip[-1]) - if type(new_value) is list: - for index, vl in enumerate(new_value): - new_value[index] = self.cleanIPRange(vl) - return new_value + def generateNOTNode(self, node): + expression = super().generateNode(node.item) + if expression: + return "(%s%s)" % (self.notToken, expression) + # def generateNOTNode(self, node): + # generated = self.generateNode(node.item) + # if generated is not None: + # return self.notToken + generated + # else: + # return None def postAPI(self,result,title,desc): - url = 'https://10.14.132.35//api/v1/watchlist' + url = os.getenv("cbapi_watchlist") body = { "name":title, "search_query":"q="+str(result), @@ -203,34 +168,55 @@ class CarbonBlackBackend(SingleTextQueryBackend): "index_type":"events" } header = { - "X-Auth-Token": "099c366b1e56c0bca3ae61ce1fb7435af7a5926c" + "X-Auth-Token": os.getenv("APIToken") } print(title) x = requests.post(url, data =json.dumps(body), headers = header, verify=False) print(x.text) + def generateEventKey(self, value): + if (value in event): + return event[value][0] + else: + return 'eventid' + + def generateEventValue(self, value): + if (value in event): + return event[value][1] + else: + return '' + def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" - columns = list() title = sigmaparser.parsedyaml["title"] desc = sigmaparser.parsedyaml["description"] + # print(title) + # print("\n") + try: + self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) + self.counted = sigmaparser.parsedyaml.get('counted', None) + self.excluded_fields = [item.lower() for item in sigmaparser.config.config.get("excludedfields", [])] + except KeyError: + self.category = None for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) - before = self.generateBefore(parsed) - after = self.generateAfter(parsed) - result = "" - # print(query.replace("\\\\","\\")) - if before is not None: - result = before + if query is not None: result += query - if after is not None: - result += after - # if mapped is not None: - # result += fields - # self.postAPI(result,title,desc) - # print (title) - print (str(result)) - return result \ No newline at end of file + # val = "vsss admin shadow" + # escapeSubst = "\\\\\g<1>" + # print(self.reEscape.sub(escapeSubst, val)) + self.postAPI(result,title,desc) + return result + # if self.category == "process_creation": + # for parsed in sigmaparser.condparsed: + # query = self.generateQuery(parsed) + # result = "" + + # if query is not None: + # result += query + # return result + # else: + # raise NotSupportedError("Not supported logsource category.") diff --git a/tools/sigmac b/tools/sigmac index 62401e75..c0246862 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -108,7 +108,7 @@ def set_argparser(): argparser.add_argument("--backend-config", "-C", help="Configuration file (YAML format) containing options to pass to the backend") argparser.add_argument("--defer-abort", "-d", action="store_true", help="Don't abort on parse or conversion errors, proceed with next rule. The exit code from the last error is returned") argparser.add_argument("--ignore-backend-errors", "-I", action="store_true", help="Only return error codes for parse errors and ignore errors for rules that cause backend errors. Useful, when you want to get as much queries as possible.") - argparser.add_argument("--shoot-yourself-in-the-foot", action="store_true", help=argparse.SUPPRESS) + argparser.add_argument("--shoot-yourshootself-in-the-foot", action="store_true", help=argparse.SUPPRESS) argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose") argparser.add_argument("--debug", "-D", action="store_true", help="Debugging output") argparser.add_argument("inputs", nargs="*", help="Sigma input files ('-' for stdin)") @@ -235,7 +235,6 @@ for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) results = parser.generate(backend) - for result in results: print(result, file=out) From 17318b48bfab2410f14eca496e4262d8360e89b4 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Wed, 18 Mar 2020 08:50:37 -0400 Subject: [PATCH 131/714] - fix agg_option keyword - remove (now) unnecessary other hardcoded `.keyword` locations --- tools/sigma/backends/elasticsearch.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 6f355706..5919528b 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -86,7 +86,7 @@ class ElasticsearchWildcardHandlingMixin(object): else: return False - def fieldNameMapping(self, fieldname, value): + def fieldNameMapping(self, fieldname, value, *agg_option): """ Decide whether to use a keyword field or analyzed field. Using options on fields to make into keywords OR not and the field naming of keyword. Further, determine if values contain wildcards. Additionally, determine if case insensitive regex should be used. Finally, @@ -112,6 +112,10 @@ class ElasticsearchWildcardHandlingMixin(object): else: analyzed_subfield_name = '' + # force keyword on agg_option used in Elasticsearch DSL query key + if agg_option: + force_keyword_type = True + # Only some analyzed subfield, so if not in this list then has to be keyword if len(self.analyzed_sub_fields) != 0 and not any ([ fnmatch(fieldname, pattern) for pattern in self.analyzed_sub_fields ]): force_keyword_type = True @@ -403,12 +407,12 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin self.queries[-1]['aggs'] = { count_agg_group_name: { "terms": { - "field": "{}.keyword".format(agg.groupfield) + "field": "{}".format(agg.groupfield) }, "aggs": { count_distinct_agg_name: { "cardinality": { - "field": "{}.keyword".format(agg.aggfield) + "field": "{}".format(agg.aggfield) } }, "limit": { @@ -427,7 +431,7 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin self.queries[-1]['aggs'] = { group_aggname: { 'terms': { - 'field': '%s' % (agg.groupfield + ".keyword") + 'field': '%s' % (agg.groupfield) }, 'aggs': { 'limit': { @@ -686,7 +690,7 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) "aggs": { "agg": { "terms": { - "field": condition.parsedAgg.aggfield + ".keyword", + "field": condition.parsedAgg.aggfield, "size": 10, "order": { "_count": order @@ -704,7 +708,7 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) "aggs": { "by": { "terms": { - "field": condition.parsedAgg.groupfield + ".keyword", + "field": condition.parsedAgg.groupfield, "size": 10, "order": { "_count": order @@ -969,7 +973,7 @@ class ElastalertBackend(MultiRuleOutputMixin): if parsed.parsedAgg: if parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_COUNT or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_MIN or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_MAX or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_AVG or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_SUM: if parsed.parsedAgg.groupfield is not None: - rule_object['query_key'] = self.fieldNameMapping(parsed.parsedAgg.groupfield, '*') + rule_object['query_key'] = self.fieldNameMapping(parsed.parsedAgg.groupfield, '*', True) rule_object['type'] = "metric_aggregation" rule_object['buffer_time'] = interval rule_object['doc_type'] = "doc" From aa112cbd44b2ffa2245486dc9b941cdb031d6876 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Wed, 18 Mar 2020 08:51:38 -0400 Subject: [PATCH 132/714] do not escape `u` --- tools/sigma/backends/elasticsearch.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 5919528b..6cb6d2a0 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -185,7 +185,7 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single identifier = "es-qs" active = True - reEscape = re.compile("([\s+\\-=!(){}\\[\\]^\"~:/]|(? Date: Thu, 19 Mar 2020 09:00:24 +0700 Subject: [PATCH 133/714] modified: tools/sigma/backends/carbonblack.py --- .vscode/launch.json | 2 +- tools/sigma/backends/carbonblack.py | 11 ----------- tools/sigma/backends/my_carbonblack.py | 4 ++-- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 944b35d3..9ac8e307 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -10,7 +10,7 @@ "request": "launch", "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules_CBR/sysmon_powershell_network_connection.yml", "-c", "carbonblack"] + "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules/Deploy2/sysmon_powershell_network_connection.yml", "-c", "carbonblack"] // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] } ] diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index ea376a69..f7419139 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -152,12 +152,6 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB expression = super().generateNode(node.item) if expression: return "(%s%s)" % (self.notToken, expression) - # def generateNOTNode(self, node): - # generated = self.generateNode(node.item) - # if generated is not None: - # return self.notToken + generated - # else: - # return None def postAPI(self,result,title,desc): url = os.getenv("cbapi_watchlist") @@ -191,8 +185,6 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" title = sigmaparser.parsedyaml["title"] desc = sigmaparser.parsedyaml["description"] - # print(title) - # print("\n") try: self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) self.counted = sigmaparser.parsedyaml.get('counted', None) @@ -205,9 +197,6 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB if query is not None: result += query - # val = "vsss admin shadow" - # escapeSubst = "\\\\\g<1>" - # print(self.reEscape.sub(escapeSubst, val)) self.postAPI(result,title,desc) return result # if self.category == "process_creation": diff --git a/tools/sigma/backends/my_carbonblack.py b/tools/sigma/backends/my_carbonblack.py index 494b456e..72627792 100644 --- a/tools/sigma/backends/my_carbonblack.py +++ b/tools/sigma/backends/my_carbonblack.py @@ -180,7 +180,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): return new_value def postAPI(self,result,title,desc): - url = 'https://10.14.132.35//api/v1/watchlist' + rl = os.getenv("cbapi_watchlist") body = { "name":title, "search_query":"q="+str(result), @@ -188,7 +188,7 @@ class CarbonBlackBackend(SingleTextQueryBackend): "index_type":"events" } header = { - "X-Auth-Token": "099c366b1e56c0bca3ae61ce1fb7435af7a5926c" + "X-Auth-Token": os.getenv("APIToken") } print(title) x = requests.post(url, data =json.dumps(body), headers = header, verify=False) From 0356178c50a1b32132baadf4f490b7e76d78c81b Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 19 Mar 2020 10:49:40 +0700 Subject: [PATCH 134/714] eventdict --- tools/sigma/{ => config}/eventdict.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tools/sigma/{ => config}/eventdict.py (100%) diff --git a/tools/sigma/eventdict.py b/tools/sigma/config/eventdict.py similarity index 100% rename from tools/sigma/eventdict.py rename to tools/sigma/config/eventdict.py From f3e642f34068e092d549c9be90a77ca8d60b1a63 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 19 Mar 2020 10:54:48 +0700 Subject: [PATCH 135/714] merge --- rules/compliance/cleartext_protocols.yml | 111 ++++++++++++++++++ .../compliance/default_credentials_usage.yml | 109 +++++++++++++++++ .../compliance/group_modification_logging.yml | 61 ++++++++++ rules/compliance/host_without_firewall.yml | 30 +++++ rules/compliance/workstation_was_locked.yml | 47 ++++++++ rules/windows/sysmon/sysmon_cactustorch.yml | 1 - .../sysmon_detect_Compressed_Process.yml | 23 ---- .../sysmon/sysmon_office_persistence.yml | 39 ------ .../sysmon/sysmon_permissions_modifiation.yml | 32 ----- .../sysmon/sysmon_service_creation.yml | 18 --- .../windows/sysmon/sysmon_susp_Timestomp.yml | 23 ---- .../sysmon/sysmon_susp_discovery_activity.yml | 26 ---- .../sysmon/sysmon_susp_file_deletion.yml | 29 ----- .../sysmon/sysmon_susp_service_modify.yml | 31 ----- .../sysmon_susp_signed_script_triggered.yml | 27 ----- .../sysmon/sysmon_web_folder_intergration.yml | 30 ----- .../windows/sysmon/win_susp_Compiled_HTML.yml | 20 ---- 17 files changed, 358 insertions(+), 299 deletions(-) create mode 100644 rules/compliance/cleartext_protocols.yml create mode 100644 rules/compliance/default_credentials_usage.yml create mode 100644 rules/compliance/group_modification_logging.yml create mode 100644 rules/compliance/host_without_firewall.yml create mode 100644 rules/compliance/workstation_was_locked.yml delete mode 100644 rules/windows/sysmon/sysmon_detect_Compressed_Process.yml delete mode 100644 rules/windows/sysmon/sysmon_office_persistence.yml delete mode 100644 rules/windows/sysmon/sysmon_permissions_modifiation.yml delete mode 100644 rules/windows/sysmon/sysmon_service_creation.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_Timestomp.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_discovery_activity.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_file_deletion.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_service_modify.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml delete mode 100644 rules/windows/sysmon/sysmon_web_folder_intergration.yml delete mode 100644 rules/windows/sysmon/win_susp_Compiled_HTML.yml diff --git a/rules/compliance/cleartext_protocols.yml b/rules/compliance/cleartext_protocols.yml new file mode 100644 index 00000000..d1769800 --- /dev/null +++ b/rules/compliance/cleartext_protocols.yml @@ -0,0 +1,111 @@ +action: global +title: Cleartext Protocol Usage +id: 7e4bfe58-4a47-4709-828d-d86c78b7cc1f +description: Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels. Ensure that an encryption + is used for all sensitive information in transit. Ensure that an encrypted channels is used for all administrative account access. +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf +author: Alexandr Yampolskyi, SOC Prime +status: stable +date: 2019/03/26 +falsepositives: + - unknown +level: low +tags: + - CSC4 + - CSC4.5 + - CSC14 + - CSC14.4 + - CSC16 + - CSC16.5 + - NIST CSF 1.1 PR.AT-2 + - NIST CSF 1.1 PR.MA-2 + - NIST CSF 1.1 PR.PT-3 + - NIST CSF 1.1 PR.AC-1 + - NIST CSF 1.1 PR.AC-4 + - NIST CSF 1.1 PR.AC-5 + - NIST CSF 1.1 PR.AC-6 + - NIST CSF 1.1 PR.AC-7 + - NIST CSF 1.1 PR.DS-1 + - NIST CSF 1.1 PR.DS-2 + - NIST CSF 1.1 PR.PT-3 + - NIST CSF 1.1 PR.PT-3 + - ISO 27002-2013 A.9.2.1 + - ISO 27002-2013 A.9.2.2 + - ISO 27002-2013 A.9.2.3 + - ISO 27002-2013 A.9.2.4 + - ISO 27002-2013 A.9.2.5 + - ISO 27002-2013 A.9.2.6 + - ISO 27002-2013 A.9.3.1 + - ISO 27002-2013 A.9.4.1 + - ISO 27002-2013 A.9.4.2 + - ISO 27002-2013 A.9.4.3 + - ISO 27002-2013 A.9.4.4 + - ISO 27002-2013 A.8.3.1 + - ISO 27002-2013 A.9.1.1 + - ISO 27002-2013 A.10.1.1 + - PCI DSS 3.2 2.1 + - PCI DSS 3.2 8.1 + - PCI DSS 3.2 8.2 + - PCI DSS 3.2 8.3 + - PCI DSS 3.2 8.7 + - PCI DSS 3.2 8.8 + - PCI DSS 3.2 1.3 + - PCI DSS 3.2 1.4 + - PCI DSS 3.2 4.3 + - PCI DSS 3.2 7.1 + - PCI DSS 3.2 7.2 + - PCI DSS 3.2 7.3 +--- +logsource: + product: netflow +detection: + selection: + destination.port: + - 8080 + - 21 + - 80 + - 23 + - 50000 + - 1521 + - 27017 + - 1433 + - 11211 + - 3306 + - 15672 + - 5900 + - 5901 + - 5902 + - 5903 + - 5904 + condition: selection +--- +logsource: + product: firewall +detection: + selection1: + destination.port: + - 8080 + - 21 + - 80 + - 23 + - 50000 + - 1521 + - 27017 + - 3306 + - 1433 + - 11211 + - 15672 + - 5900 + - 5901 + - 5902 + - 5903 + - 5904 + selection2: + action: + - forward + - accept + - 2 + condition: selection1 AND selection2 diff --git a/rules/compliance/default_credentials_usage.yml b/rules/compliance/default_credentials_usage.yml new file mode 100644 index 00000000..0dcac143 --- /dev/null +++ b/rules/compliance/default_credentials_usage.yml @@ -0,0 +1,109 @@ +title: Default Credentials Usage +id: 1a395cbc-a84a-463a-9086-ed8a70e573c7 +description: Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts. Sigma detects default credentials + usage. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management. +author: Alexandr Yampolskyi, SOC Prime +status: stable +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + - https://community.qualys.com/docs/DOC-6406-reporting-toolbox-focused-search-lists +date: 2019/03/26 +logsource: + product: qualys +detection: + selection: + host.scan.vuln: + - 10693 + - 11507 + - 11633 + - 11804 + - 11821 + - 11847 + - 11867 + - 11931 + - 11935 + - 11950 + - 12541 + - 12558 + - 12559 + - 12560 + - 12562 + - 12563 + - 12565 + - 12587 + - 12590 + - 12599 + - 12702 + - 12705 + - 12706 + - 12907 + - 12928 + - 12929 + - 13053 + - 13178 + - 13200 + - 13218 + - 13241 + - 13253 + - 13274 + - 13296 + - 13301 + - 13327 + - 13373 + - 13374 + - 13409 + - 13530 + - 13532 + - 20065 + - 20073 + - 20081 + - 27202 + - 27358 + - 38702 + - 38719 + - 42045 + - 42417 + - 43029 + - 43220 + - 43221 + - 43222 + - 43223 + - 43225 + - 43246 + - 43431 + - 43484 + - 86857 + - 87098 + - 87106 + condition: selection +falsepositives: + - unknown +level: medium +tags: + - CSC4 + - CSC4.2 + - NIST CSF 1.1 PR.AC-4 + - NIST CSF 1.1 PR.AT-2 + - NIST CSF 1.1 PR.MA-2 + - NIST CSF 1.1 PR.PT-3 + - ISO 27002-2013 A.9.1.1 + - ISO 27002-2013 A.9.2.2 + - ISO 27002-2013 A.9.2.3 + - ISO 27002-2013 A.9.2.4 + - ISO 27002-2013 A.9.2.5 + - ISO 27002-2013 A.9.2.6 + - ISO 27002-2013 A.9.3.1 + - ISO 27002-2013 A.9.4.1 + - ISO 27002-2013 A.9.4.2 + - ISO 27002-2013 A.9.4.3 + - ISO 27002-2013 A.9.4.4 + - PCI DSS 3.2 2.1 + - PCI DSS 3.2 7.1 + - PCI DSS 3.2 7.2 + - PCI DSS 3.2 7.3 + - PCI DSS 3.2 8.1 + - PCI DSS 3.2 8.2 + - PCI DSS 3.2 8.3 + - PCI DSS 3.2 8.7 diff --git a/rules/compliance/group_modification_logging.yml b/rules/compliance/group_modification_logging.yml new file mode 100644 index 00000000..c06eb288 --- /dev/null +++ b/rules/compliance/group_modification_logging.yml @@ -0,0 +1,61 @@ +title: Group Modification Logging +id: 9cf01b6c-e723-4841-a868-6d7f8245ca6e +description: "Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges. Sigma detects\ + \ Event ID 4728 indicates a \u2018Member is added to a Security Group\u2019. Event ID 4729 indicates a \u2018Member is removed from a Security enabled-group\u2019\ + . Event ID 4730 indicates a\u2018Security Group is deleted\u2019. The case is not applicable for Unix OS. Supported OS - Windows 2008 R2 and 7, Windows 2012 R2\ + \ and 8.1, Windows 2016 and 10 Windows Server 2019, Windows Server 2000, Windows 2003 and XP." +author: Alexandr Yampolskyi, SOC Prime +status: stable +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4728 + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4729 + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4730 + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=633 + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=632 + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=634 +date: 2019/03/26 +logsource: + product: windows + service: security +detection: + selection: + EventID: + - 4728 + - 4729 + - 4730 + - 633 + - 632 + - 634 + condition: selection +falsepositives: + - unknown +level: low +tags: + - CSC4 + - CSC4.8 + - NIST CSF 1.1 PR.AC-4 + - NIST CSF 1.1 PR.AT-2 + - NIST CSF 1.1 PR.MA-2 + - NIST CSF 1.1 PR.PT-3 + - ISO 27002-2013 A.9.1.1 + - ISO 27002-2013 A.9.2.2 + - ISO 27002-2013 A.9.2.3 + - ISO 27002-2013 A.9.2.4 + - ISO 27002-2013 A.9.2.5 + - ISO 27002-2013 A.9.2.6 + - ISO 27002-2013 A.9.3.1 + - ISO 27002-2013 A.9.4.1 + - ISO 27002-2013 A.9.4.2 + - ISO 27002-2013 A.9.4.3 + - ISO 27002-2013 A.9.4.4 + - PCI DSS 3.2 2.1 + - PCI DSS 3.2 7.1 + - PCI DSS 3.2 7.2 + - PCI DSS 3.2 7.3 + - PCI DSS 3.2 8.1 + - PCI DSS 3.2 8.2 + - PCI DSS 3.2 8.3 + - PCI DSS 3.2 8.7 diff --git a/rules/compliance/host_without_firewall.yml b/rules/compliance/host_without_firewall.yml new file mode 100644 index 00000000..527d7eca --- /dev/null +++ b/rules/compliance/host_without_firewall.yml @@ -0,0 +1,30 @@ +title: Host Without Firewall +id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9 +description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management. +author: Alexandr Yampolskyi, SOC Prime +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf +date: 2019/03/19 +status: stable +level: low +logsource: + product: Qualys +detection: + selection: + event.category: Security Policy + host.scan.vuln_name: Firewall Product Not Detected* + condition: selection +tags: + - CSC9 + - CSC9.4 + - NIST CSF 1.1 PR.AC-5 + - NIST CSF 1.1 PR.AC-6 + - NIST CSF 1.1 PR.AC-7 + - NIST CSF 1.1 DE.AE-1 + - ISO 27002-2013 A.9.1.2 + - ISO 27002-2013 A.13.2.1 + - ISO 27002-2013 A.13.2.2 + - ISO 27002-2013 A.14.1.2 + - PCI DSS 3.2 1.4 diff --git a/rules/compliance/workstation_was_locked.yml b/rules/compliance/workstation_was_locked.yml new file mode 100644 index 00000000..6938a14d --- /dev/null +++ b/rules/compliance/workstation_was_locked.yml @@ -0,0 +1,47 @@ +title: Locked Workstation +id: 411742ad-89b0-49cb-a7b0-3971b5c1e0a4 +description: Automatically lock workstation sessions after a standard period of inactivity. The case is not applicable for Unix OS. Supported OS - Windows 2008 R2 + and 7, Windows 2012 R2 and 8.1, Windows 2016 and 10 Windows Server 2019. +author: Alexandr Yampolskyi, SOC Prime +status: stable +references: + - https://www.cisecurity.org/controls/cis-controls-list/ + - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf + - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4800 +date: 2019/03/26 +logsource: + product: windows + service: security +detection: + selection: + EventID: + - 4800 + condition: selection +falsepositives: + - unknown +level: low +tags: + - CSC16 + - CSC16.11 + - ISO27002-2013 A.9.1.1 + - ISO27002-2013 A.9.2.1 + - ISO27002-2013 A.9.2.2 + - ISO27002-2013 A.9.2.3 + - ISO27002-2013 A.9.2.4 + - ISO27002-2013 A.9.2.5 + - ISO27002-2013 A.9.2.6 + - ISO27002-2013 A.9.3.1 + - ISO27002-2013 A.9.4.1 + - ISO27002-2013 A.9.4.3 + - ISO27002-2013 A.11.2.8 + - PCI DSS 3.1 7.1 + - PCI DSS 3.1 7.2 + - PCI DSS 3.1 7.3 + - PCI DSS 3.1 8.7 + - PCI DSS 3.1 8.8 + - NIST CSF 1.1 PR.AC-1 + - NIST CSF 1.1 PR.AC-4 + - NIST CSF 1.1 PR.AC-6 + - NIST CSF 1.1 PR.AC-7 + - NIST CSF 1.1 PR.PT-3 diff --git a/rules/windows/sysmon/sysmon_cactustorch.yml b/rules/windows/sysmon/sysmon_cactustorch.yml index e8b8417e..676d077a 100644 --- a/rules/windows/sysmon/sysmon_cactustorch.yml +++ b/rules/windows/sysmon/sysmon_cactustorch.yml @@ -14,7 +14,6 @@ detection: selection: EventID: 8 SourceImage: - - '*\SysWOW64\\*' - '*\System32\cscript.exe' - '*\System32\wscript.exe' - '*\System32\mshta.exe' diff --git a/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml b/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml deleted file mode 100644 index fc813e3b..00000000 --- a/rules/windows/sysmon/sysmon_detect_Compressed_Process.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: Detect compress process using for data exfiltration -description: Detects data compressing behaviour -author: Lep - VuNX -date: 2019/7/10 -tags: - - attack.exfiltration - - attack.t1002 -logsource: - category: process_creation - product: windows -detection: - selection1: - CommandLine: - - '*Compress-Archive*' - - 'rar*' - - 'zip*' - - 'gzip*' - selection2: - Image: C:\Users\Public\7za.exe - condition: selection1 or selection2 -falsepositives: - - Real compressed -level: critical diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml deleted file mode 100644 index 62a704dd..00000000 --- a/rules/windows/sysmon/sysmon_office_persistence.yml +++ /dev/null @@ -1,39 +0,0 @@ -title: Microsoft Office Persistence -status: experimental -description: Detect some kinds of persistence techniques using Office Startup -author: Lep -references: - - https://attack.mitre.org/techniques/T1137/ - - https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/ -date: 2019/08/20 -tags: - - attack.persistence - - attack.t1137 - - attack.g0050 -logsource: - service: sysmon - product: windows -detection: - template_macro: - EventID: 11 - TargetFilename: - - '*\AppData\Roaming\Microsoft\Templates\Normal.dotm' - - '*\AppData\Roaming\Microsoft\Excel*' - office_test: - EventID: 13 - TargetObject: 'HKCU\Software\Microsoft\Office test\Special\Perf*' - enable_macros: - EventID: 13 - TargetObject: - - 'HKCU\Software\Microsoft\Office\*\Outlook*' - - 'HKCU\Software\Microsoft\Office\*\Excel\Options*' - addins: - EventID: 13 - TargetObject: - - 'HKCU\Software\Microsoft\VBA\VBE\6.0\Addins\*' - - 'HKCU\Software\Microsoft\Office\*\PowerPoint\AddIns' - - 'HKCU\Software\Microsoft\Office\*\Addins\' - condition: template_macro or office_test or addins or enable_macros -falsepositives: - - Office usage -level: low diff --git a/rules/windows/sysmon/sysmon_permissions_modifiation.yml b/rules/windows/sysmon/sysmon_permissions_modifiation.yml deleted file mode 100644 index 9f2a8eb6..00000000 --- a/rules/windows/sysmon/sysmon_permissions_modifiation.yml +++ /dev/null @@ -1,32 +0,0 @@ -title: File Permissions Modification -status: experimental -description: Detect File Permissions modification -author: Lep -references: - - https://attack.mitre.org/techniques/T1222/ -date: 2019/08/21 -tags: - - attack.defense_evasion - - attack.t1222 - - attack.g0050 -logsource: - service: sysmon - product: windows -detection: - window: - - Image: - - '*cacls.exe' - - '*takeown.exe' - - '*icacls.exe' - - '*attrib.exe' - - CommandLine: '*Set-Acl*' -# Use for unix, change log sources - unix: - CommandLine: - - '*chmod*' - - '*chowm*' - - '*chattr*' - condition: window or unix -falsepositives: - - Uninstall programs,.. -level: low diff --git a/rules/windows/sysmon/sysmon_service_creation.yml b/rules/windows/sysmon/sysmon_service_creation.yml deleted file mode 100644 index 1a203859..00000000 --- a/rules/windows/sysmon/sysmon_service_creation.yml +++ /dev/null @@ -1,18 +0,0 @@ -title: Service Creation in Registry Detection -description: Detect Service Creation in Registry -author: Lep -date: 2019/08/16 -tags: - - attack.execution - - attack.t1035 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 12 - Image: '*\services.exe' - condition: selection -falsepositives: - - n/a -level: low diff --git a/rules/windows/sysmon/sysmon_susp_Timestomp.yml b/rules/windows/sysmon/sysmon_susp_Timestomp.yml deleted file mode 100644 index 11be1613..00000000 --- a/rules/windows/sysmon/sysmon_susp_Timestomp.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: Suspicious Timestomp -description: Detects a massive change timestamp -status: experimental -author: lep -date: 2019/08/24 -tags: - - attack.defense_evasion - - attack.t1099 -logsource: - product: windows -detection: - windows: - CommandLine: - - '*Get-ChildItem*' - - '*$_.LastAccessTime*' - - '*$_.LastWriteTime*' - - '*$_.CreationTime*' - linux: - CommandLine: '*touch*' - condition: linux or windows -falsepositives: - - Unkown -level: high diff --git a/rules/windows/sysmon/sysmon_susp_discovery_activity.yml b/rules/windows/sysmon/sysmon_susp_discovery_activity.yml deleted file mode 100644 index 4b96f37e..00000000 --- a/rules/windows/sysmon/sysmon_susp_discovery_activity.yml +++ /dev/null @@ -1,26 +0,0 @@ -title: Discovery Activity with Command -status: experimental -description: Detects discovery activity command -author: Lep -date: 2019/09/26 -tags: - - attack.discovery - - attack.t1018 - - attack.t1012 - - attack.t1083 -logsource: - product: windows -detection: - selection: - CommandLine: - - 'dir *' - - 'tree *' - - 'reg query*' - - '*arp.exe*' - - 'ipconfig /all' - - 'new-psdrive*' - timeframe: 15s - condition: selection | count() by CommandLine > 4 -falsepositives: - - Admin activities -level: medium diff --git a/rules/windows/sysmon/sysmon_susp_file_deletion.yml b/rules/windows/sysmon/sysmon_susp_file_deletion.yml deleted file mode 100644 index 60680a6a..00000000 --- a/rules/windows/sysmon/sysmon_susp_file_deletion.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Microsoft Office Persistence -status: experimental -description: Detect File Deletion Technique -author: Lep -references: - - https://attack.mitre.org/techniques/T1107/ - - https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/ -date: 2019/08/20 -tags: - - attack.defense_evasion - - attack.t1107 - - attack.g0050 -logsource: - service: sysmon - product: windows -detection: - sdelete: - Image: '*sdelete.exe' - CommandLine: '*remove-item*' - fsulti: - Image: '*fsutil.exe' - CommandLine: '*deletejournal*' - wbadmin: - Image: '*wbadmin.exe' - CommandLine: '*delete*' - condition: sdelete or fsulti or wbadmin -falsepositives: - - Uninstall programs,.. -level: low diff --git a/rules/windows/sysmon/sysmon_susp_service_modify.yml b/rules/windows/sysmon/sysmon_susp_service_modify.yml deleted file mode 100644 index dc67081f..00000000 --- a/rules/windows/sysmon/sysmon_susp_service_modify.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -action: global -title: Modify Existing Service -description: Detect persistence technique by modifying existing services -author: Lep -date: 2019/08/17 -tags: - - attack.persistence - - attack.t1031 - - attack.g0050 -logsource: - category: process_creation - product: windows -detection: - sc: - Image: - -'*\sc.exe' - CommandLine: '*config*' - reg: - Image: - -'*\reg.exe' - CommandLine: '*hklm\system\currentcontrolset\services*' - condition: 1 of them ---- -detection: - registry_edit: - EventID: 12 - TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Services*' -falsepositives: - - Real service edit -level: low diff --git a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml b/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml deleted file mode 100644 index 94ba3931..00000000 --- a/rules/windows/sysmon/sysmon_susp_signed_script_triggered.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -action: global -title: Signed Script Proxy Execution -description: Detect suspicious signed script like PubPrn triggered for validation bypassing -author: Lep -date: 2019/08/16 -tags: - - attack.execution - - attack.t1216 - - attack.g0050 -logsource: - product: windows - category: process_creation -detection: - selection: - ParentImage: '*cscript.exe*' - condition: selection or selection2 -falsepositives: - - Real PubPrn usage -level: low ---- -logsource: - product: windows - service: sysmon -detection: - selection2: - CommandLine: '*pubprn.vbs*' \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_web_folder_intergration.yml b/rules/windows/sysmon/sysmon_web_folder_intergration.yml deleted file mode 100644 index 43932982..00000000 --- a/rules/windows/sysmon/sysmon_web_folder_intergration.yml +++ /dev/null @@ -1,30 +0,0 @@ -title: File Creation Webserver Root Folder -status: experimental -description: Detects a suspicious file creation in a web service root folder -author: Lep - VuNX -tags: - - attack.persistence - - attack.t1100 -logsource: - category: process_creation - product: windows -detection: - selection: - TargetFileName: - - '*\wwwroot\\*' - - '*\wmpub\\*' - - '*\htdocs\\*' - - '*inetpub*' - EventID: - 11 - filter: - Image: - - '*explorer.exe' - blank: - Image: null - condition: selection and not filter and not blank -fields: - - TargetFileName -falsepositives: - - Deploy new codes -level: medium diff --git a/rules/windows/sysmon/win_susp_Compiled_HTML.yml b/rules/windows/sysmon/win_susp_Compiled_HTML.yml deleted file mode 100644 index 2063f97b..00000000 --- a/rules/windows/sysmon/win_susp_Compiled_HTML.yml +++ /dev/null @@ -1,20 +0,0 @@ -title: Trigger Compiled HTML -status: experimental -description: This detects compiled HTML triggered by HH -references: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ -date: 2019/08/14 -author: Lep -logsource: - category: process_creation - product: windows -detection: - selection1: - Image: '*\hh.exe' - condition: selection1 -falsepositives: - - Normal HTML Help File -tags: - - attack.execution - - attack.t1223 - - attack.g0050 -level: high From 2107d86900e654613542b7004f25c56364c63a2e Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 19 Mar 2020 10:58:30 +0700 Subject: [PATCH 136/714] merge --- tools/sigma/backends/base.py | 2 -- tools/sigma/backends/carbonblack.py | 6 +++--- tools/sigma/backends/elasticsearch.py | 13 ------------- tools/sigma/backends/qradar.py | 6 ------ tools/sigma/configuration.py | 1 - tools/sigmac | 5 +---- 6 files changed, 4 insertions(+), 29 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 7b719aac..4675b019 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -15,14 +15,12 @@ # along with this program. If not, see . import sys -sys.path.append("....") import sigma import yaml from .mixins import RulenameCommentMixin, QuoteCharMixin from sigma.parser.modifiers.base import SigmaTypeModifier -from .. eventdict import event class BackendOptions(dict): """ diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index f7419139..ea1e7f9a 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -2,7 +2,7 @@ import re import requests import json import os -from .. eventdict import event +from ..config.eventdict import event from fnmatch import fnmatch from sigma.backends.base import SingleTextQueryBackend @@ -153,6 +153,7 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB if expression: return "(%s%s)" % (self.notToken, expression) +# Function to upload watchlists through CB API def postAPI(self,result,title,desc): url = os.getenv("cbapi_watchlist") body = { @@ -166,7 +167,6 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB } print(title) x = requests.post(url, data =json.dumps(body), headers = header, verify=False) - print(x.text) def generateEventKey(self, value): @@ -197,7 +197,7 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB if query is not None: result += query - self.postAPI(result,title,desc) + # self.postAPI(result,title,desc) return result # if self.category == "process_creation": # for parsed in sigmaparser.condparsed: diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index b3418437..4450f77f 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -274,18 +274,6 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin if agg: if agg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_COUNT: if agg.groupfield is not None: -<<<<<<< HEAD - self.queries[-1]['aggs'] = { - '%s_count'%(agg.groupfield or ""): { - 'terms': { - 'field': '%s'%(agg.groupfield + ".keyword" or "") - }, - 'aggs': { - 'limit': { - 'bucket_selector': { - 'buckets_path': { - 'count': '%s_count'%(agg.groupfield or "") -======= # If the aggregation is 'count(MyDistinctFieldName) by MyGroupedField > XYZ' if agg.aggfield is not None: count_agg_group_name = "{}_count".format(agg.groupfield) @@ -301,7 +289,6 @@ class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlin "cardinality": { "field": "{}.keyword".format(agg.aggfield) } ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c }, "limit": { "bucket_selector": { diff --git a/tools/sigma/backends/qradar.py b/tools/sigma/backends/qradar.py index bbab60d5..455a368f 100644 --- a/tools/sigma/backends/qradar.py +++ b/tools/sigma/backends/qradar.py @@ -200,17 +200,11 @@ class QRadarBackend(SingleTextQueryBackend): qradarPrefix="SELECT " try: -<<<<<<< HEAD - for field in sigmaparser.parsedyaml["fields"]: - mapped = sigmaparser.config.get_fieldmapping(field).resolve_fieldname(field, sigmaparser) - qradarPrefix += str(sigmaparser.parsedyaml["fields"]).strip('[]') -======= mappedFields = [] for field in sigmaparser.parsedyaml["fields"]: mapped = sigmaparser.config.get_fieldmapping(field).resolve_fieldname(field, sigmaparser) mappedFields.append(mapped) qradarPrefix += str(mappedFields).strip('[]') ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c except KeyError: # no 'fields' attribute mapped = None qradarPrefix+="UTF8(payload) as search_payload" diff --git a/tools/sigma/configuration.py b/tools/sigma/configuration.py index fd510919..05e11133 100644 --- a/tools/sigma/configuration.py +++ b/tools/sigma/configuration.py @@ -133,7 +133,6 @@ class SigmaConfiguration: if type(logsources) != dict: raise SigmaConfigParseError("Logsources must be a map") for name, logsource in logsources.items(): - print(name, logsource) self.logsources.append(SigmaLogsourceConfiguration(logsource, self.defaultindex)) def get_indexfield(self): diff --git a/tools/sigmac b/tools/sigmac index c0246862..89129e7b 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -108,7 +108,7 @@ def set_argparser(): argparser.add_argument("--backend-config", "-C", help="Configuration file (YAML format) containing options to pass to the backend") argparser.add_argument("--defer-abort", "-d", action="store_true", help="Don't abort on parse or conversion errors, proceed with next rule. The exit code from the last error is returned") argparser.add_argument("--ignore-backend-errors", "-I", action="store_true", help="Only return error codes for parse errors and ignore errors for rules that cause backend errors. Useful, when you want to get as much queries as possible.") - argparser.add_argument("--shoot-yourshootself-in-the-foot", action="store_true", help=argparse.SUPPRESS) + argparser.add_argument("--shoot-yourself-in-the-foot", action="store_true", help=argparse.SUPPRESS) argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose") argparser.add_argument("--debug", "-D", action="store_true", help="Debugging output") argparser.add_argument("inputs", nargs="*", help="Sigma input files ('-' for stdin)") @@ -227,15 +227,12 @@ error = 0 for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): logger.debug("* Processing Sigma input %s" % (sigmafile)) try: - print (sigmafile) if cmdargs.inputs == ['-']: f = sigmafile else: f = sigmafile.open(encoding='utf-8') parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) - results = parser.generate(backend) - for result in results: print(result, file=out) except OSError as e: From c627f6b381ff578b52ce6ad10c64042c184af319 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 19 Mar 2020 11:02:10 +0700 Subject: [PATCH 137/714] merge --- tools/config/helk.yml | 2 +- tools/config/qradar.yml | 25 ------ tools/config/sumologic.yml | 7 -- tools/config/winlogbeat-modules-enabled.yml | 86 --------------------- tools/config/winlogbeat-old.yml | 70 ----------------- tools/config/winlogbeat.yml | 70 ----------------- 6 files changed, 1 insertion(+), 259 deletions(-) diff --git a/tools/config/helk.yml b/tools/config/helk.yml index 944e1410..7042b25f 100644 --- a/tools/config/helk.yml +++ b/tools/config/helk.yml @@ -174,4 +174,4 @@ fieldmappings: Version: EventID=4: sysmon_version Workstation: src_host_name - WorkstationName: src_host_name \ No newline at end of file + WorkstationName: src_host_name diff --git a/tools/config/qradar.yml b/tools/config/qradar.yml index df9d7bf5..1768f96b 100644 --- a/tools/config/qradar.yml +++ b/tools/config/qradar.yml @@ -30,30 +30,6 @@ logsources: index: flows fieldmappings: -<<<<<<< HEAD - EventID: - - Event ID Code - dst: - - destinationIP - dst_ip: - - destinationIP - src: - - sourceIP - src_ip: - - sourceIP - c-ip: sourceIP - cs-ip: sourceIP - cs-uri: url - c-uri: sourceIP - c-uri-extension: file_extension - UserAgent: user_agent - c-uri-query: uri_query - HttpMethod: Method - URL: URL - r-dns: FQDN - ClientIP: sourceIP - ServiceFileName: Service Name -======= EventID: - Event ID Code dst: @@ -74,4 +50,3 @@ fieldmappings: r-dns: FQDN ClientIP: sourceIP ServiceFileName: Service Name ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/sumologic.yml b/tools/config/sumologic.yml index 297fb9ed..09e83fbb 100644 --- a/tools/config/sumologic.yml +++ b/tools/config/sumologic.yml @@ -97,13 +97,6 @@ logsources: application-rails: product: rails index: RAILS -<<<<<<< HEAD - application-rails: - category: application - product: ruby_on_rails - index: RAILS -======= ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c application-spring: product: spring index: SPRING diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index a51d409f..7780562b 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -3,18 +3,12 @@ order: 20 backends: - es-qs - es-dsl -<<<<<<< HEAD -======= - es-rule ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c - kibana - xpack-watcher - elastalert - elastalert-dsl -<<<<<<< HEAD -======= - elasticsearch-rule ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c logsources: windows: product: windows @@ -54,85 +48,6 @@ defaultindex: winlogbeat-* # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' # Keep EventID! Clean up the list afterwards! fieldmappings: -<<<<<<< HEAD - EventID: winlog.event_id - AccessMask: winlog.event_data.AccessMask - AccountName: winlog.event_data.AccountName - AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo - AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName - AuditPolicyChanges: winlog.event_data.AuditPolicyChanges - AuthenticationPackageName: winlog.event_data.AuthenticationPackageName - CallingProcessName: winlog.event_data.CallingProcessName - CallTrace: winlog.event_data.CallTrace - CommandLine: process.args - ComputerName: winlog.ComputerName - CurrentDirectory: process.working_directory - Description: winlog.event_data.Description - DestinationHostname: destination.domain - DestinationIp: destination.ip - #DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 - DestinationPort: destination.port - DestinationPortName: network.protocol - Details: winlog.event_data.Details - EngineVersion: winlog.event_data.EngineVersion - EventType: winlog.event_data.EventType - FailureCode: winlog.event_data.FailureCode - FileName: file.path - GrantedAccess: winlog.event_data.GrantedAccess - GroupName: winlog.event_data.GroupName - GroupSid: winlog.event_data.GroupSid - Hashes: winlog.event_data.Hashes - HiveName: winlog.event_data.HiveName - HostVersion: winlog.event_data.HostVersion - Image: process.executable - ImageLoaded: file.path - ImagePath: winlog.event_data.ImagePath - Imphash: winlog.event_data.Imphash - IpAddress: source.ip - IpPort: source.port - KeyLength: winlog.event_data.KeyLength - LogonProcessName: winlog.event_data.LogonProcessName - LogonType: winlog.event_data.LogonType - NewProcessName: winlog.event_data.NewProcessName - ObjectClass: winlog.event_data.ObjectClass - ObjectName: winlog.event_data.ObjectName - ObjectType: winlog.event_data.ObjectType - ObjectValueName: winlog.event_data.ObjectValueName - ParentCommandLine: process.parent.args - ParentProcessName: process.parent.name - ParentImage: process.parent.executable - Path: winlog.event_data.Path - PipeName: file.name - ProcessCommandLine: winlog.event_data.ProcessCommandLine - ProcessName: process.executable - Properties: winlog.event_data.Properties - SecurityID: winlog.event_data.SecurityID - ServiceFileName: winlog.event_data.ServiceFileName - ServiceName: winlog.event_data.ServiceName - ShareName: winlog.event_data.ShareName - Signature: winlog.event_data.Signature - Source: winlog.event_data.Source - SourceHostname: source.domain - SourceImage: process.executable - SourceIp: source.ip - SourcePort: source.port - #SourceIsIpv6: winlog.event_data.SourceIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 - StartModule: winlog.event_data.StartModule - Status: winlog.event_data.Status - SubjectDomainName: user.domain - SubjectUserName: user.name - SubjectUserSid: user.id - TargetFilename: file.path - TargetImage: winlog.event_data.TargetImage - TargetObject: winlog.event_data.TargetObject - TicketEncryptionType: winlog.event_data.TicketEncryptionType - TicketOptions: winlog.event_data.TicketOptions - TargetDomainName: user.domain - TargetUserName: user.name - TargetUserSid: user.id - User: user.name - WorkstationName: source.domain -======= EventID: winlog.event_id AccessMask: winlog.event_data.AccessMask AccountName: winlog.event_data.AccountName @@ -212,4 +127,3 @@ fieldmappings: TargetUserSid: user.id User: user.name WorkstationName: source.domain ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index c89adad6..2cb46605 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -47,75 +47,6 @@ defaultindex: winlogbeat-* # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' # Keep EventID! Clean up the list afterwards! fieldmappings: -<<<<<<< HEAD - EventID: event_id - AccessMask: event_data.AccessMask - AccountName: event_data.AccountName - AllowedToDelegateTo: event_data.AllowedToDelegateTo - AttributeLDAPDisplayName: event_data.AttributeLDAPDisplayName - AuditPolicyChanges: event_data.AuditPolicyChanges - AuthenticationPackageName: event_data.AuthenticationPackageName - CallingProcessName: event_data.CallingProcessName - CallTrace: event_data.CallTrace - CommandLine: event_data.CommandLine - ComputerName: event_data.ComputerName - CurrentDirectory: event_data.CurrentDirectory - Description: event_data.Description - DestinationHostname: event_data.DestinationHostname - DestinationIp: event_data.DestinationIp - DestinationIsIpv6: event_data.DestinationIsIpv6 - DestinationPort: event_data.DestinationPort - Details: event_data.Details - EngineVersion: event_data.EngineVersion - EventType: event_data.EventType - FailureCode: event_data.FailureCode - FileName: event_data.FileName - GrantedAccess: event_data.GrantedAccess - GroupName: event_data.GroupName - GroupSid: event_data.GroupSid - Hashes: event_data.Hashes - HiveName: event_data.HiveName - HostVersion: event_data.HostVersion - Image: event_data.Image - ImageLoaded: event_data.ImageLoaded - ImagePath: event_data.ImagePath - Imphash: event_data.Imphash - IpAddress: event_data.IpAddress - KeyLength: event_data.KeyLength - LogonProcessName: event_data.LogonProcessName - LogonType: event_data.LogonType - NewProcessName: event_data.NewProcessName - ObjectClass: event_data.ObjectClass - ObjectName: event_data.ObjectName - ObjectType: event_data.ObjectType - ObjectValueName: event_data.ObjectValueName - ParentCommandLine: event_data.ParentCommandLine - ParentProcessName: event_data.ParentProcessName - ParentImage: event_data.ParentImage - Path: event_data.Path - PipeName: event_data.PipeName - ProcessCommandLine: event_data.ProcessCommandLine - ProcessName: event_data.ProcessName - Properties: event_data.Properties - SecurityID: event_data.SecurityID - ServiceFileName: event_data.ServiceFileName - ServiceName: event_data.ServiceName - ShareName: event_data.ShareName - Signature: event_data.Signature - Source: event_data.Source - SourceImage: event_data.SourceImage - StartModule: event_data.StartModule - Status: event_data.Status - SubjectUserName: event_data.SubjectUserName - SubjectUserSid: event_data.SubjectUserSid - TargetFilename: event_data.TargetFilename - TargetImage: event_data.TargetImage - TargetObject: event_data.TargetObject - TicketEncryptionType: event_data.TicketEncryptionType - TicketOptions: event_data.TicketOptions - User: event_data.User - WorkstationName: event_data.WorkstationName -======= EventID: event_id AccessMask: event_data.AccessMask AccountName: event_data.AccountName @@ -185,4 +116,3 @@ fieldmappings: TicketOptions: event_data.TicketOptions User: event_data.User WorkstationName: event_data.WorkstationName ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 2f74612a..52dfd658 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -47,75 +47,6 @@ defaultindex: winlogbeat-* # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' # Keep EventID! Clean up the list afterwards! fieldmappings: -<<<<<<< HEAD - EventID: winlog.event_id - AccessMask: winlog.event_data.AccessMask - AccountName: winlog.event_data.AccountName - AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo - AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName - AuditPolicyChanges: winlog.event_data.AuditPolicyChanges - AuthenticationPackageName: winlog.event_data.AuthenticationPackageName - CallingProcessName: winlog.event_data.CallingProcessName - CallTrace: winlog.event_data.CallTrace - CommandLine: winlog.event_data.CommandLine - ComputerName: winlog.ComputerName - CurrentDirectory: winlog.event_data.CurrentDirectory - Description: winlog.event_data.Description - DestinationHostname: winlog.event_data.DestinationHostname - DestinationIp: winlog.event_data.DestinationIp - DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 - DestinationPort: winlog.event_data.DestinationPort - Details: winlog.event_data.Details - EngineVersion: winlog.event_data.EngineVersion - EventType: winlog.event_data.EventType - FailureCode: winlog.event_data.FailureCode - FileName: winlog.event_data.FileName - GrantedAccess: winlog.event_data.GrantedAccess - GroupName: winlog.event_data.GroupName - GroupSid: winlog.event_data.GroupSid - Hashes: winlog.event_data.Hashes - HiveName: winlog.event_data.HiveName - HostVersion: winlog.event_data.HostVersion - Image: winlog.event_data.Image - ImageLoaded: winlog.event_data.ImageLoaded - ImagePath: winlog.event_data.ImagePath - Imphash: winlog.event_data.Imphash - IpAddress: winlog.event_data.IpAddress - KeyLength: winlog.event_data.KeyLength - LogonProcessName: winlog.event_data.LogonProcessName - LogonType: winlog.event_data.LogonType - NewProcessName: winlog.event_data.NewProcessName - ObjectClass: winlog.event_data.ObjectClass - ObjectName: winlog.event_data.ObjectName - ObjectType: winlog.event_data.ObjectType - ObjectValueName: winlog.event_data.ObjectValueName - ParentCommandLine: winlog.event_data.ParentCommandLine - ParentProcessName: winlog.event_data.ParentProcessName - ParentImage: winlog.event_data.ParentImage - Path: winlog.event_data.Path - PipeName: winlog.event_data.PipeName - ProcessCommandLine: winlog.event_data.ProcessCommandLine - ProcessName: winlog.event_data.ProcessName - Properties: winlog.event_data.Properties - SecurityID: winlog.event_data.SecurityID - ServiceFileName: winlog.event_data.ServiceFileName - ServiceName: winlog.event_data.ServiceName - ShareName: winlog.event_data.ShareName - Signature: winlog.event_data.Signature - Source: winlog.event_data.Source - SourceImage: winlog.event_data.SourceImage - StartModule: winlog.event_data.StartModule - Status: winlog.event_data.Status - SubjectUserName: winlog.event_data.SubjectUserName - SubjectUserSid: winlog.event_data.SubjectUserSid - TargetFilename: winlog.event_data.TargetFilename - TargetImage: winlog.event_data.TargetImage - TargetObject: winlog.event_data.TargetObject - TicketEncryptionType: winlog.event_data.TicketEncryptionType - TicketOptions: winlog.event_data.TicketOptions - User: winlog.event_data.User - WorkstationName: winlog.event_data.WorkstationName -======= EventID: winlog.event_id AccessMask: winlog.event_data.AccessMask AccountName: winlog.event_data.AccountName @@ -185,4 +116,3 @@ fieldmappings: TicketOptions: winlog.event_data.TicketOptions User: winlog.event_data.User WorkstationName: winlog.event_data.WorkstationName ->>>>>>> 9e86170d7937bf37694a5763e82ca6635735129c From 1025930e041b5ce1310f0b73bef5bbd50912bd05 Mon Sep 17 00:00:00 2001 From: vunx2 Date: Thu, 19 Mar 2020 11:05:52 +0700 Subject: [PATCH 138/714] merge --- README.md | 348 +++++++++++++++++++++++++ tools/config/carbonblack.yml | 36 --- tools/requirements.txt | 4 +- tools/sigma/backends/my_carbonblack.py | 221 ---------------- 4 files changed, 350 insertions(+), 259 deletions(-) create mode 100644 README.md delete mode 100644 tools/config/carbonblack.yml delete mode 100644 tools/sigma/backends/my_carbonblack.py diff --git a/README.md b/README.md new file mode 100644 index 00000000..6d01612b --- /dev/null +++ b/README.md @@ -0,0 +1,348 @@ +[![Build Status](https://travis-ci.org/Neo23x0/sigma.svg?branch=master)](https://travis-ci.org/Neo23x0/sigma) + +![sigma_logo](./images/Sigma_0.3.png) + +# Sigma + +Generic Signature Format for SIEM Systems + +# What is Sigma + +Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. + +Sigma is for log files what [Snort](https://www.snort.org/) is for network traffic and [YARA](https://github.com/VirusTotal/yara) is for files. + +This repository contains: + +1. Sigma rule specification in the [Wiki](https://github.com/Neo23x0/sigma/wiki/Specification) +2. Open repository for sigma signatures in the `./rules` subfolder +3. A converter named `sigmac` located in the `./tools/` sub folder that generates search queries for different SIEM systems from Sigma rules + +![sigma_description](./images/Sigma-description.png) + +## Hack.lu 2017 Talk + +[![Sigma - Generic Signatures for Log Events](https://preview.ibb.co/cMCigR/Screen_Shot_2017_10_18_at_15_47_15.png)](https://www.youtube.com/watch?v=OheVuE9Ifhs "Sigma - Generic Signatures for Log Events") + +## SANS Webcast on MITRE ATT&CK and Sigma + +The SANS webcast on Sigma contains a very good 20 min introduction to the project by John Hubbart from minute 39 onward. (SANS account required; registration is free) + +[MITRE ATT&CK and Sigma Alerting Webcast Recording](https://www.sans.org/webcasts/mitre-att-ck-sigma-alerting-110010 "MITRE ATT&CK and Sigma Alerting") + +# Use Cases + +* Describe your detection method in Sigma to make it sharable +* Write your SIEM searches in Sigma to avoid a vendor lock-in +* Share the signature in the appendix of your analysis along with IOCs and YARA rules +* Share the signature in threat intel communities - e.g. via MISP +* Provide Sigma signatures for malicious behaviour in your own application + +# Why Sigma + +Today, everyone collects log data for analysis. People start working on their own, processing numerous white papers, blog posts and log analysis guidelines, extracting the necessary information and build their own searches and dashboard. Some of their searches and correlations are great and very useful but they lack a standardized format in which they can share their work with others. + +Others provide excellent analyses, include IOCs and YARA rules to detect the malicious files and network connections, but have no way to describe a specific or generic detection method in log events. Sigma is meant to be an open standard in which such detection mechanisms can be defined, shared and collected in order to improve the detection capabilities for everyone. + +## Slides + +See the first slide deck that I prepared for a private conference in mid January 2017. + +[Sigma - Make Security Monitoring Great Again](https://www.slideshare.net/secret/gvgxeXoKblXRcA) + +# Specification + +The specifications can be found in the [Wiki](https://github.com/Neo23x0/sigma/wiki/Specification). + +The current specification is a proposal. Feedback is requested. + +# Getting Started + +## Rule Creation + +Florian wrote a short [rule creation tutorial](https://www.nextron-systems.com/2018/02/10/write-sigma-rules/) that can help you getting started. + +## Rule Usage + +1. Download or clone the respository +2. Check the `./rules` sub directory for an overview on the rule base +3. Run `python sigmac --help` in folder `./tools` to get a help on the rule converter +4. Convert a rule of your choice with `sigmac` like `./sigmac -t splunk -c tools/config/generic/sysmon.yml ./rules/windows/process_creation/win_susp_whoami.yml` +5. Convert a whole rule directory with `python sigmac -t splunk -r ../rules/proxy/` +6. Check the `./tools/config` folder and the [wiki](https://github.com/Neo23x0/sigma/wiki/Converter-Tool-Sigmac) if you need custom field or log source mappings in your environment + +# Examples + +Windows 'Security' Eventlog: Access to LSASS Process with Certain Access Mask / Object Type (experimental) +![sigma_rule example2](./images/Sigma_rule_example2.png) + +Sysmon: Remote Thread Creation in LSASS Process +![sigma_rule example1](./images/Sigma_rule_example1.png) + +Web Server Access Logs: Web Shell Detection +![sigma_rule example3](./images/Sigma_rule_example3.png) + +Sysmon: Web Shell Detection +![sigma_rule example4](./images/Sigma_rule_example4.png) + +Windows 'Security' Eventlog: Suspicious Number of Failed Logons from a Single Source Workstation +![sigma_rule example5](./images/Sigma_rule_example5.png) + +# Sigma Tools + +## Sigmac + +Sigmac converts sigma rules into queries or inputs of the supported targets listed below. It acts as a frontend to the +Sigma library that may be used to integrate Sigma support in other projects. Further, there's `merge_sigma.py` which +merges multiple YAML documents of a Sigma rule collection into simple Sigma rules. + +### Usage + +``` +usage: sigmac [-h] [--recurse] [--filter FILTER] + [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}] + [--target-list] [--config CONFIG] [--output OUTPUT] + [--backend-option BACKEND_OPTION] [--defer-abort] + [--ignore-backend-errors] [--verbose] [--debug] + [inputs [inputs ...]] + +Convert Sigma rules into SIEM signatures. + +positional arguments: + inputs Sigma input files ('-' for stdin) + +optional arguments: + -h, --help show this help message and exit + --recurse, -r Use directory as input (recurse into subdirectories is + not implemented yet) + --filter FILTER, -f FILTER + Define comma-separated filters that must match (AND- + linked) to rule to be processed. Valid filters: + level<=x, level>=x, level=x, status=y, logsource=z, + tag=t. x is one of: low, medium, high, critical. y is + one of: experimental, testing, stable. z is a word + appearing in an arbitrary log source attribute. t is a + tag that must appear in the rules tag list, case- + insensitive matching. Multiple log source + specifications are AND linked. + --target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp}, -t {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,wdatp} + Output target format + --target-list, -l List available output target formats + --config CONFIG, -c CONFIG + Configurations with field name and index mapping for + target environment. Multiple configurations are merged + into one. Last config is authorative in case of + conflicts. + --output OUTPUT, -o OUTPUT + Output file or filename prefix if multiple files are + generated + --backend-option BACKEND_OPTION, -O BACKEND_OPTION + Options and switches that are passed to the backend + --defer-abort, -d Don't abort on parse or conversion errors, proceed + with next rule. The exit code from the last error is + returned + --ignore-backend-errors, -I + Only return error codes for parse errors and ignore + errors for rules that cause backend errors. Useful, + when you want to get as much queries as possible. + --verbose, -v Be verbose + --debug, -D Debugging output +``` + +### Examples + +#### Single Rule Translation +Translate a single rule +``` +tools/sigmac -t splunk -c splunk-windows rules/windows/sysmon/sysmon_susp_image_load.yml +``` +#### Rule Set Translation +Translate a whole rule directory and ignore backend errors (`-I`) in rule conversion for the selected backend (`-t splunk`) +``` +tools/sigmac -I -t splunk -c splunk-windows -r rules/windows/sysmon/ +``` +#### Translate Only Rules of Level High or Critical +Translate a whole rule directory and ignore backend errors (`-I`) in rule conversion for the selected backend (`-t splunk`) and select only rules of level `high` and `critical` +``` +tools/sigmac -I -t splunk -c splunk-windows -f 'level>=high' -r rules/windows/sysmon/ +``` +#### Rule Set Translation with Custom Config +Apply your own config file (`-c ~/my-elk-winlogbeat.yml`) during conversion, which can contain you custom field and source mappings +``` +tools/sigmac -t es-qs -c ~/my-elk-winlogbeat.yml -r rules/windows/sysmon +``` +#### Generic Rule Set Translation +Use a config file for `process_creation` rules (`-r rules/windows/process_creation`) that instructs sigmac to create queries for a Sysmon log source (`-c tools/config/generic/sysmon.yml`) and the ElasticSearch target backend (`-t es-qs`) +``` +tools/sigmac -t es-qs -c tools/config/generic/sysmon.yml -r rules/windows/process_creation +``` +#### Generic Rule Set Translation with Custom Config +Use a config file for a single `process_creation` rule (`./rules/windows/process_creation/win_susp_outlook.yml`) that instructs sigmac to create queries for process creation events generated in the Windows Security Eventlog (`-c tools/config/generic/windows-audit.yml`) and a Splunk target backend (`-t splunk`) +``` +tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/windows-audit.yml ./rules/windows/process_creation/win_susp_outlook.yml +``` +(See @blubbfiction's [blog post](https://patzke.org/a-guide-to-generic-log-sources-in-sigma.html) for more information) + +### Supported Targets + +* [Splunk](https://www.splunk.com/) (plainqueries and dashboards) +* [ElasticSearch Query Strings](https://www.elastic.co/) +* [ElasticSearch Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html) +* [Kibana](https://www.elastic.co/de/products/kibana) +* [Elastic X-Pack Watcher](https://www.elastic.co/guide/en/x-pack/current/xpack-alerting.html) +* [Logpoint](https://www.logpoint.com) +* [Windows Defender Advanced Threat Protection (WDATP)](https://www.microsoft.com/en-us/windowsforbusiness/windows-atp) +* [Azure Sentinel / Azure Log Analytics](https://azure.microsoft.com/en-us/services/azure-sentinel/) +* [Sumologic](https://www.sumologic.com/) +* [ArcSight](https://software.microfocus.com/en-us/products/siem-security-information-event-management/overview) +* [QRadar](https://www.ibm.com/de-de/marketplace/ibm-qradar-siem) +* [Qualys](https://www.qualys.com/apps/threat-protection/) +* [RSA NetWitness](https://www.rsa.com/en-us/products/threat-detection-response) +* [PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/getting-started/getting-started-with-windows-powershell?view=powershell-6) +* [Grep](https://www.gnu.org/software/grep/manual/grep.html) with Perl-compatible regular expression support +* [LimaCharlie](https://limacharlie.io) + +Current work-in-progress +* [Splunk Data Models](https://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Aboutdatamodels) + +New targets are continuously developed. You can get a list of supported targets with `sigmac --target-list` or `sigmac -l`. + +### Requirements + +The usage of Sigmac (the Sigma Rule Converter) or the underlying library requires Python >= 3.5 and PyYAML. + +### Installation + +It's available on PyPI. Install with: + +```bash +pip3 install sigmatools +``` + +Alternatively, if used from the Sigma Github repository, the Python dependencies can be installed with: + +```bash +pip3 install -r tools/requirements.txt +``` + +For development (e.g. execution of integration tests with `make` and packaging), further dependencies are required and can be installed with: + +```bash +pip3 install -r tools/requirements-devel.txt +``` + +## Sigma2MISP + +Import Sigma rules to MISP events. Depends on PyMISP. + +Parameters that aren't changed frequently (`--url`, `--key`) can be put without the prefixing dashes `--` into a file +and included with `@filename` as parameter on the command line. + +Example: +*misp.conf*: +``` +url https://host +key foobarfoobarfoobarfoobarfoobarfoobarfoo +``` + +Load Sigma rule into MISP event 1234: +``` +sigma2misp @misp.conf --event 1234 sigma_rule.py +``` + +Load Sigma rules in directory sigma_rules/ into one newly created MISP event with info set to *Test Event*: +``` +sigma2misp @misp.conf --same-event --info "Test Event" -r sigma_rules/ +``` + +## Evt2Sigma + +[Evt2Sigma](https://github.com/Neo23x0/evt2sigma) helps you with the rule creation. It generates a Sigma rule from a log entry. + +## Sigma2attack + +Generates a [MITRE ATT&CK Navigator](https://github.com/mitre/attack-navigator/) heatmap from a directory containing sigma rules. + +Requirements: +- Sigma rules tagged with a `attack.tXXXX` tag (e.g.: `attack.t1086`) + +Usage samples: + +``` +# Use the default "rules" folder +./tools/sigma2attack + +# ... or specify your own +./tools/sigma2attack --rules-directory ~/hunting/rules +``` + +Result once imported in the MITRE ATT&CK Navigator ([online version](https://mitre-attack.github.io/attack-navigator/enterprise/)): + +![Sigma2attack result](./images/sigma2attack.png) + +## Contributed Scripts + +The directory `contrib` contains scripts that were contributed by the community: + +* `sigma2elastalert.py`i by David Routin: A script that converts Sigma rules to Elastalert configurations. This tool + uses *sigmac* and expects it in its path. + +These tools are not part of the main toolchain and maintained separately by their authors. + +# Next Steps + +* Integration of MITRE ATT&CK framework identifier to the rule set +* Integration into Threat Intel Exchanges +* Attempts to convince others to use the rule format in their reports, threat feeds, blog posts, threat sharing platforms + +# Projects or Products that use Sigma + +* [MISP](http://www.misp-project.org/2017/03/26/MISP.2.4.70.released.html) (since version 2.4.70, March 2017) +* [SOC Prime - Sigma Rule Editor](https://tdm.socprime.com/sigma/) +* [uncoder.io](https://uncoder.io/) - Online Translator for SIEM Searches +* [THOR](https://www.nextron-systems.com/2018/06/28/spark-applies-sigma-rules-in-eventlog-scan/) - Scan with Sigma rules on endpoints +* [Joe Sandbox](https://www.joesecurity.org/) +* [ypsilon](https://github.com/P4T12ICK/ypsilon) - Automated Use Case Testing +* [RANK VASA](https://globenewswire.com/news-release/2019/03/04/1745907/0/en/RANK-Software-to-Help-MSSPs-Scale-Cybersecurity-Offerings.html) +* [TA-Sigma-Searches](https://github.com/dstaulcu/TA-Sigma-Searches) (Splunk App) +* [TimeSketch](https://github.com/google/timesketch/commit/0c6c4b65a6c0f2051d074e87bbb2da2424fa6c35) + +# Contribution + +If you want to contribute, you are more then welcome. There are numerous ways to help this project. + +## Use it and provide feedback + +If you use it, let us know what works and what does not work. + +E.g. +- Tell us about false positives (issues section) +- Try to provide an improved rule (new filter) via [pull request](https://help.github.com/en/articles/editing-files-in-another-users-repository) on that rule + +## Work on open issues + +The github issue tracker is a good place to start tackling some issues others raised to the project. It could be as easy as a review of the documentation. + +## Provide Backends / Backend Features / Bugfixes + +Various requests for sigmac (sigma converter) backends exist. Some backends are very limited and need features. We are working on a documentation on how to write new backends but our time for this project is currently mostly spent for issue resolutions. + +## Spread the word + +Last but not least, the more people use Sigma, the better, so help promote it by sharing it via social media. If you are using it, consider giving a talk about your journey and tell us about it. + +# Licenses + +The content of this repository is released under the following licenses: + +* The toolchain (everything under `tools/`) is licensed under the [GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl-3.0.en.html). +* The [Sigma specification](https://github.com/Neo23x0/sigma/wiki) is public domain. +* Everything else, especially the rules contained in the `rules/` directory is released under the [GNU General Public License](https://www.gnu.org/licenses/gpl-3.0.en.html). + +# Credits + +This is a private project mainly developed by Florian Roth and Thomas Patzke with feedback from many fellow analysts and friends. Rules are our own or have been drived from blog posts, tweets or other public sources that are referenced in the rules. + +# Info Graphic + +![sigmac_info_graphic](./images/sigma_infographic_lq.png) diff --git a/tools/config/carbonblack.yml b/tools/config/carbonblack.yml deleted file mode 100644 index e9f808ec..00000000 --- a/tools/config/carbonblack.yml +++ /dev/null @@ -1,36 +0,0 @@ -title: Splunk Windows log source conditions -order: 20 -backends: - - splunk - - carbonblack - - sumologic - -fieldmappings: - Image: path - CurrentDirectory: path - SourceIp: ipaddr - ImageLoaded: modload - CommandLine: cmdline - ProcessCommandLine: cmdline - DestinationIp: ipaddr - DestinationAddress: ipaddr - DestinationPort: ipport - DestPort: ipport - TargetObject: regmod - TargetFilename: filemod - TargetFileName: filemod - Targetfilename: filemod - ParentImage: parent_name - SourceImage: parent_name - TargetImage: childproc_name - NewProcessName: childproc_name - Description: file_desc - Product: product_name - Signature: digsig_publisher - CallTrace: modload - DestinationHostname: domain - User: username - StartModule: modload - Company: company_name - Description: file_desc - FileVersion: file_version \ No newline at end of file diff --git a/tools/requirements.txt b/tools/requirements.txt index 8aa01bcd..0a688a47 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,3 +1,3 @@ PyYAML>=3.11 -requests>=2 -urllib3>=1 \ No newline at end of file +# requests>=2 +# urllib3>=1 \ No newline at end of file diff --git a/tools/sigma/backends/my_carbonblack.py b/tools/sigma/backends/my_carbonblack.py deleted file mode 100644 index 72627792..00000000 --- a/tools/sigma/backends/my_carbonblack.py +++ /dev/null @@ -1,221 +0,0 @@ -import re -# from netaddr import * -import sigma -from .base import SingleTextQueryBackend -from .mixins import MultiRuleOutputMixin -from sigma.parser.modifiers.base import SigmaTypeModifier -import requests -# import argparse -import urllib3 -import json -from .. eventdict import event -urllib3.disable_warnings() -import os, ssl -if (not os.environ.get('PYTHONHTTPSVERIFY', '') and - getattr(ssl, '_create_unverified_context', None)): - ssl._create_default_https_context = ssl._create_unverified_context -ssl._create_default_https_context = ssl._create_unverified_context -# parser = argparse.ArgumentParser() -# parser.add_argument("--eshost", help="Elasticsearch host", type=str, required=True) -# parser.add_argument("--esport", help="Elasticsearch port", type=str, required=True) -# parser.add_argument("--ruledir", help="sigma rule directory path to convert", type=str, required=True) -# parser.add_argument("--index", help="Elasticsearch index name egs: \"winlogbeat-*\"", type=str, required=True) -# parser.add_argument("--email", help="email address to send mail alert", type=str, required=True) -# parser.add_argument("--outdir", help="output directory to create elastalert rules", type=str, required=True) -# parser.add_argument("--sigmac", help="Sigmac location", default="../tools/sigmac", type=str) -# parser.add_argument("--realerttime", help="Realert time (optional value, default 5 minutes)", type=str, default=5) -# parser.add_argument("--debug", help="Show debug output", type=bool, default=False) -# args = parser.parse_args() -class CarbonBlackBackend(SingleTextQueryBackend): - """Converts Sigma rule into Carbon Black Query Language (SPL).""" - identifier = "my_carbonblack" - active = True - index_field = "index" - - # \ -> \\ - # \* -> \* - # \\* -> \\* - reEscape = re.compile('("|(? Date: Thu, 19 Mar 2020 11:07:39 +0700 Subject: [PATCH 139/714] merge --- .vscode/launch.json | 17 ----------------- tools/requirements.txt | 4 ++-- 2 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json deleted file mode 100644 index 9ac8e307..00000000 --- a/.vscode/launch.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - // Use IntelliSense to learn about possible attributes. - // Hover to view descriptions of existing attributes. - // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 - "version": "0.2.0", - "configurations": [ - { - "name": "Python: Current File", - "type": "python", - "request": "launch", - "program": "/media/lep/Common/FIS/CBR/sigma/tools/sigmac", - "console": "integratedTerminal", - "args": ["-t", "carbonblack", "/media/lep/Common/FIS/sigmaRules/Deploy2/sysmon_powershell_network_connection.yml", "-c", "carbonblack"] - // "args": ["-t", "sumologic", "/home/gsanm/Downloads/demo/sigma/rules/windows/sysmon/sysmon_cactustorch.yml", "-c", "carbonblack"] - } - ] -} diff --git a/tools/requirements.txt b/tools/requirements.txt index 0a688a47..8aa01bcd 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,3 +1,3 @@ PyYAML>=3.11 -# requests>=2 -# urllib3>=1 \ No newline at end of file +requests>=2 +urllib3>=1 \ No newline at end of file From c5bdd18d8d4ea69c6f4e7c50b027b858c5de621d Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Thu, 19 Mar 2020 19:40:18 +0100 Subject: [PATCH 140/714] Add Winlogbeat's RuleName field to mapping When Sysmon logs a "RegistryEvent" event of ID 13, the event might contain a field named "RuleName" as shown in the following excerpt. ```xml 13 2 4 13 0 0x8000000000000000 160631 Microsoft-Windows-Sysmon/Operational win10.sec699-40.lab Context,ProtectedModeExitOrMacrosUsed SetValue 2020-03-18 03:52:07.129 {36aa6401-9acb-5e71-0000-0010e3ed6803} 5064 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE HKU\S-1-5-21-1850752718-2055233276-2633568556-1126\Software\Microsoft\Office\16.0\Word\Security\Trusted Documents\TrustRecords\%USERPROFILE%/Documents/sec699.docm Binary Data ``` When used in combination with Elastic's Winlogbeat, the resulting field is named `winlog.event_data.RuleName`. This commit introduces a mapping between the Sigma `RuleName` field (pre-existing in the `arcsight.yml` config) and Elastic's `winlog.event_data.RuleName`. The presence of this field could be leveraged to build Sigma rules detecting events such as the above where a malicious macro was executed. --- tools/config/winlogbeat-modules-enabled.yml | 1 + tools/config/winlogbeat.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 7780562b..d40b8ebd 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -101,6 +101,7 @@ fieldmappings: ProcessCommandLine: winlog.event_data.ProcessCommandLine ProcessName: process.executable Properties: winlog.event_data.Properties + RuleName: winlog.event_data.RuleName SecurityID: winlog.event_data.SecurityID ServiceFileName: winlog.event_data.ServiceFileName ServiceName: winlog.event_data.ServiceName diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 52dfd658..782fd8f8 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -98,6 +98,7 @@ fieldmappings: ProcessCommandLine: winlog.event_data.ProcessCommandLine ProcessName: winlog.event_data.ProcessName Properties: winlog.event_data.Properties + RuleName: winlog.event_data.RuleName SecurityID: winlog.event_data.SecurityID ServiceFileName: winlog.event_data.ServiceFileName ServiceName: winlog.event_data.ServiceName From dce18b23b7ddae90c3c502b90453215e5a2f02b0 Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Thu, 19 Mar 2020 21:36:14 +0100 Subject: [PATCH 141/714] Add "Suspicious desktop.ini Action" rule --- .../sysmon/sysmon_susp_desktop_ini.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_susp_desktop_ini.yml diff --git a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml new file mode 100644 index 00000000..664afbf5 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml @@ -0,0 +1,27 @@ +title: Suspicious desktop.ini Action +id: 81315b50-6b60-4d8f-9928-3466e1022515 +status: experimental +description: Detects unusual processes accessing desktop.ini, which can be leveraged to alter how Explorer displays a folder's content (i.e. renaming files) without changing them on disk. +references: + - https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ +author: Maxime Thiebaut (@0xThiebaut) +date: 2020/03/19 +tags: + - attack.persistence + - attack.t1023 +logsource: + product: windows + service: sysmon +detection: + filter: + Image: + - 'C:\Windows\explorer.exe' + - 'C:\Windows\System32\msiexec.exe' + - 'C:\Windows\System32\mmc.exe' + selection: + EventID: 11 + TargetFilename|endswith: '\desktop.ini' + condition: selection and not filter +falsepositives: + - Operations performed through Windows SCCM or equivalent +level: medium \ No newline at end of file From b129f09feeceac67a97a9bc90eb86c4ec0b5e2af Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 21:48:19 +0100 Subject: [PATCH 142/714] Improvement detection on downgrade of powershell --- .../powershell_downgrade_attack.yml | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index b136b156..f8834a1d 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -10,17 +10,44 @@ tags: - attack.t1086 author: Florian Roth (rule), Lee Holmes (idea) date: 2017/03/22 +falsepositives: + - Penetration Test + - Unknown +level: medium +--- logsource: product: windows service: powershell-classic detection: selection: EventID: 400 - EngineVersion: '2.*' + EngineVersion: "2.*" filter: - HostVersion: '2.*' + HostVersion: "2.*" condition: selection and not filter -falsepositives: - - Penetration Test - - Unknown -level: medium +--- +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + CommandLine: + - "*-v* 2" + - "*-V* 2" + filter: + Image|endswith: '\powershell.exe' + condition: selection and filter +--- +logsource: + product: windows + service: security +detection: + selection: + EventID: 4688 + CommandLine: + - "*-v* 2" + - "*-V* 2" + filter: + Image|endswith: '\powershell.exe' + condition: selection and filter From 74b81120e4e076f644f29cfd93269e3fc511bad8 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 22:03:48 +0100 Subject: [PATCH 143/714] Usage of value modifiers... --- .../powershell/powershell_downgrade_attack.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index f8834a1d..69686b63 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -21,9 +21,9 @@ logsource: detection: selection: EventID: 400 - EngineVersion: "2.*" + EngineVersion|beginswith: '2.' filter: - HostVersion: "2.*" + HostVersion|beginswith: '2.' condition: selection and not filter --- logsource: @@ -33,11 +33,10 @@ detection: selection: EventID: 1 CommandLine: - - "*-v* 2" - - "*-V* 2" - filter: + - '*-v* 2' + - '*-V* 2' Image|endswith: '\powershell.exe' - condition: selection and filter + condition: selection --- logsource: product: windows @@ -46,8 +45,7 @@ detection: selection: EventID: 4688 CommandLine: - - "*-v* 2" - - "*-V* 2" - filter: + - '*-v* 2' + - '*-V* 2' Image|endswith: '\powershell.exe' - condition: selection and filter + condition: selection From 293018a9e7ab1d244a47ed782f0c7a76f5af11a1 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 22:33:14 +0100 Subject: [PATCH 144/714] Added conditions... --- rules/windows/powershell/powershell_downgrade_attack.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index 69686b63..d70ea053 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -10,6 +10,8 @@ tags: - attack.t1086 author: Florian Roth (rule), Lee Holmes (idea) date: 2017/03/22 +detection: + condition: 1 of them falsepositives: - Penetration Test - Unknown @@ -21,9 +23,9 @@ logsource: detection: selection: EventID: 400 - EngineVersion|beginswith: '2.' + EngineVersion|startswith: '2.' filter: - HostVersion|beginswith: '2.' + HostVersion|startswith: '2.' condition: selection and not filter --- logsource: From 1f251cec07bcaa98e5443eea5bedf62f088ad3b4 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 22:46:19 +0100 Subject: [PATCH 145/714] Added missing action field --- rules/windows/powershell/powershell_downgrade_attack.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index d70ea053..c10ed157 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -1,3 +1,4 @@ +action: global title: PowerShell Downgrade Attack id: 6331d09b-4785-4c13-980f-f96661356249 status: experimental From 30fac9545a0082a352f111020cf86a0804818bd7 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 22:49:07 +0100 Subject: [PATCH 146/714] Fixed author field. --- rules/windows/powershell/powershell_downgrade_attack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index c10ed157..c8d57e24 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -9,7 +9,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1086 -author: Florian Roth (rule), Lee Holmes (idea) +author: Florian Roth (rule), Lee Holmes (idea), Harish Segar (improvements) date: 2017/03/22 detection: condition: 1 of them From b9a916ceb4ccae1a869a80824eff8532c79ad11d Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 22:50:26 +0100 Subject: [PATCH 147/714] Removed useless condition. --- rules/windows/powershell/powershell_downgrade_attack.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index c8d57e24..b3db9979 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -11,8 +11,6 @@ tags: - attack.t1086 author: Florian Roth (rule), Lee Holmes (idea), Harish Segar (improvements) date: 2017/03/22 -detection: - condition: 1 of them falsepositives: - Penetration Test - Unknown From 67694e4ba7cdee19faf742bf33673a82e0d4feca Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 23:29:32 +0100 Subject: [PATCH 148/714] Restructure new improvement to process_creation folder. --- .../powershell_downgrade_attack.yml | 34 +++------------- .../win_powershell_downgrade_attack.yml | 40 +++++++++++++++++++ 2 files changed, 45 insertions(+), 29 deletions(-) create mode 100644 rules/windows/process_creation/win_powershell_downgrade_attack.yml diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index b3db9979..4cc3c2b7 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -11,11 +11,7 @@ tags: - attack.t1086 author: Florian Roth (rule), Lee Holmes (idea), Harish Segar (improvements) date: 2017/03/22 -falsepositives: - - Penetration Test - - Unknown -level: medium ---- +modified: 2020/03/20 logsource: product: windows service: powershell-classic @@ -26,27 +22,7 @@ detection: filter: HostVersion|startswith: '2.' condition: selection and not filter ---- -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 1 - CommandLine: - - '*-v* 2' - - '*-V* 2' - Image|endswith: '\powershell.exe' - condition: selection ---- -logsource: - product: windows - service: security -detection: - selection: - EventID: 4688 - CommandLine: - - '*-v* 2' - - '*-V* 2' - Image|endswith: '\powershell.exe' - condition: selection +falsepositives: + - Penetration Test + - Unknown +level: medium \ No newline at end of file diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml new file mode 100644 index 00000000..228f01b1 --- /dev/null +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -0,0 +1,40 @@ +action: global +title: PowerShell Downgrade Attack +id: b3512211-c67e-4707-bedc-66efc7848863 +related: + - id: 6331d09b-4785-4c13-980f-f96661356249 + type: derived +status: experimental +description: Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0 +references: + - http://www.leeholmes.com/blog/2017/03/17/detecting-and-preventing-powershell-downgrade-attacks/ +tags: + - attack.defense_evasion + - attack.execution + - attack.t1086 +author: Harish Segar (rule) +date: 2020/03/20 +falsepositives: + - Penetration Test + - Unknown +level: medium +--- +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + CommandLine|re: '.*-[Vv][Ee][Rr][Ss][Ii][Oo][Nn] 2' + Image|endswith: '\powershell.exe' + condition: selection +--- +logsource: + product: windows + service: security +detection: + selection: + EventID: 4688 + CommandLine|re: '.*-[Vv][Ee][Rr][Ss][Ii][Oo][Nn] 2' + Image|endswith: '\powershell.exe' + condition: selection From a88b22a1bd83596c00ff0ce87321f9c676ea00a1 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Fri, 20 Mar 2020 23:34:15 +0100 Subject: [PATCH 149/714] Fix namefield. --- .../process_creation/win_powershell_downgrade_attack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index 228f01b1..814dc49b 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -36,5 +36,5 @@ detection: selection: EventID: 4688 CommandLine|re: '.*-[Vv][Ee][Rr][Ss][Ii][Oo][Nn] 2' - Image|endswith: '\powershell.exe' + NewProcessName|endswith: '\powershell.exe' condition: selection From 81b277ba1a6f4c7a8ca7ebb376630014869ef245 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Sat, 21 Mar 2020 00:26:30 +0100 Subject: [PATCH 150/714] suspicious powershell parent process... --- .../win_susp_powershell_parent_process.yml | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_powershell_parent_process.yml diff --git a/rules/windows/process_creation/win_susp_powershell_parent_process.yml b/rules/windows/process_creation/win_susp_powershell_parent_process.yml new file mode 100644 index 00000000..aa774aa1 --- /dev/null +++ b/rules/windows/process_creation/win_susp_powershell_parent_process.yml @@ -0,0 +1,64 @@ +title: Suspicious PowerShell parent process +id: 754ed792-634f-40ae-b3bc-e0448d33f695 +description: Detects a suspicious parent of csc.exe, which could by a sign of payload delivery +status: experimental +references: + - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=26 +author: Teymur Kheirkhabarov, Harish Segar (rule) +date: 2020/03/20 +tags: + - attack.defense_evasion + - attack.t1036 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + + selection_image1: + ParentImage|endswith: + - '\mshta.exe' + - '\rundll32.exe' + - '\regsvr32.exe' + - '\services.exe' + - '\winword.exe' + - '\wmiprvse.exe' + - '\powerpnt.exe' + - '\excel.exe' + - '\msaccess.exe' + - '\mspub.exe' + - '\visio.exe' + - '\outlook.exe' + - '\amigo.exe' + - '\chrome.exe' + - '\firefox.exe' + - '\iexplore.exe' + - '\microsoftedgecp.exe' + - '\microsoftedge.exe' + - '\browser.exe' + - '\vivaldi.exe' + - '\safari.exe' + - '\sqlagent.exe' + - '\sqlserver.exe' + - '\sqlservr.exe' + - '\w3wp.exe' + - '\httpd.exe' + - '\nginx.exe' + - '\php-cgi.exe' + - '\jbosssvc.exe' + - 'MicrosoftEdgeSH.exe' + selection_image2: + ParentImage|contains: 'tomcat' + + filters: + CommandLine|contains: + - 'powershell' + - 'pwsh' + Description: 'Windows PowerShell' + Product: 'PowerShell Core 6' + + condition: selection and (1 of selection_image*) and (1 of filters) +falsepositives: + - Unkown +level: high \ No newline at end of file From ba3994f319fe2f6c9e929656106ea55a8364f924 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Sat, 21 Mar 2020 12:19:01 +0100 Subject: [PATCH 151/714] Fix of '1 of x' condition --- .../win_susp_powershell_parent_process.yml | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/rules/windows/process_creation/win_susp_powershell_parent_process.yml b/rules/windows/process_creation/win_susp_powershell_parent_process.yml index aa774aa1..94e2b87d 100644 --- a/rules/windows/process_creation/win_susp_powershell_parent_process.yml +++ b/rules/windows/process_creation/win_susp_powershell_parent_process.yml @@ -1,14 +1,14 @@ title: Suspicious PowerShell parent process id: 754ed792-634f-40ae-b3bc-e0448d33f695 -description: Detects a suspicious parent of csc.exe, which could by a sign of payload delivery +description: Detects a suspicious parents of powershell.exe status: experimental references: - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse?slide=26 author: Teymur Kheirkhabarov, Harish Segar (rule) date: 2020/03/20 tags: - - attack.defense_evasion - - attack.t1036 + - attack.execution + - attack.t1086 logsource: product: windows service: sysmon @@ -47,18 +47,18 @@ detection: - '\nginx.exe' - '\php-cgi.exe' - '\jbosssvc.exe' - - 'MicrosoftEdgeSH.exe' + - "MicrosoftEdgeSH.exe" selection_image2: - ParentImage|contains: 'tomcat' + ParentImage|contains: "tomcat" filters: - CommandLine|contains: - - 'powershell' - - 'pwsh' - Description: 'Windows PowerShell' - Product: 'PowerShell Core 6' + - CommandLine|contains: + - "powershell" + - "pwsh" + - Description: "Windows PowerShell" + - Product: "PowerShell Core 6" condition: selection and (1 of selection_image*) and (1 of filters) falsepositives: - - Unkown -level: high \ No newline at end of file + - Other scripts +level: medium From 78bfa950d7938e2e4507362f935dd3ffb5c63933 Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:47:10 +0100 Subject: [PATCH 152/714] Add WinPrvSE.exe to detection --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index dd91364c..69fa4c76 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -29,6 +29,7 @@ detection: filter: Image|endswith: - '\WmiPrvSe.exe' + - '\WmiPrvSE.exe' - '\WmiAPsrv.exe' - '\svchost.exe' condition: selection and not filter From bc442d3021b832fb9af30cbc3ff4f5d092e0d53a Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:48:24 +0100 Subject: [PATCH 153/714] Add path with lowercase system32 --- rules/windows/process_creation/win_system_exe_anomaly.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_system_exe_anomaly.yml b/rules/windows/process_creation/win_system_exe_anomaly.yml index 4cebbe25..da242270 100644 --- a/rules/windows/process_creation/win_system_exe_anomaly.yml +++ b/rules/windows/process_creation/win_system_exe_anomaly.yml @@ -29,10 +29,11 @@ detection: - '*\lsm.exe' - '*\winlogon.exe' - '*\explorer.exe' - - '*\taskhost.exe' + - '*\taskhost.exe' filter: Image: - 'C:\Windows\System32\\*' + - 'C:\Windows\system32\\*' - 'C:\Windows\SysWow64\\*' - 'C:\Windows\SysWOW64\\*' - 'C:\Windows\explorer.exe' From 3c74d8b87de462fa07b63cd5c98062f249e822ae Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:49:24 +0100 Subject: [PATCH 154/714] Add correct Source to detection to avoid FP --- rules/windows/builtin/win_susp_dhcp_config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_susp_dhcp_config.yml b/rules/windows/builtin/win_susp_dhcp_config.yml index 564801d1..a7090b8d 100644 --- a/rules/windows/builtin/win_susp_dhcp_config.yml +++ b/rules/windows/builtin/win_susp_dhcp_config.yml @@ -17,6 +17,7 @@ logsource: detection: selection: EventID: 1033 + Source: Microsoft-Windows-DHCP-Server condition: selection falsepositives: - Unknown From 98a633e54c0f6a7482011d05ee86b5dc37a5843e Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:53:41 +0100 Subject: [PATCH 155/714] Add missing status and falsepositives --- rules/windows/process_creation/win_etw_trace_evasion.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rules/windows/process_creation/win_etw_trace_evasion.yml b/rules/windows/process_creation/win_etw_trace_evasion.yml index a3f07bec..1a04a8dd 100644 --- a/rules/windows/process_creation/win_etw_trace_evasion.yml +++ b/rules/windows/process_creation/win_etw_trace_evasion.yml @@ -1,6 +1,7 @@ title: Disable of ETW Trace id: a238b5d0-ce2d-4414-a676-7a531b3d13d6 description: Detects a command that clears or disables any ETW trace log which could indicate a logging evasion. +status: experimental references: - https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wevtutil - https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_mal_lockergoga.yml @@ -25,3 +26,5 @@ detection: selection_disable_2: CommandLine: '* set-log* /e:false*' condition: selection_clear_1 or selection_clear_2 or selection_disable_1 or selection_disable_2 +falsepositives: + - Unknown From c784adb10b4e4325f201211ae80b30e3a791aef5 Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:55:41 +0100 Subject: [PATCH 156/714] Wrong indentation falsepositives --- rules/windows/process_creation/win_powershell_amsi_bypass.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_powershell_amsi_bypass.yml b/rules/windows/process_creation/win_powershell_amsi_bypass.yml index 708f50ec..0211555b 100644 --- a/rules/windows/process_creation/win_powershell_amsi_bypass.yml +++ b/rules/windows/process_creation/win_powershell_amsi_bypass.yml @@ -22,6 +22,6 @@ detection: CommandLine: - '*amsiInitFailed*' condition: selection1 and selection2 - falsepositives: - - Potential Admin Activity +falsepositives: + - Potential Admin Activity level: high From 1d86e0b4a5ad675f7fc28f0ca6d34f1af2b5418d Mon Sep 17 00:00:00 2001 From: j91321 Date: Tue, 24 Mar 2020 19:59:54 +0100 Subject: [PATCH 157/714] Change falsepositives to array --- rules/windows/process_creation/win_sysmon_driver_unload.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_sysmon_driver_unload.yml b/rules/windows/process_creation/win_sysmon_driver_unload.yml index 8989f412..c2c429b7 100644 --- a/rules/windows/process_creation/win_sysmon_driver_unload.yml +++ b/rules/windows/process_creation/win_sysmon_driver_unload.yml @@ -17,7 +17,8 @@ detection: - 'unload' - 'sys' condition: selection -falsepositives: Unknown +falsepositives: + - Unknown level: high fields: - CommandLine From 004eaf0615abef191a9a4b939f39cc5182bafe70 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 24 Mar 2020 23:36:12 +0100 Subject: [PATCH 158/714] Revert "do not escape `u`" This reverts commit aa112cbd44b2ffa2245486dc9b941cdb031d6876. This was a fix for a previous bug. --- tools/sigma/backends/elasticsearch.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 6cb6d2a0..5919528b 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -185,7 +185,7 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single identifier = "es-qs" active = True - reEscape = re.compile("([\s+\\-=!(){}\\[\\]^\"~:/]|(? Date: Wed, 25 Mar 2020 14:02:39 +0100 Subject: [PATCH 159/714] rule: extended web shell spawn rule --- rules/windows/process_creation/win_webshell_spawn.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_webshell_spawn.yml b/rules/windows/process_creation/win_webshell_spawn.yml index a6a147ee..0f119262 100644 --- a/rules/windows/process_creation/win_webshell_spawn.yml +++ b/rules/windows/process_creation/win_webshell_spawn.yml @@ -4,7 +4,7 @@ status: experimental description: Web servers that spawn shell processes could be the result of a successfully placed web shell or an other attack author: Thomas Patzke date: 2019/01/16 -modified: 2020/03/03 +modified: 2020/03/25 logsource: category: process_creation product: windows @@ -21,6 +21,7 @@ detection: - '*\sh.exe' - '*\bash.exe' - '*\powershell.exe' + - '*\bitsadmin.exe' condition: selection fields: - CommandLine From 50b0d04ee83194ac1453cbd73b6e9e8e1e2225fb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 25 Mar 2020 14:02:53 +0100 Subject: [PATCH 160/714] rule: Exploited CVE-2020-10189 Zoho ManageEngine --- .../win_exploit_cve_2020_10189.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 rules/windows/process_creation/win_exploit_cve_2020_10189.yml diff --git a/rules/windows/process_creation/win_exploit_cve_2020_10189.yml b/rules/windows/process_creation/win_exploit_cve_2020_10189.yml new file mode 100644 index 00000000..1dabd07b --- /dev/null +++ b/rules/windows/process_creation/win_exploit_cve_2020_10189.yml @@ -0,0 +1,28 @@ +title: Exploited CVE-2020-10189 Zoho ManageEngine +id: 846b866e-2a57-46ee-8e16-85fa92759be7 +status: experimental +description: Detects the exploitation of Zoho ManageEngine Desktop Central Java Deserialization vulnerability reported as CVE-2020-10189 +references: + - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-10189 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10189 + - https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=48224 +author: Florian Roth +date: 2020/03/25 +tags: + - attack.launch + - attack.t1377 +logsource: + category: process_creation + product: windows +detection: + selection: + ParentImage|endswith: 'DesktopCentral_Server\jre\bin\java.exe' + Image|endswith: + - '*\cmd.exe' + - '*\powershell.exe' + - '*\bitsadmin.exe' + condition: selection +falsepositives: + - Unknown +level: critical From 0e1ff440dbadb4372d354163e3088c5d6dbc1ec8 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 25 Mar 2020 14:04:22 +0100 Subject: [PATCH 161/714] fix: updated MITRE tags in test --- tests/test_rules.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index c8ab9d32..881dbcd7 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -238,6 +238,7 @@ class TestRules(unittest.TestCase): "t1221", "t1222", "t1223", + "t1377", "t1480", "t1482", "t1482", @@ -284,7 +285,7 @@ class TestRules(unittest.TestCase): "t1539", ] MITRE_TECHNIQUE_NAMES = ["process_injection", "signed_binary_proxy_execution", "process_injection"] # incomplete list - MITRE_TACTICS = ["initial_access", "execution", "persistence", "privilege_escalation", "defense_evasion", "credential_access", "discovery", "lateral_movement", "collection", "exfiltration", "command_and_control", "impact"] + MITRE_TACTICS = ["initial_access", "execution", "persistence", "privilege_escalation", "defense_evasion", "credential_access", "discovery", "lateral_movement", "collection", "exfiltration", "command_and_control", "impact", "launch"] MITRE_GROUPS = ["g0001", "g0002", "g0003", "g0004", "g0005", "g0006", "g0007", "g0008", "g0009", "g0010", "g0011", "g0012", "g0013", "g0014", "g0015", "g0016", "g0017", "g0018", "g0019", "g0020", "g0021", "g0022", "g0023", "g0024", "g0025", "g0026", "g0027", "g0028", "g0029", "g0030", "g0031", "g0032", "g0033", "g0034", "g0035", "g0036", "g0037", "g0038", "g0039", "g0040", "g0041", "g0042", "g0043", "g0044", "g0045", "g0046", "g0047", "g0048", "g0049", "g0050", "g0051", "g0052", "g0053", "g0054", "g0055", "g0056", "g0057", "g0058", "g0059", "g0060", "g0061", "g0062", "g0063", "g0064", "g0065", "g0066", "g0067", "g0068", "g0069", "g0070", "g0071", "g0072", "g0073", "g0074", "g0075", "g0076", "g0077", "g0078", "g0079", "g0080", "g0081", "g0082", "g0083", "g0084", "g0085", "g0086", "g0087", "g0088", "g0089", "g0090", "g0091", "g0092", "g0093", "g0094", "g0095", "g0096"] MITRE_SOFTWARE = ["s0001", "s0002", "s0003", "s0004", "s0005", "s0006", "s0007", "s0008", "s0009", "s0010", "s0011", "s0012", "s0013", "s0014", "s0015", "s0016", "s0017", "s0018", "s0019", "s0020", "s0021", "s0022", "s0023", "s0024", "s0025", "s0026", "s0027", "s0028", "s0029", "s0030", "s0031", "s0032", "s0033", "s0034", "s0035", "s0036", "s0037", "s0038", "s0039", "s0040", "s0041", "s0042", "s0043", "s0044", "s0045", "s0046", "s0047", "s0048", "s0049", "s0050", "s0051", "s0052", "s0053", "s0054", "s0055", "s0056", "s0057", "s0058", "s0059", "s0060", "s0061", "s0062", "s0063", "s0064", "s0065", "s0066", "s0067", "s0068", "s0069", "s0070", "s0071", "s0072", "s0073", "s0074", "s0075", "s0076", "s0077", "s0078", "s0079", "s0080", "s0081", "s0082", "s0083", "s0084", "s0085", "s0086", "s0087", "s0088", "s0089", "s0090", "s0091", "s0092", "s0093", "s0094", "s0095", "s0096", "s0097", "s0098", "s0099", "s0100", "s0101", "s0102", "s0103", "s0104", "s0105", "s0106", "s0107", "s0108", "s0109", "s0110", "s0111", "s0112", "s0113", "s0114", "s0115", "s0116", "s0117", "s0118", "s0119", "s0120", "s0121", "s0122", "s0123", "s0124", "s0125", "s0126", "s0127", "s0128", "s0129", "s0130", "s0131", "s0132", "s0133", "s0134", "s0135", "s0136", "s0137", "s0138", "s0139", "s0140", "s0141", "s0142", "s0143", "s0144", "s0145", "s0146", "s0147", "s0148", "s0149", "s0150", "s0151", "s0152", "s0153", "s0154", "s0155", "s0156", "s0157", "s0158", "s0159", "s0160", "s0161", "s0162", "s0163", "s0164", "s0165", "s0166", "s0167", "s0168", "s0169", "s0170", "s0171", "s0172", "s0173", "s0174", "s0175", "s0176", "s0177", "s0178", "s0179", "s0180", "s0181", "s0182", "s0183", "s0184", "s0185", "s0186", "s0187", "s0188", "s0189", "s0190", "s0191", "s0192", "s0193", "s0194", "s0195", "s0196", "s0197", "s0198", "s0199", "s0200", "s0201", "s0202", "s0203", "s0204", "s0205", "s0206", "s0207", "s0208", "s0209", "s0210", "s0211", "s0212", "s0213", "s0214", "s0215", "s0216", "s0217", "s0218", "s0219", "s0220", "s0221", "s0222", "s0223", "s0224", "s0225", "s0226", "s0227", "s0228", "s0229", "s0230", "s0231", "s0232", "s0233", "s0234", "s0235", "s0236", "s0237", "s0238", "s0239", "s0240", "s0241", "s0242", "s0243", "s0244", "s0245", "s0246", "s0247", "s0248", "s0249", "s0250", "s0251", "s0252", "s0253", "s0254", "s0255", "s0256", "s0257", "s0258", "s0259", "s0260", "s0261", "s0262", "s0263", "s0264", "s0265", "s0266", "s0267", "s0268", "s0269", "s0270", "s0271", "s0272", "s0273", "s0274", "s0275", "s0276", "s0277", "s0278", "s0279", "s0280", "s0281", "s0282", "s0283", "s0284", "s0330", "s0331", "s0332", "s0333", "s0334", "s0335", "s0336", "s0337", "s0338", "s0339", "s0340", "s0341", "s0342", "s0343", "s0344", "s0345", "s0346", "s0347", "s0348", "s0349", "s0350", "s0351", "s0352", "s0353", "s0354", "s0355", "s0356", "s0357", "s0358", "s0359", "s0360", "s0361", "s0362", "s0363", "s0364", "s0365", "s0366", "s0367", "s0368", "s0369", "s0370", "s0371", "s0372", "s0373", "s0374", "s0375", "s0376", "s0377", "s0378", "s0379", "s0380", "s0381", "s0382", "s0383", "s0384", "s0385", "s0386", "s0387", "s0388", "s0389", "s0390", "s0391", "s0393", "s0394", "s0395", "s0396", "s0397", "s0398", "s0400", "s0401", "s0402", "s0404", "s0409", "s0410", "s0412", "s0413", "s0414", "s0415", "s0416", "s0417"] MITRE_ALL = ["attack." + item for item in MITRE_TECHNIQUES + MITRE_TACTICS + MITRE_GROUPS + MITRE_SOFTWARE] From 35e43db7a7ebee58e913622b25b215ddf3b61eb3 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 25 Mar 2020 14:36:34 +0100 Subject: [PATCH 162/714] fix: converted CRLF line break to LF --- .../cisco/aaa/cisco_cli_clear_logs.yml | 62 ++++++------- .../cisco/aaa/cisco_cli_collect_data.yml | 78 ++++++++-------- .../cisco/aaa/cisco_cli_crypto_actions.yml | 66 ++++++------- .../cisco/aaa/cisco_cli_disable_logging.yml | 58 ++++++------ .../network/cisco/aaa/cisco_cli_discovery.yml | 92 +++++++++---------- rules/network/cisco/aaa/cisco_cli_dos.yml | 56 +++++------ .../cisco/aaa/cisco_cli_file_deletion.yml | 62 ++++++------- .../cisco/aaa/cisco_cli_input_capture.yml | 58 ++++++------ .../cisco/aaa/cisco_cli_local_accounts.yml | 54 +++++------ .../cisco/aaa/cisco_cli_modify_config.yml | 76 +++++++-------- .../cisco/aaa/cisco_cli_moving_data.yml | 78 ++++++++-------- .../network/cisco/aaa/cisco_cli_net_sniff.yml | 54 +++++------ rules/windows/other/win_defender_bypass.yml | 52 +++++------ .../powershell_suspicious_download.yml | 15 ++- .../win_susp_curl_start_combo.yml | 48 +++++----- .../win_task_folder_evasion.yml | 72 +++++++-------- ...mon_registry_trust_record_modification.yml | 48 +++++----- .../windows/sysmon/sysmon_renamed_jusched.yml | 52 +++++------ ...n_susp_office_dotnet_assembly_dll_load.yml | 56 +++++------ ...sysmon_susp_office_dotnet_clr_dll_load.yml | 56 +++++------ ...sysmon_susp_office_dotnet_gac_dll_load.yml | 56 +++++------ .../sysmon_susp_office_dsparse_dll_load.yml | 56 +++++------ .../sysmon_susp_office_kerberos_dll_load.yml | 56 +++++------ .../sysmon_susp_winword_vbadll_load.yml | 60 ++++++------ 24 files changed, 713 insertions(+), 708 deletions(-) diff --git a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml index 0eb81291..457744c3 100644 --- a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml +++ b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml @@ -1,31 +1,31 @@ -title: Cisco Clear Logs -id: ceb407f6-8277-439b-951f-e4210e3ed956 -status: experimental -description: Clear command history in network OS which is used for defense evasion. -references: - - https://attack.mitre.org/techniques/T1146/ - - https://attack.mitre.org/techniques/T1070/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.defense_evasion - - attack.t1146 - - attack.t1070 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - src - - CmdSet - - User - - Privilege_Level - - Remote_Address -detection: - keywords: - - 'clear logging' - - 'clear archive' - condition: keywords -falsepositives: - - Legitimate administrators may run these commands. -level: high +title: Cisco Clear Logs +id: ceb407f6-8277-439b-951f-e4210e3ed956 +status: experimental +description: Clear command history in network OS which is used for defense evasion. +references: + - https://attack.mitre.org/techniques/T1146/ + - https://attack.mitre.org/techniques/T1070/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.defense_evasion + - attack.t1146 + - attack.t1070 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - src + - CmdSet + - User + - Privilege_Level + - Remote_Address +detection: + keywords: + - 'clear logging' + - 'clear archive' + condition: keywords +falsepositives: + - Legitimate administrators may run these commands. +level: high diff --git a/rules/network/cisco/aaa/cisco_cli_collect_data.yml b/rules/network/cisco/aaa/cisco_cli_collect_data.yml index 0983875f..99a6378a 100644 --- a/rules/network/cisco/aaa/cisco_cli_collect_data.yml +++ b/rules/network/cisco/aaa/cisco_cli_collect_data.yml @@ -1,39 +1,39 @@ -title: Cisco Collect Data -id: cd072b25-a418-4f98-8ebc-5093fb38fe1a -status: experimental -description: Collect pertinent data from the configuration files -references: - - https://attack.mitre.org/techniques/T1087/ - - https://attack.mitre.org/techniques/T1003/ - - https://attack.mitre.org/techniques/T1081/ - - https://attack.mitre.org/techniques/T1005/ -author: Austin Clark -date: 2019/08/11 -tags: - - attack.discovery - - attack.credential_access - - attack.collection - - attack.t1087 - - attack.t1003 - - attack.t1081 - - attack.t1005 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - src - - CmdSet - - User - - Privilege_Level - - Remote_Address -detection: - keywords: - - 'show running-config' - - 'show startup-config' - - 'show archive config' - - 'more' - condition: keywords -falsepositives: - - Commonly run by administrators. -level: low +title: Cisco Collect Data +id: cd072b25-a418-4f98-8ebc-5093fb38fe1a +status: experimental +description: Collect pertinent data from the configuration files +references: + - https://attack.mitre.org/techniques/T1087/ + - https://attack.mitre.org/techniques/T1003/ + - https://attack.mitre.org/techniques/T1081/ + - https://attack.mitre.org/techniques/T1005/ +author: Austin Clark +date: 2019/08/11 +tags: + - attack.discovery + - attack.credential_access + - attack.collection + - attack.t1087 + - attack.t1003 + - attack.t1081 + - attack.t1005 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - src + - CmdSet + - User + - Privilege_Level + - Remote_Address +detection: + keywords: + - 'show running-config' + - 'show startup-config' + - 'show archive config' + - 'more' + condition: keywords +falsepositives: + - Commonly run by administrators. +level: low diff --git a/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml b/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml index 4cedb6de..a032c9d4 100644 --- a/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml +++ b/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml @@ -1,33 +1,33 @@ -title: Cisco Crypto Commands -id: 1f978c6a-4415-47fb-aca5-736a44d7ca3d -status: experimental -description: Show when private keys are being exported from the device, or when new certificates are installed. -references: - - https://attack.mitre.org/techniques/T1145/ - - https://attack.mitre.org/techniques/T1130/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.credential_access - - attack.defense_evasion - - attack.t1130 - - attack.t1145 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - src - - CmdSet - - User - - Privilege_Level - - Remote_Address -detection: - keywords: - - 'crypto pki export' - - 'crypto pki import' - - 'crypto pki trustpoint' - condition: keywords -falsepositives: - - Not commonly run by administrators. Also whitelist your known good certificates. -level: high +title: Cisco Crypto Commands +id: 1f978c6a-4415-47fb-aca5-736a44d7ca3d +status: experimental +description: Show when private keys are being exported from the device, or when new certificates are installed. +references: + - https://attack.mitre.org/techniques/T1145/ + - https://attack.mitre.org/techniques/T1130/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.credential_access + - attack.defense_evasion + - attack.t1130 + - attack.t1145 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - src + - CmdSet + - User + - Privilege_Level + - Remote_Address +detection: + keywords: + - 'crypto pki export' + - 'crypto pki import' + - 'crypto pki trustpoint' + condition: keywords +falsepositives: + - Not commonly run by administrators. Also whitelist your known good certificates. +level: high diff --git a/rules/network/cisco/aaa/cisco_cli_disable_logging.yml b/rules/network/cisco/aaa/cisco_cli_disable_logging.yml index d652b428..b81e265b 100644 --- a/rules/network/cisco/aaa/cisco_cli_disable_logging.yml +++ b/rules/network/cisco/aaa/cisco_cli_disable_logging.yml @@ -1,29 +1,29 @@ -title: Cisco Disabling Logging -id: 9e8f6035-88bf-4a63-96b6-b17c0508257e -status: experimental -description: Turn off logging locally or remote -references: - - https://attack.mitre.org/techniques/T1089 -author: Austin Clark -date: 2019/08/11 -tags: - - attack.defense_evasion - - attack.t1089 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - src - - CmdSet - - User - - Privilege_Level - - Remote_Address -detection: - keywords: - - 'no logging' - - 'no aaa new-model' - condition: keywords -falsepositives: - - Unknown -level: high +title: Cisco Disabling Logging +id: 9e8f6035-88bf-4a63-96b6-b17c0508257e +status: experimental +description: Turn off logging locally or remote +references: + - https://attack.mitre.org/techniques/T1089 +author: Austin Clark +date: 2019/08/11 +tags: + - attack.defense_evasion + - attack.t1089 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - src + - CmdSet + - User + - Privilege_Level + - Remote_Address +detection: + keywords: + - 'no logging' + - 'no aaa new-model' + condition: keywords +falsepositives: + - Unknown +level: high diff --git a/rules/network/cisco/aaa/cisco_cli_discovery.yml b/rules/network/cisco/aaa/cisco_cli_discovery.yml index 19a88fa7..5bf64792 100644 --- a/rules/network/cisco/aaa/cisco_cli_discovery.yml +++ b/rules/network/cisco/aaa/cisco_cli_discovery.yml @@ -1,46 +1,46 @@ -title: Cisco Discovery -id: 9705a6a1-6db6-4a16-a987-15b7151e299b -status: experimental -description: Find information about network devices that are not stored in config files. -references: - - https://attack.mitre.org/tactics/TA0007/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.discovery - - attack.t1083 - - attack.t1201 - - attack.t1057 - - attack.t1018 - - attack.t1082 - - attack.t1016 - - attack.t1049 - - attack.t1033 - - attack.t1124 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - src - - CmdSet - - User - - Privilege_Level - - Remote_Address -detection: - keywords: - - 'dir' - - 'show processes' - - 'show arp' - - 'show cdp' - - 'show version' - - 'show ip route' - - 'show ip interface' - - 'show ip sockets' - - 'show users' - - 'show ssh' - - 'show clock' - condition: keywords -falsepositives: - - Commonly used by administrators for troubleshooting -level: low +title: Cisco Discovery +id: 9705a6a1-6db6-4a16-a987-15b7151e299b +status: experimental +description: Find information about network devices that are not stored in config files. +references: + - https://attack.mitre.org/tactics/TA0007/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.discovery + - attack.t1083 + - attack.t1201 + - attack.t1057 + - attack.t1018 + - attack.t1082 + - attack.t1016 + - attack.t1049 + - attack.t1033 + - attack.t1124 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - src + - CmdSet + - User + - Privilege_Level + - Remote_Address +detection: + keywords: + - 'dir' + - 'show processes' + - 'show arp' + - 'show cdp' + - 'show version' + - 'show ip route' + - 'show ip interface' + - 'show ip sockets' + - 'show users' + - 'show ssh' + - 'show clock' + condition: keywords +falsepositives: + - Commonly used by administrators for troubleshooting +level: low diff --git a/rules/network/cisco/aaa/cisco_cli_dos.yml b/rules/network/cisco/aaa/cisco_cli_dos.yml index 9d8c1a6c..847f0d21 100644 --- a/rules/network/cisco/aaa/cisco_cli_dos.yml +++ b/rules/network/cisco/aaa/cisco_cli_dos.yml @@ -1,28 +1,28 @@ -title: Cisco Denial of Service -id: d94a35f0-7a29-45f6-90a0-80df6159967c -status: experimental -description: Detect a system being shutdown or put into different boot mode -references: - - https://attack.mitre.org/techniques/T1499/ - - https://attack.mitre.org/techniques/T1495/ -author: Austin Clark -date: 2019/08/15 -tags: - - attack.impact - - attack.t1499 - - attack.t1495 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'shutdown' - - 'config-register 0x2100' - - 'config-register 0x2142' - condition: keywords -falsepositives: - - Legitimate administrators may run these commands, though rarely. -level: medium +title: Cisco Denial of Service +id: d94a35f0-7a29-45f6-90a0-80df6159967c +status: experimental +description: Detect a system being shutdown or put into different boot mode +references: + - https://attack.mitre.org/techniques/T1499/ + - https://attack.mitre.org/techniques/T1495/ +author: Austin Clark +date: 2019/08/15 +tags: + - attack.impact + - attack.t1499 + - attack.t1495 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'shutdown' + - 'config-register 0x2100' + - 'config-register 0x2142' + condition: keywords +falsepositives: + - Legitimate administrators may run these commands, though rarely. +level: medium diff --git a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml index 5c82fa85..cc6155e1 100644 --- a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml +++ b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml @@ -1,31 +1,31 @@ -title: Cisco Show Commands Input -id: 71d65515-c436-43c0-841b-236b1f32c21e -status: experimental -description: See what files are being deleted from flash file systems -references: - - https://attack.mitre.org/techniques/T1107/ - - https://attack.mitre.org/techniques/T1488/ - - https://attack.mitre.org/techniques/T1487/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.defense_evasion - - attack.impact - - attack.t1107 - - attack.t1488 - - attack.t1487 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'erase' - - 'delete' - - 'format' - condition: keywords -falsepositives: - - Will be used sometimes by admins to clean up local flash space. -level: medium +title: Cisco Show Commands Input +id: 71d65515-c436-43c0-841b-236b1f32c21e +status: experimental +description: See what files are being deleted from flash file systems +references: + - https://attack.mitre.org/techniques/T1107/ + - https://attack.mitre.org/techniques/T1488/ + - https://attack.mitre.org/techniques/T1487/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.defense_evasion + - attack.impact + - attack.t1107 + - attack.t1488 + - attack.t1487 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'erase' + - 'delete' + - 'format' + condition: keywords +falsepositives: + - Will be used sometimes by admins to clean up local flash space. +level: medium diff --git a/rules/network/cisco/aaa/cisco_cli_input_capture.yml b/rules/network/cisco/aaa/cisco_cli_input_capture.yml index 98a240bd..51467f57 100644 --- a/rules/network/cisco/aaa/cisco_cli_input_capture.yml +++ b/rules/network/cisco/aaa/cisco_cli_input_capture.yml @@ -1,29 +1,29 @@ -title: Cisco Show Commands Input -id: b094d9fb-b1ad-4650-9f1a-fb7be9f1d34b -status: experimental -description: See what commands are being input into the device by other people, full credentials can be in the history -references: - - https://attack.mitre.org/techniques/T1056/ - - https://attack.mitre.org/techniques/T1139/ -author: Austin Clark -date: 2019/08/11 -tags: - - attack.collection - - attack.credential_access - - attack.t1139 - - attack.t1056 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'show history' - - 'show history all' - - 'show logging' - condition: keywords -falsepositives: - - Not commonly run by administrators, especially if remote logging is configured. -level: medium +title: Cisco Show Commands Input +id: b094d9fb-b1ad-4650-9f1a-fb7be9f1d34b +status: experimental +description: See what commands are being input into the device by other people, full credentials can be in the history +references: + - https://attack.mitre.org/techniques/T1056/ + - https://attack.mitre.org/techniques/T1139/ +author: Austin Clark +date: 2019/08/11 +tags: + - attack.collection + - attack.credential_access + - attack.t1139 + - attack.t1056 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'show history' + - 'show history all' + - 'show logging' + condition: keywords +falsepositives: + - Not commonly run by administrators, especially if remote logging is configured. +level: medium diff --git a/rules/network/cisco/aaa/cisco_cli_local_accounts.yml b/rules/network/cisco/aaa/cisco_cli_local_accounts.yml index ddab7072..b563459f 100644 --- a/rules/network/cisco/aaa/cisco_cli_local_accounts.yml +++ b/rules/network/cisco/aaa/cisco_cli_local_accounts.yml @@ -1,27 +1,27 @@ -title: Cisco Local Accounts -id: 6d844f0f-1c18-41af-8f19-33e7654edfc3 -status: experimental -description: Find local accounts being created or modified as well as remote authentication configurations -references: - - https://attack.mitre.org/techniques/T1098/ - - https://attack.mitre.org/techniques/T1136/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.persistence - - attack.t1136 - - attack.t1098 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'username' - - 'aaa' - condition: keywords -falsepositives: - - When remote authentication is in place, this should not change often. -level: high +title: Cisco Local Accounts +id: 6d844f0f-1c18-41af-8f19-33e7654edfc3 +status: experimental +description: Find local accounts being created or modified as well as remote authentication configurations +references: + - https://attack.mitre.org/techniques/T1098/ + - https://attack.mitre.org/techniques/T1136/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.persistence + - attack.t1136 + - attack.t1098 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'username' + - 'aaa' + condition: keywords +falsepositives: + - When remote authentication is in place, this should not change often. +level: high diff --git a/rules/network/cisco/aaa/cisco_cli_modify_config.yml b/rules/network/cisco/aaa/cisco_cli_modify_config.yml index b79eb053..bc11ecaf 100644 --- a/rules/network/cisco/aaa/cisco_cli_modify_config.yml +++ b/rules/network/cisco/aaa/cisco_cli_modify_config.yml @@ -1,38 +1,38 @@ -title: Cisco Modify Configuration -id: 671ffc77-50a7-464f-9e3d-9ea2b493b26b -status: experimental -description: Modifications to a config that will serve an adversary's impacts or persistence -references: - - https://attack.mitre.org/techniques/T1100/ - - https://attack.mitre.org/techniques/T1168/ - - https://attack.mitre.org/techniques/T1493/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.persistence - - attack.privilege_escalation - - attack.impact - - attack.t1493 - - attack.t1100 - - attack.t1168 - - attack.t1490 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'ip http server' - - 'ip https server' - - 'kron policy-list' - - 'kron occurrence' - - 'policy-list' - - 'access-list' - - 'ip access-group' - - 'archive maximum' - condition: keywords -falsepositives: - - Legitimate administrators may run these commands. -level: medium +title: Cisco Modify Configuration +id: 671ffc77-50a7-464f-9e3d-9ea2b493b26b +status: experimental +description: Modifications to a config that will serve an adversary's impacts or persistence +references: + - https://attack.mitre.org/techniques/T1100/ + - https://attack.mitre.org/techniques/T1168/ + - https://attack.mitre.org/techniques/T1493/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.persistence + - attack.privilege_escalation + - attack.impact + - attack.t1493 + - attack.t1100 + - attack.t1168 + - attack.t1490 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'ip http server' + - 'ip https server' + - 'kron policy-list' + - 'kron occurrence' + - 'policy-list' + - 'access-list' + - 'ip access-group' + - 'archive maximum' + condition: keywords +falsepositives: + - Legitimate administrators may run these commands. +level: medium diff --git a/rules/network/cisco/aaa/cisco_cli_moving_data.yml b/rules/network/cisco/aaa/cisco_cli_moving_data.yml index 0b603bca..f9aa4c84 100644 --- a/rules/network/cisco/aaa/cisco_cli_moving_data.yml +++ b/rules/network/cisco/aaa/cisco_cli_moving_data.yml @@ -1,39 +1,39 @@ -title: Cisco Stage Data -id: 5e51acb2-bcbe-435b-99c6-0e3cd5e2aa59 -status: experimental -description: Various protocols maybe used to put data on the device for exfil or infil -references: - - https://attack.mitre.org/techniques/T1074/ - - https://attack.mitre.org/techniques/T1105/ - - https://attack.mitre.org/techniques/T1498/ - - https://attack.mitre.org/techniques/T1002/ -author: Austin Clark -date: 2019/08/12 -tags: - - attack.collection - - attack.lateral_movement - - attack.command_and_control - - attack.exfiltration - - attack.impact - - attack.t1074 - - attack.t1105 - - attack.t1492 - - attack.t1002 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'tftp' - - 'rcp' - - 'puts' - - 'copy' - - 'configure replace' - - 'archive tar' - condition: keywords -falsepositives: - - Generally used to copy configs or IOS images. -level: low +title: Cisco Stage Data +id: 5e51acb2-bcbe-435b-99c6-0e3cd5e2aa59 +status: experimental +description: Various protocols maybe used to put data on the device for exfil or infil +references: + - https://attack.mitre.org/techniques/T1074/ + - https://attack.mitre.org/techniques/T1105/ + - https://attack.mitre.org/techniques/T1498/ + - https://attack.mitre.org/techniques/T1002/ +author: Austin Clark +date: 2019/08/12 +tags: + - attack.collection + - attack.lateral_movement + - attack.command_and_control + - attack.exfiltration + - attack.impact + - attack.t1074 + - attack.t1105 + - attack.t1492 + - attack.t1002 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'tftp' + - 'rcp' + - 'puts' + - 'copy' + - 'configure replace' + - 'archive tar' + condition: keywords +falsepositives: + - Generally used to copy configs or IOS images. +level: low diff --git a/rules/network/cisco/aaa/cisco_cli_net_sniff.yml b/rules/network/cisco/aaa/cisco_cli_net_sniff.yml index 3a329fce..3cc2a410 100644 --- a/rules/network/cisco/aaa/cisco_cli_net_sniff.yml +++ b/rules/network/cisco/aaa/cisco_cli_net_sniff.yml @@ -1,27 +1,27 @@ -title: Cisco Sniffing -id: b9e1f193-d236-4451-aaae-2f3d2102120d -status: experimental -description: Show when a monitor or a span/rspan is setup or modified -references: - - https://attack.mitre.org/techniques/T1040 -author: Austin Clark -date: 2019/08/11 -tags: - - attack.credential_access - - attack.discovery - - attack.t1040 -logsource: - product: cisco - service: aaa - category: accounting -fields: - - CmdSet -detection: - keywords: - - 'monitor capture point' - - 'set span' - - 'set rspan' - condition: keywords -falsepositives: - - Admins may setup new or modify old spans, or use a monitor for troubleshooting. -level: medium +title: Cisco Sniffing +id: b9e1f193-d236-4451-aaae-2f3d2102120d +status: experimental +description: Show when a monitor or a span/rspan is setup or modified +references: + - https://attack.mitre.org/techniques/T1040 +author: Austin Clark +date: 2019/08/11 +tags: + - attack.credential_access + - attack.discovery + - attack.t1040 +logsource: + product: cisco + service: aaa + category: accounting +fields: + - CmdSet +detection: + keywords: + - 'monitor capture point' + - 'set span' + - 'set rspan' + condition: keywords +falsepositives: + - Admins may setup new or modify old spans, or use a monitor for troubleshooting. +level: medium diff --git a/rules/windows/other/win_defender_bypass.yml b/rules/windows/other/win_defender_bypass.yml index 0dc75366..cc4fb5b8 100644 --- a/rules/windows/other/win_defender_bypass.yml +++ b/rules/windows/other/win_defender_bypass.yml @@ -1,26 +1,26 @@ -title: Windows Defender Exclusion Set -id: e9c8808f-4cfb-4ba9-97d4-e5f3beaa244d -description: 'Detects scenarios where an windows defender exclusion was added in registry where an entity would want to bypass antivirus scanning from windows defender' -references: - - https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/ -tags: - - attack.defense_evasion - - attack.t1089 -author: "@BarryShooshooga" -date: 2019/10/26 -logsource: - product: windows - service: security - definition: 'Requirements: Audit Policy : Security Settings/Local Policies/Audit Policy, Registry System Access Control (SACL): Auditing/User' -detection: - selection: - EventID: - - 4657 - - 4656 - - 4660 - - 4663 - ObjectName|contains: '\Microsoft\Windows Defender\Exclusions\' - condition: selection -falsepositives: - - Intended inclusions by administrator -level: high +title: Windows Defender Exclusion Set +id: e9c8808f-4cfb-4ba9-97d4-e5f3beaa244d +description: 'Detects scenarios where an windows defender exclusion was added in registry where an entity would want to bypass antivirus scanning from windows defender' +references: + - https://www.bleepingcomputer.com/news/security/gootkit-malware-bypasses-windows-defender-by-setting-path-exclusions/ +tags: + - attack.defense_evasion + - attack.t1089 +author: "@BarryShooshooga" +date: 2019/10/26 +logsource: + product: windows + service: security + definition: 'Requirements: Audit Policy : Security Settings/Local Policies/Audit Policy, Registry System Access Control (SACL): Auditing/User' +detection: + selection: + EventID: + - 4657 + - 4656 + - 4660 + - 4663 + ObjectName|contains: '\Microsoft\Windows Defender\Exclusions\' + condition: selection +falsepositives: + - Intended inclusions by administrator +level: high diff --git a/rules/windows/powershell/powershell_suspicious_download.yml b/rules/windows/powershell/powershell_suspicious_download.yml index 2ab91194..cc735186 100644 --- a/rules/windows/powershell/powershell_suspicious_download.yml +++ b/rules/windows/powershell/powershell_suspicious_download.yml @@ -7,15 +7,20 @@ tags: - attack.t1086 author: Florian Roth date: 2017/03/05 +modified: 2020/03/25 logsource: product: windows service: powershell detection: - keywords: - Message: - - '*System.Net.WebClient).DownloadString(*' - - '*system.net.webclient).downloadfile(*' - condition: keywords + downloadfile: + Message|contains|all: + - 'System.Net.WebClient' + - '.DownloadFile(' + downloadstring: + Message|contains|all: + - 'System.Net.WebClient' + - '.DownloadString(' + condition: downloadfile or downloadstring falsepositives: - PowerShell scripts that download content from the Internet level: medium diff --git a/rules/windows/process_creation/win_susp_curl_start_combo.yml b/rules/windows/process_creation/win_susp_curl_start_combo.yml index ddc53c6a..c65cfc27 100644 --- a/rules/windows/process_creation/win_susp_curl_start_combo.yml +++ b/rules/windows/process_creation/win_susp_curl_start_combo.yml @@ -1,24 +1,24 @@ -title: Curl Start Combination -id: 21dd6d38-2b18-4453-9404-a0fe4a0cc288 -status: experimental -description: Adversaries can use curl to download payloads remotely and execute them. Curl is included by default in Windows 10 build 17063 and later. -references: - - https://medium.com/@reegun/curl-exe-is-the-new-rundll32-exe-lolbin-3f79c5f35983 -author: Sreeman -date: 2020/01/13 -tags: - - attack.execution - - attack.t1218 -logsource: - category: process_creation - product: windows -detection: - condition: selection - selection: - CommandLine|contains: 'curl* start ' -falsepositives: - - Administrative scripts (installers) -fields: - - ParentImage - - CommandLine -level: medium +title: Curl Start Combination +id: 21dd6d38-2b18-4453-9404-a0fe4a0cc288 +status: experimental +description: Adversaries can use curl to download payloads remotely and execute them. Curl is included by default in Windows 10 build 17063 and later. +references: + - https://medium.com/@reegun/curl-exe-is-the-new-rundll32-exe-lolbin-3f79c5f35983 +author: Sreeman +date: 2020/01/13 +tags: + - attack.execution + - attack.t1218 +logsource: + category: process_creation + product: windows +detection: + condition: selection + selection: + CommandLine|contains: 'curl* start ' +falsepositives: + - Administrative scripts (installers) +fields: + - ParentImage + - CommandLine +level: medium diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml index 988342f7..82a3e4d6 100644 --- a/rules/windows/process_creation/win_task_folder_evasion.yml +++ b/rules/windows/process_creation/win_task_folder_evasion.yml @@ -1,36 +1,36 @@ -title: Tasks Folder Evasion -id: cc4e02ba-9c06-48e2-b09e-2500cace9ae0 -status: experimental -description: The Tasks folder in system32 and syswow64 are globally writable paths. Adversaries can take advantage of this and load or influence any script hosts or ANY .NET Application in Tasks to load and execute a custom assembly into cscript, wscript, regsvr32, mshta, eventvwr -references: - - https://twitter.com/subTee/status/1216465628946563073 - - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26 -date: 2020/13/01 -author: Sreeman -tags: - - attack.t1064 - - attack.t1211 - - attack.t1059 - - attack.defense_evasion - - attack.persistence -logsource: - product: Windows -detection: - selection1: - CommandLine|contains: - - 'echo ' - - 'copy ' - - 'type ' - - 'file createnew' - selection2: - CommandLine|contains: - - ' C:\Windows\System32\Tasks\' - - ' C:\Windows\SysWow64\Tasks\' - condition: selection1 and selection2 -fields: - - CommandLine - - ParentProcess - - CommandLine -falsepositives: - - Unknown -level: high +title: Tasks Folder Evasion +id: cc4e02ba-9c06-48e2-b09e-2500cace9ae0 +status: experimental +description: The Tasks folder in system32 and syswow64 are globally writable paths. Adversaries can take advantage of this and load or influence any script hosts or ANY .NET Application in Tasks to load and execute a custom assembly into cscript, wscript, regsvr32, mshta, eventvwr +references: + - https://twitter.com/subTee/status/1216465628946563073 + - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26 +date: 2020/13/01 +author: Sreeman +tags: + - attack.t1064 + - attack.t1211 + - attack.t1059 + - attack.defense_evasion + - attack.persistence +logsource: + product: Windows +detection: + selection1: + CommandLine|contains: + - 'echo ' + - 'copy ' + - 'type ' + - 'file createnew' + selection2: + CommandLine|contains: + - ' C:\Windows\System32\Tasks\' + - ' C:\Windows\SysWow64\Tasks\' + condition: selection1 and selection2 +fields: + - CommandLine + - ParentProcess + - CommandLine +falsepositives: + - Unknown +level: high diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml index 1d9dd690..eec9375a 100644 --- a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml +++ b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml @@ -1,24 +1,24 @@ -title: Windows Registry Trust Record Modification -id: 295a59c1-7b79-4b47-a930-df12c15fc9c2 -status: experimental -description: Alerts on trust record modification within the registry, indicating usage of macros -references: - - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ - - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html -author: Antonlovesdnb -date: 2020/02/19 -modified: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 12 - TargetObject|contains: 'TrustRecords' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: medium +title: Windows Registry Trust Record Modification +id: 295a59c1-7b79-4b47-a930-df12c15fc9c2 +status: experimental +description: Alerts on trust record modification within the registry, indicating usage of macros +references: + - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ + - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html +author: Antonlovesdnb +date: 2020/02/19 +modified: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 12 + TargetObject|contains: 'TrustRecords' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: medium diff --git a/rules/windows/sysmon/sysmon_renamed_jusched.yml b/rules/windows/sysmon/sysmon_renamed_jusched.yml index ea237097..7e03d04a 100644 --- a/rules/windows/sysmon/sysmon_renamed_jusched.yml +++ b/rules/windows/sysmon/sysmon_renamed_jusched.yml @@ -1,26 +1,26 @@ -title: Renamed jusched.exe -status: experimental -id: edd8a48c-1b9f-4ba1-83aa-490338cd1ccb -description: Detects renamed jusched.exe used by cobalt group -references: - - https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf -tags: - - attack.t1036 - - attack.execution -author: Markus Neis, Swisscom -date: 2019/06/04 -logsource: - category: process_creation - product: windows -detection: - selection1: - Description: Java Update Scheduler - selection2: - Description: Java(TM) Update Scheduler - filter: - Image|endswith: - - '\jusched.exe' - condition: (selection1 or selection2) and not filter -falsepositives: - - penetration tests, red teaming -level: high +title: Renamed jusched.exe +status: experimental +id: edd8a48c-1b9f-4ba1-83aa-490338cd1ccb +description: Detects renamed jusched.exe used by cobalt group +references: + - https://www.bitdefender.com/files/News/CaseStudies/study/262/Bitdefender-WhitePaper-An-APT-Blueprint-Gaining-New-Visibility-into-Financial-Threats-interactive.pdf +tags: + - attack.t1036 + - attack.execution +author: Markus Neis, Swisscom +date: 2019/06/04 +logsource: + category: process_creation + product: windows +detection: + selection1: + Description: Java Update Scheduler + selection2: + Description: Java(TM) Update Scheduler + filter: + Image|endswith: + - '\jusched.exe' + condition: (selection1 or selection2) and not filter +falsepositives: + - penetration tests, red teaming +level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 1690d51b..6017a716 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -1,28 +1,28 @@ -title: dotNET DLL Loaded Via Office Applications -id: ff0f2b05-09db-4095-b96d-1b75ca24894a -status: experimental -description: Detects any assembly DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' - ImageLoaded: - - '*C:\Windows\assembly\*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: dotNET DLL Loaded Via Office Applications +id: ff0f2b05-09db-4095-b96d-1b75ca24894a +status: experimental +description: Detects any assembly DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' + ImageLoaded: + - '*C:\Windows\assembly\*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml index 42b6858b..bd58c23b 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -1,28 +1,28 @@ -title: CLR DLL Loaded Via Office Applications -id: d13c43f0-f66b-4279-8b2c-5912077c1780 -status: experimental -description: Detects CLR DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\clr.dll*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: CLR DLL Loaded Via Office Applications +id: d13c43f0-f66b-4279-8b2c-5912077c1780 +status: experimental +description: Detects CLR DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\clr.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index 9806cf08..a0f3ddae 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -1,28 +1,28 @@ -title: GAC DLL Loaded Via Office Applications -id: 90217a70-13fc-48e4-b3db-0d836c5824ac -status: experimental -description: Detects any GAC DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' - ImageLoaded: - - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: GAC DLL Loaded Via Office Applications +id: 90217a70-13fc-48e4-b3db-0d836c5824ac +status: experimental +description: Detects any GAC DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' + ImageLoaded: + - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml index 232f7190..e46824e6 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml @@ -1,28 +1,28 @@ -title: Active Directory Parsing DLL Loaded Via Office Applications -id: a2a3b925-7bb0-433b-b508-db9003263cc4 -status: experimental -description: Detects DSParse DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\dsparse.dll*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: Active Directory Parsing DLL Loaded Via Office Applications +id: a2a3b925-7bb0-433b-b508-db9003263cc4 +status: experimental +description: Detects DSParse DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\dsparse.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index 1cd4628b..86aedc7e 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -1,28 +1,28 @@ -title: Active Directory Kerberos DLL Loaded Via Office Applications -id: 7417e29e-c2e7-4cf6-a2e8-767228c64837 -status: experimental -description: Detects Kerberos DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' - ImageLoaded: - - '*\kerberos.dll*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: Active Directory Kerberos DLL Loaded Via Office Applications +id: 7417e29e-c2e7-4cf6-a2e8-767228c64837 +status: experimental +description: Detects Kerberos DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' + ImageLoaded: + - '*\kerberos.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index e2d29894..b371692e 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -1,30 +1,30 @@ -title: VBA DLL Loaded Via Microsoft Word -id: e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 -status: experimental -description: Detects DLL's Loaded Via Word Containing VBA Macros -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' - ImageLoaded: - - '*\VBE7.DLL*' - - '*\VBEUI.DLL*' - - '*\VBE7INTL.DLL*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high +title: VBA DLL Loaded Via Microsoft Word +id: e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 +status: experimental +description: Detects DLL's Loaded Via Word Containing VBA Macros +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 + Image: + - '*\winword.exe*' + - '*\powerpnt.exe*' + - '*\excel.exe*' + - '*\outlook.exe*' + ImageLoaded: + - '*\VBE7.DLL*' + - '*\VBEUI.DLL*' + - '*\VBE7INTL.DLL*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high From 6584729a0d792c9fa9eac07caa9b79a72d77f90e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 25 Mar 2020 14:58:14 +0100 Subject: [PATCH 163/714] rule: powershell downloadfile --- .../win_susp_ps_downloadfile.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_ps_downloadfile.yml diff --git a/rules/windows/process_creation/win_susp_ps_downloadfile.yml b/rules/windows/process_creation/win_susp_ps_downloadfile.yml new file mode 100644 index 00000000..5fe3001d --- /dev/null +++ b/rules/windows/process_creation/win_susp_ps_downloadfile.yml @@ -0,0 +1,24 @@ +title: PowerShell DownloadFile +id: 8f70ac5f-1f6f-4f8e-b454-db19561216c5 +status: experimental +description: Detects the execution of powershell, a WebClient object creation and the invocation of DownloadFile in a single command line +references: + - https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html +author: Florian Roth +date: 2020/03/25 +tags: + - attack.execution + - attack.t1086 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains|all: + - 'powershell' + - '.DownloadFile' + - 'System.Net.WebClient' + condition: selection +falsepositives: + - Unknown +level: high From 28953a2942f86b7746fffbf49e6a68b3f0746b74 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 25 Mar 2020 18:11:04 +0100 Subject: [PATCH 164/714] fix: MITRE tags in rule --- rules/windows/process_creation/win_exploit_cve_2020_10189.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2020_10189.yml b/rules/windows/process_creation/win_exploit_cve_2020_10189.yml index 1dabd07b..33a9d8ee 100644 --- a/rules/windows/process_creation/win_exploit_cve_2020_10189.yml +++ b/rules/windows/process_creation/win_exploit_cve_2020_10189.yml @@ -10,8 +10,8 @@ references: author: Florian Roth date: 2020/03/25 tags: - - attack.launch - - attack.t1377 + - attack.initial_access + - attack.t1190 logsource: category: process_creation product: windows From ddacde9e6ba4971f7d415b09b1a3ba6150761db9 Mon Sep 17 00:00:00 2001 From: iveco Date: Thu, 26 Mar 2020 15:13:36 +0100 Subject: [PATCH 165/714] add LDAPFragger detections --- .../builtin/win_susp_ldap_dataexchange.yml | 28 +++++++++++++++++ .../sysmon/sysmon_susp_adsi_cache_usage.yml | 30 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 rules/windows/builtin/win_susp_ldap_dataexchange.yml create mode 100644 rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml diff --git a/rules/windows/builtin/win_susp_ldap_dataexchange.yml b/rules/windows/builtin/win_susp_ldap_dataexchange.yml new file mode 100644 index 00000000..0096c639 --- /dev/null +++ b/rules/windows/builtin/win_susp_ldap_dataexchange.yml @@ -0,0 +1,28 @@ +title: Suspicious LDAP-Attributes used (possible data-exchange via LDAPFragger) +id: d00a9a72-2c09-4459-ad03-5e0a23351e36 +description: detects the usage of particular AttributeLDAPDisplayNames, which are known for data exchange via LDAP by the tool LDAPFragger and are additionally not commonly used in companies. +status: experimental +date: 2019/03/24 +author: xknow @xknow_infosec +references: + - https://medium.com/@ivecodoe/detecting-ldapfragger-a-newly-released-cobalt-strike-beacon-using-ldap-for-c2-communication-c274a7f00961 + - https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/ + - https://github.com/fox-it/LDAPFragger +tags: + - attack.t1041 + - attack.persistence +logsource: + product: windows + service: security +detection: + selection: + EventID: 5136 + AttributeValue: '*' + AttributeLDAPDisplayName: + - 'primaryInternationalISDNNumber' + - 'otherFacsimileTelephoneNumber' + - 'primaryTelexNumber' + condition: selection +falsepositives: + - Companies, who may use these default LDAP-Attributes for personal information +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml new file mode 100644 index 00000000..2f4a89e6 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml @@ -0,0 +1,30 @@ +title: Suspicious ADSI-Cache usage by unknown tool (possible LDAPFragger usage) +id: 75bf09fa-1dd7-4d18-9af9-dd9e492562eb +description: detects the usage of ADSI (LDAP) operations by tools. This may also detect tools like LDAPFragger. +status: experimental +date: 2019/03/24 +author: xknow @xknow_infosec +references: + - https://medium.com/@ivecodoe/detecting-ldapfragger-a-newly-released-cobalt-strike-beacon-using-ldap-for-c2-communication-c274a7f00961 + - https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/ + - https://github.com/fox-it/LDAPFragger +tags: + - attack.t1041 + - attack.persistence +logsource: + product: windows + service: sysmon +detection: + selection_1: + EventID: 11 + TargetFilename: '*\Local\Microsoft\Windows\SchCache\*.sch' + selection_2: + Image|contains: + - 'C:\windows\system32\svchost.exe' + - 'C:\windows\system32\dllhost.exe' + - 'C:\windows\system32\mmc.exe' + - 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' + condition: selection_1 and not selection_2 +falsepositives: + - Other legimate tools, which do ADSI (LDAP) operations, e.g. any remoting activity by MMC, Powershell, Windows etc. +level: high \ No newline at end of file From dabc759136a974ff85249564db37e415e7e00d74 Mon Sep 17 00:00:00 2001 From: Justin Ellison Date: Thu, 26 Mar 2020 09:13:52 -0500 Subject: [PATCH 166/714] Eliminate title collision Fixing the problem described in HELK here: https://github.com/Cyb3rWard0g/HELK/issues/442 where when running sigmac to generate elastalert rules, this rule has a title collision with another rule in the same directory and causes elastalert to fail to start. --- rules/windows/process_creation/win_apt_bear_activity_gtr19.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml index b8062c12..d3d160ee 100644 --- a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml +++ b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml @@ -1,4 +1,4 @@ -title: Judgement Panda Exfil Activity +title: Judgement Panda Credential Access Activity id: b83f5166-9237-4b5e-9cd4-7b5d52f4d8ee description: Detects Russian group activity as described in Global Threat Report 2019 by Crowdstrike references: From 39a3af04cea13f15b0bef3ad5a1b2bc251e7167e Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 26 Mar 2020 16:56:06 +0100 Subject: [PATCH 167/714] Fixed title length --- rules/windows/builtin/win_susp_ldap_dataexchange.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_susp_ldap_dataexchange.yml b/rules/windows/builtin/win_susp_ldap_dataexchange.yml index 0096c639..c41f0a42 100644 --- a/rules/windows/builtin/win_susp_ldap_dataexchange.yml +++ b/rules/windows/builtin/win_susp_ldap_dataexchange.yml @@ -1,4 +1,4 @@ -title: Suspicious LDAP-Attributes used (possible data-exchange via LDAPFragger) +title: Suspicious LDAP-Attributes used id: d00a9a72-2c09-4459-ad03-5e0a23351e36 description: detects the usage of particular AttributeLDAPDisplayNames, which are known for data exchange via LDAP by the tool LDAPFragger and are additionally not commonly used in companies. status: experimental @@ -25,4 +25,4 @@ detection: condition: selection falsepositives: - Companies, who may use these default LDAP-Attributes for personal information -level: high \ No newline at end of file +level: high From 68c20dca204ef3839c76dae507cbb4a404fe0061 Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 26 Mar 2020 16:56:46 +0100 Subject: [PATCH 168/714] Fixed title length --- rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml index 2f4a89e6..ab6a9449 100644 --- a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml +++ b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml @@ -1,4 +1,4 @@ -title: Suspicious ADSI-Cache usage by unknown tool (possible LDAPFragger usage) +title: Suspicious ADSI-Cache usage by unknown tool id: 75bf09fa-1dd7-4d18-9af9-dd9e492562eb description: detects the usage of ADSI (LDAP) operations by tools. This may also detect tools like LDAPFragger. status: experimental @@ -27,4 +27,4 @@ detection: condition: selection_1 and not selection_2 falsepositives: - Other legimate tools, which do ADSI (LDAP) operations, e.g. any remoting activity by MMC, Powershell, Windows etc. -level: high \ No newline at end of file +level: high From 3f577c98e7ad5c49c5fa86cb8eef1598a46eccff Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 26 Mar 2020 17:03:33 +0100 Subject: [PATCH 169/714] Title capalized --- rules/windows/builtin/win_susp_ldap_dataexchange.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_susp_ldap_dataexchange.yml b/rules/windows/builtin/win_susp_ldap_dataexchange.yml index c41f0a42..7d1dfca5 100644 --- a/rules/windows/builtin/win_susp_ldap_dataexchange.yml +++ b/rules/windows/builtin/win_susp_ldap_dataexchange.yml @@ -1,4 +1,4 @@ -title: Suspicious LDAP-Attributes used +title: Suspicious LDAP-Attributes Used id: d00a9a72-2c09-4459-ad03-5e0a23351e36 description: detects the usage of particular AttributeLDAPDisplayNames, which are known for data exchange via LDAP by the tool LDAPFragger and are additionally not commonly used in companies. status: experimental From 55258e179936205e4313c627b852dd5f87f38371 Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 26 Mar 2020 17:04:08 +0100 Subject: [PATCH 170/714] Title capitalized --- rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml index ab6a9449..884e53c3 100644 --- a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml +++ b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml @@ -1,4 +1,4 @@ -title: Suspicious ADSI-Cache usage by unknown tool +title: Suspicious ADSI-Cache Usage By Unknown Tool id: 75bf09fa-1dd7-4d18-9af9-dd9e492562eb description: detects the usage of ADSI (LDAP) operations by tools. This may also detect tools like LDAPFragger. status: experimental From f52ed4150d2dd82ed350049f1c70dec447e32baa Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Fri, 27 Mar 2020 15:08:35 +0100 Subject: [PATCH 171/714] WMImplant parameter detection --- .../powershell/powershell_wmimplant.yml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 rules/windows/powershell/powershell_wmimplant.yml diff --git a/rules/windows/powershell/powershell_wmimplant.yml b/rules/windows/powershell/powershell_wmimplant.yml new file mode 100644 index 00000000..b8a0b483 --- /dev/null +++ b/rules/windows/powershell/powershell_wmimplant.yml @@ -0,0 +1,43 @@ +title: WMImplant Hack Tool +id: 8028c2c3-e25a-46e3-827f-bbb5abf181d7 +status: experimental +description: Detects parameters used by WMImplant +references: + - https://github.com/FortyNorthSecurity/WMImplant +tags: + - attack.execution + - attack.t1047 +author: NVISO +date: 2020/03/26 +logsource: + product: windows + service: powershell + description: "Script block logging must be enabled" +detection: + selection: + ScriptBlockText|contains: + - "WMImplant" + - " change_user " + - " gen_cli " + - " command_exec " + - " disable_wdigest " + - " disable_winrm " + - " enable_wdigest " + - " enable_winrm " + - " registry_mod " + - " remote_posh " + - " sched_job " + - " service_mod " + - " process_kill " + - " process_start " + - " active_users " + - " basic_info " + - " drive_list " + - " installed_programs " + - " power_off " + - " vacant_system " + - " logon_events " + condition: selection +falsepositives: + - unlikely +level: high From 0e94eb9e86b898926f9103e58929feabe21aca42 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 28 Mar 2020 13:12:07 +0100 Subject: [PATCH 172/714] Update win_powershell_downgrade_attack.yml --- .../win_powershell_downgrade_attack.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index 814dc49b..d33c7428 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -18,23 +18,11 @@ falsepositives: - Penetration Test - Unknown level: medium ---- logsource: + category: process_creation product: windows - service: sysmon detection: selection: - EventID: 1 - CommandLine|re: '.*-[Vv][Ee][Rr][Ss][Ii][Oo][Nn] 2' + CommandLine|contains: ' -version 2 ' Image|endswith: '\powershell.exe' condition: selection ---- -logsource: - product: windows - service: security -detection: - selection: - EventID: 4688 - CommandLine|re: '.*-[Vv][Ee][Rr][Ss][Ii][Oo][Nn] 2' - NewProcessName|endswith: '\powershell.exe' - condition: selection From bbb10a51f42e844846c66ac33edce8a3bfc9015a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 28 Mar 2020 13:17:58 +0100 Subject: [PATCH 173/714] Update win_powershell_downgrade_attack.yml --- .../process_creation/win_powershell_downgrade_attack.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index d33c7428..61acfd96 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -23,6 +23,12 @@ logsource: product: windows detection: selection: - CommandLine|contains: ' -version 2 ' + CommandLine|contains: + - ' -version 2 ' + - ' -versio 2 ' + - ' -versi 2 ' + - ' -vers 2 ' + - ' -ver 2 ' + - ' -ve 2 ' Image|endswith: '\powershell.exe' condition: selection From e2b90220a2af47f4c988a2402faf2aa2d2cf3c15 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 28 Mar 2020 13:19:10 +0100 Subject: [PATCH 174/714] Update sysmon_susp_desktop_ini.yml --- rules/windows/sysmon/sysmon_susp_desktop_ini.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml index 664afbf5..606076a2 100644 --- a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml +++ b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml @@ -23,5 +23,5 @@ detection: TargetFilename|endswith: '\desktop.ini' condition: selection and not filter falsepositives: - - Operations performed through Windows SCCM or equivalent -level: medium \ No newline at end of file + - Operations performed through Windows SCCM or equivalent +level: medium From 1a3731f7ae6254375a23e907327f401e821c6034 Mon Sep 17 00:00:00 2001 From: teddy-ROxPin <62453645+teddy-ROxPin@users.noreply.github.com> Date: Sun, 29 Mar 2020 04:16:15 -0600 Subject: [PATCH 175/714] Typo fix for powershell_suspicious_invocation_generic.yml ' - windowstyle hidden ' changed to ' -windowstyle hidden ' --- .../powershell/powershell_suspicious_invocation_generic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/powershell/powershell_suspicious_invocation_generic.yml b/rules/windows/powershell/powershell_suspicious_invocation_generic.yml index df1c4876..6127e1f7 100644 --- a/rules/windows/powershell/powershell_suspicious_invocation_generic.yml +++ b/rules/windows/powershell/powershell_suspicious_invocation_generic.yml @@ -17,7 +17,7 @@ detection: hidden: - ' -w hidden ' - ' -window hidden ' - - ' - windowstyle hidden ' + - ' -windowstyle hidden ' noninteractive: - ' -noni ' - ' -noninteractive ' From d24c1e280012e442e2e95111da463f1527efca8d Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 13:25:04 +0200 Subject: [PATCH 176/714] CI testing with GitHub Actions --- .github/workflows/sigma-test.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/sigma-test.yml diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml new file mode 100644 index 00000000..eee87298 --- /dev/null +++ b/.github/workflows/sigma-test.yml @@ -0,0 +1,29 @@ +# This workflow will install Python dependencies, run tests and lint with a single version of Python +# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions + +name: Sigma Tools and Rule Tests + +on: + push: + branches: + - "*" + pull_request: + branches: [ master ] + +jobs: + test-sigma: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.8 + uses: actions/setup-python@v1 + with: + python-version: 3.8 + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r tools/requirements.txt -r tools/requirements-devel.txt -r tools/requirements-misp.txt -r tests/requirements-test.txt + - name: Test with Makefile + run: | + make test + make test-backend-es-qs From fbe40bd1e842fcdbba57ab1ec4947ee3a53d80ea Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 13:41:03 +0200 Subject: [PATCH 177/714] Fixed Elasticsearch test * Splitted into separate action * Install dependencies --- .github/workflows/sigma-test.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index eee87298..291d5468 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -23,7 +23,14 @@ jobs: run: | python -m pip install --upgrade pip pip install -r tools/requirements.txt -r tools/requirements-devel.txt -r tools/requirements-misp.txt -r tests/requirements-test.txt - - name: Test with Makefile + - name: Test Sigma Tools and Rules run: | make test + - name: Test Generated Elasticsearch Query Strings + run: | + wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - + apt install -y apt-transport-https + echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" >> /etc/apt/sources.list.d/elastic.list + apt update + apt install -y elasticsearch make test-backend-es-qs From 821a631325edf0a397e4a1ba1129dc5ecee995bc Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 14:00:15 +0200 Subject: [PATCH 178/714] Run Elasticsearch installation as root --- .github/workflows/sigma-test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index 291d5468..d8335949 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -28,9 +28,9 @@ jobs: make test - name: Test Generated Elasticsearch Query Strings run: | - wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - - apt install -y apt-transport-https - echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" >> /etc/apt/sources.list.d/elastic.list - apt update - apt install -y elasticsearch + wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - + sudo apt install -y apt-transport-https + echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic.list + sudo apt update + sudo apt install -y elasticsearch make test-backend-es-qs From d68b900077e4913ef1cbbe0c2dfdf7ec87bf1785 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 14:37:27 +0200 Subject: [PATCH 179/714] Wait for Elasticsearch before running tests --- .github/workflows/sigma-test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index d8335949..1fcb7176 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -32,5 +32,8 @@ jobs: sudo apt install -y apt-transport-https echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic.list sudo apt update - sudo apt install -y elasticsearch + sudo apt install -y elasticsearch curl jq + sudo systemctl start elasticsearch + until curl -s elasticsearch:9200; do sleep 1; done + until curl -s elasticsearch:9200/_cluster/health | jq -e '.status == "green"'; do sleep 1; done make test-backend-es-qs From 5e258efbe74970e489b3883d83a8c17f5fed02ac Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 14:57:34 +0200 Subject: [PATCH 180/714] Improved Elasticsearch waiting process --- .github/workflows/sigma-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index 1fcb7176..f356f8ef 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -34,6 +34,6 @@ jobs: sudo apt update sudo apt install -y elasticsearch curl jq sudo systemctl start elasticsearch - until curl -s elasticsearch:9200; do sleep 1; done - until curl -s elasticsearch:9200/_cluster/health | jq -e '.status == "green"'; do sleep 1; done + until curl -s elasticsearch:9200; do echo "Waiting for Elasticsearch server..."; sleep 10; done + until curl -s elasticsearch:9200/_cluster/health | jq -e '.status != "red"'; do echo "Waiting for Elasticsearch cluster to become ready..."; sleep 10; done make test-backend-es-qs From 4dbe5e2f172b1c29c5d28a7d83ce1eba749f023a Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 15:19:13 +0200 Subject: [PATCH 181/714] Moved Elasticsearch dependencies to generic dependencies Omitting waiting for Elasticsearch as it should be started at this time. --- .github/workflows/sigma-test.yml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index f356f8ef..3b4aff84 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -23,17 +23,15 @@ jobs: run: | python -m pip install --upgrade pip pip install -r tools/requirements.txt -r tools/requirements-devel.txt -r tools/requirements-misp.txt -r tests/requirements-test.txt + wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - + sudo apt install -y apt-transport-https + echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic.list + sudo apt update + sudo apt install -y elasticsearch + sudo systemctl start elasticsearch - name: Test Sigma Tools and Rules run: | make test - name: Test Generated Elasticsearch Query Strings run: | - wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - - sudo apt install -y apt-transport-https - echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic.list - sudo apt update - sudo apt install -y elasticsearch curl jq - sudo systemctl start elasticsearch - until curl -s elasticsearch:9200; do echo "Waiting for Elasticsearch server..."; sleep 10; done - until curl -s elasticsearch:9200/_cluster/health | jq -e '.status != "red"'; do echo "Waiting for Elasticsearch cluster to become ready..."; sleep 10; done make test-backend-es-qs From 38a5fe3a292cb7d1eac1ae2cce64561222525a10 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 22:20:04 +0200 Subject: [PATCH 182/714] Removed Travis CI configuration --- .travis.yml | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 14362f64..00000000 --- a/.travis.yml +++ /dev/null @@ -1,25 +0,0 @@ -language: python -dist: xenial -python: - # - 3.5 # Deactivated because Travis CI tests failed randomly (Travis's problem) - - 3.6 - - 3.7 -sudo: true -services: - - elasticsearch -cache: pip -before_install: - - curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.deb && sudo dpkg -i --force-confnew elasticsearch-6.2.4.deb && sudo service elasticsearch restart -install: - - pip install -r tools/requirements-devel.txt - - pip install -r tests/requirements-test.txt -script: - - make test - - make test-backend-es-qs -notifications: - email: - recipients: - - venom14@gmail.com - - thomas@patzke.org - on_success: change - on_failure: always From d33f4b290d64ac93b876ad6624befad00975a92b Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 29 Mar 2020 22:41:10 +0200 Subject: [PATCH 183/714] Dependency cleanup * Consolidated dependencies into main and development (MISP and test intergrated). * Splitted Pipfile dependencies into main and development * Specified compatible dependencies --- .github/workflows/sigma-test.yml | 2 +- Pipfile | 19 +- Pipfile.lock | 401 ++++++++++++++++++++----------- tests/requirements-test.txt | 1 - tools/requirements-devel.txt | 13 +- tools/requirements-misp.txt | 1 - tools/requirements.txt | 8 +- 7 files changed, 284 insertions(+), 161 deletions(-) delete mode 100644 tests/requirements-test.txt delete mode 100644 tools/requirements-misp.txt diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index 3b4aff84..b6e10159 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -22,7 +22,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install -r tools/requirements.txt -r tools/requirements-devel.txt -r tools/requirements-misp.txt -r tests/requirements-test.txt + pip install -r tools/requirements.txt -r tools/requirements-devel.txt wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - sudo apt install -y apt-transport-https echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic.list diff --git a/Pipfile b/Pipfile index 44b085f2..593b35cf 100644 --- a/Pipfile +++ b/Pipfile @@ -4,16 +4,19 @@ url = "https://pypi.org/simple" verify_ssl = true [dev-packages] +coverage = "~=5.0" +yamllint = "~=1.21" +elasticsearch = "~=7.6" +elasticsearch-async = "~=6.2" +pytest = "~=5.4" +colorama = "*" [packages] -coverage = ">=4.4.1" -yamllint = ">=1.10.0" -elasticsearch = "*" -elasticsearch-async = "*" -pymisp = "*" -PyYAML = ">=3.11" -progressbar2 = "*" -colorama = "*" +requests = "~=2.23" +urllib3 = "~=1.25" +progressbar2 = "~=3.47" +pymisp = "~=2.4.123" +PyYAML = "~=3.11" [requires] python_version = "3.6" diff --git a/Pipfile.lock b/Pipfile.lock index 634be436..9051511b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "c553c014d5959f8c30ffdb23d4648ff872dbffd5f6f982d8c029a5b4533a959d" + "sha256": "fc1e2b865ed22b08b15ac62987404540d87a44328936121fb1814fe2f74239d7" }, "pipfile-spec": 6, "requires": { @@ -16,6 +16,147 @@ ] }, "default": { + "attrs": { + "hashes": [ + "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", + "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72" + ], + "version": "==19.3.0" + }, + "certifi": { + "hashes": [ + "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3", + "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f" + ], + "version": "==2019.11.28" + }, + "chardet": { + "hashes": [ + "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", + "sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691" + ], + "version": "==3.0.4" + }, + "deprecated": { + "hashes": [ + "sha256:408038ab5fdeca67554e8f6742d1521cd3cd0ee0ff9d47f29318a4f4da31c308", + "sha256:8b6a5aa50e482d8244a62e5582b96c372e87e3a28e8b49c316e46b95c76a611d" + ], + "version": "==1.2.7" + }, + "idna": { + "hashes": [ + "sha256:7588d1c14ae4c77d74036e8c22ff447b26d0fde8f007354fd48a7814db15b7cb", + "sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa" + ], + "version": "==2.9" + }, + "importlib-metadata": { + "hashes": [ + "sha256:2a688cbaa90e0cc587f1df48bdc97a6eadccdcd9c35fb3f976a09e3b5016d90f", + "sha256:34513a8a0c4962bc66d35b359558fd8a5e10cd472d37aec5f66858addef32c1e" + ], + "markers": "python_version < '3.8'", + "version": "==1.6.0" + }, + "jsonschema": { + "hashes": [ + "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", + "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" + ], + "version": "==3.2.0" + }, + "progressbar2": { + "hashes": [ + "sha256:2c21c14482016162852c8265da03886c2b4dea6f84e5a817ad9b39f6bd82a772", + "sha256:7849b84c01a39e4eddd2b369a129fed5e24dfb78d484ae63f9e08e58277a2928" + ], + "index": "pypi", + "version": "==3.50.1" + }, + "pymisp": { + "hashes": [ + "sha256:1d27bc81ed492b5e6e216d099dcadf943d5c0c09457d6464ed33db8da39d0fdd", + "sha256:318cb9cee371ce3918b3216e2c1a61938747203f89f9d42d4e4a51b40066f9b3" + ], + "index": "pypi", + "version": "==2.4.123" + }, + "pyrsistent": { + "hashes": [ + "sha256:28669905fe725965daa16184933676547c5bb40a5153055a8dee2a4bd7933ad3" + ], + "version": "==0.16.0" + }, + "python-dateutil": { + "hashes": [ + "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", + "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" + ], + "version": "==2.8.1" + }, + "python-utils": { + "hashes": [ + "sha256:ebaadab29d0cb9dca0a82eab9c405f5be5125dbbff35b8f32cc433fa498dbaa7", + "sha256:f21fc09ff58ea5ebd1fd2e8ef7f63e39d456336900f26bdc9334a03a3f7d8089" + ], + "version": "==2.4.0" + }, + "pyyaml": { + "hashes": [ + "sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b", + "sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf", + "sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a", + "sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3", + "sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1", + "sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1", + "sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613", + "sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04", + "sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f", + "sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537", + "sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531" + ], + "index": "pypi", + "version": "==3.13" + }, + "requests": { + "hashes": [ + "sha256:43999036bfa82904b6af1d99e4882b560e5e2c68e5c4b0aa03b655f3d7d73fee", + "sha256:b3f43d496c6daba4493e7c431722aeb7dbc6288f52a6e04e7b6023b0247817e6" + ], + "index": "pypi", + "version": "==2.23.0" + }, + "six": { + "hashes": [ + "sha256:236bdbdce46e6e6a3d61a337c0f8b763ca1e8717c03b369e87a7ec7ce1319c0a", + "sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c" + ], + "version": "==1.14.0" + }, + "urllib3": { + "hashes": [ + "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc", + "sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc" + ], + "index": "pypi", + "version": "==1.25.8" + }, + "wrapt": { + "hashes": [ + "sha256:b62ffa81fb85f4332a4f609cab4ac40709470da05643a082ec1eb88e6d9b97d7" + ], + "version": "==1.12.1" + }, + "zipp": { + "hashes": [ + "sha256:aa36550ff0c0b7ef7fa639055d797116ee891440eac1a56f378e2d3179e0320b", + "sha256:c599e4d75c98f6798c509911d08a22e6c021d074469042177c8c86fb92eefd96" + ], + "version": "==3.1.0" + } + }, + "develop": { "aiohttp": { "hashes": [ "sha256:1e984191d1ec186881ffaed4581092ba04f7c61582a177b187d3a2f07ed9719e", @@ -47,13 +188,6 @@ ], "version": "==19.3.0" }, - "certifi": { - "hashes": [ - "sha256:017c25db2a153ce562900032d5bc68e9f191e44e9a0f762f373977de9df1fbb3", - "sha256:25b64c7da4cd7479594d035c08c2d809eb4aab3a26e5a990ea98cc450c320f1f" - ], - "version": "==2019.11.28" - }, "chardet": { "hashes": [ "sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae", @@ -71,55 +205,48 @@ }, "coverage": { "hashes": [ - "sha256:15cf13a6896048d6d947bf7d222f36e4809ab926894beb748fc9caa14605d9c3", - "sha256:1daa3eceed220f9fdb80d5ff950dd95112cd27f70d004c7918ca6dfc6c47054c", - "sha256:1e44a022500d944d42f94df76727ba3fc0a5c0b672c358b61067abb88caee7a0", - "sha256:25dbf1110d70bab68a74b4b9d74f30e99b177cde3388e07cc7272f2168bd1477", - "sha256:3230d1003eec018ad4a472d254991e34241e0bbd513e97a29727c7c2f637bd2a", - "sha256:3dbb72eaeea5763676a1a1efd9b427a048c97c39ed92e13336e726117d0b72bf", - "sha256:5012d3b8d5a500834783689a5d2292fe06ec75dc86ee1ccdad04b6f5bf231691", - "sha256:51bc7710b13a2ae0c726f69756cf7ffd4362f4ac36546e243136187cfcc8aa73", - "sha256:527b4f316e6bf7755082a783726da20671a0cc388b786a64417780b90565b987", - "sha256:722e4557c8039aad9592c6a4213db75da08c2cd9945320220634f637251c3894", - "sha256:76e2057e8ffba5472fd28a3a010431fd9e928885ff480cb278877c6e9943cc2e", - "sha256:77afca04240c40450c331fa796b3eab6f1e15c5ecf8bf2b8bee9706cd5452fef", - "sha256:7afad9835e7a651d3551eab18cbc0fdb888f0a6136169fbef0662d9cdc9987cf", - "sha256:9bea19ac2f08672636350f203db89382121c9c2ade85d945953ef3c8cf9d2a68", - "sha256:a8b8ac7876bc3598e43e2603f772d2353d9931709345ad6c1149009fd1bc81b8", - "sha256:b0840b45187699affd4c6588286d429cd79a99d509fe3de0f209594669bb0954", - "sha256:b26aaf69713e5674efbde4d728fb7124e429c9466aeaf5f4a7e9e699b12c9fe2", - "sha256:b63dd43f455ba878e5e9f80ba4f748c0a2156dde6e0e6e690310e24d6e8caf40", - "sha256:be18f4ae5a9e46edae3f329de2191747966a34a3d93046dbdf897319923923bc", - "sha256:c312e57847db2526bc92b9bfa78266bfbaabac3fdcd751df4d062cd4c23e46dc", - "sha256:c60097190fe9dc2b329a0eb03393e2e0829156a589bd732e70794c0dd804258e", - "sha256:c62a2143e1313944bf4a5ab34fd3b4be15367a02e9478b0ce800cb510e3bbb9d", - "sha256:cc1109f54a14d940b8512ee9f1c3975c181bbb200306c6d8b87d93376538782f", - "sha256:cd60f507c125ac0ad83f05803063bed27e50fa903b9c2cfee3f8a6867ca600fc", - "sha256:d513cc3db248e566e07a0da99c230aca3556d9b09ed02f420664e2da97eac301", - "sha256:d649dc0bcace6fcdb446ae02b98798a856593b19b637c1b9af8edadf2b150bea", - "sha256:d7008a6796095a79544f4da1ee49418901961c97ca9e9d44904205ff7d6aa8cb", - "sha256:da93027835164b8223e8e5af2cf902a4c80ed93cb0909417234f4a9df3bcd9af", - "sha256:e69215621707119c6baf99bda014a45b999d37602cb7043d943c76a59b05bf52", - "sha256:ea9525e0fef2de9208250d6c5aeeee0138921057cd67fcef90fbed49c4d62d37", - "sha256:fca1669d464f0c9831fd10be2eef6b86f5ebd76c724d1e0706ebdff86bb4adf0" + "sha256:03f630aba2b9b0d69871c2e8d23a69b7fe94a1e2f5f10df5049c0df99db639a0", + "sha256:046a1a742e66d065d16fb564a26c2a15867f17695e7f3d358d7b1ad8a61bca30", + "sha256:0a907199566269e1cfa304325cc3b45c72ae341fbb3253ddde19fa820ded7a8b", + "sha256:165a48268bfb5a77e2d9dbb80de7ea917332a79c7adb747bd005b3a07ff8caf0", + "sha256:1b60a95fc995649464e0cd48cecc8288bac5f4198f21d04b8229dc4097d76823", + "sha256:1f66cf263ec77af5b8fe14ef14c5e46e2eb4a795ac495ad7c03adc72ae43fafe", + "sha256:2e08c32cbede4a29e2a701822291ae2bc9b5220a971bba9d1e7615312efd3037", + "sha256:3844c3dab800ca8536f75ae89f3cf566848a3eb2af4d9f7b1103b4f4f7a5dad6", + "sha256:408ce64078398b2ee2ec08199ea3fcf382828d2f8a19c5a5ba2946fe5ddc6c31", + "sha256:443be7602c790960b9514567917af538cac7807a7c0c0727c4d2bbd4014920fd", + "sha256:4482f69e0701139d0f2c44f3c395d1d1d37abd81bfafbf9b6efbe2542679d892", + "sha256:4a8a259bf990044351baf69d3b23e575699dd60b18460c71e81dc565f5819ac1", + "sha256:513e6526e0082c59a984448f4104c9bf346c2da9961779ede1fc458e8e8a1f78", + "sha256:5f587dfd83cb669933186661a351ad6fc7166273bc3e3a1531ec5c783d997aac", + "sha256:62061e87071497951155cbccee487980524d7abea647a1b2a6eb6b9647df9006", + "sha256:641e329e7f2c01531c45c687efcec8aeca2a78a4ff26d49184dce3d53fc35014", + "sha256:65a7e00c00472cd0f59ae09d2fb8a8aaae7f4a0cf54b2b74f3138d9f9ceb9cb2", + "sha256:6ad6ca45e9e92c05295f638e78cd42bfaaf8ee07878c9ed73e93190b26c125f7", + "sha256:73aa6e86034dad9f00f4bbf5a666a889d17d79db73bc5af04abd6c20a014d9c8", + "sha256:7c9762f80a25d8d0e4ab3cb1af5d9dffbddb3ee5d21c43e3474c84bf5ff941f7", + "sha256:85596aa5d9aac1bf39fe39d9fa1051b0f00823982a1de5766e35d495b4a36ca9", + "sha256:86a0ea78fd851b313b2e712266f663e13b6bc78c2fb260b079e8b67d970474b1", + "sha256:8a620767b8209f3446197c0e29ba895d75a1e272a36af0786ec70fe7834e4307", + "sha256:922fb9ef2c67c3ab20e22948dcfd783397e4c043a5c5fa5ff5e9df5529074b0a", + "sha256:9fad78c13e71546a76c2f8789623eec8e499f8d2d799f4b4547162ce0a4df435", + "sha256:a37c6233b28e5bc340054cf6170e7090a4e85069513320275a4dc929144dccf0", + "sha256:c3fc325ce4cbf902d05a80daa47b645d07e796a80682c1c5800d6ac5045193e5", + "sha256:cda33311cb9fb9323958a69499a667bd728a39a7aa4718d7622597a44c4f1441", + "sha256:db1d4e38c9b15be1521722e946ee24f6db95b189d1447fa9ff18dd16ba89f732", + "sha256:eda55e6e9ea258f5e4add23bcf33dc53b2c319e70806e180aecbff8d90ea24de", + "sha256:f372cdbb240e09ee855735b9d85e7f50730dcfb6296b74b95a3e5dea0615c4c1" ], "index": "pypi", - "version": "==5.0.3" - }, - "deprecated": { - "hashes": [ - "sha256:408038ab5fdeca67554e8f6742d1521cd3cd0ee0ff9d47f29318a4f4da31c308", - "sha256:8b6a5aa50e482d8244a62e5582b96c372e87e3a28e8b49c316e46b95c76a611d" - ], - "version": "==1.2.7" + "version": "==5.0.4" }, "elasticsearch": { "hashes": [ - "sha256:1815ee1377e7d3cf32770738a70785fe4ab1f05be28336a330ed71cb295a7c6c", - "sha256:2a0ca516378ae9b87ac840e7bb529ec508f3010360dd9feed605dff2a898aff5" + "sha256:d228b2d37ac0865f7631335268172dbdaa426adec1da3ed006dddf05134f89c8", + "sha256:f4bb05cfe55cf369bdcb4d86d0129d39d66a91fd9517b13cd4e4231fbfcf5c81" ], "index": "pypi", - "version": "==7.5.1" + "version": "==7.6.0" }, "elasticsearch-async": { "hashes": [ @@ -131,10 +258,10 @@ }, "idna": { "hashes": [ - "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407", - "sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c" + "sha256:7588d1c14ae4c77d74036e8c22ff447b26d0fde8f007354fd48a7814db15b7cb", + "sha256:a068a21ceac8a4d63dbfd964670474107f541babbd2250d61922f029858365fa" ], - "version": "==2.8" + "version": "==2.9" }, "idna-ssl": { "hashes": [ @@ -145,40 +272,47 @@ }, "importlib-metadata": { "hashes": [ - "sha256:06f5b3a99029c7134207dd882428a66992a9de2bef7c2b699b5641f9886c3302", - "sha256:b97607a1a18a5100839aec1dc26a1ea17ee0d93b20b0f008d80a5a050afb200b" + "sha256:2a688cbaa90e0cc587f1df48bdc97a6eadccdcd9c35fb3f976a09e3b5016d90f", + "sha256:34513a8a0c4962bc66d35b359558fd8a5e10cd472d37aec5f66858addef32c1e" ], "markers": "python_version < '3.8'", - "version": "==1.5.0" + "version": "==1.6.0" }, - "jsonschema": { + "more-itertools": { "hashes": [ - "sha256:4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163", - "sha256:c8a85b28d377cc7737e46e2d9f2b4f44ee3c0e1deac6bf46ddefc7187d30797a" + "sha256:5dd8bcf33e5f9513ffa06d5ad33d78f31e1931ac9a18f33d37e77a180d393a7c", + "sha256:b1ddb932186d8a6ac451e1d95844b382f55e12686d51ca0c68b6f61f2ab7a507" ], - "version": "==3.2.0" + "version": "==8.2.0" }, "multidict": { "hashes": [ - "sha256:13f3ebdb5693944f52faa7b2065b751cb7e578b8dd0a5bb8e4ab05ad0188b85e", - "sha256:26502cefa86d79b86752e96639352c7247846515c864d7c2eb85d036752b643c", - "sha256:4fba5204d32d5c52439f88437d33ad14b5f228e25072a192453f658bddfe45a7", - "sha256:527124ef435f39a37b279653ad0238ff606b58328ca7989a6df372fd75d7fe26", - "sha256:5414f388ffd78c57e77bd253cf829373721f450613de53dc85a08e34d806e8eb", - "sha256:5eee66f882ab35674944dfa0d28b57fa51e160b4dce0ce19e47f495fdae70703", - "sha256:63810343ea07f5cd86ba66ab66706243a6f5af075eea50c01e39b4ad6bc3c57a", - "sha256:6bd10adf9f0d6a98ccc792ab6f83d18674775986ba9bacd376b643fe35633357", - "sha256:83c6ddf0add57c6b8a7de0bc7e2d656be3eefeff7c922af9a9aae7e49f225625", - "sha256:93166e0f5379cf6cd29746989f8a594fa7204dcae2e9335ddba39c870a287e1c", - "sha256:9a7b115ee0b9b92d10ebc246811d8f55d0c57e82dbb6a26b23c9a9a6ad40ce0c", - "sha256:a38baa3046cce174a07a59952c9f876ae8875ef3559709639c17fdf21f7b30dd", - "sha256:a6d219f49821f4b2c85c6d426346a5d84dab6daa6f85ca3da6c00ed05b54022d", - "sha256:a8ed33e8f9b67e3b592c56567135bb42e7e0e97417a4b6a771e60898dfd5182b", - "sha256:d7d428488c67b09b26928950a395e41cc72bb9c3d5abfe9f0521940ee4f796d4", - "sha256:dcfed56aa085b89d644af17442cdc2debaa73388feba4b8026446d168ca8dad7", - "sha256:f29b885e4903bd57a7789f09fe9d60b6475a6c1a4c0eca874d8558f00f9d4b51" + "sha256:317f96bc0950d249e96d8d29ab556d01dd38888fbe68324f46fd834b430169f1", + "sha256:42f56542166040b4474c0c608ed051732033cd821126493cf25b6c276df7dd35", + "sha256:4b7df040fb5fe826d689204f9b544af469593fb3ff3a069a6ad3409f742f5928", + "sha256:544fae9261232a97102e27a926019100a9db75bec7b37feedd74b3aa82f29969", + "sha256:620b37c3fea181dab09267cd5a84b0f23fa043beb8bc50d8474dd9694de1fa6e", + "sha256:6e6fef114741c4d7ca46da8449038ec8b1e880bbe68674c01ceeb1ac8a648e78", + "sha256:7774e9f6c9af3f12f296131453f7b81dabb7ebdb948483362f5afcaac8a826f1", + "sha256:85cb26c38c96f76b7ff38b86c9d560dea10cf3459bb5f4caf72fc1bb932c7136", + "sha256:a326f4240123a2ac66bb163eeba99578e9d63a8654a59f4688a79198f9aa10f8", + "sha256:ae402f43604e3b2bc41e8ea8b8526c7fa7139ed76b0d64fc48e28125925275b2", + "sha256:aee283c49601fa4c13adc64c09c978838a7e812f85377ae130a24d7198c0331e", + "sha256:b51249fdd2923739cd3efc95a3d6c363b67bbf779208e9f37fd5e68540d1a4d4", + "sha256:bb519becc46275c594410c6c28a8a0adc66fe24fef154a9addea54c1adb006f5", + "sha256:c2c37185fb0af79d5c117b8d2764f4321eeb12ba8c141a95d0aa8c2c1d0a11dd", + "sha256:dc561313279f9d05a3d0ffa89cd15ae477528ea37aa9795c4654588a3287a9ab", + "sha256:e439c9a10a95cb32abd708bb8be83b2134fa93790a4fb0535ca36db3dda94d20", + "sha256:fc3b4adc2ee8474cb3cd2a155305d5f8eda0a9c91320f83e55748e1fcb68f8e3" ], - "version": "==4.7.4" + "version": "==4.7.5" + }, + "packaging": { + "hashes": [ + "sha256:3c292b474fda1671ec57d46d739d072bfd495a4f51ad01a055121d81e952b7a3", + "sha256:82f77b9bee21c1bafbf35a84905d604d5d1223801d639cf3ed140bd651c08752" + ], + "version": "==20.3" }, "pathspec": { "hashes": [ @@ -187,65 +321,51 @@ ], "version": "==0.7.0" }, - "progressbar2": { + "pluggy": { "hashes": [ - "sha256:7538d02045a1fd3aa2b2834bfda463da8755bd3ff050edc6c5ddff3bc616215f", - "sha256:eb774d1e0d03ea4730f381c13c2c6ae7abb5ddfb14d8321d7a58a61aa708f0d0" + "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", + "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + ], + "version": "==0.13.1" + }, + "py": { + "hashes": [ + "sha256:5e27081401262157467ad6e7f851b7aa402c5852dbcb3dae06768434de5752aa", + "sha256:c20fdd83a5dbc0af9efd622bee9a5564e278f6380fffcacc43ba6f43db2813b0" + ], + "version": "==1.8.1" + }, + "pyparsing": { + "hashes": [ + "sha256:4c830582a84fb022400b85429791bc551f1f4871c33f23e44f353119e92f969f", + "sha256:c342dccb5250c08d45fd6f8b4a559613ca603b57498511740e65cd11a2e7dcec" + ], + "version": "==2.4.6" + }, + "pytest": { + "hashes": [ + "sha256:0e5b30f5cb04e887b91b1ee519fa3d89049595f428c1db76e73bd7f17b09b172", + "sha256:84dde37075b8805f3d1f392cc47e38a0e59518fb46a431cfdaf7cf1ce805f970" ], "index": "pypi", - "version": "==3.47.0" - }, - "pymisp": { - "hashes": [ - "sha256:4359953881c70d8c851ba847ebd41fe636ecc155ee92a6b653dcae2d241a6fef", - "sha256:be4c2a2d311ba1aaeb73e1124e8a97ac4eec52a871e02d373c455936095aac72" - ], - "index": "pypi", - "version": "==2.4.120" - }, - "pyrsistent": { - "hashes": [ - "sha256:cdc7b5e3ed77bed61270a47d35434a30617b9becdf2478af76ad2c6ade307280" - ], - "version": "==0.15.7" - }, - "python-dateutil": { - "hashes": [ - "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", - "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" - ], - "version": "==2.8.1" - }, - "python-utils": { - "hashes": [ - "sha256:34aaf26b39b0b86628008f2ae0ac001b30e7986a8d303b61e1357dfcdad4f6d3", - "sha256:e25f840564554eaded56eaa395bca507b0b9e9f0ae5ecb13a8cb785305c56d25" - ], - "version": "==2.3.0" + "version": "==5.4.1" }, "pyyaml": { "hashes": [ - "sha256:059b2ee3194d718896c0ad077dd8c043e5e909d9180f387ce42012662a4946d6", - "sha256:1cf708e2ac57f3aabc87405f04b86354f66799c8e62c28c5fc5f88b5521b2dbf", - "sha256:24521fa2890642614558b492b473bee0ac1f8057a7263156b02e8b14c88ce6f5", - "sha256:4fee71aa5bc6ed9d5f116327c04273e25ae31a3020386916905767ec4fc5317e", - "sha256:70024e02197337533eef7b85b068212420f950319cc8c580261963aefc75f811", - "sha256:74782fbd4d4f87ff04159e986886931456a1894c61229be9eaf4de6f6e44b99e", - "sha256:940532b111b1952befd7db542c370887a8611660d2b9becff75d39355303d82d", - "sha256:cb1f2f5e426dc9f07a7681419fe39cee823bb74f723f36f70399123f439e9b20", - "sha256:dbbb2379c19ed6042e8f11f2a2c66d39cceb8aeace421bfc29d085d93eda3689", - "sha256:e3a057b7a64f1222b56e47bcff5e4b94c4f61faac04c7c4ecb1985e18caa3994", - "sha256:e9f45bd5b92c7974e59bcd2dcc8631a6b6cc380a904725fce7bc08872e691615" + "sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b", + "sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf", + "sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a", + "sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3", + "sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1", + "sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1", + "sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613", + "sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04", + "sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f", + "sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537", + "sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531" ], "index": "pypi", - "version": "==5.3" - }, - "requests": { - "hashes": [ - "sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4", - "sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31" - ], - "version": "==2.22.0" + "version": "==3.13" }, "six": { "hashes": [ @@ -268,21 +388,23 @@ "sha256:2f3db8b19923a873b3e5256dc9c2dedfa883e33d87c690d9c7913e1f40673cdc", "sha256:87716c2d2a7121198ebcb7ce7cccf6ce5e9ba539041cfbaeecfb641dc0bf6acc" ], + "index": "pypi", "version": "==1.25.8" }, - "wrapt": { + "wcwidth": { "hashes": [ - "sha256:565a021fd19419476b9362b05eeaa094178de64f8361e44468f9e9d7843901e1" + "sha256:cafe2186b3c009a04067022ce1dcd79cb38d8d65ee4f4791b8888d6599d1bbe1", + "sha256:ee73862862a156bf77ff92b09034fc4825dd3af9cf81bc5b360668d425f3c5f1" ], - "version": "==1.11.2" + "version": "==0.1.9" }, "yamllint": { "hashes": [ - "sha256:7318e189027951983c3cb4d6bcaa1e75deef7c752320ca3ce84e407f2551e8ce", - "sha256:76912b6262fd7e0815d7b14c4c2bb2642c754d0aa38f2d3e4b4e21c77872a3bf" + "sha256:09d554bafc57beb22b01619c94e1ba0e8fbb016fa9c1b35ddc68d7bfc16d177f", + "sha256:7e1e698b3d344b64bc46cbe8c4df7dfdfe7c00ed1a8d1c851ecd5b552d93d193" ], "index": "pypi", - "version": "==1.20.0" + "version": "==1.21.0" }, "yarl": { "hashes": [ @@ -308,11 +430,10 @@ }, "zipp": { "hashes": [ - "sha256:ccc94ed0909b58ffe34430ea5451f07bc0c76467d7081619a454bf5c98b89e28", - "sha256:feae2f18633c32fc71f2de629bfb3bd3c9325cd4419642b1f1da42ee488d9b98" + "sha256:aa36550ff0c0b7ef7fa639055d797116ee891440eac1a56f378e2d3179e0320b", + "sha256:c599e4d75c98f6798c509911d08a22e6c021d074469042177c8c86fb92eefd96" ], - "version": "==2.1.0" + "version": "==3.1.0" } - }, - "develop": {} + } } diff --git a/tests/requirements-test.txt b/tests/requirements-test.txt deleted file mode 100644 index 3d90aaa5..00000000 --- a/tests/requirements-test.txt +++ /dev/null @@ -1 +0,0 @@ -colorama \ No newline at end of file diff --git a/tools/requirements-devel.txt b/tools/requirements-devel.txt index a946d533..4806396d 100644 --- a/tools/requirements-devel.txt +++ b/tools/requirements-devel.txt @@ -1,9 +1,8 @@ -coverage>=4.4.1 -PyYAML>=3.11 -yamllint>=1.10.0 -elasticsearch -elasticsearch-async +coverage~=5.0 +yamllint~=1.21 +elasticsearch~=7.6 +elasticsearch-async~=6.2 setuptools wheel -pymisp -pytest +pytest~=5.4 +colorama diff --git a/tools/requirements-misp.txt b/tools/requirements-misp.txt deleted file mode 100644 index 3529f881..00000000 --- a/tools/requirements-misp.txt +++ /dev/null @@ -1 +0,0 @@ -pymisp diff --git a/tools/requirements.txt b/tools/requirements.txt index 8aa01bcd..b601bb5a 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,3 +1,5 @@ -PyYAML>=3.11 -requests>=2 -urllib3>=1 \ No newline at end of file +PyYAML~=3.11 +requests~=2.23 +urllib3~=1.25 +progressbar2~=3.47 +pymisp~=2.4.123 From b791d599eef13e0de478e3e1677531252cbcc402 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Mon, 30 Mar 2020 08:53:52 +0200 Subject: [PATCH 184/714] Disabled keywords that could cause FPs --- rules/windows/powershell/powershell_wmimplant.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/powershell/powershell_wmimplant.yml b/rules/windows/powershell/powershell_wmimplant.yml index b8a0b483..c8a64f20 100644 --- a/rules/windows/powershell/powershell_wmimplant.yml +++ b/rules/windows/powershell/powershell_wmimplant.yml @@ -29,15 +29,15 @@ detection: - " sched_job " - " service_mod " - " process_kill " - - " process_start " + # - " process_start " - " active_users " - " basic_info " - - " drive_list " - - " installed_programs " + # - " drive_list " + # - " installed_programs " - " power_off " - " vacant_system " - " logon_events " condition: selection falsepositives: - - unlikely + - Administrative scripts that use the same keywords. level: high From 8dcbfd9aca61f0e7c13c874f69d1c7f8de827017 Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Mon, 30 Mar 2020 23:07:05 +0200 Subject: [PATCH 185/714] Add AD User Enumeration When the "Read all properties" permission of a user object is set to be audited in the AD, an event of ID 4662 (An operation was performed on an object) is triggered whenever a property is accessed. This rule detects these events by flagging any non-machine `SubjectUserName` (i.e. another user) which accesses an object of the `User` AD schema class. Advantages of this rule include the detection of insider-enumeration through automated tools such as BloodHound or manually through the usage of the PowerShell ActiveDirectory module. Although this rule qualifies as a medium severity one, this event could be qualified as high/critical one if flagged on non-used canary user-accounts. False positives may include administrators performing the initial configuration of new users. --- .../builtin/win_ad_user_enumeration.yml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/builtin/win_ad_user_enumeration.yml diff --git a/rules/windows/builtin/win_ad_user_enumeration.yml b/rules/windows/builtin/win_ad_user_enumeration.yml new file mode 100644 index 00000000..f8983d7a --- /dev/null +++ b/rules/windows/builtin/win_ad_user_enumeration.yml @@ -0,0 +1,29 @@ +title: AD User Enumeration +id: ab6bffca-beff-4baa-af11-6733f296d57a +description: Detects access to a domain user from a non-machine account +status: experimental +date: 2020/03/30 +author: Maxime Thiebaut (@0xThiebaut) +references: + - https://www.specterops.io/assets/resources/an_ace_up_the_sleeve.pdf + - http://www.stuffithoughtiknew.com/2019/02/detecting-bloodhound.html + - https://docs.microsoft.com/en-us/windows/win32/adschema/attributes-all # For further investigation of the accessed properties +tags: + - attack.discovery + - attack.t1087 +logsource: + product: windows + service: security + definition: Requires the "Read all properties" permission on the user object to be audited for the "Everyone" principal +detection: + selection: + EventID: 4662 + ObjectType|contains: # Using contains as the data commonly is structured as "%{bf967aba-0de6-11d0-a285-00aa003049e2}" + - 'bf967aba-0de6-11d0-a285-00aa003049e2' # The user class (https://docs.microsoft.com/en-us/windows/win32/adschema/c-user) + filter: + - SubjectUserName|endswith: '$' # Exclude machine accounts + - SubjectUserName|startswith: 'MSOL_' # https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-accounts-permissions#ad-ds-connector-account + condition: selection and not filter +falsepositives: + - Administrators configuring new users. +level: medium From 536ad78fc2009c1c1789ea2098ab593560e9f4f1 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 11:30:14 +0200 Subject: [PATCH 186/714] refactor: following best practices reg main functions in Python https://realpython.com/python-main-function/ --- tools/merge_sigma | 28 ++-- tools/sigma-similarity | 82 ++++++------ tools/sigma-uuid | 128 +++++++++--------- tools/sigma2misp | 72 +++++----- tools/sigmac | 298 +++++++++++++++++++++-------------------- 5 files changed, 314 insertions(+), 294 deletions(-) diff --git a/tools/merge_sigma b/tools/merge_sigma index e043a35c..1a266913 100755 --- a/tools/merge_sigma +++ b/tools/merge_sigma @@ -21,18 +21,22 @@ import yaml from sigma.parser.collection import SigmaCollectionParser -argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM signatures.") -argparser.add_argument("input", help="Sigma input file") -cmdargs = argparser.parse_args() +def main(): + argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM signatures.") + argparser.add_argument("input", help="Sigma input file") + cmdargs = argparser.parse_args() -try: - f = open(cmdargs.input, "r") -except IOError as e: - print("Error while opening input file: %s" % str(e), file=sys.stderr) - sys.exit(1) + try: + f = open(cmdargs.input, "r") + except IOError as e: + print("Error while opening input file: %s" % str(e), file=sys.stderr) + sys.exit(1) -content = "".join(f.readlines()) -f.close() -sc = SigmaCollectionParser(content) + content = "".join(f.readlines()) + f.close() + sc = SigmaCollectionParser(content) -print(yaml.dump_all(sc, default_flow_style=False)) + print(yaml.dump_all(sc, default_flow_style=False)) + +if __name__ == "__main__": + main() diff --git a/tools/sigma-similarity b/tools/sigma-similarity index de5022c3..38a74d8a 100755 --- a/tools/sigma-similarity +++ b/tools/sigma-similarity @@ -56,46 +56,50 @@ class SigmaNormalizationBackend(SingleTextQueryBackend): else: return " | {}({}) by {} {} {}".format(agg.aggfunc_notrans, agg.aggfield, agg.groupfield, agg.cond_op, agg.condition) -backend = SigmaNormalizationBackend(SigmaConfiguration()) +def main(): + backend = SigmaNormalizationBackend(SigmaConfiguration()) -if args.recursive: - paths = [ p for pathname in args.inputs for p in pathlib.Path(pathname).glob("**/*") if p.is_file() ] -else: - paths = [ pathlib.Path(pathname) for pathname in args.inputs ] + if args.recursive: + paths = [ p for pathname in args.inputs for p in pathlib.Path(pathname).glob("**/*") if p.is_file() ] + else: + paths = [ pathlib.Path(pathname) for pathname in args.inputs ] -primary_paths = None -if args.primary: - with open(args.primary, "r") as f: - primary_paths = { pathname.strip() for pathname in f.readlines() } + primary_paths = None + if args.primary: + with open(args.primary, "r") as f: + primary_paths = { pathname.strip() for pathname in f.readlines() } -parsed = { - str(path): SigmaCollectionParser(path.open().read()) - for path in paths - } -converted = { - str(path): list(sigma_collection.generate(backend)) - for path, sigma_collection in parsed.items() - } -converted_flat = ( - (path, i, normalized) - for path, nlist in converted.items() - for i, normalized in zip(range(len(nlist)), nlist) - ) -converted_pairs_iter = itertools.combinations(converted_flat, 2) -if primary_paths: - converted_pairs = [ pair for pair in converted_pairs_iter if pair[0][0] in primary_paths or pair[1][0] in paths ] -else: - converted_pairs = list(converted_pairs_iter) -similarities = [ - (item1[:2], item2[:2], difflib.SequenceMatcher(None, item1[2], item2[2]).ratio()) - for item1, item2 in progressbar.progressbar(converted_pairs) - ] + parsed = { + str(path): SigmaCollectionParser(path.open().read()) + for path in paths + } + converted = { + str(path): list(sigma_collection.generate(backend)) + for path, sigma_collection in parsed.items() + } + converted_flat = ( + (path, i, normalized) + for path, nlist in converted.items() + for i, normalized in zip(range(len(nlist)), nlist) + ) + converted_pairs_iter = itertools.combinations(converted_flat, 2) + if primary_paths: + converted_pairs = [ pair for pair in converted_pairs_iter if pair[0][0] in primary_paths or pair[1][0] in paths ] + else: + converted_pairs = list(converted_pairs_iter) + similarities = [ + (item1[:2], item2[:2], difflib.SequenceMatcher(None, item1[2], item2[2]).ratio()) + for item1, item2 in progressbar.progressbar(converted_pairs) + ] -i = 0 -for similarity in sorted(similarities, key=lambda s: s[2], reverse=True): - if args.min_similarity and similarity[2] * 100 < args.min_similarity: # finish after similarity drops below minimum - break - print("{:70} | {:2} | {:70} | {:2} | {:>3.2%}".format(*similarity[0], *similarity[1], similarity[2])) - i += 1 - if args.top and i >= args.top: # end after $top pairs - break + i = 0 + for similarity in sorted(similarities, key=lambda s: s[2], reverse=True): + if args.min_similarity and similarity[2] * 100 < args.min_similarity: # finish after similarity drops below minimum + break + print("{:70} | {:2} | {:70} | {:2} | {:>3.2%}".format(*similarity[0], *similarity[1], similarity[2])) + i += 1 + if args.top and i >= args.top: # end after $top pairs + break + +if __name__ == "__main__": + main() diff --git a/tools/sigma-uuid b/tools/sigma-uuid index 85a9ab61..0fb58329 100755 --- a/tools/sigma-uuid +++ b/tools/sigma-uuid @@ -7,19 +7,6 @@ from uuid import uuid4, UUID import yaml from sigma.output import SigmaYAMLDumper -argparser = ArgumentParser(description="Assign and verfify UUIDs of Sigma rules") -argparser.add_argument("--verify", "-V", action="store_true", help="Verify existence and uniqueness of UUID assignments. Exits with error code if verification fails.") -argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose.") -argparser.add_argument("--recursive", "-r", action="store_true", help="Recurse into directories.") -argparser.add_argument("--error", "-e", action="store_true", help="Exit with error code 10 on verification failures.") -argparser.add_argument("inputs", nargs="+", help="Sigma rule files or repository directories") -args = argparser.parse_args() - -if args.recursive: - paths = [ p for pathname in args.inputs for p in Path(pathname).glob("**/*") if p.is_file() ] -else: - paths = [ Path(pathname) for pathname in args.inputs ] - def print_verbose(*arg, **kwarg): if args.verbose: print(*arg, **kwarg) @@ -28,56 +15,73 @@ def print_verbose(*arg, **kwarg): def yaml_preserve_order(self, dict_data): return self.represent_mapping("tag:yaml.org,2002:map", dict_data.items()) -yaml.add_representer(dict, yaml_preserve_order) +def main(): + argparser = ArgumentParser(description="Assign and verfify UUIDs of Sigma rules") + argparser.add_argument("--verify", "-V", action="store_true", help="Verify existence and uniqueness of UUID assignments. Exits with error code if verification fails.") + argparser.add_argument("--verbose", "-v", action="store_true", help="Be verbose.") + argparser.add_argument("--recursive", "-r", action="store_true", help="Recurse into directories.") + argparser.add_argument("--error", "-e", action="store_true", help="Exit with error code 10 on verification failures.") + argparser.add_argument("inputs", nargs="+", help="Sigma rule files or repository directories") + args = argparser.parse_args() -uuids = set() -passed = True -for path in paths: - print_verbose("Rule {}".format(str(path))) - with path.open("r") as f: - rules = list(yaml.safe_load_all(f)) - - if args.verify: - i = 1 - for rule in rules: - if "title" in rule: # Rule with a title should also have a UUID - try: - UUID(rule["id"]) - except ValueError: # id is not a valid UUID - print("Rule {} in file {} has a malformed UUID '{}'.".format(i, str(path), rule["id"])) - passed = False - except KeyError: # rule has no id - print("Rule {} in file {} has no UUID.".format(i, str(path))) - passed = False - i += 1 + if args.recursive: + paths = [ p for pathname in args.inputs for p in Path(pathname).glob("**/*") if p.is_file() ] else: - newrules = list() - changed = False - i = 1 - for rule in rules: - if "title" in rule and "id" not in rule: # only assign id to rules that have a title and no id - newrule = dict() - changed = True - for k, v in rule.items(): - newrule[k] = v - if k == "title": # insert id after title - uuid = uuid4() - newrule["id"] = str(uuid) - print("Assigned UUID '{}' to rule {} in file {}.".format(uuid, i, str(path))) - newrules.append(newrule) - else: - newrules.append(rule) - i += 1 + paths = [ Path(pathname) for pathname in args.inputs ] - if changed: - with path.open("w") as f: - yaml.dump_all(newrules, f, Dumper=SigmaYAMLDumper, indent=4, width=160, default_flow_style=False) + yaml.add_representer(dict, yaml_preserve_order) -if not passed: - print("The Sigma rules listed above don't have an ID. The ID must be:") - print("* Contained in the 'id' attribute") - print("* a valid UUIDv4 (randomly generated)") - print("* Unique in this repository") - print("Please generate one with the sigma-uuid tool or here: https://www.uuidgenerator.net/version4") - if args.error: - exit(10) + uuids = set() + passed = True + for path in paths: + print_verbose("Rule {}".format(str(path))) + with path.open("r") as f: + rules = list(yaml.safe_load_all(f)) + + if args.verify: + i = 1 + for rule in rules: + if "title" in rule: # Rule with a title should also have a UUID + try: + UUID(rule["id"]) + except ValueError: # id is not a valid UUID + print("Rule {} in file {} has a malformed UUID '{}'.".format(i, str(path), rule["id"])) + passed = False + except KeyError: # rule has no id + print("Rule {} in file {} has no UUID.".format(i, str(path))) + passed = False + i += 1 + else: + newrules = list() + changed = False + i = 1 + for rule in rules: + if "title" in rule and "id" not in rule: # only assign id to rules that have a title and no id + newrule = dict() + changed = True + for k, v in rule.items(): + newrule[k] = v + if k == "title": # insert id after title + uuid = uuid4() + newrule["id"] = str(uuid) + print("Assigned UUID '{}' to rule {} in file {}.".format(uuid, i, str(path))) + newrules.append(newrule) + else: + newrules.append(rule) + i += 1 + + if changed: + with path.open("w") as f: + yaml.dump_all(newrules, f, Dumper=SigmaYAMLDumper, indent=4, width=160, default_flow_style=False) + + if not passed: + print("The Sigma rules listed above don't have an ID. The ID must be:") + print("* Contained in the 'id' attribute") + print("* a valid UUIDv4 (randomly generated)") + print("* Unique in this repository") + print("Please generate one with the sigma-uuid tool or here: https://www.uuidgenerator.net/version4") + if args.error: + exit(10) + +if __name__ == "__main__": + main() diff --git a/tools/sigma2misp b/tools/sigma2misp index 5229c338..8d604cba 100755 --- a/tools/sigma2misp +++ b/tools/sigma2misp @@ -27,43 +27,47 @@ class MISPImportArgumentParser(argparse.ArgumentParser): def convert_arg_line_to_args(self, line : str): return ("--" + line.lstrip("--")).split() -argparser = MISPImportArgumentParser() -argparser.add_argument("--url", "-u", default="https://localhost", help="URL of MISP instance") -argparser.add_argument("--key", "-k", required=True, help="API key") -argparser.add_argument("--insecure", "-I", action="store_false", help="Disable TLS certifcate validation.") -argparser.add_argument("--event", "-e", type=int, help="Add Sigma rule to event with this ID. If not set, create new event.") -argparser.add_argument("--same-event", "-s", action="store_true", help="Import all Sigma rules to the same event, if no event is set.") -argparser.add_argument("--info", "-i", default="Sigma import", help="Event Information field for newly created MISP event.") -argparser.add_argument("--recursive", "-r", action="store_true", help="Recursive traversal of directory") -argparser.add_argument("sigma", nargs="+", help="Sigma rule file that should be imported") -args = argparser.parse_args() +def main(): + argparser = MISPImportArgumentParser() + argparser.add_argument("--url", "-u", default="https://localhost", help="URL of MISP instance") + argparser.add_argument("--key", "-k", required=True, help="API key") + argparser.add_argument("--insecure", "-I", action="store_false", help="Disable TLS certifcate validation.") + argparser.add_argument("--event", "-e", type=int, help="Add Sigma rule to event with this ID. If not set, create new event.") + argparser.add_argument("--same-event", "-s", action="store_true", help="Import all Sigma rules to the same event, if no event is set.") + argparser.add_argument("--info", "-i", default="Sigma import", help="Event Information field for newly created MISP event.") + argparser.add_argument("--recursive", "-r", action="store_true", help="Recursive traversal of directory") + argparser.add_argument("sigma", nargs="+", help="Sigma rule file that should be imported") + args = argparser.parse_args() -if args.recursive: - paths = [ p for pathname in args.sigma for p in pathlib.Path(pathname).glob("**/*") if p.is_file() ] -else: - paths = [ pathlib.Path(sigma) for sigma in args.sigma ] - -misp = PyMISP(args.url, args.key, args.insecure) -if args.event: - if hasattr(misp, "get"): - eventid = misp.get(args.event)["Event"]["id"] + if args.recursive: + paths = [ p for pathname in args.sigma for p in pathlib.Path(pathname).glob("**/*") if p.is_file() ] else: - eventid = misp.get_event(args.event)["Event"]["id"] + paths = [ pathlib.Path(sigma) for sigma in args.sigma ] -first = True + misp = PyMISP(args.url, args.key, args.insecure) + if args.event: + if hasattr(misp, "get"): + eventid = misp.get(args.event)["Event"]["id"] + else: + eventid = misp.get_event(args.event)["Event"]["id"] -for sigma in paths: - if not args.event and (first or not args.same_event): - eventid = create_new_event() - print("Importing Sigma rule {} into MISP event {}...".format(sigma, eventid, end="")) - f = sigma.open("rt") + first = True - if hasattr(misp, "add_named_attribute"): - misp.add_named_attribute(eventid, "sigma", f.read()) - else: - event = misp.get_event(eventid, pythonify=True) - event.add_attribute("sigma", f.read()) - misp.update_event(event) + for sigma in paths: + if not args.event and (first or not args.same_event): + eventid = create_new_event() + print("Importing Sigma rule {} into MISP event {}...".format(sigma, eventid, end="")) + f = sigma.open("rt") - f.close() - first = False + if hasattr(misp, "add_named_attribute"): + misp.add_named_attribute(eventid, "sigma", f.read()) + else: + event = misp.get_event(eventid, pythonify=True) + event.add_attribute("sigma", f.read()) + misp.update_event(event) + + f.close() + first = False + +if __name__ == "__main__": + main() diff --git a/tools/sigmac b/tools/sigmac index 89129e7b..e1aff610 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -115,15 +115,6 @@ def set_argparser(): return argparser -argparser = set_argparser() -cmdargs = argparser.parse_args() - -scm = SigmaConfigurationManager() - -logger = logging.getLogger(__name__) -if cmdargs.debug: # pragma: no cover - logger.setLevel(logging.DEBUG) - def list_backends(): for backend in sorted(backends.getBackendList(), key=lambda backend: backend.identifier): if cmdargs.debug: @@ -140,154 +131,167 @@ def list_modifiers(): for modifier_id, modifier in modifiers.items(): print("{:>10} : {}".format(modifier_id, modifier.__doc__)) -if cmdargs.lists: - print("Backends:") - list_backends() +def main(): + argparser = set_argparser() + cmdargs = argparser.parse_args() - print() - print("Configurations:") - list_configurations(cmdargs.target) + scm = SigmaConfigurationManager() - print() - print("Modifiers:") - list_modifiers() - sys.exit(0) -elif len(cmdargs.inputs) == 0: - print("Nothing to do!") - argparser.print_usage() - sys.exit(0) + logger = logging.getLogger(__name__) + if cmdargs.debug: # pragma: no cover + logger.setLevel(logging.DEBUG) -if cmdargs.target is None: - print("No target selected, select one with -t/--target") - argparser.print_usage() - sys.exit(ERR_NO_TARGET) + if cmdargs.lists: + print("Backends:") + list_backends() -rulefilter = None -if cmdargs.filter: - try: - rulefilter = SigmaRuleFilter(cmdargs.filter) - except SigmaRuleFilterParseException as e: - print("Parse error in Sigma rule filter expression: %s" % str(e), file=sys.stderr) - sys.exit(ERR_RULE_FILTER_PARSING) - -sigmaconfigs = SigmaConfigurationChain() -backend_class = backends.getBackend(cmdargs.target) -if cmdargs.config is None: - if backend_class.config_required and not cmdargs.shoot_yourself_in_the_foot: - print("The backend you want to use usually requires a configuration to generate valid results. Please provide one with --config/-c.", file=sys.stderr) - print("Available choices for this backend (get complete list with --lists/-l):") + print() + print("Configurations:") list_configurations(cmdargs.target) - sys.exit(ERR_CONFIG_REQUIRED) - if backend_class.default_config is not None: - cmdargs.config = backend_class.default_config -if cmdargs.config: - order = 0 - for conf_name in cmdargs.config: + print() + print("Modifiers:") + list_modifiers() + sys.exit(0) + elif len(cmdargs.inputs) == 0: + print("Nothing to do!") + argparser.print_usage() + sys.exit(0) + + if cmdargs.target is None: + print("No target selected, select one with -t/--target") + argparser.print_usage() + sys.exit(ERR_NO_TARGET) + + rulefilter = None + if cmdargs.filter: try: - sigmaconfig = scm.get(conf_name) - if sigmaconfig.order is not None: - if sigmaconfig.order <= order and not cmdargs.shoot_yourself_in_the_foot: - print("The configurations were provided in the wrong order (order key check in config file)", file=sys.stderr) - sys.exit(ERR_CONFIG_ORDER) - order = sigmaconfig.order + rulefilter = SigmaRuleFilter(cmdargs.filter) + except SigmaRuleFilterParseException as e: + print("Parse error in Sigma rule filter expression: %s" % str(e), file=sys.stderr) + sys.exit(ERR_RULE_FILTER_PARSING) + sigmaconfigs = SigmaConfigurationChain() + backend_class = backends.getBackend(cmdargs.target) + if cmdargs.config is None: + if backend_class.config_required and not cmdargs.shoot_yourself_in_the_foot: + print("The backend you want to use usually requires a configuration to generate valid results. Please provide one with --config/-c.", file=sys.stderr) + print("Available choices for this backend (get complete list with --lists/-l):") + list_configurations(cmdargs.target) + sys.exit(ERR_CONFIG_REQUIRED) + if backend_class.default_config is not None: + cmdargs.config = backend_class.default_config + + if cmdargs.config: + order = 0 + for conf_name in cmdargs.config: try: - if cmdargs.target not in sigmaconfig.config["backends"]: - print("The configuration '{}' is not valid for backend '{}'. Valid choices are: {}".format(conf_name, cmdargs.target, ", ".join(sigmaconfig.config["backends"])), file=sys.stderr) - sys.exit(ERR_CONFIG_ORDER) - except KeyError: + sigmaconfig = scm.get(conf_name) + if sigmaconfig.order is not None: + if sigmaconfig.order <= order and not cmdargs.shoot_yourself_in_the_foot: + print("The configurations were provided in the wrong order (order key check in config file)", file=sys.stderr) + sys.exit(ERR_CONFIG_ORDER) + order = sigmaconfig.order + + try: + if cmdargs.target not in sigmaconfig.config["backends"]: + print("The configuration '{}' is not valid for backend '{}'. Valid choices are: {}".format(conf_name, cmdargs.target, ", ".join(sigmaconfig.config["backends"])), file=sys.stderr) + sys.exit(ERR_CONFIG_ORDER) + except KeyError: + pass + + sigmaconfigs.append(sigmaconfig) + except OSError as e: + print("Failed to open Sigma configuration file %s: %s" % (conf_name, str(e)), file=sys.stderr) + exit(ERR_OPEN_CONFIG_FILE) + except (yaml.parser.ParserError, yaml.scanner.ScannerError) as e: + print("Sigma configuration file %s is no valid YAML: %s" % (conf_name, str(e)), file=sys.stderr) + exit(ERR_CONFIG_INVALID_YAML) + except SigmaConfigParseError as e: + print("Sigma configuration parse error in %s: %s" % (conf_name, str(e)), file=sys.stderr) + exit(ERR_CONFIG_PARSING) + + backend_options = BackendOptions(cmdargs.backend_option, cmdargs.backend_config) + backend = backend_class(sigmaconfigs, backend_options) + + filename = cmdargs.output + if filename: + try: + out = open(filename, "w", encoding='utf-8') + except (IOError, OSError) as e: + print("Failed to open output file '%s': %s" % (filename, str(e)), file=sys.stderr) + exit(ERR_OUTPUT) + else: + out = sys.stdout + + error = 0 + for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): + logger.debug("* Processing Sigma input %s" % (sigmafile)) + try: + if cmdargs.inputs == ['-']: + f = sigmafile + else: + f = sigmafile.open(encoding='utf-8') + parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) + results = parser.generate(backend) + for result in results: + print(result, file=out) + except OSError as e: + print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)), file=sys.stderr) + error = ERR_OPEN_SIGMA_RULE + except (yaml.parser.ParserError, yaml.scanner.ScannerError) as e: + print("Sigma file %s is no valid YAML: %s" % (sigmafile, str(e)), file=sys.stderr) + error = ERR_INVALID_YAML + if not cmdargs.defer_abort: + sys.exit(error) + except (SigmaParseError, SigmaCollectionParseError) as e: + print("Sigma parse error in %s: %s" % (sigmafile, str(e)), file=sys.stderr) + error = ERR_SIGMA_PARSING + if not cmdargs.defer_abort: + sys.exit(error) + except NotSupportedError as e: + print("The Sigma rule requires a feature that is not supported by the target system: " + str(e), file=sys.stderr) + if not cmdargs.ignore_backend_errors: + error = ERR_NOT_SUPPORTED + if not cmdargs.defer_abort: + sys.exit(error) + except BackendError as e: + print("Backend error in %s: %s" % (sigmafile, str(e)), file=sys.stderr) + if not cmdargs.ignore_backend_errors: + error = ERR_BACKEND + if not cmdargs.defer_abort: + sys.exit(error) + except (NotImplementedError, TypeError) as e: + print("An unsupported feature is required for this Sigma rule (%s): " % (sigmafile) + str(e), file=sys.stderr) + print("Feel free to contribute for fun and fame, this is open source :) -> https://github.com/Neo23x0/sigma", file=sys.stderr) + if not cmdargs.ignore_backend_errors: + error = ERR_NOT_IMPLEMENTED + if not cmdargs.defer_abort: + sys.exit(error) + except PartialMatchError as e: + print("Partial field match error: %s" % str(e), file=sys.stderr) + if not cmdargs.ignore_backend_errors: + error = ERR_PARTIAL_FIELD_MATCH + if not cmdargs.defer_abort: + sys.exit(error) + except FullMatchError as e: + print("Full field match error", file=sys.stderr) + if not cmdargs.ignore_backend_errors: + error = ERR_FULL_FIELD_MATCH + if not cmdargs.defer_abort: + sys.exit(error) + finally: + try: + f.close() + except: pass - sigmaconfigs.append(sigmaconfig) - except OSError as e: - print("Failed to open Sigma configuration file %s: %s" % (conf_name, str(e)), file=sys.stderr) - exit(ERR_OPEN_CONFIG_FILE) - except (yaml.parser.ParserError, yaml.scanner.ScannerError) as e: - print("Sigma configuration file %s is no valid YAML: %s" % (conf_name, str(e)), file=sys.stderr) - exit(ERR_CONFIG_INVALID_YAML) - except SigmaConfigParseError as e: - print("Sigma configuration parse error in %s: %s" % (conf_name, str(e)), file=sys.stderr) - exit(ERR_CONFIG_PARSING) + result = backend.finalize() + if result: + print(result, file=out) + out.close() -backend_options = BackendOptions(cmdargs.backend_option, cmdargs.backend_config) -backend = backend_class(sigmaconfigs, backend_options) + sys.exit(error) -filename = cmdargs.output -if filename: - try: - out = open(filename, "w", encoding='utf-8') - except (IOError, OSError) as e: - print("Failed to open output file '%s': %s" % (filename, str(e)), file=sys.stderr) - exit(ERR_OUTPUT) -else: - out = sys.stdout - -error = 0 -for sigmafile in get_inputs(cmdargs.inputs, cmdargs.recurse): - logger.debug("* Processing Sigma input %s" % (sigmafile)) - try: - if cmdargs.inputs == ['-']: - f = sigmafile - else: - f = sigmafile.open(encoding='utf-8') - parser = SigmaCollectionParser(f, sigmaconfigs, rulefilter) - results = parser.generate(backend) - for result in results: - print(result, file=out) - except OSError as e: - print("Failed to open Sigma file %s: %s" % (sigmafile, str(e)), file=sys.stderr) - error = ERR_OPEN_SIGMA_RULE - except (yaml.parser.ParserError, yaml.scanner.ScannerError) as e: - print("Sigma file %s is no valid YAML: %s" % (sigmafile, str(e)), file=sys.stderr) - error = ERR_INVALID_YAML - if not cmdargs.defer_abort: - sys.exit(error) - except (SigmaParseError, SigmaCollectionParseError) as e: - print("Sigma parse error in %s: %s" % (sigmafile, str(e)), file=sys.stderr) - error = ERR_SIGMA_PARSING - if not cmdargs.defer_abort: - sys.exit(error) - except NotSupportedError as e: - print("The Sigma rule requires a feature that is not supported by the target system: " + str(e), file=sys.stderr) - if not cmdargs.ignore_backend_errors: - error = ERR_NOT_SUPPORTED - if not cmdargs.defer_abort: - sys.exit(error) - except BackendError as e: - print("Backend error in %s: %s" % (sigmafile, str(e)), file=sys.stderr) - if not cmdargs.ignore_backend_errors: - error = ERR_BACKEND - if not cmdargs.defer_abort: - sys.exit(error) - except (NotImplementedError, TypeError) as e: - print("An unsupported feature is required for this Sigma rule (%s): " % (sigmafile) + str(e), file=sys.stderr) - print("Feel free to contribute for fun and fame, this is open source :) -> https://github.com/Neo23x0/sigma", file=sys.stderr) - if not cmdargs.ignore_backend_errors: - error = ERR_NOT_IMPLEMENTED - if not cmdargs.defer_abort: - sys.exit(error) - except PartialMatchError as e: - print("Partial field match error: %s" % str(e), file=sys.stderr) - if not cmdargs.ignore_backend_errors: - error = ERR_PARTIAL_FIELD_MATCH - if not cmdargs.defer_abort: - sys.exit(error) - except FullMatchError as e: - print("Full field match error", file=sys.stderr) - if not cmdargs.ignore_backend_errors: - error = ERR_FULL_FIELD_MATCH - if not cmdargs.defer_abort: - sys.exit(error) - finally: - try: - f.close() - except: - pass - -result = backend.finalize() -if result: - print(result, file=out) -out.close() - -sys.exit(error) +if __name__ == "__main__": + main() From c83b4fd37c391a26665e1d525869e7674a1cbf75 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 11:30:47 +0200 Subject: [PATCH 187/714] fix: fixing script install for Windows end systems --- tools/setup.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/tools/setup.py b/tools/setup.py index 11d0add3..d7849186 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -77,11 +77,13 @@ setup( 'config/generic/sysmon.yml', 'config/generic/windows-audit.yml', ])], - scripts=[ - 'sigmac', - 'merge_sigma', - 'sigma2misp', - 'sigma-similarity', - 'sigma-uuid', - ] + entry_points={ + 'console_scripts': [ + 'sigmac = sigmac:main', + 'merge_sigma = merge_sigma:main', + 'sigma2misp = sigma2misp:main', + 'sigma-similarity = sigma-similarity:main', + 'sigma-uuid = sigma-uuid:main', + ], + }, ) From bb50571b1390eb142ba91dcf715158d9eb07f07b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 11:35:21 +0200 Subject: [PATCH 188/714] fix: print_verbose scope --- tools/sigma-uuid | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/sigma-uuid b/tools/sigma-uuid index 0fb58329..37531b39 100755 --- a/tools/sigma-uuid +++ b/tools/sigma-uuid @@ -8,8 +8,7 @@ import yaml from sigma.output import SigmaYAMLDumper def print_verbose(*arg, **kwarg): - if args.verbose: - print(*arg, **kwarg) + print(*arg, **kwarg) # Define order-preserving representer from dicts/maps def yaml_preserve_order(self, dict_data): @@ -24,6 +23,9 @@ def main(): argparser.add_argument("inputs", nargs="+", help="Sigma rule files or repository directories") args = argparser.parse_args() + if args.verbose: + print_verbose() + if args.recursive: paths = [ p for pathname in args.inputs for p in Path(pathname).glob("**/*") if p.is_file() ] else: From 23ce69eaaeae7cd50856188875fc0cbc1544f9ce Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 11:42:16 +0200 Subject: [PATCH 189/714] fix: functions parameters outside of main --- tools/sigmac | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tools/sigmac b/tools/sigmac index e1aff610..718a9402 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -115,19 +115,19 @@ def set_argparser(): return argparser -def list_backends(): +def list_backends(debug): for backend in sorted(backends.getBackendList(), key=lambda backend: backend.identifier): - if cmdargs.debug: + if debug: print("{:>15} : {} ({})".format(backend.identifier, backend.__doc__, backend.__name__)) else: print("{:>15} : {}".format(backend.identifier, backend.__doc__)) -def list_configurations(backend=None): +def list_configurations(backend=None, scm=scm): for conf_id, title, backends in sorted(scm.list(), key=lambda config: config[0]): if backend is not None and backend in backends or backend is None or len(backends) == 0: print("{:>30} : {}".format(conf_id, title)) -def list_modifiers(): +def list_modifiers(modifiers): for modifier_id, modifier in modifiers.items(): print("{:>10} : {}".format(modifier_id, modifier.__doc__)) @@ -143,15 +143,15 @@ def main(): if cmdargs.lists: print("Backends:") - list_backends() + list_backends(cmdargs.debug) print() print("Configurations:") - list_configurations(cmdargs.target) + list_configurations(backend=cmdargs.target, scm=scm) print() print("Modifiers:") - list_modifiers() + list_modifiers(modifiers=modifiers) sys.exit(0) elif len(cmdargs.inputs) == 0: print("Nothing to do!") From c82156a3c994b87b0b06fc0a609c293034f33579 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 11:46:05 +0200 Subject: [PATCH 190/714] fix: second list_configurations function params --- tools/sigmac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigmac b/tools/sigmac index 718a9402..1370213d 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -177,7 +177,7 @@ def main(): if backend_class.config_required and not cmdargs.shoot_yourself_in_the_foot: print("The backend you want to use usually requires a configuration to generate valid results. Please provide one with --config/-c.", file=sys.stderr) print("Available choices for this backend (get complete list with --lists/-l):") - list_configurations(cmdargs.target) + list_configurations(backend=cmdargs.target, scm=scm) sys.exit(ERR_CONFIG_REQUIRED) if backend_class.default_config is not None: cmdargs.config = backend_class.default_config From 18e505c4586bb889bf279885fe05fa33af4bd7ba Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 12:42:02 +0200 Subject: [PATCH 191/714] fix: list_configurations default values --- tools/sigmac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigmac b/tools/sigmac index 1370213d..275c295d 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -122,7 +122,7 @@ def list_backends(debug): else: print("{:>15} : {}".format(backend.identifier, backend.__doc__)) -def list_configurations(backend=None, scm=scm): +def list_configurations(backend=None, scm=None): for conf_id, title, backends in sorted(scm.list(), key=lambda config: config[0]): if backend is not None and backend in backends or backend is None or len(backends) == 0: print("{:>30} : {}".format(conf_id, title)) From 4d67dff89af43c8ca90d29e0a5cbdfb1cb8245f9 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 14:07:34 +0200 Subject: [PATCH 192/714] fix: renamed tools to allow for console_scripts list entries --- tools/setup.py | 10 +++++----- tools/{sigma-similarity => sigma_similarity} | 0 tools/{sigma-uuid => sigma_uuid} | 0 3 files changed, 5 insertions(+), 5 deletions(-) rename tools/{sigma-similarity => sigma_similarity} (100%) rename tools/{sigma-uuid => sigma_uuid} (100%) diff --git a/tools/setup.py b/tools/setup.py index d7849186..d197ca9f 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -79,11 +79,11 @@ setup( ])], entry_points={ 'console_scripts': [ - 'sigmac = sigmac:main', - 'merge_sigma = merge_sigma:main', - 'sigma2misp = sigma2misp:main', - 'sigma-similarity = sigma-similarity:main', - 'sigma-uuid = sigma-uuid:main', + 'sigmac = sigmac:main', + 'merge_sigma = merge_sigma:main', + 'sigma2misp = sigma2misp:main', + 'sigma_similarity = sigma_similarity:main', + 'sigma_uuid = sigma-uuid:main', ], }, ) diff --git a/tools/sigma-similarity b/tools/sigma_similarity similarity index 100% rename from tools/sigma-similarity rename to tools/sigma_similarity diff --git a/tools/sigma-uuid b/tools/sigma_uuid similarity index 100% rename from tools/sigma-uuid rename to tools/sigma_uuid From 18cdddb09e6aee56a02e90c15a81810ccc54c47c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= Date: Tue, 31 Mar 2020 15:22:00 +0200 Subject: [PATCH 193/714] Small typo --- rules/windows/sysmon/sysmon_webshell_creation_detect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 6ea8143f..2824f16f 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -1,7 +1,7 @@ title: Windows Webshell Creation id: 39f1f9f2-9636-45de-98f6-a4046aa8e4b9 status: experimental -description: Posible webshell file creation on a static web site +description: Possible webshell file creation on a static web site references: - PT ESC rule and personal experience author: Beyu Denis, oscd.community From 6aba430de60704a672ed62cc17ce25498b1451b9 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 31 Mar 2020 16:29:58 +0200 Subject: [PATCH 194/714] fix: sigma_uuid occurances --- Makefile | 2 +- contrib/filter-uuid-patch | 4 ++-- tools/setup.py | 2 +- tools/sigma_uuid | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 389d7973..ca9b0815 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ finish: test-rules: yamllint rules tests/test_rules.py - tools/sigma-uuid -Ver rules/ + tools/sigma_uuid -Ver rules/ test-sigmac: coverage run -a --include=$(COVSCOPE) tools/sigmac diff --git a/contrib/filter-uuid-patch b/contrib/filter-uuid-patch index 19249598..bcce012e 100755 --- a/contrib/filter-uuid-patch +++ b/contrib/filter-uuid-patch @@ -1,10 +1,10 @@ #!/usr/bin/env python3 # Remove all hunks from a patch that don't add the id attribute to minimize the impact (removed -# comments etc.) of sigma-uuid script. +# comments etc.) of sigma_uuid script. # # Usually used as follows: # 1. Add UUIDs to rules: -# tools/sigma-uuid -er rules +# tools/sigma_uuid -er rules # 2. Generate and filter patch # git diff | contrib/filter-uuid-patch > rule-uuid.diff # 3. Reset to previous state diff --git a/tools/setup.py b/tools/setup.py index d197ca9f..5ac5f0f1 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -83,7 +83,7 @@ setup( 'merge_sigma = merge_sigma:main', 'sigma2misp = sigma2misp:main', 'sigma_similarity = sigma_similarity:main', - 'sigma_uuid = sigma-uuid:main', + 'sigma_uuid = sigma_uuid:main', ], }, ) diff --git a/tools/sigma_uuid b/tools/sigma_uuid index 37531b39..2a8b003c 100755 --- a/tools/sigma_uuid +++ b/tools/sigma_uuid @@ -81,7 +81,7 @@ def main(): print("* Contained in the 'id' attribute") print("* a valid UUIDv4 (randomly generated)") print("* Unique in this repository") - print("Please generate one with the sigma-uuid tool or here: https://www.uuidgenerator.net/version4") + print("Please generate one with the sigma_uuid tool or here: https://www.uuidgenerator.net/version4") if args.error: exit(10) From 8c69c7bb02a3c567d1726903c80ed2d92da4a135 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 31 Mar 2020 22:36:16 +0200 Subject: [PATCH 195/714] PyPI deployment via GitHub Actions --- .github/workflows/pypi-publish.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/pypi-publish.yml diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml new file mode 100644 index 00000000..efeff2dc --- /dev/null +++ b/.github/workflows/pypi-publish.yml @@ -0,0 +1,27 @@ +# This workflows will upload a Python Package using Twine when a release is created +# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries + +name: Upload Sigmatools Package to PyPI +on: + release: + types: [created] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v1 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install setuptools wheel twine + - name: Build and publish + env: + TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} + TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} + run: | + make upload From c9c73bec3f1b6106a7c5535d2fa4035c5ea32bb8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2020 20:40:52 +0000 Subject: [PATCH 196/714] Bump pyyaml from 3.13 to 5.1 Bumps [pyyaml](https://github.com/yaml/pyyaml) from 3.13 to 5.1. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/3.13...5.1) Signed-off-by: dependabot[bot] --- Pipfile | 2 +- Pipfile.lock | 50 +++++++++++++++++++++++++------------------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/Pipfile b/Pipfile index 593b35cf..6b51f749 100644 --- a/Pipfile +++ b/Pipfile @@ -16,7 +16,7 @@ requests = "~=2.23" urllib3 = "~=1.25" progressbar2 = "~=3.47" pymisp = "~=2.4.123" -PyYAML = "~=3.11" +PyYAML = "~=5.1" [requires] python_version = "3.6" diff --git a/Pipfile.lock b/Pipfile.lock index 9051511b..3436ea04 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "fc1e2b865ed22b08b15ac62987404540d87a44328936121fb1814fe2f74239d7" + "sha256": "588c969e3c9cf945190a258f9607bbcc53ee9715d34e538b130a852459e4848a" }, "pipfile-spec": 6, "requires": { @@ -104,20 +104,20 @@ }, "pyyaml": { "hashes": [ - "sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b", - "sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf", - "sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a", - "sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3", - "sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1", - "sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1", - "sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613", - "sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04", - "sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f", - "sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537", - "sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531" + "sha256:1adecc22f88d38052fb787d959f003811ca858b799590a5eaa70e63dca50308c", + "sha256:436bc774ecf7c103814098159fbb84c2715d25980175292c648f2da143909f95", + "sha256:460a5a4248763f6f37ea225d19d5c205677d8d525f6a83357ca622ed541830c2", + "sha256:5a22a9c84653debfbf198d02fe592c176ea548cccce47553f35f466e15cf2fd4", + "sha256:7a5d3f26b89d688db27822343dfa25c599627bc92093e788956372285c6298ad", + "sha256:9372b04a02080752d9e6f990179a4ab840227c6e2ce15b95e1278456664cf2ba", + "sha256:a5dcbebee834eaddf3fa7366316b880ff4062e4bcc9787b78c7fbb4a26ff2dd1", + "sha256:aee5bab92a176e7cd034e57f46e9df9a9862a71f8f37cad167c6fc74c65f5b4e", + "sha256:c51f642898c0bacd335fc119da60baae0824f2cde95b0330b56c0553439f0673", + "sha256:c68ea4d3ba1705da1e0d85da6684ac657912679a649e8868bd850d2c299cce13", + "sha256:e23d0cc5299223dcc37885dae624f382297717e459ea24053709675a976a3e19" ], "index": "pypi", - "version": "==3.13" + "version": "==5.1" }, "requests": { "hashes": [ @@ -352,20 +352,20 @@ }, "pyyaml": { "hashes": [ - "sha256:3d7da3009c0f3e783b2c873687652d83b1bbfd5c88e9813fb7e5b03c0dd3108b", - "sha256:3ef3092145e9b70e3ddd2c7ad59bdd0252a94dfe3949721633e41344de00a6bf", - "sha256:40c71b8e076d0550b2e6380bada1f1cd1017b882f7e16f09a65be98e017f211a", - "sha256:558dd60b890ba8fd982e05941927a3911dc409a63dcb8b634feaa0cda69330d3", - "sha256:a7c28b45d9f99102fa092bb213aa12e0aaf9a6a1f5e395d36166639c1f96c3a1", - "sha256:aa7dd4a6a427aed7df6fb7f08a580d68d9b118d90310374716ae90b710280af1", - "sha256:bc558586e6045763782014934bfaf39d48b8ae85a2713117d16c39864085c613", - "sha256:d46d7982b62e0729ad0175a9bc7e10a566fc07b224d2c79fafb5e032727eaa04", - "sha256:d5eef459e30b09f5a098b9cea68bebfeb268697f78d647bd255a085371ac7f3f", - "sha256:e01d3203230e1786cd91ccfdc8f8454c8069c91bee3962ad93b87a4b2860f537", - "sha256:e170a9e6fcfd19021dd29845af83bb79236068bf5fd4df3327c1be18182b2531" + "sha256:1adecc22f88d38052fb787d959f003811ca858b799590a5eaa70e63dca50308c", + "sha256:436bc774ecf7c103814098159fbb84c2715d25980175292c648f2da143909f95", + "sha256:460a5a4248763f6f37ea225d19d5c205677d8d525f6a83357ca622ed541830c2", + "sha256:5a22a9c84653debfbf198d02fe592c176ea548cccce47553f35f466e15cf2fd4", + "sha256:7a5d3f26b89d688db27822343dfa25c599627bc92093e788956372285c6298ad", + "sha256:9372b04a02080752d9e6f990179a4ab840227c6e2ce15b95e1278456664cf2ba", + "sha256:a5dcbebee834eaddf3fa7366316b880ff4062e4bcc9787b78c7fbb4a26ff2dd1", + "sha256:aee5bab92a176e7cd034e57f46e9df9a9862a71f8f37cad167c6fc74c65f5b4e", + "sha256:c51f642898c0bacd335fc119da60baae0824f2cde95b0330b56c0553439f0673", + "sha256:c68ea4d3ba1705da1e0d85da6684ac657912679a649e8868bd850d2c299cce13", + "sha256:e23d0cc5299223dcc37885dae624f382297717e459ea24053709675a976a3e19" ], "index": "pypi", - "version": "==3.13" + "version": "==5.1" }, "six": { "hashes": [ From 13dbb4cdbd3c4e1ed66ee6e265514102a375226a Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 31 Mar 2020 23:46:58 +0200 Subject: [PATCH 197/714] Moved tools into sigma namespace --- Makefile | 2 +- tools/setup.py | 12 ++++++------ tools/{merge_sigma => sigma/merge_sigma.py} | 0 tools/{sigma2attack => sigma/sigma2attack.py} | 0 .../sigma2genericsigma.py} | 0 tools/{sigma2misp => sigma/sigma2misp.py} | 0 .../{sigma_similarity => sigma/sigma_similarity.py} | 0 tools/{sigma_uuid => sigma/sigma_uuid.py} | 0 tools/{sigmac => sigma/sigmac.py} | 0 9 files changed, 7 insertions(+), 7 deletions(-) rename tools/{merge_sigma => sigma/merge_sigma.py} (100%) rename tools/{sigma2attack => sigma/sigma2attack.py} (100%) rename tools/{sigma2genericsigma => sigma/sigma2genericsigma.py} (100%) rename tools/{sigma2misp => sigma/sigma2misp.py} (100%) rename tools/{sigma_similarity => sigma/sigma_similarity.py} (100%) rename tools/{sigma_uuid => sigma/sigma_uuid.py} (100%) rename tools/{sigmac => sigma/sigmac.py} (100%) diff --git a/Makefile b/Makefile index ca9b0815..c76da3fc 100644 --- a/Makefile +++ b/Makefile @@ -100,7 +100,7 @@ test-backend-es-qs: test-sigma2attack: coverage run -a --include=$(COVSCOPE) tools/sigma2attack -build: tools/sigmac tools/merge_sigma tools/sigma/*.py tools/setup.py tools/setup.cfg +build: tools/sigma/*.py tools/setup.py tools/setup.cfg cd tools && python3 setup.py bdist_wheel sdist upload-test: build diff --git a/tools/setup.py b/tools/setup.py index 5ac5f0f1..7f867142 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -13,7 +13,7 @@ with open(path.join(here, 'README.md'), encoding='utf-8') as f: setup( name='sigmatools', - version='0.16.0', + version='0.17.0', description='Tools for the Generic Signature Format for SIEM Systems', long_description=long_description, long_description_content_type="text/markdown", @@ -79,11 +79,11 @@ setup( ])], entry_points={ 'console_scripts': [ - 'sigmac = sigmac:main', - 'merge_sigma = merge_sigma:main', - 'sigma2misp = sigma2misp:main', - 'sigma_similarity = sigma_similarity:main', - 'sigma_uuid = sigma_uuid:main', + 'sigmac = sigma.sigmac:main', + 'merge_sigma = sigma.merge_sigma:main', + 'sigma2misp = sigma.sigma2misp:main', + 'sigma_similarity = sigma.sigma_similarity:main', + 'sigma_uuid = sigma.sigma_uuid:main', ], }, ) diff --git a/tools/merge_sigma b/tools/sigma/merge_sigma.py similarity index 100% rename from tools/merge_sigma rename to tools/sigma/merge_sigma.py diff --git a/tools/sigma2attack b/tools/sigma/sigma2attack.py similarity index 100% rename from tools/sigma2attack rename to tools/sigma/sigma2attack.py diff --git a/tools/sigma2genericsigma b/tools/sigma/sigma2genericsigma.py similarity index 100% rename from tools/sigma2genericsigma rename to tools/sigma/sigma2genericsigma.py diff --git a/tools/sigma2misp b/tools/sigma/sigma2misp.py similarity index 100% rename from tools/sigma2misp rename to tools/sigma/sigma2misp.py diff --git a/tools/sigma_similarity b/tools/sigma/sigma_similarity.py similarity index 100% rename from tools/sigma_similarity rename to tools/sigma/sigma_similarity.py diff --git a/tools/sigma_uuid b/tools/sigma/sigma_uuid.py similarity index 100% rename from tools/sigma_uuid rename to tools/sigma/sigma_uuid.py diff --git a/tools/sigmac b/tools/sigma/sigmac.py similarity index 100% rename from tools/sigmac rename to tools/sigma/sigmac.py From 95e0b12d889ec95de6da5d6fab9a9e27dfc7af2b Mon Sep 17 00:00:00 2001 From: Chris O'Brien Date: Wed, 1 Apr 2020 18:18:13 +0200 Subject: [PATCH 198/714] Fixed date typo - by the looks of the commit date the month/date were swapped. --- rules/windows/process_creation/win_task_folder_evasion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml index 82a3e4d6..253824e2 100644 --- a/rules/windows/process_creation/win_task_folder_evasion.yml +++ b/rules/windows/process_creation/win_task_folder_evasion.yml @@ -5,7 +5,7 @@ description: The Tasks folder in system32 and syswow64 are globally writable pat references: - https://twitter.com/subTee/status/1216465628946563073 - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26 -date: 2020/13/01 +date: 2020/01/13 author: Sreeman tags: - attack.t1064 From 97c0872c81a863799efb1be768357666e67f7f3d Mon Sep 17 00:00:00 2001 From: Chris O'Brien Date: Thu, 2 Apr 2020 09:53:09 +0200 Subject: [PATCH 199/714] Date typo. --- .../process_creation/win_malware_trickbot_recon_activity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_malware_trickbot_recon_activity.yml b/rules/windows/process_creation/win_malware_trickbot_recon_activity.yml index 9ac70a65..a2a2546f 100644 --- a/rules/windows/process_creation/win_malware_trickbot_recon_activity.yml +++ b/rules/windows/process_creation/win_malware_trickbot_recon_activity.yml @@ -5,7 +5,7 @@ description: Trickbot enumerates domain/network topology and executes certain co references: - https://www.sneakymonkey.net/2019/05/22/trickbot-analysis/ author: David Burkett -date: 12/28/2019 +date: 2019/12/28 tags: - attack.t1482 logsource: From fe5dbece3d90b20eef13a7309a042c54ca3357f4 Mon Sep 17 00:00:00 2001 From: Chris O'Brien Date: Thu, 2 Apr 2020 10:00:00 +0200 Subject: [PATCH 200/714] Date typos...more than I thought... --- rules/windows/builtin/win_susp_mshta_execution.yml | 4 ++-- rules/windows/process_creation/win_susp_svchost_no_cli.yml | 2 +- rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml | 2 +- rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml | 2 +- rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml | 2 +- rules/windows/sysmon/sysmon_suspicious_remote_thread.yml | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rules/windows/builtin/win_susp_mshta_execution.yml b/rules/windows/builtin/win_susp_mshta_execution.yml index b1599fba..eeadccde 100644 --- a/rules/windows/builtin/win_susp_mshta_execution.yml +++ b/rules/windows/builtin/win_susp_mshta_execution.yml @@ -2,8 +2,8 @@ title: MSHTA Suspicious Execution 01 id: cc7abbd0-762b-41e3-8a26-57ad50d2eea3 status: experimental description: Detection for mshta.exe suspicious execution patterns sometimes involving file polyglotism -date: 22/02/2019 -modified: 22/02/2019 +date: 2019/02/22 +modified: 2019/02/22 author: Diego Perez (@darkquassar), Markus Neis, Swisscom (Improve Rule) references: - http://blog.sevagas.com/?Hacking-around-HTA-files diff --git a/rules/windows/process_creation/win_susp_svchost_no_cli.yml b/rules/windows/process_creation/win_susp_svchost_no_cli.yml index e4829b14..d635c590 100644 --- a/rules/windows/process_creation/win_susp_svchost_no_cli.yml +++ b/rules/windows/process_creation/win_susp_svchost_no_cli.yml @@ -5,7 +5,7 @@ description: It is extremely abnormal for svchost.exe to spawn without any CLI a references: - https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2 author: David Burkett -date: 12/28/2019 +date: 2019/12/28 tags: - attack.t1055 logsource: diff --git a/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml b/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml index 73771eea..d5e77adb 100644 --- a/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml +++ b/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml @@ -6,7 +6,7 @@ description: Detects the access to processes by other suspicious processes which few calls in the stack (ntdll.dll --> kernelbase.dll --> unknown) which essentially means that most of the functions required by the process to execute certain routines are already present in memory, not requiring any calls to external libraries. The latter should also be considered suspicious. status: experimental -date: 27/10/2019 +date: 2019/10/27 author: Perez Diego (@darkquassar), oscd.community references: - https://azure.microsoft.com/en-ca/blog/detecting-in-memory-attacks-with-sysmon-and-azure-security-center/ diff --git a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml b/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml index 4b40451f..556b2b6f 100644 --- a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml +++ b/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml @@ -4,7 +4,7 @@ status: experimental description: Detects the use of MiniDumpWriteDump API for dumping lsass.exe memory in a stealth way. Tools like ProcessHacker and some attacker tradecract use this API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and transfer it over the network back to the attacker's machine. -date: 27/10/2019 +date: 2019/10/27 modified: 2019/11/13 author: Perez Diego (@darkquassar), oscd.community references: diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index bf8515aa..6f6c9f6b 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -8,7 +8,7 @@ author: Florian Roth, Markus Neis tags: - attack.persistence - attack.t1060 -date: 2018/25/08 +date: 2018/08/25 modified: 2020/02/26 logsource: product: windows diff --git a/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml b/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml index 8d1519e4..00d51a6a 100644 --- a/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml +++ b/rules/windows/sysmon/sysmon_suspicious_remote_thread.yml @@ -6,7 +6,7 @@ description: Offensive tradecraft is switching away from using APIs like "Create notes: - MonitoringHost.exe is a process that loads .NET CLR by default and thus a favorite for process injection for .NET in-memory offensive tools. status: experimental -date: 27/10/2019 +date: 2019/10/27 modified: 2019/11/13 author: Perez Diego (@darkquassar), oscd.community references: From ee7babd8cbadbb5201875288f72b9ff8c1b16cae Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 2 Apr 2020 12:27:53 +0200 Subject: [PATCH 201/714] fix: security vulnerability with pyyaml < 4.2b1 --- tools/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/requirements.txt b/tools/requirements.txt index b601bb5a..3debba0b 100644 --- a/tools/requirements.txt +++ b/tools/requirements.txt @@ -1,4 +1,4 @@ -PyYAML~=3.11 +pyyaml>=4.2b1 requests~=2.23 urllib3~=1.25 progressbar2~=3.47 From f92c5e9b18c00aec5af7aded322cb096c8812a54 Mon Sep 17 00:00:00 2001 From: Maxime Lamothe-Brassard Date: Thu, 2 Apr 2020 15:25:30 -0700 Subject: [PATCH 202/714] Remove generation of LC rules with timeframe. --- tools/sigma/backends/limacharlie.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/sigma/backends/limacharlie.py b/tools/sigma/backends/limacharlie.py index 30b99398..4acbde2c 100644 --- a/tools/sigma/backends/limacharlie.py +++ b/tools/sigma/backends/limacharlie.py @@ -217,6 +217,11 @@ class LimaCharlieBackend(BaseBackend): # except KeyError: # service = "" + # If there is a timeframe component, we do not currently + # support it for now. + if ruleConfig.get( 'detection', {} ).get( 'timeframe', None ) is not None: + raise NotImplementedError("Timeframes are not supported by backend.") + # Don't use service for now, most Windows Event Logs # uses a different service with no category, since we # treat all Windows Event Logs together we can ignore From f4928e95bc059fcefa2babf0da780d645fc6fbea Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Apr 2020 09:36:17 +0200 Subject: [PATCH 203/714] Update powershell_suspicious_profile_create.yml --- .../powershell_suspicious_profile_create.yml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/rules/windows/powershell/powershell_suspicious_profile_create.yml b/rules/windows/powershell/powershell_suspicious_profile_create.yml index 5266c23e..de6a3897 100644 --- a/rules/windows/powershell/powershell_suspicious_profile_create.yml +++ b/rules/windows/powershell/powershell_suspicious_profile_create.yml @@ -1,20 +1,26 @@ -title: Powershell profile modify +title: Powershell Profile.ps1 Modification +id: b5b78988-486d-4a80-b991-930eff3ff8bf status: experimental -description: Detects a change in profile.ps1 of Powershell profile +description: Detects a change in profile.ps1 of the Powershell profile references: - https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/ author: HieuTT35 date: 2019/10/24 +modified: 2020/04/03 logsource: product: windows service: sysmon detection: event: - EventID: 11 + EventID: 11 target1: - TargetFilename|re: '.*\\My Documents\\PowerShell\\(Microsoft\.)?.*(Profile|profile)\.ps1' + TargetFilename|contains|all: + - '\My Documents\PowerShell\' + - '\profile.ps1' target2: - TargetFilename|re: 'C\:\\Windows\\System32\\WindowsPowerShell\\v1\.0\\(Microsoft\.)?.*(Profile|profile)\.ps1' + TargetFilename|contains|all: + - 'C:\Windows\System32\WindowsPowerShell\v1.0\' + - '\profile.ps1' condition: event and (target1 or target2) falsepositives: - System administrator create Powershell profile manually From 81d0f822721554957d7dd74c60ce0ffe2bb676c0 Mon Sep 17 00:00:00 2001 From: mpavlunin <62989646+mpavlunin@users.noreply.github.com> Date: Fri, 3 Apr 2020 16:56:26 +0300 Subject: [PATCH 204/714] Create new rule T1223 Suspicious Compiled HTML File --- .../process_creation/sysmon_win_chm.yml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 rules/windows/process_creation/sysmon_win_chm.yml diff --git a/rules/windows/process_creation/sysmon_win_chm.yml b/rules/windows/process_creation/sysmon_win_chm.yml new file mode 100644 index 00000000..be4cae85 --- /dev/null +++ b/rules/windows/process_creation/sysmon_win_chm.yml @@ -0,0 +1,35 @@ +title: Suspicious Compiled HTML File +id: 52cad028-0ff0-4854-8f67-d25dfcbc78b4 +status: experimental +description: Detects a suspicious child process of a Microsoft HTML Help system when executing compiled HTML files (.chm) +references: + - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/chm-badness-delivers-a-banking-trojan/ +author: Maxim Pavlunin +date: 2020/04/01 +modified: 2020/04/01 +tags: + - attack.execution + - attack.defense_evasion + - attack.t1223 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + ParentImage: 'C:\Windows\hh.exe' + Image: + - '*\cmd.exe' + - '*\powershell.exe' + - '*\wscript.exe' + - '*\cscript.exe' + - '*\regsvr32.exe' + - '*\wmic.exe' + - '*\rundll32.exe' + condition: selection +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - unknown +level: high From 4e3985866b0a79afaa3aa5c4be709609fd910cbc Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Apr 2020 16:50:48 +0200 Subject: [PATCH 205/714] Update and rename sysmon_win_chm.yml to win_html_help_spawn.yml --- ...on_win_chm.yml => win_html_help_spawn.yml} | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) rename rules/windows/process_creation/{sysmon_win_chm.yml => win_html_help_spawn.yml} (66%) diff --git a/rules/windows/process_creation/sysmon_win_chm.yml b/rules/windows/process_creation/win_html_help_spawn.yml similarity index 66% rename from rules/windows/process_creation/sysmon_win_chm.yml rename to rules/windows/process_creation/win_html_help_spawn.yml index be4cae85..ed18c5c0 100644 --- a/rules/windows/process_creation/sysmon_win_chm.yml +++ b/rules/windows/process_creation/win_html_help_spawn.yml @@ -1,4 +1,4 @@ -title: Suspicious Compiled HTML File +title: HTML Help Shell Spawn id: 52cad028-0ff0-4854-8f67-d25dfcbc78b4 status: experimental description: Detects a suspicious child process of a Microsoft HTML Help system when executing compiled HTML files (.chm) @@ -6,26 +6,25 @@ references: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/chm-badness-delivers-a-banking-trojan/ author: Maxim Pavlunin date: 2020/04/01 -modified: 2020/04/01 +modified: 2020/04/03 tags: - attack.execution - attack.defense_evasion - attack.t1223 logsource: + category: process_creation product: windows - service: sysmon detection: selection: - EventID: 1 ParentImage: 'C:\Windows\hh.exe' - Image: - - '*\cmd.exe' - - '*\powershell.exe' - - '*\wscript.exe' - - '*\cscript.exe' - - '*\regsvr32.exe' - - '*\wmic.exe' - - '*\rundll32.exe' + Image|endswith: + - '\cmd.exe' + - '\powershell.exe' + - '\wscript.exe' + - '\cscript.exe' + - '\regsvr32.exe' + - '\wmic.exe' + - '\rundll32.exe' condition: selection fields: - CommandLine From 3470011ac35f692b1484f6b4164738c3727e2664 Mon Sep 17 00:00:00 2001 From: j91321 Date: Sun, 5 Apr 2020 20:30:57 +0200 Subject: [PATCH 206/714] Revert time interval, use index values provided by sigmaparser --- tools/sigma/backends/elasticsearch.py | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 8c86fc5d..5fd0dc34 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -997,10 +997,6 @@ class ElastalertBackendQs(ElastalertBackend, ElasticsearchQuerystringBackend): class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): identifier = "es-rule" active = True - options = ElasticsearchQuerystringBackend.options + ( - ("index_patterns", "apm-*-transaction,auditbeat-*,endgame-*,filebeat-*,packetbeat-*,winlogbeat-*", "Rule execution index patterns", "index_patterns"), - ("execution_interval", "5m", "Rule execution interval", "interval"), - ) def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) @@ -1024,9 +1020,12 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): def generate(self, sigmaparser): translation = super().generate(sigmaparser) if translation: + index = sigmaparser.get_logsource().index + if len(index) == 0: + index = ["apm-*-transaction", "auditbeat-*", "endgame-*", "filebeat-*", "packetbeat-*", "winlogbeat-*"] configs = sigmaparser.parsedyaml configs.update({"translation": translation}) - rule = self.create_rule(configs) + rule = self.create_rule(configs, index) return rule def create_threat_description(self, tactics_list, techniques_list): @@ -1074,7 +1073,7 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): elif level == "critical": return randrange(74,101) - def create_rule(self, configs): + def create_rule(self, configs, index): tags = configs.get("tags", []) tactics_list = list() technics_list = list() @@ -1110,8 +1109,8 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): "filters": [], "from": "now-360s", "immutable": False, - "index": self.index_patterns.split(','), - "interval": self.interval, + "index": index, + "interval": "5m", "rule_id": rule_id, "language": "lucene", "output_index": ".siem-signals-default", From 73a6428345ec7899f1437717676570e7d932b729 Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Tue, 7 Apr 2020 17:14:45 +0200 Subject: [PATCH 207/714] Update the NTLM downgrade registry paths Recent windows versions rely on the ["MSV1_0" authentication package](https://docs.microsoft.com/en-us/windows/win32/secauthn/msv1-0-authentication-package). Production environment tests have shown that NTLM downgrade attacks can be performed as detected by this rule although some of the registry keys are located in an "Lsa" subkey ("MSV1_0"). This commit introduces additionnal wildcards to handle these cases to ensure the previous detection rules are still included. --- rules/windows/builtin/win_net_ntlm_downgrade.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/builtin/win_net_ntlm_downgrade.yml b/rules/windows/builtin/win_net_ntlm_downgrade.yml index 8418f4ec..90d2c333 100644 --- a/rules/windows/builtin/win_net_ntlm_downgrade.yml +++ b/rules/windows/builtin/win_net_ntlm_downgrade.yml @@ -23,8 +23,8 @@ detection: EventID: 13 TargetObject: - '*SYSTEM\\*ControlSet*\Control\Lsa\lmcompatibilitylevel' - - '*SYSTEM\\*ControlSet*\Control\Lsa\NtlmMinClientSec' - - '*SYSTEM\\*ControlSet*\Control\Lsa\RestrictSendingNTLMTraffic' + - '*SYSTEM\\*ControlSet*\Control\Lsa*\NtlmMinClientSec' + - '*SYSTEM\\*ControlSet*\Control\Lsa*\RestrictSendingNTLMTraffic' --- # Windows Security Eventlog: Process Creation with Full Command Line logsource: @@ -34,7 +34,7 @@ logsource: detection: selection2: EventID: 4657 - ObjectName: '\REGISTRY\MACHINE\SYSTEM\\*ControlSet*\Control\Lsa' + ObjectName: '\REGISTRY\MACHINE\SYSTEM\\*ControlSet*\Control\Lsa*' ObjectValueName: - 'LmCompatibilityLevel' - 'NtlmMinClientSec' From e87f2705a75dfb94df4c25519759faaaade2c3c4 Mon Sep 17 00:00:00 2001 From: iveco Date: Wed, 8 Apr 2020 17:57:47 +0200 Subject: [PATCH 208/714] Detect Ghost-In-The-Logs (disabling/bypassing ETW) --- .../builtin/win_user_driver_loaded.yml | 38 +++++++++++++++++++ ...cexplorer_driver_created_in_tmp_folder.yml | 28 ++++++++++++++ .../sysmon/sysmon_susp_service_installed.yml | 33 ++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 rules/windows/builtin/win_user_driver_loaded.yml create mode 100644 rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml create mode 100644 rules/windows/sysmon/sysmon_susp_service_installed.yml diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml new file mode 100644 index 00000000..fb030a54 --- /dev/null +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -0,0 +1,38 @@ +title: Possible suspicous kernel driver loaded by user +id: f63508a0-c809-4435-b3be-ed819394d612 +description: detects the loading of drivers via 'SeLoadDriverPrivilege' required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. If you exclude privileged users/admins and processes, which are allowed to do so, you are maybe left with bad programs trying to load malicious kernel drivers. This will detect Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs) and the usage of Sysinternals and various other tools. So you have to work with a whitelist to find the bad stuff. +status: experimental +references: + - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ + - https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4673 +tags: + - attack.t1089 + - attack.defensive_evasion +date: 2019/04/08 +author: xknow @xknow_infosec, @xorxes +logsource: + product: windows + service: security +detection: + selection_1: + EventID: 4673 + PrivilegeList: 'SeLoadDriverPrivilege' + status: 'failure' + Service: '-' + selection_2: + ProcessName|contains: + - '*\Windows\System32\Dism.exe' + - '*\Windows\System32\rundll32.exe' + - '*\Windows\System32\fltMC.exe' + - '*\Windows\HelpPane.exe' + - '*\Windows\System32\mmc.exe' + - '*\Windows\System32\svchost.exe' + - '*\Windows\System32\wimserv.exe' + - '*\procexp64.exe' + - '*\procexp.exe' + - '*\procmon64.exe' + - '*\procmon.exe' + condition: selection_1 and not selection_2 +falsepositives: + - Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers. +level: Medium diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml new file mode 100644 index 00000000..915f0ce7 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -0,0 +1,28 @@ +title: Suspicious PROCEXP152.sys file created in tmp folder +id: 3da70954-0f2c-4103-adff-b7440368f50e +description: detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. +status: experimental +date: 2019/04/08 +author: xknow @xknow_infosec, @xorxes +references: + - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ +tags: + - attack.t1089 + - attack.defensive_evasion +logsource: + product: windows + service: sysmon +detection: + selection_1: + EventID: 11 + TargetFilename: '*\AppData\Local\Temp\*\PROCEXP152.sys' + selection_2: + Image|contains: + - '*\procexp64.exe' + - '*\procexp.exe' + - '*\procmon64.exe' + - '*\procmon.exe' + condition: selection_1 and not selection_2 +falsepositives: + - Other legimate tools using this driver and filename (like Sysinternals). Note: Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it. +level: Medium diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml new file mode 100644 index 00000000..6e71f449 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -0,0 +1,33 @@ +title: Suspicious Service installed +id: f2485272-a156-4773-82d7-1d178bc4905b +description: detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) +status: experimental +date: 2019/04/08 +author: xknow @xknow_infosec, @xorxes +references: + - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ +tags: + - attack.t1089 + - attack.defensive_evasion +logsource: + product: windows + service: sysmon +detection: + selection_1: + EventID: 13 + TargetObject: + - 'HKLM\System\CurrentControlSet\Services\NalDrv\ImagePath' + - 'HKLM\System\CurrentControlSet\Services\PROCEXP152\ImagePath' + selection_2: + Image|contains: + - '*\procexp64.exe' + - '*\procexp.exe' + - '*\procmon64.exe' + - '*\procmon.exe' + selection_3: + Details|contains: + - '*\WINDOWS\system32\Drivers\PROCEXP152.SYS' + condition: selection_1 and not selection_2 and not selection_3 +falsepositives: + - Other legimate tools using this service names and drivers. Note: Clever attackers may easily bypass this detection by just renaming the services. Therefore just Medium-level and don't rely on it. +level: Medium From d1b9c0c34ac4e7de48643a53869ca8869030675f Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:21:59 +0200 Subject: [PATCH 209/714] Update win_user_driver_loaded.yml Fixed CI --- rules/windows/builtin/win_user_driver_loaded.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index fb030a54..de599d0f 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -1,4 +1,4 @@ -title: Possible suspicous kernel driver loaded by user +title: Suspicious Driver Loaded By User id: f63508a0-c809-4435-b3be-ed819394d612 description: detects the loading of drivers via 'SeLoadDriverPrivilege' required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. If you exclude privileged users/admins and processes, which are allowed to do so, you are maybe left with bad programs trying to load malicious kernel drivers. This will detect Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs) and the usage of Sysinternals and various other tools. So you have to work with a whitelist to find the bad stuff. status: experimental @@ -7,7 +7,7 @@ references: - https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4673 tags: - attack.t1089 - - attack.defensive_evasion + - attack.defense_evasion date: 2019/04/08 author: xknow @xknow_infosec, @xorxes logsource: From 5e724a0a5428bb50ed0f6e9cd426795b4f94485f Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:22:51 +0200 Subject: [PATCH 210/714] Update sysmon_susp_service_installed.yml Fixed CI --- rules/windows/sysmon/sysmon_susp_service_installed.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml index 6e71f449..fe869645 100644 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -1,4 +1,4 @@ -title: Suspicious Service installed +title: Suspicious Service Installed id: f2485272-a156-4773-82d7-1d178bc4905b description: detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) status: experimental @@ -8,7 +8,7 @@ references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: - attack.t1089 - - attack.defensive_evasion + - attack.defense_evasion logsource: product: windows service: sysmon From 3280a1dfb064c1c9dfd3302195012d68fcd1a18f Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:23:29 +0200 Subject: [PATCH 211/714] Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml Fixed CI --- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 915f0ce7..2c3635a0 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -1,4 +1,4 @@ -title: Suspicious PROCEXP152.sys file created in tmp folder +title: Suspicious PROCEXP152.sys File Created In TMP id: 3da70954-0f2c-4103-adff-b7440368f50e description: detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. status: experimental @@ -8,7 +8,7 @@ references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: - attack.t1089 - - attack.defensive_evasion + - attack.defense_evasion logsource: product: windows service: sysmon From d0746b50f40c8e02d48276806290bc8db87f397a Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:41:16 +0200 Subject: [PATCH 212/714] Update win_user_driver_loaded.yml Fixed author --- rules/windows/builtin/win_user_driver_loaded.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index de599d0f..84195d2f 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -9,7 +9,7 @@ tags: - attack.t1089 - attack.defense_evasion date: 2019/04/08 -author: xknow @xknow_infosec, @xorxes +author: @xknow_infosec, @xor_xes logsource: product: windows service: security From fc1febdebebe3038c4a17b1bda030572189da898 Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:41:25 +0200 Subject: [PATCH 213/714] Update sysmon_susp_service_installed.yml Fixed Author --- rules/windows/sysmon/sysmon_susp_service_installed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml index fe869645..229ba669 100644 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -3,7 +3,7 @@ id: f2485272-a156-4773-82d7-1d178bc4905b description: detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) status: experimental date: 2019/04/08 -author: xknow @xknow_infosec, @xorxes +author: @xknow_infosec, @xor_xes references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: From 6d85650390076dc41e71ab385587b07353725eae Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:41:33 +0200 Subject: [PATCH 214/714] Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml Fixed Author --- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 2c3635a0..0f6b000d 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -3,7 +3,7 @@ id: 3da70954-0f2c-4103-adff-b7440368f50e description: detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. status: experimental date: 2019/04/08 -author: xknow @xknow_infosec, @xorxes +author: @xknow_infosec, @xor_xes references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: From 4520082ef739693aa9b35ae8a804138d7710bcef Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:54:37 +0200 Subject: [PATCH 215/714] Update sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml CI --- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 0f6b000d..9043825f 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -3,7 +3,7 @@ id: 3da70954-0f2c-4103-adff-b7440368f50e description: detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. status: experimental date: 2019/04/08 -author: @xknow_infosec, @xor_xes +author: xknow (@xknow_infosec), xorxes (@xor_xes) references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: From c5211eb94ac5809468e9d430d9bffc2f892434ed Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:54:46 +0200 Subject: [PATCH 216/714] Update sysmon_susp_service_installed.yml CI --- rules/windows/sysmon/sysmon_susp_service_installed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml index 229ba669..628b10bd 100644 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -3,7 +3,7 @@ id: f2485272-a156-4773-82d7-1d178bc4905b description: detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) status: experimental date: 2019/04/08 -author: @xknow_infosec, @xor_xes +author: xknow (@xknow_infosec), xorxes (@xor_xes) references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: From e913db0dca590e41c965b56ea71d3ca554fbbae7 Mon Sep 17 00:00:00 2001 From: Iveco Date: Wed, 8 Apr 2020 18:54:59 +0200 Subject: [PATCH 217/714] Update win_user_driver_loaded.yml CI --- rules/windows/builtin/win_user_driver_loaded.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index 84195d2f..b407fc2f 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -9,7 +9,7 @@ tags: - attack.t1089 - attack.defense_evasion date: 2019/04/08 -author: @xknow_infosec, @xor_xes +author: xknow (@xknow_infosec), xorxes (@xor_xes) logsource: product: windows service: security From 1b7f33f5e236beeb5694362c6495d060dd4b1759 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Wed, 8 Apr 2020 22:28:47 +0200 Subject: [PATCH 218/714] Fixed undefined value in exception handling Fixes issue #702. --- tools/sigma/backends/qradar.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/qradar.py b/tools/sigma/backends/qradar.py index 455a368f..f29024af 100644 --- a/tools/sigma/backends/qradar.py +++ b/tools/sigma/backends/qradar.py @@ -120,7 +120,7 @@ class QRadarBackend(SingleTextQueryBackend): regex = regex + '.*' return "%s imatches %s" % (self.cleanKey(fieldname), self.generateValueNode(regex, True)) else: - raise NotImplementedError("Type modifier '{}' is not supported by backend".format(node.identifier)) + raise NotImplementedError("Type modifier '{}' is not supported by backend".format(value.identifier)) def generateValueNode(self, node, keypresent): if keypresent == False: From 3277cec7aa839daa2eda3e6f66510e58d7078ccd Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Wed, 8 Apr 2020 23:23:44 +0200 Subject: [PATCH 219/714] Reverted list sorting This was already implemented meanwhile in a previous commit. --- tools/sigmac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigmac b/tools/sigmac index 7cde6bef..89129e7b 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -100,7 +100,7 @@ def set_argparser(): t is a tag that must appear in the rules tag list, case-insensitive matching. Multiple log source specifications are AND linked. """) - argparser.add_argument("--target", "-t", choices=sorted(backends.getBackendDict().keys()), help="Output target format") + argparser.add_argument("--target", "-t", choices=backends.getBackendDict().keys(), help="Output target format") argparser.add_argument("--lists", "-l", action="store_true", help="List available output target formats and configurations") argparser.add_argument("--config", "-c", action="append", help="Configurations with field name and index mapping for target environment. Multiple configurations are merged into one. Last config is authorative in case of conflicts.") argparser.add_argument("--output", "-o", default=None, help="Output file or filename prefix if multiple files are generated") From 72c2241bb4d9896974e20d65285a6dd74e1bc079 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Wed, 8 Apr 2020 23:39:38 +0200 Subject: [PATCH 220/714] Cleanup * Added CI test * Added changelog entry --- CHANGELOG.md | 4 ++++ Makefile | 1 + 2 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b072e652..2d1966ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ from version 0.14.0. ## Unreleased +### Added + +* LOGIQ Backend (logiq) + ### Fixed * Splunx XML rule name is now set to rule title diff --git a/Makefile b/Makefile index 46803959..ec332342 100644 --- a/Makefile +++ b/Makefile @@ -49,6 +49,7 @@ test-sigmac: coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null + coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logiq -c sysmon rules/ > /dev/null coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null ! coverage run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=xcritical,status=stable,logsource=windows' rules/ > /dev/null From 1c5c8047fdf87d75c35fda7364e455dd822c0428 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Wed, 8 Apr 2020 23:43:46 +0200 Subject: [PATCH 221/714] Fixes * Removed commented debug print statements * Defined nullExpression * Removed unneeded generateMapItemNode method * Value cleaning bug on matching of wildcard at first character --- tools/sigma/backends/logiq.py | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/tools/sigma/backends/logiq.py b/tools/sigma/backends/logiq.py index 3970bbaa..f359fcc9 100644 --- a/tools/sigma/backends/logiq.py +++ b/tools/sigma/backends/logiq.py @@ -17,7 +17,7 @@ class LogiqBackend(SingleTextQueryBackend): listSeparator = ", " valueExpression = "message =~ \'%s\'" keyExpression = "%s" - nullExpression = "%s" + nullExpression = "!~ %s" notNullExpression = "!%s" mapExpression = "(%s=%s)" mapListsSpecialHandling = True @@ -29,14 +29,11 @@ class LogiqBackend(SingleTextQueryBackend): eventRule = dict() eventRule["name"] = sigmaparser.parsedyaml["title"] - eventRule["groupName"] = sigmaparser.parsedyaml["logsource"]["product"] + eventRule["groupName"] = sigmaparser.parsedyaml["logsource"].get("product", "") eventRule["description"] = sigmaparser.parsedyaml["description"] eventRule["condition"] = sigmaparser.parsedyaml["detection"] eventRule["level"] = sigmaparser.parsedyaml["level"] - # for key,value in eventRule.items(): - # print(key, ":", value) - for parsed in sigmaparser.condparsed: query = self.generateQuery(parsed) before = self.generateBefore(parsed) @@ -53,22 +50,12 @@ class LogiqBackend(SingleTextQueryBackend): return json.dumps(eventRule) def cleanValue(self, val): - if val[0] == '*': + if val.startswith('*'): val = val.replace("*","/*") - # print("cleanValue: ", val) return val def generateListNode(self, node): - # print("generateListNode: ", node) if not set([type(value) for value in node]).issubset({str, int}): raise TypeError("List values must be strings or numbers") return self.generateORNode(node) - - def generateMapItemNode(self, node): - # print("generateMapItemNode: ", node) - key, value = node - if value is None: - return self.generateNULLValueNode(node) - else: - return self.generateNode(value) From 61b9234d7f3aacc70fd29ac42fbfaaf79fd44928 Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 9 Apr 2020 11:28:19 +0200 Subject: [PATCH 222/714] Update win_user_driver_loaded.yml removed internal field --- rules/windows/builtin/win_user_driver_loaded.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index b407fc2f..edb64872 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -17,7 +17,6 @@ detection: selection_1: EventID: 4673 PrivilegeList: 'SeLoadDriverPrivilege' - status: 'failure' Service: '-' selection_2: ProcessName|contains: From 72b821e046e9ee281d545e8095460a23b4590296 Mon Sep 17 00:00:00 2001 From: vesche Date: Thu, 9 Apr 2020 11:16:18 -0500 Subject: [PATCH 223/714] Update win_susp_netsh_dll_persistence.yml --- .../process_creation/win_susp_netsh_dll_persistence.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml index 12bcc7a8..bcf8a26a 100644 --- a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml +++ b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1060 + - attack.t1128 date: 2019/10/25 modified: 2019/10/25 author: Victor Sergeev, oscd.community @@ -26,5 +27,5 @@ fields: - CommandLine - ParentCommandLine falsepositives: - - Unkown + - Unknown level: high From 82db80bee619c11052291c34a99fe69d2ca6774a Mon Sep 17 00:00:00 2001 From: vesche Date: Fri, 10 Apr 2020 01:02:43 -0500 Subject: [PATCH 224/714] Remove wrong mitre technique --- .../windows/process_creation/win_susp_netsh_dll_persistence.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml index bcf8a26a..f2767fea 100644 --- a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml +++ b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml @@ -6,7 +6,6 @@ references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1060/T1060.yaml tags: - attack.persistence - - attack.t1060 - attack.t1128 date: 2019/10/25 modified: 2019/10/25 From 3889be62558717a7e6fff9e11e6466ed879207b8 Mon Sep 17 00:00:00 2001 From: vesche Date: Fri, 10 Apr 2020 01:05:10 -0500 Subject: [PATCH 225/714] Replace reference link for win_susp_netsh_dll_persistence --- .../windows/process_creation/win_susp_netsh_dll_persistence.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml index f2767fea..1443ecac 100644 --- a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml +++ b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml @@ -3,7 +3,7 @@ id: 56321594-9087-49d9-bf10-524fe8479452 description: Detects persitence via netsh helper status: test references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1060/T1060.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1128/T1128.md tags: - attack.persistence - attack.t1128 From 6312f381bfb8c8661b2b6aba70742fe58fb1ca15 Mon Sep 17 00:00:00 2001 From: Danijel Grah <1746112+alm8i@users.noreply.github.com> Date: Fri, 10 Apr 2020 16:12:05 +0200 Subject: [PATCH 226/714] C# backend Converts Sigma rule into C# Regex in LINQ query --- tools/sigma/backends/csharp.py | 163 +++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 tools/sigma/backends/csharp.py diff --git a/tools/sigma/backends/csharp.py b/tools/sigma/backends/csharp.py new file mode 100644 index 00000000..8d827a36 --- /dev/null +++ b/tools/sigma/backends/csharp.py @@ -0,0 +1,163 @@ +# Output backends for sigmac +# Copyright 2020 Danijel Grah (dgrah@nil.com) + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +# How to use it in your CSharp program: +# public Dictionary sigmas = new Dictionary(); +# sigmas["rules/windows/process_creation/win_cmdkey_recon.yml"] = from x in evnt where (x.Key == "1" .... + +import re +import sigma +from .base import SingleTextQueryBackend +from .mixins import MultiRuleOutputMixin + +class CSharpBackend(SingleTextQueryBackend): + """Converts Sigma rule into CSharp Regex in LINQ query.""" + identifier = "csharp" + active = True + config_required = False + default_config = ["sysmon"] + + + reEscape = re.compile('((? Date: Sat, 11 Apr 2020 02:51:05 -0600 Subject: [PATCH 227/714] Create powershell_create_local_user.yml Adds coverage for creating a local account via PowerShell from https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md#atomic-test-4---create-a-new-user-in-powershell --- .../powershell_create_local_user.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 rules/windows/powershell/powershell_create_local_user.yml diff --git a/rules/windows/powershell/powershell_create_local_user.yml b/rules/windows/powershell/powershell_create_local_user.yml new file mode 100644 index 00000000..d046dd4e --- /dev/null +++ b/rules/windows/powershell/powershell_create_local_user.yml @@ -0,0 +1,25 @@ +title: PowerShell Create Local User +id: 243de76f-4725-4f2e-8225-a8a69b15ad61 +status: experimental +description: Detects creation of a local user via PowerShell +references: + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md +tags: + - attack.execution + - attack.t1086 + - attack.persistence + - attack.t1136 +author: '@ROxPinTeddy' +date: 2020/04/11 +logsource: + product: windows + service: powershell +detection: + selection: + EventID: 4104 + Message|contains: + - 'New-LocalUser' + condition: selection +falsepositives: + - Legitimate user creation +level: low From 7ac685882c43f4d8799106cb1d6252af5fcf2879 Mon Sep 17 00:00:00 2001 From: alm8i Date: Sat, 11 Apr 2020 15:47:23 +0200 Subject: [PATCH 228/714] comments for usage --- tools/sigma/backends/csharp.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/sigma/backends/csharp.py b/tools/sigma/backends/csharp.py index 8d827a36..388b72ca 100644 --- a/tools/sigma/backends/csharp.py +++ b/tools/sigma/backends/csharp.py @@ -14,9 +14,11 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . -# How to use it in your CSharp program: +# How to use it in your CSharp program: # public Dictionary sigmas = new Dictionary(); -# sigmas["rules/windows/process_creation/win_cmdkey_recon.yml"] = from x in evnt where (x.Key == "1" .... +# Dictionary evnt = new Dictionary(); +# this.evnt.Add(Key, Value); +# sigmas["rules/windows/process_creation/win_cmdkey_recon.yml"] = THE OUTPUT OF csharp BACKEND import re import sigma From 9cdb3a4a64124364ec4383de5380c28c11b9d87a Mon Sep 17 00:00:00 2001 From: vesche Date: Mon, 13 Apr 2020 11:09:00 -0500 Subject: [PATCH 229/714] Fix typo --- rules/windows/builtin/win_GPO_scheduledtasks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_GPO_scheduledtasks.yml b/rules/windows/builtin/win_GPO_scheduledtasks.yml index c2b61966..b0a820ef 100644 --- a/rules/windows/builtin/win_GPO_scheduledtasks.yml +++ b/rules/windows/builtin/win_GPO_scheduledtasks.yml @@ -1,6 +1,6 @@ title: Persistence and Execution at Scale via GPO Scheduled Task id: a8f29a7b-b137-4446-80a0-b804272f3da2 -description: Detect lateral movement using GPO scheduled task, ususally used to deploy ransomware at scale +description: Detect lateral movement using GPO scheduled task, usually used to deploy ransomware at scale author: Samir Bousseaden date: 2019/04/03 references: From 1f918253e80df93927d2be5c177cf0feac1d9d25 Mon Sep 17 00:00:00 2001 From: vesche Date: Mon, 13 Apr 2020 11:09:36 -0500 Subject: [PATCH 230/714] Add additional reference --- rules/windows/builtin/win_GPO_scheduledtasks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_GPO_scheduledtasks.yml b/rules/windows/builtin/win_GPO_scheduledtasks.yml index b0a820ef..6403ab72 100644 --- a/rules/windows/builtin/win_GPO_scheduledtasks.yml +++ b/rules/windows/builtin/win_GPO_scheduledtasks.yml @@ -5,6 +5,7 @@ author: Samir Bousseaden date: 2019/04/03 references: - https://twitter.com/menasec1/status/1106899890377052160 + - https://www.secureworks.com/blog/ransomware-as-a-distraction tags: - attack.persistence - attack.lateral_movement From 86c68914278898b51c024cfba2d1c8d8c89b229a Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Tue, 14 Apr 2020 12:47:52 +0200 Subject: [PATCH 231/714] Add Windows Registry Persistence COM Search Order Hijacking --- ...smon_registry_persistence_search_order.yml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_registry_persistence_search_order.yml diff --git a/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml b/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml new file mode 100644 index 00000000..6e8aae23 --- /dev/null +++ b/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml @@ -0,0 +1,29 @@ +title: Windows Registry Persistence COM Search Order Hijacking +id: a0ff33d8-79e4-4cef-b4f3-9dc4133ccd12 +status: experimental +description: Detects potential COM object hijacking leveraging the COM Search Order +references: + - https://www.cyberbit.com/blog/endpoint-security/com-hijacking-windows-overlooked-security-vulnerability/ +author: Maxime Thiebaut (@0xThiebaut) +date: 2020/04/14 +tags: + - attack.persistence + - attack.t1038 +logsource: + product: windows + service: sysmon +detection: + selection: # Detect new COM servers in the user hive + EventID: 13 + TargetObject: 'HKU\\*_Classes\CLSID\\*\InProcServer32\(Default)' + filter: + Details: # Exclude privileged directories and observed FPs + - '%%systemroot%%\system32\\*' + - '%%systemroot%%\SysWow64\\*' + - '*\AppData\Local\Microsoft\OneDrive\\*\FileCoAuthLib64.dll' + - '*\AppData\Local\Microsoft\OneDrive\\*\FileSyncShell64.dll' + - '*\AppData\Local\Microsoft\TeamsMeetingAddin\\*\Microsoft.Teams.AddinLoader.dll' + condition: selection and not filter +falsepositives: + - Some installed utilities (i.e. OneDrive) may serve new COM objects at user-level +level: medium From 4f469c0e39c5d67e2d2009bcd2e9c6daa8dca0cd Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Apr 2020 13:37:10 +0200 Subject: [PATCH 232/714] Adjusted level --- rules/windows/powershell/powershell_create_local_user.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/powershell/powershell_create_local_user.yml b/rules/windows/powershell/powershell_create_local_user.yml index d046dd4e..279826f9 100644 --- a/rules/windows/powershell/powershell_create_local_user.yml +++ b/rules/windows/powershell/powershell_create_local_user.yml @@ -22,4 +22,4 @@ detection: condition: selection falsepositives: - Legitimate user creation -level: low +level: medium From 5cbe00835043a0a1df4a5055d7beae562f2930b2 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Apr 2020 13:39:22 +0200 Subject: [PATCH 233/714] Casing --- rules/windows/builtin/win_user_driver_loaded.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index edb64872..e993a8d4 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -1,6 +1,6 @@ title: Suspicious Driver Loaded By User id: f63508a0-c809-4435-b3be-ed819394d612 -description: detects the loading of drivers via 'SeLoadDriverPrivilege' required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. If you exclude privileged users/admins and processes, which are allowed to do so, you are maybe left with bad programs trying to load malicious kernel drivers. This will detect Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs) and the usage of Sysinternals and various other tools. So you have to work with a whitelist to find the bad stuff. +description: Detects the loading of drivers via 'SeLoadDriverPrivilege' required to load or unload a device driver. With this privilege, the user can dynamically load and unload device drivers or other code in to kernel mode. This user right does not apply to Plug and Play device drivers. If you exclude privileged users/admins and processes, which are allowed to do so, you are maybe left with bad programs trying to load malicious kernel drivers. This will detect Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs) and the usage of Sysinternals and various other tools. So you have to work with a whitelist to find the bad stuff. status: experimental references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ @@ -34,4 +34,4 @@ detection: condition: selection_1 and not selection_2 falsepositives: - Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers. -level: Medium +level: medium From ecdec93800dca2ac146d2b65c022726779158ae5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Apr 2020 13:39:58 +0200 Subject: [PATCH 234/714] Casing --- ...ysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 9043825f..982cf835 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -1,6 +1,6 @@ title: Suspicious PROCEXP152.sys File Created In TMP id: 3da70954-0f2c-4103-adff-b7440368f50e -description: detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. +description: Detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. status: experimental date: 2019/04/08 author: xknow (@xknow_infosec), xorxes (@xor_xes) @@ -24,5 +24,5 @@ detection: - '*\procmon.exe' condition: selection_1 and not selection_2 falsepositives: - - Other legimate tools using this driver and filename (like Sysinternals). Note: Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it. -level: Medium + - Other legimate tools using this driver and filename (like Sysinternals). Note - Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it. +level: medium From 3175a48bdc8f826945c89335e1390c104f3bebd6 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Apr 2020 13:40:34 +0200 Subject: [PATCH 235/714] Casing --- rules/windows/sysmon/sysmon_susp_service_installed.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml index 628b10bd..39efbfaa 100644 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -1,6 +1,6 @@ title: Suspicious Service Installed id: f2485272-a156-4773-82d7-1d178bc4905b -description: detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) +description: Detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) status: experimental date: 2019/04/08 author: xknow (@xknow_infosec), xorxes (@xor_xes) @@ -29,5 +29,5 @@ detection: - '*\WINDOWS\system32\Drivers\PROCEXP152.SYS' condition: selection_1 and not selection_2 and not selection_3 falsepositives: - - Other legimate tools using this service names and drivers. Note: Clever attackers may easily bypass this detection by just renaming the services. Therefore just Medium-level and don't rely on it. -level: Medium + - Other legimate tools using this service names and drivers. Note - clever attackers may easily bypass this detection by just renaming the services. Therefore just Medium-level and don't rely on it. +level: medium From e67dddcc359eeb579e2997304c801ddd9567de97 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 17 Apr 2020 08:55:40 +0200 Subject: [PATCH 236/714] rule: PwnDrp access --- rules/proxy/proxy_pwndrop.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 rules/proxy/proxy_pwndrop.yml diff --git a/rules/proxy/proxy_pwndrop.yml b/rules/proxy/proxy_pwndrop.yml new file mode 100644 index 00000000..9fe81dc1 --- /dev/null +++ b/rules/proxy/proxy_pwndrop.yml @@ -0,0 +1,21 @@ +title: PwnDrp Access +id: 2b1ee7e4-89b6-4739-b7bb-b811b6607e5e +status: experimental +description: Detects downloads from PwnDrp web servers developed for red team testing and most likely also used for criminal activity +references: + - https://breakdev.org/pwndrop/ +author: Florian Roth +date: 2020/04/15 +logsource: + category: proxy +detection: + selection: + c-uri|contains: '/pwndrop/' + condition: selection +fields: + - ClientIP + - c-uri + - c-useragent +falsepositives: + - Unknown +level: critical From d9e5274c9e1c6683434e73eb580499e28b117d11 Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 20 Apr 2020 16:14:44 +0200 Subject: [PATCH 237/714] Add rule to detect wifi creds harvesting using netsh --- .../win_netsh_wifi_credential_harvesting.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml diff --git a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml new file mode 100644 index 00000000..762f2787 --- /dev/null +++ b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml @@ -0,0 +1,22 @@ +title: Detect the harvesting of wifi credentials using netsh.exe +id: 42b1a5b8-353f-4f10-b256-39de4467faff +status: experimental +description: Detect the harvesting of wifi credentials using netsh.exe +references: + - https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/ +author: Andreas Hunkeler (@Karneades) +date: 2020/04/20 +tags: + - attack.discovery + - attack.t1040 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine: + - 'netsh wlan show profile * key=clear' + condition: selection +falsepositives: + - Legitimate administrator or user uses netsh.exe wlan functionality for legitimate reason +level: medium From ba541c3952abe356fcc45216ad39be0da512175f Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 20 Apr 2020 16:20:45 +0200 Subject: [PATCH 238/714] Fix title for new netsh wifi rule --- .../process_creation/win_netsh_wifi_credential_harvesting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml index 762f2787..ef6c964b 100644 --- a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml +++ b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml @@ -1,4 +1,4 @@ -title: Detect the harvesting of wifi credentials using netsh.exe +title: Harvesting of Wifi Credentials Using netsh.exe id: 42b1a5b8-353f-4f10-b256-39de4467faff status: experimental description: Detect the harvesting of wifi credentials using netsh.exe From af498d8a8c3983b73a7fd5a529c88b8dffab63de Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 20 Apr 2020 16:32:25 +0200 Subject: [PATCH 239/714] Improve rule to detect argument shortcut in netsh wlan rule --- .../process_creation/win_netsh_wifi_credential_harvesting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml index ef6c964b..5576914e 100644 --- a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml +++ b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml @@ -15,7 +15,7 @@ logsource: detection: selection: CommandLine: - - 'netsh wlan show profile * key=clear' + - 'netsh wlan s* p* key=clear' condition: selection falsepositives: - Legitimate administrator or user uses netsh.exe wlan functionality for legitimate reason From d4e960626688938139f53968d49da8d0abad0a90 Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 20 Apr 2020 16:40:03 +0200 Subject: [PATCH 240/714] Improve netsh wifi rule another time due to arg shortcut --- .../process_creation/win_netsh_wifi_credential_harvesting.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml index 5576914e..c2aab4dc 100644 --- a/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml +++ b/rules/windows/process_creation/win_netsh_wifi_credential_harvesting.yml @@ -15,7 +15,7 @@ logsource: detection: selection: CommandLine: - - 'netsh wlan s* p* key=clear' + - 'netsh wlan s* p* k*=clear' condition: selection falsepositives: - Legitimate administrator or user uses netsh.exe wlan functionality for legitimate reason From 7d437c29694435ca79d92b0b8162c0e043ff89b5 Mon Sep 17 00:00:00 2001 From: Andreas Hunkeler Date: Mon, 20 Apr 2020 17:12:25 +0200 Subject: [PATCH 241/714] Add netsh to renamed binary rule --- rules/windows/process_creation/win_renamed_binary.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_renamed_binary.yml b/rules/windows/process_creation/win_renamed_binary.yml index bcac5d58..7d50a905 100644 --- a/rules/windows/process_creation/win_renamed_binary.yml +++ b/rules/windows/process_creation/win_renamed_binary.yml @@ -2,7 +2,7 @@ title: Renamed Binary id: 36480ae1-a1cb-4eaa-a0d6-29801d7e9142 status: experimental description: Detects the execution of a renamed binary often used by attackers or malware leveraging new Sysmon OriginalFileName datapoint. -author: Matthew Green - @mgreen27, Ecco, James Pemberton / @4A616D6573, oscd.community (improvements) +author: Matthew Green - @mgreen27, Ecco, James Pemberton / @4A616D6573, oscd.community (improvements), Andreas Hunkeler (@Karneades) date: 2019/06/15 modified: 2019/11/11 references: @@ -37,6 +37,7 @@ detection: - 'wevtutil.exe' - 'net.exe' - 'net1.exe' + - 'netsh.exe' filter: Image|endswith: - '\cmd.exe' @@ -58,6 +59,7 @@ detection: - '\wevtutil.exe' - '\net.exe' - '\net1.exe' + - '\netsh.exe' condition: selection and not filter falsepositives: - Custom applications use renamed binaries adding slight change to binary name. Typically this is easy to spot and add to whitelist From 4600bf73dc39a3e204cc2b15ea6ed5fbf79c1fd4 Mon Sep 17 00:00:00 2001 From: Maxime Thiebaut <46688461+0xThiebaut@users.noreply.github.com> Date: Fri, 24 Apr 2020 20:50:31 +0200 Subject: [PATCH 242/714] Update rules to follow the Sigma state specification The [Sigma specification's status component](https://github.com/Neo23x0/sigma/wiki/Specification#status-optional) states the following: > Declares the status of the rule: > - stable: the rule is considered as stable and may be used in production systems or dashboards. > - test: an almost stable rule that possibly could require some fine tuning. > - experimental: an experimental rule that could lead to false results or be noisy, but could also identify interesting events. However the Sigma Rx YAML specification states the following: > ```yaml > status: > type: //any > of: > - type: //str > value: stable > - type: //str > value: testing > - type: //str > value: experimental > ``` The specification confuses the `test` and `testing` state. This commit changes the `test` state into the `testing` state which is already used in the code-base: - [`sigma/sigma-schema.rx.yml`](https://github.com/Neo23x0/sigma/blob/a805d18bbae60d3e4f291c8a18304104ed2e71c7/sigma-schema.rx.yml#L49) - [`sigma/tools/sigma/filter.py`](https://github.com/Neo23x0/sigma/blob/f3c60a63099f80296c8750aaba667e98ac71a4f7/tools/sigma/filter.py#L26) - [`sigma/tools/sigmac`](https://github.com/Neo23x0/sigma/blob/4e42bebb3480720966a59528cd8482c6271e603c/tools/sigmac#L98) Although not modifyable through a PR, the specification should furthermore be updated to use the `testing` state. --- .../windows/process_creation/win_susp_netsh_dll_persistence.yml | 2 +- tests/mapping-conditional-multi.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml index 1443ecac..885268c5 100644 --- a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml +++ b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml @@ -1,7 +1,7 @@ title: Suspicious Netsh DLL Persistence id: 56321594-9087-49d9-bf10-524fe8479452 description: Detects persitence via netsh helper -status: test +status: testing references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1128/T1128.md tags: diff --git a/tests/mapping-conditional-multi.yml b/tests/mapping-conditional-multi.yml index 1eca3e10..1959018e 100644 --- a/tests/mapping-conditional-multi.yml +++ b/tests/mapping-conditional-multi.yml @@ -1,5 +1,5 @@ title: Contional mapping with multiple targets -status: test +status: testing description: Logpoint configuration causes conditional mapping with multiple results author: Thomas Patzke logsource: From 9ce84a38e592f6d2163ca5aac90533bca4853981 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Wed, 29 Apr 2020 20:36:45 +0100 Subject: [PATCH 243/714] overrides section support + one example rule + cloudtrail config ditto --- rules/cloud/aws_ec2_vm_export_failure.yml | 28 +++++++++++ tools/config/ecs-cloudtrail.yml | 57 +++++++++++++++++++++++ tools/sigma/backends/base.py | 8 ++++ 3 files changed, 93 insertions(+) create mode 100644 rules/cloud/aws_ec2_vm_export_failure.yml create mode 100644 tools/config/ecs-cloudtrail.yml diff --git a/rules/cloud/aws_ec2_vm_export_failure.yml b/rules/cloud/aws_ec2_vm_export_failure.yml new file mode 100644 index 00000000..a8a80763 --- /dev/null +++ b/rules/cloud/aws_ec2_vm_export_failure.yml @@ -0,0 +1,28 @@ +title: AWS EC2 VM Export failure +id: 54b9a76a-3c71-4673-b4b3-2edb4566ea7b +status: experimental +description: An attempt to export an AWS EC2 instance has been detected. A VM Export might indicate an attempt to extract information from an instance. +references: + - https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-instance +author: Diogo Braz +date: 2020/04/16 +tags: + - attack.collection + - attack.t1005 + - attack.exfiltration + - attack.t1537 +level: low +logsource: + service: cloudtrail +detection: + selection: + eventName: 'CreateInstanceExportTask' + eventSource: 'ec2.amazonaws.com' + filter1: + errorMessage: '*' + filter2: + errorCode: '*' + filter3: + eventName: 'ConsoleLogin' + responseElements: '*Failure*' + condition: selection and (filter1 or filter2 or filter3) \ No newline at end of file diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml new file mode 100644 index 00000000..e0a6b581 --- /dev/null +++ b/tools/config/ecs-cloudtrail.yml @@ -0,0 +1,57 @@ +title: Elastic Common Schema mapping for cloudtrail logs +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +fieldmappings: + additionalEventdata: aws.cloudtrail.additional_eventdata + apiVersion: aws.cloudtrail.api_version + awsRegion: cloud.region + errorCode: aws.cloudtrail.error_code + errorMessage: aws.cloudtrail.error_message + eventID: event.id + eventName: event.action + eventSource: event.provider + eventTime: '@timestamp' + eventType: aws.cloudtrail.event_type + eventVersion: aws.cloudtrail.event_version + managementEvent: aws.cloudtrail.management_event + readOnly: aws.cloudtrail.read_only + requestID: aws.cloudtrail.request_id + requestParameters: aws.cloudtrail.request_parameters + resources.accountId: aws.cloudtrail.resources.account_id + resources.ARN: aws.cloudtrail.resources.arn + resources.type: aws.cloudtrail.resources.type + responseElements: aws.cloudtrail.response_elements + serviceEventDetails: aws.cloudtrail.service_event_details + sharedEventId: aws.cloudtrail.shared_event_id + sourceIPAddress: source.address + userAgent: user_agent + userIdentity.accessKeyId: aws.cloudtrail.user_identity.access_key_id + userIdentity.accountId: cloud.account.id + userIdentity.arn: aws.cloudtrail.user_identity.arn + userIdentity.invokedBy: aws.cloudtrail.user_identity.invoked_by + userIdentity.principalId: user.id + userIdentity.sessionContext.attributes.creationDate: aws.cloudtrail.user_identity.session_context.creation_date + userIdentity.sessionContext.attributes.mfaAuthenticated: aws.cloudtrail.user_identity.session_context.mfa_authenticated + userIdentity.type: aws.cloudtrail.user_identity.type + userIdentity.userName: user.name + vpcEndpointId: aws.cloudtrail.vpc_endpoint_id +overrides: + - field: event_outcome_errors + value: '' + regexes: + - \b(aws.cloudtrail.error_message.keyword:.* OR aws.cloudtrail.error_code.keyword:.*|aws.cloudtrail.error_code.keyword:.* OR aws.cloudtrail.error_message.keyword:.*)\b + - field: event_outcome_login + value: '' + regexes: + - \b(event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:.*Failure|aws.cloudtrail.response_elements.keyword:.*Failure AND event.action:"ConsoleLogin")\b + - field: event.outcome + value: failure + regexes: + - '\b(event_outcome_errors: OR event_outcome_login:|event_outcome_login: OR event_outcome_errors:)' \ No newline at end of file diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 4675b019..1bd94df6 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -18,6 +18,7 @@ import sys import sigma import yaml +import re from .mixins import RulenameCommentMixin, QuoteCharMixin from sigma.parser.modifiers.base import SigmaTypeModifier @@ -90,6 +91,7 @@ class BaseBackend: options = tuple() # a list of tuples with following elements: option name, default value, help text, target attribute name (option name if None) config_required = True default_config = None + mapExpression = "" def __init__(self, sigmaconfig, backend_options=dict()): """ @@ -130,6 +132,12 @@ class BaseBackend: result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: result += self.generateAggregation(parsed.parsedAgg) + if 'overrides' in self.sigmaconfig.config: + for expression in self.sigmaconfig.config['overrides']: + for x in expression['regexes']: + sub = expression['field'] + value = expression['value'] + result = re.sub(x, self.mapExpression % (sub, value), result) return result def generateNode(self, node): From ac4a2b1f26df3071af13030731bb384290bf2422 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Wed, 29 Apr 2020 22:55:46 +0100 Subject: [PATCH 244/714] wip wip --- tools/config/ecs-cloudtrail.yml | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml index e0a6b581..cde889b2 100644 --- a/tools/config/ecs-cloudtrail.yml +++ b/tools/config/ecs-cloudtrail.yml @@ -43,15 +43,14 @@ fieldmappings: userIdentity.userName: user.name vpcEndpointId: aws.cloudtrail.vpc_endpoint_id overrides: - - field: event_outcome_errors - value: '' - regexes: - - \b(aws.cloudtrail.error_message.keyword:.* OR aws.cloudtrail.error_code.keyword:.*|aws.cloudtrail.error_code.keyword:.* OR aws.cloudtrail.error_message.keyword:.*)\b - - field: event_outcome_login - value: '' - regexes: - - \b(event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:.*Failure|aws.cloudtrail.response_elements.keyword:.*Failure AND event.action:"ConsoleLogin")\b - - field: event.outcome + - field: event_outcome value: failure - regexes: - - '\b(event_outcome_errors: OR event_outcome_login:|event_outcome_login: OR event_outcome_errors:)' \ No newline at end of file + regexes: + - (\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\)) + - (\(aws.cloudtrail.error_code.keyword:.* event.action:\"ConsoleLogin\"\)) + - (\(aws.cloudtrail.error_message.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)) + - (\(aws.cloudtrail.error_code.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)) + - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\)) + - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)) + - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)) + - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)) \ No newline at end of file From dfdb5b9550794f0df4bf6015d901226671586be5 Mon Sep 17 00:00:00 2001 From: Tiago Faria Date: Wed, 29 Apr 2020 23:59:26 +0100 Subject: [PATCH 245/714] better description and event.outcome --- tools/config/ecs-cloudtrail.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml index cde889b2..a3ea6851 100644 --- a/tools/config/ecs-cloudtrail.yml +++ b/tools/config/ecs-cloudtrail.yml @@ -1,4 +1,4 @@ -title: Elastic Common Schema mapping for cloudtrail logs +title: Elastic Common Schema and Elastic Exported Fields mapping for AWS CloudTrail logs order: 20 backends: - es-qs @@ -43,7 +43,7 @@ fieldmappings: userIdentity.userName: user.name vpcEndpointId: aws.cloudtrail.vpc_endpoint_id overrides: - - field: event_outcome + - field: event.outcome value: failure regexes: - (\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\)) @@ -53,4 +53,4 @@ overrides: - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\)) - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)) - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)) - - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)) \ No newline at end of file + - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)) From 8142244449efd6c62953a8f05e5d8256910ab358 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Thu, 30 Apr 2020 15:08:20 +0100 Subject: [PATCH 246/714] wip wip --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index bf7103a4..13186372 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ settings.json # VisualStudio .vs/ +.vscode/launch.json From 98391f985a17f7a1a694857468ad3b66a2515025 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Thu, 30 Apr 2020 15:19:38 +0100 Subject: [PATCH 247/714] wip wip --- tools/config/ecs-cloudtrail.yml | 20 ++++++++++++-------- tools/sigma/backends/base.py | 14 ++++++++++---- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml index a3ea6851..96e45d1d 100644 --- a/tools/config/ecs-cloudtrail.yml +++ b/tools/config/ecs-cloudtrail.yml @@ -46,11 +46,15 @@ overrides: - field: event.outcome value: failure regexes: - - (\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\)) - - (\(aws.cloudtrail.error_code.keyword:.* event.action:\"ConsoleLogin\"\)) - - (\(aws.cloudtrail.error_message.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)) - - (\(aws.cloudtrail.error_code.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)) - - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\)) - - (\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)) - - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)) - - (\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)) + - (\(\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\)\)) + - (\(\(aws.cloudtrail.error_code.keyword:.* event.action:\"ConsoleLogin\"\)\)) + - (\(\(aws.cloudtrail.error_message.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)\)) + - (\(\(aws.cloudtrail.error_code.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)\)) + - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\)\)) + - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)\)) + - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)\)) + - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)\)) + - field: event.outcome + value: success + literals: + - 'NOT (event.outcome:failure)' \ No newline at end of file diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 1bd94df6..3e27c124 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -134,10 +134,16 @@ class BaseBackend: result += self.generateAggregation(parsed.parsedAgg) if 'overrides' in self.sigmaconfig.config: for expression in self.sigmaconfig.config['overrides']: - for x in expression['regexes']: - sub = expression['field'] - value = expression['value'] - result = re.sub(x, self.mapExpression % (sub, value), result) + if 'regexes' in expression: + for x in expression['regexes']: + sub = expression['field'] + value = expression['value'] + result = re.sub(x, self.mapExpression % (sub, value), result) + if 'literals' in expression: + for x in expression['literals']: + sub = expression['field'] + value = expression['value'] + result = result.replace(x, self.mapExpression % (sub, value)) return result def generateNode(self, node): From bc0a2c7ab932cf967869cc31237b18b1cef0e09e Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Fri, 1 May 2020 19:20:05 +0100 Subject: [PATCH 248/714] wip wip --- tools/config/ecs-cloudtrail.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml index 96e45d1d..37414528 100644 --- a/tools/config/ecs-cloudtrail.yml +++ b/tools/config/ecs-cloudtrail.yml @@ -54,6 +54,15 @@ overrides: - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)\)) - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)\)) - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)\)) + literals: + - ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*)) + - ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*)) + - ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin")) + - ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin")) + - ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*)) + - ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*)) + - ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*)) + - ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*)) - field: event.outcome value: success literals: From 2fafff3278e1b59f7a7de1147006b2781b7bca91 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 2 May 2020 00:13:15 +0200 Subject: [PATCH 249/714] Fixed: escaping of backslashes before added * Fixes issue #722. --- tools/sigma/parser/modifiers/transform.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/sigma/parser/modifiers/transform.py b/tools/sigma/parser/modifiers/transform.py index c30f92da..6ffaacb3 100644 --- a/tools/sigma/parser/modifiers/transform.py +++ b/tools/sigma/parser/modifiers/transform.py @@ -28,7 +28,10 @@ class SigmaContainsModifier(ListOrStringModifierMixin, SigmaTransformModifier): if not val.startswith("*"): val = "*" + val if not val.endswith("*"): - val += "*" + if val.endswith("\\"): + val += "\\*" + else: + val += "*" return val class SigmaStartswithModifier(ListOrStringModifierMixin, SigmaTransformModifier): @@ -48,7 +51,10 @@ class SigmaEndswithModifier(ListOrStringModifierMixin, SigmaTransformModifier): def apply_str(self, val : str): if not val.startswith("*"): - val = "*" + val + if val.endswith("\\"): + val += "\\*" + else: + val += "*" return val class SigmaAllValuesModifier(SigmaTransformModifier): From dd85467a271d79ec30079e0e4b6391e1a465cd0a Mon Sep 17 00:00:00 2001 From: Tiago Faria Date: Sat, 2 May 2020 00:13:55 +0100 Subject: [PATCH 250/714] Update aws_ec2_vm_export_failure.yml --- rules/cloud/aws_ec2_vm_export_failure.yml | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/rules/cloud/aws_ec2_vm_export_failure.yml b/rules/cloud/aws_ec2_vm_export_failure.yml index a8a80763..8f7fec19 100644 --- a/rules/cloud/aws_ec2_vm_export_failure.yml +++ b/rules/cloud/aws_ec2_vm_export_failure.yml @@ -3,26 +3,26 @@ id: 54b9a76a-3c71-4673-b4b3-2edb4566ea7b status: experimental description: An attempt to export an AWS EC2 instance has been detected. A VM Export might indicate an attempt to extract information from an instance. references: - - https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-instance + - https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-instance author: Diogo Braz date: 2020/04/16 tags: - - attack.collection - - attack.t1005 - - attack.exfiltration - - attack.t1537 + - attack.collection + - attack.t1005 + - attack.exfiltration + - attack.t1537 level: low logsource: - service: cloudtrail + service: cloudtrail detection: - selection: - eventName: 'CreateInstanceExportTask' - eventSource: 'ec2.amazonaws.com' - filter1: - errorMessage: '*' - filter2: - errorCode: '*' - filter3: - eventName: 'ConsoleLogin' - responseElements: '*Failure*' - condition: selection and (filter1 or filter2 or filter3) \ No newline at end of file + selection: + eventName: 'CreateInstanceExportTask' + eventSource: 'ec2.amazonaws.com' + filter1: + errorMessage: '*' + filter2: + errorCode: '*' + filter3: + eventName: 'ConsoleLogin' + responseElements: '*Failure*' + condition: selection and (filter1 or filter2 or filter3) From cbe5af01a1476a31ec0b3eb4902d4aa6f240c41f Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 2 May 2020 07:23:11 -0400 Subject: [PATCH 251/714] on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) add a total of 5 sigmac's (sigma configs) for 3 different backends. full git message to follow in PR. --- tools/config/arcsight-zeek.yml | 1053 ++++++++++++++++ tools/config/ecs-zeek-corelight.yml | 1077 +++++++++++++++++ .../ecs-zeek-elastic-beats-implementation.yml | 1069 ++++++++++++++++ tools/config/logstash-zeek-default-json.yml | 361 ++++++ tools/config/splunk-zeek.yml | 300 ++++- 5 files changed, 3857 insertions(+), 3 deletions(-) create mode 100644 tools/config/arcsight-zeek.yml create mode 100644 tools/config/ecs-zeek-corelight.yml create mode 100644 tools/config/ecs-zeek-elastic-beats-implementation.yml create mode 100644 tools/config/logstash-zeek-default-json.yml diff --git a/tools/config/arcsight-zeek.yml b/tools/config/arcsight-zeek.yml new file mode 100644 index 00000000..2454ed45 --- /dev/null +++ b/tools/config/arcsight-zeek.yml @@ -0,0 +1,1053 @@ +title: ArcSight Corelight Zeek and Corelight Opensource Zeek Configuration +order: 20 +backends: + - arcsight + - arcsight-esm +logsources: + zeek: + product: zeek + conditions: + deviceVendor: Bro + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + deviceEventCategory: conn + zeek-category-dns: + category: dns + conditions: + deviceEventCategory: dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + deviceEventCategory: http + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + deviceEventCategory: conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + deviceEventCategory: conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + deviceEventCategory: dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + deviceEventCategory: dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + deviceEventCategory: dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + deviceEventCategory: dpd + zeek-files: + product: zeek + service: files + conditions: + deviceEventCategory: files + zeek-ftp: + product: zeek + service: ftp + conditions: + deviceEventCategory: ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + deviceEventCategory: gquic + zeek-http: + product: zeek + service: http + conditions: + deviceEventCategory: http + zeek-http2: + product: zeek + service: http2 + conditions: + deviceEventCategory: http2 + zeek-intel: + product: zeek + service: intel + conditions: + deviceEventCategory: intel + zeek-irc: + product: zeek + service: irc + conditions: + deviceEventCategory: irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + deviceEventCategory: kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + deviceEventCategory: known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + deviceEventCategory: known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + deviceEventCategory: known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + deviceEventCategory: known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + deviceEventCategory: modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + deviceEventCategory: modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + deviceEventCategory: mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + deviceEventCategory: mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + deviceEventCategory: mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + deviceEventCategory: mysql + zeek-notice: + product: zeek + service: notice + conditions: + deviceEventCategory: notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + deviceEventCategory: ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + deviceEventCategory: ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + deviceEventCategory: ocsp + zeek-pe: + product: zeek + service: pe + conditions: + deviceEventCategory: pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + deviceEventCategory: pop3 + zeek-radius: + product: zeek + service: radius + conditions: + deviceEventCategory: radius + zeek-rdp: + product: zeek + service: rdp + conditions: + deviceEventCategory: rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + deviceEventCategory: rfb + zeek-sip: + product: zeek + service: sip + conditions: + deviceEventCategory: sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + deviceEventCategory: smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + deviceEventCategory: smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + deviceEventCategory: smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + deviceEventCategory: smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + deviceEventCategory: snmp + zeek-socks: + product: zeek + service: socks + conditions: + deviceEventCategory: socks + zeek-software: + product: zeek + service: software + conditions: + deviceEventCategory: software + zeek-ssh: + product: zeek + service: ssh + conditions: + deviceEventCategory: ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + deviceEventCategory: tls + zeek-tls: # In case people call it TLS even though orig log is called ssl, but dataset is tls so may cause confusion so cover that + product: zeek + service: tls + conditions: + deviceEventCategory: tls + zeek-syslog: + product: zeek + service: syslog + conditions: + deviceEventCategory: syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + deviceEventCategory: tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + deviceEventCategory: traceroute + zeek-weird: + product: zeek + service: weird + conditions: + deviceEventCategory: weird + zeek-x509: + product: zeek + service: x509 + conditions: + deviceEventCategory: x509 + zeek-ip_search: + product: zeek + service: network + conditions: + deviceEventCategory: + - conn + - conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +fieldmappings: + cs-uri-extension: fileType + cs-uri-path: filePath + s-dns: + - destinationDnsDomain + - destinationHost + # All Logs Applied Mapping & Taxonomy + clientip: sourceAddress + dst: destinationAddress + dst_ip: destinationAddress + dst_port: destinationPort + host: requestHost + #inner_vlan: + mac: sourceMacAddress + mime_type: fileType + network_application: applicationProtocol + #network_community_id: + network_protocol: transportProtocol + password: message + port_num: sourcePort + proto: transportProtocol + #result: + #rtt: + server_name: destinationHostName + src: sourceAddress + src_ip: sourceAddress + src_port: sourcePort + #success: + uri: + - requestUrl + - requestUrlQuery + user: sourceUserName + username: sourceUserName + user_agent: + - deviceCustomString5 + - requestClientApplication + #vlan: + # DNS matching Taxonomy & DNS Category + answer: message + #question_length: + record_type: deviceCustomString1 + #parent_domain: + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: bytesOut + cs-cookie: message + r-dns: + - destinationDnsDomain + - destinationHost + sc-bytes: bytesIn + sc-status: message + c-uri: + - requestUrl + - requestUrlQuery + c-uri-extension: fileType + c-uri-query: + - requestUrl + - requestUrlQuery + c-uri-stem: + - requestUrl + - requestUrlQuery + c-useragent: + - deviceCustomString5 + - requestClientApplication + cs-host: + - destinationDnsDomain + - destinationHost + cs-method: requestMethod + cs-referrer: + - deviceCustomString4 + - requestContext + cs-version: message + # All log UIDs + #cert_chain_fuids: + #client_cert_chain_fuids: + #client_cert_fuid: + #conn_uids: + #fid: + #fuid: + #fuids: + #id: + #orig_fuids: + #parent_fuid: + #related_fuids: + #resp_fuids: + #server_cert_fuid: + #tunnel_parents: + #uid: + #uids: + #uuid: + # Overlapping fields/mappings (aka: shared fields) + action: + - 'deviceAction' + #service=smb_files: + #service=mqtt: + #service=tunnel: + addl: + - 'message' + #service=dns: + #service=weird: + analyzer: + - 'applicationProtocol' + - 'name' + #service=dpd: + #service=files: + arg: + - 'message' + #auth: + #service=rfb: #RFB does not exist in newer logs, so skipping to cover dns.auth + cipher: + - 'deviceCustomString4' + - 'message' + #service=kerberos: + #service=ssl: + client: + - 'deviceCustomString5' + #service=kerberos: + #service=ssh: + command: + - 'message' + #service=pop3: + #service=ftp: + #service=irc: + date: + #service=sip: + #service=smtp: + duration: + - 'deviceCustomString4' + #service=conn: + #service=files: + #service=snmp: + from: + - 'message' + #service=kerberos: + #service=smtp: + #is_orig: + #service=file: + #service=pop3: + #local_orig: + #service=conn + #service=files + method: + - 'requestMethod' + #service=http: + #service=sip: + msg: + - 'message' + #service=notice: + #service=pop3: + name: + - 'name' + #service=smb_files: + #service=software: + #service=weird: + path: + - 'filePath' + #service=smb_files: + #service=smb_mapping: + #service=smtp: + reply_msg: + - 'message' + #service=ftp: + #service=radius: + reply_to: + - 'message' + #service=sip: + #service=smtp: + response_body_len: + - 'bytesOut' + #service=http: + #service=sip: + request_body_len: + - 'bytesIn' + #service=http: + #service=sip: + service: + - 'applicationProtocol' + #service=kerberos: + #service=smb_mapping: + status: + - 'message' + #service=pop3: + #service=mqtt: + #service=socks: + status_msg: + - 'message' + #subject: + - 'message' + #service=known_certs: + #service=sip: + #service=smtp: + #service=ssl: + trans_depth: + - 'deviceCustomNumber1' + #service=http: + #service=sip: + #service=smtp: + version: + - 'message' + - 'deviceCustomString2' + #service=gquic: + #service=ntp: + #service=socks: + #service=snmp: + #service=ssh: + #service=tls: + # Conn and Conn Long + #cache_add_rx_ev: + #cache_add_rx_mpg: + #cache_add_rx_new: + #cache_add_tx_ev: + #cache_add_tx_mpg: + #cache_del_mpg: + #cache_entries: + conn_state: deviceSeverity + #corelight_shunted: + #duration: deviceCustomString4 + #history: + #id.orig_h.name_src: + #id.orig_h.names_vals: + #id.resp_h.name_src: + #id.resp_h.name_vals: + #local_orig: + #local_resp: + missed_bytes: deviceCustomNumber1 + orig_bytes: bytesOut + #orig_cc: + orig_ip_bytes: deviceCustomNumber2 + orig_l2_addr: sourceMacAddress + #orig_pkts: + resp_bytes: bytesIn + #resp_cc: + resp_ip_bytes: deviceCustomNumber3 + resp_l2_addr: destinationMacAddress + #resp_pkts: + # DCE-RPC Specific + endpoint: message + named_pipe: message + operation: message + #rtt: + # DHCP + domain: message + host_name: message + lease_time: deviceCustomString4 + agent_remote_id: message + assigned_addr: message + circuit_id: message + client_message: message + client_software: message + client_fqdn: message + #mac:sourceMacAddress + msg_orig: message + msg_types: message + requested_addr: message + server_addr: message + server_message: message + server_software: message + subscriber_id: message + # DNS + AA: message + #addl: message + auth: message + answers: message + TTLs: message + RA: message + RD: message + rejected: eventOutcome + TC: message + Z: message + qclass: message + qclass_name: deviceCustomString4 + qtype: deviceEventClassId + qtype_name: + - deviceCustomString1 + - name + query: destinationDnsDomain + rcode_name: message + rcode: message + rtt: message + trans_id: deviceCustomNumber1 + # DNP3 + fc_reply: message + fc_request: message + iin: message + # DPD + #analyzer: + failure_reason: message + packet_segment: message + # Files + rx_hosts: destinationHostName + tx_hosts: sourceHostName + #analyzer: + #depth: + #duration: + #extracted: + #extracted_cutoff: + #extracted_size: + #entropy: + md5: fileHash + sha1: fileHash + sha256: fileHash + #is_orig: + #local_orig: + #missing_bytes: + filename: fileName + overflow_bytes: bytesOut + #seen_bytes: + source: filePath + total_bytes: bytesIn + #timedout: + # GQUIC/QUIC + cyu: message + cyutags: message + #server_name: message + tag_count: message + #user_agent: deviceCustomString5 + #version: + # FTP + #arg: message + #command: message + cwd: message + data_channel.orig_h: message + data_channel.passive: eventOutcome + data_channel.resp_h: message + data_channel.resp_p: deviceCustomNumber1 + passive: message + file_size: fileSize + #mime_type: fileType + #password: message + reply_code: deviceEventClassId + #reply_msg: message + #user: sourceUserName + # HTTP + client_header_names: message + cookie_vars: message + flash_version: message + info_code: message + info_msg: message + omniture: message + orig_filenames: fileName + orig_mime_types: fileType + origin: message + #password: message + post_body: message + proxied: message + referrer: + - deviceCustomString4 + - requestContext + resp_filenames: fileName + resp_mime_types: fileType + server_header_names: message + status_code: deviceSeverity + #status_msg: message + #trans_depth: + uri_vars: message + #user_agent: deviceCustomString5 + #username: sourceUserName + # Intel + file_mime_type: message + file_desc: message + #host: + matched: message + indicator: message + indicator_type: message + node: message + where: message + sources: message + # IRC + dcc_file_name: fileName + dcc_file_size: fileSize + dcc_mime_type: fileType + #command: + nick: message + #user: + value: message + # Kerberos + auth_ticket: message + #cipher: message + #client: message + client_cert_subject: message + error_code: message + error_msg: message + #from: message + forwardable: message + new_ticket: message + renewable: message + request_type: message + server_cert_subject: message + #service: applicationProtocol + #success: + till: message + # Known_Certs + #host: sourceAddress + issuer_subject: deviceCustomString3 + #port_num: sourcePort + serial: deviceCustomString4 + #subject: message + # Known_Modbus + #host: + device_type: message + # Known_Services + port_proto: transport + #port_num: sourcePort + # Modbus All + delta: message + new_val: message + old_val: message + register: message + # Modbus + func: message + exception: message + track_address: message + # ModBus_Register_Change + #delta: message + #new_val: message + #old_val: message + #register: message + # MQTT_Connect , MQTT_Publish, MQTT_Subscribe + ack: message + #action: message + client_id: message + connect_status: message + from_client: message + granted_qos_level: message + payload: message + payload_len: message + proto_name: message + proto_version: message + qos: message + qos_levels: message + retain: message + #status: message + topic: message + topics: message + will_payload: message + will_topic: message + # MYSQL + #arg: message + cmd: message + response: message + rows: message + #success: + # Notice + actions: deviceEventClassId + #dropped: + #dst: destinationAddress + email_body_sections: message + email_delay_tokens: message + identifier: message + #msg: + n: message + note: message + p: destinationPort + peer_descr: deviceCustomString5 + peer_name: deviceCustomString4 + #proto: transport + #src: sourceAddress + sub: message + subpress_for: deviceCustomFloatingPoint1 + # NTLM + domainname: message + hostname: message + #username: sourceUserName + server_nb_computer_name: message + server_tree_name: message + #success: + server_dns_computer_name: message + # NTP + mode: message + num_exts: message + org_time: message + poll: message + precision: message + rec_time: message + ref_id: message + ref_time: message + root_delay: message + root_disp: message + stratum: message + #version: + xmt_time: message + # OCSP + certStatus: message + hashAlgorithm: message + issuerKeyHash: message + issuerNameHash: message + nextUpdate: message + revokereason: message + revoketime: message + serialNumber: message + thisUpdate: message + # PE + compile_ts: message + has_cert_table: message + has_debug_data: message + has_import_table: message + has_export_table: message + is_64bit: message + is_exe: message + machine: message + os: message + section_names: message + subsystem: message + uses_aslr: message + uses_code_integrity: message + uses_dep: message + uses_seh: message + # POP3 + #arg: message + #command: message + current_request: message + current_response: message + data: message + failed_commands: message + has_client_activity: message + #is_orig: message + #msg: message + #password: + pending: message + #status: message + successful_commands: message + #username: sourceUserName + # Radius + connect_info: message + framed_addr: message + #mac:sourceMacAddress + #reply_msg: message + #result: + ttl: message + tunnel_client: message + #username: sourceUserName + # RDP + cert_count: message + cert_permanent: message + cert_type: message + client_build: message + client_dig_product_id: message + client_name: message + cookie: message + desktop_height: message + desktop_width: message + encryption_level: message + encryption_method: message + keyboard_layout: message + requested_color_depth: message + #result: + security_protocol: message + ssl: message + # RFB + #auth: + authentication_method: message + client_major_version: message + client_minor_version: message + desktop_name: message + height: message + server_major_version: message + server_minor_version: message + share_flag: message + width: message + # SIP + call_id: message + content_type: message + #date: message + #method: requestMethod + #reply_to: message + #request_body_len: message + request_from: message + request_path: message + request_to: message + #response_body_len: message + response_from: message + response_path: message + response_to: message + seq: message + #status_code: + #status_msg: message + #subject: message + #trans_depth: deviceCustomNumber1 + #uri: + warning: message + #user_agent: deviceCustomString5 + # SMB_Files + #action: + #name: fileName + #path: filePath + prev_name: message + size: fileSize + times_accessed: message + times_changed: message + times_created: message + times_modified: message + # SMB_Mapping + native_file_system: message + #path: filePath + share_type: message + #service: + # SMTP + cc: message + #date: message + first_received: message + #from: + helo: message + in_reply_to: message + is_webmail: message + last_reply: message + mailfrom: sourceUserName + #msg_id: message + #path: message + rcptto: message + #reply_to: message + second_received: message + #subject: message + tls: message + to: message + #trans_depth: deviceCustomNumber1 + x_originating_ip: message + #user_agent: deviceCustomString5 + # SMTP_Links + #host: + #uri: + # SNMP + #duration: + community: message + display_string: message + get_bulk_requests: message + get_requests: message + set_requests: message + up_since: message + #version: + # Socks + #password: message + bound_host: message + bound_name: message + bound_p: message + request_host: message + request_name: message + request_p: message + #status: message + #version: message + # Software + #host: + host_p: sourcePort + version.major: deviceCustomString3 + version.minor: deviceCustomString4 + version.minor2: message + version.minor3: message + #name: + unparsed_version: message + software_type: deviceEventClassId + #url: + # SSH + #auth_attempts: + auth_success: name + cipher_alg: message + #client: deviceCustomString5 + compression_alg: + cshka: message + direction: deviceDirection + hassh: message + hasshAlgorithms: message + hasshServer: message + hasshServerAlgorithms: message + hasshVersion: message + host_key: message + host_key_alg: message + kex_alg: message + mac_alg: message + server: deviceCustomString4 + #version: + # SSL / TLS + #cipher: deviceCustomString4 + client_issuer: deviceCustomString1 + client_subject: sourceUserName + curve: message + established: eventOutcome + issuer: deviceCustomString1 + ja3: message + ja3s: message + last_alert: message + next_protocol: message + notary: message + ocsp_status: message + orig_certificate_sha1: message + resp_certificate_sha1: message + resumed: message + #server_name: destinationHostName + #subject: message + valid_ct_logs: message + valid_ct_operators: message + valid_ct_operators_list: message + validation_status: message + #version: deviceCustomString2 + version_num: message + # Syslog + facility: message + severity: message + message: message + # Traceroute + #proto: transport + #dst: destinationAddress + #src: sourceAddress + # Tunnel + #action: deviceAction + tunnel_type: name + # Weird + #addl: message + #name: name + notice: message + peer: deviceCustomString4 + # X509 + basic_constraints.ca: message + basic_constraints.path_len: message + certificate.cn: message + certificate.curve: message + certificate.exponent: message + certificate.issuer: deviceCustomString3 + certificate.key_alg: message + certificate.key_length: message + certificate.key_type: message + certificate.not_valid_after: deviceCustomDate2 + certificate.not_valid_before: deviceCustomDate1 + certificate.serial: message + certificate.sig_alg: message + certificate.subject: message + certificate.version: message + logcert: message + san.dns: message + - destinationDnsDomain + - destinationHost + san.email: + - message + - sourceUserName + san.ip: + - message + - sourceAddress + san.uri: + - requestUrl + - requestUrlQuery \ No newline at end of file diff --git a/tools/config/ecs-zeek-corelight.yml b/tools/config/ecs-zeek-corelight.yml new file mode 100644 index 00000000..4d155ff6 --- /dev/null +++ b/tools/config/ecs-zeek-corelight.yml @@ -0,0 +1,1077 @@ +title: Corelight Zeek and Corelight Opensource Zeek Elastic Common Schema (ECS) implementation +description: Uses the mappings as created by Corelight here https://github.com/corelight/ecs-mapping +order: 20 +backends: + - es-qs + - corelight_es-qs + - es-dsl + - elasticsearch-rule + - corelight_elasticsearch-rule + - kibana + - corelight_kibana + - xpack-watcher + - corelight_xpack-watcher + - elastalert + - elastalert-dsl +logsources: + zeek: + product: zeek + index: '*ecs-*' + #'*ecs-corelight*' + #'*ecs-zeek-* + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + event.dataset: conn + zeek-category-dns: + category: dns + conditions: + event.dataset: dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + event.dataset: http + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + event.dataset: conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + event.dataset: conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + event.dataset: dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + event.dataset: dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + event.dataset: dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + event.dataset: dpd + zeek-files: + product: zeek + service: files + conditions: + event.dataset: files + zeek-ftp: + product: zeek + service: ftp + conditions: + event.dataset: ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + event.dataset: gquic + zeek-http: + product: zeek + service: http + conditions: + event.dataset: http + zeek-http2: + product: zeek + service: http2 + conditions: + event.dataset: http2 + zeek-intel: + product: zeek + service: intel + conditions: + event.dataset: intel + zeek-irc: + product: zeek + service: irc + conditions: + event.dataset: irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + event.dataset: kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + event.dataset: known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + event.dataset: known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + event.dataset: known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + event.dataset: known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + event.dataset: modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + event.dataset: modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + event.dataset: mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + event.dataset: mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + event.dataset: mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + event.dataset: mysql + zeek-notice: + product: zeek + service: notice + conditions: + event.dataset: notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + event.dataset: ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + event.dataset: ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + event.dataset: ocsp + zeek-pe: + product: zeek + service: pe + conditions: + event.dataset: pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + event.dataset: pop3 + zeek-radius: + product: zeek + service: radius + conditions: + event.dataset: radius + zeek-rdp: + product: zeek + service: rdp + conditions: + event.dataset: rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + event.dataset: rfb + zeek-sip: + product: zeek + service: sip + conditions: + event.dataset: sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + event.dataset: smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + event.dataset: smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + event.dataset: smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + event.dataset: smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + event.dataset: snmp + zeek-socks: + product: zeek + service: socks + conditions: + event.dataset: socks + zeek-software: + product: zeek + service: software + conditions: + event.dataset: software + zeek-ssh: + product: zeek + service: ssh + conditions: + event.dataset: ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + event.dataset: tls + zeek-tls: # In case people call it TLS even though orig log is called ssl, but dataset is tls so may cause confusion so cover that + product: zeek + service: tls + conditions: + event.dataset: tls + zeek-syslog: + product: zeek + service: syslog + conditions: + event.dataset: syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + event.dataset: tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + event.dataset: traceroute + zeek-weird: + product: zeek + service: weird + conditions: + event.dataset: weird + zeek-x509: + product: zeek + service: x509 + conditions: + event.dataset: x509 + zeek-ip_search: + product: zeek + service: network + conditions: + event.dataset: + - conn + - conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +defaultindex: '*ecs-*' +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst: destination.ip + dst_ip: destination.ip + dst_port: destination.port + host: host.ip + inner_vlan: network.vlan.inner.id + mac: source.mac + mime_type: file.mime_type + network_application: network.protocol + network_community_id: network.community_id + network_protocol: network.transport + password: source.user.password + port_num: labels.known.port + proto: network.transport + result: event.outcome + rtt: event.duration + server_name: destination.domain + src: source.ip + src_ip: source.ip + src_port: source.port + success: event.outcome + uri: url.original + user: source.user.name + username: source.user.name + user_agent: user_agent.original + vlan: network.vlan.id + # DNS matching Taxonomy & DNS Category + answer: dns.answers.name + question_length: labels.dns.query_length + record_type: dns.question.type + parent_domain: dns.question.registered_domain + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: http.request.body.bytes + cs-cookie: http.cookie_vars + r-dns: + - url.domain + - destination.domain + sc-bytes: http.response.body.bytes + sc-status: http.response.status_code + c-uri: url.original + c-uri-extension: url.extension + c-uri-query: url.query + c-uri-stem: url.original + c-useragent: user_agent.original + cs-host: + - url.domain + - destination.domain + cs-method: http.request.method + cs-referrer: http.request.referrer + cs-version: http.version + # All log UIDs + cert_chain_fuids: log.id.cert_chain_fuids + client_cert_chain_fuids: log.id.client_cert_chain_fuids + client_cert_fuid: log.id.client_cert_fuid + conn_uids: log.id.conn_uids + fid: log.id.fid + fuid: log.id.fuid + fuids: log.id.fuids + id: log.id.id + orig_fuids: log.id.orig_fuids + parent_fuid: log.id.parent_fuid + related_fuids: log.id.related_fuids + resp_fuids: log.id.resp_fuids + server_cert_fuid: log.id.server_cert_fuid + tunnel_parents: log.id.tunnel_parents + uid: log.id.uid + uids: log.id.uids + uuid: log.id.uuid + # Overlapping fields/mappings (aka: shared fields) + action: + #- smb.action + - '*.action' + #service=smb_files: smb.action + #service=mqtt: mqtt.action + #service=tunnel: tunnel.action + addl: + #- weird.addl + - '*.addl' + #service=dns: dns.addl + #service=weird: weird.addl + analyzer: + #- dpd.analyzer + - '*.analyzer' + #service=dpd: dpd.analyzer + #service=files: files.analyzer + arg: + #- ftp.arg + - '*.arg' + #service=ftp: ftp.arg + #service=ftp: pop3.arg + #service=msqyl: mysql.arg + #auth: + #service=rfb: rfb.auth #RFB does not exist in newer logs, so skipping to cover dns.auth + cipher: + #- kerberos.cipher + - '*.client' + #service=kerberos: kerberos.cipher + #service=ssl: tls.cipher + client: + #- ssh.client + - '*.client' + #service=kerberos: kerberos.client + #service=ssh: ssh.client + command: + #- ftp.command + - '*.command' + #service=pop3: pop3.command + #service=ftp: ftp.command + #service=irc: irc.command + date: + #- smtp.date + - '*.date' + #service=sip: sip.date + #service=smtp: smtp.date + duration: + - event.duration + #- '*.duration' + #service=conn: event.duration + #service=files: files.duration + #service=snmp: event.duration + from: + #- smtp.from + - '*.from' + #service=kerberos: kerberos.from + #service=smtp: smtp.from + is_orig: + - '*.is_orig' + #service=file: file.is_orig + #service=pop3: pop3.is_orig + local_orig: + - '*.local_orig' + #service=conn conn.local_orig + #service=files file.local_orig + method: + - http.request.method + #service=http: http.request.method + #service=sip: sip.method + msg: + - notice.msg + #service=notice: notice.msg + #service=pop3: pop3.msg + name: + - file.name + #- '*.name' + #service=smb_files: file.name + #service=software: software.name + #service=weird: weird.name + path: + - file.path + #- '*.path' + #service=smb_files: file.path + #service=smb_mapping: file.path + #service=smtp: smtp.path + reply_msg: + #- ftp.reply_msg + - '*.reply_msg' + #service=ftp: ftp.reply_msg + #service=radius: radius.reply_msg + reply_to: + #- smtp.reply_to + - '*.reply_to' + #service=sip: sip.reply_to + #service=smtp: smtp.reply_to + response_body_len: + - http.response.body.bytes + #service=http: http.response.body.bytes + #service=sip: sip.response_body_len + request_body_len: + - http.request.body.bytes + #service=http: http.response.body.bytes + #service=sip: sip.request_body_len + service: + #- kerberos.service + - '*.service' + #service=kerberos: kerberos.service + #service=smb_mapping: smb.service + status: + #- socks.status + - '*.status' + #service=pop3: pop3.status + #service=mqtt: mqtt.status + #service=socks: socks.status + status_code: + - 'http.response.status_code' + #service=http: http.response.status_code + #service=sip: sip.status_code + status_msg: + - http.status_msg + #- '*.status_msg' + #service=http: http.status_msg + #service=sip: sip.status_msg + subject: + #- smtp.subject + - '*.subject' + #service=known_certs: known_certs.subject + #service=sip: sip.subject + #service=smtp: smtp.subject + #service=ssl: tls.subject + trans_depth: + #- http.trans_depth + - '*.trans_depth' + #service=http: http.trans_depth + #service=sip: sip.trans_depth + #service=smtp: smtp.trans_depth + version: + #- tls.version + - '*.version' + #service=gquic: gquic.version + #service=ntp: ntp.version + #service=socks: socks.version + #service=snmp: snmp.version + #service=ssh: ssh.version + #service=tls: tls.version + # Conn and Conn Long + cache_add_rx_ev: conn.cache_add_rx_ev + cache_add_rx_mpg: conn.cache_add_rx_mpg + cache_add_rx_new: conn.cache_add_rx_new + cache_add_tx_ev: conn.cache_add_tx_ev + cache_add_tx_mpg: conn.cache_add_tx_mpg + cache_del_mpg: conn.cache_del_mpg + cache_entries: conn.cache_entries + conn_state: conn.conn_state + corelight_shunted: conn.corelight_shunted + history: conn.history + id.orig_h.name_src: conn.id.orig_h_name.src + id.orig_h.names_vals: conn.id.orig_h_names.vals + id.resp_h.name_src: conn.id.resp_h_name.src + id.resp_h.name_vals: conn.id.resp_h_name.vals + #local_orig: conn.local_orig + local_resp: conn.local_resp + missed_bytes: conn.missed_bytes + orig_bytes: source.bytes + orig_cc: source.geo.country_iso_code + orig_ip_bytes: conn.orig_ip_bytes + orig_l2_addr: source.mac + orig_pkts: source.packets + resp_bytes: destination.bytes + resp_cc: destination.geo.country_iso_code + resp_ip_bytes: conn.resp.ip_bytes + resp_l2_addr: destination.mac + resp_pkts: destination.packets + # DCE-RPC Specific + endpoint: dce_rpc.endpoint + named_pipe: dce_rpc.named_pipe + operation: dce_rpc.operation + #rtt: dce_rpc.rtt + # DHCP + domain: source.domain + host_name: source.hostname + lease_time: dhcp.lease_time + agent_remote_id: dhcp.agent_remote_id + assigned_addr: dhcp.assigned_addr + circuit_id: dhcp.circuit_id + client_message: dhcp.client_message + client_software: dhcp.client_software + client_fqdn: source.fqdn + #mac: source.mac + msg_orig: dhcp.msg_orig + msg_types: dhcp.msg_types + requested_addr: dhcp.requested_addr + server_addr: destination.ip + server_message: dhcp.server_message + server_software: dhcp.server_software + subscriber_id: dhcp.subscriber_id + # DNS + AA: dns.AA + #addl: dns.addl + auth: dns.auth + answers: dns.answers.name + TTLs: dns.answers.ttl + RA: dns.RA + RD: dns.RD + rejected: dns.rejected + TC: dns.TC + Z: dns.Z + qclass: dns.qclass + qclass_name: dns.question.class + qtype: dns.qtype + qtype_name: dns.question.type + query: dns.question.name + rcode_name: dns.response_code + rcode: dns.rcode + #rtt: dns.rtt + trans_id: dns.id + # DNP3 + fc_reply: dnp3.fc_reply + fc_request: dnp3.fc_request + iin: dnp3.inn + # DPD + #analyzer: dpd.analyzer + failure_reason: dpd.failure_reason + packet_segment: dpd.packet_segment + # Files + rx_hosts: source.ip + tx_hosts: destination.ip + #analyzer: files.analyzer + depth: files.depth + #duration: files.duration + extracted: files.extracted + extracted_cutoff: files.extracted_cutoff + extracted_size: files.extracted_size + entropy: files.entropy + md5: file.hash.md5 + sha1: file.hash.sha1 + sha256: file.hash.sha256 + #is_orig: file.is_orig + #local_orig: files.local_orig + missing_bytes: files.missing_bytes + filename: file.name + overflow_bytes: files.overflow_bytes + seen_bytes: files.seen_bytes + source: network.protocol + total_bytes: file.size + timedout: files.timedout + # GQUIC/QUIC + cyu: gquic.cyu + cyutags: gquic.cyutags + #server_name: destination.domain + tag_count: gquic.tag_count + #user_agent: user_agent.original + #version: gquic.version + # FTP + #arg: ftp.arg + #command: ftp.command + cwd: ftp.cwd + data_channel.orig_h: ftp.data_channel.orig_h + data_channel.passive: ftp.data_channel.passive + data_channel.resp_h: ftp.data_channel.resp_h + data_channel.resp_p: ftp.data_channel.resp_p + passive: ftp.passive + file_size: file.size + #mime_type: file.mime_type + #password: ftp.password + reply_code: ftp.reply_code + #reply_msg: ftp.reply_msg + #user: source.user.name + # HTTP + client_header_names: http.client_header_names + cookie_vars: http.cookie_vars + flash_version: http.flash_version + info_code: http.info_code + info_msg: http.info_msg + #method: http.request.method + omniture: http.omniture + orig_filenames: http.orig_filenames + orig_mime_types: http.orig_mime_types + origin: http.origin + #password: source.user.password + #response_body_len: http.response.body.bytes + #request_body_len: http.request.body.bytes + referrer: http.request.referrer + post_body: http.post_body + proxied: http.proxied + resp_filenames: http.resp_filenames + resp_mime_types: http.resp_mime_types + server_header_names: http.server_header_names + #status_code: http.response.status_code + #status_msg: http.status_msg + #trans_depth: http.trans_depth + uri_vars: http.uri_vars + #user_agent: user_agent.original + #username: source.user.name + # Intel + file_mime_type: file.mime_type + file_desc: intel.file_desc + #host: host.ip + matched: intel.matched + indicator: intel.seen.indicator + indicator_type: intel.seen.indicator_type + node: intel.seen.node + where: intel.seen.where + sources: intel.seen.sources + # IRC + dcc_file_name: file.name + dcc_file_size: file.size + dcc_mime_type: file.mime_type + #command: irc.command + nick: irc.nick + #user: source.user.name + value: irc.command + # Kerberos + auth_ticket: kerberos.auth_ticket + #cipher: kerberos.cipher + #client: kerberos.client + client_cert_subject: kerberos.client_cert_subject + error_code: kerberos.error_code + error_msg: kerberos.error_msg + #from: kerberos.from + forwardable: kerberos.forwardable + new_ticket: kerberos.new_ticket + renewable: kerberos.renewable + request_type: kerberos.request_type + server_cert_subject: kerberos.server_cert_subject + #service: kerberos.service + #success: event.outcome + till: kerberos.till + # Known_Certs + #host: host.ip + issuer_subject: known_certs.issuer_subject + #port_num: labels.known.port + serial: known_certs.serial + #subject: known_certs.subject + # Known_Modbus + #host: host.ip + device_type: known_modbus.device_type + # Known_Services + port_proto: network.transport + #port_num: labels.known.port + # Modbus All + delta: modbus.delta + new_val: modbus.new_val + old_val: modbus.old_val + register: modbus.register + # Modbus + func: modbus.func + exception: modbus.exception + track_address: modbus.track_address + # ModBus_Register_Change + #delta: modbus.delta + #new_val: modbus.new_val + #old_val: modbus.old_val + #register: modbus.register + # MQTT_Connect , MQTT_Publish, MQTT_Subscribe + ack: mqtt.ack + #action: mqtt.action + client_id: mqtt.client_id + connect_status: mqtt.connect_status + from_client: mqtt.from_client + granted_qos_level: mqtt.granted_qos_level + payload: mqtt.payload + payload_len: mqtt.payload_len + proto_name: mqtt.proto_name + proto_version: mqtt.proto_version + qos: mqtt.qos + qos_levels: mqtt.qos_levels + retain: mqtt.retain + #status: mqtt.status + topic: mqtt.topic + topics: mqtt.topics + will_payload: mqtt.will_payload + will_topic: mqtt.will_topic + # MYSQL + #arg: mysql.arg + cmd: mysql.command + response: mysql.response + rows: mysql.rows + #success: event.outcome + # Notice + actions: notice.actions + dropped: notice.dropped + #dst: destination.ip + email_body_sections: notice.email_body_sections + email_delay_tokens: notice.email_delay_tokens + identifier: notice.identifier + #msg: notice.msg + n: notice.n + note: notice.note + p: destination.port + peer_descr: notice.peer_descr + peer_name: notice.peer_name + #proto: network.transport + #src: source.ip + sub: notice.sub + subpress_for: notice.subpress_for + # NTLM + domainname: ntlm.domainname + hostname: ntlm.hostname + #username: source.user.name + server_nb_computer_name: ntlm.server_nb_computer_name + server_tree_name: ntlm.server_tree_name + #success: event.outcome + server_dns_computer_name: ntlm.server_dns_computer_name + # NTP + mode: ntp.mode + num_exts: ntp.num_exts + org_time: ntp.org_time + poll: ntp.poll + precision: ntp.precision + rec_time: ntp.rec_time + ref_id: ntp.ref_id + ref_time: ntp.ref_time + root_delay: ntp.root_delay + root_disp: ntp.root_disp + stratum: ntp.stratum + #version: ntp.version + xmt_time: ntp.xmt_time + # OCSP + certStatus: oscp.certStatus + hashAlgorithm: oscp.hashAlgorithm + issuerKeyHash: oscp.issuerKeyHash + issuerNameHash: oscp.issuerNameHash + nextUpdate: oscp.nextUpdate + revokereason: oscp.revokereason + revoketime: oscp.revoketime + serialNumber: oscp.serialNumber + thisUpdate: oscp.thisUpdate + # PE + compile_ts: pe.compile_ts + has_cert_table: pe.has_cert_table + has_debug_data: pe.has_debug_data + has_import_table: pe.has_import_table + has_export_table: pe.has_export_table + is_64bit: pe.is_64bit + is_exe: pe.is_exe + machine: pe.machine + os: pe.os + section_names: pe.section_names + subsystem: pe.subsystem + uses_aslr: pe.uses_aslr + uses_code_integrity: pe.uses_code_integrity + uses_dep: pe.uses_dep + uses_seh: pe.uses_seh + # POP3 + #arg: pop3.arg + #command: pop3.command + current_request: pop3.current_request + current_response: pop3.current_response + data: pop3.data + failed_commands: pop3.failed_commands + has_client_activity: pop3.has_client_activity + #is_orig: pop3.is_orig + #msg: pop3.msg + #password: source.user.password + pending: pop3.pending + #status: pop3.status + successful_commands: pop3.successful_commands + #username: source.user.name + # Radius + connect_info: radius.connect_info + framed_addr: radius.framed_addr + #mac: source.mac + #reply_msg: radius.reply_msg + #result: event.outcome + ttl: event.duration + tunnel_client: radius.tunnel_client + #username: source.user.name + # RDP + cert_count: rdp.cert_count + cert_permanent: rdp.cert_permanent + cert_type: rdp.cert_type + client_build: rdp.client_build + client_dig_product_id: rdp.client_dig_product_id + client_name: source.hostname + cookie: rdp.cookie + desktop_height: rdp.desktop_height + desktop_width: rdp.desktop_width + encryption_level: rdp.encryption_level + encryption_method: rdp.encryption_method + keyboard_layout: rdp.keyboard_layout + requested_color_depth: rdp.requested_color_depth + #result: event.outcome + security_protocol: rdp.security_protocol + ssl: rdp.ssl + # RFB + #auth: event.outcome + authentication_method: rfb.authentication_method + client_major_version: rfb.client_major_version + client_minor_version: rfb.client_minor_version + desktop_name: destination.hostname + height: rfb.height + server_major_version: rfb.server_major_version + server_minor_version: rfb.server_minor_version + share_flag: rfb.share_flag + width: rfb.width + # SIP + call_id: sip.call_id + content_type: sip.content_type + #date: sip.date + #method: sip.method + #reply_to: sip.reply_to + #request_body_len: sip.request_body_len + request_from: sip.request_from + request_path: sip.request_path + request_to: sip.request_to + #response_body_len: sip.response_body_len + response_from: sip.response_from + response_path: sip.response_path + response_to: sip.response_to + seq: sip.seq + #status_code: sip.status_code + #status_msg: sip.status_msg + #subject: sip.subject + #trans_depth: sip.trans_depth + #uri: url.original + warning: sip.warning + #user_agent: user_agent.original + # SMB_Files + #action: smb.action + #name: file.name + #path: file.path + prev_name: smb.prev_name + size: file.size + times_accessed: file.accessed + times_changed: file.ctime + times_created: file.created + times_modified: file.mtime + # SMB_Mapping + native_file_system: smb.native_file_system + #path: file.path + share_type: smb.share_type + #service: smb.service + # SMTP + cc: smtp.cc + #date: smtp.date + first_received: smtp.first_received + #from: smtp.from + helo: smtp.helo + in_reply_to: smtp.in_reply_to + is_webmail: smtp.is_webmail + last_reply: smtp.last_reply + mailfrom: smtp.mailfrom + msg_id: smtp.msg_id + #path: smtp.path + rcptto: smtp.rcptto + #reply_to: smtp.reply_to + second_received: smtp.second_received + #subject: smtp.subject + tls: smtp.tls + to: smtp.to + #trans_depth: smtp.trans_depth + x_originating_ip: smtp.x_originating_ip + #user_agent: user_agent.original + # SMTP_Links + #cs-host: url.domain + #c-uri: url.original + # SNMP + #duration: event.duration + community: snmp.community + display_string: snmp.display_string + get_bulk_requests: snmp.get_bulk_requests + get_requests: snmp.get_requests + set_requests: snmp.set_requests + up_since: snmp.up_since + #version: snmp.version + # Socks + #password: source.user.password + bound_host: socks.bound_host + bound_name: socks.bound_name + bound_p: socks.bound_p + request_host: socks.request_host + request_name: socks.request_name + request_p: socks.request_p + #status: socks.status + #version: socks.version + # Software + #host: host.ip + host_p: software.host_port + version.major: software.version.major + version.minor: software.version.minor + version.minor2: software.version.minor2 + version.minor3: software.version.minor3 + #name: software.name + unparsed_version: software.unparsed_version + software_type: software.software_type + #url: url.original + # SSH + auth_attempts: ssh.auth_attempts + auth_success: event.outcome + cipher_alg: ssh.cipher_alg + #client: ssh.client + compression_alg: ssh.compression_alg + cshka: ssh.cshka + direction: network.direction + hassh: ssh.hassh + hasshAlgorithms: ssh.hasshAlgorithms + hasshServer: ssh.hasshServer + hasshServerAlgorithms: ssh.hasshServerAlgorithms + hasshVersion: ssh.hasshVersion + host_key: ssh.host_key + host_key_alg: ssh.host_key_alg + kex_alg: ssh.kex_alg + mac_alg: ssh.mac_alg + server: ssh.server + #version: ssh.version + # SSL / TLS + #cipher: tls.cipher + client_issuer: tls.client.issuer + client_subject: tls.client.subject + curve: tls.curve + established: tls.established + issuer: tls.server.issuer + ja3: tls.client.ja3 + ja3s: tls.client.ja3s + last_alert: ssl.last_alert + next_protocol: tls.next_protocol + notary: ssl.notary + ocsp_status: ssl.oscp_status + orig_certificate_sha1: tls.client.hash.sha1 + resp_certificate_sha1: tls.server.hash.sha1 + resumed: tls.resumed + #server_name: tls.client.server_name + #subject: tls.server.subject + valid_ct_logs: ssl.valid_ct_logs + valid_ct_operators: ssl.validct_operators + valid_ct_operators_list: ssl.valid_ct_operators_list + validation_status: ssl.validation_status + #version: tls.version + version_num: ssl.version_num + # Syslog + facility: log.syslog.facility.name + severity: log.syslog.severity.name + message: syslog.message + # Traceroute + #proto: network.transport + #dst: destination.ip + #src: source.ip + # Tunnel + #action: tunnel.action + tunnel_type: tunnel.tunnel_type + # Weird + #addl: weird.addl + #name: weird.name + notice: weird.notice + peer: weird.peer + # X509 + basic_constraints.ca: x509.certificate.basic_constraints_ca + basic_constraints.path_len: x509.certificate.basic_constraints_path_length + certificate.cn: x509.certificate.cn + certificate.curve: x509.certificate.curve + certificate.exponent: x509.certificate.exponent + certificate.issuer: x509.certificate.issuer + certificate.key_alg: x509.certificate.key_alg + certificate.key_length: x509.certificate.key_length + certificate.key_type: x509.certificate.key_type + certificate.not_valid_after: x509.certificate.not_valid_after + certificate.not_valid_before: x509.certificate.not_valid_before + certificate.serial: x509.certificate.serial + certificate.sig_alg: x509.certificate.sig_alg + certificate.subject: x509.certificate.subject + certificate.version: x509.certificate.version + logcert: x509.logcert + san.dns: x509.san.dns + san.email: x509.san.email + san.ip: x509.san.ip + san.uri: x509.san.url + # Temporary one off rule name's people have written + agent.version: version + c-cookie: http.cookie_vars + c-ip: source.ip + cs-uri: url.original + clientip: source.ip + clientIP: source.io + dest_domain: + - query + - host + - server_name + dest_ip: destination.ip + dest_port: destination.port \ No newline at end of file diff --git a/tools/config/ecs-zeek-elastic-beats-implementation.yml b/tools/config/ecs-zeek-elastic-beats-implementation.yml new file mode 100644 index 00000000..12651438 --- /dev/null +++ b/tools/config/ecs-zeek-elastic-beats-implementation.yml @@ -0,0 +1,1069 @@ +title: Elastic Common Schema (ECS) implementation for Zeek using filebeat modules enabled based on version 7.6.1 +order: 20 +backends: + - es-qs + - es-dsl + - elasticsearch-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + zeek: + product: zeek + index: 'filebeat*' + #'*ecs-corelight*' + #'*ecs-zeek-* + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + event.dataset: zeek.connection + zeek-category-dns: + category: dns + conditions: + event.dataset: zeek.dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + event.dataset: zeek.http + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + event.dataset: zeek.conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + event.dataset: zeek.conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + event.dataset: zeek.dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + event.dataset: zeek.dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + event.dataset: zeek.dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + event.dataset: zeek.dpd + zeek-files: + product: zeek + service: files + conditions: + event.dataset: zeek.files + zeek-ftp: + product: zeek + service: ftp + conditions: + event.dataset: zeek.ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + event.dataset: zeek.gquic + zeek-http: + product: zeek + service: http + conditions: + event.dataset: zeek.http + zeek-http2: + product: zeek + service: http2 + conditions: + event.dataset: zeek.http2 + zeek-intel: + product: zeek + service: intel + conditions: + event.dataset: zeek.intel + zeek-irc: + product: zeek + service: irc + conditions: + event.dataset: zeek.irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + event.dataset: zeek.kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + event.dataset: zeek.known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + event.dataset: zeek.known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + event.dataset: zeek.known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + event.dataset: zeek.known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + event.dataset: zeek.modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + event.dataset: zeek.modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + event.dataset: zeek.mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + event.dataset: zeek.mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + event.dataset: zeek.mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + event.dataset: zeek.mysql + zeek-notice: + product: zeek + service: notice + conditions: + event.dataset: zeek.notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + event.dataset: zeek.ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + event.dataset: zeek.ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + event.dataset: zeek.ocsp + zeek-pe: + product: zeek + service: pe + conditions: + event.dataset: zeek.pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + event.dataset: zeek.pop3 + zeek-radius: + product: zeek + service: radius + conditions: + event.dataset: zeek.radius + zeek-rdp: + product: zeek + service: rdp + conditions: + event.dataset: zeek.rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + event.dataset: zeek.rfb + zeek-sip: + product: zeek + service: sip + conditions: + event.dataset: zeek.sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + event.dataset: zeek.smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + event.dataset: zeek.smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + event.dataset: zeek.smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + event.dataset: zeek.smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + event.dataset: zeek.snmp + zeek-socks: + product: zeek + service: socks + conditions: + event.dataset: zeek.socks + zeek-software: + product: zeek + service: software + conditions: + event.dataset: zeek.software + zeek-ssh: + product: zeek + service: ssh + conditions: + event.dataset: zeek.ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + event.dataset: zeek.tls + zeek-tls: # In case people call it TLS even though orig log is called ssl, but dataset is tls so may cause confusion so cover that + product: zeek + service: tls + conditions: + event.dataset: zeek.tls + zeek-syslog: + product: zeek + service: syslog + conditions: + event.dataset: zeek.syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + event.dataset: zeek.tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + event.dataset: zeek.traceroute + zeek-weird: + product: zeek + service: weird + conditions: + event.dataset: zeek.weird + zeek-x509: + product: zeek + service: x509 + conditions: + event.dataset: zeek.x509 + zeek-ip_search: + product: zeek + service: network + conditions: + event.dataset: + - connection + #- conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +defaultindex: 'filebeat*' +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst: + - destination.address + - destination.ip + dst_ip: + - destination.address + - destination.ip + dst_port: destination.port + #host: host.ip # Not implemented by Elastic (Beats) yet + #inner_vlan: network.vlan.inner.id # Not implemented by Elastic (Beats) yet + #mac: source.mac + #mime_type: file.mime_type # Not implemented by Elastic (Beats) yet + network_application: network.protocol + network_community_id: network.community_id + network_protocol: network.transport + #password: source.user.password + #port_num: labels.known.port + proto: network.transport + #result: event.outcome # Not implemented by Elastic (Beats) yet + #rtt: event.duration # Not implemented by Elastic (Beats) yet + #server_name: destination.domain + src: + - source.address + - source.ip + src_ip: source.ip + src_port: source.port + #success: event.outcome # Not implemented by Elastic (Beats) yet + #uri: url.original + #user: source.user.name + #username: source.user.name # Not complete by Elastic (Beats) yet + #user_agent: user_agent.original + #vlan: network.vlan.id # Not implemented by Elastic (Beats) yet + # Overlapping fields/mappings (aka: shared fields) + action: + - 'zeek.smb_files.action' + #service=tunnel: zeek.tunnel.action + #service=smb_files: zeek.smb_files.action + addl: + - 'zeek.weird.additional_info' + #service=dns: zeek.dns.addl + #service=weird: zeek.weird.additional_info + arg: + - 'zeek.*.arg' + auth: + - 'zeek.*.auth*' + #service=dns: zeek.dns.auth + #service=rfb: zeek.rfb.auth.success + cipher: + - 'zeek.*.cipher' + #service=kerberos: zeek.kerberos.cipher + #service=ssl: zeek.ssl.cipher + client: + - 'zeek.*.client*' + #service=kerberos: zeek.kerberos.cert.client.value + #service=ssh: zeek.ssh.client + command: + - 'zeek.*.command' + #service=ftp: zeek.ftp.command + #service=irc: zeek.irc.command + date: + - 'zeek.*.date' + #service=smtp: zeek.smtp.date + #service=sip: zeek.sip.date + duration: + #- event.duration + - '*.duration' + #service=conn: event.duration + #service=files: zeek.files.duration + #service=snmp: zeek.snmp.duration + from: + - 'zeek.*.from' + #service=smtp: zeek.smtp.from + #service=kerberos: zeek.kerberos.valid.from + is_orig: + - 'zeek.*.is_orig' + local_orig: + - 'zeek.*.local_orig' + method: + - http.request.method + #service=http: http.request.method + #service=sip: zeek.sip.sequence.method + name: + - 'zeek.smb_files.name' + #service=weird: zeek.weird.name + #service=smb_files: zeek.smb_files.name + path: + - 'zeek.*.path' + #service=smb_mapping: zeek.smb_mapping.path + #service=smb_files: zeek.smb_files.path + #service=smtp: zeek.smtp.path + password: + - 'zeek.*.password' + #service=ftp: zeek.ftp.password + #service=http: zeek.http.password + #service=socks: zeek.socks.password + reply_msg: + - 'zeek.*.reply*msg' + #service=ftp: zeek.ftp.reply.msg + #service=radius: zeek.radius.reply_msg + response_body_len: + - http.response.body.bytes + #service=http: http.response.body.bytes + #service=sip: zeek.sip.response_body_len + request_body_len: + - http.request.body.bytes + #service=http: http.response.body.bytes + #service=sip: zeek.sip.request_body_len + rtt: + #- event.duration + - 'zeek.*.rtt' + #service=dns: zeek.dns.rtt + #service=dce_rpc: zeek.dce_rpc.rtt + status_code: + - 'http.response.status_code' + #service=http: http.response.status_code + #service=sip: zeek.sip.status_code + status_msg: + - 'zeek.*status*msg' + #service=http: zeek.http.status_msg + #service=sip: zeek.sip.status.msg + subject: + - 'zeek.*.subject' + #service=sip: zeek.sip.subject + #service=ssl: zeek.ssl.subject + service: + - 'zeek.*.service' + #service=kerberos: zeek.kerberos.service + #service=smb_mapping: zeek.smb_mapping.service + - 'zeek.*.reply_to' + #service=sip: zeek.sip.reply_to + #service=smtp: zeek.smtp.reply_to + trans_depth: + - 'zeek.*.trans*depth' + #service=smtp: zeek.smtp.transaction_depth + #service=http: zeek.http.trans_depth + #service=sip: zeek.sip.transaction_depth + username: + - 'zeek.*.username' + #service=http: url.username + #service=notice: zeek.notice.username + #service=pop3: zeek.pop3.username + #service=radius: zeek.radius.username + uri: + - 'url.original' + #service=http: url.original + #service=sip: zeek.sip.uri + user: + - 'zeek.*user*' + #service=ftp: zeek.ftp.user.name + #service=irc: zeek.irc.user.name + user_agent: + - 'zeek.*user_agent*' + #service=http: user_agent.original + #service=guic: user_agent + #service=sip: zeek.sip.user_agent + #service=smtp: zeek.smtp.user_agent + version: + - 'zeek.*.version' + #service=snmp: zeek.snmp.version + #service=socks: zeek.socks.version + #service=ssh: zeek.ssh.version + #service=ssl: zeek.ssl.version + # DNS matching Taxonomy & DNS Category + answer: dns.answers.name + question_length: labels.dns.query_length + record_type: dns.question.type + parent_domain: dns.question.registered_domain + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: http.request.body.bytes + cs-cookie: http.cookie_vars + r-dns: + - url.domain + - destination.domain + sc-bytes: http.response.body.bytes + sc-status: http.response.status_code + c-uri: url.original + c-uri-extension: url.extension + c-uri-query: url.query + c-uri-stem: url.original + c-useragent: user_agent.original + cs-host: + - url.domain + - destination.domain + cs-method: http.request.method + cs-referrer: http.request.referrer + cs-version: http.version + uid: zeek.session_id + # Conn + cache_add_rx_ev: zeek.connection.cache_add_rx_ev + cache_add_rx_mpg: zeek.connection.cache_add_rx_mpg + cache_add_rx_new: zeek.connection.cache_add_rx_new + cache_add_tx_ev: zeek.connection.cache_add_tx_ev + cache_add_tx_mpg: zeek.connection.cache_add_tx_mpg + cache_del_mpg: zeek.connection.cache_del_mpg + cache_entries: zeek.connection.cache_entries + conn_state: zeek.connection.conn_state + conn_uids: zeek.files.session_ids + corelight_shunted: zeek.connection.corelight_shunted + history: zeek.connection.history + id.orig_h.name_src: zeek.connection.id.orig_h_name.src + id.orig_h.names_vals: zeek.connection.id.orig_h_names.vals + id.resp_h.name_src: zeek.connection.id.resp_h_name.src + id.resp_h.name_vals: zeek.connection.id.resp_h_name.vals + #local_orig: zeek.connection.local_orig + local_resp: zeek.connection.local_resp + missed_bytes: zeek.connection.missed_bytes + orig_bytes: source.bytes + orig_cc: source.geo.country_iso_code + orig_ip_bytes: zeek.connection.orig_ip_bytes + orig_l2_addr: source.mac + orig_pkts: source.packets + resp_bytes: destination.bytes + resp_cc: destination.geo.country_iso_code + resp_ip_bytes: zeek.connection.resp.ip_bytes + resp_l2_addr: destination.mac + resp_pkts: destination.packets + # DCE-RPC Specific + endpoint: zeek.dce_rpc.endpoint + named_pipe: zeek.dce_rpc.named_pipe + operation: zeek.dce_rpc.operation + #rtt: zeek.dce_rpc.rtt + # DHCP + domain: zeek.dhcp.domain + host_name: zeek.dhcp.hostname + lease_time: zeek.dhcp.lease_time + agent_remote_id: zeek.dhcp.agent_remote_id + assigned_addr: zeek.dhcp.assigned_addr + circuit_id: zeek.dhcp.circuit_id + client_message: zeek.dhcp.client_message + client_software: zeek.dhcp.client_software + client_fqdn: zeek.dhcp.client_fqdn + #mac: source.mac + msg_orig: zeek.dhcp.msg_orig + msg_types: zeek.dhcp.msg_types + requested_addr: zeek.dhcp.requested_addr + server_addr: destination.ip + server_message: zeek.dhcp.server_message + server_software: zeek.dhcp.server_software + subscriber_id: zeek.dhcp.subscriber_id + #zeek.zeek.dhcp.client_port: Elastic has this, but is not actually a zeek log field for dhcp + #zeek.zeek.dhcp.server_port: Elastic has this, but is not actually a zeek log field for dhcp + # DNS + AA: zeek.dns.AA + #addl: zeek.dns.addl + #auth: zeek.dns.auth + answers: dns.answers.name + TTLs: dns.answers.ttl + RA: zeek.dns.RA + RD: zeek.dns.RD + rejected: zeek.dns.rejected + TC: zeek.dns.TC + Z: zeek.dns.Z + qclass: zeek.dns.qclass + qclass_name: dns.question.class + qtype: zeek.dns.qtype + qtype_name: dns.question.type + query: dns.question.name + rcode_name: dns.response_code + rcode: zeek.dns.rcode + #rtt: zeek.dns.rtt + trans_id: dns.id + # DNP3 + fc_reply: dnp3.function.reply + fc_request: dnp3.function.request + iin: dnp3.inn + # DPD + #analyzer: dpd.analyzer + failure_reason: dpd.failure_reason + packet_segment: dpd.packet_segment + # Files + rx_hosts: zeek.files.rx_host + tx_hosts: zeek.files.tx_host + #analyzer: zeek.files.analyzer + depth: zeek.files.depth + #duration: zeek.files.duration + extracted: zeek.files.extracted + extracted_cutoff: zeek.files.extracted_cutoff + extracted_size: zeek.files.extracted_size + entropy: zeek.files.entropy + md5: zeek.files.md5 + sha1: zeek.files.sha1 + sha256: zeek.files.sha256 + #is_orig: zeek.files.is_orig + #local_orig: zeek.files.local_orig + missing_bytes: zeek.files.missing_bytes + filename: zeek.files.filename + overflow_bytes: zeek.files.overflow_bytes + seen_bytes: zeek.files.seen_bytes + total_bytes: zeek.files.total_bytes + timedout: zeek.files.timedout + # GQUIC/QUIC + cyu: gquic.cyu + cyutags: gquic.cyutags + #server_name: destination.domain + tag_count: gquic.tag_count + #user_agent: user_agent.original + #version: gquic.version + # FTP + #arg: zeek.ftp.arg + #command: zeek.ftp.command + cwd: zeek.ftp.cwd + data_channel.passive: zeek.ftp.data_channel.passive + data_channel.orig_h: zeek.ftp.data_channel.originating_host + data_channel.resp_h: zeek.ftp.data_channel.response_host + data_channel.resp_p: zeek.ftp.data_channel.response_port + file_size: zeek.ftp.file.size + passive: zeek.ftp.passive + #password: zeek.ftp.password + reply_code: zeek.ftp.reply.code + #reply_msg: zeek.ftp.reply.msg + #user: zeek.ftp.user.name + # HTTP + client_header_names: zeek.http.client_header_names + cookie_vars: zeek.http.cookie_vars + flash_version: zeek.http.flash_version + info_code: zeek.http.info_code + info_msg: zeek.http.info_msg + #method: http.request.method + omniture: zeek.http.omniture + orig_filenames: zeek.http.orig_filenames + orig_mime_types: zeek.http.orig_mime_types + origin: zeek.http.origin + #password: zeek.http.password + #response_body_len: http.response.body.bytes + #request_body_len: http.request.body.bytes + referrer: http.request.referrer + post_body: zeek.http.post_body + proxied: zeek.http.proxied + resp_filenames: zeek.http.resp_filenames + resp_mime_types: zeek.http.resp_mime_types + server_header_names: zeek.http.server_header_names + #status_msg: zeek.http.status_msg + #trans_depth: zeek.http.trans_depth + #uri: url.original + uri_vars: zeek.http.uri_vars + #user_agent: user_agent.original + #username: source.user.name + # Intel + file_mime_type: zeek.intel.mime_type + file_desc: zeek.intel.file_desc + host: zeek.intel.seen.host + matched: zeek.intel.matched + indicator: zeek.intel.seen.indicator + indicator_type: zeek.intel.seen.indicator_type + node: zeek.intel.seen.node + where: zeek.intel.seen.where + sources: zeek.intel.seen.sources + # IRC + dcc_file_name: zeek.irc.dcc.file.name + dcc_file_size: zeek.irc.dcc.file.size + dcc_mime_type: zeek.irc.dcc.mime_type + #command: zeek.irc.command + nick: zeek.irc.nick + #user: zeek.irc.username + value: zeek.irc.command + # Kerberos + auth_ticket: zeek.kerberos.ticket.auth + #cipher: zeek.kerberos.cipher + #client: zeek.kerberos.cert.client.value + client_cert_subject: zeek.kerberos.cert.client.subject + error_code: zeek.kerberos.error.code + error_msg: zeek.kerberos.error.msg + forwardable: zeek.kerberos.forwardable + #from: zeek.kerberos.valid.from + new_ticket: zeek.kerberos.ticket.new + renewable: zeek.kerberos.renewable + request_type: zeek.kerberos.request_type + #service: zeek.kerberos.service + success: zeek.kerberos.success + server_cert_subject: zeek.kerberos.cert.server.subject + till: zeek.kerberos.valid.until + # Known_Certs + #host: host.ip # known_services not in Elastic Beats at all + #issuer_subject: known_certs.issuer_subject # known_services not in Elastic Beats at all + #port_num: labels.known.port # known_services not in Elastic Beats at all + #serial: known_certs.serial # known_services not in Elastic Beats at all + #subject: known_certs.subject # known_services not in Elastic Beats at all + # Known_Modbus + #host: host.ip # known_services not in Elastic Beats at all + #device_type: known_modbus.device_type # known_services not in Elastic Beats at all + # Known_Services + #port_proto: network.transport # known_services not in Elastic Beats at all + #port_num: labels.known.port # known_services not in Elastic Beats at all + # Modbus + delta: zeek.modbus.delta + new_val: zeek.modbus.new_val + old_val: zeek.modbus.old_val + register: zeek.modbus.register + func: zeek.modbus.function + exception: zeek.modbus.exception + track_address: zeek.modbus.track_address + # ModBus_Register_Change + #delta: modbus.delta # modbus_register_change not in Elastic Beats at all + #new_val: modbus.new_val # modbus_register_change not in Elastic Beats at all + #old_val: modbus.old_val # modbus_register_change not in Elastic Beats at all + #register: modbus.register # modbus_register_change not in Elastic Beats at all + # MQTT_Connect , MQTT_Publish, MQTT_Subscribe + #ack: mqtt.ack # mqtt logs not in Elastic Beats at all + #action: mqtt.action # mqtt logs not in Elastic Beats at all + #client_id: mqtt.client_id # mqtt logs not in Elastic Beats at all + #connect_status: mqtt.connect_status # mqtt logs not in Elastic Beats at all + #from_client: mqtt.from_client # mqtt logs not in Elastic Beats at all + #granted_qos_level: mqtt.granted_qos_level # mqtt logs not in Elastic Beats at all + #payload: mqtt.payload # mqtt logs not in Elastic Beats at all + #payload_len: mqtt.payload_len # mqtt logs not in Elastic Beats at all + #proto_name: mqtt.proto_name # mqtt logs not in Elastic Beats at all + #proto_version: mqtt.proto_version # mqtt logs not in Elastic Beats at all + #qos: mqtt.qos # mqtt logs not in Elastic Beats at all + #qos_levels: mqtt.qos_levels # mqtt logs not in Elastic Beats at all + #retain: mqtt.retain # mqtt logs not in Elastic Beats at all + ##status: mqtt.status # mqtt logs not in Elastic Beats at all + #topic: mqtt.topic # mqtt logs not in Elastic Beats at all + #topics: mqtt.topics # mqtt logs not in Elastic Beats at all + #will_payload: mqtt.will_payload # mqtt logs not in Elastic Beats at all + #will_topic: mqtt.will_topic # mqtt logs not in Elastic Beats at all + # MYSQL + #arg: mysql.arg + cmd: zeek.mysql.cmd + response: zeek.mysql.response + rows: zeek.mysql.rows + #success: event.outcome + # Notice + actions: zeek.notice.actions + #conn: # Not an actual field logged, but Beats has it + #iconn: # Not an actual field logged, but Beats has it + dropped: zeek.notice.dropped + #dst: destination.ip + email_body_sections: zeek.notice.email_body_sections + email_delay_tokens: zeek.notice.email_delay_tokens + identifier: zeek.notice.identifier + msg: zeek.notice.msg + n: zeek.notice.n + note: zeek.notice.note + p: destination.port + peer_descr: zeek.notice.peer_descr + peer_name: zeek.notice.peer_name + #proto: network.transport + #src: source.ip + sub: zeek.notice.sub + subpress_for: zeek.notice.subpress_for + # NTLM + domainname: zeek.ntlm.domain + hostname: zeek.ntlm.hostname + #username: notice.username + server_nb_computer_name: zeek.ntlm.server.name.netbios + server_tree_name: zeek.ntlm.server.name.tree + #success: event.outcome + server_dns_computer_name: zeek.ntlm.server.name.dns + # NTP + #mode: ntp.mode # ntp not in Elastic Beats at all + #num_exts: ntp.num_exts # ntp not in Elastic Beats at all + #org_time: ntp.org_time # ntp not in Elastic Beats at all + #poll: ntp.poll # ntp not in Elastic Beats at all + #precision: ntp.precision # ntp not in Elastic Beats at all + #rec_time: ntp.rec_time # ntp not in Elastic Beats at all + #ref_id: ntp.ref_id # ntp not in Elastic Beats at all + #ref_time: ntp.ref_time # ntp not in Elastic Beats at all + #root_delay: ntp.root_delay # ntp not in Elastic Beats at all + #root_disp: ntp.root_disp # ntp not in Elastic Beats at all + #stratum: ntp.stratum # ntp not in Elastic Beats at all + ##version: ntp.version # ntp not in Elastic Beats at all + #xmt_time: ntp.xmt_time # ntp not in Elastic Beats at all + # OCSP + certStatus: zeek.ocsp.status + hashAlgorithm: zeek.ocsp.hash.algorithm + issuerKeyHash: zeek.ocsp.hash.issuer.key + issuerNameHash: zeek.ocsp.hash.issuer.name + nextUpdate: zeek.ocsp.update.next + revokereason: zeek.ocsp.revoke.reason + revoketime: zeek.ocsp.revoke.date + serialNumber: zeek.ocsp.serial_number + thisUpdate: zeek.ocsp.update.this + # PE + compile_ts: zeek.pe.compile_time + has_cert_table: zeek.pe.has_cert_table + has_debug_data: zeek.pe.has_debug_data + has_import_table: zeek.pe.has_import_table + has_export_table: zeek.pe.has_export_table + is_64bit: zeek.pe.is_64bit + is_exe: zeek.pe.is_exe + machine: zeek.pe.machine + os: zeek.pe.os + section_names: zeek.pe.section_names + subsystem: zeek.pe.subsystem + uses_aslr: zeek.pe.uses_aslr + uses_code_integrity: zeek.pe.uses_code_integrity + uses_dep: zeek.pe.uses_dep + uses_seh: zeek.pe.uses_seh + # POP3 + #arg: pop3.arg # pop3 not in Elastic Beats at all + #command: pop3.command # pop3 not in Elastic Beats at all + #current_request: pop3.current_request # pop3 not in Elastic Beats at all + #current_response: pop3.current_response # pop3 not in Elastic Beats at all + #data: pop3.data # pop3 not in Elastic Beats at all + #failed_commands: pop3.failed_commands # pop3 not in Elastic Beats at all + #has_client_activity: pop3.has_client_activity # pop3 not in Elastic Beats at all + #is_orig: pop3.is_orig # pop3 not in Elastic Beats at all + #msg: pop3.msg # pop3 not in Elastic Beats at all + #password: source.user.password # pop3 not in Elastic Beats at all + #pending: pop3.pending # pop3 not in Elastic Beats at all + #status: pop3.status # pop3 not in Elastic Beats at all + #successful_commands: pop3.successful_commands # pop3 not in Elastic Beats at all + #username: pop3.username # pop3 not in Elastic Beats at all + # Radius + connect_info: zeek.radius.connect_info + framed_addr: zeek.radius.framed_addr + mac: zeek.radius.mac + #reply_msg: zeek.radius.reply_msg + result: zeek.radius.result + ttl: zeek.radius.ttl + tunnel_client: zeek.radius.tunnel_client + #username: zeek.radius.username + # RDP + #result: event.outcome + cert_count: zeek.rdp.cert.count + cert_permanent: zeek.rdp.cert.permanent + cert_type: zeek.rdp.cert.type + client_build: zeek.rdp.client.build + client_dig_product_id: zeek.rdp.client.product_id + client_name: zeek.rdp.client.name + cookie: zeek.rdp.cookie + desktop_height: zeek.rdp.desktop.height + desktop_width: zeek.rdp.desktop.width + encryption_level: zeek.rdp.encryption.level + encryption_method: zeek.rdp.encryption.method + keyboard_layout: zeek.rdp.keyboard_layout + requested_color_depth: zeek.rdp.desktop.color_depth + security_protocol: zeek.rdp.security_protocol + ssl: zeek.rdp.ssl + # RFB + #auth: zeek.rfb.auth.success + authentication_method: zeek.rfb.auth.method + client_major_version: zeek.rfb.version.client.major + client_minor_version: zeek.rfb.version.client.minor + desktop_name: zeek.rfb.desktop_name + height: zeek.rfb.height + server_major_version: zeek.rfb.version.server.major + server_minor_version: zeek.rfb.version.server.minor + share_flag: zeek.rfb.share_flag + width: zeek.rfb.width + # SIP + call_id: zeek.sip.call_id + content_type: zeek.sip.content_type + #date: zeek.sip.date + #method: zeek.sip.sequence.method + #reply_to: zeek.sip.reply_to + #request_body_len: zeek.sip.response.body_length + request_from: zeek.sip.request.from + request_path: zeek.sip.request.path + request_to: zeek.sip.request.to + #response_body_len: zeek.sip.request.body_length + response_from: zeek.sip.response.from + response_path: zeek.sip.response.path + response_to: zeek.sip.response.to + seq: zeek.sip.seq + #status_code: zeek.sip.status.code + #status_msg: zeek.sip.status.msg + #subject: zeek.sip.subject + #trans_depth: zeek.sip.transaction_depth + #uri: zeek.sip.uri + warning: zeek.sip.warning + #user_agent: zeek.sip.user_agent + # SMB_Files + #action: zeek.smb_files.action + #name: zeek.smb_files.name + #path: zeek.smb_files.path + prev_name: zeek.smb_files.prev_name + size: zeek.smb_files.size + times_accessed: zeek.smb_files.accessed + times_changed: zeek.smb_files.ctime + times_created: zeek.smb_files.created + times_modified: zeek.smb_files.mtime + # SMB_Mapping + native_file_system: zeek.smb_mapping.native_file_system + #path: zeek.smb_mapping.path + share_type: zeek.smb_mapping.share_type + #service: zeek.smb_mapping.service + # SMTP + cc: zeek.smtp.cc + #date: zeek.smtp.date + first_received: zeek.smtp.first_received + #from: zeek.smtp.from + helo: zeek.smtp.helo + in_reply_to: zeek.smtp.in_reply_to + is_webmail: zeek.smtp.is_webmail + last_reply: zeek.smtp.last_reply + mailfrom: zeek.smtp.mail_from + msg_id: zeek.smtp.msg_id + #path: zeek.smtp.path + rcptto: zeek.smtp.rcpt_to + #reply_to: zeek.smtp.reply_to + second_received: zeek.smtp.second_received + #subject: zeek.smtp.subject + tls: zeek.smtp.tls + to: zeek.smtp.to + #trans_depth: zeek.smtp.transaction_depth + x_originating_ip: zeek.smtp.x_originating_ip + #user_agent: zeek.smtp.user_agent + # SMTP_Links + #cs-host: url.domain # smtp_links not in Elastic Beats at all + #c-uri: url.original # smtp_links not in Elastic Beats at all + # SNMP + #duration: zeek.snmp.duration + community: zeek.snmp.community + display_string: zeek.snmp.display_string + get_bulk_requests: zeek.snmp.get.bulk_requests + #get_responses: # this is in Elastic Beats, but not an actual zeek field for snmp + get_requests: zeek.snmp.get.requests + set_requests: zeek.snmp.set.requests + up_since: zeek.snmp.up_since + #version: zeek.snmp.version + # Socks + #password: zeek.socks.password + bound_host: zeek.socks.bound_host + bound_name: zeek.socks.bound_name + bound_p: zeek.socks.bound.port + request_host: zeek.socks.request_host + request_name: zeek.socks.request.host + request_p: zeek.socks.request.port + status: zeek.socks.status + #version: zeek.socks.version + # Software + ##host: host.ip # software not in Elastic Beats at all + #host_p: software.host_port # software not in Elastic Beats at all + #version.major: software.version.major # software not in Elastic Beats at all + #version.minor: software.version.minor # software not in Elastic Beats at all + #version.minor2: software.version.minor2 # software not in Elastic Beats at all + #version.minor3: software.version.minor3 # software not in Elastic Beats at all + ##name: software.name # software not in Elastic Beats at all + #unparsed_version: software.unparsed_version # software not in Elastic Beats at all + #software_type: software.software_type # software not in Elastic Beats at all + ##url: url.original # software not in Elastic Beats at all + # SSH + auth_attempts: zeek.ssh.auth.attempts + auth_success: zeek.ssh.auth.success + cipher_alg: zeek.ssh.algorithm.cipher + #client: zeek.ssh.client + compression_alg: zeek.ssh.algorithm.compression + cshka: zeek.ssh.cshka + direction: zeek.ssh.direction + hassh: zeek.ssh.hassh + hasshAlgorithms: zeek.ssh.hasshAlgorithms + hasshServer: zeek.ssh.hasshServer + hasshServerAlgorithms: zeek.ssh.hasshServerAlgorithms + hasshVersion: zeek.ssh.hasshVersion + host_key: zeek.ssh.host_key + host_key_alg: zeek.ssh.algorithm.host_key + kex_alg: zeek.ssh.algorithm.key_exchange + mac_alg: zeek.ssh.algorithm.mac + server: zeek.ssh.server + #version: zeek.ssh.version + # SSL / TLS + #cert_chain # Does not exist in ssl log but Elastic Beats has it + #cipher: tls.cipher # Not implemented in Elastic Beats + #cipher: zeek.ssl.cipher + #client_issuer: tls.client.issuer # Not implemented in Elastic Beats + client_issuer: zeek.ssl.client_issuer + #client_subject: tls.client.subject # Not implemented in Elastic Beats + client_subject: zeek.ssl.client_subject + #curve: tls.curve # Not implemented in Elastic Beats + curve: zeek.ssl.curve + #established: tls.established # Not implemented in Elastic Beats + established: zeek.ssl.established + #issuer: tls.server.issuer # Not implemented in Elastic Beats + issuer: zeek.ssl.issuer + #ja3: tls.client.ja3 # Not implemented in Elastic Beats + ja3: zeek.ssl.ja3 + #ja3s: tls.client.ja3s # Not implemented in Elastic Beats + ja3s: zeek.ssl.ja3s + last_alert: zeek.ssl.last_alert + #next_protocol: tls.next_protocol # Not implemented in Elastic Beats + next_protocol: zeek.ssl.next_protocol + notary: zeek.ssl.notary + ocsp_status: zeek.ssl.oscp_status + #orig_certificate_sha1: tls.client.hash.sha1 # Not implemented in Elastic Beats + orig_certificate_sha1: zeek.ssl.orig_certificate_sha1 + #resp_certificate_sha1: tls.server.hash.sha1 # Not implemented in Elastic Beats + resp_certificate_sha1: zeek.ssl.resp_certificate_sha1 + #resumed: tls.resumed # Not implemented in Elastic Beats + resumed: zeek.ssl.resumed + #server_name: tls.client.server_name # Not implemented in Elastic Beats + server_name: zeek.ssl.server.name + #subject: tls.server.subject # Not implemented in Elastic Beats + #subject: zeek.ssl.subject + valid_ct_logs: zeek.ssl.valid_ct_logs + valid_ct_operators: zeek.ssl.validct_operators + valid_ct_operators_list: zeek.ssl.valid_ct_operators_list + #validation_code # Does not exist in ssl log but Elastic Beats has it + validation_status: zeek.ssl.validation_status + #version: tls.version # Not implemented in Elastic Beats + #version: zeek.ssl.version + version_num: zeek.ssl.version_num + # Syslog + #facility: log.syslog.facility.name # Not implemented in Elastic Beats + facility: zeek.syslog.facility + #severity: log.syslog.severity.name # Not implemented in Elastic Beats + severity: zeek.syslog.severity + #message: syslog.message # Not implemented in Elastic Beats + message: zeek.syslog.msg # why did Elastic beats do this + # Traceroute + #proto: network.transport + #dst: destination.ip + #src: source.ip + # Tunnel + #action: zeek.tunnel.action + tunnel_type: zeek.tunnel.type + # Weird + #addl: zeek.weird.additional_info + #name: zeek.weird.name + notice: zeek.weird.notice + peer: zeek.weird.peer + # X509 + basic_constraints.ca: zeek.x509.certificate.basic_constraints.certificate_authority + basic_constraints.path_len: zeek.x509.certificate.basic_constraints.path_length + certificate.cn: zeek.x509.certificate.common_name + certificate.curve: zeek.x509.certificate.curve + certificate.exponent: zeek.x509.certificate.exponent + certificate.issuer: zeek.x509.certificate.iss # why did Elastic beats do this + certificate.key_alg: zeek.x509.certificate.key.algorithm + certificate.key_length: zeek.x509.certificate.key.length + certificate.key_type: zeek.x509.certificate.key.type + certificate.not_valid_after: zeek.x509.certificate.valid.until + certificate.not_valid_before: zeek.x509.certificate.valid.from + certificate.serial: zeek.x509.certificate.serial + certificate.sig_alg: zeek.x509.certificate.signature_algorithm + certificate.subject: zeek.x509.certificate.sub # why did Elastic beats do this + certificate.version: zeek.x509.certificate.version + logcert: zeek.x509.logcert + san.dns: zeek.x509.san.dns + san.email: zeek.x509.san.email + san.ip: zeek.x509.san.ip + san.uri: zeek.x509.san.url + # Temporary one off rule name's people have written + agent.version: version + c-cookie: http.cookie_vars + c-ip: source.ip + cs-uri: url.original + clientip: source.ip + clientIP: source.io + dest_domain: + - query + - host + - server_name + dest_ip: destination.ip + dest_port: destination.port \ No newline at end of file diff --git a/tools/config/logstash-zeek-default-json.yml b/tools/config/logstash-zeek-default-json.yml new file mode 100644 index 00000000..67c22966 --- /dev/null +++ b/tools/config/logstash-zeek-default-json.yml @@ -0,0 +1,361 @@ +title: Zeek field mappings for default collection of JSON logs with no parsing/normalization done and sending into logstash-*index +order: 20 +backends: + - es-qs + - es-dsl + - elasticsearch-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + zeek: + product: zeek + index: 'logstash*' + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + '@stream': conn + zeek-category-dns: + category: dns + conditions: + '@stream': dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + '@stream': http + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + '@stream': conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + '@stream': conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + '@stream': dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + '@stream': dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + '@stream': dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + '@stream': dpd + zeek-files: + product: zeek + service: files + conditions: + '@stream': files + zeek-ftp: + product: zeek + service: ftp + conditions: + '@stream': ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + '@stream': gquic + zeek-http: + product: zeek + service: http + conditions: + '@stream': http + zeek-http2: + product: zeek + service: http2 + conditions: + '@stream': http2 + zeek-intel: + product: zeek + service: intel + conditions: + '@stream': intel + zeek-irc: + product: zeek + service: irc + conditions: + '@stream': irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + '@stream': kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + '@stream': known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + '@stream': known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + '@stream': known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + '@stream': known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + '@stream': modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + '@stream': modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + '@stream': mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + '@stream': mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + '@stream': mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + '@stream': mysql + zeek-notice: + product: zeek + service: notice + conditions: + '@stream': notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + '@stream': ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + '@stream': ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + '@stream': ocsp + zeek-pe: + product: zeek + service: pe + conditions: + '@stream': pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + '@stream': pop3 + zeek-radius: + product: zeek + service: radius + conditions: + '@stream': radius + zeek-rdp: + product: zeek + service: rdp + conditions: + '@stream': rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + '@stream': rfb + zeek-sip: + product: zeek + service: sip + conditions: + '@stream': sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + '@stream': smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + '@stream': smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + '@stream': smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + '@stream': smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + '@stream': snmp + zeek-socks: + product: zeek + service: socks + conditions: + '@stream': socks + zeek-software: + product: zeek + service: software + conditions: + '@stream': software + zeek-ssh: + product: zeek + service: ssh + conditions: + '@stream': ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + '@stream': ssl + zeek-tls: # In case people call it TLS even though orig log is called ssl + product: zeek + service: tls + conditions: + '@stream': ssl + zeek-syslog: + product: zeek + service: syslog + conditions: + '@stream': syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + '@stream': tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + '@stream': traceroute + zeek-weird: + product: zeek + service: weird + conditions: + '@stream': weird + zeek-x509: + product: zeek + service: x509 + conditions: + '@stream': x509 + zeek-ip_search: + product: zeek + service: network + conditions: + '@stream': + - conn + - conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +defaultindex: 'logstash-*' +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst_ip: id.resp_h + dst_port: id.resp_p + network_protocol: proto + src_ip: id.orig_h + src_port: id.orig_p + # DNS matching Taxonomy & DNS Category + answer: answers + #question_length: # Does not exist in open source version + record_type: qtype_name + #parent_domain: # Does not exist in open source version + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: request_body_len + cs-cookie: cookie + r-dns: host + sc-bytes: response_body_len + sc-status: status_code + c-uri: uri + c-uri-extension: uri + c-uri-query: uri + c-uri-stem: uri + c-useragent: user_agent + cs-host: host + cs-method: method + cs-referrer: referrer + cs-version: version + # Temporary one off rule name's people have written + agent.version: version + c-cookie: cookie + c-ip: id.orig_h + cs-uri: uri + clientip: id.orig_h + clientIP: id.orig_h + dest_domain: + - query + - host + - server_name + dest_ip: id.resp_h + dest_port: id.resp_p \ No newline at end of file diff --git a/tools/config/splunk-zeek.yml b/tools/config/splunk-zeek.yml index 1653f329..dd5d0852 100644 --- a/tools/config/splunk-zeek.yml +++ b/tools/config/splunk-zeek.yml @@ -3,44 +3,338 @@ order: 20 backends: - splunk - splunkxml + - corelight_splunk logsources: + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + sourcetype: 'bro:conn:json' + zeek-category-dns: + category: dns + conditions: + sourcetype: 'bro:dns:json' + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + sourcetype: 'bro:http:json' + rewrite: + product: zeek + service: http zeek-conn: product: zeek service: conn conditions: sourcetype: 'bro:conn:json' + zeek-conn_long: + product: zeek + service: conn_long + conditions: + sourcetype: 'bro:conn_long:json' + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + sourcetype: 'bro:dce_rpc:json' zeek-dns: product: zeek service: dns conditions: sourcetype: 'bro:dns:json' + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + sourcetype: 'bro:dnp3:json' + zeek-dpd: + product: zeek + service: dpd + conditions: + sourcetype: 'bro:dpd:json' zeek-files: product: zeek service: files conditions: sourcetype: 'bro:files:json' - zeek-kerberos: + zeek-ftp: product: zeek - service: kerberos + service: ftp conditions: - sourcetype: 'bro:kerberos:json' + sourcetype: 'bro:ftp:json' + zeek-gquic: + product: zeek + service: gquic + conditions: + sourcetype: 'bro:gquic:json' zeek-http: product: zeek service: http conditions: sourcetype: 'bro:http:json' + zeek-http2: + product: zeek + service: http2 + conditions: + sourcetype: 'bro:http2:json' + zeek-intel: + product: zeek + service: intel + conditions: + sourcetype: 'bro:intel:json' + zeek-irc: + product: zeek + service: irc + conditions: + sourcetype: 'bro:irc:json' + zeek-kerberos: + product: zeek + service: kerberos + conditions: + sourcetype: 'bro:kerberos:json' + zeek-known_certs: + product: zeek + service: known_certs + conditions: + sourcetype: 'bro:known_certs:json' + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + sourcetype: 'bro:known_hosts:json' + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + sourcetype: 'bro:known_modbus:json' + zeek-known_services: + product: zeek + service: known_services + conditions: + sourcetype: 'bro:known_services:json' + zeek-modbus: + product: zeek + service: modbus + conditions: + sourcetype: 'bro:modbus:json' + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + sourcetype: 'bro:modbus_register_change:json' + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + sourcetype: 'bro:mqtt_connect:json' + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + sourcetype: 'bro:mqtt_publish:json' + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + sourcetype: 'bro:mqtt_subscribe:json' + zeek-mysql: + product: zeek + service: mysql + conditions: + sourcetype: 'bro:mysql:json' + zeek-notice: + product: zeek + service: notice + conditions: + sourcetype: 'bro:notice:json' + zeek-ntlm: + product: zeek + service: ntlm + conditions: + sourcetype: 'bro:ntlm:json' + zeek-ntp: + product: zeek + service: ntp + conditions: + sourcetype: 'bro:ntp:json' + zeek-ocsp: + product: zeek + service: ntp + conditions: + sourcetype: 'bro:ocsp:json' + zeek-pe: + product: zeek + service: pe + conditions: + sourcetype: 'bro:pe:json' + zeek-pop3: + product: zeek + service: pop3 + conditions: + sourcetype: 'bro:pop3:json' + zeek-radius: + product: zeek + service: radius + conditions: + sourcetype: 'bro:radius:json' zeek-rdp: product: zeek service: rdp conditions: sourcetype: 'bro:rdp:json' + zeek-rfb: + product: zeek + service: rfb + conditions: + sourcetype: 'bro:rfb:json' + zeek-sip: + product: zeek + service: sip + conditions: + sourcetype: 'bro:sip:json' + zeek-smb_files: + product: zeek + service: smb_files + conditions: + sourcetype: 'bro:smb_files:json' + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + sourcetype: 'bro:smb_mapping:json' + zeek-smtp: + product: zeek + service: smtp + conditions: + sourcetype: 'bro:smtp:json' + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + sourcetype: 'bro:smtp_links:json' + zeek-snmp: + product: zeek + service: snmp + conditions: + sourcetype: 'bro:snmp:json' + zeek-socks: + product: zeek + service: socks + conditions: + sourcetype: 'bro:socks:json' + zeek-software: + product: zeek + service: software + conditions: + sourcetype: 'bro:software:json' + zeek-ssh: + product: zeek + service: ssh + conditions: + sourcetype: 'bro:ssh:json' zeek-ssl: product: zeek service: ssl conditions: sourcetype: 'bro:ssl:json' + zeek-tls: # In case people call it TLS even though log is called ssl + product: zeek + service: tls + conditions: + sourcetype: 'bro:ssl:json' + zeek-syslog: + product: zeek + service: syslog + conditions: + sourcetype: 'bro:syslog:json' + zeek-tunnel: + product: zeek + service: tunnel + conditions: + sourcetype: 'bro:tunnel:json' + zeek-traceroute: + product: zeek + service: traceroute + conditions: + sourcetype: 'bro:traceroute:json' + zeek-weird: + product: zeek + service: weird + conditions: + sourcetype: 'bro:weird:json' zeek-x509: product: zeek service: x509 conditions: sourcetype: 'bro:x509:json' + zeek-ip_search: + product: zeek + service: network + conditions: + sourcetype: + - 'bro:conn:json' + - 'bro:conn_long:json' + - 'bro:dce_rpc:json' + - 'bro:dhcp:json' + - 'bro:dnp3:json' + - 'bro:dns:json' + - 'bro:ftp:json' + - 'bro:gquic:json' + - 'bro:http:json' + - 'bro:irc:json' + - 'bro:kerberos:json' + - 'bro:modbus:json' + - 'bro:mqtt_connect:json' + - 'bro:mqtt_publish:json' + - 'bro:mqtt_subscribe:json' + - 'bro:mysql:json' + - 'bro:ntlm:json' + - 'bro:ntp:json' + - 'bro:radius:json' + - 'bro:rfb:json' + - 'bro:sip:json' + - 'bro:smb_files:json' + - 'bro:smb_mapping:json' + - 'bro:smtp:json' + - 'bro:smtp_links:json' + - 'bro:snmp:json' + - 'bro:socks:json' + - 'bro:ssh:json' + - 'bro:ssl:json' + - 'bro:tunnel:json' + - 'bro:weird:json' +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst_ip: id.resp_h + dst_port: id.resp_p + network_protocol: proto + src_ip: id.orig_h + src_port: id.orig_p + # DNS matching Taxonomy & DNS Category + answer: answers + #question_length: # Does not exist in open source version + record_type: qtype_name + #parent_domain: # Does not exist in open source version + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: request_body_len + cs-cookie: cookie + r-dns: host + sc-bytes: response_body_len + sc-status: status_code + c-uri: uri + c-uri-extension: uri + c-uri-query: uri + c-uri-stem: uri + c-useragent: user_agent + cs-host: host + cs-method: method + cs-referrer: referrer + cs-version: version \ No newline at end of file From c66540c0292dd836dd648a56959ae3f85a5e3ba1 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 2 May 2020 07:25:21 -0400 Subject: [PATCH 252/714] on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) create `zeek` folder to store Zeek rules --- rules/network/{ => zeek}/zeek_susp_kerberos_rc4.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/network/{ => zeek}/zeek_susp_kerberos_rc4.yml (100%) diff --git a/rules/network/zeek_susp_kerberos_rc4.yml b/rules/network/zeek/zeek_susp_kerberos_rc4.yml similarity index 100% rename from rules/network/zeek_susp_kerberos_rc4.yml rename to rules/network/zeek/zeek_susp_kerberos_rc4.yml From d300027848f6a7baa331669c13cfc10cae4b032c Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Sat, 2 May 2020 07:27:51 -0400 Subject: [PATCH 253/714] on behalf of @socprime [SOC Prime Inc.](https://my.socprime.com/en/tdm/) add rules for Zeek. This includes Windows Event Channel Security EventID:5145 that have same fields as Zeek SMB Also, converted some of (MITRE ATT&CK BZAR)[https://github.com/mitre-attack/bzar] which are Zeek (sensor) scripts. --- .../zeek_dce_rpc_mitre_bzar_execution.yml | 51 +++++++++++++++++++ .../zeek_dce_rpc_mitre_bzar_persistence.yml | 37 ++++++++++++++ .../zeek_smb_converted_win_atsvc_task.yml | 25 +++++++++ ..._smb_converted_win_impacket_secretdump.yml | 21 ++++++++ .../zeek_smb_converted_win_lm_namedpipe.yml | 41 +++++++++++++++ .../zeek_smb_converted_win_susp_psexec.yml | 26 ++++++++++ ...verted_win_susp_raccess_sensitive_fext.yml | 35 +++++++++++++ ...ransferring_files_with_credential_data.yml | 29 +++++++++++ 8 files changed, 265 insertions(+) create mode 100644 rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml create mode 100644 rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml create mode 100644 rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml new file mode 100644 index 00000000..a4494f03 --- /dev/null +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml @@ -0,0 +1,51 @@ +title: MITRE BZAR Indicators for ATT&CK Execution +id: b640c0b8-87f8-4daa-aef8-95a24261dd1d +description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Execution techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' +author: '@neu5ron, @SOC_Prime' +date: 2020/03/19 +references: + - https://github.com/mitre-attack/bzar#indicators-for-attck-execution +tags: + - attack.execution + - attack.t1035 + - attack.t1047 + - attack.t1053 +logsource: + product: zeek + service: dce_rpc +detection: + op1: + endpoint: 'JobAdd' + operation: 'atsvc' + op2: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcEnableTask' + op3: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcRegisterTask' + op4: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcRun' + op5: + endpoint: 'IWbemServices' + operation: 'ExecMethod' + op6: + endpoint: 'IWbemServices' + operation: 'ExecMethodAsync' + op7: + endpoint: 'svcctl' + operation: 'CreateServiceA' + op8: + endpoint: 'svcctl' + operation: 'CreateServiceW' + op9: + endpoint: 'svcctl' + operation: 'StartServiceA' + op10: + endpoint: 'svcctl' + operation: 'StartServiceW' + condition: 1 of them +falsepositives: + - 'Windows administrator tasks or troubleshooting' + - 'Windows management scripts or software' +level: medium \ No newline at end of file diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml new file mode 100644 index 00000000..cfeffe91 --- /dev/null +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml @@ -0,0 +1,37 @@ +title: MITRE BZAR Indicators for ATT&CK Persistence +id: 53389db6-ba46-48e3-a94c-e0f2cefe1583 +description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Persistence techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' +author: '@neu5ron, @SOC_Prime' +date: 2020/03/19 +references: + - https://github.com/mitre-attack/bzar#indicators-for-attck-persistence +tags: + - attack.persistence + - attack.t1004 +logsource: + product: zeek + service: dce_rpc +detection: + op1: + endpoint: 'spoolss' + operation: 'RpcAddMonitor' + op2: + endpoint: 'spoolss' + operation: 'RpcAddPrintProcessor' + op3: + endpoint: 'IRemoteWinspool' + operation: 'RpcAsyncAddMonitor' + op4: + endpoint: 'IRemoteWinspool' + operation: 'RpcAsyncAddPrintProcessor' + op5: + endpoint: 'ISecLogon' + operation: 'SeclCreateProcessWithLogonW' + op6: + endpoint: 'ISecLogon' + operation: 'SeclCreateProcessWithLogonExW' + condition: 1 of them +falsepositives: + - 'Windows administrator tasks or troubleshooting' + - 'Windows management scripts or software' +level: medium \ No newline at end of file diff --git a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml new file mode 100644 index 00000000..69ef0801 --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml @@ -0,0 +1,25 @@ +title: Remote Task Creation via ATSVC Named Pipe - Zeek +id: f6de6525-4509-495a-8a82-1f8b0ed73a00 +description: Detects remote task creation via at.exe or API interacting with ATSVC namedpipe +author: 'Samir Bousseaden, @neu5rn' +date: 2020/04/03 +references: + - https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_atsvc_task.yml +tags: + - attack.lateral_movement + - attack.persistence + - attack.t1053 + - car.2013-05-004 + - car.2015-04-001 +logsource: + product: zeek + service: smb_files +detection: + selection: + name: \\*\IPC$ + path: atsvc + #Accesses: '*WriteData*' + condition: selection +falsepositives: + - unknown +level: medium diff --git a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml new file mode 100644 index 00000000..35552f34 --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml @@ -0,0 +1,21 @@ +title: Possible Impacket SecretDump Remote Activity - Zeek +id: 92dae1ed-1c9d-4eff-a567-33acbd95b00e +description: 'Detect AD credential dumping using impacket secretdump HKTL. Based on the SIGMA rules/windows/builtin/win_impacket_secretdump.yml' +author: 'Samir Bousseaden, @neu5ron' +date: 2020/03/19 +references: + - https://blog.menasec.net/2019/02/threat-huting-10-impacketsecretdump.html +tags: + - attack.credential_access + - attack.t1003 +logsource: + product: zeek + service: smb_files +detection: + selection: + name: '\\*ADMIN$' + path: '*SYSTEM32\\*.tmp' + condition: selection +falsepositives: + - 'unknown' +level: high diff --git a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml new file mode 100644 index 00000000..1b0b92b5 --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml @@ -0,0 +1,41 @@ +title: First Time Seen Remote Named Pipe - Zeek +id: 52d8b0c6-53d6-439a-9e41-52ad442ad9ad +description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec + using named pipes +author: 'Samir Bousseaden, @neu5ron' +date: 2020/04/02 +references: + - https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_lm_namedpipe.yml +tags: + - attack.lateral_movement + - attack.t1077 +logsource: + product: zeek + service: smb_files +detection: + selection1: + name: \\*\IPC$ + selection2: + name: \\*\IPC$ + path: + - 'atsvc' + - 'samr' + - 'lsarpc' + - 'winreg' + - 'netlogon' + - 'srvsvc' + - 'protected_storage' + - 'wkssvc' + - 'browser' + - 'netdfs' + - 'svcctl' + - 'spoolss' + - 'ntsvcs' + - 'LSM_API_service' + - 'HydraLsPipe' + - 'TermSrv_API_service' + - 'MsFteWds' + condition: selection1 and not selection2 +falsepositives: + - update the excluded named pipe to filter out any newly observed legit named pipe +level: high diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml new file mode 100644 index 00000000..00311f3c --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml @@ -0,0 +1,26 @@ +title: Suspicious PsExec Execution - Zeek +description: detects execution of psexec or paexec with renamed service name, this rule helps to filter out the noise if psexec is used for legit purposes or if attacker uses a different psexec client other than sysinternal one +author: 'Samir Bousseaden, @neu5ron' +date: 2020/04/02 +references: + - https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_susp_psexec.yml +tags: + - attack.lateral_movement + - attack.t1077 +logsource: + product: zeek + service: smb_files +detection: + selection1: + name: \\*\IPC$ + path: + - '*-stdin' + - '*-stdout' + - '*-stderr' + selection2: + name: \\*\IPC$ + path: 'PSEXESVC*' + condition: selection1 and not selection2 +falsepositives: + - nothing observed so far +level: high diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml new file mode 100644 index 00000000..ed6b32ea --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -0,0 +1,35 @@ +title: Suspicious Access to Sensitive File Extensions - Zeek +description: Detects known sensitive file extensions via Zeek +author: 'Samir Bousseaden, @neu5ron' +date: 2020/04/02 +references: https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_susp_raccess_sensitive_fext.yml +tags: + - attack.collection +logsource: + product: zeek + service: smb_files +detection: + selection: + path: + - '*.pst' + - '*.ost' + - '*.msg' + - '*.nst' + - '*.oab' + - '*.edb' + - '*.nsf' + - '*.bak' + - '*.dmp' + - '*.kirbi' + - '*\groups.xml' + - '*.rdp' + condition: selection +fields: + - ComputerName + - SubjectDomainName + - SubjectUserName + - RelativeTargetName +falsepositives: + - Help Desk operator doing backup or re-imaging end user machine or pentest or backup software + - Users working with these data types or exchanging message files +level: medium diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml new file mode 100644 index 00000000..90371f94 --- /dev/null +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -0,0 +1,29 @@ +title: Transferring Files with Credential Data via Network Shares - Zeek +description: Transferring files with well-known filenames (sensitive files with credential data) using network shares +author: '@neu5ron, Teymur Kheirkhabarov, oscd.community' +date: 2020/04/02 +references: + - https://github.com/neo23x0/sigma/blob/373424f14574facf9e261d5c822345a282b91479/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml +tags: + - attack.credential_access + - attack.t1003 +logsource: + product: zeek + service: smb_files +detection: + selection: + path: + - '\mimidrv' + - '\lsass' + - '\windows\minidump\' + - '\hiberfil' + - '\sqldmpr' + - '\sam' + - '\ntds.dit' + - '\security' + condition: + selection +falsepositives: + - Transferring sensitive files for legitimate administration work by legitimate administrator +level: medium +status: experimental \ No newline at end of file From 46737cbfd3b696623f22c98475b897ee7603b6d0 Mon Sep 17 00:00:00 2001 From: Wietze Date: Sat, 2 May 2020 14:31:02 +0100 Subject: [PATCH 254/714] Improved Microsoft ATP mapping, using Advanced Hunting Schema See https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference --- tools/sigma/backends/mdatp.py | 155 ++++++++++++++++++++++------------ 1 file changed, 100 insertions(+), 55 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index 096ee829..7a2590be 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -18,6 +18,7 @@ import re from .base import SingleTextQueryBackend from .exceptions import NotSupportedError + class WindowsDefenderATPBackend(SingleTextQueryBackend): """Converts Sigma rule into Microsoft Defender ATP Hunting Queries.""" identifier = "mdatp" @@ -46,31 +47,68 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): """Initialize field mappings""" super().__init__(*args, **kwargs) self.fieldMappings = { # mapping between Sigma and ATP field names - # Supported values: - # (field name mapping, value mapping): distinct mappings for field name and value, may be a string (direct mapping) or function maps name/value to ATP target value - # (mapping function,): receives field name and value as parameter, return list of 2 element tuples (destination field name and value) - # (replacement, ): Replaces field occurrence with static string - "AccountName" : (self.id_mapping, self.default_value_mapping), - "CommandLine" : ("ProcessCommandLine", self.default_value_mapping), - "DeviceName" : (self.id_mapping, self.default_value_mapping), - "DestinationHostname" : ("RemoteUrl", self.default_value_mapping), - "DestinationIp" : ("RemoteIP", self.default_value_mapping), - "DestinationIsIpv6" : ("RemoteIP has \":\"", ), - "DestinationPort" : ("RemotePort", self.default_value_mapping), - "Details" : ("RegistryValueData", self.default_value_mapping), - "EventType" : ("ActionType", self.default_value_mapping), - "Image" : ("FolderPath", self.default_value_mapping), - "ImageLoaded" : ("FolderPath", self.default_value_mapping), - "LogonType" : (self.id_mapping, self.logontype_mapping), - "NewProcessName" : ("FolderPath", self.default_value_mapping), - "ObjectValueName" : ("RegistryValueName", self.default_value_mapping), - "ParentImage" : ("InitiatingProcessFolderPath", self.default_value_mapping), - "SourceImage" : ("InitiatingProcessFolderPath", self.default_value_mapping), - "TargetFilename" : ("FolderPath", self.default_value_mapping), - "TargetImage" : ("FolderPath", self.default_value_mapping), - "TargetObject" : ("RegistryKey", self.default_value_mapping), - "User" : (self.decompose_user, ), - } + # Supported values: + # (field name mapping, value mapping): distinct mappings for field name and value, may be a string (direct mapping) or function maps name/value to ATP target value + # (mapping function,): receives field name and value as parameter, return list of 2 element tuples (destination field name and value) + # (replacement, ): Replaces field occurrence with static string + "DeviceProcessEvents": { + "AccountName": (self.id_mapping, self.default_value_mapping), + "CommandLine": ("ProcessCommandLine", self.default_value_mapping), + "Command": ("ProcessCommandLine", self.default_value_mapping), + "DeviceName": (self.id_mapping, self.default_value_mapping), + "EventType": ("ActionType", self.default_value_mapping), + "Image": ("FolderPath", self.default_value_mapping), + "ImageLoaded": ("FolderPath", self.default_value_mapping), + "LogonType": (self.id_mapping, self.logontype_mapping), + "NewProcessName": ("FolderPath", self.default_value_mapping), + "ParentImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "SourceImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "TargetImage": ("FolderPath", self.default_value_mapping), + "TargetObject": ("RegistryKey", self.default_value_mapping), + "User": (self.decompose_user, ), + }, + "DeviceEvents": { + "TargetFilename": ("FolderPath", self.default_value_mapping), + + "Image": ("InitiatingFolderPath", self.default_value_mapping), + "TargetImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "User": (self.decompose_user, ), + }, + "DeviceRegistryEvents": { + "TargetObject": ("RegistryKey", self.default_value_mapping), + "ObjectValueName": ("RegistryValueName", self.default_value_mapping), + "Details": ("RegistryValueData", self.default_value_mapping), + + "Image": ("InitiatingFolderPath", self.default_value_mapping), + "TargetImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "User": (self.decompose_user, ), + }, + "DeviceFileEvents": { + "TargetFilename": ("FolderPath", self.default_value_mapping), + "TargetFileName": ("FolderPath", self.default_value_mapping), + + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), + "User": (self.decompose_user, ), + }, + "DeviceNetworkEvents": { + "Initiated": ("RemotePort", self.default_value_mapping), + "DestinationPort": ("RemotePort", self.default_value_mapping), + "DestinationIp": ("RemoteIP", self.default_value_mapping), + "DestinationIsIpv6": ("RemoteIP has \":\"", ), + "SourcePort": ("LocalPort", self.default_value_mapping), + "SourceIp": ("LocalIP", self.default_value_mapping), + "DestinationHostname": ("RemoteUrl", self.default_value_mapping), + + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), + "User": (self.decompose_user, ), + }, + "DeviceImageLoadEvents": { + "ImageLoaded": ("FolderPath", self.default_value_mapping), + + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), + "User": (self.decompose_user, ), + } + } def id_mapping(self, src): """Identity mapping, source == target field name""" @@ -100,16 +138,16 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): def logontype_mapping(self, src): """Value mapping for logon events to reduced ATP LogonType set""" logontype_mapping = { - 2: "Interactive", - 3: "Network", - 4: "Batch", - 5: "Service", - 7: "Interactive", # unsure - 8: "Network", - 9: "Interactive", # unsure - 10: "Remote interactive (RDP) logons", # really the value? - 11: "Interactive" - } + 2: "Interactive", + 3: "Network", + 4: "Batch", + 5: "Service", + 7: "Interactive", # unsure + 8: "Network", + 9: "Interactive", # unsure + 10: "Remote interactive (RDP) logons", # really the value? + 11: "Interactive" + } try: return logontype_mapping[int(src)] except KeyError: @@ -121,9 +159,9 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): m = reUser.match(src_value) if m: domain, user = m.groups() - return (("InitiatingProcessAccountDomain", domain), ("InititatingProcessAccountName", user)) + return (("InitiatingProcessAccountDomain", self.default_value_mapping(domain)), ("InititatingProcessAccountName", self.default_value_mapping(user))) else: # assume only user name is given if backslash is missing - return (("InititatingProcessAccountName", src_value),) + return [("InititatingProcessAccountName", self.default_value_mapping(src_value))] def generate(self, sigmaparser): self.table = None @@ -157,54 +195,61 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): and creates an appropriate table reference. """ key, value = node - if type(value) == list: # handle map items with values list like multiple OR-chained conditions - return self.generateORNode( - [(key, v) for v in value] - ) + # handle map items with values list like multiple OR-chained conditions + if type(value) == list: + return self.generateORNode([(key, v) for v in value]) elif key == "EventID": # EventIDs are not reflected in condition but in table selection if self.product == "windows": if self.service == "sysmon" and value == 1 \ - or self.service == "security" and value == 4688: # Process Execution + or self.service == "security" and value == 4688: # Process Execution self.table = "DeviceProcessEvents" return None - elif self.service == "sysmon" and value == 3: # Network Connection + elif self.service == "sysmon" and value == 3: # Network Connection self.table = "DeviceNetworkEvents" return None - elif self.service == "sysmon" and value == 7: # Image Load + elif self.service == "sysmon" and value == 7: # Image Load self.table = "DeviceImageLoadEvents" return None - elif self.service == "sysmon" and value == 8: # Create Remote Thread + elif self.service == "sysmon" and value == 8: # Create Remote Thread self.table = "DeviceEvents" return "ActionType == \"CreateRemoteThreadApiCall\"" - elif self.service == "sysmon" and value == 11: # File Creation + elif self.service == "sysmon" and value == 11: # File Creation self.table = "DeviceFileEvents" + return "ActionType == \"FileCreated\"" + elif self.service == "sysmon" and value == 23: # File Deletion + self.table = "DeviceFileEvents" + return "ActionType == \"FileDeleted\"" + elif self.service == "sysmon" and value == 12: # Create/Delete Registry Value + self.table = "DeviceRegistryEvents" return None elif self.service == "sysmon" and value == 13 \ - or self.service == "security" and value == 4657: # Set Registry Value + or self.service == "security" and value == 4657: # Set Registry Value self.table = "DeviceRegistryEvents" return "ActionType == \"RegistryValueSet\"" elif self.service == "security" and value == 4624: self.table = "DeviceLogonEvents" return None + else: + if not self.table: + raise NotSupportedError("No sysmon Event ID provided") + else: + raise NotSupportedError("No mapping for Event ID %s" % value) elif type(value) in (str, int): # default value processing try: - mapping = self.fieldMappings[key] + mapping = self.fieldMappings[self.table][key] except KeyError: - raise NotSupportedError("No mapping defined for field '%s'" % key) + raise NotSupportedError("No mapping defined for field '%s' in '%s'" % (key, self.table)) if len(mapping) == 1: mapping = mapping[0] if type(mapping) == str: return mapping elif callable(mapping): conds = mapping(key, value) - return self.generateSubexpressionNode( - self.generateANDNode( - [cond for cond in mapping(key, value)] - ) - ) + return self.andToken.join(["{} {}".format(*cond) for cond in conds]) elif len(mapping) == 2: result = list() - for mapitem, val in zip(mapping, node): # iterate mapping and mapping source value synchronously over key and value + # iterate mapping and mapping source value synchronously over key and value + for mapitem, val in zip(mapping, node): if type(mapitem) == str: result.append(mapitem) elif callable(mapitem): From 661108903bffab238070f286da235b16df9b5882 Mon Sep 17 00:00:00 2001 From: Wietze Date: Sat, 2 May 2020 14:37:37 +0100 Subject: [PATCH 255/714] Minor consistency fix --- tools/sigma/backends/mdatp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index 7a2590be..11d6f7f1 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -161,7 +161,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): domain, user = m.groups() return (("InitiatingProcessAccountDomain", self.default_value_mapping(domain)), ("InititatingProcessAccountName", self.default_value_mapping(user))) else: # assume only user name is given if backslash is missing - return [("InititatingProcessAccountName", self.default_value_mapping(src_value))] + return (("InititatingProcessAccountName", self.default_value_mapping(src_value))) def generate(self, sigmaparser): self.table = None From 5abf4cbea9c2a48605250687c0f6e1bd6da5c4ef Mon Sep 17 00:00:00 2001 From: Wietze Date: Sat, 2 May 2020 14:46:55 +0100 Subject: [PATCH 256/714] Reordered fields --- tools/sigma/backends/mdatp.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index 11d6f7f1..d8c38a5a 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -64,14 +64,13 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "ParentImage": ("InitiatingProcessFolderPath", self.default_value_mapping), "SourceImage": ("InitiatingProcessFolderPath", self.default_value_mapping), "TargetImage": ("FolderPath", self.default_value_mapping), - "TargetObject": ("RegistryKey", self.default_value_mapping), "User": (self.decompose_user, ), }, "DeviceEvents": { "TargetFilename": ("FolderPath", self.default_value_mapping), + "TargetImage": ("FolderPath", self.default_value_mapping), - "Image": ("InitiatingFolderPath", self.default_value_mapping), - "TargetImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), }, "DeviceRegistryEvents": { @@ -79,8 +78,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "ObjectValueName": ("RegistryValueName", self.default_value_mapping), "Details": ("RegistryValueData", self.default_value_mapping), - "Image": ("InitiatingFolderPath", self.default_value_mapping), - "TargetImage": ("InitiatingProcessFolderPath", self.default_value_mapping), + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), }, "DeviceFileEvents": { From e5574e07f211fcd1fd4b87c10a95b232120830e2 Mon Sep 17 00:00:00 2001 From: Wietze Date: Sat, 2 May 2020 16:21:56 +0100 Subject: [PATCH 257/714] Disabled FileDelete event (Sysmon 11 - no rules available yet) --- tools/sigma/backends/mdatp.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index d8c38a5a..9da3f0ed 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -214,9 +214,9 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): elif self.service == "sysmon" and value == 11: # File Creation self.table = "DeviceFileEvents" return "ActionType == \"FileCreated\"" - elif self.service == "sysmon" and value == 23: # File Deletion - self.table = "DeviceFileEvents" - return "ActionType == \"FileDeleted\"" + # elif self.service == "sysmon" and value == 23: # File Deletion + # self.table = "DeviceFileEvents" + # return "ActionType == \"FileDeleted\"" elif self.service == "sysmon" and value == 12: # Create/Delete Registry Value self.table = "DeviceRegistryEvents" return None From 2b3828730c2c241f8d9fd522d3c2def4a4eb82ad Mon Sep 17 00:00:00 2001 From: Wietze Date: Sat, 2 May 2020 17:31:50 +0100 Subject: [PATCH 258/714] Reversed disabling FileDelete --- tools/sigma/backends/mdatp.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index 9da3f0ed..d8c38a5a 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -214,9 +214,9 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): elif self.service == "sysmon" and value == 11: # File Creation self.table = "DeviceFileEvents" return "ActionType == \"FileCreated\"" - # elif self.service == "sysmon" and value == 23: # File Deletion - # self.table = "DeviceFileEvents" - # return "ActionType == \"FileDeleted\"" + elif self.service == "sysmon" and value == 23: # File Deletion + self.table = "DeviceFileEvents" + return "ActionType == \"FileDeleted\"" elif self.service == "sysmon" and value == 12: # Create/Delete Registry Value self.table = "DeviceRegistryEvents" return None From b3194e66c4f1def35c11f407d6c7e47867eb8053 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Mon, 4 May 2020 16:37:36 +0100 Subject: [PATCH 259/714] Update base.py --- tools/sigma/backends/base.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 3e27c124..dfc0d028 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -132,19 +132,35 @@ class BaseBackend: result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: result += self.generateAggregation(parsed.parsedAgg) + # if 'overrides' in self.sigmaconfig.config: + # for expression in self.sigmaconfig.config['overrides']: + # if 'regexes' in expression: + # for x in expression['regexes']: + # sub = expression['field'] + # value = expression['value'] + # result = re.sub(x, self.mapExpression % (sub, value), result) + # if 'literals' in expression: + # for x in expression['literals']: + # sub = expression['field'] + # value = expression['value'] + # result = result.replace(x, self.mapExpression % (sub, value)) + result = self.applyOverrides(result) + return result + + def applyOverrides(self, query): if 'overrides' in self.sigmaconfig.config: for expression in self.sigmaconfig.config['overrides']: if 'regexes' in expression: for x in expression['regexes']: sub = expression['field'] value = expression['value'] - result = re.sub(x, self.mapExpression % (sub, value), result) + query = re.sub(x, self.mapExpression % (sub, value), query) if 'literals' in expression: for x in expression['literals']: sub = expression['field'] value = expression['value'] - result = result.replace(x, self.mapExpression % (sub, value)) - return result + query = query.replace(x, self.mapExpression % (sub, value)) + return query def generateNode(self, node): if type(node) == sigma.parser.condition.ConditionAND: From dd9e128a15d5f9ad08ea744cde0f18b49a4a1204 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Mon, 4 May 2020 17:35:12 +0100 Subject: [PATCH 260/714] kibana target update kibana target now compatible with overrides --- tools/sigma/backends/base.py | 12 ------------ tools/sigma/backends/elasticsearch.py | 2 +- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index dfc0d028..b4003f5a 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -132,18 +132,6 @@ class BaseBackend: result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: result += self.generateAggregation(parsed.parsedAgg) - # if 'overrides' in self.sigmaconfig.config: - # for expression in self.sigmaconfig.config['overrides']: - # if 'regexes' in expression: - # for x in expression['regexes']: - # sub = expression['field'] - # value = expression['value'] - # result = re.sub(x, self.mapExpression % (sub, value), result) - # if 'literals' in expression: - # for x in expression['literals']: - # sub = expression['field'] - # value = expression['value'] - # result = result.replace(x, self.mapExpression % (sub, value)) result = self.applyOverrides(result) return result diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 397ff943..080bd5ad 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -566,7 +566,7 @@ class KibanaBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin): }, "query": { "query_string": { - "query": result, + "query": self.applyOverrides(result), "analyze_wildcard": True } } From aa175a7d5bbfd8b9e6526cfa36256dac5514bff4 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Mon, 4 May 2020 18:02:27 +0100 Subject: [PATCH 261/714] wip wip --- tools/sigma/backends/base.py | 49 ++++++++++++++------------- tools/sigma/backends/elasticsearch.py | 2 +- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index b4003f5a..d4c7ad55 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -132,45 +132,48 @@ class BaseBackend: result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: result += self.generateAggregation(parsed.parsedAgg) - result = self.applyOverrides(result) + #result = self.applyOverrides(result) return result def applyOverrides(self, query): - if 'overrides' in self.sigmaconfig.config: - for expression in self.sigmaconfig.config['overrides']: - if 'regexes' in expression: - for x in expression['regexes']: - sub = expression['field'] - value = expression['value'] - query = re.sub(x, self.mapExpression % (sub, value), query) - if 'literals' in expression: - for x in expression['literals']: - sub = expression['field'] - value = expression['value'] - query = query.replace(x, self.mapExpression % (sub, value)) + try: + if 'overrides' in self.sigmaconfig.config and isinstance(query, str): + for expression in self.sigmaconfig.config['overrides']: + if 'regexes' in expression: + for x in expression['regexes']: + sub = expression['field'] + value = expression['value'] + query = re.sub(x, self.mapExpression % (sub, value), query) + if 'literals' in expression: + for x in expression['literals']: + sub = expression['field'] + value = expression['value'] + query = query.replace(x, self.mapExpression % (sub, value)) + except Exception: + pass return query def generateNode(self, node): if type(node) == sigma.parser.condition.ConditionAND: - return self.generateANDNode(node) + return self.applyOverrides(self.generateANDNode(node)) elif type(node) == sigma.parser.condition.ConditionOR: - return self.generateORNode(node) + return self.applyOverrides(self.generateORNode(node)) elif type(node) == sigma.parser.condition.ConditionNOT: - return self.generateNOTNode(node) + return self.applyOverrides(self.generateNOTNode(node)) elif type(node) == sigma.parser.condition.ConditionNULLValue: - return self.generateNULLValueNode(node) + return self.applyOverrides(self.generateNULLValueNode(node)) elif type(node) == sigma.parser.condition.ConditionNotNULLValue: - return self.generateNotNULLValueNode(node) + return self.applyOverrides(self.generateNotNULLValueNode(node)) elif type(node) == sigma.parser.condition.NodeSubexpression: - return self.generateSubexpressionNode(node) + return self.applyOverrides(self.generateSubexpressionNode(node)) elif type(node) == tuple: - return self.generateMapItemNode(node) + return self.applyOverrides(self.generateMapItemNode(node)) elif type(node) in (str, int): - return self.generateValueNode(node) + return self.applyOverrides(self.generateValueNode(node)) elif type(node) == list: - return self.generateListNode(node) + return self.applyOverrides(self.generateListNode(node)) elif isinstance(node, SigmaTypeModifier): - return self.generateTypedValueNode(node) + return self.applyOverrides(self.generateTypedValueNode(node)) else: raise TypeError("Node type %s was not expected in Sigma parse tree" % (str(type(node)))) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 080bd5ad..397ff943 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -566,7 +566,7 @@ class KibanaBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin): }, "query": { "query_string": { - "query": self.applyOverrides(result), + "query": result, "analyze_wildcard": True } } From 98f163e75235fe301d1b9cafeddf01a9e36e4dfc Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Mon, 4 May 2020 15:10:48 -0400 Subject: [PATCH 262/714] fixed yaml space causing condition to not be found --- .../zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index ed6b32ea..c1dbd912 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -23,7 +23,7 @@ detection: - '*.kirbi' - '*\groups.xml' - '*.rdp' - condition: selection + condition: selection fields: - ComputerName - SubjectDomainName From a61b1da47a9dab87800295be1d8aa695206ebdcd Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Mon, 4 May 2020 15:10:48 -0400 Subject: [PATCH 263/714] fixed yaml space causing condition to not be found --- .../zeek_smb_converted_win_susp_raccess_sensitive_fext.yml | 2 +- ...b_converted_win_transferring_files_with_credential_data.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index ed6b32ea..c1dbd912 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -23,7 +23,7 @@ detection: - '*.kirbi' - '*\groups.xml' - '*.rdp' - condition: selection + condition: selection fields: - ComputerName - SubjectDomainName diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml index 90371f94..326afad4 100644 --- a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -21,8 +21,7 @@ detection: - '\sam' - '\ntds.dit' - '\security' - condition: - selection + condition: selection falsepositives: - Transferring sensitive files for legitimate administration work by legitimate administrator level: medium From a01a85cf9b78dea2ef7c536c6497eda5537e0580 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Mon, 4 May 2020 15:22:18 -0400 Subject: [PATCH 264/714] CI/CD check fixes (missing ID's) --- rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml | 1 + .../zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml | 1 + ...smb_converted_win_transferring_files_with_credential_data.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml index 00311f3c..2086a287 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml @@ -1,4 +1,5 @@ title: Suspicious PsExec Execution - Zeek +id: f1b3a22a-45e6-4004-afb5-4291f9c21166 description: detects execution of psexec or paexec with renamed service name, this rule helps to filter out the noise if psexec is used for legit purposes or if attacker uses a different psexec client other than sysinternal one author: 'Samir Bousseaden, @neu5ron' date: 2020/04/02 diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index c1dbd912..95045f9d 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -1,4 +1,5 @@ title: Suspicious Access to Sensitive File Extensions - Zeek +id: 286b47ed-f6fe-40b3-b3a8-35129acd43bc description: Detects known sensitive file extensions via Zeek author: 'Samir Bousseaden, @neu5ron' date: 2020/04/02 diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml index 326afad4..7724e097 100644 --- a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -1,4 +1,5 @@ title: Transferring Files with Credential Data via Network Shares - Zeek +id: 2e69f167-47b5-4ae7-a390-47764529eff5 description: Transferring files with well-known filenames (sensitive files with credential data) using network shares author: '@neu5ron, Teymur Kheirkhabarov, oscd.community' date: 2020/04/02 From 31ad81874fee378ea3f951d81d088aac9fb1e737 Mon Sep 17 00:00:00 2001 From: pdr9rc Date: Tue, 5 May 2020 11:32:18 +0100 Subject: [PATCH 265/714] capitalized titles corrected capitalization of titles and removed literals from config --- rules/cloud/aws_ec2_vm_export_failure.yml | 2 +- tools/config/ecs-cloudtrail.yml | 11 +---------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/rules/cloud/aws_ec2_vm_export_failure.yml b/rules/cloud/aws_ec2_vm_export_failure.yml index 8f7fec19..a6db628c 100644 --- a/rules/cloud/aws_ec2_vm_export_failure.yml +++ b/rules/cloud/aws_ec2_vm_export_failure.yml @@ -1,4 +1,4 @@ -title: AWS EC2 VM Export failure +title: AWS EC2 VM Export Failure id: 54b9a76a-3c71-4673-b4b3-2edb4566ea7b status: experimental description: An attempt to export an AWS EC2 instance has been detected. A VM Export might indicate an attempt to extract information from an instance. diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml index 37414528..fe9419bd 100644 --- a/tools/config/ecs-cloudtrail.yml +++ b/tools/config/ecs-cloudtrail.yml @@ -1,4 +1,4 @@ -title: Elastic Common Schema and Elastic Exported Fields mapping for AWS CloudTrail logs +title: Elastic Common Schema And Elastic Exported Fields Mapping For AWS CloudTrail Logs order: 20 backends: - es-qs @@ -54,15 +54,6 @@ overrides: - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)\)) - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)\)) - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)\)) - literals: - - ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*)) - - ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*)) - - ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin")) - - ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin")) - - ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*)) - - ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*)) - - ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*)) - - ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*)) - field: event.outcome value: success literals: From 0f4cc9d36550aecef2fb9f3f20ae35cf570251cd Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:40:52 +0200 Subject: [PATCH 266/714] Create win_possible_dc_shadow.yml --- .../windows/builtin/win_possible_dc_shadow.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 rules/windows/builtin/win_possible_dc_shadow.yml diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml new file mode 100644 index 00000000..784707dd --- /dev/null +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -0,0 +1,18 @@ +title: Potential DCShadow +description: Monitors SPN modifications to detect DCShadow behavior. +author: Chakib Gzenayi, Hosni Mribah +tags: + - attack.defense_evasion + - attack.t1207 +logsource: + product: windows + service: system +detection: + selection: + EventID: 5136 + LDAP_Display_Name: servicePrincipalName + Value: 'GC/*' + condition: selection +falsepositives: + - Exclude known DCs +level: high From e3f21805f3f617e58ae312083712010ef4de93c6 Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:43:56 +0200 Subject: [PATCH 267/714] Update win_possible_dc_shadow.yml --- rules/windows/builtin/win_possible_dc_shadow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml index 784707dd..cbbe8e53 100644 --- a/rules/windows/builtin/win_possible_dc_shadow.yml +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -1,6 +1,6 @@ title: Potential DCShadow description: Monitors SPN modifications to detect DCShadow behavior. -author: Chakib Gzenayi, Hosni Mribah +author: Chakib Gzenayi (@Chak92), Hosni Mribah tags: - attack.defense_evasion - attack.t1207 From db810b342f7ac7d3c4f36caecb7d51702bea60e2 Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:48:39 +0200 Subject: [PATCH 268/714] Delete win_possible_dc_shadow.yml --- .../windows/builtin/win_possible_dc_shadow.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 rules/windows/builtin/win_possible_dc_shadow.yml diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml deleted file mode 100644 index cbbe8e53..00000000 --- a/rules/windows/builtin/win_possible_dc_shadow.yml +++ /dev/null @@ -1,18 +0,0 @@ -title: Potential DCShadow -description: Monitors SPN modifications to detect DCShadow behavior. -author: Chakib Gzenayi (@Chak92), Hosni Mribah -tags: - - attack.defense_evasion - - attack.t1207 -logsource: - product: windows - service: system -detection: - selection: - EventID: 5136 - LDAP_Display_Name: servicePrincipalName - Value: 'GC/*' - condition: selection -falsepositives: - - Exclude known DCs -level: high From f27aa4bfeef0d311803531289227a77ef72e199d Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:50:13 +0200 Subject: [PATCH 269/714] Update win_possible_dc_sync.yml --- rules/windows/builtin/win_possible_dc_sync.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/rules/windows/builtin/win_possible_dc_sync.yml b/rules/windows/builtin/win_possible_dc_sync.yml index e736e09d..011ed917 100644 --- a/rules/windows/builtin/win_possible_dc_sync.yml +++ b/rules/windows/builtin/win_possible_dc_sync.yml @@ -2,7 +2,7 @@ title: Possible DC Sync id: 32e19d25-4aed-4860-a55a-be99cb0bf7ed description: Detects DC sync via create new SPN status: experimental -author: Ilyas Ochkov, oscd.community +author: Ilyas Ochkov, oscd.community, Chakib Gzenayi (@Chak092), Hosni Mribah date: 2019/10/25 references: - https://github.com/Neo23x0/sigma/blob/ec5bb710499caae6667c7f7311ca9e92c03b9039/rules/windows/builtin/win_dcsync.yml @@ -11,15 +11,19 @@ references: - https://jsecurity101.com/2019/Syncing-into-the-Shadows/ tags: - attack.credential_access - - attack.t1003 + - attack.t1207 logsource: product: windows service: security detection: - selection: + selection1: EventID: 4742 ServicePrincipalNames: '*GC/*' - condition: selection + selection2: + EventID: 5136 + LDAP_Display_Name: servicePrincipalName + Value: 'GC/*' + condition: selection1 OR selection2 falsepositives: - - Unkown + - Exclude known DCs level: high From 3302c63e0c04cbdbe80ab99ec482f48a094d3ff0 Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:51:35 +0200 Subject: [PATCH 270/714] Update and rename win_possible_dc_sync.yml to win_possible_dc_shadow.yml --- .../{win_possible_dc_sync.yml => win_possible_dc_shadow.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename rules/windows/builtin/{win_possible_dc_sync.yml => win_possible_dc_shadow.yml} (97%) diff --git a/rules/windows/builtin/win_possible_dc_sync.yml b/rules/windows/builtin/win_possible_dc_shadow.yml similarity index 97% rename from rules/windows/builtin/win_possible_dc_sync.yml rename to rules/windows/builtin/win_possible_dc_shadow.yml index 011ed917..557c86f5 100644 --- a/rules/windows/builtin/win_possible_dc_sync.yml +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -1,4 +1,4 @@ -title: Possible DC Sync +title: Possible DC Shadow id: 32e19d25-4aed-4860-a55a-be99cb0bf7ed description: Detects DC sync via create new SPN status: experimental From 55d018255c39ab4143388308cd467d3f92a7c508 Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 16:52:08 +0200 Subject: [PATCH 271/714] Update win_possible_dc_shadow.yml --- rules/windows/builtin/win_possible_dc_shadow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml index 557c86f5..f5253914 100644 --- a/rules/windows/builtin/win_possible_dc_shadow.yml +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -21,7 +21,7 @@ detection: ServicePrincipalNames: '*GC/*' selection2: EventID: 5136 - LDAP_Display_Name: servicePrincipalName + LDAPDisplayName: servicePrincipalName Value: 'GC/*' condition: selection1 OR selection2 falsepositives: From 0e1fa5c1351f46d9b267735b80bed0d22fd8c71e Mon Sep 17 00:00:00 2001 From: Rettila Date: Tue, 5 May 2020 18:14:32 +0200 Subject: [PATCH 272/714] Update win_possible_dc_shadow.yml --- rules/windows/builtin/win_possible_dc_shadow.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml index f5253914..64d2a515 100644 --- a/rules/windows/builtin/win_possible_dc_shadow.yml +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -8,7 +8,6 @@ references: - https://github.com/Neo23x0/sigma/blob/ec5bb710499caae6667c7f7311ca9e92c03b9039/rules/windows/builtin/win_dcsync.yml - https://twitter.com/gentilkiwi/status/1003236624925413376 - https://gist.github.com/gentilkiwi/dcc132457408cf11ad2061340dcb53c2 - - https://jsecurity101.com/2019/Syncing-into-the-Shadows/ tags: - attack.credential_access - attack.t1207 From 473c31232ea9568fd28fff6ad553072cb44d6801 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 5 May 2020 19:25:33 +0200 Subject: [PATCH 273/714] add additional reference --- rules/windows/builtin/win_possible_dc_shadow.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_possible_dc_shadow.yml b/rules/windows/builtin/win_possible_dc_shadow.yml index 64d2a515..f1d63af7 100644 --- a/rules/windows/builtin/win_possible_dc_shadow.yml +++ b/rules/windows/builtin/win_possible_dc_shadow.yml @@ -8,6 +8,7 @@ references: - https://github.com/Neo23x0/sigma/blob/ec5bb710499caae6667c7f7311ca9e92c03b9039/rules/windows/builtin/win_dcsync.yml - https://twitter.com/gentilkiwi/status/1003236624925413376 - https://gist.github.com/gentilkiwi/dcc132457408cf11ad2061340dcb53c2 + - https://blog.alsid.eu/dcshadow-explained-4510f52fc19d tags: - attack.credential_access - attack.t1207 From 7371ce234bdbfb33eae433b92ae4796470bbff0d Mon Sep 17 00:00:00 2001 From: Rettila Date: Wed, 6 May 2020 16:42:27 +0200 Subject: [PATCH 274/714] Create win_metasploit_authentication.yml --- .../builtin/win_metasploit_authentication.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/windows/builtin/win_metasploit_authentication.yml diff --git a/rules/windows/builtin/win_metasploit_authentication.yml b/rules/windows/builtin/win_metasploit_authentication.yml new file mode 100644 index 00000000..d4981282 --- /dev/null +++ b/rules/windows/builtin/win_metasploit_authentication.yml @@ -0,0 +1,27 @@ +title: metasploit authentication +description: Alerts on Metasploit host's authentications on the domain. +author: Chakib Gzenayi (@Chak092), Hosni Mribah +references: https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/smb/client.rb +tags: + - attack.credential_access + - attack.t1110 +logsource: + product: windows + service: security +detection: + selection1: + EventID: + - 4625 + - 4624 + LogonType: 3 + AuthenticationPackage: 'NTLM' + WorkstationName: '^[A-Za-z0-9]{16}$' + selection2: + ProcessName: + EventID: + - 4776 + SourceWorkstation: '^[A-Za-z0-9]{16}$' + condition: selection1 OR selection2 +falsepositives: + - Linux hostnames composed of 16 characters. +level: high From 2beb65076ce170616d67441acc4ee5e24f142a07 Mon Sep 17 00:00:00 2001 From: Rettila Date: Wed, 6 May 2020 16:44:19 +0200 Subject: [PATCH 275/714] Update win_metasploit_authentication.yml --- rules/windows/builtin/win_metasploit_authentication.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_metasploit_authentication.yml b/rules/windows/builtin/win_metasploit_authentication.yml index d4981282..06b384c8 100644 --- a/rules/windows/builtin/win_metasploit_authentication.yml +++ b/rules/windows/builtin/win_metasploit_authentication.yml @@ -18,8 +18,7 @@ detection: WorkstationName: '^[A-Za-z0-9]{16}$' selection2: ProcessName: - EventID: - - 4776 + EventID: 4776 SourceWorkstation: '^[A-Za-z0-9]{16}$' condition: selection1 OR selection2 falsepositives: From 6aed82a0398ff4c20fb9b9687777c358365b1275 Mon Sep 17 00:00:00 2001 From: Rettila Date: Wed, 6 May 2020 17:04:47 +0200 Subject: [PATCH 276/714] Update win_metasploit_authentication.yml --- rules/windows/builtin/win_metasploit_authentication.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_metasploit_authentication.yml b/rules/windows/builtin/win_metasploit_authentication.yml index 06b384c8..6da05f43 100644 --- a/rules/windows/builtin/win_metasploit_authentication.yml +++ b/rules/windows/builtin/win_metasploit_authentication.yml @@ -1,6 +1,8 @@ -title: metasploit authentication +title: Metasploit SMB Authentication description: Alerts on Metasploit host's authentications on the domain. +id: 72124974-a68b-4366-b990-d30e0b2a190d author: Chakib Gzenayi (@Chak092), Hosni Mribah +date: 2020/05/06 references: https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/smb/client.rb tags: - attack.credential_access From 24029a8f275e3665c3b3fc35849d03c4d2058dbe Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Wed, 6 May 2020 17:10:54 +0200 Subject: [PATCH 277/714] Fix for broken endswith modifier --- tools/sigma/parser/modifiers/transform.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/sigma/parser/modifiers/transform.py b/tools/sigma/parser/modifiers/transform.py index 6ffaacb3..8af35417 100644 --- a/tools/sigma/parser/modifiers/transform.py +++ b/tools/sigma/parser/modifiers/transform.py @@ -41,7 +41,10 @@ class SigmaStartswithModifier(ListOrStringModifierMixin, SigmaTransformModifier) def apply_str(self, val : str): if not val.endswith("*"): - val += "*" + if val.endswith("\\"): + val += "\\*" + else: + val += "*" return val class SigmaEndswithModifier(ListOrStringModifierMixin, SigmaTransformModifier): @@ -51,10 +54,7 @@ class SigmaEndswithModifier(ListOrStringModifierMixin, SigmaTransformModifier): def apply_str(self, val : str): if not val.startswith("*"): - if val.endswith("\\"): - val += "\\*" - else: - val += "*" + val = '*' + val return val class SigmaAllValuesModifier(SigmaTransformModifier): From 123a23adae9f896a13e43c6f5bcddeaaa8728129 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Wed, 6 May 2020 22:24:02 +0200 Subject: [PATCH 278/714] win_susp_failed_logon_source rule --- .../builtin/win_susp_failed_logon_source.yml | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 rules/windows/builtin/win_susp_failed_logon_source.yml diff --git a/rules/windows/builtin/win_susp_failed_logon_source.yml b/rules/windows/builtin/win_susp_failed_logon_source.yml new file mode 100644 index 00000000..f522ea5e --- /dev/null +++ b/rules/windows/builtin/win_susp_failed_logon_source.yml @@ -0,0 +1,51 @@ +title: Failed Logon From Public IP +id: f88e112a-21aa-44bd-9b01-6ee2a2bbbed1 +description: A login from a public IP can indicate a misconfigured firewall or network boundary. +author: NVISO +date: 2020/05/06 +tags: + - attack.initial_access + - attack.persistence + - attack.t1078 + - attack.t1190 + - attack.t1133 +logsource: + product: windows + service: security +detection: + selection: + EventID: 4625 + unknown: + IpAddress|contains: '-' + privatev4: + IpAddress|startswith: + - '10.' #10.0.0.0/8 + - '192.168.' #192.168.0.0/16 + - '172.16.' #172.16.0.0/12 + - '172.17.' + - '172.18.' + - '172.19.' + - '172.20.' + - '172.21.' + - '172.22.' + - '172.23.' + - '172.24.' + - '172.25.' + - '172.26.' + - '172.27.' + - '172.28.' + - '172.29.' + - '172.30.' + - '172.31.' + - '127.' #127.0.0.0/8 + - '169.254.' #169.254.0.0/16 + privatev6: + - IpAddress: '::1' #loopback + - IpAddress|startswith: + - 'fe80::' #link-local + - 'fc00::' #unique local + condition: selection and not (unknown or privatev4 or privatev6) +falsepositives: + - Legitimate logon attempts over the internet + - IPv4-to-IPv6 mapped IPs +level: medium From 40539a0c0ef62ecb4381d1e0288af73ed242e41e Mon Sep 17 00:00:00 2001 From: Remco Verhoef Date: Wed, 6 May 2020 22:46:18 +0200 Subject: [PATCH 279/714] fix incorrect use of action global --- rules/windows/powershell/powershell_downgrade_attack.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index 4cc3c2b7..8071fcb4 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -1,4 +1,3 @@ -action: global title: PowerShell Downgrade Attack id: 6331d09b-4785-4c13-980f-f96661356249 status: experimental From 2d38cb7b52133b81ade48f21ace1085478adfc2d Mon Sep 17 00:00:00 2001 From: Remco Verhoef Date: Wed, 6 May 2020 23:00:45 +0200 Subject: [PATCH 280/714] fix incorrect use of global --- .../windows/process_creation/win_powershell_downgrade_attack.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index 61acfd96..d9781724 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -1,4 +1,3 @@ -action: global title: PowerShell Downgrade Attack id: b3512211-c67e-4707-bedc-66efc7848863 related: From 07a50edf89bee9a4865733afbadc931e70d3fac1 Mon Sep 17 00:00:00 2001 From: Rettila Date: Thu, 7 May 2020 14:42:00 +0200 Subject: [PATCH 281/714] Update win_metasploit_authentication.yml --- rules/windows/builtin/win_metasploit_authentication.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/builtin/win_metasploit_authentication.yml b/rules/windows/builtin/win_metasploit_authentication.yml index 6da05f43..365937a4 100644 --- a/rules/windows/builtin/win_metasploit_authentication.yml +++ b/rules/windows/builtin/win_metasploit_authentication.yml @@ -17,11 +17,11 @@ detection: - 4624 LogonType: 3 AuthenticationPackage: 'NTLM' - WorkstationName: '^[A-Za-z0-9]{16}$' + WorkstationName|re: '^[A-Za-z0-9]{16}$' selection2: ProcessName: EventID: 4776 - SourceWorkstation: '^[A-Za-z0-9]{16}$' + SourceWorkstation|re: '^[A-Za-z0-9]{16}$' condition: selection1 OR selection2 falsepositives: - Linux hostnames composed of 16 characters. From c5be83eb01b66b36c3aceaadfc1920cc468ae089 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Fri, 8 May 2020 10:04:59 +0200 Subject: [PATCH 282/714] Added ee-outliers backend --- tools/config/ecs-proxy.yml | 1 + tools/config/ecs-zeek-corelight.yml | 1 + .../ecs-zeek-elastic-beats-implementation.yml | 1 + tools/config/filebeat-defaultindex.yml | 1 + tools/config/logstash-defaultindex.yml | 1 + tools/config/logstash-linux.yml | 1 + tools/config/logstash-windows.yml | 1 + tools/config/winlogbeat-modules-enabled.yml | 1 + tools/config/winlogbeat-old.yml | 1 + tools/config/winlogbeat.yml | 1 + tools/sigma/backends/ee-outliers.py | 69 +++++++++++++++++++ 11 files changed, 79 insertions(+) create mode 100644 tools/sigma/backends/ee-outliers.py diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml index 6663a268..38fa49e5 100644 --- a/tools/config/ecs-proxy.yml +++ b/tools/config/ecs-proxy.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: proxy: category: proxy diff --git a/tools/config/ecs-zeek-corelight.yml b/tools/config/ecs-zeek-corelight.yml index 4d155ff6..f43b354a 100644 --- a/tools/config/ecs-zeek-corelight.yml +++ b/tools/config/ecs-zeek-corelight.yml @@ -13,6 +13,7 @@ backends: - corelight_xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: zeek: product: zeek diff --git a/tools/config/ecs-zeek-elastic-beats-implementation.yml b/tools/config/ecs-zeek-elastic-beats-implementation.yml index 12651438..e7121f98 100644 --- a/tools/config/ecs-zeek-elastic-beats-implementation.yml +++ b/tools/config/ecs-zeek-elastic-beats-implementation.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: zeek: product: zeek diff --git a/tools/config/filebeat-defaultindex.yml b/tools/config/filebeat-defaultindex.yml index 75f5451c..940e34f9 100644 --- a/tools/config/filebeat-defaultindex.yml +++ b/tools/config/filebeat-defaultindex.yml @@ -8,5 +8,6 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers defaultindex: - filebeat-* diff --git a/tools/config/logstash-defaultindex.yml b/tools/config/logstash-defaultindex.yml index b9287b51..eb566f04 100644 --- a/tools/config/logstash-defaultindex.yml +++ b/tools/config/logstash-defaultindex.yml @@ -8,5 +8,6 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers defaultindex: - logstash-* diff --git a/tools/config/logstash-linux.yml b/tools/config/logstash-linux.yml index 645739d6..e15e2050 100644 --- a/tools/config/logstash-linux.yml +++ b/tools/config/logstash-linux.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: apache: category: webserver diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml index 20d39104..96b125f8 100644 --- a/tools/config/logstash-windows.yml +++ b/tools/config/logstash-windows.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: windows: product: windows diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index d40b8ebd..d063ff73 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -9,6 +9,7 @@ backends: - elastalert - elastalert-dsl - elasticsearch-rule + - ee-outliers logsources: windows: product: windows diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index 2cb46605..d73221f5 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: windows: product: windows diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 782fd8f8..d6e0cacb 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -8,6 +8,7 @@ backends: - xpack-watcher - elastalert - elastalert-dsl + - ee-outliers logsources: windows: product: windows diff --git a/tools/sigma/backends/ee-outliers.py b/tools/sigma/backends/ee-outliers.py new file mode 100644 index 00000000..39920b85 --- /dev/null +++ b/tools/sigma/backends/ee-outliers.py @@ -0,0 +1,69 @@ +# ee-outliers backend for sigmac +# NVISO (@NVISOsecurity) + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +from .elasticsearch import ElasticsearchDSLBackend +import json +import logging +import configparser +from io import StringIO +from slugify import slugify + + +class OutliersBackend(ElasticsearchDSLBackend): + """ee-outliers backend""" + identifier = 'ee-outliers' + active = True + + def generate(self, sigmaparser): + super().generate(sigmaparser) + + self.tags = sigmaparser.parsedyaml.setdefault("tags", "") + + if len(self.queries) == 1: + dsl = json.dumps(self.queries[0]) + else: + dsl = json.dumps(self.queries) + + self.queries = [] + + use_case_name = slugify(self.title) + + index = '' + if self.indices is not None and len(self.indices) == 1: + index = self.indices[0] + + types = ["Sigma hit"] + types.extend(self.tags) + + config_data = { + "es_dsl_filter": dsl, + "es_index": index, + "outlier_type": ", ".join(types), + "outlier_reason": "Sigma hit - " + self.title, + "outlier_summary": "Sigma hit - " + self.title, + "run_model": 1, + "test_model": 0 + } + + config = configparser.ConfigParser(interpolation=None) + config["simplequery_" + use_case_name] = config_data + + output = StringIO() + config.write(output) + result = output.getvalue() + output.close() + + return result From 2d3ee85c4688572108399c224ae24911b4b6822a Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Fri, 8 May 2020 10:40:41 +0200 Subject: [PATCH 283/714] README updates --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 646564eb..005f5192 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ merges multiple YAML documents of a Sigma rule collection into simple Sigma rule ``` usage: sigmac [-h] [--recurse] [--filter FILTER] - [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp}] + [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp,ee-outliers}] [--target-list] [--config CONFIG] [--output OUTPUT] [--backend-option BACKEND_OPTION] [--defer-abort] [--ignore-backend-errors] [--verbose] [--debug] @@ -201,6 +201,7 @@ tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/window * [PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/getting-started/getting-started-with-windows-powershell?view=powershell-6) * [Grep](https://www.gnu.org/software/grep/manual/grep.html) with Perl-compatible regular expression support * [LimaCharlie](https://limacharlie.io) +* [ee-outliers](https://github.com/NVISO-BE/ee-outliers) Current work-in-progress * [Splunk Data Models](https://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Aboutdatamodels) From dc96b7ffb307682b810ea6caaa5468963ff6df05 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Fri, 8 May 2020 11:40:16 +0200 Subject: [PATCH 284/714] Removed dependency on slugify --- tools/sigma/backends/ee-outliers.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/sigma/backends/ee-outliers.py b/tools/sigma/backends/ee-outliers.py index 39920b85..3580cf3d 100644 --- a/tools/sigma/backends/ee-outliers.py +++ b/tools/sigma/backends/ee-outliers.py @@ -18,11 +18,11 @@ from .elasticsearch import ElasticsearchDSLBackend import json import logging import configparser +from .mixins import MultiRuleOutputMixin from io import StringIO -from slugify import slugify -class OutliersBackend(ElasticsearchDSLBackend): +class OutliersBackend(ElasticsearchDSLBackend, MultiRuleOutputMixin): """ee-outliers backend""" identifier = 'ee-outliers' active = True @@ -39,7 +39,7 @@ class OutliersBackend(ElasticsearchDSLBackend): self.queries = [] - use_case_name = slugify(self.title) + use_case_name = self.getRuleName(sigmaparser) index = '' if self.indices is not None and len(self.indices) == 1: @@ -59,7 +59,7 @@ class OutliersBackend(ElasticsearchDSLBackend): } config = configparser.ConfigParser(interpolation=None) - config["simplequery_" + use_case_name] = config_data + config["simplequery_sigma_" + use_case_name] = config_data output = StringIO() config.write(output) @@ -67,3 +67,10 @@ class OutliersBackend(ElasticsearchDSLBackend): output.close() return result + + def finalize(self): + """ + Is called after the last file was processed with generate(). The right place if this backend is not intended to + look isolated at each rule, but generates an output which incorporates multiple rules, e.g. dashboards. + """ + pass From 7cc1b300d2991888bfddb18af1fc884d36a8ba2d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 8 May 2020 11:42:06 +0200 Subject: [PATCH 285/714] rule: maze ransomware patterns --- .../win_crime_maze_ransomware.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 rules/windows/process_creation/win_crime_maze_ransomware.yml diff --git a/rules/windows/process_creation/win_crime_maze_ransomware.yml b/rules/windows/process_creation/win_crime_maze_ransomware.yml new file mode 100644 index 00000000..9f7d3d64 --- /dev/null +++ b/rules/windows/process_creation/win_crime_maze_ransomware.yml @@ -0,0 +1,40 @@ +title: Maze Ransomware +id: 29fd07fc-9cfd-4331-b7fd-cc18dfa21052 +status: experimental +description: Detects specific process characteristics of Maze ransomware word document droppers +references: + - https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html + - https://app.any.run/tasks/51e7185c-52d7-4efb-ac0d-e86340053473/ + - https://app.any.run/tasks/65a79440-373a-4725-8d74-77db9f2abda4/ +author: Florian Roth +date: 2020/05/08 +tags: + - attack.execution + - attack.t1204 +logsource: + category: process_creation + product: windows +detection: + # Dropper + selection1: + ParentImage|endswith: + - '\WINWORD.exe' + Image|endswith: + - '*.tmp' + # Binary Execution + selection2: + Image|endswith: '\wmic.exe' + ParentImage|contains: '\Temp\' + CommandLine|endswith: 'shadowcopy delete' + # Specific Pattern + selection3: + CommandLine|endswith: 'shadowcopy delete' + CommandLine|contains: '\..\..\system32' + condition: 1 of them +fields: + - ComputerName + - User + - Image +falsepositives: + - Unlikely +level: critical From c5c5e1b79b421dcae94659dffa9c21a0931d9ac9 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Fri, 8 May 2020 17:51:35 +0200 Subject: [PATCH 286/714] Added ee-outliers test to Makefile --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index b710b423..1ad71351 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -O email,index,webhook -c tools/config/winlogbeat.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null From 61f061333b2266b41f4007d85ef7713e3e276f51 Mon Sep 17 00:00:00 2001 From: tliffick Date: Fri, 8 May 2020 21:26:24 -0400 Subject: [PATCH 287/714] Registry entry for Azorult malware Detects registry keys used by Azorult malware --- rules/windows/malware/mal_azorult_reg.yml | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/malware/mal_azorult_reg.yml diff --git a/rules/windows/malware/mal_azorult_reg.yml b/rules/windows/malware/mal_azorult_reg.yml new file mode 100644 index 00000000..35fcba4d --- /dev/null +++ b/rules/windows/malware/mal_azorult_reg.yml @@ -0,0 +1,29 @@ +title: registy entries for azorult malware +id: f7f9ab88-7557-4a69-b30e-0a8f91b3a0e7 +description: Detects the presence of a registry key created during Azorult execution +status: experimental +references: + - https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.azoruit.a +author: Trent Liffick +date: 2020/05/08 +tags: + - attack.execution + - attack.t1112 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: + - 12 + - 13 + TargetObject: + - '*SYSTEM\\*\services\localNETService' + condition: selection +fields: + - Image + - TargetObject + - TargetDetails +falsepositives: + - unknown +level: medium From c98be55d2174e603216be9266ef4dda8097e7fe3 Mon Sep 17 00:00:00 2001 From: tliffick Date: Fri, 8 May 2020 21:31:33 -0400 Subject: [PATCH 288/714] Update mal_azorult_reg.yml --- rules/windows/malware/mal_azorult_reg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/malware/mal_azorult_reg.yml b/rules/windows/malware/mal_azorult_reg.yml index 35fcba4d..e4053c1f 100644 --- a/rules/windows/malware/mal_azorult_reg.yml +++ b/rules/windows/malware/mal_azorult_reg.yml @@ -1,4 +1,4 @@ -title: registy entries for azorult malware +title: Registy Entries For Azorult Malware id: f7f9ab88-7557-4a69-b30e-0a8f91b3a0e7 description: Detects the presence of a registry key created during Azorult execution status: experimental From 09d1b00459ad57ee6dd9c6a0abc987ffaa69ef24 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 11 May 2020 10:40:23 +0200 Subject: [PATCH 289/714] Changed level to ciritcal --- rules/windows/malware/mal_azorult_reg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/malware/mal_azorult_reg.yml b/rules/windows/malware/mal_azorult_reg.yml index e4053c1f..d99e7c47 100644 --- a/rules/windows/malware/mal_azorult_reg.yml +++ b/rules/windows/malware/mal_azorult_reg.yml @@ -26,4 +26,4 @@ fields: - TargetDetails falsepositives: - unknown -level: medium +level: critical From 4366a9502485f2a716dc69f0e6db90605e46b0bc Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 11 May 2020 10:46:26 +0200 Subject: [PATCH 290/714] rule: Maze ransomware --- .../win_crime_maze_ransomware.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 rules/windows/process_creation/win_crime_maze_ransomware.yml diff --git a/rules/windows/process_creation/win_crime_maze_ransomware.yml b/rules/windows/process_creation/win_crime_maze_ransomware.yml new file mode 100644 index 00000000..9f7d3d64 --- /dev/null +++ b/rules/windows/process_creation/win_crime_maze_ransomware.yml @@ -0,0 +1,40 @@ +title: Maze Ransomware +id: 29fd07fc-9cfd-4331-b7fd-cc18dfa21052 +status: experimental +description: Detects specific process characteristics of Maze ransomware word document droppers +references: + - https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html + - https://app.any.run/tasks/51e7185c-52d7-4efb-ac0d-e86340053473/ + - https://app.any.run/tasks/65a79440-373a-4725-8d74-77db9f2abda4/ +author: Florian Roth +date: 2020/05/08 +tags: + - attack.execution + - attack.t1204 +logsource: + category: process_creation + product: windows +detection: + # Dropper + selection1: + ParentImage|endswith: + - '\WINWORD.exe' + Image|endswith: + - '*.tmp' + # Binary Execution + selection2: + Image|endswith: '\wmic.exe' + ParentImage|contains: '\Temp\' + CommandLine|endswith: 'shadowcopy delete' + # Specific Pattern + selection3: + CommandLine|endswith: 'shadowcopy delete' + CommandLine|contains: '\..\..\system32' + condition: 1 of them +fields: + - ComputerName + - User + - Image +falsepositives: + - Unlikely +level: critical From 1104044f53207cb81d27acad6b0938665a8dd848 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 11 May 2020 10:55:02 +0200 Subject: [PATCH 291/714] fix: delete duplicate rules --- rules/proxy/proxy_implant_teardown.yml | 20 ------------ .../win_susp_msbuild_folder.yml | 23 -------------- .../sysmon/sysmon_reg_debugger_backdoor.yml | 31 ------------------- 3 files changed, 74 deletions(-) delete mode 100644 rules/proxy/proxy_implant_teardown.yml delete mode 100644 rules/windows/process_creation/win_susp_msbuild_folder.yml delete mode 100644 rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml diff --git a/rules/proxy/proxy_implant_teardown.yml b/rules/proxy/proxy_implant_teardown.yml deleted file mode 100644 index dd7d3630..00000000 --- a/rules/proxy/proxy_implant_teardown.yml +++ /dev/null @@ -1,20 +0,0 @@ -title: Teardown Implant URL Pattern -status: experimental -description: Detects URL pattern used by Teardown Implant -references: - - https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html -author: Florian Roth -date: 2019/08/30 -logsource: - category: proxy -detection: - selection: - c-uri-query: '*/list/suc?name=*' - condition: selection -fields: - - ClientIP - - URL - - UserAgent -falsepositives: - - Unknown -level: critical diff --git a/rules/windows/process_creation/win_susp_msbuild_folder.yml b/rules/windows/process_creation/win_susp_msbuild_folder.yml deleted file mode 100644 index 5208616c..00000000 --- a/rules/windows/process_creation/win_susp_msbuild_folder.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: Suspicious Csc.exe Source File Folder -description: Detects a suspicious execution of csc.exe, which uses a source in a suspicious folder (e.g. AppData) -status: experimental -references: - - https://blog.talosintelligence.com/2019/08/china-chopper-still-active-9-years-later.html -author: Florian Roth -date: 2019/08/24 -tags: - - attack.defense_evasion - - attack.t1500 -logsource: - category: process_creation - product: windows -detection: - selection: - Image: '*\MSBuild.exe' - CommandLine: - - '*\AppData\*' - - '*\Windows\Temp\*' - condition: selection -falsepositives: - - Unkown -level: high diff --git a/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml b/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml deleted file mode 100644 index 9210e83f..00000000 --- a/rules/windows/sysmon/sysmon_reg_debugger_backdoor.yml +++ /dev/null @@ -1,31 +0,0 @@ -title: Suspicious Debugger Registration Registry -status: experimental -description: Detects the registration of a debugger for a program that is available in the logon screen (sticky key backdoor) -references: - - https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/ -tags: - - attack.persistence - - attack.privilege_escalation - - attack.t1015 -author: Florian Roth -date: 2019/09/06 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: - - 12 - - 13 - TargetObject: - - '*\CurrentVersion\Image File Execution Options\sethc.exe*' - - '*\CurrentVersion\Image File Execution Options\utilman.exe*' - - '*\CurrentVersion\Image File Execution Options\osk.exe*' - - '*\CurrentVersion\Image File Execution Options\magnify.exe*' - - '*\CurrentVersion\Image File Execution Options\narrator.exe*' - - '*\CurrentVersion\Image File Execution Options\displayswitch.exe*' - condition: selection -falsepositives: - - Penetration Tests -level: high - From 37b08543ac6b63b4c457b0ef87f8afcc91883cf5 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Mon, 11 May 2020 11:47:56 +0200 Subject: [PATCH 292/714] Updated author reference in license --- tools/sigma/backends/ee-outliers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/ee-outliers.py b/tools/sigma/backends/ee-outliers.py index 3580cf3d..4a912d11 100644 --- a/tools/sigma/backends/ee-outliers.py +++ b/tools/sigma/backends/ee-outliers.py @@ -1,5 +1,5 @@ # ee-outliers backend for sigmac -# NVISO (@NVISOsecurity) +# NVISO (@NVISO_Labs) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by From 6ec74364f222f50a5532b12383ec973b10574f86 Mon Sep 17 00:00:00 2001 From: Rettila Date: Mon, 11 May 2020 17:40:47 +0200 Subject: [PATCH 293/714] Create win_global_catalog_enumeration.yml --- .../win_global_catalog_enumeration.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rules/windows/builtin/win_global_catalog_enumeration.yml diff --git a/rules/windows/builtin/win_global_catalog_enumeration.yml b/rules/windows/builtin/win_global_catalog_enumeration.yml new file mode 100644 index 00000000..d2707b31 --- /dev/null +++ b/rules/windows/builtin/win_global_catalog_enumeration.yml @@ -0,0 +1,23 @@ +title: Enumeration via the Global Catalog +description: Detects enumeration of the global catalog (that can be performed using BloodHound or others AD reconnaissance tools). Adjust Treshhold according to domain width. +author: Chakib Gzenayi (@Chak092), Hosni Mribah +id: 619b020f-0fd7-4f23-87db-3f51ef837a34 +date: 2020/05/11 +tags: + - attack.discovery + - attack.t1087 +logsource: + product: windows + service: system + description: 'The advanced audit policy setting "Windows Filtering Platform > Filtering Platform Connection" must be configured for Success' +detection: + selection: + EventID: 5156 + DestinationPort: + - 3268 + - 3269 + timeframe: 1h + condition: selection | count() by SourceAddress > 2000 +falsepositives: + - Exclude known DCs. +level: medium From d510e1aad45908a0b73c66fce6d349d09cace3b4 Mon Sep 17 00:00:00 2001 From: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Mon, 11 May 2020 18:31:59 +0200 Subject: [PATCH 294/714] Fix 'source' value for win_susp_backup_delete --- rules/windows/builtin/win_susp_backup_delete.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml index 7741c3eb..32dfb5d0 100644 --- a/rules/windows/builtin/win_susp_backup_delete.yml +++ b/rules/windows/builtin/win_susp_backup_delete.yml @@ -16,7 +16,7 @@ logsource: detection: selection: EventID: 524 - Source: Backup + Source: Microsoft-Windows-Backup condition: selection falsepositives: - Unknown From e01734fda1d620436507fbef15f528a168e8fc69 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 12 May 2020 17:43:54 +0200 Subject: [PATCH 295/714] rule: proxy UA hidden cobra --- rules/proxy/proxy_ua_apt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml index af6baf85..d8328ce9 100644 --- a/rules/proxy/proxy_ua_apt.yml +++ b/rules/proxy/proxy_ua_apt.yml @@ -45,6 +45,7 @@ detection: - 'Mozilla/5.0 (Windows NT 9; *' # Suspicious 'Windows NT 9' user agent - used by APT33 malware in 2018 - 'hots scot' # Unkown iOS zero-day implant https://twitter.com/craiu/status/1176437994288484352?s=20 - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT)' # https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ + - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36' # Hidden Cobra malware condition: selection fields: - ClientIP From bb17fd74ee5c614ef73a8e7c5c526d80469937d0 Mon Sep 17 00:00:00 2001 From: teddy_ROxPin <62453645+teddy-ROxPin@users.noreply.github.com> Date: Tue, 12 May 2020 21:43:01 -0600 Subject: [PATCH 296/714] Create win_advanced_ip_scanner.yml Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups. --- .../win_advanced_ip_scanner.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/windows/process_creation/win_advanced_ip_scanner.yml diff --git a/rules/windows/process_creation/win_advanced_ip_scanner.yml b/rules/windows/process_creation/win_advanced_ip_scanner.yml new file mode 100644 index 00000000..dea5ec04 --- /dev/null +++ b/rules/windows/process_creation/win_advanced_ip_scanner.yml @@ -0,0 +1,22 @@ +title: Advanced IP Scanner +id: bef37fa2-f205-4a7b-b484-0759bfd5f86f +status: experimental +description: Detects the use of Advanced IP Scanner. Seems to be a popular tool for ransomware groups. +references: + - https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ + - https://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html +author: '@ROxPinTeddy' +date: 2020/05/12 +tags: + - attack.discovery + - attack.t1046 +logsource: + category: process_creation + product: windows +detection: + selection: + Image|endswith: '\advanced_ip_scanner*' + condition: selection +falsepositives: + - Legitimate administrative use. +level: low From a9ef7ef3824597ff6706c7ad8814507cfcc95425 Mon Sep 17 00:00:00 2001 From: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Wed, 13 May 2020 11:31:17 +0200 Subject: [PATCH 297/714] Fix a bad CommandLine search --- rules/windows/process_creation/win_bootconf_mod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_bootconf_mod.yml b/rules/windows/process_creation/win_bootconf_mod.yml index 818e3605..4faa43bc 100644 --- a/rules/windows/process_creation/win_bootconf_mod.yml +++ b/rules/windows/process_creation/win_bootconf_mod.yml @@ -18,7 +18,7 @@ logsource: detection: selection1: Image|endswith: \bcdedit.exe - CommandLine: set + CommandLine|contains: set selection2: - CommandLine|contains|all: - bootstatuspolicy From a1856c5743d9d5e630113d4eded9410440ed928d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 13 May 2020 11:56:25 +0200 Subject: [PATCH 298/714] Update win_advanced_ip_scanner.yml --- rules/windows/process_creation/win_advanced_ip_scanner.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_advanced_ip_scanner.yml b/rules/windows/process_creation/win_advanced_ip_scanner.yml index dea5ec04..c01eda56 100644 --- a/rules/windows/process_creation/win_advanced_ip_scanner.yml +++ b/rules/windows/process_creation/win_advanced_ip_scanner.yml @@ -15,8 +15,8 @@ logsource: product: windows detection: selection: - Image|endswith: '\advanced_ip_scanner*' + Image|conatins: '\advanced_ip_scanner' condition: selection falsepositives: - - Legitimate administrative use. -level: low + - Legitimate administrative use +level: medium From 1a598282f4033e51e060b1014600970fdc64f72a Mon Sep 17 00:00:00 2001 From: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Wed, 13 May 2020 11:57:10 +0200 Subject: [PATCH 299/714] Add 'Add-Content' to powershell_ntfs_ads_access --- rules/windows/powershell/powershell_ntfs_ads_access.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/powershell/powershell_ntfs_ads_access.yml b/rules/windows/powershell/powershell_ntfs_ads_access.yml index 422ed4ea..e2c531b7 100644 --- a/rules/windows/powershell/powershell_ntfs_ads_access.yml +++ b/rules/windows/powershell/powershell_ntfs_ads_access.yml @@ -16,6 +16,7 @@ logsource: detection: keyword1: - "set-content" + - "add-content" keyword2: - "-stream" condition: keyword1 and keyword2 From 220a14f31c881910685735e1ceb492877da067d7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 13 May 2020 12:38:54 +0200 Subject: [PATCH 300/714] fix: typo in contains --- rules/windows/process_creation/win_advanced_ip_scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_advanced_ip_scanner.yml b/rules/windows/process_creation/win_advanced_ip_scanner.yml index c01eda56..4f3e9324 100644 --- a/rules/windows/process_creation/win_advanced_ip_scanner.yml +++ b/rules/windows/process_creation/win_advanced_ip_scanner.yml @@ -15,7 +15,7 @@ logsource: product: windows detection: selection: - Image|conatins: '\advanced_ip_scanner' + Image|contains: '\advanced_ip_scanner' condition: selection falsepositives: - Legitimate administrative use From 78a5c743f2f818272745e3b47b6d13b468524273 Mon Sep 17 00:00:00 2001 From: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Wed, 13 May 2020 16:20:23 +0200 Subject: [PATCH 301/714] Widen the search as it gives too many false negatives --- .../win_susp_script_execution.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/rules/windows/process_creation/win_susp_script_execution.yml b/rules/windows/process_creation/win_susp_script_execution.yml index 2ca05799..2404edc4 100644 --- a/rules/windows/process_creation/win_susp_script_execution.yml +++ b/rules/windows/process_creation/win_susp_script_execution.yml @@ -12,14 +12,14 @@ logsource: product: windows detection: selection: - Image: - - '*\wscript.exe' - - '*\cscript.exe' - CommandLine: - - '*.jse' - - '*.vbe' - - '*.js' - - '*.vba' + Image|endswith: + - '\wscript.exe' + - '\cscript.exe' + CommandLine|contains: + - '.jse' + - '.vbe' + - '.js' + - '.vba' condition: selection fields: - CommandLine From 3e5b33388b42003a338fe476c34f253389b61b35 Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 00:24:36 +0700 Subject: [PATCH 302/714] New rule to detect possible CVE-2020-1048 exploitation --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_cve-2020-1048.yml diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml new file mode 100644 index 00000000..f186a881 --- /dev/null +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -0,0 +1,33 @@ +title: Possible CVE-2020-1048 exploitation +id: 7ec912f2-5175-4868-b811-ec13ad0f8567 +status: experimental +description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file +author: EagleEye Team +date: 2020/05/13 +references: + - https://windows-internals.com/printdemon-cve-2020-1048/ +logsource: + service: sysmon + product: windows +tags: + - attack.persistence + - attack.execution +detection: + registryevent: + EventID: 12 + selection: + TargetObject: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' + EventType: CreateKey + processevent: + EventID: 1 + selection_2: + CommandLine|contains: 'Add-PrinterPort -Name' + selection_3: + CommandLine: + - '.dll' + - '.exe' + condition: (selection and registryevent) or (processevent and all of selection_*) +falsepositives: + - New printer port install on host +level: critical + From d0b1c98d5a3e32d7484f0ab880260711e07f5b7a Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 00:39:41 +0700 Subject: [PATCH 303/714] Reformat rule --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 42 +++++++++++-------- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index f186a881..9f407a2c 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -1,4 +1,5 @@ -title: Possible CVE-2020-1048 exploitation +action: global +title: Suspicious PrinterPorts Created id: 7ec912f2-5175-4868-b811-ec13ad0f8567 status: experimental description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file @@ -6,28 +7,33 @@ author: EagleEye Team date: 2020/05/13 references: - https://windows-internals.com/printdemon-cve-2020-1048/ -logsource: - service: sysmon - product: windows tags: - attack.persistence - attack.execution detection: - registryevent: - EventID: 12 - selection: - TargetObject: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' - EventType: CreateKey - processevent: - EventID: 1 - selection_2: - CommandLine|contains: 'Add-PrinterPort -Name' - selection_3: - CommandLine: - - '.dll' - - '.exe' - condition: (selection and registryevent) or (processevent and all of selection_*) + condition: 1 of them falsepositives: - New printer port install on host level: critical +--- +logsource: + service: sysmon + product: windows +detection: + selection: + EventID: 12 + TargetObject: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' + EventType: CreateKey +--- +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: 'Add-PrinterPort -Name' + selection2: + CommandLine: + - '.dll' + - '.exe' + From 97b690d340f30fbe5a243df87efb2a846b5a517a Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 09:02:54 +0700 Subject: [PATCH 304/714] Change level from Critical to High --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index 9f407a2c..c713f5f7 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -14,7 +14,7 @@ detection: condition: 1 of them falsepositives: - New printer port install on host -level: critical +level: high --- logsource: service: sysmon From e74970cea04c0d327f6c1aa858489a75b2e83489 Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 18:08:30 +0700 Subject: [PATCH 305/714] Suspicious network connection from notepad.exe --- .../sysmon_notepad_network_connection.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_notepad_network_connection.yml diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml new file mode 100644 index 00000000..2aa62bf5 --- /dev/null +++ b/rules/windows/sysmon/sysmon_notepad_network_connection.yml @@ -0,0 +1,24 @@ +title: Notepad Making Network Connection +id: e81528db-fc02-45e8-8e98-4e84aba1f10b +status: experimental +description: Detects suspicious network connection by Notepad +references: + - https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492186586.pdf + - https://blog.cobaltstrike.com/2013/08/08/why-is-notepad-exe-connecting-to-the-internet/ +tags: + - attack.command_and_control + - attack.execution +logsource: + product: windows + service: sysmon +date: 2020/05/14 +detection: + selection: + EventID: 3 + Image: '*\notepad.exe' + filter: + DestinationPort: 9100 + condition: selection +falsepositives: + - None observed so far +level: high From 443bf09d2776ab0a230f43fb161bff7c6a451622 Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 18:10:16 +0700 Subject: [PATCH 306/714] Add author --- rules/windows/sysmon/sysmon_notepad_network_connection.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml index 2aa62bf5..beb6627c 100644 --- a/rules/windows/sysmon/sysmon_notepad_network_connection.yml +++ b/rules/windows/sysmon/sysmon_notepad_network_connection.yml @@ -8,6 +8,7 @@ references: tags: - attack.command_and_control - attack.execution +author: EagleEye Team logsource: product: windows service: sysmon From e53a97fa2fa8bcfdf414ba973728e78d2be6bc85 Mon Sep 17 00:00:00 2001 From: Tran Trung Hieu Date: Thu, 14 May 2020 18:22:49 +0700 Subject: [PATCH 307/714] Update condition to filter out printer port --- rules/windows/sysmon/sysmon_notepad_network_connection.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml index beb6627c..039d397e 100644 --- a/rules/windows/sysmon/sysmon_notepad_network_connection.yml +++ b/rules/windows/sysmon/sysmon_notepad_network_connection.yml @@ -18,8 +18,8 @@ detection: EventID: 3 Image: '*\notepad.exe' filter: - DestinationPort: 9100 - condition: selection + DestinationPort: '9100' + condition: selection and not filter falsepositives: - None observed so far level: high From 06abd6e76a0487ac0bbe414ecae9ce021bce4106 Mon Sep 17 00:00:00 2001 From: Tiago Faria Date: Thu, 14 May 2020 14:03:23 +0100 Subject: [PATCH 308/714] added ci tests for ecs-cloudtrail --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 1ad71351..18a3dbb7 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,11 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null From ab950fb89dd50ec630ef8e43778b8f56e28b6c68 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 14 May 2020 15:53:09 +0200 Subject: [PATCH 309/714] fix: removed rules missing in master --- rules/apt/apt_emissarypanda_sep19.yml | 19 -------------- rules/apt/apt_muddywater.yml | 26 ------------------- ...in_susp_process_creations_env_var_root.yml | 17 ------------ 3 files changed, 62 deletions(-) delete mode 100644 rules/apt/apt_emissarypanda_sep19.yml delete mode 100644 rules/apt/apt_muddywater.yml delete mode 100644 rules/windows/process_creation/win_susp_process_creations_env_var_root.yml diff --git a/rules/apt/apt_emissarypanda_sep19.yml b/rules/apt/apt_emissarypanda_sep19.yml deleted file mode 100644 index 3422f68b..00000000 --- a/rules/apt/apt_emissarypanda_sep19.yml +++ /dev/null @@ -1,19 +0,0 @@ -title: Emissary Panda Malware SLLauncher -status: experimental -description: Detects the execution of DLL side-loading malware used by threat group Emissary Panda aka APT27 -references: - - https://app.any.run/tasks/579e7587-f09d-4aae-8b07-472833262965 - - https://twitter.com/cyb3rops/status/1168863899531132929 -author: Florian Roth -date: 2018/09/03 -logsource: - category: process_creation - product: windows -detection: - selection: - ParentImage: '*\sllauncher.exe' - Image: '*\svchost.exe' - condition: selection -falsepositives: - - Unknown -level: critical diff --git a/rules/apt/apt_muddywater.yml b/rules/apt/apt_muddywater.yml deleted file mode 100644 index 24eedb69..00000000 --- a/rules/apt/apt_muddywater.yml +++ /dev/null @@ -1,26 +0,0 @@ -title: MuddyWater Code Execution -description: Detects a suspicious execution of wscript and cscript poiting to *.vbe and *.jpg files in Windows temp folder -status: experimental -references: - - https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf - - https://attack.mitre.org/techniques/T1500/ -author: Florian Roth -date: 2019/08/31 -tags: - - attack.defense_evasion - - attack.t1500 -logsource: - category: process_creation - product: windows -detection: - selection: - Image: - - '*\wscript.exe' - - '*\cscript.exe' - CommandLine: - - '*\Windows\Temp\*.vbe' - - '*\Windows\Temp\*.jpg' - condition: selection -falsepositives: - - Unkown -level: high diff --git a/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml b/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml deleted file mode 100644 index fe401183..00000000 --- a/rules/windows/process_creation/win_susp_process_creations_env_var_root.yml +++ /dev/null @@ -1,17 +0,0 @@ -title: Process Creation in ENV Variable Root -description: Detects suspicious process creations in the root folder of an environment variable like %ProgramData% or %AppData% -status: experimental -author: Florian Roth -date: 2018/08/24 -tags: - - car.2013-07-001 -logsource: - category: process_creation - product: windows -detection: - selection: - Image|re: '^.*\\(ProgramData|AppData\\Local|AppData\\Roaming)\\[^\]+\.(exe|vbs|bat|ps1|js)$' - condition: selection -falsepositives: - - False positives depend on scripts and administrative tools used in the monitored environment but should be very rare -level: high From d25b8a0492bb9318ccbcc48efb344000dbdc2a12 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 14 May 2020 15:56:39 +0200 Subject: [PATCH 310/714] docs: remove GPL reference, DRL in README --- LICENSE.GPL.txt | 674 ------------------------------------------------ README.md | 2 +- 2 files changed, 1 insertion(+), 675 deletions(-) delete mode 100644 LICENSE.GPL.txt diff --git a/LICENSE.GPL.txt b/LICENSE.GPL.txt deleted file mode 100644 index 9cecc1d4..00000000 --- a/LICENSE.GPL.txt +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - {one line to give the program's name and a brief idea of what it does.} - Copyright (C) {year} {name of author} - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - {project} Copyright (C) {year} {fullname} - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/README.md b/README.md index 005f5192..10f0df4b 100644 --- a/README.md +++ b/README.md @@ -338,7 +338,7 @@ The content of this repository is released under the following licenses: * The toolchain (everything under `tools/`) is licensed under the [GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl-3.0.en.html). * The [Sigma specification](https://github.com/Neo23x0/sigma/wiki) is public domain. -* Everything else, especially the rules contained in the `rules/` directory is released under the [GNU General Public License](https://www.gnu.org/licenses/gpl-3.0.en.html). +* Everything else, especially the rules contained in the `rules/` directory is released under the [Detection Rule License (DRL) 1.0](https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md). # Credits From 8aff6b412e39de70da551c9c9854ea97a8a8b16c Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Thu, 14 May 2020 22:58:23 -0400 Subject: [PATCH 311/714] added rule for Blue Mockingbird (cryptominer) --- .../malware/win_mal_blue_mockingbird.yml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 rules/windows/malware/win_mal_blue_mockingbird.yml diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml new file mode 100644 index 00000000..52a54998 --- /dev/null +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -0,0 +1,43 @@ +title: Blue Mockingbird +id: c3198a27-23a0-4c2c-af19-e5328d49680e +status: experimental +description: Attempts to detect system changes made by Monero miner +references: + - https://redcanary.com/blog/blue-mockingbird-cryptominer/ +tags: + - attack.execution + - attack.t1112 + - attack.1047 +author: Trent Liffick +date: 2020/05/14 +--- +logsource: + category: process_creation + product: windows +detection: + selection1: + Image: '*\cmd.exe' + CommandLine|contains|all: + - '*sc config*' + - '*wercplsupporte.dll*' +--- +logsource: + category: process_creation + product: windows +detection: + selection2: + Image: '*\wmic.exe' + CommandLine: '*COR_PROFILER' +--- +logsource: + product: windows + service: sysmon +detection: + selection3: + EventID: 13 + TargetObject: + - '*\SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' + condition: selection1 or selection2 or selection3 +falsepositives: + - unknown +level: high From fb1d8d7a76c45451ac1d14829d812ae5961493fe Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Thu, 14 May 2020 23:04:14 -0400 Subject: [PATCH 312/714] Corrected typo --- rules/windows/malware/win_mal_blue_mockingbird.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index 52a54998..aa198d30 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -7,7 +7,7 @@ references: tags: - attack.execution - attack.t1112 - - attack.1047 + - attack.t1047 author: Trent Liffick date: 2020/05/14 --- From 56a2747a7062e2205f729f19ef34535f80c24c9d Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Thu, 14 May 2020 23:18:33 -0400 Subject: [PATCH 313/714] Corrected missing condition learning! fail fast & forward --- rules/windows/malware/win_mal_blue_mockingbird.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index aa198d30..1ace8376 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -1,7 +1,7 @@ title: Blue Mockingbird id: c3198a27-23a0-4c2c-af19-e5328d49680e status: experimental -description: Attempts to detect system changes made by Monero miner +description: Attempts to detect system changes made by Blue Mockingbird references: - https://redcanary.com/blog/blue-mockingbird-cryptominer/ tags: @@ -20,6 +20,7 @@ detection: CommandLine|contains|all: - '*sc config*' - '*wercplsupporte.dll*' + condition: selection1 --- logsource: category: process_creation @@ -28,6 +29,7 @@ detection: selection2: Image: '*\wmic.exe' CommandLine: '*COR_PROFILER' + condition: selection2 --- logsource: product: windows @@ -37,7 +39,7 @@ detection: EventID: 13 TargetObject: - '*\SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' - condition: selection1 or selection2 or selection3 + condition: selection3 falsepositives: - unknown level: high From 40ab1b7247e52be5ff01429a0d6b9b80656aedb2 Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Thu, 14 May 2020 23:33:08 -0400 Subject: [PATCH 314/714] added 'action: global' --- .../malware/win_mal_blue_mockingbird.yml | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index 1ace8376..54f2c08a 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -1,3 +1,4 @@ +action: global title: Blue Mockingbird id: c3198a27-23a0-4c2c-af19-e5328d49680e status: experimental @@ -8,38 +9,38 @@ tags: - attack.execution - attack.t1112 - attack.t1047 -author: Trent Liffick +author: Trent Liffick (@tliffick) date: 2020/05/14 +falsepositives: + - unknown +level: high --- logsource: category: process_creation product: windows detection: - selection1: + exec_selection: Image: '*\cmd.exe' CommandLine|contains|all: - '*sc config*' - '*wercplsupporte.dll*' - condition: selection1 + condition: exec_selection --- logsource: category: process_creation product: windows detection: - selection2: + wmic_cmd: Image: '*\wmic.exe' CommandLine: '*COR_PROFILER' - condition: selection2 + condition: wmic_cmd --- logsource: product: windows service: sysmon detection: - selection3: + mod_reg: EventID: 13 TargetObject: - '*\SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' - condition: selection3 -falsepositives: - - unknown -level: high + condition: mod_reg From 54cf535dbc575f6cf97fe32c6d1769010c345297 Mon Sep 17 00:00:00 2001 From: ecco Date: Fri, 15 May 2020 04:45:25 -0400 Subject: [PATCH 315/714] remove false positives with cmd as child of services.exe (not specifically related to meterpreter/cobaltstrike) --- ...eter_or_cobaltstrike_getsystem_service_installation.yml | 7 ++----- ...meterpreter_or_cobaltstrike_getsystem_service_start.yml | 7 ++----- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml b/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml index f37f4640..e177530f 100644 --- a/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml +++ b/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml @@ -2,9 +2,9 @@ action: global title: Meterpreter or Cobalt Strike Getsystem Service Installation id: 843544a7-56e0-4dcc-a44f-5cc266dd97d6 description: Detects the use of getsystem Meterpreter/Cobalt Strike command by detecting a specific service installation -author: Teymur Kheirkhabarov +author: Teymur Kheirkhabarov, Ecco date: 2019/10/26 -modified: 2019/11/11 +modified: 2020/05/15 references: - https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment - https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/ @@ -13,9 +13,6 @@ tags: - attack.t1134 detection: selection: - - ServiceFileName|contains: - - 'cmd' - - 'comspec' # meterpreter getsystem technique 1: cmd.exe /c echo 559891bb017 > \\.\pipe\5e120a - ServiceFileName|contains|all: - 'cmd' diff --git a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml index 2b5f5040..e28d9ca9 100644 --- a/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml +++ b/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml @@ -1,9 +1,9 @@ title: Meterpreter or Cobalt Strike Getsystem Service Start id: 15619216-e993-4721-b590-4c520615a67d description: Detects the use of getsystem Meterpreter/Cobalt Strike command by detecting a specific service starting -author: Teymur Kheirkhabarov +author: Teymur Kheirkhabarov, Ecco date: 2019/10/26 -modified: 2019/11/11 +modified: 2020/05/15 references: - https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment - https://blog.cobaltstrike.com/2014/04/02/what-happens-when-i-type-getsystem/ @@ -17,9 +17,6 @@ detection: selection_1: ParentImage|endswith: '\services.exe' selection_2: - - CommandLine|contains: - - 'cmd' - - 'comspec' # meterpreter getsystem technique 1: cmd.exe /c echo 559891bb017 > \\.\pipe\5e120a - CommandLine|contains|all: - 'cmd' From 28dc2a22672e5959e3920a08fa5c17f35a0351f5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 11:33:36 +0200 Subject: [PATCH 316/714] Minor changes hints: - contains doesn't require wildcards in the strings - we can use 'endswith' instead of wildcard at the beginning of the string (it's the new way to describe it, we have to change all old rules that contain these wildcards some day) - we can use "1 of them" to say that 1 of the conditions has to match --- .../malware/win_mal_blue_mockingbird.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index 54f2c08a..d7ce7fa3 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -14,26 +14,25 @@ date: 2020/05/14 falsepositives: - unknown level: high +condition: 1 of them --- logsource: category: process_creation product: windows detection: exec_selection: - Image: '*\cmd.exe' + Image|endswith: '\cmd.exe' CommandLine|contains|all: - - '*sc config*' - - '*wercplsupporte.dll*' - condition: exec_selection + - 'sc config' + - 'wercplsupporte.dll' --- logsource: category: process_creation product: windows detection: wmic_cmd: - Image: '*\wmic.exe' - CommandLine: '*COR_PROFILER' - condition: wmic_cmd + Image|endswith: '\wmic.exe' + CommandLine|endswith: 'COR_PROFILER' --- logsource: product: windows @@ -41,6 +40,5 @@ logsource: detection: mod_reg: EventID: 13 - TargetObject: - - '*\SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' - condition: mod_reg + TargetObject|endswith: + - '\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' From 5854cc4677bc9e13c25e06b23d386c89946694c8 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 11:37:46 +0200 Subject: [PATCH 317/714] fix: small bug in new CVE-2020-1048 rule --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index c713f5f7..43658727 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -32,7 +32,7 @@ detection: selection1: CommandLine|contains: 'Add-PrinterPort -Name' selection2: - CommandLine: + CommandLine|contains: - '.dll' - '.exe' From beb62dc163ee995a9fbe362807c132bf8edd1e09 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 12:06:34 +0200 Subject: [PATCH 318/714] fix: condition location --- rules/windows/malware/win_mal_blue_mockingbird.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml index d7ce7fa3..c40f28d7 100644 --- a/rules/windows/malware/win_mal_blue_mockingbird.yml +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -14,7 +14,8 @@ date: 2020/05/14 falsepositives: - unknown level: high -condition: 1 of them +detection: + condition: 1 of them --- logsource: category: process_creation From 8e7caf0e4d98445afb9ea637d7b3223ab9d81721 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 12:08:31 +0200 Subject: [PATCH 319/714] rule: CVE-2020-1048 --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_cve-2020-1048.yml diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml new file mode 100644 index 00000000..a171d24f --- /dev/null +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -0,0 +1,46 @@ +action: global +title: Suspicious PrinterPorts Created +id: 7ec912f2-5175-4868-b811-ec13ad0f8567 +status: experimental +description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file +author: EagleEye Team, Florian Roth +date: 2020/05/13 +modified: 2020/05/15 +references: + - https://windows-internals.com/printdemon-cve-2020-1048/ +tags: + - attack.persistence + - attack.execution +detection: + condition: 1 of them +falsepositives: + - New printer port install on host +level: high +--- +logsource: + service: sysmon + product: windows +detection: + selection: + EventID: + - 12 + - 13 + TargetObject|startswith: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' + EventType: CreateKey + TargetObject|contains: + - '.dll' + - '.exe' + - 'C:' +--- +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: 'Add-PrinterPort -Name' + selection2: + CommandLine|contains: + - '.dll' + - '.exe' + + From 0575fa8d811813bb8e6daec2ffbc59301ef58639 Mon Sep 17 00:00:00 2001 From: ecco Date: Fri, 15 May 2020 07:25:05 -0400 Subject: [PATCH 320/714] fix CVE 2020-1048 rule --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index a171d24f..8c3a1571 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -1,5 +1,5 @@ action: global -title: Suspicious PrinterPorts Created +title: Suspicious PrinterPorts Created (CVE-2020-1048) id: 7ec912f2-5175-4868-b811-ec13ad0f8567 status: experimental description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file @@ -26,7 +26,10 @@ detection: - 12 - 13 TargetObject|startswith: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' - EventType: CreateKey + EventType: + - SetValue + - DeleteValue + - CreateValue TargetObject|contains: - '.dll' - '.exe' From 7b713fbe7fcb5cbaa03868e0e9b35f70f0682f63 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 15 May 2020 17:19:32 +0200 Subject: [PATCH 321/714] rule: OpenSSHd rule adjusted --- rules/linux/lnx_susp_ssh.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/linux/lnx_susp_ssh.yml b/rules/linux/lnx_susp_ssh.yml index 23bb364c..6001335f 100644 --- a/rules/linux/lnx_susp_ssh.yml +++ b/rules/linux/lnx_susp_ssh.yml @@ -1,4 +1,4 @@ -title: Suspicious SSHD Error +title: Suspicious OpenSSH Daemon Error id: e76b413a-83d0-4b94-8e4c-85db4a5b8bdc description: Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts references: @@ -6,6 +6,7 @@ references: - https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml author: Florian Roth date: 2017/06/30 +modified: 2020/05/15 logsource: product: linux service: sshd From fd386fe8eb70c15f31ef25bce7183437b8406d33 Mon Sep 17 00:00:00 2001 From: ecco Date: Fri, 15 May 2020 12:35:32 -0400 Subject: [PATCH 322/714] standardize rules with Image and CommandLine instead of NewProcessName and ProcessCommandLine --- .../win_exfiltration_and_tunneling_tools_execution.yml | 2 +- .../process_creation/win_grabbing_sensitive_hives_via_reg.yml | 2 +- rules/windows/process_creation/win_psexesvc_start.yml | 2 +- rules/windows/process_creation/win_shadow_copies_creation.yml | 2 +- rules/windows/process_creation/win_shadow_copies_deletion.yml | 4 ++-- rules/windows/process_creation/win_susp_bcdedit.yml | 4 ++-- rules/windows/process_creation/win_win10_sched_task_0day.yml | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml b/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml index 57bcdd0e..231813ee 100644 --- a/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml +++ b/rules/windows/process_creation/win_exfiltration_and_tunneling_tools_execution.yml @@ -12,7 +12,7 @@ logsource: product: windows detection: selection: - NewProcessName|endswith: + Image|endswith: - '\plink.exe' - '\socat.exe' - '\stunnel.exe' diff --git a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml index b085214d..a8377a19 100644 --- a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml +++ b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml @@ -16,7 +16,7 @@ logsource: product: windows detection: selection_1: - NewProcessName: '*\reg.exe' + Image: '*\reg.exe' CommandLine|contains: - 'save' - 'export' diff --git a/rules/windows/process_creation/win_psexesvc_start.yml b/rules/windows/process_creation/win_psexesvc_start.yml index 9eca4861..5c77a450 100644 --- a/rules/windows/process_creation/win_psexesvc_start.yml +++ b/rules/windows/process_creation/win_psexesvc_start.yml @@ -13,7 +13,7 @@ logsource: product: windows detection: selection: - ProcessCommandLine: C:\Windows\PSEXESVC.exe + CommandLine: C:\Windows\PSEXESVC.exe condition: selection falsepositives: - Administrative activity diff --git a/rules/windows/process_creation/win_shadow_copies_creation.yml b/rules/windows/process_creation/win_shadow_copies_creation.yml index 77bdb977..828c54a5 100644 --- a/rules/windows/process_creation/win_shadow_copies_creation.yml +++ b/rules/windows/process_creation/win_shadow_copies_creation.yml @@ -14,7 +14,7 @@ logsource: product: windows detection: selection: - NewProcessName|endswith: + Image|endswith: - '\powershell.exe' - '\wmic.exe' - '\vssadmin.exe' diff --git a/rules/windows/process_creation/win_shadow_copies_deletion.yml b/rules/windows/process_creation/win_shadow_copies_deletion.yml index 05029298..43bdfd90 100644 --- a/rules/windows/process_creation/win_shadow_copies_deletion.yml +++ b/rules/windows/process_creation/win_shadow_copies_deletion.yml @@ -20,12 +20,12 @@ logsource: product: windows detection: selection: - NewProcessName|endswith: + Image|endswith: - '\powershell.exe' - '\wmic.exe' - '\vssadmin.exe' CommandLine|contains|all: - - shadow + - shadow # will mach "delete shadows" and "shadowcopy delete" - delete condition: selection fields: diff --git a/rules/windows/process_creation/win_susp_bcdedit.yml b/rules/windows/process_creation/win_susp_bcdedit.yml index 3281b161..47b52713 100644 --- a/rules/windows/process_creation/win_susp_bcdedit.yml +++ b/rules/windows/process_creation/win_susp_bcdedit.yml @@ -16,8 +16,8 @@ logsource: product: windows detection: selection: - NewProcessName: '*\bcdedit.exe' - ProcessCommandLine: + Image: '*\bcdedit.exe' + CommandLine: - '*delete*' - '*deletevalue*' - '*import*' diff --git a/rules/windows/process_creation/win_win10_sched_task_0day.yml b/rules/windows/process_creation/win_win10_sched_task_0day.yml index 60534f54..555c7132 100644 --- a/rules/windows/process_creation/win_win10_sched_task_0day.yml +++ b/rules/windows/process_creation/win_win10_sched_task_0day.yml @@ -11,7 +11,7 @@ logsource: product: windows detection: selection: - Image: schtasks.exe + Image|endswith: '\schtasks.exe' CommandLine: '*/change*/TN*/RU*/RP*' condition: selection falsepositives: From d5e7d4e302f89ac9aa38583c1c3aa7f6ea1d0ad5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 16 May 2020 08:59:05 +0200 Subject: [PATCH 323/714] fix: missing condition in CVE-2020-1048 rule --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index a171d24f..a0c66c60 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -31,6 +31,7 @@ detection: - '.dll' - '.exe' - 'C:' + condition: selection --- logsource: category: process_creation @@ -42,5 +43,5 @@ detection: CommandLine|contains: - '.dll' - '.exe' - + condition: selection1 and selection2 From 2b72ee7b847fe96919a0b13682171f87031e6379 Mon Sep 17 00:00:00 2001 From: ~noyan Date: Sat, 16 May 2020 14:49:40 +0300 Subject: [PATCH 324/714] partial(?) fix of #762 --- tools/sigma/backends/powershell.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/sigma/backends/powershell.py b/tools/sigma/backends/powershell.py index a4de4f9d..192e5369 100644 --- a/tools/sigma/backends/powershell.py +++ b/tools/sigma/backends/powershell.py @@ -118,7 +118,10 @@ class PowerShellBackend(SingleTextQueryBackend): return self.mapExpression % (key, self.generateValueNode(value, True)) elif type(value) == str and "*" in value: value = value.replace("*", ".*") - return "$_.message -match %s" % (self.generateValueNode(key + ".*" + value, True)) + if key == "Message": + return "$_.message -match %s" % (self.generateValueNode(value, True)) + else: + return "$_.message -match %s" % (self.generateValueNode(key + ".*" + value, True)) elif type(value) in (str, int): return '$_.message -match %s' % (self.generateValueNode(key + ".*" +str(value), True)) else: @@ -139,7 +142,10 @@ class PowerShellBackend(SingleTextQueryBackend): itemslist.append(self.mapExpression % (key, self.generateValueNode(item, True))) elif type(item) == str and "*" in item: item = item.replace("*", ".*") - itemslist.append('$_.message -match %s' % (self.generateValueNode(key + ".*" +item, True))) + if key == "Message": + itemslist.append('$_.message -match %s' % (self.generateValueNode(item, True))) + else: + itemslist.append('$_.message -match %s' % (self.generateValueNode(key + ".*" +item, True))) else: itemslist.append('$_.message -match %s' % (self.generateValueNode(item, True))) return '('+" -or ".join(itemslist)+')' From 25d3a5a893345cdac44e8c308b0b51db053d84bd Mon Sep 17 00:00:00 2001 From: Maxime Lamothe-Brassard Date: Sun, 17 May 2020 12:44:57 -0700 Subject: [PATCH 325/714] Remove "condition" from global rule. The condition field in this rule was in the global section which overwrote the condition in sub-rules and generated FPs. For example, once Sigma read the rule, the bottom sub-rule's "condition" was overwritten with "1 of them". --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index 194f3fb5..49159021 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -11,8 +11,6 @@ references: tags: - attack.persistence - attack.execution -detection: - condition: 1 of them falsepositives: - New printer port install on host level: high From a7176d48114b3e972c7850c3ebc47c6c4ea01e83 Mon Sep 17 00:00:00 2001 From: Alexander J <741037+jaegeral@users.noreply.github.com> Date: Mon, 18 May 2020 08:11:16 +0200 Subject: [PATCH 326/714] replace --target-list with --lists The description in the readme is outdated ```` sigmac --target-list usage: sigmac [-h] [--recurse] [--filter FILTER] [--target {kibana,ala-rule,splunk,ala,splunkxml,fieldlist,graylog,es-rule,qualys,arcsight-esm,mdatp,netwitness,arcsight,elastalert-dsl,sql,carbonblack,xpack-watcher,limacharlie,qradar,logiq,powershell,grep,ee-outliers,elastalert,es-qs,es-dsl,logpoint,sumologic}] [--lists] [--config CONFIG] [--output OUTPUT] [--backend-option BACKEND_OPTION] [--backend-config BACKEND_CONFIG] [--defer-abort] [--ignore-backend-errors] [--verbose] [--debug] [inputs [inputs ...]] sigmac: error: unrecognized arguments: --target-list ```` --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 10f0df4b..ebc0f2b6 100644 --- a/README.md +++ b/README.md @@ -206,7 +206,7 @@ tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/window Current work-in-progress * [Splunk Data Models](https://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Aboutdatamodels) -New targets are continuously developed. You can get a list of supported targets with `sigmac --target-list` or `sigmac -l`. +New targets are continuously developed. You can get a list of supported targets with `sigmac --lists` or `sigmac -l`. ### Requirements @@ -350,4 +350,4 @@ This is a private project mainly developed by Florian Roth and Thomas Patzke wit ![sigmac_info_graphic](./images/sigma_infographic_lq.png) ## Coverage Illustration -![sigmac_coverage](./images/Sigma_Coverage.png) \ No newline at end of file +![sigmac_coverage](./images/Sigma_Coverage.png) From 904716771a98e7c68d20e1b642073788309c17f2 Mon Sep 17 00:00:00 2001 From: gamma37 Date: Mon, 18 May 2020 10:03:34 +0200 Subject: [PATCH 327/714] Create a new rule to detect "Create Account" --- .../auditd/lnx_auditd_create_account.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 rules/linux/auditd/lnx_auditd_create_account.yml diff --git a/rules/linux/auditd/lnx_auditd_create_account.yml b/rules/linux/auditd/lnx_auditd_create_account.yml new file mode 100644 index 00000000..c9a18eac --- /dev/null +++ b/rules/linux/auditd/lnx_auditd_create_account.yml @@ -0,0 +1,22 @@ +title: Creation Of An User Account +id: 759d0d51-bc99-4b5e-9add-8f5b2c8e7512 +status: experimental +description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system" +references: + - 'MITRE Attack technique T1136; Create Account ' +date: 2020/05/18 +tags: + - attack.T1136 + - attack.persistence +author: Marie Euler +logsource: + product: linux + service: auditd +detection: + selection: + type: 'SYSCALL' + exe: '*/useradd' + condition: selection +falsepositives: + - Admin activity +level: medium From cbf06b1e43dc523885c3107fb35ffcc88c20e735 Mon Sep 17 00:00:00 2001 From: gamma37 Date: Mon, 18 May 2020 10:11:32 +0200 Subject: [PATCH 328/714] lowercased tag --- rules/linux/auditd/lnx_auditd_create_account.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/auditd/lnx_auditd_create_account.yml b/rules/linux/auditd/lnx_auditd_create_account.yml index c9a18eac..14be30c0 100644 --- a/rules/linux/auditd/lnx_auditd_create_account.yml +++ b/rules/linux/auditd/lnx_auditd_create_account.yml @@ -6,7 +6,7 @@ references: - 'MITRE Attack technique T1136; Create Account ' date: 2020/05/18 tags: - - attack.T1136 + - attack.t1136 - attack.persistence author: Marie Euler logsource: From 55eec46932d99c18baf8c0aed86d4bf470ef1f6e Mon Sep 17 00:00:00 2001 From: gamma37 Date: Mon, 18 May 2020 11:25:18 +0200 Subject: [PATCH 329/714] Create a rule for "suspicious activities" --- .../auditd/lnx_auditd_susp_C2_commands.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/linux/auditd/lnx_auditd_susp_C2_commands.yml diff --git a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml new file mode 100644 index 00000000..2ba6f3b7 --- /dev/null +++ b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml @@ -0,0 +1,26 @@ +title: Suspicious C2 Activities +id: f7158a64-6204-4d6d-868a-6e6378b467e0 +status: experimental +description: Detects suspicious activities as declared by Florian Roth in its 'Best Practice Auditd Configuration'. + This includes the detection of the following commands; wget, curl, base64, nc, netcat, ncat, ssh, socat, wireshark, rawshark, rdesktop, nmap + These commands match a few techniques from the tactics "Command and Control", including not exhaustively the following; + Application Layer Protocol (T1071) + Non-Application Layer Protocol (T1095) + Data Encoding (T1132) +references: + - 'https://github.com/Neo23x0/auditd' +date: 2020/05/18 +tags: + - attack.command_and_control +author: Marie Euler +logsource: + product: linux + service: auditd +detection: + selection: + key : + - 'susp_activity' + condition: selection +falsepositives: + - Admin or User activity +level: medium From 71c507d8a95b43e45d435c1e70a51f964655f12c Mon Sep 17 00:00:00 2001 From: gamma37 Date: Mon, 18 May 2020 11:34:53 +0200 Subject: [PATCH 330/714] remove space bedore colon --- rules/linux/auditd/lnx_auditd_susp_C2_commands.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml index 2ba6f3b7..ead90e0b 100644 --- a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml +++ b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml @@ -18,7 +18,7 @@ logsource: service: auditd detection: selection: - key : + key: - 'susp_activity' condition: selection falsepositives: From e89613aee0930cac0ac123dc5e881cb2032b96b2 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 18 May 2020 07:19:06 -0400 Subject: [PATCH 331/714] add some false positives checks --- .../windows/sysmon/sysmon_webshell_creation_detect.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 2824f16f..88af94d5 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -6,7 +6,7 @@ references: - PT ESC rule and personal experience author: Beyu Denis, oscd.community date: 2019/10/22 -modified: 2019/11/04 +modified: 2020/05/18 tags: - attack.persistence - attack.t1100 @@ -36,8 +36,10 @@ detection: - TargetFilename|contains|all: - '\cgi-bin\' - '.pl' - condition: selection_1 and ( selection_2 and selection_3 ) or - selection_1 and ( selection_4 and selection_5 ) or - selection_1 and selection_6 + false_positives: # false positives when unpacking some executables in $TEMP + TargetFilename|contains: + - '\AppData\Local\Temp\' + - '\Windows\Temp\' + condition: selection_1 and not false_positives and (( selection_2 and selection_3 ) or ( selection_4 and selection_5 ) or selection_6) falsepositives: - Legitimate administrator or developer creating legitimate executable files in a web application folder From 088800cd18f7e0be9c4c41df2b0baac0f0d93644 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 18 May 2020 09:39:48 -0400 Subject: [PATCH 332/714] fix rule due to sigmac bug? --- rules/windows/sysmon/sysmon_webshell_creation_detect.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 88af94d5..ef9bdced 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -40,6 +40,8 @@ detection: TargetFilename|contains: - '\AppData\Local\Temp\' - '\Windows\Temp\' - condition: selection_1 and not false_positives and (( selection_2 and selection_3 ) or ( selection_4 and selection_5 ) or selection_6) + # kind of ugly but sigmac seems not to handle double parenthesis "((" + # we shold prefer something like : selection_1 and not false_positives and ((selection_2 and selection_3) or (selection_4 and selection_5) or selection_6) + condition: (selection_1 and selection_2 and selection_3 and not false_positives) or (selection_1 and selection_4 and selection_5 and not false_positives) or (selection_1 and selection_6 and not false_positives) falsepositives: - Legitimate administrator or developer creating legitimate executable files in a web application folder From 1aa97fe577f4399f17df48fb39e588e5c7a703ab Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 18 May 2020 10:03:18 -0400 Subject: [PATCH 333/714] flake 8 --- rules/windows/sysmon/sysmon_webshell_creation_detect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index ef9bdced..7f94a425 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -42,6 +42,6 @@ detection: - '\Windows\Temp\' # kind of ugly but sigmac seems not to handle double parenthesis "((" # we shold prefer something like : selection_1 and not false_positives and ((selection_2 and selection_3) or (selection_4 and selection_5) or selection_6) - condition: (selection_1 and selection_2 and selection_3 and not false_positives) or (selection_1 and selection_4 and selection_5 and not false_positives) or (selection_1 and selection_6 and not false_positives) + condition: (selection_1 and selection_2 and selection_3 and not false_positives) or (selection_1 and selection_4 and selection_5 and not false_positives) or (selection_1 and selection_6 and not false_positives) falsepositives: - Legitimate administrator or developer creating legitimate executable files in a web application folder From 08c32c9dfc5d096a49e42c6a06e4571edb3841f6 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 18 May 2020 17:04:59 +0200 Subject: [PATCH 334/714] rule: godmode rule v0.3 --- other/godmode_sigma_rule.yml | 150 +++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 other/godmode_sigma_rule.yml diff --git a/other/godmode_sigma_rule.yml b/other/godmode_sigma_rule.yml new file mode 100644 index 00000000..e238ab19 --- /dev/null +++ b/other/godmode_sigma_rule.yml @@ -0,0 +1,150 @@ +# _____ __ __ ___ __ +# / ___/__ ___/ / / |/ /__ ___/ /__ +# / (_ / _ \/ _ / / /|_/ / _ \/ _ / -_) +# \___/\___/\_,_/ /_/ /_/\___/\_,_/\__/_ +# / __(_)__ ___ _ ___ _ / _ \__ __/ /__ +# _\ \/ / _ `/ ' \/ _ `/ / , _/ // / / -_) +# /___/_/\_, /_/_/_/\_,_/ /_/|_|\_,_/_/\__/ +# /___/ +# +# Florian Roth +# May 2020 +# v0.3 +# +# A Proof-of-Concept with the most effective search queries + +title: Godmode Sigma Rule +id: def6caac-a999-4fc9-8800-cfeff700ba98 +description: 'PoC rule to detect malicious activity - following the principle: if you had only one shot, what would you look for?' +status: experimental +author: Florian Roth +date: 2019/12/22 +modified: 2020/05/18 +level: high +action: global +--- +logsource: + category: process_creation + product: windows +detection: + # Different suspicious or malicious command line parameters + selection_plain: + CommandLine|contains: + - ' -NoP ' # Often used in malicious PowerShell commands + - ' -W Hidden ' # Often used in malicious PowerShell commands + - ' -decode ' # Used with certutil + - ' /decode ' # Used with certutil + - ' -e* JAB' # PowerShell encoded commands + - ' -e* SUVYI' # PowerShell encoded commands + - ' -e* SQBFAFgA' # PowerShell encoded commands + - ' -e* aWV4I' # PowerShell encoded commands + - ' -e* IAB' # PowerShell encoded commands + - ' -e* PAA' # PowerShell encoded commands + - ' -e* aQBlAHgA' # PowerShell encoded commands + - 'vssadmin delete shadows' # Ransomware + - 'reg SAVE HKLM\SAM' # save registry SAM - syskey extraction + - ' -ma ' # ProcDump + - 'Microsoft\Windows\CurrentVersion\Run' # Run key in command line - often in combination with REG ADD + - '.downloadstring(' # PowerShell download command + - '.downloadfile(' # PowerShell download command + - ' /ticket:' # Rubeus + - ' sekurlsa' # Mimikatz + - ' p::d ' # Mimikatz + - ';iex(' # PowerShell IEX + - 'schtasks* /create *AppData' # Scheduled task creation pointing to AppData + - ' comsvcs.dll,MiniDump' # Process dumping method apart from procdump + - ' comsvcs.dll,#24' # Process dumping method apart from procdump + selection_parent_child: + ParentImage|contains: + # Office Dropper Detection + - '\WINWORD.EXE' + - '\EXCEL.EXE' + - '\POWERPNT.exe' + - '\MSPUB.exe' + - '\VISIO.exe' + - '\OUTLOOK.EXE' + Image|contains: + - '\cmd.exe' + - '\powershell.exe' + - '\wscript.exe' + - '\cscript.exe' + - '\schtasks.exe' + - '*\scrcons.exe' + - '\regsvr32.exe' + - '\hh.exe' + - '\wmic.exe' + - '\mshta.exe' + - '\msiexec.exe' + - '\forfiles.exe' + - '\AppData\' + selection_webshells: + Image|contains: + - '\apache*' + - '\tomcat*' + - '\w3wp.exe' + - '\php-cgi.exe' + - '\nginx.exe' + - '\httpd.exe' + CommandLine|contains: + - 'whoami' + - 'net user ' + - 'ping -n ' + - 'systeminfo' + - '&cd&echo' + - 'cd /d ' # https://www.computerhope.com/cdhlp.htm + # Running whoami as LOCAL_SYSTEM (usually after privilege escalation) + selection_whoami: + Image|contains: '\whoami.exe' + User: 'NT AUTHORITY\SYSTEM' + condition: 1 of them +--- +logsource: + product: windows + service: sysmon +detection: + selection_file_creation: + EventID: 11 + TargetFileName|contains: + - '.dmp' # dump process memory + - 'Desktop\how' # Ransomware + - 'Desktop\decrypt' # Ransomware + selection_registry_modifications: + EventID: + - 12 + - 13 + TargetObject|contains: + - 'UserInitMprLogonScript' # persistence + - '\CurrentVersion\Image File Execution Options\' # persistence + selection_registry_run: + EventID: + - 12 + - 13 + TargetObject|contains: + - '\Microsoft\Windows\CurrentVersion\Run\' # persistence + - '\Microsoft\Windows\CurrentVersion\RunOnce\' # persistence + Details|contains: + - 'AppData' + - '\Users\Public\' + - '\Temp\' + - 'powershell' + - 'wscript' + - 'cscript' + condition: 1 of them +--- +logsource: + product: windows + service: system +detection: + # Malicious service installs + selection: + EventID: 7045 + ServiceName|contains: + - 'WCESERVICE' + - 'WCE SERVICE' + - 'winexesvc' + - 'DumpSvc' + - 'pwdump' + - 'gsecdump' + - 'cachedump' + condition: + 1 of them \ No newline at end of file From 63238fd661fd4fd9089b6ff9c69a133f55e325ea Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 18 May 2020 18:34:30 +0200 Subject: [PATCH 335/714] docs: missed the reference --- other/godmode_sigma_rule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/other/godmode_sigma_rule.yml b/other/godmode_sigma_rule.yml index e238ab19..218e0484 100644 --- a/other/godmode_sigma_rule.yml +++ b/other/godmode_sigma_rule.yml @@ -5,7 +5,7 @@ # / __(_)__ ___ _ ___ _ / _ \__ __/ /__ # _\ \/ / _ `/ ' \/ _ `/ / , _/ // / / -_) # /___/_/\_, /_/_/_/\_,_/ /_/|_|\_,_/_/\__/ -# /___/ +# /___/ IDDQD # # Florian Roth # May 2020 From 0dd089db47e4f7a86f3573a481a67eabb2a234de Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 18 May 2020 20:29:53 -0400 Subject: [PATCH 336/714] various rules cleaning --- ...sysmon_susp_office_dotnet_assembly_dll_load.yml | 10 +++++----- .../sysmon_susp_office_dotnet_gac_dll_load.yml | 10 +++++----- .../sysmon_susp_office_kerberos_dll_load.yml | 10 +++++----- .../sysmon/sysmon_susp_winword_vbadll_load.yml | 14 +++++++------- .../sysmon_svchost_dll_search_order_hijack.yml | 5 +---- 5 files changed, 23 insertions(+), 26 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 6017a716..1c63a4c5 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*C:\Windows\assembly\*' + - 'C:\Windows\assembly\*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index a0f3ddae..354d7e8a 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' + - 'C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index 86aedc7e..77aaf326 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*\kerberos.dll*' + - '*\kerberos.dll' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index b371692e..c792c8c2 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -16,14 +16,14 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*\VBE7.DLL*' - - '*\VBEUI.DLL*' - - '*\VBE7INTL.DLL*' + - '*\VBE7.DLL' + - '*\VBEUI.DLL' + - '*\VBE7INTL.DLL' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml index ef3fc978..9dbbf96a 100644 --- a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml @@ -27,12 +27,9 @@ detection: - '*\tsvipsrv.dll' - '*\wlbsctrl.dll' filter: - EventID: 7 - Image: - - '*\svchost.exe' ImageLoaded: - 'C:\Windows\WinSxS\*' condition: selection and not filter falsepositives: - Pentest -level: high \ No newline at end of file +level: high From 2fc8d513d6bab5e194271a20e544b42f3d921878 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:35:30 -0400 Subject: [PATCH 337/714] zeek, swap `path` and `name` --- rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml | 4 ++-- .../zeek/zeek_smb_converted_win_impacket_secretdump.yml | 4 ++-- rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml | 6 +++--- rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml | 4 ++-- .../zeek_smb_converted_win_susp_raccess_sensitive_fext.yml | 2 +- ...onverted_win_transferring_files_with_credential_data.yml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml index 69ef0801..17a3704f 100644 --- a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml +++ b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml @@ -16,8 +16,8 @@ logsource: service: smb_files detection: selection: - name: \\*\IPC$ - path: atsvc + path: \\*\IPC$ + name: atsvc #Accesses: '*WriteData*' condition: selection falsepositives: diff --git a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml index 35552f34..16e2f318 100644 --- a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml +++ b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml @@ -13,8 +13,8 @@ logsource: service: smb_files detection: selection: - name: '\\*ADMIN$' - path: '*SYSTEM32\\*.tmp' + path: '\\*ADMIN$' + name: '*SYSTEM32\\*.tmp' condition: selection falsepositives: - 'unknown' diff --git a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml index 1b0b92b5..eecef7a9 100644 --- a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml +++ b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml @@ -14,10 +14,10 @@ logsource: service: smb_files detection: selection1: - name: \\*\IPC$ + path: \\*\IPC$ selection2: - name: \\*\IPC$ - path: + path: \\*\IPC$ + name: - 'atsvc' - 'samr' - 'lsarpc' diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml index 2086a287..044d6f96 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml @@ -13,8 +13,8 @@ logsource: service: smb_files detection: selection1: - name: \\*\IPC$ - path: + path: \\*\IPC$ + name: - '*-stdin' - '*-stdout' - '*-stderr' diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index 95045f9d..fa7f41f0 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -11,7 +11,7 @@ logsource: service: smb_files detection: selection: - path: + name: - '*.pst' - '*.ost' - '*.msg' diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml index 7724e097..060189f4 100644 --- a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -13,7 +13,7 @@ logsource: service: smb_files detection: selection: - path: + name: - '\mimidrv' - '\lsass' - '\windows\minidump\' From 858ebcd3d3d1fa7b3c019797cf9624e8820bbf82 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:35:47 -0400 Subject: [PATCH 338/714] author typo update --- rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml | 2 +- rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml index a4494f03..4e79ed02 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml @@ -1,7 +1,7 @@ title: MITRE BZAR Indicators for ATT&CK Execution id: b640c0b8-87f8-4daa-aef8-95a24261dd1d description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Execution techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' -author: '@neu5ron, @SOC_Prime' +author: '@neu5ron, SOC Prime' date: 2020/03/19 references: - https://github.com/mitre-attack/bzar#indicators-for-attck-execution diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml index cfeffe91..3cce80d4 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml @@ -1,7 +1,7 @@ title: MITRE BZAR Indicators for ATT&CK Persistence id: 53389db6-ba46-48e3-a94c-e0f2cefe1583 description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Persistence techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' -author: '@neu5ron, @SOC_Prime' +author: '@neu5ron, SOC Prime' date: 2020/03/19 references: - https://github.com/mitre-attack/bzar#indicators-for-attck-persistence From effb2a833713afba2902c5a03dc316207b2e6b25 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:41:00 -0400 Subject: [PATCH 339/714] add exe webdav download --- .../proxy_executable_download_from_webdav.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 rules/proxy/proxy_executable_download_from_webdav.yml diff --git a/rules/proxy/proxy_executable_download_from_webdav.yml b/rules/proxy/proxy_executable_download_from_webdav.yml new file mode 100644 index 00000000..7c18c8e8 --- /dev/null +++ b/rules/proxy/proxy_executable_download_from_webdav.yml @@ -0,0 +1,25 @@ +title: Executable from Webdav +description: "Detects executable access via webdav6. Can be seen in APT 29 such as from the emulated APT 29 hackathon https://github.com/OTRF/detection-hackathon-apt29/" +id: aac2fd97-bcba-491b-ad66-a6edf89c71bf +author: 'SOC Prime, Adam Swan' +references: + - http://carnal0wnage.attackresearch.com/2012/06/webdav-server-to-download-custom.html + - https://github.com/OTRF/detection-hackathon-apt29 +tags: + - attack.command_and_control + - attack.T1043 +logsource: + category: proxy +date: 2020/05/01 +detection: + selection_webdav: + - c-useragent: '*WebDAV*' + - c-uri: '*webdav*' + selection_executable: + - resp_mime_types: '*dosexec*' + - c-uri: '*.exe' + condition: selection_webdav AND selection_executable +falsepositives: + - unknown +level: medium +status: experimental \ No newline at end of file From e975d3fd14f2a241c536b0b0773639694a985b5c Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:41:08 -0400 Subject: [PATCH 340/714] domain user enumeration via zeek rpc (dce_rpc) log. --- .../zeek-dce_rpc_domain_user_enumeration.yml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml diff --git a/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml new file mode 100644 index 00000000..bfaa398f --- /dev/null +++ b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml @@ -0,0 +1,35 @@ +title: Domain User Enumeration Network Recon 01 +description: Domain user and group enumeration via network reconnaissance. Seen in APT 29 and other common tactics and actors. Detects a set of RPC (remote procedure calls) used to enumerate a domain controller. The rule was created based off the datasets and hackathon from https://github.com/OTRF/detection-hackathon-apt29 +id: 66a0bdc6-ee04-441a-9125-99d2eb547942 +references: + - "https://github.com/OTRF/detection-hackathon-apt29" + - "https://github.com/OTRF/detection-hackathon-apt29/issues/37" +author: 'Nate Guagenti (@neu5ron), Open Threat Research (OTR)' +date: 2020/05/03 +modified: 2020/05/03 +tags: + - attack.discovery + - attack.t1087 + - attack.t1082 +logsource: + product: zeek + service: dce_rpc +detection: + selection: + operation: + #- LsarEnumerateTrustedDomains #potentially too many FPs, removing. caused by netlogon + #- SamrEnumerateDomainsInSamServer #potentially too many FPs, removing. #method obtains a listing of all domains hosted by the server side of this protocol. This value is a cookie that the server can use to continue an enumeration on a subsequent call + - LsarLookupNames3 #method translates a batch of security principal names to their SID form + - LsarLookupSids3 #translates a batch of security principal SIDs to their name forms + - SamrGetGroupsForUser #obtains a listing of groups that a user is a member of + - SamrLookupIdsInDomain #method translates a set of RIDs into account names + - SamrLookupNamesInDomain #method translates a set of account names into a set of RIDs + - SamrQuerySecurityObject #method queries the access control on a server, domain, user, group, or alias object + - SamrQueryInformationGroup #obtains attributes from a group object + timeframe: 30s + condition: selection | count(operation) by src_ip > 4 +falsepositives: + - Devices that may do authentication like a VPN or a firewall that looksup IPs to username + - False positives depend on scripts and administrative tools used in the monitored environment +level: medium +status: experimental \ No newline at end of file From 177f0a783bd2d3502307e486118649f1c0f15d73 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:58:51 -0400 Subject: [PATCH 341/714] winlogbeat forward (at a snails pace) ECS field names --- tools/config/winlogbeat-modules-enabled.yml | 26 +++++++++++++++++++-- tools/config/winlogbeat-old.yml | 1 + tools/config/winlogbeat.yml | 20 ++++++++++++++++ 3 files changed, 45 insertions(+), 2 deletions(-) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index d063ff73..2acf480e 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -58,6 +58,7 @@ fieldmappings: AuthenticationPackageName: winlog.event_data.AuthenticationPackageName CallingProcessName: winlog.event_data.CallingProcessName CallTrace: winlog.event_data.CallTrace + Channel: winlog.channel CommandLine: process.args ComputerName: winlog.computer_name ContextInfo: winlog.event_data.ContextInfo @@ -65,8 +66,10 @@ fieldmappings: Description: winlog.event_data.Description DestinationHostname: destination.domain DestinationIp: destination.ip + dst_ip: destination.ip #DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 DestinationPort: destination.port + dst_port: destination.port DestinationPortName: network.protocol Details: winlog.event_data.Details EngineVersion: winlog.event_data.EngineVersion @@ -74,8 +77,12 @@ fieldmappings: FailureCode: winlog.event_data.FailureCode FileName: file.path GrantedAccess: winlog.event_data.GrantedAccess - GroupName: winlog.event_data.GroupName - GroupSid: winlog.event_data.GroupSid + GroupName: + - winlog.event_data.GroupName + - group.name + GroupSid: + - group.id + - winlog.event_data.GroupSid Hashes: winlog.event_data.Hashes HiveName: winlog.event_data.HiveName HostVersion: winlog.event_data.HostVersion @@ -112,7 +119,9 @@ fieldmappings: SourceHostname: source.domain SourceImage: process.executable SourceIp: source.ip + src_ip: source.ip SourcePort: source.port + src_port: source.port #SourceIsIpv6: winlog.event_data.SourceIsIpv6 #=gets deleted and not boolean...https://github.com/elastic/beats/blob/71eee76e7cfb8d5b18dfacad64864370ddb14ce7/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js#L278-L279 StartModule: winlog.event_data.StartModule Status: winlog.event_data.Status @@ -129,3 +138,16 @@ fieldmappings: TargetUserSid: user.id User: user.name WorkstationName: source.domain + # Channel: WLAN-Autoconfig AND EventID: 8001 + AuthenticationAlgorithm: winlog.event_data.AuthenticationAlgorithm + BSSID: winlog.event_data.BSSID + BSSType: winlog.event_data.BSSType + CipherAlgorithm: winlog.event_data.CipherAlgorithm + ConnectionId: winlog.event_data.ConnectionId + ConnectionMode: winlog.event_data.ConnectionMode + InterfaceDescription: winlog.event_data.InterfaceDescription + InterfaceGuid: winlog.event_data.InterfaceGuid + OnexEnabled: winlog.event_data.OnexEnabled + PHYType: winlog.event_data.PHYType + ProfileName: winlog.event_data.ProfileName + SSID: winlog.event_data.SSID diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index d73221f5..f840408b 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -57,6 +57,7 @@ fieldmappings: AuthenticationPackageName: event_data.AuthenticationPackageName CallingProcessName: event_data.CallingProcessName CallTrace: event_data.CallTrace + Channel: winlog.channel CommandLine: event_data.CommandLine ComputerName: computer_name ContextInfo: event_data.ContextInfo diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index d6e0cacb..91921ff6 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -57,6 +57,7 @@ fieldmappings: AuthenticationPackageName: winlog.event_data.AuthenticationPackageName CallingProcessName: winlog.event_data.CallingProcessName CallTrace: winlog.event_data.CallTrace + Channel: winlog.channel CommandLine: winlog.event_data.CommandLine ComputerName: winlog.computer_name ContextInfo: winlog.event_data.ContextInfo @@ -64,8 +65,10 @@ fieldmappings: Description: winlog.event_data.Description DestinationHostname: winlog.event_data.DestinationHostname DestinationIp: winlog.event_data.DestinationIp + dst_ip: winlog.event_data.DestinationIp DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 DestinationPort: winlog.event_data.DestinationPort + dst_port: winlog.event_data.DestinationPort Details: winlog.event_data.Details EngineVersion: winlog.event_data.EngineVersion EventType: winlog.event_data.EventType @@ -107,6 +110,10 @@ fieldmappings: Signature: winlog.event_data.Signature Source: winlog.event_data.Source SourceImage: winlog.event_data.SourceImage + SourceIp: winlog.event_data.SourceIp + src_ip: winlog.event_data.SourceIp + SourcePort: winlog.event_data.SourcePort + src_port: winlog.event_data.SourcePort StartModule: winlog.event_data.StartModule Status: winlog.event_data.Status SubjectUserName: winlog.event_data.SubjectUserName @@ -118,3 +125,16 @@ fieldmappings: TicketOptions: winlog.event_data.TicketOptions User: winlog.event_data.User WorkstationName: winlog.event_data.WorkstationName + # Channel: WLAN-Autoconfig AND EventID: 8001 + AuthenticationAlgorithm: winlog.event_data.AuthenticationAlgorithm + BSSID: winlog.event_data.BSSID + BSSType: winlog.event_data.BSSType + CipherAlgorithm: winlog.event_data.CipherAlgorithm + ConnectionId: winlog.event_data.ConnectionId + ConnectionMode: winlog.event_data.ConnectionMode + InterfaceDescription: winlog.event_data.InterfaceDescription + InterfaceGuid: winlog.event_data.InterfaceGuid + OnexEnabled: winlog.event_data.OnexEnabled + PHYType: winlog.event_data.PHYType + ProfileName: winlog.event_data.ProfileName + SSID: winlog.event_data.SSID \ No newline at end of file From 49f68a327a88bf7c6d527e12885941c894670619 Mon Sep 17 00:00:00 2001 From: Tatsuya Ito Date: Tue, 19 May 2020 18:00:50 +0900 Subject: [PATCH 342/714] enhancement rule --- rules/windows/builtin/win_alert_ad_user_backdoors.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_alert_ad_user_backdoors.yml b/rules/windows/builtin/win_alert_ad_user_backdoors.yml index 217b73a4..d29647c1 100644 --- a/rules/windows/builtin/win_alert_ad_user_backdoors.yml +++ b/rules/windows/builtin/win_alert_ad_user_backdoors.yml @@ -19,6 +19,8 @@ logsource: detection: selection1: EventID: 4738 + filter_null: + AllowedToDelegateTo: null filter1: AllowedToDelegateTo: - null @@ -33,7 +35,7 @@ detection: selection4: EventID: 5136 AttributeLDAPDisplayName: 'msDS-AllowedToActOnBehalfOfOtherIdentity' - condition: (selection1 and not 1 of filter*) or selection2 or selection3 or selection4 + condition: (selection1 and not filter1 and not filter_null) or selection2 or selection3 or selection4 falsepositives: - Unknown level: high From 9e272d37b7cd53b73885bd84db98c325de732333 Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 05:02:45 -0400 Subject: [PATCH 343/714] zeek category update and minor field updates --- tools/config/arcsight-zeek.yml | 20 +- tools/config/ecs-zeek-corelight.yml | 299 +++++++++--------- .../ecs-zeek-elastic-beats-implementation.yml | 214 +++++-------- tools/config/logstash-zeek-default-json.yml | 19 +- tools/config/splunk-zeek.yml | 24 +- 5 files changed, 263 insertions(+), 313 deletions(-) diff --git a/tools/config/arcsight-zeek.yml b/tools/config/arcsight-zeek.yml index 2454ed45..08050e8f 100644 --- a/tools/config/arcsight-zeek.yml +++ b/tools/config/arcsight-zeek.yml @@ -15,12 +15,14 @@ logsources: service: syslog zeek-category-firewall: category: firewall - conditions: - deviceEventCategory: conn + rewrite: + product: zeek + service: conn zeek-category-dns: category: dns - conditions: - deviceEventCategory: dns + rewrite: + product: zeek + service: dns zeek-category-proxy: category: proxy rewrite: @@ -28,8 +30,6 @@ logsources: service: http zeek-category-webserver: category: webserver - conditions: - deviceEventCategory: http rewrite: product: zeek service: http @@ -321,7 +321,6 @@ fieldmappings: - destinationDnsDomain - destinationHost # All Logs Applied Mapping & Taxonomy - clientip: sourceAddress dst: destinationAddress dst_ip: destinationAddress dst_port: destinationPort @@ -1050,4 +1049,9 @@ fieldmappings: - sourceAddress san.uri: - requestUrl - - requestUrlQuery \ No newline at end of file + - requestUrlQuery + # Few other variations of names from zeek source itself + id_orig_h: sourceAddress + id_orig_p: sourcePort + id_resp_h: destinationAddress + id_resp_p: destinationPort \ No newline at end of file diff --git a/tools/config/ecs-zeek-corelight.yml b/tools/config/ecs-zeek-corelight.yml index f43b354a..9d6a29e3 100644 --- a/tools/config/ecs-zeek-corelight.yml +++ b/tools/config/ecs-zeek-corelight.yml @@ -27,24 +27,24 @@ logsources: service: syslog zeek-category-firewall: category: firewall - conditions: - event.dataset: conn + rewrite: + product: zeek + service: conn zeek-category-dns: category: dns - conditions: - event.dataset: dns + rewrite: + product: zeek + service: dns zeek-category-proxy: category: proxy rewrite: - product: zeek - service: http + product: zeek + service: http zeek-category-webserver: category: webserver - conditions: - event.dataset: http rewrite: - product: zeek - service: http + product: zeek + service: http zeek-conn: product: zeek service: conn @@ -397,150 +397,134 @@ fieldmappings: uids: log.id.uids uuid: log.id.uuid # Overlapping fields/mappings (aka: shared fields) - action: - #- smb.action - - '*.action' - #service=smb_files: smb.action - #service=mqtt: mqtt.action - #service=tunnel: tunnel.action - addl: - #- weird.addl - - '*.addl' - #service=dns: dns.addl - #service=weird: weird.addl - analyzer: - #- dpd.analyzer - - '*.analyzer' - #service=dpd: dpd.analyzer - #service=files: files.analyzer - arg: - #- ftp.arg - - '*.arg' - #service=ftp: ftp.arg - #service=ftp: pop3.arg - #service=msqyl: mysql.arg + #_action + action: '*.action' + mqtt_action: smb.action + smb_action: smb.action + tunnel_action: tunnel.action + #_addl + addl: weird.addl + dns_addl: dns.addl + weird_addl: weird.addl + #_analyzer + analyzer: '*.analyzer' + dpd_analyzer: dpd.analyzer + files_analyzer: file.analyzer + #_arg + arg: '*.arg' + ftp_arg: ftp.arg + pop3_arg: pop3.arg + mysql_arg: mysql.arg + #_auth #auth: #service=rfb: rfb.auth #RFB does not exist in newer logs, so skipping to cover dns.auth - cipher: - #- kerberos.cipher - - '*.client' - #service=kerberos: kerberos.cipher - #service=ssl: tls.cipher - client: - #- ssh.client - - '*.client' - #service=kerberos: kerberos.client - #service=ssh: ssh.client - command: - #- ftp.command - - '*.command' - #service=pop3: pop3.command - #service=ftp: ftp.command - #service=irc: irc.command - date: - #- smtp.date - - '*.date' - #service=sip: sip.date - #service=smtp: smtp.date - duration: - - event.duration - #- '*.duration' - #service=conn: event.duration - #service=files: files.duration - #service=snmp: event.duration - from: - #- smtp.from - - '*.from' - #service=kerberos: kerberos.from - #service=smtp: smtp.from - is_orig: - - '*.is_orig' - #service=file: file.is_orig - #service=pop3: pop3.is_orig - local_orig: - - '*.local_orig' - #service=conn conn.local_orig - #service=files file.local_orig - method: - - http.request.method - #service=http: http.request.method - #service=sip: sip.method - msg: - - notice.msg - #service=notice: notice.msg - #service=pop3: pop3.msg - name: - - file.name - #- '*.name' - #service=smb_files: file.name - #service=software: software.name - #service=weird: weird.name - path: - - file.path - #- '*.path' - #service=smb_files: file.path - #service=smb_mapping: file.path - #service=smtp: smtp.path - reply_msg: - #- ftp.reply_msg - - '*.reply_msg' - #service=ftp: ftp.reply_msg - #service=radius: radius.reply_msg - reply_to: - #- smtp.reply_to - - '*.reply_to' - #service=sip: sip.reply_to - #service=smtp: smtp.reply_to - response_body_len: - - http.response.body.bytes - #service=http: http.response.body.bytes - #service=sip: sip.response_body_len - request_body_len: - - http.request.body.bytes - #service=http: http.response.body.bytes - #service=sip: sip.request_body_len - service: - #- kerberos.service - - '*.service' - #service=kerberos: kerberos.service - #service=smb_mapping: smb.service - status: - #- socks.status - - '*.status' - #service=pop3: pop3.status - #service=mqtt: mqtt.status - #service=socks: socks.status - status_code: - - 'http.response.status_code' - #service=http: http.response.status_code - #service=sip: sip.status_code - status_msg: - - http.status_msg - #- '*.status_msg' - #service=http: http.status_msg - #service=sip: sip.status_msg - subject: - #- smtp.subject - - '*.subject' - #service=known_certs: known_certs.subject - #service=sip: sip.subject - #service=smtp: smtp.subject - #service=ssl: tls.subject - trans_depth: - #- http.trans_depth - - '*.trans_depth' - #service=http: http.trans_depth - #service=sip: sip.trans_depth - #service=smtp: smtp.trans_depth - version: - #- tls.version - - '*.version' - #service=gquic: gquic.version - #service=ntp: ntp.version - #service=socks: socks.version - #service=snmp: snmp.version - #service=ssh: ssh.version - #service=tls: tls.version + dns_auth: dns.auth + rfb_auth: rfb.auth + #_cipher + cipher: tls.cipher + kerberos_cipher: kerberos.cipher + tls_cipher: tls.cipher + #_client + client: '*.client' + kerberos_client: kerberos.client + ssh_client: ssh.client + #_command + command: '*.command' + ftp_command: ftp.command + irc_command: ssh.client + pop3_command: pop3.command + #_date + date: '*.date' + sip_date: sip.date + smtp_date: smtp.date + #_duration + duration: event.duration + conn_duration: event.duration + files_duration: files.duration + snmp_duration: event.duration + #_from + from: '*.from' + kerberos_from: kerberos.from + smtp_from: smtp.from + #_is_orig + is_orig: '*.is_orig' + is_orig_file: file.is_orig + is_orig_pop3: pop3.is_orig + #_local_orig + local_orig: '*.local_orig' + conn_local_orig: conn.local_orig + files_local_orig: file.local_orig + #_method + method: http.request.method + http_method: http.request.method + sip_method: sip.method + #_msg + msg: notice.msg + notice_msg: notice.msg + pop3_msg: pop3.msg + #_name + name: file.name + smb_files_name: file.name + software_name: software.name + weird_name: weird.name + #_path + path: file.path + smb_files_path: file.path + smb_mapping_path: file.path + smtp_path: smtp.path + #_reply_msg + reply_msg: '*.reply_msg' + ftp_reply_msg: ftp.reply_msg + radius_reply_msg: radius.reply_msg + #_reply_to + reply_to: '*.reply_to' + sip_reply_to: sip.reply_to + smtp_reply_to: smtp.reply_to + #_response_body_len + response_body_len: http.response.body.bytes + http_response_body_len: http.response.body.bytes + sip_response_body_len: sip.response_body_len + #_request_body_len + request_body_len: http.request.body.bytes + http_request_body_len: http.response.body.bytes + sip_request_body_len: sip.response_body_len + #_service + service: '*.service' + kerberos_service: kerberos.service + smb_mapping_kerberos: smb.service + #_status + status: '*.status' + mqtt_status: mqtt.status + pop3_status: pop3.status + socks_status: socks.status + #_status_code + status_code: 'http.response.status_code' + http_status_code: http.response.status_code + sip_status_code: sip.status_code + #_status_msg + status_msg: http.status_msg + http_status_msg: http.status_msg + sip_status_msg: sip.status_msg + #_subject + subject: tls.subject + known_certs_subject: known_certs.subject + sip_subject: sip.subject + smtp_subject: smtp.subject + ssl_subject: tls.subject + #_trans_depth + trans_depth: '*.trans_depth' + http_trans_depth: http.trans_depth + sip_trans_depth: sip.trans_depth + smtp_trans_depth: smtp.trans_depth + #_version + version: '*.version' + gquic_version: gquic.version + http_version: http.version + ntp_version: ntp.version + socks_version: socks.version + snmp_version: snmp.version + ssh_version: ssh.version + tls_version: tls.version # Conn and Conn Long cache_add_rx_ev: conn.cache_add_rx_ev cache_add_rx_mpg: conn.cache_add_rx_mpg @@ -690,6 +674,7 @@ fieldmappings: uri_vars: http.uri_vars #user_agent: user_agent.original #username: source.user.name + #version: http.version # Intel file_mime_type: file.mime_type file_desc: intel.file_desc @@ -1063,10 +1048,12 @@ fieldmappings: san.email: x509.san.email san.ip: x509.san.ip san.uri: x509.san.url - # Temporary one off rule name's people have written - agent.version: version - c-cookie: http.cookie_vars - c-ip: source.ip + # Few other variations of names from zeek source itself + id_orig_h: source.ip + id_orig_p: source.port + id_resp_h: destination.ip + id_resp_p: destination.port + # Temporary one off rule name fields cs-uri: url.original clientip: source.ip clientIP: source.io diff --git a/tools/config/ecs-zeek-elastic-beats-implementation.yml b/tools/config/ecs-zeek-elastic-beats-implementation.yml index e7121f98..cd999bb5 100644 --- a/tools/config/ecs-zeek-elastic-beats-implementation.yml +++ b/tools/config/ecs-zeek-elastic-beats-implementation.yml @@ -13,8 +13,6 @@ logsources: zeek: product: zeek index: 'filebeat*' - #'*ecs-corelight*' - #'*ecs-zeek-* zeek-category-accounting: category: accounting rewrite: @@ -22,12 +20,14 @@ logsources: service: syslog zeek-category-firewall: category: firewall - conditions: - event.dataset: zeek.connection + rewrite: + product: zeek + service: conn zeek-category-dns: category: dns - conditions: - event.dataset: zeek.dns + rewrite: + product: zeek + service: dns zeek-category-proxy: category: proxy rewrite: @@ -35,8 +35,6 @@ logsources: service: http zeek-category-webserver: category: webserver - conditions: - event.dataset: zeek.http rewrite: product: zeek service: http @@ -356,135 +354,84 @@ fieldmappings: #user_agent: user_agent.original #vlan: network.vlan.id # Not implemented by Elastic (Beats) yet # Overlapping fields/mappings (aka: shared fields) - action: - - 'zeek.smb_files.action' - #service=tunnel: zeek.tunnel.action - #service=smb_files: zeek.smb_files.action - addl: - - 'zeek.weird.additional_info' - #service=dns: zeek.dns.addl - #service=weird: zeek.weird.additional_info - arg: - - 'zeek.*.arg' - auth: - - 'zeek.*.auth*' - #service=dns: zeek.dns.auth - #service=rfb: zeek.rfb.auth.success - cipher: - - 'zeek.*.cipher' - #service=kerberos: zeek.kerberos.cipher - #service=ssl: zeek.ssl.cipher - client: - - 'zeek.*.client*' - #service=kerberos: zeek.kerberos.cert.client.value - #service=ssh: zeek.ssh.client - command: - - 'zeek.*.command' - #service=ftp: zeek.ftp.command - #service=irc: zeek.irc.command - date: - - 'zeek.*.date' - #service=smtp: zeek.smtp.date - #service=sip: zeek.sip.date - duration: - #- event.duration - - '*.duration' - #service=conn: event.duration - #service=files: zeek.files.duration - #service=snmp: zeek.snmp.duration - from: - - 'zeek.*.from' - #service=smtp: zeek.smtp.from - #service=kerberos: zeek.kerberos.valid.from - is_orig: - - 'zeek.*.is_orig' - local_orig: - - 'zeek.*.local_orig' - method: - - http.request.method - #service=http: http.request.method - #service=sip: zeek.sip.sequence.method - name: - - 'zeek.smb_files.name' - #service=weird: zeek.weird.name - #service=smb_files: zeek.smb_files.name - path: - - 'zeek.*.path' - #service=smb_mapping: zeek.smb_mapping.path - #service=smb_files: zeek.smb_files.path - #service=smtp: zeek.smtp.path - password: - - 'zeek.*.password' - #service=ftp: zeek.ftp.password - #service=http: zeek.http.password - #service=socks: zeek.socks.password - reply_msg: - - 'zeek.*.reply*msg' - #service=ftp: zeek.ftp.reply.msg - #service=radius: zeek.radius.reply_msg - response_body_len: - - http.response.body.bytes - #service=http: http.response.body.bytes - #service=sip: zeek.sip.response_body_len - request_body_len: - - http.request.body.bytes - #service=http: http.response.body.bytes - #service=sip: zeek.sip.request_body_len - rtt: - #- event.duration - - 'zeek.*.rtt' - #service=dns: zeek.dns.rtt - #service=dce_rpc: zeek.dce_rpc.rtt - status_code: - - 'http.response.status_code' - #service=http: http.response.status_code - #service=sip: zeek.sip.status_code - status_msg: - - 'zeek.*status*msg' - #service=http: zeek.http.status_msg - #service=sip: zeek.sip.status.msg + action: 'zeek.smb_files.action' + mqtt_action: smb.action + smb_action: smb.action + tunnel_action: tunnel.action + addl: 'zeek.weird.additional_info' + dns_addl: zeek.dns.addl + weird_addl: zeek.weird.additional_info + arg: 'zeek.*.arg' + ftp_arg: zeek.ftp.arg + mysql_arg: zeek.mysql.arg + pop3_arg: zeek.pop3.arg + auth: 'zeek.*.auth*' + cipher: 'zeek.*.cipher' + kerberos_cipher: zeek.kerberos.cipher + ssl_cipher: zeek.ssl.cipher + tls_cipher: zeek.ssl.cipher + client: 'zeek.*.client*' + command: 'zeek.*.command' + ftp_command: zeek.irc.command + irc_command: zeek.ftp.command + pop3_command: zeek.pop3.command + date: 'zeek.*.date' + duration: event.duration + from: 'zeek.*.from' + kerberos_from: zeek.smtp.from + smtp_from: zeek.kerberos.valid.from + is_orig: 'zeek.*.is_orig' + local_orig: 'zeek.*.local_orig' + method: http.request.method + http_method: http.request.method + sip_method: zeek.sip.sequence.method + name: 'zeek.smb_files.name' + smb_files_name: zeek.smb_files.name + software_name: zeek.software.name + weird_name: zeek.weird.name + path: 'zeek.*.path' + smb_mapping_path: zeek.smb_mapping.path + smb_files_path: zeek.smb_files.path + smtp_files_path: zeek.smtp.path + password: 'zeek.*.password' + reply_msg: 'zeek.*.reply*msg' + reply_to: 'zeek.*.reply_to' + response_body_len: http.response.body.bytes + request_body_len: http.request.body.bytes + rtt: event.duration + status_code: 'http.response.status_code' + status_msg: 'zeek.*status*msg' + #_service: + service: 'zeek.*.service' + kerberos_service: zeek.kerberos.service + smb_mapping_kerberos: zeek.smb_mapping.service + #_subject: subject: - 'zeek.*.subject' - #service=sip: zeek.sip.subject - #service=ssl: zeek.ssl.subject - service: - - 'zeek.*.service' - #service=kerberos: zeek.kerberos.service - #service=smb_mapping: zeek.smb_mapping.service - - 'zeek.*.reply_to' - #service=sip: zeek.sip.reply_to - #service=smtp: zeek.smtp.reply_to - trans_depth: - - 'zeek.*.trans*depth' - #service=smtp: zeek.smtp.transaction_depth - #service=http: zeek.http.trans_depth - #service=sip: zeek.sip.transaction_depth - username: - - 'zeek.*.username' - #service=http: url.username - #service=notice: zeek.notice.username - #service=pop3: zeek.pop3.username - #service=radius: zeek.radius.username - uri: - - 'url.original' - #service=http: url.original - #service=sip: zeek.sip.uri - user: - - 'zeek.*user*' - #service=ftp: zeek.ftp.user.name - #service=irc: zeek.irc.user.name + known_certs_subject: zeek.known_certs.subject + sip_subject: zeek.sip.subject + smtp_subject: zeek.smtp.subject + ssl_subject: zeek.ssl.subject + trans_depth: 'zeek.*.trans*depth' + username: 'zeek.*.username' + uri: 'url.original' + user: 'zeek.*user*' + #_user_agent user_agent: - 'zeek.*user_agent*' - #service=http: user_agent.original - #service=guic: user_agent - #service=sip: zeek.sip.user_agent - #service=smtp: zeek.smtp.user_agent - version: - - 'zeek.*.version' - #service=snmp: zeek.snmp.version - #service=socks: zeek.socks.version - #service=ssh: zeek.ssh.version - #service=ssl: zeek.ssl.version + http_user_agent: user_agent.original + gquic_user_agent: zeek.gquic.user_agent + sip_user_agent: zeek.sip.user_agent + smtp_user_agent: zeek.smtp.user_agent + #_version + version: 'zeek.*.version' + gquic_version: zeek.gquic.version + http_version: http.version + ntp_version: zeek.ntp.version + socks_version: zeek.socks.version + snmp_version: zeek.snmp.version + ssh_version: zeek.ssh.version + tls_version: zeek.ssl.version # DNS matching Taxonomy & DNS Category answer: dns.answers.name question_length: labels.dns.query_length @@ -660,6 +607,7 @@ fieldmappings: uri_vars: zeek.http.uri_vars #user_agent: user_agent.original #username: source.user.name + #version: http.version # Intel file_mime_type: zeek.intel.mime_type file_desc: zeek.intel.file_desc diff --git a/tools/config/logstash-zeek-default-json.yml b/tools/config/logstash-zeek-default-json.yml index 67c22966..7f5f16ff 100644 --- a/tools/config/logstash-zeek-default-json.yml +++ b/tools/config/logstash-zeek-default-json.yml @@ -19,12 +19,14 @@ logsources: service: syslog zeek-category-firewall: category: firewall - conditions: - '@stream': conn + rewrite: + product: zeek + service: conn zeek-category-dns: category: dns - conditions: - '@stream': dns + rewrite: + product: zeek + service: dns zeek-category-proxy: category: proxy rewrite: @@ -32,8 +34,6 @@ logsources: service: http zeek-category-webserver: category: webserver - conditions: - '@stream': http rewrite: product: zeek service: http @@ -346,7 +346,12 @@ fieldmappings: cs-method: method cs-referrer: referrer cs-version: version - # Temporary one off rule name's people have written + # Few other variations of names from zeek source itself + id_orig_h: id.orig_h + id_orig_p: id.orig_p + id_resp_h: id.resp_h + id_resp_p: id.resp_p + # Temporary one off rule name fields agent.version: version c-cookie: cookie c-ip: id.orig_h diff --git a/tools/config/splunk-zeek.yml b/tools/config/splunk-zeek.yml index dd5d0852..c126b633 100644 --- a/tools/config/splunk-zeek.yml +++ b/tools/config/splunk-zeek.yml @@ -12,12 +12,14 @@ logsources: service: syslog zeek-category-firewall: category: firewall - conditions: - sourcetype: 'bro:conn:json' + rewrite: + product: zeek + service: conn zeek-category-dns: category: dns - conditions: - sourcetype: 'bro:dns:json' + rewrite: + product: zeek + service: dns zeek-category-proxy: category: proxy rewrite: @@ -25,16 +27,15 @@ logsources: service: http zeek-category-webserver: category: webserver - conditions: - sourcetype: 'bro:http:json' rewrite: product: zeek service: http zeek-conn: product: zeek service: conn - conditions: - sourcetype: 'bro:conn:json' + rewrite: + product: zeek + service: conn zeek-conn_long: product: zeek service: conn_long @@ -337,4 +338,9 @@ fieldmappings: cs-host: host cs-method: method cs-referrer: referrer - cs-version: version \ No newline at end of file + cs-version: version + # Few other variations of names from zeek source itself + id_orig_h: id.orig_h + id_orig_p: id.orig_p + id_resp_h: id.resp_h + id_resp_p: id.resp_p \ No newline at end of file From c815773b1abf32ef2ba94f333b8421a389362875 Mon Sep 17 00:00:00 2001 From: Tatsuya Ito Date: Tue, 19 May 2020 18:05:51 +0900 Subject: [PATCH 344/714] enhancement rule --- rules/windows/builtin/win_susp_add_sid_history.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_susp_add_sid_history.yml b/rules/windows/builtin/win_susp_add_sid_history.yml index 21ac8c61..0a407a6e 100644 --- a/rules/windows/builtin/win_susp_add_sid_history.yml +++ b/rules/windows/builtin/win_susp_add_sid_history.yml @@ -24,7 +24,9 @@ detection: SidHistory: - '-' - '%%1793' - condition: selection1 or (selection2 and not selection3) + filter_null: + SidHistory: null + condition: selection1 or (selection2 and not selection3 and not filter_null) falsepositives: - Migration of an account into a new domain level: medium From 602c8917ef7de1aca12ef7641e86bcee57fddd4a Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 04:41:08 -0400 Subject: [PATCH 345/714] domain user enumeration via zeek rpc (dce_rpc) log. --- .../zeek-dce_rpc_domain_user_enumeration.yml | 35 +++++++++++++++++++ ..._http_executable_download_from_webdav.yml} | 3 +- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml rename rules/{proxy/proxy_executable_download_from_webdav.yml => network/zeek/zeek_http_executable_download_from_webdav.yml} (93%) diff --git a/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml new file mode 100644 index 00000000..bfaa398f --- /dev/null +++ b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml @@ -0,0 +1,35 @@ +title: Domain User Enumeration Network Recon 01 +description: Domain user and group enumeration via network reconnaissance. Seen in APT 29 and other common tactics and actors. Detects a set of RPC (remote procedure calls) used to enumerate a domain controller. The rule was created based off the datasets and hackathon from https://github.com/OTRF/detection-hackathon-apt29 +id: 66a0bdc6-ee04-441a-9125-99d2eb547942 +references: + - "https://github.com/OTRF/detection-hackathon-apt29" + - "https://github.com/OTRF/detection-hackathon-apt29/issues/37" +author: 'Nate Guagenti (@neu5ron), Open Threat Research (OTR)' +date: 2020/05/03 +modified: 2020/05/03 +tags: + - attack.discovery + - attack.t1087 + - attack.t1082 +logsource: + product: zeek + service: dce_rpc +detection: + selection: + operation: + #- LsarEnumerateTrustedDomains #potentially too many FPs, removing. caused by netlogon + #- SamrEnumerateDomainsInSamServer #potentially too many FPs, removing. #method obtains a listing of all domains hosted by the server side of this protocol. This value is a cookie that the server can use to continue an enumeration on a subsequent call + - LsarLookupNames3 #method translates a batch of security principal names to their SID form + - LsarLookupSids3 #translates a batch of security principal SIDs to their name forms + - SamrGetGroupsForUser #obtains a listing of groups that a user is a member of + - SamrLookupIdsInDomain #method translates a set of RIDs into account names + - SamrLookupNamesInDomain #method translates a set of account names into a set of RIDs + - SamrQuerySecurityObject #method queries the access control on a server, domain, user, group, or alias object + - SamrQueryInformationGroup #obtains attributes from a group object + timeframe: 30s + condition: selection | count(operation) by src_ip > 4 +falsepositives: + - Devices that may do authentication like a VPN or a firewall that looksup IPs to username + - False positives depend on scripts and administrative tools used in the monitored environment +level: medium +status: experimental \ No newline at end of file diff --git a/rules/proxy/proxy_executable_download_from_webdav.yml b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml similarity index 93% rename from rules/proxy/proxy_executable_download_from_webdav.yml rename to rules/network/zeek/zeek_http_executable_download_from_webdav.yml index 7c18c8e8..5890bc8a 100644 --- a/rules/proxy/proxy_executable_download_from_webdav.yml +++ b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml @@ -9,7 +9,8 @@ tags: - attack.command_and_control - attack.T1043 logsource: - category: proxy + product: zeek + service: http date: 2020/05/01 detection: selection_webdav: From 7c3dea22b8702d7cc8e6796fd383d5a62096fffa Mon Sep 17 00:00:00 2001 From: neu5ron <> Date: Tue, 19 May 2020 05:13:48 -0400 Subject: [PATCH 346/714] small T, big T --- .../network/zeek/zeek_http_executable_download_from_webdav.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/network/zeek/zeek_http_executable_download_from_webdav.yml b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml index 5890bc8a..47cfdcbf 100644 --- a/rules/network/zeek/zeek_http_executable_download_from_webdav.yml +++ b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml @@ -7,7 +7,7 @@ references: - https://github.com/OTRF/detection-hackathon-apt29 tags: - attack.command_and_control - - attack.T1043 + - attack.t1043 logsource: product: zeek service: http From 9ab65cd1c73a9225a2090f81d07064761df487c1 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 19 May 2020 14:50:22 +0200 Subject: [PATCH 347/714] Update win_alert_ad_user_backdoors.yml --- rules/windows/builtin/win_alert_ad_user_backdoors.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rules/windows/builtin/win_alert_ad_user_backdoors.yml b/rules/windows/builtin/win_alert_ad_user_backdoors.yml index d29647c1..9ce1e7e7 100644 --- a/rules/windows/builtin/win_alert_ad_user_backdoors.yml +++ b/rules/windows/builtin/win_alert_ad_user_backdoors.yml @@ -22,9 +22,7 @@ detection: filter_null: AllowedToDelegateTo: null filter1: - AllowedToDelegateTo: - - null - - '-' + AllowedToDelegateTo: '-' selection2: EventID: 5136 AttributeLDAPDisplayName: 'msDS-AllowedToDelegateTo' From 8963c0a65e19f7202fe5daf467d1d4d33abd3d0a Mon Sep 17 00:00:00 2001 From: ZikyHD Date: Wed, 20 May 2020 11:54:47 +0200 Subject: [PATCH 348/714] Remove duplicate 'CommandLine' in fields --- rules/windows/process_creation/win_task_folder_evasion.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml index 253824e2..dfe043a8 100644 --- a/rules/windows/process_creation/win_task_folder_evasion.yml +++ b/rules/windows/process_creation/win_task_folder_evasion.yml @@ -30,7 +30,6 @@ detection: fields: - CommandLine - ParentProcess - - CommandLine falsepositives: - Unknown level: high From 344eb713c5a8e5defc98ee9010cdbc25872adb52 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 21 May 2020 09:39:57 +0200 Subject: [PATCH 349/714] rule: Greenbug campaign --- .../win_apt_greenbug_may20.yml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_greenbug_may20.yml diff --git a/rules/windows/process_creation/win_apt_greenbug_may20.yml b/rules/windows/process_creation/win_apt_greenbug_may20.yml new file mode 100644 index 00000000..bf327a18 --- /dev/null +++ b/rules/windows/process_creation/win_apt_greenbug_may20.yml @@ -0,0 +1,46 @@ +title: Greenbug Campaign Indicators +id: 3711eee4-a808-4849-8a14-faf733da3612 +status: experimental +description: Detects tools and process executions as observed in a Greenbug campaign in May 2020 +references: + - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia +author: Florian Roth +date: 2020/05/20 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - 'bitsadmin /transfer' + - 'CSIDL_APPDATA' + selection2: + CommandLine|contains|all: + - 'PowerShell.exe' + - '-ExecutionPolicy Bypass' + - 'CSIDL_SYSTEM_DRIVE' + selection3: + CommandLine|contains: + - '\msf.ps1' + - '8989 -e cmd.exe' + - 'system.Data.SqlClient.SqlDataAdapter($cmd); [void]$da.fill' + - '-nop -w hidden -c $k=new-object' + - '[Net.CredentialCache]::DefaultCredentials;IEX ' + - ' -nop -w hidden -c $m=new-object net.webclient;$m' + - '-noninteractive -executionpolicy bypass whoami' + - '-noninteractive -executionpolicy bypass netstat -a' + - 'L3NlcnZlc' # base64 encoded '/server=' + selection4: + Image|endswith: + - '\adobe\Adobe.exe' + - '\oracle\local.exe' + - '\revshell.exe' + - 'infopagesbackup\ncat.exe' + - 'CSIDL_SYSTEM\cmd.exe' + - '\programdata\oracle\java.exe' + - 'CSIDL_COMMON_APPDATA\comms\comms.exe' + - '\Programdata\VMware\Vmware.exe' + condition: 1 of them +falsepositives: + - Unknown +level: critical From 9a3b6c1c7712279691e0c177a7d8e282fca8847b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 21 May 2020 09:44:11 +0200 Subject: [PATCH 350/714] docs: added MITRE ATT&CK group tag --- rules/windows/process_creation/win_apt_greenbug_may20.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/process_creation/win_apt_greenbug_may20.yml b/rules/windows/process_creation/win_apt_greenbug_may20.yml index bf327a18..765f79a4 100644 --- a/rules/windows/process_creation/win_apt_greenbug_may20.yml +++ b/rules/windows/process_creation/win_apt_greenbug_may20.yml @@ -6,6 +6,8 @@ references: - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia author: Florian Roth date: 2020/05/20 +tags: + - attack.g0049 logsource: category: process_creation product: windows From 91c4c4ecc51de7a7ac5e2fb3e11dd45f4ddfbb2a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 21 May 2020 13:38:11 +0200 Subject: [PATCH 351/714] refactor: slightly improved Greenbug rule --- rules/windows/process_creation/win_apt_greenbug_may20.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_apt_greenbug_may20.yml b/rules/windows/process_creation/win_apt_greenbug_may20.yml index 765f79a4..8c630baa 100644 --- a/rules/windows/process_creation/win_apt_greenbug_may20.yml +++ b/rules/windows/process_creation/win_apt_greenbug_may20.yml @@ -6,6 +6,7 @@ references: - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia author: Florian Roth date: 2020/05/20 +modified: 2020/05/21 tags: - attack.g0049 logsource: @@ -17,9 +18,7 @@ detection: - 'bitsadmin /transfer' - 'CSIDL_APPDATA' selection2: - CommandLine|contains|all: - - 'PowerShell.exe' - - '-ExecutionPolicy Bypass' + CommandLine|contains: - 'CSIDL_SYSTEM_DRIVE' selection3: CommandLine|contains: From 96fae4be68faa1bad2c8cfa92b1e5a500e72d765 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Fri, 22 May 2020 00:50:37 +0200 Subject: [PATCH 352/714] Added CrachMapExec rules --- .../win_susp_crackmapexec_execution.yml | 37 +++++++++++++++++++ ...sp_crackmapexec_powershell_obfuscation.yml | 37 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_crackmapexec_execution.yml create mode 100644 rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml diff --git a/rules/windows/process_creation/win_susp_crackmapexec_execution.yml b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml new file mode 100644 index 00000000..ed8904ba --- /dev/null +++ b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml @@ -0,0 +1,37 @@ +title: CrackMapExec Command Execution +id: 058f4380-962d-40a5-afce-50207d36d7e2 +status: experimental +description: Detect various execution methods of the CrackMapExec pentesting framework +references: + - https://github.com/byt3bl33d3r/CrackMapExec +tags: + - attack.execution + - attack.t1047 + - attack.t1053 + - attack.t1086 +author: Thomas Patzke +date: 2020/05/22 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine: + # cme/protocols/smb/wmiexec.py (generalized execute_remote and execute_fileless) + - '*cmd.exe /Q /c * 1> \\\\*\\*\\* 2>&1' + # cme/protocols/smb/atexec.py:109 (fileless output via share) + - '*cmd.exe /C * > \\\\*\\*\\* 2>&1' + # cme/protocols/smb/atexec.py:111 (fileless output via share) + - '*cmd.exe /C * > *\\Temp\\* 2>&1' + # cme/helpers/powershell.py:139 (PowerShell execution with obfuscation) + - '*powershell.exe -exec bypass -noni -nop -w 1 -C "*' + # cme/helpers/powershell.py:149 (PowerShell execution without obfuscation) + - '*powershell.exe -noni -nop -w 1 -enc *' + condition: selection +fields: + - ComputerName + - User + - CommandLine +falsepositives: + - Unknown +level: high diff --git a/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml new file mode 100644 index 00000000..0d943703 --- /dev/null +++ b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml @@ -0,0 +1,37 @@ +title: CrackMapExec PowerShell Obfuscation +id: 6f8b3439-a203-45dc-a88b-abf57ea15ccf +status: experimental +description: The CrachMapExec pentesting framework implements a PowerShell obfuscation with some static strings detected by this rule. +references: + - https://github.com/byt3bl33d3r/CrackMapExec + - https://github.com/byt3bl33d3r/CrackMapExec/blob/0a49f75347b625e81ee6aa8c33d3970b5515ea9e/cme/helpers/powershell.py#L242 +tags: + - attack.execution + - attack.t1086 + - attack.defense_evasion + - attack.t1027 +author: Thomas Patzke +date: 2020/05/22 +logsource: + category: process_creation + product: windows +detection: + powershell_execution: + CommandLine|contains: 'powershell.exe' + snippets: + CommandLine|contains: + - 'join*split' + # Line 343ff + - "( $ShellId[1]+$ShellId[13]+'x')" + - '( $PSHome[*]+$PSHOME[*]+' + - "( $env:Public[13]+$env:Public[5]+'x')" + - "( $env:ComSpec[4,*,25]-Join'')" + - "[1,3]+'x'-Join'')" + condition: powershell_execution and snippets +fields: + - ComputerName + - User + - CommandLine +falsepositives: + - Unknown +level: high From 0f8f5fb29cb06452bfd744fbfbfe9ace6af9a049 Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Fri, 22 May 2020 13:24:27 +1000 Subject: [PATCH 353/714] Create win_susp_ntlm_rdp.yml --- rules/windows/builtin/win_susp_ntlm_rdp.yml | 29 +++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/builtin/win_susp_ntlm_rdp.yml diff --git a/rules/windows/builtin/win_susp_ntlm_rdp.yml b/rules/windows/builtin/win_susp_ntlm_rdp.yml new file mode 100644 index 00000000..6628e09a --- /dev/null +++ b/rules/windows/builtin/win_susp_ntlm_rdp.yml @@ -0,0 +1,29 @@ +title: Potential Remote Desktop Connection to Non-Domain Host +status: experimental +description: Detects logons using NTLM to hosts that are potentially not part of the domain. +references: + - n/a +author: James Pemberton +date: 2020/05/22 +tags: + - attack.command_and_control + - attack.t1219 +logsource: + product: windows + service: ntlm + definition: Requires events from Microsoft-Windows-NTLM/Operational +detection: + selection: + EventID: 8001 + TargetName: TERMSRV* + condition: selection +fields: + - Computer + - UserName + - DomainName + - TargetName +falsepositives: + - Host connections to valid domains, exclude these. + - Host connections not using host FQDN. + - Host connections to external legitimate domains. +level: medium From daa3c5e053d676a0a95a4575706f83feb8477e9c Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Fri, 22 May 2020 13:28:56 +1000 Subject: [PATCH 354/714] Update win_susp_ntlm_rdp.yml --- rules/windows/builtin/win_susp_ntlm_rdp.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_susp_ntlm_rdp.yml b/rules/windows/builtin/win_susp_ntlm_rdp.yml index 6628e09a..a375751d 100644 --- a/rules/windows/builtin/win_susp_ntlm_rdp.yml +++ b/rules/windows/builtin/win_susp_ntlm_rdp.yml @@ -1,4 +1,5 @@ title: Potential Remote Desktop Connection to Non-Domain Host +id: status: experimental description: Detects logons using NTLM to hosts that are potentially not part of the domain. references: From 879ad6f206b2dd909b14404cfa7f7b581a84a6a0 Mon Sep 17 00:00:00 2001 From: 4A616D6573 Date: Fri, 22 May 2020 13:32:02 +1000 Subject: [PATCH 355/714] Update win_susp_ntlm_rdp.yml --- rules/windows/builtin/win_susp_ntlm_rdp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_susp_ntlm_rdp.yml b/rules/windows/builtin/win_susp_ntlm_rdp.yml index a375751d..bed9e568 100644 --- a/rules/windows/builtin/win_susp_ntlm_rdp.yml +++ b/rules/windows/builtin/win_susp_ntlm_rdp.yml @@ -1,5 +1,5 @@ title: Potential Remote Desktop Connection to Non-Domain Host -id: +id: ce5678bb-b9aa-4fb5-be4b-e57f686256ad status: experimental description: Detects logons using NTLM to hosts that are potentially not part of the domain. references: From ec17c2ab56ac12477c80e7ac8c2e66a7f8dedd99 Mon Sep 17 00:00:00 2001 From: ecco Date: Fri, 22 May 2020 10:37:00 -0400 Subject: [PATCH 356/714] filter on createkey only when needed --- rules/windows/sysmon/sysmon_cmstp_execution.yml | 1 + ...mon_disable_security_events_logging_adding_reg_key_minint.yml | 1 + rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/rules/windows/sysmon/sysmon_cmstp_execution.yml b/rules/windows/sysmon/sysmon_cmstp_execution.yml index 37a9827c..e3b04a18 100644 --- a/rules/windows/sysmon/sysmon_cmstp_execution.yml +++ b/rules/windows/sysmon/sysmon_cmstp_execution.yml @@ -31,6 +31,7 @@ detection: selection2: EventID: 12 TargetObject: '*\cmmgr32.exe*' + EventType: 'CreateKey' # Registry Object Value Set selection3: EventID: 13 diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index 1b3c4afd..ea7a4ea4 100644 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -18,6 +18,7 @@ detection: - EventID: 12 # key create # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + EventType: 'CreateKey' # we don't want deletekey - EventID: 14 # key rename NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' condition: selection diff --git a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml index 65d99b28..e0131f92 100644 --- a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml +++ b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml @@ -16,6 +16,7 @@ logsource: detection: selection: EventID: 12 + EventType: 'CreateKey' # don't want DeleteKey events TargetObject: 'HKU\\*_Classes\CLSID\\*\TreatAs' condition: selection falsepositives: From 57c8e63acd8a44d79f509142c67d71326d849ef7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 09:09:58 +0200 Subject: [PATCH 357/714] refactore: split up rule for CVE-2020-1048 into 2 rules --- .../win_exploit_cve_2020_1048.yml | 31 +++++++++++++++++++ rules/windows/sysmon/sysmon_cve-2020-1048.yml | 27 ++++------------ 2 files changed, 37 insertions(+), 21 deletions(-) create mode 100644 rules/windows/process_creation/win_exploit_cve_2020_1048.yml diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1048.yml b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml new file mode 100644 index 00000000..8727efaf --- /dev/null +++ b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml @@ -0,0 +1,31 @@ +title: Suspicious PrinterPorts Creation (CVE-2020-1048) +id: cc08d590-8b90-413a-aff6-31d1a99678d7 +status: experimental +description: Detects new commands that add new printer port which point to suspicious file +author: EagleEye Team, Florian Roth +date: 2020/05/13 +modified: 2020/05/23 +references: + - https://windows-internals.com/printdemon-cve-2020-1048/ +tags: + - attack.persistence + - attack.execution +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - 'Add-PrinterPort -Name' + - '.dll' + selection2: + CommandLine|contains|all: + - 'Add-PrinterPort -Name' + - '.exe' + selection3: + CommandLine|contains: + - 'Generic / Text Only' + condition: 1 of them +falsepositives: + - New printer port install on host +level: high diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index 49159021..d270a4f5 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -1,20 +1,15 @@ -action: global -title: Suspicious PrinterPorts Created (CVE-2020-1048) +title: Suspicious New Printer Ports in Registry (CVE-2020-1048) id: 7ec912f2-5175-4868-b811-ec13ad0f8567 status: experimental -description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file +description: Detects a new and suspicious printer port creation in Registry that could be an attempt to exploit CVE-2020-1048 author: EagleEye Team, Florian Roth date: 2020/05/13 -modified: 2020/05/15 +modified: 2020/05/23 references: - https://windows-internals.com/printdemon-cve-2020-1048/ tags: - attack.persistence - attack.execution -falsepositives: - - New printer port install on host -level: high ---- logsource: service: sysmon product: windows @@ -33,16 +28,6 @@ detection: - '.exe' - 'C:' condition: selection ---- -logsource: - category: process_creation - product: windows -detection: - selection1: - CommandLine|contains: 'Add-PrinterPort -Name' - selection2: - CommandLine|contains: - - '.dll' - - '.exe' - condition: selection1 and selection2 - +falsepositives: + - New printer port install on host +level: high \ No newline at end of file From 34006d079431ec5d5892174bf4a1a4f0a30fd1f9 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 09:16:19 +0200 Subject: [PATCH 358/714] refactor: simplified and extended expression in CVE-2020-1048 rule --- .../process_creation/win_exploit_cve_2020_1048.yml | 10 +++++----- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 1 + 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1048.yml b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml index 8727efaf..9f11649f 100644 --- a/rules/windows/process_creation/win_exploit_cve_2020_1048.yml +++ b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml @@ -15,17 +15,17 @@ logsource: product: windows detection: selection1: - CommandLine|contains|all: + CommandLine|contains: - 'Add-PrinterPort -Name' - - '.dll' selection2: - CommandLine|contains|all: - - 'Add-PrinterPort -Name' + CommandLine|contains: - '.exe' + - '.dll' + - '.bat' selection3: CommandLine|contains: - 'Generic / Text Only' - condition: 1 of them + condition: ( selection1 and selection2 ) or selection3 falsepositives: - New printer port install on host level: high diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index d270a4f5..866b7775 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -26,6 +26,7 @@ detection: TargetObject|contains: - '.dll' - '.exe' + - '.bat' - 'C:' condition: selection falsepositives: From cfde0625f53ef2af49ce6cf81c80c8715cbf7fe8 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 07:05:09 -0400 Subject: [PATCH 359/714] fix false positive matching on every powershell process not run by SYSTEM account --- rules/windows/sysmon/sysmon_in_memory_powershell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_in_memory_powershell.yml b/rules/windows/sysmon/sysmon_in_memory_powershell.yml index d6108e16..76d5b989 100644 --- a/rules/windows/sysmon/sysmon_in_memory_powershell.yml +++ b/rules/windows/sysmon/sysmon_in_memory_powershell.yml @@ -24,7 +24,7 @@ detection: Image|endswith: - '\powershell.exe' - '\WINDOWS\System32\sdiagnhost.exe' - User: 'NT AUTHORITY\SYSTEM' + # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM condition: selection and not filter falsepositives: - Used by some .NET binaries, minimal on user workstation. From 9a7f462d795ffa68345179c4c2e33b1044756600 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 07:17:56 -0400 Subject: [PATCH 360/714] move renamed bnaries rule to process creation (they made a lot of false positives in sysmon as there was no event id specified in the rule) --- .../win_renamed_jusched.yml} | 0 .../win_renamed_powershell.yml} | 2 +- .../win_renamed_procdump.yml} | 2 +- .../win_renamed_psexec.yml} | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename rules/windows/{sysmon/sysmon_renamed_jusched.yml => process_creation/win_renamed_jusched.yml} (100%) rename rules/windows/{sysmon/sysmon_renamed_powershell.yml => process_creation/win_renamed_powershell.yml} (95%) rename rules/windows/{sysmon/sysmon_renamed_procdump.yml => process_creation/win_renamed_procdump.yml} (95%) rename rules/windows/{sysmon/sysmon_renamed_psexec.yml => process_creation/win_renamed_psexec.yml} (96%) diff --git a/rules/windows/sysmon/sysmon_renamed_jusched.yml b/rules/windows/process_creation/win_renamed_jusched.yml similarity index 100% rename from rules/windows/sysmon/sysmon_renamed_jusched.yml rename to rules/windows/process_creation/win_renamed_jusched.yml diff --git a/rules/windows/sysmon/sysmon_renamed_powershell.yml b/rules/windows/process_creation/win_renamed_powershell.yml similarity index 95% rename from rules/windows/sysmon/sysmon_renamed_powershell.yml rename to rules/windows/process_creation/win_renamed_powershell.yml index 157f5876..9522fcee 100644 --- a/rules/windows/sysmon/sysmon_renamed_powershell.yml +++ b/rules/windows/process_creation/win_renamed_powershell.yml @@ -10,7 +10,7 @@ tags: - car.2013-05-009 logsource: product: windows - service: sysmon + category: process_creation detection: selection: Description: 'Windows PowerShell' diff --git a/rules/windows/sysmon/sysmon_renamed_procdump.yml b/rules/windows/process_creation/win_renamed_procdump.yml similarity index 95% rename from rules/windows/sysmon/sysmon_renamed_procdump.yml rename to rules/windows/process_creation/win_renamed_procdump.yml index 803ad339..2fbe3a4a 100644 --- a/rules/windows/sysmon/sysmon_renamed_procdump.yml +++ b/rules/windows/process_creation/win_renamed_procdump.yml @@ -11,7 +11,7 @@ tags: - attack.t1036 logsource: product: windows - service: sysmon + category: process_creation detection: selection: OriginalFileName: 'procdump' diff --git a/rules/windows/sysmon/sysmon_renamed_psexec.yml b/rules/windows/process_creation/win_renamed_psexec.yml similarity index 96% rename from rules/windows/sysmon/sysmon_renamed_psexec.yml rename to rules/windows/process_creation/win_renamed_psexec.yml index 75d5838a..208af0d3 100644 --- a/rules/windows/sysmon/sysmon_renamed_psexec.yml +++ b/rules/windows/process_creation/win_renamed_psexec.yml @@ -10,7 +10,7 @@ tags: - car.2013-05-009 logsource: product: windows - service: sysmon + category: process_creation detection: selection: Description: 'Execute processes remotely' From 75ba5f989cd7c223059222151a3e321e85c9860c Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 07:44:45 -0400 Subject: [PATCH 361/714] add 1 more FP to wmi load --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 69fa4c76..5b3eca68 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -29,9 +29,9 @@ detection: filter: Image|endswith: - '\WmiPrvSe.exe' - - '\WmiPrvSE.exe' - '\WmiAPsrv.exe' - '\svchost.exe' + - '\DeviceCensus.exe' condition: selection and not filter fields: - ComputerName From d310805ed9e5783c94f0cb48b7cea1d3b20e7458 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Sat, 23 May 2020 14:19:52 +0200 Subject: [PATCH 362/714] rule: Netsh RDP port opening --- .../win_netsh_allow_port_rdp.yml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 rules/windows/process_creation/win_netsh_allow_port_rdp.yml diff --git a/rules/windows/process_creation/win_netsh_allow_port_rdp.yml b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml new file mode 100644 index 00000000..f2fc0607 --- /dev/null +++ b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml @@ -0,0 +1,31 @@ +title: Netsh RDP Port Opening +id: 01aeb693-138d-49d2-9403-c4f52d7d3d62 +description: Detects netsh commands that opens the port 3389 used for RDP, used in Sarwent Malware +references: + - https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ +date: 2020/05/23 +tags: + - attack.command_and_control + - attack.t1076 +status: experimental +author: Sander Wiebing +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - netsh + - firewall add portopening + - tcp 3389 + selection2: + CommandLine|contains|all: + - netsh + - advfirewall firewall add rule + - action=allow + - protocol=TCP + - localport=3389 + condition: 1 of them +falsepositives: + - Legitimate administration +level: high From 78a7852a4392464f12618c903da1aa82346a19b9 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 09:16:40 -0400 Subject: [PATCH 363/714] renamed dbghelp rule with new ID and comment and removed a false positive --- ... => sysmon_suspicious_dbghelp_dbgcore_load.yml} | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) rename rules/windows/sysmon/{sysmon_minidumwritedump_lsass.yml => sysmon_suspicious_dbghelp_dbgcore_load.yml} (78%) diff --git a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml similarity index 78% rename from rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml rename to rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml index 556b2b6f..a465cfff 100644 --- a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml +++ b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -1,12 +1,12 @@ -title: Dumping Lsass.exe Memory with MiniDumpWriteDump API -id: dd5ab153-beaa-4315-9647-65abc5f71541 +title: Load of dbghelp/dbgcore DLL from suspicious processes +id: 0e277796-5f23-4e49-a490-483131d4f6e1 status: experimental -description: Detects the use of MiniDumpWriteDump API for dumping lsass.exe memory in a stealth way. Tools like ProcessHacker and some attacker tradecract use this +description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and transfer it over the network back to the attacker's machine. date: 2019/10/27 -modified: 2019/11/13 -author: Perez Diego (@darkquassar), oscd.community +modified: 2020/05/23 +author: Perez Diego (@darkquassar), oscd.community, Ecco references: - https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump - https://www.pinvoke.net/default.aspx/dbghelp/MiniDumpWriteDump.html @@ -35,7 +35,7 @@ detection: - '\outlook.exe' - '\monitoringhost.exe' - '\wmic.exe' - - '\msiexec.exe' + # - '\msiexec.exe' an installer installing a program using one of those DLL will raise an alert - '\bash.exe' - '\wscript.exe' - '\cscript.exe' @@ -62,4 +62,4 @@ fields: - ImageLoaded falsepositives: - Penetration tests -level: critical +level: high From d9bc09c38c32333f39512614ceb1f380cc3fa44a Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 10:02:58 -0400 Subject: [PATCH 364/714] fix test --- rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml index a465cfff..b5f36b4e 100644 --- a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml +++ b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -1,4 +1,4 @@ -title: Load of dbghelp/dbgcore DLL from suspicious processes +title: Load of dbghelp/dbgcore DLL from Suspicious Process id: 0e277796-5f23-4e49-a490-483131d4f6e1 status: experimental description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump From 2b89e5605469f89c9b51e59ba1e245dcffdba18d Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 10:03:13 -0400 Subject: [PATCH 365/714] fix test --- tests/test_rules.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 881dbcd7..d76efab7 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -538,7 +538,7 @@ class TestRules(unittest.TestCase): faulty_rules.append(file) wrong_casing = [] for word in title.split(" "): - if word.islower() and not word.lower() in allowed_lowercase_words and not "." in word and not word[0].isdigit(): + if word.islower() and not word.lower() in allowed_lowercase_words and not "." in word and not "/" in word and not word[0].isdigit(): wrong_casing.append(word) if len(wrong_casing) > 0: print(Fore.RED + "Rule {} has a title that has not title capitalization. Words: '{}'".format(file, ", ".join(wrong_casing))) From 10ca3006f51b6debb18a2e1067629d260d9cf416 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 10:07:55 -0400 Subject: [PATCH 366/714] move rule where needed --- .../win_susp_file_characteristics.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename rules/windows/{sysmon/sysmon_susp_file_characteristics.yml => process_creation/win_susp_file_characteristics.yml} (96%) diff --git a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml similarity index 96% rename from rules/windows/sysmon/sysmon_susp_file_characteristics.yml rename to rules/windows/process_creation/win_susp_file_characteristics.yml index 27359b18..083ccf70 100644 --- a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml +++ b/rules/windows/process_creation/win_susp_file_characteristics.yml @@ -14,7 +14,7 @@ tags: - attack.t1064 logsource: product: windows - service: sysmon + category: process_creation detection: selection1: Description: '\?' From 327a53c120674588b3f1e439c373a45cda73c543 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 10:25:37 -0400 Subject: [PATCH 367/714] add new test for sysmon rules without eventid --- tests/test_rules.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index d76efab7..752611ed 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -486,6 +486,25 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with missing or malformed 'id' fields. Create an id (e.g. here: https://www.uuidgenerator.net/version4) and add it to the reported rule(s).") + def test_sysmon_rule_without_eventid(self): + faulty_rules = [] + for file in self.yield_next_rule_file_path(self.path_to_rules): + logsource = self.get_rule_part(file_path=file, part_name="logsource") + service = logsource.get('service', '') + if service.lower() == 'sysmon': + with open(file) as f: + found = False + for line in f: + if re.search(r'.*EventID:.*$', line): # might be on a single line or in multiple lines + found = True + break + if not found: + faulty_rules.append(file) + + self.assertEqual(faulty_rules, [], Fore.RED + + "There are rules using sysmon events but with no EventID specified") + + def test_missing_date(self): faulty_rules = [] for file in self.yield_next_rule_file_path(self.path_to_rules): From e1a05dfc1cfdb5b0925932a66c43706102ffbccb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 16:49:03 +0200 Subject: [PATCH 368/714] Update lnx_auditd_susp_C2_commands.yml --- rules/linux/auditd/lnx_auditd_susp_C2_commands.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml index ead90e0b..77971d06 100644 --- a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml +++ b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml @@ -1,12 +1,7 @@ title: Suspicious C2 Activities id: f7158a64-6204-4d6d-868a-6e6378b467e0 status: experimental -description: Detects suspicious activities as declared by Florian Roth in its 'Best Practice Auditd Configuration'. - This includes the detection of the following commands; wget, curl, base64, nc, netcat, ncat, ssh, socat, wireshark, rawshark, rdesktop, nmap - These commands match a few techniques from the tactics "Command and Control", including not exhaustively the following; - Application Layer Protocol (T1071) - Non-Application Layer Protocol (T1095) - Data Encoding (T1132) +description: Detects suspicious activities as declared by Florian Roth in its 'Best Practice Auditd Configuration'. This includes the detection of the following commands; wget, curl, base64, nc, netcat, ncat, ssh, socat, wireshark, rawshark, rdesktop, nmap. These commands match a few techniques from the tactics "Command and Control", including not exhaustively the following; Application Layer Protocol (T1071), Non-Application Layer Protocol (T1095), Data Encoding (T1132) references: - 'https://github.com/Neo23x0/auditd' date: 2020/05/18 From 67faf4bd41c8ccf27d71a6c3d28a5868c95274d2 Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 10:56:23 -0400 Subject: [PATCH 369/714] fix FP + remove powershell rule redundant with sysmon_in_memory_powershell.yml --- ..._alternate_powershell_hosts_moduleload.yml | 26 ------------------- ...sysmon_alternate_powershell_hosts_pipe.yml | 4 ++- .../sysmon/sysmon_in_memory_powershell.yml | 1 + 3 files changed, 4 insertions(+), 27 deletions(-) delete mode 100644 rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml deleted file mode 100644 index 5a1abf5e..00000000 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml +++ /dev/null @@ -1,26 +0,0 @@ -title: Alternate PowerShell Hosts Module Load -id: f67f6c57-257d-4919-a416-69cd31f9aac3 -description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe -status: experimental -date: 2019/09/12 -modified: 2019/11/10 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/alternate_signed_powershell_hosts.md -tags: - - attack.execution - - attack.t1086 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Description: 'system.management.automation' - ImageLoaded|contains: 'system.management.automation' - filter: - Image|endswith: '\powershell.exe' - condition: selection and not filter -falsepositives: - - Programs using PowerShell directly without invocation of a dedicated interpreter. -level: high diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml index fb702e8a..067cd370 100644 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml +++ b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml @@ -18,7 +18,9 @@ detection: EventID: 17 PipeName|startswith: '\PSHost' filter: - Image|endswith: '\powershell.exe' + Image|endswith: + - '\powershell.exe' + - '\powershell_ise.exe' condition: selection and not filter fields: - ComputerName diff --git a/rules/windows/sysmon/sysmon_in_memory_powershell.yml b/rules/windows/sysmon/sysmon_in_memory_powershell.yml index 76d5b989..56e6e453 100644 --- a/rules/windows/sysmon/sysmon_in_memory_powershell.yml +++ b/rules/windows/sysmon/sysmon_in_memory_powershell.yml @@ -23,6 +23,7 @@ detection: filter: Image|endswith: - '\powershell.exe' + - '\powershell_ise.exe' - '\WINDOWS\System32\sdiagnhost.exe' # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM condition: selection and not filter From d1a5471d2131b9f14787db3ae7e56eb8428bb560 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 17:38:10 +0200 Subject: [PATCH 370/714] rule: Strong Pity loader UA --- rules/proxy/proxy_ua_apt.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml index d8328ce9..0baf02b2 100644 --- a/rules/proxy/proxy_ua_apt.yml +++ b/rules/proxy/proxy_ua_apt.yml @@ -46,6 +46,7 @@ detection: - 'hots scot' # Unkown iOS zero-day implant https://twitter.com/craiu/status/1176437994288484352?s=20 - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT)' # https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36' # Hidden Cobra malware + - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)' # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657 condition: selection fields: - ClientIP From df715386b6abaa5a1208dc611d4e1e3e7cf91d3a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 18:27:36 +0200 Subject: [PATCH 371/714] rule: suspicious esentutl use --- .../deprecated/win_susp_esentutl_activity.yml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/deprecated/win_susp_esentutl_activity.yml diff --git a/rules/windows/deprecated/win_susp_esentutl_activity.yml b/rules/windows/deprecated/win_susp_esentutl_activity.yml new file mode 100644 index 00000000..7473358f --- /dev/null +++ b/rules/windows/deprecated/win_susp_esentutl_activity.yml @@ -0,0 +1,29 @@ +title: Suspicious Esentutl Use +id: 56a8189f-11b2-48c8-8ca7-c54b03c2fbf7 +status: experimental +description: Detects flags often used with the LOLBAS Esentutl for malicious activity. It could be used in rare cases by administrators to access locked files or during maintenance. +author: Florian Roth +date: 2020/05/23 +references: + - https://lolbas-project.github.io/ + - https://twitter.com/chadtilbury/status/1264226341408452610 +tags: + - attack.defense_evasion + - attack.execution + - attack.s0404 + - attack.t1218 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: + - ' /vss ' + - ' /y ' + condition: selection +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Administrative activity +level: high From 3028a27055b5ed7a1104cfa8389b7e5005fb0f83 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 23 May 2020 18:32:02 +0200 Subject: [PATCH 372/714] fix: buggy rule --- rules/windows/deprecated/win_susp_esentutl_activity.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/deprecated/win_susp_esentutl_activity.yml b/rules/windows/deprecated/win_susp_esentutl_activity.yml index 7473358f..1e3e62db 100644 --- a/rules/windows/deprecated/win_susp_esentutl_activity.yml +++ b/rules/windows/deprecated/win_susp_esentutl_activity.yml @@ -16,8 +16,8 @@ logsource: category: process_creation product: windows detection: - selection1: - CommandLine|contains: + selection: + CommandLine|contains|all: - ' /vss ' - ' /y ' condition: selection From f970d28f10b1e7906593265055bb6a804142ee4e Mon Sep 17 00:00:00 2001 From: ecco Date: Sat, 23 May 2020 15:06:15 -0400 Subject: [PATCH 373/714] add more false positives --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 5b3eca68..2c302532 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -32,6 +32,8 @@ detection: - '\WmiAPsrv.exe' - '\svchost.exe' - '\DeviceCensus.exe' + - '\CompatTelRunner.exe' + - '\sdiagnhost.exe' condition: selection and not filter fields: - ComputerName From b8ee736f4484ec86e23a5016bd9c634c909b8e33 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Sun, 24 May 2020 15:16:07 +0200 Subject: [PATCH 374/714] Remove AppData folder as suspicious folder A lot of software is using the AppData folder for startup keys. Some examples: - Microsoft Teams (\AppData\Local\Microsoft\Teams) - Resilio (\AppData\Roaming\Resilio Sync\) - Discord ( (\AppData\Local\Discord\) - Spotify ( (\AppData\Roaming\Spotify\) Too many to whitelist them all --- .../sysmon/sysmon_susp_run_key_img_folder.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index 6f6c9f6b..43c5990a 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -4,12 +4,12 @@ status: experimental description: Detects suspicious new RUN key element pointing to an executable in a suspicious folder references: - https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html -author: Florian Roth, Markus Neis +author: Florian Roth, Markus Neis, Sander Wiebing tags: - attack.persistence - attack.t1060 date: 2018/08/25 -modified: 2020/02/26 +modified: 2020/05/24 logsource: product: windows service: sysmon @@ -21,8 +21,6 @@ detection: - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' Details: - '*C:\Windows\Temp\\*' - - '*\AppData\\*' - - '%AppData%\\*' - '*C:\$Recycle.bin\\*' - '*C:\Temp\\*' - '*C:\Users\Public\\*' @@ -31,12 +29,9 @@ detection: - '*C:\Users\Desktop\\*' - 'wscript*' - 'cscript*' - filter: - Details|contains: - - '\AppData\Local\Microsoft\OneDrive\' # OneDrive False Positives - condition: selection and not filter + condition: selection fields: - Image falsepositives: - - Software using the AppData folders for updates + - Software using weird folders for updates level: high From 32e4998c4967d7d09762d994e69cca4ccc143f3c Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 24 May 2020 21:45:37 +0200 Subject: [PATCH 375/714] Removed dead code from ALA backend. --- tools/sigma/backends/ala.py | 45 +++---------------------------------- 1 file changed, 3 insertions(+), 42 deletions(-) diff --git a/tools/sigma/backends/ala.py b/tools/sigma/backends/ala.py index e3f1fd9f..bffd4ebf 100644 --- a/tools/sigma/backends/ala.py +++ b/tools/sigma/backends/ala.py @@ -111,10 +111,6 @@ class AzureLogAnalyticsBackend(DeepFieldMappingMixin, SingleTextQueryBackend): else: self._field_map = {} - def id_mapping(self, src): - """Identity mapping, source == target field name""" - return src - def map_sysmon_schema(self, eventid): schema_keys = [] try: @@ -154,14 +150,9 @@ class AzureLogAnalyticsBackend(DeepFieldMappingMixin, SingleTextQueryBackend): def generate(self, sigmaparser): self.table = None - try: - self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) - self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None) - self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None) - except KeyError: - self.category = None - self.product = None - self.service = None + self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) + self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None) + self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None) detection = sigmaparser.parsedyaml.get("detection", {}) if "keywords" in detection.keys(): @@ -324,36 +315,6 @@ class AzureLogAnalyticsBackend(DeepFieldMappingMixin, SingleTextQueryBackend): ) ) - def generateAfter(self, parsed): - del parsed - if self._fields: - all_fields = list(self._fields) - if self._agg_var: - all_fields = set(all_fields + [self._agg_var]) - project_fields = self._map_fields(all_fields) - project_list = ", ".join(str(fld) for fld in set(project_fields)) - return " | project " + project_list - return "" - - def _map_fields(self, fields): - for field in fields: - mapped_field = self._map_field(field) - if isinstance(mapped_field, str): - yield mapped_field - elif isinstance(mapped_field, list): - for subfield in mapped_field: - yield subfield - - def _map_field(self, fieldname): - mapping = self.sigmaconfig.fieldmappings.get(fieldname) - if isinstance(mapping, ConditionalFieldMapping): - fieldname = self._map_conditional_field(fieldname) - elif isinstance(mapping, MultiFieldMapping): - fieldname = mapping.resolve_fieldname(fieldname, self._parser) - elif isinstance(mapping, SimpleFieldMapping): - fieldname = mapping.resolve_fieldname(fieldname, self._parser) - return fieldname - def _map_conditional_field(self, fieldname): mapping = self.sigmaconfig.fieldmappings.get(fieldname) # if there is a conditional mapping for this fieldname From d45f8e19fef854a1779973d9a8ae51714d38257d Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 24 May 2020 21:46:55 +0200 Subject: [PATCH 376/714] Fixes --- Makefile | 3 +++ tools/sigma/backends/base.py | 3 +-- tools/sigma/backends/elasticsearch.py | 7 +++++-- tools/sigma/backends/splunk.py | 25 ++++++++++++++----------- 4 files changed, 23 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 18a3dbb7..7a2483fe 100644 --- a/Makefile +++ b/Makefile @@ -32,6 +32,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t corelight_es-qs -c tools/config/ecs-zeek-corelight.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null @@ -55,6 +56,8 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t humio -O rulecomment -c tools/config/humio.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t crowdstrike -O rulecomment -c tools/config/crowdstrike.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logiq -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index e4c9239c..3db2f0e1 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -330,7 +330,6 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): return fieldname class CorelightQueryBackend: - def generate(self, sigmaparser): lgs = sigmaparser.parsedyaml.get("logsource") allow_types = { @@ -358,4 +357,4 @@ class CorelightQueryBackend: if allow_types.get(logsource_type) and value.lower() in allow_types.get(logsource_type): return super().generate(sigmaparser) lgs_text = ", ".join(["%s: %s" % (key, lgs.get(key)) for key in lgs.keys()]) - raise NotSupportedError("Corelight backend not supported logsources: %s." % lgs_text) \ No newline at end of file + raise NotSupportedError("Corelight backend not supported logsources: %s." % lgs_text) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index d5b8acca..7a298c3c 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -23,7 +23,7 @@ from random import randrange import sigma import yaml -from sigma.parser.modifiers.type import SigmaRegularExpressionModifier +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier, SigmaTypeModifier from sigma.parser.condition import ConditionOR, ConditionAND, NodeSubexpression from sigma.config.mapping import ConditionalFieldMapping @@ -119,7 +119,10 @@ class ElasticsearchWildcardHandlingMixin(object): if isinstance(value, list): res = [] for item in value: - res.extend([item.lower(), item.upper()]) + try: + res.extend([item.lower(), item.upper()]) + except AttributeError: # not a string (something that doesn't support upper/lower casing) + res.append(item) value = res elif isinstance(value, str): value = [value.upper(), value.lower()] diff --git a/tools/sigma/backends/splunk.py b/tools/sigma/backends/splunk.py index 614173f1..3efb3d2b 100644 --- a/tools/sigma/backends/splunk.py +++ b/tools/sigma/backends/splunk.py @@ -189,18 +189,21 @@ class CrowdStrikeBackend(SplunkBackend): detections = sigmaparser.definitions all_fields = dict() for det in detections.values(): - for field, value in det.items(): - if "|" in field: - field = field.split("|")[0] - if any([item for item in fieldmappings.keys() if field == item]): - if field == "EventID" and str(value) == str(1) and lgs.get("service") == "sysmon": - all_fields.update(det) - elif field != "EventID": - all_fields.update(det) + try: + for field, value in det.items(): + if "|" in field: + field = field.split("|")[0] + if any([item for item in fieldmappings.keys() if field == item]): + if field == "EventID" and str(value) == str(1) and lgs.get("service") == "sysmon": + all_fields.update(det) + elif field != "EventID": + all_fields.update(det) + else: + raise NotImplementedError("Not supported fields!") else: raise NotImplementedError("Not supported fields!") - else: - raise NotImplementedError("Not supported fields!") + except AttributeError: # ignore if detection is not a dict + pass table_fields = sigmaparser.parsedyaml.get("fields", []) res_table_fields = [] @@ -210,4 +213,4 @@ class CrowdStrikeBackend(SplunkBackend): sigmaparser.parsedyaml["fields"] = res_table_fields return super().generate(sigmaparser) else: - raise NotImplementedError("Not supported logsources!") \ No newline at end of file + raise NotImplementedError("Not supported logsources!") From daf7ab5ff71c48aec9fab29a70c62a3fec310768 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 24 May 2020 22:41:38 +0200 Subject: [PATCH 377/714] Cleanup: removal of corelight_* backends --- Makefile | 1 - tools/sigma/backends/base.py | 30 --------------------------- tools/sigma/backends/elasticsearch.py | 19 +---------------- tools/sigma/backends/splunk.py | 8 +------ 4 files changed, 2 insertions(+), 56 deletions(-) diff --git a/Makefile b/Makefile index 7a2483fe..1d36cd90 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,6 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null - $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t corelight_es-qs -c tools/config/ecs-zeek-corelight.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 3db2f0e1..1ef7e175 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -328,33 +328,3 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): transformed from the original name given in the Sigma rule. """ return fieldname - -class CorelightQueryBackend: - def generate(self, sigmaparser): - lgs = sigmaparser.parsedyaml.get("logsource") - allow_types = { - 'category': - [ - 'proxy', 'firewall', 'webserver', 'accounting', 'dns' - ], - 'product': - [ - 'zeek', 'apache', 'netflow', 'firewall' - ], - 'service': [ - 'radius', 'kerberos', 'pe', 'ntlm', 'sip', 'syslog', 'ntp', - 'mqtt_subscribe', 'smb_files', 'irc', 'http2', 'rfb', - 'tunnel', 'socks', 'mqtt_publish', 'network', 'weird', - 'known_certs', 'traceroute', 'modbus', 'smtp_links', - 'ssl', 'known_hosts', 'software', 'smtp', 'tls', 'intel', - 'ssh', 'dce_rpc', 'x509', 'known_services', 'http', 'files', - 'gquic', 'ftp', 'dns', 'conn', 'dnp3', 'rdp', 'dpd', - 'known_modbus', 'conn_long', 'modbus_register_change', - 'mqtt_connect', 'pop3', 'mysql', 'notice', 'snmp', 'smb_mapping' - ] - } - for logsource_type, value in lgs.items(): - if allow_types.get(logsource_type) and value.lower() in allow_types.get(logsource_type): - return super().generate(sigmaparser) - lgs_text = ", ".join(["%s: %s" % (key, lgs.get(key)) for key in lgs.keys()]) - raise NotSupportedError("Corelight backend not supported logsources: %s." % lgs_text) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 7a298c3c..88cdd9c6 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -27,7 +27,7 @@ from sigma.parser.modifiers.type import SigmaRegularExpressionModifier, SigmaTyp from sigma.parser.condition import ConditionOR, ConditionAND, NodeSubexpression from sigma.config.mapping import ConditionalFieldMapping -from .base import BaseBackend, SingleTextQueryBackend, CorelightQueryBackend +from .base import BaseBackend, SingleTextQueryBackend from .mixins import RulenameCommentMixin, MultiRuleOutputMixin from .exceptions import NotSupportedError @@ -298,11 +298,6 @@ class ElasticsearchQuerystringBackend(DeepFieldMappingMixin, ElasticsearchWildca else: return super().generateSubexpressionNode(node) - -class ElasticsearchCorelightBackend(CorelightQueryBackend, ElasticsearchQuerystringBackend): - identifier = "corelight_es-qs" - - class ElasticsearchDSLBackend(DeepFieldMappingMixin, RulenameCommentMixin, ElasticsearchWildcardHandlingMixin, BaseBackend): """ElasticSearch DSL backend""" identifier = 'es-dsl' @@ -662,11 +657,6 @@ class KibanaBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin): def index_variable_name(self, index): return "index_" + index.replace("-", "__").replace("*", "X") - -class KibanaCorelightBackend(CorelightQueryBackend, KibanaBackend): - identifier = "corelight_kibana" - - class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin): """Converts Sigma Rule into X-Pack Watcher JSON for alerting""" identifier = "xpack-watcher" @@ -973,10 +963,6 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) raise NotImplementedError("Output type '%s' not supported" % self.output_type) return result -class XPackWatcherCorelightBackend(CorelightQueryBackend, XPackWatcherBackend): - identifier = "corelight_xpack-watcher" - - class ElastalertBackend(DeepFieldMappingMixin, MultiRuleOutputMixin): """Elastalert backend""" active = True @@ -1334,6 +1320,3 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): if references: rule.update({"references": references}) return json.dumps(rule) - -class ElasticSearchRuleCorelightBackend(CorelightQueryBackend, ElasticSearchRuleBackend): - identifier = "corelight_elasticsearch-rule" diff --git a/tools/sigma/backends/splunk.py b/tools/sigma/backends/splunk.py index 3efb3d2b..75658343 100644 --- a/tools/sigma/backends/splunk.py +++ b/tools/sigma/backends/splunk.py @@ -16,7 +16,7 @@ import re import sigma -from .base import SingleTextQueryBackend, CorelightQueryBackend +from .base import SingleTextQueryBackend from .mixins import MultiRuleOutputMixin class SplunkBackend(SingleTextQueryBackend): @@ -172,12 +172,6 @@ class SplunkXMLBackend(SingleTextQueryBackend, MultiRuleOutputMixin): self.queries += self.dash_suf return self.queries - -class SplunkCorelightBackend(CorelightQueryBackend, SplunkBackend): - identifier = "corelight_splunk" - - - class CrowdStrikeBackend(SplunkBackend): """Converts Sigma rule into CrowdStrike Search Processing Language (SPL).""" identifier = "crowdstrike" From 2678cd1d3e104bd916262f8a242c28006704a457 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon, 25 May 2020 09:50:47 +0200 Subject: [PATCH 378/714] Create win_netsh_fw_add_susp_image.yml More critical version of the rule windows/process_creation/win_netsh_fw_add.yml with the suspicious image location check. Combined the following rules for the suspicious locations: https://github.com/Neo23x0/sigma//blob/master/rules/windows/sysmon/sysmon_susp_download_run_key.yml https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_run_locations.yml --- .../win_netsh_fw_add_susp_image.yml | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 rules/windows/process_creation/win_netsh_fw_add_susp_image.yml diff --git a/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml b/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml new file mode 100644 index 00000000..bc54696c --- /dev/null +++ b/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml @@ -0,0 +1,54 @@ +title: Netsh Program Allowed with Suspcious Location +id: a35f5a72-f347-4e36-8895-9869b0d5fc6d +description: Detects Netsh commands that allows a suspcious application location on Windows Firewall +references: + - https://www.virusradar.com/en/Win32_Kasidet.AD/description + - https://www.hybrid-analysis.com/sample/07e789f4f2f3259e7559fdccb36e96814c2dbff872a21e1fa03de9ee377d581f?environmentId=100 +date: 2020/05/25 +tags: + - attack.lateral_movement + - attack.command_and_control + - attack.t1090 +status: experimental +author: Sander Wiebing +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - 'netsh' + - 'firewall add allowedprogram' + selection2: + CommandLine|contains|all: + - netsh + - advfirewall firewall add rule + - action=allow + - program= + susp_image: + CommandLine|contains: + - '*%TEMP%*' + - '*:\RECYCLER\\*' + - '*C:\$Recycle.bin\\*' + - '*:\SystemVolumeInformation\\*' + - 'C:\\Windows\\Tasks\\*' + - 'C:\\Windows\\debug\\*' + - 'C:\\Windows\\fonts\\*' + - 'C:\\Windows\\help\\*' + - 'C:\\Windows\\drivers\\*' + - 'C:\\Windows\\addins\\*' + - 'C:\\Windows\\cursors\\*' + - 'C:\\Windows\\system32\tasks\\*' + - '*C:\Windows\Temp\\*' + - '*C:\Temp\\*' + - '*C:\Users\Public\\*' + - '%Public%\\*' + - '*C:\Users\Default\\*' + - '*C:\Users\Desktop\\*' + - '*\Downloads\\*' + - '*\Temporary Internet Files\Content.Outlook\\*' + - '*\Local Settings\Temporary Internet Files\\*' + condition: (selection1 or selection2) and susp_image +falsepositives: + - Legitimate administration +level: high From 28652e4648fca1cbc48149163c001f209275c7dd Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon, 25 May 2020 10:02:13 +0200 Subject: [PATCH 379/714] Add Windows Server 2008 and Windows Vista support It did not support the command `netsh advfirewall firewall add` --- rules/windows/process_creation/win_netsh_fw_add.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_netsh_fw_add.yml b/rules/windows/process_creation/win_netsh_fw_add.yml index 7657dd25..1184ebc3 100644 --- a/rules/windows/process_creation/win_netsh_fw_add.yml +++ b/rules/windows/process_creation/win_netsh_fw_add.yml @@ -1,4 +1,4 @@ -title: Netsh +title: Netsh Port or Application Allowed id: cd5cfd80-aa5f-44c0-9c20-108c4ae12e3c description: Allow Incoming Connections by Port or Application on Windows Firewall references: @@ -10,14 +10,17 @@ tags: - attack.command_and_control - attack.t1090 status: experimental -author: Markus Neis +author: Markus Neis, Sander Wiebing logsource: category: process_creation product: windows detection: selection: CommandLine: - - '*netsh firewall add*' + - '*netsh*' + CommandLine: + - '*firewall add*' + - '*advfirewall firewall add*' condition: selection falsepositives: - Legitimate administration From 6fcf3f9ebf3ae66ee9bb7853f823dfe11f62d2c1 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon, 25 May 2020 10:13:26 +0200 Subject: [PATCH 380/714] Update win_netsh_fw_add.yml --- rules/windows/process_creation/win_netsh_fw_add.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_netsh_fw_add.yml b/rules/windows/process_creation/win_netsh_fw_add.yml index 1184ebc3..59c3361f 100644 --- a/rules/windows/process_creation/win_netsh_fw_add.yml +++ b/rules/windows/process_creation/win_netsh_fw_add.yml @@ -15,13 +15,13 @@ logsource: category: process_creation product: windows detection: - selection: + selection1: CommandLine: - '*netsh*' + selection2: CommandLine: - '*firewall add*' - - '*advfirewall firewall add*' - condition: selection + condition: selection1 and selection2 falsepositives: - Legitimate administration level: medium From 7037e77569e062b85f335ef3c9d04b2d392b5214 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 25 May 2020 04:50:22 -0400 Subject: [PATCH 381/714] add more FP --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 2c302532..8c660f19 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -34,6 +34,7 @@ detection: - '\DeviceCensus.exe' - '\CompatTelRunner.exe' - '\sdiagnhost.exe' + - '\SIHClient.exe' condition: selection and not filter fields: - ComputerName From dedfb65d635f544011e30cf6ab303db7d782e092 Mon Sep 17 00:00:00 2001 From: Jonas Hagg Date: Mon, 25 May 2020 10:44:14 +0200 Subject: [PATCH 382/714] Implemented Aggregation for SQL, Added SQLite FullTextSearch --- tools/sigma/backends/sql.py | 124 +++++++++-- tools/sigma/backends/sqlite.py | 125 +++++++++++ tools/tests/test_backend_sql.py | 320 +++++++++++++++++++++++++++++ tools/tests/test_backend_sqlite.py | 133 ++++++++++++ 4 files changed, 688 insertions(+), 14 deletions(-) create mode 100644 tools/sigma/backends/sqlite.py create mode 100644 tools/tests/test_backend_sql.py create mode 100644 tools/tests/test_backend_sqlite.py diff --git a/tools/sigma/backends/sql.py b/tools/sigma/backends/sql.py index b3149c01..72f7cc29 100644 --- a/tools/sigma/backends/sql.py +++ b/tools/sigma/backends/sql.py @@ -16,7 +16,9 @@ import re import sigma -from .base import SingleTextQueryBackend +from sigma.backends.base import SingleTextQueryBackend +from sigma.parser.condition import SigmaAggregationParser, NodeSubexpression, ConditionAND, ConditionOR, ConditionNOT +from sigma.parser.exceptions import SigmaParseError class SQLBackend(SingleTextQueryBackend): """Converts Sigma rule into SQL query""" @@ -34,12 +36,16 @@ class SQLBackend(SingleTextQueryBackend): notNullExpression = "%s=*" # Expression of queries for not null values. %s is field name mapExpression = "%s = %s" # Syntax for field/value conditions. First %s is fieldname, second is value mapMulti = "%s IN %s" # Syntax for field/value conditions. First %s is fieldname, second is value - mapWildcard = "%s LIKE %s" # Syntax for swapping wildcard conditions. + mapWildcard = "%s LIKE %s escape \'\\\'"# Syntax for swapping wildcard conditions: Adding \ as escape character mapSource = "%s=%s" # Syntax for sourcetype mapListsSpecialHandling = False # Same handling for map items with list values as for normal values (strings, integers) if True, generateMapItemListNode method is called with node mapListValueExpression = "%s OR %s" # Syntax for field/value condititons where map value is a list mapLength = "(%s %s)" + def __init__(self, sigmaconfig, table): + super().__init__(sigmaconfig) + self.table = table + def generateANDNode(self, node): generated = [ self.generateNode(val) for val in node ] filtered = [ g for g in generated if g is not None ] @@ -78,29 +84,32 @@ class SQLBackend(SingleTextQueryBackend): def generateMapItemNode(self, node): fieldname, value = node transformed_fieldname = self.fieldNameMapping(fieldname, value) - if "," in self.generateNode(value) and "%" not in self.generateNode(value): + + has_wildcard = re.search(r"((\\(\*|\?|\\))|\*|\?|_|%)", self.generateNode(value)) + + if "," in self.generateNode(value) and not has_wildcard: return self.mapMulti % (transformed_fieldname, self.generateNode(value)) elif "LENGTH" in transformed_fieldname: return self.mapLength % (transformed_fieldname, value) elif type(value) == list: return self.generateMapItemListNode(transformed_fieldname, value) - elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): - if "%" in self.generateNode(value): + elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + if has_wildcard: return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) else: return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif "sourcetype" in transformed_fieldname: return self.mapSource % (transformed_fieldname, self.generateNode(value)) - elif "*" in str(value): + elif has_wildcard: return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) else: raise TypeError("Backend does not support map values of type " + str(type(value))) def generateMapItemListNode(self, key, value): - return "(" + (" OR ".join(['%s LIKE %s' % (key, self.generateValueNode(item)) for item in value])) + ")" + return "(" + (" OR ".join([self.mapWildcard % (key, self.generateValueNode(item)) for item in value])) + ")" def generateValueNode(self, node): - return self.valueExpression % (self.cleanValue(str(node))) + return self.valueExpression % (self.cleanValue(str(node))) def generateNULLValueNode(self, node): return self.nullExpression % (node.item) @@ -117,10 +126,97 @@ class SQLBackend(SingleTextQueryBackend): return fieldname def cleanValue(self, val): - if "*" == val: - pass - elif "*.*.*" in val: - val = val.replace("*.*.*", "%") - elif re.search(r'\*', val): - val = re.sub(r'\*', '%', val) + if not isinstance(val, str): + return str(val) + + #Single backlashes which are not in front of * or ? are doulbed + val = re.sub(r"(? full text search + #False: no subexpression found, where a full text search is needed + + def _evaluateCondition(condition): + #Helper function to evaulate condtions + if type(condition) not in [ConditionAND, ConditionOR, ConditionNOT]: + raise NotImplementedError("Error in recursive Search logic") + + results = [] + for elem in condition.items: + if isinstance(elem, NodeSubexpression): + results.append(self._recursiveFtsSearch(elem)) + if isinstance(elem, ConditionNOT): + results.append(_evaluateCondition(elem)) + if isinstance(elem, tuple): + results.append(False) + if type(elem) in (str, int, list): + return True + return any(results) + + if type(subexpression) in [str, int, list]: + return True + elif type(subexpression) in [tuple]: + return False + + if not isinstance(subexpression, NodeSubexpression): + raise NotImplementedError("Error in recursive Search logic") + + if isinstance(subexpression.items, NodeSubexpression): + return self._recursiveFtsSearch(subexpression.items) + elif type(subexpression.items) in [ConditionAND, ConditionOR, ConditionNOT]: + return _evaluateCondition(subexpression.items) \ No newline at end of file diff --git a/tools/sigma/backends/sqlite.py b/tools/sigma/backends/sqlite.py new file mode 100644 index 00000000..c4e2651e --- /dev/null +++ b/tools/sigma/backends/sqlite.py @@ -0,0 +1,125 @@ + +from sigma.backends.sql import SQLBackend +from sigma.parser.condition import NodeSubexpression, ConditionAND, ConditionOR, ConditionNOT +import re + + +class SQLiteBackend(SQLBackend): + """SQLiteBackend provides FullTextSearch functionality""" + identifier = "sqlite" + active = True + + mapFullTextSearch = "%s MATCH ('\"%s\"')" + + def __init__(self, sigmaconfig, table): + super().__init__(sigmaconfig, table) + self.mappingItem = False + + def requireFTS(self, node): + return (not self.mappingItem and + (type(node) in (int, str) or all(isinstance(val, str) for val in node) or all(isinstance(val, int) for val in node))) + + def generateFTS(self, value): + if re.search(r"((\\(\*|\?|\\))|\*|\?|_|%)", value): + raise NotImplementedError( + "Wildcards in SQlite Full Text Search not implemented") + self.countFTS += 1 + return self.mapFullTextSearch % (self.table, value) + + def generateANDNode(self, node): + + if self.requireFTS(node): + fts = str('"' + self.andToken + '"').join(self.cleanValue(val) + for val in node) + return self.generateFTS(fts) + + generated = [self.generateNode(val) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + return self.andToken.join(filtered) + else: + return None + + def generateORNode(self, node): + + if self.requireFTS(node): + fts = str('"' + self.orToken + '"').join(self.cleanValue(val) + for val in node) + return self.generateFTS(fts) + + generated = [self.generateNode(val) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + return self.orToken.join(filtered) + else: + return None + + def generateMapItemNode(self, node): + try: + self.mappingItem = True + fieldname, value = node + transformed_fieldname = self.fieldNameMapping(fieldname, value) + + has_wildcard = re.search( + r"((\\(\*|\?|\\))|\*|\?|_|%)", self.generateNode(value)) + + if "," in self.generateNode(value) and not has_wildcard: + return self.mapMulti % (transformed_fieldname, self.generateNode(value)) + elif "LENGTH" in transformed_fieldname: + return self.mapLength % (transformed_fieldname, value) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + + if has_wildcard: + return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) + else: + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + + elif "sourcetype" in transformed_fieldname: + return self.mapSource % (transformed_fieldname, self.generateNode(value)) + elif has_wildcard: + return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) + else: + raise TypeError( + "Backend does not support map values of type " + str(type(value))) + finally: + self.mappingItem = False + + def generateValueNode(self, node): + if self.mappingItem: + return self.valueExpression % (self.cleanValue(str(node))) + else: + return self.generateFTS(self.cleanValue(str(node))) + + def generateQuery(self, parsed): + self.countFTS = 0 + result = self.generateNode(parsed.parsedSearch) + if self.countFTS > 1: + raise NotImplementedError( + "Match operator ({}) is allowed only once in SQLite, parse rule in a different way:\n{}".format(self.countFTS, result)) + self.countFTS = 0 + + if parsed.parsedAgg: + # Handle aggregation + fro, whe = self.generateAggregation(parsed.parsedAgg, result) + return "SELECT * FROM {} WHERE {}".format(fro, whe) + + return "SELECT * FROM {} WHERE {}".format(self.table, result) + + def generateFullTextQuery(self, search, parsed): + + search = search.replace('"', '') + search = '" OR "'.join(search.split(" OR ")) + search = '" AND "'.join(search.split(" AND ")) + search = '"{}"'.format(search) + search = search.replace('%', '') + search = search.replace('_', '') + search = '{} MATCH (\'{}\')'.format(self.table, search) + + if parsed.parsedAgg: + # Handle aggregation + fro, whe = self.generateAggregation(parsed.parsedAgg, search) + return "SELECT * FROM {} WHERE {}".format(fro, whe) + + return 'SELECT * FROM {} WHERE {}'.format(self.table, search) \ No newline at end of file diff --git a/tools/tests/test_backend_sql.py b/tools/tests/test_backend_sql.py new file mode 100644 index 00000000..c1a9b38b --- /dev/null +++ b/tools/tests/test_backend_sql.py @@ -0,0 +1,320 @@ +import unittest +from unittest.mock import patch + +from sigma.backends.sql import SQLBackend + +from sigma.parser.collection import SigmaCollectionParser +from sigma.config.mapping import FieldMapping +from sigma.configuration import SigmaConfiguration + +class TestGenerateQuery(unittest.TestCase): + + def setUp(self): + self.basic_rule = {"title": "Test", "level": "testing"} + self.table = "eventlog" + + def test_regular_queries(self): + # Test regular queries + detection = {"selection": {"fieldname": "test1"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname = "test1"'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": 4}, "condition": "selection"} + expected_result = 'select * from {} where fieldname = "4"'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": [ + "test1", "test2"]}, "condition": "selection"} + expected_result = 'select * from {} where fieldname in ("test1", "test2")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": { + "fieldname": [3, 4]}, "condition": "selection"} + expected_result = 'select * from {} where fieldname in ("3", "4")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1", "fieldname2": [ + "test2", "test3"]}, "condition": "selection"} + expected_result = 'select * from {} where (fieldname1 = "test1" and fieldname2 in ("test2", "test3"))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection and filter"} + expected_result = 'select * from {} where (fieldname = "test1" and fieldname2 = "whatever")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection or filter"} + expected_result = 'select * from {} where (fieldname = "test1" or fieldname2 = "whatever")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection and not filter"} + expected_result = 'select * from {} where (fieldname = "test1" and not (fieldname2 = "whatever"))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1"}, "filter": { + "fieldname2": "test2"}, "condition": "1 of them"} + expected_result = 'select * from {} where (fieldname1 = "test1" or fieldname2 = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1"}, "filter": { + "fieldname2": "test2"}, "condition": "all of them"} + expected_result = 'select * from {} where (fieldname1 = "test1" and fieldname2 = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + def test_modifiers(self): + + # contains + detection = {"selection": {"fieldname|contains": "test"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like "%test%" escape \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + # all + detection = {"selection": {"fieldname|all": [ + "test1", "test2"]}, "condition": "selection"} + expected_result = 'select * from {} where (fieldname = "test1" and fieldname = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + # endswith + detection = {"selection": {"fieldname|endswith": "test"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like "%test" escape \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + # startswith + detection = {"selection": {"fieldname|startswith": "test"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like "test%" escape \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + def test_aggregations(self): + + # count + detection = {"selection": {"fieldname": "test"}, + "condition": "selection | count() > 5"} + inner_query = 'select count(*) as agg from {} where fieldname = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # min + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | min(fieldname2) > 5"} + inner_query = 'select min(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # max + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | max(fieldname2) > 5"} + inner_query = 'select max(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # avg + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | avg(fieldname2) > 5"} + inner_query = 'select avg(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # sum + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) > 5"} + inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # < + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) < 5"} + inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg < 5'.format(inner_query) + self.validate(detection, expected_result) + + # == + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) == 5"} + inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + self.table) + expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + # group by + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) by fieldname3 == 5"} + inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test" group by fieldname3'.format( + self.table) + expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + # multiple conditions + detection = {"selection": {"fieldname1": "test"}, "filter": { + "fieldname2": "tessst"}, "condition": "selection or filter | sum(fieldname2) == 5"} + inner_query = 'select sum(fieldname2) as agg from {} where (fieldname1 = "test" or fieldname2 = "tessst")'.format( + self.table) + expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + def test_wildcards(self): + + # wildcard: * + detection = {"selection": {"fieldname": "test*"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test%"' + r" escape '\'" + self.validate(detection, expected_result) + + # wildcard: ? + detection = {"selection": {"fieldname": "test?"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test_"' + r" escape '\'" + self.validate(detection, expected_result) + + # escaping: + detection = {"selection": {"fieldname": r"test\?"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\?"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\\*"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\\%"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\*"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\*"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\\"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\\"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\abc"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\\abc"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test%"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\%"' + r" escape '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test_"}, + "condition": "selection"} + expected_result = 'select * from {} where fieldname like '.format( + self.table) + r'"test\_"' + r" escape '\'" + self.validate(detection, expected_result) + + # multiple options + detection = {"selection": {"fieldname": [ + "test*", "*test"]}, "condition": "selection"} + opt1 = 'fieldname like ' + r'"test%"' + r" escape '\'" + opt2 = 'fieldname like ' + r'"%test"' + r" escape '\'" + expected_result = 'select * from {} where ({} or {})'.format( + self.table, opt1, opt2) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname|all": [ + "test*", "*test"]}, "condition": "selection"} + opt1 = 'fieldname like ' + r'"test%"' + r" escape '\'" + opt2 = 'fieldname like ' + r'"%test"' + r" escape '\'" + expected_result = 'select * from {} where ({} and {})'.format( + self.table, opt1, opt2) + self.validate(detection, expected_result) + + def test_fieldname_mapping(self): + detection = {"selection": {"fieldname": "test1"}, + "condition": "selection"} + expected_result = 'select * from {} where mapped_fieldname = "test1"'.format( + self.table) + + # configure mapping + config = SigmaConfiguration() + config.fieldmappings["fieldname"] = FieldMapping( + "fieldname", "mapped_fieldname") + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + self.assertEqual(expected_result.lower(), + backend.generate(p).lower()) + + def test_not_implemented(self): + # near aggregation not implemented + detection = {"selection": {"fieldname": "test"}, "filter": { + "fieldname": "test2"}, "condition": "selection | near selection and filter"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + # re modifier is not implemented + detection = {"selection": {"fieldname|re": "test"}, + "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + #Full Text Search is not implemented + detection = {"selection": ["test1"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + + def validate(self, detection, expectation): + + config = SigmaConfiguration() + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + if isinstance(expectation, str): + self.assertEqual(expectation.lower(), + backend.generate(p).lower()) + elif isinstance(expectation, Exception): + self.assertRaises(type(expectation), backend.generate, p) + + +if __name__ == '__main__': + unittest.main() diff --git a/tools/tests/test_backend_sqlite.py b/tools/tests/test_backend_sqlite.py new file mode 100644 index 00000000..3c6a7a71 --- /dev/null +++ b/tools/tests/test_backend_sqlite.py @@ -0,0 +1,133 @@ +import unittest +from unittest.mock import patch + +from sigma.backends.sqlite import SQLiteBackend + +from sigma.parser.collection import SigmaCollectionParser +from sigma.config.mapping import FieldMapping +from sigma.configuration import SigmaConfiguration + +class TestFullTextSearch(unittest.TestCase): + + def setUp(self): + self.basic_rule = {"title": "Test", "level": "testing"} + self.table = "eventlog" + + def test_full_text_search(self): + detection = {"selection": ["test1"], "condition": "selection"} + expected_result = 'select * from {0} where {0} match (\'"test1"\')'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": [5], "condition": "selection"} + expected_result = 'select * from {0} where {0} match (\'"5"\')'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1", "test2"], "condition": "selection"} + expected_result = 'select * from {0} where ({0} match (\'"test1" OR "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter":["test2"], "condition": "selection and filter"} + expected_result = 'select * from {0} where ({0} match (\'"test1" and "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": [5, 6], "condition": "selection"} + expected_result = 'select * from {0} where ({0} match (\'"5" OR "6"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter": [ + "test2"], "condition": "selection or filter"} + expected_result = 'select * from {0} where ({0} match (\'"test1" OR "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter": [ + "test2"], "condition": "selection and filter"} + expected_result = 'select * from {0} where ({0} match (\'"test1" and "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + def test_full_text_search_aggregation(self): + # aggregation with fts + detection = {"selection": ["test"], + "condition": "selection | count() > 5"} + inner_query = 'select count(*) as agg from {0} where {0} match (\'"test"\')'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + detection = {"selection": ["test1", "test2"], + "condition": "selection | count() > 5"} + inner_query = 'select count(*) as agg from {0} where ({0} match (\'"test1" or "test2"\'))'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # aggregation + group by + fts + detection = {"selection": ["test1", "test2"], + "condition": "selection | count() by fieldname > 5"} + inner_query = 'select count(*) as agg from {0} where ({0} match (\'"test1" or "test2"\')) group by fieldname'.format( + self.table) + expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + def test_not_implemented(self): + # fts not implemented with wildcards + detection = {"selection": ["test*"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test?"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test\\"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + + # fts is not implemented for nested condtions + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter"} # this is ok + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection or filter"} # this is ok + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and not filter"} # this is already nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter and filter"} # this is nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter or filter"} # this is nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + def validate(self, detection, expectation): + + config = SigmaConfiguration() + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLiteBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + if isinstance(expectation, str): + self.assertEqual(expectation.lower(), + backend.generate(p).lower()) + elif isinstance(expectation, Exception): + self.assertRaises(type(expectation), backend.generate, p) + +if __name__ == '__main__': + unittest.main() \ No newline at end of file From abf1a2c6d7eb6a031fcb60dd003fccf62bd7af33 Mon Sep 17 00:00:00 2001 From: Jonas Hagg Date: Mon, 25 May 2020 10:54:16 +0200 Subject: [PATCH 383/714] Adjusted Makefile --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 1d36cd90..79eba11e 100644 --- a/Makefile +++ b/Makefile @@ -58,6 +58,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t humio -O rulecomment -c tools/config/humio.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t crowdstrike -O rulecomment -c tools/config/crowdstrike.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sqlite -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logiq -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null From 48c5f2ed094ead20bd7b94786530e0583e0d5323 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Tue, 26 May 2020 11:20:21 +0200 Subject: [PATCH 384/714] Update to sysmon_cve-2020-1048 Added .com executables to detection Second TargetObject should have been Details --- rules/windows/sysmon/sysmon_cve-2020-1048.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index 866b7775..9c671ad3 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -2,9 +2,9 @@ title: Suspicious New Printer Ports in Registry (CVE-2020-1048) id: 7ec912f2-5175-4868-b811-ec13ad0f8567 status: experimental description: Detects a new and suspicious printer port creation in Registry that could be an attempt to exploit CVE-2020-1048 -author: EagleEye Team, Florian Roth +author: EagleEye Team, Florian Roth, NVISO date: 2020/05/13 -modified: 2020/05/23 +modified: 2020/05/26 references: - https://windows-internals.com/printdemon-cve-2020-1048/ tags: @@ -23,10 +23,11 @@ detection: - SetValue - DeleteValue - CreateValue - TargetObject|contains: + Details|contains: - '.dll' - '.exe' - '.bat' + - '.com' - 'C:' condition: selection falsepositives: From 828484d7c6384d85d74ace3ab577fd6b60d22f2a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 26 May 2020 12:09:41 +0200 Subject: [PATCH 385/714] rule: confluence exploit CVE-2019-3398 --- rules/web/web_cve_2019_3398_confluence.yml | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/web/web_cve_2019_3398_confluence.yml diff --git a/rules/web/web_cve_2019_3398_confluence.yml b/rules/web/web_cve_2019_3398_confluence.yml new file mode 100644 index 00000000..cc93af37 --- /dev/null +++ b/rules/web/web_cve_2019_3398_confluence.yml @@ -0,0 +1,27 @@ +title: Confluence Exploitation CVE-2019-3398 +id: e9bc39ae-978a-4e49-91ab-5bd481fc668b +status: experimental +description: Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398 +references: + - https://devcentral.f5.com/s/articles/confluence-arbitrary-file-write-via-path-traversal-cve-2019-3398-34181 +author: Florian Roth +date: 2020/05/26 +tags: + - attack.initial_access + - attack.t1190 +logsource: + category: webserver +detection: + selection1: + cs-method: 'POST' + c-uri|contains|all: + - '/upload.action' + - 'filename=../../../../' + condition: selection +fields: + - c-ip + - c-dns +falsepositives: + - Unknown +level: critical + From cdf1ade6254533f55b1802d081b33fdfac6a9077 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 26 May 2020 12:27:16 +0200 Subject: [PATCH 386/714] fix: typo in selection --- rules/web/web_cve_2019_3398_confluence.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_cve_2019_3398_confluence.yml b/rules/web/web_cve_2019_3398_confluence.yml index cc93af37..35252909 100644 --- a/rules/web/web_cve_2019_3398_confluence.yml +++ b/rules/web/web_cve_2019_3398_confluence.yml @@ -12,7 +12,7 @@ tags: logsource: category: webserver detection: - selection1: + selection: cs-method: 'POST' c-uri|contains|all: - '/upload.action' From a241792e1077be912087c0f22a735e427d9d43ab Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue, 26 May 2020 12:58:15 +0200 Subject: [PATCH 387/714] Reduce FP of legitime processes A lot of Windows apps does not have any file characteristics. Some examples: - Gamebar: C:\\Program Files\\WindowsApps\\Microsoft.XboxGamingOverlay_3.38.25003.0_x64__8wekyb3d8bbwe\\GameBarFT.exe - YourPhone: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.20022.82.0_x64__8wekyb3d8bbwe\\YourPhoneServer/YourPhoneServer.exe All C:\Windows\System32\OpenSSH (scp, sftp, ssh etc) does not have a description and company. Python 2.7, 3.3 and 3.7 does not have any file characteristics. So I don't think it is possible to whitelist all options, maybe it is worthwhile to check the \Downloads\ folder otherwise it would be better to just delete the rule. All other suspicious folders are covered by /rules/windows/process_creation/win_susp_exec_folder.yml --- .../win_susp_file_characteristics.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/rules/windows/process_creation/win_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml index 083ccf70..cfe3b7e3 100644 --- a/rules/windows/process_creation/win_susp_file_characteristics.yml +++ b/rules/windows/process_creation/win_susp_file_characteristics.yml @@ -1,13 +1,13 @@ -title: Suspicious File Characteristics Due to Missing Fields +title: Suspicious File Characteristics Due to Missing Fields in Downloads folder id: 9637e8a5-7131-4f7f-bdc7-2b05d8670c43 -description: Detects Executables without FileVersion,Description,Product,Company likely created with py2exe +description: Detects Executables in the Downloads folder without FileVersion,Description,Product,Company likely created with py2exe status: experimental references: - https://securelist.com/muddywater/88059/ - https://www.virustotal.com/#/file/276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb/detection -author: Markus Neis +author: Markus Neis, Sander Wiebing date: 2018/11/22 -modified: 2019/11/09 +modified: 2020/05/26 tags: - attack.defense_evasion - attack.execution @@ -25,7 +25,9 @@ detection: selection3: Description: '\?' Company: '\?' - condition: 1 of them + folder: + Image: '*\Downloads\\*' + condition: (selection1 or selection2 or selection3) and folder fields: - CommandLine - ParentCommandLine From f9f814f3b3d927a31a9e7703f03e4bd6e28f8e05 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue, 26 May 2020 13:06:27 +0200 Subject: [PATCH 388/714] Shortened title --- .../windows/process_creation/win_susp_file_characteristics.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml index cfe3b7e3..8243fe88 100644 --- a/rules/windows/process_creation/win_susp_file_characteristics.yml +++ b/rules/windows/process_creation/win_susp_file_characteristics.yml @@ -1,4 +1,4 @@ -title: Suspicious File Characteristics Due to Missing Fields in Downloads folder +title: Suspicious File Characteristics Due to Missing Fields id: 9637e8a5-7131-4f7f-bdc7-2b05d8670c43 description: Detects Executables in the Downloads folder without FileVersion,Description,Product,Company likely created with py2exe status: experimental From b648998fd0e7100f6a39d7323be0cc1941e49d5e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 26 May 2020 13:18:50 +0200 Subject: [PATCH 389/714] rule: Turla ComRAT --- rules/proxy/proxy_turla_comrat.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 rules/proxy/proxy_turla_comrat.yml diff --git a/rules/proxy/proxy_turla_comrat.yml b/rules/proxy/proxy_turla_comrat.yml new file mode 100644 index 00000000..3a743adb --- /dev/null +++ b/rules/proxy/proxy_turla_comrat.yml @@ -0,0 +1,19 @@ +title: Turla ComRAT +id: 7857f021-007f-4928-8b2c-7aedbe64bb82 +status: experimental +description: Detects Turla ComRAT patterns +references: + - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf +author: Florian Roth +date: 2020/05/26 +tags: + - attack.g0010 +logsource: + category: proxy +detection: + selection: + c-uri|contains: '/index/index.php?h=' + condition: selection +falsepositives: + - Unknown +level: critical From 3681b8cb56144248ed57afdb31ce748d01190a0b Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue, 26 May 2020 13:56:51 +0200 Subject: [PATCH 390/714] Extended Windows processes --- rules/windows/process_creation/win_system_exe_anomaly.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rules/windows/process_creation/win_system_exe_anomaly.yml b/rules/windows/process_creation/win_system_exe_anomaly.yml index da242270..809970e8 100644 --- a/rules/windows/process_creation/win_system_exe_anomaly.yml +++ b/rules/windows/process_creation/win_system_exe_anomaly.yml @@ -30,6 +30,13 @@ detection: - '*\winlogon.exe' - '*\explorer.exe' - '*\taskhost.exe' + - '*\Taskmgr.exe' + - '*\sihost.exe' + - '*\RuntimeBroker.exe' + - '*\smartscreen.exe' + - '*\dllhost.exe' + - '*\audiodg.exe' + - '*\wlanext.exe' filter: Image: - 'C:\Windows\System32\\*' From 4ca81b896d044e6ff9ffb9798a7b503029a52259 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 26 May 2020 14:19:22 +0200 Subject: [PATCH 391/714] rule: Turla ComRAT report --- .../win_apt_turla_comrat_may20.yml | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_turla_comrat_may20.yml diff --git a/rules/windows/process_creation/win_apt_turla_comrat_may20.yml b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml new file mode 100644 index 00000000..c2b7bf87 --- /dev/null +++ b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml @@ -0,0 +1,33 @@ +title: Turla Group Commands May 2020 +id: 9e2e51c5-c699-4794-ba5a-29f5da40ac0c +status: experimental +description: Detects commands used by Turla group as reported by ESET in May 2020 +references: + - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf +tags: + - attack.g0010 + - attack.execution + - attack.t1086 + - attack.t1053 + - attack.t1027 + - attack.discovery + - attack.t1016 +author: Florian Roth +date: 2020/05/26 +logsource: + category: process_creation + product: windows +falsepositives: + - Unknown +detection: + selection1: + CommandLine|contains: + - 'tracert -h 10 yahoo.com' + - '.WSqmCons))|iex;' + - 'Fr`omBa`se6`4Str`ing' + selection2: + CommandLine|contains|all: + - 'net use https://docs.live.net' + - '@aol.co.uk' + condition: 1 of them +level: critical From f6ec724d51b9feb83ce903c6c6398f9c143b9bd4 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue, 26 May 2020 18:53:54 +0200 Subject: [PATCH 392/714] Rule: sysmon_creation_system_file --- .../sysmon/sysmon_creation_system_file | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_creation_system_file diff --git a/rules/windows/sysmon/sysmon_creation_system_file b/rules/windows/sysmon/sysmon_creation_system_file new file mode 100644 index 00000000..3744a10a --- /dev/null +++ b/rules/windows/sysmon/sysmon_creation_system_file @@ -0,0 +1,57 @@ +title: File Created with System Process Name +id: d5866ddf-ce8f-4aea-b28e-d96485a20d3d +status: experimental +description: Detects the creation of a executable with a sytem process name in a suspicious folder +references: + - https://attack.mitre.org/techniques/T1036/ +author: Sander Wiebing +date: 2020/05/26 +tags: + - attack.defense_evasion + - attack.t1036 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 11 + Image: + - '*\svchost.exe' + - '*\rundll32.exe' + - '*\services.exe' + - '*\powershell.exe' + - '*\regsvr32.exe' + - '*\spoolsv.exe' + - '*\lsass.exe' + - '*\smss.exe' + - '*\csrss.exe' + - '*\conhost.exe' + - '*\wininit.exe' + - '*\lsm.exe' + - '*\winlogon.exe' + - '*\explorer.exe' + - '*\taskhost.exe' + - '*\Taskmgr.exe' + - '*\taskmgr.exe' + - '*\sihost.exe' + - '*\RuntimeBroker.exe' + - '*\runtimebroker.exe' + - '*\smartscreen.exe' + - '*\dllhost.exe' + - '*\audiodg.exe' + - '*\wlanext.exe' + filter: + Image: + - 'C:\Windows\System32\\*' + - 'C:\Windows\system32\\*' + - 'C:\Windows\SysWow64\\*' + - 'C:\Windows\SysWOW64\\*' + - 'C:\Windows\winsxs\\*' + - 'C:\Windows\WinSxS\\*' + - '\SystemRoot\System32\\*' + condition: selection and not filter +fields: + - Image +falsepositives: + - System processes copied outside the default folder +level: high From d44fc43c5452e4e62b5dcf990139a4e166dda706 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue, 26 May 2020 19:10:11 +0200 Subject: [PATCH 393/714] Add extension --- ...ysmon_creation_system_file => sysmon_creation_system_file.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/windows/sysmon/{sysmon_creation_system_file => sysmon_creation_system_file.yml} (100%) diff --git a/rules/windows/sysmon/sysmon_creation_system_file b/rules/windows/sysmon/sysmon_creation_system_file.yml similarity index 100% rename from rules/windows/sysmon/sysmon_creation_system_file rename to rules/windows/sysmon/sysmon_creation_system_file.yml From 76dcc1a16fff440951c2d5d15307b8337ae6f792 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 28 May 2020 09:22:25 +0200 Subject: [PATCH 394/714] rule: renamed debugview --- .../sysmon/sysmon_susp_renamed_debugview.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_susp_renamed_debugview.yml diff --git a/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml b/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml new file mode 100644 index 00000000..065bc891 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml @@ -0,0 +1,24 @@ +title: Renamed SysInternals Debug View +id: cd764533-2e07-40d6-a718-cfeec7f2da7f +status: experimental +description: Detects suspicious renamed SysInternals DebugView execution +references: + - https://www.epicturla.com/blog/sysinturla +author: Florian Roth +date: 2020/05/28 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 1 + Product: + - 'Sysinternals DebugView' + - 'Sysinternals Debugview' + filter: + OriginalFilename: 'Dbgview.exe' + Image|endswith: '\Dbgview.exe' + condition: selection and not filter +falsepositives: + - Unknown +level: high From 39b41b5582ac76ddd8fe694ce31dc6288d60b631 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 28 May 2020 10:13:38 +0200 Subject: [PATCH 395/714] rule: moved DebugView rule to process creation category --- .../win_susp_renamed_debugview.yml} | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) rename rules/windows/{sysmon/sysmon_susp_renamed_debugview.yml => process_creation/win_susp_renamed_debugview.yml} (93%) diff --git a/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml b/rules/windows/process_creation/win_susp_renamed_debugview.yml similarity index 93% rename from rules/windows/sysmon/sysmon_susp_renamed_debugview.yml rename to rules/windows/process_creation/win_susp_renamed_debugview.yml index 065bc891..dcab5bd6 100644 --- a/rules/windows/sysmon/sysmon_susp_renamed_debugview.yml +++ b/rules/windows/process_creation/win_susp_renamed_debugview.yml @@ -7,11 +7,10 @@ references: author: Florian Roth date: 2020/05/28 logsource: + category: process_creation product: windows - service: sysmon detection: selection: - EventID: 1 Product: - 'Sysinternals DebugView' - 'Sysinternals Debugview' From 5a489348224307685cf63bb0cdd7d8b7288d5fc7 Mon Sep 17 00:00:00 2001 From: gamma37 Date: Thu, 28 May 2020 10:52:17 +0200 Subject: [PATCH 396/714] Edit Clear Command History I suggest a new point of view to detect that bash_history has been cleared : Instead of trying to detect all the commands that can do that, we could monitor the size of the file and log whenever it has less than 1 line. --- rules/linux/lnx_shell_clear_cmd_history.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 9ee72f09..d48bc425 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -2,12 +2,20 @@ title: Clear Command History id: fdc88d25-96fb-4b7c-9633-c0e417fdbd4e status: experimental description: Clear command history in linux which is used for defense evasion. + # Example config for this one (place it in .bash_profile): + # (is_empty=false; inotifywait -m .bash_history | while read file; do if [ $(wc -l <.bash_history) -lt 1 ]; then if [ "$is_empty" = false ]; then logger -i -p local5.info -t empty_bash_history "$USER : ~/.bash_history is empty "; is_empty=true; fi; else is_empty=false; fi; done ) & + # It monitors the size of .bash_history and log the words "empty_bash_history" whenever a previously not empty bash_history becomes empty + # We define an empty file as a document with 0 or 1 lines (it can be a line with only one space character for example) + # It has two advantages over the version suggested by Patrick Bareiss : + # - it is not relative to the exact command used to clear .bash_history : for instance Caldera uses "> .bash_history" to clear the history and this is not one the commands listed here. We can't be exhaustive for all the possibilities ! + # - the method suggested by Patrick Bareiss logs all the commands entered directly in a bash shell. therefore it may miss some events (for instance it doesn't log the commands launched from a Caldera agent). Here if .bash_history is cleared, it will always be detected references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml - https://attack.mitre.org/techniques/T1146/ - https://www.hackers-arise.com/single-post/2016/06/20/Covering-your-BASH-Shell-Tracks-AntiForensics author: Patrick Bareiss date: 2019/03/24 +modified : 2020/05/28 logsource: product: linux detection: @@ -22,6 +30,7 @@ detection: - 'history -c' - 'history -w' - 'shred *bash_history' + - 'empty_bash_history' condition: keywords falsepositives: - Unknown From 537bda4417ef90f5af9c754d3b0d965c79103cb0 Mon Sep 17 00:00:00 2001 From: gamma37 Date: Thu, 28 May 2020 10:56:35 +0200 Subject: [PATCH 397/714] Update lnx_shell_clear_cmd_history.yml --- rules/linux/lnx_shell_clear_cmd_history.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index d48bc425..97379f6a 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -15,7 +15,7 @@ references: - https://www.hackers-arise.com/single-post/2016/06/20/Covering-your-BASH-Shell-Tracks-AntiForensics author: Patrick Bareiss date: 2019/03/24 -modified : 2020/05/28 +modified: 2020/05/28 logsource: product: linux detection: From 38afd8b5def24191616ff0f0c0324cfbb7f0d6d0 Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Thu, 28 May 2020 21:52:17 +0200 Subject: [PATCH 398/714] Fixed wrong field --- rules/windows/sysmon/sysmon_creation_system_file.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_creation_system_file.yml b/rules/windows/sysmon/sysmon_creation_system_file.yml index 3744a10a..f322669c 100644 --- a/rules/windows/sysmon/sysmon_creation_system_file.yml +++ b/rules/windows/sysmon/sysmon_creation_system_file.yml @@ -15,7 +15,7 @@ logsource: detection: selection: EventID: 11 - Image: + TargetFilename: - '*\svchost.exe' - '*\rundll32.exe' - '*\services.exe' @@ -41,7 +41,7 @@ detection: - '*\audiodg.exe' - '*\wlanext.exe' filter: - Image: + TargetFilename: - 'C:\Windows\System32\\*' - 'C:\Windows\system32\\*' - 'C:\Windows\SysWow64\\*' From a00f7f19a14b58ab9ca98f6a4215a3ca9eb1932a Mon Sep 17 00:00:00 2001 From: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Fri, 29 May 2020 16:25:54 +0200 Subject: [PATCH 399/714] Add tagg Endswith Prevent the trigger of {}.exe.log --- rules/windows/sysmon/sysmon_creation_system_file.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_creation_system_file.yml b/rules/windows/sysmon/sysmon_creation_system_file.yml index f322669c..9f8143c8 100644 --- a/rules/windows/sysmon/sysmon_creation_system_file.yml +++ b/rules/windows/sysmon/sysmon_creation_system_file.yml @@ -15,7 +15,7 @@ logsource: detection: selection: EventID: 11 - TargetFilename: + TargetFilename|endswith: - '*\svchost.exe' - '*\rundll32.exe' - '*\services.exe' From 70935d26ce214b566b34c4555531e0510a619a99 Mon Sep 17 00:00:00 2001 From: Jonas Plum Date: Fri, 29 May 2020 23:56:05 +0200 Subject: [PATCH 400/714] Add license header --- Makefile | 5 +- tools/sigma/backends/sql.py | 23 ++--- tools/sigma/backends/sqlite.py | 15 ++++ tools/tests/test_backend_sql.py | 138 ++++++++++++++++------------- tools/tests/test_backend_sqlite.py | 47 ++++++---- 5 files changed, 138 insertions(+), 90 deletions(-) diff --git a/Makefile b/Makefile index 79eba11e..2766a7e7 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ TMPOUT = $(shell tempfile||mktemp) COVSCOPE = tools/sigma/*.py,tools/sigma/backends/*.py,tools/sigmac,tools/merge_sigma,tools/sigma2attack export COVERAGE = coverage -test: clearcov test-rules test-sigmac test-merge test-sigma2attack build finish +test: clearcov test-rules test-sigmac test-merge test-backend-sql test-sigma2attack build finish clearcov: rm -f .coverage @@ -108,6 +108,9 @@ test-merge: test-backend-es-qs: tests/test-backend-es-qs.py +test-backend-sql: + pytest tests/test_backend_sql.py tests/test_backend_sqlite.py + test-sigma2attack: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigma2attack diff --git a/tools/sigma/backends/sql.py b/tools/sigma/backends/sql.py index 72f7cc29..7ea27c76 100644 --- a/tools/sigma/backends/sql.py +++ b/tools/sigma/backends/sql.py @@ -1,5 +1,6 @@ # Output backends for sigmac # Copyright 2019 Jayden Zheng +# Copyright 2020 Jonas Hagg # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by @@ -36,7 +37,7 @@ class SQLBackend(SingleTextQueryBackend): notNullExpression = "%s=*" # Expression of queries for not null values. %s is field name mapExpression = "%s = %s" # Syntax for field/value conditions. First %s is fieldname, second is value mapMulti = "%s IN %s" # Syntax for field/value conditions. First %s is fieldname, second is value - mapWildcard = "%s LIKE %s escape \'\\\'"# Syntax for swapping wildcard conditions: Adding \ as escape character + mapWildcard = "%s LIKE %s ESCAPE \'\\\'"# Syntax for swapping wildcard conditions: Adding \ as escape character mapSource = "%s=%s" # Syntax for sourcetype mapListsSpecialHandling = False # Same handling for map items with list values as for normal values (strings, integers) if True, generateMapItemListNode method is called with node mapListValueExpression = "%s OR %s" # Syntax for field/value condititons where map value is a list @@ -87,13 +88,13 @@ class SQLBackend(SingleTextQueryBackend): has_wildcard = re.search(r"((\\(\*|\?|\\))|\*|\?|_|%)", self.generateNode(value)) - if "," in self.generateNode(value) and not has_wildcard: + if "," in self.generateNode(value) and not has_wildcard: return self.mapMulti % (transformed_fieldname, self.generateNode(value)) elif "LENGTH" in transformed_fieldname: return self.mapLength % (transformed_fieldname, value) elif type(value) == list: return self.generateMapItemListNode(transformed_fieldname, value) - elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): if has_wildcard: return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) else: @@ -107,7 +108,7 @@ class SQLBackend(SingleTextQueryBackend): def generateMapItemListNode(self, key, value): return "(" + (" OR ".join([self.mapWildcard % (key, self.generateValueNode(item)) for item in value])) + ")" - + def generateValueNode(self, node): return self.valueExpression % (self.cleanValue(str(node))) @@ -144,11 +145,11 @@ class SQLBackend(SingleTextQueryBackend): #Replace ? with _, if even number of backsashes (or zero) in front of ? val = re.sub(r"(?. from sigma.backends.sql import SQLBackend from sigma.parser.condition import NodeSubexpression, ConditionAND, ConditionOR, ConditionNOT diff --git a/tools/tests/test_backend_sql.py b/tools/tests/test_backend_sql.py index c1a9b38b..b4bd8202 100644 --- a/tools/tests/test_backend_sql.py +++ b/tools/tests/test_backend_sql.py @@ -1,3 +1,19 @@ +# Test output backends for sigmac +# Copyright 2020 Jonas Hagg + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + import unittest from unittest.mock import patch @@ -17,60 +33,60 @@ class TestGenerateQuery(unittest.TestCase): # Test regular queries detection = {"selection": {"fieldname": "test1"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname = "test1"'.format( + expected_result = 'SELECT * FROM {} WHERE fieldname = "test1"'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname": 4}, "condition": "selection"} - expected_result = 'select * from {} where fieldname = "4"'.format( + expected_result = 'SELECT * FROM {} WHERE fieldname = "4"'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname": [ "test1", "test2"]}, "condition": "selection"} - expected_result = 'select * from {} where fieldname in ("test1", "test2")'.format( + expected_result = 'SELECT * FROM {} WHERE fieldname IN ("test1", "test2")'.format( self.table) self.validate(detection, expected_result) detection = {"selection": { "fieldname": [3, 4]}, "condition": "selection"} - expected_result = 'select * from {} where fieldname in ("3", "4")'.format( + expected_result = 'SELECT * FROM {} WHERE fieldname IN ("3", "4")'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname1": "test1", "fieldname2": [ "test2", "test3"]}, "condition": "selection"} - expected_result = 'select * from {} where (fieldname1 = "test1" and fieldname2 in ("test2", "test3"))'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" AND fieldname2 IN ("test2", "test3"))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname": "test1"}, "filter": { "fieldname2": "whatever"}, "condition": "selection and filter"} - expected_result = 'select * from {} where (fieldname = "test1" and fieldname2 = "whatever")'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND fieldname2 = "whatever")'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname": "test1"}, "filter": { "fieldname2": "whatever"}, "condition": "selection or filter"} - expected_result = 'select * from {} where (fieldname = "test1" or fieldname2 = "whatever")'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" OR fieldname2 = "whatever")'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname": "test1"}, "filter": { "fieldname2": "whatever"}, "condition": "selection and not filter"} - expected_result = 'select * from {} where (fieldname = "test1" and not (fieldname2 = "whatever"))'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND NOT (fieldname2 = "whatever"))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname1": "test1"}, "filter": { "fieldname2": "test2"}, "condition": "1 of them"} - expected_result = 'select * from {} where (fieldname1 = "test1" or fieldname2 = "test2")'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" OR fieldname2 = "test2")'.format( self.table) self.validate(detection, expected_result) detection = {"selection": {"fieldname1": "test1"}, "filter": { "fieldname2": "test2"}, "condition": "all of them"} - expected_result = 'select * from {} where (fieldname1 = "test1" and fieldname2 = "test2")'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" AND fieldname2 = "test2")'.format( self.table) self.validate(detection, expected_result) @@ -79,28 +95,28 @@ class TestGenerateQuery(unittest.TestCase): # contains detection = {"selection": {"fieldname|contains": "test"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like "%test%" escape \'\\\''.format( + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "%test%" ESCAPE \'\\\''.format( self.table) self.validate(detection, expected_result) # all detection = {"selection": {"fieldname|all": [ "test1", "test2"]}, "condition": "selection"} - expected_result = 'select * from {} where (fieldname = "test1" and fieldname = "test2")'.format( + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND fieldname = "test2")'.format( self.table) self.validate(detection, expected_result) # endswith detection = {"selection": {"fieldname|endswith": "test"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like "%test" escape \'\\\''.format( + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "%test" ESCAPE \'\\\''.format( self.table) self.validate(detection, expected_result) # startswith detection = {"selection": {"fieldname|startswith": "test"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like "test%" escape \'\\\''.format( + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "test%" ESCAPE \'\\\''.format( self.table) self.validate(detection, expected_result) @@ -109,73 +125,73 @@ class TestGenerateQuery(unittest.TestCase): # count detection = {"selection": {"fieldname": "test"}, "condition": "selection | count() > 5"} - inner_query = 'select count(*) as agg from {} where fieldname = "test"'.format( + inner_query = 'SELECT count(*) AS agg FROM {} WHERE fieldname = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # min detection = {"selection": {"fieldname1": "test"}, "condition": "selection | min(fieldname2) > 5"} - inner_query = 'select min(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT min(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # max detection = {"selection": {"fieldname1": "test"}, "condition": "selection | max(fieldname2) > 5"} - inner_query = 'select max(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT max(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # avg detection = {"selection": {"fieldname1": "test"}, "condition": "selection | avg(fieldname2) > 5"} - inner_query = 'select avg(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT avg(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # sum detection = {"selection": {"fieldname1": "test"}, "condition": "selection | sum(fieldname2) > 5"} - inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # < detection = {"selection": {"fieldname1": "test"}, "condition": "selection | sum(fieldname2) < 5"} - inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg < 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg < 5'.format(inner_query) self.validate(detection, expected_result) # == detection = {"selection": {"fieldname1": "test"}, "condition": "selection | sum(fieldname2) == 5"} - inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test"'.format( + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( self.table) - expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) self.validate(detection, expected_result) # group by detection = {"selection": {"fieldname1": "test"}, "condition": "selection | sum(fieldname2) by fieldname3 == 5"} - inner_query = 'select sum(fieldname2) as agg from {} where fieldname1 = "test" group by fieldname3'.format( + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test" GROUP BY fieldname3'.format( self.table) - expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) self.validate(detection, expected_result) # multiple conditions detection = {"selection": {"fieldname1": "test"}, "filter": { - "fieldname2": "tessst"}, "condition": "selection or filter | sum(fieldname2) == 5"} - inner_query = 'select sum(fieldname2) as agg from {} where (fieldname1 = "test" or fieldname2 = "tessst")'.format( + "fieldname2": "tessst"}, "condition": "selection OR filter | sum(fieldname2) == 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE (fieldname1 = "test" OR fieldname2 = "tessst")'.format( self.table) - expected_result = 'select * from ({}) where agg == 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) self.validate(detection, expected_result) def test_wildcards(self): @@ -183,81 +199,81 @@ class TestGenerateQuery(unittest.TestCase): # wildcard: * detection = {"selection": {"fieldname": "test*"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test%"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test%"' + r" ESCAPE '\'" self.validate(detection, expected_result) # wildcard: ? detection = {"selection": {"fieldname": "test?"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test_"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test_"' + r" ESCAPE '\'" self.validate(detection, expected_result) # escaping: detection = {"selection": {"fieldname": r"test\?"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\?"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\?"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test\\*"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\\%"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\%"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test\*"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\*"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\*"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test\\"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\\"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test\abc"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\\abc"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\abc"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test%"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\%"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\%"' + r" ESCAPE '\'" self.validate(detection, expected_result) detection = {"selection": {"fieldname": r"test_"}, "condition": "selection"} - expected_result = 'select * from {} where fieldname like '.format( - self.table) + r'"test\_"' + r" escape '\'" + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\_"' + r" ESCAPE '\'" self.validate(detection, expected_result) # multiple options detection = {"selection": {"fieldname": [ "test*", "*test"]}, "condition": "selection"} - opt1 = 'fieldname like ' + r'"test%"' + r" escape '\'" - opt2 = 'fieldname like ' + r'"%test"' + r" escape '\'" - expected_result = 'select * from {} where ({} or {})'.format( + opt1 = 'fieldname LIKE ' + r'"test%"' + r" ESCAPE '\'" + opt2 = 'fieldname LIKE ' + r'"%test"' + r" ESCAPE '\'" + expected_result = 'SELECT * FROM {} WHERE ({} OR {})'.format( self.table, opt1, opt2) self.validate(detection, expected_result) detection = {"selection": {"fieldname|all": [ "test*", "*test"]}, "condition": "selection"} - opt1 = 'fieldname like ' + r'"test%"' + r" escape '\'" - opt2 = 'fieldname like ' + r'"%test"' + r" escape '\'" - expected_result = 'select * from {} where ({} and {})'.format( + opt1 = 'fieldname LIKE ' + r'"test%"' + r" ESCAPE '\'" + opt2 = 'fieldname LIKE ' + r'"%test"' + r" ESCAPE '\'" + expected_result = 'SELECT * FROM {} WHERE ({} AND {})'.format( self.table, opt1, opt2) self.validate(detection, expected_result) def test_fieldname_mapping(self): detection = {"selection": {"fieldname": "test1"}, "condition": "selection"} - expected_result = 'select * from {} where mapped_fieldname = "test1"'.format( + expected_result = 'SELECT * FROM {} WHERE mapped_fieldname = "test1"'.format( self.table) # configure mapping @@ -274,8 +290,7 @@ class TestGenerateQuery(unittest.TestCase): assert len(parser.parsers) == 1 for p in parser.parsers: - self.assertEqual(expected_result.lower(), - backend.generate(p).lower()) + self.assertEqual(expected_result, backend.generate(p)) def test_not_implemented(self): # near aggregation not implemented @@ -310,8 +325,7 @@ class TestGenerateQuery(unittest.TestCase): for p in parser.parsers: if isinstance(expectation, str): - self.assertEqual(expectation.lower(), - backend.generate(p).lower()) + self.assertEqual(expectation, backend.generate(p)) elif isinstance(expectation, Exception): self.assertRaises(type(expectation), backend.generate, p) diff --git a/tools/tests/test_backend_sqlite.py b/tools/tests/test_backend_sqlite.py index 3c6a7a71..66fc6812 100644 --- a/tools/tests/test_backend_sqlite.py +++ b/tools/tests/test_backend_sqlite.py @@ -1,3 +1,19 @@ +# Test output backends for sigmac +# Copyright 2020 Jonas Hagg + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + import unittest from unittest.mock import patch @@ -15,39 +31,39 @@ class TestFullTextSearch(unittest.TestCase): def test_full_text_search(self): detection = {"selection": ["test1"], "condition": "selection"} - expected_result = 'select * from {0} where {0} match (\'"test1"\')'.format( + expected_result = 'SELECT * FROM {0} WHERE {0} MATCH (\'"test1"\')'.format( self.table) self.validate(detection, expected_result) detection = {"selection": [5], "condition": "selection"} - expected_result = 'select * from {0} where {0} match (\'"5"\')'.format( + expected_result = 'SELECT * FROM {0} WHERE {0} MATCH (\'"5"\')'.format( self.table) self.validate(detection, expected_result) detection = {"selection": ["test1", "test2"], "condition": "selection"} - expected_result = 'select * from {0} where ({0} match (\'"test1" OR "test2"\'))'.format( + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": ["test1"], "filter":["test2"], "condition": "selection and filter"} - expected_result = 'select * from {0} where ({0} match (\'"test1" and "test2"\'))'.format( + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" AND "test2"\'))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": [5, 6], "condition": "selection"} - expected_result = 'select * from {0} where ({0} match (\'"5" OR "6"\'))'.format( + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"5" OR "6"\'))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": ["test1"], "filter": [ "test2"], "condition": "selection or filter"} - expected_result = 'select * from {0} where ({0} match (\'"test1" OR "test2"\'))'.format( + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( self.table) self.validate(detection, expected_result) detection = {"selection": ["test1"], "filter": [ "test2"], "condition": "selection and filter"} - expected_result = 'select * from {0} where ({0} match (\'"test1" and "test2"\'))'.format( + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" AND "test2"\'))'.format( self.table) self.validate(detection, expected_result) @@ -55,26 +71,26 @@ class TestFullTextSearch(unittest.TestCase): # aggregation with fts detection = {"selection": ["test"], "condition": "selection | count() > 5"} - inner_query = 'select count(*) as agg from {0} where {0} match (\'"test"\')'.format( + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE {0} MATCH (\'"test"\')'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) detection = {"selection": ["test1", "test2"], "condition": "selection | count() > 5"} - inner_query = 'select count(*) as agg from {0} where ({0} match (\'"test1" or "test2"\'))'.format( + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) # aggregation + group by + fts detection = {"selection": ["test1", "test2"], "condition": "selection | count() by fieldname > 5"} - inner_query = 'select count(*) as agg from {0} where ({0} match (\'"test1" or "test2"\')) group by fieldname'.format( + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\')) GROUP BY fieldname'.format( self.table) - expected_result = 'select * from ({}) where agg > 5'.format(inner_query) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) self.validate(detection, expected_result) - + def test_not_implemented(self): # fts not implemented with wildcards detection = {"selection": ["test*"], "condition": "selection"} @@ -124,8 +140,7 @@ class TestFullTextSearch(unittest.TestCase): for p in parser.parsers: if isinstance(expectation, str): - self.assertEqual(expectation.lower(), - backend.generate(p).lower()) + self.assertEqual(expectation, backend.generate(p)) elif isinstance(expectation, Exception): self.assertRaises(type(expectation), backend.generate, p) From 4a8ab88adecc4035aedb8b8780c29a76a31eca04 Mon Sep 17 00:00:00 2001 From: Jonas Plum Date: Sat, 30 May 2020 00:15:38 +0200 Subject: [PATCH 401/714] Fix test path --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2766a7e7..30e2fb99 100644 --- a/Makefile +++ b/Makefile @@ -109,7 +109,7 @@ test-backend-es-qs: tests/test-backend-es-qs.py test-backend-sql: - pytest tests/test_backend_sql.py tests/test_backend_sqlite.py + pytest tools/tests/test_backend_sql.py tools/tests/test_backend_sqlite.py test-sigma2attack: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigma2attack From 5cc82d0f05b4a0ea6640f6bdc4fc0fe719945108 Mon Sep 17 00:00:00 2001 From: Jonas Plum Date: Sat, 30 May 2020 00:56:06 +0200 Subject: [PATCH 402/714] Move testcase --- .github/workflows/sigma-test.yml | 3 +++ Makefile | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index b6e10159..ee0c317a 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -35,3 +35,6 @@ jobs: - name: Test Generated Elasticsearch Query Strings run: | make test-backend-es-qs + - name: Test SQL(ite) Backend + run: | + make test-backend-sql diff --git a/Makefile b/Makefile index 30e2fb99..5b2c7f17 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ TMPOUT = $(shell tempfile||mktemp) COVSCOPE = tools/sigma/*.py,tools/sigma/backends/*.py,tools/sigmac,tools/merge_sigma,tools/sigma2attack export COVERAGE = coverage -test: clearcov test-rules test-sigmac test-merge test-backend-sql test-sigma2attack build finish +test: clearcov test-rules test-sigmac test-merge test-sigma2attack build finish clearcov: rm -f .coverage @@ -109,7 +109,8 @@ test-backend-es-qs: tests/test-backend-es-qs.py test-backend-sql: - pytest tools/tests/test_backend_sql.py tools/tests/test_backend_sqlite.py + cd tools && python3 setup.py install + cd tools && python3 -m pytest tests/test_backend_sql.py tests/test_backend_sqlite.py test-sigma2attack: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigma2attack From 3a6ac5bd5c711848b9e85b94741b210740cdada9 Mon Sep 17 00:00:00 2001 From: Jonas Plum Date: Sat, 30 May 2020 01:57:06 +0200 Subject: [PATCH 403/714] Remove unused function --- Makefile | 2 +- tools/sigma/backends/sql.py | 2 +- tools/sigma/backends/sqlite.py | 19 +------------------ 3 files changed, 3 insertions(+), 20 deletions(-) diff --git a/Makefile b/Makefile index 5b2c7f17..e4968975 100644 --- a/Makefile +++ b/Makefile @@ -110,7 +110,7 @@ test-backend-es-qs: test-backend-sql: cd tools && python3 setup.py install - cd tools && python3 -m pytest tests/test_backend_sql.py tests/test_backend_sqlite.py + cd tools && $(COVERAGE) run -m pytest tests/test_backend_sql.py tests/test_backend_sqlite.py test-sigma2attack: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigma2attack diff --git a/tools/sigma/backends/sql.py b/tools/sigma/backends/sql.py index 7ea27c76..5b446a6f 100644 --- a/tools/sigma/backends/sql.py +++ b/tools/sigma/backends/sql.py @@ -178,7 +178,7 @@ class SQLBackend(SingleTextQueryBackend): def generateQuery(self, parsed): if self._recursiveFtsSearch(parsed.parsedSearch): - raise NotImplementedError("FullTextSearch not implemented for SQL Backend, use SQLite Backend.") + raise NotImplementedError("FullTextSearch not implemented for SQL Backend.") result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: diff --git a/tools/sigma/backends/sqlite.py b/tools/sigma/backends/sqlite.py index f29b0eb2..8eec13ea 100644 --- a/tools/sigma/backends/sqlite.py +++ b/tools/sigma/backends/sqlite.py @@ -20,7 +20,7 @@ import re class SQLiteBackend(SQLBackend): - """SQLiteBackend provides FullTextSearch functionality""" + """Converts Sigma rule into SQL query for SQLite""" identifier = "sqlite" active = True @@ -121,20 +121,3 @@ class SQLiteBackend(SQLBackend): return "SELECT * FROM {} WHERE {}".format(fro, whe) return "SELECT * FROM {} WHERE {}".format(self.table, result) - - def generateFullTextQuery(self, search, parsed): - - search = search.replace('"', '') - search = '" OR "'.join(search.split(" OR ")) - search = '" AND "'.join(search.split(" AND ")) - search = '"{}"'.format(search) - search = search.replace('%', '') - search = search.replace('_', '') - search = '{} MATCH (\'{}\')'.format(self.table, search) - - if parsed.parsedAgg: - # Handle aggregation - fro, whe = self.generateAggregation(parsed.parsedAgg, search) - return "SELECT * FROM {} WHERE {}".format(fro, whe) - - return 'SELECT * FROM {} WHERE {}'.format(self.table, search) \ No newline at end of file From b1c11cc345a37cba633f7bd4a15a659d90d2d466 Mon Sep 17 00:00:00 2001 From: ecco Date: Mon, 1 Jun 2020 03:30:27 -0400 Subject: [PATCH 404/714] add WMI module load false positive --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 8c660f19..3b6561ec 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -35,6 +35,8 @@ detection: - '\CompatTelRunner.exe' - '\sdiagnhost.exe' - '\SIHClient.exe' + - '\msfeedssync.exe' + - '\mmc.exe' condition: selection and not filter fields: - ComputerName From 4ed512011aff89a9398bffeffdd80341b0cf2904 Mon Sep 17 00:00:00 2001 From: Sven Scharmentke Date: Wed, 3 Jun 2020 09:00:59 +0200 Subject: [PATCH 405/714] All Rules use 'TargetFilename' instead of 'TargetFileName'. This commit fixes the incorrect spelling. --- other/godmode_sigma_rule.yml | 2 +- rules-unsupported/sysmon_process_reimaging.yml | 4 ++-- rules/windows/process_creation/win_hktl_createminidump.yml | 2 +- .../windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml | 2 +- rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/other/godmode_sigma_rule.yml b/other/godmode_sigma_rule.yml index 218e0484..67969b7b 100644 --- a/other/godmode_sigma_rule.yml +++ b/other/godmode_sigma_rule.yml @@ -104,7 +104,7 @@ logsource: detection: selection_file_creation: EventID: 11 - TargetFileName|contains: + TargetFilename|contains: - '.dmp' # dump process memory - 'Desktop\how' # Ransomware - 'Desktop\decrypt' # Ransomware diff --git a/rules-unsupported/sysmon_process_reimaging.yml b/rules-unsupported/sysmon_process_reimaging.yml index 9d557b06..3da02214 100644 --- a/rules-unsupported/sysmon_process_reimaging.yml +++ b/rules-unsupported/sysmon_process_reimaging.yml @@ -5,7 +5,7 @@ description: Detects process reimaging defense evasion technique # where # selection1: ImageFileName != selection1: OriginalFileName # selection1: ParentProcessGuid = selection2: ProcessGuid -# selection1: Image = selection2: TargetFileName +# selection1: Image = selection2: TargetFilename # and new field ImageFileName is coming from enrichment # selection1: Image = ^.+\\$ # Rule must trigger if selection1 and selection2 both occurs in timeframe of 120 sec. @@ -45,4 +45,4 @@ detection: EventID: 11 fields: - ProcessGuid - - TargetFileName + - TargetFilename diff --git a/rules/windows/process_creation/win_hktl_createminidump.yml b/rules/windows/process_creation/win_hktl_createminidump.yml index a0e556d8..6129c97a 100644 --- a/rules/windows/process_creation/win_hktl_createminidump.yml +++ b/rules/windows/process_creation/win_hktl_createminidump.yml @@ -29,5 +29,5 @@ logsource: detection: selection: EventID: 11 - TargetFileName|contains: '*\lsass.dmp' + TargetFilename|contains: '*\lsass.dmp' condition: 1 of them diff --git a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml index 0f6036df..54f7e04f 100644 --- a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml +++ b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml @@ -20,7 +20,7 @@ detection: condition: selection fields: - ComputerName - - TargetFileName + - TargetFilename falsepositives: - Dumping lsass memory for forensic investigation purposes by legitimate incident responder or forensic invetigator level: medium diff --git a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml b/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml index c26821f2..efb359ac 100644 --- a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml +++ b/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml @@ -11,7 +11,7 @@ detection: selection: EventID: 11 Image: '*\mstsc.exe' - TargetFileName: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' + TargetFilename: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' condition: selection falsepositives: - unknown From 84dd8c39c46d0f667104228390ccc923aa6abe33 Mon Sep 17 00:00:00 2001 From: William Bruneau Date: Tue, 5 May 2020 09:04:47 +0200 Subject: [PATCH 406/714] Move null values out from list in rules --- rules/windows/sysmon/sysmon_ads_executable.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/sysmon/sysmon_ads_executable.yml b/rules/windows/sysmon/sysmon_ads_executable.yml index 7e111015..dbb055ad 100644 --- a/rules/windows/sysmon/sysmon_ads_executable.yml +++ b/rules/windows/sysmon/sysmon_ads_executable.yml @@ -17,11 +17,11 @@ logsource: detection: selection: EventID: 15 - filter: - Imphash: - - '00000000000000000000000000000000' - - null - condition: selection and not filter + filter1: + Imphash: '00000000000000000000000000000000' + filter2: + Imphash: null + condition: selection and not 1 of filter* fields: - TargetFilename - Image From a2ca199e7d0e0063bccdbf5732b428aaf2bedb28 Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Wed, 3 Jun 2020 17:38:03 -0400 Subject: [PATCH 407/714] added rules for Lazaurs and hhsgov --- .../win_apt_lazarus_session_highjack.yml | 27 +++++++++++++++++++ .../process_creation/win_susp_findstr_lnk.yml | 27 +++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_lazarus_session_highjack.yml create mode 100644 rules/windows/process_creation/win_susp_findstr_lnk.yml diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml new file mode 100644 index 00000000..a9fc5185 --- /dev/null +++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml @@ -0,0 +1,27 @@ +title: Lazarus Session Highjacker +id: 3f7f5b0b-5b16-476c-a85f-ab477f6dd24b +description: Detects executables launched outside their default directories as used by Lazarus Group (Bluenoroff) +status: experimental +references: + - https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf +tags: + - attack.defense_evasion + - attack.t1036 +author: Trent Liffick (@tliffick) +date: 2020/06/03 +logsource: + category: process_creation + product: windows +detection: + selection: + Image: + - '*\mstdc.exe' + - '*\gpvc.exe' + filter: + Image: + - 'C:\Windows\System32\\*' + - 'C:\Windows\SysWOW64\\*' + condition: selection and not filter +falsepositives: + - unknown +level: high diff --git a/rules/windows/process_creation/win_susp_findstr_lnk.yml b/rules/windows/process_creation/win_susp_findstr_lnk.yml new file mode 100644 index 00000000..07fb7d3b --- /dev/null +++ b/rules/windows/process_creation/win_susp_findstr_lnk.yml @@ -0,0 +1,27 @@ +title: Findstr Launching .lnk File +id: 33339be3-148b-4e16-af56-ad16ec6c7e7b +description: Detects usage of findstr to identify and execute a lnk file as seen within the HHS redirect attack +status: experimental +references: + - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/ +tags: + - attack.execution + - attack.t1202 + - attack.1034 +author: Trent Liffick +date: 2020/05/01 +logsource: + category: process_creation + product: windows +detection: + selection: + Image: '*\findstr.exe' + CommandLine: '*.lnk' + condition: selection +fields: + - Image + - CommandLine + - ParentCommandLine +falsepositives: + - unknown +level: medium From 2af501c9f51fb22e7dcf5c643f276d81ee162955 Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Wed, 3 Jun 2020 17:40:05 -0400 Subject: [PATCH 408/714] added rule for zLoader & Office detects changes to Office macro settings & ZLoader malware --- .../sysmon/mal_zloader_reg_changes.yml | 29 ++++++++++++++++++ .../sysmon/sysmon_reg_office_security.yml | 30 +++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 rules/windows/sysmon/mal_zloader_reg_changes.yml create mode 100644 rules/windows/sysmon/sysmon_reg_office_security.yml diff --git a/rules/windows/sysmon/mal_zloader_reg_changes.yml b/rules/windows/sysmon/mal_zloader_reg_changes.yml new file mode 100644 index 00000000..1c85697b --- /dev/null +++ b/rules/windows/sysmon/mal_zloader_reg_changes.yml @@ -0,0 +1,29 @@ +title: zLoader Registry Changes +id: 916ae9c5-a21a-4e34-b2ea-deccd16fba01 +description: Detects the registry changes made by zLoader malware +status: experimental +references: + - https://clickallthethings.wordpress.com/2020/05/13/zloader-and-xlm-4-0-making-evasion-great-again/ +author: Trent Liffick +date: 2020/05/13 +tags: + - attack.execution + - attack.t1112 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: + - 12 + - 13 + TargetObject: + - '*SOFTWARE\Microsoft\Office\\*\Word\Security' + condition: selection +fields: + - Image + - TargetObject + - TargetDetails +falsepositives: + - unknown +level: low diff --git a/rules/windows/sysmon/sysmon_reg_office_security.yml b/rules/windows/sysmon/sysmon_reg_office_security.yml new file mode 100644 index 00000000..e9f00dda --- /dev/null +++ b/rules/windows/sysmon/sysmon_reg_office_security.yml @@ -0,0 +1,30 @@ +title: Office Security Settings Changed +id: a166f74e-bf44-409d-b9ba-ea4b2dd8b3cd +status: experimental +description: Detects registry changes to Office macro settings +author: Trent Liffick (@tliffick) +date: 2020/05/22 +references: +tags: + - attack.defense_evasion + - attack.t1112 +falsepositives: + - Valid Macros and/or internal documents +level: high +logsource: + service: sysmon + product: windows +detection: + sec_settings: + EventID: + - 12 + - 13 + TargetObject|endswith: + - '*\Security\Trusted Documents\TrustRecords' + - '*\Security\AccessVBOM' + - '*\Security\VBAWarnings' + EventType: + - SetValue + - DeleteValue + - CreateValue + condition: sec_settings From 3c89f46899bd7671af0de68b43c101e121bae0d0 Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Wed, 3 Jun 2020 17:43:12 -0400 Subject: [PATCH 409/714] removed unwanted file --- .../sysmon/mal_zloader_reg_changes.yml | 29 ------------------- 1 file changed, 29 deletions(-) delete mode 100644 rules/windows/sysmon/mal_zloader_reg_changes.yml diff --git a/rules/windows/sysmon/mal_zloader_reg_changes.yml b/rules/windows/sysmon/mal_zloader_reg_changes.yml deleted file mode 100644 index 1c85697b..00000000 --- a/rules/windows/sysmon/mal_zloader_reg_changes.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: zLoader Registry Changes -id: 916ae9c5-a21a-4e34-b2ea-deccd16fba01 -description: Detects the registry changes made by zLoader malware -status: experimental -references: - - https://clickallthethings.wordpress.com/2020/05/13/zloader-and-xlm-4-0-making-evasion-great-again/ -author: Trent Liffick -date: 2020/05/13 -tags: - - attack.execution - - attack.t1112 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: - - 12 - - 13 - TargetObject: - - '*SOFTWARE\Microsoft\Office\\*\Word\Security' - condition: selection -fields: - - Image - - TargetObject - - TargetDetails -falsepositives: - - unknown -level: low From 6c8c0cd85dc3c12ed5bfe5ba52c50aca41c2c927 Mon Sep 17 00:00:00 2001 From: Trent Liffick Date: Wed, 3 Jun 2020 17:51:57 -0400 Subject: [PATCH 410/714] Removed incorrect technique --- rules/windows/process_creation/win_susp_findstr_lnk.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_susp_findstr_lnk.yml b/rules/windows/process_creation/win_susp_findstr_lnk.yml index 07fb7d3b..657d47ff 100644 --- a/rules/windows/process_creation/win_susp_findstr_lnk.yml +++ b/rules/windows/process_creation/win_susp_findstr_lnk.yml @@ -5,9 +5,8 @@ status: experimental references: - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/ tags: - - attack.execution + - attack.defense_evasion - attack.t1202 - - attack.1034 author: Trent Liffick date: 2020/05/01 logsource: From 09afae1e66393f5c534a7dd8c9a6d96419f35bd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 14:27:19 +0300 Subject: [PATCH 411/714] Create sysmon_apt_muddywater_dnstunnel.yml Detecting DNS tunnel activity from MuddyWater as in https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ --- .../sysmon_apt_muddywater_dnstunnel.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml new file mode 100644 index 00000000..38a29292 --- /dev/null +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -0,0 +1,26 @@ +title: "Muddywater DNS tunnel method detection" +description: "Detecting DNS tunnel activity from Muddywater" +author: Furkan Caliskan +status: "testing" +references: +- https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ +- https://www.vmray.com/analyses/5ad401c3a568/report/overview.html +tags: +- attack.command_and_control +- attack.t1071 +logsource: + product: "windows" + service: "sysmon" +detection: + selection: + EventID: 1 + Image|endswith: + - '\powershell.exe' + ParentImage|endswith: + - '\excel.exe' + CommandLine|contains: + - 'DataExchange.dll' + condition: selection +falsepositives: +- Unkown +level: medium From bafd6bde5f69f7d519426ac1273de9260b7bf517 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 14:45:10 +0300 Subject: [PATCH 412/714] Convert to process_creation Convert to process_creation --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 38a29292..2c39917a 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -1,4 +1,4 @@ -title: "Muddywater DNS tunnel method detection" +title: "Muddywater DNS tunnel detection" description: "Detecting DNS tunnel activity from Muddywater" author: Furkan Caliskan status: "testing" @@ -9,8 +9,8 @@ tags: - attack.command_and_control - attack.t1071 logsource: - product: "windows" - service: "sysmon" + category: process_creation + product: windows detection: selection: EventID: 1 From 1c677aa172fbdc42dd2b07fbca4d3cfb33e33815 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 18:13:32 +0300 Subject: [PATCH 413/714] Fix title as in guideline Fix title error as in guideline and other cosmetic changes --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 2c39917a..13ee8b63 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -1,7 +1,7 @@ -title: "Muddywater DNS tunnel detection" -description: "Detecting DNS tunnel activity from Muddywater" +title: Muddywater DNS tunnel activity +description: Detecting DNS tunnel activity for Muddywater actor author: Furkan Caliskan -status: "testing" +status: testing references: - https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ - https://www.vmray.com/analyses/5ad401c3a568/report/overview.html From 0744107fbb3fcf2444d00a8d3539dd1a2ce6bbd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 18:19:08 +0300 Subject: [PATCH 414/714] Deleted EventID part --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 13ee8b63..87b6a254 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -13,7 +13,6 @@ logsource: product: windows detection: selection: - EventID: 1 Image|endswith: - '\powershell.exe' ParentImage|endswith: From 5e373153ebf64c2d1d4a47e9cbc2a14c356f4ecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 18:28:37 +0300 Subject: [PATCH 415/714] Title fix --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 87b6a254..b77e33e3 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -1,4 +1,4 @@ -title: Muddywater DNS tunnel activity +title: DNS Tunnel Technique from MuddyWater description: Detecting DNS tunnel activity for Muddywater actor author: Furkan Caliskan status: testing From e958a6a9398d0dc32eeb78eccfeeb2dfc0081fe3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 18:34:44 +0300 Subject: [PATCH 416/714] Date added --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index b77e33e3..e13e7fca 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -1,7 +1,8 @@ title: DNS Tunnel Technique from MuddyWater description: Detecting DNS tunnel activity for Muddywater actor -author: Furkan Caliskan -status: testing +author: '@caliskanfurkan_' +status: experimental +date: 2020/06/04 references: - https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ - https://www.vmray.com/analyses/5ad401c3a568/report/overview.html From 082696ee84e00d2c1367267f156d31bfb52c415a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Thu, 4 Jun 2020 18:38:42 +0300 Subject: [PATCH 417/714] Added UUID --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index e13e7fca..32004f6e 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -1,4 +1,5 @@ title: DNS Tunnel Technique from MuddyWater +id: 36222790-0d43-4fe8-86e4-674b27809543 description: Detecting DNS tunnel activity for Muddywater actor author: '@caliskanfurkan_' status: experimental From 2e77e6528503c5f2bd80ca07e1ccc64eb381758e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 5 Jun 2020 11:03:28 +0200 Subject: [PATCH 418/714] rule: Covenant launchers --- .../process_creation/win_susp_covenant.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_covenant.yml diff --git a/rules/windows/process_creation/win_susp_covenant.yml b/rules/windows/process_creation/win_susp_covenant.yml new file mode 100644 index 00000000..8f0f92a6 --- /dev/null +++ b/rules/windows/process_creation/win_susp_covenant.yml @@ -0,0 +1,25 @@ +title: Covenant Launcher Indicators +id: c260b6db-48ba-4b4a-a76f-2f67644e99d2 +description: Detects suspicious command lines used in Covenant luanchers +status: experimental +references: + - https://posts.specterops.io/covenant-v0-5-eee0507b85ba +author: Florian Roth +date: 2020/06/04 +tags: + - attack.execution + - attack.t1086 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains: + - ' -Sta -Nop -Window Hidden -Command ' + - ' -Sta -Nop -Window Hidden -EncodedCommand ' + - 'sv o (New-Object IO.MemorySteam);sv d ' + - 'mshta file.hta' + - 'GruntHTTP' + - '-EncodedCommand cwB2ACAAbwAgA' + condition: selection +level: high From 55beecac28ac1679f23771eef77e8c56dbfa7646 Mon Sep 17 00:00:00 2001 From: Nate Guagenti Date: Fri, 5 Jun 2020 13:18:03 -0400 Subject: [PATCH 419/714] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit d97d2ced8274bd2972b5d10ff8a56fc6c2c0242f Merge: 022d73f8 84dd8c39 Author: Florian Roth Date: Wed Jun 3 15:53:55 2020 +0200 Merge pull request #725 from WilliamBruneau/fix_null_list Move null values out from list in rules commit 84dd8c39c46d0f667104228390ccc923aa6abe33 Author: William Bruneau Date: Tue May 5 09:04:47 2020 +0200 Move null values out from list in rules commit 022d73f842c403a1859a558b8f443c1cc2f5ab0a Merge: 0cbc099d 4ed51201 Author: Florian Roth Date: Wed Jun 3 10:48:05 2020 +0200 Merge pull request #811 from svnscha/fix/field-TargetFileName-to-TargetFilename All Rules use 'TargetFilename' instead of 'TargetFileName'. commit 4ed512011aff89a9398bffeffdd80341b0cf2904 Author: Sven Scharmentke Date: Wed Jun 3 09:00:59 2020 +0200 All Rules use 'TargetFilename' instead of 'TargetFileName'. This commit fixes the incorrect spelling. commit 0cbc099def5b79ff2d01164e035c743972f6fe66 Merge: 74e16fdc 3a6ac5bd Author: Florian Roth Date: Sat May 30 09:31:45 2020 +0200 Merge pull request #807 from forensicanalysis/master Add sqlite backend commit 3a6ac5bd5c711848b9e85b94741b210740cdada9 Author: Jonas Plum Date: Sat May 30 01:57:06 2020 +0200 Remove unused function commit 5cc82d0f05b4a0ea6640f6bdc4fc0fe719945108 Author: Jonas Plum Date: Sat May 30 00:56:06 2020 +0200 Move testcase commit 4a8ab88adecc4035aedb8b8780c29a76a31eca04 Author: Jonas Plum Date: Sat May 30 00:15:38 2020 +0200 Fix test path commit 70935d26ce214b566b34c4555531e0510a619a99 Author: Jonas Plum Date: Fri May 29 23:56:05 2020 +0200 Add license header commit 74e16fdccddf604943ab74d27cdd3a4bb38bd957 Merge: e20b58c4 537bda44 Author: Florian Roth Date: Fri May 29 17:32:43 2020 +0200 Merge pull request #803 from gamma37/clear_cmd_history Edit Clear Command History commit e20b58c421194d1125c8c81a88818fc8058ede31 Merge: 7f2fa05e a00f7f19 Author: Florian Roth Date: Fri May 29 17:32:27 2020 +0200 Merge pull request #806 from SanWieb/sysmon_creation_system_file Fixed wrong field & Improve rule commit a00f7f19a14b58ab9ca98f6a4215a3ca9eb1932a Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Fri May 29 16:25:54 2020 +0200 Add tagg Endswith Prevent the trigger of {}.exe.log commit 38afd8b5def24191616ff0f0c0324cfbb7f0d6d0 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Thu May 28 21:52:17 2020 +0200 Fixed wrong field commit 7f2fa05ed300ee42b83677897f326cf81a6d61d8 Merge: ec313b6c 39b41b55 Author: Florian Roth Date: Thu May 28 11:16:44 2020 +0200 Merge pull request #802 from Neo23x0/rule-devel ComRAT and KazuarRAT commit 537bda4417ef90f5af9c754d3b0d965c79103cb0 Author: gamma37 Date: Thu May 28 10:56:35 2020 +0200 Update lnx_shell_clear_cmd_history.yml commit 5a489348224307685cf63bb0cdd7d8b7288d5fc7 Author: gamma37 Date: Thu May 28 10:52:17 2020 +0200 Edit Clear Command History I suggest a new point of view to detect that bash_history has been cleared : Instead of trying to detect all the commands that can do that, we could monitor the size of the file and log whenever it has less than 1 line. commit 39b41b5582ac76ddd8fe694ce31dc6288d60b631 Author: Florian Roth Date: Thu May 28 10:13:38 2020 +0200 rule: moved DebugView rule to process creation category commit 76dcc1a16fff440951c2d5d15307b8337ae6f792 Author: Florian Roth Date: Thu May 28 09:22:25 2020 +0200 rule: renamed debugview commit ec313b6c8ae02e17e9fa4da82cf766d24a3298ba Merge: 5bb6770f d44fc43c Author: Florian Roth Date: Wed May 27 08:49:20 2020 +0200 Merge pull request #801 from SanWieb/sysmon_creation_system_file Rule: sysmon_creation_system_file commit d44fc43c5452e4e62b5dcf990139a4e166dda706 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 19:10:11 2020 +0200 Add extension commit f6ec724d51b9feb83ce903c6c6398f9c143b9bd4 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 18:53:54 2020 +0200 Rule: sysmon_creation_system_file commit 5bb6770f5305cf2e1401191a39f392e6d04722d6 Merge: 0b398c5b 3681b8cb Author: Florian Roth Date: Tue May 26 14:28:47 2020 +0200 Merge pull request #800 from SanWieb/win_system_exe_anomaly Extended Windows processes: win_system_exe_anomaly commit 4ca81b896d044e6ff9ffb9798a7b503029a52259 Author: Florian Roth Date: Tue May 26 14:19:22 2020 +0200 rule: Turla ComRAT report commit 3681b8cb56144248ed57afdb31ce748d01190a0b Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 13:56:51 2020 +0200 Extended Windows processes commit 0b398c5bf0d186653e41bb407caf182042f6ce87 Merge: c1f47875 b648998f Author: Florian Roth Date: Tue May 26 13:31:57 2020 +0200 Merge pull request #798 from Neo23x0/rule-devel rule: confluence exploit CVE-2019-3398 & Turla ComRAT commit c1f4787566fb522ce784487148cec52e92f698ae Merge: ce1f4634 48c5f2ed Author: Florian Roth Date: Tue May 26 13:21:04 2020 +0200 Merge pull request #797 from NVISO-BE/sysmon_cve-2020-1048 Changes to sysmon_cve-2020-1048 commit ce1f46346fe948b3494ec55acc19079e98a6a90c Merge: e131f347 1a598282 Author: Florian Roth Date: Tue May 26 13:20:40 2020 +0200 Merge pull request #751 from zaphodef/fix/powershell_ntfs_ads_access Add 'Add-Content' to powershell_ntfs_ads_access commit e131f3476e4601b7fd2e0458f3b46be953408eb9 Merge: 30861b55 7037e775 Author: Florian Roth Date: Tue May 26 13:20:23 2020 +0200 Merge pull request #796 from EccoTheFlintstone/fp add more false positives commit 30861b558ce294d75e7bba40605ac7d962fd4a69 Merge: a962bd1b f9f814f3 Author: Florian Roth Date: Tue May 26 13:20:07 2020 +0200 Merge pull request #799 from SanWieb/susp_file_characteristics Susp file characteristics: Reduce FP of legitime processes commit b648998fd0e7100f6a39d7323be0cc1941e49d5e Author: Florian Roth Date: Tue May 26 13:18:50 2020 +0200 rule: Turla ComRAT commit f9f814f3b3d927a31a9e7703f03e4bd6e28f8e05 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 13:06:27 2020 +0200 Shortened title commit a241792e1077be912087c0f22a735e427d9d43ab Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 12:58:15 2020 +0200 Reduce FP of legitime processes A lot of Windows apps does not have any file characteristics. Some examples: - Gamebar: C:\\Program Files\\WindowsApps\\Microsoft.XboxGamingOverlay_3.38.25003.0_x64__8wekyb3d8bbwe\\GameBarFT.exe - YourPhone: C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.20022.82.0_x64__8wekyb3d8bbwe\\YourPhoneServer/YourPhoneServer.exe All C:\Windows\System32\OpenSSH (scp, sftp, ssh etc) does not have a description and company. Python 2.7, 3.3 and 3.7 does not have any file characteristics. So I don't think it is possible to whitelist all options, maybe it is worthwhile to check the \Downloads\ folder otherwise it would be better to just delete the rule. All other suspicious folders are covered by /rules/windows/process_creation/win_susp_exec_folder.yml commit cdf1ade6254533f55b1802d081b33fdfac6a9077 Author: Florian Roth Date: Tue May 26 12:27:16 2020 +0200 fix: typo in selection commit 91b4ee8d5611b481896a7b7034826d86b435e815 Merge: 4cd7c39e a962bd1b Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Tue May 26 12:24:21 2020 +0200 Merge pull request #2 from Neo23x0/master Update repository commit 828484d7c6384d85d74ace3ab577fd6b60d22f2a Author: Florian Roth Date: Tue May 26 12:09:41 2020 +0200 rule: confluence exploit CVE-2019-3398 commit 48c5f2ed094ead20bd7b94786530e0583e0d5323 Author: Remco Hofman Date: Tue May 26 11:20:21 2020 +0200 Update to sysmon_cve-2020-1048 Added .com executables to detection Second TargetObject should have been Details commit abf1a2c6d7eb6a031fcb60dd003fccf62bd7af33 Author: Jonas Hagg Date: Mon May 25 10:54:16 2020 +0200 Adjusted Makefile commit dedfb65d635f544011e30cf6ab303db7d782e092 Author: Jonas Hagg Date: Mon May 25 10:44:14 2020 +0200 Implemented Aggregation for SQL, Added SQLite FullTextSearch commit 7037e77569e062b85f335ef3c9d04b2d392b5214 Author: ecco Date: Mon May 25 04:50:22 2020 -0400 add more FP commit a962bd1bc19d96a415d99322a6df5144011b2ffd Merge: 0afe0623 d510e1aa Author: Florian Roth Date: Mon May 25 10:48:36 2020 +0200 Merge pull request #747 from zaphodef/fix/win_susp_backup_delete_source Fix 'source' value for win_susp_backup_delete commit 0afe0623afd2fbe9cd46074142643536ae5c5cfd Merge: 92d0aa86 beb62dc1 Author: Florian Roth Date: Mon May 25 10:47:23 2020 +0200 Merge pull request #757 from tliffick/master added rule for Blue Mockingbird (cryptominer) commit 92d0aa86549ba8371fa0856dfb364354ef5409bd Merge: 0dda757c 6fcf3f9e Author: Florian Roth Date: Mon May 25 10:46:39 2020 +0200 Merge pull request #795 from SanWieb/Rule-improvement-Netsh-program-allowed Rule improvement: netsh Application or Port allowed commit 6fcf3f9ebf3ae66ee9bb7853f823dfe11f62d2c1 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon May 25 10:13:26 2020 +0200 Update win_netsh_fw_add.yml commit 28652e4648fca1cbc48149163c001f209275c7dd Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon May 25 10:02:13 2020 +0200 Add Windows Server 2008 and Windows Vista support It did not support the command `netsh advfirewall firewall add` commit 2678cd1d3e104bd916262f8a242c28006704a457 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon May 25 09:50:47 2020 +0200 Create win_netsh_fw_add_susp_image.yml More critical version of the rule windows/process_creation/win_netsh_fw_add.yml with the suspicious image location check. Combined the following rules for the suspicious locations: https://github.com/Neo23x0/sigma//blob/master/rules/windows/sysmon/sysmon_susp_download_run_key.yml https://github.com/Neo23x0/sigma/blob/master/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_susp_run_locations.yml commit 4cd7c39e9d17182018af175692d5c98c6bb9894e Merge: 6fbfa9df 0dda757c Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Mon May 25 08:48:16 2020 +0200 Merge pull request #1 from Neo23x0/master Update repository commit 0dda757ca59b5f80da0e537932e73e8a2be5540d Merge: 40f0beb5 daf7ab5f Author: Thomas Patzke Date: Sun May 24 22:58:58 2020 +0200 Merge branch 'socprime-master' commit daf7ab5ff71c48aec9fab29a70c62a3fec310768 Author: Thomas Patzke Date: Sun May 24 22:41:38 2020 +0200 Cleanup: removal of corelight_* backends commit d45f8e19fef854a1779973d9a8ae51714d38257d Author: Thomas Patzke Date: Sun May 24 21:46:55 2020 +0200 Fixes commit 32e4998c4967d7d09762d994e69cca4ccc143f3c Author: Thomas Patzke Date: Sun May 24 21:45:37 2020 +0200 Removed dead code from ALA backend. commit 24b08bbf30f51e07226a0debd9039763bae3d511 Merge: 96fae4be e8b956f5 Author: Thomas Patzke Date: Sun May 24 17:06:32 2020 +0200 Merge branch 'master' of https://github.com/socprime/sigma into socprime-master commit 40f0beb58da299e648df1eebf2480e3393ab0cc3 Merge: 6fbfa9df b8ee736f Author: Florian Roth Date: Sun May 24 16:30:10 2020 +0200 Merge pull request #794 from SanWieb/update_susp_run_key Remove AppData folder as suspicious folder commit b8ee736f4484ec86e23a5016bd9c634c909b8e33 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Sun May 24 15:16:07 2020 +0200 Remove AppData folder as suspicious folder A lot of software is using the AppData folder for startup keys. Some examples: - Microsoft Teams (\AppData\Local\Microsoft\Teams) - Resilio (\AppData\Roaming\Resilio Sync\) - Discord ( (\AppData\Local\Discord\) - Spotify ( (\AppData\Roaming\Spotify\) Too many to whitelist them all commit 6fbfa9dfdd82372120470ddc87e43410401f6fca Merge: d0da2810 3028a270 Author: Florian Roth Date: Sat May 23 23:47:12 2020 +0200 Merge pull request #793 from Neo23x0/rule-devel Esentutl rule and StrongPity Loader UA commit f970d28f10b1e7906593265055bb6a804142ee4e Author: ecco Date: Sat May 23 15:06:15 2020 -0400 add more false positives commit 3028a27055b5ed7a1104cfa8389b7e5005fb0f83 Author: Florian Roth Date: Sat May 23 18:32:02 2020 +0200 fix: buggy rule commit df715386b6abaa5a1208dc611d4e1e3e7cf91d3a Author: Florian Roth Date: Sat May 23 18:27:36 2020 +0200 rule: suspicious esentutl use commit d0da2810c1180efd7e170e73c4e52fd2c21a94c0 Merge: 8321cc7e 67faf4bd Author: Florian Roth Date: Sat May 23 18:13:16 2020 +0200 Merge pull request #792 from EccoTheFlintstone/fff fix FP + remove powershell rule redundant with sysmon_in_memory_power… commit 8321cc7ee1af886b2672abac5edb148cd1040231 Merge: 9cd9a301 e1a05dfc Author: Florian Roth Date: Sat May 23 18:11:32 2020 +0200 Merge pull request #772 from gamma37/suspicious_activities Create a rule for "suspicious activities" commit d1a5471d2131b9f14787db3ae7e56eb8428bb560 Author: Florian Roth Date: Sat May 23 17:38:10 2020 +0200 rule: Strong Pity loader UA commit 67faf4bd41c8ccf27d71a6c3d28a5868c95274d2 Author: ecco Date: Sat May 23 10:56:23 2020 -0400 fix FP + remove powershell rule redundant with sysmon_in_memory_powershell.yml commit 9cd9a301c21320fe4da002184a4e2fdcea640396 Merge: ee1ca77f d310805e Author: Florian Roth Date: Sat May 23 16:50:31 2020 +0200 Merge pull request #791 from SanWieb/master added rule for Netsh RDP port opening commit e1a05dfc1cfdb5b0925932a66c43706102ffbccb Author: Florian Roth Date: Sat May 23 16:49:03 2020 +0200 Update lnx_auditd_susp_C2_commands.yml commit ee1ca77fad7ebb649ed49190a0c228145ac72834 Merge: 895c8470 cbf06b1e Author: Florian Roth Date: Sat May 23 16:47:46 2020 +0200 Merge pull request #771 from gamma37/new_rules Create a new rule to detect "Create Account" commit 895c84703fb60c3ffc3edce06492de1914dab536 Merge: 12e1aeaf 327a53c1 Author: Florian Roth Date: Sat May 23 16:47:01 2020 +0200 Merge pull request #790 from EccoTheFlintstone/fp_fix fix false positive matching on every powershell process not run by SY… commit 327a53c120674588b3f1e439c373a45cda73c543 Author: ecco Date: Sat May 23 10:25:37 2020 -0400 add new test for sysmon rules without eventid commit 10ca3006f51b6debb18a2e1067629d260d9cf416 Author: ecco Date: Sat May 23 10:07:55 2020 -0400 move rule where needed commit 2b89e5605469f89c9b51e59ba1e245dcffdba18d Author: ecco Date: Sat May 23 10:03:13 2020 -0400 fix test commit d9bc09c38c32333f39512614ceb1f380cc3fa44a Author: ecco Date: Sat May 23 10:02:58 2020 -0400 fix test commit 78a7852a4392464f12618c903da1aa82346a19b9 Author: ecco Date: Sat May 23 09:16:40 2020 -0400 renamed dbghelp rule with new ID and comment and removed a false positive commit d310805ed9e5783c94f0cb48b7cea1d3b20e7458 Author: Sander Wiebing <45387038+SanWieb@users.noreply.github.com> Date: Sat May 23 14:19:52 2020 +0200 rule: Netsh RDP port opening commit 75ba5f989cd7c223059222151a3e321e85c9860c Author: ecco Date: Sat May 23 07:44:45 2020 -0400 add 1 more FP to wmi load commit 9a7f462d795ffa68345179c4c2e33b1044756600 Author: ecco Date: Sat May 23 07:17:56 2020 -0400 move renamed bnaries rule to process creation (they made a lot of false positives in sysmon as there was no event id specified in the rule) commit cfde0625f53ef2af49ce6cf81c80c8715cbf7fe8 Author: ecco Date: Sat May 23 07:05:09 2020 -0400 fix false positive matching on every powershell process not run by SYSTEM account commit 12e1aeaf9f3ca20c173f71159054e1da67c96eb4 Merge: 46f3a70a 34006d07 Author: Florian Roth Date: Sat May 23 09:54:43 2020 +0200 Merge pull request #788 from Neo23x0/rule-devel refactor: split up rule for CVE-2020-1048 into 2 rules commit 46f3a70a7dde70c524abdf99380c675c225847ab Merge: 96fae4be ec17c2ab Author: Florian Roth Date: Sat May 23 09:54:28 2020 +0200 Merge pull request #786 from EccoTheFlintstone/perf_fix various rules cleaning (slight perf improvements) commit 34006d079431ec5d5892174bf4a1a4f0a30fd1f9 Author: Florian Roth Date: Sat May 23 09:16:19 2020 +0200 refactor: simplified and extended expression in CVE-2020-1048 rule commit 57c8e63acd8a44d79f509142c67d71326d849ef7 Author: Florian Roth Date: Sat May 23 09:09:58 2020 +0200 refactore: split up rule for CVE-2020-1048 into 2 rules commit ec17c2ab56ac12477c80e7ac8c2e66a7f8dedd99 Author: ecco Date: Fri May 22 10:37:00 2020 -0400 filter on createkey only when needed commit 96fae4be68faa1bad2c8cfa92b1e5a500e72d765 Author: Thomas Patzke Date: Fri May 22 00:50:37 2020 +0200 Added CrachMapExec rules commit 64e0e7ca7226be813bfd87f197bc99187e0f7edd Merge: bbf78374 91c4c4ec Author: Florian Roth Date: Thu May 21 14:19:09 2020 +0200 Merge pull request #784 from Neo23x0/rule-devel refactor: slightly improved Greenbug rule commit 91c4c4ecc51de7a7ac5e2fb3e11dd45f4ddfbb2a Author: Florian Roth Date: Thu May 21 13:38:11 2020 +0200 refactor: slightly improved Greenbug rule commit bbf78374b68ace06386410028d2424386f36339e Merge: 8d9b706d 9a3b6c1c Author: Florian Roth Date: Thu May 21 09:55:46 2020 +0200 Merge pull request #783 from Neo23x0/rule-devel Greenbug Rule commit 9a3b6c1c7712279691e0c177a7d8e282fca8847b Author: Florian Roth Date: Thu May 21 09:44:11 2020 +0200 docs: added MITRE ATT&CK group tag commit 344eb713c5a8e5defc98ee9010cdbc25872adb52 Author: Florian Roth Date: Thu May 21 09:39:57 2020 +0200 rule: Greenbug campaign commit 8d9b706d6a224358eaaf20c4b6360982bbe75d78 Merge: e7980bb4 06abd6e7 Author: Thomas Patzke Date: Wed May 20 19:11:56 2020 +0200 Merge pull request #727 from 3CORESec/master Override Features commit e7980bb434ed21c23208f86b85307a97ea18cffb Merge: af92a5bd 8963c0a6 Author: Florian Roth Date: Wed May 20 12:55:41 2020 +0200 Merge pull request #782 from ZikyHD/patch-1 Remove duplicate 'CommandLine' in fields commit af92a5bd2c74c55f06304af5967b9d705f6e86c5 Merge: 04dfe6c5 9ab65cd1 Author: Florian Roth Date: Wed May 20 12:55:29 2020 +0200 Merge pull request #780 from tatsu-i/master Null field check to eliminate false positives commit 8963c0a65e19f7202fe5daf467d1d4d33abd3d0a Author: ZikyHD Date: Wed May 20 11:54:47 2020 +0200 Remove duplicate 'CommandLine' in fields commit e8b956f575c0af942d20ee3a6b951f52c04d3baa Author: vh Date: Wed May 20 12:35:00 2020 +0300 Updated config commit 9ab65cd1c73a9225a2090f81d07064761df487c1 Author: Florian Roth Date: Tue May 19 14:50:22 2020 +0200 Update win_alert_ad_user_backdoors.yml commit 04dfe6c5fc44a6a9e4b8bde35c2693d78be306e7 Merge: df75bdd3 9e272d37 Author: Thomas Patzke Date: Tue May 19 13:18:40 2020 +0200 Merge pull request #778 from neu5ron/sigmacs SIGMACs: Winlogbeat & Zeek commit df75bdd3b67afecca06714e2f38a39bf5319cb7b Merge: 4446c4cd 7c3dea22 Author: Florian Roth Date: Tue May 19 13:10:56 2020 +0200 Merge pull request #779 from neu5ron/rules Rules: Zeek commit 7c3dea22b8702d7cc8e6796fd383d5a62096fffa Author: neu5ron <> Date: Tue May 19 05:13:48 2020 -0400 small T, big T commit dd382848b4b1f693a35c1a89313b492d6293859d Merge: 602c8917 e975d3fd Author: neu5ron <> Date: Tue May 19 05:09:05 2020 -0400 Merge remote-tracking branch 'neu5ron-sigma/rules' into rules commit 602c8917ef7de1aca12ef7641e86bcee57fddd4a Author: neu5ron <> Date: Tue May 19 04:41:08 2020 -0400 domain user enumeration via zeek rpc (dce_rpc) log. commit c815773b1abf32ef2ba94f333b8421a389362875 Author: Tatsuya Ito Date: Tue May 19 18:05:51 2020 +0900 enhancement rule commit 49f68a327a88bf7c6d527e12885941c894670619 Author: Tatsuya Ito Date: Tue May 19 18:00:50 2020 +0900 enhancement rule commit e975d3fd14f2a241c536b0b0773639694a985b5c Author: neu5ron <> Date: Tue May 19 04:41:08 2020 -0400 domain user enumeration via zeek rpc (dce_rpc) log. commit effb2a833713afba2902c5a03dc316207b2e6b25 Author: neu5ron <> Date: Tue May 19 04:41:00 2020 -0400 add exe webdav download commit 858ebcd3d3d1fa7b3c019797cf9624e8820bbf82 Author: neu5ron <> Date: Tue May 19 04:35:47 2020 -0400 author typo update commit 2fc8d513d6bab5e194271a20e544b42f3d921878 Author: neu5ron <> Date: Tue May 19 04:35:30 2020 -0400 zeek, swap `path` and `name` commit 0dd089db47e4f7a86f3573a481a67eabb2a234de Author: ecco Date: Mon May 18 20:29:53 2020 -0400 various rules cleaning commit 71c507d8a95b43e45d435c1e70a51f964655f12c Author: gamma37 Date: Mon May 18 11:34:53 2020 +0200 remove space bedore colon commit 55eec46932d99c18baf8c0aed86d4bf470ef1f6e Author: gamma37 Date: Mon May 18 11:25:18 2020 +0200 Create a rule for "suspicious activities" commit cbf06b1e43dc523885c3107fb35ffcc88c20e735 Author: gamma37 Date: Mon May 18 10:11:32 2020 +0200 lowercased tag commit 904716771a98e7c68d20e1b642073788309c17f2 Author: gamma37 Date: Mon May 18 10:03:34 2020 +0200 Create a new rule to detect "Create Account" commit beb62dc163ee995a9fbe362807c132bf8edd1e09 Author: Florian Roth Date: Fri May 15 12:06:34 2020 +0200 fix: condition location commit 28dc2a22672e5959e3920a08fa5c17f35a0351f5 Author: Florian Roth Date: Fri May 15 11:33:36 2020 +0200 Minor changes hints: - contains doesn't require wildcards in the strings - we can use 'endswith' instead of wildcard at the beginning of the string (it's the new way to describe it, we have to change all old rules that contain these wildcards some day) - we can use "1 of them" to say that 1 of the conditions has to match commit 40ab1b7247e52be5ff01429a0d6b9b80656aedb2 Author: Trent Liffick Date: Thu May 14 23:33:08 2020 -0400 added 'action: global' commit 56a2747a7062e2205f729f19ef34535f80c24c9d Author: Trent Liffick Date: Thu May 14 23:18:33 2020 -0400 Corrected missing condition learning! fail fast & forward commit fb1d8d7a76c45451ac1d14829d812ae5961493fe Author: Trent Liffick Date: Thu May 14 23:04:14 2020 -0400 Corrected typo commit 8aff6b412e39de70da551c9c9854ea97a8a8b16c Author: Trent Liffick Date: Thu May 14 22:58:23 2020 -0400 added rule for Blue Mockingbird (cryptominer) commit 06abd6e76a0487ac0bbe414ecae9ce021bce4106 Author: Tiago Faria Date: Thu May 14 14:03:23 2020 +0100 added ci tests for ecs-cloudtrail commit 2893becf8cc6e9c581050b4c35dc381f1aba13e1 Merge: 31ad8187 133319c4 Author: Tiago Faria Date: Thu May 14 14:02:20 2020 +0100 Merge remote-tracking branch 'upstream/master' commit 1a598282f4033e51e060b1014600970fdc64f72a Author: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Wed May 13 11:57:10 2020 +0200 Add 'Add-Content' to powershell_ntfs_ads_access commit d510e1aad45908a0b73c66fce6d349d09cace3b4 Author: zaphod <18658828+zaphodef@users.noreply.github.com> Date: Mon May 11 18:31:59 2020 +0200 Fix 'source' value for win_susp_backup_delete commit fb9c5841f4fde53437bc01b764060fdf63bf52ea Author: vh Date: Fri May 8 13:41:52 2020 +0300 Added Humio, Crowdstrike, Corelight commit 31ad81874fee378ea3f951d81d088aac9fb1e737 Author: pdr9rc Date: Tue May 5 11:32:18 2020 +0100 capitalized titles corrected capitalization of titles and removed literals from config commit aa175a7d5bbfd8b9e6526cfa36256dac5514bff4 Author: pdr9rc Date: Mon May 4 18:02:27 2020 +0100 wip wip commit dd9e128a15d5f9ad08ea744cde0f18b49a4a1204 Author: pdr9rc Date: Mon May 4 17:35:12 2020 +0100 kibana target update kibana target now compatible with overrides commit b32093e734395841bcef94414a575bdf3a3a98ac Merge: b3194e66 d298bb57 Author: pdr9rc Date: Mon May 4 17:26:51 2020 +0100 Merge remote-tracking branch 'upstream/master' Keeping up with the sigmas. commit b3194e66c4f1def35c11f407d6c7e47867eb8053 Author: pdr9rc Date: Mon May 4 16:37:36 2020 +0100 Update base.py commit dd85467a271d79ec30079e0e4b6391e1a465cd0a Author: Tiago Faria Date: Sat May 2 00:13:55 2020 +0100 Update aws_ec2_vm_export_failure.yml commit bc0a2c7ab932cf967869cc31237b18b1cef0e09e Author: pdr9rc Date: Fri May 1 19:20:05 2020 +0100 wip wip commit 98391f985a17f7a1a694857468ad3b66a2515025 Author: pdr9rc Date: Thu Apr 30 15:19:38 2020 +0100 wip wip commit adcc3766e3f20e74b9c5ed651ad44e9e1e52b8a9 Merge: 81422444 dfdb5b95 Author: pdr9rc Date: Thu Apr 30 15:08:25 2020 +0100 Merge branch 'master' of https://github.com/3CORESec/sigma commit 8142244449efd6c62953a8f05e5d8256910ab358 Author: pdr9rc Date: Thu Apr 30 15:08:20 2020 +0100 wip wip commit dfdb5b9550794f0df4bf6015d901226671586be5 Author: Tiago Faria Date: Wed Apr 29 23:59:26 2020 +0100 better description and event.outcome commit ac4a2b1f26df3071af13030731bb384290bf2422 Author: pdr9rc Date: Wed Apr 29 22:55:46 2020 +0100 wip wip commit 9ce84a38e592f6d2163ca5aac90533bca4853981 Author: pdr9rc Date: Wed Apr 29 20:36:45 2020 +0100 overrides section support + one example rule + cloudtrail config ditto --- .github/workflows/sigma-test.yml | 3 + .gitignore | 1 + Makefile | 12 + other/godmode_sigma_rule.yml | 2 +- .../sysmon_process_reimaging.yml | 4 +- rules/cloud/aws_ec2_vm_export_failure.yml | 28 + .../auditd/lnx_auditd_create_account.yml | 22 + .../auditd/lnx_auditd_susp_C2_commands.yml | 21 + rules/linux/lnx_shell_clear_cmd_history.yml | 9 + .../zeek-dce_rpc_domain_user_enumeration.yml | 35 + .../zeek_dce_rpc_mitre_bzar_execution.yml | 2 +- .../zeek_dce_rpc_mitre_bzar_persistence.yml | 2 +- ...k_http_executable_download_from_webdav.yml | 26 + .../zeek_smb_converted_win_atsvc_task.yml | 4 +- ..._smb_converted_win_impacket_secretdump.yml | 4 +- .../zeek_smb_converted_win_lm_namedpipe.yml | 6 +- .../zeek_smb_converted_win_susp_psexec.yml | 4 +- ...verted_win_susp_raccess_sensitive_fext.yml | 2 +- ...ransferring_files_with_credential_data.yml | 2 +- rules/proxy/proxy_turla_comrat.yml | 19 + rules/proxy/proxy_ua_apt.yml | 1 + rules/web/web_cve_2019_3398_confluence.yml | 27 + .../builtin/win_alert_ad_user_backdoors.yml | 8 +- .../builtin/win_susp_add_sid_history.yml | 4 +- .../builtin/win_susp_backup_delete.yml | 2 +- .../deprecated/win_susp_esentutl_activity.yml | 29 + .../malware/win_mal_blue_mockingbird.yml | 45 + .../powershell/powershell_ntfs_ads_access.yml | 1 + .../win_apt_greenbug_may20.yml | 47 + .../win_apt_turla_comrat_may20.yml | 33 + .../win_exploit_cve_2020_1048.yml | 31 + .../win_hktl_createminidump.yml | 2 +- .../win_netsh_allow_port_rdp.yml | 31 + .../process_creation/win_netsh_fw_add.yml | 13 +- .../win_netsh_fw_add_susp_image.yml | 54 + .../win_renamed_jusched.yml} | 0 .../win_renamed_powershell.yml} | 2 +- .../win_renamed_procdump.yml} | 2 +- .../win_renamed_psexec.yml} | 2 +- .../win_susp_crackmapexec_execution.yml | 37 + ...sp_crackmapexec_powershell_obfuscation.yml | 37 + .../win_susp_file_characteristics.yml} | 12 +- .../win_susp_renamed_debugview.yml | 23 + .../win_system_exe_anomaly.yml | 7 + .../win_task_folder_evasion.yml | 1 - .../windows/sysmon/sysmon_ads_executable.yml | 10 +- ..._alternate_powershell_hosts_moduleload.yml | 26 - ...sysmon_alternate_powershell_hosts_pipe.yml | 4 +- .../windows/sysmon/sysmon_cmstp_execution.yml | 1 + .../sysmon/sysmon_creation_system_file.yml | 57 + rules/windows/sysmon/sysmon_cve-2020-1048.yml | 33 +- ...y_events_logging_adding_reg_key_minint.yml | 1 + .../sysmon/sysmon_in_memory_powershell.yml | 3 +- ...sysmon_lsass_memory_dump_file_creation.yml | 2 +- ...ysmon_registry_persistence_key_linking.yml | 1 + ...n_susp_office_dotnet_assembly_dll_load.yml | 10 +- ...sysmon_susp_office_dotnet_gac_dll_load.yml | 10 +- .../sysmon_susp_office_kerberos_dll_load.yml | 10 +- .../sysmon/sysmon_susp_run_key_img_folder.yml | 13 +- .../sysmon_susp_winword_vbadll_load.yml | 14 +- ...ysmon_suspicious_dbghelp_dbgcore_load.yml} | 14 +- ...sysmon_svchost_dll_search_order_hijack.yml | 5 +- .../sysmon_tsclient_filewrite_startup.yml | 2 +- .../windows/sysmon/sysmon_wmi_module_load.yml | 5 +- tests/test_rules.py | 21 +- tools/config/ala.yml | 101 ++ tools/config/arcsight-zeek.yml | 119 +- tools/config/arcsight.yml | 130 +- tools/config/crowdstrike.yml | 19 + tools/config/ecs-cloudtrail.yml | 60 + tools/config/ecs-dns.yml | 69 + tools/config/ecs-proxy.yml | 210 ++- tools/config/ecs-zeek-corelight.yml | 313 ++++- tools/config/elk-defaultindex-filebeat.yml | 2 + tools/config/elk-defaultindex-logstash.yml | 2 + tools/config/elk-defaultindex.yml | 3 + tools/config/elk-linux.yml | 15 + tools/config/elk-windows.yml | 30 + tools/config/elk-winlogbeat-sp.yml | 95 ++ tools/config/elk-winlogbeat.yml | 94 ++ tools/config/filebeat-zeek-ecs.yml | 468 +++++++ tools/config/humio.yml | 625 +++++++++ tools/config/logstash-zeek-default-json.yml | 109 +- tools/config/powershell-windows-all.yml | 62 + tools/config/qradar.yml | 140 +- tools/config/splunk-zeek.yml | 125 +- tools/config/winlogbeat-modules-enabled.yml | 5 +- tools/config/winlogbeat-old.yml | 4 +- tools/config/winlogbeat.yml | 6 +- tools/sigma/backends/ala.py | 270 ++-- tools/sigma/backends/arcsight.py | 2 +- tools/sigma/backends/base.py | 42 +- tools/sigma/backends/carbonblack.py | 7 +- tools/sigma/backends/discovery.py | 2 +- tools/sigma/backends/elasticsearch.py | 83 +- tools/sigma/backends/humio.py | 160 +++ tools/sigma/backends/limacharlie.py | 1218 ++++++++--------- tools/sigma/backends/mdatp.py | 28 + tools/sigma/backends/splunk.py | 38 + tools/sigma/backends/sql.py | 125 +- tools/sigma/backends/sqlite.py | 123 ++ tools/tests/test_backend_sql.py | 334 +++++ tools/tests/test_backend_sqlite.py | 148 ++ 103 files changed, 5285 insertions(+), 1002 deletions(-) create mode 100644 rules/cloud/aws_ec2_vm_export_failure.yml create mode 100644 rules/linux/auditd/lnx_auditd_create_account.yml create mode 100644 rules/linux/auditd/lnx_auditd_susp_C2_commands.yml create mode 100644 rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml create mode 100644 rules/network/zeek/zeek_http_executable_download_from_webdav.yml create mode 100644 rules/proxy/proxy_turla_comrat.yml create mode 100644 rules/web/web_cve_2019_3398_confluence.yml create mode 100644 rules/windows/deprecated/win_susp_esentutl_activity.yml create mode 100644 rules/windows/malware/win_mal_blue_mockingbird.yml create mode 100644 rules/windows/process_creation/win_apt_greenbug_may20.yml create mode 100644 rules/windows/process_creation/win_apt_turla_comrat_may20.yml create mode 100644 rules/windows/process_creation/win_exploit_cve_2020_1048.yml create mode 100644 rules/windows/process_creation/win_netsh_allow_port_rdp.yml create mode 100644 rules/windows/process_creation/win_netsh_fw_add_susp_image.yml rename rules/windows/{sysmon/sysmon_renamed_jusched.yml => process_creation/win_renamed_jusched.yml} (100%) rename rules/windows/{sysmon/sysmon_renamed_powershell.yml => process_creation/win_renamed_powershell.yml} (95%) rename rules/windows/{sysmon/sysmon_renamed_procdump.yml => process_creation/win_renamed_procdump.yml} (95%) rename rules/windows/{sysmon/sysmon_renamed_psexec.yml => process_creation/win_renamed_psexec.yml} (96%) create mode 100644 rules/windows/process_creation/win_susp_crackmapexec_execution.yml create mode 100644 rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml rename rules/windows/{sysmon/sysmon_susp_file_characteristics.yml => process_creation/win_susp_file_characteristics.yml} (68%) create mode 100644 rules/windows/process_creation/win_susp_renamed_debugview.yml delete mode 100644 rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml create mode 100644 rules/windows/sysmon/sysmon_creation_system_file.yml rename rules/windows/sysmon/{sysmon_minidumwritedump_lsass.yml => sysmon_suspicious_dbghelp_dbgcore_load.yml} (79%) create mode 100644 tools/config/ala.yml create mode 100644 tools/config/crowdstrike.yml create mode 100644 tools/config/ecs-cloudtrail.yml create mode 100644 tools/config/ecs-dns.yml create mode 100644 tools/config/elk-defaultindex-filebeat.yml create mode 100644 tools/config/elk-defaultindex-logstash.yml create mode 100644 tools/config/elk-defaultindex.yml create mode 100644 tools/config/elk-linux.yml create mode 100644 tools/config/elk-windows.yml create mode 100644 tools/config/elk-winlogbeat-sp.yml create mode 100644 tools/config/elk-winlogbeat.yml create mode 100644 tools/config/filebeat-zeek-ecs.yml create mode 100644 tools/config/humio.yml create mode 100644 tools/config/powershell-windows-all.yml create mode 100644 tools/sigma/backends/humio.py create mode 100644 tools/sigma/backends/sqlite.py create mode 100644 tools/tests/test_backend_sql.py create mode 100644 tools/tests/test_backend_sqlite.py diff --git a/.github/workflows/sigma-test.yml b/.github/workflows/sigma-test.yml index b6e10159..ee0c317a 100644 --- a/.github/workflows/sigma-test.yml +++ b/.github/workflows/sigma-test.yml @@ -35,3 +35,6 @@ jobs: - name: Test Generated Elasticsearch Query Strings run: | make test-backend-es-qs + - name: Test SQL(ite) Backend + run: | + make test-backend-sql diff --git a/.gitignore b/.gitignore index bf7103a4..13186372 100644 --- a/.gitignore +++ b/.gitignore @@ -94,3 +94,4 @@ settings.json # VisualStudio .vs/ +.vscode/launch.json diff --git a/Makefile b/Makefile index 1ad71351..e4968975 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,11 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunkxml -c tools/config/splunk-windows.yml rules/ > /dev/null @@ -50,7 +55,10 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t netwitness -c tools/config/netwitness.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sumologic -O rulecomment -c tools/config/sumologic.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t humio -O rulecomment -c tools/config/humio.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t crowdstrike -O rulecomment -c tools/config/crowdstrike.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sqlite -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logiq -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null @@ -100,6 +108,10 @@ test-merge: test-backend-es-qs: tests/test-backend-es-qs.py +test-backend-sql: + cd tools && python3 setup.py install + cd tools && $(COVERAGE) run -m pytest tests/test_backend_sql.py tests/test_backend_sqlite.py + test-sigma2attack: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigma2attack diff --git a/other/godmode_sigma_rule.yml b/other/godmode_sigma_rule.yml index 218e0484..67969b7b 100644 --- a/other/godmode_sigma_rule.yml +++ b/other/godmode_sigma_rule.yml @@ -104,7 +104,7 @@ logsource: detection: selection_file_creation: EventID: 11 - TargetFileName|contains: + TargetFilename|contains: - '.dmp' # dump process memory - 'Desktop\how' # Ransomware - 'Desktop\decrypt' # Ransomware diff --git a/rules-unsupported/sysmon_process_reimaging.yml b/rules-unsupported/sysmon_process_reimaging.yml index 9d557b06..3da02214 100644 --- a/rules-unsupported/sysmon_process_reimaging.yml +++ b/rules-unsupported/sysmon_process_reimaging.yml @@ -5,7 +5,7 @@ description: Detects process reimaging defense evasion technique # where # selection1: ImageFileName != selection1: OriginalFileName # selection1: ParentProcessGuid = selection2: ProcessGuid -# selection1: Image = selection2: TargetFileName +# selection1: Image = selection2: TargetFilename # and new field ImageFileName is coming from enrichment # selection1: Image = ^.+\\$ # Rule must trigger if selection1 and selection2 both occurs in timeframe of 120 sec. @@ -45,4 +45,4 @@ detection: EventID: 11 fields: - ProcessGuid - - TargetFileName + - TargetFilename diff --git a/rules/cloud/aws_ec2_vm_export_failure.yml b/rules/cloud/aws_ec2_vm_export_failure.yml new file mode 100644 index 00000000..a6db628c --- /dev/null +++ b/rules/cloud/aws_ec2_vm_export_failure.yml @@ -0,0 +1,28 @@ +title: AWS EC2 VM Export Failure +id: 54b9a76a-3c71-4673-b4b3-2edb4566ea7b +status: experimental +description: An attempt to export an AWS EC2 instance has been detected. A VM Export might indicate an attempt to extract information from an instance. +references: + - https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html#export-instance +author: Diogo Braz +date: 2020/04/16 +tags: + - attack.collection + - attack.t1005 + - attack.exfiltration + - attack.t1537 +level: low +logsource: + service: cloudtrail +detection: + selection: + eventName: 'CreateInstanceExportTask' + eventSource: 'ec2.amazonaws.com' + filter1: + errorMessage: '*' + filter2: + errorCode: '*' + filter3: + eventName: 'ConsoleLogin' + responseElements: '*Failure*' + condition: selection and (filter1 or filter2 or filter3) diff --git a/rules/linux/auditd/lnx_auditd_create_account.yml b/rules/linux/auditd/lnx_auditd_create_account.yml new file mode 100644 index 00000000..14be30c0 --- /dev/null +++ b/rules/linux/auditd/lnx_auditd_create_account.yml @@ -0,0 +1,22 @@ +title: Creation Of An User Account +id: 759d0d51-bc99-4b5e-9add-8f5b2c8e7512 +status: experimental +description: Detects the creation of a new user account. According to MITRE ATT&CK, "such accounts may be used for persistence that do not require persistent remote access tools to be deployed on the system" +references: + - 'MITRE Attack technique T1136; Create Account ' +date: 2020/05/18 +tags: + - attack.t1136 + - attack.persistence +author: Marie Euler +logsource: + product: linux + service: auditd +detection: + selection: + type: 'SYSCALL' + exe: '*/useradd' + condition: selection +falsepositives: + - Admin activity +level: medium diff --git a/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml new file mode 100644 index 00000000..77971d06 --- /dev/null +++ b/rules/linux/auditd/lnx_auditd_susp_C2_commands.yml @@ -0,0 +1,21 @@ +title: Suspicious C2 Activities +id: f7158a64-6204-4d6d-868a-6e6378b467e0 +status: experimental +description: Detects suspicious activities as declared by Florian Roth in its 'Best Practice Auditd Configuration'. This includes the detection of the following commands; wget, curl, base64, nc, netcat, ncat, ssh, socat, wireshark, rawshark, rdesktop, nmap. These commands match a few techniques from the tactics "Command and Control", including not exhaustively the following; Application Layer Protocol (T1071), Non-Application Layer Protocol (T1095), Data Encoding (T1132) +references: + - 'https://github.com/Neo23x0/auditd' +date: 2020/05/18 +tags: + - attack.command_and_control +author: Marie Euler +logsource: + product: linux + service: auditd +detection: + selection: + key: + - 'susp_activity' + condition: selection +falsepositives: + - Admin or User activity +level: medium diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 9ee72f09..97379f6a 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -2,12 +2,20 @@ title: Clear Command History id: fdc88d25-96fb-4b7c-9633-c0e417fdbd4e status: experimental description: Clear command history in linux which is used for defense evasion. + # Example config for this one (place it in .bash_profile): + # (is_empty=false; inotifywait -m .bash_history | while read file; do if [ $(wc -l <.bash_history) -lt 1 ]; then if [ "$is_empty" = false ]; then logger -i -p local5.info -t empty_bash_history "$USER : ~/.bash_history is empty "; is_empty=true; fi; else is_empty=false; fi; done ) & + # It monitors the size of .bash_history and log the words "empty_bash_history" whenever a previously not empty bash_history becomes empty + # We define an empty file as a document with 0 or 1 lines (it can be a line with only one space character for example) + # It has two advantages over the version suggested by Patrick Bareiss : + # - it is not relative to the exact command used to clear .bash_history : for instance Caldera uses "> .bash_history" to clear the history and this is not one the commands listed here. We can't be exhaustive for all the possibilities ! + # - the method suggested by Patrick Bareiss logs all the commands entered directly in a bash shell. therefore it may miss some events (for instance it doesn't log the commands launched from a Caldera agent). Here if .bash_history is cleared, it will always be detected references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml - https://attack.mitre.org/techniques/T1146/ - https://www.hackers-arise.com/single-post/2016/06/20/Covering-your-BASH-Shell-Tracks-AntiForensics author: Patrick Bareiss date: 2019/03/24 +modified: 2020/05/28 logsource: product: linux detection: @@ -22,6 +30,7 @@ detection: - 'history -c' - 'history -w' - 'shred *bash_history' + - 'empty_bash_history' condition: keywords falsepositives: - Unknown diff --git a/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml new file mode 100644 index 00000000..bfaa398f --- /dev/null +++ b/rules/network/zeek/zeek-dce_rpc_domain_user_enumeration.yml @@ -0,0 +1,35 @@ +title: Domain User Enumeration Network Recon 01 +description: Domain user and group enumeration via network reconnaissance. Seen in APT 29 and other common tactics and actors. Detects a set of RPC (remote procedure calls) used to enumerate a domain controller. The rule was created based off the datasets and hackathon from https://github.com/OTRF/detection-hackathon-apt29 +id: 66a0bdc6-ee04-441a-9125-99d2eb547942 +references: + - "https://github.com/OTRF/detection-hackathon-apt29" + - "https://github.com/OTRF/detection-hackathon-apt29/issues/37" +author: 'Nate Guagenti (@neu5ron), Open Threat Research (OTR)' +date: 2020/05/03 +modified: 2020/05/03 +tags: + - attack.discovery + - attack.t1087 + - attack.t1082 +logsource: + product: zeek + service: dce_rpc +detection: + selection: + operation: + #- LsarEnumerateTrustedDomains #potentially too many FPs, removing. caused by netlogon + #- SamrEnumerateDomainsInSamServer #potentially too many FPs, removing. #method obtains a listing of all domains hosted by the server side of this protocol. This value is a cookie that the server can use to continue an enumeration on a subsequent call + - LsarLookupNames3 #method translates a batch of security principal names to their SID form + - LsarLookupSids3 #translates a batch of security principal SIDs to their name forms + - SamrGetGroupsForUser #obtains a listing of groups that a user is a member of + - SamrLookupIdsInDomain #method translates a set of RIDs into account names + - SamrLookupNamesInDomain #method translates a set of account names into a set of RIDs + - SamrQuerySecurityObject #method queries the access control on a server, domain, user, group, or alias object + - SamrQueryInformationGroup #obtains attributes from a group object + timeframe: 30s + condition: selection | count(operation) by src_ip > 4 +falsepositives: + - Devices that may do authentication like a VPN or a firewall that looksup IPs to username + - False positives depend on scripts and administrative tools used in the monitored environment +level: medium +status: experimental \ No newline at end of file diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml index a4494f03..4e79ed02 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml @@ -1,7 +1,7 @@ title: MITRE BZAR Indicators for ATT&CK Execution id: b640c0b8-87f8-4daa-aef8-95a24261dd1d description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Execution techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' -author: '@neu5ron, @SOC_Prime' +author: '@neu5ron, SOC Prime' date: 2020/03/19 references: - https://github.com/mitre-attack/bzar#indicators-for-attck-execution diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml index cfeffe91..3cce80d4 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml @@ -1,7 +1,7 @@ title: MITRE BZAR Indicators for ATT&CK Persistence id: 53389db6-ba46-48e3-a94c-e0f2cefe1583 description: 'Windows DCE-RPC functions which indicate an ATT&CK-like Persistence techniques on the remote system. All credit for the Zeek mapping of the suspicious endpoint/operation field goes to MITRE.' -author: '@neu5ron, @SOC_Prime' +author: '@neu5ron, SOC Prime' date: 2020/03/19 references: - https://github.com/mitre-attack/bzar#indicators-for-attck-persistence diff --git a/rules/network/zeek/zeek_http_executable_download_from_webdav.yml b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml new file mode 100644 index 00000000..47cfdcbf --- /dev/null +++ b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml @@ -0,0 +1,26 @@ +title: Executable from Webdav +description: "Detects executable access via webdav6. Can be seen in APT 29 such as from the emulated APT 29 hackathon https://github.com/OTRF/detection-hackathon-apt29/" +id: aac2fd97-bcba-491b-ad66-a6edf89c71bf +author: 'SOC Prime, Adam Swan' +references: + - http://carnal0wnage.attackresearch.com/2012/06/webdav-server-to-download-custom.html + - https://github.com/OTRF/detection-hackathon-apt29 +tags: + - attack.command_and_control + - attack.t1043 +logsource: + product: zeek + service: http +date: 2020/05/01 +detection: + selection_webdav: + - c-useragent: '*WebDAV*' + - c-uri: '*webdav*' + selection_executable: + - resp_mime_types: '*dosexec*' + - c-uri: '*.exe' + condition: selection_webdav AND selection_executable +falsepositives: + - unknown +level: medium +status: experimental \ No newline at end of file diff --git a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml index 69ef0801..17a3704f 100644 --- a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml +++ b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml @@ -16,8 +16,8 @@ logsource: service: smb_files detection: selection: - name: \\*\IPC$ - path: atsvc + path: \\*\IPC$ + name: atsvc #Accesses: '*WriteData*' condition: selection falsepositives: diff --git a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml index 35552f34..16e2f318 100644 --- a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml +++ b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml @@ -13,8 +13,8 @@ logsource: service: smb_files detection: selection: - name: '\\*ADMIN$' - path: '*SYSTEM32\\*.tmp' + path: '\\*ADMIN$' + name: '*SYSTEM32\\*.tmp' condition: selection falsepositives: - 'unknown' diff --git a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml index 1b0b92b5..eecef7a9 100644 --- a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml +++ b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml @@ -14,10 +14,10 @@ logsource: service: smb_files detection: selection1: - name: \\*\IPC$ + path: \\*\IPC$ selection2: - name: \\*\IPC$ - path: + path: \\*\IPC$ + name: - 'atsvc' - 'samr' - 'lsarpc' diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml index 2086a287..044d6f96 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml @@ -13,8 +13,8 @@ logsource: service: smb_files detection: selection1: - name: \\*\IPC$ - path: + path: \\*\IPC$ + name: - '*-stdin' - '*-stdout' - '*-stderr' diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index 95045f9d..fa7f41f0 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -11,7 +11,7 @@ logsource: service: smb_files detection: selection: - path: + name: - '*.pst' - '*.ost' - '*.msg' diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml index 7724e097..060189f4 100644 --- a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -13,7 +13,7 @@ logsource: service: smb_files detection: selection: - path: + name: - '\mimidrv' - '\lsass' - '\windows\minidump\' diff --git a/rules/proxy/proxy_turla_comrat.yml b/rules/proxy/proxy_turla_comrat.yml new file mode 100644 index 00000000..3a743adb --- /dev/null +++ b/rules/proxy/proxy_turla_comrat.yml @@ -0,0 +1,19 @@ +title: Turla ComRAT +id: 7857f021-007f-4928-8b2c-7aedbe64bb82 +status: experimental +description: Detects Turla ComRAT patterns +references: + - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf +author: Florian Roth +date: 2020/05/26 +tags: + - attack.g0010 +logsource: + category: proxy +detection: + selection: + c-uri|contains: '/index/index.php?h=' + condition: selection +falsepositives: + - Unknown +level: critical diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml index d8328ce9..0baf02b2 100644 --- a/rules/proxy/proxy_ua_apt.yml +++ b/rules/proxy/proxy_ua_apt.yml @@ -46,6 +46,7 @@ detection: - 'hots scot' # Unkown iOS zero-day implant https://twitter.com/craiu/status/1176437994288484352?s=20 - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT)' # https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36' # Hidden Cobra malware + - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)' # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657 condition: selection fields: - ClientIP diff --git a/rules/web/web_cve_2019_3398_confluence.yml b/rules/web/web_cve_2019_3398_confluence.yml new file mode 100644 index 00000000..35252909 --- /dev/null +++ b/rules/web/web_cve_2019_3398_confluence.yml @@ -0,0 +1,27 @@ +title: Confluence Exploitation CVE-2019-3398 +id: e9bc39ae-978a-4e49-91ab-5bd481fc668b +status: experimental +description: Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398 +references: + - https://devcentral.f5.com/s/articles/confluence-arbitrary-file-write-via-path-traversal-cve-2019-3398-34181 +author: Florian Roth +date: 2020/05/26 +tags: + - attack.initial_access + - attack.t1190 +logsource: + category: webserver +detection: + selection: + cs-method: 'POST' + c-uri|contains|all: + - '/upload.action' + - 'filename=../../../../' + condition: selection +fields: + - c-ip + - c-dns +falsepositives: + - Unknown +level: critical + diff --git a/rules/windows/builtin/win_alert_ad_user_backdoors.yml b/rules/windows/builtin/win_alert_ad_user_backdoors.yml index 217b73a4..9ce1e7e7 100644 --- a/rules/windows/builtin/win_alert_ad_user_backdoors.yml +++ b/rules/windows/builtin/win_alert_ad_user_backdoors.yml @@ -19,10 +19,10 @@ logsource: detection: selection1: EventID: 4738 + filter_null: + AllowedToDelegateTo: null filter1: - AllowedToDelegateTo: - - null - - '-' + AllowedToDelegateTo: '-' selection2: EventID: 5136 AttributeLDAPDisplayName: 'msDS-AllowedToDelegateTo' @@ -33,7 +33,7 @@ detection: selection4: EventID: 5136 AttributeLDAPDisplayName: 'msDS-AllowedToActOnBehalfOfOtherIdentity' - condition: (selection1 and not 1 of filter*) or selection2 or selection3 or selection4 + condition: (selection1 and not filter1 and not filter_null) or selection2 or selection3 or selection4 falsepositives: - Unknown level: high diff --git a/rules/windows/builtin/win_susp_add_sid_history.yml b/rules/windows/builtin/win_susp_add_sid_history.yml index 21ac8c61..0a407a6e 100644 --- a/rules/windows/builtin/win_susp_add_sid_history.yml +++ b/rules/windows/builtin/win_susp_add_sid_history.yml @@ -24,7 +24,9 @@ detection: SidHistory: - '-' - '%%1793' - condition: selection1 or (selection2 and not selection3) + filter_null: + SidHistory: null + condition: selection1 or (selection2 and not selection3 and not filter_null) falsepositives: - Migration of an account into a new domain level: medium diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml index 7741c3eb..32dfb5d0 100644 --- a/rules/windows/builtin/win_susp_backup_delete.yml +++ b/rules/windows/builtin/win_susp_backup_delete.yml @@ -16,7 +16,7 @@ logsource: detection: selection: EventID: 524 - Source: Backup + Source: Microsoft-Windows-Backup condition: selection falsepositives: - Unknown diff --git a/rules/windows/deprecated/win_susp_esentutl_activity.yml b/rules/windows/deprecated/win_susp_esentutl_activity.yml new file mode 100644 index 00000000..1e3e62db --- /dev/null +++ b/rules/windows/deprecated/win_susp_esentutl_activity.yml @@ -0,0 +1,29 @@ +title: Suspicious Esentutl Use +id: 56a8189f-11b2-48c8-8ca7-c54b03c2fbf7 +status: experimental +description: Detects flags often used with the LOLBAS Esentutl for malicious activity. It could be used in rare cases by administrators to access locked files or during maintenance. +author: Florian Roth +date: 2020/05/23 +references: + - https://lolbas-project.github.io/ + - https://twitter.com/chadtilbury/status/1264226341408452610 +tags: + - attack.defense_evasion + - attack.execution + - attack.s0404 + - attack.t1218 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains|all: + - ' /vss ' + - ' /y ' + condition: selection +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Administrative activity +level: high diff --git a/rules/windows/malware/win_mal_blue_mockingbird.yml b/rules/windows/malware/win_mal_blue_mockingbird.yml new file mode 100644 index 00000000..c40f28d7 --- /dev/null +++ b/rules/windows/malware/win_mal_blue_mockingbird.yml @@ -0,0 +1,45 @@ +action: global +title: Blue Mockingbird +id: c3198a27-23a0-4c2c-af19-e5328d49680e +status: experimental +description: Attempts to detect system changes made by Blue Mockingbird +references: + - https://redcanary.com/blog/blue-mockingbird-cryptominer/ +tags: + - attack.execution + - attack.t1112 + - attack.t1047 +author: Trent Liffick (@tliffick) +date: 2020/05/14 +falsepositives: + - unknown +level: high +detection: + condition: 1 of them +--- +logsource: + category: process_creation + product: windows +detection: + exec_selection: + Image|endswith: '\cmd.exe' + CommandLine|contains|all: + - 'sc config' + - 'wercplsupporte.dll' +--- +logsource: + category: process_creation + product: windows +detection: + wmic_cmd: + Image|endswith: '\wmic.exe' + CommandLine|endswith: 'COR_PROFILER' +--- +logsource: + product: windows + service: sysmon +detection: + mod_reg: + EventID: 13 + TargetObject|endswith: + - '\CurrentControlSet\Services\wercplsupport\Parameters\ServiceDll' diff --git a/rules/windows/powershell/powershell_ntfs_ads_access.yml b/rules/windows/powershell/powershell_ntfs_ads_access.yml index 422ed4ea..e2c531b7 100644 --- a/rules/windows/powershell/powershell_ntfs_ads_access.yml +++ b/rules/windows/powershell/powershell_ntfs_ads_access.yml @@ -16,6 +16,7 @@ logsource: detection: keyword1: - "set-content" + - "add-content" keyword2: - "-stream" condition: keyword1 and keyword2 diff --git a/rules/windows/process_creation/win_apt_greenbug_may20.yml b/rules/windows/process_creation/win_apt_greenbug_may20.yml new file mode 100644 index 00000000..8c630baa --- /dev/null +++ b/rules/windows/process_creation/win_apt_greenbug_may20.yml @@ -0,0 +1,47 @@ +title: Greenbug Campaign Indicators +id: 3711eee4-a808-4849-8a14-faf733da3612 +status: experimental +description: Detects tools and process executions as observed in a Greenbug campaign in May 2020 +references: + - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/greenbug-espionage-telco-south-asia +author: Florian Roth +date: 2020/05/20 +modified: 2020/05/21 +tags: + - attack.g0049 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - 'bitsadmin /transfer' + - 'CSIDL_APPDATA' + selection2: + CommandLine|contains: + - 'CSIDL_SYSTEM_DRIVE' + selection3: + CommandLine|contains: + - '\msf.ps1' + - '8989 -e cmd.exe' + - 'system.Data.SqlClient.SqlDataAdapter($cmd); [void]$da.fill' + - '-nop -w hidden -c $k=new-object' + - '[Net.CredentialCache]::DefaultCredentials;IEX ' + - ' -nop -w hidden -c $m=new-object net.webclient;$m' + - '-noninteractive -executionpolicy bypass whoami' + - '-noninteractive -executionpolicy bypass netstat -a' + - 'L3NlcnZlc' # base64 encoded '/server=' + selection4: + Image|endswith: + - '\adobe\Adobe.exe' + - '\oracle\local.exe' + - '\revshell.exe' + - 'infopagesbackup\ncat.exe' + - 'CSIDL_SYSTEM\cmd.exe' + - '\programdata\oracle\java.exe' + - 'CSIDL_COMMON_APPDATA\comms\comms.exe' + - '\Programdata\VMware\Vmware.exe' + condition: 1 of them +falsepositives: + - Unknown +level: critical diff --git a/rules/windows/process_creation/win_apt_turla_comrat_may20.yml b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml new file mode 100644 index 00000000..c2b7bf87 --- /dev/null +++ b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml @@ -0,0 +1,33 @@ +title: Turla Group Commands May 2020 +id: 9e2e51c5-c699-4794-ba5a-29f5da40ac0c +status: experimental +description: Detects commands used by Turla group as reported by ESET in May 2020 +references: + - https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf +tags: + - attack.g0010 + - attack.execution + - attack.t1086 + - attack.t1053 + - attack.t1027 + - attack.discovery + - attack.t1016 +author: Florian Roth +date: 2020/05/26 +logsource: + category: process_creation + product: windows +falsepositives: + - Unknown +detection: + selection1: + CommandLine|contains: + - 'tracert -h 10 yahoo.com' + - '.WSqmCons))|iex;' + - 'Fr`omBa`se6`4Str`ing' + selection2: + CommandLine|contains|all: + - 'net use https://docs.live.net' + - '@aol.co.uk' + condition: 1 of them +level: critical diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1048.yml b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml new file mode 100644 index 00000000..9f11649f --- /dev/null +++ b/rules/windows/process_creation/win_exploit_cve_2020_1048.yml @@ -0,0 +1,31 @@ +title: Suspicious PrinterPorts Creation (CVE-2020-1048) +id: cc08d590-8b90-413a-aff6-31d1a99678d7 +status: experimental +description: Detects new commands that add new printer port which point to suspicious file +author: EagleEye Team, Florian Roth +date: 2020/05/13 +modified: 2020/05/23 +references: + - https://windows-internals.com/printdemon-cve-2020-1048/ +tags: + - attack.persistence + - attack.execution +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: + - 'Add-PrinterPort -Name' + selection2: + CommandLine|contains: + - '.exe' + - '.dll' + - '.bat' + selection3: + CommandLine|contains: + - 'Generic / Text Only' + condition: ( selection1 and selection2 ) or selection3 +falsepositives: + - New printer port install on host +level: high diff --git a/rules/windows/process_creation/win_hktl_createminidump.yml b/rules/windows/process_creation/win_hktl_createminidump.yml index a0e556d8..6129c97a 100644 --- a/rules/windows/process_creation/win_hktl_createminidump.yml +++ b/rules/windows/process_creation/win_hktl_createminidump.yml @@ -29,5 +29,5 @@ logsource: detection: selection: EventID: 11 - TargetFileName|contains: '*\lsass.dmp' + TargetFilename|contains: '*\lsass.dmp' condition: 1 of them diff --git a/rules/windows/process_creation/win_netsh_allow_port_rdp.yml b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml new file mode 100644 index 00000000..f2fc0607 --- /dev/null +++ b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml @@ -0,0 +1,31 @@ +title: Netsh RDP Port Opening +id: 01aeb693-138d-49d2-9403-c4f52d7d3d62 +description: Detects netsh commands that opens the port 3389 used for RDP, used in Sarwent Malware +references: + - https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ +date: 2020/05/23 +tags: + - attack.command_and_control + - attack.t1076 +status: experimental +author: Sander Wiebing +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - netsh + - firewall add portopening + - tcp 3389 + selection2: + CommandLine|contains|all: + - netsh + - advfirewall firewall add rule + - action=allow + - protocol=TCP + - localport=3389 + condition: 1 of them +falsepositives: + - Legitimate administration +level: high diff --git a/rules/windows/process_creation/win_netsh_fw_add.yml b/rules/windows/process_creation/win_netsh_fw_add.yml index 7657dd25..59c3361f 100644 --- a/rules/windows/process_creation/win_netsh_fw_add.yml +++ b/rules/windows/process_creation/win_netsh_fw_add.yml @@ -1,4 +1,4 @@ -title: Netsh +title: Netsh Port or Application Allowed id: cd5cfd80-aa5f-44c0-9c20-108c4ae12e3c description: Allow Incoming Connections by Port or Application on Windows Firewall references: @@ -10,15 +10,18 @@ tags: - attack.command_and_control - attack.t1090 status: experimental -author: Markus Neis +author: Markus Neis, Sander Wiebing logsource: category: process_creation product: windows detection: - selection: + selection1: CommandLine: - - '*netsh firewall add*' - condition: selection + - '*netsh*' + selection2: + CommandLine: + - '*firewall add*' + condition: selection1 and selection2 falsepositives: - Legitimate administration level: medium diff --git a/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml b/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml new file mode 100644 index 00000000..bc54696c --- /dev/null +++ b/rules/windows/process_creation/win_netsh_fw_add_susp_image.yml @@ -0,0 +1,54 @@ +title: Netsh Program Allowed with Suspcious Location +id: a35f5a72-f347-4e36-8895-9869b0d5fc6d +description: Detects Netsh commands that allows a suspcious application location on Windows Firewall +references: + - https://www.virusradar.com/en/Win32_Kasidet.AD/description + - https://www.hybrid-analysis.com/sample/07e789f4f2f3259e7559fdccb36e96814c2dbff872a21e1fa03de9ee377d581f?environmentId=100 +date: 2020/05/25 +tags: + - attack.lateral_movement + - attack.command_and_control + - attack.t1090 +status: experimental +author: Sander Wiebing +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - 'netsh' + - 'firewall add allowedprogram' + selection2: + CommandLine|contains|all: + - netsh + - advfirewall firewall add rule + - action=allow + - program= + susp_image: + CommandLine|contains: + - '*%TEMP%*' + - '*:\RECYCLER\\*' + - '*C:\$Recycle.bin\\*' + - '*:\SystemVolumeInformation\\*' + - 'C:\\Windows\\Tasks\\*' + - 'C:\\Windows\\debug\\*' + - 'C:\\Windows\\fonts\\*' + - 'C:\\Windows\\help\\*' + - 'C:\\Windows\\drivers\\*' + - 'C:\\Windows\\addins\\*' + - 'C:\\Windows\\cursors\\*' + - 'C:\\Windows\\system32\tasks\\*' + - '*C:\Windows\Temp\\*' + - '*C:\Temp\\*' + - '*C:\Users\Public\\*' + - '%Public%\\*' + - '*C:\Users\Default\\*' + - '*C:\Users\Desktop\\*' + - '*\Downloads\\*' + - '*\Temporary Internet Files\Content.Outlook\\*' + - '*\Local Settings\Temporary Internet Files\\*' + condition: (selection1 or selection2) and susp_image +falsepositives: + - Legitimate administration +level: high diff --git a/rules/windows/sysmon/sysmon_renamed_jusched.yml b/rules/windows/process_creation/win_renamed_jusched.yml similarity index 100% rename from rules/windows/sysmon/sysmon_renamed_jusched.yml rename to rules/windows/process_creation/win_renamed_jusched.yml diff --git a/rules/windows/sysmon/sysmon_renamed_powershell.yml b/rules/windows/process_creation/win_renamed_powershell.yml similarity index 95% rename from rules/windows/sysmon/sysmon_renamed_powershell.yml rename to rules/windows/process_creation/win_renamed_powershell.yml index 157f5876..9522fcee 100644 --- a/rules/windows/sysmon/sysmon_renamed_powershell.yml +++ b/rules/windows/process_creation/win_renamed_powershell.yml @@ -10,7 +10,7 @@ tags: - car.2013-05-009 logsource: product: windows - service: sysmon + category: process_creation detection: selection: Description: 'Windows PowerShell' diff --git a/rules/windows/sysmon/sysmon_renamed_procdump.yml b/rules/windows/process_creation/win_renamed_procdump.yml similarity index 95% rename from rules/windows/sysmon/sysmon_renamed_procdump.yml rename to rules/windows/process_creation/win_renamed_procdump.yml index 803ad339..2fbe3a4a 100644 --- a/rules/windows/sysmon/sysmon_renamed_procdump.yml +++ b/rules/windows/process_creation/win_renamed_procdump.yml @@ -11,7 +11,7 @@ tags: - attack.t1036 logsource: product: windows - service: sysmon + category: process_creation detection: selection: OriginalFileName: 'procdump' diff --git a/rules/windows/sysmon/sysmon_renamed_psexec.yml b/rules/windows/process_creation/win_renamed_psexec.yml similarity index 96% rename from rules/windows/sysmon/sysmon_renamed_psexec.yml rename to rules/windows/process_creation/win_renamed_psexec.yml index 75d5838a..208af0d3 100644 --- a/rules/windows/sysmon/sysmon_renamed_psexec.yml +++ b/rules/windows/process_creation/win_renamed_psexec.yml @@ -10,7 +10,7 @@ tags: - car.2013-05-009 logsource: product: windows - service: sysmon + category: process_creation detection: selection: Description: 'Execute processes remotely' diff --git a/rules/windows/process_creation/win_susp_crackmapexec_execution.yml b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml new file mode 100644 index 00000000..ed8904ba --- /dev/null +++ b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml @@ -0,0 +1,37 @@ +title: CrackMapExec Command Execution +id: 058f4380-962d-40a5-afce-50207d36d7e2 +status: experimental +description: Detect various execution methods of the CrackMapExec pentesting framework +references: + - https://github.com/byt3bl33d3r/CrackMapExec +tags: + - attack.execution + - attack.t1047 + - attack.t1053 + - attack.t1086 +author: Thomas Patzke +date: 2020/05/22 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine: + # cme/protocols/smb/wmiexec.py (generalized execute_remote and execute_fileless) + - '*cmd.exe /Q /c * 1> \\\\*\\*\\* 2>&1' + # cme/protocols/smb/atexec.py:109 (fileless output via share) + - '*cmd.exe /C * > \\\\*\\*\\* 2>&1' + # cme/protocols/smb/atexec.py:111 (fileless output via share) + - '*cmd.exe /C * > *\\Temp\\* 2>&1' + # cme/helpers/powershell.py:139 (PowerShell execution with obfuscation) + - '*powershell.exe -exec bypass -noni -nop -w 1 -C "*' + # cme/helpers/powershell.py:149 (PowerShell execution without obfuscation) + - '*powershell.exe -noni -nop -w 1 -enc *' + condition: selection +fields: + - ComputerName + - User + - CommandLine +falsepositives: + - Unknown +level: high diff --git a/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml new file mode 100644 index 00000000..0d943703 --- /dev/null +++ b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml @@ -0,0 +1,37 @@ +title: CrackMapExec PowerShell Obfuscation +id: 6f8b3439-a203-45dc-a88b-abf57ea15ccf +status: experimental +description: The CrachMapExec pentesting framework implements a PowerShell obfuscation with some static strings detected by this rule. +references: + - https://github.com/byt3bl33d3r/CrackMapExec + - https://github.com/byt3bl33d3r/CrackMapExec/blob/0a49f75347b625e81ee6aa8c33d3970b5515ea9e/cme/helpers/powershell.py#L242 +tags: + - attack.execution + - attack.t1086 + - attack.defense_evasion + - attack.t1027 +author: Thomas Patzke +date: 2020/05/22 +logsource: + category: process_creation + product: windows +detection: + powershell_execution: + CommandLine|contains: 'powershell.exe' + snippets: + CommandLine|contains: + - 'join*split' + # Line 343ff + - "( $ShellId[1]+$ShellId[13]+'x')" + - '( $PSHome[*]+$PSHOME[*]+' + - "( $env:Public[13]+$env:Public[5]+'x')" + - "( $env:ComSpec[4,*,25]-Join'')" + - "[1,3]+'x'-Join'')" + condition: powershell_execution and snippets +fields: + - ComputerName + - User + - CommandLine +falsepositives: + - Unknown +level: high diff --git a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml similarity index 68% rename from rules/windows/sysmon/sysmon_susp_file_characteristics.yml rename to rules/windows/process_creation/win_susp_file_characteristics.yml index 27359b18..8243fe88 100644 --- a/rules/windows/sysmon/sysmon_susp_file_characteristics.yml +++ b/rules/windows/process_creation/win_susp_file_characteristics.yml @@ -1,20 +1,20 @@ title: Suspicious File Characteristics Due to Missing Fields id: 9637e8a5-7131-4f7f-bdc7-2b05d8670c43 -description: Detects Executables without FileVersion,Description,Product,Company likely created with py2exe +description: Detects Executables in the Downloads folder without FileVersion,Description,Product,Company likely created with py2exe status: experimental references: - https://securelist.com/muddywater/88059/ - https://www.virustotal.com/#/file/276a765a10f98cda1a38d3a31e7483585ca3722ecad19d784441293acf1b7beb/detection -author: Markus Neis +author: Markus Neis, Sander Wiebing date: 2018/11/22 -modified: 2019/11/09 +modified: 2020/05/26 tags: - attack.defense_evasion - attack.execution - attack.t1064 logsource: product: windows - service: sysmon + category: process_creation detection: selection1: Description: '\?' @@ -25,7 +25,9 @@ detection: selection3: Description: '\?' Company: '\?' - condition: 1 of them + folder: + Image: '*\Downloads\\*' + condition: (selection1 or selection2 or selection3) and folder fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/process_creation/win_susp_renamed_debugview.yml b/rules/windows/process_creation/win_susp_renamed_debugview.yml new file mode 100644 index 00000000..dcab5bd6 --- /dev/null +++ b/rules/windows/process_creation/win_susp_renamed_debugview.yml @@ -0,0 +1,23 @@ +title: Renamed SysInternals Debug View +id: cd764533-2e07-40d6-a718-cfeec7f2da7f +status: experimental +description: Detects suspicious renamed SysInternals DebugView execution +references: + - https://www.epicturla.com/blog/sysinturla +author: Florian Roth +date: 2020/05/28 +logsource: + category: process_creation + product: windows +detection: + selection: + Product: + - 'Sysinternals DebugView' + - 'Sysinternals Debugview' + filter: + OriginalFilename: 'Dbgview.exe' + Image|endswith: '\Dbgview.exe' + condition: selection and not filter +falsepositives: + - Unknown +level: high diff --git a/rules/windows/process_creation/win_system_exe_anomaly.yml b/rules/windows/process_creation/win_system_exe_anomaly.yml index da242270..809970e8 100644 --- a/rules/windows/process_creation/win_system_exe_anomaly.yml +++ b/rules/windows/process_creation/win_system_exe_anomaly.yml @@ -30,6 +30,13 @@ detection: - '*\winlogon.exe' - '*\explorer.exe' - '*\taskhost.exe' + - '*\Taskmgr.exe' + - '*\sihost.exe' + - '*\RuntimeBroker.exe' + - '*\smartscreen.exe' + - '*\dllhost.exe' + - '*\audiodg.exe' + - '*\wlanext.exe' filter: Image: - 'C:\Windows\System32\\*' diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml index 253824e2..dfe043a8 100644 --- a/rules/windows/process_creation/win_task_folder_evasion.yml +++ b/rules/windows/process_creation/win_task_folder_evasion.yml @@ -30,7 +30,6 @@ detection: fields: - CommandLine - ParentProcess - - CommandLine falsepositives: - Unknown level: high diff --git a/rules/windows/sysmon/sysmon_ads_executable.yml b/rules/windows/sysmon/sysmon_ads_executable.yml index 7e111015..dbb055ad 100644 --- a/rules/windows/sysmon/sysmon_ads_executable.yml +++ b/rules/windows/sysmon/sysmon_ads_executable.yml @@ -17,11 +17,11 @@ logsource: detection: selection: EventID: 15 - filter: - Imphash: - - '00000000000000000000000000000000' - - null - condition: selection and not filter + filter1: + Imphash: '00000000000000000000000000000000' + filter2: + Imphash: null + condition: selection and not 1 of filter* fields: - TargetFilename - Image diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml deleted file mode 100644 index 5a1abf5e..00000000 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_moduleload.yml +++ /dev/null @@ -1,26 +0,0 @@ -title: Alternate PowerShell Hosts Module Load -id: f67f6c57-257d-4919-a416-69cd31f9aac3 -description: Detects alternate PowerShell hosts potentially bypassing detections looking for powershell.exe -status: experimental -date: 2019/09/12 -modified: 2019/11/10 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/alternate_signed_powershell_hosts.md -tags: - - attack.execution - - attack.t1086 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Description: 'system.management.automation' - ImageLoaded|contains: 'system.management.automation' - filter: - Image|endswith: '\powershell.exe' - condition: selection and not filter -falsepositives: - - Programs using PowerShell directly without invocation of a dedicated interpreter. -level: high diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml index fb702e8a..067cd370 100644 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml +++ b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml @@ -18,7 +18,9 @@ detection: EventID: 17 PipeName|startswith: '\PSHost' filter: - Image|endswith: '\powershell.exe' + Image|endswith: + - '\powershell.exe' + - '\powershell_ise.exe' condition: selection and not filter fields: - ComputerName diff --git a/rules/windows/sysmon/sysmon_cmstp_execution.yml b/rules/windows/sysmon/sysmon_cmstp_execution.yml index 37a9827c..e3b04a18 100644 --- a/rules/windows/sysmon/sysmon_cmstp_execution.yml +++ b/rules/windows/sysmon/sysmon_cmstp_execution.yml @@ -31,6 +31,7 @@ detection: selection2: EventID: 12 TargetObject: '*\cmmgr32.exe*' + EventType: 'CreateKey' # Registry Object Value Set selection3: EventID: 13 diff --git a/rules/windows/sysmon/sysmon_creation_system_file.yml b/rules/windows/sysmon/sysmon_creation_system_file.yml new file mode 100644 index 00000000..9f8143c8 --- /dev/null +++ b/rules/windows/sysmon/sysmon_creation_system_file.yml @@ -0,0 +1,57 @@ +title: File Created with System Process Name +id: d5866ddf-ce8f-4aea-b28e-d96485a20d3d +status: experimental +description: Detects the creation of a executable with a sytem process name in a suspicious folder +references: + - https://attack.mitre.org/techniques/T1036/ +author: Sander Wiebing +date: 2020/05/26 +tags: + - attack.defense_evasion + - attack.t1036 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 11 + TargetFilename|endswith: + - '*\svchost.exe' + - '*\rundll32.exe' + - '*\services.exe' + - '*\powershell.exe' + - '*\regsvr32.exe' + - '*\spoolsv.exe' + - '*\lsass.exe' + - '*\smss.exe' + - '*\csrss.exe' + - '*\conhost.exe' + - '*\wininit.exe' + - '*\lsm.exe' + - '*\winlogon.exe' + - '*\explorer.exe' + - '*\taskhost.exe' + - '*\Taskmgr.exe' + - '*\taskmgr.exe' + - '*\sihost.exe' + - '*\RuntimeBroker.exe' + - '*\runtimebroker.exe' + - '*\smartscreen.exe' + - '*\dllhost.exe' + - '*\audiodg.exe' + - '*\wlanext.exe' + filter: + TargetFilename: + - 'C:\Windows\System32\\*' + - 'C:\Windows\system32\\*' + - 'C:\Windows\SysWow64\\*' + - 'C:\Windows\SysWOW64\\*' + - 'C:\Windows\winsxs\\*' + - 'C:\Windows\WinSxS\\*' + - '\SystemRoot\System32\\*' + condition: selection and not filter +fields: + - Image +falsepositives: + - System processes copied outside the default folder +level: high diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/sysmon/sysmon_cve-2020-1048.yml index 49159021..9c671ad3 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/sysmon/sysmon_cve-2020-1048.yml @@ -1,20 +1,15 @@ -action: global -title: Suspicious PrinterPorts Created (CVE-2020-1048) +title: Suspicious New Printer Ports in Registry (CVE-2020-1048) id: 7ec912f2-5175-4868-b811-ec13ad0f8567 status: experimental -description: Detects new registry printer port was created or powershell command add new printer port which point to suspicious file -author: EagleEye Team, Florian Roth +description: Detects a new and suspicious printer port creation in Registry that could be an attempt to exploit CVE-2020-1048 +author: EagleEye Team, Florian Roth, NVISO date: 2020/05/13 -modified: 2020/05/15 +modified: 2020/05/26 references: - https://windows-internals.com/printdemon-cve-2020-1048/ tags: - attack.persistence - attack.execution -falsepositives: - - New printer port install on host -level: high ---- logsource: service: sysmon product: windows @@ -28,21 +23,13 @@ detection: - SetValue - DeleteValue - CreateValue - TargetObject|contains: + Details|contains: - '.dll' - '.exe' + - '.bat' + - '.com' - 'C:' condition: selection ---- -logsource: - category: process_creation - product: windows -detection: - selection1: - CommandLine|contains: 'Add-PrinterPort -Name' - selection2: - CommandLine|contains: - - '.dll' - - '.exe' - condition: selection1 and selection2 - +falsepositives: + - New printer port install on host +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index 1b3c4afd..ea7a4ea4 100644 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -18,6 +18,7 @@ detection: - EventID: 12 # key create # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + EventType: 'CreateKey' # we don't want deletekey - EventID: 14 # key rename NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' condition: selection diff --git a/rules/windows/sysmon/sysmon_in_memory_powershell.yml b/rules/windows/sysmon/sysmon_in_memory_powershell.yml index d6108e16..56e6e453 100644 --- a/rules/windows/sysmon/sysmon_in_memory_powershell.yml +++ b/rules/windows/sysmon/sysmon_in_memory_powershell.yml @@ -23,8 +23,9 @@ detection: filter: Image|endswith: - '\powershell.exe' + - '\powershell_ise.exe' - '\WINDOWS\System32\sdiagnhost.exe' - User: 'NT AUTHORITY\SYSTEM' + # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM condition: selection and not filter falsepositives: - Used by some .NET binaries, minimal on user workstation. diff --git a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml index 0f6036df..54f7e04f 100644 --- a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml +++ b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml @@ -20,7 +20,7 @@ detection: condition: selection fields: - ComputerName - - TargetFileName + - TargetFilename falsepositives: - Dumping lsass memory for forensic investigation purposes by legitimate incident responder or forensic invetigator level: medium diff --git a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml index 65d99b28..e0131f92 100644 --- a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml +++ b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml @@ -16,6 +16,7 @@ logsource: detection: selection: EventID: 12 + EventType: 'CreateKey' # don't want DeleteKey events TargetObject: 'HKU\\*_Classes\CLSID\\*\TreatAs' condition: selection falsepositives: diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 6017a716..1c63a4c5 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*C:\Windows\assembly\*' + - 'C:\Windows\assembly\*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index a0f3ddae..354d7e8a 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' + - 'C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index 86aedc7e..77aaf326 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -16,12 +16,12 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*\kerberos.dll*' + - '*\kerberos.dll' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index 6f6c9f6b..43c5990a 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -4,12 +4,12 @@ status: experimental description: Detects suspicious new RUN key element pointing to an executable in a suspicious folder references: - https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html -author: Florian Roth, Markus Neis +author: Florian Roth, Markus Neis, Sander Wiebing tags: - attack.persistence - attack.t1060 date: 2018/08/25 -modified: 2020/02/26 +modified: 2020/05/24 logsource: product: windows service: sysmon @@ -21,8 +21,6 @@ detection: - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' Details: - '*C:\Windows\Temp\\*' - - '*\AppData\\*' - - '%AppData%\\*' - '*C:\$Recycle.bin\\*' - '*C:\Temp\\*' - '*C:\Users\Public\\*' @@ -31,12 +29,9 @@ detection: - '*C:\Users\Desktop\\*' - 'wscript*' - 'cscript*' - filter: - Details|contains: - - '\AppData\Local\Microsoft\OneDrive\' # OneDrive False Positives - condition: selection and not filter + condition: selection fields: - Image falsepositives: - - Software using the AppData folders for updates + - Software using weird folders for updates level: high diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index b371692e..c792c8c2 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -16,14 +16,14 @@ detection: selection: EventID: 7 Image: - - '*\winword.exe*' - - '*\powerpnt.exe*' - - '*\excel.exe*' - - '*\outlook.exe*' + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' ImageLoaded: - - '*\VBE7.DLL*' - - '*\VBEUI.DLL*' - - '*\VBE7INTL.DLL*' + - '*\VBE7.DLL' + - '*\VBEUI.DLL' + - '*\VBE7INTL.DLL' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml similarity index 79% rename from rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml rename to rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml index 556b2b6f..b5f36b4e 100644 --- a/rules/windows/sysmon/sysmon_minidumwritedump_lsass.yml +++ b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -1,12 +1,12 @@ -title: Dumping Lsass.exe Memory with MiniDumpWriteDump API -id: dd5ab153-beaa-4315-9647-65abc5f71541 +title: Load of dbghelp/dbgcore DLL from Suspicious Process +id: 0e277796-5f23-4e49-a490-483131d4f6e1 status: experimental -description: Detects the use of MiniDumpWriteDump API for dumping lsass.exe memory in a stealth way. Tools like ProcessHacker and some attacker tradecract use this +description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and transfer it over the network back to the attacker's machine. date: 2019/10/27 -modified: 2019/11/13 -author: Perez Diego (@darkquassar), oscd.community +modified: 2020/05/23 +author: Perez Diego (@darkquassar), oscd.community, Ecco references: - https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump - https://www.pinvoke.net/default.aspx/dbghelp/MiniDumpWriteDump.html @@ -35,7 +35,7 @@ detection: - '\outlook.exe' - '\monitoringhost.exe' - '\wmic.exe' - - '\msiexec.exe' + # - '\msiexec.exe' an installer installing a program using one of those DLL will raise an alert - '\bash.exe' - '\wscript.exe' - '\cscript.exe' @@ -62,4 +62,4 @@ fields: - ImageLoaded falsepositives: - Penetration tests -level: critical +level: high diff --git a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml index ef3fc978..9dbbf96a 100644 --- a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml @@ -27,12 +27,9 @@ detection: - '*\tsvipsrv.dll' - '*\wlbsctrl.dll' filter: - EventID: 7 - Image: - - '*\svchost.exe' ImageLoaded: - 'C:\Windows\WinSxS\*' condition: selection and not filter falsepositives: - Pentest -level: high \ No newline at end of file +level: high diff --git a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml b/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml index c26821f2..efb359ac 100644 --- a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml +++ b/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml @@ -11,7 +11,7 @@ detection: selection: EventID: 11 Image: '*\mstsc.exe' - TargetFileName: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' + TargetFilename: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' condition: selection falsepositives: - unknown diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 69fa4c76..8c660f19 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -29,9 +29,12 @@ detection: filter: Image|endswith: - '\WmiPrvSe.exe' - - '\WmiPrvSE.exe' - '\WmiAPsrv.exe' - '\svchost.exe' + - '\DeviceCensus.exe' + - '\CompatTelRunner.exe' + - '\sdiagnhost.exe' + - '\SIHClient.exe' condition: selection and not filter fields: - ComputerName diff --git a/tests/test_rules.py b/tests/test_rules.py index 881dbcd7..752611ed 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -486,6 +486,25 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with missing or malformed 'id' fields. Create an id (e.g. here: https://www.uuidgenerator.net/version4) and add it to the reported rule(s).") + def test_sysmon_rule_without_eventid(self): + faulty_rules = [] + for file in self.yield_next_rule_file_path(self.path_to_rules): + logsource = self.get_rule_part(file_path=file, part_name="logsource") + service = logsource.get('service', '') + if service.lower() == 'sysmon': + with open(file) as f: + found = False + for line in f: + if re.search(r'.*EventID:.*$', line): # might be on a single line or in multiple lines + found = True + break + if not found: + faulty_rules.append(file) + + self.assertEqual(faulty_rules, [], Fore.RED + + "There are rules using sysmon events but with no EventID specified") + + def test_missing_date(self): faulty_rules = [] for file in self.yield_next_rule_file_path(self.path_to_rules): @@ -538,7 +557,7 @@ class TestRules(unittest.TestCase): faulty_rules.append(file) wrong_casing = [] for word in title.split(" "): - if word.islower() and not word.lower() in allowed_lowercase_words and not "." in word and not word[0].isdigit(): + if word.islower() and not word.lower() in allowed_lowercase_words and not "." in word and not "/" in word and not word[0].isdigit(): wrong_casing.append(word) if len(wrong_casing) > 0: print(Fore.RED + "Rule {} has a title that has not title capitalization. Words: '{}'".format(file, ", ".join(wrong_casing))) diff --git a/tools/config/ala.yml b/tools/config/ala.yml new file mode 100644 index 00000000..1f4dd8ff --- /dev/null +++ b/tools/config/ala.yml @@ -0,0 +1,101 @@ +title: Azure Sentinel +order: 20 +backends: + - ala + - ala-rule +fieldmappings: + ComputerName: Computer + Event-ID: EventID + Event_ID: EventID + eventId: EventID + event_id: EventID + event-id: EventID + eventid: EventID + hashes: Hashes + file_hash: Hashes + url.query: URL + resource.URL: URL + src_ip: SourceIp + source.ip: SourceIp + FileName: TargetFilename + dst_ip: DestinationIP + destination.ip: DestinationIP + event_data.AccessMask: AccessMask + event_data.AllowedToDelegateTo: AllowedToDelegateTo + event_data.AttributeLDAPDisplayName: AttributeLDAPDisplayName + event_data.AuditPolicyChanges: AuditPolicyChanges + event_data.AuthenticationPackageName: AuthenticationPackageName + event_data.CallingProcessName: CallingProcessName + event_data.CallTrace": CallTrace + event_data.CommandLine: CommandLine + Commandline: CommandLine + cmd: CommandLine + event_data.ComputerName: ComputerName + event_data.CurrentDirectory: CurrentDirectory + event_data.Description: Description + event_data.DestinationHostname: DestinationHostname + event_data.DestinationIp: DestinationIp + event_data.DestinationPort: DestinationPort + event_data.Details: Details + event_data.EngineVersion: EngineVersion + event_data.EventType: EventType + event_data.FailureCode: FailureCode + event_data.FileName: FileName + event_data.GrantedAccess: GrantedAccess + event_data.GroupName: GroupName + event_data.GroupSid: GroupSid + event_data.Hashes: Hashes + event_data.HiveName: HiveName + event_data.HostVersion: HostVersion + Image: + service=security: Process + category=process_creation: NewProcessName + default: Image + event_data.Image: + service=security: Process + category=process_creation: NewProcessName + default: Image + event_data.ImageLoaded": ImageLoaded + event_data.ImagePath: ImagePath + event_data.Imphash: Imphash + event_data.IpAddress: IpAddress + event_data.KeyLength: KeyLength + event_data.LogonProcessName: LogonProcessName + event_data.LogonType: LogonType + event_data.NewProcessName: NewProcessName + event_data.ObjectClass: ObjectClass + event_data.ObjectName: ObjectName + event_data.ObjectType: ObjectType + event_data.ObjectValueName: ObjectValueName + event_data.ParentCommandLine: ParentCommandLine + event_data.ParentImage: + category=process_creation: ParentProcessName + default: ParentImage + ParentImage: + category=process_creation: ParentProcessName + default: ParentImage + event_data.ParentProcessName: ParentProcessName + event_data.Path: Path + event_data.PipeName: PipeName + event_data.ProcessCommandLine: CommanProcessCommandLinedLine + event_data.ProcessName: ProcessName + event_data.Properties: Properties + event_data.SecurityID: SecurityID + event_data.ServiceFileName: ServiceFileName + event_data.ServiceName: ServiceName + event_data.ShareName: ShareName + event_data.Signature: Signature + event_data.Source: Source + event_data.SourceImage: SourceImage + event_data.StartModule: StartModule + event_data.Status: Status + event_data.SubjectUserName: SubjectUserName + event_data.SubjectUserSid: SubjectUserSid + event_data.TargetFilename: TargetFilename + event_data.TargetImage: TargetImage + event_data.TargetObject: TargetObject + event_data.TicketEncryptionType: TicketEncryptionType + event_data.TicketOptions: TicketOptions + event_data.User: User + event_data.WorkstationName: WorkstationName + diff --git a/tools/config/arcsight-zeek.yml b/tools/config/arcsight-zeek.yml index 08050e8f..f9544552 100644 --- a/tools/config/arcsight-zeek.yml +++ b/tools/config/arcsight-zeek.yml @@ -498,7 +498,7 @@ fieldmappings: #service=socks: status_msg: - 'message' - #subject: + subject: - 'message' #service=known_certs: #service=sip: @@ -967,7 +967,7 @@ fieldmappings: auth_success: name cipher_alg: message #client: deviceCustomString5 - compression_alg: + compression_alg: cshka: message direction: deviceDirection hassh: message @@ -1054,4 +1054,117 @@ fieldmappings: id_orig_h: sourceAddress id_orig_p: sourcePort id_resp_h: destinationAddress - id_resp_p: destinationPort \ No newline at end of file + id_resp_p: destinationPort + # Temporary one off rule name fields + cs-uri: requestUrl + destination.domain: + destination.ip: destinationAddress + destination.port: destinationPort + http.response.status_code: deviceSeverity + #http.request.body.content + source.domain: + #sourceAddress: #TONOTE: is arcsight + source.port: sourcePort + agent.version: deviceCustomString2 + c-ip: sourceAddress + clientip: sourceAddress + clientIP: sourceAddress + dest_domain: + - url.domain + dest_ip: destinationAddress + dest_port: destinationPort + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: destinationHostName + #DestinationAddress: #TONOTE: is arcsight + #DestinationHostname: #TONOTE: is arcsight + DestinationIp: destinationAddress + DestinationIP: destinationAddress + DestinationPort: destinationPort + dst-ip: destinationAddress + dstip: destinationAddress + dstport: destinationPort + Host: requestHost + #host: + HostVersion: deviceCustomString2 + http_host: destinationHostName + http_uri: requestUrl + http_url: requestUrl + http_user_agent: + - deviceCustomString5 + - requestClientApplication + http.request.url-query-params: + - requestUrl + - requestUrlQuery + HttpMethod: requestMethod + in_url: requestUrl + #parent_domain: + # - url.registered_domain + # - destination.registered_domain + post_url_parameter: requestUrl + Request Url: requestUrl + request_url: requestUrl + request_URL: requestUrl + RequestUrl: requestUrl + #response: http.response.status_code + resource.url: requestUrl + resource.URL: requestUrl + sc_status: deviceSeverity + sender_domain: message + service.response_code: deviceSeverity + SourceAddr: sourceAddress + SourceAddress: sourceAddress + SourceIP: sourceAddress + SourceIp: sourceAddress + SourceNetworkAddress: + - source.address + - sourceAddress + SourcePort: sourcePort + srcip: sourceAddress + Status: deviceSeverity + #status: deviceSeverity + url: requestUrl + URL: requestUrl + url_query: + - requestUrl + - requestUrlQuery + url.query: + - requestUrl + - requestUrlQuery + uri_path: requestUrl + #user_agent: user_agent.original + user_agent.name: + - deviceCustomString5 + - requestClientApplication + user-agent: + - deviceCustomString5 + - requestClientApplication + User-Agent: + - deviceCustomString5 + - requestClientApplication + useragent: + - deviceCustomString5 + - requestClientApplication + UserAgent: + - deviceCustomString5 + - requestClientApplication + User Agent: + - deviceCustomString5 + - requestClientApplication + web_dest: destinationHostName + web.dest: destinationHostName + Web.dest: destinationHostName + web.host: destinationHostName + Web.host: destinationHostName + web_method: requestMethod + Web_method: requestMethod + web.method: requestMethod + Web.method: requestMethod + web_src: sourceAddress + web_status: deviceSeverity + Web_status: deviceSeverity + web.status: deviceSeverity + Web.status: deviceSeverity + web_uri: requestUrl + web_url: requestUrl diff --git a/tools/config/arcsight.yml b/tools/config/arcsight.yml index f6a9bc53..d9dd1d7b 100644 --- a/tools/config/arcsight.yml +++ b/tools/config/arcsight.yml @@ -349,4 +349,132 @@ fieldmappings: keywords: - deviceCustomString1 ScriptBlockText: - - deviceCustomString1 \ No newline at end of file + - deviceCustomString1 + AccessMask: deviceCustomString1 + AccountName: deviceCustomString1 + AllowedToDelegateTo: deviceCustomString1 + AttributeLDAPDisplayName: deviceCustomString1 + AuditPolicyChanges: deviceCustomString1 + AuthenticationPackageName: deviceCustomString1 + CallingProcessName: deviceCustomString1 + Command: deviceCustomString1 + Command_Line: deviceCustomString1 + ComputerName: deviceCustomString1 + destination.domain: deviceCustomString1 + DestinationIP: deviceCustomString1 + EngineVersion: deviceCustomString1 + Event: deviceCustomString1 + event.category: deviceCustomString1 + event.raw: deviceCustomString1 + event_data.AccessMask: deviceCustomString1 + event_data.AccountName: deviceCustomString1 + event_data.AllowedToDelegateTo: deviceCustomString1 + event_data.AttributeLDAPDisplayName: deviceCustomString1 + event_data.AuditPolicyChanges: deviceCustomString1 + event_data.AuthenticationPackageName: deviceCustomString1 + event_data.CallingProcessName: deviceCustomString1 + event_data.CallTrace: deviceCustomString1 + event_data.CommandLine: deviceCustomString1 + event_data.ComputerName: deviceCustomString1 + event_data.CurrentDirectory: deviceCustomString1 + event_data.Description: deviceCustomString1 + event_data.DestinationHostname: deviceCustomString1 + event_data.DestinationIp: deviceCustomString1 + event_data.DestinationIsIpv6: deviceCustomString1 + event_data.DestinationPort: deviceCustomString1 + event_data.Details: deviceCustomString1 + event_data.EngineVersion: deviceCustomString1 + event_data.EventType: deviceCustomString1 + event_data.FailureCode: deviceCustomString1 + event_data.FileName: deviceCustomString1 + event_data.GrantedAccess: deviceCustomString1 + event_data.GroupName: deviceCustomString1 + event_data.GroupSid: deviceCustomString1 + event_data.Hashes: deviceCustomString1 + event_data.HiveName: deviceCustomString1 + event_data.HostVersion: deviceCustomString1 + event_data.Image: deviceCustomString1 + event_data.ImageLoaded: deviceCustomString1 + event_data.ImagePath: deviceCustomString1 + event_data.Imphash: deviceCustomString1 + event_data.IpAddress: deviceCustomString1 + event_data.KeyLength: deviceCustomString1 + event_data.LogonProcessName: deviceCustomString1 + event_data.LogonType: deviceCustomString1 + event_data.NewProcessName: deviceCustomString1 + event_data.ObjectClass: deviceCustomString1 + event_data.ObjectName: deviceCustomString1 + event_data.ObjectType: deviceCustomString1 + event_data.ObjectValueName: deviceCustomString1 + event_data.ParentCommandLine: deviceCustomString1 + event_data.ParentImage: deviceCustomString1 + event_data.ParentProcessName: deviceCustomString1 + event_data.Path: deviceCustomString1 + event_data.PipeName: deviceCustomString1 + event_data.ProcessCommandLine: deviceCustomString1 + event_data.ProcessName: deviceCustomString1 + event_data.Properties: deviceCustomString1 + event_data.SecurityID: deviceCustomString1 + event_data.ServiceFileName: deviceCustomString1 + event_data.ServiceName: deviceCustomString1 + event_data.ShareName: deviceCustomString1 + event_data.Signature: deviceCustomString1 + event_data.Source: deviceCustomString1 + event_data.SourceImage: deviceCustomString1 + event_data.StartModule: deviceCustomString1 + event_data.Status: deviceCustomString1 + event_data.SubjectUserName: deviceCustomString1 + event_data.SubjectUserSid: deviceCustomString1 + event_data.TargetFilename: deviceCustomString1 + event_data.TargetImage: deviceCustomString1 + event_data.TargetObject: deviceCustomString1 + event_data.TicketEncryptionType: deviceCustomString1 + event_data.TicketOptions: deviceCustomString1 + event_data.User: deviceCustomString1 + event_data.WorkstationName: deviceCustomString1 + FailureCode: deviceCustomString1 + GroupName: deviceCustomString1 + GroupSid: deviceCustomString1 + hashes: deviceCustomString1 + Header.Accept: deviceCustomString1 + HiveName: deviceCustomString1 + host.scan.vuln_name: deviceCustomString1 + HostVersion: deviceCustomString1 + ImagePath: deviceCustomString1 + Imphash: deviceCustomString1 + IpAddress: deviceCustomString1 + IpPort: deviceCustomString1 + KeyLength: deviceCustomString1 + log_name: deviceCustomString1 + LogonType: deviceCustomString1 + NewProcessName: deviceCustomString1 + ObjectClass: deviceCustomString1 + ObjectName: deviceCustomString1 + ObjectType: deviceCustomString1 + ObjectValueName: deviceCustomString1 + ParentProcessName: deviceCustomString1 + Path: deviceCustomString1 + ProcessCommandLine: deviceCustomString1 + ProcessName: deviceCustomString1 + Properties: deviceCustomString1 + resource.URL: deviceCustomString1 + SecurityEvent: deviceCustomString1 + SecurityID: deviceCustomString1 + SelectionURL: deviceCustomString1 + ServiceFileName: deviceCustomString1 + ServiceName: deviceCustomString1 + ShareName: deviceCustomString1 + Source: deviceCustomString1 + source_name: deviceCustomString1 + SourceIP: deviceCustomString1 + Status: deviceCustomString1 + SubjectDomainName: deviceCustomString1 + SubjectUserName: deviceCustomString1 + SubjectUserSid: deviceCustomString1 + SysmonEvent: deviceCustomString1 + TargetDomainName: deviceCustomString1 + TargetUserSid: deviceCustomString1 + TicketEncryptionType: deviceCustomString1 + TicketOptions: deviceCustomString1 + winlog.channel: deviceCustomString1 + WorkstationName: deviceCustomString1 \ No newline at end of file diff --git a/tools/config/crowdstrike.yml b/tools/config/crowdstrike.yml new file mode 100644 index 00000000..8a90c07e --- /dev/null +++ b/tools/config/crowdstrike.yml @@ -0,0 +1,19 @@ +title: Splunk Windows log source conditions +order: 20 +backends: + - crowdstrike +logsources: + windows-sysmon: + product: windows + service: sysmon + conditions: + EventID: 1 + process_creation_1: + category: process_creation + product: windows + +fieldmappings: + EventID: EventID + CommandLine: Commandline + Command_Line: Commandline + Image: ImageFileName diff --git a/tools/config/ecs-cloudtrail.yml b/tools/config/ecs-cloudtrail.yml new file mode 100644 index 00000000..fe9419bd --- /dev/null +++ b/tools/config/ecs-cloudtrail.yml @@ -0,0 +1,60 @@ +title: Elastic Common Schema And Elastic Exported Fields Mapping For AWS CloudTrail Logs +order: 20 +backends: + - es-qs + - es-dsl + - es-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +fieldmappings: + additionalEventdata: aws.cloudtrail.additional_eventdata + apiVersion: aws.cloudtrail.api_version + awsRegion: cloud.region + errorCode: aws.cloudtrail.error_code + errorMessage: aws.cloudtrail.error_message + eventID: event.id + eventName: event.action + eventSource: event.provider + eventTime: '@timestamp' + eventType: aws.cloudtrail.event_type + eventVersion: aws.cloudtrail.event_version + managementEvent: aws.cloudtrail.management_event + readOnly: aws.cloudtrail.read_only + requestID: aws.cloudtrail.request_id + requestParameters: aws.cloudtrail.request_parameters + resources.accountId: aws.cloudtrail.resources.account_id + resources.ARN: aws.cloudtrail.resources.arn + resources.type: aws.cloudtrail.resources.type + responseElements: aws.cloudtrail.response_elements + serviceEventDetails: aws.cloudtrail.service_event_details + sharedEventId: aws.cloudtrail.shared_event_id + sourceIPAddress: source.address + userAgent: user_agent + userIdentity.accessKeyId: aws.cloudtrail.user_identity.access_key_id + userIdentity.accountId: cloud.account.id + userIdentity.arn: aws.cloudtrail.user_identity.arn + userIdentity.invokedBy: aws.cloudtrail.user_identity.invoked_by + userIdentity.principalId: user.id + userIdentity.sessionContext.attributes.creationDate: aws.cloudtrail.user_identity.session_context.creation_date + userIdentity.sessionContext.attributes.mfaAuthenticated: aws.cloudtrail.user_identity.session_context.mfa_authenticated + userIdentity.type: aws.cloudtrail.user_identity.type + userIdentity.userName: user.name + vpcEndpointId: aws.cloudtrail.vpc_endpoint_id +overrides: + - field: event.outcome + value: failure + regexes: + - (\(\(aws.cloudtrail.error_message.keyword:.* event.action:\"ConsoleLogin\"\)\)) + - (\(\(aws.cloudtrail.error_code.keyword:.* event.action:\"ConsoleLogin\"\)\)) + - (\(\(aws.cloudtrail.error_message.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)\)) + - (\(\(aws.cloudtrail.error_code.keyword:.* aws.cloudtrail.response_elements.keyword:\*Failure\*\)\)) + - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_message.keyword:\*\)\)) + - (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)\)) + - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)\)) + - (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)\)) + - field: event.outcome + value: success + literals: + - 'NOT (event.outcome:failure)' \ No newline at end of file diff --git a/tools/config/ecs-dns.yml b/tools/config/ecs-dns.yml new file mode 100644 index 00000000..d41c0639 --- /dev/null +++ b/tools/config/ecs-dns.yml @@ -0,0 +1,69 @@ +title: Elastic Common Schema mapping for proxy and webserver logs including NSM DNS logs (zeek/suricata) +order: 20 +backends: + - es-qs + - es-dsl + - elasticsearch-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +# zeek-category-dns: + # category: dns + # conditions: + # event.dataset: dns +# zeek-dns: + # product: zeek + # service: dns + # conditions: + # event.dataset: dns +defaultindex: + - filebeat-* +# logsourcemerging: or +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst: + - destination.address + - destination.ip + dst_ip: + - destination.address + - destination.ip + dst_port: destination.port + src: + - source.address + - source.ip + src_ip: + - source.address + - source.ip + src_port: source.port + # DNS Taxonomy + answer: dns.answers.name + c-dns: dns.question.name + parent_domain: dns.question.registered_domain + query: dns.question.name + QueryName: dns.question.name + r-dns: dns.question.name + record_type: dns.answers.type + response: dns.answers + #question_length: + # Zeek DNS specific + AA: dns.AA + addl: dns.addl + answers: dns.answers.name + auth: dns.auth + qclass_name: dns.question.class + qclass: dns.qclass + qtype_name: dns.question.type + qtype: dns.qtype + query: dns.question.name + #question_length: labels.dns.query_length + RA: dns.RA + rcode_name: dns.response_code + rcode: dns.rcode + RD: dns.RD + rejected: dns.rejected + rtt: dns.rtt + TC: dns.TC + trans_id: dns.id + TTLs: dns.answers.ttl + Z: dns.Z diff --git a/tools/config/ecs-proxy.yml b/tools/config/ecs-proxy.yml index 38fa49e5..0659f7c3 100644 --- a/tools/config/ecs-proxy.yml +++ b/tools/config/ecs-proxy.yml @@ -1,30 +1,222 @@ -title: Elastic Common Schema mapping for proxy logs +title: Elastic Common Schema mapping for proxy and webserver logs including NSM logs (zeek/suricata) order: 20 backends: - es-qs - es-dsl - es-rule + - corelight_elasticsearch-rule - kibana - xpack-watcher - elastalert - elastalert-dsl - ee-outliers -logsources: - proxy: - category: proxy - index: filebeat-* +defaultindex: + - filebeat-* fieldmappings: - c-uri: url.original + # All Logs Applied Mapping & Taxonomy + dst: + - destination.address + - destination.ip + dst_ip: + - destination.address + - destination.ip + dst_port: destination.port + src: + - source.address + - source.ip + src_ip: + - source.address + - source.ip + src_port: source.port + # Web/Proxy Taxonomy + cs-bytes: http.request.body.bytes + cs-cookie-vars: http.cookie_vars c-uri-extension: url.extension c-uri-query: url.query c-uri-stem: url.original + c-uri: url.original c-useragent: user_agent.original cs-bytes: http.request.body.bytes cs-cookie: http.cookie - cs-host: url.domain + cs-host: + - url.domain + - destination.domain cs-method: http.request.method cs-referrer: http.request.referrer cs-version: http.version - r-dns: url.domain - sc-status: http.response.status_code + r-dns: + - destination.domain + - url.domain sc-bytes: http.response.body.bytes + sc-status: http.response.status_code + # Temporary one off rule name fields + destination.domain: + # destination.ip: + # destination.port: + # http.response.status_code + # http.request.body.content + # source.domain: + # source.ip: + # source.port: + agent.version: http.version + c-ip: + - source.address + - source.ip + clientip: + - source.address + - source.ip + clientIP: + - source.address + - source.ip + dest_domain: + - destination.domain + - url.domain + dest_ip: + - destination.address + - destination.ip + dest_port: destination.port + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + - destination.domain + - url.domain + DestinationAddress: + DestinationHostname: + - destination.domain + - url.domain + DestinationIp: + - destination.address + - destination.ip + DestinationIP: + - destination.address + - destination.ip + DestinationPort: destination.port + dst-ip: + - destination.address + - destination.ip + dstip: + - destination.address + - destination.ip + dstport: destination.port + Host: + - destination.domain + - url.domain + host: + - destination.domain + - url.domain + HostVersion: http.version + http_host: + - destination.domain + - url.domain + http_uri: url.original + http_url: url.original + http_user_agent: user_agent.original + http.request.url-query-params: url.original + HttpMethod: http.request.method + in_url: url.original + parent_domain: + - url.registered_domain + - destination.registered_domain + post_url_parameter: url.original + Request Url: url.original + request_url: url.original + request_URL: url.original + RequestUrl: url.original + response: http.response.status_code + resource.url: url.original + resource.URL: url.original + sc_status: http.response.status_code + sender_domain: + - destination.domain + - url.domain + service.response_code: http.response.status_code + source: + - source.address + - source.ip + SourceAddr: + - source.address + - source.ip + SourceAddress: + - source.address + - source.ip + SourceIP: + - source.address + - source.ip + SourceIp: + - source.address + - source.ip + SourceNetworkAddress: + - source.address + - source.ip + SourcePort: source.port + srcip: + - source.address + - source.ip + Status: http.response.status_code + status: http.response.status_code + url: url.original + URL: url.original + url_query: url.original + url.query: url.original + uri_path: url.original + user_agent: user_agent.original + user_agent.name: user_agent.original + user-agent: user_agent.original + User-Agent: user_agent.original + useragent: user_agent.original + UserAgent: user_agent.original + web_dest: + - url.domain + - destination.domain + web.dest: + - url.domain + - destination.domain + Web.dest: + - url.domain + - destination.domain + web.host: + - url.domain + - destination.domain + Web.host: + - url.domain + - destination.domain + web_method: http.request.method + Web_method: http.request.method + web.method: http.request.method + Web.method: http.request.method + web_src: + - source.address + - source.ip + web_status: http.response.status_code + Web_status: http.response.status_code + web.status: http.response.status_code + Web.status: http.response.status_code + web_uri: url.original + web_url: url.original + # Zeek HTTP as Proxy/Web + client_header_names: http.client_header_names + cookie_vars: http.cookie_vars + flash_version: http.flash_version + info_code: http.info_code + info_msg: http.info_msg + method: http.request.method + omniture: http.omniture + orig_filenames: http.orig_filenames + orig_mime_types: http.orig_mime_types + origin: http.origin + #password: source.user.password + post_body: http.post_body + proxied: http.proxied + referrer: http.request.referrer + request_body_len: http.request.body.bytes + resp_filenames: http.resp_filenames + resp_mime_types: http.resp_mime_types + response_body_len: http.response.body.bytes + server_header_names: http.server_header_names + status_code: http.response.status_code + status_msg: http.status_msg + trans_depth: http.trans_depth + uri_vars: http.uri_vars + username: source.user.name + version: http.version diff --git a/tools/config/ecs-zeek-corelight.yml b/tools/config/ecs-zeek-corelight.yml index 9d6a29e3..0707a7f7 100644 --- a/tools/config/ecs-zeek-corelight.yml +++ b/tools/config/ecs-zeek-corelight.yml @@ -35,16 +35,18 @@ logsources: rewrite: product: zeek service: dns + conditions: + event.dataset: dns zeek-category-proxy: category: proxy rewrite: - product: zeek - service: http + product: zeek + service: http zeek-category-webserver: category: webserver rewrite: - product: zeek - service: http + product: zeek + service: http zeek-conn: product: zeek service: conn @@ -396,134 +398,250 @@ fieldmappings: uid: log.id.uid uids: log.id.uids uuid: log.id.uuid - # Overlapping fields/mappings (aka: shared fields) + # Deep mappings / Overlapping fields/mappings (aka: shared fields) #_action - action: '*.action' + action: + #- '*.action' + service=mqtt: mqtt.action + service=smb_files: smb.action + service=tunnel: tunnel.action mqtt_action: smb.action smb_action: smb.action tunnel_action: tunnel.action #_addl - addl: weird.addl + addl: + #- '*.addl' + service=dns: dns.addl + service=weird: weird.addl dns_addl: dns.addl weird_addl: weird.addl #_analyzer - analyzer: '*.analyzer' + analyzer: + #- '*.analyzer' + service=dpd: dpd.analyzer + service=files: files.analyzer dpd_analyzer: dpd.analyzer files_analyzer: file.analyzer #_arg - arg: '*.arg' + arg: + #- '*.arg' + service=ftp: ftp.arg + service=msqyl: mysql.arg + service=pop3: pop3.arg ftp_arg: ftp.arg - pop3_arg: pop3.arg mysql_arg: mysql.arg + pop3_arg: pop3.arg #_auth - #auth: - #service=rfb: rfb.auth #RFB does not exist in newer logs, so skipping to cover dns.auth + auth: + #- dns.auth + service=dns: dns.auth + service=rfb: rfb.auth dns_auth: dns.auth rfb_auth: rfb.auth #_cipher - cipher: tls.cipher + cipher: + #- '*.client' + service=kerberos: kerberos.cipher + service=ssl: tls.cipher kerberos_cipher: kerberos.cipher + ssl_cipher: tls.cipher tls_cipher: tls.cipher #_client - client: '*.client' + client: + #- '*.client' + service=kerberos: kerberos.client + service=ssh: ssh.client kerberos_client: kerberos.client ssh_client: ssh.client #_command - command: '*.command' + command: + #- '*.command' + service=irc: irc.command + service=ftp: ftp.command + service=pop3: pop3.command ftp_command: ftp.command - irc_command: ssh.client + irc_command: irc.command pop3_command: pop3.command #_date - date: '*.date' + date: + #- '*.date' + service=sip: sip.date + service=smtp: smtp.date sip_date: sip.date smtp_date: smtp.date #_duration - duration: event.duration + duration: + #- event.duration + service=conn: event.duration + service=files: files.duration + service=snmp: event.duration conn_duration: event.duration files_duration: files.duration snmp_duration: event.duration #_from - from: '*.from' + from: + #- '*.from' + service=kerberos: kerberos.from + service=smtp: smtp.from kerberos_from: kerberos.from smtp_from: smtp.from #_is_orig - is_orig: '*.is_orig' - is_orig_file: file.is_orig - is_orig_pop3: pop3.is_orig + is_orig: + #- '*.is_orig' + service=file: file.is_orig + service=pop3: pop3.is_orig + files_is_orig: file.is_orig + pop3_is_orig: pop3.is_orig #_local_orig - local_orig: '*.local_orig' + local_orig: + #- '*.local_orig' + service=conn: conn.local_orig + service=files: file.local_orig conn_local_orig: conn.local_orig files_local_orig: file.local_orig #_method - method: http.request.method + method: + #- http.request.method + service=http: http.request.method + service=sip: sip.method http_method: http.request.method sip_method: sip.method #_msg - msg: notice.msg + msg: + #- notice.msg + service=notice: notice.msg + service=pop3: pop3.msg notice_msg: notice.msg pop3_msg: pop3.msg #_name - name: file.name + name: + #- file.name + service=smb_files: file.name + service=software: software.name + service=weird: weird.name smb_files_name: file.name software_name: software.name weird_name: weird.name #_path - path: file.path + path: + #- file.path + service=smb_files: file.path + service=smb_mapping: file.path + service=smtp: smtp.path smb_files_path: file.path smb_mapping_path: file.path smtp_path: smtp.path #_reply_msg - reply_msg: '*.reply_msg' + reply_msg: + #- '*.reply_msg' + service=ftp: ftp.reply_msg + service=radius: radius.reply_msg ftp_reply_msg: ftp.reply_msg radius_reply_msg: radius.reply_msg #_reply_to - reply_to: '*.reply_to' + reply_to: + #- '*.reply_to' + service=sip: sip.reply_to + service=smtp: smtp.reply_to sip_reply_to: sip.reply_to smtp_reply_to: smtp.reply_to #_response_body_len - response_body_len: http.response.body.bytes + response_body_len: + #- http.response.body.bytes + service=http: http.response.body.bytes + service=sip: sip.response_body_len http_response_body_len: http.response.body.bytes sip_response_body_len: sip.response_body_len #_request_body_len - request_body_len: http.request.body.bytes + request_body_len: + #- http.request.body.bytes + service=http: http.response.body.bytes + service=sip: sip.request_body_len http_request_body_len: http.response.body.bytes sip_request_body_len: sip.response_body_len + #_rtt + #rtt: + #- event.duration + #- 'zeek.*.rtt' + #service=dns: event.duration + #service=dce_rpc: event.duration + dns_rtt: event.duration + dce_rpc_rtt: event.duration #_service - service: '*.service' + service: + #- '*.service' + service=kerberos: kerberos.service + service=smb_mapping: smb.service kerberos_service: kerberos.service smb_mapping_kerberos: smb.service #_status - status: '*.status' + status: + #- '*.status' + service=mqtt: mqtt.status + service=pop3: pop3.status + service=socks: socks.status mqtt_status: mqtt.status pop3_status: pop3.status socks_status: socks.status #_status_code - status_code: 'http.response.status_code' + status_code: + #- 'http.response.status_code' + service=http: http.response.status_code + service=sip: sip.status_code http_status_code: http.response.status_code sip_status_code: sip.status_code #_status_msg - status_msg: http.status_msg + status_msg: + #- '*.status_msg' + service=http: http.status_msg + service=sip: sip.status_msg http_status_msg: http.status_msg sip_status_msg: sip.status_msg #_subject - subject: tls.subject + subject: + #- '*.subject' + service=known_certs: known_certs.subject + service=sip: sip.subject + service=smtp: smtp.subject + service=ssl: tls.subject known_certs_subject: known_certs.subject sip_subject: sip.subject smtp_subject: smtp.subject ssl_subject: tls.subject + #_service + #_trans_depth - trans_depth: '*.trans_depth' + trans_depth: + #- '*.trans_depth' + service=http: http.trans_depth + service=sip: sip.trans_depth + service=smtp: smtp.trans_depth http_trans_depth: http.trans_depth sip_trans_depth: sip.trans_depth smtp_trans_depth: smtp.trans_depth + #_user_agent + #user_agent: #already normalized + http_user_agent: user_agent.original + gquic_user_agent: user_agent.original + sip_user_agent: user_agent.original + smtp_user_agent: user_agent.original #_version - version: '*.version' + version: + #- '*.version' + service=gquic: gquic.version + service=http: http.version + service=ntp: ntp.version + service=socks: socks.version + service=snmp: snmp.version + service=ssh: ssh.version + service=tls: tls.version gquic_version: gquic.version http_version: http.version ntp_version: ntp.version socks_version: socks.version snmp_version: snmp.version ssh_version: ssh.version + ssl_version: tls.version tls_version: tls.version # Conn and Conn Long cache_add_rx_ev: conn.cache_add_rx_ev @@ -579,7 +697,6 @@ fieldmappings: # DNS AA: dns.AA #addl: dns.addl - auth: dns.auth answers: dns.answers.name TTLs: dns.answers.ttl RA: dns.RA @@ -1055,11 +1172,119 @@ fieldmappings: id_resp_p: destination.port # Temporary one off rule name fields cs-uri: url.original + # destination.domain: + # destination.ip: + # destination.port: + # http.response.status_code + # http.request.body.content + # source.domain: + # source.ip: + # source.port: + agent.version: http.version + c-ip: source.ip clientip: source.ip - clientIP: source.io + clientIP: source.ip dest_domain: - - query - - host - - server_name + - destination.domain + - url.domain dest_ip: destination.ip - dest_port: destination.port \ No newline at end of file + dest_port: destination.port + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + - destination.domain + - url.domain + DestinationAddress: destination.ip + DestinationHostname: + - destination.domain + - url.domain + DestinationIp: destination.ip + DestinationIP: destination.ip + DestinationPort: destination.port + dst-ip: destination.ip + dstip: destination.ip + dstport: destination.port + Host: + - destination.domain + - url.domain + #host: + # - destination.domain + # - url.domain + HostVersion: http.version + http_host: + - destination.domain + - url.domain + http_uri: url.original + http_url: url.original + #http_user_agent: user_agent.original + http.request.url-query-params: url.original + HttpMethod: http.request.method + in_url: url.original + #parent_domain: + # - url.registered_domain + # - destination.registered_domain + post_url_parameter: url.original + Request Url: url.original + request_url: url.original + request_URL: url.original + RequestUrl: url.original + #response: http.response.status_code + resource.url: url.original + resource.URL: url.original + sc_status: http.response.status_code + sender_domain: + - destination.domain + - url.domain + service.response_code: http.response.status_code + SourceAddr: + - source.address + - source.ip + SourceAddress: source.ip + SourceIP: source.ip + SourceIp: source.ip + SourceNetworkAddress: + - source.address + - source.ip + SourcePort: source.port + srcip: source.ip + Status: http.response.status_code + #status: http.response.status_code + url: url.original + URL: url.original + url_query: url.original + url.query: url.original + uri_path: url.original + #user_agent: user_agent.original + user_agent.name: user_agent.original + user-agent: user_agent.original + User-Agent: user_agent.original + useragent: user_agent.original + UserAgent: user_agent.original + User Agent: user_agent.original + web_dest: + - url.domain + - destination.domain + web.dest: + - url.domain + - destination.domain + Web.dest: + - url.domain + - destination.domain + web.host: + - url.domain + - destination.domain + Web.host: + - url.domain + - destination.domain + web_method: http.request.method + Web_method: http.request.method + web.method: http.request.method + Web.method: http.request.method + web_src: source.ip + web_status: http.response.status_code + Web_status: http.response.status_code + web.status: http.response.status_code + Web.status: http.response.status_code + web_uri: url.original + web_url: url.original diff --git a/tools/config/elk-defaultindex-filebeat.yml b/tools/config/elk-defaultindex-filebeat.yml new file mode 100644 index 00000000..24f52574 --- /dev/null +++ b/tools/config/elk-defaultindex-filebeat.yml @@ -0,0 +1,2 @@ +defaultindex: + - filebeat-* diff --git a/tools/config/elk-defaultindex-logstash.yml b/tools/config/elk-defaultindex-logstash.yml new file mode 100644 index 00000000..7c826199 --- /dev/null +++ b/tools/config/elk-defaultindex-logstash.yml @@ -0,0 +1,2 @@ +defaultindex: + - logstash-* diff --git a/tools/config/elk-defaultindex.yml b/tools/config/elk-defaultindex.yml new file mode 100644 index 00000000..99a94b8f --- /dev/null +++ b/tools/config/elk-defaultindex.yml @@ -0,0 +1,3 @@ +defaultindex: + - logstash-* + - filebeat-* diff --git a/tools/config/elk-linux.yml b/tools/config/elk-linux.yml new file mode 100644 index 00000000..9b2d4808 --- /dev/null +++ b/tools/config/elk-linux.yml @@ -0,0 +1,15 @@ +logsources: + apache: + category: webserver + index: logstash-apache-* + webapp-error: + category: application + index: logstash-apache_error-* + linux-auth: + product: linux + service: auth + index: logstash-auth-* +fieldmappings: + client_ip: clientip + url: request +defaultindex: logstash-* diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml new file mode 100644 index 00000000..a408123c --- /dev/null +++ b/tools/config/elk-windows.yml @@ -0,0 +1,30 @@ +logsources: + windows: + product: windows + index: logstash-windows-* + windows-application: + product: windows + service: application + conditions: + EventLog: Application + windows-security: + product: windows + service: security + conditions: + EventLog: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + EventLog: Microsoft-Windows-Sysmon + windows-dns-server: + product: windows + service: dns-server + conditions: + EventLog: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' +defaultindex: logstash-* diff --git a/tools/config/elk-winlogbeat-sp.yml b/tools/config/elk-winlogbeat-sp.yml new file mode 100644 index 00000000..f1abce0a --- /dev/null +++ b/tools/config/elk-winlogbeat-sp.yml @@ -0,0 +1,95 @@ +logsources: + windows: + product: windows + index: + + windows-application: + product: windows + service: application + conditions: + log_name: Application + windows-security: + product: windows + service: security + conditions: + log_name: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + log_name: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + log_name: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' +defaultindex: +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: + EventID: event_id + AccessMask: event_data.AccessMask + AccountName: event_data.AccountName + AllowedToDelegateTo: event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: event_data.AttributeLDAPDisplayName + AuditPolicyChanges: event_data.AuditPolicyChanges + AuthenticationPackageName: event_data.AuthenticationPackageName + CallingProcessName: event_data.CallingProcessName + CallTrace: event_data.CallTrace + CommandLine: event_data.CommandLine + ComputerName: event_data.ComputerName + CurrentDirectory: event_data.CurrentDirectory + Description: event_data.Description + DestinationHostname: event_data.DestinationHostname + DestinationIp: event_data.DestinationIp + DestinationIsIpv6: event_data.DestinationIsIpv6 + DestinationPort: event_data.DestinationPort + Details: event_data.Details + EngineVersion: event_data.EngineVersion + EventType: event_data.EventType + FailureCode: event_data.FailureCode + FileName: event_data.FileName + GrantedAccess: event_data.GrantedAccess + GroupName: event_data.GroupName + Hashes: event_data.Hashes + HiveName: event_data.HiveName + HostVersion: event_data.HostVersion + Image: event_data.Image + ImageLoaded: event_data.ImageLoaded + ImagePath: event_data.ImagePath + Imphash: event_data.Imphash + LogonProcessName: event_data.LogonProcessName + LogonType: event_data.LogonType + NewProcessName: event_data.NewProcessName + ObjectClass: event_data.ObjectClass + ObjectName: event_data.ObjectName + ObjectType: event_data.ObjectType + ObjectValueName: event_data.ObjectValueName + ParentCommandLine: event_data.ParentCommandLine + ParentImage: event_data.ParentImage + Path: event_data.Path + PipeName: event_data.PipeName + ProcessName: event_data.ProcessName + Properties: event_data.Properties + ServiceFileName: event_data.ServiceFileName + ServiceName: event_data.ServiceName + ShareName: event_data.ShareName + Signature: event_data.Signature + Source: event_data.Source + SourceImage: event_data.SourceImage + StartModule: event_data.StartModule + Status: event_data.Status + SubjectUserName: event_data.SubjectUserName + TargetFilename: event_data.TargetFilename + TargetImage: event_data.TargetImage + TargetObject: event_data.TargetObject + TicketEncryptionType: event_data.TicketEncryptionType + TicketOptions: event_data.TicketOptions + User: event_data.User + WorkstationName: event_data.WorkstationName diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml new file mode 100644 index 00000000..20bf500f --- /dev/null +++ b/tools/config/elk-winlogbeat.yml @@ -0,0 +1,94 @@ +logsources: + windows: + product: windows + index: winlogbeat-* + windows-application: + product: windows + service: application + conditions: + log_name: Application + windows-security: + product: windows + service: security + conditions: + log_name: Security + windows-sysmon: + product: windows + service: sysmon + conditions: + log_name: 'Microsoft-Windows-Sysmon/Operational' + windows-dns-server: + product: windows + service: dns-server + conditions: + log_name: 'DNS Server' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' +defaultindex: winlogbeat-* +# Extract all field names qith yq: +# yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' +# Keep EventID! Clean up the list afterwards! +fieldmappings: + EventID: event_id + AccessMask: event_data.AccessMask + AccountName: event_data.AccountName + AllowedToDelegateTo: event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: event_data.AttributeLDAPDisplayName + AuditPolicyChanges: event_data.AuditPolicyChanges + AuthenticationPackageName: event_data.AuthenticationPackageName + CallingProcessName: event_data.CallingProcessName + CallTrace: event_data.CallTrace + CommandLine: event_data.CommandLine + ComputerName: event_data.ComputerName + CurrentDirectory: event_data.CurrentDirectory + Description: event_data.Description + DestinationHostname: event_data.DestinationHostname + DestinationIp: event_data.DestinationIp + DestinationIsIpv6: event_data.DestinationIsIpv6 + DestinationPort: event_data.DestinationPort + Details: event_data.Details + EngineVersion: event_data.EngineVersion + EventType: event_data.EventType + FailureCode: event_data.FailureCode + FileName: event_data.FileName + GrantedAccess: event_data.GrantedAccess + GroupName: event_data.GroupName + Hashes: event_data.Hashes + HiveName: event_data.HiveName + HostVersion: event_data.HostVersion + Image: event_data.Image + ImageLoaded: event_data.ImageLoaded + ImagePath: event_data.ImagePath + Imphash: event_data.Imphash + LogonProcessName: event_data.LogonProcessName + LogonType: event_data.LogonType + NewProcessName: event_data.NewProcessName + ObjectClass: event_data.ObjectClass + ObjectName: event_data.ObjectName + ObjectType: event_data.ObjectType + ObjectValueName: event_data.ObjectValueName + ParentCommandLine: event_data.ParentCommandLine + ParentImage: event_data.ParentImage + Path: event_data.Path + PipeName: event_data.PipeName + ProcessName: event_data.ProcessName + Properties: event_data.Properties + ServiceFileName: event_data.ServiceFileName + ServiceName: event_data.ServiceName + ShareName: event_data.ShareName + Signature: event_data.Signature + Source: event_data.Source + SourceImage: event_data.SourceImage + StartModule: event_data.StartModule + Status: event_data.Status + SubjectUserName: event_data.SubjectUserName + TargetFilename: event_data.TargetFilename + TargetImage: event_data.TargetImage + TargetObject: event_data.TargetObject + TicketEncryptionType: event_data.TicketEncryptionType + TicketOptions: event_data.TicketOptions + User: event_data.User + WorkstationName: event_data.WorkstationName diff --git a/tools/config/filebeat-zeek-ecs.yml b/tools/config/filebeat-zeek-ecs.yml new file mode 100644 index 00000000..9000db4f --- /dev/null +++ b/tools/config/filebeat-zeek-ecs.yml @@ -0,0 +1,468 @@ +title: Zeek field mappings for default collection of JSON logs with no parsing/normalization done and sending into logstash-*index +order: 20 +backends: + - es-qs + - es-dsl + - elasticsearch-rule + - kibana + - xpack-watcher + - elastalert + - elastalert-dsl +logsources: + zeek: + product: zeek + index: 'logstash*' + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + conditions: + '@stream': conn + zeek-category-dns: + category: dns + conditions: + '@stream': dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + conditions: + '@stream': http + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + '@stream': conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + '@stream': conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + '@stream': dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + '@stream': dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + '@stream': dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + '@stream': dpd + zeek-files: + product: zeek + service: files + conditions: + '@stream': files + zeek-ftp: + product: zeek + service: ftp + conditions: + '@stream': ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + '@stream': gquic + zeek-http: + product: zeek + service: http + conditions: + '@stream': http + zeek-http2: + product: zeek + service: http2 + conditions: + '@stream': http2 + zeek-intel: + product: zeek + service: intel + conditions: + '@stream': intel + zeek-irc: + product: zeek + service: irc + conditions: + '@stream': irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + '@stream': kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + '@stream': known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + '@stream': known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + '@stream': known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + '@stream': known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + '@stream': modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + '@stream': modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + '@stream': mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + '@stream': mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + '@stream': mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + '@stream': mysql + zeek-notice: + product: zeek + service: notice + conditions: + '@stream': notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + '@stream': ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + '@stream': ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + '@stream': ocsp + zeek-pe: + product: zeek + service: pe + conditions: + '@stream': pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + '@stream': pop3 + zeek-radius: + product: zeek + service: radius + conditions: + '@stream': radius + zeek-rdp: + product: zeek + service: rdp + conditions: + '@stream': rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + '@stream': rfb + zeek-sip: + product: zeek + service: sip + conditions: + '@stream': sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + '@stream': smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + '@stream': smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + '@stream': smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + '@stream': smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + '@stream': snmp + zeek-socks: + product: zeek + service: socks + conditions: + '@stream': socks + zeek-software: + product: zeek + service: software + conditions: + '@stream': software + zeek-ssh: + product: zeek + service: ssh + conditions: + '@stream': ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + '@stream': ssl + zeek-tls: # In case people call it TLS even though orig log is called ssl + product: zeek + service: tls + conditions: + '@stream': ssl + zeek-syslog: + product: zeek + service: syslog + conditions: + '@stream': syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + '@stream': tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + '@stream': traceroute + zeek-weird: + product: zeek + service: weird + conditions: + '@stream': weird + zeek-x509: + product: zeek + service: x509 + conditions: + '@stream': x509 + zeek-ip_search: + product: zeek + service: network + conditions: + '@stream': + - conn + - conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +defaultindex: 'logstash-*' +fieldmappings: + # All Logs Applied Mapping & Taxonomy + dst_ip: id.resp_h + dst_port: id.resp_p + network_protocol: proto + src_ip: id.orig_h + src_port: id.orig_p + # DNS matching Taxonomy & DNS Category + answer: answers + #question_length: # Does not exist in open source version + record_type: qtype_name + #parent_domain: # Does not exist in open source version + # HTTP matching Taxonomy & Web/Proxy Category + cs-bytes: request_body_len + cs-cookie: cookie + r-dns: host + sc-bytes: response_body_len + sc-status: status_code + c-uri: uri + c-uri-extension: uri + c-uri-query: uri + c-uri-stem: uri + c-useragent: user_agent + cs-host: host + cs-method: method + cs-referrer: referrer + cs-version: version + # Temporary one off rule name fields + agent.version: version + c-cookie: cookie + c-ip: id.orig_h + cs-uri: uri + clientip: id.orig_h + clientIP: id.orig_h + dest_domain: + - query + - host + - server_name + dest_ip: id.resp_h + dest_port: id.resp_p + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + - query + - host + - server_name + DestinationAddress: + DestinationHostname: + - host + - query + - server_name + DestinationIp: id.resp_h + DestinationIP: id.resp_h + DestinationPort: id.resp_p + dst-ip: id.resp_h + dstip: id.resp_h + dstport: id.resp_p + Host: + - host + - query + - server_name + HostVersion: http.version + http_host: + - host + - query + - server_name + http_uri: uri + http_url: uri + http_user_agent: user_agent + http.request.url-query-params: uri + HttpMethod: method + in_url: uri + # parent_domain: # Not in open source zeek + post_url_parameter: uri + Request Url: uri + request_url: uri + request_URL: uri + RequestUrl: uri + #response: status_code + resource.url: uri + resource.URL: uri + sc_status: status_code + sender_domain: + - query + - server_name + service.response_code: status_code + source: id.orig_h + SourceAddr: id.orig_h + SourceAddress: id.orig_h + SourceIP: id.orig_h + SourceIp: id.orig_h + SourceNetworkAddress: id.orig_h + SourcePort: id.orig_p + srcip: id.orig_h + Status: status_code + status: status_code + url: uri + URL: uri + url_query: uri + url.query: uri + uri_path: uri + user_agent: user_agent + user_agent.name: user_agent + user-agent: user_agent + User-Agent: user_agent + useragent: user_agent + UserAgent: user_agent + User Agent: user_agent + web_dest: + - host + - query + - server_name + web.dest: + - host + - query + - server_name + Web.dest: + - host + - query + - server_name + web.host: + - host + - query + - server_name + Web.host: + - host + - query + - server_name + web_method: method + Web_method: method + web.method: method + Web.method: method + web_src: id.orig_h + web_status: status_code + Web_status: status_code + web.status: status_code + Web.status: status_code + web_uri: uri + web_url: uri + # Most are in ECS, but for things not using Elastic - these need renamed + destination.ip: id.resp_h + destination.port: id.resp_p + http.request.body.content: post_body + #source.domain: + source.ip: id.orig_h + source.port: id.orig_p \ No newline at end of file diff --git a/tools/config/humio.yml b/tools/config/humio.yml new file mode 100644 index 00000000..dce843f8 --- /dev/null +++ b/tools/config/humio.yml @@ -0,0 +1,625 @@ +title: Humio log source conditions +order: 20 +backends: + - humio +logsources: + zeek: + product: zeek + zeek-category-accounting: + category: accounting + rewrite: + product: zeek + service: syslog + zeek-category-firewall: + category: firewall + rewrite: + product: zeek + service: conn + zeek-category-dns: + category: dns + rewrite: + product: zeek + service: dns + zeek-category-proxy: + category: proxy + rewrite: + product: zeek + service: http + zeek-category-webserver: + category: webserver + rewrite: + product: zeek + service: http + zeek-conn: + product: zeek + service: conn + conditions: + '@stream': conn + zeek-conn_long: + product: zeek + service: conn_long + conditions: + '@stream': conn_long + zeek-dce_rpc: + product: zeek + service: dce_rpc + conditions: + '@stream': dce_rpc + zeek-dns: + product: zeek + service: dns + conditions: + '@stream': dns + zeek-dnp3: + product: zeek + service: dnp3 + conditions: + '@stream': dnp3 + zeek-dpd: + product: zeek + service: dpd + conditions: + '@stream': dpd + zeek-files: + product: zeek + service: files + conditions: + '@stream': files + zeek-ftp: + product: zeek + service: ftp + conditions: + '@stream': ftp + zeek-gquic: + product: zeek + service: gquic + conditions: + '@stream': gquic + zeek-http: + product: zeek + service: http + conditions: + '@stream': http + zeek-http2: + product: zeek + service: http2 + conditions: + '@stream': http2 + zeek-intel: + product: zeek + service: intel + conditions: + '@stream': intel + zeek-irc: + product: zeek + service: irc + conditions: + '@stream': irc + zeek-kerberos: + product: zeek + service: kerberos + conditions: + '@stream': kerberos + zeek-known_certs: + product: zeek + service: known_certs + conditions: + '@stream': known_certs + zeek-known_hosts: + product: zeek + service: known_hosts + conditions: + '@stream': known_hosts + zeek-known_modbus: + product: zeek + service: known_modbus + conditions: + '@stream': known_modbus + zeek-known_services: + product: zeek + service: known_services + conditions: + '@stream': known_services + zeek-modbus: + product: zeek + service: modbus + conditions: + '@stream': modbus + zeek-modbus_register_change: + product: zeek + service: modbus_register_change + conditions: + '@stream': modbus_register_change + zeek-mqtt_connect: + product: zeek + service: mqtt_connect + conditions: + '@stream': mqtt_connect + zeek-mqtt_publish: + product: zeek + service: mqtt_publish + conditions: + '@stream': mqtt_publish + zeek-mqtt_subscribe: + product: zeek + service: mqtt_subscribe + conditions: + '@stream': mqtt_subscribe + zeek-mysql: + product: zeek + service: mysql + conditions: + '@stream': mysql + zeek-notice: + product: zeek + service: notice + conditions: + '@stream': notice + zeek-ntlm: + product: zeek + service: ntlm + conditions: + '@stream': ntlm + zeek-ntp: + product: zeek + service: ntp + conditions: + '@stream': ntp + zeek-ocsp: + product: zeek + service: ntp + conditions: + '@stream': ocsp + zeek-pe: + product: zeek + service: pe + conditions: + '@stream': pe + zeek-pop3: + product: zeek + service: pop3 + conditions: + '@stream': pop3 + zeek-radius: + product: zeek + service: radius + conditions: + '@stream': radius + zeek-rdp: + product: zeek + service: rdp + conditions: + '@stream': rdp + zeek-rfb: + product: zeek + service: rfb + conditions: + '@stream': rfb + zeek-sip: + product: zeek + service: sip + conditions: + '@stream': sip + zeek-smb_files: + product: zeek + service: smb_files + conditions: + '@stream': smb_files + zeek-smb_mapping: + product: zeek + service: smb_mapping + conditions: + '@stream': smb_mapping + zeek-smtp: + product: zeek + service: smtp + conditions: + '@stream': smtp + zeek-smtp_links: + product: zeek + service: smtp_links + conditions: + '@stream': smtp_links + zeek-snmp: + product: zeek + service: snmp + conditions: + '@stream': snmp + zeek-socks: + product: zeek + service: socks + conditions: + '@stream': socks + zeek-software: + product: zeek + service: software + conditions: + '@stream': software + zeek-ssh: + product: zeek + service: ssh + conditions: + '@stream': ssh + zeek-ssl: + product: zeek + service: ssl + conditions: + '@stream': ssl + zeek-tls: # In case people call it TLS even though orig log is called ssl + product: zeek + service: tls + conditions: + '@stream': ssl + zeek-syslog: + product: zeek + service: syslog + conditions: + '@stream': syslog + zeek-tunnel: + product: zeek + service: tunnel + conditions: + '@stream': tunnel + zeek-traceroute: + product: zeek + service: traceroute + conditions: + '@stream': traceroute + zeek-weird: + product: zeek + service: weird + conditions: + '@stream': weird + zeek-x509: + product: zeek + service: x509 + conditions: + '@stream': x509 + zeek-ip_search: + product: zeek + service: network + conditions: + '@stream': + - conn + - conn_long + - dce_rpc + - dhcp + - dnp3 + - dns + - ftp + - gquic + - http + - irc + - kerberos + - modbus + - mqtt_connect + - mqtt_publish + - mqtt_subscribe + - mysql + - ntlm + - ntp + - radius + - rfb + - sip + - smb_files + - smb_mapping + - smtp + - smtp_links + - snmp + - socks + - ssh + - tls #SSL + - tunnel + - weird +fieldmappings: + # Deep mappings Taxonomy for overall/general fields + dst_ip: + product=windows: winlog.event_data.DestinationIp + product=zeek: id.resp_h + src_ip: + product=windows: winlog.event_data.SourceIp + product=zeek: id.orig_h + dst_port: + product=windows: winlog.event_data.DestinationPort + product=zeek: id.resp_p + src_port: + product=windows: winlog.event_data.SourcePort + product=zeek: id.orig_p + network_protocol: + product=zeek: proto + # Deep mappings Taxonomy for DNS Category and DNS service + answer: + product=zeek: answers + #question_length: # product=zeek: # Does not exist in open source version + record_type: + product=zeek: qtype_name + #parent_domain: #product=zeek: # Does not exist in open source version + # Deep mappings Taxonomy for HTTP, Webserver category, and Proxy category + cs-bytes: + product=zeek: request_body_len + cs-cookie: + product=zeek: cookie + r-dns: + product=zeek: host + sc-bytes: + product=zeek: response_body_len + sc-status: + product=zeek: status_code + c-uri: + product=zeek: uri + c-uri-extension: + product=zeek: uri + c-uri-query: + product=zeek: uri + c-uri-stem: + product=zeek: uri + c-useragent: + product=zeek: user_agent + cs-host: + product=zeek: host + cs-method: + product=zeek: method + cs-referrer: + product=zeek: referrer + cs-version: + product=zeek: version + # Windows / WEF / Winlogbeat + EventID: winlog.event_id + Event_ID: winlog.event_id + eventId: winlog.event_id + event_id: winlog.event_id + event-id: winlog.event_id + eventid: winlog.event_id + AccessMask: winlog.event_data.AccessMask + AccountName: winlog.event_data.AccountName + AllowedToDelegateTo: winlog.event_data.AllowedToDelegateTo + AttributeLDAPDisplayName: winlog.event_data.AttributeLDAPDisplayName + AuditPolicyChanges: winlog.event_data.AuditPolicyChanges + AuthenticationPackageName: winlog.event_data.AuthenticationPackageName + CallingProcessName: winlog.event_data.CallingProcessName + CallTrace: winlog.event_data.CallTrace + Channel: winlog.channel + CommandLine: winlog.event_data.CommandLine + ComputerName: winlog.ComputerName + CurrentDirectory: winlog.event_data.CurrentDirectory + Description: winlog.event_data.Description + DestinationHostname: winlog.event_data.DestinationHostname + DestinationIp: winlog.event_data.DestinationIp + DestinationIsIpv6: winlog.event_data.DestinationIsIpv6 + DestinationPort: winlog.event_data.DestinationPort + Details: winlog.event_data.Details + EngineVersion: winlog.event_data.EngineVersion + EventType: winlog.event_data.EventType + FailureCode: winlog.event_data.FailureCode + FileName: winlog.event_data.FileName + GrantedAccess: winlog.event_data.GrantedAccess + GroupName: winlog.event_data.GroupName + GroupSid: winlog.event_data.GroupSid + Hashes: winlog.event_data.Hashes + HiveName: winlog.event_data.HiveName + HostVersion: winlog.event_data.HostVersion + Image: winlog.event_data.Image + ImageLoaded: winlog.event_data.ImageLoaded + ImagePath: winlog.event_data.ImagePath + Imphash: winlog.event_data.Imphash + IpAddress: winlog.event_data.IpAddress + KeyLength: winlog.event_data.KeyLength + LogonProcessName: winlog.event_data.LogonProcessName + LogonType: winlog.event_data.LogonType + NewProcessName: winlog.event_data.NewProcessName + ObjectClass: winlog.event_data.ObjectClass + ObjectName: winlog.event_data.ObjectName + ObjectType: winlog.event_data.ObjectType + ObjectValueName: winlog.event_data.ObjectValueName + ParentCommandLine: winlog.event_data.ParentCommandLine + ParentProcessName: winlog.event_data.ParentProcessName + ParentImage: winlog.event_data.ParentImage + Path: winlog.event_data.Path + PipeName: winlog.event_data.PipeName + ProcessCommandLine: winlog.event_data.ProcessCommandLine + ProcessName: winlog.event_data.ProcessName + Properties: winlog.event_data.Properties + SecurityID: winlog.event_data.SecurityID + ServiceFileName: winlog.event_data.ServiceFileName + ServiceName: winlog.event_data.ServiceName + ShareName: winlog.event_data.ShareName + Signature: winlog.event_data.Signature + Source: winlog.event_data.Source + SourceImage: winlog.event_data.SourceImage + SourceIp: winlog.event_data.SourceIp + StartModule: winlog.event_data.StartModule + Status: winlog.event_data.Status + SubjectUserName: winlog.event_data.SubjectUserName + SubjectUserSid: winlog.event_data.SubjectUserSid + TargetFilename: winlog.event_data.TargetFilename + Targetfilename: winlog.event_data.TargetFilename + TargetImage: winlog.event_data.TargetImage + TargetObject: winlog.event_data.TargetObject + TicketEncryptionType: winlog.event_data.TicketEncryptionType + TicketOptions: winlog.event_data.TicketOptions + User: winlog.event_data.User + WorkstationName: winlog.event_data.WorkstationName + # Channel: WLAN-Autoconfig AND EventID: 8001 + AuthenticationAlgorithm: winlog.event_data.AuthenticationAlgorithm + BSSID: winlog.event_data.BSSID + BSSType: winlog.event_data.BSSType + CipherAlgorithm: winlog.event_data.CipherAlgorithm + ConnectionId: winlog.event_data.ConnectionId + ConnectionMode: winlog.event_data.ConnectionMode + InterfaceDescription: winlog.event_data.InterfaceDescription + InterfaceGuid: winlog.event_data.InterfaceGuid + OnexEnabled: winlog.event_data.OnexEnabled + PHYType: winlog.event_data.PHYType + ProfileName: winlog.event_data.ProfileName + SSID: winlog.event_data.SSID + # Zeek Deep Mappings + # Temporary one off rule name fields + agent.version: + product=zeek: version + c-cookie: + product=zeek: cookie + c-ip: + product=zeek: id.orig_h + cs-uri: + product=zeek: uri + clientip: + product=zeek: id.orig_h + clientIP: + product=zeek: id.orig_h + dest_domain: + product=zeek: host + #- query + #- server_name + dest_ip: + product=zeek: id.resp_h + dest_port: + product=zeek: id.resp_p + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + product=zeek: host + #- query + #- server_name + DestinationAddress: + product=zeek: id.resp_h + dst-ip: + product=zeek: id.resp_h + dstip: + product=zeek: id.resp_h + dstport: + product=zeek: id.resp_p + Host: + product=zeek: host + #- query + #- server_name + http_host: + product=zeek: host + #- query + #- server_name + http_uri: + product=zeek: uri + http_url: + product=zeek: uri + http_user_agent: + product=zeek: user_agent + http.request.url-query-params: + product=zeek: uri + HttpMethod: + product=zeek: method + in_url: + product=zeek: uri + post_url_parameter: + product=zeek: uri + Request Url: + product=zeek: uri + request_url: + product=zeek: uri + request_URL: + product=zeek: uri + RequestUrl: + product=zeek: uri + response: + product=zeek: status_code + resource.url: + product=zeek: uri + resource.URL: + product=zeek: uri + sc_status: + product=zeek: status_code + service.response_code: + product=zeek: status_code + source: + product=zeek: id.orig_h + SourceAddr: + product=zeek: id.orig_h + SourceAddress: + product=zeek: id.orig_h + SourceIP: + product=zeek: id.orig_h + SourceNetworkAddress: + product=zeek: id.orig_h + SourcePort: + product=zeek: id.orig_p + srcip: + product=zeek: id.orig_h + status: + product=zeek: status_code + url: + product=zeek: uri + URL: + product=zeek: uri + url_query: + product=zeek: uri + url.query: + product=zeek: uri + uri_path: + product=zeek: uri + user_agent: + product=zeek: user_agent + user_agent.name: + product=zeek: user_agent + user-agent: + product=zeek: user_agent + User-Agent: + product=zeek: user_agent + useragent: + product=zeek: user_agent + UserAgent: + product=zeek: user_agent + User Agent: + product=zeek: user_agent + web_dest: + product=zeek: host + #- query + #- server_name + web.dest: + product=zeek: host + #- query + #- server_name + Web.dest: + product=zeek: host + #- query + #- server_name + web.host: + product=zeek: host + #- query + #- server_name + Web.host: + product=zeek: host + #- query + #- server_name + web_method: + product=zeek: method + Web_method: + product=zeek: method + web.method: + product=zeek: method + Web.method: + product=zeek: method + web_src: + product=zeek: id.orig_h + web_status: + product=zeek: status_code + Web_status: + product=zeek: status_code + web.status: + product=zeek: status_code + Web.status: + product=zeek: status_code + web_uri: + product=zeek: uri + web_url: + product=zeek: uri + # Already + destination.ip: + product=zeek: id.resp_h + destination.port: + product=zeek: id.resp_p + http.request.body.content: + product=zeek: post_body + #source.domain: + source.ip: + product=zeek: id.orig_h + source.port: + product=zeek: id.orig_p diff --git a/tools/config/logstash-zeek-default-json.yml b/tools/config/logstash-zeek-default-json.yml index 7f5f16ff..6915fe14 100644 --- a/tools/config/logstash-zeek-default-json.yml +++ b/tools/config/logstash-zeek-default-json.yml @@ -363,4 +363,111 @@ fieldmappings: - host - server_name dest_ip: id.resp_h - dest_port: id.resp_p \ No newline at end of file + dest_port: id.resp_p + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + - query + - host + - server_name + DestinationAddress: id.resp_h + DestinationHostname: + - host + - query + - server_name + DestinationIp: id.resp_h + DestinationIP: id.resp_h + DestinationPort: id.resp_p + dst-ip: id.resp_h + dstip: id.resp_h + dstport: id.resp_p + Host: + - host + - query + - server_name + HostVersion: http.version + http_host: + - host + - query + - server_name + http_uri: uri + http_url: uri + http_user_agent: user_agent + http.request.url-query-params: uri + HttpMethod: method + in_url: uri + # parent_domain: # Not in open source zeek + post_url_parameter: uri + Request Url: uri + request_url: uri + request_URL: uri + RequestUrl: uri + #response: status_code + resource.url: uri + resource.URL: uri + sc_status: status_code + sender_domain: + - query + - server_name + service.response_code: status_code + source: id.orig_h + SourceAddr: id.orig_h + SourceAddress: id.orig_h + SourceIP: id.orig_h + SourceIp: id.orig_h + SourceNetworkAddress: id.orig_h + SourcePort: id.orig_p + srcip: id.orig_h + Status: status_code + status: status_code + url: uri + URL: uri + url_query: uri + url.query: uri + uri_path: uri + user_agent: user_agent + user_agent.name: user_agent + user-agent: user_agent + User-Agent: user_agent + useragent: user_agent + UserAgent: user_agent + User Agent: user_agent + web_dest: + - host + - query + - server_name + web.dest: + - host + - query + - server_name + Web.dest: + - host + - query + - server_name + web.host: + - host + - query + - server_name + Web.host: + - host + - query + - server_name + web_method: method + Web_method: method + web.method: method + Web.method: method + web_src: id.orig_h + web_status: status_code + Web_status: status_code + web.status: status_code + Web.status: status_code + web_uri: uri + web_url: uri + # Most are in ECS, but for things not using Elastic - these need renamed + destination.ip: id.resp_h + destination.port: id.resp_p + http.request.body.content: post_body + #source.domain: + source.ip: id.orig_h + source.port: id.orig_p diff --git a/tools/config/powershell-windows-all.yml b/tools/config/powershell-windows-all.yml new file mode 100644 index 00000000..8464ade0 --- /dev/null +++ b/tools/config/powershell-windows-all.yml @@ -0,0 +1,62 @@ +logsources: + windows-application: + product: windows + service: application + conditions: + LogName: 'Application' + windows-security: + product: windows + service: security + conditions: + LogName: 'Security' + windows-system: + product: windows + service: system + conditions: + LogName: 'System' + windows-sysmon: + product: windows + service: sysmon + conditions: + LogName: 'Microsoft-Windows-Sysmon/Operational' + windows-powershell: + product: windows + service: powershell + conditions: + LogName: 'Microsoft-Windows-PowerShell/Operational' + windows-classicpowershell: + product: windows + service: powershell-classic + conditions: + LogName: 'Windows PowerShell' + windows-taskscheduler: + product: windows + service: taskscheduler + conditions: + LogName: 'Microsoft-Windows-TaskScheduler/Operational' + windows-wmi: + product: windows + service: wmi + conditions: + LogName: 'Microsoft-Windows-WMI-Activity/Operational' + windows-dns-server: + product: windows + service: dns-server + category: dns + conditions: + LogName: 'DNS Server' + windows-dns-server-audit: + product: windows + service: dns-server-audit + conditions: + LogName: 'Microsoft-Windows-DNS-Server/Audit' + windows-driver-framework: + product: windows + service: driver-framework + conditions: + LogName: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + LogName: 'Microsoft-Windows-NTLM/Operational' diff --git a/tools/config/qradar.yml b/tools/config/qradar.yml index 1768f96b..428a73cf 100644 --- a/tools/config/qradar.yml +++ b/tools/config/qradar.yml @@ -1,52 +1,98 @@ title: QRadar backends: - - qradar + - qradar order: 20 logsources: - apache: - product: apache - conditions: - LOGSOURCETYPENAME(devicetype): ilike '%apache%' - - windows: - product: windows - conditions: - LOGSOURCETYPENAME(devicetype): 'Microsoft Windows Security Event Log' - - qflow: - product: qflow - index: flows - - netflow: - product: netflow - index: flows - - ipfix: - product: ipfix - index: flows - - flow: - category: flow - index: flows - + apache: + product: apache + index: apache + conditions: + LOGSOURCETYPENAME(devicetype): '*apache*' + windows: + product: windows + index: windows + conditions: + LOGSOURCETYPENAME(devicetype): '*Microsoft Windows Security Event Log*' + qflow: + product: qflow + index: flows + netflow: + product: netflow + index: flows + ipfix: + product: ipfix + index: flows + flow: + category: flow + index: flows fieldmappings: - EventID: - - Event ID Code - dst: - - destinationIP - dst_ip: - - destinationIP - src: - - sourceIP - src_ip: - - sourceIP - c-ip: sourceIP - cs-ip: sourceIP - c-uri: url - c-uri-extension: file_extension - c-useragent: user_agent - c-uri-query: uri_query - cs-method: Method - r-dns: FQDN - ClientIP: sourceIP - ServiceFileName: Service Name + event_id: EventID + EventID: EventID + dst: destinationip + dst_ip: destinationip + src: sourceip + src_ip: sourceip + c-ip: sourceip + cs-ip: sourceip + c-uri: URL + c-uri-extension: URL + c-useragent: user_agent + c-uri-query: uri_query + cs-method: Method + r-dns: FQDN + ClientIP: sourceip + ServiceFileName: ServiceFileName + event_data.CommandLine: Process CommandLine + CommandLine: Process CommandLine + file_hash: File Hash + hash: File Hash + #Message: search_payload + Event-ID: EventID + Event_ID: EventID + eventId: EventID + event-id: EventID + eventid: EventID + hashes: File Hash + url.query: URL + resource.URL: URL + event_data.CallingProcessName: CallingProcessName + event_data.ComputerName: Hostname/HOSTNAME + ComputerName: Hostname/HOSTNAME + event_data.DestinationHostname: Hostname/HOSTNAME + DestinationHostname: Hostname/HOSTNAME + event_data.DestinationIp: destinationip + event_data.DestinationPort: destinationip + event_data.Details: Target Details + Details: Target Details + event_data.FileName: Filename + event_data.Hashes: File Hash + Hashes: File Hash + event_data.Image: Image + event_data.ImageLoaded: LoadedImage + event_data.ImagePath: SourceImage + ImagePath: Image + event_data.Imphash: IMP Hash + Imphash: IMP Hash + event_data.ParentCommandLine: ParentCommandLine + event_data.ParentImage: ParentImage + event_data.ParentProcessName: ParentImageName + event_data.Path: File Path + Path: File Path + event_data.PipeName: PipeName + event_data.ProcessCommandLine: Process CommandLine + ProcessCommandLine: Process CommandLine + event_data.ServiceFileName: ServiceFileName + event_data.ShareName: ShareName + event_data.Signature: Signature + event_data.SourceImage: SourceImage + event_data.StartModule: StartModule + event_data.SubjectUserName: username + event_data.SubjectUserSid: SubjectUserSid + event_data.TargetFilename: Filename + TargetFilename: Filename + event_data.TargetImage: TargetImage + TargetImage: TargetImage + event_data.TicketOptions: TicketOptions + event_data.User: username + User: username + user: username \ No newline at end of file diff --git a/tools/config/splunk-zeek.yml b/tools/config/splunk-zeek.yml index c126b633..1cefcca7 100644 --- a/tools/config/splunk-zeek.yml +++ b/tools/config/splunk-zeek.yml @@ -343,4 +343,127 @@ fieldmappings: id_orig_h: id.orig_h id_orig_p: id.orig_p id_resp_h: id.resp_h - id_resp_p: id.resp_p \ No newline at end of file + id_resp_p: id.resp_p + # Temporary one off rule name fields + agent.version: version + c-cookie: cookie + c-ip: id.orig_h + cs-uri: uri + clientip: id.orig_h + clientIP: id.orig_h + dest_domain: + - query + - host + - server_name + dest_ip: id.resp_h + dest_port: id.resp_p + #TODO:WhatShouldThisBe?==dest: + #TODO:WhatShouldThisBe?==destination: + #TODO:WhatShouldThisBe?==Destination: + destination.hostname: + - query + - host + - server_name + DestinationAddress: id.resp_h + DestinationHostname: + - host + - query + - server_name + DestinationIp: id.resp_h + DestinationIP: id.resp_h + DestinationPort: id.resp_p + dst-ip: id.resp_h + dstip: id.resp_h + dstport: id.resp_p + Host: + - host + - query + - server_name + HostVersion: http.version + http_host: + - host + - query + - server_name + http_uri: uri + http_url: uri + http_user_agent: user_agent + http.request.url-query-params: uri + HttpMethod: method + in_url: uri + # parent_domain: # Not in open source zeek + post_url_parameter: uri + Request Url: uri + request_url: uri + request_URL: uri + RequestUrl: uri + #response: status_code + resource.url: uri + resource.URL: uri + sc_status: status_code + sender_domain: + - query + - server_name + service.response_code: status_code + source: id.orig_h + SourceAddr: id.orig_h + SourceAddress: id.orig_h + SourceIP: id.orig_h + SourceIp: id.orig_h + SourceNetworkAddress: id.orig_h + SourcePort: id.orig_p + srcip: id.orig_h + Status: status_code + status: status_code + url: uri + URL: uri + url_query: uri + url.query: uri + uri_path: uri + user_agent: user_agent + user_agent.name: user_agent + user-agent: user_agent + User-Agent: user_agent + useragent: user_agent + UserAgent: user_agent + User Agent: user_agent + web_dest: + - host + - query + - server_name + web.dest: + - host + - query + - server_name + Web.dest: + - host + - query + - server_name + web.host: + - host + - query + - server_name + Web.host: + - host + - query + - server_name + web_method: method + Web_method: method + web.method: method + Web.method: method + web_src: id.orig_h + web_status: status_code + Web_status: status_code + web.status: status_code + Web.status: status_code + web_uri: uri + web_url: uri + # Most are in ECS, but for things not using Elastic - these need renamed + destination.ip: id.resp_h + destination.port: id.resp_p + http.request.body.content: post_body + source.domain: + - host + - query + - server_name + source.ip: id.orig_h + source.port: id.orig_p diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 2acf480e..69954e22 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -60,8 +60,7 @@ fieldmappings: CallTrace: winlog.event_data.CallTrace Channel: winlog.channel CommandLine: process.args - ComputerName: winlog.computer_name - ContextInfo: winlog.event_data.ContextInfo + ComputerName: winlog.ComputerName CurrentDirectory: process.working_directory Description: winlog.event_data.Description DestinationHostname: destination.domain @@ -84,6 +83,7 @@ fieldmappings: - group.id - winlog.event_data.GroupSid Hashes: winlog.event_data.Hashes + file_hash: winlog.event_data.Hashes HiveName: winlog.event_data.HiveName HostVersion: winlog.event_data.HostVersion Image: process.executable @@ -95,7 +95,6 @@ fieldmappings: KeyLength: winlog.event_data.KeyLength LogonProcessName: winlog.event_data.LogonProcessName LogonType: winlog.event_data.LogonType - Message: winlog.event_data.Message NewProcessName: winlog.event_data.NewProcessName ObjectClass: winlog.event_data.ObjectClass ObjectName: winlog.event_data.ObjectName diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index f840408b..ce0124fd 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -59,8 +59,7 @@ fieldmappings: CallTrace: event_data.CallTrace Channel: winlog.channel CommandLine: event_data.CommandLine - ComputerName: computer_name - ContextInfo: event_data.ContextInfo + ComputerName: event_data.ComputerName CurrentDirectory: event_data.CurrentDirectory Description: event_data.Description DestinationHostname: event_data.DestinationHostname @@ -86,7 +85,6 @@ fieldmappings: KeyLength: event_data.KeyLength LogonProcessName: event_data.LogonProcessName LogonType: event_data.LogonType - Message: event_data.Message NewProcessName: event_data.NewProcessName ObjectClass: event_data.ObjectClass ObjectName: event_data.ObjectName diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 91921ff6..2171cef0 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -59,8 +59,7 @@ fieldmappings: CallTrace: winlog.event_data.CallTrace Channel: winlog.channel CommandLine: winlog.event_data.CommandLine - ComputerName: winlog.computer_name - ContextInfo: winlog.event_data.ContextInfo + ComputerName: winlog.ComputerName CurrentDirectory: winlog.event_data.CurrentDirectory Description: winlog.event_data.Description DestinationHostname: winlog.event_data.DestinationHostname @@ -88,7 +87,6 @@ fieldmappings: KeyLength: winlog.event_data.KeyLength LogonProcessName: winlog.event_data.LogonProcessName LogonType: winlog.event_data.LogonType - Message: winlog.event_data.Message NewProcessName: winlog.event_data.NewProcessName ObjectClass: winlog.event_data.ObjectClass ObjectName: winlog.event_data.ObjectName @@ -137,4 +135,4 @@ fieldmappings: OnexEnabled: winlog.event_data.OnexEnabled PHYType: winlog.event_data.PHYType ProfileName: winlog.event_data.ProfileName - SSID: winlog.event_data.SSID \ No newline at end of file + SSID: winlog.event_data.SSID diff --git a/tools/sigma/backends/ala.py b/tools/sigma/backends/ala.py index ea5fd950..bffd4ebf 100644 --- a/tools/sigma/backends/ala.py +++ b/tools/sigma/backends/ala.py @@ -13,22 +13,49 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . - -import re, json +import os +import sys +import re +import json import xml.etree.ElementTree as xml -from ..config.mapping import ( +from sigma.config.mapping import ( SimpleFieldMapping, MultiFieldMapping, ConditionalFieldMapping ) -from ..parser.condition import SigmaAggregationParser -from ..parser.exceptions import SigmaParseError -from ..parser.modifiers.type import SigmaRegularExpressionModifier -from .base import SingleTextQueryBackend +from sigma.parser.condition import SigmaAggregationParser + +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier +from sigma.backends.base import SingleTextQueryBackend + +from sigma.parser.modifiers.base import SigmaTypeModifier +from sigma.parser.modifiers.transform import SigmaContainsModifier, SigmaStartswithModifier, SigmaEndswithModifier from .data import sysmon_schema from .exceptions import NotSupportedError -class AzureLogAnalyticsBackend(SingleTextQueryBackend): +class DeepFieldMappingMixin(object): + + def fieldNameMapping(self, fieldname, value): + if isinstance(fieldname, str): + get_config = self.sigmaconfig.fieldmappings.get(fieldname) + if not get_config and '|' in fieldname: + fieldname = fieldname.split('|', 1)[0] + get_config = self.sigmaconfig.fieldmappings.get(fieldname) + if isinstance(get_config, ConditionalFieldMapping): + condition = self.sigmaconfig.fieldmappings.get(fieldname).conditions + for key, item in self.logsource.items(): + if condition.get(key) and condition.get(key, {}).get(item): + new_fieldname = condition.get(key, {}).get(item) + if any(new_fieldname): + return super().fieldNameMapping(new_fieldname[0], value) + return super().fieldNameMapping(fieldname, value) + + + def generate(self, sigmaparser): + self.logsource = sigmaparser.parsedyaml.get("logsource", {}) + return super().generate(sigmaparser) + +class AzureLogAnalyticsBackend(DeepFieldMappingMixin, SingleTextQueryBackend): """Converts Sigma rule into Azure Log Analytics Queries.""" identifier = "ala" active = True @@ -43,8 +70,7 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): ) config_required = False - reEscape = re.compile('("|(?', val) val = re.sub('\\*', '.*', val) + if "\\" in val: + return "%s \"(?i)%s\"" % (op, val) + return "%s \"(?i)%s\"" % (op, val) + elif val.startswith("*") or val.endswith("*"): + op = "contains" + val = re.sub('([".^$]|(?![*?]))', '\g<1>', val) + val = re.sub('\\*', '', val) val = re.sub('\\?', '.', val) - if "\\" in val: - return "%s @\"%s\"" % (op, val) - else: # value possibly only starts and/or ends with *, use prefix/postfix match - if val.endswith("*") and val.startswith("*"): - op = "contains" - val = self.cleanValue(val[1:-1]) - elif val.endswith("*"): - op = "startswith" - val = self.cleanValue(val[:-1]) - elif val.startswith("*"): - op = "endswith" - val = self.cleanValue(val[1:]) - - if "\\" in val: - return "%s @\"%s\"" % (op, val) - + # if "\\" in val: + # return "%s @\"%s\"" % (op, val) + return "%s \"%s\"" % (op, val) + # elif "\\" in val: + # return "%s @\"%s\"" % (op, val) return "%s \"%s\"" % (op, val) def generate(self, sigmaparser): self.table = None - try: - self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) - self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None) - self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None) - except KeyError: - self.category = None - self.product = None - self.service = None + self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) + self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None) + self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None) detection = sigmaparser.parsedyaml.get("detection", {}) - is_parent_cmd = False if "keywords" in detection.keys(): return super().generate(sigmaparser) - if self.category == "process_creation": - self.table = "SysmonEvent" + self.table = "SecurityEvent" self.eventid = "1" elif self.service == "security": self.table = "SecurityEvent" @@ -154,6 +167,12 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): self.table = "SysmonEvent" elif self.service == "powershell": self.table = "Event" + elif self.service == "office365": + self.table = "OfficeActivity" + elif self.service == "azuread": + self.table = "AuditLogs" + elif self.service == "azureactivity": + self.table = "AzureActivity" else: if self.service: if "-" in self.service: @@ -181,8 +200,8 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): elif self.sysmon: parse_string = self.map_sysmon_schema(self.eventid) before = "%s | parse EventData with * %s | where " % (self.table, parse_string) - elif self.category == "process_creation" and not self._has_logsource_event_cond: - before = "%s | where EventID == \"%s\" | where " % (self.table, self.eventid) + # elif self.category == "process_creation" and not self._has_logsource_event_cond: + # before = "%s | where EventID == \"%s\" | where " % (self.table, self.eventid) else: before = "%s | where " % self.table return before @@ -193,6 +212,7 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): and creates an appropriate table reference. """ key, value = node + key = self.fieldNameMapping(key, value) if type(value) == list: # handle map items with values list like multiple OR-chained conditions return "(" + self.generateORNode( [(key, v) for v in value] @@ -207,17 +227,26 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): self.table = "SecurityEvent" elif self.service == "system": self.table = "Event" - elif type(value) in (str, int): # default value processing - mapping = (key, self.default_value_mapping) + return self.mapExpression % (key, value) + elif type(value) in [SigmaTypeModifier, SigmaContainsModifier, SigmaRegularExpressionModifier, SigmaStartswithModifier, SigmaEndswithModifier]: + return self.generateMapItemTypedNode(key, value) + elif type(value) in (str, int): # default value processing' + #default_filters = ["endswith", "contains", "startswith", "re"] + # if any([item for item in default_filters if item in key]): + # key = re.sub(key, default_filters, "") + # return self.regexExpression % (key, self.cleanValue(value)) + # else: + # value_mapping = self.default_value_mapping + value_mapping = self.default_value_mapping + mapping = (key, value_mapping) if len(mapping) == 1: mapping = mapping[0] if type(mapping) == str: return mapping elif callable(mapping): - conds = mapping(key, value) return self.generateSubexpressionNode( self.generateANDNode( - [cond for cond in mapping(key, value)] + [cond for cond in mapping(key, self.cleanValue(value))] ) ) elif len(mapping) == 2: @@ -226,12 +255,29 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): if type(mapitem) == str: result.append(mapitem) elif callable(mapitem): - result.append(mapitem(val)) + result.append(mapitem(self.cleanValue(val))) return "{} {}".format(*result) else: raise TypeError("Backend does not support map values of type " + str(type(value))) + elif type(value) == list: + return self.generateMapItemListNode(key, value) - return super().generateMapItemNode(node) + elif value is None: + return self.nullExpression % (key, ) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + + def generateMapItemTypedNode(self, fieldname, value): + return "%s %s" % (fieldname, self.generateTypedValueNode(value)) + + def generateTypedValueNode(self, node): + try: + val = str(node) + if "*" in val: + val = re.sub('\\*', '.*', val) + return self.typedValueExpression[type(node)] % (val) + except KeyError: + raise NotImplementedError("Type modifier '{}' is not supported by backend".format(node.identifier)) def generateAggregation(self, agg): if agg is None: @@ -269,36 +315,6 @@ class AzureLogAnalyticsBackend(SingleTextQueryBackend): ) ) - def generateAfter(self, parsed): - del parsed - if self._fields: - all_fields = list(self._fields) - if self._agg_var: - all_fields = set(all_fields + [self._agg_var]) - project_fields = self._map_fields(all_fields) - project_list = ", ".join(str(fld) for fld in set(project_fields)) - return " | project " + project_list - return "" - - def _map_fields(self, fields): - for field in fields: - mapped_field = self._map_field(field) - if isinstance(mapped_field, str): - yield mapped_field - elif isinstance(mapped_field, list): - for subfield in mapped_field: - yield subfield - - def _map_field(self, fieldname): - mapping = self.sigmaconfig.fieldmappings.get(fieldname) - if isinstance(mapping, ConditionalFieldMapping): - fieldname = self._map_conditional_field(fieldname) - elif isinstance(mapping, MultiFieldMapping): - fieldname = mapping.resolve_fieldname(fieldname, self._parser) - elif isinstance(mapping, SimpleFieldMapping): - fieldname = mapping.resolve_fieldname(fieldname, self._parser) - return fieldname - def _map_conditional_field(self, fieldname): mapping = self.sigmaconfig.fieldmappings.get(fieldname) # if there is a conditional mapping for this fieldname @@ -325,35 +341,89 @@ class AzureAPIBackend(AzureLogAnalyticsBackend): def __init__(self, *args, **kwargs): """Initialize field mappings""" super().__init__(*args, **kwargs) + self.techniques = self._load_mitre_file("techniques") - def create_rule(self, config): - tags = config.get("tags", []) + def find_technique(self, key_ids): + for key_id in set(key_ids): + if not key_id: + continue + for technique in self.techniques: + if key_id == technique.get("technique_id", ""): + yield technique + + def _load_mitre_file(self, mitre_type): + try: + backend_dir = os.path.normpath(os.path.join(os.path.dirname(os.path.abspath(__file__)), "..", "..", "config", "mitre")) + path = os.path.join(backend_dir, "{}.json".format(mitre_type)) + with open(path) as config_file: + config = json.load(config_file) + return config + except (IOError, OSError) as e: + print("Failed to open {} configuration file '%s': %s".format(path, str(e)), file=sys.stderr) + return [] + except json.JSONDecodeError as e: + print("Failed to parse {} configuration file '%s' as valid YAML: %s" % (path, str(e)), file=sys.stderr) + return [] + + def skip_tactics_or_techniques(self, src_technics, src_tactics): + tactics = set() + technics = set() + + local_storage_techniques = {item["technique_id"]: item for item in self.find_technique(src_technics)} + + for key_id in src_technics: + src_tactic = local_storage_techniques.get(key_id, {}).get("tactic") + if not src_tactic: + continue + src_tactic = set(src_tactic) + + for item in src_tactics: + if item in src_tactic: + technics.add(key_id) + tactics.add(item) + + return sorted(tactics), sorted(technics) + + def parse_severity(self, old_severity): + if old_severity.lower() == "critical": + return "high" + return old_severity + + def get_tactics_and_techniques(self, tags): tactics = list() technics = list() + for tag in tags: tag = tag.replace("attack.", "") - if re.match("[tT][0-9]{4}", tag): + if re.match("[t][0-9]{4}", tag, re.IGNORECASE): technics.append(tag.title()) else: if "_" in tag: - tag_list = tag.split("_") - tag_list = [item.title() for item in tag_list] - tactics.append("".join(tag_list)) - else: - tactics.append(tag.title()) + tag = tag.replace("_", " ") + tag = tag.title() + tactics.append(tag) + + return tactics, technics + + def create_rule(self, config): + tags = config.get("tags", []) + + tactics, technics = self.get_tactics_and_techniques(tags) + tactics, technics = self.skip_tactics_or_techniques(technics, tactics) + tactics = list(map(lambda s: s.replace(" ", ""), tactics)) rule = { "displayName": "{} by {}".format(config.get("title"), config.get('author')), "description": "{} {}".format(config.get("description"), "Technique: {}.".format(",".join(technics))), - "severity": config.get("level", "medium"), + "severity": self.parse_severity(config.get("level", "medium")), "enabled": True, "query": config.get("translation"), "queryFrequency": "12H", "queryPeriod": "12H", "triggerOperator": "GreaterThan", - "triggerThreshold": 1, + "triggerThreshold": 0, "suppressionDuration": "12H", - "suppressionEnabled": False, + "suppressionEnabled": True, "tactics": tactics } return json.dumps(rule) @@ -365,3 +435,5 @@ class AzureAPIBackend(AzureLogAnalyticsBackend): configs.update({"translation": translation}) rule = self.create_rule(configs) return rule + else: + raise NotSupportedError("No table could be determined from Sigma rule") diff --git a/tools/sigma/backends/arcsight.py b/tools/sigma/backends/arcsight.py index 2d92d59e..6cd10709 100644 --- a/tools/sigma/backends/arcsight.py +++ b/tools/sigma/backends/arcsight.py @@ -222,7 +222,7 @@ class ArcSightESMBackend(SingleTextQueryBackend): elif isinstance(value, str) and value.endswith("*"): return self.startsWithExpression % (key, self.generateValueNode(self.CleanNode(value))) else: - return self.generateValueNode(value) + return self.mapExpression % (key, self.generateValueNode(value)) elif isinstance(value, list): new_value = list() for item in value: diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 4675b019..1ef7e175 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -18,7 +18,9 @@ import sys import sigma import yaml +import re +from sigma.backends.exceptions import NotSupportedError from .mixins import RulenameCommentMixin, QuoteCharMixin from sigma.parser.modifiers.base import SigmaTypeModifier @@ -90,6 +92,7 @@ class BaseBackend: options = tuple() # a list of tuples with following elements: option name, default value, help text, target attribute name (option name if None) config_required = True default_config = None + mapExpression = "" def __init__(self, sigmaconfig, backend_options=dict()): """ @@ -130,29 +133,48 @@ class BaseBackend: result = self.generateNode(parsed.parsedSearch) if parsed.parsedAgg: result += self.generateAggregation(parsed.parsedAgg) + #result = self.applyOverrides(result) return result + def applyOverrides(self, query): + try: + if 'overrides' in self.sigmaconfig.config and isinstance(query, str): + for expression in self.sigmaconfig.config['overrides']: + if 'regexes' in expression: + for x in expression['regexes']: + sub = expression['field'] + value = expression['value'] + query = re.sub(x, self.mapExpression % (sub, value), query) + if 'literals' in expression: + for x in expression['literals']: + sub = expression['field'] + value = expression['value'] + query = query.replace(x, self.mapExpression % (sub, value)) + except Exception: + pass + return query + def generateNode(self, node): if type(node) == sigma.parser.condition.ConditionAND: - return self.generateANDNode(node) + return self.applyOverrides(self.generateANDNode(node)) elif type(node) == sigma.parser.condition.ConditionOR: - return self.generateORNode(node) + return self.applyOverrides(self.generateORNode(node)) elif type(node) == sigma.parser.condition.ConditionNOT: - return self.generateNOTNode(node) + return self.applyOverrides(self.generateNOTNode(node)) elif type(node) == sigma.parser.condition.ConditionNULLValue: - return self.generateNULLValueNode(node) + return self.applyOverrides(self.generateNULLValueNode(node)) elif type(node) == sigma.parser.condition.ConditionNotNULLValue: - return self.generateNotNULLValueNode(node) + return self.applyOverrides(self.generateNotNULLValueNode(node)) elif type(node) == sigma.parser.condition.NodeSubexpression: - return self.generateSubexpressionNode(node) + return self.applyOverrides(self.generateSubexpressionNode(node)) elif type(node) == tuple: - return self.generateMapItemNode(node) + return self.applyOverrides(self.generateMapItemNode(node)) elif type(node) in (str, int): - return self.generateValueNode(node) + return self.applyOverrides(self.generateValueNode(node)) elif type(node) == list: - return self.generateListNode(node) + return self.applyOverrides(self.generateListNode(node)) elif isinstance(node, SigmaTypeModifier): - return self.generateTypedValueNode(node) + return self.applyOverrides(self.generateTypedValueNode(node)) else: raise TypeError("Node type %s was not expected in Sigma parse tree" % (str(type(node)))) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index ea1e7f9a..a06af826 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -2,7 +2,7 @@ import re import requests import json import os -from ..config.eventdict import event +from sigma.config.eventdict import event from fnmatch import fnmatch from sigma.backends.base import SingleTextQueryBackend @@ -83,7 +83,7 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB if val.startswith("*"): val = val.replace("*", "",1) if val.startswith("\\"): - val = val.replace("\\", "", 1) + val = val.replace("\\", "", 1) if val.startswith("*\\"): val = val.replace("*\\", "*") if val.startswith("*/"): @@ -108,7 +108,7 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB elif type(new_value) is list: for index, vl in enumerate(new_value): new_value[index] = self.cleanIPRange(vl) - + return new_value def generateValueNode(self, node): @@ -131,7 +131,6 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB else: transformed_fieldname = self.fieldNameMapping(fieldname, value) if(transformed_fieldname == "ipaddr"): - print("OK") value = self.cleanIPRange(value) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): #return self.mapExpression % (transformed_fieldname, self.generateNode(value)) diff --git a/tools/sigma/backends/discovery.py b/tools/sigma/backends/discovery.py index fdb2347f..399ce79e 100644 --- a/tools/sigma/backends/discovery.py +++ b/tools/sigma/backends/discovery.py @@ -25,7 +25,7 @@ from sigma.tools import getAllSubclasses, getClassDict def getBackendList(): """Return list of backend classes""" path = os.path.dirname(__file__) - return frozenset(getAllSubclasses(path, "backends", BaseBackend)) + return getAllSubclasses(path, "backends", BaseBackend) def getBackendDict(): return getClassDict(getBackendList()) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 397ff943..88cdd9c6 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -23,12 +23,39 @@ from random import randrange import sigma import yaml -from sigma.parser.modifiers.type import SigmaRegularExpressionModifier +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier, SigmaTypeModifier from sigma.parser.condition import ConditionOR, ConditionAND, NodeSubexpression + +from sigma.config.mapping import ConditionalFieldMapping from .base import BaseBackend, SingleTextQueryBackend from .mixins import RulenameCommentMixin, MultiRuleOutputMixin from .exceptions import NotSupportedError + +class DeepFieldMappingMixin(object): + + def fieldNameMapping(self, fieldname, value): + if isinstance(fieldname, str): + get_config = self.sigmaconfig.fieldmappings.get(fieldname) + if not get_config and '|' in fieldname: + fieldname = fieldname.split('|', 1)[0] + get_config = self.sigmaconfig.fieldmappings.get(fieldname) + if isinstance(get_config, ConditionalFieldMapping): + condition = self.sigmaconfig.fieldmappings.get(fieldname).conditions + for key, item in self.logsource.items(): + if condition.get(key) and condition.get(key, {}).get(item): + new_fieldname = condition.get(key, {}).get(item) + if any(new_fieldname): + return super().fieldNameMapping(new_fieldname[0], value) + return super().fieldNameMapping(fieldname, value) + + + def generate(self, sigmaparser): + self.logsource = sigmaparser.parsedyaml.get("logsource", {}) + return super().generate(sigmaparser) + + + class ElasticsearchWildcardHandlingMixin(object): """ Determine field mapping to keyword subfields depending on existence of wildcards in search values. Further, @@ -86,6 +113,31 @@ class ElasticsearchWildcardHandlingMixin(object): else: return False + def generateMapItemNode(self, node): + fieldname, value = node + if fieldname.lower().find("hash") != -1: + if isinstance(value, list): + res = [] + for item in value: + try: + res.extend([item.lower(), item.upper()]) + except AttributeError: # not a string (something that doesn't support upper/lower casing) + res.append(item) + value = res + elif isinstance(value, str): + value = [value.upper(), value.lower()] + transformed_fieldname = self.fieldNameMapping(fieldname, value) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(transformed_fieldname, value) + elif value is None: + return self.nullExpression % (transformed_fieldname, ) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + def fieldNameMapping(self, fieldname, value, *agg_option): """ Decide whether to use a keyword field or analyzed field. Using options on fields to make into keywords OR not and the field naming of keyword. @@ -162,6 +214,8 @@ class ElasticsearchWildcardHandlingMixin(object): Adds the beginning and ending '/' to make regex query if still determined that it should be a regex """ if value and not value == 'null' and not re.match(r'^/.*/$', value) and (re.search('[a-zA-Z]', value) and not re.match(self.uuid_regex, value) or self.containsWildcard(value)): # re.search for alpha is fastest: + # Turn single ending '\\' into non escaped (ie: '\\*') + #value = re.sub( r"((?\\*", value ) # Make upper/lower value = re.sub( r"[A-Za-z]", lambda x: "[" + x.group( 0 ).upper() + x.group( 0 ).lower() + "]", value ) # Turn `*` into wildcard, only if odd number of '\'(because this would mean already escaped) @@ -180,7 +234,7 @@ class ElasticsearchWildcardHandlingMixin(object): return { 'is_regex': False, 'value': value } -class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend): +class ElasticsearchQuerystringBackend(DeepFieldMappingMixin, ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend): """Converts Sigma rule into Elasticsearch query string. Only searches, no aggregations.""" identifier = "es-qs" active = True @@ -244,7 +298,7 @@ class ElasticsearchQuerystringBackend(ElasticsearchWildcardHandlingMixin, Single else: return super().generateSubexpressionNode(node) -class ElasticsearchDSLBackend(RulenameCommentMixin, ElasticsearchWildcardHandlingMixin, BaseBackend): +class ElasticsearchDSLBackend(DeepFieldMappingMixin, RulenameCommentMixin, ElasticsearchWildcardHandlingMixin, BaseBackend): """ElasticSearch DSL backend""" identifier = 'es-dsl' active = True @@ -579,7 +633,8 @@ class KibanaBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin): if self.output_type == "import": # output format that can be imported via Kibana UI for item in self.kibanaconf: # JSONize kibanaSavedObjectMeta.searchSourceJSON item['_source']['kibanaSavedObjectMeta']['searchSourceJSON'] = json.dumps(item['_source']['kibanaSavedObjectMeta']['searchSourceJSON']) - return json.dumps(self.kibanaconf, indent=2) + if self.kibanaconf: + return json.dumps(self.kibanaconf, indent=2) elif self.output_type == "curl": for item in self.indexsearch: return item @@ -908,7 +963,7 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) raise NotImplementedError("Output type '%s' not supported" % self.output_type) return result -class ElastalertBackend(MultiRuleOutputMixin): +class ElastalertBackend(DeepFieldMappingMixin, MultiRuleOutputMixin): """Elastalert backend""" active = True supported_alert_methods = {'email', 'http_post'} @@ -1202,12 +1257,14 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): tags = configs.get("tags", []) tactics_list = list() technics_list = list() + new_tags = list() for tag in tags: tag = tag.replace("attack.", "") if re.match("[t][0-9]{4}", tag, re.IGNORECASE): tech = self.find_technique(tag.title()) if tech: + new_tags.append(tag.title()) technics_list.append(tech) else: if "_" in tag: @@ -1215,22 +1272,29 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): tag_list = [item.title() for item in tag_list] tact = self.find_tactics(key_name=" ".join(tag_list)) if tact: + new_tags.append(" ".join(tag_list)) tactics_list.append(tact) elif re.match("[ta][0-9]{4}", tag, re.IGNORECASE): tact = self.find_tactics(key_id=tag.upper()) if tact: + new_tags.append(tag.upper()) tactics_list.append(tact) else: tact = self.find_tactics(key_name=tag.title()) if tact: + new_tags.append(tag.title()) tactics_list.append(tact) threat = self.create_threat_description(tactics_list=tactics_list, techniques_list=technics_list) - rule_id = configs.get("title", "").lower().replace(" ", "_") + rule_name = configs.get("title", "").lower() + rule_id = re.sub(re.compile('[()*+!,\[\].\s"]'), "_", rule_name) risk_score = self.map_risk_score(configs.get("level", "medium")) + references = configs.get("reference") + if references is None: + references = configs.get("references") rule = { "description": configs.get("description", ""), "enabled": True, - "false_positives": configs.get('falsepositives'), + "false_positives": configs.get('falsepositives', "Unkown"), "filters": [], "from": "now-360s", "immutable": False, @@ -1243,15 +1307,16 @@ class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): "risk_score": risk_score, "name": configs.get("title", ""), "query":configs.get("translation"), - "references": configs.get("references"), "meta": { "from": "1m" }, "severity": configs.get("level", "medium"), - "tags": tags, + "tags": new_tags, "to": "now", "type": "query", "threat": threat, "version": 1 } + if references: + rule.update({"references": references}) return json.dumps(rule) diff --git a/tools/sigma/backends/humio.py b/tools/sigma/backends/humio.py new file mode 100644 index 00000000..21577e15 --- /dev/null +++ b/tools/sigma/backends/humio.py @@ -0,0 +1,160 @@ +# Output backends for sigmac +# Copyright 2016-2018 Thomas Patzke, Florian Roth, Roey + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import re + +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier + +from sigma.parser.condition import SigmaAggregationParser +from .base import SingleTextQueryBackend +from .mixins import MultiRuleOutputMixin + +class HumioBackend(SingleTextQueryBackend): + """Converts Sigma rule into Humio query.""" + identifier = "humio" + active = True + + reEscape = re.compile('("|(?. - -import re -import yaml -from collections import namedtuple -from .base import BaseBackend -from sigma.parser.modifiers.base import SigmaTypeModifier -from sigma.parser.modifiers.type import SigmaRegularExpressionModifier - -# A few helper functions for cases where field mapping cannot be done -# as easily one by one, or can be done more efficiently. -def _windowsEventLogFieldName(fieldName): - if 'EventID' == fieldName: - return 'Event/System/EventID' - return 'Event/EventData/%s' % (fieldName,) - -def _mapProcessCreationOperations(node): - # Here we fix some common pitfalls found in rules - # in a consistent fashion (already processed to D&R rule). - - # First fixup is looking for a specific path prefix - # based on a specific drive letter. There are many cases - # where the driver letter can change or where the early - # boot process refers to it as "\Device\HarddiskVolume1\". - if ("starts with" == node["op"] and - "event/FILE_PATH" == node["path"] and - node["value"].lower().startswith("c:\\")): - node["op"] = "matches" - node["re"] = "^(?:(?:.:)|(?:\\\\Device\\\\HarddiskVolume.))\\\\%s" % (re.escape(node["value"][3:]),) - del(node["value"]) - - return node - -# We support many different log sources so we keep different mapping depending -# on the log source and category. -# The mapping key is product/category/service. -# The mapping value is tuple like: -# - top-level parameters -# - pre-condition is a D&R rule node filtering relevant events. -# - field mappings is a dict with a mapping or a callable to convert the field name. -# Individual mapping values can also be callabled(fieldname, value) returning a new fieldname and value. -# - isAllStringValues is a bool indicating whether all values should be converted to string. -# - keywordField is the field name to alias for keywords if supported or None if not. -# - postOpMapper is a callback that can modify an operation once it has been generated. -SigmaLCConfig = namedtuple('SigmaLCConfig', [ - 'topLevelParams', - 'preConditions', - 'fieldMappings', - 'isAllStringValues', - 'keywordField', - 'postOpMapper', -]) -_allFieldMappings = { - "windows/process_creation/": SigmaLCConfig( - topLevelParams = { - "events": [ - "NEW_PROCESS", - "EXISTING_PROCESS", - ] - }, - preConditions = { - "op": "is windows", - }, - fieldMappings = { - "CommandLine": "event/COMMAND_LINE", - "Image": "event/FILE_PATH", - "ParentImage": "event/PARENT/FILE_PATH", - "ParentCommandLine": "event/PARENT/COMMAND_LINE", - "User": "event/USER_NAME", - "OriginalFileName": "event/ORIGINAL_FILE_NAME", - # Custom field names coming from somewhere unknown. - "NewProcessName": "event/FILE_PATH", - "ProcessCommandLine": "event/COMMAND_LINE", - # Another one-off command line. - "Command": "event/COMMAND_LINE", - }, - isAllStringValues = False, - keywordField = "event/COMMAND_LINE", - postOpMapper = _mapProcessCreationOperations - ), - "windows//": SigmaLCConfig( - topLevelParams = { - "target": "log", - "log type": "wel", - }, - preConditions = None, - fieldMappings = _windowsEventLogFieldName, - isAllStringValues = True, - keywordField = None, - postOpMapper = None - ), - "windows_defender//": SigmaLCConfig( - topLevelParams = { - "target": "log", - "log type": "wel", - }, - preConditions = None, - fieldMappings = _windowsEventLogFieldName, - isAllStringValues = True, - keywordField = None, - postOpMapper = None - ), - "dns//": SigmaLCConfig( - topLevelParams = { - "event": "DNS_REQUEST", - }, - preConditions = None, - fieldMappings = { - "query": "event/DOMAIN_NAME", - }, - isAllStringValues = False, - keywordField = None, - postOpMapper = None - ), - "linux//": SigmaLCConfig( - topLevelParams = { - "events": [ - "NEW_PROCESS", - "EXISTING_PROCESS", - ] - }, - preConditions = { - "op": "is linux", - }, - fieldMappings = { - "exe": "event/FILE_PATH", - "type": None, - }, - isAllStringValues = False, - keywordField = 'event/COMMAND_LINE', - postOpMapper = None - ), - "unix//": SigmaLCConfig( - topLevelParams = { - "events": [ - "NEW_PROCESS", - "EXISTING_PROCESS", - ] - }, - preConditions = { - "op": "is linux", - }, - fieldMappings = { - "exe": "event/FILE_PATH", - "type": None, - }, - isAllStringValues = False, - keywordField = 'event/COMMAND_LINE', - postOpMapper = None - ), - "netflow//": SigmaLCConfig( - topLevelParams = { - "event": "NETWORK_CONNECTIONS", - }, - preConditions = None, - fieldMappings = { - "destination.port": "event/NETWORK_ACTIVITY/DESTINATION/PORT", - "source.port": "event/NETWORK_ACTIVITY/SOURCE/PORT", - }, - isAllStringValues = False, - keywordField = None, - postOpMapper = None - ), - "/proxy/": SigmaLCConfig( - topLevelParams = { - "event": "HTTP_REQUEST", - }, - preConditions = None, - fieldMappings = { - "c-uri|contains": "event/URL", - "c-uri": "event/URL", - "URL": "event/URL", - "cs-uri-query": "event/URL", - "cs-uri-stem": "event/URL", - }, - isAllStringValues = False, - keywordField = None, - postOpMapper = None - ), -} - -class LimaCharlieBackend(BaseBackend): - """Converts Sigma rule into LimaCharlie D&R rules. Contributed by LimaCharlie. https://limacharlie.io""" - identifier = "limacharlie" - active = True - config_required = False - default_config = ["limacharlie"] - - def generate(self, sigmaparser): - # Take the log source information and figure out which set of mappings to use. - ruleConfig = sigmaparser.parsedyaml - ls_rule = ruleConfig['logsource'] - try: - category = ls_rule['category'] - except KeyError: - category = "" - try: - product = ls_rule['product'] - except KeyError: - product = "" - # try: - # service = ls_rule['service'] - # except KeyError: - # service = "" - - # If there is a timeframe component, we do not currently - # support it for now. - if ruleConfig.get( 'detection', {} ).get( 'timeframe', None ) is not None: - raise NotImplementedError("Timeframes are not supported by backend.") - - # Don't use service for now, most Windows Event Logs - # uses a different service with no category, since we - # treat all Windows Event Logs together we can ignore - # the service. - service = "" - - # See if we have a definition for the source combination. - mappingKey = "%s/%s/%s" % (product, category, service) - topFilter, preCond, mappings, isAllStringValues, keywordField, postOpMapper = _allFieldMappings.get(mappingKey, tuple([None, None, None, None, None, None])) - if mappings is None: - raise NotImplementedError("Log source %s/%s/%s not supported by backend." % (product, category, service)) - - # Field name conversions. - self._fieldMappingInEffect = mappings - - # LC event type pre-selector for the type of data. - self._preCondition = preCond - - # Are all the values treated as strings? - self._isAllStringValues = isAllStringValues - - # Are we supporting keywords full text search? - self._keywordField = keywordField - - # Call to fixup all operations after the fact. - self._postOpMapper = postOpMapper - - # Call the original generation code. - detectComponent = super().generate(sigmaparser) - - # We expect a string (yaml) as output, so if - # we get anything else we assume it's a core - # library value and just return it as-is. - if not isinstance( detectComponent, str): - return detectComponent - - # This redundant to deserialize it right after - # generating the yaml, but we try to use the parent - # official class code as much as possible for future - # compatibility. - detectComponent = yaml.safe_load(detectComponent) - - # Check that we got a proper node and not just a string - # which we don't really know what to do with. - if not isinstance(detectComponent, dict): - raise NotImplementedError("Selection combination not supported.") - - # Apply top level filter. - detectComponent.update(topFilter) - - # Now prepare the Response component. - respondComponents = [{ - "action": "report", - "name": ruleConfig["title"], - }] - - # Add a lot of the metadata available to the report. - if ruleConfig.get("tags", None) is not None: - respondComponents[0].setdefault("metadata", {})["tags"] = ruleConfig["tags"] - - if ruleConfig.get("description", None) is not None: - respondComponents[0].setdefault("metadata", {})["description"] = ruleConfig["description"] - - if ruleConfig.get("references", None) is not None: - respondComponents[0].setdefault("metadata", {})["references"] = ruleConfig["references"] - - if ruleConfig.get("level", None) is not None: - respondComponents[0].setdefault("metadata", {})["level"] = ruleConfig["level"] - - if ruleConfig.get("author", None) is not None: - respondComponents[0].setdefault("metadata", {})["author"] = ruleConfig["author"] - - if ruleConfig.get("falsepositives", None) is not None: - respondComponents[0].setdefault("metadata", {})["falsepositives"] = ruleConfig["falsepositives"] - - # Assemble it all as a single, complete D&R rule. - return yaml.safe_dump({ - "detect": detectComponent, - "respond": respondComponents, - }, default_flow_style = False) - - def generateQuery(self, parsed): - # We override the generateQuery function because - # we generate proper JSON structures internally - # and only convert to string (yaml) once the - # whole thing is assembled. - result = self.generateNode(parsed.parsedSearch) - - if self._preCondition is not None: - result = { - "op": "and", - "rules": [ - self._preCondition, - result, - ] - } - if self._postOpMapper is not None: - result = self._postOpMapper(result) - return yaml.safe_dump(result) - - def generateANDNode(self, node): - generated = [ self.generateNode(val) for val in node ] - filtered = [ g for g in generated if g is not None ] - if not filtered: - return None - - # Map any possible keywords. - filtered = self._mapKeywordVals(filtered) - - if 1 == len(filtered): - if self._postOpMapper is not None: - filtered[0] = self._postOpMapper(filtered[0]) - return filtered[0] - result = { - "op": "and", - "rules": filtered, - } - if self._postOpMapper is not None: - result = self._postOpMapper(result) - return result - - def generateORNode(self, node): - generated = [self.generateNode(val) for val in node] - filtered = [g for g in generated if g is not None] - if not filtered: - return None - - # Map any possible keywords. - filtered = self._mapKeywordVals(filtered) - - if 1 == len(filtered): - if self._postOpMapper is not None: - filtered[0] = self._postOpMapper(filtered[0]) - return filtered[0] - result = { - "op": "or", - "rules": filtered, - } - if self._postOpMapper is not None: - result = self._postOpMapper(result) - return result - - def generateNOTNode(self, node): - generated = self.generateNode(node.item) - if generated is None: - return None - if not isinstance(generated, dict): - raise NotImplementedError("Not operator not available on non-dict nodes.") - generated["not"] = not generated.get("not", False) - return generated - - def generateSubexpressionNode(self, node): - return self.generateNode(node.items) - - def generateListNode(self, node): - return [self.generateNode(value) for value in node] - - def generateMapItemNode(self, node): - fieldname, value = node - - fieldNameAndValCallback = None - - # The mapping can be a dictionary of mapping or a callable - # to get the correct value. - if callable(self._fieldMappingInEffect): - fieldname = self._fieldMappingInEffect(fieldname) - else: - try: - # The mapping can also be a callable that will - # return a mapped key AND value. - if callable(self._fieldMappingInEffect[fieldname]): - fieldNameAndValCallback = self._fieldMappingInEffect[fieldname] - else: - fieldname = self._fieldMappingInEffect[fieldname] - except: - raise NotImplementedError("Field name %s not supported by backend." % (fieldname,)) - - # If fieldname returned is None, it's a special case where we - # ignore the node. - if fieldname is None: - return None - - if isinstance(value, (int, str)): - if fieldNameAndValCallback is not None: - fieldname, value = fieldNameAndValCallback(fieldname, value) - op, newVal = self._valuePatternToLcOp(value) - newOp = { - "op": op, - "path": fieldname, - "case sensitive": False, - } - if op == "matches": - newOp["re"] = newVal - else: - newOp["value"] = newVal - if self._postOpMapper is not None: - newOp = self._postOpMapper(newOp) - return newOp - elif isinstance(value, list): - subOps = [] - for v in value: - if fieldNameAndValCallback is not None: - fieldname, v = fieldNameAndValCallback(fieldname, v) - op, newVal = self._valuePatternToLcOp(v) - newOp = { - "op": op, - "path": fieldname, - "case sensitive": False, - } - if op == "matches": - newOp["re"] = newVal - else: - newOp["value"] = newVal - if self._postOpMapper is not None: - newOp = self._postOpMapper(newOp) - subOps.append(newOp) - if 1 == len(subOps): - return subOps[0] - return { - "op": "or", - "rules": subOps - } - elif isinstance(value, SigmaTypeModifier): - if isinstance(value, SigmaRegularExpressionModifier): - if fieldNameAndValCallback is not None: - fieldname, value = fieldNameAndValCallback(fieldname, value) - result = { - "op": "matches", - "path": fieldname, - "re": re.compile(value), - } - if self._postOpMapper is not None: - result = self._postOpMapper(result) - return result - else: - raise TypeError("Backend does not support TypeModifier: %s" % (str(type(value)))) - elif value is None: - if fieldNameAndValCallback is not None: - fieldname, value = fieldNameAndValCallback(fieldname, value) - result = { - "op": "exists", - "not": True, - "path": fieldname, - } - if self._postOpMapper is not None: - result = self._postOpMapper(result) - return result - else: - raise TypeError("Backend does not support map values of type " + str(type(value))) - - def generateValueNode(self, node): - return node - - def _valuePatternToLcOp(self, val): - # Here we convert the string values supported by Sigma that - # can include wildcards into either proper values (string or int) - # or into altered values to be functionally equivalent using - # a few different LC D&R rule operators. - - # No point evaluating non-strings. - if not isinstance(val, str): - return ("is", str(val) if self._isAllStringValues else val) - - # Is there any wildcard in this string? If not, we can short circuit. - if "*" not in val and "?" not in val: - return ("is", val) - - # Now we do a small optimization for the shortcut operators - # available in LC. We try to see if the wildcards are around - # the main value, but NOT within. If that's the case we can - # use the "starts with", "ends with" or "contains" operators. - isStartsWithWildcard = False - isEndsWithWildcard = False - tmpVal = val - if tmpVal.startswith("*"): - isStartsWithWildcard = True - tmpVal = tmpVal[1:] - if tmpVal.endswith("*") and not (tmpVal.endswith("\\*") and not tmpVal.endswith("\\\\*")): - isEndsWithWildcard = True - if tmpVal.endswith("\\\\*"): - # An extra \ had to be there so it didn't escapte the - # *, but since we plan on removing the *, we can also - # remove one \. - tmpVal = tmpVal[:-2] - else: - tmpVal = tmpVal[:-1] - - # Check to see if there are any other wildcards. If there are - # we cannot use our shortcuts. - if "*" not in tmpVal and "?" not in tmpVal: - if isStartsWithWildcard and isEndsWithWildcard: - return ("contains", tmpVal) - - if isStartsWithWildcard: - return ("ends with", tmpVal) - - if isEndsWithWildcard: - return ("starts with", tmpVal) - - # This is messy, but it is accurate in generating a RE based on - # the simplified wildcard system, while also supporting the - # escaping of those wildcards. - segments = [] - tmpVal = val - while True: - nEscapes = 0 - for i in range(len(tmpVal)): - # We keep a running count of backslash escape - # characters we see so that if we meet a wildcard - # we can tell whether the wildcard is escaped - # (with odd number of escapes) or if it's just a - # backslash literal before a wildcard (even number). - if "\\" == tmpVal[i]: - nEscapes += 1 - continue - - if "*" == tmpVal[i]: - if 0 == nEscapes: - segments.append(re.escape(tmpVal[:i])) - segments.append(".*") - elif nEscapes % 2 == 0: - segments.append(re.escape(tmpVal[:i - nEscapes])) - segments.append(tmpVal[i - nEscapes:i]) - segments.append(".*") - else: - segments.append(re.escape(tmpVal[:i - nEscapes])) - segments.append(tmpVal[i - nEscapes:i + 1]) - tmpVal = tmpVal[i + 1:] - break - - if "?" == tmpVal[i]: - if 0 == nEscapes: - segments.append(re.escape(tmpVal[:i])) - segments.append(".") - elif nEscapes % 2 == 0: - segments.append(re.escape(tmpVal[:i - nEscapes])) - segments.append(tmpVal[i - nEscapes:i]) - segments.append(".") - else: - segments.append(re.escape(tmpVal[:i - nEscapes])) - segments.append(tmpVal[i - nEscapes:i + 1]) - tmpVal = tmpVal[i + 1:] - break - - nEscapes = 0 - else: - segments.append(re.escape(tmpVal)) - break - - val = ''.join(segments) - - return ("matches", val) - - def _mapKeywordVals(self, values): - # This function ensures that the list of values passed - # are proper D&R operations, if they are strings it indicates - # they were requested as keyword matches. We only support - # keyword matches when specified in the config. We generally just - # map them to the most common field in LC that makes sense. - mapped = [] - - for val in values: - # Non-keywords are just passed through. - if not isinstance(val, str): - mapped.append(val) - continue - - if self._keywordField is None: - raise NotImplementedError("Full-text keyboard searches not supported.") - - # This seems to be indicative only of "keywords" which are mostly - # representative of full-text searches. We don't suport that but - # in some data sources we can alias them to an actual field. - op, newVal = self._valuePatternToLcOp(val) - newOp = { - "op": op, - "path": self._keywordField, - } - if op == "matches": - newOp["re"] = newVal - else: - newOp["value"] = newVal - mapped.append(newOp) - - return mapped +# LimaCharlie backend for sigmac created by LimaCharlie.io +# Copyright 2019 Refraction Point, Inc + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import re +import yaml +from collections import namedtuple +from .base import BaseBackend +from sigma.parser.modifiers.base import SigmaTypeModifier +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier + +# A few helper functions for cases where field mapping cannot be done +# as easily one by one, or can be done more efficiently. +def _windowsEventLogFieldName(fieldName): + if 'EventID' == fieldName: + return 'Event/System/EventID' + return 'Event/EventData/%s' % (fieldName,) + +def _mapProcessCreationOperations(node): + # Here we fix some common pitfalls found in rules + # in a consistent fashion (already processed to D&R rule). + + # First fixup is looking for a specific path prefix + # based on a specific drive letter. There are many cases + # where the driver letter can change or where the early + # boot process refers to it as "\Device\HarddiskVolume1\". + if ("starts with" == node["op"] and + "event/FILE_PATH" == node["path"] and + node["value"].lower().startswith("c:\\")): + node["op"] = "matches" + node["re"] = "^(?:(?:.:)|(?:\\\\Device\\\\HarddiskVolume.))\\\\%s" % (re.escape(node["value"][3:]),) + del(node["value"]) + + return node + +# We support many different log sources so we keep different mapping depending +# on the log source and category. +# The mapping key is product/category/service. +# The mapping value is tuple like: +# - top-level parameters +# - pre-condition is a D&R rule node filtering relevant events. +# - field mappings is a dict with a mapping or a callable to convert the field name. +# Individual mapping values can also be callabled(fieldname, value) returning a new fieldname and value. +# - isAllStringValues is a bool indicating whether all values should be converted to string. +# - keywordField is the field name to alias for keywords if supported or None if not. +# - postOpMapper is a callback that can modify an operation once it has been generated. +SigmaLCConfig = namedtuple('SigmaLCConfig', [ + 'topLevelParams', + 'preConditions', + 'fieldMappings', + 'isAllStringValues', + 'keywordField', + 'postOpMapper', +]) +_allFieldMappings = { + "windows/process_creation/": SigmaLCConfig( + topLevelParams = { + "events": [ + "NEW_PROCESS", + "EXISTING_PROCESS", + ] + }, + preConditions = { + "op": "is windows", + }, + fieldMappings = { + "CommandLine": "event/COMMAND_LINE", + "Image": "event/FILE_PATH", + "ParentImage": "event/PARENT/FILE_PATH", + "ParentCommandLine": "event/PARENT/COMMAND_LINE", + "User": "event/USER_NAME", + "OriginalFileName": "event/ORIGINAL_FILE_NAME", + # Custom field names coming from somewhere unknown. + "NewProcessName": "event/FILE_PATH", + "ProcessCommandLine": "event/COMMAND_LINE", + # Another one-off command line. + "Command": "event/COMMAND_LINE", + }, + isAllStringValues = False, + keywordField = "event/COMMAND_LINE", + postOpMapper = _mapProcessCreationOperations + ), + "windows//": SigmaLCConfig( + topLevelParams = { + "target": "log", + "log type": "wel", + }, + preConditions = None, + fieldMappings = _windowsEventLogFieldName, + isAllStringValues = True, + keywordField = None, + postOpMapper = None + ), + "windows_defender//": SigmaLCConfig( + topLevelParams = { + "target": "log", + "log type": "wel", + }, + preConditions = None, + fieldMappings = _windowsEventLogFieldName, + isAllStringValues = True, + keywordField = None, + postOpMapper = None + ), + "dns//": SigmaLCConfig( + topLevelParams = { + "event": "DNS_REQUEST", + }, + preConditions = None, + fieldMappings = { + "query": "event/DOMAIN_NAME", + }, + isAllStringValues = False, + keywordField = None, + postOpMapper = None + ), + "linux//": SigmaLCConfig( + topLevelParams = { + "events": [ + "NEW_PROCESS", + "EXISTING_PROCESS", + ] + }, + preConditions = { + "op": "is linux", + }, + fieldMappings = { + "exe": "event/FILE_PATH", + "type": None, + }, + isAllStringValues = False, + keywordField = 'event/COMMAND_LINE', + postOpMapper = None + ), + "unix//": SigmaLCConfig( + topLevelParams = { + "events": [ + "NEW_PROCESS", + "EXISTING_PROCESS", + ] + }, + preConditions = { + "op": "is linux", + }, + fieldMappings = { + "exe": "event/FILE_PATH", + "type": None, + }, + isAllStringValues = False, + keywordField = 'event/COMMAND_LINE', + postOpMapper = None + ), + "netflow//": SigmaLCConfig( + topLevelParams = { + "event": "NETWORK_CONNECTIONS", + }, + preConditions = None, + fieldMappings = { + "destination.port": "event/NETWORK_ACTIVITY/DESTINATION/PORT", + "source.port": "event/NETWORK_ACTIVITY/SOURCE/PORT", + }, + isAllStringValues = False, + keywordField = None, + postOpMapper = None + ), + "/proxy/": SigmaLCConfig( + topLevelParams = { + "event": "HTTP_REQUEST", + }, + preConditions = None, + fieldMappings = { + "c-uri|contains": "event/URL", + "c-uri": "event/URL", + "URL": "event/URL", + "cs-uri-query": "event/URL", + "cs-uri-stem": "event/URL", + }, + isAllStringValues = False, + keywordField = None, + postOpMapper = None + ), +} + +class LimaCharlieBackend(BaseBackend): + """Converts Sigma rule into LimaCharlie D&R rules. Contributed by LimaCharlie. https://limacharlie.io""" + identifier = "limacharlie" + active = True + config_required = False + default_config = ["limacharlie"] + + def generate(self, sigmaparser): + # Take the log source information and figure out which set of mappings to use. + ruleConfig = sigmaparser.parsedyaml + ls_rule = ruleConfig['logsource'] + try: + category = ls_rule['category'] + except KeyError: + category = "" + try: + product = ls_rule['product'] + except KeyError: + product = "" + # try: + # service = ls_rule['service'] + # except KeyError: + # service = "" + + # If there is a timeframe component, we do not currently + # support it for now. + if ruleConfig.get( 'detection', {} ).get( 'timeframe', None ) is not None: + raise NotImplementedError("Timeframes are not supported by backend.") + + # Don't use service for now, most Windows Event Logs + # uses a different service with no category, since we + # treat all Windows Event Logs together we can ignore + # the service. + service = "" + + # See if we have a definition for the source combination. + mappingKey = "%s/%s/%s" % (product, category, service) + topFilter, preCond, mappings, isAllStringValues, keywordField, postOpMapper = _allFieldMappings.get(mappingKey, tuple([None, None, None, None, None, None])) + if mappings is None: + raise NotImplementedError("Log source %s/%s/%s not supported by backend." % (product, category, service)) + + # Field name conversions. + self._fieldMappingInEffect = mappings + + # LC event type pre-selector for the type of data. + self._preCondition = preCond + + # Are all the values treated as strings? + self._isAllStringValues = isAllStringValues + + # Are we supporting keywords full text search? + self._keywordField = keywordField + + # Call to fixup all operations after the fact. + self._postOpMapper = postOpMapper + + # Call the original generation code. + detectComponent = super().generate(sigmaparser) + + # We expect a string (yaml) as output, so if + # we get anything else we assume it's a core + # library value and just return it as-is. + if not isinstance( detectComponent, str): + return detectComponent + + # This redundant to deserialize it right after + # generating the yaml, but we try to use the parent + # official class code as much as possible for future + # compatibility. + detectComponent = yaml.safe_load(detectComponent) + + # Check that we got a proper node and not just a string + # which we don't really know what to do with. + if not isinstance(detectComponent, dict): + raise NotImplementedError("Selection combination not supported.") + + # Apply top level filter. + detectComponent.update(topFilter) + + # Now prepare the Response component. + respondComponents = [{ + "action": "report", + "name": ruleConfig["title"], + }] + + # Add a lot of the metadata available to the report. + if ruleConfig.get("tags", None) is not None: + respondComponents[0].setdefault("metadata", {})["tags"] = ruleConfig["tags"] + + if ruleConfig.get("description", None) is not None: + respondComponents[0].setdefault("metadata", {})["description"] = ruleConfig["description"] + + if ruleConfig.get("references", None) is not None: + respondComponents[0].setdefault("metadata", {})["references"] = ruleConfig["references"] + + if ruleConfig.get("level", None) is not None: + respondComponents[0].setdefault("metadata", {})["level"] = ruleConfig["level"] + + if ruleConfig.get("author", None) is not None: + respondComponents[0].setdefault("metadata", {})["author"] = ruleConfig["author"] + + if ruleConfig.get("falsepositives", None) is not None: + respondComponents[0].setdefault("metadata", {})["falsepositives"] = ruleConfig["falsepositives"] + + # Assemble it all as a single, complete D&R rule. + return yaml.safe_dump({ + "detect": detectComponent, + "respond": respondComponents, + }, default_flow_style = False) + + def generateQuery(self, parsed): + # We override the generateQuery function because + # we generate proper JSON structures internally + # and only convert to string (yaml) once the + # whole thing is assembled. + result = self.generateNode(parsed.parsedSearch) + + if self._preCondition is not None: + result = { + "op": "and", + "rules": [ + self._preCondition, + result, + ] + } + if self._postOpMapper is not None: + result = self._postOpMapper(result) + return yaml.safe_dump(result) + + def generateANDNode(self, node): + generated = [ self.generateNode(val) for val in node ] + filtered = [ g for g in generated if g is not None ] + if not filtered: + return None + + # Map any possible keywords. + filtered = self._mapKeywordVals(filtered) + + if 1 == len(filtered): + if self._postOpMapper is not None: + filtered[0] = self._postOpMapper(filtered[0]) + return filtered[0] + result = { + "op": "and", + "rules": filtered, + } + if self._postOpMapper is not None: + result = self._postOpMapper(result) + return result + + def generateORNode(self, node): + generated = [self.generateNode(val) for val in node] + filtered = [g for g in generated if g is not None] + if not filtered: + return None + + # Map any possible keywords. + filtered = self._mapKeywordVals(filtered) + + if 1 == len(filtered): + if self._postOpMapper is not None: + filtered[0] = self._postOpMapper(filtered[0]) + return filtered[0] + result = { + "op": "or", + "rules": filtered, + } + if self._postOpMapper is not None: + result = self._postOpMapper(result) + return result + + def generateNOTNode(self, node): + generated = self.generateNode(node.item) + if generated is None: + return None + if not isinstance(generated, dict): + raise NotImplementedError("Not operator not available on non-dict nodes.") + generated["not"] = not generated.get("not", False) + return generated + + def generateSubexpressionNode(self, node): + return self.generateNode(node.items) + + def generateListNode(self, node): + return [self.generateNode(value) for value in node] + + def generateMapItemNode(self, node): + fieldname, value = node + + fieldNameAndValCallback = None + + # The mapping can be a dictionary of mapping or a callable + # to get the correct value. + if callable(self._fieldMappingInEffect): + fieldname = self._fieldMappingInEffect(fieldname) + else: + try: + # The mapping can also be a callable that will + # return a mapped key AND value. + if callable(self._fieldMappingInEffect[fieldname]): + fieldNameAndValCallback = self._fieldMappingInEffect[fieldname] + else: + fieldname = self._fieldMappingInEffect[fieldname] + except: + raise NotImplementedError("Field name %s not supported by backend." % (fieldname,)) + + # If fieldname returned is None, it's a special case where we + # ignore the node. + if fieldname is None: + return None + + if isinstance(value, (int, str)): + if fieldNameAndValCallback is not None: + fieldname, value = fieldNameAndValCallback(fieldname, value) + op, newVal = self._valuePatternToLcOp(value) + newOp = { + "op": op, + "path": fieldname, + "case sensitive": False, + } + if op == "matches": + newOp["re"] = newVal + else: + newOp["value"] = newVal + if self._postOpMapper is not None: + newOp = self._postOpMapper(newOp) + return newOp + elif isinstance(value, list): + subOps = [] + for v in value: + if fieldNameAndValCallback is not None: + fieldname, v = fieldNameAndValCallback(fieldname, v) + op, newVal = self._valuePatternToLcOp(v) + newOp = { + "op": op, + "path": fieldname, + "case sensitive": False, + } + if op == "matches": + newOp["re"] = newVal + else: + newOp["value"] = newVal + if self._postOpMapper is not None: + newOp = self._postOpMapper(newOp) + subOps.append(newOp) + if 1 == len(subOps): + return subOps[0] + return { + "op": "or", + "rules": subOps + } + elif isinstance(value, SigmaTypeModifier): + if isinstance(value, SigmaRegularExpressionModifier): + if fieldNameAndValCallback is not None: + fieldname, value = fieldNameAndValCallback(fieldname, value) + result = { + "op": "matches", + "path": fieldname, + "re": re.compile(value), + } + if self._postOpMapper is not None: + result = self._postOpMapper(result) + return result + else: + raise TypeError("Backend does not support TypeModifier: %s" % (str(type(value)))) + elif value is None: + if fieldNameAndValCallback is not None: + fieldname, value = fieldNameAndValCallback(fieldname, value) + result = { + "op": "exists", + "not": True, + "path": fieldname, + } + if self._postOpMapper is not None: + result = self._postOpMapper(result) + return result + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + + def generateValueNode(self, node): + return node + + def _valuePatternToLcOp(self, val): + # Here we convert the string values supported by Sigma that + # can include wildcards into either proper values (string or int) + # or into altered values to be functionally equivalent using + # a few different LC D&R rule operators. + + # No point evaluating non-strings. + if not isinstance(val, str): + return ("is", str(val) if self._isAllStringValues else val) + + # Is there any wildcard in this string? If not, we can short circuit. + if "*" not in val and "?" not in val: + return ("is", val) + + # Now we do a small optimization for the shortcut operators + # available in LC. We try to see if the wildcards are around + # the main value, but NOT within. If that's the case we can + # use the "starts with", "ends with" or "contains" operators. + isStartsWithWildcard = False + isEndsWithWildcard = False + tmpVal = val + if tmpVal.startswith("*"): + isStartsWithWildcard = True + tmpVal = tmpVal[1:] + if tmpVal.endswith("*") and not (tmpVal.endswith("\\*") and not tmpVal.endswith("\\\\*")): + isEndsWithWildcard = True + if tmpVal.endswith("\\\\*"): + # An extra \ had to be there so it didn't escapte the + # *, but since we plan on removing the *, we can also + # remove one \. + tmpVal = tmpVal[:-2] + else: + tmpVal = tmpVal[:-1] + + # Check to see if there are any other wildcards. If there are + # we cannot use our shortcuts. + if "*" not in tmpVal and "?" not in tmpVal: + if isStartsWithWildcard and isEndsWithWildcard: + return ("contains", tmpVal) + + if isStartsWithWildcard: + return ("ends with", tmpVal) + + if isEndsWithWildcard: + return ("starts with", tmpVal) + + # This is messy, but it is accurate in generating a RE based on + # the simplified wildcard system, while also supporting the + # escaping of those wildcards. + segments = [] + tmpVal = val + while True: + nEscapes = 0 + for i in range(len(tmpVal)): + # We keep a running count of backslash escape + # characters we see so that if we meet a wildcard + # we can tell whether the wildcard is escaped + # (with odd number of escapes) or if it's just a + # backslash literal before a wildcard (even number). + if "\\" == tmpVal[i]: + nEscapes += 1 + continue + + if "*" == tmpVal[i]: + if 0 == nEscapes: + segments.append(re.escape(tmpVal[:i])) + segments.append(".*") + elif nEscapes % 2 == 0: + segments.append(re.escape(tmpVal[:i - nEscapes])) + segments.append(tmpVal[i - nEscapes:i]) + segments.append(".*") + else: + segments.append(re.escape(tmpVal[:i - nEscapes])) + segments.append(tmpVal[i - nEscapes:i + 1]) + tmpVal = tmpVal[i + 1:] + break + + if "?" == tmpVal[i]: + if 0 == nEscapes: + segments.append(re.escape(tmpVal[:i])) + segments.append(".") + elif nEscapes % 2 == 0: + segments.append(re.escape(tmpVal[:i - nEscapes])) + segments.append(tmpVal[i - nEscapes:i]) + segments.append(".") + else: + segments.append(re.escape(tmpVal[:i - nEscapes])) + segments.append(tmpVal[i - nEscapes:i + 1]) + tmpVal = tmpVal[i + 1:] + break + + nEscapes = 0 + else: + segments.append(re.escape(tmpVal)) + break + + val = ''.join(segments) + + return ("matches", val) + + def _mapKeywordVals(self, values): + # This function ensures that the list of values passed + # are proper D&R operations, if they are strings it indicates + # they were requested as keyword matches. We only support + # keyword matches when specified in the config. We generally just + # map them to the most common field in LC that makes sense. + mapped = [] + + for val in values: + # Non-keywords are just passed through. + if not isinstance(val, str): + mapped.append(val) + continue + + if self._keywordField is None: + raise NotImplementedError("Full-text keyboard searches not supported.") + + # This seems to be indicative only of "keywords" which are mostly + # representative of full-text searches. We don't suport that but + # in some data sources we can alias them to an actual field. + op, newVal = self._valuePatternToLcOp(val) + newOp = { + "op": op, + "path": self._keywordField, + } + if op == "matches": + newOp["re"] = newVal + else: + newOp["value"] = newVal + mapped.append(newOp) + + return mapped diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index 096ee829..f31c5c01 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -15,9 +15,25 @@ # along with this program. If not, see . import re +from functools import wraps from .base import SingleTextQueryBackend from .exceptions import NotSupportedError + +def wrapper(method): + @wraps(method) + def _impl(self, method_args): + key, value, *_ = method_args + if '.keyword' in key: + key = key.split('.keyword')[0] + if key not in self.skip_fields: + method_output = method(self, method_args) + return method_output + else: + return + return _impl + + class WindowsDefenderATPBackend(SingleTextQueryBackend): """Converts Sigma rule into Microsoft Defender ATP Hunting Queries.""" identifier = "mdatp" @@ -41,6 +57,16 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): mapExpression = "%s == %s" mapListsSpecialHandling = True mapListValueExpression = "%s in %s" + + skip_fields = { + "Description", + "_exists_", + "FileVersion", + "Product", + "Company", + "ParentProcessName", + "ParentCommandLine" + } def __init__(self, *args, **kwargs): """Initialize field mappings""" @@ -57,6 +83,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "DestinationIp" : ("RemoteIP", self.default_value_mapping), "DestinationIsIpv6" : ("RemoteIP has \":\"", ), "DestinationPort" : ("RemotePort", self.default_value_mapping), + "Protocol" : ("RemoteProtocol", self.default_value_mapping), "Details" : ("RegistryValueData", self.default_value_mapping), "EventType" : ("ActionType", self.default_value_mapping), "Image" : ("FolderPath", self.default_value_mapping), @@ -151,6 +178,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): return "%s | where tostring(extractjson('$.Command', AdditionalFields)) in~ " % self.table return "%s | where " % self.table + @wrapper def generateMapItemNode(self, node): """ ATP queries refer to event tables instead of Windows logging event identifiers. This method catches conditions that refer to this field diff --git a/tools/sigma/backends/splunk.py b/tools/sigma/backends/splunk.py index 63cb8810..75658343 100644 --- a/tools/sigma/backends/splunk.py +++ b/tools/sigma/backends/splunk.py @@ -72,6 +72,7 @@ class SplunkBackend(SingleTextQueryBackend): def generate(self, sigmaparser): """Method is called for each sigma rule and receives the parsed rule (SigmaParser)""" columns = list() + mapped =None try: for field in sigmaparser.parsedyaml["fields"]: mapped = sigmaparser.config.get_fieldmapping(field).resolve_fieldname(field, sigmaparser) @@ -170,3 +171,40 @@ class SplunkXMLBackend(SingleTextQueryBackend, MultiRuleOutputMixin): def finalize(self): self.queries += self.dash_suf return self.queries + +class CrowdStrikeBackend(SplunkBackend): + """Converts Sigma rule into CrowdStrike Search Processing Language (SPL).""" + identifier = "crowdstrike" + + def generate(self, sigmaparser): + lgs = sigmaparser.parsedyaml.get("logsource") + if lgs.get("product") == "windows" and (lgs.get("service") == "sysmon" or lgs.get("category") == "process_creation"): + fieldmappings = sigmaparser.config.fieldmappings + detections = sigmaparser.definitions + all_fields = dict() + for det in detections.values(): + try: + for field, value in det.items(): + if "|" in field: + field = field.split("|")[0] + if any([item for item in fieldmappings.keys() if field == item]): + if field == "EventID" and str(value) == str(1) and lgs.get("service") == "sysmon": + all_fields.update(det) + elif field != "EventID": + all_fields.update(det) + else: + raise NotImplementedError("Not supported fields!") + else: + raise NotImplementedError("Not supported fields!") + except AttributeError: # ignore if detection is not a dict + pass + + table_fields = sigmaparser.parsedyaml.get("fields", []) + res_table_fields = [] + for fl in table_fields: + if fl in fieldmappings.keys(): + res_table_fields.append(fl) + sigmaparser.parsedyaml["fields"] = res_table_fields + return super().generate(sigmaparser) + else: + raise NotImplementedError("Not supported logsources!") diff --git a/tools/sigma/backends/sql.py b/tools/sigma/backends/sql.py index b3149c01..5b446a6f 100644 --- a/tools/sigma/backends/sql.py +++ b/tools/sigma/backends/sql.py @@ -1,5 +1,6 @@ # Output backends for sigmac # Copyright 2019 Jayden Zheng +# Copyright 2020 Jonas Hagg # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by @@ -16,7 +17,9 @@ import re import sigma -from .base import SingleTextQueryBackend +from sigma.backends.base import SingleTextQueryBackend +from sigma.parser.condition import SigmaAggregationParser, NodeSubexpression, ConditionAND, ConditionOR, ConditionNOT +from sigma.parser.exceptions import SigmaParseError class SQLBackend(SingleTextQueryBackend): """Converts Sigma rule into SQL query""" @@ -34,12 +37,16 @@ class SQLBackend(SingleTextQueryBackend): notNullExpression = "%s=*" # Expression of queries for not null values. %s is field name mapExpression = "%s = %s" # Syntax for field/value conditions. First %s is fieldname, second is value mapMulti = "%s IN %s" # Syntax for field/value conditions. First %s is fieldname, second is value - mapWildcard = "%s LIKE %s" # Syntax for swapping wildcard conditions. + mapWildcard = "%s LIKE %s ESCAPE \'\\\'"# Syntax for swapping wildcard conditions: Adding \ as escape character mapSource = "%s=%s" # Syntax for sourcetype mapListsSpecialHandling = False # Same handling for map items with list values as for normal values (strings, integers) if True, generateMapItemListNode method is called with node mapListValueExpression = "%s OR %s" # Syntax for field/value condititons where map value is a list mapLength = "(%s %s)" + def __init__(self, sigmaconfig, table): + super().__init__(sigmaconfig) + self.table = table + def generateANDNode(self, node): generated = [ self.generateNode(val) for val in node ] filtered = [ g for g in generated if g is not None ] @@ -78,29 +85,32 @@ class SQLBackend(SingleTextQueryBackend): def generateMapItemNode(self, node): fieldname, value = node transformed_fieldname = self.fieldNameMapping(fieldname, value) - if "," in self.generateNode(value) and "%" not in self.generateNode(value): + + has_wildcard = re.search(r"((\\(\*|\?|\\))|\*|\?|_|%)", self.generateNode(value)) + + if "," in self.generateNode(value) and not has_wildcard: return self.mapMulti % (transformed_fieldname, self.generateNode(value)) elif "LENGTH" in transformed_fieldname: return self.mapLength % (transformed_fieldname, value) elif type(value) == list: return self.generateMapItemListNode(transformed_fieldname, value) elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): - if "%" in self.generateNode(value): + if has_wildcard: return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) else: return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif "sourcetype" in transformed_fieldname: return self.mapSource % (transformed_fieldname, self.generateNode(value)) - elif "*" in str(value): + elif has_wildcard: return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) else: raise TypeError("Backend does not support map values of type " + str(type(value))) def generateMapItemListNode(self, key, value): - return "(" + (" OR ".join(['%s LIKE %s' % (key, self.generateValueNode(item)) for item in value])) + ")" - + return "(" + (" OR ".join([self.mapWildcard % (key, self.generateValueNode(item)) for item in value])) + ")" + def generateValueNode(self, node): - return self.valueExpression % (self.cleanValue(str(node))) + return self.valueExpression % (self.cleanValue(str(node))) def generateNULLValueNode(self, node): return self.nullExpression % (node.item) @@ -117,10 +127,97 @@ class SQLBackend(SingleTextQueryBackend): return fieldname def cleanValue(self, val): - if "*" == val: - pass - elif "*.*.*" in val: - val = val.replace("*.*.*", "%") - elif re.search(r'\*', val): - val = re.sub(r'\*', '%', val) + if not isinstance(val, str): + return str(val) + + #Single backlashes which are not in front of * or ? are doulbed + val = re.sub(r"(? full text search + #False: no subexpression found, where a full text search is needed + + def _evaluateCondition(condition): + #Helper function to evaulate condtions + if type(condition) not in [ConditionAND, ConditionOR, ConditionNOT]: + raise NotImplementedError("Error in recursive Search logic") + + results = [] + for elem in condition.items: + if isinstance(elem, NodeSubexpression): + results.append(self._recursiveFtsSearch(elem)) + if isinstance(elem, ConditionNOT): + results.append(_evaluateCondition(elem)) + if isinstance(elem, tuple): + results.append(False) + if type(elem) in (str, int, list): + return True + return any(results) + + if type(subexpression) in [str, int, list]: + return True + elif type(subexpression) in [tuple]: + return False + + if not isinstance(subexpression, NodeSubexpression): + raise NotImplementedError("Error in recursive Search logic") + + if isinstance(subexpression.items, NodeSubexpression): + return self._recursiveFtsSearch(subexpression.items) + elif type(subexpression.items) in [ConditionAND, ConditionOR, ConditionNOT]: + return _evaluateCondition(subexpression.items) \ No newline at end of file diff --git a/tools/sigma/backends/sqlite.py b/tools/sigma/backends/sqlite.py new file mode 100644 index 00000000..8eec13ea --- /dev/null +++ b/tools/sigma/backends/sqlite.py @@ -0,0 +1,123 @@ +# Output backends for sigmac +# Copyright 2020 Jonas Hagg + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +from sigma.backends.sql import SQLBackend +from sigma.parser.condition import NodeSubexpression, ConditionAND, ConditionOR, ConditionNOT +import re + + +class SQLiteBackend(SQLBackend): + """Converts Sigma rule into SQL query for SQLite""" + identifier = "sqlite" + active = True + + mapFullTextSearch = "%s MATCH ('\"%s\"')" + + def __init__(self, sigmaconfig, table): + super().__init__(sigmaconfig, table) + self.mappingItem = False + + def requireFTS(self, node): + return (not self.mappingItem and + (type(node) in (int, str) or all(isinstance(val, str) for val in node) or all(isinstance(val, int) for val in node))) + + def generateFTS(self, value): + if re.search(r"((\\(\*|\?|\\))|\*|\?|_|%)", value): + raise NotImplementedError( + "Wildcards in SQlite Full Text Search not implemented") + self.countFTS += 1 + return self.mapFullTextSearch % (self.table, value) + + def generateANDNode(self, node): + + if self.requireFTS(node): + fts = str('"' + self.andToken + '"').join(self.cleanValue(val) + for val in node) + return self.generateFTS(fts) + + generated = [self.generateNode(val) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + return self.andToken.join(filtered) + else: + return None + + def generateORNode(self, node): + + if self.requireFTS(node): + fts = str('"' + self.orToken + '"').join(self.cleanValue(val) + for val in node) + return self.generateFTS(fts) + + generated = [self.generateNode(val) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + return self.orToken.join(filtered) + else: + return None + + def generateMapItemNode(self, node): + try: + self.mappingItem = True + fieldname, value = node + transformed_fieldname = self.fieldNameMapping(fieldname, value) + + has_wildcard = re.search( + r"((\\(\*|\?|\\))|\*|\?|_|%)", self.generateNode(value)) + + if "," in self.generateNode(value) and not has_wildcard: + return self.mapMulti % (transformed_fieldname, self.generateNode(value)) + elif "LENGTH" in transformed_fieldname: + return self.mapLength % (transformed_fieldname, value) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value) + elif self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + + if has_wildcard: + return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) + else: + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + + elif "sourcetype" in transformed_fieldname: + return self.mapSource % (transformed_fieldname, self.generateNode(value)) + elif has_wildcard: + return self.mapWildcard % (transformed_fieldname, self.generateNode(value)) + else: + raise TypeError( + "Backend does not support map values of type " + str(type(value))) + finally: + self.mappingItem = False + + def generateValueNode(self, node): + if self.mappingItem: + return self.valueExpression % (self.cleanValue(str(node))) + else: + return self.generateFTS(self.cleanValue(str(node))) + + def generateQuery(self, parsed): + self.countFTS = 0 + result = self.generateNode(parsed.parsedSearch) + if self.countFTS > 1: + raise NotImplementedError( + "Match operator ({}) is allowed only once in SQLite, parse rule in a different way:\n{}".format(self.countFTS, result)) + self.countFTS = 0 + + if parsed.parsedAgg: + # Handle aggregation + fro, whe = self.generateAggregation(parsed.parsedAgg, result) + return "SELECT * FROM {} WHERE {}".format(fro, whe) + + return "SELECT * FROM {} WHERE {}".format(self.table, result) diff --git a/tools/tests/test_backend_sql.py b/tools/tests/test_backend_sql.py new file mode 100644 index 00000000..b4bd8202 --- /dev/null +++ b/tools/tests/test_backend_sql.py @@ -0,0 +1,334 @@ +# Test output backends for sigmac +# Copyright 2020 Jonas Hagg + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import unittest +from unittest.mock import patch + +from sigma.backends.sql import SQLBackend + +from sigma.parser.collection import SigmaCollectionParser +from sigma.config.mapping import FieldMapping +from sigma.configuration import SigmaConfiguration + +class TestGenerateQuery(unittest.TestCase): + + def setUp(self): + self.basic_rule = {"title": "Test", "level": "testing"} + self.table = "eventlog" + + def test_regular_queries(self): + # Test regular queries + detection = {"selection": {"fieldname": "test1"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname = "test1"'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": 4}, "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname = "4"'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": [ + "test1", "test2"]}, "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname IN ("test1", "test2")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": { + "fieldname": [3, 4]}, "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname IN ("3", "4")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1", "fieldname2": [ + "test2", "test3"]}, "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" AND fieldname2 IN ("test2", "test3"))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection and filter"} + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND fieldname2 = "whatever")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection or filter"} + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" OR fieldname2 = "whatever")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": "test1"}, "filter": { + "fieldname2": "whatever"}, "condition": "selection and not filter"} + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND NOT (fieldname2 = "whatever"))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1"}, "filter": { + "fieldname2": "test2"}, "condition": "1 of them"} + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" OR fieldname2 = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname1": "test1"}, "filter": { + "fieldname2": "test2"}, "condition": "all of them"} + expected_result = 'SELECT * FROM {} WHERE (fieldname1 = "test1" AND fieldname2 = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + def test_modifiers(self): + + # contains + detection = {"selection": {"fieldname|contains": "test"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "%test%" ESCAPE \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + # all + detection = {"selection": {"fieldname|all": [ + "test1", "test2"]}, "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE (fieldname = "test1" AND fieldname = "test2")'.format( + self.table) + self.validate(detection, expected_result) + + # endswith + detection = {"selection": {"fieldname|endswith": "test"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "%test" ESCAPE \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + # startswith + detection = {"selection": {"fieldname|startswith": "test"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE "test%" ESCAPE \'\\\''.format( + self.table) + self.validate(detection, expected_result) + + def test_aggregations(self): + + # count + detection = {"selection": {"fieldname": "test"}, + "condition": "selection | count() > 5"} + inner_query = 'SELECT count(*) AS agg FROM {} WHERE fieldname = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # min + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | min(fieldname2) > 5"} + inner_query = 'SELECT min(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # max + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | max(fieldname2) > 5"} + inner_query = 'SELECT max(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # avg + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | avg(fieldname2) > 5"} + inner_query = 'SELECT avg(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # sum + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) > 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # < + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) < 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg < 5'.format(inner_query) + self.validate(detection, expected_result) + + # == + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) == 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test"'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + # group by + detection = {"selection": {"fieldname1": "test"}, + "condition": "selection | sum(fieldname2) by fieldname3 == 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE fieldname1 = "test" GROUP BY fieldname3'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + # multiple conditions + detection = {"selection": {"fieldname1": "test"}, "filter": { + "fieldname2": "tessst"}, "condition": "selection OR filter | sum(fieldname2) == 5"} + inner_query = 'SELECT sum(fieldname2) AS agg FROM {} WHERE (fieldname1 = "test" OR fieldname2 = "tessst")'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg == 5'.format(inner_query) + self.validate(detection, expected_result) + + def test_wildcards(self): + + # wildcard: * + detection = {"selection": {"fieldname": "test*"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test%"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + # wildcard: ? + detection = {"selection": {"fieldname": "test?"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test_"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + # escaping: + detection = {"selection": {"fieldname": r"test\?"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\?"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\\*"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\%"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\*"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\*"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\\"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test\abc"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\\abc"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test%"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\%"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname": r"test_"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE fieldname LIKE '.format( + self.table) + r'"test\_"' + r" ESCAPE '\'" + self.validate(detection, expected_result) + + # multiple options + detection = {"selection": {"fieldname": [ + "test*", "*test"]}, "condition": "selection"} + opt1 = 'fieldname LIKE ' + r'"test%"' + r" ESCAPE '\'" + opt2 = 'fieldname LIKE ' + r'"%test"' + r" ESCAPE '\'" + expected_result = 'SELECT * FROM {} WHERE ({} OR {})'.format( + self.table, opt1, opt2) + self.validate(detection, expected_result) + + detection = {"selection": {"fieldname|all": [ + "test*", "*test"]}, "condition": "selection"} + opt1 = 'fieldname LIKE ' + r'"test%"' + r" ESCAPE '\'" + opt2 = 'fieldname LIKE ' + r'"%test"' + r" ESCAPE '\'" + expected_result = 'SELECT * FROM {} WHERE ({} AND {})'.format( + self.table, opt1, opt2) + self.validate(detection, expected_result) + + def test_fieldname_mapping(self): + detection = {"selection": {"fieldname": "test1"}, + "condition": "selection"} + expected_result = 'SELECT * FROM {} WHERE mapped_fieldname = "test1"'.format( + self.table) + + # configure mapping + config = SigmaConfiguration() + config.fieldmappings["fieldname"] = FieldMapping( + "fieldname", "mapped_fieldname") + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + self.assertEqual(expected_result, backend.generate(p)) + + def test_not_implemented(self): + # near aggregation not implemented + detection = {"selection": {"fieldname": "test"}, "filter": { + "fieldname": "test2"}, "condition": "selection | near selection and filter"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + # re modifier is not implemented + detection = {"selection": {"fieldname|re": "test"}, + "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + #Full Text Search is not implemented + detection = {"selection": ["test1"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + + def validate(self, detection, expectation): + + config = SigmaConfiguration() + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + if isinstance(expectation, str): + self.assertEqual(expectation, backend.generate(p)) + elif isinstance(expectation, Exception): + self.assertRaises(type(expectation), backend.generate, p) + + +if __name__ == '__main__': + unittest.main() diff --git a/tools/tests/test_backend_sqlite.py b/tools/tests/test_backend_sqlite.py new file mode 100644 index 00000000..66fc6812 --- /dev/null +++ b/tools/tests/test_backend_sqlite.py @@ -0,0 +1,148 @@ +# Test output backends for sigmac +# Copyright 2020 Jonas Hagg + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import unittest +from unittest.mock import patch + +from sigma.backends.sqlite import SQLiteBackend + +from sigma.parser.collection import SigmaCollectionParser +from sigma.config.mapping import FieldMapping +from sigma.configuration import SigmaConfiguration + +class TestFullTextSearch(unittest.TestCase): + + def setUp(self): + self.basic_rule = {"title": "Test", "level": "testing"} + self.table = "eventlog" + + def test_full_text_search(self): + detection = {"selection": ["test1"], "condition": "selection"} + expected_result = 'SELECT * FROM {0} WHERE {0} MATCH (\'"test1"\')'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": [5], "condition": "selection"} + expected_result = 'SELECT * FROM {0} WHERE {0} MATCH (\'"5"\')'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1", "test2"], "condition": "selection"} + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter":["test2"], "condition": "selection and filter"} + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" AND "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": [5, 6], "condition": "selection"} + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"5" OR "6"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter": [ + "test2"], "condition": "selection or filter"} + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + detection = {"selection": ["test1"], "filter": [ + "test2"], "condition": "selection and filter"} + expected_result = 'SELECT * FROM {0} WHERE ({0} MATCH (\'"test1" AND "test2"\'))'.format( + self.table) + self.validate(detection, expected_result) + + def test_full_text_search_aggregation(self): + # aggregation with fts + detection = {"selection": ["test"], + "condition": "selection | count() > 5"} + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE {0} MATCH (\'"test"\')'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + detection = {"selection": ["test1", "test2"], + "condition": "selection | count() > 5"} + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\'))'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + # aggregation + group by + fts + detection = {"selection": ["test1", "test2"], + "condition": "selection | count() by fieldname > 5"} + inner_query = 'SELECT count(*) AS agg FROM {0} WHERE ({0} MATCH (\'"test1" OR "test2"\')) GROUP BY fieldname'.format( + self.table) + expected_result = 'SELECT * FROM ({}) WHERE agg > 5'.format(inner_query) + self.validate(detection, expected_result) + + def test_not_implemented(self): + # fts not implemented with wildcards + detection = {"selection": ["test*"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test?"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test\\"], "condition": "selection"} + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + + # fts is not implemented for nested condtions + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter"} # this is ok + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection or filter"} # this is ok + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and not filter"} # this is already nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter and filter"} # this is nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + detection = {"selection": ["test"], "filter": [ + "test2"], "condition": "selection and filter or filter"} # this is nested + expected_result = NotImplementedError() + self.validate(detection, expected_result) + + def validate(self, detection, expectation): + + config = SigmaConfiguration() + + self.basic_rule["detection"] = detection + + with patch("yaml.safe_load_all", return_value=[self.basic_rule]): + parser = SigmaCollectionParser("any sigma io", config, None) + backend = SQLiteBackend(config, self.table) + + assert len(parser.parsers) == 1 + + for p in parser.parsers: + if isinstance(expectation, str): + self.assertEqual(expectation, backend.generate(p)) + elif isinstance(expectation, Exception): + self.assertRaises(type(expectation), backend.generate, p) + +if __name__ == '__main__': + unittest.main() \ No newline at end of file From c992dc52156ce2278d196fa031600d3b3368c57e Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Fri, 5 Jun 2020 23:33:51 +0200 Subject: [PATCH 420/714] Improved test coverage --- tools/sigma/backends/mdatp.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index e82e4c2c..f373c042 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -32,7 +32,6 @@ def wrapper(method): return return _impl - class WindowsDefenderATPBackend(SingleTextQueryBackend): """Converts Sigma rule into Microsoft Defender ATP Hunting Queries.""" identifier = "mdatp" @@ -188,14 +187,9 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): def generate(self, sigmaparser): self.table = None - try: - self.category = sigmaparser.parsedyaml['logsource'].setdefault('category', None) - self.product = sigmaparser.parsedyaml['logsource'].setdefault('product', None) - self.service = sigmaparser.parsedyaml['logsource'].setdefault('service', None) - except KeyError: - self.category = None - self.product = None - self.service = None + self.category = sigmaparser.parsedyaml['logsource'].get('category') + self.product = sigmaparser.parsedyaml['logsource'].get('product') + self.service = sigmaparser.parsedyaml['logsource'].get('service') if (self.category, self.product, self.service) == ("process_creation", "windows", None): self.table = "DeviceProcessEvents" From 1d211565fcc6d0e9f34a5ba003f60758c3358271 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 6 Jun 2020 00:49:57 +0200 Subject: [PATCH 421/714] Moved backend options list to --backend-help --- CHANGELOG.md | 4 ++++ Makefile | 1 + tools/sigmac | 22 +++++++++++----------- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2d1966ef..52f02ad2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,10 @@ from version 0.14.0. * LOGIQ Backend (logiq) +### Changed + +* Moved backend option list to --help-backend + ### Fixed * Splunx XML rule name is now set to rule title diff --git a/Makefile b/Makefile index e4968975..695842ca 100644 --- a/Makefile +++ b/Makefile @@ -20,6 +20,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -h $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -l + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac --backend-help es-qs ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvd -t es-qs rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs --shoot-yourself-in-the-foot rules/ > /dev/null diff --git a/tools/sigmac b/tools/sigmac index 89129e7b..3b338f2d 100755 --- a/tools/sigmac +++ b/tools/sigmac @@ -74,22 +74,21 @@ def get_inputs(paths, recursive): else: return [pathlib.Path(p) for p in paths] -class SigmacArgumentParser(argparse.ArgumentParser): - def format_help(self): - helptext = super().format_help() + "\nBackend options:\n" +class ActionBackendHelp(argparse.Action): + def __call__(self, parser, ns, vals, opt): + backend = backends.getBackend(vals) + if len(backend.options) > 0: + helptext = "Backend options for " + backend.identifier + "\n" + for option, default, help, _ in backend.options: + helptext += " {:10}: {} (default: {})".format(option, help, default) + "\n" - for backend in backends.getBackendList(): - if len(backend.options) > 0: - helptext += " " + backend.identifier + "\n" - for option, default, help, _ in backend.options: - helptext += " {:10}: {} (default: {})".format(option, help, default) + "\n" - - return helptext + print(helptext) + exit(0) def set_argparser(): """Sets up and parses the command line arguments for Sigmac. Returns the argparser""" - argparser = SigmacArgumentParser(description="Convert Sigma rules into SIEM signatures.") + argparser = argparse.ArgumentParser(description="Convert Sigma rules into SIEM signatures.") argparser.add_argument("--recurse", "-r", action="store_true", help="Use directory as input (recurse into subdirectories is not implemented yet)") argparser.add_argument("--filter", "-f", help=""" Define comma-separated filters that must match (AND-linked) to rule to be processed. @@ -106,6 +105,7 @@ def set_argparser(): argparser.add_argument("--output", "-o", default=None, help="Output file or filename prefix if multiple files are generated") argparser.add_argument("--backend-option", "-O", action="append", help="Options and switches that are passed to the backend") argparser.add_argument("--backend-config", "-C", help="Configuration file (YAML format) containing options to pass to the backend") + argparser.add_argument("--backend-help", action=ActionBackendHelp, help="Print backend options") argparser.add_argument("--defer-abort", "-d", action="store_true", help="Don't abort on parse or conversion errors, proceed with next rule. The exit code from the last error is returned") argparser.add_argument("--ignore-backend-errors", "-I", action="store_true", help="Only return error codes for parse errors and ignore errors for rules that cause backend errors. Useful, when you want to get as much queries as possible.") argparser.add_argument("--shoot-yourself-in-the-foot", action="store_true", help=argparse.SUPPRESS) From fb9855bd3bd7cfb695dc75d0855e5d77e542cda6 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 6 Jun 2020 01:02:44 +0200 Subject: [PATCH 422/714] Added description to es-rule backend --- tools/sigma/backends/elasticsearch.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 88cdd9c6..d476fc93 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -1175,6 +1175,7 @@ class ElastalertBackendQs(ElastalertBackend, ElasticsearchQuerystringBackend): return [{ 'query' : { 'query_string' : { 'query' : super().generateQuery(parsed) } } }] class ElasticSearchRuleBackend(ElasticsearchQuerystringBackend): + """Elasticsearch detection rule backend""" identifier = "es-rule" active = True From 7d70cd95a492ac3f0633a142e4f77b7b10bc42bc Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 6 Jun 2020 01:03:02 +0200 Subject: [PATCH 423/714] Deduplicated backend list --- CHANGELOG.md | 1 + tools/sigma/tools.py | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52f02ad2..161c66de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ from version 0.14.0. ### Fixed * Splunx XML rule name is now set to rule title +* Backend list deduplicated ## 0.16.0 - 2020-02-25 diff --git a/tools/sigma/tools.py b/tools/sigma/tools.py index c60c8dcd..1bdce530 100644 --- a/tools/sigma/tools.py +++ b/tools/sigma/tools.py @@ -19,12 +19,12 @@ import importlib def getAllSubclasses(path, import_base, base_class): """Return list of all classes derived from a superclass contained in a module.""" - classes = list() + classes = set() for finder, name, ispkg in pkgutil.iter_modules([ path ]): module = importlib.import_module(".{}.{}".format(import_base, name), __package__) for name, cls in vars(module).items(): if type(cls) == type and issubclass(cls, base_class) and cls.active: - classes.append(cls) + classes.add(cls) return classes def getClassDict(clss): From d54209dcc5bbf7089a71b790acacc39586e7786c Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 6 Jun 2020 13:56:19 +0200 Subject: [PATCH 424/714] rule: ETW disabled --- rules/windows/sysmon/sysmon_etw_disabled.yml | 26 ++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_etw_disabled.yml diff --git a/rules/windows/sysmon/sysmon_etw_disabled.yml b/rules/windows/sysmon/sysmon_etw_disabled.yml new file mode 100644 index 00000000..9f45c261 --- /dev/null +++ b/rules/windows/sysmon/sysmon_etw_disabled.yml @@ -0,0 +1,26 @@ +title: Detects Disabled ETW +id: 11985f9f-2590-4f59-beea-88cc0507f350 +status: experimental +description: Detects methods that disable ETW (Event Tracing) to evade detection +references: + - https://twitter.com/_xpn_/status/1268712093928378368?s=20 + - https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3 +tags: + - attack.defense_evasion + - attack.t1089 +author: Florian Roth +date: 2020/06/06 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 13 # value set + TargetObject|contains: 'SOFTWARE\Microsoft\.NETFramework\ETWEnabled' + Details|contains: '0x00000000' + condition: selection +fields: + - Image +falsepositives: + - Services or programs that disable the ETW temporarily +level: high From 246a95557bdeff3da3a68a6db0c70dae02cc9076 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 6 Jun 2020 13:56:48 +0200 Subject: [PATCH 425/714] fix: description over multiple lines --- .../sysmon_new_dll_added_to_appinit_dlls_registry_key.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml index 59f53b15..604cc1eb 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -1,8 +1,7 @@ title: New DLL Added to AppInit_DLLs Registry Key id: 4f84b697-c9ed-4420-8ab5-e09af5b2345d status: experimental -description: DLLs that are specified in the AppInit_DLLs value in the Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll - into every process that loads user32.dll +description: DLLs that are specified in the AppInit_DLLs value in the Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll into every process that loads user32.dll references: - https://eqllib.readthedocs.io/en/latest/analytics/822dc4c5-b355-4df8-bd37-29c458997b8f.html tags: From 3697186281b81a9f630cdf3425ff3f083428dd00 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 6 Jun 2020 14:04:40 +0200 Subject: [PATCH 426/714] fix: fixed title --- rules/windows/sysmon/sysmon_etw_disabled.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_etw_disabled.yml b/rules/windows/sysmon/sysmon_etw_disabled.yml index 9f45c261..073f2ee9 100644 --- a/rules/windows/sysmon/sysmon_etw_disabled.yml +++ b/rules/windows/sysmon/sysmon_etw_disabled.yml @@ -1,4 +1,4 @@ -title: Detects Disabled ETW +title: ETW Disabled id: 11985f9f-2590-4f59-beea-88cc0507f350 status: experimental description: Detects methods that disable ETW (Event Tracing) to evade detection From d3e261862de3448e192964340dc864734cfcebe2 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sat, 6 Jun 2020 15:42:22 +0200 Subject: [PATCH 427/714] merged Cyb3rWarD0g's rules --- .../windows/builtin/win_etw_modification.yml | 32 ++++++++++++++++ .../win_etw_modification_cmdline.yml | 28 ++++++++++++++ rules/windows/sysmon/sysmon_etw_disabled.yml | 37 +++++++++++-------- 3 files changed, 81 insertions(+), 16 deletions(-) create mode 100644 rules/windows/builtin/win_etw_modification.yml create mode 100644 rules/windows/process_creation/win_etw_modification_cmdline.yml diff --git a/rules/windows/builtin/win_etw_modification.yml b/rules/windows/builtin/win_etw_modification.yml new file mode 100644 index 00000000..489bcd8d --- /dev/null +++ b/rules/windows/builtin/win_etw_modification.yml @@ -0,0 +1,32 @@ +title: COMPlus_ETWEnabled Registry Modification +id: a4c90ea1-2634-4ca0-adbb-35eae169b6fc +status: experimental +description: Potential adversaries stopping ETW providers recording loaded .NET assemblies. +references: + - https://twitter.com/_xpn_/status/1268712093928378368 + - https://social.msdn.microsoft.com/Forums/vstudio/en-US/0878832e-39d7-4eaf-8e16-a729c4c40975/what-can-i-use-e13c0d23ccbc4e12931bd9cc2eee27e4-for?forum=clr + - https://github.com/dotnet/runtime/blob/ee2355c801d892f2894b0f7b14a20e6cc50e0e54/docs/design/coreclr/jit/viewing-jit-dumps.md#setting-configuration-variables + - https://github.com/dotnet/runtime/blob/f62e93416a1799aecc6b0947adad55a0d9870732/src/coreclr/src/inc/clrconfigvalues.h#L35-L38 + - https://github.com/dotnet/runtime/blob/7abe42dc1123722ed385218268bb9fe04556e3d3/src/coreclr/src/inc/clrconfig.h#L33-L39 + - https://github.com/dotnet/runtime/search?p=1&q=COMPlus_&unscoped_q=COMPlus_ + - https://bunnyinside.com/?term=f71e8cb9c76a + - http://managed670.rssing.com/chan-5590147/all_p1.html + - https://github.com/dotnet/runtime/blob/4f9ae42d861fcb4be2fcd5d3d55d5f227d30e723/docs/coding-guidelines/clr-jit-coding-conventions.md#1412-disabling-code +author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research) +date: 2020/06/05 +tags: + - attack.defense_evasion + - attack.t1112 +logsource: + product: windows + service: security +detection: + selection: + EventID: 4657 + ObjectName|endswith: '\SOFTWARE\Microsoft\.NETFramework' + ObjectValueName: 'ETWEnabled' + NewValue: '0' + condition: selection +falsepositives: + - unknown +level: critical \ No newline at end of file diff --git a/rules/windows/process_creation/win_etw_modification_cmdline.yml b/rules/windows/process_creation/win_etw_modification_cmdline.yml new file mode 100644 index 00000000..7a7750fa --- /dev/null +++ b/rules/windows/process_creation/win_etw_modification_cmdline.yml @@ -0,0 +1,28 @@ +title: COMPlus_ETWEnabled Command Line Arguments +id: 41421f44-58f9-455d-838a-c398859841d4 +status: experimental +description: Potential adversaries stopping ETW providers recording loaded .NET assemblies. +references: + - https://twitter.com/_xpn_/status/1268712093928378368 + - https://social.msdn.microsoft.com/Forums/vstudio/en-US/0878832e-39d7-4eaf-8e16-a729c4c40975/what-can-i-use-e13c0d23ccbc4e12931bd9cc2eee27e4-for?forum=clr + - https://github.com/dotnet/runtime/blob/ee2355c801d892f2894b0f7b14a20e6cc50e0e54/docs/design/coreclr/jit/viewing-jit-dumps.md#setting-configuration-variables + - https://github.com/dotnet/runtime/blob/f62e93416a1799aecc6b0947adad55a0d9870732/src/coreclr/src/inc/clrconfigvalues.h#L35-L38 + - https://github.com/dotnet/runtime/blob/7abe42dc1123722ed385218268bb9fe04556e3d3/src/coreclr/src/inc/clrconfig.h#L33-L39 + - https://github.com/dotnet/runtime/search?p=1&q=COMPlus_&unscoped_q=COMPlus_ + - https://bunnyinside.com/?term=f71e8cb9c76a + - http://managed670.rssing.com/chan-5590147/all_p1.html + - https://github.com/dotnet/runtime/blob/4f9ae42d861fcb4be2fcd5d3d55d5f227d30e723/docs/coding-guidelines/clr-jit-coding-conventions.md#1412-disabling-code +author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research) +date: 2020/05/02 +tags: + - attack.defense_evasion +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains: 'COMPlus_ETWEnabled=0' + condition: selection +falsepositives: + - unknown +level: critical \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_etw_disabled.yml b/rules/windows/sysmon/sysmon_etw_disabled.yml index 073f2ee9..98560fdf 100644 --- a/rules/windows/sysmon/sysmon_etw_disabled.yml +++ b/rules/windows/sysmon/sysmon_etw_disabled.yml @@ -1,26 +1,31 @@ -title: ETW Disabled -id: 11985f9f-2590-4f59-beea-88cc0507f350 +title: COMPlus_ETWEnabled Registry Modification +id: 41421f44-58f9-455d-838a-c398859841d4 status: experimental -description: Detects methods that disable ETW (Event Tracing) to evade detection -references: - - https://twitter.com/_xpn_/status/1268712093928378368?s=20 - - https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3 +description: Potential adversaries stopping ETW providers recording loaded .NET assemblies. +references: + - https://twitter.com/_xpn_/status/1268712093928378368 + - https://social.msdn.microsoft.com/Forums/vstudio/en-US/0878832e-39d7-4eaf-8e16-a729c4c40975/what-can-i-use-e13c0d23ccbc4e12931bd9cc2eee27e4-for?forum=clr + - https://github.com/dotnet/runtime/blob/ee2355c801d892f2894b0f7b14a20e6cc50e0e54/docs/design/coreclr/jit/viewing-jit-dumps.md#setting-configuration-variables + - https://github.com/dotnet/runtime/blob/f62e93416a1799aecc6b0947adad55a0d9870732/src/coreclr/src/inc/clrconfigvalues.h#L35-L38 + - https://github.com/dotnet/runtime/blob/7abe42dc1123722ed385218268bb9fe04556e3d3/src/coreclr/src/inc/clrconfig.h#L33-L39 + - https://github.com/dotnet/runtime/search?p=1&q=COMPlus_&unscoped_q=COMPlus_ + - https://bunnyinside.com/?term=f71e8cb9c76a + - http://managed670.rssing.com/chan-5590147/all_p1.html + - https://github.com/dotnet/runtime/blob/4f9ae42d861fcb4be2fcd5d3d55d5f227d30e723/docs/coding-guidelines/clr-jit-coding-conventions.md#1412-disabling-code +author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research) +date: 2020/06/05 tags: - attack.defense_evasion - - attack.t1089 -author: Florian Roth -date: 2020/06/06 + - attack.t1112 logsource: product: windows service: sysmon detection: selection: - EventID: 13 # value set - TargetObject|contains: 'SOFTWARE\Microsoft\.NETFramework\ETWEnabled' - Details|contains: '0x00000000' + EventID: 13 + TargetObject|endswith: 'SOFTWARE\Microsoft\.NETFramework\ETWEnabled' + Details: 'DWORD (0x00000000)' condition: selection -fields: - - Image falsepositives: - - Services or programs that disable the ETW temporarily -level: high + - unknown +level: critical \ No newline at end of file From 8688e8a2a192d72661b1b93f28a5a465f66d078a Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 7 Jun 2020 00:22:59 +0200 Subject: [PATCH 428/714] Script entrypoint stubs --- tools/merge_sigma | 5 +++++ tools/sigma2misp | 5 +++++ tools/sigma_similarity | 5 +++++ tools/sigma_uuid | 5 +++++ tools/sigmac | 5 +++++ 5 files changed, 25 insertions(+) create mode 100755 tools/merge_sigma create mode 100755 tools/sigma2misp create mode 100755 tools/sigma_similarity create mode 100755 tools/sigma_uuid create mode 100755 tools/sigmac diff --git a/tools/merge_sigma b/tools/merge_sigma new file mode 100755 index 00000000..4bbf3cb3 --- /dev/null +++ b/tools/merge_sigma @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.merge_sigma import main + +main() diff --git a/tools/sigma2misp b/tools/sigma2misp new file mode 100755 index 00000000..b8510166 --- /dev/null +++ b/tools/sigma2misp @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.sigma2misp import main + +main() diff --git a/tools/sigma_similarity b/tools/sigma_similarity new file mode 100755 index 00000000..782531b5 --- /dev/null +++ b/tools/sigma_similarity @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.sigmac import main + +main() diff --git a/tools/sigma_uuid b/tools/sigma_uuid new file mode 100755 index 00000000..9a28a5ed --- /dev/null +++ b/tools/sigma_uuid @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.sigma_uuid import main + +main() diff --git a/tools/sigmac b/tools/sigmac new file mode 100755 index 00000000..782531b5 --- /dev/null +++ b/tools/sigmac @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.sigmac import main + +main() From a7d18c7ed9afaa437b8d9eb690c52df671135e0c Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 7 Jun 2020 00:55:36 +0200 Subject: [PATCH 429/714] Converted sigma2attack and added to entry points --- tools/setup.py | 1 + tools/sigma/sigma2attack.py | 109 ++++++++++++++++++------------------ tools/sigma2attack | 5 ++ 3 files changed, 61 insertions(+), 54 deletions(-) create mode 100755 tools/sigma2attack diff --git a/tools/setup.py b/tools/setup.py index 7f867142..98678375 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -82,6 +82,7 @@ setup( 'sigmac = sigma.sigmac:main', 'merge_sigma = sigma.merge_sigma:main', 'sigma2misp = sigma.sigma2misp:main', + 'sigma2attack = sigma.sigma2attack:main', 'sigma_similarity = sigma.sigma_similarity:main', 'sigma_uuid = sigma.sigma_uuid:main', ], diff --git a/tools/sigma/sigma2attack.py b/tools/sigma/sigma2attack.py index 5a5ea20a..f33f462e 100755 --- a/tools/sigma/sigma2attack.py +++ b/tools/sigma/sigma2attack.py @@ -8,62 +8,63 @@ import sys import yaml -parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) -parser.add_argument("--rules-directory", "-d", dest="rules_dir", default="rules", help="Directory to read rules from") -parser.add_argument("--out-file", "-o", dest="out_file", default="heatmap.json", help="File to write the JSON layer to") -parser.add_argument("--no-comment", dest="no_comment", action="store_true", help="Don't store rule names in comments") -args = parser.parse_args() +def main(): + parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter) + parser.add_argument("--rules-directory", "-d", dest="rules_dir", default="rules", help="Directory to read rules from") + parser.add_argument("--out-file", "-o", dest="out_file", default="heatmap.json", help="File to write the JSON layer to") + parser.add_argument("--no-comment", dest="no_comment", action="store_true", help="Don't store rule names in comments") + args = parser.parse_args() -rule_files = glob.glob(os.path.join(args.rules_dir, "**/*.yml"), recursive=True) -techniques_to_rules = {} -curr_max_technique_count = 0 -num_rules_used = 0 -for rule_file in rule_files: - try: - rule = yaml.safe_load(open(rule_file).read()) - except yaml.YAMLError: - sys.stderr.write("Ignoring rule " + rule_file + " (parsing failed)\n") - continue - if "tags" not in rule: - sys.stderr.write("Ignoring rule " + rule_file + " (no tags)\n") - continue - tags = rule["tags"] - for tag in tags: - if tag.lower().startswith("attack.t"): - technique_id = tag[len("attack."):].upper() - num_rules_used += 1 - if technique_id not in techniques_to_rules: - techniques_to_rules[technique_id] = [] - techniques_to_rules[technique_id].append(os.path.basename(rule_file)) - curr_max_technique_count = max(curr_max_technique_count, len(techniques_to_rules[technique_id])) + rule_files = glob.glob(os.path.join(args.rules_dir, "**/*.yml"), recursive=True) + techniques_to_rules = {} + curr_max_technique_count = 0 + num_rules_used = 0 + for rule_file in rule_files: + try: + rule = yaml.safe_load(open(rule_file).read()) + except yaml.YAMLError: + sys.stderr.write("Ignoring rule " + rule_file + " (parsing failed)\n") + continue + if "tags" not in rule: + sys.stderr.write("Ignoring rule " + rule_file + " (no tags)\n") + continue + tags = rule["tags"] + for tag in tags: + if tag.lower().startswith("attack.t"): + technique_id = tag[len("attack."):].upper() + num_rules_used += 1 + if technique_id not in techniques_to_rules: + techniques_to_rules[technique_id] = [] + techniques_to_rules[technique_id].append(os.path.basename(rule_file)) + curr_max_technique_count = max(curr_max_technique_count, len(techniques_to_rules[technique_id])) -scores = [] -for technique in techniques_to_rules: - entry = { - "techniqueID": technique, - "score": len(techniques_to_rules[technique]), + scores = [] + for technique in techniques_to_rules: + entry = { + "techniqueID": technique, + "score": len(techniques_to_rules[technique]), + } + if not args.no_comment: + entry["comment"] = "\n".join(techniques_to_rules[technique]) + + scores.append(entry) + + output = { + "domain": "mitre-enterprise", + "name": "Sigma rules heatmap", + "gradient": { + "colors": [ + "#ffffff", + "#ff6666" + ], + "maxValue": curr_max_technique_count, + "minValue": 0 + }, + "version": "2.2", + "techniques": scores, } - if not args.no_comment: - entry["comment"] = "\n".join(techniques_to_rules[technique]) - scores.append(entry) - -output = { - "domain": "mitre-enterprise", - "name": "Sigma rules heatmap", - "gradient": { - "colors": [ - "#ffffff", - "#ff6666" - ], - "maxValue": curr_max_technique_count, - "minValue": 0 - }, - "version": "2.2", - "techniques": scores, -} - -with open(args.out_file, "w") as f: - f.write(json.dumps(output)) - print("[*] Layer file written in " + args.out_file + " (" + str(num_rules_used) + " rules)") \ No newline at end of file + with open(args.out_file, "w") as f: + f.write(json.dumps(output)) + print("[*] Layer file written in " + args.out_file + " (" + str(num_rules_used) + " rules)") diff --git a/tools/sigma2attack b/tools/sigma2attack new file mode 100755 index 00000000..622243e1 --- /dev/null +++ b/tools/sigma2attack @@ -0,0 +1,5 @@ +#!/usr/bin/env python3 + +from sigma.sigma2attack import main + +main() From 36a7077648075cd46bba7b745002d64812ce550a Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 7 Jun 2020 01:14:04 +0200 Subject: [PATCH 430/714] Moved tool executables to new location --- tools/{merge_sigma => sigma/merge_sigma.py} | 0 tools/{sigma-similarity => sigma/sigma-similarity.py} | 0 tools/{sigma-uuid => sigma/sigma-uuid.py} | 0 tools/{sigma2attack => sigma/sigma2attack.py} | 0 tools/{sigma2genericsigma => sigma/sigma2genericsigma.py} | 0 tools/{sigma2misp => sigma/sigma2misp.py} | 0 tools/{sigmac => sigma/sigmac.py} | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename tools/{merge_sigma => sigma/merge_sigma.py} (100%) rename tools/{sigma-similarity => sigma/sigma-similarity.py} (100%) rename tools/{sigma-uuid => sigma/sigma-uuid.py} (100%) rename tools/{sigma2attack => sigma/sigma2attack.py} (100%) rename tools/{sigma2genericsigma => sigma/sigma2genericsigma.py} (100%) rename tools/{sigma2misp => sigma/sigma2misp.py} (100%) rename tools/{sigmac => sigma/sigmac.py} (100%) diff --git a/tools/merge_sigma b/tools/sigma/merge_sigma.py similarity index 100% rename from tools/merge_sigma rename to tools/sigma/merge_sigma.py diff --git a/tools/sigma-similarity b/tools/sigma/sigma-similarity.py similarity index 100% rename from tools/sigma-similarity rename to tools/sigma/sigma-similarity.py diff --git a/tools/sigma-uuid b/tools/sigma/sigma-uuid.py similarity index 100% rename from tools/sigma-uuid rename to tools/sigma/sigma-uuid.py diff --git a/tools/sigma2attack b/tools/sigma/sigma2attack.py similarity index 100% rename from tools/sigma2attack rename to tools/sigma/sigma2attack.py diff --git a/tools/sigma2genericsigma b/tools/sigma/sigma2genericsigma.py similarity index 100% rename from tools/sigma2genericsigma rename to tools/sigma/sigma2genericsigma.py diff --git a/tools/sigma2misp b/tools/sigma/sigma2misp.py similarity index 100% rename from tools/sigma2misp rename to tools/sigma/sigma2misp.py diff --git a/tools/sigmac b/tools/sigma/sigmac.py similarity index 100% rename from tools/sigmac rename to tools/sigma/sigmac.py From 94b90adf10ac5da2142a10799b56c35b6bc2c5d3 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sun, 7 Jun 2020 12:18:26 +0200 Subject: [PATCH 431/714] docs: move Sigmac help from Wiki to repo --- tools/README.md | 229 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 221 insertions(+), 8 deletions(-) diff --git a/tools/README.md b/tools/README.md index f5d09d1a..bc04c478 100644 --- a/tools/README.md +++ b/tools/README.md @@ -1,11 +1,224 @@ -This package contains libraries for processing of [Sigma rules](https://github.com/Neo23x0/sigma) and the following -command line tools: +# Sigma Tools -* *sigmac*: converter between Sigma rules and SIEM queries: - * Elasticsearch query strings - * Kibana JSON with searches - * Splunk SPL queries - * Elasticsearch X-Pack Watcher - * Logpoint queries +This folder contains libraries and the following command line tools: + +* *sigmac*: converter between Sigma rules and SIEM queries * *merge_sigma*: Merge Sigma collections into simple Sigma rules. * *sigma2misp*: Import Sigma rules to MISP events. + +# Sigmac + +## Configuration File + +The configuration file contains mappings for the target environments: + +* between generic Sigma field names and those used in the target environment +* between log source identifiers from Sigma and... + * ...index names from target + * ...conditions that should be added to generated expression (e.g. EventLog: Microsoft-Windows-Sysmon) with AND. +* between placeholders in sigma rules and lists that describe their values in the target environment + +The mappings are configured in a YAML file with the following format: + +```yaml +title: short description of configuration +order: numeric value +backends: + - backend_1 + - backend_2 + - ... +fieldmappings: + sigma_fieldname_1: target_fieldname # Simple mapping + sigma_fieldname_2: # Multiple mappings + - target_fieldname_1 + - target_fieldname_2 + sigma_fieldname_3: # Conditional mapping + field1=value1: + field2=value2: + - target_fieldname_1 + - target_fieldname_2 +logsources: + sigma_logsource: + category: ... + product: ... + service: ... + index: + - target_indexname1 + - target_indexname2 + conditions: + field1: value1 + field2: value2 +logsourcemerging: and/or +defaultindex: indexname +placeholders: + name1: + - value1 + - value2 + name2: value +``` + +## Metadata + +A configuration should contain the following attributes: + +* **title**: Short description of configuration shown in list printed by converter on request. +* **order**: Numeric value that determines allowed order of usage. A configuration *B* can only be applied after another configuration *A* if order of B is higher or equal to order of A. The Sigma converter enforces this. Convention: + * 10: Configurations for generic log sources + * 20: Backend-specific configuration +* **backends**: List of backend names. The configuration can't be used with backends not listed here. Don't define for generic configurations. + +## Field Mappings + +Field mappings in the *fieldmappings* section map between Sigma field names and field names used in target SIEM systems. There are three types of field mappings: + +* Simple: the source field name corresponds to exactly one target field name given as string. Exmaple: `EventID: EventCode` for translation of Windows event identifiers between Sigma and Splunk. +* Multiple: a source field corresponds to a list of target fields. Sigmac generates an OR condition that covers all field names. This can be useful in configuration change and migration scenarios, when field names change. A further use case is when the SIEM normalizes one source field name into different target field names and the exact rules are unknown. +* Conditional: a source field is translated to one or multiple target field names depending on values from other fields in specific rules. This is useful in scenarios where the SIEM maps the same Sigma field to different target field names depending on the event or log type, like Logpoint. + +While simple and multiple mapping type are quite straightforward, conditional mappings require further explanation. The mapping is provided as map where the keys have the following format: + +* field=value: condition that must be fulfilled for execution of the given translation +* default: mapping that is used if no condition matches. + +Sigmac applies conditional mappings as follows: + +1. All conditions are mapped against all field:value pairs of the rule. It merges all pairs into one table and is therefore not able to distinguish between different definitions. Matching mappings are collected in a list. +2. If the list is empty, the default mapping is used. +3. The result set of target field name mappings is translated into an OR condition, similar to multiple field mappings. If no mapping could be determined, the Sigma field name is used. + +Use the *fieldlist* backend to determine all field names used by rules. Example: + +```bash +$ tools/sigmac.py -r -t fieldlist rules/windows/ 2>/dev/null | sort -u +AccessMask +CallTrace +CommandLine +[...] +TicketOptions +Type +``` + +## Log Source Mappings + +Each log source definition must contain at least one category, product or service element that corresponds to the same fields in the logsources part of sigma rules. If more than one field is given, all must match (AND). + +The *index* field can contain a string or a list of strings. They a converted to the target expression language in a way that the rule is searched in all given index patterns. + +The conditions part can be used to define *field: value* conditions if only a subset of the given indices is relevant. All fields are linked with logical AND and the resulting expression is also lined with AND against the expression generated from the sigma rule. + +Example: a logstash configuration passes all Windows logs in one index. For Sysmon only events that match *EventLog:"Microsoft-Windows-Sysmon" are relevant. The config looks as follows: + +```yaml +... +logsources: + sysmon: + product: sysmon + index: logstash-windows-* + conditions: + EventLog: Microsoft-Windows-Sysmon +... +``` + +If multiple log source definitions match, the result is merged from all matching rules. The parameter *logsourcemerging* determines how conditions are merged. The following methods are supported: + +* and (default): merge all conditions with logical AND. +* or: merge all conditions with logical OR. + +This enables to define logsources hierarchically, e.g.: + +```yaml +logsources: + windows: + product: windows + index: logstash-windows-* + windows-application: + product: windows + service: application + conditions: + EventLog: Application + windows-security: + product: windows + service: security + conditions: + EventLog: Security +``` + +Log source windows configures an index name. Log sources windows-application and windows-security define additional conditions for matching events in the windows indices. + +The keyword defaultindex defines one or multiple index patterns that are used if the above calculation doesn't results in at least one index name. + +## Addition of Target Formats + +Addition of a target format is done by development of a backend class. A backend class gets a parse tree as input and must translate parse tree nodes into the target format. + +## Translation Process + +1. Parsing YAML +2. Parsing of Condition +3. Internal representation of condition as parse tree +4. Attachment of definitions into corresponding parse tree nodes +5. Translation of field and log source identifiers into target names +6. Translation of parse tree into target format (backend classes) + +## Backend Configuration Files + +You can also pass backend options from a configuration file, which simplifies the CLI usage. + +One can specify both individual backend options (--backend-option) and specify a configuration file as well - in this case, options are merged, and priority is given to the options passed via the CLI. + +Sample usages: + +```yaml +# Backend configuration file (here for Elastalert) +$ cat backend_config.yml +alert_methods: email +emails: alerts@mydomain.tld +smtp_host: smtp.google.com +from_addr: noreply@mydomain.tld +expo_realert_time: 10m + +# Rule to compile +$ RULE=rules/windows/builtin/win_susp_sam_dump.yml + +# Generate an elastalert rule and take options from the configuration file +$ python3 tools/sigmac $RULE -t elastalert --backend-config backend_config.yml +alert: +- email +description: Detects suspicious SAM dump activity as cause by QuarksPwDump and other + password dumpers +email: +- alerts@mydomain.tld +filter: +- query: + query_string: + query: (EventID:"16" AND "*\\AppData\\Local\\Temp\\SAM\-*.dmp\ *") +from_addr: noreply@mydomain.tld +index: logstash-* +name: SAM-Dump-to-AppData_0 +priority: 2 +realert: + minutes: 0 +smtp_host: smtp.google.com +type: any + +# Override an option from the configuration file via the CLI +$ python3 tools/sigmac $RULE -t elastalert --backend-config backend_config.yml --backend-option smtp_host=smtp.mailgun.com +alert: +- email +description: Detects suspicious SAM dump activity as cause by QuarksPwDump and other + password dumpers +email: +- alerts@mydomain.tld +filter: +- query: + query_string: + query: (EventID:"16" AND "*\\AppData\\Local\\Temp\\SAM\-*.dmp\ *") +from_addr: noreply@mydomain.tld +index: logstash-* +name: SAM-Dump-to-AppData_0 +priority: 2 +realert: + minutes: 0 +smtp_host: smtp.mailgun.com +type: any +``` From 6e349030d9ffbc4fb89e27dfd2d3897f7b620b3d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 8 Jun 2020 10:18:44 +0200 Subject: [PATCH 432/714] rule: suspicious camera and mic access --- .../sysmon/sysmon_susp_mic_cam_access.yml | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_susp_mic_cam_access.yml diff --git a/rules/windows/sysmon/sysmon_susp_mic_cam_access.yml b/rules/windows/sysmon/sysmon_susp_mic_cam_access.yml new file mode 100644 index 00000000..ad3c2937 --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_mic_cam_access.yml @@ -0,0 +1,35 @@ +title: Suspicious Camera and Microphone Access +id: 62120148-6b7a-42be-8b91-271c04e281a3 +description: Detects Processes accessing the camera and microphone from suspicious folder +author: Den Iuzvyk +date: 2020/06/07 +reference: + - https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072 +tags: + - attack.collection + - attack.t1125 + - attack.t1123 +logsource: + category: sysmon + product: windows +detection: + selection_1: + EventId: 13 + TargetObject|contains: + - \Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\\*\NonPackaged + selection_2: + TargetObject|contains: + - microphone + - webcam + selection_3: + TargetObject|contains: + - '#C:#Windows#Temp#' + - '#C:#$Recycle.bin#' + - '#C:#Temp#' + - '#C:#Users#Public#' + - '#C:#Users#Default#' + - '#C:#Users#Desktop#' + condition: all of selection_* +falsepositives: + - Unlikely, there could be conferencing software running from a Temp folder accessing the devices +level: high \ No newline at end of file From 3fdb355f2b64c7adc2669991505e92ad48d08489 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Mon, 8 Jun 2020 13:49:44 +0200 Subject: [PATCH 433/714] Undefined name: parser_print_help() --> parser.print_help() Discovered in #378 https://docs.python.org/3.8/library/argparse.html#argparse.ArgumentParser.print_help --- contrib/sigma2sumologic.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/sigma2sumologic.py b/contrib/sigma2sumologic.py index 4da29445..2180b5eb 100644 --- a/contrib/sigma2sumologic.py +++ b/contrib/sigma2sumologic.py @@ -124,7 +124,7 @@ def get_rule_as_sumologic(file): return "".join(output) if args.help: - parser_print_help() + parser.print_help() if args.conf: with open(args.conf, 'r') as ymlfile: From 55c0a03564bd1c65cb889247726654518fb6583f Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Mon, 8 Jun 2020 13:55:16 +0200 Subject: [PATCH 434/714] Undefined name: from .exceptions import SigmaCollectionParseError Discovered in #378. `SigmaCollectionParseError()` is called on line 55 but it is never defined or imported which means that NameError will be raised instead of SigmaCollectionParseError. --- tools/sigma/parser/collection.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/sigma/parser/collection.py b/tools/sigma/parser/collection.py index 93aa1e54..cf5e2fde 100644 --- a/tools/sigma/parser/collection.py +++ b/tools/sigma/parser/collection.py @@ -14,7 +14,10 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . +tools/sigma/parser/exceptions.py + import yaml +from .exceptions import SigmaCollectionParseError from .rule import SigmaParser class SigmaCollectionParser: From dff7efc173cd6e185f131f8ed23b0d6adb4aa1c8 Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Mon, 8 Jun 2020 13:55:52 +0200 Subject: [PATCH 435/714] Update collection.py --- tools/sigma/parser/collection.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/sigma/parser/collection.py b/tools/sigma/parser/collection.py index cf5e2fde..7de47cce 100644 --- a/tools/sigma/parser/collection.py +++ b/tools/sigma/parser/collection.py @@ -14,8 +14,6 @@ # You should have received a copy of the GNU Lesser General Public License # along with this program. If not, see . -tools/sigma/parser/exceptions.py - import yaml from .exceptions import SigmaCollectionParseError from .rule import SigmaParser From 117ceac4927fd626bd2bc8db1238705da6c43b6b Mon Sep 17 00:00:00 2001 From: Nate Guagenti Date: Tue, 9 Jun 2020 08:56:01 -0400 Subject: [PATCH 436/714] moved file to `ecs-zeek-elastic-beats-implementation.yml` --- tools/config/filebeat-zeek-ecs.yml | 468 ----------------------------- 1 file changed, 468 deletions(-) delete mode 100644 tools/config/filebeat-zeek-ecs.yml diff --git a/tools/config/filebeat-zeek-ecs.yml b/tools/config/filebeat-zeek-ecs.yml deleted file mode 100644 index 9000db4f..00000000 --- a/tools/config/filebeat-zeek-ecs.yml +++ /dev/null @@ -1,468 +0,0 @@ -title: Zeek field mappings for default collection of JSON logs with no parsing/normalization done and sending into logstash-*index -order: 20 -backends: - - es-qs - - es-dsl - - elasticsearch-rule - - kibana - - xpack-watcher - - elastalert - - elastalert-dsl -logsources: - zeek: - product: zeek - index: 'logstash*' - zeek-category-accounting: - category: accounting - rewrite: - product: zeek - service: syslog - zeek-category-firewall: - category: firewall - conditions: - '@stream': conn - zeek-category-dns: - category: dns - conditions: - '@stream': dns - zeek-category-proxy: - category: proxy - rewrite: - product: zeek - service: http - zeek-category-webserver: - category: webserver - conditions: - '@stream': http - rewrite: - product: zeek - service: http - zeek-conn: - product: zeek - service: conn - conditions: - '@stream': conn - zeek-conn_long: - product: zeek - service: conn_long - conditions: - '@stream': conn_long - zeek-dce_rpc: - product: zeek - service: dce_rpc - conditions: - '@stream': dce_rpc - zeek-dns: - product: zeek - service: dns - conditions: - '@stream': dns - zeek-dnp3: - product: zeek - service: dnp3 - conditions: - '@stream': dnp3 - zeek-dpd: - product: zeek - service: dpd - conditions: - '@stream': dpd - zeek-files: - product: zeek - service: files - conditions: - '@stream': files - zeek-ftp: - product: zeek - service: ftp - conditions: - '@stream': ftp - zeek-gquic: - product: zeek - service: gquic - conditions: - '@stream': gquic - zeek-http: - product: zeek - service: http - conditions: - '@stream': http - zeek-http2: - product: zeek - service: http2 - conditions: - '@stream': http2 - zeek-intel: - product: zeek - service: intel - conditions: - '@stream': intel - zeek-irc: - product: zeek - service: irc - conditions: - '@stream': irc - zeek-kerberos: - product: zeek - service: kerberos - conditions: - '@stream': kerberos - zeek-known_certs: - product: zeek - service: known_certs - conditions: - '@stream': known_certs - zeek-known_hosts: - product: zeek - service: known_hosts - conditions: - '@stream': known_hosts - zeek-known_modbus: - product: zeek - service: known_modbus - conditions: - '@stream': known_modbus - zeek-known_services: - product: zeek - service: known_services - conditions: - '@stream': known_services - zeek-modbus: - product: zeek - service: modbus - conditions: - '@stream': modbus - zeek-modbus_register_change: - product: zeek - service: modbus_register_change - conditions: - '@stream': modbus_register_change - zeek-mqtt_connect: - product: zeek - service: mqtt_connect - conditions: - '@stream': mqtt_connect - zeek-mqtt_publish: - product: zeek - service: mqtt_publish - conditions: - '@stream': mqtt_publish - zeek-mqtt_subscribe: - product: zeek - service: mqtt_subscribe - conditions: - '@stream': mqtt_subscribe - zeek-mysql: - product: zeek - service: mysql - conditions: - '@stream': mysql - zeek-notice: - product: zeek - service: notice - conditions: - '@stream': notice - zeek-ntlm: - product: zeek - service: ntlm - conditions: - '@stream': ntlm - zeek-ntp: - product: zeek - service: ntp - conditions: - '@stream': ntp - zeek-ocsp: - product: zeek - service: ntp - conditions: - '@stream': ocsp - zeek-pe: - product: zeek - service: pe - conditions: - '@stream': pe - zeek-pop3: - product: zeek - service: pop3 - conditions: - '@stream': pop3 - zeek-radius: - product: zeek - service: radius - conditions: - '@stream': radius - zeek-rdp: - product: zeek - service: rdp - conditions: - '@stream': rdp - zeek-rfb: - product: zeek - service: rfb - conditions: - '@stream': rfb - zeek-sip: - product: zeek - service: sip - conditions: - '@stream': sip - zeek-smb_files: - product: zeek - service: smb_files - conditions: - '@stream': smb_files - zeek-smb_mapping: - product: zeek - service: smb_mapping - conditions: - '@stream': smb_mapping - zeek-smtp: - product: zeek - service: smtp - conditions: - '@stream': smtp - zeek-smtp_links: - product: zeek - service: smtp_links - conditions: - '@stream': smtp_links - zeek-snmp: - product: zeek - service: snmp - conditions: - '@stream': snmp - zeek-socks: - product: zeek - service: socks - conditions: - '@stream': socks - zeek-software: - product: zeek - service: software - conditions: - '@stream': software - zeek-ssh: - product: zeek - service: ssh - conditions: - '@stream': ssh - zeek-ssl: - product: zeek - service: ssl - conditions: - '@stream': ssl - zeek-tls: # In case people call it TLS even though orig log is called ssl - product: zeek - service: tls - conditions: - '@stream': ssl - zeek-syslog: - product: zeek - service: syslog - conditions: - '@stream': syslog - zeek-tunnel: - product: zeek - service: tunnel - conditions: - '@stream': tunnel - zeek-traceroute: - product: zeek - service: traceroute - conditions: - '@stream': traceroute - zeek-weird: - product: zeek - service: weird - conditions: - '@stream': weird - zeek-x509: - product: zeek - service: x509 - conditions: - '@stream': x509 - zeek-ip_search: - product: zeek - service: network - conditions: - '@stream': - - conn - - conn_long - - dce_rpc - - dhcp - - dnp3 - - dns - - ftp - - gquic - - http - - irc - - kerberos - - modbus - - mqtt_connect - - mqtt_publish - - mqtt_subscribe - - mysql - - ntlm - - ntp - - radius - - rfb - - sip - - smb_files - - smb_mapping - - smtp - - smtp_links - - snmp - - socks - - ssh - - tls #SSL - - tunnel - - weird -defaultindex: 'logstash-*' -fieldmappings: - # All Logs Applied Mapping & Taxonomy - dst_ip: id.resp_h - dst_port: id.resp_p - network_protocol: proto - src_ip: id.orig_h - src_port: id.orig_p - # DNS matching Taxonomy & DNS Category - answer: answers - #question_length: # Does not exist in open source version - record_type: qtype_name - #parent_domain: # Does not exist in open source version - # HTTP matching Taxonomy & Web/Proxy Category - cs-bytes: request_body_len - cs-cookie: cookie - r-dns: host - sc-bytes: response_body_len - sc-status: status_code - c-uri: uri - c-uri-extension: uri - c-uri-query: uri - c-uri-stem: uri - c-useragent: user_agent - cs-host: host - cs-method: method - cs-referrer: referrer - cs-version: version - # Temporary one off rule name fields - agent.version: version - c-cookie: cookie - c-ip: id.orig_h - cs-uri: uri - clientip: id.orig_h - clientIP: id.orig_h - dest_domain: - - query - - host - - server_name - dest_ip: id.resp_h - dest_port: id.resp_p - #TODO:WhatShouldThisBe?==dest: - #TODO:WhatShouldThisBe?==destination: - #TODO:WhatShouldThisBe?==Destination: - destination.hostname: - - query - - host - - server_name - DestinationAddress: - DestinationHostname: - - host - - query - - server_name - DestinationIp: id.resp_h - DestinationIP: id.resp_h - DestinationPort: id.resp_p - dst-ip: id.resp_h - dstip: id.resp_h - dstport: id.resp_p - Host: - - host - - query - - server_name - HostVersion: http.version - http_host: - - host - - query - - server_name - http_uri: uri - http_url: uri - http_user_agent: user_agent - http.request.url-query-params: uri - HttpMethod: method - in_url: uri - # parent_domain: # Not in open source zeek - post_url_parameter: uri - Request Url: uri - request_url: uri - request_URL: uri - RequestUrl: uri - #response: status_code - resource.url: uri - resource.URL: uri - sc_status: status_code - sender_domain: - - query - - server_name - service.response_code: status_code - source: id.orig_h - SourceAddr: id.orig_h - SourceAddress: id.orig_h - SourceIP: id.orig_h - SourceIp: id.orig_h - SourceNetworkAddress: id.orig_h - SourcePort: id.orig_p - srcip: id.orig_h - Status: status_code - status: status_code - url: uri - URL: uri - url_query: uri - url.query: uri - uri_path: uri - user_agent: user_agent - user_agent.name: user_agent - user-agent: user_agent - User-Agent: user_agent - useragent: user_agent - UserAgent: user_agent - User Agent: user_agent - web_dest: - - host - - query - - server_name - web.dest: - - host - - query - - server_name - Web.dest: - - host - - query - - server_name - web.host: - - host - - query - - server_name - Web.host: - - host - - query - - server_name - web_method: method - Web_method: method - web.method: method - Web.method: method - web_src: id.orig_h - web_status: status_code - Web_status: status_code - web.status: status_code - Web.status: status_code - web_uri: uri - web_url: uri - # Most are in ECS, but for things not using Elastic - these need renamed - destination.ip: id.resp_h - destination.port: id.resp_p - http.request.body.content: post_body - #source.domain: - source.ip: id.orig_h - source.port: id.orig_p \ No newline at end of file From d14d391761261c6ed17b1edb1e38dd469a3762a7 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Tue, 9 Jun 2020 16:12:05 +0200 Subject: [PATCH 437/714] Octopus Scanner malware rule --- .../malware/win_mal_octopus_scanner.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/malware/win_mal_octopus_scanner.yml diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/win_mal_octopus_scanner.yml new file mode 100644 index 00000000..bcc4b998 --- /dev/null +++ b/rules/windows/malware/win_mal_octopus_scanner.yml @@ -0,0 +1,24 @@ +title: Octopus Scanner Malware +id: 805c55d9-31e6-4846-9878-c34c75054fe9 +status: experimental +description: Detects Octopus Scanner Malware. +references: + - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain +tags: + - attack.t1195 +author: NVISO +date: 2020/06/09 +logsource: + product: windows + service: sysmon +detection: + filecreate: + EventID: 11 + selection: + TargetFilename|endswith: + - '\AppData\Local\Microsoft\Cache134.dat' + - '\AppData\Local\Microsoft\ExplorerSync.db' +condition: filecreate and selection +falsepositives: + - Unknown +level: high \ No newline at end of file From 4ce3ea735e6308bebb554a4fab7286e964ae465e Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Tue, 9 Jun 2020 16:21:46 +0200 Subject: [PATCH 438/714] TA410 FlowCloud malware detection --- rules/windows/malware/win_mal_flowcloud.yml | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 rules/windows/malware/win_mal_flowcloud.yml diff --git a/rules/windows/malware/win_mal_flowcloud.yml b/rules/windows/malware/win_mal_flowcloud.yml new file mode 100644 index 00000000..566fce0d --- /dev/null +++ b/rules/windows/malware/win_mal_flowcloud.yml @@ -0,0 +1,28 @@ +title: FlowCloud Malware +id: 5118765f-6657-4ddb-a487-d7bd673abbf1 +status: experimental +description: Detects FlowCloud malware from threat group TA410. +references: + - https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new +author: NVISO +tags: + - attack.persistence + - attack.t1112 +date: 2020/06/09 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: + - 12 # key create + - 13 # value set + TargetObject: + - 'HKLM\HARDWARE\{804423C2-F490-4ac3-BFA5-13DEDE63A71A}' + - 'HKLM\HARDWARE\{A5124AF5-DF23-49bf-B0ED-A18ED3DEA027}' + - 'HKLM\HARDWARE\{2DB80286-1784-48b5-A751-B6ED1F490303}' + - 'HKLM\SYSTEM\Setup\PrintResponsor\*' + condition: selection +falsepositives: + - Unknown +level: critical From a9bf22750ab73f80a4edb47fc90a1c5365690b29 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Tue, 9 Jun 2020 16:30:17 +0200 Subject: [PATCH 439/714] Fixed bad indentation --- rules/windows/malware/win_mal_octopus_scanner.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/win_mal_octopus_scanner.yml index bcc4b998..4e7a5888 100644 --- a/rules/windows/malware/win_mal_octopus_scanner.yml +++ b/rules/windows/malware/win_mal_octopus_scanner.yml @@ -18,7 +18,7 @@ detection: TargetFilename|endswith: - '\AppData\Local\Microsoft\Cache134.dat' - '\AppData\Local\Microsoft\ExplorerSync.db' -condition: filecreate and selection + condition: filecreate and selection falsepositives: - Unknown level: high \ No newline at end of file From 04913a4b957697816988fffaa44eaf40a375c944 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 9 Jun 2020 17:20:25 +0200 Subject: [PATCH 440/714] Aligned indentation --- .../sysmon_apt_muddywater_dnstunnel.yml | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 32004f6e..3cf7b309 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -5,23 +5,23 @@ author: '@caliskanfurkan_' status: experimental date: 2020/06/04 references: -- https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ -- https://www.vmray.com/analyses/5ad401c3a568/report/overview.html + - https://www.virustotal.com/gui/file/5ad401c3a568bd87dd13f8a9ddc4e450ece61cd9ce4d1b23f68ce0b1f3c190b7/ + - https://www.vmray.com/analyses/5ad401c3a568/report/overview.html tags: -- attack.command_and_control -- attack.t1071 + - attack.command_and_control + - attack.t1071 logsource: - category: process_creation - product: windows + category: process_creation + product: windows detection: - selection: - Image|endswith: - - '\powershell.exe' - ParentImage|endswith: - - '\excel.exe' - CommandLine|contains: - - 'DataExchange.dll' + selection: + Image|endswith: + - '\powershell.exe' + ParentImage|endswith: + - '\excel.exe' + CommandLine|contains: + - 'DataExchange.dll' condition: selection falsepositives: -- Unkown -level: medium + - Unkown +level: critical From 7a334a8d8a33d9d2aeeaca34816c4e52b0a87274 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 9 Jun 2020 17:30:54 +0200 Subject: [PATCH 441/714] fix: missed line --- rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 3cf7b309..3bb4c1aa 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -21,7 +21,7 @@ detection: - '\excel.exe' CommandLine|contains: - 'DataExchange.dll' - condition: selection + condition: selection falsepositives: - Unkown level: critical From 8c61dc9248091a79a608c83c594cddc391889544 Mon Sep 17 00:00:00 2001 From: Thomas G Date: Tue, 9 Jun 2020 20:57:26 +0200 Subject: [PATCH 442/714] Add more Options for XPackWatcherBackend (Elasticsearch) Add action_throttle_period, mail_from adn mail_profile to the XPackWatcherBackend (Elasticsearch) --- tools/sigma/backends/elasticsearch.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index d476fc93..8dc193d7 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -667,10 +667,13 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) ("es", "localhost:9200", "Host and port of Elasticsearch instance", None), ("watcher_url", "watcher", "Watcher URL: watcher (default)=_watcher/..., xpack=_xpack/wacher/... (deprecated)", None), ("filter_range","30m","Watcher time filter",None), + ("action_throttle_period","15m","Throttle time of the action",None), ("alert_methods", "email", "Alert method(s) to use when the rule triggers, comma separated. Supported: " + ', '.join(supported_alert_methods), None), # Options for Email Action ("mail", "root@localhost", "Mail address for Watcher notification (only logging if not set)", None), + ("mail_from", "root@localhost", "Mail address for Watcher notification (only logging if not set)", None), + ("mail_profile", "standard", "Watcher provides three email profiles that control how MIME messages are structured: standard (default), gmail, and outlook.", None), # Options for WebHook Action ("http_host", "localhost", "Webhook host used for alert notification", None), @@ -816,14 +819,20 @@ class XPackWatcherBackend(ElasticsearchQuerystringBackend, MultiRuleOutputMixin) if 'email' in alert_methods: # mail notification if mail address is given email = self.mail + mail_profile = self.mail_profile + mail_from = self.mail_from + action_throttle_period = self.action_throttle_period eaction = { "send_email": { + "throttle_period": action_throttle_period, "email": { - "to": email, - "subject": action_subject, + "profile": mail_profile, + "from": mail_from, + "to": email, + "subject": action_subject, "body": action_body, - "attachments": { - "data.json": { + "attachments": { + "data.json": { "data": { "format": "json" } From f4fe425fa7a14086e07f743ead4d6dd2b43fab13 Mon Sep 17 00:00:00 2001 From: Nate Guagenti Date: Tue, 9 Jun 2020 16:53:50 -0400 Subject: [PATCH 443/714] update readme for some analyzed field and keyword field examples --- tools/README.md | 108 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/tools/README.md b/tools/README.md index bc04c478..1caf7ae6 100644 --- a/tools/README.md +++ b/tools/README.md @@ -8,6 +8,9 @@ This folder contains libraries and the following command line tools: # Sigmac +The Sigmac is one of the most important files, as this is what sets the correct fields that your backend/database will use after being translated from the (original) log source's field names. +Please read below to understand how a SIGMAC is constructed. Additionally, see [Choosing the Right Sigmac](#choosing-the-right-sigmac) for an idea of which file and command line options (if applicable) that will best suite your environment. + ## Configuration File The configuration file contains mappings for the target environments: @@ -222,3 +225,108 @@ realert: smtp_host: smtp.mailgun.com type: any ``` + + +## Choosing the right SIGMAC + +The section will show you which `-c` option (the Sigmac) and which `--backend-option`(s) to use. The rest of SIGMA should be run as normal. +For example, run the rest of the command as you normally would, regarding the `-t` (target backend) and which rule(s) you are performing SIGMA on. + +If the target backend/database does not do a lot of field renaming/normalization than the selection of which Sigmac to use is easier to determine. +However, this section will help guide you in this decision. + +### Elasticsearch or ELK + +For this backend, there are two very important components. One is the field name and the other is the the way the value for the field name are analyzed AKA searchable in the Elasticsearch database. If you are interested in understand how this is important, you can read more [here](https://socprime.com/blog/elastic-for-security-analysts-part-1-searching-strings/) to understand the impact between `keyword` types and `text` types. +You have a few different variations of what could be the correct Sigmac to use. Based on the version of Elasticsearch, using ECS or not, using certain Beat's settings enabled or not, and so on. + +In order to aide in the decision of the correct Sigmac there are a few quick questions to ask yourself and based on those answers will be which one to use. +Please not the answer to each question. It is OK to not know the answer to each question and in fact is very common (that's OK). +1. What version of filebeat are you using (you may not be using this at all). +2. Are you using Elastic Common Schema (ECS)? +3. What index do your store the log source's data in? Some examples: + - Window's logs are most likely in `winlogbeat-*` + - Linux logs are most likely in `filebeat-*` + - Zeek/Bro data is most likely in `filebeat-*` + - If you are using logstash, data is most likely in `logstash-*` +4. If you are using filebeat, are you using the module enabled? Here is link showing the description for Windows log [Security Channel](https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-module-security.html) + + +Now choose your data source: +- [Windows Event Logs](#elastic-windows-event-log--sysmon-data-configurations) +- [Zeek](#elastic---zeek-fka-bro--corelight-data) + + +### + +#### Elastic - Zeek (FKA Bro) / Corelight Data + +- Corelight's implementation of ECS: +`-c tools/config/ecs-zeek-corelight.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="event.dataset,source.ip,destination.ip,source.port,destination.port,*bytes*"` +example of the full command running on all the proxy rules converting to a Kibana (lucene) query: +`tools/sigmac -t es-qs -c tools/config/ecs-zeek-corelight.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="event.dataset,source.ip,destination.ip,source.port,destination.port,*bytes*" rules/proxy/*` + +- Filebeat version 7 or higher and or Elastic's implementation: +`-c tools/config/ecs-zeek-elastic-beats-implementation.yml --backend-option keyword_base_fields="*"` + +- Using logstash and NOT using ECS: +`-c tools/config/logstash-zeek-default-json.yml` + + + +#### Elastic Windows Event Log / Sysmon Data Configurations + +**index templates** +If you are able, because this will be one of the best ways to dermine which options to use - run the following command. Take the output from question 3 and replace in the example command `winlogbeat` with index. You can run this from the CLI against your Elasticsearch instance or from Kibana Dev Tools. +You will only need to use the first index template pattern. Look under the section `dynamic_templates` and then look for `strings_as_keyword`. Under that section, is there a `strings_as_keyword` ? If so take note. + +`curl -XGET "http://127.0.0.1:9200/winlogbeat-*/_mapping/?filter_path=*.mappings.dynamic_templates*,*.index_patterns"` + +The next question to ask yourself, is do you want easily bypassable queries due to case sensitive searches? Take note of yes/no. + +Now lets determine which options and Sigmac to use. + +**Sigmac's `-c` option** + +1. Using winlogbeat version 6 or less + `-c tools/config/winlogbeat-old.yml` +1. Using winlogbeat version 7 or higher without modules enabled (answer from **question 4**) and `strings_as_keyword` does not contain `text` + `-c tools/config/winlogbeat-old.yml` +2. Using winlogbeat version 7 or higher with modules enabled (answer from **question 4**) +`-c tools/config/winlogbeat-modules-enabled.yml` + +**Backend options `--backend-option`** +You can add the following depending on additional information from your answers/input above. + + +1. If you are using ECS, your data is going to `winlogbeat-*` index, or your default field is a keyword type then add the following to your SIGMA command: + `--backend-option keyword_field="" ` + - If you want to prevent case sensitive bypasses you can add the following to your command: + `--backend-option case_insensitive_whitelist""` + - If you want to prevent case sensitive bypasses but only for certain fields, you can use an option like this: + ``-backend-option keyword_field="" --backend-option case_insensitive_whitelist="*CommandLine*, *ProcessName*, *Image*, process.*, *FileName*, *Path*, *ServiceName*, *ShareName*, file.*, *Directory*, *directory*, *hash*, *Hash*, *Object*, ComputerName, *Subject*, *Target*, *Service*"`` + + + +1. If you are using analyzed (text) fields or your index template portion of `strings_as_keyword` contains `text` then you can add the following: +`--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text"` + + +1. If you only have some analyzed fields then you would use an example like this: +`--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image"` + + +#### Elastic - Some Final Examples +So putting it all together to help show everything from above, here are some "full" examples: + +- base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled + `sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist"" rules/windows/process_creation/win_office_shell.yml` + +- base field keyword & subfield is analyzed(.text) and winlogbeat with modules enabled + `sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" rules/windows/process_creation/win_office_shell.yml` + + - base field keyword & only some analyzed fields and winlogbeat without modules enabled + `tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml` + +- using beats/ecs Elastic 7 with case insensitive and some .text fields and winlogbeat without modules enabled + `tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="winlog.channel,winlog.event_id" --backend-option case_insensitive_whitelist="*" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml` \ No newline at end of file From 565febd39d14f3592064443557d6598647dbcd72 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 9 Jun 2020 23:25:09 +0200 Subject: [PATCH 444/714] README updated --- README.md | 6 +-- tools/README.md | 100 ++++++++++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/README.md b/README.md index ebc0f2b6..b1fc8d06 100644 --- a/README.md +++ b/README.md @@ -88,9 +88,9 @@ Sysmon: Web Shell Detection Windows 'Security' Eventlog: Suspicious Number of Failed Logons from a Single Source Workstation ![sigma_rule example5](./images/Sigma_rule_example5.png) -# Sigma Tools +# Sigma Tools -## Sigmac +## Sigmac Sigmac converts sigma rules into queries or inputs of the supported targets listed below. It acts as a frontend to the Sigma library that may be used to integrate Sigma support in other projects. Further, there's `merge_sigma.py` which @@ -98,7 +98,7 @@ merges multiple YAML documents of a Sigma rule collection into simple Sigma rule ### Usage -``` +```bash usage: sigmac [-h] [--recurse] [--filter FILTER] [--target {arcsight,es-qs,es-dsl,kibana,xpack-watcher,elastalert,graylog,limacharlie,logpoint,grep,netwitness,powershell,qradar,qualys,splunk,splunkxml,sumologic,fieldlist,mdatp,ee-outliers}] [--target-list] [--config CONFIG] [--output OUTPUT] diff --git a/tools/README.md b/tools/README.md index 1caf7ae6..145fdb1a 100644 --- a/tools/README.md +++ b/tools/README.md @@ -226,14 +226,12 @@ smtp_host: smtp.mailgun.com type: any ``` - ## Choosing the right SIGMAC The section will show you which `-c` option (the Sigmac) and which `--backend-option`(s) to use. The rest of SIGMA should be run as normal. For example, run the rest of the command as you normally would, regarding the `-t` (target backend) and which rule(s) you are performing SIGMA on. -If the target backend/database does not do a lot of field renaming/normalization than the selection of which Sigmac to use is easier to determine. -However, this section will help guide you in this decision. +If the target backend/database does not do a lot of field renaming/normalization than the selection of which Sigmac to use is easier to determine. However, this section will help guide you in this decision. ### Elasticsearch or ELK @@ -242,43 +240,37 @@ You have a few different variations of what could be the correct Sigmac to use. In order to aide in the decision of the correct Sigmac there are a few quick questions to ask yourself and based on those answers will be which one to use. Please not the answer to each question. It is OK to not know the answer to each question and in fact is very common (that's OK). + 1. What version of filebeat are you using (you may not be using this at all). 2. Are you using Elastic Common Schema (ECS)? 3. What index do your store the log source's data in? Some examples: - - Window's logs are most likely in `winlogbeat-*` - - Linux logs are most likely in `filebeat-*` - - Zeek/Bro data is most likely in `filebeat-*` - - If you are using logstash, data is most likely in `logstash-*` + * Window's logs are most likely in `winlogbeat-*` + * Linux logs are most likely in `filebeat-*` + * Zeek/Bro data is most likely in `filebeat-*` + * If you are using logstash, data is most likely in `logstash-*` 4. If you are using filebeat, are you using the module enabled? Here is link showing the description for Windows log [Security Channel](https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-module-security.html) - Now choose your data source: -- [Windows Event Logs](#elastic-windows-event-log--sysmon-data-configurations) -- [Zeek](#elastic---zeek-fka-bro--corelight-data) +* [Windows Event Logs](#elastic-windows-event-log--sysmon-data-configurations) +* [Zeek](#elastic---zeek-fka-bro--corelight-data) +### Elastic - Zeek (FKA Bro) / Corelight Data -### - -#### Elastic - Zeek (FKA Bro) / Corelight Data - -- Corelight's implementation of ECS: +* Corelight's implementation of ECS: `-c tools/config/ecs-zeek-corelight.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="event.dataset,source.ip,destination.ip,source.port,destination.port,*bytes*"` example of the full command running on all the proxy rules converting to a Kibana (lucene) query: `tools/sigmac -t es-qs -c tools/config/ecs-zeek-corelight.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="event.dataset,source.ip,destination.ip,source.port,destination.port,*bytes*" rules/proxy/*` - -- Filebeat version 7 or higher and or Elastic's implementation: +* Filebeat version 7 or higher and or Elastic's implementation: `-c tools/config/ecs-zeek-elastic-beats-implementation.yml --backend-option keyword_base_fields="*"` - -- Using logstash and NOT using ECS: +* Using logstash and NOT using ECS: `-c tools/config/logstash-zeek-default-json.yml` - - -#### Elastic Windows Event Log / Sysmon Data Configurations +### Elastic Windows Event Log / Sysmon Data Configurations **index templates** + If you are able, because this will be one of the best ways to dermine which options to use - run the following command. Take the output from question 3 and replace in the example command `winlogbeat` with index. You can run this from the CLI against your Elasticsearch instance or from Kibana Dev Tools. -You will only need to use the first index template pattern. Look under the section `dynamic_templates` and then look for `strings_as_keyword`. Under that section, is there a `strings_as_keyword` ? If so take note. +You will only need to use the first index template pattern. Look under the section `dynamic_templates` and then look for `strings_as_keyword`. Under that section, is there a `strings_as_keyword` ? If so take note. `curl -XGET "http://127.0.0.1:9200/winlogbeat-*/_mapping/?filter_path=*.mappings.dynamic_templates*,*.index_patterns"` @@ -288,45 +280,53 @@ Now lets determine which options and Sigmac to use. **Sigmac's `-c` option** -1. Using winlogbeat version 6 or less - `-c tools/config/winlogbeat-old.yml` -1. Using winlogbeat version 7 or higher without modules enabled (answer from **question 4**) and `strings_as_keyword` does not contain `text` - `-c tools/config/winlogbeat-old.yml` -2. Using winlogbeat version 7 or higher with modules enabled (answer from **question 4**) -`-c tools/config/winlogbeat-modules-enabled.yml` +1. Using winlogbeat version 6 or less `-c tools/config/winlogbeat-old.yml` +2. Using winlogbeat version 7 or higher without modules enabled (answer from **question 4**) and `strings_as_keyword` does not contain `text` `-c tools/config/winlogbeat-old.yml` +3. Using winlogbeat version 7 or higher with modules enabled (answer from **question 4**) `-c tools/config/winlogbeat-modules-enabled.yml` **Backend options `--backend-option`** You can add the following depending on additional information from your answers/input above. +1. If you are using ECS, your data is going to `winlogbeat-*` index, or your default field is a keyword type then add the following to your SIGMA command: `--backend-option keyword_field="" ` + * If you want to prevent case sensitive bypasses you can add the following to your command: `--backend-option case_insensitive_whitelist""` + * If you want to prevent case sensitive bypasses but only for certain fields, you can use an option like this: `-backend-option keyword_field="" --backend-option case_insensitive_whitelist="*CommandLine*, *ProcessName*, *Image*, process.*, *FileName*, *Path*, *ServiceName*, *ShareName*, file.*, *Directory*, *directory*, *hash*, *Hash*, *Object*, ComputerName, *Subject*, *Target*, *Service*"` -1. If you are using ECS, your data is going to `winlogbeat-*` index, or your default field is a keyword type then add the following to your SIGMA command: - `--backend-option keyword_field="" ` - - If you want to prevent case sensitive bypasses you can add the following to your command: - `--backend-option case_insensitive_whitelist""` - - If you want to prevent case sensitive bypasses but only for certain fields, you can use an option like this: - ``-backend-option keyword_field="" --backend-option case_insensitive_whitelist="*CommandLine*, *ProcessName*, *Image*, process.*, *FileName*, *Path*, *ServiceName*, *ShareName*, file.*, *Directory*, *directory*, *hash*, *Hash*, *Object*, ComputerName, *Subject*, *Target*, *Service*"`` +2. If you are using analyzed (text) fields or your index template portion of `strings_as_keyword` contains `text` then you can add the following: +```bash +--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" +``` +3. If you only have some analyzed fields then you would use an example like this: -1. If you are using analyzed (text) fields or your index template portion of `strings_as_keyword` contains `text` then you can add the following: -`--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text"` +```bash +--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" +``` +### Elastic - Some Final Examples -1. If you only have some analyzed fields then you would use an example like this: -`--backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image"` - - -#### Elastic - Some Final Examples So putting it all together to help show everything from above, here are some "full" examples: -- base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled - `sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist"" rules/windows/process_creation/win_office_shell.yml` +* base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled -- base field keyword & subfield is analyzed(.text) and winlogbeat with modules enabled - `sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" rules/windows/process_creation/win_office_shell.yml` +```bash +sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist"" rules/windows/process_creation/win_office_shell.yml +``` - - base field keyword & only some analyzed fields and winlogbeat without modules enabled - `tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml` +* base field keyword & subfield is analyzed(.text) and winlogbeat with modules enabled -- using beats/ecs Elastic 7 with case insensitive and some .text fields and winlogbeat without modules enabled - `tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="winlog.channel,winlog.event_id" --backend-option case_insensitive_whitelist="*" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml` \ No newline at end of file +```bash +sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" rules/windows/process_creation/win_office_shell.yml +``` + +* base field keyword & only some analyzed fields and winlogbeat without modules enabled + +```bash +tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml +``` + +* using beats/ecs Elastic 7 with case insensitive and some .text fields and winlogbeat without modules enabled + +```bash +tools/sigmac -t es-dsl -c tools/config/winlogbeat.yml --backend-option keyword_base_fields="*" --backend-option analyzed_sub_field_name=".text" --backend-option keyword_whitelist="winlog.channel,winlog.event_id" --backend-option case_insensitive_whitelist="*" --backend-option analyzed_sub_fields="TargetUserName, SourceUserName, TargetHostName, CommandLine, ProcessName, ParentProcessName, ParentImage, Image" rules/windows/process_creation/win_office_shell.yml +``` \ No newline at end of file From cb8e478ac1c0d4af334002640624ba77b7bc2add Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Wed, 10 Jun 2020 14:52:13 +0200 Subject: [PATCH 445/714] Sigma rule to detect Office persistence via addin. --- .../sysmon/sysmon_office_persistence.yml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_office_persistence.yml diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml new file mode 100644 index 00000000..71db0b36 --- /dev/null +++ b/rules/windows/sysmon/sysmon_office_persistence.yml @@ -0,0 +1,32 @@ +title: Microsoft Office Add-In Loading +id: 8e1cb247-6cf6-42fa-b440-3f27d57e9936 +status: experimental +description: Detects add-ins that load when Microsoft Word or Excel starts (.wll/.xll are simply .dll fit for Word or Excel). +references: + - Internal research +tags: + - attack.persistence + - attack.t1137 +author: NVISO +date: 2020/05/11 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 11 #FileCreate + wlldropped: + TargetFilename|contains: \Microsoft\Word\Startup\ + TargetFilename|endswith: .wll + xlldropped: + TargetFilename|contains: \Microsoft\Excel\Startup\ + TargetFilename|endswith: .xll + generic: + TargetFilename|contains: \Microsoft\Addins\ + TargetFilename|endswith: + - .xlam + - .xla +condition: selection and (wlldropped or xlldropped or generic) +falsepositives: + - Legitimate add-ins +level: high From 83a6e25bcbc8de58a25ef991c2c349df36bc50d0 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Wed, 10 Jun 2020 15:01:07 +0200 Subject: [PATCH 446/714] Fax Service DLL search order hijacking --- rules/windows/sysmon/sysmon_susp_fax_dll.yml | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_susp_fax_dll.yml diff --git a/rules/windows/sysmon/sysmon_susp_fax_dll.yml b/rules/windows/sysmon/sysmon_susp_fax_dll.yml new file mode 100644 index 00000000..58fe49ee --- /dev/null +++ b/rules/windows/sysmon/sysmon_susp_fax_dll.yml @@ -0,0 +1,31 @@ +title: Fax Service DLL Search Order Hijack +id: 828af599-4c53-4ed2-ba4a-a9f835c434ea +status: experimental +description: The Fax service attempts to load ualapi.dll, which is non-existent. An attacker can then (side)load their own malicious DLL using this service. +references: + - https://windows-internals.com/faxing-your-way-to-system/ +author: NVISO +date: 2020/05/04 +tags: + - attack.persistence + - attack.defense_evasion + - attack.t1073 + - attack.t1038 + - attack.t1112 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 7 #ImageLoaded + Image|endswith: + - fxssvc.exe + ImageLoaded|endswith: + - ualapi.dll + filter: + ImageLoaded|startswith: + - C:\Windows\WinSxS\ + condition: selection and not filter +falsepositives: + - Unlikely +level: high From 423baafa2afe90b6a91eae44b6e95638f9e6cbfc Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Wed, 10 Jun 2020 15:02:15 +0200 Subject: [PATCH 447/714] Added rules for different sysmon categories and added the category definition --- tools/config/generic/sysmon.yml | 60 +++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index 63097f0d..5d407de7 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -9,3 +9,63 @@ logsources: rewrite: product: windows service: sysmon + network_connection: + category: network_connection + product: windows + conditions: + EventID: 3 + rewrite: + product: windows + service: sysmon + registry_event: + category: registry_event + product: windows + conditions: + EventID: + - 12 + - 13 + - 14 + rewrite: + product: windows + service: sysmon + file_creation: + category: file_creation + product: windows + conditions: + EventID: 11 + rewrite: + product: windows + service: sysmon + process_access: + category: process_access + product: windows + conditions: + EventID: 10 + rewrite: + product: windows + service: sysmon + image_loaded: + category: image_loaded + product: windows + conditions: + EventID: 7 + rewrite: + product: windows + service: sysmon + driver_loaded: + category: driver_loaded + product: windows + conditions: + EventID: 6 + rewrite: + product: windows + service: sysmon + process_terminated: + category: process_terminated + product: windows + conditions: + EventID: 5 + rewrite: + product: windows + service: sysmon + From 8adaa2d6724185bdf09dd0bbfbaef57b737d9441 Mon Sep 17 00:00:00 2001 From: Remco Hofman Date: Wed, 10 Jun 2020 15:02:41 +0200 Subject: [PATCH 448/714] Fixed bad indentation --- rules/windows/sysmon/sysmon_office_persistence.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml index 71db0b36..813929a0 100644 --- a/rules/windows/sysmon/sysmon_office_persistence.yml +++ b/rules/windows/sysmon/sysmon_office_persistence.yml @@ -26,7 +26,7 @@ detection: TargetFilename|endswith: - .xlam - .xla -condition: selection and (wlldropped or xlldropped or generic) + condition: selection and (wlldropped or xlldropped or generic) falsepositives: - Legitimate add-ins level: high From e5f36dd146ce26a96ec953cfc4d465021c25daba Mon Sep 17 00:00:00 2001 From: Steven Goossens Date: Wed, 10 Jun 2020 16:32:30 +0200 Subject: [PATCH 449/714] Added rules files split into folders --- .../driver_loaded/sysmon_susp_driver_load.yml | 19 +++ .../sysmon_creation_system_file.yml | 57 +++++++++ .../sysmon_cred_dump_tools_dropped_files.yml | 48 +++++++ .../sysmon_ghostpack_safetykatz.yml | 22 ++++ .../file_creation/sysmon_hack_dumpert.yml | 35 ++++++ ...sysmon_lsass_memory_dump_file_creation.yml | 27 ++++ .../sysmon_powershell_exploit_scripts.yml | 117 ++++++++++++++++++ .../sysmon_quarkspw_filedump.yml | 23 ++++ .../sysmon_susp_adsi_cache_usage.yml | 30 +++++ .../file_creation/sysmon_susp_desktop_ini.yml | 27 ++++ ...cexplorer_driver_created_in_tmp_folder.yml | 28 +++++ .../sysmon_tsclient_filewrite_startup.yml | 18 +++ .../sysmon_webshell_creation_detect.yml | 46 +++++++ ...ersistence_script_event_consumer_write.yml | 22 ++++ .../sysmon_in_memory_powershell.yml | 35 ++++++ .../sysmon_mimikatz_inmemory_detection.yml | 41 ++++++ ...sysmon_powershell_execution_moduleload.yml | 29 +++++ .../image_loaded/sysmon_susp_image_load.yml | 26 ++++ ...n_susp_office_dotnet_assembly_dll_load.yml | 28 +++++ ...sysmon_susp_office_dotnet_clr_dll_load.yml | 28 +++++ ...sysmon_susp_office_dotnet_gac_dll_load.yml | 28 +++++ .../sysmon_susp_office_dsparse_dll_load.yml | 28 +++++ .../sysmon_susp_office_kerberos_dll_load.yml | 28 +++++ .../sysmon_susp_winword_vbadll_load.yml | 30 +++++ .../sysmon_susp_winword_wmidll_load.yml | 34 +++++ ...sysmon_suspicious_dbghelp_dbgcore_load.yml | 64 ++++++++++ ...sysmon_svchost_dll_search_order_hijack.yml | 35 ++++++ ...ysmon_unsigned_image_loaded_into_lsass.yml | 25 ++++ .../image_loaded/sysmon_wmi_module_load.yml | 47 +++++++ ...persistence_commandline_event_consumer.yml | 23 ++++ .../sysmon_malware_backconnect_ports.yml | 98 +++++++++++++++ .../sysmon_notepad_network_connection.yml | 25 ++++ .../sysmon_powershell_network_connection.yml | 47 +++++++ .../sysmon_rdp_reverse_tunnel.yml | 29 +++++ ...smon_remote_powershell_session_network.yml | 26 ++++ .../sysmon_rundll32_net_connections.yml | 45 +++++++ ..._susp_prog_location_network_connection.yml | 32 +++++ .../network_connection/sysmon_susp_rdp.yml | 45 +++++++ ...uspicious_outbound_kerberos_connection.yml | 30 +++++ .../sysmon_win_binary_github_com.yml | 28 +++++ .../sysmon_win_binary_susp_com.yml | 28 +++++ .../process_access/sysmon_cmstp_execution.yml | 49 ++++++++ .../sysmon_cred_dump_lsass_access.yml | 57 +++++++++ .../sysmon_in_memory_assembly_execution.yml | 46 +++++++ .../process_access/sysmon_invoke_phantom.yml | 26 ++++ .../process_access/sysmon_lsass_memdump.yml | 27 ++++ .../sysmon_malware_verclsid_shellcode.yml | 30 +++++ .../sysmon_mimikatz_trough_winrm.yml | 26 ++++ .../sysmon_apt_oceanlotus_registry.yml | 36 ++++++ .../registry_event/sysmon_apt_pandemic.yml | 41 ++++++ .../sysmon_asep_reg_keys_modification.yml | 34 +++++ .../registry_event/sysmon_cmstp_execution.yml | 50 ++++++++ .../registry_event/sysmon_dhcp_calloutdll.yml | 29 +++++ ...y_events_logging_adding_reg_key_minint.yml | 33 +++++ .../sysmon_dns_serverlevelplugindll.yml | 40 ++++++ .../registry_event/sysmon_hack_wce.yml | 37 ++++++ .../sysmon_narrator_feedback_persistance.yml | 26 ++++ ..._dll_added_to_appcertdlls_registry_key.yml | 36 ++++++ ...dll_added_to_appinit_dlls_registry_key.yml | 35 ++++++ ..._service_registry_permissions_weakness.yml | 33 +++++ .../sysmon_rdp_registry_modification.yml | 31 +++++ .../sysmon_rdp_settings_hijack.yml | 23 ++++ ...ysmon_registry_persistence_key_linking.yml | 24 ++++ ...smon_registry_persistence_search_order.yml | 29 +++++ ...mon_registry_trust_record_modification.yml | 24 ++++ .../sysmon_ssp_added_lsa_config.yml | 28 +++++ .../sysmon_stickykey_like_backdoor.yml | 51 ++++++++ .../sysmon_susp_download_run_key.yml | 26 ++++ .../sysmon_susp_reg_persist_explorer_run.yml | 34 +++++ .../sysmon_susp_run_key_img_folder.yml | 37 ++++++ .../sysmon_susp_service_installed.yml | 34 +++++ ...sysmon_suspicious_keyboard_layout_load.yml | 30 +++++ .../sysmon_sysinternals_eula_accepted.yml | 30 +++++ .../sysmon_uac_bypass_eventvwr.yml | 34 +++++ .../sysmon_uac_bypass_sdclt.yml | 25 ++++ .../sysmon_win_reg_persistence.yml | 28 +++++ 76 files changed, 2660 insertions(+) create mode 100755 rules/windows/driver_loaded/sysmon_susp_driver_load.yml create mode 100755 rules/windows/file_creation/sysmon_creation_system_file.yml create mode 100755 rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml create mode 100755 rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml create mode 100755 rules/windows/file_creation/sysmon_hack_dumpert.yml create mode 100755 rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml create mode 100755 rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml create mode 100755 rules/windows/file_creation/sysmon_quarkspw_filedump.yml create mode 100755 rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml create mode 100755 rules/windows/file_creation/sysmon_susp_desktop_ini.yml create mode 100755 rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml create mode 100755 rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml create mode 100755 rules/windows/file_creation/sysmon_webshell_creation_detect.yml create mode 100755 rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml create mode 100755 rules/windows/image_loaded/sysmon_in_memory_powershell.yml create mode 100755 rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml create mode 100755 rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_image_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml create mode 100755 rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml create mode 100755 rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml create mode 100755 rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml create mode 100755 rules/windows/image_loaded/sysmon_wmi_module_load.yml create mode 100755 rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml create mode 100755 rules/windows/network_connection/sysmon_malware_backconnect_ports.yml create mode 100755 rules/windows/network_connection/sysmon_notepad_network_connection.yml create mode 100755 rules/windows/network_connection/sysmon_powershell_network_connection.yml create mode 100755 rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml create mode 100755 rules/windows/network_connection/sysmon_remote_powershell_session_network.yml create mode 100755 rules/windows/network_connection/sysmon_rundll32_net_connections.yml create mode 100755 rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml create mode 100755 rules/windows/network_connection/sysmon_susp_rdp.yml create mode 100755 rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml create mode 100755 rules/windows/network_connection/sysmon_win_binary_github_com.yml create mode 100755 rules/windows/network_connection/sysmon_win_binary_susp_com.yml create mode 100755 rules/windows/process_access/sysmon_cmstp_execution.yml create mode 100755 rules/windows/process_access/sysmon_cred_dump_lsass_access.yml create mode 100755 rules/windows/process_access/sysmon_in_memory_assembly_execution.yml create mode 100755 rules/windows/process_access/sysmon_invoke_phantom.yml create mode 100755 rules/windows/process_access/sysmon_lsass_memdump.yml create mode 100755 rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml create mode 100755 rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml create mode 100755 rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml create mode 100755 rules/windows/registry_event/sysmon_apt_pandemic.yml create mode 100755 rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml create mode 100755 rules/windows/registry_event/sysmon_cmstp_execution.yml create mode 100755 rules/windows/registry_event/sysmon_dhcp_calloutdll.yml create mode 100755 rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml create mode 100755 rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml create mode 100755 rules/windows/registry_event/sysmon_hack_wce.yml create mode 100755 rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml create mode 100755 rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml create mode 100755 rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml create mode 100755 rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml create mode 100755 rules/windows/registry_event/sysmon_rdp_registry_modification.yml create mode 100755 rules/windows/registry_event/sysmon_rdp_settings_hijack.yml create mode 100755 rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml create mode 100755 rules/windows/registry_event/sysmon_registry_persistence_search_order.yml create mode 100755 rules/windows/registry_event/sysmon_registry_trust_record_modification.yml create mode 100755 rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml create mode 100755 rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml create mode 100755 rules/windows/registry_event/sysmon_susp_download_run_key.yml create mode 100755 rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml create mode 100755 rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml create mode 100755 rules/windows/registry_event/sysmon_susp_service_installed.yml create mode 100755 rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml create mode 100755 rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml create mode 100755 rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml create mode 100755 rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml create mode 100755 rules/windows/registry_event/sysmon_win_reg_persistence.yml diff --git a/rules/windows/driver_loaded/sysmon_susp_driver_load.yml b/rules/windows/driver_loaded/sysmon_susp_driver_load.yml new file mode 100755 index 00000000..a12d1475 --- /dev/null +++ b/rules/windows/driver_loaded/sysmon_susp_driver_load.yml @@ -0,0 +1,19 @@ +title: Suspicious Driver Load from Temp +id: 2c4523d5-d481-4ed0-8ec3-7fbf0cb41a75 +description: Detects a driver load from a temporary directory +author: Florian Roth +date: 2017/02/12 +tags: + - attack.persistence + - attack.t1050 +logsource: + category: driver_loaded + product: windows + service: sysmon +detection: + selection: + ImageLoaded: '*\Temp\\*' + condition: selection +falsepositives: + - there is a relevant set of false positives depending on applications in the environment +level: medium diff --git a/rules/windows/file_creation/sysmon_creation_system_file.yml b/rules/windows/file_creation/sysmon_creation_system_file.yml new file mode 100755 index 00000000..aaebf3c3 --- /dev/null +++ b/rules/windows/file_creation/sysmon_creation_system_file.yml @@ -0,0 +1,57 @@ +title: File Created with System Process Name +id: d5866ddf-ce8f-4aea-b28e-d96485a20d3d +status: experimental +description: Detects the creation of a executable with a sytem process name in a suspicious folder +references: + - https://attack.mitre.org/techniques/T1036/ +author: Sander Wiebing +date: 2020/05/26 +tags: + - attack.defense_evasion + - attack.t1036 +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + Image: + - '*\svchost.exe' + - '*\rundll32.exe' + - '*\services.exe' + - '*\powershell.exe' + - '*\regsvr32.exe' + - '*\spoolsv.exe' + - '*\lsass.exe' + - '*\smss.exe' + - '*\csrss.exe' + - '*\conhost.exe' + - '*\wininit.exe' + - '*\lsm.exe' + - '*\winlogon.exe' + - '*\explorer.exe' + - '*\taskhost.exe' + - '*\Taskmgr.exe' + - '*\taskmgr.exe' + - '*\sihost.exe' + - '*\RuntimeBroker.exe' + - '*\runtimebroker.exe' + - '*\smartscreen.exe' + - '*\dllhost.exe' + - '*\audiodg.exe' + - '*\wlanext.exe' + filter: + Image: + - 'C:\Windows\System32\\*' + - 'C:\Windows\system32\\*' + - 'C:\Windows\SysWow64\\*' + - 'C:\Windows\SysWOW64\\*' + - 'C:\Windows\winsxs\\*' + - 'C:\Windows\WinSxS\\*' + - '\SystemRoot\System32\\*' + condition: selection and not filter +fields: + - Image +falsepositives: + - System processes copied outside the default folder +level: high diff --git a/rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml b/rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml new file mode 100755 index 00000000..7ce6ba11 --- /dev/null +++ b/rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml @@ -0,0 +1,48 @@ +title: Cred Dump Tools Dropped Files +id: 8fbf3271-1ef6-4e94-8210-03c2317947f6 +description: Files with well-known filenames (parts of credential dump software or files produced by them) creation +author: Teymur Kheirkhabarov, oscd.community +date: 2019/11/01 +modified: 2019/11/13 +references: + - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + TargetFilename|contains: + - '\pwdump' + - '\kirbi' + - '\pwhashes' + - '\wce_ccache' + - '\wce_krbtkts' + - '\fgdump-log' + TargetFilename|endswith: + - '\test.pwd' + - '\lsremora64.dll' + - '\lsremora.dll' + - '\fgexec.exe' + - '\wceaux.dll' + - '\SAM.out' + - '\SECURITY.out' + - '\SYSTEM.out' + - '\NTDS.out' + - '\DumpExt.dll' + - '\DumpSvc.exe' + - '\cachedump64.exe' + - '\cachedump.exe' + - '\pstgdump.exe' + - '\servpw.exe' + - '\servpw64.exe' + - '\pwdump.exe' + - '\procdump64.exe' + condition: selection +falsepositives: + - Legitimate Administrator using tool for password recovery +level: high +status: experimental diff --git a/rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml b/rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml new file mode 100755 index 00000000..8eb4b734 --- /dev/null +++ b/rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml @@ -0,0 +1,22 @@ +title: Detection of SafetyKatz +id: e074832a-eada-4fd7-94a1-10642b130e16 +status: experimental +description: Detects possible SafetyKatz Behaviour +references: + - https://github.com/GhostPack/SafetyKatz +tags: + - attack.credential_access + - attack.t1003 +author: Markus Neis +date: 2018/07/24 +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + TargetFilename: '*\Temp\debug.bin' + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/file_creation/sysmon_hack_dumpert.yml b/rules/windows/file_creation/sysmon_hack_dumpert.yml new file mode 100755 index 00000000..bfb748a8 --- /dev/null +++ b/rules/windows/file_creation/sysmon_hack_dumpert.yml @@ -0,0 +1,35 @@ +action: global +title: Dumpert Process Dumper +id: 2704ab9e-afe2-4854-a3b1-0c0706d03578 +description: Detects the use of Dumpert process dumper, which dumps the lsass.exe process memory +author: Florian Roth +references: + - https://github.com/outflanknl/Dumpert + - https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ +date: 2020/02/04 +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: file_creation + product: windows + service: sysmon +falsepositives: + - Very unlikely +level: critical +--- +logsource: + category: process_creation + product: windows +detection: + selection: + Imphash: '09D278F9DE118EF09163C6140255C690' + condition: selection +--- +logsource: + product: windows + service: sysmon +detection: + selection: + TargetFilename: C:\Windows\Temp\dumpert.dmp + condition: selection diff --git a/rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml new file mode 100755 index 00000000..d2bb40a5 --- /dev/null +++ b/rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml @@ -0,0 +1,27 @@ +title: LSASS Memory Dump File Creation +id: 5e3d3601-0662-4af0-b1d2-36a05e90c40a +description: LSASS memory dump creation using operating systems utilities. Procdump will use process name in output file if no name is specified +author: Teymur Kheirkhabarov, oscd.community +references: + - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment +date: 2019/10/22 +modified: 2019/11/13 +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + TargetFilename|contains: 'lsass' + TargetFilename|endswith: 'dmp' + condition: selection +fields: + - ComputerName + - TargetFileName +falsepositives: + - Dumping lsass memory for forensic investigation purposes by legitimate incident responder or forensic invetigator +level: medium +status: experimental diff --git a/rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml b/rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml new file mode 100755 index 00000000..c6512066 --- /dev/null +++ b/rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml @@ -0,0 +1,117 @@ +title: Malicious PowerShell Commandlet Names +id: f331aa1f-8c53-4fc3-b083-cc159bc971cb +status: experimental +description: Detects the creation of known powershell scripts for exploitation +references: + - https://raw.githubusercontent.com/Neo23x0/sigma/f35c50049fa896dff91ff545cb199319172701e8/rules/windows/powershell/powershell_malicious_commandlets.yml +tags: + - attack.execution + - attack.t1086 +author: Markus Neis +date: 2018/04/07 +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + TargetFilename: + - '*\Invoke-DllInjection.ps1' + - '*\Invoke-WmiCommand.ps1' + - '*\Get-GPPPassword.ps1' + - '*\Get-Keystrokes.ps1' + - '*\Get-VaultCredential.ps1' + - '*\Invoke-CredentialInjection.ps1' + - '*\Invoke-Mimikatz.ps1' + - '*\Invoke-NinjaCopy.ps1' + - '*\Invoke-TokenManipulation.ps1' + - '*\Out-Minidump.ps1' + - '*\VolumeShadowCopyTools.ps1' + - '*\Invoke-ReflectivePEInjection.ps1' + - '*\Get-TimedScreenshot.ps1' + - '*\Invoke-UserHunter.ps1' + - '*\Find-GPOLocation.ps1' + - '*\Invoke-ACLScanner.ps1' + - '*\Invoke-DowngradeAccount.ps1' + - '*\Get-ServiceUnquoted.ps1' + - '*\Get-ServiceFilePermission.ps1' + - '*\Get-ServicePermission.ps1' + - '*\Invoke-ServiceAbuse.ps1' + - '*\Install-ServiceBinary.ps1' + - '*\Get-RegAutoLogon.ps1' + - '*\Get-VulnAutoRun.ps1' + - '*\Get-VulnSchTask.ps1' + - '*\Get-UnattendedInstallFile.ps1' + - '*\Get-WebConfig.ps1' + - '*\Get-ApplicationHost.ps1' + - '*\Get-RegAlwaysInstallElevated.ps1' + - '*\Get-Unconstrained.ps1' + - '*\Add-RegBackdoor.ps1' + - '*\Add-ScrnSaveBackdoor.ps1' + - '*\Gupt-Backdoor.ps1' + - '*\Invoke-ADSBackdoor.ps1' + - '*\Enabled-DuplicateToken.ps1' + - '*\Invoke-PsUaCme.ps1' + - '*\Remove-Update.ps1' + - '*\Check-VM.ps1' + - '*\Get-LSASecret.ps1' + - '*\Get-PassHashes.ps1' + - '*\Show-TargetScreen.ps1' + - '*\Port-Scan.ps1' + - '*\Invoke-PoshRatHttp.ps1' + - '*\Invoke-PowerShellTCP.ps1' + - '*\Invoke-PowerShellWMI.ps1' + - '*\Add-Exfiltration.ps1' + - '*\Add-Persistence.ps1' + - '*\Do-Exfiltration.ps1' + - '*\Start-CaptureServer.ps1' + - '*\Invoke-ShellCode.ps1' + - '*\Get-ChromeDump.ps1' + - '*\Get-ClipboardContents.ps1' + - '*\Get-FoxDump.ps1' + - '*\Get-IndexedItem.ps1' + - '*\Get-Screenshot.ps1' + - '*\Invoke-Inveigh.ps1' + - '*\Invoke-NetRipper.ps1' + - '*\Invoke-EgressCheck.ps1' + - '*\Invoke-PostExfil.ps1' + - '*\Invoke-PSInject.ps1' + - '*\Invoke-RunAs.ps1' + - '*\MailRaider.ps1' + - '*\New-HoneyHash.ps1' + - '*\Set-MacAttribute.ps1' + - '*\Invoke-DCSync.ps1' + - '*\Invoke-PowerDump.ps1' + - '*\Exploit-Jboss.ps1' + - '*\Invoke-ThunderStruck.ps1' + - '*\Invoke-VoiceTroll.ps1' + - '*\Set-Wallpaper.ps1' + - '*\Invoke-InveighRelay.ps1' + - '*\Invoke-PsExec.ps1' + - '*\Invoke-SSHCommand.ps1' + - '*\Get-SecurityPackages.ps1' + - '*\Install-SSP.ps1' + - '*\Invoke-BackdoorLNK.ps1' + - '*\PowerBreach.ps1' + - '*\Get-SiteListPassword.ps1' + - '*\Get-System.ps1' + - '*\Invoke-BypassUAC.ps1' + - '*\Invoke-Tater.ps1' + - '*\Invoke-WScriptBypassUAC.ps1' + - '*\PowerUp.ps1' + - '*\PowerView.ps1' + - '*\Get-RickAstley.ps1' + - '*\Find-Fruit.ps1' + - '*\HTTP-Login.ps1' + - '*\Find-TrustedDocuments.ps1' + - '*\Invoke-Paranoia.ps1' + - '*\Invoke-WinEnum.ps1' + - '*\Invoke-ARPScan.ps1' + - '*\Invoke-PortScan.ps1' + - '*\Invoke-ReverseDNSLookup.ps1' + - '*\Invoke-SMBScanner.ps1' + - '*\Invoke-Mimikittenz.ps1' + condition: selection +falsepositives: + - Penetration Tests +level: high diff --git a/rules/windows/file_creation/sysmon_quarkspw_filedump.yml b/rules/windows/file_creation/sysmon_quarkspw_filedump.yml new file mode 100755 index 00000000..447225de --- /dev/null +++ b/rules/windows/file_creation/sysmon_quarkspw_filedump.yml @@ -0,0 +1,23 @@ +title: QuarksPwDump Dump File +id: 847def9e-924d-4e90-b7c4-5f581395a2b4 +status: experimental +description: Detects a dump file written by QuarksPwDump password dumper +references: + - https://jpcertcc.github.io/ToolAnalysisResultSheet/details/QuarksPWDump.htm +author: Florian Roth +date: 2018/02/10 +tags: + - attack.credential_access + - attack.t1003 +level: critical +logsource: + category: file_creation + product: windows + service: sysmon +detection: + selection: + # Sysmon: File Creation (ID 11) + TargetFilename: '*\AppData\Local\Temp\SAM-*.dmp*' + condition: selection +falsepositives: + - Unknown diff --git a/rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml b/rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml new file mode 100755 index 00000000..bcdf82e7 --- /dev/null +++ b/rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml @@ -0,0 +1,30 @@ +title: Suspicious ADSI-Cache Usage By Unknown Tool +id: 75bf09fa-1dd7-4d18-9af9-dd9e492562eb +description: detects the usage of ADSI (LDAP) operations by tools. This may also detect tools like LDAPFragger. +status: experimental +date: 2019/03/24 +author: xknow @xknow_infosec +references: + - https://medium.com/@ivecodoe/detecting-ldapfragger-a-newly-released-cobalt-strike-beacon-using-ldap-for-c2-communication-c274a7f00961 + - https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/ + - https://github.com/fox-it/LDAPFragger +tags: + - attack.t1041 + - attack.persistence +logsource: + product: windows + service: sysmon + category: file_creation +detection: + selection_1: + TargetFilename: '*\Local\Microsoft\Windows\SchCache\*.sch' + selection_2: + Image|contains: + - 'C:\windows\system32\svchost.exe' + - 'C:\windows\system32\dllhost.exe' + - 'C:\windows\system32\mmc.exe' + - 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' + condition: selection_1 and not selection_2 +falsepositives: + - Other legimate tools, which do ADSI (LDAP) operations, e.g. any remoting activity by MMC, Powershell, Windows etc. +level: high diff --git a/rules/windows/file_creation/sysmon_susp_desktop_ini.yml b/rules/windows/file_creation/sysmon_susp_desktop_ini.yml new file mode 100755 index 00000000..4560174f --- /dev/null +++ b/rules/windows/file_creation/sysmon_susp_desktop_ini.yml @@ -0,0 +1,27 @@ +title: Suspicious desktop.ini Action +id: 81315b50-6b60-4d8f-9928-3466e1022515 +status: experimental +description: Detects unusual processes accessing desktop.ini, which can be leveraged to alter how Explorer displays a folder's content (i.e. renaming files) without changing them on disk. +references: + - https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ +author: Maxime Thiebaut (@0xThiebaut) +date: 2020/03/19 +tags: + - attack.persistence + - attack.t1023 +logsource: + product: windows + service: sysmon + category: file_creation +detection: + filter: + Image: + - 'C:\Windows\explorer.exe' + - 'C:\Windows\System32\msiexec.exe' + - 'C:\Windows\System32\mmc.exe' + selection: + TargetFilename|endswith: '\desktop.ini' + condition: selection and not filter +falsepositives: + - Operations performed through Windows SCCM or equivalent +level: medium diff --git a/rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml new file mode 100755 index 00000000..4e79478a --- /dev/null +++ b/rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -0,0 +1,28 @@ +title: Suspicious PROCEXP152.sys File Created In TMP +id: 3da70954-0f2c-4103-adff-b7440368f50e +description: Detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. +status: experimental +date: 2019/04/08 +author: xknow (@xknow_infosec), xorxes (@xor_xes) +references: + - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ +tags: + - attack.t1089 + - attack.defense_evasion +logsource: + product: windows + service: sysmon + category: file_creation +detection: + selection_1: + TargetFilename: '*\AppData\Local\Temp\*\PROCEXP152.sys' + selection_2: + Image|contains: + - '*\procexp64.exe' + - '*\procexp.exe' + - '*\procmon64.exe' + - '*\procmon.exe' + condition: selection_1 and not selection_2 +falsepositives: + - Other legimate tools using this driver and filename (like Sysinternals). Note - Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it. +level: medium diff --git a/rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml b/rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml new file mode 100755 index 00000000..254f77c6 --- /dev/null +++ b/rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml @@ -0,0 +1,18 @@ +title: Hijack Legit RDP Session to Move Laterally +id: 52753ea4-b3a0-4365-910d-36cff487b789 +status: experimental +description: Detects the usage of tsclient share to place a backdoor on the RDP source machine's startup folder +date: 2019/02/21 +author: Samir Bousseaden +logsource: + product: windows + service: sysmon + category: file_creation +detection: + selection: + Image: '*\mstsc.exe' + TargetFileName: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/file_creation/sysmon_webshell_creation_detect.yml b/rules/windows/file_creation/sysmon_webshell_creation_detect.yml new file mode 100755 index 00000000..86fdb516 --- /dev/null +++ b/rules/windows/file_creation/sysmon_webshell_creation_detect.yml @@ -0,0 +1,46 @@ +title: Windows Webshell Creation +id: 39f1f9f2-9636-45de-98f6-a4046aa8e4b9 +status: experimental +description: Possible webshell file creation on a static web site +references: + - PT ESC rule and personal experience +author: Beyu Denis, oscd.community +date: 2019/10/22 +modified: 2020/05/18 +tags: + - attack.persistence + - attack.t1100 +level: critical +logsource: + product: windows + service: sysmon + category: file_creation +detection: + selection_2: + TargetFilename|contains: '\inetpub\wwwroot\' + selection_3: + TargetFilename|contains: + - '.asp' + - '.ashx' + - '.ph' + selection_4: + TargetFilename|contains: + - '\www\' + - '\htdocs\' + - '\html\' + selection_5: + TargetFilename|contains: '.ph' + selection_6: + - TargetFilename|endswith: '.jsp' + - TargetFilename|contains|all: + - '\cgi-bin\' + - '.pl' + false_positives: # false positives when unpacking some executables in $TEMP + TargetFilename|contains: + - '\AppData\Local\Temp\' + - '\Windows\Temp\' + # kind of ugly but sigmac seems not to handle double parenthesis "((" + # we shold prefer something like : selection_1 and not false_positives and ((selection_2 and selection_3) or (selection_4 and selection_5) or selection_6) + condition: (selection_2 and selection_3 and not false_positives) or (selection_4 and selection_5 and not false_positives) or (selection_6 and not false_positives) +falsepositives: + - Legitimate administrator or developer creating legitimate executable files in a web application folder diff --git a/rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml new file mode 100755 index 00000000..8fc77b5f --- /dev/null +++ b/rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml @@ -0,0 +1,22 @@ +title: WMI Persistence - Script Event Consumer File Write +id: 33f41cdd-35ac-4ba8-814b-c6a4244a1ad4 +status: experimental +description: Detects file writes of WMI script event consumer +references: + - https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/ +author: Thomas Patzke +date: 2018/03/07 +tags: + - attack.t1084 + - attack.persistence +logsource: + product: windows + service: sysmon + category: file_created +detection: + selection: + Image: 'C:\WINDOWS\system32\wbem\scrcons.exe' + condition: selection +falsepositives: + - Unknown (data set is too small; further testing needed) +level: high diff --git a/rules/windows/image_loaded/sysmon_in_memory_powershell.yml b/rules/windows/image_loaded/sysmon_in_memory_powershell.yml new file mode 100755 index 00000000..e5c08eea --- /dev/null +++ b/rules/windows/image_loaded/sysmon_in_memory_powershell.yml @@ -0,0 +1,35 @@ +title: In-memory PowerShell +id: 092bc4b9-3d1d-43b4-a6b4-8c8acd83522f +status: experimental +description: Detects loading of essential DLL used by PowerShell, but not by the process powershell.exe. Detects meterpreter's "load powershell" extension. +author: Tom Kern, oscd.community +date: 2019/11/14 +modified: 2019/11/30 +references: + - https://adsecurity.org/?p=2921 + - https://github.com/p3nt4/PowerShdll +tags: + - attack.t1086 + - attack.execution +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + ImageLoaded|endswith: + - '\System.Management.Automation.Dll' + - '\System.Management.Automation.ni.Dll' + filter: + Image|endswith: + - '\powershell.exe' + - '\powershell_ise.exe' + - '\WINDOWS\System32\sdiagnhost.exe' + # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM + condition: selection and not filter +falsepositives: + - Used by some .NET binaries, minimal on user workstation. +level: high +enrichment: + - EN_0001_cache_sysmon_event_id_1_info # http://bit.ly/314zc6x + - EN_0003_enrich_other_sysmon_events_with_event_id_1_data # http://bit.ly/2ojW7fw diff --git a/rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml b/rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml new file mode 100755 index 00000000..6f7e05d4 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml @@ -0,0 +1,41 @@ +title: Mimikatz In-Memory +id: c0478ead-5336-46c2-bd5e-b4c84bc3a36e +status: experimental +description: Detects certain DLL loads when Mimikatz gets executed +references: + - https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/ +tags: + - attack.s0002 + - attack.t1003 + - attack.lateral_movement + - attack.credential_access + - car.2019-04-004 +logsource: + category: image_loaded + product: windows + service: sysmon +date: 2017/03/13 +detection: + selector: + Image: 'C:\Windows\System32\rundll32.exe' + dllload1: + ImageLoaded: '*\vaultcli.dll' + dllload2: + ImageLoaded: '*\wlanapi.dll' + exclusion: + ImageLoaded: + - 'ntdsapi.dll' + - 'netapi32.dll' + - 'imm32.dll' + - 'samlib.dll' + - 'combase.dll' + - 'srvcli.dll' + - 'shcore.dll' + - 'ntasn1.dll' + - 'cryptdll.dll' + - 'logoncli.dll' + timeframe: 30s + condition: selector | near dllload1 and dllload2 and not exclusion +falsepositives: + - unknown +level: medium diff --git a/rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml b/rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml new file mode 100755 index 00000000..bfed56f8 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml @@ -0,0 +1,29 @@ +title: PowerShell Execution +id: 867613fb-fa60-4497-a017-a82df74a172c +description: Detects execution of PowerShell +status: experimental +date: 2019/09/12 +modified: 2019/11/10 +author: Roberto Rodriguez @Cyb3rWard0g +references: + - https://github.com/hunters-forge/ThreatHunter-Playbook/blob/8869b7a58dba1cff63bae1d7ab923974b8c0539b/playbooks/WIN-190410151110.yaml +logsource: + category: image_loaded + product: windows + service: sysmon +tags: + - attack.execution + - attack.t1086 +detection: + selection: + Description: 'system.management.automation' + ImageLoaded|contains: 'system.management.automation' + condition: selection +fields: + - ComputerName + - Image + - ProcessID + - ImageLoaded +falsepositives: + - Unknown +level: medium diff --git a/rules/windows/image_loaded/sysmon_susp_image_load.yml b/rules/windows/image_loaded/sysmon_susp_image_load.yml new file mode 100755 index 00000000..899bc572 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_image_load.yml @@ -0,0 +1,26 @@ +title: Possible Process Hollowing Image Loading +id: e32ce4f5-46c6-4c47-ba69-5de3c9193cd7 +status: experimental +description: Detects Loading of samlib.dll, WinSCard.dll from untypical process e.g. through process hollowing by Mimikatz +references: + - https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html +author: Markus Neis +date: 2018/01/07 +tags: + - attack.defense_evasion + - attack.t1073 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\notepad.exe' + ImageLoaded: + - '*\samlib.dll' + - '*\WinSCard.dll' + condition: selection +falsepositives: + - Very likely, needs more tuning +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml new file mode 100755 index 00000000..1d0a1e80 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -0,0 +1,28 @@ +title: dotNET DLL Loaded Via Office Applications +id: ff0f2b05-09db-4095-b96d-1b75ca24894a +status: experimental +description: Detects any assembly DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - 'C:\Windows\assembly\*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml new file mode 100755 index 00000000..6d6e1084 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -0,0 +1,28 @@ +title: CLR DLL Loaded Via Office Applications +id: d13c43f0-f66b-4279-8b2c-5912077c1780 +status: experimental +description: Detects CLR DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\clr.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml new file mode 100755 index 00000000..8a1c1bb6 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -0,0 +1,28 @@ +title: GAC DLL Loaded Via Office Applications +id: 90217a70-13fc-48e4-b3db-0d836c5824ac +status: experimental +description: Detects any GAC DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - 'C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml new file mode 100755 index 00000000..eb52f014 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml @@ -0,0 +1,28 @@ +title: Active Directory Parsing DLL Loaded Via Office Applications +id: a2a3b925-7bb0-433b-b508-db9003263cc4 +status: experimental +description: Detects DSParse DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\dsparse.dll*' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml new file mode 100755 index 00000000..90cf6879 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml @@ -0,0 +1,28 @@ +title: Active Directory Kerberos DLL Loaded Via Office Applications +id: 7417e29e-c2e7-4cf6-a2e8-767228c64837 +status: experimental +description: Detects Kerberos DLL being loaded by an Office Product +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\kerberos.dll' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml b/rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml new file mode 100755 index 00000000..ca8fa945 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml @@ -0,0 +1,30 @@ +title: VBA DLL Loaded Via Microsoft Word +id: e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 +status: experimental +description: Detects DLL's Loaded Via Word Containing VBA Macros +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 +author: Antonlovesdnb +date: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\VBE7.DLL' + - '*\VBEUI.DLL' + - '*\VBE7INTL.DLL' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: high diff --git a/rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml b/rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml new file mode 100755 index 00000000..25b3eeaa --- /dev/null +++ b/rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml @@ -0,0 +1,34 @@ +title: Windows Mangement Instrumentation DLL Loaded Via Microsoft Word +id: a457f232-7df9-491d-898f-b5aabd2cbe2f +status: experimental +description: Detects DLL's Loaded Via Word Containing VBA Macros Executing WMI Commands +references: + - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 + - https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/ + - https://media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf +author: Michael R. (@nahamike01) +date: 2019/12/26 +tags: + - attack.execution + - attack.t1047 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\winword.exe' + - '*\powerpnt.exe' + - '*\excel.exe' + - '*\outlook.exe' + ImageLoaded: + - '*\wmiutils.dll' + - '*\wbemcomn.dll' + - '*\wbemprox.dll' + - '*\wbemdisp.dll' + - '*\wbemsvc.dll' + condition: selection +falsepositives: + - Possible. Requires further testing. +level: high diff --git a/rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml b/rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml new file mode 100755 index 00000000..78298fe2 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -0,0 +1,64 @@ +title: Load of dbghelp/dbgcore DLL from Suspicious Process +id: 0e277796-5f23-4e49-a490-483131d4f6e1 +status: experimental +description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump + API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and + transfer it over the network back to the attacker's machine. +date: 2019/10/27 +modified: 2020/05/23 +author: Perez Diego (@darkquassar), oscd.community, Ecco +references: + - https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump + - https://www.pinvoke.net/default.aspx/dbghelp/MiniDumpWriteDump.html + - https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6 +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + signedprocess: + ImageLoaded|endswith: + - '\dbghelp.dll' + - '\dbgcore.dll' + Image|endswith: + - '\msbuild.exe' + - '\cmd.exe' + - '\svchost.exe' + - '\rundll32.exe' + - '\powershell.exe' + - '\word.exe' + - '\excel.exe' + - '\powerpnt.exe' + - '\outlook.exe' + - '\monitoringhost.exe' + - '\wmic.exe' + # - '\msiexec.exe' an installer installing a program using one of those DLL will raise an alert + - '\bash.exe' + - '\wscript.exe' + - '\cscript.exe' + - '\mshta.exe' + - '\regsvr32.exe' + - '\schtasks.exe' + - '\dnx.exe' + - '\regsvcs.exe' + - '\sc.exe' + - '\scriptrunner.exe' + unsignedprocess: + ImageLoaded|endswith: + - '\dbghelp.dll' + - '\dbgcore.dll' + Signed: "FALSE" + filter: + Image|contains: 'Visual Studio' + condition: (signedprocess AND NOT filter) OR (unsignedprocess AND NOT filter) +fields: + - ComputerName + - User + - Image + - ImageLoaded +falsepositives: + - Penetration tests +level: high diff --git a/rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml new file mode 100755 index 00000000..bd44479d --- /dev/null +++ b/rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml @@ -0,0 +1,35 @@ +title: Svchost DLL Search Order Hijack +id: 602a1f13-c640-4d73-b053-be9a2fa58b77 +status: experimental +description: IKEEXT and SessionEnv service, as they call LoadLibrary on files that do not exist within C:\Windows\System32\ by default. An attacker can place their + malicious logic within the PROCESS_ATTACH block of their library and restart the aforementioned services "svchost.exe -k netsvcs" to gain code execution on a + remote machine. +references: + - https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992 +author: SBousseaden +date: 2019/10/28 +tags: + - attack.persistence + - attack.defense_evasion + - attack.t1073 + - attack.t1038 + - attack.t1112 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: + - '*\svchost.exe' + ImageLoaded: + - '*\tsmsisrv.dll' + - '*\tsvipsrv.dll' + - '*\wlbsctrl.dll' + filter: + ImageLoaded: + - 'C:\Windows\WinSxS\*' + condition: selection and not filter +falsepositives: + - Pentest +level: high diff --git a/rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml b/rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml new file mode 100755 index 00000000..34fb597b --- /dev/null +++ b/rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml @@ -0,0 +1,25 @@ +title: Unsigned Image Loaded Into LSASS Process +id: 857c8db3-c89b-42fb-882b-f681c7cf4da2 +description: Loading unsigned image (DLL, EXE) into LSASS process +author: Teymur Kheirkhabarov, oscd.community +date: 2019/10/22 +modified: 2019/11/13 +references: + - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + Image|endswith: '\lsass.exe' + Signed: 'false' + condition: selection +falsepositives: + - Valid user connecting using RDP +status: experimental +level: medium + diff --git a/rules/windows/image_loaded/sysmon_wmi_module_load.yml b/rules/windows/image_loaded/sysmon_wmi_module_load.yml new file mode 100755 index 00000000..b5e0e6dc --- /dev/null +++ b/rules/windows/image_loaded/sysmon_wmi_module_load.yml @@ -0,0 +1,47 @@ +title: WMI Modules Loaded +id: 671bb7e3-a020-4824-a00e-2ee5b55f385e +description: Detects non wmiprvse loading WMI modules +status: experimental +date: 2019/08/10 +modified: 2019/11/10 +author: Roberto Rodriguez @Cyb3rWard0g +references: + - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1047_windows_management_instrumentation/wmi_wmi_module_load.md +tags: + - attack.execution + - attack.t1047 +logsource: + category: image_loaded + product: windows + service: sysmon +detection: + selection: + ImageLoaded|endswith: + - '\wmiclnt.dll' + - '\WmiApRpl.dll' + - '\wmiprov.dll' + - '\wmiutils.dll' + - '\wbemcomn.dll' + - '\wbemprox.dll' + - '\WMINet_Utils.dll' + - '\wbemsvc.dll' + - '\fastprox.dll' + filter: + Image|endswith: + - '\WmiPrvSe.exe' + - '\WmiAPsrv.exe' + - '\svchost.exe' + - '\DeviceCensus.exe' + - '\CompatTelRunner.exe' + - '\sdiagnhost.exe' + - '\SIHClient.exe' + condition: selection and not filter +fields: + - ComputerName + - User + - Image + - ImageLoaded +falsepositives: + - Unknown +level: high + diff --git a/rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml new file mode 100755 index 00000000..d67b7366 --- /dev/null +++ b/rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -0,0 +1,23 @@ +title: WMI Persistence - Command Line Event Consumer +id: 05936ce2-ee05-4dae-9d03-9a391cf2d2c6 +status: experimental +description: Detects WMI command line event consumers +references: + - https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/ +author: Thomas Patzke +date: 2018/03/07 +tags: + - attack.t1084 + - attack.persistence +logsource: + cqtegory: image_loaded + product: windows + service: sysmon +detection: + selection: + Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' + ImageLoaded: 'wbemcons.dll' + condition: selection +falsepositives: + - Unknown (data set is too small; further testing needed) +level: high diff --git a/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml b/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml new file mode 100755 index 00000000..bd14f8cf --- /dev/null +++ b/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml @@ -0,0 +1,98 @@ +title: Suspicious Typical Malware Back Connect Ports +id: 4b89abaa-99fe-4232-afdd-8f9aa4d20382 +status: experimental +description: Detects programs that connect to typical malware back connect ports based on statistical analysis from two different sandbox system databases +references: + - https://docs.google.com/spreadsheets/d/17pSTDNpa0sf6pHeRhusvWG6rThciE8CsXTSlDUAZDyo +author: Florian Roth +date: 2017/03/19 +tags: + - attack.command_and_control + - attack.t1043 +logsource: + category: network_connection + product: windows + service: sysmon + definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' +detection: + selection: + Initiated: 'true' + DestinationPort: + - '4443' + - '2448' + - '8143' + - '1777' + - '1443' + - '243' + - '65535' + - '13506' + - '3360' + - '200' + - '198' + - '49180' + - '13507' + - '6625' + - '4444' + - '4438' + - '1904' + - '13505' + - '13504' + - '12102' + - '9631' + - '5445' + - '2443' + - '777' + - '13394' + - '13145' + - '12103' + - '5552' + - '3939' + - '3675' + - '666' + - '473' + - '5649' + - '4455' + - '4433' + - '1817' + - '100' + - '65520' + - '1960' + - '1515' + - '743' + - '700' + - '14154' + - '14103' + - '14102' + - '12322' + - '10101' + - '7210' + - '4040' + - '9943' + filter1: + Image: '*\Program Files*' + filter2: + DestinationIp: + - '10.*' + - '192.168.*' + - '172.16.*' + - '172.17.*' + - '172.18.*' + - '172.19.*' + - '172.20.*' + - '172.21.*' + - '172.22.*' + - '172.23.*' + - '172.24.*' + - '172.25.*' + - '172.26.*' + - '172.27.*' + - '172.28.*' + - '172.29.*' + - '172.30.*' + - '172.31.*' + - '127.*' + DestinationIsIpv6: 'false' + condition: selection and not ( filter1 or filter2 ) +falsepositives: + - unknown +level: medium diff --git a/rules/windows/network_connection/sysmon_notepad_network_connection.yml b/rules/windows/network_connection/sysmon_notepad_network_connection.yml new file mode 100755 index 00000000..86b3c511 --- /dev/null +++ b/rules/windows/network_connection/sysmon_notepad_network_connection.yml @@ -0,0 +1,25 @@ +title: Notepad Making Network Connection +id: e81528db-fc02-45e8-8e98-4e84aba1f10b +status: experimental +description: Detects suspicious network connection by Notepad +references: + - https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492186586.pdf + - https://blog.cobaltstrike.com/2013/08/08/why-is-notepad-exe-connecting-to-the-internet/ +tags: + - attack.command_and_control + - attack.execution +author: EagleEye Team +logsource: + category: network_connection + product: windows + service: sysmon +date: 2020/05/14 +detection: + selection: + Image: '*\notepad.exe' + filter: + DestinationPort: '9100' + condition: selection and not filter +falsepositives: + - None observed so far +level: high diff --git a/rules/windows/network_connection/sysmon_powershell_network_connection.yml b/rules/windows/network_connection/sysmon_powershell_network_connection.yml new file mode 100755 index 00000000..b34f5253 --- /dev/null +++ b/rules/windows/network_connection/sysmon_powershell_network_connection.yml @@ -0,0 +1,47 @@ +title: PowerShell Network Connections +id: 1f21ec3f-810d-4b0e-8045-322202e22b4b +status: experimental +description: Detects a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. + extend filters with company's ip range') +author: Florian Roth +date: 2017/03/13 +references: + - https://www.youtube.com/watch?v=DLtJTxMWZ2o +tags: + - attack.execution + - attack.t1086 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + Image: '*\powershell.exe' + Initiated: 'true' + filter: + DestinationIp: + - '10.*' + - '192.168.*' + - '172.16.*' + - '172.17.*' + - '172.18.*' + - '172.19.*' + - '172.20.*' + - '172.21.*' + - '172.22.*' + - '172.23.*' + - '172.24.*' + - '172.25.*' + - '172.26.*' + - '172.27.*' + - '172.28.*' + - '172.29.*' + - '172.30.*' + - '172.31.*' + - '127.0.0.1' + DestinationIsIpv6: 'false' + User: 'NT AUTHORITY\SYSTEM' + condition: selection and not filter +falsepositives: + - Administrative scripts +level: low diff --git a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml new file mode 100755 index 00000000..5775c480 --- /dev/null +++ b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml @@ -0,0 +1,29 @@ +title: RDP Over Reverse SSH Tunnel +id: 5f699bc5-5446-4a4a-a0b7-5ef2885a3eb4 +status: experimental +description: Detects svchost hosting RDP termsvcs communicating with the loopback address and on TCP port 3389 +references: + - https://twitter.com/SBousseaden/status/1096148422984384514 +author: Samir Bousseaden +date: 2019/02/16 +tags: + - attack.defense_evasion + - attack.command_and_control + - attack.t1076 + - car.2013-07-002 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + Image: '*\svchost.exe' + Initiated: 'true' + SourcePort: 3389 + DestinationIp: + - '127.*' + - '::1' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml new file mode 100755 index 00000000..8bcace7e --- /dev/null +++ b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml @@ -0,0 +1,26 @@ +title: Remote PowerShell Session +id: c539afac-c12a-46ed-b1bd-5a5567c9f045 +description: Detects remote PowerShell connections by monitoring network outbount connections to ports 5985 or 5986 from not network service account +status: experimental +date: 2019/09/12 +author: Roberto Rodriguez @Cyb3rWard0g +references: + - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/powershell_remote_session.md +tags: + - attack.execution + - attack.t1086 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + DestinationPort: + - 5985 + - 5986 + filter: + User: 'NT AUTHORITY\NETWORK SERVICE' + condition: selection and not filter +falsepositives: + - Leigitmate usage of remote PowerShell, e.g. remote administration and monitoring. +level: high diff --git a/rules/windows/network_connection/sysmon_rundll32_net_connections.yml b/rules/windows/network_connection/sysmon_rundll32_net_connections.yml new file mode 100755 index 00000000..7092eadc --- /dev/null +++ b/rules/windows/network_connection/sysmon_rundll32_net_connections.yml @@ -0,0 +1,45 @@ +title: Rundll32 Internet Connection +id: cdc8da7d-c303-42f8-b08c-b4ab47230263 +status: experimental +description: Detects a rundll32 that communicates with public IP addresses +references: + - https://www.hybrid-analysis.com/sample/759fb4c0091a78c5ee035715afe3084686a8493f39014aea72dae36869de9ff6?environmentId=100 +author: Florian Roth +date: 2017/11/04 +tags: + - attack.t1085 + - attack.defense_evasion + - attack.execution +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + Image: '*\rundll32.exe' + Initiated: 'true' + filter: + DestinationIp: + - '10.*' + - '192.168.*' + - '172.16.*' + - '172.17.*' + - '172.18.*' + - '172.19.*' + - '172.20.*' + - '172.21.*' + - '172.22.*' + - '172.23.*' + - '172.24.*' + - '172.25.*' + - '172.26.*' + - '172.27.*' + - '172.28.*' + - '172.29.*' + - '172.30.*' + - '172.31.*' + - '127.*' + condition: selection and not filter +falsepositives: + - Communication to other corporate systems that use IP addresses from public address spaces +level: medium diff --git a/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml b/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml new file mode 100755 index 00000000..3219ca94 --- /dev/null +++ b/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml @@ -0,0 +1,32 @@ +title: Suspicious Program Location with Network Connections +id: 7b434893-c57d-4f41-908d-6a17bf1ae98f +status: experimental +description: Detects programs with network connections running in suspicious files system locations +references: + - https://docs.google.com/spreadsheets/d/17pSTDNpa0sf6pHeRhusvWG6rThciE8CsXTSlDUAZDyo +author: Florian Roth +date: 2017/03/19 +logsource: + category: network_connection + product: windows + service: sysmon + definition: 'Use the following config to generate the necessary Event ID 3 Network Connection events' +detection: + selection: + Image: + # - '*\ProgramData\\*' # too many false positives, e.g. with Webex for Windows + - '*\$Recycle.bin' + - '*\Users\All Users\\*' + - '*\Users\Default\\*' + - '*\Users\Public\\*' + - '*\Users\Contacts\\*' + - '*\Users\Searches\\*' + - 'C:\Perflogs\\*' + - '*\config\systemprofile\\*' + - '*\Windows\Fonts\\*' + - '*\Windows\IME\\*' + - '*\Windows\addins\\*' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/network_connection/sysmon_susp_rdp.yml b/rules/windows/network_connection/sysmon_susp_rdp.yml new file mode 100755 index 00000000..ee37354d --- /dev/null +++ b/rules/windows/network_connection/sysmon_susp_rdp.yml @@ -0,0 +1,45 @@ +title: Suspicious Outbound RDP Connections +id: ed74fe75-7594-4b4b-ae38-e38e3fd2eb23 +status: experimental +description: Detects Non-Standard Tools Connecting to TCP port 3389 indicating possible lateral movement +references: + - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 +author: Markus Neis - Swisscom +date: 2019/05/15 +tags: + - attack.lateral_movement + - attack.t1210 + - car.2013-07-002 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + DestinationPort: 3389 + Initiated: 'true' + filter: + Image: + - '*\mstsc.exe' + - '*\RTSApp.exe' + - '*\RTS2App.exe' + - '*\RDCMan.exe' + - '*\ws_TunnelService.exe' + - '*\RSSensor.exe' + - '*\RemoteDesktopManagerFree.exe' + - '*\RemoteDesktopManager.exe' + - '*\RemoteDesktopManager64.exe' + - '*\mRemoteNG.exe' + - '*\mRemote.exe' + - '*\Terminals.exe' + - '*\spiceworks-finder.exe' + - '*\FSDiscovery.exe' + - '*\FSAssessment.exe' + - '*\MobaRTE.exe' + - '*\chrome.exe' + - '*\thor.exe' + - '*\thor64.exe' + condition: selection and not filter +falsepositives: + - Other Remote Desktop RDP tools +level: high diff --git a/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml b/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml new file mode 100755 index 00000000..0965670e --- /dev/null +++ b/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml @@ -0,0 +1,30 @@ +title: Suspicious Outbound Kerberos Connection +id: e54979bd-c5f9-4d6c-967b-a04b19ac4c74 +status: experimental +description: Detects suspicious outbound network activity via kerberos default port indicating possible lateral movement or first stage PrivEsc via delegation. +references: + - https://github.com/GhostPack/Rubeus8 +author: Ilyas Ochkov, oscd.community +date: 2019/10/24 +modified: 2019/11/13 +tags: + - attack.lateral_movement + - attack.t1208 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + DestinationPort: 88 + Initiated: 'true' + filter: + Image|endswith: + - '\lsass.exe' + - '\opera.exe' + - '\chrome.exe' + - '\firefox.exe' + condition: selection and not filter +falsepositives: + - Other browsers +level: high diff --git a/rules/windows/network_connection/sysmon_win_binary_github_com.yml b/rules/windows/network_connection/sysmon_win_binary_github_com.yml new file mode 100755 index 00000000..de0d4603 --- /dev/null +++ b/rules/windows/network_connection/sysmon_win_binary_github_com.yml @@ -0,0 +1,28 @@ +title: Microsoft Binary Github Communication +id: 635dbb88-67b3-4b41-9ea5-a3af2dd88153 +status: experimental +description: Detects an executable in the Windows folder accessing github.com +references: + - https://twitter.com/M_haggis/status/900741347035889665 + - https://twitter.com/M_haggis/status/1032799638213066752 +author: Michael Haag (idea), Florian Roth (rule) +date: 2017/08/24 +tags: + - attack.lateral_movement + - attack.t1105 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + Initiated: 'true' + DestinationHostname: + - '*.github.com' + - '*.githubusercontent.com' + Image: 'C:\Windows\\*' + condition: selection +falsepositives: + - 'Unknown' + - '@subTee in your network' +level: high diff --git a/rules/windows/network_connection/sysmon_win_binary_susp_com.yml b/rules/windows/network_connection/sysmon_win_binary_susp_com.yml new file mode 100755 index 00000000..87445b5b --- /dev/null +++ b/rules/windows/network_connection/sysmon_win_binary_susp_com.yml @@ -0,0 +1,28 @@ +title: Microsoft Binary Suspicious Communication Endpoint +id: e0f8ab85-0ac9-423b-a73a-81b3c7b1aa97 +status: experimental +description: Detects an executable in the Windows folder accessing suspicious domains +references: + - https://twitter.com/M_haggis/status/900741347035889665 + - https://twitter.com/M_haggis/status/1032799638213066752 +author: Florian Roth +date: 2018/08/30 +tags: + - attack.lateral_movement + - attack.t1105 +logsource: + category: network_connection + product: windows + service: sysmon +detection: + selection: + Initiated: 'true' + DestinationHostname: + - '*dl.dropboxusercontent.com' + - '*.pastebin.com' + - '*.githubusercontent.com' # includes both gists and github repositories + Image: 'C:\Windows\\*' + condition: selection +falsepositives: + - 'Unknown' +level: high diff --git a/rules/windows/process_access/sysmon_cmstp_execution.yml b/rules/windows/process_access/sysmon_cmstp_execution.yml new file mode 100755 index 00000000..2299a92f --- /dev/null +++ b/rules/windows/process_access/sysmon_cmstp_execution.yml @@ -0,0 +1,49 @@ +action: global +title: CMSTP Execution +id: 9d26fede-b526-4413-b069-6e24b6d07167 +status: stable +description: Detects various indicators of Microsoft Connection Manager Profile Installer execution +tags: + - attack.defense_evasion + - attack.execution + - attack.t1191 + - attack.g0069 + - car.2019-04-001 +author: Nik Seetharaman +date: 2018/07/16 +references: + - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ +detection: + condition: 1 of them +fields: + - CommandLine + - ParentCommandLine + - Details +falsepositives: + - Legitimate CMSTP use (unlikely in modern enterprise environments) +level: high +--- +logsource: + product: windows + service: sysmon + category: registry_event +detection: + # Registry Object Add + selection2: + TargetObject: '*\cmmgr32.exe*' + EventType: 'CreateKey' + # Registry Object Value Set + selection3: + TargetObject: '*\cmmgr32.exe*' + # Process Access Call Trace + selection4: + CallTrace: '*cmlua.dll*' + +--- +logsource: + category: process_creation + product: windows +detection: + # CMSTP Spawning Child Process + selection1: + ParentImage: '*\cmstp.exe' diff --git a/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml b/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml new file mode 100755 index 00000000..284d860e --- /dev/null +++ b/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml @@ -0,0 +1,57 @@ +title: Credentials Dumping Tools Accessing LSASS Memory +id: 32d0d3e2-e58d-4d41-926b-18b520b2b32d +status: experimental +description: Detects process access LSASS memory which is typical for credentials dumping tools +author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, + oscd.community (update) +date: 2017/02/16 +modified: 2019/11/08 +references: + - https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow + - https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html + - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment + - http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf +tags: + - attack.t1003 + - attack.s0002 + - attack.credential_access + - car.2019-04-004 +logsource: + category: process_access + product: windows + service: sysmon +detection: + selection: + TargetImage|endswith: '\lsass.exe' + GrantedAccess|contains: + - '0x40' + - '0x1000' + - '0x1400' + - '0x100000' + - '0x1410' # car.2019-04-004 + - '0x1010' # car.2019-04-004 + - '0x1438' # car.2019-04-004 + - '0x143a' # car.2019-04-004 + - '0x1418' # car.2019-04-004 + - '0x1f0fff' + - '0x1f1fff' + - '0x1f2fff' + - '0x1f3fff' + filter: + ProcessName|endswith: # easy to bypass. need to implement supportive rule to detect bypass attempts + - '\wmiprvse.exe' + - '\taskmgr.exe' + - '\procexp64.exe' + - '\procexp.exe' + - '\lsm.exe' + - '\csrss.exe' + - '\wininit.exe' + - '\vmtoolsd.exe' + condition: selection and not filter +fields: + - ComputerName + - User + - SourceImage +falsepositives: + - Legitimate software accessing LSASS process for legitimate reason; update the whitelist with it +level: high diff --git a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml new file mode 100755 index 00000000..9ace8464 --- /dev/null +++ b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml @@ -0,0 +1,46 @@ +title: Suspicious In-Memory Module Execution +id: 5f113a8f-8b61-41ca-b90f-d374fa7e4a39 +description: Detects the access to processes by other suspicious processes which have reflectively loaded libraries in their memory space. An example is SilentTrinity + C2 behaviour. Generally speaking, when Sysmon EventID 10 cannot reference a stack call to a dll loaded from disk (the standard way), it will display "UNKNOWN" + as the module name. Usually this means the stack call points to a module that was reflectively loaded in memory. Adding to this, it is not common to see such + few calls in the stack (ntdll.dll --> kernelbase.dll --> unknown) which essentially means that most of the functions required by the process to execute certain + routines are already present in memory, not requiring any calls to external libraries. The latter should also be considered suspicious. +status: experimental +date: 2019/10/27 +author: Perez Diego (@darkquassar), oscd.community +references: + - https://azure.microsoft.com/en-ca/blog/detecting-in-memory-attacks-with-sysmon-and-azure-security-center/ +tags: + - attack.privilege_escalation + - attack.t1055 +logsource: + category: process_access + product: windows + service: sysmon +detection: + selection_01: + CallTrace: + - "C:\\Windows\\SYSTEM32\\ntdll.dll+*|C:\\Windows\\System32\\KERNELBASE.dll+*|UNKNOWN(*)" + - "*UNKNOWN(*)|UNKNOWN(*)" + selection_02: + CallTrace: "*UNKNOWN*" + granted_access: + GrantedAccess: + - "0x1F0FFF" + - "0x1F1FFF" + - "0x143A" + - "0x1410" + - "0x1010" + - "0x1F2FFF" + - "0x1F3FFF" + - "0x1FFFFF" + condition: selection_01 OR (selection_02 AND granted_access) +fields: + - ComputerName + - User + - SourceImage + - TargetImage + - CallTrace +level: critical +falsepositives: + - Low diff --git a/rules/windows/process_access/sysmon_invoke_phantom.yml b/rules/windows/process_access/sysmon_invoke_phantom.yml new file mode 100755 index 00000000..c2d61c17 --- /dev/null +++ b/rules/windows/process_access/sysmon_invoke_phantom.yml @@ -0,0 +1,26 @@ +title: Suspect Svchost Memory Asccess +id: 166e9c50-8cd9-44af-815d-d1f0c0e90dde +status: experimental +description: Detects suspect access to svchost process memory such as that used by Invoke-Phantom to kill the winRM windows event logging service. +author: Tim Burrell +date: 2020/01/02 +references: + - https://github.com/hlldz/Invoke-Phant0m + - https://twitter.com/timbmsft/status/900724491076214784 +tags: + - attack.t1089 + - attack.defense_evasion +logsource: + category: process_access + product: windows + service: sysmon +detection: + selection: + TargetImage: '*\windows\system32\svchost.exe' + GrantedAccess: '0x1f3fff' + CallTrace: + - '*unknown*' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/process_access/sysmon_lsass_memdump.yml b/rules/windows/process_access/sysmon_lsass_memdump.yml new file mode 100755 index 00000000..796e85d2 --- /dev/null +++ b/rules/windows/process_access/sysmon_lsass_memdump.yml @@ -0,0 +1,27 @@ +title: LSASS Memory Dump +id: 5ef9853e-4d0e-4a70-846f-a9ca37d876da +status: experimental +description: Detects process LSASS memory dump using procdump or taskmgr based on the CallTrace pointing to dbghelp.dll or dbgcore.dll for win10 +author: Samir Bousseaden +date: 2019/04/03 +references: + - https://blog.menasec.net/2019/02/threat-hunting-21-procdump-or-taskmgr.html +tags: + - attack.t1003 + - attack.s0002 + - attack.credential_access +logsource: + category: process_access + product: windows + service: sysmon +detection: + selection: + TargetImage: 'C:\windows\system32\lsass.exe' + GrantedAccess: '0x1fffff' + CallTrace: + - '*dbghelp.dll*' + - '*dbgcore.dll*' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml b/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml new file mode 100755 index 00000000..625f78a1 --- /dev/null +++ b/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml @@ -0,0 +1,30 @@ +title: Malware Shellcode in Verclsid Target Process +id: b7967e22-3d7e-409b-9ed5-cdae3f9243a1 +status: experimental +description: Detects a process access to verclsid.exe that injects shellcode from a Microsoft Office application / VBA macro +references: + - https://twitter.com/JohnLaTwC/status/837743453039534080 +tags: + - attack.defense_evasion + - attack.privilege_escalation + - attack.t1055 +author: John Lambert (tech), Florian Roth (rule) +date: 2017/03/04 +logsource: + category: process_access + product: windows + service: sysmon + definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' +detection: + selection: + TargetImage: '*\verclsid.exe' + GrantedAccess: '0x1FFFFF' + combination1: + CallTrace: '*|UNKNOWN(*VBE7.DLL*' + combination2: + SourceImage: '*\Microsoft Office\\*' + CallTrace: '*|UNKNOWN*' + condition: selection and 1 of combination* +falsepositives: + - unknown +level: high diff --git a/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml b/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml new file mode 100755 index 00000000..87650cda --- /dev/null +++ b/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml @@ -0,0 +1,26 @@ +title: Mimikatz through Windows Remote Management +id: aa35a627-33fb-4d04-a165-d33b4afca3e8 +description: Detects usage of mimikatz through WinRM protocol by monitoring access to lsass process by wsmprovhost.exe. +references: + - https://pentestlab.blog/2018/05/15/lateral-movement-winrm/ +status: stable +author: Patryk Prauze - ING Tech +date: 2019/05/20 +logsource: + category: process_access + product: windows + service: sysmon +detection: + selection: + TargetImage: 'C:\windows\system32\lsass.exe' + SourceImage: 'C:\Windows\system32\wsmprovhost.exe' + condition: selection +tags: + - attack.credential_access + - attack.execution + - attack.t1003 + - attack.t1028 + - attack.s0005 +falsepositives: + - low +level: high diff --git a/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml b/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml new file mode 100755 index 00000000..f87bd508 --- /dev/null +++ b/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml @@ -0,0 +1,36 @@ +title: OceanLotus Registry Activity +id: 4ac5fc44-a601-4c06-955b-309df8c4e9d4 +status: experimental +description: Detects registry keys created in OceanLotus (also known as APT32) attacks +references: + - https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/ +tags: + - attack.t1112 +author: megan201296 +date: 2019/04/14 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject: + - 'HKCR\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' + - 'HKU\\*_Classes\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' + # covers HKU\* and HKLM.. + - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\Application' + - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\DefaultIcon' + - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\Application' + - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\DefaultIcon' + - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\Application' + - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\DefaultIcon' + # HKCU\SOFTWARE\Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\ + - 'HKU\\*_Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\\*' + # HKCU\SOFTWARE\Classes\AppX3bbba44c6cae4d9695755183472171e2\ + - 'HKU\\*_Classes\AppX3bbba44c6cae4d9695755183472171e2\\*' + # HKCU\SOFTWARE\Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\ + - 'HKU\\*_Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\\*' + condition: selection +falsepositives: + - Unknown +level: critical diff --git a/rules/windows/registry_event/sysmon_apt_pandemic.yml b/rules/windows/registry_event/sysmon_apt_pandemic.yml new file mode 100755 index 00000000..63b8addf --- /dev/null +++ b/rules/windows/registry_event/sysmon_apt_pandemic.yml @@ -0,0 +1,41 @@ +action: global +title: Pandemic Registry Key +id: 47e0852a-cf81-4494-a8e6-31864f8c86ed +status: experimental +description: Detects Pandemic Windows Implant +references: + - https://wikileaks.org/vault7/#Pandemic + - https://twitter.com/MalwareJake/status/870349480356454401 +tags: + - attack.lateral_movement + - attack.t1105 +author: Florian Roth +date: 2017/06/01 +detection: + condition: 1 of them +fields: + - EventID + - CommandLine + - ParentCommandLine + - Image + - User + - TargetObject +falsepositives: + - unknown +level: critical +--- +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection1: + TargetObject: + - 'HKLM\SYSTEM\CurrentControlSet\services\null\Instance*' +--- +logsource: + category: process_creation + product: windows +detection: + selection2: + Command: 'loaddll -a *' diff --git a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml new file mode 100755 index 00000000..79013d30 --- /dev/null +++ b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml @@ -0,0 +1,34 @@ +title: Autorun Keys Modification +id: 17f878b8-9968-4578-b814-c4217fc5768c +description: Detects modification of autostart extensibility point (ASEP) in registry +status: experimental +references: + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1060/T1060.yaml +tags: + - attack.persistence + - attack.t1060 +date: 2019/10/21 +modified: 2019/11/10 +author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + + TargetObject|contains: + - '\software\Microsoft\Windows\CurrentVersion\Run' + - '\software\Microsoft\Windows\CurrentVersion\RunOnce' + - '\software\Microsoft\Windows\CurrentVersion\RunOnceEx' + - '\software\Microsoft\Windows\CurrentVersion\RunServices' + - '\software\Microsoft\Windows\CurrentVersion\RunServicesOnce' + - '\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit' + - '\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell' + - '\software\Microsoft\Windows NT\CurrentVersion\Windows' + - '\software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' + condition: selection +falsepositives: + - Legitimate software automatically (mostly, during installation) sets up autorun keys for legitimate reason + - Legitimate administrator sets up autorun keys for legitimate reason +level: medium diff --git a/rules/windows/registry_event/sysmon_cmstp_execution.yml b/rules/windows/registry_event/sysmon_cmstp_execution.yml new file mode 100755 index 00000000..48fdfafe --- /dev/null +++ b/rules/windows/registry_event/sysmon_cmstp_execution.yml @@ -0,0 +1,50 @@ +action: global +title: CMSTP Execution +id: 9d26fede-b526-4413-b069-6e24b6d07167 +status: stable +description: Detects various indicators of Microsoft Connection Manager Profile Installer execution +tags: + - attack.defense_evasion + - attack.execution + - attack.t1191 + - attack.g0069 + - car.2019-04-001 +author: Nik Seetharaman +date: 2018/07/16 +references: + - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ +detection: + condition: 1 of them +fields: + - CommandLine + - ParentCommandLine + - Details +falsepositives: + - Legitimate CMSTP use (unlikely in modern enterprise environments) +level: high +--- +logsource: + category: process_creation,registry_event + product: windows + service: sysmon +detection: + # Registry Object Add + selection2: + TargetObject: '*\cmmgr32.exe*' + EventType: 'CreateKey' + # Registry Object Value Set + selection3: + + TargetObject: '*\cmmgr32.exe*' + # Process Access Call Trace + selection4: + CallTrace: '*cmlua.dll*' +--- +detection: + # CMSTP Spawning Child Process + selection1: + ParentImage: '*\cmstp.exe' + +logsource: + category: process_creation + product: windows diff --git a/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml new file mode 100755 index 00000000..d7304285 --- /dev/null +++ b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml @@ -0,0 +1,29 @@ +title: DHCP Callout DLL Installation +id: 9d3436ef-9476-4c43-acca-90ce06bdf33a +status: experimental +description: Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the + DHCP server (restart required) +references: + - https://blog.3or.de/mimilib-dhcp-server-callout-dll-injection.html + - https://technet.microsoft.com/en-us/library/cc726884(v=ws.10).aspx + - https://msdn.microsoft.com/de-de/library/windows/desktop/aa363389(v=vs.85).aspx +date: 2017/05/15 +author: Dimitrios Slamaris +tags: + - attack.defense_evasion + - attack.t1073 + - attack.t1112 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + + TargetObject: + - '*\Services\DHCPServer\Parameters\CalloutDlls' + - '*\Services\DHCPServer\Parameters\CalloutEnabled' + condition: selection +falsepositives: + - unknown +level: high diff --git a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml new file mode 100755 index 00000000..57035340 --- /dev/null +++ b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -0,0 +1,33 @@ +title: Disable Security Events Logging Adding Reg Key MiniNt +id: 919f2ef0-be2d-4a7a-b635-eb2b41fde044 +status: experimental +description: Detects the addition of a key 'MiniNt' to the registry. Upon a reboot, Windows Event Log service will stopped write events. +references: + - https://twitter.com/0gtweet/status/1182516740955226112 +tags: + - attack.defense_evasion + - attack.t1089 +author: Ilyas Ochkov, oscd.community +date: 2019/10/25 +modified: 2019/11/13 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + - EventID: 12 # key create + # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + EventType: 'CreateKey' # we don't want deletekey + - # key rename + NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + condition: selection +fields: + - EventID + - Image + - TargetObject + - NewName +falsepositives: + - Unkown +level: high diff --git a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml new file mode 100755 index 00000000..bcf1bd39 --- /dev/null +++ b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml @@ -0,0 +1,40 @@ +action: global +title: DNS ServerLevelPluginDll Install +id: e61e8a88-59a9-451c-874e-70fcc9740d67 +status: experimental +description: Detects the installation of a plugin DLL via ServerLevelPluginDll parameter in Registry, which can be used to execute code in context of the DNS server + (restart required) +references: + - https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83 +date: 2017/05/08 +author: Florian Roth +tags: + - attack.defense_evasion + - attack.t1073 +detection: + condition: 1 of them +fields: + - EventID + - CommandLine + - ParentCommandLine + - Image + - User + - TargetObject +falsepositives: + - unknown +level: high +--- +logsource: + product: windows + service: sysmon + category: registry_event +detection: + dnsregmod: + TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll' +--- +logsource: + category: process_creation + product: windows +detection: + dnsadmin: + CommandLine: 'dnscmd.exe /config /serverlevelplugindll *' diff --git a/rules/windows/registry_event/sysmon_hack_wce.yml b/rules/windows/registry_event/sysmon_hack_wce.yml new file mode 100755 index 00000000..ab1c9e27 --- /dev/null +++ b/rules/windows/registry_event/sysmon_hack_wce.yml @@ -0,0 +1,37 @@ +action: global +title: Windows Credential Editor +id: 7aa7009a-28b9-4344-8c1f-159489a390df +description: Detects the use of Windows Credential Editor (WCE) +author: Florian Roth +references: + - https://www.ampliasecurity.com/research/windows-credentials-editor/ +date: 2019/12/31 +tags: + - attack.credential_access + - attack.t1003 + - attack.s0005 +falsepositives: + - 'Another service that uses a single -s command line switch' +level: critical +--- +logsource: + category: process_creation + product: windows +detection: + selection1: + Imphash: + - a53a02b997935fd8eedcb5f7abab9b9f + - e96a73c7bf33a464c510ede582318bf2 + selection2: + CommandLine|endswith: '.exe -S' + ParentImage|endswith: '\services.exe' + condition: 1 of them +--- +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject|contains: Services\WCESERVICE\Start + condition: selection diff --git a/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml b/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml new file mode 100755 index 00000000..bfb2874e --- /dev/null +++ b/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml @@ -0,0 +1,26 @@ +title: Narrator's Feedback-Hub Persistence +id: f663a6d9-9d1b-49b8-b2b1-0637914d199a +description: Detects abusing Windows 10 Narrator's Feedback-Hub +references: + - https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html +tags: + - attack.persistence + - attack.t1060 +author: Dmitriy Lifanov, oscd.community +status: experimental +date: 2019/10/25 +modified: 2019/11/10 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection1: + EventType: DeleteValue + TargetObject|endswith: '\AppXypsaf9f1qserqevf0sws76dx4k9a5206\Shell\open\command\DelegateExecute' + selection2: + TargetObject|endswith: '\AppXypsaf9f1qserqevf0sws76dx4k9a5206\Shell\open\command\(Default)' + condition: 1 of them +falsepositives: + - unknown +level: high diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml new file mode 100755 index 00000000..fbf57d3e --- /dev/null +++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -0,0 +1,36 @@ +title: New DLL Added to AppCertDlls Registry Key +id: 6aa1d992-5925-4e9f-a49b-845e51d1de01 +status: experimental +description: Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation + by causing a malicious DLL to be loaded and run in the context of separate processes on the computer. +references: + - http://www.hexacorn.com/blog/2013/01/19/beyond-good-ol-run-key-part-3/ + - https://eqllib.readthedocs.io/en/latest/analytics/14f90406-10a0-4d36-a672-31cabe149f2f.html +tags: + - attack.persistence + - attack.t1182 +author: Ilyas Ochkov, oscd.community +date: 2019/10/25 +modified: 2019/11/13 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + - EventID: + - 12 # key create + - 13 # value set + # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' + - # key rename + NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' + condition: selection +fields: + - EventID + - Image + - TargetObject + - NewName +falsepositives: + - Unkown +level: medium diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml new file mode 100755 index 00000000..52a2dac6 --- /dev/null +++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -0,0 +1,35 @@ +title: New DLL Added to AppInit_DLLs Registry Key +id: 4f84b697-c9ed-4420-8ab5-e09af5b2345d +status: experimental +description: DLLs that are specified in the AppInit_DLLs value in the Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll + into every process that loads user32.dll +references: + - https://eqllib.readthedocs.io/en/latest/analytics/822dc4c5-b355-4df8-bd37-29c458997b8f.html +tags: + - attack.persistence + - attack.t1103 +author: Ilyas Ochkov, oscd.community +date: 2019/10/25 +modified: 2019/11/13 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + - TargetObject: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - # key rename + NewName: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + condition: selection +fields: + - EventID + - Image + - TargetObject + - NewName +falsepositives: + - Unkown +level: medium diff --git a/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml b/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml new file mode 100755 index 00000000..afcee2b4 --- /dev/null +++ b/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml @@ -0,0 +1,33 @@ +title: Possible Privilege Escalation via Service Permissions Weakness +id: 0f9c21f1-6a73-4b0e-9809-cb562cb8d981 +description: Detect modification of services configuration (ImagePath, FailureCommand and ServiceDLL) in registry by processes with Medium integrity level +references: + - https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment + - https://pentestlab.blog/2017/03/31/insecure-registry-permissions/ +tags: + - attack.privilege_escalation + - attack.t1058 +status: experimental +author: Teymur Kheirkhabarov +date: 2019/10/26 +modified: 2019/11/11 +logsource: + product: windows + service: sysmon + category: registry_event +detection: + selection: + + IntegrityLevel: 'Medium' + TargetObject|contains: '\services\' + TargetObject|endswith: + - '\ImagePath' + - '\FailureCommand' + - '\Parameters\ServiceDll' + condition: selection +falsepositives: + - Unknown +level: high +enrichment: + - EN_0001_cache_sysmon_event_id_1_info # http://bit.ly/314zc6x + - EN_0003_enrich_other_sysmon_events_with_event_id_1_data # http://bit.ly/2ojW7fw diff --git a/rules/windows/registry_event/sysmon_rdp_registry_modification.yml b/rules/windows/registry_event/sysmon_rdp_registry_modification.yml new file mode 100755 index 00000000..2ebecfe7 --- /dev/null +++ b/rules/windows/registry_event/sysmon_rdp_registry_modification.yml @@ -0,0 +1,31 @@ +title: RDP Registry Modification +id: 41904ebe-d56c-4904-b9ad-7a77bdf154b3 +description: Detects potential malicious modification of the property value of fDenyTSConnections and UserAuthentication to enable remote desktop connections. +status: experimental +date: 2019/09/12 +modified: 2019/11/10 +author: Roberto Rodriguez @Cyb3rWard0g +references: + - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/05_defense_evasion/T1112_Modify_Registry/enable_rdp_registry.md +tags: + - attack.defense_evasion + - attack.t1112 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject|endswith: + - '\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication' + - '\CurrentControlSet\Control\Terminal Server\fDenyTSConnections' + Details: 'DWORD (0x00000000)' + condition: selection +fields: + - ComputerName + - Image + - EventType + - TargetObject +falsepositives: + - Unknown +level: high diff --git a/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml b/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml new file mode 100755 index 00000000..bad6cc8f --- /dev/null +++ b/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml @@ -0,0 +1,23 @@ +title: RDP Sensitive Settings Changed +id: 171b67e1-74b4-460e-8d55-b331f3e32d67 +description: Detects changes to RDP terminal service sensitive settings +references: + - https://blog.menasec.net/2019/02/threat-hunting-rdp-hijacking-via.html +date: 2019/04/03 +author: Samir Bousseaden +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection_reg: + TargetObject: + - '*\services\TermService\Parameters\ServiceDll*' + - '*\Control\Terminal Server\fSingleSessionPerUser*' + - '*\Control\Terminal Server\fDenyTSConnections*' + condition: selection_reg +tags: + - attack.defense_evasion +falsepositives: + - unknown +level: high diff --git a/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml b/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml new file mode 100755 index 00000000..f7594c5d --- /dev/null +++ b/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml @@ -0,0 +1,24 @@ +title: Windows Registry Persistence COM Key Linking +id: 9b0f8a61-91b2-464f-aceb-0527e0a45020 +status: experimental +description: Detects COM object hijacking via TreatAs subkey +references: + - https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/ +author: Kutepov Anton, oscd.community +date: 2019/10/23 +modified: 2019/11/07 +tags: + - attack.persistence + - attack.t1122 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + EventType: 'CreateKey' # don't want DeleteKey events + TargetObject: 'HKU\\*_Classes\CLSID\\*\TreatAs' + condition: selection +falsepositives: + - Maybe some system utilities in rare cases use linking keys for backward compability +level: medium diff --git a/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml b/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml new file mode 100755 index 00000000..62f0c6bf --- /dev/null +++ b/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml @@ -0,0 +1,29 @@ +title: Windows Registry Persistence COM Search Order Hijacking +id: a0ff33d8-79e4-4cef-b4f3-9dc4133ccd12 +status: experimental +description: Detects potential COM object hijacking leveraging the COM Search Order +references: + - https://www.cyberbit.com/blog/endpoint-security/com-hijacking-windows-overlooked-security-vulnerability/ +author: Maxime Thiebaut (@0xThiebaut) +date: 2020/04/14 +tags: + - attack.persistence + - attack.t1038 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: # Detect new COM servers in the user hive + TargetObject: 'HKU\\*_Classes\CLSID\\*\InProcServer32\(Default)' + filter: + Details: # Exclude privileged directories and observed FPs + - '%%systemroot%%\system32\\*' + - '%%systemroot%%\SysWow64\\*' + - '*\AppData\Local\Microsoft\OneDrive\\*\FileCoAuthLib64.dll' + - '*\AppData\Local\Microsoft\OneDrive\\*\FileSyncShell64.dll' + - '*\AppData\Local\Microsoft\TeamsMeetingAddin\\*\Microsoft.Teams.AddinLoader.dll' + condition: selection and not filter +falsepositives: + - Some installed utilities (i.e. OneDrive) may serve new COM objects at user-level +level: medium diff --git a/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml b/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml new file mode 100755 index 00000000..807bba13 --- /dev/null +++ b/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml @@ -0,0 +1,24 @@ +title: Windows Registry Trust Record Modification +id: 295a59c1-7b79-4b47-a930-df12c15fc9c2 +status: experimental +description: Alerts on trust record modification within the registry, indicating usage of macros +references: + - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ + - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html +author: Antonlovesdnb +date: 2020/02/19 +modified: 2020/02/19 +tags: + - attack.initial_access + - attack.t1193 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject|contains: 'TrustRecords' + condition: selection +falsepositives: + - Alerts on legitimate macro usage as well, will need to filter as appropriate +level: medium diff --git a/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml b/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml new file mode 100755 index 00000000..ea90b5de --- /dev/null +++ b/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml @@ -0,0 +1,28 @@ +title: Security Support Provider (SSP) Added to LSA Configuration +id: eeb30123-9fbd-4ee8-aaa0-2e545bbed6dc +status: experimental +description: Detects the addition of a SSP to the registry. Upon a reboot or API call, SSP DLLs gain access to encrypted and plaintext passwords stored in Windows. +references: + - https://attack.mitre.org/techniques/T1101/ + - https://powersploit.readthedocs.io/en/latest/Persistence/Install-SSP/ +tags: + - attack.persistence + - attack.t1011 +author: iwillkeepwatch +date: 2019/01/18 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection_registry: + TargetObject: + - 'HKLM\System\CurrentControlSet\Control\Lsa\Security Packages' + - 'HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Security Packages' + exclusion_images: + - Image: C:\Windows\system32\msiexec.exe + - Image: C:\Windows\syswow64\MsiExec.exe + condition: selection_registry and not exclusion_images +falsepositives: + - Unlikely +level: critical diff --git a/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml new file mode 100755 index 00000000..79050d32 --- /dev/null +++ b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml @@ -0,0 +1,51 @@ +action: global +title: Sticky Key Like Backdoor Usage +id: baca5663-583c-45f9-b5dc-ea96a22ce542 +description: Detects the usage and installation of a backdoor that uses an option to register a malicious debugger for built-in tools that are accessible in the login + screen +references: + - https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/ +tags: + - attack.privilege_escalation + - attack.persistence + - attack.t1015 + - car.2014-11-003 + - car.2014-11-008 +author: Florian Roth, @twjackomo +date: 2018/03/15 +detection: + condition: 1 of them +falsepositives: + - Unlikely +level: critical +--- +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection_registry: + TargetObject: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe\Debugger' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe\Debugger' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Narrator.exe\Debugger' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe\Debugger' + EventType: 'SetValue' +--- +logsource: + category: process_creation + product: windows +detection: + selection_process: + ParentImage: + - '*\winlogon.exe' + CommandLine: + - '*cmd.exe sethc.exe *' + - '*cmd.exe utilman.exe *' + - '*cmd.exe osk.exe *' + - '*cmd.exe Magnify.exe *' + - '*cmd.exe Narrator.exe *' + - '*cmd.exe DisplaySwitch.exe *' + diff --git a/rules/windows/registry_event/sysmon_susp_download_run_key.yml b/rules/windows/registry_event/sysmon_susp_download_run_key.yml new file mode 100755 index 00000000..856e06df --- /dev/null +++ b/rules/windows/registry_event/sysmon_susp_download_run_key.yml @@ -0,0 +1,26 @@ +title: Suspicious RUN Key from Download +id: 9c5037d1-c568-49b3-88c7-9846a5bdc2be +status: experimental +description: Detects the suspicious RUN keys created by software located in Download or temporary Outlook/Internet Explorer directories +references: + - https://app.any.run/tasks/c5bef5b7-f484-4c43-9cf3-d5c5c7839def/ +author: Florian Roth +date: 2019/10/01 +tags: + - attack.persistence + - attack.t1060 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + Image: + - '*\Downloads\\*' + - '*\Temporary Internet Files\Content.Outlook\\*' + - '*\Local Settings\Temporary Internet Files\\*' + TargetObject: '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' + condition: selection +falsepositives: + - Software installers downloaded and used by users +level: high diff --git a/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml b/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml new file mode 100755 index 00000000..b5637468 --- /dev/null +++ b/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml @@ -0,0 +1,34 @@ +title: Registry Persistence via Explorer Run Key +id: b7916c2a-fa2f-4795-9477-32b731f70f11 +status: experimental +description: Detects a possible persistence mechanism using RUN key for Windows Explorer and pointing to a suspicious folder +author: Florian Roth +date: 2018/07/18 +references: + - https://researchcenter.paloaltonetworks.com/2018/07/unit42-upatre-continues-evolve-new-anti-analysis-techniques/ +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject: '*\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' + Details: + - 'C:\Windows\Temp\\*' + - 'C:\ProgramData\\*' + - '*\AppData\\*' + - 'C:\$Recycle.bin\\*' + - 'C:\Temp\\*' + - 'C:\Users\Public\\*' + - 'C:\Users\Default\\*' + condition: selection +tags: + - attack.persistence + - attack.t1060 + - capec.270 +fields: + - Image + - ParentImage +falsepositives: + - Unknown +level: high diff --git a/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml b/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml new file mode 100755 index 00000000..40f184b3 --- /dev/null +++ b/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml @@ -0,0 +1,37 @@ +title: New RUN Key Pointing to Suspicious Folder +id: 02ee49e2-e294-4d0f-9278-f5b3212fc588 +status: experimental +description: Detects suspicious new RUN key element pointing to an executable in a suspicious folder +references: + - https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html +author: Florian Roth, Markus Neis, Sander Wiebing +tags: + - attack.persistence + - attack.t1060 +date: 2018/08/25 +modified: 2020/05/24 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + TargetObject: + - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' + - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' + Details: + - '*C:\Windows\Temp\\*' + - '*C:\$Recycle.bin\\*' + - '*C:\Temp\\*' + - '*C:\Users\Public\\*' + - '%Public%\\*' + - '*C:\Users\Default\\*' + - '*C:\Users\Desktop\\*' + - 'wscript*' + - 'cscript*' + condition: selection +fields: + - Image +falsepositives: + - Software using weird folders for updates +level: high diff --git a/rules/windows/registry_event/sysmon_susp_service_installed.yml b/rules/windows/registry_event/sysmon_susp_service_installed.yml new file mode 100755 index 00000000..eaf443b6 --- /dev/null +++ b/rules/windows/registry_event/sysmon_susp_service_installed.yml @@ -0,0 +1,34 @@ +title: Suspicious Service Installed +id: f2485272-a156-4773-82d7-1d178bc4905b +description: Detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) +status: experimental +date: 2019/04/08 +author: xknow (@xknow_infosec), xorxes (@xor_xes) +references: + - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ +tags: + - attack.t1089 + - attack.defense_evasion +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection_1: + + TargetObject: + - 'HKLM\System\CurrentControlSet\Services\NalDrv\ImagePath' + - 'HKLM\System\CurrentControlSet\Services\PROCEXP152\ImagePath' + selection_2: + Image|contains: + - '*\procexp64.exe' + - '*\procexp.exe' + - '*\procmon64.exe' + - '*\procmon.exe' + selection_3: + Details|contains: + - '*\WINDOWS\system32\Drivers\PROCEXP152.SYS' + condition: selection_1 and not selection_2 and not selection_3 +falsepositives: + - Other legimate tools using this service names and drivers. Note - clever attackers may easily bypass this detection by just renaming the services. Therefore just Medium-level and don't rely on it. +level: medium diff --git a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml new file mode 100755 index 00000000..1ba94b9b --- /dev/null +++ b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml @@ -0,0 +1,30 @@ +title: Suspicious Keyboard Layout Load +id: 34aa0252-6039-40ff-951f-939fd6ce47d8 +description: Detects the keyboard preload installation with a suspicious keyboard layout, e.g. Chinese, Iranian or Vietnamese layout load in user session on systems + maintained by US staff only +references: + - https://renenyffenegger.ch/notes/Windows/registry/tree/HKEY_CURRENT_USER/Keyboard-Layout/Preload/index + - https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files +author: Florian Roth +date: 2019/10/12 +modified: 2019/10/15 +logsource: + category: registry_event + product: windows + service: sysmon + definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files' +detection: + selection_registry: + + TargetObject: + - '*\Keyboard Layout\Preload\*' + - '*\Keyboard Layout\Substitutes\*' + Details|contains: + - 00000429 # Persian (Iran) + - 00050429 # Persian (Iran) + - 0000042a # Vietnamese + condition: selection_registry +falsepositives: + - "Administrators or users that actually use the selected keyboard layouts (heavily depends on the organisation's user base)" +level: medium + diff --git a/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml new file mode 100755 index 00000000..21ab67c9 --- /dev/null +++ b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml @@ -0,0 +1,30 @@ +action: global +title: Usage of Sysinternals Tools +id: 25ffa65d-76d8-4da5-a832-3f2b0136e133 +status: experimental +description: Detects the usage of Sysinternals Tools due to accepteula key being added to Registry +references: + - https://twitter.com/Moti_B/status/1008587936735035392 +date: 2017/08/28 +author: Markus Neis +detection: + condition: 1 of them +falsepositives: + - Legitimate use of SysInternals tools + - Programs that use the same Registry Key +level: low +--- +logsource: + product: windows + service: sysmon + category: registry_event +detection: + selection1: + TargetObject: '*\EulaAccepted' +--- +logsource: + category: process_creation + product: windows +detection: + selection2: + CommandLine: '* -accepteula*' diff --git a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml new file mode 100755 index 00000000..ba3dfb7c --- /dev/null +++ b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml @@ -0,0 +1,34 @@ +title: UAC Bypass via Event Viewer +id: 7c81fec3-1c1d-43b0-996a-46753041b1b6 +status: experimental +description: Detects UAC bypass method using Windows event viewer +references: + - https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ + - https://www.hybrid-analysis.com/sample/e122bc8bf291f15cab182a5d2d27b8db1e7019e4e96bb5cdbd1dfe7446f3f51f?environmentId=100 +author: Florian Roth +date: 2017/03/19 +logsource: + product: windows + service: sysmon + category: registry_event +detection: + methregistry: + + TargetObject: 'HKU\\*\mscfile\shell\open\command' + methprocess: + EventID: 1 # Migration to process_creation requires multipart YAML + ParentImage: '*\eventvwr.exe' + filterprocess: + Image: '*\mmc.exe' + condition: methregistry or ( methprocess and not filterprocess ) +fields: + - CommandLine + - ParentCommandLine +tags: + - attack.defense_evasion + - attack.privilege_escalation + - attack.t1088 + - car.2019-04-001 +falsepositives: + - unknown +level: critical diff --git a/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml b/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml new file mode 100755 index 00000000..67fc2b84 --- /dev/null +++ b/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml @@ -0,0 +1,25 @@ +title: UAC Bypass via Sdclt +id: 5b872a46-3b90-45c1-8419-f675db8053aa +status: experimental +description: Detects changes to HKCU:\Software\Classes\exefile\shell\runas\command\isolatedCommand +references: + - https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/ +author: Omer Yampel +date: 2017/03/17 +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection: + # usrclass.dat is mounted on HKU\USERSID_Classes\... + TargetObject: 'HKU\\*_Classes\exefile\shell\runas\command\isolatedCommand' + condition: selection +tags: + - attack.defense_evasion + - attack.privilege_escalation + - attack.t1088 + - car.2019-04-001 +falsepositives: + - unknown +level: high diff --git a/rules/windows/registry_event/sysmon_win_reg_persistence.yml b/rules/windows/registry_event/sysmon_win_reg_persistence.yml new file mode 100755 index 00000000..7779229b --- /dev/null +++ b/rules/windows/registry_event/sysmon_win_reg_persistence.yml @@ -0,0 +1,28 @@ +title: Registry Persistence Mechanisms +id: 36803969-5421-41ec-b92f-8500f79c23b0 +description: Detects persistence registry keys +references: + - https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/ +date: 2018/04/11 +author: Karneades +logsource: + category: registry_event + product: windows + service: sysmon +detection: + selection_reg1: + TargetObject: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\*\GlobalFlag' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\ReportingMode' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\MonitorProcess' + EventType: SetValue + condition: selection_reg1 +tags: + - attack.privilege_escalation + - attack.persistence + - attack.defense_evasion + - attack.t1183 + - car.2013-01-002 +falsepositives: + - unknown +level: critical From f553fb2e33a5fc1681fbd7cb7a0cf3d9b22ce5fe Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 10 Jun 2020 16:35:14 +0200 Subject: [PATCH 450/714] Cosmetics --- rules/windows/sysmon/sysmon_reg_office_security.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/sysmon/sysmon_reg_office_security.yml b/rules/windows/sysmon/sysmon_reg_office_security.yml index e9f00dda..31fa9e19 100644 --- a/rules/windows/sysmon/sysmon_reg_office_security.yml +++ b/rules/windows/sysmon/sysmon_reg_office_security.yml @@ -17,14 +17,14 @@ logsource: detection: sec_settings: EventID: - - 12 - - 13 + - 12 + - 13 TargetObject|endswith: - '*\Security\Trusted Documents\TrustRecords' - '*\Security\AccessVBOM' - '*\Security\VBAWarnings' EventType: - - SetValue - - DeleteValue - - CreateValue + - SetValue + - DeleteValue + - CreateValue condition: sec_settings From 13c7d40a22f41fb2e4c8022ad42e87f9b4545050 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 10 Jun 2020 16:35:41 +0200 Subject: [PATCH 451/714] Cosmetics --- .../windows/process_creation/win_susp_findstr_lnk.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/rules/windows/process_creation/win_susp_findstr_lnk.yml b/rules/windows/process_creation/win_susp_findstr_lnk.yml index 657d47ff..dd594f67 100644 --- a/rules/windows/process_creation/win_susp_findstr_lnk.yml +++ b/rules/windows/process_creation/win_susp_findstr_lnk.yml @@ -3,15 +3,15 @@ id: 33339be3-148b-4e16-af56-ad16ec6c7e7b description: Detects usage of findstr to identify and execute a lnk file as seen within the HHS redirect attack status: experimental references: - - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/ + - https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/ tags: - - attack.defense_evasion - - attack.t1202 + - attack.defense_evasion + - attack.t1202 author: Trent Liffick date: 2020/05/01 logsource: - category: process_creation - product: windows + category: process_creation + product: windows detection: selection: Image: '*\findstr.exe' From 6e4aa01baa5eab743896e9be29ff8307e09b1cec Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 10 Jun 2020 16:36:17 +0200 Subject: [PATCH 452/714] Cosmetics --- .../win_apt_lazarus_session_highjack.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml index a9fc5185..7eb8c3a3 100644 --- a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml +++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml @@ -3,7 +3,7 @@ id: 3f7f5b0b-5b16-476c-a85f-ab477f6dd24b description: Detects executables launched outside their default directories as used by Lazarus Group (Bluenoroff) status: experimental references: - - https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf + - https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf tags: - attack.defense_evasion - attack.t1036 @@ -14,14 +14,14 @@ logsource: product: windows detection: selection: - Image: - - '*\mstdc.exe' - - '*\gpvc.exe' + Image: + - '*\mstdc.exe' + - '*\gpvc.exe' filter: - Image: - - 'C:\Windows\System32\\*' - - 'C:\Windows\SysWOW64\\*' + Image: + - 'C:\Windows\System32\\*' + - 'C:\Windows\SysWOW64\\*' condition: selection and not filter falsepositives: - - unknown + - unknown level: high From 96309d247bcd65221b4c7c4b8844b8f12d1c695b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 10 Jun 2020 16:41:03 +0200 Subject: [PATCH 453/714] fix: cosmetic fault --- .../process_creation/win_apt_lazarus_session_highjack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml index 7eb8c3a3..7f074637 100644 --- a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml +++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml @@ -20,7 +20,7 @@ detection: filter: Image: - 'C:\Windows\System32\\*' - - 'C:\Windows\SysWOW64\\*' + - 'C:\Windows\SysWOW64\\*' condition: selection and not filter falsepositives: - unknown From 9835c6d67d1b6e4e09c60f74ff8c7589dae4b540 Mon Sep 17 00:00:00 2001 From: Cian Heasley Date: Wed, 10 Jun 2020 15:53:22 +0100 Subject: [PATCH 454/714] add win_pcap_drivers.yml --- rules/windows/other/win_pcap_drivers.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 rules/windows/other/win_pcap_drivers.yml diff --git a/rules/windows/other/win_pcap_drivers.yml b/rules/windows/other/win_pcap_drivers.yml new file mode 100644 index 00000000..64c37f1b --- /dev/null +++ b/rules/windows/other/win_pcap_drivers.yml @@ -0,0 +1,42 @@ +action: global +title: Windows Pcap Drivers +id: 7b687634-ab20-11ea-bb37-0242ac130002 +status: experimental +description: Detects Windows Pcap driver installation based on a list of associated .sys files. +author: Cian Heasley +date: 2020/06/10 +references: + - https://ragged-lab.blogspot.com/2020/06/capturing-pcap-driver-installations.html#more +tags: + - attack.discovery + - attack.CredentialAccess + - attack.t1040 +detection: + condition: 1 of them +fields: + - EventID + - ServiceFileName + - Account_Name + - Computer_Name + - Originating_Computer + - ServiceName +falsepositives: + - unknown +level: low +--- +logsource: + product: windows + service: system +detection: + service_installation: + EventID: 4697 + ServiceFileName: + - '*pcap*' + - '*npcap*' + - '*npf*' + - '*nm3*' + - '*ndiscap*'' + - '*nmnt*' + - '*windivert*' + - '*USBPcap*' + - '*pktmon*' From a7136481f1c7f48ed723751105d03a117a1d2b7b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 11 Jun 2020 11:14:43 +0200 Subject: [PATCH 455/714] Update win_pcap_drivers.yml --- rules/windows/other/win_pcap_drivers.yml | 27 +++++++++++------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/rules/windows/other/win_pcap_drivers.yml b/rules/windows/other/win_pcap_drivers.yml index 64c37f1b..f21ed6c9 100644 --- a/rules/windows/other/win_pcap_drivers.yml +++ b/rules/windows/other/win_pcap_drivers.yml @@ -1,4 +1,3 @@ -action: global title: Windows Pcap Drivers id: 7b687634-ab20-11ea-bb37-0242ac130002 status: experimental @@ -9,21 +8,8 @@ references: - https://ragged-lab.blogspot.com/2020/06/capturing-pcap-driver-installations.html#more tags: - attack.discovery - - attack.CredentialAccess + - attack.credential_access - attack.t1040 -detection: - condition: 1 of them -fields: - - EventID - - ServiceFileName - - Account_Name - - Computer_Name - - Originating_Computer - - ServiceName -falsepositives: - - unknown -level: low ---- logsource: product: windows service: system @@ -40,3 +26,14 @@ detection: - '*windivert*' - '*USBPcap*' - '*pktmon*' + condition: 1 of them +fields: + - EventID + - ServiceFileName + - Account_Name + - Computer_Name + - Originating_Computer + - ServiceName +falsepositives: + - unknown +level: medium From bbcbed4742495ad11d052c5fd185a035ee88bde2 Mon Sep 17 00:00:00 2001 From: Simen Lybekk Date: Thu, 11 Jun 2020 14:28:22 +0200 Subject: [PATCH 456/714] Add parentheses about field list groups in CB This should address the grouping issue from #660. The grouping issue was solved by just slamming some parentheses around the fields in the listExpression field. --- tools/sigma/backends/carbonblack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py index a06af826..8d987fc1 100644 --- a/tools/sigma/backends/carbonblack.py +++ b/tools/sigma/backends/carbonblack.py @@ -54,7 +54,7 @@ class CarbonBlackQueryBackend(CarbonBlackWildcardHandlingMixin, SingleTextQueryB orToken = " OR " notToken = " -" subExpression = "(%s)" - listExpression = "%s" + listExpression = "(%s)" listSeparator = " OR " valueExpression = '%s' typedValueExpression = { From f56e2599b1768a95ce36d36de2c99749d498734b Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 11 Jun 2020 15:48:48 +0200 Subject: [PATCH 457/714] Cmd.exe Path Traversal Detection --- .../sysmon_cmd_commandline_path_traversal.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml diff --git a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml new file mode 100644 index 00000000..d6b0b507 --- /dev/null +++ b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml @@ -0,0 +1,26 @@ +title: Cmd.exe CommandLine Path Traversal +id: 087790e3-3287-436c-bccf-cbd0184a7db1 +description: detects the usage of path traversal in cmd.exe indicating possible command/argument confusion/hijacking +status: experimental +date: 2020/06/11 +author: xknow @xknow_infosec +references: + - https://hackingiscool.pl/cmdhijack-command-argument-confusion-with-path-traversal-in-cmd-exe/ + - https://twitter.com/Oddvarmoe/status/1270633613449723905 +tags: + - attack.t1059 + - attack.execution +logsource: + product: windows + service: sysmon +detection: + selection_1: + EventID: 1 + ParentCommandLine|contains: 'cmd*/c' + CommandLine|contains: '/../../' + selection_2: + ParentCommandLine|contains: '/../../' + condition: selection_1 AND selection_2 +falsepositives: + - (not much) some benign Java tools may product false-positive commandlines for loading libraries +level: high \ No newline at end of file From 2081baafe584d0a45fc2869567b4e28d7630e56a Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 11 Jun 2020 15:58:05 +0200 Subject: [PATCH 458/714] updated to process_creation --- rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml index d6b0b507..b47b08e1 100644 --- a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml +++ b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml @@ -11,11 +11,10 @@ tags: - attack.t1059 - attack.execution logsource: + category: process_creation product: windows - service: sysmon detection: selection_1: - EventID: 1 ParentCommandLine|contains: 'cmd*/c' CommandLine|contains: '/../../' selection_2: From 34d7ea2974f14e1dd0812b4b297d1d3796fd91d6 Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 11 Jun 2020 16:23:15 +0200 Subject: [PATCH 459/714] removed one field --- .../sysmon/sysmon_cmd_commandline_path_traversal.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml index b47b08e1..772a615c 100644 --- a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml +++ b/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml @@ -14,12 +14,10 @@ logsource: category: process_creation product: windows detection: - selection_1: + selection: ParentCommandLine|contains: 'cmd*/c' CommandLine|contains: '/../../' - selection_2: - ParentCommandLine|contains: '/../../' - condition: selection_1 AND selection_2 + condition: selection falsepositives: - (not much) some benign Java tools may product false-positive commandlines for loading libraries level: high \ No newline at end of file From 40f0fd989da959b3f825b6b8e8f6d8ebff7714a9 Mon Sep 17 00:00:00 2001 From: Iveco Date: Thu, 11 Jun 2020 19:21:17 +0200 Subject: [PATCH 460/714] - moved to "process_creation" folder instead of "sysmon" - renamed .yml file --- .../win_commandline_path_traversal.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/windows/{sysmon/sysmon_cmd_commandline_path_traversal.yml => process_creation/win_commandline_path_traversal.yml} (100%) diff --git a/rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml b/rules/windows/process_creation/win_commandline_path_traversal.yml similarity index 100% rename from rules/windows/sysmon/sysmon_cmd_commandline_path_traversal.yml rename to rules/windows/process_creation/win_commandline_path_traversal.yml From db0292afd2b3f1d5e7155ac705370b9a1e1cfddd Mon Sep 17 00:00:00 2001 From: Nate Guagenti Date: Fri, 12 Jun 2020 11:36:19 -0400 Subject: [PATCH 461/714] typo, was missing the `=` and `*`. also, show option when using case insensitive for everything, how to "exclude" a field from that regex. --- tools/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/README.md b/tools/README.md index 145fdb1a..a17967f9 100644 --- a/tools/README.md +++ b/tools/README.md @@ -288,7 +288,7 @@ Now lets determine which options and Sigmac to use. You can add the following depending on additional information from your answers/input above. 1. If you are using ECS, your data is going to `winlogbeat-*` index, or your default field is a keyword type then add the following to your SIGMA command: `--backend-option keyword_field="" ` - * If you want to prevent case sensitive bypasses you can add the following to your command: `--backend-option case_insensitive_whitelist""` + * If you want to prevent case sensitive bypasses you can add the following to your command: `--backend-option case_insensitive_whitelist="*"` * If you want to prevent case sensitive bypasses but only for certain fields, you can use an option like this: `-backend-option keyword_field="" --backend-option case_insensitive_whitelist="*CommandLine*, *ProcessName*, *Image*, process.*, *FileName*, *Path*, *ServiceName*, *ShareName*, file.*, *Directory*, *directory*, *hash*, *Hash*, *Object*, ComputerName, *Subject*, *Target*, *Service*"` 2. If you are using analyzed (text) fields or your index template portion of `strings_as_keyword` contains `text` then you can add the following: @@ -307,10 +307,10 @@ You can add the following depending on additional information from your answers/ So putting it all together to help show everything from above, here are some "full" examples: -* base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled +* base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled. Also, keeps `winlog.channel` from making case insensitive as is not necessary (ie: the `keyword_whitelist` option) ```bash -sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist"" rules/windows/process_creation/win_office_shell.yml +sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist="*" keyword_whitelist="winlog.channel" rules/windows/process_creation/win_office_shell.yml ``` * base field keyword & subfield is analyzed(.text) and winlogbeat with modules enabled From aac1af1832384f4e8fe8d65c9c7966a6364a9d3c Mon Sep 17 00:00:00 2001 From: Nate Guagenti Date: Fri, 12 Jun 2020 11:36:19 -0400 Subject: [PATCH 462/714] typo, was missing the `=` and `*`. also, show option when using case insensitive for everything, how to "exclude" a field from that regex. Signed-off-by: Nate Guagenti --- tools/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/README.md b/tools/README.md index 145fdb1a..fef6ce16 100644 --- a/tools/README.md +++ b/tools/README.md @@ -288,7 +288,7 @@ Now lets determine which options and Sigmac to use. You can add the following depending on additional information from your answers/input above. 1. If you are using ECS, your data is going to `winlogbeat-*` index, or your default field is a keyword type then add the following to your SIGMA command: `--backend-option keyword_field="" ` - * If you want to prevent case sensitive bypasses you can add the following to your command: `--backend-option case_insensitive_whitelist""` + * If you want to prevent case sensitive bypasses you can add the following to your command: `--backend-option case_insensitive_whitelist="*"` * If you want to prevent case sensitive bypasses but only for certain fields, you can use an option like this: `-backend-option keyword_field="" --backend-option case_insensitive_whitelist="*CommandLine*, *ProcessName*, *Image*, process.*, *FileName*, *Path*, *ServiceName*, *ShareName*, file.*, *Directory*, *directory*, *hash*, *Hash*, *Object*, ComputerName, *Subject*, *Target*, *Service*"` 2. If you are using analyzed (text) fields or your index template portion of `strings_as_keyword` contains `text` then you can add the following: @@ -307,10 +307,10 @@ You can add the following depending on additional information from your answers/ So putting it all together to help show everything from above, here are some "full" examples: -* base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled +* base field keyword & no analyzed field w/ case insensitivity (covers elastic 7 with beats/ecs (default)mappings) and using winlogbeat with modules enabled. Also, keeps `winlog.channel` from making case insensitive as is not necessary (ie: the `keyword_whitelist` option) ```bash -sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist"" rules/windows/process_creation/win_office_shell.yml +sigma -t es-qs -c tools/config/winlogbeat-modules-enabled.yml --backend-option keyword_field="" --backend-option case_insensitive_whitelist="*" --backend-option keyword_whitelist="winlog.channel" rules/windows/process_creation/win_office_shell.yml ``` * base field keyword & subfield is analyzed(.text) and winlogbeat with modules enabled From bba0b2d85158bcf97f5d9b95a9ed158a8b0d5a16 Mon Sep 17 00:00:00 2001 From: Eric Beahan Date: Fri, 12 Jun 2020 13:22:13 -0500 Subject: [PATCH 463/714] Elastic documentation improvements --- tools/README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/README.md b/tools/README.md index fef6ce16..55bf887e 100644 --- a/tools/README.md +++ b/tools/README.md @@ -239,16 +239,16 @@ For this backend, there are two very important components. One is the field name You have a few different variations of what could be the correct Sigmac to use. Based on the version of Elasticsearch, using ECS or not, using certain Beat's settings enabled or not, and so on. In order to aide in the decision of the correct Sigmac there are a few quick questions to ask yourself and based on those answers will be which one to use. -Please not the answer to each question. It is OK to not know the answer to each question and in fact is very common (that's OK). +Please note the answer to each question. It is OK to not know the answer to each question and in fact is very common (that's OK). -1. What version of filebeat are you using (you may not be using this at all). -2. Are you using Elastic Common Schema (ECS)? +1. What version of [Filebeat](https://www.elastic.co/beats/filebeat) are you using (you may not be using this at all). +2. Are you using [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/current/index.html)? 3. What index do your store the log source's data in? Some examples: * Window's logs are most likely in `winlogbeat-*` * Linux logs are most likely in `filebeat-*` * Zeek/Bro data is most likely in `filebeat-*` * If you are using logstash, data is most likely in `logstash-*` -4. If you are using filebeat, are you using the module enabled? Here is link showing the description for Windows log [Security Channel](https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-module-security.html) +4. If you are using Filebeat, are you using the module enabled? Here is link showing the description for Windows log [Security Channel](https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-module-security.html) Now choose your data source: * [Windows Event Logs](#elastic-windows-event-log--sysmon-data-configurations) @@ -269,7 +269,7 @@ example of the full command running on all the proxy rules converting to a Kiban **index templates** -If you are able, because this will be one of the best ways to dermine which options to use - run the following command. Take the output from question 3 and replace in the example command `winlogbeat` with index. You can run this from the CLI against your Elasticsearch instance or from Kibana Dev Tools. +If you are able, because this will be one of the best ways to determine which options to use - run the following command. Take the output from question 3 and replace in the example command `winlogbeat` with index. You can run this from the CLI against your Elasticsearch instance or from Kibana Dev Tools. You will only need to use the first index template pattern. Look under the section `dynamic_templates` and then look for `strings_as_keyword`. Under that section, is there a `strings_as_keyword` ? If so take note. `curl -XGET "http://127.0.0.1:9200/winlogbeat-*/_mapping/?filter_path=*.mappings.dynamic_templates*,*.index_patterns"` From 80e8f0e5fad4a26b6642b62cf1b35a0d4e2b4d67 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Fri, 12 Jun 2020 23:52:06 +0200 Subject: [PATCH 464/714] Release 0.17.0 --- CHANGELOG.md | 21 ++++++++++++++++++++- tools/setup.py | 3 ++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 161c66de..1c170825 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,20 +6,39 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) from version 0.14.0. -## Unreleased +## 0.17.0 - 2020-06-12 ### Added * LOGIQ Backend (logiq) +* CarbonBlack backend (carbonblack) and field mappings +* Elasticsearch detection rule backend (es-rule) +* ee-outliers backend +* CrowdStrike backend (crowdstrike) +* Humio backend (humio) +* Aggregations in SQL backend +* SQLite backend (sqlite) +* AWS Cloudtrail ECS mappings +* Overrides +* Zeek configurations for various backends +* Case-insensitive matching for Elasticsearch +* ECS proxy mappings +* RuleName field mapping for Winlogbeat +* sigma2attack tool ### Changed +* Improved usage of keyword fields for Elasticsearch-based backends +* Splunk XML backend rule titles from sigma rule instead of file name * Moved backend option list to --help-backend +* Microsoft Defender ATP schema improvements ### Fixed * Splunx XML rule name is now set to rule title * Backend list deduplicated +* Wrong escaping of wildcard at end of value when startswith modifier is used. +* Direct execution of tools on Windows systems by addition of script entry points ## 0.16.0 - 2020-02-25 diff --git a/tools/setup.py b/tools/setup.py index 98678375..0a60cae0 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -22,7 +22,7 @@ setup( author_email='thomas@patzke.org', license='LGPLv3', classifiers=[ - 'Development Status :: 4 - Beta', + 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'Intended Audience :: Information Technology', 'Intended Audience :: System Administrators', @@ -31,6 +31,7 @@ setup( 'License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3)', 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', + 'Programming Language :: Python :: 3.8', 'Environment :: Console', ], keywords='security monitoring siem logging signatures elasticsearch splunk ids sysmon', From b1295563882e29a5581942a869c6bec712711aa7 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 13 Jun 2020 00:04:45 +0200 Subject: [PATCH 465/714] Automatic inclusion of all configuration files --- tools/setup.py | 33 +++------------------------------ 1 file changed, 3 insertions(+), 30 deletions(-) diff --git a/tools/setup.py b/tools/setup.py index 0a60cae0..2fe63655 100644 --- a/tools/setup.py +++ b/tools/setup.py @@ -4,6 +4,7 @@ from setuptools import setup, find_packages # To use a consistent encoding from codecs import open from os import path +from pathlib import Path here = path.abspath(path.dirname(__file__)) @@ -48,36 +49,8 @@ setup( 'test': ['coverage', 'yamllint'], }, data_files=[ - ('etc/sigma', [ - "config/arcsight.yml", - "config/carbon-black.yml", - "config/ecs-proxy.yml", - "config/filebeat-defaultindex.yml", - "config/helk.yml", - "config/limacharlie.yml", - "config/logpoint-windows.yml", - "config/logstash-defaultindex.yml", - "config/logstash-linux.yml", - "config/logstash-windows.yml", - "config/mitre/tactics.json", - "config/mitre/techniques.json", - "config/netwitness.yml", - "config/powershell.yml", - "config/qradar.yml", - "config/qualys.yml", - "config/splunk-windows-index.yml", - "config/splunk-windows.yml", - "config/splunk-zeek.yml", - "config/sumologic.yml", - "config/thor.yml", - "config/winlogbeat-modules-enabled.yml", - "config/winlogbeat-old.yml", - "config/winlogbeat.yml", - ]), - ('etc/sigma/generic', [ - 'config/generic/sysmon.yml', - 'config/generic/windows-audit.yml', - ])], + ('etc/sigma', [ str(p) for p in Path('config/').glob('*.yml') ]), + ('etc/sigma/generic', [ str(p) for p in Path('config/generic/').glob('*.yml') ])], entry_points={ 'console_scripts': [ 'sigmac = sigma.sigmac:main', From 05ced1a3d526f72a8b20e67b3aab4fcf7e8ec3cd Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 13 Jun 2020 00:05:57 +0200 Subject: [PATCH 466/714] Exclude heatmap.json from versioning --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 13186372..00a05562 100644 --- a/.gitignore +++ b/.gitignore @@ -95,3 +95,6 @@ settings.json # VisualStudio .vs/ .vscode/launch.json + +# sigma2attack +heatmap.json From f907c49ab5a51fe78188422af6c92ba8b4bd1572 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sat, 13 Jun 2020 01:11:08 +0200 Subject: [PATCH 467/714] Improved test coverage * Added test case * Removed unused code --- Makefile | 7 ++++--- tools/sigma/backends/ala.py | 24 +----------------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index 6b142005..f981a239 100644 --- a/Makefile +++ b/Makefile @@ -32,9 +32,10 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert-dsl -c tools/config/winlogbeat.yml -O alert_methods=http_post,email -O emails=test@test.invalid -O http_post_url=http://test.invalid rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t ee-outliers -c tools/config/winlogbeat.yml rules/ > /dev/null - $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null - $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null - $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c sysmon -c winlogbeat -O case_insensitive_whitelist=* rules/windows/process_creation > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-qs -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t es-rule -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t kibana -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t xpack-watcher -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t elastalert -c tools/config/ecs-cloudtrail.yml rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk rules/ > /dev/null diff --git a/tools/sigma/backends/ala.py b/tools/sigma/backends/ala.py index bffd4ebf..3bbbec54 100644 --- a/tools/sigma/backends/ala.py +++ b/tools/sigma/backends/ala.py @@ -33,29 +33,7 @@ from sigma.parser.modifiers.transform import SigmaContainsModifier, SigmaStartsw from .data import sysmon_schema from .exceptions import NotSupportedError -class DeepFieldMappingMixin(object): - - def fieldNameMapping(self, fieldname, value): - if isinstance(fieldname, str): - get_config = self.sigmaconfig.fieldmappings.get(fieldname) - if not get_config and '|' in fieldname: - fieldname = fieldname.split('|', 1)[0] - get_config = self.sigmaconfig.fieldmappings.get(fieldname) - if isinstance(get_config, ConditionalFieldMapping): - condition = self.sigmaconfig.fieldmappings.get(fieldname).conditions - for key, item in self.logsource.items(): - if condition.get(key) and condition.get(key, {}).get(item): - new_fieldname = condition.get(key, {}).get(item) - if any(new_fieldname): - return super().fieldNameMapping(new_fieldname[0], value) - return super().fieldNameMapping(fieldname, value) - - - def generate(self, sigmaparser): - self.logsource = sigmaparser.parsedyaml.get("logsource", {}) - return super().generate(sigmaparser) - -class AzureLogAnalyticsBackend(DeepFieldMappingMixin, SingleTextQueryBackend): +class AzureLogAnalyticsBackend(SingleTextQueryBackend): """Converts Sigma rule into Azure Log Analytics Queries.""" identifier = "ala" active = True From f5aa871e5d3c5826f0929c452ceb9696fce35df6 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:14:31 -0400 Subject: [PATCH 468/714] Identifiers shared between global document and rule gets overwritten The global document defines a "selection" identifier which is also defined the individual rules. The rule identifier is getting overwritten by the global identifier. Fix by giving unique names to the global identifier. --- .../win_invoke_obfuscation_obfuscated_iex_services.yml | 4 ++-- ...rpreter_or_cobaltstrike_getsystem_service_installation.yml | 4 ++-- rules/windows/builtin/win_tap_driver_installation.yml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rules/windows/builtin/win_invoke_obfuscation_obfuscated_iex_services.yml b/rules/windows/builtin/win_invoke_obfuscation_obfuscated_iex_services.yml index 6874d23e..e02bb5d0 100644 --- a/rules/windows/builtin/win_invoke_obfuscation_obfuscated_iex_services.yml +++ b/rules/windows/builtin/win_invoke_obfuscation_obfuscated_iex_services.yml @@ -12,7 +12,7 @@ falsepositives: - Unknown level: high detection: - selection: + selection_1: - ImagePath|re: '\$PSHome\[\s*\d{1,3}\s*\]\s*\+\s*\$PSHome\[' - ImagePath|re: '\$ShellId\[\s*\d{1,3}\s*\]\s*\+\s*\$ShellId\[' - ImagePath|re: '\$env:Public\[\s*\d{1,3}\s*\]\s*\+\s*\$env:Public\[' @@ -20,7 +20,7 @@ detection: - ImagePath|re: '\*mdr\*\W\s*\)\.Name' - ImagePath|re: '\$VerbosePreference\.ToString\(' - ImagePath|re: '\String\]\s*\$VerbosePreference' - condition: selection + condition: selection and selection_1 --- logsource: product: windows diff --git a/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml b/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml index e177530f..b230163f 100644 --- a/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml +++ b/rules/windows/builtin/win_meterpreter_or_cobaltstrike_getsystem_service_installation.yml @@ -12,7 +12,7 @@ tags: - attack.privilege_escalation - attack.t1134 detection: - selection: + selection_1: # meterpreter getsystem technique 1: cmd.exe /c echo 559891bb017 > \\.\pipe\5e120a - ServiceFileName|contains|all: - 'cmd' @@ -30,7 +30,7 @@ detection: - 'rundll32' - '.dll,a' - '/p:' - condition: selection + condition: selection and selection_1 fields: - ComputerName - SubjectDomainName diff --git a/rules/windows/builtin/win_tap_driver_installation.yml b/rules/windows/builtin/win_tap_driver_installation.yml index d2fbb562..42d05509 100644 --- a/rules/windows/builtin/win_tap_driver_installation.yml +++ b/rules/windows/builtin/win_tap_driver_installation.yml @@ -12,9 +12,9 @@ falsepositives: - Legitimate OpenVPN TAP insntallation level: medium detection: - selection: + selection_1: ImagePath|contains: 'tap0901' - condition: selection + condition: selection and selection_1 --- logsource: product: windows From 8d58c8f5c85ccc20c37cdbb2631e0f8c30adcb43 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:18:05 -0400 Subject: [PATCH 469/714] Fix logsource field name from service->category The rule win_invoke_obfuscation_obfuscated_iex_commandline has the wrong field name for the "process_creation" tag. Rename from "service" to "category" --- .../win_invoke_obfuscation_obfuscated_iex_commandline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_invoke_obfuscation_obfuscated_iex_commandline.yml b/rules/windows/process_creation/win_invoke_obfuscation_obfuscated_iex_commandline.yml index 9557a02f..0ac9132e 100644 --- a/rules/windows/process_creation/win_invoke_obfuscation_obfuscated_iex_commandline.yml +++ b/rules/windows/process_creation/win_invoke_obfuscation_obfuscated_iex_commandline.yml @@ -8,8 +8,8 @@ tags: - attack.defense_evasion - attack.t1027 logsource: + category: process_creation product: windows - service: process_creation detection: selection: - CommandLine|re: '\$PSHome\[\s*\d{1,3}\s*\]\s*\+\s*\$PSHome\[' From 422b2bffd77b217e6cec9a67c496b0aa44711ece Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:38:18 -0400 Subject: [PATCH 470/714] Fix rules with incorrect escaping of wildcars A backslash before a wildcard needs to be escaped with another backslash. --- rules/windows/malware/win_mal_flowcloud.yml | 2 +- rules/windows/process_creation/win_apt_mustangpanda.yml | 2 +- rules/windows/process_creation/win_apt_wocao.yml | 2 +- rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml | 2 +- .../sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml | 2 +- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 2 +- .../windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml | 4 ++-- .../windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rules/windows/malware/win_mal_flowcloud.yml b/rules/windows/malware/win_mal_flowcloud.yml index 566fce0d..37e315f9 100644 --- a/rules/windows/malware/win_mal_flowcloud.yml +++ b/rules/windows/malware/win_mal_flowcloud.yml @@ -21,7 +21,7 @@ detection: - 'HKLM\HARDWARE\{804423C2-F490-4ac3-BFA5-13DEDE63A71A}' - 'HKLM\HARDWARE\{A5124AF5-DF23-49bf-B0ED-A18ED3DEA027}' - 'HKLM\HARDWARE\{2DB80286-1784-48b5-A751-B6ED1F490303}' - - 'HKLM\SYSTEM\Setup\PrintResponsor\*' + - 'HKLM\SYSTEM\Setup\PrintResponsor\\*' condition: selection falsepositives: - Unknown diff --git a/rules/windows/process_creation/win_apt_mustangpanda.yml b/rules/windows/process_creation/win_apt_mustangpanda.yml index 57990579..28fa6692 100644 --- a/rules/windows/process_creation/win_apt_mustangpanda.yml +++ b/rules/windows/process_creation/win_apt_mustangpanda.yml @@ -16,7 +16,7 @@ detection: CommandLine: - '*Temp\wtask.exe /create*' - '*%windir:~-3,1%%PUBLIC:~-9,1%*' - - '*/E:vbscript * C:\Users\*.txt" /F' + - '*/E:vbscript * C:\Users\\*.txt" /F' - '*/tn "Security Script *' - '*%windir:~-1,1%*' selection2: diff --git a/rules/windows/process_creation/win_apt_wocao.yml b/rules/windows/process_creation/win_apt_wocao.yml index e0332f64..57b7dc9d 100644 --- a/rules/windows/process_creation/win_apt_wocao.yml +++ b/rules/windows/process_creation/win_apt_wocao.yml @@ -37,5 +37,5 @@ detection: - ' -exec bypass -enc JgAg' - 'type *keepass\KeePass.config.xml' - 'iie.exe iie.txt' - - 'reg query HKEY_CURRENT_USER\Software\*\PuTTY\Sessions\' + - 'reg query HKEY_CURRENT_USER\Software\\*\PuTTY\Sessions\' condition: selection \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml index 884e53c3..e91cd537 100644 --- a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml +++ b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml @@ -17,7 +17,7 @@ logsource: detection: selection_1: EventID: 11 - TargetFilename: '*\Local\Microsoft\Windows\SchCache\*.sch' + TargetFilename: '*\Local\Microsoft\Windows\SchCache\\*.sch' selection_2: Image|contains: - 'C:\windows\system32\svchost.exe' diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 1c63a4c5..47036525 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -21,7 +21,7 @@ detection: - '*\excel.exe' - '*\outlook.exe' ImageLoaded: - - 'C:\Windows\assembly\*' + - 'C:\Windows\assembly\\*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 982cf835..b73320b3 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -15,7 +15,7 @@ logsource: detection: selection_1: EventID: 11 - TargetFilename: '*\AppData\Local\Temp\*\PROCEXP152.sys' + TargetFilename: '*\AppData\Local\Temp\\*\PROCEXP152.sys' selection_2: Image|contains: - '*\procexp64.exe' diff --git a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml index 35ffca37..0016d157 100644 --- a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml +++ b/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml @@ -16,8 +16,8 @@ detection: selection_registry: EventID: 13 TargetObject: - - '*\Keyboard Layout\Preload\*' - - '*\Keyboard Layout\Substitutes\*' + - '*\Keyboard Layout\Preload\\*' + - '*\Keyboard Layout\Substitutes\\*' Details|contains: - 00000429 # Persian (Iran) - 00050429 # Persian (Iran) diff --git a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml index 9dbbf96a..f06a1e20 100644 --- a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml @@ -28,7 +28,7 @@ detection: - '*\wlbsctrl.dll' filter: ImageLoaded: - - 'C:\Windows\WinSxS\*' + - 'C:\Windows\WinSxS\\*' condition: selection and not filter falsepositives: - Pentest From f196046b3d366774b8f96c4d7d26120d2d0667ce Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:39:50 -0400 Subject: [PATCH 471/714] Fix match for double-backslash To match a double-backslash you actually need three backslashes, since two backslashes gets reduced to one. --- rules/windows/process_creation/win_net_enum.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_net_enum.yml b/rules/windows/process_creation/win_net_enum.yml index 5df7c054..7cc35686 100644 --- a/rules/windows/process_creation/win_net_enum.yml +++ b/rules/windows/process_creation/win_net_enum.yml @@ -21,7 +21,7 @@ detection: - '\net1.exe' CommandLine|contains: 'view' filter: - CommandLine|contains: '\\' + CommandLine|contains: \\\ condition: selection and not filter fields: - ComputerName From a9c6fa904f56415d568918553353ee26ed6eccb3 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:52:12 -0400 Subject: [PATCH 472/714] Rule lists extra Sysmon ID (11). Should just match registry events (12-14) Remove extraneous event ID 11. It will never match. --- .../sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml index 3aaa7490..4efaaca3 100644 --- a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml +++ b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml @@ -44,7 +44,6 @@ logsource: detection: create_selection_reg: EventID: - - 11 - 12 - 13 - 14 From dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 15 Jun 2020 13:54:02 -0400 Subject: [PATCH 473/714] Rule needs endwith, not exact match. Fix ImageLoaded filter to match with endswith, rather than exact match. --- .../sysmon_wmi_persistence_commandline_event_consumer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml index 9349ff72..c87d2af6 100644 --- a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml +++ b/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -16,7 +16,7 @@ detection: selection: EventID: 7 Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' - ImageLoaded: 'wbemcons.dll' + ImageLoaded|endswith: '\wbemcons.dll' condition: selection falsepositives: - Unknown (data set is too small; further testing needed) From 52487159c585053c88079d5eff71b0999dfabaa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 19:17:00 +0300 Subject: [PATCH 474/714] Detect Sudo enumeration commands --- rules/linux/lnx_sudo_enumeration.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 rules/linux/lnx_sudo_enumeration.yml diff --git a/rules/linux/lnx_sudo_enumeration.yml b/rules/linux/lnx_sudo_enumeration.yml new file mode 100644 index 00000000..32dd1597 --- /dev/null +++ b/rules/linux/lnx_sudo_enumeration.yml @@ -0,0 +1,21 @@ +title: Sudo Enumeration Commands +description: Detects an attempt to gather information about high-privileged users +references: + - https://github.com/redcanaryco/atomic-red-team/blob/1ea8c4616ce373f6aea37a5f56a34157684d9e82/atomics/T1169/T1169.md +author: Ömer Günal +date: 2020/06/16 +tags: + - attack.privilege_escalation + - attack.t1068 +level: medium +logsource: + product: linux +detection: + keywords: + - 'sudo -l' + - 'sudo su' + - 'cat /etc/sudoers' + - 'vim /etc/sudoers' + condition: keywords +falsepositives: + - Unknown From e43f13ed6755d832281500747f262a8e942f9e16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 19:20:42 +0300 Subject: [PATCH 475/714] Update lnx_sudo_enumeration.yml attack.t1169 --- rules/linux/lnx_sudo_enumeration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_sudo_enumeration.yml b/rules/linux/lnx_sudo_enumeration.yml index 32dd1597..d24e41eb 100644 --- a/rules/linux/lnx_sudo_enumeration.yml +++ b/rules/linux/lnx_sudo_enumeration.yml @@ -6,7 +6,7 @@ author: Ömer Günal date: 2020/06/16 tags: - attack.privilege_escalation - - attack.t1068 + - attack.t1169 level: medium logsource: product: linux From b7e1c6750c6f0541211e326d679c0274ac28456e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 19:31:02 +0300 Subject: [PATCH 476/714] sudo caching attack.t1206 --- rules/linux/lnx_sudo_caching.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 rules/linux/lnx_sudo_caching.yml diff --git a/rules/linux/lnx_sudo_caching.yml b/rules/linux/lnx_sudo_caching.yml new file mode 100644 index 00000000..bb097500 --- /dev/null +++ b/rules/linux/lnx_sudo_caching.yml @@ -0,0 +1,20 @@ +title: Sudo Caching +description: Detects sudo caching attempt +references: + - https://attack.mitre.org/techniques/T1206/ + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1206/T1206.md +author: Ömer Günal +date: 2020/06/16 +tags: + - attack.privilege_escalation + - attack.t1206 +level: medium +logsource: + product: linux +detection: + keywords: + - 'sudo sh -c "echo Defaults *tty_tickets >> /etc/sudoers"' + - 'sudo visudo -c -f /etc/sudoers' + condition: keywords +falsepositives: + - Unknown From 4b1557a587b062be4a0534af28fee5979c84137d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:12:24 +0300 Subject: [PATCH 477/714] Setuid and Setgid Detects suspicious change of file privileges with chown and chmod commands --- rules/linux/lnx_setuid_setgid | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/linux/lnx_setuid_setgid diff --git a/rules/linux/lnx_setuid_setgid b/rules/linux/lnx_setuid_setgid new file mode 100644 index 00000000..ba39e2f7 --- /dev/null +++ b/rules/linux/lnx_setuid_setgid @@ -0,0 +1,24 @@ +title: Setuid and Setgid +description: Detects suspicious change of file privileges with chown and chmod commands +references: + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1166/T1166.md + - https://attack.mitre.org/techniques/T1166/ +author: Ömer Günal +date: 2020/06/16 +tags: + - attack.persistence + - attack.t1169 +level: medium +logsource: + product: linux +detection: + selection1: + - 'sudo chown root *' + selection2: + - 'sudo chmod u+s *' + selection3: + - 'sudo chmod g+s *' + condition: (selection1 and selection2) or (selection1 and selection3) +falsepositives: + - Legal activities +level: medium From ace575aaa65c59ce1dbe870176f6d1d63f4ed1c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:20:42 +0300 Subject: [PATCH 478/714] added id --- rules/linux/lnx_sudo_caching.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/linux/lnx_sudo_caching.yml b/rules/linux/lnx_sudo_caching.yml index bb097500..b0e72e32 100644 --- a/rules/linux/lnx_sudo_caching.yml +++ b/rules/linux/lnx_sudo_caching.yml @@ -1,4 +1,5 @@ title: Sudo Caching +id: 67150558-c02a-457f-8dee-99b2201c0877 description: Detects sudo caching attempt references: - https://attack.mitre.org/techniques/T1206/ From bbcd506fb1b9d72277457eed9d7a5857168b7452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:21:02 +0300 Subject: [PATCH 479/714] added id --- rules/linux/lnx_setuid_setgid | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/linux/lnx_setuid_setgid b/rules/linux/lnx_setuid_setgid index ba39e2f7..823ac9b3 100644 --- a/rules/linux/lnx_setuid_setgid +++ b/rules/linux/lnx_setuid_setgid @@ -1,4 +1,5 @@ title: Setuid and Setgid +id: c21c4eaa-ba2e-419a-92b2-8371703cbe21 description: Detects suspicious change of file privileges with chown and chmod commands references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1166/T1166.md From 0d0058da433a2436ad868c28d43ed149a57a6943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:21:07 +0300 Subject: [PATCH 480/714] added id --- rules/linux/lnx_sudo_enumeration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/linux/lnx_sudo_enumeration.yml b/rules/linux/lnx_sudo_enumeration.yml index d24e41eb..07bbbf98 100644 --- a/rules/linux/lnx_sudo_enumeration.yml +++ b/rules/linux/lnx_sudo_enumeration.yml @@ -1,4 +1,5 @@ title: Sudo Enumeration Commands +id: c21c4eaa-ba2e-419a-92b2-8371703cbe21 description: Detects an attempt to gather information about high-privileged users references: - https://github.com/redcanaryco/atomic-red-team/blob/1ea8c4616ce373f6aea37a5f56a34157684d9e82/atomics/T1169/T1169.md From 41b23094185dde11dcd96732a2c4008a70d49f3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:24:09 +0300 Subject: [PATCH 481/714] file type changed --- rules/linux/{lnx_setuid_setgid => lnx_setuid_setgid.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/linux/{lnx_setuid_setgid => lnx_setuid_setgid.yml} (100%) diff --git a/rules/linux/lnx_setuid_setgid b/rules/linux/lnx_setuid_setgid.yml similarity index 100% rename from rules/linux/lnx_setuid_setgid rename to rules/linux/lnx_setuid_setgid.yml From 0027415fa2743c22854672bcad13964d7ba20dae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Tue, 16 Jun 2020 20:26:50 +0300 Subject: [PATCH 482/714] Update lnx_setuid_setgid.yml --- rules/linux/lnx_setuid_setgid.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml index 823ac9b3..02307d51 100644 --- a/rules/linux/lnx_setuid_setgid.yml +++ b/rules/linux/lnx_setuid_setgid.yml @@ -22,4 +22,3 @@ detection: condition: (selection1 and selection2) or (selection1 and selection3) falsepositives: - Legal activities -level: medium From 545c05d4d3704ea0434bf991bc8a509a8998a087 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 16 Jun 2020 19:31:34 +0200 Subject: [PATCH 483/714] Update lnx_setuid_setgid.yml --- rules/linux/lnx_setuid_setgid.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml index 02307d51..c46ed286 100644 --- a/rules/linux/lnx_setuid_setgid.yml +++ b/rules/linux/lnx_setuid_setgid.yml @@ -9,16 +9,16 @@ date: 2020/06/16 tags: - attack.persistence - attack.t1169 -level: medium +level: low logsource: product: linux detection: - selection1: - - 'sudo chown root *' - selection2: - - 'sudo chmod u+s *' - selection3: - - 'sudo chmod g+s *' + selection1|contains: + - 'sudo chown root' + selection2|contains: + - 'sudo chmod u+s' + selection3|contains: + - 'sudo chmod g+s' condition: (selection1 and selection2) or (selection1 and selection3) falsepositives: - - Legal activities + - Legitimate administration activities From 06fe720165b1fb147d18e5961c4c3db659437f0e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 16 Jun 2020 19:33:39 +0200 Subject: [PATCH 484/714] Update lnx_sudo_enumeration.yml --- rules/linux/lnx_sudo_enumeration.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rules/linux/lnx_sudo_enumeration.yml b/rules/linux/lnx_sudo_enumeration.yml index 07bbbf98..e94cec87 100644 --- a/rules/linux/lnx_sudo_enumeration.yml +++ b/rules/linux/lnx_sudo_enumeration.yml @@ -8,13 +8,11 @@ date: 2020/06/16 tags: - attack.privilege_escalation - attack.t1169 -level: medium +level: low logsource: product: linux detection: keywords: - - 'sudo -l' - - 'sudo su' - 'cat /etc/sudoers' - 'vim /etc/sudoers' condition: keywords From fd2429bd34f8d12dd445edc798237cc96812e69d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 16 Jun 2020 19:46:50 +0200 Subject: [PATCH 485/714] Update lnx_setuid_setgid.yml --- rules/linux/lnx_setuid_setgid.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml index c46ed286..9b8d2e5c 100644 --- a/rules/linux/lnx_setuid_setgid.yml +++ b/rules/linux/lnx_setuid_setgid.yml @@ -13,12 +13,12 @@ level: low logsource: product: linux detection: - selection1|contains: - - 'sudo chown root' - selection2|contains: - - 'sudo chmod u+s' - selection3|contains: - - 'sudo chmod g+s' + selection1: + - '*chown root*' + selection2: + - '* chmod u+s*' + selection3: + - '* chmod g+s*' condition: (selection1 and selection2) or (selection1 and selection3) falsepositives: - Legitimate administration activities From 0fbfcc6ba9a1b5c3c90447767e7b7446de2e39b0 Mon Sep 17 00:00:00 2001 From: Ivan Kirillov Date: Tue, 16 Jun 2020 14:46:08 -0600 Subject: [PATCH 486/714] Initial round of subtechnique updates --- .../cloud/aws_cloudtrail_disable_logging.yml | 23 +++--- rules/cloud/aws_config_disable_recording.yml | 19 ++--- rules/cloud/aws_ec2_startup_script_change.yml | 1 + rules/cloud/aws_guardduty_disruption.yml | 1 + .../auditd/lnx_auditd_alter_bash_profile.yml | 1 + .../lnx_auditd_auditing_config_change.yml | 1 + .../lnx_auditd_logging_config_change.yml | 1 + rules/linux/auditd/lnx_auditd_web_rce.yml | 1 + rules/linux/auditd/lnx_data_compressed.yml | 4 +- rules/linux/lnx_pers_systemd_reload.yml | 1 + rules/linux/lnx_shell_clear_cmd_history.yml | 3 +- .../cisco/aaa/cisco_cli_clear_logs.yml | 2 + .../cisco/aaa/cisco_cli_collect_data.yml | 1 + .../cisco/aaa/cisco_cli_crypto_actions.yml | 2 + .../cisco/aaa/cisco_cli_disable_logging.yml | 1 + .../cisco/aaa/cisco_cli_file_deletion.yml | 3 + .../cisco/aaa/cisco_cli_input_capture.yml | 1 + .../cisco/aaa/cisco_cli_modify_config.yml | 3 + .../cisco/aaa/cisco_cli_moving_data.yml | 2 + .../network/net_susp_dns_txt_exec_strings.yml | 11 +-- .../zeek_dce_rpc_mitre_bzar_execution.yml | 78 ++++++++++--------- .../zeek_dce_rpc_mitre_bzar_persistence.yml | 45 +++++------ ...k_http_executable_download_from_webdav.yml | 7 +- .../zeek_smb_converted_win_atsvc_task.yml | 1 + ..._smb_converted_win_impacket_secretdump.yml | 11 ++- .../zeek_smb_converted_win_lm_namedpipe.yml | 40 +++++----- .../zeek_smb_converted_win_susp_psexec.yml | 7 +- ...ransferring_files_with_credential_data.yml | 37 +++++---- rules/network/zeek/zeek_susp_kerberos_rc4.yml | 1 + .../web_cve_2018_2894_weblogic_exploit.yml | 3 +- .../builtin/win_GPO_scheduledtasks.yml | 1 + .../builtin/win_admin_share_access.yml | 1 + .../win_alert_enable_weak_encryption.yml | 7 +- .../builtin/win_alert_lsass_access.yml | 1 + .../builtin/win_alert_mimikatz_keywords.yml | 27 ++++--- rules/windows/builtin/win_alert_ruler.yml | 9 ++- .../builtin/win_apt_carbonpaper_turla.yml | 1 + rules/windows/builtin/win_apt_stonedrill.yml | 1 + .../builtin/win_apt_turla_service_png.yml | 1 + rules/windows/builtin/win_atsvc_task.yml | 1 + rules/windows/builtin/win_dcsync.yml | 5 +- .../builtin/win_disable_event_logging.yml | 7 +- .../win_dpapi_domain_backupkey_extraction.yml | 5 +- ..._dpapi_domain_masterkey_backup_attempt.yml | 3 +- rules/windows/builtin/win_hack_smbexec.yml | 4 +- .../builtin/win_impacket_secretdump.yml | 3 + rules/windows/builtin/win_lm_namedpipe.yml | 38 ++++----- .../win_lsass_access_non_system_account.yml | 3 +- .../builtin/win_mal_service_installs.yml | 4 +- .../builtin/win_mmc20_lateral_movement.yml | 28 +++---- .../windows/builtin/win_overpass_the_hash.yml | 1 + rules/windows/builtin/win_pass_the_hash.yml | 17 ++-- rules/windows/builtin/win_pass_the_hash_2.yml | 13 ++-- ...rkspwdump_clearing_hive_access_history.yml | 1 + .../builtin/win_rare_schtasks_creations.yml | 1 + .../builtin/win_rare_service_installs.yml | 1 + .../builtin/win_rdp_localhost_login.yml | 1 + .../builtin/win_rdp_reverse_tunnel.yml | 1 + ...n_register_new_logon_process_by_rubeus.yml | 3 +- .../builtin/win_remote_powershell_session.yml | 3 +- .../builtin/win_susp_add_sid_history.yml | 3 +- .../builtin/win_susp_backup_delete.yml | 1 + .../win_susp_codeintegrity_check_failure.yml | 1 + .../windows/builtin/win_susp_dhcp_config.yml | 3 +- .../builtin/win_susp_dhcp_config_failed.yml | 7 +- rules/windows/builtin/win_susp_dns_config.yml | 5 +- .../builtin/win_susp_eventlog_cleared.yml | 1 + rules/windows/builtin/win_susp_lsass_dump.yml | 1 + .../builtin/win_susp_lsass_dump_generic.yml | 3 +- .../builtin/win_susp_msmpeng_crash.yml | 1 + rules/windows/builtin/win_susp_ntlm_auth.yml | 1 + rules/windows/builtin/win_susp_psexec.yml | 10 +-- .../windows/builtin/win_susp_rc4_kerberos.yml | 1 + .../windows/builtin/win_susp_rottenpotato.yml | 1 + rules/windows/builtin/win_susp_sam_dump.yml | 1 + rules/windows/builtin/win_susp_sdelete.yml | 2 + .../win_susp_security_eventlog_cleared.yml | 1 + .../builtin/win_susp_time_modification.yml | 1 + ...uspicious_outbound_kerberos_connection.yml | 3 +- ...ith_credential_data_via_network_shares.yml | 3 + ...ileged_service_lsaregisterlogonprocess.yml | 8 +- .../builtin/win_user_driver_loaded.yml | 1 + rules/windows/malware/av_password_dumper.yml | 5 +- rules/windows/malware/av_webshell.yml | 3 +- rules/windows/other/win_defender_bypass.yml | 5 +- .../other/win_rare_schtask_creation.yml | 4 +- .../powershell_alternate_powershell_hosts.yml | 3 +- .../powershell_clear_powershell_history.yml | 1 + .../powershell_create_local_user.yml | 11 +-- .../powershell/powershell_data_compressed.yml | 6 +- .../powershell_downgrade_attack.yml | 3 +- .../powershell/powershell_exe_calling_ps.yml | 1 + .../powershell_malicious_commandlets.yml | 1 + .../powershell_malicious_keywords.yml | 1 + ...wershell_nishang_malicious_commandlets.yml | 1 + .../powershell/powershell_ntfs_ads_access.yml | 1 + .../powershell_prompt_credentials.yml | 1 + .../powershell/powershell_psattack.yml | 1 + .../powershell_remote_powershell_session.yml | 3 +- .../powershell/powershell_shellcode_b64.yml | 5 +- .../powershell_suspicious_download.yml | 1 + ...wershell_suspicious_invocation_generic.yml | 1 + ...ershell_suspicious_invocation_specific.yml | 1 + .../powershell_suspicious_keywords.yml | 1 + .../powershell_winlogon_helper_dll.yml | 10 +-- .../win_apt_apt29_thinktanks.yml | 3 +- .../process_creation/win_apt_babyshark.yml | 3 + .../win_apt_bear_activity_gtr19.yml | 1 + .../process_creation/win_apt_bluemashroom.yml | 3 +- .../process_creation/win_apt_cloudhopper.yml | 1 + .../win_apt_equationgroup_dll_u_load.yml | 1 + .../win_apt_judgement_panda_gtr19.yml | 1 + .../process_creation/win_apt_sofacy.yml | 1 + .../win_apt_tropictrooper.yml | 1 + .../win_apt_turla_comrat_may20.yml | 1 + .../win_apt_winnti_mal_hk_jan20.yml | 7 +- .../process_creation/win_apt_zxshell.yml | 1 + .../win_attrib_hiding_files.yml | 1 + .../win_change_default_file_association.yml | 11 ++- .../process_creation/win_cmdkey_recon.yml | 1 + .../win_cmstp_com_object_access.yml | 2 + .../win_control_panel_item.yml | 1 + ...g_sensitive_files_with_credential_data.yml | 4 +- .../process_creation/win_crime_fireball.yml | 1 + .../win_data_compressed_with_rar.yml | 3 +- .../win_encoded_frombase64string.yml | 1 + .../process_creation/win_encoded_iex.yml | 11 +-- .../win_etw_trace_evasion.yml | 5 +- .../win_grabbing_sensitive_hives_via_reg.yml | 5 +- .../process_creation/win_hack_koadic.yml | 3 +- .../process_creation/win_hack_rubeus.yml | 2 + rules/windows/process_creation/win_hh_chm.yml | 1 + .../process_creation/win_html_help_spawn.yml | 1 + .../process_creation/win_hwp_exploits.yml | 1 + .../win_impacket_lateralization.yml | 1 + .../win_install_reg_debugger_backdoor.yml | 3 +- .../process_creation/win_interactive_at.yml | 1 + .../process_creation/win_lethalhta.yml | 1 + .../process_creation/win_lsass_dump.yml | 4 +- .../process_creation/win_malware_notpetya.yml | 5 +- .../win_malware_script_dropper.yml | 1 + .../win_mimikatz_command_line.yml | 7 +- .../process_creation/win_mmc_spawn_shell.yml | 4 + .../process_creation/win_mshta_javascript.yml | 1 + .../win_mshta_spawn_shell.yml | 1 + .../win_netsh_allow_port_rdp.yml | 3 +- .../win_new_service_creation.yml | 5 +- .../win_non_interactive_powershell.yml | 3 +- .../process_creation/win_office_shell.yml | 1 + .../win_plugx_susp_exe_locations.yml | 6 +- .../win_possible_applocker_bypass.yml | 1 + .../win_powershell_amsi_bypass.yml | 1 + .../win_powershell_dll_execution.yml | 1 + .../win_powershell_downgrade_attack.yml | 7 +- .../win_powershell_download.yml | 1 + ...ershell_suspicious_parameter_variation.yml | 1 + .../win_powershell_xor_commandline.yml | 1 + .../win_powersploit_empire_schtasks.yml | 2 + .../win_process_dump_rundll32_comsvcs.yml | 1 + .../process_creation/win_psexesvc_start.yml | 3 +- .../win_remote_powershell_session_process.yml | 1 + .../win_run_powershell_script_from_ads.yml | 7 +- .../win_sdbinst_shim_persistence.yml | 1 + .../win_service_execution.yml | 3 +- .../win_shadow_copies_access_symlink.yml | 8 +- .../win_shadow_copies_creation.yml | 2 + .../win_shadow_copies_deletion.yml | 1 + .../win_shell_spawn_susp_program.yml | 2 + .../windows/process_creation/win_spn_enum.yml | 1 + .../process_creation/win_susp_bcdedit.yml | 2 + .../win_susp_cmd_http_appdata.yml | 5 +- .../win_susp_compression_params.yml | 1 + .../win_susp_comsvcs_procdump.yml | 1 + .../win_susp_control_dll_load.yml | 2 + .../win_susp_copy_lateral_movement.yml | 11 +-- .../win_susp_crackmapexec_execution.yml | 2 + ...sp_crackmapexec_powershell_obfuscation.yml | 1 + .../process_creation/win_susp_csc_folder.yml | 5 +- ...susp_direct_asep_reg_keys_modification.yml | 1 + .../win_susp_double_extension.yml | 8 +- .../win_susp_eventlog_clear.yml | 5 +- .../win_susp_execution_path_webserver.yml | 1 + .../win_susp_file_characteristics.yml | 1 + .../win_susp_fsutil_usage.yml | 3 +- .../windows/process_creation/win_susp_gup.yml | 1 + .../win_susp_iss_module_install.yml | 1 + .../win_susp_net_execution.yml | 1 + .../win_susp_netsh_dll_persistence.yml | 3 +- .../process_creation/win_susp_ntdsutil.yml | 1 + .../win_susp_outlook_temp.yml | 1 + .../win_susp_powershell_empire_launch.yml | 5 +- .../win_susp_powershell_empire_uac_bypass.yml | 1 + .../win_susp_powershell_enc_cmd.yml | 5 +- .../win_susp_powershell_hidden_b64_cmd.yml | 1 + .../win_susp_powershell_parent_combo.yml | 1 + .../process_creation/win_susp_procdump.yml | 1 + .../process_creation/win_susp_ps_appdata.yml | 1 + .../win_susp_ps_downloadfile.yml | 3 +- .../win_susp_rasdial_activity.yml | 1 + .../win_susp_regsvr32_anomalies.yml | 1 + .../win_susp_rundll32_activity.yml | 1 + .../win_susp_rundll32_by_ordinal.yml | 1 + .../win_susp_schtask_creation.yml | 1 + .../win_susp_script_execution.yml | 1 + .../win_susp_service_path_modification.yml | 1 + .../win_susp_tscon_rdp_redirect.yml | 1 + .../win_task_folder_evasion.yml | 5 +- .../process_creation/win_uac_cmstp.yml | 4 +- .../process_creation/win_uac_fodhelper.yml | 1 + .../process_creation/win_uac_wsreset.yml | 1 + .../win_webshell_detection.yml | 1 + .../process_creation/win_webshell_spawn.yml | 1 + .../win_win10_sched_task_0day.yml | 1 + ..._wmi_backdoor_exchange_transport_agent.yml | 3 +- .../win_wmi_spwns_powershell.yml | 1 + .../win_wsreset_uac_bypass.yml | 3 +- ...sysmon_alternate_powershell_hosts_pipe.yml | 7 +- .../sysmon_asep_reg_keys_modification.yml | 1 + .../sysmon/sysmon_cred_dump_lsass_access.yml | 4 +- .../sysmon_cred_dump_tools_dropped_files.yml | 7 +- .../sysmon_cred_dump_tools_named_pipes.yml | 3 + .../windows/sysmon/sysmon_dhcp_calloutdll.yml | 4 +- ...y_events_logging_adding_reg_key_minint.yml | 5 +- .../sysmon/sysmon_ghostpack_safetykatz.yml | 1 + .../sysmon/sysmon_in_memory_powershell.yml | 1 + .../windows/sysmon/sysmon_invoke_phantom.yml | 3 +- rules/windows/sysmon/sysmon_lsass_memdump.yml | 5 +- ...sysmon_lsass_memory_dump_file_creation.yml | 1 + .../sysmon_malware_backconnect_ports.yml | 3 +- .../sysmon_mimikatz_inmemory_detection.yml | 4 + .../sysmon/sysmon_mimikatz_trough_winrm.yml | 2 + .../sysmon_narrator_feedback_persistance.yml | 1 + ..._dll_added_to_appcertdlls_registry_key.yml | 8 +- ...dll_added_to_appinit_dlls_registry_key.yml | 13 ++-- .../sysmon/sysmon_password_dumper_lsass.yml | 6 +- .../sysmon/sysmon_possible_dns_rebinding.yml | 10 +-- ..._service_registry_permissions_weakness.yml | 1 + ...sysmon_powershell_execution_moduleload.yml | 3 +- .../sysmon_powershell_exploit_scripts.yml | 5 +- .../sysmon_powershell_network_connection.yml | 4 +- .../sysmon/sysmon_quarkspw_filedump.yml | 5 +- .../sysmon/sysmon_rdp_reverse_tunnel.yml | 1 + ...ysmon_registry_persistence_key_linking.yml | 1 + ...smon_registry_persistence_search_order.yml | 1 + ...mon_registry_trust_record_modification.yml | 1 + .../sysmon_regsvr32_network_activity.yml | 5 +- ...smon_remote_powershell_session_network.yml | 3 +- .../sysmon_rundll32_net_connections.yml | 3 +- .../sysmon/sysmon_susp_desktop_ini.yml | 1 + .../sysmon/sysmon_susp_download_run_key.yml | 5 +- .../sysmon/sysmon_susp_driver_load.yml | 1 + .../windows/sysmon/sysmon_susp_image_load.yml | 1 + .../sysmon/sysmon_susp_lsass_dll_load.yml | 5 +- ...n_susp_office_dotnet_assembly_dll_load.yml | 1 + ...sysmon_susp_office_dotnet_clr_dll_load.yml | 1 + ...sysmon_susp_office_dotnet_gac_dll_load.yml | 1 + .../sysmon_susp_office_dsparse_dll_load.yml | 1 + .../sysmon_susp_office_kerberos_dll_load.yml | 1 + .../sysmon_susp_powershell_rundll32.yml | 2 + ...cexplorer_driver_created_in_tmp_folder.yml | 1 + .../sysmon_susp_reg_persist_explorer_run.yml | 3 +- .../sysmon/sysmon_susp_run_key_img_folder.yml | 3 +- .../sysmon/sysmon_susp_service_installed.yml | 1 + .../sysmon_susp_winword_vbadll_load.yml | 1 + ...sysmon_suspicious_dbghelp_dbgcore_load.yml | 7 +- ...uspicious_outbound_kerberos_connection.yml | 3 +- ...sysmon_svchost_dll_search_order_hijack.yml | 8 +- .../sysmon/sysmon_uac_bypass_eventvwr.yml | 1 + .../sysmon/sysmon_uac_bypass_sdclt.yml | 1 + ...ysmon_unsigned_image_loaded_into_lsass.yml | 1 + .../sysmon_webshell_creation_detect.yml | 1 + .../sysmon/sysmon_win_reg_persistence.yml | 1 + .../sysmon/sysmon_wmi_event_subscription.yml | 1 + ...persistence_commandline_event_consumer.yml | 3 +- ...ersistence_script_event_consumer_write.yml | 3 +- .../sysmon/sysmon_wmi_susp_scripting.yml | 5 +- 276 files changed, 695 insertions(+), 398 deletions(-) diff --git a/rules/cloud/aws_cloudtrail_disable_logging.yml b/rules/cloud/aws_cloudtrail_disable_logging.yml index 61b4cdb2..e7df801d 100644 --- a/rules/cloud/aws_cloudtrail_disable_logging.yml +++ b/rules/cloud/aws_cloudtrail_disable_logging.yml @@ -5,20 +5,21 @@ author: vitaliy0x1 date: 2020/01/21 description: Detects disabling, deleting and updating of a Trail references: - - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html + - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html logsource: - service: cloudtrail + service: cloudtrail detection: - selection_source: - - eventSource: cloudtrail.amazonaws.com - events: - - eventName: - - StopLogging - - UpdateTrail - - DeleteTrail - condition: selection_source AND events + selection_source: + - eventSource: cloudtrail.amazonaws.com + events: + - eventName: + - StopLogging + - UpdateTrail + - DeleteTrail + condition: selection_source AND events level: medium falsepositives: - Valid change in a Trail tags: - - attack.t1089 + - attack.t1089 + - attack.t1562.001 diff --git a/rules/cloud/aws_config_disable_recording.yml b/rules/cloud/aws_config_disable_recording.yml index cb0fc0a7..8eebaa67 100644 --- a/rules/cloud/aws_config_disable_recording.yml +++ b/rules/cloud/aws_config_disable_recording.yml @@ -5,17 +5,18 @@ author: vitaliy0x1 date: 2020/01/21 description: Detects AWS Config Service disabling logsource: - service: cloudtrail + service: cloudtrail detection: - selection_source: - - eventSource: config.amazonaws.com - events: - - eventName: - - DeleteDeliveryChannel - - StopConfigurationRecorder - condition: selection_source AND events + selection_source: + - eventSource: config.amazonaws.com + events: + - eventName: + - DeleteDeliveryChannel + - StopConfigurationRecorder + condition: selection_source AND events level: high falsepositives: - Valid change in AWS Config Service tags: - - attack.t1089 + - attack.t1089 + - attack.t1562.001 diff --git a/rules/cloud/aws_ec2_startup_script_change.yml b/rules/cloud/aws_ec2_startup_script_change.yml index dccb22f0..7edcff0b 100644 --- a/rules/cloud/aws_ec2_startup_script_change.yml +++ b/rules/cloud/aws_ec2_startup_script_change.yml @@ -21,3 +21,4 @@ falsepositives: - Valid changes to the startup script tags: - attack.t1064 + - attack.t1059 diff --git a/rules/cloud/aws_guardduty_disruption.yml b/rules/cloud/aws_guardduty_disruption.yml index 61664662..7491d4b2 100644 --- a/rules/cloud/aws_guardduty_disruption.yml +++ b/rules/cloud/aws_guardduty_disruption.yml @@ -19,3 +19,4 @@ falsepositives: - Valid change in the GuardDuty (e.g. to ignore internal scanners) tags: - attack.t1089 + - attack.t1562.001 diff --git a/rules/linux/auditd/lnx_auditd_alter_bash_profile.yml b/rules/linux/auditd/lnx_auditd_alter_bash_profile.yml index 9094ded8..dff6bbf3 100644 --- a/rules/linux/auditd/lnx_auditd_alter_bash_profile.yml +++ b/rules/linux/auditd/lnx_auditd_alter_bash_profile.yml @@ -9,6 +9,7 @@ tags: - attack.s0003 - attack.t1156 - attack.persistence + - attack.t1546.004 author: Peter Matkovski logsource: product: linux diff --git a/rules/linux/auditd/lnx_auditd_auditing_config_change.yml b/rules/linux/auditd/lnx_auditd_auditing_config_change.yml index 1aaa844e..d9fb2e40 100644 --- a/rules/linux/auditd/lnx_auditd_auditing_config_change.yml +++ b/rules/linux/auditd/lnx_auditd_auditing_config_change.yml @@ -11,6 +11,7 @@ references: tags: - attack.defense_evasion - attack.t1054 + - attack.t1562.006 author: Mikhail Larin, oscd.community status: experimental date: 2019/10/25 diff --git a/rules/linux/auditd/lnx_auditd_logging_config_change.yml b/rules/linux/auditd/lnx_auditd_logging_config_change.yml index 4140aca7..b456805b 100644 --- a/rules/linux/auditd/lnx_auditd_logging_config_change.yml +++ b/rules/linux/auditd/lnx_auditd_logging_config_change.yml @@ -10,6 +10,7 @@ references: tags: - attack.defense_evasion - attack.t1054 + - attack.t1562.006 author: Mikhail Larin, oscd.community status: experimental date: 2019/10/25 diff --git a/rules/linux/auditd/lnx_auditd_web_rce.yml b/rules/linux/auditd/lnx_auditd_web_rce.yml index 28068f7a..2c537ddf 100644 --- a/rules/linux/auditd/lnx_auditd_web_rce.yml +++ b/rules/linux/auditd/lnx_auditd_web_rce.yml @@ -5,6 +5,7 @@ description: Detects posible command execution by web application/web shell tags: - attack.persistence - attack.t1100 + - attack.t1505.003 references: - personal experience author: Ilyas Ochkov, Beyu Denis, oscd.community diff --git a/rules/linux/auditd/lnx_data_compressed.yml b/rules/linux/auditd/lnx_data_compressed.yml index e22fc0d4..e923e8ec 100644 --- a/rules/linux/auditd/lnx_data_compressed.yml +++ b/rules/linux/auditd/lnx_data_compressed.yml @@ -1,8 +1,7 @@ title: Data Compressed id: a3b5e3e9-1b49-4119-8b8e-0344a01f21ee status: experimental -description: An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount - of data sent over the network +description: An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network author: Timur Zinniatullin, oscd.community date: 2019/10/21 modified: 2019/11/04 @@ -30,3 +29,4 @@ level: low tags: - attack.exfiltration - attack.t1002 + - attack.t1560 diff --git a/rules/linux/lnx_pers_systemd_reload.yml b/rules/linux/lnx_pers_systemd_reload.yml index 3cb5c916..326b28b3 100644 --- a/rules/linux/lnx_pers_systemd_reload.yml +++ b/rules/linux/lnx_pers_systemd_reload.yml @@ -5,6 +5,7 @@ status: experimental tags: - attack.persistence - attack.t1501 + - attack.t1543.002 author: Jakob Weinzettl, oscd.community date: 2019/09/23 logsource: diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 97379f6a..68e9773c 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -22,7 +22,7 @@ detection: keywords: - 'rm *bash_history' - 'echo "" > *bash_history' - - 'cat /dev/null > *bash_history' + - 'cat /dev/null > *bash_history' - 'ln -sf /dev/null *bash_history' - 'truncate -s0 *bash_history' # - 'unset HISTFILE' # prone to false positives @@ -38,3 +38,4 @@ level: high tags: - attack.defense_evasion - attack.t1146 + - attack.t1551.003 diff --git a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml index 457744c3..244bdead 100644 --- a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml +++ b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml @@ -11,6 +11,8 @@ tags: - attack.defense_evasion - attack.t1146 - attack.t1070 + - attack.t1551.003 + - attack.t1551 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_collect_data.yml b/rules/network/cisco/aaa/cisco_cli_collect_data.yml index 99a6378a..9944274b 100644 --- a/rules/network/cisco/aaa/cisco_cli_collect_data.yml +++ b/rules/network/cisco/aaa/cisco_cli_collect_data.yml @@ -17,6 +17,7 @@ tags: - attack.t1003 - attack.t1081 - attack.t1005 + - attack.t1552.001 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml b/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml index a032c9d4..81e1a3a1 100644 --- a/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml +++ b/rules/network/cisco/aaa/cisco_cli_crypto_actions.yml @@ -12,6 +12,8 @@ tags: - attack.defense_evasion - attack.t1130 - attack.t1145 + - attack.t1553.004 + - attack.t1552.004 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_disable_logging.yml b/rules/network/cisco/aaa/cisco_cli_disable_logging.yml index b81e265b..4bc95584 100644 --- a/rules/network/cisco/aaa/cisco_cli_disable_logging.yml +++ b/rules/network/cisco/aaa/cisco_cli_disable_logging.yml @@ -9,6 +9,7 @@ date: 2019/08/11 tags: - attack.defense_evasion - attack.t1089 + - attack.t1562.001 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml index cc6155e1..ec6b4e1e 100644 --- a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml +++ b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml @@ -14,6 +14,9 @@ tags: - attack.t1107 - attack.t1488 - attack.t1487 + - attack.t1561.002 + - attack.t1551.004 + - attack.t1561.001 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_input_capture.yml b/rules/network/cisco/aaa/cisco_cli_input_capture.yml index 51467f57..d1bc266a 100644 --- a/rules/network/cisco/aaa/cisco_cli_input_capture.yml +++ b/rules/network/cisco/aaa/cisco_cli_input_capture.yml @@ -12,6 +12,7 @@ tags: - attack.credential_access - attack.t1139 - attack.t1056 + - attack.t1552.003 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_modify_config.yml b/rules/network/cisco/aaa/cisco_cli_modify_config.yml index bc11ecaf..6f98513e 100644 --- a/rules/network/cisco/aaa/cisco_cli_modify_config.yml +++ b/rules/network/cisco/aaa/cisco_cli_modify_config.yml @@ -16,6 +16,9 @@ tags: - attack.t1100 - attack.t1168 - attack.t1490 + - attack.t1565.002 + - attack.t1505 + - attack.t1053 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_moving_data.yml b/rules/network/cisco/aaa/cisco_cli_moving_data.yml index f9aa4c84..924588a6 100644 --- a/rules/network/cisco/aaa/cisco_cli_moving_data.yml +++ b/rules/network/cisco/aaa/cisco_cli_moving_data.yml @@ -19,6 +19,8 @@ tags: - attack.t1105 - attack.t1492 - attack.t1002 + - attack.t1560 + - attack.t1565.001 logsource: product: cisco service: aaa diff --git a/rules/network/net_susp_dns_txt_exec_strings.yml b/rules/network/net_susp_dns_txt_exec_strings.yml index 42ee5e22..95492f1b 100644 --- a/rules/network/net_susp_dns_txt_exec_strings.yml +++ b/rules/network/net_susp_dns_txt_exec_strings.yml @@ -7,17 +7,18 @@ references: - https://github.com/samratashok/nishang/blob/master/Backdoors/DNS_TXT_Pwnage.ps1 tags: - attack.t1071 + - attack.t1071.004 author: Markus Neis date: 2018/08/08 logsource: category: dns detection: selection: - record_type: 'TXT' - answer: - - '*IEX*' - - '*Invoke-Expression*' - - '*cmd.exe*' + record_type: 'TXT' + answer: + - '*IEX*' + - '*Invoke-Expression*' + - '*cmd.exe*' condition: selection falsepositives: - Unknown diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml index 4e79ed02..141a67dd 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_execution.yml @@ -6,46 +6,48 @@ date: 2020/03/19 references: - https://github.com/mitre-attack/bzar#indicators-for-attck-execution tags: - - attack.execution - - attack.t1035 - - attack.t1047 - - attack.t1053 + - attack.execution + - attack.t1035 + - attack.t1047 + - attack.t1053 + - attack.t1053.002 + - attack.t1569.002 logsource: - product: zeek - service: dce_rpc + product: zeek + service: dce_rpc detection: - op1: - endpoint: 'JobAdd' - operation: 'atsvc' - op2: - endpoint: 'ITaskSchedulerService' - operation: 'SchRpcEnableTask' - op3: - endpoint: 'ITaskSchedulerService' - operation: 'SchRpcRegisterTask' - op4: - endpoint: 'ITaskSchedulerService' - operation: 'SchRpcRun' - op5: - endpoint: 'IWbemServices' - operation: 'ExecMethod' - op6: - endpoint: 'IWbemServices' - operation: 'ExecMethodAsync' - op7: - endpoint: 'svcctl' - operation: 'CreateServiceA' - op8: - endpoint: 'svcctl' - operation: 'CreateServiceW' - op9: - endpoint: 'svcctl' - operation: 'StartServiceA' - op10: - endpoint: 'svcctl' - operation: 'StartServiceW' - condition: 1 of them + op1: + endpoint: 'JobAdd' + operation: 'atsvc' + op2: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcEnableTask' + op3: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcRegisterTask' + op4: + endpoint: 'ITaskSchedulerService' + operation: 'SchRpcRun' + op5: + endpoint: 'IWbemServices' + operation: 'ExecMethod' + op6: + endpoint: 'IWbemServices' + operation: 'ExecMethodAsync' + op7: + endpoint: 'svcctl' + operation: 'CreateServiceA' + op8: + endpoint: 'svcctl' + operation: 'CreateServiceW' + op9: + endpoint: 'svcctl' + operation: 'StartServiceA' + op10: + endpoint: 'svcctl' + operation: 'StartServiceW' + condition: 1 of them falsepositives: - 'Windows administrator tasks or troubleshooting' - 'Windows management scripts or software' -level: medium \ No newline at end of file +level: medium diff --git a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml index 3cce80d4..4dd5fc5d 100644 --- a/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml +++ b/rules/network/zeek/zeek_dce_rpc_mitre_bzar_persistence.yml @@ -8,30 +8,31 @@ references: tags: - attack.persistence - attack.t1004 + - attack.t1547.004 logsource: - product: zeek - service: dce_rpc + product: zeek + service: dce_rpc detection: - op1: - endpoint: 'spoolss' - operation: 'RpcAddMonitor' - op2: - endpoint: 'spoolss' - operation: 'RpcAddPrintProcessor' - op3: - endpoint: 'IRemoteWinspool' - operation: 'RpcAsyncAddMonitor' - op4: - endpoint: 'IRemoteWinspool' - operation: 'RpcAsyncAddPrintProcessor' - op5: - endpoint: 'ISecLogon' - operation: 'SeclCreateProcessWithLogonW' - op6: - endpoint: 'ISecLogon' - operation: 'SeclCreateProcessWithLogonExW' - condition: 1 of them + op1: + endpoint: 'spoolss' + operation: 'RpcAddMonitor' + op2: + endpoint: 'spoolss' + operation: 'RpcAddPrintProcessor' + op3: + endpoint: 'IRemoteWinspool' + operation: 'RpcAsyncAddMonitor' + op4: + endpoint: 'IRemoteWinspool' + operation: 'RpcAsyncAddPrintProcessor' + op5: + endpoint: 'ISecLogon' + operation: 'SeclCreateProcessWithLogonW' + op6: + endpoint: 'ISecLogon' + operation: 'SeclCreateProcessWithLogonExW' + condition: 1 of them falsepositives: - 'Windows administrator tasks or troubleshooting' - 'Windows management scripts or software' -level: medium \ No newline at end of file +level: medium diff --git a/rules/network/zeek/zeek_http_executable_download_from_webdav.yml b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml index 47cfdcbf..55bc7898 100644 --- a/rules/network/zeek/zeek_http_executable_download_from_webdav.yml +++ b/rules/network/zeek/zeek_http_executable_download_from_webdav.yml @@ -8,9 +8,10 @@ references: tags: - attack.command_and_control - attack.t1043 + - attack.t1571 logsource: - product: zeek - service: http + product: zeek + service: http date: 2020/05/01 detection: selection_webdav: @@ -23,4 +24,4 @@ detection: falsepositives: - unknown level: medium -status: experimental \ No newline at end of file +status: experimental diff --git a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml index 17a3704f..12e1eb4d 100644 --- a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml +++ b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml @@ -11,6 +11,7 @@ tags: - attack.t1053 - car.2013-05-004 - car.2015-04-001 + - attack.t1053.002 logsource: product: zeek service: smb_files diff --git a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml index 16e2f318..4a7fe93a 100644 --- a/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml +++ b/rules/network/zeek/zeek_smb_converted_win_impacket_secretdump.yml @@ -8,14 +8,17 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.003 logsource: product: zeek service: smb_files detection: - selection: - path: '\\*ADMIN$' - name: '*SYSTEM32\\*.tmp' - condition: selection + selection: + path: '\\*ADMIN$' + name: '*SYSTEM32\\*.tmp' + condition: selection falsepositives: - 'unknown' level: high diff --git a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml index eecef7a9..34b90aa1 100644 --- a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml +++ b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml @@ -1,14 +1,14 @@ title: First Time Seen Remote Named Pipe - Zeek id: 52d8b0c6-53d6-439a-9e41-52ad442ad9ad -description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec - using named pipes +description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec using named pipes author: 'Samir Bousseaden, @neu5ron' date: 2020/04/02 references: - https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_lm_namedpipe.yml -tags: +tags: - attack.lateral_movement - attack.t1077 + - attack.t1021.002 logsource: product: zeek service: smb_files @@ -18,23 +18,23 @@ detection: selection2: path: \\*\IPC$ name: - - 'atsvc' - - 'samr' - - 'lsarpc' - - 'winreg' - - 'netlogon' - - 'srvsvc' - - 'protected_storage' - - 'wkssvc' - - 'browser' - - 'netdfs' - - 'svcctl' - - 'spoolss' - - 'ntsvcs' - - 'LSM_API_service' - - 'HydraLsPipe' - - 'TermSrv_API_service' - - 'MsFteWds' + - 'atsvc' + - 'samr' + - 'lsarpc' + - 'winreg' + - 'netlogon' + - 'srvsvc' + - 'protected_storage' + - 'wkssvc' + - 'browser' + - 'netdfs' + - 'svcctl' + - 'spoolss' + - 'ntsvcs' + - 'LSM_API_service' + - 'HydraLsPipe' + - 'TermSrv_API_service' + - 'MsFteWds' condition: selection1 and not selection2 falsepositives: - update the excluded named pipe to filter out any newly observed legit named pipe diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml index 044d6f96..79bd5115 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_psexec.yml @@ -8,6 +8,7 @@ references: tags: - attack.lateral_movement - attack.t1077 + - attack.t1021.002 logsource: product: zeek service: smb_files @@ -15,9 +16,9 @@ detection: selection1: path: \\*\IPC$ name: - - '*-stdin' - - '*-stdout' - - '*-stderr' + - '*-stdin' + - '*-stdout' + - '*-stderr' selection2: name: \\*\IPC$ path: 'PSEXESVC*' diff --git a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml index 060189f4..503c9c8f 100644 --- a/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml +++ b/rules/network/zeek/zeek_smb_converted_win_transferring_files_with_credential_data.yml @@ -4,26 +4,29 @@ description: Transferring files with well-known filenames (sensitive files with author: '@neu5ron, Teymur Kheirkhabarov, oscd.community' date: 2020/04/02 references: - - https://github.com/neo23x0/sigma/blob/373424f14574facf9e261d5c822345a282b91479/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml + - https://github.com/neo23x0/sigma/blob/373424f14574facf9e261d5c822345a282b91479/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml tags: - - attack.credential_access - - attack.t1003 + - attack.credential_access + - attack.t1003 + - attack.t1003.002 + - attack.t1003.001 + - attack.t1003.003 logsource: - product: zeek - service: smb_files + product: zeek + service: smb_files detection: - selection: - name: - - '\mimidrv' - - '\lsass' - - '\windows\minidump\' - - '\hiberfil' - - '\sqldmpr' - - '\sam' - - '\ntds.dit' - - '\security' - condition: selection + selection: + name: + - '\mimidrv' + - '\lsass' + - '\windows\minidump\' + - '\hiberfil' + - '\sqldmpr' + - '\sam' + - '\ntds.dit' + - '\security' + condition: selection falsepositives: - Transferring sensitive files for legitimate administration work by legitimate administrator level: medium -status: experimental \ No newline at end of file +status: experimental diff --git a/rules/network/zeek/zeek_susp_kerberos_rc4.yml b/rules/network/zeek/zeek_susp_kerberos_rc4.yml index 456f8278..30b134ff 100644 --- a/rules/network/zeek/zeek_susp_kerberos_rc4.yml +++ b/rules/network/zeek/zeek_susp_kerberos_rc4.yml @@ -8,6 +8,7 @@ references: tags: - attack.credential_access - attack.t1208 + - attack.t1558.003 logsource: product: zeek service: kerberos diff --git a/rules/web/web_cve_2018_2894_weblogic_exploit.yml b/rules/web/web_cve_2018_2894_weblogic_exploit.yml index 5bc8b193..d086a2c4 100644 --- a/rules/web/web_cve_2018_2894_weblogic_exploit.yml +++ b/rules/web/web_cve_2018_2894_weblogic_exploit.yml @@ -13,7 +13,7 @@ logsource: category: webserver detection: selection: - c-uri: + c-uri: - '*/config/keystore/*.js*' condition: selection fields: @@ -28,5 +28,6 @@ tags: - attack.persistence - attack.privilege_escalation - cve.2018-2894 + - attack.t1505 level: critical diff --git a/rules/windows/builtin/win_GPO_scheduledtasks.yml b/rules/windows/builtin/win_GPO_scheduledtasks.yml index 6403ab72..75dfa1b0 100644 --- a/rules/windows/builtin/win_GPO_scheduledtasks.yml +++ b/rules/windows/builtin/win_GPO_scheduledtasks.yml @@ -10,6 +10,7 @@ tags: - attack.persistence - attack.lateral_movement - attack.t1053 + - attack.t1053.005 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_admin_share_access.yml b/rules/windows/builtin/win_admin_share_access.yml index e489b78f..a922e0e0 100644 --- a/rules/windows/builtin/win_admin_share_access.yml +++ b/rules/windows/builtin/win_admin_share_access.yml @@ -4,6 +4,7 @@ description: Detects access to $ADMIN share tags: - attack.lateral_movement - attack.t1077 + - attack.t1021.002 status: experimental author: Florian Roth date: 2017/03/04 diff --git a/rules/windows/builtin/win_alert_enable_weak_encryption.yml b/rules/windows/builtin/win_alert_enable_weak_encryption.yml index 906ac89b..5f77c777 100644 --- a/rules/windows/builtin/win_alert_enable_weak_encryption.yml +++ b/rules/windows/builtin/win_alert_enable_weak_encryption.yml @@ -9,6 +9,7 @@ date: 2017/07/30 tags: - attack.defense_evasion - attack.t1089 + - attack.t1562.001 logsource: product: windows service: security @@ -18,9 +19,9 @@ detection: EventID: 4738 keywords: Message: - - '*DES*' - - '*Preauth*' - - '*Encrypted*' + - '*DES*' + - '*Preauth*' + - '*Encrypted*' filters: Message: - '*Enabled*' diff --git a/rules/windows/builtin/win_alert_lsass_access.yml b/rules/windows/builtin/win_alert_lsass_access.yml index bcd7eae7..3ffde491 100644 --- a/rules/windows/builtin/win_alert_lsass_access.yml +++ b/rules/windows/builtin/win_alert_lsass_access.yml @@ -10,6 +10,7 @@ tags: - attack.credential_access - attack.t1003 # Defender Attack Surface Reduction + - attack.t1003.001 logsource: product: windows_defender definition: 'Requirements:Enabled Block credential stealing from the Windows local security authority subsystem (lsass.exe) from Attack Surface Reduction (GUID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2)' diff --git a/rules/windows/builtin/win_alert_mimikatz_keywords.yml b/rules/windows/builtin/win_alert_mimikatz_keywords.yml index f6ad95c8..5a0783fd 100644 --- a/rules/windows/builtin/win_alert_mimikatz_keywords.yml +++ b/rules/windows/builtin/win_alert_mimikatz_keywords.yml @@ -1,7 +1,6 @@ title: Mimikatz Use id: 06d71506-7beb-4f22-8888-e2e5e2ca7fd8 -description: This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different - threat groups) +description: This method detects mimikatz keywords in different Eventlogs (some of them only appear in older Mimikatz version that are however still used by different threat groups) author: Florian Roth date: 2017/01/10 modified: 2019/10/11 @@ -12,21 +11,25 @@ tags: - attack.credential_access - car.2013-07-001 - car.2019-04-004 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.001 + - attack.t1003.006 logsource: product: windows detection: keywords: Message: - - "* mimikatz *" - - "* mimilib *" - - "* <3 eo.oe *" - - "* eo.oe.kiwi *" - - "* privilege::debug *" - - "* sekurlsa::logonpasswords *" - - "* lsadump::sam *" - - "* mimidrv.sys *" - - "* p::d *" - - "* s::l *" + - "* mimikatz *" + - "* mimilib *" + - "* <3 eo.oe *" + - "* eo.oe.kiwi *" + - "* privilege::debug *" + - "* sekurlsa::logonpasswords *" + - "* lsadump::sam *" + - "* mimidrv.sys *" + - "* p::d *" + - "* s::l *" condition: keywords falsepositives: - Naughty administrators diff --git a/rules/windows/builtin/win_alert_ruler.yml b/rules/windows/builtin/win_alert_ruler.yml index 21a85472..603904ca 100644 --- a/rules/windows/builtin/win_alert_ruler.yml +++ b/rules/windows/builtin/win_alert_ruler.yml @@ -17,18 +17,19 @@ tags: - attack.t1075 - attack.t1114 - attack.t1059 + - attack.t1550.002 logsource: product: windows service: security detection: selection1: - EventID: - - 4776 + EventID: + - 4776 Workstation: 'RULER' selection2: EventID: - - 4624 - - 4625 + - 4624 + - 4625 WorkstationName: 'RULER' condition: (1 of selection*) falsepositives: diff --git a/rules/windows/builtin/win_apt_carbonpaper_turla.yml b/rules/windows/builtin/win_apt_carbonpaper_turla.yml index b16c0733..b819affb 100755 --- a/rules/windows/builtin/win_apt_carbonpaper_turla.yml +++ b/rules/windows/builtin/win_apt_carbonpaper_turla.yml @@ -7,6 +7,7 @@ tags: - attack.persistence - attack.g0010 - attack.t1050 + - attack.t1543.003 date: 2017/03/31 author: Florian Roth logsource: diff --git a/rules/windows/builtin/win_apt_stonedrill.yml b/rules/windows/builtin/win_apt_stonedrill.yml index 3db1bfe6..5ffa7528 100755 --- a/rules/windows/builtin/win_apt_stonedrill.yml +++ b/rules/windows/builtin/win_apt_stonedrill.yml @@ -9,6 +9,7 @@ tags: - attack.persistence - attack.g0064 - attack.t1050 + - attack.t1543.003 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_apt_turla_service_png.yml b/rules/windows/builtin/win_apt_turla_service_png.yml index 642809a5..467abba2 100644 --- a/rules/windows/builtin/win_apt_turla_service_png.yml +++ b/rules/windows/builtin/win_apt_turla_service_png.yml @@ -9,6 +9,7 @@ tags: - attack.persistence - attack.g0010 - attack.t1050 + - attack.t1543.003 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_atsvc_task.yml b/rules/windows/builtin/win_atsvc_task.yml index e896b3bc..bb4ce41a 100644 --- a/rules/windows/builtin/win_atsvc_task.yml +++ b/rules/windows/builtin/win_atsvc_task.yml @@ -11,6 +11,7 @@ tags: - attack.t1053 - car.2013-05-004 - car.2015-04-001 + - attack.t1053.002 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_dcsync.yml b/rules/windows/builtin/win_dcsync.yml index f29e9a5f..1181f0e1 100644 --- a/rules/windows/builtin/win_dcsync.yml +++ b/rules/windows/builtin/win_dcsync.yml @@ -12,18 +12,19 @@ tags: - attack.credential_access - attack.s0002 - attack.t1003 + - attack.t1003.006 logsource: product: windows service: security detection: selection: EventID: 4662 - Properties: + Properties: - '*Replicating Directory Changes All*' - '*1131f6ad-9c07-11d1-f79f-00c04fc2dcd2*' filter1: SubjectDomainName: 'Window Manager' - filter2: + filter2: SubjectUserName: - 'NT AUTHORITY*' - '*$' diff --git a/rules/windows/builtin/win_disable_event_logging.yml b/rules/windows/builtin/win_disable_event_logging.yml index 20463e6a..788ac854 100644 --- a/rules/windows/builtin/win_disable_event_logging.yml +++ b/rules/windows/builtin/win_disable_event_logging.yml @@ -1,15 +1,12 @@ title: Disabling Windows Event Auditing id: 69aeb277-f15f-4d2d-b32a-55e883609563 -description: 'Detects scenarios where system auditing (ie: windows event log auditing) is disabled. This may be used in a scenario where an entity would want to bypass - local logging to evade detection when windows event logging is enabled and reviewed. Also, it is recommended to turn off "Local Group Policy Object Processing" - via GPO, which will make sure that Active Directory GPOs take precedence over local/edited computer policies via something such as "gpedit.msc". Please note, - that disabling "Local Group Policy Object Processing" may cause an issue in scenarios of one off specific GPO modifications -- however it is recommended to perform - these modifications in Active Directory anyways.' +description: 'Detects scenarios where system auditing (ie: windows event log auditing) is disabled. This may be used in a scenario where an entity would want to bypass local logging to evade detection when windows event logging is enabled and reviewed. Also, it is recommended to turn off "Local Group Policy Object Processing" via GPO, which will make sure that Active Directory GPOs take precedence over local/edited computer policies via something such as "gpedit.msc". Please note, that disabling "Local Group Policy Object Processing" may cause an issue in scenarios of one off specific GPO modifications -- however it is recommended to perform these modifications in Active Directory anyways.' references: - https://bit.ly/WinLogsZero2Hero tags: - attack.defense_evasion - attack.t1054 + - attack.t1562.006 author: '@neu5ron' date: 2017/11/19 logsource: diff --git a/rules/windows/builtin/win_dpapi_domain_backupkey_extraction.yml b/rules/windows/builtin/win_dpapi_domain_backupkey_extraction.yml index 3093a086..fc70f3b1 100644 --- a/rules/windows/builtin/win_dpapi_domain_backupkey_extraction.yml +++ b/rules/windows/builtin/win_dpapi_domain_backupkey_extraction.yml @@ -9,11 +9,12 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.004 logsource: product: windows service: security detection: - selection: + selection: EventID: 4662 ObjectType: 'SecretObject' AccessMask: '0x2' @@ -21,4 +22,4 @@ detection: condition: selection falsepositives: - Unknown -level: critical \ No newline at end of file +level: critical diff --git a/rules/windows/builtin/win_dpapi_domain_masterkey_backup_attempt.yml b/rules/windows/builtin/win_dpapi_domain_masterkey_backup_attempt.yml index f488f98a..47ec4686 100644 --- a/rules/windows/builtin/win_dpapi_domain_masterkey_backup_attempt.yml +++ b/rules/windows/builtin/win_dpapi_domain_masterkey_backup_attempt.yml @@ -9,11 +9,12 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.004 logsource: product: windows service: security detection: - selection: + selection: EventID: 4692 condition: selection fields: diff --git a/rules/windows/builtin/win_hack_smbexec.yml b/rules/windows/builtin/win_hack_smbexec.yml index bf335fbe..270419c1 100644 --- a/rules/windows/builtin/win_hack_smbexec.yml +++ b/rules/windows/builtin/win_hack_smbexec.yml @@ -10,6 +10,8 @@ tags: - attack.execution - attack.t1077 - attack.t1035 + - attack.t1021 + - attack.t1569.002 logsource: product: windows service: system @@ -25,4 +27,4 @@ fields: falsepositives: - Penetration Test - Unknown -level: critical \ No newline at end of file +level: critical diff --git a/rules/windows/builtin/win_impacket_secretdump.yml b/rules/windows/builtin/win_impacket_secretdump.yml index 14d5060e..ca4effe5 100644 --- a/rules/windows/builtin/win_impacket_secretdump.yml +++ b/rules/windows/builtin/win_impacket_secretdump.yml @@ -8,6 +8,9 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.003 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_lm_namedpipe.yml b/rules/windows/builtin/win_lm_namedpipe.yml index 90dca9c1..8bbbbc1a 100644 --- a/rules/windows/builtin/win_lm_namedpipe.yml +++ b/rules/windows/builtin/win_lm_namedpipe.yml @@ -1,7 +1,6 @@ title: First Time Seen Remote Named Pipe id: 52d8b0c6-53d6-439a-9e41-52ad442ad9ad -description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec - using named pipes +description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec using named pipes author: Samir Bousseaden date: 2019/04/03 references: @@ -9,6 +8,7 @@ references: tags: - attack.lateral_movement - attack.t1077 + - attack.t1021.002 logsource: product: windows service: security @@ -21,23 +21,23 @@ detection: EventID: 5145 ShareName: \\*\IPC$ RelativeTargetName: - - 'atsvc' - - 'samr' - - 'lsarpc' - - 'winreg' - - 'netlogon' - - 'srvsvc' - - 'protected_storage' - - 'wkssvc' - - 'browser' - - 'netdfs' - - 'svcctl' - - 'spoolss' - - 'ntsvcs' - - 'LSM_API_service' - - 'HydraLsPipe' - - 'TermSrv_API_service' - - 'MsFteWds' + - 'atsvc' + - 'samr' + - 'lsarpc' + - 'winreg' + - 'netlogon' + - 'srvsvc' + - 'protected_storage' + - 'wkssvc' + - 'browser' + - 'netdfs' + - 'svcctl' + - 'spoolss' + - 'ntsvcs' + - 'LSM_API_service' + - 'HydraLsPipe' + - 'TermSrv_API_service' + - 'MsFteWds' condition: selection1 and not selection2 falsepositives: - update the excluded named pipe to filter out any newly observed legit named pipe diff --git a/rules/windows/builtin/win_lsass_access_non_system_account.yml b/rules/windows/builtin/win_lsass_access_non_system_account.yml index adb3f7a6..9f0bd07f 100644 --- a/rules/windows/builtin/win_lsass_access_non_system_account.yml +++ b/rules/windows/builtin/win_lsass_access_non_system_account.yml @@ -10,11 +10,12 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: security detection: - selection: + selection: EventID: - 4663 - 4656 diff --git a/rules/windows/builtin/win_mal_service_installs.yml b/rules/windows/builtin/win_mal_service_installs.yml index d2bb06fe..8fe19151 100644 --- a/rules/windows/builtin/win_mal_service_installs.yml +++ b/rules/windows/builtin/win_mal_service_installs.yml @@ -11,6 +11,8 @@ tags: - attack.t1035 - attack.t1050 - car.2013-09-005 + - attack.t1543.003 + - attack.t1569.002 logsource: product: windows service: system @@ -24,6 +26,6 @@ detection: malsvc_persistence: ServiceFileName|contains: 'net user' condition: selection and 1 of malsvc_* -falsepositives: +falsepositives: - Penetration testing level: critical diff --git a/rules/windows/builtin/win_mmc20_lateral_movement.yml b/rules/windows/builtin/win_mmc20_lateral_movement.yml index baaaca7f..b6ee82fb 100644 --- a/rules/windows/builtin/win_mmc20_lateral_movement.yml +++ b/rules/windows/builtin/win_mmc20_lateral_movement.yml @@ -1,23 +1,25 @@ title: MMC20 Lateral Movement id: f1f3bf22-deb2-418d-8cce-e1a45e46a5bd -description: Detects MMC20.Application Lateral Movement; specifically looks for the spawning of the parent MMC.exe with a command line of "-Embedding" as a child of svchost.exe +description: Detects MMC20.Application Lateral Movement; specifically looks for the spawning of the parent MMC.exe with a command line of "-Embedding" as a child of svchost.exe author: '@2xxeformyshirt (Security Risk Advisors)' date: 2020/03/04 references: - - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ - - https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view?usp=sharing + - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/ + - https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view?usp=sharing tags: - - attack.execution - - attack.t1175 + - attack.execution + - attack.t1175 + - attack.t1021.003 + - attack.t1559.001 logsource: - category: process_creation - product: windows + category: process_creation + product: windows detection: - selection: - ParentImage: '*\svchost.exe' - Image: '*\mmc.exe' - CommandLine: '*-Embedding*' - condition: selection + selection: + ParentImage: '*\svchost.exe' + Image: '*\mmc.exe' + CommandLine: '*-Embedding*' + condition: selection falsepositives: - - Unlikely + - Unlikely level: high diff --git a/rules/windows/builtin/win_overpass_the_hash.yml b/rules/windows/builtin/win_overpass_the_hash.yml index f909666e..11f2afb8 100644 --- a/rules/windows/builtin/win_overpass_the_hash.yml +++ b/rules/windows/builtin/win_overpass_the_hash.yml @@ -10,6 +10,7 @@ tags: - attack.lateral_movement - attack.t1075 - attack.s0002 + - attack.t1550.002 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_pass_the_hash.yml b/rules/windows/builtin/win_pass_the_hash.yml index 582a77b9..1fa07af1 100644 --- a/rules/windows/builtin/win_pass_the_hash.yml +++ b/rules/windows/builtin/win_pass_the_hash.yml @@ -10,6 +10,7 @@ tags: - attack.lateral_movement - attack.t1075 - car.2016-04-004 + - attack.t1550.002 logsource: product: windows service: security @@ -17,15 +18,15 @@ logsource: detection: selection: - EventID: 4624 - LogonType: '3' - LogonProcessName: 'NtLmSsp' - WorkstationName: '%Workstations%' - ComputerName: '%Workstations%' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + WorkstationName: '%Workstations%' + ComputerName: '%Workstations%' - EventID: 4625 - LogonType: '3' - LogonProcessName: 'NtLmSsp' - WorkstationName: '%Workstations%' - ComputerName: '%Workstations%' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + WorkstationName: '%Workstations%' + ComputerName: '%Workstations%' filter: AccountName: 'ANONYMOUS LOGON' condition: selection and not filter diff --git a/rules/windows/builtin/win_pass_the_hash_2.yml b/rules/windows/builtin/win_pass_the_hash_2.yml index 6930ee9c..82f26131 100644 --- a/rules/windows/builtin/win_pass_the_hash_2.yml +++ b/rules/windows/builtin/win_pass_the_hash_2.yml @@ -11,6 +11,7 @@ date: 2019/06/14 tags: - attack.lateral_movement - attack.t1075 + - attack.t1550.002 logsource: product: windows service: security @@ -18,13 +19,13 @@ logsource: detection: selection: - EventID: 4624 - SubjectUserSid: 'S-1-0-0' - LogonType: '3' - LogonProcessName: 'NtLmSsp' - KeyLength: '0' + SubjectUserSid: 'S-1-0-0' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + KeyLength: '0' - EventID: 4624 - LogonType: '9' - LogonProcessName: 'seclogo' + LogonType: '9' + LogonProcessName: 'seclogo' filter: AccountName: 'ANONYMOUS LOGON' condition: selection and not filter diff --git a/rules/windows/builtin/win_quarkspwdump_clearing_hive_access_history.yml b/rules/windows/builtin/win_quarkspwdump_clearing_hive_access_history.yml index 8484a1f3..b20672ad 100644 --- a/rules/windows/builtin/win_quarkspwdump_clearing_hive_access_history.yml +++ b/rules/windows/builtin/win_quarkspwdump_clearing_hive_access_history.yml @@ -8,6 +8,7 @@ modified: 2019/11/13 tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 level: critical logsource: product: windows diff --git a/rules/windows/builtin/win_rare_schtasks_creations.yml b/rules/windows/builtin/win_rare_schtasks_creations.yml index bbd45c50..de8a93f8 100644 --- a/rules/windows/builtin/win_rare_schtasks_creations.yml +++ b/rules/windows/builtin/win_rare_schtasks_creations.yml @@ -10,6 +10,7 @@ tags: - attack.persistence - attack.t1053 - car.2013-08-001 + - attack.t1053.005 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_rare_service_installs.yml b/rules/windows/builtin/win_rare_service_installs.yml index acd55cb6..14b4ecf8 100644 --- a/rules/windows/builtin/win_rare_service_installs.yml +++ b/rules/windows/builtin/win_rare_service_installs.yml @@ -9,6 +9,7 @@ tags: - attack.privilege_escalation - attack.t1050 - car.2013-09-005 + - attack.t1543.003 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_rdp_localhost_login.yml b/rules/windows/builtin/win_rdp_localhost_login.yml index 3f269fe7..165bd12f 100644 --- a/rules/windows/builtin/win_rdp_localhost_login.yml +++ b/rules/windows/builtin/win_rdp_localhost_login.yml @@ -9,6 +9,7 @@ tags: - attack.lateral_movement - attack.t1076 - car.2013-07-002 + - attack.t1021 status: experimental author: Thomas Patzke logsource: diff --git a/rules/windows/builtin/win_rdp_reverse_tunnel.yml b/rules/windows/builtin/win_rdp_reverse_tunnel.yml index d18e5200..a68d5745 100644 --- a/rules/windows/builtin/win_rdp_reverse_tunnel.yml +++ b/rules/windows/builtin/win_rdp_reverse_tunnel.yml @@ -14,6 +14,7 @@ tags: - attack.t1076 - attack.t1090 - car.2013-07-002 + - attack.t1021 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml b/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml index 9fb4e644..c1d677ee 100644 --- a/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml +++ b/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml @@ -8,6 +8,7 @@ tags: - attack.lateral_movement - attack.privilege_escalation - attack.t1208 + - attack.t1558.003 author: Roberto Rodriguez (source), Ilyas Ochkov (rule), oscd.community date: 2019/10/24 logsource: @@ -16,7 +17,7 @@ logsource: detection: selection: - EventID: 4611 - LogonProcessName: 'User32LogonProcesss' + LogonProcessName: 'User32LogonProcesss' condition: selection falsepositives: - Unkown diff --git a/rules/windows/builtin/win_remote_powershell_session.yml b/rules/windows/builtin/win_remote_powershell_session.yml index d0e395e4..1167c97f 100644 --- a/rules/windows/builtin/win_remote_powershell_session.yml +++ b/rules/windows/builtin/win_remote_powershell_session.yml @@ -9,11 +9,12 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: security detection: - selection: + selection: EventID: 5156 DestPort: - 5985 diff --git a/rules/windows/builtin/win_susp_add_sid_history.yml b/rules/windows/builtin/win_susp_add_sid_history.yml index 0a407a6e..1eb679dc 100644 --- a/rules/windows/builtin/win_susp_add_sid_history.yml +++ b/rules/windows/builtin/win_susp_add_sid_history.yml @@ -10,6 +10,7 @@ tags: - attack.persistence - attack.privilege_escalation - attack.t1178 + - attack.t1134.005 logsource: product: windows service: security @@ -25,7 +26,7 @@ detection: - '-' - '%%1793' filter_null: - SidHistory: null + SidHistory: condition: selection1 or (selection2 and not selection3 and not filter_null) falsepositives: - Migration of an account into a new domain diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml index 32dfb5d0..332b6c80 100644 --- a/rules/windows/builtin/win_susp_backup_delete.yml +++ b/rules/windows/builtin/win_susp_backup_delete.yml @@ -10,6 +10,7 @@ date: 2017/05/12 tags: - attack.defense_evasion - attack.t1107 + - attack.t1551.004 logsource: product: windows service: application diff --git a/rules/windows/builtin/win_susp_codeintegrity_check_failure.yml b/rules/windows/builtin/win_susp_codeintegrity_check_failure.yml index 34331edc..e5afc8f7 100644 --- a/rules/windows/builtin/win_susp_codeintegrity_check_failure.yml +++ b/rules/windows/builtin/win_susp_codeintegrity_check_failure.yml @@ -7,6 +7,7 @@ date: 2019/12/03 tags: - attack.defense_evasion - attack.t1009 + - attack.t1027 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_susp_dhcp_config.yml b/rules/windows/builtin/win_susp_dhcp_config.yml index a7090b8d..0c357fc9 100644 --- a/rules/windows/builtin/win_susp_dhcp_config.yml +++ b/rules/windows/builtin/win_susp_dhcp_config.yml @@ -11,6 +11,7 @@ author: Dimitrios Slamaris tags: - attack.defense_evasion - attack.t1073 + - attack.t1574.002 logsource: product: windows service: system @@ -19,6 +20,6 @@ detection: EventID: 1033 Source: Microsoft-Windows-DHCP-Server condition: selection -falsepositives: +falsepositives: - Unknown level: critical diff --git a/rules/windows/builtin/win_susp_dhcp_config_failed.yml b/rules/windows/builtin/win_susp_dhcp_config_failed.yml index f3c4f36e..8dc62e80 100644 --- a/rules/windows/builtin/win_susp_dhcp_config_failed.yml +++ b/rules/windows/builtin/win_susp_dhcp_config_failed.yml @@ -11,18 +11,19 @@ modified: 2019/07/17 tags: - attack.defense_evasion - attack.t1073 + - attack.t1574.002 author: "Dimitrios Slamaris, @atc_project (fix)" logsource: product: windows service: system detection: selection: - EventID: + EventID: - 1031 - 1032 - 1034 - Source: Microsoft-Windows-DHCP-Server + Source: Microsoft-Windows-DHCP-Server condition: selection -falsepositives: +falsepositives: - Unknown level: critical diff --git a/rules/windows/builtin/win_susp_dns_config.yml b/rules/windows/builtin/win_susp_dns_config.yml index df7ffe3f..8ef63d9c 100644 --- a/rules/windows/builtin/win_susp_dns_config.yml +++ b/rules/windows/builtin/win_susp_dns_config.yml @@ -10,17 +10,18 @@ references: tags: - attack.defense_evasion - attack.t1073 + - attack.t1574.002 author: Florian Roth logsource: product: windows service: dns-server detection: selection: - EventID: + EventID: - 150 - 770 condition: selection -falsepositives: +falsepositives: - Unknown level: critical diff --git a/rules/windows/builtin/win_susp_eventlog_cleared.yml b/rules/windows/builtin/win_susp_eventlog_cleared.yml index ec1981f5..b0698a1c 100644 --- a/rules/windows/builtin/win_susp_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_eventlog_cleared.yml @@ -10,6 +10,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 + - attack.t1551 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_susp_lsass_dump.yml b/rules/windows/builtin/win_susp_lsass_dump.yml index 52921441..b3b39f7b 100644 --- a/rules/windows/builtin/win_susp_lsass_dump.yml +++ b/rules/windows/builtin/win_susp_lsass_dump.yml @@ -8,6 +8,7 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_susp_lsass_dump_generic.yml b/rules/windows/builtin/win_susp_lsass_dump_generic.yml index 604c2f41..fa536e26 100644 --- a/rules/windows/builtin/win_susp_lsass_dump_generic.yml +++ b/rules/windows/builtin/win_susp_lsass_dump_generic.yml @@ -12,6 +12,7 @@ tags: - attack.credential_access - attack.t1003 - car.2019-04-004 + - attack.t1003.001 logsource: product: windows service: security @@ -40,7 +41,7 @@ detection: - '4484' - '4416' filter: - ProcessName|endswith: + ProcessName|endswith: - '\wmiprvse.exe' - '\taskmgr.exe' - '\procexp64.exe' diff --git a/rules/windows/builtin/win_susp_msmpeng_crash.yml b/rules/windows/builtin/win_susp_msmpeng_crash.yml index 3e6f6fcb..4ce48ead 100644 --- a/rules/windows/builtin/win_susp_msmpeng_crash.yml +++ b/rules/windows/builtin/win_susp_msmpeng_crash.yml @@ -5,6 +5,7 @@ tags: - attack.defense_evasion - attack.t1089 - attack.t1211 + - attack.t1562.001 status: experimental date: 2017/05/09 references: diff --git a/rules/windows/builtin/win_susp_ntlm_auth.yml b/rules/windows/builtin/win_susp_ntlm_auth.yml index f8ea778c..3e4a2fb9 100644 --- a/rules/windows/builtin/win_susp_ntlm_auth.yml +++ b/rules/windows/builtin/win_susp_ntlm_auth.yml @@ -10,6 +10,7 @@ date: 2018/06/08 tags: - attack.lateral_movement - attack.t1075 + - attack.t1550.002 logsource: product: windows service: ntlm diff --git a/rules/windows/builtin/win_susp_psexec.yml b/rules/windows/builtin/win_susp_psexec.yml index f48f593b..62216f2e 100644 --- a/rules/windows/builtin/win_susp_psexec.yml +++ b/rules/windows/builtin/win_susp_psexec.yml @@ -1,7 +1,6 @@ title: Suspicious PsExec Execution id: c462f537-a1e3-41a6-b5fc-b2c2cef9bf82 -description: detects execution of psexec or paexec with renamed service name, this rule helps to filter out the noise if psexec is used for legit purposes or if attacker - uses a different psexec client other than sysinternal one +description: detects execution of psexec or paexec with renamed service name, this rule helps to filter out the noise if psexec is used for legit purposes or if attacker uses a different psexec client other than sysinternal one author: Samir Bousseaden date: 2019/04/03 references: @@ -9,6 +8,7 @@ references: tags: - attack.lateral_movement - attack.t1077 + - attack.t1021.002 logsource: product: windows service: security @@ -18,9 +18,9 @@ detection: EventID: 5145 ShareName: \\*\IPC$ RelativeTargetName: - - '*-stdin' - - '*-stdout' - - '*-stderr' + - '*-stdin' + - '*-stdout' + - '*-stderr' selection2: EventID: 5145 ShareName: \\*\IPC$ diff --git a/rules/windows/builtin/win_susp_rc4_kerberos.yml b/rules/windows/builtin/win_susp_rc4_kerberos.yml index 534151c4..56bea540 100644 --- a/rules/windows/builtin/win_susp_rc4_kerberos.yml +++ b/rules/windows/builtin/win_susp_rc4_kerberos.yml @@ -7,6 +7,7 @@ references: tags: - attack.credential_access - attack.t1208 + - attack.t1558.003 description: Detects service ticket requests using RC4 encryption type author: Florian Roth date: 2017/02/06 diff --git a/rules/windows/builtin/win_susp_rottenpotato.yml b/rules/windows/builtin/win_susp_rottenpotato.yml index 1e7d58b2..c6df3410 100644 --- a/rules/windows/builtin/win_susp_rottenpotato.yml +++ b/rules/windows/builtin/win_susp_rottenpotato.yml @@ -10,6 +10,7 @@ tags: - attack.privilege_escalation - attack.credential_access - attack.t1171 + - attack.t1557.001 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_susp_sam_dump.yml b/rules/windows/builtin/win_susp_sam_dump.yml index 930531db..117fa49b 100644 --- a/rules/windows/builtin/win_susp_sam_dump.yml +++ b/rules/windows/builtin/win_susp_sam_dump.yml @@ -5,6 +5,7 @@ description: Detects suspicious SAM dump activity as cause by QuarksPwDump and o tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 author: Florian Roth date: 2018/01/27 logsource: diff --git a/rules/windows/builtin/win_susp_sdelete.yml b/rules/windows/builtin/win_susp_sdelete.yml index 5f8df21e..8483f026 100644 --- a/rules/windows/builtin/win_susp_sdelete.yml +++ b/rules/windows/builtin/win_susp_sdelete.yml @@ -13,6 +13,8 @@ tags: - attack.t1107 - attack.t1066 - attack.s0195 + - attack.t1551.004 + - attack.t1027 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml index 7b0b7dcc..d31a49b4 100644 --- a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml @@ -5,6 +5,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 + - attack.t1551 author: Florian Roth date: 2017/02/19 logsource: diff --git a/rules/windows/builtin/win_susp_time_modification.yml b/rules/windows/builtin/win_susp_time_modification.yml index 628f4a7f..c457b28e 100644 --- a/rules/windows/builtin/win_susp_time_modification.yml +++ b/rules/windows/builtin/win_susp_time_modification.yml @@ -11,6 +11,7 @@ midified: 2020/01/27 tags: - attack.defense_evasion - attack.t1099 + - attack.t1551.006 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml b/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml index 7eca151e..921c558e 100644 --- a/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml +++ b/rules/windows/builtin/win_suspicious_outbound_kerberos_connection.yml @@ -10,6 +10,7 @@ modified: 2019/11/13 tags: - attack.lateral_movement - attack.t1208 + - attack.t1558.003 logsource: product: windows service: security @@ -23,7 +24,7 @@ detection: - '\opera.exe' - '\chrome.exe' - '\firefox.exe' - condition: selection and not filter + condition: selection and not filter falsepositives: - Other browsers level: high diff --git a/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml b/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml index 15a91884..9084a2cb 100644 --- a/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml +++ b/rules/windows/builtin/win_transferring_files_with_credential_data_via_network_shares.yml @@ -8,6 +8,9 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.001 + - attack.t1003.003 logsource: product: windows service: security diff --git a/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml b/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml index 319250a1..59ee3b4b 100644 --- a/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml +++ b/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml @@ -1,7 +1,6 @@ title: User Couldn't Call a Privileged Service 'LsaRegisterLogonProcess' id: 6daac7fc-77d1-449a-a71a-e6b4d59a0e54 -description: The 'LsaRegisterLogonProcess' function verifies that the application making the function call is a logon process by checking that it has the SeTcbPrivilege - privilege set. Possible Rubeus tries to get a handle to LSA. +description: The 'LsaRegisterLogonProcess' function verifies that the application making the function call is a logon process by checking that it has the SeTcbPrivilege privilege set. Possible Rubeus tries to get a handle to LSA. status: experimental references: - https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1 @@ -9,6 +8,7 @@ tags: - attack.lateral_movement - attack.privilege_escalation - attack.t1208 + - attack.t1558.003 author: Roberto Rodriguez (source), Ilyas Ochkov (rule), oscd.community date: 2019/10/24 logsource: @@ -17,8 +17,8 @@ logsource: detection: selection: - EventID: 4673 - Service: 'LsaRegisterLogonProcess()' - Keywords: '0x8010000000000000' #failure + Service: 'LsaRegisterLogonProcess()' + Keywords: '0x8010000000000000' #failure condition: selection falsepositives: - Unkown diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index e993a8d4..9d3ae187 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -8,6 +8,7 @@ references: tags: - attack.t1089 - attack.defense_evasion + - attack.t1562.001 date: 2019/04/08 author: xknow (@xknow_infosec), xorxes (@xor_xes) logsource: diff --git a/rules/windows/malware/av_password_dumper.yml b/rules/windows/malware/av_password_dumper.yml index 52854854..168d357e 100644 --- a/rules/windows/malware/av_password_dumper.yml +++ b/rules/windows/malware/av_password_dumper.yml @@ -9,11 +9,14 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1558 + - attack.t1003.001 + - attack.t1003.002 logsource: product: antivirus detection: selection: - Signature: + Signature: - "*DumpCreds*" - "*Mimikatz*" - "*PWCrack*" diff --git a/rules/windows/malware/av_webshell.yml b/rules/windows/malware/av_webshell.yml index b041fda8..11f8eb0b 100644 --- a/rules/windows/malware/av_webshell.yml +++ b/rules/windows/malware/av_webshell.yml @@ -9,11 +9,12 @@ references: tags: - attack.persistence - attack.t1100 + - attack.t1505.003 logsource: product: antivirus detection: selection: - Signature: + Signature: - "PHP/Backdoor*" - "JSP/Backdoor*" - "ASP/Backdoor*" diff --git a/rules/windows/other/win_defender_bypass.yml b/rules/windows/other/win_defender_bypass.yml index cc4fb5b8..f70b847e 100644 --- a/rules/windows/other/win_defender_bypass.yml +++ b/rules/windows/other/win_defender_bypass.yml @@ -6,6 +6,7 @@ references: tags: - attack.defense_evasion - attack.t1089 + - attack.t1562.001 author: "@BarryShooshooga" date: 2019/10/26 logsource: @@ -14,13 +15,13 @@ logsource: definition: 'Requirements: Audit Policy : Security Settings/Local Policies/Audit Policy, Registry System Access Control (SACL): Auditing/User' detection: selection: - EventID: + EventID: - 4657 - 4656 - 4660 - 4663 ObjectName|contains: '\Microsoft\Windows Defender\Exclusions\' condition: selection -falsepositives: +falsepositives: - Intended inclusions by administrator level: high diff --git a/rules/windows/other/win_rare_schtask_creation.yml b/rules/windows/other/win_rare_schtask_creation.yml index 2992ab30..1329e32f 100644 --- a/rules/windows/other/win_rare_schtask_creation.yml +++ b/rules/windows/other/win_rare_schtask_creation.yml @@ -1,12 +1,12 @@ title: Rare Scheduled Task Creations id: b20f6158-9438-41be-83da-a5a16ac90c2b status: experimental -description: This rule detects rare scheduled task creations. Typically software gets installed on multiple systems and not only on a few. The aggregation and count - function selects tasks with rare names. +description: This rule detects rare scheduled task creations. Typically software gets installed on multiple systems and not only on a few. The aggregation and count function selects tasks with rare names. tags: - attack.persistence - attack.t1053 - attack.s0111 + - attack.t1053.005 author: Florian Roth date: 2017/03/17 logsource: diff --git a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml index 37f10827..07b87d01 100644 --- a/rules/windows/powershell/powershell_alternate_powershell_hosts.yml +++ b/rules/windows/powershell/powershell_alternate_powershell_hosts.yml @@ -10,11 +10,12 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: powershell detection: - selection: + selection: EventID: - 4103 - 400 diff --git a/rules/windows/powershell/powershell_clear_powershell_history.yml b/rules/windows/powershell/powershell_clear_powershell_history.yml index d6c42d03..4f52faec 100644 --- a/rules/windows/powershell/powershell_clear_powershell_history.yml +++ b/rules/windows/powershell/powershell_clear_powershell_history.yml @@ -9,6 +9,7 @@ references: tags: - attack.defense_evasion - attack.t1146 + - attack.t1551.003 logsource: product: windows service: powershell diff --git a/rules/windows/powershell/powershell_create_local_user.yml b/rules/windows/powershell/powershell_create_local_user.yml index 279826f9..d479cb48 100644 --- a/rules/windows/powershell/powershell_create_local_user.yml +++ b/rules/windows/powershell/powershell_create_local_user.yml @@ -1,6 +1,6 @@ title: PowerShell Create Local User id: 243de76f-4725-4f2e-8225-a8a69b15ad61 -status: experimental +status: experimental description: Detects creation of a local user via PowerShell references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136/T1136.md @@ -9,8 +9,9 @@ tags: - attack.t1086 - attack.persistence - attack.t1136 -author: '@ROxPinTeddy' -date: 2020/04/11 + - attack.t1059.001 +author: '@ROxPinTeddy' +date: 2020/04/11 logsource: product: windows service: powershell @@ -19,7 +20,7 @@ detection: EventID: 4104 Message|contains: - 'New-LocalUser' - condition: selection + condition: selection falsepositives: - - Legitimate user creation + - Legitimate user creation level: medium diff --git a/rules/windows/powershell/powershell_data_compressed.yml b/rules/windows/powershell/powershell_data_compressed.yml index 9af0feff..ebd3a1c0 100644 --- a/rules/windows/powershell/powershell_data_compressed.yml +++ b/rules/windows/powershell/powershell_data_compressed.yml @@ -1,8 +1,7 @@ title: Data Compressed - Powershell id: 6dc5d284-69ea-42cf-9311-fb1c3932a69a status: experimental -description: An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount - of data sent over the network +description: An adversary may compress data (e.g., sensitive documents) that is collected prior to exfiltration in order to make it portable and minimize the amount of data sent over the network author: Timur Zinniatullin, oscd.community date: 2019/10/21 modified: 2019/11/04 @@ -15,7 +14,7 @@ logsource: detection: selection: EventID: 4104 - keywords|contains|all: + keywords|contains|all: - '-Recurse' - '|' - 'Compress-Archive' @@ -26,3 +25,4 @@ level: low tags: - attack.exfiltration - attack.t1002 + - attack.t1560 diff --git a/rules/windows/powershell/powershell_downgrade_attack.yml b/rules/windows/powershell/powershell_downgrade_attack.yml index 8071fcb4..d14ef31a 100644 --- a/rules/windows/powershell/powershell_downgrade_attack.yml +++ b/rules/windows/powershell/powershell_downgrade_attack.yml @@ -8,6 +8,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth (rule), Lee Holmes (idea), Harish Segar (improvements) date: 2017/03/22 modified: 2020/03/20 @@ -24,4 +25,4 @@ detection: falsepositives: - Penetration Test - Unknown -level: medium \ No newline at end of file +level: medium diff --git a/rules/windows/powershell/powershell_exe_calling_ps.yml b/rules/windows/powershell/powershell_exe_calling_ps.yml index 28448cc5..9a921aa8 100644 --- a/rules/windows/powershell/powershell_exe_calling_ps.yml +++ b/rules/windows/powershell/powershell_exe_calling_ps.yml @@ -8,6 +8,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1086 + - attack.t1059.001 author: Sean Metcalf (source), Florian Roth (rule) date: 2017/03/05 logsource: diff --git a/rules/windows/powershell/powershell_malicious_commandlets.yml b/rules/windows/powershell/powershell_malicious_commandlets.yml index 04c495ef..e232d1bf 100644 --- a/rules/windows/powershell/powershell_malicious_commandlets.yml +++ b/rules/windows/powershell/powershell_malicious_commandlets.yml @@ -8,6 +8,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Sean Metcalf (source), Florian Roth (rule) date: 2017/03/05 logsource: diff --git a/rules/windows/powershell/powershell_malicious_keywords.yml b/rules/windows/powershell/powershell_malicious_keywords.yml index 1fb45807..a0131ff6 100644 --- a/rules/windows/powershell/powershell_malicious_keywords.yml +++ b/rules/windows/powershell/powershell_malicious_keywords.yml @@ -8,6 +8,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Sean Metcalf (source), Florian Roth (rule) date: 2017/03/05 logsource: diff --git a/rules/windows/powershell/powershell_nishang_malicious_commandlets.yml b/rules/windows/powershell/powershell_nishang_malicious_commandlets.yml index 26074603..e7d075a5 100644 --- a/rules/windows/powershell/powershell_nishang_malicious_commandlets.yml +++ b/rules/windows/powershell/powershell_nishang_malicious_commandlets.yml @@ -8,6 +8,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Alec Costello logsource: product: windows diff --git a/rules/windows/powershell/powershell_ntfs_ads_access.yml b/rules/windows/powershell/powershell_ntfs_ads_access.yml index e2c531b7..bf4c81ea 100644 --- a/rules/windows/powershell/powershell_ntfs_ads_access.yml +++ b/rules/windows/powershell/powershell_ntfs_ads_access.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1096 + - attack.t1564.004 author: Sami Ruohonen date: 2018/07/24 logsource: diff --git a/rules/windows/powershell/powershell_prompt_credentials.yml b/rules/windows/powershell/powershell_prompt_credentials.yml index 9b810c4b..c4c4d5f2 100644 --- a/rules/windows/powershell/powershell_prompt_credentials.yml +++ b/rules/windows/powershell/powershell_prompt_credentials.yml @@ -9,6 +9,7 @@ tags: - attack.execution - attack.credential_access - attack.t1086 + - attack.t1059.001 author: John Lambert (idea), Florian Roth (rule) date: 2017/04/09 logsource: diff --git a/rules/windows/powershell/powershell_psattack.yml b/rules/windows/powershell/powershell_psattack.yml index c955031d..9ca1ffa5 100644 --- a/rules/windows/powershell/powershell_psattack.yml +++ b/rules/windows/powershell/powershell_psattack.yml @@ -7,6 +7,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Sean Metcalf (source), Florian Roth (rule) date: 2017/03/05 logsource: diff --git a/rules/windows/powershell/powershell_remote_powershell_session.yml b/rules/windows/powershell/powershell_remote_powershell_session.yml index 2da0f0f3..c5b9e3cf 100644 --- a/rules/windows/powershell/powershell_remote_powershell_session.yml +++ b/rules/windows/powershell/powershell_remote_powershell_session.yml @@ -10,11 +10,12 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: powershell detection: - selection: + selection: EventID: - 4103 - 400 diff --git a/rules/windows/powershell/powershell_shellcode_b64.yml b/rules/windows/powershell/powershell_shellcode_b64.yml index f705329d..fabff88a 100644 --- a/rules/windows/powershell/powershell_shellcode_b64.yml +++ b/rules/windows/powershell/powershell_shellcode_b64.yml @@ -9,6 +9,7 @@ tags: - attack.execution - attack.t1055 - attack.t1086 + - attack.t1059 author: David Ledbetter (shellcode), Florian Roth (rule) date: 2018/11/17 logsource: @@ -18,9 +19,9 @@ logsource: detection: selection: EventID: 4104 - keyword1: + keyword1: - '*AAAAYInlM*' - keyword2: + keyword2: - '*OiCAAAAYInlM*' - '*OiJAAAAYInlM*' condition: selection and keyword1 and keyword2 diff --git a/rules/windows/powershell/powershell_suspicious_download.yml b/rules/windows/powershell/powershell_suspicious_download.yml index cc735186..6d8fe1b1 100644 --- a/rules/windows/powershell/powershell_suspicious_download.yml +++ b/rules/windows/powershell/powershell_suspicious_download.yml @@ -5,6 +5,7 @@ description: Detects suspicious PowerShell download command tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth date: 2017/03/05 modified: 2020/03/25 diff --git a/rules/windows/powershell/powershell_suspicious_invocation_generic.yml b/rules/windows/powershell/powershell_suspicious_invocation_generic.yml index 6127e1f7..8f6637cc 100644 --- a/rules/windows/powershell/powershell_suspicious_invocation_generic.yml +++ b/rules/windows/powershell/powershell_suspicious_invocation_generic.yml @@ -5,6 +5,7 @@ description: Detects suspicious PowerShell invocation command parameters tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth (rule) date: 2017/03/12 logsource: diff --git a/rules/windows/powershell/powershell_suspicious_invocation_specific.yml b/rules/windows/powershell/powershell_suspicious_invocation_specific.yml index 41b6f78b..bfdbad36 100644 --- a/rules/windows/powershell/powershell_suspicious_invocation_specific.yml +++ b/rules/windows/powershell/powershell_suspicious_invocation_specific.yml @@ -5,6 +5,7 @@ description: Detects suspicious PowerShell invocation command parameters tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth (rule) date: 2017/03/05 logsource: diff --git a/rules/windows/powershell/powershell_suspicious_keywords.yml b/rules/windows/powershell/powershell_suspicious_keywords.yml index fa90f0eb..0f2b8c49 100644 --- a/rules/windows/powershell/powershell_suspicious_keywords.yml +++ b/rules/windows/powershell/powershell_suspicious_keywords.yml @@ -11,6 +11,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: powershell diff --git a/rules/windows/powershell/powershell_winlogon_helper_dll.yml b/rules/windows/powershell/powershell_winlogon_helper_dll.yml index fd1378f4..bc5c334e 100644 --- a/rules/windows/powershell/powershell_winlogon_helper_dll.yml +++ b/rules/windows/powershell/powershell_winlogon_helper_dll.yml @@ -1,10 +1,7 @@ title: Winlogon Helper DLL id: 851c506b-6b7c-4ce2-8802-c703009d03c0 status: experimental -description: Winlogon.exe is a Windows component responsible for actions at logon/logoff as well as the secure attention sequence (SAS) triggered by Ctrl-Alt-Delete. - Registry entries in HKLM\Software[Wow6432Node]Microsoft\Windows NT\CurrentVersion\Winlogon\ and HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ are - used to manage additional helper programs and functionalities that support Winlogon. Malicious modifications to these Registry keys may cause Winlogon to load - and execute malicious DLLs and/or executables. +description: Winlogon.exe is a Windows component responsible for actions at logon/logoff as well as the secure attention sequence (SAS) triggered by Ctrl-Alt-Delete. Registry entries in HKLM\Software[Wow6432Node]Microsoft\Windows NT\CurrentVersion\Winlogon\ and HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ are used to manage additional helper programs and functionalities that support Winlogon. Malicious modifications to these Registry keys may cause Winlogon to load and execute malicious DLLs and/or executables. author: Timur Zinniatullin, oscd.community date: 2019/10/21 modified: 2019/11/04 @@ -17,10 +14,10 @@ logsource: detection: selection: EventID: 4104 - keyword1: + keyword1: - '*Set-ItemProperty*' - '*New-Item*' - keyword2: + keyword2: - '*CurrentVersion\Winlogon*' condition: selection and ( keyword1 and keyword2 ) falsepositives: @@ -29,3 +26,4 @@ level: medium tags: - attack.persistence - attack.t1004 + - attack.t1547.004 diff --git a/rules/windows/process_creation/win_apt_apt29_thinktanks.yml b/rules/windows/process_creation/win_apt_apt29_thinktanks.yml index fe907c49..d4f12292 100644 --- a/rules/windows/process_creation/win_apt_apt29_thinktanks.yml +++ b/rules/windows/process_creation/win_apt_apt29_thinktanks.yml @@ -7,8 +7,9 @@ tags: - attack.execution - attack.g0016 - attack.t1086 + - attack.t1059.001 author: Florian Roth -date: 2018/12/04 +date: 2018/12/04 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_babyshark.yml b/rules/windows/process_creation/win_apt_babyshark.yml index fe7bc28c..cf40e92f 100644 --- a/rules/windows/process_creation/win_apt_babyshark.yml +++ b/rules/windows/process_creation/win_apt_babyshark.yml @@ -12,6 +12,9 @@ tags: - attack.t1012 - attack.defense_evasion - attack.t1170 + - attack.t1218 + - attack.t1059.003 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml index d3d160ee..d629b491 100644 --- a/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml +++ b/rules/windows/process_creation/win_apt_bear_activity_gtr19.yml @@ -9,6 +9,7 @@ tags: - attack.credential_access - attack.t1081 - attack.t1003 + - attack.t1552.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_bluemashroom.yml b/rules/windows/process_creation/win_apt_bluemashroom.yml index 231f2bb8..ab58aaff 100644 --- a/rules/windows/process_creation/win_apt_bluemashroom.yml +++ b/rules/windows/process_creation/win_apt_bluemashroom.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1117 + - attack.t1218.010 author: Florian Roth date: 2019/10/02 logsource: @@ -14,7 +15,7 @@ logsource: product: windows detection: selection: - CommandLine: + CommandLine: - '*\regsvr32*\AppData\Local\\*' - '*\AppData\Local\\*,DllEntry*' condition: selection diff --git a/rules/windows/process_creation/win_apt_cloudhopper.yml b/rules/windows/process_creation/win_apt_cloudhopper.yml index 3e94043f..51a72fe6 100755 --- a/rules/windows/process_creation/win_apt_cloudhopper.yml +++ b/rules/windows/process_creation/win_apt_cloudhopper.yml @@ -9,6 +9,7 @@ tags: - attack.execution - attack.g0045 - attack.t1064 + - attack.t1059.005 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_equationgroup_dll_u_load.yml b/rules/windows/process_creation/win_apt_equationgroup_dll_u_load.yml index 8cfc979a..2cb176b2 100755 --- a/rules/windows/process_creation/win_apt_equationgroup_dll_u_load.yml +++ b/rules/windows/process_creation/win_apt_equationgroup_dll_u_load.yml @@ -13,6 +13,7 @@ tags: - attack.t1059 - attack.defense_evasion - attack.t1085 + - attack.t1218.011 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_judgement_panda_gtr19.yml b/rules/windows/process_creation/win_apt_judgement_panda_gtr19.yml index a9924f6e..e781f65b 100644 --- a/rules/windows/process_creation/win_apt_judgement_panda_gtr19.yml +++ b/rules/windows/process_creation/win_apt_judgement_panda_gtr19.yml @@ -12,6 +12,7 @@ tags: - attack.t1098 - attack.exfiltration - attack.t1002 + - attack.t1560 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_sofacy.yml b/rules/windows/process_creation/win_apt_sofacy.yml index 15963070..2124e236 100755 --- a/rules/windows/process_creation/win_apt_sofacy.yml +++ b/rules/windows/process_creation/win_apt_sofacy.yml @@ -15,6 +15,7 @@ tags: - attack.defense_evasion - attack.t1085 - car.2013-10-002 + - attack.t1218.011 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_tropictrooper.yml b/rules/windows/process_creation/win_apt_tropictrooper.yml index 69697511..7bf80dfb 100644 --- a/rules/windows/process_creation/win_apt_tropictrooper.yml +++ b/rules/windows/process_creation/win_apt_tropictrooper.yml @@ -9,6 +9,7 @@ references: tags: - attack.execution - attack.t1085 + - attack.t1218.011 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_apt_turla_comrat_may20.yml b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml index c2b7bf87..23bfc182 100644 --- a/rules/windows/process_creation/win_apt_turla_comrat_may20.yml +++ b/rules/windows/process_creation/win_apt_turla_comrat_may20.yml @@ -12,6 +12,7 @@ tags: - attack.t1027 - attack.discovery - attack.t1016 + - attack.t1059.001 author: Florian Roth date: 2020/05/26 logsource: diff --git a/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml b/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml index ed6e7b42..ef29cd98 100644 --- a/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml +++ b/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml @@ -8,6 +8,7 @@ tags: - attack.defense_evasion - attack.t1073 - attack.g0044 + - attack.t1574.002 author: Florian Roth, Markus Neis date: 2020/02/01 logsource: @@ -15,9 +16,9 @@ logsource: product: windows detection: selection1: - ParentImage|contains: - - 'C:\Windows\Temp' - - '\hpqhvind.exe' + ParentImage|contains: + - 'C:\Windows\Temp' + - '\hpqhvind.exe' Image|startswith: 'C:\ProgramData\DRM' selection2: ParentImage|startswith: 'C:\ProgramData\DRM' diff --git a/rules/windows/process_creation/win_apt_zxshell.yml b/rules/windows/process_creation/win_apt_zxshell.yml index af5e6122..47a5b4f7 100755 --- a/rules/windows/process_creation/win_apt_zxshell.yml +++ b/rules/windows/process_creation/win_apt_zxshell.yml @@ -11,6 +11,7 @@ tags: - attack.t1059 - attack.defense_evasion - attack.t1085 + - attack.t1218.011 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_attrib_hiding_files.yml b/rules/windows/process_creation/win_attrib_hiding_files.yml index ec753dcf..048ae435 100644 --- a/rules/windows/process_creation/win_attrib_hiding_files.yml +++ b/rules/windows/process_creation/win_attrib_hiding_files.yml @@ -26,6 +26,7 @@ tags: - attack.defense_evasion - attack.persistence - attack.t1158 + - attack.t1564.001 falsepositives: - igfxCUIService.exe hiding *.cui files via .bat script (attrib.exe a child of cmd.exe and igfxCUIService.exe is the parent of the cmd.exe) - msiexec.exe hiding desktop.ini diff --git a/rules/windows/process_creation/win_change_default_file_association.yml b/rules/windows/process_creation/win_change_default_file_association.yml index c01a933c..db1a6be5 100644 --- a/rules/windows/process_creation/win_change_default_file_association.yml +++ b/rules/windows/process_creation/win_change_default_file_association.yml @@ -1,9 +1,7 @@ title: Change Default File Association id: 3d3aa6cd-6272-44d6-8afc-7e88dfef7061 status: experimental -description: When a file is opened, the default program used to open the file (also called the file association or handler) is checked. File association selections - are stored in the Windows Registry and can be edited by users, administrators, or programs that have Registry access or by administrators using the built-in assoc - utility. Applications can modify the file association for a given file extension to call an arbitrary program when a file with the given extension is opened. +description: When a file is opened, the default program used to open the file (also called the file association or handler) is checked. File association selections are stored in the Windows Registry and can be edited by users, administrators, or programs that have Registry access or by administrators using the built-in assoc utility. Applications can modify the file association for a given file extension to call an arbitrary program when a file with the given extension is opened. author: Timur Zinniatullin, oscd.community date: 2019/10/21 modified: 2019/11/04 @@ -15,9 +13,9 @@ logsource: detection: selection: CommandLine|contains|all: - - 'cmd' - - '/c' - - 'assoc' + - 'cmd' + - '/c' + - 'assoc' condition: selection falsepositives: - Admin activity @@ -33,3 +31,4 @@ level: low tags: - attack.persistence - attack.t1042 + - attack.t1546.001 diff --git a/rules/windows/process_creation/win_cmdkey_recon.yml b/rules/windows/process_creation/win_cmdkey_recon.yml index 9a880199..86b9126f 100644 --- a/rules/windows/process_creation/win_cmdkey_recon.yml +++ b/rules/windows/process_creation/win_cmdkey_recon.yml @@ -10,6 +10,7 @@ date: 2019/01/16 tags: - attack.credential_access - attack.t1003 + - attack.t1003.005 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_cmstp_com_object_access.yml b/rules/windows/process_creation/win_cmstp_com_object_access.yml index 67f9fe09..ffa1d6f5 100644 --- a/rules/windows/process_creation/win_cmstp_com_object_access.yml +++ b/rules/windows/process_creation/win_cmstp_com_object_access.yml @@ -10,6 +10,8 @@ tags: - attack.t1191 - attack.g0069 - car.2019-04-001 + - attack.t1548.002 + - attack.t1218 author: Nik Seetharaman modified: 2019/07/31 date: 2019/01/16 diff --git a/rules/windows/process_creation/win_control_panel_item.yml b/rules/windows/process_creation/win_control_panel_item.yml index ead8d17a..f1b50d7e 100644 --- a/rules/windows/process_creation/win_control_panel_item.yml +++ b/rules/windows/process_creation/win_control_panel_item.yml @@ -8,6 +8,7 @@ tags: - attack.execution - attack.t1196 - attack.defense_evasion + - attack.t1218 author: Kyaw Min Thein date: 2019/08/27 level: critical diff --git a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml index f7b43d2d..50f341af 100644 --- a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml +++ b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml @@ -13,13 +13,15 @@ tags: - attack.credential_access - attack.t1003 - car.2013-07-001 + - attack.t1003.002 + - attack.t1003.003 logsource: category: process_creation product: windows detection: selection: - Image|endswith: '\esentutl.exe' - CommandLine|contains: + CommandLine|contains: - 'vss' - ' /m ' - ' /y ' diff --git a/rules/windows/process_creation/win_crime_fireball.yml b/rules/windows/process_creation/win_crime_fireball.yml index 8c714f37..3fca4131 100755 --- a/rules/windows/process_creation/win_crime_fireball.yml +++ b/rules/windows/process_creation/win_crime_fireball.yml @@ -12,6 +12,7 @@ tags: - attack.t1059 - attack.defense_evasion - attack.t1085 + - attack.t1218.011 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_data_compressed_with_rar.yml b/rules/windows/process_creation/win_data_compressed_with_rar.yml index b499999d..b7ed701e 100644 --- a/rules/windows/process_creation/win_data_compressed_with_rar.yml +++ b/rules/windows/process_creation/win_data_compressed_with_rar.yml @@ -29,4 +29,5 @@ falsepositives: level: low tags: - attack.exfiltration - - attack.t1002 \ No newline at end of file + - attack.t1002 + - attack.t1560 diff --git a/rules/windows/process_creation/win_encoded_frombase64string.yml b/rules/windows/process_creation/win_encoded_frombase64string.yml index 9a480ec0..92087ad2 100644 --- a/rules/windows/process_creation/win_encoded_frombase64string.yml +++ b/rules/windows/process_creation/win_encoded_frombase64string.yml @@ -9,6 +9,7 @@ tags: - attack.t1140 - attack.execution - attack.defense_evasion + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_encoded_iex.yml b/rules/windows/process_creation/win_encoded_iex.yml index 61bff8ab..e3740b9b 100644 --- a/rules/windows/process_creation/win_encoded_iex.yml +++ b/rules/windows/process_creation/win_encoded_iex.yml @@ -8,16 +8,17 @@ tags: - attack.t1086 - attack.t1140 - attack.execution + - attack.t1059.003 logsource: category: process_creation product: windows detection: selection: - CommandLine|base64offset|contains: - - 'IEX ([' - - 'iex ([' - - 'iex (New' - - 'IEX (New' + CommandLine|base64offset|contains: + - 'IEX ([' + - 'iex ([' + - 'iex (New' + - 'IEX (New' condition: selection fields: - CommandLine diff --git a/rules/windows/process_creation/win_etw_trace_evasion.yml b/rules/windows/process_creation/win_etw_trace_evasion.yml index 1a04a8dd..6b6e182f 100644 --- a/rules/windows/process_creation/win_etw_trace_evasion.yml +++ b/rules/windows/process_creation/win_etw_trace_evasion.yml @@ -10,8 +10,9 @@ author: '@neu5ron, Florian Roth' date: 2019/03/22 tags: - attack.execution - - attack.t1070 - - car.2016-04-002 + - attack.t1070 + - car.2016-04-002 + - attack.t1551 level: high logsource: category: process_creation diff --git a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml index a8377a19..c7a4b601 100644 --- a/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml +++ b/rules/windows/process_creation/win_grabbing_sensitive_hives_via_reg.yml @@ -11,17 +11,18 @@ tags: - attack.credential_access - attack.t1003 - car.2013-07-001 + - attack.t1003.002 logsource: category: process_creation product: windows detection: selection_1: Image: '*\reg.exe' - CommandLine|contains: + CommandLine|contains: - 'save' - 'export' selection_2: - CommandLine|contains: + CommandLine|contains: - 'hklm' - 'hkey_local_machine' selection_3: diff --git a/rules/windows/process_creation/win_hack_koadic.yml b/rules/windows/process_creation/win_hack_koadic.yml index 9e8b46fa..a012eb57 100644 --- a/rules/windows/process_creation/win_hack_koadic.yml +++ b/rules/windows/process_creation/win_hack_koadic.yml @@ -1,7 +1,7 @@ title: Koadic Execution id: 5cddf373-ef00-4112-ad72-960ac29bac34 status: experimental -description: Detects command line parameters used by Koadic hack tool +description: Detects command line parameters used by Koadic hack tool references: - https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/ - https://github.com/zerosum0x0/koadic/blob/master/data/stager/js/stdlib.js#L955 @@ -9,6 +9,7 @@ references: tags: - attack.execution - attack.t1170 + - attack.t1218.005 date: 2020/01/12 author: wagga logsource: diff --git a/rules/windows/process_creation/win_hack_rubeus.yml b/rules/windows/process_creation/win_hack_rubeus.yml index 9c63c07d..df77011c 100644 --- a/rules/windows/process_creation/win_hack_rubeus.yml +++ b/rules/windows/process_creation/win_hack_rubeus.yml @@ -9,6 +9,8 @@ tags: - attack.credential_access - attack.t1003 - attack.s0005 + - attack.t1558 + - attack.t1558.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_hh_chm.yml b/rules/windows/process_creation/win_hh_chm.yml index bbc69068..82d1791d 100644 --- a/rules/windows/process_creation/win_hh_chm.yml +++ b/rules/windows/process_creation/win_hh_chm.yml @@ -12,6 +12,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1223 + - attack.t1218.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_html_help_spawn.yml b/rules/windows/process_creation/win_html_help_spawn.yml index ed18c5c0..ce841312 100644 --- a/rules/windows/process_creation/win_html_help_spawn.yml +++ b/rules/windows/process_creation/win_html_help_spawn.yml @@ -11,6 +11,7 @@ tags: - attack.execution - attack.defense_evasion - attack.t1223 + - attack.t1218.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_hwp_exploits.yml b/rules/windows/process_creation/win_hwp_exploits.yml index d9002353..24a96f3e 100644 --- a/rules/windows/process_creation/win_hwp_exploits.yml +++ b/rules/windows/process_creation/win_hwp_exploits.yml @@ -16,6 +16,7 @@ tags: - attack.t1202 - attack.t1193 - attack.g0032 + - attack.t1566.001 author: Florian Roth date: 2019/10/24 logsource: diff --git a/rules/windows/process_creation/win_impacket_lateralization.yml b/rules/windows/process_creation/win_impacket_lateralization.yml index 52149935..c56855d6 100644 --- a/rules/windows/process_creation/win_impacket_lateralization.yml +++ b/rules/windows/process_creation/win_impacket_lateralization.yml @@ -53,6 +53,7 @@ tags: - attack.lateral_movement - attack.t1047 - attack.t1175 + - attack.t1021 falsepositives: - pentesters level: critical diff --git a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml index e04fb312..34f7d609 100644 --- a/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml +++ b/rules/windows/process_creation/win_install_reg_debugger_backdoor.yml @@ -8,6 +8,7 @@ tags: - attack.persistence - attack.privilege_escalation - attack.t1015 + - attack.t1546.008 author: Florian Roth date: 2019/09/06 logsource: @@ -27,4 +28,4 @@ detection: falsepositives: - Penetration Tests level: high - + diff --git a/rules/windows/process_creation/win_interactive_at.yml b/rules/windows/process_creation/win_interactive_at.yml index 3c7e0009..b28ba32e 100644 --- a/rules/windows/process_creation/win_interactive_at.yml +++ b/rules/windows/process_creation/win_interactive_at.yml @@ -11,6 +11,7 @@ modified: 2019/11/11 tags: - attack.privilege_escalation - attack.t1053 + - attack.t1053.002 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_lethalhta.yml b/rules/windows/process_creation/win_lethalhta.yml index 80496bc9..331c64c0 100644 --- a/rules/windows/process_creation/win_lethalhta.yml +++ b/rules/windows/process_creation/win_lethalhta.yml @@ -8,6 +8,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1170 + - attack.t1218.005 author: Markus Neis date: 2018/06/07 logsource: diff --git a/rules/windows/process_creation/win_lsass_dump.yml b/rules/windows/process_creation/win_lsass_dump.yml index 7514fe9c..de0ee64e 100644 --- a/rules/windows/process_creation/win_lsass_dump.yml +++ b/rules/windows/process_creation/win_lsass_dump.yml @@ -1,7 +1,6 @@ title: LSASS Memory Dumping id: ffa6861c-4461-4f59-8a41-578c39f3f23e -description: Detect creation of dump files containing the memory space of lsass.exe, which contains sensitive credentials. Identifies usage of Sysinternals procdump.exe - to export the memory space of lsass.exe which contains sensitive credentials. +description: Detect creation of dump files containing the memory space of lsass.exe, which contains sensitive credentials. Identifies usage of Sysinternals procdump.exe to export the memory space of lsass.exe which contains sensitive credentials. status: experimental author: E.M. Anhaus (orignally from Atomic Blue Detections, Tony Lambert), oscd.community date: 2019/10/24 @@ -13,6 +12,7 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_malware_notpetya.yml b/rules/windows/process_creation/win_malware_notpetya.yml index d294395c..10ecc8a7 100644 --- a/rules/windows/process_creation/win_malware_notpetya.yml +++ b/rules/windows/process_creation/win_malware_notpetya.yml @@ -1,8 +1,7 @@ title: NotPetya Ransomware Activity id: 79aeeb41-8156-4fac-a0cd-076495ab82a1 status: experimental -description: Detects NotPetya ransomware activity in which the extracted passwords are passed back to the main module via named pipe, the file system journal of drive - C is deleted and windows eventlogs are cleared using wevtutil +description: Detects NotPetya ransomware activity in which the extracted passwords are passed back to the main module via named pipe, the file system journal of drive C is deleted and windows eventlogs are cleared using wevtutil author: Florian Roth, Tom Ueltschi date: 2019/01/16 references: @@ -16,6 +15,8 @@ tags: - attack.t1070 - attack.t1003 - car.2016-04-002 + - attack.t1218.011 + - attack.t1551 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_malware_script_dropper.yml b/rules/windows/process_creation/win_malware_script_dropper.yml index 251a3a0a..0dda1360 100644 --- a/rules/windows/process_creation/win_malware_script_dropper.yml +++ b/rules/windows/process_creation/win_malware_script_dropper.yml @@ -8,6 +8,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1064 + - attack.t1059.005 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_mimikatz_command_line.yml b/rules/windows/process_creation/win_mimikatz_command_line.yml index 11b6aa84..90ab5245 100644 --- a/rules/windows/process_creation/win_mimikatz_command_line.yml +++ b/rules/windows/process_creation/win_mimikatz_command_line.yml @@ -8,6 +8,10 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.001 + - attack.t1003.006 logsource: category: process_creation product: windows @@ -30,8 +34,7 @@ detection: selection_3: CommandLine|contains: - '::' - condition: selection_1 or - selection_2 and selection_3 + condition: selection_1 or selection_2 and selection_3 falsepositives: - Legitimate Administrator using tool for password recovery level: medium diff --git a/rules/windows/process_creation/win_mmc_spawn_shell.yml b/rules/windows/process_creation/win_mmc_spawn_shell.yml index bf207beb..dc0dfb5a 100644 --- a/rules/windows/process_creation/win_mmc_spawn_shell.yml +++ b/rules/windows/process_creation/win_mmc_spawn_shell.yml @@ -7,6 +7,10 @@ date: 2019/08/05 tags: - attack.lateral_movement - attack.t1175 + - attack.t1059.004 + - attack.t1059.005 + - attack.t1059.003 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_mshta_javascript.yml b/rules/windows/process_creation/win_mshta_javascript.yml index a52c88d1..62b7d608 100644 --- a/rules/windows/process_creation/win_mshta_javascript.yml +++ b/rules/windows/process_creation/win_mshta_javascript.yml @@ -12,6 +12,7 @@ tags: - attack.execution - attack.defense_evasion - attack.t1170 + - attack.t1218.005 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_mshta_spawn_shell.yml b/rules/windows/process_creation/win_mshta_spawn_shell.yml index 3909f721..f6900f53 100644 --- a/rules/windows/process_creation/win_mshta_spawn_shell.yml +++ b/rules/windows/process_creation/win_mshta_spawn_shell.yml @@ -33,6 +33,7 @@ tags: - car.2013-02-003 - car.2013-03-001 - car.2014-04-003 + - attack.t1218 falsepositives: - Printer software / driver installations - HP software diff --git a/rules/windows/process_creation/win_netsh_allow_port_rdp.yml b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml index f2fc0607..def36dc7 100644 --- a/rules/windows/process_creation/win_netsh_allow_port_rdp.yml +++ b/rules/windows/process_creation/win_netsh_allow_port_rdp.yml @@ -1,5 +1,5 @@ title: Netsh RDP Port Opening -id: 01aeb693-138d-49d2-9403-c4f52d7d3d62 +id: 01aeb693-138d-49d2-9403-c4f52d7d3d62 description: Detects netsh commands that opens the port 3389 used for RDP, used in Sarwent Malware references: - https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/ @@ -7,6 +7,7 @@ date: 2020/05/23 tags: - attack.command_and_control - attack.t1076 + - attack.t1021.001 status: experimental author: Sander Wiebing logsource: diff --git a/rules/windows/process_creation/win_new_service_creation.yml b/rules/windows/process_creation/win_new_service_creation.yml index 67d6ae36..e8a3c4bb 100644 --- a/rules/windows/process_creation/win_new_service_creation.yml +++ b/rules/windows/process_creation/win_new_service_creation.yml @@ -9,6 +9,7 @@ tags: - attack.persistence - attack.privilege_escalation - attack.t1050 + - attack.t1543.003 references: - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1050/T1050.yaml logsource: @@ -16,11 +17,11 @@ logsource: product: windows detection: selection: - - Image|endswith: '\sc.exe' + - Image|endswith: '\sc.exe' CommandLine|contains|all: - 'create' - 'binpath' - - Image|endswith: '\powershell.exe' + - Image|endswith: '\powershell.exe' CommandLine|contains: 'new-service' condition: selection falsepositives: diff --git a/rules/windows/process_creation/win_non_interactive_powershell.yml b/rules/windows/process_creation/win_non_interactive_powershell.yml index 0333dde0..7855ea3a 100644 --- a/rules/windows/process_creation/win_non_interactive_powershell.yml +++ b/rules/windows/process_creation/win_non_interactive_powershell.yml @@ -10,11 +10,12 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows detection: - selection: + selection: Image|endswith: '\powershell.exe' filter: ParentImage|endswith: '\explorer.exe' diff --git a/rules/windows/process_creation/win_office_shell.yml b/rules/windows/process_creation/win_office_shell.yml index aa29383e..537def03 100644 --- a/rules/windows/process_creation/win_office_shell.yml +++ b/rules/windows/process_creation/win_office_shell.yml @@ -12,6 +12,7 @@ tags: - attack.t1202 - car.2013-02-003 - car.2014-04-003 + - attack.t1059.003 author: Michael Haag, Florian Roth, Markus Neis date: 2018/04/06 logsource: diff --git a/rules/windows/process_creation/win_plugx_susp_exe_locations.yml b/rules/windows/process_creation/win_plugx_susp_exe_locations.yml index 5d8a8035..64c87d03 100644 --- a/rules/windows/process_creation/win_plugx_susp_exe_locations.yml +++ b/rules/windows/process_creation/win_plugx_susp_exe_locations.yml @@ -11,6 +11,7 @@ tags: - attack.s0013 - attack.defense_evasion - attack.t1073 + - attack.t1574.002 logsource: category: process_creation product: windows @@ -84,10 +85,7 @@ detection: - '*\Windows Kit*' - '*\Windows Resource Kit\\*' - '*\Microsoft.NET\\*' - condition: ( selection_cammute and not filter_cammute ) or ( selection_chrome_frame and not filter_chrome_frame ) or ( selection_devemu and not filter_devemu ) - or ( selection_gadget and not filter_gadget ) or ( selection_hcc and not filter_hcc ) or ( selection_hkcmd and not filter_hkcmd ) or ( selection_mc and not filter_mc - ) or ( selection_msmpeng and not filter_msmpeng ) or ( selection_msseces and not filter_msseces ) or ( selection_oinfo and not filter_oinfo ) or ( selection_oleview - and not filter_oleview ) or ( selection_rc and not filter_rc ) + condition: ( selection_cammute and not filter_cammute ) or ( selection_chrome_frame and not filter_chrome_frame ) or ( selection_devemu and not filter_devemu ) or ( selection_gadget and not filter_gadget ) or ( selection_hcc and not filter_hcc ) or ( selection_hkcmd and not filter_hkcmd ) or ( selection_mc and not filter_mc ) or ( selection_msmpeng and not filter_msmpeng ) or ( selection_msseces and not filter_msseces ) or ( selection_oinfo and not filter_oinfo ) or ( selection_oleview and not filter_oleview ) or ( selection_rc and not filter_rc ) fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/process_creation/win_possible_applocker_bypass.yml b/rules/windows/process_creation/win_possible_applocker_bypass.yml index 65b988f8..b0b0853a 100644 --- a/rules/windows/process_creation/win_possible_applocker_bypass.yml +++ b/rules/windows/process_creation/win_possible_applocker_bypass.yml @@ -13,6 +13,7 @@ tags: - attack.t1121 - attack.t1127 - attack.t1170 + - attack.t1218 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_powershell_amsi_bypass.yml b/rules/windows/process_creation/win_powershell_amsi_bypass.yml index 0211555b..335aadc3 100644 --- a/rules/windows/process_creation/win_powershell_amsi_bypass.yml +++ b/rules/windows/process_creation/win_powershell_amsi_bypass.yml @@ -9,6 +9,7 @@ tags: - attack.execution - attack.defense_evasion - attack.t1086 + - attack.t1059.001 author: Markus Neis date: 2018/08/17 logsource: diff --git a/rules/windows/process_creation/win_powershell_dll_execution.yml b/rules/windows/process_creation/win_powershell_dll_execution.yml index 4cb036d6..1e8ff007 100644 --- a/rules/windows/process_creation/win_powershell_dll_execution.yml +++ b/rules/windows/process_creation/win_powershell_dll_execution.yml @@ -8,6 +8,7 @@ tags: - attack.execution - attack.t1086 - car.2014-04-003 + - attack.t1059.001 author: Markus Neis date: 2018/08/25 logsource: diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index d9781724..3d6c063f 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -1,7 +1,7 @@ title: PowerShell Downgrade Attack id: b3512211-c67e-4707-bedc-66efc7848863 related: - - id: 6331d09b-4785-4c13-980f-f96661356249 + - id: 6331d09b-4785-4c13-980f-f96661356249 type: derived status: experimental description: Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0 @@ -11,6 +11,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1086 + - attack.t1059.001 author: Harish Segar (rule) date: 2020/03/20 falsepositives: @@ -22,12 +23,12 @@ logsource: product: windows detection: selection: - CommandLine|contains: + CommandLine|contains: - ' -version 2 ' - ' -versio 2 ' - ' -versi 2 ' - ' -vers 2 ' - ' -ver 2 ' - - ' -ve 2 ' + - ' -ve 2 ' Image|endswith: '\powershell.exe' condition: selection diff --git a/rules/windows/process_creation/win_powershell_download.yml b/rules/windows/process_creation/win_powershell_download.yml index 83b93e13..813a45bf 100644 --- a/rules/windows/process_creation/win_powershell_download.yml +++ b/rules/windows/process_creation/win_powershell_download.yml @@ -7,6 +7,7 @@ date: 2019/01/16 tags: - attack.t1086 - attack.execution + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml b/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml index 41a0f1cd..14100059 100644 --- a/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml +++ b/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml @@ -7,6 +7,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth (rule), Daniel Bohannon (idea), Roberto Rodriguez (Fix) date: 2019/01/16 logsource: diff --git a/rules/windows/process_creation/win_powershell_xor_commandline.yml b/rules/windows/process_creation/win_powershell_xor_commandline.yml index c7d39c95..150a13e7 100644 --- a/rules/windows/process_creation/win_powershell_xor_commandline.yml +++ b/rules/windows/process_creation/win_powershell_xor_commandline.yml @@ -7,6 +7,7 @@ date: 2018/09/05 tags: - attack.execution - attack.t1086 + - attack.t1059.001 detection: selection: CommandLine: diff --git a/rules/windows/process_creation/win_powersploit_empire_schtasks.yml b/rules/windows/process_creation/win_powersploit_empire_schtasks.yml index e6f689ca..a3094b5b 100644 --- a/rules/windows/process_creation/win_powersploit_empire_schtasks.yml +++ b/rules/windows/process_creation/win_powersploit_empire_schtasks.yml @@ -31,6 +31,8 @@ tags: - attack.g0022 - attack.g0060 - car.2013-08-001 + - attack.t1053.005 + - attack.t1059.001 falsepositives: - False positives are possible, depends on organisation and processes level: high diff --git a/rules/windows/process_creation/win_process_dump_rundll32_comsvcs.yml b/rules/windows/process_creation/win_process_dump_rundll32_comsvcs.yml index 88e15976..5d85fbdf 100644 --- a/rules/windows/process_creation/win_process_dump_rundll32_comsvcs.yml +++ b/rules/windows/process_creation/win_process_dump_rundll32_comsvcs.yml @@ -12,6 +12,7 @@ tags: - attack.credential_access - attack.t1003 - car.2013-05-009 + - attack.t1003.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_psexesvc_start.yml b/rules/windows/process_creation/win_psexesvc_start.yml index 5c77a450..a2c3dbf1 100644 --- a/rules/windows/process_creation/win_psexesvc_start.yml +++ b/rules/windows/process_creation/win_psexesvc_start.yml @@ -8,12 +8,13 @@ tags: - attack.execution - attack.t1035 - attack.s0029 + - attack.t1569.002 logsource: category: process_creation product: windows detection: selection: - CommandLine: C:\Windows\PSEXESVC.exe + CommandLine: C:\Windows\PSEXESVC.exe condition: selection falsepositives: - Administrative activity diff --git a/rules/windows/process_creation/win_remote_powershell_session_process.yml b/rules/windows/process_creation/win_remote_powershell_session_process.yml index cdd0ce0d..5509721e 100644 --- a/rules/windows/process_creation/win_remote_powershell_session_process.yml +++ b/rules/windows/process_creation/win_remote_powershell_session_process.yml @@ -10,6 +10,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_run_powershell_script_from_ads.yml b/rules/windows/process_creation/win_run_powershell_script_from_ads.yml index b4a03177..eaa76e6c 100644 --- a/rules/windows/process_creation/win_run_powershell_script_from_ads.yml +++ b/rules/windows/process_creation/win_run_powershell_script_from_ads.yml @@ -9,6 +9,7 @@ date: 2019/10/30 tags: - attack.defense_evasion - attack.t1096 + - attack.t1564.004 logsource: category: process_creation product: windows @@ -16,9 +17,9 @@ detection: selection: ParentImage|endswith: '\powershell.exe' Image|endswith: '\powershell.exe' - CommandLine|contains|all: - - 'Get-Content' - - '-Stream' + CommandLine|contains|all: + - 'Get-Content' + - '-Stream' condition: selection falsepositives: - Unknown diff --git a/rules/windows/process_creation/win_sdbinst_shim_persistence.yml b/rules/windows/process_creation/win_sdbinst_shim_persistence.yml index 1509516e..b98a0c86 100644 --- a/rules/windows/process_creation/win_sdbinst_shim_persistence.yml +++ b/rules/windows/process_creation/win_sdbinst_shim_persistence.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1138 + - attack.t1546.011 author: Markus Neis date: 2019/01/16 logsource: diff --git a/rules/windows/process_creation/win_service_execution.yml b/rules/windows/process_creation/win_service_execution.yml index 865e7a22..72b3903f 100644 --- a/rules/windows/process_creation/win_service_execution.yml +++ b/rules/windows/process_creation/win_service_execution.yml @@ -12,7 +12,7 @@ logsource: product: windows detection: selection: - Image|endswith: + Image|endswith: - '\net.exe' - '\net1.exe' CommandLine|contains: ' start ' # space character after the 'start' keyword indicates that a service name follows, in contrast to `net start` discovery expression @@ -23,3 +23,4 @@ level: low tags: - attack.execution - attack.t1035 + - attack.t1569.002 diff --git a/rules/windows/process_creation/win_shadow_copies_access_symlink.yml b/rules/windows/process_creation/win_shadow_copies_access_symlink.yml index 17c6d56d..45149619 100644 --- a/rules/windows/process_creation/win_shadow_copies_access_symlink.yml +++ b/rules/windows/process_creation/win_shadow_copies_access_symlink.yml @@ -8,14 +8,16 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.003 logsource: category: process_creation product: windows detection: selection: - CommandLine|contains|all: - - mklink - - HarddiskVolumeShadowCopy + CommandLine|contains|all: + - mklink + - HarddiskVolumeShadowCopy condition: selection falsepositives: - Legitimate administrator working with shadow copies, access for backup purposes diff --git a/rules/windows/process_creation/win_shadow_copies_creation.yml b/rules/windows/process_creation/win_shadow_copies_creation.yml index 828c54a5..578c1ba1 100644 --- a/rules/windows/process_creation/win_shadow_copies_creation.yml +++ b/rules/windows/process_creation/win_shadow_copies_creation.yml @@ -9,6 +9,8 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_shadow_copies_deletion.yml b/rules/windows/process_creation/win_shadow_copies_deletion.yml index 43bdfd90..d017b359 100644 --- a/rules/windows/process_creation/win_shadow_copies_deletion.yml +++ b/rules/windows/process_creation/win_shadow_copies_deletion.yml @@ -15,6 +15,7 @@ tags: - attack.impact - attack.t1070 - attack.t1490 + - attack.t1551 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_shell_spawn_susp_program.yml b/rules/windows/process_creation/win_shell_spawn_susp_program.yml index 1a77be48..17968c3b 100644 --- a/rules/windows/process_creation/win_shell_spawn_susp_program.yml +++ b/rules/windows/process_creation/win_shell_spawn_susp_program.yml @@ -11,6 +11,8 @@ tags: - attack.execution - attack.defense_evasion - attack.t1064 + - attack.t1059.005 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_spn_enum.yml b/rules/windows/process_creation/win_spn_enum.yml index 21638ae3..7bc87568 100644 --- a/rules/windows/process_creation/win_spn_enum.yml +++ b/rules/windows/process_creation/win_spn_enum.yml @@ -9,6 +9,7 @@ date: 2018/11/14 tags: - attack.credential_access - attack.t1208 + - attack.t1558.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_bcdedit.yml b/rules/windows/process_creation/win_susp_bcdedit.yml index 47b52713..7b74bef4 100644 --- a/rules/windows/process_creation/win_susp_bcdedit.yml +++ b/rules/windows/process_creation/win_susp_bcdedit.yml @@ -11,6 +11,8 @@ tags: - attack.t1070 - attack.persistence - attack.t1067 + - attack.t1551 + - attack.t1542.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_cmd_http_appdata.yml b/rules/windows/process_creation/win_susp_cmd_http_appdata.yml index 92445f87..64efc023 100644 --- a/rules/windows/process_creation/win_susp_cmd_http_appdata.yml +++ b/rules/windows/process_creation/win_susp_cmd_http_appdata.yml @@ -1,8 +1,7 @@ title: Command Line Execution with Suspicious URL and AppData Strings id: 1ac8666b-046f-4201-8aba-1951aaec03a3 status: experimental -description: Detects a suspicious command line execution that includes an URL and AppData string in the command line parameters as used by several droppers (js/vbs - > powershell) +description: Detects a suspicious command line execution that includes an URL and AppData string in the command line parameters as used by several droppers (js/vbs > powershell) references: - https://www.hybrid-analysis.com/sample/3a1f01206684410dbe8f1900bbeaaa543adfcd07368ba646b499fa5274b9edf6?environmentId=100 - https://www.hybrid-analysis.com/sample/f16c729aad5c74f19784a24257236a8bbe27f7cdc4a89806031ec7f1bebbd475?environmentId=100 @@ -11,6 +10,8 @@ date: 2019/01/16 tags: - attack.execution - attack.t1059 + - attack.t1059.005 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_compression_params.yml b/rules/windows/process_creation/win_susp_compression_params.yml index e3e5c980..cb5a3cc9 100644 --- a/rules/windows/process_creation/win_susp_compression_params.yml +++ b/rules/windows/process_creation/win_susp_compression_params.yml @@ -8,6 +8,7 @@ tags: - attack.exfiltration - attack.t1020 - attack.t1002 + - attack.t1560 author: Florian Roth, Samir Bousseaden date: 2019/10/15 logsource: diff --git a/rules/windows/process_creation/win_susp_comsvcs_procdump.yml b/rules/windows/process_creation/win_susp_comsvcs_procdump.yml index bcab5a8e..be58a43a 100644 --- a/rules/windows/process_creation/win_susp_comsvcs_procdump.yml +++ b/rules/windows/process_creation/win_susp_comsvcs_procdump.yml @@ -26,6 +26,7 @@ fields: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 falsepositives: - unknown level: medium diff --git a/rules/windows/process_creation/win_susp_control_dll_load.yml b/rules/windows/process_creation/win_susp_control_dll_load.yml index 00eaf7a6..cc049031 100644 --- a/rules/windows/process_creation/win_susp_control_dll_load.yml +++ b/rules/windows/process_creation/win_susp_control_dll_load.yml @@ -11,6 +11,8 @@ tags: - attack.t1073 - attack.t1085 - car.2013-10-002 + - attack.t1218 + - attack.t1574.002 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_copy_lateral_movement.yml b/rules/windows/process_creation/win_susp_copy_lateral_movement.yml index 6d56fec2..10b56613 100644 --- a/rules/windows/process_creation/win_susp_copy_lateral_movement.yml +++ b/rules/windows/process_creation/win_susp_copy_lateral_movement.yml @@ -2,22 +2,23 @@ title: Copy from Admin Share id: 855bc8b5-2ae8-402e-a9ed-b889e6df1900 status: experimental description: Detects a suspicious copy command from a remote C$ or ADMIN$ share -references: - - https://twitter.com/SBousseaden/status/1211636381086339073 +references: + - https://twitter.com/SBousseaden/status/1211636381086339073 author: Florian Roth date: 2019/12/30 tags: - attack.lateral_movement - attack.t1077 - attack.t1105 + - attack.t1021 logsource: category: process_creation product: windows detection: selection: - CommandLine|contains: - - 'copy *\c$' - - 'copy *\ADMIN$' + CommandLine|contains: + - 'copy *\c$' + - 'copy *\ADMIN$' condition: selection fields: - CommandLine diff --git a/rules/windows/process_creation/win_susp_crackmapexec_execution.yml b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml index ed8904ba..98071a31 100644 --- a/rules/windows/process_creation/win_susp_crackmapexec_execution.yml +++ b/rules/windows/process_creation/win_susp_crackmapexec_execution.yml @@ -9,6 +9,8 @@ tags: - attack.t1047 - attack.t1053 - attack.t1086 + - attack.t1059.003 + - attack.t1059.001 author: Thomas Patzke date: 2020/05/22 logsource: diff --git a/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml index 0d943703..20bb2c13 100644 --- a/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml +++ b/rules/windows/process_creation/win_susp_crackmapexec_powershell_obfuscation.yml @@ -10,6 +10,7 @@ tags: - attack.t1086 - attack.defense_evasion - attack.t1027 + - attack.t1059.001 author: Thomas Patzke date: 2020/05/22 logsource: diff --git a/rules/windows/process_creation/win_susp_csc_folder.yml b/rules/windows/process_creation/win_susp_csc_folder.yml index fb2a5fdf..9752e5ff 100644 --- a/rules/windows/process_creation/win_susp_csc_folder.yml +++ b/rules/windows/process_creation/win_susp_csc_folder.yml @@ -13,17 +13,18 @@ modified: 2019/12/17 tags: - attack.defense_evasion - attack.t1500 + - attack.t1027 logsource: category: process_creation product: windows detection: selection: Image: '*\csc.exe' - CommandLine: + CommandLine: - '*\AppData\\*' - '*\Windows\Temp\\*' filter: - ParentImage: + ParentImage: - 'C:\Program Files*' # https://twitter.com/gN3mes1s/status/1206874118282448897 - '*\sdiagnhost.exe' # https://twitter.com/gN3mes1s/status/1206874118282448897 - '*\w3wp.exe' # https://twitter.com/gabriele_pippi/status/1206907900268072962 diff --git a/rules/windows/process_creation/win_susp_direct_asep_reg_keys_modification.yml b/rules/windows/process_creation/win_susp_direct_asep_reg_keys_modification.yml index 3a6bf756..490884fe 100644 --- a/rules/windows/process_creation/win_susp_direct_asep_reg_keys_modification.yml +++ b/rules/windows/process_creation/win_susp_direct_asep_reg_keys_modification.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1060 + - attack.t1547.001 date: 2019/10/25 modified: 2019/11/10 author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community diff --git a/rules/windows/process_creation/win_susp_double_extension.yml b/rules/windows/process_creation/win_susp_double_extension.yml index 95a5a0e3..8b6ca56a 100644 --- a/rules/windows/process_creation/win_susp_double_extension.yml +++ b/rules/windows/process_creation/win_susp_double_extension.yml @@ -1,7 +1,6 @@ title: Suspicious Double Extension id: 1cdd9a09-06c9-4769-99ff-626e2b3991b8 -description: Detects suspicious use of an .exe extension after a non-executable file extension like .pdf.exe, a set of spaces or underlines to cloak the executable - file in spear phishing campaigns +description: Detects suspicious use of an .exe extension after a non-executable file extension like .pdf.exe, a set of spaces or underlines to cloak the executable file in spear phishing campaigns references: - https://blu3-team.blogspot.com/2019/06/misleading-extensions-xlsexe-docexe.html - https://twitter.com/blackorbird/status/1140519090961825792 @@ -10,12 +9,13 @@ date: 2019/06/26 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: category: process_creation product: windows detection: selection: - Image: + Image: - '*.doc.exe' - '*.docx.exe' - '*.xls.exe' @@ -28,6 +28,6 @@ detection: - '* .exe' - '*______.exe' condition: selection -falsepositives: +falsepositives: - Unknown level: critical diff --git a/rules/windows/process_creation/win_susp_eventlog_clear.yml b/rules/windows/process_creation/win_susp_eventlog_clear.yml index 8100a2e4..b0e27546 100644 --- a/rules/windows/process_creation/win_susp_eventlog_clear.yml +++ b/rules/windows/process_creation/win_susp_eventlog_clear.yml @@ -11,6 +11,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 + - attack.t1551 level: high logsource: category: process_creation @@ -19,14 +20,14 @@ detection: selection_wevtutil_binary: Image|endswith: '\wevtutil.exe' selection_wevtutil_command: - CommandLine|contains: + CommandLine|contains: - 'clear-log' # clears specified log - ' cl ' # short version of 'clear-log' - 'set-log' # modifies config of specified log. could be uset to set it to a tiny size - ' sl ' # short version of 'set-log' selection_other_ps: Image|endswith: '\powershell.exe' - CommandLine|contains: + CommandLine|contains: - 'Clear-EventLog' - 'Remove-EventLog' - 'Limit-EventLog' diff --git a/rules/windows/process_creation/win_susp_execution_path_webserver.yml b/rules/windows/process_creation/win_susp_execution_path_webserver.yml index be5af625..8398dc4c 100644 --- a/rules/windows/process_creation/win_susp_execution_path_webserver.yml +++ b/rules/windows/process_creation/win_susp_execution_path_webserver.yml @@ -7,6 +7,7 @@ date: 2019/01/16 tags: - attack.persistence - attack.t1100 + - attack.t1505.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_file_characteristics.yml b/rules/windows/process_creation/win_susp_file_characteristics.yml index 8243fe88..cb900eee 100644 --- a/rules/windows/process_creation/win_susp_file_characteristics.yml +++ b/rules/windows/process_creation/win_susp_file_characteristics.yml @@ -12,6 +12,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1064 + - attack.t1059.006 logsource: product: windows category: process_creation diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index e204a9d7..e7a3d0c9 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -12,6 +12,7 @@ references: tags: - attack.defense_evasion - attack.t1070 + - attack.t1551 logsource: category: process_creation product: windows @@ -21,7 +22,7 @@ detection: binary_2: OriginalFileName: 'fsutil.exe' selection: - CommandLine|contains: + CommandLine|contains: - 'deletejournal' # usn deletejournal ==> generally ransomware or attacker - 'createjournal' # usn createjournal ==> can modify config to set it to a tiny size condition: (1 of binary_*) and selection diff --git a/rules/windows/process_creation/win_susp_gup.yml b/rules/windows/process_creation/win_susp_gup.yml index e9fbbc95..1fd19502 100644 --- a/rules/windows/process_creation/win_susp_gup.yml +++ b/rules/windows/process_creation/win_susp_gup.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1073 + - attack.t1574.002 author: Florian Roth date: 2019/02/06 logsource: diff --git a/rules/windows/process_creation/win_susp_iss_module_install.yml b/rules/windows/process_creation/win_susp_iss_module_install.yml index d9b0a18e..7970eaf4 100644 --- a/rules/windows/process_creation/win_susp_iss_module_install.yml +++ b/rules/windows/process_creation/win_susp_iss_module_install.yml @@ -9,6 +9,7 @@ date: 2012/12/11 tags: - attack.persistence - attack.t1100 + - attack.t1505.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_net_execution.yml b/rules/windows/process_creation/win_susp_net_execution.yml index fa11306c..21f8f346 100644 --- a/rules/windows/process_creation/win_susp_net_execution.yml +++ b/rules/windows/process_creation/win_susp_net_execution.yml @@ -18,6 +18,7 @@ tags: - attack.lateral_movement - attack.discovery - attack.defense_evasion + - attack.t1021 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml index 885268c5..102e607b 100644 --- a/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml +++ b/rules/windows/process_creation/win_susp_netsh_dll_persistence.yml @@ -7,12 +7,13 @@ references: tags: - attack.persistence - attack.t1128 + - attack.t1546.007 date: 2019/10/25 modified: 2019/10/25 author: Victor Sergeev, oscd.community logsource: category: process_creation - product: windows + product: windows detection: selection: Image|endswith: '\netsh.exe' diff --git a/rules/windows/process_creation/win_susp_ntdsutil.yml b/rules/windows/process_creation/win_susp_ntdsutil.yml index a8c2f6fd..ba0e49e3 100644 --- a/rules/windows/process_creation/win_susp_ntdsutil.yml +++ b/rules/windows/process_creation/win_susp_ntdsutil.yml @@ -9,6 +9,7 @@ date: 2019/01/16 tags: - attack.credential_access - attack.t1003 + - attack.t1003.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_outlook_temp.yml b/rules/windows/process_creation/win_susp_outlook_temp.yml index b841940b..19a11004 100644 --- a/rules/windows/process_creation/win_susp_outlook_temp.yml +++ b/rules/windows/process_creation/win_susp_outlook_temp.yml @@ -7,6 +7,7 @@ date: 2019/10/01 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_powershell_empire_launch.yml b/rules/windows/process_creation/win_susp_powershell_empire_launch.yml index a45c4801..1097603f 100644 --- a/rules/windows/process_creation/win_susp_powershell_empire_launch.yml +++ b/rules/windows/process_creation/win_susp_powershell_empire_launch.yml @@ -10,8 +10,9 @@ references: author: Florian Roth date: 2019/04/20 tags: - - attack.execution - - attack.t1086 + - attack.execution + - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_powershell_empire_uac_bypass.yml b/rules/windows/process_creation/win_susp_powershell_empire_uac_bypass.yml index 0d662e28..493e7220 100644 --- a/rules/windows/process_creation/win_susp_powershell_empire_uac_bypass.yml +++ b/rules/windows/process_creation/win_susp_powershell_empire_uac_bypass.yml @@ -24,6 +24,7 @@ tags: - attack.privilege_escalation - attack.t1088 - car.2019-04-001 + - attack.t1548.002 falsepositives: - unknown level: critical diff --git a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml index e6ccc632..feb5a72d 100644 --- a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml +++ b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml @@ -8,8 +8,9 @@ author: Florian Roth, Markus Neis date: 2018/09/03 modified: 2019/12/16 tags: - - attack.execution - - attack.t1086 + - attack.execution + - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml b/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml index 7da4d36d..417c37dc 100644 --- a/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml +++ b/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml @@ -7,6 +7,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: John Lambert (rule) date: 2019/01/16 logsource: diff --git a/rules/windows/process_creation/win_susp_powershell_parent_combo.yml b/rules/windows/process_creation/win_susp_powershell_parent_combo.yml index 32e9e296..dfb15868 100644 --- a/rules/windows/process_creation/win_susp_powershell_parent_combo.yml +++ b/rules/windows/process_creation/win_susp_powershell_parent_combo.yml @@ -9,6 +9,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_procdump.yml b/rules/windows/process_creation/win_susp_procdump.yml index a450ce4b..bfa3d6ff 100644 --- a/rules/windows/process_creation/win_susp_procdump.yml +++ b/rules/windows/process_creation/win_susp_procdump.yml @@ -13,6 +13,7 @@ tags: - attack.credential_access - attack.t1003 - car.2013-05-009 + - attack.t1003.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_ps_appdata.yml b/rules/windows/process_creation/win_susp_ps_appdata.yml index b4663c8f..13c16b3a 100644 --- a/rules/windows/process_creation/win_susp_ps_appdata.yml +++ b/rules/windows/process_creation/win_susp_ps_appdata.yml @@ -8,6 +8,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Florian Roth date: 2019/01/09 logsource: diff --git a/rules/windows/process_creation/win_susp_ps_downloadfile.yml b/rules/windows/process_creation/win_susp_ps_downloadfile.yml index 5fe3001d..f2440a8a 100644 --- a/rules/windows/process_creation/win_susp_ps_downloadfile.yml +++ b/rules/windows/process_creation/win_susp_ps_downloadfile.yml @@ -9,12 +9,13 @@ date: 2020/03/25 tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows detection: selection: - CommandLine|contains|all: + CommandLine|contains|all: - 'powershell' - '.DownloadFile' - 'System.Net.WebClient' diff --git a/rules/windows/process_creation/win_susp_rasdial_activity.yml b/rules/windows/process_creation/win_susp_rasdial_activity.yml index 6a4b0233..e9959628 100644 --- a/rules/windows/process_creation/win_susp_rasdial_activity.yml +++ b/rules/windows/process_creation/win_susp_rasdial_activity.yml @@ -10,6 +10,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1064 + - attack.t1059 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_regsvr32_anomalies.yml b/rules/windows/process_creation/win_susp_regsvr32_anomalies.yml index ce51e4b7..a19bdbf7 100644 --- a/rules/windows/process_creation/win_susp_regsvr32_anomalies.yml +++ b/rules/windows/process_creation/win_susp_regsvr32_anomalies.yml @@ -12,6 +12,7 @@ tags: - attack.execution - car.2019-04-002 - car.2019-04-003 + - attack.t1218 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_rundll32_activity.yml b/rules/windows/process_creation/win_susp_rundll32_activity.yml index c388da17..a7dedd20 100644 --- a/rules/windows/process_creation/win_susp_rundll32_activity.yml +++ b/rules/windows/process_creation/win_susp_rundll32_activity.yml @@ -10,6 +10,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1085 + - attack.t1218.011 author: juju4 date: 2019/01/16 logsource: diff --git a/rules/windows/process_creation/win_susp_rundll32_by_ordinal.yml b/rules/windows/process_creation/win_susp_rundll32_by_ordinal.yml index 44f830c9..0867f34b 100644 --- a/rules/windows/process_creation/win_susp_rundll32_by_ordinal.yml +++ b/rules/windows/process_creation/win_susp_rundll32_by_ordinal.yml @@ -10,6 +10,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1085 + - attack.t1218.011 author: Florian Roth date: 2019/10/22 logsource: diff --git a/rules/windows/process_creation/win_susp_schtask_creation.yml b/rules/windows/process_creation/win_susp_schtask_creation.yml index 7c2d3fa6..9a33912a 100644 --- a/rules/windows/process_creation/win_susp_schtask_creation.yml +++ b/rules/windows/process_creation/win_susp_schtask_creation.yml @@ -24,6 +24,7 @@ tags: - attack.t1053 - attack.s0111 - car.2013-08-001 + - attack.t1053.005 falsepositives: - Administrative activity - Software installation diff --git a/rules/windows/process_creation/win_susp_script_execution.yml b/rules/windows/process_creation/win_susp_script_execution.yml index 2404edc4..2e7ad48d 100644 --- a/rules/windows/process_creation/win_susp_script_execution.yml +++ b/rules/windows/process_creation/win_susp_script_execution.yml @@ -7,6 +7,7 @@ date: 2019/01/16 tags: - attack.execution - attack.t1064 + - attack.t1059.005 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_service_path_modification.yml b/rules/windows/process_creation/win_susp_service_path_modification.yml index 6a3dbabd..6e6504ba 100644 --- a/rules/windows/process_creation/win_susp_service_path_modification.yml +++ b/rules/windows/process_creation/win_susp_service_path_modification.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1031 + - attack.t1543.003 date: 2019/10/21 modified: 2019/11/10 author: Victor Sergeev, oscd.community diff --git a/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml b/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml index dceac89d..fb2f5d65 100644 --- a/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml +++ b/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml @@ -10,6 +10,7 @@ tags: - attack.privilege_escalation - attack.t1076 - car.2013-07-002 + - attack.t1021 author: Florian Roth date: 2018/03/17 modified: 2018/12/11 diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml index dfe043a8..e7844c4f 100644 --- a/rules/windows/process_creation/win_task_folder_evasion.yml +++ b/rules/windows/process_creation/win_task_folder_evasion.yml @@ -1,8 +1,8 @@ title: Tasks Folder Evasion id: cc4e02ba-9c06-48e2-b09e-2500cace9ae0 status: experimental -description: The Tasks folder in system32 and syswow64 are globally writable paths. Adversaries can take advantage of this and load or influence any script hosts or ANY .NET Application in Tasks to load and execute a custom assembly into cscript, wscript, regsvr32, mshta, eventvwr -references: +description: The Tasks folder in system32 and syswow64 are globally writable paths. Adversaries can take advantage of this and load or influence any script hosts or ANY .NET Application in Tasks to load and execute a custom assembly into cscript, wscript, regsvr32, mshta, eventvwr +references: - https://twitter.com/subTee/status/1216465628946563073 - https://gist.github.com/am0nsec/8378da08f848424e4ab0cc5b317fdd26 date: 2020/01/13 @@ -13,6 +13,7 @@ tags: - attack.t1059 - attack.defense_evasion - attack.persistence + - attack.t1059.005 logsource: product: Windows detection: diff --git a/rules/windows/process_creation/win_uac_cmstp.yml b/rules/windows/process_creation/win_uac_cmstp.yml index b10c9195..1c234bfe 100644 --- a/rules/windows/process_creation/win_uac_cmstp.yml +++ b/rules/windows/process_creation/win_uac_cmstp.yml @@ -13,13 +13,15 @@ tags: - attack.execution - attack.t1191 - attack.t1088 + - attack.t1548.002 + - attack.t1218 logsource: category: process_creation product: windows detection: selection: Image|endswith: '\cmstp.exe' - CommandLine|contains: + CommandLine|contains: - '/s' - '/au' condition: selection diff --git a/rules/windows/process_creation/win_uac_fodhelper.yml b/rules/windows/process_creation/win_uac_fodhelper.yml index d3ce1690..31f1181d 100644 --- a/rules/windows/process_creation/win_uac_fodhelper.yml +++ b/rules/windows/process_creation/win_uac_fodhelper.yml @@ -11,6 +11,7 @@ references: tags: - attack.privilege_escalation - attack.t1088 + - attack.t1548.002 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_uac_wsreset.yml b/rules/windows/process_creation/win_uac_wsreset.yml index 1296b8e4..ff41e342 100644 --- a/rules/windows/process_creation/win_uac_wsreset.yml +++ b/rules/windows/process_creation/win_uac_wsreset.yml @@ -10,6 +10,7 @@ references: tags: - attack.privilege_escalation - attack.t1088 + - attack.t1548.002 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_webshell_detection.yml b/rules/windows/process_creation/win_webshell_detection.yml index fc41f0f5..1437d0a6 100644 --- a/rules/windows/process_creation/win_webshell_detection.yml +++ b/rules/windows/process_creation/win_webshell_detection.yml @@ -10,6 +10,7 @@ tags: - attack.privilege_escalation - attack.persistence - attack.t1100 + - attack.t1505.003 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_webshell_spawn.yml b/rules/windows/process_creation/win_webshell_spawn.yml index 0f119262..3d5888fe 100644 --- a/rules/windows/process_creation/win_webshell_spawn.yml +++ b/rules/windows/process_creation/win_webshell_spawn.yml @@ -30,6 +30,7 @@ tags: - attack.privilege_escalation - attack.persistence - attack.t1100 + - attack.t1505.003 falsepositives: - Particular web applications may spawn a shell process legitimately level: high diff --git a/rules/windows/process_creation/win_win10_sched_task_0day.yml b/rules/windows/process_creation/win_win10_sched_task_0day.yml index 555c7132..312fb4cd 100644 --- a/rules/windows/process_creation/win_win10_sched_task_0day.yml +++ b/rules/windows/process_creation/win_win10_sched_task_0day.yml @@ -21,4 +21,5 @@ tags: - attack.execution - attack.t1053 - car.2013-08-001 + - attack.t1053.005 level: high diff --git a/rules/windows/process_creation/win_wmi_backdoor_exchange_transport_agent.yml b/rules/windows/process_creation/win_wmi_backdoor_exchange_transport_agent.yml index 0d5761e9..b5fa97cb 100644 --- a/rules/windows/process_creation/win_wmi_backdoor_exchange_transport_agent.yml +++ b/rules/windows/process_creation/win_wmi_backdoor_exchange_transport_agent.yml @@ -13,8 +13,9 @@ logsource: tags: - attack.persistence - attack.t1084 + - attack.t1546.003 detection: - selection: + selection: ParentImage: '*\EdgeTransport.exe' condition: selection falsepositives: diff --git a/rules/windows/process_creation/win_wmi_spwns_powershell.yml b/rules/windows/process_creation/win_wmi_spwns_powershell.yml index abe55079..91a69ec6 100644 --- a/rules/windows/process_creation/win_wmi_spwns_powershell.yml +++ b/rules/windows/process_creation/win_wmi_spwns_powershell.yml @@ -11,6 +11,7 @@ tags: - attack.execution - attack.defense_evasion - attack.t1064 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_wsreset_uac_bypass.yml b/rules/windows/process_creation/win_wsreset_uac_bypass.yml index 02d0398e..61622933 100644 --- a/rules/windows/process_creation/win_wsreset_uac_bypass.yml +++ b/rules/windows/process_creation/win_wsreset_uac_bypass.yml @@ -1,7 +1,7 @@ title: Wsreset UAC Bypass id: bdc8918e-a1d5-49d1-9db7-ea0fd91aa2ae status: experimental -description: Detects a method that uses Wsreset.exe tool that can be used to reset the Windows Store to bypass UAC +description: Detects a method that uses Wsreset.exe tool that can be used to reset the Windows Store to bypass UAC references: - https://lolbas-project.github.io/lolbas/Binaries/Wsreset/ - https://www.activecyber.us/activelabs/windows-uac-bypass @@ -12,6 +12,7 @@ tags: - attack.defense_evasion - attack.execution - attack.t1088 + - attack.t1548.002 logsource: category: process_creation product: windows diff --git a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml index 067cd370..da710320 100644 --- a/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml +++ b/rules/windows/sysmon/sysmon_alternate_powershell_hosts_pipe.yml @@ -10,17 +10,18 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: sysmon detection: - selection: + selection: EventID: 17 PipeName|startswith: '\PSHost' filter: Image|endswith: - - '\powershell.exe' - - '\powershell_ise.exe' + - '\powershell.exe' + - '\powershell_ise.exe' condition: selection and not filter fields: - ComputerName diff --git a/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml b/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml index 09e94d15..72f08c5e 100644 --- a/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml +++ b/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1060 + - attack.t1547.001 date: 2019/10/21 modified: 2019/11/10 author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community diff --git a/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml b/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml index f91ffabc..5e05ea71 100644 --- a/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml +++ b/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml @@ -2,8 +2,7 @@ title: Credentials Dumping Tools Accessing LSASS Memory id: 32d0d3e2-e58d-4d41-926b-18b520b2b32d status: experimental description: Detects process access LSASS memory which is typical for credentials dumping tools -author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, - oscd.community (update) +author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, oscd.community (update) date: 2017/02/16 modified: 2019/11/08 references: @@ -16,6 +15,7 @@ tags: - attack.s0002 - attack.credential_access - car.2019-04-004 + - attack.t1003.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml b/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml index 4ea0955c..6a76bfa6 100644 --- a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml +++ b/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml @@ -9,20 +9,23 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.001 + - attack.t1003.003 logsource: product: windows service: sysmon detection: selection: EventID: 11 - TargetFilename|contains: + TargetFilename|contains: - '\pwdump' - '\kirbi' - '\pwhashes' - '\wce_ccache' - '\wce_krbtkts' - '\fgdump-log' - TargetFilename|endswith: + TargetFilename|endswith: - '\test.pwd' - '\lsremora64.dll' - '\lsremora.dll' diff --git a/rules/windows/sysmon/sysmon_cred_dump_tools_named_pipes.yml b/rules/windows/sysmon/sysmon_cred_dump_tools_named_pipes.yml index f0036118..78c45714 100644 --- a/rules/windows/sysmon/sysmon_cred_dump_tools_named_pipes.yml +++ b/rules/windows/sysmon/sysmon_cred_dump_tools_named_pipes.yml @@ -8,6 +8,9 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.006 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml b/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml index 3432e7c2..0375f267 100644 --- a/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml +++ b/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml @@ -1,8 +1,7 @@ title: DHCP Callout DLL Installation id: 9d3436ef-9476-4c43-acca-90ce06bdf33a status: experimental -description: Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the - DHCP server (restart required) +description: Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the DHCP server (restart required) references: - https://blog.3or.de/mimilib-dhcp-server-callout-dll-injection.html - https://technet.microsoft.com/en-us/library/cc726884(v=ws.10).aspx @@ -13,6 +12,7 @@ tags: - attack.defense_evasion - attack.t1073 - attack.t1112 + - attack.t1574.002 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index ea7a4ea4..b363db33 100644 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1089 + - attack.t1562.001 author: Ilyas Ochkov, oscd.community date: 2019/10/25 modified: 2019/11/13 @@ -15,11 +16,11 @@ logsource: service: sysmon detection: selection: - - EventID: 12 # key create + - EventID: 12 # key create # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' EventType: 'CreateKey' # we don't want deletekey - - EventID: 14 # key rename + - EventID: 14 # key rename NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' condition: selection fields: diff --git a/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml b/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml index cfa37cb8..1dc20497 100644 --- a/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml +++ b/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml @@ -7,6 +7,7 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 author: Markus Neis date: 2018/07/24 logsource: diff --git a/rules/windows/sysmon/sysmon_in_memory_powershell.yml b/rules/windows/sysmon/sysmon_in_memory_powershell.yml index 56e6e453..55b1f058 100644 --- a/rules/windows/sysmon/sysmon_in_memory_powershell.yml +++ b/rules/windows/sysmon/sysmon_in_memory_powershell.yml @@ -11,6 +11,7 @@ references: tags: - attack.t1086 - attack.execution + - attack.t1059.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_invoke_phantom.yml b/rules/windows/sysmon/sysmon_invoke_phantom.yml index 5ed1498c..9dda2195 100644 --- a/rules/windows/sysmon/sysmon_invoke_phantom.yml +++ b/rules/windows/sysmon/sysmon_invoke_phantom.yml @@ -10,6 +10,7 @@ references: tags: - attack.t1089 - attack.defense_evasion + - attack.t1562.001 logsource: product: windows service: sysmon @@ -19,7 +20,7 @@ detection: TargetImage: '*\windows\system32\svchost.exe' GrantedAccess: '0x1f3fff' CallTrace: - - '*unknown*' + - '*unknown*' condition: selection falsepositives: - unknown diff --git a/rules/windows/sysmon/sysmon_lsass_memdump.yml b/rules/windows/sysmon/sysmon_lsass_memdump.yml index d6e7d045..2a59dc1a 100644 --- a/rules/windows/sysmon/sysmon_lsass_memdump.yml +++ b/rules/windows/sysmon/sysmon_lsass_memdump.yml @@ -10,6 +10,7 @@ tags: - attack.t1003 - attack.s0002 - attack.credential_access + - attack.t1003.001 logsource: product: windows service: sysmon @@ -19,8 +20,8 @@ detection: TargetImage: 'C:\windows\system32\lsass.exe' GrantedAccess: '0x1fffff' CallTrace: - - '*dbghelp.dll*' - - '*dbgcore.dll*' + - '*dbghelp.dll*' + - '*dbgcore.dll*' condition: selection falsepositives: - unknown diff --git a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml index 54f7e04f..f5d8963f 100644 --- a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml +++ b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml @@ -9,6 +9,7 @@ modified: 2019/11/13 tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml b/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml index 953c8610..a69294b3 100644 --- a/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml +++ b/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml @@ -9,6 +9,7 @@ date: 2017/03/19 tags: - attack.command_and_control - attack.t1043 + - attack.t1571 logsource: product: windows service: sysmon @@ -71,7 +72,7 @@ detection: filter1: Image: '*\Program Files*' filter2: - DestinationIp: + DestinationIp: - '10.*' - '192.168.*' - '172.16.*' diff --git a/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml b/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml index 58f1cf58..a9832506 100644 --- a/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml +++ b/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml @@ -10,6 +10,10 @@ tags: - attack.lateral_movement - attack.credential_access - car.2019-04-004 + - attack.t1003.002 + - attack.t1003.004 + - attack.t1003.001 + - attack.t1003.006 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml b/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml index 871724ab..693cdeef 100644 --- a/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml +++ b/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml @@ -21,6 +21,8 @@ tags: - attack.t1003 - attack.t1028 - attack.s0005 + - attack.t1003.001 + - attack.t1021.006 falsepositives: - low level: high diff --git a/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml b/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml index 44389267..7c88604c 100644 --- a/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml +++ b/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml @@ -6,6 +6,7 @@ references: tags: - attack.persistence - attack.t1060 + - attack.t1547.001 author: Dmitriy Lifanov, oscd.community status: experimental date: 2019/10/25 diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml index 79202088..b88b0a87 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -1,14 +1,14 @@ title: New DLL Added to AppCertDlls Registry Key id: 6aa1d992-5925-4e9f-a49b-845e51d1de01 status: experimental -description: Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation - by causing a malicious DLL to be loaded and run in the context of separate processes on the computer. +description: Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation by causing a malicious DLL to be loaded and run in the context of separate processes on the computer. references: - http://www.hexacorn.com/blog/2013/01/19/beyond-good-ol-run-key-part-3/ - https://eqllib.readthedocs.io/en/latest/analytics/14f90406-10a0-4d36-a672-31cabe149f2f.html tags: - attack.persistence - attack.t1182 + - attack.t1546.009 author: Ilyas Ochkov, oscd.community date: 2019/10/25 modified: 2019/11/13 @@ -17,12 +17,12 @@ logsource: service: sysmon detection: selection: - - EventID: + - EventID: - 12 # key create - 13 # value set # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' - - EventID: 14 # key rename + - EventID: 14 # key rename NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' condition: selection fields: diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml index 604cc1eb..f7cfcd8e 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -7,6 +7,7 @@ references: tags: - attack.persistence - attack.t1103 + - attack.t1546.010 author: Ilyas Ochkov, oscd.community date: 2019/10/25 modified: 2019/11/13 @@ -15,16 +16,16 @@ logsource: service: sysmon detection: selection: - - EventID: + - EventID: - 12 # key create - 13 # value set TargetObject: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - EventID: 14 # key rename + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - EventID: 14 # key rename NewName: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_password_dumper_lsass.yml b/rules/windows/sysmon/sysmon_password_dumper_lsass.yml index 70a4246e..f5632f4d 100644 --- a/rules/windows/sysmon/sysmon_password_dumper_lsass.yml +++ b/rules/windows/sysmon/sysmon_password_dumper_lsass.yml @@ -1,7 +1,6 @@ title: Password Dumper Remote Thread in LSASS id: f239b326-2f41-4d6b-9dfa-c846a60ef505 -description: Detects password dumper activity by monitoring remote thread creation EventID 8 in combination with the lsass.exe process as TargetImage. The process - in field Process is the malicious program. A single execution can lead to hundreds of events. +description: Detects password dumper activity by monitoring remote thread creation EventID 8 in combination with the lsass.exe process as TargetImage. The process in field Process is the malicious program. A single execution can lead to hundreds of events. references: - https://jpcertcc.github.io/ToolAnalysisResultSheet/details/WCE.htm status: stable @@ -14,12 +13,13 @@ detection: selection: EventID: 8 TargetImage: 'C:\Windows\System32\lsass.exe' - StartModule: null + StartModule: condition: selection tags: - attack.credential_access - attack.t1003 - attack.s0005 + - attack.t1003.001 falsepositives: - unknown level: high diff --git a/rules/windows/sysmon/sysmon_possible_dns_rebinding.yml b/rules/windows/sysmon/sysmon_possible_dns_rebinding.yml index 9845263a..6070a673 100644 --- a/rules/windows/sysmon/sysmon_possible_dns_rebinding.yml +++ b/rules/windows/sysmon/sysmon_possible_dns_rebinding.yml @@ -1,8 +1,7 @@ title: Possible DNS Rebinding id: eb07e747-2552-44cd-af36-b659ae0958e4 status: experimental -description: Detects several different DNS-answers by one domain with IPs from internal and external networks. Normally, DNS-answer contain TTL >100. (DNS-record - will saved in host cache for a while TTL). +description: Detects several different DNS-answers by one domain with IPs from internal and external networks. Normally, DNS-answer contain TTL >100. (DNS-record will saved in host cache for a while TTL). date: 2019/10/25 modified: 2019/11/13 author: Ilyas Ochkov, oscd.community @@ -11,6 +10,7 @@ references: tags: - attack.command_and_control - attack.t1043 + - attack.t1571 logsource: product: windows service: sysmon @@ -18,9 +18,9 @@ detection: dns_answer: EventID: 22 QueryName: '*' - QueryStatus: '0' + QueryStatus: '0' filter_int_ip: - QueryResults|startswith: + QueryResults|startswith: - '(::ffff:)?10.' - '(::ffff:)?192.168.' - '(::ffff:)?172.16.' @@ -39,7 +39,7 @@ detection: - '(::ffff:)?172.29.' - '(::ffff:)?172.30.' - '(::ffff:)?172.31.' - - '(::ffff:)?127.' + - '(::ffff:)?127.' timeframe: 30s condition: (dns_answer and filter_int_ip) and (dns_answer and not filter_int_ip) | count(QueryName) by ComputerName > 3 level: medium diff --git a/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml b/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml index 6251dd07..89ab5297 100644 --- a/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml +++ b/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml @@ -7,6 +7,7 @@ references: tags: - attack.privilege_escalation - attack.t1058 + - attack.t1574.011 status: experimental author: Teymur Kheirkhabarov date: 2019/10/26 diff --git a/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml b/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml index 124c8312..9d93c4c0 100644 --- a/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml +++ b/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml @@ -13,8 +13,9 @@ logsource: tags: - attack.execution - attack.t1086 + - attack.t1059.001 detection: - selection: + selection: EventID: 7 Description: 'system.management.automation' ImageLoaded|contains: 'system.management.automation' diff --git a/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml b/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml index d7a6df7a..60028363 100644 --- a/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml +++ b/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml @@ -7,6 +7,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Markus Neis date: 2018/04/07 logsource: @@ -16,7 +17,7 @@ detection: selection: EventID: 11 TargetFilename: - - '*\Invoke-DllInjection.ps1' + - '*\Invoke-DllInjection.ps1' - '*\Invoke-WmiCommand.ps1' - '*\Get-GPPPassword.ps1' - '*\Get-Keystrokes.ps1' @@ -115,4 +116,4 @@ detection: falsepositives: - Penetration Tests level: high - + diff --git a/rules/windows/sysmon/sysmon_powershell_network_connection.yml b/rules/windows/sysmon/sysmon_powershell_network_connection.yml index 55f83462..0dd64587 100644 --- a/rules/windows/sysmon/sysmon_powershell_network_connection.yml +++ b/rules/windows/sysmon/sysmon_powershell_network_connection.yml @@ -1,8 +1,7 @@ title: PowerShell Network Connections id: 1f21ec3f-810d-4b0e-8045-322202e22b4b status: experimental -description: Detects a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. - extend filters with company's ip range') +description: Detects a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. extend filters with company's ip range') author: Florian Roth date: 2017/03/13 references: @@ -10,6 +9,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_quarkspw_filedump.yml b/rules/windows/sysmon/sysmon_quarkspw_filedump.yml index 5b712d9c..135b66b9 100644 --- a/rules/windows/sysmon/sysmon_quarkspw_filedump.yml +++ b/rules/windows/sysmon/sysmon_quarkspw_filedump.yml @@ -7,8 +7,9 @@ references: author: Florian Roth date: 2018/02/10 tags: - - attack.credential_access - - attack.t1003 + - attack.credential_access + - attack.t1003 + - attack.t1003.002 level: critical logsource: product: windows diff --git a/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml b/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml index ee2e85ea..f7979bd6 100644 --- a/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml +++ b/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml @@ -11,6 +11,7 @@ tags: - attack.command_and_control - attack.t1076 - car.2013-07-002 + - attack.t1021 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml index e0131f92..e4087c05 100644 --- a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml +++ b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml @@ -10,6 +10,7 @@ modified: 2019/11/07 tags: - attack.persistence - attack.t1122 + - attack.t1546.015 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml b/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml index 6e8aae23..5d6a6e8e 100644 --- a/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml +++ b/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml @@ -9,6 +9,7 @@ date: 2020/04/14 tags: - attack.persistence - attack.t1038 + - attack.t1574.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml index eec9375a..22b7bc79 100644 --- a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml +++ b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml @@ -11,6 +11,7 @@ modified: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml b/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml index 9722b7a7..71c7903c 100644 --- a/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml +++ b/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml @@ -9,6 +9,7 @@ tags: - attack.execution - attack.defense_evasion - attack.t1117 + - attack.t1218.010 author: Dmitriy Lifanov, oscd.community status: experimental date: 2019/10/25 @@ -19,8 +20,8 @@ logsource: detection: selection: EventID: - - 3 - - 22 + - 3 + - 22 Image|endswith: '\regsvr32.exe' condition: selection fields: diff --git a/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml b/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml index 805f7db5..b0695d7a 100644 --- a/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml +++ b/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml @@ -9,11 +9,12 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: product: windows service: sysmon detection: - selection: + selection: EventID: 3 DestinationPort: - 5985 diff --git a/rules/windows/sysmon/sysmon_rundll32_net_connections.yml b/rules/windows/sysmon/sysmon_rundll32_net_connections.yml index c02164f3..c7f6e7b9 100644 --- a/rules/windows/sysmon/sysmon_rundll32_net_connections.yml +++ b/rules/windows/sysmon/sysmon_rundll32_net_connections.yml @@ -10,6 +10,7 @@ tags: - attack.t1085 - attack.defense_evasion - attack.execution + - attack.t1218 logsource: product: windows service: sysmon @@ -19,7 +20,7 @@ detection: Image: '*\rundll32.exe' Initiated: 'true' filter: - DestinationIp: + DestinationIp: - '10.*' - '192.168.*' - '172.16.*' diff --git a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml index 606076a2..ec1df92c 100644 --- a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml +++ b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml @@ -9,6 +9,7 @@ date: 2020/03/19 tags: - attack.persistence - attack.t1023 + - attack.t1547.009 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_download_run_key.yml b/rules/windows/sysmon/sysmon_susp_download_run_key.yml index 5f1bad94..14f5d5ca 100644 --- a/rules/windows/sysmon/sysmon_susp_download_run_key.yml +++ b/rules/windows/sysmon/sysmon_susp_download_run_key.yml @@ -9,13 +9,14 @@ date: 2019/10/01 tags: - attack.persistence - attack.t1060 + - attack.t1547.001 logsource: product: windows service: sysmon detection: selection: EventID: 13 - Image: + Image: - '*\Downloads\\*' - '*\Temporary Internet Files\Content.Outlook\\*' - '*\Local Settings\Temporary Internet Files\\*' @@ -23,4 +24,4 @@ detection: condition: selection falsepositives: - Software installers downloaded and used by users -level: high \ No newline at end of file +level: high diff --git a/rules/windows/sysmon/sysmon_susp_driver_load.yml b/rules/windows/sysmon/sysmon_susp_driver_load.yml index 1bfec5e1..c353d7e9 100644 --- a/rules/windows/sysmon/sysmon_susp_driver_load.yml +++ b/rules/windows/sysmon/sysmon_susp_driver_load.yml @@ -6,6 +6,7 @@ date: 2017/02/12 tags: - attack.persistence - attack.t1050 + - attack.t1543.003 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_image_load.yml b/rules/windows/sysmon/sysmon_susp_image_load.yml index 577f9610..11a696b0 100644 --- a/rules/windows/sysmon/sysmon_susp_image_load.yml +++ b/rules/windows/sysmon/sysmon_susp_image_load.yml @@ -9,6 +9,7 @@ date: 2018/01/07 tags: - attack.defense_evasion - attack.t1073 + - attack.t1574.002 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml b/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml index 78cf4bf7..44a1020d 100644 --- a/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml @@ -13,15 +13,16 @@ logsource: detection: selection: EventID: - - 12 + - 12 - 13 - TargetObject: + TargetObject: - '*\CurrentControlSet\Services\NTDS\DirectoryServiceExtPt*' - '*\CurrentControlSet\Services\NTDS\LsaDbExtPt*' condition: selection tags: - attack.execution - attack.t1177 + - attack.t1547.008 falsepositives: - Unknown level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml index 47036525..f3d5acd9 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml index bd58c23b..e76e29d5 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml index 354d7e8a..670a5552 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml index e46824e6..24afa4ca 100644 --- a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml index 77aaf326..d55fe994 100644 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_powershell_rundll32.yml b/rules/windows/sysmon/sysmon_susp_powershell_rundll32.yml index 58ec943c..d989a010 100644 --- a/rules/windows/sysmon/sysmon_susp_powershell_rundll32.yml +++ b/rules/windows/sysmon/sysmon_susp_powershell_rundll32.yml @@ -20,6 +20,8 @@ tags: - attack.execution - attack.t1085 - attack.t1086 + - attack.t1218.011 + - attack.t1059.001 falsepositives: - Unkown level: high diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index b73320b3..25ee0df7 100644 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -9,6 +9,7 @@ references: tags: - attack.t1089 - attack.defense_evasion + - attack.t1562.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml b/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml index e5786395..0dc20e16 100644 --- a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml +++ b/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml @@ -13,7 +13,7 @@ detection: selection: EventID: 13 TargetObject: '*\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' - Details: + Details: - 'C:\Windows\Temp\\*' - 'C:\ProgramData\\*' - '*\AppData\\*' @@ -26,6 +26,7 @@ tags: - attack.persistence - attack.t1060 - capec.270 + - attack.t1547.001 fields: - Image - ParentImage diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml index 43c5990a..7798f552 100644 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml @@ -8,6 +8,7 @@ author: Florian Roth, Markus Neis, Sander Wiebing tags: - attack.persistence - attack.t1060 + - attack.t1547.001 date: 2018/08/25 modified: 2020/05/24 logsource: @@ -16,7 +17,7 @@ logsource: detection: selection: EventID: 13 - TargetObject: + TargetObject: - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' Details: diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml index 39efbfaa..c15a8c94 100644 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ b/rules/windows/sysmon/sysmon_susp_service_installed.yml @@ -9,6 +9,7 @@ references: tags: - attack.t1089 - attack.defense_evasion + - attack.t1562.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml index c792c8c2..1006e845 100644 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml @@ -9,6 +9,7 @@ date: 2020/02/19 tags: - attack.initial_access - attack.t1193 + - attack.t1566.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml index b5f36b4e..09cb9dfb 100644 --- a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml +++ b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -1,9 +1,7 @@ title: Load of dbghelp/dbgcore DLL from Suspicious Process id: 0e277796-5f23-4e49-a490-483131d4f6e1 status: experimental -description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump - API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and - transfer it over the network back to the attacker's machine. +description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and transfer it over the network back to the attacker's machine. date: 2019/10/27 modified: 2020/05/23 author: Perez Diego (@darkquassar), oscd.community, Ecco @@ -14,6 +12,7 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: sysmon @@ -23,7 +22,7 @@ detection: ImageLoaded|endswith: - '\dbghelp.dll' - '\dbgcore.dll' - Image|endswith: + Image|endswith: - '\msbuild.exe' - '\cmd.exe' - '\svchost.exe' diff --git a/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml b/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml index 353034a7..3b1fd52b 100644 --- a/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml +++ b/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml @@ -10,6 +10,7 @@ modified: 2019/11/13 tags: - attack.lateral_movement - attack.t1208 + - attack.t1558.003 logsource: product: windows service: sysmon @@ -24,7 +25,7 @@ detection: - '\opera.exe' - '\chrome.exe' - '\firefox.exe' - condition: selection and not filter + condition: selection and not filter falsepositives: - Other browsers level: high diff --git a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml index f06a1e20..1773855c 100644 --- a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml @@ -1,9 +1,7 @@ title: Svchost DLL Search Order Hijack id: 602a1f13-c640-4d73-b053-be9a2fa58b77 status: experimental -description: IKEEXT and SessionEnv service, as they call LoadLibrary on files that do not exist within C:\Windows\System32\ by default. An attacker can place their - malicious logic within the PROCESS_ATTACH block of their library and restart the aforementioned services "svchost.exe -k netsvcs" to gain code execution on a - remote machine. +description: IKEEXT and SessionEnv service, as they call LoadLibrary on files that do not exist within C:\Windows\System32\ by default. An attacker can place their malicious logic within the PROCESS_ATTACH block of their library and restart the aforementioned services "svchost.exe -k netsvcs" to gain code execution on a remote machine. references: - https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992 author: SBousseaden @@ -14,6 +12,8 @@ tags: - attack.t1073 - attack.t1038 - attack.t1112 + - attack.t1574.002 + - attack.t1574.001 logsource: product: windows service: sysmon @@ -28,7 +28,7 @@ detection: - '*\wlbsctrl.dll' filter: ImageLoaded: - - 'C:\Windows\WinSxS\\*' + - 'C:\Windows\WinSxS\\*' condition: selection and not filter falsepositives: - Pentest diff --git a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml index c91f0abd..ded431bf 100644 --- a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml +++ b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml @@ -28,6 +28,7 @@ tags: - attack.privilege_escalation - attack.t1088 - car.2019-04-001 + - attack.t1548.002 falsepositives: - unknown level: critical diff --git a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml index 042c1477..2e8f8c36 100644 --- a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml +++ b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml @@ -20,6 +20,7 @@ tags: - attack.privilege_escalation - attack.t1088 - car.2019-04-001 + - attack.t1548.002 falsepositives: - unknown level: high diff --git a/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml b/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml index c88a6d4c..cba4a5e0 100644 --- a/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml +++ b/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml @@ -9,6 +9,7 @@ references: tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml index 7f94a425..64a99889 100644 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml @@ -10,6 +10,7 @@ modified: 2020/05/18 tags: - attack.persistence - attack.t1100 + - attack.t1505.003 level: critical logsource: product: windows diff --git a/rules/windows/sysmon/sysmon_win_reg_persistence.yml b/rules/windows/sysmon/sysmon_win_reg_persistence.yml index 06a18db8..a2d5512c 100644 --- a/rules/windows/sysmon/sysmon_win_reg_persistence.yml +++ b/rules/windows/sysmon/sysmon_win_reg_persistence.yml @@ -23,6 +23,7 @@ tags: - attack.defense_evasion - attack.t1183 - car.2013-01-002 + - attack.t1546.012 falsepositives: - unknown level: critical diff --git a/rules/windows/sysmon/sysmon_wmi_event_subscription.yml b/rules/windows/sysmon/sysmon_wmi_event_subscription.yml index 34db9562..6862faf3 100644 --- a/rules/windows/sysmon/sysmon_wmi_event_subscription.yml +++ b/rules/windows/sysmon/sysmon_wmi_event_subscription.yml @@ -7,6 +7,7 @@ references: tags: - attack.t1084 - attack.persistence + - attack.t1546.003 author: Tom Ueltschi (@c_APT_ure) date: 2019/01/12 logsource: diff --git a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml index c87d2af6..52672a95 100644 --- a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml +++ b/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -9,6 +9,7 @@ date: 2018/03/07 tags: - attack.t1084 - attack.persistence + - attack.t1546.003 logsource: product: windows service: sysmon @@ -18,6 +19,6 @@ detection: Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' ImageLoaded|endswith: '\wbemcons.dll' condition: selection -falsepositives: +falsepositives: - Unknown (data set is too small; further testing needed) level: high diff --git a/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml index 907a2873..7095ec85 100644 --- a/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml +++ b/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml @@ -9,6 +9,7 @@ date: 2018/03/07 tags: - attack.t1084 - attack.persistence + - attack.t1546.003 logsource: product: windows service: sysmon @@ -17,6 +18,6 @@ detection: EventID: 11 Image: 'C:\WINDOWS\system32\wbem\scrcons.exe' condition: selection -falsepositives: +falsepositives: - Unknown (data set is too small; further testing needed) level: high diff --git a/rules/windows/sysmon/sysmon_wmi_susp_scripting.yml b/rules/windows/sysmon/sysmon_wmi_susp_scripting.yml index d6d05986..ad5c4132 100644 --- a/rules/windows/sysmon/sysmon_wmi_susp_scripting.yml +++ b/rules/windows/sysmon/sysmon_wmi_susp_scripting.yml @@ -10,9 +10,10 @@ date: 2019/04/15 tags: - attack.t1086 - attack.execution + - attack.t1059.005 logsource: - product: windows - service: sysmon + product: windows + service: sysmon detection: selection: EventID: 20 From 5c0bb0e94f127ad224722818a3e5e9d491d626e3 Mon Sep 17 00:00:00 2001 From: Ivan Kirillov Date: Tue, 16 Jun 2020 15:01:13 -0600 Subject: [PATCH 487/714] Fixed indentation --- rules/windows/builtin/win_pass_the_hash.yml | 16 ++++++++-------- rules/windows/builtin/win_pass_the_hash_2.yml | 12 ++++++------ .../win_register_new_logon_process_by_rubeus.yml | 2 +- ...rivileged_service_lsaregisterlogonprocess.yml | 4 ++-- ...ying_sensitive_files_with_credential_data.yml | 2 +- .../win_new_service_creation.yml | 4 ++-- .../win_powershell_downgrade_attack.yml | 2 +- ...rity_events_logging_adding_reg_key_minint.yml | 8 ++++---- ...new_dll_added_to_appcertdlls_registry_key.yml | 4 ++-- ...ew_dll_added_to_appinit_dlls_registry_key.yml | 12 ++++++------ 10 files changed, 33 insertions(+), 33 deletions(-) diff --git a/rules/windows/builtin/win_pass_the_hash.yml b/rules/windows/builtin/win_pass_the_hash.yml index 1fa07af1..c6aaae74 100644 --- a/rules/windows/builtin/win_pass_the_hash.yml +++ b/rules/windows/builtin/win_pass_the_hash.yml @@ -18,15 +18,15 @@ logsource: detection: selection: - EventID: 4624 - LogonType: '3' - LogonProcessName: 'NtLmSsp' - WorkstationName: '%Workstations%' - ComputerName: '%Workstations%' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + WorkstationName: '%Workstations%' + ComputerName: '%Workstations%' - EventID: 4625 - LogonType: '3' - LogonProcessName: 'NtLmSsp' - WorkstationName: '%Workstations%' - ComputerName: '%Workstations%' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + WorkstationName: '%Workstations%' + ComputerName: '%Workstations%' filter: AccountName: 'ANONYMOUS LOGON' condition: selection and not filter diff --git a/rules/windows/builtin/win_pass_the_hash_2.yml b/rules/windows/builtin/win_pass_the_hash_2.yml index 82f26131..722637eb 100644 --- a/rules/windows/builtin/win_pass_the_hash_2.yml +++ b/rules/windows/builtin/win_pass_the_hash_2.yml @@ -19,13 +19,13 @@ logsource: detection: selection: - EventID: 4624 - SubjectUserSid: 'S-1-0-0' - LogonType: '3' - LogonProcessName: 'NtLmSsp' - KeyLength: '0' + SubjectUserSid: 'S-1-0-0' + LogonType: '3' + LogonProcessName: 'NtLmSsp' + KeyLength: '0' - EventID: 4624 - LogonType: '9' - LogonProcessName: 'seclogo' + LogonType: '9' + LogonProcessName: 'seclogo' filter: AccountName: 'ANONYMOUS LOGON' condition: selection and not filter diff --git a/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml b/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml index c1d677ee..25e6180c 100644 --- a/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml +++ b/rules/windows/builtin/win_register_new_logon_process_by_rubeus.yml @@ -17,7 +17,7 @@ logsource: detection: selection: - EventID: 4611 - LogonProcessName: 'User32LogonProcesss' + LogonProcessName: 'User32LogonProcesss' condition: selection falsepositives: - Unkown diff --git a/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml b/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml index 59ee3b4b..3bea7e2a 100644 --- a/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml +++ b/rules/windows/builtin/win_user_couldnt_call_privileged_service_lsaregisterlogonprocess.yml @@ -17,8 +17,8 @@ logsource: detection: selection: - EventID: 4673 - Service: 'LsaRegisterLogonProcess()' - Keywords: '0x8010000000000000' #failure + Service: 'LsaRegisterLogonProcess()' + Keywords: '0x8010000000000000' #failure condition: selection falsepositives: - Unkown diff --git a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml index 50f341af..eb7818e2 100644 --- a/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml +++ b/rules/windows/process_creation/win_copying_sensitive_files_with_credential_data.yml @@ -21,7 +21,7 @@ logsource: detection: selection: - Image|endswith: '\esentutl.exe' - CommandLine|contains: + CommandLine|contains: - 'vss' - ' /m ' - ' /y ' diff --git a/rules/windows/process_creation/win_new_service_creation.yml b/rules/windows/process_creation/win_new_service_creation.yml index e8a3c4bb..59ee6041 100644 --- a/rules/windows/process_creation/win_new_service_creation.yml +++ b/rules/windows/process_creation/win_new_service_creation.yml @@ -18,11 +18,11 @@ logsource: detection: selection: - Image|endswith: '\sc.exe' - CommandLine|contains|all: + CommandLine|contains|all: - 'create' - 'binpath' - Image|endswith: '\powershell.exe' - CommandLine|contains: 'new-service' + CommandLine|contains: 'new-service' condition: selection falsepositives: - Legitimate administrator or user creates a service for legitimate reason diff --git a/rules/windows/process_creation/win_powershell_downgrade_attack.yml b/rules/windows/process_creation/win_powershell_downgrade_attack.yml index 3d6c063f..12a8b950 100644 --- a/rules/windows/process_creation/win_powershell_downgrade_attack.yml +++ b/rules/windows/process_creation/win_powershell_downgrade_attack.yml @@ -2,7 +2,7 @@ title: PowerShell Downgrade Attack id: b3512211-c67e-4707-bedc-66efc7848863 related: - id: 6331d09b-4785-4c13-980f-f96661356249 - type: derived + type: derived status: experimental description: Detects PowerShell downgrade attack by comparing the host versions with the actually used engine version 2.0 references: diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index b363db33..bf53e1c8 100644 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -17,11 +17,11 @@ logsource: detection: selection: - EventID: 12 # key create - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one - TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' - EventType: 'CreateKey' # we don't want deletekey + # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + EventType: 'CreateKey' # we don't want deletekey - EventID: 14 # key rename - NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' + NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml index b88b0a87..1ea9cafc 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -21,9 +21,9 @@ detection: - 12 # key create - 13 # value set # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one - TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' + TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' - EventID: 14 # key rename - NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' + NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' condition: selection fields: - EventID diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml index f7cfcd8e..78e61989 100644 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -19,13 +19,13 @@ detection: - EventID: - 12 # key create - 13 # value set - TargetObject: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + TargetObject: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - EventID: 14 # key rename - NewName: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + NewName: + - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' + - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' condition: selection fields: - EventID From 002270537303e51b3ff1364b218abca10b97403f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 17 Jun 2020 16:09:33 +0200 Subject: [PATCH 488/714] fix: filter not functional since `UsrLogon.cmd` does appear only in `C:\Windows\system32\cmd.exe /c UsrLogon.cmd` command line --- .../sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml index 4efaaca3..255b18ac 100644 --- a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml +++ b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml @@ -25,9 +25,9 @@ detection: exec_exclusion1: Image: '*\explorer.exe' exec_exclusion2: - CommandLine: - - '*\netlogon.bat' - - '*\UsrLogon.cmd' + CommandLine|contains: + - 'netlogon.bat' + - 'UsrLogon.cmd' condition: exec_selection and not exec_exclusion1 and not exec_exclusion2 --- logsource: From 3b8fb9e3d8e10aed768b36bfcd6f84b90216b61b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:38:10 +0300 Subject: [PATCH 489/714] Disabling Security Tools --- rules/linux/lnx_disabling_security_tools.yml | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 rules/linux/lnx_disabling_security_tools.yml diff --git a/rules/linux/lnx_disabling_security_tools.yml b/rules/linux/lnx_disabling_security_tools.yml new file mode 100644 index 00000000..a8b03d99 --- /dev/null +++ b/rules/linux/lnx_disabling_security_tools.yml @@ -0,0 +1,34 @@ +title: Disabling Security Tools +id: e3a8a052-111f-4606-9aee-f28ebeb76776 +description: Detects disabling security tools +references: + - https://attack.mitre.org/techniques/T1089/ + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1089/T1089.md +author: Ömer Günal +date: 2020/06/17 +tags: + - attack.defense_evasion + - attack.t1089 +level: medium +logsource: + product: linux +detection: + keywords: + - Command|contains: + - 'service iptables stop' + - 'chkconfig off iptables' + - 'service ip6tables stop' + - 'chkconfig off ip6tables' + - CarbonBlack|contains: + - 'service cbdaemon stop' + - 'chkconfig off cbdaemon' + - 'systemctl stop cbdaemon' + - 'systemctl disable cbdaemon' + - SELinux: + - 'setenforce 0' + - Crowdstrike|contains: + - 'systemctl stop falcon-sensor.service' + - 'systemctl disable falcon-sensor.service' + condition: keywords +falsepositives: + - Legitimate administration activities From d0b66ab828048017310bf5bffd76f4982017c567 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:38:38 +0300 Subject: [PATCH 490/714] Space After Filename --- rules/linux/lnx_space_after_filename.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 rules/linux/lnx_space_after_filename.yml diff --git a/rules/linux/lnx_space_after_filename.yml b/rules/linux/lnx_space_after_filename.yml new file mode 100644 index 00000000..925b313a --- /dev/null +++ b/rules/linux/lnx_space_after_filename.yml @@ -0,0 +1,21 @@ +title: Space After Filename +id: 879c3015-c88b-4782-93d7-07adf92dbcb7 +description: Detects space after filename +references: + - https://attack.mitre.org/techniques/T1064/ +author: Ömer Günal +date: 2020/06/17 +tags: + - attack.execution + - attack.t1064 +level: low +logsource: + product: linux +detection: + selection1: + - 'echo "*" > * && chmod +x *' + selection2: + - 'mv * "* "' + condition: selection1 and selection2 +falsepositives: + - Typos From 9d285ecf74a954f5f3c87a73f6238a28b34d6696 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:39:00 +0300 Subject: [PATCH 491/714] Trap --- rules/linux/lnx_trap | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 rules/linux/lnx_trap diff --git a/rules/linux/lnx_trap b/rules/linux/lnx_trap new file mode 100644 index 00000000..2fa09e45 --- /dev/null +++ b/rules/linux/lnx_trap @@ -0,0 +1,19 @@ +title: trap +id: 6faa0d2c-5e4d-431c-b01f-cf447c913e4d +description: Detects Trap command usage +references: + - https://attack.mitre.org/techniques/T1154/ +author: Ömer Günal +date: 2020/06/17 +tags: + - attack.execution + - attack.t1154 +level: low +logsource: + product: linux +detection: + keyword: + - 'trap *' + condition: keyword +falsepositives: + - Legitimate administration activities From 772c03c49ae8b9ad55f81308ac200fd53601cce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:39:55 +0300 Subject: [PATCH 492/714] Connection Proxy --- rules/linux/lnx_connection_proxy | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 rules/linux/lnx_connection_proxy diff --git a/rules/linux/lnx_connection_proxy b/rules/linux/lnx_connection_proxy new file mode 100644 index 00000000..d688eace --- /dev/null +++ b/rules/linux/lnx_connection_proxy @@ -0,0 +1,20 @@ +title: Connection Proxy +id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c +description: Detects setting proxy +references: + - https://attack.mitre.org/techniques/T1090/ +author: Ömer Günal +date: 2020/06/17 +tags: + - attack.defense_evasion + - attack.t1154 +level: low +logsource: + product: linux +detection: + keyword: + - 'http_proxy=*' + - 'https_proxy=*' + condition: keyword +falsepositives: + - Legitimate administration activities From f989f7e15564024dc64610ceae54cb172c3fb5c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:43:49 +0300 Subject: [PATCH 493/714] file extension --- rules/linux/{lnx_connection_proxy => lnx_connection_proxy.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/linux/{lnx_connection_proxy => lnx_connection_proxy.yml} (100%) diff --git a/rules/linux/lnx_connection_proxy b/rules/linux/lnx_connection_proxy.yml similarity index 100% rename from rules/linux/lnx_connection_proxy rename to rules/linux/lnx_connection_proxy.yml From ebbd32d2e12484942b33bbbb5c5fddc53dc85ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:43:57 +0300 Subject: [PATCH 494/714] file extension --- rules/linux/{lnx_trap => lnx_trap.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename rules/linux/{lnx_trap => lnx_trap.yml} (100%) diff --git a/rules/linux/lnx_trap b/rules/linux/lnx_trap.yml similarity index 100% rename from rules/linux/lnx_trap rename to rules/linux/lnx_trap.yml From 7b86f4aefbdc67307233d2050d54c42794ccdec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:47:31 +0300 Subject: [PATCH 495/714] Update lnx_trap.yml --- rules/linux/lnx_trap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_trap.yml b/rules/linux/lnx_trap.yml index 2fa09e45..d8df8c2b 100644 --- a/rules/linux/lnx_trap.yml +++ b/rules/linux/lnx_trap.yml @@ -1,4 +1,4 @@ -title: trap +title: Trap usage id: 6faa0d2c-5e4d-431c-b01f-cf447c913e4d description: Detects Trap command usage references: From 99bfa14ae0494c0f7fdfcad4cff2d154c58b5e30 Mon Sep 17 00:00:00 2001 From: ecco Date: Wed, 17 Jun 2020 12:49:27 -0400 Subject: [PATCH 496/714] add 1 more FP --- rules/windows/sysmon/sysmon_wmi_module_load.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml index 3b6561ec..bee87eee 100644 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ b/rules/windows/sysmon/sysmon_wmi_module_load.yml @@ -37,6 +37,7 @@ detection: - '\SIHClient.exe' - '\msfeedssync.exe' - '\mmc.exe' + - '\MoUsoCoreWorker.exe' # in system32, seen on a win10 pro 2004 machine condition: selection and not filter fields: - ComputerName From 3a607abe3379d382766f7241f0cb9fe9a3a7d6d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Wed, 17 Jun 2020 19:51:53 +0300 Subject: [PATCH 497/714] Update lnx_trap.yml --- rules/linux/lnx_trap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_trap.yml b/rules/linux/lnx_trap.yml index d8df8c2b..bf370db5 100644 --- a/rules/linux/lnx_trap.yml +++ b/rules/linux/lnx_trap.yml @@ -1,4 +1,4 @@ -title: Trap usage +title: Trap Command Usage id: 6faa0d2c-5e4d-431c-b01f-cf447c913e4d description: Detects Trap command usage references: From b343df222577e3780048d42003f245a8cdf46948 Mon Sep 17 00:00:00 2001 From: Ivan Kirillov Date: Wed, 17 Jun 2020 11:31:40 -0600 Subject: [PATCH 498/714] Further subtechnique updates --- rules/windows/malware/win_mal_octopus_scanner.yml | 1 + .../process_creation/win_apt_lazarus_session_highjack.yml | 1 + .../windows/process_creation/win_commandline_path_traversal.yml | 1 + rules/windows/process_creation/win_hktl_createminidump.yml | 1 + rules/windows/process_creation/win_mal_adwind.yml | 1 + rules/windows/process_creation/win_susp_covenant.yml | 1 + rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml | 1 + rules/windows/sysmon/sysmon_hack_dumpert.yml | 1 + rules/windows/sysmon/sysmon_hack_wce.yml | 1 + .../sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml | 1 + rules/windows/sysmon/sysmon_susp_fax_dll.yml | 2 ++ 11 files changed, 12 insertions(+) diff --git a/rules/windows/malware/win_mal_octopus_scanner.yml b/rules/windows/malware/win_mal_octopus_scanner.yml index 4e7a5888..0c710eae 100644 --- a/rules/windows/malware/win_mal_octopus_scanner.yml +++ b/rules/windows/malware/win_mal_octopus_scanner.yml @@ -6,6 +6,7 @@ references: - https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain tags: - attack.t1195 + - attack.t1195.001 author: NVISO date: 2020/06/09 logsource: diff --git a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml index 7f074637..299c767e 100644 --- a/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml +++ b/rules/windows/process_creation/win_apt_lazarus_session_highjack.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1036 + - attack.t1036.005 author: Trent Liffick (@tliffick) date: 2020/06/03 logsource: diff --git a/rules/windows/process_creation/win_commandline_path_traversal.yml b/rules/windows/process_creation/win_commandline_path_traversal.yml index 772a615c..c1594ad9 100644 --- a/rules/windows/process_creation/win_commandline_path_traversal.yml +++ b/rules/windows/process_creation/win_commandline_path_traversal.yml @@ -9,6 +9,7 @@ references: - https://twitter.com/Oddvarmoe/status/1270633613449723905 tags: - attack.t1059 + - attack.t1059.003 - attack.execution logsource: category: process_creation diff --git a/rules/windows/process_creation/win_hktl_createminidump.yml b/rules/windows/process_creation/win_hktl_createminidump.yml index 6129c97a..aaecdcbd 100644 --- a/rules/windows/process_creation/win_hktl_createminidump.yml +++ b/rules/windows/process_creation/win_hktl_createminidump.yml @@ -9,6 +9,7 @@ date: 2019/12/22 tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 falsepositives: - Unknown level: high diff --git a/rules/windows/process_creation/win_mal_adwind.yml b/rules/windows/process_creation/win_mal_adwind.yml index 68cea191..d7f30acc 100644 --- a/rules/windows/process_creation/win_mal_adwind.yml +++ b/rules/windows/process_creation/win_mal_adwind.yml @@ -12,6 +12,7 @@ modified: 2018/12/11 tags: - attack.execution - attack.t1064 + - attack.t1059.005 detection: condition: selection level: high diff --git a/rules/windows/process_creation/win_susp_covenant.yml b/rules/windows/process_creation/win_susp_covenant.yml index 8f0f92a6..b73909f7 100644 --- a/rules/windows/process_creation/win_susp_covenant.yml +++ b/rules/windows/process_creation/win_susp_covenant.yml @@ -9,6 +9,7 @@ date: 2020/06/04 tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml index 3bb4c1aa..f5b6e57d 100644 --- a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml +++ b/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml @@ -10,6 +10,7 @@ references: tags: - attack.command_and_control - attack.t1071 + - attack.t1071.004 logsource: category: process_creation product: windows diff --git a/rules/windows/sysmon/sysmon_hack_dumpert.yml b/rules/windows/sysmon/sysmon_hack_dumpert.yml index 329cc720..443c8bf3 100644 --- a/rules/windows/sysmon/sysmon_hack_dumpert.yml +++ b/rules/windows/sysmon/sysmon_hack_dumpert.yml @@ -10,6 +10,7 @@ date: 2020/02/04 tags: - attack.credential_access - attack.t1003 + - attack.t1003.001 logsource: product: windows service: sysmon diff --git a/rules/windows/sysmon/sysmon_hack_wce.yml b/rules/windows/sysmon/sysmon_hack_wce.yml index 6432ea86..43fb3a47 100644 --- a/rules/windows/sysmon/sysmon_hack_wce.yml +++ b/rules/windows/sysmon/sysmon_hack_wce.yml @@ -9,6 +9,7 @@ date: 2019/12/31 tags: - attack.credential_access - attack.t1003 + - attack.t1558 - attack.s0005 falsepositives: - 'Another service that uses a single -s command line switch' diff --git a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml index 4efaaca3..1480db08 100644 --- a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml +++ b/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml @@ -7,6 +7,7 @@ references: - https://attack.mitre.org/techniques/T1037/ tags: - attack.t1037 + - attack.t1037.001 - attack.persistence - attack.lateral_movement author: Tom Ueltschi (@c_APT_ure) diff --git a/rules/windows/sysmon/sysmon_susp_fax_dll.yml b/rules/windows/sysmon/sysmon_susp_fax_dll.yml index 58fe49ee..14b91c1a 100644 --- a/rules/windows/sysmon/sysmon_susp_fax_dll.yml +++ b/rules/windows/sysmon/sysmon_susp_fax_dll.yml @@ -12,6 +12,8 @@ tags: - attack.t1073 - attack.t1038 - attack.t1112 + - attack.t1574.001 + - attack.t1574.002 logsource: product: windows service: sysmon From 69760f6446a612e359f8f3d52a1a3d797acc7e44 Mon Sep 17 00:00:00 2001 From: Ivan Kirillov Date: Wed, 17 Jun 2020 11:51:48 -0600 Subject: [PATCH 499/714] Added subtechniques to MITRE_TECHNIQUES --- tests/test_rules.py | 481 ++++++++++++++++++++------------------------ 1 file changed, 213 insertions(+), 268 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 752611ed..9b2e40d8 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -15,274 +15,219 @@ from colorama import Fore class TestRules(unittest.TestCase): MITRE_TECHNIQUES = [ - "t1001", - "t1002", - "t1003", - "t1004", - "t1005", - "t1006", - "t1007", - "t1008", - "t1009", - "t1010", - "t1011", - "t1012", - "t1013", - "t1014", - "t1015", - "t1016", - "t1017", - "t1018", - "t1019", - "t1020", - "t1021", - "t1022", - "t1023", - "t1024", - "t1025", - "t1026", - "t1027", - "t1028", - "t1029", - "t1030", - "t1031", - "t1032", - "t1033", - "t1034", - "t1035", - "t1036", - "t1037", - "t1038", - "t1039", - "t1040", - "t1041", - "t1042", - "t1043", - "t1044", - "t1045", - "t1046", - "t1047", - "t1048", - "t1049", - "t1050", - "t1051", - "t1052", - "t1053", - "t1054", - "t1055", - "t1056", - "t1057", - "t1058", - "t1059", - "t1060", - "t1061", - "t1062", - "t1063", - "t1064", - "t1065", - "t1066", - "t1067", - "t1068", - "t1069", - "t1070", - "t1071", - "t1072", - "t1073", - "t1074", - "t1075", - "t1076", - "t1077", - "t1078", - "t1079", - "t1080", - "t1081", - "t1082", - "t1083", - "t1084", - "t1085", - "t1086", - "t1087", - "t1088", - "t1089", - "t1090", - "t1091", - "t1092", - "t1093", - "t1094", - "t1095", - "t1096", - "t1097", - "t1098", - "t1099", - "t1100", - "t1101", - "t1102", - "t1103", - "t1104", - "t1105", - "t1106", - "t1107", - "t1108", - "t1109", - "t1110", - "t1111", - "t1112", - "t1113", - "t1114", - "t1115", - "t1116", - "t1117", - "t1118", - "t1119", - "t1120", - "t1121", - "t1122", - "t1123", - "t1124", - "t1125", - "t1126", - "t1127", - "t1128", - "t1129", - "t1130", - "t1131", - "t1132", - "t1133", - "t1134", - "t1135", - "t1136", - "t1137", - "t1138", - "t1139", - "t1140", - "t1141", - "t1142", - "t1143", - "t1144", - "t1145", - "t1146", - "t1147", - "t1148", - "t1149", - "t1150", - "t1151", - "t1152", - "t1153", - "t1154", - "t1155", - "t1156", - "t1157", - "t1158", - "t1159", - "t1160", - "t1161", - "t1162", - "t1163", - "t1164", - "t1165", - "t1166", - "t1167", - "t1168", - "t1169", - "t1170", - "t1171", - "t1172", - "t1173", - "t1174", - "t1175", - "t1176", - "t1177", - "t1178", - "t1179", - "t1180", - "t1181", - "t1182", - "t1183", - "t1184", - "t1185", - "t1186", - "t1187", - "t1188", - "t1189", - "t1190", - "t1191", - "t1192", - "t1193", - "t1194", - "t1195", - "t1196", - "t1197", - "t1198", - "t1199", - "t1200", - "t1201", - "t1202", - "t1203", - "t1204", - "t1205", - "t1206", - "t1207", - "t1208", - "t1209", - "t1210", - "t1211", - "t1212", - "t1213", - "t1214", - "t1215", - "t1216", - "t1217", - "t1218", - "t1219", - "t1220", - "t1221", - "t1222", - "t1223", - "t1377", - "t1480", - "t1482", - "t1482", - "t1483", - "t1484", - "t1485", - "t1486", - "t1487", - "t1488", - "t1489", - "t1490", - "t1491", - "t1492", - "t1493", - "t1494", - "t1495", - "t1496", - "t1497", - "t1498", - "t1499", - "t1500", - "t1501", - "t1502", - "t1503", - "t1504", - "t1505", - "t1506", - "t1514", - "t1518", - "t1519", - "t1522", - "t1525", - "t1526", - "t1527", - "t1528", - "t1529", - "t1530", - "t1531", - "t1534", - "t1535", - "t1536", - "t1537", - "t1538", - "t1539", + "t1002", + "t1003", + "t1003.001", + "t1003.002", + "t1003.003", + "t1003.004", + "t1003.005", + "t1003.006", + "t1004", + "t1005", + "t1006", + "t1007", + "t1009", + "t1011", + "t1012", + "t1015", + "t1016", + "t1018", + "t1020", + "t1021", + "t1021.001", + "t1021.002", + "t1021.003", + "t1021.006", + "t1023", + "t1027", + "t1028", + "t1031", + "t1033", + "t1035", + "t1036", + "t1036.005", + "t1037", + "t1037.001", + "t1038", + "t1040", + "t1041", + "t1042", + "t1043", + "t1046", + "t1047", + "t1048", + "t1049", + "t1050", + "t1053", + "t1053.002", + "t1053.005", + "t1054", + "t1055", + "t1056", + "t1057", + "t1058", + "t1059", + "t1059.001", + "t1059.003", + "t1059.004", + "t1059.005", + "t1059.006", + "t1060", + "t1064", + "t1066", + "t1067", + "t1068", + "t1069", + "t1070", + "t1071", + "t1071.004", + "t1073", + "t1074", + "t1075", + "t1076", + "t1077", + "t1078", + "t1081", + "t1082", + "t1083", + "t1084", + "t1085", + "t1086", + "t1087", + "t1088", + "t1089", + "t1090", + "t1091", + "t1096", + "t1098", + "t1099", + "t1100", + "t1102", + "t1103", + "t1105", + "t1107", + "t1110", + "t1112", + "t1114", + "t1117", + "t1118", + "t1121", + "t1122", + "t1123", + "t1124", + "t1127", + "t1128", + "t1130", + "t1133", + "t1134", + "t1134.005", + "t1135", + "t1136", + "t1137", + "t1138", + "t1139", + "t1140", + "t1145", + "t1146", + "t1156", + "t1158", + "t1168", + "t1169", + "t1170", + "t1171", + "t1175", + "t1177", + "t1178", + "t1182", + "t1183", + "t1190", + "t1191", + "t1193", + "t1195", + "t1195.001", + "t1196", + "t1197", + "t1200", + "t1201", + "t1202", + "t1203", + "t1204", + "t1207", + "t1208", + "t1210", + "t1211", + "t1212", + "t1218", + "t1218.001", + "t1218.005", + "t1218.010", + "t1218.011", + "t1219", + "t1220", + "t1222", + "t1223", + "t1482", + "t1485", + "t1487", + "t1488", + "t1489", + "t1490", + "t1492", + "t1493", + "t1495", + "t1499", + "t1500", + "t1501", + "t1505", + "t1505.003", + "t1537", + "t1542.003", + "t1543.002", + "t1543.003", + "t1546.001", + "t1546.003", + "t1546.004", + "t1546.007", + "t1546.008", + "t1546.009", + "t1546.010", + "t1546.011", + "t1546.012", + "t1546.015", + "t1547.001", + "t1547.004", + "t1547.008", + "t1547.009", + "t1548.002", + "t1550.002", + "t1551", + "t1551.003", + "t1551.004", + "t1551.006", + "t1552.001", + "t1552.003", + "t1552.004", + "t1553.004", + "t1557.001", + "t1558", + "t1558.003", + "t1559.001", + "t1560", + "t1561.001", + "t1561.002", + "t1562.001", + "t1562.006", + "t1564.001", + "t1564.004", + "t1565.001", + "t1565.002", + "t1566.001", + "t1569.002", + "t1571", + "t1574.001", + "t1574.002", + "t1574.011", ] MITRE_TECHNIQUE_NAMES = ["process_injection", "signed_binary_proxy_execution", "process_injection"] # incomplete list MITRE_TACTICS = ["initial_access", "execution", "persistence", "privilege_escalation", "defense_evasion", "credential_access", "discovery", "lateral_movement", "collection", "exfiltration", "command_and_control", "impact", "launch"] From 203aa192c7d253d3cc52298a310d3ed374bf25fa Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Thu, 18 Jun 2020 13:01:31 -0400 Subject: [PATCH 500/714] Fix multiple references to default field mapping in same rule If there is a default mapping specified for a fieldmapping and that field is referenced multiple times in the rule, the default mapping will be "pop"ped and return the unmapped key on subsequent uses. Don't pop the value. Just return the first entry. --- tools/sigma/config/mapping.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/config/mapping.py b/tools/sigma/config/mapping.py index 7d337416..28ff2877 100644 --- a/tools/sigma/config/mapping.py +++ b/tools/sigma/config/mapping.py @@ -125,9 +125,9 @@ class ConditionalFieldMapping(SimpleFieldMapping): if len(targets) == 1: # result set contains only one target, return mapped item (like SimpleFieldMapping) if value is None: - return ConditionNULLValue(val=targets.pop()) + return ConditionNULLValue(val=targets[0]) else: - return (targets.pop(), value) + return (targets[0], value) elif len(targets) > 1: # result set contains multiple targets, return all linked as OR condition (like MultiFieldMapping) cond = ConditionOR() for target in targets: From c6c455a3ec2ef9761fc7605249d504a83512a335 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:37:49 +0300 Subject: [PATCH 501/714] Remote file copy --- rules/linux/lnx_file_copy.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 rules/linux/lnx_file_copy.yml diff --git a/rules/linux/lnx_file_copy.yml b/rules/linux/lnx_file_copy.yml new file mode 100644 index 00000000..0a1a8995 --- /dev/null +++ b/rules/linux/lnx_file_copy.yml @@ -0,0 +1,28 @@ +title: Remote File Copy +id: 7a14080d-a048-4de8-ae58-604ce58a795b +description: Detects using remote file copy tools +references: + - https://attack.mitre.org/techniques/T1105/ +author: Ömer Günal +date: 2020/06/18 +tags: + - attack.command_and_control + - attack.laterel_movement + - attack.t1105 +level: low +logsource: + product: linux +detection: + keywords: + - Scp|contains: + - 'scp * *@*:*' + - 'scp *@*:* *' + - Rsync|contains: + - 'rsync -r *@*:* *' + - 'rsync -r * *@*:*' + - Sftp|contains: + - 'sftp *@*:* *' + - 'sftp *@*:* *' + condition: keywords +falsepositives: + - Legitimate administration activities From c4a1e853bcd20e0951dff42aae15cf61bc0ff1ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:47:53 +0300 Subject: [PATCH 502/714] Remote file copy --- .../windows/process_creation/remote_copy.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/windows/process_creation/remote_copy.yml diff --git a/rules/windows/process_creation/remote_copy.yml b/rules/windows/process_creation/remote_copy.yml new file mode 100644 index 00000000..b49edd94 --- /dev/null +++ b/rules/windows/process_creation/remote_copy.yml @@ -0,0 +1,27 @@ +title: Remote File Copy +id: c87972e1-4594-421f-a229-8811e90ab4f2 +status: experimental +description: Detects a suspicious remote copy behavior +references: + - https://attack.mitre.org/techniques/T1105/ +author: Ömer Günal +date: 2020/06/18 +tags: + - attack.lateral_movement + - attack.command_and_control + - attack.t1105 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains: + - 'cmd /c certutil -urlcache -split -f * *' + - 'certutil -verifyctl -split -f *' + - 'C:\Windows\System32\bitsadmin.exe /transfer * /Priority HIGH * *' + condition: selection +fields: + - CommandLine +falsepositives: + - Administrative scripts +level: high From 84c468360797bba4fd4c42a45d371b73cfd55bd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:53:43 +0300 Subject: [PATCH 503/714] Delete lnx_connection_proxy.yml --- rules/linux/lnx_connection_proxy.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 rules/linux/lnx_connection_proxy.yml diff --git a/rules/linux/lnx_connection_proxy.yml b/rules/linux/lnx_connection_proxy.yml deleted file mode 100644 index d688eace..00000000 --- a/rules/linux/lnx_connection_proxy.yml +++ /dev/null @@ -1,20 +0,0 @@ -title: Connection Proxy -id: 72f4ab3f-787d-495d-a55d-68c2ff46cf4c -description: Detects setting proxy -references: - - https://attack.mitre.org/techniques/T1090/ -author: Ömer Günal -date: 2020/06/17 -tags: - - attack.defense_evasion - - attack.t1154 -level: low -logsource: - product: linux -detection: - keyword: - - 'http_proxy=*' - - 'https_proxy=*' - condition: keyword -falsepositives: - - Legitimate administration activities From 6c8d104e7df70de8d2d4f4444ec59a8f47dc72fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:54:06 +0300 Subject: [PATCH 504/714] Delete lnx_disabling_security_tools.yml --- rules/linux/lnx_disabling_security_tools.yml | 34 -------------------- 1 file changed, 34 deletions(-) delete mode 100644 rules/linux/lnx_disabling_security_tools.yml diff --git a/rules/linux/lnx_disabling_security_tools.yml b/rules/linux/lnx_disabling_security_tools.yml deleted file mode 100644 index a8b03d99..00000000 --- a/rules/linux/lnx_disabling_security_tools.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: Disabling Security Tools -id: e3a8a052-111f-4606-9aee-f28ebeb76776 -description: Detects disabling security tools -references: - - https://attack.mitre.org/techniques/T1089/ - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1089/T1089.md -author: Ömer Günal -date: 2020/06/17 -tags: - - attack.defense_evasion - - attack.t1089 -level: medium -logsource: - product: linux -detection: - keywords: - - Command|contains: - - 'service iptables stop' - - 'chkconfig off iptables' - - 'service ip6tables stop' - - 'chkconfig off ip6tables' - - CarbonBlack|contains: - - 'service cbdaemon stop' - - 'chkconfig off cbdaemon' - - 'systemctl stop cbdaemon' - - 'systemctl disable cbdaemon' - - SELinux: - - 'setenforce 0' - - Crowdstrike|contains: - - 'systemctl stop falcon-sensor.service' - - 'systemctl disable falcon-sensor.service' - condition: keywords -falsepositives: - - Legitimate administration activities From f10440b9fa9659e97896f37600c4c04408d1cc1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:54:20 +0300 Subject: [PATCH 505/714] Delete lnx_setuid_setgid.yml --- rules/linux/lnx_setuid_setgid.yml | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 rules/linux/lnx_setuid_setgid.yml diff --git a/rules/linux/lnx_setuid_setgid.yml b/rules/linux/lnx_setuid_setgid.yml deleted file mode 100644 index 9b8d2e5c..00000000 --- a/rules/linux/lnx_setuid_setgid.yml +++ /dev/null @@ -1,24 +0,0 @@ -title: Setuid and Setgid -id: c21c4eaa-ba2e-419a-92b2-8371703cbe21 -description: Detects suspicious change of file privileges with chown and chmod commands -references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1166/T1166.md - - https://attack.mitre.org/techniques/T1166/ -author: Ömer Günal -date: 2020/06/16 -tags: - - attack.persistence - - attack.t1169 -level: low -logsource: - product: linux -detection: - selection1: - - '*chown root*' - selection2: - - '* chmod u+s*' - selection3: - - '* chmod g+s*' - condition: (selection1 and selection2) or (selection1 and selection3) -falsepositives: - - Legitimate administration activities From 5bc72b6cbaefb0b0a07fed7b5bef046cc156a827 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:54:28 +0300 Subject: [PATCH 506/714] Delete lnx_space_after_filename.yml --- rules/linux/lnx_space_after_filename.yml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 rules/linux/lnx_space_after_filename.yml diff --git a/rules/linux/lnx_space_after_filename.yml b/rules/linux/lnx_space_after_filename.yml deleted file mode 100644 index 925b313a..00000000 --- a/rules/linux/lnx_space_after_filename.yml +++ /dev/null @@ -1,21 +0,0 @@ -title: Space After Filename -id: 879c3015-c88b-4782-93d7-07adf92dbcb7 -description: Detects space after filename -references: - - https://attack.mitre.org/techniques/T1064/ -author: Ömer Günal -date: 2020/06/17 -tags: - - attack.execution - - attack.t1064 -level: low -logsource: - product: linux -detection: - selection1: - - 'echo "*" > * && chmod +x *' - selection2: - - 'mv * "* "' - condition: selection1 and selection2 -falsepositives: - - Typos From 8db7c3207ab039d71fe8121502b8698f6f2a8c5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:54:43 +0300 Subject: [PATCH 507/714] Delete lnx_sudo_caching.yml --- rules/linux/lnx_sudo_caching.yml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 rules/linux/lnx_sudo_caching.yml diff --git a/rules/linux/lnx_sudo_caching.yml b/rules/linux/lnx_sudo_caching.yml deleted file mode 100644 index b0e72e32..00000000 --- a/rules/linux/lnx_sudo_caching.yml +++ /dev/null @@ -1,21 +0,0 @@ -title: Sudo Caching -id: 67150558-c02a-457f-8dee-99b2201c0877 -description: Detects sudo caching attempt -references: - - https://attack.mitre.org/techniques/T1206/ - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1206/T1206.md -author: Ömer Günal -date: 2020/06/16 -tags: - - attack.privilege_escalation - - attack.t1206 -level: medium -logsource: - product: linux -detection: - keywords: - - 'sudo sh -c "echo Defaults *tty_tickets >> /etc/sudoers"' - - 'sudo visudo -c -f /etc/sudoers' - condition: keywords -falsepositives: - - Unknown From d87b0c95a477d75fb87bd3ce4d382a1eb2e42ff9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:55:16 +0300 Subject: [PATCH 508/714] Delete lnx_trap.yml --- rules/linux/lnx_trap.yml | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 rules/linux/lnx_trap.yml diff --git a/rules/linux/lnx_trap.yml b/rules/linux/lnx_trap.yml deleted file mode 100644 index bf370db5..00000000 --- a/rules/linux/lnx_trap.yml +++ /dev/null @@ -1,19 +0,0 @@ -title: Trap Command Usage -id: 6faa0d2c-5e4d-431c-b01f-cf447c913e4d -description: Detects Trap command usage -references: - - https://attack.mitre.org/techniques/T1154/ -author: Ömer Günal -date: 2020/06/17 -tags: - - attack.execution - - attack.t1154 -level: low -logsource: - product: linux -detection: - keyword: - - 'trap *' - condition: keyword -falsepositives: - - Legitimate administration activities From 40a07a2d4f39def2f2b4684041f2318e8f861f5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Thu, 18 Jun 2020 23:55:24 +0300 Subject: [PATCH 509/714] Delete lnx_sudo_enumeration.yml --- rules/linux/lnx_sudo_enumeration.yml | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 rules/linux/lnx_sudo_enumeration.yml diff --git a/rules/linux/lnx_sudo_enumeration.yml b/rules/linux/lnx_sudo_enumeration.yml deleted file mode 100644 index e94cec87..00000000 --- a/rules/linux/lnx_sudo_enumeration.yml +++ /dev/null @@ -1,20 +0,0 @@ -title: Sudo Enumeration Commands -id: c21c4eaa-ba2e-419a-92b2-8371703cbe21 -description: Detects an attempt to gather information about high-privileged users -references: - - https://github.com/redcanaryco/atomic-red-team/blob/1ea8c4616ce373f6aea37a5f56a34157684d9e82/atomics/T1169/T1169.md -author: Ömer Günal -date: 2020/06/16 -tags: - - attack.privilege_escalation - - attack.t1169 -level: low -logsource: - product: linux -detection: - keywords: - - 'cat /etc/sudoers' - - 'vim /etc/sudoers' - condition: keywords -falsepositives: - - Unknown From da060bfb90fac105e51045d2a41952b07e00bdcb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 09:36:54 +0200 Subject: [PATCH 510/714] Ke3chang rule --- .../win_apt_ke3chang_regadd.yml | 31 +++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_ke3chang_regadd.yml diff --git a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml new file mode 100644 index 00000000..e7bd1d98 --- /dev/null +++ b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml @@ -0,0 +1,31 @@ +title: Ke3chang Registry Key Modifications +id: 7b544661-69fc-419f-9a59-82ccc328f205 +status: experimental +description: Detects Registry modifcations performaed by Ke3chang malware in campaigns running in 2019 and 2020 +references: + - https://www.verfassungsschutz.de/embed/broschuere-2020-06-bfv-cyber-brief-2020-01.pdf + - https://unit42.paloaltonetworks.com/operation-ke3chang-resurfaces-with-new-tidepool-malware/ +tags: + - attack.g0004 + - attack.t1059 + - attack.t1089 +author: Markus Neis, Swisscom +date: 2020/06/18 +logsource: + category: process_creation + product: windows +detection: + selection1: + # Ke3chang and TidePool both modify the IEHarden registry key, as well as the following list of keys. + # Setting these registry keys is unique to the Ke3chang and TidePool malware families. + # HKCU\Software\Microsoft\Internet Explorer\Main\Check_Associations + # HKCU\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize + # HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden + CommandLine|contains: + - '-Property DWORD -name DisableFirstRunCustomize -value 2 -Force' + - '-Property String -name Check_Associations -value' + - '-Property DWORD -name IEHarden -value 0 -Force' + condition: selection1 +falsepositives: + - Will need to be looked for combinations of those processes +level: critical From b8a5cd478739d97208a6df192ba4634d4e0ab665 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 09:37:10 +0200 Subject: [PATCH 511/714] Disabled IE Security Features --- .../win_susp_disable_ie_features.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_disable_ie_features.yml diff --git a/rules/windows/process_creation/win_susp_disable_ie_features.yml b/rules/windows/process_creation/win_susp_disable_ie_features.yml new file mode 100644 index 00000000..be5d9791 --- /dev/null +++ b/rules/windows/process_creation/win_susp_disable_ie_features.yml @@ -0,0 +1,26 @@ +title: Disabling IE Security Features +id: fb50eb7a-5ab1-43ae-bcc9-091818cb8424 +status: experimental +description: Detects command lines that indicate unwanted modifications to registry keys that disable important Internet Explorer security features +references: + - https://unit42.paloaltonetworks.com/operation-ke3chang-resurfaces-with-new-tidepool-malware/ +tags: + - attack.t1089 +author: Florian Roth +date: 2020/06/19 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains|all: + - ' -name IEHarden ' + - ' -value 0 ' + selection2: + CommandLine|contains|all: + - ' -name DEPOff ' + - ' -value 1 ' + condition: 1 of them +falsepositives: + - Unknown, maybe some security software installer disables these features temporarily +level: high From 5cb6f5da9d0b1b8409ae29a319e66b6aaa79c029 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 09:39:11 +0200 Subject: [PATCH 512/714] fix: title adjusted --- rules/windows/process_creation/win_susp_disable_ie_features.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_disable_ie_features.yml b/rules/windows/process_creation/win_susp_disable_ie_features.yml index be5d9791..416ef0ce 100644 --- a/rules/windows/process_creation/win_susp_disable_ie_features.yml +++ b/rules/windows/process_creation/win_susp_disable_ie_features.yml @@ -1,4 +1,4 @@ -title: Disabling IE Security Features +title: Disabled IE Security Features id: fb50eb7a-5ab1-43ae-bcc9-091818cb8424 status: experimental description: Detects command lines that indicate unwanted modifications to registry keys that disable important Internet Explorer security features From 62632db818d33faa80a239b13439173ba5d97efb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 09:53:35 +0200 Subject: [PATCH 513/714] refactor: added variant to IE rule --- .../process_creation/win_susp_disable_ie_features.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_susp_disable_ie_features.yml b/rules/windows/process_creation/win_susp_disable_ie_features.yml index 416ef0ce..802e832a 100644 --- a/rules/windows/process_creation/win_susp_disable_ie_features.yml +++ b/rules/windows/process_creation/win_susp_disable_ie_features.yml @@ -13,13 +13,17 @@ logsource: product: windows detection: selection1: - CommandLine|contains|all: + CommandLine|contains|all: - ' -name IEHarden ' - ' -value 0 ' selection2: - CommandLine|contains|all: + CommandLine|contains|all: - ' -name DEPOff ' - - ' -value 1 ' + - ' -value 1 ' + selection3: + CommandLine|contains|all: + - ' -name DisableFirstRunCustomize ' + - ' -value 2 ' condition: 1 of them falsepositives: - Unknown, maybe some security software installer disables these features temporarily From e1225784f7abf7e22aa4f32ce3b950bb9d7cedf6 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 09:54:08 +0200 Subject: [PATCH 514/714] fix: fixed indentation --- rules/windows/process_creation/win_apt_ke3chang_regadd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml index e7bd1d98..f6b09821 100644 --- a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml +++ b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml @@ -21,7 +21,7 @@ detection: # HKCU\Software\Microsoft\Internet Explorer\Main\Check_Associations # HKCU\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize # HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden - CommandLine|contains: + CommandLine|contains: - '-Property DWORD -name DisableFirstRunCustomize -value 2 -Force' - '-Property String -name Check_Associations -value' - '-Property DWORD -name IEHarden -value 0 -Force' From 912ad9477184eb63069ecee1418fdf028d83b673 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 19 Jun 2020 10:00:44 +0200 Subject: [PATCH 515/714] fix: missing ATT&CK id in tests --- tests/test_rules.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index 9b2e40d8..0fd01c1f 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -116,6 +116,7 @@ class TestRules(unittest.TestCase): "t1122", "t1123", "t1124", + "t1125", "t1127", "t1128", "t1130", From d17e0ae6ebe2ae2d8b487a074b2585fbdb3560f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Sat, 20 Jun 2020 23:04:52 +0300 Subject: [PATCH 516/714] typo --- rules/linux/lnx_file_copy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_file_copy.yml b/rules/linux/lnx_file_copy.yml index 0a1a8995..9bbee983 100644 --- a/rules/linux/lnx_file_copy.yml +++ b/rules/linux/lnx_file_copy.yml @@ -7,7 +7,7 @@ author: Ömer Günal date: 2020/06/18 tags: - attack.command_and_control - - attack.laterel_movement + - attack.lateral_movement - attack.t1105 level: low logsource: From b091e3b1c475f32f2e7c923892744c8f9ac50eb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20=C3=87ALI=C5=9EKAN?= Date: Mon, 22 Jun 2020 01:06:34 +0300 Subject: [PATCH 517/714] Update for new method Update for method mentioned in https://ired.team/offensive-security/code-execution/code-execution-through-control-panel-add-ins --- .../process_creation/win_control_panel_item.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/rules/windows/process_creation/win_control_panel_item.yml b/rules/windows/process_creation/win_control_panel_item.yml index f1b50d7e..214171b0 100644 --- a/rules/windows/process_creation/win_control_panel_item.yml +++ b/rules/windows/process_creation/win_control_panel_item.yml @@ -1,27 +1,34 @@ title: Control Panel Items id: 0ba863e6-def5-4e50-9cea-4dd8c7dc46a4 status: experimental -description: Detects the use of a control panel item (.cpl) outside of the System32 folder +description: Detects the malicious use of a control panel item reference: - https://attack.mitre.org/techniques/T1196/ + - https://ired.team/offensive-security/code-execution/code-execution-through-control-panel-add-ins tags: - attack.execution - attack.t1196 - attack.defense_evasion - attack.t1218 -author: Kyaw Min Thein -date: 2019/08/27 +author: Kyaw Min Thein, Furkan Caliskan (@caliskanfurkan_) +date: 2020/06/22 level: critical logsource: product: windows category: process_creation detection: - selection: + selection1: CommandLine: '*.cpl' filter: CommandLine: - '*\System32\\*' - '*%System%*' - condition: selection and not filter + selection2: + CommandLine: + - '*reg add*' + selection3: + CommandLine: + - '*CurrentVersion\\Control Panel\\CPLs*' + condition: (selection1 and not filter) or (selection2 and selection3) falsepositives: - Unknown From 4eb97ec43d103726e6c43dd8aed8cf9b929b0828 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Mon, 22 Jun 2020 21:35:50 +0300 Subject: [PATCH 518/714] Update lnx_file_copy.yml --- rules/linux/lnx_file_copy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/linux/lnx_file_copy.yml b/rules/linux/lnx_file_copy.yml index 9bbee983..3c1f9060 100644 --- a/rules/linux/lnx_file_copy.yml +++ b/rules/linux/lnx_file_copy.yml @@ -22,7 +22,6 @@ detection: - 'rsync -r * *@*:*' - Sftp|contains: - 'sftp *@*:* *' - - 'sftp *@*:* *' condition: keywords falsepositives: - Legitimate administration activities From d385cbfa69b76b66cfed2ae9aeece6096da2db51 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 22 Jun 2020 15:31:03 -0400 Subject: [PATCH 519/714] Fix quoting for AD Object WriteDAC Access The AccessMask field needs to be quoted so that it is compared correctly. --- rules/windows/builtin/win_ad_object_writedac_access.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_ad_object_writedac_access.yml b/rules/windows/builtin/win_ad_object_writedac_access.yml index 5f732c52..b1e89e40 100644 --- a/rules/windows/builtin/win_ad_object_writedac_access.yml +++ b/rules/windows/builtin/win_ad_object_writedac_access.yml @@ -16,7 +16,7 @@ detection: selection: EventID: 4662 ObjectServer: 'DS' - AccessMask: 0x40000 + AccessMask: '0x40000' ObjectType: - '19195a5b-6da0-11d0-afd3-00c04fd930c9' - 'domainDNS' From c3ffa0b9d3bcf4979d474e3daaf56f1113e035fe Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 24 Jun 2020 17:04:04 +0200 Subject: [PATCH 520/714] fix: duplicate IDs --- rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml | 2 +- rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml | 2 +- rules/windows/sysmon/sysmon_etw_disabled.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml index 12e1eb4d..5fb3eab7 100644 --- a/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml +++ b/rules/network/zeek/zeek_smb_converted_win_atsvc_task.yml @@ -1,5 +1,5 @@ title: Remote Task Creation via ATSVC Named Pipe - Zeek -id: f6de6525-4509-495a-8a82-1f8b0ed73a00 +id: dde85b37-40cd-4a94-b00c-0b8794f956b5 description: Detects remote task creation via at.exe or API interacting with ATSVC namedpipe author: 'Samir Bousseaden, @neu5rn' date: 2020/04/03 diff --git a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml index 34b90aa1..c6649af6 100644 --- a/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml +++ b/rules/network/zeek/zeek_smb_converted_win_lm_namedpipe.yml @@ -1,5 +1,5 @@ title: First Time Seen Remote Named Pipe - Zeek -id: 52d8b0c6-53d6-439a-9e41-52ad442ad9ad +id: 021310d9-30a6-480a-84b7-eaa69aeb92bb description: This detection excludes known namped pipes accessible remotely and notify on newly observed ones, may help to detect lateral movement and remote exec using named pipes author: 'Samir Bousseaden, @neu5ron' date: 2020/04/02 diff --git a/rules/windows/sysmon/sysmon_etw_disabled.yml b/rules/windows/sysmon/sysmon_etw_disabled.yml index 98560fdf..66d27435 100644 --- a/rules/windows/sysmon/sysmon_etw_disabled.yml +++ b/rules/windows/sysmon/sysmon_etw_disabled.yml @@ -1,5 +1,5 @@ title: COMPlus_ETWEnabled Registry Modification -id: 41421f44-58f9-455d-838a-c398859841d4 +id: bf4fc428-dcc3-4bbd-99fe-2422aeee2544 status: experimental description: Potential adversaries stopping ETW providers recording loaded .NET assemblies. references: From f3fedef8f539f91dfd12951b52a3c057f3cbb08b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 24 Jun 2020 17:41:21 +0200 Subject: [PATCH 521/714] Changed category names and remove sysmon log source --- .../sysmon_susp_driver_load.yml | 3 +-- .../sysmon_creation_system_file.yml | 3 +-- .../sysmon_cred_dump_tools_dropped_files.yml | 3 +-- .../sysmon_ghostpack_safetykatz.yml | 3 +-- .../{file_creation => file_event}/sysmon_hack_dumpert.yml | 3 +-- .../sysmon_lsass_memory_dump_file_creation.yml | 3 +-- .../sysmon_powershell_exploit_scripts.yml | 3 +-- .../sysmon_quarkspw_filedump.yml | 3 +-- .../sysmon_susp_adsi_cache_usage.yml | 3 +-- .../sysmon_susp_desktop_ini.yml | 3 +-- ...ysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 3 +-- .../sysmon_tsclient_filewrite_startup.yml | 3 +-- .../sysmon_webshell_creation_detect.yml | 3 +-- .../sysmon_wmi_persistence_script_event_consumer_write.yml | 1 - .../sysmon_in_memory_powershell.yml | 3 +-- .../sysmon_mimikatz_inmemory_detection.yml | 3 +-- .../sysmon_powershell_execution_moduleload.yml | 3 +-- .../{image_loaded => image_load}/sysmon_susp_image_load.yml | 3 +-- .../sysmon_susp_office_dotnet_assembly_dll_load.yml | 3 +-- .../sysmon_susp_office_dotnet_clr_dll_load.yml | 3 +-- .../sysmon_susp_office_dotnet_gac_dll_load.yml | 3 +-- .../sysmon_susp_office_dsparse_dll_load.yml | 3 +-- .../sysmon_susp_office_kerberos_dll_load.yml | 3 +-- .../sysmon_susp_winword_vbadll_load.yml | 3 +-- .../sysmon_susp_winword_wmidll_load.yml | 3 +-- .../sysmon_suspicious_dbghelp_dbgcore_load.yml | 3 +-- .../sysmon_svchost_dll_search_order_hijack.yml | 3 +-- .../sysmon_unsigned_image_loaded_into_lsass.yml | 3 +-- .../{image_loaded => image_load}/sysmon_wmi_module_load.yml | 3 +-- .../sysmon_wmi_persistence_commandline_event_consumer.yml | 1 - .../network_connection/sysmon_malware_backconnect_ports.yml | 1 - .../sysmon_notepad_network_connection.yml | 1 - .../sysmon_powershell_network_connection.yml | 1 - .../network_connection/sysmon_rdp_reverse_tunnel.yml | 1 - .../sysmon_remote_powershell_session_network.yml | 1 - .../network_connection/sysmon_rundll32_net_connections.yml | 1 - .../sysmon_susp_prog_location_network_connection.yml | 1 - rules/windows/network_connection/sysmon_susp_rdp.yml | 1 - .../sysmon_suspicious_outbound_kerberos_connection.yml | 1 - .../network_connection/sysmon_win_binary_github_com.yml | 1 - .../network_connection/sysmon_win_binary_susp_com.yml | 1 - rules/windows/process_access/sysmon_cmstp_execution.yml | 1 - .../process_access/sysmon_cred_dump_lsass_access.yml | 1 - .../process_access/sysmon_in_memory_assembly_execution.yml | 1 - rules/windows/process_access/sysmon_invoke_phantom.yml | 1 - rules/windows/process_access/sysmon_lsass_memdump.yml | 1 - .../process_access/sysmon_malware_verclsid_shellcode.yml | 1 - .../windows/process_access/sysmon_mimikatz_trough_winrm.yml | 1 - .../registry_event/sysmon_apt_oceanlotus_registry.yml | 1 - rules/windows/registry_event/sysmon_apt_pandemic.yml | 1 - .../registry_event/sysmon_asep_reg_keys_modification.yml | 1 - rules/windows/registry_event/sysmon_cmstp_execution.yml | 1 - rules/windows/registry_event/sysmon_dhcp_calloutdll.yml | 1 - ...isable_security_events_logging_adding_reg_key_minint.yml | 1 - .../registry_event/sysmon_dns_serverlevelplugindll.yml | 1 - rules/windows/registry_event/sysmon_hack_wce.yml | 1 - .../registry_event/sysmon_narrator_feedback_persistance.yml | 1 - .../sysmon_new_dll_added_to_appcertdlls_registry_key.yml | 1 - .../sysmon_new_dll_added_to_appinit_dlls_registry_key.yml | 1 - ...escalation_via_service_registry_permissions_weakness.yml | 1 - .../registry_event/sysmon_rdp_registry_modification.yml | 1 - rules/windows/registry_event/sysmon_rdp_settings_hijack.yml | 1 - .../sysmon_registry_persistence_key_linking.yml | 1 - .../sysmon_registry_persistence_search_order.yml | 1 - .../sysmon_registry_trust_record_modification.yml | 1 - .../windows/registry_event/sysmon_ssp_added_lsa_config.yml | 1 - .../registry_event/sysmon_stickykey_like_backdoor.yml | 1 - .../windows/registry_event/sysmon_susp_download_run_key.yml | 1 - .../registry_event/sysmon_susp_reg_persist_explorer_run.yml | 1 - .../registry_event/sysmon_susp_run_key_img_folder.yml | 1 - .../registry_event/sysmon_susp_service_installed.yml | 1 - .../sysmon_suspicious_keyboard_layout_load.yml | 1 - .../registry_event/sysmon_sysinternals_eula_accepted.yml | 1 - rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml | 1 - rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml | 1 - rules/windows/registry_event/sysmon_win_reg_persistence.yml | 1 - tools/config/generic/sysmon.yml | 6 +++--- 77 files changed, 31 insertions(+), 107 deletions(-) rename rules/windows/{driver_loaded => driver_load}/sysmon_susp_driver_load.yml (90%) rename rules/windows/{file_creation => file_event}/sysmon_creation_system_file.yml (97%) rename rules/windows/{file_creation => file_event}/sysmon_cred_dump_tools_dropped_files.yml (96%) rename rules/windows/{file_creation => file_event}/sysmon_ghostpack_safetykatz.yml (90%) rename rules/windows/{file_creation => file_event}/sysmon_hack_dumpert.yml (94%) rename rules/windows/{file_creation => file_event}/sysmon_lsass_memory_dump_file_creation.yml (94%) rename rules/windows/{file_creation => file_event}/sysmon_powershell_exploit_scripts.yml (98%) rename rules/windows/{file_creation => file_event}/sysmon_quarkspw_filedump.yml (92%) rename rules/windows/{file_creation => file_event}/sysmon_susp_adsi_cache_usage.yml (96%) rename rules/windows/{file_creation => file_event}/sysmon_susp_desktop_ini.yml (94%) rename rules/windows/{file_creation => file_event}/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml (96%) rename rules/windows/{file_creation => file_event}/sysmon_tsclient_filewrite_startup.yml (91%) rename rules/windows/{file_creation => file_event}/sysmon_webshell_creation_detect.yml (97%) rename rules/windows/{file_creation => file_event}/sysmon_wmi_persistence_script_event_consumer_write.yml (96%) rename rules/windows/{image_loaded => image_load}/sysmon_in_memory_powershell.yml (96%) rename rules/windows/{image_loaded => image_load}/sysmon_mimikatz_inmemory_detection.yml (95%) rename rules/windows/{image_loaded => image_load}/sysmon_powershell_execution_moduleload.yml (93%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_image_load.yml (93%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_office_dotnet_assembly_dll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_office_dotnet_clr_dll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_office_dotnet_gac_dll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_office_dsparse_dll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_office_kerberos_dll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_winword_vbadll_load.yml (94%) rename rules/windows/{image_loaded => image_load}/sysmon_susp_winword_wmidll_load.yml (96%) rename rules/windows/{image_loaded => image_load}/sysmon_suspicious_dbghelp_dbgcore_load.yml (97%) rename rules/windows/{image_loaded => image_load}/sysmon_svchost_dll_search_order_hijack.yml (95%) rename rules/windows/{image_loaded => image_load}/sysmon_unsigned_image_loaded_into_lsass.yml (93%) rename rules/windows/{image_loaded => image_load}/sysmon_wmi_module_load.yml (96%) rename rules/windows/{image_loaded => image_load}/sysmon_wmi_persistence_commandline_event_consumer.yml (96%) diff --git a/rules/windows/driver_loaded/sysmon_susp_driver_load.yml b/rules/windows/driver_load/sysmon_susp_driver_load.yml similarity index 90% rename from rules/windows/driver_loaded/sysmon_susp_driver_load.yml rename to rules/windows/driver_load/sysmon_susp_driver_load.yml index a12d1475..014f494f 100755 --- a/rules/windows/driver_loaded/sysmon_susp_driver_load.yml +++ b/rules/windows/driver_load/sysmon_susp_driver_load.yml @@ -7,9 +7,8 @@ tags: - attack.persistence - attack.t1050 logsource: - category: driver_loaded + category: driver_load product: windows - service: sysmon detection: selection: ImageLoaded: '*\Temp\\*' diff --git a/rules/windows/file_creation/sysmon_creation_system_file.yml b/rules/windows/file_event/sysmon_creation_system_file.yml similarity index 97% rename from rules/windows/file_creation/sysmon_creation_system_file.yml rename to rules/windows/file_event/sysmon_creation_system_file.yml index aaebf3c3..7ce7adf4 100755 --- a/rules/windows/file_creation/sysmon_creation_system_file.yml +++ b/rules/windows/file_event/sysmon_creation_system_file.yml @@ -10,9 +10,8 @@ tags: - attack.defense_evasion - attack.t1036 logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml b/rules/windows/file_event/sysmon_cred_dump_tools_dropped_files.yml similarity index 96% rename from rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml rename to rules/windows/file_event/sysmon_cred_dump_tools_dropped_files.yml index 7ce6ba11..a3517bc7 100755 --- a/rules/windows/file_creation/sysmon_cred_dump_tools_dropped_files.yml +++ b/rules/windows/file_event/sysmon_cred_dump_tools_dropped_files.yml @@ -10,9 +10,8 @@ tags: - attack.credential_access - attack.t1003 logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: TargetFilename|contains: diff --git a/rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml b/rules/windows/file_event/sysmon_ghostpack_safetykatz.yml similarity index 90% rename from rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml rename to rules/windows/file_event/sysmon_ghostpack_safetykatz.yml index 8eb4b734..29648630 100755 --- a/rules/windows/file_creation/sysmon_ghostpack_safetykatz.yml +++ b/rules/windows/file_event/sysmon_ghostpack_safetykatz.yml @@ -10,9 +10,8 @@ tags: author: Markus Neis date: 2018/07/24 logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: TargetFilename: '*\Temp\debug.bin' diff --git a/rules/windows/file_creation/sysmon_hack_dumpert.yml b/rules/windows/file_event/sysmon_hack_dumpert.yml similarity index 94% rename from rules/windows/file_creation/sysmon_hack_dumpert.yml rename to rules/windows/file_event/sysmon_hack_dumpert.yml index bfb748a8..f8bdb838 100755 --- a/rules/windows/file_creation/sysmon_hack_dumpert.yml +++ b/rules/windows/file_event/sysmon_hack_dumpert.yml @@ -11,9 +11,8 @@ tags: - attack.credential_access - attack.t1003 logsource: - category: file_creation + category: file_event product: windows - service: sysmon falsepositives: - Very unlikely level: critical diff --git a/rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/file_event/sysmon_lsass_memory_dump_file_creation.yml similarity index 94% rename from rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml rename to rules/windows/file_event/sysmon_lsass_memory_dump_file_creation.yml index d2bb40a5..578fdb84 100755 --- a/rules/windows/file_creation/sysmon_lsass_memory_dump_file_creation.yml +++ b/rules/windows/file_event/sysmon_lsass_memory_dump_file_creation.yml @@ -10,9 +10,8 @@ tags: - attack.credential_access - attack.t1003 logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: TargetFilename|contains: 'lsass' diff --git a/rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml b/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml similarity index 98% rename from rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml rename to rules/windows/file_event/sysmon_powershell_exploit_scripts.yml index c6512066..cf59c05b 100755 --- a/rules/windows/file_creation/sysmon_powershell_exploit_scripts.yml +++ b/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml @@ -10,9 +10,8 @@ tags: author: Markus Neis date: 2018/04/07 logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: TargetFilename: diff --git a/rules/windows/file_creation/sysmon_quarkspw_filedump.yml b/rules/windows/file_event/sysmon_quarkspw_filedump.yml similarity index 92% rename from rules/windows/file_creation/sysmon_quarkspw_filedump.yml rename to rules/windows/file_event/sysmon_quarkspw_filedump.yml index 447225de..c1ee66a7 100755 --- a/rules/windows/file_creation/sysmon_quarkspw_filedump.yml +++ b/rules/windows/file_event/sysmon_quarkspw_filedump.yml @@ -11,9 +11,8 @@ tags: - attack.t1003 level: critical logsource: - category: file_creation + category: file_event product: windows - service: sysmon detection: selection: # Sysmon: File Creation (ID 11) diff --git a/rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml similarity index 96% rename from rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml rename to rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml index bcdf82e7..f1969714 100755 --- a/rules/windows/file_creation/sysmon_susp_adsi_cache_usage.yml +++ b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml @@ -13,8 +13,7 @@ tags: - attack.persistence logsource: product: windows - service: sysmon - category: file_creation + category: file_event detection: selection_1: TargetFilename: '*\Local\Microsoft\Windows\SchCache\*.sch' diff --git a/rules/windows/file_creation/sysmon_susp_desktop_ini.yml b/rules/windows/file_event/sysmon_susp_desktop_ini.yml similarity index 94% rename from rules/windows/file_creation/sysmon_susp_desktop_ini.yml rename to rules/windows/file_event/sysmon_susp_desktop_ini.yml index 4560174f..c55114cf 100755 --- a/rules/windows/file_creation/sysmon_susp_desktop_ini.yml +++ b/rules/windows/file_event/sysmon_susp_desktop_ini.yml @@ -11,8 +11,7 @@ tags: - attack.t1023 logsource: product: windows - service: sysmon - category: file_creation + category: file_event detection: filter: Image: diff --git a/rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml similarity index 96% rename from rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml rename to rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 4e79478a..5d2b079c 100755 --- a/rules/windows/file_creation/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -11,8 +11,7 @@ tags: - attack.defense_evasion logsource: product: windows - service: sysmon - category: file_creation + category: file_event detection: selection_1: TargetFilename: '*\AppData\Local\Temp\*\PROCEXP152.sys' diff --git a/rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml similarity index 91% rename from rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml rename to rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml index 254f77c6..65a61b0e 100755 --- a/rules/windows/file_creation/sysmon_tsclient_filewrite_startup.yml +++ b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml @@ -6,8 +6,7 @@ date: 2019/02/21 author: Samir Bousseaden logsource: product: windows - service: sysmon - category: file_creation + category: file_event detection: selection: Image: '*\mstsc.exe' diff --git a/rules/windows/file_creation/sysmon_webshell_creation_detect.yml b/rules/windows/file_event/sysmon_webshell_creation_detect.yml similarity index 97% rename from rules/windows/file_creation/sysmon_webshell_creation_detect.yml rename to rules/windows/file_event/sysmon_webshell_creation_detect.yml index 86fdb516..86000b3a 100755 --- a/rules/windows/file_creation/sysmon_webshell_creation_detect.yml +++ b/rules/windows/file_event/sysmon_webshell_creation_detect.yml @@ -13,8 +13,7 @@ tags: level: critical logsource: product: windows - service: sysmon - category: file_creation + category: file_event detection: selection_2: TargetFilename|contains: '\inetpub\wwwroot\' diff --git a/rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml similarity index 96% rename from rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml rename to rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml index 8fc77b5f..bc07ed69 100755 --- a/rules/windows/file_creation/sysmon_wmi_persistence_script_event_consumer_write.yml +++ b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml @@ -11,7 +11,6 @@ tags: - attack.persistence logsource: product: windows - service: sysmon category: file_created detection: selection: diff --git a/rules/windows/image_loaded/sysmon_in_memory_powershell.yml b/rules/windows/image_load/sysmon_in_memory_powershell.yml similarity index 96% rename from rules/windows/image_loaded/sysmon_in_memory_powershell.yml rename to rules/windows/image_load/sysmon_in_memory_powershell.yml index e5c08eea..aeb46d86 100755 --- a/rules/windows/image_loaded/sysmon_in_memory_powershell.yml +++ b/rules/windows/image_load/sysmon_in_memory_powershell.yml @@ -12,9 +12,8 @@ tags: - attack.t1086 - attack.execution logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: ImageLoaded|endswith: diff --git a/rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml b/rules/windows/image_load/sysmon_mimikatz_inmemory_detection.yml similarity index 95% rename from rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml rename to rules/windows/image_load/sysmon_mimikatz_inmemory_detection.yml index 6f7e05d4..50568b56 100755 --- a/rules/windows/image_loaded/sysmon_mimikatz_inmemory_detection.yml +++ b/rules/windows/image_load/sysmon_mimikatz_inmemory_detection.yml @@ -11,9 +11,8 @@ tags: - attack.credential_access - car.2019-04-004 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon date: 2017/03/13 detection: selector: diff --git a/rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml b/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml similarity index 93% rename from rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml rename to rules/windows/image_load/sysmon_powershell_execution_moduleload.yml index bfed56f8..5c414c0c 100755 --- a/rules/windows/image_loaded/sysmon_powershell_execution_moduleload.yml +++ b/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml @@ -8,9 +8,8 @@ author: Roberto Rodriguez @Cyb3rWard0g references: - https://github.com/hunters-forge/ThreatHunter-Playbook/blob/8869b7a58dba1cff63bae1d7ab923974b8c0539b/playbooks/WIN-190410151110.yaml logsource: - category: image_loaded + category: image_load product: windows - service: sysmon tags: - attack.execution - attack.t1086 diff --git a/rules/windows/image_loaded/sysmon_susp_image_load.yml b/rules/windows/image_load/sysmon_susp_image_load.yml similarity index 93% rename from rules/windows/image_loaded/sysmon_susp_image_load.yml rename to rules/windows/image_load/sysmon_susp_image_load.yml index 899bc572..828c939e 100755 --- a/rules/windows/image_loaded/sysmon_susp_image_load.yml +++ b/rules/windows/image_load/sysmon_susp_image_load.yml @@ -10,9 +10,8 @@ tags: - attack.defense_evasion - attack.t1073 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml rename to rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml index 1d0a1e80..5fb8bc69 100755 --- a/rules/windows/image_loaded/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_dotnet_clr_dll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml rename to rules/windows/image_load/sysmon_susp_office_dotnet_clr_dll_load.yml index 6d6e1084..c38e4136 100755 --- a/rules/windows/image_loaded/sysmon_susp_office_dotnet_clr_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_dotnet_clr_dll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_dotnet_gac_dll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml rename to rules/windows/image_load/sysmon_susp_office_dotnet_gac_dll_load.yml index 8a1c1bb6..5ad0b02d 100755 --- a/rules/windows/image_loaded/sysmon_susp_office_dotnet_gac_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_dotnet_gac_dll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_dsparse_dll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml rename to rules/windows/image_load/sysmon_susp_office_dsparse_dll_load.yml index eb52f014..01f4c5a9 100755 --- a/rules/windows/image_loaded/sysmon_susp_office_dsparse_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_dsparse_dll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_kerberos_dll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml rename to rules/windows/image_load/sysmon_susp_office_kerberos_dll_load.yml index 90cf6879..c9a12264 100755 --- a/rules/windows/image_loaded/sysmon_susp_office_kerberos_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_kerberos_dll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml b/rules/windows/image_load/sysmon_susp_winword_vbadll_load.yml similarity index 94% rename from rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml rename to rules/windows/image_load/sysmon_susp_winword_vbadll_load.yml index ca8fa945..b52627d1 100755 --- a/rules/windows/image_loaded/sysmon_susp_winword_vbadll_load.yml +++ b/rules/windows/image_load/sysmon_susp_winword_vbadll_load.yml @@ -10,9 +10,8 @@ tags: - attack.initial_access - attack.t1193 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml b/rules/windows/image_load/sysmon_susp_winword_wmidll_load.yml similarity index 96% rename from rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml rename to rules/windows/image_load/sysmon_susp_winword_wmidll_load.yml index 25b3eeaa..c2d9e429 100755 --- a/rules/windows/image_loaded/sysmon_susp_winword_wmidll_load.yml +++ b/rules/windows/image_load/sysmon_susp_winword_wmidll_load.yml @@ -12,9 +12,8 @@ tags: - attack.execution - attack.t1047 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml b/rules/windows/image_load/sysmon_suspicious_dbghelp_dbgcore_load.yml similarity index 97% rename from rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml rename to rules/windows/image_load/sysmon_suspicious_dbghelp_dbgcore_load.yml index 78298fe2..20b873c5 100755 --- a/rules/windows/image_loaded/sysmon_suspicious_dbghelp_dbgcore_load.yml +++ b/rules/windows/image_load/sysmon_suspicious_dbghelp_dbgcore_load.yml @@ -15,9 +15,8 @@ tags: - attack.credential_access - attack.t1003 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: signedprocess: ImageLoaded|endswith: diff --git a/rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml similarity index 95% rename from rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml rename to rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml index bd44479d..f2098fae 100755 --- a/rules/windows/image_loaded/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml @@ -15,9 +15,8 @@ tags: - attack.t1038 - attack.t1112 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml b/rules/windows/image_load/sysmon_unsigned_image_loaded_into_lsass.yml similarity index 93% rename from rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml rename to rules/windows/image_load/sysmon_unsigned_image_loaded_into_lsass.yml index 34fb597b..3a66c4dd 100755 --- a/rules/windows/image_loaded/sysmon_unsigned_image_loaded_into_lsass.yml +++ b/rules/windows/image_load/sysmon_unsigned_image_loaded_into_lsass.yml @@ -10,9 +10,8 @@ tags: - attack.credential_access - attack.t1003 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: Image|endswith: '\lsass.exe' diff --git a/rules/windows/image_loaded/sysmon_wmi_module_load.yml b/rules/windows/image_load/sysmon_wmi_module_load.yml similarity index 96% rename from rules/windows/image_loaded/sysmon_wmi_module_load.yml rename to rules/windows/image_load/sysmon_wmi_module_load.yml index b5e0e6dc..44353ab3 100755 --- a/rules/windows/image_loaded/sysmon_wmi_module_load.yml +++ b/rules/windows/image_load/sysmon_wmi_module_load.yml @@ -11,9 +11,8 @@ tags: - attack.execution - attack.t1047 logsource: - category: image_loaded + category: image_load product: windows - service: sysmon detection: selection: ImageLoaded|endswith: diff --git a/rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml similarity index 96% rename from rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml rename to rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml index d67b7366..19b7d30b 100755 --- a/rules/windows/image_loaded/sysmon_wmi_persistence_commandline_event_consumer.yml +++ b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -12,7 +12,6 @@ tags: logsource: cqtegory: image_loaded product: windows - service: sysmon detection: selection: Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' diff --git a/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml b/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml index bd14f8cf..9c8b1f89 100755 --- a/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml +++ b/rules/windows/network_connection/sysmon_malware_backconnect_ports.yml @@ -12,7 +12,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' detection: selection: diff --git a/rules/windows/network_connection/sysmon_notepad_network_connection.yml b/rules/windows/network_connection/sysmon_notepad_network_connection.yml index 86b3c511..49dbcdf7 100755 --- a/rules/windows/network_connection/sysmon_notepad_network_connection.yml +++ b/rules/windows/network_connection/sysmon_notepad_network_connection.yml @@ -12,7 +12,6 @@ author: EagleEye Team logsource: category: network_connection product: windows - service: sysmon date: 2020/05/14 detection: selection: diff --git a/rules/windows/network_connection/sysmon_powershell_network_connection.yml b/rules/windows/network_connection/sysmon_powershell_network_connection.yml index b34f5253..8d6742d1 100755 --- a/rules/windows/network_connection/sysmon_powershell_network_connection.yml +++ b/rules/windows/network_connection/sysmon_powershell_network_connection.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: Image: '*\powershell.exe' diff --git a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml index 5775c480..289594ae 100755 --- a/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml +++ b/rules/windows/network_connection/sysmon_rdp_reverse_tunnel.yml @@ -14,7 +14,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: Image: '*\svchost.exe' diff --git a/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml index 8bcace7e..9d56a7da 100755 --- a/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml +++ b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml @@ -12,7 +12,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: DestinationPort: diff --git a/rules/windows/network_connection/sysmon_rundll32_net_connections.yml b/rules/windows/network_connection/sysmon_rundll32_net_connections.yml index 7092eadc..40ca4c42 100755 --- a/rules/windows/network_connection/sysmon_rundll32_net_connections.yml +++ b/rules/windows/network_connection/sysmon_rundll32_net_connections.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: Image: '*\rundll32.exe' diff --git a/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml b/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml index 3219ca94..9b152411 100755 --- a/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml +++ b/rules/windows/network_connection/sysmon_susp_prog_location_network_connection.yml @@ -9,7 +9,6 @@ date: 2017/03/19 logsource: category: network_connection product: windows - service: sysmon definition: 'Use the following config to generate the necessary Event ID 3 Network Connection events' detection: selection: diff --git a/rules/windows/network_connection/sysmon_susp_rdp.yml b/rules/windows/network_connection/sysmon_susp_rdp.yml index ee37354d..00ab16ac 100755 --- a/rules/windows/network_connection/sysmon_susp_rdp.yml +++ b/rules/windows/network_connection/sysmon_susp_rdp.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: DestinationPort: 3389 diff --git a/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml b/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml index 0965670e..e1984104 100755 --- a/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml +++ b/rules/windows/network_connection/sysmon_suspicious_outbound_kerberos_connection.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: DestinationPort: 88 diff --git a/rules/windows/network_connection/sysmon_win_binary_github_com.yml b/rules/windows/network_connection/sysmon_win_binary_github_com.yml index de0d4603..8a0ac2af 100755 --- a/rules/windows/network_connection/sysmon_win_binary_github_com.yml +++ b/rules/windows/network_connection/sysmon_win_binary_github_com.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: Initiated: 'true' diff --git a/rules/windows/network_connection/sysmon_win_binary_susp_com.yml b/rules/windows/network_connection/sysmon_win_binary_susp_com.yml index 87445b5b..6e324b9c 100755 --- a/rules/windows/network_connection/sysmon_win_binary_susp_com.yml +++ b/rules/windows/network_connection/sysmon_win_binary_susp_com.yml @@ -13,7 +13,6 @@ tags: logsource: category: network_connection product: windows - service: sysmon detection: selection: Initiated: 'true' diff --git a/rules/windows/process_access/sysmon_cmstp_execution.yml b/rules/windows/process_access/sysmon_cmstp_execution.yml index 2299a92f..66e48f89 100755 --- a/rules/windows/process_access/sysmon_cmstp_execution.yml +++ b/rules/windows/process_access/sysmon_cmstp_execution.yml @@ -25,7 +25,6 @@ level: high --- logsource: product: windows - service: sysmon category: registry_event detection: # Registry Object Add diff --git a/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml b/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml index 284d860e..cb3bf8b5 100755 --- a/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml +++ b/rules/windows/process_access/sysmon_cred_dump_lsass_access.yml @@ -19,7 +19,6 @@ tags: logsource: category: process_access product: windows - service: sysmon detection: selection: TargetImage|endswith: '\lsass.exe' diff --git a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml index 9ace8464..b8a892bd 100755 --- a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml +++ b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml @@ -16,7 +16,6 @@ tags: logsource: category: process_access product: windows - service: sysmon detection: selection_01: CallTrace: diff --git a/rules/windows/process_access/sysmon_invoke_phantom.yml b/rules/windows/process_access/sysmon_invoke_phantom.yml index c2d61c17..c90377b1 100755 --- a/rules/windows/process_access/sysmon_invoke_phantom.yml +++ b/rules/windows/process_access/sysmon_invoke_phantom.yml @@ -13,7 +13,6 @@ tags: logsource: category: process_access product: windows - service: sysmon detection: selection: TargetImage: '*\windows\system32\svchost.exe' diff --git a/rules/windows/process_access/sysmon_lsass_memdump.yml b/rules/windows/process_access/sysmon_lsass_memdump.yml index 796e85d2..62f6a959 100755 --- a/rules/windows/process_access/sysmon_lsass_memdump.yml +++ b/rules/windows/process_access/sysmon_lsass_memdump.yml @@ -13,7 +13,6 @@ tags: logsource: category: process_access product: windows - service: sysmon detection: selection: TargetImage: 'C:\windows\system32\lsass.exe' diff --git a/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml b/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml index 625f78a1..2224ad19 100755 --- a/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml +++ b/rules/windows/process_access/sysmon_malware_verclsid_shellcode.yml @@ -13,7 +13,6 @@ date: 2017/03/04 logsource: category: process_access product: windows - service: sysmon definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' detection: selection: diff --git a/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml b/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml index 87650cda..9444b2a4 100755 --- a/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml +++ b/rules/windows/process_access/sysmon_mimikatz_trough_winrm.yml @@ -9,7 +9,6 @@ date: 2019/05/20 logsource: category: process_access product: windows - service: sysmon detection: selection: TargetImage: 'C:\windows\system32\lsass.exe' diff --git a/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml b/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml index f87bd508..e9500d79 100755 --- a/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml +++ b/rules/windows/registry_event/sysmon_apt_oceanlotus_registry.yml @@ -11,7 +11,6 @@ date: 2019/04/14 logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject: diff --git a/rules/windows/registry_event/sysmon_apt_pandemic.yml b/rules/windows/registry_event/sysmon_apt_pandemic.yml index 63b8addf..01f35a58 100755 --- a/rules/windows/registry_event/sysmon_apt_pandemic.yml +++ b/rules/windows/registry_event/sysmon_apt_pandemic.yml @@ -27,7 +27,6 @@ level: critical logsource: category: registry_event product: windows - service: sysmon detection: selection1: TargetObject: diff --git a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml index 79013d30..53b75b91 100755 --- a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml +++ b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml @@ -13,7 +13,6 @@ author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community logsource: category: registry_event product: windows - service: sysmon detection: selection: diff --git a/rules/windows/registry_event/sysmon_cmstp_execution.yml b/rules/windows/registry_event/sysmon_cmstp_execution.yml index 48fdfafe..8c93c799 100755 --- a/rules/windows/registry_event/sysmon_cmstp_execution.yml +++ b/rules/windows/registry_event/sysmon_cmstp_execution.yml @@ -26,7 +26,6 @@ level: high logsource: category: process_creation,registry_event product: windows - service: sysmon detection: # Registry Object Add selection2: diff --git a/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml index d7304285..e568b4d0 100755 --- a/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml +++ b/rules/windows/registry_event/sysmon_dhcp_calloutdll.yml @@ -16,7 +16,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: diff --git a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index 57035340..4c260e28 100755 --- a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -13,7 +13,6 @@ modified: 2019/11/13 logsource: category: registry_event product: windows - service: sysmon detection: selection: - EventID: 12 # key create diff --git a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml index bcf1bd39..e104ed67 100755 --- a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml +++ b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml @@ -26,7 +26,6 @@ level: high --- logsource: product: windows - service: sysmon category: registry_event detection: dnsregmod: diff --git a/rules/windows/registry_event/sysmon_hack_wce.yml b/rules/windows/registry_event/sysmon_hack_wce.yml index ab1c9e27..92483bee 100755 --- a/rules/windows/registry_event/sysmon_hack_wce.yml +++ b/rules/windows/registry_event/sysmon_hack_wce.yml @@ -30,7 +30,6 @@ detection: logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject|contains: Services\WCESERVICE\Start diff --git a/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml b/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml index bfb2874e..f7a0c353 100755 --- a/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml +++ b/rules/windows/registry_event/sysmon_narrator_feedback_persistance.yml @@ -13,7 +13,6 @@ modified: 2019/11/10 logsource: category: registry_event product: windows - service: sysmon detection: selection1: EventType: DeleteValue diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml index fbf57d3e..8d795a34 100755 --- a/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -15,7 +15,6 @@ modified: 2019/11/13 logsource: category: registry_event product: windows - service: sysmon detection: selection: - EventID: diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml index 52a2dac6..58aa613d 100755 --- a/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml @@ -14,7 +14,6 @@ modified: 2019/11/13 logsource: category: registry_event product: windows - service: sysmon detection: selection: - TargetObject: diff --git a/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml b/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml index afcee2b4..a465568c 100755 --- a/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml +++ b/rules/windows/registry_event/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml @@ -13,7 +13,6 @@ date: 2019/10/26 modified: 2019/11/11 logsource: product: windows - service: sysmon category: registry_event detection: selection: diff --git a/rules/windows/registry_event/sysmon_rdp_registry_modification.yml b/rules/windows/registry_event/sysmon_rdp_registry_modification.yml index 2ebecfe7..3fe7d6cd 100755 --- a/rules/windows/registry_event/sysmon_rdp_registry_modification.yml +++ b/rules/windows/registry_event/sysmon_rdp_registry_modification.yml @@ -13,7 +13,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject|endswith: diff --git a/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml b/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml index bad6cc8f..48e48f6d 100755 --- a/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml +++ b/rules/windows/registry_event/sysmon_rdp_settings_hijack.yml @@ -8,7 +8,6 @@ author: Samir Bousseaden logsource: category: registry_event product: windows - service: sysmon detection: selection_reg: TargetObject: diff --git a/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml b/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml index f7594c5d..2e2abe6b 100755 --- a/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml +++ b/rules/windows/registry_event/sysmon_registry_persistence_key_linking.yml @@ -13,7 +13,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: EventType: 'CreateKey' # don't want DeleteKey events diff --git a/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml b/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml index 62f0c6bf..ecb01ec8 100755 --- a/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml +++ b/rules/windows/registry_event/sysmon_registry_persistence_search_order.yml @@ -12,7 +12,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: # Detect new COM servers in the user hive TargetObject: 'HKU\\*_Classes\CLSID\\*\InProcServer32\(Default)' diff --git a/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml b/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml index 807bba13..3771c3b0 100755 --- a/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml +++ b/rules/windows/registry_event/sysmon_registry_trust_record_modification.yml @@ -14,7 +14,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject|contains: 'TrustRecords' diff --git a/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml b/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml index ea90b5de..60547d1c 100755 --- a/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml +++ b/rules/windows/registry_event/sysmon_ssp_added_lsa_config.yml @@ -13,7 +13,6 @@ date: 2019/01/18 logsource: category: registry_event product: windows - service: sysmon detection: selection_registry: TargetObject: diff --git a/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml index 79050d32..0cd46ca4 100755 --- a/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml +++ b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml @@ -22,7 +22,6 @@ level: critical logsource: category: registry_event product: windows - service: sysmon detection: selection_registry: TargetObject: diff --git a/rules/windows/registry_event/sysmon_susp_download_run_key.yml b/rules/windows/registry_event/sysmon_susp_download_run_key.yml index 856e06df..7f18d8c8 100755 --- a/rules/windows/registry_event/sysmon_susp_download_run_key.yml +++ b/rules/windows/registry_event/sysmon_susp_download_run_key.yml @@ -12,7 +12,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection: Image: diff --git a/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml b/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml index b5637468..36bb3fca 100755 --- a/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml +++ b/rules/windows/registry_event/sysmon_susp_reg_persist_explorer_run.yml @@ -9,7 +9,6 @@ references: logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject: '*\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' diff --git a/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml b/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml index 40f184b3..68584e9c 100755 --- a/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml +++ b/rules/windows/registry_event/sysmon_susp_run_key_img_folder.yml @@ -13,7 +13,6 @@ modified: 2020/05/24 logsource: category: registry_event product: windows - service: sysmon detection: selection: TargetObject: diff --git a/rules/windows/registry_event/sysmon_susp_service_installed.yml b/rules/windows/registry_event/sysmon_susp_service_installed.yml index eaf443b6..920c884a 100755 --- a/rules/windows/registry_event/sysmon_susp_service_installed.yml +++ b/rules/windows/registry_event/sysmon_susp_service_installed.yml @@ -12,7 +12,6 @@ tags: logsource: category: registry_event product: windows - service: sysmon detection: selection_1: diff --git a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml index 1ba94b9b..ee1ac4d7 100755 --- a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml +++ b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml @@ -11,7 +11,6 @@ modified: 2019/10/15 logsource: category: registry_event product: windows - service: sysmon definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files' detection: selection_registry: diff --git a/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml index 21ab67c9..df72b3ad 100755 --- a/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml +++ b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml @@ -16,7 +16,6 @@ level: low --- logsource: product: windows - service: sysmon category: registry_event detection: selection1: diff --git a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml index ba3dfb7c..80e3cfc9 100755 --- a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml +++ b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml @@ -9,7 +9,6 @@ author: Florian Roth date: 2017/03/19 logsource: product: windows - service: sysmon category: registry_event detection: methregistry: diff --git a/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml b/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml index 67fc2b84..2d3a025f 100755 --- a/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml +++ b/rules/windows/registry_event/sysmon_uac_bypass_sdclt.yml @@ -9,7 +9,6 @@ date: 2017/03/17 logsource: category: registry_event product: windows - service: sysmon detection: selection: # usrclass.dat is mounted on HKU\USERSID_Classes\... diff --git a/rules/windows/registry_event/sysmon_win_reg_persistence.yml b/rules/windows/registry_event/sysmon_win_reg_persistence.yml index 7779229b..9ca5a020 100755 --- a/rules/windows/registry_event/sysmon_win_reg_persistence.yml +++ b/rules/windows/registry_event/sysmon_win_reg_persistence.yml @@ -8,7 +8,6 @@ author: Karneades logsource: category: registry_event product: windows - service: sysmon detection: selection_reg1: TargetObject: diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index 5d407de7..a2c68501 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -29,7 +29,7 @@ logsources: product: windows service: sysmon file_creation: - category: file_creation + category: file_event product: windows conditions: EventID: 11 @@ -45,7 +45,7 @@ logsources: product: windows service: sysmon image_loaded: - category: image_loaded + category: image_load product: windows conditions: EventID: 7 @@ -53,7 +53,7 @@ logsources: product: windows service: sysmon driver_loaded: - category: driver_loaded + category: driver_load product: windows conditions: EventID: 6 From 07c0a6558e23cebea591d379892e76289bcfb91b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 24 Jun 2020 17:49:42 +0200 Subject: [PATCH 522/714] fix: wording on sysmon mapping file --- tools/config/generic/sysmon.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index a2c68501..0d97f379 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -1,4 +1,4 @@ -title: Conversion of generic rules into Sysmon +title: Conversion of Generic Rules into Sysmon Specific Rules order: 10 logsources: process_creation: @@ -61,7 +61,7 @@ logsources: product: windows service: sysmon process_terminated: - category: process_terminated + category: process_termination product: windows conditions: EventID: 5 From 3decee07ba6c18ecab57a1d5baa004e50682375f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 24 Jun 2020 18:10:58 +0200 Subject: [PATCH 523/714] fix: bugfix and cosmetics --- rules/windows/driver_load/sysmon_susp_driver_load.yml | 2 +- rules/windows/process_access/sysmon_cmstp_execution.yml | 5 ++--- .../process_access/sysmon_in_memory_assembly_execution.yml | 6 +++--- rules/windows/registry_event/sysmon_apt_pandemic.yml | 4 ++-- .../registry_event/sysmon_asep_reg_keys_modification.yml | 1 - rules/windows/registry_event/sysmon_cmstp_execution.yml | 6 ++---- .../registry_event/sysmon_dns_serverlevelplugindll.yml | 4 ++-- .../registry_event/sysmon_stickykey_like_backdoor.yml | 7 +++---- .../registry_event/sysmon_sysinternals_eula_accepted.yml | 4 ++-- .../windows/registry_event/sysmon_uac_bypass_eventvwr.yml | 1 - 10 files changed, 17 insertions(+), 23 deletions(-) diff --git a/rules/windows/driver_load/sysmon_susp_driver_load.yml b/rules/windows/driver_load/sysmon_susp_driver_load.yml index 014f494f..56eb89c4 100755 --- a/rules/windows/driver_load/sysmon_susp_driver_load.yml +++ b/rules/windows/driver_load/sysmon_susp_driver_load.yml @@ -12,7 +12,7 @@ logsource: detection: selection: ImageLoaded: '*\Temp\\*' - condition: selection + condition: selection falsepositives: - there is a relevant set of false positives depending on applications in the environment level: medium diff --git a/rules/windows/process_access/sysmon_cmstp_execution.yml b/rules/windows/process_access/sysmon_cmstp_execution.yml index 66e48f89..66c5a5ff 100755 --- a/rules/windows/process_access/sysmon_cmstp_execution.yml +++ b/rules/windows/process_access/sysmon_cmstp_execution.yml @@ -13,8 +13,6 @@ author: Nik Seetharaman date: 2018/07/16 references: - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ -detection: - condition: 1 of them fields: - CommandLine - ParentCommandLine @@ -37,7 +35,7 @@ detection: # Process Access Call Trace selection4: CallTrace: '*cmlua.dll*' - + condition: 1 of them --- logsource: category: process_creation @@ -46,3 +44,4 @@ detection: # CMSTP Spawning Child Process selection1: ParentImage: '*\cmstp.exe' + condition: 1 of them diff --git a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml index b8a892bd..714ca5c2 100755 --- a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml +++ b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml @@ -17,11 +17,11 @@ logsource: category: process_access product: windows detection: - selection_01: + selection1: CallTrace: - "C:\\Windows\\SYSTEM32\\ntdll.dll+*|C:\\Windows\\System32\\KERNELBASE.dll+*|UNKNOWN(*)" - "*UNKNOWN(*)|UNKNOWN(*)" - selection_02: + selection2: CallTrace: "*UNKNOWN*" granted_access: GrantedAccess: @@ -33,7 +33,7 @@ detection: - "0x1F2FFF" - "0x1F3FFF" - "0x1FFFFF" - condition: selection_01 OR (selection_02 AND granted_access) + condition: selection1 OR (selection2 AND granted_access) fields: - ComputerName - User diff --git a/rules/windows/registry_event/sysmon_apt_pandemic.yml b/rules/windows/registry_event/sysmon_apt_pandemic.yml index 01f35a58..04821f4f 100755 --- a/rules/windows/registry_event/sysmon_apt_pandemic.yml +++ b/rules/windows/registry_event/sysmon_apt_pandemic.yml @@ -11,8 +11,6 @@ tags: - attack.t1105 author: Florian Roth date: 2017/06/01 -detection: - condition: 1 of them fields: - EventID - CommandLine @@ -31,6 +29,7 @@ detection: selection1: TargetObject: - 'HKLM\SYSTEM\CurrentControlSet\services\null\Instance*' + condition: 1 of them --- logsource: category: process_creation @@ -38,3 +37,4 @@ logsource: detection: selection2: Command: 'loaddll -a *' + condition: 1 of them diff --git a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml index 53b75b91..94b91d64 100755 --- a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml +++ b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml @@ -15,7 +15,6 @@ logsource: product: windows detection: selection: - TargetObject|contains: - '\software\Microsoft\Windows\CurrentVersion\Run' - '\software\Microsoft\Windows\CurrentVersion\RunOnce' diff --git a/rules/windows/registry_event/sysmon_cmstp_execution.yml b/rules/windows/registry_event/sysmon_cmstp_execution.yml index 8c93c799..a8083a24 100755 --- a/rules/windows/registry_event/sysmon_cmstp_execution.yml +++ b/rules/windows/registry_event/sysmon_cmstp_execution.yml @@ -13,8 +13,6 @@ author: Nik Seetharaman date: 2018/07/16 references: - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ -detection: - condition: 1 of them fields: - CommandLine - ParentCommandLine @@ -33,17 +31,17 @@ detection: EventType: 'CreateKey' # Registry Object Value Set selection3: - TargetObject: '*\cmmgr32.exe*' # Process Access Call Trace selection4: CallTrace: '*cmlua.dll*' + condition: 1 of them --- detection: # CMSTP Spawning Child Process selection1: ParentImage: '*\cmstp.exe' - + condition: 1 of them logsource: category: process_creation product: windows diff --git a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml index e104ed67..c1610b60 100755 --- a/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml +++ b/rules/windows/registry_event/sysmon_dns_serverlevelplugindll.yml @@ -11,8 +11,6 @@ author: Florian Roth tags: - attack.defense_evasion - attack.t1073 -detection: - condition: 1 of them fields: - EventID - CommandLine @@ -30,6 +28,7 @@ logsource: detection: dnsregmod: TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll' + condition: 1 of them --- logsource: category: process_creation @@ -37,3 +36,4 @@ logsource: detection: dnsadmin: CommandLine: 'dnscmd.exe /config /serverlevelplugindll *' + condition: 1 of them \ No newline at end of file diff --git a/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml index 0cd46ca4..d769ef85 100755 --- a/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml +++ b/rules/windows/registry_event/sysmon_stickykey_like_backdoor.yml @@ -12,9 +12,7 @@ tags: - car.2014-11-003 - car.2014-11-008 author: Florian Roth, @twjackomo -date: 2018/03/15 -detection: - condition: 1 of them +date: 2018/03/15 falsepositives: - Unlikely level: critical @@ -32,6 +30,7 @@ detection: - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Narrator.exe\Debugger' - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe\Debugger' EventType: 'SetValue' + condition: 1 of them --- logsource: category: process_creation @@ -47,4 +46,4 @@ detection: - '*cmd.exe Magnify.exe *' - '*cmd.exe Narrator.exe *' - '*cmd.exe DisplaySwitch.exe *' - + condition: 1 of them diff --git a/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml index df72b3ad..056d98d4 100755 --- a/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml +++ b/rules/windows/registry_event/sysmon_sysinternals_eula_accepted.yml @@ -7,8 +7,6 @@ references: - https://twitter.com/Moti_B/status/1008587936735035392 date: 2017/08/28 author: Markus Neis -detection: - condition: 1 of them falsepositives: - Legitimate use of SysInternals tools - Programs that use the same Registry Key @@ -20,6 +18,7 @@ logsource: detection: selection1: TargetObject: '*\EulaAccepted' + condition: 1 of them --- logsource: category: process_creation @@ -27,3 +26,4 @@ logsource: detection: selection2: CommandLine: '* -accepteula*' + condition: 1 of them \ No newline at end of file diff --git a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml index 80e3cfc9..9821f0f6 100755 --- a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml +++ b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml @@ -12,7 +12,6 @@ logsource: category: registry_event detection: methregistry: - TargetObject: 'HKU\\*\mscfile\shell\open\command' methprocess: EventID: 1 # Migration to process_creation requires multipart YAML From 825bda397d633cb139d0a1f1737c68eca798944a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 25 Jun 2020 13:21:43 +0200 Subject: [PATCH 524/714] desc: better descriptions in help for backends and configurations --- tools/sigma/sigmac.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/sigmac.py b/tools/sigma/sigmac.py index f5c122a5..ae3cfbe9 100755 --- a/tools/sigma/sigmac.py +++ b/tools/sigma/sigmac.py @@ -142,11 +142,11 @@ def main(): logger.setLevel(logging.DEBUG) if cmdargs.lists: - print("Backends:") + print("Backends (Targets):") list_backends(cmdargs.debug) print() - print("Configurations:") + print("Configurations (Sources):") list_configurations(backend=cmdargs.target, scm=scm) print() From da46ff6e931b57fb509c78a8e291e3216e61ea64 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 25 Jun 2020 13:59:51 +0200 Subject: [PATCH 525/714] docs: descriptions for source configs --- tools/config/elk-defaultindex-filebeat.yml | 1 + tools/config/elk-defaultindex-logstash.yml | 1 + tools/config/elk-defaultindex.yml | 1 + tools/config/elk-linux.yml | 1 + tools/config/elk-windows.yml | 1 + tools/config/elk-winlogbeat-sp.yml | 2 +- tools/config/elk-winlogbeat.yml | 1 + 7 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/config/elk-defaultindex-filebeat.yml b/tools/config/elk-defaultindex-filebeat.yml index 24f52574..8f23586c 100644 --- a/tools/config/elk-defaultindex-filebeat.yml +++ b/tools/config/elk-defaultindex-filebeat.yml @@ -1,2 +1,3 @@ +title: ELK default indices filebeat-* defaultindex: - filebeat-* diff --git a/tools/config/elk-defaultindex-logstash.yml b/tools/config/elk-defaultindex-logstash.yml index 7c826199..27d438de 100644 --- a/tools/config/elk-defaultindex-logstash.yml +++ b/tools/config/elk-defaultindex-logstash.yml @@ -1,2 +1,3 @@ +title: ELK default indices logstash-* defaultindex: - logstash-* diff --git a/tools/config/elk-defaultindex.yml b/tools/config/elk-defaultindex.yml index 99a94b8f..f1f20d72 100644 --- a/tools/config/elk-defaultindex.yml +++ b/tools/config/elk-defaultindex.yml @@ -1,3 +1,4 @@ +title: ELK default indices logstash-* and filebeat-* defaultindex: - logstash-* - filebeat-* diff --git a/tools/config/elk-linux.yml b/tools/config/elk-linux.yml index 9b2d4808..381e5af7 100644 --- a/tools/config/elk-linux.yml +++ b/tools/config/elk-linux.yml @@ -1,3 +1,4 @@ +title: ELK Linux Indices and Mappings logsources: apache: category: webserver diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml index a408123c..d223098f 100644 --- a/tools/config/elk-windows.yml +++ b/tools/config/elk-windows.yml @@ -1,3 +1,4 @@ +title: ELK Windows Indices and Mappings logsources: windows: product: windows diff --git a/tools/config/elk-winlogbeat-sp.yml b/tools/config/elk-winlogbeat-sp.yml index f1abce0a..02ab771a 100644 --- a/tools/config/elk-winlogbeat-sp.yml +++ b/tools/config/elk-winlogbeat-sp.yml @@ -1,8 +1,8 @@ +title: ELK Ingested with Winlogbeat logsources: windows: product: windows index: - windows-application: product: windows service: application diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml index 20bf500f..97567ea9 100644 --- a/tools/config/elk-winlogbeat.yml +++ b/tools/config/elk-winlogbeat.yml @@ -1,3 +1,4 @@ +title: ELK Ingested with Winlogbeat logsources: windows: product: windows From 839e06e37a7a28eda4adce779b11f94a325e996b Mon Sep 17 00:00:00 2001 From: Alexander J <741037+jaegeral@users.noreply.github.com> Date: Fri, 26 Jun 2020 12:40:06 +0200 Subject: [PATCH 526/714] s/straight forward/straightforward Fix a typo. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b1fc8d06..bf2cd76f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Generic Signature Format for SIEM Systems # What is Sigma -Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. +Sigma is a generic and open signature format that allows you to describe relevant log events in a straightforward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers or analysts can describe their once developed detection methods and make them shareable with others. Sigma is for log files what [Snort](https://www.snort.org/) is for network traffic and [YARA](https://github.com/VirusTotal/yara) is for files. From 502ec4b41770e2ae2c62727d0030560a97459e3d Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Fri, 26 Jun 2020 22:15:53 +0000 Subject: [PATCH 527/714] add win_not_allowed_rdp_access.yml rule --- .../builtin/win_not_allowed_rdp_access.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/builtin/win_not_allowed_rdp_access.yml diff --git a/rules/windows/builtin/win_not_allowed_rdp_access.yml b/rules/windows/builtin/win_not_allowed_rdp_access.yml new file mode 100644 index 00000000..8ec3cd2f --- /dev/null +++ b/rules/windows/builtin/win_not_allowed_rdp_access.yml @@ -0,0 +1,26 @@ +title: A User Was Denied The Access To Remote Desktop +id: 8e5c03fa-b7f0-11ea-b242-07e0576828d9 +description: This event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. + Often, this event can be generated by attackers when searching for available windows servers in the network. +status: experimental +tags: + - attack.lateral_movement + - attack.t1076 +references: + - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4825 +author: Pushkarev Dmitry +date: 2020/06/27 +logsource: + product: windows + service: security +detection: + selection: + EventID: 4825 + condition: selection +fields: + - EventCode + - AccountName + - ClientAddress +falsepositives: + - Valid user was not added to RDP group +level: medium From 09378b5ebf048c61b70bd3205ceed792a684fe7e Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 28 Jun 2020 00:27:33 +0200 Subject: [PATCH 528/714] Fixed unsupported attempt to index a set --- tools/sigma/config/mapping.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/config/mapping.py b/tools/sigma/config/mapping.py index 28ff2877..a0397683 100644 --- a/tools/sigma/config/mapping.py +++ b/tools/sigma/config/mapping.py @@ -125,9 +125,9 @@ class ConditionalFieldMapping(SimpleFieldMapping): if len(targets) == 1: # result set contains only one target, return mapped item (like SimpleFieldMapping) if value is None: - return ConditionNULLValue(val=targets[0]) + return ConditionNULLValue(val=list(targets)[0]) else: - return (targets[0], value) + return (list(targets)[0], value) elif len(targets) > 1: # result set contains multiple targets, return all linked as OR condition (like MultiFieldMapping) cond = ConditionOR() for target in targets: From 9dc3940c07656432f4f8670b86e667db246f649b Mon Sep 17 00:00:00 2001 From: Christian Clauss Date: Sun, 28 Jun 2020 07:02:41 +0200 Subject: [PATCH 529/714] Fix undefined names in sigma2misp.py create_new_event() -> create_new_event(args, misp) to fix: flake8 testing of https://github.com/Neo23x0/sigma on Python 3.8.3 % _flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics_ ``` ./tools/sigma/sigma2misp.py:11:16: F821 undefined name 'misp' if hasattr(misp, "new_event"): ^ ./tools/sigma/sigma2misp.py:12:16: F821 undefined name 'misp' return misp.new_event(info=args.info)["Event"]["id"] ^ ./tools/sigma/sigma2misp.py:12:36: F821 undefined name 'args' return misp.new_event(info=args.info)["Event"]["id"] ^ ./tools/sigma/sigma2misp.py:14:13: F821 undefined name 'misp' event = misp.MISPEvent() ^ ./tools/sigma/sigma2misp.py:15:18: F821 undefined name 'args' event.info = args.info ^ ./tools/sigma/sigma2misp.py:16:12: F821 undefined name 'misp' return misp.add_event(event)["Event"]["id"] ^ 6 F821 undefined name 'misp' 6 ``` --- tools/sigma/sigma2misp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/sigma2misp.py b/tools/sigma/sigma2misp.py index 8d604cba..fc102931 100755 --- a/tools/sigma/sigma2misp.py +++ b/tools/sigma/sigma2misp.py @@ -7,7 +7,7 @@ import urllib3 urllib3.disable_warnings() from pymisp import PyMISP -def create_new_event(): +def create_new_event(args, misp): if hasattr(misp, "new_event"): return misp.new_event(info=args.info)["Event"]["id"] @@ -55,7 +55,7 @@ def main(): for sigma in paths: if not args.event and (first or not args.same_event): - eventid = create_new_event() + eventid = create_new_event(args, misp) print("Importing Sigma rule {} into MISP event {}...".format(sigma, eventid, end="")) f = sigma.open("rt") From ae842a65cbe605079953872a96514265b4b2c2e0 Mon Sep 17 00:00:00 2001 From: j91321 Date: Sun, 28 Jun 2020 10:55:32 +0200 Subject: [PATCH 530/714] Windows Defender rules and logsource --- rules/windows/other/win_defender_disabled.yml | 26 +++++++++++++++++++ rules/windows/other/win_defender_threat.yml | 22 ++++++++++++++++ tools/config/logstash-windows.yml | 5 ++++ tools/config/powershell.yml | 5 ++++ tools/config/winlogbeat-modules-enabled.yml | 5 ++++ tools/config/winlogbeat-old.yml | 5 ++++ tools/config/winlogbeat.yml | 5 ++++ 7 files changed, 73 insertions(+) create mode 100644 rules/windows/other/win_defender_disabled.yml create mode 100644 rules/windows/other/win_defender_threat.yml diff --git a/rules/windows/other/win_defender_disabled.yml b/rules/windows/other/win_defender_disabled.yml new file mode 100644 index 00000000..cd7e64ab --- /dev/null +++ b/rules/windows/other/win_defender_disabled.yml @@ -0,0 +1,26 @@ +title: Windows Defender threat detection disabled +id: fe34868f-6e0e-4882-81f6-c43aa8f15b62 +description: Detects disabling Windows Defender threat protection +date: 2020/07/28 +author: Ján Trenčanský +references: + - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus +status: stable +tags: + - attack.defense_evasion + - attack.t1089 + - attack.t1562.001 +logsource: + product: windows + service: windefend +detection: + selection: + EventID: + - 5001 + - 5010 + - 5012 + - 5101 + condition: selection +falsepositives: + - Administrator actions +level: high diff --git a/rules/windows/other/win_defender_threat.yml b/rules/windows/other/win_defender_threat.yml new file mode 100644 index 00000000..ee22bf83 --- /dev/null +++ b/rules/windows/other/win_defender_threat.yml @@ -0,0 +1,22 @@ +title: Windows Defender threat detected +id: 57b649ef-ff42-4fb0-8bf6-62da243a1708 +description: Detects all actions taken by Windows Defender malware detection engines +date: 2020/07/28 +author: Ján Trenčanský +references: + - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus +status: stable +logsource: + product: windows + service: windefend +detection: + selection: + EventID: + - 1006 + - 1116 + - 1015 + - 1117 + condition: selection +falsepositives: + - unlikely +level: high diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml index 96b125f8..dd042220 100644 --- a/tools/config/logstash-windows.yml +++ b/tools/config/logstash-windows.yml @@ -43,4 +43,9 @@ logsources: service: dhcp conditions: Channel: 'Microsoft-Windows-DHCP-Server/Operational' + windows-defender: + product: windows + service: windefend + conditions: + Channel: 'Microsoft-Windows-Windows Defender/Operational' defaultindex: logstash-* diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml index 5cb0ea75..c22cdc99 100644 --- a/tools/config/powershell.yml +++ b/tools/config/powershell.yml @@ -69,3 +69,8 @@ logsources: service: dhcp conditions: LogName: 'Microsoft-Windows-DHCP-Server/Operational' + windows-defender: + product: windows + service: windefend + conditions: + LogName: 'Microsoft-Windows-Windows Defender/Operational' diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 69954e22..cac85f32 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -44,6 +44,11 @@ logsources: service: dhcp conditions: winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' + windows-defender: + product: windows + service: windefend + conditions: + winlog.channel: 'Microsoft-Windows-Windows Defender/Operational' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index ce0124fd..a5c2474c 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -43,6 +43,11 @@ logsources: service: dhcp conditions: source: 'Microsoft-Windows-DHCP-Server/Operational' + windows-defender: + product: windows + service: windefend + conditions: + source: 'Microsoft-Windows-Windows Defender/Operational' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 2171cef0..fe8dd96f 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -43,6 +43,11 @@ logsources: service: dhcp conditions: winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' + windows-defender: + product: windows + service: windefend + conditions: + winlog.channel: 'Microsoft-Windows-Windows Defender/Operational' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' From 24029d998a91e1c573fdf6a10d080757ca44479d Mon Sep 17 00:00:00 2001 From: j91321 Date: Sun, 28 Jun 2020 11:05:19 +0200 Subject: [PATCH 531/714] FIX: lint error for title --- rules/windows/other/win_defender_disabled.yml | 2 +- rules/windows/other/win_defender_threat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/other/win_defender_disabled.yml b/rules/windows/other/win_defender_disabled.yml index cd7e64ab..c955fe00 100644 --- a/rules/windows/other/win_defender_disabled.yml +++ b/rules/windows/other/win_defender_disabled.yml @@ -1,4 +1,4 @@ -title: Windows Defender threat detection disabled +title: Windows Defender Threat Detection Disabled id: fe34868f-6e0e-4882-81f6-c43aa8f15b62 description: Detects disabling Windows Defender threat protection date: 2020/07/28 diff --git a/rules/windows/other/win_defender_threat.yml b/rules/windows/other/win_defender_threat.yml index ee22bf83..9721af7b 100644 --- a/rules/windows/other/win_defender_threat.yml +++ b/rules/windows/other/win_defender_threat.yml @@ -1,4 +1,4 @@ -title: Windows Defender threat detected +title: Windows Defender Threat Detected id: 57b649ef-ff42-4fb0-8bf6-62da243a1708 description: Detects all actions taken by Windows Defender malware detection engines date: 2020/07/28 From bb214f5832fdab115624f74d4cdc2f077917c5aa Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 29 Jun 2020 12:07:15 +0200 Subject: [PATCH 532/714] rule: Explorer Root Flag Process Tree Break --- .../win_susp_explorer_break_proctree.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_explorer_break_proctree.yml diff --git a/rules/windows/process_creation/win_susp_explorer_break_proctree.yml b/rules/windows/process_creation/win_susp_explorer_break_proctree.yml new file mode 100644 index 00000000..49c22c09 --- /dev/null +++ b/rules/windows/process_creation/win_susp_explorer_break_proctree.yml @@ -0,0 +1,23 @@ +title: Explorer Root Flag Process Tree Break +id: 949f1ffb-6e85-4f00-ae1e-c3c5b190d605 +description: Detects a command line process that uses explorer.exe /root, which is similar to cmd.exe /c, only it breaks the process tree and makes its parent a new instance of explorer +status: experimental +references: + - https://twitter.com/CyberRaiju/status/1273597319322058752 + - https://twitter.com/bohops/status/1276357235954909188?s=12 +author: Florian Roth +date: 2019/06/29 +tags: + - attack.defense_evasion +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains|all: + - 'explorer.exe' + - ' /root,' + condition: selection +falsepositives: + - Unknown how many legitimate software products use that method +level: medium From 0c3ce445daf7f1a9b231f1228ff76c1af1fb6677 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20G=C3=BCnal?= Date: Mon, 29 Jun 2020 18:51:18 +0300 Subject: [PATCH 533/714] Delete remote_copy.yml --- .../windows/process_creation/remote_copy.yml | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 rules/windows/process_creation/remote_copy.yml diff --git a/rules/windows/process_creation/remote_copy.yml b/rules/windows/process_creation/remote_copy.yml deleted file mode 100644 index b49edd94..00000000 --- a/rules/windows/process_creation/remote_copy.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Remote File Copy -id: c87972e1-4594-421f-a229-8811e90ab4f2 -status: experimental -description: Detects a suspicious remote copy behavior -references: - - https://attack.mitre.org/techniques/T1105/ -author: Ömer Günal -date: 2020/06/18 -tags: - - attack.lateral_movement - - attack.command_and_control - - attack.t1105 -logsource: - category: process_creation - product: windows -detection: - selection: - CommandLine|contains: - - 'cmd /c certutil -urlcache -split -f * *' - - 'certutil -verifyctl -split -f *' - - 'C:\Windows\System32\bitsadmin.exe /transfer * /Priority HIGH * *' - condition: selection -fields: - - CommandLine -falsepositives: - - Administrative scripts -level: high From 1a088425f9b54f5990e891dea859f145de67307c Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Mon, 29 Jun 2020 20:42:35 +0200 Subject: [PATCH 534/714] Fix rules. --- .../win_susp_powershell_parent_process.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/rules/windows/process_creation/win_susp_powershell_parent_process.yml b/rules/windows/process_creation/win_susp_powershell_parent_process.yml index 94e2b87d..e25b102e 100644 --- a/rules/windows/process_creation/win_susp_powershell_parent_process.yml +++ b/rules/windows/process_creation/win_susp_powershell_parent_process.yml @@ -1,4 +1,4 @@ -title: Suspicious PowerShell parent process +title: Suspicious PowerShell Parent Process id: 754ed792-634f-40ae-b3bc-e0448d33f695 description: Detects a suspicious parents of powershell.exe status: experimental @@ -10,12 +10,9 @@ tags: - attack.execution - attack.t1086 logsource: + category: process_creation product: windows - service: sysmon detection: - selection: - EventID: 1 - selection_image1: ParentImage|endswith: - '\mshta.exe' @@ -58,7 +55,7 @@ detection: - Description: "Windows PowerShell" - Product: "PowerShell Core 6" - condition: selection and (1 of selection_image*) and (1 of filters) + condition: (1 of selection_image*) and (1 of filters) falsepositives: - Other scripts level: medium From 5a11ef90d0e41eb51720668aafc166564985b8d5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 29 Jun 2020 21:24:47 +0200 Subject: [PATCH 535/714] rule reorganized --- .../win_susp_powershell_parent_process.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/rules/windows/process_creation/win_susp_powershell_parent_process.yml b/rules/windows/process_creation/win_susp_powershell_parent_process.yml index e25b102e..5c79b2b6 100644 --- a/rules/windows/process_creation/win_susp_powershell_parent_process.yml +++ b/rules/windows/process_creation/win_susp_powershell_parent_process.yml @@ -14,7 +14,7 @@ logsource: product: windows detection: selection_image1: - ParentImage|endswith: + - ParentImage|endswith: - '\mshta.exe' - '\rundll32.exe' - '\regsvr32.exe' @@ -45,17 +45,14 @@ detection: - '\php-cgi.exe' - '\jbosssvc.exe' - "MicrosoftEdgeSH.exe" - selection_image2: - ParentImage|contains: "tomcat" - - filters: + - ParentImage|contains: "tomcat" + selection_powershell: - CommandLine|contains: - "powershell" - "pwsh" - Description: "Windows PowerShell" - Product: "PowerShell Core 6" - - condition: (1 of selection_image*) and (1 of filters) + condition: all of them falsepositives: - Other scripts level: medium From 649e4eaa63a7f2b774b1b39c57ff877087cb344e Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Mon, 29 Jun 2020 22:09:58 +0200 Subject: [PATCH 536/714] Added new rule for pwsh_xor_cmd --- .../powershell/powershell_xor_commandline.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/powershell/powershell_xor_commandline.yml diff --git a/rules/windows/powershell/powershell_xor_commandline.yml b/rules/windows/powershell/powershell_xor_commandline.yml new file mode 100644 index 00000000..1f311f26 --- /dev/null +++ b/rules/windows/powershell/powershell_xor_commandline.yml @@ -0,0 +1,26 @@ +title: Suspicious XOR Encoded PowerShell Command Line +id: 812837bb-b17f-45e9-8bd0-0ec35d2e3bd6 +description: Detects suspicious powershell process which includes bxor command, alternative obfuscation method to b64 encoded commands. +status: experimental +author: Teymur Kheirkhabarov, Harish Segar (rule) +date: 2020/06/29 +tags: + - attack.execution + - attack.t1086 + - attack.t1059.001 +logsource: + product: windows + service: powershell-classic +detection: + selection: + EventID: 400 + HostName: "ConsoleHost" + filter: + CommandLine|contains: + - "bxor" + - "join" + - "char" + condition: selection and filter +falsepositives: + - unknown +level: medium From 5e740fd7b27be929ff4f3dd29d839b8afec3ac11 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Mon, 29 Jun 2020 22:13:49 +0200 Subject: [PATCH 537/714] Added new rule for pwsh_xor_cmd (sysmon) --- .../win_powershell_xor_commandline.yml | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/rules/windows/process_creation/win_powershell_xor_commandline.yml b/rules/windows/process_creation/win_powershell_xor_commandline.yml index 150a13e7..447937a4 100644 --- a/rules/windows/process_creation/win_powershell_xor_commandline.yml +++ b/rules/windows/process_creation/win_powershell_xor_commandline.yml @@ -2,20 +2,26 @@ title: Suspicious XOR Encoded PowerShell Command Line id: bb780e0c-16cf-4383-8383-1e5471db6cf9 description: Detects suspicious powershell process which includes bxor command, alternatvide obfuscation method to b64 encoded commands. status: experimental -author: Sami Ruohonen +author: Sami Ruohonen, Harish Segar (improvement) date: 2018/09/05 +modified: 2020/06/29 tags: - attack.execution - attack.t1086 - attack.t1059.001 -detection: - selection: - CommandLine: - - '* -bxor*' - condition: selection -falsepositives: - - unknown -level: medium logsource: category: process_creation product: windows +detection: + selection: + - Description: "Windows PowerShell" + - Product: "PowerShell Core 6" + filter: + CommandLine|contains: + - "bxor" + - "join" + - "char" + condition: selection and filter +falsepositives: + - unknown +level: medium From 9c74018e122ce699c0fc43f775d479ca9788f917 Mon Sep 17 00:00:00 2001 From: Harish SEGAR Date: Mon, 29 Jun 2020 22:18:25 +0200 Subject: [PATCH 538/714] Added new rule for pwsh_xor_cmd (sysmon) --- .../windows/process_creation/win_powershell_xor_commandline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_powershell_xor_commandline.yml b/rules/windows/process_creation/win_powershell_xor_commandline.yml index 447937a4..fa333189 100644 --- a/rules/windows/process_creation/win_powershell_xor_commandline.yml +++ b/rules/windows/process_creation/win_powershell_xor_commandline.yml @@ -1,6 +1,6 @@ title: Suspicious XOR Encoded PowerShell Command Line id: bb780e0c-16cf-4383-8383-1e5471db6cf9 -description: Detects suspicious powershell process which includes bxor command, alternatvide obfuscation method to b64 encoded commands. +description: Detects suspicious powershell process which includes bxor command, alternative obfuscation method to b64 encoded commands. status: experimental author: Sami Ruohonen, Harish Segar (improvement) date: 2018/09/05 From 77553e11e83a73d30d17aebf148752f2dec33ff7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 30 Jun 2020 10:03:00 +0200 Subject: [PATCH 539/714] Update win_not_allowed_rdp_access.yml --- rules/windows/builtin/win_not_allowed_rdp_access.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_not_allowed_rdp_access.yml b/rules/windows/builtin/win_not_allowed_rdp_access.yml index 8ec3cd2f..da63b4b5 100644 --- a/rules/windows/builtin/win_not_allowed_rdp_access.yml +++ b/rules/windows/builtin/win_not_allowed_rdp_access.yml @@ -1,4 +1,4 @@ -title: A User Was Denied The Access To Remote Desktop +title: Denied Access To Remote Desktop id: 8e5c03fa-b7f0-11ea-b242-07e0576828d9 description: This event is generated when an authenticated user who is not allowed to log on remotely attempts to connect to this computer through Remote Desktop. Often, this event can be generated by attackers when searching for available windows servers in the network. From 6ed1ea650902f7dd589d18eaec784a8b36be9d29 Mon Sep 17 00:00:00 2001 From: Chris Brake Date: Tue, 30 Jun 2020 14:49:29 +0100 Subject: [PATCH 540/714] Updating the mdatp backend file as it is currently impossible to set an ActionType as there is no mapping to EventType --- tools/sigma/backends/mdatp.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/sigma/backends/mdatp.py b/tools/sigma/backends/mdatp.py index f373c042..ad5d0960 100644 --- a/tools/sigma/backends/mdatp.py +++ b/tools/sigma/backends/mdatp.py @@ -92,7 +92,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "DeviceEvents": { "TargetFilename": ("FolderPath", self.default_value_mapping), "TargetImage": ("FolderPath", self.default_value_mapping), - + "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), }, @@ -100,7 +100,7 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "TargetObject": ("RegistryKey", self.default_value_mapping), "ObjectValueName": ("RegistryValueName", self.default_value_mapping), "Details": ("RegistryValueData", self.default_value_mapping), - + "EventType": ("ActionType", self.default_value_mapping), "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), }, @@ -120,13 +120,13 @@ class WindowsDefenderATPBackend(SingleTextQueryBackend): "SourcePort": ("LocalPort", self.default_value_mapping), "SourceIp": ("LocalIP", self.default_value_mapping), "DestinationHostname": ("RemoteUrl", self.default_value_mapping), - + "EventType": ("ActionType", self.default_value_mapping), "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), }, "DeviceImageLoadEvents": { "ImageLoaded": ("FolderPath", self.default_value_mapping), - + "EventType": ("ActionType", self.default_value_mapping), "Image": ("InitiatingProcessFolderPath", self.default_value_mapping), "User": (self.decompose_user, ), } From f2587791f2a07fcda15428a1e8dd78796aee6953 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 09:04:26 +0200 Subject: [PATCH 541/714] rule: suspicious rar flags --- .../process_creation/win_susp_rar_flags.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_rar_flags.yml diff --git a/rules/windows/process_creation/win_susp_rar_flags.yml b/rules/windows/process_creation/win_susp_rar_flags.yml new file mode 100644 index 00000000..1840fe8d --- /dev/null +++ b/rules/windows/process_creation/win_susp_rar_flags.yml @@ -0,0 +1,24 @@ +title: Rar with Password or Compression Level +id: faa48cae-6b25-4f00-a094-08947fef582f +status: experimental +description: Detects the use of rar.exe, on the command line, to create an archive with password protection or with a specific compression level. This is pretty indicative of malicious actions. +references: + - https://labs.sentinelone.com/the-anatomy-of-an-apt-attack-and-cobaltstrike-beacons-encoded-configuration/ +author: '@ROxPinTeddy' +date: 2020/05/12 +tags: + - attack.exfiltration + - attack.t1002 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains: + - ' -hp' + - ' -m' + condition: selection +falsepositives: + - Legitimate use of Winrar command line version + - Other command line tools, that use these flags +level: medium \ No newline at end of file From fe71d21d97de7d39efd4a0cc6a4c08d367cdaebd Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 09:11:00 +0200 Subject: [PATCH 542/714] style: removed new lines --- rules/windows/registry_event/sysmon_susp_service_installed.yml | 1 - .../registry_event/sysmon_suspicious_keyboard_layout_load.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/rules/windows/registry_event/sysmon_susp_service_installed.yml b/rules/windows/registry_event/sysmon_susp_service_installed.yml index 920c884a..0b69557e 100755 --- a/rules/windows/registry_event/sysmon_susp_service_installed.yml +++ b/rules/windows/registry_event/sysmon_susp_service_installed.yml @@ -14,7 +14,6 @@ logsource: product: windows detection: selection_1: - TargetObject: - 'HKLM\System\CurrentControlSet\Services\NalDrv\ImagePath' - 'HKLM\System\CurrentControlSet\Services\PROCEXP152\ImagePath' diff --git a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml index ee1ac4d7..aa2a1b1d 100755 --- a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml +++ b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml @@ -14,7 +14,6 @@ logsource: definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files' detection: selection_registry: - TargetObject: - '*\Keyboard Layout\Preload\*' - '*\Keyboard Layout\Substitutes\*' From d70b63b78cb4c3ca4105596dc887c791098f2bdc Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 09:17:31 +0200 Subject: [PATCH 543/714] rule: RedMimicry rules (modified) --- .../file_event/sysmon_redmimicry_winnti.yml | 23 ++++++++++++++++ .../sysmon_redmimicry_winnti.yml | 27 +++++++++++++++++++ .../sysmon_redmimicry_winnti.yml | 20 ++++++++++++++ .../sysmon/sysmon_redmimicry_winnti.yml | 22 +++++++++++++++ 4 files changed, 92 insertions(+) create mode 100644 rules/windows/file_event/sysmon_redmimicry_winnti.yml create mode 100644 rules/windows/process_creation/sysmon_redmimicry_winnti.yml create mode 100644 rules/windows/registry_event/sysmon_redmimicry_winnti.yml create mode 100644 rules/windows/sysmon/sysmon_redmimicry_winnti.yml diff --git a/rules/windows/file_event/sysmon_redmimicry_winnti.yml b/rules/windows/file_event/sysmon_redmimicry_winnti.yml new file mode 100644 index 00000000..c754edcb --- /dev/null +++ b/rules/windows/file_event/sysmon_redmimicry_winnti.yml @@ -0,0 +1,23 @@ +title: RedMimicry Winnti Playbook Dropped File +id: 130c9e58-28ac-4f83-8574-0a4cc913b97e +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1027 +logsource: + product: windows + category: file_event +detection: + selection: + TargetFilename|contains: + - gthread-3.6.dll + - sigcmm-2.4.dll + - \Windows\Temp\tmp.bat + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/process_creation/sysmon_redmimicry_winnti.yml b/rules/windows/process_creation/sysmon_redmimicry_winnti.yml new file mode 100644 index 00000000..367b3722 --- /dev/null +++ b/rules/windows/process_creation/sysmon_redmimicry_winnti.yml @@ -0,0 +1,27 @@ +title: RedMimicry Winnti Playbook Execute +id: 95022b85-ff2a-49fa-939a-d7b8f56eeb9b +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.execution + - attack.t1059 + - attack.t1106 +logsource: + product: windows + category: process_creation +detection: + selection: + Image|contains: + - rundll32.exe + - cmd.exe + CommandLine|contains: + - gthread-3.6.dll + - \Windows\Temp\tmp.bat + - sigcmm-2.4.dll + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/registry_event/sysmon_redmimicry_winnti.yml b/rules/windows/registry_event/sysmon_redmimicry_winnti.yml new file mode 100644 index 00000000..9f8bee94 --- /dev/null +++ b/rules/windows/registry_event/sysmon_redmimicry_winnti.yml @@ -0,0 +1,20 @@ +title: RedMimicry Winnti Playbook Registry Manipulation +id: 5b175490-b652-4b02-b1de-5b5b4083c5f8 +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1112 +logsource: + product: windows + category: registry_event +detection: + selection: + TargetObject|contains: HKLM\SOFTWARE\Microsoft\HTMLHelp\data + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/sysmon/sysmon_redmimicry_winnti.yml b/rules/windows/sysmon/sysmon_redmimicry_winnti.yml new file mode 100644 index 00000000..972bc2c6 --- /dev/null +++ b/rules/windows/sysmon/sysmon_redmimicry_winnti.yml @@ -0,0 +1,22 @@ +title: RedMimicry Winnti Playbook Inject +id: 51c1c141-efef-4686-88d6-50b8da6d5562 +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1055 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 8 + SourceImage|contains: rundll32.exe + TargetImage|contains: svchost.exe + condition: selection +falsepositives: + - Unknown +level: high From 154181c6c8ec289a0878305b0515462721e55481 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 09:48:48 +0200 Subject: [PATCH 544/714] fix: renamed files and lien break change --- ... => sysmon_redmimicry_winnti_filedrop.yml} | 46 ++++++++-------- ...nti.yml => win_redmimicry_winnti_proc.yml} | 54 +++++++++---------- ...i.yml => sysmon_redmimicry_winnti_reg.yml} | 40 +++++++------- ...ml => sysmon_redmimicry_winnti_inject.yml} | 44 +++++++-------- 4 files changed, 92 insertions(+), 92 deletions(-) rename rules/windows/file_event/{sysmon_redmimicry_winnti.yml => sysmon_redmimicry_winnti_filedrop.yml} (96%) rename rules/windows/process_creation/{sysmon_redmimicry_winnti.yml => win_redmimicry_winnti_proc.yml} (96%) rename rules/windows/registry_event/{sysmon_redmimicry_winnti.yml => sysmon_redmimicry_winnti_reg.yml} (96%) rename rules/windows/sysmon/{sysmon_redmimicry_winnti.yml => sysmon_redmimicry_winnti_inject.yml} (96%) diff --git a/rules/windows/file_event/sysmon_redmimicry_winnti.yml b/rules/windows/file_event/sysmon_redmimicry_winnti_filedrop.yml similarity index 96% rename from rules/windows/file_event/sysmon_redmimicry_winnti.yml rename to rules/windows/file_event/sysmon_redmimicry_winnti_filedrop.yml index c754edcb..00e042ac 100644 --- a/rules/windows/file_event/sysmon_redmimicry_winnti.yml +++ b/rules/windows/file_event/sysmon_redmimicry_winnti_filedrop.yml @@ -1,23 +1,23 @@ -title: RedMimicry Winnti Playbook Dropped File -id: 130c9e58-28ac-4f83-8574-0a4cc913b97e -description: Detects actions caused by the RedMimicry Winnti playbook -references: - - https://redmimicry.com -author: Alexander Rausch -date: 2020/06/24 -tags: - - attack.defense_evasion - - attack.t1027 -logsource: - product: windows - category: file_event -detection: - selection: - TargetFilename|contains: - - gthread-3.6.dll - - sigcmm-2.4.dll - - \Windows\Temp\tmp.bat - condition: selection -falsepositives: - - Unknown -level: high +title: RedMimicry Winnti Playbook Dropped File +id: 130c9e58-28ac-4f83-8574-0a4cc913b97e +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1027 +logsource: + product: windows + category: file_event +detection: + selection: + TargetFilename|contains: + - gthread-3.6.dll + - sigcmm-2.4.dll + - \Windows\Temp\tmp.bat + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/process_creation/sysmon_redmimicry_winnti.yml b/rules/windows/process_creation/win_redmimicry_winnti_proc.yml similarity index 96% rename from rules/windows/process_creation/sysmon_redmimicry_winnti.yml rename to rules/windows/process_creation/win_redmimicry_winnti_proc.yml index 367b3722..d7f7e9a5 100644 --- a/rules/windows/process_creation/sysmon_redmimicry_winnti.yml +++ b/rules/windows/process_creation/win_redmimicry_winnti_proc.yml @@ -1,27 +1,27 @@ -title: RedMimicry Winnti Playbook Execute -id: 95022b85-ff2a-49fa-939a-d7b8f56eeb9b -description: Detects actions caused by the RedMimicry Winnti playbook -references: - - https://redmimicry.com -author: Alexander Rausch -date: 2020/06/24 -tags: - - attack.execution - - attack.t1059 - - attack.t1106 -logsource: - product: windows - category: process_creation -detection: - selection: - Image|contains: - - rundll32.exe - - cmd.exe - CommandLine|contains: - - gthread-3.6.dll - - \Windows\Temp\tmp.bat - - sigcmm-2.4.dll - condition: selection -falsepositives: - - Unknown -level: high +title: RedMimicry Winnti Playbook Execute +id: 95022b85-ff2a-49fa-939a-d7b8f56eeb9b +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.execution + - attack.t1059 + - attack.t1106 +logsource: + product: windows + category: process_creation +detection: + selection: + Image|contains: + - rundll32.exe + - cmd.exe + CommandLine|contains: + - gthread-3.6.dll + - \Windows\Temp\tmp.bat + - sigcmm-2.4.dll + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/registry_event/sysmon_redmimicry_winnti.yml b/rules/windows/registry_event/sysmon_redmimicry_winnti_reg.yml similarity index 96% rename from rules/windows/registry_event/sysmon_redmimicry_winnti.yml rename to rules/windows/registry_event/sysmon_redmimicry_winnti_reg.yml index 9f8bee94..e1a83679 100644 --- a/rules/windows/registry_event/sysmon_redmimicry_winnti.yml +++ b/rules/windows/registry_event/sysmon_redmimicry_winnti_reg.yml @@ -1,20 +1,20 @@ -title: RedMimicry Winnti Playbook Registry Manipulation -id: 5b175490-b652-4b02-b1de-5b5b4083c5f8 -description: Detects actions caused by the RedMimicry Winnti playbook -references: - - https://redmimicry.com -author: Alexander Rausch -date: 2020/06/24 -tags: - - attack.defense_evasion - - attack.t1112 -logsource: - product: windows - category: registry_event -detection: - selection: - TargetObject|contains: HKLM\SOFTWARE\Microsoft\HTMLHelp\data - condition: selection -falsepositives: - - Unknown -level: high +title: RedMimicry Winnti Playbook Registry Manipulation +id: 5b175490-b652-4b02-b1de-5b5b4083c5f8 +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1112 +logsource: + product: windows + category: registry_event +detection: + selection: + TargetObject|contains: HKLM\SOFTWARE\Microsoft\HTMLHelp\data + condition: selection +falsepositives: + - Unknown +level: high diff --git a/rules/windows/sysmon/sysmon_redmimicry_winnti.yml b/rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml similarity index 96% rename from rules/windows/sysmon/sysmon_redmimicry_winnti.yml rename to rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml index 972bc2c6..2e8b2411 100644 --- a/rules/windows/sysmon/sysmon_redmimicry_winnti.yml +++ b/rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml @@ -1,22 +1,22 @@ -title: RedMimicry Winnti Playbook Inject -id: 51c1c141-efef-4686-88d6-50b8da6d5562 -description: Detects actions caused by the RedMimicry Winnti playbook -references: - - https://redmimicry.com -author: Alexander Rausch -date: 2020/06/24 -tags: - - attack.defense_evasion - - attack.t1055 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 8 - SourceImage|contains: rundll32.exe - TargetImage|contains: svchost.exe - condition: selection -falsepositives: - - Unknown -level: high +title: RedMimicry Winnti Playbook Inject +id: 51c1c141-efef-4686-88d6-50b8da6d5562 +description: Detects actions caused by the RedMimicry Winnti playbook +references: + - https://redmimicry.com +author: Alexander Rausch +date: 2020/06/24 +tags: + - attack.defense_evasion + - attack.t1055 +logsource: + product: windows + service: sysmon +detection: + selection: + EventID: 8 + SourceImage|contains: rundll32.exe + TargetImage|contains: svchost.exe + condition: selection +falsepositives: + - Unknown +level: high From ab40cdbbd7d55109e62fe40be106750706891b8b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 09:57:35 +0200 Subject: [PATCH 545/714] fix: missing ATT&CK id --- tests/test_rules.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index 0fd01c1f..c0662e96 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -106,6 +106,7 @@ class TestRules(unittest.TestCase): "t1102", "t1103", "t1105", + "t1106", "t1107", "t1110", "t1112", From 4231fe2efcbfa94cc77b04d302e8dba9b43f0cb7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 10:23:30 +0200 Subject: [PATCH 546/714] fix: remove duplicate rules in sysmon (generic rule cleanup) --- .../sysmon/sysmon_apt_oceanlotus_registry.yml | 36 ------ rules/windows/sysmon/sysmon_apt_pandemic.yml | 41 ------ .../sysmon_asep_reg_keys_modification.yml | 34 ----- .../sysmon/sysmon_creation_system_file.yml | 57 --------- .../sysmon/sysmon_cred_dump_lsass_access.yml | 57 --------- .../sysmon_cred_dump_tools_dropped_files.yml | 51 -------- .../windows/sysmon/sysmon_dhcp_calloutdll.yml | 28 ----- ...y_events_logging_adding_reg_key_minint.yml | 33 ----- .../sysmon_dns_serverlevelplugindll.yml | 40 ------ .../sysmon/sysmon_ghostpack_safetykatz.yml | 23 ---- rules/windows/sysmon/sysmon_hack_dumpert.yml | 36 ------ rules/windows/sysmon/sysmon_hack_wce.yml | 38 ------ .../sysmon_in_memory_assembly_execution.yml | 47 ------- .../sysmon/sysmon_in_memory_powershell.yml | 36 ------ .../windows/sysmon/sysmon_invoke_phantom.yml | 27 ---- rules/windows/sysmon/sysmon_lsass_memdump.yml | 28 ----- ...sysmon_lsass_memory_dump_file_creation.yml | 28 ----- .../sysmon_malware_backconnect_ports.yml | 99 --------------- .../sysmon_malware_verclsid_shellcode.yml | 32 ----- .../sysmon_mimikatz_inmemory_detection.yml | 45 ------- .../sysmon/sysmon_mimikatz_trough_winrm.yml | 28 ----- .../sysmon_narrator_feedback_persistance.yml | 28 ----- ..._dll_added_to_appcertdlls_registry_key.yml | 35 ------ ...dll_added_to_appinit_dlls_registry_key.yml | 37 ------ .../sysmon_notepad_network_connection.yml | 25 ---- ..._service_registry_permissions_weakness.yml | 33 ----- ...sysmon_powershell_execution_moduleload.yml | 30 ----- .../sysmon_powershell_exploit_scripts.yml | 119 ------------------ .../sysmon_powershell_network_connection.yml | 47 ------- .../sysmon/sysmon_quarkspw_filedump.yml | 25 ---- .../sysmon_rdp_registry_modification.yml | 31 ----- .../sysmon/sysmon_rdp_reverse_tunnel.yml | 30 ----- .../sysmon/sysmon_rdp_settings_hijack.yml | 23 ---- ...ysmon_registry_persistence_key_linking.yml | 25 ---- ...smon_registry_persistence_search_order.yml | 30 ----- ...mon_registry_trust_record_modification.yml | 25 ---- ...smon_remote_powershell_session_network.yml | 27 ---- .../sysmon_rundll32_net_connections.yml | 46 ------- .../sysmon/sysmon_ssp_added_lsa_config.yml | 28 ----- .../sysmon/sysmon_stickykey_like_backdoor.yml | 50 -------- .../sysmon/sysmon_susp_adsi_cache_usage.yml | 30 ----- .../sysmon/sysmon_susp_desktop_ini.yml | 28 ----- .../sysmon/sysmon_susp_download_run_key.yml | 27 ---- .../sysmon/sysmon_susp_driver_load.yml | 20 --- .../windows/sysmon/sysmon_susp_image_load.yml | 27 ---- ...n_susp_office_dotnet_assembly_dll_load.yml | 29 ----- ...sysmon_susp_office_dotnet_clr_dll_load.yml | 29 ----- ...sysmon_susp_office_dotnet_gac_dll_load.yml | 29 ----- .../sysmon_susp_office_dsparse_dll_load.yml | 29 ----- .../sysmon_susp_office_kerberos_dll_load.yml | 29 ----- ...cexplorer_driver_created_in_tmp_folder.yml | 29 ----- ..._susp_prog_location_network_connection.yml | 32 ----- rules/windows/sysmon/sysmon_susp_rdp.yml | 45 ------- .../sysmon_susp_reg_persist_explorer_run.yml | 36 ------ .../sysmon/sysmon_susp_run_key_img_folder.yml | 38 ------ .../sysmon/sysmon_susp_service_installed.yml | 34 ----- .../sysmon_susp_winword_vbadll_load.yml | 31 ----- .../sysmon_susp_winword_wmidll_load.yml | 34 ----- ...sysmon_suspicious_dbghelp_dbgcore_load.yml | 64 ---------- ...sysmon_suspicious_keyboard_layout_load.yml | 28 ----- ...uspicious_outbound_kerberos_connection.yml | 31 ----- ...sysmon_svchost_dll_search_order_hijack.yml | 35 ------ .../sysmon_sysinternals_eula_accepted.yml | 30 ----- .../sysmon_tsclient_filewrite_startup.yml | 18 --- .../sysmon/sysmon_uac_bypass_eventvwr.yml | 34 ----- .../sysmon/sysmon_uac_bypass_sdclt.yml | 26 ---- ...ysmon_unsigned_image_loaded_into_lsass.yml | 25 ---- .../sysmon_webshell_creation_detect.yml | 48 ------- .../sysmon/sysmon_win_binary_github_com.yml | 28 ----- .../sysmon/sysmon_win_binary_susp_com.yml | 29 ----- .../sysmon/sysmon_win_reg_persistence.yml | 29 ----- .../windows/sysmon/sysmon_wmi_module_load.yml | 49 -------- ...persistence_commandline_event_consumer.yml | 24 ---- ...ersistence_script_event_consumer_write.yml | 23 ---- 74 files changed, 2615 deletions(-) delete mode 100644 rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml delete mode 100755 rules/windows/sysmon/sysmon_apt_pandemic.yml delete mode 100644 rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml delete mode 100644 rules/windows/sysmon/sysmon_creation_system_file.yml delete mode 100644 rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml delete mode 100644 rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml delete mode 100644 rules/windows/sysmon/sysmon_dhcp_calloutdll.yml delete mode 100644 rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml delete mode 100644 rules/windows/sysmon/sysmon_dns_serverlevelplugindll.yml delete mode 100644 rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml delete mode 100644 rules/windows/sysmon/sysmon_hack_dumpert.yml delete mode 100644 rules/windows/sysmon/sysmon_hack_wce.yml delete mode 100644 rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml delete mode 100644 rules/windows/sysmon/sysmon_in_memory_powershell.yml delete mode 100644 rules/windows/sysmon/sysmon_invoke_phantom.yml delete mode 100644 rules/windows/sysmon/sysmon_lsass_memdump.yml delete mode 100644 rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml delete mode 100644 rules/windows/sysmon/sysmon_malware_backconnect_ports.yml delete mode 100644 rules/windows/sysmon/sysmon_malware_verclsid_shellcode.yml delete mode 100644 rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml delete mode 100644 rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml delete mode 100644 rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml delete mode 100644 rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml delete mode 100644 rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml delete mode 100644 rules/windows/sysmon/sysmon_notepad_network_connection.yml delete mode 100644 rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml delete mode 100644 rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml delete mode 100644 rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml delete mode 100644 rules/windows/sysmon/sysmon_powershell_network_connection.yml delete mode 100644 rules/windows/sysmon/sysmon_quarkspw_filedump.yml delete mode 100644 rules/windows/sysmon/sysmon_rdp_registry_modification.yml delete mode 100644 rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml delete mode 100644 rules/windows/sysmon/sysmon_rdp_settings_hijack.yml delete mode 100644 rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml delete mode 100644 rules/windows/sysmon/sysmon_registry_persistence_search_order.yml delete mode 100644 rules/windows/sysmon/sysmon_registry_trust_record_modification.yml delete mode 100644 rules/windows/sysmon/sysmon_remote_powershell_session_network.yml delete mode 100644 rules/windows/sysmon/sysmon_rundll32_net_connections.yml delete mode 100644 rules/windows/sysmon/sysmon_ssp_added_lsa_config.yml delete mode 100644 rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_desktop_ini.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_download_run_key.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_driver_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_image_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_prog_location_network_connection.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_rdp.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_service_installed.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_winword_wmidll_load.yml delete mode 100644 rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml delete mode 100644 rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml delete mode 100644 rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml delete mode 100644 rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml delete mode 100644 rules/windows/sysmon/sysmon_sysinternals_eula_accepted.yml delete mode 100644 rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml delete mode 100644 rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml delete mode 100644 rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml delete mode 100644 rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml delete mode 100644 rules/windows/sysmon/sysmon_webshell_creation_detect.yml delete mode 100644 rules/windows/sysmon/sysmon_win_binary_github_com.yml delete mode 100644 rules/windows/sysmon/sysmon_win_binary_susp_com.yml delete mode 100644 rules/windows/sysmon/sysmon_win_reg_persistence.yml delete mode 100644 rules/windows/sysmon/sysmon_wmi_module_load.yml delete mode 100644 rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml delete mode 100644 rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml diff --git a/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml b/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml deleted file mode 100644 index 6b8cfe86..00000000 --- a/rules/windows/sysmon/sysmon_apt_oceanlotus_registry.yml +++ /dev/null @@ -1,36 +0,0 @@ -title: OceanLotus Registry Activity -id: 4ac5fc44-a601-4c06-955b-309df8c4e9d4 -status: experimental -description: Detects registry keys created in OceanLotus (also known as APT32) attacks -references: - - https://www.welivesecurity.com/2019/03/20/fake-or-fake-keeping-up-with-oceanlotus-decoys/ -tags: - - attack.t1112 -author: megan201296 -date: 2019/04/14 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject: - - 'HKCR\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' - - 'HKU\\*_Classes\CLSID\{E08A0F4B-1F65-4D4D-9A09-BD4625B9C5A1}\Model' - # covers HKU\* and HKLM.. - - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\Application' - - '*\SOFTWARE\App\AppXbf13d4ea2945444d8b13e2121cb6b663\DefaultIcon' - - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\Application' - - '*\SOFTWARE\App\AppX70162486c7554f7f80f481985d67586d\DefaultIcon' - - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\Application' - - '*\SOFTWARE\App\AppX37cc7fdccd644b4f85f4b22d5a3f105a\DefaultIcon' - # HKCU\SOFTWARE\Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\ - - 'HKU\\*_Classes\AppXc52346ec40fb4061ad96be0e6cb7d16a\\*' - # HKCU\SOFTWARE\Classes\AppX3bbba44c6cae4d9695755183472171e2\ - - 'HKU\\*_Classes\AppX3bbba44c6cae4d9695755183472171e2\\*' - # HKCU\SOFTWARE\Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\ - - 'HKU\\*_Classes\CLSID\{E3517E26-8E93-458D-A6DF-8030BC80528B}\\*' - condition: selection -falsepositives: - - Unknown -level: critical diff --git a/rules/windows/sysmon/sysmon_apt_pandemic.yml b/rules/windows/sysmon/sysmon_apt_pandemic.yml deleted file mode 100755 index 7360e5e2..00000000 --- a/rules/windows/sysmon/sysmon_apt_pandemic.yml +++ /dev/null @@ -1,41 +0,0 @@ -action: global -title: Pandemic Registry Key -id: 47e0852a-cf81-4494-a8e6-31864f8c86ed -status: experimental -description: Detects Pandemic Windows Implant -references: - - https://wikileaks.org/vault7/#Pandemic - - https://twitter.com/MalwareJake/status/870349480356454401 -tags: - - attack.lateral_movement - - attack.t1105 -author: Florian Roth -date: 2017/06/01 -detection: - condition: 1 of them -fields: - - EventID - - CommandLine - - ParentCommandLine - - Image - - User - - TargetObject -falsepositives: - - unknown -level: critical ---- -logsource: - product: windows - service: sysmon -detection: - selection1: - EventID: 13 - TargetObject: - - 'HKLM\SYSTEM\CurrentControlSet\services\null\Instance*' ---- -logsource: - category: process_creation - product: windows -detection: - selection2: - Command: 'loaddll -a *' diff --git a/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml b/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml deleted file mode 100644 index 72f08c5e..00000000 --- a/rules/windows/sysmon/sysmon_asep_reg_keys_modification.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: Autorun Keys Modification -id: 17f878b8-9968-4578-b814-c4217fc5768c -description: Detects modification of autostart extensibility point (ASEP) in registry -status: experimental -references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1060/T1060.yaml -tags: - - attack.persistence - - attack.t1060 - - attack.t1547.001 -date: 2019/10/21 -modified: 2019/11/10 -author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject|contains: - - '\software\Microsoft\Windows\CurrentVersion\Run' - - '\software\Microsoft\Windows\CurrentVersion\RunOnce' - - '\software\Microsoft\Windows\CurrentVersion\RunOnceEx' - - '\software\Microsoft\Windows\CurrentVersion\RunServices' - - '\software\Microsoft\Windows\CurrentVersion\RunServicesOnce' - - '\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit' - - '\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell' - - '\software\Microsoft\Windows NT\CurrentVersion\Windows' - - '\software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders' - condition: selection -falsepositives: - - Legitimate software automatically (mostly, during installation) sets up autorun keys for legitimate reason - - Legitimate administrator sets up autorun keys for legitimate reason -level: medium diff --git a/rules/windows/sysmon/sysmon_creation_system_file.yml b/rules/windows/sysmon/sysmon_creation_system_file.yml deleted file mode 100644 index 9f8143c8..00000000 --- a/rules/windows/sysmon/sysmon_creation_system_file.yml +++ /dev/null @@ -1,57 +0,0 @@ -title: File Created with System Process Name -id: d5866ddf-ce8f-4aea-b28e-d96485a20d3d -status: experimental -description: Detects the creation of a executable with a sytem process name in a suspicious folder -references: - - https://attack.mitre.org/techniques/T1036/ -author: Sander Wiebing -date: 2020/05/26 -tags: - - attack.defense_evasion - - attack.t1036 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename|endswith: - - '*\svchost.exe' - - '*\rundll32.exe' - - '*\services.exe' - - '*\powershell.exe' - - '*\regsvr32.exe' - - '*\spoolsv.exe' - - '*\lsass.exe' - - '*\smss.exe' - - '*\csrss.exe' - - '*\conhost.exe' - - '*\wininit.exe' - - '*\lsm.exe' - - '*\winlogon.exe' - - '*\explorer.exe' - - '*\taskhost.exe' - - '*\Taskmgr.exe' - - '*\taskmgr.exe' - - '*\sihost.exe' - - '*\RuntimeBroker.exe' - - '*\runtimebroker.exe' - - '*\smartscreen.exe' - - '*\dllhost.exe' - - '*\audiodg.exe' - - '*\wlanext.exe' - filter: - TargetFilename: - - 'C:\Windows\System32\\*' - - 'C:\Windows\system32\\*' - - 'C:\Windows\SysWow64\\*' - - 'C:\Windows\SysWOW64\\*' - - 'C:\Windows\winsxs\\*' - - 'C:\Windows\WinSxS\\*' - - '\SystemRoot\System32\\*' - condition: selection and not filter -fields: - - Image -falsepositives: - - System processes copied outside the default folder -level: high diff --git a/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml b/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml deleted file mode 100644 index 5e05ea71..00000000 --- a/rules/windows/sysmon/sysmon_cred_dump_lsass_access.yml +++ /dev/null @@ -1,57 +0,0 @@ -title: Credentials Dumping Tools Accessing LSASS Memory -id: 32d0d3e2-e58d-4d41-926b-18b520b2b32d -status: experimental -description: Detects process access LSASS memory which is typical for credentials dumping tools -author: Florian Roth, Roberto Rodriguez, Dimitrios Slamaris, Mark Russinovich, Thomas Patzke, Teymur Kheirkhabarov, Sherif Eldeeb, James Dickenson, Aleksey Potapov, oscd.community (update) -date: 2017/02/16 -modified: 2019/11/08 -references: - - https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow - - https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html - - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment - - http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf -tags: - - attack.t1003 - - attack.s0002 - - attack.credential_access - - car.2019-04-004 - - attack.t1003.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 10 - TargetImage|endswith: '\lsass.exe' - GrantedAccess|contains: - - '0x40' - - '0x1000' - - '0x1400' - - '0x100000' - - '0x1410' # car.2019-04-004 - - '0x1010' # car.2019-04-004 - - '0x1438' # car.2019-04-004 - - '0x143a' # car.2019-04-004 - - '0x1418' # car.2019-04-004 - - '0x1f0fff' - - '0x1f1fff' - - '0x1f2fff' - - '0x1f3fff' - filter: - ProcessName|endswith: # easy to bypass. need to implement supportive rule to detect bypass attempts - - '\wmiprvse.exe' - - '\taskmgr.exe' - - '\procexp64.exe' - - '\procexp.exe' - - '\lsm.exe' - - '\csrss.exe' - - '\wininit.exe' - - '\vmtoolsd.exe' - condition: selection and not filter -fields: - - ComputerName - - User - - SourceImage -falsepositives: - - Legitimate software accessing LSASS process for legitimate reason; update the whitelist with it -level: high diff --git a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml b/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml deleted file mode 100644 index 6a76bfa6..00000000 --- a/rules/windows/sysmon/sysmon_cred_dump_tools_dropped_files.yml +++ /dev/null @@ -1,51 +0,0 @@ -title: Cred Dump Tools Dropped Files -id: 8fbf3271-1ef6-4e94-8210-03c2317947f6 -description: Files with well-known filenames (parts of credential dump software or files produced by them) creation -author: Teymur Kheirkhabarov, oscd.community -date: 2019/11/01 -modified: 2019/11/13 -references: - - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.002 - - attack.t1003.001 - - attack.t1003.003 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename|contains: - - '\pwdump' - - '\kirbi' - - '\pwhashes' - - '\wce_ccache' - - '\wce_krbtkts' - - '\fgdump-log' - TargetFilename|endswith: - - '\test.pwd' - - '\lsremora64.dll' - - '\lsremora.dll' - - '\fgexec.exe' - - '\wceaux.dll' - - '\SAM.out' - - '\SECURITY.out' - - '\SYSTEM.out' - - '\NTDS.out' - - '\DumpExt.dll' - - '\DumpSvc.exe' - - '\cachedump64.exe' - - '\cachedump.exe' - - '\pstgdump.exe' - - '\servpw.exe' - - '\servpw64.exe' - - '\pwdump.exe' - - '\procdump64.exe' - condition: selection -falsepositives: - - Legitimate Administrator using tool for password recovery -level: high -status: experimental diff --git a/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml b/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml deleted file mode 100644 index 0375f267..00000000 --- a/rules/windows/sysmon/sysmon_dhcp_calloutdll.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: DHCP Callout DLL Installation -id: 9d3436ef-9476-4c43-acca-90ce06bdf33a -status: experimental -description: Detects the installation of a Callout DLL via CalloutDlls and CalloutEnabled parameter in Registry, which can be used to execute code in context of the DHCP server (restart required) -references: - - https://blog.3or.de/mimilib-dhcp-server-callout-dll-injection.html - - https://technet.microsoft.com/en-us/library/cc726884(v=ws.10).aspx - - https://msdn.microsoft.com/de-de/library/windows/desktop/aa363389(v=vs.85).aspx -date: 2017/05/15 -author: Dimitrios Slamaris -tags: - - attack.defense_evasion - - attack.t1073 - - attack.t1112 - - attack.t1574.002 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject: - - '*\Services\DHCPServer\Parameters\CalloutDlls' - - '*\Services\DHCPServer\Parameters\CalloutEnabled' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml deleted file mode 100644 index bf53e1c8..00000000 --- a/rules/windows/sysmon/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ /dev/null @@ -1,33 +0,0 @@ -title: Disable Security Events Logging Adding Reg Key MiniNt -id: 919f2ef0-be2d-4a7a-b635-eb2b41fde044 -status: experimental -description: Detects the addition of a key 'MiniNt' to the registry. Upon a reboot, Windows Event Log service will stopped write events. -references: - - https://twitter.com/0gtweet/status/1182516740955226112 -tags: - - attack.defense_evasion - - attack.t1089 - - attack.t1562.001 -author: Ilyas Ochkov, oscd.community -date: 2019/10/25 -modified: 2019/11/13 -logsource: - product: windows - service: sysmon -detection: - selection: - - EventID: 12 # key create - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one - TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' - EventType: 'CreateKey' # we don't want deletekey - - EventID: 14 # key rename - NewName: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' - condition: selection -fields: - - EventID - - Image - - TargetObject - - NewName -falsepositives: - - Unkown -level: high diff --git a/rules/windows/sysmon/sysmon_dns_serverlevelplugindll.yml b/rules/windows/sysmon/sysmon_dns_serverlevelplugindll.yml deleted file mode 100644 index 7abb9ced..00000000 --- a/rules/windows/sysmon/sysmon_dns_serverlevelplugindll.yml +++ /dev/null @@ -1,40 +0,0 @@ -action: global -title: DNS ServerLevelPluginDll Install -id: e61e8a88-59a9-451c-874e-70fcc9740d67 -status: experimental -description: Detects the installation of a plugin DLL via ServerLevelPluginDll parameter in Registry, which can be used to execute code in context of the DNS server - (restart required) -references: - - https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83 -date: 2017/05/08 -author: Florian Roth -tags: - - attack.defense_evasion - - attack.t1073 -detection: - condition: 1 of them -fields: - - EventID - - CommandLine - - ParentCommandLine - - Image - - User - - TargetObject -falsepositives: - - unknown -level: high ---- -logsource: - product: windows - service: sysmon -detection: - dnsregmod: - EventID: 13 - TargetObject: '*\services\DNS\Parameters\ServerLevelPluginDll' ---- -logsource: - category: process_creation - product: windows -detection: - dnsadmin: - CommandLine: 'dnscmd.exe /config /serverlevelplugindll *' \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml b/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml deleted file mode 100644 index 1dc20497..00000000 --- a/rules/windows/sysmon/sysmon_ghostpack_safetykatz.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: Detection of SafetyKatz -id: e074832a-eada-4fd7-94a1-10642b130e16 -status: experimental -description: Detects possible SafetyKatz Behaviour -references: - - https://github.com/GhostPack/SafetyKatz -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.001 -author: Markus Neis -date: 2018/07/24 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename: '*\Temp\debug.bin' - condition: selection -falsepositives: - - Unknown -level: high diff --git a/rules/windows/sysmon/sysmon_hack_dumpert.yml b/rules/windows/sysmon/sysmon_hack_dumpert.yml deleted file mode 100644 index 443c8bf3..00000000 --- a/rules/windows/sysmon/sysmon_hack_dumpert.yml +++ /dev/null @@ -1,36 +0,0 @@ -action: global -title: Dumpert Process Dumper -id: 2704ab9e-afe2-4854-a3b1-0c0706d03578 -description: Detects the use of Dumpert process dumper, which dumps the lsass.exe process memory -author: Florian Roth -references: - - https://github.com/outflanknl/Dumpert - - https://unit42.paloaltonetworks.com/actors-still-exploiting-sharepoint-vulnerability/ -date: 2020/02/04 -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.001 -logsource: - product: windows - service: sysmon -falsepositives: - - Very unlikely -level: critical ---- -logsource: - category: process_creation - product: windows -detection: - selection: - Imphash: '09D278F9DE118EF09163C6140255C690' - condition: selection ---- -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename: C:\Windows\Temp\dumpert.dmp - condition: selection \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_hack_wce.yml b/rules/windows/sysmon/sysmon_hack_wce.yml deleted file mode 100644 index 43fb3a47..00000000 --- a/rules/windows/sysmon/sysmon_hack_wce.yml +++ /dev/null @@ -1,38 +0,0 @@ -action: global -title: Windows Credential Editor -id: 7aa7009a-28b9-4344-8c1f-159489a390df -description: Detects the use of Windows Credential Editor (WCE) -author: Florian Roth -references: - - https://www.ampliasecurity.com/research/windows-credentials-editor/ -date: 2019/12/31 -tags: - - attack.credential_access - - attack.t1003 - - attack.t1558 - - attack.s0005 -falsepositives: - - 'Another service that uses a single -s command line switch' -level: critical ---- -logsource: - category: process_creation - product: windows -detection: - selection1: - Imphash: - - a53a02b997935fd8eedcb5f7abab9b9f - - e96a73c7bf33a464c510ede582318bf2 - selection2: - CommandLine|endswith: '.exe -S' - ParentImage|endswith: '\services.exe' - condition: 1 of them ---- -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject|contains: Services\WCESERVICE\Start - condition: selection diff --git a/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml b/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml deleted file mode 100644 index d5e77adb..00000000 --- a/rules/windows/sysmon/sysmon_in_memory_assembly_execution.yml +++ /dev/null @@ -1,47 +0,0 @@ -title: Suspicious In-Memory Module Execution -id: 5f113a8f-8b61-41ca-b90f-d374fa7e4a39 -description: Detects the access to processes by other suspicious processes which have reflectively loaded libraries in their memory space. An example is SilentTrinity - C2 behaviour. Generally speaking, when Sysmon EventID 10 cannot reference a stack call to a dll loaded from disk (the standard way), it will display "UNKNOWN" - as the module name. Usually this means the stack call points to a module that was reflectively loaded in memory. Adding to this, it is not common to see such - few calls in the stack (ntdll.dll --> kernelbase.dll --> unknown) which essentially means that most of the functions required by the process to execute certain - routines are already present in memory, not requiring any calls to external libraries. The latter should also be considered suspicious. -status: experimental -date: 2019/10/27 -author: Perez Diego (@darkquassar), oscd.community -references: - - https://azure.microsoft.com/en-ca/blog/detecting-in-memory-attacks-with-sysmon-and-azure-security-center/ -tags: - - attack.privilege_escalation - - attack.t1055 -logsource: - product: windows - service: sysmon -detection: - selection_01: - EventID: 10 - CallTrace: - - "C:\\Windows\\SYSTEM32\\ntdll.dll+*|C:\\Windows\\System32\\KERNELBASE.dll+*|UNKNOWN(*)" - - "*UNKNOWN(*)|UNKNOWN(*)" - selection_02: - EventID: 10 - CallTrace: "*UNKNOWN*" - granted_access: - GrantedAccess: - - "0x1F0FFF" - - "0x1F1FFF" - - "0x143A" - - "0x1410" - - "0x1010" - - "0x1F2FFF" - - "0x1F3FFF" - - "0x1FFFFF" - condition: selection_01 OR (selection_02 AND granted_access) -fields: - - ComputerName - - User - - SourceImage - - TargetImage - - CallTrace -level: critical -falsepositives: - - Low diff --git a/rules/windows/sysmon/sysmon_in_memory_powershell.yml b/rules/windows/sysmon/sysmon_in_memory_powershell.yml deleted file mode 100644 index 55b1f058..00000000 --- a/rules/windows/sysmon/sysmon_in_memory_powershell.yml +++ /dev/null @@ -1,36 +0,0 @@ -title: In-memory PowerShell -id: 092bc4b9-3d1d-43b4-a6b4-8c8acd83522f -status: experimental -description: Detects loading of essential DLL used by PowerShell, but not by the process powershell.exe. Detects meterpreter's "load powershell" extension. -author: Tom Kern, oscd.community -date: 2019/11/14 -modified: 2019/11/30 -references: - - https://adsecurity.org/?p=2921 - - https://github.com/p3nt4/PowerShdll -tags: - - attack.t1086 - - attack.execution - - attack.t1059.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - ImageLoaded|endswith: - - '\System.Management.Automation.Dll' - - '\System.Management.Automation.ni.Dll' - filter: - Image|endswith: - - '\powershell.exe' - - '\powershell_ise.exe' - - '\WINDOWS\System32\sdiagnhost.exe' - # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM - condition: selection and not filter -falsepositives: - - Used by some .NET binaries, minimal on user workstation. -level: high -enrichment: - - EN_0001_cache_sysmon_event_id_1_info # http://bit.ly/314zc6x - - EN_0003_enrich_other_sysmon_events_with_event_id_1_data # http://bit.ly/2ojW7fw diff --git a/rules/windows/sysmon/sysmon_invoke_phantom.yml b/rules/windows/sysmon/sysmon_invoke_phantom.yml deleted file mode 100644 index 9dda2195..00000000 --- a/rules/windows/sysmon/sysmon_invoke_phantom.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Suspect Svchost Memory Asccess -id: 166e9c50-8cd9-44af-815d-d1f0c0e90dde -status: experimental -description: Detects suspect access to svchost process memory such as that used by Invoke-Phantom to kill the winRM windows event logging service. -author: Tim Burrell -date: 2020/01/02 -references: - - https://github.com/hlldz/Invoke-Phant0m - - https://twitter.com/timbmsft/status/900724491076214784 -tags: - - attack.t1089 - - attack.defense_evasion - - attack.t1562.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 10 - TargetImage: '*\windows\system32\svchost.exe' - GrantedAccess: '0x1f3fff' - CallTrace: - - '*unknown*' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_lsass_memdump.yml b/rules/windows/sysmon/sysmon_lsass_memdump.yml deleted file mode 100644 index 2a59dc1a..00000000 --- a/rules/windows/sysmon/sysmon_lsass_memdump.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: LSASS Memory Dump -id: 5ef9853e-4d0e-4a70-846f-a9ca37d876da -status: experimental -description: Detects process LSASS memory dump using procdump or taskmgr based on the CallTrace pointing to dbghelp.dll or dbgcore.dll for win10 -author: Samir Bousseaden -date: 2019/04/03 -references: - - https://blog.menasec.net/2019/02/threat-hunting-21-procdump-or-taskmgr.html -tags: - - attack.t1003 - - attack.s0002 - - attack.credential_access - - attack.t1003.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 10 - TargetImage: 'C:\windows\system32\lsass.exe' - GrantedAccess: '0x1fffff' - CallTrace: - - '*dbghelp.dll*' - - '*dbgcore.dll*' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml b/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml deleted file mode 100644 index f5d8963f..00000000 --- a/rules/windows/sysmon/sysmon_lsass_memory_dump_file_creation.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: LSASS Memory Dump File Creation -id: 5e3d3601-0662-4af0-b1d2-36a05e90c40a -description: LSASS memory dump creation using operating systems utilities. Procdump will use process name in output file if no name is specified -author: Teymur Kheirkhabarov, oscd.community -references: - - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment -date: 2019/10/22 -modified: 2019/11/13 -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename|contains: 'lsass' - TargetFilename|endswith: 'dmp' - condition: selection -fields: - - ComputerName - - TargetFilename -falsepositives: - - Dumping lsass memory for forensic investigation purposes by legitimate incident responder or forensic invetigator -level: medium -status: experimental diff --git a/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml b/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml deleted file mode 100644 index a69294b3..00000000 --- a/rules/windows/sysmon/sysmon_malware_backconnect_ports.yml +++ /dev/null @@ -1,99 +0,0 @@ -title: Suspicious Typical Malware Back Connect Ports -id: 4b89abaa-99fe-4232-afdd-8f9aa4d20382 -status: experimental -description: Detects programs that connect to typical malware back connect ports based on statistical analysis from two different sandbox system databases -references: - - https://docs.google.com/spreadsheets/d/17pSTDNpa0sf6pHeRhusvWG6rThciE8CsXTSlDUAZDyo -author: Florian Roth -date: 2017/03/19 -tags: - - attack.command_and_control - - attack.t1043 - - attack.t1571 -logsource: - product: windows - service: sysmon - definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' -detection: - selection: - EventID: 3 - Initiated: 'true' - DestinationPort: - - '4443' - - '2448' - - '8143' - - '1777' - - '1443' - - '243' - - '65535' - - '13506' - - '3360' - - '200' - - '198' - - '49180' - - '13507' - - '6625' - - '4444' - - '4438' - - '1904' - - '13505' - - '13504' - - '12102' - - '9631' - - '5445' - - '2443' - - '777' - - '13394' - - '13145' - - '12103' - - '5552' - - '3939' - - '3675' - - '666' - - '473' - - '5649' - - '4455' - - '4433' - - '1817' - - '100' - - '65520' - - '1960' - - '1515' - - '743' - - '700' - - '14154' - - '14103' - - '14102' - - '12322' - - '10101' - - '7210' - - '4040' - - '9943' - filter1: - Image: '*\Program Files*' - filter2: - DestinationIp: - - '10.*' - - '192.168.*' - - '172.16.*' - - '172.17.*' - - '172.18.*' - - '172.19.*' - - '172.20.*' - - '172.21.*' - - '172.22.*' - - '172.23.*' - - '172.24.*' - - '172.25.*' - - '172.26.*' - - '172.27.*' - - '172.28.*' - - '172.29.*' - - '172.30.*' - - '172.31.*' - - '127.*' - DestinationIsIpv6: 'false' - condition: selection and not ( filter1 or filter2 ) -falsepositives: - - unknown -level: medium diff --git a/rules/windows/sysmon/sysmon_malware_verclsid_shellcode.yml b/rules/windows/sysmon/sysmon_malware_verclsid_shellcode.yml deleted file mode 100644 index 0e4c4282..00000000 --- a/rules/windows/sysmon/sysmon_malware_verclsid_shellcode.yml +++ /dev/null @@ -1,32 +0,0 @@ -title: Malware Shellcode in Verclsid Target Process -id: b7967e22-3d7e-409b-9ed5-cdae3f9243a1 -status: experimental -description: Detects a process access to verclsid.exe that injects shellcode from a Microsoft Office application / VBA macro -references: - - https://twitter.com/JohnLaTwC/status/837743453039534080 -tags: - - attack.defense_evasion - - attack.privilege_escalation - - attack.t1055 -author: John Lambert (tech), Florian Roth (rule) -date: 2017/03/04 -logsource: - product: windows - service: sysmon - definition: 'Use the following config to generate the necessary Event ID 10 Process Access events: VBE7.DLLUNKNOWN' -detection: - selection: - EventID: 10 - TargetImage: '*\verclsid.exe' - GrantedAccess: '0x1FFFFF' - combination1: - CallTrace: '*|UNKNOWN(*VBE7.DLL*' - combination2: - SourceImage: '*\Microsoft Office\\*' - CallTrace: '*|UNKNOWN*' - condition: selection and 1 of combination* -falsepositives: - - unknown -level: high - - diff --git a/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml b/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml deleted file mode 100644 index a9832506..00000000 --- a/rules/windows/sysmon/sysmon_mimikatz_inmemory_detection.yml +++ /dev/null @@ -1,45 +0,0 @@ -title: Mimikatz In-Memory -id: c0478ead-5336-46c2-bd5e-b4c84bc3a36e -status: experimental -description: Detects certain DLL loads when Mimikatz gets executed -references: - - https://securityriskadvisors.com/blog/post/detecting-in-memory-mimikatz/ -tags: - - attack.s0002 - - attack.t1003 - - attack.lateral_movement - - attack.credential_access - - car.2019-04-004 - - attack.t1003.002 - - attack.t1003.004 - - attack.t1003.001 - - attack.t1003.006 -logsource: - product: windows - service: sysmon -date: 2017/03/13 -detection: - selector: - EventID: 7 - Image: 'C:\Windows\System32\rundll32.exe' - dllload1: - ImageLoaded: '*\vaultcli.dll' - dllload2: - ImageLoaded: '*\wlanapi.dll' - exclusion: - ImageLoaded: - - 'ntdsapi.dll' - - 'netapi32.dll' - - 'imm32.dll' - - 'samlib.dll' - - 'combase.dll' - - 'srvcli.dll' - - 'shcore.dll' - - 'ntasn1.dll' - - 'cryptdll.dll' - - 'logoncli.dll' - timeframe: 30s - condition: selector | near dllload1 and dllload2 and not exclusion -falsepositives: - - unknown -level: medium diff --git a/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml b/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml deleted file mode 100644 index 693cdeef..00000000 --- a/rules/windows/sysmon/sysmon_mimikatz_trough_winrm.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Mimikatz through Windows Remote Management -id: aa35a627-33fb-4d04-a165-d33b4afca3e8 -description: Detects usage of mimikatz through WinRM protocol by monitoring access to lsass process by wsmprovhost.exe. -references: - - https://pentestlab.blog/2018/05/15/lateral-movement-winrm/ -status: stable -author: Patryk Prauze - ING Tech -date: 2019/05/20 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 10 - TargetImage: 'C:\windows\system32\lsass.exe' - SourceImage: 'C:\Windows\system32\wsmprovhost.exe' - condition: selection -tags: - - attack.credential_access - - attack.execution - - attack.t1003 - - attack.t1028 - - attack.s0005 - - attack.t1003.001 - - attack.t1021.006 -falsepositives: - - low -level: high diff --git a/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml b/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml deleted file mode 100644 index 7c88604c..00000000 --- a/rules/windows/sysmon/sysmon_narrator_feedback_persistance.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Narrator's Feedback-Hub Persistence -id: f663a6d9-9d1b-49b8-b2b1-0637914d199a -description: Detects abusing Windows 10 Narrator's Feedback-Hub -references: - - https://giuliocomi.blogspot.com/2019/10/abusing-windows-10-narrators-feedback.html -tags: - - attack.persistence - - attack.t1060 - - attack.t1547.001 -author: Dmitriy Lifanov, oscd.community -status: experimental -date: 2019/10/25 -modified: 2019/11/10 -logsource: - product: windows - service: sysmon -detection: - selection1: - EventID: 12 - EventType: DeleteValue - TargetObject|endswith: '\AppXypsaf9f1qserqevf0sws76dx4k9a5206\Shell\open\command\DelegateExecute' - selection2: - EventID: 13 - TargetObject|endswith: '\AppXypsaf9f1qserqevf0sws76dx4k9a5206\Shell\open\command\(Default)' - condition: 1 of them -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml deleted file mode 100644 index 1ea9cafc..00000000 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ /dev/null @@ -1,35 +0,0 @@ -title: New DLL Added to AppCertDlls Registry Key -id: 6aa1d992-5925-4e9f-a49b-845e51d1de01 -status: experimental -description: Dynamic-link libraries (DLLs) that are specified in the AppCertDLLs value in the Registry key can be abused to obtain persistence and privilege escalation by causing a malicious DLL to be loaded and run in the context of separate processes on the computer. -references: - - http://www.hexacorn.com/blog/2013/01/19/beyond-good-ol-run-key-part-3/ - - https://eqllib.readthedocs.io/en/latest/analytics/14f90406-10a0-4d36-a672-31cabe149f2f.html -tags: - - attack.persistence - - attack.t1182 - - attack.t1546.009 -author: Ilyas Ochkov, oscd.community -date: 2019/10/25 -modified: 2019/11/13 -logsource: - product: windows - service: sysmon -detection: - selection: - - EventID: - - 12 # key create - - 13 # value set - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one - TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' - - EventID: 14 # key rename - NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' - condition: selection -fields: - - EventID - - Image - - TargetObject - - NewName -falsepositives: - - Unkown -level: medium diff --git a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml deleted file mode 100644 index 78e61989..00000000 --- a/rules/windows/sysmon/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml +++ /dev/null @@ -1,37 +0,0 @@ -title: New DLL Added to AppInit_DLLs Registry Key -id: 4f84b697-c9ed-4420-8ab5-e09af5b2345d -status: experimental -description: DLLs that are specified in the AppInit_DLLs value in the Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows are loaded by user32.dll into every process that loads user32.dll -references: - - https://eqllib.readthedocs.io/en/latest/analytics/822dc4c5-b355-4df8-bd37-29c458997b8f.html -tags: - - attack.persistence - - attack.t1103 - - attack.t1546.010 -author: Ilyas Ochkov, oscd.community -date: 2019/10/25 -modified: 2019/11/13 -logsource: - product: windows - service: sysmon -detection: - selection: - - EventID: - - 12 # key create - - 13 # value set - TargetObject: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - EventID: 14 # key rename - NewName: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - - '*\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls' - condition: selection -fields: - - EventID - - Image - - TargetObject - - NewName -falsepositives: - - Unkown -level: medium diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml deleted file mode 100644 index 039d397e..00000000 --- a/rules/windows/sysmon/sysmon_notepad_network_connection.yml +++ /dev/null @@ -1,25 +0,0 @@ -title: Notepad Making Network Connection -id: e81528db-fc02-45e8-8e98-4e84aba1f10b -status: experimental -description: Detects suspicious network connection by Notepad -references: - - https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1492186586.pdf - - https://blog.cobaltstrike.com/2013/08/08/why-is-notepad-exe-connecting-to-the-internet/ -tags: - - attack.command_and_control - - attack.execution -author: EagleEye Team -logsource: - product: windows - service: sysmon -date: 2020/05/14 -detection: - selection: - EventID: 3 - Image: '*\notepad.exe' - filter: - DestinationPort: '9100' - condition: selection and not filter -falsepositives: - - None observed so far -level: high diff --git a/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml b/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml deleted file mode 100644 index 89ab5297..00000000 --- a/rules/windows/sysmon/sysmon_possible_privilege_escalation_via_service_registry_permissions_weakness.yml +++ /dev/null @@ -1,33 +0,0 @@ -title: Possible Privilege Escalation via Service Permissions Weakness -id: 0f9c21f1-6a73-4b0e-9809-cb562cb8d981 -description: Detect modification of services configuration (ImagePath, FailureCommand and ServiceDLL) in registry by processes with Medium integrity level -references: - - https://speakerdeck.com/heirhabarov/hunting-for-privilege-escalation-in-windows-environment - - https://pentestlab.blog/2017/03/31/insecure-registry-permissions/ -tags: - - attack.privilege_escalation - - attack.t1058 - - attack.t1574.011 -status: experimental -author: Teymur Kheirkhabarov -date: 2019/10/26 -modified: 2019/11/11 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - IntegrityLevel: 'Medium' - TargetObject|contains: '\services\' - TargetObject|endswith: - - '\ImagePath' - - '\FailureCommand' - - '\Parameters\ServiceDll' - condition: selection -falsepositives: - - Unknown -level: high -enrichment: - - EN_0001_cache_sysmon_event_id_1_info # http://bit.ly/314zc6x - - EN_0003_enrich_other_sysmon_events_with_event_id_1_data # http://bit.ly/2ojW7fw diff --git a/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml b/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml deleted file mode 100644 index 9d93c4c0..00000000 --- a/rules/windows/sysmon/sysmon_powershell_execution_moduleload.yml +++ /dev/null @@ -1,30 +0,0 @@ -title: PowerShell Execution -id: 867613fb-fa60-4497-a017-a82df74a172c -description: Detects execution of PowerShell -status: experimental -date: 2019/09/12 -modified: 2019/11/10 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/hunters-forge/ThreatHunter-Playbook/blob/8869b7a58dba1cff63bae1d7ab923974b8c0539b/playbooks/WIN-190410151110.yaml -logsource: - product: windows - service: sysmon -tags: - - attack.execution - - attack.t1086 - - attack.t1059.001 -detection: - selection: - EventID: 7 - Description: 'system.management.automation' - ImageLoaded|contains: 'system.management.automation' - condition: selection -fields: - - ComputerName - - Image - - ProcessID - - ImageLoaded -falsepositives: - - Unknown -level: medium diff --git a/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml b/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml deleted file mode 100644 index 60028363..00000000 --- a/rules/windows/sysmon/sysmon_powershell_exploit_scripts.yml +++ /dev/null @@ -1,119 +0,0 @@ -title: Malicious PowerShell Commandlet Names -id: f331aa1f-8c53-4fc3-b083-cc159bc971cb -status: experimental -description: Detects the creation of known powershell scripts for exploitation -references: - - https://raw.githubusercontent.com/Neo23x0/sigma/f35c50049fa896dff91ff545cb199319172701e8/rules/windows/powershell/powershell_malicious_commandlets.yml -tags: - - attack.execution - - attack.t1086 - - attack.t1059.001 -author: Markus Neis -date: 2018/04/07 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - TargetFilename: - - '*\Invoke-DllInjection.ps1' - - '*\Invoke-WmiCommand.ps1' - - '*\Get-GPPPassword.ps1' - - '*\Get-Keystrokes.ps1' - - '*\Get-VaultCredential.ps1' - - '*\Invoke-CredentialInjection.ps1' - - '*\Invoke-Mimikatz.ps1' - - '*\Invoke-NinjaCopy.ps1' - - '*\Invoke-TokenManipulation.ps1' - - '*\Out-Minidump.ps1' - - '*\VolumeShadowCopyTools.ps1' - - '*\Invoke-ReflectivePEInjection.ps1' - - '*\Get-TimedScreenshot.ps1' - - '*\Invoke-UserHunter.ps1' - - '*\Find-GPOLocation.ps1' - - '*\Invoke-ACLScanner.ps1' - - '*\Invoke-DowngradeAccount.ps1' - - '*\Get-ServiceUnquoted.ps1' - - '*\Get-ServiceFilePermission.ps1' - - '*\Get-ServicePermission.ps1' - - '*\Invoke-ServiceAbuse.ps1' - - '*\Install-ServiceBinary.ps1' - - '*\Get-RegAutoLogon.ps1' - - '*\Get-VulnAutoRun.ps1' - - '*\Get-VulnSchTask.ps1' - - '*\Get-UnattendedInstallFile.ps1' - - '*\Get-WebConfig.ps1' - - '*\Get-ApplicationHost.ps1' - - '*\Get-RegAlwaysInstallElevated.ps1' - - '*\Get-Unconstrained.ps1' - - '*\Add-RegBackdoor.ps1' - - '*\Add-ScrnSaveBackdoor.ps1' - - '*\Gupt-Backdoor.ps1' - - '*\Invoke-ADSBackdoor.ps1' - - '*\Enabled-DuplicateToken.ps1' - - '*\Invoke-PsUaCme.ps1' - - '*\Remove-Update.ps1' - - '*\Check-VM.ps1' - - '*\Get-LSASecret.ps1' - - '*\Get-PassHashes.ps1' - - '*\Show-TargetScreen.ps1' - - '*\Port-Scan.ps1' - - '*\Invoke-PoshRatHttp.ps1' - - '*\Invoke-PowerShellTCP.ps1' - - '*\Invoke-PowerShellWMI.ps1' - - '*\Add-Exfiltration.ps1' - - '*\Add-Persistence.ps1' - - '*\Do-Exfiltration.ps1' - - '*\Start-CaptureServer.ps1' - - '*\Invoke-ShellCode.ps1' - - '*\Get-ChromeDump.ps1' - - '*\Get-ClipboardContents.ps1' - - '*\Get-FoxDump.ps1' - - '*\Get-IndexedItem.ps1' - - '*\Get-Screenshot.ps1' - - '*\Invoke-Inveigh.ps1' - - '*\Invoke-NetRipper.ps1' - - '*\Invoke-EgressCheck.ps1' - - '*\Invoke-PostExfil.ps1' - - '*\Invoke-PSInject.ps1' - - '*\Invoke-RunAs.ps1' - - '*\MailRaider.ps1' - - '*\New-HoneyHash.ps1' - - '*\Set-MacAttribute.ps1' - - '*\Invoke-DCSync.ps1' - - '*\Invoke-PowerDump.ps1' - - '*\Exploit-Jboss.ps1' - - '*\Invoke-ThunderStruck.ps1' - - '*\Invoke-VoiceTroll.ps1' - - '*\Set-Wallpaper.ps1' - - '*\Invoke-InveighRelay.ps1' - - '*\Invoke-PsExec.ps1' - - '*\Invoke-SSHCommand.ps1' - - '*\Get-SecurityPackages.ps1' - - '*\Install-SSP.ps1' - - '*\Invoke-BackdoorLNK.ps1' - - '*\PowerBreach.ps1' - - '*\Get-SiteListPassword.ps1' - - '*\Get-System.ps1' - - '*\Invoke-BypassUAC.ps1' - - '*\Invoke-Tater.ps1' - - '*\Invoke-WScriptBypassUAC.ps1' - - '*\PowerUp.ps1' - - '*\PowerView.ps1' - - '*\Get-RickAstley.ps1' - - '*\Find-Fruit.ps1' - - '*\HTTP-Login.ps1' - - '*\Find-TrustedDocuments.ps1' - - '*\Invoke-Paranoia.ps1' - - '*\Invoke-WinEnum.ps1' - - '*\Invoke-ARPScan.ps1' - - '*\Invoke-PortScan.ps1' - - '*\Invoke-ReverseDNSLookup.ps1' - - '*\Invoke-SMBScanner.ps1' - - '*\Invoke-Mimikittenz.ps1' - condition: selection -falsepositives: - - Penetration Tests -level: high - diff --git a/rules/windows/sysmon/sysmon_powershell_network_connection.yml b/rules/windows/sysmon/sysmon_powershell_network_connection.yml deleted file mode 100644 index 0dd64587..00000000 --- a/rules/windows/sysmon/sysmon_powershell_network_connection.yml +++ /dev/null @@ -1,47 +0,0 @@ -title: PowerShell Network Connections -id: 1f21ec3f-810d-4b0e-8045-322202e22b4b -status: experimental -description: Detects a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. extend filters with company's ip range') -author: Florian Roth -date: 2017/03/13 -references: - - https://www.youtube.com/watch?v=DLtJTxMWZ2o -tags: - - attack.execution - - attack.t1086 - - attack.t1059.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - Image: '*\powershell.exe' - Initiated: 'true' - filter: - DestinationIp: - - '10.*' - - '192.168.*' - - '172.16.*' - - '172.17.*' - - '172.18.*' - - '172.19.*' - - '172.20.*' - - '172.21.*' - - '172.22.*' - - '172.23.*' - - '172.24.*' - - '172.25.*' - - '172.26.*' - - '172.27.*' - - '172.28.*' - - '172.29.*' - - '172.30.*' - - '172.31.*' - - '127.0.0.1' - DestinationIsIpv6: 'false' - User: 'NT AUTHORITY\SYSTEM' - condition: selection and not filter -falsepositives: - - Administrative scripts -level: low diff --git a/rules/windows/sysmon/sysmon_quarkspw_filedump.yml b/rules/windows/sysmon/sysmon_quarkspw_filedump.yml deleted file mode 100644 index 135b66b9..00000000 --- a/rules/windows/sysmon/sysmon_quarkspw_filedump.yml +++ /dev/null @@ -1,25 +0,0 @@ -title: QuarksPwDump Dump File -id: 847def9e-924d-4e90-b7c4-5f581395a2b4 -status: experimental -description: Detects a dump file written by QuarksPwDump password dumper -references: - - https://jpcertcc.github.io/ToolAnalysisResultSheet/details/QuarksPWDump.htm -author: Florian Roth -date: 2018/02/10 -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.002 -level: critical -logsource: - product: windows - service: sysmon -detection: - selection: - # Sysmon: File Creation (ID 11) - EventID: 11 - TargetFilename: '*\AppData\Local\Temp\SAM-*.dmp*' - condition: selection -falsepositives: - - Unknown - diff --git a/rules/windows/sysmon/sysmon_rdp_registry_modification.yml b/rules/windows/sysmon/sysmon_rdp_registry_modification.yml deleted file mode 100644 index 5e6c02ee..00000000 --- a/rules/windows/sysmon/sysmon_rdp_registry_modification.yml +++ /dev/null @@ -1,31 +0,0 @@ -title: RDP Registry Modification -id: 41904ebe-d56c-4904-b9ad-7a77bdf154b3 -description: Detects potential malicious modification of the property value of fDenyTSConnections and UserAuthentication to enable remote desktop connections. -status: experimental -date: 2019/09/12 -modified: 2019/11/10 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/05_defense_evasion/T1112_Modify_Registry/enable_rdp_registry.md -tags: - - attack.defense_evasion - - attack.t1112 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject|endswith: - - '\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication' - - '\CurrentControlSet\Control\Terminal Server\fDenyTSConnections' - Details: 'DWORD (0x00000000)' - condition: selection -fields: - - ComputerName - - Image - - EventType - - TargetObject -falsepositives: - - Unknown -level: high diff --git a/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml b/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml deleted file mode 100644 index f7979bd6..00000000 --- a/rules/windows/sysmon/sysmon_rdp_reverse_tunnel.yml +++ /dev/null @@ -1,30 +0,0 @@ -title: RDP Over Reverse SSH Tunnel -id: 5f699bc5-5446-4a4a-a0b7-5ef2885a3eb4 -status: experimental -description: Detects svchost hosting RDP termsvcs communicating with the loopback address and on TCP port 3389 -references: - - https://twitter.com/SBousseaden/status/1096148422984384514 -author: Samir Bousseaden -date: 2019/02/16 -tags: - - attack.defense_evasion - - attack.command_and_control - - attack.t1076 - - car.2013-07-002 - - attack.t1021 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - Image: '*\svchost.exe' - Initiated: 'true' - SourcePort: 3389 - DestinationIp: - - '127.*' - - '::1' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_rdp_settings_hijack.yml b/rules/windows/sysmon/sysmon_rdp_settings_hijack.yml deleted file mode 100644 index 4d8f534c..00000000 --- a/rules/windows/sysmon/sysmon_rdp_settings_hijack.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: RDP Sensitive Settings Changed -id: 171b67e1-74b4-460e-8d55-b331f3e32d67 -description: Detects changes to RDP terminal service sensitive settings -references: - - https://blog.menasec.net/2019/02/threat-hunting-rdp-hijacking-via.html -date: 2019/04/03 -author: Samir Bousseaden -logsource: - product: windows - service: sysmon -detection: - selection_reg: - EventID: 13 - TargetObject: - - '*\services\TermService\Parameters\ServiceDll*' - - '*\Control\Terminal Server\fSingleSessionPerUser*' - - '*\Control\Terminal Server\fDenyTSConnections*' - condition: selection_reg -tags: - - attack.defense_evasion -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml b/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml deleted file mode 100644 index e4087c05..00000000 --- a/rules/windows/sysmon/sysmon_registry_persistence_key_linking.yml +++ /dev/null @@ -1,25 +0,0 @@ -title: Windows Registry Persistence COM Key Linking -id: 9b0f8a61-91b2-464f-aceb-0527e0a45020 -status: experimental -description: Detects COM object hijacking via TreatAs subkey -references: - - https://bohops.com/2018/08/18/abusing-the-com-registry-structure-part-2-loading-techniques-for-evasion-and-persistence/ -author: Kutepov Anton, oscd.community -date: 2019/10/23 -modified: 2019/11/07 -tags: - - attack.persistence - - attack.t1122 - - attack.t1546.015 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 12 - EventType: 'CreateKey' # don't want DeleteKey events - TargetObject: 'HKU\\*_Classes\CLSID\\*\TreatAs' - condition: selection -falsepositives: - - Maybe some system utilities in rare cases use linking keys for backward compability -level: medium diff --git a/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml b/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml deleted file mode 100644 index 5d6a6e8e..00000000 --- a/rules/windows/sysmon/sysmon_registry_persistence_search_order.yml +++ /dev/null @@ -1,30 +0,0 @@ -title: Windows Registry Persistence COM Search Order Hijacking -id: a0ff33d8-79e4-4cef-b4f3-9dc4133ccd12 -status: experimental -description: Detects potential COM object hijacking leveraging the COM Search Order -references: - - https://www.cyberbit.com/blog/endpoint-security/com-hijacking-windows-overlooked-security-vulnerability/ -author: Maxime Thiebaut (@0xThiebaut) -date: 2020/04/14 -tags: - - attack.persistence - - attack.t1038 - - attack.t1574.001 -logsource: - product: windows - service: sysmon -detection: - selection: # Detect new COM servers in the user hive - EventID: 13 - TargetObject: 'HKU\\*_Classes\CLSID\\*\InProcServer32\(Default)' - filter: - Details: # Exclude privileged directories and observed FPs - - '%%systemroot%%\system32\\*' - - '%%systemroot%%\SysWow64\\*' - - '*\AppData\Local\Microsoft\OneDrive\\*\FileCoAuthLib64.dll' - - '*\AppData\Local\Microsoft\OneDrive\\*\FileSyncShell64.dll' - - '*\AppData\Local\Microsoft\TeamsMeetingAddin\\*\Microsoft.Teams.AddinLoader.dll' - condition: selection and not filter -falsepositives: - - Some installed utilities (i.e. OneDrive) may serve new COM objects at user-level -level: medium diff --git a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml b/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml deleted file mode 100644 index 22b7bc79..00000000 --- a/rules/windows/sysmon/sysmon_registry_trust_record_modification.yml +++ /dev/null @@ -1,25 +0,0 @@ -title: Windows Registry Trust Record Modification -id: 295a59c1-7b79-4b47-a930-df12c15fc9c2 -status: experimental -description: Alerts on trust record modification within the registry, indicating usage of macros -references: - - https://outflank.nl/blog/2018/01/16/hunting-for-evil-detect-macros-being-executed/ - - http://az4n6.blogspot.com/2016/02/more-on-trust-records-macros-and.html -author: Antonlovesdnb -date: 2020/02/19 -modified: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 12 - TargetObject|contains: 'TrustRecords' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: medium diff --git a/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml b/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml deleted file mode 100644 index b0695d7a..00000000 --- a/rules/windows/sysmon/sysmon_remote_powershell_session_network.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Remote PowerShell Session -id: c539afac-c12a-46ed-b1bd-5a5567c9f045 -description: Detects remote PowerShell connections by monitoring network outbount connections to ports 5985 or 5986 from not network service account -status: experimental -date: 2019/09/12 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1086_powershell/powershell_remote_session.md -tags: - - attack.execution - - attack.t1086 - - attack.t1059.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - DestinationPort: - - 5985 - - 5986 - filter: - User: 'NT AUTHORITY\NETWORK SERVICE' - condition: selection and not filter -falsepositives: - - Leigitmate usage of remote PowerShell, e.g. remote administration and monitoring. -level: high diff --git a/rules/windows/sysmon/sysmon_rundll32_net_connections.yml b/rules/windows/sysmon/sysmon_rundll32_net_connections.yml deleted file mode 100644 index c7f6e7b9..00000000 --- a/rules/windows/sysmon/sysmon_rundll32_net_connections.yml +++ /dev/null @@ -1,46 +0,0 @@ -title: Rundll32 Internet Connection -id: cdc8da7d-c303-42f8-b08c-b4ab47230263 -status: experimental -description: Detects a rundll32 that communicates with public IP addresses -references: - - https://www.hybrid-analysis.com/sample/759fb4c0091a78c5ee035715afe3084686a8493f39014aea72dae36869de9ff6?environmentId=100 -author: Florian Roth -date: 2017/11/04 -tags: - - attack.t1085 - - attack.defense_evasion - - attack.execution - - attack.t1218 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - Image: '*\rundll32.exe' - Initiated: 'true' - filter: - DestinationIp: - - '10.*' - - '192.168.*' - - '172.16.*' - - '172.17.*' - - '172.18.*' - - '172.19.*' - - '172.20.*' - - '172.21.*' - - '172.22.*' - - '172.23.*' - - '172.24.*' - - '172.25.*' - - '172.26.*' - - '172.27.*' - - '172.28.*' - - '172.29.*' - - '172.30.*' - - '172.31.*' - - '127.*' - condition: selection and not filter -falsepositives: - - Communication to other corporate systems that use IP addresses from public address spaces -level: medium diff --git a/rules/windows/sysmon/sysmon_ssp_added_lsa_config.yml b/rules/windows/sysmon/sysmon_ssp_added_lsa_config.yml deleted file mode 100644 index b98841db..00000000 --- a/rules/windows/sysmon/sysmon_ssp_added_lsa_config.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Security Support Provider (SSP) Added to LSA Configuration -id: eeb30123-9fbd-4ee8-aaa0-2e545bbed6dc -status: experimental -description: Detects the addition of a SSP to the registry. Upon a reboot or API call, SSP DLLs gain access to encrypted and plaintext passwords stored in Windows. -references: - - https://attack.mitre.org/techniques/T1101/ - - https://powersploit.readthedocs.io/en/latest/Persistence/Install-SSP/ -tags: - - attack.persistence - - attack.t1011 -author: iwillkeepwatch -date: 2019/01/18 -logsource: - product: windows - service: sysmon -detection: - selection_registry: - EventID: 13 - TargetObject: - - 'HKLM\System\CurrentControlSet\Control\Lsa\Security Packages' - - 'HKLM\System\CurrentControlSet\Control\Lsa\OSConfig\Security Packages' - exclusion_images: - - Image: C:\Windows\system32\msiexec.exe - - Image: C:\Windows\syswow64\MsiExec.exe - condition: selection_registry and not exclusion_images -falsepositives: - - Unlikely -level: critical diff --git a/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml b/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml deleted file mode 100644 index 23ac4ef0..00000000 --- a/rules/windows/sysmon/sysmon_stickykey_like_backdoor.yml +++ /dev/null @@ -1,50 +0,0 @@ -action: global -title: Sticky Key Like Backdoor Usage -id: baca5663-583c-45f9-b5dc-ea96a22ce542 -description: Detects the usage and installation of a backdoor that uses an option to register a malicious debugger for built-in tools that are accessible in the login - screen -references: - - https://blogs.technet.microsoft.com/jonathantrull/2016/10/03/detecting-sticky-key-backdoors/ -tags: - - attack.privilege_escalation - - attack.persistence - - attack.t1015 - - car.2014-11-003 - - car.2014-11-008 -author: Florian Roth, @twjackomo -date: 2018/03/15 -detection: - condition: 1 of them -falsepositives: - - Unlikely -level: critical ---- -logsource: - product: windows - service: sysmon -detection: - selection_registry: - EventID: 13 - TargetObject: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe\Debugger' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe\Debugger' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe\Debugger' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Narrator.exe\Debugger' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisplaySwitch.exe\Debugger' - EventType: 'SetValue' ---- -logsource: - category: process_creation - product: windows -detection: - selection_process: - ParentImage: - - '*\winlogon.exe' - CommandLine: - - '*cmd.exe sethc.exe *' - - '*cmd.exe utilman.exe *' - - '*cmd.exe osk.exe *' - - '*cmd.exe Magnify.exe *' - - '*cmd.exe Narrator.exe *' - - '*cmd.exe DisplaySwitch.exe *' diff --git a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml b/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml deleted file mode 100644 index e91cd537..00000000 --- a/rules/windows/sysmon/sysmon_susp_adsi_cache_usage.yml +++ /dev/null @@ -1,30 +0,0 @@ -title: Suspicious ADSI-Cache Usage By Unknown Tool -id: 75bf09fa-1dd7-4d18-9af9-dd9e492562eb -description: detects the usage of ADSI (LDAP) operations by tools. This may also detect tools like LDAPFragger. -status: experimental -date: 2019/03/24 -author: xknow @xknow_infosec -references: - - https://medium.com/@ivecodoe/detecting-ldapfragger-a-newly-released-cobalt-strike-beacon-using-ldap-for-c2-communication-c274a7f00961 - - https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/ - - https://github.com/fox-it/LDAPFragger -tags: - - attack.t1041 - - attack.persistence -logsource: - product: windows - service: sysmon -detection: - selection_1: - EventID: 11 - TargetFilename: '*\Local\Microsoft\Windows\SchCache\\*.sch' - selection_2: - Image|contains: - - 'C:\windows\system32\svchost.exe' - - 'C:\windows\system32\dllhost.exe' - - 'C:\windows\system32\mmc.exe' - - 'C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe' - condition: selection_1 and not selection_2 -falsepositives: - - Other legimate tools, which do ADSI (LDAP) operations, e.g. any remoting activity by MMC, Powershell, Windows etc. -level: high diff --git a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml b/rules/windows/sysmon/sysmon_susp_desktop_ini.yml deleted file mode 100644 index ec1df92c..00000000 --- a/rules/windows/sysmon/sysmon_susp_desktop_ini.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Suspicious desktop.ini Action -id: 81315b50-6b60-4d8f-9928-3466e1022515 -status: experimental -description: Detects unusual processes accessing desktop.ini, which can be leveraged to alter how Explorer displays a folder's content (i.e. renaming files) without changing them on disk. -references: - - https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/ -author: Maxime Thiebaut (@0xThiebaut) -date: 2020/03/19 -tags: - - attack.persistence - - attack.t1023 - - attack.t1547.009 -logsource: - product: windows - service: sysmon -detection: - filter: - Image: - - 'C:\Windows\explorer.exe' - - 'C:\Windows\System32\msiexec.exe' - - 'C:\Windows\System32\mmc.exe' - selection: - EventID: 11 - TargetFilename|endswith: '\desktop.ini' - condition: selection and not filter -falsepositives: - - Operations performed through Windows SCCM or equivalent -level: medium diff --git a/rules/windows/sysmon/sysmon_susp_download_run_key.yml b/rules/windows/sysmon/sysmon_susp_download_run_key.yml deleted file mode 100644 index 14f5d5ca..00000000 --- a/rules/windows/sysmon/sysmon_susp_download_run_key.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Suspicious RUN Key from Download -id: 9c5037d1-c568-49b3-88c7-9846a5bdc2be -status: experimental -description: Detects the suspicious RUN keys created by software located in Download or temporary Outlook/Internet Explorer directories -references: - - https://app.any.run/tasks/c5bef5b7-f484-4c43-9cf3-d5c5c7839def/ -author: Florian Roth -date: 2019/10/01 -tags: - - attack.persistence - - attack.t1060 - - attack.t1547.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - Image: - - '*\Downloads\\*' - - '*\Temporary Internet Files\Content.Outlook\\*' - - '*\Local Settings\Temporary Internet Files\\*' - TargetObject: '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' - condition: selection -falsepositives: - - Software installers downloaded and used by users -level: high diff --git a/rules/windows/sysmon/sysmon_susp_driver_load.yml b/rules/windows/sysmon/sysmon_susp_driver_load.yml deleted file mode 100644 index c353d7e9..00000000 --- a/rules/windows/sysmon/sysmon_susp_driver_load.yml +++ /dev/null @@ -1,20 +0,0 @@ -title: Suspicious Driver Load from Temp -id: 2c4523d5-d481-4ed0-8ec3-7fbf0cb41a75 -description: Detects a driver load from a temporary directory -author: Florian Roth -date: 2017/02/12 -tags: - - attack.persistence - - attack.t1050 - - attack.t1543.003 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 6 - ImageLoaded: '*\Temp\\*' - condition: selection -falsepositives: - - there is a relevant set of false positives depending on applications in the environment -level: medium diff --git a/rules/windows/sysmon/sysmon_susp_image_load.yml b/rules/windows/sysmon/sysmon_susp_image_load.yml deleted file mode 100644 index 11a696b0..00000000 --- a/rules/windows/sysmon/sysmon_susp_image_load.yml +++ /dev/null @@ -1,27 +0,0 @@ -title: Possible Process Hollowing Image Loading -id: e32ce4f5-46c6-4c47-ba69-5de3c9193cd7 -status: experimental -description: Detects Loading of samlib.dll, WinSCard.dll from untypical process e.g. through process hollowing by Mimikatz -references: - - https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for.html -author: Markus Neis -date: 2018/01/07 -tags: - - attack.defense_evasion - - attack.t1073 - - attack.t1574.002 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\notepad.exe' - ImageLoaded: - - '*\samlib.dll' - - '*\WinSCard.dll' - condition: selection -falsepositives: - - Very likely, needs more tuning -level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml deleted file mode 100644 index f3d5acd9..00000000 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: dotNET DLL Loaded Via Office Applications -id: ff0f2b05-09db-4095-b96d-1b75ca24894a -status: experimental -description: Detects any assembly DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - 'C:\Windows\assembly\\*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml deleted file mode 100644 index e76e29d5..00000000 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_clr_dll_load.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: CLR DLL Loaded Via Office Applications -id: d13c43f0-f66b-4279-8b2c-5912077c1780 -status: experimental -description: Detects CLR DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\clr.dll*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml deleted file mode 100644 index 670a5552..00000000 --- a/rules/windows/sysmon/sysmon_susp_office_dotnet_gac_dll_load.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: GAC DLL Loaded Via Office Applications -id: 90217a70-13fc-48e4-b3db-0d836c5824ac -status: experimental -description: Detects any GAC DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - 'C:\Windows\Microsoft.NET\assembly\GAC_MSIL*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml deleted file mode 100644 index 24afa4ca..00000000 --- a/rules/windows/sysmon/sysmon_susp_office_dsparse_dll_load.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Active Directory Parsing DLL Loaded Via Office Applications -id: a2a3b925-7bb0-433b-b508-db9003263cc4 -status: experimental -description: Detects DSParse DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\dsparse.dll*' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml b/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml deleted file mode 100644 index d55fe994..00000000 --- a/rules/windows/sysmon/sysmon_susp_office_kerberos_dll_load.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Active Directory Kerberos DLL Loaded Via Office Applications -id: 7417e29e-c2e7-4cf6-a2e8-767228c64837 -status: experimental -description: Detects Kerberos DLL being loaded by an Office Product -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\kerberos.dll' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml deleted file mode 100644 index 25ee0df7..00000000 --- a/rules/windows/sysmon/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Suspicious PROCEXP152.sys File Created In TMP -id: 3da70954-0f2c-4103-adff-b7440368f50e -description: Detects the creation of the PROCEXP152.sys file in the application-data local temporary folder. This driver is used by Sysinternals Process Explorer but also by KDU (https://github.com/hfiref0x/KDU) or Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU. -status: experimental -date: 2019/04/08 -author: xknow (@xknow_infosec), xorxes (@xor_xes) -references: - - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ -tags: - - attack.t1089 - - attack.defense_evasion - - attack.t1562.001 -logsource: - product: windows - service: sysmon -detection: - selection_1: - EventID: 11 - TargetFilename: '*\AppData\Local\Temp\\*\PROCEXP152.sys' - selection_2: - Image|contains: - - '*\procexp64.exe' - - '*\procexp.exe' - - '*\procmon64.exe' - - '*\procmon.exe' - condition: selection_1 and not selection_2 -falsepositives: - - Other legimate tools using this driver and filename (like Sysinternals). Note - Clever attackers may easily bypass this detection by just renaming the driver filename. Therefore just Medium-level and don't rely on it. -level: medium diff --git a/rules/windows/sysmon/sysmon_susp_prog_location_network_connection.yml b/rules/windows/sysmon/sysmon_susp_prog_location_network_connection.yml deleted file mode 100644 index c80ca7cb..00000000 --- a/rules/windows/sysmon/sysmon_susp_prog_location_network_connection.yml +++ /dev/null @@ -1,32 +0,0 @@ -title: Suspicious Program Location with Network Connections -id: 7b434893-c57d-4f41-908d-6a17bf1ae98f -status: experimental -description: Detects programs with network connections running in suspicious files system locations -references: - - https://docs.google.com/spreadsheets/d/17pSTDNpa0sf6pHeRhusvWG6rThciE8CsXTSlDUAZDyo -author: Florian Roth -date: 2017/03/19 -logsource: - product: windows - service: sysmon - definition: 'Use the following config to generate the necessary Event ID 3 Network Connection events' -detection: - selection: - EventID: 3 - Image: - # - '*\ProgramData\\*' # too many false positives, e.g. with Webex for Windows - - '*\$Recycle.bin' - - '*\Users\All Users\\*' - - '*\Users\Default\\*' - - '*\Users\Public\\*' - - '*\Users\Contacts\\*' - - '*\Users\Searches\\*' - - 'C:\Perflogs\\*' - - '*\config\systemprofile\\*' - - '*\Windows\Fonts\\*' - - '*\Windows\IME\\*' - - '*\Windows\addins\\*' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_susp_rdp.yml b/rules/windows/sysmon/sysmon_susp_rdp.yml deleted file mode 100644 index 327b8446..00000000 --- a/rules/windows/sysmon/sysmon_susp_rdp.yml +++ /dev/null @@ -1,45 +0,0 @@ -title: Suspicious Outbound RDP Connections -id: ed74fe75-7594-4b4b-ae38-e38e3fd2eb23 -status: experimental -description: Detects Non-Standard Tools Connecting to TCP port 3389 indicating possible lateral movement -references: - - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 -author: Markus Neis - Swisscom -date: 2019/05/15 -tags: - - attack.lateral_movement - - attack.t1210 - - car.2013-07-002 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - DestinationPort: 3389 - Initiated: 'true' - filter: - Image: - - '*\mstsc.exe' - - '*\RTSApp.exe' - - '*\RTS2App.exe' - - '*\RDCMan.exe' - - '*\ws_TunnelService.exe' - - '*\RSSensor.exe' - - '*\RemoteDesktopManagerFree.exe' - - '*\RemoteDesktopManager.exe' - - '*\RemoteDesktopManager64.exe' - - '*\mRemoteNG.exe' - - '*\mRemote.exe' - - '*\Terminals.exe' - - '*\spiceworks-finder.exe' - - '*\FSDiscovery.exe' - - '*\FSAssessment.exe' - - '*\MobaRTE.exe' - - '*\chrome.exe' - - '*\thor.exe' - - '*\thor64.exe' - condition: selection and not filter -falsepositives: - - Other Remote Desktop RDP tools -level: high diff --git a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml b/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml deleted file mode 100644 index 0dc20e16..00000000 --- a/rules/windows/sysmon/sysmon_susp_reg_persist_explorer_run.yml +++ /dev/null @@ -1,36 +0,0 @@ -title: Registry Persistence via Explorer Run Key -id: b7916c2a-fa2f-4795-9477-32b731f70f11 -status: experimental -description: Detects a possible persistence mechanism using RUN key for Windows Explorer and pointing to a suspicious folder -author: Florian Roth -date: 2018/07/18 -references: - - https://researchcenter.paloaltonetworks.com/2018/07/unit42-upatre-continues-evolve-new-anti-analysis-techniques/ -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject: '*\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run' - Details: - - 'C:\Windows\Temp\\*' - - 'C:\ProgramData\\*' - - '*\AppData\\*' - - 'C:\$Recycle.bin\\*' - - 'C:\Temp\\*' - - 'C:\Users\Public\\*' - - 'C:\Users\Default\\*' - condition: selection -tags: - - attack.persistence - - attack.t1060 - - capec.270 - - attack.t1547.001 -fields: - - Image - - ParentImage -falsepositives: - - Unknown -level: high - diff --git a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml b/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml deleted file mode 100644 index 7798f552..00000000 --- a/rules/windows/sysmon/sysmon_susp_run_key_img_folder.yml +++ /dev/null @@ -1,38 +0,0 @@ -title: New RUN Key Pointing to Suspicious Folder -id: 02ee49e2-e294-4d0f-9278-f5b3212fc588 -status: experimental -description: Detects suspicious new RUN key element pointing to an executable in a suspicious folder -references: - - https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html -author: Florian Roth, Markus Neis, Sander Wiebing -tags: - - attack.persistence - - attack.t1060 - - attack.t1547.001 -date: 2018/08/25 -modified: 2020/05/24 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - TargetObject: - - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\*' - - '*\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\*' - Details: - - '*C:\Windows\Temp\\*' - - '*C:\$Recycle.bin\\*' - - '*C:\Temp\\*' - - '*C:\Users\Public\\*' - - '%Public%\\*' - - '*C:\Users\Default\\*' - - '*C:\Users\Desktop\\*' - - 'wscript*' - - 'cscript*' - condition: selection -fields: - - Image -falsepositives: - - Software using weird folders for updates -level: high diff --git a/rules/windows/sysmon/sysmon_susp_service_installed.yml b/rules/windows/sysmon/sysmon_susp_service_installed.yml deleted file mode 100644 index c15a8c94..00000000 --- a/rules/windows/sysmon/sysmon_susp_service_installed.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: Suspicious Service Installed -id: f2485272-a156-4773-82d7-1d178bc4905b -description: Detects installation of NalDrv or PROCEXP152 services via registry-keys to non-system32 folders. Both services are used in the tool Ghost-In-The-Logs (https://github.com/bats3c/Ghost-In-The-Logs), which uses KDU (https://github.com/hfiref0x/KDU) -status: experimental -date: 2019/04/08 -author: xknow (@xknow_infosec), xorxes (@xor_xes) -references: - - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ -tags: - - attack.t1089 - - attack.defense_evasion - - attack.t1562.001 -logsource: - product: windows - service: sysmon -detection: - selection_1: - EventID: 13 - TargetObject: - - 'HKLM\System\CurrentControlSet\Services\NalDrv\ImagePath' - - 'HKLM\System\CurrentControlSet\Services\PROCEXP152\ImagePath' - selection_2: - Image|contains: - - '*\procexp64.exe' - - '*\procexp.exe' - - '*\procmon64.exe' - - '*\procmon.exe' - selection_3: - Details|contains: - - '*\WINDOWS\system32\Drivers\PROCEXP152.SYS' - condition: selection_1 and not selection_2 and not selection_3 -falsepositives: - - Other legimate tools using this service names and drivers. Note - clever attackers may easily bypass this detection by just renaming the services. Therefore just Medium-level and don't rely on it. -level: medium diff --git a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml deleted file mode 100644 index 1006e845..00000000 --- a/rules/windows/sysmon/sysmon_susp_winword_vbadll_load.yml +++ /dev/null @@ -1,31 +0,0 @@ -title: VBA DLL Loaded Via Microsoft Word -id: e6ce8457-68b1-485b-9bdd-3c2b5d679aa9 -status: experimental -description: Detects DLL's Loaded Via Word Containing VBA Macros -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 -author: Antonlovesdnb -date: 2020/02/19 -tags: - - attack.initial_access - - attack.t1193 - - attack.t1566.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\VBE7.DLL' - - '*\VBEUI.DLL' - - '*\VBE7INTL.DLL' - condition: selection -falsepositives: - - Alerts on legitimate macro usage as well, will need to filter as appropriate -level: high diff --git a/rules/windows/sysmon/sysmon_susp_winword_wmidll_load.yml b/rules/windows/sysmon/sysmon_susp_winword_wmidll_load.yml deleted file mode 100644 index 38914687..00000000 --- a/rules/windows/sysmon/sysmon_susp_winword_wmidll_load.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: Windows Mangement Instrumentation DLL Loaded Via Microsoft Word -id: a457f232-7df9-491d-898f-b5aabd2cbe2f -status: experimental -description: Detects DLL's Loaded Via Word Containing VBA Macros Executing WMI Commands -references: - - https://medium.com/threatpunter/detecting-adversary-tradecraft-with-image-load-event-logging-and-eql-8de93338c16 - - https://www.carbonblack.com/2019/04/24/cb-tau-threat-intelligence-notification-emotet-utilizing-wmi-to-launch-powershell-encoded-code/ - - https://media.cert.europa.eu/static/SecurityAdvisories/2019/CERT-EU-SA2019-021.pdf -author: Michael R. (@nahamike01) -date: 2019/12/26 -tags: - - attack.execution - - attack.t1047 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\winword.exe' - - '*\powerpnt.exe' - - '*\excel.exe' - - '*\outlook.exe' - ImageLoaded: - - '*\wmiutils.dll' - - '*\wbemcomn.dll' - - '*\wbemprox.dll' - - '*\wbemdisp.dll' - - '*\wbemsvc.dll' - condition: selection -falsepositives: - - Possible. Requires further testing. -level: high diff --git a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml b/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml deleted file mode 100644 index 09cb9dfb..00000000 --- a/rules/windows/sysmon/sysmon_suspicious_dbghelp_dbgcore_load.yml +++ /dev/null @@ -1,64 +0,0 @@ -title: Load of dbghelp/dbgcore DLL from Suspicious Process -id: 0e277796-5f23-4e49-a490-483131d4f6e1 -status: experimental -description: Detects the load of dbghelp/dbgcore DLL (used to make memory dumps) by suspicious processes. Tools like ProcessHacker and some attacker tradecract use MiniDumpWriteDump API found in dbghelp.dll or dbgcore.dll. As an example, SilentTrynity C2 Framework has a module that leverages this API to dump the contents of Lsass.exe and transfer it over the network back to the attacker's machine. -date: 2019/10/27 -modified: 2020/05/23 -author: Perez Diego (@darkquassar), oscd.community, Ecco -references: - - https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump - - https://www.pinvoke.net/default.aspx/dbghelp/MiniDumpWriteDump.html - - https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6 -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.001 -logsource: - product: windows - service: sysmon -detection: - signedprocess: - EventID: 7 - ImageLoaded|endswith: - - '\dbghelp.dll' - - '\dbgcore.dll' - Image|endswith: - - '\msbuild.exe' - - '\cmd.exe' - - '\svchost.exe' - - '\rundll32.exe' - - '\powershell.exe' - - '\word.exe' - - '\excel.exe' - - '\powerpnt.exe' - - '\outlook.exe' - - '\monitoringhost.exe' - - '\wmic.exe' - # - '\msiexec.exe' an installer installing a program using one of those DLL will raise an alert - - '\bash.exe' - - '\wscript.exe' - - '\cscript.exe' - - '\mshta.exe' - - '\regsvr32.exe' - - '\schtasks.exe' - - '\dnx.exe' - - '\regsvcs.exe' - - '\sc.exe' - - '\scriptrunner.exe' - unsignedprocess: - EventID: 7 - ImageLoaded|endswith: - - '\dbghelp.dll' - - '\dbgcore.dll' - Signed: "FALSE" - filter: - Image|contains: 'Visual Studio' - condition: (signedprocess AND NOT filter) OR (unsignedprocess AND NOT filter) -fields: - - ComputerName - - User - - Image - - ImageLoaded -falsepositives: - - Penetration tests -level: high diff --git a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml deleted file mode 100644 index 0016d157..00000000 --- a/rules/windows/sysmon/sysmon_suspicious_keyboard_layout_load.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Suspicious Keyboard Layout Load -id: 34aa0252-6039-40ff-951f-939fd6ce47d8 -description: Detects the keyboard preload installation with a suspicious keyboard layout, e.g. Chinese, Iranian or Vietnamese layout load in user session on systems - maintained by US staff only -references: - - https://renenyffenegger.ch/notes/Windows/registry/tree/HKEY_CURRENT_USER/Keyboard-Layout/Preload/index - - https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files -author: Florian Roth -date: 2019/10/12 -modified: 2019/10/15 -logsource: - product: windows - service: sysmon - definition: 'Requirements: Sysmon config that monitors \Keyboard Layout\Preload subkey of the HKLU hives - see https://github.com/SwiftOnSecurity/sysmon-config/pull/92/files' -detection: - selection_registry: - EventID: 13 - TargetObject: - - '*\Keyboard Layout\Preload\\*' - - '*\Keyboard Layout\Substitutes\\*' - Details|contains: - - 00000429 # Persian (Iran) - - 00050429 # Persian (Iran) - - 0000042a # Vietnamese - condition: selection_registry -falsepositives: - - "Administrators or users that actually use the selected keyboard layouts (heavily depends on the organisation's user base)" -level: medium diff --git a/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml b/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml deleted file mode 100644 index 3b1fd52b..00000000 --- a/rules/windows/sysmon/sysmon_suspicious_outbound_kerberos_connection.yml +++ /dev/null @@ -1,31 +0,0 @@ -title: Suspicious Outbound Kerberos Connection -id: e54979bd-c5f9-4d6c-967b-a04b19ac4c74 -status: experimental -description: Detects suspicious outbound network activity via kerberos default port indicating possible lateral movement or first stage PrivEsc via delegation. -references: - - https://github.com/GhostPack/Rubeus8 -author: Ilyas Ochkov, oscd.community -date: 2019/10/24 -modified: 2019/11/13 -tags: - - attack.lateral_movement - - attack.t1208 - - attack.t1558.003 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - DestinationPort: 88 - Initiated: 'true' - filter: - Image|endswith: - - '\lsass.exe' - - '\opera.exe' - - '\chrome.exe' - - '\firefox.exe' - condition: selection and not filter -falsepositives: - - Other browsers -level: high diff --git a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml deleted file mode 100644 index 1773855c..00000000 --- a/rules/windows/sysmon/sysmon_svchost_dll_search_order_hijack.yml +++ /dev/null @@ -1,35 +0,0 @@ -title: Svchost DLL Search Order Hijack -id: 602a1f13-c640-4d73-b053-be9a2fa58b77 -status: experimental -description: IKEEXT and SessionEnv service, as they call LoadLibrary on files that do not exist within C:\Windows\System32\ by default. An attacker can place their malicious logic within the PROCESS_ATTACH block of their library and restart the aforementioned services "svchost.exe -k netsvcs" to gain code execution on a remote machine. -references: - - https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992 -author: SBousseaden -date: 2019/10/28 -tags: - - attack.persistence - - attack.defense_evasion - - attack.t1073 - - attack.t1038 - - attack.t1112 - - attack.t1574.002 - - attack.t1574.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: - - '*\svchost.exe' - ImageLoaded: - - '*\tsmsisrv.dll' - - '*\tsvipsrv.dll' - - '*\wlbsctrl.dll' - filter: - ImageLoaded: - - 'C:\Windows\WinSxS\\*' - condition: selection and not filter -falsepositives: - - Pentest -level: high diff --git a/rules/windows/sysmon/sysmon_sysinternals_eula_accepted.yml b/rules/windows/sysmon/sysmon_sysinternals_eula_accepted.yml deleted file mode 100644 index 9b601372..00000000 --- a/rules/windows/sysmon/sysmon_sysinternals_eula_accepted.yml +++ /dev/null @@ -1,30 +0,0 @@ -action: global -title: Usage of Sysinternals Tools -id: 25ffa65d-76d8-4da5-a832-3f2b0136e133 -status: experimental -description: Detects the usage of Sysinternals Tools due to accepteula key being added to Registry -references: - - https://twitter.com/Moti_B/status/1008587936735035392 -date: 2017/08/28 -author: Markus Neis -detection: - condition: 1 of them -falsepositives: - - Legitimate use of SysInternals tools - - Programs that use the same Registry Key -level: low ---- -logsource: - product: windows - service: sysmon -detection: - selection1: - EventID: 13 - TargetObject: '*\EulaAccepted' ---- -logsource: - category: process_creation - product: windows -detection: - selection2: - CommandLine: '* -accepteula*' \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml b/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml deleted file mode 100644 index efb359ac..00000000 --- a/rules/windows/sysmon/sysmon_tsclient_filewrite_startup.yml +++ /dev/null @@ -1,18 +0,0 @@ -title: Hijack Legit RDP Session to Move Laterally -id: 52753ea4-b3a0-4365-910d-36cff487b789 -status: experimental -description: Detects the usage of tsclient share to place a backdoor on the RDP source machine's startup folder -date: 2019/02/21 -author: Samir Bousseaden -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - Image: '*\mstsc.exe' - TargetFilename: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' - condition: selection -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml b/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml deleted file mode 100644 index ded431bf..00000000 --- a/rules/windows/sysmon/sysmon_uac_bypass_eventvwr.yml +++ /dev/null @@ -1,34 +0,0 @@ -title: UAC Bypass via Event Viewer -id: 7c81fec3-1c1d-43b0-996a-46753041b1b6 -status: experimental -description: Detects UAC bypass method using Windows event viewer -references: - - https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/ - - https://www.hybrid-analysis.com/sample/e122bc8bf291f15cab182a5d2d27b8db1e7019e4e96bb5cdbd1dfe7446f3f51f?environmentId=100 -author: Florian Roth -date: 2017/03/19 -logsource: - product: windows - service: sysmon -detection: - methregistry: - EventID: 13 - TargetObject: 'HKU\\*\mscfile\shell\open\command' - methprocess: - EventID: 1 # Migration to process_creation requires multipart YAML - ParentImage: '*\eventvwr.exe' - filterprocess: - Image: '*\mmc.exe' - condition: methregistry or ( methprocess and not filterprocess ) -fields: - - CommandLine - - ParentCommandLine -tags: - - attack.defense_evasion - - attack.privilege_escalation - - attack.t1088 - - car.2019-04-001 - - attack.t1548.002 -falsepositives: - - unknown -level: critical diff --git a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml b/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml deleted file mode 100644 index 2e8f8c36..00000000 --- a/rules/windows/sysmon/sysmon_uac_bypass_sdclt.yml +++ /dev/null @@ -1,26 +0,0 @@ -title: UAC Bypass via Sdclt -id: 5b872a46-3b90-45c1-8419-f675db8053aa -status: experimental -description: Detects changes to HKCU:\Software\Classes\exefile\shell\runas\command\isolatedCommand -references: - - https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/ -author: Omer Yampel -date: 2017/03/17 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 13 - # usrclass.dat is mounted on HKU\USERSID_Classes\... - TargetObject: 'HKU\\*_Classes\exefile\shell\runas\command\isolatedCommand' - condition: selection -tags: - - attack.defense_evasion - - attack.privilege_escalation - - attack.t1088 - - car.2019-04-001 - - attack.t1548.002 -falsepositives: - - unknown -level: high diff --git a/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml b/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml deleted file mode 100644 index cba4a5e0..00000000 --- a/rules/windows/sysmon/sysmon_unsigned_image_loaded_into_lsass.yml +++ /dev/null @@ -1,25 +0,0 @@ -title: Unsigned Image Loaded Into LSASS Process -id: 857c8db3-c89b-42fb-882b-f681c7cf4da2 -description: Loading unsigned image (DLL, EXE) into LSASS process -author: Teymur Kheirkhabarov, oscd.community -date: 2019/10/22 -modified: 2019/11/13 -references: - - https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment -tags: - - attack.credential_access - - attack.t1003 - - attack.t1003.001 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image|endswith: '\lsass.exe' - Signed: 'false' - condition: selection -falsepositives: - - Valid user connecting using RDP -status: experimental -level: medium diff --git a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml b/rules/windows/sysmon/sysmon_webshell_creation_detect.yml deleted file mode 100644 index 64a99889..00000000 --- a/rules/windows/sysmon/sysmon_webshell_creation_detect.yml +++ /dev/null @@ -1,48 +0,0 @@ -title: Windows Webshell Creation -id: 39f1f9f2-9636-45de-98f6-a4046aa8e4b9 -status: experimental -description: Possible webshell file creation on a static web site -references: - - PT ESC rule and personal experience -author: Beyu Denis, oscd.community -date: 2019/10/22 -modified: 2020/05/18 -tags: - - attack.persistence - - attack.t1100 - - attack.t1505.003 -level: critical -logsource: - product: windows - service: sysmon -detection: - selection_1: - EventID: 11 - selection_2: - TargetFilename|contains: '\inetpub\wwwroot\' - selection_3: - TargetFilename|contains: - - '.asp' - - '.ashx' - - '.ph' - selection_4: - TargetFilename|contains: - - '\www\' - - '\htdocs\' - - '\html\' - selection_5: - TargetFilename|contains: '.ph' - selection_6: - - TargetFilename|endswith: '.jsp' - - TargetFilename|contains|all: - - '\cgi-bin\' - - '.pl' - false_positives: # false positives when unpacking some executables in $TEMP - TargetFilename|contains: - - '\AppData\Local\Temp\' - - '\Windows\Temp\' - # kind of ugly but sigmac seems not to handle double parenthesis "((" - # we shold prefer something like : selection_1 and not false_positives and ((selection_2 and selection_3) or (selection_4 and selection_5) or selection_6) - condition: (selection_1 and selection_2 and selection_3 and not false_positives) or (selection_1 and selection_4 and selection_5 and not false_positives) or (selection_1 and selection_6 and not false_positives) -falsepositives: - - Legitimate administrator or developer creating legitimate executable files in a web application folder diff --git a/rules/windows/sysmon/sysmon_win_binary_github_com.yml b/rules/windows/sysmon/sysmon_win_binary_github_com.yml deleted file mode 100644 index 0f6cd497..00000000 --- a/rules/windows/sysmon/sysmon_win_binary_github_com.yml +++ /dev/null @@ -1,28 +0,0 @@ -title: Microsoft Binary Github Communication -id: 635dbb88-67b3-4b41-9ea5-a3af2dd88153 -status: experimental -description: Detects an executable in the Windows folder accessing github.com -references: - - https://twitter.com/M_haggis/status/900741347035889665 - - https://twitter.com/M_haggis/status/1032799638213066752 -author: Michael Haag (idea), Florian Roth (rule) -date: 2017/08/24 -tags: - - attack.lateral_movement - - attack.t1105 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - Initiated: 'true' - DestinationHostname: - - '*.github.com' - - '*.githubusercontent.com' - Image: 'C:\Windows\\*' - condition: selection -falsepositives: - - 'Unknown' - - '@subTee in your network' -level: high diff --git a/rules/windows/sysmon/sysmon_win_binary_susp_com.yml b/rules/windows/sysmon/sysmon_win_binary_susp_com.yml deleted file mode 100644 index 3bcf4704..00000000 --- a/rules/windows/sysmon/sysmon_win_binary_susp_com.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Microsoft Binary Suspicious Communication Endpoint -id: e0f8ab85-0ac9-423b-a73a-81b3c7b1aa97 -status: experimental -description: Detects an executable in the Windows folder accessing suspicious domains -references: - - https://twitter.com/M_haggis/status/900741347035889665 - - https://twitter.com/M_haggis/status/1032799638213066752 -author: Florian Roth -date: 2018/08/30 -tags: - - attack.lateral_movement - - attack.t1105 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 3 - Initiated: 'true' - DestinationHostname: - - '*dl.dropboxusercontent.com' - - '*.pastebin.com' - - '*.githubusercontent.com' # includes both gists and github repositories - Image: 'C:\Windows\\*' - condition: selection -falsepositives: - - 'Unknown' -level: high - diff --git a/rules/windows/sysmon/sysmon_win_reg_persistence.yml b/rules/windows/sysmon/sysmon_win_reg_persistence.yml deleted file mode 100644 index a2d5512c..00000000 --- a/rules/windows/sysmon/sysmon_win_reg_persistence.yml +++ /dev/null @@ -1,29 +0,0 @@ -title: Registry Persistence Mechanisms -id: 36803969-5421-41ec-b92f-8500f79c23b0 -description: Detects persistence registry keys -references: - - https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/ -date: 2018/04/11 -author: Karneades -logsource: - product: windows - service: sysmon -detection: - selection_reg1: - EventID: 13 - TargetObject: - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\\*\GlobalFlag' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\ReportingMode' - - '*\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\\*\MonitorProcess' - EventType: SetValue - condition: selection_reg1 -tags: - - attack.privilege_escalation - - attack.persistence - - attack.defense_evasion - - attack.t1183 - - car.2013-01-002 - - attack.t1546.012 -falsepositives: - - unknown -level: critical diff --git a/rules/windows/sysmon/sysmon_wmi_module_load.yml b/rules/windows/sysmon/sysmon_wmi_module_load.yml deleted file mode 100644 index bee87eee..00000000 --- a/rules/windows/sysmon/sysmon_wmi_module_load.yml +++ /dev/null @@ -1,49 +0,0 @@ -title: WMI Modules Loaded -id: 671bb7e3-a020-4824-a00e-2ee5b55f385e -description: Detects non wmiprvse loading WMI modules -status: experimental -date: 2019/08/10 -modified: 2019/11/10 -author: Roberto Rodriguez @Cyb3rWard0g -references: - - https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/tree/master/playbooks/windows/02_execution/T1047_windows_management_instrumentation/wmi_wmi_module_load.md -tags: - - attack.execution - - attack.t1047 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - ImageLoaded|endswith: - - '\wmiclnt.dll' - - '\WmiApRpl.dll' - - '\wmiprov.dll' - - '\wmiutils.dll' - - '\wbemcomn.dll' - - '\wbemprox.dll' - - '\WMINet_Utils.dll' - - '\wbemsvc.dll' - - '\fastprox.dll' - filter: - Image|endswith: - - '\WmiPrvSe.exe' - - '\WmiAPsrv.exe' - - '\svchost.exe' - - '\DeviceCensus.exe' - - '\CompatTelRunner.exe' - - '\sdiagnhost.exe' - - '\SIHClient.exe' - - '\msfeedssync.exe' - - '\mmc.exe' - - '\MoUsoCoreWorker.exe' # in system32, seen on a win10 pro 2004 machine - condition: selection and not filter -fields: - - ComputerName - - User - - Image - - ImageLoaded -falsepositives: - - Unknown -level: high diff --git a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml deleted file mode 100644 index 52672a95..00000000 --- a/rules/windows/sysmon/sysmon_wmi_persistence_commandline_event_consumer.yml +++ /dev/null @@ -1,24 +0,0 @@ -title: WMI Persistence - Command Line Event Consumer -id: 05936ce2-ee05-4dae-9d03-9a391cf2d2c6 -status: experimental -description: Detects WMI command line event consumers -references: - - https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/ -author: Thomas Patzke -date: 2018/03/07 -tags: - - attack.t1084 - - attack.persistence - - attack.t1546.003 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 - Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' - ImageLoaded|endswith: '\wbemcons.dll' - condition: selection -falsepositives: - - Unknown (data set is too small; further testing needed) -level: high diff --git a/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml deleted file mode 100644 index 7095ec85..00000000 --- a/rules/windows/sysmon/sysmon_wmi_persistence_script_event_consumer_write.yml +++ /dev/null @@ -1,23 +0,0 @@ -title: WMI Persistence - Script Event Consumer File Write -id: 33f41cdd-35ac-4ba8-814b-c6a4244a1ad4 -status: experimental -description: Detects file writes of WMI script event consumer -references: - - https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/ -author: Thomas Patzke -date: 2018/03/07 -tags: - - attack.t1084 - - attack.persistence - - attack.t1546.003 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 - Image: 'C:\WINDOWS\system32\wbem\scrcons.exe' - condition: selection -falsepositives: - - Unknown (data set is too small; further testing needed) -level: high From 9c0f9f398f69c98ea49fd1f7e9ad93ab6ae4ef23 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 10:58:39 +0200 Subject: [PATCH 547/714] refactor: sysmon rule cleanup > generlization --- .../file_event/sysmon_office_persistence.yml | 30 +++++++++++++++++ .../image_load/sysmon_susp_fax_dll.yml | 33 +++++++++++++++++++ .../sysmon_regsvr32_network_activity.yml | 7 ++-- .../sysmon_apt_muddywater_dnstunnel.yml | 0 .../process_creation/sysmon_hack_wce.yml | 27 +++++++++++++++ ...n_scripts_userinitmprlogonscript_proc.yml} | 32 ++++-------------- .../sysmon_cve-2020-1048.yml | 7 ++-- .../sysmon_etw_disabled.yml | 3 +- .../registry_event/sysmon_hack_wce.yml | 21 ++---------- ...gon_scripts_userinitmprlogonscript_reg.yml | 25 ++++++++++++++ .../sysmon_reg_office_security.yml | 19 +++++------ .../sysmon_susp_lsass_dll_load.yml | 6 ++-- .../sysmon_susp_mic_cam_access.yml | 3 +- .../sysmon/sysmon_office_persistence.yml | 32 ------------------ rules/windows/sysmon/sysmon_susp_fax_dll.yml | 33 ------------------- tools/config/generic/sysmon.yml | 4 ++- 16 files changed, 144 insertions(+), 138 deletions(-) create mode 100644 rules/windows/file_event/sysmon_office_persistence.yml create mode 100644 rules/windows/image_load/sysmon_susp_fax_dll.yml rename rules/windows/{sysmon => network_connection}/sysmon_regsvr32_network_activity.yml (90%) rename rules/windows/{sysmon => process_creation}/sysmon_apt_muddywater_dnstunnel.yml (100%) create mode 100644 rules/windows/process_creation/sysmon_hack_wce.yml rename rules/windows/{sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml => process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml} (62%) rename rules/windows/{sysmon => registry_event}/sysmon_cve-2020-1048.yml (90%) rename rules/windows/{sysmon => registry_event}/sysmon_etw_disabled.yml (96%) create mode 100644 rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml rename rules/windows/{sysmon => registry_event}/sysmon_reg_office_security.yml (79%) rename rules/windows/{sysmon => registry_event}/sysmon_susp_lsass_dll_load.yml (90%) rename rules/windows/{sysmon => registry_event}/sysmon_susp_mic_cam_access.yml (95%) delete mode 100644 rules/windows/sysmon/sysmon_office_persistence.yml delete mode 100644 rules/windows/sysmon/sysmon_susp_fax_dll.yml diff --git a/rules/windows/file_event/sysmon_office_persistence.yml b/rules/windows/file_event/sysmon_office_persistence.yml new file mode 100644 index 00000000..d8ced8d0 --- /dev/null +++ b/rules/windows/file_event/sysmon_office_persistence.yml @@ -0,0 +1,30 @@ +title: Microsoft Office Add-In Loading +id: 8e1cb247-6cf6-42fa-b440-3f27d57e9936 +status: experimental +description: Detects add-ins that load when Microsoft Word or Excel starts (.wll/.xll are simply .dll fit for Word or Excel). +references: + - Internal Research +tags: + - attack.persistence + - attack.t1137 +author: NVISO +date: 2020/05/11 +logsource: + category: file_event + product: windows +detection: + wlldropped: + TargetFilename|contains: \Microsoft\Word\Startup\ + TargetFilename|endswith: .wll + xlldropped: + TargetFilename|contains: \Microsoft\Excel\Startup\ + TargetFilename|endswith: .xll + generic: + TargetFilename|contains: \Microsoft\Addins\ + TargetFilename|endswith: + - .xlam + - .xla + condition: (wlldropped or xlldropped or generic) +falsepositives: + - Legitimate add-ins +level: high diff --git a/rules/windows/image_load/sysmon_susp_fax_dll.yml b/rules/windows/image_load/sysmon_susp_fax_dll.yml new file mode 100644 index 00000000..0b1f247d --- /dev/null +++ b/rules/windows/image_load/sysmon_susp_fax_dll.yml @@ -0,0 +1,33 @@ +title: Fax Service DLL Search Order Hijack +id: 828af599-4c53-4ed2-ba4a-a9f835c434ea +status: experimental +description: The Fax service attempts to load ualapi.dll, which is non-existent. An attacker can then (side)load their own malicious DLL using this service. +references: + - https://windows-internals.com/faxing-your-way-to-system/ +author: NVISO +date: 2020/05/04 +modified: 2020/07/01 +tags: + - attack.persistence + - attack.defense_evasion + - attack.t1073 + - attack.t1038 + - attack.t1112 + - attack.t1574.001 + - attack.t1574.002 +logsource: + category: image_load + product: windows +detection: + selection: + Image|endswith: + - fxssvc.exe + ImageLoaded|endswith: + - ualapi.dll + filter: + ImageLoaded|startswith: + - C:\Windows\WinSxS\ + condition: selection and not filter +falsepositives: + - Unlikely +level: high diff --git a/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml similarity index 90% rename from rules/windows/sysmon/sysmon_regsvr32_network_activity.yml rename to rules/windows/network_connection/sysmon_regsvr32_network_activity.yml index 71c7903c..127a7172 100644 --- a/rules/windows/sysmon/sysmon_regsvr32_network_activity.yml +++ b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml @@ -13,15 +13,12 @@ tags: author: Dmitriy Lifanov, oscd.community status: experimental date: 2019/10/25 -modified: 2019/11/10 +modified: 2020/07/01 logsource: + category: network_connection product: windows - service: sysmon detection: selection: - EventID: - - 3 - - 22 Image|endswith: '\regsvr32.exe' condition: selection fields: diff --git a/rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml b/rules/windows/process_creation/sysmon_apt_muddywater_dnstunnel.yml similarity index 100% rename from rules/windows/sysmon/sysmon_apt_muddywater_dnstunnel.yml rename to rules/windows/process_creation/sysmon_apt_muddywater_dnstunnel.yml diff --git a/rules/windows/process_creation/sysmon_hack_wce.yml b/rules/windows/process_creation/sysmon_hack_wce.yml new file mode 100644 index 00000000..1c8a2234 --- /dev/null +++ b/rules/windows/process_creation/sysmon_hack_wce.yml @@ -0,0 +1,27 @@ +title: Windows Credential Editor +id: 7aa7009a-28b9-4344-8c1f-159489a390df +description: Detects the use of Windows Credential Editor (WCE) +author: Florian Roth +references: + - https://www.ampliasecurity.com/research/windows-credentials-editor/ +date: 2019/12/31 +modified: 2020/07/01 +tags: + - attack.credential_access + - attack.t1003 + - attack.s0005 +logsource: + category: process_creation + product: windows +detection: + selection1: + Imphash: + - a53a02b997935fd8eedcb5f7abab9b9f + - e96a73c7bf33a464c510ede582318bf2 + selection2: + CommandLine|endswith: '.exe -S' + ParentImage|endswith: '\services.exe' + condition: 1 of them +falsepositives: + - 'Another service that uses a single -s command line switch' +level: critical \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml b/rules/windows/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml similarity index 62% rename from rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml rename to rules/windows/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml index e2577373..f1ec0c66 100644 --- a/rules/windows/sysmon/sysmon_logon_scripts_userinitmprlogonscript.yml +++ b/rules/windows/process_creation/sysmon_logon_scripts_userinitmprlogonscript_proc.yml @@ -1,4 +1,3 @@ -action: global title: Logon Scripts (UserInitMprLogonScript) id: 0a98a10c-685d-4ab0-bddc-b6bdd1d48458 status: experimental @@ -12,11 +11,7 @@ tags: - attack.lateral_movement author: Tom Ueltschi (@c_APT_ure) date: 2019/01/12 -falsepositives: - - exclude legitimate logon scripts - - penetration tests, red teaming -level: high ---- +modified: 2020/07/01 logsource: category: process_creation product: windows @@ -29,25 +24,10 @@ detection: CommandLine|contains: - 'netlogon.bat' - 'UsrLogon.cmd' - condition: exec_selection and not exec_exclusion1 and not exec_exclusion2 ---- -logsource: - category: process_creation - product: windows -detection: create_keywords_cli: CommandLine: '*UserInitMprLogonScript*' - condition: create_keywords_cli ---- -logsource: - product: windows - service: sysmon -detection: - create_selection_reg: - EventID: - - 12 - - 13 - - 14 - create_keywords_reg: - TargetObject: '*UserInitMprLogonScript*' - condition: create_selection_reg and create_keywords_reg + condition: ( exec_selection and not exec_exclusion1 and not exec_exclusion2 ) or create_keywords_cli +falsepositives: + - exclude legitimate logon scripts + - penetration tests, red teaming +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_cve-2020-1048.yml b/rules/windows/registry_event/sysmon_cve-2020-1048.yml similarity index 90% rename from rules/windows/sysmon/sysmon_cve-2020-1048.yml rename to rules/windows/registry_event/sysmon_cve-2020-1048.yml index 9c671ad3..59f79bc3 100644 --- a/rules/windows/sysmon/sysmon_cve-2020-1048.yml +++ b/rules/windows/registry_event/sysmon_cve-2020-1048.yml @@ -11,13 +11,10 @@ tags: - attack.persistence - attack.execution logsource: - service: sysmon product: windows + category: registry_event detection: - selection: - EventID: - - 12 - - 13 + selection: TargetObject|startswith: 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports' EventType: - SetValue diff --git a/rules/windows/sysmon/sysmon_etw_disabled.yml b/rules/windows/registry_event/sysmon_etw_disabled.yml similarity index 96% rename from rules/windows/sysmon/sysmon_etw_disabled.yml rename to rules/windows/registry_event/sysmon_etw_disabled.yml index 66d27435..03e3bbd4 100644 --- a/rules/windows/sysmon/sysmon_etw_disabled.yml +++ b/rules/windows/registry_event/sysmon_etw_disabled.yml @@ -19,10 +19,9 @@ tags: - attack.t1112 logsource: product: windows - service: sysmon + category: registry_event detection: selection: - EventID: 13 TargetObject|endswith: 'SOFTWARE\Microsoft\.NETFramework\ETWEnabled' Details: 'DWORD (0x00000000)' condition: selection diff --git a/rules/windows/registry_event/sysmon_hack_wce.yml b/rules/windows/registry_event/sysmon_hack_wce.yml index 92483bee..d6c1e456 100755 --- a/rules/windows/registry_event/sysmon_hack_wce.yml +++ b/rules/windows/registry_event/sysmon_hack_wce.yml @@ -1,4 +1,3 @@ -action: global title: Windows Credential Editor id: 7aa7009a-28b9-4344-8c1f-159489a390df description: Detects the use of Windows Credential Editor (WCE) @@ -10,23 +9,6 @@ tags: - attack.credential_access - attack.t1003 - attack.s0005 -falsepositives: - - 'Another service that uses a single -s command line switch' -level: critical ---- -logsource: - category: process_creation - product: windows -detection: - selection1: - Imphash: - - a53a02b997935fd8eedcb5f7abab9b9f - - e96a73c7bf33a464c510ede582318bf2 - selection2: - CommandLine|endswith: '.exe -S' - ParentImage|endswith: '\services.exe' - condition: 1 of them ---- logsource: category: registry_event product: windows @@ -34,3 +16,6 @@ detection: selection: TargetObject|contains: Services\WCESERVICE\Start condition: selection +falsepositives: + - 'Another service that uses a single -s command line switch' +level: critical \ No newline at end of file diff --git a/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml b/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml new file mode 100644 index 00000000..96b5912e --- /dev/null +++ b/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml @@ -0,0 +1,25 @@ +title: Logon Scripts (UserInitMprLogonScript) +id: 0a98a10c-685d-4ab0-bddc-b6bdd1d48458 +status: experimental +description: Detects creation or execution of UserInitMprLogonScript persistence method +references: + - https://attack.mitre.org/techniques/T1037/ +tags: + - attack.t1037 + - attack.t1037.001 + - attack.persistence + - attack.lateral_movement +author: Tom Ueltschi (@c_APT_ure) +date: 2019/01/12 +modified: 2020/07/01 +logsource: + category: registry_event + product: windows +detection: + create_keywords_reg: + TargetObject: '*UserInitMprLogonScript*' + condition: create_keywords_reg +falsepositives: + - exclude legitimate logon scripts + - penetration tests, red teaming +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_reg_office_security.yml b/rules/windows/registry_event/sysmon_reg_office_security.yml similarity index 79% rename from rules/windows/sysmon/sysmon_reg_office_security.yml rename to rules/windows/registry_event/sysmon_reg_office_security.yml index 31fa9e19..8e538be8 100644 --- a/rules/windows/sysmon/sysmon_reg_office_security.yml +++ b/rules/windows/registry_event/sysmon_reg_office_security.yml @@ -4,27 +4,26 @@ status: experimental description: Detects registry changes to Office macro settings author: Trent Liffick (@tliffick) date: 2020/05/22 +modified: 2020/07/01 references: + - Internal Research tags: - attack.defense_evasion - attack.t1112 -falsepositives: - - Valid Macros and/or internal documents -level: high logsource: - service: sysmon - product: windows + category: registry_event + product: windows detection: sec_settings: - EventID: - - 12 - - 13 - TargetObject|endswith: + TargetObject|endswith: - '*\Security\Trusted Documents\TrustRecords' - '*\Security\AccessVBOM' - '*\Security\VBAWarnings' - EventType: + EventType: - SetValue - DeleteValue - CreateValue condition: sec_settings +falsepositives: + - Valid Macros and/or internal documents +level: high \ No newline at end of file diff --git a/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml b/rules/windows/registry_event/sysmon_susp_lsass_dll_load.yml similarity index 90% rename from rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml rename to rules/windows/registry_event/sysmon_susp_lsass_dll_load.yml index 44a1020d..b9358ced 100644 --- a/rules/windows/sysmon/sysmon_susp_lsass_dll_load.yml +++ b/rules/windows/registry_event/sysmon_susp_lsass_dll_load.yml @@ -4,17 +4,15 @@ status: experimental description: Detects a method to load DLL via LSASS process using an undocumented Registry key author: Florian Roth date: 2019/10/16 +modified: 2020/07/01 references: - https://blog.xpnsec.com/exploring-mimikatz-part-1/ - https://twitter.com/SBousseaden/status/1183745981189427200 logsource: + category: registry_event product: windows - service: sysmon detection: selection: - EventID: - - 12 - - 13 TargetObject: - '*\CurrentControlSet\Services\NTDS\DirectoryServiceExtPt*' - '*\CurrentControlSet\Services\NTDS\LsaDbExtPt*' diff --git a/rules/windows/sysmon/sysmon_susp_mic_cam_access.yml b/rules/windows/registry_event/sysmon_susp_mic_cam_access.yml similarity index 95% rename from rules/windows/sysmon/sysmon_susp_mic_cam_access.yml rename to rules/windows/registry_event/sysmon_susp_mic_cam_access.yml index ad3c2937..66d0e60a 100644 --- a/rules/windows/sysmon/sysmon_susp_mic_cam_access.yml +++ b/rules/windows/registry_event/sysmon_susp_mic_cam_access.yml @@ -10,11 +10,10 @@ tags: - attack.t1125 - attack.t1123 logsource: - category: sysmon + category: registry_event product: windows detection: selection_1: - EventId: 13 TargetObject|contains: - \Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\\*\NonPackaged selection_2: diff --git a/rules/windows/sysmon/sysmon_office_persistence.yml b/rules/windows/sysmon/sysmon_office_persistence.yml deleted file mode 100644 index 813929a0..00000000 --- a/rules/windows/sysmon/sysmon_office_persistence.yml +++ /dev/null @@ -1,32 +0,0 @@ -title: Microsoft Office Add-In Loading -id: 8e1cb247-6cf6-42fa-b440-3f27d57e9936 -status: experimental -description: Detects add-ins that load when Microsoft Word or Excel starts (.wll/.xll are simply .dll fit for Word or Excel). -references: - - Internal research -tags: - - attack.persistence - - attack.t1137 -author: NVISO -date: 2020/05/11 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 11 #FileCreate - wlldropped: - TargetFilename|contains: \Microsoft\Word\Startup\ - TargetFilename|endswith: .wll - xlldropped: - TargetFilename|contains: \Microsoft\Excel\Startup\ - TargetFilename|endswith: .xll - generic: - TargetFilename|contains: \Microsoft\Addins\ - TargetFilename|endswith: - - .xlam - - .xla - condition: selection and (wlldropped or xlldropped or generic) -falsepositives: - - Legitimate add-ins -level: high diff --git a/rules/windows/sysmon/sysmon_susp_fax_dll.yml b/rules/windows/sysmon/sysmon_susp_fax_dll.yml deleted file mode 100644 index 14b91c1a..00000000 --- a/rules/windows/sysmon/sysmon_susp_fax_dll.yml +++ /dev/null @@ -1,33 +0,0 @@ -title: Fax Service DLL Search Order Hijack -id: 828af599-4c53-4ed2-ba4a-a9f835c434ea -status: experimental -description: The Fax service attempts to load ualapi.dll, which is non-existent. An attacker can then (side)load their own malicious DLL using this service. -references: - - https://windows-internals.com/faxing-your-way-to-system/ -author: NVISO -date: 2020/05/04 -tags: - - attack.persistence - - attack.defense_evasion - - attack.t1073 - - attack.t1038 - - attack.t1112 - - attack.t1574.001 - - attack.t1574.002 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 7 #ImageLoaded - Image|endswith: - - fxssvc.exe - ImageLoaded|endswith: - - ualapi.dll - filter: - ImageLoaded|startswith: - - C:\Windows\WinSxS\ - condition: selection and not filter -falsepositives: - - Unlikely -level: high diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index 0d97f379..963731c9 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -13,7 +13,9 @@ logsources: category: network_connection product: windows conditions: - EventID: 3 + EventID: + - 3 + - 22 rewrite: product: windows service: sysmon From 4c4ed1a4a2ba6678680bc902721a78dca5170bdf Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 1 Jul 2020 16:37:27 +0200 Subject: [PATCH 548/714] fix: duplicate IDs and rule titles --- .../{sysmon_hack_wce.yml => sysmon_hack_wce_reg.yml} | 4 ++-- .../sysmon_logon_scripts_userinitmprlogonscript_reg.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) rename rules/windows/registry_event/{sysmon_hack_wce.yml => sysmon_hack_wce_reg.yml} (84%) diff --git a/rules/windows/registry_event/sysmon_hack_wce.yml b/rules/windows/registry_event/sysmon_hack_wce_reg.yml similarity index 84% rename from rules/windows/registry_event/sysmon_hack_wce.yml rename to rules/windows/registry_event/sysmon_hack_wce_reg.yml index d6c1e456..81c19231 100755 --- a/rules/windows/registry_event/sysmon_hack_wce.yml +++ b/rules/windows/registry_event/sysmon_hack_wce_reg.yml @@ -1,5 +1,5 @@ -title: Windows Credential Editor -id: 7aa7009a-28b9-4344-8c1f-159489a390df +title: Windows Credential Editor Registry +id: a6b33c02-8305-488f-8585-03cb2a7763f2 description: Detects the use of Windows Credential Editor (WCE) author: Florian Roth references: diff --git a/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml b/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml index 96b5912e..35024372 100644 --- a/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml +++ b/rules/windows/registry_event/sysmon_logon_scripts_userinitmprlogonscript_reg.yml @@ -1,5 +1,5 @@ -title: Logon Scripts (UserInitMprLogonScript) -id: 0a98a10c-685d-4ab0-bddc-b6bdd1d48458 +title: Logon Scripts (UserInitMprLogonScript) Registry +id: 9ace0707-b560-49b8-b6ca-5148b42f39fb status: experimental description: Detects creation or execution of UserInitMprLogonScript persistence method references: From 43e5ae5d24e498f71c997205fa137dfab5fb60f0 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Thu, 2 Jul 2020 23:20:36 +0200 Subject: [PATCH 549/714] Added Windows NTLM log source + fixes --- tools/config/arcsight.yml | 7 ++++++- tools/config/elk-windows.yml | 7 ++++++- tools/config/elk-winlogbeat-sp.yml | 7 ++++++- tools/config/elk-winlogbeat.yml | 7 ++++++- tools/config/logpoint-windows.yml | 9 +++++++-- tools/config/logstash-windows.yml | 5 +++++ tools/config/sumologic.yml | 5 +++++ tools/config/thor.yml | 5 +++++ tools/config/winlogbeat-modules-enabled.yml | 5 +++++ tools/config/winlogbeat-old.yml | 11 ++++++++--- tools/config/winlogbeat.yml | 9 +++++++-- 11 files changed, 66 insertions(+), 11 deletions(-) diff --git a/tools/config/arcsight.yml b/tools/config/arcsight.yml index d9dd1d7b..ba5ef780 100644 --- a/tools/config/arcsight.yml +++ b/tools/config/arcsight.yml @@ -60,6 +60,11 @@ logsources: service: powershell conditions: deviceVendor: Microsoft + windows-ntlm: + product: windows + service: ntlm + conditions: + deviceVendor: Microsoft windows-dhcp: product: windows service: dhcp @@ -477,4 +482,4 @@ fieldmappings: TicketEncryptionType: deviceCustomString1 TicketOptions: deviceCustomString1 winlog.channel: deviceCustomString1 - WorkstationName: deviceCustomString1 \ No newline at end of file + WorkstationName: deviceCustomString1 diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml index d223098f..42bec150 100644 --- a/tools/config/elk-windows.yml +++ b/tools/config/elk-windows.yml @@ -27,5 +27,10 @@ logsources: product: windows service: driver-framework conditions: - source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + EventLog: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + EventLog: 'Microsoft-Windows-NTLM/Operational' defaultindex: logstash-* diff --git a/tools/config/elk-winlogbeat-sp.yml b/tools/config/elk-winlogbeat-sp.yml index 02ab771a..4c1ded4e 100644 --- a/tools/config/elk-winlogbeat-sp.yml +++ b/tools/config/elk-winlogbeat-sp.yml @@ -27,7 +27,12 @@ logsources: product: windows service: driver-framework conditions: - source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + log_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + log_name: 'Microsoft-Windows-NTLM/Operational' defaultindex: # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml index 97567ea9..25c4525b 100644 --- a/tools/config/elk-winlogbeat.yml +++ b/tools/config/elk-winlogbeat.yml @@ -27,7 +27,12 @@ logsources: product: windows service: driver-framework conditions: - source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + log_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + log_name: 'Microsoft-Windows-NTLM/Operational' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' diff --git a/tools/config/logpoint-windows.yml b/tools/config/logpoint-windows.yml index ad7b425f..5dbd3fdb 100644 --- a/tools/config/logpoint-windows.yml +++ b/tools/config/logpoint-windows.yml @@ -22,12 +22,17 @@ logsources: product: windows service: driver-framework conditions: - source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + event_source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' windows-dhcp: product: windows service: dhcp conditions: - source: 'Microsoft-Windows-DHCP-Server/Operational' + event_source: 'Microsoft-Windows-DHCP-Server/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + event_source: 'Microsoft-Windows-NTLM/Operational' fieldmappings: EventID: event_id diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml index dd042220..9a939be5 100644 --- a/tools/config/logstash-windows.yml +++ b/tools/config/logstash-windows.yml @@ -48,4 +48,9 @@ logsources: service: windefend conditions: Channel: 'Microsoft-Windows-Windows Defender/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + Channel: 'Microsoft-Windows-NTLM/Operational' defaultindex: logstash-* diff --git a/tools/config/sumologic.yml b/tools/config/sumologic.yml index 09e83fbb..27355be0 100644 --- a/tools/config/sumologic.yml +++ b/tools/config/sumologic.yml @@ -57,6 +57,11 @@ logsources: conditions: EventChannel: Microsoft-Windows-DHCP-Server index: WINDOWS + windows-ntlm: + product: windows + service: ntlm + conditions: + EventChannel: 'Microsoft-Windows-NTLM/Operational' apache: product: apache service: apache diff --git a/tools/config/thor.yml b/tools/config/thor.yml index 7cfe5299..9e6c8658 100644 --- a/tools/config/thor.yml +++ b/tools/config/thor.yml @@ -66,6 +66,11 @@ logsources: service: dhcp sources: - 'WinEventLog:Microsoft-Windows-DHCP-Server/Operational' + windows-ntlm: + product: windows + service: ntlm + sources: + - 'Microsoft-Windows-NTLM/Operational' apache: category: webserver sources: diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index cac85f32..f0cab88c 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -44,6 +44,11 @@ logsources: service: dhcp conditions: winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + winlog.provider_name: 'Microsoft-Windows-NTLM/Operational' windows-defender: product: windows service: windefend diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index a5c2474c..6bb0daaa 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -37,17 +37,22 @@ logsources: product: windows service: driver-framework conditions: - source: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + log_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' windows-dhcp: product: windows service: dhcp conditions: - source: 'Microsoft-Windows-DHCP-Server/Operational' + log_name: 'Microsoft-Windows-DHCP-Server/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + log_name: 'Microsoft-Windows-NTLM/Operational' windows-defender: product: windows service: windefend conditions: - source: 'Microsoft-Windows-Windows Defender/Operational' + log_name: 'Microsoft-Windows-Windows Defender/Operational' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index fe8dd96f..2a30094d 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -37,12 +37,17 @@ logsources: product: windows service: driver-framework conditions: - winlog.provider_name: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' + winlog.channel: 'Microsoft-Windows-DriverFrameworks-UserMode/Operational' windows-dhcp: product: windows service: dhcp conditions: - winlog.provider_name: 'Microsoft-Windows-DHCP-Server/Operational' + winlog.channel: 'Microsoft-Windows-DHCP-Server/Operational' + windows-ntlm: + product: windows + service: ntlm + conditions: + winlog.channel: 'Microsoft-Windows-NTLM/Operational' windows-defender: product: windows service: windefend From 33fef8bcf563e3ea2e13499d614d4b6e0c0638ec Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 09:45:48 +0200 Subject: [PATCH 550/714] DesktopImgDownLdr rules --- .../win_susp_desktopimgdownldr_file.yml | 24 ++++++++++++++ .../win_susp_desktopimgdownldr.yml | 33 +++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 rules/windows/file_event/win_susp_desktopimgdownldr_file.yml create mode 100644 rules/windows/process_creation/win_susp_desktopimgdownldr.yml diff --git a/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml new file mode 100644 index 00000000..0ea9f555 --- /dev/null +++ b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml @@ -0,0 +1,24 @@ +title: Suspicious Desktopimgdownldr Command +id: fc4f4817-0c53-4683-a4ee-b17a64bc1039 +status: experimental +description: Detects a suspicious Microsoft desktopimgdownldr execution with parameters used to download files from the Internet +author: Florian Roth +date: 2020/07/03 +references: + - https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/ +logsource: + product: windows + category: file_event +tags: + - attack.defense_evasion + - attack.t1105 +detection: + selection1: + + condition: selection1 and not selection1_filter or selection_reg +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - False positives depend on scripts and administrative tools used in the monitored environment +level: high diff --git a/rules/windows/process_creation/win_susp_desktopimgdownldr.yml b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml new file mode 100644 index 00000000..03974680 --- /dev/null +++ b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml @@ -0,0 +1,33 @@ +title: Suspicious Desktopimgdownldr Command +id: bb58aa4a-b80b-415a-a2c0-2f65a4c81009 +status: experimental +description: Detects a suspicious Microsoft desktopimgdownldr execution with parameters used to download files from the Internet +author: Florian Roth +date: 2020/07/03 +references: + - https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/ +logsource: + category: process_creation + product: windows +tags: + - attack.defense_evasion + - attack.t1105 +detection: + selection1: + CommandLine|contains: ' /lockscreenurl:' + selection2_filter: + CommandLine|contains: + - '.jpg' + - '.jpeg' + - '.png' + selection_reg: + CommandLine|contains|all: + - 'reg delete' + - '\PersonalizationCSP' + condition: selection1 and not selection1_filter or selection_reg +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - False positives depend on scripts and administrative tools used in the monitored environment +level: high From 01ed87186f214bba981e94944ef1b7e20ff27462 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 09:45:58 +0200 Subject: [PATCH 551/714] Copy From System Root rule --- .../win_susp_copy_systemroot.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_copy_systemroot.yml diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml new file mode 100644 index 00000000..901ebbbb --- /dev/null +++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml @@ -0,0 +1,25 @@ +title: Suspicious Copy From System Root +id: fff9d2b7-e11c-4a69-93d3-40ef66189767 +status: experimental +description: Detects a suspicious copy command that copies a system program from System32 to another directory on disk - sometimes used to use LOLBINs like certutil or desktopimgdownldr to a different location with a different name +author: Florian Roth +date: 2020/07/03 +references: + - Internal Research +logsource: + category: process_creation + product: windows +tags: + - attack.defense_evasion +detection: + selection: + CommandLine|contains: + - 'cmd.exe /c %SysteRoot%' + - 'cmd.exe /c C:\Windows' + condition: 1 of them +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - False positives depend on scripts and administrative tools used in the monitored environment +level: high From 1f0b1e58a9645f97f9f4d700bec53edd58630b12 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 09:54:10 +0200 Subject: [PATCH 552/714] fix: bugs in rule and title --- .../win_susp_desktopimgdownldr_file.yml | 18 +++++++++++++----- .../win_susp_copy_systemroot.yml | 2 +- .../win_susp_desktopimgdownldr.yml | 4 ++-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml index 0ea9f555..2ce88f5b 100644 --- a/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml +++ b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml @@ -1,7 +1,7 @@ -title: Suspicious Desktopimgdownldr Command +title: Suspicious Desktopimgdownldr Target File id: fc4f4817-0c53-4683-a4ee-b17a64bc1039 status: experimental -description: Detects a suspicious Microsoft desktopimgdownldr execution with parameters used to download files from the Internet +description: Detects a suspicious Microsoft desktopimgdownldr file creation that stores a file to a suspicious location or contains a file with a suspicious extension author: Florian Roth date: 2020/07/03 references: @@ -13,9 +13,17 @@ tags: - attack.defense_evasion - attack.t1105 detection: - selection1: - - condition: selection1 and not selection1_filter or selection_reg + selection: + Image|endswith: svchost.exe + TargetFilename|contains: '\Personalization\LockScreenImage\' + filter1: + TargetFilename|contains: 'C:\Windows\' + filter2: + TargetFilename|contains: + - '.jpg' + - '.jpeg' + - '.png' + condition: selection and not filter1 and not filter2 fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml index 901ebbbb..b4d19669 100644 --- a/rules/windows/process_creation/win_susp_copy_systemroot.yml +++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml @@ -16,7 +16,7 @@ detection: CommandLine|contains: - 'cmd.exe /c %SysteRoot%' - 'cmd.exe /c C:\Windows' - condition: 1 of them + condition: selection fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/process_creation/win_susp_desktopimgdownldr.yml b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml index 03974680..207cd8c0 100644 --- a/rules/windows/process_creation/win_susp_desktopimgdownldr.yml +++ b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml @@ -15,7 +15,7 @@ tags: detection: selection1: CommandLine|contains: ' /lockscreenurl:' - selection2_filter: + selection1_filter: CommandLine|contains: - '.jpg' - '.jpeg' @@ -24,7 +24,7 @@ detection: CommandLine|contains|all: - 'reg delete' - '\PersonalizationCSP' - condition: selection1 and not selection1_filter or selection_reg + condition: ( selection1 and not selection1_filter ) or selection_reg fields: - CommandLine - ParentCommandLine From 0fa1c1525b05b63cd65c05256ce683540df95d16 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 10:17:34 +0200 Subject: [PATCH 553/714] fix: missing copy command --- rules/windows/process_creation/win_susp_copy_systemroot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml index b4d19669..7c37dd96 100644 --- a/rules/windows/process_creation/win_susp_copy_systemroot.yml +++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml @@ -14,8 +14,8 @@ tags: detection: selection: CommandLine|contains: - - 'cmd.exe /c %SysteRoot%' - - 'cmd.exe /c C:\Windows' + - 'cmd.exe /c copy %SysteRoot%' + - 'cmd.exe /c copy C:\Windows' condition: selection fields: - CommandLine From 34ea706e4fe91c8a2c7ae11b953407e1dd67a319 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 10:24:58 +0200 Subject: [PATCH 554/714] fix: typo in systemroot --- rules/windows/process_creation/win_susp_copy_systemroot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_systemroot.yml index 7c37dd96..7633bb10 100644 --- a/rules/windows/process_creation/win_susp_copy_systemroot.yml +++ b/rules/windows/process_creation/win_susp_copy_systemroot.yml @@ -14,7 +14,7 @@ tags: detection: selection: CommandLine|contains: - - 'cmd.exe /c copy %SysteRoot%' + - 'cmd.exe /c copy %SystemRoot%' - 'cmd.exe /c copy C:\Windows' condition: selection fields: From 3bea08edfcdd29ba95fc2df05c147d18a469e149 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 10:56:26 +0200 Subject: [PATCH 555/714] refactor: copy from/to system32 rule --- ...py_systemroot.yml => win_susp_copy_system32.yml} | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) rename rules/windows/process_creation/{win_susp_copy_systemroot.yml => win_susp_copy_system32.yml} (62%) diff --git a/rules/windows/process_creation/win_susp_copy_systemroot.yml b/rules/windows/process_creation/win_susp_copy_system32.yml similarity index 62% rename from rules/windows/process_creation/win_susp_copy_systemroot.yml rename to rules/windows/process_creation/win_susp_copy_system32.yml index 7633bb10..73b86a70 100644 --- a/rules/windows/process_creation/win_susp_copy_systemroot.yml +++ b/rules/windows/process_creation/win_susp_copy_system32.yml @@ -1,11 +1,11 @@ -title: Suspicious Copy From System Root +title: Suspicious Copy From or To System32 id: fff9d2b7-e11c-4a69-93d3-40ef66189767 status: experimental description: Detects a suspicious copy command that copies a system program from System32 to another directory on disk - sometimes used to use LOLBINs like certutil or desktopimgdownldr to a different location with a different name -author: Florian Roth +author: Florian Roth, Markus Neis date: 2020/07/03 references: - - Internal Research + - https://www.hybrid-analysis.com/sample/8da5b75b6380a41eee3a399c43dfe0d99eeefaa1fd21027a07b1ecaa4cd96fdd?environmentId=120 logsource: category: process_creation product: windows @@ -13,13 +13,12 @@ tags: - attack.defense_evasion detection: selection: - CommandLine|contains: - - 'cmd.exe /c copy %SystemRoot%' - - 'cmd.exe /c copy C:\Windows' + CommandLine|contains: ' /c copy *\System32\' condition: selection fields: - CommandLine - ParentCommandLine falsepositives: - False positives depend on scripts and administrative tools used in the monitored environment -level: high + - Admin scripts like https://www.itexperience.net/sccm-batch-files-and-32-bits-processes-on-64-bits-os/ +level: medium From 0bbf40fb14e85e5b10d0d7e479c19577cc8095b7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 11:03:45 +0200 Subject: [PATCH 556/714] refactor: include xcopy --- rules/windows/process_creation/win_susp_copy_system32.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_copy_system32.yml b/rules/windows/process_creation/win_susp_copy_system32.yml index 73b86a70..9c8f8b41 100644 --- a/rules/windows/process_creation/win_susp_copy_system32.yml +++ b/rules/windows/process_creation/win_susp_copy_system32.yml @@ -13,7 +13,9 @@ tags: - attack.defense_evasion detection: selection: - CommandLine|contains: ' /c copy *\System32\' + CommandLine|contains: + - ' /c copy *\System32\' + - 'xcopy*\System32\' condition: selection fields: - CommandLine From d12b8347dcb11f865e5b59be083a80236fdab87d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 11:19:11 +0200 Subject: [PATCH 557/714] fix: bug in cmstp rule https://github.com/Neo23x0/sigma/issues/876 --- rules/windows/process_creation/win_cmstp_com_object_access.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_cmstp_com_object_access.yml b/rules/windows/process_creation/win_cmstp_com_object_access.yml index ffa1d6f5..82df6f7d 100644 --- a/rules/windows/process_creation/win_cmstp_com_object_access.yml +++ b/rules/windows/process_creation/win_cmstp_com_object_access.yml @@ -23,7 +23,7 @@ logsource: product: windows detection: selection1: - ParentCommandLine: '*\DllHost.exe' + ParentCommandLine: '*\DllHost.exe *' selection2: ParentCommandLine: - '*{3E5FC7F9-9A51-4367-9063-A120244FBEC7}' From 3111ab839614b6ea824b8e827380414a6e622c1e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 11:20:36 +0200 Subject: [PATCH 558/714] refactor: new way to write that rule --- .../process_creation/win_cmstp_com_object_access.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/process_creation/win_cmstp_com_object_access.yml b/rules/windows/process_creation/win_cmstp_com_object_access.yml index 82df6f7d..599fe2af 100644 --- a/rules/windows/process_creation/win_cmstp_com_object_access.yml +++ b/rules/windows/process_creation/win_cmstp_com_object_access.yml @@ -23,11 +23,11 @@ logsource: product: windows detection: selection1: - ParentCommandLine: '*\DllHost.exe *' + ParentCommandLine|contains: '\DllHost.exe ' selection2: - ParentCommandLine: - - '*{3E5FC7F9-9A51-4367-9063-A120244FBEC7}' - - '*{3E000D72-A845-4CD9-BD83-80C07C3B881F}' + ParentCommandLine|endswith: + - '{3E5FC7F9-9A51-4367-9063-A120244FBEC7}' + - '{3E000D72-A845-4CD9-BD83-80C07C3B881F}' condition: selection1 and selection2 fields: - CommandLine From 5f04fcccf51917ae04082c428b0d9f4cffe4e8f2 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 11:22:06 +0200 Subject: [PATCH 559/714] fix: broken links --- rules/windows/process_access/sysmon_cmstp_execution.yml | 2 +- rules/windows/process_creation/win_cmstp_com_object_access.yml | 2 +- rules/windows/registry_event/sysmon_cmstp_execution.yml | 2 +- rules/windows/sysmon/sysmon_cmstp_execution.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/windows/process_access/sysmon_cmstp_execution.yml b/rules/windows/process_access/sysmon_cmstp_execution.yml index 66c5a5ff..294afe07 100755 --- a/rules/windows/process_access/sysmon_cmstp_execution.yml +++ b/rules/windows/process_access/sysmon_cmstp_execution.yml @@ -12,7 +12,7 @@ tags: author: Nik Seetharaman date: 2018/07/16 references: - - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ + - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/process_creation/win_cmstp_com_object_access.yml b/rules/windows/process_creation/win_cmstp_com_object_access.yml index 599fe2af..0a4be843 100644 --- a/rules/windows/process_creation/win_cmstp_com_object_access.yml +++ b/rules/windows/process_creation/win_cmstp_com_object_access.yml @@ -16,7 +16,7 @@ author: Nik Seetharaman modified: 2019/07/31 date: 2019/01/16 references: - - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ + - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ - https://twitter.com/hFireF0X/status/897640081053364225 logsource: category: process_creation diff --git a/rules/windows/registry_event/sysmon_cmstp_execution.yml b/rules/windows/registry_event/sysmon_cmstp_execution.yml index a8083a24..daf6faa1 100755 --- a/rules/windows/registry_event/sysmon_cmstp_execution.yml +++ b/rules/windows/registry_event/sysmon_cmstp_execution.yml @@ -12,7 +12,7 @@ tags: author: Nik Seetharaman date: 2018/07/16 references: - - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ + - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ fields: - CommandLine - ParentCommandLine diff --git a/rules/windows/sysmon/sysmon_cmstp_execution.yml b/rules/windows/sysmon/sysmon_cmstp_execution.yml index e3b04a18..c6154de4 100644 --- a/rules/windows/sysmon/sysmon_cmstp_execution.yml +++ b/rules/windows/sysmon/sysmon_cmstp_execution.yml @@ -12,7 +12,7 @@ tags: author: Nik Seetharaman date: 2018/07/16 references: - - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ + - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/ detection: condition: 1 of them fields: From b9966a173c7e0facd4cbc236234dff0c735087d4 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 11:32:49 +0200 Subject: [PATCH 560/714] Update lnx_file_copy.yml --- rules/linux/lnx_file_copy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_file_copy.yml b/rules/linux/lnx_file_copy.yml index 3c1f9060..5a9d1b32 100644 --- a/rules/linux/lnx_file_copy.yml +++ b/rules/linux/lnx_file_copy.yml @@ -1,6 +1,6 @@ title: Remote File Copy id: 7a14080d-a048-4de8-ae58-604ce58a795b -description: Detects using remote file copy tools +description: Detects the use of tools that copy files from or to remote systems references: - https://attack.mitre.org/techniques/T1105/ author: Ömer Günal From abf5f799d6c56997c5243546c5926823de6617bd Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 13:19:44 +0200 Subject: [PATCH 561/714] docs: more references --- rules/windows/file_event/win_susp_desktopimgdownldr_file.yml | 1 + rules/windows/process_creation/win_susp_desktopimgdownldr.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml index 2ce88f5b..21d65214 100644 --- a/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml +++ b/rules/windows/file_event/win_susp_desktopimgdownldr_file.yml @@ -6,6 +6,7 @@ author: Florian Roth date: 2020/07/03 references: - https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/ + - https://twitter.com/SBousseaden/status/1278977301745741825 logsource: product: windows category: file_event diff --git a/rules/windows/process_creation/win_susp_desktopimgdownldr.yml b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml index 207cd8c0..bf66b5ff 100644 --- a/rules/windows/process_creation/win_susp_desktopimgdownldr.yml +++ b/rules/windows/process_creation/win_susp_desktopimgdownldr.yml @@ -6,6 +6,7 @@ author: Florian Roth date: 2020/07/03 references: - https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/ + - https://twitter.com/SBousseaden/status/1278977301745741825 logsource: category: process_creation product: windows From 5dd5b87f438904ffb27714ac61197470413acb97 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 13:20:03 +0200 Subject: [PATCH 562/714] rule: guacamole exploitation detection --- rules/linux/lnx_susp_guacamole.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 rules/linux/lnx_susp_guacamole.yml diff --git a/rules/linux/lnx_susp_guacamole.yml b/rules/linux/lnx_susp_guacamole.yml new file mode 100644 index 00000000..fb26d8eb --- /dev/null +++ b/rules/linux/lnx_susp_guacamole.yml @@ -0,0 +1,20 @@ +title: Guacamole Two Users Sharing Session Anomaly +status: experimental +id: 1edd77db-0669-4fef-9598-165bda82826d +description: Detects suspicious session with two users present +references: + - https://research.checkpoint.com/2020/apache-guacamole-rce/ +author: Florian Roth +date: 2020/07/03 +logsource: + product: linux + service: guacamole +detection: + selection|all: + - 'joined connection' + - '(2 users now present)' + condition: selection +falsepositives: + - Unknown +level: high + From 4dc818aafd68feba87f897037d72517022599cbc Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 13:20:24 +0200 Subject: [PATCH 563/714] fix: rar flags rule caused too many FPs --- rules/windows/process_creation/win_susp_rar_flags.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_rar_flags.yml b/rules/windows/process_creation/win_susp_rar_flags.yml index 1840fe8d..3ae37c20 100644 --- a/rules/windows/process_creation/win_susp_rar_flags.yml +++ b/rules/windows/process_creation/win_susp_rar_flags.yml @@ -14,7 +14,7 @@ logsource: product: windows detection: selection: - CommandLine|contains: + CommandLine|contains|all: - ' -hp' - ' -m' condition: selection From 8a0262d1a2037129ed223e81d9fe87dacb2cc178 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 15:08:20 +0200 Subject: [PATCH 564/714] fix: in linux keyword expression --- rules/linux/lnx_susp_guacamole.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rules/linux/lnx_susp_guacamole.yml b/rules/linux/lnx_susp_guacamole.yml index fb26d8eb..a224144a 100644 --- a/rules/linux/lnx_susp_guacamole.yml +++ b/rules/linux/lnx_susp_guacamole.yml @@ -10,8 +10,7 @@ logsource: product: linux service: guacamole detection: - selection|all: - - 'joined connection' + selection: - '(2 users now present)' condition: selection falsepositives: From 4d9e2e8c162d108e4dad18bf169d0aa7f9d40c01 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 17:59:50 +0200 Subject: [PATCH 565/714] fix: trailing white space --- rules/windows/process_creation/win_exploit_cve_2015_1641.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2015_1641.yml b/rules/windows/process_creation/win_exploit_cve_2015_1641.yml index ed4fa987..2a5fb7d4 100644 --- a/rules/windows/process_creation/win_exploit_cve_2015_1641.yml +++ b/rules/windows/process_creation/win_exploit_cve_2015_1641.yml @@ -16,7 +16,7 @@ logsource: detection: selection: ParentImage: '*\WINWORD.EXE' - Image: '*\MicroScMgmt.exe ' + Image: '*\MicroScMgmt.exe' condition: selection falsepositives: - Unknown From c4267a461498ef3b8a45fe96813746b007e8b7cf Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 18:20:44 +0200 Subject: [PATCH 566/714] rule: suspicious curl file upload --- .../win_susp_curl_fileupload.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_curl_fileupload.yml diff --git a/rules/windows/process_creation/win_susp_curl_fileupload.yml b/rules/windows/process_creation/win_susp_curl_fileupload.yml new file mode 100644 index 00000000..c1b8f104 --- /dev/null +++ b/rules/windows/process_creation/win_susp_curl_fileupload.yml @@ -0,0 +1,26 @@ +title: Suspicious Curl File Upload +id: 00bca14a-df4e-4649-9054-3f2aa676bc04 +status: experimental +description: Detects a suspicious curl process start the adds a file to a web request +author: Florian Roth +date: 2020/07/03 +references: + - https://twitter.com/d1r4c/status/1279042657508081664 + - https://medium.com/@petehouston/upload-files-with-curl-93064dcccc76 +logsource: + category: process_creation + product: windows +tags: + - attack.defense_evasion + - attack.t1105 +detection: + selection: + Image|endswith: '\curl.exe' + CommandLine|contains: ' -F ' + condition: selection +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Scripts created by developers and admins +level: medium From 11517edbd70b1ba4bb04e291f384c1a4e5f277f9 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 3 Jul 2020 18:55:44 +0200 Subject: [PATCH 567/714] rule: suspicious curl usage --- .../win_susp_curl_download.yml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_curl_download.yml diff --git a/rules/windows/process_creation/win_susp_curl_download.yml b/rules/windows/process_creation/win_susp_curl_download.yml new file mode 100644 index 00000000..9580d77b --- /dev/null +++ b/rules/windows/process_creation/win_susp_curl_download.yml @@ -0,0 +1,29 @@ +title: Suspicious Curl Usage on Windows +id: e218595b-bbe7-4ee5-8a96-f32a24ad3468 +status: experimental +description: Detects a suspicious curl process start on Windows and outputs the requested document to a local file +author: Florian Roth +date: 2020/07/03 +references: + - https://twitter.com/reegun21/status/1222093798009790464 +logsource: + category: process_creation + product: windows +tags: + - attack.defense_evasion + - attack.t1105 +detection: + selection1: + Image|endswith: '\curl.exe' + selection2: + Product: 'The curl executable' + selection3: + CommandLine|contains: ' -O ' + condition: ( selection1 or selection2 ) and selection3 +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Scripts created by developers and admins + - Administrative activity +level: medium From 4b3163335547aa67a1e5869723696ab1c5a99b32 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Fri, 3 Jul 2020 16:20:37 -0400 Subject: [PATCH 568/714] Fixes for rules in new sysmon registry_event category To be consistent with the behaviour of the other rules, the eventID should not be specified as part of the rule. The category defines the eventID. --- ...sable_security_events_logging_adding_reg_key_minint.yml | 3 +-- .../sysmon_new_dll_added_to_appcertdlls_registry_key.yml | 7 ++----- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index 4c260e28..83c015d2 100755 --- a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -15,8 +15,7 @@ logsource: product: windows detection: selection: - - EventID: 12 # key create - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\MiniNt' EventType: 'CreateKey' # we don't want deletekey - # key rename diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml index 8d795a34..00ff3e06 100755 --- a/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml +++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appcertdlls_registry_key.yml @@ -17,12 +17,9 @@ logsource: product: windows detection: selection: - - EventID: - - 12 # key create - - 13 # value set - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one + - # Sysmon gives us HKLM\SYSTEM\CurrentControlSet\.. if ControlSetXX is the selected one TargetObject: 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls' - - # key rename + - # key rename NewName: 'HKLM\SYSTEM\CurentControlSet\Control\Session Manager\AppCertDlls' condition: selection fields: From 1e9d0e9653837347f318671c16e6232d9b98f50f Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Fri, 3 Jul 2020 16:22:29 -0400 Subject: [PATCH 569/714] Fixes for rules in the sysmon file_event category Fix a couple of typos For sysmon_hack_dumpert: Make sure the logsource is category file_event and not sysmon. Don't set the category at the global level. Instead set in the individual document. --- rules/windows/file_event/sysmon_hack_dumpert.yml | 5 +---- .../windows/file_event/sysmon_tsclient_filewrite_startup.yml | 2 +- .../sysmon_wmi_persistence_script_event_consumer_write.yml | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/rules/windows/file_event/sysmon_hack_dumpert.yml b/rules/windows/file_event/sysmon_hack_dumpert.yml index f8bdb838..ac53c204 100755 --- a/rules/windows/file_event/sysmon_hack_dumpert.yml +++ b/rules/windows/file_event/sysmon_hack_dumpert.yml @@ -10,9 +10,6 @@ date: 2020/02/04 tags: - attack.credential_access - attack.t1003 -logsource: - category: file_event - product: windows falsepositives: - Very unlikely level: critical @@ -26,8 +23,8 @@ detection: condition: selection --- logsource: + category: file_event product: windows - service: sysmon detection: selection: TargetFilename: C:\Windows\Temp\dumpert.dmp diff --git a/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml index 65a61b0e..194b7558 100755 --- a/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml +++ b/rules/windows/file_event/sysmon_tsclient_filewrite_startup.yml @@ -10,7 +10,7 @@ logsource: detection: selection: Image: '*\mstsc.exe' - TargetFileName: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' + TargetFilename: '*\Microsoft\Windows\Start Menu\Programs\Startup\\*' condition: selection falsepositives: - unknown diff --git a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml index bc07ed69..e519443a 100755 --- a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml +++ b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml @@ -11,7 +11,7 @@ tags: - attack.persistence logsource: product: windows - category: file_created + category: file_event detection: selection: Image: 'C:\WINDOWS\system32\wbem\scrcons.exe' From 7031d9e2b86f6a67b0e5e198f1633f7ed8c87e93 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Fri, 3 Jul 2020 16:23:17 -0400 Subject: [PATCH 570/714] Fix typo for rule in image_load category image_load not image_loaded. --- .../sysmon_wmi_persistence_commandline_event_consumer.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml index 19b7d30b..6560df2e 100755 --- a/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml +++ b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -10,7 +10,7 @@ tags: - attack.t1084 - attack.persistence logsource: - cqtegory: image_loaded + category: image_load product: windows detection: selection: From 8b3b312c4e57087ec772a4196440b840c3490f78 Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Fri, 3 Jul 2020 16:28:19 -0400 Subject: [PATCH 571/714] Proposed fix for https://github.com/Neo23x0/sigma/issues/889 This change removes dns events from the network connection category. The one change is that sysmon_regsvr32_network_activity.yml needs to test the network connection category separately from the DNS event id. --- .../sysmon_regsvr32_network_activity.yml | 17 +++++++++++++---- tools/config/generic/sysmon.yml | 1 - 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml index 127a7172..7143f721 100644 --- a/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml +++ b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml @@ -1,3 +1,4 @@ +action: global title: Regsvr32 Network Activity id: c7e91a02-d771-4a6d-a700-42587e0b1095 description: Detects network connections and DNS queries initiated by Regsvr32.exe @@ -14,13 +15,10 @@ author: Dmitriy Lifanov, oscd.community status: experimental date: 2019/10/25 modified: 2020/07/01 -logsource: - category: network_connection - product: windows detection: selection: Image|endswith: '\regsvr32.exe' - condition: selection + condition: all of them fields: - ComputerName - User @@ -30,3 +28,14 @@ fields: falsepositives: - unknown level: high +--- +logsource: + category: network_connection + product: windows +--- +logsource: + product: windows + service: sysmon +detection: + selection1: + EventID: 22 diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index 963731c9..227406fd 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -15,7 +15,6 @@ logsources: conditions: EventID: - 3 - - 22 rewrite: product: windows service: sysmon From 8ef82e48eb360bfb6ddb9af82fbf6249da311524 Mon Sep 17 00:00:00 2001 From: Furkan CALISKAN Date: Sat, 4 Jul 2020 23:21:52 +0300 Subject: [PATCH 572/714] ditsnap --- .../process_creation/win_susp_ditsnap.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_ditsnap.yml diff --git a/rules/windows/process_creation/win_susp_ditsnap.yml b/rules/windows/process_creation/win_susp_ditsnap.yml new file mode 100644 index 00000000..b279a6ef --- /dev/null +++ b/rules/windows/process_creation/win_susp_ditsnap.yml @@ -0,0 +1,26 @@ +title: DIT Snapshot Viewer Use +id: d3b70aad-097e-409c-9df2-450f80dc476b +status: experimental +description: Detects the use of Ditsnap tool. Seems to be a tool for ransomware groups. +references: + - https://thedfirreport.com/2020/06/21/snatch-ransomware/ + - https://github.com/yosqueoy/ditsnap +author: 'Furkan Caliskan (@caliskanfurkan_)' +date: 2020/07/04 +tags: + - attack.credential_access + - attack.t1003 +logsource: + category: process_creation + product: windows +detection: + selection: + Image|endswith: + - '\ditsnap.exe' + selection2: + CommandLine|contains: + - 'ditsnap.exe' + condition: selection or selection2 +falsepositives: + - Legitimate admin usage +level: high From f079d0f915af501bfe888f01779edc621c04e9bb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sun, 5 Jul 2020 13:18:53 +0200 Subject: [PATCH 573/714] rule: CVE-2020-5902 F5 BIG-IP Exploitation Attempt https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/ --- rules/web/web_cve_2020_5902_f5_bigip.yml | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/web/web_cve_2020_5902_f5_bigip.yml diff --git a/rules/web/web_cve_2020_5902_f5_bigip.yml b/rules/web/web_cve_2020_5902_f5_bigip.yml new file mode 100644 index 00000000..b3a03c76 --- /dev/null +++ b/rules/web/web_cve_2020_5902_f5_bigip.yml @@ -0,0 +1,26 @@ +title: CVE-2020-5902 F5 BIG-IP Exploitation Attempt +id: 44b53b1c-e60f-4a7b-948e-3435a7918478 +status: experimental +description: Detects the exploitation attempt of the vulnerability found in F5 BIG-IP and described in CVE-2020-5902 +references: + - https://support.f5.com/csp/article/K52145254 + - https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/ + - https://twitter.com/yorickkoster/status/1279709009151434754 +author: Florian Roth +date: 2020/07/05 +logsource: + category: webserver +detection: + selection: + c-uri|contains: '/tmui/login.jsp/..;/tmui/' + condition: selection +fields: + - c-ip + - c-dns +falsepositives: + - Unknown +tags: + - attack.initial_access + - attack.t1190 +level: critical + From fbe6c0e7d946d4294544bb42bd84558136fb89d5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sun, 5 Jul 2020 13:29:30 +0200 Subject: [PATCH 574/714] improved F5 BIG-IP rule --- rules/web/web_cve_2020_5902_f5_bigip.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/rules/web/web_cve_2020_5902_f5_bigip.yml b/rules/web/web_cve_2020_5902_f5_bigip.yml index b3a03c76..bde7c800 100644 --- a/rules/web/web_cve_2020_5902_f5_bigip.yml +++ b/rules/web/web_cve_2020_5902_f5_bigip.yml @@ -12,7 +12,10 @@ logsource: category: webserver detection: selection: - c-uri|contains: '/tmui/login.jsp/..;/tmui/' + c-uri|contains|all: + - '/tmui/login.jsp/' + - '/..' + - ';/tmui/' condition: selection fields: - c-ip From 13ab00f74432b8f18f045e85b63242b00d23913f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Sun, 5 Jul 2020 16:21:48 +0200 Subject: [PATCH 575/714] improved F5 BIG-IP rule based on private feedback --- rules/web/web_cve_2020_5902_f5_bigip.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/rules/web/web_cve_2020_5902_f5_bigip.yml b/rules/web/web_cve_2020_5902_f5_bigip.yml index bde7c800..2162c9df 100644 --- a/rules/web/web_cve_2020_5902_f5_bigip.yml +++ b/rules/web/web_cve_2020_5902_f5_bigip.yml @@ -11,12 +11,13 @@ date: 2020/07/05 logsource: category: webserver detection: - selection: - c-uri|contains|all: - - '/tmui/login.jsp/' - - '/..' - - ';/tmui/' - condition: selection + selection_base: + c-uri|contains: '/tmui/login' + selection_traversal: + c-uri|contains: + - '..;/' + - '.jsp/..' + condition: selection_base and selection_traversal fields: - c-ip - c-dns From 939156fa6d28ac25b134c59d4cd13f663d7b708a Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Sun, 5 Jul 2020 23:29:51 +0200 Subject: [PATCH 576/714] Introduced dns_query log source category --- .../sysmon_regsvr32_network_activity.yml | 7 ++----- tools/config/generic/sysmon.yml | 11 +++++++++-- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml index 7143f721..98c32003 100644 --- a/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml +++ b/rules/windows/network_connection/sysmon_regsvr32_network_activity.yml @@ -18,7 +18,7 @@ modified: 2020/07/01 detection: selection: Image|endswith: '\regsvr32.exe' - condition: all of them + condition: selection fields: - ComputerName - User @@ -34,8 +34,5 @@ logsource: product: windows --- logsource: + category: dns_query product: windows - service: sysmon -detection: - selection1: - EventID: 22 diff --git a/tools/config/generic/sysmon.yml b/tools/config/generic/sysmon.yml index 227406fd..2d650f70 100644 --- a/tools/config/generic/sysmon.yml +++ b/tools/config/generic/sysmon.yml @@ -13,8 +13,15 @@ logsources: category: network_connection product: windows conditions: - EventID: - - 3 + EventID: 3 + rewrite: + product: windows + service: sysmon + dns_query: + category: dns_query + product: windows + conditions: + EventID: 22 rewrite: product: windows service: sysmon From 7e06fd80fd3db193d151f68215b3214e2ad2652d Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 6 Jul 2020 09:20:34 -0400 Subject: [PATCH 577/714] Proposed fix for sysmon_uac_bypass_eventvwr Issue: https://github.com/Neo23x0/sigma/issues/888 The rules were not merged correctly with the transition to sysmon categories. Split the rule into separate documents: one for the registry_event and one for the process_creation --- .../sysmon_uac_bypass_eventvwr.yml | 37 +++++++++++-------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml index 9821f0f6..6eef0088 100755 --- a/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml +++ b/rules/windows/registry_event/sysmon_uac_bypass_eventvwr.yml @@ -1,3 +1,4 @@ +action: global title: UAC Bypass via Event Viewer id: 7c81fec3-1c1d-43b0-996a-46753041b1b6 status: experimental @@ -7,21 +8,6 @@ references: - https://www.hybrid-analysis.com/sample/e122bc8bf291f15cab182a5d2d27b8db1e7019e4e96bb5cdbd1dfe7446f3f51f?environmentId=100 author: Florian Roth date: 2017/03/19 -logsource: - product: windows - category: registry_event -detection: - methregistry: - TargetObject: 'HKU\\*\mscfile\shell\open\command' - methprocess: - EventID: 1 # Migration to process_creation requires multipart YAML - ParentImage: '*\eventvwr.exe' - filterprocess: - Image: '*\mmc.exe' - condition: methregistry or ( methprocess and not filterprocess ) -fields: - - CommandLine - - ParentCommandLine tags: - attack.defense_evasion - attack.privilege_escalation @@ -30,3 +16,24 @@ tags: falsepositives: - unknown level: critical +--- +logsource: + product: windows + category: registry_event +detection: + methregistry: + TargetObject: 'HKU\\*\mscfile\shell\open\command' + condition: methregistry +--- +logsource: + category: process_creation + product: windows +detection: + methprocess: + ParentImage: '*\eventvwr.exe' + filterprocess: + Image: '*\mmc.exe' + condition: methprocess and not filterprocess +fields: + - CommandLine + - ParentCommandLine From c758ca0eb97f7dd5f87240f4ba6d8bc0db4eba5e Mon Sep 17 00:00:00 2001 From: Brad Kish Date: Mon, 6 Jul 2020 10:55:42 -0400 Subject: [PATCH 578/714] Re-fix sysmon rules that are lost changes with category refactoring. Several fixes for sysmon rules got lost when the rules were refactored to use categories. Re-add the fixes. https://github.com/Neo23x0/sigma/commit/38afd8b5def24191616ff0f0c0324cfbb7f0d6d0 https://github.com/Neo23x0/sigma/commit/422b2bffd77b217e6cec9a67c496b0aa44711ece https://github.com/Neo23x0/sigma/commit/dfae2a6df6f5bbc90a7b476c22fc9c8fedab47e9 --- rules/windows/file_event/sysmon_creation_system_file.yml | 4 ++-- rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml | 2 +- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 2 +- .../sysmon_susp_office_dotnet_assembly_dll_load.yml | 2 +- .../image_load/sysmon_svchost_dll_search_order_hijack.yml | 2 +- .../sysmon_wmi_persistence_commandline_event_consumer.yml | 2 +- .../registry_event/sysmon_suspicious_keyboard_layout_load.yml | 4 ++-- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rules/windows/file_event/sysmon_creation_system_file.yml b/rules/windows/file_event/sysmon_creation_system_file.yml index 7ce7adf4..1bef84c6 100755 --- a/rules/windows/file_event/sysmon_creation_system_file.yml +++ b/rules/windows/file_event/sysmon_creation_system_file.yml @@ -14,7 +14,7 @@ logsource: product: windows detection: selection: - Image: + TargetFilename: - '*\svchost.exe' - '*\rundll32.exe' - '*\services.exe' @@ -40,7 +40,7 @@ detection: - '*\audiodg.exe' - '*\wlanext.exe' filter: - Image: + TargetFilename: - 'C:\Windows\System32\\*' - 'C:\Windows\system32\\*' - 'C:\Windows\SysWow64\\*' diff --git a/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml index f1969714..5a892af9 100755 --- a/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml +++ b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml @@ -16,7 +16,7 @@ logsource: category: file_event detection: selection_1: - TargetFilename: '*\Local\Microsoft\Windows\SchCache\*.sch' + TargetFilename: '*\Local\Microsoft\Windows\SchCache\\*.sch' selection_2: Image|contains: - 'C:\windows\system32\svchost.exe' diff --git a/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index 5d2b079c..e4ffdd61 100755 --- a/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -14,7 +14,7 @@ logsource: category: file_event detection: selection_1: - TargetFilename: '*\AppData\Local\Temp\*\PROCEXP152.sys' + TargetFilename: '*\AppData\Local\Temp\\*\PROCEXP152.sys' selection_2: Image|contains: - '*\procexp64.exe' diff --git a/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml b/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml index 5fb8bc69..ca5714da 100755 --- a/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml +++ b/rules/windows/image_load/sysmon_susp_office_dotnet_assembly_dll_load.yml @@ -20,7 +20,7 @@ detection: - '*\excel.exe' - '*\outlook.exe' ImageLoaded: - - 'C:\Windows\assembly\*' + - 'C:\Windows\assembly\\*' condition: selection falsepositives: - Alerts on legitimate macro usage as well, will need to filter as appropriate diff --git a/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml b/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml index f2098fae..e8176c24 100755 --- a/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml +++ b/rules/windows/image_load/sysmon_svchost_dll_search_order_hijack.yml @@ -27,7 +27,7 @@ detection: - '*\wlbsctrl.dll' filter: ImageLoaded: - - 'C:\Windows\WinSxS\*' + - 'C:\Windows\WinSxS\\*' condition: selection and not filter falsepositives: - Pentest diff --git a/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml index 19b7d30b..b5d3fc99 100755 --- a/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml +++ b/rules/windows/image_load/sysmon_wmi_persistence_commandline_event_consumer.yml @@ -15,7 +15,7 @@ logsource: detection: selection: Image: 'C:\Windows\System32\wbem\WmiPrvSE.exe' - ImageLoaded: 'wbemcons.dll' + ImageLoaded|endswith: '\wbemcons.dll' condition: selection falsepositives: - Unknown (data set is too small; further testing needed) diff --git a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml index aa2a1b1d..125d927d 100755 --- a/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml +++ b/rules/windows/registry_event/sysmon_suspicious_keyboard_layout_load.yml @@ -15,8 +15,8 @@ logsource: detection: selection_registry: TargetObject: - - '*\Keyboard Layout\Preload\*' - - '*\Keyboard Layout\Substitutes\*' + - '*\Keyboard Layout\Preload\\*' + - '*\Keyboard Layout\Substitutes\\*' Details|contains: - 00000429 # Persian (Iran) - 00050429 # Persian (Iran) From cc31ed8b842e946eee9ba605fbd5ae42ac5c0322 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 6 Jul 2020 17:07:06 +0200 Subject: [PATCH 579/714] fix: missing NTLM log source in THOR --- tools/config/thor.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/config/thor.yml b/tools/config/thor.yml index 9e6c8658..a372217f 100644 --- a/tools/config/thor.yml +++ b/tools/config/thor.yml @@ -41,6 +41,11 @@ logsources: service: system sources: - 'WinEventLog:System' + windows-ntlm: + product: windows + service: ntlm + sources: + - 'WinEventLog:Microsoft-Windows-NTLM/Operational' windows-sysmon: product: windows service: sysmon @@ -92,4 +97,4 @@ logsources: logfiles: category: logfile sources: - - 'File:*.log' + - 'File:*.log' \ No newline at end of file From c8ca55b3e4f14c5b02a8294257897b0525ffc39f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 6 Jul 2020 17:14:59 +0200 Subject: [PATCH 580/714] fix: duplicate wrong old key --- tools/config/thor.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tools/config/thor.yml b/tools/config/thor.yml index a372217f..9c8a4404 100644 --- a/tools/config/thor.yml +++ b/tools/config/thor.yml @@ -71,11 +71,6 @@ logsources: service: dhcp sources: - 'WinEventLog:Microsoft-Windows-DHCP-Server/Operational' - windows-ntlm: - product: windows - service: ntlm - sources: - - 'Microsoft-Windows-NTLM/Operational' apache: category: webserver sources: From 99ac4f1f3db945a04ac915b518101792bae7c45a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 7 Jul 2020 10:11:58 +0200 Subject: [PATCH 581/714] fix: FPs with RedMimicry rule --- .../sysmon_redmimicry_winnti_inject.yml | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml diff --git a/rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml b/rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml deleted file mode 100644 index 2e8b2411..00000000 --- a/rules/windows/sysmon/sysmon_redmimicry_winnti_inject.yml +++ /dev/null @@ -1,22 +0,0 @@ -title: RedMimicry Winnti Playbook Inject -id: 51c1c141-efef-4686-88d6-50b8da6d5562 -description: Detects actions caused by the RedMimicry Winnti playbook -references: - - https://redmimicry.com -author: Alexander Rausch -date: 2020/06/24 -tags: - - attack.defense_evasion - - attack.t1055 -logsource: - product: windows - service: sysmon -detection: - selection: - EventID: 8 - SourceImage|contains: rundll32.exe - TargetImage|contains: svchost.exe - condition: selection -falsepositives: - - Unknown -level: high From acbab2db4b0500cde0b582a6fe5df86fe2437b6e Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 7 Jul 2020 15:04:16 +0300 Subject: [PATCH 582/714] stix backend + mapping configurations for windows logs and qradar --- tools/config/stix-qradar.yml | 51 ++++++ tools/config/stix-windows.yml | 286 ++++++++++++++++++++++++++++++++++ tools/config/stix.yml | 98 ++++++++++++ tools/sigma/backends/stix.py | 91 +++++++++++ 4 files changed, 526 insertions(+) create mode 100644 tools/config/stix-qradar.yml create mode 100644 tools/config/stix-windows.yml create mode 100644 tools/config/stix.yml create mode 100644 tools/sigma/backends/stix.py diff --git a/tools/config/stix-qradar.yml b/tools/config/stix-qradar.yml new file mode 100644 index 00000000..cd78c190 --- /dev/null +++ b/tools/config/stix-qradar.yml @@ -0,0 +1,51 @@ +title: STIX for QRadar +backends: + - stix +order: 30 +fieldmappings: + categoryid: + - x-ibm-ariel:category_id + categoryname: + - x-ibm-ariel:category_name + credescription: + - x-ibm-finding:description + Description: + - x-ibm-finding:description + credibility: + - x-ibm-ariel:credibility + crename: + - x-ibm-finding:name + devicetype: + - x-ibm-ariel:device_type + Device: + - x-ibm-ariel:device_type + direction: + - x-ibm-ariel:direction + domainid: + - x-ibm-ariel:domain_id + geographic: + - x-ibm-ariel:geographic + high_level_category_id: + - x-ibm-ariel:high_level_category_id + high_level_category_name: + - x-ibm-ariel:high_level_category_name + identityhostname: + - x-ibm-ariel:identity_host_name + logsourceid: + - x-ibm-ariel:log_source_id + logsourcename: + - x-ibm-ariel:log_source_name + logsourcetypename: + - x-ibm-ariel:log_source_type_name + magnitude: + - x-ibm-ariel:magnitude + qid: + - x-ibm-ariel:qid + qidname: + - x-ibm-ariel:event_name + relevance: + - x-ibm-ariel:relevance + rulenames: + - x-ibm-ariel:rule_names[*] + severity: + - x-ibm-ariel:severity diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml new file mode 100644 index 00000000..7d8af4a6 --- /dev/null +++ b/tools/config/stix-windows.yml @@ -0,0 +1,286 @@ +title: STIX for Windows Logs +backends: + - stix +order: 40 +logsources: + windows: + product: windows +fieldmappings: + AccessMask: + - x-windows:accessmask + Accesses: + - x-windows:accesses + AccountDomain: + - user-account:x_domain + AccountID: + - user-account:user_id + AccountName: + - user-account:account_login + - user-account:display_name + AccountSecurityID: + - user-account:x_security_id + CallTrace: + - x-windows:calltrace + ChangedAttributes: + - x-windows:changedattributes + ClientIP: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + ComputerName: + - x-host:name + Description: + - x-event:action + DestinationIsIpv6: + - x-windows:destisipv6 + DestinationHostname: + - network-traffic:dst_ref.value + Device: + - file:name + ErrorCode: + - x-error:code + Event-ID: + - x-event:id + - x-event:code + EventID: + - x-event:id + - x-event:code + Event_ID: + - x-event:id + - x-event:code + EventType: + - x-event:action + ExtendedErrorCode: + - x-error:code + - x-error:id + FileDirectory: + - directory:path + FileExtension: + - file:x_extension + FileHash: + - file:hashes.SHA-256 + - file:hashes.MD5 + - file:hashes.SHA-1 + FilePath: + - file:name + Filename: + - file:name + GrantedAccess: + - x-windows:grantedaccess + GroupDomain: + - x-group:domain + GroupID: + - x-group:id + GroupName: + - x-group:name + GroupSecurityID: + - x-group:security_id + HomeDirectory: + - directory:path + IMPHash: + - x-windows:imphash + Imphash: + - x-windows:imphash + Image: + - process:image_ref.name + ImageLoadedTempPath: + - process:image_ref.x_temp_path + ImageName: + - process:image_ref.name + ImagePath: + - process:image_ref.name + ImageTempPath: + - process:image_ref.x_temp_path + InitiatedConnection: + - x-windows:initiatedconnection + Initiated: + - x-windows:initiatedconnection + InitiatorUserName: + - user-account:user_id + - user-account:account_login + IntegrityLevel: + - x-windows:integrityname + LoadedImage: + - process:image_ref.name + LoadedImageName: + - process:image_ref.name + LogonType: + - x-windows:logontype + MD5Hash: + - file:hashes.MD5 + Message: + - x-event:original + NewName: + - windows-registry-key:key + ObjectName: + - x-windows:objectname + ObjectType: + - x-windows:objecttype + PSEncodedCommand: + - x-windows:psencodedcommand + ParentCommandLine: + - process:parent_ref.command_line + ParentImage: + - process:parent_ref.image_ref.name + ParentImageName: + - process:parent_ref.image_ref.name + ParentProcessGuid: + - process:parent_ref.x_guid + ParentProcessName: + - process:parent_ref.image_ref.name + ParentProcessPath: + - process:parent_ref.image_ref.name + PipeName: + - x-windows:pipename + ProcessCommandLine: + - process:command_line + Command: + - process:command_line + CommandLine: + - process:command_line + ProcessGuid: + - process:x_guid + ProcessId: + - process:pid + ProcessName: + - process:image_ref.name + ProcessPath: + - process:image_ref.name + QueryName: + - x-windows:queryname + QueryResults: + - x-windows:queryresults + QueryStatus: + - - x-windows:querystatus + Realm: + - x-windows:realm + RecordNumber: + - x-windows:recordnumber + RegistryKey: + - windows-registry-key:key + RegistryValueData: + - windows-registry-key:values[*].data + RegistryValueName: + - windows-registry-key:values[*].name + RunLevel: + - x-windows:runlevel + SAMAccountName: + - x-windows:samaccountname + SHA1Hash: + - file:hashes.SHA-1 + SHA256Hash: + - file:hashes.SHA-256 + Scope: + - x-windows:scope + ServiceFileName: + - process:extensions.windows-service-ext.service_dll_refs[*].name + ServiceName: + - process:extensions.windows-service-ext.service_name + ShareName: + - x-windows:sharename + SharePath: + - x-windows:sharepath + Signature: + - x-windows:signature + SignatureStatus: + - x-windows:signaturestatus + Signed: + - x-windows:signed + SourceImage: + - x-windows:sourceimage + SourceImageTempPath: + - x-windows:sourceimagetemppath + SourceWorkstation: + - x-windows:sourceworkstation + StartAddress: + - x-windows:startaddress + StartFunction: + - x-windows:startfunction + StartModule: + - x-windows:startmodule + TargetAccountSecurityID: + - x-windows:targetaccountsecurityid + TargetComputerDomain: + - x-windows:targetcomputerdomain + TargetComputerName: + - x-windows:targetcomputername + TargetDetails: + - x-windows:targetdetails + Details: + - windows-registry-key:values[*].data + - x-event:original + TargetFilename: + - file:name + TargetImage: + - x-windows:targetimage + TargetImageName: + - x-windows:targetimagename + TargetObject: + - windows-registry-key:key + TargetProcessGuid: + - x-windows:targetprocessguid + TargetProcessAddress: + - x-windows:targetprocessaddress + TargetUserDomain: + - x-windows:targetuserdomain + TargetUserName: + - x-windows:targetusername + TaskName: + - x-windows:taskname + TicketEncryptionType: + - x-windows:ticketencryptiontype + User: + - user-account:user_id + UserDomain: + - user-account:x_domain + UserPrincipalName: + - x-windows:userprincipalname + UserRight: + - x-windows:userright + UserWorkstations: + - x-windows:userworkstations + event-id: + - x-event:id + eventId: + - x-event:id + event_data.FileName: + - file:name + event_data.Image: + - process:image_ref.name + event_data.ImageLoaded: + - process:image_ref.name + ImageLoaded: + - process:image_ref.name + event_data.ImagePath: + - process:image_ref.name + event_data.ParentCommandLine: + - process:parent_ref.command_line + event_data.ParentImage: + - process:parent_ref.image_ref.name + event_data.ParentProcessName: + - process:parent_ref.image_ref.name + event_data.PipeName: + - x-windows:pipename + event_data.ServiceFileName: + - process:extensions.windows-service-ext.service_dll_refs[*].name + event_data.ShareName: + - x-windows:sharename + event_data.Signature: + - x-windows:signature + event_data.SourceImage: + - x-windows:sourceimage + event_data.StartModule: + - x-windows:startmodule + event_data.SubjectUserName: + - user-account:user_id + - user-account:account_login + event_data.TargetFilename: + - file:name + event_data.TargetImage: + - x-windows:targetimage + event_data.User: + - user-account:user_id + event_id: + - x-event:id + eventid: + - x-event:id \ No newline at end of file diff --git a/tools/config/stix.yml b/tools/config/stix.yml new file mode 100644 index 00000000..fff7f768 --- /dev/null +++ b/tools/config/stix.yml @@ -0,0 +1,98 @@ +title: Basic STIX +backends: + - stix +order: 20 +fieldmappings: + User: + - user-account:user_id + c-ip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + cs-ip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + destinationip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + destinationmac: + - mac-addr:value + - network-traffic:dst_ref.value + destinationport: + - network-traffic:dst_port + domainname: + - domain-name:value + dst: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + dst_ip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + endtime: + - network-traffic:end + event_data.DestinationIp: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + DestinationIp: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + event_data.DestinationPort: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + DestinationPort: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:dst_ref.value + event_data.SubjectUserName: + - user-account:user_id + event_data.User: + - user-account:user_id + filehash: + - file:hashes.SHA-256 + - file:hashes.MD5 + - file:hashes.SHA-1 + filename: + - file:name + filepath: + - file:parent_directory_ref + - directory:path + identityip: + - ipv4-addr:value + protocolid: + - network-traffic:protocols[*] + sourceip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + sourcemac: + - mac-addr:value + - network-traffic:src_ref.value + sourceport: + - network-traffic:src_port + SourcePort: + - network-traffic:src_port + src: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + src_ip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + starttime: + - network-traffic:start + url: + - url:value + user: + - user-account:user_id + username: + - user-account:user_id + utf8_payload: + - artifact:payload_bin \ No newline at end of file diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py new file mode 100644 index 00000000..9f1cfb48 --- /dev/null +++ b/tools/sigma/backends/stix.py @@ -0,0 +1,91 @@ +import sigma +from sigma.parser.modifiers.base import SigmaTypeModifier +from sigma.parser.modifiers.type import SigmaRegularExpressionModifier +from .base import SingleTextQueryBackend + + +class STIXBackend(SingleTextQueryBackend): + """Converts Sigma rule into STIX pattern.""" + identifier = "stix" + active = True + andToken = " AND " + orToken = " OR " + notToken = "NOT " + subExpression = "(%s)" + valueExpression = "\'%s\'" + mapExpression = "%s = %s" + mapListsSpecialHandling = True + + def cleanKey(self, key): + if key is None: + raise TypeError("Backend does not support empty key " + str(key)) + else: + return key + + def cleanValue(self, value): + return value + + def generateMapItemListNode(self, key, value): + items_list = list() + for item in value: + if type(item) == str and "*" in item: + item = item.replace("*", "%") + items_list.append('%s LIKE %s' % (self.cleanKey(key), self.generateValueNode(item))) + else: + items_list.append('%s = %s' % (self.cleanKey(key), self.generateValueNode(item))) + return '('+" OR ".join(items_list)+')' + + def generateMapItemTypedNode(self, key, value): + if type(value) == SigmaRegularExpressionModifier: + regex = str(value) + # Regular Expressions have to match the full value in QRadar + if not (regex.startswith('^') or regex.startswith('.*')): + regex = '.*' + regex + if not (regex.endswith('$') or regex.endswith('.*')): + regex = regex + '.*' + return "%s MATCHES %s" % (self.cleanKey(key), self.generateValueNode(regex)) + else: + raise NotImplementedError("Type modifier '{}' is not supported by backend".format(value.identifier)) + + def generateMapItemNode(self, node): + key, value = node + if ":" not in key: + raise TypeError("Backend does not support mapping for key " + str(key)) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + if type(value) == str and "*" in value: + value = value.replace("*", "%") + return "%s LIKE %s" % (self.cleanKey(key), self.generateValueNode(value)) + elif type(value) in (str, int): + return self.mapExpression % (self.cleanKey(key), self.generateValueNode(value)) + elif type(value) == list: + return self.generateMapItemListNode(key, value) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(key, value) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + + def generateValueNode(self, node): + return self.valueExpression % (self.cleanValue(str(node))) + + def generateNode(self, node): + if type(node) == sigma.parser.condition.ConditionAND: + return self.generateANDNode(node) + elif type(node) == sigma.parser.condition.ConditionOR: + return self.generateORNode(node) + elif type(node) == sigma.parser.condition.ConditionNOT: + return self.generateNOTNode(node) + elif type(node) == sigma.parser.condition.NodeSubexpression: + return self.generateSubexpressionNode(node) + elif type(node) == tuple: + return self.generateMapItemNode(node) + else: + raise TypeError("Node type %s was not expected in Sigma parse tree" % (str(type(node)))) + + def generate(self, sigmaparser): + for parsed in sigmaparser.condparsed: + query = self.generateQuery(parsed, sigmaparser) + return "[" + query + "]" + + def generateQuery(self, parsed, sigmaparser): + result = self.generateNode(parsed.parsedSearch) + return result From f549a14d9a077cbd084eb2d8e8459af22109bf3b Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Tue, 7 Jul 2020 13:27:57 +0100 Subject: [PATCH 583/714] rule: Leviathan registry key --- .../registry_event/sysmon_apt_leviathan.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 rules/windows/registry_event/sysmon_apt_leviathan.yml diff --git a/rules/windows/registry_event/sysmon_apt_leviathan.yml b/rules/windows/registry_event/sysmon_apt_leviathan.yml new file mode 100644 index 00000000..8233aeec --- /dev/null +++ b/rules/windows/registry_event/sysmon_apt_leviathan.yml @@ -0,0 +1,18 @@ +title: Leviathan Registry Key +id: 70d43542-cd2d-483c-8f30-f16b436fd7db +status: experimental +description: Detects registry key used by Leviathan APT in Malaysian focused campaign +references: + - https://www.elastic.co/blog/advanced-techniques-used-in-malaysian-focused-apt-campaign +tags: + - attack.persistence + - attack.t1060 +author: Aidan Bracher +date: 2020/07/07 +logsource: + category: registry_event + product: windows +detection: + selection: + TargetObject: 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ntkd' + condition: selection From 90983dcc4bf5875ac3eacb3d93ec0af212fd9e33 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Tue, 7 Jul 2020 14:28:18 +0100 Subject: [PATCH 584/714] add level field to rule --- rules/windows/registry_event/sysmon_apt_leviathan.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/registry_event/sysmon_apt_leviathan.yml b/rules/windows/registry_event/sysmon_apt_leviathan.yml index 8233aeec..91d5d0c5 100644 --- a/rules/windows/registry_event/sysmon_apt_leviathan.yml +++ b/rules/windows/registry_event/sysmon_apt_leviathan.yml @@ -1,4 +1,4 @@ -title: Leviathan Registry Key +title: Leviathan Registry Key Activity id: 70d43542-cd2d-483c-8f30-f16b436fd7db status: experimental description: Detects registry key used by Leviathan APT in Malaysian focused campaign @@ -16,3 +16,4 @@ detection: selection: TargetObject: 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ntkd' condition: selection +level: medium \ No newline at end of file From 35bb8df0b5ac5d2b4bcd5488a9dec574d324982a Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 7 Jul 2020 16:39:59 +0300 Subject: [PATCH 585/714] updated makefile with stix coverage cmd --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index f981a239..66c88fa7 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight -c tools/config/arcsight.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t arcsight-esm -c tools/config/arcsight.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qradar -c tools/config/qradar.yml rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t stix -c tools/config/stix.yml -c tools/config/stix-qradar.yml -c tools/config/stix-windows.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t limacharlie -c tools/config/limacharlie.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t carbonblack -c tools/config/carbon-black.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t qualys -c tools/config/qualys.yml rules/ > /dev/null From acfe20aa34809ed07df567c891c178796f870736 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 7 Jul 2020 21:45:08 +0200 Subject: [PATCH 586/714] rule: extended F5 BIG-IP exploitation detection rule --- rules/web/web_cve_2020_5902_f5_bigip.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rules/web/web_cve_2020_5902_f5_bigip.yml b/rules/web/web_cve_2020_5902_f5_bigip.yml index 2162c9df..c8ab6a36 100644 --- a/rules/web/web_cve_2020_5902_f5_bigip.yml +++ b/rules/web/web_cve_2020_5902_f5_bigip.yml @@ -6,13 +6,17 @@ references: - https://support.f5.com/csp/article/K52145254 - https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/ - https://twitter.com/yorickkoster/status/1279709009151434754 + - https://www.criticalstart.com/f5-big-ip-remote-code-execution-exploit/ author: Florian Roth date: 2020/07/05 +modified: 2020/07/07 logsource: category: webserver detection: selection_base: - c-uri|contains: '/tmui/login' + c-uri|contains: + - '/tmui/' + - '/hsqldb' selection_traversal: c-uri|contains: - '..;/' From 360b5714a88308187a3d66ea0fc105e03fe8bb1d Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 7 Jul 2020 22:47:14 +0200 Subject: [PATCH 587/714] Splitted and improved new rule --- .../powershell/win_powershell_web_request.yml | 55 ++++++++++--------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/rules/windows/powershell/win_powershell_web_request.yml b/rules/windows/powershell/win_powershell_web_request.yml index 949fde62..2b6d5e7a 100644 --- a/rules/windows/powershell/win_powershell_web_request.yml +++ b/rules/windows/powershell/win_powershell_web_request.yml @@ -1,3 +1,4 @@ +action: global title: Windows PowerShell Web Request status: experimental description: Detects the use of various web request methods (including aliases) via Windows PowerShell @@ -10,33 +11,35 @@ tags: - attack.execution - attack.t1059 - attack.t1086 -logsource: - category: powershell/sysmon - product: windows - definition: 'Recommended: Turn on PowerShell Script Block Logging = Enabled - see https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-6#enabling-script-block-logging' detection: - eventcode: - EventCode: - - '1' - - '4688' - - '4104' - powershell: - ScriptBlockText: - - '*Invoke-WebRequest*' - - '*iwr *' - - '*wget *' - - '*curl *' - - '*Net.WebClient*' - - '*Start-BitsTransfer*' - cmdsysmon: - CommandLine: - - '*Invoke-WebRequest*' - - '*iwr *' - - '*wget *' - - '*curl *' - - '*Net.WebClient*' - - '*Start-BitsTransfer*' - condition: eventcode and (powershell or cmdsysmon) + condition: selection falsepositives: - Use of Get-Command and Get-Help modules to reference Invoke-WebRequest and Start-BitsTransfer. level: medium +--- +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains: + - 'Invoke-WebRequest' + - 'iwr ' + - 'wget ' + - 'curl ' + - 'Net.WebClient' + - 'Start-BitsTransfer' +--- +logsource: + product: windows + service: powershell +detection: + selection: + EventID: 4104 + ScriptBlockText|contains: + - 'Invoke-WebRequest' + - 'iwr ' + - 'wget ' + - 'curl ' + - 'Net.WebClient' + - 'Start-BitsTransfer' From 7eb499ad8558a7c78eff0fa24a0acf0f37a0be1d Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 7 Jul 2020 22:54:55 +0200 Subject: [PATCH 588/714] Added rule id --- rules/windows/powershell/win_powershell_web_request.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/powershell/win_powershell_web_request.yml b/rules/windows/powershell/win_powershell_web_request.yml index 2b6d5e7a..6ab26850 100644 --- a/rules/windows/powershell/win_powershell_web_request.yml +++ b/rules/windows/powershell/win_powershell_web_request.yml @@ -1,5 +1,6 @@ action: global title: Windows PowerShell Web Request +id: 9fc51a3c-81b3-4fa7-b35f-7c02cf10fd2d status: experimental description: Detects the use of various web request methods (including aliases) via Windows PowerShell references: From 28013a15e1a1b87df58e082a4a68af3fba890758 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 7 Jul 2020 23:18:07 +0200 Subject: [PATCH 589/714] Improved rule --- rules/windows/other/win_pcap_drivers.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/other/win_pcap_drivers.yml b/rules/windows/other/win_pcap_drivers.yml index f21ed6c9..c24d0410 100644 --- a/rules/windows/other/win_pcap_drivers.yml +++ b/rules/windows/other/win_pcap_drivers.yml @@ -14,19 +14,19 @@ logsource: product: windows service: system detection: - service_installation: + selection: EventID: 4697 ServiceFileName: - '*pcap*' - '*npcap*' - '*npf*' - '*nm3*' - - '*ndiscap*'' + - '*ndiscap*' - '*nmnt*' - '*windivert*' - '*USBPcap*' - '*pktmon*' - condition: 1 of them + condition: selection fields: - EventID - ServiceFileName From bd9410fe069b2e69257b0ca0cb774b4bdc983b90 Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 7 Jul 2020 23:46:49 +0200 Subject: [PATCH 590/714] Added CI test --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 66c88fa7..a9a5a0f6 100644 --- a/Makefile +++ b/Makefile @@ -62,6 +62,7 @@ test-sigmac: $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t crowdstrike -O rulecomment -c tools/config/crowdstrike.yml rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sql -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t sqlite -c sysmon rules/ > /dev/null + $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t csharp -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t logiq -c sysmon rules/ > /dev/null $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=stable,logsource=windows,tag=attack.execution' rules/ > /dev/null ! $(COVERAGE) run -a --include=$(COVSCOPE) tools/sigmac -rvdI -t splunk -c tools/config/splunk-windows-index.yml -f 'level>=high,level<=critical,status=xstable,logsource=windows' rules/ > /dev/null From 50ef79b3989ae9a57b0dc897b37a12b13a921aa1 Mon Sep 17 00:00:00 2001 From: bar Date: Wed, 8 Jul 2020 14:09:26 +0300 Subject: [PATCH 591/714] Custom STIX object "x-sigma" for fields that missing mapping, so the pattern is STIX valid --- tools/sigma/backends/stix.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index 9f1cfb48..82e7b3fd 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -15,6 +15,7 @@ class STIXBackend(SingleTextQueryBackend): valueExpression = "\'%s\'" mapExpression = "%s = %s" mapListsSpecialHandling = True + sigmaSTIXObjectName = "x-sigma" def cleanKey(self, key): if key is None: @@ -50,7 +51,7 @@ class STIXBackend(SingleTextQueryBackend): def generateMapItemNode(self, node): key, value = node if ":" not in key: - raise TypeError("Backend does not support mapping for key " + str(key)) + key = "%s:%s" % (self.sigmaSTIXObjectName, str(key).lower()) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): if type(value) == str and "*" in value: value = value.replace("*", "%") From 8889ae21cace2f8279aea94a613c9d2ce3338b98 Mon Sep 17 00:00:00 2001 From: bar Date: Wed, 8 Jul 2020 14:31:04 +0300 Subject: [PATCH 592/714] DestinationPort to network-traffic:dst_port mapping fix --- tools/config/stix.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tools/config/stix.yml b/tools/config/stix.yml index fff7f768..c6d13293 100644 --- a/tools/config/stix.yml +++ b/tools/config/stix.yml @@ -43,13 +43,9 @@ fieldmappings: - ipv6-addr:value - network-traffic:dst_ref.value event_data.DestinationPort: - - ipv4-addr:value - - ipv6-addr:value - - network-traffic:dst_ref.value + - network-traffic:dst_port DestinationPort: - - ipv4-addr:value - - ipv6-addr:value - - network-traffic:dst_ref.value + - network-traffic:dst_port event_data.SubjectUserName: - user-account:user_id event_data.User: From efae210556d1ed6f9b2efa5390c26f8550730e60 Mon Sep 17 00:00:00 2001 From: GelosSnake Date: Wed, 8 Jul 2020 16:44:41 +0300 Subject: [PATCH 593/714] adding google chrome to FP list legitimate errors generated by Google Chrome are reported often. Official google standpoint on this: https://support.google.com/chrome/a/thread/15440066?hl=en --- rules/windows/builtin/win_user_driver_loaded.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index 9d3ae187..804564c7 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -32,6 +32,7 @@ detection: - '*\procexp.exe' - '*\procmon64.exe' - '*\procmon.exe' + - '*\Google\Chrome\Application\chrome.exe condition: selection_1 and not selection_2 falsepositives: - Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers. From e3734aaa275d25b254bd1a45361c43dde36a9344 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 8 Jul 2020 15:53:04 +0200 Subject: [PATCH 594/714] fix: missing upper tick --- rules/windows/builtin/win_user_driver_loaded.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index 804564c7..c64a039a 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -32,7 +32,7 @@ detection: - '*\procexp.exe' - '*\procmon64.exe' - '*\procmon.exe' - - '*\Google\Chrome\Application\chrome.exe + - '*\Google\Chrome\Application\chrome.exe' condition: selection_1 and not selection_2 falsepositives: - Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers. From 8855a87dbffc3f0956cab66898bb1656f2db1336 Mon Sep 17 00:00:00 2001 From: bar Date: Wed, 8 Jul 2020 17:35:57 +0300 Subject: [PATCH 595/714] - TargetProcessAddress mapping should be as startaddress mapping - remove extra '-' --- tools/config/stix-windows.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index 7d8af4a6..99d30213 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -151,7 +151,7 @@ fieldmappings: QueryResults: - x-windows:queryresults QueryStatus: - - - x-windows:querystatus + - x-windows:querystatus Realm: - x-windows:realm RecordNumber: @@ -220,7 +220,7 @@ fieldmappings: TargetProcessGuid: - x-windows:targetprocessguid TargetProcessAddress: - - x-windows:targetprocessaddress + - x-windows:startaddress TargetUserDomain: - x-windows:targetuserdomain TargetUserName: From ca7cf8478d843d6c7aacdd5daf1fb67f80f575f1 Mon Sep 17 00:00:00 2001 From: bar Date: Wed, 8 Jul 2020 19:37:24 +0300 Subject: [PATCH 596/714] - IntegrityLevel mapping to integritylevel --- tools/config/stix-windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index 99d30213..b3026bad 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -99,7 +99,7 @@ fieldmappings: - user-account:user_id - user-account:account_login IntegrityLevel: - - x-windows:integrityname + - x-windows:integritylevel LoadedImage: - process:image_ref.name LoadedImageName: From 7949729fa44b1c11f1c5fb3b079fba474147f862 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 9 Jul 2020 08:52:32 +0200 Subject: [PATCH 597/714] rule: PowerShell encoded character syntax --- .../win_susp_powershell_encoded_param.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_powershell_encoded_param.yml diff --git a/rules/windows/process_creation/win_susp_powershell_encoded_param.yml b/rules/windows/process_creation/win_susp_powershell_encoded_param.yml new file mode 100644 index 00000000..04c975d1 --- /dev/null +++ b/rules/windows/process_creation/win_susp_powershell_encoded_param.yml @@ -0,0 +1,24 @@ +title: PowerShell Encoded Character Syntax +id: e312efd0-35a1-407f-8439-b8d434b438a6 +status: experimental +description: Detects suspicious encoded character syntax often used for defense evasion +references: + - https://twitter.com/0gtweet/status/1281103918693482496 +tags: + - attack.execution + - attack.defense_evasion + - attack.t1027 + - attack.t1086 + - attack.t1059.001 +author: Florian Roth +date: 2020/07/09 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine: '(WCHAR)0x' + condition: selection +falsepositives: + - Unknown +level: high From 905f1b38234c765ce6acf76dfa1de04f012e9e36 Mon Sep 17 00:00:00 2001 From: ecco Date: Thu, 9 Jul 2020 10:26:54 -0400 Subject: [PATCH 598/714] add WMI and powershell false positives --- rules/windows/image_load/sysmon_in_memory_powershell.yml | 1 + rules/windows/image_load/sysmon_wmi_module_load.yml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/rules/windows/image_load/sysmon_in_memory_powershell.yml b/rules/windows/image_load/sysmon_in_memory_powershell.yml index aeb46d86..b1bbc3de 100755 --- a/rules/windows/image_load/sysmon_in_memory_powershell.yml +++ b/rules/windows/image_load/sysmon_in_memory_powershell.yml @@ -24,6 +24,7 @@ detection: - '\powershell.exe' - '\powershell_ise.exe' - '\WINDOWS\System32\sdiagnhost.exe' + - '\mscorsvw.exe' # c:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsw.exe for instance # User: 'NT AUTHORITY\SYSTEM' # if set, matches all powershell processes not launched by SYSTEM condition: selection and not filter falsepositives: diff --git a/rules/windows/image_load/sysmon_wmi_module_load.yml b/rules/windows/image_load/sysmon_wmi_module_load.yml index 44353ab3..fe256712 100755 --- a/rules/windows/image_load/sysmon_wmi_module_load.yml +++ b/rules/windows/image_load/sysmon_wmi_module_load.yml @@ -34,6 +34,8 @@ detection: - '\CompatTelRunner.exe' - '\sdiagnhost.exe' - '\SIHClient.exe' + - '\ngentask.exe' # c:\Windows\Microsoft.NET\Framework(64)\ngentask.exe + - '\windows\system32\taskhostw.exe' # c:\windows\system32\taskhostw.exe condition: selection and not filter fields: - ComputerName From 94e3bd9e6bb42633e866bd6a5cc67044f6680de2 Mon Sep 17 00:00:00 2001 From: ecco Date: Thu, 9 Jul 2020 13:32:21 -0400 Subject: [PATCH 599/714] add WMI module load false positive --- rules/windows/image_load/sysmon_wmi_module_load.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/image_load/sysmon_wmi_module_load.yml b/rules/windows/image_load/sysmon_wmi_module_load.yml index fe256712..bcdf8732 100755 --- a/rules/windows/image_load/sysmon_wmi_module_load.yml +++ b/rules/windows/image_load/sysmon_wmi_module_load.yml @@ -36,6 +36,7 @@ detection: - '\SIHClient.exe' - '\ngentask.exe' # c:\Windows\Microsoft.NET\Framework(64)\ngentask.exe - '\windows\system32\taskhostw.exe' # c:\windows\system32\taskhostw.exe + - '\MoUsoCoreWorker.exe' # c:\windows\System32\MoUsoCoreWorker.exe on win10 20H04 at least condition: selection and not filter fields: - ComputerName From e30eaa020268dc209369360923225ad9fa4016f3 Mon Sep 17 00:00:00 2001 From: ecco Date: Thu, 9 Jul 2020 13:33:59 -0400 Subject: [PATCH 600/714] be more specific about file location --- rules/windows/image_load/sysmon_wmi_module_load.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/image_load/sysmon_wmi_module_load.yml b/rules/windows/image_load/sysmon_wmi_module_load.yml index bcdf8732..6b46e7b0 100755 --- a/rules/windows/image_load/sysmon_wmi_module_load.yml +++ b/rules/windows/image_load/sysmon_wmi_module_load.yml @@ -36,7 +36,7 @@ detection: - '\SIHClient.exe' - '\ngentask.exe' # c:\Windows\Microsoft.NET\Framework(64)\ngentask.exe - '\windows\system32\taskhostw.exe' # c:\windows\system32\taskhostw.exe - - '\MoUsoCoreWorker.exe' # c:\windows\System32\MoUsoCoreWorker.exe on win10 20H04 at least + - '\windows\system32\MoUsoCoreWorker.exe' # c:\windows\System32\MoUsoCoreWorker.exe on win10 20H04 at least condition: selection and not filter fields: - ComputerName From 268a28daedd3ed4e0a8161e607a0e0a4aef664ac Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 13:02:52 +0200 Subject: [PATCH 601/714] rule: Evilnum Golden Chicken rule OCX --- .../win_apt_evilnum_jul20.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_evilnum_jul20.yml diff --git a/rules/windows/process_creation/win_apt_evilnum_jul20.yml b/rules/windows/process_creation/win_apt_evilnum_jul20.yml new file mode 100644 index 00000000..2a469e90 --- /dev/null +++ b/rules/windows/process_creation/win_apt_evilnum_jul20.yml @@ -0,0 +1,23 @@ +title: EvilNum Golden Chickens Deployment via OCX Files +id: 8acf3cfa-1e8c-4099-83de-a0c4038e18f0 +status: experimental +description: Detects Golden Chickens deployment method as used by Evilnum in report published in July 2020 +references: + - https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/ + - https://app.any.run/tasks/33d37fdf-158d-4930-aa68-813e1d5eb8ba/ +author: Florian Roth +date: 2020/07/10 +logsource: + category: process_creation + product: windows +detection: + selection: + CommandLine|contains|all: + - 'regsvr32' + - ' /s /i ' + - '\AppData\Roaming\' + - '.ocx' + condition: selection +falsepositives: + - Unknown +level: critical From 5de82628fad3e9bfbd495ab1b88b3f7046bfac58 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 15:41:55 +0200 Subject: [PATCH 602/714] Update sysmon_apt_leviathan.yml --- rules/windows/registry_event/sysmon_apt_leviathan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/registry_event/sysmon_apt_leviathan.yml b/rules/windows/registry_event/sysmon_apt_leviathan.yml index 91d5d0c5..41274051 100644 --- a/rules/windows/registry_event/sysmon_apt_leviathan.yml +++ b/rules/windows/registry_event/sysmon_apt_leviathan.yml @@ -16,4 +16,4 @@ detection: selection: TargetObject: 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ntkd' condition: selection -level: medium \ No newline at end of file +level: critical From eda08e3a895290f16f6022b97c419c4cdd73b41f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 17:45:11 +0200 Subject: [PATCH 603/714] rule: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 --- .../web_citrix_cve_2020_8193_8195_exploit.yml | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 rules/web/web_citrix_cve_2020_8193_8195_exploit.yml diff --git a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml new file mode 100644 index 00000000..5d46ba8b --- /dev/null +++ b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml @@ -0,0 +1,25 @@ +title: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 +description: Detects exploitation attempt against Citrix Netscaler, Application Delivery Controller and Citrix Gateway +id: 0d0d9a8a-a49e-4e27-b061-7ce4b936cfb7 +references: + - https://support.citrix.com/article/CTX276688 + - https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/ +author: Florian Roth +status: experimental +date: 2020/07/10 +logsource: + category: webserver +detection: + selection: + c-uri|contains: + - '/rapi/filedownload?filter=path:%2F' + condition: selection +fields: + - client_ip + - vhost + - url + - response +falsepositives: + - Unknown +level: critical + From 0d89208242e0a3c41e097c9913da25d2e2683bf5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 17:49:07 +0200 Subject: [PATCH 604/714] rule: updated Citrix rule --- rules/web/web_citrix_cve_2020_8193_8195_exploit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml index 5d46ba8b..99a9d56b 100644 --- a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml +++ b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml @@ -4,6 +4,7 @@ id: 0d0d9a8a-a49e-4e27-b061-7ce4b936cfb7 references: - https://support.citrix.com/article/CTX276688 - https://research.nccgroup.com/2020/07/10/rift-citrix-adc-vulnerabilities-cve-2020-8193-cve-2020-8195-and-cve-2020-8196-intelligence/ + - https://dmaasland.github.io/posts/citrix.html author: Florian Roth status: experimental date: 2020/07/10 @@ -13,6 +14,7 @@ detection: selection: c-uri|contains: - '/rapi/filedownload?filter=path:%2F' + - '&sig_name=_default_signature_' condition: selection fields: - client_ip From 383953c74e7668c821a93739bd753c508912fed8 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 17:55:13 +0200 Subject: [PATCH 605/714] rule: better rule name and descriptions, plus MITRE ATT&CK tags --- rules/web/web_citrix_cve_2020_8193_8195_exploit.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml index 99a9d56b..e8a88b6c 100644 --- a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml +++ b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml @@ -1,5 +1,5 @@ -title: Citrix Netscaler Attack CVE-2020-8193 CVE-2020-8195 -description: Detects exploitation attempt against Citrix Netscaler, Application Delivery Controller and Citrix Gateway +title: Citrix ADS Exploitation CVE-2020-8193 CVE-2020-8195 +description: Detects exploitation attempt against Citrix Netscaler, Application Delivery Controller (ADS) and Citrix Gateway exploiting vulnerabilities reported as CVE-2020-8193 and CVE-2020-8195 id: 0d0d9a8a-a49e-4e27-b061-7ce4b936cfb7 references: - https://support.citrix.com/article/CTX276688 @@ -8,6 +8,9 @@ references: author: Florian Roth status: experimental date: 2020/07/10 +tags: + - attack.initial_access + - attack.t1190 logsource: category: webserver detection: From 129925ce0bfb4cf09a6dca47d55f8f72fb385799 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Fri, 10 Jul 2020 18:15:35 +0200 Subject: [PATCH 606/714] rule: improved Citrix rule --- rules/web/web_citrix_cve_2020_8193_8195_exploit.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml index e8a88b6c..7b8ad590 100644 --- a/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml +++ b/rules/web/web_citrix_cve_2020_8193_8195_exploit.yml @@ -14,11 +14,15 @@ tags: logsource: category: webserver detection: - selection: + selection1: c-uri|contains: - '/rapi/filedownload?filter=path:%2F' - - '&sig_name=_default_signature_' - condition: selection + selection2: + c-uri|contains|all: + - '/pcidss/report' + - 'type=all_signatures' + - 'sig_name=_default_signature_' + condition: 1 of them fields: - client_ip - vhost From 3bb45f00afa41d602b4527d4fcab7955177c51f5 Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Sat, 11 Jul 2020 00:00:21 -0400 Subject: [PATCH 607/714] Update web_citrix_cve_2019_19781_exploit.yml logsource to use the correct Sigma schema values --- rules/web/web_citrix_cve_2019_19781_exploit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/web_citrix_cve_2019_19781_exploit.yml b/rules/web/web_citrix_cve_2019_19781_exploit.yml index 0c814d10..1753d623 100644 --- a/rules/web/web_citrix_cve_2019_19781_exploit.yml +++ b/rules/web/web_citrix_cve_2019_19781_exploit.yml @@ -13,7 +13,7 @@ date: 2020/01/02 modified: 2020/03/14 logsource: category: webserver - description: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt). The directory traversal with ../ might not be needed on certain cloud instances or for authenticated users, so we also check for direct paths. All scripts in portal/scripts are exploitable except logout.pl.' + definition: 'Make sure that your Netscaler appliance logs all kinds of attacks (test with http://your-citrix-gw.net/robots.txt). The directory traversal with ../ might not be needed on certain cloud instances or for authenticated users, so we also check for direct paths. All scripts in portal/scripts are exploitable except logout.pl.' detection: selection: c-uri: From 25d978d9bd6a4c1af64bec624c36621b9ccab796 Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Sat, 11 Jul 2020 22:17:06 -0400 Subject: [PATCH 608/714] Update powershell_shellcode_b64.yml logsource to use the correct Sigma schema values --- rules/windows/powershell/powershell_shellcode_b64.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/powershell/powershell_shellcode_b64.yml b/rules/windows/powershell/powershell_shellcode_b64.yml index fabff88a..15c7fc9e 100644 --- a/rules/windows/powershell/powershell_shellcode_b64.yml +++ b/rules/windows/powershell/powershell_shellcode_b64.yml @@ -15,7 +15,7 @@ date: 2018/11/17 logsource: product: windows service: powershell - description: 'Script block logging must be enabled' + definition: 'Script block logging must be enabled' detection: selection: EventID: 4104 From 7a63fd56da316bb010884de4f5083e66d46fd694 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 11:59:44 +0200 Subject: [PATCH 609/714] rule: regsvr32 flags anomaly --- .../win_susp_regsvr32_flags_anomaly.yml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 rules/windows/process_creation/win_susp_regsvr32_flags_anomaly.yml diff --git a/rules/windows/process_creation/win_susp_regsvr32_flags_anomaly.yml b/rules/windows/process_creation/win_susp_regsvr32_flags_anomaly.yml new file mode 100644 index 00000000..f0064816 --- /dev/null +++ b/rules/windows/process_creation/win_susp_regsvr32_flags_anomaly.yml @@ -0,0 +1,28 @@ +title: Regsvr32 Flags Anomaly +id: b236190c-1c61-41e9-84b3-3fe03f6d76b0 +status: experimental +description: Detects a flag anomaly in which regsvr32.exe uses a /i flag without using a /n flag at the same time +author: Florian Roth +date: 2019/07/13 +references: + - https://twitter.com/sbousseaden/status/1282441816986484737?s=12 +tags: + - attack.t1117 + - attack.defense_evasion + - attack.t1218.010 +logsource: + category: process_creation + product: windows +detection: + selection: + Image|endswith: '\regsvr32.exe' + CommandLine|contains: ' /i:' + filter: + CommandLine|contains: ' /n ' + condition: selection and not filter +fields: + - CommandLine + - ParentCommandLine +falsepositives: + - Unknown +level: high From 26f0d497722df611e8a0d24ec338e8fddfaf757c Mon Sep 17 00:00:00 2001 From: viniciusvec Date: Mon, 13 Jul 2020 14:06:14 +0100 Subject: [PATCH 610/714] Update lnx_shell_clear_cmd_history.yml Renamed tags to match production MITRE: https://attack.mitre.org/techniques/T1070/003/ --- rules/linux/lnx_shell_clear_cmd_history.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 68e9773c..9a8935c9 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -15,7 +15,7 @@ references: - https://www.hackers-arise.com/single-post/2016/06/20/Covering-your-BASH-Shell-Tracks-AntiForensics author: Patrick Bareiss date: 2019/03/24 -modified: 2020/05/28 +modified: 2020/07/13 logsource: product: linux detection: @@ -37,5 +37,4 @@ falsepositives: level: high tags: - attack.defense_evasion - - attack.t1146 - - attack.t1551.003 + - attack.T1070.003 From 557e8b0faf9607d35f4a7278ef20cb32f61a0d7a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 15:47:53 +0200 Subject: [PATCH 611/714] rule: improved Empire detection --- rules/proxy/proxy_empire_ua_uri_combos.yml | 25 +++++++++++++++++++ .../win_susp_powershell_empire_launch.yml | 12 ++++++--- 2 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 rules/proxy/proxy_empire_ua_uri_combos.yml diff --git a/rules/proxy/proxy_empire_ua_uri_combos.yml b/rules/proxy/proxy_empire_ua_uri_combos.yml new file mode 100644 index 00000000..7c3153a6 --- /dev/null +++ b/rules/proxy/proxy_empire_ua_uri_combos.yml @@ -0,0 +1,25 @@ +title: Empire UserAgent URI Combo +id: b923f7d6-ac89-4a50-a71a-89fb846b4aa8 +status: experimental +description: Detects user agent and URI paths used by empire agents +references: + - https://github.com/BC-SECURITY/Empire +author: Florian Roth +date: 2020/07/13 +logsource: + category: proxy +detection: + selection: + c-useragent: 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko' + cs-uri-query: + - '/admin/get.php' + - '/news.php' + - '/login/process.php' + cs-method: 'POST' + condition: selection +fields: + - c-uri + - c-ip +falsepositives: + - Valid requests with this exact user agent to server scripts of the defined names +level: high diff --git a/rules/windows/process_creation/win_susp_powershell_empire_launch.yml b/rules/windows/process_creation/win_susp_powershell_empire_launch.yml index 1097603f..84d9adf1 100644 --- a/rules/windows/process_creation/win_susp_powershell_empire_launch.yml +++ b/rules/windows/process_creation/win_susp_powershell_empire_launch.yml @@ -9,6 +9,7 @@ references: - https://github.com/EmpireProject/Empire/blob/e37fb2eef8ff8f5a0a689f1589f424906fe13055/data/module_source/privesc/Invoke-EventVwrBypass.ps1#L64 author: Florian Roth date: 2019/04/20 +modified: 2020/07/13 tags: - attack.execution - attack.t1086 @@ -18,9 +19,12 @@ logsource: product: windows detection: selection: - CommandLine: - - '* -NoP -sta -NonI -W Hidden -Enc *' - - '* -noP -sta -w 1 -enc *' - - '* -NoP -NonI -W Hidden -enc *' + CommandLine|contains: + - ' -NoP -sta -NonI -W Hidden -Enc ' + - ' -noP -sta -w 1 -enc ' + - ' -NoP -NonI -W Hidden -enc ' + - ' -noP -sta -w 1 -enc' + - ' -enc SQB' + - ' -nop -exec bypass -EncodedCommand SQB' condition: selection level: critical From 87ce5e5745a0c1aa1f96652cfff45d614ed922ff Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 16:02:00 +0200 Subject: [PATCH 612/714] fix: missing MITRE ATT&CK IDs in test --- tests/test_rules.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index c0662e96..b0c5ecc0 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -80,6 +80,12 @@ class TestRules(unittest.TestCase): "t1068", "t1069", "t1070", + "t1070.001", + "t1070.002", + "t1070.003", + "t1070.004", + "t1070.005", + "t1070.006", "t1071", "t1071.004", "t1073", From 1c63a936432c8cebdbbe4b7965c4eb8f6f4417f5 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 16:20:42 +0200 Subject: [PATCH 613/714] fix: wrong casing in tag --- rules/linux/lnx_shell_clear_cmd_history.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 9a8935c9..6b950cce 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -37,4 +37,4 @@ falsepositives: level: high tags: - attack.defense_evasion - - attack.T1070.003 + - attack.t1070.003 From f12cb7309b9e177879dc31dba3a16dab843feed3 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 17:37:03 +0200 Subject: [PATCH 614/714] fix: references is not a list --- rules/windows/builtin/win_metasploit_authentication.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_metasploit_authentication.yml b/rules/windows/builtin/win_metasploit_authentication.yml index 365937a4..35561e55 100644 --- a/rules/windows/builtin/win_metasploit_authentication.yml +++ b/rules/windows/builtin/win_metasploit_authentication.yml @@ -3,7 +3,8 @@ description: Alerts on Metasploit host's authentications on the domain. id: 72124974-a68b-4366-b990-d30e0b2a190d author: Chakib Gzenayi (@Chak092), Hosni Mribah date: 2020/05/06 -references: https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/smb/client.rb +references: + - https://github.com/rapid7/metasploit-framework/blob/master/lib/rex/proto/smb/client.rb tags: - attack.credential_access - attack.t1110 From 4c610ec6934053c0f29e049416d8a0958e7bc459 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 18:07:19 +0200 Subject: [PATCH 615/714] feat: test references is list --- tests/test_rules.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index b0c5ecc0..7c68d484 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -472,6 +472,20 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with missing or malformed 'date' fields. (create one, e.g. date: 2019/01/14)") + def test_references(self): + faulty_rules = [] + for file in self.yield_next_rule_file_path(self.path_to_rules): + references = self.get_rule_part(file_path=file, part_name="refrences") + if not references: + print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) + faulty_rules.append(file) + elif not isinstance(references, list): + print(Fore.YELLOW + "Rule {} has a refences field that isn't a list.".format(file)) + faulty_rules.append(file) + + self.assertEqual(faulty_rules, [], Fore.RED + + "There are rules with malformed 'references' fields. (has to be a list of values even if it contains only a single value)") + def test_title(self): faulty_rules = [] allowed_lowercase_words = [ From 8d91659c2a71421fc949809c414b91214245cfe7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 18:08:00 +0200 Subject: [PATCH 616/714] fix: typo in field value --- tests/test_rules.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 7c68d484..adca0b02 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -475,7 +475,7 @@ class TestRules(unittest.TestCase): def test_references(self): faulty_rules = [] for file in self.yield_next_rule_file_path(self.path_to_rules): - references = self.get_rule_part(file_path=file, part_name="refrences") + references = self.get_rule_part(file_path=file, part_name="references") if not references: print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) faulty_rules.append(file) From 758f5039b5e671b99f931fa57af67cc941ca778c Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 18:16:32 +0200 Subject: [PATCH 617/714] fix: no error on rules without references --- tests/test_rules.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index adca0b02..06fa8b10 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -478,7 +478,7 @@ class TestRules(unittest.TestCase): references = self.get_rule_part(file_path=file, part_name="references") if not references: print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) - faulty_rules.append(file) + #faulty_rules.append(file) elif not isinstance(references, list): print(Fore.YELLOW + "Rule {} has a refences field that isn't a list.".format(file)) faulty_rules.append(file) From 91c0bea5705bca64f5a55705b2e6160da8ec31bf Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 18:22:47 +0200 Subject: [PATCH 618/714] fix: typo and reordered --- tests/test_rules.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 06fa8b10..a38c4054 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -476,12 +476,12 @@ class TestRules(unittest.TestCase): faulty_rules = [] for file in self.yield_next_rule_file_path(self.path_to_rules): references = self.get_rule_part(file_path=file, part_name="references") - if not references: - print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) - #faulty_rules.append(file) - elif not isinstance(references, list): - print(Fore.YELLOW + "Rule {} has a refences field that isn't a list.".format(file)) + if not isinstance(references, list): + print(Fore.YELLOW + "Rule {} has a references field that isn't a list.".format(file)) faulty_rules.append(file) + #if not references: + #print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) + #faulty_rules.append(file) self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with malformed 'references' fields. (has to be a list of values even if it contains only a single value)") From b3e15eea68711630c3033ebc226ce13ce283f0ce Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 13 Jul 2020 18:49:00 +0200 Subject: [PATCH 619/714] fix: nested check --- tests/test_rules.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index a38c4054..3b91717c 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -476,12 +476,15 @@ class TestRules(unittest.TestCase): faulty_rules = [] for file in self.yield_next_rule_file_path(self.path_to_rules): references = self.get_rule_part(file_path=file, part_name="references") - if not isinstance(references, list): - print(Fore.YELLOW + "Rule {} has a references field that isn't a list.".format(file)) - faulty_rules.append(file) - #if not references: - #print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) + # Reference field doesn't exist + if not references: + print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) #faulty_rules.append(file) + else: + # it exists but isn't a list + if not isinstance(references, list): + print(Fore.YELLOW + "Rule {} has a references field that isn't a list.".format(file)) + faulty_rules.append(file) self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with malformed 'references' fields. (has to be a list of values even if it contains only a single value)") From 007f62ba015092d1fb1a07751962e903127b4d06 Mon Sep 17 00:00:00 2001 From: Bart Date: Mon, 13 Jul 2020 21:12:37 +0200 Subject: [PATCH 620/714] Add Dllhost WAN access --- .../sysmon_dllhost_net_connections.yml | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 rules/windows/network_connection/sysmon_dllhost_net_connections.yml diff --git a/rules/windows/network_connection/sysmon_dllhost_net_connections.yml b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml new file mode 100644 index 00000000..6b11396d --- /dev/null +++ b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml @@ -0,0 +1,43 @@ +title: Dllhost Internet Connection +id: cfed2f44-16df-4bf3-833a-79405198b277 +status: experimental +description: Detects Dllhost that communicates with public IP addresses +references: + - https://github.com/Neo23x0/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml +author: @bartblaze +date: 2020/07/13 +tags: + - attack.defense_evasion + - attack.execution +logsource: + category: network_connection + product: windows +detection: + selection: + Image: '*\dllhost.exe' + Initiated: 'true' + filter: + DestinationIp: + - '10.*' + - '192.168.*' + - '172.16.*' + - '172.17.*' + - '172.18.*' + - '172.19.*' + - '172.20.*' + - '172.21.*' + - '172.22.*' + - '172.23.*' + - '172.24.*' + - '172.25.*' + - '172.26.*' + - '172.27.*' + - '172.28.*' + - '172.29.*' + - '172.30.*' + - '172.31.*' + - '127.*' + condition: selection and not filter +falsepositives: + - Communication to other corporate systems that use IP addresses from public address spaces +level: medium \ No newline at end of file From 308420bf7f2bcf61bfbb520d0e81c1d22ad005b2 Mon Sep 17 00:00:00 2001 From: Bart Date: Mon, 13 Jul 2020 21:20:55 +0200 Subject: [PATCH 621/714] Update sysmon_dllhost_net_connections.yml Fix @ --- .../network_connection/sysmon_dllhost_net_connections.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/network_connection/sysmon_dllhost_net_connections.yml b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml index 6b11396d..884bedc1 100644 --- a/rules/windows/network_connection/sysmon_dllhost_net_connections.yml +++ b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml @@ -4,7 +4,7 @@ status: experimental description: Detects Dllhost that communicates with public IP addresses references: - https://github.com/Neo23x0/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml -author: @bartblaze +author: bartblaze date: 2020/07/13 tags: - attack.defense_evasion @@ -40,4 +40,4 @@ detection: condition: selection and not filter falsepositives: - Communication to other corporate systems that use IP addresses from public address spaces -level: medium \ No newline at end of file +level: medium From 3a19e3cf23041faa0d5e684b639316ec831f1cd1 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:18:01 +0000 Subject: [PATCH 622/714] Added AppLocker log source --- tools/config/winlogbeat.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 2a30094d..3bc1824e 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -53,6 +53,15 @@ logsources: service: windefend conditions: winlog.channel: 'Microsoft-Windows-Windows Defender/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + winlog.channel: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' From 1da229e3a910f61150a04dc094d16325031f51b7 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:20:28 +0000 Subject: [PATCH 623/714] Added AppLocker log source --- tools/config/winlogbeat-old.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/winlogbeat-old.yml b/tools/config/winlogbeat-old.yml index 6bb0daaa..f60c49b8 100644 --- a/tools/config/winlogbeat-old.yml +++ b/tools/config/winlogbeat-old.yml @@ -53,6 +53,15 @@ logsources: service: windefend conditions: log_name: 'Microsoft-Windows-Windows Defender/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + log_name: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' From c30a256030388868cc83efb3683880f174daf79d Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:21:46 +0000 Subject: [PATCH 624/714] Added AppLocker log source --- tools/config/winlogbeat-modules-enabled.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index f0cab88c..4009a9bd 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -54,6 +54,15 @@ logsources: service: windefend conditions: winlog.channel: 'Microsoft-Windows-Windows Defender/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + winlog.channel: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: winlog.event_data.\1/g' From 0d925896b9e500098417a33a167d1010717793da Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:23:42 +0000 Subject: [PATCH 625/714] Added AppLocker log source --- tools/config/thor.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/config/thor.yml b/tools/config/thor.yml index 9c8a4404..37163f42 100644 --- a/tools/config/thor.yml +++ b/tools/config/thor.yml @@ -71,6 +71,15 @@ logsources: service: dhcp sources: - 'WinEventLog:Microsoft-Windows-DHCP-Server/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + sources: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' apache: category: webserver sources: @@ -92,4 +101,4 @@ logsources: logfiles: category: logfile sources: - - 'File:*.log' \ No newline at end of file + - 'File:*.log' From e37694825810999a1dfb653e463bbadfccef5810 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:27:52 +0000 Subject: [PATCH 626/714] Added AppLocker log source --- tools/config/splunk-windows.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/splunk-windows.yml b/tools/config/splunk-windows.yml index f1373489..3c298599 100644 --- a/tools/config/splunk-windows.yml +++ b/tools/config/splunk-windows.yml @@ -70,5 +70,14 @@ logsources: service: dhcp conditions: source: 'Microsoft-Windows-DHCP-Server/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + source: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' fieldmappings: EventID: EventCode From 7fb2e2b845d4e901be705edd299f141580311d87 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:29:13 +0000 Subject: [PATCH 627/714] Added AppLocker log source --- tools/config/powershell.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml index c22cdc99..e116f0cd 100644 --- a/tools/config/powershell.yml +++ b/tools/config/powershell.yml @@ -74,3 +74,12 @@ logsources: service: windefend conditions: LogName: 'Microsoft-Windows-Windows Defender/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + LogName: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' From a58e03750934b015bc144c1e7dfb8a135a3c86ea Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:30:02 +0000 Subject: [PATCH 628/714] Added AppLocker log source --- tools/config/powershell-windows-all.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/powershell-windows-all.yml b/tools/config/powershell-windows-all.yml index 8464ade0..e7bf8ae9 100644 --- a/tools/config/powershell-windows-all.yml +++ b/tools/config/powershell-windows-all.yml @@ -60,3 +60,12 @@ logsources: service: ntlm conditions: LogName: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + LogName: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' From 46a6183745d8e8ea2c61d1c9f85c7862063c2950 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:32:03 +0000 Subject: [PATCH 629/714] Added AppLocker log source --- tools/config/elk-windows.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/elk-windows.yml b/tools/config/elk-windows.yml index 42bec150..0714d769 100644 --- a/tools/config/elk-windows.yml +++ b/tools/config/elk-windows.yml @@ -33,4 +33,13 @@ logsources: service: ntlm conditions: EventLog: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + EventLog: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: logstash-* From 326cf05a74583f2a87cb984b4deb29d6dfa292ea Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:41:54 +0000 Subject: [PATCH 630/714] Added AppLocker log source --- tools/config/arcsight.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/config/arcsight.yml b/tools/config/arcsight.yml index ba5ef780..3532e7b1 100644 --- a/tools/config/arcsight.yml +++ b/tools/config/arcsight.yml @@ -99,6 +99,12 @@ logsources: service: application conditions: deviceVendor: Microsoft + windows-applocker: + product: windows + service: applocker + conditions: + deviceVendor: Microsoft + deviceProduct: AppLocker proxy: category: proxy conditions: From 364af53902968afa02ee58f283c0eb898ea9fe52 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:44:03 +0000 Subject: [PATCH 631/714] Added AppLocker log source --- tools/config/elk-winlogbeat.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/elk-winlogbeat.yml b/tools/config/elk-winlogbeat.yml index 25c4525b..9c77653f 100644 --- a/tools/config/elk-winlogbeat.yml +++ b/tools/config/elk-winlogbeat.yml @@ -33,6 +33,15 @@ logsources: service: ntlm conditions: log_name: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + log_name: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: winlogbeat-* # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' From bdfb646228a6ff2919c2fcf9d3a62d8709cf06b2 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:45:30 +0000 Subject: [PATCH 632/714] Added AppLocker log source --- tools/config/elk-winlogbeat-sp.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/elk-winlogbeat-sp.yml b/tools/config/elk-winlogbeat-sp.yml index 4c1ded4e..078f6802 100644 --- a/tools/config/elk-winlogbeat-sp.yml +++ b/tools/config/elk-winlogbeat-sp.yml @@ -33,6 +33,15 @@ logsources: service: ntlm conditions: log_name: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + log_name: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: # Extract all field names qith yq: # yq -r '.detection | del(.condition) | map(keys) | .[][]' $(find sigma/rules/windows -name '*.yml') | sort -u | grep -v ^EventID$ | sed 's/^\(.*\)/ \1: event_data.\1/g' From 8e3f973e6988c7aa99c162644c9b646d065a8363 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:46:49 +0000 Subject: [PATCH 633/714] Added AppLocker log source --- tools/config/logpoint-windows.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/logpoint-windows.yml b/tools/config/logpoint-windows.yml index 5dbd3fdb..1dfb74aa 100644 --- a/tools/config/logpoint-windows.yml +++ b/tools/config/logpoint-windows.yml @@ -33,6 +33,15 @@ logsources: service: ntlm conditions: event_source: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + event_source: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' fieldmappings: EventID: event_id From 6c999df3b70f672d97a612859a1b0e56960e0ffe Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:48:06 +0000 Subject: [PATCH 634/714] Added AppLocker log source --- tools/config/logstash-windows.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/config/logstash-windows.yml b/tools/config/logstash-windows.yml index 9a939be5..d21a846b 100644 --- a/tools/config/logstash-windows.yml +++ b/tools/config/logstash-windows.yml @@ -53,4 +53,13 @@ logsources: service: ntlm conditions: Channel: 'Microsoft-Windows-NTLM/Operational' + windows-applocker: + product: windows + service: applocker + conditions: + Channel: + - 'Microsoft-Windows-AppLocker/MSI and Script' + - 'Microsoft-Windows-AppLocker/EXE and DLL' + - 'Microsoft-Windows-AppLocker/Packaged app-Deployment' + - 'Microsoft-Windows-AppLocker/Packaged app-Execution' defaultindex: logstash-* From efe720d44e6d40fcd1dc0087dc145c4303837232 Mon Sep 17 00:00:00 2001 From: Pushkarev Dmitry Date: Mon, 13 Jul 2020 20:51:48 +0000 Subject: [PATCH 635/714] Added new rule. AppLocker --- ..._applocker_file_was_not_allowed_to_run.yml | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 rules/windows/builtin/win_applocker_file_was_not_allowed_to_run.yml diff --git a/rules/windows/builtin/win_applocker_file_was_not_allowed_to_run.yml b/rules/windows/builtin/win_applocker_file_was_not_allowed_to_run.yml new file mode 100644 index 00000000..561bf7ae --- /dev/null +++ b/rules/windows/builtin/win_applocker_file_was_not_allowed_to_run.yml @@ -0,0 +1,37 @@ +title: File Was Not Allowed To Run +id: 401e5d00-b944-11ea-8f9a-00163ecd60ae +description: Detect run not allowed files. Applocker is a very useful tool, especially on servers where unprivileged users have access. For example terminal servers. You need configure applocker and log collect to receive these events. +status: experimental +tags: + - attack.execution + - attack.t1204 + - attack.t1086 + - attack.t1064 + - attack.t1035 +references: + - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker + - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker + - https://nxlog.co/documentation/nxlog-user-guide/applocker.html +author: Pushkarev Dmitry +date: 2020/06/28 +logsource: + product: windows + service: applocker +detection: + selection: + EventID: + - 8004 + - 8007 + condition: selection +fields: + - PolicyName + - RuleId + - RuleName + - TargetUser + - TargetProcessId + - FilePath + - FileHash + - Fqbn +falsepositives: + - need tuning applocker or add exceptions in SIEM +level: medium From 04fd598bcf6f6af48073805e04bbde7d8d5f2f65 Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Mon, 13 Jul 2020 17:02:17 -0400 Subject: [PATCH 636/714] Update additional rules to have correct logsource attributes --- rules/windows/builtin/win_GPO_scheduledtasks.yml | 2 +- rules/windows/builtin/win_alert_ad_user_backdoors.yml | 4 ++-- rules/windows/builtin/win_atsvc_task.yml | 2 +- rules/windows/builtin/win_global_catalog_enumeration.yml | 2 +- rules/windows/builtin/win_impacket_secretdump.yml | 2 +- rules/windows/builtin/win_lm_namedpipe.yml | 2 +- rules/windows/builtin/win_susp_psexec.yml | 2 +- rules/windows/builtin/win_svcctl_remote_service.yml | 2 +- rules/windows/powershell/powershell_data_compressed.yml | 2 +- rules/windows/powershell/powershell_winlogon_helper_dll.yml | 2 +- rules/windows/powershell/powershell_wmimplant.yml | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rules/windows/builtin/win_GPO_scheduledtasks.yml b/rules/windows/builtin/win_GPO_scheduledtasks.yml index 75dfa1b0..ade52cde 100644 --- a/rules/windows/builtin/win_GPO_scheduledtasks.yml +++ b/rules/windows/builtin/win_GPO_scheduledtasks.yml @@ -14,7 +14,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection: EventID: 5145 diff --git a/rules/windows/builtin/win_alert_ad_user_backdoors.yml b/rules/windows/builtin/win_alert_ad_user_backdoors.yml index 9ce1e7e7..b1fc6652 100644 --- a/rules/windows/builtin/win_alert_ad_user_backdoors.yml +++ b/rules/windows/builtin/win_alert_ad_user_backdoors.yml @@ -14,8 +14,8 @@ tags: logsource: product: windows service: security - definition1: 'Requirements: Audit Policy : Account Management > Audit User Account Management, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit User Account Management' - definition2: 'Requirements: Audit Policy : DS Access > Audit Directory Service Changes, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Directory Service Changes' + definition: 'Requirements: Audit Policy : Account Management > Audit User Account Management, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit User Account Management, + DS Access > Audit Directory Service Changes, Group Policy : Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Directory Service Changes' detection: selection1: EventID: 4738 diff --git a/rules/windows/builtin/win_atsvc_task.yml b/rules/windows/builtin/win_atsvc_task.yml index bb4ce41a..b7ad1afd 100644 --- a/rules/windows/builtin/win_atsvc_task.yml +++ b/rules/windows/builtin/win_atsvc_task.yml @@ -15,7 +15,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection: EventID: 5145 diff --git a/rules/windows/builtin/win_global_catalog_enumeration.yml b/rules/windows/builtin/win_global_catalog_enumeration.yml index d2707b31..d364688a 100644 --- a/rules/windows/builtin/win_global_catalog_enumeration.yml +++ b/rules/windows/builtin/win_global_catalog_enumeration.yml @@ -9,7 +9,7 @@ tags: logsource: product: windows service: system - description: 'The advanced audit policy setting "Windows Filtering Platform > Filtering Platform Connection" must be configured for Success' + definition: 'The advanced audit policy setting "Windows Filtering Platform > Filtering Platform Connection" must be configured for Success' detection: selection: EventID: 5156 diff --git a/rules/windows/builtin/win_impacket_secretdump.yml b/rules/windows/builtin/win_impacket_secretdump.yml index ca4effe5..4b6f4dc2 100644 --- a/rules/windows/builtin/win_impacket_secretdump.yml +++ b/rules/windows/builtin/win_impacket_secretdump.yml @@ -14,7 +14,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection: EventID: 5145 diff --git a/rules/windows/builtin/win_lm_namedpipe.yml b/rules/windows/builtin/win_lm_namedpipe.yml index 8bbbbc1a..33612fe9 100644 --- a/rules/windows/builtin/win_lm_namedpipe.yml +++ b/rules/windows/builtin/win_lm_namedpipe.yml @@ -12,7 +12,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection1: EventID: 5145 diff --git a/rules/windows/builtin/win_susp_psexec.yml b/rules/windows/builtin/win_susp_psexec.yml index 62216f2e..6c8ff078 100644 --- a/rules/windows/builtin/win_susp_psexec.yml +++ b/rules/windows/builtin/win_susp_psexec.yml @@ -12,7 +12,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection1: EventID: 5145 diff --git a/rules/windows/builtin/win_svcctl_remote_service.yml b/rules/windows/builtin/win_svcctl_remote_service.yml index eaffe17d..013f834e 100644 --- a/rules/windows/builtin/win_svcctl_remote_service.yml +++ b/rules/windows/builtin/win_svcctl_remote_service.yml @@ -11,7 +11,7 @@ tags: logsource: product: windows service: security - description: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' + definition: 'The advanced audit policy setting "Object Access > Audit Detailed File Share" must be configured for Success/Failure' detection: selection: EventID: 5145 diff --git a/rules/windows/powershell/powershell_data_compressed.yml b/rules/windows/powershell/powershell_data_compressed.yml index ebd3a1c0..89c927b0 100644 --- a/rules/windows/powershell/powershell_data_compressed.yml +++ b/rules/windows/powershell/powershell_data_compressed.yml @@ -10,7 +10,7 @@ references: logsource: product: windows service: powershell - description: 'Script block logging must be enabled' + definition: 'Script block logging must be enabled' detection: selection: EventID: 4104 diff --git a/rules/windows/powershell/powershell_winlogon_helper_dll.yml b/rules/windows/powershell/powershell_winlogon_helper_dll.yml index bc5c334e..7736fe84 100644 --- a/rules/windows/powershell/powershell_winlogon_helper_dll.yml +++ b/rules/windows/powershell/powershell_winlogon_helper_dll.yml @@ -10,7 +10,7 @@ references: logsource: product: windows service: powershell - description: 'Script block logging must be enabled' + definition: 'Script block logging must be enabled' detection: selection: EventID: 4104 diff --git a/rules/windows/powershell/powershell_wmimplant.yml b/rules/windows/powershell/powershell_wmimplant.yml index c8a64f20..2bb8f63d 100644 --- a/rules/windows/powershell/powershell_wmimplant.yml +++ b/rules/windows/powershell/powershell_wmimplant.yml @@ -12,7 +12,7 @@ date: 2020/03/26 logsource: product: windows service: powershell - description: "Script block logging must be enabled" + definition: "Script block logging must be enabled" detection: selection: ScriptBlockText|contains: From 9eb5d8da4de86dc6e7f7448ff030a449a5f48fee Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Mon, 13 Jul 2020 17:02:28 -0400 Subject: [PATCH 637/714] Add logsource attribute rule test --- tests/test_rules.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index c0662e96..47897a71 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -513,6 +513,15 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with non-conform 'title' fields. Please check: https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide#title") + def test_invalid_logsource_attributes(self): + faulty_rules = [] + for file in self.yield_next_rule_file_path(self.path_to_rules): + logsource = self.get_rule_part(file_path=file, part_name="logsource") + for key in logsource: + if key.lower() not in ['category', 'product', 'service', 'definition']: + print(Fore.RED + "Rule {} has a logsource with an invalid field ({})".format(file, key)) + + if __name__ == "__main__": init(autoreset=True) unittest.main() From 781667ef2247dc18721ee9199a4473d26fd0f72d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 00:33:47 +0200 Subject: [PATCH 638/714] fix: zeek rule references isn't a list --- .../zeek_smb_converted_win_susp_raccess_sensitive_fext.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml index fa7f41f0..7e5880e0 100644 --- a/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml +++ b/rules/network/zeek/zeek_smb_converted_win_susp_raccess_sensitive_fext.yml @@ -3,7 +3,8 @@ id: 286b47ed-f6fe-40b3-b3a8-35129acd43bc description: Detects known sensitive file extensions via Zeek author: 'Samir Bousseaden, @neu5ron' date: 2020/04/02 -references: https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_susp_raccess_sensitive_fext.yml +references: + - https://github.com/neo23x0/sigma/blob/d42e87edd741dd646db946f30964f331f92f50e6/rules/windows/builtin/win_susp_raccess_sensitive_fext.yml tags: - attack.collection logsource: From bae979f5c708e5f804c05ef6c14f7accb4ceb199 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 11:56:28 +0200 Subject: [PATCH 639/714] refactor: ignore sub techniques as long as we do not have a complete list --- tests/test_rules.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 3b91717c..c11c2bdd 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -290,12 +290,12 @@ class TestRules(unittest.TestCase): tags = self.get_rule_part(file_path=file, part_name="tags") if tags: for tag in tags: - if tag not in self.MITRE_ALL and tag.startswith("attack."): + if tag not in self.MITRE_ALL and tag.startswith("attack.") and len(split(".", tag)) < 3: print(Fore.RED + "Rule {} has the following incorrect tag {}".format(file, tag)) files_with_incorrect_mitre_tags.append(file) self.assertEqual(files_with_incorrect_mitre_tags, [], Fore.RED + - "There are rules with incorrect MITRE Tags. (please inform us about new tags that are not yet supported in our tests) Check the correct tags here: https://attack.mitre.org/ ") + "There are rules with incorrect/unknown MITRE Tags. (please inform us about new tags that are not yet supported in our tests) and check the correct tags here: https://attack.mitre.org/ ") def test_look_for_duplicate_filters(self): def check_list_or_recurse_on_dict(item, depth:int) -> None: From 495376df77e460a34aff20bc4026a063ff38b97e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 12:33:02 +0200 Subject: [PATCH 640/714] refactor: references test without warnings for missing refs --- tests/test_rules.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index c11c2bdd..a051ae9a 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -477,10 +477,10 @@ class TestRules(unittest.TestCase): for file in self.yield_next_rule_file_path(self.path_to_rules): references = self.get_rule_part(file_path=file, part_name="references") # Reference field doesn't exist - if not references: - print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) + #if not references: + #print(Fore.YELLOW + "Rule {} has no field 'references'.".format(file)) #faulty_rules.append(file) - else: + if references: # it exists but isn't a list if not isinstance(references, list): print(Fore.YELLOW + "Rule {} has a references field that isn't a list.".format(file)) From cf25b9c509c14aa941b527a6b4de29960ae30dfe Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 12:33:16 +0200 Subject: [PATCH 641/714] feat: filename test --- tests/test_rules.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index a051ae9a..7fc90f16 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -489,6 +489,18 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with malformed 'references' fields. (has to be a list of values even if it contains only a single value)") + def test_file_names(self): + faulty_rules = [] + filename_pattern = re.compile('[a-z0-9_]{10,70}\.yml') + for file in self.yield_next_rule_file_path(self.path_to_rules): + filename = os.path.basename(file) + if not filename_pattern.match(filename) and not '_' in filename: + print(Fore.YELLOW + "Rule {} has a file name that doesn't match our standard.".format(file)) + faulty_rules.append(file) + + self.assertEqual(faulty_rules, [], Fore.RED + + "There are rules with malformed file names (too short, too long, uppercase letters, a minus sign etc.). Please see the file names used in our repository and adjust your file names accordingly. The pattern for a valid file name is '[a-z0-9_]{10,70}\.yml' and it has to contain at least an underline character.") + def test_title(self): faulty_rules = [] allowed_lowercase_words = [ From 58b68758b4e5c8fcaec8d8b6b95b5e1f273df481 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 17:53:32 +0200 Subject: [PATCH 642/714] fix: wrong MITRE ATT&CK ids used in the beta version --- rules/network/cisco/aaa/cisco_cli_clear_logs.yml | 4 ++-- rules/network/cisco/aaa/cisco_cli_file_deletion.yml | 2 +- rules/windows/builtin/win_susp_backup_delete.yml | 2 +- rules/windows/builtin/win_susp_eventlog_cleared.yml | 2 +- rules/windows/builtin/win_susp_sdelete.yml | 2 +- rules/windows/builtin/win_susp_security_eventlog_cleared.yml | 2 +- rules/windows/builtin/win_susp_time_modification.yml | 2 +- .../powershell/powershell_clear_powershell_history.yml | 2 +- rules/windows/process_creation/win_etw_trace_evasion.yml | 2 +- rules/windows/process_creation/win_malware_notpetya.yml | 2 +- rules/windows/process_creation/win_shadow_copies_deletion.yml | 2 +- rules/windows/process_creation/win_susp_bcdedit.yml | 2 +- rules/windows/process_creation/win_susp_eventlog_clear.yml | 2 +- rules/windows/process_creation/win_susp_fsutil_usage.yml | 2 +- 14 files changed, 15 insertions(+), 15 deletions(-) diff --git a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml index 244bdead..35671eed 100644 --- a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml +++ b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml @@ -11,8 +11,8 @@ tags: - attack.defense_evasion - attack.t1146 - attack.t1070 - - attack.t1551.003 - - attack.t1551 + - attack.t1070.003 + - attack.t1070 logsource: product: cisco service: aaa diff --git a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml index ec6b4e1e..f248dd59 100644 --- a/rules/network/cisco/aaa/cisco_cli_file_deletion.yml +++ b/rules/network/cisco/aaa/cisco_cli_file_deletion.yml @@ -15,7 +15,7 @@ tags: - attack.t1488 - attack.t1487 - attack.t1561.002 - - attack.t1551.004 + - attack.t1070.004 - attack.t1561.001 logsource: product: cisco diff --git a/rules/windows/builtin/win_susp_backup_delete.yml b/rules/windows/builtin/win_susp_backup_delete.yml index 332b6c80..d58d1d60 100644 --- a/rules/windows/builtin/win_susp_backup_delete.yml +++ b/rules/windows/builtin/win_susp_backup_delete.yml @@ -10,7 +10,7 @@ date: 2017/05/12 tags: - attack.defense_evasion - attack.t1107 - - attack.t1551.004 + - attack.t1070.004 logsource: product: windows service: application diff --git a/rules/windows/builtin/win_susp_eventlog_cleared.yml b/rules/windows/builtin/win_susp_eventlog_cleared.yml index b0698a1c..7b87b35c 100644 --- a/rules/windows/builtin/win_susp_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_eventlog_cleared.yml @@ -10,7 +10,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1551 + - attack.t1070 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_susp_sdelete.yml b/rules/windows/builtin/win_susp_sdelete.yml index 8483f026..540a0953 100644 --- a/rules/windows/builtin/win_susp_sdelete.yml +++ b/rules/windows/builtin/win_susp_sdelete.yml @@ -13,7 +13,7 @@ tags: - attack.t1107 - attack.t1066 - attack.s0195 - - attack.t1551.004 + - attack.t1070.004 - attack.t1027 logsource: product: windows diff --git a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml index d31a49b4..9e0f24d7 100644 --- a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml @@ -5,7 +5,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1551 + - attack.t1070 author: Florian Roth date: 2017/02/19 logsource: diff --git a/rules/windows/builtin/win_susp_time_modification.yml b/rules/windows/builtin/win_susp_time_modification.yml index c457b28e..e015c025 100644 --- a/rules/windows/builtin/win_susp_time_modification.yml +++ b/rules/windows/builtin/win_susp_time_modification.yml @@ -11,7 +11,7 @@ midified: 2020/01/27 tags: - attack.defense_evasion - attack.t1099 - - attack.t1551.006 + - attack.t1070.006 logsource: product: windows service: security diff --git a/rules/windows/powershell/powershell_clear_powershell_history.yml b/rules/windows/powershell/powershell_clear_powershell_history.yml index 4f52faec..db298c67 100644 --- a/rules/windows/powershell/powershell_clear_powershell_history.yml +++ b/rules/windows/powershell/powershell_clear_powershell_history.yml @@ -9,7 +9,7 @@ references: tags: - attack.defense_evasion - attack.t1146 - - attack.t1551.003 + - attack.t1070.003 logsource: product: windows service: powershell diff --git a/rules/windows/process_creation/win_etw_trace_evasion.yml b/rules/windows/process_creation/win_etw_trace_evasion.yml index 6b6e182f..d7b7000f 100644 --- a/rules/windows/process_creation/win_etw_trace_evasion.yml +++ b/rules/windows/process_creation/win_etw_trace_evasion.yml @@ -12,7 +12,7 @@ tags: - attack.execution - attack.t1070 - car.2016-04-002 - - attack.t1551 + - attack.t1070 level: high logsource: category: process_creation diff --git a/rules/windows/process_creation/win_malware_notpetya.yml b/rules/windows/process_creation/win_malware_notpetya.yml index 10ecc8a7..4293239d 100644 --- a/rules/windows/process_creation/win_malware_notpetya.yml +++ b/rules/windows/process_creation/win_malware_notpetya.yml @@ -16,7 +16,7 @@ tags: - attack.t1003 - car.2016-04-002 - attack.t1218.011 - - attack.t1551 + - attack.t1070 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_shadow_copies_deletion.yml b/rules/windows/process_creation/win_shadow_copies_deletion.yml index d017b359..6fb0d27d 100644 --- a/rules/windows/process_creation/win_shadow_copies_deletion.yml +++ b/rules/windows/process_creation/win_shadow_copies_deletion.yml @@ -15,7 +15,7 @@ tags: - attack.impact - attack.t1070 - attack.t1490 - - attack.t1551 + - attack.t1070 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_bcdedit.yml b/rules/windows/process_creation/win_susp_bcdedit.yml index 7b74bef4..e5c87b34 100644 --- a/rules/windows/process_creation/win_susp_bcdedit.yml +++ b/rules/windows/process_creation/win_susp_bcdedit.yml @@ -11,7 +11,7 @@ tags: - attack.t1070 - attack.persistence - attack.t1067 - - attack.t1551 + - attack.t1070 - attack.t1542.003 logsource: category: process_creation diff --git a/rules/windows/process_creation/win_susp_eventlog_clear.yml b/rules/windows/process_creation/win_susp_eventlog_clear.yml index b0e27546..bff846f4 100644 --- a/rules/windows/process_creation/win_susp_eventlog_clear.yml +++ b/rules/windows/process_creation/win_susp_eventlog_clear.yml @@ -11,7 +11,7 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1551 + - attack.t1070 level: high logsource: category: process_creation diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index e7a3d0c9..26348553 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -12,7 +12,7 @@ references: tags: - attack.defense_evasion - attack.t1070 - - attack.t1551 + - attack.t1070 logsource: category: process_creation product: windows From 71e66ea9ba71f8893605a348d77a28515edd2f7a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 17:54:02 +0200 Subject: [PATCH 643/714] refactor: tests use live data from MITRE's TAXI service --- tests/test_rules.py | 277 +++++++---------------------------- tools/requirements-devel.txt | 2 + 2 files changed, 52 insertions(+), 227 deletions(-) diff --git a/tests/test_rules.py b/tests/test_rules.py index 7fc90f16..ecfb2f34 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -10,238 +10,13 @@ import os import unittest import yaml import re +from attackcti import attack_client from colorama import init from colorama import Fore class TestRules(unittest.TestCase): - MITRE_TECHNIQUES = [ - "t1002", - "t1003", - "t1003.001", - "t1003.002", - "t1003.003", - "t1003.004", - "t1003.005", - "t1003.006", - "t1004", - "t1005", - "t1006", - "t1007", - "t1009", - "t1011", - "t1012", - "t1015", - "t1016", - "t1018", - "t1020", - "t1021", - "t1021.001", - "t1021.002", - "t1021.003", - "t1021.006", - "t1023", - "t1027", - "t1028", - "t1031", - "t1033", - "t1035", - "t1036", - "t1036.005", - "t1037", - "t1037.001", - "t1038", - "t1040", - "t1041", - "t1042", - "t1043", - "t1046", - "t1047", - "t1048", - "t1049", - "t1050", - "t1053", - "t1053.002", - "t1053.005", - "t1054", - "t1055", - "t1056", - "t1057", - "t1058", - "t1059", - "t1059.001", - "t1059.003", - "t1059.004", - "t1059.005", - "t1059.006", - "t1060", - "t1064", - "t1066", - "t1067", - "t1068", - "t1069", - "t1070", - "t1070.001", - "t1070.002", - "t1070.003", - "t1070.004", - "t1070.005", - "t1070.006", - "t1071", - "t1071.004", - "t1073", - "t1074", - "t1075", - "t1076", - "t1077", - "t1078", - "t1081", - "t1082", - "t1083", - "t1084", - "t1085", - "t1086", - "t1087", - "t1088", - "t1089", - "t1090", - "t1091", - "t1096", - "t1098", - "t1099", - "t1100", - "t1102", - "t1103", - "t1105", - "t1106", - "t1107", - "t1110", - "t1112", - "t1114", - "t1117", - "t1118", - "t1121", - "t1122", - "t1123", - "t1124", - "t1125", - "t1127", - "t1128", - "t1130", - "t1133", - "t1134", - "t1134.005", - "t1135", - "t1136", - "t1137", - "t1138", - "t1139", - "t1140", - "t1145", - "t1146", - "t1156", - "t1158", - "t1168", - "t1169", - "t1170", - "t1171", - "t1175", - "t1177", - "t1178", - "t1182", - "t1183", - "t1190", - "t1191", - "t1193", - "t1195", - "t1195.001", - "t1196", - "t1197", - "t1200", - "t1201", - "t1202", - "t1203", - "t1204", - "t1207", - "t1208", - "t1210", - "t1211", - "t1212", - "t1218", - "t1218.001", - "t1218.005", - "t1218.010", - "t1218.011", - "t1219", - "t1220", - "t1222", - "t1223", - "t1482", - "t1485", - "t1487", - "t1488", - "t1489", - "t1490", - "t1492", - "t1493", - "t1495", - "t1499", - "t1500", - "t1501", - "t1505", - "t1505.003", - "t1537", - "t1542.003", - "t1543.002", - "t1543.003", - "t1546.001", - "t1546.003", - "t1546.004", - "t1546.007", - "t1546.008", - "t1546.009", - "t1546.010", - "t1546.011", - "t1546.012", - "t1546.015", - "t1547.001", - "t1547.004", - "t1547.008", - "t1547.009", - "t1548.002", - "t1550.002", - "t1551", - "t1551.003", - "t1551.004", - "t1551.006", - "t1552.001", - "t1552.003", - "t1552.004", - "t1553.004", - "t1557.001", - "t1558", - "t1558.003", - "t1559.001", - "t1560", - "t1561.001", - "t1561.002", - "t1562.001", - "t1562.006", - "t1564.001", - "t1564.004", - "t1565.001", - "t1565.002", - "t1566.001", - "t1569.002", - "t1571", - "t1574.001", - "t1574.002", - "t1574.011", -] MITRE_TECHNIQUE_NAMES = ["process_injection", "signed_binary_proxy_execution", "process_injection"] # incomplete list MITRE_TACTICS = ["initial_access", "execution", "persistence", "privilege_escalation", "defense_evasion", "credential_access", "discovery", "lateral_movement", "collection", "exfiltration", "command_and_control", "impact", "launch"] - MITRE_GROUPS = ["g0001", "g0002", "g0003", "g0004", "g0005", "g0006", "g0007", "g0008", "g0009", "g0010", "g0011", "g0012", "g0013", "g0014", "g0015", "g0016", "g0017", "g0018", "g0019", "g0020", "g0021", "g0022", "g0023", "g0024", "g0025", "g0026", "g0027", "g0028", "g0029", "g0030", "g0031", "g0032", "g0033", "g0034", "g0035", "g0036", "g0037", "g0038", "g0039", "g0040", "g0041", "g0042", "g0043", "g0044", "g0045", "g0046", "g0047", "g0048", "g0049", "g0050", "g0051", "g0052", "g0053", "g0054", "g0055", "g0056", "g0057", "g0058", "g0059", "g0060", "g0061", "g0062", "g0063", "g0064", "g0065", "g0066", "g0067", "g0068", "g0069", "g0070", "g0071", "g0072", "g0073", "g0074", "g0075", "g0076", "g0077", "g0078", "g0079", "g0080", "g0081", "g0082", "g0083", "g0084", "g0085", "g0086", "g0087", "g0088", "g0089", "g0090", "g0091", "g0092", "g0093", "g0094", "g0095", "g0096"] - MITRE_SOFTWARE = ["s0001", "s0002", "s0003", "s0004", "s0005", "s0006", "s0007", "s0008", "s0009", "s0010", "s0011", "s0012", "s0013", "s0014", "s0015", "s0016", "s0017", "s0018", "s0019", "s0020", "s0021", "s0022", "s0023", "s0024", "s0025", "s0026", "s0027", "s0028", "s0029", "s0030", "s0031", "s0032", "s0033", "s0034", "s0035", "s0036", "s0037", "s0038", "s0039", "s0040", "s0041", "s0042", "s0043", "s0044", "s0045", "s0046", "s0047", "s0048", "s0049", "s0050", "s0051", "s0052", "s0053", "s0054", "s0055", "s0056", "s0057", "s0058", "s0059", "s0060", "s0061", "s0062", "s0063", "s0064", "s0065", "s0066", "s0067", "s0068", "s0069", "s0070", "s0071", "s0072", "s0073", "s0074", "s0075", "s0076", "s0077", "s0078", "s0079", "s0080", "s0081", "s0082", "s0083", "s0084", "s0085", "s0086", "s0087", "s0088", "s0089", "s0090", "s0091", "s0092", "s0093", "s0094", "s0095", "s0096", "s0097", "s0098", "s0099", "s0100", "s0101", "s0102", "s0103", "s0104", "s0105", "s0106", "s0107", "s0108", "s0109", "s0110", "s0111", "s0112", "s0113", "s0114", "s0115", "s0116", "s0117", "s0118", "s0119", "s0120", "s0121", "s0122", "s0123", "s0124", "s0125", "s0126", "s0127", "s0128", "s0129", "s0130", "s0131", "s0132", "s0133", "s0134", "s0135", "s0136", "s0137", "s0138", "s0139", "s0140", "s0141", "s0142", "s0143", "s0144", "s0145", "s0146", "s0147", "s0148", "s0149", "s0150", "s0151", "s0152", "s0153", "s0154", "s0155", "s0156", "s0157", "s0158", "s0159", "s0160", "s0161", "s0162", "s0163", "s0164", "s0165", "s0166", "s0167", "s0168", "s0169", "s0170", "s0171", "s0172", "s0173", "s0174", "s0175", "s0176", "s0177", "s0178", "s0179", "s0180", "s0181", "s0182", "s0183", "s0184", "s0185", "s0186", "s0187", "s0188", "s0189", "s0190", "s0191", "s0192", "s0193", "s0194", "s0195", "s0196", "s0197", "s0198", "s0199", "s0200", "s0201", "s0202", "s0203", "s0204", "s0205", "s0206", "s0207", "s0208", "s0209", "s0210", "s0211", "s0212", "s0213", "s0214", "s0215", "s0216", "s0217", "s0218", "s0219", "s0220", "s0221", "s0222", "s0223", "s0224", "s0225", "s0226", "s0227", "s0228", "s0229", "s0230", "s0231", "s0232", "s0233", "s0234", "s0235", "s0236", "s0237", "s0238", "s0239", "s0240", "s0241", "s0242", "s0243", "s0244", "s0245", "s0246", "s0247", "s0248", "s0249", "s0250", "s0251", "s0252", "s0253", "s0254", "s0255", "s0256", "s0257", "s0258", "s0259", "s0260", "s0261", "s0262", "s0263", "s0264", "s0265", "s0266", "s0267", "s0268", "s0269", "s0270", "s0271", "s0272", "s0273", "s0274", "s0275", "s0276", "s0277", "s0278", "s0279", "s0280", "s0281", "s0282", "s0283", "s0284", "s0330", "s0331", "s0332", "s0333", "s0334", "s0335", "s0336", "s0337", "s0338", "s0339", "s0340", "s0341", "s0342", "s0343", "s0344", "s0345", "s0346", "s0347", "s0348", "s0349", "s0350", "s0351", "s0352", "s0353", "s0354", "s0355", "s0356", "s0357", "s0358", "s0359", "s0360", "s0361", "s0362", "s0363", "s0364", "s0365", "s0366", "s0367", "s0368", "s0369", "s0370", "s0371", "s0372", "s0373", "s0374", "s0375", "s0376", "s0377", "s0378", "s0379", "s0380", "s0381", "s0382", "s0383", "s0384", "s0385", "s0386", "s0387", "s0388", "s0389", "s0390", "s0391", "s0393", "s0394", "s0395", "s0396", "s0397", "s0398", "s0400", "s0401", "s0402", "s0404", "s0409", "s0410", "s0412", "s0413", "s0414", "s0415", "s0416", "s0417"] - MITRE_ALL = ["attack." + item for item in MITRE_TECHNIQUES + MITRE_TACTICS + MITRE_GROUPS + MITRE_SOFTWARE] path_to_rules = "rules" @@ -290,7 +65,7 @@ class TestRules(unittest.TestCase): tags = self.get_rule_part(file_path=file, part_name="tags") if tags: for tag in tags: - if tag not in self.MITRE_ALL and tag.startswith("attack.") and len(split(".", tag)) < 3: + if tag not in MITRE_ALL and tag.startswith("attack."): print(Fore.RED + "Rule {} has the following incorrect tag {}".format(file, tag)) files_with_incorrect_mitre_tags.append(file) @@ -548,6 +323,54 @@ class TestRules(unittest.TestCase): self.assertEqual(faulty_rules, [], Fore.RED + "There are rules with non-conform 'title' fields. Please check: https://github.com/Neo23x0/sigma/wiki/Rule-Creation-Guide#title") +def get_mitre_data(): + """ + Generate tags from live MITRE ATT&CK TAXI service to get up-to-date data + """ + # Get MITRE ATT&CK information + lift = attack_client() + # Techniques + MITRE_TECHNIQUES = [] + MITRE_TECHNIQUE_NAMES = [] + MITRE_PHASE_NAMES = set() + MITRE_TOOLS = [] + MITRE_GROUPS = [] + # Techniques + enterprise_techniques = lift.get_enterprise_techniques() + for t in enterprise_techniques: + MITRE_TECHNIQUE_NAMES.append(t['name'].lower().replace(' ', '_').replace('-', '_')) + for r in t.external_references: + if 'external_id' in r: + MITRE_TECHNIQUES.append(r['external_id'].lower()) + if 'kill_chain_phases' in t: + for kc in t['kill_chain_phases']: + if 'phase_name' in kc: + MITRE_PHASE_NAMES.add(kc['phase_name'].replace('-','_')) + # Tools / Malware + enterprise_tools = lift.get_enterprise_tools() + for t in enterprise_tools: + for r in t.external_references: + if 'external_id' in r: + MITRE_TOOLS.append(r['external_id'].lower()) + enterprise_malware = lift.get_enterprise_malware() + for m in enterprise_malware: + for r in m.external_references: + if 'external_id' in r: + MITRE_TOOLS.append(r['external_id'].lower()) + # Groups + enterprise_groups = lift.get_enterprise_groups() + for g in enterprise_groups: + for r in g.external_references: + if 'external_id' in r: + MITRE_GROUPS.append(r['external_id'].lower()) + + # Combine all IDs to a big tag list + return ["attack." + item for item in MITRE_TECHNIQUES + MITRE_TECHNIQUE_NAMES + list(MITRE_PHASE_NAMES) + MITRE_GROUPS + MITRE_TOOLS] + + if __name__ == "__main__": init(autoreset=True) + # Get Current Data from MITRE on ATT&CK + MITRE_ALL = get_mitre_data() + # Run the tests unittest.main() diff --git a/tools/requirements-devel.txt b/tools/requirements-devel.txt index 4806396d..3665b6ee 100644 --- a/tools/requirements-devel.txt +++ b/tools/requirements-devel.txt @@ -6,3 +6,5 @@ setuptools wheel pytest~=5.4 colorama +stix2 +attackcti \ No newline at end of file From 741d42ce8840d91c10026913b4705563eebbac6f Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 14 Jul 2020 17:59:59 +0200 Subject: [PATCH 644/714] fix: issue reported as https://github.com/Neo23x0/sigma/issues/923 --- .../win_powershell_suspicious_parameter_variation.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml b/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml index 14100059..620edf36 100644 --- a/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml +++ b/rules/windows/process_creation/win_powershell_suspicious_parameter_variation.yml @@ -10,14 +10,15 @@ tags: - attack.t1059.001 author: Florian Roth (rule), Daniel Bohannon (idea), Roberto Rodriguez (Fix) date: 2019/01/16 +modified: 2020/07/14 logsource: category: process_creation product: windows detection: selection: - Image: - - '*\Powershell.exe' - CommandLine: + Image|endswith: + - '\Powershell.exe' + CommandLine|contains: - ' -windowstyle h ' - ' -windowstyl h' - ' -windowsty h' From 80639afd434e2da2ef2a69a657110a4566a983eb Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 15 Jul 2020 11:03:31 +0200 Subject: [PATCH 645/714] rule: CVE-2020-1350 --- .../win_exploit_cve_2020_1350.yml | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 rules/windows/process_creation/win_exploit_cve_2020_1350.yml diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml new file mode 100644 index 00000000..3cf364c5 --- /dev/null +++ b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml @@ -0,0 +1,24 @@ +title: DNS RCE CVE-2020-1350 +id: b5281f31-f9cc-4d0d-95d0-45b91c45b487 +status: experimental +description: Detects exploitation of DNS RCE bug reported in CVE-2020-1350 by the detection of suspicious sub process +references: + - https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/ + - https://blog.menasec.net/2019/02/threat-hunting-24-microsoft-windows-dns.html +author: Florian Roth +date: 2020/07/15 +tags: + - attack.initial_access + - attack.t1190 + - attack.execution + - attack.t1569.002 +logsource: + category: process_creation + product: windows +detection: + selection: + ParentImage|endswith: '\dns.exe' + condition: selection +falsepositives: + - Unknown but benign sub processes of the Windows DNS service dns.exe +level: critical From ae7fbb92459e63254cc41e12d0d9046d72b6c8e2 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 15 Jul 2020 11:49:20 +0200 Subject: [PATCH 646/714] fix: false positive filters based on SOC Prime's rule --- .../windows/process_creation/win_exploit_cve_2020_1350.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml index 3cf364c5..361a99f1 100644 --- a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml +++ b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml @@ -18,7 +18,11 @@ logsource: detection: selection: ParentImage|endswith: '\dns.exe' - condition: selection + filter: + Image|endswith: + - '\werfault.exe' + - '\conhost.exe' + condition: selection and not filter falsepositives: - Unknown but benign sub processes of the Windows DNS service dns.exe level: critical From c2eb110fcae9724426048c5b02ecea4c2409b722 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 15 Jul 2020 11:56:11 +0200 Subject: [PATCH 647/714] fix: more exact patterns --- .../windows/process_creation/win_exploit_cve_2020_1350.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml index 361a99f1..95e6eaef 100644 --- a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml +++ b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml @@ -17,11 +17,11 @@ logsource: product: windows detection: selection: - ParentImage|endswith: '\dns.exe' + ParentImage|endswith: '\System32\dns.exe' filter: Image|endswith: - - '\werfault.exe' - - '\conhost.exe' + - '\System32\werfault.exe' + - '\System32\conhost.exe' condition: selection and not filter falsepositives: - Unknown but benign sub processes of the Windows DNS service dns.exe From 1c103a749fb5004b0dafb5176abdabd3eabf4dca Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 15 Jul 2020 12:05:50 +0200 Subject: [PATCH 648/714] fix: more FPs based on feedback https://twitter.com/GossiTheDog/status/1283341486680166400 --- rules/windows/process_creation/win_exploit_cve_2020_1350.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml index 95e6eaef..ec82fbc6 100644 --- a/rules/windows/process_creation/win_exploit_cve_2020_1350.yml +++ b/rules/windows/process_creation/win_exploit_cve_2020_1350.yml @@ -22,6 +22,7 @@ detection: Image|endswith: - '\System32\werfault.exe' - '\System32\conhost.exe' + - '\System32\dnscmd.exe' condition: selection and not filter falsepositives: - Unknown but benign sub processes of the Windows DNS service dns.exe From c5dfffdac07085c90047288afc4342f6a181923b Mon Sep 17 00:00:00 2001 From: duzvik Date: Wed, 15 Jul 2020 14:02:34 +0300 Subject: [PATCH 649/714] Create sysmon_abusing_azure_browser_sso.yml --- .../sysmon_abusing_azure_browser_sso.yml | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml diff --git a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml new file mode 100644 index 00000000..29c06049 --- /dev/null +++ b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml @@ -0,0 +1,27 @@ +title: Avusing Azure Browser SSO +author: Den Iuzvyk +description: Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user. +reference: +- https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30 +detection: + condition: selection_dll and not filter_legit + selection_dll: + EventID: 7 + ImageLoaded|endswith: MicrosoftAccountTokenProvider.dll + filter_legit: + Image|endswith: + - BackgroundTaskHost.exe + - devenv.exe + - iexplore.exe + - MicrosoftEdge.exe +falsepositives: +- unknown +level: high +logsource: + category: sysmon + product: windows +status: experimental +tags: +- attack.defense_evasion +- attack.privilege_escalation +- attack.t1073 From d24e15cc27b159abfed96c797b8761850c5a1f0b Mon Sep 17 00:00:00 2001 From: duzvik Date: Wed, 15 Jul 2020 14:12:58 +0300 Subject: [PATCH 650/714] Update sysmon_abusing_azure_browser_sso.yml --- rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml index 29c06049..b8824ddf 100644 --- a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml +++ b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml @@ -3,6 +3,8 @@ author: Den Iuzvyk description: Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user. reference: - https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30 +date: 2020/07/15 +id: 50f852e6-af22-4c78-9ede-42ef36aa3453 detection: condition: selection_dll and not filter_legit selection_dll: From a9b860d749d6a32f38ca85ee797bfbc79643b239 Mon Sep 17 00:00:00 2001 From: duzvik Date: Wed, 15 Jul 2020 14:24:49 +0300 Subject: [PATCH 651/714] Update sysmon_abusing_azure_browser_sso.yml --- rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml index b8824ddf..023a308a 100644 --- a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml +++ b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml @@ -3,7 +3,7 @@ author: Den Iuzvyk description: Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user. reference: - https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30 -date: 2020/07/15 +date: 2020/07/15 id: 50f852e6-af22-4c78-9ede-42ef36aa3453 detection: condition: selection_dll and not filter_legit From d0c09f10a929407a9534e37ef26f56a940abb4c7 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 15 Jul 2020 16:46:44 +0200 Subject: [PATCH 652/714] changed newline character to LF --- .../sysmon_dllhost_net_connections.yml | 86 +++++++++---------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/rules/windows/network_connection/sysmon_dllhost_net_connections.yml b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml index 884bedc1..40a52547 100644 --- a/rules/windows/network_connection/sysmon_dllhost_net_connections.yml +++ b/rules/windows/network_connection/sysmon_dllhost_net_connections.yml @@ -1,43 +1,43 @@ -title: Dllhost Internet Connection -id: cfed2f44-16df-4bf3-833a-79405198b277 -status: experimental -description: Detects Dllhost that communicates with public IP addresses -references: - - https://github.com/Neo23x0/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml -author: bartblaze -date: 2020/07/13 -tags: - - attack.defense_evasion - - attack.execution -logsource: - category: network_connection - product: windows -detection: - selection: - Image: '*\dllhost.exe' - Initiated: 'true' - filter: - DestinationIp: - - '10.*' - - '192.168.*' - - '172.16.*' - - '172.17.*' - - '172.18.*' - - '172.19.*' - - '172.20.*' - - '172.21.*' - - '172.22.*' - - '172.23.*' - - '172.24.*' - - '172.25.*' - - '172.26.*' - - '172.27.*' - - '172.28.*' - - '172.29.*' - - '172.30.*' - - '172.31.*' - - '127.*' - condition: selection and not filter -falsepositives: - - Communication to other corporate systems that use IP addresses from public address spaces -level: medium +title: Dllhost Internet Connection +id: cfed2f44-16df-4bf3-833a-79405198b277 +status: experimental +description: Detects Dllhost that communicates with public IP addresses +references: + - https://github.com/Neo23x0/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml +author: bartblaze +date: 2020/07/13 +tags: + - attack.defense_evasion + - attack.execution +logsource: + category: network_connection + product: windows +detection: + selection: + Image: '*\dllhost.exe' + Initiated: 'true' + filter: + DestinationIp: + - '10.*' + - '192.168.*' + - '172.16.*' + - '172.17.*' + - '172.18.*' + - '172.19.*' + - '172.20.*' + - '172.21.*' + - '172.22.*' + - '172.23.*' + - '172.24.*' + - '172.25.*' + - '172.26.*' + - '172.27.*' + - '172.28.*' + - '172.29.*' + - '172.30.*' + - '172.31.*' + - '127.*' + condition: selection and not filter +falsepositives: + - Communication to other corporate systems that use IP addresses from public address spaces +level: medium From 1e5ee5823ca5b3592ed738eb9a550c794ec7417d Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Wed, 15 Jul 2020 16:29:27 +0100 Subject: [PATCH 653/714] Fix for indentation issue Wrong indentation of line 182 meant that even where config options were given, the default per backend was being used, rendering custom config useless. --- tools/sigma/sigmac.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/sigma/sigmac.py b/tools/sigma/sigmac.py index ae3cfbe9..81832262 100755 --- a/tools/sigma/sigmac.py +++ b/tools/sigma/sigmac.py @@ -179,8 +179,8 @@ def main(): print("Available choices for this backend (get complete list with --lists/-l):") list_configurations(backend=cmdargs.target, scm=scm) sys.exit(ERR_CONFIG_REQUIRED) - if backend_class.default_config is not None: - cmdargs.config = backend_class.default_config + if backend_class.default_config is not None: + cmdargs.config = backend_class.default_config if cmdargs.config: order = 0 From 0489a50bd0367b2aad82dd303aac7952416a1333 Mon Sep 17 00:00:00 2001 From: Daniel Masse Date: Wed, 15 Jul 2020 15:55:26 -0400 Subject: [PATCH 654/714] Change the selection from Command to CommandLine in a couple of rules --- rules/windows/process_creation/win_apt_zxshell.yml | 2 +- rules/windows/registry_event/sysmon_apt_pandemic.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_apt_zxshell.yml b/rules/windows/process_creation/win_apt_zxshell.yml index 47a5b4f7..03dbdea6 100755 --- a/rules/windows/process_creation/win_apt_zxshell.yml +++ b/rules/windows/process_creation/win_apt_zxshell.yml @@ -17,7 +17,7 @@ logsource: product: windows detection: selection: - Command: + CommandLine: - 'rundll32.exe *,zxFunction*' - 'rundll32.exe *,RemoteDiskXXXXX' condition: selection diff --git a/rules/windows/registry_event/sysmon_apt_pandemic.yml b/rules/windows/registry_event/sysmon_apt_pandemic.yml index 04821f4f..74c6375b 100755 --- a/rules/windows/registry_event/sysmon_apt_pandemic.yml +++ b/rules/windows/registry_event/sysmon_apt_pandemic.yml @@ -36,5 +36,5 @@ logsource: product: windows detection: selection2: - Command: 'loaddll -a *' + CommandLine: 'loaddll -a *' condition: 1 of them From b1de627e94c49c58c0f05f64f2bba50e535cfc0a Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 16 Jul 2020 08:47:24 +0200 Subject: [PATCH 655/714] Update win_apt_zxshell.yml --- rules/windows/process_creation/win_apt_zxshell.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_apt_zxshell.yml b/rules/windows/process_creation/win_apt_zxshell.yml index 03dbdea6..20858f85 100755 --- a/rules/windows/process_creation/win_apt_zxshell.yml +++ b/rules/windows/process_creation/win_apt_zxshell.yml @@ -17,7 +17,7 @@ logsource: product: windows detection: selection: - CommandLine: + CommandLine|contains: - 'rundll32.exe *,zxFunction*' - 'rundll32.exe *,RemoteDiskXXXXX' condition: selection From 992bf676f9d8e28062b54927104721290e32eb1e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 16 Jul 2020 08:48:32 +0200 Subject: [PATCH 656/714] Update sysmon_apt_pandemic.yml --- rules/windows/registry_event/sysmon_apt_pandemic.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/rules/windows/registry_event/sysmon_apt_pandemic.yml b/rules/windows/registry_event/sysmon_apt_pandemic.yml index 74c6375b..f53bf33c 100755 --- a/rules/windows/registry_event/sysmon_apt_pandemic.yml +++ b/rules/windows/registry_event/sysmon_apt_pandemic.yml @@ -27,8 +27,7 @@ logsource: product: windows detection: selection1: - TargetObject: - - 'HKLM\SYSTEM\CurrentControlSet\services\null\Instance*' + TargetObject|contains: '\SYSTEM\CurrentControlSet\services\null\Instance' condition: 1 of them --- logsource: @@ -36,5 +35,5 @@ logsource: product: windows detection: selection2: - CommandLine: 'loaddll -a *' + CommandLine|contains: 'loaddll -a ' condition: 1 of them From 6c35a7afa0331120c82f93d4748f0cf9153bc568 Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 16 Jul 2020 13:16:57 +0200 Subject: [PATCH 657/714] Ref #933 - Added windows Process Creation to config --- tools/config/winlogbeat-modules-enabled.yml | 5 +++++ tools/config/winlogbeat.yml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 4009a9bd..1f53db86 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -29,6 +29,11 @@ logsources: service: sysmon conditions: winlog.channel: 'Microsoft-Windows-Sysmon/Operational' + windows-process-creation: + product: windows + category: process_creation + conditions: + winlog.event_id: '1' windows-dns-server: product: windows service: dns-server diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 3bc1824e..39d26cab 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -28,6 +28,11 @@ logsources: service: sysmon conditions: winlog.channel: 'Microsoft-Windows-Sysmon/Operational' + windows-process-creation: + product: windows + category: process_creation + conditions: + winlog.event_id: '1' windows-dns-server: product: windows service: dns-server From 94272c7770263914cfbfc8538d351f035b42cee3 Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 16 Jul 2020 13:16:57 +0200 Subject: [PATCH 658/714] Revert "Ref #933 - Added windows Process Creation to config" This reverts commit 6c35a7afa0331120c82f93d4748f0cf9153bc568. --- tools/config/winlogbeat-modules-enabled.yml | 5 ----- tools/config/winlogbeat.yml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/tools/config/winlogbeat-modules-enabled.yml b/tools/config/winlogbeat-modules-enabled.yml index 1f53db86..4009a9bd 100644 --- a/tools/config/winlogbeat-modules-enabled.yml +++ b/tools/config/winlogbeat-modules-enabled.yml @@ -29,11 +29,6 @@ logsources: service: sysmon conditions: winlog.channel: 'Microsoft-Windows-Sysmon/Operational' - windows-process-creation: - product: windows - category: process_creation - conditions: - winlog.event_id: '1' windows-dns-server: product: windows service: dns-server diff --git a/tools/config/winlogbeat.yml b/tools/config/winlogbeat.yml index 39d26cab..3bc1824e 100644 --- a/tools/config/winlogbeat.yml +++ b/tools/config/winlogbeat.yml @@ -28,11 +28,6 @@ logsources: service: sysmon conditions: winlog.channel: 'Microsoft-Windows-Sysmon/Operational' - windows-process-creation: - product: windows - category: process_creation - conditions: - winlog.event_id: '1' windows-dns-server: product: windows service: dns-server From 1d39b40fd15b1757e2123d2b40bb087af9661a61 Mon Sep 17 00:00:00 2001 From: Marko Okuka Date: Thu, 16 Jul 2020 10:09:29 -0400 Subject: [PATCH 659/714] Fixing typo in rule: Username to User --- .../windows/process_creation/win_wmiprvse_spawning_process.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_wmiprvse_spawning_process.yml b/rules/windows/process_creation/win_wmiprvse_spawning_process.yml index 13251884..fcabfdb7 100644 --- a/rules/windows/process_creation/win_wmiprvse_spawning_process.yml +++ b/rules/windows/process_creation/win_wmiprvse_spawning_process.yml @@ -18,7 +18,7 @@ detection: ParentImage|endswith: '\WmiPrvSe.exe' filter: - LogonId: '0x3e7' # LUID 999 for SYSTEM - - Username: 'NT AUTHORITY\SYSTEM' # if we don't have LogonId data, fallback on username detection + - User: 'NT AUTHORITY\SYSTEM' # if we don't have LogonId data, fallback on username detection condition: selection and not filter falsepositives: - Unknown From 2006aa8f5ebdf4babd365d8a4b26b76d107b7c37 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:23:30 +0100 Subject: [PATCH 660/714] Inclusion of registry keys for WinDefender disabling --- rules/windows/other/win_defender_disabled.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rules/windows/other/win_defender_disabled.yml b/rules/windows/other/win_defender_disabled.yml index c955fe00..83c19e53 100644 --- a/rules/windows/other/win_defender_disabled.yml +++ b/rules/windows/other/win_defender_disabled.yml @@ -20,7 +20,12 @@ detection: - 5010 - 5012 - 5101 - condition: selection + selection2: + TargetObject: + - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend + - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender + Details: 'DWORD (0x00000001)' + condition: 1 of them falsepositives: - Administrator actions level: high From 23dd2e3cac06549379e5c3913eafe256afae51a6 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:29:58 +0100 Subject: [PATCH 661/714] Updated to include sub-technique mapping --- .../sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml index e4ffdd61..574a12f6 100755 --- a/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml +++ b/rules/windows/file_event/sysmon_susp_procexplorer_driver_created_in_tmp_folder.yml @@ -8,6 +8,7 @@ references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: - attack.t1089 + - attack.t1562.001 - attack.defense_evasion logsource: product: windows From ea1b2ae59f2ec4f554a505ee2315a726ca4e6dac Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:30:53 +0100 Subject: [PATCH 662/714] Updated invoke_phantom with sub-technique mapping --- rules/windows/process_access/sysmon_invoke_phantom.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/process_access/sysmon_invoke_phantom.yml b/rules/windows/process_access/sysmon_invoke_phantom.yml index c90377b1..fd32409c 100755 --- a/rules/windows/process_access/sysmon_invoke_phantom.yml +++ b/rules/windows/process_access/sysmon_invoke_phantom.yml @@ -9,6 +9,7 @@ references: - https://twitter.com/timbmsft/status/900724491076214784 tags: - attack.t1089 + - attck.t1562.001 - attack.defense_evasion logsource: category: process_access From ad9a8ff956095f2aa5e88c23e542f530df276a14 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:37:11 +0100 Subject: [PATCH 663/714] Updated to include extra registry key --- rules/windows/other/win_defender_disabled.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/other/win_defender_disabled.yml b/rules/windows/other/win_defender_disabled.yml index 83c19e53..705c23d3 100644 --- a/rules/windows/other/win_defender_disabled.yml +++ b/rules/windows/other/win_defender_disabled.yml @@ -24,6 +24,7 @@ detection: TargetObject: - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender + - HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Details: 'DWORD (0x00000001)' condition: 1 of them falsepositives: From 30bd591c96b9ad319ab89d3b5935eeb7cd72ffa9 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:37:56 +0100 Subject: [PATCH 664/714] Update win_apt_ke3chang to include sub-techniques --- rules/windows/process_creation/win_apt_ke3chang_regadd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml index f6b09821..84bacc8f 100644 --- a/rules/windows/process_creation/win_apt_ke3chang_regadd.yml +++ b/rules/windows/process_creation/win_apt_ke3chang_regadd.yml @@ -9,6 +9,7 @@ tags: - attack.g0004 - attack.t1059 - attack.t1089 + - attack.t1562.001 author: Markus Neis, Swisscom date: 2020/06/18 logsource: From 97452a9df36889eb2378a53627a8e89cb2e72b43 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:38:47 +0100 Subject: [PATCH 665/714] Update to include sub-technique mapping --- ...mon_disable_security_events_logging_adding_reg_key_minint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml index 83c015d2..ae54ffc7 100755 --- a/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml +++ b/rules/windows/registry_event/sysmon_disable_security_events_logging_adding_reg_key_minint.yml @@ -7,6 +7,7 @@ references: tags: - attack.defense_evasion - attack.t1089 + - attack.t1562.001 author: Ilyas Ochkov, oscd.community date: 2019/10/25 modified: 2019/11/13 From 2d227a08c5fb28748d4ef33be6eaf19f1bba86b1 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:40:22 +0100 Subject: [PATCH 666/714] Updated suspicious service with sub-techniques --- rules/windows/registry_event/sysmon_susp_service_installed.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/registry_event/sysmon_susp_service_installed.yml b/rules/windows/registry_event/sysmon_susp_service_installed.yml index 0b69557e..a2e1f24c 100755 --- a/rules/windows/registry_event/sysmon_susp_service_installed.yml +++ b/rules/windows/registry_event/sysmon_susp_service_installed.yml @@ -8,6 +8,7 @@ references: - https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/ tags: - attack.t1089 + - attack.t1562.001 - attack.defense_evasion logsource: category: registry_event From 147fd46157f70ae2e35c2737408b56c9cae03e7a Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:41:10 +0100 Subject: [PATCH 667/714] Added ATT&CK tactic --- rules/cloud/aws_cloudtrail_disable_logging.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/cloud/aws_cloudtrail_disable_logging.yml b/rules/cloud/aws_cloudtrail_disable_logging.yml index e7df801d..09f180ff 100644 --- a/rules/cloud/aws_cloudtrail_disable_logging.yml +++ b/rules/cloud/aws_cloudtrail_disable_logging.yml @@ -21,5 +21,6 @@ level: medium falsepositives: - Valid change in a Trail tags: + - attack.defense_evasion - attack.t1089 - attack.t1562.001 From 161829a4c0fd2a5bbc608aa9b2c70c8a0e661a47 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:41:48 +0100 Subject: [PATCH 668/714] Added ATT&CK tactic --- rules/cloud/aws_config_disable_recording.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/cloud/aws_config_disable_recording.yml b/rules/cloud/aws_config_disable_recording.yml index 8eebaa67..85bc6488 100644 --- a/rules/cloud/aws_config_disable_recording.yml +++ b/rules/cloud/aws_config_disable_recording.yml @@ -18,5 +18,6 @@ level: high falsepositives: - Valid change in AWS Config Service tags: + - attack.defense_evasion - attack.t1089 - attack.t1562.001 From b61527d0b210a3add75770bf2af2a6229a498952 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:42:10 +0100 Subject: [PATCH 669/714] Added ATT&CK tactic --- rules/cloud/aws_guardduty_disruption.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/cloud/aws_guardduty_disruption.yml b/rules/cloud/aws_guardduty_disruption.yml index 7491d4b2..53da70c9 100644 --- a/rules/cloud/aws_guardduty_disruption.yml +++ b/rules/cloud/aws_guardduty_disruption.yml @@ -18,5 +18,6 @@ level: high falsepositives: - Valid change in the GuardDuty (e.g. to ignore internal scanners) tags: + - attack.defense_evasion - attack.t1089 - attack.t1562.001 From 144281268128804957038e25f7e062c2e4d2fcc5 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:44:53 +0100 Subject: [PATCH 670/714] Updated tags --- rules/windows/process_creation/win_susp_disable_ie_features.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rules/windows/process_creation/win_susp_disable_ie_features.yml b/rules/windows/process_creation/win_susp_disable_ie_features.yml index 802e832a..a3214200 100644 --- a/rules/windows/process_creation/win_susp_disable_ie_features.yml +++ b/rules/windows/process_creation/win_susp_disable_ie_features.yml @@ -5,7 +5,9 @@ description: Detects command lines that indicate unwanted modifications to regis references: - https://unit42.paloaltonetworks.com/operation-ke3chang-resurfaces-with-new-tidepool-malware/ tags: + - attack.defense_evasion - attack.t1089 + - attack.t1562.001 author: Florian Roth date: 2020/06/19 logsource: From dcf20e580d66c3c97b65f75ef7dc1054c6b1a631 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:50:57 +0100 Subject: [PATCH 671/714] Updated tags to include sub-techniques --- rules/windows/file_event/sysmon_powershell_exploit_scripts.yml | 1 + rules/windows/image_load/sysmon_in_memory_powershell.yml | 1 + .../image_load/sysmon_powershell_execution_moduleload.yml | 1 + .../network_connection/sysmon_powershell_network_connection.yml | 1 + .../sysmon_remote_powershell_session_network.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml b/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml index cf59c05b..d9379cee 100755 --- a/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml +++ b/rules/windows/file_event/sysmon_powershell_exploit_scripts.yml @@ -7,6 +7,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 author: Markus Neis date: 2018/04/07 logsource: diff --git a/rules/windows/image_load/sysmon_in_memory_powershell.yml b/rules/windows/image_load/sysmon_in_memory_powershell.yml index b1bbc3de..623a8c01 100755 --- a/rules/windows/image_load/sysmon_in_memory_powershell.yml +++ b/rules/windows/image_load/sysmon_in_memory_powershell.yml @@ -10,6 +10,7 @@ references: - https://github.com/p3nt4/PowerShdll tags: - attack.t1086 + - attack.t1059.001 - attack.execution logsource: category: image_load diff --git a/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml b/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml index 5c414c0c..7b3449c2 100755 --- a/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml +++ b/rules/windows/image_load/sysmon_powershell_execution_moduleload.yml @@ -13,6 +13,7 @@ logsource: tags: - attack.execution - attack.t1086 + - attack.t1059.001 detection: selection: Description: 'system.management.automation' diff --git a/rules/windows/network_connection/sysmon_powershell_network_connection.yml b/rules/windows/network_connection/sysmon_powershell_network_connection.yml index 8d6742d1..9600a61d 100755 --- a/rules/windows/network_connection/sysmon_powershell_network_connection.yml +++ b/rules/windows/network_connection/sysmon_powershell_network_connection.yml @@ -10,6 +10,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: network_connection product: windows diff --git a/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml index 9d56a7da..15ae994e 100755 --- a/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml +++ b/rules/windows/network_connection/sysmon_remote_powershell_session_network.yml @@ -9,6 +9,7 @@ references: tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: network_connection product: windows From 3bd768e49bd1767d05d39895b9870d886cceb484 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:52:15 +0100 Subject: [PATCH 672/714] Updated tags with sub-techniques --- rules/windows/process_creation/win_apt_empiremonkey.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/process_creation/win_apt_empiremonkey.yml b/rules/windows/process_creation/win_apt_empiremonkey.yml index 5e82be5d..fbace080 100644 --- a/rules/windows/process_creation/win_apt_empiremonkey.yml +++ b/rules/windows/process_creation/win_apt_empiremonkey.yml @@ -6,6 +6,7 @@ references: - https://app.any.run/tasks/a4107649-8cb0-41af-ad75-113152d4d57b tags: - attack.t1086 + - attack.t1059.001 - attack.execution date: 2019/04/02 author: Markus Neis From 4ffe9cb042d0d0f712a68665b7c41910feae1079 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 02:53:46 +0100 Subject: [PATCH 673/714] Updated tags with sub-techniques --- .../process_creation/win_susp_powershell_parent_process.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/process_creation/win_susp_powershell_parent_process.yml b/rules/windows/process_creation/win_susp_powershell_parent_process.yml index 5c79b2b6..018e510b 100644 --- a/rules/windows/process_creation/win_susp_powershell_parent_process.yml +++ b/rules/windows/process_creation/win_susp_powershell_parent_process.yml @@ -9,6 +9,7 @@ date: 2020/03/20 tags: - attack.execution - attack.t1086 + - attack.t1059.001 logsource: category: process_creation product: windows From 4ac1058ab5c044ec9d89215731facf874bbd9751 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 03:01:11 +0100 Subject: [PATCH 674/714] Updated tags --- rules/windows/builtin/win_rdp_localhost_login.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_rdp_localhost_login.yml b/rules/windows/builtin/win_rdp_localhost_login.yml index 165bd12f..a2b4842d 100644 --- a/rules/windows/builtin/win_rdp_localhost_login.yml +++ b/rules/windows/builtin/win_rdp_localhost_login.yml @@ -9,7 +9,7 @@ tags: - attack.lateral_movement - attack.t1076 - car.2013-07-002 - - attack.t1021 + - attack.t1021.001 status: experimental author: Thomas Patzke logsource: From 1fd73a23b234da121c1dc72a670f7c9ee6f98569 Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 03:01:34 +0100 Subject: [PATCH 675/714] Updated tags with sub-techniques --- rules/windows/builtin/win_not_allowed_rdp_access.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/rules/windows/builtin/win_not_allowed_rdp_access.yml b/rules/windows/builtin/win_not_allowed_rdp_access.yml index da63b4b5..99a0c991 100644 --- a/rules/windows/builtin/win_not_allowed_rdp_access.yml +++ b/rules/windows/builtin/win_not_allowed_rdp_access.yml @@ -6,6 +6,7 @@ status: experimental tags: - attack.lateral_movement - attack.t1076 + - attack.t1021.001 references: - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4825 author: Pushkarev Dmitry From ff3f9fe9b329b4a7cf2ef9f6cbf36775f0437e1d Mon Sep 17 00:00:00 2001 From: Aidan Bracher Date: Sat, 18 Jul 2020 03:02:43 +0100 Subject: [PATCH 676/714] Updated tags --- rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml b/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml index fb2f5d65..128bb364 100644 --- a/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml +++ b/rules/windows/process_creation/win_susp_tscon_rdp_redirect.yml @@ -10,7 +10,7 @@ tags: - attack.privilege_escalation - attack.t1076 - car.2013-07-002 - - attack.t1021 + - attack.t1021.001 author: Florian Roth date: 2018/03/17 modified: 2018/12/11 From 2b2bf34a641dc7b8795245551976f13d12a722b0 Mon Sep 17 00:00:00 2001 From: Poming huang Date: Mon, 20 Jul 2020 12:27:16 +0800 Subject: [PATCH 677/714] add wmi persistence script event consumer false positive --- .../sysmon_wmi_persistence_script_event_consumer_write.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml index e519443a..389af946 100755 --- a/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml +++ b/rules/windows/file_event/sysmon_wmi_persistence_script_event_consumer_write.yml @@ -17,5 +17,5 @@ detection: Image: 'C:\WINDOWS\system32\wbem\scrcons.exe' condition: selection falsepositives: - - Unknown (data set is too small; further testing needed) + - Dell Power Manager (C:\Program Files\Dell\PowerManager\DpmPowerPlanSetup.exe) level: high From 875360f373a713d1cb7d03f8f3ff833233cdb202 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Stra=C3=9Fegger?= Date: Mon, 20 Jul 2020 14:32:30 +0200 Subject: [PATCH 678/714] fixed wrong function call for elastalert aggregation. fixes #940 --- tools/sigma/backends/elasticsearch.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 8dc193d7..28645991 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -1037,7 +1037,7 @@ class ElastalertBackend(DeepFieldMappingMixin, MultiRuleOutputMixin): if parsed.parsedAgg: if parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_COUNT or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_MIN or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_MAX or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_AVG or parsed.parsedAgg.aggfunc == sigma.parser.condition.SigmaAggregationParser.AGGFUNC_SUM: if parsed.parsedAgg.groupfield is not None: - rule_object['query_key'] = self.fieldNameMapping(parsed.parsedAgg.groupfield, '*', True) + rule_object['query_key'] = self.fieldNameMapping(parsed.parsedAgg.groupfield, '*') rule_object['type'] = "metric_aggregation" rule_object['buffer_time'] = interval rule_object['doc_type'] = "doc" From da30266c60bcef34d6a6d338a7e134212efb319c Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 21 Jul 2020 17:21:14 +0300 Subject: [PATCH 679/714] ImageLoaded mapping added --- tools/config/stix-windows.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index b3026bad..30281bef 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -84,7 +84,7 @@ fieldmappings: Image: - process:image_ref.name ImageLoadedTempPath: - - process:image_ref.x_temp_path + - process:extensions.windows-service-ext.service_dll_refs[*].x_temp_path ImageName: - process:image_ref.name ImagePath: @@ -101,9 +101,9 @@ fieldmappings: IntegrityLevel: - x-windows:integritylevel LoadedImage: - - process:image_ref.name + - process:extensions.windows-service-ext.service_dll_refs[*].name LoadedImageName: - - process:image_ref.name + - process:extensions.windows-service-ext.service_dll_refs[*].name LogonType: - x-windows:logontype MD5Hash: @@ -248,9 +248,9 @@ fieldmappings: event_data.Image: - process:image_ref.name event_data.ImageLoaded: - - process:image_ref.name + - process:extensions.windows-service-ext.service_dll_refs[*].name ImageLoaded: - - process:image_ref.name + - process:extensions.windows-service-ext.service_dll_refs[*].name event_data.ImagePath: - process:image_ref.name event_data.ParentCommandLine: From 0543ec1ae3e1d00fde2bf1bb8a5e3339afef2d01 Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 21 Jul 2020 19:49:26 +0300 Subject: [PATCH 680/714] mapping update, removed unused fields --- tools/config/stix-windows.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index 30281bef..1083cbce 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -21,8 +21,6 @@ fieldmappings: - user-account:x_security_id CallTrace: - x-windows:calltrace - ChangedAttributes: - - x-windows:changedattributes ClientIP: - ipv4-addr:value - ipv6-addr:value @@ -116,8 +114,6 @@ fieldmappings: - x-windows:objectname ObjectType: - x-windows:objecttype - PSEncodedCommand: - - x-windows:psencodedcommand ParentCommandLine: - process:parent_ref.command_line ParentImage: @@ -152,26 +148,19 @@ fieldmappings: - x-windows:queryresults QueryStatus: - x-windows:querystatus - Realm: - - x-windows:realm - RecordNumber: - - x-windows:recordnumber RegistryKey: - windows-registry-key:key RegistryValueData: - windows-registry-key:values[*].data RegistryValueName: - windows-registry-key:values[*].name - RunLevel: - - x-windows:runlevel SAMAccountName: - - x-windows:samaccountname + - user-account:account_login + - user-account:display_name SHA1Hash: - file:hashes.SHA-1 SHA256Hash: - file:hashes.SHA-256 - Scope: - - x-windows:scope ServiceFileName: - process:extensions.windows-service-ext.service_dll_refs[*].name ServiceName: @@ -233,12 +222,6 @@ fieldmappings: - user-account:user_id UserDomain: - user-account:x_domain - UserPrincipalName: - - x-windows:userprincipalname - UserRight: - - x-windows:userright - UserWorkstations: - - x-windows:userworkstations event-id: - x-event:id eventId: From 023bf76363c531f145313883a7d26be48b1552fa Mon Sep 17 00:00:00 2001 From: Cian Heasley Date: Wed, 22 Jul 2020 09:05:50 +0100 Subject: [PATCH 681/714] Add files via upload Looking for processes spawned by web server components that indicate reconnaissance by popular public domain webshells for whether perl, python or wget are installed. --- .../win_webshell_recon_detection.yml | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 rules/windows/process_creation/win_webshell_recon_detection.yml diff --git a/rules/windows/process_creation/win_webshell_recon_detection.yml b/rules/windows/process_creation/win_webshell_recon_detection.yml new file mode 100644 index 00000000..4cfba51d --- /dev/null +++ b/rules/windows/process_creation/win_webshell_recon_detection.yml @@ -0,0 +1,40 @@ +title: Webshell Recon Detection Via CommandLine & Processes +id: f64e5c19-879c-4bae-b471-6d84c8339677 +status: experimental +description: Looking for processes spawned by web server components that indicate reconnaissance by popular public domain webshells for whether perl, python or wget are installed. +author: Cian Heasley +reference: + - https://ragged-lab.blogspot.com/2020/07/webshells-automating-reconnaissance.html +date: 2020/07/22 +tags: + - attack.privilege_escalation + - attack.persistence + - attack.t1100 + - attack.t1505.003 +logsource: + category: process_creation + product: windows +detection: + selection: + ParentImage|contains: + - '*\apache*' + - '*\tomcat*' + - '*\w3wp.exe' + - '*\php-cgi.exe' + - '*\nginx.exe' + - '*\httpd.exe' + Image|endswith: + - '*\cmd.exe' + CommandLine|contains: + - '*perl --help*' + - '*python --help*' + - '*wget --help*' + - '*perl -h*' + condition: selection +fields: + - Image + - CommandLine + - ParentCommandLine +falsepositives: + - unknown +level: high From 81ef0137c5c1ded5db5a67913249617bab87c3d0 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 22 Jul 2020 14:02:13 +0200 Subject: [PATCH 682/714] rule: update - MATA framework UserAgent --- rules/proxy/proxy_ua_apt.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml index 0baf02b2..c3b68d65 100644 --- a/rules/proxy/proxy_ua_apt.yml +++ b/rules/proxy/proxy_ua_apt.yml @@ -6,6 +6,7 @@ references: - Internal Research author: Florian Roth, Markus Neis date: 2019/11/12 +modified: 2020/07/22 logsource: category: proxy detection: @@ -47,6 +48,7 @@ detection: - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT)' # https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36' # Hidden Cobra malware - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)' # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657 + - 'matt-dot-net' # MATA Platform UA https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ condition: selection fields: - ClientIP @@ -54,4 +56,5 @@ fields: - c-useragent falsepositives: - Old browsers + - Suspicious software level: high From db98fe79b06e803fdf23560b91534276cd571e6e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 22 Jul 2020 14:02:51 +0200 Subject: [PATCH 683/714] Revert "rule: update - MATA framework UserAgent" This reverts commit 81ef0137c5c1ded5db5a67913249617bab87c3d0. --- rules/proxy/proxy_ua_apt.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/rules/proxy/proxy_ua_apt.yml b/rules/proxy/proxy_ua_apt.yml index c3b68d65..0baf02b2 100644 --- a/rules/proxy/proxy_ua_apt.yml +++ b/rules/proxy/proxy_ua_apt.yml @@ -6,7 +6,6 @@ references: - Internal Research author: Florian Roth, Markus Neis date: 2019/11/12 -modified: 2020/07/22 logsource: category: proxy detection: @@ -48,7 +47,6 @@ detection: - 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT)' # https://blog.telsy.com/meeting-powerband-the-apt33-net-powerton-variant/ - 'Mozilla/5.0 (Windows NT 6.1; WOW64) Chrome/28.0.1500.95 Safari/537.36' # Hidden Cobra malware - 'Mozilla/5.0 (Windows NT 6.2; Win32; rv:47.0)' # Strong Pity loader https://twitter.com/VK_Intel/status/1264185981118406657 - - 'matt-dot-net' # MATA Platform UA https://securelist.com/mata-multi-platform-targeted-malware-framework/97746/ condition: selection fields: - ClientIP @@ -56,5 +54,4 @@ fields: - c-useragent falsepositives: - Old browsers - - Suspicious software level: high From 13cf0488ae813a1595645decc76086e73000ca93 Mon Sep 17 00:00:00 2001 From: Daniel Masse Date: Wed, 22 Jul 2020 10:49:22 -0400 Subject: [PATCH 684/714] Add 'contains' for the ps encoded chars rule --- .../process_creation/win_susp_powershell_encoded_param.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_powershell_encoded_param.yml b/rules/windows/process_creation/win_susp_powershell_encoded_param.yml index 04c975d1..88c0107e 100644 --- a/rules/windows/process_creation/win_susp_powershell_encoded_param.yml +++ b/rules/windows/process_creation/win_susp_powershell_encoded_param.yml @@ -17,7 +17,7 @@ logsource: product: windows detection: selection: - CommandLine: '(WCHAR)0x' + CommandLine|contains: '(WCHAR)0x' condition: selection falsepositives: - Unknown From 5019f2f1601b247aa67debc453c3cb22d39c3388 Mon Sep 17 00:00:00 2001 From: bar Date: Wed, 22 Jul 2020 21:41:46 +0300 Subject: [PATCH 685/714] added mapping for stix web, cloud, linux --- tools/config/stix-linux.yml | 36 +++++++++++++++++++++++++++++++ tools/config/stix.yml | 43 ++++++++++++++++++++++++++++++++++++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 tools/config/stix-linux.yml diff --git a/tools/config/stix-linux.yml b/tools/config/stix-linux.yml new file mode 100644 index 00000000..e374f29b --- /dev/null +++ b/tools/config/stix-linux.yml @@ -0,0 +1,36 @@ +title: STIX for Linux Logs +backends: + - stix +order: 40 +logsources: + linux: + product: linux +fieldmappings: + type: + - x-event:action + keywords: + - x-sigma:keywords + a0: + - process:command_line + a1: + - process:command_line + name: + - file:name + a3: + - process:command_line + key: + - x-sigma:keywords + exe: + - file:name + a2: + - process:command_line + SYSCALL: + - x-event:action + pam_message: + - x-event:action + pam_user: + - user-account:user_id + pam_rhost: + - x-host:name + USER: + - user-account:user_id \ No newline at end of file diff --git a/tools/config/stix.yml b/tools/config/stix.yml index c6d13293..7cdad7e7 100644 --- a/tools/config/stix.yml +++ b/tools/config/stix.yml @@ -91,4 +91,45 @@ fieldmappings: username: - user-account:user_id utf8_payload: - - artifact:payload_bin \ No newline at end of file + - artifact:payload_bin + + # Web mapping + c-uri: + - url:value + keywords: + - x-sigma:keywords + cs-method: + - http-request-ext:request_method + sc-status: + - x-web:status_code + clientip: + - ipv4-addr:value + - ipv6-addr:value + - network-traffic:src_ref.value + + # Cloud mapping + eventSource: + - x-host:name + eventName: + - x-event:action + requestParameters.attribute: + - x-cloud:request_parameters + responseElements.publiclyAccessible: + - x-cloud:publicly_accessible + errorMessage: + - x-error:message + errorCode: + - x-error:code + responseElements: + - x-cloud:response_elements + requestParameters.userData: + - x-cloud:request_parameters + userIdentity.type: + - user-account:account_login + eventType: + - x-event:action + userIdentity.arn: + - user-account:account_login + - user-account:display_name + responseElements.pendingModifiedValues.masterUserPassword: + - user-account:credential From 951c6fee8baf1427b482c9947595456c4d8ac8f0 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 23 Jul 2020 14:31:21 +0200 Subject: [PATCH 686/714] Update sysmon_password_dumper_lsass.yml --- rules/windows/sysmon/sysmon_password_dumper_lsass.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/sysmon/sysmon_password_dumper_lsass.yml b/rules/windows/sysmon/sysmon_password_dumper_lsass.yml index f5632f4d..c17ba4e9 100644 --- a/rules/windows/sysmon/sysmon_password_dumper_lsass.yml +++ b/rules/windows/sysmon/sysmon_password_dumper_lsass.yml @@ -13,7 +13,7 @@ detection: selection: EventID: 8 TargetImage: 'C:\Windows\System32\lsass.exe' - StartModule: + StartModule: '' condition: selection tags: - attack.credential_access From 30ff22776a0bd7644090ad5d79fe061e6ee9fed6 Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 09:41:33 -0400 Subject: [PATCH 687/714] Fix NOT bug --- tools/sigma/backends/base.py | 31 +++++++++++++++------------ tools/sigma/backends/qradar.py | 6 +++++- tools/sigma/backends/stix.py | 39 +++++++++++++++++++++++----------- 3 files changed, 49 insertions(+), 27 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 1ef7e175..b9671fd2 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -154,10 +154,12 @@ class BaseBackend: pass return query - def generateNode(self, node): + def generateNode(self, node, currently_within_NOT_node=False): if type(node) == sigma.parser.condition.ConditionAND: return self.applyOverrides(self.generateANDNode(node)) elif type(node) == sigma.parser.condition.ConditionOR: + if currently_within_NOT_node: + return self.applyOverrides(self.generateANDNode(node)) return self.applyOverrides(self.generateORNode(node)) elif type(node) == sigma.parser.condition.ConditionNOT: return self.applyOverrides(self.generateNOTNode(node)) @@ -246,8 +248,8 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): sort_condition_lists = False # Sort condition items for AND and OR conditions - def generateANDNode(self, node): - generated = [ self.generateNode(val) for val in node ] + def generateANDNode(self, node, currently_within_NOT_node=False): + generated = [ self.generateNode(val, currently_within_NOT_node) for val in node ] filtered = [ g for g in generated if g is not None ] if filtered: if self.sort_condition_lists: @@ -256,8 +258,8 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: return None - def generateORNode(self, node): - generated = [ self.generateNode(val) for val in node ] + def generateORNode(self, node, currently_within_NOT_node): + generated = [ self.generateNode(val, currently_within_NOT_node) for val in node ] filtered = [ g for g in generated if g is not None ] if filtered: if self.sort_condition_lists: @@ -266,33 +268,34 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: return None - def generateNOTNode(self, node): - generated = self.generateNode(node.item) + def generateNOTNode(self, node, currently_within_NOT_node): + currently_within_NOT_node = True + generated = self.generateNode(node.item, currently_within_NOT_node) if generated is not None: - return self.notToken + generated + return generated else: return None - def generateSubexpressionNode(self, node): - generated = self.generateNode(node.items) + def generateSubexpressionNode(self, node, currently_within_NOT_node): + generated = self.generateNode(node.items, currently_within_NOT_node) if generated: return self.subExpression % generated else: return None - def generateListNode(self, node): + def generateListNode(self, node, currently_within_NOT_node): if not set([type(value) for value in node]).issubset({str, int}): raise TypeError("List values must be strings or numbers") return self.listExpression % (self.listSeparator.join([self.generateNode(value) for value in node])) - def generateMapItemNode(self, node): + def generateMapItemNode(self, node, currently_within_NOT_node): fieldname, value = node transformed_fieldname = self.fieldNameMapping(fieldname, value) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif type(value) == list: - return self.generateMapItemListNode(transformed_fieldname, value) + return self.generateMapItemListNode(transformed_fieldname, value, currently_within_NOT_node) elif isinstance(value, SigmaTypeModifier): return self.generateMapItemTypedNode(transformed_fieldname, value) elif value is None: @@ -300,7 +303,7 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - def generateMapItemListNode(self, fieldname, value): + def generateMapItemListNode(self, fieldname, value, currently_within_NOT_node): return self.mapListValueExpression % (fieldname, self.generateNode(value)) def generateMapItemTypedNode(self, fieldname, value): diff --git a/tools/sigma/backends/qradar.py b/tools/sigma/backends/qradar.py index f29024af..82533221 100644 --- a/tools/sigma/backends/qradar.py +++ b/tools/sigma/backends/qradar.py @@ -58,10 +58,14 @@ class QRadarBackend(SingleTextQueryBackend): """Remove quotes in text""" return value.replace("\'","\\\'") - def generateNode(self, node): + def generateNode(self, node, currently_within_NOT_node=False): if type(node) == sigma.parser.condition.ConditionAND: + if currently_within_NOT_node: + return self.generateORNode(node) return self.generateANDNode(node) elif type(node) == sigma.parser.condition.ConditionOR: + if currently_within_NOT_node: + return self.generateANDNode(node) return self.generateORNode(node) elif type(node) == sigma.parser.condition.ConditionNOT: return self.generateNOTNode(node) diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index 82e7b3fd..539da043 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -26,15 +26,24 @@ class STIXBackend(SingleTextQueryBackend): def cleanValue(self, value): return value - def generateMapItemListNode(self, key, value): + def generateMapItemListNode(self, key, value, currently_within_NOT_node): items_list = list() for item in value: if type(item) == str and "*" in item: item = item.replace("*", "%") - items_list.append('%s LIKE %s' % (self.cleanKey(key), self.generateValueNode(item))) + if currently_within_NOT_node: + items_list.append('%s NOT LIKE %s' % (self.cleanKey(key), self.generateValueNode(item))) + else: + items_list.append('%s LIKE %s' % (self.cleanKey(key), self.generateValueNode(item))) else: - items_list.append('%s = %s' % (self.cleanKey(key), self.generateValueNode(item))) - return '('+" OR ".join(items_list)+')' + if currently_within_NOT_node: + items_list.append('%s != %s' % (self.cleanKey(key), self.generateValueNode(item))) + else: + items_list.append('%s = %s' % (self.cleanKey(key), self.generateValueNode(item))) + if currently_within_NOT_node: + return '(' + " AND ".join(items_list) + ')' + else: + return '('+" OR ".join(items_list)+')' def generateMapItemTypedNode(self, key, value): if type(value) == SigmaRegularExpressionModifier: @@ -48,18 +57,20 @@ class STIXBackend(SingleTextQueryBackend): else: raise NotImplementedError("Type modifier '{}' is not supported by backend".format(value.identifier)) - def generateMapItemNode(self, node): + def generateMapItemNode(self, node, currently_within_NOT_node): key, value = node if ":" not in key: key = "%s:%s" % (self.sigmaSTIXObjectName, str(key).lower()) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): if type(value) == str and "*" in value: value = value.replace("*", "%") + if currently_within_NOT_node: + return "%s NOT LIKE %s" % (self.cleanKey(key), self.generateValueNode(value)) return "%s LIKE %s" % (self.cleanKey(key), self.generateValueNode(value)) elif type(value) in (str, int): return self.mapExpression % (self.cleanKey(key), self.generateValueNode(value)) elif type(value) == list: - return self.generateMapItemListNode(key, value) + return self.generateMapItemListNode(key, value, currently_within_NOT_node) elif isinstance(value, SigmaTypeModifier): return self.generateMapItemTypedNode(key, value) else: @@ -68,17 +79,21 @@ class STIXBackend(SingleTextQueryBackend): def generateValueNode(self, node): return self.valueExpression % (self.cleanValue(str(node))) - def generateNode(self, node): + def generateNode(self, node, currently_within_NOT_node=False): if type(node) == sigma.parser.condition.ConditionAND: - return self.generateANDNode(node) + if currently_within_NOT_node: + return self.generateORNode(node, currently_within_NOT_node) + return self.generateANDNode(node, currently_within_NOT_node) elif type(node) == sigma.parser.condition.ConditionOR: - return self.generateORNode(node) + if currently_within_NOT_node: + return self.generateANDNode(node, currently_within_NOT_node) + return self.generateORNode(node, currently_within_NOT_node) elif type(node) == sigma.parser.condition.ConditionNOT: - return self.generateNOTNode(node) + return self.generateNOTNode(node, currently_within_NOT_node) elif type(node) == sigma.parser.condition.NodeSubexpression: - return self.generateSubexpressionNode(node) + return self.generateSubexpressionNode(node, currently_within_NOT_node) elif type(node) == tuple: - return self.generateMapItemNode(node) + return self.generateMapItemNode(node, currently_within_NOT_node) else: raise TypeError("Node type %s was not expected in Sigma parse tree" % (str(type(node)))) From 0fac21f4a33d79b9bb882647e4a46354948bd639 Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 10:13:30 -0400 Subject: [PATCH 688/714] Remove modifications from base file and override in stix.py --- tools/sigma/backends/base.py | 29 ++++++++++----------- tools/sigma/backends/stix.py | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 16 deletions(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index b9671fd2..1840f151 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -154,12 +154,10 @@ class BaseBackend: pass return query - def generateNode(self, node, currently_within_NOT_node=False): + def generateNode(self, node): if type(node) == sigma.parser.condition.ConditionAND: return self.applyOverrides(self.generateANDNode(node)) elif type(node) == sigma.parser.condition.ConditionOR: - if currently_within_NOT_node: - return self.applyOverrides(self.generateANDNode(node)) return self.applyOverrides(self.generateORNode(node)) elif type(node) == sigma.parser.condition.ConditionNOT: return self.applyOverrides(self.generateNOTNode(node)) @@ -248,8 +246,8 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): sort_condition_lists = False # Sort condition items for AND and OR conditions - def generateANDNode(self, node, currently_within_NOT_node=False): - generated = [ self.generateNode(val, currently_within_NOT_node) for val in node ] + def generateANDNode(self, node): + generated = [ self.generateNode(val) for val in node ] filtered = [ g for g in generated if g is not None ] if filtered: if self.sort_condition_lists: @@ -258,8 +256,8 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: return None - def generateORNode(self, node, currently_within_NOT_node): - generated = [ self.generateNode(val, currently_within_NOT_node) for val in node ] + def generateORNode(self, node): + generated = [ self.generateNode(val) for val in node ] filtered = [ g for g in generated if g is not None ] if filtered: if self.sort_condition_lists: @@ -268,34 +266,33 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: return None - def generateNOTNode(self, node, currently_within_NOT_node): - currently_within_NOT_node = True - generated = self.generateNode(node.item, currently_within_NOT_node) + def generateNOTNode(self, node): + generated = self.generateNode(node.item) if generated is not None: return generated else: return None - def generateSubexpressionNode(self, node, currently_within_NOT_node): - generated = self.generateNode(node.items, currently_within_NOT_node) + def generateSubexpressionNode(self, node): + generated = self.generateNode(node.items) if generated: return self.subExpression % generated else: return None - def generateListNode(self, node, currently_within_NOT_node): + def generateListNode(self, node): if not set([type(value) for value in node]).issubset({str, int}): raise TypeError("List values must be strings or numbers") return self.listExpression % (self.listSeparator.join([self.generateNode(value) for value in node])) - def generateMapItemNode(self, node, currently_within_NOT_node): + def generateMapItemNode(self, node): fieldname, value = node transformed_fieldname = self.fieldNameMapping(fieldname, value) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif type(value) == list: - return self.generateMapItemListNode(transformed_fieldname, value, currently_within_NOT_node) + return self.generateMapItemListNode(transformed_fieldname, value) elif isinstance(value, SigmaTypeModifier): return self.generateMapItemTypedNode(transformed_fieldname, value) elif value is None: @@ -303,7 +300,7 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - def generateMapItemListNode(self, fieldname, value, currently_within_NOT_node): + def generateMapItemListNode(self, fieldname, value): return self.mapListValueExpression % (fieldname, self.generateNode(value)) def generateMapItemTypedNode(self, fieldname, value): diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index 539da043..f0d43393 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -26,6 +26,56 @@ class STIXBackend(SingleTextQueryBackend): def cleanValue(self, value): return value + def generateANDNode(self, node, currently_within_NOT_node=False): + generated = [self.generateNode(val, currently_within_NOT_node) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + if self.sort_condition_lists: + filtered = sorted(filtered) + return self.andToken.join(filtered) + else: + return None + + def generateORNode(self, node, currently_within_NOT_node): + generated = [self.generateNode(val, currently_within_NOT_node) for val in node] + filtered = [g for g in generated if g is not None] + if filtered: + if self.sort_condition_lists: + filtered = sorted(filtered) + return self.orToken.join(filtered) + else: + return None + + def generateNOTNode(self, node, currently_within_NOT_node): + currently_within_NOT_node = True + generated = self.generateNode(node.item, currently_within_NOT_node) + if generated is not None: + return generated + else: + return None + + def generateSubexpressionNode(self, node, currently_within_NOT_node): + generated = self.generateNode(node.items, currently_within_NOT_node) + if generated: + return self.subExpression % generated + else: + return None + + def generateMapItemNode(self, node, currently_within_NOT_node): + fieldname, value = node + + transformed_fieldname = self.fieldNameMapping(fieldname, value) + if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + return self.mapExpression % (transformed_fieldname, self.generateNode(value)) + elif type(value) == list: + return self.generateMapItemListNode(transformed_fieldname, value, currently_within_NOT_node) + elif isinstance(value, SigmaTypeModifier): + return self.generateMapItemTypedNode(transformed_fieldname, value) + elif value is None: + return self.nullExpression % (transformed_fieldname, ) + else: + raise TypeError("Backend does not support map values of type " + str(type(value))) + def generateMapItemListNode(self, key, value, currently_within_NOT_node): items_list = list() for item in value: From 0e49a6acdf2fc33bdb0c906f6dc81bf52547a9d4 Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 10:18:16 -0400 Subject: [PATCH 689/714] Default NOT to false for all functions --- tools/sigma/backends/stix.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index f0d43393..1c87725a 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -36,7 +36,7 @@ class STIXBackend(SingleTextQueryBackend): else: return None - def generateORNode(self, node, currently_within_NOT_node): + def generateORNode(self, node, currently_within_NOT_node=False): generated = [self.generateNode(val, currently_within_NOT_node) for val in node] filtered = [g for g in generated if g is not None] if filtered: @@ -46,7 +46,7 @@ class STIXBackend(SingleTextQueryBackend): else: return None - def generateNOTNode(self, node, currently_within_NOT_node): + def generateNOTNode(self, node, currently_within_NOT_node=False): currently_within_NOT_node = True generated = self.generateNode(node.item, currently_within_NOT_node) if generated is not None: @@ -54,14 +54,14 @@ class STIXBackend(SingleTextQueryBackend): else: return None - def generateSubexpressionNode(self, node, currently_within_NOT_node): + def generateSubexpressionNode(self, node, currently_within_NOT_node=False): generated = self.generateNode(node.items, currently_within_NOT_node) if generated: return self.subExpression % generated else: return None - def generateMapItemNode(self, node, currently_within_NOT_node): + def generateMapItemNode(self, node, currently_within_NOT_node=False): fieldname, value = node transformed_fieldname = self.fieldNameMapping(fieldname, value) @@ -76,7 +76,7 @@ class STIXBackend(SingleTextQueryBackend): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - def generateMapItemListNode(self, key, value, currently_within_NOT_node): + def generateMapItemListNode(self, key, value, currently_within_NOT_node=False): items_list = list() for item in value: if type(item) == str and "*" in item: @@ -107,7 +107,7 @@ class STIXBackend(SingleTextQueryBackend): else: raise NotImplementedError("Type modifier '{}' is not supported by backend".format(value.identifier)) - def generateMapItemNode(self, node, currently_within_NOT_node): + def generateMapItemNode(self, node, currently_within_NOT_node=False): key, value = node if ":" not in key: key = "%s:%s" % (self.sigmaSTIXObjectName, str(key).lower()) From ef9af3730a4d3b13f2df50a71fa540cd312300c9 Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 10:34:29 -0400 Subject: [PATCH 690/714] Remove unnecessary edits from qradar.py --- tools/sigma/backends/qradar.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tools/sigma/backends/qradar.py b/tools/sigma/backends/qradar.py index 82533221..f29024af 100644 --- a/tools/sigma/backends/qradar.py +++ b/tools/sigma/backends/qradar.py @@ -58,14 +58,10 @@ class QRadarBackend(SingleTextQueryBackend): """Remove quotes in text""" return value.replace("\'","\\\'") - def generateNode(self, node, currently_within_NOT_node=False): + def generateNode(self, node): if type(node) == sigma.parser.condition.ConditionAND: - if currently_within_NOT_node: - return self.generateORNode(node) return self.generateANDNode(node) elif type(node) == sigma.parser.condition.ConditionOR: - if currently_within_NOT_node: - return self.generateANDNode(node) return self.generateORNode(node) elif type(node) == sigma.parser.condition.ConditionNOT: return self.generateNOTNode(node) From 6c7b4cf4083f01a2d3f5f8d86bc8f5b3b461010d Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 10:47:22 -0400 Subject: [PATCH 691/714] Revert additional change in base.py --- tools/sigma/backends/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sigma/backends/base.py b/tools/sigma/backends/base.py index 1840f151..1ef7e175 100644 --- a/tools/sigma/backends/base.py +++ b/tools/sigma/backends/base.py @@ -269,7 +269,7 @@ class SingleTextQueryBackend(RulenameCommentMixin, BaseBackend, QuoteCharMixin): def generateNOTNode(self, node): generated = self.generateNode(node.item) if generated is not None: - return generated + return self.notToken + generated else: return None From 8a4b53eb3a9652ee779729cd0fcea36e85ed0648 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 23 Jul 2020 17:04:16 +0200 Subject: [PATCH 692/714] fix: rule leads to FPs on systems that don't log the cmdline parameters --- .../process_creation/win_susp_svchost_no_cli.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/rules/windows/process_creation/win_susp_svchost_no_cli.yml b/rules/windows/process_creation/win_susp_svchost_no_cli.yml index d635c590..4da570b7 100644 --- a/rules/windows/process_creation/win_susp_svchost_no_cli.yml +++ b/rules/windows/process_creation/win_susp_svchost_no_cli.yml @@ -6,6 +6,7 @@ references: - https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2 author: David Burkett date: 2019/12/28 +modified: 2020/07/23 tags: - attack.t1055 logsource: @@ -13,13 +14,13 @@ logsource: product: windows detection: selection1: - CommandLine: null + CommandLine|endswith: 'svchost.exe' selection2: - Image: '*\svchost.exe' + Image|endswith: '\svchost.exe' filter: - ParentImage: - - '*\rpcnet.exe' - - '*\rpcnetp.exe' + ParentImage|endswith: + - '\rpcnet.exe' + - '\rpcnetp.exe' condition: (selection1 and selection2) and not filter fields: - CommandLine From c329f6412da54316ce4ae667cf58aa3d34805057 Mon Sep 17 00:00:00 2001 From: Simran Soin Date: Thu, 23 Jul 2020 11:47:55 -0400 Subject: [PATCH 693/714] Fix bug with NOT handling --- tools/sigma/backends/stix.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index 1c87725a..c48b950e 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -14,6 +14,7 @@ class STIXBackend(SingleTextQueryBackend): subExpression = "(%s)" valueExpression = "\'%s\'" mapExpression = "%s = %s" + notMapExpression = "%s != %s" mapListsSpecialHandling = True sigmaSTIXObjectName = "x-sigma" @@ -47,7 +48,7 @@ class STIXBackend(SingleTextQueryBackend): return None def generateNOTNode(self, node, currently_within_NOT_node=False): - currently_within_NOT_node = True + currently_within_NOT_node = not(currently_within_NOT_node) generated = self.generateNode(node.item, currently_within_NOT_node) if generated is not None: return generated @@ -66,6 +67,8 @@ class STIXBackend(SingleTextQueryBackend): transformed_fieldname = self.fieldNameMapping(fieldname, value) if self.mapListsSpecialHandling == False and type(value) in (str, int, list) or self.mapListsSpecialHandling == True and type(value) in (str, int): + if currently_within_NOT_node: + return self.notMapExpression % (transformed_fieldname, self.generateNode(value)) return self.mapExpression % (transformed_fieldname, self.generateNode(value)) elif type(value) == list: return self.generateMapItemListNode(transformed_fieldname, value, currently_within_NOT_node) @@ -118,6 +121,8 @@ class STIXBackend(SingleTextQueryBackend): return "%s NOT LIKE %s" % (self.cleanKey(key), self.generateValueNode(value)) return "%s LIKE %s" % (self.cleanKey(key), self.generateValueNode(value)) elif type(value) in (str, int): + if currently_within_NOT_node: + return self.notMapExpression % (self.cleanKey(key), self.generateValueNode(value)) return self.mapExpression % (self.cleanKey(key), self.generateValueNode(value)) elif type(value) == list: return self.generateMapItemListNode(key, value, currently_within_NOT_node) From e52489aaf667d02a7fae47988c8be31550d54a55 Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Thu, 23 Jul 2020 23:28:11 -0400 Subject: [PATCH 694/714] Change production status to stable --- rules/windows/builtin/win_pass_the_hash_2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_pass_the_hash_2.yml b/rules/windows/builtin/win_pass_the_hash_2.yml index 722637eb..d003fd71 100644 --- a/rules/windows/builtin/win_pass_the_hash_2.yml +++ b/rules/windows/builtin/win_pass_the_hash_2.yml @@ -1,6 +1,6 @@ title: Pass the Hash Activity 2 id: 8eef149c-bd26-49f2-9e5a-9b00e3af499b -status: production +status: stable description: Detects the attack technique pass the hash which is used to move laterally inside the network references: - https://github.com/iadgov/Event-Forwarding-Guidance/tree/master/Events From aa548ba1a9c864922daf4b2133c0be1b7977b560 Mon Sep 17 00:00:00 2001 From: Ryan Plas Date: Thu, 23 Jul 2020 23:29:44 -0400 Subject: [PATCH 695/714] Add quotes due to a colon in the falsepositives string --- rules/windows/builtin/win_user_driver_loaded.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/builtin/win_user_driver_loaded.yml b/rules/windows/builtin/win_user_driver_loaded.yml index c64a039a..ad7fcc27 100644 --- a/rules/windows/builtin/win_user_driver_loaded.yml +++ b/rules/windows/builtin/win_user_driver_loaded.yml @@ -35,5 +35,5 @@ detection: - '*\Google\Chrome\Application\chrome.exe' condition: selection_1 and not selection_2 falsepositives: - - Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers. + - 'Other legimate tools loading drivers. There are some: Sysinternals, CPU-Z, AVs etc. - but not much. You have to baseline this according to your used products and allowed tools. Also try to exclude users, which are allowed to load drivers.' level: medium From 77a8ac59ef4ecafd9d8b867569fb2f630f582e5e Mon Sep 17 00:00:00 2001 From: IPv777 <19636346+IPv777@users.noreply.github.com> Date: Fri, 24 Jul 2020 16:38:08 +0200 Subject: [PATCH 696/714] remove duplicate --- rules/windows/process_creation/win_susp_fsutil_usage.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index 26348553..e725a197 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -12,7 +12,6 @@ references: tags: - attack.defense_evasion - attack.t1070 - - attack.t1070 logsource: category: process_creation product: windows From 9643e01b54ceb230a1b1a3db4b7f3943409843d0 Mon Sep 17 00:00:00 2001 From: bar Date: Sun, 26 Jul 2020 12:16:48 +0300 Subject: [PATCH 697/714] extension should use '..' --- tools/config/stix-windows.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tools/config/stix-windows.yml b/tools/config/stix-windows.yml index 1083cbce..6a9de243 100644 --- a/tools/config/stix-windows.yml +++ b/tools/config/stix-windows.yml @@ -82,7 +82,7 @@ fieldmappings: Image: - process:image_ref.name ImageLoadedTempPath: - - process:extensions.windows-service-ext.service_dll_refs[*].x_temp_path + - process:extensions.'windows-service-ext'.service_dll_refs[*].x_temp_path ImageName: - process:image_ref.name ImagePath: @@ -99,9 +99,9 @@ fieldmappings: IntegrityLevel: - x-windows:integritylevel LoadedImage: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name LoadedImageName: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name LogonType: - x-windows:logontype MD5Hash: @@ -162,9 +162,9 @@ fieldmappings: SHA256Hash: - file:hashes.SHA-256 ServiceFileName: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name ServiceName: - - process:extensions.windows-service-ext.service_name + - process:extensions.'windows-service-ext'.service_name ShareName: - x-windows:sharename SharePath: @@ -231,9 +231,9 @@ fieldmappings: event_data.Image: - process:image_ref.name event_data.ImageLoaded: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name ImageLoaded: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name event_data.ImagePath: - process:image_ref.name event_data.ParentCommandLine: @@ -245,7 +245,7 @@ fieldmappings: event_data.PipeName: - x-windows:pipename event_data.ServiceFileName: - - process:extensions.windows-service-ext.service_dll_refs[*].name + - process:extensions.'windows-service-ext'.service_dll_refs[*].name event_data.ShareName: - x-windows:sharename event_data.Signature: From 051e2ce905eb736372bd21c27722009500424a9e Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 27 Jul 2020 11:37:58 +0200 Subject: [PATCH 698/714] feat: detect duplicate tags --- tests/test_rules.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/test_rules.py b/tests/test_rules.py index ecfb2f34..9d6448ae 100755 --- a/tests/test_rules.py +++ b/tests/test_rules.py @@ -72,6 +72,23 @@ class TestRules(unittest.TestCase): self.assertEqual(files_with_incorrect_mitre_tags, [], Fore.RED + "There are rules with incorrect/unknown MITRE Tags. (please inform us about new tags that are not yet supported in our tests) and check the correct tags here: https://attack.mitre.org/ ") + def test_duplicate_tags(self): + files_with_incorrect_mitre_tags = [] + + for file in self.yield_next_rule_file_path(self.path_to_rules): + tags = self.get_rule_part(file_path=file, part_name="tags") + if tags: + known_tags = [] + for tag in tags: + if tag in known_tags: + print(Fore.RED + "Rule {} has the duplicate tag {}".format(file, tag)) + files_with_incorrect_mitre_tags.append(file) + else: + known_tags.append(tag) + + self.assertEqual(files_with_incorrect_mitre_tags, [], Fore.RED + + "There are rules with duplicate tags") + def test_look_for_duplicate_filters(self): def check_list_or_recurse_on_dict(item, depth:int) -> None: if type(item) == list: From 80f4b4ec71993abc8aa9d4de2e935c9cf17f2d4b Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 27 Jul 2020 11:44:47 +0200 Subject: [PATCH 699/714] fix: rules with duplicate tags --- rules/compliance/cleartext_protocols.yml | 2 -- rules/network/cisco/aaa/cisco_cli_clear_logs.yml | 1 - rules/windows/builtin/win_susp_eventlog_cleared.yml | 1 - rules/windows/builtin/win_susp_security_eventlog_cleared.yml | 1 - rules/windows/process_creation/win_etw_trace_evasion.yml | 1 - rules/windows/process_creation/win_malware_notpetya.yml | 1 - rules/windows/process_creation/win_shadow_copies_deletion.yml | 1 - rules/windows/process_creation/win_susp_bcdedit.yml | 1 - rules/windows/process_creation/win_susp_eventlog_clear.yml | 1 - rules/windows/process_creation/win_susp_fsutil_usage.yml | 1 - 10 files changed, 11 deletions(-) diff --git a/rules/compliance/cleartext_protocols.yml b/rules/compliance/cleartext_protocols.yml index d1769800..fe0a367a 100644 --- a/rules/compliance/cleartext_protocols.yml +++ b/rules/compliance/cleartext_protocols.yml @@ -30,8 +30,6 @@ tags: - NIST CSF 1.1 PR.AC-7 - NIST CSF 1.1 PR.DS-1 - NIST CSF 1.1 PR.DS-2 - - NIST CSF 1.1 PR.PT-3 - - NIST CSF 1.1 PR.PT-3 - ISO 27002-2013 A.9.2.1 - ISO 27002-2013 A.9.2.2 - ISO 27002-2013 A.9.2.3 diff --git a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml index 35671eed..e510c740 100644 --- a/rules/network/cisco/aaa/cisco_cli_clear_logs.yml +++ b/rules/network/cisco/aaa/cisco_cli_clear_logs.yml @@ -12,7 +12,6 @@ tags: - attack.t1146 - attack.t1070 - attack.t1070.003 - - attack.t1070 logsource: product: cisco service: aaa diff --git a/rules/windows/builtin/win_susp_eventlog_cleared.yml b/rules/windows/builtin/win_susp_eventlog_cleared.yml index 7b87b35c..ec1981f5 100644 --- a/rules/windows/builtin/win_susp_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_eventlog_cleared.yml @@ -10,7 +10,6 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1070 logsource: product: windows service: system diff --git a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml index 9e0f24d7..7b0b7dcc 100644 --- a/rules/windows/builtin/win_susp_security_eventlog_cleared.yml +++ b/rules/windows/builtin/win_susp_security_eventlog_cleared.yml @@ -5,7 +5,6 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1070 author: Florian Roth date: 2017/02/19 logsource: diff --git a/rules/windows/process_creation/win_etw_trace_evasion.yml b/rules/windows/process_creation/win_etw_trace_evasion.yml index d7b7000f..b3f2b401 100644 --- a/rules/windows/process_creation/win_etw_trace_evasion.yml +++ b/rules/windows/process_creation/win_etw_trace_evasion.yml @@ -12,7 +12,6 @@ tags: - attack.execution - attack.t1070 - car.2016-04-002 - - attack.t1070 level: high logsource: category: process_creation diff --git a/rules/windows/process_creation/win_malware_notpetya.yml b/rules/windows/process_creation/win_malware_notpetya.yml index 4293239d..7f253f7c 100644 --- a/rules/windows/process_creation/win_malware_notpetya.yml +++ b/rules/windows/process_creation/win_malware_notpetya.yml @@ -16,7 +16,6 @@ tags: - attack.t1003 - car.2016-04-002 - attack.t1218.011 - - attack.t1070 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_shadow_copies_deletion.yml b/rules/windows/process_creation/win_shadow_copies_deletion.yml index 6fb0d27d..43bdfd90 100644 --- a/rules/windows/process_creation/win_shadow_copies_deletion.yml +++ b/rules/windows/process_creation/win_shadow_copies_deletion.yml @@ -15,7 +15,6 @@ tags: - attack.impact - attack.t1070 - attack.t1490 - - attack.t1070 logsource: category: process_creation product: windows diff --git a/rules/windows/process_creation/win_susp_bcdedit.yml b/rules/windows/process_creation/win_susp_bcdedit.yml index e5c87b34..e87d9a38 100644 --- a/rules/windows/process_creation/win_susp_bcdedit.yml +++ b/rules/windows/process_creation/win_susp_bcdedit.yml @@ -11,7 +11,6 @@ tags: - attack.t1070 - attack.persistence - attack.t1067 - - attack.t1070 - attack.t1542.003 logsource: category: process_creation diff --git a/rules/windows/process_creation/win_susp_eventlog_clear.yml b/rules/windows/process_creation/win_susp_eventlog_clear.yml index bff846f4..42c20df7 100644 --- a/rules/windows/process_creation/win_susp_eventlog_clear.yml +++ b/rules/windows/process_creation/win_susp_eventlog_clear.yml @@ -11,7 +11,6 @@ tags: - attack.defense_evasion - attack.t1070 - car.2016-04-002 - - attack.t1070 level: high logsource: category: process_creation diff --git a/rules/windows/process_creation/win_susp_fsutil_usage.yml b/rules/windows/process_creation/win_susp_fsutil_usage.yml index 26348553..e725a197 100644 --- a/rules/windows/process_creation/win_susp_fsutil_usage.yml +++ b/rules/windows/process_creation/win_susp_fsutil_usage.yml @@ -12,7 +12,6 @@ references: tags: - attack.defense_evasion - attack.t1070 - - attack.t1070 logsource: category: process_creation product: windows From de475bb500cc5ddd8573152567dafe5a276fc756 Mon Sep 17 00:00:00 2001 From: bar Date: Mon, 27 Jul 2020 14:36:30 +0300 Subject: [PATCH 700/714] updated STIX mapping for more rule fields --- tools/config/stix.yml | 44 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/tools/config/stix.yml b/tools/config/stix.yml index 7cdad7e7..5a83c9e7 100644 --- a/tools/config/stix.yml +++ b/tools/config/stix.yml @@ -3,6 +3,8 @@ backends: - stix order: 20 fieldmappings: + action: + - x-event:action User: - user-account:user_id c-ip: @@ -22,6 +24,8 @@ fieldmappings: - network-traffic:dst_ref.value destinationport: - network-traffic:dst_port + dst_port: + - network-traffic:dst_port domainname: - domain-name:value dst: @@ -46,6 +50,8 @@ fieldmappings: - network-traffic:dst_port DestinationPort: - network-traffic:dst_port + destination.port: + - network-traffic:dst_port event_data.SubjectUserName: - user-account:user_id event_data.User: @@ -93,19 +99,53 @@ fieldmappings: utf8_payload: - artifact:payload_bin - # Web mapping + # Web + Proxy mapping c-uri: + - network-traffic:extensions.'http-request-ext'.request_value + - url:value + c-uri-query: + - network-traffic:extensions.'http-request-ext'.request_value + - url:value + c-uri-stem: + - network-traffic:extensions.'http-request-ext'.request_value - url:value keywords: - x-sigma:keywords cs-method: - - http-request-ext:request_method + - network-traffic:extensions.'http-request-ext'.request_method sc-status: - x-web:status_code clientip: - ipv4-addr:value - ipv6-addr:value - network-traffic:src_ref.value + c-useragent: + - network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' + r-dns: + - domain-name:value + - url:value + - x-dns:query + cs-host: + - x-host:name + - domain-name:value + cs-cookie: + - network-traffic:extensions.'http-request-ext'.request_header.Cookie + query: + - domain-name:value + - url:value + - x-dns:query + record_type: + - x-dns:record_type + operation: + - x-event:action + + # Compliance mapping + event.category: + - x-event:action + host.scan.vuln_name: + - vulnerability:name + host.scan.vuln: + - vulnerability:external_references[*].external_id # Cloud mapping eventSource: From 565f77c199a5d3e6efbcfb78bb2316f0cd0172c9 Mon Sep 17 00:00:00 2001 From: bar Date: Mon, 27 Jul 2020 15:35:30 +0300 Subject: [PATCH 701/714] Added STIX target to README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bf2cd76f..b2c6ba16 100644 --- a/README.md +++ b/README.md @@ -202,6 +202,7 @@ tools/sigmac -t splunk -c ~/my-splunk-mapping.yml -c tools/config/generic/window * [Grep](https://www.gnu.org/software/grep/manual/grep.html) with Perl-compatible regular expression support * [LimaCharlie](https://limacharlie.io) * [ee-outliers](https://github.com/NVISO-BE/ee-outliers) +* [Structured Threat Information Expression (STIX)](https://oasis-open.github.io/cti-documentation/stix/intro.html) Current work-in-progress * [Splunk Data Models](https://docs.splunk.com/Documentation/Splunk/7.1.0/Knowledge/Aboutdatamodels) From 8352eefe2204816460f6d5523726bea19afcb56d Mon Sep 17 00:00:00 2001 From: bar Date: Tue, 28 Jul 2020 18:52:02 +0300 Subject: [PATCH 702/714] STIX Support keywords (value without field) --- tools/config/stix-linux.yml | 2 +- tools/config/stix.yml | 2 +- tools/sigma/backends/stix.py | 11 +++++++++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/config/stix-linux.yml b/tools/config/stix-linux.yml index e374f29b..3bab2072 100644 --- a/tools/config/stix-linux.yml +++ b/tools/config/stix-linux.yml @@ -9,7 +9,7 @@ fieldmappings: type: - x-event:action keywords: - - x-sigma:keywords + - artifact:payload_bin a0: - process:command_line a1: diff --git a/tools/config/stix.yml b/tools/config/stix.yml index 5a83c9e7..88b37fba 100644 --- a/tools/config/stix.yml +++ b/tools/config/stix.yml @@ -110,7 +110,7 @@ fieldmappings: - network-traffic:extensions.'http-request-ext'.request_value - url:value keywords: - - x-sigma:keywords + - artifact:payload_bin cs-method: - network-traffic:extensions.'http-request-ext'.request_method sc-status: diff --git a/tools/sigma/backends/stix.py b/tools/sigma/backends/stix.py index c48b950e..03191d8b 100644 --- a/tools/sigma/backends/stix.py +++ b/tools/sigma/backends/stix.py @@ -131,8 +131,13 @@ class STIXBackend(SingleTextQueryBackend): else: raise TypeError("Backend does not support map values of type " + str(type(value))) - def generateValueNode(self, node): - return self.valueExpression % (self.cleanValue(str(node))) + def generateValueNode(self, node, keypresent=True): + if keypresent == False: + if type(node) == str and "*" in node: + node = node.replace("*", "%") + return "artifact:payload_bin LIKE \'{0}\'".format(self.cleanValue(str(node))) + else: + return self.valueExpression % (self.cleanValue(str(node))) def generateNode(self, node, currently_within_NOT_node=False): if type(node) == sigma.parser.condition.ConditionAND: @@ -149,6 +154,8 @@ class STIXBackend(SingleTextQueryBackend): return self.generateSubexpressionNode(node, currently_within_NOT_node) elif type(node) == tuple: return self.generateMapItemNode(node, currently_within_NOT_node) + elif type(node) in (str, int): + return self.generateValueNode(node, keypresent=False) else: raise TypeError("Node type %s was not expected in Sigma parse tree" % (str(type(node)))) From df3bfb1b373deffb02cba9130b4aa13c551c2515 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Thu, 30 Jul 2020 18:55:47 +0200 Subject: [PATCH 703/714] rule: Winnti Pipemon --- .../win_apt_winnti_pipemon.yml | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_winnti_pipemon.yml diff --git a/rules/windows/process_creation/win_apt_winnti_pipemon.yml b/rules/windows/process_creation/win_apt_winnti_pipemon.yml new file mode 100644 index 00000000..9ae20d36 --- /dev/null +++ b/rules/windows/process_creation/win_apt_winnti_pipemon.yml @@ -0,0 +1,29 @@ +title: Winnti Pipemon Characteristics +id: 73d70463-75c9-4258-92c6-17500fe972f2 +status: experimental +description: Detects specific process characteristics of Winnti Pipemon malware reported by ESET +references: + - https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ +tags: + - attack.defense_evasion + - attack.t1073 + - attack.g0044 + - attack.t1574.002 +author: Florian Roth +date: 2020/07/30 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: + - 'setup0.exe -p' + selection2: + CommandLine|endswith: + - 'setup.exe -x:0' + - 'setup.exe -x:1' + - 'setup.exe -x:2' + condition: 1 of them +falsepositives: + - Legitimate setups that use similar flags +level: critical From de33b953ba0031cb5093f4d0aa272efb303144dd Mon Sep 17 00:00:00 2001 From: Cian Heasley Date: Mon, 3 Aug 2020 12:20:04 +0100 Subject: [PATCH 704/714] Add files via upload Webshell ReGeorg Detection Via Web Logs --- rules/web/win_webshell_regeorg.yml | 38 ++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 rules/web/win_webshell_regeorg.yml diff --git a/rules/web/win_webshell_regeorg.yml b/rules/web/win_webshell_regeorg.yml new file mode 100644 index 00000000..a5ab1af0 --- /dev/null +++ b/rules/web/win_webshell_regeorg.yml @@ -0,0 +1,38 @@ +title: Webshell ReGeorg Detection Via Web Logs +id: 2ea44a60-cfda-11ea-87d0-0242ac130003 +status: experimental +description: Certain strings in the uri_query field when combined with null referer and null user agent can indicate activity associated with the webshell ReGeorg. +author: Cian Heasley +reference: + - https://community.rsa.com/community/products/netwitness/blog/2019/02/19/web-shells-and-netwitness-part-3 + - https://github.com/sensepost/reGeorg +date: 2020/08/04 +tags: + - attack.privilege_escalation + - attack.persistence + - attack.t1100 + - attack.t1505.003 +logsource: + category: webserver +detection: + selection: + uri_query|contains: + - '*cmd=read*' + - '*connect&target*' + - '*cmd=connect*' + - '*cmd=disconnect*' + - '*&port*' + - '*cmd=forward*' + filter: + referer: null + useragent: null + method: POST + condition: selection and filter +fields: + - uri_query + - referer + - method + - useragent +falsepositives: + - unknown +level: high From 6f7aecbe069fa8dbe7eb65a27d6cc570a2cbf1d1 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 3 Aug 2020 13:49:52 +0200 Subject: [PATCH 705/714] fix: preventive change to avoid FPs --- rules/web/win_webshell_regeorg.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/rules/web/win_webshell_regeorg.yml b/rules/web/win_webshell_regeorg.yml index a5ab1af0..c823666c 100644 --- a/rules/web/win_webshell_regeorg.yml +++ b/rules/web/win_webshell_regeorg.yml @@ -21,7 +21,6 @@ detection: - '*connect&target*' - '*cmd=connect*' - '*cmd=disconnect*' - - '*&port*' - '*cmd=forward*' filter: referer: null From 3abc3d0a7620d6856d43c271107b3780bafe6a1c Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Mon, 3 Aug 2020 13:50:47 +0200 Subject: [PATCH 706/714] docs: add FP condition --- rules/web/win_webshell_regeorg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/web/win_webshell_regeorg.yml b/rules/web/win_webshell_regeorg.yml index c823666c..11ce335e 100644 --- a/rules/web/win_webshell_regeorg.yml +++ b/rules/web/win_webshell_regeorg.yml @@ -33,5 +33,5 @@ fields: - method - useragent falsepositives: - - unknown + - web applications that use the same URL parameters as ReGeorg level: high From a52583dc68bfaec84f1b4cd6c765d20e7adb465c Mon Sep 17 00:00:00 2001 From: IPv777 <19636346+IPv777@users.noreply.github.com> Date: Mon, 3 Aug 2020 17:43:14 +0200 Subject: [PATCH 707/714] .002 = SMB/Windows Admin Shares --- .../windows/process_creation/win_susp_copy_lateral_movement.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/windows/process_creation/win_susp_copy_lateral_movement.yml b/rules/windows/process_creation/win_susp_copy_lateral_movement.yml index 10b56613..59b5ec8d 100644 --- a/rules/windows/process_creation/win_susp_copy_lateral_movement.yml +++ b/rules/windows/process_creation/win_susp_copy_lateral_movement.yml @@ -10,7 +10,7 @@ tags: - attack.lateral_movement - attack.t1077 - attack.t1105 - - attack.t1021 + - attack.t1021.002 logsource: category: process_creation product: windows From c4953409aa91ddbaf9c53f8ed14acbdf1bb94f6d Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 4 Aug 2020 14:31:20 +0200 Subject: [PATCH 708/714] rule: TAIDOOR malware load https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a --- .../process_creation/win_apt_taidoor.yml | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 rules/windows/process_creation/win_apt_taidoor.yml diff --git a/rules/windows/process_creation/win_apt_taidoor.yml b/rules/windows/process_creation/win_apt_taidoor.yml new file mode 100644 index 00000000..2bff776f --- /dev/null +++ b/rules/windows/process_creation/win_apt_taidoor.yml @@ -0,0 +1,26 @@ +title: TAIDOOR RAT DLL Load +id: d1aa3382-abab-446f-96ea-4de52908210b +status: experimental +description: Detects specific process characteristics of Chinese TAIDOOR RAT malware load +references: + - https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a +author: Florian Roth +date: 2020/07/30 +tags: + - attack.execution + - attack.t1055.001 +logsource: + category: process_creation + product: windows +detection: + selection1: + CommandLine|contains: + - 'dll,MyStart' + - 'dll MyStart' + selection2: + CommandLine|endswith: + - ' MyStart' + condition: 1 of them +falsepositives: + - Unknown +level: critical From 052379a512c7a1915bec41453a583275de0d6236 Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Tue, 4 Aug 2020 14:37:18 +0200 Subject: [PATCH 709/714] fix: tightened TAIDOOR rule --- rules/windows/process_creation/win_apt_taidoor.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rules/windows/process_creation/win_apt_taidoor.yml b/rules/windows/process_creation/win_apt_taidoor.yml index 2bff776f..a64bf77f 100644 --- a/rules/windows/process_creation/win_apt_taidoor.yml +++ b/rules/windows/process_creation/win_apt_taidoor.yml @@ -17,10 +17,13 @@ detection: CommandLine|contains: - 'dll,MyStart' - 'dll MyStart' - selection2: + selection2a: CommandLine|endswith: - ' MyStart' - condition: 1 of them + selection2b: + CommandLine|contains: + - 'rundll32.exe' + condition: selection1 or ( selection2a and selection2b ) falsepositives: - Unknown level: critical From 4e688233d7e266af639ffa125f80468f4abb2a10 Mon Sep 17 00:00:00 2001 From: Timur Zinniatullin Date: Tue, 4 Aug 2020 19:48:18 +0300 Subject: [PATCH 710/714] ATT&CK mapping update suggestions for \linux\ --- rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml | 4 ++-- rules/linux/auditd/lnx_auditd_masquerading_crond.yml | 8 ++++---- rules/linux/auditd/lnx_auditd_susp_cmds.yml | 3 +++ rules/linux/auditd/lnx_auditd_web_rce.yml | 1 - rules/linux/auditd/lnx_data_compressed.yml | 9 ++++----- rules/linux/lnx_apt_equationgroup_lnx.yml | 2 +- rules/linux/lnx_chattr_immutable_removal.yml | 4 ++-- rules/linux/lnx_file_or_folder_permissions.yml | 6 +++--- rules/linux/lnx_pers_systemd_reload.yml | 5 ++--- rules/linux/lnx_shell_clear_cmd_history.yml | 8 ++++---- rules/linux/lnx_shell_priv_esc_prep.yml | 4 ++-- rules/linux/lnx_shell_susp_commands.yml | 7 +++++-- rules/linux/lnx_shell_susp_rev_shells.yml | 3 +++ rules/linux/lnx_susp_jexboss.yml | 5 ++++- 14 files changed, 39 insertions(+), 30 deletions(-) diff --git a/rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml b/rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml index f561ba35..77e2e9b1 100644 --- a/rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml +++ b/rules/linux/auditd/lnx_auditd_ld_so_preload_mod.yml @@ -6,11 +6,11 @@ author: E.M. Anhaus (orignally from Atomic Blue Detections, Tony Lambert), oscd. date: 2019/10/24 modified: 2019/11/11 references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1055/T1055.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1574.006/T1574.006.yaml - https://eqllib.readthedocs.io/en/latest/analytics/fd9b987a-1101-4ed3-bda6-a70300eaf57e.html tags: - attack.defense_evasion - - attack.t1055 + - attack.t1574.006 logsource: product: linux service: auditd diff --git a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml index 2b28bb7a..de7ecdfb 100644 --- a/rules/linux/auditd/lnx_auditd_masquerading_crond.yml +++ b/rules/linux/auditd/lnx_auditd_masquerading_crond.yml @@ -6,7 +6,10 @@ description: Masquerading occurs when the name or location of an executable, leg author: Timur Zinniatullin, oscd.community date: 2019/10/21 references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036/T1036.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1036.003/T1036.003.yaml +tags: + - attack.defense_evasion + - attack.t1036.003 logsource: product: linux service: auditd @@ -19,6 +22,3 @@ detection: a3: '*/crond' condition: selection level: medium -tags: - - attack.defense_evasion - - attack.t1036 diff --git a/rules/linux/auditd/lnx_auditd_susp_cmds.yml b/rules/linux/auditd/lnx_auditd_susp_cmds.yml index 01dec32c..e0584732 100644 --- a/rules/linux/auditd/lnx_auditd_susp_cmds.yml +++ b/rules/linux/auditd/lnx_auditd_susp_cmds.yml @@ -4,6 +4,9 @@ status: experimental description: Detects relevant commands often related to malware or hacking activity references: - Internal Research - mostly derived from exploit code including code in MSF +tags: + - attack.execution + - attack.1059.004 date: 2017/12/12 author: Florian Roth logsource: diff --git a/rules/linux/auditd/lnx_auditd_web_rce.yml b/rules/linux/auditd/lnx_auditd_web_rce.yml index 2c537ddf..bb464b90 100644 --- a/rules/linux/auditd/lnx_auditd_web_rce.yml +++ b/rules/linux/auditd/lnx_auditd_web_rce.yml @@ -4,7 +4,6 @@ status: experimental description: Detects posible command execution by web application/web shell tags: - attack.persistence - - attack.t1100 - attack.t1505.003 references: - personal experience diff --git a/rules/linux/auditd/lnx_data_compressed.yml b/rules/linux/auditd/lnx_data_compressed.yml index e923e8ec..6e3ac919 100644 --- a/rules/linux/auditd/lnx_data_compressed.yml +++ b/rules/linux/auditd/lnx_data_compressed.yml @@ -6,7 +6,10 @@ author: Timur Zinniatullin, oscd.community date: 2019/10/21 modified: 2019/11/04 references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1002/T1002.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1560.001/T1560.001.yaml +tags: + - attack.exfiltration + - attack.t1560.001 logsource: product: linux service: auditd @@ -26,7 +29,3 @@ detection: falsepositives: - Legitimate use of archiving tools by legitimate user level: low -tags: - - attack.exfiltration - - attack.t1002 - - attack.t1560 diff --git a/rules/linux/lnx_apt_equationgroup_lnx.yml b/rules/linux/lnx_apt_equationgroup_lnx.yml index 390d5967..73c8489b 100755 --- a/rules/linux/lnx_apt_equationgroup_lnx.yml +++ b/rules/linux/lnx_apt_equationgroup_lnx.yml @@ -6,7 +6,7 @@ references: tags: - attack.execution - attack.g0020 - - attack.t1059 + - attack.t1059.004 author: Florian Roth date: 2017/04/09 logsource: diff --git a/rules/linux/lnx_chattr_immutable_removal.yml b/rules/linux/lnx_chattr_immutable_removal.yml index 70568f59..069ea56c 100644 --- a/rules/linux/lnx_chattr_immutable_removal.yml +++ b/rules/linux/lnx_chattr_immutable_removal.yml @@ -4,7 +4,7 @@ description: Detects removing immutable file attribute status: experimental tags: - attack.defense_evasion - - attack.t1222 + - attack.t1222.002 author: Jakob Weinzettl, oscd.community date: 2019/09/23 logsource: @@ -20,4 +20,4 @@ falsepositives: - Administrator interacting with immutable files (for instance backups) level: medium references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.yaml diff --git a/rules/linux/lnx_file_or_folder_permissions.yml b/rules/linux/lnx_file_or_folder_permissions.yml index bd2e29e5..c73c58b8 100644 --- a/rules/linux/lnx_file_or_folder_permissions.yml +++ b/rules/linux/lnx_file_or_folder_permissions.yml @@ -1,10 +1,10 @@ title: File or Folder Permissions Change -description: Detects +description: Detects id: 74c01ace-0152-4094-8ae2-6fd776dd43e5 status: experimental tags: - attack.defense_evasion - - attack.t1222 + - attack.t1222.002 author: Jakob Weinzettl, oscd.community date: 2019/09/23 logsource: @@ -21,4 +21,4 @@ falsepositives: - User interracting with files permissions (normal/daily behaviour) level: low references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222/T1222.yaml + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1222.002/T1222.002.yaml diff --git a/rules/linux/lnx_pers_systemd_reload.yml b/rules/linux/lnx_pers_systemd_reload.yml index 326b28b3..0bf77a53 100644 --- a/rules/linux/lnx_pers_systemd_reload.yml +++ b/rules/linux/lnx_pers_systemd_reload.yml @@ -4,7 +4,6 @@ description: Detects a reload or a start of a service status: experimental tags: - attack.persistence - - attack.t1501 - attack.t1543.002 author: Jakob Weinzettl, oscd.community date: 2019/09/23 @@ -24,5 +23,5 @@ falsepositives: - Legitimate reconfiguration of service level: low references: - - https://attack.mitre.org/techniques/T1501/ - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1501/T1501.yaml + - https://attack.mitre.org/techniques/T1543/002/ + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1543.002/T1543.002.yaml diff --git a/rules/linux/lnx_shell_clear_cmd_history.yml b/rules/linux/lnx_shell_clear_cmd_history.yml index 6b950cce..f00443e2 100644 --- a/rules/linux/lnx_shell_clear_cmd_history.yml +++ b/rules/linux/lnx_shell_clear_cmd_history.yml @@ -7,11 +7,11 @@ description: Clear command history in linux which is used for defense evasion. # It monitors the size of .bash_history and log the words "empty_bash_history" whenever a previously not empty bash_history becomes empty # We define an empty file as a document with 0 or 1 lines (it can be a line with only one space character for example) # It has two advantages over the version suggested by Patrick Bareiss : - # - it is not relative to the exact command used to clear .bash_history : for instance Caldera uses "> .bash_history" to clear the history and this is not one the commands listed here. We can't be exhaustive for all the possibilities ! - # - the method suggested by Patrick Bareiss logs all the commands entered directly in a bash shell. therefore it may miss some events (for instance it doesn't log the commands launched from a Caldera agent). Here if .bash_history is cleared, it will always be detected + # - it is not relative to the exact command used to clear .bash_history : for instance Caldera uses "> .bash_history" to clear the history and this is not one the commands listed here. We can't be exhaustive for all the possibilities ! + # - the method suggested by Patrick Bareiss logs all the commands entered directly in a bash shell. therefore it may miss some events (for instance it doesn't log the commands launched from a Caldera agent). Here if .bash_history is cleared, it will always be detected references: - - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml - - https://attack.mitre.org/techniques/T1146/ + - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1070.003/T1070.003.yaml + - https://attack.mitre.org/techniques/T1070/003/ - https://www.hackers-arise.com/single-post/2016/06/20/Covering-your-BASH-Shell-Tracks-AntiForensics author: Patrick Bareiss date: 2019/03/24 diff --git a/rules/linux/lnx_shell_priv_esc_prep.yml b/rules/linux/lnx_shell_priv_esc_prep.yml index 23df63e8..a07d0061 100644 --- a/rules/linux/lnx_shell_priv_esc_prep.yml +++ b/rules/linux/lnx_shell_priv_esc_prep.yml @@ -8,8 +8,8 @@ references: author: Patrick Bareiss date: 2019/04/05 tags: - - attack.privilege_escalation - - attack.t1068 + - attack.execution + - attack.t1059.004 level: medium logsource: product: linux diff --git a/rules/linux/lnx_shell_susp_commands.yml b/rules/linux/lnx_shell_susp_commands.yml index 370cf980..22917c78 100644 --- a/rules/linux/lnx_shell_susp_commands.yml +++ b/rules/linux/lnx_shell_susp_commands.yml @@ -6,6 +6,9 @@ references: - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/struts_code_exec_exception_delegator.rb#L121 - http://pastebin.com/FtygZ1cg - https://artkond.com/2017/03/23/pivoting-guide/ +tags: + - attack.execution + - attack.t1059.004 author: Florian Roth date: 2017/08/21 modified: 2019/02/05 @@ -24,11 +27,11 @@ detection: - 'socat -O /tmp/*' - 'socat tcp-connect*' - '*echo binary >>*' - # Malware + # Malware - '*wget *; chmod +x*' - '*wget *; chmod 777 *' - '*cd /tmp || cd /var/run || cd /mnt*' - # Apache Struts in-the-wild exploit codes + # Apache Struts in-the-wild exploit codes - '*stop;service iptables stop;*' - '*stop;SuSEfirewall2 stop;*' - 'chmod 777 2020*' diff --git a/rules/linux/lnx_shell_susp_rev_shells.yml b/rules/linux/lnx_shell_susp_rev_shells.yml index e6feb1e9..095c6af1 100644 --- a/rules/linux/lnx_shell_susp_rev_shells.yml +++ b/rules/linux/lnx_shell_susp_rev_shells.yml @@ -4,6 +4,9 @@ status: experimental description: Detects suspicious shell commands or program code that may be exected or used in command line to establish a reverse shell references: - https://alamot.github.io/reverse_shells/ +tags: + - attack.execution + - attack.t1059.004 author: Florian Roth date: 2019/04/02 logsource: diff --git a/rules/linux/lnx_susp_jexboss.yml b/rules/linux/lnx_susp_jexboss.yml index 1cb8713a..4541a98a 100644 --- a/rules/linux/lnx_susp_jexboss.yml +++ b/rules/linux/lnx_susp_jexboss.yml @@ -3,12 +3,15 @@ id: 8ec2c8b4-557a-4121-b87c-5dfb3a602fae description: Detects suspicious command sequence that JexBoss references: - https://www.us-cert.gov/ncas/analysis-reports/AR18-312A +tags: + - attack.execution + - attack.t1059.004 author: Florian Roth date: 2017/08/24 logsource: product: linux detection: - selection1: + selection1: - 'bash -c /bin/bash' selection2: - '&/dev/tcp/' From 72fdf0da459bc110f00694a3bfedf3bc8f5e8469 Mon Sep 17 00:00:00 2001 From: Timur Zinniatullin Date: Tue, 4 Aug 2020 20:00:30 +0300 Subject: [PATCH 711/714] Update lnx_auditd_susp_cmds.yml --- rules/linux/auditd/lnx_auditd_susp_cmds.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/linux/auditd/lnx_auditd_susp_cmds.yml b/rules/linux/auditd/lnx_auditd_susp_cmds.yml index e0584732..1b18d682 100644 --- a/rules/linux/auditd/lnx_auditd_susp_cmds.yml +++ b/rules/linux/auditd/lnx_auditd_susp_cmds.yml @@ -6,7 +6,7 @@ references: - Internal Research - mostly derived from exploit code including code in MSF tags: - attack.execution - - attack.1059.004 + - attack.t1059.004 date: 2017/12/12 author: Florian Roth logsource: From 01125ffd3be35b82fc97ddbf939f7285c49f066b Mon Sep 17 00:00:00 2001 From: Thomas Patzke Date: Tue, 11 Aug 2020 23:29:18 +0200 Subject: [PATCH 712/714] Fixed: Elastalert backend handling of conditional field mappings --- tools/sigma/backends/elasticsearch.py | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tools/sigma/backends/elasticsearch.py b/tools/sigma/backends/elasticsearch.py index 28645991..997b196f 100644 --- a/tools/sigma/backends/elasticsearch.py +++ b/tools/sigma/backends/elasticsearch.py @@ -31,9 +31,7 @@ from .base import BaseBackend, SingleTextQueryBackend from .mixins import RulenameCommentMixin, MultiRuleOutputMixin from .exceptions import NotSupportedError - class DeepFieldMappingMixin(object): - def fieldNameMapping(self, fieldname, value): if isinstance(fieldname, str): get_config = self.sigmaconfig.fieldmappings.get(fieldname) @@ -49,13 +47,10 @@ class DeepFieldMappingMixin(object): return super().fieldNameMapping(new_fieldname[0], value) return super().fieldNameMapping(fieldname, value) - def generate(self, sigmaparser): self.logsource = sigmaparser.parsedyaml.get("logsource", {}) return super().generate(sigmaparser) - - class ElasticsearchWildcardHandlingMixin(object): """ Determine field mapping to keyword subfields depending on existence of wildcards in search values. Further, @@ -233,7 +228,6 @@ class ElasticsearchWildcardHandlingMixin(object): else: return { 'is_regex': False, 'value': value } - class ElasticsearchQuerystringBackend(DeepFieldMappingMixin, ElasticsearchWildcardHandlingMixin, SingleTextQueryBackend): """Converts Sigma rule into Elasticsearch query string. Only searches, no aggregations.""" identifier = "es-qs" @@ -1003,6 +997,7 @@ class ElastalertBackend(DeepFieldMappingMixin, MultiRuleOutputMixin): self.fields = [] def generate(self, sigmaparser): + self.logsource = sigmaparser.parsedyaml.get("logsource", {}) rulename = self.getRuleName(sigmaparser) title = sigmaparser.parsedyaml.setdefault("title", "") description = sigmaparser.parsedyaml.setdefault("description", "") From 61a05ee054459dd3de2fe825454714d3f80158ef Mon Sep 17 00:00:00 2001 From: Florian Roth Date: Wed, 12 Aug 2020 16:44:37 +0200 Subject: [PATCH 713/714] reordered fields, changed indentation --- .../sysmon_abusing_azure_browser_sso.yml | 48 +++++++++---------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml index 023a308a..2a25beef 100644 --- a/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml +++ b/rules/windows/sysmon/sysmon_abusing_azure_browser_sso.yml @@ -1,29 +1,29 @@ title: Avusing Azure Browser SSO -author: Den Iuzvyk -description: Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user. -reference: -- https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30 -date: 2020/07/15 id: 50f852e6-af22-4c78-9ede-42ef36aa3453 -detection: - condition: selection_dll and not filter_legit - selection_dll: - EventID: 7 - ImageLoaded|endswith: MicrosoftAccountTokenProvider.dll - filter_legit: - Image|endswith: - - BackgroundTaskHost.exe - - devenv.exe - - iexplore.exe - - MicrosoftEdge.exe -falsepositives: -- unknown -level: high +description: Detects abusing Azure Browser SSO by requesting OAuth 2.0 refresh tokens for an Azure-AD-authenticated Windows user (i.e. the machine is joined to Azure AD and a user logs in with their Azure AD account) wanting to perform SSO authentication in the browser. An attacker can use this to authenticate to Azure AD in a browser as that user. +author: Den Iuzvyk +reference: + - https://posts.specterops.io/requesting-azure-ad-request-tokens-on-azure-ad-joined-machines-for-browser-sso-2b0409caad30 +date: 2020/07/15 logsource: - category: sysmon - product: windows + category: sysmon + product: windows status: experimental tags: -- attack.defense_evasion -- attack.privilege_escalation -- attack.t1073 + - attack.defense_evasion + - attack.privilege_escalation + - attack.t1073 +detection: + condition: selection_dll and not filter_legit + selection_dll: + EventID: 7 + ImageLoaded|endswith: MicrosoftAccountTokenProvider.dll + filter_legit: + Image|endswith: + - BackgroundTaskHost.exe + - devenv.exe + - iexplore.exe + - MicrosoftEdge.exe +falsepositives: + - unknown +level: high From 7e6828dd40a99362aa7f0e4df91232786ef5a2de Mon Sep 17 00:00:00 2001 From: "Dermott, Scott J" Date: Thu, 13 Aug 2020 10:24:44 +0100 Subject: [PATCH 714/714] + Adding Mitre Sub-Techniques and python update script to fetch latest Pre, Enterprise & Mobile Tactics and Techniques from Mitre CTI --- tools/config/mitre/tactics.json | 405 +- tools/config/mitre/techniques.json | 8878 ++++++++++++++-------------- tools/config/mitre/update_mitre.py | 127 + 3 files changed, 4859 insertions(+), 4551 deletions(-) create mode 100644 tools/config/mitre/update_mitre.py diff --git a/tools/config/mitre/tactics.json b/tools/config/mitre/tactics.json index e5549d8f..9e90fabe 100644 --- a/tools/config/mitre/tactics.json +++ b/tools/config/mitre/tactics.json @@ -1,202 +1,207 @@ [ - { - "external_id": "TA0040", - "url": "https://attack.mitre.org/tactics/TA0040", - "tactic": "Impact" - }, - { - "external_id": "TA0009", - "url": "https://attack.mitre.org/tactics/TA0009", - "tactic": "Collection" - }, - { - "external_id": "TA0011", - "url": "https://attack.mitre.org/tactics/TA0011", - "tactic": "Command and Control" - }, - { - "external_id": "TA0006", - "url": "https://attack.mitre.org/tactics/TA0006", - "tactic": "Credential Access" - }, - { - "external_id": "TA0007", - "url": "https://attack.mitre.org/tactics/TA0007", - "tactic": "Discovery" - }, - { - "external_id": "TA0005", - "url": "https://attack.mitre.org/tactics/TA0005", - "tactic": "Defense Evasion" - }, - { - "external_id": "TA0010", - "url": "https://attack.mitre.org/tactics/TA0010", - "tactic": "Exfiltration" - }, - { - "external_id": "TA0002", - "url": "https://attack.mitre.org/tactics/TA0002", - "tactic": "Execution" - }, - { - "external_id": "TA0008", - "url": "https://attack.mitre.org/tactics/TA0008", - "tactic": "Lateral Movement" - }, - { - "external_id": "TA0003", - "url": "https://attack.mitre.org/tactics/TA0003", - "tactic": "Persistence" - }, - { - "external_id": "TA0004", - "url": "https://attack.mitre.org/tactics/TA0004", - "tactic": "Privilege Escalation" - }, - { - "external_id": "TA0001", - "url": "https://attack.mitre.org/tactics/TA0001", - "tactic": "Initial Access" - }, - { - "external_id": "TA0020", - "url": "https://attack.mitre.org/tactics/TA0020", - "tactic": "Organizational Weakness Identification" - }, - { - "external_id": "TA0012", - "url": "https://attack.mitre.org/tactics/TA0012", - "tactic": "Priority Definition Planning" - }, - { - "external_id": "TA0025", - "url": "https://attack.mitre.org/tactics/TA0025", - "tactic": "Test Capabilities" - }, - { - "external_id": "TA0017", - "url": "https://attack.mitre.org/tactics/TA0017", - "tactic": "Organizational Information Gathering" - }, - { - "external_id": "TA0013", - "url": "https://attack.mitre.org/tactics/TA0013", - "tactic": "Priority Definition Direction" - }, - { - "external_id": "TA0018", - "url": "https://attack.mitre.org/tactics/TA0018", - "tactic": "Technical Weakness Identification" - }, - { - "external_id": "TA0022", - "url": "https://attack.mitre.org/tactics/TA0022", - "tactic": "Establish & Maintain Infrastructure" - }, - { - "external_id": "TA0023", - "url": "https://attack.mitre.org/tactics/TA0023", - "tactic": "Persona Development" - }, - { - "external_id": "TA0015", - "url": "https://attack.mitre.org/tactics/TA0015", - "tactic": "Technical Information Gathering" - }, - { - "external_id": "TA0021", - "url": "https://attack.mitre.org/tactics/TA0021", - "tactic": "Adversary OPSEC" - }, - { - "external_id": "TA0016", - "url": "https://attack.mitre.org/tactics/TA0016", - "tactic": "People Information Gathering" - }, - { - "external_id": "TA0026", - "url": "https://attack.mitre.org/tactics/TA0026", - "tactic": "Stage Capabilities" - }, - { - "external_id": "TA0024", - "url": "https://attack.mitre.org/tactics/TA0024", - "tactic": "Build Capabilities" - }, - { - "external_id": "TA0019", - "url": "https://attack.mitre.org/tactics/TA0019", - "tactic": "People Weakness Identification" - }, - { - "external_id": "TA0014", - "url": "https://attack.mitre.org/tactics/TA0014", - "tactic": "Target Selection" - }, - { - "external_id": "TA0035", - "url": "https://attack.mitre.org/tactics/TA0035", - "tactic": "Collection" - }, - { - "external_id": "TA0036", - "url": "https://attack.mitre.org/tactics/TA0036", - "tactic": "Exfiltration" - }, - { - "external_id": "TA0028", - "url": "https://attack.mitre.org/tactics/TA0028", - "tactic": "Persistence" - }, - { - "external_id": "TA0032", - "url": "https://attack.mitre.org/tactics/TA0032", - "tactic": "Discovery" - }, - { - "external_id": "TA0038", - "url": "https://attack.mitre.org/tactics/TA0038", - "tactic": "Network Effects" - }, - { - "external_id": "TA0030", - "url": "https://attack.mitre.org/tactics/TA0030", - "tactic": "Defense Evasion" - }, - { - "external_id": "TA0033", - "url": "https://attack.mitre.org/tactics/TA0033", - "tactic": "Lateral Movement" - }, - { - "external_id": "TA0031", - "url": "https://attack.mitre.org/tactics/TA0031", - "tactic": "Credential Access" - }, - { - "external_id": "TA0027", - "url": "https://attack.mitre.org/tactics/TA0027", - "tactic": "Initial Access" - }, - { - "external_id": "TA0039", - "url": "https://attack.mitre.org/tactics/TA0039", - "tactic": "Remote Service Effects" - }, - { - "external_id": "TA0037", - "url": "https://attack.mitre.org/tactics/TA0037", - "tactic": "Command and Control" - }, - { - "external_id": "TA0034", - "url": "https://attack.mitre.org/tactics/TA0034", - "tactic": "Impact" - }, - { - "external_id": "TA0029", - "url": "https://attack.mitre.org/tactics/TA0029", - "tactic": "Privilege Escalation" - } + { + "external_id": "TA0001", + "url": "https://attack.mitre.org/tactics/TA0001", + "tactic": "Initial Access" + }, + { + "external_id": "TA0002", + "url": "https://attack.mitre.org/tactics/TA0002", + "tactic": "Execution" + }, + { + "external_id": "TA0003", + "url": "https://attack.mitre.org/tactics/TA0003", + "tactic": "Persistence" + }, + { + "external_id": "TA0004", + "url": "https://attack.mitre.org/tactics/TA0004", + "tactic": "Privilege Escalation" + }, + { + "external_id": "TA0005", + "url": "https://attack.mitre.org/tactics/TA0005", + "tactic": "Defense Evasion" + }, + { + "external_id": "TA0006", + "url": "https://attack.mitre.org/tactics/TA0006", + "tactic": "Credential Access" + }, + { + "external_id": "TA0007", + "url": "https://attack.mitre.org/tactics/TA0007", + "tactic": "Discovery" + }, + { + "external_id": "TA0008", + "url": "https://attack.mitre.org/tactics/TA0008", + "tactic": "Lateral Movement" + }, + { + "external_id": "TA0009", + "url": "https://attack.mitre.org/tactics/TA0009", + "tactic": "Collection" + }, + { + "external_id": "TA0010", + "url": "https://attack.mitre.org/tactics/TA0010", + "tactic": "Exfiltration" + }, + { + "external_id": "TA0011", + "url": "https://attack.mitre.org/tactics/TA0011", + "tactic": "Command and Control" + }, + { + "external_id": "TA0012", + "url": "https://attack.mitre.org/tactics/TA0012", + "tactic": "Priority Definition Planning" + }, + { + "external_id": "TA0013", + "url": "https://attack.mitre.org/tactics/TA0013", + "tactic": "Priority Definition Direction" + }, + { + "external_id": "TA0014", + "url": "https://attack.mitre.org/tactics/TA0014", + "tactic": "Target Selection" + }, + { + "external_id": "TA0015", + "url": "https://attack.mitre.org/tactics/TA0015", + "tactic": "Technical Information Gathering" + }, + { + "external_id": "TA0016", + "url": "https://attack.mitre.org/tactics/TA0016", + "tactic": "People Information Gathering" + }, + { + "external_id": "TA0017", + "url": "https://attack.mitre.org/tactics/TA0017", + "tactic": "Organizational Information Gathering" + }, + { + "external_id": "TA0018", + "url": "https://attack.mitre.org/tactics/TA0018", + "tactic": "Technical Weakness Identification" + }, + { + "external_id": "TA0019", + "url": "https://attack.mitre.org/tactics/TA0019", + "tactic": "People Weakness Identification" + }, + { + "external_id": "TA0020", + "url": "https://attack.mitre.org/tactics/TA0020", + "tactic": "Organizational Weakness Identification" + }, + { + "external_id": "TA0021", + "url": "https://attack.mitre.org/tactics/TA0021", + "tactic": "Adversary OPSEC" + }, + { + "external_id": "TA0022", + "url": "https://attack.mitre.org/tactics/TA0022", + "tactic": "Establish & Maintain Infrastructure" + }, + { + "external_id": "TA0023", + "url": "https://attack.mitre.org/tactics/TA0023", + "tactic": "Persona Development" + }, + { + "external_id": "TA0024", + "url": "https://attack.mitre.org/tactics/TA0024", + "tactic": "Build Capabilities" + }, + { + "external_id": "TA0025", + "url": "https://attack.mitre.org/tactics/TA0025", + "tactic": "Test Capabilities" + }, + { + "external_id": "TA0026", + "url": "https://attack.mitre.org/tactics/TA0026", + "tactic": "Stage Capabilities" + }, + { + "external_id": "TA0027", + "url": "https://attack.mitre.org/tactics/TA0027", + "tactic": "Initial Access" + }, + { + "external_id": "TA0028", + "url": "https://attack.mitre.org/tactics/TA0028", + "tactic": "Persistence" + }, + { + "external_id": "TA0029", + "url": "https://attack.mitre.org/tactics/TA0029", + "tactic": "Privilege Escalation" + }, + { + "external_id": "TA0030", + "url": "https://attack.mitre.org/tactics/TA0030", + "tactic": "Defense Evasion" + }, + { + "external_id": "TA0031", + "url": "https://attack.mitre.org/tactics/TA0031", + "tactic": "Credential Access" + }, + { + "external_id": "TA0032", + "url": "https://attack.mitre.org/tactics/TA0032", + "tactic": "Discovery" + }, + { + "external_id": "TA0033", + "url": "https://attack.mitre.org/tactics/TA0033", + "tactic": "Lateral Movement" + }, + { + "external_id": "TA0034", + "url": "https://attack.mitre.org/tactics/TA0034", + "tactic": "Impact" + }, + { + "external_id": "TA0035", + "url": "https://attack.mitre.org/tactics/TA0035", + "tactic": "Collection" + }, + { + "external_id": "TA0036", + "url": "https://attack.mitre.org/tactics/TA0036", + "tactic": "Exfiltration" + }, + { + "external_id": "TA0037", + "url": "https://attack.mitre.org/tactics/TA0037", + "tactic": "Command and Control" + }, + { + "external_id": "TA0038", + "url": "https://attack.mitre.org/tactics/TA0038", + "tactic": "Network Effects" + }, + { + "external_id": "TA0039", + "url": "https://attack.mitre.org/tactics/TA0039", + "tactic": "Remote Service Effects" + }, + { + "external_id": "TA0040", + "url": "https://attack.mitre.org/tactics/TA0040", + "tactic": "Impact" + }, + { + "external_id": "TA0041", + "url": "https://attack.mitre.org/tactics/TA0041", + "tactic": "Execution" + } ] \ No newline at end of file diff --git a/tools/config/mitre/techniques.json b/tools/config/mitre/techniques.json index 22541bb2..811a52e0 100644 --- a/tools/config/mitre/techniques.json +++ b/tools/config/mitre/techniques.json @@ -1,4353 +1,4529 @@ [ - { - "technique_id": "T1531", - "technique": "Account Access Removal", - "url": "https://attack.mitre.org/techniques/T1531", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1506", - "technique": "Web Session Cookie", - "url": "https://attack.mitre.org/techniques/T1506", - "tactic": [ - "Defense Evasion", - "Lateral Movement" - ] - }, - { - "technique_id": "T1539", - "technique": "Steal Web Session Cookie", - "url": "https://attack.mitre.org/techniques/T1539", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1529", - "technique": "System Shutdown/Reboot", - "url": "https://attack.mitre.org/techniques/T1529", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1519", - "technique": "Emond", - "url": "https://attack.mitre.org/techniques/T1519", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1518", - "technique": "Software Discovery", - "url": "https://attack.mitre.org/techniques/T1518", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1534", - "technique": "Internal Spearphishing", - "url": "https://attack.mitre.org/techniques/T1534", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1528", - "technique": "Steal Application Access Token", - "url": "https://attack.mitre.org/techniques/T1528", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1522", - "technique": "Cloud Instance Metadata API", - "url": "https://attack.mitre.org/techniques/T1522", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1536", - "technique": "Revert Cloud Instance", - "url": "https://attack.mitre.org/techniques/T1536", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1535", - "technique": "Unused/Unsupported Cloud Regions", - "url": "https://attack.mitre.org/techniques/T1535", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1525", - "technique": "Implant Container Image", - "url": "https://attack.mitre.org/techniques/T1525", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1538", - "technique": "Cloud Service Dashboard", - "url": "https://attack.mitre.org/techniques/T1538", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1530", - "technique": "Data from Cloud Storage Object", - "url": "https://attack.mitre.org/techniques/T1530", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1537", - "technique": "Transfer Data to Cloud Account", - "url": "https://attack.mitre.org/techniques/T1537", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1526", - "technique": "Cloud Service Discovery", - "url": "https://attack.mitre.org/techniques/T1526", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1527", - "technique": "Application Access Token", - "url": "https://attack.mitre.org/techniques/T1527", - "tactic": [ - "Defense Evasion", - "Lateral Movement" - ] - }, - { - "technique_id": "T1514", - "technique": "Elevated Execution with Prompt", - "url": "https://attack.mitre.org/techniques/T1514", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1505", - "technique": "Server Software Component", - "url": "https://attack.mitre.org/techniques/T1505", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1503", - "technique": "Credentials from Web Browsers", - "url": "https://attack.mitre.org/techniques/T1503", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1504", - "technique": "PowerShell Profile", - "url": "https://attack.mitre.org/techniques/T1504", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1502", - "technique": "Parent PID Spoofing", - "url": "https://attack.mitre.org/techniques/T1502", - "tactic": [ - "Defense Evasion", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1500", - "technique": "Compile After Delivery", - "url": "https://attack.mitre.org/techniques/T1500", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1501", - "technique": "Systemd Service", - "url": "https://attack.mitre.org/techniques/T1501", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1499", - "technique": "Endpoint Denial of Service", - "url": "https://attack.mitre.org/techniques/T1499", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1497", - "technique": "Virtualization/Sandbox Evasion", - "url": "https://attack.mitre.org/techniques/T1497", - "tactic": [ - "Defense Evasion", - "Discovery" - ] - }, - { - "technique_id": "T1498", - "technique": "Network Denial of Service", - "url": "https://attack.mitre.org/techniques/T1498", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1496", - "technique": "Resource Hijacking", - "url": "https://attack.mitre.org/techniques/T1496", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1495", - "technique": "Firmware Corruption", - "url": "https://attack.mitre.org/techniques/T1495", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1494", - "technique": "Runtime Data Manipulation", - "url": "https://attack.mitre.org/techniques/T1494", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1493", - "technique": "Transmitted Data Manipulation", - "url": "https://attack.mitre.org/techniques/T1493", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1492", - "technique": "Stored Data Manipulation", - "url": "https://attack.mitre.org/techniques/T1492", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1491", - "technique": "Defacement", - "url": "https://attack.mitre.org/techniques/T1491", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1490", - "technique": "Inhibit System Recovery", - "url": "https://attack.mitre.org/techniques/T1490", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1489", - "technique": "Service Stop", - "url": "https://attack.mitre.org/techniques/T1489", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1488", - "technique": "Disk Content Wipe", - "url": "https://attack.mitre.org/techniques/T1488", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1487", - "technique": "Disk Structure Wipe", - "url": "https://attack.mitre.org/techniques/T1487", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1486", - "technique": "Data Encrypted for Impact", - "url": "https://attack.mitre.org/techniques/T1486", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1485", - "technique": "Data Destruction", - "url": "https://attack.mitre.org/techniques/T1485", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1484", - "technique": "Group Policy Modification", - "url": "https://attack.mitre.org/techniques/T1484", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1483", - "technique": "Domain Generation Algorithms", - "url": "https://attack.mitre.org/techniques/T1483", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1482", - "technique": "Domain Trust Discovery", - "url": "https://attack.mitre.org/techniques/T1482", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1480", - "technique": "Execution Guardrails", - "url": "https://attack.mitre.org/techniques/T1480", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1222", - "technique": "File and Directory Permissions Modification", - "url": "https://attack.mitre.org/techniques/T1222", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1223", - "technique": "Compiled HTML File", - "url": "https://attack.mitre.org/techniques/T1223", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1221", - "technique": "Template Injection", - "url": "https://attack.mitre.org/techniques/T1221", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1220", - "technique": "XSL Script Processing", - "url": "https://attack.mitre.org/techniques/T1220", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1217", - "technique": "Browser Bookmark Discovery", - "url": "https://attack.mitre.org/techniques/T1217", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1213", - "technique": "Data from Information Repositories", - "url": "https://attack.mitre.org/techniques/T1213", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1190", - "technique": "Exploit Public-Facing Application", - "url": "https://attack.mitre.org/techniques/T1190", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1210", - "technique": "Exploitation of Remote Services", - "url": "https://attack.mitre.org/techniques/T1210", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1200", - "technique": "Hardware Additions", - "url": "https://attack.mitre.org/techniques/T1200", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1202", - "technique": "Indirect Command Execution", - "url": "https://attack.mitre.org/techniques/T1202", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1194", - "technique": "Spearphishing via Service", - "url": "https://attack.mitre.org/techniques/T1194", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1209", - "technique": "Time Providers", - "url": "https://attack.mitre.org/techniques/T1209", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1199", - "technique": "Trusted Relationship", - "url": "https://attack.mitre.org/techniques/T1199", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1191", - "technique": "CMSTP", - "url": "https://attack.mitre.org/techniques/T1191", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1207", - "technique": "DCShadow", - "url": "https://attack.mitre.org/techniques/T1207", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1189", - "technique": "Drive-by Compromise", - "url": "https://attack.mitre.org/techniques/T1189", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1211", - "technique": "Exploitation for Defense Evasion", - "url": "https://attack.mitre.org/techniques/T1211", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1218", - "technique": "Signed Binary Proxy Execution", - "url": "https://attack.mitre.org/techniques/T1218", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1193", - "technique": "Spearphishing Attachment", - "url": "https://attack.mitre.org/techniques/T1193", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1195", - "technique": "Supply Chain Compromise", - "url": "https://attack.mitre.org/techniques/T1195", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1204", - "technique": "User Execution", - "url": "https://attack.mitre.org/techniques/T1204", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1196", - "technique": "Control Panel Items", - "url": "https://attack.mitre.org/techniques/T1196", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1212", - "technique": "Exploitation for Credential Access", - "url": "https://attack.mitre.org/techniques/T1212", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1215", - "technique": "Kernel Modules and Extensions", - "url": "https://attack.mitre.org/techniques/T1215", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1197", - "technique": "BITS Jobs", - "url": "https://attack.mitre.org/techniques/T1197", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1214", - "technique": "Credentials in Registry", - "url": "https://attack.mitre.org/techniques/T1214", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1216", - "technique": "Signed Script Proxy Execution", - "url": "https://attack.mitre.org/techniques/T1216", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1192", - "technique": "Spearphishing Link", - "url": "https://attack.mitre.org/techniques/T1192", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1198", - "technique": "SIP and Trust Provider Hijacking", - "url": "https://attack.mitre.org/techniques/T1198", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1206", - "technique": "Sudo Caching", - "url": "https://attack.mitre.org/techniques/T1206", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1203", - "technique": "Exploitation for Client Execution", - "url": "https://attack.mitre.org/techniques/T1203", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1208", - "technique": "Kerberoasting", - "url": "https://attack.mitre.org/techniques/T1208", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1201", - "technique": "Password Policy Discovery", - "url": "https://attack.mitre.org/techniques/T1201", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1205", - "technique": "Port Knocking", - "url": "https://attack.mitre.org/techniques/T1205", - "tactic": [ - "Defense Evasion", - "Persistence", - "Command And Control" - ] - }, - { - "technique_id": "T1219", - "technique": "Remote Access Tools", - "url": "https://attack.mitre.org/techniques/T1219", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1172", - "technique": "Domain Fronting", - "url": "https://attack.mitre.org/techniques/T1172", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1173", - "technique": "Dynamic Data Exchange", - "url": "https://attack.mitre.org/techniques/T1173", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1187", - "technique": "Forced Authentication", - "url": "https://attack.mitre.org/techniques/T1187", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1188", - "technique": "Multi-hop Proxy", - "url": "https://attack.mitre.org/techniques/T1188", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1174", - "technique": "Password Filter DLL", - "url": "https://attack.mitre.org/techniques/T1174", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1175", - "technique": "Component Object Model and Distributed COM", - "url": "https://attack.mitre.org/techniques/T1175", - "tactic": [ - "Lateral Movement", - "Execution" - ] - }, - { - "technique_id": "T1170", - "technique": "Mshta", - "url": "https://attack.mitre.org/techniques/T1170", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1179", - "technique": "Hooking", - "url": "https://attack.mitre.org/techniques/T1179", - "tactic": [ - "Persistence", - "Privilege Escalation", - "Credential Access" - ] - }, - { - "technique_id": "T1184", - "technique": "SSH Hijacking", - "url": "https://attack.mitre.org/techniques/T1184", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1181", - "technique": "Extra Window Memory Injection", - "url": "https://attack.mitre.org/techniques/T1181", - "tactic": [ - "Defense Evasion", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1177", - "technique": "LSASS Driver", - "url": "https://attack.mitre.org/techniques/T1177", - "tactic": [ - "Execution", - "Persistence" - ] - }, - { - "technique_id": "T1182", - "technique": "AppCert DLLs", - "url": "https://attack.mitre.org/techniques/T1182", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1176", - "technique": "Browser Extensions", - "url": "https://attack.mitre.org/techniques/T1176", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1185", - "technique": "Man in the Browser", - "url": "https://attack.mitre.org/techniques/T1185", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1180", - "technique": "Screensaver", - "url": "https://attack.mitre.org/techniques/T1180", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1183", - "technique": "Image File Execution Options Injection", - "url": "https://attack.mitre.org/techniques/T1183", - "tactic": [ - "Privilege Escalation", - "Persistence", - "Defense Evasion" - ] - }, - { - "technique_id": "T1171", - "technique": "LLMNR/NBT-NS Poisoning and Relay", - "url": "https://attack.mitre.org/techniques/T1171", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1186", - "technique": "Process Doppelg\\u00e4nging", - "url": "https://attack.mitre.org/techniques/T1186", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1178", - "technique": "SID-History Injection", - "url": "https://attack.mitre.org/techniques/T1178", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1138", - "technique": "Application Shimming", - "url": "https://attack.mitre.org/techniques/T1138", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1140", - "technique": "Deobfuscate/Decode Files or Information", - "url": "https://attack.mitre.org/techniques/T1140", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1149", - "technique": "LC_MAIN Hijacking", - "url": "https://attack.mitre.org/techniques/T1149", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1152", - "technique": "Launchctl", - "url": "https://attack.mitre.org/techniques/T1152", - "tactic": [ - "Defense Evasion", - "Execution", - "Persistence" - ] - }, - { - "technique_id": "T1150", - "technique": "Plist Modification", - "url": "https://attack.mitre.org/techniques/T1150", - "tactic": [ - "Defense Evasion", - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1163", - "technique": "Rc.common", - "url": "https://attack.mitre.org/techniques/T1163", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1166", - "technique": "Setuid and Setgid", - "url": "https://attack.mitre.org/techniques/T1166", - "tactic": [ - "Privilege Escalation", - "Persistence" - ] - }, - { - "technique_id": "T1157", - "technique": "Dylib Hijacking", - "url": "https://attack.mitre.org/techniques/T1157", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1155", - "technique": "AppleScript", - "url": "https://attack.mitre.org/techniques/T1155", - "tactic": [ - "Execution", - "Lateral Movement" - ] - }, - { - "technique_id": "T1136", - "technique": "Create Account", - "url": "https://attack.mitre.org/techniques/T1136", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1143", - "technique": "Hidden Window", - "url": "https://attack.mitre.org/techniques/T1143", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1141", - "technique": "Input Prompt", - "url": "https://attack.mitre.org/techniques/T1141", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1142", - "technique": "Keychain", - "url": "https://attack.mitre.org/techniques/T1142", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1159", - "technique": "Launch Agent", - "url": "https://attack.mitre.org/techniques/T1159", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1135", - "technique": "Network Share Discovery", - "url": "https://attack.mitre.org/techniques/T1135", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1148", - "technique": "HISTCONTROL", - "url": "https://attack.mitre.org/techniques/T1148", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1161", - "technique": "LC_LOAD_DYLIB Addition", - "url": "https://attack.mitre.org/techniques/T1161", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1154", - "technique": "Trap", - "url": "https://attack.mitre.org/techniques/T1154", - "tactic": [ - "Execution", - "Persistence" - ] - }, - { - "technique_id": "T1134", - "technique": "Access Token Manipulation", - "url": "https://attack.mitre.org/techniques/T1134", - "tactic": [ - "Defense Evasion", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1139", - "technique": "Bash History", - "url": "https://attack.mitre.org/techniques/T1139", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1147", - "technique": "Hidden Users", - "url": "https://attack.mitre.org/techniques/T1147", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1156", - "technique": ".bash_profile and .bashrc", - "url": "https://attack.mitre.org/techniques/T1156", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1146", - "technique": "Clear Command History", - "url": "https://attack.mitre.org/techniques/T1146", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1160", - "technique": "Launch Daemon", - "url": "https://attack.mitre.org/techniques/T1160", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1145", - "technique": "Private Keys", - "url": "https://attack.mitre.org/techniques/T1145", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1165", - "technique": "Startup Items", - "url": "https://attack.mitre.org/techniques/T1165", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1162", - "technique": "Login Item", - "url": "https://attack.mitre.org/techniques/T1162", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1137", - "technique": "Office Application Startup", - "url": "https://attack.mitre.org/techniques/T1137", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1151", - "technique": "Space after Filename", - "url": "https://attack.mitre.org/techniques/T1151", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1144", - "technique": "Gatekeeper Bypass", - "url": "https://attack.mitre.org/techniques/T1144", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1158", - "technique": "Hidden Files and Directories", - "url": "https://attack.mitre.org/techniques/T1158", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1168", - "technique": "Local Job Scheduling", - "url": "https://attack.mitre.org/techniques/T1168", - "tactic": [ - "Persistence", - "Execution" - ] - }, - { - "technique_id": "T1164", - "technique": "Re-opened Applications", - "url": "https://attack.mitre.org/techniques/T1164", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1167", - "technique": "Securityd Memory", - "url": "https://attack.mitre.org/techniques/T1167", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1153", - "technique": "Source", - "url": "https://attack.mitre.org/techniques/T1153", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1169", - "technique": "Sudo", - "url": "https://attack.mitre.org/techniques/T1169", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1133", - "technique": "External Remote Services", - "url": "https://attack.mitre.org/techniques/T1133", - "tactic": [ - "Persistence", - "Initial Access" - ] - }, - { - "technique_id": "T1132", - "technique": "Data Encoding", - "url": "https://attack.mitre.org/techniques/T1132", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1131", - "technique": "Authentication Package", - "url": "https://attack.mitre.org/techniques/T1131", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1130", - "technique": "Install Root Certificate", - "url": "https://attack.mitre.org/techniques/T1130", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1129", - "technique": "Execution through Module Load", - "url": "https://attack.mitre.org/techniques/T1129", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1128", - "technique": "Netsh Helper DLL", - "url": "https://attack.mitre.org/techniques/T1128", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1127", - "technique": "Trusted Developer Utilities", - "url": "https://attack.mitre.org/techniques/T1127", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1126", - "technique": "Network Share Connection Removal", - "url": "https://attack.mitre.org/techniques/T1126", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1125", - "technique": "Video Capture", - "url": "https://attack.mitre.org/techniques/T1125", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1124", - "technique": "System Time Discovery", - "url": "https://attack.mitre.org/techniques/T1124", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1123", - "technique": "Audio Capture", - "url": "https://attack.mitre.org/techniques/T1123", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1122", - "technique": "Component Object Model Hijacking", - "url": "https://attack.mitre.org/techniques/T1122", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1121", - "technique": "Regsvcs/Regasm", - "url": "https://attack.mitre.org/techniques/T1121", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1120", - "technique": "Peripheral Device Discovery", - "url": "https://attack.mitre.org/techniques/T1120", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1119", - "technique": "Automated Collection", - "url": "https://attack.mitre.org/techniques/T1119", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1118", - "technique": "InstallUtil", - "url": "https://attack.mitre.org/techniques/T1118", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1117", - "technique": "Regsvr32", - "url": "https://attack.mitre.org/techniques/T1117", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1116", - "technique": "Code Signing", - "url": "https://attack.mitre.org/techniques/T1116", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1115", - "technique": "Clipboard Data", - "url": "https://attack.mitre.org/techniques/T1115", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1114", - "technique": "Email Collection", - "url": "https://attack.mitre.org/techniques/T1114", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1113", - "technique": "Screen Capture", - "url": "https://attack.mitre.org/techniques/T1113", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1112", - "technique": "Modify Registry", - "url": "https://attack.mitre.org/techniques/T1112", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1111", - "technique": "Two-Factor Authentication Interception", - "url": "https://attack.mitre.org/techniques/T1111", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1110", - "technique": "Brute Force", - "url": "https://attack.mitre.org/techniques/T1110", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1109", - "technique": "Component Firmware", - "url": "https://attack.mitre.org/techniques/T1109", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1108", - "technique": "Redundant Access", - "url": "https://attack.mitre.org/techniques/T1108", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1107", - "technique": "File Deletion", - "url": "https://attack.mitre.org/techniques/T1107", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1106", - "technique": "Execution through API", - "url": "https://attack.mitre.org/techniques/T1106", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1105", - "technique": "Remote File Copy", - "url": "https://attack.mitre.org/techniques/T1105", - "tactic": [ - "Command And Control", - "Lateral Movement" - ] - }, - { - "technique_id": "T1104", - "technique": "Multi-Stage Channels", - "url": "https://attack.mitre.org/techniques/T1104", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1103", - "technique": "AppInit DLLs", - "url": "https://attack.mitre.org/techniques/T1103", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1102", - "technique": "Web Service", - "url": "https://attack.mitre.org/techniques/T1102", - "tactic": [ - "Command And Control", - "Defense Evasion" - ] - }, - { - "technique_id": "T1101", - "technique": "Security Support Provider", - "url": "https://attack.mitre.org/techniques/T1101", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1100", - "technique": "Web Shell", - "url": "https://attack.mitre.org/techniques/T1100", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1099", - "technique": "Timestomp", - "url": "https://attack.mitre.org/techniques/T1099", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1098", - "technique": "Account Manipulation", - "url": "https://attack.mitre.org/techniques/T1098", - "tactic": [ - "Credential Access", - "Persistence" - ] - }, - { - "technique_id": "T1097", - "technique": "Pass the Ticket", - "url": "https://attack.mitre.org/techniques/T1097", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1096", - "technique": "NTFS File Attributes", - "url": "https://attack.mitre.org/techniques/T1096", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1095", - "technique": "Standard Non-Application Layer Protocol", - "url": "https://attack.mitre.org/techniques/T1095", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1094", - "technique": "Custom Command and Control Protocol", - "url": "https://attack.mitre.org/techniques/T1094", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1093", - "technique": "Process Hollowing", - "url": "https://attack.mitre.org/techniques/T1093", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1092", - "technique": "Communication Through Removable Media", - "url": "https://attack.mitre.org/techniques/T1092", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1091", - "technique": "Replication Through Removable Media", - "url": "https://attack.mitre.org/techniques/T1091", - "tactic": [ - "Lateral Movement", - "Initial Access" - ] - }, - { - "technique_id": "T1090", - "technique": "Connection Proxy", - "url": "https://attack.mitre.org/techniques/T1090", - "tactic": [ - "Command And Control", - "Defense Evasion" - ] - }, - { - "technique_id": "T1089", - "technique": "Disabling Security Tools", - "url": "https://attack.mitre.org/techniques/T1089", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1088", - "technique": "Bypass User Account Control", - "url": "https://attack.mitre.org/techniques/T1088", - "tactic": [ - "Defense Evasion", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1087", - "technique": "Account Discovery", - "url": "https://attack.mitre.org/techniques/T1087", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1086", - "technique": "PowerShell", - "url": "https://attack.mitre.org/techniques/T1086", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1085", - "technique": "Rundll32", - "url": "https://attack.mitre.org/techniques/T1085", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1084", - "technique": "Windows Management Instrumentation Event Subscription", - "url": "https://attack.mitre.org/techniques/T1084", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1083", - "technique": "File and Directory Discovery", - "url": "https://attack.mitre.org/techniques/T1083", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1082", - "technique": "System Information Discovery", - "url": "https://attack.mitre.org/techniques/T1082", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1081", - "technique": "Credentials in Files", - "url": "https://attack.mitre.org/techniques/T1081", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1080", - "technique": "Taint Shared Content", - "url": "https://attack.mitre.org/techniques/T1080", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1079", - "technique": "Multilayer Encryption", - "url": "https://attack.mitre.org/techniques/T1079", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1078", - "technique": "Valid Accounts", - "url": "https://attack.mitre.org/techniques/T1078", - "tactic": [ - "Defense Evasion", - "Persistence", - "Privilege Escalation", - "Initial Access" - ] - }, - { - "technique_id": "T1077", - "technique": "Windows Admin Shares", - "url": "https://attack.mitre.org/techniques/T1077", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1076", - "technique": "Remote Desktop Protocol", - "url": "https://attack.mitre.org/techniques/T1076", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1075", - "technique": "Pass the Hash", - "url": "https://attack.mitre.org/techniques/T1075", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1074", - "technique": "Data Staged", - "url": "https://attack.mitre.org/techniques/T1074", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1073", - "technique": "DLL Side-Loading", - "url": "https://attack.mitre.org/techniques/T1073", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1072", - "technique": "Third-party Software", - "url": "https://attack.mitre.org/techniques/T1072", - "tactic": [ - "Execution", - "Lateral Movement" - ] - }, - { - "technique_id": "T1071", - "technique": "Standard Application Layer Protocol", - "url": "https://attack.mitre.org/techniques/T1071", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1070", - "technique": "Indicator Removal on Host", - "url": "https://attack.mitre.org/techniques/T1070", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1069", - "technique": "Permission Groups Discovery", - "url": "https://attack.mitre.org/techniques/T1069", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1068", - "technique": "Exploitation for Privilege Escalation", - "url": "https://attack.mitre.org/techniques/T1068", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1067", - "technique": "Bootkit", - "url": "https://attack.mitre.org/techniques/T1067", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1066", - "technique": "Indicator Removal from Tools", - "url": "https://attack.mitre.org/techniques/T1066", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1065", - "technique": "Uncommonly Used Port", - "url": "https://attack.mitre.org/techniques/T1065", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1064", - "technique": "Scripting", - "url": "https://attack.mitre.org/techniques/T1064", - "tactic": [ - "Defense Evasion", - "Execution" - ] - }, - { - "technique_id": "T1063", - "technique": "Security Software Discovery", - "url": "https://attack.mitre.org/techniques/T1063", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1062", - "technique": "Hypervisor", - "url": "https://attack.mitre.org/techniques/T1062", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1061", - "technique": "Graphical User Interface", - "url": "https://attack.mitre.org/techniques/T1061", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1060", - "technique": "Registry Run Keys / Startup Folder", - "url": "https://attack.mitre.org/techniques/T1060", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1059", - "technique": "Command-Line Interface", - "url": "https://attack.mitre.org/techniques/T1059", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1058", - "technique": "Service Registry Permissions Weakness", - "url": "https://attack.mitre.org/techniques/T1058", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1057", - "technique": "Process Discovery", - "url": "https://attack.mitre.org/techniques/T1057", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1056", - "technique": "Input Capture", - "url": "https://attack.mitre.org/techniques/T1056", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1055", - "technique": "Process Injection", - "url": "https://attack.mitre.org/techniques/T1055", - "tactic": [ - "Defense Evasion", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1054", - "technique": "Indicator Blocking", - "url": "https://attack.mitre.org/techniques/T1054", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1053", - "technique": "Scheduled Task", - "url": "https://attack.mitre.org/techniques/T1053", - "tactic": [ - "Execution", - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1052", - "technique": "Exfiltration Over Physical Medium", - "url": "https://attack.mitre.org/techniques/T1052", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1051", - "technique": "Shared Webroot", - "url": "https://attack.mitre.org/techniques/T1051", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1050", - "technique": "New Service", - "url": "https://attack.mitre.org/techniques/T1050", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1049", - "technique": "System Network Connections Discovery", - "url": "https://attack.mitre.org/techniques/T1049", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1048", - "technique": "Exfiltration Over Alternative Protocol", - "url": "https://attack.mitre.org/techniques/T1048", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1047", - "technique": "Windows Management Instrumentation", - "url": "https://attack.mitre.org/techniques/T1047", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1046", - "technique": "Network Service Scanning", - "url": "https://attack.mitre.org/techniques/T1046", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1045", - "technique": "Software Packing", - "url": "https://attack.mitre.org/techniques/T1045", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1044", - "technique": "File System Permissions Weakness", - "url": "https://attack.mitre.org/techniques/T1044", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1043", - "technique": "Commonly Used Port", - "url": "https://attack.mitre.org/techniques/T1043", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1042", - "technique": "Change Default File Association", - "url": "https://attack.mitre.org/techniques/T1042", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1041", - "technique": "Exfiltration Over Command and Control Channel", - "url": "https://attack.mitre.org/techniques/T1041", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1040", - "technique": "Network Sniffing", - "url": "https://attack.mitre.org/techniques/T1040", - "tactic": [ - "Credential Access", - "Discovery" - ] - }, - { - "technique_id": "T1039", - "technique": "Data from Network Shared Drive", - "url": "https://attack.mitre.org/techniques/T1039", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1038", - "technique": "DLL Search Order Hijacking", - "url": "https://attack.mitre.org/techniques/T1038", - "tactic": [ - "Persistence", - "Privilege Escalation", - "Defense Evasion" - ] - }, - { - "technique_id": "T1037", - "technique": "Logon Scripts", - "url": "https://attack.mitre.org/techniques/T1037", - "tactic": [ - "Lateral Movement", - "Persistence" - ] - }, - { - "technique_id": "T1036", - "technique": "Masquerading", - "url": "https://attack.mitre.org/techniques/T1036", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1035", - "technique": "Service Execution", - "url": "https://attack.mitre.org/techniques/T1035", - "tactic": [ - "Execution" - ] - }, - { - "technique_id": "T1034", - "technique": "Path Interception", - "url": "https://attack.mitre.org/techniques/T1034", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1033", - "technique": "System Owner/User Discovery", - "url": "https://attack.mitre.org/techniques/T1033", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1032", - "technique": "Standard Cryptographic Protocol", - "url": "https://attack.mitre.org/techniques/T1032", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1031", - "technique": "Modify Existing Service", - "url": "https://attack.mitre.org/techniques/T1031", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1030", - "technique": "Data Transfer Size Limits", - "url": "https://attack.mitre.org/techniques/T1030", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1029", - "technique": "Scheduled Transfer", - "url": "https://attack.mitre.org/techniques/T1029", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1028", - "technique": "Windows Remote Management", - "url": "https://attack.mitre.org/techniques/T1028", - "tactic": [ - "Execution", - "Lateral Movement" - ] - }, - { - "technique_id": "T1027", - "technique": "Obfuscated Files or Information", - "url": "https://attack.mitre.org/techniques/T1027", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1026", - "technique": "Multiband Communication", - "url": "https://attack.mitre.org/techniques/T1026", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1025", - "technique": "Data from Removable Media", - "url": "https://attack.mitre.org/techniques/T1025", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1024", - "technique": "Custom Cryptographic Protocol", - "url": "https://attack.mitre.org/techniques/T1024", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1023", - "technique": "Shortcut Modification", - "url": "https://attack.mitre.org/techniques/T1023", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1022", - "technique": "Data Encrypted", - "url": "https://attack.mitre.org/techniques/T1022", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1021", - "technique": "Remote Services", - "url": "https://attack.mitre.org/techniques/T1021", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1020", - "technique": "Automated Exfiltration", - "url": "https://attack.mitre.org/techniques/T1020", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1019", - "technique": "System Firmware", - "url": "https://attack.mitre.org/techniques/T1019", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1018", - "technique": "Remote System Discovery", - "url": "https://attack.mitre.org/techniques/T1018", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1017", - "technique": "Application Deployment Software", - "url": "https://attack.mitre.org/techniques/T1017", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1016", - "technique": "System Network Configuration Discovery", - "url": "https://attack.mitre.org/techniques/T1016", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1015", - "technique": "Accessibility Features", - "url": "https://attack.mitre.org/techniques/T1015", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1014", - "technique": "Rootkit", - "url": "https://attack.mitre.org/techniques/T1014", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1013", - "technique": "Port Monitors", - "url": "https://attack.mitre.org/techniques/T1013", - "tactic": [ - "Persistence", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1012", - "technique": "Query Registry", - "url": "https://attack.mitre.org/techniques/T1012", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1011", - "technique": "Exfiltration Over Other Network Medium", - "url": "https://attack.mitre.org/techniques/T1011", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1010", - "technique": "Application Window Discovery", - "url": "https://attack.mitre.org/techniques/T1010", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1009", - "technique": "Binary Padding", - "url": "https://attack.mitre.org/techniques/T1009", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1008", - "technique": "Fallback Channels", - "url": "https://attack.mitre.org/techniques/T1008", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1007", - "technique": "System Service Discovery", - "url": "https://attack.mitre.org/techniques/T1007", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1006", - "technique": "File System Logical Offsets", - "url": "https://attack.mitre.org/techniques/T1006", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1005", - "technique": "Data from Local System", - "url": "https://attack.mitre.org/techniques/T1005", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1004", - "technique": "Winlogon Helper DLL", - "url": "https://attack.mitre.org/techniques/T1004", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1003", - "technique": "Credential Dumping", - "url": "https://attack.mitre.org/techniques/T1003", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1002", - "technique": "Data Compressed", - "url": "https://attack.mitre.org/techniques/T1002", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1001", - "technique": "Data Obfuscation", - "url": "https://attack.mitre.org/techniques/T1001", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1397", - "technique": "Spearphishing for Information", - "url": "https://attack.mitre.org/techniques/T1397", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1307", - "technique": "Acquire and/or use 3rd party infrastructure services", - "url": "https://attack.mitre.org/techniques/T1307", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1275", - "technique": "Aggregate individual's digital footprint", - "url": "https://attack.mitre.org/techniques/T1275", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1294", - "technique": "Analyze hardware/software security defensive capabilities", - "url": "https://attack.mitre.org/techniques/T1294", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1295", - "technique": "Analyze social and business relationships, interests, and affiliations", - "url": "https://attack.mitre.org/techniques/T1295", - "tactic": [ - "People Weakness Identification" - ] - }, - { - "technique_id": "T1299", - "technique": "Assess opportunities created by business deals", - "url": "https://attack.mitre.org/techniques/T1299", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1228", - "technique": "Assign KITs/KIQs into categories", - "url": "https://attack.mitre.org/techniques/T1228", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1349", - "technique": "Build or acquire exploits", - "url": "https://attack.mitre.org/techniques/T1349", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1343", - "technique": "Choose pre-compromised persona and affiliated accounts", - "url": "https://attack.mitre.org/techniques/T1343", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1388", - "technique": "Compromise of externally facing system", - "url": "https://attack.mitre.org/techniques/T1388", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1268", - "technique": "Conduct social engineering", - "url": "https://attack.mitre.org/techniques/T1268", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1345", - "technique": "Create custom payloads", - "url": "https://attack.mitre.org/techniques/T1345", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1382", - "technique": "DNS poisoning", - "url": "https://attack.mitre.org/techniques/T1382", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1284", - "technique": "Determine 3rd party infrastructure services", - "url": "https://attack.mitre.org/techniques/T1284", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1259", - "technique": "Determine external network trust dependencies", - "url": "https://attack.mitre.org/techniques/T1259", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1244", - "technique": "Determine secondary level tactical element", - "url": "https://attack.mitre.org/techniques/T1244", - "tactic": [ - "Target Selection" - ] - }, - { - "technique_id": "T1255", - "technique": "Discover target logon/email address format", - "url": "https://attack.mitre.org/techniques/T1255", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1286", - "technique": "Dumpster dive", - "url": "https://attack.mitre.org/techniques/T1286", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1377", - "technique": "Exploit public-facing application", - "url": "https://attack.mitre.org/techniques/T1377", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1365", - "technique": "Hardware or software supply chain implant", - "url": "https://attack.mitre.org/techniques/T1365", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1272", - "technique": "Identify business relationships", - "url": "https://attack.mitre.org/techniques/T1272", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1278", - "technique": "Identify job postings and needs/gaps", - "url": "https://attack.mitre.org/techniques/T1278", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1263", - "technique": "Identify security defensive capabilities", - "url": "https://attack.mitre.org/techniques/T1263", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1264", - "technique": "Identify technology usage patterns", - "url": "https://attack.mitre.org/techniques/T1264", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1252", - "technique": "Map network topology", - "url": "https://attack.mitre.org/techniques/T1252", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1316", - "technique": "Non-traditional or less attributable payment options", - "url": "https://attack.mitre.org/techniques/T1316", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1319", - "technique": "Obfuscate or encrypt code", - "url": "https://attack.mitre.org/techniques/T1319", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1281", - "technique": "Obtain templates/branding materials", - "url": "https://attack.mitre.org/techniques/T1281", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1335", - "technique": "Procure required equipment and software", - "url": "https://attack.mitre.org/techniques/T1335", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1351", - "technique": "Remote access tool development", - "url": "https://attack.mitre.org/techniques/T1351", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1395", - "technique": "Runtime code download and execution", - "url": "https://attack.mitre.org/techniques/T1395", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1367", - "technique": "Spear phishing messages with malicious attachments", - "url": "https://attack.mitre.org/techniques/T1367", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1371", - "technique": "Targeted client-side exploitation", - "url": "https://attack.mitre.org/techniques/T1371", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1357", - "technique": "Test malware in various execution environments", - "url": "https://attack.mitre.org/techniques/T1357", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1387", - "technique": "Unauthorized user introduces compromise delivery mechanism", - "url": "https://attack.mitre.org/techniques/T1387", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1329", - "technique": "Acquire and/or use 3rd party infrastructure services", - "url": "https://attack.mitre.org/techniques/T1329", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1332", - "technique": "Acquire or compromise 3rd party signing certificates", - "url": "https://attack.mitre.org/techniques/T1332", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1287", - "technique": "Analyze data collected", - "url": "https://attack.mitre.org/techniques/T1287", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1303", - "technique": "Analyze presence of outsourced capabilities", - "url": "https://attack.mitre.org/techniques/T1303", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1224", - "technique": "Assess leadership areas of interest", - "url": "https://attack.mitre.org/techniques/T1224", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1238", - "technique": "Assign KITs, KIQs, and/or intelligence requirements", - "url": "https://attack.mitre.org/techniques/T1238", - "tactic": [ - "Priority Definition Direction" - ] - }, - { - "technique_id": "T1347", - "technique": "Build and configure delivery systems", - "url": "https://attack.mitre.org/techniques/T1347", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1391", - "technique": "Choose pre-compromised mobile app developer account credentials or signing keys", - "url": "https://attack.mitre.org/techniques/T1391", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1354", - "technique": "Compromise 3rd party or closed-source vulnerability/exploit information", - "url": "https://attack.mitre.org/techniques/T1354", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1279", - "technique": "Conduct social engineering", - "url": "https://attack.mitre.org/techniques/T1279", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1339", - "technique": "Create backup infrastructure", - "url": "https://attack.mitre.org/techniques/T1339", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1374", - "technique": "Credential pharming", - "url": "https://attack.mitre.org/techniques/T1374", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1230", - "technique": "Derive intelligence requirements", - "url": "https://attack.mitre.org/techniques/T1230", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1250", - "technique": "Determine domain and IP address space", - "url": "https://attack.mitre.org/techniques/T1250", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1282", - "technique": "Determine physical locations", - "url": "https://attack.mitre.org/techniques/T1282", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1350", - "technique": "Discover new exploits and monitor exploit-provider forums", - "url": "https://attack.mitre.org/techniques/T1350", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1326", - "technique": "Domain registration hijacking", - "url": "https://attack.mitre.org/techniques/T1326", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1261", - "technique": "Enumerate externally facing software applications technologies, languages, and dependencies", - "url": "https://attack.mitre.org/techniques/T1261", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1234", - "technique": "Generate analyst intelligence requirements", - "url": "https://attack.mitre.org/techniques/T1234", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1280", - "technique": "Identify business processes/tempo", - "url": "https://attack.mitre.org/techniques/T1280", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1248", - "technique": "Identify job postings and needs/gaps", - "url": "https://attack.mitre.org/techniques/T1248", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1348", - "technique": "Identify resources required to build capabilities", - "url": "https://attack.mitre.org/techniques/T1348", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1265", - "technique": "Identify supply chains", - "url": "https://attack.mitre.org/techniques/T1265", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1375", - "technique": "Leverage compromised 3rd party resources", - "url": "https://attack.mitre.org/techniques/T1375", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1315", - "technique": "Network-based hiding techniques", - "url": "https://attack.mitre.org/techniques/T1315", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1318", - "technique": "Obfuscate operational infrastructure", - "url": "https://attack.mitre.org/techniques/T1318", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1251", - "technique": "Obtain domain/IP registration information", - "url": "https://attack.mitre.org/techniques/T1251", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1305", - "technique": "Private whois services", - "url": "https://attack.mitre.org/techniques/T1305", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1235", - "technique": "Receive operator KITs/KIQs tasking", - "url": "https://attack.mitre.org/techniques/T1235", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1358", - "technique": "Review logs and residual traces", - "url": "https://attack.mitre.org/techniques/T1358", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1340", - "technique": "Shadow DNS", - "url": "https://attack.mitre.org/techniques/T1340", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1237", - "technique": "Submit KITs, KIQs, and intelligence requirements", - "url": "https://attack.mitre.org/techniques/T1237", - "tactic": [ - "Priority Definition Direction" - ] - }, - { - "technique_id": "T1356", - "technique": "Test callback functionality", - "url": "https://attack.mitre.org/techniques/T1356", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1361", - "technique": "Test signature detection for file upload/email filters", - "url": "https://attack.mitre.org/techniques/T1361", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1327", - "technique": "Use multiple DNS infrastructures", - "url": "https://attack.mitre.org/techniques/T1327", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1277", - "technique": "Acquire OSINT data sets and information", - "url": "https://attack.mitre.org/techniques/T1277", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1310", - "technique": "Acquire or compromise 3rd party signing certificates", - "url": "https://attack.mitre.org/techniques/T1310", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1301", - "technique": "Analyze business processes", - "url": "https://attack.mitre.org/techniques/T1301", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1297", - "technique": "Analyze organizational skillsets and deficiencies", - "url": "https://attack.mitre.org/techniques/T1297", - "tactic": [ - "People Weakness Identification" - ] - }, - { - "technique_id": "T1236", - "technique": "Assess current holdings, needs, and wants", - "url": "https://attack.mitre.org/techniques/T1236", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1298", - "technique": "Assess vulnerability of 3rd party vendors", - "url": "https://attack.mitre.org/techniques/T1298", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1384", - "technique": "Automated system performs requested action", - "url": "https://attack.mitre.org/techniques/T1384", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1352", - "technique": "C2 protocol development", - "url": "https://attack.mitre.org/techniques/T1352", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1334", - "technique": "Compromise 3rd party infrastructure to support delivery", - "url": "https://attack.mitre.org/techniques/T1334", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1253", - "technique": "Conduct passive scanning", - "url": "https://attack.mitre.org/techniques/T1253", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1383", - "technique": "Confirmation of launched compromise achieved", - "url": "https://attack.mitre.org/techniques/T1383", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1231", - "technique": "Create strategic plan", - "url": "https://attack.mitre.org/techniques/T1231", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1380", - "technique": "Deploy exploit using advertising", - "url": "https://attack.mitre.org/techniques/T1380", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1285", - "technique": "Determine centralization of IT management", - "url": "https://attack.mitre.org/techniques/T1285", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1242", - "technique": "Determine operational element", - "url": "https://attack.mitre.org/techniques/T1242", - "tactic": [ - "Target Selection" - ] - }, - { - "technique_id": "T1342", - "technique": "Develop social network persona digital footprint", - "url": "https://attack.mitre.org/techniques/T1342", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1323", - "technique": "Domain Generation Algorithms (DGA)", - "url": "https://attack.mitre.org/techniques/T1323", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1262", - "technique": "Enumerate client configurations", - "url": "https://attack.mitre.org/techniques/T1262", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1364", - "technique": "Friend/Follow/Connect to targets of interest", - "url": "https://attack.mitre.org/techniques/T1364", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1233", - "technique": "Identify analyst level gaps", - "url": "https://attack.mitre.org/techniques/T1233", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1270", - "technique": "Identify groups/roles", - "url": "https://attack.mitre.org/techniques/T1270", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1271", - "technique": "Identify personnel with an authority/privilege", - "url": "https://attack.mitre.org/techniques/T1271", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1246", - "technique": "Identify supply chains", - "url": "https://attack.mitre.org/techniques/T1246", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1336", - "technique": "Install and configure hardware, network, and systems", - "url": "https://attack.mitre.org/techniques/T1336", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1322", - "technique": "Misattributable credentials", - "url": "https://attack.mitre.org/techniques/T1322", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1331", - "technique": "Obfuscate infrastructure", - "url": "https://attack.mitre.org/techniques/T1331", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1396", - "technique": "Obtain booter/stressor subscription", - "url": "https://attack.mitre.org/techniques/T1396", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1353", - "technique": "Post compromise tool development", - "url": "https://attack.mitre.org/techniques/T1353", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1239", - "technique": "Receive KITs/KIQs and determine requirements", - "url": "https://attack.mitre.org/techniques/T1239", - "tactic": [ - "Priority Definition Direction" - ] - }, - { - "technique_id": "T1290", - "technique": "Research visibility gap of security vendors", - "url": "https://attack.mitre.org/techniques/T1290", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1317", - "technique": "Secure and protect infrastructure", - "url": "https://attack.mitre.org/techniques/T1317", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1393", - "technique": "Test ability to evade automated mobile application security analysis performed by app stores", - "url": "https://attack.mitre.org/techniques/T1393", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1292", - "technique": "Test signature detection", - "url": "https://attack.mitre.org/techniques/T1292", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1362", - "technique": "Upload, install, and configure software/tools", - "url": "https://attack.mitre.org/techniques/T1362", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1266", - "technique": "Acquire OSINT data sets and information", - "url": "https://attack.mitre.org/techniques/T1266", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1308", - "technique": "Acquire and/or use 3rd party software services", - "url": "https://attack.mitre.org/techniques/T1308", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1293", - "technique": "Analyze application security posture", - "url": "https://attack.mitre.org/techniques/T1293", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1300", - "technique": "Analyze organizational skillsets and deficiencies", - "url": "https://attack.mitre.org/techniques/T1300", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1306", - "technique": "Anonymity services", - "url": "https://attack.mitre.org/techniques/T1306", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1302", - "technique": "Assess security posture of physical locations", - "url": "https://attack.mitre.org/techniques/T1302", - "tactic": [ - "Organizational Weakness Identification" - ] - }, - { - "technique_id": "T1381", - "technique": "Authentication attempt", - "url": "https://attack.mitre.org/techniques/T1381", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1341", - "technique": "Build social network persona", - "url": "https://attack.mitre.org/techniques/T1341", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1321", - "technique": "Common, high volume protocols and software", - "url": "https://attack.mitre.org/techniques/T1321", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1254", - "technique": "Conduct active scanning", - "url": "https://attack.mitre.org/techniques/T1254", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1249", - "technique": "Conduct social engineering", - "url": "https://attack.mitre.org/techniques/T1249", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1232", - "technique": "Create implementation plan", - "url": "https://attack.mitre.org/techniques/T1232", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1324", - "technique": "DNSCalc", - "url": "https://attack.mitre.org/techniques/T1324", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1260", - "technique": "Determine 3rd party infrastructure services", - "url": "https://attack.mitre.org/techniques/T1260", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1258", - "technique": "Determine firmware version", - "url": "https://attack.mitre.org/techniques/T1258", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1241", - "technique": "Determine strategic target", - "url": "https://attack.mitre.org/techniques/T1241", - "tactic": [ - "Target Selection" - ] - }, - { - "technique_id": "T1379", - "technique": "Disseminate removable media", - "url": "https://attack.mitre.org/techniques/T1379", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1311", - "technique": "Dynamic DNS", - "url": "https://attack.mitre.org/techniques/T1311", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1325", - "technique": "Fast Flux DNS", - "url": "https://attack.mitre.org/techniques/T1325", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1314", - "technique": "Host-based hiding techniques", - "url": "https://attack.mitre.org/techniques/T1314", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1283", - "technique": "Identify business relationships", - "url": "https://attack.mitre.org/techniques/T1283", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1267", - "technique": "Identify job postings and needs/gaps", - "url": "https://attack.mitre.org/techniques/T1267", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1274", - "technique": "Identify sensitive personnel information", - "url": "https://attack.mitre.org/techniques/T1274", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1389", - "technique": "Identify vulnerabilities in third-party software libraries", - "url": "https://attack.mitre.org/techniques/T1389", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1273", - "technique": "Mine social media", - "url": "https://attack.mitre.org/techniques/T1273", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1390", - "technique": "OS-vendor provided communication channels", - "url": "https://attack.mitre.org/techniques/T1390", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1313", - "technique": "Obfuscation or cryptography", - "url": "https://attack.mitre.org/techniques/T1313", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1247", - "technique": "Acquire OSINT data sets and information", - "url": "https://attack.mitre.org/techniques/T1247", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1346", - "technique": "Obtain/re-use payloads", - "url": "https://attack.mitre.org/techniques/T1346", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1330", - "technique": "Acquire and/or use 3rd party software services", - "url": "https://attack.mitre.org/techniques/T1330", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1288", - "technique": "Analyze architecture and configuration posture", - "url": "https://attack.mitre.org/techniques/T1288", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1304", - "technique": "Proxy/protocol relays", - "url": "https://attack.mitre.org/techniques/T1304", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1289", - "technique": "Analyze organizational skillsets and deficiencies", - "url": "https://attack.mitre.org/techniques/T1289", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1378", - "technique": "Replace legitimate binary with malware", - "url": "https://attack.mitre.org/techniques/T1378", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1229", - "technique": "Assess KITs/KIQs benefits", - "url": "https://attack.mitre.org/techniques/T1229", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1337", - "technique": "SSL certificate acquisition for domain", - "url": "https://attack.mitre.org/techniques/T1337", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1296", - "technique": "Assess targeting options", - "url": "https://attack.mitre.org/techniques/T1296", - "tactic": [ - "People Weakness Identification" - ] - }, - { - "technique_id": "T1386", - "technique": "Authorized user performs requested cyber action", - "url": "https://attack.mitre.org/techniques/T1386", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1369", - "technique": "Spear phishing messages with malicious links", - "url": "https://attack.mitre.org/techniques/T1369", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1328", - "technique": "Buy domain name", - "url": "https://attack.mitre.org/techniques/T1328", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1366", - "technique": "Targeted social media phishing", - "url": "https://attack.mitre.org/techniques/T1366", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1312", - "technique": "Compromise 3rd party infrastructure to support delivery", - "url": "https://attack.mitre.org/techniques/T1312", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1359", - "technique": "Test malware to evade detection", - "url": "https://attack.mitre.org/techniques/T1359", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1226", - "technique": "Conduct cost/benefit analysis", - "url": "https://attack.mitre.org/techniques/T1226", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1376", - "technique": "Conduct social engineering or HUMINT operation", - "url": "https://attack.mitre.org/techniques/T1376", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1355", - "technique": "Create infected removable media", - "url": "https://attack.mitre.org/techniques/T1355", - "tactic": [ - "Build Capabilities" - ] - }, - { - "technique_id": "T1320", - "technique": "Data Hiding", - "url": "https://attack.mitre.org/techniques/T1320", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1245", - "technique": "Determine approach/attack vector", - "url": "https://attack.mitre.org/techniques/T1245", - "tactic": [ - "Target Selection" - ] - }, - { - "technique_id": "T1243", - "technique": "Determine highest level tactical element", - "url": "https://attack.mitre.org/techniques/T1243", - "tactic": [ - "Target Selection" - ] - }, - { - "technique_id": "T1227", - "technique": "Develop KITs/KIQs", - "url": "https://attack.mitre.org/techniques/T1227", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1394", - "technique": "Distribute malicious software development tools", - "url": "https://attack.mitre.org/techniques/T1394", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1333", - "technique": "Dynamic DNS", - "url": "https://attack.mitre.org/techniques/T1333", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1344", - "technique": "Friend/Follow/Connect to targets of interest", - "url": "https://attack.mitre.org/techniques/T1344", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1385", - "technique": "Human performs requested action of physical nature", - "url": "https://attack.mitre.org/techniques/T1385", - "tactic": [ - "Compromise" - ] - }, - { - "technique_id": "T1225", - "technique": "Identify gap areas", - "url": "https://attack.mitre.org/techniques/T1225", - "tactic": [ - "Priority Definition Planning" - ] - }, - { - "technique_id": "T1269", - "technique": "Identify people of interest", - "url": "https://attack.mitre.org/techniques/T1269", - "tactic": [ - "People Information Gathering" - ] - }, - { - "technique_id": "T1276", - "technique": "Identify supply chains", - "url": "https://attack.mitre.org/techniques/T1276", - "tactic": [ - "Organizational Information Gathering" - ] - }, - { - "technique_id": "T1256", - "technique": "Identify web defensive services", - "url": "https://attack.mitre.org/techniques/T1256", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1257", - "technique": "Mine technical blogs/forums", - "url": "https://attack.mitre.org/techniques/T1257", - "tactic": [ - "Technical Information Gathering" - ] - }, - { - "technique_id": "T1309", - "technique": "Obfuscate infrastructure", - "url": "https://attack.mitre.org/techniques/T1309", - "tactic": [ - "Adversary Opsec" - ] - }, - { - "technique_id": "T1392", - "technique": "Obtain Apple iOS enterprise distribution key pair and certificate", - "url": "https://attack.mitre.org/techniques/T1392", - "tactic": [ - "Persona Development" - ] - }, - { - "technique_id": "T1363", - "technique": "Port redirector", - "url": "https://attack.mitre.org/techniques/T1363", - "tactic": [ - "Stage Capabilities" - ] - }, - { - "technique_id": "T1373", - "technique": "Push-notification client-side exploit", - "url": "https://attack.mitre.org/techniques/T1373", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1291", - "technique": "Research relevant vulnerabilities/CVEs", - "url": "https://attack.mitre.org/techniques/T1291", - "tactic": [ - "Technical Weakness Identification" - ] - }, - { - "technique_id": "T1338", - "technique": "SSL certificate acquisition for trust breaking", - "url": "https://attack.mitre.org/techniques/T1338", - "tactic": [ - "Establish & Maintain Infrastructure" - ] - }, - { - "technique_id": "T1368", - "technique": "Spear phishing messages with text only", - "url": "https://attack.mitre.org/techniques/T1368", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1240", - "technique": "Task requirements", - "url": "https://attack.mitre.org/techniques/T1240", - "tactic": [ - "Priority Definition Direction" - ] - }, - { - "technique_id": "T1360", - "technique": "Test physical access", - "url": "https://attack.mitre.org/techniques/T1360", - "tactic": [ - "Test Capabilities" - ] - }, - { - "technique_id": "T1370", - "technique": "Untargeted client-side exploitation", - "url": "https://attack.mitre.org/techniques/T1370", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1372", - "technique": "Unconditional client-side exploitation/Injected Website/Driveby", - "url": "https://attack.mitre.org/techniques/T1372", - "tactic": [ - "Launch" - ] - }, - { - "technique_id": "T1533", - "technique": "Data from Local System", - "url": "https://attack.mitre.org/techniques/T1533", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1532", - "technique": "Data Encrypted", - "url": "https://attack.mitre.org/techniques/T1532", - "tactic": [ - "Exfiltration" - ] - }, - { - "technique_id": "T1523", - "technique": "Evade Analysis Environment", - "url": "https://attack.mitre.org/techniques/T1523", - "tactic": [ - "Defense Evasion", - "Discovery" - ] - }, - { - "technique_id": "T1521", - "technique": "Standard Cryptographic Protocol", - "url": "https://attack.mitre.org/techniques/T1521", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1520", - "technique": "Domain Generation Algorithms", - "url": "https://attack.mitre.org/techniques/T1520", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1516", - "technique": "Input Injection", - "url": "https://attack.mitre.org/techniques/T1516", - "tactic": [ - "Defense Evasion", - "Impact" - ] - }, - { - "technique_id": "T1517", - "technique": "Access Notifications", - "url": "https://attack.mitre.org/techniques/T1517", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1512", - "technique": "Capture Camera", - "url": "https://attack.mitre.org/techniques/T1512", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1513", - "technique": "Screen Capture", - "url": "https://attack.mitre.org/techniques/T1513", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1509", - "technique": "Uncommonly Used Port", - "url": "https://attack.mitre.org/techniques/T1509", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1510", - "technique": "Clipboard Modification", - "url": "https://attack.mitre.org/techniques/T1510", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1508", - "technique": "Suppress Application Icon", - "url": "https://attack.mitre.org/techniques/T1508", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1507", - "technique": "Network Information Discovery", - "url": "https://attack.mitre.org/techniques/T1507", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1481", - "technique": "Web Service", - "url": "https://attack.mitre.org/techniques/T1481", - "tactic": [ - "Command And Control" - ] - }, - { - "technique_id": "T1476", - "technique": "Deliver Malicious App via Other Means", - "url": "https://attack.mitre.org/techniques/T1476", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1475", - "technique": "Deliver Malicious App via Authorized App Store", - "url": "https://attack.mitre.org/techniques/T1475", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1474", - "technique": "Supply Chain Compromise", - "url": "https://attack.mitre.org/techniques/T1474", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1477", - "technique": "Exploit via Radio Interfaces", - "url": "https://attack.mitre.org/techniques/T1477", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1478", - "technique": "Install Insecure or Malicious Configuration", - "url": "https://attack.mitre.org/techniques/T1478", - "tactic": [ - "Defense Evasion", - "Initial Access" - ] - }, - { - "technique_id": "T1444", - "technique": "Masquerade as Legitimate Application", - "url": "https://attack.mitre.org/techniques/T1444", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1443", - "technique": "Remotely Install Application", - "url": "https://attack.mitre.org/techniques/T1443", - "tactic": [] - }, - { - "technique_id": "T1411", - "technique": "Input Prompt", - "url": "https://attack.mitre.org/techniques/T1411", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1424", - "technique": "Process Discovery", - "url": "https://attack.mitre.org/techniques/T1424", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1421", - "technique": "System Network Connections Discovery", - "url": "https://attack.mitre.org/techniques/T1421", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1437", - "technique": "Standard Application Layer Protocol", - "url": "https://attack.mitre.org/techniques/T1437", - "tactic": [ - "Command And Control", - "Exfiltration" - ] - }, - { - "technique_id": "T1422", - "technique": "System Network Configuration Discovery", - "url": "https://attack.mitre.org/techniques/T1422", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1406", - "technique": "Obfuscated Files or Information", - "url": "https://attack.mitre.org/techniques/T1406", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1416", - "technique": "Android Intent Hijacking", - "url": "https://attack.mitre.org/techniques/T1416", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1447", - "technique": "Delete Device Data", - "url": "https://attack.mitre.org/techniques/T1447", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1398", - "technique": "Modify OS Kernel or Boot Partition", - "url": "https://attack.mitre.org/techniques/T1398", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1400", - "technique": "Modify System Partition", - "url": "https://attack.mitre.org/techniques/T1400", - "tactic": [ - "Defense Evasion", - "Persistence", - "Impact" - ] - }, - { - "technique_id": "T1425", - "technique": "Insecure Third-Party Libraries", - "url": "https://attack.mitre.org/techniques/T1425", - "tactic": [] - }, - { - "technique_id": "T1402", - "technique": "App Auto-Start at Device Boot", - "url": "https://attack.mitre.org/techniques/T1402", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1401", - "technique": "Abuse Device Administrator Access to Prevent Removal", - "url": "https://attack.mitre.org/techniques/T1401", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1404", - "technique": "Exploit OS Vulnerability", - "url": "https://attack.mitre.org/techniques/T1404", - "tactic": [ - "Privilege Escalation" - ] - }, - { - "technique_id": "T1403", - "technique": "Modify Cached Executable Code", - "url": "https://attack.mitre.org/techniques/T1403", - "tactic": [ - "Persistence" - ] - }, - { - "technique_id": "T1442", - "technique": "Fake Developer Accounts", - "url": "https://attack.mitre.org/techniques/T1442", - "tactic": [] - }, - { - "technique_id": "T1419", - "technique": "Device Type Discovery", - "url": "https://attack.mitre.org/techniques/T1419", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1418", - "technique": "Application Discovery", - "url": "https://attack.mitre.org/techniques/T1418", - "tactic": [ - "Defense Evasion", - "Discovery" - ] - }, - { - "technique_id": "T1417", - "technique": "Input Capture", - "url": "https://attack.mitre.org/techniques/T1417", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1438", - "technique": "Alternate Network Mediums", - "url": "https://attack.mitre.org/techniques/T1438", - "tactic": [ - "Command And Control", - "Exfiltration" - ] - }, - { - "technique_id": "T1423", - "technique": "Network Service Scanning", - "url": "https://attack.mitre.org/techniques/T1423", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1440", - "technique": "Detect App Analysis Environment", - "url": "https://attack.mitre.org/techniques/T1440", - "tactic": [] - }, - { - "technique_id": "T1439", - "technique": "Eavesdrop on Insecure Network Communication", - "url": "https://attack.mitre.org/techniques/T1439", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1464", - "technique": "Jamming or Denial of Service", - "url": "https://attack.mitre.org/techniques/T1464", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1463", - "technique": "Manipulate Device Communication", - "url": "https://attack.mitre.org/techniques/T1463", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1462", - "technique": "Malicious Software Development Tools", - "url": "https://attack.mitre.org/techniques/T1462", - "tactic": [] - }, - { - "technique_id": "T1461", - "technique": "Lockscreen Bypass", - "url": "https://attack.mitre.org/techniques/T1461", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1460", - "technique": "Biometric Spoofing", - "url": "https://attack.mitre.org/techniques/T1460", - "tactic": [] - }, - { - "technique_id": "T1459", - "technique": "Device Unlock Code Guessing or Brute Force", - "url": "https://attack.mitre.org/techniques/T1459", - "tactic": [] - }, - { - "technique_id": "T1458", - "technique": "Exploit via Charging Station or PC", - "url": "https://attack.mitre.org/techniques/T1458", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1405", - "technique": "Exploit TEE Vulnerability", - "url": "https://attack.mitre.org/techniques/T1405", - "tactic": [ - "Credential Access", - "Privilege Escalation" - ] - }, - { - "technique_id": "T1467", - "technique": "Rogue Cellular Base Station", - "url": "https://attack.mitre.org/techniques/T1467", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1420", - "technique": "File and Directory Discovery", - "url": "https://attack.mitre.org/techniques/T1420", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1466", - "technique": "Downgrade to Insecure Protocols", - "url": "https://attack.mitre.org/techniques/T1466", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1465", - "technique": "Rogue Wi-Fi Access Points", - "url": "https://attack.mitre.org/techniques/T1465", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1468", - "technique": "Remotely Track Device Without Authorization", - "url": "https://attack.mitre.org/techniques/T1468", - "tactic": [ - "Remote Service Effects" - ] - }, - { - "technique_id": "T1435", - "technique": "Access Calendar Entries", - "url": "https://attack.mitre.org/techniques/T1435", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1451", - "technique": "SIM Card Swap", - "url": "https://attack.mitre.org/techniques/T1451", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1414", - "technique": "Capture Clipboard Data", - "url": "https://attack.mitre.org/techniques/T1414", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1457", - "technique": "Malicious Media Content", - "url": "https://attack.mitre.org/techniques/T1457", - "tactic": [] - }, - { - "technique_id": "T1426", - "technique": "System Information Discovery", - "url": "https://attack.mitre.org/techniques/T1426", - "tactic": [ - "Discovery" - ] - }, - { - "technique_id": "T1472", - "technique": "Generate Fraudulent Advertising Revenue", - "url": "https://attack.mitre.org/techniques/T1472", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1399", - "technique": "Modify Trusted Execution Environment", - "url": "https://attack.mitre.org/techniques/T1399", - "tactic": [ - "Defense Evasion", - "Persistence" - ] - }, - { - "technique_id": "T1470", - "technique": "Obtain Device Cloud Backups", - "url": "https://attack.mitre.org/techniques/T1470", - "tactic": [ - "Remote Service Effects" - ] - }, - { - "technique_id": "T1446", - "technique": "Device Lockout", - "url": "https://attack.mitre.org/techniques/T1446", - "tactic": [ - "Impact", - "Defense Evasion" - ] - }, - { - "technique_id": "T1415", - "technique": "URL Scheme Hijacking", - "url": "https://attack.mitre.org/techniques/T1415", - "tactic": [ - "Credential Access" - ] - }, - { - "technique_id": "T1413", - "technique": "Access Sensitive Data in Device Logs", - "url": "https://attack.mitre.org/techniques/T1413", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1436", - "technique": "Commonly Used Port", - "url": "https://attack.mitre.org/techniques/T1436", - "tactic": [ - "Command And Control", - "Exfiltration" - ] - }, - { - "technique_id": "T1445", - "technique": "Abuse of iOS Enterprise App Signing Key", - "url": "https://attack.mitre.org/techniques/T1445", - "tactic": [] - }, - { - "technique_id": "T1412", - "technique": "Capture SMS Messages", - "url": "https://attack.mitre.org/techniques/T1412", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1409", - "technique": "Access Stored Application Data", - "url": "https://attack.mitre.org/techniques/T1409", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1410", - "technique": "Network Traffic Capture or Redirection", - "url": "https://attack.mitre.org/techniques/T1410", - "tactic": [ - "Collection", - "Credential Access" - ] - }, - { - "technique_id": "T1407", - "technique": "Download New Code at Runtime", - "url": "https://attack.mitre.org/techniques/T1407", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1408", - "technique": "Disguise Root/Jailbreak Indicators", - "url": "https://attack.mitre.org/techniques/T1408", - "tactic": [ - "Defense Evasion" - ] - }, - { - "technique_id": "T1427", - "technique": "Attack PC via USB Connection", - "url": "https://attack.mitre.org/techniques/T1427", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1428", - "technique": "Exploit Enterprise Resources", - "url": "https://attack.mitre.org/techniques/T1428", - "tactic": [ - "Lateral Movement" - ] - }, - { - "technique_id": "T1429", - "technique": "Capture Audio", - "url": "https://attack.mitre.org/techniques/T1429", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1430", - "technique": "Location Tracking", - "url": "https://attack.mitre.org/techniques/T1430", - "tactic": [ - "Collection", - "Discovery" - ] - }, - { - "technique_id": "T1431", - "technique": "App Delivered via Web Download", - "url": "https://attack.mitre.org/techniques/T1431", - "tactic": [] - }, - { - "technique_id": "T1432", - "technique": "Access Contact List", - "url": "https://attack.mitre.org/techniques/T1432", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1433", - "technique": "Access Call Log", - "url": "https://attack.mitre.org/techniques/T1433", - "tactic": [ - "Collection" - ] - }, - { - "technique_id": "T1434", - "technique": "App Delivered via Email Attachment", - "url": "https://attack.mitre.org/techniques/T1434", - "tactic": [] - }, - { - "technique_id": "T1471", - "technique": "Data Encrypted for Impact", - "url": "https://attack.mitre.org/techniques/T1471", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1450", - "technique": "Exploit SS7 to Track Device Location", - "url": "https://attack.mitre.org/techniques/T1450", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1473", - "technique": "Malicious or Vulnerable Built-in Device Functionality", - "url": "https://attack.mitre.org/techniques/T1473", - "tactic": [] - }, - { - "technique_id": "T1448", - "technique": "Premium SMS Toll Fraud", - "url": "https://attack.mitre.org/techniques/T1448", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1453", - "technique": "Abuse Accessibility Features", - "url": "https://attack.mitre.org/techniques/T1453", - "tactic": [ - "Collection", - "Credential Access", - "Impact", - "Defense Evasion" - ] - }, - { - "technique_id": "T1454", - "technique": "Malicious SMS Message", - "url": "https://attack.mitre.org/techniques/T1454", - "tactic": [] - }, - { - "technique_id": "T1469", - "technique": "Remotely Wipe Data Without Authorization", - "url": "https://attack.mitre.org/techniques/T1469", - "tactic": [ - "Remote Service Effects" - ] - }, - { - "technique_id": "T1452", - "technique": "Manipulate App Store Rankings or Ratings", - "url": "https://attack.mitre.org/techniques/T1452", - "tactic": [ - "Impact" - ] - }, - { - "technique_id": "T1455", - "technique": "Exploit Baseband Vulnerability", - "url": "https://attack.mitre.org/techniques/T1455", - "tactic": [] - }, - { - "technique_id": "T1456", - "technique": "Drive-by Compromise", - "url": "https://attack.mitre.org/techniques/T1456", - "tactic": [ - "Initial Access" - ] - }, - { - "technique_id": "T1449", - "technique": "Exploit SS7 to Redirect Phone Calls/SMS", - "url": "https://attack.mitre.org/techniques/T1449", - "tactic": [ - "Network Effects" - ] - }, - { - "technique_id": "T1441", - "technique": "Stolen Developer Credentials or Signing Keys", - "url": "https://attack.mitre.org/techniques/T1441", - "tactic": [] - } + { + "technique_id": "T1001", + "technique": "Data Obfuscation", + "url": "https://attack.mitre.org/techniques/T1001", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1001.001", + "technique": "Data Obfuscation : Junk Data", + "url": "https://attack.mitre.org/techniques/T1001/001" + }, + { + "technique_id": "T1001.002", + "technique": "Data Obfuscation : Steganography", + "url": "https://attack.mitre.org/techniques/T1001/002" + }, + { + "technique_id": "T1001.003", + "technique": "Data Obfuscation : Protocol Impersonation", + "url": "https://attack.mitre.org/techniques/T1001/003" + }, + { + "technique_id": "T1003", + "technique": "OS Credential Dumping", + "url": "https://attack.mitre.org/techniques/T1003", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1003.001", + "technique": "OS Credential Dumping : LSASS Memory", + "url": "https://attack.mitre.org/techniques/T1003/001" + }, + { + "technique_id": "T1003.002", + "technique": "OS Credential Dumping : Security Account Manager", + "url": "https://attack.mitre.org/techniques/T1003/002" + }, + { + "technique_id": "T1003.003", + "technique": "OS Credential Dumping : NTDS", + "url": "https://attack.mitre.org/techniques/T1003/003" + }, + { + "technique_id": "T1003.004", + "technique": "OS Credential Dumping : LSA Secrets", + "url": "https://attack.mitre.org/techniques/T1003/004" + }, + { + "technique_id": "T1003.005", + "technique": "OS Credential Dumping : Cached Domain Credentials", + "url": "https://attack.mitre.org/techniques/T1003/005" + }, + { + "technique_id": "T1003.006", + "technique": "OS Credential Dumping : DCSync", + "url": "https://attack.mitre.org/techniques/T1003/006" + }, + { + "technique_id": "T1003.007", + "technique": "OS Credential Dumping : Proc Filesystem", + "url": "https://attack.mitre.org/techniques/T1003/007" + }, + { + "technique_id": "T1003.008", + "technique": "OS Credential Dumping : /etc/passwd and /etc/shadow", + "url": "https://attack.mitre.org/techniques/T1003/008" + }, + { + "technique_id": "T1005", + "technique": "Data from Local System", + "url": "https://attack.mitre.org/techniques/T1005", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1006", + "technique": "Direct Volume Access", + "url": "https://attack.mitre.org/techniques/T1006", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1007", + "technique": "System Service Discovery", + "url": "https://attack.mitre.org/techniques/T1007", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1008", + "technique": "Fallback Channels", + "url": "https://attack.mitre.org/techniques/T1008", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1010", + "technique": "Application Window Discovery", + "url": "https://attack.mitre.org/techniques/T1010", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1011", + "technique": "Exfiltration Over Other Network Medium", + "url": "https://attack.mitre.org/techniques/T1011", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1011.001", + "technique": "Exfiltration Over Other Network Medium : Exfiltration Over Bluetooth", + "url": "https://attack.mitre.org/techniques/T1011/001" + }, + { + "technique_id": "T1012", + "technique": "Query Registry", + "url": "https://attack.mitre.org/techniques/T1012", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1014", + "technique": "Rootkit", + "url": "https://attack.mitre.org/techniques/T1014", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1016", + "technique": "System Network Configuration Discovery", + "url": "https://attack.mitre.org/techniques/T1016", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1018", + "technique": "Remote System Discovery", + "url": "https://attack.mitre.org/techniques/T1018", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1020", + "technique": "Automated Exfiltration", + "url": "https://attack.mitre.org/techniques/T1020", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1021", + "technique": "Remote Services", + "url": "https://attack.mitre.org/techniques/T1021", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1021.001", + "technique": "Remote Services : Remote Desktop Protocol", + "url": "https://attack.mitre.org/techniques/T1021/001" + }, + { + "technique_id": "T1021.002", + "technique": "Remote Services : SMB/Windows Admin Shares", + "url": "https://attack.mitre.org/techniques/T1021/002" + }, + { + "technique_id": "T1021.003", + "technique": "Remote Services : Distributed Component Object Model", + "url": "https://attack.mitre.org/techniques/T1021/003" + }, + { + "technique_id": "T1021.004", + "technique": "Remote Services : SSH", + "url": "https://attack.mitre.org/techniques/T1021/004" + }, + { + "technique_id": "T1021.005", + "technique": "Remote Services : VNC", + "url": "https://attack.mitre.org/techniques/T1021/005" + }, + { + "technique_id": "T1021.006", + "technique": "Remote Services : Windows Remote Management", + "url": "https://attack.mitre.org/techniques/T1021/006" + }, + { + "technique_id": "T1025", + "technique": "Data from Removable Media", + "url": "https://attack.mitre.org/techniques/T1025", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1027", + "technique": "Obfuscated Files or Information", + "url": "https://attack.mitre.org/techniques/T1027", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1027.001", + "technique": "Obfuscated Files or Information : Binary Padding", + "url": "https://attack.mitre.org/techniques/T1027/001" + }, + { + "technique_id": "T1027.002", + "technique": "Obfuscated Files or Information : Software Packing", + "url": "https://attack.mitre.org/techniques/T1027/002" + }, + { + "technique_id": "T1027.003", + "technique": "Obfuscated Files or Information : Steganography", + "url": "https://attack.mitre.org/techniques/T1027/003" + }, + { + "technique_id": "T1027.004", + "technique": "Obfuscated Files or Information : Compile After Delivery", + "url": "https://attack.mitre.org/techniques/T1027/004" + }, + { + "technique_id": "T1027.005", + "technique": "Obfuscated Files or Information : Indicator Removal from Tools", + "url": "https://attack.mitre.org/techniques/T1027/005" + }, + { + "technique_id": "T1029", + "technique": "Scheduled Transfer", + "url": "https://attack.mitre.org/techniques/T1029", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1030", + "technique": "Data Transfer Size Limits", + "url": "https://attack.mitre.org/techniques/T1030", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1033", + "technique": "System Owner/User Discovery", + "url": "https://attack.mitre.org/techniques/T1033", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1036", + "technique": "Masquerading", + "url": "https://attack.mitre.org/techniques/T1036", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1036.001", + "technique": "Masquerading : Invalid Code Signature", + "url": "https://attack.mitre.org/techniques/T1036/001" + }, + { + "technique_id": "T1036.002", + "technique": "Masquerading : Right-to-Left Override", + "url": "https://attack.mitre.org/techniques/T1036/002" + }, + { + "technique_id": "T1036.003", + "technique": "Masquerading : Rename System Utilities", + "url": "https://attack.mitre.org/techniques/T1036/003" + }, + { + "technique_id": "T1036.004", + "technique": "Masquerading : Masquerade Task or Service", + "url": "https://attack.mitre.org/techniques/T1036/004" + }, + { + "technique_id": "T1036.005", + "technique": "Masquerading : Match Legitimate Name or Location", + "url": "https://attack.mitre.org/techniques/T1036/005" + }, + { + "technique_id": "T1036.006", + "technique": "Masquerading : Space after Filename", + "url": "https://attack.mitre.org/techniques/T1036/006" + }, + { + "technique_id": "T1037", + "technique": "Boot or Logon Initialization Scripts", + "url": "https://attack.mitre.org/techniques/T1037", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1037.001", + "technique": "Boot or Logon Initialization Scripts : Logon Script (Windows)", + "url": "https://attack.mitre.org/techniques/T1037/001" + }, + { + "technique_id": "T1037.002", + "technique": "Boot or Logon Initialization Scripts : Logon Script (Mac)", + "url": "https://attack.mitre.org/techniques/T1037/002" + }, + { + "technique_id": "T1037.003", + "technique": "Boot or Logon Initialization Scripts : Network Logon Script", + "url": "https://attack.mitre.org/techniques/T1037/003" + }, + { + "technique_id": "T1037.004", + "technique": "Boot or Logon Initialization Scripts : Rc.common", + "url": "https://attack.mitre.org/techniques/T1037/004" + }, + { + "technique_id": "T1037.005", + "technique": "Boot or Logon Initialization Scripts : Startup Items", + "url": "https://attack.mitre.org/techniques/T1037/005" + }, + { + "technique_id": "T1039", + "technique": "Data from Network Shared Drive", + "url": "https://attack.mitre.org/techniques/T1039", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1040", + "technique": "Network Sniffing", + "url": "https://attack.mitre.org/techniques/T1040", + "tactic": [ + "Credential Access", + "Discovery" + ] + }, + { + "technique_id": "T1041", + "technique": "Exfiltration Over C2 Channel", + "url": "https://attack.mitre.org/techniques/T1041", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1046", + "technique": "Network Service Scanning", + "url": "https://attack.mitre.org/techniques/T1046", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1047", + "technique": "Windows Management Instrumentation", + "url": "https://attack.mitre.org/techniques/T1047", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1048", + "technique": "Exfiltration Over Alternative Protocol", + "url": "https://attack.mitre.org/techniques/T1048", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1048.001", + "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Symmetric Encrypted Non-C2 Protocol", + "url": "https://attack.mitre.org/techniques/T1048/001" + }, + { + "technique_id": "T1048.002", + "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Asymmetric Encrypted Non-C2 Protocol", + "url": "https://attack.mitre.org/techniques/T1048/002" + }, + { + "technique_id": "T1048.003", + "technique": "Exfiltration Over Alternative Protocol : Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol", + "url": "https://attack.mitre.org/techniques/T1048/003" + }, + { + "technique_id": "T1049", + "technique": "System Network Connections Discovery", + "url": "https://attack.mitre.org/techniques/T1049", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1052", + "technique": "Exfiltration Over Physical Medium", + "url": "https://attack.mitre.org/techniques/T1052", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1052.001", + "technique": "Exfiltration Over Physical Medium : Exfiltration over USB", + "url": "https://attack.mitre.org/techniques/T1052/001" + }, + { + "technique_id": "T1053", + "technique": "Scheduled Task/Job", + "url": "https://attack.mitre.org/techniques/T1053", + "tactic": [ + "Execution", + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1053.001", + "technique": "Scheduled Task/Job : At (Linux)", + "url": "https://attack.mitre.org/techniques/T1053/001" + }, + { + "technique_id": "T1053.002", + "technique": "Scheduled Task/Job : At (Windows)", + "url": "https://attack.mitre.org/techniques/T1053/002" + }, + { + "technique_id": "T1053.003", + "technique": "Scheduled Task/Job : Cron", + "url": "https://attack.mitre.org/techniques/T1053/003" + }, + { + "technique_id": "T1053.004", + "technique": "Scheduled Task/Job : Launchd", + "url": "https://attack.mitre.org/techniques/T1053/004" + }, + { + "technique_id": "T1053.005", + "technique": "Scheduled Task/Job : Scheduled Task", + "url": "https://attack.mitre.org/techniques/T1053/005" + }, + { + "technique_id": "T1055", + "technique": "Process Injection", + "url": "https://attack.mitre.org/techniques/T1055", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1055.001", + "technique": "Process Injection : Dynamic-link Library Injection", + "url": "https://attack.mitre.org/techniques/T1055/001" + }, + { + "technique_id": "T1055.002", + "technique": "Process Injection : Portable Executable Injection", + "url": "https://attack.mitre.org/techniques/T1055/002" + }, + { + "technique_id": "T1055.003", + "technique": "Process Injection : Thread Execution Hijacking", + "url": "https://attack.mitre.org/techniques/T1055/003" + }, + { + "technique_id": "T1055.004", + "technique": "Process Injection : Asynchronous Procedure Call", + "url": "https://attack.mitre.org/techniques/T1055/004" + }, + { + "technique_id": "T1055.005", + "technique": "Process Injection : Thread Local Storage", + "url": "https://attack.mitre.org/techniques/T1055/005" + }, + { + "technique_id": "T1055.008", + "technique": "Process Injection : Ptrace System Calls", + "url": "https://attack.mitre.org/techniques/T1055/008" + }, + { + "technique_id": "T1055.009", + "technique": "Process Injection : Proc Memory", + "url": "https://attack.mitre.org/techniques/T1055/009" + }, + { + "technique_id": "T1055.011", + "technique": "Process Injection : Extra Window Memory Injection", + "url": "https://attack.mitre.org/techniques/T1055/011" + }, + { + "technique_id": "T1055.012", + "technique": "Process Injection : Process Hollowing", + "url": "https://attack.mitre.org/techniques/T1055/012" + }, + { + "technique_id": "T1055.013", + "technique": "Process Injection : Process Doppelg\u00e4nging", + "url": "https://attack.mitre.org/techniques/T1055/013" + }, + { + "technique_id": "T1055.014", + "technique": "Process Injection : VDSO Hijacking", + "url": "https://attack.mitre.org/techniques/T1055/014" + }, + { + "technique_id": "T1056", + "technique": "Input Capture", + "url": "https://attack.mitre.org/techniques/T1056", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1056.001", + "technique": "Input Capture : Keylogging", + "url": "https://attack.mitre.org/techniques/T1056/001" + }, + { + "technique_id": "T1056.002", + "technique": "Input Capture : GUI Input Capture", + "url": "https://attack.mitre.org/techniques/T1056/002" + }, + { + "technique_id": "T1056.003", + "technique": "Input Capture : Web Portal Capture", + "url": "https://attack.mitre.org/techniques/T1056/003" + }, + { + "technique_id": "T1056.004", + "technique": "Input Capture : Credential API Hooking", + "url": "https://attack.mitre.org/techniques/T1056/004" + }, + { + "technique_id": "T1057", + "technique": "Process Discovery", + "url": "https://attack.mitre.org/techniques/T1057", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1059", + "technique": "Command and Scripting Interpreter", + "url": "https://attack.mitre.org/techniques/T1059", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1059.001", + "technique": "Command and Scripting Interpreter : PowerShell", + "url": "https://attack.mitre.org/techniques/T1059/001" + }, + { + "technique_id": "T1059.002", + "technique": "Command and Scripting Interpreter : AppleScript", + "url": "https://attack.mitre.org/techniques/T1059/002" + }, + { + "technique_id": "T1059.003", + "technique": "Command and Scripting Interpreter : Windows Command Shell", + "url": "https://attack.mitre.org/techniques/T1059/003" + }, + { + "technique_id": "T1059.004", + "technique": "Command and Scripting Interpreter : Unix Shell", + "url": "https://attack.mitre.org/techniques/T1059/004" + }, + { + "technique_id": "T1059.005", + "technique": "Command and Scripting Interpreter : Visual Basic", + "url": "https://attack.mitre.org/techniques/T1059/005" + }, + { + "technique_id": "T1059.006", + "technique": "Command and Scripting Interpreter : Python", + "url": "https://attack.mitre.org/techniques/T1059/006" + }, + { + "technique_id": "T1059.007", + "technique": "Command and Scripting Interpreter : JavaScript/JScript", + "url": "https://attack.mitre.org/techniques/T1059/007" + }, + { + "technique_id": "T1068", + "technique": "Exploitation for Privilege Escalation", + "url": "https://attack.mitre.org/techniques/T1068", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1069", + "technique": "Permission Groups Discovery", + "url": "https://attack.mitre.org/techniques/T1069", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1069.001", + "technique": "Permission Groups Discovery : Local Groups", + "url": "https://attack.mitre.org/techniques/T1069/001" + }, + { + "technique_id": "T1069.002", + "technique": "Permission Groups Discovery : Domain Groups", + "url": "https://attack.mitre.org/techniques/T1069/002" + }, + { + "technique_id": "T1069.003", + "technique": "Permission Groups Discovery : Cloud Groups", + "url": "https://attack.mitre.org/techniques/T1069/003" + }, + { + "technique_id": "T1070", + "technique": "Indicator Removal on Host", + "url": "https://attack.mitre.org/techniques/T1070", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1070.001", + "technique": "Indicator Removal on Host : Clear Windows Event Logs", + "url": "https://attack.mitre.org/techniques/T1070/001" + }, + { + "technique_id": "T1070.002", + "technique": "Indicator Removal on Host : Clear Linux or Mac System Logs", + "url": "https://attack.mitre.org/techniques/T1070/002" + }, + { + "technique_id": "T1070.003", + "technique": "Indicator Removal on Host : Clear Command History", + "url": "https://attack.mitre.org/techniques/T1070/003" + }, + { + "technique_id": "T1070.004", + "technique": "Indicator Removal on Host : File Deletion", + "url": "https://attack.mitre.org/techniques/T1070/004" + }, + { + "technique_id": "T1070.005", + "technique": "Indicator Removal on Host : Network Share Connection Removal", + "url": "https://attack.mitre.org/techniques/T1070/005" + }, + { + "technique_id": "T1070.006", + "technique": "Indicator Removal on Host : Timestomp", + "url": "https://attack.mitre.org/techniques/T1070/006" + }, + { + "technique_id": "T1071", + "technique": "Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1071", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1071.001", + "technique": "Application Layer Protocol : Web Protocols", + "url": "https://attack.mitre.org/techniques/T1071/001" + }, + { + "technique_id": "T1071.002", + "technique": "Application Layer Protocol : File Transfer Protocols", + "url": "https://attack.mitre.org/techniques/T1071/002" + }, + { + "technique_id": "T1071.003", + "technique": "Application Layer Protocol : Mail Protocols", + "url": "https://attack.mitre.org/techniques/T1071/003" + }, + { + "technique_id": "T1071.004", + "technique": "Application Layer Protocol : DNS", + "url": "https://attack.mitre.org/techniques/T1071/004" + }, + { + "technique_id": "T1072", + "technique": "Software Deployment Tools", + "url": "https://attack.mitre.org/techniques/T1072", + "tactic": [ + "Execution", + "Lateral Movement" + ] + }, + { + "technique_id": "T1074", + "technique": "Data Staged", + "url": "https://attack.mitre.org/techniques/T1074", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1074.001", + "technique": "Data Staged : Local Data Staging", + "url": "https://attack.mitre.org/techniques/T1074/001" + }, + { + "technique_id": "T1074.002", + "technique": "Data Staged : Remote Data Staging", + "url": "https://attack.mitre.org/techniques/T1074/002" + }, + { + "technique_id": "T1078", + "technique": "Valid Accounts", + "url": "https://attack.mitre.org/techniques/T1078", + "tactic": [ + "Defense Evasion", + "Persistence", + "Privilege Escalation", + "Initial Access" + ] + }, + { + "technique_id": "T1078.001", + "technique": "Valid Accounts : Default Accounts", + "url": "https://attack.mitre.org/techniques/T1078/001" + }, + { + "technique_id": "T1078.002", + "technique": "Valid Accounts : Domain Accounts", + "url": "https://attack.mitre.org/techniques/T1078/002" + }, + { + "technique_id": "T1078.003", + "technique": "Valid Accounts : Local Accounts", + "url": "https://attack.mitre.org/techniques/T1078/003" + }, + { + "technique_id": "T1078.004", + "technique": "Valid Accounts : Cloud Accounts", + "url": "https://attack.mitre.org/techniques/T1078/004" + }, + { + "technique_id": "T1080", + "technique": "Taint Shared Content", + "url": "https://attack.mitre.org/techniques/T1080", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1082", + "technique": "System Information Discovery", + "url": "https://attack.mitre.org/techniques/T1082", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1083", + "technique": "File and Directory Discovery", + "url": "https://attack.mitre.org/techniques/T1083", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1087", + "technique": "Account Discovery", + "url": "https://attack.mitre.org/techniques/T1087", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1087.001", + "technique": "Account Discovery : Local Account", + "url": "https://attack.mitre.org/techniques/T1087/001" + }, + { + "technique_id": "T1087.002", + "technique": "Account Discovery : Domain Account", + "url": "https://attack.mitre.org/techniques/T1087/002" + }, + { + "technique_id": "T1087.003", + "technique": "Account Discovery : Email Account", + "url": "https://attack.mitre.org/techniques/T1087/003" + }, + { + "technique_id": "T1087.004", + "technique": "Account Discovery : Cloud Account", + "url": "https://attack.mitre.org/techniques/T1087/004" + }, + { + "technique_id": "T1090", + "technique": "Proxy", + "url": "https://attack.mitre.org/techniques/T1090", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1090.001", + "technique": "Proxy : Internal Proxy", + "url": "https://attack.mitre.org/techniques/T1090/001" + }, + { + "technique_id": "T1090.002", + "technique": "Proxy : External Proxy", + "url": "https://attack.mitre.org/techniques/T1090/002" + }, + { + "technique_id": "T1090.003", + "technique": "Proxy : Multi-hop Proxy", + "url": "https://attack.mitre.org/techniques/T1090/003" + }, + { + "technique_id": "T1090.004", + "technique": "Proxy : Domain Fronting", + "url": "https://attack.mitre.org/techniques/T1090/004" + }, + { + "technique_id": "T1091", + "technique": "Replication Through Removable Media", + "url": "https://attack.mitre.org/techniques/T1091", + "tactic": [ + "Lateral Movement", + "Initial Access" + ] + }, + { + "technique_id": "T1092", + "technique": "Communication Through Removable Media", + "url": "https://attack.mitre.org/techniques/T1092", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1095", + "technique": "Non-Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1095", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1098", + "technique": "Account Manipulation", + "url": "https://attack.mitre.org/techniques/T1098", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1098.001", + "technique": "Account Manipulation : Additional Azure Service Principal Credentials", + "url": "https://attack.mitre.org/techniques/T1098/001" + }, + { + "technique_id": "T1098.002", + "technique": "Account Manipulation : Exchange Email Delegate Permissions", + "url": "https://attack.mitre.org/techniques/T1098/002" + }, + { + "technique_id": "T1098.003", + "technique": "Account Manipulation : Add Office 365 Global Administrator Role", + "url": "https://attack.mitre.org/techniques/T1098/003" + }, + { + "technique_id": "T1098.004", + "technique": "Account Manipulation : SSH Authorized Keys", + "url": "https://attack.mitre.org/techniques/T1098/004" + }, + { + "technique_id": "T1102", + "technique": "Web Service", + "url": "https://attack.mitre.org/techniques/T1102", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1102.001", + "technique": "Web Service : Dead Drop Resolver", + "url": "https://attack.mitre.org/techniques/T1102/001" + }, + { + "technique_id": "T1102.002", + "technique": "Web Service : Bidirectional Communication", + "url": "https://attack.mitre.org/techniques/T1102/002" + }, + { + "technique_id": "T1102.003", + "technique": "Web Service : One-Way Communication", + "url": "https://attack.mitre.org/techniques/T1102/003" + }, + { + "technique_id": "T1104", + "technique": "Multi-Stage Channels", + "url": "https://attack.mitre.org/techniques/T1104", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1105", + "technique": "Ingress Tool Transfer", + "url": "https://attack.mitre.org/techniques/T1105", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1106", + "technique": "Native API", + "url": "https://attack.mitre.org/techniques/T1106", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1110", + "technique": "Brute Force", + "url": "https://attack.mitre.org/techniques/T1110", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1110.001", + "technique": "Brute Force : Password Guessing", + "url": "https://attack.mitre.org/techniques/T1110/001" + }, + { + "technique_id": "T1110.002", + "technique": "Brute Force : Password Cracking", + "url": "https://attack.mitre.org/techniques/T1110/002" + }, + { + "technique_id": "T1110.003", + "technique": "Brute Force : Password Spraying", + "url": "https://attack.mitre.org/techniques/T1110/003" + }, + { + "technique_id": "T1110.004", + "technique": "Brute Force : Credential Stuffing", + "url": "https://attack.mitre.org/techniques/T1110/004" + }, + { + "technique_id": "T1111", + "technique": "Two-Factor Authentication Interception", + "url": "https://attack.mitre.org/techniques/T1111", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1112", + "technique": "Modify Registry", + "url": "https://attack.mitre.org/techniques/T1112", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1113", + "technique": "Screen Capture", + "url": "https://attack.mitre.org/techniques/T1113", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1114", + "technique": "Email Collection", + "url": "https://attack.mitre.org/techniques/T1114", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1114.001", + "technique": "Email Collection : Local Email Collection", + "url": "https://attack.mitre.org/techniques/T1114/001" + }, + { + "technique_id": "T1114.002", + "technique": "Email Collection : Remote Email Collection", + "url": "https://attack.mitre.org/techniques/T1114/002" + }, + { + "technique_id": "T1114.003", + "technique": "Email Collection : Email Forwarding Rule", + "url": "https://attack.mitre.org/techniques/T1114/003" + }, + { + "technique_id": "T1115", + "technique": "Clipboard Data", + "url": "https://attack.mitre.org/techniques/T1115", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1119", + "technique": "Automated Collection", + "url": "https://attack.mitre.org/techniques/T1119", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1120", + "technique": "Peripheral Device Discovery", + "url": "https://attack.mitre.org/techniques/T1120", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1123", + "technique": "Audio Capture", + "url": "https://attack.mitre.org/techniques/T1123", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1124", + "technique": "System Time Discovery", + "url": "https://attack.mitre.org/techniques/T1124", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1125", + "technique": "Video Capture", + "url": "https://attack.mitre.org/techniques/T1125", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1127", + "technique": "Trusted Developer Utilities Proxy Execution", + "url": "https://attack.mitre.org/techniques/T1127", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1127.001", + "technique": "Trusted Developer Utilities Proxy Execution : MSBuild", + "url": "https://attack.mitre.org/techniques/T1127/001" + }, + { + "technique_id": "T1129", + "technique": "Shared Modules", + "url": "https://attack.mitre.org/techniques/T1129", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1132", + "technique": "Data Encoding", + "url": "https://attack.mitre.org/techniques/T1132", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1132.001", + "technique": "Data Encoding : Standard Encoding", + "url": "https://attack.mitre.org/techniques/T1132/001" + }, + { + "technique_id": "T1132.002", + "technique": "Data Encoding : Non-Standard Encoding", + "url": "https://attack.mitre.org/techniques/T1132/002" + }, + { + "technique_id": "T1133", + "technique": "External Remote Services", + "url": "https://attack.mitre.org/techniques/T1133", + "tactic": [ + "Persistence", + "Initial Access" + ] + }, + { + "technique_id": "T1134", + "technique": "Access Token Manipulation", + "url": "https://attack.mitre.org/techniques/T1134", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1134.001", + "technique": "Access Token Manipulation : Token Impersonation/Theft", + "url": "https://attack.mitre.org/techniques/T1134/001" + }, + { + "technique_id": "T1134.002", + "technique": "Access Token Manipulation : Create Process with Token", + "url": "https://attack.mitre.org/techniques/T1134/002" + }, + { + "technique_id": "T1134.003", + "technique": "Access Token Manipulation : Make and Impersonate Token", + "url": "https://attack.mitre.org/techniques/T1134/003" + }, + { + "technique_id": "T1134.004", + "technique": "Access Token Manipulation : Parent PID Spoofing", + "url": "https://attack.mitre.org/techniques/T1134/004" + }, + { + "technique_id": "T1134.005", + "technique": "Access Token Manipulation : SID-History Injection", + "url": "https://attack.mitre.org/techniques/T1134/005" + }, + { + "technique_id": "T1135", + "technique": "Network Share Discovery", + "url": "https://attack.mitre.org/techniques/T1135", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1136", + "technique": "Create Account", + "url": "https://attack.mitre.org/techniques/T1136", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1136.001", + "technique": "Create Account : Local Account", + "url": "https://attack.mitre.org/techniques/T1136/001" + }, + { + "technique_id": "T1136.002", + "technique": "Create Account : Domain Account", + "url": "https://attack.mitre.org/techniques/T1136/002" + }, + { + "technique_id": "T1136.003", + "technique": "Create Account : Cloud Account", + "url": "https://attack.mitre.org/techniques/T1136/003" + }, + { + "technique_id": "T1137", + "technique": "Office Application Startup", + "url": "https://attack.mitre.org/techniques/T1137", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1137.001", + "technique": "Office Application Startup : Office Template Macros", + "url": "https://attack.mitre.org/techniques/T1137/001" + }, + { + "technique_id": "T1137.002", + "technique": "Office Application Startup : Office Test", + "url": "https://attack.mitre.org/techniques/T1137/002" + }, + { + "technique_id": "T1137.003", + "technique": "Office Application Startup : Outlook Forms", + "url": "https://attack.mitre.org/techniques/T1137/003" + }, + { + "technique_id": "T1137.004", + "technique": "Office Application Startup : Outlook Home Page", + "url": "https://attack.mitre.org/techniques/T1137/004" + }, + { + "technique_id": "T1137.005", + "technique": "Office Application Startup : Outlook Rules", + "url": "https://attack.mitre.org/techniques/T1137/005" + }, + { + "technique_id": "T1137.006", + "technique": "Office Application Startup : Add-ins", + "url": "https://attack.mitre.org/techniques/T1137/006" + }, + { + "technique_id": "T1140", + "technique": "Deobfuscate/Decode Files or Information", + "url": "https://attack.mitre.org/techniques/T1140", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1176", + "technique": "Browser Extensions", + "url": "https://attack.mitre.org/techniques/T1176", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1185", + "technique": "Man in the Browser", + "url": "https://attack.mitre.org/techniques/T1185", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1187", + "technique": "Forced Authentication", + "url": "https://attack.mitre.org/techniques/T1187", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1189", + "technique": "Drive-by Compromise", + "url": "https://attack.mitre.org/techniques/T1189", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1190", + "technique": "Exploit Public-Facing Application", + "url": "https://attack.mitre.org/techniques/T1190", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1195", + "technique": "Supply Chain Compromise", + "url": "https://attack.mitre.org/techniques/T1195", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1195.001", + "technique": "Supply Chain Compromise : Compromise Software Dependencies and Development Tools", + "url": "https://attack.mitre.org/techniques/T1195/001" + }, + { + "technique_id": "T1195.002", + "technique": "Supply Chain Compromise : Compromise Software Supply Chain", + "url": "https://attack.mitre.org/techniques/T1195/002" + }, + { + "technique_id": "T1195.003", + "technique": "Supply Chain Compromise : Compromise Hardware Supply Chain", + "url": "https://attack.mitre.org/techniques/T1195/003" + }, + { + "technique_id": "T1197", + "technique": "BITS Jobs", + "url": "https://attack.mitre.org/techniques/T1197", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1199", + "technique": "Trusted Relationship", + "url": "https://attack.mitre.org/techniques/T1199", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1200", + "technique": "Hardware Additions", + "url": "https://attack.mitre.org/techniques/T1200", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1201", + "technique": "Password Policy Discovery", + "url": "https://attack.mitre.org/techniques/T1201", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1202", + "technique": "Indirect Command Execution", + "url": "https://attack.mitre.org/techniques/T1202", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1203", + "technique": "Exploitation for Client Execution", + "url": "https://attack.mitre.org/techniques/T1203", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1204", + "technique": "User Execution", + "url": "https://attack.mitre.org/techniques/T1204", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1204.001", + "technique": "User Execution : Malicious Link", + "url": "https://attack.mitre.org/techniques/T1204/001" + }, + { + "technique_id": "T1204.002", + "technique": "User Execution : Malicious File", + "url": "https://attack.mitre.org/techniques/T1204/002" + }, + { + "technique_id": "T1205", + "technique": "Traffic Signaling", + "url": "https://attack.mitre.org/techniques/T1205", + "tactic": [ + "Defense Evasion", + "Persistence", + "Command and Control" + ] + }, + { + "technique_id": "T1205.001", + "technique": "Traffic Signaling : Port Knocking", + "url": "https://attack.mitre.org/techniques/T1205/001" + }, + { + "technique_id": "T1207", + "technique": "Rogue Domain Controller", + "url": "https://attack.mitre.org/techniques/T1207", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1210", + "technique": "Exploitation of Remote Services", + "url": "https://attack.mitre.org/techniques/T1210", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1211", + "technique": "Exploitation for Defense Evasion", + "url": "https://attack.mitre.org/techniques/T1211", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1212", + "technique": "Exploitation for Credential Access", + "url": "https://attack.mitre.org/techniques/T1212", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1213", + "technique": "Data from Information Repositories", + "url": "https://attack.mitre.org/techniques/T1213", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1213.001", + "technique": "Data from Information Repositories : Confluence", + "url": "https://attack.mitre.org/techniques/T1213/001" + }, + { + "technique_id": "T1213.002", + "technique": "Data from Information Repositories : Sharepoint", + "url": "https://attack.mitre.org/techniques/T1213/002" + }, + { + "technique_id": "T1216", + "technique": "Signed Script Proxy Execution", + "url": "https://attack.mitre.org/techniques/T1216", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1216.001", + "technique": "Signed Script Proxy Execution : PubPrn", + "url": "https://attack.mitre.org/techniques/T1216/001" + }, + { + "technique_id": "T1217", + "technique": "Browser Bookmark Discovery", + "url": "https://attack.mitre.org/techniques/T1217", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1218", + "technique": "Signed Binary Proxy Execution", + "url": "https://attack.mitre.org/techniques/T1218", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1218.001", + "technique": "Signed Binary Proxy Execution : Compiled HTML File", + "url": "https://attack.mitre.org/techniques/T1218/001" + }, + { + "technique_id": "T1218.002", + "technique": "Signed Binary Proxy Execution : Control Panel", + "url": "https://attack.mitre.org/techniques/T1218/002" + }, + { + "technique_id": "T1218.003", + "technique": "Signed Binary Proxy Execution : CMSTP", + "url": "https://attack.mitre.org/techniques/T1218/003" + }, + { + "technique_id": "T1218.004", + "technique": "Signed Binary Proxy Execution : InstallUtil", + "url": "https://attack.mitre.org/techniques/T1218/004" + }, + { + "technique_id": "T1218.005", + "technique": "Signed Binary Proxy Execution : Mshta", + "url": "https://attack.mitre.org/techniques/T1218/005" + }, + { + "technique_id": "T1218.007", + "technique": "Signed Binary Proxy Execution : Msiexec", + "url": "https://attack.mitre.org/techniques/T1218/007" + }, + { + "technique_id": "T1218.008", + "technique": "Signed Binary Proxy Execution : Odbcconf", + "url": "https://attack.mitre.org/techniques/T1218/008" + }, + { + "technique_id": "T1218.009", + "technique": "Signed Binary Proxy Execution : Regsvcs/Regasm", + "url": "https://attack.mitre.org/techniques/T1218/009" + }, + { + "technique_id": "T1218.010", + "technique": "Signed Binary Proxy Execution : Regsvr32", + "url": "https://attack.mitre.org/techniques/T1218/010" + }, + { + "technique_id": "T1218.011", + "technique": "Signed Binary Proxy Execution : Rundll32", + "url": "https://attack.mitre.org/techniques/T1218/011" + }, + { + "technique_id": "T1219", + "technique": "Remote Access Software", + "url": "https://attack.mitre.org/techniques/T1219", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1220", + "technique": "XSL Script Processing", + "url": "https://attack.mitre.org/techniques/T1220", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1221", + "technique": "Template Injection", + "url": "https://attack.mitre.org/techniques/T1221", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1222", + "technique": "File and Directory Permissions Modification", + "url": "https://attack.mitre.org/techniques/T1222", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1222.001", + "technique": "File and Directory Permissions Modification : Windows File and Directory Permissions Modification", + "url": "https://attack.mitre.org/techniques/T1222/001" + }, + { + "technique_id": "T1222.002", + "technique": "File and Directory Permissions Modification : Linux and Mac File and Directory Permissions Modification", + "url": "https://attack.mitre.org/techniques/T1222/002" + }, + { + "technique_id": "T1224", + "technique": "Assess leadership areas of interest", + "url": "https://attack.mitre.org/techniques/T1224", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1225", + "technique": "Identify gap areas", + "url": "https://attack.mitre.org/techniques/T1225", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1226", + "technique": "Conduct cost/benefit analysis", + "url": "https://attack.mitre.org/techniques/T1226", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1227", + "technique": "Develop KITs/KIQs", + "url": "https://attack.mitre.org/techniques/T1227", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1228", + "technique": "Assign KITs/KIQs into categories", + "url": "https://attack.mitre.org/techniques/T1228", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1229", + "technique": "Assess KITs/KIQs benefits", + "url": "https://attack.mitre.org/techniques/T1229", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1230", + "technique": "Derive intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1230", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1231", + "technique": "Create strategic plan", + "url": "https://attack.mitre.org/techniques/T1231", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1232", + "technique": "Create implementation plan", + "url": "https://attack.mitre.org/techniques/T1232", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1233", + "technique": "Identify analyst level gaps", + "url": "https://attack.mitre.org/techniques/T1233", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1234", + "technique": "Generate analyst intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1234", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1235", + "technique": "Receive operator KITs/KIQs tasking", + "url": "https://attack.mitre.org/techniques/T1235", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1236", + "technique": "Assess current holdings, needs, and wants", + "url": "https://attack.mitre.org/techniques/T1236", + "tactic": [ + "Priority Definition Planning" + ] + }, + { + "technique_id": "T1237", + "technique": "Submit KITs, KIQs, and intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1237", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1238", + "technique": "Assign KITs, KIQs, and/or intelligence requirements", + "url": "https://attack.mitre.org/techniques/T1238", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1239", + "technique": "Receive KITs/KIQs and determine requirements", + "url": "https://attack.mitre.org/techniques/T1239", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1240", + "technique": "Task requirements", + "url": "https://attack.mitre.org/techniques/T1240", + "tactic": [ + "Priority Definition Direction" + ] + }, + { + "technique_id": "T1241", + "technique": "Determine strategic target", + "url": "https://attack.mitre.org/techniques/T1241", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1242", + "technique": "Determine operational element", + "url": "https://attack.mitre.org/techniques/T1242", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1243", + "technique": "Determine highest level tactical element", + "url": "https://attack.mitre.org/techniques/T1243", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1244", + "technique": "Determine secondary level tactical element", + "url": "https://attack.mitre.org/techniques/T1244", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1245", + "technique": "Determine approach/attack vector", + "url": "https://attack.mitre.org/techniques/T1245", + "tactic": [ + "Target Selection" + ] + }, + { + "technique_id": "T1246", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1246", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1247", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1247", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1248", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1248", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1249", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1249", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1250", + "technique": "Determine domain and IP address space", + "url": "https://attack.mitre.org/techniques/T1250", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1251", + "technique": "Obtain domain/IP registration information", + "url": "https://attack.mitre.org/techniques/T1251", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1252", + "technique": "Map network topology", + "url": "https://attack.mitre.org/techniques/T1252", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1253", + "technique": "Conduct passive scanning", + "url": "https://attack.mitre.org/techniques/T1253", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1254", + "technique": "Conduct active scanning", + "url": "https://attack.mitre.org/techniques/T1254", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1255", + "technique": "Discover target logon/email address format", + "url": "https://attack.mitre.org/techniques/T1255", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1256", + "technique": "Identify web defensive services", + "url": "https://attack.mitre.org/techniques/T1256", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1257", + "technique": "Mine technical blogs/forums", + "url": "https://attack.mitre.org/techniques/T1257", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1258", + "technique": "Determine firmware version", + "url": "https://attack.mitre.org/techniques/T1258", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1259", + "technique": "Determine external network trust dependencies", + "url": "https://attack.mitre.org/techniques/T1259", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1260", + "technique": "Determine 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1260", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1261", + "technique": "Enumerate externally facing software applications technologies, languages, and dependencies", + "url": "https://attack.mitre.org/techniques/T1261", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1262", + "technique": "Enumerate client configurations", + "url": "https://attack.mitre.org/techniques/T1262", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1263", + "technique": "Identify security defensive capabilities", + "url": "https://attack.mitre.org/techniques/T1263", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1264", + "technique": "Identify technology usage patterns", + "url": "https://attack.mitre.org/techniques/T1264", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1265", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1265", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1266", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1266", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1267", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1267", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1268", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1268", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1269", + "technique": "Identify people of interest", + "url": "https://attack.mitre.org/techniques/T1269", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1270", + "technique": "Identify groups/roles", + "url": "https://attack.mitre.org/techniques/T1270", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1271", + "technique": "Identify personnel with an authority/privilege", + "url": "https://attack.mitre.org/techniques/T1271", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1272", + "technique": "Identify business relationships", + "url": "https://attack.mitre.org/techniques/T1272", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1273", + "technique": "Mine social media", + "url": "https://attack.mitre.org/techniques/T1273", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1274", + "technique": "Identify sensitive personnel information", + "url": "https://attack.mitre.org/techniques/T1274", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1275", + "technique": "Aggregate individual's digital footprint", + "url": "https://attack.mitre.org/techniques/T1275", + "tactic": [ + "People Information Gathering" + ] + }, + { + "technique_id": "T1276", + "technique": "Identify supply chains", + "url": "https://attack.mitre.org/techniques/T1276", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1277", + "technique": "Acquire OSINT data sets and information", + "url": "https://attack.mitre.org/techniques/T1277", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1278", + "technique": "Identify job postings and needs/gaps", + "url": "https://attack.mitre.org/techniques/T1278", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1279", + "technique": "Conduct social engineering", + "url": "https://attack.mitre.org/techniques/T1279", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1280", + "technique": "Identify business processes/tempo", + "url": "https://attack.mitre.org/techniques/T1280", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1281", + "technique": "Obtain templates/branding materials", + "url": "https://attack.mitre.org/techniques/T1281", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1282", + "technique": "Determine physical locations", + "url": "https://attack.mitre.org/techniques/T1282", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1283", + "technique": "Identify business relationships", + "url": "https://attack.mitre.org/techniques/T1283", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1284", + "technique": "Determine 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1284", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1285", + "technique": "Determine centralization of IT management", + "url": "https://attack.mitre.org/techniques/T1285", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1286", + "technique": "Dumpster dive", + "url": "https://attack.mitre.org/techniques/T1286", + "tactic": [ + "Organizational Information Gathering" + ] + }, + { + "technique_id": "T1287", + "technique": "Analyze data collected", + "url": "https://attack.mitre.org/techniques/T1287", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1288", + "technique": "Analyze architecture and configuration posture", + "url": "https://attack.mitre.org/techniques/T1288", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1289", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1289", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1290", + "technique": "Research visibility gap of security vendors", + "url": "https://attack.mitre.org/techniques/T1290", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1291", + "technique": "Research relevant vulnerabilities/CVEs", + "url": "https://attack.mitre.org/techniques/T1291", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1292", + "technique": "Test signature detection", + "url": "https://attack.mitre.org/techniques/T1292", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1293", + "technique": "Analyze application security posture", + "url": "https://attack.mitre.org/techniques/T1293", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1294", + "technique": "Analyze hardware/software security defensive capabilities", + "url": "https://attack.mitre.org/techniques/T1294", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1295", + "technique": "Analyze social and business relationships, interests, and affiliations", + "url": "https://attack.mitre.org/techniques/T1295", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1296", + "technique": "Assess targeting options", + "url": "https://attack.mitre.org/techniques/T1296", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1297", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1297", + "tactic": [ + "People Weakness Identification" + ] + }, + { + "technique_id": "T1298", + "technique": "Assess vulnerability of 3rd party vendors", + "url": "https://attack.mitre.org/techniques/T1298", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1299", + "technique": "Assess opportunities created by business deals", + "url": "https://attack.mitre.org/techniques/T1299", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1300", + "technique": "Analyze organizational skillsets and deficiencies", + "url": "https://attack.mitre.org/techniques/T1300", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1301", + "technique": "Analyze business processes", + "url": "https://attack.mitre.org/techniques/T1301", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1302", + "technique": "Assess security posture of physical locations", + "url": "https://attack.mitre.org/techniques/T1302", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1303", + "technique": "Analyze presence of outsourced capabilities", + "url": "https://attack.mitre.org/techniques/T1303", + "tactic": [ + "Organizational Weakness Identification" + ] + }, + { + "technique_id": "T1304", + "technique": "Proxy/protocol relays", + "url": "https://attack.mitre.org/techniques/T1304", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1305", + "technique": "Private whois services", + "url": "https://attack.mitre.org/techniques/T1305", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1306", + "technique": "Anonymity services", + "url": "https://attack.mitre.org/techniques/T1306", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1307", + "technique": "Acquire and/or use 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1307", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1308", + "technique": "Acquire and/or use 3rd party software services", + "url": "https://attack.mitre.org/techniques/T1308", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1309", + "technique": "Obfuscate infrastructure", + "url": "https://attack.mitre.org/techniques/T1309", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1310", + "technique": "Acquire or compromise 3rd party signing certificates", + "url": "https://attack.mitre.org/techniques/T1310", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1311", + "technique": "Dynamic DNS", + "url": "https://attack.mitre.org/techniques/T1311", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1312", + "technique": "Compromise 3rd party infrastructure to support delivery", + "url": "https://attack.mitre.org/techniques/T1312", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1313", + "technique": "Obfuscation or cryptography", + "url": "https://attack.mitre.org/techniques/T1313", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1314", + "technique": "Host-based hiding techniques", + "url": "https://attack.mitre.org/techniques/T1314", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1315", + "technique": "Network-based hiding techniques", + "url": "https://attack.mitre.org/techniques/T1315", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1316", + "technique": "Non-traditional or less attributable payment options", + "url": "https://attack.mitre.org/techniques/T1316", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1317", + "technique": "Secure and protect infrastructure", + "url": "https://attack.mitre.org/techniques/T1317", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1318", + "technique": "Obfuscate operational infrastructure", + "url": "https://attack.mitre.org/techniques/T1318", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1319", + "technique": "Obfuscate or encrypt code", + "url": "https://attack.mitre.org/techniques/T1319", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1320", + "technique": "Data Hiding", + "url": "https://attack.mitre.org/techniques/T1320", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1321", + "technique": "Common, high volume protocols and software", + "url": "https://attack.mitre.org/techniques/T1321", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1322", + "technique": "Misattributable credentials", + "url": "https://attack.mitre.org/techniques/T1322", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1326", + "technique": "Domain registration hijacking", + "url": "https://attack.mitre.org/techniques/T1326", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1327", + "technique": "Use multiple DNS infrastructures", + "url": "https://attack.mitre.org/techniques/T1327", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1328", + "technique": "Buy domain name", + "url": "https://attack.mitre.org/techniques/T1328", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1329", + "technique": "Acquire and/or use 3rd party infrastructure services", + "url": "https://attack.mitre.org/techniques/T1329", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1330", + "technique": "Acquire and/or use 3rd party software services", + "url": "https://attack.mitre.org/techniques/T1330", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1331", + "technique": "Obfuscate infrastructure", + "url": "https://attack.mitre.org/techniques/T1331", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1332", + "technique": "Acquire or compromise 3rd party signing certificates", + "url": "https://attack.mitre.org/techniques/T1332", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1333", + "technique": "Dynamic DNS", + "url": "https://attack.mitre.org/techniques/T1333", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1334", + "technique": "Compromise 3rd party infrastructure to support delivery", + "url": "https://attack.mitre.org/techniques/T1334", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1335", + "technique": "Procure required equipment and software", + "url": "https://attack.mitre.org/techniques/T1335", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1336", + "technique": "Install and configure hardware, network, and systems", + "url": "https://attack.mitre.org/techniques/T1336", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1337", + "technique": "SSL certificate acquisition for domain", + "url": "https://attack.mitre.org/techniques/T1337", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1338", + "technique": "SSL certificate acquisition for trust breaking", + "url": "https://attack.mitre.org/techniques/T1338", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1339", + "technique": "Create backup infrastructure", + "url": "https://attack.mitre.org/techniques/T1339", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1340", + "technique": "Shadow DNS", + "url": "https://attack.mitre.org/techniques/T1340", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1341", + "technique": "Build social network persona", + "url": "https://attack.mitre.org/techniques/T1341", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1342", + "technique": "Develop social network persona digital footprint", + "url": "https://attack.mitre.org/techniques/T1342", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1343", + "technique": "Choose pre-compromised persona and affiliated accounts", + "url": "https://attack.mitre.org/techniques/T1343", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1344", + "technique": "Friend/Follow/Connect to targets of interest", + "url": "https://attack.mitre.org/techniques/T1344", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1345", + "technique": "Create custom payloads", + "url": "https://attack.mitre.org/techniques/T1345", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1346", + "technique": "Obtain/re-use payloads", + "url": "https://attack.mitre.org/techniques/T1346", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1347", + "technique": "Build and configure delivery systems", + "url": "https://attack.mitre.org/techniques/T1347", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1348", + "technique": "Identify resources required to build capabilities", + "url": "https://attack.mitre.org/techniques/T1348", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1349", + "technique": "Build or acquire exploits", + "url": "https://attack.mitre.org/techniques/T1349", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1350", + "technique": "Discover new exploits and monitor exploit-provider forums", + "url": "https://attack.mitre.org/techniques/T1350", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1351", + "technique": "Remote access tool development", + "url": "https://attack.mitre.org/techniques/T1351", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1352", + "technique": "C2 protocol development", + "url": "https://attack.mitre.org/techniques/T1352", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1353", + "technique": "Post compromise tool development", + "url": "https://attack.mitre.org/techniques/T1353", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1354", + "technique": "Compromise 3rd party or closed-source vulnerability/exploit information", + "url": "https://attack.mitre.org/techniques/T1354", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1355", + "technique": "Create infected removable media", + "url": "https://attack.mitre.org/techniques/T1355", + "tactic": [ + "Build Capabilities" + ] + }, + { + "technique_id": "T1356", + "technique": "Test callback functionality", + "url": "https://attack.mitre.org/techniques/T1356", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1357", + "technique": "Test malware in various execution environments", + "url": "https://attack.mitre.org/techniques/T1357", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1358", + "technique": "Review logs and residual traces", + "url": "https://attack.mitre.org/techniques/T1358", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1359", + "technique": "Test malware to evade detection", + "url": "https://attack.mitre.org/techniques/T1359", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1360", + "technique": "Test physical access", + "url": "https://attack.mitre.org/techniques/T1360", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1361", + "technique": "Test signature detection for file upload/email filters", + "url": "https://attack.mitre.org/techniques/T1361", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1362", + "technique": "Upload, install, and configure software/tools", + "url": "https://attack.mitre.org/techniques/T1362", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1363", + "technique": "Port redirector", + "url": "https://attack.mitre.org/techniques/T1363", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1364", + "technique": "Friend/Follow/Connect to targets of interest", + "url": "https://attack.mitre.org/techniques/T1364", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1365", + "technique": "Hardware or software supply chain implant", + "url": "https://attack.mitre.org/techniques/T1365", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1379", + "technique": "Disseminate removable media", + "url": "https://attack.mitre.org/techniques/T1379", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1389", + "technique": "Identify vulnerabilities in third-party software libraries", + "url": "https://attack.mitre.org/techniques/T1389", + "tactic": [ + "Technical Weakness Identification" + ] + }, + { + "technique_id": "T1390", + "technique": "OS-vendor provided communication channels", + "url": "https://attack.mitre.org/techniques/T1390", + "tactic": [ + "Adversary OPSEC" + ] + }, + { + "technique_id": "T1391", + "technique": "Choose pre-compromised mobile app developer account credentials or signing keys", + "url": "https://attack.mitre.org/techniques/T1391", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1392", + "technique": "Obtain Apple iOS enterprise distribution key pair and certificate", + "url": "https://attack.mitre.org/techniques/T1392", + "tactic": [ + "Persona Development" + ] + }, + { + "technique_id": "T1393", + "technique": "Test ability to evade automated mobile application security analysis performed by app stores", + "url": "https://attack.mitre.org/techniques/T1393", + "tactic": [ + "Test Capabilities" + ] + }, + { + "technique_id": "T1394", + "technique": "Distribute malicious software development tools", + "url": "https://attack.mitre.org/techniques/T1394", + "tactic": [ + "Stage Capabilities" + ] + }, + { + "technique_id": "T1396", + "technique": "Obtain booter/stressor subscription", + "url": "https://attack.mitre.org/techniques/T1396", + "tactic": [ + "Establish & Maintain Infrastructure" + ] + }, + { + "technique_id": "T1397", + "technique": "Spearphishing for Information", + "url": "https://attack.mitre.org/techniques/T1397", + "tactic": [ + "Technical Information Gathering" + ] + }, + { + "technique_id": "T1398", + "technique": "Modify OS Kernel or Boot Partition", + "url": "https://attack.mitre.org/techniques/T1398", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1399", + "technique": "Modify Trusted Execution Environment", + "url": "https://attack.mitre.org/techniques/T1399", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1400", + "technique": "Modify System Partition", + "url": "https://attack.mitre.org/techniques/T1400", + "tactic": [ + "Defense Evasion", + "Persistence", + "Impact" + ] + }, + { + "technique_id": "T1401", + "technique": "Abuse Device Administrator Access to Prevent Removal", + "url": "https://attack.mitre.org/techniques/T1401", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1402", + "technique": "Broadcast Receivers", + "url": "https://attack.mitre.org/techniques/T1402", + "tactic": [ + "Persistence", + "Execution" + ] + }, + { + "technique_id": "T1403", + "technique": "Modify Cached Executable Code", + "url": "https://attack.mitre.org/techniques/T1403", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1404", + "technique": "Exploit OS Vulnerability", + "url": "https://attack.mitre.org/techniques/T1404", + "tactic": [ + "Privilege Escalation" + ] + }, + { + "technique_id": "T1405", + "technique": "Exploit TEE Vulnerability", + "url": "https://attack.mitre.org/techniques/T1405", + "tactic": [ + "Credential Access", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1406", + "technique": "Obfuscated Files or Information", + "url": "https://attack.mitre.org/techniques/T1406", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1407", + "technique": "Download New Code at Runtime", + "url": "https://attack.mitre.org/techniques/T1407", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1408", + "technique": "Disguise Root/Jailbreak Indicators", + "url": "https://attack.mitre.org/techniques/T1408", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1409", + "technique": "Access Stored Application Data", + "url": "https://attack.mitre.org/techniques/T1409", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1410", + "technique": "Network Traffic Capture or Redirection", + "url": "https://attack.mitre.org/techniques/T1410", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1411", + "technique": "Input Prompt", + "url": "https://attack.mitre.org/techniques/T1411", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1412", + "technique": "Capture SMS Messages", + "url": "https://attack.mitre.org/techniques/T1412", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1413", + "technique": "Access Sensitive Data in Device Logs", + "url": "https://attack.mitre.org/techniques/T1413", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1414", + "technique": "Capture Clipboard Data", + "url": "https://attack.mitre.org/techniques/T1414", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1415", + "technique": "URL Scheme Hijacking", + "url": "https://attack.mitre.org/techniques/T1415", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1416", + "technique": "Android Intent Hijacking", + "url": "https://attack.mitre.org/techniques/T1416", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1417", + "technique": "Input Capture", + "url": "https://attack.mitre.org/techniques/T1417", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1418", + "technique": "Application Discovery", + "url": "https://attack.mitre.org/techniques/T1418", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1420", + "technique": "File and Directory Discovery", + "url": "https://attack.mitre.org/techniques/T1420", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1421", + "technique": "System Network Connections Discovery", + "url": "https://attack.mitre.org/techniques/T1421", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1422", + "technique": "System Network Configuration Discovery", + "url": "https://attack.mitre.org/techniques/T1422", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1423", + "technique": "Network Service Scanning", + "url": "https://attack.mitre.org/techniques/T1423", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1424", + "technique": "Process Discovery", + "url": "https://attack.mitre.org/techniques/T1424", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1426", + "technique": "System Information Discovery", + "url": "https://attack.mitre.org/techniques/T1426", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1427", + "technique": "Attack PC via USB Connection", + "url": "https://attack.mitre.org/techniques/T1427", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1428", + "technique": "Exploit Enterprise Resources", + "url": "https://attack.mitre.org/techniques/T1428", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1429", + "technique": "Capture Audio", + "url": "https://attack.mitre.org/techniques/T1429", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1430", + "technique": "Location Tracking", + "url": "https://attack.mitre.org/techniques/T1430", + "tactic": [ + "Collection", + "Discovery" + ] + }, + { + "technique_id": "T1432", + "technique": "Access Contact List", + "url": "https://attack.mitre.org/techniques/T1432", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1433", + "technique": "Access Call Log", + "url": "https://attack.mitre.org/techniques/T1433", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1435", + "technique": "Access Calendar Entries", + "url": "https://attack.mitre.org/techniques/T1435", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1436", + "technique": "Commonly Used Port", + "url": "https://attack.mitre.org/techniques/T1436", + "tactic": [ + "Command and Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1437", + "technique": "Standard Application Layer Protocol", + "url": "https://attack.mitre.org/techniques/T1437", + "tactic": [ + "Command and Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1438", + "technique": "Alternate Network Mediums", + "url": "https://attack.mitre.org/techniques/T1438", + "tactic": [ + "Command and Control", + "Exfiltration" + ] + }, + { + "technique_id": "T1439", + "technique": "Eavesdrop on Insecure Network Communication", + "url": "https://attack.mitre.org/techniques/T1439", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1444", + "technique": "Masquerade as Legitimate Application", + "url": "https://attack.mitre.org/techniques/T1444", + "tactic": [ + "Initial Access", + "Defense Evasion" + ] + }, + { + "technique_id": "T1446", + "technique": "Device Lockout", + "url": "https://attack.mitre.org/techniques/T1446", + "tactic": [ + "Impact", + "Defense Evasion" + ] + }, + { + "technique_id": "T1447", + "technique": "Delete Device Data", + "url": "https://attack.mitre.org/techniques/T1447", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1448", + "technique": "Carrier Billing Fraud", + "url": "https://attack.mitre.org/techniques/T1448", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1449", + "technique": "Exploit SS7 to Redirect Phone Calls/SMS", + "url": "https://attack.mitre.org/techniques/T1449", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1450", + "technique": "Exploit SS7 to Track Device Location", + "url": "https://attack.mitre.org/techniques/T1450", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1451", + "technique": "SIM Card Swap", + "url": "https://attack.mitre.org/techniques/T1451", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1452", + "technique": "Manipulate App Store Rankings or Ratings", + "url": "https://attack.mitre.org/techniques/T1452", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1456", + "technique": "Drive-by Compromise", + "url": "https://attack.mitre.org/techniques/T1456", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1458", + "technique": "Exploit via Charging Station or PC", + "url": "https://attack.mitre.org/techniques/T1458", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1461", + "technique": "Lockscreen Bypass", + "url": "https://attack.mitre.org/techniques/T1461", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1463", + "technique": "Manipulate Device Communication", + "url": "https://attack.mitre.org/techniques/T1463", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1464", + "technique": "Jamming or Denial of Service", + "url": "https://attack.mitre.org/techniques/T1464", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1465", + "technique": "Rogue Wi-Fi Access Points", + "url": "https://attack.mitre.org/techniques/T1465", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1466", + "technique": "Downgrade to Insecure Protocols", + "url": "https://attack.mitre.org/techniques/T1466", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1467", + "technique": "Rogue Cellular Base Station", + "url": "https://attack.mitre.org/techniques/T1467", + "tactic": [ + "Network Effects" + ] + }, + { + "technique_id": "T1468", + "technique": "Remotely Track Device Without Authorization", + "url": "https://attack.mitre.org/techniques/T1468", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1469", + "technique": "Remotely Wipe Data Without Authorization", + "url": "https://attack.mitre.org/techniques/T1469", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1470", + "technique": "Obtain Device Cloud Backups", + "url": "https://attack.mitre.org/techniques/T1470", + "tactic": [ + "Remote Service Effects" + ] + }, + { + "technique_id": "T1471", + "technique": "Data Encrypted for Impact", + "url": "https://attack.mitre.org/techniques/T1471", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1472", + "technique": "Generate Fraudulent Advertising Revenue", + "url": "https://attack.mitre.org/techniques/T1472", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1474", + "technique": "Supply Chain Compromise", + "url": "https://attack.mitre.org/techniques/T1474", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1475", + "technique": "Deliver Malicious App via Authorized App Store", + "url": "https://attack.mitre.org/techniques/T1475", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1476", + "technique": "Deliver Malicious App via Other Means", + "url": "https://attack.mitre.org/techniques/T1476", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1477", + "technique": "Exploit via Radio Interfaces", + "url": "https://attack.mitre.org/techniques/T1477", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1478", + "technique": "Install Insecure or Malicious Configuration", + "url": "https://attack.mitre.org/techniques/T1478", + "tactic": [ + "Defense Evasion", + "Initial Access" + ] + }, + { + "technique_id": "T1480", + "technique": "Execution Guardrails", + "url": "https://attack.mitre.org/techniques/T1480", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1480.001", + "technique": "Execution Guardrails : Environmental Keying", + "url": "https://attack.mitre.org/techniques/T1480/001" + }, + { + "technique_id": "T1481", + "technique": "Web Service", + "url": "https://attack.mitre.org/techniques/T1481", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1482", + "technique": "Domain Trust Discovery", + "url": "https://attack.mitre.org/techniques/T1482", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1484", + "technique": "Group Policy Modification", + "url": "https://attack.mitre.org/techniques/T1484", + "tactic": [ + "Defense Evasion", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1485", + "technique": "Data Destruction", + "url": "https://attack.mitre.org/techniques/T1485", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1486", + "technique": "Data Encrypted for Impact", + "url": "https://attack.mitre.org/techniques/T1486", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1489", + "technique": "Service Stop", + "url": "https://attack.mitre.org/techniques/T1489", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1490", + "technique": "Inhibit System Recovery", + "url": "https://attack.mitre.org/techniques/T1490", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1491", + "technique": "Defacement", + "url": "https://attack.mitre.org/techniques/T1491", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1491.001", + "technique": "Defacement : Internal Defacement", + "url": "https://attack.mitre.org/techniques/T1491/001" + }, + { + "technique_id": "T1491.002", + "technique": "Defacement : External Defacement", + "url": "https://attack.mitre.org/techniques/T1491/002" + }, + { + "technique_id": "T1495", + "technique": "Firmware Corruption", + "url": "https://attack.mitre.org/techniques/T1495", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1496", + "technique": "Resource Hijacking", + "url": "https://attack.mitre.org/techniques/T1496", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1497", + "technique": "Virtualization/Sandbox Evasion", + "url": "https://attack.mitre.org/techniques/T1497", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1497.001", + "technique": "Virtualization/Sandbox Evasion : System Checks", + "url": "https://attack.mitre.org/techniques/T1497/001" + }, + { + "technique_id": "T1497.002", + "technique": "Virtualization/Sandbox Evasion : User Activity Based Checks", + "url": "https://attack.mitre.org/techniques/T1497/002" + }, + { + "technique_id": "T1497.003", + "technique": "Virtualization/Sandbox Evasion : Time Based Evasion", + "url": "https://attack.mitre.org/techniques/T1497/003" + }, + { + "technique_id": "T1498", + "technique": "Network Denial of Service", + "url": "https://attack.mitre.org/techniques/T1498", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1498.001", + "technique": "Network Denial of Service : Direct Network Flood", + "url": "https://attack.mitre.org/techniques/T1498/001" + }, + { + "technique_id": "T1498.002", + "technique": "Network Denial of Service : Reflection Amplification", + "url": "https://attack.mitre.org/techniques/T1498/002" + }, + { + "technique_id": "T1499", + "technique": "Endpoint Denial of Service", + "url": "https://attack.mitre.org/techniques/T1499", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1499.001", + "technique": "Endpoint Denial of Service : OS Exhaustion Flood", + "url": "https://attack.mitre.org/techniques/T1499/001" + }, + { + "technique_id": "T1499.002", + "technique": "Endpoint Denial of Service : Service Exhaustion Flood", + "url": "https://attack.mitre.org/techniques/T1499/002" + }, + { + "technique_id": "T1499.003", + "technique": "Endpoint Denial of Service : Application Exhaustion Flood", + "url": "https://attack.mitre.org/techniques/T1499/003" + }, + { + "technique_id": "T1499.004", + "technique": "Endpoint Denial of Service : Application or System Exploitation", + "url": "https://attack.mitre.org/techniques/T1499/004" + }, + { + "technique_id": "T1505", + "technique": "Server Software Component", + "url": "https://attack.mitre.org/techniques/T1505", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1505.001", + "technique": "Server Software Component : SQL Stored Procedures", + "url": "https://attack.mitre.org/techniques/T1505/001" + }, + { + "technique_id": "T1505.002", + "technique": "Server Software Component : Transport Agent", + "url": "https://attack.mitre.org/techniques/T1505/002" + }, + { + "technique_id": "T1505.003", + "technique": "Server Software Component : Web Shell", + "url": "https://attack.mitre.org/techniques/T1505/003" + }, + { + "technique_id": "T1507", + "technique": "Network Information Discovery", + "url": "https://attack.mitre.org/techniques/T1507", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1508", + "technique": "Suppress Application Icon", + "url": "https://attack.mitre.org/techniques/T1508", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1509", + "technique": "Uncommonly Used Port", + "url": "https://attack.mitre.org/techniques/T1509", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1510", + "technique": "Clipboard Modification", + "url": "https://attack.mitre.org/techniques/T1510", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1512", + "technique": "Capture Camera", + "url": "https://attack.mitre.org/techniques/T1512", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1513", + "technique": "Screen Capture", + "url": "https://attack.mitre.org/techniques/T1513", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1516", + "technique": "Input Injection", + "url": "https://attack.mitre.org/techniques/T1516", + "tactic": [ + "Defense Evasion", + "Impact" + ] + }, + { + "technique_id": "T1517", + "technique": "Access Notifications", + "url": "https://attack.mitre.org/techniques/T1517", + "tactic": [ + "Collection", + "Credential Access" + ] + }, + { + "technique_id": "T1518", + "technique": "Software Discovery", + "url": "https://attack.mitre.org/techniques/T1518", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1518.001", + "technique": "Software Discovery : Security Software Discovery", + "url": "https://attack.mitre.org/techniques/T1518/001" + }, + { + "technique_id": "T1520", + "technique": "Domain Generation Algorithms", + "url": "https://attack.mitre.org/techniques/T1520", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1521", + "technique": "Standard Cryptographic Protocol", + "url": "https://attack.mitre.org/techniques/T1521", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1523", + "technique": "Evade Analysis Environment", + "url": "https://attack.mitre.org/techniques/T1523", + "tactic": [ + "Defense Evasion", + "Discovery" + ] + }, + { + "technique_id": "T1525", + "technique": "Implant Container Image", + "url": "https://attack.mitre.org/techniques/T1525", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1526", + "technique": "Cloud Service Discovery", + "url": "https://attack.mitre.org/techniques/T1526", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1528", + "technique": "Steal Application Access Token", + "url": "https://attack.mitre.org/techniques/T1528", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1529", + "technique": "System Shutdown/Reboot", + "url": "https://attack.mitre.org/techniques/T1529", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1530", + "technique": "Data from Cloud Storage Object", + "url": "https://attack.mitre.org/techniques/T1530", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1531", + "technique": "Account Access Removal", + "url": "https://attack.mitre.org/techniques/T1531", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1532", + "technique": "Data Encrypted", + "url": "https://attack.mitre.org/techniques/T1532", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1533", + "technique": "Data from Local System", + "url": "https://attack.mitre.org/techniques/T1533", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1534", + "technique": "Internal Spearphishing", + "url": "https://attack.mitre.org/techniques/T1534", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1535", + "technique": "Unused/Unsupported Cloud Regions", + "url": "https://attack.mitre.org/techniques/T1535", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1537", + "technique": "Transfer Data to Cloud Account", + "url": "https://attack.mitre.org/techniques/T1537", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1538", + "technique": "Cloud Service Dashboard", + "url": "https://attack.mitre.org/techniques/T1538", + "tactic": [ + "Discovery" + ] + }, + { + "technique_id": "T1539", + "technique": "Steal Web Session Cookie", + "url": "https://attack.mitre.org/techniques/T1539", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1540", + "technique": "Code Injection", + "url": "https://attack.mitre.org/techniques/T1540", + "tactic": [ + "Persistence", + "Privilege Escalation", + "Defense Evasion" + ] + }, + { + "technique_id": "T1541", + "technique": "Foreground Persistence", + "url": "https://attack.mitre.org/techniques/T1541", + "tactic": [ + "Collection", + "Persistence" + ] + }, + { + "technique_id": "T1542", + "technique": "Pre-OS Boot", + "url": "https://attack.mitre.org/techniques/T1542", + "tactic": [ + "Defense Evasion", + "Persistence" + ] + }, + { + "technique_id": "T1542.001", + "technique": "Pre-OS Boot : System Firmware", + "url": "https://attack.mitre.org/techniques/T1542/001" + }, + { + "technique_id": "T1542.002", + "technique": "Pre-OS Boot : Component Firmware", + "url": "https://attack.mitre.org/techniques/T1542/002" + }, + { + "technique_id": "T1542.003", + "technique": "Pre-OS Boot : Bootkit", + "url": "https://attack.mitre.org/techniques/T1542/003" + }, + { + "technique_id": "T1543", + "technique": "Create or Modify System Process", + "url": "https://attack.mitre.org/techniques/T1543", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1543.001", + "technique": "Create or Modify System Process : Launch Agent", + "url": "https://attack.mitre.org/techniques/T1543/001" + }, + { + "technique_id": "T1543.002", + "technique": "Create or Modify System Process : Systemd Service", + "url": "https://attack.mitre.org/techniques/T1543/002" + }, + { + "technique_id": "T1543.003", + "technique": "Create or Modify System Process : Windows Service", + "url": "https://attack.mitre.org/techniques/T1543/003" + }, + { + "technique_id": "T1543.004", + "technique": "Create or Modify System Process : Launch Daemon", + "url": "https://attack.mitre.org/techniques/T1543/004" + }, + { + "technique_id": "T1544", + "technique": "Remote File Copy", + "url": "https://attack.mitre.org/techniques/T1544", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1546", + "technique": "Event Triggered Execution", + "url": "https://attack.mitre.org/techniques/T1546", + "tactic": [ + "Privilege Escalation", + "Persistence" + ] + }, + { + "technique_id": "T1546.001", + "technique": "Event Triggered Execution : Change Default File Association", + "url": "https://attack.mitre.org/techniques/T1546/001" + }, + { + "technique_id": "T1546.002", + "technique": "Event Triggered Execution : Screensaver", + "url": "https://attack.mitre.org/techniques/T1546/002" + }, + { + "technique_id": "T1546.003", + "technique": "Event Triggered Execution : Windows Management Instrumentation Event Subscription", + "url": "https://attack.mitre.org/techniques/T1546/003" + }, + { + "technique_id": "T1546.004", + "technique": "Event Triggered Execution : .bash_profile and .bashrc", + "url": "https://attack.mitre.org/techniques/T1546/004" + }, + { + "technique_id": "T1546.005", + "technique": "Event Triggered Execution : Trap", + "url": "https://attack.mitre.org/techniques/T1546/005" + }, + { + "technique_id": "T1546.006", + "technique": "Event Triggered Execution : LC_LOAD_DYLIB Addition", + "url": "https://attack.mitre.org/techniques/T1546/006" + }, + { + "technique_id": "T1546.007", + "technique": "Event Triggered Execution : Netsh Helper DLL", + "url": "https://attack.mitre.org/techniques/T1546/007" + }, + { + "technique_id": "T1546.008", + "technique": "Event Triggered Execution : Accessibility Features", + "url": "https://attack.mitre.org/techniques/T1546/008" + }, + { + "technique_id": "T1546.009", + "technique": "Event Triggered Execution : AppCert DLLs", + "url": "https://attack.mitre.org/techniques/T1546/009" + }, + { + "technique_id": "T1546.010", + "technique": "Event Triggered Execution : AppInit DLLs", + "url": "https://attack.mitre.org/techniques/T1546/010" + }, + { + "technique_id": "T1546.011", + "technique": "Event Triggered Execution : Application Shimming", + "url": "https://attack.mitre.org/techniques/T1546/011" + }, + { + "technique_id": "T1546.012", + "technique": "Event Triggered Execution : Image File Execution Options Injection", + "url": "https://attack.mitre.org/techniques/T1546/012" + }, + { + "technique_id": "T1546.013", + "technique": "Event Triggered Execution : PowerShell Profile", + "url": "https://attack.mitre.org/techniques/T1546/013" + }, + { + "technique_id": "T1546.014", + "technique": "Event Triggered Execution : Emond", + "url": "https://attack.mitre.org/techniques/T1546/014" + }, + { + "technique_id": "T1546.015", + "technique": "Event Triggered Execution : Component Object Model Hijacking", + "url": "https://attack.mitre.org/techniques/T1546/015" + }, + { + "technique_id": "T1547", + "technique": "Boot or Logon Autostart Execution", + "url": "https://attack.mitre.org/techniques/T1547", + "tactic": [ + "Persistence", + "Privilege Escalation" + ] + }, + { + "technique_id": "T1547.001", + "technique": "Boot or Logon Autostart Execution : Registry Run Keys / Startup Folder", + "url": "https://attack.mitre.org/techniques/T1547/001" + }, + { + "technique_id": "T1547.002", + "technique": "Boot or Logon Autostart Execution : Authentication Package", + "url": "https://attack.mitre.org/techniques/T1547/002" + }, + { + "technique_id": "T1547.003", + "technique": "Boot or Logon Autostart Execution : Time Providers", + "url": "https://attack.mitre.org/techniques/T1547/003" + }, + { + "technique_id": "T1547.004", + "technique": "Boot or Logon Autostart Execution : Winlogon Helper DLL", + "url": "https://attack.mitre.org/techniques/T1547/004" + }, + { + "technique_id": "T1547.005", + "technique": "Boot or Logon Autostart Execution : Security Support Provider", + "url": "https://attack.mitre.org/techniques/T1547/005" + }, + { + "technique_id": "T1547.006", + "technique": "Boot or Logon Autostart Execution : Kernel Modules and Extensions", + "url": "https://attack.mitre.org/techniques/T1547/006" + }, + { + "technique_id": "T1547.007", + "technique": "Boot or Logon Autostart Execution : Re-opened Applications", + "url": "https://attack.mitre.org/techniques/T1547/007" + }, + { + "technique_id": "T1547.008", + "technique": "Boot or Logon Autostart Execution : LSASS Driver", + "url": "https://attack.mitre.org/techniques/T1547/008" + }, + { + "technique_id": "T1547.009", + "technique": "Boot or Logon Autostart Execution : Shortcut Modification", + "url": "https://attack.mitre.org/techniques/T1547/009" + }, + { + "technique_id": "T1547.010", + "technique": "Boot or Logon Autostart Execution : Port Monitors", + "url": "https://attack.mitre.org/techniques/T1547/010" + }, + { + "technique_id": "T1547.011", + "technique": "Boot or Logon Autostart Execution : Plist Modification", + "url": "https://attack.mitre.org/techniques/T1547/011" + }, + { + "technique_id": "T1548", + "technique": "Abuse Elevation Control Mechanism", + "url": "https://attack.mitre.org/techniques/T1548", + "tactic": [ + "Privilege Escalation", + "Defense Evasion" + ] + }, + { + "technique_id": "T1548.001", + "technique": "Abuse Elevation Control Mechanism : Setuid and Setgid", + "url": "https://attack.mitre.org/techniques/T1548/001" + }, + { + "technique_id": "T1548.002", + "technique": "Abuse Elevation Control Mechanism : Bypass User Access Control", + "url": "https://attack.mitre.org/techniques/T1548/002" + }, + { + "technique_id": "T1548.003", + "technique": "Abuse Elevation Control Mechanism : Sudo and Sudo Caching", + "url": "https://attack.mitre.org/techniques/T1548/003" + }, + { + "technique_id": "T1548.004", + "technique": "Abuse Elevation Control Mechanism : Elevated Execution with Prompt", + "url": "https://attack.mitre.org/techniques/T1548/004" + }, + { + "technique_id": "T1550", + "technique": "Use Alternate Authentication Material", + "url": "https://attack.mitre.org/techniques/T1550", + "tactic": [ + "Defense Evasion", + "Lateral Movement" + ] + }, + { + "technique_id": "T1550.001", + "technique": "Use Alternate Authentication Material : Application Access Token", + "url": "https://attack.mitre.org/techniques/T1550/001" + }, + { + "technique_id": "T1550.002", + "technique": "Use Alternate Authentication Material : Pass the Hash", + "url": "https://attack.mitre.org/techniques/T1550/002" + }, + { + "technique_id": "T1550.003", + "technique": "Use Alternate Authentication Material : Pass the Ticket", + "url": "https://attack.mitre.org/techniques/T1550/003" + }, + { + "technique_id": "T1550.004", + "technique": "Use Alternate Authentication Material : Web Session Cookie", + "url": "https://attack.mitre.org/techniques/T1550/004" + }, + { + "technique_id": "T1552", + "technique": "Unsecured Credentials", + "url": "https://attack.mitre.org/techniques/T1552", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1552.001", + "technique": "Unsecured Credentials : Credentials In Files", + "url": "https://attack.mitre.org/techniques/T1552/001" + }, + { + "technique_id": "T1552.002", + "technique": "Unsecured Credentials : Credentials in Registry", + "url": "https://attack.mitre.org/techniques/T1552/002" + }, + { + "technique_id": "T1552.003", + "technique": "Unsecured Credentials : Bash History", + "url": "https://attack.mitre.org/techniques/T1552/003" + }, + { + "technique_id": "T1552.004", + "technique": "Unsecured Credentials : Private Keys", + "url": "https://attack.mitre.org/techniques/T1552/004" + }, + { + "technique_id": "T1552.005", + "technique": "Unsecured Credentials : Cloud Instance Metadata API", + "url": "https://attack.mitre.org/techniques/T1552/005" + }, + { + "technique_id": "T1552.006", + "technique": "Unsecured Credentials : Group Policy Preferences", + "url": "https://attack.mitre.org/techniques/T1552/006" + }, + { + "technique_id": "T1553", + "technique": "Subvert Trust Controls", + "url": "https://attack.mitre.org/techniques/T1553", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1553.001", + "technique": "Subvert Trust Controls : Gatekeeper Bypass", + "url": "https://attack.mitre.org/techniques/T1553/001" + }, + { + "technique_id": "T1553.002", + "technique": "Subvert Trust Controls : Code Signing", + "url": "https://attack.mitre.org/techniques/T1553/002" + }, + { + "technique_id": "T1553.003", + "technique": "Subvert Trust Controls : SIP and Trust Provider Hijacking", + "url": "https://attack.mitre.org/techniques/T1553/003" + }, + { + "technique_id": "T1553.004", + "technique": "Subvert Trust Controls : Install Root Certificate", + "url": "https://attack.mitre.org/techniques/T1553/004" + }, + { + "technique_id": "T1554", + "technique": "Compromise Client Software Binary", + "url": "https://attack.mitre.org/techniques/T1554", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1555", + "technique": "Credentials from Password Stores", + "url": "https://attack.mitre.org/techniques/T1555", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1555.001", + "technique": "Credentials from Password Stores : Keychain", + "url": "https://attack.mitre.org/techniques/T1555/001" + }, + { + "technique_id": "T1555.002", + "technique": "Credentials from Password Stores : Securityd Memory", + "url": "https://attack.mitre.org/techniques/T1555/002" + }, + { + "technique_id": "T1555.003", + "technique": "Credentials from Password Stores : Credentials from Web Browsers", + "url": "https://attack.mitre.org/techniques/T1555/003" + }, + { + "technique_id": "T1556", + "technique": "Modify Authentication Process", + "url": "https://attack.mitre.org/techniques/T1556", + "tactic": [ + "Credential Access", + "Defense Evasion" + ] + }, + { + "technique_id": "T1556.001", + "technique": "Modify Authentication Process : Domain Controller Authentication", + "url": "https://attack.mitre.org/techniques/T1556/001" + }, + { + "technique_id": "T1556.002", + "technique": "Modify Authentication Process : Password Filter DLL", + "url": "https://attack.mitre.org/techniques/T1556/002" + }, + { + "technique_id": "T1556.003", + "technique": "Modify Authentication Process : Pluggable Authentication Modules", + "url": "https://attack.mitre.org/techniques/T1556/003" + }, + { + "technique_id": "T1557", + "technique": "Man-in-the-Middle", + "url": "https://attack.mitre.org/techniques/T1557", + "tactic": [ + "Credential Access", + "Collection" + ] + }, + { + "technique_id": "T1557.001", + "technique": "Man-in-the-Middle : LLMNR/NBT-NS Poisoning and SMB Relay", + "url": "https://attack.mitre.org/techniques/T1557/001" + }, + { + "technique_id": "T1558", + "technique": "Steal or Forge Kerberos Tickets", + "url": "https://attack.mitre.org/techniques/T1558", + "tactic": [ + "Credential Access" + ] + }, + { + "technique_id": "T1558.001", + "technique": "Steal or Forge Kerberos Tickets : Golden Ticket", + "url": "https://attack.mitre.org/techniques/T1558/001" + }, + { + "technique_id": "T1558.002", + "technique": "Steal or Forge Kerberos Tickets : Silver Ticket", + "url": "https://attack.mitre.org/techniques/T1558/002" + }, + { + "technique_id": "T1558.003", + "technique": "Steal or Forge Kerberos Tickets : Kerberoasting", + "url": "https://attack.mitre.org/techniques/T1558/003" + }, + { + "technique_id": "T1559", + "technique": "Inter-Process Communication", + "url": "https://attack.mitre.org/techniques/T1559", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1559.001", + "technique": "Inter-Process Communication : Component Object Model", + "url": "https://attack.mitre.org/techniques/T1559/001" + }, + { + "technique_id": "T1559.002", + "technique": "Inter-Process Communication : Dynamic Data Exchange", + "url": "https://attack.mitre.org/techniques/T1559/002" + }, + { + "technique_id": "T1560", + "technique": "Archive Collected Data", + "url": "https://attack.mitre.org/techniques/T1560", + "tactic": [ + "Collection" + ] + }, + { + "technique_id": "T1560.001", + "technique": "Archive Collected Data : Archive via Utility", + "url": "https://attack.mitre.org/techniques/T1560/001" + }, + { + "technique_id": "T1560.002", + "technique": "Archive Collected Data : Archive via Library", + "url": "https://attack.mitre.org/techniques/T1560/002" + }, + { + "technique_id": "T1560.003", + "technique": "Archive Collected Data : Archive via Custom Method", + "url": "https://attack.mitre.org/techniques/T1560/003" + }, + { + "technique_id": "T1561", + "technique": "Disk Wipe", + "url": "https://attack.mitre.org/techniques/T1561", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1561.001", + "technique": "Disk Wipe : Disk Content Wipe", + "url": "https://attack.mitre.org/techniques/T1561/001" + }, + { + "technique_id": "T1561.002", + "technique": "Disk Wipe : Disk Structure Wipe", + "url": "https://attack.mitre.org/techniques/T1561/002" + }, + { + "technique_id": "T1562", + "technique": "Impair Defenses", + "url": "https://attack.mitre.org/techniques/T1562", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1562.001", + "technique": "Impair Defenses : Disable or Modify Tools", + "url": "https://attack.mitre.org/techniques/T1562/001" + }, + { + "technique_id": "T1562.002", + "technique": "Impair Defenses : Disable Windows Event Logging", + "url": "https://attack.mitre.org/techniques/T1562/002" + }, + { + "technique_id": "T1562.003", + "technique": "Impair Defenses : HISTCONTROL", + "url": "https://attack.mitre.org/techniques/T1562/003" + }, + { + "technique_id": "T1562.004", + "technique": "Impair Defenses : Disable or Modify System Firewall", + "url": "https://attack.mitre.org/techniques/T1562/004" + }, + { + "technique_id": "T1562.006", + "technique": "Impair Defenses : Indicator Blocking", + "url": "https://attack.mitre.org/techniques/T1562/006" + }, + { + "technique_id": "T1562.007", + "technique": "Impair Defenses : Disable or Modify Cloud Firewall", + "url": "https://attack.mitre.org/techniques/T1562/007" + }, + { + "technique_id": "T1563", + "technique": "Remote Service Session Hijacking", + "url": "https://attack.mitre.org/techniques/T1563", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1563.001", + "technique": "Remote Service Session Hijacking : SSH Hijacking", + "url": "https://attack.mitre.org/techniques/T1563/001" + }, + { + "technique_id": "T1563.002", + "technique": "Remote Service Session Hijacking : RDP Hijacking", + "url": "https://attack.mitre.org/techniques/T1563/002" + }, + { + "technique_id": "T1564", + "technique": "Hide Artifacts", + "url": "https://attack.mitre.org/techniques/T1564", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1564.001", + "technique": "Hide Artifacts : Hidden Files and Directories", + "url": "https://attack.mitre.org/techniques/T1564/001" + }, + { + "technique_id": "T1564.002", + "technique": "Hide Artifacts : Hidden Users", + "url": "https://attack.mitre.org/techniques/T1564/002" + }, + { + "technique_id": "T1564.003", + "technique": "Hide Artifacts : Hidden Window", + "url": "https://attack.mitre.org/techniques/T1564/003" + }, + { + "technique_id": "T1564.004", + "technique": "Hide Artifacts : NTFS File Attributes", + "url": "https://attack.mitre.org/techniques/T1564/004" + }, + { + "technique_id": "T1564.005", + "technique": "Hide Artifacts : Hidden File System", + "url": "https://attack.mitre.org/techniques/T1564/005" + }, + { + "technique_id": "T1564.006", + "technique": "Hide Artifacts : Run Virtual Instance", + "url": "https://attack.mitre.org/techniques/T1564/006" + }, + { + "technique_id": "T1565", + "technique": "Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1565", + "tactic": [ + "Impact" + ] + }, + { + "technique_id": "T1565.001", + "technique": "Data Manipulation : Stored Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1565/001" + }, + { + "technique_id": "T1565.002", + "technique": "Data Manipulation : Transmitted Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1565/002" + }, + { + "technique_id": "T1565.003", + "technique": "Data Manipulation : Runtime Data Manipulation", + "url": "https://attack.mitre.org/techniques/T1565/003" + }, + { + "technique_id": "T1566", + "technique": "Phishing", + "url": "https://attack.mitre.org/techniques/T1566", + "tactic": [ + "Initial Access" + ] + }, + { + "technique_id": "T1566.001", + "technique": "Phishing : Spearphishing Attachment", + "url": "https://attack.mitre.org/techniques/T1566/001" + }, + { + "technique_id": "T1566.002", + "technique": "Phishing : Spearphishing Link", + "url": "https://attack.mitre.org/techniques/T1566/002" + }, + { + "technique_id": "T1566.003", + "technique": "Phishing : Spearphishing via Service", + "url": "https://attack.mitre.org/techniques/T1566/003" + }, + { + "technique_id": "T1567", + "technique": "Exfiltration Over Web Service", + "url": "https://attack.mitre.org/techniques/T1567", + "tactic": [ + "Exfiltration" + ] + }, + { + "technique_id": "T1567.001", + "technique": "Exfiltration Over Web Service : Exfiltration to Code Repository", + "url": "https://attack.mitre.org/techniques/T1567/001" + }, + { + "technique_id": "T1567.002", + "technique": "Exfiltration Over Web Service : Exfiltration to Cloud Storage", + "url": "https://attack.mitre.org/techniques/T1567/002" + }, + { + "technique_id": "T1568", + "technique": "Dynamic Resolution", + "url": "https://attack.mitre.org/techniques/T1568", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1568.001", + "technique": "Dynamic Resolution : Fast Flux DNS", + "url": "https://attack.mitre.org/techniques/T1568/001" + }, + { + "technique_id": "T1568.002", + "technique": "Dynamic Resolution : Domain Generation Algorithms", + "url": "https://attack.mitre.org/techniques/T1568/002" + }, + { + "technique_id": "T1568.003", + "technique": "Dynamic Resolution : DNS Calculation", + "url": "https://attack.mitre.org/techniques/T1568/003" + }, + { + "technique_id": "T1569", + "technique": "System Services", + "url": "https://attack.mitre.org/techniques/T1569", + "tactic": [ + "Execution" + ] + }, + { + "technique_id": "T1569.001", + "technique": "System Services : Launchctl", + "url": "https://attack.mitre.org/techniques/T1569/001" + }, + { + "technique_id": "T1569.002", + "technique": "System Services : Service Execution", + "url": "https://attack.mitre.org/techniques/T1569/002" + }, + { + "technique_id": "T1570", + "technique": "Lateral Tool Transfer", + "url": "https://attack.mitre.org/techniques/T1570", + "tactic": [ + "Lateral Movement" + ] + }, + { + "technique_id": "T1571", + "technique": "Non-Standard Port", + "url": "https://attack.mitre.org/techniques/T1571", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1572", + "technique": "Protocol Tunneling", + "url": "https://attack.mitre.org/techniques/T1572", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1573", + "technique": "Encrypted Channel", + "url": "https://attack.mitre.org/techniques/T1573", + "tactic": [ + "Command and Control" + ] + }, + { + "technique_id": "T1573.001", + "technique": "Encrypted Channel : Symmetric Cryptography", + "url": "https://attack.mitre.org/techniques/T1573/001" + }, + { + "technique_id": "T1573.002", + "technique": "Encrypted Channel : Asymmetric Cryptography", + "url": "https://attack.mitre.org/techniques/T1573/002" + }, + { + "technique_id": "T1574", + "technique": "Hijack Execution Flow", + "url": "https://attack.mitre.org/techniques/T1574", + "tactic": [ + "Persistence", + "Privilege Escalation", + "Defense Evasion" + ] + }, + { + "technique_id": "T1574.001", + "technique": "Hijack Execution Flow : DLL Search Order Hijacking", + "url": "https://attack.mitre.org/techniques/T1574/001" + }, + { + "technique_id": "T1574.002", + "technique": "Hijack Execution Flow : DLL Side-Loading", + "url": "https://attack.mitre.org/techniques/T1574/002" + }, + { + "technique_id": "T1574.004", + "technique": "Hijack Execution Flow : Dylib Hijacking", + "url": "https://attack.mitre.org/techniques/T1574/004" + }, + { + "technique_id": "T1574.005", + "technique": "Hijack Execution Flow : Executable Installer File Permissions Weakness", + "url": "https://attack.mitre.org/techniques/T1574/005" + }, + { + "technique_id": "T1574.006", + "technique": "Hijack Execution Flow : LD_PRELOAD", + "url": "https://attack.mitre.org/techniques/T1574/006" + }, + { + "technique_id": "T1574.007", + "technique": "Hijack Execution Flow : Path Interception by PATH Environment Variable", + "url": "https://attack.mitre.org/techniques/T1574/007" + }, + { + "technique_id": "T1574.008", + "technique": "Hijack Execution Flow : Path Interception by Search Order Hijacking", + "url": "https://attack.mitre.org/techniques/T1574/008" + }, + { + "technique_id": "T1574.009", + "technique": "Hijack Execution Flow : Path Interception by Unquoted Path", + "url": "https://attack.mitre.org/techniques/T1574/009" + }, + { + "technique_id": "T1574.010", + "technique": "Hijack Execution Flow : Services File Permissions Weakness", + "url": "https://attack.mitre.org/techniques/T1574/010" + }, + { + "technique_id": "T1574.011", + "technique": "Hijack Execution Flow : Services Registry Permissions Weakness", + "url": "https://attack.mitre.org/techniques/T1574/011" + }, + { + "technique_id": "T1574.012", + "technique": "Hijack Execution Flow : COR_PROFILER", + "url": "https://attack.mitre.org/techniques/T1574/012" + }, + { + "technique_id": "T1575", + "technique": "Native Code", + "url": "https://attack.mitre.org/techniques/T1575", + "tactic": [ + "Defense Evasion", + "Execution" + ] + }, + { + "technique_id": "T1576", + "technique": "Uninstall Malicious Application", + "url": "https://attack.mitre.org/techniques/T1576", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1577", + "technique": "Compromise Application Executable", + "url": "https://attack.mitre.org/techniques/T1577", + "tactic": [ + "Persistence" + ] + }, + { + "technique_id": "T1578", + "technique": "Modify Cloud Compute Infrastructure", + "url": "https://attack.mitre.org/techniques/T1578", + "tactic": [ + "Defense Evasion" + ] + }, + { + "technique_id": "T1578.001", + "technique": "Modify Cloud Compute Infrastructure : Create Snapshot", + "url": "https://attack.mitre.org/techniques/T1578/001" + }, + { + "technique_id": "T1578.002", + "technique": "Modify Cloud Compute Infrastructure : Create Cloud Instance", + "url": "https://attack.mitre.org/techniques/T1578/002" + }, + { + "technique_id": "T1578.003", + "technique": "Modify Cloud Compute Infrastructure : Delete Cloud Instance", + "url": "https://attack.mitre.org/techniques/T1578/003" + }, + { + "technique_id": "T1578.004", + "technique": "Modify Cloud Compute Infrastructure : Revert Cloud Instance", + "url": "https://attack.mitre.org/techniques/T1578/004" + }, + { + "technique_id": "T1579", + "technique": "Keychain", + "url": "https://attack.mitre.org/techniques/T1579", + "tactic": [ + "Credential Access" + ] + } ] \ No newline at end of file diff --git a/tools/config/mitre/update_mitre.py b/tools/config/mitre/update_mitre.py new file mode 100644 index 00000000..176a9239 --- /dev/null +++ b/tools/config/mitre/update_mitre.py @@ -0,0 +1,127 @@ +# Updates the Mitre Tactics & Techniques from Mitre CTI Pre, Enterprise & Mobile Attack +# Copyright 2020 Scott Dermott + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see . + +import os +import json +import urllib.request + +mitre_update_urls = [ + 'https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json', + 'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json', + 'https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json' +] +mitre_source_types = list([ + 'mitre-pre-attack', + 'mitre-attack', + 'mitre-mobile-attack' +]) +tactics_list = [] +techniques_list = [] + +def get_external_id(obj): + return obj.get('external_id') + +def get_technique_id(obj): + return obj.get('technique_id') + +def revoked_or_deprecated(entry): + if "revoked" in entry.keys() and entry['revoked'] or "x_mitre_deprecated" in entry.keys() and entry['x_mitre_deprecated']: + return True + return False + +for url in mitre_update_urls: + with urllib.request.urlopen(url) as cti_json: + mitre_json = json.loads(cti_json.read().decode()) + url_type = url.rsplit('/',1)[1].split('.')[0].title() + techniques = [] + tactics = [] + tactic_map = {} + technique_map = {} + + # Map the tatics + for entry in mitre_json['objects']: + if not entry['type'] == "x-mitre-tactic" or revoked_or_deprecated(entry): + continue + for ref in entry['external_references']: + if ref['source_name'] in mitre_source_types: + tactic_map[entry['x_mitre_shortname']] = entry['name'] + tactics.append({ + "external_id": ref['external_id'], + "url": ref['url'], + "tactic": entry['name'] + }) + break + + # Map the techniques + for entry in mitre_json['objects']: + if not entry['type'] == "attack-pattern" or revoked_or_deprecated(entry): + continue + if "x_mitre_is_subtechnique" in entry.keys() and entry['x_mitre_is_subtechnique']: + continue + for ref in entry['external_references']: + if ref['source_name'] in mitre_source_types: + technique_map[ref['external_id']] = entry['name'] + sub_tactics = [] + # Get Mitre Tactics (Kill-Chains) + for tactic in entry['kill_chain_phases']: + if tactic['kill_chain_name'] in mitre_source_types: + # Map the short phase_name to tactic name + sub_tactics.append(tactic_map[tactic['phase_name']]) + techniques.append({ + "technique_id": ref['external_id'], + "technique": entry['name'], + "url": ref['url'], + "tactic" : sub_tactics + }) + break + + ## Map the sub-techniques + for entry in mitre_json['objects']: + if not entry['type'] == "attack-pattern" or revoked_or_deprecated(entry): + continue + if "x_mitre_is_subtechnique" in entry.keys() and entry['x_mitre_is_subtechnique']: + for ref in entry['external_references']: + if ref['source_name'] in mitre_source_types: + sub_technique_id = ref['external_id'] + sub_technique_name = entry['name'] + parent_technique_name = technique_map[sub_technique_id.split('.')[0]] + sub_technique_name = '{} : {}'.format(parent_technique_name, sub_technique_name) + techniques.append({ + "technique_id": ref['external_id'], + "technique": sub_technique_name, + "url": ref['url'], + }) + break + + print("Updating from : {}".format(url)) + print("{} Mitre Bundle ID : {} ".format(url_type, mitre_json['id'])) + print("{} Tactics : {} ".format(url_type, len(tactic_map))) + print("{} Techniques : {} ".format(url_type, len(technique_map))) + print("{} Sub-Techniques : {} ".format(url_type, len(techniques) - len(technique_map))) + print("-------------------------------------------------") + tactics_list.extend(tactics) + techniques_list.extend(techniques) + +print("Total Mitre Tactics : {} ".format(len(tactics_list))) +print("Total Mitre Techniques : {} ".format(len(techniques_list))) +## Create the output files +with open('tactics.json', 'w') as json_file: + tactics_list.sort(key=get_external_id) + json.dump(tactics_list, json_file, sort_keys=False, indent=2) + +with open('techniques.json', 'w') as json_file: + techniques_list.sort(key=get_technique_id) + json.dump(techniques_list, json_file, sort_keys=False, indent=2) \ No newline at end of file